From d708e6163a4ff5893d1e121ff04854a99e66baf1 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Tue, 15 Sep 2020 13:32:02 -0400 Subject: [PATCH] falcon: satisfy test_boolean --- crypto_sign/falcon-1024/clean/codec.c | 3 ++- crypto_sign/falcon-1024/clean/fpr.h | 4 ++-- crypto_sign/falcon-1024/clean/keygen.c | 30 ++++++++++++++++++++------ crypto_sign/falcon-1024/clean/sign.c | 16 ++++++++------ crypto_sign/falcon-512/clean/codec.c | 3 ++- crypto_sign/falcon-512/clean/fpr.h | 4 ++-- crypto_sign/falcon-512/clean/keygen.c | 30 ++++++++++++++++++++------ crypto_sign/falcon-512/clean/sign.c | 16 ++++++++------ 8 files changed, 74 insertions(+), 32 deletions(-) diff --git a/crypto_sign/falcon-1024/clean/codec.c b/crypto_sign/falcon-1024/clean/codec.c index d9f5de74..9c7754d5 100644 --- a/crypto_sign/falcon-1024/clean/codec.c +++ b/crypto_sign/falcon-1024/clean/codec.c @@ -443,7 +443,8 @@ PQCLEAN_FALCON1024_CLEAN_comp_decode( return 0; } } - x[u] = (int16_t)(s ? -(int)m : (int)m); + x[u] = (int16_t) m; + if (s) x[u] = -x[u]; } return v; } diff --git a/crypto_sign/falcon-1024/clean/fpr.h b/crypto_sign/falcon-1024/clean/fpr.h index c3103dc1..b6f3908f 100644 --- a/crypto_sign/falcon-1024/clean/fpr.h +++ b/crypto_sign/falcon-1024/clean/fpr.h @@ -436,8 +436,8 @@ fpr_lt(fpr x, fpr y) { */ int cc0, cc1; - cc0 = *(int64_t *)&x < *(int64_t *)&y; - cc1 = *(int64_t *)&x > *(int64_t *)&y; + cc0 = ((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; + cc1 = ((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } diff --git a/crypto_sign/falcon-1024/clean/keygen.c b/crypto_sign/falcon-1024/clean/keygen.c index a7246b78..00a9be7e 100644 --- a/crypto_sign/falcon-1024/clean/keygen.c +++ b/crypto_sign/falcon-1024/clean/keygen.c @@ -1902,7 +1902,11 @@ zint_add_scaled_mul_small(uint32_t *x, size_t xlen, * Get the next word of y (scaled). */ v = u - sch; - wy = v < ylen ? y[v] : ysign; + if (v < ylen) { + wy = y[v]; + } else { + wy = ysign; + } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -1960,7 +1964,11 @@ zint_sub_scaled(uint32_t *x, size_t xlen, * Get the next word of y (scaled). */ v = u - sch; - wy = v < ylen ? y[v] : ysign; + if (v < ylen) { + wy = y[v]; + } else { + wy = ysign; + } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -2648,10 +2656,16 @@ make_fg(uint32_t *data, const int8_t *f, const int8_t *g, return; } - for (d = 0; d < depth; d ++) { - make_fg_step(data, logn - d, d, - d != 0, (d + 1) < depth || out_ntt); + if (depth == 0) return; + if (depth == 1) { + make_fg_step(data, logn, 0, 0, out_ntt); + return; } + make_fg_step(data, logn, 0, 0, 1); + for (d = 1; d+1 < depth; d ++) { + make_fg_step(data, logn - d, d, 1, 1); + } + make_fg_step(data, logn-depth+1, depth-1, 1, out_ntt); } /* @@ -3028,7 +3042,8 @@ solve_NTRU_intermediate(unsigned logn_top, * computed so that average maximum length will fall in the * middle or the upper half of these top 10 words. */ - rlen = (slen > 10) ? 10 : slen; + rlen = slen; + if (rlen > 10) rlen = 10; poly_big_to_fp(rt3, ft + slen - rlen, rlen, slen, logn); poly_big_to_fp(rt4, gt + slen - rlen, rlen, slen, logn); @@ -3102,7 +3117,8 @@ solve_NTRU_intermediate(unsigned logn_top, * Convert current F and G into floating-point. We apply * scaling if the current length is more than 10 words. */ - rlen = (FGlen > 10) ? 10 : FGlen; + rlen = FGlen; + if (rlen > 10) rlen = 10; scale_FG = 31 * (int)(FGlen - rlen); poly_big_to_fp(rt1, Ft + FGlen - rlen, rlen, llen, logn); poly_big_to_fp(rt2, Gt + FGlen - rlen, rlen, llen, logn); diff --git a/crypto_sign/falcon-1024/clean/sign.c b/crypto_sign/falcon-1024/clean/sign.c index 10101a68..8baec84e 100644 --- a/crypto_sign/falcon-1024/clean/sign.c +++ b/crypto_sign/falcon-1024/clean/sign.c @@ -1189,9 +1189,11 @@ PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, inner_shake256_context *rng, * Normal sampling. We use a fast PRNG seeded from our * SHAKE context ('rng'). */ - spc.sigma_min = (logn == 10) - ? fpr_sigma_min_10 - : fpr_sigma_min_9; + if (logn == 10) { + spc.sigma_min = fpr_sigma_min_10; + } else { + spc.sigma_min = fpr_sigma_min_9; + } PQCLEAN_FALCON1024_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON1024_CLEAN_sampler; samp_ctx = &spc; @@ -1234,9 +1236,11 @@ PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, inner_shake256_context *rng, * Normal sampling. We use a fast PRNG seeded from our * SHAKE context ('rng'). */ - spc.sigma_min = (logn == 10) - ? fpr_sigma_min_10 - : fpr_sigma_min_9; + if (logn == 10) { + spc.sigma_min = fpr_sigma_min_10; + } else { + spc.sigma_min = fpr_sigma_min_9; + } PQCLEAN_FALCON1024_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON1024_CLEAN_sampler; samp_ctx = &spc; diff --git a/crypto_sign/falcon-512/clean/codec.c b/crypto_sign/falcon-512/clean/codec.c index dda9c975..9c626e4e 100644 --- a/crypto_sign/falcon-512/clean/codec.c +++ b/crypto_sign/falcon-512/clean/codec.c @@ -443,7 +443,8 @@ PQCLEAN_FALCON512_CLEAN_comp_decode( return 0; } } - x[u] = (int16_t)(s ? -(int)m : (int)m); + x[u] = (int16_t) m; + if (s) x[u] = -x[u]; } return v; } diff --git a/crypto_sign/falcon-512/clean/fpr.h b/crypto_sign/falcon-512/clean/fpr.h index f29e55f3..abf8cd34 100644 --- a/crypto_sign/falcon-512/clean/fpr.h +++ b/crypto_sign/falcon-512/clean/fpr.h @@ -436,8 +436,8 @@ fpr_lt(fpr x, fpr y) { */ int cc0, cc1; - cc0 = *(int64_t *)&x < *(int64_t *)&y; - cc1 = *(int64_t *)&x > *(int64_t *)&y; + cc0 = ((*(int64_t *)&x - *(int64_t *)&y) >> 63) & 1; + cc1 = ((*(int64_t *)&y - *(int64_t *)&x) >> 63) & 1; return cc0 ^ ((cc0 ^ cc1) & (int)((x & y) >> 63)); } diff --git a/crypto_sign/falcon-512/clean/keygen.c b/crypto_sign/falcon-512/clean/keygen.c index 8ee73151..cfe59119 100644 --- a/crypto_sign/falcon-512/clean/keygen.c +++ b/crypto_sign/falcon-512/clean/keygen.c @@ -1902,7 +1902,11 @@ zint_add_scaled_mul_small(uint32_t *x, size_t xlen, * Get the next word of y (scaled). */ v = u - sch; - wy = v < ylen ? y[v] : ysign; + if (v < ylen) { + wy = y[v]; + } else { + wy = ysign; + } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -1960,7 +1964,11 @@ zint_sub_scaled(uint32_t *x, size_t xlen, * Get the next word of y (scaled). */ v = u - sch; - wy = v < ylen ? y[v] : ysign; + if (v < ylen) { + wy = y[v]; + } else { + wy = ysign; + } wys = ((wy << scl) & 0x7FFFFFFF) | tw; tw = wy >> (31 - scl); @@ -2648,10 +2656,16 @@ make_fg(uint32_t *data, const int8_t *f, const int8_t *g, return; } - for (d = 0; d < depth; d ++) { - make_fg_step(data, logn - d, d, - d != 0, (d + 1) < depth || out_ntt); + if (depth == 0) return; + if (depth == 1) { + make_fg_step(data, logn, 0, 0, out_ntt); + return; } + make_fg_step(data, logn, 0, 0, 1); + for (d = 1; d+1 < depth; d ++) { + make_fg_step(data, logn - d, d, 1, 1); + } + make_fg_step(data, logn-depth+1, depth-1, 1, out_ntt); } /* @@ -3028,7 +3042,8 @@ solve_NTRU_intermediate(unsigned logn_top, * computed so that average maximum length will fall in the * middle or the upper half of these top 10 words. */ - rlen = (slen > 10) ? 10 : slen; + rlen = slen; + if (rlen > 10) rlen = 10; poly_big_to_fp(rt3, ft + slen - rlen, rlen, slen, logn); poly_big_to_fp(rt4, gt + slen - rlen, rlen, slen, logn); @@ -3102,7 +3117,8 @@ solve_NTRU_intermediate(unsigned logn_top, * Convert current F and G into floating-point. We apply * scaling if the current length is more than 10 words. */ - rlen = (FGlen > 10) ? 10 : FGlen; + rlen = FGlen; + if (rlen > 10) rlen = 10; scale_FG = 31 * (int)(FGlen - rlen); poly_big_to_fp(rt1, Ft + FGlen - rlen, rlen, llen, logn); poly_big_to_fp(rt2, Gt + FGlen - rlen, rlen, llen, logn); diff --git a/crypto_sign/falcon-512/clean/sign.c b/crypto_sign/falcon-512/clean/sign.c index f96ddfe2..ef0adea4 100644 --- a/crypto_sign/falcon-512/clean/sign.c +++ b/crypto_sign/falcon-512/clean/sign.c @@ -1189,9 +1189,11 @@ PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, inner_shake256_context *rng, * Normal sampling. We use a fast PRNG seeded from our * SHAKE context ('rng'). */ - spc.sigma_min = (logn == 10) - ? fpr_sigma_min_10 - : fpr_sigma_min_9; + if (logn == 10) { + spc.sigma_min = fpr_sigma_min_10; + } else { + spc.sigma_min = fpr_sigma_min_9; + } PQCLEAN_FALCON512_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON512_CLEAN_sampler; samp_ctx = &spc; @@ -1234,9 +1236,11 @@ PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, inner_shake256_context *rng, * Normal sampling. We use a fast PRNG seeded from our * SHAKE context ('rng'). */ - spc.sigma_min = (logn == 10) - ? fpr_sigma_min_10 - : fpr_sigma_min_9; + if (logn == 10) { + spc.sigma_min = fpr_sigma_min_10; + } else { + spc.sigma_min = fpr_sigma_min_9; + } PQCLEAN_FALCON512_CLEAN_prng_init(&spc.p, rng); samp = PQCLEAN_FALCON512_CLEAN_sampler; samp_ctx = &spc;