- Simplifies downstream integration

- Convert CRLF to LF
- Improve stack-efficient option

Author: bhess

META/MAYO-1_META.yml

@@ -15,7 +15,7 @@ implementations:
   - name: opt
     version: round2
     folder_name: .
-    compile_opts: -DMAYO_VARIANT=MAYO_1 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL
+    compile_opts: -DMAYO_VARIANT=MAYO_1 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL -DHAVE_STACKEFFICIENT
     signature_keypair: pqmayo_MAYO_1_opt_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_1_opt_crypto_sign_signature
     signature_verify: pqmayo_MAYO_1_opt_crypto_sign_verify
@@ -27,7 +27,7 @@ implementations:
     signature_keypair: pqmayo_MAYO_1_avx2_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_1_avx2_crypto_sign_signature
     signature_verify: pqmayo_MAYO_1_avx2_crypto_sign_verify
-    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_1/api.h ./src/mayo_1/api.c
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/generic/arithmetic_fixed.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_1/api.h ./src/mayo_1/api.c
     supported_platforms:
       - architecture: x86_64
         operating_systems:
@@ -42,7 +42,7 @@ implementations:
     signature_keypair: pqmayo_MAYO_1_neon_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_1_neon_crypto_sign_signature
     signature_verify: pqmayo_MAYO_1_neon_crypto_sign_verify
-    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/neon/arithmetic_common.h ./src/neon/echelon_form.h ./src/neon/echelon_form_loop.h ./src/neon/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_1/api.h ./src/mayo_1/api.c
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/generic/arithmetic_fixed.h ./src/neon/arithmetic_common.h ./src/neon/echelon_form.h ./src/neon/echelon_form_loop.h ./src/neon/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_1/api.h ./src/mayo_1/api.c
     supported_platforms:
       - architecture: arm_8
         operating_systems:

META/MAYO-2_META.yml

@@ -27,7 +27,7 @@ implementations:
     signature_keypair: pqmayo_MAYO_2_avx2_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_2_avx2_crypto_sign_signature
     signature_verify: pqmayo_MAYO_2_avx2_crypto_sign_verify
-    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_2/api.h ./src/mayo_2/api.c
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/generic/arithmetic_fixed.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_2/api.h ./src/mayo_2/api.c
     supported_platforms:
       - architecture: x86_64
         operating_systems:
@@ -42,7 +42,7 @@ implementations:
     signature_keypair: pqmayo_MAYO_2_neon_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_2_neon_crypto_sign_signature
     signature_verify: pqmayo_MAYO_2_neon_crypto_sign_verify
-    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/neon/arithmetic_common.h ./src/neon/echelon_form.h ./src/neon/echelon_form_loop.h ./src/neon/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_2/api.h ./src/mayo_2/api.c
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/generic/arithmetic_fixed.h ./src/neon/arithmetic_common.h ./src/neon/echelon_form.h ./src/neon/echelon_form_loop.h ./src/neon/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_2/api.h ./src/mayo_2/api.c
     supported_platforms:
       - architecture: arm_8
         operating_systems:

META/MAYO-3_META.yml

@@ -15,7 +15,7 @@ implementations:
   - name: opt
     version: round2
     folder_name: .
-    compile_opts: -DMAYO_VARIANT=MAYO_3 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL
+    compile_opts: -DMAYO_VARIANT=MAYO_3 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL -DHAVE_STACKEFFICIENT
     signature_keypair: pqmayo_MAYO_3_opt_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_3_opt_crypto_sign_signature
     signature_verify: pqmayo_MAYO_3_opt_crypto_sign_verify
@@ -27,7 +27,7 @@ implementations:
     signature_keypair: pqmayo_MAYO_3_avx2_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_3_avx2_crypto_sign_signature
     signature_verify: pqmayo_MAYO_3_avx2_crypto_sign_verify
-    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_3/api.h ./src/mayo_3/api.c
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/generic/arithmetic_fixed.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_3/api.h ./src/mayo_3/api.c
     supported_platforms:
       - architecture: x86_64
         operating_systems:
@@ -42,7 +42,7 @@ implementations:
     signature_keypair: pqmayo_MAYO_3_neon_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_3_neon_crypto_sign_signature
     signature_verify: pqmayo_MAYO_3_neon_crypto_sign_verify
-    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/neon/arithmetic_common.h ./src/neon/echelon_form.h ./src/neon/echelon_form_loop.h ./src/neon/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_3/api.h ./src/mayo_3/api.c
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/generic/arithmetic_fixed.h ./src/neon/arithmetic_common.h ./src/neon/echelon_form.h ./src/neon/echelon_form_loop.h ./src/neon/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_3/api.h ./src/mayo_3/api.c
     supported_platforms:
       - architecture: arm_8
         operating_systems:

META/MAYO-5_META.yml

@@ -15,7 +15,7 @@ implementations:
   - name: opt
     version: round2
     folder_name: .
-    compile_opts: -DMAYO_VARIANT=MAYO_5 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL
+    compile_opts: -DMAYO_VARIANT=MAYO_5 -DMAYO_BUILD_TYPE_OPT -DHAVE_RANDOMBYTES_NORETVAL -DHAVE_STACKEFFICIENT
     signature_keypair: pqmayo_MAYO_5_opt_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_5_opt_crypto_sign_signature
     signature_verify: pqmayo_MAYO_5_opt_crypto_sign_verify
@@ -27,7 +27,7 @@ implementations:
     signature_keypair: pqmayo_MAYO_5_avx2_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_5_avx2_crypto_sign_signature
     signature_verify: pqmayo_MAYO_5_avx2_crypto_sign_verify
-    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_5/api.h ./src/mayo_5/api.c
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/generic/arithmetic_fixed.h ./src/AVX2/arithmetic_common.h ./src/AVX2/echelon_form.h ./src/AVX2/echelon_form_loop.h ./src/AVX2/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_5/api.h ./src/mayo_5/api.c
     supported_platforms:
       - architecture: x86_64
         operating_systems:
@@ -42,7 +42,7 @@ implementations:
     signature_keypair: pqmayo_MAYO_5_neon_crypto_sign_keypair
     signature_signature: pqmayo_MAYO_5_neon_crypto_sign_signature
     signature_verify: pqmayo_MAYO_5_neon_crypto_sign_verify
-    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/neon/arithmetic_common.h ./src/neon/echelon_form.h ./src/neon/echelon_form_loop.h ./src/neon/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_5/api.h ./src/mayo_5/api.c
+    sources: LICENSE NOTICE ./src/arithmetic.c ./src/arithmetic.h ./src/mayo.c ./src/params.c ./src/simple_arithmetic.h ./src/generic/arithmetic_fixed.h ./src/neon/arithmetic_common.h ./src/neon/echelon_form.h ./src/neon/echelon_form_loop.h ./src/neon/shuffle_arithmetic.h ./include/mayo.h ./include/mem.h ./src/common/aes_ctr.h ./src/mayo_5/api.h ./src/mayo_5/api.c
     supported_platforms:
       - architecture: arm_8
         operating_systems:

include/mem.h

@@ -5,78 +5,6 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#if defined(__GNUC__) || defined(__clang__)
-#define BSWAP32(i) __builtin_bswap32((i))
-#define BSWAP64(i) __builtin_bswap64((i))
-#else
-#define BSWAP32(i) ((((i) >> 24) & 0xff) | (((i) >> 8) & 0xff00) | (((i) & 0xff00) << 8) | ((i) << 24))
-#define BSWAP64(i) ((BSWAP32((i) >> 32) & 0xffffffff) | (BSWAP32(i) << 32))
-#endif
-
-extern volatile uint32_t uint32_t_blocker;
-extern volatile uint64_t uint64_t_blocker;
-extern volatile unsigned char unsigned_char_blocker;
-
-#if !(((!defined(__clang__) && defined(__GNUC__) && __GNUC__ <= 12)) && (defined(__x86_64__) || defined(_M_X64)))
-// a > b -> b - a is negative
-// returns 0xFFFFFFFF if true, 0x00000000 if false
-static inline uint32_t ct_is_greater_than(int a, int b) {
-    int32_t diff = b - a;
-    return ((uint32_t) (diff >> (8*sizeof(uint32_t)-1)) ^ uint32_t_blocker);
-}
-
-// a > b -> b - a is negative
-// returns 0xFFFFFFFF if true, 0x00000000 if false
-static inline uint64_t ct_64_is_greater_than(int a, int b) {
-    int64_t diff = ((int64_t) b) - ((int64_t) a);
-    return ((uint64_t) (diff >> (8*sizeof(uint64_t)-1)) ^ uint64_t_blocker);
-}
-
-// if a == b -> 0x00000000, else 0xFFFFFFFF
-static inline uint32_t ct_compare_32(int a, int b) {
-    return ((uint32_t)((-(int32_t)(a ^ b)) >> (8*sizeof(uint32_t)-1)) ^ uint32_t_blocker);
-}
-
-// if a == b -> 0x0000000000000000, else 0xFFFFFFFFFFFFFFFF
-static inline uint64_t ct_compare_64(int a, int b) {
-    return ((uint64_t)((-(int64_t)(a ^ b)) >> (8*sizeof(uint64_t)-1)) ^ uint64_t_blocker);
-}
-
-// if a == b -> 0x00, else 0xFF
-static inline unsigned char ct_compare_8(unsigned char a, unsigned char b) {
-    return ((int8_t)((-(int32_t)(a ^ b)) >> (8*sizeof(uint32_t)-1)) ^ unsigned_char_blocker);
-}
-#else
-// a > b -> b - a is negative
-// returns 0xFFFFFFFF if true, 0x00000000 if false
-static inline uint32_t ct_is_greater_than(int a, int b) {
-    int32_t diff = b - a;
-    return ((uint32_t) (diff >> (8*sizeof(uint32_t)-1)));
-}
-
-// a > b -> b - a is negative
-// returns 0xFFFFFFFF if true, 0x00000000 if false
-static inline uint64_t ct_64_is_greater_than(int a, int b) {
-    int64_t diff = ((int64_t) b) - ((int64_t) a);
-    return ((uint64_t) (diff >> (8*sizeof(uint64_t)-1)));
-}
-
-// if a == b -> 0x00000000, else 0xFFFFFFFF
-static inline uint32_t ct_compare_32(int a, int b) {
-    return ((uint32_t)((-(int32_t)(a ^ b)) >> (8*sizeof(uint32_t)-1)));
-}
-
-// if a == b -> 0x0000000000000000, else 0xFFFFFFFFFFFFFFFF
-static inline uint64_t ct_compare_64(int a, int b) {
-    return ((uint64_t)((-(int64_t)(a ^ b)) >> (8*sizeof(uint64_t)-1)));
-}
-
-// if a == b -> 0x00, else 0xFF
-static inline unsigned char ct_compare_8(unsigned char a, unsigned char b) {
-    return ((int8_t)((-(int32_t)(a ^ b)) >> (8*sizeof(uint32_t)-1)));
-}
-#endif
-
 /**
  * Clears and frees allocated memory.
  * 

src/AVX2/shuffle_arithmetic.h

@@ -400,9 +400,10 @@ void compute_P3(const mayo_params_t* p, const uint64_t* P1, uint64_t *P2, const
 //                               [         P3*S2 = P2 ]
 static inline void m_calculate_PS_SPS(const mayo_params_t *p, const uint64_t *P1, const uint64_t *P2, const uint64_t *P3, const unsigned char *S,
                               uint64_t *SPS) {
-    const int o = PARAM_o(p);
-    const int v = PARAM_v(p);
-    const int k = PARAM_k(p);
+    (void) p;
+    const int o = PARAM_NAME(o);
+    const int v = PARAM_NAME(v);
+    const int k = PARAM_NAME(k);
     const int n = o + v;
     /* Old approach which is constant time but doesn't have to be */
     unsigned char S1[V_MAX*K_MAX]; // == N-O, K

src/arithmetic.c

@@ -122,3 +122,7 @@ int sample_solution(const mayo_params_t *p, unsigned char *A,
     }
     return 1;
 }
+
+volatile uint32_t uint32_t_blocker = 0;
+volatile uint64_t uint64_t_blocker = 0;
+volatile unsigned char unsigned_char_blocker = 0;

src/arithmetic.h

@@ -15,6 +15,73 @@
 #endif
 #endif
 
+#define uint32_t_blocker MAYO_NAMESPACE(uint32_t_blocker)
+extern volatile uint32_t uint32_t_blocker;
+#define uint64_t_blocker MAYO_NAMESPACE(uint64_t_blocker)
+extern volatile uint64_t uint64_t_blocker;
+#define unsigned_char_blocker MAYO_NAMESPACE(unsigned_char_blocker)
+extern volatile unsigned char unsigned_char_blocker;
+
+#if !(((!defined(__clang__) && defined(__GNUC__) && __GNUC__ <= 12)) && (defined(__x86_64__) || defined(_M_X64)))
+// a > b -> b - a is negative
+// returns 0xFFFFFFFF if true, 0x00000000 if false
+static inline uint32_t ct_is_greater_than(int a, int b) {
+    int32_t diff = b - a;
+    return ((uint32_t) (diff >> (8*sizeof(uint32_t)-1)) ^ uint32_t_blocker);
+}
+
+// a > b -> b - a is negative
+// returns 0xFFFFFFFF if true, 0x00000000 if false
+static inline uint64_t ct_64_is_greater_than(int a, int b) {
+    int64_t diff = ((int64_t) b) - ((int64_t) a);
+    return ((uint64_t) (diff >> (8*sizeof(uint64_t)-1)) ^ uint64_t_blocker);
+}
+
+// if a == b -> 0x00000000, else 0xFFFFFFFF
+static inline uint32_t ct_compare_32(int a, int b) {
+    return ((uint32_t)((-(int32_t)(a ^ b)) >> (8*sizeof(uint32_t)-1)) ^ uint32_t_blocker);
+}
+
+// if a == b -> 0x0000000000000000, else 0xFFFFFFFFFFFFFFFF
+static inline uint64_t ct_compare_64(int a, int b) {
+    return ((uint64_t)((-(int64_t)(a ^ b)) >> (8*sizeof(uint64_t)-1)) ^ uint64_t_blocker);
+}
+
+// if a == b -> 0x00, else 0xFF
+static inline unsigned char ct_compare_8(unsigned char a, unsigned char b) {
+    return ((int8_t)((-(int32_t)(a ^ b)) >> (8*sizeof(uint32_t)-1)) ^ unsigned_char_blocker);
+}
+#else
+// a > b -> b - a is negative
+// returns 0xFFFFFFFF if true, 0x00000000 if false
+static inline uint32_t ct_is_greater_than(int a, int b) {
+    int32_t diff = b - a;
+    return ((uint32_t) (diff >> (8*sizeof(uint32_t)-1)));
+}
+
+// a > b -> b - a is negative
+// returns 0xFFFFFFFF if true, 0x00000000 if false
+static inline uint64_t ct_64_is_greater_than(int a, int b) {
+    int64_t diff = ((int64_t) b) - ((int64_t) a);
+    return ((uint64_t) (diff >> (8*sizeof(uint64_t)-1)));
+}
+
+// if a == b -> 0x00000000, else 0xFFFFFFFF
+static inline uint32_t ct_compare_32(int a, int b) {
+    return ((uint32_t)((-(int32_t)(a ^ b)) >> (8*sizeof(uint32_t)-1)));
+}
+
+// if a == b -> 0x0000000000000000, else 0xFFFFFFFFFFFFFFFF
+static inline uint64_t ct_compare_64(int a, int b) {
+    return ((uint64_t)((-(int64_t)(a ^ b)) >> (8*sizeof(uint64_t)-1)));
+}
+
+// if a == b -> 0x00, else 0xFF
+static inline unsigned char ct_compare_8(unsigned char a, unsigned char b) {
+    return ((int8_t)((-(int32_t)(a ^ b)) >> (8*sizeof(uint32_t)-1)));
+}
+#endif
+
 #if defined(MAYO_AVX) || defined(MAYO_NEON)
     #include <shuffle_arithmetic.h>
 #elif defined(MAYO_M4)
@@ -45,5 +112,13 @@ void m_upper(const mayo_params_t* p, const uint64_t *in, uint64_t *out, int size
 #define sample_solution MAYO_NAMESPACE(sample_solution)
 int sample_solution(const mayo_params_t *p, unsigned char *A, const unsigned char *y, const unsigned char *r, unsigned char *x, int k, int o, int m, int A_cols);
 
+#if defined(__GNUC__) || defined(__clang__)
+#define BSWAP32(i) __builtin_bswap32((i))
+#define BSWAP64(i) __builtin_bswap64((i))
+#else
+#define BSWAP32(i) ((((i) >> 24) & 0xff) | (((i) >> 8) & 0xff00) | (((i) & 0xff00) << 8) | ((i) << 24))
+#define BSWAP64(i) ((BSWAP32((i) >> 32) & 0xffffffff) | (BSWAP32(i) << 32))
+#endif
+
 #endif
 

src/common/mem.c

@@ -17,7 +17,3 @@ void mayo_secure_clear(void *mem, size_t size) {
     static volatile memset_t memset_func = memset;
     memset_func(mem, 0, size);
 }
-
-volatile uint32_t uint32_t_blocker = 0;
-volatile uint64_t uint64_t_blocker = 0;
-volatile unsigned char unsigned_char_blocker = 0;