mirror of
https://github.com/henrydcase/pqc.git
synced 2024-11-22 23:48:58 +00:00
Fix non-constant time FO test
This commit is contained in:
parent
d4008c7f1e
commit
470c2662f9
@ -90,7 +90,7 @@ int PQCLEAN_HQC128_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQC128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQC128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQC128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQC128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQC128_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQC128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQC128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -92,7 +92,7 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -131,12 +131,14 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQC128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQC128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQC128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQC192_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQC192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQC192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQC192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQC192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQC192_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQC192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQC192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -92,7 +92,7 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -131,12 +131,14 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQC192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQC192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQC192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQC256_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQC256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQC256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQC256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQC256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQC256_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQC256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQC256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -92,7 +92,7 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -131,12 +131,14 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQC256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQC256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQC256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss,
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQCRMRS128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS128_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQCRMRS128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQCRMRS128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQCRMRS128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQCRMRS128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQCRMRS128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss,
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQCRMRS192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS192_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQCRMRS192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQCRMRS192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQCRMRS192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQCRMRS192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQCRMRS192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss,
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQCRMRS256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS256_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQCRMRS256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQCRMRS256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss
|
|||||||
*/
|
*/
|
||||||
int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
|
|
||||||
int8_t result = -1;
|
uint8_t result;
|
||||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||||
unsigned char d[SHA512_BYTES] = {0};
|
unsigned char d[SHA512_BYTES] = {0};
|
||||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
|
|||||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||||
|
|
||||||
// Abort if c != c' or d != d'
|
// Abort if c != c' or d != d'
|
||||||
result = (PQCLEAN_HQCRMRS256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
result = PQCLEAN_HQCRMRS256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||||
|
result |= PQCLEAN_HQCRMRS256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||||
|
result |= memcmp(d, d2, SHA512_BYTES);
|
||||||
|
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||||
ss[i] = result * ss[i];
|
ss[i] &= ~result;
|
||||||
}
|
}
|
||||||
result--;
|
|
||||||
|
|
||||||
|
|
||||||
return result;
|
return result & 1;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user