Add Dilithium test for M7

slothy-optimizer · Jul 31, 2024 · 991e708 · 991e708
1 parent 24222e9
commit 991e708
Show file tree

Hide file tree

Showing 13 changed files with 409 additions and 12 deletions.
diff --git a/Makefile b/Makefile
@@ -17,6 +17,7 @@ include tests/ntt-768/ntt-768.mk
 include tests/ntt-1024/ntt-1024-all.mk
 include tests/ntt-n256/ntt-n256.mk
 include tests/ntt-dilithium/ntt-dilithium.mk
+include tests/ntt-dilithium-m7/ntt-dilithium-m7.mk
 include tests/ntt-kyber/ntt-kyber.mk
 include tests/permute/permute.mk
 include tests/poly/poly.mk

diff --git a/asm/manual/ntt_dilithium/dilithium5_ntt.s b/asm/manual/ntt_dilithium/dilithium5_ntt.s
@@ -0,0 +1 @@
+../../../slothy/examples/naive/armv7m/dilithium5_ntt.s
diff --git a/asm/manual/ntt_dilithium/dilithium5_ntt_opt.s b/asm/manual/ntt_dilithium/dilithium5_ntt_opt.s
@@ -0,0 +1 @@
+../../../slothy/examples/opt/armv7m/dilithium5_ntt_opt_m7.s
diff --git a/envs/m55-an547/src/randombytes.h → envs/common/inc/randombytes.h b/envs/m55-an547/src/randombytes.h → envs/common/inc/randombytes.h
diff --git a/envs/common/mps2.mk b/envs/common/mps2.mk
@@ -50,10 +50,12 @@ LDFLAGS += \
 
 all: $(TARGET)
 
-HAL_SOURCES = ../common/src/hal-mps2.c
+HAL_SOURCES = ../common/src/hal-mps2.c ../common/src/randombytes.c
 HAL_ASMS = $(MBED_OS_TARGET_DIR)/TOOLCHAIN_GCC_ARM/startup_MPS2.S
 OBJECTS_HAL = $(patsubst %.c, $(BUILD_DIR)/%.c.o, $(abspath $(HAL_SOURCES)))
 OBJECTS_HAL += $(patsubst %.S, $(BUILD_DIR)/%.S.o, $(abspath $(HAL_ASMS)))
+TEST_COMMON_SOURCES = $(wildcard $(TEST_COMMON)/*.c)
+OBJECTS_TEST_COMMON = $(patsubst %.c, $(BUILD_DIR)/%.c.o, $(abspath $(TEST_COMMON_SOURCES)))
 OBJECTS_SOURCES=$(patsubst %.c, $(BUILD_DIR)/%.c.o, $(abspath $(SOURCES)))
 OBJECTS_C = $(OBJECTS_SOURCES) $(OBJECTS_HAL) $(OBJECTS_TEST_COMMON)
 OBJECTS_ASM = $(patsubst %.s, $(BUILD_DIR)/%.s.o, $(abspath $(ASMS)))

diff --git a/envs/common/opencm3.mk b/envs/common/opencm3.mk
@@ -63,9 +63,11 @@ LDFLAGS += \
 
 all: $(TARGET)
 
-HAL_SOURCES = ../common/src/hal-opencm3.c
+HAL_SOURCES = ../common/src/hal-opencm3.c ../common/src/randombytes.c
 OBJECTS_HAL = $(patsubst %.c, $(BUILD_DIR)/%.c.o, $(abspath $(HAL_SOURCES)))
 OBJECTS_HAL += $(patsubst %.S, $(BUILD_DIR)/%.S.o, $(abspath $(HAL_ASMS)))
+TEST_COMMON_SOURCES = $(wildcard $(TEST_COMMON)/*.c)
+OBJECTS_TEST_COMMON = $(patsubst %.c, $(BUILD_DIR)/%.c.o, $(abspath $(TEST_COMMON_SOURCES)))
 OBJECTS_SOURCES=$(patsubst %.c, $(BUILD_DIR)/%.c.o, $(abspath $(SOURCES)))
 OBJECTS_C = $(OBJECTS_SOURCES) $(OBJECTS_HAL) $(OBJECTS_TEST_COMMON)
 OBJECTS_ASM = $(patsubst %.s, $(BUILD_DIR)/%.s.o, $(abspath $(ASMS)))

diff --git a/envs/common/src/hal-mps2.c b/envs/common/src/hal-mps2.c
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 #include <stdarg.h>
 #include <stdio.h>
+#include "randombytes.h"
 #include <hal.h>
 #if defined(MPS2_AN385)
 #include <CMSDK_CM3.h>
@@ -110,6 +111,15 @@ void debug_printf(const char * format, ... )
 void debug_test_ok()   { hal_send_str( "Ok\n"    ); }
 void debug_test_fail() { hal_send_str( "FAIL!\n" ); }
 
+uint8_t get_random_byte()
+{
+    uint32_t data;
+    randombytes((uint8_t *)&data,sizeof(data));
+    return (uint8_t) data;
+}
+
+
+
 #if !defined(NO_SEMIHOSTING_EXIT)
 // TODO(dsprenkels) Currently, we only exit the QEMU host when a the program
 // exists successfully.  We should also populate some interrupts handlers that

diff --git a/envs/common/src/hal-opencm3.c b/envs/common/src/hal-opencm3.c
@@ -3,6 +3,7 @@
 #include <sys/cdefs.h>
 #include <stdarg.h>
 #include <stdio.h>
+#include "randombytes.h"
 
 #define SERIAL_BAUD 38400
 
@@ -324,6 +325,13 @@ void measure_start()
     _measure_start = hal_get_time();
 }
 
+uint8_t get_random_byte()
+{
+    uint32_t data;
+    randombytes((uint8_t *)&data,sizeof(data));
+    return (uint8_t) data;
+}
+
 
 
 /* End of BSS is where the heap starts (defined in the linker script) */

diff --git a/envs/common/src/randombytes.c b/envs/common/src/randombytes.c
@@ -0,0 +1,128 @@
+// SPDX-License-Identifier: Apache-2.0 or CC0-1.0
+#include "randombytes.h"
+
+#if defined(STM32F2) || defined(STM32F4) || defined(STM32L4R5ZI) && !defined(MPS2_AN386)
+
+#include <libopencm3/stm32/rng.h>
+
+//TODO Maybe we do not want to use the hardware RNG for all randomness, but instead only read a seed and then expand that using fips202.
+
+int randombytes(uint8_t *obuf, size_t len)
+{
+    union
+    {
+        unsigned char aschar[4];
+        uint32_t asint;
+    } random;
+
+    while (len > 4)
+    {
+        random.asint = rng_get_random_blocking();
+        *obuf++ = random.aschar[0];
+        *obuf++ = random.aschar[1];
+        *obuf++ = random.aschar[2];
+        *obuf++ = random.aschar[3];
+        len -= 4;
+    }
+    if (len > 0)
+    {
+        for (random.asint = rng_get_random_blocking(); len > 0; --len)
+        {
+            *obuf++ = random.aschar[len - 1];
+        }
+    }
+
+    return 0;
+}
+
+#else /* NONRANDOM FALLBACK IMPLEMENTATION */
+#pragma message("Using a non-random randombytes")
+
+#include <string.h>
+
+static uint32_t seed[32] = {3, 1, 4, 1, 5, 9, 2, 6, 5, 3, 5, 8, 9, 7, 9, 3,
+                            2, 3, 8, 4, 6, 2, 6, 4, 3, 3, 8, 3, 2, 7, 9, 5};
+static uint32_t in[12];
+static uint8_t out_buf[sizeof(uint32_t) * 16];
+static int32_t outleft = 0;
+
+#define ROTATE(x, b) (((x) << (b)) | ((x) >> (32 - (b))))
+#define MUSH(i, b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x, b));
+
+static void surf(uint32_t out[8])
+{
+  uint32_t t[12];
+  uint32_t x;
+  uint32_t sum = 0;
+  int32_t r;
+  int32_t i;
+  int32_t loop;
+
+  for (i = 0; i < 12; ++i) {
+    t[i] = in[i] ^ seed[12 + i];
+  }
+  for (i = 0; i < 8; ++i) {
+    out[i] = seed[24 + i];
+  }
+  x = t[11];
+  for (loop = 0; loop < 2; ++loop) {
+    for (r = 0; r < 16; ++r) {
+      sum += 0x9e3779b9;
+      MUSH(0, 5)
+      MUSH(1, 7)
+      MUSH(2, 9)
+      MUSH(3, 13)
+      MUSH(4, 5)
+      MUSH(5, 7)
+      MUSH(6, 9)
+      MUSH(7, 13)
+      MUSH(8, 5)
+      MUSH(9, 7)
+      MUSH(10, 9)
+      MUSH(11, 13)
+    }
+    for (i = 0; i < 8; ++i) {
+      out[i] ^= t[i + 4];
+    }
+  }
+}
+
+void randombytes_regen(void);
+void randombytes_regen(void)
+{
+  uint32_t out[8];
+  if (!++in[0]) {
+    if (!++in[1]) {
+      if (!++in[2]) {
+        ++in[3];
+      }
+    }
+  }
+  surf(out);
+  memcpy(out_buf, out, sizeof(out));
+  if (!++in[0]) {
+    if (!++in[1]) {
+      if (!++in[2]) {
+        ++in[3];
+      }
+    }
+  }
+  surf(out);
+  memcpy(out_buf + sizeof(out), out, sizeof(out));
+  outleft = sizeof(out_buf);
+}
+
+int randombytes(uint8_t* buf, size_t xlen)
+{
+  while (xlen > 0) {
+    if (!outleft) {
+      randombytes_regen();
+    }
+    *buf = out_buf[--outleft];
+    ++buf;
+    --xlen;
+  }
+  return 0;
+}
+
+#endif
diff --git a/envs/m85-an555/src/randombytes.h b/envs/m85-an555/src/randombytes.h
diff --git a/tests/common/poly.h b/tests/common/poly.h
@@ -60,7 +60,7 @@ void mod_reduce_buf_s32   ( int32_t *src, unsigned size, int32_t modulus );
 void mod_reduce_buf_s32_signed( int32_t *src, unsigned size, int32_t modulus );
 void mod_mul_buf_const_s32( int32_t *src, int32_t factor, int32_t *dst,
                             unsigned size, int32_t mod );
-void mod_add_buf_u16( uint16_t *src_a, uint16_t *src_b, uint16_t *dst,
+void mod_add_buf_u32( uint16_t *src_a, uint16_t *src_b, uint16_t *dst,
                       unsigned size );
 void mod_add_buf_s32( int32_t *src_a, int32_t *src_b, int32_t *dst,
                       unsigned size, int32_t modulus );
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		../../../slothy/examples/naive/armv7m/dilithium5_ntt.s
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		../../../slothy/examples/opt/armv7m/dilithium5_ntt_opt_m7.s