réplica de
https://github.com/henrydcase/pqc.git
synced 2024-11-22 07:35:38 +00:00
Fix non-constant time FO test
Este commit está contenido en:
padre
d1a4fa5e68
commit
c254c2306d
@ -90,7 +90,7 @@ int PQCLEAN_HQC128_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con
|
||||
*/
|
||||
int PQCLEAN_HQC128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQC128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQC128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQC128_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQC128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQC128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -92,7 +92,7 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
|
||||
*/
|
||||
int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -131,12 +131,14 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQC128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQC128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQC128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQC192_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con
|
||||
*/
|
||||
int PQCLEAN_HQC192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQC192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQC192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQC192_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQC192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQC192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -92,7 +92,7 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
|
||||
*/
|
||||
int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -131,12 +131,14 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQC192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQC192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQC192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQC256_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con
|
||||
*/
|
||||
int PQCLEAN_HQC256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQC256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQC256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQC256_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQC256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQC256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -92,7 +92,7 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
|
||||
*/
|
||||
int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -131,12 +131,14 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQC256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQC256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQC256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQC256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss,
|
||||
*/
|
||||
int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQCRMRS128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS128_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQCRMRS128_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQCRMRS128_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss
|
||||
*/
|
||||
int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQCRMRS128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQCRMRS128_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQCRMRS128_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss,
|
||||
*/
|
||||
int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQCRMRS192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS192_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQCRMRS192_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQCRMRS192_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss
|
||||
*/
|
||||
int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQCRMRS192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQCRMRS192_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQCRMRS192_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss,
|
||||
*/
|
||||
int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_256_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_256_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQCRMRS256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS256_AVX2_vect_compare((uint64_t *)d, (uint64_t *)d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQCRMRS256_AVX2_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQCRMRS256_AVX2_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss
|
||||
*/
|
||||
int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||
|
||||
int8_t result = -1;
|
||||
uint8_t result;
|
||||
uint64_t u[VEC_N_SIZE_64] = {0};
|
||||
uint64_t v[VEC_N1N2_SIZE_64] = {0};
|
||||
unsigned char d[SHA512_BYTES] = {0};
|
||||
@ -127,12 +127,14 @@ int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
|
||||
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
|
||||
|
||||
// Abort if c != c' or d != d'
|
||||
result = (PQCLEAN_HQCRMRS256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES) == 0 && PQCLEAN_HQCRMRS256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES) == 0 && memcmp(d, d2, SHA512_BYTES) == 0);
|
||||
result = PQCLEAN_HQCRMRS256_CLEAN_vect_compare(u, u2, VEC_N_SIZE_BYTES);
|
||||
result |= PQCLEAN_HQCRMRS256_CLEAN_vect_compare(v, v2, VEC_N1N2_SIZE_BYTES);
|
||||
result |= memcmp(d, d2, SHA512_BYTES);
|
||||
result = (uint8_t) (-((int16_t) result) >> 15);
|
||||
for (size_t i = 0; i < SHARED_SECRET_BYTES; i++) {
|
||||
ss[i] = result * ss[i];
|
||||
ss[i] &= ~result;
|
||||
}
|
||||
result--;
|
||||
|
||||
|
||||
return result;
|
||||
return result & 1;
|
||||
}
|
||||
|
Cargando…
Referencia en una nueva incidencia
Block a user