diff --git a/crypto_sign/sphincs-sha256-128f-robust/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-128f-robust/clean/hash_sha256.c index 7af46b0b..da1fe0dd 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-128f-robust/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-128f-robust/clean/sha256.c b/crypto_sign/sphincs-sha256-128f-robust/clean/sha256.c index abecf7d7..e822cb07 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-128f-robust/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-128f-robust/clean/sha256.h b/crypto_sign/sphincs-sha256-128f-robust/clean/sha256.h index 225cd12a..86ee829d 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-128f-robust/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c index c2f6688c..8c610c93 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c @@ -18,7 +18,7 @@ static void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_thash( unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; unsigned char *bitmask = buf + SPX_N + SPX_SHA256_ADDR_BYTES + 4; - uint8_t sha2_state[40]; + sha256ctx sha2_state; unsigned int i; memcpy(buf, pub_seed, SPX_N); @@ -27,13 +27,13 @@ static void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_state_seeded, sizeof(sha256ctx)); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; } - sha256_inc_finalize(outbuf, sha2_state, buf + SPX_N, + sha256_inc_finalize(outbuf, &sha2_state, buf + SPX_N, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-128f-simple/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-128f-simple/clean/hash_sha256.c index 96d67fe7..b1579dbc 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-128f-simple/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-128f-simple/clean/sha256.c b/crypto_sign/sphincs-sha256-128f-simple/clean/sha256.c index f37d567b..c96445a7 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-128f-simple/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-128f-simple/clean/sha256.h b/crypto_sign/sphincs-sha256-128f-simple/clean/sha256.h index a9895c49..cd2c1cb7 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-128f-simple/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c index 4c14be56..ffd2e9ed 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c @@ -17,17 +17,17 @@ static void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_thash( const unsigned char *pub_seed, uint32_t addr[8]) { unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - uint8_t sha2_state[40]; + sha256ctx sha2_state; (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_state_seeded, sizeof(sha256ctx)); PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); - sha256_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); + sha256_inc_finalize(outbuf, &sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-128s-robust/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-128s-robust/clean/hash_sha256.c index c15b44b1..8b342c5d 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-128s-robust/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-128s-robust/clean/sha256.c b/crypto_sign/sphincs-sha256-128s-robust/clean/sha256.c index 27d2fbad..071bc2fb 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-128s-robust/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-128s-robust/clean/sha256.h b/crypto_sign/sphincs-sha256-128s-robust/clean/sha256.h index 22e85bd0..421d6fde 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-128s-robust/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c index 5c468dae..d9474ab4 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c @@ -18,7 +18,7 @@ static void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_thash( unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; unsigned char *bitmask = buf + SPX_N + SPX_SHA256_ADDR_BYTES + 4; - uint8_t sha2_state[40]; + sha256ctx sha2_state; unsigned int i; memcpy(buf, pub_seed, SPX_N); @@ -27,13 +27,13 @@ static void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_state_seeded, sizeof(sha256ctx)); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; } - sha256_inc_finalize(outbuf, sha2_state, buf + SPX_N, + sha256_inc_finalize(outbuf, &sha2_state, buf + SPX_N, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-128s-simple/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-128s-simple/clean/hash_sha256.c index 154c489e..35237406 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-128s-simple/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-128s-simple/clean/sha256.c b/crypto_sign/sphincs-sha256-128s-simple/clean/sha256.c index b52f6c49..9d241b6a 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-128s-simple/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-128s-simple/clean/sha256.h b/crypto_sign/sphincs-sha256-128s-simple/clean/sha256.h index f3f2c3dc..245c60b6 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-128s-simple/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c index b6303756..34f7d485 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c @@ -17,17 +17,17 @@ static void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_thash( const unsigned char *pub_seed, uint32_t addr[8]) { unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - uint8_t sha2_state[40]; + sha256ctx sha2_state; (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_state_seeded, sizeof(sha256ctx)); PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); - sha256_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); + sha256_inc_finalize(outbuf, &sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-192f-robust/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-192f-robust/clean/hash_sha256.c index 73d3bbd1..dbe22075 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-192f-robust/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-192f-robust/clean/sha256.c b/crypto_sign/sphincs-sha256-192f-robust/clean/sha256.c index 4f112ae9..22ce5960 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-192f-robust/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-192f-robust/clean/sha256.h b/crypto_sign/sphincs-sha256-192f-robust/clean/sha256.h index 1ee273f2..2ddfb42c 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-192f-robust/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c index 32924361..69ba05ed 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c @@ -18,7 +18,7 @@ static void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_thash( unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; unsigned char *bitmask = buf + SPX_N + SPX_SHA256_ADDR_BYTES + 4; - uint8_t sha2_state[40]; + sha256ctx sha2_state; unsigned int i; memcpy(buf, pub_seed, SPX_N); @@ -27,13 +27,13 @@ static void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_state_seeded, sizeof(sha256ctx)); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; } - sha256_inc_finalize(outbuf, sha2_state, buf + SPX_N, + sha256_inc_finalize(outbuf, &sha2_state, buf + SPX_N, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-192f-simple/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-192f-simple/clean/hash_sha256.c index 6944d0ff..2bc9f610 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-192f-simple/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-192f-simple/clean/sha256.c b/crypto_sign/sphincs-sha256-192f-simple/clean/sha256.c index 425fd631..4de4b235 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-192f-simple/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-192f-simple/clean/sha256.h b/crypto_sign/sphincs-sha256-192f-simple/clean/sha256.h index 02e0536f..c4f74403 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-192f-simple/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c index 0f843507..966d33db 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c @@ -17,17 +17,17 @@ static void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_thash( const unsigned char *pub_seed, uint32_t addr[8]) { unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - uint8_t sha2_state[40]; + sha256ctx sha2_state; (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_state_seeded, sizeof(sha256ctx)); PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); - sha256_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); + sha256_inc_finalize(outbuf, &sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-192s-robust/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-192s-robust/clean/hash_sha256.c index 99850139..59659720 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-192s-robust/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-192s-robust/clean/sha256.c b/crypto_sign/sphincs-sha256-192s-robust/clean/sha256.c index 2d94d069..2666f1d3 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-192s-robust/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-192s-robust/clean/sha256.h b/crypto_sign/sphincs-sha256-192s-robust/clean/sha256.h index 63f173d0..a391bc85 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-192s-robust/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c index c2c09379..ee3ce784 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c @@ -18,7 +18,7 @@ static void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_thash( unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; unsigned char *bitmask = buf + SPX_N + SPX_SHA256_ADDR_BYTES + 4; - uint8_t sha2_state[40]; + sha256ctx sha2_state; unsigned int i; memcpy(buf, pub_seed, SPX_N); @@ -27,13 +27,13 @@ static void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_state_seeded, sizeof(sha256ctx)); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; } - sha256_inc_finalize(outbuf, sha2_state, buf + SPX_N, + sha256_inc_finalize(outbuf, &sha2_state, buf + SPX_N, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-192s-simple/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-192s-simple/clean/hash_sha256.c index 230ad7de..027a2825 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-192s-simple/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-192s-simple/clean/sha256.c b/crypto_sign/sphincs-sha256-192s-simple/clean/sha256.c index d6fe5626..7db3b07f 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-192s-simple/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-192s-simple/clean/sha256.h b/crypto_sign/sphincs-sha256-192s-simple/clean/sha256.h index c5c68a72..e9208f3a 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-192s-simple/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c index 64745d6d..f03f06b0 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c @@ -17,17 +17,17 @@ static void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_thash( const unsigned char *pub_seed, uint32_t addr[8]) { unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - uint8_t sha2_state[40]; + sha256ctx sha2_state; (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_state_seeded, sizeof(sha256ctx)); PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); - sha256_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); + sha256_inc_finalize(outbuf, &sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-256f-robust/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-256f-robust/clean/hash_sha256.c index 699f52e1..02d07d37 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-256f-robust/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-256f-robust/clean/sha256.c b/crypto_sign/sphincs-sha256-256f-robust/clean/sha256.c index 294b0de6..85500774 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-256f-robust/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-256f-robust/clean/sha256.h b/crypto_sign/sphincs-sha256-256f-robust/clean/sha256.h index c16a7819..3e605ea5 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-256f-robust/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c index 37f81ded..db986771 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c @@ -18,7 +18,7 @@ static void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_thash( unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; unsigned char *bitmask = buf + SPX_N + SPX_SHA256_ADDR_BYTES + 4; - uint8_t sha2_state[40]; + sha256ctx sha2_state; unsigned int i; memcpy(buf, pub_seed, SPX_N); @@ -27,13 +27,13 @@ static void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_state_seeded, sizeof(sha256ctx)); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; } - sha256_inc_finalize(outbuf, sha2_state, buf + SPX_N, + sha256_inc_finalize(outbuf, &sha2_state, buf + SPX_N, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-256f-simple/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-256f-simple/clean/hash_sha256.c index f8c840fb..be9cae55 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-256f-simple/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-256f-simple/clean/sha256.c b/crypto_sign/sphincs-sha256-256f-simple/clean/sha256.c index 13d1aece..02ab0dc3 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-256f-simple/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-256f-simple/clean/sha256.h b/crypto_sign/sphincs-sha256-256f-simple/clean/sha256.h index 7dad0c93..e77db8ec 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-256f-simple/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c index ab8c6af8..466ca969 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c @@ -17,17 +17,17 @@ static void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_thash( const unsigned char *pub_seed, uint32_t addr[8]) { unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - uint8_t sha2_state[40]; + sha256ctx sha2_state; (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_state_seeded, sizeof(sha256ctx)); PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); - sha256_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); + sha256_inc_finalize(outbuf, &sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-256s-robust/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-256s-robust/clean/hash_sha256.c index da4e2519..6e7d10cf 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-256s-robust/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-256s-robust/clean/sha256.c b/crypto_sign/sphincs-sha256-256s-robust/clean/sha256.c index 181009b8..fa002464 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-256s-robust/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-256s-robust/clean/sha256.h b/crypto_sign/sphincs-sha256-256s-robust/clean/sha256.h index 80106cc7..fe94f592 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-256s-robust/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c index d7498c60..37e4b2b2 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c @@ -18,7 +18,7 @@ static void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_thash( unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; unsigned char *bitmask = buf + SPX_N + SPX_SHA256_ADDR_BYTES + 4; - uint8_t sha2_state[40]; + sha256ctx sha2_state; unsigned int i; memcpy(buf, pub_seed, SPX_N); @@ -27,13 +27,13 @@ static void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_state_seeded, sizeof(sha256ctx)); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; } - sha256_inc_finalize(outbuf, sha2_state, buf + SPX_N, + sha256_inc_finalize(outbuf, &sha2_state, buf + SPX_N, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); } diff --git a/crypto_sign/sphincs-sha256-256s-simple/clean/hash_sha256.c b/crypto_sign/sphincs-sha256-256s-simple/clean/hash_sha256.c index 73cb17d0..0fa93668 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/clean/hash_sha256.c +++ b/crypto_sign/sphincs-sha256-256s-simple/clean/hash_sha256.c @@ -45,7 +45,7 @@ void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_gen_message_random( const unsigned char *sk_prf, const unsigned char *optrand, const unsigned char *m, size_t mlen) { unsigned char buf[SPX_SHA256_BLOCK_BYTES + SPX_SHA256_OUTPUT_BYTES]; - uint8_t state[40]; + sha256ctx state; int i; /* This implements HMAC-SHA256 */ @@ -54,25 +54,25 @@ void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_gen_message_random( } memset(buf + SPX_N, 0x36, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_init(state); - sha256_inc_blocks(state, buf, 1); + sha256_inc_init(&state); + sha256_inc_blocks(&state, buf, 1); memcpy(buf, optrand, SPX_N); /* If optrand + message cannot fill up an entire block */ if (SPX_N + mlen < SPX_SHA256_BLOCK_BYTES) { memcpy(buf + SPX_N, m, mlen); - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, buf, mlen + SPX_N); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(buf + SPX_N, m, SPX_SHA256_BLOCK_BYTES - SPX_N); - sha256_inc_blocks(state, buf, 1); + sha256_inc_blocks(&state, buf, 1); m += SPX_SHA256_BLOCK_BYTES - SPX_N; mlen -= SPX_SHA256_BLOCK_BYTES - SPX_N; - sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, state, m, mlen); + sha256_inc_finalize(buf + SPX_SHA256_BLOCK_BYTES, &state, m, mlen); } for (i = 0; i < SPX_N; i++) { @@ -108,9 +108,9 @@ void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_hash_message( unsigned char buf[SPX_DGST_BYTES]; unsigned char *bufp = buf; - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); + sha256_inc_init(&state); memcpy(inbuf, R, SPX_N); memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); @@ -118,17 +118,17 @@ void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_hash_message( /* If R + pk + message cannot fill up an entire block */ if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES) { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - sha256_inc_finalize(seed, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); + sha256_inc_finalize(seed, &state, inbuf, SPX_N + SPX_PK_BYTES + mlen); } /* Otherwise first fill a block, so that finalize only uses the message */ else { memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - sha256_inc_blocks(state, inbuf, SPX_INBLOCKS); + sha256_inc_blocks(&state, inbuf, SPX_INBLOCKS); m += SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; mlen -= SPX_INBLOCKS * SPX_SHA256_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - sha256_inc_finalize(seed, state, m, mlen); + sha256_inc_finalize(seed, &state, m, mlen); } /* By doing this in two steps, we prevent hashing the message twice; diff --git a/crypto_sign/sphincs-sha256-256s-simple/clean/sha256.c b/crypto_sign/sphincs-sha256-256s-simple/clean/sha256.c index acaa08e0..4c46b19d 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/clean/sha256.c +++ b/crypto_sign/sphincs-sha256-256s-simple/clean/sha256.c @@ -50,7 +50,7 @@ void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_mgf1( } } -uint8_t PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded[40]; +sha256ctx PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded; /** * Absorb the constant pub_seed using one round of the compression function @@ -67,6 +67,6 @@ void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_seed_state(const unsigned char *pub_s block[i] = 0; } - sha256_inc_init(PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded); - sha256_inc_blocks(PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded, block, 1); + sha256_inc_init(&PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded); + sha256_inc_blocks(&PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded, block, 1); } diff --git a/crypto_sign/sphincs-sha256-256s-simple/clean/sha256.h b/crypto_sign/sphincs-sha256-256s-simple/clean/sha256.h index a7a557a0..c6dda301 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/clean/sha256.h +++ b/crypto_sign/sphincs-sha256-256s-simple/clean/sha256.h @@ -8,13 +8,15 @@ #include #include +#include "sha2.h" + void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_compress_address(unsigned char *out, const uint32_t addr[8]); void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_mgf1( unsigned char *out, unsigned long outlen, unsigned char *input_plus_four_bytes, unsigned long inlen); -extern uint8_t PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded[40]; +extern sha256ctx PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded; void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_seed_state(const unsigned char *pub_seed); diff --git a/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c index 67d008c6..d3a31872 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c @@ -17,17 +17,17 @@ static void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_thash( const unsigned char *pub_seed, uint32_t addr[8]) { unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - uint8_t sha2_state[40]; + sha256ctx sha2_state; (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded, 40 * sizeof(uint8_t)); + memcpy(&sha2_state, &PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_state_seeded, sizeof(sha256ctx)); PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); - sha256_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); + sha256_inc_finalize(outbuf, &sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks * SPX_N); memcpy(out, outbuf, SPX_N); }