Merge pull request #359 from pq-code-package/namespacing

Namespace structs, static functions, and static arrays

Author: mkannwischer

mldsa/ntt.c

@@ -13,7 +13,7 @@ __contract__(
   ensures(return_value > -MLDSA_Q && return_value < MLDSA_Q)
 )
 {
-  return montgomery_reduce((int64_t)a * (int64_t)b);
+  return mld_montgomery_reduce((int64_t)a * (int64_t)b);
   /* TODO: reason about bounds */
 }
 
@@ -35,7 +35,7 @@ __contract__(
 )
 {
   const int32_t f = 41978; /* mont^2/256 */
-  return montgomery_reduce((int64_t)a * f);
+  return mld_montgomery_reduce((int64_t)a * f);
   /* TODO: reason about bounds */
 }
 
@@ -139,13 +139,13 @@ __contract__(
     invariant(array_abs_bound(r, 0, start, layer * MLDSA_Q + MLDSA_Q))
     invariant(array_abs_bound(r, start, MLDSA_N, layer * MLDSA_Q)))
   {
-    int32_t zeta = zetas[k++];
+    int32_t zeta = mld_zetas[k++];
     mld_ntt_butterfly_block(r, zeta, start, len, layer * MLDSA_Q);
   }
 }
 
 
-void ntt(int32_t a[MLDSA_N])
+void mld_ntt(int32_t a[MLDSA_N])
 {
   unsigned int layer;
 
@@ -184,7 +184,7 @@ __contract__(
     invariant(array_abs_bound(r, start, MLDSA_N, (MLDSA_N >> layer) * MLDSA_Q)))
   {
     unsigned j;
-    int32_t zeta = -zetas[k--];
+    int32_t zeta = -mld_zetas[k--];
 
     for (j = start; j < start + len; j++)
     __loop__(
@@ -202,20 +202,7 @@ __contract__(
   }
 }
 
-/*************************************************
- * Name:        invntt_tomont
- *
- * Description: Inverse NTT and multiplication by Montgomery factor mont^2 /256.
- *              In-place. No modular reductions after additions or subtractions;
- *              Input coefficients need to be smaller than MLDSA_Q
- *              in absolute value.
- *              Output coefficient are smaller than MLD_INTT_BOUND
- *              in absolute value.
- *
- * Arguments:   - int32_t a[MLDSA_N]: input/output coefficient array
- **************************************************/
-void invntt_tomont(int32_t a[MLDSA_N])
-
+void mld_invntt_tomont(int32_t a[MLDSA_N])
 {
   unsigned int layer, j;
 

mldsa/ntt.h

@@ -14,9 +14,9 @@
 /* Absolute exclusive upper bound for the output of the inverse NTT*/
 #define MLD_INTT_BOUND 4211139
 
-#define ntt MLD_NAMESPACE(ntt)
+#define mld_ntt MLD_NAMESPACE(ntt)
 /*************************************************
- * Name:        ntt
+ * Name:        mld_ntt
  *
  * Description: Computes number-theoretic transform (NTT) of
  *              a polynomial in place.
@@ -35,17 +35,17 @@
  * Specification: Implements [FIPS 204, Algorithm 41, NTT]
  *
  **************************************************/
-void ntt(int32_t a[MLDSA_N])
+void mld_ntt(int32_t a[MLDSA_N])
 __contract__(
   requires(memory_no_alias(a, MLDSA_N * sizeof(int32_t)))
   requires(array_abs_bound(a, 0, MLDSA_N, MLDSA_Q))
   assigns(memory_slice(a, MLDSA_N * sizeof(int32_t)))
   ensures(array_abs_bound(a, 0, MLDSA_N, MLD_NTT_BOUND))
 );
 
-#define invntt_tomont MLD_NAMESPACE(invntt_tomont)
+#define mld_invntt_tomont MLD_NAMESPACE(invntt_tomont)
 /*************************************************
- * Name:        invntt_tomont
+ * Name:        mld_invntt_tomont
  *
  * Description: Inverse NTT and multiplication by
  *              Montgomery factor mont^2 /256. In-place.
@@ -57,7 +57,7 @@ __contract__(
  *
  * Arguments:   - int32_t a[MLDSA_N]: input/output coefficient array
  **************************************************/
-void invntt_tomont(int32_t a[MLDSA_N])
+void mld_invntt_tomont(int32_t a[MLDSA_N])
 __contract__(
   requires(memory_no_alias(a, MLDSA_N * sizeof(int32_t)))
   requires(array_abs_bound(a, 0, MLDSA_N, MLDSA_Q))

mldsa/packing.c

@@ -9,8 +9,8 @@
 #include "poly.h"
 #include "polyvec.h"
 
-void pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES],
-             const uint8_t rho[MLDSA_SEEDBYTES], const polyveck *t1)
+void mld_pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES],
+                 const uint8_t rho[MLDSA_SEEDBYTES], const mld_polyveck *t1)
 {
   unsigned int i;
 
@@ -19,12 +19,12 @@ void pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES],
 
   for (i = 0; i < MLDSA_K; ++i)
   {
-    polyt1_pack(pk + i * MLDSA_POLYT1_PACKEDBYTES, &t1->vec[i]);
+    mld_polyt1_pack(pk + i * MLDSA_POLYT1_PACKEDBYTES, &t1->vec[i]);
   }
 }
 
-void unpack_pk(uint8_t rho[MLDSA_SEEDBYTES], polyveck *t1,
-               const uint8_t pk[CRYPTO_PUBLICKEYBYTES])
+void mld_unpack_pk(uint8_t rho[MLDSA_SEEDBYTES], mld_polyveck *t1,
+                   const uint8_t pk[CRYPTO_PUBLICKEYBYTES])
 {
   unsigned int i;
 
@@ -33,15 +33,15 @@ void unpack_pk(uint8_t rho[MLDSA_SEEDBYTES], polyveck *t1,
 
   for (i = 0; i < MLDSA_K; ++i)
   {
-    polyt1_unpack(&t1->vec[i], pk + i * MLDSA_POLYT1_PACKEDBYTES);
+    mld_polyt1_unpack(&t1->vec[i], pk + i * MLDSA_POLYT1_PACKEDBYTES);
   }
 }
 
-void pack_sk(uint8_t sk[CRYPTO_SECRETKEYBYTES],
-             const uint8_t rho[MLDSA_SEEDBYTES],
-             const uint8_t tr[MLDSA_TRBYTES],
-             const uint8_t key[MLDSA_SEEDBYTES], const polyveck *t0,
-             const polyvecl *s1, const polyveck *s2)
+void mld_pack_sk(uint8_t sk[CRYPTO_SECRETKEYBYTES],
+                 const uint8_t rho[MLDSA_SEEDBYTES],
+                 const uint8_t tr[MLDSA_TRBYTES],
+                 const uint8_t key[MLDSA_SEEDBYTES], const mld_polyveck *t0,
+                 const mld_polyvecl *s1, const mld_polyveck *s2)
 {
   memcpy(sk, rho, MLDSA_SEEDBYTES);
   sk += MLDSA_SEEDBYTES;
@@ -52,18 +52,19 @@ void pack_sk(uint8_t sk[CRYPTO_SECRETKEYBYTES],
   memcpy(sk, tr, MLDSA_TRBYTES);
   sk += MLDSA_TRBYTES;
 
-  polyvecl_pack_eta(sk, s1);
+  mld_polyvecl_pack_eta(sk, s1);
   sk += MLDSA_L * MLDSA_POLYETA_PACKEDBYTES;
 
-  polyveck_pack_eta(sk, s2);
+  mld_polyveck_pack_eta(sk, s2);
   sk += MLDSA_K * MLDSA_POLYETA_PACKEDBYTES;
 
-  polyveck_pack_t0(sk, t0);
+  mld_polyveck_pack_t0(sk, t0);
 }
 
-void unpack_sk(uint8_t rho[MLDSA_SEEDBYTES], uint8_t tr[MLDSA_TRBYTES],
-               uint8_t key[MLDSA_SEEDBYTES], polyveck *t0, polyvecl *s1,
-               polyveck *s2, const uint8_t sk[CRYPTO_SECRETKEYBYTES])
+void mld_unpack_sk(uint8_t rho[MLDSA_SEEDBYTES], uint8_t tr[MLDSA_TRBYTES],
+                   uint8_t key[MLDSA_SEEDBYTES], mld_polyveck *t0,
+                   mld_polyvecl *s1, mld_polyveck *s2,
+                   const uint8_t sk[CRYPTO_SECRETKEYBYTES])
 {
   memcpy(rho, sk, MLDSA_SEEDBYTES);
   sk += MLDSA_SEEDBYTES;
@@ -74,25 +75,25 @@ void unpack_sk(uint8_t rho[MLDSA_SEEDBYTES], uint8_t tr[MLDSA_TRBYTES],
   memcpy(tr, sk, MLDSA_TRBYTES);
   sk += MLDSA_TRBYTES;
 
-  polyvecl_unpack_eta(s1, sk);
+  mld_polyvecl_unpack_eta(s1, sk);
   sk += MLDSA_L * MLDSA_POLYETA_PACKEDBYTES;
 
-  polyveck_unpack_eta(s2, sk);
+  mld_polyveck_unpack_eta(s2, sk);
   sk += MLDSA_K * MLDSA_POLYETA_PACKEDBYTES;
 
-  polyveck_unpack_t0(t0, sk);
+  mld_polyveck_unpack_t0(t0, sk);
 }
 
-void pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[MLDSA_CTILDEBYTES],
-              const polyvecl *z, const polyveck *h,
-              const unsigned int number_of_hints)
+void mld_pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[MLDSA_CTILDEBYTES],
+                  const mld_polyvecl *z, const mld_polyveck *h,
+                  const unsigned int number_of_hints)
 {
   unsigned int i, j, k;
 
   memcpy(sig, c, MLDSA_CTILDEBYTES);
   sig += MLDSA_CTILDEBYTES;
 
-  polyvecl_pack_z(sig, z);
+  mld_polyvecl_pack_z(sig, z);
   sig += MLDSA_L * MLDSA_POLYZ_PACKEDBYTES;
 
   /* Encode hints h */
@@ -153,22 +154,22 @@ void pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[MLDSA_CTILDEBYTES],
 }
 
 /*************************************************
- * Name:        unpack_hints
+ * Name:        mld_unpack_hints
  *
  * Description: Unpack raw hint bytes into a polyveck
  *              struct
  *
- * Arguments:   - polyveck *h: pointer to output hint vector h
+ * Arguments:   - mld_polyveck *h: pointer to output hint vector h
  *              - const uint8_t packed_hints[MLDSA_POLYVECH_PACKEDBYTES]:
  *                raw hint bytes
  *
  * Returns 1 in case of malformed hints; otherwise 0.
  **************************************************/
-static int unpack_hints(polyveck *h,
-                        const uint8_t packed_hints[MLDSA_POLYVECH_PACKEDBYTES])
+static int mld_unpack_hints(
+    mld_polyveck *h, const uint8_t packed_hints[MLDSA_POLYVECH_PACKEDBYTES])
 __contract__(
   requires(memory_no_alias(packed_hints, MLDSA_POLYVECH_PACKEDBYTES))
-  requires(memory_no_alias(h, sizeof(polyveck)))
+  requires(memory_no_alias(h, sizeof(mld_polyveck)))
   assigns(object_whole(h))
   /* All returned coefficients are either 0 or 1 */
   ensures(forall(k1, 0, MLDSA_K,
@@ -182,7 +183,7 @@ __contract__(
   /* Set all coefficients of all polynomials to 0.    */
   /* Only those that are actually non-zero hints will */
   /* be overwritten below.                            */
-  memset(h, 0, sizeof(polyveck));
+  memset(h, 0, sizeof(mld_polyveck));
 
   old_hint_count = 0;
   for (i = 0; i < MLDSA_K; ++i)
@@ -243,14 +244,14 @@ __contract__(
   return 0;
 }
 
-int unpack_sig(uint8_t c[MLDSA_CTILDEBYTES], polyvecl *z, polyveck *h,
-               const uint8_t sig[CRYPTO_BYTES])
+int mld_unpack_sig(uint8_t c[MLDSA_CTILDEBYTES], mld_polyvecl *z,
+                   mld_polyveck *h, const uint8_t sig[CRYPTO_BYTES])
 {
   memcpy(c, sig, MLDSA_CTILDEBYTES);
   sig += MLDSA_CTILDEBYTES;
 
-  polyvecl_unpack_z(z, sig);
+  mld_polyvecl_unpack_z(z, sig);
   sig += MLDSA_L * MLDSA_POLYZ_PACKEDBYTES;
 
-  return unpack_hints(h, sig);
+  return mld_unpack_hints(h, sig);
 }