From 5436ec0476304e0195ed32ab78c8b69f367063c0 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Fri, 13 Mar 2020 15:58:15 -0400 Subject: [PATCH] Fix uint8_t to uint16_t upcast in Frodo --- crypto_kem/frodokem1344aes/clean/kem.c | 4 ++-- crypto_kem/frodokem1344aes/opt/kem.c | 4 ++-- crypto_kem/frodokem1344shake/clean/kem.c | 4 ++-- crypto_kem/frodokem1344shake/opt/kem.c | 4 ++-- crypto_kem/frodokem640aes/clean/kem.c | 4 ++-- crypto_kem/frodokem640aes/opt/kem.c | 4 ++-- crypto_kem/frodokem640shake/clean/kem.c | 4 ++-- crypto_kem/frodokem640shake/opt/kem.c | 4 ++-- crypto_kem/frodokem976aes/clean/kem.c | 4 ++-- crypto_kem/frodokem976aes/opt/kem.c | 4 ++-- crypto_kem/frodokem976shake/clean/kem.c | 4 ++-- crypto_kem/frodokem976shake/opt/kem.c | 4 ++-- 12 files changed, 24 insertions(+), 24 deletions(-) diff --git a/crypto_kem/frodokem1344aes/clean/kem.c b/crypto_kem/frodokem1344aes/clean/kem.c index 611ca711..58274ee4 100644 --- a/crypto_kem/frodokem1344aes/clean/kem.c +++ b/crypto_kem/frodokem1344aes/clean/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM1344AES_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM1344AES_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM1344AES_CLEAN_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem1344aes/opt/kem.c b/crypto_kem/frodokem1344aes/opt/kem.c index d989588a..f5d73a2d 100644 --- a/crypto_kem/frodokem1344aes/opt/kem.c +++ b/crypto_kem/frodokem1344aes/opt/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM1344AES_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, c const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM1344AES_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, c uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM1344AES_OPT_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem1344shake/clean/kem.c b/crypto_kem/frodokem1344shake/clean/kem.c index 85d0ce5c..b018e262 100644 --- a/crypto_kem/frodokem1344shake/clean/kem.c +++ b/crypto_kem/frodokem1344shake/clean/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *c const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *c uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem1344shake/opt/kem.c b/crypto_kem/frodokem1344shake/opt/kem.c index 45a940ae..2e9fd712 100644 --- a/crypto_kem/frodokem1344shake/opt/kem.c +++ b/crypto_kem/frodokem1344shake/opt/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem640aes/clean/kem.c b/crypto_kem/frodokem640aes/clean/kem.c index 7049e252..9edf1226 100644 --- a/crypto_kem/frodokem640aes/clean/kem.c +++ b/crypto_kem/frodokem640aes/clean/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM640AES_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM640AES_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM640AES_CLEAN_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem640aes/opt/kem.c b/crypto_kem/frodokem640aes/opt/kem.c index 386553a1..e11cc4d1 100644 --- a/crypto_kem/frodokem640aes/opt/kem.c +++ b/crypto_kem/frodokem640aes/opt/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM640AES_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, co const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM640AES_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, co uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM640AES_OPT_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem640shake/clean/kem.c b/crypto_kem/frodokem640shake/clean/kem.c index ff2b9f46..2604a9ef 100644 --- a/crypto_kem/frodokem640shake/clean/kem.c +++ b/crypto_kem/frodokem640shake/clean/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM640SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM640SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem640shake/opt/kem.c b/crypto_kem/frodokem640shake/opt/kem.c index 50bb88c8..c3ba675a 100644 --- a/crypto_kem/frodokem640shake/opt/kem.c +++ b/crypto_kem/frodokem640shake/opt/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem976aes/clean/kem.c b/crypto_kem/frodokem976aes/clean/kem.c index 0c46065e..8c0987a8 100644 --- a/crypto_kem/frodokem976aes/clean/kem.c +++ b/crypto_kem/frodokem976aes/clean/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM976AES_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM976AES_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM976AES_CLEAN_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem976aes/opt/kem.c b/crypto_kem/frodokem976aes/opt/kem.c index a6ebdc0b..ccf44465 100644 --- a/crypto_kem/frodokem976aes/opt/kem.c +++ b/crypto_kem/frodokem976aes/opt/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM976AES_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, co const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM976AES_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, co uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM976AES_OPT_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem976shake/clean/kem.c b/crypto_kem/frodokem976shake/clean/kem.c index 5ba0b224..70c30dee 100644 --- a/crypto_kem/frodokem976shake/clean/kem.c +++ b/crypto_kem/frodokem976shake/clean/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM976SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM976SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu diff --git a/crypto_kem/frodokem976shake/opt/kem.c b/crypto_kem/frodokem976shake/opt/kem.c index 69b94ee0..b5d3337f 100644 --- a/crypto_kem/frodokem976shake/opt/kem.c +++ b/crypto_kem/frodokem976shake/opt/kem.c @@ -155,7 +155,7 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *ct_c2 = &ct[(PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8]; const uint8_t *sk_s = &sk[0]; const uint8_t *sk_pk = &sk[CRYPTO_BYTES]; - const uint16_t *sk_S = (uint16_t *) &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; + const uint8_t *sk_S = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES]; uint16_t S[PARAMS_N * PARAMS_NBAR]; // contains secret data const uint8_t *sk_pkh = &sk[CRYPTO_BYTES + CRYPTO_PUBLICKEYBYTES + 2 * PARAMS_N * PARAMS_NBAR]; const uint8_t *pk_seedA = &sk_pk[0]; @@ -172,7 +172,7 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, uint8_t shake_input_seedSEprime[1 + CRYPTO_BYTES]; // contains secret data for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) { - S[i] = PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(sk_S[i]); + S[i] = sk_S[2*i] | (sk_S[2*i+1] << 8); } // Compute W = C - Bp*S (mod q), and decode the randomness mu