new pull [full tests] [extended tests]

open-quantum-safe · Mar 3, 2025 · 0b5be0d · 0b5be0d
1 parent 3a48a3b
commit 0b5be0d
Show file tree

Hide file tree

Showing 15 changed files with 51 additions and 87 deletions.
diff --git a/docs/algorithms/sig/mayo.md b/docs/algorithms/sig/mayo.md
@@ -6,7 +6,7 @@
 - **Authors' website**: https://pqmayo.org
 - **Specification version**: https://doi.org/10.46586/tches.v2024.i2.252-275.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQCMayo/MAYO-C/commit/15582391a93616d70202ee631eb65b7ce1ee3a6a with copy_from_upstream patches
+  - **Source**: https://github.com/PQCMayo/MAYO-C/commit/30c9b1d8f49312ecf3370f725a84666fa759d9b3 with copy_from_upstream patches
   - **Implementation license (SPDX-Identifier)**: Apache-2.0
 
 

diff --git a/docs/algorithms/sig/mayo.yml b/docs/algorithms/sig/mayo.yml
@@ -11,7 +11,7 @@ website: https://pqmayo.org
 nist-round: 1
 spec-version: https://doi.org/10.46586/tches.v2024.i2.252-275
 primary-upstream:
-  source: https://github.com/PQCMayo/MAYO-C/commit/15582391a93616d70202ee631eb65b7ce1ee3a6a
+  source: https://github.com/PQCMayo/MAYO-C/commit/30c9b1d8f49312ecf3370f725a84666fa759d9b3
     with copy_from_upstream patches
   spdx-license-identifier: Apache-2.0
 parameter-sets:

diff --git a/scripts/copy_from_upstream/copy_from_upstream.yml b/scripts/copy_from_upstream/copy_from_upstream.yml
@@ -67,7 +67,7 @@ upstreams:
     name: pqmayo
     git_url: https://github.com/PQCMayo/MAYO-C.git
     git_branch: round2-liboqs
-    git_commit: 15582391a93616d70202ee631eb65b7ce1ee3a6a
+    git_commit: 30c9b1d8f49312ecf3370f725a84666fa759d9b3
     sig_meta_path: 'META/{pretty_name_full}_META.yml'
     sig_scheme_path: '.'
     patches: [pqmayo-aes.patch, pqmayo-mem.patch]

diff --git a/src/sig/mayo/pqmayo_mayo-1_avx2/mayo.c b/src/sig/mayo/pqmayo_mayo-1_avx2/mayo.c
@@ -364,7 +364,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     unsigned char y[M_MAX];                    // secret data
     unsigned char salt[SALT_BYTES_MAX];        // not secret data
     unsigned char V[K_MAX * V_BYTES_MAX + R_BYTES_MAX], Vdec[V_MAX * K_MAX];                 // secret data
-    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)];   // secret data
+    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)] = { 0 };   // secret data
     unsigned char x[K_MAX * N_MAX];                       // not secret data
     unsigned char r[K_MAX * O_MAX + 1] = { 0 };           // secret data
     unsigned char s[K_MAX * N_MAX];                       // not secret data
@@ -403,8 +403,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     uint64_t *P1 = sk.p;
     uint64_t *L  = P1 + PARAM_P1_limbs(p);
     uint64_t Mtmp[K_MAX * O_MAX * M_VEC_LIMBS_MAX] = {0};
-    uint64_t vPv[K_MAX * K_MAX * M_VEC_LIMBS_MAX] = {0};
-
 
 #ifdef TARGET_BIG_ENDIAN
     for (int i = 0; i < PARAM_P1_limbs(p); ++i) {
@@ -455,9 +453,9 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
         }
 
         // compute M_i matrices and all v_i*P1*v_j
-        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, vPv);
+        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, (uint64_t*) A);
 
-        compute_rhs(p, vPv, t, y);
+        compute_rhs(p, (uint64_t*) A, t, y);
         compute_A(p, Mtmp, A);
 
         for (int i = 0; i < param_m; i++)
@@ -473,7 +471,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
             break;
         } else {
             memset(Mtmp, 0, sizeof(Mtmp));
-            memset(vPv, 0, sizeof(vPv));
+            memset(A, 0, sizeof(A));
         }
     }
 
@@ -498,7 +496,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     mayo_secure_clear(Ox, sizeof(Ox));
     mayo_secure_clear(tmp, sizeof(tmp));
     mayo_secure_clear(Mtmp, sizeof(Mtmp));
-    mayo_secure_clear(vPv, sizeof(vPv));
     return ret;
 }
 

diff --git a/src/sig/mayo/pqmayo_mayo-1_neon/mayo.c b/src/sig/mayo/pqmayo_mayo-1_neon/mayo.c
@@ -364,7 +364,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     unsigned char y[M_MAX];                    // secret data
     unsigned char salt[SALT_BYTES_MAX];        // not secret data
     unsigned char V[K_MAX * V_BYTES_MAX + R_BYTES_MAX], Vdec[V_MAX * K_MAX];                 // secret data
-    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)];   // secret data
+    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)] = { 0 };   // secret data
     unsigned char x[K_MAX * N_MAX];                       // not secret data
     unsigned char r[K_MAX * O_MAX + 1] = { 0 };           // secret data
     unsigned char s[K_MAX * N_MAX];                       // not secret data
@@ -403,8 +403,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     uint64_t *P1 = sk.p;
     uint64_t *L  = P1 + PARAM_P1_limbs(p);
     uint64_t Mtmp[K_MAX * O_MAX * M_VEC_LIMBS_MAX] = {0};
-    uint64_t vPv[K_MAX * K_MAX * M_VEC_LIMBS_MAX] = {0};
-
 
 #ifdef TARGET_BIG_ENDIAN
     for (int i = 0; i < PARAM_P1_limbs(p); ++i) {
@@ -455,9 +453,9 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
         }
 
         // compute M_i matrices and all v_i*P1*v_j
-        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, vPv);
+        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, (uint64_t*) A);
 
-        compute_rhs(p, vPv, t, y);
+        compute_rhs(p, (uint64_t*) A, t, y);
         compute_A(p, Mtmp, A);
 
         for (int i = 0; i < param_m; i++)
@@ -473,7 +471,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
             break;
         } else {
             memset(Mtmp, 0, sizeof(Mtmp));
-            memset(vPv, 0, sizeof(vPv));
+            memset(A, 0, sizeof(A));
         }
     }
 
@@ -498,7 +496,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     mayo_secure_clear(Ox, sizeof(Ox));
     mayo_secure_clear(tmp, sizeof(tmp));
     mayo_secure_clear(Mtmp, sizeof(Mtmp));
-    mayo_secure_clear(vPv, sizeof(vPv));
     return ret;
 }
 

diff --git a/src/sig/mayo/pqmayo_mayo-1_opt/mayo.c b/src/sig/mayo/pqmayo_mayo-1_opt/mayo.c
@@ -364,7 +364,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     unsigned char y[M_MAX];                    // secret data
     unsigned char salt[SALT_BYTES_MAX];        // not secret data
     unsigned char V[K_MAX * V_BYTES_MAX + R_BYTES_MAX], Vdec[V_MAX * K_MAX];                 // secret data
-    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)];   // secret data
+    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)] = { 0 };   // secret data
     unsigned char x[K_MAX * N_MAX];                       // not secret data
     unsigned char r[K_MAX * O_MAX + 1] = { 0 };           // secret data
     unsigned char s[K_MAX * N_MAX];                       // not secret data
@@ -403,8 +403,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     uint64_t *P1 = sk.p;
     uint64_t *L  = P1 + PARAM_P1_limbs(p);
     uint64_t Mtmp[K_MAX * O_MAX * M_VEC_LIMBS_MAX] = {0};
-    uint64_t vPv[K_MAX * K_MAX * M_VEC_LIMBS_MAX] = {0};
-
 
 #ifdef TARGET_BIG_ENDIAN
     for (int i = 0; i < PARAM_P1_limbs(p); ++i) {
@@ -455,9 +453,9 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
         }
 
         // compute M_i matrices and all v_i*P1*v_j
-        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, vPv);
+        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, (uint64_t*) A);
 
-        compute_rhs(p, vPv, t, y);
+        compute_rhs(p, (uint64_t*) A, t, y);
         compute_A(p, Mtmp, A);
 
         for (int i = 0; i < param_m; i++)
@@ -473,7 +471,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
             break;
         } else {
             memset(Mtmp, 0, sizeof(Mtmp));
-            memset(vPv, 0, sizeof(vPv));
+            memset(A, 0, sizeof(A));
         }
     }
 
@@ -498,7 +496,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     mayo_secure_clear(Ox, sizeof(Ox));
     mayo_secure_clear(tmp, sizeof(tmp));
     mayo_secure_clear(Mtmp, sizeof(Mtmp));
-    mayo_secure_clear(vPv, sizeof(vPv));
     return ret;
 }
 

diff --git a/src/sig/mayo/pqmayo_mayo-2_avx2/mayo.c b/src/sig/mayo/pqmayo_mayo-2_avx2/mayo.c
@@ -364,7 +364,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     unsigned char y[M_MAX];                    // secret data
     unsigned char salt[SALT_BYTES_MAX];        // not secret data
     unsigned char V[K_MAX * V_BYTES_MAX + R_BYTES_MAX], Vdec[V_MAX * K_MAX];                 // secret data
-    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)];   // secret data
+    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)] = { 0 };   // secret data
     unsigned char x[K_MAX * N_MAX];                       // not secret data
     unsigned char r[K_MAX * O_MAX + 1] = { 0 };           // secret data
     unsigned char s[K_MAX * N_MAX];                       // not secret data
@@ -403,8 +403,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     uint64_t *P1 = sk.p;
     uint64_t *L  = P1 + PARAM_P1_limbs(p);
     uint64_t Mtmp[K_MAX * O_MAX * M_VEC_LIMBS_MAX] = {0};
-    uint64_t vPv[K_MAX * K_MAX * M_VEC_LIMBS_MAX] = {0};
-
 
 #ifdef TARGET_BIG_ENDIAN
     for (int i = 0; i < PARAM_P1_limbs(p); ++i) {
@@ -455,9 +453,9 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
         }
 
         // compute M_i matrices and all v_i*P1*v_j
-        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, vPv);
+        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, (uint64_t*) A);
 
-        compute_rhs(p, vPv, t, y);
+        compute_rhs(p, (uint64_t*) A, t, y);
         compute_A(p, Mtmp, A);
 
         for (int i = 0; i < param_m; i++)
@@ -473,7 +471,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
             break;
         } else {
             memset(Mtmp, 0, sizeof(Mtmp));
-            memset(vPv, 0, sizeof(vPv));
+            memset(A, 0, sizeof(A));
         }
     }
 
@@ -498,7 +496,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     mayo_secure_clear(Ox, sizeof(Ox));
     mayo_secure_clear(tmp, sizeof(tmp));
     mayo_secure_clear(Mtmp, sizeof(Mtmp));
-    mayo_secure_clear(vPv, sizeof(vPv));
     return ret;
 }
 

diff --git a/src/sig/mayo/pqmayo_mayo-2_neon/mayo.c b/src/sig/mayo/pqmayo_mayo-2_neon/mayo.c
@@ -364,7 +364,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     unsigned char y[M_MAX];                    // secret data
     unsigned char salt[SALT_BYTES_MAX];        // not secret data
     unsigned char V[K_MAX * V_BYTES_MAX + R_BYTES_MAX], Vdec[V_MAX * K_MAX];                 // secret data
-    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)];   // secret data
+    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)] = { 0 };   // secret data
     unsigned char x[K_MAX * N_MAX];                       // not secret data
     unsigned char r[K_MAX * O_MAX + 1] = { 0 };           // secret data
     unsigned char s[K_MAX * N_MAX];                       // not secret data
@@ -403,8 +403,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     uint64_t *P1 = sk.p;
     uint64_t *L  = P1 + PARAM_P1_limbs(p);
     uint64_t Mtmp[K_MAX * O_MAX * M_VEC_LIMBS_MAX] = {0};
-    uint64_t vPv[K_MAX * K_MAX * M_VEC_LIMBS_MAX] = {0};
-
 
 #ifdef TARGET_BIG_ENDIAN
     for (int i = 0; i < PARAM_P1_limbs(p); ++i) {
@@ -455,9 +453,9 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
         }
 
         // compute M_i matrices and all v_i*P1*v_j
-        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, vPv);
+        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, (uint64_t*) A);
 
-        compute_rhs(p, vPv, t, y);
+        compute_rhs(p, (uint64_t*) A, t, y);
         compute_A(p, Mtmp, A);
 
         for (int i = 0; i < param_m; i++)
@@ -473,7 +471,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
             break;
         } else {
             memset(Mtmp, 0, sizeof(Mtmp));
-            memset(vPv, 0, sizeof(vPv));
+            memset(A, 0, sizeof(A));
         }
     }
 
@@ -498,7 +496,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     mayo_secure_clear(Ox, sizeof(Ox));
     mayo_secure_clear(tmp, sizeof(tmp));
     mayo_secure_clear(Mtmp, sizeof(Mtmp));
-    mayo_secure_clear(vPv, sizeof(vPv));
     return ret;
 }
 

diff --git a/src/sig/mayo/pqmayo_mayo-2_opt/mayo.c b/src/sig/mayo/pqmayo_mayo-2_opt/mayo.c
@@ -364,7 +364,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     unsigned char y[M_MAX];                    // secret data
     unsigned char salt[SALT_BYTES_MAX];        // not secret data
     unsigned char V[K_MAX * V_BYTES_MAX + R_BYTES_MAX], Vdec[V_MAX * K_MAX];                 // secret data
-    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)];   // secret data
+    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)] = { 0 };   // secret data
     unsigned char x[K_MAX * N_MAX];                       // not secret data
     unsigned char r[K_MAX * O_MAX + 1] = { 0 };           // secret data
     unsigned char s[K_MAX * N_MAX];                       // not secret data
@@ -403,8 +403,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     uint64_t *P1 = sk.p;
     uint64_t *L  = P1 + PARAM_P1_limbs(p);
     uint64_t Mtmp[K_MAX * O_MAX * M_VEC_LIMBS_MAX] = {0};
-    uint64_t vPv[K_MAX * K_MAX * M_VEC_LIMBS_MAX] = {0};
-
 
 #ifdef TARGET_BIG_ENDIAN
     for (int i = 0; i < PARAM_P1_limbs(p); ++i) {
@@ -455,9 +453,9 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
         }
 
         // compute M_i matrices and all v_i*P1*v_j
-        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, vPv);
+        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, (uint64_t*) A);
 
-        compute_rhs(p, vPv, t, y);
+        compute_rhs(p, (uint64_t*) A, t, y);
         compute_A(p, Mtmp, A);
 
         for (int i = 0; i < param_m; i++)
@@ -473,7 +471,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
             break;
         } else {
             memset(Mtmp, 0, sizeof(Mtmp));
-            memset(vPv, 0, sizeof(vPv));
+            memset(A, 0, sizeof(A));
         }
     }
 
@@ -498,7 +496,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     mayo_secure_clear(Ox, sizeof(Ox));
     mayo_secure_clear(tmp, sizeof(tmp));
     mayo_secure_clear(Mtmp, sizeof(Mtmp));
-    mayo_secure_clear(vPv, sizeof(vPv));
     return ret;
 }
 

diff --git a/src/sig/mayo/pqmayo_mayo-3_avx2/mayo.c b/src/sig/mayo/pqmayo_mayo-3_avx2/mayo.c
@@ -364,7 +364,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     unsigned char y[M_MAX];                    // secret data
     unsigned char salt[SALT_BYTES_MAX];        // not secret data
     unsigned char V[K_MAX * V_BYTES_MAX + R_BYTES_MAX], Vdec[V_MAX * K_MAX];                 // secret data
-    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)];   // secret data
+    unsigned char A[((M_MAX+7)/8*8) * (K_MAX * O_MAX + 1)] = { 0 };   // secret data
     unsigned char x[K_MAX * N_MAX];                       // not secret data
     unsigned char r[K_MAX * O_MAX + 1] = { 0 };           // secret data
     unsigned char s[K_MAX * N_MAX];                       // not secret data
@@ -403,8 +403,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     uint64_t *P1 = sk.p;
     uint64_t *L  = P1 + PARAM_P1_limbs(p);
     uint64_t Mtmp[K_MAX * O_MAX * M_VEC_LIMBS_MAX] = {0};
-    uint64_t vPv[K_MAX * K_MAX * M_VEC_LIMBS_MAX] = {0};
-
 
 #ifdef TARGET_BIG_ENDIAN
     for (int i = 0; i < PARAM_P1_limbs(p); ++i) {
@@ -455,9 +453,9 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
         }
 
         // compute M_i matrices and all v_i*P1*v_j
-        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, vPv);
+        compute_M_and_VPV(p, Vdec, L, P1, Mtmp, (uint64_t*) A);
 
-        compute_rhs(p, vPv, t, y);
+        compute_rhs(p, (uint64_t*) A, t, y);
         compute_A(p, Mtmp, A);
 
         for (int i = 0; i < param_m; i++)
@@ -473,7 +471,7 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
             break;
         } else {
             memset(Mtmp, 0, sizeof(Mtmp));
-            memset(vPv, 0, sizeof(vPv));
+            memset(A, 0, sizeof(A));
         }
     }
 
@@ -498,7 +496,6 @@ int mayo_sign_signature(const mayo_params_t *p, unsigned char *sig,
     mayo_secure_clear(Ox, sizeof(Ox));
     mayo_secure_clear(tmp, sizeof(tmp));
     mayo_secure_clear(Mtmp, sizeof(Mtmp));
-    mayo_secure_clear(vPv, sizeof(vPv));
     return ret;
 }