Add abstract state duplication for SHA256 incremental hashing API

common/sha2.c

@@ -4,6 +4,7 @@
 
 #include <stddef.h>
 #include <stdint.h>
+#include <string.h>
 
 #include "sha2.h"
 
@@ -528,6 +529,10 @@ void sha512_inc_init(sha512ctx *state) {
     }
 }
 
+void sha256_inc_dupe_state(sha256ctx *stateout, const sha256ctx *statein) {
+    memcpy(stateout, statein, sizeof(sha256ctx));
+}
+
 void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks) {
     uint64_t bytes = load_bigendian_64(state->ctx + 32);
 

common/sha2.h

@@ -30,6 +30,7 @@ void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size
 void sha224(uint8_t *out, const uint8_t *in, size_t inlen);
 
 void sha256_inc_init(sha256ctx *state);
+void sha256_inc_dupe_state(sha256ctx *stateout, const sha256ctx *statein);
 void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks);
 void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen);
 void sha256(uint8_t *out, const uint8_t *in, size_t inlen);

crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c

@@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_thash(
     PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES);
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     for (i = 0; i < inblocks * SPX_N; i++) {
         buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i];

crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c

@@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_thash(
     (void)pub_seed; /* Suppress an 'unused parameter' warning. */
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_compress_address(buf, addr);
     memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N);

crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c

@@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_thash(
     PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES);
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     for (i = 0; i < inblocks * SPX_N; i++) {
         buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i];

crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c

@@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_thash(
     (void)pub_seed; /* Suppress an 'unused parameter' warning. */
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_compress_address(buf, addr);
     memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N);

crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c

@@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_thash(
     PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES);
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     for (i = 0; i < inblocks * SPX_N; i++) {
         buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i];

crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c

@@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_thash(
     (void)pub_seed; /* Suppress an 'unused parameter' warning. */
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_compress_address(buf, addr);
     memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N);

crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c

@@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_thash(
     PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES);
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     for (i = 0; i < inblocks * SPX_N; i++) {
         buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i];

crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c

@@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_thash(
     (void)pub_seed; /* Suppress an 'unused parameter' warning. */
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_compress_address(buf, addr);
     memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N);

crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c

@@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_thash(
     PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES);
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     for (i = 0; i < inblocks * SPX_N; i++) {
         buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i];

crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c

@@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_thash(
     (void)pub_seed; /* Suppress an 'unused parameter' warning. */
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_compress_address(buf, addr);
     memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N);

crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c

@@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_thash(
     PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES);
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     for (i = 0; i < inblocks * SPX_N; i++) {
         buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i];

crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c

@@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_thash(
     (void)pub_seed; /* Suppress an 'unused parameter' warning. */
 
     /* Retrieve precomputed state containing pub_seed */
-    memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx));
+    sha256_inc_dupe_state(&sha2_state, hash_state_seeded);
 
     PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_compress_address(buf, addr);
     memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N);