ML-DSA constant-time hardening for caddq, poly_chknorm, decompose#2602
ML-DSA constant-time hardening for caddq, poly_chknorm, decompose#2602
Conversation
Based on pq-code-package/mldsa-native#371. Signed-off-by: dkostic <dkostic@amazon.com>
| int32_t ml_dsa_caddq(int32_t a) { | ||
| a += (a >> 31) & ML_DSA_Q; | ||
| // a = a < 0 ? a + Q : a; | ||
| a = constant_time_select_int(constant_time_msb_w(a), a + ML_DSA_Q, a); |
There was a problem hiding this comment.
warning: call to undeclared function 'constant_time_msb_w'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
a = constant_time_select_int(constant_time_msb_w(a), a + ML_DSA_Q, a);
^| int32_t ml_dsa_caddq(int32_t a) { | ||
| a += (a >> 31) & ML_DSA_Q; | ||
| // a = a < 0 ? a + Q : a; | ||
| a = constant_time_select_int(constant_time_msb_w(a), a + ML_DSA_Q, a); |
There was a problem hiding this comment.
warning: call to undeclared function 'constant_time_select_int'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
a = constant_time_select_int(constant_time_msb_w(a), a + ML_DSA_Q, a);
^| a1 = (a1*11275 + (1 << 23)) >> 24; | ||
| a1 ^= ((43 - a1) >> 31) & a1; | ||
| // a1 = 43 < a1 ? 0 : a1; | ||
| a1 = constant_time_select_int(constant_time_msb_w(43 - a1), 0, a1); |
There was a problem hiding this comment.
warning: call to undeclared function 'constant_time_msb_w'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
a1 = constant_time_select_int(constant_time_msb_w(43 - a1), 0, a1);
^| a1 = (a1*11275 + (1 << 23)) >> 24; | ||
| a1 ^= ((43 - a1) >> 31) & a1; | ||
| // a1 = 43 < a1 ? 0 : a1; | ||
| a1 = constant_time_select_int(constant_time_msb_w(43 - a1), 0, a1); |
There was a problem hiding this comment.
warning: call to undeclared function 'constant_time_select_int'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
a1 = constant_time_select_int(constant_time_msb_w(43 - a1), 0, a1);
^
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2602 +/- ##
=======================================
Coverage 78.68% 78.68%
=======================================
Files 645 645
Lines 110738 110744 +6
Branches 15656 15661 +5
=======================================
+ Hits 87132 87144 +12
+ Misses 22915 22910 -5
+ Partials 691 690 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Issues:
N/A
Description of changes:
ML-DSA constant-time hardening for caddq, poly_chknorm, decompose
Based on pq-code-package/mldsa-native#371.
Call-outs:
Point out areas that need special attention or support during the review process. Discuss architecture or design changes.
Testing:
How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.