1
1
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-27 01:41:40 +00:00
pqcrypto/crypto_kem/mceliece6960119/clean/encrypt.c
Thom Wiggers ac2c20045c Classic McEliece (#259)
* Add McEliece reference implementations

* Add Vec implementations of McEliece

* Add sse implementations

* Add AVX2 implementations

* Get rid of stuff not supported by Mac ABI

* restrict to two cores

* Ditch .data files

* Remove .hidden from all .S files

* speed up duplicate consistency tests by batching

* make cpuinfo more robust

* Hope to stabilize macos cpuinfo without ccache

* Revert "Hope to stabilize macos cpuinfo without ccache"

This reverts commit 6129c3cabe1abbc8b956bc87e902a698e32bf322.

* Just hardcode what's available at travis

* Fixed-size types in api.h

* namespace all header files in mceliece

* Ditch operations.h

* Get rid of static inline functions

* fixup! Ditch operations.h
2021-03-24 21:02:45 +00:00

145 lines
3.0 KiB
C

/*
This file is for Niederreiter encryption
*/
#include "encrypt.h"
#include "params.h"
#include "randombytes.h"
#include "util.h"
#include <assert.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include "gf.h"
static inline uint8_t same_mask(uint16_t x, uint16_t y) {
uint32_t mask;
mask = x ^ y;
mask -= 1;
mask >>= 31;
mask = -mask;
return (uint8_t)mask;
}
/* output: e, an error vector of weight t */
static void gen_e(unsigned char *e) {
size_t i, j;
int eq, count;
uint16_t ind_[ SYS_T * 2 ];
uint8_t *ind_8 = (uint8_t *)ind_;
uint16_t ind[ SYS_T * 2 ];
unsigned char mask;
unsigned char val[ SYS_T ];
while (1) {
randombytes(ind_8, sizeof(ind_));
// Copy to uint16_t ind_ in a little-endian way
for (i = 0; i < sizeof(ind_); i += 2) {
ind_[i / 2] = ind_8[i + 1] << 8 | ind_8[i];
}
for (i = 0; i < SYS_T * 2; i++) {
ind_[i] &= GFMASK;
}
// moving and counting indices in the correct range
count = 0;
for (i = 0; i < SYS_T * 2; i++) {
if (ind_[i] < SYS_N) {
ind[ count++ ] = ind_[i];
}
}
if (count < SYS_T) {
continue;
}
// check for repetition
eq = 0;
for (i = 1; i < SYS_T; i++) {
for (j = 0; j < i; j++) {
if (ind[i] == ind[j]) {
eq = 1;
}
}
}
if (eq == 0) {
break;
}
}
for (j = 0; j < SYS_T; j++) {
val[j] = 1 << (ind[j] & 7);
}
for (i = 0; i < SYS_N / 8; i++) {
e[i] = 0;
for (j = 0; j < SYS_T; j++) {
mask = same_mask((uint16_t)i, ind[j] >> 3);
e[i] |= val[j] & mask;
}
}
}
/* input: public key pk, error vector e */
/* output: syndrome s */
static void syndrome(unsigned char *s, const unsigned char *pk, const unsigned char *e) {
unsigned char b, row[SYS_N / 8];
const unsigned char *pk_ptr = pk;
int i, j, tail = PK_NROWS % 8;
for (i = 0; i < SYND_BYTES; i++) {
s[i] = 0;
}
for (i = 0; i < PK_NROWS; i++) {
for (j = 0; j < SYS_N / 8; j++) {
row[j] = 0;
}
for (j = 0; j < PK_ROW_BYTES; j++) {
row[ SYS_N / 8 - PK_ROW_BYTES + j ] = pk_ptr[j];
}
for (j = SYS_N / 8 - 1; j >= SYS_N / 8 - PK_ROW_BYTES; j--) {
row[ j ] = (row[ j ] << tail) | (row[j - 1] >> (8 - tail));
}
row[i / 8] |= 1 << (i % 8);
b = 0;
for (j = 0; j < SYS_N / 8; j++) {
b ^= row[j] & e[j];
}
b ^= b >> 4;
b ^= b >> 2;
b ^= b >> 1;
b &= 1;
s[ i / 8 ] |= (b << (i % 8));
pk_ptr += PK_ROW_BYTES;
}
}
void PQCLEAN_MCELIECE6960119_CLEAN_encrypt(unsigned char *s, unsigned char *e, const unsigned char *pk) {
gen_e(e);
syndrome(s, pk, e);
}