CBMC: Minor tweak to mld_pack_pk to fix proof

mkannwischer · hanno-becker · commit 9243b885fda1 · 2025-11-26T07:29:41.000Z
Signed-off-by: Matthias J. Kannwischer &lt;matthias@kannwischer.eu&gt;
diff --git a/mldsa/src/packing.c b/mldsa/src/packing.c
@@ -23,15 +23,14 @@ void mld_pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES],
   unsigned int i;
 
   mld_memcpy(pk, rho, MLDSA_SEEDBYTES);
-  pk += MLDSA_SEEDBYTES;
-
   for (i = 0; i < MLDSA_K; ++i)
   __loop__(
     assigns(i, memory_slice(pk, CRYPTO_PUBLICKEYBYTES))
     invariant(i <= MLDSA_K)
   )
   {
-    mld_polyt1_pack(pk + i * MLDSA_POLYT1_PACKEDBYTES, &t1->vec[i]);
+    mld_polyt1_pack(pk + MLDSA_SEEDBYTES + i * MLDSA_POLYT1_PACKEDBYTES,
+                    &t1->vec[i]);
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -23,15 +23,14 @@ void mld_pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES],`
`23`	`23`	`unsigned int i;`
`24`	`24`
`25`	`25`	`mld_memcpy(pk, rho, MLDSA_SEEDBYTES);`
`26`		`- pk += MLDSA_SEEDBYTES;`
`27`		`-`
`28`	`26`	`for (i = 0; i < MLDSA_K; ++i)`
`29`	`27`	`__loop__(`
`30`	`28`	`assigns(i, memory_slice(pk, CRYPTO_PUBLICKEYBYTES))`
`31`	`29`	`invariant(i <= MLDSA_K)`
`32`	`30`	`)`
`33`	`31`	`{`
`34`		`- mld_polyt1_pack(pk + i * MLDSA_POLYT1_PACKEDBYTES, &t1->vec[i]);`
	`32`	`+ mld_polyt1_pack(pk + MLDSA_SEEDBYTES + i * MLDSA_POLYT1_PACKEDBYTES,`
	`33`	`+ &t1->vec[i]);`
`35`	`34`	`}`
`36`	`35`	`}`
`37`	`36`