diff --git a/src/iaes/iaes256_cbc_cernal.c b/src/iaes/iaes256_cbc_cernal.c
index da867204fd48feecaa16f501c333ca0b9dd823dc..a61de19b7b267133d7f69ad71bee7f95655f0589 100755
--- a/src/iaes/iaes256_cbc_cernal.c
+++ b/src/iaes/iaes256_cbc_cernal.c
@@ -490,6 +490,7 @@ size_t IAES_256_CBC_decrypt(const uint8_t *cdata, uint8_t *data, uint8_t *ivec,
size_t i, padding = 0;
size_t end = length > 16 ? length - 16 : 0;
+ if(length>0)
for(i = length-1; i >= end; i--)
{
if(data[i] == 0)
diff --git a/src/sig_dilithium/dilithium_poly.c b/src/sig_dilithium/dilithium_poly.c
index 26793937515f5e574240c02a8aa78264769f1eb0..fa6345bf1a8b6914271b8ecaba7924f15439ef1d 100755
--- a/src/sig_dilithium/dilithium_poly.c
+++ b/src/sig_dilithium/dilithium_poly.c
@@ -1,8 +1,8 @@
#include <stdint.h>
#include "dilithium_poly.h"
-#include "KeccakHash.h"
-#include "SimpleFIPS202.h"
+//#include "KeccakHash.h"
+//#include "SimpleFIPS202.h"
/*************************************************/
void poly_reduce(poly *a) {
@@ -184,25 +184,25 @@ void poly_uniform_eta(poly *a, const unsigned char seed[SEEDBYTES], unsigned cha
unsigned char inbuf[SEEDBYTES + 1];
unsigned char outbuf[2*SHAKE256_RATE];
-// uint64_t state[25] = {0};
- Keccak_HashInstance ks;
+ uint64_t state[25] = {0};
+ //Keccak_HashInstance ks;
for(i= 0; i < SEEDBYTES; ++i)
inbuf[i] = seed[i];
inbuf[SEEDBYTES] = nonce;
-// shake256_absorb(state, inbuf, SEEDBYTES + 1);
-// shake256_squeezeblocks(outbuf, 2, state);
+ shake256_absorb(state, inbuf, SEEDBYTES + 1);
+ shake256_squeezeblocks(outbuf, 2, state);
- Keccak_HashInitialize_SHAKE256( &ks );
- Keccak_HashUpdate( &ks, inbuf, (SEEDBYTES + 1) * 8 );
- Keccak_HashFinal( &ks, inbuf );
- Keccak_HashSqueeze( &ks, outbuf, 2 * 8 * 8 );
+ //Keccak_HashInitialize_SHAKE256( &ks );
+ //Keccak_HashUpdate( &ks, inbuf, (SEEDBYTES + 1) * 8 );
+ //Keccak_HashFinal( &ks, inbuf );
+ //Keccak_HashSqueeze( &ks, outbuf, 2 * 8 * 8 );
ctr = rej_eta(a->coeffs, NN, outbuf, 2*SHAKE256_RATE, p);
if(ctr < NN) {
-// shake256_squeezeblocks(outbuf, 1, state);
- Keccak_HashSqueeze( &ks, outbuf, 1 * 8 * 8 );
+ shake256_squeezeblocks(outbuf, 1, state);
+ // Keccak_HashSqueeze( &ks, outbuf, 1 * 8 * 8 );
rej_eta(a->coeffs + ctr, NN - ctr, outbuf, SHAKE256_RATE, p);
}
}
@@ -244,27 +244,27 @@ void poly_uniform_gamma1m1(poly *a, const unsigned char seed[SEEDBYTES + CRHBYTE
unsigned char inbuf[SEEDBYTES + CRHBYTES + 2];
unsigned char outbuf[5*SHAKE256_RATE];
-// uint64_t state[25] = {0};
- Keccak_HashInstance ks;
+ uint64_t state[25] = {0};
+// Keccak_HashInstance ks;
for(i = 0; i < SEEDBYTES + CRHBYTES; ++i)
inbuf[i] = seed[i];
inbuf[SEEDBYTES + CRHBYTES] = nonce & 0xFF;
inbuf[SEEDBYTES + CRHBYTES + 1] = nonce >> 8;
-// shake256_absorb(state, inbuf, SEEDBYTES + CRHBYTES + 2);
-// shake256_squeezeblocks(outbuf, 5, state);
+ shake256_absorb(state, inbuf, SEEDBYTES + CRHBYTES + 2);
+ shake256_squeezeblocks(outbuf, 5, state);
- Keccak_HashInitialize_SHAKE128( &ks );
- Keccak_HashUpdate( &ks, inbuf, (SEEDBYTES + CRHBYTES + 2) * 8 );
- Keccak_HashFinal( &ks, inbuf );
- Keccak_HashSqueeze( &ks, outbuf, 5 * 8 * 8 );
+ //Keccak_HashInitialize_SHAKE128( &ks );
+ //Keccak_HashUpdate( &ks, inbuf, (SEEDBYTES + CRHBYTES + 2) * 8 );
+ //Keccak_HashFinal( &ks, inbuf );
+ //Keccak_HashSqueeze( &ks, outbuf, 5 * 8 * 8 );
ctr = rej_gamma1m1(a->coeffs, NN, outbuf, 5*SHAKE256_RATE);
if(ctr < NN) {
-// shake256_squeezeblocks(outbuf, 1, state);
- Keccak_HashSqueeze( &ks, outbuf, 1 * 8 * 8 );
+ shake256_squeezeblocks(outbuf, 1, state);
+ //Keccak_HashSqueeze( &ks, outbuf, 1 * 8 * 8 );
rej_gamma1m1(a->coeffs + ctr, NN - ctr, outbuf, SHAKE256_RATE);
}
}
diff --git a/src/sig_dilithium/dilithium_sign.c b/src/sig_dilithium/dilithium_sign.c
index 38747a1f418ce543ea7e67d09547e38bf5f9ff3d..63ddd1a048bcfcbdb5128ff43f8585f2fd77e836 100755
--- a/src/sig_dilithium/dilithium_sign.c
+++ b/src/sig_dilithium/dilithium_sign.c
@@ -1,8 +1,8 @@
#include <stdint.h>
#include "dilithium_sign.h"
-#include "KeccakHash.h"
-#include "SimpleFIPS202.h"
+//#include "KeccakHash.h"
+//#include "SimpleFIPS202.h"
/********************************************************************************************/
void expand_mat(polyvecl mat[], const unsigned char rho[SEEDBYTES], dilithium_param_t *p)
@@ -18,7 +18,8 @@ void expand_mat(polyvecl mat[], const unsigned char rho[SEEDBYTES], dilithium_pa
for(i = 0; i < p->PARAM_K; ++i) {
for(j = 0; j < p->PARAM_L; ++j) {
inbuf[SEEDBYTES] = i + (j << 4);
- SHAKE128(outbuf, sizeof(outbuf), inbuf, SEEDBYTES + 1);
+ //SHAKE128(outbuf, sizeof(outbuf), inbuf, SEEDBYTES + 1);
+ shake128(outbuf, sizeof(outbuf), inbuf, SEEDBYTES + 1);
dilithium_poly_uniform(mat[i].vec + j, outbuf);
}
}
@@ -30,22 +31,22 @@ void challenge(poly *c, const unsigned char mu[CRHBYTES], const polyveck *w1, di
unsigned int i, b, pos;
unsigned char inbuf[CRHBYTES + p->PARAM_K * p->PARAM_POLW1_SIZE_PACKED];
unsigned char outbuf[SHAKE256_RATE];
-// uint64_t state[25] = {0}, signs, mask;
- uint64_t signs, mask;
- Keccak_HashInstance ks;
+ uint64_t state[25] = {0}, signs, mask;
+ //uint64_t signs, mask;
+ //Keccak_HashInstance ks;
for(i = 0; i < CRHBYTES; ++i)
inbuf[i] = mu[i];
for(i = 0; i < p->PARAM_K; ++i)
polyw1_pack(inbuf + CRHBYTES + i * p->PARAM_POLW1_SIZE_PACKED, w1->vec + i);
-// shake256_absorb(state, inbuf, sizeof(inbuf));
-// shake256_squeezeblocks(outbuf, 1, state);
+ shake256_absorb(state, inbuf, sizeof(inbuf));
+ shake256_squeezeblocks(outbuf, 1, state);
- Keccak_HashInitialize_SHAKE256( &ks );
- Keccak_HashUpdate( &ks, inbuf, sizeof(inbuf) * 8 );
- Keccak_HashFinal( &ks, inbuf );
- Keccak_HashSqueeze( &ks, outbuf, 1 * 8 * 8 );
+ //Keccak_HashInitialize_SHAKE256( &ks );
+ //Keccak_HashUpdate( &ks, inbuf, sizeof(inbuf) * 8 );
+ //Keccak_HashFinal( &ks, inbuf );
+ //Keccak_HashSqueeze( &ks, outbuf, 1 * 8 * 8 );
signs = 0;
for(i = 0; i < 8; ++i)
@@ -60,8 +61,8 @@ void challenge(poly *c, const unsigned char mu[CRHBYTES], const polyveck *w1, di
for(i = 196; i < 256; ++i) {
do {
if(pos >= SHAKE256_RATE) {
-// shake256_squeezeblocks(outbuf, 1, state);
- Keccak_HashSqueeze( &ks, outbuf, 1 * 8 * 8 );
+ shake256_squeezeblocks(outbuf, 1, state);
+// Keccak_HashSqueeze( &ks, outbuf, 1 * 8 * 8 );
pos = 0;
}
@@ -154,7 +155,8 @@ int dilithium_crypto_sign_keypair(dilithium_public_key_t *public_key, dilithium_
randombytes(seedbuf, SEEDBYTES);
- SHAKE256(seedbuf, 3*SEEDBYTES, seedbuf, SEEDBYTES);
+ //SHAKE256(seedbuf, 3*SEEDBYTES, seedbuf, SEEDBYTES);
+ shake256(seedbuf, 3*SEEDBYTES, seedbuf, SEEDBYTES);
rho = seedbuf;
rhoprime = rho + SEEDBYTES;
key = rho + 2*SEEDBYTES;
@@ -180,7 +182,8 @@ int dilithium_crypto_sign_keypair(dilithium_public_key_t *public_key, dilithium_
polyveck_power2round(&t1, &t0, &t, p);
dilithium_pack_pk(public_key->data, rho, &t1, p);
- SHAKE256(tr, CRHBYTES, public_key->data, p->CRYPTO_PUBLICKEYBYTES);
+ //SHAKE256(tr, CRHBYTES, public_key->data, p->CRYPTO_PUBLICKEYBYTES);
+ shake256(tr, CRHBYTES, public_key->data, p->CRYPTO_PUBLICKEYBYTES);
dilithium_pack_sk(private_key->data, rho, key, tr, &s1, &s2, &t0, p);
free(p);
@@ -222,7 +225,8 @@ int dilithium_crypto_sign( dilithium_signature_t *sig, const unsigned char *m, u
for(i = 0; i < CRHBYTES; ++i)
sig->sig_data[p->CRYPTO_BYTES - CRHBYTES + i] = tr[i];
- SHAKE256(mu, CRHBYTES, sig->sig_data + p->CRYPTO_BYTES - CRHBYTES, CRHBYTES + mlen);
+ //SHAKE256(mu, CRHBYTES, sig->sig_data + p->CRYPTO_BYTES - CRHBYTES, CRHBYTES + mlen);
+ shake256(mu, CRHBYTES, sig->sig_data + p->CRYPTO_BYTES - CRHBYTES, CRHBYTES + mlen);
expand_mat(mat, rho, p);
polyvecl_ntt(&s1, p);
@@ -347,8 +351,10 @@ int dilithium_crypto_sign_open( unsigned char *m, unsigned long long mlen, dilit
for(i = 0; i < mlen; ++i)
tmp_m[CRHBYTES + i] = m[i];
- SHAKE256(tmp_m, CRHBYTES, public_key->data, p->CRYPTO_PUBLICKEYBYTES);
- SHAKE256(mu, CRHBYTES, tmp_m, CRHBYTES + mlen);
+ //SHAKE256(tmp_m, CRHBYTES, public_key->data, p->CRYPTO_PUBLICKEYBYTES);
+ //SHAKE256(mu, CRHBYTES, tmp_m, CRHBYTES + mlen);
+ shake256(tmp_m, CRHBYTES, public_key->data, p->CRYPTO_PUBLICKEYBYTES);
+ shake256(mu, CRHBYTES, tmp_m, CRHBYTES + mlen);
free(tmp_m);
expand_mat(mat, rho, p);