|
|
|
|
@ -771,420 +771,348 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
|
|
|
|
|
<div class="line"><a name="l00776"></a><span class="lineno"> 776</span> <span class="preprocessor"> x[16*(i)] ^= t;\</span></div>
|
|
|
|
|
<div class="line"><a name="l00777"></a><span class="lineno"> 777</span> <span class="preprocessor"> x[16*(j)] ^= t;</span></div>
|
|
|
|
|
<div class="line"><a name="l00778"></a><span class="lineno"> 778</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00779"></a><span class="lineno"> 779</span> <span class="keyword">static</span> <span class="keywordtype">void</span> batcher84(uint16_t *x)</div>
|
|
|
|
|
<div class="line"><a name="l00780"></a><span class="lineno"> 780</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00781"></a><span class="lineno"> 781</span>  <span class="keyword">static</span> uint8_t <span class="keyword">const</span> swap_table[] = {</div>
|
|
|
|
|
<div class="line"><a name="l00782"></a><span class="lineno"> 782</span>  0, 1, 2, 3, 0, 2, 1, 3, 1, 2, 4, 5, 6, 7, 4, 6,</div>
|
|
|
|
|
<div class="line"><a name="l00783"></a><span class="lineno"> 783</span>  5, 7, 5, 6, 0, 4, 2, 6, 2, 4, 1, 5, 3, 7, 3, 5,</div>
|
|
|
|
|
<div class="line"><a name="l00784"></a><span class="lineno"> 784</span>  1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 8, 10, 9, 11, 9, 10,</div>
|
|
|
|
|
<div class="line"><a name="l00785"></a><span class="lineno"> 785</span>  12, 13, 14, 15, 12, 14, 13, 15, 13, 14, 8, 12, 10, 14, 10, 12,</div>
|
|
|
|
|
<div class="line"><a name="l00786"></a><span class="lineno"> 786</span>  9, 13, 11, 15, 11, 13, 9, 10, 11, 12, 13, 14, 0, 8, 4, 12,</div>
|
|
|
|
|
<div class="line"><a name="l00787"></a><span class="lineno"> 787</span>  4, 8, 2, 10, 6, 14, 6, 10, 2, 4, 6, 8, 10, 12, 1, 9,</div>
|
|
|
|
|
<div class="line"><a name="l00788"></a><span class="lineno"> 788</span>  5, 13, 5, 9, 3, 11, 7, 15, 7, 11, 3, 5, 7, 9, 11, 13,</div>
|
|
|
|
|
<div class="line"><a name="l00789"></a><span class="lineno"> 789</span>  1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17,</div>
|
|
|
|
|
<div class="line"><a name="l00790"></a><span class="lineno"> 790</span>  18, 19, 16, 18, 17, 19, 17, 18, 20, 21, 22, 23, 20, 22, 21, 23,</div>
|
|
|
|
|
<div class="line"><a name="l00791"></a><span class="lineno"> 791</span>  21, 22, 16, 20, 18, 22, 18, 20, 17, 21, 19, 23, 19, 21, 17, 18,</div>
|
|
|
|
|
<div class="line"><a name="l00792"></a><span class="lineno"> 792</span>  19, 20, 21, 22, 24, 25, 26, 27, 24, 26, 25, 27, 25, 26, 28, 29,</div>
|
|
|
|
|
<div class="line"><a name="l00793"></a><span class="lineno"> 793</span>  30, 31, 28, 30, 29, 31, 29, 30, 24, 28, 26, 30, 26, 28, 25, 29,</div>
|
|
|
|
|
<div class="line"><a name="l00794"></a><span class="lineno"> 794</span>  27, 31, 27, 29, 25, 26, 27, 28, 29, 30, 16, 24, 20, 28, 20, 24,</div>
|
|
|
|
|
<div class="line"><a name="l00795"></a><span class="lineno"> 795</span>  18, 26, 22, 30, 22, 26, 18, 20, 22, 24, 26, 28, 17, 25, 21, 29,</div>
|
|
|
|
|
<div class="line"><a name="l00796"></a><span class="lineno"> 796</span>  21, 25, 19, 27, 23, 31, 23, 27, 19, 21, 23, 25, 27, 29, 17, 18,</div>
|
|
|
|
|
<div class="line"><a name="l00797"></a><span class="lineno"> 797</span>  19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 0, 16, 8, 24,</div>
|
|
|
|
|
<div class="line"><a name="l00798"></a><span class="lineno"> 798</span>  8, 16, 4, 20, 12, 28, 12, 20, 4, 8, 12, 16, 20, 24, 2, 18,</div>
|
|
|
|
|
<div class="line"><a name="l00799"></a><span class="lineno"> 799</span>  10, 26, 10, 18, 6, 22, 14, 30, 14, 22, 6, 10, 14, 18, 22, 26,</div>
|
|
|
|
|
<div class="line"><a name="l00800"></a><span class="lineno"> 800</span>  2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 1, 17,</div>
|
|
|
|
|
<div class="line"><a name="l00801"></a><span class="lineno"> 801</span>  9, 25, 9, 17, 5, 21, 13, 29, 13, 21, 5, 9, 13, 17, 21, 25,</div>
|
|
|
|
|
<div class="line"><a name="l00802"></a><span class="lineno"> 802</span>  3, 19, 11, 27, 11, 19, 7, 23, 15, 31, 15, 23, 7, 11, 15, 19,</div>
|
|
|
|
|
<div class="line"><a name="l00803"></a><span class="lineno"> 803</span>  23, 27, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23, 25, 27, 29,</div>
|
|
|
|
|
<div class="line"><a name="l00804"></a><span class="lineno"> 804</span>  1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,</div>
|
|
|
|
|
<div class="line"><a name="l00805"></a><span class="lineno"> 805</span>  17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33,</div>
|
|
|
|
|
<div class="line"><a name="l00806"></a><span class="lineno"> 806</span>  34, 35, 32, 34, 33, 35, 33, 34, 36, 37, 38, 39, 36, 38, 37, 39,</div>
|
|
|
|
|
<div class="line"><a name="l00807"></a><span class="lineno"> 807</span>  37, 38, 32, 36, 34, 38, 34, 36, 33, 37, 35, 39, 35, 37, 33, 34,</div>
|
|
|
|
|
<div class="line"><a name="l00808"></a><span class="lineno"> 808</span>  35, 36, 37, 38, 40, 41, 42, 43, 40, 42, 41, 43, 41, 42, 44, 45,</div>
|
|
|
|
|
<div class="line"><a name="l00809"></a><span class="lineno"> 809</span>  46, 47, 44, 46, 45, 47, 45, 46, 40, 44, 42, 46, 42, 44, 41, 45,</div>
|
|
|
|
|
<div class="line"><a name="l00810"></a><span class="lineno"> 810</span>  43, 47, 43, 45, 41, 42, 43, 44, 45, 46, 32, 40, 36, 44, 36, 40,</div>
|
|
|
|
|
<div class="line"><a name="l00811"></a><span class="lineno"> 811</span>  34, 42, 38, 46, 38, 42, 34, 36, 38, 40, 42, 44, 33, 41, 37, 45,</div>
|
|
|
|
|
<div class="line"><a name="l00812"></a><span class="lineno"> 812</span>  37, 41, 35, 43, 39, 47, 39, 43, 35, 37, 39, 41, 43, 45, 33, 34,</div>
|
|
|
|
|
<div class="line"><a name="l00813"></a><span class="lineno"> 813</span>  35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 49, 50, 51,</div>
|
|
|
|
|
<div class="line"><a name="l00814"></a><span class="lineno"> 814</span>  48, 50, 49, 51, 49, 50, 52, 53, 54, 55, 52, 54, 53, 55, 53, 54,</div>
|
|
|
|
|
<div class="line"><a name="l00815"></a><span class="lineno"> 815</span>  48, 52, 50, 54, 50, 52, 49, 53, 51, 55, 51, 53, 49, 50, 51, 52,</div>
|
|
|
|
|
<div class="line"><a name="l00816"></a><span class="lineno"> 816</span>  53, 54, 56, 57, 58, 59, 56, 58, 57, 59, 57, 58, 60, 61, 62, 63,</div>
|
|
|
|
|
<div class="line"><a name="l00817"></a><span class="lineno"> 817</span>  60, 62, 61, 63, 61, 62, 56, 60, 58, 62, 58, 60, 57, 61, 59, 63,</div>
|
|
|
|
|
<div class="line"><a name="l00818"></a><span class="lineno"> 818</span>  59, 61, 57, 58, 59, 60, 61, 62, 48, 56, 52, 60, 52, 56, 50, 58,</div>
|
|
|
|
|
<div class="line"><a name="l00819"></a><span class="lineno"> 819</span>  54, 62, 54, 58, 50, 52, 54, 56, 58, 60, 49, 57, 53, 61, 53, 57,</div>
|
|
|
|
|
<div class="line"><a name="l00820"></a><span class="lineno"> 820</span>  51, 59, 55, 63, 55, 59, 51, 53, 55, 57, 59, 61, 49, 50, 51, 52,</div>
|
|
|
|
|
<div class="line"><a name="l00821"></a><span class="lineno"> 821</span>  53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 32, 48, 40, 56, 40, 48,</div>
|
|
|
|
|
<div class="line"><a name="l00822"></a><span class="lineno"> 822</span>  36, 52, 44, 60, 44, 52, 36, 40, 44, 48, 52, 56, 34, 50, 42, 58,</div>
|
|
|
|
|
<div class="line"><a name="l00823"></a><span class="lineno"> 823</span>  42, 50, 38, 54, 46, 62, 46, 54, 38, 42, 46, 50, 54, 58, 34, 36,</div>
|
|
|
|
|
<div class="line"><a name="l00824"></a><span class="lineno"> 824</span>  38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 33, 49, 41, 57,</div>
|
|
|
|
|
<div class="line"><a name="l00825"></a><span class="lineno"> 825</span>  41, 49, 37, 53, 45, 61, 45, 53, 37, 41, 45, 49, 53, 57, 35, 51,</div>
|
|
|
|
|
<div class="line"><a name="l00826"></a><span class="lineno"> 826</span>  43, 59, 43, 51, 39, 55, 47, 63, 47, 55, 39, 43, 47, 51, 55, 59,</div>
|
|
|
|
|
<div class="line"><a name="l00827"></a><span class="lineno"> 827</span>  35, 37, 39, 41, 43, 45, 47, 49, 51, 53, 55, 57, 59, 61, 33, 34,</div>
|
|
|
|
|
<div class="line"><a name="l00828"></a><span class="lineno"> 828</span>  35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,</div>
|
|
|
|
|
<div class="line"><a name="l00829"></a><span class="lineno"> 829</span>  51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 0, 32, 16, 48,</div>
|
|
|
|
|
<div class="line"><a name="l00830"></a><span class="lineno"> 830</span>  16, 32, 8, 40, 24, 56, 24, 40, 8, 16, 24, 32, 40, 48, 4, 36,</div>
|
|
|
|
|
<div class="line"><a name="l00831"></a><span class="lineno"> 831</span>  20, 52, 20, 36, 12, 44, 28, 60, 28, 44, 12, 20, 28, 36, 44, 52,</div>
|
|
|
|
|
<div class="line"><a name="l00832"></a><span class="lineno"> 832</span>  4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 2, 34,</div>
|
|
|
|
|
<div class="line"><a name="l00833"></a><span class="lineno"> 833</span>  18, 50, 18, 34, 10, 42, 26, 58, 26, 42, 10, 18, 26, 34, 42, 50,</div>
|
|
|
|
|
<div class="line"><a name="l00834"></a><span class="lineno"> 834</span>  6, 38, 22, 54, 22, 38, 14, 46, 30, 62, 30, 46, 14, 22, 30, 38,</div>
|
|
|
|
|
<div class="line"><a name="l00835"></a><span class="lineno"> 835</span>  46, 54, 6, 10, 14, 18, 22, 26, 30, 34, 38, 42, 46, 50, 54, 58,</div>
|
|
|
|
|
<div class="line"><a name="l00836"></a><span class="lineno"> 836</span>  2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32,</div>
|
|
|
|
|
<div class="line"><a name="l00837"></a><span class="lineno"> 837</span>  34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 1, 33,</div>
|
|
|
|
|
<div class="line"><a name="l00838"></a><span class="lineno"> 838</span>  17, 49, 17, 33, 9, 41, 25, 57, 25, 41, 9, 17, 25, 33, 41, 49,</div>
|
|
|
|
|
<div class="line"><a name="l00839"></a><span class="lineno"> 839</span>  5, 37, 21, 53, 21, 37, 13, 45, 29, 61, 29, 45, 13, 21, 29, 37,</div>
|
|
|
|
|
<div class="line"><a name="l00840"></a><span class="lineno"> 840</span>  45, 53, 5, 9, 13, 17, 21, 25, 29, 33, 37, 41, 45, 49, 53, 57,</div>
|
|
|
|
|
<div class="line"><a name="l00841"></a><span class="lineno"> 841</span>  3, 35, 19, 51, 19, 35, 11, 43, 27, 59, 27, 43, 11, 19, 27, 35,</div>
|
|
|
|
|
<div class="line"><a name="l00842"></a><span class="lineno"> 842</span>  43, 51, 7, 39, 23, 55, 23, 39, 15, 47, 31, 63, 31, 47, 15, 23,</div>
|
|
|
|
|
<div class="line"><a name="l00843"></a><span class="lineno"> 843</span>  31, 39, 47, 55, 7, 11, 15, 19, 23, 27, 31, 35, 39, 43, 47, 51,</div>
|
|
|
|
|
<div class="line"><a name="l00844"></a><span class="lineno"> 844</span>  55, 59, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23, 25, 27, 29,</div>
|
|
|
|
|
<div class="line"><a name="l00845"></a><span class="lineno"> 845</span>  31, 33, 35, 37, 39, 41, 43, 45, 47, 49, 51, 53, 55, 57, 59, 61,</div>
|
|
|
|
|
<div class="line"><a name="l00846"></a><span class="lineno"> 846</span>  1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,</div>
|
|
|
|
|
<div class="line"><a name="l00847"></a><span class="lineno"> 847</span>  17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,</div>
|
|
|
|
|
<div class="line"><a name="l00848"></a><span class="lineno"> 848</span>  33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,</div>
|
|
|
|
|
<div class="line"><a name="l00849"></a><span class="lineno"> 849</span>  49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 64, 65,</div>
|
|
|
|
|
<div class="line"><a name="l00850"></a><span class="lineno"> 850</span>  66, 67, 64, 66, 65, 67, 65, 66, 68, 69, 70, 71, 68, 70, 69, 71,</div>
|
|
|
|
|
<div class="line"><a name="l00851"></a><span class="lineno"> 851</span>  69, 70, 64, 68, 66, 70, 66, 68, 65, 69, 67, 71, 67, 69, 65, 66,</div>
|
|
|
|
|
<div class="line"><a name="l00852"></a><span class="lineno"> 852</span>  67, 68, 69, 70, 72, 73, 74, 75, 72, 74, 73, 75, 73, 74, 76, 77,</div>
|
|
|
|
|
<div class="line"><a name="l00853"></a><span class="lineno"> 853</span>  78, 79, 76, 78, 77, 79, 77, 78, 72, 76, 74, 78, 74, 76, 73, 77,</div>
|
|
|
|
|
<div class="line"><a name="l00854"></a><span class="lineno"> 854</span>  75, 79, 75, 77, 73, 74, 75, 76, 77, 78, 64, 72, 68, 76, 68, 72,</div>
|
|
|
|
|
<div class="line"><a name="l00855"></a><span class="lineno"> 855</span>  66, 74, 70, 78, 70, 74, 66, 68, 70, 72, 74, 76, 65, 73, 69, 77,</div>
|
|
|
|
|
<div class="line"><a name="l00856"></a><span class="lineno"> 856</span>  69, 73, 67, 75, 71, 79, 71, 75, 67, 69, 71, 73, 75, 77, 65, 66,</div>
|
|
|
|
|
<div class="line"><a name="l00857"></a><span class="lineno"> 857</span>  67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 80, 81, 82, 83,</div>
|
|
|
|
|
<div class="line"><a name="l00858"></a><span class="lineno"> 858</span>  80, 82, 81, 83, 81, 82, 81, 82, 81, 82, 64, 80, 72, 80, 68, 72,</div>
|
|
|
|
|
<div class="line"><a name="l00859"></a><span class="lineno"> 859</span>  76, 80, 66, 82, 74, 82, 70, 74, 78, 82, 66, 68, 70, 72, 74, 76,</div>
|
|
|
|
|
<div class="line"><a name="l00860"></a><span class="lineno"> 860</span>  78, 80, 65, 81, 73, 81, 69, 73, 77, 81, 67, 83, 75, 83, 71, 75,</div>
|
|
|
|
|
<div class="line"><a name="l00861"></a><span class="lineno"> 861</span>  79, 83, 67, 69, 71, 73, 75, 77, 79, 81, 65, 66, 67, 68, 69, 70,</div>
|
|
|
|
|
<div class="line"><a name="l00862"></a><span class="lineno"> 862</span>  71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 72, 80, 68, 72,</div>
|
|
|
|
|
<div class="line"><a name="l00863"></a><span class="lineno"> 863</span>  76, 80, 74, 82, 70, 74, 78, 82, 66, 68, 70, 72, 74, 76, 78, 80,</div>
|
|
|
|
|
<div class="line"><a name="l00864"></a><span class="lineno"> 864</span>  73, 81, 69, 73, 77, 81, 75, 83, 71, 75, 79, 83, 67, 69, 71, 73,</div>
|
|
|
|
|
<div class="line"><a name="l00865"></a><span class="lineno"> 865</span>  75, 77, 79, 81, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76,</div>
|
|
|
|
|
<div class="line"><a name="l00866"></a><span class="lineno"> 866</span>  77, 78, 79, 80, 81, 82, 0, 64, 32, 64, 16, 80, 48, 80, 16, 32,</div>
|
|
|
|
|
<div class="line"><a name="l00867"></a><span class="lineno"> 867</span>  48, 64, 8, 72, 40, 72, 24, 40, 56, 72, 8, 16, 24, 32, 40, 48,</div>
|
|
|
|
|
<div class="line"><a name="l00868"></a><span class="lineno"> 868</span>  56, 64, 72, 80, 4, 68, 36, 68, 20, 36, 52, 68, 12, 76, 44, 76,</div>
|
|
|
|
|
<div class="line"><a name="l00869"></a><span class="lineno"> 869</span>  28, 44, 60, 76, 12, 20, 28, 36, 44, 52, 60, 68, 4, 8, 12, 16,</div>
|
|
|
|
|
<div class="line"><a name="l00870"></a><span class="lineno"> 870</span>  20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80,</div>
|
|
|
|
|
<div class="line"><a name="l00871"></a><span class="lineno"> 871</span>  2, 66, 34, 66, 18, 82, 50, 82, 18, 34, 50, 66, 10, 74, 42, 74,</div>
|
|
|
|
|
<div class="line"><a name="l00872"></a><span class="lineno"> 872</span>  26, 42, 58, 74, 10, 18, 26, 34, 42, 50, 58, 66, 74, 82, 6, 70,</div>
|
|
|
|
|
<div class="line"><a name="l00873"></a><span class="lineno"> 873</span>  38, 70, 22, 38, 54, 70, 14, 78, 46, 78, 30, 46, 62, 78, 14, 22,</div>
|
|
|
|
|
<div class="line"><a name="l00874"></a><span class="lineno"> 874</span>  30, 38, 46, 54, 62, 70, 6, 10, 14, 18, 22, 26, 30, 34, 38, 42,</div>
|
|
|
|
|
<div class="line"><a name="l00875"></a><span class="lineno"> 875</span>  46, 50, 54, 58, 62, 66, 70, 74, 78, 82, 2, 4, 6, 8, 10, 12,</div>
|
|
|
|
|
<div class="line"><a name="l00876"></a><span class="lineno"> 876</span>  14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44,</div>
|
|
|
|
|
<div class="line"><a name="l00877"></a><span class="lineno"> 877</span>  46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76,</div>
|
|
|
|
|
<div class="line"><a name="l00878"></a><span class="lineno"> 878</span>  78, 80, 1, 65, 33, 65, 17, 81, 49, 81, 17, 33, 49, 65, 9, 73,</div>
|
|
|
|
|
<div class="line"><a name="l00879"></a><span class="lineno"> 879</span>  41, 73, 25, 41, 57, 73, 9, 17, 25, 33, 41, 49, 57, 65, 73, 81,</div>
|
|
|
|
|
<div class="line"><a name="l00880"></a><span class="lineno"> 880</span>  5, 69, 37, 69, 21, 37, 53, 69, 13, 77, 45, 77, 29, 45, 61, 77,</div>
|
|
|
|
|
<div class="line"><a name="l00881"></a><span class="lineno"> 881</span>  13, 21, 29, 37, 45, 53, 61, 69, 5, 9, 13, 17, 21, 25, 29, 33,</div>
|
|
|
|
|
<div class="line"><a name="l00882"></a><span class="lineno"> 882</span>  37, 41, 45, 49, 53, 57, 61, 65, 69, 73, 77, 81, 3, 67, 35, 67,</div>
|
|
|
|
|
<div class="line"><a name="l00883"></a><span class="lineno"> 883</span>  19, 83, 51, 83, 19, 35, 51, 67, 11, 75, 43, 75, 27, 43, 59, 75,</div>
|
|
|
|
|
<div class="line"><a name="l00884"></a><span class="lineno"> 884</span>  11, 19, 27, 35, 43, 51, 59, 67, 75, 83, 7, 71, 39, 71, 23, 39,</div>
|
|
|
|
|
<div class="line"><a name="l00885"></a><span class="lineno"> 885</span>  55, 71, 15, 79, 47, 79, 31, 47, 63, 79, 15, 23, 31, 39, 47, 55,</div>
|
|
|
|
|
<div class="line"><a name="l00886"></a><span class="lineno"> 886</span>  63, 71, 7, 11, 15, 19, 23, 27, 31, 35, 39, 43, 47, 51, 55, 59,</div>
|
|
|
|
|
<div class="line"><a name="l00887"></a><span class="lineno"> 887</span>  63, 67, 71, 75, 79, 83, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21,</div>
|
|
|
|
|
<div class="line"><a name="l00888"></a><span class="lineno"> 888</span>  23, 25, 27, 29, 31, 33, 35, 37, 39, 41, 43, 45, 47, 49, 51, 53,</div>
|
|
|
|
|
<div class="line"><a name="l00889"></a><span class="lineno"> 889</span>  55, 57, 59, 61, 63, 65, 67, 69, 71, 73, 75, 77, 79, 81, 1, 2,</div>
|
|
|
|
|
<div class="line"><a name="l00890"></a><span class="lineno"> 890</span>  3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,</div>
|
|
|
|
|
<div class="line"><a name="l00891"></a><span class="lineno"> 891</span>  19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,</div>
|
|
|
|
|
<div class="line"><a name="l00892"></a><span class="lineno"> 892</span>  35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,</div>
|
|
|
|
|
<div class="line"><a name="l00893"></a><span class="lineno"> 893</span>  51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66,</div>
|
|
|
|
|
<div class="line"><a name="l00894"></a><span class="lineno"> 894</span>  67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82</div>
|
|
|
|
|
<div class="line"><a name="l00895"></a><span class="lineno"> 895</span>  };</div>
|
|
|
|
|
<div class="line"><a name="l00896"></a><span class="lineno"> 896</span>  <span class="keywordtype">unsigned</span> index, i, j;</div>
|
|
|
|
|
<div class="line"><a name="l00897"></a><span class="lineno"> 897</span>  int32_t c;</div>
|
|
|
|
|
<div class="line"><a name="l00898"></a><span class="lineno"> 898</span>  uint16_t t;</div>
|
|
|
|
|
<div class="line"><a name="l00899"></a><span class="lineno"> 899</span>  <span class="keywordflow">for</span> (index = 0; index < <span class="keyword">sizeof</span>(swap_table); index += 2) {</div>
|
|
|
|
|
<div class="line"><a name="l00900"></a><span class="lineno"> 900</span>  i = swap_table[index];</div>
|
|
|
|
|
<div class="line"><a name="l00901"></a><span class="lineno"> 901</span>  j = swap_table[index + 1];</div>
|
|
|
|
|
<div class="line"><a name="l00902"></a><span class="lineno"> 902</span>  compare_and_swap(x, i, j);</div>
|
|
|
|
|
<div class="line"><a name="l00903"></a><span class="lineno"> 903</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00904"></a><span class="lineno"> 904</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00905"></a><span class="lineno"> 905</span> </div>
|
|
|
|
|
<div class="line"><a name="l00906"></a><span class="lineno"> 906</span> <span class="keyword">static</span> <span class="keywordtype">int</span> discardtopoly(uint16_t *x)</div>
|
|
|
|
|
<div class="line"><a name="l00907"></a><span class="lineno"> 907</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00908"></a><span class="lineno"> 908</span>  int32_t i, r=0;</div>
|
|
|
|
|
<div class="line"><a name="l00909"></a><span class="lineno"> 909</span> </div>
|
|
|
|
|
<div class="line"><a name="l00910"></a><span class="lineno"> 910</span>  <span class="keywordflow">for</span>(i=0;i<16;i++)</div>
|
|
|
|
|
<div class="line"><a name="l00911"></a><span class="lineno"> 911</span>  batcher84(x+i);</div>
|
|
|
|
|
<div class="line"><a name="l00912"></a><span class="lineno"> 912</span> </div>
|
|
|
|
|
<div class="line"><a name="l00913"></a><span class="lineno"> 913</span>  <span class="comment">// Check whether we're safe:</span></div>
|
|
|
|
|
<div class="line"><a name="l00914"></a><span class="lineno"> 914</span>  <span class="keywordflow">for</span>(i=1008;i<1024;i++)</div>
|
|
|
|
|
<div class="line"><a name="l00915"></a><span class="lineno"> 915</span>  r |= 61444 - x[i];</div>
|
|
|
|
|
<div class="line"><a name="l00916"></a><span class="lineno"> 916</span>  <span class="keywordflow">if</span>(r >>= 31) <span class="keywordflow">return</span> -1;</div>
|
|
|
|
|
<div class="line"><a name="l00917"></a><span class="lineno"> 917</span> </div>
|
|
|
|
|
<div class="line"><a name="l00918"></a><span class="lineno"> 918</span>  <span class="keywordflow">return</span> 0;</div>
|
|
|
|
|
<div class="line"><a name="l00919"></a><span class="lineno"> 919</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00920"></a><span class="lineno"> 920</span> </div>
|
|
|
|
|
<div class="line"><a name="l00921"></a><span class="lineno"> 921</span> <span class="preprocessor">#endif // NEWHOPE_TORREF</span></div>
|
|
|
|
|
<div class="line"><a name="l00922"></a><span class="lineno"> 922</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00923"></a><span class="lineno"> 923</span> <span class="comment">// End of public domain code imported from the C reference code.</span></div>
|
|
|
|
|
<div class="line"><a name="l00924"></a><span class="lineno"> 924</span>  </div>
|
|
|
|
|
<div class="line"><a name="l00925"></a><span class="lineno"> 925</span> <span class="comment">// Formats the ChaCha20 input block using a key and nonce.</span></div>
|
|
|
|
|
<div class="line"><a name="l00926"></a><span class="lineno"> 926</span> <span class="keyword">static</span> <span class="keywordtype">void</span> crypto_chacha20_set_key(uint32_t *block, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *k, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *n)</div>
|
|
|
|
|
<div class="line"><a name="l00927"></a><span class="lineno"> 927</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00928"></a><span class="lineno"> 928</span>  <span class="keyword">static</span> <span class="keyword">const</span> <span class="keywordtype">char</span> tag256[] = <span class="stringliteral">"expand 32-byte k"</span>;</div>
|
|
|
|
|
<div class="line"><a name="l00929"></a><span class="lineno"> 929</span>  memcpy(block, tag256, 16);</div>
|
|
|
|
|
<div class="line"><a name="l00930"></a><span class="lineno"> 930</span>  memcpy(block + 4, k, 32);</div>
|
|
|
|
|
<div class="line"><a name="l00931"></a><span class="lineno"> 931</span>  memset(block + 12, 0, 8);</div>
|
|
|
|
|
<div class="line"><a name="l00932"></a><span class="lineno"> 932</span>  <span class="keywordflow">if</span> (n)</div>
|
|
|
|
|
<div class="line"><a name="l00933"></a><span class="lineno"> 933</span>  memcpy(block + 14, n, 8);</div>
|
|
|
|
|
<div class="line"><a name="l00934"></a><span class="lineno"> 934</span>  <span class="keywordflow">else</span></div>
|
|
|
|
|
<div class="line"><a name="l00935"></a><span class="lineno"> 935</span>  memset(block + 14, 0, 8);</div>
|
|
|
|
|
<div class="line"><a name="l00936"></a><span class="lineno"> 936</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00937"></a><span class="lineno"> 937</span> </div>
|
|
|
|
|
<div class="line"><a name="l00938"></a><span class="lineno"> 938</span> <span class="keyword">static</span> <span class="keywordtype">void</span> poly_uniform(uint16_t *a, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *seed)</div>
|
|
|
|
|
<div class="line"><a name="l00939"></a><span class="lineno"> 939</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00940"></a><span class="lineno"> 940</span>  <a class="code" href="classSHAKE128.html">SHAKE128</a> shake;</div>
|
|
|
|
|
<div class="line"><a name="l00941"></a><span class="lineno"> 941</span>  <span class="keywordtype">int</span> ctr = 0;</div>
|
|
|
|
|
<div class="line"><a name="l00942"></a><span class="lineno"> 942</span>  <span class="keywordtype">int</span> posn = PARAM_N;</div>
|
|
|
|
|
<div class="line"><a name="l00943"></a><span class="lineno"> 943</span>  uint16_t val;</div>
|
|
|
|
|
<div class="line"><a name="l00944"></a><span class="lineno"> 944</span> </div>
|
|
|
|
|
<div class="line"><a name="l00945"></a><span class="lineno"> 945</span>  <span class="comment">// Absorb the seed material into the SHAKE128 object.</span></div>
|
|
|
|
|
<div class="line"><a name="l00946"></a><span class="lineno"> 946</span>  shake.<a class="code" href="classSHAKE.html#aa6f3a32427433aabe20adccb6994a4aa">update</a>(seed, NEWHOPE_SEEDBYTES);</div>
|
|
|
|
|
<div class="line"><a name="l00947"></a><span class="lineno"> 947</span> </div>
|
|
|
|
|
<div class="line"><a name="l00948"></a><span class="lineno"> 948</span>  <span class="keywordflow">while</span> (ctr < PARAM_N) {</div>
|
|
|
|
|
<div class="line"><a name="l00949"></a><span class="lineno"> 949</span>  <span class="comment">// Extract data from the SHAKE128 object directly into "a".</span></div>
|
|
|
|
|
<div class="line"><a name="l00950"></a><span class="lineno"> 950</span>  <span class="keywordflow">if</span> (posn >= PARAM_N) {</div>
|
|
|
|
|
<div class="line"><a name="l00951"></a><span class="lineno"> 951</span>  shake.<a class="code" href="classSHAKE.html#ac3fe37617644e3498d40a86e846562fb">extend</a>((uint8_t *)(a + ctr),</div>
|
|
|
|
|
<div class="line"><a name="l00952"></a><span class="lineno"> 952</span>  (PARAM_N - ctr) * <span class="keyword">sizeof</span>(uint16_t));</div>
|
|
|
|
|
<div class="line"><a name="l00953"></a><span class="lineno"> 953</span>  posn = ctr;</div>
|
|
|
|
|
<div class="line"><a name="l00954"></a><span class="lineno"> 954</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00955"></a><span class="lineno"> 955</span> </div>
|
|
|
|
|
<div class="line"><a name="l00956"></a><span class="lineno"> 956</span>  <span class="comment">// Process as much of the data as we can, discarding values</span></div>
|
|
|
|
|
<div class="line"><a name="l00957"></a><span class="lineno"> 957</span>  <span class="comment">// that are greater than or equal to 5 * PARAM_Q.</span></div>
|
|
|
|
|
<div class="line"><a name="l00958"></a><span class="lineno"> 958</span>  <span class="keywordflow">while</span> (posn < PARAM_N) {</div>
|
|
|
|
|
<div class="line"><a name="l00959"></a><span class="lineno"> 959</span>  val = a[posn++];</div>
|
|
|
|
|
<div class="line"><a name="l00960"></a><span class="lineno"> 960</span>  <span class="keywordflow">if</span> (val < (5 * PARAM_Q))</div>
|
|
|
|
|
<div class="line"><a name="l00961"></a><span class="lineno"> 961</span>  a[ctr++] = val;</div>
|
|
|
|
|
<div class="line"><a name="l00962"></a><span class="lineno"> 962</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00963"></a><span class="lineno"> 963</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00964"></a><span class="lineno"> 964</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00779"></a><span class="lineno"> 779</span> <span class="comment">// Code size efficient (but slower) version of the Batcher sort.</span></div>
|
|
|
|
|
<div class="line"><a name="l00780"></a><span class="lineno"> 780</span> <span class="comment">// https://en.wikipedia.org/wiki/Batcher_odd%E2%80%93even_mergesort</span></div>
|
|
|
|
|
<div class="line"><a name="l00781"></a><span class="lineno"> 781</span> <span class="keyword">static</span> <span class="keywordtype">void</span> oddeven_merge(uint16_t *x, <span class="keywordtype">unsigned</span> lo, <span class="keywordtype">unsigned</span> hi, <span class="keywordtype">unsigned</span> r)</div>
|
|
|
|
|
<div class="line"><a name="l00782"></a><span class="lineno"> 782</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00783"></a><span class="lineno"> 783</span>  <span class="keywordtype">unsigned</span> step = r * 2;</div>
|
|
|
|
|
<div class="line"><a name="l00784"></a><span class="lineno"> 784</span>  <span class="keywordtype">unsigned</span> i;</div>
|
|
|
|
|
<div class="line"><a name="l00785"></a><span class="lineno"> 785</span>  int32_t c;</div>
|
|
|
|
|
<div class="line"><a name="l00786"></a><span class="lineno"> 786</span>  uint16_t t;</div>
|
|
|
|
|
<div class="line"><a name="l00787"></a><span class="lineno"> 787</span>  <span class="keywordflow">if</span> (lo >= 84)</div>
|
|
|
|
|
<div class="line"><a name="l00788"></a><span class="lineno"> 788</span>  <span class="keywordflow">return</span>;</div>
|
|
|
|
|
<div class="line"><a name="l00789"></a><span class="lineno"> 789</span>  <span class="keywordflow">if</span> (step < (hi - lo)) {</div>
|
|
|
|
|
<div class="line"><a name="l00790"></a><span class="lineno"> 790</span>  <span class="keywordflow">if</span> ((step * 2) >= (hi - lo) && hi < 84) {</div>
|
|
|
|
|
<div class="line"><a name="l00791"></a><span class="lineno"> 791</span>  <span class="comment">// The next recursion down is a leaf, so unroll a little.</span></div>
|
|
|
|
|
<div class="line"><a name="l00792"></a><span class="lineno"> 792</span>  compare_and_swap(x, lo, lo + step);</div>
|
|
|
|
|
<div class="line"><a name="l00793"></a><span class="lineno"> 793</span>  compare_and_swap(x, lo + r, lo + r + step);</div>
|
|
|
|
|
<div class="line"><a name="l00794"></a><span class="lineno"> 794</span>  compare_and_swap(x, lo + r, lo + step);</div>
|
|
|
|
|
<div class="line"><a name="l00795"></a><span class="lineno"> 795</span>  <span class="keywordflow">return</span>;</div>
|
|
|
|
|
<div class="line"><a name="l00796"></a><span class="lineno"> 796</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00797"></a><span class="lineno"> 797</span>  oddeven_merge(x, lo, hi, step);</div>
|
|
|
|
|
<div class="line"><a name="l00798"></a><span class="lineno"> 798</span>  oddeven_merge(x, lo + r, hi, step);</div>
|
|
|
|
|
<div class="line"><a name="l00799"></a><span class="lineno"> 799</span>  <span class="keywordflow">for</span> (i = lo + r; i < (hi - r) && (i + r) < 84; i += step) {</div>
|
|
|
|
|
<div class="line"><a name="l00800"></a><span class="lineno"> 800</span>  compare_and_swap(x, i, i + r);</div>
|
|
|
|
|
<div class="line"><a name="l00801"></a><span class="lineno"> 801</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00802"></a><span class="lineno"> 802</span>  } <span class="keywordflow">else</span> <span class="keywordflow">if</span> ((lo + r) < 84) {</div>
|
|
|
|
|
<div class="line"><a name="l00803"></a><span class="lineno"> 803</span>  compare_and_swap(x, lo, lo + r);</div>
|
|
|
|
|
<div class="line"><a name="l00804"></a><span class="lineno"> 804</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00805"></a><span class="lineno"> 805</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00806"></a><span class="lineno"> 806</span> <span class="keyword">static</span> <span class="keywordtype">void</span> oddeven_merge_sort_range(uint16_t *x, <span class="keywordtype">unsigned</span> lo, <span class="keywordtype">unsigned</span> hi)</div>
|
|
|
|
|
<div class="line"><a name="l00807"></a><span class="lineno"> 807</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00808"></a><span class="lineno"> 808</span>  <span class="keywordflow">if</span> (lo == hi || lo >= 84)</div>
|
|
|
|
|
<div class="line"><a name="l00809"></a><span class="lineno"> 809</span>  <span class="keywordflow">return</span>;</div>
|
|
|
|
|
<div class="line"><a name="l00810"></a><span class="lineno"> 810</span>  <span class="keywordtype">unsigned</span> mid = lo + ((hi - lo) / 2);</div>
|
|
|
|
|
<div class="line"><a name="l00811"></a><span class="lineno"> 811</span>  <span class="keywordflow">if</span> ((hi - lo) == 3 && hi < 84) {</div>
|
|
|
|
|
<div class="line"><a name="l00812"></a><span class="lineno"> 812</span>  <span class="comment">// Optimization for sub lists of size 4. Unroll the comparisons.</span></div>
|
|
|
|
|
<div class="line"><a name="l00813"></a><span class="lineno"> 813</span>  int32_t c;</div>
|
|
|
|
|
<div class="line"><a name="l00814"></a><span class="lineno"> 814</span>  uint16_t t;</div>
|
|
|
|
|
<div class="line"><a name="l00815"></a><span class="lineno"> 815</span>  compare_and_swap(x, lo , lo + 1);</div>
|
|
|
|
|
<div class="line"><a name="l00816"></a><span class="lineno"> 816</span>  compare_and_swap(x, lo + 2, lo + 3);</div>
|
|
|
|
|
<div class="line"><a name="l00817"></a><span class="lineno"> 817</span>  compare_and_swap(x, lo , lo + 2);</div>
|
|
|
|
|
<div class="line"><a name="l00818"></a><span class="lineno"> 818</span>  compare_and_swap(x, lo + 1, lo + 3);</div>
|
|
|
|
|
<div class="line"><a name="l00819"></a><span class="lineno"> 819</span>  compare_and_swap(x, lo + 1, lo + 2);</div>
|
|
|
|
|
<div class="line"><a name="l00820"></a><span class="lineno"> 820</span>  <span class="keywordflow">return</span>;</div>
|
|
|
|
|
<div class="line"><a name="l00821"></a><span class="lineno"> 821</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00822"></a><span class="lineno"> 822</span>  oddeven_merge_sort_range(x, lo, mid);</div>
|
|
|
|
|
<div class="line"><a name="l00823"></a><span class="lineno"> 823</span>  oddeven_merge_sort_range(x, mid + 1, hi);</div>
|
|
|
|
|
<div class="line"><a name="l00824"></a><span class="lineno"> 824</span>  oddeven_merge(x, lo, hi, 1);</div>
|
|
|
|
|
<div class="line"><a name="l00825"></a><span class="lineno"> 825</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00826"></a><span class="lineno"> 826</span> <span class="keyword">static</span> <span class="keywordtype">void</span> batcher84(uint16_t *x)</div>
|
|
|
|
|
<div class="line"><a name="l00827"></a><span class="lineno"> 827</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00828"></a><span class="lineno"> 828</span>  <span class="comment">// Batcher sort is defined over a power of two list size but 84</span></div>
|
|
|
|
|
<div class="line"><a name="l00829"></a><span class="lineno"> 829</span>  <span class="comment">// is not a power of two. Round up to the next power of two and</span></div>
|
|
|
|
|
<div class="line"><a name="l00830"></a><span class="lineno"> 830</span>  <span class="comment">// then ignore any swap with an index that is out of range.</span></div>
|
|
|
|
|
<div class="line"><a name="l00831"></a><span class="lineno"> 831</span>  oddeven_merge_sort_range(x, 0, 127);</div>
|
|
|
|
|
<div class="line"><a name="l00832"></a><span class="lineno"> 832</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00833"></a><span class="lineno"> 833</span> </div>
|
|
|
|
|
<div class="line"><a name="l00834"></a><span class="lineno"> 834</span> <span class="keyword">static</span> <span class="keywordtype">int</span> discardtopoly(uint16_t *x)</div>
|
|
|
|
|
<div class="line"><a name="l00835"></a><span class="lineno"> 835</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00836"></a><span class="lineno"> 836</span>  int32_t i, r=0;</div>
|
|
|
|
|
<div class="line"><a name="l00837"></a><span class="lineno"> 837</span> </div>
|
|
|
|
|
<div class="line"><a name="l00838"></a><span class="lineno"> 838</span>  <span class="keywordflow">for</span>(i=0;i<16;i++)</div>
|
|
|
|
|
<div class="line"><a name="l00839"></a><span class="lineno"> 839</span>  batcher84(x+i);</div>
|
|
|
|
|
<div class="line"><a name="l00840"></a><span class="lineno"> 840</span> </div>
|
|
|
|
|
<div class="line"><a name="l00841"></a><span class="lineno"> 841</span>  <span class="comment">// Check whether we're safe:</span></div>
|
|
|
|
|
<div class="line"><a name="l00842"></a><span class="lineno"> 842</span>  <span class="keywordflow">for</span>(i=1008;i<1024;i++)</div>
|
|
|
|
|
<div class="line"><a name="l00843"></a><span class="lineno"> 843</span>  r |= 61444 - x[i];</div>
|
|
|
|
|
<div class="line"><a name="l00844"></a><span class="lineno"> 844</span>  <span class="keywordflow">if</span>(r >>= 31) <span class="keywordflow">return</span> -1;</div>
|
|
|
|
|
<div class="line"><a name="l00845"></a><span class="lineno"> 845</span> </div>
|
|
|
|
|
<div class="line"><a name="l00846"></a><span class="lineno"> 846</span>  <span class="keywordflow">return</span> 0;</div>
|
|
|
|
|
<div class="line"><a name="l00847"></a><span class="lineno"> 847</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00848"></a><span class="lineno"> 848</span> </div>
|
|
|
|
|
<div class="line"><a name="l00849"></a><span class="lineno"> 849</span> <span class="preprocessor">#endif // NEWHOPE_TORREF</span></div>
|
|
|
|
|
<div class="line"><a name="l00850"></a><span class="lineno"> 850</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00851"></a><span class="lineno"> 851</span> <span class="comment">// End of public domain code imported from the C reference code.</span></div>
|
|
|
|
|
<div class="line"><a name="l00852"></a><span class="lineno"> 852</span>  </div>
|
|
|
|
|
<div class="line"><a name="l00853"></a><span class="lineno"> 853</span> <span class="comment">// Formats the ChaCha20 input block using a key and nonce.</span></div>
|
|
|
|
|
<div class="line"><a name="l00854"></a><span class="lineno"> 854</span> <span class="keyword">static</span> <span class="keywordtype">void</span> crypto_chacha20_set_key(uint32_t *block, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *k, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *n)</div>
|
|
|
|
|
<div class="line"><a name="l00855"></a><span class="lineno"> 855</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00856"></a><span class="lineno"> 856</span>  <span class="keyword">static</span> <span class="keyword">const</span> <span class="keywordtype">char</span> tag256[] = <span class="stringliteral">"expand 32-byte k"</span>;</div>
|
|
|
|
|
<div class="line"><a name="l00857"></a><span class="lineno"> 857</span>  memcpy(block, tag256, 16);</div>
|
|
|
|
|
<div class="line"><a name="l00858"></a><span class="lineno"> 858</span>  memcpy(block + 4, k, 32);</div>
|
|
|
|
|
<div class="line"><a name="l00859"></a><span class="lineno"> 859</span>  memset(block + 12, 0, 8);</div>
|
|
|
|
|
<div class="line"><a name="l00860"></a><span class="lineno"> 860</span>  <span class="keywordflow">if</span> (n)</div>
|
|
|
|
|
<div class="line"><a name="l00861"></a><span class="lineno"> 861</span>  memcpy(block + 14, n, 8);</div>
|
|
|
|
|
<div class="line"><a name="l00862"></a><span class="lineno"> 862</span>  <span class="keywordflow">else</span></div>
|
|
|
|
|
<div class="line"><a name="l00863"></a><span class="lineno"> 863</span>  memset(block + 14, 0, 8);</div>
|
|
|
|
|
<div class="line"><a name="l00864"></a><span class="lineno"> 864</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00865"></a><span class="lineno"> 865</span> </div>
|
|
|
|
|
<div class="line"><a name="l00866"></a><span class="lineno"> 866</span> <span class="keyword">static</span> <span class="keywordtype">void</span> poly_uniform(uint16_t *a, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *seed)</div>
|
|
|
|
|
<div class="line"><a name="l00867"></a><span class="lineno"> 867</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00868"></a><span class="lineno"> 868</span>  <a class="code" href="classSHAKE128.html">SHAKE128</a> shake;</div>
|
|
|
|
|
<div class="line"><a name="l00869"></a><span class="lineno"> 869</span>  <span class="keywordtype">int</span> ctr = 0;</div>
|
|
|
|
|
<div class="line"><a name="l00870"></a><span class="lineno"> 870</span>  <span class="keywordtype">int</span> posn = PARAM_N;</div>
|
|
|
|
|
<div class="line"><a name="l00871"></a><span class="lineno"> 871</span>  uint16_t val;</div>
|
|
|
|
|
<div class="line"><a name="l00872"></a><span class="lineno"> 872</span> </div>
|
|
|
|
|
<div class="line"><a name="l00873"></a><span class="lineno"> 873</span>  <span class="comment">// Absorb the seed material into the SHAKE128 object.</span></div>
|
|
|
|
|
<div class="line"><a name="l00874"></a><span class="lineno"> 874</span>  shake.<a class="code" href="classSHAKE.html#aa6f3a32427433aabe20adccb6994a4aa">update</a>(seed, NEWHOPE_SEEDBYTES);</div>
|
|
|
|
|
<div class="line"><a name="l00875"></a><span class="lineno"> 875</span> </div>
|
|
|
|
|
<div class="line"><a name="l00876"></a><span class="lineno"> 876</span>  <span class="keywordflow">while</span> (ctr < PARAM_N) {</div>
|
|
|
|
|
<div class="line"><a name="l00877"></a><span class="lineno"> 877</span>  <span class="comment">// Extract data from the SHAKE128 object directly into "a".</span></div>
|
|
|
|
|
<div class="line"><a name="l00878"></a><span class="lineno"> 878</span>  <span class="keywordflow">if</span> (posn >= PARAM_N) {</div>
|
|
|
|
|
<div class="line"><a name="l00879"></a><span class="lineno"> 879</span>  shake.<a class="code" href="classSHAKE.html#ac3fe37617644e3498d40a86e846562fb">extend</a>((uint8_t *)(a + ctr),</div>
|
|
|
|
|
<div class="line"><a name="l00880"></a><span class="lineno"> 880</span>  (PARAM_N - ctr) * <span class="keyword">sizeof</span>(uint16_t));</div>
|
|
|
|
|
<div class="line"><a name="l00881"></a><span class="lineno"> 881</span>  posn = ctr;</div>
|
|
|
|
|
<div class="line"><a name="l00882"></a><span class="lineno"> 882</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00883"></a><span class="lineno"> 883</span> </div>
|
|
|
|
|
<div class="line"><a name="l00884"></a><span class="lineno"> 884</span>  <span class="comment">// Process as much of the data as we can, discarding values</span></div>
|
|
|
|
|
<div class="line"><a name="l00885"></a><span class="lineno"> 885</span>  <span class="comment">// that are greater than or equal to 5 * PARAM_Q.</span></div>
|
|
|
|
|
<div class="line"><a name="l00886"></a><span class="lineno"> 886</span>  <span class="keywordflow">while</span> (posn < PARAM_N) {</div>
|
|
|
|
|
<div class="line"><a name="l00887"></a><span class="lineno"> 887</span>  val = a[posn++];</div>
|
|
|
|
|
<div class="line"><a name="l00888"></a><span class="lineno"> 888</span>  <span class="keywordflow">if</span> (val < (5 * PARAM_Q))</div>
|
|
|
|
|
<div class="line"><a name="l00889"></a><span class="lineno"> 889</span>  a[ctr++] = val;</div>
|
|
|
|
|
<div class="line"><a name="l00890"></a><span class="lineno"> 890</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00891"></a><span class="lineno"> 891</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00892"></a><span class="lineno"> 892</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00893"></a><span class="lineno"> 893</span> </div>
|
|
|
|
|
<div class="line"><a name="l00894"></a><span class="lineno"> 894</span> <span class="preprocessor">#if NEWHOPE_TORREF</span></div>
|
|
|
|
|
<div class="line"><a name="l00895"></a><span class="lineno"> 895</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00896"></a><span class="lineno"> 896</span> <span class="comment">// Extended version of NewHopePoly that can hold the complete</span></div>
|
|
|
|
|
<div class="line"><a name="l00897"></a><span class="lineno"> 897</span> <span class="comment">// intermediate state for poly_uniform_torref(). This allows us</span></div>
|
|
|
|
|
<div class="line"><a name="l00898"></a><span class="lineno"> 898</span> <span class="comment">// to generate the polynomial in-place and save 2k of stack space.</span></div>
|
|
|
|
|
<div class="line"><a name="l00899"></a><span class="lineno"> 899</span> <span class="keyword">class </span>NewHopePolyExtended</div>
|
|
|
|
|
<div class="line"><a name="l00900"></a><span class="lineno"> 900</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00901"></a><span class="lineno"> 901</span> <span class="keyword">public</span>:</div>
|
|
|
|
|
<div class="line"><a name="l00902"></a><span class="lineno"> 902</span>  ~NewHopePolyExtended() { clean(coeffs); }</div>
|
|
|
|
|
<div class="line"><a name="l00903"></a><span class="lineno"> 903</span> </div>
|
|
|
|
|
<div class="line"><a name="l00904"></a><span class="lineno"> 904</span>  uint16_t coeffs[84 * 16];</div>
|
|
|
|
|
<div class="line"><a name="l00905"></a><span class="lineno"> 905</span> };</div>
|
|
|
|
|
<div class="line"><a name="l00906"></a><span class="lineno"> 906</span> </div>
|
|
|
|
|
<div class="line"><a name="l00907"></a><span class="lineno"> 907</span> <span class="keyword">static</span> <span class="keywordtype">void</span> poly_uniform_torref(uint16_t *a, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *seed)</div>
|
|
|
|
|
<div class="line"><a name="l00908"></a><span class="lineno"> 908</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00909"></a><span class="lineno"> 909</span>  <a class="code" href="classSHAKE128.html">SHAKE128</a> shake;</div>
|
|
|
|
|
<div class="line"><a name="l00910"></a><span class="lineno"> 910</span>  shake.<a class="code" href="classSHAKE.html#aa6f3a32427433aabe20adccb6994a4aa">update</a>(seed, 32);</div>
|
|
|
|
|
<div class="line"><a name="l00911"></a><span class="lineno"> 911</span>  <span class="keywordflow">do</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00912"></a><span class="lineno"> 912</span>  shake.<a class="code" href="classSHAKE.html#ac3fe37617644e3498d40a86e846562fb">extend</a>((uint8_t *)a, 84 * 16 * <span class="keyword">sizeof</span>(uint16_t));</div>
|
|
|
|
|
<div class="line"><a name="l00913"></a><span class="lineno"> 913</span>  } <span class="keywordflow">while</span> (discardtopoly(a));</div>
|
|
|
|
|
<div class="line"><a name="l00914"></a><span class="lineno"> 914</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00915"></a><span class="lineno"> 915</span> </div>
|
|
|
|
|
<div class="line"><a name="l00916"></a><span class="lineno"> 916</span> <span class="preprocessor">#else // !NEWHOPE_TORREF</span></div>
|
|
|
|
|
<div class="line"><a name="l00917"></a><span class="lineno"> 917</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00918"></a><span class="lineno"> 918</span> <span class="keyword">typedef</span> <a class="code" href="classNewHopePoly.html">NewHopePoly</a> NewHopePolyExtended;</div>
|
|
|
|
|
<div class="line"><a name="l00919"></a><span class="lineno"> 919</span> </div>
|
|
|
|
|
<div class="line"><a name="l00920"></a><span class="lineno"> 920</span> <span class="keyword">static</span> <span class="keywordtype">void</span> poly_uniform_torref(uint16_t *a, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *seed)</div>
|
|
|
|
|
<div class="line"><a name="l00921"></a><span class="lineno"> 921</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00922"></a><span class="lineno"> 922</span>  poly_uniform(a, seed);</div>
|
|
|
|
|
<div class="line"><a name="l00923"></a><span class="lineno"> 923</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00924"></a><span class="lineno"> 924</span> </div>
|
|
|
|
|
<div class="line"><a name="l00925"></a><span class="lineno"> 925</span> <span class="preprocessor">#endif // NEWHOPE_TORREF</span></div>
|
|
|
|
|
<div class="line"><a name="l00926"></a><span class="lineno"> 926</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00927"></a><span class="lineno"> 927</span> <span class="keyword">static</span> <span class="keywordtype">void</span> poly_getnoise(uint16_t *r, <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *seed, <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> nonce)</div>
|
|
|
|
|
<div class="line"><a name="l00928"></a><span class="lineno"> 928</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00929"></a><span class="lineno"> 929</span>  uint32_t input[16];</div>
|
|
|
|
|
<div class="line"><a name="l00930"></a><span class="lineno"> 930</span>  uint32_t buf[16];</div>
|
|
|
|
|
<div class="line"><a name="l00931"></a><span class="lineno"> 931</span>  <span class="keywordtype">int</span> i, j;</div>
|
|
|
|
|
<div class="line"><a name="l00932"></a><span class="lineno"> 932</span>  uint32_t a, b;</div>
|
|
|
|
|
<div class="line"><a name="l00933"></a><span class="lineno"> 933</span> </div>
|
|
|
|
|
<div class="line"><a name="l00934"></a><span class="lineno"> 934</span>  <span class="comment">// Note: The rest of this function assumes that we are running on a</span></div>
|
|
|
|
|
<div class="line"><a name="l00935"></a><span class="lineno"> 935</span>  <span class="comment">// little-endian CPU. Since we're generating random noise from a</span></div>
|
|
|
|
|
<div class="line"><a name="l00936"></a><span class="lineno"> 936</span>  <span class="comment">// random seed, it doesn't actually matter what the endian-ness is</span></div>
|
|
|
|
|
<div class="line"><a name="l00937"></a><span class="lineno"> 937</span>  <span class="comment">// as it will be just as random in both directions. It's only a</span></div>
|
|
|
|
|
<div class="line"><a name="l00938"></a><span class="lineno"> 938</span>  <span class="comment">// problem for verifying fixed test vectors.</span></div>
|
|
|
|
|
<div class="line"><a name="l00939"></a><span class="lineno"> 939</span> </div>
|
|
|
|
|
<div class="line"><a name="l00940"></a><span class="lineno"> 940</span>  crypto_chacha20_set_key(input, seed, 0);</div>
|
|
|
|
|
<div class="line"><a name="l00941"></a><span class="lineno"> 941</span>  input[14] = nonce; <span class="comment">// Assumes little-endian.</span></div>
|
|
|
|
|
<div class="line"><a name="l00942"></a><span class="lineno"> 942</span> </div>
|
|
|
|
|
<div class="line"><a name="l00943"></a><span class="lineno"> 943</span>  <span class="keywordflow">for</span> (i = 0; i < PARAM_N; ++i) {</div>
|
|
|
|
|
<div class="line"><a name="l00944"></a><span class="lineno"> 944</span>  <span class="comment">// Generate a new block of random data if necessary.</span></div>
|
|
|
|
|
<div class="line"><a name="l00945"></a><span class="lineno"> 945</span>  j = i % 16;</div>
|
|
|
|
|
<div class="line"><a name="l00946"></a><span class="lineno"> 946</span>  <span class="keywordflow">if</span> (j == 0) {</div>
|
|
|
|
|
<div class="line"><a name="l00947"></a><span class="lineno"> 947</span>  <a class="code" href="classChaCha.html#a41ac3262e52ff49dcd916d0b3b2e2038">ChaCha::hashCore</a>(buf, input, 20);</div>
|
|
|
|
|
<div class="line"><a name="l00948"></a><span class="lineno"> 948</span>  ++(input[12]); <span class="comment">// Assumes little-endian.</span></div>
|
|
|
|
|
<div class="line"><a name="l00949"></a><span class="lineno"> 949</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00950"></a><span class="lineno"> 950</span> </div>
|
|
|
|
|
<div class="line"><a name="l00951"></a><span class="lineno"> 951</span>  <span class="comment">// This is a slightly more efficient way to count bits than in</span></div>
|
|
|
|
|
<div class="line"><a name="l00952"></a><span class="lineno"> 952</span>  <span class="comment">// the reference C implementation. The technique is from:</span></div>
|
|
|
|
|
<div class="line"><a name="l00953"></a><span class="lineno"> 953</span>  <span class="comment">// https://graphics.stanford.edu/~seander/bithacks.html#CountBitsSetParallel</span></div>
|
|
|
|
|
<div class="line"><a name="l00954"></a><span class="lineno"> 954</span>  a = buf[j] & 0xFFFF; <span class="comment">// Assumes little-endian.</span></div>
|
|
|
|
|
<div class="line"><a name="l00955"></a><span class="lineno"> 955</span>  a = a - ((a >> 1) & 0x5555);</div>
|
|
|
|
|
<div class="line"><a name="l00956"></a><span class="lineno"> 956</span>  a = (a & 0x3333) + ((a >> 2) & 0x3333);</div>
|
|
|
|
|
<div class="line"><a name="l00957"></a><span class="lineno"> 957</span>  a = ((a >> 4) + a) & 0x0F0F;</div>
|
|
|
|
|
<div class="line"><a name="l00958"></a><span class="lineno"> 958</span>  a = ((a >> 8) + a) & 0x00FF;</div>
|
|
|
|
|
<div class="line"><a name="l00959"></a><span class="lineno"> 959</span> </div>
|
|
|
|
|
<div class="line"><a name="l00960"></a><span class="lineno"> 960</span>  b = (buf[j] >> 16) & 0xFFFF; <span class="comment">// Assumes little-endian.</span></div>
|
|
|
|
|
<div class="line"><a name="l00961"></a><span class="lineno"> 961</span>  b = b - ((b >> 1) & 0x5555);</div>
|
|
|
|
|
<div class="line"><a name="l00962"></a><span class="lineno"> 962</span>  b = (b & 0x3333) + ((b >> 2) & 0x3333);</div>
|
|
|
|
|
<div class="line"><a name="l00963"></a><span class="lineno"> 963</span>  b = ((b >> 4) + b) & 0x0F0F;</div>
|
|
|
|
|
<div class="line"><a name="l00964"></a><span class="lineno"> 964</span>  b = ((b >> 8) + b) & 0x00FF;</div>
|
|
|
|
|
<div class="line"><a name="l00965"></a><span class="lineno"> 965</span> </div>
|
|
|
|
|
<div class="line"><a name="l00966"></a><span class="lineno"> 966</span> <span class="preprocessor">#if NEWHOPE_TORREF</span></div>
|
|
|
|
|
<div class="line"><a name="l00967"></a><span class="lineno"> 967</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00968"></a><span class="lineno"> 968</span> <span class="comment">// Extended version of NewHopePoly that can hold the complete</span></div>
|
|
|
|
|
<div class="line"><a name="l00969"></a><span class="lineno"> 969</span> <span class="comment">// intermediate state for poly_uniform_torref(). This allows us</span></div>
|
|
|
|
|
<div class="line"><a name="l00970"></a><span class="lineno"> 970</span> <span class="comment">// to generate the polynomial in-place and save 2k of stack space.</span></div>
|
|
|
|
|
<div class="line"><a name="l00971"></a><span class="lineno"> 971</span> <span class="keyword">class </span>NewHopePolyExtended</div>
|
|
|
|
|
<div class="line"><a name="l00972"></a><span class="lineno"> 972</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00973"></a><span class="lineno"> 973</span> <span class="keyword">public</span>:</div>
|
|
|
|
|
<div class="line"><a name="l00974"></a><span class="lineno"> 974</span>  ~NewHopePolyExtended() { clean(coeffs); }</div>
|
|
|
|
|
<div class="line"><a name="l00975"></a><span class="lineno"> 975</span> </div>
|
|
|
|
|
<div class="line"><a name="l00976"></a><span class="lineno"> 976</span>  uint16_t coeffs[84 * 16];</div>
|
|
|
|
|
<div class="line"><a name="l00977"></a><span class="lineno"> 977</span> };</div>
|
|
|
|
|
<div class="line"><a name="l00978"></a><span class="lineno"> 978</span> </div>
|
|
|
|
|
<div class="line"><a name="l00979"></a><span class="lineno"> 979</span> <span class="keyword">static</span> <span class="keywordtype">void</span> poly_uniform_torref(uint16_t *a, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *seed)</div>
|
|
|
|
|
<div class="line"><a name="l00980"></a><span class="lineno"> 980</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00981"></a><span class="lineno"> 981</span>  <a class="code" href="classSHAKE128.html">SHAKE128</a> shake;</div>
|
|
|
|
|
<div class="line"><a name="l00982"></a><span class="lineno"> 982</span>  shake.<a class="code" href="classSHAKE.html#aa6f3a32427433aabe20adccb6994a4aa">update</a>(seed, 32);</div>
|
|
|
|
|
<div class="line"><a name="l00983"></a><span class="lineno"> 983</span>  <span class="keywordflow">do</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00984"></a><span class="lineno"> 984</span>  shake.<a class="code" href="classSHAKE.html#ac3fe37617644e3498d40a86e846562fb">extend</a>((uint8_t *)a, 84 * 16 * <span class="keyword">sizeof</span>(uint16_t));</div>
|
|
|
|
|
<div class="line"><a name="l00985"></a><span class="lineno"> 985</span>  } <span class="keywordflow">while</span> (discardtopoly(a));</div>
|
|
|
|
|
<div class="line"><a name="l00986"></a><span class="lineno"> 986</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00987"></a><span class="lineno"> 987</span> </div>
|
|
|
|
|
<div class="line"><a name="l00988"></a><span class="lineno"> 988</span> <span class="preprocessor">#else // !NEWHOPE_TORREF</span></div>
|
|
|
|
|
<div class="line"><a name="l00989"></a><span class="lineno"> 989</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00990"></a><span class="lineno"> 990</span> <span class="keyword">typedef</span> <a class="code" href="classNewHopePoly.html">NewHopePoly</a> NewHopePolyExtended;</div>
|
|
|
|
|
<div class="line"><a name="l00991"></a><span class="lineno"> 991</span> </div>
|
|
|
|
|
<div class="line"><a name="l00992"></a><span class="lineno"> 992</span> <span class="keyword">static</span> <span class="keywordtype">void</span> poly_uniform_torref(uint16_t *a, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *seed)</div>
|
|
|
|
|
<div class="line"><a name="l00966"></a><span class="lineno"> 966</span>  r[i] = a + PARAM_Q - b;</div>
|
|
|
|
|
<div class="line"><a name="l00967"></a><span class="lineno"> 967</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l00968"></a><span class="lineno"> 968</span> </div>
|
|
|
|
|
<div class="line"><a name="l00969"></a><span class="lineno"> 969</span>  clean(input);</div>
|
|
|
|
|
<div class="line"><a name="l00970"></a><span class="lineno"> 970</span>  clean(buf);</div>
|
|
|
|
|
<div class="line"><a name="l00971"></a><span class="lineno"> 971</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00972"></a><span class="lineno"> 972</span> </div>
|
|
|
|
|
<div class="line"><a name="l00973"></a><span class="lineno"> 973</span> <span class="keyword">static</span> <span class="keywordtype">void</span> sha3256(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *output, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *input, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> inputByteLen)</div>
|
|
|
|
|
<div class="line"><a name="l00974"></a><span class="lineno"> 974</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00975"></a><span class="lineno"> 975</span>  <a class="code" href="classSHA3__256.html">SHA3_256</a> sha3;</div>
|
|
|
|
|
<div class="line"><a name="l00976"></a><span class="lineno"> 976</span>  sha3.<a class="code" href="classSHA3__256.html#a8356957ea403c5da326fc6899b91ea71">update</a>(input, inputByteLen);</div>
|
|
|
|
|
<div class="line"><a name="l00977"></a><span class="lineno"> 977</span>  sha3.<a class="code" href="classSHA3__256.html#a8fe7cad1f83bd1bae1a0d521324247a1">finalize</a>(output, 32);</div>
|
|
|
|
|
<div class="line"><a name="l00978"></a><span class="lineno"> 978</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00979"></a><span class="lineno"> 979</span> </div>
|
|
|
|
|
<div class="line"><a name="l00985"></a><span class="lineno"><a class="line" href="classNewHopePoly.html#aec9804046c753436ffbe88afd175bb39"> 985</a></span> <a class="code" href="classNewHopePoly.html#aec9804046c753436ffbe88afd175bb39">NewHopePoly::NewHopePoly</a>()</div>
|
|
|
|
|
<div class="line"><a name="l00986"></a><span class="lineno"> 986</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00987"></a><span class="lineno"> 987</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00988"></a><span class="lineno"> 988</span> </div>
|
|
|
|
|
<div class="line"><a name="l00992"></a><span class="lineno"><a class="line" href="classNewHopePoly.html#ad7c3c83cb078be4e6f136eeea7e21250"> 992</a></span> <a class="code" href="classNewHopePoly.html#ad7c3c83cb078be4e6f136eeea7e21250">NewHopePoly::~NewHopePoly</a>()</div>
|
|
|
|
|
<div class="line"><a name="l00993"></a><span class="lineno"> 993</span> {</div>
|
|
|
|
|
<div class="line"><a name="l00994"></a><span class="lineno"> 994</span>  poly_uniform(a, seed);</div>
|
|
|
|
|
<div class="line"><a name="l00994"></a><span class="lineno"> 994</span>  clean(coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l00995"></a><span class="lineno"> 995</span> }</div>
|
|
|
|
|
<div class="line"><a name="l00996"></a><span class="lineno"> 996</span> </div>
|
|
|
|
|
<div class="line"><a name="l00997"></a><span class="lineno"> 997</span> <span class="preprocessor">#endif // NEWHOPE_TORREF</span></div>
|
|
|
|
|
<div class="line"><a name="l00998"></a><span class="lineno"> 998</span> <span class="preprocessor"></span></div>
|
|
|
|
|
<div class="line"><a name="l00999"></a><span class="lineno"> 999</span> <span class="keyword">static</span> <span class="keywordtype">void</span> poly_getnoise(uint16_t *r, <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *seed, <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> nonce)</div>
|
|
|
|
|
<div class="line"><a name="l01000"></a><span class="lineno"> 1000</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01001"></a><span class="lineno"> 1001</span>  uint32_t input[16];</div>
|
|
|
|
|
<div class="line"><a name="l01002"></a><span class="lineno"> 1002</span>  uint32_t buf[16];</div>
|
|
|
|
|
<div class="line"><a name="l01003"></a><span class="lineno"> 1003</span>  <span class="keywordtype">int</span> i, j;</div>
|
|
|
|
|
<div class="line"><a name="l01004"></a><span class="lineno"> 1004</span>  uint32_t a, b;</div>
|
|
|
|
|
<div class="line"><a name="l01005"></a><span class="lineno"> 1005</span> </div>
|
|
|
|
|
<div class="line"><a name="l01006"></a><span class="lineno"> 1006</span>  <span class="comment">// Note: The rest of this function assumes that we are running on a</span></div>
|
|
|
|
|
<div class="line"><a name="l01007"></a><span class="lineno"> 1007</span>  <span class="comment">// little-endian CPU. Since we're generating random noise from a</span></div>
|
|
|
|
|
<div class="line"><a name="l01008"></a><span class="lineno"> 1008</span>  <span class="comment">// random seed, it doesn't actually matter what the endian-ness is</span></div>
|
|
|
|
|
<div class="line"><a name="l01009"></a><span class="lineno"> 1009</span>  <span class="comment">// as it will be just as random in both directions. It's only a</span></div>
|
|
|
|
|
<div class="line"><a name="l01010"></a><span class="lineno"> 1010</span>  <span class="comment">// problem for verifying fixed test vectors.</span></div>
|
|
|
|
|
<div class="line"><a name="l01011"></a><span class="lineno"> 1011</span> </div>
|
|
|
|
|
<div class="line"><a name="l01012"></a><span class="lineno"> 1012</span>  crypto_chacha20_set_key(input, seed, 0);</div>
|
|
|
|
|
<div class="line"><a name="l01013"></a><span class="lineno"> 1013</span>  input[14] = nonce; <span class="comment">// Assumes little-endian.</span></div>
|
|
|
|
|
<div class="line"><a name="l01014"></a><span class="lineno"> 1014</span> </div>
|
|
|
|
|
<div class="line"><a name="l01015"></a><span class="lineno"> 1015</span>  <span class="keywordflow">for</span> (i = 0; i < PARAM_N; ++i) {</div>
|
|
|
|
|
<div class="line"><a name="l01016"></a><span class="lineno"> 1016</span>  <span class="comment">// Generate a new block of random data if necessary.</span></div>
|
|
|
|
|
<div class="line"><a name="l01017"></a><span class="lineno"> 1017</span>  j = i % 16;</div>
|
|
|
|
|
<div class="line"><a name="l01018"></a><span class="lineno"> 1018</span>  <span class="keywordflow">if</span> (j == 0) {</div>
|
|
|
|
|
<div class="line"><a name="l01019"></a><span class="lineno"> 1019</span>  <a class="code" href="classChaCha.html#a41ac3262e52ff49dcd916d0b3b2e2038">ChaCha::hashCore</a>(buf, input, 20);</div>
|
|
|
|
|
<div class="line"><a name="l01020"></a><span class="lineno"> 1020</span>  ++(input[12]); <span class="comment">// Assumes little-endian.</span></div>
|
|
|
|
|
<div class="line"><a name="l01021"></a><span class="lineno"> 1021</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l01022"></a><span class="lineno"> 1022</span> </div>
|
|
|
|
|
<div class="line"><a name="l01023"></a><span class="lineno"> 1023</span>  <span class="comment">// This is a slightly more efficient way to count bits than in</span></div>
|
|
|
|
|
<div class="line"><a name="l01024"></a><span class="lineno"> 1024</span>  <span class="comment">// the reference C implementation. The technique is from:</span></div>
|
|
|
|
|
<div class="line"><a name="l01025"></a><span class="lineno"> 1025</span>  <span class="comment">// https://graphics.stanford.edu/~seander/bithacks.html#CountBitsSetParallel</span></div>
|
|
|
|
|
<div class="line"><a name="l01026"></a><span class="lineno"> 1026</span>  a = buf[j] & 0xFFFF; <span class="comment">// Assumes little-endian.</span></div>
|
|
|
|
|
<div class="line"><a name="l01027"></a><span class="lineno"> 1027</span>  a = a - ((a >> 1) & 0x5555);</div>
|
|
|
|
|
<div class="line"><a name="l01028"></a><span class="lineno"> 1028</span>  a = (a & 0x3333) + ((a >> 2) & 0x3333);</div>
|
|
|
|
|
<div class="line"><a name="l01029"></a><span class="lineno"> 1029</span>  a = ((a >> 4) + a) & 0x0F0F;</div>
|
|
|
|
|
<div class="line"><a name="l01030"></a><span class="lineno"> 1030</span>  a = ((a >> 8) + a) & 0x00FF;</div>
|
|
|
|
|
<div class="line"><a name="l01031"></a><span class="lineno"> 1031</span> </div>
|
|
|
|
|
<div class="line"><a name="l01032"></a><span class="lineno"> 1032</span>  b = (buf[j] >> 16) & 0xFFFF; <span class="comment">// Assumes little-endian.</span></div>
|
|
|
|
|
<div class="line"><a name="l01033"></a><span class="lineno"> 1033</span>  b = b - ((b >> 1) & 0x5555);</div>
|
|
|
|
|
<div class="line"><a name="l01034"></a><span class="lineno"> 1034</span>  b = (b & 0x3333) + ((b >> 2) & 0x3333);</div>
|
|
|
|
|
<div class="line"><a name="l01035"></a><span class="lineno"> 1035</span>  b = ((b >> 4) + b) & 0x0F0F;</div>
|
|
|
|
|
<div class="line"><a name="l01036"></a><span class="lineno"> 1036</span>  b = ((b >> 8) + b) & 0x00FF;</div>
|
|
|
|
|
<div class="line"><a name="l01037"></a><span class="lineno"> 1037</span> </div>
|
|
|
|
|
<div class="line"><a name="l01038"></a><span class="lineno"> 1038</span>  r[i] = a + PARAM_Q - b;</div>
|
|
|
|
|
<div class="line"><a name="l01039"></a><span class="lineno"> 1039</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l01040"></a><span class="lineno"> 1040</span> </div>
|
|
|
|
|
<div class="line"><a name="l01041"></a><span class="lineno"> 1041</span>  clean(input);</div>
|
|
|
|
|
<div class="line"><a name="l01042"></a><span class="lineno"> 1042</span>  clean(buf);</div>
|
|
|
|
|
<div class="line"><a name="l01043"></a><span class="lineno"> 1043</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01044"></a><span class="lineno"> 1044</span> </div>
|
|
|
|
|
<div class="line"><a name="l01045"></a><span class="lineno"> 1045</span> <span class="keyword">static</span> <span class="keywordtype">void</span> sha3256(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *output, <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *input, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> inputByteLen)</div>
|
|
|
|
|
<div class="line"><a name="l01046"></a><span class="lineno"> 1046</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01047"></a><span class="lineno"> 1047</span>  <a class="code" href="classSHA3__256.html">SHA3_256</a> sha3;</div>
|
|
|
|
|
<div class="line"><a name="l01048"></a><span class="lineno"> 1048</span>  sha3.<a class="code" href="classSHA3__256.html#a8356957ea403c5da326fc6899b91ea71">update</a>(input, inputByteLen);</div>
|
|
|
|
|
<div class="line"><a name="l01049"></a><span class="lineno"> 1049</span>  sha3.<a class="code" href="classSHA3__256.html#a8fe7cad1f83bd1bae1a0d521324247a1">finalize</a>(output, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01050"></a><span class="lineno"> 1050</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01051"></a><span class="lineno"> 1051</span> </div>
|
|
|
|
|
<div class="line"><a name="l01057"></a><span class="lineno"><a class="line" href="classNewHopePoly.html#aec9804046c753436ffbe88afd175bb39"> 1057</a></span> <a class="code" href="classNewHopePoly.html#aec9804046c753436ffbe88afd175bb39">NewHopePoly::NewHopePoly</a>()</div>
|
|
|
|
|
<div class="line"><a name="l01058"></a><span class="lineno"> 1058</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01059"></a><span class="lineno"> 1059</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01060"></a><span class="lineno"> 1060</span> </div>
|
|
|
|
|
<div class="line"><a name="l01064"></a><span class="lineno"><a class="line" href="classNewHopePoly.html#ad7c3c83cb078be4e6f136eeea7e21250"> 1064</a></span> <a class="code" href="classNewHopePoly.html#ad7c3c83cb078be4e6f136eeea7e21250">NewHopePoly::~NewHopePoly</a>()</div>
|
|
|
|
|
<div class="line"><a name="l01065"></a><span class="lineno"> 1065</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01066"></a><span class="lineno"> 1066</span>  clean(coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01067"></a><span class="lineno"> 1067</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01068"></a><span class="lineno"> 1068</span> </div>
|
|
|
|
|
<div class="line"><a name="l01072"></a><span class="lineno"><a class="line" href="classNewHopePoly.html#a842db1796a45ba78f279e008210df304"> 1072</a></span> <span class="keywordtype">void</span> <a class="code" href="classNewHopePoly.html#a842db1796a45ba78f279e008210df304">NewHopePoly::clear</a>()</div>
|
|
|
|
|
<div class="line"><a name="l01073"></a><span class="lineno"> 1073</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01074"></a><span class="lineno"> 1074</span>  clean(coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01075"></a><span class="lineno"> 1075</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01000"></a><span class="lineno"><a class="line" href="classNewHopePoly.html#a842db1796a45ba78f279e008210df304"> 1000</a></span> <span class="keywordtype">void</span> <a class="code" href="classNewHopePoly.html#a842db1796a45ba78f279e008210df304">NewHopePoly::clear</a>()</div>
|
|
|
|
|
<div class="line"><a name="l01001"></a><span class="lineno"> 1001</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01002"></a><span class="lineno"> 1002</span>  clean(coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01003"></a><span class="lineno"> 1003</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01004"></a><span class="lineno"> 1004</span> </div>
|
|
|
|
|
<div class="line"><a name="l01039"></a><span class="lineno"><a class="line" href="classNewHope.html#ae8f821867bce309220aee7a43c2d4f51"> 1039</a></span> <span class="keywordtype">void</span> <a class="code" href="classNewHope.html#ae8f821867bce309220aee7a43c2d4f51">NewHope::keygen</a>(uint8_t send[NEWHOPE_SENDABYTES], <a class="code" href="classNewHopePoly.html">NewHopePoly</a> &sk,</div>
|
|
|
|
|
<div class="line"><a name="l01040"></a><span class="lineno"> 1040</span>  <a class="code" href="classNewHope.html#a679601da301134f037c3a5786bd7085f">Variant</a> variant, <span class="keyword">const</span> uint8_t *random_seed)</div>
|
|
|
|
|
<div class="line"><a name="l01041"></a><span class="lineno"> 1041</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01042"></a><span class="lineno"> 1042</span>  NewHopePolyExtended a;</div>
|
|
|
|
|
<div class="line"><a name="l01043"></a><span class="lineno"> 1043</span>  <a class="code" href="classNewHopePoly.html">NewHopePoly</a> pk;</div>
|
|
|
|
|
<div class="line"><a name="l01044"></a><span class="lineno"> 1044</span>  uint8_t seed[NEWHOPE_SEEDBYTES];</div>
|
|
|
|
|
<div class="line"><a name="l01045"></a><span class="lineno"> 1045</span>  uint8_t noiseseed[32];</div>
|
|
|
|
|
<div class="line"><a name="l01046"></a><span class="lineno"> 1046</span> </div>
|
|
|
|
|
<div class="line"><a name="l01047"></a><span class="lineno"> 1047</span>  <span class="keywordflow">if</span> (!random_seed) {</div>
|
|
|
|
|
<div class="line"><a name="l01048"></a><span class="lineno"> 1048</span>  RNG.<a class="code" href="classRNGClass.html#a418a833cf18198fd7e5d6dbd78c99c29">rand</a>(seed, NEWHOPE_SEEDBYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01049"></a><span class="lineno"> 1049</span>  RNG.<a class="code" href="classRNGClass.html#a418a833cf18198fd7e5d6dbd78c99c29">rand</a>(noiseseed, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01050"></a><span class="lineno"> 1050</span>  } <span class="keywordflow">else</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01051"></a><span class="lineno"> 1051</span>  memcpy(seed, random_seed, NEWHOPE_SEEDBYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01052"></a><span class="lineno"> 1052</span>  memcpy(noiseseed, random_seed + NEWHOPE_SEEDBYTES, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01053"></a><span class="lineno"> 1053</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l01054"></a><span class="lineno"> 1054</span>  sha3256(seed, seed, NEWHOPE_SEEDBYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01055"></a><span class="lineno"> 1055</span> </div>
|
|
|
|
|
<div class="line"><a name="l01056"></a><span class="lineno"> 1056</span>  <span class="comment">// The order of calls is rearranged compared to the reference C version.</span></div>
|
|
|
|
|
<div class="line"><a name="l01057"></a><span class="lineno"> 1057</span>  <span class="comment">// This allows us to get away with two temporary poly objects (a, pk)</span></div>
|
|
|
|
|
<div class="line"><a name="l01058"></a><span class="lineno"> 1058</span>  <span class="comment">// instead of four (a, e, r, pk). This saves 4k of stack space.</span></div>
|
|
|
|
|
<div class="line"><a name="l01059"></a><span class="lineno"> 1059</span> </div>
|
|
|
|
|
<div class="line"><a name="l01060"></a><span class="lineno"> 1060</span>  <span class="keywordflow">if</span> (variant == <a class="code" href="classNewHope.html#a679601da301134f037c3a5786bd7085fa2326f3fd76345d5900834593a74f6596">Ref</a>)</div>
|
|
|
|
|
<div class="line"><a name="l01061"></a><span class="lineno"> 1061</span>  poly_uniform(a.coeffs, seed);</div>
|
|
|
|
|
<div class="line"><a name="l01062"></a><span class="lineno"> 1062</span>  <span class="keywordflow">else</span></div>
|
|
|
|
|
<div class="line"><a name="l01063"></a><span class="lineno"> 1063</span>  poly_uniform_torref(a.coeffs, seed);</div>
|
|
|
|
|
<div class="line"><a name="l01064"></a><span class="lineno"> 1064</span> </div>
|
|
|
|
|
<div class="line"><a name="l01065"></a><span class="lineno"> 1065</span>  poly_getnoise(sk.coeffs, noiseseed, 0);</div>
|
|
|
|
|
<div class="line"><a name="l01066"></a><span class="lineno"> 1066</span>  poly_ntt(sk.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01067"></a><span class="lineno"> 1067</span> </div>
|
|
|
|
|
<div class="line"><a name="l01068"></a><span class="lineno"> 1068</span>  poly_pointwise(pk.coeffs, sk.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01069"></a><span class="lineno"> 1069</span>  </div>
|
|
|
|
|
<div class="line"><a name="l01070"></a><span class="lineno"> 1070</span>  poly_getnoise(a.coeffs, noiseseed, 1);</div>
|
|
|
|
|
<div class="line"><a name="l01071"></a><span class="lineno"> 1071</span>  poly_ntt(a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01072"></a><span class="lineno"> 1072</span> </div>
|
|
|
|
|
<div class="line"><a name="l01073"></a><span class="lineno"> 1073</span>  poly_add(pk.coeffs, a.coeffs, pk.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01074"></a><span class="lineno"> 1074</span> </div>
|
|
|
|
|
<div class="line"><a name="l01075"></a><span class="lineno"> 1075</span>  encode_a(send, pk.coeffs, seed);</div>
|
|
|
|
|
<div class="line"><a name="l01076"></a><span class="lineno"> 1076</span> </div>
|
|
|
|
|
<div class="line"><a name="l01111"></a><span class="lineno"><a class="line" href="classNewHope.html#ae8f821867bce309220aee7a43c2d4f51"> 1111</a></span> <span class="keywordtype">void</span> <a class="code" href="classNewHope.html#ae8f821867bce309220aee7a43c2d4f51">NewHope::keygen</a>(uint8_t send[NEWHOPE_SENDABYTES], <a class="code" href="classNewHopePoly.html">NewHopePoly</a> &sk,</div>
|
|
|
|
|
<div class="line"><a name="l01112"></a><span class="lineno"> 1112</span>  <a class="code" href="classNewHope.html#a679601da301134f037c3a5786bd7085f">Variant</a> variant, <span class="keyword">const</span> uint8_t *random_seed)</div>
|
|
|
|
|
<div class="line"><a name="l01113"></a><span class="lineno"> 1113</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01114"></a><span class="lineno"> 1114</span>  NewHopePolyExtended a;</div>
|
|
|
|
|
<div class="line"><a name="l01115"></a><span class="lineno"> 1115</span>  <a class="code" href="classNewHopePoly.html">NewHopePoly</a> pk;</div>
|
|
|
|
|
<div class="line"><a name="l01116"></a><span class="lineno"> 1116</span>  uint8_t seed[NEWHOPE_SEEDBYTES];</div>
|
|
|
|
|
<div class="line"><a name="l01117"></a><span class="lineno"> 1117</span>  uint8_t noiseseed[32];</div>
|
|
|
|
|
<div class="line"><a name="l01118"></a><span class="lineno"> 1118</span> </div>
|
|
|
|
|
<div class="line"><a name="l01119"></a><span class="lineno"> 1119</span>  <span class="keywordflow">if</span> (!random_seed) {</div>
|
|
|
|
|
<div class="line"><a name="l01120"></a><span class="lineno"> 1120</span>  RNG.<a class="code" href="classRNGClass.html#a418a833cf18198fd7e5d6dbd78c99c29">rand</a>(seed, NEWHOPE_SEEDBYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01121"></a><span class="lineno"> 1121</span>  RNG.<a class="code" href="classRNGClass.html#a418a833cf18198fd7e5d6dbd78c99c29">rand</a>(noiseseed, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01122"></a><span class="lineno"> 1122</span>  } <span class="keywordflow">else</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01123"></a><span class="lineno"> 1123</span>  memcpy(seed, random_seed, NEWHOPE_SEEDBYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01124"></a><span class="lineno"> 1124</span>  memcpy(noiseseed, random_seed + NEWHOPE_SEEDBYTES, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01125"></a><span class="lineno"> 1125</span>  }</div>
|
|
|
|
|
<div class="line"><a name="l01126"></a><span class="lineno"> 1126</span>  sha3256(seed, seed, NEWHOPE_SEEDBYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01127"></a><span class="lineno"> 1127</span> </div>
|
|
|
|
|
<div class="line"><a name="l01128"></a><span class="lineno"> 1128</span>  <span class="comment">// The order of calls is rearranged compared to the reference C version.</span></div>
|
|
|
|
|
<div class="line"><a name="l01129"></a><span class="lineno"> 1129</span>  <span class="comment">// This allows us to get away with two temporary poly objects (a, pk)</span></div>
|
|
|
|
|
<div class="line"><a name="l01130"></a><span class="lineno"> 1130</span>  <span class="comment">// instead of four (a, e, r, pk). This saves 4k of stack space.</span></div>
|
|
|
|
|
<div class="line"><a name="l01131"></a><span class="lineno"> 1131</span> </div>
|
|
|
|
|
<div class="line"><a name="l01132"></a><span class="lineno"> 1132</span>  <span class="keywordflow">if</span> (variant == <a class="code" href="classNewHope.html#a679601da301134f037c3a5786bd7085fa2326f3fd76345d5900834593a74f6596">Ref</a>)</div>
|
|
|
|
|
<div class="line"><a name="l01133"></a><span class="lineno"> 1133</span>  poly_uniform(a.coeffs, seed);</div>
|
|
|
|
|
<div class="line"><a name="l01134"></a><span class="lineno"> 1134</span>  <span class="keywordflow">else</span></div>
|
|
|
|
|
<div class="line"><a name="l01135"></a><span class="lineno"> 1135</span>  poly_uniform_torref(a.coeffs, seed);</div>
|
|
|
|
|
<div class="line"><a name="l01136"></a><span class="lineno"> 1136</span> </div>
|
|
|
|
|
<div class="line"><a name="l01137"></a><span class="lineno"> 1137</span>  poly_getnoise(sk.coeffs, noiseseed, 0);</div>
|
|
|
|
|
<div class="line"><a name="l01138"></a><span class="lineno"> 1138</span>  poly_ntt(sk.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01139"></a><span class="lineno"> 1139</span> </div>
|
|
|
|
|
<div class="line"><a name="l01140"></a><span class="lineno"> 1140</span>  poly_pointwise(pk.coeffs, sk.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01141"></a><span class="lineno"> 1141</span>  </div>
|
|
|
|
|
<div class="line"><a name="l01142"></a><span class="lineno"> 1142</span>  poly_getnoise(a.coeffs, noiseseed, 1);</div>
|
|
|
|
|
<div class="line"><a name="l01143"></a><span class="lineno"> 1143</span>  poly_ntt(a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01077"></a><span class="lineno"> 1077</span>  clean(seed);</div>
|
|
|
|
|
<div class="line"><a name="l01078"></a><span class="lineno"> 1078</span>  clean(noiseseed);</div>
|
|
|
|
|
<div class="line"><a name="l01079"></a><span class="lineno"> 1079</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01080"></a><span class="lineno"> 1080</span> </div>
|
|
|
|
|
<div class="line"><a name="l01098"></a><span class="lineno"><a class="line" href="classNewHope.html#a2f09529f5f73cf9763c28b58b13bbd14"> 1098</a></span> <span class="keywordtype">void</span> <a class="code" href="classNewHope.html#a2f09529f5f73cf9763c28b58b13bbd14">NewHope::sharedb</a>(uint8_t shared_key[NEWHOPE_SHAREDBYTES],</div>
|
|
|
|
|
<div class="line"><a name="l01099"></a><span class="lineno"> 1099</span>  uint8_t send[NEWHOPE_SENDBBYTES],</div>
|
|
|
|
|
<div class="line"><a name="l01100"></a><span class="lineno"> 1100</span>  uint8_t received[NEWHOPE_SENDABYTES],</div>
|
|
|
|
|
<div class="line"><a name="l01101"></a><span class="lineno"> 1101</span>  <a class="code" href="classNewHope.html#a679601da301134f037c3a5786bd7085f">Variant</a> variant, <span class="keyword">const</span> uint8_t *random_seed)</div>
|
|
|
|
|
<div class="line"><a name="l01102"></a><span class="lineno"> 1102</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01103"></a><span class="lineno"> 1103</span>  NewHopePolyExtended a;</div>
|
|
|
|
|
<div class="line"><a name="l01104"></a><span class="lineno"> 1104</span>  <a class="code" href="classNewHopePoly.html">NewHopePoly</a> v, bp;</div>
|
|
|
|
|
<div class="line"><a name="l01105"></a><span class="lineno"> 1105</span>  <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> noiseseed[32];</div>
|
|
|
|
|
<div class="line"><a name="l01106"></a><span class="lineno"> 1106</span> </div>
|
|
|
|
|
<div class="line"><a name="l01107"></a><span class="lineno"> 1107</span>  <span class="keywordflow">if</span> (!random_seed)</div>
|
|
|
|
|
<div class="line"><a name="l01108"></a><span class="lineno"> 1108</span>  RNG.<a class="code" href="classRNGClass.html#a418a833cf18198fd7e5d6dbd78c99c29">rand</a>(noiseseed, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01109"></a><span class="lineno"> 1109</span>  <span class="keywordflow">else</span></div>
|
|
|
|
|
<div class="line"><a name="l01110"></a><span class="lineno"> 1110</span>  memcpy(noiseseed, random_seed, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01111"></a><span class="lineno"> 1111</span> </div>
|
|
|
|
|
<div class="line"><a name="l01112"></a><span class="lineno"> 1112</span>  <span class="comment">// The order of calls is rearranged compared to the reference C version.</span></div>
|
|
|
|
|
<div class="line"><a name="l01113"></a><span class="lineno"> 1113</span>  <span class="comment">// This allows us to get away with 3 temporary poly objects (v, a, bp)</span></div>
|
|
|
|
|
<div class="line"><a name="l01114"></a><span class="lineno"> 1114</span>  <span class="comment">// instead of 8 (sp, ep, v, a, pka, c, epp, bp). Saves 10k of stack space.</span></div>
|
|
|
|
|
<div class="line"><a name="l01115"></a><span class="lineno"> 1115</span> </div>
|
|
|
|
|
<div class="line"><a name="l01116"></a><span class="lineno"> 1116</span>  <span class="keywordflow">if</span> (variant == <a class="code" href="classNewHope.html#a679601da301134f037c3a5786bd7085fa2326f3fd76345d5900834593a74f6596">Ref</a>)</div>
|
|
|
|
|
<div class="line"><a name="l01117"></a><span class="lineno"> 1117</span>  poly_uniform(a.coeffs, received + POLY_BYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01118"></a><span class="lineno"> 1118</span>  <span class="keywordflow">else</span></div>
|
|
|
|
|
<div class="line"><a name="l01119"></a><span class="lineno"> 1119</span>  poly_uniform_torref(a.coeffs, received + POLY_BYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01120"></a><span class="lineno"> 1120</span> </div>
|
|
|
|
|
<div class="line"><a name="l01121"></a><span class="lineno"> 1121</span>  poly_getnoise(v.coeffs, noiseseed, 0);</div>
|
|
|
|
|
<div class="line"><a name="l01122"></a><span class="lineno"> 1122</span>  poly_ntt(v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01123"></a><span class="lineno"> 1123</span> </div>
|
|
|
|
|
<div class="line"><a name="l01124"></a><span class="lineno"> 1124</span>  poly_pointwise(bp.coeffs, a.coeffs, v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01125"></a><span class="lineno"> 1125</span> </div>
|
|
|
|
|
<div class="line"><a name="l01126"></a><span class="lineno"> 1126</span>  poly_getnoise(a.coeffs, noiseseed, 1);</div>
|
|
|
|
|
<div class="line"><a name="l01127"></a><span class="lineno"> 1127</span>  poly_ntt(a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01128"></a><span class="lineno"> 1128</span> </div>
|
|
|
|
|
<div class="line"><a name="l01129"></a><span class="lineno"> 1129</span>  poly_add(bp.coeffs, bp.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01130"></a><span class="lineno"> 1130</span>  </div>
|
|
|
|
|
<div class="line"><a name="l01131"></a><span class="lineno"> 1131</span>  poly_frombytes(a.coeffs, received);</div>
|
|
|
|
|
<div class="line"><a name="l01132"></a><span class="lineno"> 1132</span> </div>
|
|
|
|
|
<div class="line"><a name="l01133"></a><span class="lineno"> 1133</span>  poly_pointwise(v.coeffs, a.coeffs, v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01134"></a><span class="lineno"> 1134</span>  poly_invntt(v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01135"></a><span class="lineno"> 1135</span> </div>
|
|
|
|
|
<div class="line"><a name="l01136"></a><span class="lineno"> 1136</span>  poly_getnoise(a.coeffs, noiseseed, 2);</div>
|
|
|
|
|
<div class="line"><a name="l01137"></a><span class="lineno"> 1137</span>  poly_add(v.coeffs, v.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01138"></a><span class="lineno"> 1138</span> </div>
|
|
|
|
|
<div class="line"><a name="l01139"></a><span class="lineno"> 1139</span>  helprec(a.coeffs, v.coeffs, noiseseed, 3);</div>
|
|
|
|
|
<div class="line"><a name="l01140"></a><span class="lineno"> 1140</span> </div>
|
|
|
|
|
<div class="line"><a name="l01141"></a><span class="lineno"> 1141</span>  encode_b(send, bp.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01142"></a><span class="lineno"> 1142</span>  </div>
|
|
|
|
|
<div class="line"><a name="l01143"></a><span class="lineno"> 1143</span>  rec(shared_key, v.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01144"></a><span class="lineno"> 1144</span> </div>
|
|
|
|
|
<div class="line"><a name="l01145"></a><span class="lineno"> 1145</span>  poly_add(pk.coeffs, a.coeffs, pk.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01145"></a><span class="lineno"> 1145</span>  sha3256(shared_key, shared_key, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01146"></a><span class="lineno"> 1146</span> </div>
|
|
|
|
|
<div class="line"><a name="l01147"></a><span class="lineno"> 1147</span>  encode_a(send, pk.coeffs, seed);</div>
|
|
|
|
|
<div class="line"><a name="l01148"></a><span class="lineno"> 1148</span> </div>
|
|
|
|
|
<div class="line"><a name="l01149"></a><span class="lineno"> 1149</span>  clean(seed);</div>
|
|
|
|
|
<div class="line"><a name="l01150"></a><span class="lineno"> 1150</span>  clean(noiseseed);</div>
|
|
|
|
|
<div class="line"><a name="l01151"></a><span class="lineno"> 1151</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01152"></a><span class="lineno"> 1152</span> </div>
|
|
|
|
|
<div class="line"><a name="l01170"></a><span class="lineno"><a class="line" href="classNewHope.html#a2f09529f5f73cf9763c28b58b13bbd14"> 1170</a></span> <span class="keywordtype">void</span> <a class="code" href="classNewHope.html#a2f09529f5f73cf9763c28b58b13bbd14">NewHope::sharedb</a>(uint8_t shared_key[NEWHOPE_SHAREDBYTES],</div>
|
|
|
|
|
<div class="line"><a name="l01171"></a><span class="lineno"> 1171</span>  uint8_t send[NEWHOPE_SENDBBYTES],</div>
|
|
|
|
|
<div class="line"><a name="l01172"></a><span class="lineno"> 1172</span>  uint8_t received[NEWHOPE_SENDABYTES],</div>
|
|
|
|
|
<div class="line"><a name="l01173"></a><span class="lineno"> 1173</span>  <a class="code" href="classNewHope.html#a679601da301134f037c3a5786bd7085f">Variant</a> variant, <span class="keyword">const</span> uint8_t *random_seed)</div>
|
|
|
|
|
<div class="line"><a name="l01174"></a><span class="lineno"> 1174</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01175"></a><span class="lineno"> 1175</span>  NewHopePolyExtended a;</div>
|
|
|
|
|
<div class="line"><a name="l01176"></a><span class="lineno"> 1176</span>  <a class="code" href="classNewHopePoly.html">NewHopePoly</a> v, bp;</div>
|
|
|
|
|
<div class="line"><a name="l01177"></a><span class="lineno"> 1177</span>  <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> noiseseed[32];</div>
|
|
|
|
|
<div class="line"><a name="l01178"></a><span class="lineno"> 1178</span> </div>
|
|
|
|
|
<div class="line"><a name="l01179"></a><span class="lineno"> 1179</span>  <span class="keywordflow">if</span> (!random_seed)</div>
|
|
|
|
|
<div class="line"><a name="l01180"></a><span class="lineno"> 1180</span>  RNG.<a class="code" href="classRNGClass.html#a418a833cf18198fd7e5d6dbd78c99c29">rand</a>(noiseseed, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01181"></a><span class="lineno"> 1181</span>  <span class="keywordflow">else</span></div>
|
|
|
|
|
<div class="line"><a name="l01182"></a><span class="lineno"> 1182</span>  memcpy(noiseseed, random_seed, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01183"></a><span class="lineno"> 1183</span> </div>
|
|
|
|
|
<div class="line"><a name="l01184"></a><span class="lineno"> 1184</span>  <span class="comment">// The order of calls is rearranged compared to the reference C version.</span></div>
|
|
|
|
|
<div class="line"><a name="l01185"></a><span class="lineno"> 1185</span>  <span class="comment">// This allows us to get away with 3 temporary poly objects (v, a, bp)</span></div>
|
|
|
|
|
<div class="line"><a name="l01186"></a><span class="lineno"> 1186</span>  <span class="comment">// instead of 8 (sp, ep, v, a, pka, c, epp, bp). Saves 10k of stack space.</span></div>
|
|
|
|
|
<div class="line"><a name="l01187"></a><span class="lineno"> 1187</span> </div>
|
|
|
|
|
<div class="line"><a name="l01188"></a><span class="lineno"> 1188</span>  <span class="keywordflow">if</span> (variant == <a class="code" href="classNewHope.html#a679601da301134f037c3a5786bd7085fa2326f3fd76345d5900834593a74f6596">Ref</a>)</div>
|
|
|
|
|
<div class="line"><a name="l01189"></a><span class="lineno"> 1189</span>  poly_uniform(a.coeffs, received + POLY_BYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01190"></a><span class="lineno"> 1190</span>  <span class="keywordflow">else</span></div>
|
|
|
|
|
<div class="line"><a name="l01191"></a><span class="lineno"> 1191</span>  poly_uniform_torref(a.coeffs, received + POLY_BYTES);</div>
|
|
|
|
|
<div class="line"><a name="l01192"></a><span class="lineno"> 1192</span> </div>
|
|
|
|
|
<div class="line"><a name="l01193"></a><span class="lineno"> 1193</span>  poly_getnoise(v.coeffs, noiseseed, 0);</div>
|
|
|
|
|
<div class="line"><a name="l01194"></a><span class="lineno"> 1194</span>  poly_ntt(v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01195"></a><span class="lineno"> 1195</span> </div>
|
|
|
|
|
<div class="line"><a name="l01196"></a><span class="lineno"> 1196</span>  poly_pointwise(bp.coeffs, a.coeffs, v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01197"></a><span class="lineno"> 1197</span> </div>
|
|
|
|
|
<div class="line"><a name="l01198"></a><span class="lineno"> 1198</span>  poly_getnoise(a.coeffs, noiseseed, 1);</div>
|
|
|
|
|
<div class="line"><a name="l01199"></a><span class="lineno"> 1199</span>  poly_ntt(a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01200"></a><span class="lineno"> 1200</span> </div>
|
|
|
|
|
<div class="line"><a name="l01201"></a><span class="lineno"> 1201</span>  poly_add(bp.coeffs, bp.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01202"></a><span class="lineno"> 1202</span>  </div>
|
|
|
|
|
<div class="line"><a name="l01203"></a><span class="lineno"> 1203</span>  poly_frombytes(a.coeffs, received);</div>
|
|
|
|
|
<div class="line"><a name="l01204"></a><span class="lineno"> 1204</span> </div>
|
|
|
|
|
<div class="line"><a name="l01205"></a><span class="lineno"> 1205</span>  poly_pointwise(v.coeffs, a.coeffs, v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01206"></a><span class="lineno"> 1206</span>  poly_invntt(v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01207"></a><span class="lineno"> 1207</span> </div>
|
|
|
|
|
<div class="line"><a name="l01208"></a><span class="lineno"> 1208</span>  poly_getnoise(a.coeffs, noiseseed, 2);</div>
|
|
|
|
|
<div class="line"><a name="l01209"></a><span class="lineno"> 1209</span>  poly_add(v.coeffs, v.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01210"></a><span class="lineno"> 1210</span> </div>
|
|
|
|
|
<div class="line"><a name="l01211"></a><span class="lineno"> 1211</span>  helprec(a.coeffs, v.coeffs, noiseseed, 3);</div>
|
|
|
|
|
<div class="line"><a name="l01212"></a><span class="lineno"> 1212</span> </div>
|
|
|
|
|
<div class="line"><a name="l01213"></a><span class="lineno"> 1213</span>  encode_b(send, bp.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01214"></a><span class="lineno"> 1214</span>  </div>
|
|
|
|
|
<div class="line"><a name="l01215"></a><span class="lineno"> 1215</span>  rec(shared_key, v.coeffs, a.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01216"></a><span class="lineno"> 1216</span> </div>
|
|
|
|
|
<div class="line"><a name="l01217"></a><span class="lineno"> 1217</span>  sha3256(shared_key, shared_key, 32);</div>
|
|
|
|
|
<div class="line"><a name="l01218"></a><span class="lineno"> 1218</span> </div>
|
|
|
|
|
<div class="line"><a name="l01219"></a><span class="lineno"> 1219</span>  clean(noiseseed);</div>
|
|
|
|
|
<div class="line"><a name="l01220"></a><span class="lineno"> 1220</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01221"></a><span class="lineno"> 1221</span> </div>
|
|
|
|
|
<div class="line"><a name="l01231"></a><span class="lineno"><a class="line" href="classNewHope.html#ae490ebcfcbc18179b03c1a1ae8874458"> 1231</a></span> <span class="keywordtype">void</span> <a class="code" href="classNewHope.html#ae490ebcfcbc18179b03c1a1ae8874458">NewHope::shareda</a>(uint8_t shared_key[NEWHOPE_SHAREDBYTES],</div>
|
|
|
|
|
<div class="line"><a name="l01232"></a><span class="lineno"> 1232</span>  <span class="keyword">const</span> <a class="code" href="classNewHopePoly.html">NewHopePoly</a> &sk,</div>
|
|
|
|
|
<div class="line"><a name="l01233"></a><span class="lineno"> 1233</span>  uint8_t received[NEWHOPE_SENDBBYTES])</div>
|
|
|
|
|
<div class="line"><a name="l01234"></a><span class="lineno"> 1234</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01235"></a><span class="lineno"> 1235</span>  <a class="code" href="classNewHopePoly.html">NewHopePoly</a> v, bp;</div>
|
|
|
|
|
<div class="line"><a name="l01236"></a><span class="lineno"> 1236</span> </div>
|
|
|
|
|
<div class="line"><a name="l01237"></a><span class="lineno"> 1237</span>  <span class="comment">// The order of calls is rearranged compared to the reference C version.</span></div>
|
|
|
|
|
<div class="line"><a name="l01238"></a><span class="lineno"> 1238</span>  <span class="comment">// This allows us to get away with two temporary poly objects (v, bp)</span></div>
|
|
|
|
|
<div class="line"><a name="l01239"></a><span class="lineno"> 1239</span>  <span class="comment">// instead of three (v, bp, c). This saves 2k of stack space.</span></div>
|
|
|
|
|
<div class="line"><a name="l01240"></a><span class="lineno"> 1240</span> </div>
|
|
|
|
|
<div class="line"><a name="l01241"></a><span class="lineno"> 1241</span>  poly_frombytes(bp.coeffs, received);</div>
|
|
|
|
|
<div class="line"><a name="l01242"></a><span class="lineno"> 1242</span> </div>
|
|
|
|
|
<div class="line"><a name="l01243"></a><span class="lineno"> 1243</span>  poly_pointwise(v.coeffs, sk.coeffs, bp.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01244"></a><span class="lineno"> 1244</span>  poly_invntt(v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01245"></a><span class="lineno"> 1245</span> </div>
|
|
|
|
|
<div class="line"><a name="l01246"></a><span class="lineno"> 1246</span>  decode_b_2nd_half(bp.coeffs, received);</div>
|
|
|
|
|
<div class="line"><a name="l01247"></a><span class="lineno"> 1247</span>  </div>
|
|
|
|
|
<div class="line"><a name="l01248"></a><span class="lineno"> 1248</span>  rec(shared_key, v.coeffs, bp.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01249"></a><span class="lineno"> 1249</span> </div>
|
|
|
|
|
<div class="line"><a name="l01250"></a><span class="lineno"> 1250</span>  sha3256(shared_key, shared_key, 32); </div>
|
|
|
|
|
<div class="line"><a name="l01251"></a><span class="lineno"> 1251</span> }</div>
|
|
|
|
|
<div class="ttc" id="classNewHopePoly_html_ad7c3c83cb078be4e6f136eeea7e21250"><div class="ttname"><a href="classNewHopePoly.html#ad7c3c83cb078be4e6f136eeea7e21250">NewHopePoly::~NewHopePoly</a></div><div class="ttdeci">~NewHopePoly()</div><div class="ttdoc">Clears sensitive data and destroys this "poly" object. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01064">NewHope.cpp:1064</a></div></div>
|
|
|
|
|
<div class="line"><a name="l01147"></a><span class="lineno"> 1147</span>  clean(noiseseed);</div>
|
|
|
|
|
<div class="line"><a name="l01148"></a><span class="lineno"> 1148</span> }</div>
|
|
|
|
|
<div class="line"><a name="l01149"></a><span class="lineno"> 1149</span> </div>
|
|
|
|
|
<div class="line"><a name="l01159"></a><span class="lineno"><a class="line" href="classNewHope.html#ae490ebcfcbc18179b03c1a1ae8874458"> 1159</a></span> <span class="keywordtype">void</span> <a class="code" href="classNewHope.html#ae490ebcfcbc18179b03c1a1ae8874458">NewHope::shareda</a>(uint8_t shared_key[NEWHOPE_SHAREDBYTES],</div>
|
|
|
|
|
<div class="line"><a name="l01160"></a><span class="lineno"> 1160</span>  <span class="keyword">const</span> <a class="code" href="classNewHopePoly.html">NewHopePoly</a> &sk,</div>
|
|
|
|
|
<div class="line"><a name="l01161"></a><span class="lineno"> 1161</span>  uint8_t received[NEWHOPE_SENDBBYTES])</div>
|
|
|
|
|
<div class="line"><a name="l01162"></a><span class="lineno"> 1162</span> {</div>
|
|
|
|
|
<div class="line"><a name="l01163"></a><span class="lineno"> 1163</span>  <a class="code" href="classNewHopePoly.html">NewHopePoly</a> v, bp;</div>
|
|
|
|
|
<div class="line"><a name="l01164"></a><span class="lineno"> 1164</span> </div>
|
|
|
|
|
<div class="line"><a name="l01165"></a><span class="lineno"> 1165</span>  <span class="comment">// The order of calls is rearranged compared to the reference C version.</span></div>
|
|
|
|
|
<div class="line"><a name="l01166"></a><span class="lineno"> 1166</span>  <span class="comment">// This allows us to get away with two temporary poly objects (v, bp)</span></div>
|
|
|
|
|
<div class="line"><a name="l01167"></a><span class="lineno"> 1167</span>  <span class="comment">// instead of three (v, bp, c). This saves 2k of stack space.</span></div>
|
|
|
|
|
<div class="line"><a name="l01168"></a><span class="lineno"> 1168</span> </div>
|
|
|
|
|
<div class="line"><a name="l01169"></a><span class="lineno"> 1169</span>  poly_frombytes(bp.coeffs, received);</div>
|
|
|
|
|
<div class="line"><a name="l01170"></a><span class="lineno"> 1170</span> </div>
|
|
|
|
|
<div class="line"><a name="l01171"></a><span class="lineno"> 1171</span>  poly_pointwise(v.coeffs, sk.coeffs, bp.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01172"></a><span class="lineno"> 1172</span>  poly_invntt(v.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01173"></a><span class="lineno"> 1173</span> </div>
|
|
|
|
|
<div class="line"><a name="l01174"></a><span class="lineno"> 1174</span>  decode_b_2nd_half(bp.coeffs, received);</div>
|
|
|
|
|
<div class="line"><a name="l01175"></a><span class="lineno"> 1175</span>  </div>
|
|
|
|
|
<div class="line"><a name="l01176"></a><span class="lineno"> 1176</span>  rec(shared_key, v.coeffs, bp.coeffs);</div>
|
|
|
|
|
<div class="line"><a name="l01177"></a><span class="lineno"> 1177</span> </div>
|
|
|
|
|
<div class="line"><a name="l01178"></a><span class="lineno"> 1178</span>  sha3256(shared_key, shared_key, 32); </div>
|
|
|
|
|
<div class="line"><a name="l01179"></a><span class="lineno"> 1179</span> }</div>
|
|
|
|
|
<div class="ttc" id="classNewHopePoly_html_ad7c3c83cb078be4e6f136eeea7e21250"><div class="ttname"><a href="classNewHopePoly.html#ad7c3c83cb078be4e6f136eeea7e21250">NewHopePoly::~NewHopePoly</a></div><div class="ttdeci">~NewHopePoly()</div><div class="ttdoc">Clears sensitive data and destroys this "poly" object. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l00992">NewHope.cpp:992</a></div></div>
|
|
|
|
|
<div class="ttc" id="classRNGClass_html_a418a833cf18198fd7e5d6dbd78c99c29"><div class="ttname"><a href="classRNGClass.html#a418a833cf18198fd7e5d6dbd78c99c29">RNGClass::rand</a></div><div class="ttdeci">void rand(uint8_t *data, size_t len)</div><div class="ttdoc">Generates random bytes into a caller-supplied buffer. </div><div class="ttdef"><b>Definition:</b> <a href="RNG_8cpp_source.html#l00508">RNG.cpp:508</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHope_html_a679601da301134f037c3a5786bd7085f"><div class="ttname"><a href="classNewHope.html#a679601da301134f037c3a5786bd7085f">NewHope::Variant</a></div><div class="ttdeci">Variant</div><div class="ttdoc">Describes the variant of the New Hope algorithm to implement. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8h_source.html#l00055">NewHope.h:55</a></div></div>
|
|
|
|
|
<div class="ttc" id="classSHAKE128_html"><div class="ttname"><a href="classSHAKE128.html">SHAKE128</a></div><div class="ttdoc">SHAKE Extendable-Output Function (XOF) with 128-bit security. </div><div class="ttdef"><b>Definition:</b> <a href="SHAKE_8h_source.html#l00052">SHAKE.h:52</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHope_html_ae8f821867bce309220aee7a43c2d4f51"><div class="ttname"><a href="classNewHope.html#ae8f821867bce309220aee7a43c2d4f51">NewHope::keygen</a></div><div class="ttdeci">static void keygen(uint8_t send[NEWHOPE_SENDABYTES], NewHopePoly &sk, Variant variant=Ref, const uint8_t *random_seed=0)</div><div class="ttdoc">Generates the key pair for Alice in a New Hope key exchange. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01111">NewHope.cpp:1111</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHopePoly_html_a842db1796a45ba78f279e008210df304"><div class="ttname"><a href="classNewHopePoly.html#a842db1796a45ba78f279e008210df304">NewHopePoly::clear</a></div><div class="ttdeci">void clear()</div><div class="ttdoc">Clears sensitive data in this "poly" object. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01072">NewHope.cpp:1072</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHope_html_a2f09529f5f73cf9763c28b58b13bbd14"><div class="ttname"><a href="classNewHope.html#a2f09529f5f73cf9763c28b58b13bbd14">NewHope::sharedb</a></div><div class="ttdeci">static void sharedb(uint8_t shared_key[NEWHOPE_SHAREDBYTES], uint8_t send[NEWHOPE_SENDBBYTES], uint8_t received[NEWHOPE_SENDABYTES], Variant variant=Ref, const uint8_t *random_seed=0)</div><div class="ttdoc">Generates the public key and shared secret for Bob. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01170">NewHope.cpp:1170</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHope_html_ae8f821867bce309220aee7a43c2d4f51"><div class="ttname"><a href="classNewHope.html#ae8f821867bce309220aee7a43c2d4f51">NewHope::keygen</a></div><div class="ttdeci">static void keygen(uint8_t send[NEWHOPE_SENDABYTES], NewHopePoly &sk, Variant variant=Ref, const uint8_t *random_seed=0)</div><div class="ttdoc">Generates the key pair for Alice in a New Hope key exchange. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01039">NewHope.cpp:1039</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHopePoly_html_a842db1796a45ba78f279e008210df304"><div class="ttname"><a href="classNewHopePoly.html#a842db1796a45ba78f279e008210df304">NewHopePoly::clear</a></div><div class="ttdeci">void clear()</div><div class="ttdoc">Clears sensitive data in this "poly" object. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01000">NewHope.cpp:1000</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHope_html_a2f09529f5f73cf9763c28b58b13bbd14"><div class="ttname"><a href="classNewHope.html#a2f09529f5f73cf9763c28b58b13bbd14">NewHope::sharedb</a></div><div class="ttdeci">static void sharedb(uint8_t shared_key[NEWHOPE_SHAREDBYTES], uint8_t send[NEWHOPE_SENDBBYTES], uint8_t received[NEWHOPE_SENDABYTES], Variant variant=Ref, const uint8_t *random_seed=0)</div><div class="ttdoc">Generates the public key and shared secret for Bob. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01098">NewHope.cpp:1098</a></div></div>
|
|
|
|
|
<div class="ttc" id="classSHA3__256_html_a8fe7cad1f83bd1bae1a0d521324247a1"><div class="ttname"><a href="classSHA3__256.html#a8fe7cad1f83bd1bae1a0d521324247a1">SHA3_256::finalize</a></div><div class="ttdeci">void finalize(void *hash, size_t len)</div><div class="ttdoc">Finalizes the hashing process and returns the hash. </div><div class="ttdef"><b>Definition:</b> <a href="SHA3_8cpp_source.html#l00071">SHA3.cpp:71</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHopePoly_html_aec9804046c753436ffbe88afd175bb39"><div class="ttname"><a href="classNewHopePoly.html#aec9804046c753436ffbe88afd175bb39">NewHopePoly::NewHopePoly</a></div><div class="ttdeci">NewHopePoly()</div><div class="ttdoc">Constructs a new "poly" object for the NewHope algorithm. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01057">NewHope.cpp:1057</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHopePoly_html_aec9804046c753436ffbe88afd175bb39"><div class="ttname"><a href="classNewHopePoly.html#aec9804046c753436ffbe88afd175bb39">NewHopePoly::NewHopePoly</a></div><div class="ttdeci">NewHopePoly()</div><div class="ttdoc">Constructs a new "poly" object for the NewHope algorithm. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l00985">NewHope.cpp:985</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHopePoly_html"><div class="ttname"><a href="classNewHopePoly.html">NewHopePoly</a></div><div class="ttdoc">NewHope polynomial representation. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8h_source.html#l00034">NewHope.h:34</a></div></div>
|
|
|
|
|
<div class="ttc" id="classSHAKE_html_aa6f3a32427433aabe20adccb6994a4aa"><div class="ttname"><a href="classSHAKE.html#aa6f3a32427433aabe20adccb6994a4aa">SHAKE::update</a></div><div class="ttdeci">void update(const void *data, size_t len)</div><div class="ttdoc">Updates the XOF with more data. </div><div class="ttdef"><b>Definition:</b> <a href="SHAKE_8cpp_source.html#l00064">SHAKE.cpp:64</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHope_html_ae490ebcfcbc18179b03c1a1ae8874458"><div class="ttname"><a href="classNewHope.html#ae490ebcfcbc18179b03c1a1ae8874458">NewHope::shareda</a></div><div class="ttdeci">static void shareda(uint8_t shared_key[NEWHOPE_SHAREDBYTES], const NewHopePoly &sk, uint8_t received[NEWHOPE_SENDBBYTES])</div><div class="ttdoc">Generates the shared secret for Alice. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01231">NewHope.cpp:1231</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHope_html_ae490ebcfcbc18179b03c1a1ae8874458"><div class="ttname"><a href="classNewHope.html#ae490ebcfcbc18179b03c1a1ae8874458">NewHope::shareda</a></div><div class="ttdeci">static void shareda(uint8_t shared_key[NEWHOPE_SHAREDBYTES], const NewHopePoly &sk, uint8_t received[NEWHOPE_SENDBBYTES])</div><div class="ttdoc">Generates the shared secret for Alice. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8cpp_source.html#l01159">NewHope.cpp:1159</a></div></div>
|
|
|
|
|
<div class="ttc" id="classChaCha_html_a41ac3262e52ff49dcd916d0b3b2e2038"><div class="ttname"><a href="classChaCha.html#a41ac3262e52ff49dcd916d0b3b2e2038">ChaCha::hashCore</a></div><div class="ttdeci">static void hashCore(uint32_t *output, const uint32_t *input, uint8_t rounds)</div><div class="ttdoc">Executes the ChaCha hash core on an input memory block. </div><div class="ttdef"><b>Definition:</b> <a href="ChaCha_8cpp_source.html#l00253">ChaCha.cpp:253</a></div></div>
|
|
|
|
|
<div class="ttc" id="classSHA3__256_html"><div class="ttname"><a href="classSHA3__256.html">SHA3_256</a></div><div class="ttdoc">SHA3-256 hash algorithm. </div><div class="ttdef"><b>Definition:</b> <a href="SHA3_8h_source.html#l00029">SHA3.h:29</a></div></div>
|
|
|
|
|
<div class="ttc" id="classNewHope_html_a679601da301134f037c3a5786bd7085fa2326f3fd76345d5900834593a74f6596"><div class="ttname"><a href="classNewHope.html#a679601da301134f037c3a5786bd7085fa2326f3fd76345d5900834593a74f6596">NewHope::Ref</a></div><div class="ttdoc">The standard "reference" version of the New Hope algorithm. </div><div class="ttdef"><b>Definition:</b> <a href="NewHope_8h_source.html#l00057">NewHope.h:57</a></div></div>
|
|
|
|
|
@ -1193,7 +1121,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
|
|
|
|
|
</div><!-- fragment --></div><!-- contents -->
|
|
|
|
|
<!-- start footer part -->
|
|
|
|
|
<hr class="footer"/><address class="footer"><small>
|
|
|
|
|
Generated on Thu Aug 18 2016 18:42:10 for ArduinoLibs by  <a href="http://www.doxygen.org/index.html">
|
|
|
|
|
Generated on Tue Aug 23 2016 18:54:05 for ArduinoLibs by  <a href="http://www.doxygen.org/index.html">
|
|
|
|
|
<img class="footer" src="doxygen.png" alt="doxygen"/>
|
|
|
|
|
</a> 1.8.6
|
|
|
|
|
</small></address>
|
|
|
|
|
|
Rhys Weatherley