From 720fe60ace7c26de4fcaa1b0fe5b04a46e507e8f Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Mon, 14 Sep 2020 10:33:13 -0400 Subject: [PATCH 01/13] Add test/test_boolean.py --- test/test_boolean.py | 103 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 test/test_boolean.py diff --git a/test/test_boolean.py b/test/test_boolean.py new file mode 100644 index 00000000..7e5402be --- /dev/null +++ b/test/test_boolean.py @@ -0,0 +1,103 @@ + +""" +Checks that the implementation does not make use of boolean operations (==, <=, !, etc) +in assignments or function calls. +""" + +import os + +import pytest + +import helpers +import pqclean +import pycparser + + +def setup_module(): + if not(os.path.exists(os.path.join('pycparser', '.git'))): + print("Please run `git submodule update --init`") + + +class ForbiddenLineVisitor(pycparser.c_ast.NodeVisitor): + def __init__(self): + self.errors = [] + + def visit_Assignment(self, node): + v = ForbiddenOpVisitor(); + v.visit(node.rvalue) + self.errors.extend(v.errors) + + def visit_FuncCall(self, node): + if node.args: + v = ForbiddenOpVisitor(); + v.visit(node.args) + self.errors.extend(v.errors) + +class ForbiddenOpVisitor(pycparser.c_ast.NodeVisitor): + def __init__(self): + self.errors = [] + + def visit_BinaryOp(self, node): + v = ForbiddenOpVisitor(); + v.visit(node.left) + self.errors.extend(v.errors) + if node.op in ['<', '<=', '>', '>=', '==', '!=', '&&', '||']: + err = "\n {} at {c.file}:{c.line}:{c.column}".format(node.op, c=node.coord) + self.errors.append(err) + v = ForbiddenOpVisitor(); + v.visit(node.right) + self.errors.extend(v.errors) + + def visit_UnaryOp(self, node): + if node.op == '!': + err = "\n {} at {c.file}:{c.line}:{c.column}".format(node.op, c=node.coord) + self.errors.append(err) + v = ForbiddenOpVisitor(); + v.visit(node.expr) + self.errors.extend(v.errors) + + def visit_TernaryOp(self, node): + err = "\n ternary operator at {c.file}:{c.line}:{c.column}".format(c=node.coord) + self.errors.append(err) + + +@pytest.mark.parametrize( + 'implementation', + pqclean.Scheme.all_implementations(), + ids=str, +) +@helpers.skip_windows() +@helpers.filtered_test +def test_boolean(implementation): + errors = [] + for fname in os.listdir(implementation.path()): + if not fname.endswith(".c"): + continue + tdir, _ = os.path.split(os.path.realpath(__file__)) + ast = pycparser.parse_file( + os.path.join(implementation.path(), fname), + use_cpp=True, + cpp_path='cc', # not all platforms link cpp correctly; cc -E works + cpp_args=[ + '-E', + '-std=c99', + '-nostdinc', # pycparser cannot deal with e.g. __attribute__ + '-I{}'.format(os.path.join(tdir, "../common")), + # necessary to mock e.g. + '-I{}'.format( + os.path.join(tdir, 'pycparser/utils/fake_libc_include')), + ] + ) + v = ForbiddenLineVisitor() + v.visit(ast) + errors.extend(v.errors) + if errors: + raise AssertionError( + "Prohibited use of boolean operations in assignment or function call" + + "".join(errors) + ) + + +if __name__ == "__main__": + import sys + pytest.main(sys.argv) From 8ec84d0c3a9ab35a52e0e4198e6ec1411caccb41 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Mon, 14 Sep 2020 17:24:37 -0400 Subject: [PATCH 02/13] inspect initializations --- test/test_boolean.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/test_boolean.py b/test/test_boolean.py index 7e5402be..deb07703 100644 --- a/test/test_boolean.py +++ b/test/test_boolean.py @@ -27,6 +27,12 @@ class ForbiddenLineVisitor(pycparser.c_ast.NodeVisitor): v.visit(node.rvalue) self.errors.extend(v.errors) + def visit_Decl(self, node): + if node.init: + v = ForbiddenOpVisitor(); + v.visit(node.init) + self.errors.extend(v.errors) + def visit_FuncCall(self, node): if node.args: v = ForbiddenOpVisitor(); From 938a5dcd5dd1c9210cb221181038f73fa9e2400f Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Tue, 15 Sep 2020 12:24:07 -0400 Subject: [PATCH 03/13] mceliece, ntru, ntruprime: satisfy test_boolean (in int32_sort)" --- crypto_kem/mceliece348864/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece348864f/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece460896/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece460896f/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece6688128/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece6688128f/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece6960119/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece6960119f/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece8192128/avx/int32_sort.c | 5 +++-- crypto_kem/mceliece8192128f/avx/int32_sort.c | 5 +++-- crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.c | 11 +++++++---- crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.h | 3 +-- crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.c | 11 +++++++---- crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.h | 3 +-- crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.c | 11 +++++++---- crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.h | 3 +-- crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c | 5 +++-- crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c | 5 +++-- crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c | 5 +++-- crypto_kem/sntrup653/avx2/crypto_sort_int32.c | 5 +++-- crypto_kem/sntrup761/avx2/crypto_sort_int32.c | 5 +++-- crypto_kem/sntrup857/avx2/crypto_sort_int32.c | 5 +++-- 22 files changed, 72 insertions(+), 50 deletions(-) diff --git a/crypto_kem/mceliece348864/avx/int32_sort.c b/crypto_kem/mceliece348864/avx/int32_sort.c index daf93da4..54295975 100644 --- a/crypto_kem/mceliece348864/avx/int32_sort.c +++ b/crypto_kem/mceliece348864/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece348864f/avx/int32_sort.c b/crypto_kem/mceliece348864f/avx/int32_sort.c index 4284a598..a282f5c2 100644 --- a/crypto_kem/mceliece348864f/avx/int32_sort.c +++ b/crypto_kem/mceliece348864f/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece460896/avx/int32_sort.c b/crypto_kem/mceliece460896/avx/int32_sort.c index d9577389..cdddf86a 100644 --- a/crypto_kem/mceliece460896/avx/int32_sort.c +++ b/crypto_kem/mceliece460896/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece460896f/avx/int32_sort.c b/crypto_kem/mceliece460896f/avx/int32_sort.c index f88bfc74..cc7e347a 100644 --- a/crypto_kem/mceliece460896f/avx/int32_sort.c +++ b/crypto_kem/mceliece460896f/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece6688128/avx/int32_sort.c b/crypto_kem/mceliece6688128/avx/int32_sort.c index 4421fdf1..da5f0e57 100644 --- a/crypto_kem/mceliece6688128/avx/int32_sort.c +++ b/crypto_kem/mceliece6688128/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece6688128f/avx/int32_sort.c b/crypto_kem/mceliece6688128f/avx/int32_sort.c index 4be2b525..02bf18bb 100644 --- a/crypto_kem/mceliece6688128f/avx/int32_sort.c +++ b/crypto_kem/mceliece6688128f/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece6960119/avx/int32_sort.c b/crypto_kem/mceliece6960119/avx/int32_sort.c index 39785008..270ba5b6 100644 --- a/crypto_kem/mceliece6960119/avx/int32_sort.c +++ b/crypto_kem/mceliece6960119/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece6960119f/avx/int32_sort.c b/crypto_kem/mceliece6960119f/avx/int32_sort.c index 9c38802a..fdfc419d 100644 --- a/crypto_kem/mceliece6960119f/avx/int32_sort.c +++ b/crypto_kem/mceliece6960119f/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece8192128/avx/int32_sort.c b/crypto_kem/mceliece8192128/avx/int32_sort.c index a7eca2ba..145dfa8e 100644 --- a/crypto_kem/mceliece8192128/avx/int32_sort.c +++ b/crypto_kem/mceliece8192128/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece8192128f/avx/int32_sort.c b/crypto_kem/mceliece8192128f/avx/int32_sort.c index d18b3a73..e5942540 100644 --- a/crypto_kem/mceliece8192128f/avx/int32_sort.c +++ b/crypto_kem/mceliece8192128f/avx/int32_sort.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.c b/crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.c index 12c5ea15..cef509b6 100644 --- a/crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.c @@ -1,8 +1,8 @@ +#include "crypto_sort_int32.h" +#include // Based on supercop-20200820/crypto_sort/int32/avx2 -#include "crypto_sort_int32.h" -#include #define int32 int32_t typedef __m256i int32x8; @@ -469,8 +469,11 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.h b/crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.h index 5a121e16..fdc31858 100644 --- a/crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.h +++ b/crypto_kem/ntruhps2048509/avx2/crypto_sort_int32.h @@ -1,11 +1,10 @@ #ifndef CRYPTO_SORT #define CRYPTO_SORT - #include "params.h" - #include #include + void PQCLEAN_NTRUHPS2048509_AVX2_crypto_sort_int32(int32_t *x, size_t n); #endif diff --git a/crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.c b/crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.c index e9a81a7f..874b4cd7 100644 --- a/crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.c @@ -1,8 +1,8 @@ +#include "crypto_sort_int32.h" +#include // Based on supercop-20200820/crypto_sort/int32/avx2 -#include "crypto_sort_int32.h" -#include #define int32 int32_t typedef __m256i int32x8; @@ -469,8 +469,11 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.h b/crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.h index 12f221b0..84d40c07 100644 --- a/crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.h +++ b/crypto_kem/ntruhps2048677/avx2/crypto_sort_int32.h @@ -1,11 +1,10 @@ #ifndef CRYPTO_SORT #define CRYPTO_SORT - #include "params.h" - #include #include + void PQCLEAN_NTRUHPS2048677_AVX2_crypto_sort_int32(int32_t *x, size_t n); #endif diff --git a/crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.c b/crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.c index 47b06efd..d4c16d25 100644 --- a/crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.c @@ -1,8 +1,8 @@ +#include "crypto_sort_int32.h" +#include // Based on supercop-20200820/crypto_sort/int32/avx2 -#include "crypto_sort_int32.h" -#include #define int32 int32_t typedef __m256i int32x8; @@ -469,8 +469,11 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.h b/crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.h index 63d91ade..209e2188 100644 --- a/crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.h +++ b/crypto_kem/ntruhps4096821/avx2/crypto_sort_int32.h @@ -1,11 +1,10 @@ #ifndef CRYPTO_SORT #define CRYPTO_SORT - #include "params.h" - #include #include + void PQCLEAN_NTRUHPS4096821_AVX2_crypto_sort_int32(int32_t *x, size_t n); #endif diff --git a/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c index 9a3a3bf6..f54b8934 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c index 4b4e018c..bcac3bb9 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c index 3f87a657..d6563d78 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/sntrup653/avx2/crypto_sort_int32.c b/crypto_kem/sntrup653/avx2/crypto_sort_int32.c index c0927747..de880bf7 100644 --- a/crypto_kem/sntrup653/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup653/avx2/crypto_sort_int32.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/sntrup761/avx2/crypto_sort_int32.c b/crypto_kem/sntrup761/avx2/crypto_sort_int32.c index ffe126ea..9c3b88c3 100644 --- a/crypto_kem/sntrup761/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup761/avx2/crypto_sort_int32.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/sntrup857/avx2/crypto_sort_int32.c b/crypto_kem/sntrup857/avx2/crypto_sort_int32.c index a086fc93..6879a1d3 100644 --- a/crypto_kem/sntrup857/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup857/avx2/crypto_sort_int32.c @@ -462,8 +462,9 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { } q = n >> 3; - flip = (p << 1 == q); - flipflip = !flip; + flip = 0; + if (p << 1 == q) flip = 1; + flipflip = 1-flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { From 83613a5978f714851d6b5166f3dec1513c97285d Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Tue, 15 Sep 2020 12:27:00 -0400 Subject: [PATCH 04/13] rainbow: satisfy test_boolean --- crypto_sign/rainbowIIIc-classic/clean/blas_comm.c | 2 +- crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c | 2 +- crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c | 2 +- crypto_sign/rainbowIa-classic/clean/blas_comm.c | 2 +- crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c | 2 +- crypto_sign/rainbowIa-cyclic/clean/blas_comm.c | 2 +- crypto_sign/rainbowVc-classic/clean/blas_comm.c | 2 +- crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c | 2 +- crypto_sign/rainbowVc-cyclic/clean/blas_comm.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c index ad2b31ff..5d5c5b36 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c index 83fbfc61..7bb0b688 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c index 14457694..45ef8e66 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index b2193b63..b9b38a4c 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1-PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c index 0bbc845e..feebd56c 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + offset_byte, 1-PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index 49a6f630..e79fa489 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1-PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.c b/crypto_sign/rainbowVc-classic/clean/blas_comm.c index 2242e16b..e0ce9e4f 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c index 0d3fd44b..ae0afda3 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c index 1dd6e4ea..bde4f8cb 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; From a59cf4cba7b469d52b3afab743ffe77b14b15bee Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Tue, 15 Sep 2020 12:42:47 -0400 Subject: [PATCH 05/13] frodo: satisfy test_boolean --- crypto_kem/frodokem1344aes/clean/util.c | 5 ++++- crypto_kem/frodokem1344aes/opt/util.c | 5 ++++- crypto_kem/frodokem1344shake/clean/util.c | 5 ++++- crypto_kem/frodokem1344shake/opt/util.c | 5 ++++- crypto_kem/frodokem640aes/clean/util.c | 5 ++++- crypto_kem/frodokem640aes/opt/util.c | 5 ++++- crypto_kem/frodokem640shake/clean/util.c | 5 ++++- crypto_kem/frodokem640shake/opt/util.c | 5 ++++- crypto_kem/frodokem976aes/clean/util.c | 5 ++++- crypto_kem/frodokem976aes/opt/util.c | 5 ++++- crypto_kem/frodokem976shake/clean/util.c | 5 ++++- crypto_kem/frodokem976shake/opt/util.c | 5 ++++- 12 files changed, 48 insertions(+), 12 deletions(-) diff --git a/crypto_kem/frodokem1344aes/clean/util.c b/crypto_kem/frodokem1344aes/clean/util.c index be4e2d3e..a64b32d6 100644 --- a/crypto_kem/frodokem1344aes/clean/util.c +++ b/crypto_kem/frodokem1344aes/clean/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM1344AES_CLEAN_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem1344aes/opt/util.c b/crypto_kem/frodokem1344aes/opt/util.c index d2dbb565..7a0bb5fe 100644 --- a/crypto_kem/frodokem1344aes/opt/util.c +++ b/crypto_kem/frodokem1344aes/opt/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM1344AES_OPT_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem1344shake/clean/util.c b/crypto_kem/frodokem1344shake/clean/util.c index 189ea752..e0d9a24a 100644 --- a/crypto_kem/frodokem1344shake/clean/util.c +++ b/crypto_kem/frodokem1344shake/clean/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem1344shake/opt/util.c b/crypto_kem/frodokem1344shake/opt/util.c index 220bfae5..021f76a0 100644 --- a/crypto_kem/frodokem1344shake/opt/util.c +++ b/crypto_kem/frodokem1344shake/opt/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem640aes/clean/util.c b/crypto_kem/frodokem640aes/clean/util.c index d0218113..a31a9cf8 100644 --- a/crypto_kem/frodokem640aes/clean/util.c +++ b/crypto_kem/frodokem640aes/clean/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM640AES_CLEAN_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem640aes/opt/util.c b/crypto_kem/frodokem640aes/opt/util.c index b43d9f84..79b98c5e 100644 --- a/crypto_kem/frodokem640aes/opt/util.c +++ b/crypto_kem/frodokem640aes/opt/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM640AES_OPT_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem640shake/clean/util.c b/crypto_kem/frodokem640shake/clean/util.c index 31e1b155..23e10e90 100644 --- a/crypto_kem/frodokem640shake/clean/util.c +++ b/crypto_kem/frodokem640shake/clean/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem640shake/opt/util.c b/crypto_kem/frodokem640shake/opt/util.c index 6cbe46b0..328af730 100644 --- a/crypto_kem/frodokem640shake/opt/util.c +++ b/crypto_kem/frodokem640shake/opt/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem976aes/clean/util.c b/crypto_kem/frodokem976aes/clean/util.c index dda97621..388aac89 100644 --- a/crypto_kem/frodokem976aes/clean/util.c +++ b/crypto_kem/frodokem976aes/clean/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM976AES_CLEAN_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem976aes/opt/util.c b/crypto_kem/frodokem976aes/opt/util.c index 67019878..cad5636c 100644 --- a/crypto_kem/frodokem976aes/opt/util.c +++ b/crypto_kem/frodokem976aes/opt/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM976AES_OPT_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem976shake/clean/util.c b/crypto_kem/frodokem976shake/clean/util.c index b8246b87..4f2b0bf2 100644 --- a/crypto_kem/frodokem976shake/clean/util.c +++ b/crypto_kem/frodokem976shake/clean/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); diff --git a/crypto_kem/frodokem976shake/opt/util.c b/crypto_kem/frodokem976shake/opt/util.c index 0ae983c1..4bd77615 100644 --- a/crypto_kem/frodokem976shake/opt/util.c +++ b/crypto_kem/frodokem976shake/opt/util.c @@ -11,7 +11,10 @@ #include "common.h" #include "params.h" -#define min(x, y) (((x) < (y)) ? (x) : (y)) +static inline uint8_t min(uint8_t x, uint8_t y) { + if (x < y) return x; + return y; +} uint16_t PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(uint16_t n) { return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8)); From 121258e054a7a48285d885ad3a892dec2795d05f Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Tue, 15 Sep 2020 12:50:49 -0400 Subject: [PATCH 06/13] sphincs: satisfy test_boolean --- crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c | 4 +++- crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c | 4 +++- 12 files changed, 36 insertions(+), 12 deletions(-) diff --git a/crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c index 9c1fd6c5..9fb6aa53 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256128FROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c index 1e34b5f2..d8af492c 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256128FSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c index 4d43b57a..31a22283 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256128SROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c index 7fe73516..1f1500c7 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256128SSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c index 76fc9014..50e42a56 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256192FROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c index aedfd893..97e8f442 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256192FSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c index a4807e94..2235dc7b 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256192SROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c index 201346dc..237e8aeb 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256192SSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c index df93c559..13aad2d8 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256256FROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c index da2ad9a4..ef988608 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c index c02ce1e1..fbdce7e8 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256256SROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c index 7f0972bc..73eb3471 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c @@ -63,9 +63,11 @@ void PQCLEAN_SPHINCSSHA256256SSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, const unsigned char *d7, unsigned long long len) { unsigned long long i = 0; + unsigned long long bytes_to_copy; while (i < len) { - unsigned long long bytes_to_copy = (len - i) > 64 ? 64 : (len - i); + bytes_to_copy = len - i; + if (bytes_to_copy > 64) bytes_to_copy = 64; memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); From d708e6163a4ff5893d1e121ff04854a99e66baf1 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Tue, 15 Sep 2020 13:32:02 -0400 Subject: [PATCH 07/13] falcon: satisfy test_boolean --- crypto_sign/falcon-1024/clean/codec.c | 3 ++- crypto_sign/falcon-1024/clean/fpr.h | 4 ++-- crypto_sign/falcon-1024/clean/keygen.c | 30 ++++++++++++++++++++------ crypto_sign/falcon-1024/clean/sign.c | 16 ++++++++------ crypto_sign/falcon-512/clean/codec.c | 3 ++- crypto_sign/falcon-512/clean/fpr.h | 4 ++-- crypto_sign/falcon-512/clean/keygen.c | 30 ++++++++++++++++++++------ crypto_sign/falcon-512/clean/sign.c | 16 ++++++++------ 8 files changed, 74 insertions(+), 32 deletions(-) diff --git a/crypto_sign/falcon-1024/clean/codec.c b/crypto_sign/falcon-1024/clean/codec.c index d9f5de74..9c7754d5 100644 --- a/crypto_sign/falcon-1024/clean/codec.c +++ b/crypto_sign/falcon-1024/clean/codec.c @@ -443,7 +443,8 @@ PQCLEAN_FALCON1024_CLEAN_comp_decode( return 0; } } - x[u] = (int16_t)(s ? -(int)m : (int)m); + x[u] = (int16_t) m; + if (s) x[u] = -x[u]; } return v; } diff --git a/crypto_sign/falcon-1024/clean/fpr.h b/crypto_sign/falcon-1024/clean/fpr.h index c3103dc1..b6f3908f 100644 --- a/crypto_sign/falcon-1024/clean/fpr.h +++ b/crypto_sign/falcon-1024/clean/fpr.h @@ -436,8 +436,8 @@ fpr_lt(fpr x, fpr y) { */ int cc0, cc1; - cc0 = *(int64_t *)&x < *(int64_t *)&y; - cc1 = *(int64_t *)&x > *(int64_t *)&y; + cc0 = ((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; + cc1 = ((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } diff --git a/crypto_sign/falcon-1024/clean/keygen.c b/crypto_sign/falcon-1024/clean/keygen.c index a7246b78..00a9be7e 100644 --- a/crypto_sign/falcon-1024/clean/keygen.c +++ b/crypto_sign/falcon-1024/clean/keygen.c @@ -1902,7 +1902,11 @@ zint_add_scaled_mul_small(uint32_t *x, size_t xlen, * Get the next word of y (scaled). */ v = u - sch; - wy = v < ylen ? y[v] : ysign; + if (v < ylen) { + wy = y[v]; + } else { + wy = ysign; + } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -1960,7 +1964,11 @@ zint_sub_scaled(uint32_t *x, size_t xlen, * Get the next word of y (scaled). */ v = u - sch; - wy = v < ylen ? y[v] : ysign; + if (v < ylen) { + wy = y[v]; + } else { + wy = ysign; + } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -2648,10 +2656,16 @@ make_fg(uint32_t *data, const int8_t *f, const int8_t *g, return; } - for (d = 0; d < depth; d ++) { - make_fg_step(data, logn - d, d, - d != 0, (d + 1) < depth || out_ntt); + if (depth == 0) return; + if (depth == 1) { + make_fg_step(data, logn, 0, 0, out_ntt); + return; } + make_fg_step(data, logn, 0, 0, 1); + for (d = 1; d+1 < depth; d ++) { + make_fg_step(data, logn - d, d, 1, 1); + } + make_fg_step(data, logn-depth+1, depth-1, 1, out_ntt); } /* @@ -3028,7 +3042,8 @@ solve_NTRU_intermediate(unsigned logn_top, * computed so that average maximum length will fall in the * middle or the upper half of these top 10 words. */ - rlen = (slen > 10) ? 10 : slen; + rlen = slen; + if (rlen > 10) rlen = 10; poly_big_to_fp(rt3, ft + slen - rlen, rlen, slen, logn); poly_big_to_fp(rt4, gt + slen - rlen, rlen, slen, logn); @@ -3102,7 +3117,8 @@ solve_NTRU_intermediate(unsigned logn_top, * Convert current F and G into floating-point. We apply * scaling if the current length is more than 10 words. */ - rlen = (FGlen > 10) ? 10 : FGlen; + rlen = FGlen; + if (rlen > 10) rlen = 10; scale_FG = 31 * (int)(FGlen - rlen); poly_big_to_fp(rt1, Ft + FGlen - rlen, rlen, llen, logn); poly_big_to_fp(rt2, Gt + FGlen - rlen, rlen, llen, logn); diff --git a/crypto_sign/falcon-1024/clean/sign.c b/crypto_sign/falcon-1024/clean/sign.c index 10101a68..8baec84e 100644 --- a/crypto_sign/falcon-1024/clean/sign.c +++ b/crypto_sign/falcon-1024/clean/sign.c @@ -1189,9 +1189,11 @@ PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, inner_shake256_context *rng, * Normal sampling. We use a fast PRNG seeded from our * SHAKE context ('rng'). */ - spc.sigma_min = (logn == 10) - ? fpr_sigma_min_10 - : fpr_sigma_min_9; + if (logn == 10) { + spc.sigma_min = fpr_sigma_min_10; + } else { + spc.sigma_min = fpr_sigma_min_9; + } PQCLEAN_FALCON1024_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON1024_CLEAN_sampler; samp_ctx = &spc; @@ -1234,9 +1236,11 @@ PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, inner_shake256_context *rng, * Normal sampling. We use a fast PRNG seeded from our * SHAKE context ('rng'). */ - spc.sigma_min = (logn == 10) - ? fpr_sigma_min_10 - : fpr_sigma_min_9; + if (logn == 10) { + spc.sigma_min = fpr_sigma_min_10; + } else { + spc.sigma_min = fpr_sigma_min_9; + } PQCLEAN_FALCON1024_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON1024_CLEAN_sampler; samp_ctx = &spc; diff --git a/crypto_sign/falcon-512/clean/codec.c b/crypto_sign/falcon-512/clean/codec.c index dda9c975..9c626e4e 100644 --- a/crypto_sign/falcon-512/clean/codec.c +++ b/crypto_sign/falcon-512/clean/codec.c @@ -443,7 +443,8 @@ PQCLEAN_FALCON512_CLEAN_comp_decode( return 0; } } - x[u] = (int16_t)(s ? -(int)m : (int)m); + x[u] = (int16_t) m; + if (s) x[u] = -x[u]; } return v; } diff --git a/crypto_sign/falcon-512/clean/fpr.h b/crypto_sign/falcon-512/clean/fpr.h index f29e55f3..abf8cd34 100644 --- a/crypto_sign/falcon-512/clean/fpr.h +++ b/crypto_sign/falcon-512/clean/fpr.h @@ -436,8 +436,8 @@ fpr_lt(fpr x, fpr y) { */ int cc0, cc1; - cc0 = *(int64_t *)&x < *(int64_t *)&y; - cc1 = *(int64_t *)&x > *(int64_t *)&y; + cc0 = ((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; + cc1 = ((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } diff --git a/crypto_sign/falcon-512/clean/keygen.c b/crypto_sign/falcon-512/clean/keygen.c index 8ee73151..cfe59119 100644 --- a/crypto_sign/falcon-512/clean/keygen.c +++ b/crypto_sign/falcon-512/clean/keygen.c @@ -1902,7 +1902,11 @@ zint_add_scaled_mul_small(uint32_t *x, size_t xlen, * Get the next word of y (scaled). */ v = u - sch; - wy = v < ylen ? y[v] : ysign; + if (v < ylen) { + wy = y[v]; + } else { + wy = ysign; + } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -1960,7 +1964,11 @@ zint_sub_scaled(uint32_t *x, size_t xlen, * Get the next word of y (scaled). */ v = u - sch; - wy = v < ylen ? y[v] : ysign; + if (v < ylen) { + wy = y[v]; + } else { + wy = ysign; + } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -2648,10 +2656,16 @@ make_fg(uint32_t *data, const int8_t *f, const int8_t *g, return; } - for (d = 0; d < depth; d ++) { - make_fg_step(data, logn - d, d, - d != 0, (d + 1) < depth || out_ntt); + if (depth == 0) return; + if (depth == 1) { + make_fg_step(data, logn, 0, 0, out_ntt); + return; } + make_fg_step(data, logn, 0, 0, 1); + for (d = 1; d+1 < depth; d ++) { + make_fg_step(data, logn - d, d, 1, 1); + } + make_fg_step(data, logn-depth+1, depth-1, 1, out_ntt); } /* @@ -3028,7 +3042,8 @@ solve_NTRU_intermediate(unsigned logn_top, * computed so that average maximum length will fall in the * middle or the upper half of these top 10 words. */ - rlen = (slen > 10) ? 10 : slen; + rlen = slen; + if (rlen > 10) rlen = 10; poly_big_to_fp(rt3, ft + slen - rlen, rlen, slen, logn); poly_big_to_fp(rt4, gt + slen - rlen, rlen, slen, logn); @@ -3102,7 +3117,8 @@ solve_NTRU_intermediate(unsigned logn_top, * Convert current F and G into floating-point. We apply * scaling if the current length is more than 10 words. */ - rlen = (FGlen > 10) ? 10 : FGlen; + rlen = FGlen; + if (rlen > 10) rlen = 10; scale_FG = 31 * (int)(FGlen - rlen); poly_big_to_fp(rt1, Ft + FGlen - rlen, rlen, llen, logn); poly_big_to_fp(rt2, Gt + FGlen - rlen, rlen, llen, logn); diff --git a/crypto_sign/falcon-512/clean/sign.c b/crypto_sign/falcon-512/clean/sign.c index f96ddfe2..ef0adea4 100644 --- a/crypto_sign/falcon-512/clean/sign.c +++ b/crypto_sign/falcon-512/clean/sign.c @@ -1189,9 +1189,11 @@ PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, inner_shake256_context *rng, * Normal sampling. We use a fast PRNG seeded from our * SHAKE context ('rng'). */ - spc.sigma_min = (logn == 10) - ? fpr_sigma_min_10 - : fpr_sigma_min_9; + if (logn == 10) { + spc.sigma_min = fpr_sigma_min_10; + } else { + spc.sigma_min = fpr_sigma_min_9; + } PQCLEAN_FALCON512_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON512_CLEAN_sampler; samp_ctx = &spc; @@ -1234,9 +1236,11 @@ PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, inner_shake256_context *rng, * Normal sampling. We use a fast PRNG seeded from our * SHAKE context ('rng'). */ - spc.sigma_min = (logn == 10) - ? fpr_sigma_min_10 - : fpr_sigma_min_9; + if (logn == 10) { + spc.sigma_min = fpr_sigma_min_10; + } else { + spc.sigma_min = fpr_sigma_min_9; + } PQCLEAN_FALCON512_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON512_CLEAN_sampler; samp_ctx = &spc; From 9064186cdbdc07e7810df73260cab473bf18a985 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Tue, 15 Sep 2020 17:23:57 -0400 Subject: [PATCH 08/13] astyle --- crypto_kem/frodokem1344aes/clean/util.c | 6 ++++-- crypto_kem/frodokem1344aes/opt/util.c | 6 ++++-- crypto_kem/frodokem1344shake/clean/util.c | 6 ++++-- crypto_kem/frodokem1344shake/opt/util.c | 6 ++++-- crypto_kem/frodokem640aes/clean/util.c | 6 ++++-- crypto_kem/frodokem640aes/opt/util.c | 6 ++++-- crypto_kem/frodokem640shake/clean/util.c | 6 ++++-- crypto_kem/frodokem640shake/opt/util.c | 6 ++++-- crypto_kem/frodokem976aes/clean/util.c | 6 ++++-- crypto_kem/frodokem976aes/opt/util.c | 6 ++++-- crypto_kem/frodokem976shake/clean/util.c | 6 ++++-- crypto_kem/frodokem976shake/opt/util.c | 6 ++++-- crypto_kem/mceliece348864/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece348864f/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece460896/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece460896f/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece6688128/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece6688128f/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece6960119/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece6960119f/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece8192128/avx/int32_sort.c | 6 ++++-- crypto_kem/mceliece8192128f/avx/int32_sort.c | 6 ++++-- crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c | 6 ++++-- crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c | 6 ++++-- crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c | 6 ++++-- crypto_kem/sntrup653/avx2/crypto_sort_int32.c | 6 ++++-- crypto_kem/sntrup761/avx2/crypto_sort_int32.c | 6 ++++-- crypto_kem/sntrup857/avx2/crypto_sort_int32.c | 6 ++++-- 28 files changed, 112 insertions(+), 56 deletions(-) diff --git a/crypto_kem/frodokem1344aes/clean/util.c b/crypto_kem/frodokem1344aes/clean/util.c index a64b32d6..ab565fca 100644 --- a/crypto_kem/frodokem1344aes/clean/util.c +++ b/crypto_kem/frodokem1344aes/clean/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM1344AES_CLEAN_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem1344aes/opt/util.c b/crypto_kem/frodokem1344aes/opt/util.c index 7a0bb5fe..9e617aa3 100644 --- a/crypto_kem/frodokem1344aes/opt/util.c +++ b/crypto_kem/frodokem1344aes/opt/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM1344AES_OPT_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem1344shake/clean/util.c b/crypto_kem/frodokem1344shake/clean/util.c index e0d9a24a..c8b24c85 100644 --- a/crypto_kem/frodokem1344shake/clean/util.c +++ b/crypto_kem/frodokem1344shake/clean/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem1344shake/opt/util.c b/crypto_kem/frodokem1344shake/opt/util.c index 021f76a0..6f6e8d66 100644 --- a/crypto_kem/frodokem1344shake/opt/util.c +++ b/crypto_kem/frodokem1344shake/opt/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem640aes/clean/util.c b/crypto_kem/frodokem640aes/clean/util.c index a31a9cf8..bdba92e0 100644 --- a/crypto_kem/frodokem640aes/clean/util.c +++ b/crypto_kem/frodokem640aes/clean/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM640AES_CLEAN_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem640aes/opt/util.c b/crypto_kem/frodokem640aes/opt/util.c index 79b98c5e..5cdd6ca3 100644 --- a/crypto_kem/frodokem640aes/opt/util.c +++ b/crypto_kem/frodokem640aes/opt/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM640AES_OPT_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem640shake/clean/util.c b/crypto_kem/frodokem640shake/clean/util.c index 23e10e90..ace911bd 100644 --- a/crypto_kem/frodokem640shake/clean/util.c +++ b/crypto_kem/frodokem640shake/clean/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem640shake/opt/util.c b/crypto_kem/frodokem640shake/opt/util.c index 328af730..1b3a5825 100644 --- a/crypto_kem/frodokem640shake/opt/util.c +++ b/crypto_kem/frodokem640shake/opt/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem976aes/clean/util.c b/crypto_kem/frodokem976aes/clean/util.c index 388aac89..c8a76b81 100644 --- a/crypto_kem/frodokem976aes/clean/util.c +++ b/crypto_kem/frodokem976aes/clean/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM976AES_CLEAN_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem976aes/opt/util.c b/crypto_kem/frodokem976aes/opt/util.c index cad5636c..cac6b449 100644 --- a/crypto_kem/frodokem976aes/opt/util.c +++ b/crypto_kem/frodokem976aes/opt/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM976AES_OPT_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem976shake/clean/util.c b/crypto_kem/frodokem976shake/clean/util.c index 4f2b0bf2..8360be6d 100644 --- a/crypto_kem/frodokem976shake/clean/util.c +++ b/crypto_kem/frodokem976shake/clean/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/frodokem976shake/opt/util.c b/crypto_kem/frodokem976shake/opt/util.c index 4bd77615..83677f28 100644 --- a/crypto_kem/frodokem976shake/opt/util.c +++ b/crypto_kem/frodokem976shake/opt/util.c @@ -12,8 +12,10 @@ #include "params.h" static inline uint8_t min(uint8_t x, uint8_t y) { - if (x < y) return x; - return y; + if (x < y) { + return x; + } + return y; } uint16_t PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(uint16_t n) { diff --git a/crypto_kem/mceliece348864/avx/int32_sort.c b/crypto_kem/mceliece348864/avx/int32_sort.c index 54295975..f984819f 100644 --- a/crypto_kem/mceliece348864/avx/int32_sort.c +++ b/crypto_kem/mceliece348864/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece348864f/avx/int32_sort.c b/crypto_kem/mceliece348864f/avx/int32_sort.c index a282f5c2..3d00867d 100644 --- a/crypto_kem/mceliece348864f/avx/int32_sort.c +++ b/crypto_kem/mceliece348864f/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece460896/avx/int32_sort.c b/crypto_kem/mceliece460896/avx/int32_sort.c index cdddf86a..aae917bd 100644 --- a/crypto_kem/mceliece460896/avx/int32_sort.c +++ b/crypto_kem/mceliece460896/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece460896f/avx/int32_sort.c b/crypto_kem/mceliece460896f/avx/int32_sort.c index cc7e347a..d8c2b1c8 100644 --- a/crypto_kem/mceliece460896f/avx/int32_sort.c +++ b/crypto_kem/mceliece460896f/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece6688128/avx/int32_sort.c b/crypto_kem/mceliece6688128/avx/int32_sort.c index da5f0e57..d55525e7 100644 --- a/crypto_kem/mceliece6688128/avx/int32_sort.c +++ b/crypto_kem/mceliece6688128/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece6688128f/avx/int32_sort.c b/crypto_kem/mceliece6688128f/avx/int32_sort.c index 02bf18bb..f70f51dd 100644 --- a/crypto_kem/mceliece6688128f/avx/int32_sort.c +++ b/crypto_kem/mceliece6688128f/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece6960119/avx/int32_sort.c b/crypto_kem/mceliece6960119/avx/int32_sort.c index 270ba5b6..02087a3e 100644 --- a/crypto_kem/mceliece6960119/avx/int32_sort.c +++ b/crypto_kem/mceliece6960119/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece6960119f/avx/int32_sort.c b/crypto_kem/mceliece6960119f/avx/int32_sort.c index fdfc419d..73bf75a2 100644 --- a/crypto_kem/mceliece6960119f/avx/int32_sort.c +++ b/crypto_kem/mceliece6960119f/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece8192128/avx/int32_sort.c b/crypto_kem/mceliece8192128/avx/int32_sort.c index 145dfa8e..0e11f1c4 100644 --- a/crypto_kem/mceliece8192128/avx/int32_sort.c +++ b/crypto_kem/mceliece8192128/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/mceliece8192128f/avx/int32_sort.c b/crypto_kem/mceliece8192128f/avx/int32_sort.c index e5942540..a35e886e 100644 --- a/crypto_kem/mceliece8192128f/avx/int32_sort.c +++ b/crypto_kem/mceliece8192128f/avx/int32_sort.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c index f54b8934..c116c03d 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c index bcac3bb9..9340fb5b 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c index d6563d78..0b82a5d1 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/sntrup653/avx2/crypto_sort_int32.c b/crypto_kem/sntrup653/avx2/crypto_sort_int32.c index de880bf7..289bc6b0 100644 --- a/crypto_kem/sntrup653/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup653/avx2/crypto_sort_int32.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/sntrup761/avx2/crypto_sort_int32.c b/crypto_kem/sntrup761/avx2/crypto_sort_int32.c index 9c3b88c3..a3268aef 100644 --- a/crypto_kem/sntrup761/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup761/avx2/crypto_sort_int32.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { diff --git a/crypto_kem/sntrup857/avx2/crypto_sort_int32.c b/crypto_kem/sntrup857/avx2/crypto_sort_int32.c index 6879a1d3..bd96995a 100644 --- a/crypto_kem/sntrup857/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup857/avx2/crypto_sort_int32.c @@ -463,8 +463,10 @@ static void int32_sort_2power(int32 *x, long long n, int flagdown) { q = n >> 3; flip = 0; - if (p << 1 == q) flip = 1; - flipflip = 1-flip; + if (p << 1 == q) { + flip = 1; + } + flipflip = 1 - flip; for (j = 0; j < q; j += p + p) { for (k = j; k < j + p + p; k += p) { for (i = k; i < k + p; i += 8) { From bcc9a619d90eb6de2a7b6b32de0649fbbf9915a4 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Wed, 16 Sep 2020 08:29:22 -0400 Subject: [PATCH 09/13] rainbow/test_boolean: Use 1^x instead of 1-x to avoid conversion warning --- crypto_sign/rainbowIIIc-classic/clean/blas_comm.c | 2 +- crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c | 2 +- crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c | 2 +- crypto_sign/rainbowIa-classic/clean/blas_comm.c | 2 +- crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c | 2 +- crypto_sign/rainbowIa-cyclic/clean/blas_comm.c | 2 +- crypto_sign/rainbowVc-classic/clean/blas_comm.c | 2 +- crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c | 2 +- crypto_sign/rainbowVc-cyclic/clean/blas_comm.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c index 5d5c5b36..6f7727b9 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c index 7bb0b688..5701b090 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c index 45ef8e66..4ad7a4b7 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index b9b38a4c..a58d87d1 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1-PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1^PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c index feebd56c..4c452af7 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + offset_byte, 1-PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + offset_byte, 1^PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index e79fa489..65fb6c33 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1-PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1^PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.c b/crypto_sign/rainbowVc-classic/clean/blas_comm.c index e0ce9e4f..bfd6a6ea 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c index ae0afda3..8ec4a06a 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c index bde4f8cb..a1f0a574 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1-PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; From 3773b71aa36f7c9ca3c0aa698e92995e16a3754a Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Wed, 16 Sep 2020 09:16:42 -0400 Subject: [PATCH 10/13] falcon/test_boolean: conversion warning --- crypto_sign/falcon-1024/clean/fpr.h | 4 ++-- crypto_sign/falcon-512/clean/fpr.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto_sign/falcon-1024/clean/fpr.h b/crypto_sign/falcon-1024/clean/fpr.h index b6f3908f..5678471e 100644 --- a/crypto_sign/falcon-1024/clean/fpr.h +++ b/crypto_sign/falcon-1024/clean/fpr.h @@ -436,8 +436,8 @@ fpr_lt(fpr x, fpr y) { */ int cc0, cc1; - cc0 = ((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; - cc1 = ((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; + cc0 = (int)((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; + cc1 = (int)((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } diff --git a/crypto_sign/falcon-512/clean/fpr.h b/crypto_sign/falcon-512/clean/fpr.h index abf8cd34..57dc24e1 100644 --- a/crypto_sign/falcon-512/clean/fpr.h +++ b/crypto_sign/falcon-512/clean/fpr.h @@ -436,8 +436,8 @@ fpr_lt(fpr x, fpr y) { */ int cc0, cc1; - cc0 = ((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; - cc1 = ((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; + cc0 = (int)((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; + cc1 = (int)((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } From 1caa0cfeff26578eed5057d7e80e021bb0fed907 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Thu, 17 Sep 2020 11:25:08 -0400 Subject: [PATCH 11/13] falcon: conversion warning --- crypto_sign/falcon-1024/clean/codec.c | 4 +++- crypto_sign/falcon-512/clean/codec.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto_sign/falcon-1024/clean/codec.c b/crypto_sign/falcon-1024/clean/codec.c index 9c7754d5..a096f7b2 100644 --- a/crypto_sign/falcon-1024/clean/codec.c +++ b/crypto_sign/falcon-1024/clean/codec.c @@ -444,7 +444,9 @@ PQCLEAN_FALCON1024_CLEAN_comp_decode( } } x[u] = (int16_t) m; - if (s) x[u] = -x[u]; + if (s) { + x[u] = (int16_t) -x[u]; + } } return v; } diff --git a/crypto_sign/falcon-512/clean/codec.c b/crypto_sign/falcon-512/clean/codec.c index 9c626e4e..febfe4c3 100644 --- a/crypto_sign/falcon-512/clean/codec.c +++ b/crypto_sign/falcon-512/clean/codec.c @@ -444,7 +444,9 @@ PQCLEAN_FALCON512_CLEAN_comp_decode( } } x[u] = (int16_t) m; - if (s) x[u] = -x[u]; + if (s) { + x[u] = (int16_t) -x[u]; + } } return v; } From a7e44f79acf7871962e20cc1cd93a745b14b8ef9 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Thu, 17 Sep 2020 11:54:58 -0400 Subject: [PATCH 12/13] astyle --- crypto_sign/falcon-1024/clean/codec.c | 2 +- crypto_sign/falcon-1024/clean/fpr.h | 4 +-- crypto_sign/falcon-1024/clean/keygen.c | 28 +++++++++++-------- crypto_sign/falcon-1024/clean/sign.c | 8 +++--- crypto_sign/falcon-512/clean/codec.c | 2 +- crypto_sign/falcon-512/clean/fpr.h | 4 +-- crypto_sign/falcon-512/clean/keygen.c | 28 +++++++++++-------- crypto_sign/falcon-512/clean/sign.c | 8 +++--- .../rainbowIIIc-classic/clean/blas_comm.c | 2 +- .../clean/blas_comm.c | 2 +- .../rainbowIIIc-cyclic/clean/blas_comm.c | 2 +- .../rainbowIa-classic/clean/blas_comm.c | 2 +- .../clean/blas_comm.c | 2 +- .../rainbowIa-cyclic/clean/blas_comm.c | 2 +- .../rainbowVc-classic/clean/blas_comm.c | 2 +- .../clean/blas_comm.c | 2 +- .../rainbowVc-cyclic/clean/blas_comm.c | 2 +- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- .../avx2/sha256avx.c | 4 ++- 29 files changed, 93 insertions(+), 57 deletions(-) diff --git a/crypto_sign/falcon-1024/clean/codec.c b/crypto_sign/falcon-1024/clean/codec.c index a096f7b2..70856aff 100644 --- a/crypto_sign/falcon-1024/clean/codec.c +++ b/crypto_sign/falcon-1024/clean/codec.c @@ -445,7 +445,7 @@ PQCLEAN_FALCON1024_CLEAN_comp_decode( } x[u] = (int16_t) m; if (s) { - x[u] = (int16_t) -x[u]; + x[u] = (int16_t) - x[u]; } } return v; diff --git a/crypto_sign/falcon-1024/clean/fpr.h b/crypto_sign/falcon-1024/clean/fpr.h index 5678471e..795a5b49 100644 --- a/crypto_sign/falcon-1024/clean/fpr.h +++ b/crypto_sign/falcon-1024/clean/fpr.h @@ -436,8 +436,8 @@ fpr_lt(fpr x, fpr y) { */ int cc0, cc1; - cc0 = (int)((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; - cc1 = (int)((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; + cc0 = (int)((*(int64_t *)&x - * (int64_t *)&y) >> 63) & 1; + cc1 = (int)((*(int64_t *)&y - * (int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } diff --git a/crypto_sign/falcon-1024/clean/keygen.c b/crypto_sign/falcon-1024/clean/keygen.c index 00a9be7e..e987b3a5 100644 --- a/crypto_sign/falcon-1024/clean/keygen.c +++ b/crypto_sign/falcon-1024/clean/keygen.c @@ -1903,9 +1903,9 @@ zint_add_scaled_mul_small(uint32_t *x, size_t xlen, */ v = u - sch; if (v < ylen) { - wy = y[v]; + wy = y[v]; } else { - wy = ysign; + wy = ysign; } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -1965,9 +1965,9 @@ zint_sub_scaled(uint32_t *x, size_t xlen, */ v = u - sch; if (v < ylen) { - wy = y[v]; + wy = y[v]; } else { - wy = ysign; + wy = ysign; } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -2656,16 +2656,18 @@ make_fg(uint32_t *data, const int8_t *f, const int8_t *g, return; } - if (depth == 0) return; + if (depth == 0) { + return; + } if (depth == 1) { - make_fg_step(data, logn, 0, 0, out_ntt); - return; + make_fg_step(data, logn, 0, 0, out_ntt); + return; } make_fg_step(data, logn, 0, 0, 1); - for (d = 1; d+1 < depth; d ++) { + for (d = 1; d + 1 < depth; d ++) { make_fg_step(data, logn - d, d, 1, 1); } - make_fg_step(data, logn-depth+1, depth-1, 1, out_ntt); + make_fg_step(data, logn - depth + 1, depth - 1, 1, out_ntt); } /* @@ -3043,7 +3045,9 @@ solve_NTRU_intermediate(unsigned logn_top, * middle or the upper half of these top 10 words. */ rlen = slen; - if (rlen > 10) rlen = 10; + if (rlen > 10) { + rlen = 10; + } poly_big_to_fp(rt3, ft + slen - rlen, rlen, slen, logn); poly_big_to_fp(rt4, gt + slen - rlen, rlen, slen, logn); @@ -3118,7 +3122,9 @@ solve_NTRU_intermediate(unsigned logn_top, * scaling if the current length is more than 10 words. */ rlen = FGlen; - if (rlen > 10) rlen = 10; + if (rlen > 10) { + rlen = 10; + } scale_FG = 31 * (int)(FGlen - rlen); poly_big_to_fp(rt1, Ft + FGlen - rlen, rlen, llen, logn); poly_big_to_fp(rt2, Gt + FGlen - rlen, rlen, llen, logn); diff --git a/crypto_sign/falcon-1024/clean/sign.c b/crypto_sign/falcon-1024/clean/sign.c index 8baec84e..56518bf5 100644 --- a/crypto_sign/falcon-1024/clean/sign.c +++ b/crypto_sign/falcon-1024/clean/sign.c @@ -1190,9 +1190,9 @@ PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, inner_shake256_context *rng, * SHAKE context ('rng'). */ if (logn == 10) { - spc.sigma_min = fpr_sigma_min_10; + spc.sigma_min = fpr_sigma_min_10; } else { - spc.sigma_min = fpr_sigma_min_9; + spc.sigma_min = fpr_sigma_min_9; } PQCLEAN_FALCON1024_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON1024_CLEAN_sampler; @@ -1237,9 +1237,9 @@ PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, inner_shake256_context *rng, * SHAKE context ('rng'). */ if (logn == 10) { - spc.sigma_min = fpr_sigma_min_10; + spc.sigma_min = fpr_sigma_min_10; } else { - spc.sigma_min = fpr_sigma_min_9; + spc.sigma_min = fpr_sigma_min_9; } PQCLEAN_FALCON1024_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON1024_CLEAN_sampler; diff --git a/crypto_sign/falcon-512/clean/codec.c b/crypto_sign/falcon-512/clean/codec.c index febfe4c3..fe88f022 100644 --- a/crypto_sign/falcon-512/clean/codec.c +++ b/crypto_sign/falcon-512/clean/codec.c @@ -445,7 +445,7 @@ PQCLEAN_FALCON512_CLEAN_comp_decode( } x[u] = (int16_t) m; if (s) { - x[u] = (int16_t) -x[u]; + x[u] = (int16_t) - x[u]; } } return v; diff --git a/crypto_sign/falcon-512/clean/fpr.h b/crypto_sign/falcon-512/clean/fpr.h index 57dc24e1..65ce5db4 100644 --- a/crypto_sign/falcon-512/clean/fpr.h +++ b/crypto_sign/falcon-512/clean/fpr.h @@ -436,8 +436,8 @@ fpr_lt(fpr x, fpr y) { */ int cc0, cc1; - cc0 = (int)((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; - cc1 = (int)((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; + cc0 = (int)((*(int64_t *)&x - * (int64_t *)&y) >> 63) & 1; + cc1 = (int)((*(int64_t *)&y - * (int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } diff --git a/crypto_sign/falcon-512/clean/keygen.c b/crypto_sign/falcon-512/clean/keygen.c index cfe59119..6fe3ec2e 100644 --- a/crypto_sign/falcon-512/clean/keygen.c +++ b/crypto_sign/falcon-512/clean/keygen.c @@ -1903,9 +1903,9 @@ zint_add_scaled_mul_small(uint32_t *x, size_t xlen, */ v = u - sch; if (v < ylen) { - wy = y[v]; + wy = y[v]; } else { - wy = ysign; + wy = ysign; } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -1965,9 +1965,9 @@ zint_sub_scaled(uint32_t *x, size_t xlen, */ v = u - sch; if (v < ylen) { - wy = y[v]; + wy = y[v]; } else { - wy = ysign; + wy = ysign; } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -2656,16 +2656,18 @@ make_fg(uint32_t *data, const int8_t *f, const int8_t *g, return; } - if (depth == 0) return; + if (depth == 0) { + return; + } if (depth == 1) { - make_fg_step(data, logn, 0, 0, out_ntt); - return; + make_fg_step(data, logn, 0, 0, out_ntt); + return; } make_fg_step(data, logn, 0, 0, 1); - for (d = 1; d+1 < depth; d ++) { + for (d = 1; d + 1 < depth; d ++) { make_fg_step(data, logn - d, d, 1, 1); } - make_fg_step(data, logn-depth+1, depth-1, 1, out_ntt); + make_fg_step(data, logn - depth + 1, depth - 1, 1, out_ntt); } /* @@ -3043,7 +3045,9 @@ solve_NTRU_intermediate(unsigned logn_top, * middle or the upper half of these top 10 words. */ rlen = slen; - if (rlen > 10) rlen = 10; + if (rlen > 10) { + rlen = 10; + } poly_big_to_fp(rt3, ft + slen - rlen, rlen, slen, logn); poly_big_to_fp(rt4, gt + slen - rlen, rlen, slen, logn); @@ -3118,7 +3122,9 @@ solve_NTRU_intermediate(unsigned logn_top, * scaling if the current length is more than 10 words. */ rlen = FGlen; - if (rlen > 10) rlen = 10; + if (rlen > 10) { + rlen = 10; + } scale_FG = 31 * (int)(FGlen - rlen); poly_big_to_fp(rt1, Ft + FGlen - rlen, rlen, llen, logn); poly_big_to_fp(rt2, Gt + FGlen - rlen, rlen, llen, logn); diff --git a/crypto_sign/falcon-512/clean/sign.c b/crypto_sign/falcon-512/clean/sign.c index ef0adea4..65cd8322 100644 --- a/crypto_sign/falcon-512/clean/sign.c +++ b/crypto_sign/falcon-512/clean/sign.c @@ -1190,9 +1190,9 @@ PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, inner_shake256_context *rng, * SHAKE context ('rng'). */ if (logn == 10) { - spc.sigma_min = fpr_sigma_min_10; + spc.sigma_min = fpr_sigma_min_10; } else { - spc.sigma_min = fpr_sigma_min_9; + spc.sigma_min = fpr_sigma_min_9; } PQCLEAN_FALCON512_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON512_CLEAN_sampler; @@ -1237,9 +1237,9 @@ PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, inner_shake256_context *rng, * SHAKE context ('rng'). */ if (logn == 10) { - spc.sigma_min = fpr_sigma_min_10; + spc.sigma_min = fpr_sigma_min_10; } else { - spc.sigma_min = fpr_sigma_min_9; + spc.sigma_min = fpr_sigma_min_9; } PQCLEAN_FALCON512_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON512_CLEAN_sampler; diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c index 6f7727b9..82686971 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1 ^ PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c index 5701b090..64feed34 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1 ^ PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c index 4ad7a4b7..5666c879 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1 ^ PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index a58d87d1..10a6f3f6 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1^PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1 ^ PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c index 4c452af7..4016d4d5 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + offset_byte, 1^PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + offset_byte, 1 ^ PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index 65fb6c33..b8469e1a 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -74,7 +74,7 @@ static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigne uint8_t *ai = mat + n_w_byte * i; for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1^PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1 ^ PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } uint8_t pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i); r8 &= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(pivot); diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.c b/crypto_sign/rainbowVc-classic/clean/blas_comm.c index bfd6a6ea..25ba0604 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1 ^ PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c index 8ec4a06a..606c2fc5 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1 ^ PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c index a1f0a574..481b7699 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c @@ -72,7 +72,7 @@ static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsign for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1^PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1 ^ PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; diff --git a/crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c index 9fb6aa53..4b689e8b 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-128f-robust/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256128FROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c index d8af492c..d68e58f1 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-128f-simple/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256128FSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c index 31a22283..215e13b0 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-128s-robust/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256128SROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c index 1f1500c7..e3c286c2 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-128s-simple/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256128SSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c index 50e42a56..23ea1fab 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-192f-robust/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256192FROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c index 97e8f442..6c112147 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-192f-simple/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256192FSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c index 2235dc7b..36c99db5 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-192s-robust/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256192SROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c index 237e8aeb..fc1926b2 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-192s-simple/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256192SSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c index 13aad2d8..83fe79e1 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-256f-robust/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256256FROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c index ef988608..7444a9e1 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c index fbdce7e8..35b4c496 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-256s-robust/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256256SROBUST_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); diff --git a/crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c b/crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c index 73eb3471..dfdc77de 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c +++ b/crypto_sign/sphincs-sha256-256s-simple/avx2/sha256avx.c @@ -67,7 +67,9 @@ void PQCLEAN_SPHINCSSHA256256SSIMPLE_AVX2_sha256_update8x(sha256ctxx8 *ctx, while (i < len) { bytes_to_copy = len - i; - if (bytes_to_copy > 64) bytes_to_copy = 64; + if (bytes_to_copy > 64) { + bytes_to_copy = 64; + } memcpy(&ctx->msgblocks[64 * 0], d0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], d1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], d2 + i, bytes_to_copy); From 60751536aa6099c726b92297ed228853e4528631 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Fri, 18 Sep 2020 22:18:08 -0400 Subject: [PATCH 13/13] falcon: fix fpr_lt --- crypto_sign/falcon-1024/clean/fpr.h | 24 ++++++++++++++++++------ crypto_sign/falcon-512/clean/fpr.h | 24 ++++++++++++++++++------ 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/crypto_sign/falcon-1024/clean/fpr.h b/crypto_sign/falcon-1024/clean/fpr.h index 795a5b49..004bc0df 100644 --- a/crypto_sign/falcon-1024/clean/fpr.h +++ b/crypto_sign/falcon-1024/clean/fpr.h @@ -424,20 +424,32 @@ fpr fpr_sqrt(fpr x); static inline int fpr_lt(fpr x, fpr y) { /* - * If x >= 0 or y >= 0, a signed comparison yields the proper - * result: + * If both x and y are positive, then a signed comparison yields + * the proper result: * - For positive values, the order is preserved. * - The sign bit is at the same place as in integers, so * sign is preserved. + * Moreover, we can compute [x < y] as sgn(x-y) and the computation + * of x-y will not overflow. + * + * If the signs differ, then sgn(x) gives the proper result. * * If both x and y are negative, then the order is reversed. - * We cannot simply invert the comparison result in that case - * because it would not handle the edge case x = y properly. + * Hence [x < y] = sgn(y-x). We must compute this separately from + * sgn(x-y); simply inverting sgn(x-y) would not handle the edge + * case x = y properly. */ int cc0, cc1; + int64_t sx; + int64_t sy; + + sx = *(int64_t *)&x; + sy = *(int64_t *)&y; + sy &= ~((sx ^ sy) >> 63); /* set sy=0 if signs differ */ + + cc0 = (int)((sx - sy) >> 63) & 1; /* Neither subtraction overflows when */ + cc1 = (int)((sy - sx) >> 63) & 1; /* the signs are the same. */ - cc0 = (int)((*(int64_t *)&x - * (int64_t *)&y) >> 63) & 1; - cc1 = (int)((*(int64_t *)&y - * (int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } diff --git a/crypto_sign/falcon-512/clean/fpr.h b/crypto_sign/falcon-512/clean/fpr.h index 65ce5db4..b662a52b 100644 --- a/crypto_sign/falcon-512/clean/fpr.h +++ b/crypto_sign/falcon-512/clean/fpr.h @@ -424,20 +424,32 @@ fpr fpr_sqrt(fpr x); static inline int fpr_lt(fpr x, fpr y) { /* - * If x >= 0 or y >= 0, a signed comparison yields the proper - * result: + * If both x and y are positive, then a signed comparison yields + * the proper result: * - For positive values, the order is preserved. * - The sign bit is at the same place as in integers, so * sign is preserved. + * Moreover, we can compute [x < y] as sgn(x-y) and the computation + * of x-y will not overflow. + * + * If the signs differ, then sgn(x) gives the proper result. * * If both x and y are negative, then the order is reversed. - * We cannot simply invert the comparison result in that case - * because it would not handle the edge case x = y properly. + * Hence [x < y] = sgn(y-x). We must compute this separately from + * sgn(x-y); simply inverting sgn(x-y) would not handle the edge + * case x = y properly. */ int cc0, cc1; + int64_t sx; + int64_t sy; + + sx = *(int64_t *)&x; + sy = *(int64_t *)&y; + sy &= ~((sx ^ sy) >> 63); /* set sy=0 if signs differ */ + + cc0 = (int)((sx - sy) >> 63) & 1; /* Neither subtraction overflows when */ + cc1 = (int)((sy - sx) >> 63) & 1; /* the signs are the same. */ - cc0 = (int)((*(int64_t *)&x - * (int64_t *)&y) >> 63) & 1; - cc1 = (int)((*(int64_t *)&y - * (int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); }