diff --git a/crypto_kem/firesaber/META.yml b/crypto_kem/firesaber/META.yml index def16e46..d1781339 100644 --- a/crypto_kem/firesaber/META.yml +++ b/crypto_kem/firesaber/META.yml @@ -14,9 +14,9 @@ principal-submitters: - Frederik Vercauteren implementations: - name: clean - version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber - name: avx2 - version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber supported_platforms: - architecture: x86_64 operating_systems: diff --git a/crypto_kem/firesaber/avx2/SABER_indcpa.c b/crypto_kem/firesaber/avx2/SABER_indcpa.c index ab017224..625a3f6b 100644 --- a/crypto_kem/firesaber/avx2/SABER_indcpa.c +++ b/crypto_kem/firesaber/avx2/SABER_indcpa.c @@ -66,7 +66,7 @@ static void GenSecret(uint16_t r[SABER_K][SABER_N], const uint8_t *seed) { } //********************************matrix-vector mul routines***************************************************** -static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[NUM_POLY][AVX_N1], int isTranspose) { +static void matrix_vector_mul(__m256i res_avx[NUM_POLY][AVX_N1], __m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], int isTranspose) { int64_t i, j; __m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time @@ -86,7 +86,7 @@ static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1 } -static void vector_vector_mul(__m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[AVX_N1]) { +static void vector_vector_mul(__m256i res_avx[AVX_N1], __m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4]) { int64_t i; @@ -162,7 +162,7 @@ void PQCLEAN_FIRESABER_AVX2_indcpa_kem_keypair(uint8_t *pk, uint8_t *sk) { for (j = 0; j < NUM_POLY; j++) { TC_eval(sk_avx[j], b_bucket[j]); } - matrix_vector_mul(a_avx, b_bucket, res_avx, 1);// Matrix-vector multiplication; Matrix in transposed order + matrix_vector_mul(res_avx, a_avx, b_bucket, 1);// Matrix-vector multiplication; Matrix in transposed order // Now truncation @@ -259,7 +259,7 @@ void PQCLEAN_FIRESABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DE for (j = 0; j < NUM_POLY; j++) { TC_eval(sk_avx[j], b_bucket[j]); } - matrix_vector_mul(a_avx, b_bucket, res_avx, 0);// Matrix-vector multiplication; Matrix in normal order + matrix_vector_mul(res_avx, a_avx, b_bucket, 0);// Matrix-vector multiplication; Matrix in normal order // Now truncation @@ -302,7 +302,7 @@ void PQCLEAN_FIRESABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DE // vector-vector scalar multiplication with mod p - vector_vector_mul(pkcl_avx, b_bucket, vprime_avx); + vector_vector_mul(vprime_avx, pkcl_avx, b_bucket); // Computation of v'+h1 for (i = 0; i < SABER_N / 16; i++) { //adding h1 @@ -392,7 +392,7 @@ void PQCLEAN_FIRESABER_AVX2_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uint TC_eval(sksv_avx[j], b_bucket[j]); } - vector_vector_mul(pksv_avx, b_bucket, v_avx); + vector_vector_mul(v_avx, pksv_avx, b_bucket); for (i = 0; i < SABER_N / 16; i++) { _mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]); diff --git a/crypto_kem/firesaber/clean/SABER_indcpa.c b/crypto_kem/firesaber/clean/SABER_indcpa.c index 76156e79..342eb7ca 100644 --- a/crypto_kem/firesaber/clean/SABER_indcpa.c +++ b/crypto_kem/firesaber/clean/SABER_indcpa.c @@ -17,7 +17,7 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(uint8_t pk[SABER_INDCPA_PUBLICKE uint8_t seed_A[SABER_SEEDBYTES]; uint8_t seed_s[SABER_NOISE_SEEDBYTES]; - int i, j; + size_t i, j; randombytes(seed_A, SABER_SEEDBYTES); shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state @@ -45,7 +45,7 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_D uint16_t vp[SABER_N] = {0}; uint16_t mp[SABER_N]; uint16_t b[SABER_L][SABER_N]; - int i, j; + size_t i, j; const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES; PQCLEAN_FIRESABER_CLEAN_GenMatrix(A, seed_A); @@ -77,7 +77,7 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uin uint16_t b[SABER_L][SABER_N]; uint16_t v[SABER_N] = {0}; uint16_t cm[SABER_N]; - int i; + size_t i; PQCLEAN_FIRESABER_CLEAN_BS2POLVECq(s, sk); PQCLEAN_FIRESABER_CLEAN_BS2POLVECp(b, ciphertext); diff --git a/crypto_kem/firesaber/clean/kem.c b/crypto_kem/firesaber/clean/kem.c index e94219a6..2ffe4e75 100644 --- a/crypto_kem/firesaber/clean/kem.c +++ b/crypto_kem/firesaber/clean/kem.c @@ -4,13 +4,12 @@ #include "fips202.h" #include "randombytes.h" #include "verify.h" +#include #include -#include -#include int PQCLEAN_FIRESABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) { - int i; + size_t i; PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) { @@ -48,7 +47,7 @@ int PQCLEAN_FIRESABER_CLEAN_crypto_kem_enc(uint8_t *c, uint8_t *k, const uint8_t } int PQCLEAN_FIRESABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) { - int i; + size_t i; uint8_t fail; uint8_t cmp[SABER_BYTES_CCA_DEC]; uint8_t buf[64]; diff --git a/crypto_kem/firesaber/clean/poly.c b/crypto_kem/firesaber/clean/poly.c index c65175fe..c6d729ba 100644 --- a/crypto_kem/firesaber/clean/poly.c +++ b/crypto_kem/firesaber/clean/poly.c @@ -4,31 +4,31 @@ #include "pack_unpack.h" #include "poly.h" #include "poly_mul.h" -#include +#include void PQCLEAN_FIRESABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) { - int i, j; + size_t i, j; for (i = 0; i < SABER_L; i++) { for (j = 0; j < SABER_L; j++) { if (transpose == 1) { - PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(A[j][i], s[j], res[i]); + PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(res[i], A[j][i], s[j]); } else { - PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(A[i][j], s[j], res[i]); + PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(res[i], A[i][j], s[j]); } } } } void PQCLEAN_FIRESABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) { - int j; + size_t j; for (j = 0; j < SABER_L; j++) { - PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(b[j], s[j], res); + PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(res, b[j], s[j]); } } void PQCLEAN_FIRESABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) { uint8_t buf[SABER_L * SABER_POLYVECBYTES]; - int i; + size_t i; shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES); diff --git a/crypto_kem/firesaber/clean/poly_mul.c b/crypto_kem/firesaber/clean/poly_mul.c index 27c92f29..6b527c21 100644 --- a/crypto_kem/firesaber/clean/poly_mul.c +++ b/crypto_kem/firesaber/clean/poly_mul.c @@ -11,13 +11,13 @@ #define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y))) #define KARATSUBA_N 64 -static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t *result_final) { +static void karatsuba_simple(uint16_t *result_final, const uint16_t *a_1, const uint16_t *b_1) { uint16_t d01[KARATSUBA_N / 2 - 1]; uint16_t d0123[KARATSUBA_N / 2 - 1]; uint16_t d23[KARATSUBA_N / 2 - 1]; uint16_t result_d01[KARATSUBA_N - 1]; - int32_t i, j; + size_t i, j; memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t)); memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t)); @@ -110,7 +110,7 @@ static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t -static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *result) { +static void toom_cook_4way (uint16_t *result, const uint16_t *a1, const uint16_t *b1) { uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167; uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB]; @@ -181,13 +181,13 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re // MULTIPLICATION - karatsuba_simple(aw1, bw1, w1); - karatsuba_simple(aw2, bw2, w2); - karatsuba_simple(aw3, bw3, w3); - karatsuba_simple(aw4, bw4, w4); - karatsuba_simple(aw5, bw5, w5); - karatsuba_simple(aw6, bw6, w6); - karatsuba_simple(aw7, bw7, w7); + karatsuba_simple(w1, aw1, bw1); + karatsuba_simple(w2, aw2, bw2); + karatsuba_simple(w3, aw3, bw3); + karatsuba_simple(w4, aw4, bw4); + karatsuba_simple(w5, aw5, bw5); + karatsuba_simple(w6, aw6, bw6); + karatsuba_simple(w7, aw7, bw7); // INTERPOLATION for (i = 0; i < N_SB_RES; ++i) { @@ -229,11 +229,11 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re } /* res += a*b */ -void PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]) { +void PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]) { uint16_t c[2 * SABER_N] = {0}; - int i; + size_t i; - toom_cook_4way(a, b, c); + toom_cook_4way(c, a, b); /* reduction */ for (i = SABER_N; i < 2 * SABER_N; i++) { diff --git a/crypto_kem/firesaber/clean/poly_mul.h b/crypto_kem/firesaber/clean/poly_mul.h index e554d60c..b6911577 100644 --- a/crypto_kem/firesaber/clean/poly_mul.h +++ b/crypto_kem/firesaber/clean/poly_mul.h @@ -3,7 +3,7 @@ #include "SABER_params.h" #include -void PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]); +void PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]); #endif diff --git a/crypto_kem/lightsaber/META.yml b/crypto_kem/lightsaber/META.yml index 1cc06c9a..7e1dd2eb 100644 --- a/crypto_kem/lightsaber/META.yml +++ b/crypto_kem/lightsaber/META.yml @@ -14,9 +14,9 @@ principal-submitters: - Frederik Vercauteren implementations: - name: clean - version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber - name: avx2 - version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber supported_platforms: - architecture: x86_64 operating_systems: diff --git a/crypto_kem/lightsaber/avx2/SABER_indcpa.c b/crypto_kem/lightsaber/avx2/SABER_indcpa.c index 3270a8c9..47f760e9 100644 --- a/crypto_kem/lightsaber/avx2/SABER_indcpa.c +++ b/crypto_kem/lightsaber/avx2/SABER_indcpa.c @@ -66,7 +66,7 @@ static void GenSecret(uint16_t r[SABER_K][SABER_N], const uint8_t *seed) { } //********************************matrix-vector mul routines***************************************************** -static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[NUM_POLY][AVX_N1], int isTranspose) { +static void matrix_vector_mul(__m256i res_avx[NUM_POLY][AVX_N1], __m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], int isTranspose) { int64_t i, j; __m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time @@ -86,7 +86,7 @@ static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1 } -static void vector_vector_mul(__m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[AVX_N1]) { +static void vector_vector_mul(__m256i res_avx[AVX_N1], __m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4]) { int64_t i; @@ -162,7 +162,7 @@ void PQCLEAN_LIGHTSABER_AVX2_indcpa_kem_keypair(uint8_t *pk, uint8_t *sk) { for (j = 0; j < NUM_POLY; j++) { TC_eval(sk_avx[j], b_bucket[j]); } - matrix_vector_mul(a_avx, b_bucket, res_avx, 1);// Matrix-vector multiplication; Matrix in transposed order + matrix_vector_mul(res_avx, a_avx, b_bucket, 1);// Matrix-vector multiplication; Matrix in transposed order // Now truncation @@ -259,7 +259,7 @@ void PQCLEAN_LIGHTSABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_D for (j = 0; j < NUM_POLY; j++) { TC_eval(sk_avx[j], b_bucket[j]); } - matrix_vector_mul(a_avx, b_bucket, res_avx, 0);// Matrix-vector multiplication; Matrix in normal order + matrix_vector_mul(res_avx, a_avx, b_bucket, 0);// Matrix-vector multiplication; Matrix in normal order // Now truncation @@ -302,7 +302,7 @@ void PQCLEAN_LIGHTSABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_D // vector-vector scalar multiplication with mod p - vector_vector_mul(pkcl_avx, b_bucket, vprime_avx); + vector_vector_mul(vprime_avx, pkcl_avx, b_bucket); // Computation of v'+h1 for (i = 0; i < SABER_N / 16; i++) { //adding h1 @@ -392,7 +392,7 @@ void PQCLEAN_LIGHTSABER_AVX2_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uin TC_eval(sksv_avx[j], b_bucket[j]); } - vector_vector_mul(pksv_avx, b_bucket, v_avx); + vector_vector_mul(v_avx, pksv_avx, b_bucket); for (i = 0; i < SABER_N / 16; i++) { _mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]); diff --git a/crypto_kem/lightsaber/clean/SABER_indcpa.c b/crypto_kem/lightsaber/clean/SABER_indcpa.c index 4b9cb150..9dcdfb93 100644 --- a/crypto_kem/lightsaber/clean/SABER_indcpa.c +++ b/crypto_kem/lightsaber/clean/SABER_indcpa.c @@ -17,7 +17,7 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(uint8_t pk[SABER_INDCPA_PUBLICK uint8_t seed_A[SABER_SEEDBYTES]; uint8_t seed_s[SABER_NOISE_SEEDBYTES]; - int i, j; + size_t i, j; randombytes(seed_A, SABER_SEEDBYTES); shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state @@ -45,7 +45,7 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_ uint16_t vp[SABER_N] = {0}; uint16_t mp[SABER_N]; uint16_t b[SABER_L][SABER_N]; - int i, j; + size_t i, j; const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES; PQCLEAN_LIGHTSABER_CLEAN_GenMatrix(A, seed_A); @@ -77,7 +77,7 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const ui uint16_t b[SABER_L][SABER_N]; uint16_t v[SABER_N] = {0}; uint16_t cm[SABER_N]; - int i; + size_t i; PQCLEAN_LIGHTSABER_CLEAN_BS2POLVECq(s, sk); PQCLEAN_LIGHTSABER_CLEAN_BS2POLVECp(b, ciphertext); diff --git a/crypto_kem/lightsaber/clean/kem.c b/crypto_kem/lightsaber/clean/kem.c index eb9353b1..d0a67736 100644 --- a/crypto_kem/lightsaber/clean/kem.c +++ b/crypto_kem/lightsaber/clean/kem.c @@ -4,13 +4,12 @@ #include "fips202.h" #include "randombytes.h" #include "verify.h" +#include #include -#include -#include int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) { - int i; + size_t i; PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) { @@ -48,7 +47,7 @@ int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_enc(uint8_t *c, uint8_t *k, const uint8_ } int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) { - int i; + size_t i; uint8_t fail; uint8_t cmp[SABER_BYTES_CCA_DEC]; uint8_t buf[64]; diff --git a/crypto_kem/lightsaber/clean/poly.c b/crypto_kem/lightsaber/clean/poly.c index 1c1e22cc..9bb55afe 100644 --- a/crypto_kem/lightsaber/clean/poly.c +++ b/crypto_kem/lightsaber/clean/poly.c @@ -4,31 +4,31 @@ #include "pack_unpack.h" #include "poly.h" #include "poly_mul.h" -#include +#include void PQCLEAN_LIGHTSABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) { - int i, j; + size_t i, j; for (i = 0; i < SABER_L; i++) { for (j = 0; j < SABER_L; j++) { if (transpose == 1) { - PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(A[j][i], s[j], res[i]); + PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(res[i], A[j][i], s[j]); } else { - PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(A[i][j], s[j], res[i]); + PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(res[i], A[i][j], s[j]); } } } } void PQCLEAN_LIGHTSABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) { - int j; + size_t j; for (j = 0; j < SABER_L; j++) { - PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(b[j], s[j], res); + PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(res, b[j], s[j]); } } void PQCLEAN_LIGHTSABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) { uint8_t buf[SABER_L * SABER_POLYVECBYTES]; - int i; + size_t i; shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES); diff --git a/crypto_kem/lightsaber/clean/poly_mul.c b/crypto_kem/lightsaber/clean/poly_mul.c index 5e37a024..c7f5c424 100644 --- a/crypto_kem/lightsaber/clean/poly_mul.c +++ b/crypto_kem/lightsaber/clean/poly_mul.c @@ -11,13 +11,13 @@ #define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y))) #define KARATSUBA_N 64 -static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t *result_final) { +static void karatsuba_simple(uint16_t *result_final, const uint16_t *a_1, const uint16_t *b_1) { uint16_t d01[KARATSUBA_N / 2 - 1]; uint16_t d0123[KARATSUBA_N / 2 - 1]; uint16_t d23[KARATSUBA_N / 2 - 1]; uint16_t result_d01[KARATSUBA_N - 1]; - int32_t i, j; + size_t i, j; memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t)); memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t)); @@ -110,7 +110,7 @@ static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t -static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *result) { +static void toom_cook_4way (uint16_t *result, const uint16_t *a1, const uint16_t *b1) { uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167; uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB]; @@ -181,13 +181,13 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re // MULTIPLICATION - karatsuba_simple(aw1, bw1, w1); - karatsuba_simple(aw2, bw2, w2); - karatsuba_simple(aw3, bw3, w3); - karatsuba_simple(aw4, bw4, w4); - karatsuba_simple(aw5, bw5, w5); - karatsuba_simple(aw6, bw6, w6); - karatsuba_simple(aw7, bw7, w7); + karatsuba_simple(w1, aw1, bw1); + karatsuba_simple(w2, aw2, bw2); + karatsuba_simple(w3, aw3, bw3); + karatsuba_simple(w4, aw4, bw4); + karatsuba_simple(w5, aw5, bw5); + karatsuba_simple(w6, aw6, bw6); + karatsuba_simple(w7, aw7, bw7); // INTERPOLATION for (i = 0; i < N_SB_RES; ++i) { @@ -229,11 +229,11 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re } /* res += a*b */ -void PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]) { +void PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]) { uint16_t c[2 * SABER_N] = {0}; - int i; + size_t i; - toom_cook_4way(a, b, c); + toom_cook_4way(c, a, b); /* reduction */ for (i = SABER_N; i < 2 * SABER_N; i++) { diff --git a/crypto_kem/lightsaber/clean/poly_mul.h b/crypto_kem/lightsaber/clean/poly_mul.h index 0d5cf6ed..5ec233bb 100644 --- a/crypto_kem/lightsaber/clean/poly_mul.h +++ b/crypto_kem/lightsaber/clean/poly_mul.h @@ -3,7 +3,7 @@ #include "SABER_params.h" #include -void PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]); +void PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]); #endif diff --git a/crypto_kem/saber/META.yml b/crypto_kem/saber/META.yml index 50250180..87187702 100644 --- a/crypto_kem/saber/META.yml +++ b/crypto_kem/saber/META.yml @@ -14,9 +14,9 @@ principal-submitters: - Frederik Vercauteren implementations: - name: clean - version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber - name: avx2 - version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 + version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber supported_platforms: - architecture: x86_64 operating_systems: diff --git a/crypto_kem/saber/avx2/SABER_indcpa.c b/crypto_kem/saber/avx2/SABER_indcpa.c index d16a7a06..5515c610 100644 --- a/crypto_kem/saber/avx2/SABER_indcpa.c +++ b/crypto_kem/saber/avx2/SABER_indcpa.c @@ -66,7 +66,7 @@ static void GenSecret(uint16_t r[SABER_K][SABER_N], const uint8_t *seed) { } //********************************matrix-vector mul routines***************************************************** -static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[NUM_POLY][AVX_N1], int isTranspose) { +static void matrix_vector_mul(__m256i res_avx[NUM_POLY][AVX_N1], __m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], int isTranspose) { int64_t i, j; __m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time @@ -86,7 +86,7 @@ static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1 } -static void vector_vector_mul(__m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[AVX_N1]) { +static void vector_vector_mul(__m256i res_avx[AVX_N1], __m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4]) { int64_t i; @@ -162,7 +162,7 @@ void PQCLEAN_SABER_AVX2_indcpa_kem_keypair(uint8_t *pk, uint8_t *sk) { for (j = 0; j < NUM_POLY; j++) { TC_eval(sk_avx[j], b_bucket[j]); } - matrix_vector_mul(a_avx, b_bucket, res_avx, 1);// Matrix-vector multiplication; Matrix in transposed order + matrix_vector_mul(res_avx, a_avx, b_bucket, 1);// Matrix-vector multiplication; Matrix in transposed order // Now truncation @@ -259,7 +259,7 @@ void PQCLEAN_SABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DEC], for (j = 0; j < NUM_POLY; j++) { TC_eval(sk_avx[j], b_bucket[j]); } - matrix_vector_mul(a_avx, b_bucket, res_avx, 0);// Matrix-vector multiplication; Matrix in normal order + matrix_vector_mul(res_avx, a_avx, b_bucket, 0);// Matrix-vector multiplication; Matrix in normal order // Now truncation @@ -302,7 +302,7 @@ void PQCLEAN_SABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DEC], // vector-vector scalar multiplication with mod p - vector_vector_mul(pkcl_avx, b_bucket, vprime_avx); + vector_vector_mul(vprime_avx, pkcl_avx, b_bucket); // Computation of v'+h1 for (i = 0; i < SABER_N / 16; i++) { //adding h1 @@ -392,7 +392,7 @@ void PQCLEAN_SABER_AVX2_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uint8_t TC_eval(sksv_avx[j], b_bucket[j]); } - vector_vector_mul(pksv_avx, b_bucket, v_avx); + vector_vector_mul(v_avx, pksv_avx, b_bucket); for (i = 0; i < SABER_N / 16; i++) { _mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]); diff --git a/crypto_kem/saber/clean/SABER_indcpa.c b/crypto_kem/saber/clean/SABER_indcpa.c index c36f02ea..23325749 100644 --- a/crypto_kem/saber/clean/SABER_indcpa.c +++ b/crypto_kem/saber/clean/SABER_indcpa.c @@ -17,7 +17,7 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(uint8_t pk[SABER_INDCPA_PUBLICKEYBYT uint8_t seed_A[SABER_SEEDBYTES]; uint8_t seed_s[SABER_NOISE_SEEDBYTES]; - int i, j; + size_t i, j; randombytes(seed_A, SABER_SEEDBYTES); shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state @@ -45,7 +45,7 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DEC], uint16_t vp[SABER_N] = {0}; uint16_t mp[SABER_N]; uint16_t b[SABER_L][SABER_N]; - int i, j; + size_t i, j; const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES; PQCLEAN_SABER_CLEAN_GenMatrix(A, seed_A); @@ -77,7 +77,7 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uint8_t uint16_t b[SABER_L][SABER_N]; uint16_t v[SABER_N] = {0}; uint16_t cm[SABER_N]; - int i; + size_t i; PQCLEAN_SABER_CLEAN_BS2POLVECq(s, sk); PQCLEAN_SABER_CLEAN_BS2POLVECp(b, ciphertext); diff --git a/crypto_kem/saber/clean/kem.c b/crypto_kem/saber/clean/kem.c index ed8e3ac7..6a7f20c4 100644 --- a/crypto_kem/saber/clean/kem.c +++ b/crypto_kem/saber/clean/kem.c @@ -4,13 +4,12 @@ #include "fips202.h" #include "randombytes.h" #include "verify.h" +#include #include -#include -#include int PQCLEAN_SABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) { - int i; + size_t i; PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) { @@ -48,7 +47,7 @@ int PQCLEAN_SABER_CLEAN_crypto_kem_enc(uint8_t *c, uint8_t *k, const uint8_t *pk } int PQCLEAN_SABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) { - int i; + size_t i; uint8_t fail; uint8_t cmp[SABER_BYTES_CCA_DEC]; uint8_t buf[64]; diff --git a/crypto_kem/saber/clean/poly.c b/crypto_kem/saber/clean/poly.c index f0403ccf..2c44e962 100644 --- a/crypto_kem/saber/clean/poly.c +++ b/crypto_kem/saber/clean/poly.c @@ -4,31 +4,31 @@ #include "pack_unpack.h" #include "poly.h" #include "poly_mul.h" -#include +#include void PQCLEAN_SABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) { - int i, j; + size_t i, j; for (i = 0; i < SABER_L; i++) { for (j = 0; j < SABER_L; j++) { if (transpose == 1) { - PQCLEAN_SABER_CLEAN_poly_mul_acc(A[j][i], s[j], res[i]); + PQCLEAN_SABER_CLEAN_poly_mul_acc(res[i], A[j][i], s[j]); } else { - PQCLEAN_SABER_CLEAN_poly_mul_acc(A[i][j], s[j], res[i]); + PQCLEAN_SABER_CLEAN_poly_mul_acc(res[i], A[i][j], s[j]); } } } } void PQCLEAN_SABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) { - int j; + size_t j; for (j = 0; j < SABER_L; j++) { - PQCLEAN_SABER_CLEAN_poly_mul_acc(b[j], s[j], res); + PQCLEAN_SABER_CLEAN_poly_mul_acc(res, b[j], s[j]); } } void PQCLEAN_SABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) { uint8_t buf[SABER_L * SABER_POLYVECBYTES]; - int i; + size_t i; shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES); diff --git a/crypto_kem/saber/clean/poly_mul.c b/crypto_kem/saber/clean/poly_mul.c index 0655383b..686960dc 100644 --- a/crypto_kem/saber/clean/poly_mul.c +++ b/crypto_kem/saber/clean/poly_mul.c @@ -11,13 +11,13 @@ #define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y))) #define KARATSUBA_N 64 -static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t *result_final) { +static void karatsuba_simple(uint16_t *result_final, const uint16_t *a_1, const uint16_t *b_1) { uint16_t d01[KARATSUBA_N / 2 - 1]; uint16_t d0123[KARATSUBA_N / 2 - 1]; uint16_t d23[KARATSUBA_N / 2 - 1]; uint16_t result_d01[KARATSUBA_N - 1]; - int32_t i, j; + size_t i, j; memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t)); memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t)); @@ -110,7 +110,7 @@ static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t -static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *result) { +static void toom_cook_4way (uint16_t *result, const uint16_t *a1, const uint16_t *b1) { uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167; uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB]; @@ -181,13 +181,13 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re // MULTIPLICATION - karatsuba_simple(aw1, bw1, w1); - karatsuba_simple(aw2, bw2, w2); - karatsuba_simple(aw3, bw3, w3); - karatsuba_simple(aw4, bw4, w4); - karatsuba_simple(aw5, bw5, w5); - karatsuba_simple(aw6, bw6, w6); - karatsuba_simple(aw7, bw7, w7); + karatsuba_simple(w1, aw1, bw1); + karatsuba_simple(w2, aw2, bw2); + karatsuba_simple(w3, aw3, bw3); + karatsuba_simple(w4, aw4, bw4); + karatsuba_simple(w5, aw5, bw5); + karatsuba_simple(w6, aw6, bw6); + karatsuba_simple(w7, aw7, bw7); // INTERPOLATION for (i = 0; i < N_SB_RES; ++i) { @@ -229,11 +229,11 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re } /* res += a*b */ -void PQCLEAN_SABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]) { +void PQCLEAN_SABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]) { uint16_t c[2 * SABER_N] = {0}; - int i; + size_t i; - toom_cook_4way(a, b, c); + toom_cook_4way(c, a, b); /* reduction */ for (i = SABER_N; i < 2 * SABER_N; i++) { diff --git a/crypto_kem/saber/clean/poly_mul.h b/crypto_kem/saber/clean/poly_mul.h index e0f10043..82140f5b 100644 --- a/crypto_kem/saber/clean/poly_mul.h +++ b/crypto_kem/saber/clean/poly_mul.h @@ -3,7 +3,7 @@ #include "SABER_params.h" #include -void PQCLEAN_SABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]); +void PQCLEAN_SABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]); #endif