mirror of
https://gogs.blitter.com/RLabs/xs
synced 2024-08-14 10:26:42 +00:00
f5be3578a8
2/3 Added vendor/ dir to lock down dependent pkg versions.
The author of git.schwanenlied.me/yawning/{chacha20,newhope,kyber}.git has copied
their repos to gitlab.com/yawning/ but some imports of chacha20 from newhope still
inconsistently refer to git.schwanenlied.me/, breaking build.
Licenses for chacha20 also changed from CC0 to AGPL, which may or may not be an
issue. Until the two aforementioned issues are resolved, locking to last-good
versions is probably the best way forward for now.
To build with vendored deps, use make VENDOR=1 clean all
3/3 Moved body of CI push script into bacillus/
43 lines
1.1 KiB
Go
43 lines
1.1 KiB
Go
// reduce.go - Montgomery, Barret, and Full reduction.
|
|
//
|
|
// To the extent possible under law, Yawning Angel has waived all copyright
|
|
// and related or neighboring rights to the software, using the Creative
|
|
// Commons "CC0" public domain dedication. See LICENSE or
|
|
// <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
|
|
|
|
package kyber
|
|
|
|
const (
|
|
qinv = 7679 // -inverse_mod(q,2^18)
|
|
rlog = 18
|
|
)
|
|
|
|
// Montgomery reduction; given a 32-bit integer a, computes 16-bit integer
|
|
// congruent to a * R^-1 mod q, where R=2^18 (see value of rlog).
|
|
func montgomeryReduce(a uint32) uint16 {
|
|
u := a * qinv
|
|
u &= (1 << rlog) - 1
|
|
u *= kyberQ
|
|
a += u
|
|
return uint16(a >> rlog)
|
|
}
|
|
|
|
// Barrett reduction; given a 16-bit integer a, computes 16-bit integer
|
|
// congruent to a mod q in {0,...,11768}.
|
|
func barrettReduce(a uint16) uint16 {
|
|
u := uint32(a >> 13) // ((uint32_t) a * sinv) >> 16
|
|
u *= kyberQ
|
|
a -= uint16(u)
|
|
return a
|
|
}
|
|
|
|
// Full reduction; given a 16-bit integer a, computes unsigned integer a mod q.
|
|
func freeze(x uint16) uint16 {
|
|
r := barrettReduce(x)
|
|
|
|
m := r - kyberQ
|
|
c := int16(m)
|
|
c >>= 15
|
|
r = m ^ ((r ^ m) & uint16(c))
|
|
return r
|
|
}
|