1
1

Fix NewHope verify

https://github.com/mupq/pqm4/issues/132 repoorted that the NewHope verify function does not actually return 0 or 1, but 0 or -1, which consequenctly breaks the cmov in the FO transform.
This bug was introduced when I integrated this into PQClean.
Este cometimento está contido em:
Matthias J. Kannwischer 2020-02-15 10:27:56 +01:00 cometido por Kris Kwiatkowski
ascendente 5a4b5f7358
cometimento e93a6bef1f
8 ficheiros modificados com 8 adições e 8 eliminações

Ver ficheiro

@ -5,7 +5,7 @@ static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;
/*************************************************
* Name: verify
* Name: montgomery_reduce
*
* Description: Montgomery reduction; given a 32-bit integer a, computes
* 16-bit integer congruent to a * R^-1 mod q,

Ver ficheiro

@ -22,7 +22,7 @@ int PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(const unsigned char *a, const unsigned c
r |= a[i] ^ b[i];
}
r = (-(int64_t)r) >> 63;
r = (-r) >> 63;
return (int)r;
}

Ver ficheiro

@ -5,7 +5,7 @@ static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;
/*************************************************
* Name: verify
* Name: montgomery_reduce
*
* Description: Montgomery reduction; given a 32-bit integer a, computes
* 16-bit integer congruent to a * R^-1 mod q,

Ver ficheiro

@ -22,7 +22,7 @@ int PQCLEAN_NEWHOPE1024CPA_CLEAN_verify(const unsigned char *a, const unsigned c
r |= a[i] ^ b[i];
}
r = (-(int64_t)r) >> 63;
r = (-r) >> 63;
return (int)r;
}

Ver ficheiro

@ -5,7 +5,7 @@ static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;
/*************************************************
* Name: verify
* Name: montgomery_reduce
*
* Description: Montgomery reduction; given a 32-bit integer a, computes
* 16-bit integer congruent to a * R^-1 mod q,

Ver ficheiro

@ -22,7 +22,7 @@ int PQCLEAN_NEWHOPE512CCA_CLEAN_verify(const unsigned char *a, const unsigned ch
r |= a[i] ^ b[i];
}
r = (-(int64_t)r) >> 63;
r = (-r) >> 63;
return (int)r;
}

Ver ficheiro

@ -5,7 +5,7 @@ static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;
/*************************************************
* Name: verify
* Name: montgomery_reduce
*
* Description: Montgomery reduction; given a 32-bit integer a, computes
* 16-bit integer congruent to a * R^-1 mod q,

Ver ficheiro

@ -22,7 +22,7 @@ int PQCLEAN_NEWHOPE512CPA_CLEAN_verify(const unsigned char *a, const unsigned ch
r |= a[i] ^ b[i];
}
r = (-(int64_t)r) >> 63;
r = (-r) >> 63;
return (int)r;
}