Copy ntru fixes from recent commits
This commit is contained in:
parent
51102e05ce
commit
4924ea0a6a
@ -30,10 +30,10 @@ void PQCLEAN_NTRUHPS2048509_CLEAN_sample_fixed_type(poly *r, const unsigned char
|
|||||||
|
|
||||||
// Use 30 bits of u per word
|
// Use 30 bits of u per word
|
||||||
for (i = 0; i < (NTRU_N - 1) / 4; i++) {
|
for (i = 0; i < (NTRU_N - 1) / 4; i++) {
|
||||||
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t)u[15 * i + 3] << 26);
|
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
|
||||||
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t)u[15 * i + 7] << 28);
|
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
|
||||||
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t)u[15 * i + 11] << 30);
|
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
|
||||||
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t)u[15 * i + 14] << 24);
|
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < NTRU_WEIGHT / 2; i++) {
|
for (i = 0; i < NTRU_WEIGHT / 2; i++) {
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
#define int32_MINMAX(a,b) \
|
#define int32_MINMAX(a,b) \
|
||||||
do { \
|
do { \
|
||||||
int32_t ab = (b) ^ (a); \
|
int32_t ab = (b) ^ (a); \
|
||||||
int32_t c = (b) - (a); \
|
int32_t c = (int32_t)((int64_t)(b) - (int64_t)(a)); \
|
||||||
c ^= ab & (c ^ (b)); \
|
c ^= ab & (c ^ (b)); \
|
||||||
c >>= 31; \
|
c >>= 31; \
|
||||||
c &= ab; \
|
c &= ab; \
|
||||||
|
@ -37,7 +37,6 @@ int PQCLEAN_NTRUHPS2048677_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
|
|||||||
int i, fail;
|
int i, fail;
|
||||||
uint8_t rm[NTRU_OWCPA_MSGBYTES];
|
uint8_t rm[NTRU_OWCPA_MSGBYTES];
|
||||||
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
|
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
|
||||||
uint8_t *cmp = buf + NTRU_PRFKEYBYTES;
|
|
||||||
|
|
||||||
fail = PQCLEAN_NTRUHPS2048677_CLEAN_owcpa_dec(rm, c, sk);
|
fail = PQCLEAN_NTRUHPS2048677_CLEAN_owcpa_dec(rm, c, sk);
|
||||||
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
|
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
|
||||||
@ -50,9 +49,9 @@ int PQCLEAN_NTRUHPS2048677_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
|
|||||||
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
|
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
|
||||||
}
|
}
|
||||||
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
|
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
|
||||||
cmp[i] = c[i];
|
buf[NTRU_PRFKEYBYTES + i] = c[i];
|
||||||
}
|
}
|
||||||
sha3_256(rm, cmp, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
|
sha3_256(rm, buf, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
|
||||||
|
|
||||||
PQCLEAN_NTRUHPS2048677_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);
|
PQCLEAN_NTRUHPS2048677_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);
|
||||||
|
|
||||||
|
@ -25,15 +25,15 @@ void PQCLEAN_NTRUHPS2048677_CLEAN_sample_iid(poly *r, const unsigned char unifor
|
|||||||
void PQCLEAN_NTRUHPS2048677_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) {
|
void PQCLEAN_NTRUHPS2048677_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) {
|
||||||
// Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8)
|
// Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8)
|
||||||
|
|
||||||
int32_t s[NTRU_N - 1];
|
uint32_t s[NTRU_N - 1];
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
// Use 30 bits of u per word
|
// Use 30 bits of u per word
|
||||||
for (i = 0; i < (NTRU_N - 1) / 4; i++) {
|
for (i = 0; i < (NTRU_N - 1) / 4; i++) {
|
||||||
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + (u[15 * i + 3] << 26);
|
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
|
||||||
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + (u[15 * i + 7] << 28);
|
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
|
||||||
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + (u[15 * i + 11] << 30);
|
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
|
||||||
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + (u[15 * i + 14] << 24);
|
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < NTRU_WEIGHT / 2; i++) {
|
for (i = 0; i < NTRU_WEIGHT / 2; i++) {
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
#define int32_MINMAX(a,b) \
|
#define int32_MINMAX(a,b) \
|
||||||
do { \
|
do { \
|
||||||
int32_t ab = (b) ^ (a); \
|
int32_t ab = (b) ^ (a); \
|
||||||
int32_t c = (b) - (a); \
|
int32_t c = (int32_t)((int64_t)(b) - (int64_t)(a)); \
|
||||||
c ^= ab & (c ^ (b)); \
|
c ^= ab & (c ^ (b)); \
|
||||||
c >>= 31; \
|
c >>= 31; \
|
||||||
c &= ab; \
|
c &= ab; \
|
||||||
|
@ -37,7 +37,6 @@ int PQCLEAN_NTRUHPS4096821_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
|
|||||||
int i, fail;
|
int i, fail;
|
||||||
uint8_t rm[NTRU_OWCPA_MSGBYTES];
|
uint8_t rm[NTRU_OWCPA_MSGBYTES];
|
||||||
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
|
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
|
||||||
uint8_t *cmp = buf + NTRU_PRFKEYBYTES;
|
|
||||||
|
|
||||||
fail = PQCLEAN_NTRUHPS4096821_CLEAN_owcpa_dec(rm, c, sk);
|
fail = PQCLEAN_NTRUHPS4096821_CLEAN_owcpa_dec(rm, c, sk);
|
||||||
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
|
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
|
||||||
@ -50,9 +49,9 @@ int PQCLEAN_NTRUHPS4096821_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
|
|||||||
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
|
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
|
||||||
}
|
}
|
||||||
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
|
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
|
||||||
cmp[i] = c[i];
|
buf[NTRU_PRFKEYBYTES + i] = c[i];
|
||||||
}
|
}
|
||||||
sha3_256(rm, cmp, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
|
sha3_256(rm, buf, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
|
||||||
|
|
||||||
PQCLEAN_NTRUHPS4096821_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);
|
PQCLEAN_NTRUHPS4096821_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);
|
||||||
|
|
||||||
|
@ -25,15 +25,15 @@ void PQCLEAN_NTRUHPS4096821_CLEAN_sample_iid(poly *r, const unsigned char unifor
|
|||||||
void PQCLEAN_NTRUHPS4096821_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) {
|
void PQCLEAN_NTRUHPS4096821_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) {
|
||||||
// Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8)
|
// Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8)
|
||||||
|
|
||||||
int32_t s[NTRU_N - 1];
|
uint32_t s[NTRU_N - 1];
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
// Use 30 bits of u per word
|
// Use 30 bits of u per word
|
||||||
for (i = 0; i < (NTRU_N - 1) / 4; i++) {
|
for (i = 0; i < (NTRU_N - 1) / 4; i++) {
|
||||||
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + (u[15 * i + 3] << 26);
|
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
|
||||||
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + (u[15 * i + 7] << 28);
|
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
|
||||||
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + (u[15 * i + 11] << 30);
|
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
|
||||||
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + (u[15 * i + 14] << 24);
|
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < NTRU_WEIGHT / 2; i++) {
|
for (i = 0; i < NTRU_WEIGHT / 2; i++) {
|
||||||
|
@ -37,7 +37,6 @@ int PQCLEAN_NTRUHRSS701_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const
|
|||||||
int i, fail;
|
int i, fail;
|
||||||
uint8_t rm[NTRU_OWCPA_MSGBYTES];
|
uint8_t rm[NTRU_OWCPA_MSGBYTES];
|
||||||
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
|
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
|
||||||
uint8_t *cmp = buf + NTRU_PRFKEYBYTES;
|
|
||||||
|
|
||||||
fail = PQCLEAN_NTRUHRSS701_CLEAN_owcpa_dec(rm, c, sk);
|
fail = PQCLEAN_NTRUHRSS701_CLEAN_owcpa_dec(rm, c, sk);
|
||||||
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
|
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
|
||||||
@ -50,9 +49,9 @@ int PQCLEAN_NTRUHRSS701_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const
|
|||||||
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
|
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
|
||||||
}
|
}
|
||||||
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
|
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
|
||||||
cmp[i] = c[i];
|
buf[NTRU_PRFKEYBYTES + i] = c[i];
|
||||||
}
|
}
|
||||||
sha3_256(rm, cmp, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
|
sha3_256(rm, buf, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
|
||||||
|
|
||||||
PQCLEAN_NTRUHRSS701_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);
|
PQCLEAN_NTRUHRSS701_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user