Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package liboqs for openSUSE:Factory checked in at 2024-01-26 22:47:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/liboqs (Old) and /work/SRC/openSUSE:Factory/.liboqs.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "liboqs" Fri Jan 26 22:47:52 2024 rev:10 rq:1141696 version:0.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/liboqs/liboqs.changes 2023-12-25 19:06:16.523617328 +0100 +++ /work/SRC/openSUSE:Factory/.liboqs.new.1815/liboqs.changes 2024-01-26 22:48:04.617947607 +0100 @@ -1,0 +2,7 @@ +Tue Jan 23 15:19:41 UTC 2024 - Marcus Meissner <meiss...@suse.com> + +- updated to 0.9.2: + - Fixed potential non-constant-time behaviour in Kyber based on https://github.com/pq-crystals/kyber/commit/272125f6acc8e8b6850fd68ceb901a660ff48196 + - Kyber: C, AVX2, and aarch64 implementation updated + +------------------------------------------------------------------- Old: ---- 0.9.1.tar.gz New: ---- 0.9.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ liboqs.spec ++++++ --- /var/tmp/diff_new_pack.6oLgMO/_old 2024-01-26 22:48:05.609983333 +0100 +++ /var/tmp/diff_new_pack.6oLgMO/_new 2024-01-26 22:48:05.613983477 +0100 @@ -1,7 +1,7 @@ # # spec file for package liboqs # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: liboqs -Version: 0.9.1 +Version: 0.9.2 Release: 0 Summary: C library for quantum-resistant cryptographic algorithms License: MIT ++++++ 0.9.1.tar.gz -> 0.9.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/.github/workflows/linux.yml new/liboqs-0.9.2/.github/workflows/linux.yml --- old/liboqs-0.9.1/.github/workflows/linux.yml 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/.github/workflows/linux.yml 2024-01-17 02:37:18.000000000 +0100 @@ -30,6 +30,7 @@ git config --global user.name "ciuser" && \ git config --global user.email "c...@openquantumsafe.org" && \ export LIBOQS_DIR=`pwd` && \ + git config --global --add safe.directory $LIBOQS_DIR && \ cd scripts/copy_from_upstream && \ ! pip3 install -r requirements.txt 2>&1 | grep ERROR && \ python3 copy_from_upstream.py copy && \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/CMakeLists.txt new/liboqs-0.9.2/CMakeLists.txt --- old/liboqs-0.9.1/CMakeLists.txt 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/CMakeLists.txt 2024-01-17 02:37:18.000000000 +0100 @@ -33,7 +33,7 @@ set(CMAKE_C_STANDARD_REQUIRED ON) set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_C_VISIBILITY_PRESET hidden) -set(OQS_VERSION_TEXT "0.9.1") +set(OQS_VERSION_TEXT "0.9.2") set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}") set(OQS_MINIMAL_GCC_VERSION "7.1.0") set(CMAKE_EXPORT_COMPILE_COMMANDS ON) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/RELEASE.md new/liboqs-0.9.2/RELEASE.md --- old/liboqs-0.9.1/RELEASE.md 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/RELEASE.md 2024-01-17 02:37:18.000000000 +0100 @@ -1,4 +1,4 @@ -liboqs version 0.9.1 +liboqs version 0.9.2 ==================== About @@ -28,14 +28,14 @@ Release notes ============= -This is version 0.9.1 of liboqs. It was released on December 22, 2023. +This is version 0.9.2 of liboqs. It was released on January 16, 2024. -This release is a security release which fixes potential non-constant-time behaviour in Kyber based on https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220 +This release is a security release which fixes potential non-constant-time behaviour in Kyber based on https://github.com/pq-crystals/kyber/commit/272125f6acc8e8b6850fd68ceb901a660ff48196 What's New ---------- -This release continues from the 0.9.0 release of liboqs. +This release continues from the 0.9.1 release of liboqs. ### Key encapsulation mechanisms @@ -44,7 +44,6 @@ Detailed changelog ------------------ -* pull kyber from upstream: dda29cc63af721981ee2c831cf00822e69be3220 (#1631) by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1633 -* Apply patch to Kyber aarch64 code from PQClean for variable-time division issue -> targeting 0.9.1 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1637 +* Pull Kyber division fixes from PQ-Crystals into dev-092 by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1652 -**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.9.0...0.9.1 \ No newline at end of file +**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.9.1...0.9.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/docs/algorithms/kem/classic_mceliece.md new/liboqs-0.9.2/docs/algorithms/kem/classic_mceliece.md --- old/liboqs-0.9.1/docs/algorithms/kem/classic_mceliece.md 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/docs/algorithms/kem/classic_mceliece.md 2024-01-17 02:37:18.000000000 +0100 @@ -14,7 +14,7 @@ ## Advisories - Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture. -- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. +- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. ## Parameter set summary @@ -35,8 +35,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?â¡ | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -46,8 +46,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -55,8 +55,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -64,8 +64,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -73,8 +73,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -82,8 +82,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -91,8 +91,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -100,8 +100,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -109,8 +109,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -118,8 +118,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/docs/algorithms/kem/classic_mceliece.yml new/liboqs-0.9.2/docs/algorithms/kem/classic_mceliece.yml --- old/liboqs-0.9.1/docs/algorithms/kem/classic_mceliece.yml 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/docs/algorithms/kem/classic_mceliece.yml 2024-01-17 02:37:18.000000000 +0100 @@ -26,7 +26,9 @@ building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture. -- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. +- Current implementation of the algorithm may not be constant-time. Additionally, + environment specific constant-time leaks may not be documented; please report potential + constant-time leaks when found. parameter-sets: - name: Classic-McEliece-348864 claimed-nist-level: 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/docs/algorithms/kem/kyber.md new/liboqs-0.9.2/docs/algorithms/kem/kyber.md --- old/liboqs-0.9.1/docs/algorithms/kem/kyber.md 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/docs/algorithms/kem/kyber.md 2024-01-17 02:37:18.000000000 +0100 @@ -7,9 +7,9 @@ - **Authors' website**: https://pq-crystals.org/ - **Specification version**: NIST Round 3 submission. - **Primary Source**<a name="primary-source"></a>: - - **Source**: https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220 with copy_from_upstream patches + - **Source**: https://github.com/pq-crystals/kyber/commit/b628ba78711bc28327dc7d2d5c074a00f061884e with copy_from_upstream patches - **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0 -- **Optimized Implementation sources**: https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220 with copy_from_upstream patches +- **Optimized Implementation sources**: https://github.com/pq-crystals/kyber/commit/b628ba78711bc28327dc7d2d5c074a00f061884e with copy_from_upstream patches - **pqclean-aarch64**:<a name="pqclean-aarch64"></a> - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches - **Implementation license (SPDX-Identifier)**: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT) and MIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/docs/algorithms/kem/kyber.yml new/liboqs-0.9.2/docs/algorithms/kem/kyber.yml --- old/liboqs-0.9.1/docs/algorithms/kem/kyber.yml 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/docs/algorithms/kem/kyber.yml 2024-01-17 02:37:18.000000000 +0100 @@ -17,7 +17,7 @@ nist-round: 3 spec-version: NIST Round 3 submission primary-upstream: - source: https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220 + source: https://github.com/pq-crystals/kyber/commit/b628ba78711bc28327dc7d2d5c074a00f061884e with copy_from_upstream patches spdx-license-identifier: CC0-1.0 or Apache-2.0 optimized-upstreams: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/docs/algorithms/sig/falcon.md new/liboqs-0.9.2/docs/algorithms/sig/falcon.md --- old/liboqs-0.9.1/docs/algorithms/sig/falcon.md 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/docs/algorithms/sig/falcon.md 2024-01-17 02:37:18.000000000 +0100 @@ -22,7 +22,7 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?â¡ | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| -| [Primary Source](#primary-source) | clean | All | All | None | False | False | False | +| [Primary Source](#primary-source) | clean | All | All | None | True | True | False | | [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | False | False | False | | [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False | @@ -34,7 +34,7 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | False | False | False | +| [Primary Source](#primary-source) | clean | All | All | None | True | True | False | | [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | False | False | False | | [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/scripts/copy_from_upstream/copy_from_upstream.py new/liboqs-0.9.2/scripts/copy_from_upstream/copy_from_upstream.py --- old/liboqs-0.9.1/scripts/copy_from_upstream/copy_from_upstream.py 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/scripts/copy_from_upstream/copy_from_upstream.py 2024-01-17 02:37:18.000000000 +0100 @@ -611,8 +611,6 @@ for t in ["kem", "sig"]: with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), "w") as f: json.dump(kats[t], f, indent=2, sort_keys=True) - if not keepdata: - shutil.rmtree('repos') update_upstream_alg_docs.do_it(os.environ['LIBOQS_DIR']) @@ -622,6 +620,10 @@ update_docs_from_yaml.do_it(os.environ['LIBOQS_DIR']) update_cbom.update_cbom_if_algs_not_changed(os.environ['LIBOQS_DIR'], "git") + if not keepdata: + shutil.rmtree('repos') + + def verify_from_upstream(): instructions = load_instructions() basedir = "verify_from_upstream" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/scripts/copy_from_upstream/copy_from_upstream.yml new/liboqs-0.9.2/scripts/copy_from_upstream/copy_from_upstream.yml --- old/liboqs-0.9.1/scripts/copy_from_upstream/copy_from_upstream.yml 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/scripts/copy_from_upstream/copy_from_upstream.yml 2024-01-17 02:37:18.000000000 +0100 @@ -14,7 +14,7 @@ name: pqcrystals-kyber git_url: https://github.com/pq-crystals/kyber.git git_branch: master - git_commit: dda29cc63af721981ee2c831cf00822e69be3220 + git_commit: b628ba78711bc28327dc7d2d5c074a00f061884e kem_meta_path: '{pretty_name_full}_META.yml' kem_scheme_path: '.' patches: [pqcrystals-kyber-yml.patch, pqcrystals-kyber-ref-shake-aes.patch, pqcrystals-kyber-avx2-shake-aes.patch] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/scripts/copy_from_upstream/patches/pqclean-kyber-armneon-variable-timing-fix.patch new/liboqs-0.9.2/scripts/copy_from_upstream/patches/pqclean-kyber-armneon-variable-timing-fix.patch --- old/liboqs-0.9.1/scripts/copy_from_upstream/patches/pqclean-kyber-armneon-variable-timing-fix.patch 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/scripts/copy_from_upstream/patches/pqclean-kyber-armneon-variable-timing-fix.patch 2024-01-17 02:37:18.000000000 +0100 @@ -1,8 +1,31 @@ +927a0eff4a45781218062953002001af4e6a5c8a diff --git a/crypto_kem/kyber1024/aarch64/poly.c b/crypto_kem/kyber1024/aarch64/poly.c -index 1dfa52c..02e010b 100644 +index 1dfa52c..3115d1c 100644 --- a/crypto_kem/kyber1024/aarch64/poly.c +++ b/crypto_kem/kyber1024/aarch64/poly.c -@@ -207,14 +207,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES]) +@@ -51,6 +51,7 @@ + void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) { + unsigned int i, j; + int16_t u; ++ uint32_t d0; + uint8_t t[8]; + + for (i = 0; i < KYBER_N / 8; i++) { +@@ -58,7 +59,12 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N + // map to positive standard representatives + u = a[8 * i + j]; + u += (u >> 15) & KYBER_Q; +- t[j] = ((((uint32_t)u << 5) + KYBER_Q / 2) / KYBER_Q) & 31; ++ // t[j] = ((((uint32_t)u << 5) + KYBER_Q / 2) / KYBER_Q) & 31; ++ d0 = u << 5; ++ d0 += 1664; ++ d0 *= 40318; ++ d0 >>= 27; ++ t[j] = d0 & 0x1f; + } + + r[0] = (t[0] >> 0) | (t[1] << 5); +@@ -207,14 +213,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES]) **************************************************/ void poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], const int16_t a[KYBER_N]) { unsigned int i, j; @@ -25,11 +48,75 @@ msg[i] |= t << j; } } +diff --git a/crypto_kem/kyber1024/aarch64/polyvec.c b/crypto_kem/kyber1024/aarch64/polyvec.c +index d400348..f9a1ebf 100644 +--- a/crypto_kem/kyber1024/aarch64/polyvec.c ++++ b/crypto_kem/kyber1024/aarch64/polyvec.c +@@ -21,6 +21,7 @@ + **************************************************/ + void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) { + unsigned int i, j, k; ++ uint64_t d0; + + #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) + uint16_t t[8]; +@@ -29,7 +30,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K + for (k = 0; k < 8; k++) { + t[k] = a[i][8 * j + k]; + t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; +- t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; ++ // t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; ++ d0 = t[k]; ++ d0 <<= 11; ++ d0 += 1664; ++ d0 *= 645084; ++ d0 >>= 31; ++ t[k] = d0 & 0x7ff; + } + + r[ 0] = (t[0] >> 0); +@@ -53,7 +60,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K + for (k = 0; k < 4; k++) { + t[k] = a[i][4 * j + k]; + t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; +- t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; ++ // t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; ++ d0 = t[k]; ++ d0 <<= 10; ++ d0 += 1665; ++ d0 *= 1290167; ++ d0 >>= 32; ++ t[k] = d0 & 0x3ff; + } + + r[0] = (t[0] >> 0); diff --git a/crypto_kem/kyber512/aarch64/poly.c b/crypto_kem/kyber512/aarch64/poly.c -index dffc655..fcfcedd 100644 +index dffc655..361ce89 100644 --- a/crypto_kem/kyber512/aarch64/poly.c +++ b/crypto_kem/kyber512/aarch64/poly.c -@@ -194,14 +194,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES]) +@@ -51,6 +51,7 @@ + void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) { + unsigned int i, j; + int16_t u; ++ uint32_t d0; + uint8_t t[8]; + + for (i = 0; i < KYBER_N / 8; i++) { +@@ -58,7 +59,12 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N + // map to positive standard representatives + u = a[8 * i + j]; + u += (u >> 15) & KYBER_Q; +- t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15; ++ // t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15; ++ d0 = u << 4; ++ d0 += 1665; ++ d0 *= 80635; ++ d0 >>= 28; ++ t[j] = d0 & 0xf; + } + + r[0] = t[0] | (t[1] << 4); +@@ -194,14 +200,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES]) **************************************************/ void poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], const int16_t a[KYBER_N]) { unsigned int i, j; @@ -52,11 +139,75 @@ msg[i] |= t << j; } } +diff --git a/crypto_kem/kyber512/aarch64/polyvec.c b/crypto_kem/kyber512/aarch64/polyvec.c +index d400348..f9a1ebf 100644 +--- a/crypto_kem/kyber512/aarch64/polyvec.c ++++ b/crypto_kem/kyber512/aarch64/polyvec.c +@@ -21,6 +21,7 @@ + **************************************************/ + void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) { + unsigned int i, j, k; ++ uint64_t d0; + + #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) + uint16_t t[8]; +@@ -29,7 +30,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K + for (k = 0; k < 8; k++) { + t[k] = a[i][8 * j + k]; + t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; +- t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; ++ // t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; ++ d0 = t[k]; ++ d0 <<= 11; ++ d0 += 1664; ++ d0 *= 645084; ++ d0 >>= 31; ++ t[k] = d0 & 0x7ff; + } + + r[ 0] = (t[0] >> 0); +@@ -53,7 +60,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K + for (k = 0; k < 4; k++) { + t[k] = a[i][4 * j + k]; + t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; +- t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; ++ // t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; ++ d0 = t[k]; ++ d0 <<= 10; ++ d0 += 1665; ++ d0 *= 1290167; ++ d0 >>= 32; ++ t[k] = d0 & 0x3ff; + } + + r[0] = (t[0] >> 0); diff --git a/crypto_kem/kyber768/aarch64/poly.c b/crypto_kem/kyber768/aarch64/poly.c -index dffc655..fcfcedd 100644 +index dffc655..361ce89 100644 --- a/crypto_kem/kyber768/aarch64/poly.c +++ b/crypto_kem/kyber768/aarch64/poly.c -@@ -194,14 +194,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES]) +@@ -51,6 +51,7 @@ + void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) { + unsigned int i, j; + int16_t u; ++ uint32_t d0; + uint8_t t[8]; + + for (i = 0; i < KYBER_N / 8; i++) { +@@ -58,7 +59,12 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N + // map to positive standard representatives + u = a[8 * i + j]; + u += (u >> 15) & KYBER_Q; +- t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15; ++ // t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15; ++ d0 = u << 4; ++ d0 += 1665; ++ d0 *= 80635; ++ d0 >>= 28; ++ t[j] = d0 & 0xf; + } + + r[0] = t[0] | (t[1] << 4); +@@ -194,14 +200,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES]) **************************************************/ void poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], const int16_t a[KYBER_N]) { unsigned int i, j; @@ -79,3 +230,45 @@ msg[i] |= t << j; } } +diff --git a/crypto_kem/kyber768/aarch64/polyvec.c b/crypto_kem/kyber768/aarch64/polyvec.c +index d400348..f9a1ebf 100644 +--- a/crypto_kem/kyber768/aarch64/polyvec.c ++++ b/crypto_kem/kyber768/aarch64/polyvec.c +@@ -21,6 +21,7 @@ + **************************************************/ + void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) { + unsigned int i, j, k; ++ uint64_t d0; + + #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) + uint16_t t[8]; +@@ -29,7 +30,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K + for (k = 0; k < 8; k++) { + t[k] = a[i][8 * j + k]; + t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; +- t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; ++ // t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; ++ d0 = t[k]; ++ d0 <<= 11; ++ d0 += 1664; ++ d0 *= 645084; ++ d0 >>= 31; ++ t[k] = d0 & 0x7ff; + } + + r[ 0] = (t[0] >> 0); +@@ -53,7 +60,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K + for (k = 0; k < 4; k++) { + t[k] = a[i][4 * j + k]; + t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; +- t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; ++ // t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; ++ d0 = t[k]; ++ d0 <<= 10; ++ d0 += 1665; ++ d0 *= 1290167; ++ d0 >>= 32; ++ t[k] = d0 & 0x3ff; + } + + r[0] = (t[0] >> 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber1024_aarch64/poly.c new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber1024_aarch64/poly.c --- old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber1024_aarch64/poly.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber1024_aarch64/poly.c 2024-01-17 02:37:18.000000000 +0100 @@ -51,6 +51,7 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) { unsigned int i, j; int16_t u; + uint32_t d0; uint8_t t[8]; for (i = 0; i < KYBER_N / 8; i++) { @@ -58,7 +59,12 @@ // map to positive standard representatives u = a[8 * i + j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint32_t)u << 5) + KYBER_Q / 2) / KYBER_Q) & 31; + // t[j] = ((((uint32_t)u << 5) + KYBER_Q / 2) / KYBER_Q) & 31; + d0 = u << 5; + d0 += 1664; + d0 *= 40318; + d0 >>= 27; + t[j] = d0 & 0x1f; } r[0] = (t[0] >> 0) | (t[1] << 5); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber1024_aarch64/polyvec.c new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber1024_aarch64/polyvec.c --- old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber1024_aarch64/polyvec.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber1024_aarch64/polyvec.c 2024-01-17 02:37:18.000000000 +0100 @@ -21,6 +21,7 @@ **************************************************/ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) { unsigned int i, j, k; + uint64_t d0; #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) uint16_t t[8]; @@ -29,7 +30,13 @@ for (k = 0; k < 8; k++) { t[k] = a[i][8 * j + k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; + // t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; + d0 = t[k]; + d0 <<= 11; + d0 += 1664; + d0 *= 645084; + d0 >>= 31; + t[k] = d0 & 0x7ff; } r[ 0] = (t[0] >> 0); @@ -53,7 +60,13 @@ for (k = 0; k < 4; k++) { t[k] = a[i][4 * j + k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; + // t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; + d0 = t[k]; + d0 <<= 10; + d0 += 1665; + d0 *= 1290167; + d0 >>= 32; + t[k] = d0 & 0x3ff; } r[0] = (t[0] >> 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber512_aarch64/poly.c new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber512_aarch64/poly.c --- old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber512_aarch64/poly.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber512_aarch64/poly.c 2024-01-17 02:37:18.000000000 +0100 @@ -51,6 +51,7 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) { unsigned int i, j; int16_t u; + uint32_t d0; uint8_t t[8]; for (i = 0; i < KYBER_N / 8; i++) { @@ -58,7 +59,12 @@ // map to positive standard representatives u = a[8 * i + j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15; + // t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15; + d0 = u << 4; + d0 += 1665; + d0 *= 80635; + d0 >>= 28; + t[j] = d0 & 0xf; } r[0] = t[0] | (t[1] << 4); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber512_aarch64/polyvec.c new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber512_aarch64/polyvec.c --- old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber512_aarch64/polyvec.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber512_aarch64/polyvec.c 2024-01-17 02:37:18.000000000 +0100 @@ -21,6 +21,7 @@ **************************************************/ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) { unsigned int i, j, k; + uint64_t d0; #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) uint16_t t[8]; @@ -29,7 +30,13 @@ for (k = 0; k < 8; k++) { t[k] = a[i][8 * j + k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; + // t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; + d0 = t[k]; + d0 <<= 11; + d0 += 1664; + d0 *= 645084; + d0 >>= 31; + t[k] = d0 & 0x7ff; } r[ 0] = (t[0] >> 0); @@ -53,7 +60,13 @@ for (k = 0; k < 4; k++) { t[k] = a[i][4 * j + k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; + // t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; + d0 = t[k]; + d0 <<= 10; + d0 += 1665; + d0 *= 1290167; + d0 >>= 32; + t[k] = d0 & 0x3ff; } r[0] = (t[0] >> 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber768_aarch64/poly.c new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber768_aarch64/poly.c --- old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber768_aarch64/poly.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber768_aarch64/poly.c 2024-01-17 02:37:18.000000000 +0100 @@ -51,6 +51,7 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) { unsigned int i, j; int16_t u; + uint32_t d0; uint8_t t[8]; for (i = 0; i < KYBER_N / 8; i++) { @@ -58,7 +59,12 @@ // map to positive standard representatives u = a[8 * i + j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15; + // t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15; + d0 = u << 4; + d0 += 1665; + d0 *= 80635; + d0 >>= 28; + t[j] = d0 & 0xf; } r[0] = t[0] | (t[1] << 4); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber768_aarch64/polyvec.c new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber768_aarch64/polyvec.c --- old/liboqs-0.9.1/src/kem/kyber/pqclean_kyber768_aarch64/polyvec.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqclean_kyber768_aarch64/polyvec.c 2024-01-17 02:37:18.000000000 +0100 @@ -21,6 +21,7 @@ **************************************************/ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) { unsigned int i, j, k; + uint64_t d0; #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) uint16_t t[8]; @@ -29,7 +30,13 @@ for (k = 0; k < 8; k++) { t[k] = a[i][8 * j + k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; + // t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; + d0 = t[k]; + d0 <<= 11; + d0 += 1664; + d0 *= 645084; + d0 >>= 31; + t[k] = d0 & 0x7ff; } r[ 0] = (t[0] >> 0); @@ -53,7 +60,13 @@ for (k = 0; k < 4; k++) { t[k] = a[i][4 * j + k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; + // t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff; + d0 = t[k]; + d0 <<= 10; + d0 += 1665; + d0 *= 1290167; + d0 >>= 32; + t[k] = d0 & 0x3ff; } r[0] = (t[0] >> 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/poly.c new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/poly.c --- old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/poly.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/poly.c 2024-01-17 02:37:18.000000000 +0100 @@ -19,6 +19,7 @@ { unsigned int i,j; int16_t u; + uint32_t d0; uint8_t t[8]; #if (KYBER_POLYCOMPRESSEDBYTES == 128) @@ -27,7 +28,12 @@ // map to positive standard representatives u = a->coeffs[8*i+j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint16_t)u << 4) + KYBER_Q/2)/KYBER_Q) & 15; +/* t[j] = ((((uint16_t)u << 4) + KYBER_Q/2)/KYBER_Q) & 15; */ + d0 = u << 4; + d0 += 1665; + d0 *= 80635; + d0 >>= 28; + t[j] = d0 & 0xf; } r[0] = t[0] | (t[1] << 4); @@ -42,7 +48,12 @@ // map to positive standard representatives u = a->coeffs[8*i+j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint32_t)u << 5) + KYBER_Q/2)/KYBER_Q) & 31; +/* t[j] = ((((uint32_t)u << 5) + KYBER_Q/2)/KYBER_Q) & 31; */ + d0 = u << 5; + d0 += 1664; + d0 *= 40318; + d0 >>= 27; + t[j] = d0 & 0x1f; } r[0] = (t[0] >> 0) | (t[1] << 5); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/polyvec.c new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/polyvec.c --- old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/polyvec.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/polyvec.c 2024-01-17 02:37:18.000000000 +0100 @@ -15,6 +15,7 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], const polyvec *a) { unsigned int i,j,k; + uint64_t d0; #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) uint16_t t[8]; @@ -23,7 +24,13 @@ for(k=0;k<8;k++) { t[k] = a->vec[i].coeffs[8*j+k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q/2)/KYBER_Q) & 0x7ff; +/* t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q/2)/KYBER_Q) & 0x7ff; */ + d0 = t[k]; + d0 <<= 11; + d0 += 1664; + d0 *= 645084; + d0 >>= 31; + t[k] = d0 & 0x7ff; } r[ 0] = (t[0] >> 0); @@ -47,7 +54,13 @@ for(k=0;k<4;k++) { t[k] = a->vec[i].coeffs[4*j+k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q/2)/ KYBER_Q) & 0x3ff; +/* t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q/2)/ KYBER_Q) & 0x3ff; */ + d0 = t[k]; + d0 <<= 10; + d0 += 1665; + d0 *= 1290167; + d0 >>= 32; + t[k] = d0 & 0x3ff; } r[0] = (t[0] >> 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c --- old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c 2024-01-17 02:37:18.000000000 +0100 @@ -19,6 +19,7 @@ { unsigned int i,j; int16_t u; + uint32_t d0; uint8_t t[8]; #if (KYBER_POLYCOMPRESSEDBYTES == 128) @@ -27,7 +28,12 @@ // map to positive standard representatives u = a->coeffs[8*i+j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint16_t)u << 4) + KYBER_Q/2)/KYBER_Q) & 15; +/* t[j] = ((((uint16_t)u << 4) + KYBER_Q/2)/KYBER_Q) & 15; */ + d0 = u << 4; + d0 += 1665; + d0 *= 80635; + d0 >>= 28; + t[j] = d0 & 0xf; } r[0] = t[0] | (t[1] << 4); @@ -42,7 +48,12 @@ // map to positive standard representatives u = a->coeffs[8*i+j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint32_t)u << 5) + KYBER_Q/2)/KYBER_Q) & 31; +/* t[j] = ((((uint32_t)u << 5) + KYBER_Q/2)/KYBER_Q) & 31; */ + d0 = u << 5; + d0 += 1664; + d0 *= 40318; + d0 >>= 27; + t[j] = d0 & 0x1f; } r[0] = (t[0] >> 0) | (t[1] << 5); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/polyvec.c new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber512_ref/polyvec.c --- old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/polyvec.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber512_ref/polyvec.c 2024-01-17 02:37:18.000000000 +0100 @@ -15,6 +15,7 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], const polyvec *a) { unsigned int i,j,k; + uint64_t d0; #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) uint16_t t[8]; @@ -23,7 +24,13 @@ for(k=0;k<8;k++) { t[k] = a->vec[i].coeffs[8*j+k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q/2)/KYBER_Q) & 0x7ff; +/* t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q/2)/KYBER_Q) & 0x7ff; */ + d0 = t[k]; + d0 <<= 11; + d0 += 1664; + d0 *= 645084; + d0 >>= 31; + t[k] = d0 & 0x7ff; } r[ 0] = (t[0] >> 0); @@ -47,7 +54,13 @@ for(k=0;k<4;k++) { t[k] = a->vec[i].coeffs[4*j+k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q/2)/ KYBER_Q) & 0x3ff; +/* t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q/2)/ KYBER_Q) & 0x3ff; */ + d0 = t[k]; + d0 <<= 10; + d0 += 1665; + d0 *= 1290167; + d0 >>= 32; + t[k] = d0 & 0x3ff; } r[0] = (t[0] >> 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/poly.c new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber768_ref/poly.c --- old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/poly.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber768_ref/poly.c 2024-01-17 02:37:18.000000000 +0100 @@ -19,6 +19,7 @@ { unsigned int i,j; int16_t u; + uint32_t d0; uint8_t t[8]; #if (KYBER_POLYCOMPRESSEDBYTES == 128) @@ -27,7 +28,12 @@ // map to positive standard representatives u = a->coeffs[8*i+j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint16_t)u << 4) + KYBER_Q/2)/KYBER_Q) & 15; +/* t[j] = ((((uint16_t)u << 4) + KYBER_Q/2)/KYBER_Q) & 15; */ + d0 = u << 4; + d0 += 1665; + d0 *= 80635; + d0 >>= 28; + t[j] = d0 & 0xf; } r[0] = t[0] | (t[1] << 4); @@ -42,7 +48,12 @@ // map to positive standard representatives u = a->coeffs[8*i+j]; u += (u >> 15) & KYBER_Q; - t[j] = ((((uint32_t)u << 5) + KYBER_Q/2)/KYBER_Q) & 31; +/* t[j] = ((((uint32_t)u << 5) + KYBER_Q/2)/KYBER_Q) & 31; */ + d0 = u << 5; + d0 += 1664; + d0 *= 40318; + d0 >>= 27; + t[j] = d0 & 0x1f; } r[0] = (t[0] >> 0) | (t[1] << 5); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/polyvec.c new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber768_ref/polyvec.c --- old/liboqs-0.9.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/polyvec.c 2023-12-22 21:27:57.000000000 +0100 +++ new/liboqs-0.9.2/src/kem/kyber/pqcrystals-kyber_kyber768_ref/polyvec.c 2024-01-17 02:37:18.000000000 +0100 @@ -15,6 +15,7 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], const polyvec *a) { unsigned int i,j,k; + uint64_t d0; #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352)) uint16_t t[8]; @@ -23,7 +24,13 @@ for(k=0;k<8;k++) { t[k] = a->vec[i].coeffs[8*j+k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q/2)/KYBER_Q) & 0x7ff; +/* t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q/2)/KYBER_Q) & 0x7ff; */ + d0 = t[k]; + d0 <<= 11; + d0 += 1664; + d0 *= 645084; + d0 >>= 31; + t[k] = d0 & 0x7ff; } r[ 0] = (t[0] >> 0); @@ -47,7 +54,13 @@ for(k=0;k<4;k++) { t[k] = a->vec[i].coeffs[4*j+k]; t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; - t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q/2)/ KYBER_Q) & 0x3ff; +/* t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q/2)/ KYBER_Q) & 0x3ff; */ + d0 = t[k]; + d0 <<= 10; + d0 += 1665; + d0 *= 1290167; + d0 >>= 32; + t[k] = d0 & 0x3ff; } r[0] = (t[0] >> 0);
