ML-KEM/Kyber: improvements #8467
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SparkiDev
force-pushed
the
kyber_improv_2
branch
2 times, most recently
from
11b6e3a to
255afc9
Compare
dgarske
requested changes
Feb 18, 2025
JacobBarthelmeh
requested changes
Feb 18, 2025
There was a problem hiding this comment.
./configure CC="clang-15 -fsanitize=address" --enable-kyber=make
CC examples/benchmark/tls_bench.o
src/tls.c:7998:39: error: unused parameter 'type' [-Werror,-Wunused-parameter]
static int kyber_id2type(int id, int *type)
^
1 error generated.
Similar warning with ./configure CC="clang-15 -fsanitize=address" --enable-kyber=enc
./configure CC="clang-15 -fsanitize=address" --enable-kyber=dec
wolfcrypt/src/wc_kyber.c:1207:30: error: variable 'compVecSz' is uninitialized when used here [-Werror,-Wuninitialized]
const byte* c2 = c + compVecSz;
^~~~~~~~~
wolfcrypt/src/wc_kyber.c:1138:27: note: initialize the variable 'compVecSz' to silence this warning
unsigned int compVecSz;
^
= 0
1 error generated.
make[2]: *** [Makefile:8200: wolfcrypt/src/src_libwolfssl_la-wc_kyber.lo] Error 1
`
Need to specify --enable-kyber=512,768,1024,enc Changed the header files to detect whether a key length has been specified. |
SparkiDev
force-pushed
the
kyber_improv_2
branch
from
255afc9 to
eec7270
Compare
SparkiDev
force-pushed
the
kyber_improv_2
branch
2 times, most recently
from
221280a to
d6e41c0
Compare
JacobBarthelmeh
previously approved these changes
Feb 19, 2025
dgarske
requested changes
Feb 19, 2025
ML-KEM/Kyber: MakeKey call generate random once only for all data. Allow MakeKey/Encapsulate/Decapsulate to be compiled separately. Pull out public key decoding common to public and private key decode. Put references to FIPS 140-3 into code. Rename variables to match FIPS 140-3. Fix InvNTT assembly code for x64 - more reductions. Split out ML-KEM/Kyber tests from api.c. TLSX: Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation when A is cached and object stored. To store private key as normal define WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY. misc.c: when Intel x64 build, assume able to read/write unaligned
SparkiDev
force-pushed
the
kyber_improv_2
branch
from
d6e41c0 to
82b50f1
Compare
dgarske
approved these changes
Feb 19, 2025
|
Retest this please: "Found unhandled org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException exception:" |
JacobBarthelmeh
approved these changes
Feb 20, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
ML-KEM/Kyber:
MakeKey call generate random once only for all data.
Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS 140-3.
Fix InvNTT assembly code for x64 - more reductions.
Split out ML-KEM/Kyber tests from api.c.
TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.
misc.c: when Intel x64 build, assume able to read/write unaligned
Testing
Regression tested ML-KEM/Kyber
Checklist