Apply renéview suggestions

randombit · Aug 7, 2024 · 4cf710e · 4cf710e
1 parent a1a9860
commit 4cf710e
Show file tree

Hide file tree

Showing 9 changed files with 117 additions and 87 deletions.
diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp
@@ -2201,20 +2201,9 @@ class Speed final : public Command {
          for(auto modet : all_modes) {
             Botan::DilithiumMode mode(modet);
 
-   #if !defined(BOTAN_HAS_DILITHIUM)
-            if(mode.is_modern())
+            if(mode.is_available()) {
                continue;
-   #endif
-
-   #if !defined(BOTAN_HAS_DILITHIUM_AES)
-            if(mode.is_aes())
-               continue;
-   #endif
-
-   #if !defined(BOTAN_HAS_ML_DSA_IPD)
-            if(mode.is_ipd())
-               continue;
-   #endif
+            }
 
             auto keygen_timer = make_timer(mode.to_string(), provider, "keygen");
 

diff --git a/src/lib/pubkey/dilithium/dilithium_common/dilithium.cpp b/src/lib/pubkey/dilithium/dilithium_common/dilithium.cpp
@@ -94,6 +94,25 @@ std::string DilithiumMode::to_string() const {
    BOTAN_ASSERT_UNREACHABLE();
 }
 
+bool DilithiumMode::is_available() const {
+#if defined(BOTAN_HAS_DILITHIUM_AES)
+   if(is_dilithium_round3() && is_aes()) {
+      return true;
+   }
+#endif
+#if defined(BOTAN_HAS_DILITHIUM)
+   if(is_dilithium_round3() && is_modern()) {
+      return true;
+   }
+#endif
+#if defined(BOTAN_HAS_ML_DSA_IPD)
+   if(is_ml_dsa_ipd()) {
+      return true;
+   }
+#endif
+   return false;
+}
+
 class Dilithium_PublicKeyInternal {
    public:
       static std::shared_ptr<Dilithium_PublicKeyInternal> decode(
@@ -372,6 +391,7 @@ Dilithium_PublicKey::Dilithium_PublicKey(const AlgorithmIdentifier& alg_id, std:
 
 Dilithium_PublicKey::Dilithium_PublicKey(std::span<const uint8_t> pk, DilithiumMode m) {
    DilithiumConstants mode(m);
+   BOTAN_ARG_CHECK(mode.mode().is_available(), "Dilithium/ML-DSA mode is not available in this build");
    BOTAN_ARG_CHECK(pk.empty() || pk.size() == mode.public_key_bytes(),
                    "dilithium public key does not have the correct byte count");
 
@@ -461,6 +481,7 @@ std::pair<DilithiumPolyVec, DilithiumPolyVec> compute_t1_and_t0(const DilithiumP
  */
 Dilithium_PrivateKey::Dilithium_PrivateKey(RandomNumberGenerator& rng, DilithiumMode m) {
    DilithiumConstants mode(m);
+   BOTAN_ARG_CHECK(mode.mode().is_available(), "Dilithium/ML-DSA mode is not available in this build");
    const auto& sympriv = mode.symmetric_primitives();
 
    const auto xi = rng.random_vec<DilithiumSeedRandomness>(DilithiumConstants::SEED_RANDOMNESS_BYTES);
@@ -486,6 +507,7 @@ Dilithium_PrivateKey::Dilithium_PrivateKey(std::span<const uint8_t> sk, Dilithiu
    auto scope = CT::scoped_poison(sk);
 
    DilithiumConstants mode(m);
+   BOTAN_ARG_CHECK(mode.mode().is_available(), "Dilithium/ML-DSA mode is not available in this build");
    BOTAN_ARG_CHECK(sk.size() == mode.private_key_bytes(), "dilithium private key does not have the correct byte count");
    m_private =
       Dilithium_PrivateKeyInternal::decode(std::move(mode), StrongSpan<const DilithiumSerializedPrivateKey>(sk));

diff --git a/src/lib/pubkey/dilithium/dilithium_common/dilithium.h b/src/lib/pubkey/dilithium/dilithium_common/dilithium.h
@@ -29,7 +29,7 @@ class BOTAN_PUBLIC_API(3, 0) DilithiumMode {
          Dilithium8x7_AES,
          ML_DSA4x4_IPD,
          ML_DSA6x5_IPD,
-         ML_DSA8x7_IPD
+         ML_DSA8x7_IPD,
       };
 
    public:
@@ -41,13 +41,19 @@ class BOTAN_PUBLIC_API(3, 0) DilithiumMode {
       OID object_identifier() const;
       std::string to_string() const;
 
-      bool is_aes() const {
+      BOTAN_DEPRECATED("Dilithium AES mode is deprecated") bool is_aes() const {
          return m_mode == Dilithium4x4_AES || m_mode == Dilithium6x5_AES || m_mode == Dilithium8x7_AES;
       }
 
-      bool is_modern() const { return !is_aes(); }
+      BOTAN_DEPRECATED("Dilithium AES mode is deprecated") bool is_modern() const { return !is_aes(); }
 
-      bool is_ipd() const { return m_mode == ML_DSA4x4_IPD || m_mode == ML_DSA6x5_IPD || m_mode == ML_DSA8x7_IPD; }
+      bool is_ml_dsa_ipd() const {
+         return m_mode == ML_DSA4x4_IPD || m_mode == ML_DSA6x5_IPD || m_mode == ML_DSA8x7_IPD;
+      }
+
+      bool is_dilithium_round3() const { return !is_ml_dsa_ipd(); }
+
+      bool is_available() const;
 
       Mode mode() const { return m_mode; }
 

diff --git a/src/lib/pubkey/dilithium/dilithium_common/dilithium_constants.cpp b/src/lib/pubkey/dilithium/dilithium_common/dilithium_constants.cpp
@@ -17,23 +17,43 @@ namespace Botan {
 
 namespace {
 uint32_t public_key_hash_size(DilithiumMode mode) {
-   // ML-KEM IPD l. 297:
-   //   [...] ML-DSA increases the length of tr to 512 bits [...]
-   return mode.is_ipd() ? 64 : 32;
+   switch(mode.mode()) {
+      case DilithiumMode::ML_DSA4x4_IPD:
+      case DilithiumMode::ML_DSA6x5_IPD:
+      case DilithiumMode::ML_DSA8x7_IPD:
+         // ML-KEM IPD l. 297:
+         //   [...] ML-DSA increases the length of tr to 512 bits [...]
+         return 64;
+      case DilithiumMode::Dilithium4x4:
+      case DilithiumMode::Dilithium4x4_AES:
+      case DilithiumMode::Dilithium6x5:
+      case DilithiumMode::Dilithium6x5_AES:
+      case DilithiumMode::Dilithium8x7:
+      case DilithiumMode::Dilithium8x7_AES:
+         return 32;
+   }
+   BOTAN_ASSERT_UNREACHABLE();
 }
 
 uint32_t commitment_hash_full_size(DilithiumMode mode) {
-   // ML-KEM IPD l. 297-298:
-   //   [ML-DSA] increases the length of c~ to 384 and 512 bits, respectively,
-   //   for the parameter sets ML-DSA-65 and ML-DSA-87.
    switch(mode.mode()) {
-      case Botan::DilithiumMode::ML_DSA6x5_IPD:
+      case DilithiumMode::Dilithium4x4:
+      case DilithiumMode::Dilithium4x4_AES:
+      case DilithiumMode::Dilithium6x5:
+      case DilithiumMode::Dilithium6x5_AES:
+      case DilithiumMode::Dilithium8x7:
+      case DilithiumMode::Dilithium8x7_AES:
+      case DilithiumMode::ML_DSA4x4_IPD:
+         return 32;
+      // ML-KEM IPD l. 297-298:
+      //   [ML-DSA] increases the length of c~ to 384 and 512 bits, respectively,
+      //   for the parameter sets ML-DSA-65 and ML-DSA-87.
+      case DilithiumMode::ML_DSA6x5_IPD:
          return 48;
-      case Botan::DilithiumMode::ML_DSA8x7_IPD:
+      case DilithiumMode::ML_DSA8x7_IPD:
          return 64;
-      default:
-         return 32;
    }
+   BOTAN_ASSERT_UNREACHABLE();
 }
 }  // namespace
 

diff --git a/src/lib/pubkey/dilithium/dilithium_common/dilithium_constants.h b/src/lib/pubkey/dilithium/dilithium_common/dilithium_constants.h
@@ -87,7 +87,7 @@ class DilithiumConstants final {
 
       bool is_aes() const { return m_mode.is_aes(); }
 
-      bool is_ipd() const { return m_mode.is_ipd(); }
+      bool is_ipd() const { return m_mode.is_ml_dsa_ipd(); }
 
    public:
       /// \name Foundational constants

diff --git a/src/lib/pubkey/dilithium/dilithium_common/dilithium_symmetric_primitives.cpp b/src/lib/pubkey/dilithium/dilithium_common/dilithium_symmetric_primitives.cpp
@@ -21,38 +21,32 @@
 namespace Botan {
 
 std::unique_ptr<Dilithium_Symmetric_Primitives> Dilithium_Symmetric_Primitives::create(const DilithiumConstants& mode) {
-#if defined(BOTAN_HAS_ML_DSA_IPD)
-   if(mode.is_modern() && mode.is_ipd()) {
-      return std::make_unique<Dilithium_Common_Symmetric_Primitives>(mode);
+   if(!mode.mode().is_available()) {
+      throw Not_Implemented("requested Dilithium mode is not enabled in this build");
    }
-#endif
 
-#if defined(BOTAN_HAS_DILITHIUM)
-   if(mode.is_modern() && !mode.is_ipd()) {
+   if(mode.is_modern()) {
       return std::make_unique<Dilithium_Common_Symmetric_Primitives>(mode);
-   }
-#endif
-
-#if defined(BOTAN_HAS_DILITHIUM_AES)
-   if(mode.is_aes()) {
+   } else /* AES mode */ {
       return std::make_unique<Dilithium_AES_Symmetric_Primitives>(mode);
    }
-#endif
-
-   throw Not_Implemented("requested Dilithium mode is not enabled in this build");
 }
 
 DilithiumSeedRhoPrime Dilithium_Symmetric_Primitives::calc_rhoprime(RandomNumberGenerator& rng,
                                                                     StrongSpan<const DilithiumSigningSeedK> k,
                                                                     StrongSpan<const DilithiumMessageRepresentative> mu,
                                                                     bool randomized) const {
-   if(m_mode.is_ipd()) {
+   if(m_mode.is_ml_dsa_ipd()) {
       // ML-KEM IPD, Algor. 2, l. 7,8:
       //   rnd <- {0, 1}^256 (For the optional deterministic variant, substitute rnd <- {0}^256)
       //   p' <- H(K || rnd || mu, 512)
-      auto rnd = (randomized)
-                    ? rng.random_vec<DilithiumOptionalRandomness>(DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES)
-                    : DilithiumOptionalRandomness(DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES);
+      const auto rnd = [&] {
+         DilithiumOptionalRandomness rnd(DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES);
+         if(randomized) {
+            rng.randomize(rnd);
+         }
+         return rnd;
+      }();
       return H(k, rnd, mu);
 
    } else /* is Dilithium R3 */ {

diff --git a/src/lib/pubkey/dilithium/dilithium_modern/info.txt b/src/lib/pubkey/dilithium/dilithium_modern/info.txt
@@ -4,7 +4,7 @@ DILITHIUM_MODERN -> 20240728
 
 <module_info>
 name -> "Dilithium Modern Instances"
-brief -> "Base module for modern dilithium and ML-KEM"
+brief -> "Base module for SHAKE-based Dilithium and ML-KEM"
 type -> "Internal"
 </module_info>
 

diff --git a/src/lib/pubkey/dilithium/dilithium_modern/ml_dsa_ipd/info.txt b/src/lib/pubkey/dilithium/dilithium_modern/ml_dsa_ipd/info.txt
@@ -3,9 +3,6 @@ ML_DSA_IPD -> 20240729
 </defines>
 
 <module_info>
-name -> "Module Lattice DSA (Initial Public Draft)"
+name -> "ML-DSA (IPD)"
+brief -> "Module Lattice DSA (Initial Public Draft)"
 </module_info>
-
-<requires>
-dilithium_modern
-</requires>
diff --git a/src/tests/test_dilithium.cpp b/src/tests/test_dilithium.cpp
@@ -131,6 +131,10 @@ class DilithiumRoundtripTests final : public Test {
       static Test::Result run_roundtrip(
          const char* test_name, Botan::DilithiumMode mode, bool randomized, size_t strength, size_t psid) {
          Test::Result result(test_name);
+         if(!mode.is_available()) {
+            // Skipped
+            return result;
+         }
 
          auto rng = Test::new_rng(test_name);
 
@@ -207,32 +211,24 @@ class DilithiumRoundtripTests final : public Test {
 
       std::vector<Test::Result> run() override {
          return {
-   #if defined(BOTAN_HAS_DILITHIUM)
             run_roundtrip("Dilithium_4x4_Common", Botan::DilithiumMode::Dilithium4x4, false, 128, 44),
-               run_roundtrip("Dilithium_6x5_Common", Botan::DilithiumMode::Dilithium6x5, false, 192, 65),
-               run_roundtrip("Dilithium_8x7_Common", Botan::DilithiumMode::Dilithium8x7, false, 256, 87),
-               run_roundtrip("Dilithium_4x4_Common_Randomized", Botan::DilithiumMode::Dilithium4x4, true, 128, 44),
-               run_roundtrip("Dilithium_6x5_Common_Randomized", Botan::DilithiumMode::Dilithium6x5, true, 192, 65),
-               run_roundtrip("Dilithium_8x7_Common_Randomized", Botan::DilithiumMode::Dilithium8x7, true, 256, 87),
-   #endif
-
-   #if defined(BOTAN_HAS_DILITHIUM_AES)
-               run_roundtrip("Dilithium_4x4_AES", Botan::DilithiumMode::Dilithium4x4_AES, false, 128, 44),
-               run_roundtrip("Dilithium_6x5_AES", Botan::DilithiumMode::Dilithium6x5_AES, false, 192, 65),
-               run_roundtrip("Dilithium_8x7_AES", Botan::DilithiumMode::Dilithium8x7_AES, false, 256, 87),
-               run_roundtrip("Dilithium_4x4_AES_Randomized", Botan::DilithiumMode::Dilithium4x4_AES, true, 128, 44),
-               run_roundtrip("Dilithium_6x5_AES_Randomized", Botan::DilithiumMode::Dilithium6x5_AES, true, 192, 65),
-               run_roundtrip("Dilithium_8x7_AES_Randomized", Botan::DilithiumMode::Dilithium8x7_AES, true, 256, 87),
-   #endif
-
-   #if defined(BOTAN_HAS_ML_DSA_IPD)
-               run_roundtrip("ML-DSA_4x4_IPD", Botan::DilithiumMode::ML_DSA4x4_IPD, false, 128, 44),
-               run_roundtrip("ML-DSA_6x5_IPD", Botan::DilithiumMode::ML_DSA6x5_IPD, false, 192, 65),
-               run_roundtrip("ML-DSA_8x7_IPD", Botan::DilithiumMode::ML_DSA8x7_IPD, false, 256, 87),
-               run_roundtrip("ML-DSA_4x4_IPD_Randomized", Botan::DilithiumMode::ML_DSA4x4_IPD, true, 128, 44),
-               run_roundtrip("ML-DSA_6x5_IPD_Randomized", Botan::DilithiumMode::ML_DSA6x5_IPD, true, 192, 65),
-               run_roundtrip("ML-DSA_8x7_IPD_Randomized", Botan::DilithiumMode::ML_DSA8x7_IPD, true, 256, 87),
-   #endif
+            run_roundtrip("Dilithium_6x5_Common", Botan::DilithiumMode::Dilithium6x5, false, 192, 65),
+            run_roundtrip("Dilithium_8x7_Common", Botan::DilithiumMode::Dilithium8x7, false, 256, 87),
+            run_roundtrip("Dilithium_4x4_Common_Randomized", Botan::DilithiumMode::Dilithium4x4, true, 128, 44),
+            run_roundtrip("Dilithium_6x5_Common_Randomized", Botan::DilithiumMode::Dilithium6x5, true, 192, 65),
+            run_roundtrip("Dilithium_8x7_Common_Randomized", Botan::DilithiumMode::Dilithium8x7, true, 256, 87),
+            run_roundtrip("Dilithium_4x4_AES", Botan::DilithiumMode::Dilithium4x4_AES, false, 128, 44),
+            run_roundtrip("Dilithium_6x5_AES", Botan::DilithiumMode::Dilithium6x5_AES, false, 192, 65),
+            run_roundtrip("Dilithium_8x7_AES", Botan::DilithiumMode::Dilithium8x7_AES, false, 256, 87),
+            run_roundtrip("Dilithium_4x4_AES_Randomized", Botan::DilithiumMode::Dilithium4x4_AES, true, 128, 44),
+            run_roundtrip("Dilithium_6x5_AES_Randomized", Botan::DilithiumMode::Dilithium6x5_AES, true, 192, 65),
+            run_roundtrip("Dilithium_8x7_AES_Randomized", Botan::DilithiumMode::Dilithium8x7_AES, true, 256, 87),
+            run_roundtrip("ML-DSA_4x4_IPD", Botan::DilithiumMode::ML_DSA4x4_IPD, false, 128, 44),
+            run_roundtrip("ML-DSA_6x5_IPD", Botan::DilithiumMode::ML_DSA6x5_IPD, false, 192, 65),
+            run_roundtrip("ML-DSA_8x7_IPD", Botan::DilithiumMode::ML_DSA8x7_IPD, false, 256, 87),
+            run_roundtrip("ML-DSA_4x4_IPD_Randomized", Botan::DilithiumMode::ML_DSA4x4_IPD, true, 128, 44),
+            run_roundtrip("ML-DSA_6x5_IPD_Randomized", Botan::DilithiumMode::ML_DSA6x5_IPD, true, 192, 65),
+            run_roundtrip("ML-DSA_8x7_IPD_Randomized", Botan::DilithiumMode::ML_DSA8x7_IPD, true, 256, 87),
          };
       }
 };
@@ -242,17 +238,23 @@ BOTAN_REGISTER_TEST("dilithium", "dilithium_roundtrips", DilithiumRoundtripTests
 class Dilithium_Keygen_Tests final : public PK_Key_Generation_Test {
    public:
       std::vector<std::string> keygen_params() const override {
-         return {
-   #if defined(BOTAN_HAS_DILITHIUM_AES)
-            "Dilithium-4x4-AES-r3", "Dilithium-6x5-AES-r3", "Dilithium-8x7-AES-r3",
-   #endif
-   #if defined(BOTAN_HAS_DILITHIUM)
-               "Dilithium-4x4-r3", "Dilithium-6x5-r3", "Dilithium-8x7-r3",
-   #endif
-   #if defined(BOTAN_HAS_ML_DSA_IPD)
-               "ML-DSA-4x4-IPD", "ML-DSA-6x5-IPD", "ML-DSA-8x7-IPD",
-   #endif
+         std::vector<std::string> all_instances = {
+            "Dilithium-4x4-AES-r3",
+            "Dilithium-6x5-AES-r3",
+            "Dilithium-8x7-AES-r3",
+            "Dilithium-4x4-r3",
+            "Dilithium-6x5-r3",
+            "Dilithium-8x7-r3",
+            "ML-DSA-4x4-IPD",
+            "ML-DSA-6x5-IPD",
+            "ML-DSA-8x7-IPD",
          };
+         std::vector<std::string> available_instances;
+         std::copy_if(all_instances.begin(),
+                      all_instances.end(),
+                      std::back_inserter(available_instances),
+                      [](const std::string& instance) { return Botan::DilithiumMode(instance).is_available(); });
+         return available_instances;
       }
 
       std::string algo_name() const override { return "Dilithium"; }