kris
/
pqcrypto
mirror of https://github.com/henrydcase/pqc.git
1
1
Fork 0
Code Issues 1 Releases 2 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
834 Commits
9 Branches
76 MiB
 
 
 
Tree: cf5107b69f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cf5107b69f'
${ noResults }
pqcrypto/crypto_kem/kyber768-90s/avx2/verify.c

77 lines
2.4 KiB
Raw Blame History 

  1. #include "verify.h"

  2. 

  3. #include <immintrin.h>

  4. #include <stdint.h>

  5. #include <stdlib.h>

  6. 

  7. /*************************************************

  8. * Name:        verify

  9. *

  10. * Description: Compare two arrays for equality in constant time.

  11. *

  12. * Arguments:   const uint8_t *a: pointer to first byte array

  13. *              const uint8_t *b: pointer to second byte array

  14. *              size_t len:             length of the byte arrays

  15. *

  16. * Returns 0 if the byte arrays are equal, 1 otherwise

  17. **************************************************/

  18. uint8_t PQCLEAN_KYBER76890S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len) {

  19.     size_t pos;

  20.     uint64_t r;

  21.     __m256i avec, bvec, cvec;

  22. 

  23.     cvec = _mm256_setzero_si256();

  24.     for (pos = 0; pos + 32 <= len; pos += 32) {

  25.         avec = _mm256_loadu_si256((__m256i *)&a[pos]);

  26.         bvec = _mm256_loadu_si256((__m256i *)&b[pos]);

  27.         avec = _mm256_xor_si256(avec, bvec);

  28.         cvec = _mm256_or_si256(cvec, avec);

  29.     }

  30. 

  31.     cvec = _mm256_cmpeq_epi8(cvec, _mm256_setzero_si256());

  32.     r = (uint32_t)(_mm256_movemask_epi8(cvec) ^ -1);

  33. 

  34.     while (pos < len) {

  35.         r |= a[pos] ^ b[pos];

  36.         pos += 1;

  37.     }

  38. 

  39.     r = (-r) >> 63;

  40.     return (uint8_t)r;

  41. }

  42. 

  43. /*************************************************

  44. * Name:        cmov

  45. *

  46. * Description: Copy len bytes from x to r if b is 1;

  47. *              don't modify x if b is 0. Requires b to be in {0,1};

  48. *              assumes two's complement representation of negative integers.

  49. *              Runs in constant time.

  50. *

  51. * Arguments:   uint8_t *r:       pointer to output byte array

  52. *              const uint8_t *x: pointer to input byte array

  53. *              size_t len:             Amount of bytes to be copied

  54. *              uint8_t b:        Condition bit; has to be in {0,1}

  55. **************************************************/

  56. void PQCLEAN_KYBER76890S_AVX2_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) {

  57.     size_t pos;

  58.     __m256i xvec, rvec, bvec;

  59. 

  60.     b = -b;

  61.     bvec = _mm256_set1_epi8((char)b);

  62. 

  63.     for (pos = 0; pos + 32 <= len; pos += 32) {

  64.         rvec = _mm256_loadu_si256((__m256i *)&r[pos]);

  65.         xvec = _mm256_loadu_si256((__m256i *)&x[pos]);

  66.         xvec = _mm256_xor_si256(xvec, rvec);

  67.         xvec = _mm256_and_si256(xvec, bvec);

  68.         rvec = _mm256_xor_si256(rvec, xvec);

  69.         _mm256_storeu_si256((__m256i *)&r[pos], rvec);

  70.     }

  71. 

  72.     while (pos < len) {

  73.         r[pos] ^= b & (x[pos] ^ r[pos]);

  74.         pos += 1;

  75.     }

  76. }