From 1082339e70c5922cb382e60bfa25a5849da82f9b Mon Sep 17 00:00:00 2001 From: Tiago Oliveira Date: Fri, 19 Apr 2024 10:24:20 +0100 Subject: [PATCH] fix keccak ref1 remove spill --- .../keccak1600/amd64/ref1/keccakf1600.jinc | 5 +--- .../kyber/kyber768/amd64/ref/indcpa.jinc | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/src/common/keccak/keccak1600/amd64/ref1/keccakf1600.jinc b/src/common/keccak/keccak1600/amd64/ref1/keccakf1600.jinc index 85bbfd40..e261b30b 100644 --- a/src/common/keccak/keccak1600/amd64/ref1/keccakf1600.jinc +++ b/src/common/keccak/keccak1600/amd64/ref1/keccakf1600.jinc @@ -130,23 +130,20 @@ inline fn __round_ref1(reg ptr u64[25] e a, reg u64 rc) -> reg ptr u64[25] inline fn __keccakf1600_ref1(reg ptr u64[25] a) -> reg ptr u64[25] { reg ptr u64[24] RC; - stack ptr u64[24] s_RC; stack u64[25] s_e; reg ptr u64[25] e; + reg u64 c rc; RC = KECCAK1600_RC; - s_RC = RC; e = s_e; c = 0; while (c < KECCAK_ROUNDS - 1) { - RC = s_RC; rc = RC[(int) c]; e = __round_ref1(e, a, rc); - RC = s_RC; rc = RC[(int) c + 1]; a = __round_ref1(a, e, rc); diff --git a/src/crypto_kem/kyber/kyber768/amd64/ref/indcpa.jinc b/src/crypto_kem/kyber/kyber768/amd64/ref/indcpa.jinc index 5e0ac756..34c8982f 100644 --- a/src/crypto_kem/kyber/kyber768/amd64/ref/indcpa.jinc +++ b/src/crypto_kem/kyber/kyber768/amd64/ref/indcpa.jinc @@ -98,6 +98,9 @@ fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[KYB reg u64 ctp; reg u16 t; reg u8 nonce; + stack ptr u8[KYBER_SYMBYTES] noiseseed_s; + + noiseseed_s = noiseseed; pkpv = __polyvec_frombytes(pkp); @@ -116,20 +119,31 @@ fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[KYB aat = __gen_matrix(publicseed, 1); + noiseseed = noiseseed_s; nonce = 0; sp[0:KYBER_N] = _poly_getnoise(sp[0:KYBER_N], noiseseed, nonce); + + noiseseed = noiseseed_s; nonce = 1; sp[KYBER_N:KYBER_N] = _poly_getnoise(sp[KYBER_N:KYBER_N], noiseseed, nonce); + + noiseseed = noiseseed_s; nonce = 2; sp[2*KYBER_N:KYBER_N] = _poly_getnoise(sp[2*KYBER_N:KYBER_N], noiseseed, nonce); + noiseseed = noiseseed_s; nonce = 3; ep[0:KYBER_N] = _poly_getnoise(ep[0:KYBER_N], noiseseed, nonce); + + noiseseed = noiseseed_s; nonce = 4; ep[KYBER_N:KYBER_N] = _poly_getnoise(ep[KYBER_N:KYBER_N], noiseseed, nonce); + + noiseseed = noiseseed_s; nonce = 5; ep[2*KYBER_N:KYBER_N] = _poly_getnoise(ep[2*KYBER_N:KYBER_N], noiseseed, nonce); + noiseseed = noiseseed_s; nonce = 6; epp = _poly_getnoise(epp, noiseseed, nonce); @@ -167,6 +181,9 @@ fn __iindcpa_enc(reg ptr u8[KYBER_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp, reg u16 t; reg u8 nonce; stack ptr u8[KYBER_CT_LEN] sctp; + stack ptr u8[KYBER_SYMBYTES] noiseseed_s; + + noiseseed_s = noiseseed; sctp = ctp; @@ -187,20 +204,31 @@ fn __iindcpa_enc(reg ptr u8[KYBER_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp, aat = __gen_matrix(publicseed, 1); + noiseseed = noiseseed_s; nonce = 0; sp[0:KYBER_N] = _poly_getnoise(sp[0:KYBER_N], noiseseed, nonce); + + noiseseed = noiseseed_s; nonce = 1; sp[KYBER_N:KYBER_N] = _poly_getnoise(sp[KYBER_N:KYBER_N], noiseseed, nonce); + + noiseseed = noiseseed_s; nonce = 2; sp[2*KYBER_N:KYBER_N] = _poly_getnoise(sp[2*KYBER_N:KYBER_N], noiseseed, nonce); + noiseseed = noiseseed_s; nonce = 3; ep[0:KYBER_N] = _poly_getnoise(ep[0:KYBER_N], noiseseed, nonce); + + noiseseed = noiseseed_s; nonce = 4; ep[KYBER_N:KYBER_N] = _poly_getnoise(ep[KYBER_N:KYBER_N], noiseseed, nonce); + + noiseseed = noiseseed_s; nonce = 5; ep[2*KYBER_N:KYBER_N] = _poly_getnoise(ep[2*KYBER_N:KYBER_N], noiseseed, nonce); + noiseseed = noiseseed_s; nonce = 6; epp = _poly_getnoise(epp, noiseseed, nonce);