aus2cc

.gitignore

@@ -4,3 +4,5 @@
 /fuzz/corpus/
 /fuzz/Cargo.lock
 /fuzz/target/
+/dudect/Cargo.lock
+/dudect/target/

Cargo.toml

@@ -1,3 +1,4 @@
+workspace = { members = ["ct_cm4"] }
 [package]
 name = "fips203"
 version = "0.1.0"
@@ -44,4 +45,4 @@ debug-assertions = false
 incremental = false
 lto = true
 opt-level = 3
-overflow-checks = false
+overflow-checks = false

ct_cm4/.cargo/config.toml

@@ -0,0 +1,6 @@
+[target.thumbv7em-none-eabihf]
+runner = "gdb-multiarch -q -x openocd.gdb"
+rustflags = ["-C", "link-arg=-Tlink.x"]
+
+[build]
+target = "thumbv7em-none-eabihf"

ct_cm4/Cargo.toml

@@ -0,0 +1,18 @@
+[package]
+name = "ct_cm4-fips203"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+fips203 = { path = "..", default-features = false, features = ["ml-kem-512"] }
+embedded-alloc = "0.5"
+cortex-m-semihosting = "0.5.0"
+panic-semihosting = { version = "0.6.0", features = ["exit"] }
+cortex-m = { version = "0.7.7", features = ["critical-section-single-core"] }
+cortex-m-rt = "0.6.15"
+stm32f3-discovery = "0.7.2"
+panic-itm = "0.4.2"
+rand_core = { version = "0.6.4", default-features = false }
+
+[profile.dev]
+opt-level = "z" # Optimize for size.

ct_cm4/openocd.gdb

@@ -0,0 +1,37 @@
+# Connect to gdb remote server
+target remote :3333
+
+# Load will flash the code
+load
+
+# Enable demangling asm names on disassembly
+set print asm-demangle on
+
+# Enable pretty printing
+set print pretty on
+
+# Disable style sources as the default colors can be hard to read
+set style sources off
+
+# Initialize monitoring so iprintln! macro output
+# is sent from the itm port to itm.txt
+monitor tpiu config internal itm.txt uart off 8000000
+
+# Turn on the itm port and semihosting
+monitor itm port 0 on
+monitor arm semihosting enable
+
+# Set a breakpoint at main, aka entry
+break main
+
+# Set a breakpoint at DefaultHandler
+break DefaultHandler
+
+# Set a breakpoint at HardFault
+break HardFault
+
+# Continue running until we hit the main breakpoint
+continue
+
+# Step from the trampoline code in entry into main
+step

ct_cm4/src/main.rs

@@ -0,0 +1,126 @@
+#![no_std]
+#![no_main]
+// TODO: ----->>> THIS IS A WORK IN PROGRESS
+////////////////////////////////////////////
+#![allow(dead_code)]
+#![allow(clippy::write_with_newline)]
+// Using STM Discovery Board -- https://docs.rust-embedded.org/discovery/f3discovery/index.html
+//
+// One-off
+// rustup target add thumbv7em-none-eabihf
+// rustup component add llvm-tools-preview
+//
+// cd ct_cm4
+// cargo build --target thumbv7em-none-eabihf # --target not needed?
+// cargo readobj --target thumbv7em-none-eabihf --bin ct_cm4-fips203 -- --file-header # double-checks built object
+// (In another window) cd /tmp && openocd -f interface/stlink-v2-1.cfg -f target/stm32f3x.cfg
+// cargo run
+// layout src
+// break main.rs:93
+// continue
+// s
+
+
+// Embedded heap allocator (since no_std)
+extern crate alloc;
+
+// CPU support
+use core::fmt::Write;
+use core::mem::MaybeUninit;
+
+// for hio
+//use cortex_m::peripheral::DWT;
+use cortex_m_rt::entry;
+use cortex_m_semihosting::hio;
+use rand_core::{CryptoRng, RngCore};
+// Board support
+use stm32f3_discovery::leds::Leds;
+use stm32f3_discovery::stm32f3xx_hal::{pac, prelude::*};
+use stm32f3_discovery::switch_hal::OutputSwitch;
+
+use embedded_alloc::Heap;
+use fips203::ml_kem_512;
+// Could also be ml_kem_768 or ml_kem_1024.
+use fips203::traits::{Decaps, Encaps, KeyGen};
+
+
+#[global_allocator]
+static HEAP: Heap = Heap::empty();
+
+// This function prints to semihosting
+fn print_semi(msg: &str, delta: u32) {
+ let mut stdout = hio::hstdout()
+ .map_err(|_| core::fmt::Error)
+ .expect("hio fail");
+ write!(stdout, "{} delta is #{}\n", msg, delta).expect("write fail");
+}
+
+// Dummy RNG
+struct MyRng();
+
+impl RngCore for MyRng {
+ fn next_u32(&mut self) -> u32 { unimplemented!() }
+
+ fn next_u64(&mut self) -> u64 { unimplemented!() }
+
+ fn fill_bytes(&mut self, out: &mut [u8]) { out.iter_mut().for_each(|b| *b = 0); }
+
+ fn try_fill_bytes(&mut self, out: &mut [u8]) -> Result<(), rand_core::Error> {
+ self.fill_bytes(out);
+ Ok(())
+ }
+}
+
+impl CryptoRng for MyRng {}
+
+
+#[entry]
+fn main() -> ! {
+ // Configure heap
+ const HEAP_SIZE: usize = 10 * 1024;
+ static mut HEAP_MEM: [MaybeUninit<u8>; HEAP_SIZE] = [MaybeUninit::uninit(); HEAP_SIZE];
+ unsafe { HEAP.init(HEAP_MEM.as_ptr() as usize, HEAP_SIZE) }
+
+ // Configure MCU
+ let device_periphs = pac::Peripherals::take().expect("device_periphs fail");
+ let mut reset_and_clock_control = device_periphs.RCC.constrain();
+ //let mut core_periphs = cortex_m::Peripherals::take().expect("core_periphs fail");
+ //core_periphs.DWT.enable_cycle_counter();
+
+ // Initialize LEDs
+ let mut gpioe = device_periphs.GPIOE.split(&mut reset_and_clock_control.ahb);
+ #[rustfmt::skip]
+ let mut leds = Leds::new(gpioe.pe8, gpioe.pe9, gpioe.pe10, gpioe.pe11, gpioe.pe12,
+ gpioe.pe13, gpioe.pe14, gpioe.pe15, &mut gpioe.moder, &mut gpioe.otyper).into_array();
+
+ let mut my_rng = MyRng {};
+ let mut i = 0u32;
+ loop {
+ i = if i % 10 == 0 {
+ leds[0].off().ok();
+ 1
+ } else {
+ leds[0].on().ok();
+ i + 1
+ };
+ //cortex_m::asm::isb();
+ //let start = DWT::cycle_count();
+ //cortex_m::asm::isb();
+
+ //let (ek1, dk1) = ml_kem_512::KG::try_keygen_with_rng_vt(&mut my_rng).unwrap();
+ let res1 = ml_kem_512::KG::try_keygen_with_rng_vt(&mut my_rng);
+ if res1.is_ok() {
+ let (ek1, dk1) = res1.unwrap();
+ let (ssk1, ct) = ek1.try_encaps_with_rng_vt(&mut my_rng).unwrap();
+ let ssk2 = dk1.try_decaps_vt(&ct).unwrap();
+ assert_eq!(ssk1, ssk2);
+ }
+ //cortex_m::asm::isb();
+ //let finish = DWT::cycle_count();
+ //cortex_m::asm::isb();
+ ///////////////////// ...timing finished
+
+ //print_semi("Top", finish - start);
+ //leds[0].off().ok();
+ }
+}

dudect/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "fips203-dudect"
+version = "0.1.0"
+authors = ["Eric Schorn <[email protected]>"]
+publish = false
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+fips203 = { path = ".." }
+dudect-bencher = "0.6"

dudect/src/main.rs

@@ -0,0 +1,94 @@
+// Note that this package does not provide any constant-time assurances.
+// However, this code fragment lays the groundwork should that change.
+
+use dudect_bencher::{BenchRng, Class, ctbench_main, CtRunner};
+use fips203::ml_kem_512;
+use fips203::traits::{Decaps, Encaps, KeyGen};
+
+// Could also be ml_kem_768 or ml_kem_1024.
+use crate::ml_kem_512::{CipherText, DecapsKey, EncapsKey};
+
+fn encaps(runner: &mut CtRunner, mut _rng: &mut BenchRng) {
+ const ITERATIONS_OUTER: usize = 1000;
+ const ITERATIONS_INNER: usize = 100;
+
+ let (ek1, _dk1) = ml_kem_512::KG::try_keygen_vt().unwrap();
+ let (ek2, _dk2) = ml_kem_512::KG::try_keygen_vt().unwrap();
+
+ let mut inputs: Vec<EncapsKey> = Vec::new();
+ let mut classes = Vec::new();
+
+ for _ in 0..ITERATIONS_OUTER {
+ inputs.push(ek1.clone());
+ classes.push(Class::Left);
+ }
+
+ for _ in 0..ITERATIONS_OUTER {
+ inputs.push(ek2.clone());
+ classes.push(Class::Right);
+ }
+
+ for (class, input) in classes.into_iter().zip(inputs.into_iter()) {
+ runner.run_one(class, || {
+ for _ in 0..ITERATIONS_INNER {
+ let _ = input.try_encaps_vt();
+ }
+ })
+ }
+}
+
+fn decaps(runner: &mut CtRunner, mut _rng: &mut BenchRng) {
+ const ITERATIONS_OUTER: usize = 1000;
+ const ITERATIONS_INNER: usize = 100;
+
+ let (ek1, dk1) = ml_kem_512::KG::try_keygen_vt().unwrap();
+ let (_ssk, ct1) = ek1.try_encaps_vt().unwrap();
+ let (ek2, dk2) = ml_kem_512::KG::try_keygen_vt().unwrap();
+ let (_ssk, ct2) = ek2.try_encaps_vt().unwrap();
+
+ let mut inputs: Vec<(DecapsKey, CipherText)> = Vec::new();
+ let mut classes = Vec::new();
+
+ for _ in 0..ITERATIONS_OUTER {
+ inputs.push((dk1.clone(), ct1.clone()));
+ classes.push(Class::Left);
+ }
+
+ for _ in 0..ITERATIONS_OUTER {
+ inputs.push((dk2.clone(), ct2.clone()));
+ classes.push(Class::Right);
+ }
+
+ for (class, input) in classes.into_iter().zip(inputs.into_iter()) {
+ runner.run_one(class, || {
+ for _ in 0..ITERATIONS_INNER {
+ let _ = input.0.try_decaps_vt(&input.1);
+ }
+ })
+ }
+}
+
+
+ctbench_main!(encaps, decaps);
+
+/*
+See https://docs.rs/dudect-bencher/latest/dudect_bencher/
+
+$ cargo run --release -- --continuous encaps
+running 1 benchmark continuously
+bench encaps seeded with 0xa533680b600ee91d
+bench encaps ... : n == +0.002M, max t = +20.90838, max tau = +0.46953, (5/tau)^2 = 113
+bench encaps ... : n == +0.003M, max t = +12.90667, max tau = +0.23820, (5/tau)^2 = 440
+bench encaps ... : n == +0.004M, max t = +11.03463, max tau = +0.17258, (5/tau)^2 = 839
+bench encaps ... : n == +0.003M, max t = +14.12761, max tau = +0.25057, (5/tau)^2 = 398
+bench encaps ... ^C: n == +0.004M, max t = +13.49987, max tau = +0.21857, (5/tau)^2 = 523
+
+cargo run --release -- --continuous decaps
+running 1 benchmark continuously
+bench decaps seeded with 0x0cd3626e7d56f68c
+bench decaps ... : n == +0.002M, max t = +7.38286, max tau = +0.18856, (5/tau)^2 = 703
+bench decaps ... : n == +0.003M, max t = +11.21373, max tau = +0.19150, (5/tau)^2 = 681
+bench decaps ... : n == +0.006M, max t = +38.99984, max tau = +0.50765, (5/tau)^2 = 97
+bench decaps ... : n == +0.008M, max t = +29.45174, max tau = +0.33622, (5/tau)^2 = 221
+
+*/