-rw-r--r-- 1444 libmceliece-20240812/crypto_kem/6960119pc/avx/kem_enc.c raw
// 20240805 djb: more mask usage // 20230102 djb: rename encrypt() as pke_encrypt() // 20221230 djb: add linker lines // 20221230 djb: split out of operations.c // linker define operation_enc // linker use pke_encrypt #include "operations.h" #include "hash.h" #include "encrypt.h" #include "params.h" #include "util.h" #include <stdint.h> #include <string.h> #include "crypto_int8.h" /* check if the padding bits of pk are all zero */ static int check_pk_padding(const unsigned char * pk) { unsigned char b; int i; b = 0; for (i = 0; i < PK_NROWS; i++) b |= pk[i*PK_ROW_BYTES + PK_ROW_BYTES-1]; b >>= (PK_NCOLS % 8); return crypto_int8_nonzero_mask(b); } int operation_enc( unsigned char *c, unsigned char *key, const unsigned char *pk ) { unsigned char two_e[ 1 + SYS_N/8 ] = {2}; unsigned char *e = two_e + 1; unsigned char one_ec[ 1 + SYS_N/8 + (SYND_BYTES + 32) ] = {1}; unsigned char mask; int i, padding_ok; // padding_ok = check_pk_padding(pk); pke_encrypt(c, pk, e); crypto_hash_32b(c + SYND_BYTES, two_e, sizeof(two_e)); memcpy(one_ec + 1, e, SYS_N/8); memcpy(one_ec + 1 + SYS_N/8, c, SYND_BYTES + 32); crypto_hash_32b(key, one_ec, sizeof(one_ec)); // clear outputs (set to all 0's) if padding bits are not all zero mask = padding_ok; mask ^= 0xFF; for (i = 0; i < SYND_BYTES + 32; i++) c[i] &= mask; for (i = 0; i < 32; i++) key[i] &= mask; return padding_ok; }