diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-03-22 12:51:49 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-03-22 12:51:49 +0700 |
| commit | 8a89eb9a466a64285c67998f0ce1bc257bd9e8d2 (patch) | |
| tree | 51a8ef57606f68ed40e58a042c09765487ab5e59 | |
| parent | BIKE: address side-channel vulnerability in ConvertToCompact() (diff) | |
| download | BouncyCastle.NET-ed25519-8a89eb9a466a64285c67998f0ce1bc257bd9e8d2.tar.xz | |
Falcon: delay complete_private() verify failure for potential vulnerability
| -rw-r--r-- | crypto/src/pqc/crypto/falcon/FalconVrfy.cs | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/src/pqc/crypto/falcon/FalconVrfy.cs b/crypto/src/pqc/crypto/falcon/FalconVrfy.cs index 4f28a77d9..a678937d5 100644 --- a/crypto/src/pqc/crypto/falcon/FalconVrfy.cs +++ b/crypto/src/pqc/crypto/falcon/FalconVrfy.cs @@ -712,6 +712,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Falcon sbyte[] fsrc, int f, sbyte[] gsrc, int g, sbyte[] Fsrc, int F, uint logn, ushort[] tmpsrc, int tmp) { + int success = 1; int u, n; int t1, t2; @@ -732,7 +733,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Falcon mq_NTT(tmpsrc, t2, logn); for (u = 0; u < n; u ++) { if (tmpsrc[t2+u] == 0) { - return 0; + success = 0; } tmpsrc[t1+u] = (ushort)mq_div_12289(tmpsrc[t1+u], tmpsrc[t2+u]); } @@ -746,11 +747,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Falcon //gi = *(int *)&w; gi = (int)w; if (gi < -127 || gi > +127) { - return 0; + success = 0; } Gsrc[G+u] = (sbyte)gi; } - return 1; + return success; } internal int is_invertible( |