Thom Wiggers
5 years ago
No known key found for this signature in database
GPG Key ID: 1BB0A7CE26E363
4 changed files with 66 additions and 66 deletions
Split View
Diff Options
-
+6 -6crypto_sign/mqdss-48/clean/gf31.c
-
+27 -27crypto_sign/mqdss-48/clean/sign.c
-
+6 -6crypto_sign/mqdss-64/clean/gf31.c
-
+27 -27crypto_sign/mqdss-64/clean/sign.c
+ 6
- 6
crypto_sign/mqdss-48/clean/gf31.c
View File
| @@ -49,13 +49,13 @@ void PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(gf31 *out, const gf31 *in) { | |||
| them in a vector of 16-bit elements */ | |||
| void PQCLEAN_MQDSS48_CLEAN_gf31_nrand(gf31 *out, int len, const unsigned char *seed, size_t seedlen) { | |||
| int i = 0, j; | |||
| uint64_t shakestate[25] = {0}; | |||
| shake256ctx shakestate; | |||
| unsigned char shakeblock[SHAKE256_RATE]; | |||
| shake256_absorb(shakestate, seed, seedlen); | |||
| shake256_absorb(&shakestate, seed, seedlen); | |||
| while (i < len) { | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| for (j = 0; j < SHAKE256_RATE && i < len; j++) { | |||
| if ((shakeblock[j] & 31) != 31) { | |||
| out[i] = (shakeblock[j] & 31); | |||
| @@ -70,13 +70,13 @@ void PQCLEAN_MQDSS48_CLEAN_gf31_nrand(gf31 *out, int len, const unsigned char *s | |||
| This is used for the expansion of F, which wants packed elements. */ | |||
| void PQCLEAN_MQDSS48_CLEAN_gf31_nrand_schar(signed char *out, int len, const unsigned char *seed, size_t seedlen) { | |||
| int i = 0, j; | |||
| uint64_t shakestate[25] = {0}; | |||
| shake256ctx shakestate; | |||
| unsigned char shakeblock[SHAKE256_RATE]; | |||
| shake256_absorb(shakestate, seed, seedlen); | |||
| shake256_absorb(&shakestate, seed, seedlen); | |||
| while (i < len) { | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| for (j = 0; j < SHAKE256_RATE && i < len; j++) { | |||
| if ((shakeblock[j] & 31) != 31) { | |||
| out[i] = (signed char)(((signed char)shakeblock[j] & 31) - 15); | |||
+ 27
- 27
crypto_sign/mqdss-48/clean/sign.c
View File
| @@ -85,7 +85,7 @@ int PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature( | |||
| unsigned char *h0 = D_sigma0_h0_sigma1 + 2 * HASH_BYTES; | |||
| unsigned char *t1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES; | |||
| unsigned char *e1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES + ROUNDS * NPACKED_BYTES; | |||
| uint64_t shakestate[25] = {0}; | |||
| shake256ctx shakestate; | |||
| unsigned char shakeblock[SHAKE256_RATE]; | |||
| unsigned char h1[((ROUNDS + 7) & ~7) >> 3]; | |||
| unsigned char rnd_seed[HASH_BYTES + SEED_BYTES]; | |||
| @@ -109,17 +109,17 @@ int PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature( | |||
| int alpha_count = 0; | |||
| int b; | |||
| int i, j; | |||
| uint64_t s_inc[26]; | |||
| shake256incctx state; | |||
| shake256(skbuf, SEED_BYTES * 4, sk, SEED_BYTES); | |||
| PQCLEAN_MQDSS48_CLEAN_gf31_nrand_schar(F, F_LEN, skbuf, SEED_BYTES); | |||
| shake256_inc_init(s_inc); | |||
| shake256_inc_absorb(s_inc, sk, SEED_BYTES); | |||
| shake256_inc_absorb(s_inc, m, mlen); | |||
| shake256_inc_finalize(s_inc); | |||
| shake256_inc_squeeze(sig, HASH_BYTES, s_inc); // Compute R. | |||
| shake256_inc_init(&state); | |||
| shake256_inc_absorb(&state, sk, SEED_BYTES); | |||
| shake256_inc_absorb(&state, m, mlen); | |||
| shake256_inc_finalize(&state); | |||
| shake256_inc_squeeze(sig, HASH_BYTES, &state); // Compute R. | |||
| memcpy(pk, skbuf, SEED_BYTES); | |||
| PQCLEAN_MQDSS48_CLEAN_gf31_nrand(sk_gf31, N, skbuf + SEED_BYTES, SEED_BYTES); | |||
| @@ -127,12 +127,12 @@ int PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature( | |||
| PQCLEAN_MQDSS48_CLEAN_vgf31_unique(pk_gf31, pk_gf31); | |||
| PQCLEAN_MQDSS48_CLEAN_gf31_npack(pk + SEED_BYTES, pk_gf31, M); | |||
| shake256_inc_init(s_inc); | |||
| shake256_inc_absorb(s_inc, pk, PK_BYTES); | |||
| shake256_inc_absorb(s_inc, sig, HASH_BYTES); | |||
| shake256_inc_absorb(s_inc, m, mlen); | |||
| shake256_inc_finalize(s_inc); | |||
| shake256_inc_squeeze(D, HASH_BYTES, s_inc); | |||
| shake256_inc_init(&state); | |||
| shake256_inc_absorb(&state, pk, PK_BYTES); | |||
| shake256_inc_absorb(&state, sig, HASH_BYTES); | |||
| shake256_inc_absorb(&state, m, mlen); | |||
| shake256_inc_finalize(&state); | |||
| shake256_inc_squeeze(D, HASH_BYTES, &state); | |||
| sig += HASH_BYTES; // Compensate for prefixed R. | |||
| @@ -166,8 +166,8 @@ int PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature( | |||
| } | |||
| H(sigma0, c, HASH_BYTES * ROUNDS * 2); // Compute sigma_0. | |||
| shake256_absorb(shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES); | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_absorb(&shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| memcpy(h0, shakeblock, HASH_BYTES); | |||
| @@ -180,7 +180,7 @@ int PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature( | |||
| alpha_count++; | |||
| if (alpha_count == SHAKE256_RATE) { | |||
| alpha_count = 0; | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| } | |||
| } while (alpha == 31); | |||
| for (j = 0; j < N; j++) { | |||
| @@ -246,24 +246,24 @@ int PQCLEAN_MQDSS48_CLEAN_crypto_sign_verify( | |||
| gf31 z[M]; | |||
| unsigned char packbuf0[NPACKED_BYTES]; | |||
| unsigned char packbuf1[MPACKED_BYTES]; | |||
| uint64_t shakestate[25] = {0}; | |||
| shake256ctx shakestate; | |||
| unsigned char shakeblock[SHAKE256_RATE]; | |||
| int i, j; | |||
| gf31 alpha; | |||
| int alpha_count = 0; | |||
| int b; | |||
| uint64_t s_inc[26]; | |||
| shake256incctx state; | |||
| if (siglen != SIG_LEN) { | |||
| return -1; | |||
| } | |||
| shake256_inc_init(s_inc); | |||
| shake256_inc_absorb(s_inc, pk, PK_BYTES); | |||
| shake256_inc_absorb(s_inc, sig, HASH_BYTES); | |||
| shake256_inc_absorb(s_inc, m, mlen); | |||
| shake256_inc_finalize(s_inc); | |||
| shake256_inc_squeeze(D, HASH_BYTES, s_inc); | |||
| shake256_inc_init(&state); | |||
| shake256_inc_absorb(&state, pk, PK_BYTES); | |||
| shake256_inc_absorb(&state, sig, HASH_BYTES); | |||
| shake256_inc_absorb(&state, m, mlen); | |||
| shake256_inc_finalize(&state); | |||
| shake256_inc_squeeze(D, HASH_BYTES, &state); | |||
| sig += HASH_BYTES; | |||
| @@ -273,8 +273,8 @@ int PQCLEAN_MQDSS48_CLEAN_crypto_sign_verify( | |||
| memcpy(sigma0, sig, HASH_BYTES); | |||
| shake256_absorb(shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES); | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_absorb(&shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| memcpy(h0, shakeblock, HASH_BYTES); | |||
| @@ -293,7 +293,7 @@ int PQCLEAN_MQDSS48_CLEAN_crypto_sign_verify( | |||
| alpha_count++; | |||
| if (alpha_count == SHAKE256_RATE) { | |||
| alpha_count = 0; | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| } | |||
| } while (alpha == 31); | |||
| b = (h1[(i >> 3)] >> (i & 7)) & 1; | |||
+ 6
- 6
crypto_sign/mqdss-64/clean/gf31.c
View File
| @@ -49,13 +49,13 @@ void PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(gf31 *out, const gf31 *in) { | |||
| them in a vector of 16-bit elements */ | |||
| void PQCLEAN_MQDSS64_CLEAN_gf31_nrand(gf31 *out, int len, const unsigned char *seed, size_t seedlen) { | |||
| int i = 0, j; | |||
| uint64_t shakestate[25] = {0}; | |||
| shake256ctx shakestate; | |||
| unsigned char shakeblock[SHAKE256_RATE]; | |||
| shake256_absorb(shakestate, seed, seedlen); | |||
| shake256_absorb(&shakestate, seed, seedlen); | |||
| while (i < len) { | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| for (j = 0; j < SHAKE256_RATE && i < len; j++) { | |||
| if ((shakeblock[j] & 31) != 31) { | |||
| out[i] = (shakeblock[j] & 31); | |||
| @@ -70,13 +70,13 @@ void PQCLEAN_MQDSS64_CLEAN_gf31_nrand(gf31 *out, int len, const unsigned char *s | |||
| This is used for the expansion of F, which wants packed elements. */ | |||
| void PQCLEAN_MQDSS64_CLEAN_gf31_nrand_schar(signed char *out, int len, const unsigned char *seed, size_t seedlen) { | |||
| int i = 0, j; | |||
| uint64_t shakestate[25] = {0}; | |||
| shake256ctx shakestate; | |||
| unsigned char shakeblock[SHAKE256_RATE]; | |||
| shake256_absorb(shakestate, seed, seedlen); | |||
| shake256_absorb(&shakestate, seed, seedlen); | |||
| while (i < len) { | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| for (j = 0; j < SHAKE256_RATE && i < len; j++) { | |||
| if ((shakeblock[j] & 31) != 31) { | |||
| out[i] = (signed char)(((signed char)shakeblock[j] & 31) - 15); | |||
+ 27
- 27
crypto_sign/mqdss-64/clean/sign.c
View File
| @@ -85,7 +85,7 @@ int PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature( | |||
| unsigned char *h0 = D_sigma0_h0_sigma1 + 2 * HASH_BYTES; | |||
| unsigned char *t1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES; | |||
| unsigned char *e1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES + ROUNDS * NPACKED_BYTES; | |||
| uint64_t shakestate[25] = {0}; | |||
| shake256ctx shakestate; | |||
| unsigned char shakeblock[SHAKE256_RATE]; | |||
| unsigned char h1[((ROUNDS + 7) & ~7) >> 3]; | |||
| unsigned char rnd_seed[HASH_BYTES + SEED_BYTES]; | |||
| @@ -109,17 +109,17 @@ int PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature( | |||
| int alpha_count = 0; | |||
| int b; | |||
| int i, j; | |||
| uint64_t s_inc[26]; | |||
| shake256incctx state; | |||
| shake256(skbuf, SEED_BYTES * 4, sk, SEED_BYTES); | |||
| PQCLEAN_MQDSS64_CLEAN_gf31_nrand_schar(F, F_LEN, skbuf, SEED_BYTES); | |||
| shake256_inc_init(s_inc); | |||
| shake256_inc_absorb(s_inc, sk, SEED_BYTES); | |||
| shake256_inc_absorb(s_inc, m, mlen); | |||
| shake256_inc_finalize(s_inc); | |||
| shake256_inc_squeeze(sig, HASH_BYTES, s_inc); // Compute R. | |||
| shake256_inc_init(&state); | |||
| shake256_inc_absorb(&state, sk, SEED_BYTES); | |||
| shake256_inc_absorb(&state, m, mlen); | |||
| shake256_inc_finalize(&state); | |||
| shake256_inc_squeeze(sig, HASH_BYTES, &state); // Compute R. | |||
| memcpy(pk, skbuf, SEED_BYTES); | |||
| PQCLEAN_MQDSS64_CLEAN_gf31_nrand(sk_gf31, N, skbuf + SEED_BYTES, SEED_BYTES); | |||
| @@ -127,12 +127,12 @@ int PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature( | |||
| PQCLEAN_MQDSS64_CLEAN_vgf31_unique(pk_gf31, pk_gf31); | |||
| PQCLEAN_MQDSS64_CLEAN_gf31_npack(pk + SEED_BYTES, pk_gf31, M); | |||
| shake256_inc_init(s_inc); | |||
| shake256_inc_absorb(s_inc, pk, PK_BYTES); | |||
| shake256_inc_absorb(s_inc, sig, HASH_BYTES); | |||
| shake256_inc_absorb(s_inc, m, mlen); | |||
| shake256_inc_finalize(s_inc); | |||
| shake256_inc_squeeze(D, HASH_BYTES, s_inc); | |||
| shake256_inc_init(&state); | |||
| shake256_inc_absorb(&state, pk, PK_BYTES); | |||
| shake256_inc_absorb(&state, sig, HASH_BYTES); | |||
| shake256_inc_absorb(&state, m, mlen); | |||
| shake256_inc_finalize(&state); | |||
| shake256_inc_squeeze(D, HASH_BYTES, &state); | |||
| sig += HASH_BYTES; // Compensate for prefixed R. | |||
| @@ -166,8 +166,8 @@ int PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature( | |||
| } | |||
| H(sigma0, c, HASH_BYTES * ROUNDS * 2); // Compute sigma_0. | |||
| shake256_absorb(shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES); | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_absorb(&shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| memcpy(h0, shakeblock, HASH_BYTES); | |||
| @@ -180,7 +180,7 @@ int PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature( | |||
| alpha_count++; | |||
| if (alpha_count == SHAKE256_RATE) { | |||
| alpha_count = 0; | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| } | |||
| } while (alpha == 31); | |||
| for (j = 0; j < N; j++) { | |||
| @@ -246,24 +246,24 @@ int PQCLEAN_MQDSS64_CLEAN_crypto_sign_verify( | |||
| gf31 z[M]; | |||
| unsigned char packbuf0[NPACKED_BYTES]; | |||
| unsigned char packbuf1[MPACKED_BYTES]; | |||
| uint64_t shakestate[25] = {0}; | |||
| shake256ctx shakestate; | |||
| unsigned char shakeblock[SHAKE256_RATE]; | |||
| int i, j; | |||
| gf31 alpha; | |||
| int alpha_count = 0; | |||
| int b; | |||
| uint64_t s_inc[26]; | |||
| shake256incctx state; | |||
| if (siglen != SIG_LEN) { | |||
| return -1; | |||
| } | |||
| shake256_inc_init(s_inc); | |||
| shake256_inc_absorb(s_inc, pk, PK_BYTES); | |||
| shake256_inc_absorb(s_inc, sig, HASH_BYTES); | |||
| shake256_inc_absorb(s_inc, m, mlen); | |||
| shake256_inc_finalize(s_inc); | |||
| shake256_inc_squeeze(D, HASH_BYTES, s_inc); | |||
| shake256_inc_init(&state); | |||
| shake256_inc_absorb(&state, pk, PK_BYTES); | |||
| shake256_inc_absorb(&state, sig, HASH_BYTES); | |||
| shake256_inc_absorb(&state, m, mlen); | |||
| shake256_inc_finalize(&state); | |||
| shake256_inc_squeeze(D, HASH_BYTES, &state); | |||
| sig += HASH_BYTES; | |||
| @@ -273,8 +273,8 @@ int PQCLEAN_MQDSS64_CLEAN_crypto_sign_verify( | |||
| memcpy(sigma0, sig, HASH_BYTES); | |||
| shake256_absorb(shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES); | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_absorb(&shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| memcpy(h0, shakeblock, HASH_BYTES); | |||
| @@ -293,7 +293,7 @@ int PQCLEAN_MQDSS64_CLEAN_crypto_sign_verify( | |||
| alpha_count++; | |||
| if (alpha_count == SHAKE256_RATE) { | |||
| alpha_count = 0; | |||
| shake256_squeezeblocks(shakeblock, 1, shakestate); | |||
| shake256_squeezeblocks(shakeblock, 1, &shakestate); | |||
| } | |||
| } while (alpha == 31); | |||
| b = (h1[(i >> 3)] >> (i & 7)) & 1; | |||