Dilithium: pull from upstream

jschanck · Jan 1, 2022 · 9814664 · 9814664
1 parent 2ace366
commit 9814664
Show file tree

Hide file tree

Showing 9 changed files with 41 additions and 48 deletions.
diff --git a/dilithium/VERSION b/dilithium/VERSION
@@ -1 +1 @@
-adf7476d645fb808b5c5d2dd1ef1aaeefdc0c897
+61b51a71701b8ae9f546a1e5d220e1950ed20d06
diff --git a/dilithium/package.sh b/dilithium/package.sh
@@ -112,6 +112,20 @@ implementations:
               - avx2
               - popcnt" >> META.yml
 
+if [[ !(${PARAM} =~ "aes") ]]
+then
+  echo -n "
+    - name: aarch64
+      version: https://github.com/neon-ntt/neon-ntt/tree/014d2a0c21d705a523b3bfd2a740f8f0a2ba7a27
+      supported_platforms:
+        - architecture: arm_8
+          operating_systems:
+              - Linux
+              - Darwin
+          required_flags:
+              - asimd" >> META.yml
+fi
+
   echo "\
 # This Makefile can be used with GNU Make or BSD Make
 

diff --git a/dilithium/patches/avx2_aes256ctr.h b/dilithium/patches/avx2_aes256ctr.h
diff --git a/dilithium/patches/avx2_poly.c b/dilithium/patches/avx2_poly.c
@@ -1,39 +1,30 @@
 --- upstream/avx2/poly.c
 +++ upstream-patched/avx2/poly.c
-@@ -422,6 +422,7 @@
+@@ -403,6 +403,7 @@
    stream128_state state;
    stream128_init(&state, seed, nonce);
    poly_uniform_preinit(a, &state);
 +  stream128_release(&state);
  }
 
  #ifndef DILITHIUM_USE_AES
-@@ -535,7 +536,7 @@
- *              - const uint8_t seed[]: byte array with seed of length CRHBYTES
- *              - uint16_t nonce: 2-byte nonce
- **************************************************/
--void poly_uniform_eta_preinit(poly *a, stream128_state *state)
-+void poly_uniform_eta_preinit(poly *a, stream256_state *state)
- {
-   unsigned int ctr;
-   ALIGNED_UINT8(REJ_UNIFORM_ETA_BUFLEN) buf;
-@@ -554,6 +555,7 @@
+@@ -535,6 +536,7 @@
    stream256_state state;
    stream256_init(&state, seed, nonce);
    poly_uniform_eta_preinit(a, &state);
 +  stream256_release(&state);
  }
 
  #ifndef DILITHIUM_USE_AES
-@@ -637,6 +639,7 @@
+@@ -618,6 +620,7 @@
    stream256_state state;
    stream256_init(&state, seed, nonce);
    poly_uniform_gamma1_preinit(a, &state);
 +  stream256_release(&state);
  }
 
  #ifndef DILITHIUM_USE_AES
-@@ -698,12 +701,12 @@
+@@ -679,12 +682,12 @@
    unsigned int i, b, pos;
    uint64_t signs;
    ALIGNED_UINT8(SHAKE256_RATE) buf;
@@ -51,7 +42,7 @@
 
    memcpy(&signs, buf.coeffs, 8);
    pos = 8;
-@@ -712,7 +715,7 @@
+@@ -693,7 +696,7 @@
    for(i = N-TAU; i < N; ++i) {
      do {
        if(pos >= SHAKE256_RATE) {
@@ -60,7 +51,7 @@
          pos = 0;
        }
 
-@@ -723,6 +726,7 @@
+@@ -704,6 +707,7 @@
      c->coeffs[b] = 1 - 2*(signs & 1);
      signs >>= 1;
    }

diff --git a/dilithium/patches/avx2_polyvec.c b/dilithium/patches/avx2_polyvec.c
@@ -79,7 +79,7 @@
    poly_uniform_4x(&rowa->vec[3], &rowa->vec[4], &rowa->vec[5], &rowa->vec[6], rho, 1795, 1796, 1797, 1798);
    poly_nttunpack(&rowa->vec[3]);
    poly_nttunpack(&rowa->vec[4]);
-@@ -377,9 +386,10 @@
+@@ -362,9 +371,10 @@
  int polyvecl_chknorm(const polyvecl *v, int32_t bound)  {
    unsigned int i;
 
@@ -91,7 +91,7 @@
 
    return 0;
  }
-@@ -543,9 +553,10 @@
+@@ -513,9 +523,10 @@
  int polyveck_chknorm(const polyveck *v, int32_t bound) {
    unsigned int i;
 

diff --git a/dilithium/patches/avx2_polyvec.h b/dilithium/patches/avx2_polyvec.h
@@ -1,6 +1,6 @@
 --- upstream/avx2/polyvec.h
 +++ upstream-patched/avx2/polyvec.h
-@@ -31,8 +31,7 @@
+@@ -28,8 +28,7 @@
  void polyvecl_invntt_tomont(polyvecl *v);
  #define polyvecl_pointwise_poly_montgomery DILITHIUM_NAMESPACE(polyvecl_pointwise_poly_montgomery)
  void polyvecl_pointwise_poly_montgomery(polyvecl *r, const poly *a, const polyvecl *v);
@@ -10,7 +10,7 @@
  void polyvecl_pointwise_acc_montgomery(poly *w,
                                         const polyvecl *u,
                                         const polyvecl *v);
-@@ -79,7 +78,7 @@
+@@ -74,7 +73,7 @@
  #define polyveck_make_hint DILITHIUM_NAMESPACE(polyveck_make_hint)
  unsigned int polyveck_make_hint(uint8_t *hint, const polyveck *v0, const polyveck *v1);
  #define polyveck_use_hint DILITHIUM_NAMESPACE(polyveck_use_hint)

diff --git a/dilithium/patches/ref_poly.c b/dilithium/patches/ref_poly.c
@@ -1,30 +1,30 @@
 --- upstream/ref/poly.c
 +++ upstream-patched/ref/poly.c
-@@ -383,6 +383,7 @@
+@@ -365,6 +365,7 @@
      buflen = STREAM128_BLOCKBYTES + off;
      ctr += rej_uniform(a->coeffs + ctr, N - ctr, buf, buflen);
    }
 +  stream128_release(&state);
  }
 
  /*************************************************
-@@ -468,6 +469,7 @@
+@@ -450,6 +451,7 @@
      stream256_squeezeblocks(buf, 1, &state);
      ctr += rej_eta(a->coeffs + ctr, N - ctr, buf, STREAM256_BLOCKBYTES);
    }
 +  stream256_release(&state);
  }
 
  /*************************************************
-@@ -491,6 +493,7 @@
+@@ -473,6 +475,7 @@
 
    stream256_init(&state, seed, nonce);
    stream256_squeezeblocks(buf, POLY_UNIFORM_GAMMA1_NBLOCKS, &state);
 +  stream256_release(&state);
    polyz_unpack(a, buf);
  }
 
-@@ -508,12 +511,12 @@
+@@ -490,12 +493,12 @@
    unsigned int i, b, pos;
    uint64_t signs;
    uint8_t buf[SHAKE256_RATE];
@@ -42,7 +42,7 @@
 
    signs = 0;
    for(i = 0; i < 8; ++i)
-@@ -525,7 +528,7 @@
+@@ -507,7 +510,7 @@
    for(i = N-TAU; i < N; ++i) {
      do {
        if(pos >= SHAKE256_RATE) {
@@ -51,15 +51,15 @@
          pos = 0;
        }
 
-@@ -536,6 +539,7 @@
+@@ -518,6 +521,7 @@
      c->coeffs[b] = 1 - 2*(signs & 1);
      signs >>= 1;
    }
 +  shake256_inc_ctx_release(&state);
  }
 
  /*************************************************
-@@ -554,14 +558,14 @@
+@@ -536,14 +540,14 @@
 
  #if ETA == 2
    for(i = 0; i < N/8; ++i) {
@@ -82,7 +82,7 @@
 
      r[3*i+0]  = (t[0] >> 0) | (t[1] << 3) | (t[2] << 6);
      r[3*i+1]  = (t[2] >> 2) | (t[3] << 1) | (t[4] << 4) | (t[5] << 7);
-@@ -569,8 +573,8 @@
+@@ -551,8 +555,8 @@
    }
  #elif ETA == 4
    for(i = 0; i < N/2; ++i) {
@@ -93,7 +93,7 @@
      r[i] = t[0] | (t[1] << 4);
    }
  #endif
-@@ -637,11 +641,11 @@
+@@ -619,11 +623,11 @@
    DBENCH_START();
 
    for(i = 0; i < N/4; ++i) {
@@ -110,7 +110,7 @@
    }
 
    DBENCH_STOP(*tpack);
-@@ -694,26 +698,26 @@
+@@ -676,26 +680,26 @@
      t[6] = (1 << (D-1)) - a->coeffs[8*i+6];
      t[7] = (1 << (D-1)) - a->coeffs[8*i+7];
 
@@ -157,7 +157,7 @@
    }
 
    DBENCH_STOP(*tpack);
-@@ -803,30 +807,30 @@
+@@ -785,30 +789,30 @@
      t[2] = GAMMA1 - a->coeffs[4*i+2];
      t[3] = GAMMA1 - a->coeffs[4*i+3];
 
@@ -206,7 +206,7 @@
    }
  #endif
 
-@@ -909,16 +913,16 @@
+@@ -891,16 +895,16 @@
 
  #if GAMMA2 == (Q-1)/88
    for(i = 0; i < N/4; ++i) {

diff --git a/dilithium/patches/ref_polyvec.c b/dilithium/patches/ref_polyvec.c
@@ -24,7 +24,7 @@
  }
 
  void polyvecl_reduce(polyvecl *v) {
-@@ -155,9 +157,10 @@
+@@ -140,9 +142,10 @@
  int polyvecl_chknorm(const polyvecl *v, int32_t bound)  {
    unsigned int i;
 
@@ -36,7 +36,7 @@
 
    return 0;
  }
-@@ -322,9 +325,10 @@
+@@ -292,9 +295,10 @@
  int polyveck_chknorm(const polyveck *v, int32_t bound) {
    unsigned int i;
 

diff --git a/dilithium/patches/ref_polyvec.h b/dilithium/patches/ref_polyvec.h
@@ -1,6 +1,6 @@
 --- upstream/ref/polyvec.h
 +++ upstream-patched/ref/polyvec.h
-@@ -31,8 +31,7 @@
+@@ -28,8 +28,7 @@
  void polyvecl_invntt_tomont(polyvecl *v);
  #define polyvecl_pointwise_poly_montgomery DILITHIUM_NAMESPACE(polyvecl_pointwise_poly_montgomery)
  void polyvecl_pointwise_poly_montgomery(polyvecl *r, const poly *a, const polyvecl *v);
@@ -10,7 +10,7 @@
  void polyvecl_pointwise_acc_montgomery(poly *w,
                                         const polyvecl *u,
                                         const polyvecl *v);
-@@ -84,7 +83,7 @@
+@@ -79,7 +78,7 @@
                                  const polyveck *v0,
                                  const polyveck *v1);
  #define polyveck_use_hint DILITHIUM_NAMESPACE(polyveck_use_hint)
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		adf7476d645fb808b5c5d2dd1ef1aaeefdc0c897
		61b51a71701b8ae9f546a1e5d220e1950ed20d06