Этот коммит содержится в:
Leon 2019-05-27 22:48:15 +02:00
родитель 7b9e254a8b
Коммит ca6d935bbc
3 изменённых файлов: 54 добавлений и 70 удалений

Просмотреть файл

@ -12,12 +12,15 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
memset(out, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
/* not true for parameter set
if (2 * NUM_DIGITS_GF2X_ELEMENT < NUM_DIGITS_GF2X_MODULUS) {
for (i = 0; i < 2 * NUM_DIGITS_GF2X_ELEMENT; i++) {
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = in[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
}
return;
}
*/
for (i = 0; i < (2 * NUM_DIGITS_GF2X_ELEMENT) - NUM_DIGITS_GF2X_MODULUS; i += 1) {
for (j = DIGIT_SIZE_b - 1; j >= 0; j--) {
@ -95,6 +98,13 @@ static uint8_t byte_reverse_with_64bitDIGIT(uint8_t b) {
return b;
}
/* https://stackoverflow.com/questions/2182002/convert-big-endian-to-little-endian-in-c-without-using-provided-func */
static uint64_t swap_uint64( uint64_t val ) {
val = ((val << 8) & 0xFF00FF00FF00FF00ULL ) | ((val >> 8) & 0x00FF00FF00FF00FFULL );
val = ((val << 16) & 0xFFFF0000FFFF0000ULL ) | ((val >> 16) & 0x0000FFFF0000FFFFULL );
return (val << 32) | (val >> 32);
}
static DIGIT reverse_digit(const DIGIT b) {
int i;
union toReverse_t {
@ -107,7 +117,7 @@ static DIGIT reverse_digit(const DIGIT b) {
toReverse.inByte[i] = byte_reverse_with_64bitDIGIT(toReverse.inByte[i]);
}
return __builtin_bswap64(toReverse.digitValue);
return swap_uint64(toReverse.digitValue);
}
void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) {
@ -127,9 +137,11 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) {
A[i] = rev2;
A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1;
}
/*
if (NUM_DIGITS_GF2X_ELEMENT % 2 == 1) {
A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]);
}
}*/
A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]);
if (slack_bits_amount) {
PQCLEAN_LEDAKEMLT12_CLEAN_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount);
@ -140,24 +152,26 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) {
static void rotate_bit_left(DIGIT in[]) { /* equivalent to x * in(x) mod x^P+1 */
DIGIT mask, rotated_bit;
/*
if (NUM_DIGITS_GF2X_MODULUS == NUM_DIGITS_GF2X_ELEMENT) {
int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1;
mask = ((DIGIT)0x1) << msb_offset_in_digit;
rotated_bit = !!(in[0] & mask);
in[0] &= ~mask; /* clear shifted bit */
in[0] &= ~mask;
left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in);
} else {
/* NUM_DIGITS_GF2X_MODULUS == 1 + NUM_DIGITS_GF2X_ELEMENT and
* MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS == 0
*/
mask = ((DIGIT)0x1) << (DIGIT_SIZE_b - 1);
rotated_bit = !!(in[0] & mask);
in[0] &= ~mask; /* clear shifted bit */
in[0] &= ~mask;
left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in);
}
} */
int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1;
mask = ((DIGIT)0x1) << msb_offset_in_digit;
rotated_bit = !!(in[0] & mask);
in[0] &= ~mask;
left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in);
in[NUM_DIGITS_GF2X_ELEMENT - 1] |= rotated_bit;
}
@ -166,15 +180,15 @@ static void rotate_bit_right(DIGIT in[]) { /* x^{-1} * in(x) mod x^P+1 */
DIGIT rotated_bit = in[NUM_DIGITS_GF2X_ELEMENT - 1] & ((DIGIT)0x1);
right_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in);
/*
if (NUM_DIGITS_GF2X_MODULUS == NUM_DIGITS_GF2X_ELEMENT) {
int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1;
rotated_bit = rotated_bit << msb_offset_in_digit;
} else {
/* NUM_DIGITS_GF2X_MODULUS == 1 + NUM_DIGITS_GF2X_ELEMENT and
* MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS == 0
*/
rotated_bit = rotated_bit << (DIGIT_SIZE_b - 1);
}
} */
int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1;
rotated_bit = rotated_bit << msb_offset_in_digit;
in[0] |= rotated_bit;
}
@ -221,11 +235,13 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) {
v[NUM_DIGITS_GF2X_ELEMENT - 1] = 0x0;
s[NUM_DIGITS_GF2X_MODULUS - 1] = 0x1;
/*
if (MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS == 0) {
mask = 0x1;
} else {
mask = (((DIGIT)0x1) << MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS);
}
}*/
mask = (((DIGIT)0x1) << MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS);
s[0] |= mask;
for (i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0 && in[i] == 0; i--) { };
@ -233,14 +249,18 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) {
return 0;
}
/*
if (NUM_DIGITS_GF2X_MODULUS == 1 + NUM_DIGITS_GF2X_ELEMENT) {
for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 1 ; i--) {
f[i] = in[i - 1];
}
} else { /* they are equal */
} else {
for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 0 ; i--) {
f[i] = in[i];
}
}*/
for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 0 ; i--) {
f[i] = in[i];
}
for (i = 1; i <= 2 * P; i++) {
@ -467,7 +487,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_sparse_block(POSITION_T *pos_ones,
while (placedOnes < countOnes) {
p = rand_range(NUM_BITS_GF2X_ELEMENT,
BITS_TO_REPRESENT(P),
P_BITS,
seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < placedOnes; j++) {
@ -483,15 +503,16 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_sparse_block(POSITION_T *pos_ones,
}
/* Returns random weight-t circulant block */
void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) {
void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(
DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) {
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, BITS_TO_REPRESENT(P),
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) {

Просмотреть файл

@ -7,8 +7,8 @@
#include "gf2x_arith.h"
#include "rng.h"
#define NUM_BITS_GF2X_ELEMENT (P)
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
#define NUM_BITS_GF2X_ELEMENT (P) // 52147
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b) // 815
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ( (P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1 )
#define NUM_BITS_GF2X_MODULUS (P+1)
@ -17,45 +17,7 @@
#define INVALID_POS_VALUE (P)
#define IS_REPRESENTABLE_IN_D_BITS(D, N) \
(((unsigned long) (N) >= (1UL << ((D) - 1)) && (unsigned long) (N) < (1UL << (D))) ? (D) : -1)
#define BITS_TO_REPRESENT(N) \
((N) == 0 ? 1 : (31 \
+ IS_REPRESENTABLE_IN_D_BITS( 1, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 2, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 3, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 4, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 5, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 6, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 7, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 8, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 9, N) \
+ IS_REPRESENTABLE_IN_D_BITS(10, N) \
+ IS_REPRESENTABLE_IN_D_BITS(11, N) \
+ IS_REPRESENTABLE_IN_D_BITS(12, N) \
+ IS_REPRESENTABLE_IN_D_BITS(13, N) \
+ IS_REPRESENTABLE_IN_D_BITS(14, N) \
+ IS_REPRESENTABLE_IN_D_BITS(15, N) \
+ IS_REPRESENTABLE_IN_D_BITS(16, N) \
+ IS_REPRESENTABLE_IN_D_BITS(17, N) \
+ IS_REPRESENTABLE_IN_D_BITS(18, N) \
+ IS_REPRESENTABLE_IN_D_BITS(19, N) \
+ IS_REPRESENTABLE_IN_D_BITS(20, N) \
+ IS_REPRESENTABLE_IN_D_BITS(21, N) \
+ IS_REPRESENTABLE_IN_D_BITS(22, N) \
+ IS_REPRESENTABLE_IN_D_BITS(23, N) \
+ IS_REPRESENTABLE_IN_D_BITS(24, N) \
+ IS_REPRESENTABLE_IN_D_BITS(25, N) \
+ IS_REPRESENTABLE_IN_D_BITS(26, N) \
+ IS_REPRESENTABLE_IN_D_BITS(27, N) \
+ IS_REPRESENTABLE_IN_D_BITS(28, N) \
+ IS_REPRESENTABLE_IN_D_BITS(29, N) \
+ IS_REPRESENTABLE_IN_D_BITS(30, N) \
+ IS_REPRESENTABLE_IN_D_BITS(31, N) \
+ IS_REPRESENTABLE_IN_D_BITS(32, N) \
) \
)
#define P_BITS (16) // log_2(p) = 15.6703
static inline void gf2x_copy(DIGIT dest[], const DIGIT in[]) {

Просмотреть файл

@ -8,11 +8,11 @@
#include <string.h>
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *const pk,
privateKeyNiederreiter_t *const sk,
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
privateKeyNiederreiter_t *sk,
AES_XOF_struct *keys_expander) {
// sequence of N0 circ block matrices (p x p): Hi
// sequence of N0 circ block matrices (p x p): Hi
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
/* Sparse representation of the transposed circulant matrix H,
@ -89,9 +89,10 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *co
}
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT syndrome[], // 1 polynomial
const publicKeyNiederreiter_t *const pk,
const DIGIT err[]) { // N0 polynomials
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT *syndrome, // 1 polynomial
const publicKeyNiederreiter_t *pk,
const DIGIT *err) { // N0 polynomials
int i;
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
@ -108,9 +109,9 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT syndrome[],
}
int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT err[], // N0 circ poly
const privateKeyNiederreiter_t *const sk,
const DIGIT syndrome[]) {
int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, // N0 circ poly
const privateKeyNiederreiter_t *sk,
const DIGIT *syndrome) {
AES_XOF_struct niederreiter_decrypt_expander;
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander,