mirror of
https://github.com/henrydcase/pqc.git
synced 2024-11-22 23:48:58 +00:00
fix clang-tidy warnings, replace variable-time schoolbook multiplications
This commit is contained in:
parent
b084f55ff6
commit
1fc2f51f82
@ -10,9 +10,9 @@
|
|||||||
int PQCLEAN_LEDAKEMLT12_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
|
int PQCLEAN_LEDAKEMLT12_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
|
||||||
|
|
||||||
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
|
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
|
||||||
int gamma[N0][N0][P] = {{{0}}};
|
unsigned int gamma[N0][N0][P] = {{{0}}};
|
||||||
int maxMut[N0], maxMutMinusOne[N0];
|
unsigned int maxMut[N0], maxMutMinusOne[N0];
|
||||||
int allBlockMaxSumst, allBlockMaxSumstMinusOne;
|
unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
|
||||||
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
|
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
|
||||||
|
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
|
@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
|
|||||||
unsigned int j;
|
unsigned int j;
|
||||||
DIGIT mask;
|
DIGIT mask;
|
||||||
mask = ((DIGIT)0x01 << amount) - 1;
|
mask = ((DIGIT)0x01 << amount) - 1;
|
||||||
for (j = length - 1; j > 0 ; j--) {
|
for (j = length - 1; j > 0; j--) {
|
||||||
in[j] >>= amount;
|
in[j] >>= amount;
|
||||||
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
|
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
|
||||||
}
|
}
|
||||||
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
|
|||||||
int j;
|
int j;
|
||||||
DIGIT mask;
|
DIGIT mask;
|
||||||
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
|
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
|
||||||
for (j = 0 ; j < length - 1 ; j++) {
|
for (j = 0 ; j < length - 1; j++) {
|
||||||
in[j] <<= amount;
|
in[j] <<= amount;
|
||||||
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
|
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
|
||||||
}
|
}
|
||||||
in[j] <<= amount;
|
in[j] <<= amount;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void gf2x_mul_comb(int nr, DIGIT Res[],
|
|
||||||
int na, const DIGIT A[],
|
|
||||||
int nb, const DIGIT B[]) {
|
|
||||||
|
|
||||||
int i, j, k;
|
static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
|
||||||
DIGIT u, h;
|
DIGIT tmp;
|
||||||
|
|
||||||
memset(Res, 0x00, nr * sizeof(DIGIT));
|
R[0] = 0;
|
||||||
|
R[1] = (A & 1) * B;
|
||||||
|
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
|
||||||
|
tmp = ((A >> i) & 1) * B;
|
||||||
|
R[1] ^= tmp << i;
|
||||||
|
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for (k = DIGIT_SIZE_b - 1; k > 0; k--) {
|
static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
|
||||||
for (i = na - 1; i >= 0; i--) {
|
DIGIT tmp[2];
|
||||||
if ( A[i] & (((DIGIT)0x1) << k) ) {
|
|
||||||
for (j = nb - 1; j >= 0; j--) {
|
|
||||||
Res[i + j + 1] ^= B[j];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
u = Res[na + nb - 1];
|
memset(R, 0x00, 2 * n * sizeof(DIGIT));
|
||||||
Res[na + nb - 1] = u << 0x1;
|
for (size_t i = 0; i < n; i++) {
|
||||||
for (j = 1; j < na + nb; ++j) {
|
for (size_t j = 0; j < n; j++) {
|
||||||
h = u >> (DIGIT_SIZE_b - 1);
|
gf2x_mul1(tmp, A[i], B[j]);
|
||||||
u = Res[na + nb - 1 - j];
|
R[i + j] ^= tmp[0];
|
||||||
Res[na + nb - 1 - j] = h ^ (u << 0x1);
|
R[i + j + 1] ^= tmp[1];
|
||||||
}
|
|
||||||
}
|
|
||||||
for (i = na - 1; i >= 0; i--) {
|
|
||||||
if ( A[i] & ((DIGIT)0x1) ) {
|
|
||||||
for (j = nb - 1; j >= 0; j--) {
|
|
||||||
Res[i + j + 1] ^= B[j];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
|
|||||||
* first operand must be the bigger one.
|
* first operand must be the bigger one.
|
||||||
* aligns last array elements */
|
* aligns last array elements */
|
||||||
static inline void gf2x_add_asymm(DIGIT *R,
|
static inline void gf2x_add_asymm(DIGIT *R,
|
||||||
int na, const DIGIT *A,
|
size_t na, const DIGIT *A,
|
||||||
int nb, const DIGIT *B) {
|
size_t nb, const DIGIT *B) {
|
||||||
size_t delta = na - nb;
|
size_t delta = na - nb;
|
||||||
gf2x_cpy(R, A, delta);
|
gf2x_cpy(R, A, delta);
|
||||||
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
|
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
|
||||||
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
|
|||||||
|
|
||||||
/* aligns first array elements */
|
/* aligns first array elements */
|
||||||
static inline void gf2x_add_asymm2(DIGIT *R,
|
static inline void gf2x_add_asymm2(DIGIT *R,
|
||||||
int na, const DIGIT *A,
|
size_t na, const DIGIT *A,
|
||||||
int nb, const DIGIT *B) {
|
size_t nb, const DIGIT *B) {
|
||||||
size_t delta = na - nb;
|
size_t delta = na - nb;
|
||||||
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R, A, B, nb);
|
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R, A, B, nb);
|
||||||
gf2x_cpy(R + nb, A + nb, delta);
|
gf2x_cpy(R + nb, A + nb, delta);
|
||||||
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
|
|||||||
DIGIT *stack) {
|
DIGIT *stack) {
|
||||||
|
|
||||||
if (n < MIN_KAR_DIGITS) {
|
if (n < MIN_KAR_DIGITS) {
|
||||||
gf2x_mul_comb(2 * n, R, n, A, n, B);
|
gf2x_mul_n(R, A, B, n);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -294,15 +294,17 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[],
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
|
||||||
int sizeA, const POSITION_T A[],
|
size_t sizeA, const POSITION_T A[],
|
||||||
int sizeB, const POSITION_T B[]) {
|
size_t sizeB, const POSITION_T B[]) {
|
||||||
|
|
||||||
|
POSITION_T prod;
|
||||||
|
|
||||||
/* compute all the coefficients, filling invalid positions with P*/
|
/* compute all the coefficients, filling invalid positions with P*/
|
||||||
int lastFilledPos = 0;
|
size_t lastFilledPos = 0;
|
||||||
for (int i = 0 ; i < sizeA ; i++) {
|
for (size_t i = 0 ; i < sizeA ; i++) {
|
||||||
for (int j = 0 ; j < sizeB ; j++) {
|
for (size_t j = 0 ; j < sizeB ; j++) {
|
||||||
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]);
|
prod = A[i] + B[j];
|
||||||
prod = ( (prod >= P) ? prod - P : prod);
|
prod = ( (prod >= P) ? prod - P : prod);
|
||||||
if ((A[i] != INVALID_POS_VALUE) &&
|
if ((A[i] != INVALID_POS_VALUE) &&
|
||||||
(B[j] != INVALID_POS_VALUE)) {
|
(B[j] != INVALID_POS_VALUE)) {
|
||||||
@ -320,9 +322,9 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
|
|||||||
PQCLEAN_LEDAKEMLT12_LEAKTIME_uint32_sort(Res, sizeR);
|
PQCLEAN_LEDAKEMLT12_LEAKTIME_uint32_sort(Res, sizeR);
|
||||||
/* eliminate duplicates */
|
/* eliminate duplicates */
|
||||||
POSITION_T lastReadPos = Res[0];
|
POSITION_T lastReadPos = Res[0];
|
||||||
int duplicateCount;
|
size_t duplicateCount;
|
||||||
int write_idx = 0;
|
size_t write_idx = 0;
|
||||||
int read_idx = 0;
|
size_t read_idx = 0;
|
||||||
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
|
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
|
||||||
lastReadPos = Res[read_idx];
|
lastReadPos = Res[read_idx];
|
||||||
read_idx++;
|
read_idx++;
|
||||||
@ -446,16 +448,15 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
|
|||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
||||||
AES_XOF_struct *seed_expander_ctx) {
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
|
|
||||||
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
size_t polyIndex, duplicated, counter = 0;
|
||||||
int p, polyIndex, exponent;
|
POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
||||||
seed_expander_ctx);
|
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
if (rndPos[j] == p) {
|
if (rndPos[j] == p) {
|
||||||
duplicated = 1;
|
duplicated = 1;
|
||||||
}
|
}
|
||||||
@ -465,7 +466,7 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
|
|||||||
counter++;
|
counter++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (int j = 0; j < counter; j++) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
polyIndex = rndPos[j] / P;
|
polyIndex = rndPos[j] / P;
|
||||||
exponent = rndPos[j] % P;
|
exponent = rndPos[j] % P;
|
||||||
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
@ -478,14 +479,17 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
|
|||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
|
||||||
AES_XOF_struct *seed_expander_ctx) {
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
|
|
||||||
int duplicated, counter = 0;
|
int duplicated;
|
||||||
|
size_t counter = 0;
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) if (errorPos[j] == p) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
|
if (errorPos[j] == p) {
|
||||||
duplicated = 1;
|
duplicated = 1;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if (duplicated == 0) {
|
if (duplicated == 0) {
|
||||||
errorPos[counter] = p;
|
errorPos[counter] = p;
|
||||||
counter++;
|
counter++;
|
||||||
@ -494,13 +498,15 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
|
|||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
||||||
POSITION_T errorPos[NUM_ERRORS_T]) {
|
const POSITION_T errorPos[NUM_ERRORS_T]) {
|
||||||
|
|
||||||
|
size_t polyIndex;
|
||||||
|
POSITION_T exponent;
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
for (int j = 0; j < NUM_ERRORS_T; j++) {
|
for (int j = 0; j < NUM_ERRORS_T; j++) {
|
||||||
int polyIndex = errorPos[j] / P;
|
polyIndex = errorPos[j] / P;
|
||||||
int exponent = errorPos[j] % P;
|
exponent = errorPos[j] % P;
|
||||||
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
( (DIGIT) 1));
|
( (DIGIT) 1));
|
||||||
}
|
}
|
||||||
|
@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
|
|||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
|
||||||
int PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
|
int PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
|
||||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);
|
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);
|
||||||
|
@ -10,9 +10,9 @@
|
|||||||
int PQCLEAN_LEDAKEMLT32_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
|
int PQCLEAN_LEDAKEMLT32_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
|
||||||
|
|
||||||
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
|
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
|
||||||
int gamma[N0][N0][P] = {{{0}}};
|
unsigned int gamma[N0][N0][P] = {{{0}}};
|
||||||
int maxMut[N0], maxMutMinusOne[N0];
|
unsigned int maxMut[N0], maxMutMinusOne[N0];
|
||||||
int allBlockMaxSumst, allBlockMaxSumstMinusOne;
|
unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
|
||||||
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
|
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
|
||||||
|
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
|
@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
|
|||||||
unsigned int j;
|
unsigned int j;
|
||||||
DIGIT mask;
|
DIGIT mask;
|
||||||
mask = ((DIGIT)0x01 << amount) - 1;
|
mask = ((DIGIT)0x01 << amount) - 1;
|
||||||
for (j = length - 1; j > 0 ; j--) {
|
for (j = length - 1; j > 0; j--) {
|
||||||
in[j] >>= amount;
|
in[j] >>= amount;
|
||||||
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
|
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
|
||||||
}
|
}
|
||||||
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
|
|||||||
int j;
|
int j;
|
||||||
DIGIT mask;
|
DIGIT mask;
|
||||||
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
|
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
|
||||||
for (j = 0 ; j < length - 1 ; j++) {
|
for (j = 0 ; j < length - 1; j++) {
|
||||||
in[j] <<= amount;
|
in[j] <<= amount;
|
||||||
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
|
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
|
||||||
}
|
}
|
||||||
in[j] <<= amount;
|
in[j] <<= amount;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void gf2x_mul_comb(int nr, DIGIT Res[],
|
|
||||||
int na, const DIGIT A[],
|
|
||||||
int nb, const DIGIT B[]) {
|
|
||||||
|
|
||||||
int i, j, k;
|
static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
|
||||||
DIGIT u, h;
|
DIGIT tmp;
|
||||||
|
|
||||||
memset(Res, 0x00, nr * sizeof(DIGIT));
|
R[0] = 0;
|
||||||
|
R[1] = (A & 1) * B;
|
||||||
|
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
|
||||||
|
tmp = ((A >> i) & 1) * B;
|
||||||
|
R[1] ^= tmp << i;
|
||||||
|
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for (k = DIGIT_SIZE_b - 1; k > 0; k--) {
|
static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
|
||||||
for (i = na - 1; i >= 0; i--) {
|
DIGIT tmp[2];
|
||||||
if ( A[i] & (((DIGIT)0x1) << k) ) {
|
|
||||||
for (j = nb - 1; j >= 0; j--) {
|
|
||||||
Res[i + j + 1] ^= B[j];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
u = Res[na + nb - 1];
|
memset(R, 0x00, 2 * n * sizeof(DIGIT));
|
||||||
Res[na + nb - 1] = u << 0x1;
|
for (size_t i = 0; i < n; i++) {
|
||||||
for (j = 1; j < na + nb; ++j) {
|
for (size_t j = 0; j < n; j++) {
|
||||||
h = u >> (DIGIT_SIZE_b - 1);
|
gf2x_mul1(tmp, A[i], B[j]);
|
||||||
u = Res[na + nb - 1 - j];
|
R[i + j] ^= tmp[0];
|
||||||
Res[na + nb - 1 - j] = h ^ (u << 0x1);
|
R[i + j + 1] ^= tmp[1];
|
||||||
}
|
|
||||||
}
|
|
||||||
for (i = na - 1; i >= 0; i--) {
|
|
||||||
if ( A[i] & ((DIGIT)0x1) ) {
|
|
||||||
for (j = nb - 1; j >= 0; j--) {
|
|
||||||
Res[i + j + 1] ^= B[j];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
|
|||||||
* first operand must be the bigger one.
|
* first operand must be the bigger one.
|
||||||
* aligns last array elements */
|
* aligns last array elements */
|
||||||
static inline void gf2x_add_asymm(DIGIT *R,
|
static inline void gf2x_add_asymm(DIGIT *R,
|
||||||
int na, const DIGIT *A,
|
size_t na, const DIGIT *A,
|
||||||
int nb, const DIGIT *B) {
|
size_t nb, const DIGIT *B) {
|
||||||
size_t delta = na - nb;
|
size_t delta = na - nb;
|
||||||
gf2x_cpy(R, A, delta);
|
gf2x_cpy(R, A, delta);
|
||||||
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
|
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
|
||||||
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
|
|||||||
|
|
||||||
/* aligns first array elements */
|
/* aligns first array elements */
|
||||||
static inline void gf2x_add_asymm2(DIGIT *R,
|
static inline void gf2x_add_asymm2(DIGIT *R,
|
||||||
int na, const DIGIT *A,
|
size_t na, const DIGIT *A,
|
||||||
int nb, const DIGIT *B) {
|
size_t nb, const DIGIT *B) {
|
||||||
size_t delta = na - nb;
|
size_t delta = na - nb;
|
||||||
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R, A, B, nb);
|
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R, A, B, nb);
|
||||||
gf2x_cpy(R + nb, A + nb, delta);
|
gf2x_cpy(R + nb, A + nb, delta);
|
||||||
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
|
|||||||
DIGIT *stack) {
|
DIGIT *stack) {
|
||||||
|
|
||||||
if (n < MIN_KAR_DIGITS) {
|
if (n < MIN_KAR_DIGITS) {
|
||||||
gf2x_mul_comb(2 * n, R, n, A, n, B);
|
gf2x_mul_n(R, A, B, n);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -84,6 +84,7 @@ static void right_bit_shift(unsigned int length, DIGIT in[]) {
|
|||||||
in[j] >>= 1;
|
in[j] >>= 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* shifts by whole digits */
|
/* shifts by whole digits */
|
||||||
static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) {
|
static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) {
|
||||||
unsigned int j;
|
unsigned int j;
|
||||||
@ -291,15 +292,17 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[],
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
|
||||||
int sizeA, const POSITION_T A[],
|
size_t sizeA, const POSITION_T A[],
|
||||||
int sizeB, const POSITION_T B[]) {
|
size_t sizeB, const POSITION_T B[]) {
|
||||||
|
|
||||||
|
POSITION_T prod;
|
||||||
|
|
||||||
/* compute all the coefficients, filling invalid positions with P*/
|
/* compute all the coefficients, filling invalid positions with P*/
|
||||||
int lastFilledPos = 0;
|
size_t lastFilledPos = 0;
|
||||||
for (int i = 0 ; i < sizeA ; i++) {
|
for (size_t i = 0 ; i < sizeA ; i++) {
|
||||||
for (int j = 0 ; j < sizeB ; j++) {
|
for (size_t j = 0 ; j < sizeB ; j++) {
|
||||||
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]);
|
prod = A[i] + B[j];
|
||||||
prod = ( (prod >= P) ? prod - P : prod);
|
prod = ( (prod >= P) ? prod - P : prod);
|
||||||
if ((A[i] != INVALID_POS_VALUE) &&
|
if ((A[i] != INVALID_POS_VALUE) &&
|
||||||
(B[j] != INVALID_POS_VALUE)) {
|
(B[j] != INVALID_POS_VALUE)) {
|
||||||
@ -317,9 +320,9 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
|
|||||||
PQCLEAN_LEDAKEMLT32_LEAKTIME_uint32_sort(Res, sizeR);
|
PQCLEAN_LEDAKEMLT32_LEAKTIME_uint32_sort(Res, sizeR);
|
||||||
/* eliminate duplicates */
|
/* eliminate duplicates */
|
||||||
POSITION_T lastReadPos = Res[0];
|
POSITION_T lastReadPos = Res[0];
|
||||||
int duplicateCount;
|
size_t duplicateCount;
|
||||||
int write_idx = 0;
|
size_t write_idx = 0;
|
||||||
int read_idx = 0;
|
size_t read_idx = 0;
|
||||||
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
|
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
|
||||||
lastReadPos = Res[read_idx];
|
lastReadPos = Res[read_idx];
|
||||||
read_idx++;
|
read_idx++;
|
||||||
@ -443,16 +446,15 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
|
|||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
||||||
AES_XOF_struct *seed_expander_ctx) {
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
|
|
||||||
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
size_t polyIndex, duplicated, counter = 0;
|
||||||
int p, polyIndex, exponent;
|
POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
||||||
seed_expander_ctx);
|
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
if (rndPos[j] == p) {
|
if (rndPos[j] == p) {
|
||||||
duplicated = 1;
|
duplicated = 1;
|
||||||
}
|
}
|
||||||
@ -462,7 +464,7 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
|
|||||||
counter++;
|
counter++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (int j = 0; j < counter; j++) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
polyIndex = rndPos[j] / P;
|
polyIndex = rndPos[j] / P;
|
||||||
exponent = rndPos[j] % P;
|
exponent = rndPos[j] % P;
|
||||||
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
@ -475,14 +477,17 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
|
|||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
|
||||||
AES_XOF_struct *seed_expander_ctx) {
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
|
|
||||||
int duplicated, counter = 0;
|
int duplicated;
|
||||||
|
size_t counter = 0;
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) if (errorPos[j] == p) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
|
if (errorPos[j] == p) {
|
||||||
duplicated = 1;
|
duplicated = 1;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if (duplicated == 0) {
|
if (duplicated == 0) {
|
||||||
errorPos[counter] = p;
|
errorPos[counter] = p;
|
||||||
counter++;
|
counter++;
|
||||||
@ -491,13 +496,15 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
|
|||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
||||||
POSITION_T errorPos[NUM_ERRORS_T]) {
|
const POSITION_T errorPos[NUM_ERRORS_T]) {
|
||||||
|
|
||||||
|
size_t polyIndex;
|
||||||
|
POSITION_T exponent;
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
for (int j = 0; j < NUM_ERRORS_T; j++) {
|
for (int j = 0; j < NUM_ERRORS_T; j++) {
|
||||||
int polyIndex = errorPos[j] / P;
|
polyIndex = errorPos[j] / P;
|
||||||
int exponent = errorPos[j] % P;
|
exponent = errorPos[j] % P;
|
||||||
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
( (DIGIT) 1));
|
( (DIGIT) 1));
|
||||||
}
|
}
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
#include "gf2x_arith.h"
|
#include "gf2x_arith.h"
|
||||||
#include "rng.h"
|
#include "rng.h"
|
||||||
|
|
||||||
#define NUM_BITS_GF2X_ELEMENT (P) // 96221
|
#define NUM_BITS_GF2X_ELEMENT (P)
|
||||||
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
|
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
|
||||||
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1)
|
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1)
|
||||||
#define NUM_BITS_GF2X_MODULUS (P+1)
|
#define NUM_BITS_GF2X_MODULUS (P+1)
|
||||||
@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
|
|||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
|
||||||
int PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
|
int PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
|
||||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);
|
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);
|
||||||
|
@ -10,9 +10,9 @@
|
|||||||
int PQCLEAN_LEDAKEMLT52_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
|
int PQCLEAN_LEDAKEMLT52_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
|
||||||
|
|
||||||
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
|
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
|
||||||
int gamma[N0][N0][P] = {{{0}}};
|
unsigned int gamma[N0][N0][P] = {{{0}}};
|
||||||
int maxMut[N0], maxMutMinusOne[N0];
|
unsigned int maxMut[N0], maxMutMinusOne[N0];
|
||||||
int allBlockMaxSumst, allBlockMaxSumstMinusOne;
|
unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
|
||||||
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
|
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
|
||||||
|
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
|
@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
|
|||||||
unsigned int j;
|
unsigned int j;
|
||||||
DIGIT mask;
|
DIGIT mask;
|
||||||
mask = ((DIGIT)0x01 << amount) - 1;
|
mask = ((DIGIT)0x01 << amount) - 1;
|
||||||
for (j = length - 1; j > 0 ; j--) {
|
for (j = length - 1; j > 0; j--) {
|
||||||
in[j] >>= amount;
|
in[j] >>= amount;
|
||||||
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
|
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
|
||||||
}
|
}
|
||||||
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
|
|||||||
int j;
|
int j;
|
||||||
DIGIT mask;
|
DIGIT mask;
|
||||||
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
|
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
|
||||||
for (j = 0 ; j < length - 1 ; j++) {
|
for (j = 0 ; j < length - 1; j++) {
|
||||||
in[j] <<= amount;
|
in[j] <<= amount;
|
||||||
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
|
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
|
||||||
}
|
}
|
||||||
in[j] <<= amount;
|
in[j] <<= amount;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void gf2x_mul_comb(int nr, DIGIT Res[],
|
|
||||||
int na, const DIGIT A[],
|
|
||||||
int nb, const DIGIT B[]) {
|
|
||||||
|
|
||||||
int i, j, k;
|
static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
|
||||||
DIGIT u, h;
|
DIGIT tmp;
|
||||||
|
|
||||||
memset(Res, 0x00, nr * sizeof(DIGIT));
|
R[0] = 0;
|
||||||
|
R[1] = (A & 1) * B;
|
||||||
|
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
|
||||||
|
tmp = ((A >> i) & 1) * B;
|
||||||
|
R[1] ^= tmp << i;
|
||||||
|
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for (k = DIGIT_SIZE_b - 1; k > 0; k--) {
|
static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
|
||||||
for (i = na - 1; i >= 0; i--) {
|
DIGIT tmp[2];
|
||||||
if ( A[i] & (((DIGIT)0x1) << k) ) {
|
|
||||||
for (j = nb - 1; j >= 0; j--) {
|
|
||||||
Res[i + j + 1] ^= B[j];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
u = Res[na + nb - 1];
|
memset(R, 0x00, 2 * n * sizeof(DIGIT));
|
||||||
Res[na + nb - 1] = u << 0x1;
|
for (size_t i = 0; i < n; i++) {
|
||||||
for (j = 1; j < na + nb; ++j) {
|
for (size_t j = 0; j < n; j++) {
|
||||||
h = u >> (DIGIT_SIZE_b - 1);
|
gf2x_mul1(tmp, A[i], B[j]);
|
||||||
u = Res[na + nb - 1 - j];
|
R[i + j] ^= tmp[0];
|
||||||
Res[na + nb - 1 - j] = h ^ (u << 0x1);
|
R[i + j + 1] ^= tmp[1];
|
||||||
}
|
|
||||||
}
|
|
||||||
for (i = na - 1; i >= 0; i--) {
|
|
||||||
if ( A[i] & ((DIGIT)0x1) ) {
|
|
||||||
for (j = nb - 1; j >= 0; j--) {
|
|
||||||
Res[i + j + 1] ^= B[j];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
|
|||||||
* first operand must be the bigger one.
|
* first operand must be the bigger one.
|
||||||
* aligns last array elements */
|
* aligns last array elements */
|
||||||
static inline void gf2x_add_asymm(DIGIT *R,
|
static inline void gf2x_add_asymm(DIGIT *R,
|
||||||
int na, const DIGIT *A,
|
size_t na, const DIGIT *A,
|
||||||
int nb, const DIGIT *B) {
|
size_t nb, const DIGIT *B) {
|
||||||
size_t delta = na - nb;
|
size_t delta = na - nb;
|
||||||
gf2x_cpy(R, A, delta);
|
gf2x_cpy(R, A, delta);
|
||||||
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
|
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
|
||||||
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
|
|||||||
|
|
||||||
/* aligns first array elements */
|
/* aligns first array elements */
|
||||||
static inline void gf2x_add_asymm2(DIGIT *R,
|
static inline void gf2x_add_asymm2(DIGIT *R,
|
||||||
int na, const DIGIT *A,
|
size_t na, const DIGIT *A,
|
||||||
int nb, const DIGIT *B) {
|
size_t nb, const DIGIT *B) {
|
||||||
size_t delta = na - nb;
|
size_t delta = na - nb;
|
||||||
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R, A, B, nb);
|
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R, A, B, nb);
|
||||||
gf2x_cpy(R + nb, A + nb, delta);
|
gf2x_cpy(R + nb, A + nb, delta);
|
||||||
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
|
|||||||
DIGIT *stack) {
|
DIGIT *stack) {
|
||||||
|
|
||||||
if (n < MIN_KAR_DIGITS) {
|
if (n < MIN_KAR_DIGITS) {
|
||||||
gf2x_mul_comb(2 * n, R, n, A, n, B);
|
gf2x_mul_n(R, A, B, n);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -84,6 +84,7 @@ static void right_bit_shift(unsigned int length, DIGIT in[]) {
|
|||||||
in[j] >>= 1;
|
in[j] >>= 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* shifts by whole digits */
|
/* shifts by whole digits */
|
||||||
static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) {
|
static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) {
|
||||||
unsigned int j;
|
unsigned int j;
|
||||||
@ -291,15 +292,17 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[],
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
|
||||||
int sizeA, const POSITION_T A[],
|
size_t sizeA, const POSITION_T A[],
|
||||||
int sizeB, const POSITION_T B[]) {
|
size_t sizeB, const POSITION_T B[]) {
|
||||||
|
|
||||||
|
POSITION_T prod;
|
||||||
|
|
||||||
/* compute all the coefficients, filling invalid positions with P*/
|
/* compute all the coefficients, filling invalid positions with P*/
|
||||||
int lastFilledPos = 0;
|
size_t lastFilledPos = 0;
|
||||||
for (int i = 0 ; i < sizeA ; i++) {
|
for (size_t i = 0 ; i < sizeA ; i++) {
|
||||||
for (int j = 0 ; j < sizeB ; j++) {
|
for (size_t j = 0 ; j < sizeB ; j++) {
|
||||||
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]);
|
prod = A[i] + B[j];
|
||||||
prod = ( (prod >= P) ? prod - P : prod);
|
prod = ( (prod >= P) ? prod - P : prod);
|
||||||
if ((A[i] != INVALID_POS_VALUE) &&
|
if ((A[i] != INVALID_POS_VALUE) &&
|
||||||
(B[j] != INVALID_POS_VALUE)) {
|
(B[j] != INVALID_POS_VALUE)) {
|
||||||
@ -317,9 +320,9 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
|
|||||||
PQCLEAN_LEDAKEMLT52_LEAKTIME_uint32_sort(Res, sizeR);
|
PQCLEAN_LEDAKEMLT52_LEAKTIME_uint32_sort(Res, sizeR);
|
||||||
/* eliminate duplicates */
|
/* eliminate duplicates */
|
||||||
POSITION_T lastReadPos = Res[0];
|
POSITION_T lastReadPos = Res[0];
|
||||||
int duplicateCount;
|
size_t duplicateCount;
|
||||||
int write_idx = 0;
|
size_t write_idx = 0;
|
||||||
int read_idx = 0;
|
size_t read_idx = 0;
|
||||||
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
|
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
|
||||||
lastReadPos = Res[read_idx];
|
lastReadPos = Res[read_idx];
|
||||||
read_idx++;
|
read_idx++;
|
||||||
@ -443,16 +446,15 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
|
|||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
||||||
AES_XOF_struct *seed_expander_ctx) {
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
|
|
||||||
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
size_t polyIndex, duplicated, counter = 0;
|
||||||
int p, polyIndex, exponent;
|
POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
||||||
seed_expander_ctx);
|
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
if (rndPos[j] == p) {
|
if (rndPos[j] == p) {
|
||||||
duplicated = 1;
|
duplicated = 1;
|
||||||
}
|
}
|
||||||
@ -462,7 +464,7 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
|
|||||||
counter++;
|
counter++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (int j = 0; j < counter; j++) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
polyIndex = rndPos[j] / P;
|
polyIndex = rndPos[j] / P;
|
||||||
exponent = rndPos[j] % P;
|
exponent = rndPos[j] % P;
|
||||||
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
@ -475,14 +477,17 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
|
|||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
|
||||||
AES_XOF_struct *seed_expander_ctx) {
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
|
|
||||||
int duplicated, counter = 0;
|
int duplicated;
|
||||||
|
size_t counter = 0;
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) if (errorPos[j] == p) {
|
for (size_t j = 0; j < counter; j++) {
|
||||||
|
if (errorPos[j] == p) {
|
||||||
duplicated = 1;
|
duplicated = 1;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if (duplicated == 0) {
|
if (duplicated == 0) {
|
||||||
errorPos[counter] = p;
|
errorPos[counter] = p;
|
||||||
counter++;
|
counter++;
|
||||||
@ -491,13 +496,15 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
|
|||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
||||||
POSITION_T errorPos[NUM_ERRORS_T]) {
|
const POSITION_T errorPos[NUM_ERRORS_T]) {
|
||||||
|
|
||||||
|
size_t polyIndex;
|
||||||
|
POSITION_T exponent;
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
for (int j = 0; j < NUM_ERRORS_T; j++) {
|
for (int j = 0; j < NUM_ERRORS_T; j++) {
|
||||||
int polyIndex = errorPos[j] / P;
|
polyIndex = errorPos[j] / P;
|
||||||
int exponent = errorPos[j] % P;
|
exponent = errorPos[j] % P;
|
||||||
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
( (DIGIT) 1));
|
( (DIGIT) 1));
|
||||||
}
|
}
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
#include "gf2x_arith.h"
|
#include "gf2x_arith.h"
|
||||||
#include "rng.h"
|
#include "rng.h"
|
||||||
|
|
||||||
#define NUM_BITS_GF2X_ELEMENT (P) // 152267
|
#define NUM_BITS_GF2X_ELEMENT (P)
|
||||||
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
|
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
|
||||||
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1)
|
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1)
|
||||||
#define NUM_BITS_GF2X_MODULUS (P+1)
|
#define NUM_BITS_GF2X_MODULUS (P+1)
|
||||||
@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
|
|||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
|
||||||
int PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
|
int PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
|
||||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);
|
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);
|
||||||
|
Loading…
Reference in New Issue
Block a user