wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

ML-KEM/Kyber: fix kyber_prf() for when no AVX2

Browse Source 
When no AVX2 available, kyber_prf() is called to produce more than one
SHAKE-256 blocks worth of ouput. Otherwise only one block is needed.
Changed function to support an outlen of greater than one block.
This commit is contained in:
Sean Parkinson
2024-12-20 11:03:58 +10:00
parent 65fc8f8d77
commit e507c466d5
1 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
wolfcrypt/src/wc_kyber_poly.c
View File

@ -2074,17 +2074,24 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
(25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64)); (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64));
state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
if (IS_INTEL_BMI2(cpuid_flags)) { while (outLen > 0) {
sha3_block_bmi2(state); unsigned int len = min(outLen, WC_SHA3_256_BLOCK_SIZE);
if (IS_INTEL_BMI2(cpuid_flags)) {
sha3_block_bmi2(state);
}
else if (IS_INTEL_AVX2(cpuid_flags) &&
(SAVE_VECTOR_REGISTERS2() == 0)) {
sha3_block_avx2(state);
RESTORE_VECTOR_REGISTERS();
}
else {
BlockSha3(state);
}
XMEMCPY(out, state, len);
out += len;
outLen -= len;
} }
else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
sha3_block_avx2(state);
RESTORE_VECTOR_REGISTERS();
}
else {
BlockSha3(state);
}
XMEMCPY(out, state, outLen);
return 0; return 0;
#else #else