NTRU: add level 5 reference implementations

jschanck · Nov 3, 2021 · ecd9ca8 · ecd9ca8
1 parent 08ef5e0
commit ecd9ca8
Showing 1 changed file with 153 additions and 63 deletions.
diff --git a/ntru/package.sh b/ntru/package.sh
@@ -6,9 +6,11 @@ BASE=`dirname $0`
 BASE=`cd $BASE && pwd`
 echo $BASE
 
-ARCHIVE=${BASE}/${VERSION}.zip
-BUILD=${BASE}/crypto_kem
-UPSTREAM=${BASE}/upstream
+ARCHIVE="${VERSION}.zip"
+BUILD="${BASE}/build"
+BUILD_CRYPTO_KEM="${BUILD}/crypto_kem"
+BUILD_UPSTREAM="${BUILD}/upstream"
+BUILD_TEST="${BUILD}/test"
 
 function task {
   echo -e "[ ]" $1
@@ -20,67 +22,75 @@ function endtask {
 
 function cleanup {
   rm -rf ${BUILD}
-  rm -rf ${UPSTREAM}
 }
 trap cleanup EXIT
 
-if [ -e "$BUILD" ]; then
-  echo "Error; directory already exists; delete first."
-  exit -1
+if [ -e "${BUILD_CRYPTO_KEM}" ]
+then
+  printf "%s directory already exists. Delete it (y/n)? " "${BUILD_CRYPTO_KEM}" 
+  read -r yn
+  if [ "${yn:-n}" != "y" ]
+  then
+    exit -1
+  fi
+  rm -rf "${BUILD_CRYPTO_KEM}" "${BUILD_TEST}"
 fi
+mkdir -p "${BUILD_CRYPTO_KEM}" "${BUILD_TEST}"
 
-if [ ! -f ${ARCHIVE} ]
+if [ ! -f "${BASE}/${ARCHIVE}" ]
 then
   wget -P ${BASE} https://github.com/jschanck/ntru/archive/${VERSION}.zip
 fi
 
-rm -rf ${UPSTREAM}
+rm -rf ${BUILD_UPSTREAM}
 task "Unpacking ${ARCHIVE}"
-unzip -qq ${ARCHIVE}
-mv ntru-${VERSION} ${UPSTREAM}
+unzip -qq -d "${BUILD}" "${BASE}/${ARCHIVE}"
+mv "${BUILD}/ntru-${VERSION}" ${BUILD_UPSTREAM}
 endtask
 
-for PARAM in hrss701 hps2048509 hps2048677 hps4096821; do
-  mkdir -p ${BUILD}/ntru${PARAM}/avx2
-  mkdir -p ${BUILD}/ntru${PARAM}/clean
+PARAMS=(ntruhrss701 ntruhrss1373 ntruhps2048509 ntruhps2048677 ntruhps4096821 ntruhps40961229)
+
+for PARAM in ${PARAMS[@]}; do
+  mkdir -p ${BUILD_CRYPTO_KEM}/${PARAM}/avx2
+  mkdir -p ${BUILD_CRYPTO_KEM}/${PARAM}/clean
 
-  export NTRU_NAMESPACE=$(echo PQCLEAN_NTRU${PARAM}_AVX2_ | tr [:lower:] [:upper:])
-  task "Building .S files for avx2-${PARAM}"
-  ( cd ${UPSTREAM}/avx2-${PARAM} && make -B asm >/dev/null)
+  export NTRU_NAMESPACE=$(echo PQCLEAN_${PARAM}_AVX2_ | tr [:lower:] [:upper:])
+  task "Building .S files for avx2-${PARAM/ntru/}"
+  ( cd ${BUILD_UPSTREAM}/avx2-${PARAM/ntru/} && make -B asm >/dev/null)
   endtask
 
-  task "Copying ref-${PARAM} to ntru${PARAM}/clean/"
-  ( cd ${UPSTREAM}/ref-${PARAM}/
-    cp -Lp api.h cmov.h owcpa.h params.h poly.h sample.h ${BUILD}/ntru${PARAM}/clean/
-    cp -Lp cmov.c kem.c owcpa.c pack3.c packq.c poly.c poly_lift.c poly_mod.c poly_r2_inv.c poly_rq_mul.c poly_s3_inv.c sample.c sample_iid.c ${BUILD}/ntru${PARAM}/clean/ )
+  task "Copying ref-${PARAM/ntru/} to ${PARAM}/clean/"
+  ( cd ${BUILD_UPSTREAM}/ref-${PARAM/ntru/}/
+    cp -Lp api.h cmov.h owcpa.h params.h poly.h sample.h ${BUILD_CRYPTO_KEM}/${PARAM}/clean/
+    cp -Lp cmov.c kem.c owcpa.c pack3.c packq.c poly.c poly_lift.c poly_mod.c poly_r2_inv.c poly_rq_mul.c poly_s3_inv.c sample.c sample_iid.c ${BUILD_CRYPTO_KEM}/${PARAM}/clean/ )
   endtask
 
-  task "Copying avx2-${PARAM} to ntru${PARAM}/clean/"
-  ( cd ${UPSTREAM}/avx2-${PARAM}/
-    cp -Lp api.h cmov.h owcpa.h params.h poly.h poly_r2_inv.h sample.h ${BUILD}/ntru${PARAM}/avx2/
-    cp -Lp cmov.c kem.c owcpa.c pack3.c packq.c poly.c poly_r2_inv.c poly_s3_inv.c sample.c sample_iid.c ${BUILD}/ntru${PARAM}/avx2/
-    cp -Lp *.s ${BUILD}/ntru${PARAM}/avx2/ )
+  task "Copying avx2-${PARAM} to ${PARAM}/clean/"
+  ( cd ${BUILD_UPSTREAM}/avx2-${PARAM/ntru/}/
+    cp -Lp api.h cmov.h owcpa.h params.h poly.h poly_r2_inv.h sample.h ${BUILD_CRYPTO_KEM}/${PARAM}/avx2/
+    cp -Lp cmov.c kem.c owcpa.c pack3.c packq.c poly.c poly_r2_inv.c poly_s3_inv.c sample.c sample_iid.c ${BUILD_CRYPTO_KEM}/${PARAM}/avx2/
+    cp -Lp *.s ${BUILD_CRYPTO_KEM}/${PARAM}/avx2/ )
   endtask
 
-  if [ "${PARAM}" != "hrss701" ]; then
-    ( cd ${UPSTREAM}/ref-${PARAM}/
-      cp -Lp crypto_sort_int32.h ${BUILD}/ntru${PARAM}/clean/
-      cp -Lp crypto_sort_int32.c ${BUILD}/ntru${PARAM}/clean/ )
+  if [ "${PARAM}" != "ntruhrss701" ]; then
+    ( cd ${BUILD_UPSTREAM}/ref-${PARAM/ntru/}/
+      cp -Lp crypto_sort_int32.h ${BUILD_CRYPTO_KEM}/${PARAM}/clean/
+      cp -Lp crypto_sort_int32.c ${BUILD_CRYPTO_KEM}/${PARAM}/clean/ )
 
-    ( cd ${UPSTREAM}/avx2-${PARAM}/
-      cp -Lp crypto_sort_int32.h ${BUILD}/ntru${PARAM}/avx2/
-      cp -Lp crypto_sort_int32.c poly_lift.c ${BUILD}/ntru${PARAM}/avx2/ )
+    ( cd ${BUILD_UPSTREAM}/avx2-${PARAM/ntru/}/
+      cp -Lp crypto_sort_int32.h ${BUILD_CRYPTO_KEM}/${PARAM}/avx2/
+      cp -Lp crypto_sort_int32.c poly_lift.c ${BUILD_CRYPTO_KEM}/${PARAM}/avx2/ )
   fi
 
 # Makefiles and other metadata
-( cd ${BUILD}/ntru${PARAM}/
+( cd ${BUILD_CRYPTO_KEM}/${PARAM}/
 echo "Public Domain" > clean/LICENSE
 cp clean/LICENSE avx2/LICENSE
 
 echo "\
 # This Makefile can be used with GNU Make or BSD Make
 
-LIB=libntru${PARAM}_clean.a
+LIB=lib${PARAM}_clean.a
 HEADERS=$(basename -a clean/*.h | tr '\n' ' ')
 OBJECTS=$(basename -a clean/*.c | sed 's/\.c/.o/' | tr '\n' ' ')
 
@@ -102,7 +112,7 @@ echo "\
 # This Makefile can be used with Microsoft Visual Studio's nmake using the command:
 #    nmake /f Makefile.Microsoft_nmake
 
-LIBRARY=libntru${PARAM}_clean.lib
+LIBRARY=lib${PARAM}_clean.lib
 OBJECTS=$(basename -a clean/*.c | sed 's/\.c/.obj/' | tr '\n' ' ')
 
 CFLAGS=/nologo /O2 /I ..\..\..\common /W4 /WX
@@ -122,7 +132,7 @@ clean:
 echo "\
 # This Makefile can be used with GNU Make or BSD Make
 
-LIB=libntru${PARAM}_avx2.a
+LIB=lib${PARAM}_avx2.a
 HEADERS=$(basename -a avx2/*.h | tr '\n' ' ')
 OBJECTS=$(basename -a avx2/*.c | sed 's/\.c/.o/' | tr '\n' ' ') \\
         $(basename -a avx2/square_* | sort -V | sed 's/\.s/.o/' | tr '\n' ' ') \\
@@ -157,7 +167,7 @@ length-secret-key: 935
 length-ciphertext: 699
 length-shared-secret: 32
 nistkat-sha256: fc314366fbe795e2db6d29abb9f5b2ff43f0f608d0bd66161f9450364f0d271b" \
-> ${BUILD}/ntruhps2048509/META.yml
+> ${BUILD_CRYPTO_KEM}/ntruhps2048509/META.yml
 
 echo "\
 name: ntruhps2048677
@@ -169,7 +179,7 @@ length-secret-key: 1234
 length-ciphertext: 930
 length-shared-secret: 32
 nistkat-sha256: 33e2cad6c2a2f17991517050d7a1b745908c84b8283a4e0f07dbe6f62d166507" \
-> ${BUILD}/ntruhps2048677/META.yml
+> ${BUILD_CRYPTO_KEM}/ntruhps2048677/META.yml
 
 echo "\
 name: ntruhps4096821
@@ -181,7 +191,7 @@ length-secret-key: 1590
 length-ciphertext: 1230
 length-shared-secret: 32
 nistkat-sha256: 1a8382ae0c801a43cf461c98d22743f5b2d8a1ffed1b1df0dd767de2c2874597" \
-> ${BUILD}/ntruhps4096821/META.yml
+> ${BUILD_CRYPTO_KEM}/ntruhps4096821/META.yml
 
 echo "\
 name: ntruhrss701
@@ -193,7 +203,31 @@ length-secret-key: 1450
 length-ciphertext: 1138
 length-shared-secret: 32
 nistkat-sha256: 501e000c3eb374ffbfb81b0f16673a6282116465936608d7d164b05635e769e8" \
-> ${BUILD}/ntruhrss701/META.yml
+> ${BUILD_CRYPTO_KEM}/ntruhrss701/META.yml
+
+echo "\
+name: ntruhrss1373
+type: kem
+claimed-nist-level: 5
+claimed-security: IND-CCA2
+length-public-key: 2401
+length-secret-key: 2983
+length-ciphertext: 2401
+length-shared-secret: 32
+nistkat-sha256: 1e40d89aa9181f0aa7ceca3f4b22f0993cfbfadeb702b4241b2f0d4caeab127e" \
+> ${BUILD_CRYPTO_KEM}/ntruhrss1373/META.yml
+
+echo "\
+name: ntruhps40961229
+type: kem
+claimed-nist-level: 5
+claimed-security: IND-CCA2
+length-public-key: 1842
+length-secret-key: 2366
+length-ciphertext: 1842
+length-shared-secret: 32
+nistkat-sha256: 89fee43b0809f927ab78db68c46d34e9c2f71ad76903767c42c0bdd3b9f5c262" \
+> ${BUILD_CRYPTO_KEM}/ntruhps40961229/META.yml
 
 echo "\
 principal-submitters:
@@ -223,41 +257,98 @@ implementations:
             required_flags:
                 - avx2
                 - bmi2" \
-  | tee -a ${BUILD}/*/META.yml >/dev/null
+  | tee -a ${BUILD_CRYPTO_KEM}/*/META.yml >/dev/null
 
 # Simplify ifdefs
 task 'Simplifying ifdefs'
-sed -i -s "s/NTRU_PACK_DEG > (NTRU_PACK_DEG \/ 5) \* 5/0/" ${BUILD}/ntru{hrss701,hps4096821}/*/pack3.c
-sed -i -s "s/NTRU_PACK_DEG > (NTRU_PACK_DEG \/ 5) \* 5/1/" ${BUILD}/ntru{hps2048509,hps2048677}/*/pack3.c
-sed -i -s "s/(NTRU_N - 1) > ((NTRU_N - 1) \/ 4) \* 4/0/" ${BUILD}/ntru*/*/sample.c
-
-unifdef -k -m -DCRYPTO_NAMESPACE ${BUILD}/ntru*/*/params.h
-unifdef -k -m -UNTRU_HPS -DNTRU_HRSS -DNTRU_N=701 -DNTRU_Q=8192 ${BUILD}/ntruhrss701/*/*.{c,h}
-unifdef -k -m -DNTRU_HPS -UNTRU_HRSS -DNTRU_N=509 -DNTRU_Q=2048 ${BUILD}/ntruhps2048509/*/*.{c,h}
-unifdef -k -m -DNTRU_HPS -UNTRU_HRSS -DNTRU_N=677 -DNTRU_Q=2048 ${BUILD}/ntruhps2048677/*/*.{c,h}
-unifdef -k -m -DNTRU_HPS -UNTRU_HRSS -DNTRU_N=821 -DNTRU_Q=4096 ${BUILD}/ntruhps4096821/*/*.{c,h}
+sed -i -s "s/NTRU_PACK_DEG > (NTRU_PACK_DEG \/ 5) \* 5/0/" ${BUILD_CRYPTO_KEM}/ntru{hrss701,hps4096821}/*/pack3.c
+sed -i -s "s/NTRU_PACK_DEG > (NTRU_PACK_DEG \/ 5) \* 5/1/" ${BUILD_CRYPTO_KEM}/ntru{hrss1373,hps2048509,hps2048677,hps40961229}/*/pack3.c
+sed -i -s "s/(NTRU_N - 1) > ((NTRU_N - 1) \/ 4) \* 4/0/" ${BUILD_CRYPTO_KEM}/ntru*/*/sample.c
+
+unifdef -k -m -DCRYPTO_NAMESPACE ${BUILD_CRYPTO_KEM}/ntru*/*/params.h
+unifdef -k -m -UNTRU_HPS -DNTRU_HRSS -DNTRU_N=701 -DNTRU_Q=8192 ${BUILD_CRYPTO_KEM}/ntruhrss701/*/*.{c,h}
+unifdef -k -m -UNTRU_HPS -DNTRU_HRSS -DNTRU_N=1373 -DNTRU_Q=16384 ${BUILD_CRYPTO_KEM}/ntruhrss1373/*/*.{c,h}
+unifdef -k -m -DNTRU_HPS -UNTRU_HRSS -DNTRU_N=509 -DNTRU_Q=2048 ${BUILD_CRYPTO_KEM}/ntruhps2048509/*/*.{c,h}
+unifdef -k -m -DNTRU_HPS -UNTRU_HRSS -DNTRU_N=677 -DNTRU_Q=2048 ${BUILD_CRYPTO_KEM}/ntruhps2048677/*/*.{c,h}
+unifdef -k -m -DNTRU_HPS -UNTRU_HRSS -DNTRU_N=821 -DNTRU_Q=4096 ${BUILD_CRYPTO_KEM}/ntruhps4096821/*/*.{c,h}
+unifdef -k -m -DNTRU_HPS -UNTRU_HRSS -DNTRU_N=1229 -DNTRU_Q=4096 ${BUILD_CRYPTO_KEM}/ntruhps40961229/*/*.{c,h}
 endtask
 
 task "Patching for PQClean"
 # Remove __attribute__ from crypto_sort_int32.c
-sed -i -s 's/__attribute__((noinline))//' ${BUILD}/*/avx2/crypto_sort_int32.c
+sed -i -s 's/__attribute__((noinline))//' ${BUILD_CRYPTO_KEM}/*/avx2/crypto_sort_int32.c
 
 # Replace unsigned char with uint8_t at top level
-sed -i -s "s/unsigned char /uint8_t /g" ${BUILD}/*/*/api.h
-sed -i -s "s/unsigned char /uint8_t /g" ${BUILD}/*/*/kem.c
-sed -i -s "3a#include <stdint.h>\n" ${BUILD}/*/*/api.h
+sed -i -s "s/unsigned char /uint8_t /g" ${BUILD_CRYPTO_KEM}/*/*/api.h
+sed -i -s "s/unsigned char /uint8_t /g" ${BUILD_CRYPTO_KEM}/*/*/kem.c
+sed -i -s "3a#include <stdint.h>\n" ${BUILD_CRYPTO_KEM}/*/*/api.h
 
 # Replace crypto_hash_sha3_256 with sha3_256
-sed -i -s "s/crypto_hash_sha3256\.h/fips202.h/g" ${BUILD}/*/*/kem.c
-sed -i -s "s/crypto_hash_sha3256/sha3_256/g" ${BUILD}/*/*/kem.c
+sed -i -s "s/crypto_hash_sha3256\.h/fips202.h/g" ${BUILD_CRYPTO_KEM}/*/*/kem.c
+sed -i -s "s/crypto_hash_sha3256/sha3_256/g" ${BUILD_CRYPTO_KEM}/*/*/kem.c
 endtask
 
+MANIFEST=${BUILD_TEST}/duplicate_consistency
+mkdir -p ${MANIFEST}
+task "Preparing for duplicate consistency"
+( cd ${MANIFEST}
+for P1 in ${PARAMS[@]}
+do
+  for OUT in clean avx2
+  do
+    sha1sum ${BUILD_CRYPTO_KEM}/${P1}/${OUT}/*.{h,c} > ${P1}_${OUT}.xxx
+  done
+done
+)
+endtask
+
+( cd ${MANIFEST}
+for P1 in ${PARAMS[@]}
+do
+  for OUT in clean avx2
+  do
+    task "${P1}/${OUT} duplicate consistency"
+    echo "\
+consistency_checks:" > ${P1}_${OUT}.yml
+    for P2 in ${PARAMS[@]}
+    do
+      for IN in clean avx2
+      do
+        if ([ "${P1}" == "${P2}" ] && [ "${IN}" == "${OUT}" ])
+        then
+          continue
+        fi
+        FIRST=1
+        for HASH in $(cat ${P2}_${IN}.xxx | cut -d ' ' -f 1)
+        do
+          X=$(grep $HASH ${P1}_${OUT}.xxx | cut -d ' ' -f 3)
+          if [ x${X} != 'x' ]
+          then
+            [ $FIRST == '1' ] && FIRST=0 &&
+            echo "\
+    - source:
+        scheme: ${P2}
+        implementation: ${IN}
+      files:" >> ${P1}_${OUT}.yml
+            [ -e ${BUILD_CRYPTO_KEM}/${P2}/${OUT}/$(basename $X) ] &&
+            echo "\
+      - $(basename $X)" >> ${P1}_${OUT}.yml
+          fi
+        done
+      done
+    done
+    endtask
+  done
+done
+)
+rm -rf ${MANIFEST}/*.xxx
+
 task "Namespacing"
 # Manual namespacing
-for PARAM in hrss701 hps2048509 hps2048677 hps4096821; do
+for PARAM in ${PARAMS[@]}; do
   for IMPL in clean avx2; do
-    ( cd ${BUILD}/ntru${PARAM}/${IMPL}
-    NTRU_NAMESPACE=$(echo PQCLEAN_NTRU${PARAM}_${IMPL}_ | tr [:lower:] [:upper:])
+    ( cd ${BUILD_CRYPTO_KEM}/${PARAM}/${IMPL}
+    NTRU_NAMESPACE=$(echo PQCLEAN_${PARAM}_${IMPL}_ | tr [:lower:] [:upper:])
     for X in $(grep CRYPTO_NAMESPACE *.{c,h} | cut -f2 -d' ' | sort -u); do
       sed -i -s "s/ ${X}/ ${NTRU_NAMESPACE}${X}/g" *.c *.h
     done
@@ -284,14 +375,13 @@ astyle \
   --convert-tabs \
   --mode=c \
   --suffix=none \
-  ${BUILD}/*/*/*.{c,h} >/dev/null
+  ${BUILD_CRYPTO_KEM}/*/*/*.{c,h} >/dev/null
 endtask
 
 # Package
 task "Packaging"
-tar czf pqclean-ntru-$(date +"%Y%m%d").tar.gz crypto_kem/
+( cd ${BUILD}; tar czf ${BASE}/pqclean-ntru-$(date +"%Y%m%d").tar.gz crypto_kem test )
 endtask
 
 # Cleanup
 rm -rf ${BUILD}
-rm -rf ${UPSTREAM}