From 3c733b66918d6a57cd50e0f252ffaa28ed4c6026 Mon Sep 17 00:00:00 2001 From: Leon Date: Mon, 17 Jun 2019 14:03:59 +0200 Subject: [PATCH] resolve todo, remove asserts, add duplicate checks and make sure they pass --- crypto_kem/ledakemlt12/leaktime/bf_decoding.c | 1 - crypto_kem/ledakemlt12/leaktime/gf2x_arith.c | 3 -- .../leaktime/gf2x_arith_mod_xPplusOne.c | 7 ++-- crypto_kem/ledakemlt12/leaktime/rng.h | 2 +- crypto_kem/ledakemlt32/leaktime/bf_decoding.c | 1 - crypto_kem/ledakemlt32/leaktime/gf2x_arith.c | 3 -- .../leaktime/gf2x_arith_mod_xPplusOne.c | 9 ++---- .../ledakemlt32/leaktime/niederreiter.h | 2 +- crypto_kem/ledakemlt52/leaktime/bf_decoding.c | 1 - crypto_kem/ledakemlt52/leaktime/gf2x_arith.c | 3 -- .../leaktime/gf2x_arith_mod_xPplusOne.c | 10 ++---- .../ledakemlt52/leaktime/niederreiter.h | 2 +- .../ledakemlt12_leaktime.yml | 32 +++++++++++++++++++ .../ledakemlt32_leaktime.yml | 32 +++++++++++++++++++ .../ledakemlt52_leaktime.yml | 32 +++++++++++++++++++ 15 files changed, 108 insertions(+), 32 deletions(-) create mode 100644 test/duplicate_consistency/ledakemlt12_leaktime.yml create mode 100644 test/duplicate_consistency/ledakemlt32_leaktime.yml create mode 100644 test/duplicate_consistency/ledakemlt52_leaktime.yml diff --git a/crypto_kem/ledakemlt12/leaktime/bf_decoding.c b/crypto_kem/ledakemlt12/leaktime/bf_decoding.c index 0e1123ac..f095b7e7 100644 --- a/crypto_kem/ledakemlt12/leaktime/bf_decoding.c +++ b/crypto_kem/ledakemlt12/leaktime/bf_decoding.c @@ -1,7 +1,6 @@ #include "bf_decoding.h" #include "gf2x_arith_mod_xPplusOne.h" -#include #include int PQCLEAN_LEDAKEMLT12_LEAKTIME_bf_decoding(DIGIT err[], diff --git a/crypto_kem/ledakemlt12/leaktime/gf2x_arith.c b/crypto_kem/ledakemlt12/leaktime/gf2x_arith.c index 6791ed1e..a7799825 100644 --- a/crypto_kem/ledakemlt12/leaktime/gf2x_arith.c +++ b/crypto_kem/ledakemlt12/leaktime/gf2x_arith.c @@ -1,6 +1,5 @@ #include "gf2x_arith.h" -#include #include // memset(...) void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { @@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { - assert(amount < DIGIT_SIZE_b); if ( amount == 0 ) { return; } @@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { - assert(amount < DIGIT_SIZE_b); if ( amount == 0 ) { return; } diff --git a/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c index aa43cd45..b2de57d4 100644 --- a/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c @@ -1,7 +1,6 @@ #include "gf2x_arith_mod_xPplusOne.h" #include "rng.h" -#include #include // memcpy(...), memset(...) void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { @@ -431,14 +430,14 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R } } -/* the implementation is safe even in case A or B alias with the result */ -/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ +/* the implementation is safe even in case A or B alias with the result + * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse( int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]) { - POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions + POSITION_T tmpRes[DV * M]; int idxA = 0, idxB = 0, idxR = 0; while ( idxA < sizeA && idxB < sizeB && diff --git a/crypto_kem/ledakemlt12/leaktime/rng.h b/crypto_kem/ledakemlt12/leaktime/rng.h index 09a81a57..fc35f19f 100644 --- a/crypto_kem/ledakemlt12/leaktime/rng.h +++ b/crypto_kem/ledakemlt12/leaktime/rng.h @@ -8,7 +8,7 @@ #define RNG_BAD_MAXLEN (-1) #define RNG_BAD_OUTBUF (-2) #define RNG_BAD_REQ_LEN (-3) -#define RNG_MAXLEN (10 * 1024 * 1024) +#define RNG_MAXLEN (10 * 1024 * 1024) typedef struct { unsigned char buffer[16]; diff --git a/crypto_kem/ledakemlt32/leaktime/bf_decoding.c b/crypto_kem/ledakemlt32/leaktime/bf_decoding.c index 764904f1..07957b6c 100644 --- a/crypto_kem/ledakemlt32/leaktime/bf_decoding.c +++ b/crypto_kem/ledakemlt32/leaktime/bf_decoding.c @@ -1,7 +1,6 @@ #include "bf_decoding.h" #include "gf2x_arith_mod_xPplusOne.h" -#include #include int PQCLEAN_LEDAKEMLT32_LEAKTIME_bf_decoding(DIGIT err[], diff --git a/crypto_kem/ledakemlt32/leaktime/gf2x_arith.c b/crypto_kem/ledakemlt32/leaktime/gf2x_arith.c index 2ce4869f..c421b02d 100644 --- a/crypto_kem/ledakemlt32/leaktime/gf2x_arith.c +++ b/crypto_kem/ledakemlt32/leaktime/gf2x_arith.c @@ -1,6 +1,5 @@ #include "gf2x_arith.h" -#include #include // memset(...) void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { @@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { - assert(amount < DIGIT_SIZE_b); if ( amount == 0 ) { return; } @@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { - assert(amount < DIGIT_SIZE_b); if ( amount == 0 ) { return; } diff --git a/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c index 75109644..9576d55d 100644 --- a/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c @@ -1,7 +1,6 @@ #include "gf2x_arith_mod_xPplusOne.h" #include "rng.h" -#include #include // memcpy(...), memset(...) void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { @@ -211,8 +210,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]) { A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; } - // A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // no middle digit - if (slack_bits_amount) { PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); } @@ -431,14 +428,14 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R } } -/* the implementation is safe even in case A or B alias with the result */ -/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ +/* the implementation is safe even in case A or B alias with the result + * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse( int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]) { - POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions + POSITION_T tmpRes[DV * M]; int idxA = 0, idxB = 0, idxR = 0; while ( idxA < sizeA && idxB < sizeB && diff --git a/crypto_kem/ledakemlt32/leaktime/niederreiter.h b/crypto_kem/ledakemlt32/leaktime/niederreiter.h index 41048034..a954718d 100644 --- a/crypto_kem/ledakemlt32/leaktime/niederreiter.h +++ b/crypto_kem/ledakemlt32/leaktime/niederreiter.h @@ -10,7 +10,7 @@ typedef struct { * H and Q during decryption */ unsigned char prng_seed[TRNG_BYTE_LENGTH]; int8_t rejections; - uint8_t threshold; + uint8_t threshold; // for round 2 } privateKeyNiederreiter_t; typedef struct { diff --git a/crypto_kem/ledakemlt52/leaktime/bf_decoding.c b/crypto_kem/ledakemlt52/leaktime/bf_decoding.c index 476bf162..4d35a3fd 100644 --- a/crypto_kem/ledakemlt52/leaktime/bf_decoding.c +++ b/crypto_kem/ledakemlt52/leaktime/bf_decoding.c @@ -1,7 +1,6 @@ #include "bf_decoding.h" #include "gf2x_arith_mod_xPplusOne.h" -#include #include int PQCLEAN_LEDAKEMLT52_LEAKTIME_bf_decoding(DIGIT err[], diff --git a/crypto_kem/ledakemlt52/leaktime/gf2x_arith.c b/crypto_kem/ledakemlt52/leaktime/gf2x_arith.c index b1b9df44..c90b2bc8 100644 --- a/crypto_kem/ledakemlt52/leaktime/gf2x_arith.c +++ b/crypto_kem/ledakemlt52/leaktime/gf2x_arith.c @@ -1,6 +1,5 @@ #include "gf2x_arith.h" -#include #include // memset(...) void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { @@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { - assert(amount < DIGIT_SIZE_b); if ( amount == 0 ) { return; } @@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { - assert(amount < DIGIT_SIZE_b); if ( amount == 0 ) { return; } diff --git a/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c index ef7d0e57..389e23f6 100644 --- a/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c @@ -1,10 +1,8 @@ #include "gf2x_arith_mod_xPplusOne.h" #include "rng.h" -#include #include // memcpy(...), memset(...) - void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { for (int i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0; i--) { dest[i] = in[i]; @@ -212,8 +210,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]) { A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; } - // A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // no middle digit - if (slack_bits_amount) { PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); } @@ -432,14 +428,14 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R } } -/* the implementation is safe even in case A or B alias with the result */ -/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ +/* the implementation is safe even in case A or B alias with the result + * PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse( int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]) { - POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions + POSITION_T tmpRes[DV * M]; int idxA = 0, idxB = 0, idxR = 0; while ( idxA < sizeA && idxB < sizeB && diff --git a/crypto_kem/ledakemlt52/leaktime/niederreiter.h b/crypto_kem/ledakemlt52/leaktime/niederreiter.h index 68a9a547..a74e3169 100644 --- a/crypto_kem/ledakemlt52/leaktime/niederreiter.h +++ b/crypto_kem/ledakemlt52/leaktime/niederreiter.h @@ -10,7 +10,7 @@ typedef struct { * H and Q during decryption */ unsigned char prng_seed[TRNG_BYTE_LENGTH]; int8_t rejections; - uint8_t threshold; + uint8_t threshold; // for round 2 } privateKeyNiederreiter_t; typedef struct { diff --git a/test/duplicate_consistency/ledakemlt12_leaktime.yml b/test/duplicate_consistency/ledakemlt12_leaktime.yml new file mode 100644 index 00000000..e85f05ab --- /dev/null +++ b/test/duplicate_consistency/ledakemlt12_leaktime.yml @@ -0,0 +1,32 @@ +consistency_checks: +- source: + scheme: ledakemlt32 + implementation: leaktime + files: + - bf_decoding.c + - dfr_test.c + - dfr_test.h + - gf2x_arith.c + - gf2x_arith.h + - H_Q_matrices_generation.c + - H_Q_matrices_generation.h + - kem.c + - niederreiter.c + - niederreiter.h + - rng.c + - rng.h +- source: + scheme: ledakemlt52 + implementation: leaktime + files: + - bf_decoding.c + - dfr_test.c + - dfr_test.h + - gf2x_arith.c + - gf2x_arith.h + - H_Q_matrices_generation.c + - H_Q_matrices_generation.h + - kem.c + - niederreiter.c + - niederreiter.h + - rng.h diff --git a/test/duplicate_consistency/ledakemlt32_leaktime.yml b/test/duplicate_consistency/ledakemlt32_leaktime.yml new file mode 100644 index 00000000..ec6d6e50 --- /dev/null +++ b/test/duplicate_consistency/ledakemlt32_leaktime.yml @@ -0,0 +1,32 @@ +consistency_checks: +- source: + scheme: ledakemlt12 + implementation: leaktime + files: + - bf_decoding.c + - dfr_test.c + - dfr_test.h + - gf2x_arith.c + - gf2x_arith.h + - H_Q_matrices_generation.c + - H_Q_matrices_generation.h + - kem.c + - niederreiter.c + - niederreiter.h + - rng.c + - rng.h +- source: + scheme: ledakemlt52 + implementation: leaktime + files: + - bf_decoding.c + - dfr_test.c + - dfr_test.h + - gf2x_arith.c + - gf2x_arith.h + - H_Q_matrices_generation.c + - H_Q_matrices_generation.h + - kem.c + - niederreiter.c + - niederreiter.h + - rng.h diff --git a/test/duplicate_consistency/ledakemlt52_leaktime.yml b/test/duplicate_consistency/ledakemlt52_leaktime.yml new file mode 100644 index 00000000..b7602e85 --- /dev/null +++ b/test/duplicate_consistency/ledakemlt52_leaktime.yml @@ -0,0 +1,32 @@ +consistency_checks: +- source: + scheme: ledakemlt12 + implementation: leaktime + files: + - bf_decoding.c + - dfr_test.c + - dfr_test.h + - gf2x_arith.c + - gf2x_arith.h + - H_Q_matrices_generation.c + - H_Q_matrices_generation.h + - kem.c + - niederreiter.c + - niederreiter.h + - rng.h +- source: + scheme: ledakemlt32 + implementation: leaktime + files: + - bf_decoding.c + - dfr_test.c + - dfr_test.h + - gf2x_arith.c + - gf2x_arith.h + - gf2x_arith_mod_xPplusOne.c + - H_Q_matrices_generation.c + - H_Q_matrices_generation.h + - kem.c + - niederreiter.c + - niederreiter.h + - rng.h