Removed 'restrict' keyword (it's C99, but MSVC 2017 does not support it...). This does not seem to impact performance.
Esse commit está contido em:
pai
87bc13c761
commit
dba40c7d43
@ -345,7 +345,7 @@ PQCLEAN_FALCON1024_CLEAN_iFFT(fpr *f, unsigned logn) {
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_add(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -357,7 +357,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_add(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_sub(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -391,7 +391,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_adj_fft(fpr *a, unsigned logn) {
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -410,7 +410,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -461,7 +461,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn) {
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_div_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -479,8 +479,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_div_fft(
|
||||
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d,
|
||||
const fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *d,
|
||||
const fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -501,9 +501,9 @@ PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d,
|
||||
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d,
|
||||
const fpr *restrict F, const fpr *restrict G,
|
||||
const fpr *restrict f, const fpr *restrict g, unsigned logn) {
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *d,
|
||||
const fpr *F, const fpr *G,
|
||||
const fpr *f, const fpr *g, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -532,7 +532,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d,
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -546,7 +546,7 @@ PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -563,8 +563,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(
|
||||
const fpr *restrict g00,
|
||||
fpr *restrict g01, fpr *restrict g11, unsigned logn) {
|
||||
const fpr *g00,
|
||||
fpr *g01, fpr *g11, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -590,9 +590,9 @@ PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(
|
||||
fpr *restrict d11, fpr *restrict l10,
|
||||
const fpr *restrict g00, const fpr *restrict g01,
|
||||
const fpr *restrict g11, unsigned logn) {
|
||||
fpr *d11, fpr *l10,
|
||||
const fpr *g00, const fpr *g01,
|
||||
const fpr *g11, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -618,8 +618,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_split_fft(
|
||||
fpr *restrict f0, fpr *restrict f1,
|
||||
const fpr *restrict f, unsigned logn) {
|
||||
fpr *f0, fpr *f1,
|
||||
const fpr *f, unsigned logn) {
|
||||
/*
|
||||
* The FFT representation we use is in bit-reversed order
|
||||
* (element i contains f(w^(rev(i))), where rev() is the
|
||||
@ -666,8 +666,8 @@ PQCLEAN_FALCON1024_CLEAN_poly_split_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(
|
||||
fpr *restrict f,
|
||||
const fpr *restrict f0, const fpr *restrict f1, unsigned logn) {
|
||||
fpr *f,
|
||||
const fpr *f0, const fpr *f1, unsigned logn) {
|
||||
size_t n, hn, qn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
|
@ -287,7 +287,7 @@ fpr_rint(fpr x) {
|
||||
return ((int64_t)m ^ -(int64_t)s) + (int64_t)s;
|
||||
}
|
||||
|
||||
static inline long
|
||||
static inline int64_t
|
||||
fpr_floor(fpr x) {
|
||||
uint64_t t;
|
||||
int64_t xi;
|
||||
|
@ -453,13 +453,13 @@ void PQCLEAN_FALCON1024_CLEAN_iFFT(fpr *f, unsigned logn);
|
||||
* Add polynomial b to polynomial a. a and b MUST NOT overlap. This
|
||||
* function works in both normal and FFT representations.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_add(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_add(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Subtract polynomial b from polynomial a. a and b MUST NOT overlap. This
|
||||
* function works in both normal and FFT representations.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_sub(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_sub(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Negate polynomial a. This function works in both normal and FFT
|
||||
@ -477,13 +477,13 @@ void PQCLEAN_FALCON1024_CLEAN_poly_adj_fft(fpr *a, unsigned logn);
|
||||
* Multiply polynomial a with polynomial b. a and b MUST NOT overlap.
|
||||
* This function works only in FFT representation.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_mul_fft(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Multiply polynomial a with the adjoint of polynomial b. a and b MUST NOT
|
||||
* overlap. This function works only in FFT representation.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_muladj_fft(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Multiply polynomial with its own adjoint. This function works only in FFT
|
||||
@ -501,7 +501,7 @@ void PQCLEAN_FALCON1024_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn);
|
||||
* Divide polynomial a by polynomial b, modulo X^N+1 (FFT representation).
|
||||
* a and b MUST NOT overlap.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Given f and g (in FFT representation), compute 1/(f*adj(f)+g*adj(g))
|
||||
@ -511,17 +511,17 @@ void PQCLEAN_FALCON1024_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict
|
||||
*
|
||||
* Array d MUST NOT overlap with either a or b.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *restrict d,
|
||||
const fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_invnorm2_fft(fpr *d,
|
||||
const fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Given F, G, f and g (in FFT representation), compute F*adj(f)+G*adj(g)
|
||||
* (also in FFT representation). Destination d MUST NOT overlap with
|
||||
* any of the source arrays.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d,
|
||||
const fpr *restrict F, const fpr *restrict G,
|
||||
const fpr *restrict f, const fpr *restrict g, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *d,
|
||||
const fpr *F, const fpr *G,
|
||||
const fpr *f, const fpr *g, unsigned logn);
|
||||
|
||||
/*
|
||||
* Multiply polynomial a by polynomial b, where b is autoadjoint. Both
|
||||
@ -529,8 +529,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_add_muladj_fft(fpr *restrict d,
|
||||
* FFT coefficients are real, and the array b contains only N/2 elements.
|
||||
* a and b MUST NOT overlap.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *restrict a,
|
||||
const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *a,
|
||||
const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Divide polynomial a by polynomial b, where b is autoadjoint. Both
|
||||
@ -538,8 +538,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_mul_autoadj_fft(fpr *restrict a,
|
||||
* FFT coefficients are real, and the array b contains only N/2 elements.
|
||||
* a and b MUST NOT overlap.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *restrict a,
|
||||
const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *a,
|
||||
const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Perform an LDL decomposition of an auto-adjoint matrix G, in FFT
|
||||
@ -549,8 +549,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_div_autoadj_fft(fpr *restrict a,
|
||||
* (with D = [[d00, 0], [0, d11]] and L = [[1, 0], [l10, 1]]).
|
||||
* (In fact, d00 = g00, so the g00 operand is left unmodified.)
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *restrict g00,
|
||||
fpr *restrict g01, fpr *restrict g11, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *g00,
|
||||
fpr *g01, fpr *g11, unsigned logn);
|
||||
|
||||
/*
|
||||
* Perform an LDL decomposition of an auto-adjoint matrix G, in FFT
|
||||
@ -558,17 +558,17 @@ void PQCLEAN_FALCON1024_CLEAN_poly_LDL_fft(const fpr *restrict g00,
|
||||
* g00, g01 and g11 are unmodified; the outputs d11 and l10 are written
|
||||
* in two other separate buffers provided as extra parameters.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10,
|
||||
const fpr *restrict g00, const fpr *restrict g01,
|
||||
const fpr *restrict g11, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *d11, fpr *l10,
|
||||
const fpr *g00, const fpr *g01,
|
||||
const fpr *g11, unsigned logn);
|
||||
|
||||
/*
|
||||
* Apply "split" operation on a polynomial in FFT representation:
|
||||
* f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1
|
||||
* (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1,
|
||||
const fpr *restrict f, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *f0, fpr *f1,
|
||||
const fpr *f, unsigned logn);
|
||||
|
||||
/*
|
||||
* Apply "merge" operation on two polynomials in FFT representation:
|
||||
@ -576,8 +576,8 @@ void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1,
|
||||
* f = f0(x^2) + x*f1(x^2), in FFT representation modulo X^N+1.
|
||||
* f MUST NOT overlap with either f0 or f1.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(fpr *restrict f,
|
||||
const fpr *restrict f0, const fpr *restrict f1, unsigned logn);
|
||||
void PQCLEAN_FALCON1024_CLEAN_poly_merge_fft(fpr *f,
|
||||
const fpr *f0, const fpr *f1, unsigned logn);
|
||||
|
||||
/* ==================================================================== */
|
||||
/*
|
||||
@ -625,9 +625,9 @@ void PQCLEAN_FALCON1024_CLEAN_keygen(shake256_context *rng,
|
||||
*
|
||||
* The tmp[] array must have room for at least 48*2^logn bytes.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key,
|
||||
void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *expanded_key,
|
||||
const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G,
|
||||
unsigned logn, uint8_t *restrict tmp);
|
||||
unsigned logn, uint8_t *tmp);
|
||||
|
||||
/*
|
||||
* Compute a signature over the provided hashed message (hm); the
|
||||
@ -639,7 +639,7 @@ void PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key,
|
||||
* The minimal size (in bytes) of tmp[] is 48*2^logn bytes.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
|
||||
const fpr *restrict expanded_key,
|
||||
const fpr *expanded_key,
|
||||
const uint16_t *hm, unsigned logn, uint8_t *tmp);
|
||||
|
||||
/*
|
||||
@ -654,8 +654,8 @@ void PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
|
||||
* The minimal size (in bytes) of tmp[] is 72*2^logn bytes.
|
||||
*/
|
||||
void PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng,
|
||||
const int8_t *restrict f, const int8_t *restrict g,
|
||||
const int8_t *restrict F, const int8_t *restrict G,
|
||||
const int8_t *f, const int8_t *g,
|
||||
const int8_t *F, const int8_t *G,
|
||||
const uint16_t *hm, unsigned logn, uint8_t *tmp);
|
||||
|
||||
/* ==================================================================== */
|
||||
|
@ -928,7 +928,7 @@ static const uint16_t REV10[] = {
|
||||
* p must be a prime such that p = 1 mod 2048.
|
||||
*/
|
||||
static void
|
||||
modp_mkgm2(uint32_t *restrict gm, uint32_t *restrict igm, unsigned logn,
|
||||
modp_mkgm2(uint32_t *gm, uint32_t *igm, unsigned logn,
|
||||
uint32_t g, uint32_t p, uint32_t p0i) {
|
||||
size_t u, n;
|
||||
unsigned k;
|
||||
@ -1129,7 +1129,7 @@ modp_poly_rec_res(uint32_t *f, unsigned logn,
|
||||
* still performed, and the carry is computed and returned.
|
||||
*/
|
||||
static uint32_t
|
||||
zint_sub(uint32_t *restrict a, const uint32_t *restrict b, size_t len,
|
||||
zint_sub(uint32_t *a, const uint32_t *b, size_t len,
|
||||
uint32_t ctl) {
|
||||
size_t u;
|
||||
uint32_t cc, m;
|
||||
@ -1225,8 +1225,8 @@ zint_mod_small_signed(const uint32_t *d, size_t dlen,
|
||||
* not overlap.
|
||||
*/
|
||||
static void
|
||||
zint_add_mul_small(uint32_t *restrict x,
|
||||
const uint32_t *restrict y, size_t len, uint32_t s) {
|
||||
zint_add_mul_small(uint32_t *x,
|
||||
const uint32_t *y, size_t len, uint32_t s) {
|
||||
size_t u;
|
||||
uint32_t cc;
|
||||
|
||||
@ -1250,7 +1250,7 @@ zint_add_mul_small(uint32_t *restrict x,
|
||||
* untouched. The two integers x and p are encoded over the same length.
|
||||
*/
|
||||
static void
|
||||
zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) {
|
||||
zint_norm_zero(uint32_t *x, const uint32_t *p, size_t len) {
|
||||
size_t u;
|
||||
uint32_t r, bb;
|
||||
|
||||
@ -1310,9 +1310,9 @@ zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) {
|
||||
* small prime moduli); two's complement is used for negative values.
|
||||
*/
|
||||
static void
|
||||
zint_rebuild_CRT(uint32_t *restrict xx, size_t xlen, size_t xstride,
|
||||
zint_rebuild_CRT(uint32_t *xx, size_t xlen, size_t xstride,
|
||||
size_t num, const small_prime *primes, int normalize_signed,
|
||||
uint32_t *restrict tmp) {
|
||||
uint32_t *tmp) {
|
||||
size_t u;
|
||||
uint32_t *x;
|
||||
|
||||
@ -1554,9 +1554,9 @@ zint_co_reduce_mod(uint32_t *a, uint32_t *b, const uint32_t *m, size_t len,
|
||||
* each other, or with either x or y.
|
||||
*/
|
||||
static int
|
||||
zint_bezout(uint32_t *restrict u, uint32_t *restrict v,
|
||||
const uint32_t *restrict x, const uint32_t *restrict y,
|
||||
size_t len, uint32_t *restrict tmp) {
|
||||
zint_bezout(uint32_t *u, uint32_t *v,
|
||||
const uint32_t *x, const uint32_t *y,
|
||||
size_t len, uint32_t *tmp) {
|
||||
/*
|
||||
* Algorithm is an extended binary GCD. We maintain 6 values
|
||||
* a, b, u0, u1, v0 and v1 with the following invariants:
|
||||
@ -1879,8 +1879,8 @@ zint_bezout(uint32_t *restrict u, uint32_t *restrict v,
|
||||
* negative values.
|
||||
*/
|
||||
static void
|
||||
zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen,
|
||||
const uint32_t *restrict y, size_t ylen, int32_t k,
|
||||
zint_add_scaled_mul_small(uint32_t *x, size_t xlen,
|
||||
const uint32_t *y, size_t ylen, int32_t k,
|
||||
uint32_t sch, uint32_t scl) {
|
||||
size_t u;
|
||||
uint32_t ysign, tw;
|
||||
@ -1939,8 +1939,8 @@ zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen,
|
||||
* negative values.
|
||||
*/
|
||||
static void
|
||||
zint_sub_scaled(uint32_t *restrict x, size_t xlen,
|
||||
const uint32_t *restrict y, size_t ylen, uint32_t sch, uint32_t scl) {
|
||||
zint_sub_scaled(uint32_t *x, size_t xlen,
|
||||
const uint32_t *y, size_t ylen, uint32_t sch, uint32_t scl) {
|
||||
size_t u;
|
||||
uint32_t ysign, tw;
|
||||
uint32_t cc;
|
||||
@ -2073,9 +2073,9 @@ poly_big_to_small(int8_t *d, const uint32_t *s, int lim, unsigned logn) {
|
||||
* high degree.
|
||||
*/
|
||||
static void
|
||||
poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride,
|
||||
const uint32_t *restrict f, size_t flen, size_t fstride,
|
||||
const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn) {
|
||||
poly_sub_scaled(uint32_t *F, size_t Flen, size_t Fstride,
|
||||
const uint32_t *f, size_t flen, size_t fstride,
|
||||
const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn) {
|
||||
size_t n, u;
|
||||
|
||||
n = MKN(logn);
|
||||
@ -2109,10 +2109,10 @@ poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride,
|
||||
* The value sc is provided as sch = sc / 31 and scl = sc % 31.
|
||||
*/
|
||||
static void
|
||||
poly_sub_scaled_ntt(uint32_t *restrict F, size_t Flen, size_t Fstride,
|
||||
const uint32_t *restrict f, size_t flen, size_t fstride,
|
||||
const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn,
|
||||
uint32_t *restrict tmp) {
|
||||
poly_sub_scaled_ntt(uint32_t *F, size_t Flen, size_t Fstride,
|
||||
const uint32_t *f, size_t flen, size_t fstride,
|
||||
const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn,
|
||||
uint32_t *tmp) {
|
||||
uint32_t *gm, *igm, *fk, *t1, *x;
|
||||
const uint32_t *y;
|
||||
size_t n, u, tlen;
|
||||
|
@ -71,8 +71,8 @@ ffLDL_treesize(unsigned logn) {
|
||||
* tmp[] must have room for at least one polynomial.
|
||||
*/
|
||||
static void
|
||||
ffLDL_fft_inner(fpr *restrict tree,
|
||||
fpr *restrict g0, fpr *restrict g1, unsigned logn, fpr *restrict tmp) {
|
||||
ffLDL_fft_inner(fpr *tree,
|
||||
fpr *g0, fpr *g1, unsigned logn, fpr *tmp) {
|
||||
size_t n, hn;
|
||||
|
||||
n = MKN(logn);
|
||||
@ -120,9 +120,9 @@ ffLDL_fft_inner(fpr *restrict tree,
|
||||
* polynomials of 2^logn elements each.
|
||||
*/
|
||||
static void
|
||||
ffLDL_fft(fpr *restrict tree, const fpr *restrict g00,
|
||||
const fpr *restrict g01, const fpr *restrict g11,
|
||||
unsigned logn, fpr *restrict tmp) {
|
||||
ffLDL_fft(fpr *tree, const fpr *g00,
|
||||
const fpr *g01, const fpr *g11,
|
||||
unsigned logn, fpr *tmp) {
|
||||
size_t n, hn;
|
||||
fpr *d00, *d11;
|
||||
|
||||
@ -224,10 +224,10 @@ skoff_tree(unsigned logn) {
|
||||
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key,
|
||||
PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *expanded_key,
|
||||
const int8_t *f, const int8_t *g,
|
||||
const int8_t *F, const int8_t *G,
|
||||
unsigned logn, uint8_t *restrict tmp) {
|
||||
unsigned logn, uint8_t *tmp) {
|
||||
size_t n;
|
||||
fpr *rf, *rg, *rF, *rG;
|
||||
fpr *b00, *b01, *b10, *b11;
|
||||
@ -319,9 +319,9 @@ typedef int (*samplerZ)(void *ctx, fpr mu, fpr sigma);
|
||||
*/
|
||||
static void
|
||||
ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx,
|
||||
fpr *restrict t0, fpr *restrict t1,
|
||||
fpr *restrict g00, fpr *restrict g01, fpr *restrict g11,
|
||||
unsigned logn, fpr *restrict tmp) {
|
||||
fpr *t0, fpr *t1,
|
||||
fpr *g00, fpr *g01, fpr *g11,
|
||||
unsigned logn, fpr *tmp) {
|
||||
size_t n, hn;
|
||||
fpr *z0, *z1;
|
||||
|
||||
@ -410,10 +410,10 @@ ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx,
|
||||
*/
|
||||
static void
|
||||
ffSampling_fft(samplerZ samp, void *samp_ctx,
|
||||
fpr *restrict z0, fpr *restrict z1,
|
||||
const fpr *restrict tree,
|
||||
const fpr *restrict t0, const fpr *restrict t1, unsigned logn,
|
||||
fpr *restrict tmp) {
|
||||
fpr *z0, fpr *z1,
|
||||
const fpr *tree,
|
||||
const fpr *t0, const fpr *t1, unsigned logn,
|
||||
fpr *tmp) {
|
||||
size_t n, hn;
|
||||
const fpr *tree0, *tree1;
|
||||
|
||||
@ -471,9 +471,9 @@ ffSampling_fft(samplerZ samp, void *samp_ctx,
|
||||
*/
|
||||
static uint32_t
|
||||
do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2,
|
||||
const fpr *restrict expanded_key,
|
||||
const fpr *expanded_key,
|
||||
const uint16_t *hm,
|
||||
unsigned logn, fpr *restrict tmp) {
|
||||
unsigned logn, fpr *tmp) {
|
||||
size_t n, u;
|
||||
fpr *t0, *t1, *tx, *ty;
|
||||
const fpr *b00, *b01, *b10, *b11, *tree;
|
||||
@ -568,9 +568,9 @@ do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2,
|
||||
*/
|
||||
static uint32_t
|
||||
do_sign_dyn(samplerZ samp, void *samp_ctx, int16_t *s2,
|
||||
const int8_t *restrict f, const int8_t *restrict g,
|
||||
const int8_t *restrict F, const int8_t *restrict G,
|
||||
const uint16_t *hm, unsigned logn, fpr *restrict tmp) {
|
||||
const int8_t *f, const int8_t *g,
|
||||
const int8_t *F, const int8_t *G,
|
||||
const uint16_t *hm, unsigned logn, fpr *tmp) {
|
||||
size_t n, u;
|
||||
fpr *t0, *t1, *tx, *ty;
|
||||
fpr *b00, *b01, *b10, *b11, *g00, *g01, *g11;
|
||||
@ -965,7 +965,7 @@ sampler(void *ctx, fpr mu, fpr isigma) {
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
|
||||
const fpr *restrict expanded_key,
|
||||
const fpr *expanded_key,
|
||||
const uint16_t *hm, unsigned logn, uint8_t *tmp) {
|
||||
fpr *ftmp;
|
||||
|
||||
@ -1019,8 +1019,8 @@ PQCLEAN_FALCON1024_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON1024_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng,
|
||||
const int8_t *restrict f, const int8_t *restrict g,
|
||||
const int8_t *restrict F, const int8_t *restrict G,
|
||||
const int8_t *f, const int8_t *g,
|
||||
const int8_t *F, const int8_t *G,
|
||||
const uint16_t *hm, unsigned logn, uint8_t *tmp) {
|
||||
fpr *ftmp;
|
||||
|
||||
|
@ -345,7 +345,7 @@ PQCLEAN_FALCON512_CLEAN_iFFT(fpr *f, unsigned logn) {
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_add(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -357,7 +357,7 @@ PQCLEAN_FALCON512_CLEAN_poly_add(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_sub(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -391,7 +391,7 @@ PQCLEAN_FALCON512_CLEAN_poly_adj_fft(fpr *a, unsigned logn) {
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_mul_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -410,7 +410,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mul_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -461,7 +461,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn) {
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_div_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -479,8 +479,8 @@ PQCLEAN_FALCON512_CLEAN_poly_div_fft(
|
||||
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d,
|
||||
const fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *d,
|
||||
const fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -501,9 +501,9 @@ PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d,
|
||||
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d,
|
||||
const fpr *restrict F, const fpr *restrict G,
|
||||
const fpr *restrict f, const fpr *restrict g, unsigned logn) {
|
||||
PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *d,
|
||||
const fpr *F, const fpr *G,
|
||||
const fpr *f, const fpr *g, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -532,7 +532,7 @@ PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d,
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -546,7 +546,7 @@ PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(
|
||||
fpr *restrict a, const fpr *restrict b, unsigned logn) {
|
||||
fpr *a, const fpr *b, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -563,8 +563,8 @@ PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(
|
||||
const fpr *restrict g00,
|
||||
fpr *restrict g01, fpr *restrict g11, unsigned logn) {
|
||||
const fpr *g00,
|
||||
fpr *g01, fpr *g11, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -590,9 +590,9 @@ PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(
|
||||
fpr *restrict d11, fpr *restrict l10,
|
||||
const fpr *restrict g00, const fpr *restrict g01,
|
||||
const fpr *restrict g11, unsigned logn) {
|
||||
fpr *d11, fpr *l10,
|
||||
const fpr *g00, const fpr *g01,
|
||||
const fpr *g11, unsigned logn) {
|
||||
size_t n, hn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
@ -618,8 +618,8 @@ PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_split_fft(
|
||||
fpr *restrict f0, fpr *restrict f1,
|
||||
const fpr *restrict f, unsigned logn) {
|
||||
fpr *f0, fpr *f1,
|
||||
const fpr *f, unsigned logn) {
|
||||
/*
|
||||
* The FFT representation we use is in bit-reversed order
|
||||
* (element i contains f(w^(rev(i))), where rev() is the
|
||||
@ -666,8 +666,8 @@ PQCLEAN_FALCON512_CLEAN_poly_split_fft(
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_poly_merge_fft(
|
||||
fpr *restrict f,
|
||||
const fpr *restrict f0, const fpr *restrict f1, unsigned logn) {
|
||||
fpr *f,
|
||||
const fpr *f0, const fpr *f1, unsigned logn) {
|
||||
size_t n, hn, qn, u;
|
||||
|
||||
n = (size_t)1 << logn;
|
||||
|
@ -287,7 +287,7 @@ fpr_rint(fpr x) {
|
||||
return ((int64_t)m ^ -(int64_t)s) + (int64_t)s;
|
||||
}
|
||||
|
||||
static inline long
|
||||
static inline int64_t
|
||||
fpr_floor(fpr x) {
|
||||
uint64_t t;
|
||||
int64_t xi;
|
||||
|
@ -453,13 +453,13 @@ void PQCLEAN_FALCON512_CLEAN_iFFT(fpr *f, unsigned logn);
|
||||
* Add polynomial b to polynomial a. a and b MUST NOT overlap. This
|
||||
* function works in both normal and FFT representations.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_add(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_add(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Subtract polynomial b from polynomial a. a and b MUST NOT overlap. This
|
||||
* function works in both normal and FFT representations.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_sub(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_sub(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Negate polynomial a. This function works in both normal and FFT
|
||||
@ -477,13 +477,13 @@ void PQCLEAN_FALCON512_CLEAN_poly_adj_fft(fpr *a, unsigned logn);
|
||||
* Multiply polynomial a with polynomial b. a and b MUST NOT overlap.
|
||||
* This function works only in FFT representation.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_mul_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_mul_fft(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Multiply polynomial a with the adjoint of polynomial b. a and b MUST NOT
|
||||
* overlap. This function works only in FFT representation.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_muladj_fft(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Multiply polynomial with its own adjoint. This function works only in FFT
|
||||
@ -501,7 +501,7 @@ void PQCLEAN_FALCON512_CLEAN_poly_mulconst(fpr *a, fpr x, unsigned logn);
|
||||
* Divide polynomial a by polynomial b, modulo X^N+1 (FFT representation).
|
||||
* a and b MUST NOT overlap.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Given f and g (in FFT representation), compute 1/(f*adj(f)+g*adj(g))
|
||||
@ -511,17 +511,17 @@ void PQCLEAN_FALCON512_CLEAN_poly_div_fft(fpr *restrict a, const fpr *restrict b
|
||||
*
|
||||
* Array d MUST NOT overlap with either a or b.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *restrict d,
|
||||
const fpr *restrict a, const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_invnorm2_fft(fpr *d,
|
||||
const fpr *a, const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Given F, G, f and g (in FFT representation), compute F*adj(f)+G*adj(g)
|
||||
* (also in FFT representation). Destination d MUST NOT overlap with
|
||||
* any of the source arrays.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d,
|
||||
const fpr *restrict F, const fpr *restrict G,
|
||||
const fpr *restrict f, const fpr *restrict g, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *d,
|
||||
const fpr *F, const fpr *G,
|
||||
const fpr *f, const fpr *g, unsigned logn);
|
||||
|
||||
/*
|
||||
* Multiply polynomial a by polynomial b, where b is autoadjoint. Both
|
||||
@ -529,8 +529,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_add_muladj_fft(fpr *restrict d,
|
||||
* FFT coefficients are real, and the array b contains only N/2 elements.
|
||||
* a and b MUST NOT overlap.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *restrict a,
|
||||
const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *a,
|
||||
const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Divide polynomial a by polynomial b, where b is autoadjoint. Both
|
||||
@ -538,8 +538,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_mul_autoadj_fft(fpr *restrict a,
|
||||
* FFT coefficients are real, and the array b contains only N/2 elements.
|
||||
* a and b MUST NOT overlap.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *restrict a,
|
||||
const fpr *restrict b, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *a,
|
||||
const fpr *b, unsigned logn);
|
||||
|
||||
/*
|
||||
* Perform an LDL decomposition of an auto-adjoint matrix G, in FFT
|
||||
@ -549,8 +549,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_div_autoadj_fft(fpr *restrict a,
|
||||
* (with D = [[d00, 0], [0, d11]] and L = [[1, 0], [l10, 1]]).
|
||||
* (In fact, d00 = g00, so the g00 operand is left unmodified.)
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *restrict g00,
|
||||
fpr *restrict g01, fpr *restrict g11, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *g00,
|
||||
fpr *g01, fpr *g11, unsigned logn);
|
||||
|
||||
/*
|
||||
* Perform an LDL decomposition of an auto-adjoint matrix G, in FFT
|
||||
@ -558,17 +558,17 @@ void PQCLEAN_FALCON512_CLEAN_poly_LDL_fft(const fpr *restrict g00,
|
||||
* g00, g01 and g11 are unmodified; the outputs d11 and l10 are written
|
||||
* in two other separate buffers provided as extra parameters.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10,
|
||||
const fpr *restrict g00, const fpr *restrict g01,
|
||||
const fpr *restrict g11, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *d11, fpr *l10,
|
||||
const fpr *g00, const fpr *g01,
|
||||
const fpr *g11, unsigned logn);
|
||||
|
||||
/*
|
||||
* Apply "split" operation on a polynomial in FFT representation:
|
||||
* f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1
|
||||
* (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1,
|
||||
const fpr *restrict f, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *f0, fpr *f1,
|
||||
const fpr *f, unsigned logn);
|
||||
|
||||
/*
|
||||
* Apply "merge" operation on two polynomials in FFT representation:
|
||||
@ -576,8 +576,8 @@ void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1,
|
||||
* f = f0(x^2) + x*f1(x^2), in FFT representation modulo X^N+1.
|
||||
* f MUST NOT overlap with either f0 or f1.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_merge_fft(fpr *restrict f,
|
||||
const fpr *restrict f0, const fpr *restrict f1, unsigned logn);
|
||||
void PQCLEAN_FALCON512_CLEAN_poly_merge_fft(fpr *f,
|
||||
const fpr *f0, const fpr *f1, unsigned logn);
|
||||
|
||||
/* ==================================================================== */
|
||||
/*
|
||||
@ -625,9 +625,9 @@ void PQCLEAN_FALCON512_CLEAN_keygen(shake256_context *rng,
|
||||
*
|
||||
* The tmp[] array must have room for at least 48*2^logn bytes.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key,
|
||||
void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *expanded_key,
|
||||
const int8_t *f, const int8_t *g, const int8_t *F, const int8_t *G,
|
||||
unsigned logn, uint8_t *restrict tmp);
|
||||
unsigned logn, uint8_t *tmp);
|
||||
|
||||
/*
|
||||
* Compute a signature over the provided hashed message (hm); the
|
||||
@ -639,7 +639,7 @@ void PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key,
|
||||
* The minimal size (in bytes) of tmp[] is 48*2^logn bytes.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
|
||||
const fpr *restrict expanded_key,
|
||||
const fpr *expanded_key,
|
||||
const uint16_t *hm, unsigned logn, uint8_t *tmp);
|
||||
|
||||
/*
|
||||
@ -654,8 +654,8 @@ void PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
|
||||
* The minimal size (in bytes) of tmp[] is 72*2^logn bytes.
|
||||
*/
|
||||
void PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng,
|
||||
const int8_t *restrict f, const int8_t *restrict g,
|
||||
const int8_t *restrict F, const int8_t *restrict G,
|
||||
const int8_t *f, const int8_t *g,
|
||||
const int8_t *F, const int8_t *G,
|
||||
const uint16_t *hm, unsigned logn, uint8_t *tmp);
|
||||
|
||||
/* ==================================================================== */
|
||||
|
@ -928,7 +928,7 @@ static const uint16_t REV10[] = {
|
||||
* p must be a prime such that p = 1 mod 2048.
|
||||
*/
|
||||
static void
|
||||
modp_mkgm2(uint32_t *restrict gm, uint32_t *restrict igm, unsigned logn,
|
||||
modp_mkgm2(uint32_t *gm, uint32_t *igm, unsigned logn,
|
||||
uint32_t g, uint32_t p, uint32_t p0i) {
|
||||
size_t u, n;
|
||||
unsigned k;
|
||||
@ -1129,7 +1129,7 @@ modp_poly_rec_res(uint32_t *f, unsigned logn,
|
||||
* still performed, and the carry is computed and returned.
|
||||
*/
|
||||
static uint32_t
|
||||
zint_sub(uint32_t *restrict a, const uint32_t *restrict b, size_t len,
|
||||
zint_sub(uint32_t *a, const uint32_t *b, size_t len,
|
||||
uint32_t ctl) {
|
||||
size_t u;
|
||||
uint32_t cc, m;
|
||||
@ -1225,8 +1225,8 @@ zint_mod_small_signed(const uint32_t *d, size_t dlen,
|
||||
* not overlap.
|
||||
*/
|
||||
static void
|
||||
zint_add_mul_small(uint32_t *restrict x,
|
||||
const uint32_t *restrict y, size_t len, uint32_t s) {
|
||||
zint_add_mul_small(uint32_t *x,
|
||||
const uint32_t *y, size_t len, uint32_t s) {
|
||||
size_t u;
|
||||
uint32_t cc;
|
||||
|
||||
@ -1250,7 +1250,7 @@ zint_add_mul_small(uint32_t *restrict x,
|
||||
* untouched. The two integers x and p are encoded over the same length.
|
||||
*/
|
||||
static void
|
||||
zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) {
|
||||
zint_norm_zero(uint32_t *x, const uint32_t *p, size_t len) {
|
||||
size_t u;
|
||||
uint32_t r, bb;
|
||||
|
||||
@ -1310,9 +1310,9 @@ zint_norm_zero(uint32_t *restrict x, const uint32_t *restrict p, size_t len) {
|
||||
* small prime moduli); two's complement is used for negative values.
|
||||
*/
|
||||
static void
|
||||
zint_rebuild_CRT(uint32_t *restrict xx, size_t xlen, size_t xstride,
|
||||
zint_rebuild_CRT(uint32_t *xx, size_t xlen, size_t xstride,
|
||||
size_t num, const small_prime *primes, int normalize_signed,
|
||||
uint32_t *restrict tmp) {
|
||||
uint32_t *tmp) {
|
||||
size_t u;
|
||||
uint32_t *x;
|
||||
|
||||
@ -1554,9 +1554,9 @@ zint_co_reduce_mod(uint32_t *a, uint32_t *b, const uint32_t *m, size_t len,
|
||||
* each other, or with either x or y.
|
||||
*/
|
||||
static int
|
||||
zint_bezout(uint32_t *restrict u, uint32_t *restrict v,
|
||||
const uint32_t *restrict x, const uint32_t *restrict y,
|
||||
size_t len, uint32_t *restrict tmp) {
|
||||
zint_bezout(uint32_t *u, uint32_t *v,
|
||||
const uint32_t *x, const uint32_t *y,
|
||||
size_t len, uint32_t *tmp) {
|
||||
/*
|
||||
* Algorithm is an extended binary GCD. We maintain 6 values
|
||||
* a, b, u0, u1, v0 and v1 with the following invariants:
|
||||
@ -1879,8 +1879,8 @@ zint_bezout(uint32_t *restrict u, uint32_t *restrict v,
|
||||
* negative values.
|
||||
*/
|
||||
static void
|
||||
zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen,
|
||||
const uint32_t *restrict y, size_t ylen, int32_t k,
|
||||
zint_add_scaled_mul_small(uint32_t *x, size_t xlen,
|
||||
const uint32_t *y, size_t ylen, int32_t k,
|
||||
uint32_t sch, uint32_t scl) {
|
||||
size_t u;
|
||||
uint32_t ysign, tw;
|
||||
@ -1939,8 +1939,8 @@ zint_add_scaled_mul_small(uint32_t *restrict x, size_t xlen,
|
||||
* negative values.
|
||||
*/
|
||||
static void
|
||||
zint_sub_scaled(uint32_t *restrict x, size_t xlen,
|
||||
const uint32_t *restrict y, size_t ylen, uint32_t sch, uint32_t scl) {
|
||||
zint_sub_scaled(uint32_t *x, size_t xlen,
|
||||
const uint32_t *y, size_t ylen, uint32_t sch, uint32_t scl) {
|
||||
size_t u;
|
||||
uint32_t ysign, tw;
|
||||
uint32_t cc;
|
||||
@ -2073,9 +2073,9 @@ poly_big_to_small(int8_t *d, const uint32_t *s, int lim, unsigned logn) {
|
||||
* high degree.
|
||||
*/
|
||||
static void
|
||||
poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride,
|
||||
const uint32_t *restrict f, size_t flen, size_t fstride,
|
||||
const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn) {
|
||||
poly_sub_scaled(uint32_t *F, size_t Flen, size_t Fstride,
|
||||
const uint32_t *f, size_t flen, size_t fstride,
|
||||
const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn) {
|
||||
size_t n, u;
|
||||
|
||||
n = MKN(logn);
|
||||
@ -2109,10 +2109,10 @@ poly_sub_scaled(uint32_t *restrict F, size_t Flen, size_t Fstride,
|
||||
* The value sc is provided as sch = sc / 31 and scl = sc % 31.
|
||||
*/
|
||||
static void
|
||||
poly_sub_scaled_ntt(uint32_t *restrict F, size_t Flen, size_t Fstride,
|
||||
const uint32_t *restrict f, size_t flen, size_t fstride,
|
||||
const int32_t *restrict k, uint32_t sch, uint32_t scl, unsigned logn,
|
||||
uint32_t *restrict tmp) {
|
||||
poly_sub_scaled_ntt(uint32_t *F, size_t Flen, size_t Fstride,
|
||||
const uint32_t *f, size_t flen, size_t fstride,
|
||||
const int32_t *k, uint32_t sch, uint32_t scl, unsigned logn,
|
||||
uint32_t *tmp) {
|
||||
uint32_t *gm, *igm, *fk, *t1, *x;
|
||||
const uint32_t *y;
|
||||
size_t n, u, tlen;
|
||||
|
@ -71,8 +71,8 @@ ffLDL_treesize(unsigned logn) {
|
||||
* tmp[] must have room for at least one polynomial.
|
||||
*/
|
||||
static void
|
||||
ffLDL_fft_inner(fpr *restrict tree,
|
||||
fpr *restrict g0, fpr *restrict g1, unsigned logn, fpr *restrict tmp) {
|
||||
ffLDL_fft_inner(fpr *tree,
|
||||
fpr *g0, fpr *g1, unsigned logn, fpr *tmp) {
|
||||
size_t n, hn;
|
||||
|
||||
n = MKN(logn);
|
||||
@ -120,9 +120,9 @@ ffLDL_fft_inner(fpr *restrict tree,
|
||||
* polynomials of 2^logn elements each.
|
||||
*/
|
||||
static void
|
||||
ffLDL_fft(fpr *restrict tree, const fpr *restrict g00,
|
||||
const fpr *restrict g01, const fpr *restrict g11,
|
||||
unsigned logn, fpr *restrict tmp) {
|
||||
ffLDL_fft(fpr *tree, const fpr *g00,
|
||||
const fpr *g01, const fpr *g11,
|
||||
unsigned logn, fpr *tmp) {
|
||||
size_t n, hn;
|
||||
fpr *d00, *d11;
|
||||
|
||||
@ -224,10 +224,10 @@ skoff_tree(unsigned logn) {
|
||||
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key,
|
||||
PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *expanded_key,
|
||||
const int8_t *f, const int8_t *g,
|
||||
const int8_t *F, const int8_t *G,
|
||||
unsigned logn, uint8_t *restrict tmp) {
|
||||
unsigned logn, uint8_t *tmp) {
|
||||
size_t n;
|
||||
fpr *rf, *rg, *rF, *rG;
|
||||
fpr *b00, *b01, *b10, *b11;
|
||||
@ -319,9 +319,9 @@ typedef int (*samplerZ)(void *ctx, fpr mu, fpr sigma);
|
||||
*/
|
||||
static void
|
||||
ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx,
|
||||
fpr *restrict t0, fpr *restrict t1,
|
||||
fpr *restrict g00, fpr *restrict g01, fpr *restrict g11,
|
||||
unsigned logn, fpr *restrict tmp) {
|
||||
fpr *t0, fpr *t1,
|
||||
fpr *g00, fpr *g01, fpr *g11,
|
||||
unsigned logn, fpr *tmp) {
|
||||
size_t n, hn;
|
||||
fpr *z0, *z1;
|
||||
|
||||
@ -410,10 +410,10 @@ ffSampling_fft_dyntree(samplerZ samp, void *samp_ctx,
|
||||
*/
|
||||
static void
|
||||
ffSampling_fft(samplerZ samp, void *samp_ctx,
|
||||
fpr *restrict z0, fpr *restrict z1,
|
||||
const fpr *restrict tree,
|
||||
const fpr *restrict t0, const fpr *restrict t1, unsigned logn,
|
||||
fpr *restrict tmp) {
|
||||
fpr *z0, fpr *z1,
|
||||
const fpr *tree,
|
||||
const fpr *t0, const fpr *t1, unsigned logn,
|
||||
fpr *tmp) {
|
||||
size_t n, hn;
|
||||
const fpr *tree0, *tree1;
|
||||
|
||||
@ -471,9 +471,9 @@ ffSampling_fft(samplerZ samp, void *samp_ctx,
|
||||
*/
|
||||
static uint32_t
|
||||
do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2,
|
||||
const fpr *restrict expanded_key,
|
||||
const fpr *expanded_key,
|
||||
const uint16_t *hm,
|
||||
unsigned logn, fpr *restrict tmp) {
|
||||
unsigned logn, fpr *tmp) {
|
||||
size_t n, u;
|
||||
fpr *t0, *t1, *tx, *ty;
|
||||
const fpr *b00, *b01, *b10, *b11, *tree;
|
||||
@ -568,9 +568,9 @@ do_sign_tree(samplerZ samp, void *samp_ctx, int16_t *s2,
|
||||
*/
|
||||
static uint32_t
|
||||
do_sign_dyn(samplerZ samp, void *samp_ctx, int16_t *s2,
|
||||
const int8_t *restrict f, const int8_t *restrict g,
|
||||
const int8_t *restrict F, const int8_t *restrict G,
|
||||
const uint16_t *hm, unsigned logn, fpr *restrict tmp) {
|
||||
const int8_t *f, const int8_t *g,
|
||||
const int8_t *F, const int8_t *G,
|
||||
const uint16_t *hm, unsigned logn, fpr *tmp) {
|
||||
size_t n, u;
|
||||
fpr *t0, *t1, *tx, *ty;
|
||||
fpr *b00, *b01, *b10, *b11, *g00, *g01, *g11;
|
||||
@ -965,7 +965,7 @@ sampler(void *ctx, fpr mu, fpr isigma) {
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
|
||||
const fpr *restrict expanded_key,
|
||||
const fpr *expanded_key,
|
||||
const uint16_t *hm, unsigned logn, uint8_t *tmp) {
|
||||
fpr *ftmp;
|
||||
|
||||
@ -1019,8 +1019,8 @@ PQCLEAN_FALCON512_CLEAN_sign_tree(int16_t *sig, shake256_context *rng,
|
||||
/* see inner.h */
|
||||
void
|
||||
PQCLEAN_FALCON512_CLEAN_sign_dyn(int16_t *sig, shake256_context *rng,
|
||||
const int8_t *restrict f, const int8_t *restrict g,
|
||||
const int8_t *restrict F, const int8_t *restrict G,
|
||||
const int8_t *f, const int8_t *g,
|
||||
const int8_t *F, const int8_t *G,
|
||||
const uint16_t *hm, unsigned logn, uint8_t *tmp) {
|
||||
fpr *ftmp;
|
||||
|
||||
|
Carregando…
Referência em uma nova issue
Block a user