- adds META.yml files

- adds new api: crypto_sign_signature and crypto_sign_verify
- adds namespacing
- converts CRLF to LF
- fixes for big-endian
- changes types from 'unsigned long long' to size_t
- fixes for strict compilers
- ensures newlines at end of files

Author: bhess

.cmake/target.cmake

@@ -54,7 +54,7 @@ if (${MAYO_BUILD_TYPE} MATCHES "ref")
   option(ENABLE_AESNI "Use AESni" OFF)
   option(ENABLE_PARAMS_DYNAMIC "Use dynamic parameters" ON)
   add_definitions(-DMAYO_BUILD_TYPE_REF)
-elseif(${MAYO_BUILD_TYPE} MATCHES "ref")
+elseif(${MAYO_BUILD_TYPE} MATCHES "opt")
   add_definitions(-DMAYO_BUILD_TYPE_OPT)
   option(ENABLE_PARAMS_DYNAMIC "Use dynamic parameters" OFF)
 elseif(${MAYO_BUILD_TYPE} MATCHES "avx2")

.github/workflows/cmake.yml

@@ -12,7 +12,7 @@ env:
 
 jobs:
   build_test:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     strategy:
       matrix:
         mayo_build_type: [ref, opt, avx2]

META/MAYO_1_META.yml

@@ -0,0 +1,37 @@
+name: MAYO_1
+type: signature
+claimed-nist-level: 1
+length-public-key: 1168
+length-secret-key: 24
+length-signature: 321
+nistkat-sha256: ba2473dedd92cf3b8a1fc14fc22f2ffdde972c8b64cfcd8cddb4f803e48df017
+principal-submitters:
+  - Ward Beullens
+  - Fabio Campos
+  - Sofía Celi
+  - Basil Hess
+  - Matthias J. Kannwischer
+implementations:
+  - name: opt
+    version: https://github.com/PQCMayo/MAYO-C/tree/nibbling-mayo
+    folder_name: .
+    compile_opts: -DMAYO_VARIANT=MAYO_1 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL
+    signature_keypair: pqmayo_MAYO_1_opt_crypto_sign_keypair
+    signature_signature: pqmayo_MAYO_1_opt_crypto_sign_signature
+    signature_verify: pqmayo_MAYO_1_opt_crypto_sign_verify
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/mayo_1/api.c ./src/params.c ./src/mayo.c ./include/mayo.h ./include/mem.h ./src/mayo_1/api.h ./src/simple_arithmetic.h ./src/generic/arithmetic_common.h ./src/generic/echelon_form.h ./src/generic/arithmetic_96.h ./src/generic/arithmetic_64.h ./src/generic/arithmetic_128.h ./src/arithmetic.h ./src/common/aes_ctr.h
+  - name: avx2
+    version: https://github.com/PQCMayo/MAYO-C/tree/nibbling-mayo
+    folder_name: .
+    compile_opts: -DMAYO_VARIANT=MAYO_1 -DMAYO_BUILD_TYPE_AVX2 -DMAYO_AVX -DHAVE_RANDOMBYTES_NORETVAL
+    signature_keypair: pqmayo_MAYO_1_avx2_crypto_sign_keypair
+    signature_signature: pqmayo_MAYO_1_avx2_crypto_sign_signature
+    signature_verify: pqmayo_MAYO_1_avx2_crypto_sign_verify
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/mayo_1/api.c ./src/params.c ./src/mayo.c ./include/mayo.h ./include/mem.h ./src/mayo_1/api.h ./src/simple_arithmetic.h ./src/arithmetic.h ./src/common/aes_ctr.h ./src/AVX2/arithmetic_128.h ./src/AVX2/arithmetic_96.h ./src/AVX2/echelon_form.h ./src/AVX2/shuffle_arithmetic_128.h ./src/AVX2/shuffle_arithmetic_96.h ./src/AVX2/arithmetic_64.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic_64.h
+    supported_platforms:
+      - architecture: x86_64
+        operating_systems:
+          - Darwin
+          - Linux
+        required_flags:
+          - avx2

META/MAYO_2_META.yml

@@ -0,0 +1,37 @@
+name: MAYO_2
+type: signature
+claimed-nist-level: 1
+length-public-key: 5488
+length-secret-key: 24
+length-signature: 180
+nistkat-sha256: 72cb237642b2c0c4e7f8c824d9c8601ac7189784649d28dbb2cccfb94732c9a3
+principal-submitters:
+  - Ward Beullens
+  - Fabio Campos
+  - Sofía Celi
+  - Basil Hess
+  - Matthias J. Kannwischer
+implementations:
+  - name: opt
+    version: https://github.com/PQCMayo/MAYO-C/tree/nibbling-mayo
+    folder_name: .
+    compile_opts: -DMAYO_VARIANT=MAYO_2 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL
+    signature_keypair: pqmayo_MAYO_2_opt_crypto_sign_keypair
+    signature_signature: pqmayo_MAYO_2_opt_crypto_sign_signature
+    signature_verify: pqmayo_MAYO_2_opt_crypto_sign_verify
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/mayo_2/api.c ./src/params.c ./src/mayo.c ./include/mayo.h ./include/mem.h ./src/mayo_2/api.h ./src/simple_arithmetic.h ./src/generic/arithmetic_common.h ./src/generic/echelon_form.h ./src/generic/arithmetic_96.h ./src/generic/arithmetic_64.h ./src/generic/arithmetic_128.h ./src/arithmetic.h ./src/common/aes_ctr.h
+  - name: avx2
+    version: https://github.com/PQCMayo/MAYO-C/tree/nibbling-mayo
+    folder_name: .
+    compile_opts: -DMAYO_VARIANT=MAYO_2 -DMAYO_BUILD_TYPE_AVX2 -DMAYO_AVX -DHAVE_RANDOMBYTES_NORETVAL
+    signature_keypair: pqmayo_MAYO_2_avx2_crypto_sign_keypair
+    signature_signature: pqmayo_MAYO_2_avx2_crypto_sign_signature
+    signature_verify: pqmayo_MAYO_2_avx2_crypto_sign_verify
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/mayo_2/api.c ./src/params.c ./src/mayo.c ./include/mayo.h ./include/mem.h ./src/mayo_2/api.h ./src/simple_arithmetic.h ./src/arithmetic.h ./src/common/aes_ctr.h ./src/AVX2/arithmetic_128.h ./src/AVX2/arithmetic_96.h ./src/AVX2/echelon_form.h ./src/AVX2/shuffle_arithmetic_128.h ./src/AVX2/shuffle_arithmetic_96.h ./src/AVX2/arithmetic_64.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic_64.h
+    supported_platforms:
+      - architecture: x86_64
+        operating_systems:
+          - Darwin
+          - Linux
+        required_flags:
+          - avx2

META/MAYO_3_META.yml

@@ -0,0 +1,37 @@
+name: MAYO_3
+type: signature
+claimed-nist-level: 3
+length-public-key: 2656
+length-secret-key: 32
+length-signature: 577
+nistkat-sha256: dbc49f4fdfa0de69d416051215cb53c042c4a329d325452d079f3734b7467a6b
+principal-submitters:
+  - Ward Beullens
+  - Fabio Campos
+  - Sofía Celi
+  - Basil Hess
+  - Matthias J. Kannwischer
+implementations:
+  - name: opt
+    version: https://github.com/PQCMayo/MAYO-C/tree/nibbling-mayo
+    folder_name: .
+    compile_opts: -DMAYO_VARIANT=MAYO_3 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL -DHAVE_STACKEFFICIENT
+    signature_keypair: pqmayo_MAYO_3_opt_crypto_sign_keypair
+    signature_signature: pqmayo_MAYO_3_opt_crypto_sign_signature
+    signature_verify: pqmayo_MAYO_3_opt_crypto_sign_verify
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/mayo_3/api.c ./src/params.c ./src/mayo.c ./include/mayo.h ./include/mem.h ./src/mayo_3/api.h ./src/simple_arithmetic.h ./src/generic/arithmetic_common.h ./src/generic/echelon_form.h ./src/generic/arithmetic_96.h ./src/generic/arithmetic_64.h ./src/generic/arithmetic_128.h ./src/arithmetic.h ./src/common/aes_ctr.h
+  - name: avx2
+    version: https://github.com/PQCMayo/MAYO-C/tree/nibbling-mayo
+    folder_name: .
+    compile_opts: -DMAYO_VARIANT=MAYO_3 -DMAYO_BUILD_TYPE_AVX2 -DMAYO_AVX -DHAVE_RANDOMBYTES_NORETVAL -DHAVE_STACKEFFICIENT
+    signature_keypair: pqmayo_MAYO_3_avx2_crypto_sign_keypair
+    signature_signature: pqmayo_MAYO_3_avx2_crypto_sign_signature
+    signature_verify: pqmayo_MAYO_3_avx2_crypto_sign_verify
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/mayo_3/api.c ./src/params.c ./src/mayo.c ./include/mayo.h ./include/mem.h ./src/mayo_3/api.h ./src/simple_arithmetic.h ./src/arithmetic.h ./src/common/aes_ctr.h ./src/AVX2/arithmetic_128.h ./src/AVX2/arithmetic_96.h ./src/AVX2/echelon_form.h ./src/AVX2/shuffle_arithmetic_128.h ./src/AVX2/shuffle_arithmetic_96.h ./src/AVX2/arithmetic_64.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic_64.h
+    supported_platforms:
+      - architecture: x86_64
+        operating_systems:
+          - Darwin
+          - Linux
+        required_flags:
+          - avx2

META/MAYO_5_META.yml

@@ -0,0 +1,37 @@
+name: MAYO_5
+type: signature
+claimed-nist-level: 5
+length-public-key: 5008
+length-secret-key: 40
+length-signature: 838
+nistkat-sha256: f2c1c69045c7d15e714a04119965e8a7007ef54f9293158587560227c97b237d
+principal-submitters:
+  - Ward Beullens
+  - Fabio Campos
+  - Sofía Celi
+  - Basil Hess
+  - Matthias J. Kannwischer
+implementations:
+  - name: opt
+    version: https://github.com/PQCMayo/MAYO-C/tree/nibbling-mayo
+    folder_name: .
+    compile_opts: -DMAYO_VARIANT=MAYO_5 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL -DHAVE_STACKEFFICIENT
+    signature_keypair: pqmayo_MAYO_5_opt_crypto_sign_keypair
+    signature_signature: pqmayo_MAYO_5_opt_crypto_sign_signature
+    signature_verify: pqmayo_MAYO_5_opt_crypto_sign_verify
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/mayo_5/api.c ./src/params.c ./src/mayo.c ./include/mayo.h ./include/mem.h ./src/mayo_5/api.h ./src/simple_arithmetic.h ./src/generic/arithmetic_common.h ./src/generic/echelon_form.h ./src/generic/arithmetic_96.h ./src/generic/arithmetic_64.h ./src/generic/arithmetic_128.h ./src/arithmetic.h ./src/common/aes_ctr.h
+  - name: avx2
+    version: https://github.com/PQCMayo/MAYO-C/tree/nibbling-mayo
+    folder_name: .
+    compile_opts: -DMAYO_VARIANT=MAYO_5 -DMAYO_BUILD_TYPE_AVX2 -DMAYO_AVX -DHAVE_RANDOMBYTES_NORETVAL -DHAVE_STACKEFFICIENT
+    signature_keypair: pqmayo_MAYO_5_avx2_crypto_sign_keypair
+    signature_signature: pqmayo_MAYO_5_avx2_crypto_sign_signature
+    signature_verify: pqmayo_MAYO_5_avx2_crypto_sign_verify
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/mayo_5/api.c ./src/params.c ./src/mayo.c ./include/mayo.h ./include/mem.h ./src/mayo_5/api.h ./src/simple_arithmetic.h ./src/arithmetic.h ./src/common/aes_ctr.h ./src/AVX2/arithmetic_128.h ./src/AVX2/arithmetic_96.h ./src/AVX2/echelon_form.h ./src/AVX2/shuffle_arithmetic_128.h ./src/AVX2/shuffle_arithmetic_96.h ./src/AVX2/arithmetic_64.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic_64.h
+    supported_platforms:
+      - architecture: x86_64
+        operating_systems:
+          - Darwin
+          - Linux
+        required_flags:
+          - avx2

apps/CMakeLists.txt

@@ -28,3 +28,4 @@ foreach(MVARIANT ${MVARIANT_S})
     target_link_libraries(example_nistapi_${MVARIANT_LOWER} PRIVATE ${MVARIANT_LOWER}_nistapi)
     target_include_directories(example_nistapi_${MVARIANT_LOWER} PRIVATE ../include ../src/${MVARIANT_LOWER})
 endforeach()
+

apps/PQCgenKAT_sign.c

@@ -31,7 +31,7 @@ protection within the United States.
 */
 
 #include "api.h"
-#include "rng.h"
+#include "randombytes.h"
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -46,7 +46,7 @@ protection within the United States.
 
 int FindMarker(FILE *infile, const char *marker);
 int ReadHex(FILE *infile, unsigned char *A, int Length, char *str);
-void fprintBstr(FILE *fp, char *S, unsigned char *A, unsigned long long L);
+void fprintBstr(FILE *fp, char *S, unsigned char *A, size_t L);
 
 int main(void) {
   char fn_req[32], fn_rsp[32];
@@ -55,7 +55,7 @@ int main(void) {
   unsigned char msg[3300];
   unsigned char entropy_input[48];
   unsigned char *m, *sm, *m1;
-  unsigned long long mlen, smlen, mlen1;
+  size_t mlen, smlen, mlen1;
   int count;
   int done;
   unsigned char pk[CRYPTO_PUBLICKEYBYTES], sk[CRYPTO_SECRETKEYBYTES];
@@ -84,7 +84,7 @@ int main(void) {
     randombytes(seed, 48);
     fprintBstr(fp_req, "seed = ", seed, 48);
     mlen = 33 * (i + 1);
-    fprintf(fp_req, "mlen = %llu\n", mlen);
+    fprintf(fp_req, "mlen = %zu\n", mlen);
     randombytes(msg, mlen);
     fprintBstr(fp_req, "msg = ", msg, mlen);
     fprintf(fp_req, "pk =\n");
@@ -121,13 +121,13 @@ int main(void) {
     randombytes_init(seed, NULL, 256);
 
     if (FindMarker(fp_req, "mlen = ")) {
-      if (fscanf(fp_req, "%llu", &mlen) != 1)
+      if (fscanf(fp_req, "%zu", &mlen) != 1)
         return KAT_DATA_ERROR;
     } else {
       printf("ERROR: unable to read 'mlen' from <%s>\n", fn_req);
       return KAT_DATA_ERROR;
     }
-    fprintf(fp_rsp, "mlen = %llu\n", mlen);
+    fprintf(fp_rsp, "mlen = %zu\n", mlen);
 
     m = (unsigned char *)calloc(mlen, sizeof(unsigned char));
     m1 = (unsigned char *)calloc(mlen + CRYPTO_BYTES, sizeof(unsigned char));
@@ -151,7 +151,7 @@ int main(void) {
       printf("crypto_sign returned <%d>\n", ret_val);
       return KAT_CRYPTO_FAILURE;
     }
-    fprintf(fp_rsp, "smlen = %llu\n", smlen);
+    fprintf(fp_rsp, "smlen = %zu\n", smlen);
     fprintBstr(fp_rsp, "sm = ", sm, smlen);
     fprintf(fp_rsp, "\n");
 
@@ -162,7 +162,7 @@ int main(void) {
 
     if (mlen != mlen1) {
       printf(
-          "crypto_sign_open returned bad 'mlen': Got <%llu>, expected <%llu>\n",
+          "crypto_sign_open returned bad 'mlen': Got <%zu>, expected <%zu>\n",
           mlen1, mlen);
       return KAT_CRYPTO_FAILURE;
     }
@@ -265,8 +265,8 @@ int ReadHex(FILE *infile, unsigned char *A, int Length, char *str) {
   return 1;
 }
 
-void fprintBstr(FILE *fp, char *S, unsigned char *A, unsigned long long L) {
-  unsigned long long i;
+void fprintBstr(FILE *fp, char *S, unsigned char *A, size_t L) {
+  size_t i;
 
   fprintf(fp, "%s", S);
 
@@ -278,3 +278,4 @@ void fprintBstr(FILE *fp, char *S, unsigned char *A, unsigned long long L) {
 
   fprintf(fp, "\n");
 }
+

apps/example.c

@@ -24,21 +24,21 @@
  */
 static int example_mayo(const mayo_params_t* p) {
 
-    unsigned long long msglen = 32;
-    unsigned long long smlen = p->sig_bytes + msglen;
+    size_t msglen = 32;
+    size_t smlen = PARAM_sig_bytes(p) + msglen;
 
-    unsigned char *pk  = calloc(p->cpk_bytes, 1);
-    unsigned char *sk  = calloc(p->csk_bytes, 1);
+    unsigned char *pk  = calloc(PARAM_cpk_bytes(p), 1);
+    unsigned char *sk  = calloc(PARAM_csk_bytes(p), 1);
 
-    unsigned char *epk = calloc(p->epk_bytes, 1);
+    unsigned char *epk = calloc(PARAM_epk_bytes(p), 1);
     sk_t *esk = calloc(sizeof(sk_t), 1);
 
-    unsigned char *sig = calloc(p->sig_bytes + msglen, 1);
+    unsigned char *sig = calloc(PARAM_sig_bytes(p) + msglen, 1);
 
     unsigned char msg[32] = { 0xe };
     unsigned char msg2[32] = { 0 };
 
-    printf("Example with %s\n", p->name);
+    printf("Example with %s\n", PARAM_name(p));
 
     printf("mayo_keypair -> ");
     int res = mayo_keypair(p, pk, sk);
@@ -129,7 +129,7 @@ static int example_mayo(const mayo_params_t* p) {
 err:
     free(pk);
     free(epk);
-    mayo_secure_free(sk, p->csk_bytes);
+    mayo_secure_free(sk, PARAM_csk_bytes(p));
     mayo_secure_free(esk, sizeof(sk_t));
     free(sig);
     return res;
@@ -145,6 +145,7 @@ int main(void) {
         }
     }
 #else
-    return example_mayo(&MAYO_VARIANT);
+    return example_mayo(0);
 #endif
 }
+

apps/example_nistapi.c

@@ -20,8 +20,9 @@
  */
 static int example_mayo(void) {
 
-    unsigned long long msglen = 32;
-    unsigned long long smlen = CRYPTO_BYTES + msglen;
+    size_t msglen = 32;
+    size_t smlen = CRYPTO_BYTES + msglen;
+    size_t siglen = CRYPTO_BYTES;
 
     unsigned char *pk  = calloc(CRYPTO_PUBLICKEYBYTES, 1);
     unsigned char *sk  = calloc(CRYPTO_SECRETKEYBYTES, 1);
@@ -76,6 +77,39 @@ static int example_mayo(void) {
         res = 0;
         printf("OK\n");
     }
+    
+    printf("crypto_sign_signature -> ");
+    res = crypto_sign_signature(sig, &siglen, msg, msglen, sk);
+    if (res) {
+        printf("FAIL\n");
+        res = -1;
+        goto err;
+    } else {
+        printf("OK\n");
+    }
+
+    printf("crypto_sign_verify (with correct signature) -> ");
+    res = crypto_sign_verify(sig, siglen, msg, msglen, pk);
+    if (res) {
+        printf("FAIL\n");
+        res = -1;
+        goto err;
+    } else {
+        res = 0;
+        printf("OK\n");
+    }
+
+    printf("crypto_sign_verify (with altered signature) -> ");
+    sig[0] = ~sig[0];
+    res = crypto_sign_verify(sig, siglen, msg, msglen, pk);
+    if (!res) {
+        printf("FAIL\n");
+        res = -1;
+        goto err;
+    } else {
+        res = 0;
+        printf("OK\n");
+    }
 
 err:
     free(pk);
@@ -87,3 +121,4 @@ static int example_mayo(void) {
 int main(void) {
     return example_mayo();
 }
+