Add init_msfs in crypto_sign

src/common/keccak/keccak1600/amd64/ref1_nomsf/keccakf1600.jinc

@@ -127,11 +127,11 @@ inline fn __round_ref1(reg ptr u64[25] e a, stack u64 s_rc) -> reg ptr u64[25]
 inline fn __keccakf1600_ref1(reg ptr u64[25] a) -> reg ptr u64[25]
 {
   reg ptr u64[24] RC;
-  stack ptr u64[24] s_RC;
+  reg ptr u64[24] s_RC;
   stack u64[25] s_e;
   reg ptr u64[25] e;
   reg u64 c rc;
-  stack u64 s_c s_rc;
+  #mmx reg u64 s_c s_rc;
 
   RC = KECCAK1600_RC;
   s_RC = RC;

src/crypto_sign/dilithium/common/amd64/avx2/expandA.jinc

@@ -63,6 +63,8 @@ fn expandA_poly_extract(reg ptr u32[Li2_polydeg] poly,
 			xof_offset += 1;
 		}
 
+    _ = #init_msf();
+
 		// There are now 3 bytes in vs[ii] ready for rejection sample
 		coeff = vs[0];
 		vs[1] <<= 8;
@@ -107,8 +109,8 @@ fn expandA_chunk(
 {	
 	stack u256[25] xof;
 
-	stack u64[4] coeffs_filled;
-	stack u64[4] xof_offset;
+	reg u64[4] coeffs_filled;
+	reg u64[4] xof_offset;
 	reg u64 lane;
 
 	reg u256 v256 v256_zero;
@@ -131,7 +133,7 @@ fn expandA_chunk(
 		v64 = #LEA_64(0x1F0000 + v64);
 		xof[u64 16 + (int) lane] = v64;
 	}
-	?{}, v256_zero = #set0_256();
+	v256_zero = #set0_256();
 	for ii = 5 to 20 {
 		xof[ii] = v256_zero;
 	}
@@ -156,6 +158,8 @@ fn expandA_chunk(
 			xof_offset[lane] = 0;
 		}
 
+    _ = #init_msf();
+
 		lane = 0;
 		_, _, _, _, zf = #TEST_8(done, 1 << lane);
 		if zf {

src/crypto_sign/dilithium/common/amd64/expandS.jinc

@@ -44,6 +44,7 @@ fn expandSEta2_poly(stack u8[64] rho_prime, reg u16 elem_idx, reg ptr u32[Li2_po
 		t1 = t0;
 		offset += 1;
 
+    _ = #init_msf();
 		// t0 = buf[pos] & 0x0F;
 		t0 &= 0x0F;
 		if t0 < 15 {
@@ -144,4 +145,4 @@ fn expandSEta4_poly(stack u8[64] rho_prime, reg u16 elem_idx, reg ptr u32[Li2_po
 		}
 	}
 	return poly;
-}
+}

src/crypto_sign/dilithium/common/amd64/hashing_end.jinc

@@ -32,6 +32,7 @@ fn shake256_of_pk(reg ptr u8[Li2_PK_LEN] pk, reg ptr u8[32] out)
 		ptr_state = 0;
 		while(ptr_state < SHAKE256_RATE) {
 			addr = ptr_pk;
+      _ = #init_msf();
 			c = pk[(int) addr];
 
 			addr = ptr_state;
@@ -43,8 +44,12 @@ fn shake256_of_pk(reg ptr u8[Li2_PK_LEN] pk, reg ptr u8[32] out)
 		state_rsp = __keccakf1600_ref(state_rsp);
 	}
 
+  reg bool ble;
 	ptr_state = 0;
-	while(ptr_pk < Li2_PK_LEN) {
+	while {
+      ble = ptr_pk < Li2_PK_LEN;
+      _ = #init_msf();
+  } (ble) {
 		addr = ptr_pk;
 		c = pk[(int) addr];
 
@@ -56,6 +61,7 @@ fn shake256_of_pk(reg ptr u8[Li2_PK_LEN] pk, reg ptr u8[32] out)
 	}
 
 	addr = ptr_state;
+  _ = #init_msf();
 	state_rsp[u8 (int) addr] ^= 0x1f;
 	state_rsp[u8 SHAKE256_RATE-1] ^= 0x80;
 

src/crypto_sign/dilithium/common/amd64/keygen_end.jinc

@@ -130,14 +130,16 @@ fn keygen(reg u64 pk_ptr sk_ptr)
 	pk, sk = keygen_inner(random_zeta_p);
 
   pk_ptr = pk_ptr_s;
+  sk_ptr = sk_ptr_s;
+  _ = #init_msf();
+
 	i = 0;
 	while(i < Li2_PK_LEN) {
 		c = pk[(int) i];
 		(u8)[pk_ptr + i] = c;
 		i += 1;
 	}
 
-  sk_ptr = sk_ptr_s;
 	i = 0;
 	while(i < Li2_SK_LEN) {
 		c = sk[(int) i];

src/crypto_sign/falcon/falcon512/amd64/avx2/sign.jazz

@@ -5,12 +5,12 @@ require "verify.jinc"
 require "sign.jinc"
 
 export fn jade_sign_falcon_falcon512_amd64_avx2_open(
-  reg u64 message
+  #public reg u64 message
           message_length
           signed_message
           signed_message_length
           public_key
-  ) -> reg u64
+  ) -> #public reg u64
 {
   reg u64 r;
 

src/crypto_sign/falcon/falcon512/common/amd64/common.jinc

@@ -14,13 +14,15 @@ fn __is_short(stack u16[ARRAY_N] s1 s2) -> reg u32
   i = 0;
   while(i < ARRAY_N)
   {
+    #declassify
     z = (32s)s1[(int)i];
     t = z;
     t *= z;
     s += t;
     s = s;
     ng |= s;
 
+    #declassify
     z = (32s)s2[(int)i];
     t = z;
     t *= z;
@@ -36,6 +38,7 @@ fn __is_short(stack u16[ARRAY_N] s1 s2) -> reg u32
   s |= t;
   t = BOUND;
 
+  _ = #init_msf();
   if(s <= BOUND)
   { res = 1; }
   else

src/crypto_sign/falcon/falcon512/common/amd64/encode_decode.jinc

@@ -22,14 +22,19 @@ inline fn __modq_decode_8(
 
   while(out_i < out_e)
   {
-    acc <<= 8; t = (32u)(u8)[in]; in += 1; acc |= t;
+    acc <<= 8;
+    #declassify
+    t = (32u)(u8)[in];
+    in += 1;
+    acc |= t;
     acc_len += 8;
 
     if(acc_len >= 14)
     {
       acc_len -= 14;
       w = acc; w >>= (acc_len & 31); w &= 0x3fff;
 
+      _ = #init_msf();
       if(w >= 12289)
       { is_zero = 1; }
 

src/crypto_sign/falcon/falcon512/common/amd64/shake256.jinc

@@ -1,24 +1,24 @@
 
-from Jade require "common/keccak/keccak1600/amd64/ref1_nomsf/keccak1600.jinc"
+from Jade require "common/keccak/keccak1600/amd64/mmx1/keccak1600.jinc"
 
 param int SHAKE256_RATE = 136;
 
 inline
 fn __shake256_absorb(stack u64[25] state, reg u64 in inlen) -> stack u64[25] {
 
-    reg u8 trail_byte;
+    reg u64 trail_byte;
     reg u64 rate;
-    stack u8 s_trail_byte;
+    #mmx reg u64 s_trail_byte;
     reg ptr u64[25] state_ptr;
 
     trail_byte = 0x1f;
     s_trail_byte = trail_byte;
     rate = SHAKE256_RATE;
 
     state_ptr = state;
-    state_ptr = __keccak_init_ref1(state_ptr);
+    state_ptr = __keccak_init_mmx1(state_ptr);
 
-    state_ptr, rate = __absorb_ref1(state_ptr, in, inlen, s_trail_byte, rate);
+    state_ptr, rate = __absorb_mmx1(state_ptr, in, inlen, s_trail_byte, rate);
     state = state_ptr;
 
     return state;
@@ -37,7 +37,7 @@ fn __shake256_squeezeblock(stack u64[25] state, reg ptr u8[SHAKE256_RATE] out) -
   s_out = out;
 
   state_ptr = state;
-  state_ptr = __keccakf1600_ref1(state_ptr);
+  state_ptr = __keccakf1600_mmx1(state_ptr);
   state = state_ptr;
 
   out = s_out;