kris/pqc
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

resolve todo, remove asserts, add duplicate checks and make sure they pass

Browse Source
This commit is contained in:
Leon 2019-06-17 14:03:59 +02:00
parent e5b9b13160
commit 3c733b6691
15 changed files with 108 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto_kem/ledakemlt12/leaktime/bf_decoding.c
View File

@ -1,7 +1,6 @@
#include "bf_decoding.h" #include "bf_decoding.h"
#include "gf2x_arith_mod_xPplusOne.h" #include "gf2x_arith_mod_xPplusOne.h"
#include <assert.h>
#include <string.h> #include <string.h>
int PQCLEAN_LEDAKEMLT12_LEAKTIME_bf_decoding(DIGIT err[], int PQCLEAN_LEDAKEMLT12_LEAKTIME_bf_decoding(DIGIT err[],

3
crypto_kem/ledakemlt12/leaktime/gf2x_arith.c
View File

@ -1,6 +1,5 @@
#include "gf2x_arith.h" #include "gf2x_arith.h"
#include <assert.h>
#include <string.h> // memset(...) #include <string.h> // memset(...)
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) {
@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
assert(amount < DIGIT_SIZE_b);
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
assert(amount < DIGIT_SIZE_b);
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }

7
crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c
View File

@ -1,7 +1,6 @@
#include "gf2x_arith_mod_xPplusOne.h" #include "gf2x_arith_mod_xPplusOne.h"
#include "rng.h" #include "rng.h"
#include <assert.h>
#include <string.h> // memcpy(...), memset(...) #include <string.h> // memcpy(...), memset(...)
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) {
@ -431,14 +430,14 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R
} }
} }
/* the implementation is safe even in case A or B alias with the result */ /* the implementation is safe even in case A or B alias with the result
/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse( void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse(
int sizeR, POSITION_T Res[], int sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[], int sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) { int sizeB, const POSITION_T B[]) {
POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions POSITION_T tmpRes[DV * M];
int idxA = 0, idxB = 0, idxR = 0; int idxA = 0, idxB = 0, idxR = 0;
while ( idxA < sizeA && while ( idxA < sizeA &&
idxB < sizeB && idxB < sizeB &&

2
crypto_kem/ledakemlt12/leaktime/rng.h
View File

@ -8,7 +8,7 @@
#define RNG_BAD_MAXLEN (-1) #define RNG_BAD_MAXLEN (-1)
#define RNG_BAD_OUTBUF (-2) #define RNG_BAD_OUTBUF (-2)
#define RNG_BAD_REQ_LEN (-3) #define RNG_BAD_REQ_LEN (-3)
#define RNG_MAXLEN (10 * 1024 * 1024) #define RNG_MAXLEN (10 * 1024 * 1024)
typedef struct { typedef struct {
unsigned char buffer[16]; unsigned char buffer[16];

1
crypto_kem/ledakemlt32/leaktime/bf_decoding.c
View File

@ -1,7 +1,6 @@
#include "bf_decoding.h" #include "bf_decoding.h"
#include "gf2x_arith_mod_xPplusOne.h" #include "gf2x_arith_mod_xPplusOne.h"
#include <assert.h>
#include <string.h> #include <string.h>
int PQCLEAN_LEDAKEMLT32_LEAKTIME_bf_decoding(DIGIT err[], int PQCLEAN_LEDAKEMLT32_LEAKTIME_bf_decoding(DIGIT err[],

3
crypto_kem/ledakemlt32/leaktime/gf2x_arith.c
View File

@ -1,6 +1,5 @@
#include "gf2x_arith.h" #include "gf2x_arith.h"
#include <assert.h>
#include <string.h> // memset(...) #include <string.h> // memset(...)
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) {
@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
assert(amount < DIGIT_SIZE_b);
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
assert(amount < DIGIT_SIZE_b);
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }

9
crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c
View File

@ -1,7 +1,6 @@
#include "gf2x_arith_mod_xPplusOne.h" #include "gf2x_arith_mod_xPplusOne.h"
#include "rng.h" #include "rng.h"
#include <assert.h>
#include <string.h> // memcpy(...), memset(...) #include <string.h> // memcpy(...), memset(...)
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) {
@ -211,8 +210,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]) {
A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1;
} }
// A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // no middle digit
if (slack_bits_amount) { if (slack_bits_amount) {
PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount);
} }
@ -431,14 +428,14 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R
} }
} }
/* the implementation is safe even in case A or B alias with the result */ /* the implementation is safe even in case A or B alias with the result
/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse( void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse(
int sizeR, POSITION_T Res[], int sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[], int sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) { int sizeB, const POSITION_T B[]) {
POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions POSITION_T tmpRes[DV * M];
int idxA = 0, idxB = 0, idxR = 0; int idxA = 0, idxB = 0, idxR = 0;
while ( idxA < sizeA && while ( idxA < sizeA &&
idxB < sizeB && idxB < sizeB &&

2
crypto_kem/ledakemlt32/leaktime/niederreiter.h
View File

@ -10,7 +10,7 @@ typedef struct {
* H and Q during decryption */ * H and Q during decryption */
unsigned char prng_seed[TRNG_BYTE_LENGTH]; unsigned char prng_seed[TRNG_BYTE_LENGTH];
int8_t rejections; int8_t rejections;
uint8_t threshold; uint8_t threshold; // for round 2
} privateKeyNiederreiter_t; } privateKeyNiederreiter_t;
typedef struct { typedef struct {

1
crypto_kem/ledakemlt52/leaktime/bf_decoding.c
View File

@ -1,7 +1,6 @@
#include "bf_decoding.h" #include "bf_decoding.h"
#include "gf2x_arith_mod_xPplusOne.h" #include "gf2x_arith_mod_xPplusOne.h"
#include <assert.h>
#include <string.h> #include <string.h>
int PQCLEAN_LEDAKEMLT52_LEAKTIME_bf_decoding(DIGIT err[], int PQCLEAN_LEDAKEMLT52_LEAKTIME_bf_decoding(DIGIT err[],

3
crypto_kem/ledakemlt52/leaktime/gf2x_arith.c
View File

@ -1,6 +1,5 @@
#include "gf2x_arith.h" #include "gf2x_arith.h"
#include <assert.h>
#include <string.h> // memset(...) #include <string.h> // memset(...)
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) {
@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
assert(amount < DIGIT_SIZE_b);
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) {
assert(amount < DIGIT_SIZE_b);
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }

10
crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c
View File

@ -1,10 +1,8 @@
#include "gf2x_arith_mod_xPplusOne.h" #include "gf2x_arith_mod_xPplusOne.h"
#include "rng.h" #include "rng.h"
#include <assert.h>
#include <string.h> // memcpy(...), memset(...) #include <string.h> // memcpy(...), memset(...)
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) {
for (int i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0; i--) { for (int i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0; i--) {
dest[i] = in[i]; dest[i] = in[i];
@ -212,8 +210,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]) {
A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1;
} }
// A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // no middle digit
if (slack_bits_amount) { if (slack_bits_amount) {
PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount);
} }
@ -432,14 +428,14 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R
} }
} }
/* the implementation is safe even in case A or B alias with the result */ /* the implementation is safe even in case A or B alias with the result
/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse( void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse(
int sizeR, POSITION_T Res[], int sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[], int sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) { int sizeB, const POSITION_T B[]) {
POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions POSITION_T tmpRes[DV * M];
int idxA = 0, idxB = 0, idxR = 0; int idxA = 0, idxB = 0, idxR = 0;
while ( idxA < sizeA && while ( idxA < sizeA &&
idxB < sizeB && idxB < sizeB &&

2
crypto_kem/ledakemlt52/leaktime/niederreiter.h
View File

@ -10,7 +10,7 @@ typedef struct {
* H and Q during decryption */ * H and Q during decryption */
unsigned char prng_seed[TRNG_BYTE_LENGTH]; unsigned char prng_seed[TRNG_BYTE_LENGTH];
int8_t rejections; int8_t rejections;
uint8_t threshold; uint8_t threshold; // for round 2
} privateKeyNiederreiter_t; } privateKeyNiederreiter_t;
typedef struct { typedef struct {

32
test/duplicate_consistency/ledakemlt12_leaktime.yml Normal file
View File

@ -0,0 +1,32 @@
consistency_checks:
- source:
scheme: ledakemlt32
implementation: leaktime
files:
- bf_decoding.c
- dfr_test.c
- dfr_test.h
- gf2x_arith.c
- gf2x_arith.h
- H_Q_matrices_generation.c
- H_Q_matrices_generation.h
- kem.c
- niederreiter.c
- niederreiter.h
- rng.c
- rng.h
- source:
scheme: ledakemlt52
implementation: leaktime
files:
- bf_decoding.c
- dfr_test.c
- dfr_test.h
- gf2x_arith.c
- gf2x_arith.h
- H_Q_matrices_generation.c
- H_Q_matrices_generation.h
- kem.c
- niederreiter.c
- niederreiter.h
- rng.h

32
test/duplicate_consistency/ledakemlt32_leaktime.yml Normal file
View File

@ -0,0 +1,32 @@
consistency_checks:
- source:
scheme: ledakemlt12
implementation: leaktime
files:
- bf_decoding.c
- dfr_test.c
- dfr_test.h
- gf2x_arith.c
- gf2x_arith.h
- H_Q_matrices_generation.c
- H_Q_matrices_generation.h
- kem.c
- niederreiter.c
- niederreiter.h
- rng.c
- rng.h
- source:
scheme: ledakemlt52
implementation: leaktime
files:
- bf_decoding.c
- dfr_test.c
- dfr_test.h
- gf2x_arith.c
- gf2x_arith.h
- H_Q_matrices_generation.c
- H_Q_matrices_generation.h
- kem.c
- niederreiter.c
- niederreiter.h
- rng.h

32
test/duplicate_consistency/ledakemlt52_leaktime.yml Normal file
View File

@ -0,0 +1,32 @@
consistency_checks:
- source:
scheme: ledakemlt12
implementation: leaktime
files:
- bf_decoding.c
- dfr_test.c
- dfr_test.h
- gf2x_arith.c
- gf2x_arith.h
- H_Q_matrices_generation.c
- H_Q_matrices_generation.h
- kem.c
- niederreiter.c
- niederreiter.h
- rng.h
- source:
scheme: ledakemlt32
implementation: leaktime
files:
- bf_decoding.c
- dfr_test.c
- dfr_test.h
- gf2x_arith.c
- gf2x_arith.h
- gf2x_arith_mod_xPplusOne.c
- H_Q_matrices_generation.c
- H_Q_matrices_generation.h
- kem.c
- niederreiter.c
- niederreiter.h
- rng.h