aklsjlskjd

Signed-off-by: dkostic <[email protected]>

Author: dkostic

benchmarks/benchmark.c

@@ -768,7 +768,6 @@ void call_edwards25519_scalarmuldouble_alt(void) repeatfewer(10,edwards25519_sca
 void call_mlkem_basemul_k2(void) repeat(mlkem_basemul_k2((int16_t*)b0,(int16_t*)b1,(int16_t*)b2,(int16_t*)b3))
 void call_mlkem_basemul_k3(void) repeat(mlkem_basemul_k3((int16_t*)b0,(int16_t*)b1,(int16_t*)b2,(int16_t*)b3))
 void call_mlkem_basemul_k4(void) repeat(mlkem_basemul_k4((int16_t*)b0,(int16_t*)b1,(int16_t*)b2,(int16_t*)b3))
-void call_mlkem_ntt(void) repeat(mlkem_ntt((int16_t*)b0,(int16_t*)b1,(int16_t*)b2))
 void call_mlkem_reduce(void) repeat(mlkem_reduce((int16_t*)b0))
 
 void call_p256_montjadd(void) repeat(p256_montjadd(b1,b2,b3))
@@ -831,6 +830,8 @@ void call_sm2_montjscalarmul_alt(void) repeatfewer(10,sm2_montjscalarmul_alt(b1,
 void call_mldsa_ntt(void) repeat(mldsa_ntt((int32_t*)b0,(const int32_t*)b1))
 void call_mldsa_poly_reduce(void) repeat(mldsa_poly_reduce((int32_t*)b0))
 
+void call_mlkem_ntt(void) repeat(mlkem_ntt((int16_t*)b0,(int16_t*)b1))
+
 void call_bignum_copy_row_from_table_8n__32_16(void) {}
 void call_bignum_copy_row_from_table_8n__32_32(void) {}
 void call_bignum_copy_row_from_table_16__32(void) {}
@@ -1131,6 +1132,7 @@ void call_bignum_emontredc_8n_cdiff__32(void) repeat(bignum_emontredc_8n_cdiff(3
 
 void call_mlkem_intt(void) repeat(mlkem_intt((int16_t*)b0,(int16_t*)b1,(int16_t*)b2))
 void call_mlkem_mulcache_compute(void) repeat(mlkem_mulcache_compute((int16_t*)b0,(int16_t*)b1,(int16_t*)b2,(int16_t*)b3))
+void call_mlkem_ntt(void) repeat(mlkem_ntt((int16_t*)b0,(int16_t*)b1,(int16_t*)b2))
 void call_mlkem_tobytes(void) repeat(mlkem_tobytes((uint8_t*)b0,(int16_t*)b1))
 void call_mlkem_tomont(void) repeat(mlkem_tomont((int16_t*)b0))
 void call_mlkem_rej_uniform(void) repeat(mlkem_rej_uniform_VARIABLE_TIME((int16_t*)b0,(uint8_t*)b1,1200,mlkem_rej_uniform_table))

include/s2n-bignum.h

@@ -1006,15 +1006,13 @@ extern void mlkem_intt(int16_t a[S2N_BIGNUM_STATIC 256],const int16_t z_01234[S2
 // Inputs a[256], z[128] and t[128] (signed 16-bit words); output x[128] (signed 16-bit words)
 extern void mlkem_mulcache_compute(int16_t x[S2N_BIGNUM_STATIC 128],const int16_t a[S2N_BIGNUM_STATIC 256],const int16_t z[S2N_BIGNUM_STATIC 128],const int16_t t[S2N_BIGNUM_STATIC 128]);
 
-#ifdef __x86_64__
 // Forward number-theoretic transform from ML-KEM x86 implementation
-// Input a[256] (signed 16-bit words), qdata[624]
-extern void mlkem_ntt(int16_t a[S2N_BIGNUM_STATIC 256],const int16_t qdata[S2N_BIGNUM_STATIC 624]);
-#else
+// Input a[256] (signed 16-bit words), qdata[624]; output a[256] (signed 16-bit words)
+extern void mlkem_ntt_x86(int16_t a[S2N_BIGNUM_STATIC 256],const int16_t qdata[S2N_BIGNUM_STATIC 624]);
+
 // Forward number-theoretic transform from ML-KEM
 // Input a[256] (signed 16-bit words), z_01234[80] (signed 16-bit words), z_56[384] (signed 16-bit words); output a[256] (signed 16-bit words)
 extern void mlkem_ntt(int16_t a[S2N_BIGNUM_STATIC 256],const int16_t z_01234[S2N_BIGNUM_STATIC 80],const int16_t z_56[S2N_BIGNUM_STATIC 384]);
-#endif
 
 // Canonical modular reduction of polynomial coefficients for ML-KEM
 // Input a[256] (signed 16-bit words); output a[256] (signed 16-bit words)

tests/test.c

@@ -12192,7 +12192,7 @@ uint64_t t, i;
         a[i] = (int16_t) (random64() % 16383) - 8192; // |a[i]| < 8192 assumed
      for (i = 0; i < 256; ++i) b[i] = a[i];
 #ifdef __x86_64__
-     mlkem_ntt(b, mlkem_qdata);
+     mlkem_ntt_x86(b, mlkem_qdata);
      reference_forward_ntt(c,a); reference_bitreverse(c,c);
      mlkem_poly_to_avx2_layout(c);
 #else

tools/collect-signatures.py

@@ -298,6 +298,7 @@ def stripPrefixes(s, prefixes):
   "curve25519_x25519_byte",
   "curve25519_x25519_byte_alt",
   "sha3_",
+  "mlkem_ntt",
   "mlkem_intt",
   "mlkem_mulcache_compute",
   "mlkem_rej_uniform_VARIABLE_TIME",
@@ -331,6 +332,7 @@ def stripPrefixes(s, prefixes):
   "bignum_triple_sm2_alt",
   "mldsa_ntt",
   "mldsa_poly_reduce",
+  "mlkem_ntt_x86",
 ]
 
 for arch in ["arm","x86"]:

x86/mlkem/mlkem_ntt.S

@@ -4,28 +4,28 @@
 
 // ----------------------------------------------------------------------------
 // Forward number-theoretic transform from ML-KEM
-// Input a[256], z_01234[80], z_56[384] (all signed 16-bit words); output a[256] (signed 16-bit words).
+// Input a[256], qdata[624] (all signed 16-bit words); output a[256] (signed 16-bit words).
 //
 // The transform is in-place with input and output a[256], with the output
 // in bitreversed order. The second parameter is expected to point to a
 // table of constants whose definitions can be found in the mlkem-native
 // repo or our "tests/test.c".
 //
-// extern void mlkem_ntt(int16_t a[static 256], const int16_t *qdata);
+// extern void mlkem_ntt_x86(int16_t a[static 256], const int16_t qdata[static 624]);
 //
 // Standard x86-64 ABI: RDI = a, RSI = qdata
 // Microsoft x64 ABI:   RCX = a, RDX = qdata
 // ----------------------------------------------------------------------------
 #include "_internal_s2n_bignum_x86.h"
 
 .intel_syntax noprefix
-        S2N_BN_SYM_VISIBILITY_DIRECTIVE(mlkem_ntt)
-        S2N_BN_FUNCTION_TYPE_DIRECTIVE(mlkem_ntt)
-        S2N_BN_SYM_PRIVACY_DIRECTIVE(mlkem_ntt)
+        S2N_BN_SYM_VISIBILITY_DIRECTIVE(mlkem_ntt_x86)
+        S2N_BN_FUNCTION_TYPE_DIRECTIVE(mlkem_ntt_x86)
+        S2N_BN_SYM_PRIVACY_DIRECTIVE(mlkem_ntt_x86)
         .text
         .balign 4
 
-S2N_BN_SYMBOL(mlkem_ntt):
+S2N_BN_SYMBOL(mlkem_ntt_x86):
         CFI_START
         _CET_ENDBR
 
@@ -652,7 +652,7 @@ S2N_BN_SYMBOL(mlkem_ntt):
 #endif
         CFI_RET
 
-S2N_BN_SIZE_DIRECTIVE(mlkem_ntt)
+S2N_BN_SIZE_DIRECTIVE(mlkem_ntt_x86)
 
 #if defined(__linux__) && defined(__ELF__)
 .section .note.GNU-stack,"",%progbits

x86/proofs/subroutine_signatures.ml

@@ -4793,15 +4793,15 @@ let subroutine_signatures = [
    ])
 );
 
-("mlkem_ntt",
+("mlkem_ntt_x86",
   ([(*args*)
      ("a", "int16_t[static 256]", (*is const?*)"false");
-     ("q", "int16_t[static 624]", (*is const?*)"true");
+     ("qdata", "int16_t[static 624]", (*is const?*)"true");
    ],
    "void",
    [(* input buffers *)
     ("a", "256"(* num elems *), 2(* elem bytesize *));
-    ("q", "624"(* num elems *), 2(* elem bytesize *));
+    ("qdata", "624"(* num elems *), 2(* elem bytesize *));
    ],
    [(* output buffers *)
     ("a", "256"(* num elems *), 2(* elem bytesize *));

x86_att/mlkem/mlkem_ntt.S

@@ -4,28 +4,28 @@
 
 // ----------------------------------------------------------------------------
 // Forward number-theoretic transform from ML-KEM
-// Input a[256], z_01234[80], z_56[384] (all signed 16-bit words); output a[256] (signed 16-bit words).
+// Input a[256], qdata[624] (all signed 16-bit words); output a[256] (signed 16-bit words).
 //
 // The transform is in-place with input and output a[256], with the output
 // in bitreversed order. The second parameter is expected to point to a
 // table of constants whose definitions can be found in the mlkem-native
 // repo or our "tests/test.c".
 //
-// extern void mlkem_ntt(int16_t a[static 256], const int16_t *qdata);
+// extern void mlkem_ntt_x86(int16_t a[static 256], const int16_t qdata[static 624]);
 //
 // Standard x86-64 ABI: RDI = a, RSI = qdata
 // Microsoft x64 ABI:   RCX = a, RDX = qdata
 // ----------------------------------------------------------------------------
 #include "_internal_s2n_bignum_x86_att.h"
 
 
-        S2N_BN_SYM_VISIBILITY_DIRECTIVE(mlkem_ntt)
-        S2N_BN_FUNCTION_TYPE_DIRECTIVE(mlkem_ntt)
-        S2N_BN_SYM_PRIVACY_DIRECTIVE(mlkem_ntt)
+        S2N_BN_SYM_VISIBILITY_DIRECTIVE(mlkem_ntt_x86)
+        S2N_BN_FUNCTION_TYPE_DIRECTIVE(mlkem_ntt_x86)
+        S2N_BN_SYM_PRIVACY_DIRECTIVE(mlkem_ntt_x86)
         .text
         .balign 4
 
-S2N_BN_SYMBOL(mlkem_ntt):
+S2N_BN_SYMBOL(mlkem_ntt_x86):
         CFI_START
         _CET_ENDBR
 
@@ -652,7 +652,7 @@ vpblendw	$0xaa,%ymm8,%ymm4,%ymm8
 #endif
         CFI_RET
 
-S2N_BN_SIZE_DIRECTIVE(mlkem_ntt)
+S2N_BN_SIZE_DIRECTIVE(mlkem_ntt_x86)
 
 #if defined(__linux__) && defined(__ELF__)
 .section .note.GNU-stack,"",%progbits