Add Kyber reference implementation

.gitattributes

@@ -0,0 +1 @@
+SHA256SUMS eol=lf

.gitignore

@@ -0,0 +1,3 @@
+*.swp
+build/
+

CMakeLists.txt

@@ -0,0 +1,13 @@
+cmake_minimum_required(VERSION 3.10)
+
+project(kyber C ASM)
+
+set(CMAKE_C_STANDARD 99)
+set(CMAKE_C_STANDARD_REQUIRED ON)
+
+enable_testing()
+
+#find_package(OpenSSL REQUIRED)
+#include_directories(${OPENSSL_INCLUDE_DIR})
+
+add_subdirectory(jni)

Common_META.yml

@@ -0,0 +1,36 @@
+commons:
+  - name: common_ref
+    folder_name: ref
+    sources: aes256ctr.c aes256ctr.h fips202.c fips202.h
+  - name: common_aes
+    folder_name: avx2
+    sources: aes256ctr.c aes256ctr.h
+    supported_platforms:
+      - architecture: x86_64
+        operating_systems:
+          - Darwin
+          - Linux
+        required_flags:
+          - aes
+          - sse2
+          - ssse3
+  - name: common_avx2
+    folder_name: avx2
+    sources: fips202.c fips202.h fips202x4.c fips202x4.h
+    supported_platforms:
+      - architecture: x86_64
+        operating_systems:
+          - Darwin
+          - Linux
+        required_flags:
+          - avx2
+  - name: common_keccak4x_avx2
+    folder_name: avx2
+    sources: fips202x4.h keccak4x/KeccakP-1600-times4-SIMD256.c keccak4x/KeccakP-1600-times4-SnP.h keccak4x/KeccakP-1600-unrolling.macros keccak4x/KeccakP-SIMD256-config.h keccak4x/KeccakP-align.h keccak4x/KeccakP-brg_endian.h
+    supported_platforms:
+      - architecture: x86_64
+        operating_systems:
+          - Darwin
+          - Linux
+        required_flags:
+          - avx2

Kyber512-90s_META.yml

@@ -0,0 +1,50 @@
+name: Kyber512-90s
+type: kem
+claimed-nist-level: 1
+claimed-security: IND-CCA2
+length-public-key: 800
+length-ciphertext: 768
+length-secret-key: 1632
+length-shared-secret: 32
+nistkat-sha256: 7bfe0653b63b3fac7ee300a6e4801046c1a3d8d445b271633b6c9d81ed125e5b
+testvectors-sha256: 2ea81fa2d7e3c1970409b9d77d6c5137aeb4573e856ca79eab4393b70352e85b
+principal-submitters:
+  - Peter Schwabe
+auxiliary-submitters:
+  - Roberto Avanzi
+  - Joppe Bos
+  - Léo Ducas
+  - Eike Kiltz
+  - Tancrède Lepoint
+  - Vadim Lyubashevsky
+  - John M. Schanck
+  - Gregor Seiler
+  - Damien Stehlé
+implementations:
+  - name: ref
+    version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
+    folder_name: ref
+    compile_opts: -DKYBER_K=2 -DKYBER_90S
+    signature_keypair: pqcrystals_kyber512_90s_ref_keypair
+    signature_enc: pqcrystals_kyber512_90s_ref_enc
+    signature_dec: pqcrystals_kyber512_90s_ref_dec
+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h aes256ctr.h symmetric-aes.c
+    common_dep: common_ref
+  - name: avx2
+    version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
+    compile_opts: -DKYBER_K=2 -DKYBER_90S
+    signature_keypair: pqcrystals_kyber512_90s_avx2_keypair
+    signature_enc: pqcrystals_kyber512_90s_avx2_enc
+    signature_dec: pqcrystals_kyber512_90s_avx2_dec
+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h aes256ctr.h
+    common_dep: common_avx2 common_aes
+    supported_platforms:
+        - architecture: x86_64
+          operating_systems:
+              - Linux
+              - Darwin
+          required_flags:
+              - aes
+              - avx2
+              - bmi2
+              - popcnt

Kyber512_META.yml

@@ -0,0 +1,49 @@
+name: Kyber512
+type: kem
+claimed-nist-level: 1
+claimed-security: IND-CCA2
+length-public-key: 800
+length-ciphertext: 768
+length-secret-key: 1632
+length-shared-secret: 32
+nistkat-sha256: bb0481d3325d828817900b709d23917cefbc10026fc857f098979451f67bb0ca
+testvectors-sha256: 6730bb552c22d9d2176ffb5568e48eb30952cf1f065073ec5f9724f6a3c6ea85
+principal-submitters:
+  - Peter Schwabe
+auxiliary-submitters:
+  - Roberto Avanzi
+  - Joppe Bos
+  - Léo Ducas
+  - Eike Kiltz
+  - Tancrède Lepoint
+  - Vadim Lyubashevsky
+  - John M. Schanck
+  - Gregor Seiler
+  - Damien Stehlé
+implementations:
+  - name: ref
+    version: https://github.com/pq-crystals/kyber/commit/74cad307858b61e434490c75f812cb9b9ef7279b
+    folder_name: ref
+    compile_opts: -DKYBER_K=2 
+    signature_keypair: pqcrystals_kyber512_ref_keypair
+    signature_enc: pqcrystals_kyber512_ref_enc
+    signature_dec: pqcrystals_kyber512_ref_dec
+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
+    common_dep: common_ref
+  - name: avx2
+    version: https://github.com/pq-crystals/kyber/commit/36414d64fc1890ed58d1ca8b1e0cab23635d1ac2
+    compile_opts: -DKYBER_K=2 
+    signature_keypair: pqcrystals_kyber512_avx2_keypair
+    signature_enc: pqcrystals_kyber512_avx2_enc
+    signature_dec: pqcrystals_kyber512_avx2_dec
+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
+    common_dep: common_avx2 common_keccak4x_avx2
+    supported_platforms:
+      - architecture: x86_64
+        operating_systems:
+          - Linux
+          - Darwin
+        required_flags:
+          - avx2
+          - bmi2
+          - popcnt

README.md

@@ -0,0 +1,32 @@
+# JNIPQC
+
+This repository contains the reference implementation of the [Kyber](https://www.pq-crystals.org/kyber/) key encapsulation mechanism, Post Quantum Cryptography algorithms usable through Java Native Interface wrappers.
+
+
+### Prerequisites
+
+Some of the test programs require [OpenSSL](https://openssl.org). If the OpenSSL header files and/or shared libraries do not lie in one of the standard locations on your system, it is necessary to specify their location via compiler and linker flags in the environment variables `CFLAGS`, `NISTFLAGS`, and `LDFLAGS`.
+
+For example, on macOS you can install OpenSSL via [Homebrew](https://brew.sh) by running
+```sh
+brew install openssl
+```
+Then, run
+```sh
+export CFLAGS="-I/usr/local/opt/[email protected]/include"
+export NISTFLAGS="-I/usr/local/opt/[email protected]/include"
+export LDFLAGS="-L/usr/local/opt/[email protected]/lib"
+```
+before compilation to add the OpenSSL header and library locations to the respective search paths.
+
+
+## CMake
+
+Also available is a portable [cmake](https://cmake.org) based build system that permits building the reference implementation.
+
+By calling
+```
+mkdir build && cd build && cmake .. && make
+```
+
+the Kyber JNI reference implementation gets built.

jni/CMakeLists.txt

@@ -0,0 +1,7 @@
+cmake_minimum_required(VERSION 3.10)
+
+add_subdirectory(ref)
+
+# for future realization
+#add_subdirectory(avx2)
+

jni/ref/CMakeLists.txt

@@ -0,0 +1,27 @@
+set(KYBER_SRCS kex.c kem.c indcpa.c polyvec.c poly.c ntt.c cbd.c reduce.c verify.c)
+set(KYBER_FIPS202_SRCS ${KYBER_SRCS} symmetric-shake.c)
+set(KYBER_NINETIES_SRCS ${KYBER_SRCS} symmetric-aes.c)
+set(FIPS202_SRCS fips202.c)
+set(AES256CTR_SRCS aes256ctr.c)
+set(SHA2_SRCS sha256.c sha512.c)
+
+if(MSVC)
+  add_compile_options(/nologo /O2 /W4 /wd4146 /wd4244)
+else()
+  add_compile_options(-Wall -Wextra -Wpedantic -Werror)
+  add_compile_options(-Wmissing-prototypes -Wredundant-decls -Wshadow -Wpointer-arith)
+  add_compile_options(-O3 -fomit-frame-pointer)
+endif()
+
+add_library(fips202_ref_jni ${FIPS202_SRCS})
+add_library(aes256ctr_ref_jni ${AES256CTR_SRCS})
+add_library(sha2_ref_jni ${SHA2_SRCS})
+
+# Kyber 512
+add_library(kyber512_ref_jni SHARED ${KYBER_FIPS202_SRCS})
+add_library(kyber512_90s_ref_jni SHARED ${KYBER_NINETIES_SRCS})
+target_compile_definitions(kyber512_ref_jni PUBLIC KYBER_K=2)
+target_compile_definitions(kyber512_90s_ref_jni PUBLIC KYBER_K=2 KYBER_90S)
+target_link_libraries(kyber512_ref_jni INTERFACE fips202_ref_jni)
+target_link_libraries(kyber512_90s_ref_jni INTERFACE aes256ctr_ref_jni sha2_ref)
+