ML-KEM: consolidate poly_tomsg

This change now also applies the fix against Kyberslash issue to ARMv8.

Signed-off-by: Stephan Mueller <smueller@chronox.de>

Author: smuellerDD

ml-kem/src/armv8/kyber_poly_armv8.h

@@ -216,28 +216,7 @@ static inline void poly_frommsg(poly *r,
 	}
 }
 
-/**
- * @brief poly_tomsg - Convert polynomial to 32-byte message
- *
- * @param [out] msg pointer to output message
- * @param [in] a pointer to input polynomial
- */
-static inline void poly_tomsg(uint8_t msg[LC_KYBER_INDCPA_MSGBYTES],
-			      const poly *a)
-{
-	unsigned int i, j;
-	uint16_t t;
-
-	for (i = 0; i < LC_KYBER_N / 8; i++) {
-		msg[i] = 0;
-		for (j = 0; j < 8; j++) {
-			t = (uint16_t)a->coeffs[8 * i + j];
-			t += ((int16_t)t >> 15) & LC_KYBER_Q;
-			t = (((t << 1) + LC_KYBER_Q / 2) / LC_KYBER_Q) & 1;
-			msg[i] |= (uint8_t)(t << j);
-		}
-	}
-}
+#include "common/kyber_poly_tomsg.h"
 
 #define POLY_GETNOISE_ETA1_BUFSIZE (LC_KYBER_ETA1 * LC_KYBER_N / 4)
 static inline void

ml-kem/src/common/kyber_poly_tomsg.h

@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2025, Stephan Mueller <smueller@chronox.de>
+ *
+ * License: see LICENSE file in root directory
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
+ * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
+#ifndef KYBER_POLY_TOMSG_H
+#define KYBER_POLY_TOMSG_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief poly_tomsg - Convert polynomial to 32-byte message
+ *
+ * @param [out] msg pointer to output message
+ * @param [in] a pointer to input polynomial
+ */
+static inline void poly_tomsg(uint8_t msg[LC_KYBER_INDCPA_MSGBYTES],
+			      const poly *a)
+{
+	unsigned int i, j;
+	uint32_t t;
+
+	for (i = 0; i < LC_KYBER_N / 8; i++) {
+		msg[i] = 0;
+		for (j = 0; j < 8; j++) {
+			t = (uint32_t)a->coeffs[8 * i + j];
+
+			t <<= 1;
+			t += LC_KYBER_Q - (LC_KYBER_Q / 2);
+			t *= 80635;
+			t >>= 28;
+			t &= 1;
+			msg[i] |= (uint8_t)(t << j);
+		}
+	}
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* KYBER_POLY_TOMSG_H */

ml-kem/src/kyber_poly.h

@@ -209,32 +209,7 @@ static inline void poly_frommsg(poly *r,
 	}
 }
 
-/**
- * @brief poly_tomsg - Convert polynomial to 32-byte message
- *
- * @param [out] msg pointer to output message
- * @param [in] a pointer to input polynomial
- */
-static inline void poly_tomsg(uint8_t msg[LC_KYBER_INDCPA_MSGBYTES],
-			      const poly *a)
-{
-	unsigned int i, j;
-	uint32_t t;
-
-	for (i = 0; i < LC_KYBER_N / 8; i++) {
-		msg[i] = 0;
-		for (j = 0; j < 8; j++) {
-			t = (uint32_t)a->coeffs[8 * i + j];
-
-			t <<= 1;
-			t += LC_KYBER_Q - (LC_KYBER_Q / 2);
-			t *= 80635;
-			t >>= 28;
-			t &= 1;
-			msg[i] |= (uint8_t)(t << j);
-		}
-	}
-}
+#include "common/kyber_poly_tomsg.h"
 
 /**
  * @brief poly_getnoise_eta1 - Sample a polynomial deterministically from a seed