Update HQC to 2023-04-30 submission

[SWilson4]

Update HQC to conform with the latest submission: see https://pqc-hqc.org. This also removes the avx2 optimized version of HQC, as it is not interoperable with the latest standard and renames HQC-RMRS to HQC everywhere, as there are no longer non-RMRS versions of HQC.

I made a number of small changes to the reference code, mostly to eliminate undefined or implementation-defined behaviour. The only substantial change is the addition of a Barrett reduction routine in the code for constant-weight vector sampling. This was to address #482. Please pay special attention to this code when reviewing; it's found in vector.c.

The latest submission of HQC generates KATs using a custom PRNG instead of the one provided by NIST. I added an implementation of this PRNG in the test directory and modified the test files so that it would be used in the NIST KAT tests.

It might be easier to review against the reference code: my fork of the package-pqclean repo can help with this.

Fixes #482.

Manually checked properties

• Generated Github workflow (run .github/workflows/generate_workflows.py) (new schemes)
• No stringification macros
• Output-parameter pointers in functions are on the left
• Negative return values on failure of API functions (within restrictions of FO transform).
• variable declarations at the beginning (except in for (size_t i=...)
• Optional:
  • All integer types are of fixed size, using stdint.h types (including uint8_t instead of unsigned char)
  • Integers used for indexing are of size size_t

[SWilson4]

The HQC tests are failing only on PPC due to astyle missing: https://github.com/PQClean/PQClean/actions/runs/6252731989/job/16979928238?pr=512#step:6:4502. I've run the non-formatting tests on this branch locally using the PPC container and all the tests pass (except the preprocessor conditional checks for Kyber and Dilithium).

[thomwiggers]

Yeah, we need to merge #500 after which astyle should not run on ppc anymore.

[thomwiggers]

Wait, what's happening with the NIST kat random number generators? You're touching an awful lot of meta files.

It might also be better that, if this is necessary, nist-kat: nist is the default when not included in a META file.

Additionally, rebasing would be great

[SWilson4]

Wait, what's happening with the NIST kat random number generators? You're touching an awful lot of meta files.

The latest submission for HQC uses its own SHA3-based "rng" to produce KATs. I added test/common/hqckatrng.c and test/crypto_kem/hqckat.c, providing this RNG, in order to test against the vectors included in the submission. The nistkat-rng key was meant to indicate which RNG to use.

I'll edit the description to mention this for clarity.

It might also be better that, if this is necessary, nist-kat: nist is the default when not included in a META file.

Additionally, rebasing would be great

Both done.

[thomwiggers]

I think this looks plausible. @mkannwischer, could you maybe also have a look at the vector.c barret reduction mentioned?

[SWilson4]

@thomwiggers @mkannwischer Just bumping this PR in case it's slipped off your radar.