Merge pull request #120 from formosa-crypto/fix/keccak_spill

tfaoliveira-sb · web-flow · commit b0940068243f · 2024-04-19T14:41:19.000+01:00
fix keccak ref1 remove spill
diff --git a/src/common/keccak/keccak1600/amd64/ref1/keccakf1600.jinc b/src/common/keccak/keccak1600/amd64/ref1/keccakf1600.jinc
@@ -130,23 +130,20 @@ inline fn __round_ref1(reg ptr u64[25] e a, reg u64 rc) -> reg ptr u64[25]
 inline fn __keccakf1600_ref1(reg ptr u64[25] a) -> reg ptr u64[25]
 {
   reg ptr u64[24] RC;
-  stack ptr u64[24] s_RC;
   stack u64[25] s_e;
   reg ptr u64[25] e;
+
   reg u64 c rc;
 
   RC = KECCAK1600_RC;
-  s_RC = RC;
   e = s_e;
 
   c = 0;
   while (c < KECCAK_ROUNDS - 1)
   {
-    RC = s_RC;
     rc = RC[(int) c];
     e = __round_ref1(e, a, rc);
 
-    RC = s_RC;
     rc = RC[(int) c + 1];
     a = __round_ref1(a, e, rc);
 
diff --git a/src/crypto_kem/kyber/kyber768/amd64/ref/indcpa.jinc b/src/crypto_kem/kyber/kyber768/amd64/ref/indcpa.jinc
@@ -98,6 +98,9 @@ fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[KYB
   reg u64 ctp;
   reg u16 t;
   reg u8 nonce;
+  stack ptr u8[KYBER_SYMBYTES] noiseseed_s;
+
+  noiseseed_s = noiseseed;
 
   pkpv = __polyvec_frombytes(pkp);
 
@@ -116,20 +119,31 @@ fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[KYB
 
   aat = __gen_matrix(publicseed, 1);
 
+  noiseseed = noiseseed_s;
   nonce = 0;
   sp[0:KYBER_N] = _poly_getnoise(sp[0:KYBER_N], noiseseed, nonce);
+
+  noiseseed = noiseseed_s;
   nonce = 1;
   sp[KYBER_N:KYBER_N] = _poly_getnoise(sp[KYBER_N:KYBER_N], noiseseed, nonce);
+
+  noiseseed = noiseseed_s;
   nonce = 2;
   sp[2*KYBER_N:KYBER_N] = _poly_getnoise(sp[2*KYBER_N:KYBER_N], noiseseed, nonce);
 
+  noiseseed = noiseseed_s;
   nonce = 3;
   ep[0:KYBER_N] = _poly_getnoise(ep[0:KYBER_N], noiseseed, nonce);
+
+  noiseseed = noiseseed_s;
   nonce = 4;
   ep[KYBER_N:KYBER_N] = _poly_getnoise(ep[KYBER_N:KYBER_N], noiseseed, nonce);
+
+  noiseseed = noiseseed_s;
   nonce = 5;
   ep[2*KYBER_N:KYBER_N] = _poly_getnoise(ep[2*KYBER_N:KYBER_N], noiseseed, nonce);
 
+  noiseseed = noiseseed_s;
   nonce = 6;
   epp = _poly_getnoise(epp, noiseseed, nonce);
 
@@ -167,6 +181,9 @@ fn __iindcpa_enc(reg ptr u8[KYBER_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp,
   reg u16 t;
   reg u8 nonce;
   stack ptr u8[KYBER_CT_LEN] sctp;
+  stack ptr u8[KYBER_SYMBYTES] noiseseed_s;
+
+  noiseseed_s = noiseseed;
 
   sctp = ctp;
 
@@ -187,20 +204,31 @@ fn __iindcpa_enc(reg ptr u8[KYBER_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp,
 
   aat = __gen_matrix(publicseed, 1);
 
+  noiseseed = noiseseed_s;
   nonce = 0;
   sp[0:KYBER_N] = _poly_getnoise(sp[0:KYBER_N], noiseseed, nonce);
+
+  noiseseed = noiseseed_s;
   nonce = 1;
   sp[KYBER_N:KYBER_N] = _poly_getnoise(sp[KYBER_N:KYBER_N], noiseseed, nonce);
+
+  noiseseed = noiseseed_s;
   nonce = 2;
   sp[2*KYBER_N:KYBER_N] = _poly_getnoise(sp[2*KYBER_N:KYBER_N], noiseseed, nonce);
 
+  noiseseed = noiseseed_s;
   nonce = 3;
   ep[0:KYBER_N] = _poly_getnoise(ep[0:KYBER_N], noiseseed, nonce);
+
+  noiseseed = noiseseed_s;
   nonce = 4;
   ep[KYBER_N:KYBER_N] = _poly_getnoise(ep[KYBER_N:KYBER_N], noiseseed, nonce);
+
+  noiseseed = noiseseed_s;
   nonce = 5;
   ep[2*KYBER_N:KYBER_N] = _poly_getnoise(ep[2*KYBER_N:KYBER_N], noiseseed, nonce);
 
+  noiseseed = noiseseed_s;
   nonce = 6;
   epp = _poly_getnoise(epp, noiseseed, nonce);
 
