From 55b63353a8506d33672b120635b36e2d9de99bf3 Mon Sep 17 00:00:00 2001 From: Peter Schwabe Date: Thu, 14 Feb 2019 16:00:52 +0100 Subject: [PATCH 1/6] Fixed Makefile --- crypto_kem/kyber768/clean/Makefile | 2 +- crypto_kem/kyber768/clean/Makefile.Microsoft_nmake | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto_kem/kyber768/clean/Makefile b/crypto_kem/kyber768/clean/Makefile index a2771e61..1c9cd06c 100644 --- a/crypto_kem/kyber768/clean/Makefile +++ b/crypto_kem/kyber768/clean/Makefile @@ -1,7 +1,7 @@ # This Makefile can be used with GNU Make or BSD Make LIB=libkyber768_clean.a -OBJECTS=cbd.o indcpa.o kem.o kex.o ntt.o poly.o polyvec.o precomp.o reduce.o verify.o +OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o precomp.o reduce.o verify.o CFLAGS=-Wall -Wextra -Wpedantic -Werror -std=c99 -I../../../common $(EXTRAFLAGS) diff --git a/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake b/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake index af4b6833..3c302bca 100644 --- a/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake +++ b/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake @@ -2,7 +2,7 @@ # nmake /f Makefile.Microsoft_nmake LIB=libkyber768_clean.lib -OBJECTS=cbd.obj indcpa.obj kem.obj kex.obj ntt.obj poly.obj polyvec.obj precomp.obj reduce.obj verify.obj +OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj precomp.obj reduce.obj verify.obj CFLAGS=/I ..\..\..\common /W1 /WX # FIXME: ideally would use /W4 instead of /W1, but too many failures in Kyber right now From 81797c2c13f26b5fb1948abd3aa7bc2f0b1de9c6 Mon Sep 17 00:00:00 2001 From: Peter Schwabe Date: Thu, 14 Feb 2019 16:02:57 +0100 Subject: [PATCH 2/6] Increased warning level for compilation under Windows to /W4 --- crypto_kem/kyber768/clean/Makefile.Microsoft_nmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake b/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake index 3c302bca..d6141599 100644 --- a/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake +++ b/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake @@ -4,7 +4,7 @@ LIB=libkyber768_clean.lib OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj precomp.obj reduce.obj verify.obj -CFLAGS=/I ..\..\..\common /W1 /WX # FIXME: ideally would use /W4 instead of /W1, but too many failures in Kyber right now +CFLAGS=/I ..\..\..\common /W4 /WX # FIXME: ideally would use /W4 instead of /W1, but too many failures in Kyber right now all: $(LIB) From 8b8f27b00380e82e7001aa5f12c6e73e746b517d Mon Sep 17 00:00:00 2001 From: Peter Schwabe Date: Thu, 14 Feb 2019 16:14:47 +0100 Subject: [PATCH 3/6] Make various casts in kyber explicit to make MS compiler happy with /W4 --- crypto_kem/kyber768/clean/cbd.c | 28 ++++++++++++------------- crypto_kem/kyber768/clean/indcpa.c | 8 ++++---- crypto_kem/kyber768/clean/poly.c | 32 ++++++++++++++--------------- crypto_kem/kyber768/clean/polyvec.c | 22 ++++++++++---------- crypto_kem/kyber768/clean/reduce.c | 4 ++-- crypto_kem/kyber768/clean/verify.c | 4 ++-- 6 files changed, 49 insertions(+), 49 deletions(-) diff --git a/crypto_kem/kyber768/clean/cbd.c b/crypto_kem/kyber768/clean/cbd.c index b54ee1ce..55d6b6c0 100644 --- a/crypto_kem/kyber768/clean/cbd.c +++ b/crypto_kem/kyber768/clean/cbd.c @@ -37,7 +37,7 @@ void PQCLEAN_KYBER768_cbd(poly *r, const unsigned char *buf) { int i, j; for (i = 0; i < KYBER_N / 4; i++) { - t = load_littleendian(buf + 3 * i, 3); + t = (uint32_t)load_littleendian(buf + 3 * i, 3); d = 0; for (j = 0; j < 3; j++) { d += (t >> j) & 0x249249; @@ -52,17 +52,17 @@ void PQCLEAN_KYBER768_cbd(poly *r, const unsigned char *buf) { a[3] = (d >> 18) & 0x7; b[3] = (d >> 21); - r->coeffs[4 * i + 0] = a[0] + KYBER_Q - b[0]; - r->coeffs[4 * i + 1] = a[1] + KYBER_Q - b[1]; - r->coeffs[4 * i + 2] = a[2] + KYBER_Q - b[2]; - r->coeffs[4 * i + 3] = a[3] + KYBER_Q - b[3]; + r->coeffs[4 * i + 0] = (uint16_t)a[0] + KYBER_Q - b[0]; + r->coeffs[4 * i + 1] = (uint16_t)a[1] + KYBER_Q - b[1]; + r->coeffs[4 * i + 2] = (uint16_t)a[2] + KYBER_Q - b[2]; + r->coeffs[4 * i + 3] = (uint16_t)a[3] + KYBER_Q - b[3]; } #elif KYBER_ETA == 4 uint32_t t, d, a[4], b[4]; int i, j; for (i = 0; i < KYBER_N / 4; i++) { - t = load_littleendian(buf + 4 * i, 4); + t = (uint32_t)load_littleendian(buf + 4 * i, 4); d = 0; for (j = 0; j < 4; j++) { d += (t >> j) & 0x11111111; @@ -77,10 +77,10 @@ void PQCLEAN_KYBER768_cbd(poly *r, const unsigned char *buf) { a[3] = (d >> 24) & 0xf; b[3] = (d >> 28); - r->coeffs[4 * i + 0] = a[0] + KYBER_Q - b[0]; - r->coeffs[4 * i + 1] = a[1] + KYBER_Q - b[1]; - r->coeffs[4 * i + 2] = a[2] + KYBER_Q - b[2]; - r->coeffs[4 * i + 3] = a[3] + KYBER_Q - b[3]; + r->coeffs[4 * i + 0] = (uint16_t)a[0] + KYBER_Q - b[0]; + r->coeffs[4 * i + 1] = (uint16_t)a[1] + KYBER_Q - b[1]; + r->coeffs[4 * i + 2] = (uint16_t)a[2] + KYBER_Q - b[2]; + r->coeffs[4 * i + 3] = (uint16_t)a[3] + KYBER_Q - b[3]; } #elif KYBER_ETA == 5 uint64_t t, d, a[4], b[4]; @@ -102,10 +102,10 @@ void PQCLEAN_KYBER768_cbd(poly *r, const unsigned char *buf) { a[3] = (d >> 30) & 0x1f; b[3] = (d >> 35); - r->coeffs[4 * i + 0] = a[0] + KYBER_Q - b[0]; - r->coeffs[4 * i + 1] = a[1] + KYBER_Q - b[1]; - r->coeffs[4 * i + 2] = a[2] + KYBER_Q - b[2]; - r->coeffs[4 * i + 3] = a[3] + KYBER_Q - b[3]; + r->coeffs[4 * i + 0] = (uint16_t)a[0] + KYBER_Q - b[0]; + r->coeffs[4 * i + 1] = (uint16_t)a[1] + KYBER_Q - b[1]; + r->coeffs[4 * i + 2] = (uint16_t)a[2] + KYBER_Q - b[2]; + r->coeffs[4 * i + 3] = (uint16_t)a[3] + KYBER_Q - b[3]; } #else #error "poly_getnoise in poly.c only supports eta in {3,4,5}" diff --git a/crypto_kem/kyber768/clean/indcpa.c b/crypto_kem/kyber768/clean/indcpa.c index a8d531e4..046fef65 100644 --- a/crypto_kem/kyber768/clean/indcpa.c +++ b/crypto_kem/kyber768/clean/indcpa.c @@ -143,11 +143,11 @@ static void gen_matrix(polyvec *a, const unsigned char *seed, int transposed) { ctr = pos = 0; nblocks = maxnblocks; if (transposed) { - extseed[KYBER_SYMBYTES] = i; - extseed[KYBER_SYMBYTES + 1] = j; + extseed[KYBER_SYMBYTES] = (unsigned char)i; + extseed[KYBER_SYMBYTES + 1] = (unsigned char)j; } else { - extseed[KYBER_SYMBYTES] = j; - extseed[KYBER_SYMBYTES + 1] = i; + extseed[KYBER_SYMBYTES] = (unsigned char)j; + extseed[KYBER_SYMBYTES + 1] = (unsigned char)i; } shake128_absorb(state, extseed, KYBER_SYMBYTES + 2); diff --git a/crypto_kem/kyber768/clean/poly.c b/crypto_kem/kyber768/clean/poly.c index f020db96..40ef8ec3 100644 --- a/crypto_kem/kyber768/clean/poly.c +++ b/crypto_kem/kyber768/clean/poly.c @@ -23,9 +23,9 @@ void PQCLEAN_KYBER768_poly_compress(unsigned char *r, const poly *a) { t[j] = (((PQCLEAN_KYBER768_freeze(a->coeffs[i + j]) << 3) + KYBER_Q / 2) / KYBER_Q) & 7; } - r[k] = t[0] | (t[1] << 3) | (t[2] << 6); - r[k + 1] = (t[2] >> 2) | (t[3] << 1) | (t[4] << 4) | (t[5] << 7); - r[k + 2] = (t[5] >> 1) | (t[6] << 2) | (t[7] << 5); + r[k] = (unsigned char)( t[0] | (t[1] << 3) | (t[2] << 6)); + r[k + 1] = (unsigned char)((t[2] >> 2) | (t[3] << 1) | (t[4] << 4) | (t[5] << 7)); + r[k + 2] = (unsigned char)((t[5] >> 1) | (t[6] << 2) | (t[7] << 5)); k += 3; } } @@ -71,19 +71,19 @@ void PQCLEAN_KYBER768_poly_tobytes(unsigned char *r, const poly *a) { t[j] = PQCLEAN_KYBER768_freeze(a->coeffs[8 * i + j]); } - r[13 * i + 0] = t[0] & 0xff; - r[13 * i + 1] = (t[0] >> 8) | ((t[1] & 0x07) << 5); - r[13 * i + 2] = (t[1] >> 3) & 0xff; - r[13 * i + 3] = (t[1] >> 11) | ((t[2] & 0x3f) << 2); - r[13 * i + 4] = (t[2] >> 6) | ((t[3] & 0x01) << 7); - r[13 * i + 5] = (t[3] >> 1) & 0xff; - r[13 * i + 6] = (t[3] >> 9) | ((t[4] & 0x0f) << 4); - r[13 * i + 7] = (t[4] >> 4) & 0xff; - r[13 * i + 8] = (t[4] >> 12) | ((t[5] & 0x7f) << 1); - r[13 * i + 9] = (t[5] >> 7) | ((t[6] & 0x03) << 6); - r[13 * i + 10] = (t[6] >> 2) & 0xff; - r[13 * i + 11] = (t[6] >> 10) | ((t[7] & 0x1f) << 3); - r[13 * i + 12] = (t[7] >> 5); + r[13 * i + 0] = (unsigned char)( t[0] & 0xff); + r[13 * i + 1] = (unsigned char)((t[0] >> 8) | ((t[1] & 0x07) << 5)); + r[13 * i + 2] = (unsigned char)((t[1] >> 3) & 0xff); + r[13 * i + 3] = (unsigned char)((t[1] >> 11) | ((t[2] & 0x3f) << 2)); + r[13 * i + 4] = (unsigned char)((t[2] >> 6) | ((t[3] & 0x01) << 7)); + r[13 * i + 5] = (unsigned char)((t[3] >> 1) & 0xff); + r[13 * i + 6] = (unsigned char)((t[3] >> 9) | ((t[4] & 0x0f) << 4)); + r[13 * i + 7] = (unsigned char)((t[4] >> 4) & 0xff); + r[13 * i + 8] = (unsigned char)((t[4] >> 12) | ((t[5] & 0x7f) << 1)); + r[13 * i + 9] = (unsigned char)((t[5] >> 7) | ((t[6] & 0x03) << 6)); + r[13 * i + 10] = (unsigned char)((t[6] >> 2) & 0xff); + r[13 * i + 11] = (unsigned char)((t[6] >> 10) | ((t[7] & 0x1f) << 3)); + r[13 * i + 12] = (unsigned char)((t[7] >> 5)); } } diff --git a/crypto_kem/kyber768/clean/polyvec.c b/crypto_kem/kyber768/clean/polyvec.c index f90af808..9dc92379 100644 --- a/crypto_kem/kyber768/clean/polyvec.c +++ b/crypto_kem/kyber768/clean/polyvec.c @@ -21,17 +21,17 @@ void PQCLEAN_KYBER768_polyvec_compress(unsigned char *r, const polyvec *a) { t[k] = ((((uint32_t)PQCLEAN_KYBER768_freeze(a->vec[i].coeffs[8 * j + k]) << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff; } - r[11 * j + 0] = t[0] & 0xff; - r[11 * j + 1] = (t[0] >> 8) | ((t[1] & 0x1f) << 3); - r[11 * j + 2] = (t[1] >> 5) | ((t[2] & 0x03) << 6); - r[11 * j + 3] = (t[2] >> 2) & 0xff; - r[11 * j + 4] = (t[2] >> 10) | ((t[3] & 0x7f) << 1); - r[11 * j + 5] = (t[3] >> 7) | ((t[4] & 0x0f) << 4); - r[11 * j + 6] = (t[4] >> 4) | ((t[5] & 0x01) << 7); - r[11 * j + 7] = (t[5] >> 1) & 0xff; - r[11 * j + 8] = (t[5] >> 9) | ((t[6] & 0x3f) << 2); - r[11 * j + 9] = (t[6] >> 6) | ((t[7] & 0x07) << 5); - r[11 * j + 10] = (t[7] >> 3); + r[11 * j + 0] = (unsigned char)( t[0] & 0xff); + r[11 * j + 1] = (unsigned char)((t[0] >> 8) | ((t[1] & 0x1f) << 3)); + r[11 * j + 2] = (unsigned char)((t[1] >> 5) | ((t[2] & 0x03) << 6)); + r[11 * j + 3] = (unsigned char)((t[2] >> 2) & 0xff); + r[11 * j + 4] = (unsigned char)((t[2] >> 10) | ((t[3] & 0x7f) << 1)); + r[11 * j + 5] = (unsigned char)((t[3] >> 7) | ((t[4] & 0x0f) << 4)); + r[11 * j + 6] = (unsigned char)((t[4] >> 4) | ((t[5] & 0x01) << 7)); + r[11 * j + 7] = (unsigned char)((t[5] >> 1) & 0xff); + r[11 * j + 8] = (unsigned char)((t[5] >> 9) | ((t[6] & 0x3f) << 2)); + r[11 * j + 9] = (unsigned char)((t[6] >> 6) | ((t[7] & 0x07) << 5)); + r[11 * j + 10] = (unsigned char)((t[7] >> 3)); } r += 352; } diff --git a/crypto_kem/kyber768/clean/reduce.c b/crypto_kem/kyber768/clean/reduce.c index 8c030d7d..8e27e06a 100644 --- a/crypto_kem/kyber768/clean/reduce.c +++ b/crypto_kem/kyber768/clean/reduce.c @@ -24,7 +24,7 @@ uint16_t PQCLEAN_KYBER768_montgomery_reduce(uint32_t a) { u &= ((1 << rlog) - 1); u *= KYBER_Q; a = a + u; - return a >> rlog; + return (uint16_t)(a >> rlog); } /************************************************* @@ -38,7 +38,7 @@ uint16_t PQCLEAN_KYBER768_montgomery_reduce(uint32_t a) { * Returns: unsigned integer in {0,...,11768} congruent to a modulo q. **************************************************/ uint16_t PQCLEAN_KYBER768_barrett_reduce(uint16_t a) { - uint32_t u; + uint16_t u; u = a >> 13; //((uint32_t) a * sinv) >> 16; u *= KYBER_Q; diff --git a/crypto_kem/kyber768/clean/verify.c b/crypto_kem/kyber768/clean/verify.c index a3e14d53..b1cd0b03 100644 --- a/crypto_kem/kyber768/clean/verify.c +++ b/crypto_kem/kyber768/clean/verify.c @@ -21,8 +21,8 @@ int PQCLEAN_KYBER768_verify(const unsigned char *a, const unsigned char *b, size r |= a[i] ^ b[i]; } - r = (-r) >> 63; - return r; + r = (-(int64_t)r) >> 63; + return (int)r; } /************************************************* From 393c7a3cde87ec61b7878e37f8f4cb0d366515ae Mon Sep 17 00:00:00 2001 From: Peter Schwabe Date: Thu, 14 Feb 2019 16:16:50 +0100 Subject: [PATCH 4/6] Fixed one cast (added appropriate parantheses) --- crypto_kem/kyber768/clean/cbd.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/crypto_kem/kyber768/clean/cbd.c b/crypto_kem/kyber768/clean/cbd.c index 55d6b6c0..5796d6c8 100644 --- a/crypto_kem/kyber768/clean/cbd.c +++ b/crypto_kem/kyber768/clean/cbd.c @@ -52,10 +52,10 @@ void PQCLEAN_KYBER768_cbd(poly *r, const unsigned char *buf) { a[3] = (d >> 18) & 0x7; b[3] = (d >> 21); - r->coeffs[4 * i + 0] = (uint16_t)a[0] + KYBER_Q - b[0]; - r->coeffs[4 * i + 1] = (uint16_t)a[1] + KYBER_Q - b[1]; - r->coeffs[4 * i + 2] = (uint16_t)a[2] + KYBER_Q - b[2]; - r->coeffs[4 * i + 3] = (uint16_t)a[3] + KYBER_Q - b[3]; + r->coeffs[4 * i + 0] = (uint16_t)(a[0] + KYBER_Q - b[0]); + r->coeffs[4 * i + 1] = (uint16_t)(a[1] + KYBER_Q - b[1]); + r->coeffs[4 * i + 2] = (uint16_t)(a[2] + KYBER_Q - b[2]); + r->coeffs[4 * i + 3] = (uint16_t)(a[3] + KYBER_Q - b[3]); } #elif KYBER_ETA == 4 uint32_t t, d, a[4], b[4]; @@ -77,10 +77,10 @@ void PQCLEAN_KYBER768_cbd(poly *r, const unsigned char *buf) { a[3] = (d >> 24) & 0xf; b[3] = (d >> 28); - r->coeffs[4 * i + 0] = (uint16_t)a[0] + KYBER_Q - b[0]; - r->coeffs[4 * i + 1] = (uint16_t)a[1] + KYBER_Q - b[1]; - r->coeffs[4 * i + 2] = (uint16_t)a[2] + KYBER_Q - b[2]; - r->coeffs[4 * i + 3] = (uint16_t)a[3] + KYBER_Q - b[3]; + r->coeffs[4 * i + 0] = (uint16_t)(a[0] + KYBER_Q - b[0]); + r->coeffs[4 * i + 1] = (uint16_t)(a[1] + KYBER_Q - b[1]); + r->coeffs[4 * i + 2] = (uint16_t)(a[2] + KYBER_Q - b[2]); + r->coeffs[4 * i + 3] = (uint16_t)(a[3] + KYBER_Q - b[3]); } #elif KYBER_ETA == 5 uint64_t t, d, a[4], b[4]; @@ -102,10 +102,10 @@ void PQCLEAN_KYBER768_cbd(poly *r, const unsigned char *buf) { a[3] = (d >> 30) & 0x1f; b[3] = (d >> 35); - r->coeffs[4 * i + 0] = (uint16_t)a[0] + KYBER_Q - b[0]; - r->coeffs[4 * i + 1] = (uint16_t)a[1] + KYBER_Q - b[1]; - r->coeffs[4 * i + 2] = (uint16_t)a[2] + KYBER_Q - b[2]; - r->coeffs[4 * i + 3] = (uint16_t)a[3] + KYBER_Q - b[3]; + r->coeffs[4 * i + 0] = (uint16_t)(a[0] + KYBER_Q - b[0]); + r->coeffs[4 * i + 1] = (uint16_t)(a[1] + KYBER_Q - b[1]); + r->coeffs[4 * i + 2] = (uint16_t)(a[2] + KYBER_Q - b[2]); + r->coeffs[4 * i + 3] = (uint16_t)(a[3] + KYBER_Q - b[3]); } #else #error "poly_getnoise in poly.c only supports eta in {3,4,5}" From bab1d185cd06349922b68fde2f7263564e533352 Mon Sep 17 00:00:00 2001 From: Peter Schwabe Date: Thu, 14 Feb 2019 16:18:17 +0100 Subject: [PATCH 5/6] Made one more cast explicit --- crypto_kem/kyber768/clean/kem.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto_kem/kyber768/clean/kem.c b/crypto_kem/kyber768/clean/kem.c index 65694306..2697d79c 100644 --- a/crypto_kem/kyber768/clean/kem.c +++ b/crypto_kem/kyber768/clean/kem.c @@ -84,25 +84,25 @@ int PQCLEAN_KYBER768_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, unsigned char cmp[KYBER_CIPHERTEXTBYTES]; unsigned char buf[2 * KYBER_SYMBYTES]; unsigned char - kr[2 * KYBER_SYMBYTES]; /* Will contain key, coins, qrom-hash */ + kr[2 * KYBER_SYMBYTES]; /* Will contain key, coins, qrom-hash */ const unsigned char *pk = sk + KYBER_INDCPA_SECRETKEYBYTES; PQCLEAN_KYBER768_indcpa_dec(buf, ct, sk); - for (i = 0; i < KYBER_SYMBYTES; i++) { /* Multitarget countermeasure for coins + contributory KEM */ - buf[KYBER_SYMBYTES + i] = sk[KYBER_SECRETKEYBYTES - 2 * KYBER_SYMBYTES + i]; /* Save hash by storing H(pk) in sk */ + for (i = 0; i < KYBER_SYMBYTES; i++) { /* Multitarget countermeasure for coins + contributory KEM */ + buf[KYBER_SYMBYTES + i] = sk[KYBER_SECRETKEYBYTES - 2 * KYBER_SYMBYTES + i]; /* Save hash by storing H(pk) in sk */ } sha3_512(kr, buf, 2 * KYBER_SYMBYTES); - PQCLEAN_KYBER768_indcpa_enc(cmp, buf, pk, kr + KYBER_SYMBYTES); /* coins are in kr+KYBER_SYMBYTES */ + PQCLEAN_KYBER768_indcpa_enc(cmp, buf, pk, kr + KYBER_SYMBYTES); /* coins are in kr+KYBER_SYMBYTES */ fail = PQCLEAN_KYBER768_verify(ct, cmp, KYBER_CIPHERTEXTBYTES); - sha3_256(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); /* overwrite coins in kr with H(c) */ + sha3_256(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); /* overwrite coins in kr with H(c) */ - PQCLEAN_KYBER768_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); /* Overwrite pre-k with z on re-encryption failure */ + PQCLEAN_KYBER768_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (unsigned char)fail); /* Overwrite pre-k with z on re-encryption failure */ - sha3_256(ss, kr, 2 * KYBER_SYMBYTES); /* hash concatenation of pre-k and H(c) to k */ + sha3_256(ss, kr, 2 * KYBER_SYMBYTES); /* hash concatenation of pre-k and H(c) to k */ return 0; } From a96abac2de700580823068741591bc7146a53de8 Mon Sep 17 00:00:00 2001 From: Peter Schwabe Date: Thu, 14 Feb 2019 19:16:52 +0100 Subject: [PATCH 6/6] Removed FIXME comment --- crypto_kem/kyber768/clean/Makefile.Microsoft_nmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake b/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake index d6141599..bbf54ce0 100644 --- a/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake +++ b/crypto_kem/kyber768/clean/Makefile.Microsoft_nmake @@ -4,7 +4,7 @@ LIB=libkyber768_clean.lib OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj precomp.obj reduce.obj verify.obj -CFLAGS=/I ..\..\..\common /W4 /WX # FIXME: ideally would use /W4 instead of /W1, but too many failures in Kyber right now +CFLAGS=/I ..\..\..\common /W4 /WX all: $(LIB)