diff options
Diffstat (limited to 'src')
37 files changed, 665 insertions, 251 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index fea18fd90..56b70e060 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -201,6 +201,12 @@ Each read generates 32 bits of output #define BOTAN_FUNC_ISA(isa) #endif +#if defined(__GNUG__) || defined(__clang__) + #define BOTAN_WARN_UNUSED_RESULT __attribute__ ((warn_unused_result)) +#else + #define BOTAN_WARN_UNUSED_RESULT +#endif + /* * Compile-time deprecation warnings */ diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 7fe2a3757..c89ae6046 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -347,7 +347,13 @@ class Speed final : public Command { using namespace std::placeholders; - if(auto enc = Botan::get_cipher_mode(algo, Botan::ENCRYPTION)) + if(Botan::HashFunction::providers(algo).size() > 0) + { + bench_providers_of<Botan::HashFunction>( + algo, provider, msec, buf_size, + std::bind(&Speed::bench_hash, this, _1, _2, _3, _4)); + } + else if(auto enc = Botan::get_cipher_mode(algo, Botan::ENCRYPTION)) { auto dec = Botan::get_cipher_mode(algo, Botan::DECRYPTION); bench_cipher_mode(*enc, *dec, msec, buf_size); @@ -364,12 +370,6 @@ class Speed final : public Command algo, provider, msec, buf_size, std::bind(&Speed::bench_stream_cipher, this, _1, _2, _3, _4)); } - else if(Botan::HashFunction::providers(algo).size() > 0) - { - bench_providers_of<Botan::HashFunction>( - algo, provider, msec, buf_size, - std::bind(&Speed::bench_hash, this, _1, _2, _3, _4)); - } else if(Botan::MessageAuthenticationCode::providers(algo).size() > 0) { bench_providers_of<Botan::MessageAuthenticationCode>( diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index b97688386..de7e08086 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -240,7 +240,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks socket_info.sin_addr = *reinterpret_cast<struct in_addr*>(host_addr->h_addr); // FIXME - if(::connect(fd, (sockaddr*)&socket_info, sizeof(struct sockaddr)) != 0) + if(::connect(fd, reinterpret_cast<sockaddr*>(&socket_info), sizeof(struct sockaddr)) != 0) { ::close(fd); throw CLI_Error("connect failed"); @@ -289,8 +289,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks while(length) { - ssize_t sent = ::send(m_sockfd, (const char*)buf + offset, - length, MSG_NOSIGNAL); + ssize_t sent = ::send(m_sockfd, buf + offset, length, MSG_NOSIGNAL); if(sent == -1) { diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 7fc38cf31..dd1c7f450 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -92,10 +92,10 @@ class TLS_Server final : public Command socklen_t from_len = sizeof(sockaddr_in); if(::recvfrom(server_fd, nullptr, 0, MSG_PEEK, - (struct sockaddr*)&from, &from_len) != 0) + reinterpret_cast<struct sockaddr*>(&from), &from_len) != 0) throw CLI_Error("Could not peek next packet"); - if(::connect(server_fd, (struct sockaddr*)&from, from_len) != 0) + if(::connect(server_fd, reinterpret_cast<struct sockaddr*>(&from), from_len) != 0) throw CLI_Error("Could not connect UDP socket"); fd = server_fd; @@ -192,7 +192,7 @@ class TLS_Server final : public Command // FIXME: support limiting listeners socket_info.sin_addr.s_addr = INADDR_ANY; - if(::bind(fd, (sockaddr*)&socket_info, sizeof(struct sockaddr)) != 0) + if(::bind(fd, reinterpret_cast<struct sockaddr*>(&socket_info), sizeof(struct sockaddr)) != 0) { ::close(fd); throw CLI_Error("server bind failed"); diff --git a/src/lib/asn1/asn1_obj.cpp b/src/lib/asn1/asn1_obj.cpp index e258cd809..7bf2d92ca 100644 --- a/src/lib/asn1/asn1_obj.cpp +++ b/src/lib/asn1/asn1_obj.cpp @@ -57,7 +57,7 @@ bool maybe_BER(DataSource& source) byte first_byte; if(!source.peek_byte(first_byte)) { - source.read_byte(first_byte); // force EOF + BOTAN_ASSERT_EQUAL(source.read_byte(first_byte), 0, "Expected EOF"); throw Stream_IO_Error("ASN1::maybe_BER: Source was empty"); } diff --git a/src/lib/filters/pipe.h b/src/lib/filters/pipe.h index 286484a81..8775e1433 100644 --- a/src/lib/filters/pipe.h +++ b/src/lib/filters/pipe.h @@ -134,7 +134,7 @@ class BOTAN_DLL Pipe final : public DataSource * for which the information is desired * @return number of bytes that can still be read */ - size_t remaining(message_id msg = DEFAULT_MESSAGE) const; + size_t remaining(message_id msg = DEFAULT_MESSAGE) const BOTAN_WARN_UNUSED_RESULT; /** * Read the default message from the pipe. Moves the internal @@ -145,7 +145,7 @@ class BOTAN_DLL Pipe final : public DataSource * @param length the length of the byte array output * @return number of bytes actually read into output */ - size_t read(byte output[], size_t length) override; + size_t read(byte output[], size_t length) override BOTAN_WARN_UNUSED_RESULT; /** * Read a specified message from the pipe. Moves the internal @@ -156,7 +156,7 @@ class BOTAN_DLL Pipe final : public DataSource * @param msg the number identifying the message to read from * @return number of bytes actually read into output */ - size_t read(byte output[], size_t length, message_id msg); + size_t read(byte output[], size_t length, message_id msg) BOTAN_WARN_UNUSED_RESULT; /** * Read a single byte from the pipe. Moves the internal offset so @@ -167,23 +167,24 @@ class BOTAN_DLL Pipe final : public DataSource * @param msg the message to read from * @return number of bytes actually read into output */ - size_t read(byte& output, message_id msg = DEFAULT_MESSAGE); + size_t read(byte& output, message_id msg = DEFAULT_MESSAGE) BOTAN_WARN_UNUSED_RESULT; /** * Read the full contents of the pipe. * @param msg the number identifying the message to read from * @return secure_vector holding the contents of the pipe */ - secure_vector<byte> read_all(message_id msg = DEFAULT_MESSAGE); + secure_vector<byte> read_all(message_id msg = DEFAULT_MESSAGE) BOTAN_WARN_UNUSED_RESULT; /** * Read the full contents of the pipe. * @param msg the number identifying the message to read from * @return string holding the contents of the pipe */ - std::string read_all_as_string(message_id = DEFAULT_MESSAGE); + std::string read_all_as_string(message_id = DEFAULT_MESSAGE) BOTAN_WARN_UNUSED_RESULT; - /** Read from the default message but do not modify the internal + /** + * Read from the default message but do not modify the internal * offset. Consecutive calls to peek() will return portions of * the message starting at the same position. * @param output the byte array to write the peeked message part to @@ -191,7 +192,7 @@ class BOTAN_DLL Pipe final : public DataSource * @param offset the offset from the current position in message * @return number of bytes actually peeked and written into output */ - size_t peek(byte output[], size_t length, size_t offset) const override; + size_t peek(byte output[], size_t length, size_t offset) const override BOTAN_WARN_UNUSED_RESULT; /** Read from the specified message but do not modify the * internal offset. Consecutive calls to peek() will return @@ -203,7 +204,7 @@ class BOTAN_DLL Pipe final : public DataSource * @return number of bytes actually peeked and written into output */ size_t peek(byte output[], size_t length, - size_t offset, message_id msg) const; + size_t offset, message_id msg) const BOTAN_WARN_UNUSED_RESULT; /** Read a single byte from the specified message but do not * modify the internal offset. Consecutive calls to peek() will @@ -214,7 +215,7 @@ class BOTAN_DLL Pipe final : public DataSource * @return number of bytes actually peeked and written into output */ size_t peek(byte& output, size_t offset, - message_id msg = DEFAULT_MESSAGE) const; + message_id msg = DEFAULT_MESSAGE) const BOTAN_WARN_UNUSED_RESULT; /** * @return the number of bytes read from the default message. diff --git a/src/lib/hash/hash.cpp b/src/lib/hash/hash.cpp index ede2f8c99..112554127 100644 --- a/src/lib/hash/hash.cpp +++ b/src/lib/hash/hash.cpp @@ -56,6 +56,10 @@ #include <botan/sha3.h> #endif +#if defined(BOTAN_HAS_SHAKE) + #include <botan/shake.h> +#endif + #if defined(BOTAN_HAS_SKEIN_512) #include <botan/skein_512.h> #endif @@ -242,6 +246,17 @@ std::unique_ptr<HashFunction> HashFunction::create(const std::string& algo_spec, } #endif +#if defined(BOTAN_HAS_SHAKE) + if(req.algo_name() == "SHAKE-128") + { + return std::unique_ptr<HashFunction>(new SHAKE_128(req.arg_as_integer(0, 128))); + } + if(req.algo_name() == "SHAKE-256") + { + return std::unique_ptr<HashFunction>(new SHAKE_256(req.arg_as_integer(0, 256))); + } +#endif + #if defined(BOTAN_HAS_WHIRLPOOL) if(req.algo_name() == "Whirlpool") { diff --git a/src/lib/hash/keccak/keccak.cpp b/src/lib/hash/keccak/keccak.cpp index 60cb20696..e0c67131b 100644 --- a/src/lib/hash/keccak/keccak.cpp +++ b/src/lib/hash/keccak/keccak.cpp @@ -44,47 +44,7 @@ void Keccak_1600::clear() void Keccak_1600::add_data(const byte input[], size_t length) { - if(length == 0) - return; - - while(length) - { - size_t to_take = std::min(length, m_bitrate / 8 - m_S_pos); - - length -= to_take; - - while(to_take && m_S_pos % 8) - { - m_S[m_S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (m_S_pos % 8)); - - ++m_S_pos; - ++input; - --to_take; - } - - while(to_take && to_take % 8 == 0) - { - m_S[m_S_pos / 8] ^= load_le<u64bit>(input, 0); - m_S_pos += 8; - input += 8; - to_take -= 8; - } - - while(to_take) - { - m_S[m_S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (m_S_pos % 8)); - - ++m_S_pos; - ++input; - --to_take; - } - - if(m_S_pos == m_bitrate / 8) - { - SHA_3::permute(m_S.data()); - m_S_pos = 0; - } - } + m_S_pos = SHA_3::absorb(m_bitrate, m_S, m_S_pos, input, length); } void Keccak_1600::final_result(byte output[]) diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp index 3897f0588..2361d7d5b 100644 --- a/src/lib/hash/sha3/sha3.cpp +++ b/src/lib/hash/sha3/sha3.cpp @@ -109,16 +109,6 @@ SHA_3::SHA_3(size_t output_bits) : std::to_string(output_bits)); } -SHA_3::SHA_3(size_t output_bits, size_t capacity) : - m_output_bits(output_bits), - m_bitrate(1600 - capacity), - m_S(25), - m_S_pos(0) - { - if(capacity == 0 || capacity >= 1600) - throw Invalid_Argument("Impossible SHA-3 capacity specified"); - } - std::string SHA_3::name() const { return "SHA-3(" + std::to_string(m_output_bits) + ")"; @@ -135,49 +125,84 @@ void SHA_3::clear() m_S_pos = 0; } -void SHA_3::add_data(const byte input[], size_t length) +//static +size_t SHA_3::absorb(size_t bitrate, + secure_vector<uint64_t>& S, size_t S_pos, + const byte input[], size_t length) { - if(length == 0) - return; - - while(length) + while(length > 0) { - size_t to_take = std::min(length, m_bitrate / 8 - m_S_pos); + size_t to_take = std::min(length, bitrate / 8 - S_pos); length -= to_take; - while(to_take && m_S_pos % 8) + while(to_take && S_pos % 8) { - m_S[m_S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (m_S_pos % 8)); + S[S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (S_pos % 8)); - ++m_S_pos; + ++S_pos; ++input; --to_take; } while(to_take && to_take % 8 == 0) { - m_S[m_S_pos / 8] ^= load_le<u64bit>(input, 0); - m_S_pos += 8; + S[S_pos / 8] ^= load_le<u64bit>(input, 0); + S_pos += 8; input += 8; to_take -= 8; } while(to_take) { - m_S[m_S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (m_S_pos % 8)); + S[S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (S_pos % 8)); - ++m_S_pos; + ++S_pos; ++input; --to_take; } - if(m_S_pos == m_bitrate / 8) + if(S_pos == bitrate / 8) { - SHA_3::permute(m_S.data()); - m_S_pos = 0; + SHA_3::permute(S.data()); + S_pos = 0; } } + + return S_pos; + } + +//static +void SHA_3::expand(size_t bitrate, + secure_vector<uint64_t>& S, + byte output[], size_t output_length) + { + BOTAN_ARG_CHECK(bitrate % 8 == 0); + + size_t Si = 0; + + for(size_t i = 0; i != output_length; ++i) + { + if(i > 0) + { + if(i % (bitrate / 8) == 0) + { + SHA_3::permute(S.data()); + Si = 0; + } + else if(i % 8 == 0) + { + Si += 1; + } + } + + output[i] = get_byte(7 - (i % 8), S[Si]); + } + } + +void SHA_3::add_data(const byte input[], size_t length) + { + m_S_pos = SHA_3::absorb(m_bitrate, m_S, m_S_pos, input, length); } void SHA_3::final_result(byte output[]) diff --git a/src/lib/hash/sha3/sha3.h b/src/lib/hash/sha3/sha3.h index c877bd938..649aa12fd 100644 --- a/src/lib/hash/sha3/sha3.h +++ b/src/lib/hash/sha3/sha3.h @@ -27,14 +27,6 @@ class BOTAN_DLL SHA_3 : public HashFunction */ SHA_3(size_t output_bits); - /** - * @param output_bits the size of the hash output; must be a - * multiple of 8 (ie, byte-wide outputs) - * @param capacity the capacity of the spong, normally always - * 2*output_bits with SHA-3. - */ - SHA_3(size_t output_bits, size_t capacity); - size_t hash_block_size() const override { return m_bitrate / 8; } size_t output_length() const override { return m_output_bits / 8; } @@ -42,6 +34,31 @@ class BOTAN_DLL SHA_3 : public HashFunction std::string name() const override; void clear() override; + // Static functions for internal usage + + /** + * Absorb data into the provided state + * @param bitrate the bitrate to absorb into the sponge + * @param S the sponge state + * @param S_pos where to begin absorbing into S + * @param input the input data + * @param length size of input in bytes + */ + static size_t absorb(size_t bitrate, + secure_vector<uint64_t>& S, size_t S_pos, + const byte input[], size_t length); + + /** + * Expand from provided state + * @param bitrate sponge parameter + * @param S the state + * @param output the output buffer + * @param output_length the size of output in bytes + */ + static void expand(size_t bitrate, + secure_vector<uint64_t>& S, + byte output[], size_t output_length); + /** * The bare Keccak-1600 permutation */ diff --git a/src/lib/hash/shake/info.txt b/src/lib/hash/shake/info.txt new file mode 100644 index 000000000..f579383eb --- /dev/null +++ b/src/lib/hash/shake/info.txt @@ -0,0 +1,5 @@ +define SHAKE 20161009 + +<requires> +sha3 +</requires> diff --git a/src/lib/hash/shake/shake.cpp b/src/lib/hash/shake/shake.cpp new file mode 100644 index 000000000..1ff6f1fd3 --- /dev/null +++ b/src/lib/hash/shake/shake.cpp @@ -0,0 +1,101 @@ +/* +* SHAKE-128/256 as a hash +* (C) 2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/shake.h> +#include <botan/sha3.h> +#include <botan/parsing.h> +#include <botan/exceptn.h> + +namespace Botan { + +SHAKE_128::SHAKE_128(size_t output_bits) : + m_output_bits(output_bits), m_S(25), m_S_pos(0) + { + if(output_bits % 8 != 0) + throw Invalid_Argument("SHAKE_128: Invalid output length " + + std::to_string(output_bits)); + } + +std::string SHAKE_128::name() const + { + return "SHAKE-128(" + std::to_string(m_output_bits) + ")"; + } + +HashFunction* SHAKE_128::clone() const + { + return new SHAKE_128(m_output_bits); + } + +void SHAKE_128::clear() + { + zeroise(m_S); + m_S_pos = 0; + } + +void SHAKE_128::add_data(const byte input[], size_t length) + { + m_S_pos = SHA_3::absorb(SHAKE_128_BITRATE, m_S, m_S_pos, input, length); + } + +void SHAKE_128::final_result(byte output[]) + { + std::vector<byte> padding(SHAKE_128_BITRATE / 8 - m_S_pos); + + padding[0] = 0x1F; + padding[padding.size()-1] |= 0x80; + + add_data(padding.data(), padding.size()); + + SHA_3::expand(SHAKE_128_BITRATE, m_S, output, output_length()); + + clear(); + } + +SHAKE_256::SHAKE_256(size_t output_bits) : + m_output_bits(output_bits), m_S(25), m_S_pos(0) + { + if(output_bits % 8 != 0) + throw Invalid_Argument("SHAKE_256: Invalid output length " + + std::to_string(output_bits)); + } + +std::string SHAKE_256::name() const + { + return "SHAKE-256(" + std::to_string(m_output_bits) + ")"; + } + +HashFunction* SHAKE_256::clone() const + { + return new SHAKE_256(m_output_bits); + } + +void SHAKE_256::clear() + { + zeroise(m_S); + m_S_pos = 0; + } + +void SHAKE_256::add_data(const byte input[], size_t length) + { + m_S_pos = SHA_3::absorb(SHAKE_256_BITRATE, m_S, m_S_pos, input, length); + } + +void SHAKE_256::final_result(byte output[]) + { + std::vector<byte> padding(SHAKE_256_BITRATE / 8 - m_S_pos); + + padding[0] = 0x1F; + padding[padding.size()-1] |= 0x80; + + add_data(padding.data(), padding.size()); + + SHA_3::expand(SHAKE_256_BITRATE, m_S, output, output_length()); + + clear(); + } + +} diff --git a/src/lib/hash/shake/shake.h b/src/lib/hash/shake/shake.h new file mode 100644 index 000000000..96c171323 --- /dev/null +++ b/src/lib/hash/shake/shake.h @@ -0,0 +1,81 @@ +/* +* SHAKE hash functions +* (C) 2010,2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_SHAKE_HASH_H__ +#define BOTAN_SHAKE_HASH_H__ + +#include <botan/hash.h> +#include <botan/secmem.h> +#include <string> + +namespace Botan { + +/** +* SHAKE-128 +*/ +class BOTAN_DLL SHAKE_128 : public HashFunction + { + public: + + /** + * @param output_bits the desired output size in bits + * must be a multiple of 8 + */ + SHAKE_128(size_t output_bits); + + size_t hash_block_size() const override { return SHAKE_128_BITRATE / 8; } + size_t output_length() const override { return m_output_bits / 8; } + + HashFunction* clone() const override; + std::string name() const override; + void clear() override; + + private: + void add_data(const byte input[], size_t length) override; + void final_result(byte out[]) override; + + static const size_t SHAKE_128_BITRATE = 1600 - 256; + + size_t m_output_bits; + secure_vector<u64bit> m_S; + size_t m_S_pos; + }; + +/** +* SHAKE-256 +*/ +class BOTAN_DLL SHAKE_256 : public HashFunction + { + public: + + /** + * @param output_bits the desired output size in bits + * must be a multiple of 8 + */ + SHAKE_256(size_t output_bits); + + size_t hash_block_size() const override { return SHAKE_256_BITRATE / 8; } + size_t output_length() const override { return m_output_bits / 8; } + + HashFunction* clone() const override; + std::string name() const override; + void clear() override; + + private: + void add_data(const byte input[], size_t length) override; + void final_result(byte out[]) override; + + static const size_t SHAKE_256_BITRATE = 1600 - 512; + + size_t m_output_bits; + secure_vector<u64bit> m_S; + size_t m_S_pos; + }; + +} + +#endif diff --git a/src/lib/misc/aont/package.cpp b/src/lib/misc/aont/package.cpp index a3be898d8..cec07d298 100644 --- a/src/lib/misc/aont/package.cpp +++ b/src/lib/misc/aont/package.cpp @@ -31,7 +31,8 @@ void aont_package(RandomNumberGenerator& rng, Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key)); pipe.process_msg(input, input_len); - pipe.read(output, pipe.remaining()); + const size_t remaining = pipe.remaining(); + BOTAN_ASSERT_EQUAL(remaining, pipe.read(output, remaining), "Expected read size"); // Set K0 (the all zero key) cipher->set_key(SymmetricKey(all_zeros)); @@ -113,7 +114,8 @@ void aont_unpackage(BlockCipher* cipher, pipe.process_msg(input, input_len - BLOCK_SIZE); - pipe.read(output, pipe.remaining()); + const size_t remaining = pipe.remaining(); + BOTAN_ASSERT_EQUAL(remaining, pipe.read(output, remaining), "Expected read size"); } } diff --git a/src/lib/misc/cryptobox/cryptobox.cpp b/src/lib/misc/cryptobox/cryptobox.cpp index c0fc9b777..95cdda149 100644 --- a/src/lib/misc/cryptobox/cryptobox.cpp +++ b/src/lib/misc/cryptobox/cryptobox.cpp @@ -88,9 +88,13 @@ std::string encrypt(const byte input[], size_t input_len, copy_mem(&out_buf[VERSION_CODE_LEN], pbkdf_salt.data(), PBKDF_SALT_LEN); - pipe.read(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN], MAC_OUTPUT_LEN, 1); - pipe.read(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN], - ciphertext_len, 0); + BOTAN_ASSERT_EQUAL( + pipe.read(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN], MAC_OUTPUT_LEN, 1), + MAC_OUTPUT_LEN, "MAC output"); + BOTAN_ASSERT_EQUAL( + pipe.read(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN], + ciphertext_len, 0), + ciphertext_len, "Ciphertext size"); return PEM_Code::encode(out_buf, "BOTAN CRYPTOBOX MESSAGE"); } @@ -139,7 +143,7 @@ std::string decrypt(const byte input[], size_t input_len, ciphertext.size() - ciphertext_offset); byte computed_mac[MAC_OUTPUT_LEN]; - pipe.read(computed_mac, MAC_OUTPUT_LEN, 1); + BOTAN_ASSERT_EQUAL(MAC_OUTPUT_LEN, pipe.read(computed_mac, MAC_OUTPUT_LEN, 1), "MAC size"); if(!same_mem(computed_mac, &ciphertext[VERSION_CODE_LEN + PBKDF_SALT_LEN], diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp index fe795fcde..ca4352370 100644 --- a/src/lib/prov/openssl/openssl_ec.cpp +++ b/src/lib/prov/openssl/openssl_ec.cpp @@ -223,7 +223,6 @@ namespace { class OpenSSL_ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF { public: - typedef ECDH_PrivateKey Key_Type; OpenSSL_ECDH_KA_Operation(const ECDH_PrivateKey& ecdh, const std::string& kdf) : PK_Ops::Key_Agreement_with_KDF(kdf), m_ossl_ec(::EC_KEY_new(), ::EC_KEY_free) diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp index ae3f1cce2..b03b747aa 100644 --- a/src/lib/prov/openssl/openssl_rsa.cpp +++ b/src/lib/prov/openssl/openssl_rsa.cpp @@ -40,7 +40,6 @@ std::pair<int, size_t> get_openssl_enc_pad(const std::string& eme) class OpenSSL_RSA_Encryption_Operation : public PK_Ops::Encryption { public: - typedef RSA_PublicKey Key_Type; OpenSSL_RSA_Encryption_Operation(const RSA_PublicKey& rsa, int pad, size_t pad_overhead) : m_openssl_rsa(nullptr, ::RSA_free), m_padding(pad) @@ -96,7 +95,6 @@ class OpenSSL_RSA_Encryption_Operation : public PK_Ops::Encryption class OpenSSL_RSA_Decryption_Operation : public PK_Ops::Decryption { public: - typedef RSA_PrivateKey Key_Type; OpenSSL_RSA_Decryption_Operation(const RSA_PrivateKey& rsa, int pad) : m_openssl_rsa(nullptr, ::RSA_free), m_padding(pad) @@ -142,7 +140,6 @@ class OpenSSL_RSA_Decryption_Operation : public PK_Ops::Decryption class OpenSSL_RSA_Verification_Operation : public PK_Ops::Verification_with_EMSA { public: - typedef RSA_PublicKey Key_Type; OpenSSL_RSA_Verification_Operation(const RSA_PublicKey& rsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), @@ -183,7 +180,6 @@ class OpenSSL_RSA_Verification_Operation : public PK_Ops::Verification_with_EMSA class OpenSSL_RSA_Signing_Operation : public PK_Ops::Signature_with_EMSA { public: - typedef RSA_PrivateKey Key_Type; OpenSSL_RSA_Signing_Operation(const RSA_PrivateKey& rsa, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), diff --git a/src/lib/prov/pkcs11/p11_rsa.cpp b/src/lib/prov/pkcs11/p11_rsa.cpp index 014419233..1e5f3341f 100644 --- a/src/lib/prov/pkcs11/p11_rsa.cpp +++ b/src/lib/prov/pkcs11/p11_rsa.cpp @@ -114,7 +114,6 @@ namespace { class PKCS11_RSA_Decryption_Operation final : public PK_Ops::Decryption { public: - typedef PKCS11_RSA_PrivateKey Key_Type; PKCS11_RSA_Decryption_Operation(const PKCS11_RSA_PrivateKey& key, const std::string& padding, @@ -173,7 +172,6 @@ class PKCS11_RSA_Decryption_Operation final : public PK_Ops::Decryption class PKCS11_RSA_Encryption_Operation : public PK_Ops::Encryption { public: - typedef PKCS11_RSA_PublicKey Key_Type; PKCS11_RSA_Encryption_Operation(const PKCS11_RSA_PublicKey& key, const std::string& padding) : m_key(key), m_mechanism(MechanismWrapper::create_rsa_crypt_mechanism(padding)) @@ -205,7 +203,6 @@ class PKCS11_RSA_Encryption_Operation : public PK_Ops::Encryption class PKCS11_RSA_Signature_Operation : public PK_Ops::Signature { public: - typedef PKCS11_RSA_PrivateKey Key_Type; PKCS11_RSA_Signature_Operation(const PKCS11_RSA_PrivateKey& key, const std::string& padding) : m_key(key), m_mechanism(MechanismWrapper::create_rsa_sign_mechanism(padding)) @@ -266,7 +263,6 @@ class PKCS11_RSA_Signature_Operation : public PK_Ops::Signature class PKCS11_RSA_Verification_Operation : public PK_Ops::Verification { public: - typedef PKCS11_RSA_PublicKey Key_Type; PKCS11_RSA_Verification_Operation(const PKCS11_RSA_PublicKey& key, const std::string& padding) : m_key(key), m_mechanism(MechanismWrapper::create_rsa_sign_mechanism(padding)) diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/curve25519/curve25519.cpp index fc2fcea0b..216d02600 100644 --- a/src/lib/pubkey/curve25519/curve25519.cpp +++ b/src/lib/pubkey/curve25519/curve25519.cpp @@ -120,7 +120,6 @@ namespace { class Curve25519_KA_Operation : public PK_Ops::Key_Agreement_with_KDF { public: - typedef Curve25519_PrivateKey Key_Type; Curve25519_KA_Operation(const Curve25519_PrivateKey& key, const std::string& kdf) : PK_Ops::Key_Agreement_with_KDF(kdf), diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index 41922c3db..8c7fdd289 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -82,7 +82,6 @@ namespace { class DH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF { public: - typedef DH_PrivateKey Key_Type; DH_KA_Operation(const DH_PrivateKey& key, const std::string& kdf, RandomNumberGenerator& rng) : PK_Ops::Key_Agreement_with_KDF(kdf), diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 1dde7eeb4..6ee633a45 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -78,7 +78,6 @@ namespace { class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA { public: - typedef DSA_PrivateKey Key_Type; DSA_Signature_Operation(const DSA_PrivateKey& dsa, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), m_q(dsa.group_q()), @@ -145,7 +144,6 @@ DSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, class DSA_Verification_Operation : public PK_Ops::Verification_with_EMSA { public: - typedef DSA_PublicKey Key_Type; DSA_Verification_Operation(const DSA_PublicKey& dsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index f3da737bb..1bdf2c209 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -26,7 +26,6 @@ namespace { class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF { public: - typedef ECDH_PrivateKey Key_Type; ECDH_KA_Operation(const ECDH_PrivateKey& key, const std::string& kdf) : PK_Ops::Key_Agreement_with_KDF(kdf), diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 48d16caca..0ee66c628 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -44,7 +44,6 @@ namespace { class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA { public: - typedef ECDSA_PrivateKey Key_Type; ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa, const std::string& emsa) : @@ -101,7 +100,6 @@ ECDSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, class ECDSA_Verification_Operation : public PK_Ops::Verification_with_EMSA { public: - typedef ECDSA_PublicKey Key_Type; ECDSA_Verification_Operation(const ECDSA_PublicKey& ecdsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index 136f2159a..f21f1bb27 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -32,7 +32,6 @@ namespace { class ECGDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA { public: - typedef ECGDSA_PrivateKey Key_Type; ECGDSA_Signature_Operation(const ECGDSA_PrivateKey& ecgdsa, const std::string& emsa) : @@ -83,7 +82,6 @@ ECGDSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, class ECGDSA_Verification_Operation : public PK_Ops::Verification_with_EMSA { public: - typedef ECGDSA_PublicKey Key_Type; ECGDSA_Verification_Operation(const ECGDSA_PublicKey& ecgdsa, const std::string& emsa) : diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index f3beeeb73..5e2b3394e 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -38,7 +38,6 @@ namespace { class ECKCDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA { public: - typedef ECKCDSA_PrivateKey Key_Type; ECKCDSA_Signature_Operation(const ECKCDSA_PrivateKey& eckcdsa, const std::string& emsa) : @@ -112,7 +111,6 @@ ECKCDSA_Signature_Operation::raw_sign(const byte msg[], size_t, class ECKCDSA_Verification_Operation : public PK_Ops::Verification_with_EMSA { public: - typedef ECKCDSA_PublicKey Key_Type; ECKCDSA_Verification_Operation(const ECKCDSA_PublicKey& eckcdsa, const std::string& emsa) : diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index f0ae594ec..90534a430 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -69,7 +69,6 @@ namespace { class ElGamal_Encryption_Operation : public PK_Ops::Encryption_with_EME { public: - typedef ElGamal_PublicKey Key_Type; size_t max_raw_input_bits() const override { return m_mod_p.get_modulus().bits() - 1; } @@ -122,7 +121,6 @@ ElGamal_Encryption_Operation::raw_encrypt(const byte msg[], size_t msg_len, class ElGamal_Decryption_Operation : public PK_Ops::Decryption_with_EME { public: - typedef ElGamal_PrivateKey Key_Type; size_t max_raw_input_bits() const override { return m_mod_p.get_modulus().bits() - 1; } diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 7fde29bc5..f483540d4 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -97,7 +97,6 @@ BigInt decode_le(const byte msg[], size_t msg_len) class GOST_3410_Signature_Operation : public PK_Ops::Signature_with_EMSA { public: - typedef GOST_3410_PrivateKey Key_Type; GOST_3410_Signature_Operation(const GOST_3410_PrivateKey& gost_3410, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), @@ -156,7 +155,6 @@ GOST_3410_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, class GOST_3410_Verification_Operation : public PK_Ops::Verification_with_EMSA { public: - typedef GOST_3410_PublicKey Key_Type; GOST_3410_Verification_Operation(const GOST_3410_PublicKey& gost, const std::string& emsa) : diff --git a/src/lib/pubkey/mce/mceliece_key.cpp b/src/lib/pubkey/mce/mceliece_key.cpp index c65322348..be34cd746 100644 --- a/src/lib/pubkey/mce/mceliece_key.cpp +++ b/src/lib/pubkey/mce/mceliece_key.cpp @@ -299,7 +299,6 @@ namespace { class MCE_KEM_Encryptor : public PK_Ops::KEM_Encryption_with_KDF { public: - typedef McEliece_PublicKey Key_Type; MCE_KEM_Encryptor(const McEliece_PublicKey& key, const std::string& kdf) : @@ -328,7 +327,6 @@ class MCE_KEM_Encryptor : public PK_Ops::KEM_Encryption_with_KDF class MCE_KEM_Decryptor : public PK_Ops::KEM_Decryption_with_KDF { public: - typedef McEliece_PrivateKey Key_Type; MCE_KEM_Decryptor(const McEliece_PrivateKey& key, const std::string& kdf) : diff --git a/src/lib/pubkey/newhope/newhope.cpp b/src/lib/pubkey/newhope/newhope.cpp index 35645e93c..356fd416e 100644 --- a/src/lib/pubkey/newhope/newhope.cpp +++ b/src/lib/pubkey/newhope/newhope.cpp @@ -47,9 +47,7 @@ inline uint16_t montgomery_reduce(uint32_t a) inline uint16_t barrett_reduce(uint16_t a) { - uint32_t u; - - u = ((uint32_t) a * 5) >> 16; + uint32_t u = (static_cast<uint32_t>(a) * 5) >> 16; u *= PARAM_Q; a -= u; return a; @@ -57,46 +55,40 @@ inline uint16_t barrett_reduce(uint16_t a) inline void mul_coefficients(uint16_t* poly, const uint16_t* factors) { - unsigned int i; - - for(i = 0; i < PARAM_N; i++) + for(size_t i = 0; i < PARAM_N; i++) poly[i] = montgomery_reduce((poly[i] * factors[i])); } /* GS_bo_to_no; omegas need to be in Montgomery domain */ inline void ntt(uint16_t * a, const uint16_t* omega) { - int i, start, j, jTwiddle, distance; - uint16_t temp, W; - - - for(i=0;i<10;i+=2) + for(size_t i=0;i<10;i+=2) { // Even level - distance = (1<<i); - for(start = 0; start < distance;start++) + size_t distance = (1<<i); + for(size_t start = 0; start < distance;start++) { - jTwiddle = 0; - for(j=start;j<PARAM_N-1;j+=2*distance) + size_t jTwiddle = 0; + for(size_t j=start;j<PARAM_N-1;j+=2*distance) { - W = omega[jTwiddle++]; - temp = a[j]; + uint16_t W = omega[jTwiddle++]; + uint16_t temp = a[j]; a[j] = (temp + a[j + distance]); // Omit reduction (be lazy) - a[j + distance] = montgomery_reduce((W * ((uint32_t)temp + 3*PARAM_Q - a[j + distance]))); + a[j + distance] = montgomery_reduce((W * (static_cast<uint32_t>(temp) + 3*PARAM_Q - a[j + distance]))); } } // Odd level distance <<= 1; - for(start = 0; start < distance;start++) + for(size_t start = 0; start < distance;start++) { - jTwiddle = 0; - for(j=start;j<PARAM_N-1;j+=2*distance) + size_t jTwiddle = 0; + for(size_t j=start;j<PARAM_N-1;j+=2*distance) { - W = omega[jTwiddle++]; - temp = a[j]; + uint16_t W = omega[jTwiddle++]; + uint16_t temp = a[j]; a[j] = barrett_reduce((temp + a[j + distance])); - a[j + distance] = montgomery_reduce((W * ((uint32_t)temp + 3*PARAM_Q - a[j + distance]))); + a[j + distance] = montgomery_reduce((W * (static_cast<uint32_t>(temp) + 3*PARAM_Q - a[j + distance]))); } } } @@ -104,27 +96,26 @@ inline void ntt(uint16_t * a, const uint16_t* omega) inline void poly_frombytes(poly *r, const uint8_t *a) { - int i; - for(i=0;i<PARAM_N/4;i++) + for(size_t i=0;i<PARAM_N/4;i++) { - r->coeffs[4*i+0] = a[7*i+0] | (((uint16_t)a[7*i+1] & 0x3f) << 8); - r->coeffs[4*i+1] = (a[7*i+1] >> 6) | (((uint16_t)a[7*i+2]) << 2) | (((uint16_t)a[7*i+3] & 0x0f) << 10); - r->coeffs[4*i+2] = (a[7*i+3] >> 4) | (((uint16_t)a[7*i+4]) << 4) | (((uint16_t)a[7*i+5] & 0x03) << 12); - r->coeffs[4*i+3] = (a[7*i+5] >> 2) | (((uint16_t)a[7*i+6]) << 6); + r->coeffs[4*i+0] = a[7*i+0] | ((static_cast<uint16_t>(a[7*i+1]) & 0x3f) << 8); + r->coeffs[4*i+1] = (a[7*i+1] >> 6) | (static_cast<uint16_t>(a[7*i+2]) << 2) | (static_cast<uint16_t>(a[7*i+3] & 0x0f) << 10); + r->coeffs[4*i+2] = (a[7*i+3] >> 4) | (static_cast<uint16_t>(a[7*i+4]) << 4) | (static_cast<uint16_t>(a[7*i+5] & 0x03) << 12); + r->coeffs[4*i+3] = (a[7*i+5] >> 2) | (static_cast<uint16_t>(a[7*i+6]) << 6); } } inline void poly_tobytes(uint8_t *r, const poly *p) { - int i; - for(i=0;i<PARAM_N/4;i++) + for(size_t i=0;i<PARAM_N/4;i++) { - uint16_t t0,t1,t2,t3,m; + uint16_t t0 = barrett_reduce(p->coeffs[4*i+0]); //Make sure that coefficients have only 14 bits + uint16_t t1 = barrett_reduce(p->coeffs[4*i+1]); + uint16_t t2 = barrett_reduce(p->coeffs[4*i+2]); + uint16_t t3 = barrett_reduce(p->coeffs[4*i+3]); + + uint16_t m; int16_t c; - t0 = barrett_reduce(p->coeffs[4*i+0]); //Make sure that coefficients have only 14 bits - t1 = barrett_reduce(p->coeffs[4*i+1]); - t2 = barrett_reduce(p->coeffs[4*i+2]); - t3 = barrett_reduce(p->coeffs[4*i+3]); m = t0 - PARAM_Q; c = m; @@ -162,7 +153,7 @@ inline void poly_getnoise(Botan::RandomNumberGenerator& rng, poly *r) rng.randomize(buf, 4*PARAM_N); - for(int i=0;i<PARAM_N;i++) + for(size_t i=0;i<PARAM_N;i++) { uint32_t t = load_le<u32bit>(buf, i); uint32_t d = 0; @@ -176,31 +167,153 @@ inline void poly_getnoise(Botan::RandomNumberGenerator& rng, poly *r) inline void poly_pointwise(poly *r, const poly *a, const poly *b) { - int i; - uint16_t t; - for(i=0;i<PARAM_N;i++) - { - t = montgomery_reduce(3186*b->coeffs[i]); /* t is now in Montgomery domain */ + for(size_t i=0;i<PARAM_N;i++) + { + uint16_t t = montgomery_reduce(3186*b->coeffs[i]); /* t is now in Montgomery domain */ r->coeffs[i] = montgomery_reduce(a->coeffs[i] * t); /* r->coeffs[i] is back in normal domain */ - } + } } inline void poly_add(poly *r, const poly *a, const poly *b) { - int i; - for(i=0;i<PARAM_N;i++) + for(size_t i=0;i<PARAM_N;i++) r->coeffs[i] = barrett_reduce(a->coeffs[i] + b->coeffs[i]); } inline void poly_ntt(poly *r) { -static const uint16_t omegas_montgomery[PARAM_N/2] = {4075,6974,7373,7965,3262,5079,522,2169,6364,1018,1041,8775,2344,11011,5574,1973,4536,1050,6844,3860,3818,6118,2683,1190,4789,7822,7540,6752,5456,4449,3789,12142,11973,382,3988,468,6843,5339,6196,3710,11316,1254,5435,10930,3998,10256,10367,3879,11889,1728,6137,4948,5862,6136,3643,6874,8724,654,10302,1702,7083,6760,56,3199,9987,605,11785,8076,5594,9260,6403,4782,6212,4624,9026,8689,4080,11868,6221,3602,975,8077,8851,9445,5681,3477,1105,142,241,12231,1003,3532,5009,1956,6008,11404,7377,2049,10968,12097,7591,5057,3445,4780,2920,7048,3127,8120,11279,6821,11502,8807,12138,2127,2839,3957,431,1579,6383,9784,5874,677,3336,6234,2766,1323,9115,12237,2031,6956,6413,2281,3969,3991,12133,9522,4737,10996,4774,5429,11871,3772,453,5908,2882,1805,2051,1954,11713,3963,2447,6142,8174,3030,1843,2361,12071,2908,3529,3434,3202,7796,2057,5369,11939,1512,6906,10474,11026,49,10806,5915,1489,9789,5942,10706,10431,7535,426,8974,3757,10314,9364,347,5868,9551,9634,6554,10596,9280,11566,174,2948,2503,6507,10723,11606,2459,64,3656,8455,5257,5919,7856,1747,9166,5486,9235,6065,835,3570,4240,11580,4046,10970,9139,1058,8210,11848,922,7967,1958,10211,1112,3728,4049,11130,5990,1404,325,948,11143,6190,295,11637,5766,8212,8273,2919,8527,6119,6992,8333,1360,2555,6167,1200,7105,7991,3329,9597,12121,5106,5961,10695,10327,3051,9923,4896,9326,81,3091,1000,7969,4611,726,1853,12149,4255,11112,2768,10654,1062,2294,3553,4805,2747,4846,8577,9154,1170,2319,790,11334,9275,9088,1326,5086,9094,6429,11077,10643,3504,3542,8668,9744,1479,1,8246,7143,11567,10984,4134,5736,4978,10938,5777,8961,4591,5728,6461,5023,9650,7468,949,9664,2975,11726,2744,9283,10092,5067,12171,2476,3748,11336,6522,827,9452,5374,12159,7935,3296,3949,9893,4452,10908,2525,3584,8112,8011,10616,4989,6958,11809,9447,12280,1022,11950,9821,11745,5791,5092,2089,9005,2881,3289,2013,9048,729,7901,1260,5755,4632,11955,2426,10593,1428,4890,5911,3932,9558,8830,3637,5542,145,5179,8595,3707,10530,355,3382,4231,9741,1207,9041,7012,1168,10146,11224,4645,11885,10911,10377,435,7952,4096,493,9908,6845,6039,2422,2187,9723,8643,9852,9302,6022,7278,1002,4284,5088,1607,7313,875,8509,9430,1045,2481,5012,7428,354,6591,9377,11847,2401,1067,7188,11516,390,8511,8456,7270,545,8585,9611,12047,1537,4143,4714,4885,1017,5084,1632,3066,27,1440,8526,9273,12046,11618,9289,3400,9890,3136,7098,8758,11813,7384,3985,11869,6730,10745,10111,2249,4048,2884,11136,2126,1630,9103,5407,2686,9042,2969,8311,9424,9919,8779,5332,10626,1777,4654,10863,7351,3636,9585,5291,8374,2166,4919,12176,9140,12129,7852,12286,4895,10805,2780,5195,2305,7247,9644,4053,10600,3364,3271,4057,4414,9442,7917,2174}; - - static const uint16_t psis_bitrev_montgomery[PARAM_N] = {4075,6974,7373,7965,3262,5079,522,2169,6364,1018,1041,8775,2344,11011,5574,1973,4536,1050,6844,3860,3818,6118,2683,1190,4789,7822,7540,6752,5456,4449,3789,12142,11973,382,3988,468,6843,5339,6196,3710,11316,1254,5435,10930,3998,10256,10367,3879,11889,1728,6137,4948,5862,6136,3643,6874,8724,654,10302,1702,7083,6760,56,3199,9987,605,11785,8076,5594,9260,6403,4782,6212,4624,9026,8689,4080,11868,6221,3602,975,8077,8851,9445,5681,3477,1105,142,241,12231,1003,3532,5009,1956,6008,11404,7377,2049,10968,12097,7591,5057,3445,4780,2920,7048,3127,8120,11279,6821,11502,8807,12138,2127,2839,3957,431,1579,6383,9784,5874,677,3336,6234,2766,1323,9115,12237,2031,6956,6413,2281,3969,3991,12133,9522,4737,10996,4774,5429,11871,3772,453,5908,2882,1805,2051,1954,11713,3963,2447,6142,8174,3030,1843,2361,12071,2908,3529,3434,3202,7796,2057,5369,11939,1512,6906,10474,11026,49,10806,5915,1489,9789,5942,10706,10431,7535,426,8974,3757,10314,9364,347,5868,9551,9634,6554,10596,9280,11566,174,2948,2503,6507,10723,11606,2459,64,3656,8455,5257,5919,7856,1747,9166,5486,9235,6065,835,3570,4240,11580,4046,10970,9139,1058,8210,11848,922,7967,1958,10211,1112,3728,4049,11130,5990,1404,325,948,11143,6190,295,11637,5766,8212,8273,2919,8527,6119,6992,8333,1360,2555,6167,1200,7105,7991,3329,9597,12121,5106,5961,10695,10327,3051,9923,4896,9326,81,3091,1000,7969,4611,726,1853,12149,4255,11112,2768,10654,1062,2294,3553,4805,2747,4846,8577,9154,1170,2319,790,11334,9275,9088,1326,5086,9094,6429,11077,10643,3504,3542,8668,9744,1479,1,8246,7143,11567,10984,4134,5736,4978,10938,5777,8961,4591,5728,6461,5023,9650,7468,949,9664,2975,11726,2744,9283,10092,5067,12171,2476,3748,11336,6522,827,9452,5374,12159,7935,3296,3949,9893,4452,10908,2525,3584,8112,8011,10616,4989,6958,11809,9447,12280,1022,11950,9821,11745,5791,5092,2089,9005,2881,3289,2013,9048,729,7901,1260,5755,4632,11955,2426,10593,1428,4890,5911,3932,9558,8830,3637,5542,145,5179,8595,3707,10530,355,3382,4231,9741,1207,9041,7012,1168,10146,11224,4645,11885,10911,10377,435,7952,4096,493,9908,6845,6039,2422,2187,9723,8643,9852,9302,6022,7278,1002,4284,5088,1607,7313,875,8509,9430,1045,2481,5012,7428,354,6591,9377,11847,2401,1067,7188,11516,390,8511,8456,7270,545,8585,9611,12047,1537,4143,4714,4885,1017,5084,1632,3066,27,1440,8526,9273,12046,11618,9289,3400,9890,3136,7098,8758,11813,7384,3985,11869,6730,10745,10111,2249,4048,2884,11136,2126,1630,9103,5407,2686,9042,2969,8311,9424,9919,8779,5332,10626,1777,4654,10863,7351,3636,9585,5291,8374,2166,4919,12176,9140,12129,7852,12286,4895,10805,2780,5195,2305,7247,9644,4053,10600,3364,3271,4057,4414,9442,7917,2174,3947,11951,2455,6599,10545,10975,3654,2894,7681,7126,7287,12269,4119,3343,2151,1522,7174,7350,11041,2442,2148,5959,6492,8330,8945,5598,3624,10397,1325,6565,1945,11260,10077,2674,3338,3276,11034,506,6505,1392,5478,8778,1178,2776,3408,10347,11124,2575,9489,12096,6092,10058,4167,6085,923,11251,11912,4578,10669,11914,425,10453,392,10104,8464,4235,8761,7376,2291,3375,7954,8896,6617,7790,1737,11667,3982,9342,6680,636,6825,7383,512,4670,2900,12050,7735,994,1687,11883,7021,146,10485,1403,5189,6094,2483,2054,3042,10945,3981,10821,11826,8882,8151,180,9600,7684,5219,10880,6780,204,11232,2600,7584,3121,3017,11053,7814,7043,4251,4739,11063,6771,7073,9261,2360,11925,1928,11825,8024,3678,3205,3359,11197,5209,8581,3238,8840,1136,9363,1826,3171,4489,7885,346,2068,1389,8257,3163,4840,6127,8062,8921,612,4238,10763,8067,125,11749,10125,5416,2110,716,9839,10584,11475,11873,3448,343,1908,4538,10423,7078,4727,1208,11572,3589,2982,1373,1721,10753,4103,2429,4209,5412,5993,9011,438,3515,7228,1218,8347,5232,8682,1327,7508,4924,448,1014,10029,12221,4566,5836,12229,2717,1535,3200,5588,5845,412,5102,7326,3744,3056,2528,7406,8314,9202,6454,6613,1417,10032,7784,1518,3765,4176,5063,9828,2275,6636,4267,6463,2065,7725,3495,8328,8755,8144,10533,5966,12077,9175,9520,5596,6302,8400,579,6781,11014,5734,11113,11164,4860,1131,10844,9068,8016,9694,3837,567,9348,7000,6627,7699,5082,682,11309,5207,4050,7087,844,7434,3769,293,9057,6940,9344,10883,2633,8190,3944,5530,5604,3480,2171,9282,11024,2213,8136,3805,767,12239,216,11520,6763,10353,7,8566,845,7235,3154,4360,3285,10268,2832,3572,1282,7559,3229,8360,10583,6105,3120,6643,6203,8536,8348,6919,3536,9199,10891,11463,5043,1658,5618,8787,5789,4719,751,11379,6389,10783,3065,7806,6586,2622,5386,510,7628,6921,578,10345,11839,8929,4684,12226,7154,9916,7302,8481,3670,11066,2334,1590,7878,10734,1802,1891,5103,6151,8820,3418,7846,9951,4693,417,9996,9652,4510,2946,5461,365,881,1927,1015,11675,11009,1371,12265,2485,11385,5039,6742,8449,1842,12217,8176,9577,4834,7937,9461,2643,11194,3045,6508,4094,3451,7911,11048,5406,4665,3020,6616,11345,7519,3669,5287,1790,7014,5410,11038,11249,2035,6125,10407,4565,7315,5078,10506,2840,2478,9270,4194,9195,4518,7469,1160,6878,2730,10421,10036,1734,3815,10939,5832,10595,10759,4423,8420,9617,7119,11010,11424,9173,189,10080,10526,3466,10588,7592,3578,11511,7785,9663,530,12150,8957,2532,3317,9349,10243,1481,9332,3454,3758,7899,4218,2593,11410,2276,982,6513,1849,8494,9021,4523,7988,8,457,648,150,8000,2307,2301,874,5650,170,9462,2873,9855,11498,2535,11169,5808,12268,9687,1901,7171,11787,3846,1573,6063,3793,466,11259,10608,3821,6320,4649,6263,2929}; +static const uint16_t omegas_montgomery[PARAM_N/2] = { + 4075, 6974, 7373, 7965, 3262, 5079, 522, 2169, 6364, 1018, 1041, 8775, 2344, + 11011, 5574, 1973, 4536, 1050, 6844, 3860, 3818, 6118, 2683, 1190, 4789, + 7822, 7540, 6752, 5456, 4449, 3789, 12142, 11973, 382, 3988, 468, 6843, 5339, + 6196, 3710, 11316, 1254, 5435, 10930, 3998, 10256, 10367, 3879, 11889, 1728, + 6137, 4948, 5862, 6136, 3643, 6874, 8724, 654, 10302, 1702, 7083, 6760, 56, + 3199, 9987, 605, 11785, 8076, 5594, 9260, 6403, 4782, 6212, 4624, 9026, 8689, + 4080, 11868, 6221, 3602, 975, 8077, 8851, 9445, 5681, 3477, 1105, 142, 241, + 12231, 1003, 3532, 5009, 1956, 6008, 11404, 7377, 2049, 10968, 12097, 7591, + 5057, 3445, 4780, 2920, 7048, 3127, 8120, 11279, 6821, 11502, 8807, 12138, + 2127, 2839, 3957, 431, 1579, 6383, 9784, 5874, 677, 3336, 6234, 2766, 1323, + 9115, 12237, 2031, 6956, 6413, 2281, 3969, 3991, 12133, 9522, 4737, 10996, + 4774, 5429, 11871, 3772, 453, 5908, 2882, 1805, 2051, 1954, 11713, 3963, + 2447, 6142, 8174, 3030, 1843, 2361, 12071, 2908, 3529, 3434, 3202, 7796, + 2057, 5369, 11939, 1512, 6906, 10474, 11026, 49, 10806, 5915, 1489, 9789, + 5942, 10706, 10431, 7535, 426, 8974, 3757, 10314, 9364, 347, 5868, 9551, + 9634, 6554, 10596, 9280, 11566, 174, 2948, 2503, 6507, 10723, 11606, 2459, + 64, 3656, 8455, 5257, 5919, 7856, 1747, 9166, 5486, 9235, 6065, 835, 3570, + 4240, 11580, 4046, 10970, 9139, 1058, 8210, 11848, 922, 7967, 1958, 10211, + 1112, 3728, 4049, 11130, 5990, 1404, 325, 948, 11143, 6190, 295, 11637, 5766, + 8212, 8273, 2919, 8527, 6119, 6992, 8333, 1360, 2555, 6167, 1200, 7105, 7991, + 3329, 9597, 12121, 5106, 5961, 10695, 10327, 3051, 9923, 4896, 9326, 81, + 3091, 1000, 7969, 4611, 726, 1853, 12149, 4255, 11112, 2768, 10654, 1062, + 2294, 3553, 4805, 2747, 4846, 8577, 9154, 1170, 2319, 790, 11334, 9275, 9088, + 1326, 5086, 9094, 6429, 11077, 10643, 3504, 3542, 8668, 9744, 1479, 1, 8246, + 7143, 11567, 10984, 4134, 5736, 4978, 10938, 5777, 8961, 4591, 5728, 6461, + 5023, 9650, 7468, 949, 9664, 2975, 11726, 2744, 9283, 10092, 5067, 12171, + 2476, 3748, 11336, 6522, 827, 9452, 5374, 12159, 7935, 3296, 3949, 9893, + 4452, 10908, 2525, 3584, 8112, 8011, 10616, 4989, 6958, 11809, 9447, 12280, + 1022, 11950, 9821, 11745, 5791, 5092, 2089, 9005, 2881, 3289, 2013, 9048, + 729, 7901, 1260, 5755, 4632, 11955, 2426, 10593, 1428, 4890, 5911, 3932, + 9558, 8830, 3637, 5542, 145, 5179, 8595, 3707, 10530, 355, 3382, 4231, 9741, + 1207, 9041, 7012, 1168, 10146, 11224, 4645, 11885, 10911, 10377, 435, 7952, + 4096, 493, 9908, 6845, 6039, 2422, 2187, 9723, 8643, 9852, 9302, 6022, 7278, + 1002, 4284, 5088, 1607, 7313, 875, 8509, 9430, 1045, 2481, 5012, 7428, 354, + 6591, 9377, 11847, 2401, 1067, 7188, 11516, 390, 8511, 8456, 7270, 545, 8585, + 9611, 12047, 1537, 4143, 4714, 4885, 1017, 5084, 1632, 3066, 27, 1440, 8526, + 9273, 12046, 11618, 9289, 3400, 9890, 3136, 7098, 8758, 11813, 7384, 3985, + 11869, 6730, 10745, 10111, 2249, 4048, 2884, 11136, 2126, 1630, 9103, 5407, + 2686, 9042, 2969, 8311, 9424, 9919, 8779, 5332, 10626, 1777, 4654, 10863, + 7351, 3636, 9585, 5291, 8374, 2166, 4919, 12176, 9140, 12129, 7852, 12286, + 4895, 10805, 2780, 5195, 2305, 7247, 9644, 4053, 10600, 3364, 3271, 4057, + 4414, 9442, 7917, 2174}; + +static const uint16_t psis_bitrev_montgomery[PARAM_N] = { + 4075, 6974, 7373, 7965, 3262, 5079, 522, 2169, 6364, 1018, 1041, 8775, 2344, + 11011, 5574, 1973, 4536, 1050, 6844, 3860, 3818, 6118, 2683, 1190, 4789, + 7822, 7540, 6752, 5456, 4449, 3789, 12142, 11973, 382, 3988, 468, 6843, 5339, + 6196, 3710, 11316, 1254, 5435, 10930, 3998, 10256, 10367, 3879, 11889, 1728, + 6137, 4948, 5862, 6136, 3643, 6874, 8724, 654, 10302, 1702, 7083, 6760, 56, + 3199, 9987, 605, 11785, 8076, 5594, 9260, 6403, 4782, 6212, 4624, 9026, 8689, + 4080, 11868, 6221, 3602, 975, 8077, 8851, 9445, 5681, 3477, 1105, 142, 241, + 12231, 1003, 3532, 5009, 1956, 6008, 11404, 7377, 2049, 10968, 12097, 7591, + 5057, 3445, 4780, 2920, 7048, 3127, 8120, 11279, 6821, 11502, 8807, 12138, + 2127, 2839, 3957, 431, 1579, 6383, 9784, 5874, 677, 3336, 6234, 2766, 1323, + 9115, 12237, 2031, 6956, 6413, 2281, 3969, 3991, 12133, 9522, 4737, 10996, + 4774, 5429, 11871, 3772, 453, 5908, 2882, 1805, 2051, 1954, 11713, 3963, + 2447, 6142, 8174, 3030, 1843, 2361, 12071, 2908, 3529, 3434, 3202, 7796, + 2057, 5369, 11939, 1512, 6906, 10474, 11026, 49, 10806, 5915, 1489, 9789, + 5942, 10706, 10431, 7535, 426, 8974, 3757, 10314, 9364, 347, 5868, 9551, + 9634, 6554, 10596, 9280, 11566, 174, 2948, 2503, 6507, 10723, 11606, 2459, + 64, 3656, 8455, 5257, 5919, 7856, 1747, 9166, 5486, 9235, 6065, 835, 3570, + 4240, 11580, 4046, 10970, 9139, 1058, 8210, 11848, 922, 7967, 1958, 10211, + 1112, 3728, 4049, 11130, 5990, 1404, 325, 948, 11143, 6190, 295, 11637, 5766, + 8212, 8273, 2919, 8527, 6119, 6992, 8333, 1360, 2555, 6167, 1200, 7105, 7991, + 3329, 9597, 12121, 5106, 5961, 10695, 10327, 3051, 9923, 4896, 9326, 81, + 3091, 1000, 7969, 4611, 726, 1853, 12149, 4255, 11112, 2768, 10654, 1062, + 2294, 3553, 4805, 2747, 4846, 8577, 9154, 1170, 2319, 790, 11334, 9275, 9088, + 1326, 5086, 9094, 6429, 11077, 10643, 3504, 3542, 8668, 9744, 1479, 1, 8246, + 7143, 11567, 10984, 4134, 5736, 4978, 10938, 5777, 8961, 4591, 5728, 6461, + 5023, 9650, 7468, 949, 9664, 2975, 11726, 2744, 9283, 10092, 5067, 12171, + 2476, 3748, 11336, 6522, 827, 9452, 5374, 12159, 7935, 3296, 3949, 9893, + 4452, 10908, 2525, 3584, 8112, 8011, 10616, 4989, 6958, 11809, 9447, 12280, + 1022, 11950, 9821, 11745, 5791, 5092, 2089, 9005, 2881, 3289, 2013, 9048, + 729, 7901, 1260, 5755, 4632, 11955, 2426, 10593, 1428, 4890, 5911, 3932, + 9558, 8830, 3637, 5542, 145, 5179, 8595, 3707, 10530, 355, 3382, 4231, 9741, + 1207, 9041, 7012, 1168, 10146, 11224, 4645, 11885, 10911, 10377, 435, 7952, + 4096, 493, 9908, 6845, 6039, 2422, 2187, 9723, 8643, 9852, 9302, 6022, 7278, + 1002, 4284, 5088, 1607, 7313, 875, 8509, 9430, 1045, 2481, 5012, 7428, 354, + 6591, 9377, 11847, 2401, 1067, 7188, 11516, 390, 8511, 8456, 7270, 545, 8585, + 9611, 12047, 1537, 4143, 4714, 4885, 1017, 5084, 1632, 3066, 27, 1440, 8526, + 9273, 12046, 11618, 9289, 3400, 9890, 3136, 7098, 8758, 11813, 7384, 3985, + 11869, 6730, 10745, 10111, 2249, 4048, 2884, 11136, 2126, 1630, 9103, 5407, + 2686, 9042, 2969, 8311, 9424, 9919, 8779, 5332, 10626, 1777, 4654, 10863, + 7351, 3636, 9585, 5291, 8374, 2166, 4919, 12176, 9140, 12129, 7852, 12286, + 4895, 10805, 2780, 5195, 2305, 7247, 9644, 4053, 10600, 3364, 3271, 4057, + 4414, 9442, 7917, 2174, 3947, 11951, 2455, 6599, 10545, 10975, 3654, 2894, + 7681, 7126, 7287, 12269, 4119, 3343, 2151, 1522, 7174, 7350, 11041, 2442, + 2148, 5959, 6492, 8330, 8945, 5598, 3624, 10397, 1325, 6565, 1945, 11260, + 10077, 2674, 3338, 3276, 11034, 506, 6505, 1392, 5478, 8778, 1178, 2776, + 3408, 10347, 11124, 2575, 9489, 12096, 6092, 10058, 4167, 6085, 923, 11251, + 11912, 4578, 10669, 11914, 425, 10453, 392, 10104, 8464, 4235, 8761, 7376, + 2291, 3375, 7954, 8896, 6617, 7790, 1737, 11667, 3982, 9342, 6680, 636, 6825, + 7383, 512, 4670, 2900, 12050, 7735, 994, 1687, 11883, 7021, 146, 10485, 1403, + 5189, 6094, 2483, 2054, 3042, 10945, 3981, 10821, 11826, 8882, 8151, 180, + 9600, 7684, 5219, 10880, 6780, 204, 11232, 2600, 7584, 3121, 3017, 11053, + 7814, 7043, 4251, 4739, 11063, 6771, 7073, 9261, 2360, 11925, 1928, 11825, + 8024, 3678, 3205, 3359, 11197, 5209, 8581, 3238, 8840, 1136, 9363, 1826, + 3171, 4489, 7885, 346, 2068, 1389, 8257, 3163, 4840, 6127, 8062, 8921, 612, + 4238, 10763, 8067, 125, 11749, 10125, 5416, 2110, 716, 9839, 10584, 11475, + 11873, 3448, 343, 1908, 4538, 10423, 7078, 4727, 1208, 11572, 3589, 2982, + 1373, 1721, 10753, 4103, 2429, 4209, 5412, 5993, 9011, 438, 3515, 7228, 1218, + 8347, 5232, 8682, 1327, 7508, 4924, 448, 1014, 10029, 12221, 4566, 5836, + 12229, 2717, 1535, 3200, 5588, 5845, 412, 5102, 7326, 3744, 3056, 2528, 7406, + 8314, 9202, 6454, 6613, 1417, 10032, 7784, 1518, 3765, 4176, 5063, 9828, + 2275, 6636, 4267, 6463, 2065, 7725, 3495, 8328, 8755, 8144, 10533, 5966, + 12077, 9175, 9520, 5596, 6302, 8400, 579, 6781, 11014, 5734, 11113, 11164, + 4860, 1131, 10844, 9068, 8016, 9694, 3837, 567, 9348, 7000, 6627, 7699, 5082, + 682, 11309, 5207, 4050, 7087, 844, 7434, 3769, 293, 9057, 6940, 9344, 10883, + 2633, 8190, 3944, 5530, 5604, 3480, 2171, 9282, 11024, 2213, 8136, 3805, 767, + 12239, 216, 11520, 6763, 10353, 7, 8566, 845, 7235, 3154, 4360, 3285, 10268, + 2832, 3572, 1282, 7559, 3229, 8360, 10583, 6105, 3120, 6643, 6203, 8536, + 8348, 6919, 3536, 9199, 10891, 11463, 5043, 1658, 5618, 8787, 5789, 4719, + 751, 11379, 6389, 10783, 3065, 7806, 6586, 2622, 5386, 510, 7628, 6921, 578, + 10345, 11839, 8929, 4684, 12226, 7154, 9916, 7302, 8481, 3670, 11066, 2334, + 1590, 7878, 10734, 1802, 1891, 5103, 6151, 8820, 3418, 7846, 9951, 4693, 417, + 9996, 9652, 4510, 2946, 5461, 365, 881, 1927, 1015, 11675, 11009, 1371, + 12265, 2485, 11385, 5039, 6742, 8449, 1842, 12217, 8176, 9577, 4834, 7937, + 9461, 2643, 11194, 3045, 6508, 4094, 3451, 7911, 11048, 5406, 4665, 3020, + 6616, 11345, 7519, 3669, 5287, 1790, 7014, 5410, 11038, 11249, 2035, 6125, + 10407, 4565, 7315, 5078, 10506, 2840, 2478, 9270, 4194, 9195, 4518, 7469, + 1160, 6878, 2730, 10421, 10036, 1734, 3815, 10939, 5832, 10595, 10759, 4423, + 8420, 9617, 7119, 11010, 11424, 9173, 189, 10080, 10526, 3466, 10588, 7592, + 3578, 11511, 7785, 9663, 530, 12150, 8957, 2532, 3317, 9349, 10243, 1481, + 9332, 3454, 3758, 7899, 4218, 2593, 11410, 2276, 982, 6513, 1849, 8494, 9021, + 4523, 7988, 8, 457, 648, 150, 8000, 2307, 2301, 874, 5650, 170, 9462, 2873, + 9855, 11498, 2535, 11169, 5808, 12268, 9687, 1901, 7171, 11787, 3846, 1573, + 6063, 3793, 466, 11259, 10608, 3821, 6320, 4649, 6263, 2929}; mul_coefficients(r->coeffs, psis_bitrev_montgomery); - ntt((uint16_t *)r->coeffs, omegas_montgomery); + ntt(r->coeffs, omegas_montgomery); } inline void bitrev_vector(uint16_t* poly) @@ -257,12 +370,138 @@ static const uint16_t bitrev_table[1024] = { inline void poly_invntt(poly *r) { -static const uint16_t omegas_inv_montgomery[PARAM_N/2] = {4075,5315,4324,4916,10120,11767,7210,9027,10316,6715,1278,9945,3514,11248,11271,5925,147,8500,7840,6833,5537,4749,4467,7500,11099,9606,6171,8471,8429,5445,11239,7753,9090,12233,5529,5206,10587,1987,11635,3565,5415,8646,6153,6427,7341,6152,10561,400,8410,1922,2033,8291,1359,6854,11035,973,8579,6093,6950,5446,11821,8301,11907,316,52,3174,10966,9523,6055,8953,11612,6415,2505,5906,10710,11858,8332,9450,10162,151,3482,787,5468,1010,4169,9162,5241,9369,7509,8844,7232,4698,192,1321,10240,4912,885,6281,10333,7280,8757,11286,58,12048,12147,11184,8812,6608,2844,3438,4212,11314,8687,6068,421,8209,3600,3263,7665,6077,7507,5886,3029,6695,4213,504,11684,2302,1962,1594,6328,7183,168,2692,8960,4298,5184,11089,6122,9734,10929,3956,5297,6170,3762,9370,4016,4077,6523,652,11994,6099,1146,11341,11964,10885,6299,1159,8240,8561,11177,2078,10331,4322,11367,441,4079,11231,3150,1319,8243,709,8049,8719,11454,6224,3054,6803,3123,10542,4433,6370,7032,3834,8633,12225,9830,683,1566,5782,9786,9341,12115,723,3009,1693,5735,2655,2738,6421,11942,2925,1975,8532,3315,11863,4754,1858,1583,6347,2500,10800,6374,1483,12240,1263,1815,5383,10777,350,6920,10232,4493,9087,8855,8760,9381,218,9928,10446,9259,4115,6147,9842,8326,576,10335,10238,10484,9407,6381,11836,8517,418,6860,7515,1293,7552,2767,156,8298,8320,10008,5876,5333,10258,10115,4372,2847,7875,8232,9018,8925,1689,8236,2645,5042,9984,7094,9509,1484,7394,3,4437,160,3149,113,7370,10123,3915,6998,2704,8653,4938,1426,7635,10512,1663,6957,3510,2370,2865,3978,9320,3247,9603,6882,3186,10659,10163,1153,9405,8241,10040,2178,1544,5559,420,8304,4905,476,3531,5191,9153,2399,8889,3000,671,243,3016,3763,10849,12262,9223,10657,7205,11272,7404,7575,8146,10752,242,2678,3704,11744,5019,3833,3778,11899,773,5101,11222,9888,442,2912,5698,11935,4861,7277,9808,11244,2859,3780,11414,4976,10682,7201,8005,11287,5011,6267,2987,2437,3646,2566,10102,9867,6250,5444,2381,11796,8193,4337,11854,1912,1378,404,7644,1065,2143,11121,5277,3248,11082,2548,8058,8907,11934,1759,8582,3694,7110,12144,6747,8652,3459,2731,8357,6378,7399,10861,1696,9863,334,7657,6534,11029,4388,11560,3241,10276,9000,9408,3284,10200,7197,6498,544,2468,339,11267,9,2842,480,5331,7300,1673,4278,4177,8705,9764,1381,7837,2396,8340,8993,4354,130,6915,2837,11462,5767,953,8541,9813,118,7222,2197,3006,9545,563,9314,2625,11340,4821,2639,7266,5828,6561,7698,3328,6512,1351,7311,6553,8155,1305,722,5146,4043,12288,10810,2545,3621,8747,8785,1646,1212,5860,3195,7203,10963,3201,3014,955,11499,9970,11119,3135,3712,7443,9542,7484,8736,9995,11227,1635,9521,1177,8034,140,10436,11563,7678,4320,11289,9198,12208,2963,7393,2366,9238}; - -static const uint16_t psis_inv_montgomery[PARAM_N] = {256,10570,1510,7238,1034,7170,6291,7921,11665,3422,4000,2327,2088,5565,795,10647,1521,5484,2539,7385,1055,7173,8047,11683,1669,1994,3796,5809,4341,9398,11876,12230,10525,12037,12253,3506,4012,9351,4847,2448,7372,9831,3160,2207,5582,2553,7387,6322,9681,1383,10731,1533,219,5298,4268,7632,6357,9686,8406,4712,9451,10128,4958,5975,11387,8649,11769,6948,11526,12180,1740,10782,6807,2728,7412,4570,4164,4106,11120,12122,8754,11784,3439,5758,11356,6889,9762,11928,1704,1999,10819,12079,12259,7018,11536,1648,1991,2040,2047,2048,10826,12080,8748,8272,8204,1172,1923,7297,2798,7422,6327,4415,7653,6360,11442,12168,7005,8023,9924,8440,8228,2931,7441,1063,3663,5790,9605,10150,1450,8985,11817,10466,10273,12001,3470,7518,1074,1909,7295,9820,4914,702,5367,7789,8135,9940,1420,3714,11064,12114,12264,1752,5517,9566,11900,1700,3754,5803,829,1874,7290,2797,10933,5073,7747,8129,6428,6185,11417,1631,233,5300,9535,10140,11982,8734,8270,2937,10953,8587,8249,2934,9197,4825,5956,4362,9401,1343,3703,529,10609,12049,6988,6265,895,3639,4031,4087,4095,585,10617,8539,4731,4187,9376,3095,9220,10095,10220,1460,10742,12068,1724,5513,11321,6884,2739,5658,6075,4379,11159,10372,8504,4726,9453,3106,7466,11600,10435,8513,9994,8450,9985,3182,10988,8592,2983,9204,4826,2445,5616,6069,867,3635,5786,11360,5134,2489,10889,12089,1727,7269,2794,9177,1311,5454,9557,6632,2703,9164,10087,1441,3717,531,3587,2268,324,5313,759,1864,5533,2546,7386,9833,8427,4715,11207,1601,7251,4547,11183,12131,1733,10781,10318,1474,10744,5046,4232,11138,10369,6748,964,7160,4534,7670,8118,8182,4680,11202,6867,981,8918,1274,182,26,7026,8026,11680,12202,10521,1503,7237,4545,5916,9623,8397,11733,10454,3249,9242,6587,941,1890,270,10572,6777,9746,6659,6218,6155,6146,878,1881,7291,11575,12187,1741,7271,8061,11685,6936,4502,9421,4857,4205,7623,1089,10689,1527,8996,10063,11971,10488,6765,2722,3900,9335,11867,6962,11528,5158,4248,4118,5855,2592,5637,6072,2623,7397,8079,9932,4930,5971,853,3633,519,8852,11798,3441,11025,1575,225,8810,11792,12218,3501,9278,3081,9218,4828,7712,8124,11694,12204,3499,4011,573,3593,5780,7848,9899,10192,1456,208,7052,2763,7417,11593,10434,12024,8740,11782,10461,3250,5731,7841,9898,1414,202,3540,7528,2831,2160,10842,5060,4234,4116,588,84,12,7024,2759,9172,6577,11473,1639,9012,3043,7457,6332,11438,1634,1989,9062,11828,8712,11778,12216,10523,6770,9745,10170,4964,9487,6622,946,8913,6540,6201,4397,9406,8366,9973,8447,8229,11709,8695,10020,3187,5722,2573,10901,6824,4486,4152,9371,8361,2950,2177,311,1800,9035,8313,11721,3430,490,70,10,1757,251,3547,7529,11609,3414,7510,4584,4166,9373,1339,5458,7802,11648,1664,7260,9815,10180,6721,9738,10169,8475,8233,9954,1422,8981,1283,5450,11312,1616,3742,11068,10359,4991,713,3613,9294,8350,4704,672,96,7036,9783,11931,3460,5761,823,10651,12055,10500,1500,5481,783,3623,11051,8601,8251,8201,11705,10450,5004,4226,7626,2845,2162,3820,7568,9859,3164,452,10598,1514,5483,6050,6131,4387,7649,8115,6426,918,8909,8295,1185,5436,11310,8638,1234,5443,11311,5127,2488,2111,10835,5059,7745,2862,3920,560,80,1767,2008,3798,11076,6849,2734,10924,12094,8750,1250,10712,6797,971,7161,1023,8924,4786,7706,4612,4170,7618,6355,4419,5898,11376,10403,10264,6733,4473,639,5358,2521,9138,3061,5704,4326,618,5355,765,5376,768,7132,4530,9425,3102,9221,6584,11474,10417,10266,12000,6981,6264,4406,2385,7363,4563,4163,7617,9866,3165,9230,11852,10471,5007,5982,11388,5138,734,3616,11050,12112,6997,11533,12181,10518,12036,3475,2252,7344,9827,4915,9480,6621,4457,7659,9872,6677,4465,4149,7615,4599,657,3605,515,10607,6782,4480,640,1847,3775,5806,2585,5636,9583,1369,10729,8555,10000,11962,5220,7768,8132,8184,9947,1421,203,29,8782,11788,1684,10774,10317,4985,9490,8378,4708,11206,5112,5997,7879,11659,12199,8765,10030,4944,5973,6120,6141,6144,7900,11662,1666,238,34,3516,5769,9602,8394,9977,6692,956,10670,6791,9748,11926,8726,11780,5194,742,106,8793,10034,3189,10989,5081,4237,5872,4350,2377,10873,6820,6241,11425,10410,10265,3222,5727,9596,4882,2453,2106,3812,11078,12116,5242,4260,11142,8614,11764,12214,5256,4262,4120,11122,5100,11262,5120,2487,5622,9581,8391,8221,2930,10952,12098,6995,6266,9673,4893,699,3611,4027,5842,11368,1624,232,8811,8281,1183,169,8802,3013,2186,5579,797,3625,4029,11109,1587,7249,11569,8675,6506,2685,10917,12093,12261,12285,1755,7273,1039,1904,272,3550,9285,3082,5707,6082,4380,7648,11626,5172,4250,9385,8363,8217,4685,5936,848,8899,6538,934,1889,3781,9318,10109,10222,6727,961,5404,772,5377,9546,8386,1198,8949,3034,2189,7335,4559,5918,2601,10905,5069,9502,3113,7467,8089,11689,5181,9518,8382,2953,3933,4073,4093,7607,8109,2914,5683,4323,11151,1593,10761,6804,972,3650,2277,5592,4310,7638,9869,4921,703,1856,9043,4803,9464,1352,8971,11815,5199,7765,6376,4422,7654,2849,407,8836,6529,7955,2892,9191,1313,10721,12065,12257,1751,9028,8312,2943,2176,3822,546,78,8789,11789,10462,12028,6985,4509,9422,1346,5459,4291,613,10621,6784,9747,3148,7472,2823,5670,810,7138,8042,4660,7688,6365,6176,6149,2634,5643,9584,10147,11983,5223,9524,11894,10477,8519,1217,3685,2282,326,10580,3267,7489,4581,2410,5611,11335,6886,8006,8166,11700,3427,11023,8597,10006,3185,455,65,5276,7776,4622,5927,7869,9902,11948,5218,2501,5624,2559,10899,1557,1978,10816,10323,8497,4725,675,1852,10798,12076,10503,3256,9243,3076,2195,10847,12083,10504,12034,10497}; +static const uint16_t omegas_inv_montgomery[PARAM_N/2] = { + 4075, 5315, 4324, 4916, 10120, 11767, 7210, 9027, 10316, 6715, 1278, 9945, + 3514, 11248, 11271, 5925, 147, 8500, 7840, 6833, 5537, 4749, 4467, 7500, + 11099, 9606, 6171, 8471, 8429, 5445, 11239, 7753, 9090, 12233, 5529, 5206, + 10587, 1987, 11635, 3565, 5415, 8646, 6153, 6427, 7341, 6152, 10561, 400, + 8410, 1922, 2033, 8291, 1359, 6854, 11035, 973, 8579, 6093, 6950, 5446, + 11821, 8301, 11907, 316, 52, 3174, 10966, 9523, 6055, 8953, 11612, 6415, + 2505, 5906, 10710, 11858, 8332, 9450, 10162, 151, 3482, 787, 5468, 1010, + 4169, 9162, 5241, 9369, 7509, 8844, 7232, 4698, 192, 1321, 10240, 4912, 885, + 6281, 10333, 7280, 8757, 11286, 58, 12048, 12147, 11184, 8812, 6608, 2844, + 3438, 4212, 11314, 8687, 6068, 421, 8209, 3600, 3263, 7665, 6077, 7507, 5886, + 3029, 6695, 4213, 504, 11684, 2302, 1962, 1594, 6328, 7183, 168, 2692, 8960, + 4298, 5184, 11089, 6122, 9734, 10929, 3956, 5297, 6170, 3762, 9370, 4016, + 4077, 6523, 652, 11994, 6099, 1146, 11341, 11964, 10885, 6299, 1159, 8240, + 8561, 11177, 2078, 10331, 4322, 11367, 441, 4079, 11231, 3150, 1319, 8243, + 709, 8049, 8719, 11454, 6224, 3054, 6803, 3123, 10542, 4433, 6370, 7032, + 3834, 8633, 12225, 9830, 683, 1566, 5782, 9786, 9341, 12115, 723, 3009, 1693, + 5735, 2655, 2738, 6421, 11942, 2925, 1975, 8532, 3315, 11863, 4754, 1858, + 1583, 6347, 2500, 10800, 6374, 1483, 12240, 1263, 1815, 5383, 10777, 350, + 6920, 10232, 4493, 9087, 8855, 8760, 9381, 218, 9928, 10446, 9259, 4115, + 6147, 9842, 8326, 576, 10335, 10238, 10484, 9407, 6381, 11836, 8517, 418, + 6860, 7515, 1293, 7552, 2767, 156, 8298, 8320, 10008, 5876, 5333, 10258, + 10115, 4372, 2847, 7875, 8232, 9018, 8925, 1689, 8236, 2645, 5042, 9984, + 7094, 9509, 1484, 7394, 3, 4437, 160, 3149, 113, 7370, 10123, 3915, 6998, + 2704, 8653, 4938, 1426, 7635, 10512, 1663, 6957, 3510, 2370, 2865, 3978, + 9320, 3247, 9603, 6882, 3186, 10659, 10163, 1153, 9405, 8241, 10040, 2178, + 1544, 5559, 420, 8304, 4905, 476, 3531, 5191, 9153, 2399, 8889, 3000, 671, + 243, 3016, 3763, 10849, 12262, 9223, 10657, 7205, 11272, 7404, 7575, 8146, + 10752, 242, 2678, 3704, 11744, 5019, 3833, 3778, 11899, 773, 5101, 11222, + 9888, 442, 2912, 5698, 11935, 4861, 7277, 9808, 11244, 2859, 3780, 11414, + 4976, 10682, 7201, 8005, 11287, 5011, 6267, 2987, 2437, 3646, 2566, 10102, + 9867, 6250, 5444, 2381, 11796, 8193, 4337, 11854, 1912, 1378, 404, 7644, + 1065, 2143, 11121, 5277, 3248, 11082, 2548, 8058, 8907, 11934, 1759, 8582, + 3694, 7110, 12144, 6747, 8652, 3459, 2731, 8357, 6378, 7399, 10861, 1696, + 9863, 334, 7657, 6534, 11029, 4388, 11560, 3241, 10276, 9000, 9408, 3284, + 10200, 7197, 6498, 544, 2468, 339, 11267, 9, 2842, 480, 5331, 7300, 1673, + 4278, 4177, 8705, 9764, 1381, 7837, 2396, 8340, 8993, 4354, 130, 6915, 2837, + 11462, 5767, 953, 8541, 9813, 118, 7222, 2197, 3006, 9545, 563, 9314, 2625, + 11340, 4821, 2639, 7266, 5828, 6561, 7698, 3328, 6512, 1351, 7311, 6553, + 8155, 1305, 722, 5146, 4043, 12288, 10810, 2545, 3621, 8747, 8785, 1646, + 1212, 5860, 3195, 7203, 10963, 3201, 3014, 955, 11499, 9970, 11119, 3135, + 3712, 7443, 9542, 7484, 8736, 9995, 11227, 1635, 9521, 1177, 8034, 140, + 10436, 11563, 7678, 4320, 11289, 9198, 12208, 2963, 7393, 2366, 9238 }; + +static const uint16_t psis_inv_montgomery[PARAM_N] = { + 256, 10570, 1510, 7238, 1034, 7170, 6291, 7921, 11665, 3422, 4000, 2327, + 2088, 5565, 795, 10647, 1521, 5484, 2539, 7385, 1055, 7173, 8047, 11683, + 1669, 1994, 3796, 5809, 4341, 9398, 11876, 12230, 10525, 12037, 12253, 3506, + 4012, 9351, 4847, 2448, 7372, 9831, 3160, 2207, 5582, 2553, 7387, 6322, 9681, + 1383, 10731, 1533, 219, 5298, 4268, 7632, 6357, 9686, 8406, 4712, 9451, + 10128, 4958, 5975, 11387, 8649, 11769, 6948, 11526, 12180, 1740, 10782, 6807, + 2728, 7412, 4570, 4164, 4106, 11120, 12122, 8754, 11784, 3439, 5758, 11356, + 6889, 9762, 11928, 1704, 1999, 10819, 12079, 12259, 7018, 11536, 1648, 1991, + 2040, 2047, 2048, 10826, 12080, 8748, 8272, 8204, 1172, 1923, 7297, 2798, + 7422, 6327, 4415, 7653, 6360, 11442, 12168, 7005, 8023, 9924, 8440, 8228, + 2931, 7441, 1063, 3663, 5790, 9605, 10150, 1450, 8985, 11817, 10466, 10273, + 12001, 3470, 7518, 1074, 1909, 7295, 9820, 4914, 702, 5367, 7789, 8135, 9940, + 1420, 3714, 11064, 12114, 12264, 1752, 5517, 9566, 11900, 1700, 3754, 5803, + 829, 1874, 7290, 2797, 10933, 5073, 7747, 8129, 6428, 6185, 11417, 1631, 233, + 5300, 9535, 10140, 11982, 8734, 8270, 2937, 10953, 8587, 8249, 2934, 9197, + 4825, 5956, 4362, 9401, 1343, 3703, 529, 10609, 12049, 6988, 6265, 895, 3639, + 4031, 4087, 4095, 585, 10617, 8539, 4731, 4187, 9376, 3095, 9220, 10095, + 10220, 1460, 10742, 12068, 1724, 5513, 11321, 6884, 2739, 5658, 6075, 4379, + 11159, 10372, 8504, 4726, 9453, 3106, 7466, 11600, 10435, 8513, 9994, 8450, + 9985, 3182, 10988, 8592, 2983, 9204, 4826, 2445, 5616, 6069, 867, 3635, 5786, + 11360, 5134, 2489, 10889, 12089, 1727, 7269, 2794, 9177, 1311, 5454, 9557, + 6632, 2703, 9164, 10087, 1441, 3717, 531, 3587, 2268, 324, 5313, 759, 1864, + 5533, 2546, 7386, 9833, 8427, 4715, 11207, 1601, 7251, 4547, 11183, 12131, + 1733, 10781, 10318, 1474, 10744, 5046, 4232, 11138, 10369, 6748, 964, 7160, + 4534, 7670, 8118, 8182, 4680, 11202, 6867, 981, 8918, 1274, 182, 26, 7026, + 8026, 11680, 12202, 10521, 1503, 7237, 4545, 5916, 9623, 8397, 11733, 10454, + 3249, 9242, 6587, 941, 1890, 270, 10572, 6777, 9746, 6659, 6218, 6155, 6146, + 878, 1881, 7291, 11575, 12187, 1741, 7271, 8061, 11685, 6936, 4502, 9421, + 4857, 4205, 7623, 1089, 10689, 1527, 8996, 10063, 11971, 10488, 6765, 2722, + 3900, 9335, 11867, 6962, 11528, 5158, 4248, 4118, 5855, 2592, 5637, 6072, + 2623, 7397, 8079, 9932, 4930, 5971, 853, 3633, 519, 8852, 11798, 3441, 11025, + 1575, 225, 8810, 11792, 12218, 3501, 9278, 3081, 9218, 4828, 7712, 8124, + 11694, 12204, 3499, 4011, 573, 3593, 5780, 7848, 9899, 10192, 1456, 208, + 7052, 2763, 7417, 11593, 10434, 12024, 8740, 11782, 10461, 3250, 5731, 7841, + 9898, 1414, 202, 3540, 7528, 2831, 2160, 10842, 5060, 4234, 4116, 588, 84, + 12, 7024, 2759, 9172, 6577, 11473, 1639, 9012, 3043, 7457, 6332, 11438, 1634, + 1989, 9062, 11828, 8712, 11778, 12216, 10523, 6770, 9745, 10170, 4964, 9487, + 6622, 946, 8913, 6540, 6201, 4397, 9406, 8366, 9973, 8447, 8229, 11709, 8695, + 10020, 3187, 5722, 2573, 10901, 6824, 4486, 4152, 9371, 8361, 2950, 2177, + 311, 1800, 9035, 8313, 11721, 3430, 490, 70, 10, 1757, 251, 3547, 7529, + 11609, 3414, 7510, 4584, 4166, 9373, 1339, 5458, 7802, 11648, 1664, 7260, + 9815, 10180, 6721, 9738, 10169, 8475, 8233, 9954, 1422, 8981, 1283, 5450, + 11312, 1616, 3742, 11068, 10359, 4991, 713, 3613, 9294, 8350, 4704, 672, 96, + 7036, 9783, 11931, 3460, 5761, 823, 10651, 12055, 10500, 1500, 5481, 783, + 3623, 11051, 8601, 8251, 8201, 11705, 10450, 5004, 4226, 7626, 2845, 2162, + 3820, 7568, 9859, 3164, 452, 10598, 1514, 5483, 6050, 6131, 4387, 7649, 8115, + 6426, 918, 8909, 8295, 1185, 5436, 11310, 8638, 1234, 5443, 11311, 5127, + 2488, 2111, 10835, 5059, 7745, 2862, 3920, 560, 80, 1767, 2008, 3798, 11076, + 6849, 2734, 10924, 12094, 8750, 1250, 10712, 6797, 971, 7161, 1023, 8924, + 4786, 7706, 4612, 4170, 7618, 6355, 4419, 5898, 11376, 10403, 10264, 6733, + 4473, 639, 5358, 2521, 9138, 3061, 5704, 4326, 618, 5355, 765, 5376, 768, + 7132, 4530, 9425, 3102, 9221, 6584, 11474, 10417, 10266, 12000, 6981, 6264, + 4406, 2385, 7363, 4563, 4163, 7617, 9866, 3165, 9230, 11852, 10471, 5007, + 5982, 11388, 5138, 734, 3616, 11050, 12112, 6997, 11533, 12181, 10518, 12036, + 3475, 2252, 7344, 9827, 4915, 9480, 6621, 4457, 7659, 9872, 6677, 4465, 4149, + 7615, 4599, 657, 3605, 515, 10607, 6782, 4480, 640, 1847, 3775, 5806, 2585, + 5636, 9583, 1369, 10729, 8555, 10000, 11962, 5220, 7768, 8132, 8184, 9947, + 1421, 203, 29, 8782, 11788, 1684, 10774, 10317, 4985, 9490, 8378, 4708, + 11206, 5112, 5997, 7879, 11659, 12199, 8765, 10030, 4944, 5973, 6120, 6141, + 6144, 7900, 11662, 1666, 238, 34, 3516, 5769, 9602, 8394, 9977, 6692, 956, + 10670, 6791, 9748, 11926, 8726, 11780, 5194, 742, 106, 8793, 10034, 3189, + 10989, 5081, 4237, 5872, 4350, 2377, 10873, 6820, 6241, 11425, 10410, 10265, + 3222, 5727, 9596, 4882, 2453, 2106, 3812, 11078, 12116, 5242, 4260, 11142, + 8614, 11764, 12214, 5256, 4262, 4120, 11122, 5100, 11262, 5120, 2487, 5622, + 9581, 8391, 8221, 2930, 10952, 12098, 6995, 6266, 9673, 4893, 699, 3611, + 4027, 5842, 11368, 1624, 232, 8811, 8281, 1183, 169, 8802, 3013, 2186, 5579, + 797, 3625, 4029, 11109, 1587, 7249, 11569, 8675, 6506, 2685, 10917, 12093, + 12261, 12285, 1755, 7273, 1039, 1904, 272, 3550, 9285, 3082, 5707, 6082, + 4380, 7648, 11626, 5172, 4250, 9385, 8363, 8217, 4685, 5936, 848, 8899, 6538, + 934, 1889, 3781, 9318, 10109, 10222, 6727, 961, 5404, 772, 5377, 9546, 8386, + 1198, 8949, 3034, 2189, 7335, 4559, 5918, 2601, 10905, 5069, 9502, 3113, + 7467, 8089, 11689, 5181, 9518, 8382, 2953, 3933, 4073, 4093, 7607, 8109, + 2914, 5683, 4323, 11151, 1593, 10761, 6804, 972, 3650, 2277, 5592, 4310, + 7638, 9869, 4921, 703, 1856, 9043, 4803, 9464, 1352, 8971, 11815, 5199, 7765, + 6376, 4422, 7654, 2849, 407, 8836, 6529, 7955, 2892, 9191, 1313, 10721, + 12065, 12257, 1751, 9028, 8312, 2943, 2176, 3822, 546, 78, 8789, 11789, + 10462, 12028, 6985, 4509, 9422, 1346, 5459, 4291, 613, 10621, 6784, 9747, + 3148, 7472, 2823, 5670, 810, 7138, 8042, 4660, 7688, 6365, 6176, 6149, 2634, + 5643, 9584, 10147, 11983, 5223, 9524, 11894, 10477, 8519, 1217, 3685, 2282, + 326, 10580, 3267, 7489, 4581, 2410, 5611, 11335, 6886, 8006, 8166, 11700, + 3427, 11023, 8597, 10006, 3185, 455, 65, 5276, 7776, 4622, 5927, 7869, 9902, + 11948, 5218, 2501, 5624, 2559, 10899, 1557, 1978, 10816, 10323, 8497, 4725, + 675, 1852, 10798, 12076, 10503, 3256, 9243, 3076, 2195, 10847, 12083, 10504, + 12034, 10497 }; bitrev_vector(r->coeffs); - ntt((uint16_t *)r->coeffs, omegas_inv_montgomery); + ntt(r->coeffs, omegas_inv_montgomery); mul_coefficients(r->coeffs, psis_inv_montgomery); } @@ -285,17 +524,15 @@ inline void decode_a(poly *pk, uint8_t *seed, const uint8_t *r) inline void encode_b(uint8_t *r, const poly *b, const poly *c) { - int i; poly_tobytes(r,b); - for(i=0;i<PARAM_N/4;i++) + for(size_t i=0;i<PARAM_N/4;i++) r[NEWHOPE_POLY_BYTES+i] = c->coeffs[4*i] | (c->coeffs[4*i+1] << 2) | (c->coeffs[4*i+2] << 4) | (c->coeffs[4*i+3] << 6); } inline void decode_b(poly *b, poly *c, const uint8_t *r) { - int i; poly_frombytes(b, r); - for(i=0;i<PARAM_N/4;i++) + for(size_t i=0;i<PARAM_N/4;i++) { c->coeffs[4*i+0] = r[NEWHOPE_POLY_BYTES+i] & 0x03; c->coeffs[4*i+1] = (r[NEWHOPE_POLY_BYTES+i] >> 2) & 0x03; @@ -412,10 +649,10 @@ inline void rec(uint8_t *key, const poly *v, const poly *c) for(i=0; i<256; i++) { - tmp[0] = 16*PARAM_Q + 8*(int32_t)v->coeffs[ 0+i] - PARAM_Q * (2*c->coeffs[ 0+i]+c->coeffs[768+i]); - tmp[1] = 16*PARAM_Q + 8*(int32_t)v->coeffs[256+i] - PARAM_Q * (2*c->coeffs[256+i]+c->coeffs[768+i]); - tmp[2] = 16*PARAM_Q + 8*(int32_t)v->coeffs[512+i] - PARAM_Q * (2*c->coeffs[512+i]+c->coeffs[768+i]); - tmp[3] = 16*PARAM_Q + 8*(int32_t)v->coeffs[768+i] - PARAM_Q * ( c->coeffs[768+i]); + tmp[0] = 16*PARAM_Q + 8*static_cast<int32_t>(v->coeffs[ 0+i]) - PARAM_Q * (2*c->coeffs[ 0+i]+c->coeffs[768+i]); + tmp[1] = 16*PARAM_Q + 8*static_cast<int32_t>(v->coeffs[256+i]) - PARAM_Q * (2*c->coeffs[256+i]+c->coeffs[768+i]); + tmp[2] = 16*PARAM_Q + 8*static_cast<int32_t>(v->coeffs[512+i]) - PARAM_Q * (2*c->coeffs[512+i]+c->coeffs[768+i]); + tmp[3] = 16*PARAM_Q + 8*static_cast<int32_t>(v->coeffs[768+i]) - PARAM_Q * ( c->coeffs[768+i]); key[i>>3] |= LDDecode(tmp[0], tmp[1], tmp[2], tmp[3]) << (i & 7); } @@ -446,7 +683,7 @@ void gen_a(poly *a, const uint8_t *seed, Newhope_Mode mode) while(ctr < PARAM_N) { - uint16_t val = (buf[pos] | ((uint16_t) buf[pos+1] << 8)) & 0x3fff; // Specialized for q = 12889 + uint16_t val = (buf[pos] | (static_cast<uint16_t>(buf[pos+1]) << 8)) & 0x3fff; // Specialized for q = 12889 if(val < PARAM_Q) a->coeffs[ctr++] = val; pos += 2; diff --git a/src/lib/pubkey/pk_ops.h b/src/lib/pubkey/pk_ops.h index 712b8c457..2eb4b8930 100644 --- a/src/lib/pubkey/pk_ops.h +++ b/src/lib/pubkey/pk_ops.h @@ -20,35 +20,12 @@ class EMSA; namespace PK_Ops { -template<typename Key> -class PK_Spec - { - public: - PK_Spec(const Key& key, const std::string& pad) : - m_key(key), m_pad(pad) {} - - std::string algo_name() const { return m_key.algo_name(); } - - std::string as_string() const { return algo_name() + "/" + padding(); } - - const Key& key() const { return m_key; } - const std::string& padding() const { return m_pad; } - private: - const Key& m_key; - const std::string m_pad; - }; - -typedef PK_Spec<Public_Key> PK_Spec_Public_Key; -typedef PK_Spec<Private_Key> PK_Spec_Private_Key; - /** * Public key encryption interface */ class BOTAN_DLL Encryption { public: - typedef PK_Spec_Public_Key Spec; - virtual size_t max_input_bits() const = 0; virtual secure_vector<byte> encrypt(const byte msg[], @@ -64,8 +41,6 @@ class BOTAN_DLL Encryption class BOTAN_DLL Decryption { public: - typedef PK_Spec_Private_Key Spec; - virtual size_t max_input_bits() const = 0; virtual secure_vector<byte> decrypt(byte& valid_mask, @@ -81,8 +56,6 @@ class BOTAN_DLL Decryption class BOTAN_DLL Verification { public: - typedef PK_Spec_Public_Key Spec; - /* * Add more data to the message currently being signed * @param msg the message @@ -91,7 +64,7 @@ class BOTAN_DLL Verification virtual void update(const byte msg[], size_t msg_len) = 0; /* - * Perform a signature operation + * Perform a verification operation * @param rng a random number generator */ virtual bool is_valid_signature(const byte sig[], size_t sig_len) = 0; @@ -123,8 +96,6 @@ class BOTAN_DLL Verification class BOTAN_DLL Signature { public: - typedef PK_Spec_Private_Key Spec; - /** * Find out the number of message parts supported by this scheme. * @return number of message parts @@ -159,8 +130,6 @@ class BOTAN_DLL Signature class BOTAN_DLL Key_Agreement { public: - typedef PK_Spec_Private_Key Spec; - virtual secure_vector<byte> agree(size_t key_len, const byte other_key[], size_t other_key_len, const byte salt[], size_t salt_len) = 0; @@ -174,8 +143,6 @@ class BOTAN_DLL Key_Agreement class BOTAN_DLL KEM_Encryption { public: - typedef PK_Spec_Public_Key Spec; - virtual void kem_encrypt(secure_vector<byte>& out_encapsulated_key, secure_vector<byte>& out_shared_key, size_t desired_shared_key_len, @@ -189,8 +156,6 @@ class BOTAN_DLL KEM_Encryption class BOTAN_DLL KEM_Decryption { public: - typedef PK_Spec_Private_Key Spec; - virtual secure_vector<byte> kem_decrypt(const byte encap_key[], size_t len, size_t desired_shared_key_len, diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index f0418cf53..eae95fe02 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -239,7 +239,6 @@ class RSA_Signature_Operation : public PK_Ops::Signature_with_EMSA, private RSA_Private_Operation { public: - typedef RSA_PrivateKey Key_Type; size_t max_input_bits() const override { return get_max_input_bits(); }; @@ -264,7 +263,6 @@ class RSA_Decryption_Operation : public PK_Ops::Decryption_with_EME, private RSA_Private_Operation { public: - typedef RSA_PrivateKey Key_Type; size_t max_raw_input_bits() const override { return get_max_input_bits(); }; @@ -288,7 +286,6 @@ class RSA_KEM_Decryption_Operation : public PK_Ops::KEM_Decryption_with_KDF, private RSA_Private_Operation { public: - typedef RSA_PrivateKey Key_Type; RSA_KEM_Decryption_Operation(const RSA_PrivateKey& key, const std::string& kdf, @@ -338,7 +335,6 @@ class RSA_Encryption_Operation : public PK_Ops::Encryption_with_EME, private RSA_Public_Operation { public: - typedef RSA_PublicKey Key_Type; RSA_Encryption_Operation(const RSA_PublicKey& rsa, const std::string& eme) : PK_Ops::Encryption_with_EME(eme), @@ -360,7 +356,6 @@ class RSA_Verify_Operation : public PK_Ops::Verification_with_EMSA, private RSA_Public_Operation { public: - typedef RSA_PublicKey Key_Type; size_t max_input_bits() const override { return get_max_input_bits(); }; @@ -383,7 +378,6 @@ class RSA_KEM_Encryption_Operation : public PK_Ops::KEM_Encryption_with_KDF, private RSA_Public_Operation { public: - typedef RSA_PublicKey Key_Type; RSA_KEM_Encryption_Operation(const RSA_PublicKey& key, const std::string& kdf) : diff --git a/src/lib/stream/shake_cipher/shake_cipher.cpp b/src/lib/stream/shake_cipher/shake_cipher.cpp index 5701e7802..dc3c73299 100644 --- a/src/lib/stream/shake_cipher/shake_cipher.cpp +++ b/src/lib/stream/shake_cipher/shake_cipher.cpp @@ -11,13 +11,13 @@ namespace Botan { -SHAKE_128::SHAKE_128() : +SHAKE_128_Cipher::SHAKE_128_Cipher() : m_state(25), m_buffer((1600 - 256) / 8), m_buf_pos(0) {} -void SHAKE_128::cipher(const byte in[], byte out[], size_t length) +void SHAKE_128_Cipher::cipher(const byte in[], byte out[], size_t length) { while(length >= m_buffer.size() - m_buf_pos) { @@ -35,7 +35,7 @@ void SHAKE_128::cipher(const byte in[], byte out[], size_t length) m_buf_pos += length; } -void SHAKE_128::key_schedule(const byte key[], size_t length) +void SHAKE_128_Cipher::key_schedule(const byte key[], size_t length) { zeroise(m_state); @@ -51,14 +51,14 @@ void SHAKE_128::key_schedule(const byte key[], size_t length) copy_out_le(m_buffer.data(), m_buffer.size(), m_state.data()); } -void SHAKE_128::clear() +void SHAKE_128_Cipher::clear() { zeroise(m_state); zeroise(m_buffer); m_buf_pos = 0; } -void SHAKE_128::set_iv(const byte[], size_t length) +void SHAKE_128_Cipher::set_iv(const byte[], size_t length) { /* * This could be supported in some way (say, by treating iv as @@ -68,8 +68,8 @@ void SHAKE_128::set_iv(const byte[], size_t length) throw Invalid_IV_Length(name(), length); } -void SHAKE_128::seek(u64bit) +void SHAKE_128_Cipher::seek(u64bit) { - throw Not_Implemented("SHAKE_128::seek"); + throw Not_Implemented("SHAKE_128_Cipher::seek"); } } diff --git a/src/lib/stream/shake_cipher/shake_cipher.h b/src/lib/stream/shake_cipher/shake_cipher.h index 57eda58a4..40915ecea 100644 --- a/src/lib/stream/shake_cipher/shake_cipher.h +++ b/src/lib/stream/shake_cipher/shake_cipher.h @@ -16,10 +16,10 @@ namespace Botan { /** * SHAKE-128 XOF presented as a stream cipher */ -class BOTAN_DLL SHAKE_128 final : public StreamCipher +class BOTAN_DLL SHAKE_128_Cipher final : public StreamCipher { public: - SHAKE_128(); + SHAKE_128_Cipher(); /** * Produce more XOF output @@ -49,7 +49,7 @@ class BOTAN_DLL SHAKE_128 final : public StreamCipher void clear() override; std::string name() const override { return "SHAKE-128"; } - StreamCipher* clone() const override { return new SHAKE_128; } + StreamCipher* clone() const override { return new SHAKE_128_Cipher; } private: void key_schedule(const byte key[], size_t key_len) override; diff --git a/src/lib/stream/stream_cipher.cpp b/src/lib/stream/stream_cipher.cpp index 4b27caafe..dfe1fa69b 100644 --- a/src/lib/stream/stream_cipher.cpp +++ b/src/lib/stream/stream_cipher.cpp @@ -74,7 +74,7 @@ std::unique_ptr<StreamCipher> StreamCipher::create(const std::string& algo_spec, if(req.algo_name() == "SHAKE-128") { if(provider.empty() || provider == "base") - return std::unique_ptr<StreamCipher>(new SHAKE_128); + return std::unique_ptr<StreamCipher>(new SHAKE_128_Cipher); } #endif diff --git a/src/lib/utils/data_src.h b/src/lib/utils/data_src.h index b24fd75a4..299a42ab5 100644 --- a/src/lib/utils/data_src.h +++ b/src/lib/utils/data_src.h @@ -30,7 +30,7 @@ class BOTAN_DLL DataSource * @return length in bytes that was actually read and put * into out */ - virtual size_t read(byte out[], size_t length) = 0; + virtual size_t read(byte out[], size_t length) BOTAN_WARN_UNUSED_RESULT = 0; virtual bool check_available(size_t n) = 0; @@ -45,8 +45,7 @@ class BOTAN_DLL DataSource * @return length in bytes that was actually read and put * into out */ - virtual size_t peek(byte out[], size_t length, - size_t peek_offset) const = 0; + virtual size_t peek(byte out[], size_t length, size_t peek_offset) const BOTAN_WARN_UNUSED_RESULT = 0; /** * Test whether the source still has data that can be read. diff --git a/src/lib/utils/http_util/http_util.cpp b/src/lib/utils/http_util/http_util.cpp index 85bd1828b..970b90238 100644 --- a/src/lib/utils/http_util/http_util.cpp +++ b/src/lib/utils/http_util/http_util.cpp @@ -91,7 +91,7 @@ std::string http_transact(const std::string& hostname, socket_info.sin_addr = *reinterpret_cast<struct in_addr*>(host_addr->h_addr); // FIXME - if(::connect(fd, (sockaddr*)&socket_info, sizeof(struct sockaddr)) != 0) + if(::connect(fd, reinterpret_cast<sockaddr*>(&socket_info), sizeof(struct sockaddr)) != 0) throw HTTP_Error("HTTP connection to " + hostname + " failed"); size_t sent_so_far = 0; diff --git a/src/tests/data/hash/shake.vec b/src/tests/data/hash/shake.vec new file mode 100644 index 000000000..9de8fd53d --- /dev/null +++ b/src/tests/data/hash/shake.vec @@ -0,0 +1,29 @@ +# Selected values from the NIST CAVS file for SHAKE + +[SHAKE-128(128)] +In = 84e950051876050dc851fbd99e6247b8 +Out = 8599bd89f63a848c49ca593ec37a12c6 + +In = a6fe00064257aa318b621c5eb311d32bb8004c2fa1a969d205d71762cc5d2e633907992629d1b69d9557ff6d5e8deb454ab00f6e497c89a4fea09e257a6fa2074bd818ceb5981b3e3faefd6e720f2d1edd9c5e4a5c51e5009abf636ed5bca53fe159c8287014a1bd904f5c8a7501625f79ac81eb618f478ce21cae6664acffb30572f059e1ad0fc2912264e8f1ca52af26c8bf78e09d75f3dd9fc734afa8770abe0bd78c90cc2ff448105fb16dd2c5b7edd8611a62e537db9331f5023e16d6ec150cc6e706d7c7fcbfff930c7281831fd5c4aff86ece57ed0db882f59a5fe403105d0592ca38a081fed84922873f538ee774f13b8cc09bd0521db4374aec69f4bae6dcb66455822c0b84c91a3474ffac2ad06f0a4423cd2c6a49d4f0d6242d6a1890937b5d9835a5f0ea5b1d01884d22a6c1718e1f60b3ab5e232947c76ef70b344171083c688093b5f1475377e3069863 +Out = 3109d9472ca436e805c6b3db2251a9bc + +In = 9202e884fc1fc78b3ba2b78ff17b78a1f9e7e87840ef7713d732dba046e5059d2218533de23b070deee0f8d7f9c387c69107d5ccf4c2334126bcdacd4074dd870b645b5ecd86f9b963178f5a909b22889521136d02c895bdcb8264989e18b5b2746f68b1670985d6c3cee6e05f0d312d2ebe0a23110a86ceef0de2ca08da756486bfe3fc55cb94ae358e64310e209cfe836522b5c98eecbdbae3ba2b25c005e669de320842d40c87e2de711444dc4b43bd9ec3edd45eb1d3538e56839ed54d804454bf9dd42dd7aaf2467552a94a274403f15591d782bb55e3961c9a1a1e35793fa7f182b3dddb5f8c4ed8b3e67116487ee7406a7d00f48e9181763842a5a61b84612f8188ec02edd87f03ffa35a01995507ec406be242c586d9cb24be7186ac3809e360fb63329eff605cfe870bd17db1d9c1db4c308f41e9258327358abf75862874e8b34955b8297a4c783b8e6c3dbae62802c6f0c24be3ee060950f937be94454ae159a652847d533c3467ebbc2197b5877f812cc32b9cbbbb92b6c5d8cf8ae8cd139483114a247592fbb228a87071cf471826eb7a293b140c890ff688ef919a65460de77a524668b895c44f17746fbad1965d36cf8de98160b805953167d1e17a416cda75e309b214ca4667f373ba008cc0cd14aa9ecd8b20e53ea8ba80714874cd5864ea4698dd1062e07923b67928df601f8df3a510b9b2d9623a0b7f9954bbb2798ec1c419711224398c8f85d5bb343cfba992ead9947f5c1a500caf738fb7b8785fe2a3b5f484d9faa81f28f640f21e07716fb551a3ef360ef4a5572480d0a6fde0352b93f0cd49cad5bbe6033f80cceeec724e9f6e6b2ee52dbebed7af6f46af17a3a6dcec553c521c4b082541480e562284fced7d590d47043f2db2a5fa5e370e125ab771847a3a84b7d683cdb1aee81c8b096059229bde7f10ecdde9dbb73ccd6b904d06c2ca2916e798466b23724be170bb22892fa04fa9194381037819675a9790c53377f6c7d9c39695a3062427791c5b5b95e7e44587437ac67c3b4c60bf7da248800bc4bdd5341899fec38a26ed76303206b12e662374d8d3db8b17ce04040efe76e6fdb31220657903c06dee446584d062f7485a8495a6d1a8cf435a2f161b0e9c7069509971c65e3b66942786d39d5d3420f8cab28f2de76c7198ab4a9a13a17a12cf3d710d83702c1dc97abca7c4000194075eb648b23eadd8de6a5c773cde9932f822a2dee4d6604ed28eedc941e153ba3dbd97aa80fdf66cdd3e6e97dfee803aada535ca30b95f5f780d21205c29b1fc61905d9cde4dcc955dd087e143f8b790b47131bbb140afba839c60965d00a4c13d7e10051356b9bb25c7af3db225c79ed52c9e98ad94dac5bbe5b3128b8db3729730b9cf683f4446feccee93729d37cada7f84496ddc68eae890217d30f96675384d60e12531f69eb0874dcbcc878f7e8911ecb53941df90d145b3bd926b4533e87e0b239253552b039fd3ce080b5821ac8bddc659ebc91e3fab70bbf90cd9146e6bc47df6ceeb56bfbd89826e53191b099460631401adfefa6a605faf04a98194bb92d79bc94085ab8875d046845ad369d57c74b3ac1497ca2b8b92fb7a3de020177e19c76dda2190a9a1a0d7c9a4b393f539e27e1385517796fa3a24961e9adb268e2bc3e2439336c715db6a487d22519d9f93bd5f8894c852b4407382d3188d91ccf5d74f0342658bd867472970886975b770b8b7a5c88608c18d3063e4c1feff40604adca095e59cf12eb695024ea4248861b7446555795f2a08a364dafcf519f15266b3a4f67da46b17ffb4bddaca531a4f012d4fa46900f69813aa3c333c87e7b471f997ccf7484b0969ad2895a3a97620df9bec1b1e922d27ca6092cd99f02a6fb4d9ff7e19329bee3da9cbe7f6cfa3be99b6c2235fbed89c0eac6532d5fcc36977796676ac0a63adc4cf2f398d6ca90f77a55b25f62cfdde28b63bc9b854b98c0201531b7777a92e4348dbf12e2991fdc0913f87a983a7d760a79ffc09a014bf9c9a4fd544227759053b5779a2ae626fbea1f4b3416bdb6efda716329287dce98e6ce10cd9b3d41651d12c37b1a2244cb7fe040f868ea38b49dd2ad419b21af4219e9128ffd1c94d6e31e19522aee07ef4cff7053f9106168a72624867c9d6c79a58e7917e245ce6a585fef9bf799decbd3d53fb361f0df8098e46f74473164a44c46cb01e5597c93ef20ccd4eac637e5a70a25b31debe170e575f497758e4656607a7eba70c82de81a2927898ee3a1c128f6b8cf976235ce0f834a7ca214700474c20abe0f0240eb5bd186265e82bae2ec337f6569044afc9974e770376480330b9605992aa853f246a26f37d413d1cf6338d010fd427f90f5d3322ebfeed566976ee5b85e2ad5a14d24593a7a2794eb208f515eee9d620fb716d114a6240e23aac521b813fa548ce1dfcaaadb3e52daa69f79ab978590ed5fb84abe84a498deb8315ff4e6974ef9a72d4a0551b8c9f267f1cf83928b6a9e525fe578c5c0f40c322be71b3092239bff954dd6883738d6d71eb9736a2f7db7215657f00439ae40bb2d5d87ac7b80d87dc04c9ad92a4e0c868ede0788d248bc6f3408a0aa5f25f0c5ae39c694a3d5238406ccdeef1267e7f8ca839c69243a127e818e0732b209b0b436f24493bb9f21b4f154ff1470151da04a60be9595e04de1c74e9027c2b7e539401dae14134d4783186b97f3d3d4020f96fbfaa897c9e33b6dc0c81411bf22b762125fb05b7e0970e4771607be3329b9289bbcfcaa6566dded8b4b621f8deda11586d5d2e49febf0de1e15ca8fb1191f87e6920c6e314d6bef1466bc5cb29a98c2d1bd065f3163a56db6f3b6c8bc44b52d63067223bc0b47bae2b66d49cbde01029951c52bc104e12bd85c4719d3311c917776a89b643504098cb70f77181c7c4d244099cacd44469108ac05c38462b85cba8f2a15d83f233358e50d6545da5d1b3905feccb4b64825ae6f8d865e5e0ad792ac7123769e27c10ddd0184c39c45e51e2e5e9225bf5862600318b2bf8796aaa65b1854cdd6744ae1eb66561fd6a9436a0643cb8ed419cf942361d92673ee3e5c178a2a5c8cab399bbcb679c92e09be934a58c95ea8eed5d13ce37a21a7741b2a6e310491054f0581ad7c304de6e9af2046d82c23825a1d9dbc08164f96cab997cbc78409f4a2473a5a224a2ca5bb9da7a87c646c14edff603d5a2dfed654a23abc981935bf77672c2f3307c3ef12227fcbaff296b50cf3af1d5431bdca945d79bd3d4492ea20fdedb938f9d2376fa64f4cdd57420759a2f0e880b21b081c53eb4a1186aff92163f574bea0a5f336c16c989f22ec703685dc2b5a3f84f35f2de5ffdf6ffb510b41b9ee1e9ccdc709dc7e3b6fb5f4843604b7626b2a8a30df34202ad160f3a6411fc181d33ec8075b8feaa1c9b0f8b7dab8190a1e13a9250f1ef077a1fa275d654692dc971723589e3448682784777f970877aefd8b50648136fd42cbac04eaea6eb45ab4a64e2f54620dfb13a0ef6fed8e69ad83e21e63b8248d38b8e72ad332e09c88d67cc6f020b1a1d728a6df0d50b255a23bb871a7265056a5e44bf7aae154b1e356fb1c3f557baa88b106b4bc730cc219af9ee8935e52b036f83b09d678239af6b0b1cc8195589e8c47310f01a706356039d5e1dcc2a440584f44cffa69e5ce3f9e31465b52a0e46e75b64c716f273632752dfbd7e5bd8d8663e9b86b3903b23a69ea1821001d128ba7270b805df83afcebe7a5194a16de4dd0aa51bd5815ed539e5cb0873005bf7075d3bac2d5e1ca2bf8936c256238d90b10073a756994e637b5f9bdd264f331c94c7cd89d898c5a4c45c1cf60c0abf46a9c70c107cff923334b518ea7117e1fd29562f394cb4061da3df32d6fe7d8c6e8e08784090dcb2af2b8e4b179c80ee0490b268a2d1db677525b9824a74a57a6e286ac01dd957373d2a933a4deeb1e198908480aeb13571141292143bb5a913af3f96eb91a199a847f76cef72b0d34220f074804432e9ab633214ee8f0ab2df999b3301832eca8d345bc0726f2b0d9a0679296f4b9e209ec84de51a30bbe8659503ea0bdaca106f6c1e37c92da48870b1f34c55ad3b01d0ac2aada00410722d0941630f80bb96d457087afe93666b4c8926843b5152b5cb78921586f55079bf5e1b45185c4982475de1311988b8dfb6f6d97a281f2a6317924dc4d6eac524a4fd5a392b56befd4de6700420f6e10c3760d6d624ff0d343a64236498cab59c634cc6e65256602e705a7e991dc42a19 +Out = d785d35331bd7821c8b4a7672e920b2c + +[SHAKE-256(256)] +In = +Out = 46b9dd2b0ba88d13233b3feb743eeb243fcd52ea62b81b82b50c27646ed5762f + +In = 104fefe89f08d15d36a2233f42a7defa917c5ad2642e06cac56d5cc51ad914ecfb7d984f4199b9cf5fa5a03bf69207b9a353a9681c9cf6437bea0c49d9c3e3db1f3fc76519c70c40cc1dfdd70a9c150943c272cf9eeb861f485f10100c8f4a3e259c6470501932782512225ba64d70b219cf9d5013a21d25d6d65062dcc6b3deb49d58b90d18933f118df70ff42c807ccc851233a34a221eca56b38971ef858475488988794a975d3894633a19c1ae2f05e9b9c0756affd3cfe823ccf29228f60fa7e025bc39a79943325126409460926b057a3fb28a1b098b938872883804fd2bc245d7fd6d29bcda6ca6198f2eff6ea7e03ef78133de8ba65fc8c45a688160719fa1e7646d878ea44c4b5c2e16f48b +Out = 46293a63c235750d58a24edca5ba637b96cae74325c6c8122c4155c0d15805e6 + +In = e17d557607ae1b5bf061f3403ec424df0e8d5bbe208ef460388a75bcc3485beebee51a2dd46e5ffdc6af98a51045b6e4cafb31e0cc534d5f15629d396ee1c50e4a828334f180f1f3dd7a04f5648159f8987031c66c7bba67180b9095beca83704df99b73a60a59a7fd6b401682a09483419462584731c0e0072e56b6fc281d7e8ff567d23a35207fee2953f2b2c9efed8e10cc7fa79be932ab72f8866f261c9ed71cf13af728cde5775d45703c24f39e448c7721d2e1bcc5cc807dec61e9073aee164091230ce84062af1f7767da27ff2eaf6c27112cc10232ffedcf189c66b99d8c5cc10708f9f875c6e8f17d1314761322b27aaca4814fa4985019dd65c283aa264eb0eb458975794ba8c5c4f6406cba8d5100eb708315ebf3afb1f86ca100dd8b1d4816ea1f1e35e567db85ac354aec9652a316b94fbdcfb7117fb1da8e980064d16fd220445d733d2e1b075c7b7671e8bc4a74a66ead188d7f6b50d70eb3d958730f650f7f99f9fb046d942f985a112997dd4e60674f8e1c005d1c8aabb93210090f18de583b90c6f2b9724d165c9402eb43ec0ec20af90d9c3d5e1cec12d1339e5733b657a90046ffe7eadd7de6c11ac16696d9084520075bf35fb559267e6a37cffebe054c112433df4408535f611a202d94e9c06accb34667647b7b5d035dde5fc11fe98c8b089689c8f5222f3ca911802d6572e0c5b86482b899d92027b39aefc3008cd2359931cdbecd71bd1a709b47ab75a70fd3c0be2aa235fcd5b11574674d8a7484d8800b946db7c973c316c66a5443e55fbe705a4869786ae66a2a72afa7e42b0c3c652cc41edcb1b8fe449ad271f4b7384d7242c55689adb91a9b9faf193839d029ee9d471963b1f495a2206549b3a2024a6e7e87b1904db8890f0050ebab243a67c66503a67551904ed75f0c26a630257b0b1478c2b7d0497e2f9f78646776b0bd938ce20d3a1af2f28c5fb04ef5e809a8f20e7fd024c0d6c2a38310cd94b69cf5fe1bcb95d99383496829370ac952169bcb738325ffa4c61e12b4016e596d65d5ae19a5877b45ab1a14c48ba24af7b51b3d4c6e0771058157243b318fdf2273264c8e5a2b47b6d32f3738925e9f5e4ceff0a027bfa26a6f38821f8a784e5d2eaf7f83d1c96670614e7a8e3686f11045e08d779694b95bf888d468f371cda7fe3af0fef2a9fffbbf4085cd5d61679306b6bcdaa3d0de60840ec11e53c184864b8d460aa5133bdd53ccfffdf1382a71f93924cf36b93b027b93f24a94b19c847d722aacd24e42a087bc9127d953613184306e613799f5c845df0ff49d893d29fcae44ee61a33bcbc2d7e252fdfa355c116541958eb6373b4ababf2256918efc300c3bd73a5a4ee76be49b864575ce79079e4675235927e1f2ecaadea710b8858253b86f46bba57becac63cb990b5310cea42508dec9ed45a63c792f7850e24c584a62bf6b0d650facf7e32ae106ecaace3f8556a850b2eccc74d41eb19735da1bbbe2ce929ab92c138cc2aa05acc3ce6e360e6867349e60ce5a62b13a2ed9b6 +Out = 3c4a422bb47db5ef8e4e4029dd172d757258b1419444059799761138ce404944 + +[SHAKE-128(1120)] +In = 0a13ad2c7a239b4ba73ea6592ae84ea9 +Out = 5feaf99c15f48851943ff9baa6e5055d8377f0dd347aa4dbece51ad3a6d9ce0c01aee9fe2260b80a4673a909b532adcdd1e421c32d6460535b5fe392a58d2634979a5a104d6c470aa3306c400b061db91c463b2848297bca2bc26d1864ba49d7ff949ebca50fbf79a5e63716dc82b600bd52ca7437ed774d169f6bf02e46487956fba2230f34cd2a0485484d + +[SHAKE-256(2000)] +In = 8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4 +Out = 2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c |