Browse Source
Removed 'restrict' keyword (it's C99, but MSVC 2017 does not support it...). This does not seem to impact performance.
master
Thomas Pornin
5 years ago
10 changed files with 186 additions and 186 deletions
Split View
Diff Options
-
+21 -21crypto_sign/falcon-1024/clean/fft.c
-
+1 -1crypto_sign/falcon-1024/clean/fpr.h
-
+28 -28crypto_sign/falcon-1024/clean/inner.h
-
+21 -21crypto_sign/falcon-1024/clean/keygen.c
-
+22 -22crypto_sign/falcon-1024/clean/sign.c
-
+21 -21crypto_sign/falcon-512/clean/fft.c
-
+1 -1crypto_sign/falcon-512/clean/fpr.h
-
+28 -28crypto_sign/falcon-512/clean/inner.h
-
+21 -21crypto_sign/falcon-512/clean/keygen.c
-
+22 -22crypto_sign/falcon-512/clean/sign.c
+ 21
- 21
crypto_sign/falcon-1024/clean/fft.c
View File
| @@ -345,7 +345,7 @@ PQCLEAN_FALCON1024_CLEAN_iFFT(fpr *f, unsigned logn) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_add( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -357,7 +357,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_add( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_sub( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -391,7 +391,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_adj_fft(fpr *a, unsigned logn) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_mul_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -410,7 +410,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mul_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -461,7 +461,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_div_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -479,8 +479,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_div_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d, | |||
| const fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *d, | |||
| const fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -501,9 +501,9 @@ PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d, | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d, | |||
| const fpr *restrict F, const fpr *restrict G, | |||
| const fpr *restrict f, const fpr *restrict g, unsigned logn) { | |||
| PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *d, | |||
| const fpr *F, const fpr *G, | |||
| const fpr *f, const fpr *g, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -532,7 +532,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d, | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -546,7 +546,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -563,8 +563,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft( | |||
| const fpr *restrict g00, | |||
| fpr *restrict g01, fpr *restrict g11, unsigned logn) { | |||
| const fpr *g00, | |||
| fpr *g01, fpr *g11, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -590,9 +590,9 @@ PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft( | |||
| fpr *restrict d11, fpr *restrict l10, | |||
| const fpr *restrict g00, const fpr *restrict g01, | |||
| const fpr *restrict g11, unsigned logn) { | |||
| fpr *d11, fpr *l10, | |||
| const fpr *g00, const fpr *g01, | |||
| const fpr *g11, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -618,8 +618,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_split_fft( | |||
| fpr *restrict f0, fpr *restrict f1, | |||
| const fpr *restrict f, unsigned logn) { | |||
| fpr *f0, fpr *f1, | |||
| const fpr *f, unsigned logn) { | |||
| /* | |||
| * The FFT representation we use is in bit-reversed order | |||
| * (element i contains f(w^(rev(i))), where rev() is the | |||
| @@ -666,8 +666,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_split_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_poly_merge_fft( | |||
| fpr *restrict f, | |||
| const fpr *restrict f0, const fpr *restrict f1, unsigned logn) { | |||
| fpr *f, | |||
| const fpr *f0, const fpr *f1, unsigned logn) { | |||
| size_t n, hn, qn, u; | |||
| n = (size_t)1 << logn; | |||
+ 1
- 1
crypto_sign/falcon-1024/clean/fpr.h
View File
| @@ -287,7 +287,7 @@ fpr_rint(fpr x) { | |||
| return ((int64_t)m ^ -(int64_t)s) + (int64_t)s; | |||
| } | |||
| static inline long | |||
| static inline int64_t | |||
| fpr_floor(fpr x) { | |||
| uint64_t t; | |||
| int64_t xi; | |||
+ 28
- 28
crypto_sign/falcon-1024/clean/inner.h
View File
| @@ -453,13 +453,13 @@ void PQCLEAN_FALCON1024_CLEAN_iFFT(fpr *f, unsigned logn); | |||
| * Add polynomial b to polynomial a. a and b MUST NOT overlap. This | |||
| * function works in both normal and FFT representations. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_add(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_add(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Subtract polynomial b from polynomial a. a and b MUST NOT overlap. This | |||
| * function works in both normal and FFT representations. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_sub(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_sub(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Negate polynomial a. This function works in both normal and FFT | |||
| @@ -477,13 +477,13 @@ void PQCLEAN_FALCON1024_CLEAN_poly_adj_fft(fpr *a, unsigned logn); | |||
| * Multiply polynomial a with polynomial b. a and b MUST NOT overlap. | |||
| * This function works only in FFT representation. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Multiply polynomial a with the adjoint of polynomial b. a and b MUST NOT | |||
| * overlap. This function works only in FFT representation. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Multiply polynomial with its own adjoint. This function works only in FFT | |||
| @@ -501,7 +501,7 @@ void PQCLEAN_FALCON1024_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn); | |||
| * Divide polynomial a by polynomial b, modulo X^N+1 (FFT representation). | |||
| * a and b MUST NOT overlap. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Given f and g (in FFT representation), compute 1/(f*adj(f)+g*adj(g)) | |||
| @@ -511,17 +511,17 @@ void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict | |||
| * | |||
| * Array d MUST NOT overlap with either a or b. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d, | |||
| const fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *d, | |||
| const fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Given F, G, f and g (in FFT representation), compute F*adj(f)+G*adj(g) | |||
| * (also in FFT representation). Destination d MUST NOT overlap with | |||
| * any of the source arrays. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d, | |||
| const fpr *restrict F, const fpr *restrict G, | |||
| const fpr *restrict f, const fpr *restrict g, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *d, | |||
| const fpr *F, const fpr *G, | |||
| const fpr *f, const fpr *g, unsigned logn); | |||
| /* | |||
| * Multiply polynomial a by polynomial b, where b is autoadjoint. Both | |||
| @@ -529,8 +529,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d, | |||
| * FFT coefficients are real, and the array b contains only N/2 elements. | |||
| * a and b MUST NOT overlap. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *restrict a, | |||
| const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *a, | |||
| const fpr *b, unsigned logn); | |||
| /* | |||
| * Divide polynomial a by polynomial b, where b is autoadjoint. Both | |||
| @@ -538,8 +538,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *restrict a, | |||
| * FFT coefficients are real, and the array b contains only N/2 elements. | |||
| * a and b MUST NOT overlap. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *restrict a, | |||
| const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *a, | |||
| const fpr *b, unsigned logn); | |||
| /* | |||
| * Perform an LDL decomposition of an auto-adjoint matrix G, in FFT | |||
| @@ -549,8 +549,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *restrict a, | |||
| * (with D = [[d00, 0], [0, d11]] and L = [[1, 0], [l10, 1]]). | |||
| * (In fact, d00 = g00, so the g00 operand is left unmodified.) | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *restrict g00, | |||
| fpr *restrict g01, fpr *restrict g11, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *g00, | |||
| fpr *g01, fpr *g11, unsigned logn); | |||
| /* | |||
| * Perform an LDL decomposition of an auto-adjoint matrix G, in FFT | |||
| @@ -558,17 +558,17 @@ void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *restrict g00, | |||
| * g00, g01 and g11 are unmodified; the outputs d11 and l10 are written | |||
| * in two other separate buffers provided as extra parameters. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10, | |||
| const fpr *restrict g00, const fpr *restrict g01, | |||
| const fpr *restrict g11, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *d11, fpr *l10, | |||
| const fpr *g00, const fpr *g01, | |||
| const fpr *g11, unsigned logn); | |||
| /* | |||
| * Apply "split" operation on a polynomial in FFT representation: | |||
| * f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1 | |||
| * (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, | |||
| const fpr *restrict f, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *f0, fpr *f1, | |||
| const fpr *f, unsigned logn); | |||
| /* | |||
| * Apply "merge" operation on two polynomials in FFT representation: | |||
| @@ -576,8 +576,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, | |||
| * f = f0(x^2) + x*f1(x^2), in FFT representation modulo X^N+1. | |||
| * f MUST NOT overlap with either f0 or f1. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(fpr *restrict f, | |||
| const fpr *restrict f0, const fpr *restrict f1, unsigned logn); | |||
| void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(fpr *f, | |||
| const fpr *f0, const fpr *f1, unsigned logn); | |||
| /* ==================================================================== */ | |||
| /* | |||
| @@ -625,9 +625,9 @@ void PQCLEAN_FALCON1024_CLEAN_keygen(shake256_context *rng, | |||
| * | |||
| * The tmp[] array must have room for at least 48*2^logn bytes. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key, | |||
| void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *expanded_key, | |||
| const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G, | |||
| unsigned logn, uint8_t *restrict tmp); | |||
| unsigned logn, uint8_t *tmp); | |||
| /* | |||
| * Compute a signature over the provided hashed message (hm); the | |||
| @@ -639,7 +639,7 @@ void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key, | |||
| * The minimal size (in bytes) of tmp[] is 48*2^logn bytes. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, | |||
| const fpr *restrict expanded_key, | |||
| const fpr *expanded_key, | |||
| const uint16_t *hm, unsigned logn, uint8_t *tmp); | |||
| /* | |||
| @@ -654,8 +654,8 @@ void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, | |||
| * The minimal size (in bytes) of tmp[] is 72*2^logn bytes. | |||
| */ | |||
| void PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng, | |||
| const int8_t *restrict f, const int8_t *restrict g, | |||
| const int8_t *restrict F, const int8_t *restrict G, | |||
| const int8_t *f, const int8_t *g, | |||
| const int8_t *F, const int8_t *G, | |||
| const uint16_t *hm, unsigned logn, uint8_t *tmp); | |||
| /* ==================================================================== */ | |||
+ 21
- 21
crypto_sign/falcon-1024/clean/keygen.c
View File
| @@ -928,7 +928,7 @@ static const uint16_t REV10[] = { | |||
| * p must be a prime such that p = 1 mod 2048. | |||
| */ | |||
| static void | |||
| modp_mkgm2(uint32_t *restrict gm, uint32_t *restrict igm, unsigned logn, | |||
| modp_mkgm2(uint32_t *gm, uint32_t *igm, unsigned logn, | |||
| uint32_t g, uint32_t p, uint32_t p0i) { | |||
| size_t u, n; | |||
| unsigned k; | |||
| @@ -1129,7 +1129,7 @@ modp_poly_rec_res(uint32_t *f, unsigned logn, | |||
| * still performed, and the carry is computed and returned. | |||
| */ | |||
| static uint32_t | |||
| zint_sub(uint32_t *restrict a, const uint32_t *restrict b, size_t len, | |||
| zint_sub(uint32_t *a, const uint32_t *b, size_t len, | |||
| uint32_t ctl) { | |||
| size_t u; | |||
| uint32_t cc, m; | |||
| @@ -1225,8 +1225,8 @@ zint_mod_small_signed(const uint32_t *d, size_t dlen, | |||
| * not overlap. | |||
| */ | |||
| static void | |||
| zint_add_mul_small(uint32_t *restrict x, | |||
| const uint32_t *restrict y, size_t len, uint32_t s) { | |||
| zint_add_mul_small(uint32_t *x, | |||
| const uint32_t *y, size_t len, uint32_t s) { | |||
| size_t u; | |||
| uint32_t cc; | |||
| @@ -1250,7 +1250,7 @@ zint_add_mul_small(uint32_t *restrict x, | |||
| * untouched. The two integers x and p are encoded over the same length. | |||
| */ | |||
| static void | |||
| zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) { | |||
| zint_norm_zero(uint32_t *x, const uint32_t *p, size_t len) { | |||
| size_t u; | |||
| uint32_t r, bb; | |||
| @@ -1310,9 +1310,9 @@ zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) { | |||
| * small prime moduli); two's complement is used for negative values. | |||
| */ | |||
| static void | |||
| zint_rebuild_CRT(uint32_t *restrict xx, size_t xlen, size_t xstride, | |||
| zint_rebuild_CRT(uint32_t *xx, size_t xlen, size_t xstride, | |||
| size_t num, const small_prime *primes, int normalize_signed, | |||
| uint32_t *restrict tmp) { | |||
| uint32_t *tmp) { | |||
| size_t u; | |||
| uint32_t *x; | |||
| @@ -1554,9 +1554,9 @@ zint_co_reduce_mod(uint32_t *a, uint32_t *b, const uint32_t *m, size_t len, | |||
| * each other, or with either x or y. | |||
| */ | |||
| static int | |||
| zint_bezout(uint32_t *restrict u, uint32_t *restrict v, | |||
| const uint32_t *restrict x, const uint32_t *restrict y, | |||
| size_t len, uint32_t *restrict tmp) { | |||
| zint_bezout(uint32_t *u, uint32_t *v, | |||
| const uint32_t *x, const uint32_t *y, | |||
| size_t len, uint32_t *tmp) { | |||
| /* | |||
| * Algorithm is an extended binary GCD. We maintain 6 values | |||
| * a, b, u0, u1, v0 and v1 with the following invariants: | |||
| @@ -1879,8 +1879,8 @@ zint_bezout(uint32_t *restrict u, uint32_t *restrict v, | |||
| * negative values. | |||
| */ | |||
| static void | |||
| zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen, | |||
| const uint32_t *restrict y, size_t ylen, int32_t k, | |||
| zint_add_scaled_mul_small(uint32_t *x, size_t xlen, | |||
| const uint32_t *y, size_t ylen, int32_t k, | |||
| uint32_t sch, uint32_t scl) { | |||
| size_t u; | |||
| uint32_t ysign, tw; | |||
| @@ -1939,8 +1939,8 @@ zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen, | |||
| * negative values. | |||
| */ | |||
| static void | |||
| zint_sub_scaled(uint32_t *restrict x, size_t xlen, | |||
| const uint32_t *restrict y, size_t ylen, uint32_t sch, uint32_t scl) { | |||
| zint_sub_scaled(uint32_t *x, size_t xlen, | |||
| const uint32_t *y, size_t ylen, uint32_t sch, uint32_t scl) { | |||
| size_t u; | |||
| uint32_t ysign, tw; | |||
| uint32_t cc; | |||
| @@ -2073,9 +2073,9 @@ poly_big_to_small(int8_t *d, const uint32_t *s, int lim, unsigned logn) { | |||
| * high degree. | |||
| */ | |||
| static void | |||
| poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride, | |||
| const uint32_t *restrict f, size_t flen, size_t fstride, | |||
| const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn) { | |||
| poly_sub_scaled(uint32_t *F, size_t Flen, size_t Fstride, | |||
| const uint32_t *f, size_t flen, size_t fstride, | |||
| const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn) { | |||
| size_t n, u; | |||
| n = MKN(logn); | |||
| @@ -2109,10 +2109,10 @@ poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride, | |||
| * The value sc is provided as sch = sc / 31 and scl = sc % 31. | |||
| */ | |||
| static void | |||
| poly_sub_scaled_ntt(uint32_t *restrict F, size_t Flen, size_t Fstride, | |||
| const uint32_t *restrict f, size_t flen, size_t fstride, | |||
| const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn, | |||
| uint32_t *restrict tmp) { | |||
| poly_sub_scaled_ntt(uint32_t *F, size_t Flen, size_t Fstride, | |||
| const uint32_t *f, size_t flen, size_t fstride, | |||
| const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn, | |||
| uint32_t *tmp) { | |||
| uint32_t *gm, *igm, *fk, *t1, *x; | |||
| const uint32_t *y; | |||
| size_t n, u, tlen; | |||
+ 22
- 22
crypto_sign/falcon-1024/clean/sign.c
View File
| @@ -71,8 +71,8 @@ ffLDL_treesize(unsigned logn) { | |||
| * tmp[] must have room for at least one polynomial. | |||
| */ | |||
| static void | |||
| ffLDL_fft_inner(fpr *restrict tree, | |||
| fpr *restrict g0, fpr *restrict g1, unsigned logn, fpr *restrict tmp) { | |||
| ffLDL_fft_inner(fpr *tree, | |||
| fpr *g0, fpr *g1, unsigned logn, fpr *tmp) { | |||
| size_t n, hn; | |||
| n = MKN(logn); | |||
| @@ -120,9 +120,9 @@ ffLDL_fft_inner(fpr *restrict tree, | |||
| * polynomials of 2^logn elements each. | |||
| */ | |||
| static void | |||
| ffLDL_fft(fpr *restrict tree, const fpr *restrict g00, | |||
| const fpr *restrict g01, const fpr *restrict g11, | |||
| unsigned logn, fpr *restrict tmp) { | |||
| ffLDL_fft(fpr *tree, const fpr *g00, | |||
| const fpr *g01, const fpr *g11, | |||
| unsigned logn, fpr *tmp) { | |||
| size_t n, hn; | |||
| fpr *d00, *d11; | |||
| @@ -224,10 +224,10 @@ skoff_tree(unsigned logn) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key, | |||
| PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *expanded_key, | |||
| const int8_t *f, const int8_t *g, | |||
| const int8_t *F, const int8_t *G, | |||
| unsigned logn, uint8_t *restrict tmp) { | |||
| unsigned logn, uint8_t *tmp) { | |||
| size_t n; | |||
| fpr *rf, *rg, *rF, *rG; | |||
| fpr *b00, *b01, *b10, *b11; | |||
| @@ -319,9 +319,9 @@ typedef int (*samplerZ)(void *ctx, fpr mu, fpr sigma); | |||
| */ | |||
| static void | |||
| ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx, | |||
| fpr *restrict t0, fpr *restrict t1, | |||
| fpr *restrict g00, fpr *restrict g01, fpr *restrict g11, | |||
| unsigned logn, fpr *restrict tmp) { | |||
| fpr *t0, fpr *t1, | |||
| fpr *g00, fpr *g01, fpr *g11, | |||
| unsigned logn, fpr *tmp) { | |||
| size_t n, hn; | |||
| fpr *z0, *z1; | |||
| @@ -410,10 +410,10 @@ ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx, | |||
| */ | |||
| static void | |||
| ffSampling_fft(samplerZ samp, void *samp_ctx, | |||
| fpr *restrict z0, fpr *restrict z1, | |||
| const fpr *restrict tree, | |||
| const fpr *restrict t0, const fpr *restrict t1, unsigned logn, | |||
| fpr *restrict tmp) { | |||
| fpr *z0, fpr *z1, | |||
| const fpr *tree, | |||
| const fpr *t0, const fpr *t1, unsigned logn, | |||
| fpr *tmp) { | |||
| size_t n, hn; | |||
| const fpr *tree0, *tree1; | |||
| @@ -471,9 +471,9 @@ ffSampling_fft(samplerZ samp, void *samp_ctx, | |||
| */ | |||
| static uint32_t | |||
| do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2, | |||
| const fpr *restrict expanded_key, | |||
| const fpr *expanded_key, | |||
| const uint16_t *hm, | |||
| unsigned logn, fpr *restrict tmp) { | |||
| unsigned logn, fpr *tmp) { | |||
| size_t n, u; | |||
| fpr *t0, *t1, *tx, *ty; | |||
| const fpr *b00, *b01, *b10, *b11, *tree; | |||
| @@ -568,9 +568,9 @@ do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2, | |||
| */ | |||
| static uint32_t | |||
| do_sign_dyn(samplerZ samp, void *samp_ctx, int16_t *s2, | |||
| const int8_t *restrict f, const int8_t *restrict g, | |||
| const int8_t *restrict F, const int8_t *restrict G, | |||
| const uint16_t *hm, unsigned logn, fpr *restrict tmp) { | |||
| const int8_t *f, const int8_t *g, | |||
| const int8_t *F, const int8_t *G, | |||
| const uint16_t *hm, unsigned logn, fpr *tmp) { | |||
| size_t n, u; | |||
| fpr *t0, *t1, *tx, *ty; | |||
| fpr *b00, *b01, *b10, *b11, *g00, *g01, *g11; | |||
| @@ -965,7 +965,7 @@ sampler(void *ctx, fpr mu, fpr isigma) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, | |||
| const fpr *restrict expanded_key, | |||
| const fpr *expanded_key, | |||
| const uint16_t *hm, unsigned logn, uint8_t *tmp) { | |||
| fpr *ftmp; | |||
| @@ -1019,8 +1019,8 @@ PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng, | |||
| const int8_t *restrict f, const int8_t *restrict g, | |||
| const int8_t *restrict F, const int8_t *restrict G, | |||
| const int8_t *f, const int8_t *g, | |||
| const int8_t *F, const int8_t *G, | |||
| const uint16_t *hm, unsigned logn, uint8_t *tmp) { | |||
| fpr *ftmp; | |||
+ 21
- 21
crypto_sign/falcon-512/clean/fft.c
View File
| @@ -345,7 +345,7 @@ PQCLEAN_FALCON512_CLEAN_iFFT(fpr *f, unsigned logn) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_add( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -357,7 +357,7 @@ PQCLEAN_FALCON512_CLEAN_poly_add( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_sub( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -391,7 +391,7 @@ PQCLEAN_FALCON512_CLEAN_poly_adj_fft(fpr *a, unsigned logn) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_mul_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -410,7 +410,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mul_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_muladj_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -461,7 +461,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_div_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -479,8 +479,8 @@ PQCLEAN_FALCON512_CLEAN_poly_div_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d, | |||
| const fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *d, | |||
| const fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -501,9 +501,9 @@ PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d, | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d, | |||
| const fpr *restrict F, const fpr *restrict G, | |||
| const fpr *restrict f, const fpr *restrict g, unsigned logn) { | |||
| PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *d, | |||
| const fpr *F, const fpr *G, | |||
| const fpr *f, const fpr *g, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -532,7 +532,7 @@ PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d, | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -546,7 +546,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft( | |||
| fpr *restrict a, const fpr *restrict b, unsigned logn) { | |||
| fpr *a, const fpr *b, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -563,8 +563,8 @@ PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_LDL_fft( | |||
| const fpr *restrict g00, | |||
| fpr *restrict g01, fpr *restrict g11, unsigned logn) { | |||
| const fpr *g00, | |||
| fpr *g01, fpr *g11, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -590,9 +590,9 @@ PQCLEAN_FALCON512_CLEAN_poly_LDL_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft( | |||
| fpr *restrict d11, fpr *restrict l10, | |||
| const fpr *restrict g00, const fpr *restrict g01, | |||
| const fpr *restrict g11, unsigned logn) { | |||
| fpr *d11, fpr *l10, | |||
| const fpr *g00, const fpr *g01, | |||
| const fpr *g11, unsigned logn) { | |||
| size_t n, hn, u; | |||
| n = (size_t)1 << logn; | |||
| @@ -618,8 +618,8 @@ PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_split_fft( | |||
| fpr *restrict f0, fpr *restrict f1, | |||
| const fpr *restrict f, unsigned logn) { | |||
| fpr *f0, fpr *f1, | |||
| const fpr *f, unsigned logn) { | |||
| /* | |||
| * The FFT representation we use is in bit-reversed order | |||
| * (element i contains f(w^(rev(i))), where rev() is the | |||
| @@ -666,8 +666,8 @@ PQCLEAN_FALCON512_CLEAN_poly_split_fft( | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_poly_merge_fft( | |||
| fpr *restrict f, | |||
| const fpr *restrict f0, const fpr *restrict f1, unsigned logn) { | |||
| fpr *f, | |||
| const fpr *f0, const fpr *f1, unsigned logn) { | |||
| size_t n, hn, qn, u; | |||
| n = (size_t)1 << logn; | |||
+ 1
- 1
crypto_sign/falcon-512/clean/fpr.h
View File
| @@ -287,7 +287,7 @@ fpr_rint(fpr x) { | |||
| return ((int64_t)m ^ -(int64_t)s) + (int64_t)s; | |||
| } | |||
| static inline long | |||
| static inline int64_t | |||
| fpr_floor(fpr x) { | |||
| uint64_t t; | |||
| int64_t xi; | |||
+ 28
- 28
crypto_sign/falcon-512/clean/inner.h
View File
| @@ -453,13 +453,13 @@ void PQCLEAN_FALCON512_CLEAN_iFFT(fpr *f, unsigned logn); | |||
| * Add polynomial b to polynomial a. a and b MUST NOT overlap. This | |||
| * function works in both normal and FFT representations. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_add(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_add(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Subtract polynomial b from polynomial a. a and b MUST NOT overlap. This | |||
| * function works in both normal and FFT representations. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_sub(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_sub(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Negate polynomial a. This function works in both normal and FFT | |||
| @@ -477,13 +477,13 @@ void PQCLEAN_FALCON512_CLEAN_poly_adj_fft(fpr *a, unsigned logn); | |||
| * Multiply polynomial a with polynomial b. a and b MUST NOT overlap. | |||
| * This function works only in FFT representation. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_mul_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_mul_fft(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Multiply polynomial a with the adjoint of polynomial b. a and b MUST NOT | |||
| * overlap. This function works only in FFT representation. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Multiply polynomial with its own adjoint. This function works only in FFT | |||
| @@ -501,7 +501,7 @@ void PQCLEAN_FALCON512_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn); | |||
| * Divide polynomial a by polynomial b, modulo X^N+1 (FFT representation). | |||
| * a and b MUST NOT overlap. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Given f and g (in FFT representation), compute 1/(f*adj(f)+g*adj(g)) | |||
| @@ -511,17 +511,17 @@ void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b | |||
| * | |||
| * Array d MUST NOT overlap with either a or b. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d, | |||
| const fpr *restrict a, const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *d, | |||
| const fpr *a, const fpr *b, unsigned logn); | |||
| /* | |||
| * Given F, G, f and g (in FFT representation), compute F*adj(f)+G*adj(g) | |||
| * (also in FFT representation). Destination d MUST NOT overlap with | |||
| * any of the source arrays. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d, | |||
| const fpr *restrict F, const fpr *restrict G, | |||
| const fpr *restrict f, const fpr *restrict g, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *d, | |||
| const fpr *F, const fpr *G, | |||
| const fpr *f, const fpr *g, unsigned logn); | |||
| /* | |||
| * Multiply polynomial a by polynomial b, where b is autoadjoint. Both | |||
| @@ -529,8 +529,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d, | |||
| * FFT coefficients are real, and the array b contains only N/2 elements. | |||
| * a and b MUST NOT overlap. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *restrict a, | |||
| const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *a, | |||
| const fpr *b, unsigned logn); | |||
| /* | |||
| * Divide polynomial a by polynomial b, where b is autoadjoint. Both | |||
| @@ -538,8 +538,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *restrict a, | |||
| * FFT coefficients are real, and the array b contains only N/2 elements. | |||
| * a and b MUST NOT overlap. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *restrict a, | |||
| const fpr *restrict b, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *a, | |||
| const fpr *b, unsigned logn); | |||
| /* | |||
| * Perform an LDL decomposition of an auto-adjoint matrix G, in FFT | |||
| @@ -549,8 +549,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *restrict a, | |||
| * (with D = [[d00, 0], [0, d11]] and L = [[1, 0], [l10, 1]]). | |||
| * (In fact, d00 = g00, so the g00 operand is left unmodified.) | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *restrict g00, | |||
| fpr *restrict g01, fpr *restrict g11, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *g00, | |||
| fpr *g01, fpr *g11, unsigned logn); | |||
| /* | |||
| * Perform an LDL decomposition of an auto-adjoint matrix G, in FFT | |||
| @@ -558,17 +558,17 @@ void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *restrict g00, | |||
| * g00, g01 and g11 are unmodified; the outputs d11 and l10 are written | |||
| * in two other separate buffers provided as extra parameters. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10, | |||
| const fpr *restrict g00, const fpr *restrict g01, | |||
| const fpr *restrict g11, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *d11, fpr *l10, | |||
| const fpr *g00, const fpr *g01, | |||
| const fpr *g11, unsigned logn); | |||
| /* | |||
| * Apply "split" operation on a polynomial in FFT representation: | |||
| * f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1 | |||
| * (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, | |||
| const fpr *restrict f, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *f0, fpr *f1, | |||
| const fpr *f, unsigned logn); | |||
| /* | |||
| * Apply "merge" operation on two polynomials in FFT representation: | |||
| @@ -576,8 +576,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, | |||
| * f = f0(x^2) + x*f1(x^2), in FFT representation modulo X^N+1. | |||
| * f MUST NOT overlap with either f0 or f1. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_poly_merge_fft(fpr *restrict f, | |||
| const fpr *restrict f0, const fpr *restrict f1, unsigned logn); | |||
| void PQCLEAN_FALCON512_CLEAN_poly_merge_fft(fpr *f, | |||
| const fpr *f0, const fpr *f1, unsigned logn); | |||
| /* ==================================================================== */ | |||
| /* | |||
| @@ -625,9 +625,9 @@ void PQCLEAN_FALCON512_CLEAN_keygen(shake256_context *rng, | |||
| * | |||
| * The tmp[] array must have room for at least 48*2^logn bytes. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key, | |||
| void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *expanded_key, | |||
| const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G, | |||
| unsigned logn, uint8_t *restrict tmp); | |||
| unsigned logn, uint8_t *tmp); | |||
| /* | |||
| * Compute a signature over the provided hashed message (hm); the | |||
| @@ -639,7 +639,7 @@ void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key, | |||
| * The minimal size (in bytes) of tmp[] is 48*2^logn bytes. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, | |||
| const fpr *restrict expanded_key, | |||
| const fpr *expanded_key, | |||
| const uint16_t *hm, unsigned logn, uint8_t *tmp); | |||
| /* | |||
| @@ -654,8 +654,8 @@ void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, | |||
| * The minimal size (in bytes) of tmp[] is 72*2^logn bytes. | |||
| */ | |||
| void PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng, | |||
| const int8_t *restrict f, const int8_t *restrict g, | |||
| const int8_t *restrict F, const int8_t *restrict G, | |||
| const int8_t *f, const int8_t *g, | |||
| const int8_t *F, const int8_t *G, | |||
| const uint16_t *hm, unsigned logn, uint8_t *tmp); | |||
| /* ==================================================================== */ | |||
+ 21
- 21
crypto_sign/falcon-512/clean/keygen.c
View File
| @@ -928,7 +928,7 @@ static const uint16_t REV10[] = { | |||
| * p must be a prime such that p = 1 mod 2048. | |||
| */ | |||
| static void | |||
| modp_mkgm2(uint32_t *restrict gm, uint32_t *restrict igm, unsigned logn, | |||
| modp_mkgm2(uint32_t *gm, uint32_t *igm, unsigned logn, | |||
| uint32_t g, uint32_t p, uint32_t p0i) { | |||
| size_t u, n; | |||
| unsigned k; | |||
| @@ -1129,7 +1129,7 @@ modp_poly_rec_res(uint32_t *f, unsigned logn, | |||
| * still performed, and the carry is computed and returned. | |||
| */ | |||
| static uint32_t | |||
| zint_sub(uint32_t *restrict a, const uint32_t *restrict b, size_t len, | |||
| zint_sub(uint32_t *a, const uint32_t *b, size_t len, | |||
| uint32_t ctl) { | |||
| size_t u; | |||
| uint32_t cc, m; | |||
| @@ -1225,8 +1225,8 @@ zint_mod_small_signed(const uint32_t *d, size_t dlen, | |||
| * not overlap. | |||
| */ | |||
| static void | |||
| zint_add_mul_small(uint32_t *restrict x, | |||
| const uint32_t *restrict y, size_t len, uint32_t s) { | |||
| zint_add_mul_small(uint32_t *x, | |||
| const uint32_t *y, size_t len, uint32_t s) { | |||
| size_t u; | |||
| uint32_t cc; | |||
| @@ -1250,7 +1250,7 @@ zint_add_mul_small(uint32_t *restrict x, | |||
| * untouched. The two integers x and p are encoded over the same length. | |||
| */ | |||
| static void | |||
| zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) { | |||
| zint_norm_zero(uint32_t *x, const uint32_t *p, size_t len) { | |||
| size_t u; | |||
| uint32_t r, bb; | |||
| @@ -1310,9 +1310,9 @@ zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) { | |||
| * small prime moduli); two's complement is used for negative values. | |||
| */ | |||
| static void | |||
| zint_rebuild_CRT(uint32_t *restrict xx, size_t xlen, size_t xstride, | |||
| zint_rebuild_CRT(uint32_t *xx, size_t xlen, size_t xstride, | |||
| size_t num, const small_prime *primes, int normalize_signed, | |||
| uint32_t *restrict tmp) { | |||
| uint32_t *tmp) { | |||
| size_t u; | |||
| uint32_t *x; | |||
| @@ -1554,9 +1554,9 @@ zint_co_reduce_mod(uint32_t *a, uint32_t *b, const uint32_t *m, size_t len, | |||
| * each other, or with either x or y. | |||
| */ | |||
| static int | |||
| zint_bezout(uint32_t *restrict u, uint32_t *restrict v, | |||
| const uint32_t *restrict x, const uint32_t *restrict y, | |||
| size_t len, uint32_t *restrict tmp) { | |||
| zint_bezout(uint32_t *u, uint32_t *v, | |||
| const uint32_t *x, const uint32_t *y, | |||
| size_t len, uint32_t *tmp) { | |||
| /* | |||
| * Algorithm is an extended binary GCD. We maintain 6 values | |||
| * a, b, u0, u1, v0 and v1 with the following invariants: | |||
| @@ -1879,8 +1879,8 @@ zint_bezout(uint32_t *restrict u, uint32_t *restrict v, | |||
| * negative values. | |||
| */ | |||
| static void | |||
| zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen, | |||
| const uint32_t *restrict y, size_t ylen, int32_t k, | |||
| zint_add_scaled_mul_small(uint32_t *x, size_t xlen, | |||
| const uint32_t *y, size_t ylen, int32_t k, | |||
| uint32_t sch, uint32_t scl) { | |||
| size_t u; | |||
| uint32_t ysign, tw; | |||
| @@ -1939,8 +1939,8 @@ zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen, | |||
| * negative values. | |||
| */ | |||
| static void | |||
| zint_sub_scaled(uint32_t *restrict x, size_t xlen, | |||
| const uint32_t *restrict y, size_t ylen, uint32_t sch, uint32_t scl) { | |||
| zint_sub_scaled(uint32_t *x, size_t xlen, | |||
| const uint32_t *y, size_t ylen, uint32_t sch, uint32_t scl) { | |||
| size_t u; | |||
| uint32_t ysign, tw; | |||
| uint32_t cc; | |||
| @@ -2073,9 +2073,9 @@ poly_big_to_small(int8_t *d, const uint32_t *s, int lim, unsigned logn) { | |||
| * high degree. | |||
| */ | |||
| static void | |||
| poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride, | |||
| const uint32_t *restrict f, size_t flen, size_t fstride, | |||
| const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn) { | |||
| poly_sub_scaled(uint32_t *F, size_t Flen, size_t Fstride, | |||
| const uint32_t *f, size_t flen, size_t fstride, | |||
| const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn) { | |||
| size_t n, u; | |||
| n = MKN(logn); | |||
| @@ -2109,10 +2109,10 @@ poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride, | |||
| * The value sc is provided as sch = sc / 31 and scl = sc % 31. | |||
| */ | |||
| static void | |||
| poly_sub_scaled_ntt(uint32_t *restrict F, size_t Flen, size_t Fstride, | |||
| const uint32_t *restrict f, size_t flen, size_t fstride, | |||
| const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn, | |||
| uint32_t *restrict tmp) { | |||
| poly_sub_scaled_ntt(uint32_t *F, size_t Flen, size_t Fstride, | |||
| const uint32_t *f, size_t flen, size_t fstride, | |||
| const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn, | |||
| uint32_t *tmp) { | |||
| uint32_t *gm, *igm, *fk, *t1, *x; | |||
| const uint32_t *y; | |||
| size_t n, u, tlen; | |||
+ 22
- 22
crypto_sign/falcon-512/clean/sign.c
View File
| @@ -71,8 +71,8 @@ ffLDL_treesize(unsigned logn) { | |||
| * tmp[] must have room for at least one polynomial. | |||
| */ | |||
| static void | |||
| ffLDL_fft_inner(fpr *restrict tree, | |||
| fpr *restrict g0, fpr *restrict g1, unsigned logn, fpr *restrict tmp) { | |||
| ffLDL_fft_inner(fpr *tree, | |||
| fpr *g0, fpr *g1, unsigned logn, fpr *tmp) { | |||
| size_t n, hn; | |||
| n = MKN(logn); | |||
| @@ -120,9 +120,9 @@ ffLDL_fft_inner(fpr *restrict tree, | |||
| * polynomials of 2^logn elements each. | |||
| */ | |||
| static void | |||
| ffLDL_fft(fpr *restrict tree, const fpr *restrict g00, | |||
| const fpr *restrict g01, const fpr *restrict g11, | |||
| unsigned logn, fpr *restrict tmp) { | |||
| ffLDL_fft(fpr *tree, const fpr *g00, | |||
| const fpr *g01, const fpr *g11, | |||
| unsigned logn, fpr *tmp) { | |||
| size_t n, hn; | |||
| fpr *d00, *d11; | |||
| @@ -224,10 +224,10 @@ skoff_tree(unsigned logn) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key, | |||
| PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *expanded_key, | |||
| const int8_t *f, const int8_t *g, | |||
| const int8_t *F, const int8_t *G, | |||
| unsigned logn, uint8_t *restrict tmp) { | |||
| unsigned logn, uint8_t *tmp) { | |||
| size_t n; | |||
| fpr *rf, *rg, *rF, *rG; | |||
| fpr *b00, *b01, *b10, *b11; | |||
| @@ -319,9 +319,9 @@ typedef int (*samplerZ)(void *ctx, fpr mu, fpr sigma); | |||
| */ | |||
| static void | |||
| ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx, | |||
| fpr *restrict t0, fpr *restrict t1, | |||
| fpr *restrict g00, fpr *restrict g01, fpr *restrict g11, | |||
| unsigned logn, fpr *restrict tmp) { | |||
| fpr *t0, fpr *t1, | |||
| fpr *g00, fpr *g01, fpr *g11, | |||
| unsigned logn, fpr *tmp) { | |||
| size_t n, hn; | |||
| fpr *z0, *z1; | |||
| @@ -410,10 +410,10 @@ ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx, | |||
| */ | |||
| static void | |||
| ffSampling_fft(samplerZ samp, void *samp_ctx, | |||
| fpr *restrict z0, fpr *restrict z1, | |||
| const fpr *restrict tree, | |||
| const fpr *restrict t0, const fpr *restrict t1, unsigned logn, | |||
| fpr *restrict tmp) { | |||
| fpr *z0, fpr *z1, | |||
| const fpr *tree, | |||
| const fpr *t0, const fpr *t1, unsigned logn, | |||
| fpr *tmp) { | |||
| size_t n, hn; | |||
| const fpr *tree0, *tree1; | |||
| @@ -471,9 +471,9 @@ ffSampling_fft(samplerZ samp, void *samp_ctx, | |||
| */ | |||
| static uint32_t | |||
| do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2, | |||
| const fpr *restrict expanded_key, | |||
| const fpr *expanded_key, | |||
| const uint16_t *hm, | |||
| unsigned logn, fpr *restrict tmp) { | |||
| unsigned logn, fpr *tmp) { | |||
| size_t n, u; | |||
| fpr *t0, *t1, *tx, *ty; | |||
| const fpr *b00, *b01, *b10, *b11, *tree; | |||
| @@ -568,9 +568,9 @@ do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2, | |||
| */ | |||
| static uint32_t | |||
| do_sign_dyn(samplerZ samp, void *samp_ctx, int16_t *s2, | |||
| const int8_t *restrict f, const int8_t *restrict g, | |||
| const int8_t *restrict F, const int8_t *restrict G, | |||
| const uint16_t *hm, unsigned logn, fpr *restrict tmp) { | |||
| const int8_t *f, const int8_t *g, | |||
| const int8_t *F, const int8_t *G, | |||
| const uint16_t *hm, unsigned logn, fpr *tmp) { | |||
| size_t n, u; | |||
| fpr *t0, *t1, *tx, *ty; | |||
| fpr *b00, *b01, *b10, *b11, *g00, *g01, *g11; | |||
| @@ -965,7 +965,7 @@ sampler(void *ctx, fpr mu, fpr isigma) { | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, | |||
| const fpr *restrict expanded_key, | |||
| const fpr *expanded_key, | |||
| const uint16_t *hm, unsigned logn, uint8_t *tmp) { | |||
| fpr *ftmp; | |||
| @@ -1019,8 +1019,8 @@ PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, | |||
| /* see inner.h */ | |||
| void | |||
| PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng, | |||
| const int8_t *restrict f, const int8_t *restrict g, | |||
| const int8_t *restrict F, const int8_t *restrict G, | |||
| const int8_t *f, const int8_t *g, | |||
| const int8_t *F, const int8_t *G, | |||
| const uint16_t *hm, unsigned logn, uint8_t *tmp) { | |||
| fpr *ftmp; | |||