Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add DeriveKeyPair API #1877

Draft
wants to merge 31 commits into
base: main
Choose a base branch
from
Draft

Add DeriveKeyPair API #1877

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
9ee89ac
Initial derive keypair commit
Eddy-M-K May 20, 2024
854e036
Add pqcrystals-ml_kem_ipd.patch
Eddy-M-K May 20, 2024
f11c479
Fix encaps key in scheme and revert whitespace changes
Eddy-M-K May 20, 2024
0b41866
Hopefully corrected patch file
Eddy-M-K Jun 12, 2024
de45506
Corrected missing derand in kem_scheme
Eddy-M-K Jun 12, 2024
9e6bb19
Fix indentation
SWilson4 Jun 12, 2024
7ce72d7
Run copy_from_upstream
SWilson4 Jun 12, 2024
60bfc5e
derand testing tentative changes
Eddy-M-K Jul 10, 2024
008161f
Add missing function declarations
Eddy-M-K Jul 10, 2024
85685ff
Add template for avx2 derand functions
SWilson4 Jul 10, 2024
f985af6
Run copy_from_upstream
SWilson4 Jul 10, 2024
2b83af3
WIP: Add changes for coin length
Eddy-M-K Jul 17, 2024
bc37415
Update patch to include coin lengths
SWilson4 Jul 17, 2024
56c0087
Bootstrap
SWilson4 Jul 17, 2024
981e9eb
fixup! Update patch to include coin lengths
SWilson4 Jul 17, 2024
c7f0608
Conditional copy
SWilson4 Jul 17, 2024
d9eb0ed
Run copy_from_upstream
SWilson4 Jul 17, 2024
7370f17
Separate coins variable into two distinct variables
Eddy-M-K Jul 23, 2024
9609bbc
Add derand fixes
Eddy-M-K Jul 30, 2024
04bdea0
WIP trying to fix build errors
Eddy-M-K Jul 30, 2024
9b639b7
Fix remaining build issues
Eddy-M-K Jul 30, 2024
6f296d8
Resolve unused parameter issues for BIKE
Eddy-M-K Jul 30, 2024
8c06c20
Resolve unused paramter issues for FrodoKEM
Eddy-M-K Jul 30, 2024
6eec29a
Fix whitespace inconsistency
Eddy-M-K Jul 30, 2024
6537493
Fix whitepace issue
Eddy-M-K Jul 30, 2024
2406568
Insert unused attributes
Eddy-M-K Jul 30, 2024
68435ad
Void all unused parameters
Eddy-M-K Jul 30, 2024
6790657
Use tab instead of spaces in kem_scheme
Eddy-M-K Jul 31, 2024
f4fb753
Run copy_from_upstream
SWilson4 Jul 31, 2024
bf435c2
Fix kem_derand python tests
Eddy-M-K Jul 31, 2024
4cbb475
Initialize coins in test_kem_derand
Eddy-M-K Jul 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions scripts/copy_from_upstream/copy_from_upstream.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,10 @@ def load_instructions():
scheme['upstream_location'] = family['upstream_location']
if (not 'arch_specific_upstream_locations' in scheme) and 'arch_specific_upstream_locations' in family:
scheme['arch_specific_upstream_locations'] = family['arch_specific_upstream_locations']
if (not 'derandomized_keypair' in scheme) and 'derandomized_keypair' in family:
scheme['derandomized_keypair'] = family['derandomized_keypair']
if (not 'derandomized_encaps' in scheme) and 'derandomized_encaps' in family:
scheme['derandomized_encaps'] = family['derandomized_encaps']
if not 'git_commit' in scheme:
scheme['git_commit'] = upstreams[scheme['upstream_location']]['git_commit']
if not 'git_branch' in scheme:
Expand Down Expand Up @@ -212,7 +216,7 @@ def load_instructions():
scheme['scheme_paths'][imp_name] = os.path.join('repos', scheme['upstream_location'],
location.format_map(scheme))
if 'arch_specific_upstream_locations' in family:
# This is to override any implememtations provided by the default upstream that
# This is to override any implememtations provided by the default upstream that
# are also specifically specified
for arch in family['arch_specific_upstream_locations']:
if arch in scheme['scheme_paths']:
Expand Down Expand Up @@ -312,7 +316,7 @@ def load_instructions():
scheme['scheme_paths'][imp_name] = os.path.join('repos', scheme['upstream_location'],
location.format_map(scheme))
if 'arch_specific_upstream_locations' in family:
# This is to override any implememtations provided by the default upstream that
# This is to override any implememtations provided by the default upstream that
# are also specifically specified
for arch in family['arch_specific_upstream_locations']:
if arch in scheme['scheme_paths']:
Expand Down Expand Up @@ -459,7 +463,7 @@ def handle_implementation(impl, family, scheme, dst_basedir):
ul = family['arch_specific_upstream_locations'][impl]
elif 'arch_specific_upstream_locations' in scheme and impl in scheme['arch_specific_upstream_locations']:
ul = scheme['arch_specific_upstream_locations'][impl]

os.remove(os.path.join(dst_basedir, 'src', family['type'], family['name'],
'{}_{}_{}'.format(ul, scheme['pqclean_scheme'], impl),
'Makefile'))
Expand Down
2 changes: 2 additions & 0 deletions scripts/copy_from_upstream/copy_from_upstream.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,8 @@ kems:
name: ml_kem
default_implementation: ref
upstream_location: pqcrystals-kyber-standard
derandomized_keypair: true
derandomized_encaps: true
schemes:
-
scheme: "512_ipd"
Expand Down
4 changes: 4 additions & 0 deletions scripts/copy_from_upstream/src/kem/family/kem_family.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@
#define OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_ciphertext {{ scheme['metadata']['length-ciphertext'] }}
#define OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_shared_secret {{ scheme['metadata']['length-shared-secret'] }}
OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_new(void);
OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins);
OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair(uint8_t *public_key, uint8_t *secret_key);
OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps_derand(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key, const uint8_t *coins);
OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
{% if 'alias_scheme' in scheme %}
Expand All @@ -21,7 +23,9 @@ OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_decaps(uint8_t *s
#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_ciphertext OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_ciphertext
#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_shared_secret OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_shared_secret
OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_new(void);
#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_keypair_derand OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair_derand
#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_keypair OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair
#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_encaps_derand OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps_derand
#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_encaps OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps
#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_decaps OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_decaps
{% endif -%}
Expand Down
96 changes: 95 additions & 1 deletion scripts/copy_from_upstream/src/kem/family/kem_scheme.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,9 @@ OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_new(void) {
kem->length_ciphertext = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_ciphertext;
kem->length_shared_secret = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_shared_secret;

kem->keypair_derand = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair_derand;
kem->keypair = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair;
kem->encaps_derand = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps_derand;
kem->encaps = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps;
kem->decaps = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_decaps;

Expand Down Expand Up @@ -57,7 +59,9 @@ OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) {
kem->length_ciphertext = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_ciphertext;
kem->length_shared_secret = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_shared_secret;

kem->keypair_derand = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_keypair_derand;
kem->keypair = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_keypair;
kem->encaps_derand = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_encaps_derand;
kem->encaps = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_encaps;
kem->decaps = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_decaps;

Expand All @@ -68,14 +72,28 @@ OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) {

{%- for impl in scheme['metadata']['implementations'] if impl['name'] == scheme['default_implementation'] %}

{%- if impl['signature_keypair_derand'] %}
{%- set cleankeypair = scheme['metadata'].update({'default_keypair_derand_signature': impl['signature_keypair_derand']}) -%}
{%- else %}
{%- set cleankeypair = scheme['metadata'].update({'default_keypair_derand_signature': "PQCLEAN_"+scheme['pqclean_scheme_c']|upper+"_"+scheme['default_implementation']|upper+"_crypto_kem_keypair_derand"}) -%}
{%- endif %}

extern int {{ scheme['metadata']['default_keypair_derand_signature'] }}(uint8_t *pk, uint8_t *sk, const uint8_t *coins);

{%- if impl['signature_keypair'] %}
{%- set cleankeypair = scheme['metadata'].update({'default_keypair_signature': impl['signature_keypair']}) -%}
{%- else %}
{%- set cleankeypair = scheme['metadata'].update({'default_keypair_signature': "PQCLEAN_"+scheme['pqclean_scheme_c']|upper+"_"+scheme['default_implementation']|upper+"_crypto_kem_keypair"}) -%}
{%- endif %}

extern int {{ scheme['metadata']['default_keypair_signature'] }}(uint8_t *pk, uint8_t *sk);

{%- if impl['signature_enc_derand'] %}
{%- set cleanenc = scheme['metadata'].update({'default_enc_derand_signature': impl['signature_enc']}) -%}
{%- else %}
{%- set cleanenc = scheme['metadata'].update({'default_enc_derand_signature': "PQCLEAN_"+scheme['pqclean_scheme_c']|upper+"_"+scheme['default_implementation']|upper+"_crypto_kem_enc_derand"}) -%}
{%- endif %}
extern int {{ scheme['metadata']['default_enc_derand_signature'] }}(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins);

{%- if impl['signature_enc'] %}
{%- set cleanenc = scheme['metadata'].update({'default_enc_signature': impl['signature_enc']}) -%}
{%- else %}
Expand Down Expand Up @@ -115,6 +133,44 @@ extern int PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper
#endif
{%- endfor %}

OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) {
{%- if scheme['derandomized_keypair'] %}
{%- for impl in scheme['metadata']['implementations'] if impl['name'] != scheme['default_implementation'] %}
{%- if loop.first %}
#if defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %}
{%- else %}
#elif defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %}
{%- endif %}
{%- if 'required_flags' in impl and impl['required_flags'] %}
#if defined(OQS_DIST_BUILD)
if ({%- for flag in impl['required_flags'] -%}OQS_CPU_has_extension(OQS_CPU_EXT_{{ flag|upper }}){%- if not loop.last %} && {% endif -%}{%- endfor -%}) {
#endif /* OQS_DIST_BUILD */
{%- endif -%}
{%- if impl['signature_keypair_derand'] %}
{% if 'required_flags' in impl and impl['required_flags'] %} {% endif -%}return (OQS_STATUS) {{ impl['signature_keypair_derand'] }}(public_key, secret_key, coins);
{%- else %}
{% if 'required_flags' in impl and impl['required_flags'] %} {% endif -%}return (OQS_STATUS) PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_kem_keypair_derand(public_key, secret_key, coins);
{%- endif %}
{%- if 'required_flags' in impl and impl['required_flags'] %}
#if defined(OQS_DIST_BUILD)
} else {
return (OQS_STATUS) {{ scheme['metadata']['default_keypair_derand_signature'] }}(public_key, secret_key, coins);
}
#endif /* OQS_DIST_BUILD */
{%- endif -%}
{%- endfor %}
{%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %}
#else
{%- endif %}
return (OQS_STATUS) {{ scheme['metadata']['default_keypair_derand_signature'] }}(public_key, secret_key, coins);
{%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %}
#endif
{%- endif %}
{%- else %}
return OQS_ERROR;
{%- endif %}
}

OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair(uint8_t *public_key, uint8_t *secret_key) {
{%- for impl in scheme['metadata']['implementations'] if impl['name'] != scheme['default_implementation'] %}
{%- if loop.first %}
Expand Down Expand Up @@ -149,6 +205,44 @@ OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair(uint8_t *
{%- endif %}
}

OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps_derand(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key, const uint8_t *coins) {
{%- if scheme['derandomized_keypair'] %}
{%- for impl in scheme['metadata']['implementations'] if impl['name'] != scheme['default_implementation'] %}
{%- if loop.first %}
#if defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %}
{%- else %}
#elif defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %}
{%- endif %}
{%- if 'required_flags' in impl and impl['required_flags'] %}
#if defined(OQS_DIST_BUILD)
if ({%- for flag in impl['required_flags'] -%}OQS_CPU_has_extension(OQS_CPU_EXT_{{ flag|upper }}){%- if not loop.last %} && {% endif -%}{%- endfor -%}) {
#endif /* OQS_DIST_BUILD */
{%- endif -%}
{%- if impl['signature_enc_derand'] %}
{% if 'required_flags' in impl and impl['required_flags'] %} {% endif -%}return (OQS_STATUS) {{ impl['signature_enc_derand'] }}(ciphertext, shared_secret, public_key, coins);
{%- else %}
{% if 'required_flags' in impl and impl['required_flags'] %} {% endif -%}return (OQS_STATUS) PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_kem_enc_derand(ciphertext, shared_secret, public_key, coins);
{%- endif %}
{%- if 'required_flags' in impl and impl['required_flags'] %}
#if defined(OQS_DIST_BUILD)
} else {
return (OQS_STATUS) {{ scheme['metadata']['default_enc_derand_signature'] }}(ciphertext, shared_secret, public_key, coins);
}
#endif /* OQS_DIST_BUILD */
{%- endif -%}
{%- endfor %}
{%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %}
#else
{%- endif %}
return (OQS_STATUS) {{ scheme['metadata']['default_enc_derand_signature'] }}(ciphertext, shared_secret, public_key, coins);
{%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %}
#endif
{%- endif %}
{%- else %}
return OQS_ERROR;
{%- endif %}
}

OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
{%- for impl in scheme['metadata']['implementations'] if impl['name'] != scheme['default_implementation'] %}
{%- if loop.first %}
Expand Down
Loading