kris
/
pqcrypto
mirror of https://github.com/henrydcase/pqc.git
1
1
Fork 0
Code Issues 1 Releases 2 Wiki Activity
Browse Source

NTRU Prime: Explicit casts to avoid conversion warnings

tags/v0.0.1
John M. Schanck 4 years ago
committed by Kris Kwiatkowski
parent
7b5a4c494b
commit
565cd17478
100 changed files with 1016 additions and 1025 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      crypto_kem/ntrulpr653/avx2/Makefile
  2. +2
    -2
      crypto_kem/ntrulpr653/avx2/crypto_core_multsntrup653.c
  3. +1
    -1
      crypto_kem/ntrulpr653/avx2/crypto_decode_256x2.c
  4. +10
    -10
      crypto_kem/ntrulpr653/avx2/crypto_decode_653x1541.c
  5. +1
    -2
      crypto_kem/ntrulpr653/avx2/crypto_decode_653xint16.c
  6. +1
    -1
      crypto_kem/ntrulpr653/avx2/crypto_encode_256x16.c
  7. +32
    -32
      crypto_kem/ntrulpr653/avx2/crypto_encode_256x2.c
  8. +47
    -47
      crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541.c
  9. +47
    -47
      crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541round.c
  10. +2
    -2
      crypto_kem/ntrulpr653/avx2/crypto_encode_653xint16.c
  11. +1
    -1
      crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c
  12. +4
    -4
      crypto_kem/ntrulpr653/avx2/crypto_verify_1025.c
  13. +13
    -13
      crypto_kem/ntrulpr653/avx2/kem.c
  14. +1
    -1
      crypto_kem/ntrulpr653/clean/Makefile
  15. +3
    -3
      crypto_kem/ntrulpr653/clean/crypto_core_multsntrup653.c
  16. +19
    -19
      crypto_kem/ntrulpr653/clean/crypto_decode_653x1541.c
  17. +1
    -2
      crypto_kem/ntrulpr653/clean/crypto_decode_653xint16.c
  18. +1
    -1
      crypto_kem/ntrulpr653/clean/crypto_encode_256x16.c
  19. +1
    -1
      crypto_kem/ntrulpr653/clean/crypto_encode_256x2.c
  20. +31
    -31
      crypto_kem/ntrulpr653/clean/crypto_encode_653x1541.c
  21. +1
    -1
      crypto_kem/ntrulpr653/clean/crypto_encode_653x1541round.c
  22. +3
    -3
      crypto_kem/ntrulpr653/clean/crypto_encode_653x3.c
  23. +2
    -2
      crypto_kem/ntrulpr653/clean/crypto_encode_653xint16.c
  24. +13
    -13
      crypto_kem/ntrulpr653/clean/kem.c
  25. +1
    -1
      crypto_kem/ntrulpr761/avx2/Makefile
  26. +2
    -2
      crypto_kem/ntrulpr761/avx2/crypto_core_multsntrup761.c
  27. +1
    -1
      crypto_kem/ntrulpr761/avx2/crypto_decode_256x2.c
  28. +12
    -12
      crypto_kem/ntrulpr761/avx2/crypto_decode_761x1531.c
  29. +1
    -2
      crypto_kem/ntrulpr761/avx2/crypto_decode_761xint16.c
  30. +1
    -1
      crypto_kem/ntrulpr761/avx2/crypto_encode_256x16.c
  31. +32
    -32
      crypto_kem/ntrulpr761/avx2/crypto_encode_256x2.c
  32. +53
    -53
      crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531.c
  33. +53
    -53
      crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531round.c
  34. +2
    -2
      crypto_kem/ntrulpr761/avx2/crypto_encode_761xint16.c
  35. +1
    -1
      crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c
  36. +4
    -4
      crypto_kem/ntrulpr761/avx2/crypto_verify_1167.c
  37. +13
    -13
      crypto_kem/ntrulpr761/avx2/kem.c
  38. +1
    -1
      crypto_kem/ntrulpr761/clean/Makefile
  39. +3
    -3
      crypto_kem/ntrulpr761/clean/crypto_core_multsntrup761.c
  40. +21
    -21
      crypto_kem/ntrulpr761/clean/crypto_decode_761x1531.c
  41. +1
    -2
      crypto_kem/ntrulpr761/clean/crypto_decode_761xint16.c
  42. +1
    -1
      crypto_kem/ntrulpr761/clean/crypto_encode_256x16.c
  43. +1
    -1
      crypto_kem/ntrulpr761/clean/crypto_encode_256x2.c
  44. +29
    -29
      crypto_kem/ntrulpr761/clean/crypto_encode_761x1531.c
  45. +1
    -1
      crypto_kem/ntrulpr761/clean/crypto_encode_761x1531round.c
  46. +3
    -3
      crypto_kem/ntrulpr761/clean/crypto_encode_761x3.c
  47. +2
    -2
      crypto_kem/ntrulpr761/clean/crypto_encode_761xint16.c
  48. +13
    -13
      crypto_kem/ntrulpr761/clean/kem.c
  49. +1
    -1
      crypto_kem/ntrulpr857/avx2/Makefile
  50. +2
    -2
      crypto_kem/ntrulpr857/avx2/crypto_core_multsntrup857.c
  51. +1
    -1
      crypto_kem/ntrulpr857/avx2/crypto_decode_256x2.c
  52. +11
    -11
      crypto_kem/ntrulpr857/avx2/crypto_decode_857x1723.c
  53. +1
    -2
      crypto_kem/ntrulpr857/avx2/crypto_decode_857xint16.c
  54. +1
    -1
      crypto_kem/ntrulpr857/avx2/crypto_encode_256x16.c
  55. +32
    -32
      crypto_kem/ntrulpr857/avx2/crypto_encode_256x2.c
  56. +36
    -36
      crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723.c
  57. +36
    -36
      crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723round.c
  58. +2
    -2
      crypto_kem/ntrulpr857/avx2/crypto_encode_857xint16.c
  59. +1
    -1
      crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c
  60. +4
    -4
      crypto_kem/ntrulpr857/avx2/crypto_verify_1312.c
  61. +13
    -13
      crypto_kem/ntrulpr857/avx2/kem.c
  62. +1
    -1
      crypto_kem/ntrulpr857/clean/Makefile
  63. +3
    -3
      crypto_kem/ntrulpr857/clean/crypto_core_multsntrup857.c
  64. +20
    -20
      crypto_kem/ntrulpr857/clean/crypto_decode_857x1723.c
  65. +1
    -2
      crypto_kem/ntrulpr857/clean/crypto_decode_857xint16.c
  66. +1
    -1
      crypto_kem/ntrulpr857/clean/crypto_encode_256x16.c
  67. +1
    -1
      crypto_kem/ntrulpr857/clean/crypto_encode_256x2.c
  68. +31
    -31
      crypto_kem/ntrulpr857/clean/crypto_encode_857x1723.c
  69. +1
    -1
      crypto_kem/ntrulpr857/clean/crypto_encode_857x1723round.c
  70. +3
    -3
      crypto_kem/ntrulpr857/clean/crypto_encode_857x3.c
  71. +2
    -2
      crypto_kem/ntrulpr857/clean/crypto_encode_857xint16.c
  72. +13
    -13
      crypto_kem/ntrulpr857/clean/kem.c
  73. +1
    -1
      crypto_kem/sntrup653/avx2/Makefile
  74. +22
    -22
      crypto_kem/sntrup653/avx2/crypto_core_inv3sntrup653.c
  75. +10
    -10
      crypto_kem/sntrup653/avx2/crypto_core_invsntrup653.c
  76. +5
    -5
      crypto_kem/sntrup653/avx2/crypto_core_mult3sntrup653.c
  77. +2
    -2
      crypto_kem/sntrup653/avx2/crypto_core_multsntrup653.c
  78. +2
    -2
      crypto_kem/sntrup653/avx2/crypto_core_weightsntrup653.c
  79. +1
    -1
      crypto_kem/sntrup653/avx2/crypto_core_wforcesntrup653.c
  80. +10
    -10
      crypto_kem/sntrup653/avx2/crypto_decode_653x1541.c
  81. +9
    -9
      crypto_kem/sntrup653/avx2/crypto_decode_653x4621.c
  82. +1
    -2
      crypto_kem/sntrup653/avx2/crypto_decode_653xint16.c
  83. +1
    -1
      crypto_kem/sntrup653/avx2/crypto_decode_int16.c
  84. +47
    -47
      crypto_kem/sntrup653/avx2/crypto_encode_653x1541.c
  85. +47
    -47
      crypto_kem/sntrup653/avx2/crypto_encode_653x1541round.c
  86. +57
    -57
      crypto_kem/sntrup653/avx2/crypto_encode_653x4621.c
  87. +2
    -2
      crypto_kem/sntrup653/avx2/crypto_encode_653xint16.c
  88. +2
    -2
      crypto_kem/sntrup653/avx2/crypto_encode_int16.c
  89. +1
    -1
      crypto_kem/sntrup653/avx2/crypto_sort_int32.c
  90. +4
    -4
      crypto_kem/sntrup653/avx2/crypto_verify_897.c
  91. +5
    -5
      crypto_kem/sntrup653/avx2/kem.c
  92. +1
    -1
      crypto_kem/sntrup653/clean/Makefile
  93. +14
    -14
      crypto_kem/sntrup653/clean/crypto_core_inv3sntrup653.c
  94. +10
    -11
      crypto_kem/sntrup653/clean/crypto_core_invsntrup653.c
  95. +7
    -7
      crypto_kem/sntrup653/clean/crypto_core_mult3sntrup653.c
  96. +3
    -3
      crypto_kem/sntrup653/clean/crypto_core_multsntrup653.c
  97. +5
    -5
      crypto_kem/sntrup653/clean/crypto_core_wforcesntrup653.c
  98. +19
    -19
      crypto_kem/sntrup653/clean/crypto_decode_653x1541.c
  99. +19
    -19
      crypto_kem/sntrup653/clean/crypto_decode_653x4621.c
  100. +1
    -2
      crypto_kem/sntrup653/clean/crypto_decode_653xint16.c

+ 1
- 1
crypto_kem/ntrulpr653/avx2/Makefile View File

@@ -4,7 +4,7 @@ LIB=libntrulpr653_avx2.a
HEADERS=api.h crypto_core_multsntrup653.h crypto_core_multsntrup653_ntt.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_653x1541.h crypto_decode_653x3.h crypto_decode_653xint16.h crypto_decode_653xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_653x1541.h crypto_encode_653x1541round.h crypto_encode_653x3.h crypto_encode_653xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1025.h params.h
OBJECTS=crypto_core_multsntrup653.o crypto_core_multsntrup653_ntt.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_653x1541.o crypto_decode_653x3.o crypto_decode_653xint16.o crypto_decode_653xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_653x1541.o crypto_encode_653x1541round.o crypto_encode_653x3.o crypto_encode_653xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1025.o kem.o

CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS)
CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS)

all: $(LIB)



+ 2
- 2
crypto_kem/ntrulpr653/avx2/crypto_core_multsntrup653.c View File

@@ -291,9 +291,9 @@ int PQCLEAN_NTRULPR653_AVX2_crypto_core_multsntrup653(unsigned char *outbytes, c
store_x16(&f[i], x);
}
for (i = 0; i < p; ++i) {
int8 gi = kbytes[i];
int8 gi = (int8) kbytes[i];
int8 gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (int16) (gi0 - (gi & (gi0 << 1)));
}

mult768(fg, f, g);


+ 1
- 1
crypto_kem/ntrulpr653/avx2/crypto_decode_256x2.c View File

@@ -3,7 +3,7 @@
#include <stdint.h>

#define COPY _mm256_set_epi64x(0x0303030303030303,0x0202020202020202,0x0101010101010101,0x0000000000000000)
#define MASK _mm256_set1_epi64x(0x8040201008040201)
#define MASK _mm256_set1_epi64x((int64_t) 0x8040201008040201)
#define MASK2 _mm256_set1_epi64x(0x0101010101010101)

void PQCLEAN_NTRULPR653_AVX2_crypto_decode_256x2(void *v, const unsigned char *s) {


+ 10
- 10
crypto_kem/ntrulpr653/avx2/crypto_decode_653x1541.c View File

@@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) {
}

static inline int16 mulhi(int16 x, int16 y) {
return (x * (int32)y) >> 16;
return (int16) ((x * (int32)y) >> 16);
}

static inline __m256i add(__m256i x, __m256i y) {
@@ -79,7 +79,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 += s[1 * i + 0]; /* -39...290 */
a0 = mulhi(a0, 3) - mulhi(mullo(a0, -923), 71); /* -36...35 */
a0 += (a0 >> 15) & 71; /* 0...70 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, -22153);

/* invalid inputs might need reduction mod 9402 */
@@ -100,7 +100,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 += s[1 * i + 0]; /* -67...325 */
a0 = mulhi(a0, 10) - mulhi(mullo(a0, -489), 134); /* -68...67 */
a0 += (a0 >> 15) & 134; /* 0...133 */
a1 = (a2 << 7) + ((s[i] - a0) >> 1);
a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1));
a1 = mullo(a1, 19563);

/* invalid inputs might need reduction mod 134 */
@@ -119,7 +119,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 1223) - mulhi(mullo(a0, -5681), 2953); /* -1477...1782 */
a0 += s[1 * i + 0]; /* -1477...2037 */
a0 += (a0 >> 15) & 2953; /* 0...2952 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, -9543);

/* invalid inputs might need reduction mod 815 */
@@ -136,7 +136,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 1223) - mulhi(mullo(a0, -5681), 2953); /* -1505...1514 */
a0 += s[2 * i + 0]; /* -1505...1769 */
a0 += (a0 >> 15) & 2953; /* 0...2952 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, -9543);

/* invalid inputs might need reduction mod 2953 */
@@ -158,7 +158,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 1756) - mulhi(mullo(a0, -1206), 13910); /* -7142...7159 */
a0 += s[2 * i + 0]; /* -7142...7414 */
a0 += (a0 >> 15) & 13910; /* 0...13909 */
a1 = (a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1);
a1 = (int16) ((a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1));
a1 = mullo(a1, -13437);

/* invalid inputs might need reduction mod 13910 */
@@ -178,7 +178,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, -101) - mulhi(mullo(a0, -8891), 1887); /* -969...943 */
a0 += s[1 * i + 0]; /* -969...1198 */
a0 += (a0 >> 15) & 1887; /* 0...1886 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, 5279);

/* invalid inputs might need reduction mod 1887 */
@@ -234,7 +234,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 2401) - mulhi(mullo(a0, -2487), 6745); /* -3497...3527 */
a0 += s[2 * i + 0]; /* -3497...3782 */
a0 += (a0 >> 15) & 6745; /* 0...6744 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, -29207);

/* invalid inputs might need reduction mod 7910 */
@@ -287,7 +287,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 64) - mulhi(mullo(a0, -12768), 1314); /* -657...673 */
a0 += s[1 * i + 0]; /* -657...928 */
a0 += (a0 >> 15) & 1314; /* 0...1313 */
a1 = (a2 << 7) + ((s[i] - a0) >> 1);
a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1));
a1 = mullo(a1, -399);

/* invalid inputs might need reduction mod 1541 */
@@ -369,7 +369,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char

/* R1 ------> R0: reconstruct mod 653*[1541] */

R0[652] = 3 * R1[326] - 2310;
R0[652] = (int16) (3 * R1[326] - 2310);
s -= 326;
i = 310;
for (;;) {


+ 1
- 2
crypto_kem/ntrulpr653/avx2/crypto_decode_653xint16.c View File

@@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653xint16(void *v, const unsigned cha
for (i = 0; i < 653; ++i) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
*x = u0 | u1;
*x = (uint16_t) (u0 | (u1 << 8));
x += 1;
s += 2;
}


+ 1
- 1
crypto_kem/ntrulpr653/avx2/crypto_encode_256x16.c View File

@@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_256x16(unsigned char *s, const void *
const unsigned char *T = v;
int i;
for (i = 0; i < 128; ++i) {
s[i] = T[2 * i] + (T[2 * i + 1] << 4);
s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4));
}
}

+ 32
- 32
crypto_kem/ntrulpr653/avx2/crypto_encode_256x2.c View File

@@ -29,60 +29,60 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_256x2(unsigned char *s, const void *v
int32_t c5 = _mm256_movemask_epi8(b5);
int32_t c6 = _mm256_movemask_epi8(b6);
int32_t c7 = _mm256_movemask_epi8(b7);
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = c1;
*s++ = (unsigned char) c0;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = c2;
*s++ = (unsigned char) c1;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = c3;
*s++ = (unsigned char) c2;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = c4;
*s++ = (unsigned char) c3;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = c5;
*s++ = (unsigned char) c4;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = c6;
*s++ = (unsigned char) c5;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = c7;
*s++ = (unsigned char) c6;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
}

+ 47
- 47
crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541.c View File

@@ -42,26 +42,26 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
R[326] = (((R0[652] + 2310) & 16383) * 10923) >> 15;
R[326] = (uint16) ((((R0[652] + 2310) & 16383) * 10923) >> 15);

reading = (uint16 *) R;
writing = R;
@@ -124,22 +124,22 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -204,22 +204,22 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -229,9 +229,9 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1887;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[10] = R[20];

@@ -239,11 +239,11 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)13910;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[5] = R[10];

@@ -251,36 +251,36 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[4];
r1 = R[5];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[2] = r2;
R[2] = (uint16) r2;

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)134;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)71;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0;
*out++ = (unsigned char) r0;
r0 >>= 8;
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 47
- 47
crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541round.c View File

@@ -44,26 +44,26 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
R[326] = (((3 * ((10923 * R0[652] + 16384) >> 15) + 2310) & 16383) * 10923) >> 15;
R[326] = (uint16) ((((3 * ((10923 * R0[652] + 16384) >> 15) + 2310) & 16383) * 10923) >> 15);

reading = (uint16 *) R;
writing = R;
@@ -126,22 +126,22 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -206,22 +206,22 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -231,9 +231,9 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1887;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[10] = R[20];

@@ -241,11 +241,11 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)13910;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[5] = R[10];

@@ -253,36 +253,36 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[4];
r1 = R[5];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[2] = r2;
R[2] = (uint16) r2;

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)134;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)71;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0;
*out++ = (unsigned char) r0;
r0 >>= 8;
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 2
- 2
crypto_kem/ntrulpr653/avx2/crypto_encode_653xint16.c View File

@@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653xint16(unsigned char *s, const voi

for (i = 0; i < 653; ++i) {
uint16_t u = *x++;
*s++ = u;
*s++ = u >> 8;
*s++ = (unsigned char) u;
*s++ = (unsigned char) (u >> 8);
}
}

+ 1
- 1
crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c View File

@@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~7;
n &= ~(size_t) 7;
}
do {
int32x8 x0 = int32x8_load(x);


+ 4
- 4
crypto_kem/ntrulpr653/avx2/crypto_verify_1025.c View File

@@ -27,10 +27,10 @@ int PQCLEAN_NTRULPR653_AVX2_crypto_verify_1025(const unsigned char *x, const uns
diff |= _mm256_srli_epi32(diff, 16);
diff |= _mm256_srli_epi64(diff, 32);

differentbits = _mm256_extract_epi8(diff, 0);
differentbits |= _mm256_extract_epi8(diff, 8);
differentbits |= _mm256_extract_epi8(diff, 16);
differentbits |= _mm256_extract_epi8(diff, 24);
differentbits = (unsigned int) _mm256_extract_epi8(diff, 0);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24);

return (int) (1 & ((differentbits - 1) >> 8)) - 1;
}

+ 13
- 13
crypto_kem/ntrulpr653/avx2/kem.c View File

@@ -18,7 +18,7 @@

/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x) {
uint16 u = x;
uint16 u = (uint16) x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
@@ -38,24 +38,24 @@ typedef int16 Fq;
/* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */
/* assumes twos complement; use, e.g., gcc -fwrapv */
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
x -= (int32) (q * ((q18 * x) >> 18));
x -= (int32) (q * ((q27 * x + 67108864) >> 27));
return (Fq) x;
}

/* works for all uint32 x */
static Fq Fq_bigfreeze(uint32 x) {
x -= q * ((x * (uint64)q31) >> 31);
x -= q * ((x * (uint64)q31) >> 31);
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= q;
x += (-(x >> 31)) & (uint32)q;
return x;
return (Fq) x;
}

/* ----- Top and Right */

static int8 Top(Fq C) {
return (tau1 * (int32)(C + tau0) + 16384) >> 15;
return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15);
}

static Fq Right(int8 T) {
@@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
}
PQCLEAN_NTRULPR653_AVX2_crypto_sort_uint32(L, ppadsort);
for (i = 0; i < p; ++i) {
out[i] = (L[i] & 3) - 1;
out[i] = (small) ((L[i] & 3) - 1);
}
}

@@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
static void Hash(unsigned char *out, const unsigned char *in, int inlen) {
unsigned char h[64];
int i;
sha512(h, in, inlen);
sha512(h, in, (size_t) inlen);
for (i = 0; i < 32; ++i) {
out[i] = h[i];
}
@@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR653_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char
int8 T[I];
Top_decode(T, c + Rounded_bytes);
for (i = 0; i < I; ++i) {
r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
}
}
}
@@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR653_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char
Hide(cnew, x, r, pk, cache);
mask = crypto_verify_clen(c, cnew);
for (i = 0; i < Inputs_bytes; ++i) {
x[1 + i] ^= mask & (x[1 + i] ^ rho[i]);
x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i]));
}
for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) {
x[1 + Inputs_bytes + i] = c[i];
}
x[0] = 1 + mask;
x[0] = (unsigned char) (1 + mask);
Hash(k, x, sizeof x);
}
return 0;


+ 1
- 1
crypto_kem/ntrulpr653/clean/Makefile View File

@@ -4,7 +4,7 @@ LIB=libntrulpr653_clean.a
HEADERS=api.h crypto_core_multsntrup653.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_653x1541.h crypto_decode_653x3.h crypto_decode_653xint16.h crypto_decode_653xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_653x1541.h crypto_encode_653x1541round.h crypto_encode_653x3.h crypto_encode_653xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1025.h params.h
OBJECTS=crypto_core_multsntrup653.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_653x1541.o crypto_decode_653x3.o crypto_decode_653xint16.o crypto_decode_653xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_653x1541.o crypto_encode_653x1541round.o crypto_encode_653x3.o crypto_encode_653xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1025.o kem.o

CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS)
CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS)

all: $(LIB)



+ 3
- 3
crypto_kem/ntrulpr653/clean/crypto_core_multsntrup653.c View File

@@ -14,7 +14,7 @@ typedef int16 Fq;
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
return (Fq) x;
}

int PQCLEAN_NTRULPR653_CLEAN_crypto_core_multsntrup653(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) {
@@ -30,9 +30,9 @@ int PQCLEAN_NTRULPR653_CLEAN_crypto_core_multsntrup653(unsigned char *outbytes,
}

for (i = 0; i < p; ++i) {
small gi = kbytes[i];
small gi = (small) kbytes[i];
small gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (small) (gi0 - (gi & (gi0 << 1)));
}

for (i = 0; i < p; ++i) {


+ 19
- 19
crypto_kem/ntrulpr653/clean/crypto_decode_653x1541.c View File

@@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {

*q = 0;

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */
/* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */
/* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */
@@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += qpart;
/* x <= 49146 */

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
/* 0 <= newx <= m + 49146(2^14-1)/2^31 */
/* 0 <= newx <= m + 0.4 */
@@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += mask;
/* x < m */

*r = x;
*r = (uint16) x;
}

static uint16 uint32_mod_uint14(uint32 x, uint16 m) {
@@ -81,14 +81,14 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
r1 = (r1 << 8) | *--s;
r1 = (r1 << 8) | *--s;
r1 = uint32_mod_uint14(r1, 2608); /* needed only for invalid inputs */
R10[0] = r1;
R10[0] = (uint16) r1;

r2 = R10[0];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 71);
R9[0] = r0;
r1 = uint32_mod_uint14(r1, 9402); /* needed only for invalid inputs */
R9[1] = r1;
R9[1] = (uint16) r1;

R8[2] = R9[1];
r2 = R9[0];
@@ -96,14 +96,14 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 134);
R8[0] = r0;
r1 = uint32_mod_uint14(r1, 134); /* needed only for invalid inputs */
R8[1] = r1;
R8[1] = (uint16) r1;

r2 = R8[2];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 2953);
R7[4] = r0;
r1 = uint32_mod_uint14(r1, 815); /* needed only for invalid inputs */
R7[5] = r1;
R7[5] = (uint16) r1;
for (i = 1; i >= 0; --i) {
r2 = R8[i];
r2 = (r2 << 8) | *--s;
@@ -111,7 +111,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 2953);
R7[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 2953); /* needed only for invalid inputs */
R7[2 * i + 1] = r1;
R7[2 * i + 1] = (uint16) r1;
}

R6[10] = R7[5];
@@ -122,7 +122,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 13910);
R6[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 13910); /* needed only for invalid inputs */
R6[2 * i + 1] = r1;
R6[2 * i + 1] = (uint16) r1;
}

R5[20] = R6[10];
@@ -132,7 +132,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 1887);
R5[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 1887); /* needed only for invalid inputs */
R5[2 * i + 1] = r1;
R5[2 * i + 1] = (uint16) r1;
}

R4[40] = R5[20];
@@ -142,7 +142,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 695);
R4[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 695); /* needed only for invalid inputs */
R4[2 * i + 1] = r1;
R4[2 * i + 1] = (uint16) r1;
}

r2 = R4[40];
@@ -151,7 +151,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 6745);
R3[80] = r0;
r1 = uint32_mod_uint14(r1, 7910); /* needed only for invalid inputs */
R3[81] = r1;
R3[81] = (uint16) r1;
for (i = 39; i >= 0; --i) {
r2 = R4[i];
r2 = (r2 << 8) | *--s;
@@ -159,7 +159,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 6745);
R3[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 6745); /* needed only for invalid inputs */
R3[2 * i + 1] = r1;
R3[2 * i + 1] = (uint16) r1;
}

r2 = R3[81];
@@ -167,14 +167,14 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 1314);
R2[162] = r0;
r1 = uint32_mod_uint14(r1, 1541); /* needed only for invalid inputs */
R2[163] = r1;
R2[163] = (uint16) r1;
for (i = 80; i >= 0; --i) {
r2 = R3[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1314);
R2[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 1314); /* needed only for invalid inputs */
R2[2 * i + 1] = r1;
R2[2 * i + 1] = (uint16) r1;
}

R1[326] = R2[163];
@@ -185,16 +185,16 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 9277);
R1[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 9277); /* needed only for invalid inputs */
R1[2 * i + 1] = r1;
R1[2 * i + 1] = (uint16) r1;
}

R0[652] = 3 * R1[326] - 2310;
R0[652] = (int16) (3 * R1[326] - 2310);
for (i = 325; i >= 0; --i) {
r2 = R1[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1541);
R0[2 * i] = 3 * r0 - 2310;
R0[2 * i] = (int16) (3 * r0 - 2310);
r1 = uint32_mod_uint14(r1, 1541); /* needed only for invalid inputs */
R0[2 * i + 1] = 3 * r1 - 2310;
R0[2 * i + 1] = (int16) (3 * r1 - 2310);
}
}

+ 1
- 2
crypto_kem/ntrulpr653/clean/crypto_decode_653xint16.c View File

@@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653xint16(void *v, const unsigned ch
for (i = 0; i < 653; ++i) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
*x = u0 | u1;
*x = (uint16_t) (u0 | (u1 << 8));
x += 1;
s += 2;
}


+ 1
- 1
crypto_kem/ntrulpr653/clean/crypto_encode_256x16.c View File

@@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_256x16(unsigned char *s, const void
const unsigned char *T = v;
int i;
for (i = 0; i < 128; ++i) {
s[i] = T[2 * i] + (T[2 * i + 1] << 4);
s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4));
}
}

+ 1
- 1
crypto_kem/ntrulpr653/clean/crypto_encode_256x2.c View File

@@ -8,6 +8,6 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_256x2(unsigned char *s, const void *
s[i] = 0;
}
for (i = 0; i < 256; ++i) {
s[i >> 3] |= (r[i] & 1) << (i & 7);
s[i >> 3] |= (unsigned char) ((r[i] & 1) << (i & 7));
}
}

+ 31
- 31
crypto_kem/ntrulpr653/clean/crypto_encode_653x1541.c View File

@@ -15,24 +15,24 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v
uint32 r2;

for (i = 0; i < 326; ++i) {
r0 = (((R0[2 * i] + 2310) & 16383) * 10923) >> 15;
r1 = (((R0[2 * i + 1] + 2310) & 16383) * 10923) >> 15;
r0 = (uint16) ((((R0[2 * i] + 2310) & 16383) * 10923) >> 15);
r1 = (uint16) ((((R0[2 * i + 1] + 2310) & 16383) * 10923) >> 15);
r2 = r0 + r1 * (uint32)1541;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[326] = (((R0[652] + 2310) & 16383) * 10923) >> 15;
R[326] = (uint16) ((((R0[652] + 2310) & 16383) * 10923) >> 15);

for (i = 0; i < 163; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)9277;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[163] = R[326];

@@ -40,29 +40,29 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1314;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 41; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)6745;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 20; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)695;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[20] = R[40];

@@ -70,9 +70,9 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1887;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[10] = R[20];

@@ -80,11 +80,11 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)13910;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[5] = R[10];

@@ -92,36 +92,36 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[4];
r1 = R[5];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[2] = r2;
R[2] = (uint16) r2;

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)134;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)71;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0;
*out++ = (unsigned char) r0;
r0 >>= 8;
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 1
- 1
crypto_kem/ntrulpr653/clean/crypto_encode_653x1541round.c View File

@@ -11,7 +11,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541round(unsigned char *out, co
int i;

for (i = 0; i < p; ++i) {
x[i] = 3 * ((10923 * a[i] + 16384) >> 15);
x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15));
}
PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(out, x);
}

+ 3
- 3
crypto_kem/ntrulpr653/clean/crypto_encode_653x3.c View File

@@ -11,9 +11,9 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x3(unsigned char *s, const void *

for (i = 0; i < p / 4; ++i) {
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
x += (uint8) ((*f++ + 1) << 2);
x += (uint8) ((*f++ + 1) << 4);
x += (uint8) ((*f++ + 1) << 6);
*s++ = x;
}
x = *f++ + 1;


+ 2
- 2
crypto_kem/ntrulpr653/clean/crypto_encode_653xint16.c View File

@@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653xint16(unsigned char *s, const vo

for (i = 0; i < 653; ++i) {
uint16_t u = *x++;
*s++ = u;
*s++ = u >> 8;
*s++ = (unsigned char) u;
*s++ = (unsigned char) (u >> 8);
}
}

+ 13
- 13
crypto_kem/ntrulpr653/clean/kem.c View File

@@ -18,7 +18,7 @@

/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x) {
uint16 u = x;
uint16 u = (uint16) x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
@@ -38,24 +38,24 @@ typedef int16 Fq;
/* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */
/* assumes twos complement; use, e.g., gcc -fwrapv */
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
x -= (int32) (q * ((q18 * x) >> 18));
x -= (int32) (q * ((q27 * x + 67108864) >> 27));
return (Fq) x;
}

/* works for all uint32 x */
static Fq Fq_bigfreeze(uint32 x) {
x -= q * ((x * (uint64)q31) >> 31);
x -= q * ((x * (uint64)q31) >> 31);
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= q;
x += (-(x >> 31)) & (uint32)q;
return x;
return (Fq) x;
}

/* ----- Top and Right */

static int8 Top(Fq C) {
return (tau1 * (int32)(C + tau0) + 16384) >> 15;
return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15);
}

static Fq Right(int8 T) {
@@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
}
PQCLEAN_NTRULPR653_CLEAN_crypto_sort_uint32(L, ppadsort);
for (i = 0; i < p; ++i) {
out[i] = (L[i] & 3) - 1;
out[i] = (small) ((L[i] & 3) - 1);
}
}

@@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
static void Hash(unsigned char *out, const unsigned char *in, int inlen) {
unsigned char h[64];
int i;
sha512(h, in, inlen);
sha512(h, in, (size_t) inlen);
for (i = 0; i < 32; ++i) {
out[i] = h[i];
}
@@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR653_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha
int8 T[I];
Top_decode(T, c + Rounded_bytes);
for (i = 0; i < I; ++i) {
r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
}
}
}
@@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR653_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha
Hide(cnew, x, r, pk, cache);
mask = crypto_verify_clen(c, cnew);
for (i = 0; i < Inputs_bytes; ++i) {
x[1 + i] ^= mask & (x[1 + i] ^ rho[i]);
x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i]));
}
for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) {
x[1 + Inputs_bytes + i] = c[i];
}
x[0] = 1 + mask;
x[0] = (unsigned char) (1 + mask);
Hash(k, x, sizeof x);
}
return 0;


+ 1
- 1
crypto_kem/ntrulpr761/avx2/Makefile View File

@@ -4,7 +4,7 @@ LIB=libntrulpr761_avx2.a
HEADERS=api.h crypto_core_multsntrup761.h crypto_core_multsntrup761_ntt.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_761x1531.h crypto_decode_761x3.h crypto_decode_761xint16.h crypto_decode_761xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_761x1531.h crypto_encode_761x1531round.h crypto_encode_761x3.h crypto_encode_761xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1167.h params.h
OBJECTS=crypto_core_multsntrup761.o crypto_core_multsntrup761_ntt.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_761x1531.o crypto_decode_761x3.o crypto_decode_761xint16.o crypto_decode_761xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_761x1531.o crypto_encode_761x1531round.o crypto_encode_761x3.o crypto_encode_761xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1167.o kem.o

CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS)
CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS)

all: $(LIB)



+ 2
- 2
crypto_kem/ntrulpr761/avx2/crypto_core_multsntrup761.c View File

@@ -291,9 +291,9 @@ int PQCLEAN_NTRULPR761_AVX2_crypto_core_multsntrup761(unsigned char *outbytes, c
store_x16(&f[i], x);
}
for (i = 0; i < p; ++i) {
int8 gi = kbytes[i];
int8 gi = (int8) kbytes[i];
int8 gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (int16) (gi0 - (gi & (gi0 << 1)));
}

mult768(fg, f, g);


+ 1
- 1
crypto_kem/ntrulpr761/avx2/crypto_decode_256x2.c View File

@@ -3,7 +3,7 @@
#include <stdint.h>

#define COPY _mm256_set_epi64x(0x0303030303030303,0x0202020202020202,0x0101010101010101,0x0000000000000000)
#define MASK _mm256_set1_epi64x(0x8040201008040201)
#define MASK _mm256_set1_epi64x((int64_t) 0x8040201008040201)
#define MASK2 _mm256_set1_epi64x(0x0101010101010101)

void PQCLEAN_NTRULPR761_AVX2_crypto_decode_256x2(void *v, const unsigned char *s) {


+ 12
- 12
crypto_kem/ntrulpr761/avx2/crypto_decode_761x1531.c View File

@@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) {
}

static inline int16 mulhi(int16 x, int16 y) {
return (x * (int32)y) >> 16;
return (int16) ((x * (int32)y) >> 16);
}

static inline __m256i add(__m256i x, __m256i y) {
@@ -78,7 +78,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, 60) - mulhi(mullo(a0, -28292), 593); /* -297...311 */
a0 += s[1 * i + 0]; /* -297...566 */
a0 += (a0 >> 15) & 593; /* 0...592 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, -31055);

/* invalid inputs might need reduction mod 1500 */
@@ -100,7 +100,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, 672) - mulhi(mullo(a0, -2692), 6232); /* -3148...3152 */
a0 += s[2 * i + 0]; /* -3148...3407 */
a0 += (a0 >> 15) & 6232; /* 0...6231 */
a1 = (a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3);
a1 = (int16) ((a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3));
a1 = mullo(a1, 12451);

/* invalid inputs might need reduction mod 6232 */
@@ -119,7 +119,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, -476) - mulhi(mullo(a0, -13284), 1263); /* -751...631 */
a0 += s[1 * i + 0]; /* -751...886 */
a0 += (a0 >> 15) & 1263; /* 0...1262 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, -22001);

/* invalid inputs might need reduction mod 304 */
@@ -134,7 +134,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, -476) - mulhi(mullo(a0, -13284), 1263); /* -751...631 */
a0 += s[1 * i + 0]; /* -751...886 */
a0 += (a0 >> 15) & 1263; /* 0...1262 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, -22001);

/* invalid inputs might need reduction mod 1263 */
@@ -155,7 +155,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, 2348) - mulhi(mullo(a0, -1844), 9097); /* -4712...4741 */
a0 += s[2 * i + 0]; /* -4712...4996 */
a0 += (a0 >> 15) & 9097; /* 0...9096 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, 17081);

/* invalid inputs might need reduction mod 2188 */
@@ -172,7 +172,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, 2348) - mulhi(mullo(a0, -1844), 9097); /* -4712...4741 */
a0 += s[2 * i + 0]; /* -4712...4996 */
a0 += (a0 >> 15) & 9097; /* 0...9096 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, 17081);

/* invalid inputs might need reduction mod 9097 */
@@ -191,7 +191,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, 372) - mulhi(mullo(a0, -10994), 1526); /* -763...856 */
a0 += s[1 * i + 0]; /* -763...1111 */
a0 += (a0 >> 15) & 1526; /* 0...1525 */
a1 = (a2 << 7) + ((s[i] - a0) >> 1);
a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1));
a1 = mullo(a1, -18381);

/* invalid inputs might need reduction mod 367 */
@@ -206,7 +206,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, 372) - mulhi(mullo(a0, -10994), 1526); /* -763...856 */
a0 += s[1 * i + 0]; /* -763...1111 */
a0 += (a0 >> 15) & 1526; /* 0...1525 */
a1 = (a2 << 7) + ((s[i] - a0) >> 1);
a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1));
a1 = mullo(a1, -18381);

/* invalid inputs might need reduction mod 1526 */
@@ -225,7 +225,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, -284) - mulhi(mullo(a0, -26844), 625); /* -384...312 */
a0 += s[1 * i + 0]; /* -384...567 */
a0 += (a0 >> 15) & 625; /* 0...624 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, 32401);

/* invalid inputs might need reduction mod 150 */
@@ -276,7 +276,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char
a0 = mulhi(a0, 2816) - mulhi(mullo(a0, -2621), 6400); /* -3338...3378 */
a0 += s[2 * i + 0]; /* -3338...3633 */
a0 += (a0 >> 15) & 6400; /* 0...6399 */
a1 = (a2 << 8) + s[2 * i + 1] + ((s[2 * i] - a0) >> 8);
a1 = (int16) ((a2 << 8) + s[2 * i + 1] + ((s[2 * i] - a0) >> 8));
a1 = mullo(a1, 23593);

/* invalid inputs might need reduction mod 1531 */
@@ -397,7 +397,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char

/* R1 ------> R0: reconstruct mod 761*[1531] */

R0[760] = 3 * R1[380] - 2295;
R0[760] = (int16) (3 * R1[380] - 2295);
s -= 380;
i = 364;
for (;;) {


+ 1
- 2
crypto_kem/ntrulpr761/avx2/crypto_decode_761xint16.c View File

@@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761xint16(void *v, const unsigned cha
for (i = 0; i < 761; ++i) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
*x = u0 | u1;
*x = (uint16_t) (u0 | (u1 << 8));
x += 1;
s += 2;
}


+ 1
- 1
crypto_kem/ntrulpr761/avx2/crypto_encode_256x16.c View File

@@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_256x16(unsigned char *s, const void *
const unsigned char *T = v;
int i;
for (i = 0; i < 128; ++i) {
s[i] = T[2 * i] + (T[2 * i + 1] << 4);
s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4));
}
}

+ 32
- 32
crypto_kem/ntrulpr761/avx2/crypto_encode_256x2.c View File

@@ -29,60 +29,60 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_256x2(unsigned char *s, const void *v
int32_t c5 = _mm256_movemask_epi8(b5);
int32_t c6 = _mm256_movemask_epi8(b6);
int32_t c7 = _mm256_movemask_epi8(b7);
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = c1;
*s++ = (unsigned char) c0;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = c2;
*s++ = (unsigned char) c1;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = c3;
*s++ = (unsigned char) c2;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = c4;
*s++ = (unsigned char) c3;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = c5;
*s++ = (unsigned char) c4;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = c6;
*s++ = (unsigned char) c5;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = c7;
*s++ = (unsigned char) c6;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
}

+ 53
- 53
crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531.c View File

@@ -42,26 +42,26 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
R[380] = (((R0[760] + 2295) & 16383) * 10923) >> 15;
R[380] = (uint16) ((((R0[760] + 2295) & 16383) * 10923) >> 15);

reading = (uint16 *) R;
writing = R;
@@ -124,22 +124,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -195,22 +195,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -237,22 +237,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -261,41 +261,41 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)9097;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 3; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1263;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)6232;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)593;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0;
*out++ = (unsigned char) r0;
r0 >>= 8;
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 53
- 53
crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531round.c View File

@@ -44,26 +44,26 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
R[380] = (((3 * ((10923 * R0[760] + 16384) >> 15) + 2295) & 16383) * 10923) >> 15;
R[380] = (uint16) ((((3 * ((10923 * R0[760] + 16384) >> 15) + 2295) & 16383) * 10923) >> 15);

reading = (uint16 *) R;
writing = R;
@@ -126,22 +126,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -197,22 +197,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -239,22 +239,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -263,41 +263,41 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)9097;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 3; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1263;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)6232;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)593;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0;
*out++ = (unsigned char) r0;
r0 >>= 8;
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 2
- 2
crypto_kem/ntrulpr761/avx2/crypto_encode_761xint16.c View File

@@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761xint16(unsigned char *s, const voi

for (i = 0; i < 761; ++i) {
uint16_t u = *x++;
*s++ = u;
*s++ = u >> 8;
*s++ = (unsigned char) u;
*s++ = (unsigned char) (u >> 8);
}
}

+ 1
- 1
crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c View File

@@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~7;
n &= ~(size_t) 7;
}
do {
int32x8 x0 = int32x8_load(x);


+ 4
- 4
crypto_kem/ntrulpr761/avx2/crypto_verify_1167.c View File

@@ -27,10 +27,10 @@ int PQCLEAN_NTRULPR761_AVX2_crypto_verify_1167(const unsigned char *x, const uns
diff |= _mm256_srli_epi32(diff, 16);
diff |= _mm256_srli_epi64(diff, 32);

differentbits = _mm256_extract_epi8(diff, 0);
differentbits |= _mm256_extract_epi8(diff, 8);
differentbits |= _mm256_extract_epi8(diff, 16);
differentbits |= _mm256_extract_epi8(diff, 24);
differentbits = (unsigned int) _mm256_extract_epi8(diff, 0);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24);

return (int) (1 & ((differentbits - 1) >> 8)) - 1;
}

+ 13
- 13
crypto_kem/ntrulpr761/avx2/kem.c View File

@@ -18,7 +18,7 @@

/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x) {
uint16 u = x;
uint16 u = (uint16) x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
@@ -38,24 +38,24 @@ typedef int16 Fq;
/* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */
/* assumes twos complement; use, e.g., gcc -fwrapv */
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
x -= (int32) (q * ((q18 * x) >> 18));
x -= (int32) (q * ((q27 * x + 67108864) >> 27));
return (Fq) x;
}

/* works for all uint32 x */
static Fq Fq_bigfreeze(uint32 x) {
x -= q * ((x * (uint64)q31) >> 31);
x -= q * ((x * (uint64)q31) >> 31);
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= q;
x += (-(x >> 31)) & (uint32)q;
return x;
return (Fq) x;
}

/* ----- Top and Right */

static int8 Top(Fq C) {
return (tau1 * (int32)(C + tau0) + 16384) >> 15;
return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15);
}

static Fq Right(int8 T) {
@@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
}
PQCLEAN_NTRULPR761_AVX2_crypto_sort_uint32(L, ppadsort);
for (i = 0; i < p; ++i) {
out[i] = (L[i] & 3) - 1;
out[i] = (small) ((L[i] & 3) - 1);
}
}

@@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
static void Hash(unsigned char *out, const unsigned char *in, int inlen) {
unsigned char h[64];
int i;
sha512(h, in, inlen);
sha512(h, in, (size_t) inlen);
for (i = 0; i < 32; ++i) {
out[i] = h[i];
}
@@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR761_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char
int8 T[I];
Top_decode(T, c + Rounded_bytes);
for (i = 0; i < I; ++i) {
r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
}
}
}
@@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR761_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char
Hide(cnew, x, r, pk, cache);
mask = crypto_verify_clen(c, cnew);
for (i = 0; i < Inputs_bytes; ++i) {
x[1 + i] ^= mask & (x[1 + i] ^ rho[i]);
x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i]));
}
for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) {
x[1 + Inputs_bytes + i] = c[i];
}
x[0] = 1 + mask;
x[0] = (unsigned char) (1 + mask);
Hash(k, x, sizeof x);
}
return 0;


+ 1
- 1
crypto_kem/ntrulpr761/clean/Makefile View File

@@ -4,7 +4,7 @@ LIB=libntrulpr761_clean.a
HEADERS=api.h crypto_core_multsntrup761.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_761x1531.h crypto_decode_761x3.h crypto_decode_761xint16.h crypto_decode_761xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_761x1531.h crypto_encode_761x1531round.h crypto_encode_761x3.h crypto_encode_761xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1167.h params.h
OBJECTS=crypto_core_multsntrup761.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_761x1531.o crypto_decode_761x3.o crypto_decode_761xint16.o crypto_decode_761xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_761x1531.o crypto_encode_761x1531round.o crypto_encode_761x3.o crypto_encode_761xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1167.o kem.o

CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS)
CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS)

all: $(LIB)



+ 3
- 3
crypto_kem/ntrulpr761/clean/crypto_core_multsntrup761.c View File

@@ -14,7 +14,7 @@ typedef int16 Fq;
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
return (Fq) x;
}

int PQCLEAN_NTRULPR761_CLEAN_crypto_core_multsntrup761(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) {
@@ -30,9 +30,9 @@ int PQCLEAN_NTRULPR761_CLEAN_crypto_core_multsntrup761(unsigned char *outbytes,
}

for (i = 0; i < p; ++i) {
small gi = kbytes[i];
small gi = (small) kbytes[i];
small gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (small) (gi0 - (gi & (gi0 << 1)));
}

for (i = 0; i < p; ++i) {


+ 21
- 21
crypto_kem/ntrulpr761/clean/crypto_decode_761x1531.c View File

@@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {

*q = 0;

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */
/* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */
/* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */
@@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += qpart;
/* x <= 49146 */

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
/* 0 <= newx <= m + 49146(2^14-1)/2^31 */
/* 0 <= newx <= m + 0.4 */
@@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += mask;
/* x < m */

*r = x;
*r = (uint16) x;
}

static uint16 uint32_mod_uint14(uint32 x, uint16 m) {
@@ -81,14 +81,14 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
r1 = (r1 << 8) | *--s;
r1 = (r1 << 8) | *--s;
r1 = uint32_mod_uint14(r1, 3475); /* needed only for invalid inputs */
R10[0] = r1;
R10[0] = (uint16) r1;

r2 = R10[0];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 593);
R9[0] = r0;
r1 = uint32_mod_uint14(r1, 1500); /* needed only for invalid inputs */
R9[1] = r1;
R9[1] = (uint16) r1;

R8[2] = R9[1];
r2 = R9[0];
@@ -97,21 +97,21 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 6232);
R8[0] = r0;
r1 = uint32_mod_uint14(r1, 6232); /* needed only for invalid inputs */
R8[1] = r1;
R8[1] = (uint16) r1;

r2 = R8[2];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1263);
R7[4] = r0;
r1 = uint32_mod_uint14(r1, 304); /* needed only for invalid inputs */
R7[5] = r1;
R7[5] = (uint16) r1;
for (i = 1; i >= 0; --i) {
r2 = R8[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1263);
R7[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 1263); /* needed only for invalid inputs */
R7[2 * i + 1] = r1;
R7[2 * i + 1] = (uint16) r1;
}

r2 = R7[5];
@@ -120,7 +120,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 9097);
R6[10] = r0;
r1 = uint32_mod_uint14(r1, 2188); /* needed only for invalid inputs */
R6[11] = r1;
R6[11] = (uint16) r1;
for (i = 4; i >= 0; --i) {
r2 = R7[i];
r2 = (r2 << 8) | *--s;
@@ -128,7 +128,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 9097);
R6[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 9097); /* needed only for invalid inputs */
R6[2 * i + 1] = r1;
R6[2 * i + 1] = (uint16) r1;
}

r2 = R6[11];
@@ -136,14 +136,14 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 1526);
R5[22] = r0;
r1 = uint32_mod_uint14(r1, 367); /* needed only for invalid inputs */
R5[23] = r1;
R5[23] = (uint16) r1;
for (i = 10; i >= 0; --i) {
r2 = R6[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1526);
R5[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 1526); /* needed only for invalid inputs */
R5[2 * i + 1] = r1;
R5[2 * i + 1] = (uint16) r1;
}

r2 = R5[23];
@@ -151,14 +151,14 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 625);
R4[46] = r0;
r1 = uint32_mod_uint14(r1, 150); /* needed only for invalid inputs */
R4[47] = r1;
R4[47] = (uint16) r1;
for (i = 22; i >= 0; --i) {
r2 = R5[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 625);
R4[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 625); /* needed only for invalid inputs */
R4[2 * i + 1] = r1;
R4[2 * i + 1] = (uint16) r1;
}

r2 = R4[47];
@@ -167,7 +167,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 6400);
R3[94] = r0;
r1 = uint32_mod_uint14(r1, 1531); /* needed only for invalid inputs */
R3[95] = r1;
R3[95] = (uint16) r1;
for (i = 46; i >= 0; --i) {
r2 = R4[i];
r2 = (r2 << 8) | *--s;
@@ -175,7 +175,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 6400);
R3[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 6400); /* needed only for invalid inputs */
R3[2 * i + 1] = r1;
R3[2 * i + 1] = (uint16) r1;
}

R2[190] = R3[95];
@@ -185,7 +185,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 1280);
R2[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 1280); /* needed only for invalid inputs */
R2[2 * i + 1] = r1;
R2[2 * i + 1] = (uint16) r1;
}

R1[380] = R2[190];
@@ -196,16 +196,16 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 9157);
R1[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 9157); /* needed only for invalid inputs */
R1[2 * i + 1] = r1;
R1[2 * i + 1] = (uint16) r1;
}

R0[760] = 3 * R1[380] - 2295;
R0[760] = (int16) (3 * R1[380] - 2295);
for (i = 379; i >= 0; --i) {
r2 = R1[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1531);
R0[2 * i] = 3 * r0 - 2295;
R0[2 * i] = (int16) (3 * r0 - 2295);
r1 = uint32_mod_uint14(r1, 1531); /* needed only for invalid inputs */
R0[2 * i + 1] = 3 * r1 - 2295;
R0[2 * i + 1] = (int16) (3 * r1 - 2295);
}
}

+ 1
- 2
crypto_kem/ntrulpr761/clean/crypto_decode_761xint16.c View File

@@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761xint16(void *v, const unsigned ch
for (i = 0; i < 761; ++i) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
*x = u0 | u1;
*x = (uint16_t) (u0 | (u1 << 8));
x += 1;
s += 2;
}


+ 1
- 1
crypto_kem/ntrulpr761/clean/crypto_encode_256x16.c View File

@@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_256x16(unsigned char *s, const void
const unsigned char *T = v;
int i;
for (i = 0; i < 128; ++i) {
s[i] = T[2 * i] + (T[2 * i + 1] << 4);
s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4));
}
}

+ 1
- 1
crypto_kem/ntrulpr761/clean/crypto_encode_256x2.c View File

@@ -8,6 +8,6 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_256x2(unsigned char *s, const void *
s[i] = 0;
}
for (i = 0; i < 256; ++i) {
s[i >> 3] |= (r[i] & 1) << (i & 7);
s[i >> 3] |= (unsigned char) ((r[i] & 1) << (i & 7));
}
}

+ 29
- 29
crypto_kem/ntrulpr761/clean/crypto_encode_761x1531.c View File

@@ -15,24 +15,24 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531(unsigned char *out, const v
uint32 r2;

for (i = 0; i < 380; ++i) {
r0 = (((R0[2 * i] + 2295) & 16383) * 10923) >> 15;
r1 = (((R0[2 * i + 1] + 2295) & 16383) * 10923) >> 15;
r0 = (uint16) ((((R0[2 * i] + 2295) & 16383) * 10923) >> 15);
r1 = (uint16) ((((R0[2 * i + 1] + 2295) & 16383) * 10923) >> 15);
r2 = r0 + r1 * (uint32)1531;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[380] = (((R0[760] + 2295) & 16383) * 10923) >> 15;
R[380] = (uint16) ((((R0[760] + 2295) & 16383) * 10923) >> 15);

for (i = 0; i < 190; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)9157;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[190] = R[380];

@@ -40,9 +40,9 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1280;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[95] = R[190];

@@ -50,70 +50,70 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)6400;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 24; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)625;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 12; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1526;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 6; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)9097;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 3; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1263;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)6232;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)593;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0;
*out++ = (unsigned char) r0;
r0 >>= 8;
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 1
- 1
crypto_kem/ntrulpr761/clean/crypto_encode_761x1531round.c View File

@@ -11,7 +11,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531round(unsigned char *out, co
int i;

for (i = 0; i < p; ++i) {
x[i] = 3 * ((10923 * a[i] + 16384) >> 15);
x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15));
}
PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531(out, x);
}

+ 3
- 3
crypto_kem/ntrulpr761/clean/crypto_encode_761x3.c View File

@@ -11,9 +11,9 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x3(unsigned char *s, const void *

for (i = 0; i < p / 4; ++i) {
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
x += (uint8) ((*f++ + 1) << 2);
x += (uint8) ((*f++ + 1) << 4);
x += (uint8) ((*f++ + 1) << 6);
*s++ = x;
}
x = *f++ + 1;


+ 2
- 2
crypto_kem/ntrulpr761/clean/crypto_encode_761xint16.c View File

@@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761xint16(unsigned char *s, const vo

for (i = 0; i < 761; ++i) {
uint16_t u = *x++;
*s++ = u;
*s++ = u >> 8;
*s++ = (unsigned char) u;
*s++ = (unsigned char) (u >> 8);
}
}

+ 13
- 13
crypto_kem/ntrulpr761/clean/kem.c View File

@@ -18,7 +18,7 @@

/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x) {
uint16 u = x;
uint16 u = (uint16) x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
@@ -38,24 +38,24 @@ typedef int16 Fq;
/* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */
/* assumes twos complement; use, e.g., gcc -fwrapv */
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
x -= (int32) (q * ((q18 * x) >> 18));
x -= (int32) (q * ((q27 * x + 67108864) >> 27));
return (Fq) x;
}

/* works for all uint32 x */
static Fq Fq_bigfreeze(uint32 x) {
x -= q * ((x * (uint64)q31) >> 31);
x -= q * ((x * (uint64)q31) >> 31);
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= q;
x += (-(x >> 31)) & (uint32)q;
return x;
return (Fq) x;
}

/* ----- Top and Right */

static int8 Top(Fq C) {
return (tau1 * (int32)(C + tau0) + 16384) >> 15;
return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15);
}

static Fq Right(int8 T) {
@@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
}
PQCLEAN_NTRULPR761_CLEAN_crypto_sort_uint32(L, ppadsort);
for (i = 0; i < p; ++i) {
out[i] = (L[i] & 3) - 1;
out[i] = (small) ((L[i] & 3) - 1);
}
}

@@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
static void Hash(unsigned char *out, const unsigned char *in, int inlen) {
unsigned char h[64];
int i;
sha512(h, in, inlen);
sha512(h, in, (size_t) inlen);
for (i = 0; i < 32; ++i) {
out[i] = h[i];
}
@@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR761_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha
int8 T[I];
Top_decode(T, c + Rounded_bytes);
for (i = 0; i < I; ++i) {
r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
}
}
}
@@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR761_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha
Hide(cnew, x, r, pk, cache);
mask = crypto_verify_clen(c, cnew);
for (i = 0; i < Inputs_bytes; ++i) {
x[1 + i] ^= mask & (x[1 + i] ^ rho[i]);
x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i]));
}
for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) {
x[1 + Inputs_bytes + i] = c[i];
}
x[0] = 1 + mask;
x[0] = (unsigned char) (1 + mask);
Hash(k, x, sizeof x);
}
return 0;


+ 1
- 1
crypto_kem/ntrulpr857/avx2/Makefile View File

@@ -4,7 +4,7 @@ LIB=libntrulpr857_avx2.a
HEADERS=api.h crypto_core_multsntrup857.h crypto_core_multsntrup857_ntt.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_857x1723.h crypto_decode_857x3.h crypto_decode_857xint16.h crypto_decode_857xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_857x1723.h crypto_encode_857x1723round.h crypto_encode_857x3.h crypto_encode_857xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1312.h params.h
OBJECTS=crypto_core_multsntrup857.o crypto_core_multsntrup857_ntt.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_857x1723.o crypto_decode_857x3.o crypto_decode_857xint16.o crypto_decode_857xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_857x1723.o crypto_encode_857x1723round.o crypto_encode_857x3.o crypto_encode_857xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1312.o kem.o

CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS)
CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS)

all: $(LIB)



+ 2
- 2
crypto_kem/ntrulpr857/avx2/crypto_core_multsntrup857.c View File

@@ -398,9 +398,9 @@ int PQCLEAN_NTRULPR857_AVX2_crypto_core_multsntrup857(unsigned char *outbytes, c
store_x16(&f[i], x);
}
for (i = 0; i < p; ++i) {
int8 gi = kbytes[i];
int8 gi = (int8) kbytes[i];
int8 gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (int8) (gi0 - (gi & (gi0 << 1)));
}

mult1024(fg, f, g);


+ 1
- 1
crypto_kem/ntrulpr857/avx2/crypto_decode_256x2.c View File

@@ -3,7 +3,7 @@
#include <stdint.h>

#define COPY _mm256_set_epi64x(0x0303030303030303,0x0202020202020202,0x0101010101010101,0x0000000000000000)
#define MASK _mm256_set1_epi64x(0x8040201008040201)
#define MASK _mm256_set1_epi64x((int64_t) 0x8040201008040201)
#define MASK2 _mm256_set1_epi64x(0x0101010101010101)

void PQCLEAN_NTRULPR857_AVX2_crypto_decode_256x2(void *v, const unsigned char *s) {


+ 11
- 11
crypto_kem/ntrulpr857/avx2/crypto_decode_857x1723.c View File

@@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) {
}

static inline int16 mulhi(int16 x, int16 y) {
return (x * (int32)y) >> 16;
return (int16) ((x * (int32)y) >> 16);
}

static inline __m256i add(__m256i x, __m256i y) {
@@ -79,7 +79,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 = mulhi(a0, 276) - mulhi(mullo(a0, -22580), 743); /* -374...374 */
a0 += s[2 * i + 0]; /* -374...629 */
a0 += (a0 >> 15) & 743; /* 0...742 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, -3881);

/* invalid inputs might need reduction mod 14044 */
@@ -100,7 +100,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 -= 436; /* -670..>37 */
a0 += (a0 >> 15) & 436; /* -234...435 */
a0 += (a0 >> 15) & 436; /* 0...435 */
a1 = (a2 << 6) + ((s[i] - a0) >> 2);
a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2));
a1 = mullo(a1, 2405);

/* invalid inputs might need reduction mod 8246 */
@@ -117,7 +117,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 -= 436; /* -670..>37 */
a0 += (a0 >> 15) & 436; /* -234...435 */
a0 += (a0 >> 15) & 436; /* 0...435 */
a1 = (a2 << 6) + ((s[i] - a0) >> 2);
a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2));
a1 = mullo(a1, 2405);

/* invalid inputs might need reduction mod 436 */
@@ -139,7 +139,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 -= 334; /* -501..>103 */
a0 += (a0 >> 15) & 334; /* -167...333 */
a0 += (a0 >> 15) & 334; /* 0...333 */
a1 = (a2 << 7) + ((s[i] - a0) >> 1);
a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1));
a1 = mullo(a1, -22761);

/* invalid inputs might need reduction mod 334 */
@@ -160,7 +160,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 -= 292; /* -438..>125 */
a0 += (a0 >> 15) & 292; /* -146...291 */
a0 += (a0 >> 15) & 292; /* 0...291 */
a1 = (a2 << 6) + ((s[i] - a0) >> 2);
a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2));
a1 = mullo(a1, -3591);

/* invalid inputs might need reduction mod 7229 */
@@ -177,7 +177,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 -= 292; /* -438..>125 */
a0 += (a0 >> 15) & 292; /* -146...291 */
a0 += (a0 >> 15) & 292; /* 0...291 */
a1 = (a2 << 6) + ((s[i] - a0) >> 2);
a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2));
a1 = mullo(a1, -3591);

/* invalid inputs might need reduction mod 292 */
@@ -199,7 +199,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 -= 273; /* -410..>118 */
a0 += (a0 >> 15) & 273; /* -137...272 */
a0 += (a0 >> 15) & 273; /* 0...272 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, 4081);

/* invalid inputs might need reduction mod 273 */
@@ -218,7 +218,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 = mulhi(a0, -259) - mulhi(mullo(a0, -3971), 4225); /* -2178...2112 */
a0 += s[1 * i + 0]; /* -2178...2367 */
a0 += (a0 >> 15) & 4225; /* 0...4224 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, 12161);

/* invalid inputs might need reduction mod 438 */
@@ -272,7 +272,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char
a0 += s[1 * i + 0]; /* -33...287 */
a0 = mulhi(a0, 16) - mulhi(mullo(a0, -1008), 65); /* -33...32 */
a0 += (a0 >> 15) & 65; /* 0...64 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, 4033);

/* invalid inputs might need reduction mod 1723 */
@@ -391,7 +391,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char

/* R1 ------> R0: reconstruct mod 857*[1723] */

R0[856] = 3 * R1[428] - 2583;
R0[856] = (int16) (3 * R1[428] - 2583);
s -= 428;
i = 412;
for (;;) {


+ 1
- 2
crypto_kem/ntrulpr857/avx2/crypto_decode_857xint16.c View File

@@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857xint16(void *v, const unsigned cha
for (i = 0; i < 857; ++i) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
*x = u0 | u1;
*x = (uint16_t) (u0 | (u1 << 8));
x += 1;
s += 2;
}


+ 1
- 1
crypto_kem/ntrulpr857/avx2/crypto_encode_256x16.c View File

@@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_256x16(unsigned char *s, const void *
const unsigned char *T = v;
int i;
for (i = 0; i < 128; ++i) {
s[i] = T[2 * i] + (T[2 * i + 1] << 4);
s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4));
}
}

+ 32
- 32
crypto_kem/ntrulpr857/avx2/crypto_encode_256x2.c View File

@@ -29,60 +29,60 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_256x2(unsigned char *s, const void *v
int32_t c5 = _mm256_movemask_epi8(b5);
int32_t c6 = _mm256_movemask_epi8(b6);
int32_t c7 = _mm256_movemask_epi8(b7);
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = (unsigned char) c0;
c0 >>= 8;
*s++ = c0;
*s++ = c1;
*s++ = (unsigned char) c0;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = (unsigned char) c1;
c1 >>= 8;
*s++ = c1;
*s++ = c2;
*s++ = (unsigned char) c1;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = (unsigned char) c2;
c2 >>= 8;
*s++ = c2;
*s++ = c3;
*s++ = (unsigned char) c2;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = (unsigned char) c3;
c3 >>= 8;
*s++ = c3;
*s++ = c4;
*s++ = (unsigned char) c3;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = (unsigned char) c4;
c4 >>= 8;
*s++ = c4;
*s++ = c5;
*s++ = (unsigned char) c4;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = (unsigned char) c5;
c5 >>= 8;
*s++ = c5;
*s++ = c6;
*s++ = (unsigned char) c5;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = (unsigned char) c6;
c6 >>= 8;
*s++ = c6;
*s++ = c7;
*s++ = (unsigned char) c6;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
c7 >>= 8;
*s++ = c7;
*s++ = (unsigned char) c7;
}

+ 36
- 36
crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723.c View File

@@ -42,26 +42,26 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
R[428] = (((R0[856] + 2583) & 16383) * 10923) >> 15;
R[428] = (uint16) ((((R0[856] + 2583) & 16383) * 10923) >> 15);

reading = (uint16 *) R;
writing = R;
@@ -145,14 +145,14 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)65;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[106];
r1 = R[107];
r2 = r0 + r1 * (uint32)65;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[53] = r2;
R[53] = (uint16) r2;

reading = (uint16 *) R;
writing = R;
@@ -194,9 +194,9 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo
r0 = R[52];
r1 = R[53];
r2 = r0 + r1 * (uint32)4225;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[26] = r2;
R[26] = (uint16) r2;

reading = (uint16 *) R;
writing = R;
@@ -220,22 +220,22 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -245,18 +245,18 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)292;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 3; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)334;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[3] = R[6];

@@ -264,20 +264,20 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)436;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)743;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 36
- 36
crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723round.c View File

@@ -44,26 +44,26 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
R[428] = (((3 * ((10923 * R0[856] + 16384) >> 15) + 2583) & 16383) * 10923) >> 15;
R[428] = (uint16) ((((3 * ((10923 * R0[856] + 16384) >> 15) + 2583) & 16383) * 10923) >> 15);

reading = (uint16 *) R;
writing = R;
@@ -147,14 +147,14 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)65;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[106];
r1 = R[107];
r2 = r0 + r1 * (uint32)65;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[53] = r2;
R[53] = (uint16) r2;

reading = (uint16 *) R;
writing = R;
@@ -196,9 +196,9 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con
r0 = R[52];
r1 = R[53];
r2 = r0 + r1 * (uint32)4225;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[26] = r2;
R[26] = (uint16) r2;

reading = (uint16 *) R;
writing = R;
@@ -222,22 +222,22 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -247,18 +247,18 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)292;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 3; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)334;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[3] = R[6];

@@ -266,20 +266,20 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)436;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)743;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 2
- 2
crypto_kem/ntrulpr857/avx2/crypto_encode_857xint16.c View File

@@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857xint16(unsigned char *s, const voi

for (i = 0; i < 857; ++i) {
uint16_t u = *x++;
*s++ = u;
*s++ = u >> 8;
*s++ = (unsigned char) u;
*s++ = (unsigned char) (u >> 8);
}
}

+ 1
- 1
crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c View File

@@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~7;
n &= ~(size_t) 7;
}
do {
int32x8 x0 = int32x8_load(x);


+ 4
- 4
crypto_kem/ntrulpr857/avx2/crypto_verify_1312.c View File

@@ -27,10 +27,10 @@ int PQCLEAN_NTRULPR857_AVX2_crypto_verify_1312(const unsigned char *x, const uns
diff |= _mm256_srli_epi32(diff, 16);
diff |= _mm256_srli_epi64(diff, 32);

differentbits = _mm256_extract_epi8(diff, 0);
differentbits |= _mm256_extract_epi8(diff, 8);
differentbits |= _mm256_extract_epi8(diff, 16);
differentbits |= _mm256_extract_epi8(diff, 24);
differentbits = (unsigned int) _mm256_extract_epi8(diff, 0);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24);

return (int) (1 & ((differentbits - 1) >> 8)) - 1;
}

+ 13
- 13
crypto_kem/ntrulpr857/avx2/kem.c View File

@@ -18,7 +18,7 @@

/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x) {
uint16 u = x;
uint16 u = (uint16) x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
@@ -38,24 +38,24 @@ typedef int16 Fq;
/* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */
/* assumes twos complement; use, e.g., gcc -fwrapv */
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
x -= (int32) (q * ((q18 * x) >> 18));
x -= (int32) (q * ((q27 * x + 67108864) >> 27));
return (Fq) x;
}

/* works for all uint32 x */
static Fq Fq_bigfreeze(uint32 x) {
x -= q * ((x * (uint64)q31) >> 31);
x -= q * ((x * (uint64)q31) >> 31);
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= q;
x += (-(x >> 31)) & (uint32)q;
return x;
return (Fq) x;
}

/* ----- Top and Right */

static int8 Top(Fq C) {
return (tau1 * (int32)(C + tau0) + 16384) >> 15;
return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15);
}

static Fq Right(int8 T) {
@@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
}
PQCLEAN_NTRULPR857_AVX2_crypto_sort_uint32(L, ppadsort);
for (i = 0; i < p; ++i) {
out[i] = (L[i] & 3) - 1;
out[i] = (small) ((L[i] & 3) - 1);
}
}

@@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
static void Hash(unsigned char *out, const unsigned char *in, int inlen) {
unsigned char h[64];
int i;
sha512(h, in, inlen);
sha512(h, in, (size_t) inlen);
for (i = 0; i < 32; ++i) {
out[i] = h[i];
}
@@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR857_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char
int8 T[I];
Top_decode(T, c + Rounded_bytes);
for (i = 0; i < I; ++i) {
r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
}
}
}
@@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR857_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char
Hide(cnew, x, r, pk, cache);
mask = crypto_verify_clen(c, cnew);
for (i = 0; i < Inputs_bytes; ++i) {
x[1 + i] ^= mask & (x[1 + i] ^ rho[i]);
x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i]));
}
for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) {
x[1 + Inputs_bytes + i] = c[i];
}
x[0] = 1 + mask;
x[0] = (unsigned char) (1 + mask);
Hash(k, x, sizeof x);
}
return 0;


+ 1
- 1
crypto_kem/ntrulpr857/clean/Makefile View File

@@ -4,7 +4,7 @@ LIB=libntrulpr857_clean.a
HEADERS=api.h crypto_core_multsntrup857.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_857x1723.h crypto_decode_857x3.h crypto_decode_857xint16.h crypto_decode_857xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_857x1723.h crypto_encode_857x1723round.h crypto_encode_857x3.h crypto_encode_857xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1312.h params.h
OBJECTS=crypto_core_multsntrup857.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_857x1723.o crypto_decode_857x3.o crypto_decode_857xint16.o crypto_decode_857xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_857x1723.o crypto_encode_857x1723round.o crypto_encode_857x3.o crypto_encode_857xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1312.o kem.o

CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS)
CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS)

all: $(LIB)



+ 3
- 3
crypto_kem/ntrulpr857/clean/crypto_core_multsntrup857.c View File

@@ -14,7 +14,7 @@ typedef int16 Fq;
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
return (Fq) x;
}

int PQCLEAN_NTRULPR857_CLEAN_crypto_core_multsntrup857(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) {
@@ -30,9 +30,9 @@ int PQCLEAN_NTRULPR857_CLEAN_crypto_core_multsntrup857(unsigned char *outbytes,
}

for (i = 0; i < p; ++i) {
small gi = kbytes[i];
small gi = (small) kbytes[i];
small gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (small) (gi0 - (gi & (gi0 << 1)));
}

for (i = 0; i < p; ++i) {


+ 20
- 20
crypto_kem/ntrulpr857/clean/crypto_decode_857x1723.c View File

@@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {

*q = 0;

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */
/* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */
/* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */
@@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += qpart;
/* x <= 49146 */

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
/* 0 <= newx <= m + 49146(2^14-1)/2^31 */
/* 0 <= newx <= m + 0.4 */
@@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += mask;
/* x < m */

*r = x;
*r = (uint16) x;
}

static uint16 uint32_mod_uint14(uint32 x, uint16 m) {
@@ -80,7 +80,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
r1 = 0;
r1 = (r1 << 8) | *--s;
r1 = uint32_mod_uint14(r1, 160); /* needed only for invalid inputs */
R10[0] = r1;
R10[0] = (uint16) r1;

r2 = R10[0];
r2 = (r2 << 8) | *--s;
@@ -88,20 +88,20 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 743);
R9[0] = r0;
r1 = uint32_mod_uint14(r1, 14044); /* needed only for invalid inputs */
R9[1] = r1;
R9[1] = (uint16) r1;

r2 = R9[1];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 436);
R8[2] = r0;
r1 = uint32_mod_uint14(r1, 8246); /* needed only for invalid inputs */
R8[3] = r1;
R8[3] = (uint16) r1;
r2 = R9[0];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 436);
R8[0] = r0;
r1 = uint32_mod_uint14(r1, 436); /* needed only for invalid inputs */
R8[1] = r1;
R8[1] = (uint16) r1;

R7[6] = R8[3];
for (i = 2; i >= 0; --i) {
@@ -110,7 +110,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 334);
R7[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 334); /* needed only for invalid inputs */
R7[2 * i + 1] = r1;
R7[2 * i + 1] = (uint16) r1;
}

r2 = R7[6];
@@ -118,14 +118,14 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 292);
R6[12] = r0;
r1 = uint32_mod_uint14(r1, 7229); /* needed only for invalid inputs */
R6[13] = r1;
R6[13] = (uint16) r1;
for (i = 5; i >= 0; --i) {
r2 = R7[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 292);
R6[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 292); /* needed only for invalid inputs */
R6[2 * i + 1] = r1;
R6[2 * i + 1] = (uint16) r1;
}

R5[26] = R6[13];
@@ -135,7 +135,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 273);
R5[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 273); /* needed only for invalid inputs */
R5[2 * i + 1] = r1;
R5[2 * i + 1] = (uint16) r1;
}

r2 = R5[26];
@@ -143,7 +143,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 4225);
R4[52] = r0;
r1 = uint32_mod_uint14(r1, 438); /* needed only for invalid inputs */
R4[53] = r1;
R4[53] = (uint16) r1;
for (i = 25; i >= 0; --i) {
r2 = R5[i];
r2 = (r2 << 8) | *--s;
@@ -151,7 +151,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 4225);
R4[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 4225); /* needed only for invalid inputs */
R4[2 * i + 1] = r1;
R4[2 * i + 1] = (uint16) r1;
}

r2 = R4[53];
@@ -159,13 +159,13 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 65);
R3[106] = r0;
r1 = uint32_mod_uint14(r1, 1723); /* needed only for invalid inputs */
R3[107] = r1;
R3[107] = (uint16) r1;
for (i = 52; i >= 0; --i) {
r2 = R4[i];
uint32_divmod_uint14(&r1, &r0, r2, 65);
R3[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 65); /* needed only for invalid inputs */
R3[2 * i + 1] = r1;
R3[2 * i + 1] = (uint16) r1;
}

R2[214] = R3[107];
@@ -176,7 +176,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 2053);
R2[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 2053); /* needed only for invalid inputs */
R2[2 * i + 1] = r1;
R2[2 * i + 1] = (uint16) r1;
}

R1[428] = R2[214];
@@ -187,16 +187,16 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha
uint32_divmod_uint14(&r1, &r0, r2, 11597);
R1[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 11597); /* needed only for invalid inputs */
R1[2 * i + 1] = r1;
R1[2 * i + 1] = (uint16) r1;
}

R0[856] = 3 * R1[428] - 2583;
R0[856] = (int16) (3 * R1[428] - 2583);
for (i = 427; i >= 0; --i) {
r2 = R1[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1723);
R0[2 * i] = 3 * r0 - 2583;
R0[2 * i] = (int16) (3 * r0 - 2583);
r1 = uint32_mod_uint14(r1, 1723); /* needed only for invalid inputs */
R0[2 * i + 1] = 3 * r1 - 2583;
R0[2 * i + 1] = (int16) (3 * r1 - 2583);
}
}

+ 1
- 2
crypto_kem/ntrulpr857/clean/crypto_decode_857xint16.c View File

@@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857xint16(void *v, const unsigned ch
for (i = 0; i < 857; ++i) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
*x = u0 | u1;
*x = (uint16_t) (u0 | (u1 << 8));
x += 1;
s += 2;
}


+ 1
- 1
crypto_kem/ntrulpr857/clean/crypto_encode_256x16.c View File

@@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_256x16(unsigned char *s, const void
const unsigned char *T = v;
int i;
for (i = 0; i < 128; ++i) {
s[i] = T[2 * i] + (T[2 * i + 1] << 4);
s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4));
}
}

+ 1
- 1
crypto_kem/ntrulpr857/clean/crypto_encode_256x2.c View File

@@ -8,6 +8,6 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_256x2(unsigned char *s, const void *
s[i] = 0;
}
for (i = 0; i < 256; ++i) {
s[i >> 3] |= (r[i] & 1) << (i & 7);
s[i >> 3] |= (unsigned char) ((r[i] & 1) << (i & 7));
}
}

+ 31
- 31
crypto_kem/ntrulpr857/clean/crypto_encode_857x1723.c View File

@@ -15,24 +15,24 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v
uint32 r2;

for (i = 0; i < 428; ++i) {
r0 = (((R0[2 * i] + 2583) & 16383) * 10923) >> 15;
r1 = (((R0[2 * i + 1] + 2583) & 16383) * 10923) >> 15;
r0 = (uint16) ((((R0[2 * i] + 2583) & 16383) * 10923) >> 15);
r1 = (uint16) ((((R0[2 * i + 1] + 2583) & 16383) * 10923) >> 15);
r2 = r0 + r1 * (uint32)1723;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[428] = (((R0[856] + 2583) & 16383) * 10923) >> 15;
R[428] = (uint16) ((((R0[856] + 2583) & 16383) * 10923) >> 15);

for (i = 0; i < 214; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)11597;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[214] = R[428];

@@ -40,11 +40,11 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)2053;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[107] = R[214];

@@ -52,39 +52,39 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)65;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[106];
r1 = R[107];
r2 = r0 + r1 * (uint32)65;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[53] = r2;
R[53] = (uint16) r2;

for (i = 0; i < 26; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)4225;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[52];
r1 = R[53];
r2 = r0 + r1 * (uint32)4225;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[26] = r2;
R[26] = (uint16) r2;

for (i = 0; i < 13; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)273;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[13] = R[26];

@@ -92,18 +92,18 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)292;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

for (i = 0; i < 3; ++i) {
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)334;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[3] = R[6];

@@ -111,20 +111,20 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)436;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)743;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 1
- 1
crypto_kem/ntrulpr857/clean/crypto_encode_857x1723round.c View File

@@ -11,7 +11,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723round(unsigned char *out, co
int i;

for (i = 0; i < p; ++i) {
x[i] = 3 * ((10923 * a[i] + 16384) >> 15);
x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15));
}
PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(out, x);
}

+ 3
- 3
crypto_kem/ntrulpr857/clean/crypto_encode_857x3.c View File

@@ -11,9 +11,9 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x3(unsigned char *s, const void *

for (i = 0; i < p / 4; ++i) {
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
x += (uint8) ((*f++ + 1) << 2);
x += (uint8) ((*f++ + 1) << 4);
x += (uint8) ((*f++ + 1) << 6);
*s++ = x;
}
x = *f++ + 1;


+ 2
- 2
crypto_kem/ntrulpr857/clean/crypto_encode_857xint16.c View File

@@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857xint16(unsigned char *s, const vo

for (i = 0; i < 857; ++i) {
uint16_t u = *x++;
*s++ = u;
*s++ = u >> 8;
*s++ = (unsigned char) u;
*s++ = (unsigned char) (u >> 8);
}
}

+ 13
- 13
crypto_kem/ntrulpr857/clean/kem.c View File

@@ -18,7 +18,7 @@

/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x) {
uint16 u = x;
uint16 u = (uint16) x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
@@ -38,24 +38,24 @@ typedef int16 Fq;
/* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */
/* assumes twos complement; use, e.g., gcc -fwrapv */
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
x -= (int32) (q * ((q18 * x) >> 18));
x -= (int32) (q * ((q27 * x + 67108864) >> 27));
return (Fq) x;
}

/* works for all uint32 x */
static Fq Fq_bigfreeze(uint32 x) {
x -= q * ((x * (uint64)q31) >> 31);
x -= q * ((x * (uint64)q31) >> 31);
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= (uint32) (q * ((x * (uint64)q31) >> 31));
x -= q;
x += (-(x >> 31)) & (uint32)q;
return x;
return (Fq) x;
}

/* ----- Top and Right */

static int8 Top(Fq C) {
return (tau1 * (int32)(C + tau0) + 16384) >> 15;
return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15);
}

static Fq Right(int8 T) {
@@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
}
PQCLEAN_NTRULPR857_CLEAN_crypto_sort_uint32(L, ppadsort);
for (i = 0; i < p; ++i) {
out[i] = (L[i] & 3) - 1;
out[i] = (small) ((L[i] & 3) - 1);
}
}

@@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) {
static void Hash(unsigned char *out, const unsigned char *in, int inlen) {
unsigned char h[64];
int i;
sha512(h, in, inlen);
sha512(h, in, (size_t) inlen);
for (i = 0; i < 32; ++i) {
out[i] = h[i];
}
@@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR857_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha
int8 T[I];
Top_decode(T, c + Rounded_bytes);
for (i = 0; i < I; ++i) {
r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1));
}
}
}
@@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR857_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha
Hide(cnew, x, r, pk, cache);
mask = crypto_verify_clen(c, cnew);
for (i = 0; i < Inputs_bytes; ++i) {
x[1 + i] ^= mask & (x[1 + i] ^ rho[i]);
x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i]));
}
for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) {
x[1 + Inputs_bytes + i] = c[i];
}
x[0] = 1 + mask;
x[0] = (unsigned char) (1 + mask);
Hash(k, x, sizeof x);
}
return 0;


+ 1
- 1
crypto_kem/sntrup653/avx2/Makefile View File

@@ -4,7 +4,7 @@ LIB=libsntrup653_avx2.a
HEADERS=api.h crypto_core_inv3sntrup653.h crypto_core_invsntrup653.h crypto_core_mult3sntrup653.h crypto_core_multsntrup653.h crypto_core_multsntrup653_ntt.h crypto_core_scale3sntrup653.h crypto_core_weightsntrup653.h crypto_core_wforcesntrup653.h crypto_decode_653x1541.h crypto_decode_653x3.h crypto_decode_653x4621.h crypto_decode_653xint16.h crypto_decode_653xint32.h crypto_decode_int16.h crypto_encode_653x1541.h crypto_encode_653x1541round.h crypto_encode_653x3.h crypto_encode_653x4621.h crypto_encode_653xfreeze3.h crypto_encode_653xint16.h crypto_encode_int16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_897.h params.h
OBJECTS=crypto_core_inv3sntrup653.o crypto_core_invsntrup653.o crypto_core_mult3sntrup653.o crypto_core_multsntrup653.o crypto_core_multsntrup653_ntt.o crypto_core_scale3sntrup653.o crypto_core_weightsntrup653.o crypto_core_wforcesntrup653.o crypto_decode_653x1541.o crypto_decode_653x3.o crypto_decode_653x4621.o crypto_decode_653xint16.o crypto_decode_653xint32.o crypto_decode_int16.o crypto_encode_653x1541.o crypto_encode_653x1541round.o crypto_encode_653x3.o crypto_encode_653x4621.o crypto_encode_653xfreeze3.o crypto_encode_653xint16.o crypto_encode_int16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_897.o kem.o

CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS)
CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS)

all: $(LIB)



+ 22
- 22
crypto_kem/sntrup653/avx2/crypto_core_inv3sntrup653.c View File

@@ -179,7 +179,7 @@ static void vec256_final(small *out, const vec256 *V0, const vec256 *V1) {
vec256_tobits(V1, v1);

for (i = 0; i < ppad; ++i) {
v[i] = v0[i] + 2 * v1[i] - 4 * (v0[i] & v1[i]);
v[i] = (small) (v0[i] + 2 * v1[i] - 4 * (v0[i] & v1[i]));
}

for (i = 0; i < ppad; ++i) {
@@ -252,11 +252,11 @@ static inline int vec256_bit0mask(vec256 *f) {
static inline void vec256_divx_1(vec256 *f) {
vec256 f0 = f[0];

unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));
unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));

low0 = low0 >> 1;

f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3);
f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3);

f[0] = _mm256_permute4x64_epi64(f0, 0x39);
}
@@ -265,14 +265,14 @@ static inline void vec256_divx_2(vec256 *f) {
vec256 f0 = f[0];
vec256 f1 = f[1];

unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));
unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1));
unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));
unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1));

low0 = (low0 >> 1) | (low1 << 63);
low1 = low1 >> 1;

f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3);
f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3);
f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3);
f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3);

f[0] = _mm256_permute4x64_epi64(f0, 0x39);
f[1] = _mm256_permute4x64_epi64(f1, 0x39);
@@ -283,17 +283,17 @@ static inline void vec256_divx_3(vec256 *f) {
vec256 f1 = f[1];
vec256 f2 = f[2];

unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));
unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1));
unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2));
unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));
unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1));
unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2));

low0 = (low0 >> 1) | (low1 << 63);
low1 = (low1 >> 1) | (low2 << 63);
low2 = low2 >> 1;

f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3);
f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3);
f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3);
f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3);
f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3);
f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3);

f[0] = _mm256_permute4x64_epi64(f0, 0x39);
f[1] = _mm256_permute4x64_epi64(f1, 0x39);
@@ -303,11 +303,11 @@ static inline void vec256_divx_3(vec256 *f) {
static inline void vec256_timesx_1(vec256 *f) {
vec256 f0 = _mm256_permute4x64_epi64(f[0], 0x93);

unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));
unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));

low0 = low0 << 1;

f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3);
f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3);

f[0] = f0;
}
@@ -316,14 +316,14 @@ static inline void vec256_timesx_2(vec256 *f) {
vec256 f0 = _mm256_permute4x64_epi64(f[0], 0x93);
vec256 f1 = _mm256_permute4x64_epi64(f[1], 0x93);

unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));
unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1));
unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0));
unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1));

low1 = (low1 << 1) | (low0 >> 63);
low0 = low0 << 1;

f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3);
f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3);
f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3);
f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3);

f[0] = f0;
f[1] = f1;
@@ -336,7 +336,7 @@ static inline void vec256_timesx_3(vec256 *f) {

unsigned long long low0 = *(unsigned long long *) &f0;
unsigned long long low1 = *(unsigned long long *) &f1;
unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2));
unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2));

low2 = (low2 << 1) | (low1 >> 63);
low1 = (low1 << 1) | (low0 >> 63);
@@ -344,7 +344,7 @@ static inline void vec256_timesx_3(vec256 *f) {

*(unsigned long long *) &f0 = low0;
*(unsigned long long *) &f1 = low1;
f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3);
f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3);

f[0] = f0;
f[1] = f1;
@@ -537,6 +537,6 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_inv3sntrup653(unsigned char *outbytes, co
vec256_scale(V0, V1, c0vec, c1vec);

vec256_final(out, V0, V1);
out[p] = negative_mask(minusdelta);
out[p] = (small) negative_mask(minusdelta);
return 0;
}

+ 10
- 10
crypto_kem/sntrup653/avx2/crypto_core_invsntrup653.c View File

@@ -14,11 +14,11 @@

/* return -1 if x!=0; else return 0 */
static int int16_nonzero_mask(int16 x) {
uint16 u = x; /* 0, else 1...65535 */
uint16 u = (uint16) x; /* 0, else 1...65535 */
uint32 v = u; /* 0, else 1...65535 */
v = -v; /* 0, else 2^32-65535...2^32-1 */
v >>= 31; /* 0, else 1 */
return -v; /* 0, else -1 */
return -(int) v; /* 0, else -1 */
}

/* return -1 if x<0; otherwise return 0 */
@@ -37,7 +37,7 @@ typedef int16 Fq;
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
return (Fq) x;
}

/* nonnegative e */
@@ -158,13 +158,13 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_invsntrup653(unsigned char *outbytes, con
f0 = f[0];

minusdelta = -delta;
swap = int16_negative_mask(minusdelta) & int16_nonzero_mask(g0);
swap = int16_negative_mask((int16) minusdelta) & int16_nonzero_mask(g0);
delta ^= swap & (delta ^ minusdelta);
delta += 1;

fgflip = swap & (f0 ^ g0);
f0 ^= fgflip;
g0 ^= fgflip;
f0 ^= (Fq) fgflip;
g0 ^= (Fq) fgflip;

f[0] = f0;

@@ -177,13 +177,13 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_invsntrup653(unsigned char *outbytes, con
f0 = f[0];

minusdelta = -delta;
swap = int16_negative_mask(minusdelta) & int16_nonzero_mask(g0);
swap = int16_negative_mask((int16) minusdelta) & int16_nonzero_mask(g0);
delta ^= swap & (delta ^ minusdelta);
delta += 1;

fgflip = swap & (f0 ^ g0);
f0 ^= fgflip;
g0 ^= fgflip;
f0 ^= (Fq) fgflip;
g0 ^= (Fq) fgflip;

f[0] = f0;

@@ -197,6 +197,6 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_invsntrup653(unsigned char *outbytes, con
}

crypto_encode_pxint16(outbytes, out);
outbytes[2 * p] = int16_nonzero_mask(delta);
outbytes[2 * p] = (unsigned char) int16_nonzero_mask((int16) delta);
return 0;
}

+ 5
- 5
crypto_kem/sntrup653/avx2/crypto_core_mult3sntrup653.c View File

@@ -229,14 +229,14 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_mult3sntrup653(unsigned char *outbytes, c
}

for (i = 0; i < p; ++i) {
int8 fi = inbytes[i];
int8 fi = (int8) inbytes[i];
int8 fi0 = fi & 1;
f[i] = fi0 - (fi & (fi0 << 1));
f[i] = (int16) (fi0 - (fi & (fi0 << 1)));
}
for (i = 0; i < p; ++i) {
int8 gi = kbytes[i];
int8 gi = (int8) kbytes[i];
int8 gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (int16) (gi0 - (gi & (gi0 << 1)));
}

mult768(fg, f, g);
@@ -252,7 +252,7 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_mult3sntrup653(unsigned char *outbytes, c
}

for (i = 0; i < p; ++i) {
outbytes[i] = h[i];
outbytes[i] = (unsigned char) h[i];
}

return 0;


+ 2
- 2
crypto_kem/sntrup653/avx2/crypto_core_multsntrup653.c View File

@@ -291,9 +291,9 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_multsntrup653(unsigned char *outbytes, co
store_x16(&f[i], x);
}
for (i = 0; i < p; ++i) {
int8 gi = kbytes[i];
int8 gi = (int8) kbytes[i];
int8 gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (int16) (gi0 - (gi & (gi0 << 1)));
}

mult768(fg, f, g);


+ 2
- 2
crypto_kem/sntrup653/avx2/crypto_core_weightsntrup653.c View File

@@ -37,8 +37,8 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_weightsntrup653(unsigned char *outbytes,
sum = _mm256_hadd_epi16(sum, sum);
/* want sum[0]+sum[8] */

weight = _mm256_extract_epi16(sum, 0);
weight += _mm256_extract_epi16(sum, 8);
weight = (int16) _mm256_extract_epi16(sum, 0);
weight += (int16) _mm256_extract_epi16(sum, 8);

PQCLEAN_SNTRUP653_AVX2_crypto_encode_int16(outbytes, &weight);
return 0;


+ 1
- 1
crypto_kem/sntrup653/avx2/crypto_core_wforcesntrup653.c View File

@@ -17,7 +17,7 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_wforcesntrup653(unsigned char *out, const
crypto_core_weight((unsigned char *) &weight, in);
PQCLEAN_SNTRUP653_AVX2_crypto_decode_int16(&weight, (unsigned char *) &weight);

mask = (weight - w) | (w - weight);
mask = (int16) ((weight - w) | (w - weight));
mask >>= 15;
maskvec = _mm256_set1_epi16((short) ~mask);



+ 10
- 10
crypto_kem/sntrup653/avx2/crypto_decode_653x1541.c View File

@@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) {
}

static inline int16 mulhi(int16 x, int16 y) {
return (x * (int32)y) >> 16;
return (int16) ((x * (int32)y) >> 16);
}

static inline __m256i add(__m256i x, __m256i y) {
@@ -79,7 +79,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 += s[1 * i + 0]; /* -39...290 */
a0 = mulhi(a0, 3) - mulhi(mullo(a0, -923), 71); /* -36...35 */
a0 += (a0 >> 15) & 71; /* 0...70 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, -22153);

/* invalid inputs might need reduction mod 9402 */
@@ -100,7 +100,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 += s[1 * i + 0]; /* -67...325 */
a0 = mulhi(a0, 10) - mulhi(mullo(a0, -489), 134); /* -68...67 */
a0 += (a0 >> 15) & 134; /* 0...133 */
a1 = (a2 << 7) + ((s[i] - a0) >> 1);
a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1));
a1 = mullo(a1, 19563);

/* invalid inputs might need reduction mod 134 */
@@ -119,7 +119,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 1223) - mulhi(mullo(a0, -5681), 2953); /* -1477...1782 */
a0 += s[1 * i + 0]; /* -1477...2037 */
a0 += (a0 >> 15) & 2953; /* 0...2952 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, -9543);

/* invalid inputs might need reduction mod 815 */
@@ -136,7 +136,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 1223) - mulhi(mullo(a0, -5681), 2953); /* -1505...1514 */
a0 += s[2 * i + 0]; /* -1505...1769 */
a0 += (a0 >> 15) & 2953; /* 0...2952 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, -9543);

/* invalid inputs might need reduction mod 2953 */
@@ -158,7 +158,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 1756) - mulhi(mullo(a0, -1206), 13910); /* -7142...7159 */
a0 += s[2 * i + 0]; /* -7142...7414 */
a0 += (a0 >> 15) & 13910; /* 0...13909 */
a1 = (a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1);
a1 = (int16) ((a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1));
a1 = mullo(a1, -13437);

/* invalid inputs might need reduction mod 13910 */
@@ -178,7 +178,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, -101) - mulhi(mullo(a0, -8891), 1887); /* -969...943 */
a0 += s[1 * i + 0]; /* -969...1198 */
a0 += (a0 >> 15) & 1887; /* 0...1886 */
a1 = (a2 << 8) + s[i] - a0;
a1 = (int16) ((a2 << 8) + s[i] - a0);
a1 = mullo(a1, 5279);

/* invalid inputs might need reduction mod 1887 */
@@ -234,7 +234,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 2401) - mulhi(mullo(a0, -2487), 6745); /* -3497...3527 */
a0 += s[2 * i + 0]; /* -3497...3782 */
a0 += (a0 >> 15) & 6745; /* 0...6744 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, -29207);

/* invalid inputs might need reduction mod 7910 */
@@ -287,7 +287,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char
a0 = mulhi(a0, 64) - mulhi(mullo(a0, -12768), 1314); /* -657...673 */
a0 += s[1 * i + 0]; /* -657...928 */
a0 += (a0 >> 15) & 1314; /* 0...1313 */
a1 = (a2 << 7) + ((s[i] - a0) >> 1);
a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1));
a1 = mullo(a1, -399);

/* invalid inputs might need reduction mod 1541 */
@@ -369,7 +369,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char

/* R1 ------> R0: reconstruct mod 653*[1541] */

R0[652] = 3 * R1[326] - 2310;
R0[652] = (int16) (3 * R1[326] - 2310);
s -= 326;
i = 310;
for (;;) {


+ 9
- 9
crypto_kem/sntrup653/avx2/crypto_decode_653x4621.c View File

@@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) {
}

static inline int16 mulhi(int16 x, int16 y) {
return (x * (int32)y) >> 16;
return (int16) ((x * (int32)y) >> 16);
}

static inline __m256i add(__m256i x, __m256i y) {
@@ -81,7 +81,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char
a0 = mulhi(a0, 396) - mulhi(mullo(a0, -20092), 835); /* -421...422 */
a0 += s[2 * i + 0]; /* -421...677 */
a0 += (a0 >> 15) & 835; /* 0...834 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, 8555);

/* invalid inputs might need reduction mod 6708 */
@@ -103,7 +103,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char
a0 = mulhi(a0, 3088) - mulhi(mullo(a0, -2268), 7396); /* -3873...3920 */
a0 += s[2 * i + 0]; /* -3873...4175 */
a0 += (a0 >> 15) & 7396; /* 0...7395 */
a1 = (a2 << 14) + (s[2 * i + 1] << 6) + ((s[2 * i] - a0) >> 2);
a1 = (int16) ((a2 << 14) + (s[2 * i + 1] << 6) + ((s[2 * i] - a0) >> 2));
a1 = mullo(a1, -18679);

/* invalid inputs might need reduction mod 7396 */
@@ -120,7 +120,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char
a2 = a0 = R8[2];
a0 = mulhi(a0, 4) - mulhi(mullo(a0, -762), 86); /* -43...44 */
a0 += (a0 >> 15) & 86; /* 0...85 */
a1 = (a2 - a0) >> 1;
a1 = (int16) ((a2 - a0) >> 1);
a1 = mullo(a1, -16765);

/* invalid inputs might need reduction mod 78 */
@@ -134,7 +134,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char
a2 = a0 = R8[i];
a0 = mulhi(a0, 4) - mulhi(mullo(a0, -762), 86); /* -43...44 */
a0 += (a0 >> 15) & 86; /* 0...85 */
a1 = (a2 - a0) >> 1;
a1 = (int16) ((a2 - a0) >> 1);
a1 = mullo(a1, -16765);

/* invalid inputs might need reduction mod 86 */
@@ -156,7 +156,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char
a0 = mulhi(a0, -14) - mulhi(mullo(a0, -7079), 2370); /* -1186...1185 */
a0 += s[2 * i + 0]; /* -1186...1440 */
a0 += (a0 >> 15) & 2370; /* 0...2369 */
a1 = (a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1);
a1 = (int16) ((a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1));
a1 = mullo(a1, -8351);

/* invalid inputs might need reduction mod 2370 */
@@ -178,7 +178,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char
a0 = mulhi(a0, 4710) - mulhi(mullo(a0, -1346), 12461); /* -6679...6781 */
a0 += s[2 * i + 0]; /* -6679...7036 */
a0 += (a0 >> 15) & 12461; /* 0...12460 */
a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0;
a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0);
a1 = mullo(a1, -19675);

/* invalid inputs might need reduction mod 12461 */
@@ -234,7 +234,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char
a0 = mulhi(a0, 248) - mulhi(mullo(a0, -24818), 676); /* -340...340 */
a0 += s[2 * i + 0]; /* -340...595 */
a0 += (a0 >> 15) & 676; /* 0...675 */
a1 = (a2 << 14) + (s[2 * i + 1] << 6) + ((s[2 * i] - a0) >> 2);
a1 = (int16) ((a2 << 14) + (s[2 * i + 1] << 6) + ((s[2 * i] - a0) >> 2));
a1 = mullo(a1, -23655);

/* invalid inputs might need reduction mod 7510 */
@@ -285,7 +285,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char
a0 -= 416; /* -640..>47 */
a0 += (a0 >> 15) & 416; /* -224...415 */
a0 += (a0 >> 15) & 416; /* 0...415 */
a1 = (a2 << 3) + ((s[i] - a0) >> 5);
a1 = (int16) ((a2 << 3) + ((s[i] - a0) >> 5));
a1 = mullo(a1, 20165);

/* invalid inputs might need reduction mod 4621 */


+ 1
- 2
crypto_kem/sntrup653/avx2/crypto_decode_653xint16.c View File

@@ -8,8 +8,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653xint16(void *v, const unsigned char
for (i = 0; i < 653; ++i) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
*x = u0 | u1;
*x = (uint16_t) (u0 | (u1 << 8));
x += 1;
s += 2;
}


+ 1
- 1
crypto_kem/sntrup653/avx2/crypto_decode_int16.c View File

@@ -4,6 +4,6 @@
void PQCLEAN_SNTRUP653_AVX2_crypto_decode_int16(void *x, const unsigned char *s) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
u1 = (uint16_t) (u1 << 8);
*(uint16_t *) x = u0 | u1;
}

+ 47
- 47
crypto_kem/sntrup653/avx2/crypto_encode_653x1541.c View File

@@ -42,26 +42,26 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
R[326] = (((R0[652] + 2310) & 16383) * 10923) >> 15;
R[326] = (uint16) ((((R0[652] + 2310) & 16383) * 10923) >> 15);

reading = (uint16 *) R;
writing = R;
@@ -124,22 +124,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -204,22 +204,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -229,9 +229,9 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1887;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[10] = R[20];

@@ -239,11 +239,11 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)13910;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[5] = R[10];

@@ -251,36 +251,36 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[4];
r1 = R[5];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[2] = r2;
R[2] = (uint16) r2;

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)134;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)71;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0;
*out++ = (unsigned char) r0;
r0 >>= 8;
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 47
- 47
crypto_kem/sntrup653/avx2/crypto_encode_653x1541round.c View File

@@ -44,26 +44,26 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
R[326] = (((3 * ((10923 * R0[652] + 16384) >> 15) + 2310) & 16383) * 10923) >> 15;
R[326] = (uint16) ((((3 * ((10923 * R0[652] + 16384) >> 15) + 2310) & 16383) * 10923) >> 15);

reading = (uint16 *) R;
writing = R;
@@ -126,22 +126,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -206,22 +206,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -231,9 +231,9 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)1887;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[10] = R[20];

@@ -241,11 +241,11 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)13910;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[5] = R[10];

@@ -253,36 +253,36 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
r0 = R[4];
r1 = R[5];
r2 = r0 + r1 * (uint32)2953;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[2] = r2;
R[2] = (uint16) r2;

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)134;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)71;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0;
*out++ = (unsigned char) r0;
r0 >>= 8;
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 57
- 57
crypto_kem/sntrup653/avx2/crypto_encode_653x4621.c View File

@@ -82,22 +82,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -125,22 +125,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -162,33 +162,33 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
r0 = R[80];
r1 = R[81];
r2 = r0 + r1 * (uint32)676;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[40] = r2;
R[40] = (uint16) r2;

reading = (uint16 *) R;
writing = R;
@@ -212,22 +212,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi
));
x = _mm256_permute4x64_epi64(x, 0xd8);
_mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0));
s0 = _mm256_extract_epi32(x, 4);
*out++ = s0;
s0 = (uint32) _mm256_extract_epi32(x, 4);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
s0 = _mm256_extract_epi32(x, 6);
*out++ = s0;
*out++ = (unsigned char) s0;
s0 = (uint32) _mm256_extract_epi32(x, 6);
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
s0 >>= 8;
*out++ = s0;
*out++ = (unsigned char) s0;
reading += 16;
writing += 8;
}
@@ -237,11 +237,11 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)12461;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[10] = R[20];

@@ -249,11 +249,11 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)2370;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[i] = r2;
R[i] = (uint16) r2;
}
R[5] = R[10];

@@ -261,28 +261,28 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi
r0 = R[2 * i];
r1 = R[2 * i + 1];
r2 = r0 + r1 * (uint32)86;
R[i] = r2;
R[i] = (uint16) r2;
}

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)7396;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;
R[1] = R[2];

r0 = R[0];
r1 = R[1];
r2 = r0 + r1 * (uint32)835;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
*out++ = r2;
*out++ = (unsigned char) r2;
r2 >>= 8;
R[0] = r2;
R[0] = (uint16) r2;

r0 = R[0];
*out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
*out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/
}

+ 2
- 2
crypto_kem/sntrup653/avx2/crypto_encode_653xint16.c View File

@@ -7,7 +7,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653xint16(unsigned char *s, const void

for (i = 0; i < 653; ++i) {
uint16_t u = *x++;
*s++ = u;
*s++ = u >> 8;
*s++ = (unsigned char) u;
*s++ = (unsigned char) (u >> 8);
}
}

+ 2
- 2
crypto_kem/sntrup653/avx2/crypto_encode_int16.c View File

@@ -4,6 +4,6 @@

void PQCLEAN_SNTRUP653_AVX2_crypto_encode_int16(unsigned char *s, const void *x) {
uint16 u = *(const uint16 *) x;
s[0] = u;
s[1] = u >> 8;
s[0] = (unsigned char) u;
s[1] = (unsigned char) (u >> 8);
}

+ 1
- 1
crypto_kem/sntrup653/avx2/crypto_sort_int32.c View File

@@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~7;
n &= ~(size_t) 7;
}
do {
int32x8 x0 = int32x8_load(x);


+ 4
- 4
crypto_kem/sntrup653/avx2/crypto_verify_897.c View File

@@ -27,10 +27,10 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_verify_897(const unsigned char *x, const unsig
diff |= _mm256_srli_epi32(diff, 16);
diff |= _mm256_srli_epi64(diff, 32);

differentbits = _mm256_extract_epi8(diff, 0);
differentbits |= _mm256_extract_epi8(diff, 8);
differentbits |= _mm256_extract_epi8(diff, 16);
differentbits |= _mm256_extract_epi8(diff, 24);
differentbits = (unsigned int) _mm256_extract_epi8(diff, 0);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16);
differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24);

return (int) (1 & ((differentbits - 1) >> 8)) - 1;
}

+ 5
- 5
crypto_kem/sntrup653/avx2/kem.c View File

@@ -65,7 +65,7 @@ static void Rq_recip3(Fq *out, const small *in) {
static void Hash(unsigned char *out, const unsigned char *in, int inlen) {
unsigned char h[64];
int i;
sha512(h, in, inlen);
sha512(h, in, (size_t) inlen);
for (i = 0; i < 32; ++i) {
out[i] = h[i];
}
@@ -103,7 +103,7 @@ static void Short_random(small *out) {
}
PQCLEAN_SNTRUP653_AVX2_crypto_sort_uint32(L, ppadsort);
for (i = 0; i < p; ++i) {
out[i] = (L[i] & 3) - 1;
out[i] = (small) ((L[i] & 3) - 1);
}
}

@@ -115,7 +115,7 @@ static void Small_random(small *out) {
L[i] = urandom32();
}
for (i = 0; i < p; ++i) {
out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1;
out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1);
}
}

@@ -248,13 +248,13 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char
Hide(x, cnew, r_enc, r, pk, cache);
mask = crypto_verify_clen(c, cnew);
for (i = 0; i < Small_bytes; ++i) {
r_enc[i + 1] ^= mask & (r_enc[i + 1] ^ rho[i]);
r_enc[i + 1] ^= (unsigned char) (mask & (r_enc[i + 1] ^ rho[i]));
}
Hash(x + 1, r_enc, 1 + Small_bytes); /* XXX: can instead do cmov on cached hash of rho */
for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) {
x[1 + Hash_bytes + i] = c[i];
}
x[0] = 1 + mask;
x[0] = (unsigned char) (1 + mask);
Hash(k, x, sizeof x);
}
return 0;


+ 1
- 1
crypto_kem/sntrup653/clean/Makefile View File

@@ -4,7 +4,7 @@ LIB=libsntrup653_clean.a
HEADERS=api.h crypto_core_inv3sntrup653.h crypto_core_invsntrup653.h crypto_core_mult3sntrup653.h crypto_core_multsntrup653.h crypto_core_scale3sntrup653.h crypto_core_weightsntrup653.h crypto_core_wforcesntrup653.h crypto_decode_653x1541.h crypto_decode_653x3.h crypto_decode_653x4621.h crypto_decode_653xint16.h crypto_decode_653xint32.h crypto_encode_653x1541.h crypto_encode_653x1541round.h crypto_encode_653x3.h crypto_encode_653x4621.h crypto_encode_653xfreeze3.h crypto_encode_653xint16.h crypto_encode_int16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_897.h params.h
OBJECTS=crypto_core_inv3sntrup653.o crypto_core_invsntrup653.o crypto_core_mult3sntrup653.o crypto_core_multsntrup653.o crypto_core_scale3sntrup653.o crypto_core_weightsntrup653.o crypto_core_wforcesntrup653.o crypto_decode_653x1541.o crypto_decode_653x3.o crypto_decode_653x4621.o crypto_decode_653xint16.o crypto_decode_653xint32.o crypto_encode_653x1541.o crypto_encode_653x1541round.o crypto_encode_653x3.o crypto_encode_653x4621.o crypto_encode_653xfreeze3.o crypto_encode_653xint16.o crypto_encode_int16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_897.o kem.o

CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS)
CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS)

all: $(LIB)



+ 14
- 14
crypto_kem/sntrup653/clean/crypto_core_inv3sntrup653.c View File

@@ -13,16 +13,16 @@

/* return -1 if x!=0; else return 0 */
static int int16_nonzero_mask(int16 x) {
uint16 u = x; /* 0, else 1...65535 */
uint16 u = (uint16) x; /* 0, else 1...65535 */
uint32 v = u; /* 0, else 1...65535 */
v = -v; /* 0, else 2^32-65535...2^32-1 */
v >>= 31; /* 0, else 1 */
return -v; /* 0, else -1 */
return -(int) v; /* 0, else -1 */
}

/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x) {
uint16 u = x;
uint16 u = (uint16) x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
@@ -36,7 +36,7 @@ typedef int8 small;

/* works for -16384 <= x < 16384 */
static small F3_freeze(int16 x) {
return x - 3 * ((10923 * x + 16384) >> 15);
return (small) (x - 3 * ((10923 * x + 16384) >> 15));
}

/* byte p of output is 0 if recip succeeded; else -1 */
@@ -61,7 +61,7 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_inv3sntrup653(unsigned char *outbytes, c
f[p - 1] = f[p] = -1;
for (i = 0; i < p; ++i) {
small i1 = in[i] & 1;
g[p - 1 - i] = i1 - (in[i] & (i1 << 1));
g[p - 1 - i] = (small) (i1 - (in[i] & (i1 << 1)));
}
g[p] = 0;

@@ -74,24 +74,24 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_inv3sntrup653(unsigned char *outbytes, c
v[0] = 0;

sign = -g[0] * f[0];
swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]);
swap = int16_negative_mask(-(int16) delta) & int16_nonzero_mask(g[0]);
delta ^= swap & (delta ^ -delta);
delta += 1;

for (i = 0; i < p + 1; ++i) {
t = swap & (f[i] ^ g[i]);
f[i] ^= t;
g[i] ^= t;
f[i] ^= (small) t;
g[i] ^= (small) t;
t = swap & (v[i] ^ r[i]);
v[i] ^= t;
r[i] ^= t;
v[i] ^= (small) t;
r[i] ^= (small) t;
}

for (i = 0; i < p + 1; ++i) {
g[i] = F3_freeze(g[i] + sign * f[i]);
g[i] = F3_freeze((int16) (g[i] + sign * f[i]));
}
for (i = 0; i < p + 1; ++i) {
r[i] = F3_freeze(r[i] + sign * v[i]);
r[i] = F3_freeze((int16) (r[i] + sign * v[i]));
}

for (i = 0; i < p; ++i) {
@@ -102,9 +102,9 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_inv3sntrup653(unsigned char *outbytes, c

sign = f[0];
for (i = 0; i < p; ++i) {
out[i] = sign * v[p - 1 - i];
out[i] = (small) sign * v[p - 1 - i];
}

out[p] = int16_nonzero_mask(delta);
out[p] = (small) int16_nonzero_mask((int16) delta);
return 0;
}

+ 10
- 11
crypto_kem/sntrup653/clean/crypto_core_invsntrup653.c View File

@@ -13,16 +13,16 @@

/* return -1 if x!=0; else return 0 */
static int int16_nonzero_mask(int16 x) {
uint16 u = x; /* 0, else 1...65535 */
uint16 u = (uint16) x; /* 0, else 1...65535 */
uint32 v = u; /* 0, else 1...65535 */
v = -v; /* 0, else 2^32-65535...2^32-1 */
v >>= 31; /* 0, else 1 */
return -v; /* 0, else -1 */
return -(int) v; /* 0, else -1 */
}

/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x) {
uint16 u = x;
uint16 u = (uint16) x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
@@ -40,7 +40,7 @@ typedef int16 Fq;
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
return (Fq) x;
}

static Fq Fq_recip(Fq a1) {
@@ -91,17 +91,17 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_invsntrup653(unsigned char *outbytes, co
}
v[0] = 0;

swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]);
swap = int16_negative_mask((int16) - delta) & int16_nonzero_mask(g[0]);
delta ^= swap & (delta ^ -delta);
delta += 1;

for (i = 0; i < p + 1; ++i) {
t = swap & (f[i] ^ g[i]);
f[i] ^= t;
g[i] ^= t;
f[i] ^= (Fq) t;
g[i] ^= (Fq) t;
t = swap & (v[i] ^ r[i]);
v[i] ^= t;
r[i] ^= t;
v[i] ^= (Fq) t;
r[i] ^= (Fq) t;
}

f0 = f[0];
@@ -125,7 +125,6 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_invsntrup653(unsigned char *outbytes, co
}

crypto_encode_pxint16(outbytes, out);

outbytes[2 * p] = int16_nonzero_mask(delta);
outbytes[2 * p] = (unsigned char) int16_nonzero_mask((int16) delta);
return 0;
}

+ 7
- 7
crypto_kem/sntrup653/clean/crypto_core_mult3sntrup653.c View File

@@ -8,7 +8,7 @@ typedef int8 small;

/* works for -16384 <= x < 16384 */
static small F3_freeze(int16 x) {
return x - 3 * ((10923 * x + 16384) >> 15);
return (small) (x - 3 * ((10923 * x + 16384) >> 15));
}

int PQCLEAN_SNTRUP653_CLEAN_crypto_core_mult3sntrup653(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) {
@@ -20,27 +20,27 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_mult3sntrup653(unsigned char *outbytes,
int i, j;

for (i = 0; i < p; ++i) {
small fi = inbytes[i];
small fi = (small) inbytes[i];
small fi0 = fi & 1;
f[i] = fi0 - (fi & (fi0 << 1));
f[i] = (small) (fi0 - (fi & (fi0 << 1)));
}
for (i = 0; i < p; ++i) {
small gi = kbytes[i];
small gi = (small) kbytes[i];
small gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (small) (gi0 - (gi & (gi0 << 1)));
}

for (i = 0; i < p; ++i) {
result = 0;
for (j = 0; j <= i; ++j) {
result += f[j] * g[i - j];
result += (small) (f[j] * g[i - j]);
}
fg[i] = F3_freeze(result);
}
for (i = p; i < p + p - 1; ++i) {
result = 0;
for (j = i - p + 1; j < p; ++j) {
result += f[j] * g[i - j];
result += (small) (f[j] * g[i - j]);
}
fg[i] = F3_freeze(result);
}


+ 3
- 3
crypto_kem/sntrup653/clean/crypto_core_multsntrup653.c View File

@@ -14,7 +14,7 @@ typedef int16 Fq;
static Fq Fq_freeze(int32 x) {
x -= q * ((q18 * x) >> 18);
x -= q * ((q27 * x + 67108864) >> 27);
return x;
return (Fq) x;
}

int PQCLEAN_SNTRUP653_CLEAN_crypto_core_multsntrup653(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) {
@@ -30,9 +30,9 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_multsntrup653(unsigned char *outbytes, c
}

for (i = 0; i < p; ++i) {
small gi = kbytes[i];
small gi = (small) kbytes[i];
small gi0 = gi & 1;
g[i] = gi0 - (gi & (gi0 << 1));
g[i] = (small) (gi0 - (gi & (gi0 << 1)));
}

for (i = 0; i < p; ++i) {


+ 5
- 5
crypto_kem/sntrup653/clean/crypto_core_wforcesntrup653.c View File

@@ -12,11 +12,11 @@ typedef int8 small;

/* return -1 if x!=0; else return 0 */
static int int16_nonzero_mask(int16 x) {
uint16 u = x; /* 0, else 1...65535 */
uint16 u = (uint16) x; /* 0, else 1...65535 */
uint32 v = u; /* 0, else 1...65535 */
v = -v; /* 0, else 2^32-65535...2^32-1 */
v >>= 31; /* 0, else 1 */
return -v; /* 0, else -1 */
return -(int) v; /* 0, else -1 */
}

/* 0 if Weightw_is(r), else -1 */
@@ -27,7 +27,7 @@ static int Weightw_mask(const small *r) {
for (i = 0; i < p; ++i) {
weight += r[i] & 1;
}
return int16_nonzero_mask(weight - w);
return int16_nonzero_mask((int16) (weight - w));
}

/* out = in if bottom bits of in have weight w */
@@ -39,10 +39,10 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_wforcesntrup653(unsigned char *outbytes,

mask = Weightw_mask(in); /* 0 if weight w, else -1 */
for (i = 0; i < w; ++i) {
out[i] = ((in[i] ^ 1) & ~mask) ^ 1;
out[i] = (small) (((in[i] ^ 1) & ~mask) ^ 1);
}
for (i = w; i < p; ++i) {
out[i] = in[i] & ~mask;
out[i] = (small) (in[i] & ~mask);
}
return 0;
}

+ 19
- 19
crypto_kem/sntrup653/clean/crypto_decode_653x1541.c View File

@@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {

*q = 0;

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */
/* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */
/* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */
@@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += qpart;
/* x <= 49146 */

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
/* 0 <= newx <= m + 49146(2^14-1)/2^31 */
/* 0 <= newx <= m + 0.4 */
@@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += mask;
/* x < m */

*r = x;
*r = (uint16) x;
}

static uint16 uint32_mod_uint14(uint32 x, uint16 m) {
@@ -81,14 +81,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
r1 = (r1 << 8) | *--s;
r1 = (r1 << 8) | *--s;
r1 = uint32_mod_uint14(r1, 2608); /* needed only for invalid inputs */
R10[0] = r1;
R10[0] = (uint16) r1;

r2 = R10[0];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 71);
R9[0] = r0;
r1 = uint32_mod_uint14(r1, 9402); /* needed only for invalid inputs */
R9[1] = r1;
R9[1] = (uint16) r1;

R8[2] = R9[1];
r2 = R9[0];
@@ -96,14 +96,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 134);
R8[0] = r0;
r1 = uint32_mod_uint14(r1, 134); /* needed only for invalid inputs */
R8[1] = r1;
R8[1] = (uint16) r1;

r2 = R8[2];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 2953);
R7[4] = r0;
r1 = uint32_mod_uint14(r1, 815); /* needed only for invalid inputs */
R7[5] = r1;
R7[5] = (uint16) r1;
for (i = 1; i >= 0; --i) {
r2 = R8[i];
r2 = (r2 << 8) | *--s;
@@ -111,7 +111,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 2953);
R7[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 2953); /* needed only for invalid inputs */
R7[2 * i + 1] = r1;
R7[2 * i + 1] = (uint16) r1;
}

R6[10] = R7[5];
@@ -122,7 +122,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 13910);
R6[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 13910); /* needed only for invalid inputs */
R6[2 * i + 1] = r1;
R6[2 * i + 1] = (uint16) r1;
}

R5[20] = R6[10];
@@ -132,7 +132,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 1887);
R5[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 1887); /* needed only for invalid inputs */
R5[2 * i + 1] = r1;
R5[2 * i + 1] = (uint16) r1;
}

R4[40] = R5[20];
@@ -142,7 +142,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 695);
R4[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 695); /* needed only for invalid inputs */
R4[2 * i + 1] = r1;
R4[2 * i + 1] = (uint16) r1;
}

r2 = R4[40];
@@ -151,7 +151,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 6745);
R3[80] = r0;
r1 = uint32_mod_uint14(r1, 7910); /* needed only for invalid inputs */
R3[81] = r1;
R3[81] = (uint16) r1;
for (i = 39; i >= 0; --i) {
r2 = R4[i];
r2 = (r2 << 8) | *--s;
@@ -159,7 +159,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 6745);
R3[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 6745); /* needed only for invalid inputs */
R3[2 * i + 1] = r1;
R3[2 * i + 1] = (uint16) r1;
}

r2 = R3[81];
@@ -167,14 +167,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 1314);
R2[162] = r0;
r1 = uint32_mod_uint14(r1, 1541); /* needed only for invalid inputs */
R2[163] = r1;
R2[163] = (uint16) r1;
for (i = 80; i >= 0; --i) {
r2 = R3[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1314);
R2[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 1314); /* needed only for invalid inputs */
R2[2 * i + 1] = r1;
R2[2 * i + 1] = (uint16) r1;
}

R1[326] = R2[163];
@@ -185,16 +185,16 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 9277);
R1[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 9277); /* needed only for invalid inputs */
R1[2 * i + 1] = r1;
R1[2 * i + 1] = (uint16) r1;
}

R0[652] = 3 * R1[326] - 2310;
R0[652] = (int16) (3 * R1[326] - 2310);
for (i = 325; i >= 0; --i) {
r2 = R1[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 1541);
R0[2 * i] = 3 * r0 - 2310;
R0[2 * i] = (int16) (3 * r0 - 2310);
r1 = uint32_mod_uint14(r1, 1541); /* needed only for invalid inputs */
R0[2 * i + 1] = 3 * r1 - 2310;
R0[2 * i + 1] = (int16) (3 * r1 - 2310);
}
}

+ 19
- 19
crypto_kem/sntrup653/clean/crypto_decode_653x4621.c View File

@@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {

*q = 0;

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */
/* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */
/* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */
@@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += qpart;
/* x <= 49146 */

qpart = (x * (uint64)v) >> 31;
qpart = (uint32) ((x * (uint64)v) >> 31);
/* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
/* 0 <= newx <= m + 49146(2^14-1)/2^31 */
/* 0 <= newx <= m + 0.4 */
@@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) {
*q += mask;
/* x < m */

*r = x;
*r = (uint16) x;
}

static uint16 uint32_mod_uint14(uint32 x, uint16 m) {
@@ -80,7 +80,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
r1 = 0;
r1 = (r1 << 8) | *--s;
r1 = uint32_mod_uint14(r1, 86); /* needed only for invalid inputs */
R10[0] = r1;
R10[0] = (uint16) r1;

r2 = R10[0];
r2 = (r2 << 8) | *--s;
@@ -88,7 +88,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 835);
R9[0] = r0;
r1 = uint32_mod_uint14(r1, 6708); /* needed only for invalid inputs */
R9[1] = r1;
R9[1] = (uint16) r1;

R8[2] = R9[1];
r2 = R9[0];
@@ -97,19 +97,19 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 7396);
R8[0] = r0;
r1 = uint32_mod_uint14(r1, 7396); /* needed only for invalid inputs */
R8[1] = r1;
R8[1] = (uint16) r1;

r2 = R8[2];
uint32_divmod_uint14(&r1, &r0, r2, 86);
R7[4] = r0;
r1 = uint32_mod_uint14(r1, 78); /* needed only for invalid inputs */
R7[5] = r1;
R7[5] = (uint16) r1;
for (i = 1; i >= 0; --i) {
r2 = R8[i];
uint32_divmod_uint14(&r1, &r0, r2, 86);
R7[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 86); /* needed only for invalid inputs */
R7[2 * i + 1] = r1;
R7[2 * i + 1] = (uint16) r1;
}

R6[10] = R7[5];
@@ -120,7 +120,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 2370);
R6[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 2370); /* needed only for invalid inputs */
R6[2 * i + 1] = r1;
R6[2 * i + 1] = (uint16) r1;
}

R5[20] = R6[10];
@@ -131,7 +131,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 12461);
R5[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 12461); /* needed only for invalid inputs */
R5[2 * i + 1] = r1;
R5[2 * i + 1] = (uint16) r1;
}

R4[40] = R5[20];
@@ -141,7 +141,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 1786);
R4[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 1786); /* needed only for invalid inputs */
R4[2 * i + 1] = r1;
R4[2 * i + 1] = (uint16) r1;
}

r2 = R4[40];
@@ -150,14 +150,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 676);
R3[80] = r0;
r1 = uint32_mod_uint14(r1, 7510); /* needed only for invalid inputs */
R3[81] = r1;
R3[81] = (uint16) r1;
for (i = 39; i >= 0; --i) {
r2 = R4[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 676);
R3[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 676); /* needed only for invalid inputs */
R3[2 * i + 1] = r1;
R3[2 * i + 1] = (uint16) r1;
}

r2 = R3[81];
@@ -165,14 +165,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 416);
R2[162] = r0;
r1 = uint32_mod_uint14(r1, 4621); /* needed only for invalid inputs */
R2[163] = r1;
R2[163] = (uint16) r1;
for (i = 80; i >= 0; --i) {
r2 = R3[i];
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 416);
R2[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 416); /* needed only for invalid inputs */
R2[2 * i + 1] = r1;
R2[2 * i + 1] = (uint16) r1;
}

R1[326] = R2[163];
@@ -182,17 +182,17 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char
uint32_divmod_uint14(&r1, &r0, r2, 326);
R1[2 * i] = r0;
r1 = uint32_mod_uint14(r1, 326); /* needed only for invalid inputs */
R1[2 * i + 1] = r1;
R1[2 * i + 1] = (uint16) r1;
}

R0[652] = R1[326] - 2310;
R0[652] = (int16) (R1[326] - 2310);
for (i = 325; i >= 0; --i) {
r2 = R1[i];
r2 = (r2 << 8) | *--s;
r2 = (r2 << 8) | *--s;
uint32_divmod_uint14(&r1, &r0, r2, 4621);
R0[2 * i] = r0 - 2310;
R0[2 * i] = (int16) (r0 - 2310);
r1 = uint32_mod_uint14(r1, 4621); /* needed only for invalid inputs */
R0[2 * i + 1] = r1 - 2310;
R0[2 * i + 1] = (int16) (r1 - 2310);
}
}

+ 1
- 2
crypto_kem/sntrup653/clean/crypto_decode_653xint16.c View File

@@ -8,8 +8,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653xint16(void *v, const unsigned cha
for (i = 0; i < 653; ++i) {
uint16_t u0 = s[0];
uint16_t u1 = s[1];
u1 <<= 8;
*x = u0 | u1;
*x = (uint16_t) (u0 | (u1 << 8));
x += 1;
s += 2;
}


Some files were not shown because too many files changed in this diff

Write Preview
Loading…
Cancel
Save