diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c index b837b994..2e0ecaa6 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -187,11 +185,7 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 } -// TODO: these defines are not really required for a clean implementation - just implement directly #define calculate_Q_from_F_impl calculate_Q_from_F_ref void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_impl( Qs, Fs, Ts ); } - - - diff --git a/crypto_sign/rainbowIIIc-classic/clean/sign.c b/crypto_sign/rainbowIIIc-classic/clean/sign.c index 72586750..05281ca5 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/sign.c +++ b/crypto_sign/rainbowIIIc-classic/clean/sign.c @@ -12,23 +12,15 @@ #include #include - - int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -38,35 +30,29 @@ PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, c memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_signature( @@ -88,5 +74,4 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c index 6aa3f0c5..dfc5f31d 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, con void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c index f85515b8..8aa74a38 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c index bb32b60e..50fa1be4 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cp } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Q void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/sign.c b/crypto_sign/rainbowIIIc-cyclic/clean/sign.c index 8730d410..b15c0fc9 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/sign.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, co memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index d66ccb33..a0014a99 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -100,7 +100,7 @@ unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); for (unsigned i = 0; i < n; i++) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } @@ -128,7 +128,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 752a42ee..421b406c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -187,11 +185,7 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 } -// TODO: these defines are not really required for a clean implementation - just implement directly #define calculate_Q_from_F_impl calculate_Q_from_F_ref void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_impl( Qs, Fs, Ts ); } - - - diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index 413c1466..193c9079 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -12,23 +12,15 @@ #include #include - - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -38,35 +30,29 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( @@ -88,5 +74,4 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c index 9a4ae8a8..995df9c9 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c @@ -100,7 +100,7 @@ unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); for (unsigned i = 0; i < n; i++) { PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } @@ -128,7 +128,7 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, con gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c index 1f71ea72..cbc980a6 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c index 6ef18fff..4d30082d 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *s memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index 7d2d1156..c720582d 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -100,7 +100,7 @@ unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); for (unsigned i = 0; i < n; i++) { PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } @@ -128,7 +128,7 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c index 5869d9b7..44af1c99 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowIa-cyclic/clean/sign.c b/crypto_sign/rainbowIa-cyclic/clean/sign.c index 065c9bad..a4390e7d 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/sign.c +++ b/crypto_sign/rainbowIa-cyclic/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, cons memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c index 78e632a5..297ddc52 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -187,11 +185,7 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 } -// TODO: these defines are not really required for a clean implementation - just implement directly #define calculate_Q_from_F_impl calculate_Q_from_F_ref void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_impl( Qs, Fs, Ts ); } - - - diff --git a/crypto_sign/rainbowVc-classic/clean/sign.c b/crypto_sign/rainbowVc-classic/clean/sign.c index c0e87b4d..bf2b089b 100644 --- a/crypto_sign/rainbowVc-classic/clean/sign.c +++ b/crypto_sign/rainbowVc-classic/clean/sign.c @@ -12,23 +12,15 @@ #include #include - - int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -38,35 +30,29 @@ PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_signature( @@ -88,5 +74,4 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c index 7762e3f5..e9d1f73c 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c index 41c9baeb..c9b5f650 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *s memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c index 86f5333f..b2136209 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowVc-cyclic/clean/sign.c b/crypto_sign/rainbowVc-cyclic/clean/sign.c index a2c7bd3a..df155aa6 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/sign.c +++ b/crypto_sign/rainbowVc-cyclic/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, cons memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + + rc = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - - + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - }