* cipher/kyber-kdep.c (polyvec_compress, polyvec_compress): Generate mask with const-time helper function. --
Signed-off-by: Jussi Kivilinna <[email protected]> --- cipher/kyber-kdep.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cipher/kyber-kdep.c b/cipher/kyber-kdep.c index e97e0c45..2fc0ea7b 100644 --- a/cipher/kyber-kdep.c +++ b/cipher/kyber-kdep.c @@ -571,7 +571,7 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], const polyvec *a) for(j=0;j<KYBER_N/8;j++) { for(k=0;k<8;k++) { t[k] = a->vec[i].coeffs[8*j+k]; - t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; + t[k] += ct_ulong_gen_mask((uint16_t)t[k] >> 15) & KYBER_Q; /* t[k] = ((((uint32_t)t[k] << 11) + KYBER_Q/2)/KYBER_Q) & 0x7ff; */ d0 = t[k]; d0 <<= 11; @@ -602,7 +602,7 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], const polyvec *a) for(j=0;j<KYBER_N/4;j++) { for(k=0;k<4;k++) { t[k] = a->vec[i].coeffs[4*j+k]; - t[k] += ((int16_t)t[k] >> 15) & KYBER_Q; + t[k] += ct_ulong_gen_mask((uint16_t)t[k] >> 15) & KYBER_Q; /* t[k] = ((((uint32_t)t[k] << 10) + KYBER_Q/2)/ KYBER_Q) & 0x3ff; */ d0 = t[k]; d0 <<= 10; -- 2.48.1 _______________________________________________ Gcrypt-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
