1
1
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-22 15:39:07 +00:00

fix clang-tidy warnings, replace variable-time schoolbook multiplications

This commit is contained in:
Leon Botros 2019-08-22 12:59:04 +02:00
parent b084f55ff6
commit 1fc2f51f82
12 changed files with 184 additions and 191 deletions

View File

@ -10,9 +10,9 @@
int PQCLEAN_LEDAKEMLT12_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
int gamma[N0][N0][P] = {{{0}}};
int maxMut[N0], maxMutMinusOne[N0];
int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gamma[N0][N0][P] = {{{0}}};
unsigned int maxMut[N0], maxMutMinusOne[N0];
unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
for (int i = 0; i < N0; i++) {

View File

@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
unsigned int j;
DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0 ; j--) {
for (j = length - 1; j > 0; j--) {
in[j] >>= amount;
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
}
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
int j;
DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1 ; j++) {
for (j = 0 ; j < length - 1; j++) {
in[j] <<= amount;
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
}
in[j] <<= amount;
}
static void gf2x_mul_comb(int nr, DIGIT Res[],
int na, const DIGIT A[],
int nb, const DIGIT B[]) {
int i, j, k;
DIGIT u, h;
static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
DIGIT tmp;
memset(Res, 0x00, nr * sizeof(DIGIT));
for (k = DIGIT_SIZE_b - 1; k > 0; k--) {
for (i = na - 1; i >= 0; i--) {
if ( A[i] & (((DIGIT)0x1) << k) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
}
u = Res[na + nb - 1];
Res[na + nb - 1] = u << 0x1;
for (j = 1; j < na + nb; ++j) {
h = u >> (DIGIT_SIZE_b - 1);
u = Res[na + nb - 1 - j];
Res[na + nb - 1 - j] = h ^ (u << 0x1);
}
R[0] = 0;
R[1] = (A & 1) * B;
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
tmp = ((A >> i) & 1) * B;
R[1] ^= tmp << i;
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
}
for (i = na - 1; i >= 0; i--) {
if ( A[i] & ((DIGIT)0x1) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
DIGIT tmp[2];
memset(R, 0x00, 2 * n * sizeof(DIGIT));
for (size_t i = 0; i < n; i++) {
for (size_t j = 0; j < n; j++) {
gf2x_mul1(tmp, A[i], B[j]);
R[i + j] ^= tmp[0];
R[i + j + 1] ^= tmp[1];
}
}
}
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
* first operand must be the bigger one.
* aligns last array elements */
static inline void gf2x_add_asymm(DIGIT *R,
int na, const DIGIT *A,
int nb, const DIGIT *B) {
size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) {
size_t delta = na - nb;
gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
/* aligns first array elements */
static inline void gf2x_add_asymm2(DIGIT *R,
int na, const DIGIT *A,
int nb, const DIGIT *B) {
size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) {
size_t delta = na - nb;
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta);
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
DIGIT *stack) {
if (n < MIN_KAR_DIGITS) {
gf2x_mul_comb(2 * n, R, n, A, n, B);
gf2x_mul_n(R, A, B, n);
return;
}

View File

@ -294,15 +294,17 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
}
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) {
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
size_t sizeA, const POSITION_T A[],
size_t sizeB, const POSITION_T B[]) {
POSITION_T prod;
/* compute all the coefficients, filling invalid positions with P*/
int lastFilledPos = 0;
for (int i = 0 ; i < sizeA ; i++) {
for (int j = 0 ; j < sizeB ; j++) {
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]);
size_t lastFilledPos = 0;
for (size_t i = 0 ; i < sizeA ; i++) {
for (size_t j = 0 ; j < sizeB ; j++) {
prod = A[i] + B[j];
prod = ( (prod >= P) ? prod - P : prod);
if ((A[i] != INVALID_POS_VALUE) &&
(B[j] != INVALID_POS_VALUE)) {
@ -320,9 +322,9 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
PQCLEAN_LEDAKEMLT12_LEAKTIME_uint32_sort(Res, sizeR);
/* eliminate duplicates */
POSITION_T lastReadPos = Res[0];
int duplicateCount;
int write_idx = 0;
int read_idx = 0;
size_t duplicateCount;
size_t write_idx = 0;
size_t read_idx = 0;
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
lastReadPos = Res[read_idx];
read_idx++;
@ -446,16 +448,15 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
size_t polyIndex, duplicated, counter = 0;
POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) {
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) {
for (size_t j = 0; j < counter; j++) {
if (rndPos[j] == p) {
duplicated = 1;
}
@ -465,7 +466,7 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
counter++;
}
}
for (int j = 0; j < counter; j++) {
for (size_t j = 0; j < counter; j++) {
polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P;
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
@ -478,14 +479,17 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
AES_XOF_struct *seed_expander_ctx) {
int duplicated, counter = 0;
int duplicated;
size_t counter = 0;
while (counter < NUM_ERRORS_T) {
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) if (errorPos[j] == p) {
for (size_t j = 0; j < counter; j++) {
if (errorPos[j] == p) {
duplicated = 1;
}
}
if (duplicated == 0) {
errorPos[counter] = p;
counter++;
@ -494,13 +498,15 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
}
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
POSITION_T errorPos[NUM_ERRORS_T]) {
const POSITION_T errorPos[NUM_ERRORS_T]) {
size_t polyIndex;
POSITION_T exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (int j = 0; j < NUM_ERRORS_T; j++) {
int polyIndex = errorPos[j] / P;
int exponent = errorPos[j] % P;
polyIndex = errorPos[j] / P;
exponent = errorPos[j] % P;
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1));
}

View File

@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
int PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);

View File

@ -10,9 +10,9 @@
int PQCLEAN_LEDAKEMLT32_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
int gamma[N0][N0][P] = {{{0}}};
int maxMut[N0], maxMutMinusOne[N0];
int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gamma[N0][N0][P] = {{{0}}};
unsigned int maxMut[N0], maxMutMinusOne[N0];
unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
for (int i = 0; i < N0; i++) {

View File

@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
unsigned int j;
DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0 ; j--) {
for (j = length - 1; j > 0; j--) {
in[j] >>= amount;
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
}
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
int j;
DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1 ; j++) {
for (j = 0 ; j < length - 1; j++) {
in[j] <<= amount;
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
}
in[j] <<= amount;
}
static void gf2x_mul_comb(int nr, DIGIT Res[],
int na, const DIGIT A[],
int nb, const DIGIT B[]) {
int i, j, k;
DIGIT u, h;
static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
DIGIT tmp;
memset(Res, 0x00, nr * sizeof(DIGIT));
for (k = DIGIT_SIZE_b - 1; k > 0; k--) {
for (i = na - 1; i >= 0; i--) {
if ( A[i] & (((DIGIT)0x1) << k) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
}
u = Res[na + nb - 1];
Res[na + nb - 1] = u << 0x1;
for (j = 1; j < na + nb; ++j) {
h = u >> (DIGIT_SIZE_b - 1);
u = Res[na + nb - 1 - j];
Res[na + nb - 1 - j] = h ^ (u << 0x1);
}
R[0] = 0;
R[1] = (A & 1) * B;
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
tmp = ((A >> i) & 1) * B;
R[1] ^= tmp << i;
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
}
for (i = na - 1; i >= 0; i--) {
if ( A[i] & ((DIGIT)0x1) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
DIGIT tmp[2];
memset(R, 0x00, 2 * n * sizeof(DIGIT));
for (size_t i = 0; i < n; i++) {
for (size_t j = 0; j < n; j++) {
gf2x_mul1(tmp, A[i], B[j]);
R[i + j] ^= tmp[0];
R[i + j + 1] ^= tmp[1];
}
}
}
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
* first operand must be the bigger one.
* aligns last array elements */
static inline void gf2x_add_asymm(DIGIT *R,
int na, const DIGIT *A,
int nb, const DIGIT *B) {
size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) {
size_t delta = na - nb;
gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
/* aligns first array elements */
static inline void gf2x_add_asymm2(DIGIT *R,
int na, const DIGIT *A,
int nb, const DIGIT *B) {
size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) {
size_t delta = na - nb;
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta);
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
DIGIT *stack) {
if (n < MIN_KAR_DIGITS) {
gf2x_mul_comb(2 * n, R, n, A, n, B);
gf2x_mul_n(R, A, B, n);
return;
}

View File

@ -84,6 +84,7 @@ static void right_bit_shift(unsigned int length, DIGIT in[]) {
in[j] >>= 1;
}
/* shifts by whole digits */
static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) {
unsigned int j;
@ -291,15 +292,17 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
}
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) {
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
size_t sizeA, const POSITION_T A[],
size_t sizeB, const POSITION_T B[]) {
POSITION_T prod;
/* compute all the coefficients, filling invalid positions with P*/
int lastFilledPos = 0;
for (int i = 0 ; i < sizeA ; i++) {
for (int j = 0 ; j < sizeB ; j++) {
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]);
size_t lastFilledPos = 0;
for (size_t i = 0 ; i < sizeA ; i++) {
for (size_t j = 0 ; j < sizeB ; j++) {
prod = A[i] + B[j];
prod = ( (prod >= P) ? prod - P : prod);
if ((A[i] != INVALID_POS_VALUE) &&
(B[j] != INVALID_POS_VALUE)) {
@ -317,9 +320,9 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
PQCLEAN_LEDAKEMLT32_LEAKTIME_uint32_sort(Res, sizeR);
/* eliminate duplicates */
POSITION_T lastReadPos = Res[0];
int duplicateCount;
int write_idx = 0;
int read_idx = 0;
size_t duplicateCount;
size_t write_idx = 0;
size_t read_idx = 0;
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
lastReadPos = Res[read_idx];
read_idx++;
@ -443,16 +446,15 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
size_t polyIndex, duplicated, counter = 0;
POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) {
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) {
for (size_t j = 0; j < counter; j++) {
if (rndPos[j] == p) {
duplicated = 1;
}
@ -462,7 +464,7 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
counter++;
}
}
for (int j = 0; j < counter; j++) {
for (size_t j = 0; j < counter; j++) {
polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P;
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
@ -475,14 +477,17 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
AES_XOF_struct *seed_expander_ctx) {
int duplicated, counter = 0;
int duplicated;
size_t counter = 0;
while (counter < NUM_ERRORS_T) {
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) if (errorPos[j] == p) {
for (size_t j = 0; j < counter; j++) {
if (errorPos[j] == p) {
duplicated = 1;
}
}
if (duplicated == 0) {
errorPos[counter] = p;
counter++;
@ -491,13 +496,15 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
}
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
POSITION_T errorPos[NUM_ERRORS_T]) {
const POSITION_T errorPos[NUM_ERRORS_T]) {
size_t polyIndex;
POSITION_T exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (int j = 0; j < NUM_ERRORS_T; j++) {
int polyIndex = errorPos[j] / P;
int exponent = errorPos[j] % P;
polyIndex = errorPos[j] / P;
exponent = errorPos[j] % P;
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1));
}

View File

@ -6,7 +6,7 @@
#include "gf2x_arith.h"
#include "rng.h"
#define NUM_BITS_GF2X_ELEMENT (P) // 96221
#define NUM_BITS_GF2X_ELEMENT (P)
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1)
#define NUM_BITS_GF2X_MODULUS (P+1)
@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
int PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);

View File

@ -10,9 +10,9 @@
int PQCLEAN_LEDAKEMLT52_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
int gamma[N0][N0][P] = {{{0}}};
int maxMut[N0], maxMutMinusOne[N0];
int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gamma[N0][N0][P] = {{{0}}};
unsigned int maxMut[N0], maxMutMinusOne[N0];
unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gammaHist[N0][DV * M + 1] = {{0}};
for (int i = 0; i < N0; i++) {

View File

@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
unsigned int j;
DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0 ; j--) {
for (j = length - 1; j > 0; j--) {
in[j] >>= amount;
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
}
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
int j;
DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1 ; j++) {
for (j = 0 ; j < length - 1; j++) {
in[j] <<= amount;
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
}
in[j] <<= amount;
}
static void gf2x_mul_comb(int nr, DIGIT Res[],
int na, const DIGIT A[],
int nb, const DIGIT B[]) {
int i, j, k;
DIGIT u, h;
static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
DIGIT tmp;
memset(Res, 0x00, nr * sizeof(DIGIT));
for (k = DIGIT_SIZE_b - 1; k > 0; k--) {
for (i = na - 1; i >= 0; i--) {
if ( A[i] & (((DIGIT)0x1) << k) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
}
u = Res[na + nb - 1];
Res[na + nb - 1] = u << 0x1;
for (j = 1; j < na + nb; ++j) {
h = u >> (DIGIT_SIZE_b - 1);
u = Res[na + nb - 1 - j];
Res[na + nb - 1 - j] = h ^ (u << 0x1);
}
R[0] = 0;
R[1] = (A & 1) * B;
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
tmp = ((A >> i) & 1) * B;
R[1] ^= tmp << i;
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
}
for (i = na - 1; i >= 0; i--) {
if ( A[i] & ((DIGIT)0x1) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
DIGIT tmp[2];
memset(R, 0x00, 2 * n * sizeof(DIGIT));
for (size_t i = 0; i < n; i++) {
for (size_t j = 0; j < n; j++) {
gf2x_mul1(tmp, A[i], B[j]);
R[i + j] ^= tmp[0];
R[i + j + 1] ^= tmp[1];
}
}
}
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
* first operand must be the bigger one.
* aligns last array elements */
static inline void gf2x_add_asymm(DIGIT *R,
int na, const DIGIT *A,
int nb, const DIGIT *B) {
size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) {
size_t delta = na - nb;
gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
/* aligns first array elements */
static inline void gf2x_add_asymm2(DIGIT *R,
int na, const DIGIT *A,
int nb, const DIGIT *B) {
size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) {
size_t delta = na - nb;
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta);
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
DIGIT *stack) {
if (n < MIN_KAR_DIGITS) {
gf2x_mul_comb(2 * n, R, n, A, n, B);
gf2x_mul_n(R, A, B, n);
return;
}

View File

@ -84,6 +84,7 @@ static void right_bit_shift(unsigned int length, DIGIT in[]) {
in[j] >>= 1;
}
/* shifts by whole digits */
static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) {
unsigned int j;
@ -291,15 +292,17 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
}
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) {
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
size_t sizeA, const POSITION_T A[],
size_t sizeB, const POSITION_T B[]) {
POSITION_T prod;
/* compute all the coefficients, filling invalid positions with P*/
int lastFilledPos = 0;
for (int i = 0 ; i < sizeA ; i++) {
for (int j = 0 ; j < sizeB ; j++) {
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]);
size_t lastFilledPos = 0;
for (size_t i = 0 ; i < sizeA ; i++) {
for (size_t j = 0 ; j < sizeB ; j++) {
prod = A[i] + B[j];
prod = ( (prod >= P) ? prod - P : prod);
if ((A[i] != INVALID_POS_VALUE) &&
(B[j] != INVALID_POS_VALUE)) {
@ -317,9 +320,9 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
PQCLEAN_LEDAKEMLT52_LEAKTIME_uint32_sort(Res, sizeR);
/* eliminate duplicates */
POSITION_T lastReadPos = Res[0];
int duplicateCount;
int write_idx = 0;
int read_idx = 0;
size_t duplicateCount;
size_t write_idx = 0;
size_t read_idx = 0;
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
lastReadPos = Res[read_idx];
read_idx++;
@ -443,16 +446,15 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
size_t polyIndex, duplicated, counter = 0;
POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) {
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) {
for (size_t j = 0; j < counter; j++) {
if (rndPos[j] == p) {
duplicated = 1;
}
@ -462,7 +464,7 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
counter++;
}
}
for (int j = 0; j < counter; j++) {
for (size_t j = 0; j < counter; j++) {
polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P;
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
@ -475,14 +477,17 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
AES_XOF_struct *seed_expander_ctx) {
int duplicated, counter = 0;
int duplicated;
size_t counter = 0;
while (counter < NUM_ERRORS_T) {
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) if (errorPos[j] == p) {
for (size_t j = 0; j < counter; j++) {
if (errorPos[j] == p) {
duplicated = 1;
}
}
if (duplicated == 0) {
errorPos[counter] = p;
counter++;
@ -491,13 +496,15 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
}
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
POSITION_T errorPos[NUM_ERRORS_T]) {
const POSITION_T errorPos[NUM_ERRORS_T]) {
size_t polyIndex;
POSITION_T exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (int j = 0; j < NUM_ERRORS_T; j++) {
int polyIndex = errorPos[j] / P;
int exponent = errorPos[j] % P;
polyIndex = errorPos[j] / P;
exponent = errorPos[j] % P;
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1));
}

View File

@ -6,7 +6,7 @@
#include "gf2x_arith.h"
#include "rng.h"
#define NUM_BITS_GF2X_ELEMENT (P) // 152267
#define NUM_BITS_GF2X_ELEMENT (P)
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1)
#define NUM_BITS_GF2X_MODULUS (P+1)
@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
int PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);