2020-10-16 01:00:04 +01:00
|
|
|
|
#include "verify.h"
|
|
|
|
|
|
2019-06-18 10:00:33 +01:00
|
|
|
|
/*-------------------------------------------------
|
|
|
|
|
This file has been adapted from the implementation
|
|
|
|
|
(available at https://github.com/pq-crystals/kyber) of
|
|
|
|
|
"CRYSTALS – Kyber: a CCA-secure module-lattice-based KEM"
|
|
|
|
|
by : Joppe Bos, Leo Ducas, Eike Kiltz, Tancrede Lepoint,
|
|
|
|
|
Vadim Lyubashevsky, John M. Schanck, Peter Schwabe & Damien stehle
|
|
|
|
|
----------------------------------------------------*/
|
2020-10-16 01:00:04 +01:00
|
|
|
|
|
2019-06-18 10:00:33 +01:00
|
|
|
|
|
|
|
|
|
/* returns 0 for equal strings, 1 for non-equal strings */
|
2020-10-16 01:00:04 +01:00
|
|
|
|
uint8_t PQCLEAN_SABER_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t len) {
|
2019-06-18 10:00:33 +01:00
|
|
|
|
uint64_t r;
|
|
|
|
|
size_t i;
|
2019-06-18 13:20:59 +01:00
|
|
|
|
r = 0;
|
2020-10-16 01:00:04 +01:00
|
|
|
|
|
2019-06-18 10:00:33 +01:00
|
|
|
|
for (i = 0; i < len; i++) {
|
|
|
|
|
r |= a[i] ^ b[i];
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-18 13:20:59 +01:00
|
|
|
|
r = (~r + 1); // Two's complement
|
|
|
|
|
r >>= 63;
|
2020-10-16 01:00:04 +01:00
|
|
|
|
return (uint8_t) r;
|
2019-06-18 10:00:33 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* b = 1 means mov, b = 0 means don't mov*/
|
2020-10-16 01:00:04 +01:00
|
|
|
|
void PQCLEAN_SABER_CLEAN_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) {
|
2019-06-18 10:00:33 +01:00
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
|
|
b = -b;
|
|
|
|
|
for (i = 0; i < len; i++) {
|
|
|
|
|
r[i] ^= b & (x[i] ^ r[i]);
|
|
|
|
|
}
|
|
|
|
|
}
|