More ML-KEM cast fixes

Frauschi · Frauschi · commit 6d92a19d4ae9 · 2026-02-23T15:24:19.000+01:00
diff --git a/wolfcrypt/src/wc_mlkem_poly.c b/wolfcrypt/src/wc_mlkem_poly.c
@@ -1816,7 +1816,7 @@ static void mlkem_keygen_c(sword16* s, sword16* t, sword16* e, const sword16* a,
     /* For each polynomial in the vectors.
      * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
     for (i = 0; i < k; ++i) {
-        unsigned int j;
+        int j;
 
         /* Multiply a by private into public polynomial.
          * Step 18: ... A_hat o s_hat ... */
@@ -1825,8 +1825,8 @@ static void mlkem_keygen_c(sword16* s, sword16* t, sword16* e, const sword16* a,
         /* Convert public polynomial to Montgomery form.
          * Step 18: ... MontRed(A_hat o s_hat) ... */
         for (j = 0; j < MLKEM_N; ++j) {
-            sword32 n = t[(unsigned int)i * MLKEM_N + j] * (sword32)MLKEM_F;
-            t[(unsigned int)i * MLKEM_N + j] = MLKEM_MONT_RED(n);
+            sword32 n = t[i * MLKEM_N + j] * (sword32)MLKEM_F;
+            t[i * MLKEM_N + j] = MLKEM_MONT_RED(n);
         }
         /* Transform error values polynomial.
          * Step 17: e_hat = NTT(e) */
@@ -1835,9 +1835,8 @@ static void mlkem_keygen_c(sword16* s, sword16* t, sword16* e, const sword16* a,
         /* Add errors to public key and reduce.
          * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
         for (j = 0; j < MLKEM_N; ++j) {
-            sword16 n = (sword16)(t[(unsigned int)i * MLKEM_N + j] +
-                                  e[(unsigned int)i * MLKEM_N + j]);
-            t[(unsigned int)i * MLKEM_N + j] = MLKEM_BARRETT_RED(n);
+            sword16 n = (sword16)(t[i * MLKEM_N + j] + e[i * MLKEM_N + j]);
+            t[i * MLKEM_N + j] = MLKEM_BARRETT_RED(n);
         }
 #else
         /* Add errors to public key and reduce.
@@ -1919,7 +1918,7 @@ int mlkem_keygen_seeds(sword16* s, sword16* t, MLKEM_PRF_T* prf,
     /* For each polynomial in the vectors.
      * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
     for (i = 0; i < k; ++i) {
-        unsigned int j;
+        int j;
 
         /* Generate a vector of matrix A.
          * Steps 4-6: generate A[i] */
@@ -1934,8 +1933,8 @@ int mlkem_keygen_seeds(sword16* s, sword16* t, MLKEM_PRF_T* prf,
         /* Convert public polynomial to Montgomery form.
          * Step 18: ... MontRed(A_hat o s_hat) ... */
         for (j = 0; j < MLKEM_N; ++j) {
-            sword32 n = t[(unsigned int)i * MLKEM_N + j] * (sword32)MLKEM_F;
-            t[(unsigned int)i * MLKEM_N + j] = MLKEM_MONT_RED(n);
+            sword32 n = t[i * MLKEM_N + j] * (sword32)MLKEM_F;
+            t[i * MLKEM_N + j] = MLKEM_MONT_RED(n);
         }
 
         /* Generate noise using PRF.
@@ -1951,8 +1950,8 @@ int mlkem_keygen_seeds(sword16* s, sword16* t, MLKEM_PRF_T* prf,
         /* Add errors to public key and reduce.
          * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
         for (j = 0; j < MLKEM_N; ++j) {
-            sword16 n = (sword16)(t[(unsigned int)i * MLKEM_N + j] + e[j]);
-            t[(unsigned int)i * MLKEM_N + j] = MLKEM_BARRETT_RED(n);
+            sword16 n = (sword16)(t[i * MLKEM_N + j] + e[j]);
+            t[i * MLKEM_N + j] = MLKEM_BARRETT_RED(n);
         }
 #else
         /* Add errors to public key and reduce.
@@ -1996,7 +1995,7 @@ static void mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v,
 
     /* For each polynomial in the vectors. */
     for (i = 0; i < k; ++i) {
-        unsigned int j;
+        int j;
 
         /* Multiply at by y into u polynomial. */
         mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y,
@@ -2006,36 +2005,35 @@ static void mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v,
         /* Add errors to u and reduce. */
 #if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
         for (j = 0; j < MLKEM_N; ++j) {
-            sword16 t = (sword16)(u[(unsigned int)i * MLKEM_N + j] +
-                                  e1[(unsigned int)i * MLKEM_N + j]);
-            u[(unsigned int)i * MLKEM_N + j] = MLKEM_BARRETT_RED(t);
+            sword16 t = (sword16)(u[i * MLKEM_N + j] + e1[i * MLKEM_N + j]);
+            u[i * MLKEM_N + j] = MLKEM_BARRETT_RED(t);
         }
 #else
         for (j = 0; j < MLKEM_N; j += 8) {
-            sword16 t0 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 0] +
-                                   e1[(unsigned int)i * MLKEM_N + j + 0]);
-            sword16 t1 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 1] +
-                                   e1[(unsigned int)i * MLKEM_N + j + 1]);
-            sword16 t2 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 2] +
-                                   e1[(unsigned int)i * MLKEM_N + j + 2]);
-            sword16 t3 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 3] +
-                                   e1[(unsigned int)i * MLKEM_N + j + 3]);
-            sword16 t4 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 4] +
-                                   e1[(unsigned int)i * MLKEM_N + j + 4]);
-            sword16 t5 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 5] +
-                                   e1[(unsigned int)i * MLKEM_N + j + 5]);
-            sword16 t6 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 6] +
-                                   e1[(unsigned int)i * MLKEM_N + j + 6]);
-            sword16 t7 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 7] +
-                                   e1[(unsigned int)i * MLKEM_N + j + 7]);
-            u[(unsigned int)i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0);
-            u[(unsigned int)i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1);
-            u[(unsigned int)i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2);
-            u[(unsigned int)i * MLKEM_N + j + 3] = MLKEM_BARRETT_RED(t3);
-            u[(unsigned int)i * MLKEM_N + j + 4] = MLKEM_BARRETT_RED(t4);
-            u[(unsigned int)i * MLKEM_N + j + 5] = MLKEM_BARRETT_RED(t5);
-            u[(unsigned int)i * MLKEM_N + j + 6] = MLKEM_BARRETT_RED(t6);
-            u[(unsigned int)i * MLKEM_N + j + 7] = MLKEM_BARRETT_RED(t7);
+            sword16 t0 = (sword16)(u[i * MLKEM_N + j + 0] +
+                                   e1[i * MLKEM_N + j + 0]);
+            sword16 t1 = (sword16)(u[i * MLKEM_N + j + 1] +
+                                   e1[i * MLKEM_N + j + 1]);
+            sword16 t2 = (sword16)(u[i * MLKEM_N + j + 2] +
+                                   e1[i * MLKEM_N + j + 2]);
+            sword16 t3 = (sword16)(u[i * MLKEM_N + j + 3] +
+                                   e1[i * MLKEM_N + j + 3]);
+            sword16 t4 = (sword16)(u[i * MLKEM_N + j + 4] +
+                                   e1[i * MLKEM_N + j + 4]);
+            sword16 t5 = (sword16)(u[i * MLKEM_N + j + 5] +
+                                   e1[i * MLKEM_N + j + 5]);
+            sword16 t6 = (sword16)(u[i * MLKEM_N + j + 6] +
+                                   e1[i * MLKEM_N + j + 6]);
+            sword16 t7 = (sword16)(u[i * MLKEM_N + j + 7] +
+                                   e1[i * MLKEM_N + j + 7]);
+            u[i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0);
+            u[i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1);
+            u[i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2);
+            u[i * MLKEM_N + j + 3] = MLKEM_BARRETT_RED(t3);
+            u[i * MLKEM_N + j + 4] = MLKEM_BARRETT_RED(t4);
+            u[i * MLKEM_N + j + 5] = MLKEM_BARRETT_RED(t5);
+            u[i * MLKEM_N + j + 6] = MLKEM_BARRETT_RED(t6);
+            u[i * MLKEM_N + j + 7] = MLKEM_BARRETT_RED(t7);
         }
 #endif
     }
@@ -2112,7 +2110,7 @@ int mlkem_encapsulate_seeds(const sword16* pub, MLKEM_PRF_T* prf, sword16* u,
 
     /* For each polynomial in the vectors. */
     for (i = 0; i < k; ++i) {
-        unsigned int j;
+        int j;
 
         /* Generate a vector of matrix A. */
         ret = mlkem_gen_matrix_i(prf, a, k, seed, i, 1);
@@ -2133,35 +2131,27 @@ int mlkem_encapsulate_seeds(const sword16* pub, MLKEM_PRF_T* prf, sword16* u,
         /* Add errors to u and reduce. */
 #if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
         for (j = 0; j < MLKEM_N; ++j) {
-            sword16 t = (sword16)(u[(unsigned int)i * MLKEM_N + j] + e1[j]);
-            u[(unsigned int)i * MLKEM_N + j] = MLKEM_BARRETT_RED(t);
+            sword16 t = (sword16)(u[i * MLKEM_N + j] + e1[j]);
+            u[i * MLKEM_N + j] = MLKEM_BARRETT_RED(t);
         }
 #else
         for (j = 0; j < MLKEM_N; j += 8) {
-            sword16 t0 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 0] +
-                                   e1[j + 0]);
-            sword16 t1 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 1] +
-                                   e1[j + 1]);
-            sword16 t2 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 2] +
-                                   e1[j + 2]);
-            sword16 t3 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 3] +
-                                   e1[j + 3]);
-            sword16 t4 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 4] +
-                                   e1[j + 4]);
-            sword16 t5 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 5] +
-                                   e1[j + 5]);
-            sword16 t6 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 6] +
-                                   e1[j + 6]);
-            sword16 t7 = (sword16)(u[(unsigned int)i * MLKEM_N + j + 7] +
-                                   e1[j + 7]);
-            u[(unsigned int)i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0);
-            u[(unsigned int)i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1);
-            u[(unsigned int)i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2);
-            u[(unsigned int)i * MLKEM_N + j + 3] = MLKEM_BARRETT_RED(t3);
-            u[(unsigned int)i * MLKEM_N + j + 4] = MLKEM_BARRETT_RED(t4);
-            u[(unsigned int)i * MLKEM_N + j + 5] = MLKEM_BARRETT_RED(t5);
-            u[(unsigned int)i * MLKEM_N + j + 6] = MLKEM_BARRETT_RED(t6);
-            u[(unsigned int)i * MLKEM_N + j + 7] = MLKEM_BARRETT_RED(t7);
+            sword16 t0 = (sword16)(u[i * MLKEM_N + j + 0] + e1[j + 0]);
+            sword16 t1 = (sword16)(u[i * MLKEM_N + j + 1] + e1[j + 1]);
+            sword16 t2 = (sword16)(u[i * MLKEM_N + j + 2] + e1[j + 2]);
+            sword16 t3 = (sword16)(u[i * MLKEM_N + j + 3] + e1[j + 3]);
+            sword16 t4 = (sword16)(u[i * MLKEM_N + j + 4] + e1[j + 4]);
+            sword16 t5 = (sword16)(u[i * MLKEM_N + j + 5] + e1[j + 5]);
+            sword16 t6 = (sword16)(u[i * MLKEM_N + j + 6] + e1[j + 6]);
+            sword16 t7 = (sword16)(u[i * MLKEM_N + j + 7] + e1[j + 7]);
+            u[i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0);
+            u[i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1);
+            u[i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2);
+            u[i * MLKEM_N + j + 3] = MLKEM_BARRETT_RED(t3);
+            u[i * MLKEM_N + j + 4] = MLKEM_BARRETT_RED(t4);
+            u[i * MLKEM_N + j + 5] = MLKEM_BARRETT_RED(t5);
+            u[i * MLKEM_N + j + 6] = MLKEM_BARRETT_RED(t6);
+            u[i * MLKEM_N + j + 7] = MLKEM_BARRETT_RED(t7);
         }
 #endif
     }
@@ -2444,11 +2434,11 @@ static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
     for (k = 0; k < 2; k++) {
         for (i = 0; i < 4; i++) {
             if (!transposed) {
-                state[4*4 + i] = (word64)(0x1f0000 + (((k*4+i)/3) << 8) +
+                state[4*4 + i] = (word32)(0x1f0000 + (((k*4+i)/3) << 8) +
                                           ((k*4+i)%3));
             }
             else {
-                state[4*4 + i] = (word64)(0x1f0000 + (((k*4+i)%3) << 8) +
+                state[4*4 + i] = (word32)(0x1f0000 + (((k*4+i)%3) << 8) +
                                           ((k*4+i)/3));
 
             }
@@ -2600,10 +2590,10 @@ static int mlkem_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed)
     for (k = 0; k < 4; k++) {
         for (i = 0; i < 4; i++) {
             if (!transposed) {
-                state[4*4 + i] = (word64)(0x1f0000 + (k << 8) + i);
+                state[4*4 + i] = (word32)(0x1f0000 + (k << 8) + i);
             }
             else {
-                state[4*4 + i] = (word64)(0x1f0000 + (i << 8) + k);
+                state[4*4 + i] = (word32)(0x1f0000 + (i << 8) + k);
             }
         }
 
@@ -4116,7 +4106,7 @@ static void mlkem_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o)
     word64 state[25 * 4];
 
     for (i = 0; i < 4; i++) {
-        state[4*4 + i] = (word64)(0x1f00 + i + o);
+        state[4*4 + i] = (word32)(0x1f00 + i + o);
     }
 
     sha3_256_blocksx4_seed_avx2(state, seed);
