Add MLD_CONFIG_MULTILEVEL_WITH_SHARED and NO_SHARED

This PR removes NAMESPACETOP and implements the NAMESPACE_KL
for multilevel functionality. Also added are the config
MLD_CONFIG_MULTILEVEL_WITH_SHARED and the no shared option
MLD_CONFIG_MULTILEVEL_NO_SHARED. These multilevel guards
have been added to ntt.c/polyvec.c/debug.c. The functions
within poly.c have been split into shared and parameter-
dependent in poly_kl.c.

Signed-off-by: Jake Massimo <[email protected]>

Author: jakemas

BIBLIOGRAPHY.md

@@ -50,6 +50,7 @@ source code and documentation.
   - [mldsa/fips202/fips202x4.c](mldsa/fips202/fips202x4.c)
   - [mldsa/ntt.h](mldsa/ntt.h)
   - [mldsa/poly.c](mldsa/poly.c)
+  - [mldsa/poly_kl.c](mldsa/poly_kl.c)
   - [mldsa/polyvec.c](mldsa/polyvec.c)
   - [mldsa/rounding.h](mldsa/rounding.h)
   - [mldsa/sign.c](mldsa/sign.c)
@@ -127,6 +128,7 @@ source code and documentation.
   - [README.md](README.md)
   - [mldsa/ntt.c](mldsa/ntt.c)
   - [mldsa/poly.c](mldsa/poly.c)
+  - [mldsa/poly_kl.c](mldsa/poly_kl.c)
 
 ### `REF_AVX2`
 

integration/liboqs/ML-DSA-44_META.yml

@@ -31,8 +31,9 @@ implementations:
   sources: integration/liboqs/config_c.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/ntt.c mldsa/ntt.h mldsa/packing.c mldsa/packing.h mldsa/params.h mldsa/poly.c
-    mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h
-    mldsa/rounding.h mldsa/sign.c mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc
+    mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c mldsa/polyvec.h mldsa/randombytes.h
+    mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h mldsa/symmetric.h mldsa/sys.h
+    mldsa/zetas.inc
 - name: x86_64
   version: FIPS204
   folder_name: .
@@ -44,9 +45,9 @@ implementations:
   sources: integration/liboqs/config_x86_64.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/native/api.h mldsa/native/meta.h mldsa/ntt.c mldsa/ntt.h mldsa/packing.c
-    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h
-    mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h
-    mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/x86_64
+    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c
+    mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c
+    mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/x86_64
   supported_platforms:
   - architecture: x86_64
     operating_systems:
@@ -67,9 +68,9 @@ implementations:
   sources: integration/liboqs/config_aarch64.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/native/api.h mldsa/native/meta.h mldsa/ntt.c mldsa/ntt.h mldsa/packing.c
-    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h
-    mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h
-    mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/aarch64
+    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c
+    mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c
+    mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/aarch64
   supported_platforms:
   - architecture: arm_8
     operating_systems:

integration/liboqs/ML-DSA-65_META.yml

@@ -31,8 +31,9 @@ implementations:
   sources: integration/liboqs/config_c.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/ntt.c mldsa/ntt.h mldsa/packing.c mldsa/packing.h mldsa/params.h mldsa/poly.c
-    mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h
-    mldsa/rounding.h mldsa/sign.c mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc
+    mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c mldsa/polyvec.h mldsa/randombytes.h
+    mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h mldsa/symmetric.h mldsa/sys.h
+    mldsa/zetas.inc
 - name: x86_64
   version: FIPS204
   folder_name: .
@@ -44,9 +45,9 @@ implementations:
   sources: integration/liboqs/config_x86_64.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/native/api.h mldsa/native/meta.h mldsa/ntt.c mldsa/ntt.h mldsa/packing.c
-    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h
-    mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h
-    mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/x86_64
+    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c
+    mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c
+    mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/x86_64
   supported_platforms:
   - architecture: x86_64
     operating_systems:
@@ -67,9 +68,9 @@ implementations:
   sources: integration/liboqs/config_aarch64.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/native/api.h mldsa/native/meta.h mldsa/ntt.c mldsa/ntt.h mldsa/packing.c
-    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h
-    mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h
-    mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/aarch64
+    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c
+    mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c
+    mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/aarch64
   supported_platforms:
   - architecture: arm_8
     operating_systems:

integration/liboqs/ML-DSA-87_META.yml

@@ -31,8 +31,9 @@ implementations:
   sources: integration/liboqs/config_c.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/ntt.c mldsa/ntt.h mldsa/packing.c mldsa/packing.h mldsa/params.h mldsa/poly.c
-    mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h
-    mldsa/rounding.h mldsa/sign.c mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc
+    mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c mldsa/polyvec.h mldsa/randombytes.h
+    mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h mldsa/symmetric.h mldsa/sys.h
+    mldsa/zetas.inc
 - name: x86_64
   version: FIPS204
   folder_name: .
@@ -44,9 +45,9 @@ implementations:
   sources: integration/liboqs/config_x86_64.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/native/api.h mldsa/native/meta.h mldsa/ntt.c mldsa/ntt.h mldsa/packing.c
-    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h
-    mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h
-    mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/x86_64
+    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c
+    mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c
+    mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/x86_64
   supported_platforms:
   - architecture: x86_64
     operating_systems:
@@ -66,9 +67,9 @@ implementations:
   sources: integration/liboqs/config_aarch64.h integration/liboqs/fips202_glue.h integration/liboqs/fips202x4_glue.h
     mldsa/cbmc.h mldsa/common.h mldsa/ct.c mldsa/ct.h mldsa/debug.c mldsa/debug.h
     mldsa/native/api.h mldsa/native/meta.h mldsa/ntt.c mldsa/ntt.h mldsa/packing.c
-    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/polyvec.c mldsa/polyvec.h
-    mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c mldsa/sign.h
-    mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/aarch64
+    mldsa/packing.h mldsa/params.h mldsa/poly.c mldsa/poly.h mldsa/poly_kl.c mldsa/polyvec.c
+    mldsa/polyvec.h mldsa/randombytes.h mldsa/reduce.h mldsa/rounding.h mldsa/sign.c
+    mldsa/sign.h mldsa/symmetric.h mldsa/sys.h mldsa/zetas.inc mldsa/native/aarch64
   supported_platforms:
   - architecture: arm_8
     operating_systems:

mldsa/common.h

@@ -49,15 +49,32 @@
 #define MLD_CONCAT_(x1, x2) x1##x2
 #define MLD_CONCAT(x1, x2) MLD_CONCAT_(x1, x2)
 
+#if defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) || \
+    defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED)
+#define MLD_MULTILEVEL_BUILD
+#endif
+
+#if defined(MLD_MULTILEVEL_BUILD)
+#define MLD_ADD_PARAM_SET(s) MLD_CONCAT(s, MLD_CONFIG_PARAMETER_SET)
+#else
+#define MLD_ADD_PARAM_SET(s) s
+#endif
+
 #define MLD_NAMESPACE_PREFIX MLD_CONCAT(MLD_CONFIG_NAMESPACE_PREFIX, _)
+#define MLD_NAMESPACE_PREFIX_KL \
+  MLD_CONCAT(MLD_ADD_PARAM_SET(MLD_CONFIG_NAMESPACE_PREFIX), _)
 
 /* Functions are prefixed by MLD_CONFIG_NAMESPACE_PREFIX.
  *
- * Example: If MLD_CONFIG_NAMESPACE_PREFIX is PQCP_MLDSA_NATIVE_MLDSA44, then
- * MLD_NAMESPACE(sign) becomes PQCP_MLDSA_NATIVE_MLDSA44_sign.
+ * If multiple parameter sets are used, functions depending on the parameter
+ * set are additionally prefixed with 44/65/87. See config.h.
+ *
+ * Example: If MLD_CONFIG_NAMESPACE_PREFIX is PQCP_MLDSA_NATIVE, then
+ * MLD_NAMESPACE_KL(keypair) becomes PQCP_MLDSA_NATIVE44_keypair/
+ * PQCP_MLDSA_NATIVE65_keypair/PQCP_MLDSA_NATIVE87_keypair.
  */
 #define MLD_NAMESPACE(s) MLD_CONCAT(MLD_NAMESPACE_PREFIX, s)
-#define MLD_NAMESPACETOP MLD_CONFIG_NAMESPACE_PREFIX
+#define MLD_NAMESPACE_KL(s) MLD_CONCAT(MLD_NAMESPACE_PREFIX_KL, s)
 
 #if defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH)
 #include MLD_CONFIG_ARITH_BACKEND_FILE

mldsa/config.h

@@ -43,13 +43,64 @@
  *
  * Description: The prefix to use to namespace global symbols from mldsa/.
  *
+ *              In a multi-level build (that is, if either
+ *              - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or
+ *              - MLD_CONFIG_MULTILEVEL_NO_SHARED,
+ *              are set, level-dependent symbols will additionally be prefixed
+ *              with the parameter set (44/65/87).
+ *
  *              This can also be set using CFLAGS.
  *
  *****************************************************************************/
 #if !defined(MLD_CONFIG_NAMESPACE_PREFIX)
 #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX
 #endif
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_MULTILEVEL_WITH_SHARED
+ *
+ * Description: This is for multi-level builds of mldsa-native only. If you
+ *              need only a single parameter set, keep this unset.
+ *
+ *              If this is set, all MLD_CONFIG_PARAMETER_SET-independent
+ *              code will be included in the build, including code needed only
+ *              for other parameter sets.
+ *
+ *              Example: TODO: add example
+ *
+ *              To build mldsa-native with support for all parameter sets,
+ *              build it three times -- once per parameter set -- and set the
+ *              option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of
+ *              them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others.
+ *
+ *              See examples/multilevel_build_mldsa for an example.
+ *
+ *              This can also be set using CFLAGS.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_MULTILEVEL_WITH_SHARED */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_MULTILEVEL_NO_SHARED
+ *
+ * Description: This is for multi-level builds of mldsa-native only. If you
+ *              need only a single parameter set, keep this unset.
+ *
+ *              If this is set, no MLD_CONFIG_PARAMETER_SET-independent code
+ *              will be included in the build.
+ *
+ *              To build mldsa-native with support for all parameter sets,
+ *              build it three times -- once per parameter set -- and set the
+ *              option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of
+ *              them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others.
+ *
+ *              See examples/multilevel_build_mldsa for an example.
+ *
+ *              This can also be set using CFLAGS.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_MULTILEVEL_NO_SHARED */
+
 /******************************************************************************
  * Name:        MLD_CONFIG_FILE
  *

mldsa/debug.c

@@ -8,6 +8,8 @@
 
 #include "common.h"
 
+#if !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)
+
 #if defined(MLDSA_DEBUG)
 
 #include <inttypes.h>
@@ -60,6 +62,12 @@ MLD_EMPTY_CU(debug)
 
 #endif /* !MLDSA_DEBUG */
 
+#else /* !MLD_CONFIG_MULTILEVEL_NO_SHARED */
+
+MLD_EMPTY_CU(debug)
+
+#endif /* MLD_CONFIG_MULTILEVEL_NO_SHARED */
+
 /* To facilitate single-compilation-unit (SCU) builds, undefine all macros.
  * Don't modify by hand -- this is auto-generated by scripts/autogen. */
 #undef MLD_DEBUG_ERROR_HEADER

mldsa/ntt.c

@@ -12,6 +12,10 @@
  *   https://github.com/pq-crystals/dilithium/tree/master/ref
  */
 
+#include "common.h"
+
+#if !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)
+
 #include <stdint.h>
 
 #include "ntt.h"
@@ -244,3 +248,7 @@ void mld_invntt_tomont(int32_t a[MLDSA_N])
     a[j] = mld_fqscale(a[j]);
   }
 }
+
+#else  /* !MLD_CONFIG_MULTILEVEL_NO_SHARED */
+MLD_EMPTY_CU(mld_ntt)
+#endif /* MLD_CONFIG_MULTILEVEL_NO_SHARED */

mldsa/packing.h

@@ -8,7 +8,7 @@
 #include <stdint.h>
 #include "polyvec.h"
 
-#define mld_pack_pk MLD_NAMESPACE(pack_pk)
+#define mld_pack_pk MLD_NAMESPACE_KL(pack_pk)
 /*************************************************
  * Name:        mld_pack_pk
  *
@@ -31,7 +31,7 @@ __contract__(
 );
 
 
-#define mld_pack_sk MLD_NAMESPACE(pack_sk)
+#define mld_pack_sk MLD_NAMESPACE_KL(pack_sk)
 /*************************************************
  * Name:        mld_pack_sk
  *
@@ -69,7 +69,7 @@ __contract__(
 );
 
 
-#define mld_pack_sig MLD_NAMESPACE(pack_sig)
+#define mld_pack_sig MLD_NAMESPACE_KL(pack_sig)
 /*************************************************
  * Name:        mld_pack_sig
  *
@@ -104,7 +104,7 @@ __contract__(
   assigns(memory_slice(sig, CRYPTO_BYTES))
 );
 
-#define mld_unpack_pk MLD_NAMESPACE(unpack_pk)
+#define mld_unpack_pk MLD_NAMESPACE_KL(unpack_pk)
 /*************************************************
  * Name:        mld_unpack_pk
  *
@@ -128,7 +128,7 @@ __contract__(
 );
 
 
-#define mld_unpack_sk MLD_NAMESPACE(unpack_sk)
+#define mld_unpack_sk MLD_NAMESPACE_KL(unpack_sk)
 /*************************************************
  * Name:        mld_unpack_sk
  *
@@ -169,7 +169,7 @@ __contract__(
     array_bound(s2->vec[k2].coeffs, 0, MLDSA_N, MLD_POLYETA_UNPACK_LOWER_BOUND, MLDSA_ETA + 1)))
 );
 
-#define mld_unpack_sig MLD_NAMESPACE(unpack_sig)
+#define mld_unpack_sig MLD_NAMESPACE_KL(unpack_sig)
 /*************************************************
  * Name:        mld_unpack_sig
  *