From 3138c9c35ff111ceab73d49abc23a50a655c3503 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Mon, 14 Sep 2020 16:44:09 -0400 Subject: [PATCH] uniform vect_compare implementations --- crypto_kem/hqc-128/avx2/kem.c | 6 +++--- crypto_kem/hqc-128/avx2/vector.c | 12 ++++++------ crypto_kem/hqc-128/avx2/vector.h | 2 +- crypto_kem/hqc-128/clean/kem.c | 6 +++--- crypto_kem/hqc-128/clean/vector.c | 9 +++++++-- crypto_kem/hqc-128/clean/vector.h | 2 +- crypto_kem/hqc-192/avx2/kem.c | 6 +++--- crypto_kem/hqc-192/avx2/vector.c | 12 ++++++------ crypto_kem/hqc-192/avx2/vector.h | 2 +- crypto_kem/hqc-192/clean/kem.c | 6 +++--- crypto_kem/hqc-192/clean/vector.c | 9 +++++++-- crypto_kem/hqc-192/clean/vector.h | 2 +- crypto_kem/hqc-256/avx2/kem.c | 6 +++--- crypto_kem/hqc-256/avx2/vector.c | 12 ++++++------ crypto_kem/hqc-256/avx2/vector.h | 2 +- crypto_kem/hqc-256/clean/kem.c | 6 +++--- crypto_kem/hqc-256/clean/vector.c | 9 +++++++-- crypto_kem/hqc-256/clean/vector.h | 2 +- crypto_kem/hqc-rmrs-128/avx2/kem.c | 6 +++--- crypto_kem/hqc-rmrs-128/avx2/vector.c | 13 +++++++------ crypto_kem/hqc-rmrs-128/avx2/vector.h | 2 +- crypto_kem/hqc-rmrs-128/clean/kem.c | 6 +++--- crypto_kem/hqc-rmrs-128/clean/vector.c | 9 +++++++-- crypto_kem/hqc-rmrs-128/clean/vector.h | 2 +- crypto_kem/hqc-rmrs-192/avx2/kem.c | 6 +++--- crypto_kem/hqc-rmrs-192/avx2/vector.c | 13 +++++++------ crypto_kem/hqc-rmrs-192/avx2/vector.h | 2 +- crypto_kem/hqc-rmrs-192/clean/kem.c | 6 +++--- crypto_kem/hqc-rmrs-192/clean/vector.c | 9 +++++++-- crypto_kem/hqc-rmrs-192/clean/vector.h | 2 +- crypto_kem/hqc-rmrs-256/avx2/kem.c | 6 +++--- crypto_kem/hqc-rmrs-256/avx2/vector.c | 13 +++++++------ crypto_kem/hqc-rmrs-256/avx2/vector.h | 2 +- crypto_kem/hqc-rmrs-256/clean/kem.c | 6 +++--- crypto_kem/hqc-rmrs-256/clean/vector.c | 9 +++++++-- crypto_kem/hqc-rmrs-256/clean/vector.h | 2 +- 36 files changed, 129 insertions(+), 96 deletions(-) diff --git a/crypto_kem/hqc-128/avx2/kem.c b/crypto_kem/hqc-128/avx2/kem.c index e70f0952..b45cd715 100644 --- a/crypto_kem/hqc-128/avx2/kem.c +++ b/crypto_kem/hqc-128/avx2/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQC128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQC128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQC128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQC128_AVX2_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQC128_AVX2_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQC128_AVX2_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-128/avx2/vector.c b/crypto_kem/hqc-128/avx2/vector.c index 8f5da9df..79f70361 100644 --- a/crypto_kem/hqc-128/avx2/vector.c +++ b/crypto_kem/hqc-128/avx2/vector.c @@ -162,13 +162,13 @@ void PQCLEAN_HQC128_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_ * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQC128_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - unsigned char diff = 0; - - for (uint32_t i = 0; i < size; i++) { - diff |= ((uint8_t *) v1)[i] ^ ((uint8_t *) v2)[i]; +uint8_t PQCLEAN_HQC128_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; } - return diff != 0; + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-128/avx2/vector.h b/crypto_kem/hqc-128/avx2/vector.h index 3fbb2ddc..97242a4c 100644 --- a/crypto_kem/hqc-128/avx2/vector.h +++ b/crypto_kem/hqc-128/avx2/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQC128_AVX2_vect_set_random_from_randombytes(uint64_t *v); void PQCLEAN_HQC128_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQC128_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQC128_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQC128_AVX2_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-128/clean/kem.c b/crypto_kem/hqc-128/clean/kem.c index 76173dc2..a2604d95 100644 --- a/crypto_kem/hqc-128/clean/kem.c +++ b/crypto_kem/hqc-128/clean/kem.c @@ -131,9 +131,9 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char * sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQC128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQC128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQC128_CLEAN_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQC128_CLEAN_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQC128_CLEAN_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-128/clean/vector.c b/crypto_kem/hqc-128/clean/vector.c index c8ad8f34..a5ddc317 100644 --- a/crypto_kem/hqc-128/clean/vector.c +++ b/crypto_kem/hqc-128/clean/vector.c @@ -178,8 +178,13 @@ void PQCLEAN_HQC128_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64 * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQC128_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - return memcmp(v1, v2, size); +uint8_t PQCLEAN_HQC128_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; + } + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-128/clean/vector.h b/crypto_kem/hqc-128/clean/vector.h index 1a23056a..16ed84b9 100644 --- a/crypto_kem/hqc-128/clean/vector.h +++ b/crypto_kem/hqc-128/clean/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQC128_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v); void PQCLEAN_HQC128_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQC128_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQC128_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQC128_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-192/avx2/kem.c b/crypto_kem/hqc-192/avx2/kem.c index 4807780e..e2cbec1d 100644 --- a/crypto_kem/hqc-192/avx2/kem.c +++ b/crypto_kem/hqc-192/avx2/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQC192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQC192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQC192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQC192_AVX2_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQC192_AVX2_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQC192_AVX2_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-192/avx2/vector.c b/crypto_kem/hqc-192/avx2/vector.c index 73f5d5bc..cceaaf38 100644 --- a/crypto_kem/hqc-192/avx2/vector.c +++ b/crypto_kem/hqc-192/avx2/vector.c @@ -162,13 +162,13 @@ void PQCLEAN_HQC192_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_ * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQC192_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - unsigned char diff = 0; - - for (uint32_t i = 0; i < size; i++) { - diff |= ((uint8_t *) v1)[i] ^ ((uint8_t *) v2)[i]; +uint8_t PQCLEAN_HQC192_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; } - return diff != 0; + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-192/avx2/vector.h b/crypto_kem/hqc-192/avx2/vector.h index 0ff92c23..a01c6743 100644 --- a/crypto_kem/hqc-192/avx2/vector.h +++ b/crypto_kem/hqc-192/avx2/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQC192_AVX2_vect_set_random_from_randombytes(uint64_t *v); void PQCLEAN_HQC192_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQC192_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQC192_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQC192_AVX2_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-192/clean/kem.c b/crypto_kem/hqc-192/clean/kem.c index 90bfe9d3..fb4a1cfb 100644 --- a/crypto_kem/hqc-192/clean/kem.c +++ b/crypto_kem/hqc-192/clean/kem.c @@ -131,9 +131,9 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char * sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQC192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQC192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQC192_CLEAN_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQC192_CLEAN_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQC192_CLEAN_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-192/clean/vector.c b/crypto_kem/hqc-192/clean/vector.c index 7bd08e0e..242d9284 100644 --- a/crypto_kem/hqc-192/clean/vector.c +++ b/crypto_kem/hqc-192/clean/vector.c @@ -178,8 +178,13 @@ void PQCLEAN_HQC192_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64 * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQC192_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - return memcmp(v1, v2, size); +uint8_t PQCLEAN_HQC192_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; + } + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-192/clean/vector.h b/crypto_kem/hqc-192/clean/vector.h index 55423f1a..76213411 100644 --- a/crypto_kem/hqc-192/clean/vector.h +++ b/crypto_kem/hqc-192/clean/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQC192_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v); void PQCLEAN_HQC192_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQC192_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQC192_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQC192_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-256/avx2/kem.c b/crypto_kem/hqc-256/avx2/kem.c index de7761fa..b9b8401a 100644 --- a/crypto_kem/hqc-256/avx2/kem.c +++ b/crypto_kem/hqc-256/avx2/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQC256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQC256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQC256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQC256_AVX2_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQC256_AVX2_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQC256_AVX2_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-256/avx2/vector.c b/crypto_kem/hqc-256/avx2/vector.c index 925b6f97..56f60bfe 100644 --- a/crypto_kem/hqc-256/avx2/vector.c +++ b/crypto_kem/hqc-256/avx2/vector.c @@ -162,13 +162,13 @@ void PQCLEAN_HQC256_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_ * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQC256_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - unsigned char diff = 0; - - for (uint32_t i = 0; i < size; i++) { - diff |= ((uint8_t *) v1)[i] ^ ((uint8_t *) v2)[i]; +uint8_t PQCLEAN_HQC256_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; } - return diff != 0; + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-256/avx2/vector.h b/crypto_kem/hqc-256/avx2/vector.h index 8a671d09..2be772b1 100644 --- a/crypto_kem/hqc-256/avx2/vector.h +++ b/crypto_kem/hqc-256/avx2/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQC256_AVX2_vect_set_random_from_randombytes(uint64_t *v); void PQCLEAN_HQC256_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQC256_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQC256_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQC256_AVX2_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-256/clean/kem.c b/crypto_kem/hqc-256/clean/kem.c index 4073cecd..258bddd9 100644 --- a/crypto_kem/hqc-256/clean/kem.c +++ b/crypto_kem/hqc-256/clean/kem.c @@ -131,9 +131,9 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char * sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQC256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQC256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQC256_CLEAN_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQC256_CLEAN_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQC256_CLEAN_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-256/clean/vector.c b/crypto_kem/hqc-256/clean/vector.c index 78f09737..2c08f50d 100644 --- a/crypto_kem/hqc-256/clean/vector.c +++ b/crypto_kem/hqc-256/clean/vector.c @@ -178,8 +178,13 @@ void PQCLEAN_HQC256_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64 * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQC256_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - return memcmp(v1, v2, size); +uint8_t PQCLEAN_HQC256_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; + } + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-256/clean/vector.h b/crypto_kem/hqc-256/clean/vector.h index 257525ec..9e417907 100644 --- a/crypto_kem/hqc-256/clean/vector.h +++ b/crypto_kem/hqc-256/clean/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQC256_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v); void PQCLEAN_HQC256_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQC256_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQC256_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQC256_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-rmrs-128/avx2/kem.c b/crypto_kem/hqc-rmrs-128/avx2/kem.c index bdde55b0..29d3feff 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/kem.c +++ b/crypto_kem/hqc-rmrs-128/avx2/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQCRMRS128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQCRMRS128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQCRMRS128_AVX2_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS128_AVX2_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS128_AVX2_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-rmrs-128/avx2/vector.c b/crypto_kem/hqc-rmrs-128/avx2/vector.c index ccb1b75a..66f239d4 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/vector.c +++ b/crypto_kem/hqc-rmrs-128/avx2/vector.c @@ -146,17 +146,18 @@ void PQCLEAN_HQCRMRS128_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uin * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQCRMRS128_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - unsigned char diff = 0; - - for (uint32_t i = 0; i < size; i++) { - diff |= ((uint8_t *) v1)[i] ^ ((uint8_t *) v2)[i]; +uint8_t PQCLEAN_HQCRMRS128_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; } - return diff != 0; + r = (-r) >> 63; + return (uint8_t) r; } + /** * @brief Resize a vector so that it contains size_o bits * diff --git a/crypto_kem/hqc-rmrs-128/avx2/vector.h b/crypto_kem/hqc-rmrs-128/avx2/vector.h index c929fcd7..06ca86b2 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/vector.h +++ b/crypto_kem/hqc-rmrs-128/avx2/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQCRMRS128_AVX2_vect_set_random_from_randombytes(uint64_t *v); void PQCLEAN_HQCRMRS128_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQCRMRS128_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQCRMRS128_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQCRMRS128_AVX2_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-rmrs-128/clean/kem.c b/crypto_kem/hqc-rmrs-128/clean/kem.c index d92d7bc7..dd49c3a6 100644 --- a/crypto_kem/hqc-rmrs-128/clean/kem.c +++ b/crypto_kem/hqc-rmrs-128/clean/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQCRMRS128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQCRMRS128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQCRMRS128_CLEAN_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS128_CLEAN_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS128_CLEAN_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-rmrs-128/clean/vector.c b/crypto_kem/hqc-rmrs-128/clean/vector.c index 651dbc88..bbe402c9 100644 --- a/crypto_kem/hqc-rmrs-128/clean/vector.c +++ b/crypto_kem/hqc-rmrs-128/clean/vector.c @@ -178,8 +178,13 @@ void PQCLEAN_HQCRMRS128_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const ui * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQCRMRS128_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - return memcmp(v1, v2, size); +uint8_t PQCLEAN_HQCRMRS128_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; + } + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-rmrs-128/clean/vector.h b/crypto_kem/hqc-rmrs-128/clean/vector.h index 406dc220..bff96e58 100644 --- a/crypto_kem/hqc-rmrs-128/clean/vector.h +++ b/crypto_kem/hqc-rmrs-128/clean/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQCRMRS128_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v); void PQCLEAN_HQCRMRS128_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQCRMRS128_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQCRMRS128_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQCRMRS128_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-rmrs-192/avx2/kem.c b/crypto_kem/hqc-rmrs-192/avx2/kem.c index b216d1bc..e0855f56 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/kem.c +++ b/crypto_kem/hqc-rmrs-192/avx2/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQCRMRS192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQCRMRS192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQCRMRS192_AVX2_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS192_AVX2_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS192_AVX2_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-rmrs-192/avx2/vector.c b/crypto_kem/hqc-rmrs-192/avx2/vector.c index 38bbd51c..d43b4f7b 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/vector.c +++ b/crypto_kem/hqc-rmrs-192/avx2/vector.c @@ -146,17 +146,18 @@ void PQCLEAN_HQCRMRS192_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uin * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQCRMRS192_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - unsigned char diff = 0; - - for (uint32_t i = 0; i < size; i++) { - diff |= ((uint8_t *) v1)[i] ^ ((uint8_t *) v2)[i]; +uint8_t PQCLEAN_HQCRMRS192_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; } - return diff != 0; + r = (-r) >> 63; + return (uint8_t) r; } + /** * @brief Resize a vector so that it contains size_o bits * diff --git a/crypto_kem/hqc-rmrs-192/avx2/vector.h b/crypto_kem/hqc-rmrs-192/avx2/vector.h index 6d217dce..36ef86d7 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/vector.h +++ b/crypto_kem/hqc-rmrs-192/avx2/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQCRMRS192_AVX2_vect_set_random_from_randombytes(uint64_t *v); void PQCLEAN_HQCRMRS192_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQCRMRS192_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQCRMRS192_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQCRMRS192_AVX2_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-rmrs-192/clean/kem.c b/crypto_kem/hqc-rmrs-192/clean/kem.c index 8af76320..10f2f9a0 100644 --- a/crypto_kem/hqc-rmrs-192/clean/kem.c +++ b/crypto_kem/hqc-rmrs-192/clean/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQCRMRS192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQCRMRS192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQCRMRS192_CLEAN_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS192_CLEAN_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS192_CLEAN_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-rmrs-192/clean/vector.c b/crypto_kem/hqc-rmrs-192/clean/vector.c index 27f37662..364dfa49 100644 --- a/crypto_kem/hqc-rmrs-192/clean/vector.c +++ b/crypto_kem/hqc-rmrs-192/clean/vector.c @@ -178,8 +178,13 @@ void PQCLEAN_HQCRMRS192_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const ui * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQCRMRS192_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - return memcmp(v1, v2, size); +uint8_t PQCLEAN_HQCRMRS192_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; + } + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-rmrs-192/clean/vector.h b/crypto_kem/hqc-rmrs-192/clean/vector.h index 93b80bf0..66320360 100644 --- a/crypto_kem/hqc-rmrs-192/clean/vector.h +++ b/crypto_kem/hqc-rmrs-192/clean/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQCRMRS192_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v); void PQCLEAN_HQCRMRS192_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQCRMRS192_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQCRMRS192_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQCRMRS192_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-rmrs-256/avx2/kem.c b/crypto_kem/hqc-rmrs-256/avx2/kem.c index 02403028..6e19f212 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/kem.c +++ b/crypto_kem/hqc-rmrs-256/avx2/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQCRMRS256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQCRMRS256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQCRMRS256_AVX2_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS256_AVX2_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS256_AVX2_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-rmrs-256/avx2/vector.c b/crypto_kem/hqc-rmrs-256/avx2/vector.c index 9728d063..543d3060 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/vector.c +++ b/crypto_kem/hqc-rmrs-256/avx2/vector.c @@ -146,17 +146,18 @@ void PQCLEAN_HQCRMRS256_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uin * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQCRMRS256_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - unsigned char diff = 0; - - for (uint32_t i = 0; i < size; i++) { - diff |= ((uint8_t *) v1)[i] ^ ((uint8_t *) v2)[i]; +uint8_t PQCLEAN_HQCRMRS256_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; } - return diff != 0; + r = (-r) >> 63; + return (uint8_t) r; } + /** * @brief Resize a vector so that it contains size_o bits * diff --git a/crypto_kem/hqc-rmrs-256/avx2/vector.h b/crypto_kem/hqc-rmrs-256/avx2/vector.h index e58903c9..11f3212d 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/vector.h +++ b/crypto_kem/hqc-rmrs-256/avx2/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQCRMRS256_AVX2_vect_set_random_from_randombytes(uint64_t *v); void PQCLEAN_HQCRMRS256_AVX2_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQCRMRS256_AVX2_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQCRMRS256_AVX2_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQCRMRS256_AVX2_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v); diff --git a/crypto_kem/hqc-rmrs-256/clean/kem.c b/crypto_kem/hqc-rmrs-256/clean/kem.c index 4f857d87..3320be82 100644 --- a/crypto_kem/hqc-rmrs-256/clean/kem.c +++ b/crypto_kem/hqc-rmrs-256/clean/kem.c @@ -127,9 +127,9 @@ int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' - result = PQCLEAN_HQCRMRS256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES); - result |= PQCLEAN_HQCRMRS256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES); - result |= memcmp(d, d2, SHA512_BYTES); + result = PQCLEAN_HQCRMRS256_CLEAN_vect_compare((uint8_t *)u, (uint8_t *)u2, VEC_N_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS256_CLEAN_vect_compare((uint8_t *)v, (uint8_t *)v2, VEC_N1N2_SIZE_BYTES); + result |= PQCLEAN_HQCRMRS256_CLEAN_vect_compare(d, d2, SHA512_BYTES); result = (uint8_t) (-((int16_t) result) >> 15); for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) { ss[i] &= ~result; diff --git a/crypto_kem/hqc-rmrs-256/clean/vector.c b/crypto_kem/hqc-rmrs-256/clean/vector.c index 3d48e793..3eacead2 100644 --- a/crypto_kem/hqc-rmrs-256/clean/vector.c +++ b/crypto_kem/hqc-rmrs-256/clean/vector.c @@ -178,8 +178,13 @@ void PQCLEAN_HQCRMRS256_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const ui * @param[in] size Integer that is the size of the vectors * @returns 0 if the vectors are equals and a negative/psotive value otherwise */ -int PQCLEAN_HQCRMRS256_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size) { - return memcmp(v1, v2, size); +uint8_t PQCLEAN_HQCRMRS256_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size) { + uint64_t r = 0; + for (size_t i = 0; i < size; i++) { + r |= v1[i] ^ v2[i]; + } + r = (-r) >> 63; + return (uint8_t) r; } diff --git a/crypto_kem/hqc-rmrs-256/clean/vector.h b/crypto_kem/hqc-rmrs-256/clean/vector.h index 73fc521f..f2c7c167 100644 --- a/crypto_kem/hqc-rmrs-256/clean/vector.h +++ b/crypto_kem/hqc-rmrs-256/clean/vector.h @@ -21,7 +21,7 @@ void PQCLEAN_HQCRMRS256_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v); void PQCLEAN_HQCRMRS256_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size); -int PQCLEAN_HQCRMRS256_CLEAN_vect_compare(const uint64_t *v1, const uint64_t *v2, uint32_t size); +uint8_t PQCLEAN_HQCRMRS256_CLEAN_vect_compare(const uint8_t *v1, const uint8_t *v2, uint32_t size); void PQCLEAN_HQCRMRS256_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64_t *v, uint32_t size_v);