Skip to content

Commit 3728cd3

Browse files
douzzerdouzzer
committed
Kyber fixes:
wolfssl/wolfcrypt/wc_kyber.h: in definition of struct KyberKey, use correct type for devId; wolfcrypt/src/wc_kyber_poly.c: numerous fixes for bugprone-macro-parentheses and readability-inconsistent-declaration-parameter-name; tests/api.c: in test_tls13_apis(), add missing defined(HAVE_LIBOQS) gate on inclusion of ":P256_KYBER_LEVEL1" in groupList.
1 parent 5a5648a commit 3728cd3

File tree

3 files changed

+24
-25
lines changed

3 files changed

+24
-25
lines changed

tests/api.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54328,7 +54328,7 @@ static int test_tls13_apis(void)
5432854328
#endif
5432954329
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
5433054330
"P-256"
54331-
#ifdef HAVE_PQC
54331+
#if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
5433254332
":P256_KYBER_LEVEL1"
5433354333
#endif
5433454334
#endif

wolfcrypt/src/wc_kyber_poly.c

Lines changed: 22 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1015,10 +1015,9 @@ static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks)
10151015
*
10161016
* @param [in, out] shake256 SHAKE-256 object.
10171017
*/
1018-
void kyber_prf_init(wc_Shake* shake256)
1018+
void kyber_prf_init(wc_Shake* prf)
10191019
{
1020-
XMEMSET(shake256->s, 0, sizeof(shake256->s));
1021-
1020+
XMEMSET(prf->s, 0, sizeof(prf->s));
10221021
}
10231022

10241023
/* New/Initialize SHAKE-256 object.
@@ -1028,18 +1027,18 @@ void kyber_prf_init(wc_Shake* shake256)
10281027
* @param [in] devId Device id.
10291028
* @return 0 on success always.
10301029
*/
1031-
int kyber_prf_new(wc_Shake* shake256, void* heap, int devId)
1030+
int kyber_prf_new(wc_Shake* prf, void* heap, int devId)
10321031
{
1033-
return wc_InitShake256(shake256, heap, devId);
1032+
return wc_InitShake256(prf, heap, devId);
10341033
}
10351034

10361035
/* Free SHAKE-256 object.
10371036
*
10381037
* @param [in, out] shake256 SHAKE-256 object.
10391038
*/
1040-
void kyber_prf_free(wc_Shake* shake256)
1039+
void kyber_prf_free(wc_Shake* prf)
10411040
{
1042-
wc_Shake256_Free(shake256);
1041+
wc_Shake256_Free(prf);
10431042
}
10441043

10451044
/* Create pseudo-random data from the key using SHAKE-256.
@@ -1340,8 +1339,8 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
13401339
* @return Difference of the two values with range 0..2.
13411340
*/
13421341
#define ETA2_SUB(d, i) \
1343-
(((sword16)((d >> ((i) * 4 + 0)) & 0x3)) - \
1344-
((sword16)((d >> ((i) * 4 + 2)) & 0x3)))
1342+
(((sword16)(((d) >> ((i) * 4 + 0)) & 0x3)) - \
1343+
((sword16)(((d) >> ((i) * 4 + 2)) & 0x3)))
13451344

13461345
/* Compute polynomial with coefficients distributed according to a centered
13471346
* binomial distribution with parameter eta2 from uniform random bytes.
@@ -1448,8 +1447,8 @@ static void kyber_cbd_eta2(sword16* p, const byte* r)
14481447
* @return Difference of the two values with range 0..3.
14491448
*/
14501449
#define ETA3_SUB(d, i) \
1451-
(((sword16)((d >> ((i) * 6 + 0)) & 0x7)) - \
1452-
((sword16)((d >> ((i) * 6 + 3)) & 0x7)))
1450+
(((sword16)(((d) >> ((i) * 6 + 0)) & 0x7)) - \
1451+
((sword16)(((d) >> ((i) * 6 + 3)) & 0x7)))
14531452

14541453
/* Compute polynomial with coefficients distributed according to a centered
14551454
* binomial distribution with parameter eta3 from uniform random bytes.
@@ -2041,7 +2040,7 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p)
20412040
* @return Compressed value.
20422041
*/
20432042
#define TO_COMP_WORD_10(v, i, j, k) \
2044-
((((KYBER_V54 << 10) * v[i * KYBER_N + j + k]) + KYBER_V54_HALF) >> 54)
2043+
((((KYBER_V54 << 10) * (v)[(i) * KYBER_N + (j) + (k)]) + KYBER_V54_HALF) >> 54)
20452044

20462045
/* Compress value to 11 bits.
20472046
*
@@ -2055,7 +2054,7 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p)
20552054
* @return Compressed value.
20562055
*/
20572056
#define TO_COMP_WORD_11(v, i, j, k) \
2058-
((((KYBER_V53 << 11) * v[i * KYBER_N + j + k]) + KYBER_V53_HALF) >> 53)
2057+
((((KYBER_V53 << 11) * (v)[(i) * KYBER_N + (j) + (k)]) + KYBER_V53_HALF) >> 53)
20592058

20602059
#endif /* CONV_WITH_DIV */
20612060

@@ -2241,8 +2240,8 @@ void kyber_vec_compress_11(byte* r, sword16* v)
22412240
* @return Decompressed value.
22422241
*/
22432242
#define DECOMP_10(v, i, j, k, t) \
2244-
v[i * KYBER_N + 4 * j + k] = \
2245-
(word16)((((word32)(t & 0x3ff) * KYBER_Q) + 512) >> 10)
2243+
v[(i) * KYBER_N + 4 * (j) + (k)] = \
2244+
(word16)((((word32)((t) & 0x3ff) * KYBER_Q) + 512) >> 10)
22462245

22472246
/* Decompress an 11 bit value.
22482247
*
@@ -2254,8 +2253,8 @@ void kyber_vec_compress_11(byte* r, sword16* v)
22542253
* @return Decompressed value.
22552254
*/
22562255
#define DECOMP_11(v, i, j, k, t) \
2257-
v[i * KYBER_N + 8 * j + k] = \
2258-
(word16)((((word32)(t & 0x7ff) * KYBER_Q) + 1024) >> 11)
2256+
v[(i) * KYBER_N + 8 * (j) + (k)] = \
2257+
(word16)((((word32)((t) & 0x7ff) * KYBER_Q) + 1024) >> 11)
22592258

22602259
#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
22612260
/* Decompress the byte array of packed 10 bits into vector of polynomials.
@@ -2474,7 +2473,7 @@ void kyber_vec_decompress_11(sword16* v, const unsigned char* b)
24742473
* @return Compressed value.
24752474
*/
24762475
#define TO_COMP_WORD_4(p, i, j) \
2477-
((((KYBER_V28 << 4) * p[i + j]) + KYBER_V28_HALF) >> 28)
2476+
((((KYBER_V28 << 4) * (p)[(i) + (j)]) + KYBER_V28_HALF) >> 28)
24782477

24792478
/* Compress value to 5 bits.
24802479
*
@@ -2486,7 +2485,7 @@ void kyber_vec_decompress_11(sword16* v, const unsigned char* b)
24862485
* @return Compressed value.
24872486
*/
24882487
#define TO_COMP_WORD_5(p, i, j) \
2489-
((((KYBER_V27 << 5) * p[i + j]) + KYBER_V27_HALF) >> 27)
2488+
((((KYBER_V27 << 5) * (p)[(i) + (j)]) + KYBER_V27_HALF) >> 27)
24902489

24912490
#endif /* CONV_WITH_DIV */
24922491

@@ -2644,7 +2643,7 @@ void kyber_compress_5(byte* b, sword16* p)
26442643
* @return Decompressed value.
26452644
*/
26462645
#define DECOMP_4(p, i, j, t) \
2647-
p[i + j] = ((word16)((t) * KYBER_Q) + 8) >> 4
2646+
p[(i) + (j)] = ((word16)((t) * KYBER_Q) + 8) >> 4
26482647

26492648
/* Decompress a 5 bit value.
26502649
*
@@ -2655,7 +2654,7 @@ void kyber_compress_5(byte* b, sword16* p)
26552654
* @return Decompressed value.
26562655
*/
26572656
#define DECOMP_5(p, i, j, t) \
2658-
p[i + j] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5
2657+
p[(i) + (j)] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5
26592658

26602659
#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
26612660
/* Decompress the byte array of packed 4 bits into polynomial.
@@ -2781,7 +2780,7 @@ void kyber_decompress_5(sword16* p, const unsigned char* b)
27812780
* @param [in] j Index of bit in byte.
27822781
*/
27832782
#define FROM_MSG_BIT(p, msg, i, j) \
2784-
p[8 * i + j] = ((sword16)0 - (sword16)((msg[i] >> j) & 1)) & KYBER_Q_1_HALF
2783+
p[8 * (i) + (j)] = ((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) & KYBER_Q_1_HALF
27852784

27862785
/* Convert message to polynomial.
27872786
*
@@ -2864,7 +2863,7 @@ void kyber_from_msg(sword16* p, const byte* msg)
28642863
* @param [in] j Index of bit in byte.
28652864
*/
28662865
#define TO_MSG_BIT(m, p, i, j) \
2867-
m[i] |= ((word32)((KYBER_V31_2 * p[8 * i + j]) + KYBER_V31_HALF) >> 31) << j
2866+
(m)[i] |= ((word32)((KYBER_V31_2 * (p)[8 * (i) + (j)]) + KYBER_V31_HALF) >> 31) << (j)
28682867

28692868
#endif /* CONV_WITH_DIV */
28702869

wolfssl/wolfcrypt/wc_kyber.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ struct KyberKey {
112112
void* heap;
113113
#if defined(WOLF_CRYPTO_CB)
114114
/* Device Id. */
115-
int* devId;
115+
int devId;
116116
#endif
117117
/* Flags indicating what is stored in the key. */
118118
int flags;

0 commit comments

Comments
 (0)