pqc/crypto_kem/mceliece6960119/clean/decrypt.c

/*
  This file is for Niederreiter decryption
*/

#include "decrypt.h"
#include <stdio.h>

#include "benes.h"
#include "bm.h"
#include "gf.h"
#include "params.h"
#include "root.h"
#include "synd.h"
#include "util.h"

/* Niederreiter decryption with the Berlekamp decoder */
/* intput: sk, secret key */
/*         c, ciphertext */
/* output: e, error vector */
/* return: 0 for success; 1 for failure */
int PQCLEAN_MCELIECE6960119_CLEAN_decrypt(unsigned char *e, const unsigned char *sk, const unsigned char *c) {
    int i, w = 0;
    uint16_t check;

    unsigned char r[ SYS_N / 8 ];

    gf g[ SYS_T + 1 ];
    gf L[ SYS_N ];

    gf s[ SYS_T * 2 ];
    gf s_cmp[ SYS_T * 2 ];
    gf locator[ SYS_T + 1 ];
    gf images[ SYS_N ];

    gf t;

    //

    for (i = 0; i < SYND_BYTES; i++) {
        r[i] = c[i];
    }
    r[i - 1] &= (1 << ((GFBITS * SYS_T) % 8)) - 1;
    for (i = SYND_BYTES; i < SYS_N / 8; i++) {
        r[i] = 0;
    }

    for (i = 0; i < SYS_T; i++) {
        g[i] = PQCLEAN_MCELIECE6960119_CLEAN_load2(sk);
        g[i] &= GFMASK;
        sk += 2;
    }
    g[ SYS_T ] = 1;

    PQCLEAN_MCELIECE6960119_CLEAN_support_gen(L, sk);

    PQCLEAN_MCELIECE6960119_CLEAN_synd(s, g, L, r);

    PQCLEAN_MCELIECE6960119_CLEAN_bm(locator, s);

    PQCLEAN_MCELIECE6960119_CLEAN_root(images, locator, L);

    //

    for (i = 0; i < SYS_N / 8; i++) {
        e[i] = 0;
    }

    for (i = 0; i < SYS_N; i++) {
        t = PQCLEAN_MCELIECE6960119_CLEAN_gf_iszero(images[i]) & 1;

        e[ i / 8 ] |= t << (i % 8);
        w += t;

    }

    PQCLEAN_MCELIECE6960119_CLEAN_synd(s_cmp, g, L, e);

    //

    check = (uint16_t)w;
    check ^= SYS_T;

    for (i = 0; i < SYS_T * 2; i++) {
        check |= s[i] ^ s_cmp[i];
    }

    check -= 1;
    check >>= 15;

    return check ^ 1;
}
Classic McEliece (#259) * Add McEliece reference implementations * Add Vec implementations of McEliece * Add sse implementations * Add AVX2 implementations * Get rid of stuff not supported by Mac ABI * restrict to two cores * Ditch .data files * Remove .hidden from all .S files * speed up duplicate consistency tests by batching * make cpuinfo more robust * Hope to stabilize macos cpuinfo without ccache * Revert "Hope to stabilize macos cpuinfo without ccache" This reverts commit 6129c3cabe1abbc8b956bc87e902a698e32bf322. * Just hardcode what's available at travis * Fixed-size types in api.h * namespace all header files in mceliece * Ditch operations.h * Get rid of static inline functions * fixup! Ditch operations.h 2020-02-05 12:09:57 +00:00			`/*`
			`This file is for Niederreiter decryption`
			`*/`

			`#include "decrypt.h"`
			`#include <stdio.h>`

			`#include "benes.h"`
			`#include "bm.h"`
			`#include "gf.h"`
			`#include "params.h"`
			`#include "root.h"`
			`#include "synd.h"`
			`#include "util.h"`

			`/* Niederreiter decryption with the Berlekamp decoder */`
			`/* intput: sk, secret key */`
			`/* c, ciphertext */`
			`/* output: e, error vector */`
			`/* return: 0 for success; 1 for failure */`
			`int PQCLEAN_MCELIECE6960119_CLEAN_decrypt(unsigned char e, const unsigned char sk, const unsigned char *c) {`
			`int i, w = 0;`
			`uint16_t check;`

			`unsigned char r[ SYS_N / 8 ];`

			`gf g[ SYS_T + 1 ];`
			`gf L[ SYS_N ];`

			`gf s[ SYS_T * 2 ];`
			`gf s_cmp[ SYS_T * 2 ];`
			`gf locator[ SYS_T + 1 ];`
			`gf images[ SYS_N ];`

			`gf t;`

			`//`

			`for (i = 0; i < SYND_BYTES; i++) {`
			`r[i] = c[i];`
			`}`
			`r[i - 1] &= (1 << ((GFBITS * SYS_T) % 8)) - 1;`
			`for (i = SYND_BYTES; i < SYS_N / 8; i++) {`
			`r[i] = 0;`
			`}`

			`for (i = 0; i < SYS_T; i++) {`
			`g[i] = PQCLEAN_MCELIECE6960119_CLEAN_load2(sk);`
			`g[i] &= GFMASK;`
			`sk += 2;`
			`}`
			`g[ SYS_T ] = 1;`

			`PQCLEAN_MCELIECE6960119_CLEAN_support_gen(L, sk);`

			`PQCLEAN_MCELIECE6960119_CLEAN_synd(s, g, L, r);`

			`PQCLEAN_MCELIECE6960119_CLEAN_bm(locator, s);`

			`PQCLEAN_MCELIECE6960119_CLEAN_root(images, locator, L);`

			`//`

			`for (i = 0; i < SYS_N / 8; i++) {`
			`e[i] = 0;`
			`}`

			`for (i = 0; i < SYS_N; i++) {`
			`t = PQCLEAN_MCELIECE6960119_CLEAN_gf_iszero(images[i]) & 1;`

			`e[ i / 8 ] \|= t << (i % 8);`
			`w += t;`

			`}`

			`PQCLEAN_MCELIECE6960119_CLEAN_synd(s_cmp, g, L, e);`

			`//`

			`check = (uint16_t)w;`
			`check ^= SYS_T;`

			`for (i = 0; i < SYS_T * 2; i++) {`
			`check \|= s[i] ^ s_cmp[i];`
			`}`

			`check -= 1;`
			`check >>= 15;`

			`return check ^ 1;`
			`}`