From 3ead8ca270c5d00e1b3cc90210cdaecd9dbde26b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 12 Jan 2025 20:32:41 +0000 Subject: [PATCH] Remove need for STATIC_ASSERT by rewriting bounds check with #if We conduct some basic static sanity checks on the values of NTT_BOUND and INVNTT_BOUND. Previously, those checks were done using a `STATIC_ASSERT` macro. The `STATIC_ASSERT` macro was otherwise not used. This commit rewrites said bounds checks using plain `#if ...`. It therefore eliminates the need for `STATIC_ASSERT`, which is removed. Signed-off-by: Hanno Becker --- .../monolithic_build/mlkem_native_monobuild.c | 40 ------------------- mlkem/debug/debug.h | 21 ---------- mlkem/indcpa.c | 24 ++++++----- 3 files changed, 13 insertions(+), 72 deletions(-) diff --git a/examples/monolithic_build/mlkem_native_monobuild.c b/examples/monolithic_build/mlkem_native_monobuild.c index 79172e913..4fabd2e13 100644 --- a/examples/monolithic_build/mlkem_native_monobuild.c +++ b/examples/monolithic_build/mlkem_native_monobuild.c @@ -423,46 +423,6 @@ #undef POLYVEC_UBOUND #endif -/* mlkem/debug/debug.h */ -#if defined(MLKEM_CONCAT_) -#undef MLKEM_CONCAT_ -#endif - -/* mlkem/debug/debug.h */ -#if defined(MLKEM_CONCAT) -#undef MLKEM_CONCAT -#endif - -/* mlkem/debug/debug.h */ -#if defined(MLKEM_STATIC_ASSERT_DEFINE) -#undef MLKEM_STATIC_ASSERT_DEFINE -#endif - -/* mlkem/debug/debug.h */ -#if defined(MLKEM_STATIC_ASSERT_ADD_LINE0) -#undef MLKEM_STATIC_ASSERT_ADD_LINE0 -#endif - -/* mlkem/debug/debug.h */ -#if defined(MLKEM_STATIC_ASSERT_ADD_LINE1) -#undef MLKEM_STATIC_ASSERT_ADD_LINE1 -#endif - -/* mlkem/debug/debug.h */ -#if defined(MLKEM_STATIC_ASSERT_ADD_LINE2) -#undef MLKEM_STATIC_ASSERT_ADD_LINE2 -#endif - -/* mlkem/debug/debug.h */ -#if defined(MLKEM_STATIC_ASSERT_ADD_ERROR) -#undef MLKEM_STATIC_ASSERT_ADD_ERROR -#endif - -/* mlkem/debug/debug.h */ -#if defined(STATIC_ASSERT) -#undef STATIC_ASSERT -#endif - /* mlkem/debug/debug.h */ #if defined(CASSERT) #undef CASSERT diff --git a/mlkem/debug/debug.h b/mlkem/debug/debug.h index f0a233940..9a1496fdd 100644 --- a/mlkem/debug/debug.h +++ b/mlkem/debug/debug.h @@ -154,27 +154,6 @@ void mlkem_debug_check_bounds(const char *file, int line, "polyvec unsigned bound for " #ptr ".vec[i]"); \ } while (0) -#define MLKEM_CONCAT_(left, right) left##right -#define MLKEM_CONCAT(left, right) MLKEM_CONCAT_(left, right) - -/* Following AWS-LC to define a C99-compliant static assert */ -#define MLKEM_STATIC_ASSERT_DEFINE(cond, msg) \ - typedef struct \ - { \ - unsigned int MLKEM_CONCAT(static_assertion_, msg) : (cond) ? 1 : -1; \ - } MLKEM_CONCAT(MLKEM_NAMESPACE(static_assertion_), msg) \ - __attribute__((unused)); - -#define MLKEM_STATIC_ASSERT_ADD_LINE0(cond, suffix) \ - MLKEM_STATIC_ASSERT_DEFINE(cond, MLKEM_CONCAT(at_line_, suffix)) -#define MLKEM_STATIC_ASSERT_ADD_LINE1(cond, line, suffix) \ - MLKEM_STATIC_ASSERT_ADD_LINE0(cond, MLKEM_CONCAT(line, suffix)) -#define MLKEM_STATIC_ASSERT_ADD_LINE2(cond, suffix) \ - MLKEM_STATIC_ASSERT_ADD_LINE1(cond, __LINE__, suffix) -#define MLKEM_STATIC_ASSERT_ADD_ERROR(cond, suffix) \ - MLKEM_STATIC_ASSERT_ADD_LINE2(cond, MLKEM_CONCAT(_error_is_, suffix)) -#define STATIC_ASSERT(cond, error) MLKEM_STATIC_ASSERT_ADD_ERROR(cond, error) - #else /* MLKEM_DEBUG */ #define CASSERT(val, msg) \ diff --git a/mlkem/indcpa.c b/mlkem/indcpa.c index 06a1cbbb3..dd50fd025 100644 --- a/mlkem/indcpa.c +++ b/mlkem/indcpa.c @@ -405,9 +405,10 @@ __contract__( } } - - -STATIC_ASSERT(NTT_BOUND + MLKEM_Q < INT16_MAX, indcpa_enc_bound_0) +#if NTT_BOUND > INT16_MAX - MLKEM_Q +#error \ + "The bound for the forward NTT is too large to ensure non-overflow in indcpa_keypair_derand" +#endif MLKEM_NATIVE_INTERNAL_API void indcpa_keypair_derand(uint8_t pk[MLKEM_INDCPA_PUBLICKEYBYTES], @@ -458,7 +459,6 @@ void indcpa_keypair_derand(uint8_t pk[MLKEM_INDCPA_PUBLICKEYBYTES], matvec_mul(&pkpv, a, &skpv, &skpv_cache); polyvec_tomont(&pkpv); - /* Arithmetic cannot overflow, see static assertion at the top */ polyvec_add(&pkpv, &e); polyvec_reduce(&pkpv); polyvec_reduce(&skpv); @@ -468,10 +468,11 @@ void indcpa_keypair_derand(uint8_t pk[MLKEM_INDCPA_PUBLICKEYBYTES], } -/* Check that the arithmetic in indcpa_enc() does not overflow */ -STATIC_ASSERT(INVNTT_BOUND + MLKEM_ETA1 < INT16_MAX, indcpa_enc_bound_0) -STATIC_ASSERT(INVNTT_BOUND + MLKEM_ETA2 + MLKEM_Q < INT16_MAX, - indcpa_enc_bound_1) +#if (INVNTT_BOUND > INT16_MAX - MLKEM_ETA1) || \ + (INVNTT_BOUND > INT16_MAX - MLKEM_ETA2 - MLKEM_Q) +#error \ + "The bound for the inverse NTT is too large to ensure non-overflow in indcpa_enc" +#endif MLKEM_NATIVE_INTERNAL_API void indcpa_enc(uint8_t c[MLKEM_INDCPA_BYTES], @@ -519,7 +520,6 @@ void indcpa_enc(uint8_t c[MLKEM_INDCPA_BYTES], polyvec_invntt_tomont(&b); poly_invntt_tomont(&v); - /* Arithmetic cannot overflow, see static assertion at the top */ polyvec_add(&b, &ep); poly_add(&v, &epp); poly_add(&v, &k); @@ -531,7 +531,10 @@ void indcpa_enc(uint8_t c[MLKEM_INDCPA_BYTES], } /* Check that the arithmetic in indcpa_dec() does not overflow */ -STATIC_ASSERT(INVNTT_BOUND + MLKEM_Q < INT16_MAX, indcpa_dec_bound_0) +#if INVNTT_BOUND > INT16_MAX - MLKEM_Q +#error \ + "The bound for the forward NTT is too large to ensure non-overflow in indcpa_dec" +#endif MLKEM_NATIVE_INTERNAL_API void indcpa_dec(uint8_t m[MLKEM_INDCPA_MSGBYTES], @@ -548,7 +551,6 @@ void indcpa_dec(uint8_t m[MLKEM_INDCPA_MSGBYTES], polyvec_basemul_acc_montgomery(&sb, &skpv, &b); poly_invntt_tomont(&sb); - /* Arithmetic cannot overflow, see static assertion at the top */ poly_sub(&v, &sb); poly_reduce(&v);