Bladeren bron

Removed 'restrict' keyword (it's C99, but MSVC 2017 does not support it...). This does not seem to impact performance.

master
Thomas Pornin 5 jaren geleden
bovenliggende
commit
dba40c7d43
10 gewijzigde bestanden met toevoegingen van 186 en 186 verwijderingen
  1. +21
    -21
      crypto_sign/falcon-1024/clean/fft.c
  2. +1
    -1
      crypto_sign/falcon-1024/clean/fpr.h
  3. +28
    -28
      crypto_sign/falcon-1024/clean/inner.h
  4. +21
    -21
      crypto_sign/falcon-1024/clean/keygen.c
  5. +22
    -22
      crypto_sign/falcon-1024/clean/sign.c
  6. +21
    -21
      crypto_sign/falcon-512/clean/fft.c
  7. +1
    -1
      crypto_sign/falcon-512/clean/fpr.h
  8. +28
    -28
      crypto_sign/falcon-512/clean/inner.h
  9. +21
    -21
      crypto_sign/falcon-512/clean/keygen.c
  10. +22
    -22
      crypto_sign/falcon-512/clean/sign.c

+ 21
- 21
crypto_sign/falcon-1024/clean/fft.c Bestand weergeven

@@ -345,7 +345,7 @@ PQCLEAN_FALCON1024_CLEAN_iFFT(fpr *f, unsigned logn) {
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_add(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, u;

n = (size_t)1 << logn;
@@ -357,7 +357,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_add(
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_sub(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, u;

n = (size_t)1 << logn;
@@ -391,7 +391,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_adj_fft(fpr *a, unsigned logn) {
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -410,7 +410,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -461,7 +461,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn) {
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_div_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -479,8 +479,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_div_fft(

/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d,
const fpr *restrict a, const fpr *restrict b, unsigned logn) {
PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *d,
const fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -501,9 +501,9 @@ PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d,

/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d,
const fpr *restrict F, const fpr *restrict G,
const fpr *restrict f, const fpr *restrict g, unsigned logn) {
PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *d,
const fpr *F, const fpr *G,
const fpr *f, const fpr *g, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -532,7 +532,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d,
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -546,7 +546,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -563,8 +563,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(
const fpr *restrict g00,
fpr *restrict g01, fpr *restrict g11, unsigned logn) {
const fpr *g00,
fpr *g01, fpr *g11, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -590,9 +590,9 @@ PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(
fpr *restrict d11, fpr *restrict l10,
const fpr *restrict g00, const fpr *restrict g01,
const fpr *restrict g11, unsigned logn) {
fpr *d11, fpr *l10,
const fpr *g00, const fpr *g01,
const fpr *g11, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -618,8 +618,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_split_fft(
fpr *restrict f0, fpr *restrict f1,
const fpr *restrict f, unsigned logn) {
fpr *f0, fpr *f1,
const fpr *f, unsigned logn) {
/*
* The FFT representation we use is in bit-reversed order
* (element i contains f(w^(rev(i))), where rev() is the
@@ -666,8 +666,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_split_fft(
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(
fpr *restrict f,
const fpr *restrict f0, const fpr *restrict f1, unsigned logn) {
fpr *f,
const fpr *f0, const fpr *f1, unsigned logn) {
size_t n, hn, qn, u;

n = (size_t)1 << logn;


+ 1
- 1
crypto_sign/falcon-1024/clean/fpr.h Bestand weergeven

@@ -287,7 +287,7 @@ fpr_rint(fpr x) {
return ((int64_t)m ^ -(int64_t)s) + (int64_t)s;
}

static inline long
static inline int64_t
fpr_floor(fpr x) {
uint64_t t;
int64_t xi;


+ 28
- 28
crypto_sign/falcon-1024/clean/inner.h Bestand weergeven

@@ -453,13 +453,13 @@ void PQCLEAN_FALCON1024_CLEAN_iFFT(fpr *f, unsigned logn);
* Add polynomial b to polynomial a. a and b MUST NOT overlap. This
* function works in both normal and FFT representations.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_add(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_add(fpr *a, const fpr *b, unsigned logn);

/*
* Subtract polynomial b from polynomial a. a and b MUST NOT overlap. This
* function works in both normal and FFT representations.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_sub(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_sub(fpr *a, const fpr *b, unsigned logn);

/*
* Negate polynomial a. This function works in both normal and FFT
@@ -477,13 +477,13 @@ void PQCLEAN_FALCON1024_CLEAN_poly_adj_fft(fpr *a, unsigned logn);
* Multiply polynomial a with polynomial b. a and b MUST NOT overlap.
* This function works only in FFT representation.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(fpr *a, const fpr *b, unsigned logn);

/*
* Multiply polynomial a with the adjoint of polynomial b. a and b MUST NOT
* overlap. This function works only in FFT representation.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(fpr *a, const fpr *b, unsigned logn);

/*
* Multiply polynomial with its own adjoint. This function works only in FFT
@@ -501,7 +501,7 @@ void PQCLEAN_FALCON1024_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn);
* Divide polynomial a by polynomial b, modulo X^N+1 (FFT representation).
* a and b MUST NOT overlap.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *a, const fpr *b, unsigned logn);

/*
* Given f and g (in FFT representation), compute 1/(f*adj(f)+g*adj(g))
@@ -511,17 +511,17 @@ void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict
*
* Array d MUST NOT overlap with either a or b.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d,
const fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *d,
const fpr *a, const fpr *b, unsigned logn);

/*
* Given F, G, f and g (in FFT representation), compute F*adj(f)+G*adj(g)
* (also in FFT representation). Destination d MUST NOT overlap with
* any of the source arrays.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d,
const fpr *restrict F, const fpr *restrict G,
const fpr *restrict f, const fpr *restrict g, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *d,
const fpr *F, const fpr *G,
const fpr *f, const fpr *g, unsigned logn);

/*
* Multiply polynomial a by polynomial b, where b is autoadjoint. Both
@@ -529,8 +529,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d,
* FFT coefficients are real, and the array b contains only N/2 elements.
* a and b MUST NOT overlap.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *restrict a,
const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *a,
const fpr *b, unsigned logn);

/*
* Divide polynomial a by polynomial b, where b is autoadjoint. Both
@@ -538,8 +538,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *restrict a,
* FFT coefficients are real, and the array b contains only N/2 elements.
* a and b MUST NOT overlap.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *restrict a,
const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *a,
const fpr *b, unsigned logn);

/*
* Perform an LDL decomposition of an auto-adjoint matrix G, in FFT
@@ -549,8 +549,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *restrict a,
* (with D = [[d00, 0], [0, d11]] and L = [[1, 0], [l10, 1]]).
* (In fact, d00 = g00, so the g00 operand is left unmodified.)
*/
void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *restrict g00,
fpr *restrict g01, fpr *restrict g11, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *g00,
fpr *g01, fpr *g11, unsigned logn);

/*
* Perform an LDL decomposition of an auto-adjoint matrix G, in FFT
@@ -558,17 +558,17 @@ void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *restrict g00,
* g00, g01 and g11 are unmodified; the outputs d11 and l10 are written
* in two other separate buffers provided as extra parameters.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10,
const fpr *restrict g00, const fpr *restrict g01,
const fpr *restrict g11, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *d11, fpr *l10,
const fpr *g00, const fpr *g01,
const fpr *g11, unsigned logn);

/*
* Apply "split" operation on a polynomial in FFT representation:
* f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1
* (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1,
const fpr *restrict f, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *f0, fpr *f1,
const fpr *f, unsigned logn);

/*
* Apply "merge" operation on two polynomials in FFT representation:
@@ -576,8 +576,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1,
* f = f0(x^2) + x*f1(x^2), in FFT representation modulo X^N+1.
* f MUST NOT overlap with either f0 or f1.
*/
void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(fpr *restrict f,
const fpr *restrict f0, const fpr *restrict f1, unsigned logn);
void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(fpr *f,
const fpr *f0, const fpr *f1, unsigned logn);

/* ==================================================================== */
/*
@@ -625,9 +625,9 @@ void PQCLEAN_FALCON1024_CLEAN_keygen(shake256_context *rng,
*
* The tmp[] array must have room for at least 48*2^logn bytes.
*/
void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key,
void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *expanded_key,
const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G,
unsigned logn, uint8_t *restrict tmp);
unsigned logn, uint8_t *tmp);

/*
* Compute a signature over the provided hashed message (hm); the
@@ -639,7 +639,7 @@ void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key,
* The minimal size (in bytes) of tmp[] is 48*2^logn bytes.
*/
void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
const fpr *restrict expanded_key,
const fpr *expanded_key,
const uint16_t *hm, unsigned logn, uint8_t *tmp);

/*
@@ -654,8 +654,8 @@ void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
* The minimal size (in bytes) of tmp[] is 72*2^logn bytes.
*/
void PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng,
const int8_t *restrict f, const int8_t *restrict g,
const int8_t *restrict F, const int8_t *restrict G,
const int8_t *f, const int8_t *g,
const int8_t *F, const int8_t *G,
const uint16_t *hm, unsigned logn, uint8_t *tmp);

/* ==================================================================== */


+ 21
- 21
crypto_sign/falcon-1024/clean/keygen.c Bestand weergeven

@@ -928,7 +928,7 @@ static const uint16_t REV10[] = {
* p must be a prime such that p = 1 mod 2048.
*/
static void
modp_mkgm2(uint32_t *restrict gm, uint32_t *restrict igm, unsigned logn,
modp_mkgm2(uint32_t *gm, uint32_t *igm, unsigned logn,
uint32_t g, uint32_t p, uint32_t p0i) {
size_t u, n;
unsigned k;
@@ -1129,7 +1129,7 @@ modp_poly_rec_res(uint32_t *f, unsigned logn,
* still performed, and the carry is computed and returned.
*/
static uint32_t
zint_sub(uint32_t *restrict a, const uint32_t *restrict b, size_t len,
zint_sub(uint32_t *a, const uint32_t *b, size_t len,
uint32_t ctl) {
size_t u;
uint32_t cc, m;
@@ -1225,8 +1225,8 @@ zint_mod_small_signed(const uint32_t *d, size_t dlen,
* not overlap.
*/
static void
zint_add_mul_small(uint32_t *restrict x,
const uint32_t *restrict y, size_t len, uint32_t s) {
zint_add_mul_small(uint32_t *x,
const uint32_t *y, size_t len, uint32_t s) {
size_t u;
uint32_t cc;

@@ -1250,7 +1250,7 @@ zint_add_mul_small(uint32_t *restrict x,
* untouched. The two integers x and p are encoded over the same length.
*/
static void
zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) {
zint_norm_zero(uint32_t *x, const uint32_t *p, size_t len) {
size_t u;
uint32_t r, bb;

@@ -1310,9 +1310,9 @@ zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) {
* small prime moduli); two's complement is used for negative values.
*/
static void
zint_rebuild_CRT(uint32_t *restrict xx, size_t xlen, size_t xstride,
zint_rebuild_CRT(uint32_t *xx, size_t xlen, size_t xstride,
size_t num, const small_prime *primes, int normalize_signed,
uint32_t *restrict tmp) {
uint32_t *tmp) {
size_t u;
uint32_t *x;

@@ -1554,9 +1554,9 @@ zint_co_reduce_mod(uint32_t *a, uint32_t *b, const uint32_t *m, size_t len,
* each other, or with either x or y.
*/
static int
zint_bezout(uint32_t *restrict u, uint32_t *restrict v,
const uint32_t *restrict x, const uint32_t *restrict y,
size_t len, uint32_t *restrict tmp) {
zint_bezout(uint32_t *u, uint32_t *v,
const uint32_t *x, const uint32_t *y,
size_t len, uint32_t *tmp) {
/*
* Algorithm is an extended binary GCD. We maintain 6 values
* a, b, u0, u1, v0 and v1 with the following invariants:
@@ -1879,8 +1879,8 @@ zint_bezout(uint32_t *restrict u, uint32_t *restrict v,
* negative values.
*/
static void
zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen,
const uint32_t *restrict y, size_t ylen, int32_t k,
zint_add_scaled_mul_small(uint32_t *x, size_t xlen,
const uint32_t *y, size_t ylen, int32_t k,
uint32_t sch, uint32_t scl) {
size_t u;
uint32_t ysign, tw;
@@ -1939,8 +1939,8 @@ zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen,
* negative values.
*/
static void
zint_sub_scaled(uint32_t *restrict x, size_t xlen,
const uint32_t *restrict y, size_t ylen, uint32_t sch, uint32_t scl) {
zint_sub_scaled(uint32_t *x, size_t xlen,
const uint32_t *y, size_t ylen, uint32_t sch, uint32_t scl) {
size_t u;
uint32_t ysign, tw;
uint32_t cc;
@@ -2073,9 +2073,9 @@ poly_big_to_small(int8_t *d, const uint32_t *s, int lim, unsigned logn) {
* high degree.
*/
static void
poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride,
const uint32_t *restrict f, size_t flen, size_t fstride,
const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn) {
poly_sub_scaled(uint32_t *F, size_t Flen, size_t Fstride,
const uint32_t *f, size_t flen, size_t fstride,
const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn) {
size_t n, u;

n = MKN(logn);
@@ -2109,10 +2109,10 @@ poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride,
* The value sc is provided as sch = sc / 31 and scl = sc % 31.
*/
static void
poly_sub_scaled_ntt(uint32_t *restrict F, size_t Flen, size_t Fstride,
const uint32_t *restrict f, size_t flen, size_t fstride,
const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn,
uint32_t *restrict tmp) {
poly_sub_scaled_ntt(uint32_t *F, size_t Flen, size_t Fstride,
const uint32_t *f, size_t flen, size_t fstride,
const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn,
uint32_t *tmp) {
uint32_t *gm, *igm, *fk, *t1, *x;
const uint32_t *y;
size_t n, u, tlen;


+ 22
- 22
crypto_sign/falcon-1024/clean/sign.c Bestand weergeven

@@ -71,8 +71,8 @@ ffLDL_treesize(unsigned logn) {
* tmp[] must have room for at least one polynomial.
*/
static void
ffLDL_fft_inner(fpr *restrict tree,
fpr *restrict g0, fpr *restrict g1, unsigned logn, fpr *restrict tmp) {
ffLDL_fft_inner(fpr *tree,
fpr *g0, fpr *g1, unsigned logn, fpr *tmp) {
size_t n, hn;

n = MKN(logn);
@@ -120,9 +120,9 @@ ffLDL_fft_inner(fpr *restrict tree,
* polynomials of 2^logn elements each.
*/
static void
ffLDL_fft(fpr *restrict tree, const fpr *restrict g00,
const fpr *restrict g01, const fpr *restrict g11,
unsigned logn, fpr *restrict tmp) {
ffLDL_fft(fpr *tree, const fpr *g00,
const fpr *g01, const fpr *g11,
unsigned logn, fpr *tmp) {
size_t n, hn;
fpr *d00, *d11;

@@ -224,10 +224,10 @@ skoff_tree(unsigned logn) {

/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key,
PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *expanded_key,
const int8_t *f, const int8_t *g,
const int8_t *F, const int8_t *G,
unsigned logn, uint8_t *restrict tmp) {
unsigned logn, uint8_t *tmp) {
size_t n;
fpr *rf, *rg, *rF, *rG;
fpr *b00, *b01, *b10, *b11;
@@ -319,9 +319,9 @@ typedef int (*samplerZ)(void *ctx, fpr mu, fpr sigma);
*/
static void
ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx,
fpr *restrict t0, fpr *restrict t1,
fpr *restrict g00, fpr *restrict g01, fpr *restrict g11,
unsigned logn, fpr *restrict tmp) {
fpr *t0, fpr *t1,
fpr *g00, fpr *g01, fpr *g11,
unsigned logn, fpr *tmp) {
size_t n, hn;
fpr *z0, *z1;

@@ -410,10 +410,10 @@ ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx,
*/
static void
ffSampling_fft(samplerZ samp, void *samp_ctx,
fpr *restrict z0, fpr *restrict z1,
const fpr *restrict tree,
const fpr *restrict t0, const fpr *restrict t1, unsigned logn,
fpr *restrict tmp) {
fpr *z0, fpr *z1,
const fpr *tree,
const fpr *t0, const fpr *t1, unsigned logn,
fpr *tmp) {
size_t n, hn;
const fpr *tree0, *tree1;

@@ -471,9 +471,9 @@ ffSampling_fft(samplerZ samp, void *samp_ctx,
*/
static uint32_t
do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2,
const fpr *restrict expanded_key,
const fpr *expanded_key,
const uint16_t *hm,
unsigned logn, fpr *restrict tmp) {
unsigned logn, fpr *tmp) {
size_t n, u;
fpr *t0, *t1, *tx, *ty;
const fpr *b00, *b01, *b10, *b11, *tree;
@@ -568,9 +568,9 @@ do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2,
*/
static uint32_t
do_sign_dyn(samplerZ samp, void *samp_ctx, int16_t *s2,
const int8_t *restrict f, const int8_t *restrict g,
const int8_t *restrict F, const int8_t *restrict G,
const uint16_t *hm, unsigned logn, fpr *restrict tmp) {
const int8_t *f, const int8_t *g,
const int8_t *F, const int8_t *G,
const uint16_t *hm, unsigned logn, fpr *tmp) {
size_t n, u;
fpr *t0, *t1, *tx, *ty;
fpr *b00, *b01, *b10, *b11, *g00, *g01, *g11;
@@ -965,7 +965,7 @@ sampler(void *ctx, fpr mu, fpr isigma) {
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
const fpr *restrict expanded_key,
const fpr *expanded_key,
const uint16_t *hm, unsigned logn, uint8_t *tmp) {
fpr *ftmp;

@@ -1019,8 +1019,8 @@ PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
/* see inner.h */
void
PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng,
const int8_t *restrict f, const int8_t *restrict g,
const int8_t *restrict F, const int8_t *restrict G,
const int8_t *f, const int8_t *g,
const int8_t *F, const int8_t *G,
const uint16_t *hm, unsigned logn, uint8_t *tmp) {
fpr *ftmp;



+ 21
- 21
crypto_sign/falcon-512/clean/fft.c Bestand weergeven

@@ -345,7 +345,7 @@ PQCLEAN_FALCON512_CLEAN_iFFT(fpr *f, unsigned logn) {
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_add(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, u;

n = (size_t)1 << logn;
@@ -357,7 +357,7 @@ PQCLEAN_FALCON512_CLEAN_poly_add(
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_sub(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, u;

n = (size_t)1 << logn;
@@ -391,7 +391,7 @@ PQCLEAN_FALCON512_CLEAN_poly_adj_fft(fpr *a, unsigned logn) {
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_mul_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -410,7 +410,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mul_fft(
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -461,7 +461,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn) {
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_div_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -479,8 +479,8 @@ PQCLEAN_FALCON512_CLEAN_poly_div_fft(

/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d,
const fpr *restrict a, const fpr *restrict b, unsigned logn) {
PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *d,
const fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -501,9 +501,9 @@ PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d,

/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d,
const fpr *restrict F, const fpr *restrict G,
const fpr *restrict f, const fpr *restrict g, unsigned logn) {
PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *d,
const fpr *F, const fpr *G,
const fpr *f, const fpr *g, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -532,7 +532,7 @@ PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d,
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -546,7 +546,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(
fpr *restrict a, const fpr *restrict b, unsigned logn) {
fpr *a, const fpr *b, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -563,8 +563,8 @@ PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(
const fpr *restrict g00,
fpr *restrict g01, fpr *restrict g11, unsigned logn) {
const fpr *g00,
fpr *g01, fpr *g11, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -590,9 +590,9 @@ PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(
fpr *restrict d11, fpr *restrict l10,
const fpr *restrict g00, const fpr *restrict g01,
const fpr *restrict g11, unsigned logn) {
fpr *d11, fpr *l10,
const fpr *g00, const fpr *g01,
const fpr *g11, unsigned logn) {
size_t n, hn, u;

n = (size_t)1 << logn;
@@ -618,8 +618,8 @@ PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_split_fft(
fpr *restrict f0, fpr *restrict f1,
const fpr *restrict f, unsigned logn) {
fpr *f0, fpr *f1,
const fpr *f, unsigned logn) {
/*
* The FFT representation we use is in bit-reversed order
* (element i contains f(w^(rev(i))), where rev() is the
@@ -666,8 +666,8 @@ PQCLEAN_FALCON512_CLEAN_poly_split_fft(
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_poly_merge_fft(
fpr *restrict f,
const fpr *restrict f0, const fpr *restrict f1, unsigned logn) {
fpr *f,
const fpr *f0, const fpr *f1, unsigned logn) {
size_t n, hn, qn, u;

n = (size_t)1 << logn;


+ 1
- 1
crypto_sign/falcon-512/clean/fpr.h Bestand weergeven

@@ -287,7 +287,7 @@ fpr_rint(fpr x) {
return ((int64_t)m ^ -(int64_t)s) + (int64_t)s;
}

static inline long
static inline int64_t
fpr_floor(fpr x) {
uint64_t t;
int64_t xi;


+ 28
- 28
crypto_sign/falcon-512/clean/inner.h Bestand weergeven

@@ -453,13 +453,13 @@ void PQCLEAN_FALCON512_CLEAN_iFFT(fpr *f, unsigned logn);
* Add polynomial b to polynomial a. a and b MUST NOT overlap. This
* function works in both normal and FFT representations.
*/
void PQCLEAN_FALCON512_CLEAN_poly_add(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_add(fpr *a, const fpr *b, unsigned logn);

/*
* Subtract polynomial b from polynomial a. a and b MUST NOT overlap. This
* function works in both normal and FFT representations.
*/
void PQCLEAN_FALCON512_CLEAN_poly_sub(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_sub(fpr *a, const fpr *b, unsigned logn);

/*
* Negate polynomial a. This function works in both normal and FFT
@@ -477,13 +477,13 @@ void PQCLEAN_FALCON512_CLEAN_poly_adj_fft(fpr *a, unsigned logn);
* Multiply polynomial a with polynomial b. a and b MUST NOT overlap.
* This function works only in FFT representation.
*/
void PQCLEAN_FALCON512_CLEAN_poly_mul_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_mul_fft(fpr *a, const fpr *b, unsigned logn);

/*
* Multiply polynomial a with the adjoint of polynomial b. a and b MUST NOT
* overlap. This function works only in FFT representation.
*/
void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(fpr *a, const fpr *b, unsigned logn);

/*
* Multiply polynomial with its own adjoint. This function works only in FFT
@@ -501,7 +501,7 @@ void PQCLEAN_FALCON512_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn);
* Divide polynomial a by polynomial b, modulo X^N+1 (FFT representation).
* a and b MUST NOT overlap.
*/
void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *a, const fpr *b, unsigned logn);

/*
* Given f and g (in FFT representation), compute 1/(f*adj(f)+g*adj(g))
@@ -511,17 +511,17 @@ void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b
*
* Array d MUST NOT overlap with either a or b.
*/
void PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d,
const fpr *restrict a, const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *d,
const fpr *a, const fpr *b, unsigned logn);

/*
* Given F, G, f and g (in FFT representation), compute F*adj(f)+G*adj(g)
* (also in FFT representation). Destination d MUST NOT overlap with
* any of the source arrays.
*/
void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d,
const fpr *restrict F, const fpr *restrict G,
const fpr *restrict f, const fpr *restrict g, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *d,
const fpr *F, const fpr *G,
const fpr *f, const fpr *g, unsigned logn);

/*
* Multiply polynomial a by polynomial b, where b is autoadjoint. Both
@@ -529,8 +529,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d,
* FFT coefficients are real, and the array b contains only N/2 elements.
* a and b MUST NOT overlap.
*/
void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *restrict a,
const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *a,
const fpr *b, unsigned logn);

/*
* Divide polynomial a by polynomial b, where b is autoadjoint. Both
@@ -538,8 +538,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *restrict a,
* FFT coefficients are real, and the array b contains only N/2 elements.
* a and b MUST NOT overlap.
*/
void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *restrict a,
const fpr *restrict b, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *a,
const fpr *b, unsigned logn);

/*
* Perform an LDL decomposition of an auto-adjoint matrix G, in FFT
@@ -549,8 +549,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *restrict a,
* (with D = [[d00, 0], [0, d11]] and L = [[1, 0], [l10, 1]]).
* (In fact, d00 = g00, so the g00 operand is left unmodified.)
*/
void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *restrict g00,
fpr *restrict g01, fpr *restrict g11, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *g00,
fpr *g01, fpr *g11, unsigned logn);

/*
* Perform an LDL decomposition of an auto-adjoint matrix G, in FFT
@@ -558,17 +558,17 @@ void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *restrict g00,
* g00, g01 and g11 are unmodified; the outputs d11 and l10 are written
* in two other separate buffers provided as extra parameters.
*/
void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10,
const fpr *restrict g00, const fpr *restrict g01,
const fpr *restrict g11, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *d11, fpr *l10,
const fpr *g00, const fpr *g01,
const fpr *g11, unsigned logn);

/*
* Apply "split" operation on a polynomial in FFT representation:
* f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1
* (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap.
*/
void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1,
const fpr *restrict f, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *f0, fpr *f1,
const fpr *f, unsigned logn);

/*
* Apply "merge" operation on two polynomials in FFT representation:
@@ -576,8 +576,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1,
* f = f0(x^2) + x*f1(x^2), in FFT representation modulo X^N+1.
* f MUST NOT overlap with either f0 or f1.
*/
void PQCLEAN_FALCON512_CLEAN_poly_merge_fft(fpr *restrict f,
const fpr *restrict f0, const fpr *restrict f1, unsigned logn);
void PQCLEAN_FALCON512_CLEAN_poly_merge_fft(fpr *f,
const fpr *f0, const fpr *f1, unsigned logn);

/* ==================================================================== */
/*
@@ -625,9 +625,9 @@ void PQCLEAN_FALCON512_CLEAN_keygen(shake256_context *rng,
*
* The tmp[] array must have room for at least 48*2^logn bytes.
*/
void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key,
void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *expanded_key,
const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G,
unsigned logn, uint8_t *restrict tmp);
unsigned logn, uint8_t *tmp);

/*
* Compute a signature over the provided hashed message (hm); the
@@ -639,7 +639,7 @@ void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key,
* The minimal size (in bytes) of tmp[] is 48*2^logn bytes.
*/
void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
const fpr *restrict expanded_key,
const fpr *expanded_key,
const uint16_t *hm, unsigned logn, uint8_t *tmp);

/*
@@ -654,8 +654,8 @@ void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
* The minimal size (in bytes) of tmp[] is 72*2^logn bytes.
*/
void PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng,
const int8_t *restrict f, const int8_t *restrict g,
const int8_t *restrict F, const int8_t *restrict G,
const int8_t *f, const int8_t *g,
const int8_t *F, const int8_t *G,
const uint16_t *hm, unsigned logn, uint8_t *tmp);

/* ==================================================================== */


+ 21
- 21
crypto_sign/falcon-512/clean/keygen.c Bestand weergeven

@@ -928,7 +928,7 @@ static const uint16_t REV10[] = {
* p must be a prime such that p = 1 mod 2048.
*/
static void
modp_mkgm2(uint32_t *restrict gm, uint32_t *restrict igm, unsigned logn,
modp_mkgm2(uint32_t *gm, uint32_t *igm, unsigned logn,
uint32_t g, uint32_t p, uint32_t p0i) {
size_t u, n;
unsigned k;
@@ -1129,7 +1129,7 @@ modp_poly_rec_res(uint32_t *f, unsigned logn,
* still performed, and the carry is computed and returned.
*/
static uint32_t
zint_sub(uint32_t *restrict a, const uint32_t *restrict b, size_t len,
zint_sub(uint32_t *a, const uint32_t *b, size_t len,
uint32_t ctl) {
size_t u;
uint32_t cc, m;
@@ -1225,8 +1225,8 @@ zint_mod_small_signed(const uint32_t *d, size_t dlen,
* not overlap.
*/
static void
zint_add_mul_small(uint32_t *restrict x,
const uint32_t *restrict y, size_t len, uint32_t s) {
zint_add_mul_small(uint32_t *x,
const uint32_t *y, size_t len, uint32_t s) {
size_t u;
uint32_t cc;

@@ -1250,7 +1250,7 @@ zint_add_mul_small(uint32_t *restrict x,
* untouched. The two integers x and p are encoded over the same length.
*/
static void
zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) {
zint_norm_zero(uint32_t *x, const uint32_t *p, size_t len) {
size_t u;
uint32_t r, bb;

@@ -1310,9 +1310,9 @@ zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) {
* small prime moduli); two's complement is used for negative values.
*/
static void
zint_rebuild_CRT(uint32_t *restrict xx, size_t xlen, size_t xstride,
zint_rebuild_CRT(uint32_t *xx, size_t xlen, size_t xstride,
size_t num, const small_prime *primes, int normalize_signed,
uint32_t *restrict tmp) {
uint32_t *tmp) {
size_t u;
uint32_t *x;

@@ -1554,9 +1554,9 @@ zint_co_reduce_mod(uint32_t *a, uint32_t *b, const uint32_t *m, size_t len,
* each other, or with either x or y.
*/
static int
zint_bezout(uint32_t *restrict u, uint32_t *restrict v,
const uint32_t *restrict x, const uint32_t *restrict y,
size_t len, uint32_t *restrict tmp) {
zint_bezout(uint32_t *u, uint32_t *v,
const uint32_t *x, const uint32_t *y,
size_t len, uint32_t *tmp) {
/*
* Algorithm is an extended binary GCD. We maintain 6 values
* a, b, u0, u1, v0 and v1 with the following invariants:
@@ -1879,8 +1879,8 @@ zint_bezout(uint32_t *restrict u, uint32_t *restrict v,
* negative values.
*/
static void
zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen,
const uint32_t *restrict y, size_t ylen, int32_t k,
zint_add_scaled_mul_small(uint32_t *x, size_t xlen,
const uint32_t *y, size_t ylen, int32_t k,
uint32_t sch, uint32_t scl) {
size_t u;
uint32_t ysign, tw;
@@ -1939,8 +1939,8 @@ zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen,
* negative values.
*/
static void
zint_sub_scaled(uint32_t *restrict x, size_t xlen,
const uint32_t *restrict y, size_t ylen, uint32_t sch, uint32_t scl) {
zint_sub_scaled(uint32_t *x, size_t xlen,
const uint32_t *y, size_t ylen, uint32_t sch, uint32_t scl) {
size_t u;
uint32_t ysign, tw;
uint32_t cc;
@@ -2073,9 +2073,9 @@ poly_big_to_small(int8_t *d, const uint32_t *s, int lim, unsigned logn) {
* high degree.
*/
static void
poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride,
const uint32_t *restrict f, size_t flen, size_t fstride,
const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn) {
poly_sub_scaled(uint32_t *F, size_t Flen, size_t Fstride,
const uint32_t *f, size_t flen, size_t fstride,
const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn) {
size_t n, u;

n = MKN(logn);
@@ -2109,10 +2109,10 @@ poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride,
* The value sc is provided as sch = sc / 31 and scl = sc % 31.
*/
static void
poly_sub_scaled_ntt(uint32_t *restrict F, size_t Flen, size_t Fstride,
const uint32_t *restrict f, size_t flen, size_t fstride,
const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn,
uint32_t *restrict tmp) {
poly_sub_scaled_ntt(uint32_t *F, size_t Flen, size_t Fstride,
const uint32_t *f, size_t flen, size_t fstride,
const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn,
uint32_t *tmp) {
uint32_t *gm, *igm, *fk, *t1, *x;
const uint32_t *y;
size_t n, u, tlen;


+ 22
- 22
crypto_sign/falcon-512/clean/sign.c Bestand weergeven

@@ -71,8 +71,8 @@ ffLDL_treesize(unsigned logn) {
* tmp[] must have room for at least one polynomial.
*/
static void
ffLDL_fft_inner(fpr *restrict tree,
fpr *restrict g0, fpr *restrict g1, unsigned logn, fpr *restrict tmp) {
ffLDL_fft_inner(fpr *tree,
fpr *g0, fpr *g1, unsigned logn, fpr *tmp) {
size_t n, hn;

n = MKN(logn);
@@ -120,9 +120,9 @@ ffLDL_fft_inner(fpr *restrict tree,
* polynomials of 2^logn elements each.
*/
static void
ffLDL_fft(fpr *restrict tree, const fpr *restrict g00,
const fpr *restrict g01, const fpr *restrict g11,
unsigned logn, fpr *restrict tmp) {
ffLDL_fft(fpr *tree, const fpr *g00,
const fpr *g01, const fpr *g11,
unsigned logn, fpr *tmp) {
size_t n, hn;
fpr *d00, *d11;

@@ -224,10 +224,10 @@ skoff_tree(unsigned logn) {

/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key,
PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *expanded_key,
const int8_t *f, const int8_t *g,
const int8_t *F, const int8_t *G,
unsigned logn, uint8_t *restrict tmp) {
unsigned logn, uint8_t *tmp) {
size_t n;
fpr *rf, *rg, *rF, *rG;
fpr *b00, *b01, *b10, *b11;
@@ -319,9 +319,9 @@ typedef int (*samplerZ)(void *ctx, fpr mu, fpr sigma);
*/
static void
ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx,
fpr *restrict t0, fpr *restrict t1,
fpr *restrict g00, fpr *restrict g01, fpr *restrict g11,
unsigned logn, fpr *restrict tmp) {
fpr *t0, fpr *t1,
fpr *g00, fpr *g01, fpr *g11,
unsigned logn, fpr *tmp) {
size_t n, hn;
fpr *z0, *z1;

@@ -410,10 +410,10 @@ ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx,
*/
static void
ffSampling_fft(samplerZ samp, void *samp_ctx,
fpr *restrict z0, fpr *restrict z1,
const fpr *restrict tree,
const fpr *restrict t0, const fpr *restrict t1, unsigned logn,
fpr *restrict tmp) {
fpr *z0, fpr *z1,
const fpr *tree,
const fpr *t0, const fpr *t1, unsigned logn,
fpr *tmp) {
size_t n, hn;
const fpr *tree0, *tree1;

@@ -471,9 +471,9 @@ ffSampling_fft(samplerZ samp, void *samp_ctx,
*/
static uint32_t
do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2,
const fpr *restrict expanded_key,
const fpr *expanded_key,
const uint16_t *hm,
unsigned logn, fpr *restrict tmp) {
unsigned logn, fpr *tmp) {
size_t n, u;
fpr *t0, *t1, *tx, *ty;
const fpr *b00, *b01, *b10, *b11, *tree;
@@ -568,9 +568,9 @@ do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2,
*/
static uint32_t
do_sign_dyn(samplerZ samp, void *samp_ctx, int16_t *s2,
const int8_t *restrict f, const int8_t *restrict g,
const int8_t *restrict F, const int8_t *restrict G,
const uint16_t *hm, unsigned logn, fpr *restrict tmp) {
const int8_t *f, const int8_t *g,
const int8_t *F, const int8_t *G,
const uint16_t *hm, unsigned logn, fpr *tmp) {
size_t n, u;
fpr *t0, *t1, *tx, *ty;
fpr *b00, *b01, *b10, *b11, *g00, *g01, *g11;
@@ -965,7 +965,7 @@ sampler(void *ctx, fpr mu, fpr isigma) {
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
const fpr *restrict expanded_key,
const fpr *expanded_key,
const uint16_t *hm, unsigned logn, uint8_t *tmp) {
fpr *ftmp;

@@ -1019,8 +1019,8 @@ PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
/* see inner.h */
void
PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng,
const int8_t *restrict f, const int8_t *restrict g,
const int8_t *restrict F, const int8_t *restrict G,
const int8_t *f, const int8_t *g,
const int8_t *F, const int8_t *G,
const uint16_t *hm, unsigned logn, uint8_t *tmp) {
fpr *ftmp;



Laden…
Annuleren
Opslaan