From 81425edb3b5f5fef1b2e64f890e62da029a504da Mon Sep 17 00:00:00 2001
From: "John M. Schanck" <jschanck@uwaterloo.ca>
Date: Fri, 16 Oct 2020 13:08:44 -0400
Subject: [PATCH] ntru: Match sample_fixed_weight to spec. Changes KATs. (c.f.
 Simone Dutto pqcforum 20200731)

---
 crypto_kem/ntruhps2048509/META.yml       | 6 +++---
 crypto_kem/ntruhps2048509/avx2/sample.c  | 2 +-
 crypto_kem/ntruhps2048509/clean/sample.c | 2 +-
 crypto_kem/ntruhps2048677/META.yml       | 6 +++---
 crypto_kem/ntruhps2048677/avx2/sample.c  | 2 +-
 crypto_kem/ntruhps2048677/clean/sample.c | 2 +-
 crypto_kem/ntruhps4096821/META.yml       | 6 +++---
 crypto_kem/ntruhps4096821/avx2/sample.c  | 2 +-
 crypto_kem/ntruhps4096821/clean/sample.c | 2 +-
 crypto_kem/ntruhrss701/META.yml          | 4 ++--
 10 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/crypto_kem/ntruhps2048509/META.yml b/crypto_kem/ntruhps2048509/META.yml
index 98f7b76c..632080d9 100644
--- a/crypto_kem/ntruhps2048509/META.yml
+++ b/crypto_kem/ntruhps2048509/META.yml
@@ -6,7 +6,7 @@ length-public-key: 699
 length-secret-key: 935
 length-ciphertext: 699
 length-shared-secret: 32
-nistkat-sha256: 7ecb93dbc7a588878691f2b2d656ebc42192779f335e3a96197f4ce2134f72c6
+nistkat-sha256: fc314366fbe795e2db6d29abb9f5b2ff43f0f608d0bd66161f9450364f0d271b
 principal-submitters:
   - John M. Schanck
 auxiliary-submitters:
@@ -23,9 +23,9 @@ auxiliary-submitters:
   - Zhenfei Zhang
 implementations:
     - name: clean
-      version: https://github.com/jschanck/ntru/tree/b38a346a reference implementation
+      version: https://github.com/jschanck/ntru/tree/6d1f44f5 reference implementation
     - name: avx2
-      version: https://github.com/jschanck/ntru/tree/b38a346a avx2 implementation
+      version: https://github.com/jschanck/ntru/tree/6d1f44f5 avx2 implementation
       supported_platforms:
           - architecture: x86_64
             operating_systems:
diff --git a/crypto_kem/ntruhps2048509/avx2/sample.c b/crypto_kem/ntruhps2048509/avx2/sample.c
index b5802670..07d5e8f8 100644
--- a/crypto_kem/ntruhps2048509/avx2/sample.c
+++ b/crypto_kem/ntruhps2048509/avx2/sample.c
@@ -24,7 +24,7 @@ void PQCLEAN_NTRUHPS2048509_AVX2_sample_fixed_type(poly *r, const unsigned char
         s[4 * i + 0] =                              (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
         s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
         s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
-        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
+        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 16) + ((uint32_t) u[15 * i + 14] << 24);
     }
 
     for (i = 0; i < NTRU_WEIGHT / 2; i++) {
diff --git a/crypto_kem/ntruhps2048509/clean/sample.c b/crypto_kem/ntruhps2048509/clean/sample.c
index 2b22beb7..adad3779 100644
--- a/crypto_kem/ntruhps2048509/clean/sample.c
+++ b/crypto_kem/ntruhps2048509/clean/sample.c
@@ -24,7 +24,7 @@ void PQCLEAN_NTRUHPS2048509_CLEAN_sample_fixed_type(poly *r, const unsigned char
         s[4 * i + 0] =                              (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
         s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
         s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
-        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
+        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 16) + ((uint32_t) u[15 * i + 14] << 24);
     }
 
     for (i = 0; i < NTRU_WEIGHT / 2; i++) {
diff --git a/crypto_kem/ntruhps2048677/META.yml b/crypto_kem/ntruhps2048677/META.yml
index 523f8415..83f99b95 100644
--- a/crypto_kem/ntruhps2048677/META.yml
+++ b/crypto_kem/ntruhps2048677/META.yml
@@ -6,7 +6,7 @@ length-public-key: 930
 length-secret-key: 1234
 length-ciphertext: 930
 length-shared-secret: 32
-nistkat-sha256: 715a5caf1ee22bb4b75ff6b10f911fec77e0d63378ea359c0773ee0a4c6cbb97
+nistkat-sha256: 33e2cad6c2a2f17991517050d7a1b745908c84b8283a4e0f07dbe6f62d166507
 principal-submitters:
   - John M. Schanck
 auxiliary-submitters:
@@ -23,9 +23,9 @@ auxiliary-submitters:
   - Zhenfei Zhang
 implementations:
     - name: clean
-      version: https://github.com/jschanck/ntru/tree/b38a346a reference implementation
+      version: https://github.com/jschanck/ntru/tree/6d1f44f5 reference implementation
     - name: avx2
-      version: https://github.com/jschanck/ntru/tree/b38a346a avx2 implementation
+      version: https://github.com/jschanck/ntru/tree/6d1f44f5 avx2 implementation
       supported_platforms:
           - architecture: x86_64
             operating_systems:
diff --git a/crypto_kem/ntruhps2048677/avx2/sample.c b/crypto_kem/ntruhps2048677/avx2/sample.c
index 994c8eac..9c5618ac 100644
--- a/crypto_kem/ntruhps2048677/avx2/sample.c
+++ b/crypto_kem/ntruhps2048677/avx2/sample.c
@@ -24,7 +24,7 @@ void PQCLEAN_NTRUHPS2048677_AVX2_sample_fixed_type(poly *r, const unsigned char
         s[4 * i + 0] =                              (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
         s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
         s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
-        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
+        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 16) + ((uint32_t) u[15 * i + 14] << 24);
     }
 
     for (i = 0; i < NTRU_WEIGHT / 2; i++) {
diff --git a/crypto_kem/ntruhps2048677/clean/sample.c b/crypto_kem/ntruhps2048677/clean/sample.c
index 587189cc..8b73071e 100644
--- a/crypto_kem/ntruhps2048677/clean/sample.c
+++ b/crypto_kem/ntruhps2048677/clean/sample.c
@@ -24,7 +24,7 @@ void PQCLEAN_NTRUHPS2048677_CLEAN_sample_fixed_type(poly *r, const unsigned char
         s[4 * i + 0] =                              (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
         s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
         s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
-        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
+        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 16) + ((uint32_t) u[15 * i + 14] << 24);
     }
 
     for (i = 0; i < NTRU_WEIGHT / 2; i++) {
diff --git a/crypto_kem/ntruhps4096821/META.yml b/crypto_kem/ntruhps4096821/META.yml
index f250a5f1..7b2d2a2d 100644
--- a/crypto_kem/ntruhps4096821/META.yml
+++ b/crypto_kem/ntruhps4096821/META.yml
@@ -6,7 +6,7 @@ length-public-key: 1230
 length-secret-key: 1590
 length-ciphertext: 1230
 length-shared-secret: 32
-nistkat-sha256: 0c5b6b159fab6eb677da469ec35aaa7e6b16162b315dcdb55a3b5da857e10519
+nistkat-sha256: 1a8382ae0c801a43cf461c98d22743f5b2d8a1ffed1b1df0dd767de2c2874597
 principal-submitters:
   - John M. Schanck
 auxiliary-submitters:
@@ -23,9 +23,9 @@ auxiliary-submitters:
   - Zhenfei Zhang
 implementations:
     - name: clean
-      version: https://github.com/jschanck/ntru/tree/b38a346a reference implementation
+      version: https://github.com/jschanck/ntru/tree/6d1f44f5 reference implementation
     - name: avx2
-      version: https://github.com/jschanck/ntru/tree/b38a346a avx2 implementation
+      version: https://github.com/jschanck/ntru/tree/6d1f44f5 avx2 implementation
       supported_platforms:
           - architecture: x86_64
             operating_systems:
diff --git a/crypto_kem/ntruhps4096821/avx2/sample.c b/crypto_kem/ntruhps4096821/avx2/sample.c
index fa8b8286..820d19d2 100644
--- a/crypto_kem/ntruhps4096821/avx2/sample.c
+++ b/crypto_kem/ntruhps4096821/avx2/sample.c
@@ -24,7 +24,7 @@ void PQCLEAN_NTRUHPS4096821_AVX2_sample_fixed_type(poly *r, const unsigned char
         s[4 * i + 0] =                              (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
         s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
         s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
-        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
+        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 16) + ((uint32_t) u[15 * i + 14] << 24);
     }
 
     for (i = 0; i < NTRU_WEIGHT / 2; i++) {
diff --git a/crypto_kem/ntruhps4096821/clean/sample.c b/crypto_kem/ntruhps4096821/clean/sample.c
index 3e94cde9..6cb9287e 100644
--- a/crypto_kem/ntruhps4096821/clean/sample.c
+++ b/crypto_kem/ntruhps4096821/clean/sample.c
@@ -24,7 +24,7 @@ void PQCLEAN_NTRUHPS4096821_CLEAN_sample_fixed_type(poly *r, const unsigned char
         s[4 * i + 0] =                              (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t) u[15 * i + 3] << 26);
         s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t) u[15 * i + 7] << 28);
         s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t) u[15 * i + 11] << 30);
-        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t) u[15 * i + 14] << 24);
+        s[4 * i + 3] =  (u[15 * i + 11] & 0xfc)       + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 16) + ((uint32_t) u[15 * i + 14] << 24);
     }
 
     for (i = 0; i < NTRU_WEIGHT / 2; i++) {
diff --git a/crypto_kem/ntruhrss701/META.yml b/crypto_kem/ntruhrss701/META.yml
index 1771f7c0..683c5da8 100644
--- a/crypto_kem/ntruhrss701/META.yml
+++ b/crypto_kem/ntruhrss701/META.yml
@@ -23,9 +23,9 @@ auxiliary-submitters:
   - Zhenfei Zhang
 implementations:
     - name: clean
-      version: https://github.com/jschanck/ntru/tree/b38a346a reference implementation
+      version: https://github.com/jschanck/ntru/tree/6d1f44f5 reference implementation
     - name: avx2
-      version: https://github.com/jschanck/ntru/tree/b38a346a avx2 implementation
+      version: https://github.com/jschanck/ntru/tree/6d1f44f5 avx2 implementation
       supported_platforms:
           - architecture: x86_64
             operating_systems: