diff --git a/crypto_kem/frodokem1344aes/clean/matrix_aes.c b/crypto_kem/frodokem1344aes/clean/matrix_aes.c index cec9a2a6..5647f3c1 100644 --- a/crypto_kem/frodokem1344aes/clean/matrix_aes.c +++ b/crypto_kem/frodokem1344aes/clean/matrix_aes.c @@ -24,10 +24,14 @@ int PQCLEAN_FRODOKEM1344AES_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_ aes128_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { - A[i*PARAMS_N + j] = i; // Loading values in the little-endian order - A[i*PARAMS_N + j + 1] = j; + A[i*PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order + A[i*PARAMS_N + j + 1] = (int16_t) j; } } + for (i = 0; i < PARAMS_N * PARAMS_N; i++) { + A[i] = PQCLEAN_FRODOKEM1344AES_CLEAN_UINT16_TO_LE(A[i]); + } + aes128_ecb((uint8_t *) A, (uint8_t *) A, PARAMS_N * PARAMS_N * sizeof(int16_t) / AES_BLOCKBYTES, &ctx128); for (i = 0; i < PARAMS_N * PARAMS_N; i++) { @@ -60,10 +64,14 @@ int PQCLEAN_FRODOKEM1344AES_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_ aes128_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { - A[i*PARAMS_N + j] = i; // Loading values in the little-endian order - A[i*PARAMS_N + j + 1] = j; + A[i*PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order + A[i*PARAMS_N + j + 1] = (int16_t) j; } } + for (i = 0; i < PARAMS_N * PARAMS_N; i++) { + A[i] = PQCLEAN_FRODOKEM1344AES_CLEAN_UINT16_TO_LE(A[i]); + } + aes128_ecb((uint8_t *) A, (uint8_t *) A, PARAMS_N * PARAMS_N * sizeof(int16_t) / AES_BLOCKBYTES, &ctx128); for (i = 0; i < PARAMS_N * PARAMS_N; i++) { diff --git a/crypto_kem/frodokem640aes/clean/matrix_aes.c b/crypto_kem/frodokem640aes/clean/matrix_aes.c index 2a1aef2d..f3331e11 100644 --- a/crypto_kem/frodokem640aes/clean/matrix_aes.c +++ b/crypto_kem/frodokem640aes/clean/matrix_aes.c @@ -24,10 +24,14 @@ int PQCLEAN_FRODOKEM640AES_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t aes128_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { - A[i*PARAMS_N + j] = i; // Loading values in the little-endian order - A[i*PARAMS_N + j + 1] = j; + A[i*PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order + A[i*PARAMS_N + j + 1] = (int16_t) j; } } + for (i = 0; i < PARAMS_N * PARAMS_N; i++) { + A[i] = PQCLEAN_FRODOKEM640AES_CLEAN_UINT16_TO_LE(A[i]); + } + aes128_ecb((uint8_t *) A, (uint8_t *) A, PARAMS_N * PARAMS_N * sizeof(int16_t) / AES_BLOCKBYTES, &ctx128); for (i = 0; i < PARAMS_N * PARAMS_N; i++) { @@ -60,10 +64,14 @@ int PQCLEAN_FRODOKEM640AES_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t aes128_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { - A[i*PARAMS_N + j] = i; // Loading values in the little-endian order - A[i*PARAMS_N + j + 1] = j; + A[i*PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order + A[i*PARAMS_N + j + 1] = (int16_t) j; } } + for (i = 0; i < PARAMS_N * PARAMS_N; i++) { + A[i] = PQCLEAN_FRODOKEM640AES_CLEAN_UINT16_TO_LE(A[i]); + } + aes128_ecb((uint8_t *) A, (uint8_t *) A, PARAMS_N * PARAMS_N * sizeof(int16_t) / AES_BLOCKBYTES, &ctx128); for (i = 0; i < PARAMS_N * PARAMS_N; i++) { diff --git a/crypto_kem/frodokem976aes/clean/matrix_aes.c b/crypto_kem/frodokem976aes/clean/matrix_aes.c index 1d660437..19236b46 100644 --- a/crypto_kem/frodokem976aes/clean/matrix_aes.c +++ b/crypto_kem/frodokem976aes/clean/matrix_aes.c @@ -24,10 +24,14 @@ int PQCLEAN_FRODOKEM976AES_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t aes128_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { - A[i*PARAMS_N + j] = i; // Loading values in the little-endian order - A[i*PARAMS_N + j + 1] = j; + A[i*PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order + A[i*PARAMS_N + j + 1] = (int16_t) j; } } + for (i = 0; i < PARAMS_N * PARAMS_N; i++) { + A[i] = PQCLEAN_FRODOKEM976AES_CLEAN_UINT16_TO_LE(A[i]); + } + aes128_ecb((uint8_t *) A, (uint8_t *) A, PARAMS_N * PARAMS_N * sizeof(int16_t) / AES_BLOCKBYTES, &ctx128); for (i = 0; i < PARAMS_N * PARAMS_N; i++) { @@ -60,10 +64,14 @@ int PQCLEAN_FRODOKEM976AES_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t aes128_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { - A[i*PARAMS_N + j] = i; // Loading values in the little-endian order - A[i*PARAMS_N + j + 1] = j; + A[i*PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order + A[i*PARAMS_N + j + 1] = (int16_t) j; } } + for (i = 0; i < PARAMS_N * PARAMS_N; i++) { + A[i] = PQCLEAN_FRODOKEM976AES_CLEAN_UINT16_TO_LE(A[i]); + } + aes128_ecb((uint8_t *) A, (uint8_t *) A, PARAMS_N * PARAMS_N * sizeof(int16_t) / AES_BLOCKBYTES, &ctx128); for (i = 0; i < PARAMS_N * PARAMS_N; i++) {