mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 12:20:52 +02:00
Merge pull request #10399 from Frauschi/mldsa_Wconversion
ML-DSA Wconversion fixes
This commit is contained in:
+4
-4
@@ -17057,7 +17057,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_set_level(sigCtx->key.dilithium,
|
||||
level)) < 0) {
|
||||
(byte)level)) < 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
|
||||
@@ -27780,7 +27780,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
|
||||
word32 outSz = sigSz;
|
||||
ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey, rng);
|
||||
if (ret == 0)
|
||||
ret = outSz;
|
||||
ret = (int)outSz;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
|
||||
@@ -27793,7 +27793,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
|
||||
(dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
|
||||
ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng);
|
||||
if (ret == 0)
|
||||
ret = outSz;
|
||||
ret = (int)outSz;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -27801,7 +27801,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
|
||||
ret = wc_dilithium_sign_ctx_msg(NULL, 0, buf, sz, sig,
|
||||
&outSz, dilithiumKey, rng);
|
||||
if (ret == 0)
|
||||
ret = outSz;
|
||||
ret = (int)outSz;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_NO_SIGN */
|
||||
|
||||
+219
-199
@@ -1061,8 +1061,8 @@ static void dilthium_vec_encode_eta_bits_c(const sword32* s, byte d, byte eta,
|
||||
* 2 numbers become 1 bytes. (2 * 4 bits = 1 * 8 bits) */
|
||||
for (j = 0; j < DILITHIUM_N / 2; j++) {
|
||||
/* Make values positive and pack 2 4-bit values into 1 byte. */
|
||||
p[j] = (((byte)(4 - s[j * 2 + 0])) << 0) |
|
||||
(((byte)(4 - s[j * 2 + 1])) << 4);
|
||||
p[j] = (byte)((((byte)(4 - s[j * 2 + 0])) << 0) |
|
||||
(((byte)(4 - s[j * 2 + 1])) << 4));
|
||||
}
|
||||
#else
|
||||
/* Step 3 or 6.
|
||||
@@ -1492,29 +1492,29 @@ static void dilithium_decode_t0_c(const byte* t0, sword32* t)
|
||||
word32 t32_2 = ((const word32*)t0)[2];
|
||||
#ifdef WC_64BIT_CPU
|
||||
word64 t64 = *(const word64*)t0;
|
||||
t[j + 0] = DILITHIUM_D_MAX_HALF - ( t64 & 0x1fff);
|
||||
t[j + 1] = DILITHIUM_D_MAX_HALF - ((t64 >> 13) & 0x1fff);
|
||||
t[j + 2] = DILITHIUM_D_MAX_HALF - ((t64 >> 26) & 0x1fff);
|
||||
t[j + 3] = DILITHIUM_D_MAX_HALF - ((t64 >> 39) & 0x1fff);
|
||||
t[j + 0] = DILITHIUM_D_MAX_HALF - (sword32)( t64 & 0x1fff);
|
||||
t[j + 1] = DILITHIUM_D_MAX_HALF - (sword32)((t64 >> 13) & 0x1fff);
|
||||
t[j + 2] = DILITHIUM_D_MAX_HALF - (sword32)((t64 >> 26) & 0x1fff);
|
||||
t[j + 3] = DILITHIUM_D_MAX_HALF - (sword32)((t64 >> 39) & 0x1fff);
|
||||
t[j + 4] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
((t64 >> 52) | ((t32_2 & 0x0001) << 12));
|
||||
#else
|
||||
word32 t32_0 = ((const word32*)t0)[0];
|
||||
word32 t32_1 = ((const word32*)t0)[1];
|
||||
t[j + 0] = DILITHIUM_D_MAX_HALF -
|
||||
t[j + 0] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
( t32_0 & 0x1fff);
|
||||
t[j + 1] = DILITHIUM_D_MAX_HALF -
|
||||
t[j + 1] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
((t32_0 >> 13) & 0x1fff);
|
||||
t[j + 2] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
(( t32_0 >> 26 ) | ((t32_1 & 0x007f) << 6));
|
||||
t[j + 3] = DILITHIUM_D_MAX_HALF -
|
||||
t[j + 3] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
((t32_1 >> 7) & 0x1fff);
|
||||
t[j + 4] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
(( t32_1 >> 20 ) | ((t32_2 & 0x0001) << 12));
|
||||
#endif
|
||||
t[j + 5] = DILITHIUM_D_MAX_HALF -
|
||||
t[j + 5] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
((t32_2 >> 1) & 0x1fff);
|
||||
t[j + 6] = DILITHIUM_D_MAX_HALF -
|
||||
t[j + 6] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
((t32_2 >> 14) & 0x1fff);
|
||||
t[j + 7] = DILITHIUM_D_MAX_HALF - (sword32)
|
||||
(( t32_2 >> 27 ) | ((word32)t0[12] ) << 5 );
|
||||
@@ -1631,23 +1631,23 @@ static void dilithium_decode_t1_c(const byte* t1, sword32* t)
|
||||
t[j+7] = (sword32)( ((t16 >> 6) & 0x03ff) << DILITHIUM_D);
|
||||
#else
|
||||
word32 t32 = *((const word32*)t1);
|
||||
t[j + 0] = ( t32 & 0x03ff ) <<
|
||||
DILITHIUM_D;
|
||||
t[j + 1] = ((t32 >> 10) & 0x03ff ) <<
|
||||
DILITHIUM_D;
|
||||
t[j + 2] = ((t32 >> 20) & 0x03ff ) <<
|
||||
DILITHIUM_D;
|
||||
t[j + 3] = ((t32 >> 30) | (((word16)t1[4]) << 2)) <<
|
||||
DILITHIUM_D;
|
||||
t[j + 0] = (sword32)(( t32 & 0x03ff ) <<
|
||||
DILITHIUM_D);
|
||||
t[j + 1] = (sword32)(((t32 >> 10) & 0x03ff ) <<
|
||||
DILITHIUM_D);
|
||||
t[j + 2] = (sword32)(((t32 >> 20) & 0x03ff ) <<
|
||||
DILITHIUM_D);
|
||||
t[j + 3] = (sword32)(((t32 >> 30) | ((word32)t1[4] << 2)) <<
|
||||
DILITHIUM_D);
|
||||
t32 = *((const word32*)(t1 + 5));
|
||||
t[j + 4] = ( t32 & 0x03ff ) <<
|
||||
DILITHIUM_D;
|
||||
t[j + 5] = ((t32 >> 10) & 0x03ff ) <<
|
||||
DILITHIUM_D;
|
||||
t[j + 6] = ((t32 >> 20) & 0x03ff ) <<
|
||||
DILITHIUM_D;
|
||||
t[j + 7] = ((t32 >> 30) | (((word16)t1[9]) << 2)) <<
|
||||
DILITHIUM_D;
|
||||
t[j + 4] = (sword32)(( t32 & 0x03ff ) <<
|
||||
DILITHIUM_D);
|
||||
t[j + 5] = (sword32)(((t32 >> 10) & 0x03ff ) <<
|
||||
DILITHIUM_D);
|
||||
t[j + 6] = (sword32)(((t32 >> 20) & 0x03ff ) <<
|
||||
DILITHIUM_D);
|
||||
t[j + 7] = (sword32)(((t32 >> 30) | ((word32)t1[9] << 2)) <<
|
||||
DILITHIUM_D);
|
||||
#endif
|
||||
#else
|
||||
t[j + 0] = (sword32)((t1[0] >> 0) | (((word16)(t1[1] & 0x03)) << 8))
|
||||
@@ -1835,16 +1835,16 @@ static void dilithium_encode_gamma1_19_bits_c(const sword32* z, byte* s)
|
||||
#endif
|
||||
s16p[4] = (word16)((z3 >> 4) );
|
||||
#else
|
||||
s[0] = z0 ;
|
||||
s[1] = (z0 >> 8) ;
|
||||
s[2] = (z0 >> 16) | (z1 << 4);
|
||||
s[3] = (z1 >> 4) ;
|
||||
s[4] = (z1 >> 12) ;
|
||||
s[5] = z2 ;
|
||||
s[6] = (z2 >> 8) ;
|
||||
s[7] = (z2 >> 16) | (z3 << 4);
|
||||
s[8] = (z3 >> 4) ;
|
||||
s[9] = (z3 >> 12) ;
|
||||
s[0] = (byte) z0 ;
|
||||
s[1] = (byte) (z0 >> 8) ;
|
||||
s[2] = (byte)((z0 >> 16) | (z1 << 4));
|
||||
s[3] = (byte) (z1 >> 4) ;
|
||||
s[4] = (byte) (z1 >> 12) ;
|
||||
s[5] = (byte) z2 ;
|
||||
s[6] = (byte) (z2 >> 8) ;
|
||||
s[7] = (byte)((z2 >> 16) | (z3 << 4));
|
||||
s[8] = (byte) (z3 >> 4) ;
|
||||
s[9] = (byte) (z3 >> 12) ;
|
||||
#endif
|
||||
/* Move to next place to encode to. */
|
||||
s += DILITHIUM_GAMMA1_19_ENC_BITS / 2;
|
||||
@@ -1948,25 +1948,25 @@ static void dilithium_decode_gamma1_c(const byte* s, int bits, sword32* z)
|
||||
#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
|
||||
#ifdef WC_64BIT_CPU
|
||||
word64 s64_0 = *(const word64*)(s+0);
|
||||
z[i+0] = (word32)DILITHIUM_GAMMA1_17 -
|
||||
( s64_0 & 0x3ffff );
|
||||
z[i+1] = (word32)DILITHIUM_GAMMA1_17 -
|
||||
((s64_0 >> 18) & 0x3ffff );
|
||||
z[i+2] = (word32)DILITHIUM_GAMMA1_17 -
|
||||
((s64_0 >> 36) & 0x3ffff );
|
||||
z[i+3] = (word32)DILITHIUM_GAMMA1_17 -
|
||||
((s64_0 >> 54) | (((word32)s[8]) << 10));
|
||||
z[i+0] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
( s64_0 & 0x3ffff ));
|
||||
z[i+1] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
((s64_0 >> 18) & 0x3ffff ));
|
||||
z[i+2] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
((s64_0 >> 36) & 0x3ffff ));
|
||||
z[i+3] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
((s64_0 >> 54) | (((word32)s[8]) << 10)));
|
||||
#else
|
||||
word32 s32_0 = ((const word32*)(s+0))[0];
|
||||
word32 s32_1 = ((const word32*)(s+0))[1];
|
||||
z[i+0] = (word32)DILITHIUM_GAMMA1_17 -
|
||||
( s32_0 & 0x3ffff );
|
||||
z[i+1] = (word32)DILITHIUM_GAMMA1_17 -
|
||||
((s32_0 >> 18) | (((s32_1 & 0x0000f) << 14)));
|
||||
z[i+2] = (word32)DILITHIUM_GAMMA1_17 -
|
||||
((s32_1 >> 4) & 0x3ffff);
|
||||
z[i+3] = (word32)DILITHIUM_GAMMA1_17 -
|
||||
((s32_1 >> 22) | (((word32)s[8]) << 10 ));
|
||||
z[i+0] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
( s32_0 & 0x3ffff ));
|
||||
z[i+1] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
((s32_0 >> 18) | (((s32_1 & 0x0000f) << 14))));
|
||||
z[i+2] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
((s32_1 >> 4) & 0x3ffff ));
|
||||
z[i+3] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
((s32_1 >> 22) | (((word32)s[8]) << 10 )));
|
||||
#endif
|
||||
#else
|
||||
z[i+0] = DILITHIUM_GAMMA1_17 -
|
||||
@@ -2033,28 +2033,28 @@ static void dilithium_decode_gamma1_c(const byte* s, int bits, sword32* z)
|
||||
((s32_3 >> 22) | (((word32)s[17]) << 10 )));
|
||||
#endif
|
||||
#else
|
||||
z[i+0] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
z[i+0] = (sword32)((word32)DILITHIUM_GAMMA1_17 - (word32)
|
||||
( (sword32)s[ 0] | (((sword32)s[ 1] << 8) |
|
||||
((sword32)s[ 2] & 0x03) << 16)));
|
||||
z[i+1] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
z[i+1] = (sword32)((word32)DILITHIUM_GAMMA1_17 - (word32)
|
||||
(((sword32)s[ 2] >> 2) | (((sword32)s[ 3] << 6) |
|
||||
((sword32)s[ 4] & 0x0f) << 14)));
|
||||
z[i+2] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
z[i+2] = (sword32)((word32)DILITHIUM_GAMMA1_17 - (word32)
|
||||
(((sword32)s[ 4] >> 4) | (((sword32)s[ 5] << 4) |
|
||||
((sword32)s[ 6] & 0x3f) << 12)));
|
||||
z[i+3] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
z[i+3] = (sword32)((word32)DILITHIUM_GAMMA1_17 - (word32)
|
||||
(((sword32)s[ 6] >> 6) | (((sword32)s[ 7] << 2) |
|
||||
((sword32)s[ 8] ) << 10)));
|
||||
z[i+4] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
z[i+4] = (sword32)((word32)DILITHIUM_GAMMA1_17 - (word32)
|
||||
( (sword32)s[ 9] | (((sword32)s[10] << 8) |
|
||||
((sword32)s[11] & 0x03) << 16)));
|
||||
z[i+5] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
z[i+5] = (sword32)((word32)DILITHIUM_GAMMA1_17 - (word32)
|
||||
(((sword32)s[11] >> 2) | (((sword32)s[12] << 6) |
|
||||
((sword32)s[13] & 0x0f) << 14)));
|
||||
z[i+6] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
z[i+6] = (sword32)((word32)DILITHIUM_GAMMA1_17 - (word32)
|
||||
(((sword32)s[13] >> 4) | (((sword32)s[14] << 4) |
|
||||
((sword32)s[15] & 0x3f) << 12)));
|
||||
z[i+7] = (sword32)((word32)DILITHIUM_GAMMA1_17 -
|
||||
z[i+7] = (sword32)((word32)DILITHIUM_GAMMA1_17 - (word32)
|
||||
(((sword32)s[15] >> 6) | (((sword32)s[16] << 2) |
|
||||
((sword32)s[17] ) << 10)));
|
||||
#endif
|
||||
@@ -2075,20 +2075,20 @@ static void dilithium_decode_gamma1_c(const byte* s, int bits, sword32* z)
|
||||
word16 s16_0 = ((const word16*)s)[4];
|
||||
#ifdef WC_64BIT_CPU
|
||||
word64 s64_0 = *(const word64*)s;
|
||||
z[i+0] = DILITHIUM_GAMMA1_19 - ( s64_0 & 0xfffff) ;
|
||||
z[i+1] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 20) & 0xfffff) ;
|
||||
z[i+2] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 40) & 0xfffff) ;
|
||||
z[i+3] = DILITHIUM_GAMMA1_19 - (((s64_0 >> 60) & 0xfffff) |
|
||||
((sword32)s16_0 << 4));
|
||||
z[i+0] = DILITHIUM_GAMMA1_19 - ((sword32)( s64_0 & 0xfffff));
|
||||
z[i+1] = DILITHIUM_GAMMA1_19 - ((sword32)((s64_0 >> 20) & 0xfffff));
|
||||
z[i+2] = DILITHIUM_GAMMA1_19 - ((sword32)((s64_0 >> 40) & 0xfffff));
|
||||
z[i+3] = DILITHIUM_GAMMA1_19 - ((sword32)((s64_0 >> 60) & 0xfffff) |
|
||||
((sword32) s16_0 << 4));
|
||||
#else
|
||||
word32 s32_0 = ((const word32*)s)[0];
|
||||
word32 s32_1 = ((const word32*)s)[1];
|
||||
z[i+0] = DILITHIUM_GAMMA1_19 - ( s32_0 & 0xfffff);
|
||||
z[i+1] = DILITHIUM_GAMMA1_19 - (( s32_0 >> 20) |
|
||||
((s32_1 & 0x000ff) << 12));
|
||||
z[i+2] = DILITHIUM_GAMMA1_19 - ( (s32_1 >> 8) & 0xfffff);
|
||||
z[i+3] = DILITHIUM_GAMMA1_19 - (( s32_1 >> 28) |
|
||||
((sword32)s16_0 << 4));
|
||||
z[i+0] = DILITHIUM_GAMMA1_19 - (sword32)( s32_0 & 0xfffff);
|
||||
z[i+1] = DILITHIUM_GAMMA1_19 - (sword32)(( s32_0 >> 20) |
|
||||
((s32_1 & 0x000ff) << 12));
|
||||
z[i+2] = DILITHIUM_GAMMA1_19 - (sword32)( (s32_1 >> 8) & 0xfffff);
|
||||
z[i+3] = DILITHIUM_GAMMA1_19 - (sword32)(( s32_1 >> 28) |
|
||||
((word32)s16_0 << 4));
|
||||
#endif
|
||||
#else
|
||||
z[i+0] = DILITHIUM_GAMMA1_19 -
|
||||
@@ -2141,18 +2141,18 @@ static void dilithium_decode_gamma1_c(const byte* s, int bits, sword32* z)
|
||||
word32 s32_1 = ((const word32*)(s+ 0))[1];
|
||||
word32 s32_2 = ((const word32*)(s+10))[0];
|
||||
word32 s32_3 = ((const word32*)(s+10))[1];
|
||||
z[i+0] = DILITHIUM_GAMMA1_19 - ( s32_0 & 0xfffff);
|
||||
z[i+1] = DILITHIUM_GAMMA1_19 - (( s32_0 >> 20) |
|
||||
((s32_1 & 0x000ff) << 12));
|
||||
z[i+2] = DILITHIUM_GAMMA1_19 - ( (s32_1 >> 8) & 0xfffff);
|
||||
z[i+3] = DILITHIUM_GAMMA1_19 - (( s32_1 >> 28) |
|
||||
((sword32)s16_0 << 4));
|
||||
z[i+4] = DILITHIUM_GAMMA1_19 - ( s32_2 & 0xfffff);
|
||||
z[i+5] = DILITHIUM_GAMMA1_19 - (( s32_2 >> 20) |
|
||||
((s32_3 & 0x000ff) << 12));
|
||||
z[i+6] = DILITHIUM_GAMMA1_19 - ( (s32_3 >> 8) & 0xfffff);
|
||||
z[i+7] = DILITHIUM_GAMMA1_19 - (( s32_3 >> 28) |
|
||||
((sword32)s16_1 << 4));
|
||||
z[i+0] = DILITHIUM_GAMMA1_19 - (sword32)( s32_0 & 0xfffff);
|
||||
z[i+1] = DILITHIUM_GAMMA1_19 - (sword32)(( s32_0 >> 20) |
|
||||
((s32_1 & 0x000ff) << 12));
|
||||
z[i+2] = DILITHIUM_GAMMA1_19 - (sword32)( (s32_1 >> 8) & 0xfffff);
|
||||
z[i+3] = DILITHIUM_GAMMA1_19 - (sword32)(( s32_1 >> 28) |
|
||||
((word32)s16_0 << 4));
|
||||
z[i+4] = DILITHIUM_GAMMA1_19 - (sword32)( s32_2 & 0xfffff);
|
||||
z[i+5] = DILITHIUM_GAMMA1_19 - (sword32)(( s32_2 >> 20) |
|
||||
((s32_3 & 0x000ff) << 12));
|
||||
z[i+6] = DILITHIUM_GAMMA1_19 - (sword32)( (s32_3 >> 8) & 0xfffff);
|
||||
z[i+7] = DILITHIUM_GAMMA1_19 - (sword32)(( s32_3 >> 28) |
|
||||
((word32)s16_1 << 4));
|
||||
#endif
|
||||
#else
|
||||
z[i+0] = DILITHIUM_GAMMA1_19 -
|
||||
@@ -2832,7 +2832,7 @@ static int wc_mldsa_gen_matrix_4x4_avx2(sword32* a, byte* seed)
|
||||
|
||||
for (k = 0; k < 4; k++) {
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[4*4 + l] = 0x1f0000 + (k << 8) + l;
|
||||
state[4*4 + l] = 0x1f0000U + ((word32)k << 8) + (word32)l;
|
||||
}
|
||||
|
||||
sha3_128_blocksx4_seed_avx2(state, seed);
|
||||
@@ -2848,16 +2848,16 @@ static int wc_mldsa_gen_matrix_4x4_avx2(sword32* a, byte* seed)
|
||||
|
||||
/* Sample random bytes to create a polynomial. */
|
||||
p = rand;
|
||||
ctr0 = wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
|
||||
ctr0 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr1 = wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
|
||||
ctr1 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr2 = wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
|
||||
ctr2 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr3 = wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
|
||||
ctr3 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
|
||||
/* Create more blocks if too many rejected. */
|
||||
@@ -2869,16 +2869,16 @@ static int wc_mldsa_gen_matrix_4x4_avx2(sword32* a, byte* seed)
|
||||
rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
|
||||
|
||||
p = rand;
|
||||
ctr0 += wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
|
||||
ctr0 += (word32)wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
|
||||
MLDSA_N - ctr0, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr1 += wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
|
||||
ctr1 += (word32)wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
|
||||
MLDSA_N - ctr1, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr2 += wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
|
||||
ctr2 += (word32)wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
|
||||
MLDSA_N - ctr2, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr3 += wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
|
||||
ctr3 += (word32)wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
|
||||
MLDSA_N - ctr3, p, SHA3_128_BYTES);
|
||||
}
|
||||
|
||||
@@ -2939,7 +2939,8 @@ static int wc_mldsa_gen_matrix_6x5_avx2(sword32* a, byte* seed)
|
||||
|
||||
for (k = 0; k < 6 * 5 - 2; k += 4) {
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[4*4 + l] = 0x1f0000 + (((k + l) / 5) << 8) + ((k + l) % 5);
|
||||
state[4*4 + l] = 0x1f0000U + ((word32)((k + l) / 5) << 8) +
|
||||
(word32)((k + l) % 5);
|
||||
}
|
||||
|
||||
sha3_128_blocksx4_seed_avx2(state, seed);
|
||||
@@ -2955,16 +2956,16 @@ static int wc_mldsa_gen_matrix_6x5_avx2(sword32* a, byte* seed)
|
||||
|
||||
/* Sample random bytes to create a polynomial. */
|
||||
p = rand;
|
||||
ctr0 = wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
|
||||
ctr0 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr1 = wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
|
||||
ctr1 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr2 = wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
|
||||
ctr2 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr3 = wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
|
||||
ctr3 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
|
||||
/* Create more blocks if too many rejected. */
|
||||
@@ -2976,16 +2977,16 @@ static int wc_mldsa_gen_matrix_6x5_avx2(sword32* a, byte* seed)
|
||||
rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
|
||||
|
||||
p = rand;
|
||||
ctr0 += wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
|
||||
ctr0 += (word32)wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
|
||||
MLDSA_N - ctr0, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr1 += wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
|
||||
ctr1 += (word32)wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
|
||||
MLDSA_N - ctr1, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr2 += wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
|
||||
ctr2 += (word32)wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
|
||||
MLDSA_N - ctr2, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr3 += wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
|
||||
ctr3 += (word32)wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
|
||||
MLDSA_N - ctr3, p, SHA3_128_BYTES);
|
||||
}
|
||||
|
||||
@@ -2993,7 +2994,7 @@ static int wc_mldsa_gen_matrix_6x5_avx2(sword32* a, byte* seed)
|
||||
}
|
||||
|
||||
for (l = 0; l < 2; l++) {
|
||||
state[4*4 + l] = 0x1f0000 + ((word32)5 << 8) + (l + 3);
|
||||
state[4*4 + l] = 0x1f0000U + (5U << 8) + (word32)(l + 3);
|
||||
}
|
||||
|
||||
sha3_128_blocksx4_seed_avx2(state, seed);
|
||||
@@ -3009,10 +3010,10 @@ static int wc_mldsa_gen_matrix_6x5_avx2(sword32* a, byte* seed)
|
||||
|
||||
/* Sample random bytes to create a polynomial. */
|
||||
p = rand;
|
||||
ctr0 = wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
|
||||
ctr0 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr1 = wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
|
||||
ctr1 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
|
||||
/* Create more blocks if too many rejected. */
|
||||
@@ -3023,10 +3024,10 @@ static int wc_mldsa_gen_matrix_6x5_avx2(sword32* a, byte* seed)
|
||||
rand + 3 * GEN_MATRIX_SIZE);
|
||||
|
||||
p = rand;
|
||||
ctr0 += wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
|
||||
ctr0 += (word32)wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
|
||||
MLDSA_N - ctr0, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr1 += wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
|
||||
ctr1 += (word32)wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
|
||||
MLDSA_N - ctr1, p, SHA3_128_BYTES);
|
||||
}
|
||||
|
||||
@@ -3084,7 +3085,8 @@ static int wc_mldsa_gen_matrix_8x7_avx2(sword32* a, byte* seed)
|
||||
|
||||
for (k = 0; k < 8 * 7; k += 4) {
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[4*4 + l] = 0x1f0000 + (((k + l) / 7) << 8) + ((k + l) % 7);
|
||||
state[4*4 + l] = 0x1f0000U + ((word32)((k + l) / 7) << 8) +
|
||||
(word32)((k + l) % 7);
|
||||
}
|
||||
|
||||
sha3_128_blocksx4_seed_avx2(state, seed);
|
||||
@@ -3100,16 +3102,16 @@ static int wc_mldsa_gen_matrix_8x7_avx2(sword32* a, byte* seed)
|
||||
|
||||
/* Sample random bytes to create a polynomial. */
|
||||
p = rand;
|
||||
ctr0 = wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
|
||||
ctr0 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr1 = wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
|
||||
ctr1 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr2 = wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
|
||||
ctr2 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr3 = wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
|
||||
ctr3 = (word32)wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
|
||||
GEN_MATRIX_SIZE);
|
||||
|
||||
/* Create more blocks if too many rejected. */
|
||||
@@ -3121,16 +3123,16 @@ static int wc_mldsa_gen_matrix_8x7_avx2(sword32* a, byte* seed)
|
||||
rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
|
||||
|
||||
p = rand;
|
||||
ctr0 += wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
|
||||
ctr0 += (word32)wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
|
||||
MLDSA_N - ctr0, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr1 += wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
|
||||
ctr1 += (word32)wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
|
||||
MLDSA_N - ctr1, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr2 += wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
|
||||
ctr2 += (word32)wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
|
||||
MLDSA_N - ctr2, p, SHA3_128_BYTES);
|
||||
p += GEN_MATRIX_SIZE;
|
||||
ctr3 += wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
|
||||
ctr3 += (word32)wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
|
||||
MLDSA_N - ctr3, p, SHA3_128_BYTES);
|
||||
}
|
||||
|
||||
@@ -3427,7 +3429,7 @@ static const signed char dilithium_coeff_eta2[] = {
|
||||
(t) = (sword8)(((z) >> (rs)) & 0xf); \
|
||||
/* Step 7: Check we have a valid coefficient. */ \
|
||||
if (DILITHIUM_COEFF_S_VALID(t, eta)) { \
|
||||
(t) = DILITHIUM_COEFF_S(t, eta); \
|
||||
(t) = (sword8)DILITHIUM_COEFF_S(t, eta); \
|
||||
/* Step 8: Store coefficient as next polynomial value. \
|
||||
* Step 9: Increment count of polynomial values set. */ \
|
||||
s[j++] = (sword32)(t); \
|
||||
@@ -3449,7 +3451,7 @@ static const signed char dilithium_coeff_eta2[] = {
|
||||
(t) = (sword8)(((z) >> (rs)) & 0xf); \
|
||||
/* Step 7: Check we have a valid coefficient. */ \
|
||||
if (DILITHIUM_COEFF_S_VALID(t, eta)) { \
|
||||
(t) = DILITHIUM_COEFF_S(t, eta); \
|
||||
(t) = (sword8)DILITHIUM_COEFF_S(t, eta); \
|
||||
/* Step 8: Store coefficient as next polynomial value. \
|
||||
* Step 9: Increment count of polynomial values set. */ \
|
||||
s[j++] = (sword32)(t); \
|
||||
@@ -3510,7 +3512,7 @@ static void dilithium_extract_coeffs(const byte* z, unsigned int zLen,
|
||||
min &= ~(unsigned int)7;
|
||||
/* Extract values from the squeezed data. */
|
||||
for (c = 0; c < min; c += 8) {
|
||||
word64 z64 = *(word64*)(z + c);
|
||||
word64 z64 = *(const word64*)(z + c);
|
||||
sword8 t;
|
||||
|
||||
/* Do each nibble from lowest to highest 16 at a time. */
|
||||
@@ -3535,7 +3537,7 @@ static void dilithium_extract_coeffs(const byte* z, unsigned int zLen,
|
||||
min &= ~(unsigned int)3;
|
||||
/* Extract values from the squeezed data. */
|
||||
for (c = 0; c < min; c += 4) {
|
||||
word32 z32 = *(word32*)(z + c);
|
||||
word32 z32 = *(const word32*)(z + c);
|
||||
sword8 t;
|
||||
|
||||
/* Do each nibble from lowest to highest 8 at a time. */
|
||||
@@ -3695,7 +3697,7 @@ static int wc_mldsa_gen_s_4_4_avx2(sword32* s[2], byte* seed)
|
||||
|
||||
for (k = 0; k < 2; k++) {
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (k * 4 + l);
|
||||
state[8*4 + l] = 0x1f0000U + ((word32)k * 4U + (word32)l);
|
||||
}
|
||||
|
||||
ctr0 = 0;
|
||||
@@ -3808,7 +3810,7 @@ static int wc_mldsa_gen_s_5_6_avx2(sword32* s[2], byte* seed)
|
||||
|
||||
for (k = 0; k < 2; k++) {
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (k * 4 + l);
|
||||
state[8*4 + l] = 0x1f0000U + ((word32)k * 4U + (word32)l);
|
||||
}
|
||||
|
||||
ctr0 = 0;
|
||||
@@ -3861,7 +3863,7 @@ static int wc_mldsa_gen_s_5_6_avx2(sword32* s[2], byte* seed)
|
||||
}
|
||||
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (8 + l);
|
||||
state[8*4 + l] = 0x1f0000U + 8U + (word32)l;
|
||||
}
|
||||
|
||||
ctr0 = 0;
|
||||
@@ -3963,7 +3965,7 @@ static int wc_mldsa_gen_s_7_8_avx2(sword32* s[2], byte* seed)
|
||||
|
||||
for (k = 0; k < 3; k++) {
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (k * 4 + l);
|
||||
state[8*4 + l] = 0x1f0000U + ((word32)k * 4U + (word32)l);
|
||||
}
|
||||
|
||||
ctr0 = 0;
|
||||
@@ -4016,7 +4018,7 @@ static int wc_mldsa_gen_s_7_8_avx2(sword32* s[2], byte* seed)
|
||||
}
|
||||
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (12 + l);
|
||||
state[8*4 + l] = 0x1f0000U + 12U + (word32)l;
|
||||
}
|
||||
|
||||
ctr0 = 0;
|
||||
@@ -4112,7 +4114,7 @@ static int dilithium_expand_s_c(wc_Shake* shake256, byte* priv_seed, byte eta,
|
||||
/* Step 4: Each polynomial in s2. */
|
||||
for (r = 0; (ret == 0) && (r < s2Len); r++) {
|
||||
/* Set bottom 8-bits of r + l into buffer - little endian. */
|
||||
seed[DILITHIUM_PRIV_SEED_SZ] = r + s1Len;
|
||||
seed[DILITHIUM_PRIV_SEED_SZ] = (byte)(r + s1Len);
|
||||
/* Step 5: Generate polynomial for s1. */
|
||||
ret = dilithium_rej_bound_poly(shake256, seed, s2, eta);
|
||||
/* Next polynomial in s2. */
|
||||
@@ -4219,7 +4221,7 @@ static int wc_mldsa_gen_y_4_avx2(sword32* y, byte* seed, word16 kappa)
|
||||
#endif
|
||||
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (kappa + l);
|
||||
state[8*4 + l] = 0x1f0000U + (word32)kappa + (word32)l;
|
||||
}
|
||||
sha3_256_blocksx4_seed_64_avx2(state, seed);
|
||||
wc_mldsa_redistribute_17_rand_avx2(state,
|
||||
@@ -4289,7 +4291,7 @@ static int wc_mldsa_gen_y_5_avx2(sword32* y, byte* seed, word16 kappa,
|
||||
|
||||
/* Polynomials: 0-3 */
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (kappa + l);
|
||||
state[8*4 + l] = 0x1f0000U + (word32)kappa + (word32)l;
|
||||
}
|
||||
sha3_256_blocksx4_seed_64_avx2(state, seed);
|
||||
wc_mldsa_redistribute_17_rand_avx2(state,
|
||||
@@ -4314,7 +4316,7 @@ static int wc_mldsa_gen_y_5_avx2(sword32* y, byte* seed, word16 kappa,
|
||||
wc_mldsa_decode_gamma1_19_avx2(rand + 3 * DILITHIUM_MAX_V,
|
||||
y + 3 * DILITHIUM_N);
|
||||
|
||||
kappa += 4;
|
||||
kappa = (word16)(kappa + 4);
|
||||
|
||||
seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = (byte)kappa;
|
||||
seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = (byte)(kappa >> 8);
|
||||
@@ -4367,7 +4369,7 @@ static int wc_mldsa_gen_y_7_avx2(sword32* y, byte* seed, word16 kappa)
|
||||
|
||||
/* Polynomials: 0-3 */
|
||||
for (l = 0; l < 4; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (kappa + l);
|
||||
state[8*4 + l] = 0x1f0000U + (word32)kappa + (word32)l;
|
||||
}
|
||||
sha3_256_blocksx4_seed_64_avx2(state, seed);
|
||||
wc_mldsa_redistribute_17_rand_avx2(state,
|
||||
@@ -4392,11 +4394,11 @@ static int wc_mldsa_gen_y_7_avx2(sword32* y, byte* seed, word16 kappa)
|
||||
wc_mldsa_decode_gamma1_19_avx2(rand + 3 * DILITHIUM_MAX_V,
|
||||
y + 3 * DILITHIUM_N);
|
||||
|
||||
kappa += 4;
|
||||
kappa = (word16)(kappa + 4);
|
||||
|
||||
/* Polynomials: 4-7 */
|
||||
for (l = 0; l < 3; l++) {
|
||||
state[8*4 + l] = 0x1f0000 + (kappa + l);
|
||||
state[8*4 + l] = 0x1f0000U + (word32)kappa + (word32)l;
|
||||
}
|
||||
sha3_256_blocksx4_seed_64_avx2(state, seed);
|
||||
wc_mldsa_redistribute_17_rand_avx2(state,
|
||||
@@ -4462,7 +4464,7 @@ static int dilithium_vec_expand_mask_c(wc_Shake* shake256, byte* seed,
|
||||
/* Step 2: For each polynomial of vector. */
|
||||
for (r = 0; (ret == 0) && (r < l); r++) {
|
||||
/* Step 3: Calculate value to append to seed. */
|
||||
word16 n = kappa + r;
|
||||
word16 n = (word16)(kappa + r);
|
||||
|
||||
/* Step 4: Append to seed and squeeze out data. */
|
||||
seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = (byte)n;
|
||||
@@ -4589,7 +4591,8 @@ static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
|
||||
}
|
||||
|
||||
/* Step 3: Put in TAU +/- 1s. */
|
||||
for (i = DILITHIUM_N - tau; (ret == 0) && (i < DILITHIUM_N); i++) {
|
||||
for (i = (unsigned int)DILITHIUM_N - tau;
|
||||
(ret == 0) && (i < DILITHIUM_N); i++) {
|
||||
unsigned int j;
|
||||
do {
|
||||
/* Check whether block is exhausted. */
|
||||
@@ -4650,7 +4653,7 @@ static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
|
||||
signs = *(word64*)block;
|
||||
|
||||
/* Step 3: Put in TAU +/- 1s. */
|
||||
for (i = DILITHIUM_N - tau; i < DILITHIUM_N; i++) {
|
||||
for (i = (unsigned int)DILITHIUM_N - tau; i < DILITHIUM_N; i++) {
|
||||
unsigned int j;
|
||||
do {
|
||||
/* Check whether block is exhausted. */
|
||||
@@ -4795,21 +4798,26 @@ static void dilithium_decompose_q88(sword32 r, sword32* r0, sword32* r1)
|
||||
/* Calculate approx low value. */
|
||||
t0 = r - (t1 * DILITHIUM_Q_LOW_88_2);
|
||||
#ifndef DILITHIUM_MUL_SLOW
|
||||
/* Calculate real high value, When t0 > modulus, +1 to approx high value. */
|
||||
t1 += ((word32)(DILITHIUM_Q_LOW_88 - t0)) >> 31;
|
||||
/* Calculate real high value, When t0 > modulus, +1 to approx high value.
|
||||
* Sign-extraction trick: each ((word32)A - (word32)B) >> 31 evaluates
|
||||
* to 1 if (signed) A - B was negative thanks to two's-complement
|
||||
* wrap-around. The outer (sword32) cast lets us add the 0/1 flag back into
|
||||
* a sword32 accumulator without -Wsign- conversion firing on the implicit
|
||||
* narrowing. */
|
||||
t1 += (sword32)(((word32)DILITHIUM_Q_LOW_88 - (word32)t0) >> 31);
|
||||
/* Calculate real low value. */
|
||||
t0 = r - (t1 * DILITHIUM_Q_LOW_88_2);
|
||||
#else
|
||||
/* Calculate real high value, When t0 > modulus, +1 to approx high value. */
|
||||
t2 = ((word32)(DILITHIUM_Q_LOW_88 - t0)) >> 31;
|
||||
t2 = (sword32)(((word32)DILITHIUM_Q_LOW_88 - (word32)t0) >> 31);
|
||||
t1 += t2;
|
||||
/* Calculate real low value. */
|
||||
t0 -= (0 - t2) & DILITHIUM_Q_LOW_88_2;
|
||||
t0 -= (sword32)((word32)(0 - t2) & DILITHIUM_Q_LOW_88_2);
|
||||
#endif
|
||||
/* -1 from low value if high value is 44. Was 43 but low is negative. */
|
||||
t0 -= ((word32)(43 - t1)) >> 31;
|
||||
t0 -= (sword32)(((word32)43 - (word32)t1) >> 31);
|
||||
/* When high value is 44, too large, set to 0. */
|
||||
t1 &= 0 - (((word32)(t1 - 44)) >> 31);
|
||||
t1 &= (sword32)(0U - (((word32)t1 - 44U) >> 31));
|
||||
|
||||
*r0 = t0;
|
||||
*r1 = t1;
|
||||
@@ -4848,7 +4856,7 @@ static void dilithium_decompose_q32(sword32 r, sword32* r0, sword32* r1)
|
||||
/* Calculate approx low value. */
|
||||
t0 = r - (t1 << 19) + (t1 << 9);
|
||||
/* Calculate real high value, When t0 > modulus, +1 to approx high value. */
|
||||
t1 += ((word32)(DILITHIUM_Q_LOW_32 - t0)) >> 31;
|
||||
t1 += (sword32)(((word32)DILITHIUM_Q_LOW_32 - (word32)t0) >> 31);
|
||||
/* Calculate real low value. */
|
||||
t0 = r - (t1 << 19) + (t1 << 9);
|
||||
/* -1 from low value if high value is 16. Was 15 but low is negative. */
|
||||
@@ -5281,7 +5289,7 @@ static int dilithium_make_hint(const sword32* s, const sword32* w1, byte k,
|
||||
}
|
||||
|
||||
/* Set remaining hints to zero. */
|
||||
XMEMSET(h + idx, 0, omega - idx);
|
||||
XMEMSET(h + idx, 0, (size_t)(omega - idx));
|
||||
return idx;
|
||||
}
|
||||
#endif /* !WOLFSSL_DILITHIUM_SIGN_SMALL_MEM */
|
||||
@@ -5401,14 +5409,14 @@ static void dilithium_use_hint_88(sword32* w1, const byte* h, unsigned int i,
|
||||
/* Check for hint. */
|
||||
if ((o < h[PARAMS_ML_DSA_44_OMEGA + i]) && (h[o] == (byte)j)) {
|
||||
/* Add or subtract hint based on sign of r0. */
|
||||
r1 += 1 - (2 * (((word32)r0) >> 31));
|
||||
r1 += (sword32)(1U - (2U * (((word32)r0) >> 31)));
|
||||
/* Go to next hint offset. */
|
||||
o++;
|
||||
}
|
||||
/* Fix up w1 to not be 44 but 0. */
|
||||
r1 &= 0 - (((word32)(r1 - 44)) >> 31);
|
||||
r1 &= (sword32)(0U - (((word32)r1 - 44U) >> 31));
|
||||
/* Hint may have reduced 0 to -1 which is actually 43. */
|
||||
r1 += (0 - (((word32)r1) >> 31)) & 44;
|
||||
r1 += (sword32)((0U - (((word32)r1) >> 31)) & 44U);
|
||||
/* Make w1 only the top part plus any hint. */
|
||||
w1[j] = r1;
|
||||
#endif
|
||||
@@ -7424,7 +7432,7 @@ static void dilithium_vec_mul(sword32* r, sword32* a, sword32* b, byte l)
|
||||
*/
|
||||
static void dilithium_poly_red_c(sword32* a)
|
||||
{
|
||||
word16 j;
|
||||
unsigned int j;
|
||||
#ifdef WOLFSSL_DILITHIUM_SMALL
|
||||
for (j = 0; j < DILITHIUM_N; j++) {
|
||||
a[j] = dilithium_red(a[j]);
|
||||
@@ -7496,7 +7504,7 @@ static void dilithium_vec_red(sword32* a, byte l)
|
||||
*/
|
||||
static void dilithium_sub_c(sword32* r, const sword32* a)
|
||||
{
|
||||
word16 j;
|
||||
unsigned int j;
|
||||
#ifdef WOLFSSL_DILITHIUM_SMALL
|
||||
for (j = 0; j < DILITHIUM_N; j++) {
|
||||
r[j] -= a[j];
|
||||
@@ -7564,7 +7572,7 @@ static void dilithium_vec_sub(sword32* r, const sword32* a, byte l)
|
||||
*/
|
||||
static void dilithium_add_c(sword32* r, const sword32* a)
|
||||
{
|
||||
word16 j;
|
||||
unsigned int j;
|
||||
#ifdef WOLFSSL_DILITHIUM_SMALL
|
||||
for (j = 0; j < DILITHIUM_N; j++) {
|
||||
r[j] += a[j];
|
||||
@@ -7624,27 +7632,33 @@ static void dilithium_vec_add(sword32* r, const sword32* a, byte l)
|
||||
}
|
||||
#endif
|
||||
|
||||
/* If v is negative, evaluate to Q. Otherwise evaluate to 0. Constant-time.
|
||||
* (word32)v >> 31 is 1 when v's sign bit is set. 0U - 1 = all-ones,
|
||||
* 0U - 0 = 0. & Q yields Q or 0. */
|
||||
#define DILITHIUM_POS_OFFSET(v) \
|
||||
((sword32)((0U - (((word32)(v)) >> 31)) & DILITHIUM_Q))
|
||||
|
||||
/* Make values in polynomial be in positive range.
|
||||
*
|
||||
* @param [in, out] a Polynomial.
|
||||
*/
|
||||
static void dilithium_make_pos_c(sword32* a)
|
||||
{
|
||||
word16 j;
|
||||
unsigned int j;
|
||||
#ifdef WOLFSSL_DILITHIUM_SMALL
|
||||
for (j = 0; j < DILITHIUM_N; j++) {
|
||||
a[j] += (0 - (((word32)a[j]) >> 31)) & DILITHIUM_Q;
|
||||
a[j] += DILITHIUM_POS_OFFSET(a[j]);
|
||||
}
|
||||
#else
|
||||
for (j = 0; j < DILITHIUM_N; j += 8) {
|
||||
a[j+0] += (0 - (((word32)a[j+0]) >> 31)) & DILITHIUM_Q;
|
||||
a[j+1] += (0 - (((word32)a[j+1]) >> 31)) & DILITHIUM_Q;
|
||||
a[j+2] += (0 - (((word32)a[j+2]) >> 31)) & DILITHIUM_Q;
|
||||
a[j+3] += (0 - (((word32)a[j+3]) >> 31)) & DILITHIUM_Q;
|
||||
a[j+4] += (0 - (((word32)a[j+4]) >> 31)) & DILITHIUM_Q;
|
||||
a[j+5] += (0 - (((word32)a[j+5]) >> 31)) & DILITHIUM_Q;
|
||||
a[j+6] += (0 - (((word32)a[j+6]) >> 31)) & DILITHIUM_Q;
|
||||
a[j+7] += (0 - (((word32)a[j+7]) >> 31)) & DILITHIUM_Q;
|
||||
a[j+0] += DILITHIUM_POS_OFFSET(a[j+0]);
|
||||
a[j+1] += DILITHIUM_POS_OFFSET(a[j+1]);
|
||||
a[j+2] += DILITHIUM_POS_OFFSET(a[j+2]);
|
||||
a[j+3] += DILITHIUM_POS_OFFSET(a[j+3]);
|
||||
a[j+4] += DILITHIUM_POS_OFFSET(a[j+4]);
|
||||
a[j+5] += DILITHIUM_POS_OFFSET(a[j+5]);
|
||||
a[j+6] += DILITHIUM_POS_OFFSET(a[j+6]);
|
||||
a[j+7] += DILITHIUM_POS_OFFSET(a[j+7]);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@@ -7797,7 +7811,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
|
||||
if (ret == 0) {
|
||||
unsigned int allocSz;
|
||||
|
||||
allocSz = params->s1Sz + params->s2Sz + params->s2Sz;
|
||||
allocSz = (unsigned int)params->s1Sz + params->s2Sz + params->s2Sz;
|
||||
#ifndef WC_DILITHIUM_CACHE_MATRIX_A
|
||||
allocSz += params->aSz;
|
||||
#endif
|
||||
@@ -7941,11 +7955,12 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
|
||||
unsigned int allocSz;
|
||||
|
||||
/* s1-l, s2-k, t-k, a-1 */
|
||||
allocSz = params->s1Sz + params->s2Sz + params->s2Sz +
|
||||
DILITHIUM_REJ_NTT_POLY_H_SIZE + DILITHIUM_POLY_SIZE;
|
||||
allocSz = (unsigned int)params->s1Sz + params->s2Sz + params->s2Sz +
|
||||
(unsigned int)DILITHIUM_REJ_NTT_POLY_H_SIZE +
|
||||
(unsigned int)DILITHIUM_POLY_SIZE;
|
||||
#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
|
||||
/* t64 */
|
||||
allocSz += DILITHIUM_POLY_SIZE * 2;
|
||||
allocSz += (unsigned int)DILITHIUM_POLY_SIZE * 2U;
|
||||
#endif
|
||||
s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
if (s1 == NULL) {
|
||||
@@ -8020,10 +8035,10 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
|
||||
unsigned int e;
|
||||
|
||||
/* Put r/i into buffer to be hashed. */
|
||||
aseed[DILITHIUM_PUB_SEED_SZ + 1] = r;
|
||||
aseed[DILITHIUM_PUB_SEED_SZ + 1] = (byte)r;
|
||||
for (s = 0; (ret == 0) && (s < params->l); s++) {
|
||||
/* Put s into buffer to be hashed. */
|
||||
aseed[DILITHIUM_PUB_SEED_SZ + 0] = s;
|
||||
aseed[DILITHIUM_PUB_SEED_SZ + 0] = (byte)s;
|
||||
/* Step 3: Expand public seed into a matrix of polynomials. */
|
||||
ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, a, h);
|
||||
if (ret != 0) {
|
||||
@@ -8351,11 +8366,11 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
/* y-l, w0-k, w1-k, c-1, z-l, ct0-k */
|
||||
allocSz = params->s1Sz + params->s2Sz + params->s2Sz +
|
||||
DILITHIUM_POLY_SIZE + params->s1Sz + params->s2Sz;
|
||||
allocSz = (unsigned int)params->s1Sz + params->s2Sz + params->s2Sz +
|
||||
(unsigned int)DILITHIUM_POLY_SIZE + params->s1Sz + params->s2Sz;
|
||||
#ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS
|
||||
/* s1-l, s2-k, t0-k */
|
||||
allocSz += params->s1Sz + params->s2Sz + params->s2Sz;
|
||||
allocSz += (unsigned int)params->s1Sz + params->s2Sz + params->s2Sz;
|
||||
#endif
|
||||
#ifndef WC_DILITHIUM_CACHE_MATRIX_A
|
||||
/* A */
|
||||
@@ -8543,7 +8558,7 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
|
||||
|
||||
/* Step 30: increment value to append to seed to unique value.
|
||||
*/
|
||||
kappa += params->l;
|
||||
kappa = (word16)(kappa + params->l);
|
||||
}
|
||||
}
|
||||
/* Step 11: Check we have a valid signature. */
|
||||
@@ -8610,16 +8625,19 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
|
||||
/* Allocate memory for large intermediates. */
|
||||
if (ret == 0) {
|
||||
/* y-l, w0-k, w1-k, blocks, c-1, z-1, A-1 */
|
||||
allocSz = params->s1Sz + params->s2Sz + params->s2Sz +
|
||||
DILITHIUM_REJ_NTT_POLY_H_SIZE +
|
||||
DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE;
|
||||
allocSz = (unsigned int)params->s1Sz + params->s2Sz + params->s2Sz +
|
||||
(unsigned int)DILITHIUM_REJ_NTT_POLY_H_SIZE +
|
||||
(unsigned int)DILITHIUM_POLY_SIZE +
|
||||
(unsigned int)DILITHIUM_POLY_SIZE +
|
||||
(unsigned int)DILITHIUM_POLY_SIZE;
|
||||
#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
|
||||
allocSz += params->s1Sz + params->s2Sz + params->s2Sz;
|
||||
allocSz += (unsigned int)params->s1Sz + params->s2Sz + params->s2Sz;
|
||||
#elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A)
|
||||
allocSz += maxK * params->l * DILITHIUM_POLY_SIZE;
|
||||
allocSz += (unsigned int)maxK * params->l *
|
||||
(unsigned int)DILITHIUM_POLY_SIZE;
|
||||
#endif
|
||||
#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
|
||||
allocSz += DILITHIUM_POLY_SIZE * 2;
|
||||
allocSz += (unsigned int)DILITHIUM_POLY_SIZE * 2U;
|
||||
#endif
|
||||
y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
if (y == NULL) {
|
||||
@@ -9088,7 +9106,7 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
|
||||
w1t += DILITHIUM_N;
|
||||
}
|
||||
/* Set remaining hints to zero. */
|
||||
XMEMSET(h + idx, 0, params->omega - idx);
|
||||
XMEMSET(h + idx, 0, (size_t)(params->omega - idx));
|
||||
}
|
||||
|
||||
if (!valid) {
|
||||
@@ -9099,7 +9117,7 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
|
||||
|
||||
/* Step 30: increment value to append to seed to unique value.
|
||||
*/
|
||||
kappa += params->l;
|
||||
kappa = (word16)(kappa + params->l);
|
||||
}
|
||||
}
|
||||
/* Step 11: Check we have a valid signature. */
|
||||
@@ -9595,8 +9613,8 @@ static int dilithium_verify_with_mu(dilithium_key* key, const byte* mu,
|
||||
unsigned int allocSz;
|
||||
|
||||
/* z, c, w, t1/t1c */
|
||||
allocSz = DILITHIUM_POLY_SIZE + params->s1Sz + params->s2Sz +
|
||||
params->s2Sz;
|
||||
allocSz = (unsigned int)DILITHIUM_POLY_SIZE + params->s1Sz +
|
||||
params->s2Sz + params->s2Sz;
|
||||
#ifndef WC_DILITHIUM_CACHE_MATRIX_A
|
||||
/* a */
|
||||
allocSz += params->aSz;
|
||||
@@ -9729,10 +9747,11 @@ static int dilithium_verify_with_mu(dilithium_key* key, const byte* mu,
|
||||
/* z, c, w, t1, w1e. */
|
||||
unsigned int allocSz;
|
||||
|
||||
allocSz = params->s1Sz + 3 * DILITHIUM_POLY_SIZE +
|
||||
DILITHIUM_REJ_NTT_POLY_H_SIZE + params->w1EncSz;
|
||||
allocSz = (unsigned int)params->s1Sz + params->w1EncSz +
|
||||
3U * (unsigned int)DILITHIUM_POLY_SIZE +
|
||||
(unsigned int)DILITHIUM_REJ_NTT_POLY_H_SIZE;
|
||||
#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
|
||||
allocSz += DILITHIUM_POLY_SIZE * 2;
|
||||
allocSz += (unsigned int)DILITHIUM_POLY_SIZE * 2U;
|
||||
#endif
|
||||
z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
if (z == NULL) {
|
||||
@@ -9844,10 +9863,10 @@ static int dilithium_verify_with_mu(dilithium_key* key, const byte* mu,
|
||||
|
||||
/* Step 5: Expand pub seed to compute matrix A. */
|
||||
/* Put r into buffer to be hashed. */
|
||||
seed[DILITHIUM_PUB_SEED_SZ + 1] = r;
|
||||
seed[DILITHIUM_PUB_SEED_SZ + 1] = (byte)r;
|
||||
for (s = 0; (ret == 0) && (s < params->l); s++) {
|
||||
/* Put s into buffer to be hashed. */
|
||||
seed[DILITHIUM_PUB_SEED_SZ + 0] = s;
|
||||
seed[DILITHIUM_PUB_SEED_SZ + 0] = (byte)s;
|
||||
/* Step 3: Create polynomial from hashing seed. */
|
||||
#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
|
||||
ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, key->h);
|
||||
@@ -10348,7 +10367,7 @@ int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcSign(hash, hashLen, sig, sigLen, ctx, ctxLen,
|
||||
hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
(word32)hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
@@ -10667,7 +10686,7 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcVerify(sig, sigLen, hash, hashLen, ctx, ctxLen,
|
||||
hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
(word32)hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
@@ -11294,7 +11313,7 @@ int wc_dilithium_check_key(dilithium_key* key)
|
||||
params = key->params;
|
||||
|
||||
/* s1-L, s2-K, t0-K, t-K, t1-K */
|
||||
allocSz = params->s1Sz + 4 * params->s2Sz;
|
||||
allocSz = (unsigned int)params->s1Sz + 4U * params->s2Sz;
|
||||
#if !defined(WC_DILITHIUM_CACHE_MATRIX_A)
|
||||
/* A-KxL */
|
||||
allocSz += params->aSz;
|
||||
@@ -11702,13 +11721,14 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz,
|
||||
#ifndef WC_DILITHIUM_FIXED_ARRAY
|
||||
if ((ret == 0) && (key->s1 == NULL)) {
|
||||
/* Allocate L vector s1, K vector s2 and K vector t0 if required. */
|
||||
key->s1 = (sword32*)XMALLOC(params->s1Sz + params->s2Sz + params->s2Sz,
|
||||
key->heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
key->s1 = (sword32*)XMALLOC((unsigned int)params->s1Sz + params->s2Sz +
|
||||
params->s2Sz, key->heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
if (key->s1 == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
XMEMSET(key->s1, 0, params->s1Sz + params->s2Sz + params->s2Sz);
|
||||
XMEMSET(key->s1, 0, (unsigned int)params->s1Sz + params->s2Sz +
|
||||
params->s2Sz);
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Set pointers into allocated memory. */
|
||||
@@ -12243,7 +12263,7 @@ static int dilitihium_get_der_length(const byte* input, word32* inOutIdx,
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
else {
|
||||
len = ((word16)input[idx + 1] << 8) + input[idx + 2];
|
||||
len = ((word32)input[idx + 1] << 8) + input[idx + 2];
|
||||
idx += 3;
|
||||
if (len < 0x100) {
|
||||
ret = ASN_PARSE_E;
|
||||
@@ -12325,7 +12345,7 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
#else
|
||||
int length = 0;
|
||||
unsigned char* oid = NULL;
|
||||
int oidLen = 0;
|
||||
word32 oidLen = 0;
|
||||
word32 idx = 0;
|
||||
#endif
|
||||
|
||||
@@ -12385,21 +12405,21 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
if (key->params->level == WC_ML_DSA_44_DRAFT) {
|
||||
oid = dilithium_oid_44;
|
||||
oidLen = (int)sizeof(dilithium_oid_44);
|
||||
oidLen = (word32)sizeof(dilithium_oid_44);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
if (key->params->level == WC_ML_DSA_65_DRAFT) {
|
||||
oid = dilithium_oid_65;
|
||||
oidLen = (int)sizeof(dilithium_oid_65);
|
||||
oidLen = (word32)sizeof(dilithium_oid_65);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
if (key->params->level == WC_ML_DSA_87_DRAFT) {
|
||||
oid = dilithium_oid_87;
|
||||
oidLen = (int)sizeof(dilithium_oid_87);
|
||||
oidLen = (word32)sizeof(dilithium_oid_87);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -12407,21 +12427,21 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
if (key->level == WC_ML_DSA_44) {
|
||||
oid = ml_dsa_oid_44;
|
||||
oidLen = (int)sizeof(ml_dsa_oid_44);
|
||||
oidLen = (word32)sizeof(ml_dsa_oid_44);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
if (key->level == WC_ML_DSA_65) {
|
||||
oid = ml_dsa_oid_65;
|
||||
oidLen = (int)sizeof(ml_dsa_oid_65);
|
||||
oidLen = (word32)sizeof(ml_dsa_oid_65);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
if (key->level == WC_ML_DSA_87) {
|
||||
oid = ml_dsa_oid_87;
|
||||
oidLen = (int)sizeof(ml_dsa_oid_87);
|
||||
oidLen = (word32)sizeof(ml_dsa_oid_87);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -12448,7 +12468,7 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
ret = dilitihium_get_der_length(input, &idx, &length, inSz);
|
||||
}
|
||||
if (ret == 0) {
|
||||
if ((length != oidLen) ||
|
||||
if (((word32)length != oidLen) ||
|
||||
(XMEMCMP(input + idx, oid, oidLen) != 0)) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user