From dba40c7d43da55c743cba12d70791094612af527 Mon Sep 17 00:00:00 2001 From: Thomas Pornin Date: Sat, 20 Jul 2019 21:27:27 -0400 Subject: [PATCH] Removed 'restrict' keyword (it's C99, but MSVC 2017 does not support it...). This does not seem to impact performance. --- crypto_sign/falcon-1024/clean/fft.c | 42 +++++++++---------- crypto_sign/falcon-1024/clean/fpr.h | 2 +- crypto_sign/falcon-1024/clean/inner.h | 56 +++++++++++++------------- crypto_sign/falcon-1024/clean/keygen.c | 42 +++++++++---------- crypto_sign/falcon-1024/clean/sign.c | 44 ++++++++++---------- crypto_sign/falcon-512/clean/fft.c | 42 +++++++++---------- crypto_sign/falcon-512/clean/fpr.h | 2 +- crypto_sign/falcon-512/clean/inner.h | 56 +++++++++++++------------- crypto_sign/falcon-512/clean/keygen.c | 42 +++++++++---------- crypto_sign/falcon-512/clean/sign.c | 44 ++++++++++---------- 10 files changed, 186 insertions(+), 186 deletions(-) diff --git a/crypto_sign/falcon-1024/clean/fft.c b/crypto_sign/falcon-1024/clean/fft.c index 8f6105be..c64cedc5 100644 --- a/crypto_sign/falcon-1024/clean/fft.c +++ b/crypto_sign/falcon-1024/clean/fft.c @@ -345,7 +345,7 @@ PQCLEAN_FALCON1024_CLEAN_iFFT(fpr *f, unsigned logn) { /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_add( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, u; n = (size_t)1 << logn; @@ -357,7 +357,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_add( /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_sub( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, u; n = (size_t)1 << logn; @@ -391,7 +391,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_adj_fft(fpr *a, unsigned logn) { /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -410,7 +410,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mul_fft( /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -461,7 +461,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn) { /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_div_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -479,8 +479,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_div_fft( /* see inner.h */ void -PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d, - const fpr *restrict a, const fpr *restrict b, unsigned logn) { +PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *d, + const fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -501,9 +501,9 @@ PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d, /* see inner.h */ void -PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d, - const fpr *restrict F, const fpr *restrict G, - const fpr *restrict f, const fpr *restrict g, unsigned logn) { +PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *d, + const fpr *F, const fpr *G, + const fpr *f, const fpr *g, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -532,7 +532,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d, /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -546,7 +546,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft( /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -563,8 +563,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft( /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft( - const fpr *restrict g00, - fpr *restrict g01, fpr *restrict g11, unsigned logn) { + const fpr *g00, + fpr *g01, fpr *g11, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -590,9 +590,9 @@ PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft( /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft( - fpr *restrict d11, fpr *restrict l10, - const fpr *restrict g00, const fpr *restrict g01, - const fpr *restrict g11, unsigned logn) { + fpr *d11, fpr *l10, + const fpr *g00, const fpr *g01, + const fpr *g11, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -618,8 +618,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft( /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_split_fft( - fpr *restrict f0, fpr *restrict f1, - const fpr *restrict f, unsigned logn) { + fpr *f0, fpr *f1, + const fpr *f, unsigned logn) { /* * The FFT representation we use is in bit-reversed order * (element i contains f(w^(rev(i))), where rev() is the @@ -666,8 +666,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_split_fft( /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft( - fpr *restrict f, - const fpr *restrict f0, const fpr *restrict f1, unsigned logn) { + fpr *f, + const fpr *f0, const fpr *f1, unsigned logn) { size_t n, hn, qn, u; n = (size_t)1 << logn; diff --git a/crypto_sign/falcon-1024/clean/fpr.h b/crypto_sign/falcon-1024/clean/fpr.h index 79096be9..2dfc9b85 100644 --- a/crypto_sign/falcon-1024/clean/fpr.h +++ b/crypto_sign/falcon-1024/clean/fpr.h @@ -287,7 +287,7 @@ fpr_rint(fpr x) { return ((int64_t)m ^ -(int64_t)s) + (int64_t)s; } -static inline long +static inline int64_t fpr_floor(fpr x) { uint64_t t; int64_t xi; diff --git a/crypto_sign/falcon-1024/clean/inner.h b/crypto_sign/falcon-1024/clean/inner.h index 2a207830..a12d3755 100644 --- a/crypto_sign/falcon-1024/clean/inner.h +++ b/crypto_sign/falcon-1024/clean/inner.h @@ -453,13 +453,13 @@ void PQCLEAN_FALCON1024_CLEAN_iFFT(fpr *f, unsigned logn); * Add polynomial b to polynomial a. a and b MUST NOT overlap. This * function works in both normal and FFT representations. */ -void PQCLEAN_FALCON1024_CLEAN_poly_add(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_add(fpr *a, const fpr *b, unsigned logn); /* * Subtract polynomial b from polynomial a. a and b MUST NOT overlap. This * function works in both normal and FFT representations. */ -void PQCLEAN_FALCON1024_CLEAN_poly_sub(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_sub(fpr *a, const fpr *b, unsigned logn); /* * Negate polynomial a. This function works in both normal and FFT @@ -477,13 +477,13 @@ void PQCLEAN_FALCON1024_CLEAN_poly_adj_fft(fpr *a, unsigned logn); * Multiply polynomial a with polynomial b. a and b MUST NOT overlap. * This function works only in FFT representation. */ -void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(fpr *a, const fpr *b, unsigned logn); /* * Multiply polynomial a with the adjoint of polynomial b. a and b MUST NOT * overlap. This function works only in FFT representation. */ -void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(fpr *a, const fpr *b, unsigned logn); /* * Multiply polynomial with its own adjoint. This function works only in FFT @@ -501,7 +501,7 @@ void PQCLEAN_FALCON1024_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn); * Divide polynomial a by polynomial b, modulo X^N+1 (FFT representation). * a and b MUST NOT overlap. */ -void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *a, const fpr *b, unsigned logn); /* * Given f and g (in FFT representation), compute 1/(f*adj(f)+g*adj(g)) @@ -511,17 +511,17 @@ void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict * * Array d MUST NOT overlap with either a or b. */ -void PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d, - const fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *d, + const fpr *a, const fpr *b, unsigned logn); /* * Given F, G, f and g (in FFT representation), compute F*adj(f)+G*adj(g) * (also in FFT representation). Destination d MUST NOT overlap with * any of the source arrays. */ -void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d, - const fpr *restrict F, const fpr *restrict G, - const fpr *restrict f, const fpr *restrict g, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *d, + const fpr *F, const fpr *G, + const fpr *f, const fpr *g, unsigned logn); /* * Multiply polynomial a by polynomial b, where b is autoadjoint. Both @@ -529,8 +529,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d, * FFT coefficients are real, and the array b contains only N/2 elements. * a and b MUST NOT overlap. */ -void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *restrict a, - const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *a, + const fpr *b, unsigned logn); /* * Divide polynomial a by polynomial b, where b is autoadjoint. Both @@ -538,8 +538,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *restrict a, * FFT coefficients are real, and the array b contains only N/2 elements. * a and b MUST NOT overlap. */ -void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *restrict a, - const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *a, + const fpr *b, unsigned logn); /* * Perform an LDL decomposition of an auto-adjoint matrix G, in FFT @@ -549,8 +549,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *restrict a, * (with D = [[d00, 0], [0, d11]] and L = [[1, 0], [l10, 1]]). * (In fact, d00 = g00, so the g00 operand is left unmodified.) */ -void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *restrict g00, - fpr *restrict g01, fpr *restrict g11, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *g00, + fpr *g01, fpr *g11, unsigned logn); /* * Perform an LDL decomposition of an auto-adjoint matrix G, in FFT @@ -558,17 +558,17 @@ void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *restrict g00, * g00, g01 and g11 are unmodified; the outputs d11 and l10 are written * in two other separate buffers provided as extra parameters. */ -void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10, - const fpr *restrict g00, const fpr *restrict g01, - const fpr *restrict g11, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *d11, fpr *l10, + const fpr *g00, const fpr *g01, + const fpr *g11, unsigned logn); /* * Apply "split" operation on a polynomial in FFT representation: * f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1 * (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap. */ -void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, - const fpr *restrict f, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *f0, fpr *f1, + const fpr *f, unsigned logn); /* * Apply "merge" operation on two polynomials in FFT representation: @@ -576,8 +576,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, * f = f0(x^2) + x*f1(x^2), in FFT representation modulo X^N+1. * f MUST NOT overlap with either f0 or f1. */ -void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(fpr *restrict f, - const fpr *restrict f0, const fpr *restrict f1, unsigned logn); +void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(fpr *f, + const fpr *f0, const fpr *f1, unsigned logn); /* ==================================================================== */ /* @@ -625,9 +625,9 @@ void PQCLEAN_FALCON1024_CLEAN_keygen(shake256_context *rng, * * The tmp[] array must have room for at least 48*2^logn bytes. */ -void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key, +void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *expanded_key, const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G, - unsigned logn, uint8_t *restrict tmp); + unsigned logn, uint8_t *tmp); /* * Compute a signature over the provided hashed message (hm); the @@ -639,7 +639,7 @@ void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key, * The minimal size (in bytes) of tmp[] is 48*2^logn bytes. */ void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, - const fpr *restrict expanded_key, + const fpr *expanded_key, const uint16_t *hm, unsigned logn, uint8_t *tmp); /* @@ -654,8 +654,8 @@ void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, * The minimal size (in bytes) of tmp[] is 72*2^logn bytes. */ void PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng, - const int8_t *restrict f, const int8_t *restrict g, - const int8_t *restrict F, const int8_t *restrict G, + const int8_t *f, const int8_t *g, + const int8_t *F, const int8_t *G, const uint16_t *hm, unsigned logn, uint8_t *tmp); /* ==================================================================== */ diff --git a/crypto_sign/falcon-1024/clean/keygen.c b/crypto_sign/falcon-1024/clean/keygen.c index ef8de6a9..5abb4f3f 100644 --- a/crypto_sign/falcon-1024/clean/keygen.c +++ b/crypto_sign/falcon-1024/clean/keygen.c @@ -928,7 +928,7 @@ static const uint16_t REV10[] = { * p must be a prime such that p = 1 mod 2048. */ static void -modp_mkgm2(uint32_t *restrict gm, uint32_t *restrict igm, unsigned logn, +modp_mkgm2(uint32_t *gm, uint32_t *igm, unsigned logn, uint32_t g, uint32_t p, uint32_t p0i) { size_t u, n; unsigned k; @@ -1129,7 +1129,7 @@ modp_poly_rec_res(uint32_t *f, unsigned logn, * still performed, and the carry is computed and returned. */ static uint32_t -zint_sub(uint32_t *restrict a, const uint32_t *restrict b, size_t len, +zint_sub(uint32_t *a, const uint32_t *b, size_t len, uint32_t ctl) { size_t u; uint32_t cc, m; @@ -1225,8 +1225,8 @@ zint_mod_small_signed(const uint32_t *d, size_t dlen, * not overlap. */ static void -zint_add_mul_small(uint32_t *restrict x, - const uint32_t *restrict y, size_t len, uint32_t s) { +zint_add_mul_small(uint32_t *x, + const uint32_t *y, size_t len, uint32_t s) { size_t u; uint32_t cc; @@ -1250,7 +1250,7 @@ zint_add_mul_small(uint32_t *restrict x, * untouched. The two integers x and p are encoded over the same length. */ static void -zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) { +zint_norm_zero(uint32_t *x, const uint32_t *p, size_t len) { size_t u; uint32_t r, bb; @@ -1310,9 +1310,9 @@ zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) { * small prime moduli); two's complement is used for negative values. */ static void -zint_rebuild_CRT(uint32_t *restrict xx, size_t xlen, size_t xstride, +zint_rebuild_CRT(uint32_t *xx, size_t xlen, size_t xstride, size_t num, const small_prime *primes, int normalize_signed, - uint32_t *restrict tmp) { + uint32_t *tmp) { size_t u; uint32_t *x; @@ -1554,9 +1554,9 @@ zint_co_reduce_mod(uint32_t *a, uint32_t *b, const uint32_t *m, size_t len, * each other, or with either x or y. */ static int -zint_bezout(uint32_t *restrict u, uint32_t *restrict v, - const uint32_t *restrict x, const uint32_t *restrict y, - size_t len, uint32_t *restrict tmp) { +zint_bezout(uint32_t *u, uint32_t *v, + const uint32_t *x, const uint32_t *y, + size_t len, uint32_t *tmp) { /* * Algorithm is an extended binary GCD. We maintain 6 values * a, b, u0, u1, v0 and v1 with the following invariants: @@ -1879,8 +1879,8 @@ zint_bezout(uint32_t *restrict u, uint32_t *restrict v, * negative values. */ static void -zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen, - const uint32_t *restrict y, size_t ylen, int32_t k, +zint_add_scaled_mul_small(uint32_t *x, size_t xlen, + const uint32_t *y, size_t ylen, int32_t k, uint32_t sch, uint32_t scl) { size_t u; uint32_t ysign, tw; @@ -1939,8 +1939,8 @@ zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen, * negative values. */ static void -zint_sub_scaled(uint32_t *restrict x, size_t xlen, - const uint32_t *restrict y, size_t ylen, uint32_t sch, uint32_t scl) { +zint_sub_scaled(uint32_t *x, size_t xlen, + const uint32_t *y, size_t ylen, uint32_t sch, uint32_t scl) { size_t u; uint32_t ysign, tw; uint32_t cc; @@ -2073,9 +2073,9 @@ poly_big_to_small(int8_t *d, const uint32_t *s, int lim, unsigned logn) { * high degree. */ static void -poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride, - const uint32_t *restrict f, size_t flen, size_t fstride, - const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn) { +poly_sub_scaled(uint32_t *F, size_t Flen, size_t Fstride, + const uint32_t *f, size_t flen, size_t fstride, + const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn) { size_t n, u; n = MKN(logn); @@ -2109,10 +2109,10 @@ poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride, * The value sc is provided as sch = sc / 31 and scl = sc % 31. */ static void -poly_sub_scaled_ntt(uint32_t *restrict F, size_t Flen, size_t Fstride, - const uint32_t *restrict f, size_t flen, size_t fstride, - const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn, - uint32_t *restrict tmp) { +poly_sub_scaled_ntt(uint32_t *F, size_t Flen, size_t Fstride, + const uint32_t *f, size_t flen, size_t fstride, + const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn, + uint32_t *tmp) { uint32_t *gm, *igm, *fk, *t1, *x; const uint32_t *y; size_t n, u, tlen; diff --git a/crypto_sign/falcon-1024/clean/sign.c b/crypto_sign/falcon-1024/clean/sign.c index 1accda22..9ecf926c 100644 --- a/crypto_sign/falcon-1024/clean/sign.c +++ b/crypto_sign/falcon-1024/clean/sign.c @@ -71,8 +71,8 @@ ffLDL_treesize(unsigned logn) { * tmp[] must have room for at least one polynomial. */ static void -ffLDL_fft_inner(fpr *restrict tree, - fpr *restrict g0, fpr *restrict g1, unsigned logn, fpr *restrict tmp) { +ffLDL_fft_inner(fpr *tree, + fpr *g0, fpr *g1, unsigned logn, fpr *tmp) { size_t n, hn; n = MKN(logn); @@ -120,9 +120,9 @@ ffLDL_fft_inner(fpr *restrict tree, * polynomials of 2^logn elements each. */ static void -ffLDL_fft(fpr *restrict tree, const fpr *restrict g00, - const fpr *restrict g01, const fpr *restrict g11, - unsigned logn, fpr *restrict tmp) { +ffLDL_fft(fpr *tree, const fpr *g00, + const fpr *g01, const fpr *g11, + unsigned logn, fpr *tmp) { size_t n, hn; fpr *d00, *d11; @@ -224,10 +224,10 @@ skoff_tree(unsigned logn) { /* see inner.h */ void -PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key, +PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *expanded_key, const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G, - unsigned logn, uint8_t *restrict tmp) { + unsigned logn, uint8_t *tmp) { size_t n; fpr *rf, *rg, *rF, *rG; fpr *b00, *b01, *b10, *b11; @@ -319,9 +319,9 @@ typedef int (*samplerZ)(void *ctx, fpr mu, fpr sigma); */ static void ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx, - fpr *restrict t0, fpr *restrict t1, - fpr *restrict g00, fpr *restrict g01, fpr *restrict g11, - unsigned logn, fpr *restrict tmp) { + fpr *t0, fpr *t1, + fpr *g00, fpr *g01, fpr *g11, + unsigned logn, fpr *tmp) { size_t n, hn; fpr *z0, *z1; @@ -410,10 +410,10 @@ ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx, */ static void ffSampling_fft(samplerZ samp, void *samp_ctx, - fpr *restrict z0, fpr *restrict z1, - const fpr *restrict tree, - const fpr *restrict t0, const fpr *restrict t1, unsigned logn, - fpr *restrict tmp) { + fpr *z0, fpr *z1, + const fpr *tree, + const fpr *t0, const fpr *t1, unsigned logn, + fpr *tmp) { size_t n, hn; const fpr *tree0, *tree1; @@ -471,9 +471,9 @@ ffSampling_fft(samplerZ samp, void *samp_ctx, */ static uint32_t do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2, - const fpr *restrict expanded_key, + const fpr *expanded_key, const uint16_t *hm, - unsigned logn, fpr *restrict tmp) { + unsigned logn, fpr *tmp) { size_t n, u; fpr *t0, *t1, *tx, *ty; const fpr *b00, *b01, *b10, *b11, *tree; @@ -568,9 +568,9 @@ do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2, */ static uint32_t do_sign_dyn(samplerZ samp, void *samp_ctx, int16_t *s2, - const int8_t *restrict f, const int8_t *restrict g, - const int8_t *restrict F, const int8_t *restrict G, - const uint16_t *hm, unsigned logn, fpr *restrict tmp) { + const int8_t *f, const int8_t *g, + const int8_t *F, const int8_t *G, + const uint16_t *hm, unsigned logn, fpr *tmp) { size_t n, u; fpr *t0, *t1, *tx, *ty; fpr *b00, *b01, *b10, *b11, *g00, *g01, *g11; @@ -965,7 +965,7 @@ sampler(void *ctx, fpr mu, fpr isigma) { /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, - const fpr *restrict expanded_key, + const fpr *expanded_key, const uint16_t *hm, unsigned logn, uint8_t *tmp) { fpr *ftmp; @@ -1019,8 +1019,8 @@ PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng, - const int8_t *restrict f, const int8_t *restrict g, - const int8_t *restrict F, const int8_t *restrict G, + const int8_t *f, const int8_t *g, + const int8_t *F, const int8_t *G, const uint16_t *hm, unsigned logn, uint8_t *tmp) { fpr *ftmp; diff --git a/crypto_sign/falcon-512/clean/fft.c b/crypto_sign/falcon-512/clean/fft.c index eedfbc42..4b3c1a81 100644 --- a/crypto_sign/falcon-512/clean/fft.c +++ b/crypto_sign/falcon-512/clean/fft.c @@ -345,7 +345,7 @@ PQCLEAN_FALCON512_CLEAN_iFFT(fpr *f, unsigned logn) { /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_add( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, u; n = (size_t)1 << logn; @@ -357,7 +357,7 @@ PQCLEAN_FALCON512_CLEAN_poly_add( /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_sub( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, u; n = (size_t)1 << logn; @@ -391,7 +391,7 @@ PQCLEAN_FALCON512_CLEAN_poly_adj_fft(fpr *a, unsigned logn) { /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_mul_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -410,7 +410,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mul_fft( /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -461,7 +461,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn) { /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_div_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -479,8 +479,8 @@ PQCLEAN_FALCON512_CLEAN_poly_div_fft( /* see inner.h */ void -PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d, - const fpr *restrict a, const fpr *restrict b, unsigned logn) { +PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *d, + const fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -501,9 +501,9 @@ PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d, /* see inner.h */ void -PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d, - const fpr *restrict F, const fpr *restrict G, - const fpr *restrict f, const fpr *restrict g, unsigned logn) { +PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *d, + const fpr *F, const fpr *G, + const fpr *f, const fpr *g, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -532,7 +532,7 @@ PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d, /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -546,7 +546,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft( /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft( - fpr *restrict a, const fpr *restrict b, unsigned logn) { + fpr *a, const fpr *b, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -563,8 +563,8 @@ PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft( /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft( - const fpr *restrict g00, - fpr *restrict g01, fpr *restrict g11, unsigned logn) { + const fpr *g00, + fpr *g01, fpr *g11, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -590,9 +590,9 @@ PQCLEAN_FALCON512_CLEAN_poly_LDL_fft( /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft( - fpr *restrict d11, fpr *restrict l10, - const fpr *restrict g00, const fpr *restrict g01, - const fpr *restrict g11, unsigned logn) { + fpr *d11, fpr *l10, + const fpr *g00, const fpr *g01, + const fpr *g11, unsigned logn) { size_t n, hn, u; n = (size_t)1 << logn; @@ -618,8 +618,8 @@ PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft( /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_split_fft( - fpr *restrict f0, fpr *restrict f1, - const fpr *restrict f, unsigned logn) { + fpr *f0, fpr *f1, + const fpr *f, unsigned logn) { /* * The FFT representation we use is in bit-reversed order * (element i contains f(w^(rev(i))), where rev() is the @@ -666,8 +666,8 @@ PQCLEAN_FALCON512_CLEAN_poly_split_fft( /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_poly_merge_fft( - fpr *restrict f, - const fpr *restrict f0, const fpr *restrict f1, unsigned logn) { + fpr *f, + const fpr *f0, const fpr *f1, unsigned logn) { size_t n, hn, qn, u; n = (size_t)1 << logn; diff --git a/crypto_sign/falcon-512/clean/fpr.h b/crypto_sign/falcon-512/clean/fpr.h index a9dcb831..ef7275a1 100644 --- a/crypto_sign/falcon-512/clean/fpr.h +++ b/crypto_sign/falcon-512/clean/fpr.h @@ -287,7 +287,7 @@ fpr_rint(fpr x) { return ((int64_t)m ^ -(int64_t)s) + (int64_t)s; } -static inline long +static inline int64_t fpr_floor(fpr x) { uint64_t t; int64_t xi; diff --git a/crypto_sign/falcon-512/clean/inner.h b/crypto_sign/falcon-512/clean/inner.h index 7d8c594a..4861df6e 100644 --- a/crypto_sign/falcon-512/clean/inner.h +++ b/crypto_sign/falcon-512/clean/inner.h @@ -453,13 +453,13 @@ void PQCLEAN_FALCON512_CLEAN_iFFT(fpr *f, unsigned logn); * Add polynomial b to polynomial a. a and b MUST NOT overlap. This * function works in both normal and FFT representations. */ -void PQCLEAN_FALCON512_CLEAN_poly_add(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_add(fpr *a, const fpr *b, unsigned logn); /* * Subtract polynomial b from polynomial a. a and b MUST NOT overlap. This * function works in both normal and FFT representations. */ -void PQCLEAN_FALCON512_CLEAN_poly_sub(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_sub(fpr *a, const fpr *b, unsigned logn); /* * Negate polynomial a. This function works in both normal and FFT @@ -477,13 +477,13 @@ void PQCLEAN_FALCON512_CLEAN_poly_adj_fft(fpr *a, unsigned logn); * Multiply polynomial a with polynomial b. a and b MUST NOT overlap. * This function works only in FFT representation. */ -void PQCLEAN_FALCON512_CLEAN_poly_mul_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_mul_fft(fpr *a, const fpr *b, unsigned logn); /* * Multiply polynomial a with the adjoint of polynomial b. a and b MUST NOT * overlap. This function works only in FFT representation. */ -void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(fpr *a, const fpr *b, unsigned logn); /* * Multiply polynomial with its own adjoint. This function works only in FFT @@ -501,7 +501,7 @@ void PQCLEAN_FALCON512_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn); * Divide polynomial a by polynomial b, modulo X^N+1 (FFT representation). * a and b MUST NOT overlap. */ -void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *a, const fpr *b, unsigned logn); /* * Given f and g (in FFT representation), compute 1/(f*adj(f)+g*adj(g)) @@ -511,17 +511,17 @@ void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b * * Array d MUST NOT overlap with either a or b. */ -void PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d, - const fpr *restrict a, const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *d, + const fpr *a, const fpr *b, unsigned logn); /* * Given F, G, f and g (in FFT representation), compute F*adj(f)+G*adj(g) * (also in FFT representation). Destination d MUST NOT overlap with * any of the source arrays. */ -void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d, - const fpr *restrict F, const fpr *restrict G, - const fpr *restrict f, const fpr *restrict g, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *d, + const fpr *F, const fpr *G, + const fpr *f, const fpr *g, unsigned logn); /* * Multiply polynomial a by polynomial b, where b is autoadjoint. Both @@ -529,8 +529,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d, * FFT coefficients are real, and the array b contains only N/2 elements. * a and b MUST NOT overlap. */ -void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *restrict a, - const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *a, + const fpr *b, unsigned logn); /* * Divide polynomial a by polynomial b, where b is autoadjoint. Both @@ -538,8 +538,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *restrict a, * FFT coefficients are real, and the array b contains only N/2 elements. * a and b MUST NOT overlap. */ -void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *restrict a, - const fpr *restrict b, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *a, + const fpr *b, unsigned logn); /* * Perform an LDL decomposition of an auto-adjoint matrix G, in FFT @@ -549,8 +549,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *restrict a, * (with D = [[d00, 0], [0, d11]] and L = [[1, 0], [l10, 1]]). * (In fact, d00 = g00, so the g00 operand is left unmodified.) */ -void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *restrict g00, - fpr *restrict g01, fpr *restrict g11, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *g00, + fpr *g01, fpr *g11, unsigned logn); /* * Perform an LDL decomposition of an auto-adjoint matrix G, in FFT @@ -558,17 +558,17 @@ void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *restrict g00, * g00, g01 and g11 are unmodified; the outputs d11 and l10 are written * in two other separate buffers provided as extra parameters. */ -void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10, - const fpr *restrict g00, const fpr *restrict g01, - const fpr *restrict g11, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *d11, fpr *l10, + const fpr *g00, const fpr *g01, + const fpr *g11, unsigned logn); /* * Apply "split" operation on a polynomial in FFT representation: * f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1 * (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap. */ -void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, - const fpr *restrict f, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *f0, fpr *f1, + const fpr *f, unsigned logn); /* * Apply "merge" operation on two polynomials in FFT representation: @@ -576,8 +576,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, * f = f0(x^2) + x*f1(x^2), in FFT representation modulo X^N+1. * f MUST NOT overlap with either f0 or f1. */ -void PQCLEAN_FALCON512_CLEAN_poly_merge_fft(fpr *restrict f, - const fpr *restrict f0, const fpr *restrict f1, unsigned logn); +void PQCLEAN_FALCON512_CLEAN_poly_merge_fft(fpr *f, + const fpr *f0, const fpr *f1, unsigned logn); /* ==================================================================== */ /* @@ -625,9 +625,9 @@ void PQCLEAN_FALCON512_CLEAN_keygen(shake256_context *rng, * * The tmp[] array must have room for at least 48*2^logn bytes. */ -void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key, +void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *expanded_key, const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G, - unsigned logn, uint8_t *restrict tmp); + unsigned logn, uint8_t *tmp); /* * Compute a signature over the provided hashed message (hm); the @@ -639,7 +639,7 @@ void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key, * The minimal size (in bytes) of tmp[] is 48*2^logn bytes. */ void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, - const fpr *restrict expanded_key, + const fpr *expanded_key, const uint16_t *hm, unsigned logn, uint8_t *tmp); /* @@ -654,8 +654,8 @@ void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, * The minimal size (in bytes) of tmp[] is 72*2^logn bytes. */ void PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng, - const int8_t *restrict f, const int8_t *restrict g, - const int8_t *restrict F, const int8_t *restrict G, + const int8_t *f, const int8_t *g, + const int8_t *F, const int8_t *G, const uint16_t *hm, unsigned logn, uint8_t *tmp); /* ==================================================================== */ diff --git a/crypto_sign/falcon-512/clean/keygen.c b/crypto_sign/falcon-512/clean/keygen.c index 41566648..9384807c 100644 --- a/crypto_sign/falcon-512/clean/keygen.c +++ b/crypto_sign/falcon-512/clean/keygen.c @@ -928,7 +928,7 @@ static const uint16_t REV10[] = { * p must be a prime such that p = 1 mod 2048. */ static void -modp_mkgm2(uint32_t *restrict gm, uint32_t *restrict igm, unsigned logn, +modp_mkgm2(uint32_t *gm, uint32_t *igm, unsigned logn, uint32_t g, uint32_t p, uint32_t p0i) { size_t u, n; unsigned k; @@ -1129,7 +1129,7 @@ modp_poly_rec_res(uint32_t *f, unsigned logn, * still performed, and the carry is computed and returned. */ static uint32_t -zint_sub(uint32_t *restrict a, const uint32_t *restrict b, size_t len, +zint_sub(uint32_t *a, const uint32_t *b, size_t len, uint32_t ctl) { size_t u; uint32_t cc, m; @@ -1225,8 +1225,8 @@ zint_mod_small_signed(const uint32_t *d, size_t dlen, * not overlap. */ static void -zint_add_mul_small(uint32_t *restrict x, - const uint32_t *restrict y, size_t len, uint32_t s) { +zint_add_mul_small(uint32_t *x, + const uint32_t *y, size_t len, uint32_t s) { size_t u; uint32_t cc; @@ -1250,7 +1250,7 @@ zint_add_mul_small(uint32_t *restrict x, * untouched. The two integers x and p are encoded over the same length. */ static void -zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) { +zint_norm_zero(uint32_t *x, const uint32_t *p, size_t len) { size_t u; uint32_t r, bb; @@ -1310,9 +1310,9 @@ zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) { * small prime moduli); two's complement is used for negative values. */ static void -zint_rebuild_CRT(uint32_t *restrict xx, size_t xlen, size_t xstride, +zint_rebuild_CRT(uint32_t *xx, size_t xlen, size_t xstride, size_t num, const small_prime *primes, int normalize_signed, - uint32_t *restrict tmp) { + uint32_t *tmp) { size_t u; uint32_t *x; @@ -1554,9 +1554,9 @@ zint_co_reduce_mod(uint32_t *a, uint32_t *b, const uint32_t *m, size_t len, * each other, or with either x or y. */ static int -zint_bezout(uint32_t *restrict u, uint32_t *restrict v, - const uint32_t *restrict x, const uint32_t *restrict y, - size_t len, uint32_t *restrict tmp) { +zint_bezout(uint32_t *u, uint32_t *v, + const uint32_t *x, const uint32_t *y, + size_t len, uint32_t *tmp) { /* * Algorithm is an extended binary GCD. We maintain 6 values * a, b, u0, u1, v0 and v1 with the following invariants: @@ -1879,8 +1879,8 @@ zint_bezout(uint32_t *restrict u, uint32_t *restrict v, * negative values. */ static void -zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen, - const uint32_t *restrict y, size_t ylen, int32_t k, +zint_add_scaled_mul_small(uint32_t *x, size_t xlen, + const uint32_t *y, size_t ylen, int32_t k, uint32_t sch, uint32_t scl) { size_t u; uint32_t ysign, tw; @@ -1939,8 +1939,8 @@ zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen, * negative values. */ static void -zint_sub_scaled(uint32_t *restrict x, size_t xlen, - const uint32_t *restrict y, size_t ylen, uint32_t sch, uint32_t scl) { +zint_sub_scaled(uint32_t *x, size_t xlen, + const uint32_t *y, size_t ylen, uint32_t sch, uint32_t scl) { size_t u; uint32_t ysign, tw; uint32_t cc; @@ -2073,9 +2073,9 @@ poly_big_to_small(int8_t *d, const uint32_t *s, int lim, unsigned logn) { * high degree. */ static void -poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride, - const uint32_t *restrict f, size_t flen, size_t fstride, - const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn) { +poly_sub_scaled(uint32_t *F, size_t Flen, size_t Fstride, + const uint32_t *f, size_t flen, size_t fstride, + const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn) { size_t n, u; n = MKN(logn); @@ -2109,10 +2109,10 @@ poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride, * The value sc is provided as sch = sc / 31 and scl = sc % 31. */ static void -poly_sub_scaled_ntt(uint32_t *restrict F, size_t Flen, size_t Fstride, - const uint32_t *restrict f, size_t flen, size_t fstride, - const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn, - uint32_t *restrict tmp) { +poly_sub_scaled_ntt(uint32_t *F, size_t Flen, size_t Fstride, + const uint32_t *f, size_t flen, size_t fstride, + const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn, + uint32_t *tmp) { uint32_t *gm, *igm, *fk, *t1, *x; const uint32_t *y; size_t n, u, tlen; diff --git a/crypto_sign/falcon-512/clean/sign.c b/crypto_sign/falcon-512/clean/sign.c index 8909130f..658649b3 100644 --- a/crypto_sign/falcon-512/clean/sign.c +++ b/crypto_sign/falcon-512/clean/sign.c @@ -71,8 +71,8 @@ ffLDL_treesize(unsigned logn) { * tmp[] must have room for at least one polynomial. */ static void -ffLDL_fft_inner(fpr *restrict tree, - fpr *restrict g0, fpr *restrict g1, unsigned logn, fpr *restrict tmp) { +ffLDL_fft_inner(fpr *tree, + fpr *g0, fpr *g1, unsigned logn, fpr *tmp) { size_t n, hn; n = MKN(logn); @@ -120,9 +120,9 @@ ffLDL_fft_inner(fpr *restrict tree, * polynomials of 2^logn elements each. */ static void -ffLDL_fft(fpr *restrict tree, const fpr *restrict g00, - const fpr *restrict g01, const fpr *restrict g11, - unsigned logn, fpr *restrict tmp) { +ffLDL_fft(fpr *tree, const fpr *g00, + const fpr *g01, const fpr *g11, + unsigned logn, fpr *tmp) { size_t n, hn; fpr *d00, *d11; @@ -224,10 +224,10 @@ skoff_tree(unsigned logn) { /* see inner.h */ void -PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key, +PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *expanded_key, const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G, - unsigned logn, uint8_t *restrict tmp) { + unsigned logn, uint8_t *tmp) { size_t n; fpr *rf, *rg, *rF, *rG; fpr *b00, *b01, *b10, *b11; @@ -319,9 +319,9 @@ typedef int (*samplerZ)(void *ctx, fpr mu, fpr sigma); */ static void ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx, - fpr *restrict t0, fpr *restrict t1, - fpr *restrict g00, fpr *restrict g01, fpr *restrict g11, - unsigned logn, fpr *restrict tmp) { + fpr *t0, fpr *t1, + fpr *g00, fpr *g01, fpr *g11, + unsigned logn, fpr *tmp) { size_t n, hn; fpr *z0, *z1; @@ -410,10 +410,10 @@ ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx, */ static void ffSampling_fft(samplerZ samp, void *samp_ctx, - fpr *restrict z0, fpr *restrict z1, - const fpr *restrict tree, - const fpr *restrict t0, const fpr *restrict t1, unsigned logn, - fpr *restrict tmp) { + fpr *z0, fpr *z1, + const fpr *tree, + const fpr *t0, const fpr *t1, unsigned logn, + fpr *tmp) { size_t n, hn; const fpr *tree0, *tree1; @@ -471,9 +471,9 @@ ffSampling_fft(samplerZ samp, void *samp_ctx, */ static uint32_t do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2, - const fpr *restrict expanded_key, + const fpr *expanded_key, const uint16_t *hm, - unsigned logn, fpr *restrict tmp) { + unsigned logn, fpr *tmp) { size_t n, u; fpr *t0, *t1, *tx, *ty; const fpr *b00, *b01, *b10, *b11, *tree; @@ -568,9 +568,9 @@ do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2, */ static uint32_t do_sign_dyn(samplerZ samp, void *samp_ctx, int16_t *s2, - const int8_t *restrict f, const int8_t *restrict g, - const int8_t *restrict F, const int8_t *restrict G, - const uint16_t *hm, unsigned logn, fpr *restrict tmp) { + const int8_t *f, const int8_t *g, + const int8_t *F, const int8_t *G, + const uint16_t *hm, unsigned logn, fpr *tmp) { size_t n, u; fpr *t0, *t1, *tx, *ty; fpr *b00, *b01, *b10, *b11, *g00, *g01, *g11; @@ -965,7 +965,7 @@ sampler(void *ctx, fpr mu, fpr isigma) { /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, - const fpr *restrict expanded_key, + const fpr *expanded_key, const uint16_t *hm, unsigned logn, uint8_t *tmp) { fpr *ftmp; @@ -1019,8 +1019,8 @@ PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng, /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng, - const int8_t *restrict f, const int8_t *restrict g, - const int8_t *restrict F, const int8_t *restrict G, + const int8_t *f, const int8_t *g, + const int8_t *F, const int8_t *G, const uint16_t *hm, unsigned logn, uint8_t *tmp) { fpr *ftmp;