Add test to decapsulation. Fix bug in field element comparison

src/fpx.c

@@ -1036,7 +1036,7 @@ int8_t cmp_f2elm(const f2elm_t x, const f2elm_t y)
 { // Comparison of two GF(p^2) elements in constant time. 
   // Is x != y? return -1 if condition is true, 0 otherwise.
     f2elm_t a, b;      
-    uint8_t r = 0;
+    digit_t r = 0;
 
     fp2copy(x, a);
     fp2copy(y, b);
@@ -1046,7 +1046,7 @@ int8_t cmp_f2elm(const f2elm_t x, const f2elm_t y)
     for (int i = NWORDS_FIELD-1; i >= 0; i--)
         r |= (a[0][i] ^ b[0][i]) | (a[1][i] ^ b[1][i]);
 
-    return (int8_t)((-(int32_t)r) >> (8*sizeof(uint32_t)-1));
+    return (int8_t)((0-(digit_t)r) >> (8*sizeof(digit_t)-1));
 }
 
 

tests/test_sike.c

@@ -4,6 +4,8 @@
 * Abstract: benchmarking/testing isogeny-based key encapsulation mechanism
 *********************************************************************************************/ 
 
+#include "../src/random/random.h"
+
 
 // Benchmark and test parameters  
 #if defined(OPTIMIZED_GENERIC_IMPLEMENTATION) || (TARGET == TARGET_ARM) 
@@ -23,6 +25,8 @@ int cryptotest_kem()
     unsigned char ct[CRYPTO_CIPHERTEXTBYTES] = {0};
     unsigned char ss[CRYPTO_BYTES] = {0};
     unsigned char ss_[CRYPTO_BYTES] = {0};
+    unsigned char bytes[4];
+    uint32_t* pos = (uint32_t*)bytes;
     bool passed = true;
 
     printf("\n\nTESTING ISOGENY-BASED KEY ENCAPSULATION MECHANISM %s\n", SCHEME_NAME);
@@ -38,6 +42,17 @@ int cryptotest_kem()
             passed = false;
             break;
         }
+
+        // Testing decapsulation after changing one bit of ct
+        randombytes(bytes, 4);
+        *pos %= CRYPTO_CIPHERTEXTBYTES;
+        ct[*pos] ^= 1;
+        crypto_kem_dec(ss_, ct, sk);
+
+        if (memcmp(ss, ss_, CRYPTO_BYTES) == 0) {
+            passed = false;
+            break;
+        }
     }
 
     if (passed == true) printf("  KEM tests .................................................... PASSED");