1
1
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-27 09:51:30 +00:00
pqcrypto/crypto_kem/mceliece6960119f/clean/decrypt.c
Thom Wiggers b3f9d4f8d6
Classic McEliece (#259)
* Add McEliece reference implementations

* Add Vec implementations of McEliece

* Add sse implementations

* Add AVX2 implementations

* Get rid of stuff not supported by Mac ABI

* restrict to two cores

* Ditch .data files

* Remove .hidden from all .S files

* speed up duplicate consistency tests by batching

* make cpuinfo more robust

* Hope to stabilize macos cpuinfo without ccache

* Revert "Hope to stabilize macos cpuinfo without ccache"

This reverts commit 6129c3cabe1abbc8b956bc87e902a698e32bf322.

* Just hardcode what's available at travis

* Fixed-size types in api.h

* namespace all header files in mceliece

* Ditch operations.h

* Get rid of static inline functions

* fixup! Ditch operations.h
2020-02-05 13:09:56 +01:00

93 lines
1.8 KiB
C

/*
This file is for Niederreiter decryption
*/
#include "decrypt.h"
#include <stdio.h>
#include "benes.h"
#include "bm.h"
#include "gf.h"
#include "params.h"
#include "root.h"
#include "synd.h"
#include "util.h"
/* Niederreiter decryption with the Berlekamp decoder */
/* intput: sk, secret key */
/* c, ciphertext */
/* output: e, error vector */
/* return: 0 for success; 1 for failure */
int PQCLEAN_MCELIECE6960119F_CLEAN_decrypt(unsigned char *e, const unsigned char *sk, const unsigned char *c) {
int i, w = 0;
uint16_t check;
unsigned char r[ SYS_N / 8 ];
gf g[ SYS_T + 1 ];
gf L[ SYS_N ];
gf s[ SYS_T * 2 ];
gf s_cmp[ SYS_T * 2 ];
gf locator[ SYS_T + 1 ];
gf images[ SYS_N ];
gf t;
//
for (i = 0; i < SYND_BYTES; i++) {
r[i] = c[i];
}
r[i - 1] &= (1 << ((GFBITS * SYS_T) % 8)) - 1;
for (i = SYND_BYTES; i < SYS_N / 8; i++) {
r[i] = 0;
}
for (i = 0; i < SYS_T; i++) {
g[i] = PQCLEAN_MCELIECE6960119F_CLEAN_load2(sk);
g[i] &= GFMASK;
sk += 2;
}
g[ SYS_T ] = 1;
PQCLEAN_MCELIECE6960119F_CLEAN_support_gen(L, sk);
PQCLEAN_MCELIECE6960119F_CLEAN_synd(s, g, L, r);
PQCLEAN_MCELIECE6960119F_CLEAN_bm(locator, s);
PQCLEAN_MCELIECE6960119F_CLEAN_root(images, locator, L);
//
for (i = 0; i < SYS_N / 8; i++) {
e[i] = 0;
}
for (i = 0; i < SYS_N; i++) {
t = PQCLEAN_MCELIECE6960119F_CLEAN_gf_iszero(images[i]) & 1;
e[ i / 8 ] |= t << (i % 8);
w += t;
}
PQCLEAN_MCELIECE6960119F_CLEAN_synd(s_cmp, g, L, e);
//
check = (uint16_t)w;
check ^= SYS_T;
for (i = 0; i < SYS_T * 2; i++) {
check |= s[i] ^ s_cmp[i];
}
check -= 1;
check >>= 15;
return check ^ 1;
}