kris/pqc
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix integer overflow problems in NTRU

Browse Source
This commit is contained in:
Thom Wiggers 2019-04-16 13:16:26 +02:00
parent eb5f7f1e57
commit 873216c702
No known key found for this signature in database
GPG Key ID: 001BB0A7CE26E363
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto_kem/ntruhps2048509/clean/crypto_sort.c
View File

@ -8,7 +8,7 @@
#define int32_MINMAX(a,b) \ #define int32_MINMAX(a,b) \
do { \ do { \
int32_t ab = (b) ^ (a); \ int32_t ab = (b) ^ (a); \
int32_t c = (b) - (a); \ int32_t c = (int32_t)((int64_t)(b) - (int64_t)(a)); \
c ^= ab & (c ^ (b)); \ c ^= ab & (c ^ (b)); \
c >>= 31; \ c >>= 31; \
c &= ab; \ c &= ab; \

10
crypto_kem/ntruhps2048509/clean/sample.c
View File

@ -25,15 +25,15 @@ void PQCLEAN_NTRUHPS2048509_CLEAN_sample_iid(poly *r, const unsigned char unifor
void PQCLEAN_NTRUHPS2048509_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) { void PQCLEAN_NTRUHPS2048509_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) {
// Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8) // Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8)
int32_t s[NTRU_N - 1]; uint32_t s[NTRU_N - 1];
int i; int i;
// Use 30 bits of u per word // Use 30 bits of u per word
for (i = 0; i < (NTRU_N - 1) / 4; i++) { for (i = 0; i < (NTRU_N - 1) / 4; i++) {
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + (u[15 * i + 3] << 26); s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t)u[15 * i + 3] << 26);
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + (u[15 * i + 7] << 28); s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t)u[15 * i + 7] << 28);
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + (u[15 * i + 11] << 30); s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t)u[15 * i + 11] << 30);
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + (u[15 * i + 14] << 24); s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t)u[15 * i + 14] << 24);
} }
for (i = 0; i < NTRU_WEIGHT / 2; i++) { for (i = 0; i < NTRU_WEIGHT / 2; i++) {