From 5807a5400c5ad14641eef397713f1bb666e3f1df Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Mon, 14 Sep 2020 17:47:08 -0400 Subject: [PATCH] trying to satisfy ms again --- crypto_kem/hqc-128/avx2/fft.c | 17 +++++++++----- crypto_kem/hqc-128/clean/fft.c | 35 +++++++++++++++++++---------- crypto_kem/hqc-192/avx2/fft.c | 17 +++++++++----- crypto_kem/hqc-192/clean/fft.c | 35 +++++++++++++++++++---------- crypto_kem/hqc-256/avx2/fft.c | 17 +++++++++----- crypto_kem/hqc-256/clean/fft.c | 35 +++++++++++++++++++---------- crypto_kem/hqc-rmrs-128/avx2/fft.c | 9 +++++--- crypto_kem/hqc-rmrs-128/clean/fft.c | 9 +++++--- crypto_kem/hqc-rmrs-192/avx2/fft.c | 9 +++++--- crypto_kem/hqc-rmrs-192/clean/fft.c | 9 +++++--- crypto_kem/hqc-rmrs-256/avx2/fft.c | 9 +++++--- crypto_kem/hqc-rmrs-256/clean/fft.c | 9 +++++--- 12 files changed, 138 insertions(+), 72 deletions(-) diff --git a/crypto_kem/hqc-128/avx2/fft.c b/crypto_kem/hqc-128/avx2/fft.c index 476a621f..fb68e837 100644 --- a/crypto_kem/hqc-128/avx2/fft.c +++ b/crypto_kem/hqc-128/avx2/fft.c @@ -31,7 +31,7 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 static void compute_fft_betas(uint16_t *betas) { size_t i; for (i = 0; i < PARAM_M - 1; ++i) { - betas[i] = 1 << (PARAM_M - 1 - i); + betas[i] = (uint16_t) (1 << (PARAM_M - 1 - i)); } } @@ -134,7 +134,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -202,7 +203,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC128_AVX2_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC128_AVX2_gf_mul(beta_m_pow, f[i]); @@ -224,7 +226,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; @@ -300,7 +303,8 @@ void PQCLEAN_HQC128_AVX2_fft(uint16_t *w, const uint16_t *f, size_t f_coeffs) { fft_rec(u, f0, (f_coeffs + 1) / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); fft_rec(v, f1, f_coeffs / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; // Step 6, 7 and error polynomial computation memcpy(w + k, v, 2 * k); @@ -337,7 +341,8 @@ void PQCLEAN_HQC128_AVX2_fft_retrieve_bch_error_poly(uint64_t *error, const uint error[0] ^= 1 ^ ((uint16_t) - w[0] >> 15); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; index = PARAM_GF_MUL_ORDER; bit = 1 ^ ((uint16_t) - w[k] >> 15); error[index / 8] ^= bit << (index % 64); diff --git a/crypto_kem/hqc-128/clean/fft.c b/crypto_kem/hqc-128/clean/fft.c index 64901bec..2efe1f3d 100644 --- a/crypto_kem/hqc-128/clean/fft.c +++ b/crypto_kem/hqc-128/clean/fft.c @@ -34,7 +34,7 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 static void compute_fft_betas(uint16_t *betas) { size_t i; for (i = 0; i < PARAM_M - 1; ++i) { - betas[i] = 1 << (PARAM_M - 1 - i); + betas[i] = (uint16_t) (1 << (PARAM_M - 1 - i)); } } @@ -137,7 +137,8 @@ static void radix_t_big(uint16_t *f, const uint16_t *f0, const uint16_t *f1, uin uint16_t n; size_t i; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q0, f0 + n, 2 * n); memcpy(Q1, f1 + n, 2 * n); memcpy(R0, f0, 2 * n); @@ -187,7 +188,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m // Step 1 if (m_f == 1) { f[0] = 0; - x = 1 << m; + x = 1; + x <<= m; for (i = 0; i < x; ++i) { f[0] ^= w[i]; } @@ -221,7 +223,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m * Transpose: * u[i] = w[i] + w[k+i] * v[i] = G[i].w[i] + (G[i]+1).w[k+i] = G[i].u[i] + w[k+i] */ - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= (m - 1) & 0xf; // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case // Step 5: Compute f0 from u and f1 from v f1[1] = 0; @@ -252,7 +255,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m // Step 2: compute f from g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC128_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC128_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -297,7 +301,8 @@ void PQCLEAN_HQC128_CLEAN_fft_t(uint16_t *f, const uint16_t *w, size_t f_coeffs) * Transpose: * u[i] = w[i] + w[k+i] * v[i] = G[i].w[i] + (G[i]+1).w[k+i] = G[i].u[i] + w[k+i] */ - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; u[0] = w[0] ^ w[k]; v[0] = w[k]; for (i = 1; i < k; ++i) { @@ -396,7 +401,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -464,7 +470,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC128_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC128_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -486,7 +493,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= (m - 1) & 0xf; // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; @@ -562,7 +570,8 @@ void PQCLEAN_HQC128_CLEAN_fft(uint16_t *w, const uint16_t *f, size_t f_coeffs) { fft_rec(u, f0, (f_coeffs + 1) / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); fft_rec(v, f1, f_coeffs / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; // Step 6, 7 and error polynomial computation memcpy(w + k, v, 2 * k); @@ -616,7 +625,8 @@ void PQCLEAN_HQC128_CLEAN_fft_t_preprocess_bch_codeword(uint16_t *w, const uint6 compute_subset_sums(gammas_sums, gammas, PARAM_M - 1); // Twist and permute r adequately to obtain w - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; w[0] = 0; w[k] = -r[0] & 1; for (i = 1; i < k; ++i) { @@ -645,7 +655,8 @@ void PQCLEAN_HQC128_CLEAN_fft_retrieve_bch_error_poly(uint64_t *error, const uin error[0] ^= 1 ^ ((uint16_t) - w[0] >> 15); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; index = PARAM_GF_MUL_ORDER; bit = 1 ^ ((uint16_t) - w[k] >> 15); error[index / 8] ^= bit << (index % 64); diff --git a/crypto_kem/hqc-192/avx2/fft.c b/crypto_kem/hqc-192/avx2/fft.c index 8b851ce9..1a13de1a 100644 --- a/crypto_kem/hqc-192/avx2/fft.c +++ b/crypto_kem/hqc-192/avx2/fft.c @@ -31,7 +31,7 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 static void compute_fft_betas(uint16_t *betas) { size_t i; for (i = 0; i < PARAM_M - 1; ++i) { - betas[i] = 1 << (PARAM_M - 1 - i); + betas[i] = (uint16_t) (1 << (PARAM_M - 1 - i)); } } @@ -134,7 +134,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -202,7 +203,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC192_AVX2_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC192_AVX2_gf_mul(beta_m_pow, f[i]); @@ -224,7 +226,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; @@ -300,7 +303,8 @@ void PQCLEAN_HQC192_AVX2_fft(uint16_t *w, const uint16_t *f, size_t f_coeffs) { fft_rec(u, f0, (f_coeffs + 1) / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); fft_rec(v, f1, f_coeffs / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; // Step 6, 7 and error polynomial computation memcpy(w + k, v, 2 * k); @@ -337,7 +341,8 @@ void PQCLEAN_HQC192_AVX2_fft_retrieve_bch_error_poly(uint64_t *error, const uint error[0] ^= 1 ^ ((uint16_t) - w[0] >> 15); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; index = PARAM_GF_MUL_ORDER; bit = 1 ^ ((uint16_t) - w[k] >> 15); error[index / 8] ^= bit << (index % 64); diff --git a/crypto_kem/hqc-192/clean/fft.c b/crypto_kem/hqc-192/clean/fft.c index 64226507..0f58e7f1 100644 --- a/crypto_kem/hqc-192/clean/fft.c +++ b/crypto_kem/hqc-192/clean/fft.c @@ -34,7 +34,7 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 static void compute_fft_betas(uint16_t *betas) { size_t i; for (i = 0; i < PARAM_M - 1; ++i) { - betas[i] = 1 << (PARAM_M - 1 - i); + betas[i] = (uint16_t) (1 << (PARAM_M - 1 - i)); } } @@ -137,7 +137,8 @@ static void radix_t_big(uint16_t *f, const uint16_t *f0, const uint16_t *f1, uin uint16_t n; size_t i; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q0, f0 + n, 2 * n); memcpy(Q1, f1 + n, 2 * n); memcpy(R0, f0, 2 * n); @@ -187,7 +188,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m // Step 1 if (m_f == 1) { f[0] = 0; - x = 1 << m; + x = 1; + x <<= m; for (i = 0; i < x; ++i) { f[0] ^= w[i]; } @@ -221,7 +223,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m * Transpose: * u[i] = w[i] + w[k+i] * v[i] = G[i].w[i] + (G[i]+1).w[k+i] = G[i].u[i] + w[k+i] */ - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= (m - 1) & 0xf; // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case // Step 5: Compute f0 from u and f1 from v f1[1] = 0; @@ -252,7 +255,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m // Step 2: compute f from g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC192_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC192_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -297,7 +301,8 @@ void PQCLEAN_HQC192_CLEAN_fft_t(uint16_t *f, const uint16_t *w, size_t f_coeffs) * Transpose: * u[i] = w[i] + w[k+i] * v[i] = G[i].w[i] + (G[i]+1).w[k+i] = G[i].u[i] + w[k+i] */ - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; u[0] = w[0] ^ w[k]; v[0] = w[k]; for (i = 1; i < k; ++i) { @@ -396,7 +401,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -464,7 +470,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC192_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC192_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -486,7 +493,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= (m - 1) & 0xf; // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; @@ -562,7 +570,8 @@ void PQCLEAN_HQC192_CLEAN_fft(uint16_t *w, const uint16_t *f, size_t f_coeffs) { fft_rec(u, f0, (f_coeffs + 1) / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); fft_rec(v, f1, f_coeffs / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; // Step 6, 7 and error polynomial computation memcpy(w + k, v, 2 * k); @@ -616,7 +625,8 @@ void PQCLEAN_HQC192_CLEAN_fft_t_preprocess_bch_codeword(uint16_t *w, const uint6 compute_subset_sums(gammas_sums, gammas, PARAM_M - 1); // Twist and permute r adequately to obtain w - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; w[0] = 0; w[k] = -r[0] & 1; for (i = 1; i < k; ++i) { @@ -645,7 +655,8 @@ void PQCLEAN_HQC192_CLEAN_fft_retrieve_bch_error_poly(uint64_t *error, const uin error[0] ^= 1 ^ ((uint16_t) - w[0] >> 15); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; index = PARAM_GF_MUL_ORDER; bit = 1 ^ ((uint16_t) - w[k] >> 15); error[index / 8] ^= bit << (index % 64); diff --git a/crypto_kem/hqc-256/avx2/fft.c b/crypto_kem/hqc-256/avx2/fft.c index dc73de0f..db08d131 100644 --- a/crypto_kem/hqc-256/avx2/fft.c +++ b/crypto_kem/hqc-256/avx2/fft.c @@ -31,7 +31,7 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 static void compute_fft_betas(uint16_t *betas) { size_t i; for (i = 0; i < PARAM_M - 1; ++i) { - betas[i] = 1 << (PARAM_M - 1 - i); + betas[i] = (uint16_t) (1 << (PARAM_M - 1 - i)); } } @@ -134,7 +134,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -202,7 +203,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC256_AVX2_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC256_AVX2_gf_mul(beta_m_pow, f[i]); @@ -224,7 +226,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; @@ -300,7 +303,8 @@ void PQCLEAN_HQC256_AVX2_fft(uint16_t *w, const uint16_t *f, size_t f_coeffs) { fft_rec(u, f0, (f_coeffs + 1) / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); fft_rec(v, f1, f_coeffs / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; // Step 6, 7 and error polynomial computation memcpy(w + k, v, 2 * k); @@ -337,7 +341,8 @@ void PQCLEAN_HQC256_AVX2_fft_retrieve_bch_error_poly(uint64_t *error, const uint error[0] ^= 1 ^ ((uint16_t) - w[0] >> 15); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; index = PARAM_GF_MUL_ORDER; bit = 1 ^ ((uint16_t) - w[k] >> 15); error[index / 8] ^= bit << (index % 64); diff --git a/crypto_kem/hqc-256/clean/fft.c b/crypto_kem/hqc-256/clean/fft.c index 147f4193..f47ab23a 100644 --- a/crypto_kem/hqc-256/clean/fft.c +++ b/crypto_kem/hqc-256/clean/fft.c @@ -34,7 +34,7 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 static void compute_fft_betas(uint16_t *betas) { size_t i; for (i = 0; i < PARAM_M - 1; ++i) { - betas[i] = 1 << (PARAM_M - 1 - i); + betas[i] = (uint16_t) (1 << (PARAM_M - 1 - i)); } } @@ -137,7 +137,8 @@ static void radix_t_big(uint16_t *f, const uint16_t *f0, const uint16_t *f1, uin uint16_t n; size_t i; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q0, f0 + n, 2 * n); memcpy(Q1, f1 + n, 2 * n); memcpy(R0, f0, 2 * n); @@ -187,7 +188,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m // Step 1 if (m_f == 1) { f[0] = 0; - x = 1 << m; + x = 1; + x <<= m; for (i = 0; i < x; ++i) { f[0] ^= w[i]; } @@ -221,7 +223,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m * Transpose: * u[i] = w[i] + w[k+i] * v[i] = G[i].w[i] + (G[i]+1).w[k+i] = G[i].u[i] + w[k+i] */ - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= (m - 1) & 0xf; // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case // Step 5: Compute f0 from u and f1 from v f1[1] = 0; @@ -252,7 +255,8 @@ static void fft_t_rec(uint16_t *f, const uint16_t *w, size_t f_coeffs, uint8_t m // Step 2: compute f from g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC256_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC256_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -297,7 +301,8 @@ void PQCLEAN_HQC256_CLEAN_fft_t(uint16_t *f, const uint16_t *w, size_t f_coeffs) * Transpose: * u[i] = w[i] + w[k+i] * v[i] = G[i].w[i] + (G[i]+1).w[k+i] = G[i].u[i] + w[k+i] */ - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; u[0] = w[0] ^ w[k]; v[0] = w[k]; for (i = 1; i < k; ++i) { @@ -396,7 +401,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= m_f - 2; memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -464,7 +470,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQC256_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQC256_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -486,7 +493,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= (m - 1) & 0xf; // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; @@ -562,7 +570,8 @@ void PQCLEAN_HQC256_CLEAN_fft(uint16_t *w, const uint16_t *f, size_t f_coeffs) { fft_rec(u, f0, (f_coeffs + 1) / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); fft_rec(v, f1, f_coeffs / 2, PARAM_M - 1, PARAM_FFT - 1, deltas); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; // Step 6, 7 and error polynomial computation memcpy(w + k, v, 2 * k); @@ -616,7 +625,8 @@ void PQCLEAN_HQC256_CLEAN_fft_t_preprocess_bch_codeword(uint16_t *w, const uint6 compute_subset_sums(gammas_sums, gammas, PARAM_M - 1); // Twist and permute r adequately to obtain w - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; w[0] = 0; w[k] = -r[0] & 1; for (i = 1; i < k; ++i) { @@ -645,7 +655,8 @@ void PQCLEAN_HQC256_CLEAN_fft_retrieve_bch_error_poly(uint64_t *error, const uin error[0] ^= 1 ^ ((uint16_t) - w[0] >> 15); - k = 1 << (PARAM_M - 1); + k = 1; + k <<= PARAM_M - 1; index = PARAM_GF_MUL_ORDER; bit = 1 ^ ((uint16_t) - w[k] >> 15); error[index / 8] ^= bit << (index % 64); diff --git a/crypto_kem/hqc-rmrs-128/avx2/fft.c b/crypto_kem/hqc-rmrs-128/avx2/fft.c index e5ab65cc..cfd4f81f 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/fft.c +++ b/crypto_kem/hqc-rmrs-128/avx2/fft.c @@ -133,7 +133,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= (m_f - 2); memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -201,7 +202,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQCRMRS128_AVX2_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQCRMRS128_AVX2_gf_mul(beta_m_pow, f[i]); @@ -223,7 +225,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; diff --git a/crypto_kem/hqc-rmrs-128/clean/fft.c b/crypto_kem/hqc-rmrs-128/clean/fft.c index f89cafae..b95a7f54 100644 --- a/crypto_kem/hqc-rmrs-128/clean/fft.c +++ b/crypto_kem/hqc-rmrs-128/clean/fft.c @@ -133,7 +133,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= (m_f - 2); memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -201,7 +202,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQCRMRS128_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQCRMRS128_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -223,7 +225,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; diff --git a/crypto_kem/hqc-rmrs-192/avx2/fft.c b/crypto_kem/hqc-rmrs-192/avx2/fft.c index 382043e2..b01772da 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/fft.c +++ b/crypto_kem/hqc-rmrs-192/avx2/fft.c @@ -133,7 +133,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= (m_f - 2); memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -201,7 +202,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQCRMRS192_AVX2_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQCRMRS192_AVX2_gf_mul(beta_m_pow, f[i]); @@ -223,7 +225,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; diff --git a/crypto_kem/hqc-rmrs-192/clean/fft.c b/crypto_kem/hqc-rmrs-192/clean/fft.c index 90a7789f..ba761799 100644 --- a/crypto_kem/hqc-rmrs-192/clean/fft.c +++ b/crypto_kem/hqc-rmrs-192/clean/fft.c @@ -133,7 +133,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= (m_f - 2); memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -201,7 +202,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQCRMRS192_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQCRMRS192_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -223,7 +225,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; diff --git a/crypto_kem/hqc-rmrs-256/avx2/fft.c b/crypto_kem/hqc-rmrs-256/avx2/fft.c index ab226c95..5d560c58 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/fft.c +++ b/crypto_kem/hqc-rmrs-256/avx2/fft.c @@ -133,7 +133,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= (m_f - 2); memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -201,7 +202,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQCRMRS256_AVX2_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQCRMRS256_AVX2_gf_mul(beta_m_pow, f[i]); @@ -223,7 +225,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0]; diff --git a/crypto_kem/hqc-rmrs-256/clean/fft.c b/crypto_kem/hqc-rmrs-256/clean/fft.c index 33e2f2ba..ba69e724 100644 --- a/crypto_kem/hqc-rmrs-256/clean/fft.c +++ b/crypto_kem/hqc-rmrs-256/clean/fft.c @@ -133,7 +133,8 @@ static void radix_big(uint16_t *f0, uint16_t *f1, const uint16_t *f, uint32_t m_ size_t i, n; - n = 1 << (m_f - 2); + n = 1; + n <<= (m_f - 2); memcpy(Q, f + 3 * n, 2 * n); memcpy(Q + n, f + 3 * n, 2 * n); memcpy(R, f, 4 * n); @@ -201,7 +202,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 2: compute g if (betas[m - 1] != 1) { beta_m_pow = 1; - x = 1 << m_f; + x = 1; + x <<= m_f; for (i = 1; i < x; ++i) { beta_m_pow = PQCLEAN_HQCRMRS256_CLEAN_gf_mul(beta_m_pow, betas[m - 1]); f[i] = PQCLEAN_HQCRMRS256_CLEAN_gf_mul(beta_m_pow, f[i]); @@ -223,7 +225,8 @@ static void fft_rec(uint16_t *w, uint16_t *f, size_t f_coeffs, uint8_t m, uint32 // Step 5 fft_rec(u, f0, (f_coeffs + 1) / 2, m - 1, m_f - 1, deltas); - k = 1 << ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. + k = 1; + k <<= ((m - 1) & 0xf); // &0xf is to let the compiler know that m-1 is small. if (f_coeffs <= 3) { // 3-coefficient polynomial f case: f1 is constant w[0] = u[0]; w[k] = u[0] ^ f1[0];