resolve todo, remove asserts, add duplicate checks and make sure they pass

5 years ago · 3c733b6691
--- a/crypto_kem/ledakemlt12/leaktime/bf_decoding.c
+++ b/crypto_kem/ledakemlt12/leaktime/bf_decoding.c
@@ -1,7 +1,6 @@
 #include "bf_decoding.h"
 #include "gf2x_arith_mod_xPplusOne.h"

 #include <assert.h>
 #include <string.h>

 int PQCLEAN_LEDAKEMLT12_LEAKTIME_bf_decoding(DIGIT err[],
--- a/crypto_kem/ledakemlt12/leaktime/gf2x_arith.c
+++ b/crypto_kem/ledakemlt12/leaktime/gf2x_arith.c
@@ -1,6 +1,5 @@
 #include "gf2x_arith.h"

 #include <assert.h>
 #include <string.h>  // memset(...)

 void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) {
@@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D

 /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
 void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
    assert(amount < DIGIT_SIZE_b);
    if ( amount == 0 ) {
        return;
    }
@@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi

 /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
 void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
    assert(amount < DIGIT_SIZE_b);
    if ( amount == 0 ) {
        return;
    }
--- a/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c
+++ b/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c
@@ -1,7 +1,6 @@
 #include "gf2x_arith_mod_xPplusOne.h"
 #include "rng.h"

 #include <assert.h>
 #include <string.h>  // memcpy(...), memset(...)

 void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) {
@@ -431,14 +430,14 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R
    }
 }

 /* the implementation is safe even in case A or B alias with the result */
 /* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */
 /* the implementation is safe even in case A or B alias with the result
 * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */
 void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse(
    int sizeR, POSITION_T Res[],
    int sizeA, const POSITION_T A[],
    int sizeB, const POSITION_T B[]) {

    POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions
    POSITION_T tmpRes[DV * M];
    int idxA = 0, idxB = 0, idxR = 0;
    while ( idxA < sizeA  &&
            idxB < sizeB  &&
--- a/crypto_kem/ledakemlt12/leaktime/rng.h
+++ b/crypto_kem/ledakemlt12/leaktime/rng.h
@@ -8,7 +8,7 @@
 #define RNG_BAD_MAXLEN  (-1)
 #define RNG_BAD_OUTBUF  (-2)
 #define RNG_BAD_REQ_LEN (-3)
 #define RNG_MAXLEN  (10 * 1024 * 1024)
 #define RNG_MAXLEN      (10 * 1024 * 1024)

 typedef struct {
    unsigned char   buffer[16];
--- a/crypto_kem/ledakemlt32/leaktime/bf_decoding.c
+++ b/crypto_kem/ledakemlt32/leaktime/bf_decoding.c
@@ -1,7 +1,6 @@
 #include "bf_decoding.h"
 #include "gf2x_arith_mod_xPplusOne.h"

 #include <assert.h>
 #include <string.h>

 int PQCLEAN_LEDAKEMLT32_LEAKTIME_bf_decoding(DIGIT err[],
--- a/crypto_kem/ledakemlt32/leaktime/gf2x_arith.c
+++ b/crypto_kem/ledakemlt32/leaktime/gf2x_arith.c
@@ -1,6 +1,5 @@
 #include "gf2x_arith.h"

 #include <assert.h>
 #include <string.h>  // memset(...)

 void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) {
@@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D

 /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
 void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
    assert(amount < DIGIT_SIZE_b);
    if ( amount == 0 ) {
        return;
    }
@@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi

 /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
 void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
    assert(amount < DIGIT_SIZE_b);
    if ( amount == 0 ) {
        return;
    }
--- a/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c
+++ b/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c
@@ -1,7 +1,6 @@
 #include "gf2x_arith_mod_xPplusOne.h"
 #include "rng.h"

 #include <assert.h>
 #include <string.h>  // memcpy(...), memset(...)

 void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) {
@@ -211,8 +210,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]) {
        A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1;
    }

    // A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // no middle digit

    if (slack_bits_amount) {
        PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount);
    }
@@ -431,14 +428,14 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R
    }
 }

 /* the implementation is safe even in case A or B alias with the result */
 /* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */
 /* the implementation is safe even in case A or B alias with the result
 * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */
 void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse(
    int sizeR, POSITION_T Res[],
    int sizeA, const POSITION_T A[],
    int sizeB, const POSITION_T B[]) {

    POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions
    POSITION_T tmpRes[DV * M];
    int idxA = 0, idxB = 0, idxR = 0;
    while ( idxA < sizeA  &&
            idxB < sizeB  &&
--- a/crypto_kem/ledakemlt32/leaktime/niederreiter.h
+++ b/crypto_kem/ledakemlt32/leaktime/niederreiter.h
@@ -10,7 +10,7 @@ typedef struct {
     * H and Q during decryption */
    unsigned char prng_seed[TRNG_BYTE_LENGTH];
    int8_t rejections;
    uint8_t threshold;
    uint8_t threshold; // for round 2
 } privateKeyNiederreiter_t;

 typedef struct {
--- a/crypto_kem/ledakemlt52/leaktime/bf_decoding.c
+++ b/crypto_kem/ledakemlt52/leaktime/bf_decoding.c
@@ -1,7 +1,6 @@
 #include "bf_decoding.h"
 #include "gf2x_arith_mod_xPplusOne.h"

 #include <assert.h>
 #include <string.h>

 int PQCLEAN_LEDAKEMLT52_LEAKTIME_bf_decoding(DIGIT err[],
--- a/crypto_kem/ledakemlt52/leaktime/gf2x_arith.c
+++ b/crypto_kem/ledakemlt52/leaktime/gf2x_arith.c
@@ -1,6 +1,5 @@
 #include "gf2x_arith.h"

 #include <assert.h>
 #include <string.h>  // memset(...)

 void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) {
@@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D

 /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
 void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
    assert(amount < DIGIT_SIZE_b);
    if ( amount == 0 ) {
        return;
    }
@@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi

 /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
 void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
    assert(amount < DIGIT_SIZE_b);
    if ( amount == 0 ) {
        return;
    }
--- a/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c
+++ b/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c
@@ -1,10 +1,8 @@
 #include "gf2x_arith_mod_xPplusOne.h"
 #include "rng.h"

 #include <assert.h>
 #include <string.h>  // memcpy(...), memset(...)


 void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) {
    for (int i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0; i--) {
        dest[i] = in[i];
@@ -212,8 +210,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]) {
        A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1;
    }

    // A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // no middle digit

    if (slack_bits_amount) {
        PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount);
    }
@@ -432,14 +428,14 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R
    }
 }

 /* the implementation is safe even in case A or B alias with the result */
 /* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */
 /* the implementation is safe even in case A or B alias with the result
 * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */
 void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse(
    int sizeR, POSITION_T Res[],
    int sizeA, const POSITION_T A[],
    int sizeB, const POSITION_T B[]) {

    POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions
    POSITION_T tmpRes[DV * M];
    int idxA = 0, idxB = 0, idxR = 0;
    while ( idxA < sizeA  &&
            idxB < sizeB  &&
--- a/crypto_kem/ledakemlt52/leaktime/niederreiter.h
+++ b/crypto_kem/ledakemlt52/leaktime/niederreiter.h
@@ -10,7 +10,7 @@ typedef struct {
     * H and Q during decryption */
    unsigned char prng_seed[TRNG_BYTE_LENGTH];
    int8_t rejections;
    uint8_t threshold;
    uint8_t threshold; // for round 2
 } privateKeyNiederreiter_t;

 typedef struct {
--- a/test/duplicate_consistency/ledakemlt12_leaktime.yml
+++ b/test/duplicate_consistency/ledakemlt12_leaktime.yml
@@ -0,0 +1,32 @@
 consistency_checks:
 - source:
    scheme: ledakemlt32
    implementation: leaktime
  files:
    - bf_decoding.c
    - dfr_test.c
    - dfr_test.h
    - gf2x_arith.c
    - gf2x_arith.h
    - H_Q_matrices_generation.c
    - H_Q_matrices_generation.h
    - kem.c
    - niederreiter.c
    - niederreiter.h
    - rng.c
    - rng.h
 - source:
    scheme: ledakemlt52
    implementation: leaktime
  files:
    - bf_decoding.c
    - dfr_test.c
    - dfr_test.h
    - gf2x_arith.c
    - gf2x_arith.h
    - H_Q_matrices_generation.c
    - H_Q_matrices_generation.h
    - kem.c
    - niederreiter.c
    - niederreiter.h
    - rng.h
--- a/test/duplicate_consistency/ledakemlt32_leaktime.yml
+++ b/test/duplicate_consistency/ledakemlt32_leaktime.yml
@@ -0,0 +1,32 @@
 consistency_checks:
 - source:
    scheme: ledakemlt12
    implementation: leaktime
  files:
    - bf_decoding.c
    - dfr_test.c
    - dfr_test.h
    - gf2x_arith.c
    - gf2x_arith.h
    - H_Q_matrices_generation.c
    - H_Q_matrices_generation.h
    - kem.c
    - niederreiter.c
    - niederreiter.h
    - rng.c
    - rng.h
 - source:
    scheme: ledakemlt52
    implementation: leaktime
  files:
    - bf_decoding.c
    - dfr_test.c
    - dfr_test.h
    - gf2x_arith.c
    - gf2x_arith.h
    - H_Q_matrices_generation.c
    - H_Q_matrices_generation.h
    - kem.c
    - niederreiter.c
    - niederreiter.h
    - rng.h
--- a/test/duplicate_consistency/ledakemlt52_leaktime.yml
+++ b/test/duplicate_consistency/ledakemlt52_leaktime.yml
@@ -0,0 +1,32 @@
 consistency_checks:
 - source:
    scheme: ledakemlt12
    implementation: leaktime
  files:
    - bf_decoding.c
    - dfr_test.c
    - dfr_test.h
    - gf2x_arith.c
    - gf2x_arith.h
    - H_Q_matrices_generation.c
    - H_Q_matrices_generation.h
    - kem.c
    - niederreiter.c
    - niederreiter.h
    - rng.h
 - source:
    scheme: ledakemlt32
    implementation: leaktime
  files:
    - bf_decoding.c
    - dfr_test.c
    - dfr_test.h
    - gf2x_arith.c
    - gf2x_arith.h
    - gf2x_arith_mod_xPplusOne.c
    - H_Q_matrices_generation.c
    - H_Q_matrices_generation.h
    - kem.c
    - niederreiter.c
    - niederreiter.h
    - rng.h