@@ -1,7 +1,6 @@ | |||||
#include "bf_decoding.h" | #include "bf_decoding.h" | ||||
#include "gf2x_arith_mod_xPplusOne.h" | #include "gf2x_arith_mod_xPplusOne.h" | ||||
#include <assert.h> | |||||
#include <string.h> | #include <string.h> | ||||
int PQCLEAN_LEDAKEMLT12_LEAKTIME_bf_decoding(DIGIT err[], | int PQCLEAN_LEDAKEMLT12_LEAKTIME_bf_decoding(DIGIT err[], | ||||
@@ -1,6 +1,5 @@ | |||||
#include "gf2x_arith.h" | #include "gf2x_arith.h" | ||||
#include <assert.h> | |||||
#include <string.h> // memset(...) | #include <string.h> // memset(...) | ||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { | void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { | ||||
@@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D | |||||
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | ||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | ||||
assert(amount < DIGIT_SIZE_b); | |||||
if ( amount == 0 ) { | if ( amount == 0 ) { | ||||
return; | return; | ||||
} | } | ||||
@@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi | |||||
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | ||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | ||||
assert(amount < DIGIT_SIZE_b); | |||||
if ( amount == 0 ) { | if ( amount == 0 ) { | ||||
return; | return; | ||||
} | } | ||||
@@ -1,7 +1,6 @@ | |||||
#include "gf2x_arith_mod_xPplusOne.h" | #include "gf2x_arith_mod_xPplusOne.h" | ||||
#include "rng.h" | #include "rng.h" | ||||
#include <assert.h> | |||||
#include <string.h> // memcpy(...), memset(...) | #include <string.h> // memcpy(...), memset(...) | ||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { | void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { | ||||
@@ -431,14 +430,14 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R | |||||
} | } | ||||
} | } | ||||
/* the implementation is safe even in case A or B alias with the result */ | |||||
/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ | |||||
/* the implementation is safe even in case A or B alias with the result | |||||
* PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */ | |||||
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse( | void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse( | ||||
int sizeR, POSITION_T Res[], | int sizeR, POSITION_T Res[], | ||||
int sizeA, const POSITION_T A[], | int sizeA, const POSITION_T A[], | ||||
int sizeB, const POSITION_T B[]) { | int sizeB, const POSITION_T B[]) { | ||||
POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions | |||||
POSITION_T tmpRes[DV * M]; | |||||
int idxA = 0, idxB = 0, idxR = 0; | int idxA = 0, idxB = 0, idxR = 0; | ||||
while ( idxA < sizeA && | while ( idxA < sizeA && | ||||
idxB < sizeB && | idxB < sizeB && | ||||
@@ -8,7 +8,7 @@ | |||||
#define RNG_BAD_MAXLEN (-1) | #define RNG_BAD_MAXLEN (-1) | ||||
#define RNG_BAD_OUTBUF (-2) | #define RNG_BAD_OUTBUF (-2) | ||||
#define RNG_BAD_REQ_LEN (-3) | #define RNG_BAD_REQ_LEN (-3) | ||||
#define RNG_MAXLEN (10 * 1024 * 1024) | |||||
#define RNG_MAXLEN (10 * 1024 * 1024) | |||||
typedef struct { | typedef struct { | ||||
unsigned char buffer[16]; | unsigned char buffer[16]; | ||||
@@ -1,7 +1,6 @@ | |||||
#include "bf_decoding.h" | #include "bf_decoding.h" | ||||
#include "gf2x_arith_mod_xPplusOne.h" | #include "gf2x_arith_mod_xPplusOne.h" | ||||
#include <assert.h> | |||||
#include <string.h> | #include <string.h> | ||||
int PQCLEAN_LEDAKEMLT32_LEAKTIME_bf_decoding(DIGIT err[], | int PQCLEAN_LEDAKEMLT32_LEAKTIME_bf_decoding(DIGIT err[], | ||||
@@ -1,6 +1,5 @@ | |||||
#include "gf2x_arith.h" | #include "gf2x_arith.h" | ||||
#include <assert.h> | |||||
#include <string.h> // memset(...) | #include <string.h> // memset(...) | ||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { | void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { | ||||
@@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D | |||||
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | ||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | ||||
assert(amount < DIGIT_SIZE_b); | |||||
if ( amount == 0 ) { | if ( amount == 0 ) { | ||||
return; | return; | ||||
} | } | ||||
@@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi | |||||
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | ||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | ||||
assert(amount < DIGIT_SIZE_b); | |||||
if ( amount == 0 ) { | if ( amount == 0 ) { | ||||
return; | return; | ||||
} | } | ||||
@@ -1,7 +1,6 @@ | |||||
#include "gf2x_arith_mod_xPplusOne.h" | #include "gf2x_arith_mod_xPplusOne.h" | ||||
#include "rng.h" | #include "rng.h" | ||||
#include <assert.h> | |||||
#include <string.h> // memcpy(...), memset(...) | #include <string.h> // memcpy(...), memset(...) | ||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { | void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { | ||||
@@ -211,8 +210,6 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]) { | |||||
A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; | A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; | ||||
} | } | ||||
// A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // no middle digit | |||||
if (slack_bits_amount) { | if (slack_bits_amount) { | ||||
PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); | PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); | ||||
} | } | ||||
@@ -431,14 +428,14 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R | |||||
} | } | ||||
} | } | ||||
/* the implementation is safe even in case A or B alias with the result */ | |||||
/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ | |||||
/* the implementation is safe even in case A or B alias with the result | |||||
* PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */ | |||||
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse( | void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse( | ||||
int sizeR, POSITION_T Res[], | int sizeR, POSITION_T Res[], | ||||
int sizeA, const POSITION_T A[], | int sizeA, const POSITION_T A[], | ||||
int sizeB, const POSITION_T B[]) { | int sizeB, const POSITION_T B[]) { | ||||
POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions | |||||
POSITION_T tmpRes[DV * M]; | |||||
int idxA = 0, idxB = 0, idxR = 0; | int idxA = 0, idxB = 0, idxR = 0; | ||||
while ( idxA < sizeA && | while ( idxA < sizeA && | ||||
idxB < sizeB && | idxB < sizeB && | ||||
@@ -10,7 +10,7 @@ typedef struct { | |||||
* H and Q during decryption */ | * H and Q during decryption */ | ||||
unsigned char prng_seed[TRNG_BYTE_LENGTH]; | unsigned char prng_seed[TRNG_BYTE_LENGTH]; | ||||
int8_t rejections; | int8_t rejections; | ||||
uint8_t threshold; | |||||
uint8_t threshold; // for round 2 | |||||
} privateKeyNiederreiter_t; | } privateKeyNiederreiter_t; | ||||
typedef struct { | typedef struct { | ||||
@@ -1,7 +1,6 @@ | |||||
#include "bf_decoding.h" | #include "bf_decoding.h" | ||||
#include "gf2x_arith_mod_xPplusOne.h" | #include "gf2x_arith_mod_xPplusOne.h" | ||||
#include <assert.h> | |||||
#include <string.h> | #include <string.h> | ||||
int PQCLEAN_LEDAKEMLT52_LEAKTIME_bf_decoding(DIGIT err[], | int PQCLEAN_LEDAKEMLT52_LEAKTIME_bf_decoding(DIGIT err[], | ||||
@@ -1,6 +1,5 @@ | |||||
#include "gf2x_arith.h" | #include "gf2x_arith.h" | ||||
#include <assert.h> | |||||
#include <string.h> // memset(...) | #include <string.h> // memset(...) | ||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { | void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { | ||||
@@ -11,7 +10,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const D | |||||
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | ||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | ||||
assert(amount < DIGIT_SIZE_b); | |||||
if ( amount == 0 ) { | if ( amount == 0 ) { | ||||
return; | return; | ||||
} | } | ||||
@@ -27,7 +25,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi | |||||
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ | ||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { | ||||
assert(amount < DIGIT_SIZE_b); | |||||
if ( amount == 0 ) { | if ( amount == 0 ) { | ||||
return; | return; | ||||
} | } | ||||
@@ -1,10 +1,8 @@ | |||||
#include "gf2x_arith_mod_xPplusOne.h" | #include "gf2x_arith_mod_xPplusOne.h" | ||||
#include "rng.h" | #include "rng.h" | ||||
#include <assert.h> | |||||
#include <string.h> // memcpy(...), memset(...) | #include <string.h> // memcpy(...), memset(...) | ||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { | void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_copy(DIGIT dest[], const DIGIT in[]) { | ||||
for (int i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0; i--) { | for (int i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0; i--) { | ||||
dest[i] = in[i]; | dest[i] = in[i]; | ||||
@@ -212,8 +210,6 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]) { | |||||
A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; | A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; | ||||
} | } | ||||
// A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // no middle digit | |||||
if (slack_bits_amount) { | if (slack_bits_amount) { | ||||
PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); | PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); | ||||
} | } | ||||
@@ -432,14 +428,14 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T R | |||||
} | } | ||||
} | } | ||||
/* the implementation is safe even in case A or B alias with the result */ | |||||
/* PRE: A and B should be sorted and have INVALID_POS_VALUE at the end */ | |||||
/* the implementation is safe even in case A or B alias with the result | |||||
* PRE: A and B should be sorted, disjunct arrays ending with INVALID_POS_VALUE */ | |||||
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse( | void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse( | ||||
int sizeR, POSITION_T Res[], | int sizeR, POSITION_T Res[], | ||||
int sizeA, const POSITION_T A[], | int sizeA, const POSITION_T A[], | ||||
int sizeB, const POSITION_T B[]) { | int sizeB, const POSITION_T B[]) { | ||||
POSITION_T tmpRes[DV * M]; // TODO: now function only works for adding (disjunct) DV and M positions | |||||
POSITION_T tmpRes[DV * M]; | |||||
int idxA = 0, idxB = 0, idxR = 0; | int idxA = 0, idxB = 0, idxR = 0; | ||||
while ( idxA < sizeA && | while ( idxA < sizeA && | ||||
idxB < sizeB && | idxB < sizeB && | ||||
@@ -10,7 +10,7 @@ typedef struct { | |||||
* H and Q during decryption */ | * H and Q during decryption */ | ||||
unsigned char prng_seed[TRNG_BYTE_LENGTH]; | unsigned char prng_seed[TRNG_BYTE_LENGTH]; | ||||
int8_t rejections; | int8_t rejections; | ||||
uint8_t threshold; | |||||
uint8_t threshold; // for round 2 | |||||
} privateKeyNiederreiter_t; | } privateKeyNiederreiter_t; | ||||
typedef struct { | typedef struct { | ||||
@@ -0,0 +1,32 @@ | |||||
consistency_checks: | |||||
- source: | |||||
scheme: ledakemlt32 | |||||
implementation: leaktime | |||||
files: | |||||
- bf_decoding.c | |||||
- dfr_test.c | |||||
- dfr_test.h | |||||
- gf2x_arith.c | |||||
- gf2x_arith.h | |||||
- H_Q_matrices_generation.c | |||||
- H_Q_matrices_generation.h | |||||
- kem.c | |||||
- niederreiter.c | |||||
- niederreiter.h | |||||
- rng.c | |||||
- rng.h | |||||
- source: | |||||
scheme: ledakemlt52 | |||||
implementation: leaktime | |||||
files: | |||||
- bf_decoding.c | |||||
- dfr_test.c | |||||
- dfr_test.h | |||||
- gf2x_arith.c | |||||
- gf2x_arith.h | |||||
- H_Q_matrices_generation.c | |||||
- H_Q_matrices_generation.h | |||||
- kem.c | |||||
- niederreiter.c | |||||
- niederreiter.h | |||||
- rng.h |
@@ -0,0 +1,32 @@ | |||||
consistency_checks: | |||||
- source: | |||||
scheme: ledakemlt12 | |||||
implementation: leaktime | |||||
files: | |||||
- bf_decoding.c | |||||
- dfr_test.c | |||||
- dfr_test.h | |||||
- gf2x_arith.c | |||||
- gf2x_arith.h | |||||
- H_Q_matrices_generation.c | |||||
- H_Q_matrices_generation.h | |||||
- kem.c | |||||
- niederreiter.c | |||||
- niederreiter.h | |||||
- rng.c | |||||
- rng.h | |||||
- source: | |||||
scheme: ledakemlt52 | |||||
implementation: leaktime | |||||
files: | |||||
- bf_decoding.c | |||||
- dfr_test.c | |||||
- dfr_test.h | |||||
- gf2x_arith.c | |||||
- gf2x_arith.h | |||||
- H_Q_matrices_generation.c | |||||
- H_Q_matrices_generation.h | |||||
- kem.c | |||||
- niederreiter.c | |||||
- niederreiter.h | |||||
- rng.h |
@@ -0,0 +1,32 @@ | |||||
consistency_checks: | |||||
- source: | |||||
scheme: ledakemlt12 | |||||
implementation: leaktime | |||||
files: | |||||
- bf_decoding.c | |||||
- dfr_test.c | |||||
- dfr_test.h | |||||
- gf2x_arith.c | |||||
- gf2x_arith.h | |||||
- H_Q_matrices_generation.c | |||||
- H_Q_matrices_generation.h | |||||
- kem.c | |||||
- niederreiter.c | |||||
- niederreiter.h | |||||
- rng.h | |||||
- source: | |||||
scheme: ledakemlt32 | |||||
implementation: leaktime | |||||
files: | |||||
- bf_decoding.c | |||||
- dfr_test.c | |||||
- dfr_test.h | |||||
- gf2x_arith.c | |||||
- gf2x_arith.h | |||||
- gf2x_arith_mod_xPplusOne.c | |||||
- H_Q_matrices_generation.c | |||||
- H_Q_matrices_generation.h | |||||
- kem.c | |||||
- niederreiter.c | |||||
- niederreiter.h | |||||
- rng.h |