kris/pqcrypto
1
1
Fork 0
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-22 15:39:07 +00:00
Code Issues 1 Releases Wiki Activity

hopefully fix msvc complaints

Browse Source
This commit is contained in:
Leon Botros 2019-08-23 12:41:58 +02:00
parent 537d2a1ac0
commit 46145a3183
18 changed files with 68 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto_kem/ledakemlt12/leaktime/dfr_test.c
View File

@ -80,7 +80,7 @@ int PQCLEAN_LEDAKEMLT12_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_
allBlockMaxSumstMinusOne; allBlockMaxSumstMinusOne;
} }
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
*secondIterThreshold = allBlockMaxSumst + 1; *secondIterThreshold = (uint8_t) (allBlockMaxSumst + 1);
return 1; return 1;
} }
return 0; return 0;

21
crypto_kem/ledakemlt12/leaktime/gf2x_arith.c
View File

@ -2,27 +2,26 @@
#include <string.h> // memset(...) #include <string.h> // memset(...)
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], size_t n) {
for (int i = 0; i < nr; i++) { for (size_t i = 0; i < n; i++) {
Res[i] = A[i] ^ B[i]; Res[i] = A[i] ^ B[i];
} }
} }
/* copies len digits from a to r if b == 1 */ /* copies len digits from a to r if b == 1 */
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c) {
size_t i; DIGIT mask = (DIGIT)(-c);
DIGIT mask = -(DIGIT)c; for (size_t i = 0; i < len; i++) {
for (i = 0; i < len; i++) {
r[i] ^= mask & (a[i] ^ r[i]); r[i] ^= mask & (a[i] ^ r[i]);
} }
} }
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(size_t length, DIGIT in[], size_t amount) {
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
unsigned int j; size_t j;
DIGIT mask; DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1; mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0; j--) { for (j = length - 1; j > 0; j--) {
@ -33,11 +32,11 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
} }
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(size_t length, DIGIT in[], size_t amount) {
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
int j; size_t j;
DIGIT mask; DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1); mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1; j++) { for (j = 0 ; j < length - 1; j++) {
@ -91,7 +90,7 @@ static inline void gf2x_add_asymm(DIGIT *R,
size_t nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
gf2x_cpy(R, A, delta); gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);; gf2x_add(R + delta, A + delta, B, nb);;
} }
/* aligns first array elements */ /* aligns first array elements */
@ -99,7 +98,7 @@ static inline void gf2x_add_asymm2(DIGIT *R,
size_t na, const DIGIT *A, size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R, A, B, nb); gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta); gf2x_cpy(R + nb, A + nb, delta);
} }

6
crypto_kem/ledakemlt12/leaktime/gf2x_arith.h
View File

@ -54,10 +54,10 @@ typedef uint64_t DIGIT;
#define STACK_KAR_ONLY 2433 #define STACK_KAR_ONLY 2433
#define STACK_WORDS 2892 #define STACK_WORDS 2892
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], size_t n);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount); void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(size_t length, DIGIT in[], size_t amount);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount); void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(size_t length, DIGIT in[], size_t amount);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mul(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mul(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n);
#endif #endif

6
crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c
View File

@ -166,16 +166,16 @@ static void gf2x_cswap(DIGIT *a, DIGIT *b, int swap_mask) {
/* returns -1 mask if x != 0, otherwise 0 */ /* returns -1 mask if x != 0, otherwise 0 */
static inline int nonzero(DIGIT x) { static inline int nonzero(DIGIT x) {
DIGIT t = x; DIGIT t = x;
t = -t; t = (~t) + 1;
t >>= DIGIT_SIZE_b - 1; t >>= DIGIT_SIZE_b - 1;
return -(int)t; return -((int)t);
} }
/* returns -1 mask if x < 0 else 0 */ /* returns -1 mask if x < 0 else 0 */
static inline int negative(int x) { static inline int negative(int x) {
uint32_t u = x; uint32_t u = x;
u >>= 31; u >>= 31;
return -(int)u; return -((int)u);
} }
/* return f(0) as digit */ /* return f(0) as digit */

2
crypto_kem/ledakemlt12/leaktime/niederreiter.c
View File

@ -20,7 +20,7 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_niederreiter_keygen(publicKeyNiederreiter_t *p
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0}; DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0};
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0}; DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0};
int is_L_full; int is_L_full;
int isDFRok; int isDFRok = 0;
memset(&keys_expander, 0x00, sizeof(AES_XOF_struct)); memset(&keys_expander, 0x00, sizeof(AES_XOF_struct));
randombytes(sk->prng_seed, TRNG_BYTE_LENGTH); randombytes(sk->prng_seed, TRNG_BYTE_LENGTH);

5
crypto_kem/ledakemlt12/leaktime/utils.c
View File

@ -7,13 +7,14 @@ int PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_verify(const DIGIT *a, const DIGIT *b, siz
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
x |= a[i] ^ b[i]; x |= a[i] ^ b[i];
} }
x = (-x) >> (DIGIT_SIZE_b - 1); x = (~x) + 1;
x >>= (DIGIT_SIZE_b - 1);
return (int)x; return (int)x;
} }
/* conditionally move a into r if cond */ /* conditionally move a into r if cond */
void PQCLEAN_LEDAKEMLT12_LEAKTIME_cmov(uint8_t *r, const uint8_t *a, size_t len, int cond) { void PQCLEAN_LEDAKEMLT12_LEAKTIME_cmov(uint8_t *r, const uint8_t *a, size_t len, int cond) {
uint8_t mask = -cond; uint8_t mask = (uint8_t)(-cond);
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
r[i] ^= mask & (r[i] ^ a[i]); r[i] ^= mask & (r[i] ^ a[i]);
} }

2
crypto_kem/ledakemlt32/leaktime/dfr_test.c
View File

@ -80,7 +80,7 @@ int PQCLEAN_LEDAKEMLT32_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_
allBlockMaxSumstMinusOne; allBlockMaxSumstMinusOne;
} }
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
*secondIterThreshold = allBlockMaxSumst + 1; *secondIterThreshold = (uint8_t) (allBlockMaxSumst + 1);
return 1; return 1;
} }
return 0; return 0;

21
crypto_kem/ledakemlt32/leaktime/gf2x_arith.c
View File

@ -2,27 +2,26 @@
#include <string.h> // memset(...) #include <string.h> // memset(...)
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], size_t n) {
for (int i = 0; i < nr; i++) { for (size_t i = 0; i < n; i++) {
Res[i] = A[i] ^ B[i]; Res[i] = A[i] ^ B[i];
} }
} }
/* copies len digits from a to r if b == 1 */ /* copies len digits from a to r if b == 1 */
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c) {
size_t i; DIGIT mask = (DIGIT)(-c);
DIGIT mask = -(DIGIT)c; for (size_t i = 0; i < len; i++) {
for (i = 0; i < len; i++) {
r[i] ^= mask & (a[i] ^ r[i]); r[i] ^= mask & (a[i] ^ r[i]);
} }
} }
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(size_t length, DIGIT in[], size_t amount) {
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
unsigned int j; size_t j;
DIGIT mask; DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1; mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0; j--) { for (j = length - 1; j > 0; j--) {
@ -33,11 +32,11 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
} }
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(size_t length, DIGIT in[], size_t amount) {
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
int j; size_t j;
DIGIT mask; DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1); mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1; j++) { for (j = 0 ; j < length - 1; j++) {
@ -91,7 +90,7 @@ static inline void gf2x_add_asymm(DIGIT *R,
size_t nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
gf2x_cpy(R, A, delta); gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);; gf2x_add(R + delta, A + delta, B, nb);;
} }
/* aligns first array elements */ /* aligns first array elements */
@ -99,7 +98,7 @@ static inline void gf2x_add_asymm2(DIGIT *R,
size_t na, const DIGIT *A, size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R, A, B, nb); gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta); gf2x_cpy(R + nb, A + nb, delta);
} }

6
crypto_kem/ledakemlt32/leaktime/gf2x_arith.h
View File

@ -54,10 +54,10 @@ typedef uint64_t DIGIT;
#define STACK_KAR_ONLY 4497 #define STACK_KAR_ONLY 4497
#define STACK_WORDS 5336 #define STACK_WORDS 5336
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], size_t n);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount); void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(size_t length, DIGIT in[], size_t amount);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount); void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(size_t length, DIGIT in[], size_t amount);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mul(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mul(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n);
#endif #endif

6
crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c
View File

@ -164,16 +164,16 @@ static void gf2x_cswap(DIGIT *a, DIGIT *b, int swap_mask) {
/* returns -1 mask if x != 0, otherwise 0 */ /* returns -1 mask if x != 0, otherwise 0 */
static inline int nonzero(DIGIT x) { static inline int nonzero(DIGIT x) {
DIGIT t = x; DIGIT t = x;
t = -t; t = (~t) + 1;
t >>= DIGIT_SIZE_b - 1; t >>= DIGIT_SIZE_b - 1;
return -(int)t; return -((int)t);
} }
/* returns -1 mask if x < 0 else 0 */ /* returns -1 mask if x < 0 else 0 */
static inline int negative(int x) { static inline int negative(int x) {
uint32_t u = x; uint32_t u = x;
u >>= 31; u >>= 31;
return -(int)u; return -((int)u);
} }
/* return f(0) as digit */ /* return f(0) as digit */

2
crypto_kem/ledakemlt32/leaktime/niederreiter.c
View File

@ -20,7 +20,7 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_niederreiter_keygen(publicKeyNiederreiter_t *p
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0}; DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0};
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0}; DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0};
int is_L_full; int is_L_full;
int isDFRok; int isDFRok = 0;
memset(&keys_expander, 0x00, sizeof(AES_XOF_struct)); memset(&keys_expander, 0x00, sizeof(AES_XOF_struct));
randombytes(sk->prng_seed, TRNG_BYTE_LENGTH); randombytes(sk->prng_seed, TRNG_BYTE_LENGTH);

5
crypto_kem/ledakemlt32/leaktime/utils.c
View File

@ -7,13 +7,14 @@ int PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_verify(const DIGIT *a, const DIGIT *b, siz
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
x |= a[i] ^ b[i]; x |= a[i] ^ b[i];
} }
x = (-x) >> (DIGIT_SIZE_b - 1); x = (~x) + 1;
x >>= (DIGIT_SIZE_b - 1);
return (int)x; return (int)x;
} }
/* conditionally move a into r if cond */ /* conditionally move a into r if cond */
void PQCLEAN_LEDAKEMLT32_LEAKTIME_cmov(uint8_t *r, const uint8_t *a, size_t len, int cond) { void PQCLEAN_LEDAKEMLT32_LEAKTIME_cmov(uint8_t *r, const uint8_t *a, size_t len, int cond) {
uint8_t mask = -cond; uint8_t mask = (uint8_t)(-cond);
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
r[i] ^= mask & (r[i] ^ a[i]); r[i] ^= mask & (r[i] ^ a[i]);
} }

2
crypto_kem/ledakemlt52/leaktime/dfr_test.c
View File

@ -80,7 +80,7 @@ int PQCLEAN_LEDAKEMLT52_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_
allBlockMaxSumstMinusOne; allBlockMaxSumstMinusOne;
} }
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
*secondIterThreshold = allBlockMaxSumst + 1; *secondIterThreshold = (uint8_t) (allBlockMaxSumst + 1);
return 1; return 1;
} }
return 0; return 0;

21
crypto_kem/ledakemlt52/leaktime/gf2x_arith.c
View File

@ -2,27 +2,26 @@
#include <string.h> // memset(...) #include <string.h> // memset(...)
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], size_t n) {
for (int i = 0; i < nr; i++) { for (size_t i = 0; i < n; i++) {
Res[i] = A[i] ^ B[i]; Res[i] = A[i] ^ B[i];
} }
} }
/* copies len digits from a to r if b == 1 */ /* copies len digits from a to r if b == 1 */
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c) {
size_t i; DIGIT mask = (DIGIT)(-c);
DIGIT mask = -(DIGIT)c; for (size_t i = 0; i < len; i++) {
for (i = 0; i < len; i++) {
r[i] ^= mask & (a[i] ^ r[i]); r[i] ^= mask & (a[i] ^ r[i]);
} }
} }
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(size_t length, DIGIT in[], size_t amount) {
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
unsigned int j; size_t j;
DIGIT mask; DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1; mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0; j--) { for (j = length - 1; j > 0; j--) {
@ -33,11 +32,11 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
} }
/* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */ /* PRE: MAX ALLOWED ROTATION AMOUNT : DIGIT_SIZE_b */
void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(size_t length, DIGIT in[], size_t amount) {
if ( amount == 0 ) { if ( amount == 0 ) {
return; return;
} }
int j; size_t j;
DIGIT mask; DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1); mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1; j++) { for (j = 0 ; j < length - 1; j++) {
@ -91,7 +90,7 @@ static inline void gf2x_add_asymm(DIGIT *R,
size_t nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
gf2x_cpy(R, A, delta); gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);; gf2x_add(R + delta, A + delta, B, nb);;
} }
/* aligns first array elements */ /* aligns first array elements */
@ -99,7 +98,7 @@ static inline void gf2x_add_asymm2(DIGIT *R,
size_t na, const DIGIT *A, size_t na, const DIGIT *A,
size_t nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R, A, B, nb); gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta); gf2x_cpy(R + nb, A + nb, delta);
} }

11
crypto_kem/ledakemlt52/leaktime/gf2x_arith.h
View File

@ -54,10 +54,15 @@ typedef uint64_t DIGIT;
#define STACK_KAR_ONLY 7137 #define STACK_KAR_ONLY 7137
#define STACK_WORDS 8401 #define STACK_WORDS 8401
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], int nr); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(DIGIT Res[], const DIGIT A[], const DIGIT B[], size_t n);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_cmov(DIGIT *r, const DIGIT *a, size_t len, int c);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsigned int amount); void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(size_t length, DIGIT in[], size_t amount);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsigned int amount); void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(size_t length, DIGIT in[], size_t amount);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mul(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mul(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n);
#endif #endif

6
crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c
View File

@ -164,16 +164,16 @@ static void gf2x_cswap(DIGIT *a, DIGIT *b, int swap_mask) {
/* returns -1 mask if x != 0, otherwise 0 */ /* returns -1 mask if x != 0, otherwise 0 */
static inline int nonzero(DIGIT x) { static inline int nonzero(DIGIT x) {
DIGIT t = x; DIGIT t = x;
t = -t; t = (~t) + 1;
t >>= DIGIT_SIZE_b - 1; t >>= DIGIT_SIZE_b - 1;
return -(int)t; return -((int)t);
} }
/* returns -1 mask if x < 0 else 0 */ /* returns -1 mask if x < 0 else 0 */
static inline int negative(int x) { static inline int negative(int x) {
uint32_t u = x; uint32_t u = x;
u >>= 31; u >>= 31;
return -(int)u; return -((int)u);
} }
/* return f(0) as digit */ /* return f(0) as digit */

2
crypto_kem/ledakemlt52/leaktime/niederreiter.c
View File

@ -20,7 +20,7 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_niederreiter_keygen(publicKeyNiederreiter_t *p
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0}; DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0};
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0}; DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0};
int is_L_full; int is_L_full;
int isDFRok; int isDFRok = 0;
memset(&keys_expander, 0x00, sizeof(AES_XOF_struct)); memset(&keys_expander, 0x00, sizeof(AES_XOF_struct));
randombytes(sk->prng_seed, TRNG_BYTE_LENGTH); randombytes(sk->prng_seed, TRNG_BYTE_LENGTH);

5
crypto_kem/ledakemlt52/leaktime/utils.c
View File

@ -7,13 +7,14 @@ int PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_verify(const DIGIT *a, const DIGIT *b, siz
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
x |= a[i] ^ b[i]; x |= a[i] ^ b[i];
} }
x = (-x) >> (DIGIT_SIZE_b - 1); x = (~x) + 1;
x >>= (DIGIT_SIZE_b - 1);
return (int)x; return (int)x;
} }
/* conditionally move a into r if cond */ /* conditionally move a into r if cond */
void PQCLEAN_LEDAKEMLT52_LEAKTIME_cmov(uint8_t *r, const uint8_t *a, size_t len, int cond) { void PQCLEAN_LEDAKEMLT52_LEAKTIME_cmov(uint8_t *r, const uint8_t *a, size_t len, int cond) {
uint8_t mask = -cond; uint8_t mask = (uint8_t)(-cond);
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
r[i] ^= mask & (r[i] ^ a[i]); r[i] ^= mask & (r[i] ^ a[i]);
} }