WIP

3 years ago · 4634b9804c
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -555,6 +555,23 @@ target_link_libraries(
  pqclean_dilithium5_clean
 )
 add_executable(
  mytest
  test/mytest.cpp
 )
 target_link_libraries(
  mytest
  gtest
  gtest_main)
 target_include_directories(
  mytest PRIVATE
  ${CMAKE_SOURCE_DIR})
 install(TARGETS pqclean pqclean_s
  PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE WORLD_READ WORLD_WRITE
  LIBRARY DESTINATION lib
--- a/src/kem/kyber/kyber1024/clean/reduce.c
+++ b/src/kem/kyber/kyber1024/clean/reduce.c
@@ -35,10 +35,22 @@ int16_t PQCLEAN_KYBER1024_CLEAN_montgomery_reduce(int32_t a) {
 * Returns:     integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q.
 **************************************************/
 int16_t PQCLEAN_KYBER1024_CLEAN_barrett_reduce(int16_t a) {
    int16_t t;
    const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
    int16_t p;
    int32_t t;
 // Montgomery constant R=2^16
 #define KYBER_MONT_Re 16U
 // -1/KYBER_Q mod KYBER_MONT_R
 #define KYBER_MONT_qinv 3327U
    // -Q^(-1)*a mod 2^16
    p = (uint32_t)a*KYBER_MONT_qinv;
    t = KYBER_Q*p;
    t += a;
    // Final result not in a Montgomery domain
    return t>>KYBER_MONT_Re;
    t  = ((int32_t)v * a + (1 << 25)) >> 26;
    t *= KYBER_Q;
    return a - t;
 // only because I include .c file in test
 #undef KYBER_MONT_M
 #undef KYBER_MONT_qinv
 }
--- a/src/kem/kyber/kyber768/clean/cbd.c
+++ b/src/kem/kyber/kyber768/clean/cbd.c
@@ -21,18 +21,6 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
    return r;
 }
 /*************************************************
 * Name:        load24_littleendian
 *
 * Description: load 3 bytes into a 32-bit integer
 *              in little-endian order.
 *              This function is only needed for Kyber-512
 *
 * Arguments:   - const uint8_t *x: pointer to input byte array
 *
 * Returns 32-bit unsigned integer loaded from x (most significant byte is zero)
 **************************************************/
 /*************************************************
 * Name:        cbd2
--- a/src/kem/kyber/kyber768/clean/reduce.c
+++ b/src/kem/kyber/kyber768/clean/reduce.c
@@ -1,6 +1,7 @@
 #include "params.h"
 #include "reduce.h"
 #include <stdint.h>
 #include <stdio.h>
 /*************************************************
 * Name:        PQCLEAN_KYBER768_CLEAN_montgomery_reduce
@@ -11,7 +12,7 @@
 * Arguments:   - int32_t a: input integer to be reduced;
 *                           has to be in {-q2^15,...,q2^15-1}
 *
 * Returns:     integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q.
 * Returns:     integer in {-q+1,...,q-1} congruent to a * R^-1 modulo 2*q.
 **************************************************/
 int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) {
    int32_t t;
@@ -35,10 +36,34 @@ int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) {
 * Returns:     integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q.
 **************************************************/
 int16_t PQCLEAN_KYBER768_CLEAN_barrett_reduce(int16_t a) {
    int16_t t;
    const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
    t  = ((int32_t)v * a + (1 << 25)) >> 26;
    t *= KYBER_Q;
    return a - t;
    int32_t t;
 /*
 * Barrett reduction is applied to 16-bit signed
 * integers. We use q=26 to compute the reprociacal
 * floor(2^q / KYBER_Q), which is much larger than
 * any value of 'a'. That way, the final subtraction
 * can be avoided. (OZAPTF): perform bounds analysis
 * check if that's true).
 */
 #define KYBER_BARETT_q 26
 /*
 * Reprocical used by Barrett reduction
 *   floor(2^q / KYBER_Q)
 */
 #define KYBER_BARETT_U 20158
    // Round the reprocical up
    t = (KYBER_BARETT_U+1)*a;
    // Add 1/2 * 2^25 to centrize
    // in {-(q-1)/2,...,(q-1)/2} mod KYBER_Q.
    t += 1<<25;
    // Last 4 bytes
    t >>= 26;
    // Final multiplication and subtraction
    return a - ((int16_t)t)*KYBER_Q;
 #undef KYBER_BARETT_q
 #undef KYBER_BARETT_U
 }
--- a/src/sign/dilithium/dilithium3/clean/rounding.c
+++ b/src/sign/dilithium/dilithium3/clean/rounding.c
@@ -1,6 +1,8 @@
 #include "params.h"
 #include "rounding.h"
 #include <stdint.h>
 #include <stdio.h>
 #include <assert.h>
 /*************************************************
 * Name:        PQCLEAN_DILITHIUM3_CLEAN_power2round
@@ -38,10 +40,19 @@ int32_t PQCLEAN_DILITHIUM3_CLEAN_power2round(int32_t *a0, int32_t a)  {
 **************************************************/
 int32_t PQCLEAN_DILITHIUM3_CLEAN_decompose(int32_t *a0, int32_t a) {
    int32_t a1;
    a=8176979;
    printf("0>%d\n", a);
    a1  = (a + 127) >> 7;
    a1  = (a1 * 1025 + (1 << 21)) >> 22;
    printf("1>%d\n", a1);
    a1  = (a1 * 1025);
    printf("2>%d\n", a1);
    a1 += (1 << 21);
    printf("3>%d\n", a1);
    a1 >>= 22;
    printf("4>%d\n", a1);
    a1 &= 15;
    printf("5>%d\n", a1);
    assert(0);
    *a0  = a - a1 * 2 * GAMMA2;
    *a0 -= (((Q - 1) / 2 - *a0) >> 31) & Q;
--- a/test/mytest.cpp
+++ b/test/mytest.cpp
@@ -1,8 +1,10 @@
 #include <gtest/gtest.h>
 #include "crypto_sign/dilithium/dilithium2/clean/ntt.c"
 #include "crypto_sign/dilithium/dilithium2/clean/reduce.c"
 #include "crypto_kem/kyber/kyber768/clean/reduce.c"
 //#include "src/sign/dilithium/dilithium2/clean/ntt.c"
 //#include "src/sign/dilithium/dilithium2/clean/reduce.c"
 #include "src/kem/kyber/kyber768/clean/reduce.h"
 #include "src/kem/kyber/kyber768/clean/reduce.c"
 #if 0
 TEST(X,XXX) {
 	uint32_t a_in[] = {
 		8185875, 3328957, 6049449, 4344158, 5817506, 4415885, 4890107, 4537720, 2601260,
@@ -18,7 +20,9 @@ TEST(X,XXX) {
 		printf("%08X, ", a_in[i]);
 	}
 }
 #endif
 TEST(Kyber,k) {
 	ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(1<<16), 1);
 	ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(((-KYBER_Q)*(1<<15))), 0);
 	ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(((-KYBER_Q)*(1<<15))+1), -3160);
 }