From 4406f00784f4ae532eb91650ec25c48e437d2c2e Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Wed, 28 Oct 2020 23:31:01 -0400 Subject: [PATCH] simplify pack_unpack.c --- crypto_kem/firesaber/META.yml | 4 +- crypto_kem/firesaber/avx2/pack_unpack.c | 76 +++++++++-------- crypto_kem/firesaber/clean/pack_unpack.c | 76 +++++++++-------- crypto_kem/lightsaber/META.yml | 4 +- crypto_kem/lightsaber/avx2/pack_unpack.c | 84 ++++++++++--------- crypto_kem/lightsaber/clean/pack_unpack.c | 84 ++++++++++--------- crypto_kem/saber/META.yml | 4 +- crypto_kem/saber/avx2/pack_unpack.c | 68 +++++++-------- crypto_kem/saber/clean/pack_unpack.c | 68 +++++++-------- test/duplicate_consistency/firesaber_avx2.yml | 1 - .../duplicate_consistency/firesaber_clean.yml | 1 - .../duplicate_consistency/lightsaber_avx2.yml | 5 -- .../lightsaber_clean.yml | 3 - test/duplicate_consistency/saber_avx2.yml | 3 - test/duplicate_consistency/saber_clean.yml | 2 - 15 files changed, 240 insertions(+), 243 deletions(-) diff --git a/crypto_kem/firesaber/META.yml b/crypto_kem/firesaber/META.yml index 6cd4342b..3d1a0a41 100644 --- a/crypto_kem/firesaber/META.yml +++ b/crypto_kem/firesaber/META.yml @@ -14,9 +14,9 @@ principal-submitters: - Frederik Vercauteren implementations: - name: clean - version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/33e5ed62/saber + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/90d072e4/saber - name: avx2 - version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/33e5ed62/saber + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/90d072e4/saber supported_platforms: - architecture: x86_64 operating_systems: diff --git a/crypto_kem/firesaber/avx2/pack_unpack.c b/crypto_kem/firesaber/avx2/pack_unpack.c index 41b9747a..82f5a3f0 100644 --- a/crypto_kem/firesaber/avx2/pack_unpack.c +++ b/crypto_kem/firesaber/avx2/pack_unpack.c @@ -8,23 +8,24 @@ void PQCLEAN_FIRESABER_AVX2_POLT2BS(uint8_t bytes[SABER_SCALEBYTES_KEM], const p const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & 0x3f) | ((in[1] & 0x03) << 6); - out[1] = ((in[1] >> 2) & 0x0f) | ((in[2] & 0x0f) << 4); - out[2] = ((in[2] >> 4) & 0x03) | ((in[3] & 0x3f) << 2); + out[0] = (in[0] & 0x3f) | (in[1] << 6); + out[1] = ((in[1] >> 2) & 0x0f) | (in[2] << 4); + out[2] = ((in[2] >> 4) & 0x03) | (in[3] << 2); in += 4; out += 3; } } void PQCLEAN_FIRESABER_AVX2_BS2POLT(poly *data, const uint8_t bytes[SABER_SCALEBYTES_KEM]) { + /* This function does not reduce its output mod T */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 4; j++) { - out[0] = in[0] & 0x3f; - out[1] = ((in[0] >> 6) & 0x03) | ((in[1] & 0x0f) << 2); - out[2] = ((in[1] & 0xff) >> 4) | ((in[2] & 0x03) << 4); - out[3] = ((in[2] & 0xff) >> 2); + out[0] = in[0]; + out[1] = (in[0] >> 6) | (in[1] << 2); + out[2] = (in[1] >> 4) | (in[2] << 4); + out[3] = (in[2] >> 2); in += 3; out += 4; } @@ -35,37 +36,38 @@ static void POLq2BS(uint8_t bytes[SABER_POLYBYTES], const poly *data) { const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x1f) | ((in[1] & 0x07) << 5); - out[2] = ((in[1] >> 3) & 0xff); - out[3] = ((in[1] >> 11) & 0x03) | ((in[2] & 0x3f) << 2); - out[4] = ((in[2] >> 6) & 0x7f) | ((in[3] & 0x01) << 7); - out[5] = ((in[3] >> 1) & 0xff); - out[6] = ((in[3] >> 9) & 0x0f) | ((in[4] & 0x0f) << 4); - out[7] = ((in[4] >> 4) & 0xff); - out[8] = ((in[4] >> 12) & 0x01) | ((in[5] & 0x7f) << 1); - out[9] = ((in[5] >> 7) & 0x3f) | ((in[6] & 0x03) << 6); - out[10] = ((in[6] >> 2) & 0xff); - out[11] = ((in[6] >> 10) & 0x07) | ((in[7] & 0x1f) << 3); - out[12] = ((in[7] >> 5) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x1f) | (in[1] << 5); + out[2] = in[1] >> 3; + out[3] = ((in[1] >> 11) & 0x03) | (in[2] << 2); + out[4] = ((in[2] >> 6) & 0x7f) | (in[3] << 7); + out[5] = in[3] >> 1; + out[6] = ((in[3] >> 9) & 0x0f) | (in[4] << 4); + out[7] = in[4] >> 4; + out[8] = ((in[4] >> 12) & 0x01) | (in[5] << 1); + out[9] = ((in[5] >> 7) & 0x3f) | (in[6] << 6); + out[10] = in[6] >> 2; + out[11] = ((in[6] >> 10) & 0x07) | (in[7] << 3); + out[12] = in[7] >> 5; in += 8; out += 13; } } static void BS2POLq(poly *data, const uint8_t bytes[SABER_POLYBYTES]) { + /* This function does not reduce its output mod Q */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x1f) << 8); - out[1] = (in[1] >> 5 & (0x07)) | ((in[2] & 0xff) << 3) | ((in[3] & 0x03) << 11); - out[2] = (in[3] >> 2 & (0x3f)) | ((in[4] & 0x7f) << 6); - out[3] = (in[4] >> 7 & (0x01)) | ((in[5] & 0xff) << 1) | ((in[6] & 0x0f) << 9); - out[4] = (in[6] >> 4 & (0x0f)) | ((in[7] & 0xff) << 4) | ((in[8] & 0x01) << 12); - out[5] = (in[8] >> 1 & (0x7f)) | ((in[9] & 0x3f) << 7); - out[6] = (in[9] >> 6 & (0x03)) | ((in[10] & 0xff) << 2) | ((in[11] & 0x07) << 10); - out[7] = (in[11] >> 3 & (0x1f)) | ((in[12] & 0xff) << 5); + out[0] = (in[0]) | (in[1] << 8); + out[1] = (in[1] >> 5) | (in[2] << 3) | (in[3] << 11); + out[2] = (in[3] >> 2) | (in[4] << 6); + out[3] = (in[4] >> 7) | (in[5] << 1) | (in[6] << 9); + out[4] = (in[6] >> 4) | (in[7] << 4) | (in[8] << 12); + out[5] = (in[8] >> 1) | (in[9] << 7); + out[6] = (in[9] >> 6) | (in[10] << 2) | (in[11] << 10); + out[7] = (in[11] >> 3) | (in[12] << 5); in += 13; out += 8; } @@ -76,11 +78,11 @@ static void POLp2BS(uint8_t bytes[SABER_POLYCOMPRESSEDBYTES], const poly *data) const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x03) | ((in[1] & 0x3f) << 2); - out[2] = ((in[1] >> 6) & 0x0f) | ((in[2] & 0x0f) << 4); - out[3] = ((in[2] >> 4) & 0x3f) | ((in[3] & 0x03) << 6); - out[4] = ((in[3] >> 2) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x03) | (in[1] << 2); + out[2] = ((in[1] >> 6) & 0x0f) | (in[2] << 4); + out[3] = ((in[2] >> 4) & 0x3f) | (in[3] << 6); + out[4] = in[3] >> 2; in += 4; out += 5; } @@ -91,10 +93,10 @@ static void BS2POLp(poly *data, const uint8_t bytes[SABER_POLYCOMPRESSEDBYTES]) const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x03) << 8); - out[1] = ((in[1] >> 2) & (0x3f)) | ((in[2] & 0x0f) << 6); - out[2] = ((in[2] >> 4) & (0x0f)) | ((in[3] & 0x3f) << 4); - out[3] = ((in[3] >> 6) & (0x03)) | ((in[4] & 0xff) << 2); + out[0] = in[0] | (in[1] << 8); + out[1] = (in[1] >> 2) | (in[2] << 6); + out[2] = (in[2] >> 4) | (in[3] << 4); + out[3] = (in[3] >> 6) | (in[4] << 2); in += 5; out += 4; } diff --git a/crypto_kem/firesaber/clean/pack_unpack.c b/crypto_kem/firesaber/clean/pack_unpack.c index ec2f1263..91ffd723 100644 --- a/crypto_kem/firesaber/clean/pack_unpack.c +++ b/crypto_kem/firesaber/clean/pack_unpack.c @@ -8,23 +8,24 @@ void PQCLEAN_FIRESABER_CLEAN_POLT2BS(uint8_t bytes[SABER_SCALEBYTES_KEM], const const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & 0x3f) | ((in[1] & 0x03) << 6); - out[1] = ((in[1] >> 2) & 0x0f) | ((in[2] & 0x0f) << 4); - out[2] = ((in[2] >> 4) & 0x03) | ((in[3] & 0x3f) << 2); + out[0] = (in[0] & 0x3f) | (in[1] << 6); + out[1] = ((in[1] >> 2) & 0x0f) | (in[2] << 4); + out[2] = ((in[2] >> 4) & 0x03) | (in[3] << 2); in += 4; out += 3; } } void PQCLEAN_FIRESABER_CLEAN_BS2POLT(poly *data, const uint8_t bytes[SABER_SCALEBYTES_KEM]) { + /* This function does not reduce its output mod T */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 4; j++) { - out[0] = in[0] & 0x3f; - out[1] = ((in[0] >> 6) & 0x03) | ((in[1] & 0x0f) << 2); - out[2] = ((in[1] & 0xff) >> 4) | ((in[2] & 0x03) << 4); - out[3] = ((in[2] & 0xff) >> 2); + out[0] = in[0]; + out[1] = (in[0] >> 6) | (in[1] << 2); + out[2] = (in[1] >> 4) | (in[2] << 4); + out[3] = (in[2] >> 2); in += 3; out += 4; } @@ -35,37 +36,38 @@ static void POLq2BS(uint8_t bytes[SABER_POLYBYTES], const poly *data) { const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x1f) | ((in[1] & 0x07) << 5); - out[2] = ((in[1] >> 3) & 0xff); - out[3] = ((in[1] >> 11) & 0x03) | ((in[2] & 0x3f) << 2); - out[4] = ((in[2] >> 6) & 0x7f) | ((in[3] & 0x01) << 7); - out[5] = ((in[3] >> 1) & 0xff); - out[6] = ((in[3] >> 9) & 0x0f) | ((in[4] & 0x0f) << 4); - out[7] = ((in[4] >> 4) & 0xff); - out[8] = ((in[4] >> 12) & 0x01) | ((in[5] & 0x7f) << 1); - out[9] = ((in[5] >> 7) & 0x3f) | ((in[6] & 0x03) << 6); - out[10] = ((in[6] >> 2) & 0xff); - out[11] = ((in[6] >> 10) & 0x07) | ((in[7] & 0x1f) << 3); - out[12] = ((in[7] >> 5) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x1f) | (in[1] << 5); + out[2] = in[1] >> 3; + out[3] = ((in[1] >> 11) & 0x03) | (in[2] << 2); + out[4] = ((in[2] >> 6) & 0x7f) | (in[3] << 7); + out[5] = in[3] >> 1; + out[6] = ((in[3] >> 9) & 0x0f) | (in[4] << 4); + out[7] = in[4] >> 4; + out[8] = ((in[4] >> 12) & 0x01) | (in[5] << 1); + out[9] = ((in[5] >> 7) & 0x3f) | (in[6] << 6); + out[10] = in[6] >> 2; + out[11] = ((in[6] >> 10) & 0x07) | (in[7] << 3); + out[12] = in[7] >> 5; in += 8; out += 13; } } static void BS2POLq(poly *data, const uint8_t bytes[SABER_POLYBYTES]) { + /* This function does not reduce its output mod Q */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x1f) << 8); - out[1] = (in[1] >> 5 & (0x07)) | ((in[2] & 0xff) << 3) | ((in[3] & 0x03) << 11); - out[2] = (in[3] >> 2 & (0x3f)) | ((in[4] & 0x7f) << 6); - out[3] = (in[4] >> 7 & (0x01)) | ((in[5] & 0xff) << 1) | ((in[6] & 0x0f) << 9); - out[4] = (in[6] >> 4 & (0x0f)) | ((in[7] & 0xff) << 4) | ((in[8] & 0x01) << 12); - out[5] = (in[8] >> 1 & (0x7f)) | ((in[9] & 0x3f) << 7); - out[6] = (in[9] >> 6 & (0x03)) | ((in[10] & 0xff) << 2) | ((in[11] & 0x07) << 10); - out[7] = (in[11] >> 3 & (0x1f)) | ((in[12] & 0xff) << 5); + out[0] = (in[0]) | (in[1] << 8); + out[1] = (in[1] >> 5) | (in[2] << 3) | (in[3] << 11); + out[2] = (in[3] >> 2) | (in[4] << 6); + out[3] = (in[4] >> 7) | (in[5] << 1) | (in[6] << 9); + out[4] = (in[6] >> 4) | (in[7] << 4) | (in[8] << 12); + out[5] = (in[8] >> 1) | (in[9] << 7); + out[6] = (in[9] >> 6) | (in[10] << 2) | (in[11] << 10); + out[7] = (in[11] >> 3) | (in[12] << 5); in += 13; out += 8; } @@ -76,11 +78,11 @@ static void POLp2BS(uint8_t bytes[SABER_POLYCOMPRESSEDBYTES], const poly *data) const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x03) | ((in[1] & 0x3f) << 2); - out[2] = ((in[1] >> 6) & 0x0f) | ((in[2] & 0x0f) << 4); - out[3] = ((in[2] >> 4) & 0x3f) | ((in[3] & 0x03) << 6); - out[4] = ((in[3] >> 2) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x03) | (in[1] << 2); + out[2] = ((in[1] >> 6) & 0x0f) | (in[2] << 4); + out[3] = ((in[2] >> 4) & 0x3f) | (in[3] << 6); + out[4] = in[3] >> 2; in += 4; out += 5; } @@ -91,10 +93,10 @@ static void BS2POLp(poly *data, const uint8_t bytes[SABER_POLYCOMPRESSEDBYTES]) const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x03) << 8); - out[1] = ((in[1] >> 2) & (0x3f)) | ((in[2] & 0x0f) << 6); - out[2] = ((in[2] >> 4) & (0x0f)) | ((in[3] & 0x3f) << 4); - out[3] = ((in[3] >> 6) & (0x03)) | ((in[4] & 0xff) << 2); + out[0] = in[0] | (in[1] << 8); + out[1] = (in[1] >> 2) | (in[2] << 6); + out[2] = (in[2] >> 4) | (in[3] << 4); + out[3] = (in[3] >> 6) | (in[4] << 2); in += 5; out += 4; } diff --git a/crypto_kem/lightsaber/META.yml b/crypto_kem/lightsaber/META.yml index d3d7bf13..263db2e0 100644 --- a/crypto_kem/lightsaber/META.yml +++ b/crypto_kem/lightsaber/META.yml @@ -14,9 +14,9 @@ principal-submitters: - Frederik Vercauteren implementations: - name: clean - version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/33e5ed62/saber + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/90d072e4/saber - name: avx2 - version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/33e5ed62/saber + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/90d072e4/saber supported_platforms: - architecture: x86_64 operating_systems: diff --git a/crypto_kem/lightsaber/avx2/pack_unpack.c b/crypto_kem/lightsaber/avx2/pack_unpack.c index a9f866ae..a154d24c 100644 --- a/crypto_kem/lightsaber/avx2/pack_unpack.c +++ b/crypto_kem/lightsaber/avx2/pack_unpack.c @@ -8,27 +8,28 @@ void PQCLEAN_LIGHTSABER_AVX2_POLT2BS(uint8_t bytes[SABER_SCALEBYTES_KEM], const const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & 0x7) | ((in[1] & 0x7) << 3) | ((in[2] & 0x3) << 6); - out[1] = ((in[2] >> 2) & 0x01) | ((in[3] & 0x7) << 1) | ((in[4] & 0x7) << 4) | (((in[5]) & 0x01) << 7); - out[2] = ((in[5] >> 1) & 0x03) | ((in[6] & 0x7) << 2) | ((in[7] & 0x7) << 5); + out[0] = (in[0] & 0x7) | ((in[1] & 0x7) << 3) | (in[2] << 6); + out[1] = ((in[2] >> 2) & 0x01) | ((in[3] & 0x7) << 1) | ((in[4] & 0x7) << 4) | (in[5] << 7); + out[2] = ((in[5] >> 1) & 0x03) | ((in[6] & 0x7) << 2) | (in[7] << 5); in += 8; out += 3; } } void PQCLEAN_LIGHTSABER_AVX2_BS2POLT(poly *data, const uint8_t bytes[SABER_SCALEBYTES_KEM]) { + /* This function does not reduce its output mod T */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0]) & 0x07; - out[1] = ((in[0]) >> 3) & 0x07; - out[2] = (((in[0]) >> 6) & 0x03) | (((in[1]) & 0x01) << 2); - out[3] = ((in[1]) >> 1) & 0x07; - out[4] = ((in[1]) >> 4) & 0x07; - out[5] = (((in[1]) >> 7) & 0x01) | (((in[2]) & 0x03) << 1); - out[6] = ((in[2] >> 2) & 0x07); - out[7] = ((in[2] >> 5) & 0x07); + out[0] = in[0]; + out[1] = in[0] >> 3; + out[2] = (in[0] >> 6) | (in[1] << 2); + out[3] = in[1] >> 1; + out[4] = in[1] >> 4; + out[5] = (in[1] >> 7) | (in[2] << 1); + out[6] = in[2] >> 2; + out[7] = in[2] >> 5; in += 3; out += 8; } @@ -39,37 +40,38 @@ static void POLq2BS(uint8_t bytes[SABER_POLYBYTES], const poly *data) { const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x1f) | ((in[1] & 0x07) << 5); - out[2] = ((in[1] >> 3) & 0xff); - out[3] = ((in[1] >> 11) & 0x03) | ((in[2] & 0x3f) << 2); - out[4] = ((in[2] >> 6) & 0x7f) | ((in[3] & 0x01) << 7); - out[5] = ((in[3] >> 1) & 0xff); - out[6] = ((in[3] >> 9) & 0x0f) | ((in[4] & 0x0f) << 4); - out[7] = ((in[4] >> 4) & 0xff); - out[8] = ((in[4] >> 12) & 0x01) | ((in[5] & 0x7f) << 1); - out[9] = ((in[5] >> 7) & 0x3f) | ((in[6] & 0x03) << 6); - out[10] = ((in[6] >> 2) & 0xff); - out[11] = ((in[6] >> 10) & 0x07) | ((in[7] & 0x1f) << 3); - out[12] = ((in[7] >> 5) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x1f) | (in[1] << 5); + out[2] = in[1] >> 3; + out[3] = ((in[1] >> 11) & 0x03) | (in[2] << 2); + out[4] = ((in[2] >> 6) & 0x7f) | (in[3] << 7); + out[5] = in[3] >> 1; + out[6] = ((in[3] >> 9) & 0x0f) | (in[4] << 4); + out[7] = in[4] >> 4; + out[8] = ((in[4] >> 12) & 0x01) | (in[5] << 1); + out[9] = ((in[5] >> 7) & 0x3f) | (in[6] << 6); + out[10] = in[6] >> 2; + out[11] = ((in[6] >> 10) & 0x07) | (in[7] << 3); + out[12] = in[7] >> 5; in += 8; out += 13; } } static void BS2POLq(poly *data, const uint8_t bytes[SABER_POLYBYTES]) { + /* This function does not reduce its output mod Q */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x1f) << 8); - out[1] = (in[1] >> 5 & (0x07)) | ((in[2] & 0xff) << 3) | ((in[3] & 0x03) << 11); - out[2] = (in[3] >> 2 & (0x3f)) | ((in[4] & 0x7f) << 6); - out[3] = (in[4] >> 7 & (0x01)) | ((in[5] & 0xff) << 1) | ((in[6] & 0x0f) << 9); - out[4] = (in[6] >> 4 & (0x0f)) | ((in[7] & 0xff) << 4) | ((in[8] & 0x01) << 12); - out[5] = (in[8] >> 1 & (0x7f)) | ((in[9] & 0x3f) << 7); - out[6] = (in[9] >> 6 & (0x03)) | ((in[10] & 0xff) << 2) | ((in[11] & 0x07) << 10); - out[7] = (in[11] >> 3 & (0x1f)) | ((in[12] & 0xff) << 5); + out[0] = (in[0]) | (in[1] << 8); + out[1] = (in[1] >> 5) | (in[2] << 3) | (in[3] << 11); + out[2] = (in[3] >> 2) | (in[4] << 6); + out[3] = (in[4] >> 7) | (in[5] << 1) | (in[6] << 9); + out[4] = (in[6] >> 4) | (in[7] << 4) | (in[8] << 12); + out[5] = (in[8] >> 1) | (in[9] << 7); + out[6] = (in[9] >> 6) | (in[10] << 2) | (in[11] << 10); + out[7] = (in[11] >> 3) | (in[12] << 5); in += 13; out += 8; } @@ -80,11 +82,11 @@ static void POLp2BS(uint8_t bytes[SABER_POLYCOMPRESSEDBYTES], const poly *data) const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x03) | ((in[1] & 0x3f) << 2); - out[2] = ((in[1] >> 6) & 0x0f) | ((in[2] & 0x0f) << 4); - out[3] = ((in[2] >> 4) & 0x3f) | ((in[3] & 0x03) << 6); - out[4] = ((in[3] >> 2) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x03) | (in[1] << 2); + out[2] = ((in[1] >> 6) & 0x0f) | (in[2] << 4); + out[3] = ((in[2] >> 4) & 0x3f) | (in[3] << 6); + out[4] = in[3] >> 2; in += 4; out += 5; } @@ -95,10 +97,10 @@ static void BS2POLp(poly *data, const uint8_t bytes[SABER_POLYCOMPRESSEDBYTES]) const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x03) << 8); - out[1] = ((in[1] >> 2) & (0x3f)) | ((in[2] & 0x0f) << 6); - out[2] = ((in[2] >> 4) & (0x0f)) | ((in[3] & 0x3f) << 4); - out[3] = ((in[3] >> 6) & (0x03)) | ((in[4] & 0xff) << 2); + out[0] = in[0] | (in[1] << 8); + out[1] = (in[1] >> 2) | (in[2] << 6); + out[2] = (in[2] >> 4) | (in[3] << 4); + out[3] = (in[3] >> 6) | (in[4] << 2); in += 5; out += 4; } diff --git a/crypto_kem/lightsaber/clean/pack_unpack.c b/crypto_kem/lightsaber/clean/pack_unpack.c index f64c4143..c1c8666c 100644 --- a/crypto_kem/lightsaber/clean/pack_unpack.c +++ b/crypto_kem/lightsaber/clean/pack_unpack.c @@ -8,27 +8,28 @@ void PQCLEAN_LIGHTSABER_CLEAN_POLT2BS(uint8_t bytes[SABER_SCALEBYTES_KEM], const const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & 0x7) | ((in[1] & 0x7) << 3) | ((in[2] & 0x3) << 6); - out[1] = ((in[2] >> 2) & 0x01) | ((in[3] & 0x7) << 1) | ((in[4] & 0x7) << 4) | (((in[5]) & 0x01) << 7); - out[2] = ((in[5] >> 1) & 0x03) | ((in[6] & 0x7) << 2) | ((in[7] & 0x7) << 5); + out[0] = (in[0] & 0x7) | ((in[1] & 0x7) << 3) | (in[2] << 6); + out[1] = ((in[2] >> 2) & 0x01) | ((in[3] & 0x7) << 1) | ((in[4] & 0x7) << 4) | (in[5] << 7); + out[2] = ((in[5] >> 1) & 0x03) | ((in[6] & 0x7) << 2) | (in[7] << 5); in += 8; out += 3; } } void PQCLEAN_LIGHTSABER_CLEAN_BS2POLT(poly *data, const uint8_t bytes[SABER_SCALEBYTES_KEM]) { + /* This function does not reduce its output mod T */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0]) & 0x07; - out[1] = ((in[0]) >> 3) & 0x07; - out[2] = (((in[0]) >> 6) & 0x03) | (((in[1]) & 0x01) << 2); - out[3] = ((in[1]) >> 1) & 0x07; - out[4] = ((in[1]) >> 4) & 0x07; - out[5] = (((in[1]) >> 7) & 0x01) | (((in[2]) & 0x03) << 1); - out[6] = ((in[2] >> 2) & 0x07); - out[7] = ((in[2] >> 5) & 0x07); + out[0] = in[0]; + out[1] = in[0] >> 3; + out[2] = (in[0] >> 6) | (in[1] << 2); + out[3] = in[1] >> 1; + out[4] = in[1] >> 4; + out[5] = (in[1] >> 7) | (in[2] << 1); + out[6] = in[2] >> 2; + out[7] = in[2] >> 5; in += 3; out += 8; } @@ -39,37 +40,38 @@ static void POLq2BS(uint8_t bytes[SABER_POLYBYTES], const poly *data) { const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x1f) | ((in[1] & 0x07) << 5); - out[2] = ((in[1] >> 3) & 0xff); - out[3] = ((in[1] >> 11) & 0x03) | ((in[2] & 0x3f) << 2); - out[4] = ((in[2] >> 6) & 0x7f) | ((in[3] & 0x01) << 7); - out[5] = ((in[3] >> 1) & 0xff); - out[6] = ((in[3] >> 9) & 0x0f) | ((in[4] & 0x0f) << 4); - out[7] = ((in[4] >> 4) & 0xff); - out[8] = ((in[4] >> 12) & 0x01) | ((in[5] & 0x7f) << 1); - out[9] = ((in[5] >> 7) & 0x3f) | ((in[6] & 0x03) << 6); - out[10] = ((in[6] >> 2) & 0xff); - out[11] = ((in[6] >> 10) & 0x07) | ((in[7] & 0x1f) << 3); - out[12] = ((in[7] >> 5) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x1f) | (in[1] << 5); + out[2] = in[1] >> 3; + out[3] = ((in[1] >> 11) & 0x03) | (in[2] << 2); + out[4] = ((in[2] >> 6) & 0x7f) | (in[3] << 7); + out[5] = in[3] >> 1; + out[6] = ((in[3] >> 9) & 0x0f) | (in[4] << 4); + out[7] = in[4] >> 4; + out[8] = ((in[4] >> 12) & 0x01) | (in[5] << 1); + out[9] = ((in[5] >> 7) & 0x3f) | (in[6] << 6); + out[10] = in[6] >> 2; + out[11] = ((in[6] >> 10) & 0x07) | (in[7] << 3); + out[12] = in[7] >> 5; in += 8; out += 13; } } static void BS2POLq(poly *data, const uint8_t bytes[SABER_POLYBYTES]) { + /* This function does not reduce its output mod Q */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x1f) << 8); - out[1] = (in[1] >> 5 & (0x07)) | ((in[2] & 0xff) << 3) | ((in[3] & 0x03) << 11); - out[2] = (in[3] >> 2 & (0x3f)) | ((in[4] & 0x7f) << 6); - out[3] = (in[4] >> 7 & (0x01)) | ((in[5] & 0xff) << 1) | ((in[6] & 0x0f) << 9); - out[4] = (in[6] >> 4 & (0x0f)) | ((in[7] & 0xff) << 4) | ((in[8] & 0x01) << 12); - out[5] = (in[8] >> 1 & (0x7f)) | ((in[9] & 0x3f) << 7); - out[6] = (in[9] >> 6 & (0x03)) | ((in[10] & 0xff) << 2) | ((in[11] & 0x07) << 10); - out[7] = (in[11] >> 3 & (0x1f)) | ((in[12] & 0xff) << 5); + out[0] = (in[0]) | (in[1] << 8); + out[1] = (in[1] >> 5) | (in[2] << 3) | (in[3] << 11); + out[2] = (in[3] >> 2) | (in[4] << 6); + out[3] = (in[4] >> 7) | (in[5] << 1) | (in[6] << 9); + out[4] = (in[6] >> 4) | (in[7] << 4) | (in[8] << 12); + out[5] = (in[8] >> 1) | (in[9] << 7); + out[6] = (in[9] >> 6) | (in[10] << 2) | (in[11] << 10); + out[7] = (in[11] >> 3) | (in[12] << 5); in += 13; out += 8; } @@ -80,11 +82,11 @@ static void POLp2BS(uint8_t bytes[SABER_POLYCOMPRESSEDBYTES], const poly *data) const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x03) | ((in[1] & 0x3f) << 2); - out[2] = ((in[1] >> 6) & 0x0f) | ((in[2] & 0x0f) << 4); - out[3] = ((in[2] >> 4) & 0x3f) | ((in[3] & 0x03) << 6); - out[4] = ((in[3] >> 2) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x03) | (in[1] << 2); + out[2] = ((in[1] >> 6) & 0x0f) | (in[2] << 4); + out[3] = ((in[2] >> 4) & 0x3f) | (in[3] << 6); + out[4] = in[3] >> 2; in += 4; out += 5; } @@ -95,10 +97,10 @@ static void BS2POLp(poly *data, const uint8_t bytes[SABER_POLYCOMPRESSEDBYTES]) const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x03) << 8); - out[1] = ((in[1] >> 2) & (0x3f)) | ((in[2] & 0x0f) << 6); - out[2] = ((in[2] >> 4) & (0x0f)) | ((in[3] & 0x3f) << 4); - out[3] = ((in[3] >> 6) & (0x03)) | ((in[4] & 0xff) << 2); + out[0] = in[0] | (in[1] << 8); + out[1] = (in[1] >> 2) | (in[2] << 6); + out[2] = (in[2] >> 4) | (in[3] << 4); + out[3] = (in[3] >> 6) | (in[4] << 2); in += 5; out += 4; } diff --git a/crypto_kem/saber/META.yml b/crypto_kem/saber/META.yml index 32b4b964..319f4ebf 100644 --- a/crypto_kem/saber/META.yml +++ b/crypto_kem/saber/META.yml @@ -14,9 +14,9 @@ principal-submitters: - Frederik Vercauteren implementations: - name: clean - version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/33e5ed62/saber + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/90d072e4/saber - name: avx2 - version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/33e5ed62/saber + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/90d072e4/saber supported_platforms: - architecture: x86_64 operating_systems: diff --git a/crypto_kem/saber/avx2/pack_unpack.c b/crypto_kem/saber/avx2/pack_unpack.c index 9bb46acb..a055b7e5 100644 --- a/crypto_kem/saber/avx2/pack_unpack.c +++ b/crypto_kem/saber/avx2/pack_unpack.c @@ -8,19 +8,20 @@ void PQCLEAN_SABER_AVX2_POLT2BS(uint8_t bytes[SABER_SCALEBYTES_KEM], const poly const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 2; j++) { - out[0] = (in[0] & 0x0f) | ((in[1] & 0x0f) << 4); + out[0] = (in[0] & 0x0f) | (in[1] << 4); in += 2; out += 1; } } void PQCLEAN_SABER_AVX2_BS2POLT(poly *data, const uint8_t bytes[SABER_SCALEBYTES_KEM]) { + /* This function does not reduce its output mod T */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 2; j++) { - out[0] = in[0] & 0x0f; - out[1] = (in[0] >> 4) & 0x0f; + out[0] = in[0]; + out[1] = in[0] >> 4; in += 1; out += 2; } @@ -31,37 +32,38 @@ static void POLq2BS(uint8_t bytes[SABER_POLYBYTES], const poly *data) { const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x1f) | ((in[1] & 0x07) << 5); - out[2] = ((in[1] >> 3) & 0xff); - out[3] = ((in[1] >> 11) & 0x03) | ((in[2] & 0x3f) << 2); - out[4] = ((in[2] >> 6) & 0x7f) | ((in[3] & 0x01) << 7); - out[5] = ((in[3] >> 1) & 0xff); - out[6] = ((in[3] >> 9) & 0x0f) | ((in[4] & 0x0f) << 4); - out[7] = ((in[4] >> 4) & 0xff); - out[8] = ((in[4] >> 12) & 0x01) | ((in[5] & 0x7f) << 1); - out[9] = ((in[5] >> 7) & 0x3f) | ((in[6] & 0x03) << 6); - out[10] = ((in[6] >> 2) & 0xff); - out[11] = ((in[6] >> 10) & 0x07) | ((in[7] & 0x1f) << 3); - out[12] = ((in[7] >> 5) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x1f) | (in[1] << 5); + out[2] = in[1] >> 3; + out[3] = ((in[1] >> 11) & 0x03) | (in[2] << 2); + out[4] = ((in[2] >> 6) & 0x7f) | (in[3] << 7); + out[5] = in[3] >> 1; + out[6] = ((in[3] >> 9) & 0x0f) | (in[4] << 4); + out[7] = in[4] >> 4; + out[8] = ((in[4] >> 12) & 0x01) | (in[5] << 1); + out[9] = ((in[5] >> 7) & 0x3f) | (in[6] << 6); + out[10] = in[6] >> 2; + out[11] = ((in[6] >> 10) & 0x07) | (in[7] << 3); + out[12] = in[7] >> 5; in += 8; out += 13; } } static void BS2POLq(poly *data, const uint8_t bytes[SABER_POLYBYTES]) { + /* This function does not reduce its output mod Q */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x1f) << 8); - out[1] = (in[1] >> 5 & (0x07)) | ((in[2] & 0xff) << 3) | ((in[3] & 0x03) << 11); - out[2] = (in[3] >> 2 & (0x3f)) | ((in[4] & 0x7f) << 6); - out[3] = (in[4] >> 7 & (0x01)) | ((in[5] & 0xff) << 1) | ((in[6] & 0x0f) << 9); - out[4] = (in[6] >> 4 & (0x0f)) | ((in[7] & 0xff) << 4) | ((in[8] & 0x01) << 12); - out[5] = (in[8] >> 1 & (0x7f)) | ((in[9] & 0x3f) << 7); - out[6] = (in[9] >> 6 & (0x03)) | ((in[10] & 0xff) << 2) | ((in[11] & 0x07) << 10); - out[7] = (in[11] >> 3 & (0x1f)) | ((in[12] & 0xff) << 5); + out[0] = (in[0]) | (in[1] << 8); + out[1] = (in[1] >> 5) | (in[2] << 3) | (in[3] << 11); + out[2] = (in[3] >> 2) | (in[4] << 6); + out[3] = (in[4] >> 7) | (in[5] << 1) | (in[6] << 9); + out[4] = (in[6] >> 4) | (in[7] << 4) | (in[8] << 12); + out[5] = (in[8] >> 1) | (in[9] << 7); + out[6] = (in[9] >> 6) | (in[10] << 2) | (in[11] << 10); + out[7] = (in[11] >> 3) | (in[12] << 5); in += 13; out += 8; } @@ -72,11 +74,11 @@ static void POLp2BS(uint8_t bytes[SABER_POLYCOMPRESSEDBYTES], const poly *data) const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x03) | ((in[1] & 0x3f) << 2); - out[2] = ((in[1] >> 6) & 0x0f) | ((in[2] & 0x0f) << 4); - out[3] = ((in[2] >> 4) & 0x3f) | ((in[3] & 0x03) << 6); - out[4] = ((in[3] >> 2) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x03) | (in[1] << 2); + out[2] = ((in[1] >> 6) & 0x0f) | (in[2] << 4); + out[3] = ((in[2] >> 4) & 0x3f) | (in[3] << 6); + out[4] = in[3] >> 2; in += 4; out += 5; } @@ -87,10 +89,10 @@ static void BS2POLp(poly *data, const uint8_t bytes[SABER_POLYCOMPRESSEDBYTES]) const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x03) << 8); - out[1] = ((in[1] >> 2) & (0x3f)) | ((in[2] & 0x0f) << 6); - out[2] = ((in[2] >> 4) & (0x0f)) | ((in[3] & 0x3f) << 4); - out[3] = ((in[3] >> 6) & (0x03)) | ((in[4] & 0xff) << 2); + out[0] = in[0] | (in[1] << 8); + out[1] = (in[1] >> 2) | (in[2] << 6); + out[2] = (in[2] >> 4) | (in[3] << 4); + out[3] = (in[3] >> 6) | (in[4] << 2); in += 5; out += 4; } diff --git a/crypto_kem/saber/clean/pack_unpack.c b/crypto_kem/saber/clean/pack_unpack.c index 2542f0b0..1b5bed81 100644 --- a/crypto_kem/saber/clean/pack_unpack.c +++ b/crypto_kem/saber/clean/pack_unpack.c @@ -8,19 +8,20 @@ void PQCLEAN_SABER_CLEAN_POLT2BS(uint8_t bytes[SABER_SCALEBYTES_KEM], const poly const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 2; j++) { - out[0] = (in[0] & 0x0f) | ((in[1] & 0x0f) << 4); + out[0] = (in[0] & 0x0f) | (in[1] << 4); in += 2; out += 1; } } void PQCLEAN_SABER_CLEAN_BS2POLT(poly *data, const uint8_t bytes[SABER_SCALEBYTES_KEM]) { + /* This function does not reduce its output mod T */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 2; j++) { - out[0] = in[0] & 0x0f; - out[1] = (in[0] >> 4) & 0x0f; + out[0] = in[0]; + out[1] = in[0] >> 4; in += 1; out += 2; } @@ -31,37 +32,38 @@ static void POLq2BS(uint8_t bytes[SABER_POLYBYTES], const poly *data) { const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x1f) | ((in[1] & 0x07) << 5); - out[2] = ((in[1] >> 3) & 0xff); - out[3] = ((in[1] >> 11) & 0x03) | ((in[2] & 0x3f) << 2); - out[4] = ((in[2] >> 6) & 0x7f) | ((in[3] & 0x01) << 7); - out[5] = ((in[3] >> 1) & 0xff); - out[6] = ((in[3] >> 9) & 0x0f) | ((in[4] & 0x0f) << 4); - out[7] = ((in[4] >> 4) & 0xff); - out[8] = ((in[4] >> 12) & 0x01) | ((in[5] & 0x7f) << 1); - out[9] = ((in[5] >> 7) & 0x3f) | ((in[6] & 0x03) << 6); - out[10] = ((in[6] >> 2) & 0xff); - out[11] = ((in[6] >> 10) & 0x07) | ((in[7] & 0x1f) << 3); - out[12] = ((in[7] >> 5) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x1f) | (in[1] << 5); + out[2] = in[1] >> 3; + out[3] = ((in[1] >> 11) & 0x03) | (in[2] << 2); + out[4] = ((in[2] >> 6) & 0x7f) | (in[3] << 7); + out[5] = in[3] >> 1; + out[6] = ((in[3] >> 9) & 0x0f) | (in[4] << 4); + out[7] = in[4] >> 4; + out[8] = ((in[4] >> 12) & 0x01) | (in[5] << 1); + out[9] = ((in[5] >> 7) & 0x3f) | (in[6] << 6); + out[10] = in[6] >> 2; + out[11] = ((in[6] >> 10) & 0x07) | (in[7] << 3); + out[12] = in[7] >> 5; in += 8; out += 13; } } static void BS2POLq(poly *data, const uint8_t bytes[SABER_POLYBYTES]) { + /* This function does not reduce its output mod Q */ size_t j; const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 8; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x1f) << 8); - out[1] = (in[1] >> 5 & (0x07)) | ((in[2] & 0xff) << 3) | ((in[3] & 0x03) << 11); - out[2] = (in[3] >> 2 & (0x3f)) | ((in[4] & 0x7f) << 6); - out[3] = (in[4] >> 7 & (0x01)) | ((in[5] & 0xff) << 1) | ((in[6] & 0x0f) << 9); - out[4] = (in[6] >> 4 & (0x0f)) | ((in[7] & 0xff) << 4) | ((in[8] & 0x01) << 12); - out[5] = (in[8] >> 1 & (0x7f)) | ((in[9] & 0x3f) << 7); - out[6] = (in[9] >> 6 & (0x03)) | ((in[10] & 0xff) << 2) | ((in[11] & 0x07) << 10); - out[7] = (in[11] >> 3 & (0x1f)) | ((in[12] & 0xff) << 5); + out[0] = (in[0]) | (in[1] << 8); + out[1] = (in[1] >> 5) | (in[2] << 3) | (in[3] << 11); + out[2] = (in[3] >> 2) | (in[4] << 6); + out[3] = (in[4] >> 7) | (in[5] << 1) | (in[6] << 9); + out[4] = (in[6] >> 4) | (in[7] << 4) | (in[8] << 12); + out[5] = (in[8] >> 1) | (in[9] << 7); + out[6] = (in[9] >> 6) | (in[10] << 2) | (in[11] << 10); + out[7] = (in[11] >> 3) | (in[12] << 5); in += 13; out += 8; } @@ -72,11 +74,11 @@ static void POLp2BS(uint8_t bytes[SABER_POLYCOMPRESSEDBYTES], const poly *data) const uint16_t *in = data->coeffs; uint8_t *out = bytes; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)); - out[1] = ((in[0] >> 8) & 0x03) | ((in[1] & 0x3f) << 2); - out[2] = ((in[1] >> 6) & 0x0f) | ((in[2] & 0x0f) << 4); - out[3] = ((in[2] >> 4) & 0x3f) | ((in[3] & 0x03) << 6); - out[4] = ((in[3] >> 2) & 0xff); + out[0] = in[0]; + out[1] = ((in[0] >> 8) & 0x03) | (in[1] << 2); + out[2] = ((in[1] >> 6) & 0x0f) | (in[2] << 4); + out[3] = ((in[2] >> 4) & 0x3f) | (in[3] << 6); + out[4] = in[3] >> 2; in += 4; out += 5; } @@ -87,10 +89,10 @@ static void BS2POLp(poly *data, const uint8_t bytes[SABER_POLYCOMPRESSEDBYTES]) const uint8_t *in = bytes; uint16_t *out = data->coeffs; for (j = 0; j < SABER_N / 4; j++) { - out[0] = (in[0] & (0xff)) | ((in[1] & 0x03) << 8); - out[1] = ((in[1] >> 2) & (0x3f)) | ((in[2] & 0x0f) << 6); - out[2] = ((in[2] >> 4) & (0x0f)) | ((in[3] & 0x3f) << 4); - out[3] = ((in[3] >> 6) & (0x03)) | ((in[4] & 0xff) << 2); + out[0] = in[0] | (in[1] << 8); + out[1] = (in[1] >> 2) | (in[2] << 6); + out[2] = (in[2] >> 4) | (in[3] << 4); + out[3] = (in[3] >> 6) | (in[4] << 2); in += 5; out += 4; } diff --git a/test/duplicate_consistency/firesaber_avx2.yml b/test/duplicate_consistency/firesaber_avx2.yml index 0ff04768..f5240334 100644 --- a/test/duplicate_consistency/firesaber_avx2.yml +++ b/test/duplicate_consistency/firesaber_avx2.yml @@ -6,7 +6,6 @@ consistency_checks: - api.h - cbd.h - pack_unpack.h - - kem.h - SABER_indcpa.h - SABER_params.h - verify.h diff --git a/test/duplicate_consistency/firesaber_clean.yml b/test/duplicate_consistency/firesaber_clean.yml index 5537ea62..bcfed7c0 100644 --- a/test/duplicate_consistency/firesaber_clean.yml +++ b/test/duplicate_consistency/firesaber_clean.yml @@ -5,7 +5,6 @@ consistency_checks: files: - api.h - cbd.h - - poly_mul.h - pack_unpack.h - SABER_indcpa.h - SABER_params.h diff --git a/test/duplicate_consistency/lightsaber_avx2.yml b/test/duplicate_consistency/lightsaber_avx2.yml index ed9ea4b8..dd6e9fed 100644 --- a/test/duplicate_consistency/lightsaber_avx2.yml +++ b/test/duplicate_consistency/lightsaber_avx2.yml @@ -6,7 +6,6 @@ consistency_checks: - api.h - cbd.h - pack_unpack.h - - kem.h - SABER_indcpa.h - SABER_params.h - verify.h @@ -20,7 +19,6 @@ consistency_checks: files: - cbd.h - pack_unpack.h - - kem.h - SABER_indcpa.h - verify.h - kem.c @@ -30,7 +28,6 @@ consistency_checks: implementation: avx2 files: - cbd.h - - kem.h - pack_unpack.h - poly.h - SABER_indcpa.h @@ -46,7 +43,6 @@ consistency_checks: files: - cbd.h - pack_unpack.h - - kem.h - SABER_indcpa.h - verify.h - kem.c @@ -56,7 +52,6 @@ consistency_checks: implementation: avx2 files: - cbd.h - - kem.h - pack_unpack.h - poly.h - SABER_indcpa.h diff --git a/test/duplicate_consistency/lightsaber_clean.yml b/test/duplicate_consistency/lightsaber_clean.yml index 8146b7d0..2f36ec86 100644 --- a/test/duplicate_consistency/lightsaber_clean.yml +++ b/test/duplicate_consistency/lightsaber_clean.yml @@ -5,7 +5,6 @@ consistency_checks: files: - api.h - cbd.h - - poly_mul.h - pack_unpack.h - SABER_indcpa.h - SABER_params.h @@ -34,7 +33,6 @@ consistency_checks: implementation: avx2 files: - cbd.h - - poly_mul.h - pack_unpack.h - SABER_indcpa.h - verify.h @@ -60,7 +58,6 @@ consistency_checks: implementation: avx2 files: - cbd.h - - poly_mul.h - pack_unpack.h - SABER_indcpa.h - verify.h diff --git a/test/duplicate_consistency/saber_avx2.yml b/test/duplicate_consistency/saber_avx2.yml index 4a04951d..0b4b60d7 100644 --- a/test/duplicate_consistency/saber_avx2.yml +++ b/test/duplicate_consistency/saber_avx2.yml @@ -6,7 +6,6 @@ consistency_checks: - api.h - cbd.h - pack_unpack.h - - kem.h - SABER_indcpa.h - SABER_params.h - verify.h @@ -20,7 +19,6 @@ consistency_checks: files: - cbd.h - pack_unpack.h - - kem.h - SABER_indcpa.h - verify.h - kem.c @@ -30,7 +28,6 @@ consistency_checks: implementation: avx2 files: - cbd.h - - kem.h - pack_unpack.h - poly.h - SABER_indcpa.h diff --git a/test/duplicate_consistency/saber_clean.yml b/test/duplicate_consistency/saber_clean.yml index a2700ea8..7f5ba121 100644 --- a/test/duplicate_consistency/saber_clean.yml +++ b/test/duplicate_consistency/saber_clean.yml @@ -5,7 +5,6 @@ consistency_checks: files: - api.h - cbd.h - - poly_mul.h - pack_unpack.h - SABER_indcpa.h - SABER_params.h @@ -34,7 +33,6 @@ consistency_checks: implementation: avx2 files: - cbd.h - - poly_mul.h - pack_unpack.h - SABER_indcpa.h - verify.h