diff --git a/crypto_sign/falcon-1024/clean/codec.c b/crypto_sign/falcon-1024/clean/codec.c index 27ea75fe..d9f5de74 100644 --- a/crypto_sign/falcon-1024/clean/codec.c +++ b/crypto_sign/falcon-1024/clean/codec.c @@ -75,7 +75,7 @@ PQCLEAN_FALCON1024_CLEAN_modq_encode( size_t PQCLEAN_FALCON1024_CLEAN_modq_decode( uint16_t *x, unsigned logn, - const void *in, size_t in_max_len) { + const void *in, size_t max_in_len) { size_t n, in_len, u; const uint8_t *buf; uint32_t acc; @@ -83,7 +83,7 @@ PQCLEAN_FALCON1024_CLEAN_modq_decode( n = (size_t)1 << logn; in_len = ((n * 14) + 7) >> 3; - if (in_len > in_max_len) { + if (in_len > max_in_len) { return 0; } buf = in; @@ -132,7 +132,8 @@ PQCLEAN_FALCON1024_CLEAN_trim_i16_encode( out_len = ((n * bits) + 7) >> 3; if (out == NULL) { return out_len; - } else if (out_len > max_out_len) { + } + if (out_len > max_out_len) { return 0; } buf = out; @@ -157,7 +158,7 @@ PQCLEAN_FALCON1024_CLEAN_trim_i16_encode( size_t PQCLEAN_FALCON1024_CLEAN_trim_i16_decode( int16_t *x, unsigned logn, unsigned bits, - const void *in, size_t in_max_len) { + const void *in, size_t max_in_len) { size_t n, in_len; const uint8_t *buf; size_t u; @@ -166,7 +167,7 @@ PQCLEAN_FALCON1024_CLEAN_trim_i16_decode( n = (size_t)1 << logn; in_len = ((n * bits) + 7) >> 3; - if (in_len > in_max_len) { + if (in_len > max_in_len) { return 0; } buf = in; @@ -225,7 +226,8 @@ PQCLEAN_FALCON1024_CLEAN_trim_i8_encode( out_len = ((n * bits) + 7) >> 3; if (out == NULL) { return out_len; - } else if (out_len > max_out_len) { + } + if (out_len > max_out_len) { return 0; } buf = out; @@ -250,7 +252,7 @@ PQCLEAN_FALCON1024_CLEAN_trim_i8_encode( size_t PQCLEAN_FALCON1024_CLEAN_trim_i8_decode( int8_t *x, unsigned logn, unsigned bits, - const void *in, size_t in_max_len) { + const void *in, size_t max_in_len) { size_t n, in_len; const uint8_t *buf; size_t u; @@ -259,7 +261,7 @@ PQCLEAN_FALCON1024_CLEAN_trim_i8_decode( n = (size_t)1 << logn; in_len = ((n * bits) + 7) >> 3; - if (in_len > in_max_len) { + if (in_len > max_in_len) { return 0; } buf = in; @@ -395,7 +397,7 @@ PQCLEAN_FALCON1024_CLEAN_comp_encode( size_t PQCLEAN_FALCON1024_CLEAN_comp_decode( int16_t *x, unsigned logn, - const void *in, size_t in_max_len) { + const void *in, size_t max_in_len) { const uint8_t *buf; size_t n, u, v; uint32_t acc; @@ -413,7 +415,7 @@ PQCLEAN_FALCON1024_CLEAN_comp_decode( * Get next eight bits: sign and low seven bits of the * absolute value. */ - if (v >= in_max_len) { + if (v >= max_in_len) { return 0; } acc = (acc << 8) | (uint32_t)buf[v ++]; @@ -426,7 +428,7 @@ PQCLEAN_FALCON1024_CLEAN_comp_decode( */ for (;;) { if (acc_len == 0) { - if (v >= in_max_len) { + if (v >= max_in_len) { return 0; } acc = (acc << 8) | (uint32_t)buf[v ++]; diff --git a/crypto_sign/falcon-1024/clean/common.c b/crypto_sign/falcon-1024/clean/common.c index 8ed3d538..065053c0 100644 --- a/crypto_sign/falcon-1024/clean/common.c +++ b/crypto_sign/falcon-1024/clean/common.c @@ -237,7 +237,7 @@ PQCLEAN_FALCON1024_CLEAN_is_short( /* see inner.h */ int PQCLEAN_FALCON1024_CLEAN_is_short_half( - uint32_t sqn, const int16_t *a, unsigned logn) { + uint32_t sqn, const int16_t *s2, unsigned logn) { size_t n, u; uint32_t ng; @@ -246,7 +246,7 @@ PQCLEAN_FALCON1024_CLEAN_is_short_half( for (u = 0; u < n; u ++) { int32_t z; - z = a[u]; + z = s2[u]; sqn += (uint32_t)(z * z); ng |= sqn; } diff --git a/crypto_sign/falcon-1024/clean/fpr.h b/crypto_sign/falcon-1024/clean/fpr.h index c5aa8887..79096be9 100644 --- a/crypto_sign/falcon-1024/clean/fpr.h +++ b/crypto_sign/falcon-1024/clean/fpr.h @@ -243,8 +243,7 @@ static inline int64_t fpr_rint(fpr x) { uint64_t m, d; int e; - uint32_t s, dd; - unsigned f; + uint32_t s, dd, f; /* * We assume that the value fits in -(2^63-1)..+(2^63-1). We can @@ -278,7 +277,7 @@ fpr_rint(fpr x) { */ d = fpr_ulsh(m, 63 - e); dd = (uint32_t)d | ((uint32_t)(d >> 32) & 0x1FFFFFFF); - f = (unsigned)(d >> 61) | (unsigned)((dd | -dd) >> 31); + f = (uint32_t)(d >> 61) | ((dd | -dd) >> 31); m = fpr_ursh(m, e) + (uint64_t)((0xC8U >> f) & 1U); /* diff --git a/crypto_sign/falcon-1024/clean/inner.h b/crypto_sign/falcon-1024/clean/inner.h index cfb214da..2a207830 100644 --- a/crypto_sign/falcon-1024/clean/inner.h +++ b/crypto_sign/falcon-1024/clean/inner.h @@ -343,12 +343,12 @@ int PQCLEAN_FALCON1024_CLEAN_get_seed(void *seed, size_t seed_len); */ typedef struct { union { - unsigned char d[512]; /* MUST be 512, exactly */ + uint8_t d[512]; /* MUST be 512, exactly */ uint64_t dummy_u64; } buf; size_t ptr; union { - unsigned char d[256]; + uint8_t d[256]; uint64_t dummy_u64; } state; int type; @@ -567,7 +567,7 @@ void PQCLEAN_FALCON1024_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l1 * f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1 * (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap. */ -void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict t0, fpr *restrict t1, +void PQCLEAN_FALCON1024_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, const fpr *restrict f, unsigned logn); /* diff --git a/crypto_sign/falcon-1024/clean/keygen.c b/crypto_sign/falcon-1024/clean/keygen.c index 2057e019..ef8de6a9 100644 --- a/crypto_sign/falcon-1024/clean/keygen.c +++ b/crypto_sign/falcon-1024/clean/keygen.c @@ -2183,7 +2183,7 @@ get_rng_u64(shake256_context *rng) { * We enforce little-endian representation. */ - unsigned char tmp[8]; + uint8_t tmp[8]; shake256_extract(rng, tmp, sizeof tmp); return (uint64_t)tmp[0] @@ -2414,7 +2414,7 @@ poly_small_sqnorm(const int8_t *f, unsigned logn) { */ static fpr * align_fpr(void *base, void *data) { - unsigned char *cb, *cd; + uint8_t *cb, *cd; size_t k, km; cb = base; @@ -2433,7 +2433,7 @@ align_fpr(void *base, void *data) { */ static uint32_t * align_u32(void *base, void *data) { - unsigned char *cb, *cd; + uint8_t *cb, *cd; size_t k, km; cb = base; diff --git a/crypto_sign/falcon-1024/clean/rng.c b/crypto_sign/falcon-1024/clean/rng.c index b93a6f97..e247a639 100644 --- a/crypto_sign/falcon-1024/clean/rng.c +++ b/crypto_sign/falcon-1024/clean/rng.c @@ -42,7 +42,7 @@ PQCLEAN_FALCON1024_CLEAN_prng_init(prng *p, shake256_context *src) { * must enforce little-endian interpretation of * the state words. */ - unsigned char tmp[56]; + uint8_t tmp[56]; uint64_t th, tl; int i; @@ -148,13 +148,13 @@ PQCLEAN_FALCON1024_CLEAN_prng_refill(prng *p) { */ for (v = 0; v < 16; v ++) { p->buf.d[(u << 2) + (v << 5) + 0] = - (unsigned char)state[v]; + (uint8_t)state[v]; p->buf.d[(u << 2) + (v << 5) + 1] = - (unsigned char)(state[v] >> 8); + (uint8_t)(state[v] >> 8); p->buf.d[(u << 2) + (v << 5) + 2] = - (unsigned char)(state[v] >> 16); + (uint8_t)(state[v] >> 16); p->buf.d[(u << 2) + (v << 5) + 3] = - (unsigned char)(state[v] >> 24); + (uint8_t)(state[v] >> 24); } } *(uint64_t *)(p->state.d + 48) = cc; @@ -166,7 +166,7 @@ PQCLEAN_FALCON1024_CLEAN_prng_refill(prng *p) { /* see inner.h */ void PQCLEAN_FALCON1024_CLEAN_prng_get_bytes(prng *p, void *dst, size_t len) { - unsigned char *buf; + uint8_t *buf; buf = dst; while (len > 0) { diff --git a/crypto_sign/falcon-1024/clean/sign.c b/crypto_sign/falcon-1024/clean/sign.c index 077d3615..1accda22 100644 --- a/crypto_sign/falcon-1024/clean/sign.c +++ b/crypto_sign/falcon-1024/clean/sign.c @@ -224,46 +224,46 @@ skoff_tree(unsigned logn) { /* see inner.h */ void -PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict sk, - const int8_t *f_src, const int8_t *g_src, - const int8_t *F_src, const int8_t *G_src, +PQCLEAN_FALCON1024_CLEAN_expand_privkey(fpr *restrict expanded_key, + const int8_t *f, const int8_t *g, + const int8_t *F, const int8_t *G, unsigned logn, uint8_t *restrict tmp) { size_t n; - fpr *f, *g, *F, *G; + fpr *rf, *rg, *rF, *rG; fpr *b00, *b01, *b10, *b11; fpr *g00, *g01, *g11, *gxx; fpr *tree; n = MKN(logn); - b00 = sk + skoff_b00(logn); - b01 = sk + skoff_b01(logn); - b10 = sk + skoff_b10(logn); - b11 = sk + skoff_b11(logn); - tree = sk + skoff_tree(logn); + b00 = expanded_key + skoff_b00(logn); + b01 = expanded_key + skoff_b01(logn); + b10 = expanded_key + skoff_b10(logn); + b11 = expanded_key + skoff_b11(logn); + tree = expanded_key + skoff_tree(logn); /* * We load the private key elements directly into the B0 matrix, * since B0 = [[g, -f], [G, -F]]. */ - f = b01; - g = b00; - F = b11; - G = b10; + rf = b01; + rg = b00; + rF = b11; + rG = b10; - smallints_to_fpr(f, f_src, logn); - smallints_to_fpr(g, g_src, logn); - smallints_to_fpr(F, F_src, logn); - smallints_to_fpr(G, G_src, logn); + smallints_to_fpr(rf, f, logn); + smallints_to_fpr(rg, g, logn); + smallints_to_fpr(rF, F, logn); + smallints_to_fpr(rG, G, logn); /* * Compute the FFT for the key elements, and negate f and F. */ - PQCLEAN_FALCON1024_CLEAN_FFT(f, logn); - PQCLEAN_FALCON1024_CLEAN_FFT(g, logn); - PQCLEAN_FALCON1024_CLEAN_FFT(F, logn); - PQCLEAN_FALCON1024_CLEAN_FFT(G, logn); - PQCLEAN_FALCON1024_CLEAN_poly_neg(f, logn); - PQCLEAN_FALCON1024_CLEAN_poly_neg(F, logn); + PQCLEAN_FALCON1024_CLEAN_FFT(rf, logn); + PQCLEAN_FALCON1024_CLEAN_FFT(rg, logn); + PQCLEAN_FALCON1024_CLEAN_FFT(rF, logn); + PQCLEAN_FALCON1024_CLEAN_FFT(rG, logn); + PQCLEAN_FALCON1024_CLEAN_poly_neg(rf, logn); + PQCLEAN_FALCON1024_CLEAN_poly_neg(rF, logn); /* * The Gram matrix is G = B·B*. Formulas are: diff --git a/crypto_sign/falcon-512/clean/codec.c b/crypto_sign/falcon-512/clean/codec.c index aa309e3c..dda9c975 100644 --- a/crypto_sign/falcon-512/clean/codec.c +++ b/crypto_sign/falcon-512/clean/codec.c @@ -75,7 +75,7 @@ PQCLEAN_FALCON512_CLEAN_modq_encode( size_t PQCLEAN_FALCON512_CLEAN_modq_decode( uint16_t *x, unsigned logn, - const void *in, size_t in_max_len) { + const void *in, size_t max_in_len) { size_t n, in_len, u; const uint8_t *buf; uint32_t acc; @@ -83,7 +83,7 @@ PQCLEAN_FALCON512_CLEAN_modq_decode( n = (size_t)1 << logn; in_len = ((n * 14) + 7) >> 3; - if (in_len > in_max_len) { + if (in_len > max_in_len) { return 0; } buf = in; @@ -132,7 +132,8 @@ PQCLEAN_FALCON512_CLEAN_trim_i16_encode( out_len = ((n * bits) + 7) >> 3; if (out == NULL) { return out_len; - } else if (out_len > max_out_len) { + } + if (out_len > max_out_len) { return 0; } buf = out; @@ -157,7 +158,7 @@ PQCLEAN_FALCON512_CLEAN_trim_i16_encode( size_t PQCLEAN_FALCON512_CLEAN_trim_i16_decode( int16_t *x, unsigned logn, unsigned bits, - const void *in, size_t in_max_len) { + const void *in, size_t max_in_len) { size_t n, in_len; const uint8_t *buf; size_t u; @@ -166,7 +167,7 @@ PQCLEAN_FALCON512_CLEAN_trim_i16_decode( n = (size_t)1 << logn; in_len = ((n * bits) + 7) >> 3; - if (in_len > in_max_len) { + if (in_len > max_in_len) { return 0; } buf = in; @@ -225,7 +226,8 @@ PQCLEAN_FALCON512_CLEAN_trim_i8_encode( out_len = ((n * bits) + 7) >> 3; if (out == NULL) { return out_len; - } else if (out_len > max_out_len) { + } + if (out_len > max_out_len) { return 0; } buf = out; @@ -250,7 +252,7 @@ PQCLEAN_FALCON512_CLEAN_trim_i8_encode( size_t PQCLEAN_FALCON512_CLEAN_trim_i8_decode( int8_t *x, unsigned logn, unsigned bits, - const void *in, size_t in_max_len) { + const void *in, size_t max_in_len) { size_t n, in_len; const uint8_t *buf; size_t u; @@ -259,7 +261,7 @@ PQCLEAN_FALCON512_CLEAN_trim_i8_decode( n = (size_t)1 << logn; in_len = ((n * bits) + 7) >> 3; - if (in_len > in_max_len) { + if (in_len > max_in_len) { return 0; } buf = in; @@ -395,7 +397,7 @@ PQCLEAN_FALCON512_CLEAN_comp_encode( size_t PQCLEAN_FALCON512_CLEAN_comp_decode( int16_t *x, unsigned logn, - const void *in, size_t in_max_len) { + const void *in, size_t max_in_len) { const uint8_t *buf; size_t n, u, v; uint32_t acc; @@ -413,7 +415,7 @@ PQCLEAN_FALCON512_CLEAN_comp_decode( * Get next eight bits: sign and low seven bits of the * absolute value. */ - if (v >= in_max_len) { + if (v >= max_in_len) { return 0; } acc = (acc << 8) | (uint32_t)buf[v ++]; @@ -426,7 +428,7 @@ PQCLEAN_FALCON512_CLEAN_comp_decode( */ for (;;) { if (acc_len == 0) { - if (v >= in_max_len) { + if (v >= max_in_len) { return 0; } acc = (acc << 8) | (uint32_t)buf[v ++]; diff --git a/crypto_sign/falcon-512/clean/common.c b/crypto_sign/falcon-512/clean/common.c index 67eddc61..bf17fe28 100644 --- a/crypto_sign/falcon-512/clean/common.c +++ b/crypto_sign/falcon-512/clean/common.c @@ -237,7 +237,7 @@ PQCLEAN_FALCON512_CLEAN_is_short( /* see inner.h */ int PQCLEAN_FALCON512_CLEAN_is_short_half( - uint32_t sqn, const int16_t *a, unsigned logn) { + uint32_t sqn, const int16_t *s2, unsigned logn) { size_t n, u; uint32_t ng; @@ -246,7 +246,7 @@ PQCLEAN_FALCON512_CLEAN_is_short_half( for (u = 0; u < n; u ++) { int32_t z; - z = a[u]; + z = s2[u]; sqn += (uint32_t)(z * z); ng |= sqn; } diff --git a/crypto_sign/falcon-512/clean/fpr.h b/crypto_sign/falcon-512/clean/fpr.h index 0ee50a5d..a9dcb831 100644 --- a/crypto_sign/falcon-512/clean/fpr.h +++ b/crypto_sign/falcon-512/clean/fpr.h @@ -243,8 +243,7 @@ static inline int64_t fpr_rint(fpr x) { uint64_t m, d; int e; - uint32_t s, dd; - unsigned f; + uint32_t s, dd, f; /* * We assume that the value fits in -(2^63-1)..+(2^63-1). We can @@ -278,7 +277,7 @@ fpr_rint(fpr x) { */ d = fpr_ulsh(m, 63 - e); dd = (uint32_t)d | ((uint32_t)(d >> 32) & 0x1FFFFFFF); - f = (unsigned)(d >> 61) | (unsigned)((dd | -dd) >> 31); + f = (uint32_t)(d >> 61) | ((dd | -dd) >> 31); m = fpr_ursh(m, e) + (uint64_t)((0xC8U >> f) & 1U); /* diff --git a/crypto_sign/falcon-512/clean/inner.h b/crypto_sign/falcon-512/clean/inner.h index d2083085..7d8c594a 100644 --- a/crypto_sign/falcon-512/clean/inner.h +++ b/crypto_sign/falcon-512/clean/inner.h @@ -343,12 +343,12 @@ int PQCLEAN_FALCON512_CLEAN_get_seed(void *seed, size_t seed_len); */ typedef struct { union { - unsigned char d[512]; /* MUST be 512, exactly */ + uint8_t d[512]; /* MUST be 512, exactly */ uint64_t dummy_u64; } buf; size_t ptr; union { - unsigned char d[256]; + uint8_t d[256]; uint64_t dummy_u64; } state; int type; @@ -567,7 +567,7 @@ void PQCLEAN_FALCON512_CLEAN_poly_LDLmv_fft(fpr *restrict d11, fpr *restrict l10 * f = f0(x^2) + x*f1(x^2), for half-size polynomials f0 and f1 * (polynomials modulo X^(N/2)+1). f0, f1 and f MUST NOT overlap. */ -void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict t0, fpr *restrict t1, +void PQCLEAN_FALCON512_CLEAN_poly_split_fft(fpr *restrict f0, fpr *restrict f1, const fpr *restrict f, unsigned logn); /* diff --git a/crypto_sign/falcon-512/clean/keygen.c b/crypto_sign/falcon-512/clean/keygen.c index 4730388f..41566648 100644 --- a/crypto_sign/falcon-512/clean/keygen.c +++ b/crypto_sign/falcon-512/clean/keygen.c @@ -2183,7 +2183,7 @@ get_rng_u64(shake256_context *rng) { * We enforce little-endian representation. */ - unsigned char tmp[8]; + uint8_t tmp[8]; shake256_extract(rng, tmp, sizeof tmp); return (uint64_t)tmp[0] @@ -2414,7 +2414,7 @@ poly_small_sqnorm(const int8_t *f, unsigned logn) { */ static fpr * align_fpr(void *base, void *data) { - unsigned char *cb, *cd; + uint8_t *cb, *cd; size_t k, km; cb = base; @@ -2433,7 +2433,7 @@ align_fpr(void *base, void *data) { */ static uint32_t * align_u32(void *base, void *data) { - unsigned char *cb, *cd; + uint8_t *cb, *cd; size_t k, km; cb = base; diff --git a/crypto_sign/falcon-512/clean/rng.c b/crypto_sign/falcon-512/clean/rng.c index 6dc9aec3..f09bec93 100644 --- a/crypto_sign/falcon-512/clean/rng.c +++ b/crypto_sign/falcon-512/clean/rng.c @@ -42,7 +42,7 @@ PQCLEAN_FALCON512_CLEAN_prng_init(prng *p, shake256_context *src) { * must enforce little-endian interpretation of * the state words. */ - unsigned char tmp[56]; + uint8_t tmp[56]; uint64_t th, tl; int i; @@ -148,13 +148,13 @@ PQCLEAN_FALCON512_CLEAN_prng_refill(prng *p) { */ for (v = 0; v < 16; v ++) { p->buf.d[(u << 2) + (v << 5) + 0] = - (unsigned char)state[v]; + (uint8_t)state[v]; p->buf.d[(u << 2) + (v << 5) + 1] = - (unsigned char)(state[v] >> 8); + (uint8_t)(state[v] >> 8); p->buf.d[(u << 2) + (v << 5) + 2] = - (unsigned char)(state[v] >> 16); + (uint8_t)(state[v] >> 16); p->buf.d[(u << 2) + (v << 5) + 3] = - (unsigned char)(state[v] >> 24); + (uint8_t)(state[v] >> 24); } } *(uint64_t *)(p->state.d + 48) = cc; @@ -166,7 +166,7 @@ PQCLEAN_FALCON512_CLEAN_prng_refill(prng *p) { /* see inner.h */ void PQCLEAN_FALCON512_CLEAN_prng_get_bytes(prng *p, void *dst, size_t len) { - unsigned char *buf; + uint8_t *buf; buf = dst; while (len > 0) { diff --git a/crypto_sign/falcon-512/clean/sign.c b/crypto_sign/falcon-512/clean/sign.c index a1c8ed6e..8909130f 100644 --- a/crypto_sign/falcon-512/clean/sign.c +++ b/crypto_sign/falcon-512/clean/sign.c @@ -224,46 +224,46 @@ skoff_tree(unsigned logn) { /* see inner.h */ void -PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict sk, - const int8_t *f_src, const int8_t *g_src, - const int8_t *F_src, const int8_t *G_src, +PQCLEAN_FALCON512_CLEAN_expand_privkey(fpr *restrict expanded_key, + const int8_t *f, const int8_t *g, + const int8_t *F, const int8_t *G, unsigned logn, uint8_t *restrict tmp) { size_t n; - fpr *f, *g, *F, *G; + fpr *rf, *rg, *rF, *rG; fpr *b00, *b01, *b10, *b11; fpr *g00, *g01, *g11, *gxx; fpr *tree; n = MKN(logn); - b00 = sk + skoff_b00(logn); - b01 = sk + skoff_b01(logn); - b10 = sk + skoff_b10(logn); - b11 = sk + skoff_b11(logn); - tree = sk + skoff_tree(logn); + b00 = expanded_key + skoff_b00(logn); + b01 = expanded_key + skoff_b01(logn); + b10 = expanded_key + skoff_b10(logn); + b11 = expanded_key + skoff_b11(logn); + tree = expanded_key + skoff_tree(logn); /* * We load the private key elements directly into the B0 matrix, * since B0 = [[g, -f], [G, -F]]. */ - f = b01; - g = b00; - F = b11; - G = b10; + rf = b01; + rg = b00; + rF = b11; + rG = b10; - smallints_to_fpr(f, f_src, logn); - smallints_to_fpr(g, g_src, logn); - smallints_to_fpr(F, F_src, logn); - smallints_to_fpr(G, G_src, logn); + smallints_to_fpr(rf, f, logn); + smallints_to_fpr(rg, g, logn); + smallints_to_fpr(rF, F, logn); + smallints_to_fpr(rG, G, logn); /* * Compute the FFT for the key elements, and negate f and F. */ - PQCLEAN_FALCON512_CLEAN_FFT(f, logn); - PQCLEAN_FALCON512_CLEAN_FFT(g, logn); - PQCLEAN_FALCON512_CLEAN_FFT(F, logn); - PQCLEAN_FALCON512_CLEAN_FFT(G, logn); - PQCLEAN_FALCON512_CLEAN_poly_neg(f, logn); - PQCLEAN_FALCON512_CLEAN_poly_neg(F, logn); + PQCLEAN_FALCON512_CLEAN_FFT(rf, logn); + PQCLEAN_FALCON512_CLEAN_FFT(rg, logn); + PQCLEAN_FALCON512_CLEAN_FFT(rF, logn); + PQCLEAN_FALCON512_CLEAN_FFT(rG, logn); + PQCLEAN_FALCON512_CLEAN_poly_neg(rf, logn); + PQCLEAN_FALCON512_CLEAN_poly_neg(rF, logn); /* * The Gram matrix is G = B·B*. Formulas are: