kris
/
pqc
1
1
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Ver código fonte

Incorporate feedback 

* Names passed around (mostly constant) value more clearly
* Put ``const`` where applicable (almost everywhere)
* Renamed ``primitive.h``
* Fixed some nits
master
Thom Wiggers 5 anos atrás
pai
33ce5e14ce
commit
74efb10807
Nenhuma chave conhecida encontrada para esta assinatura no banco de dados ID da chave GPG: 1BB0A7CE26E363
100 arquivos alterados com 954 adições e 962 exclusões
Visão dividida
Opções de diferenças
Mostrar estatísticas Baixar arquivo de patch Baixar arquivo de diferenças
  1. +16
    -16
      crypto_sign/sphincs-haraka-128f-robust/clean/fors.c
  2. +3
    -3
      crypto_sign/sphincs-haraka-128f-robust/clean/fors.h
  3. +5
    -5
      crypto_sign/sphincs-haraka-128f-robust/clean/hash.h
  4. +14
    -14
      crypto_sign/sphincs-haraka-128f-robust/clean/hash_haraka.c
  5. +0
    -0
      crypto_sign/sphincs-haraka-128f-robust/clean/hash_state.h
  6. +21
    -21
      crypto_sign/sphincs-haraka-128f-robust/clean/sign.c
  7. +5
    -5
      crypto_sign/sphincs-haraka-128f-robust/clean/thash.h
  8. +14
    -15
      crypto_sign/sphincs-haraka-128f-robust/clean/thash_haraka_robust.c
  9. +15
    -15
      crypto_sign/sphincs-haraka-128f-robust/clean/utils.c
  10. +6
    -6
      crypto_sign/sphincs-haraka-128f-robust/clean/utils.h
  11. +13
    -13
      crypto_sign/sphincs-haraka-128f-robust/clean/wots.c
  12. +4
    -4
      crypto_sign/sphincs-haraka-128f-robust/clean/wots.h
  13. +16
    -16
      crypto_sign/sphincs-haraka-128f-simple/clean/fors.c
  14. +3
    -3
      crypto_sign/sphincs-haraka-128f-simple/clean/fors.h
  15. +5
    -5
      crypto_sign/sphincs-haraka-128f-simple/clean/hash.h
  16. +14
    -14
      crypto_sign/sphincs-haraka-128f-simple/clean/hash_haraka.c
  17. +0
    -0
      crypto_sign/sphincs-haraka-128f-simple/clean/hash_state.h
  18. +21
    -21
      crypto_sign/sphincs-haraka-128f-simple/clean/sign.c
  19. +5
    -5
      crypto_sign/sphincs-haraka-128f-simple/clean/thash.h
  20. +11
    -12
      crypto_sign/sphincs-haraka-128f-simple/clean/thash_haraka_simple.c
  21. +15
    -15
      crypto_sign/sphincs-haraka-128f-simple/clean/utils.c
  22. +6
    -6
      crypto_sign/sphincs-haraka-128f-simple/clean/utils.h
  23. +13
    -13
      crypto_sign/sphincs-haraka-128f-simple/clean/wots.c
  24. +4
    -4
      crypto_sign/sphincs-haraka-128f-simple/clean/wots.h
  25. +16
    -16
      crypto_sign/sphincs-haraka-128s-robust/clean/fors.c
  26. +3
    -3
      crypto_sign/sphincs-haraka-128s-robust/clean/fors.h
  27. +5
    -5
      crypto_sign/sphincs-haraka-128s-robust/clean/hash.h
  28. +14
    -14
      crypto_sign/sphincs-haraka-128s-robust/clean/hash_haraka.c
  29. +0
    -0
      crypto_sign/sphincs-haraka-128s-robust/clean/hash_state.h
  30. +21
    -21
      crypto_sign/sphincs-haraka-128s-robust/clean/sign.c
  31. +5
    -5
      crypto_sign/sphincs-haraka-128s-robust/clean/thash.h
  32. +14
    -15
      crypto_sign/sphincs-haraka-128s-robust/clean/thash_haraka_robust.c
  33. +15
    -15
      crypto_sign/sphincs-haraka-128s-robust/clean/utils.c
  34. +6
    -6
      crypto_sign/sphincs-haraka-128s-robust/clean/utils.h
  35. +13
    -13
      crypto_sign/sphincs-haraka-128s-robust/clean/wots.c
  36. +4
    -4
      crypto_sign/sphincs-haraka-128s-robust/clean/wots.h
  37. +16
    -16
      crypto_sign/sphincs-haraka-128s-simple/clean/fors.c
  38. +3
    -3
      crypto_sign/sphincs-haraka-128s-simple/clean/fors.h
  39. +5
    -5
      crypto_sign/sphincs-haraka-128s-simple/clean/hash.h
  40. +14
    -14
      crypto_sign/sphincs-haraka-128s-simple/clean/hash_haraka.c
  41. +0
    -0
      crypto_sign/sphincs-haraka-128s-simple/clean/hash_state.h
  42. +21
    -21
      crypto_sign/sphincs-haraka-128s-simple/clean/sign.c
  43. +5
    -5
      crypto_sign/sphincs-haraka-128s-simple/clean/thash.h
  44. +11
    -12
      crypto_sign/sphincs-haraka-128s-simple/clean/thash_haraka_simple.c
  45. +15
    -15
      crypto_sign/sphincs-haraka-128s-simple/clean/utils.c
  46. +6
    -6
      crypto_sign/sphincs-haraka-128s-simple/clean/utils.h
  47. +13
    -13
      crypto_sign/sphincs-haraka-128s-simple/clean/wots.c
  48. +4
    -4
      crypto_sign/sphincs-haraka-128s-simple/clean/wots.h
  49. +16
    -16
      crypto_sign/sphincs-haraka-192f-robust/clean/fors.c
  50. +3
    -3
      crypto_sign/sphincs-haraka-192f-robust/clean/fors.h
  51. +5
    -5
      crypto_sign/sphincs-haraka-192f-robust/clean/hash.h
  52. +14
    -14
      crypto_sign/sphincs-haraka-192f-robust/clean/hash_haraka.c
  53. +0
    -0
      crypto_sign/sphincs-haraka-192f-robust/clean/hash_state.h
  54. +21
    -21
      crypto_sign/sphincs-haraka-192f-robust/clean/sign.c
  55. +5
    -5
      crypto_sign/sphincs-haraka-192f-robust/clean/thash.h
  56. +14
    -15
      crypto_sign/sphincs-haraka-192f-robust/clean/thash_haraka_robust.c
  57. +15
    -15
      crypto_sign/sphincs-haraka-192f-robust/clean/utils.c
  58. +6
    -6
      crypto_sign/sphincs-haraka-192f-robust/clean/utils.h
  59. +13
    -13
      crypto_sign/sphincs-haraka-192f-robust/clean/wots.c
  60. +4
    -4
      crypto_sign/sphincs-haraka-192f-robust/clean/wots.h
  61. +16
    -16
      crypto_sign/sphincs-haraka-192f-simple/clean/fors.c
  62. +3
    -3
      crypto_sign/sphincs-haraka-192f-simple/clean/fors.h
  63. +5
    -5
      crypto_sign/sphincs-haraka-192f-simple/clean/hash.h
  64. +14
    -14
      crypto_sign/sphincs-haraka-192f-simple/clean/hash_haraka.c
  65. +0
    -0
      crypto_sign/sphincs-haraka-192f-simple/clean/hash_state.h
  66. +21
    -21
      crypto_sign/sphincs-haraka-192f-simple/clean/sign.c
  67. +5
    -5
      crypto_sign/sphincs-haraka-192f-simple/clean/thash.h
  68. +11
    -12
      crypto_sign/sphincs-haraka-192f-simple/clean/thash_haraka_simple.c
  69. +15
    -15
      crypto_sign/sphincs-haraka-192f-simple/clean/utils.c
  70. +6
    -6
      crypto_sign/sphincs-haraka-192f-simple/clean/utils.h
  71. +13
    -13
      crypto_sign/sphincs-haraka-192f-simple/clean/wots.c
  72. +4
    -4
      crypto_sign/sphincs-haraka-192f-simple/clean/wots.h
  73. +16
    -16
      crypto_sign/sphincs-haraka-192s-robust/clean/fors.c
  74. +3
    -3
      crypto_sign/sphincs-haraka-192s-robust/clean/fors.h
  75. +5
    -5
      crypto_sign/sphincs-haraka-192s-robust/clean/hash.h
  76. +14
    -14
      crypto_sign/sphincs-haraka-192s-robust/clean/hash_haraka.c
  77. +0
    -0
      crypto_sign/sphincs-haraka-192s-robust/clean/hash_state.h
  78. +21
    -21
      crypto_sign/sphincs-haraka-192s-robust/clean/sign.c
  79. +5
    -5
      crypto_sign/sphincs-haraka-192s-robust/clean/thash.h
  80. +14
    -15
      crypto_sign/sphincs-haraka-192s-robust/clean/thash_haraka_robust.c
  81. +15
    -15
      crypto_sign/sphincs-haraka-192s-robust/clean/utils.c
  82. +6
    -6
      crypto_sign/sphincs-haraka-192s-robust/clean/utils.h
  83. +13
    -13
      crypto_sign/sphincs-haraka-192s-robust/clean/wots.c
  84. +4
    -4
      crypto_sign/sphincs-haraka-192s-robust/clean/wots.h
  85. +16
    -16
      crypto_sign/sphincs-haraka-192s-simple/clean/fors.c
  86. +3
    -3
      crypto_sign/sphincs-haraka-192s-simple/clean/fors.h
  87. +5
    -5
      crypto_sign/sphincs-haraka-192s-simple/clean/hash.h
  88. +14
    -14
      crypto_sign/sphincs-haraka-192s-simple/clean/hash_haraka.c
  89. +0
    -0
      crypto_sign/sphincs-haraka-192s-simple/clean/hash_state.h
  90. +21
    -21
      crypto_sign/sphincs-haraka-192s-simple/clean/sign.c
  91. +5
    -5
      crypto_sign/sphincs-haraka-192s-simple/clean/thash.h
  92. +11
    -12
      crypto_sign/sphincs-haraka-192s-simple/clean/thash_haraka_simple.c
  93. +15
    -15
      crypto_sign/sphincs-haraka-192s-simple/clean/utils.c
  94. +6
    -6
      crypto_sign/sphincs-haraka-192s-simple/clean/utils.h
  95. +13
    -13
      crypto_sign/sphincs-haraka-192s-simple/clean/wots.c
  96. +4
    -4
      crypto_sign/sphincs-haraka-192s-simple/clean/wots.h
  97. +16
    -16
      crypto_sign/sphincs-haraka-256f-robust/clean/fors.c
  98. +3
    -3
      crypto_sign/sphincs-haraka-256f-robust/clean/fors.h
  99. +5
    -5
      crypto_sign/sphincs-haraka-256f-robust/clean/hash.h
  100. +14
    -14
      crypto_sign/sphincs-haraka-256f-robust/clean/hash_haraka.c

+ 16
- 16
crypto_sign/sphincs-haraka-128f-robust/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-128f-robust/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-128f-robust/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-128f-robust/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


crypto_sign/sphincs-haraka-128f-robust/clean/primitive.h → crypto_sign/sphincs-haraka-128f-robust/clean/hash_state.h Ver arquivo


+ 21
- 21
crypto_sign/sphincs-haraka-128f-robust/clean/sign.c Ver arquivo

@@ -7,7 +7,7 @@
#include "fors.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "randombytes.h"
#include "thash.h"
#include "utils.h"
@@ -20,7 +20,7 @@
static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char pk[SPX_WOTS_BYTES];
uint32_t wots_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};
@@ -35,12 +35,12 @@ static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_keypair_addr(
wots_addr, addr_idx);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_gen_pk(
pk, sk_seed, pub_seed, wots_addr, state_seeded);
pk, sk_seed, pub_seed, wots_addr, hash_state_seeded);

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_copy_keypair_addr(
wots_pk_addr, wots_addr);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_WOTS_LEN(
leaf, pk, pub_seed, wots_pk_addr, state_seeded);
leaf, pk, pub_seed, wots_pk_addr, hash_state_seeded);
}

/*
@@ -83,7 +83,7 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_seed_keypair(
in one function. */
unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N];
uint32_t top_tree_addr[8] = {0};
hash_state state_seeded;
hash_state hash_state_seeded;

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_layer_addr(
top_tree_addr, SPX_D - 1);
@@ -97,12 +97,12 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_seed_keypair(

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_initialize_hash_function(&state_seeded, pk, sk);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_initialize_hash_function(&hash_state_seeded, pk, sk);

/* Compute root node of the top-most subtree. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_TREE_HEIGHT(
sk + 3 * SPX_N, auth_path, sk, sk + 2 * SPX_N, 0, 0,
wots_gen_leaf, top_tree_addr, &state_seeded);
wots_gen_leaf, top_tree_addr, &hash_state_seeded);

memcpy(pk + SPX_N, sk + 3 * SPX_N, SPX_N);

@@ -144,12 +144,12 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_signature(
uint32_t wots_addr[8] = {0};
uint32_t tree_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, sk_seed);

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_type(
@@ -163,11 +163,11 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_signature(
randombytes(optrand, SPX_N);
/* Compute the digest randomization value. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_gen_message_random(
sig, sk_prf, optrand, m, mlen, &state_seeded);
sig, sk_prf, optrand, m, mlen, &hash_state_seeded);

/* Derive the message digest and leaf index from R, PK and M. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_tree_addr(wots_addr, tree);
@@ -176,7 +176,7 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_signature(

/* Sign the message hash using FORS. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_fors_sign(
sig, root, mhash, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, mhash, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

for (i = 0; i < SPX_D; i++) {
@@ -190,13 +190,13 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_signature(

/* Compute a WOTS signature. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_sign(
sig, root, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the authentication path for the used WOTS leaf. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_TREE_HEIGHT(
root, sig, sk_seed, pub_seed, idx_leaf, 0,
wots_gen_leaf, tree_addr, &state_seeded);
wots_gen_leaf, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */
@@ -228,7 +228,7 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_verify(
uint32_t tree_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

if (siglen != SPX_BYTES) {
return -1;
@@ -237,7 +237,7 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_verify(
/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, NULL);

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_type(
@@ -250,7 +250,7 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_verify(
/* Derive the message digest and leaf index from R || PK || M. */
/* The additional SPX_N is a result of the hash domain separator. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

/* Layer correctly defaults to 0, so no need to set_layer_addr */
@@ -259,7 +259,7 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_verify(
wots_addr, idx_leaf);

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_fors_pk_from_sig(
root, sig, mhash, pub_seed, wots_addr, &state_seeded);
root, sig, mhash, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

/* For each subtree.. */
@@ -279,17 +279,17 @@ int PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_crypto_sign_verify(
/* Initially, root is the FORS pk, but on subsequent iterations it is
the root of the subtree below the currently processed subtree. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_pk_from_sig(
wots_pk, sig, root, pub_seed, wots_addr, &state_seeded);
wots_pk, sig, root, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the leaf node using the WOTS public key. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_WOTS_LEN(
leaf, wots_pk, pub_seed, wots_pk_addr, &state_seeded);
leaf, wots_pk, pub_seed, wots_pk_addr, &hash_state_seeded);

/* Compute the root node of this subtree. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_compute_root(
root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT,
pub_seed, tree_addr, &state_seeded);
pub_seed, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */


+ 5
- 5
crypto_sign/sphincs-haraka-128f-robust/clean/thash.h Ver arquivo

@@ -2,26 +2,26 @@
#define SPX_THASH_H

#include <stdint.h>
#include "primitive.h"
#include "hash_state.h"

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 15
crypto_sign/sphincs-haraka-128f-robust/clean/thash_haraka_robust.c Ver arquivo

@@ -3,7 +3,7 @@

#include "address.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"

#include "haraka.h"
@@ -15,7 +15,7 @@ static void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash(
unsigned char *out, unsigned char *buf,
const unsigned char *in, unsigned int inblocks,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char *bitmask = buf + SPX_ADDR_BYTES;
unsigned char outbuf[32];
@@ -23,7 +23,6 @@ static void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash(
unsigned int i;

(void)pub_seed; /* Suppress an 'unused parameter' warning. */
(void)state_seeded; /* TODO this should be fed into haraka */

if (inblocks == 1) {
/* F function */
@@ -31,24 +30,24 @@ static void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash(
memset(buf_tmp, 0, 64);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_addr_to_bytes(buf_tmp, addr);

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka256(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka256(outbuf, buf_tmp, hash_state_seeded);
for (i = 0; i < inblocks * SPX_N; i++) {
buf_tmp[SPX_ADDR_BYTES + i] = in[i] ^ outbuf[i];
}
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka512(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka512(outbuf, buf_tmp, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
} else {
/* All other tweakable hashes*/
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S(
bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, state_seeded);
bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, hash_state_seeded);

for (i = 0; i < inblocks * SPX_N; i++) {
buf[SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i];
}

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_haraka_S(
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, state_seeded);
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, hash_state_seeded);
}
}

@@ -57,39 +56,39 @@ static void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash(
void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 1 * SPX_N];
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash(
out, buf, in, 1, pub_seed, addr, state_seeded);
out, buf, in, 1, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 2 * SPX_N];
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash(
out, buf, in, 2, pub_seed, addr, state_seeded);
out, buf, in, 2, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_WOTS_LEN * SPX_N];
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash(
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, state_seeded);
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_FORS_TREES * SPX_N];
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash(
out, buf, in, SPX_FORS_TREES, pub_seed, addr, state_seeded);
out, buf, in, SPX_FORS_TREES, pub_seed, addr, hash_state_seeded);
}

+ 15
- 15
crypto_sign/sphincs-haraka-128f-robust/clean/utils.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

@@ -43,7 +43,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;
unsigned char buffer[2 * SPX_N];

@@ -69,11 +69,11 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_compute_root(
/* Pick the right or left neighbor, depending on parity of the node. */
if (leaf_idx & 1) {
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_2(
buffer + SPX_N, buffer, pub_seed, addr, state_seeded);
buffer + SPX_N, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer, auth_path, SPX_N);
} else {
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_2(
buffer, buffer, pub_seed, addr, state_seeded);
buffer, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer + SPX_N, auth_path, SPX_N);
}
auth_path += SPX_N;
@@ -86,7 +86,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_compute_root(
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_tree_index(
addr, leaf_idx + idx_offset);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_2(
root, buffer, pub_seed, addr, state_seeded);
root, buffer, pub_seed, addr, hash_state_seeded);
}

/**
@@ -107,9 +107,9 @@ static void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned int offset = 0;
uint32_t idx;
@@ -119,7 +119,7 @@ static void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash(
/* Add the next leaf node to the stack. */
gen_leaf(stack + offset * SPX_N,
sk_seed, pub_seed, idx + idx_offset, tree_addr,
state_seeded);
hash_state_seeded);
offset++;
heights[offset - 1] = 0;

@@ -141,7 +141,7 @@ static void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash(
/* Hash the top-most nodes from the stack together. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_2(
stack + (offset - 2)*SPX_N, stack + (offset - 2)*SPX_N,
pub_seed, tree_addr, state_seeded);
pub_seed, tree_addr, hash_state_seeded);
offset--;
/* Note that the top-most node is now one layer higher. */
heights[offset - 1]++;
@@ -167,15 +167,15 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_FORS_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_FORS_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_TREE_HEIGHT(
@@ -187,13 +187,13 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_TREE_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_TREE_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

+ 6
- 6
crypto_sign/sphincs-haraka-128f-robust/clean/utils.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_UTILS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stddef.h>
#include <stdint.h>

@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* For a given leaf index, computes the authentication path and the resulting
@@ -46,8 +46,8 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_TREE_HEIGHT(
unsigned char *root, unsigned char *auth_path,
@@ -58,7 +58,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

#endif

+ 13
- 13
crypto_sign/sphincs-haraka-128f-robust/clean/wots.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"
#include "wots.h"
@@ -19,12 +19,12 @@
*/
static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t wots_addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
/* Make sure that the hash address is actually zeroed. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_hash_addr(wots_addr, 0);

/* Generate sk element. */
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_prf_addr(sk, sk_seed, wots_addr, state_seeded);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_prf_addr(sk, sk_seed, wots_addr, hash_state_seeded);
}

/**
@@ -37,7 +37,7 @@ static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
static void gen_chain(unsigned char *out, const unsigned char *in,
unsigned int start, unsigned int steps,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

/* Initialize out with the value at position 'start'. */
@@ -47,7 +47,7 @@ static void gen_chain(unsigned char *out, const unsigned char *in,
for (i = start; i < (start + steps) && i < SPX_WOTS_W; i++) {
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_hash_addr(addr, i);
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_thash_1(
out, out, pub_seed, addr, state_seeded);
out, out, pub_seed, addr, hash_state_seeded);
}
}

@@ -113,14 +113,14 @@ static void chain_lengths(unsigned int *lengths, const unsigned char *msg) {
void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, state_seeded);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(pk + i * SPX_N, pk + i * SPX_N,
0, SPX_WOTS_W - 1, pub_seed, addr, state_seeded);
0, SPX_WOTS_W - 1, pub_seed, addr, hash_state_seeded);
}
}

@@ -130,7 +130,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded) {
uint32_t addr[8], const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -138,8 +138,8 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_sign(

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, state_seeded);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, hash_state_seeded);
}
}

@@ -152,7 +152,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -162,6 +162,6 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_pk_from_sig(
PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_set_chain_addr(addr, i);
gen_chain(pk + i * SPX_N, sig + i * SPX_N,
lengths[i], SPX_WOTS_W - 1 - lengths[i], pub_seed, addr,
state_seeded);
hash_state_seeded);
}
}

+ 4
- 4
crypto_sign/sphincs-haraka-128f-robust/clean/wots.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_WOTS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stdint.h>

/**
@@ -16,7 +16,7 @@
void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* Takes a n-byte message and the 32-byte seed for the private key to compute a
@@ -25,7 +25,7 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded);
uint32_t addr[8], const hash_state *hash_state_seeded);

/**
* Takes a WOTS signature and an n-byte message, computes a WOTS public key.
@@ -36,6 +36,6 @@ void PQCLEAN_SPHINCSHARAKA128FROBUST_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 16
- 16
crypto_sign/sphincs-haraka-128f-simple/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-128f-simple/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-128f-simple/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-128f-simple/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


crypto_sign/sphincs-haraka-128f-simple/clean/primitive.h → crypto_sign/sphincs-haraka-128f-simple/clean/hash_state.h Ver arquivo


+ 21
- 21
crypto_sign/sphincs-haraka-128f-simple/clean/sign.c Ver arquivo

@@ -7,7 +7,7 @@
#include "fors.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "randombytes.h"
#include "thash.h"
#include "utils.h"
@@ -20,7 +20,7 @@
static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char pk[SPX_WOTS_BYTES];
uint32_t wots_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};
@@ -35,12 +35,12 @@ static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_keypair_addr(
wots_addr, addr_idx);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_gen_pk(
pk, sk_seed, pub_seed, wots_addr, state_seeded);
pk, sk_seed, pub_seed, wots_addr, hash_state_seeded);

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_copy_keypair_addr(
wots_pk_addr, wots_addr);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_WOTS_LEN(
leaf, pk, pub_seed, wots_pk_addr, state_seeded);
leaf, pk, pub_seed, wots_pk_addr, hash_state_seeded);
}

/*
@@ -83,7 +83,7 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_seed_keypair(
in one function. */
unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N];
uint32_t top_tree_addr[8] = {0};
hash_state state_seeded;
hash_state hash_state_seeded;

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_layer_addr(
top_tree_addr, SPX_D - 1);
@@ -97,12 +97,12 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_seed_keypair(

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_initialize_hash_function(&state_seeded, pk, sk);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_initialize_hash_function(&hash_state_seeded, pk, sk);

/* Compute root node of the top-most subtree. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
sk + 3 * SPX_N, auth_path, sk, sk + 2 * SPX_N, 0, 0,
wots_gen_leaf, top_tree_addr, &state_seeded);
wots_gen_leaf, top_tree_addr, &hash_state_seeded);

memcpy(pk + SPX_N, sk + 3 * SPX_N, SPX_N);

@@ -144,12 +144,12 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_signature(
uint32_t wots_addr[8] = {0};
uint32_t tree_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, sk_seed);

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_type(
@@ -163,11 +163,11 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_signature(
randombytes(optrand, SPX_N);
/* Compute the digest randomization value. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_gen_message_random(
sig, sk_prf, optrand, m, mlen, &state_seeded);
sig, sk_prf, optrand, m, mlen, &hash_state_seeded);

/* Derive the message digest and leaf index from R, PK and M. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_tree_addr(wots_addr, tree);
@@ -176,7 +176,7 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_signature(

/* Sign the message hash using FORS. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_fors_sign(
sig, root, mhash, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, mhash, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

for (i = 0; i < SPX_D; i++) {
@@ -190,13 +190,13 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_signature(

/* Compute a WOTS signature. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_sign(
sig, root, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the authentication path for the used WOTS leaf. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
root, sig, sk_seed, pub_seed, idx_leaf, 0,
wots_gen_leaf, tree_addr, &state_seeded);
wots_gen_leaf, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */
@@ -228,7 +228,7 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_verify(
uint32_t tree_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

if (siglen != SPX_BYTES) {
return -1;
@@ -237,7 +237,7 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_verify(
/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, NULL);

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_type(
@@ -250,7 +250,7 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_verify(
/* Derive the message digest and leaf index from R || PK || M. */
/* The additional SPX_N is a result of the hash domain separator. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

/* Layer correctly defaults to 0, so no need to set_layer_addr */
@@ -259,7 +259,7 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_verify(
wots_addr, idx_leaf);

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_fors_pk_from_sig(
root, sig, mhash, pub_seed, wots_addr, &state_seeded);
root, sig, mhash, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

/* For each subtree.. */
@@ -279,17 +279,17 @@ int PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_crypto_sign_verify(
/* Initially, root is the FORS pk, but on subsequent iterations it is
the root of the subtree below the currently processed subtree. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_pk_from_sig(
wots_pk, sig, root, pub_seed, wots_addr, &state_seeded);
wots_pk, sig, root, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the leaf node using the WOTS public key. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_WOTS_LEN(
leaf, wots_pk, pub_seed, wots_pk_addr, &state_seeded);
leaf, wots_pk, pub_seed, wots_pk_addr, &hash_state_seeded);

/* Compute the root node of this subtree. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_compute_root(
root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT,
pub_seed, tree_addr, &state_seeded);
pub_seed, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */


+ 5
- 5
crypto_sign/sphincs-haraka-128f-simple/clean/thash.h Ver arquivo

@@ -2,26 +2,26 @@
#define SPX_THASH_H

#include <stdint.h>
#include "primitive.h"
#include "hash_state.h"

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 11
- 12
crypto_sign/sphincs-haraka-128f-simple/clean/thash_haraka_simple.c Ver arquivo

@@ -14,13 +14,12 @@ static void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash(
unsigned char *out, unsigned char *buf,
const unsigned char *in, unsigned int inblocks,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char outbuf[32];
unsigned char buf_tmp[64];

(void)pub_seed; /* Suppress an 'unused parameter' warning. */
(void)state_seeded;

if (inblocks == 1) {
/* F function */
@@ -29,7 +28,7 @@ static void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash(
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_addr_to_bytes(buf_tmp, addr);
memcpy(buf_tmp + SPX_ADDR_BYTES, in, SPX_N);

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka512(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka512(outbuf, buf_tmp, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
} else {
/* All other tweakable hashes*/
@@ -37,7 +36,7 @@ static void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash(
memcpy(buf + SPX_ADDR_BYTES, in, inblocks * SPX_N);

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_haraka_S(
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, state_seeded);
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, hash_state_seeded);
}
}

@@ -46,39 +45,39 @@ static void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash(
void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 1 * SPX_N];
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash(
out, buf, in, 1, pub_seed, addr, state_seeded);
out, buf, in, 1, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 2 * SPX_N];
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash(
out, buf, in, 2, pub_seed, addr, state_seeded);
out, buf, in, 2, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_WOTS_LEN * SPX_N];
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash(
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, state_seeded);
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_FORS_TREES * SPX_N];
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash(
out, buf, in, SPX_FORS_TREES, pub_seed, addr, state_seeded);
out, buf, in, SPX_FORS_TREES, pub_seed, addr, hash_state_seeded);
}

+ 15
- 15
crypto_sign/sphincs-haraka-128f-simple/clean/utils.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

@@ -43,7 +43,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;
unsigned char buffer[2 * SPX_N];

@@ -69,11 +69,11 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_compute_root(
/* Pick the right or left neighbor, depending on parity of the node. */
if (leaf_idx & 1) {
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_2(
buffer + SPX_N, buffer, pub_seed, addr, state_seeded);
buffer + SPX_N, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer, auth_path, SPX_N);
} else {
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_2(
buffer, buffer, pub_seed, addr, state_seeded);
buffer, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer + SPX_N, auth_path, SPX_N);
}
auth_path += SPX_N;
@@ -86,7 +86,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_compute_root(
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_tree_index(
addr, leaf_idx + idx_offset);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_2(
root, buffer, pub_seed, addr, state_seeded);
root, buffer, pub_seed, addr, hash_state_seeded);
}

/**
@@ -107,9 +107,9 @@ static void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned int offset = 0;
uint32_t idx;
@@ -119,7 +119,7 @@ static void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash(
/* Add the next leaf node to the stack. */
gen_leaf(stack + offset * SPX_N,
sk_seed, pub_seed, idx + idx_offset, tree_addr,
state_seeded);
hash_state_seeded);
offset++;
heights[offset - 1] = 0;

@@ -141,7 +141,7 @@ static void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash(
/* Hash the top-most nodes from the stack together. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_2(
stack + (offset - 2)*SPX_N, stack + (offset - 2)*SPX_N,
pub_seed, tree_addr, state_seeded);
pub_seed, tree_addr, hash_state_seeded);
offset--;
/* Note that the top-most node is now one layer higher. */
heights[offset - 1]++;
@@ -167,15 +167,15 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_FORS_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_FORS_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
@@ -187,13 +187,13 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_TREE_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_TREE_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

+ 6
- 6
crypto_sign/sphincs-haraka-128f-simple/clean/utils.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_UTILS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stddef.h>
#include <stdint.h>

@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* For a given leaf index, computes the authentication path and the resulting
@@ -46,8 +46,8 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
unsigned char *root, unsigned char *auth_path,
@@ -58,7 +58,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

#endif

+ 13
- 13
crypto_sign/sphincs-haraka-128f-simple/clean/wots.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"
#include "wots.h"
@@ -19,12 +19,12 @@
*/
static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t wots_addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
/* Make sure that the hash address is actually zeroed. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_hash_addr(wots_addr, 0);

/* Generate sk element. */
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_prf_addr(sk, sk_seed, wots_addr, state_seeded);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_prf_addr(sk, sk_seed, wots_addr, hash_state_seeded);
}

/**
@@ -37,7 +37,7 @@ static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
static void gen_chain(unsigned char *out, const unsigned char *in,
unsigned int start, unsigned int steps,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

/* Initialize out with the value at position 'start'. */
@@ -47,7 +47,7 @@ static void gen_chain(unsigned char *out, const unsigned char *in,
for (i = start; i < (start + steps) && i < SPX_WOTS_W; i++) {
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_hash_addr(addr, i);
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_thash_1(
out, out, pub_seed, addr, state_seeded);
out, out, pub_seed, addr, hash_state_seeded);
}
}

@@ -113,14 +113,14 @@ static void chain_lengths(unsigned int *lengths, const unsigned char *msg) {
void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, state_seeded);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(pk + i * SPX_N, pk + i * SPX_N,
0, SPX_WOTS_W - 1, pub_seed, addr, state_seeded);
0, SPX_WOTS_W - 1, pub_seed, addr, hash_state_seeded);
}
}

@@ -130,7 +130,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded) {
uint32_t addr[8], const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -138,8 +138,8 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_sign(

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, state_seeded);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, hash_state_seeded);
}
}

@@ -152,7 +152,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -162,6 +162,6 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_pk_from_sig(
PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_set_chain_addr(addr, i);
gen_chain(pk + i * SPX_N, sig + i * SPX_N,
lengths[i], SPX_WOTS_W - 1 - lengths[i], pub_seed, addr,
state_seeded);
hash_state_seeded);
}
}

+ 4
- 4
crypto_sign/sphincs-haraka-128f-simple/clean/wots.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_WOTS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stdint.h>

/**
@@ -16,7 +16,7 @@
void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* Takes a n-byte message and the 32-byte seed for the private key to compute a
@@ -25,7 +25,7 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded);
uint32_t addr[8], const hash_state *hash_state_seeded);

/**
* Takes a WOTS signature and an n-byte message, computes a WOTS public key.
@@ -36,6 +36,6 @@ void PQCLEAN_SPHINCSHARAKA128FSIMPLE_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 16
- 16
crypto_sign/sphincs-haraka-128s-robust/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-128s-robust/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-128s-robust/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-128s-robust/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


crypto_sign/sphincs-haraka-128s-robust/clean/primitive.h → crypto_sign/sphincs-haraka-128s-robust/clean/hash_state.h Ver arquivo


+ 21
- 21
crypto_sign/sphincs-haraka-128s-robust/clean/sign.c Ver arquivo

@@ -7,7 +7,7 @@
#include "fors.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "randombytes.h"
#include "thash.h"
#include "utils.h"
@@ -20,7 +20,7 @@
static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char pk[SPX_WOTS_BYTES];
uint32_t wots_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};
@@ -35,12 +35,12 @@ static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_keypair_addr(
wots_addr, addr_idx);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_gen_pk(
pk, sk_seed, pub_seed, wots_addr, state_seeded);
pk, sk_seed, pub_seed, wots_addr, hash_state_seeded);

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_copy_keypair_addr(
wots_pk_addr, wots_addr);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_WOTS_LEN(
leaf, pk, pub_seed, wots_pk_addr, state_seeded);
leaf, pk, pub_seed, wots_pk_addr, hash_state_seeded);
}

/*
@@ -83,7 +83,7 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_seed_keypair(
in one function. */
unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N];
uint32_t top_tree_addr[8] = {0};
hash_state state_seeded;
hash_state hash_state_seeded;

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_layer_addr(
top_tree_addr, SPX_D - 1);
@@ -97,12 +97,12 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_seed_keypair(

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_initialize_hash_function(&state_seeded, pk, sk);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_initialize_hash_function(&hash_state_seeded, pk, sk);

/* Compute root node of the top-most subtree. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_TREE_HEIGHT(
sk + 3 * SPX_N, auth_path, sk, sk + 2 * SPX_N, 0, 0,
wots_gen_leaf, top_tree_addr, &state_seeded);
wots_gen_leaf, top_tree_addr, &hash_state_seeded);

memcpy(pk + SPX_N, sk + 3 * SPX_N, SPX_N);

@@ -144,12 +144,12 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_signature(
uint32_t wots_addr[8] = {0};
uint32_t tree_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, sk_seed);

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_type(
@@ -163,11 +163,11 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_signature(
randombytes(optrand, SPX_N);
/* Compute the digest randomization value. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_gen_message_random(
sig, sk_prf, optrand, m, mlen, &state_seeded);
sig, sk_prf, optrand, m, mlen, &hash_state_seeded);

/* Derive the message digest and leaf index from R, PK and M. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_tree_addr(wots_addr, tree);
@@ -176,7 +176,7 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_signature(

/* Sign the message hash using FORS. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_fors_sign(
sig, root, mhash, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, mhash, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

for (i = 0; i < SPX_D; i++) {
@@ -190,13 +190,13 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_signature(

/* Compute a WOTS signature. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_sign(
sig, root, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the authentication path for the used WOTS leaf. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_TREE_HEIGHT(
root, sig, sk_seed, pub_seed, idx_leaf, 0,
wots_gen_leaf, tree_addr, &state_seeded);
wots_gen_leaf, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */
@@ -228,7 +228,7 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_verify(
uint32_t tree_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

if (siglen != SPX_BYTES) {
return -1;
@@ -237,7 +237,7 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_verify(
/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, NULL);

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_type(
@@ -250,7 +250,7 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_verify(
/* Derive the message digest and leaf index from R || PK || M. */
/* The additional SPX_N is a result of the hash domain separator. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

/* Layer correctly defaults to 0, so no need to set_layer_addr */
@@ -259,7 +259,7 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_verify(
wots_addr, idx_leaf);

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_fors_pk_from_sig(
root, sig, mhash, pub_seed, wots_addr, &state_seeded);
root, sig, mhash, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

/* For each subtree.. */
@@ -279,17 +279,17 @@ int PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_crypto_sign_verify(
/* Initially, root is the FORS pk, but on subsequent iterations it is
the root of the subtree below the currently processed subtree. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_pk_from_sig(
wots_pk, sig, root, pub_seed, wots_addr, &state_seeded);
wots_pk, sig, root, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the leaf node using the WOTS public key. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_WOTS_LEN(
leaf, wots_pk, pub_seed, wots_pk_addr, &state_seeded);
leaf, wots_pk, pub_seed, wots_pk_addr, &hash_state_seeded);

/* Compute the root node of this subtree. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_compute_root(
root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT,
pub_seed, tree_addr, &state_seeded);
pub_seed, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */


+ 5
- 5
crypto_sign/sphincs-haraka-128s-robust/clean/thash.h Ver arquivo

@@ -2,26 +2,26 @@
#define SPX_THASH_H

#include <stdint.h>
#include "primitive.h"
#include "hash_state.h"

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 15
crypto_sign/sphincs-haraka-128s-robust/clean/thash_haraka_robust.c Ver arquivo

@@ -3,7 +3,7 @@

#include "address.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"

#include "haraka.h"
@@ -15,7 +15,7 @@ static void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash(
unsigned char *out, unsigned char *buf,
const unsigned char *in, unsigned int inblocks,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char *bitmask = buf + SPX_ADDR_BYTES;
unsigned char outbuf[32];
@@ -23,7 +23,6 @@ static void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash(
unsigned int i;

(void)pub_seed; /* Suppress an 'unused parameter' warning. */
(void)state_seeded; /* TODO this should be fed into haraka */

if (inblocks == 1) {
/* F function */
@@ -31,24 +30,24 @@ static void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash(
memset(buf_tmp, 0, 64);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_addr_to_bytes(buf_tmp, addr);

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka256(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka256(outbuf, buf_tmp, hash_state_seeded);
for (i = 0; i < inblocks * SPX_N; i++) {
buf_tmp[SPX_ADDR_BYTES + i] = in[i] ^ outbuf[i];
}
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka512(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka512(outbuf, buf_tmp, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
} else {
/* All other tweakable hashes*/
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S(
bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, state_seeded);
bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, hash_state_seeded);

for (i = 0; i < inblocks * SPX_N; i++) {
buf[SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i];
}

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_haraka_S(
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, state_seeded);
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, hash_state_seeded);
}
}

@@ -57,39 +56,39 @@ static void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash(
void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 1 * SPX_N];
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash(
out, buf, in, 1, pub_seed, addr, state_seeded);
out, buf, in, 1, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 2 * SPX_N];
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash(
out, buf, in, 2, pub_seed, addr, state_seeded);
out, buf, in, 2, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_WOTS_LEN * SPX_N];
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash(
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, state_seeded);
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_FORS_TREES * SPX_N];
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash(
out, buf, in, SPX_FORS_TREES, pub_seed, addr, state_seeded);
out, buf, in, SPX_FORS_TREES, pub_seed, addr, hash_state_seeded);
}

+ 15
- 15
crypto_sign/sphincs-haraka-128s-robust/clean/utils.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

@@ -43,7 +43,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;
unsigned char buffer[2 * SPX_N];

@@ -69,11 +69,11 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_compute_root(
/* Pick the right or left neighbor, depending on parity of the node. */
if (leaf_idx & 1) {
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_2(
buffer + SPX_N, buffer, pub_seed, addr, state_seeded);
buffer + SPX_N, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer, auth_path, SPX_N);
} else {
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_2(
buffer, buffer, pub_seed, addr, state_seeded);
buffer, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer + SPX_N, auth_path, SPX_N);
}
auth_path += SPX_N;
@@ -86,7 +86,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_compute_root(
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_tree_index(
addr, leaf_idx + idx_offset);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_2(
root, buffer, pub_seed, addr, state_seeded);
root, buffer, pub_seed, addr, hash_state_seeded);
}

/**
@@ -107,9 +107,9 @@ static void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned int offset = 0;
uint32_t idx;
@@ -119,7 +119,7 @@ static void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash(
/* Add the next leaf node to the stack. */
gen_leaf(stack + offset * SPX_N,
sk_seed, pub_seed, idx + idx_offset, tree_addr,
state_seeded);
hash_state_seeded);
offset++;
heights[offset - 1] = 0;

@@ -141,7 +141,7 @@ static void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash(
/* Hash the top-most nodes from the stack together. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_2(
stack + (offset - 2)*SPX_N, stack + (offset - 2)*SPX_N,
pub_seed, tree_addr, state_seeded);
pub_seed, tree_addr, hash_state_seeded);
offset--;
/* Note that the top-most node is now one layer higher. */
heights[offset - 1]++;
@@ -167,15 +167,15 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_FORS_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_FORS_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_TREE_HEIGHT(
@@ -187,13 +187,13 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_TREE_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_TREE_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

+ 6
- 6
crypto_sign/sphincs-haraka-128s-robust/clean/utils.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_UTILS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stddef.h>
#include <stdint.h>

@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* For a given leaf index, computes the authentication path and the resulting
@@ -46,8 +46,8 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_TREE_HEIGHT(
unsigned char *root, unsigned char *auth_path,
@@ -58,7 +58,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

#endif

+ 13
- 13
crypto_sign/sphincs-haraka-128s-robust/clean/wots.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"
#include "wots.h"
@@ -19,12 +19,12 @@
*/
static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t wots_addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
/* Make sure that the hash address is actually zeroed. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_hash_addr(wots_addr, 0);

/* Generate sk element. */
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_prf_addr(sk, sk_seed, wots_addr, state_seeded);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_prf_addr(sk, sk_seed, wots_addr, hash_state_seeded);
}

/**
@@ -37,7 +37,7 @@ static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
static void gen_chain(unsigned char *out, const unsigned char *in,
unsigned int start, unsigned int steps,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

/* Initialize out with the value at position 'start'. */
@@ -47,7 +47,7 @@ static void gen_chain(unsigned char *out, const unsigned char *in,
for (i = start; i < (start + steps) && i < SPX_WOTS_W; i++) {
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_hash_addr(addr, i);
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_thash_1(
out, out, pub_seed, addr, state_seeded);
out, out, pub_seed, addr, hash_state_seeded);
}
}

@@ -113,14 +113,14 @@ static void chain_lengths(unsigned int *lengths, const unsigned char *msg) {
void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, state_seeded);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(pk + i * SPX_N, pk + i * SPX_N,
0, SPX_WOTS_W - 1, pub_seed, addr, state_seeded);
0, SPX_WOTS_W - 1, pub_seed, addr, hash_state_seeded);
}
}

@@ -130,7 +130,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded) {
uint32_t addr[8], const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -138,8 +138,8 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_sign(

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, state_seeded);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, hash_state_seeded);
}
}

@@ -152,7 +152,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -162,6 +162,6 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_pk_from_sig(
PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_set_chain_addr(addr, i);
gen_chain(pk + i * SPX_N, sig + i * SPX_N,
lengths[i], SPX_WOTS_W - 1 - lengths[i], pub_seed, addr,
state_seeded);
hash_state_seeded);
}
}

+ 4
- 4
crypto_sign/sphincs-haraka-128s-robust/clean/wots.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_WOTS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stdint.h>

/**
@@ -16,7 +16,7 @@
void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* Takes a n-byte message and the 32-byte seed for the private key to compute a
@@ -25,7 +25,7 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded);
uint32_t addr[8], const hash_state *hash_state_seeded);

/**
* Takes a WOTS signature and an n-byte message, computes a WOTS public key.
@@ -36,6 +36,6 @@ void PQCLEAN_SPHINCSHARAKA128SROBUST_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 16
- 16
crypto_sign/sphincs-haraka-128s-simple/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-128s-simple/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-128s-simple/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-128s-simple/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


crypto_sign/sphincs-haraka-128s-simple/clean/primitive.h → crypto_sign/sphincs-haraka-128s-simple/clean/hash_state.h Ver arquivo


+ 21
- 21
crypto_sign/sphincs-haraka-128s-simple/clean/sign.c Ver arquivo

@@ -7,7 +7,7 @@
#include "fors.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "randombytes.h"
#include "thash.h"
#include "utils.h"
@@ -20,7 +20,7 @@
static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char pk[SPX_WOTS_BYTES];
uint32_t wots_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};
@@ -35,12 +35,12 @@ static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_keypair_addr(
wots_addr, addr_idx);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_gen_pk(
pk, sk_seed, pub_seed, wots_addr, state_seeded);
pk, sk_seed, pub_seed, wots_addr, hash_state_seeded);

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_copy_keypair_addr(
wots_pk_addr, wots_addr);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_WOTS_LEN(
leaf, pk, pub_seed, wots_pk_addr, state_seeded);
leaf, pk, pub_seed, wots_pk_addr, hash_state_seeded);
}

/*
@@ -83,7 +83,7 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_seed_keypair(
in one function. */
unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N];
uint32_t top_tree_addr[8] = {0};
hash_state state_seeded;
hash_state hash_state_seeded;

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_layer_addr(
top_tree_addr, SPX_D - 1);
@@ -97,12 +97,12 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_seed_keypair(

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_initialize_hash_function(&state_seeded, pk, sk);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_initialize_hash_function(&hash_state_seeded, pk, sk);

/* Compute root node of the top-most subtree. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
sk + 3 * SPX_N, auth_path, sk, sk + 2 * SPX_N, 0, 0,
wots_gen_leaf, top_tree_addr, &state_seeded);
wots_gen_leaf, top_tree_addr, &hash_state_seeded);

memcpy(pk + SPX_N, sk + 3 * SPX_N, SPX_N);

@@ -144,12 +144,12 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_signature(
uint32_t wots_addr[8] = {0};
uint32_t tree_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, sk_seed);

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_type(
@@ -163,11 +163,11 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_signature(
randombytes(optrand, SPX_N);
/* Compute the digest randomization value. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_gen_message_random(
sig, sk_prf, optrand, m, mlen, &state_seeded);
sig, sk_prf, optrand, m, mlen, &hash_state_seeded);

/* Derive the message digest and leaf index from R, PK and M. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_tree_addr(wots_addr, tree);
@@ -176,7 +176,7 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_signature(

/* Sign the message hash using FORS. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_fors_sign(
sig, root, mhash, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, mhash, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

for (i = 0; i < SPX_D; i++) {
@@ -190,13 +190,13 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_signature(

/* Compute a WOTS signature. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_sign(
sig, root, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the authentication path for the used WOTS leaf. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
root, sig, sk_seed, pub_seed, idx_leaf, 0,
wots_gen_leaf, tree_addr, &state_seeded);
wots_gen_leaf, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */
@@ -228,7 +228,7 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_verify(
uint32_t tree_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

if (siglen != SPX_BYTES) {
return -1;
@@ -237,7 +237,7 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_verify(
/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, NULL);

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_type(
@@ -250,7 +250,7 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_verify(
/* Derive the message digest and leaf index from R || PK || M. */
/* The additional SPX_N is a result of the hash domain separator. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

/* Layer correctly defaults to 0, so no need to set_layer_addr */
@@ -259,7 +259,7 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_verify(
wots_addr, idx_leaf);

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_fors_pk_from_sig(
root, sig, mhash, pub_seed, wots_addr, &state_seeded);
root, sig, mhash, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

/* For each subtree.. */
@@ -279,17 +279,17 @@ int PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_crypto_sign_verify(
/* Initially, root is the FORS pk, but on subsequent iterations it is
the root of the subtree below the currently processed subtree. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_pk_from_sig(
wots_pk, sig, root, pub_seed, wots_addr, &state_seeded);
wots_pk, sig, root, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the leaf node using the WOTS public key. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_WOTS_LEN(
leaf, wots_pk, pub_seed, wots_pk_addr, &state_seeded);
leaf, wots_pk, pub_seed, wots_pk_addr, &hash_state_seeded);

/* Compute the root node of this subtree. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_compute_root(
root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT,
pub_seed, tree_addr, &state_seeded);
pub_seed, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */


+ 5
- 5
crypto_sign/sphincs-haraka-128s-simple/clean/thash.h Ver arquivo

@@ -2,26 +2,26 @@
#define SPX_THASH_H

#include <stdint.h>
#include "primitive.h"
#include "hash_state.h"

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 11
- 12
crypto_sign/sphincs-haraka-128s-simple/clean/thash_haraka_simple.c Ver arquivo

@@ -14,13 +14,12 @@ static void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash(
unsigned char *out, unsigned char *buf,
const unsigned char *in, unsigned int inblocks,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char outbuf[32];
unsigned char buf_tmp[64];

(void)pub_seed; /* Suppress an 'unused parameter' warning. */
(void)state_seeded;

if (inblocks == 1) {
/* F function */
@@ -29,7 +28,7 @@ static void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash(
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_addr_to_bytes(buf_tmp, addr);
memcpy(buf_tmp + SPX_ADDR_BYTES, in, SPX_N);

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka512(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka512(outbuf, buf_tmp, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
} else {
/* All other tweakable hashes*/
@@ -37,7 +36,7 @@ static void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash(
memcpy(buf + SPX_ADDR_BYTES, in, inblocks * SPX_N);

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_haraka_S(
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, state_seeded);
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, hash_state_seeded);
}
}

@@ -46,39 +45,39 @@ static void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash(
void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 1 * SPX_N];
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash(
out, buf, in, 1, pub_seed, addr, state_seeded);
out, buf, in, 1, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 2 * SPX_N];
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash(
out, buf, in, 2, pub_seed, addr, state_seeded);
out, buf, in, 2, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_WOTS_LEN * SPX_N];
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash(
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, state_seeded);
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_FORS_TREES * SPX_N];
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash(
out, buf, in, SPX_FORS_TREES, pub_seed, addr, state_seeded);
out, buf, in, SPX_FORS_TREES, pub_seed, addr, hash_state_seeded);
}

+ 15
- 15
crypto_sign/sphincs-haraka-128s-simple/clean/utils.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

@@ -43,7 +43,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;
unsigned char buffer[2 * SPX_N];

@@ -69,11 +69,11 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_compute_root(
/* Pick the right or left neighbor, depending on parity of the node. */
if (leaf_idx & 1) {
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_2(
buffer + SPX_N, buffer, pub_seed, addr, state_seeded);
buffer + SPX_N, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer, auth_path, SPX_N);
} else {
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_2(
buffer, buffer, pub_seed, addr, state_seeded);
buffer, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer + SPX_N, auth_path, SPX_N);
}
auth_path += SPX_N;
@@ -86,7 +86,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_compute_root(
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_tree_index(
addr, leaf_idx + idx_offset);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_2(
root, buffer, pub_seed, addr, state_seeded);
root, buffer, pub_seed, addr, hash_state_seeded);
}

/**
@@ -107,9 +107,9 @@ static void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned int offset = 0;
uint32_t idx;
@@ -119,7 +119,7 @@ static void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash(
/* Add the next leaf node to the stack. */
gen_leaf(stack + offset * SPX_N,
sk_seed, pub_seed, idx + idx_offset, tree_addr,
state_seeded);
hash_state_seeded);
offset++;
heights[offset - 1] = 0;

@@ -141,7 +141,7 @@ static void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash(
/* Hash the top-most nodes from the stack together. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_2(
stack + (offset - 2)*SPX_N, stack + (offset - 2)*SPX_N,
pub_seed, tree_addr, state_seeded);
pub_seed, tree_addr, hash_state_seeded);
offset--;
/* Note that the top-most node is now one layer higher. */
heights[offset - 1]++;
@@ -167,15 +167,15 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_FORS_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_FORS_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
@@ -187,13 +187,13 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_TREE_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_TREE_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

+ 6
- 6
crypto_sign/sphincs-haraka-128s-simple/clean/utils.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_UTILS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stddef.h>
#include <stdint.h>

@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* For a given leaf index, computes the authentication path and the resulting
@@ -46,8 +46,8 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
unsigned char *root, unsigned char *auth_path,
@@ -58,7 +58,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

#endif

+ 13
- 13
crypto_sign/sphincs-haraka-128s-simple/clean/wots.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"
#include "wots.h"
@@ -19,12 +19,12 @@
*/
static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t wots_addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
/* Make sure that the hash address is actually zeroed. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_hash_addr(wots_addr, 0);

/* Generate sk element. */
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_prf_addr(sk, sk_seed, wots_addr, state_seeded);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_prf_addr(sk, sk_seed, wots_addr, hash_state_seeded);
}

/**
@@ -37,7 +37,7 @@ static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
static void gen_chain(unsigned char *out, const unsigned char *in,
unsigned int start, unsigned int steps,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

/* Initialize out with the value at position 'start'. */
@@ -47,7 +47,7 @@ static void gen_chain(unsigned char *out, const unsigned char *in,
for (i = start; i < (start + steps) && i < SPX_WOTS_W; i++) {
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_hash_addr(addr, i);
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_thash_1(
out, out, pub_seed, addr, state_seeded);
out, out, pub_seed, addr, hash_state_seeded);
}
}

@@ -113,14 +113,14 @@ static void chain_lengths(unsigned int *lengths, const unsigned char *msg) {
void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, state_seeded);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(pk + i * SPX_N, pk + i * SPX_N,
0, SPX_WOTS_W - 1, pub_seed, addr, state_seeded);
0, SPX_WOTS_W - 1, pub_seed, addr, hash_state_seeded);
}
}

@@ -130,7 +130,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded) {
uint32_t addr[8], const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -138,8 +138,8 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_sign(

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, state_seeded);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, hash_state_seeded);
}
}

@@ -152,7 +152,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -162,6 +162,6 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_pk_from_sig(
PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_set_chain_addr(addr, i);
gen_chain(pk + i * SPX_N, sig + i * SPX_N,
lengths[i], SPX_WOTS_W - 1 - lengths[i], pub_seed, addr,
state_seeded);
hash_state_seeded);
}
}

+ 4
- 4
crypto_sign/sphincs-haraka-128s-simple/clean/wots.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_WOTS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stdint.h>

/**
@@ -16,7 +16,7 @@
void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* Takes a n-byte message and the 32-byte seed for the private key to compute a
@@ -25,7 +25,7 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded);
uint32_t addr[8], const hash_state *hash_state_seeded);

/**
* Takes a WOTS signature and an n-byte message, computes a WOTS public key.
@@ -36,6 +36,6 @@ void PQCLEAN_SPHINCSHARAKA128SSIMPLE_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 16
- 16
crypto_sign/sphincs-haraka-192f-robust/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-192f-robust/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-192f-robust/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-192f-robust/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


crypto_sign/sphincs-haraka-192f-robust/clean/primitive.h → crypto_sign/sphincs-haraka-192f-robust/clean/hash_state.h Ver arquivo


+ 21
- 21
crypto_sign/sphincs-haraka-192f-robust/clean/sign.c Ver arquivo

@@ -7,7 +7,7 @@
#include "fors.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "randombytes.h"
#include "thash.h"
#include "utils.h"
@@ -20,7 +20,7 @@
static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char pk[SPX_WOTS_BYTES];
uint32_t wots_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};
@@ -35,12 +35,12 @@ static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_keypair_addr(
wots_addr, addr_idx);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_gen_pk(
pk, sk_seed, pub_seed, wots_addr, state_seeded);
pk, sk_seed, pub_seed, wots_addr, hash_state_seeded);

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_copy_keypair_addr(
wots_pk_addr, wots_addr);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_WOTS_LEN(
leaf, pk, pub_seed, wots_pk_addr, state_seeded);
leaf, pk, pub_seed, wots_pk_addr, hash_state_seeded);
}

/*
@@ -83,7 +83,7 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_seed_keypair(
in one function. */
unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N];
uint32_t top_tree_addr[8] = {0};
hash_state state_seeded;
hash_state hash_state_seeded;

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_layer_addr(
top_tree_addr, SPX_D - 1);
@@ -97,12 +97,12 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_seed_keypair(

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_initialize_hash_function(&state_seeded, pk, sk);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_initialize_hash_function(&hash_state_seeded, pk, sk);

/* Compute root node of the top-most subtree. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_TREE_HEIGHT(
sk + 3 * SPX_N, auth_path, sk, sk + 2 * SPX_N, 0, 0,
wots_gen_leaf, top_tree_addr, &state_seeded);
wots_gen_leaf, top_tree_addr, &hash_state_seeded);

memcpy(pk + SPX_N, sk + 3 * SPX_N, SPX_N);

@@ -144,12 +144,12 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_signature(
uint32_t wots_addr[8] = {0};
uint32_t tree_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, sk_seed);

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_type(
@@ -163,11 +163,11 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_signature(
randombytes(optrand, SPX_N);
/* Compute the digest randomization value. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_gen_message_random(
sig, sk_prf, optrand, m, mlen, &state_seeded);
sig, sk_prf, optrand, m, mlen, &hash_state_seeded);

/* Derive the message digest and leaf index from R, PK and M. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_tree_addr(wots_addr, tree);
@@ -176,7 +176,7 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_signature(

/* Sign the message hash using FORS. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_fors_sign(
sig, root, mhash, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, mhash, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

for (i = 0; i < SPX_D; i++) {
@@ -190,13 +190,13 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_signature(

/* Compute a WOTS signature. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_sign(
sig, root, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the authentication path for the used WOTS leaf. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_TREE_HEIGHT(
root, sig, sk_seed, pub_seed, idx_leaf, 0,
wots_gen_leaf, tree_addr, &state_seeded);
wots_gen_leaf, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */
@@ -228,7 +228,7 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_verify(
uint32_t tree_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

if (siglen != SPX_BYTES) {
return -1;
@@ -237,7 +237,7 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_verify(
/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, NULL);

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_type(
@@ -250,7 +250,7 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_verify(
/* Derive the message digest and leaf index from R || PK || M. */
/* The additional SPX_N is a result of the hash domain separator. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

/* Layer correctly defaults to 0, so no need to set_layer_addr */
@@ -259,7 +259,7 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_verify(
wots_addr, idx_leaf);

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_fors_pk_from_sig(
root, sig, mhash, pub_seed, wots_addr, &state_seeded);
root, sig, mhash, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

/* For each subtree.. */
@@ -279,17 +279,17 @@ int PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_crypto_sign_verify(
/* Initially, root is the FORS pk, but on subsequent iterations it is
the root of the subtree below the currently processed subtree. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_pk_from_sig(
wots_pk, sig, root, pub_seed, wots_addr, &state_seeded);
wots_pk, sig, root, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the leaf node using the WOTS public key. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_WOTS_LEN(
leaf, wots_pk, pub_seed, wots_pk_addr, &state_seeded);
leaf, wots_pk, pub_seed, wots_pk_addr, &hash_state_seeded);

/* Compute the root node of this subtree. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_compute_root(
root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT,
pub_seed, tree_addr, &state_seeded);
pub_seed, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */


+ 5
- 5
crypto_sign/sphincs-haraka-192f-robust/clean/thash.h Ver arquivo

@@ -2,26 +2,26 @@
#define SPX_THASH_H

#include <stdint.h>
#include "primitive.h"
#include "hash_state.h"

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 15
crypto_sign/sphincs-haraka-192f-robust/clean/thash_haraka_robust.c Ver arquivo

@@ -3,7 +3,7 @@

#include "address.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"

#include "haraka.h"
@@ -15,7 +15,7 @@ static void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash(
unsigned char *out, unsigned char *buf,
const unsigned char *in, unsigned int inblocks,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char *bitmask = buf + SPX_ADDR_BYTES;
unsigned char outbuf[32];
@@ -23,7 +23,6 @@ static void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash(
unsigned int i;

(void)pub_seed; /* Suppress an 'unused parameter' warning. */
(void)state_seeded; /* TODO this should be fed into haraka */

if (inblocks == 1) {
/* F function */
@@ -31,24 +30,24 @@ static void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash(
memset(buf_tmp, 0, 64);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_addr_to_bytes(buf_tmp, addr);

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka256(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka256(outbuf, buf_tmp, hash_state_seeded);
for (i = 0; i < inblocks * SPX_N; i++) {
buf_tmp[SPX_ADDR_BYTES + i] = in[i] ^ outbuf[i];
}
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka512(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka512(outbuf, buf_tmp, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
} else {
/* All other tweakable hashes*/
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S(
bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, state_seeded);
bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, hash_state_seeded);

for (i = 0; i < inblocks * SPX_N; i++) {
buf[SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i];
}

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_haraka_S(
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, state_seeded);
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, hash_state_seeded);
}
}

@@ -57,39 +56,39 @@ static void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash(
void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 1 * SPX_N];
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash(
out, buf, in, 1, pub_seed, addr, state_seeded);
out, buf, in, 1, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 2 * SPX_N];
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash(
out, buf, in, 2, pub_seed, addr, state_seeded);
out, buf, in, 2, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_WOTS_LEN * SPX_N];
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash(
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, state_seeded);
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_FORS_TREES * SPX_N];
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash(
out, buf, in, SPX_FORS_TREES, pub_seed, addr, state_seeded);
out, buf, in, SPX_FORS_TREES, pub_seed, addr, hash_state_seeded);
}

+ 15
- 15
crypto_sign/sphincs-haraka-192f-robust/clean/utils.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

@@ -43,7 +43,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;
unsigned char buffer[2 * SPX_N];

@@ -69,11 +69,11 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_compute_root(
/* Pick the right or left neighbor, depending on parity of the node. */
if (leaf_idx & 1) {
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_2(
buffer + SPX_N, buffer, pub_seed, addr, state_seeded);
buffer + SPX_N, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer, auth_path, SPX_N);
} else {
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_2(
buffer, buffer, pub_seed, addr, state_seeded);
buffer, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer + SPX_N, auth_path, SPX_N);
}
auth_path += SPX_N;
@@ -86,7 +86,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_compute_root(
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_tree_index(
addr, leaf_idx + idx_offset);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_2(
root, buffer, pub_seed, addr, state_seeded);
root, buffer, pub_seed, addr, hash_state_seeded);
}

/**
@@ -107,9 +107,9 @@ static void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned int offset = 0;
uint32_t idx;
@@ -119,7 +119,7 @@ static void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash(
/* Add the next leaf node to the stack. */
gen_leaf(stack + offset * SPX_N,
sk_seed, pub_seed, idx + idx_offset, tree_addr,
state_seeded);
hash_state_seeded);
offset++;
heights[offset - 1] = 0;

@@ -141,7 +141,7 @@ static void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash(
/* Hash the top-most nodes from the stack together. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_2(
stack + (offset - 2)*SPX_N, stack + (offset - 2)*SPX_N,
pub_seed, tree_addr, state_seeded);
pub_seed, tree_addr, hash_state_seeded);
offset--;
/* Note that the top-most node is now one layer higher. */
heights[offset - 1]++;
@@ -167,15 +167,15 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_FORS_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_FORS_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_TREE_HEIGHT(
@@ -187,13 +187,13 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_TREE_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_TREE_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

+ 6
- 6
crypto_sign/sphincs-haraka-192f-robust/clean/utils.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_UTILS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stddef.h>
#include <stdint.h>

@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* For a given leaf index, computes the authentication path and the resulting
@@ -46,8 +46,8 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_TREE_HEIGHT(
unsigned char *root, unsigned char *auth_path,
@@ -58,7 +58,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

#endif

+ 13
- 13
crypto_sign/sphincs-haraka-192f-robust/clean/wots.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"
#include "wots.h"
@@ -19,12 +19,12 @@
*/
static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t wots_addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
/* Make sure that the hash address is actually zeroed. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_hash_addr(wots_addr, 0);

/* Generate sk element. */
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_prf_addr(sk, sk_seed, wots_addr, state_seeded);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_prf_addr(sk, sk_seed, wots_addr, hash_state_seeded);
}

/**
@@ -37,7 +37,7 @@ static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
static void gen_chain(unsigned char *out, const unsigned char *in,
unsigned int start, unsigned int steps,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

/* Initialize out with the value at position 'start'. */
@@ -47,7 +47,7 @@ static void gen_chain(unsigned char *out, const unsigned char *in,
for (i = start; i < (start + steps) && i < SPX_WOTS_W; i++) {
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_hash_addr(addr, i);
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_thash_1(
out, out, pub_seed, addr, state_seeded);
out, out, pub_seed, addr, hash_state_seeded);
}
}

@@ -113,14 +113,14 @@ static void chain_lengths(unsigned int *lengths, const unsigned char *msg) {
void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, state_seeded);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(pk + i * SPX_N, pk + i * SPX_N,
0, SPX_WOTS_W - 1, pub_seed, addr, state_seeded);
0, SPX_WOTS_W - 1, pub_seed, addr, hash_state_seeded);
}
}

@@ -130,7 +130,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded) {
uint32_t addr[8], const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -138,8 +138,8 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_sign(

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, state_seeded);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, hash_state_seeded);
}
}

@@ -152,7 +152,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -162,6 +162,6 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_pk_from_sig(
PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_set_chain_addr(addr, i);
gen_chain(pk + i * SPX_N, sig + i * SPX_N,
lengths[i], SPX_WOTS_W - 1 - lengths[i], pub_seed, addr,
state_seeded);
hash_state_seeded);
}
}

+ 4
- 4
crypto_sign/sphincs-haraka-192f-robust/clean/wots.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_WOTS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stdint.h>

/**
@@ -16,7 +16,7 @@
void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* Takes a n-byte message and the 32-byte seed for the private key to compute a
@@ -25,7 +25,7 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded);
uint32_t addr[8], const hash_state *hash_state_seeded);

/**
* Takes a WOTS signature and an n-byte message, computes a WOTS public key.
@@ -36,6 +36,6 @@ void PQCLEAN_SPHINCSHARAKA192FROBUST_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 16
- 16
crypto_sign/sphincs-haraka-192f-simple/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-192f-simple/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-192f-simple/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-192f-simple/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


crypto_sign/sphincs-haraka-192f-simple/clean/primitive.h → crypto_sign/sphincs-haraka-192f-simple/clean/hash_state.h Ver arquivo


+ 21
- 21
crypto_sign/sphincs-haraka-192f-simple/clean/sign.c Ver arquivo

@@ -7,7 +7,7 @@
#include "fors.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "randombytes.h"
#include "thash.h"
#include "utils.h"
@@ -20,7 +20,7 @@
static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char pk[SPX_WOTS_BYTES];
uint32_t wots_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};
@@ -35,12 +35,12 @@ static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_keypair_addr(
wots_addr, addr_idx);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_gen_pk(
pk, sk_seed, pub_seed, wots_addr, state_seeded);
pk, sk_seed, pub_seed, wots_addr, hash_state_seeded);

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_copy_keypair_addr(
wots_pk_addr, wots_addr);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_WOTS_LEN(
leaf, pk, pub_seed, wots_pk_addr, state_seeded);
leaf, pk, pub_seed, wots_pk_addr, hash_state_seeded);
}

/*
@@ -83,7 +83,7 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_seed_keypair(
in one function. */
unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N];
uint32_t top_tree_addr[8] = {0};
hash_state state_seeded;
hash_state hash_state_seeded;

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_layer_addr(
top_tree_addr, SPX_D - 1);
@@ -97,12 +97,12 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_seed_keypair(

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(&state_seeded, pk, sk);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(&hash_state_seeded, pk, sk);

/* Compute root node of the top-most subtree. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
sk + 3 * SPX_N, auth_path, sk, sk + 2 * SPX_N, 0, 0,
wots_gen_leaf, top_tree_addr, &state_seeded);
wots_gen_leaf, top_tree_addr, &hash_state_seeded);

memcpy(pk + SPX_N, sk + 3 * SPX_N, SPX_N);

@@ -144,12 +144,12 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_signature(
uint32_t wots_addr[8] = {0};
uint32_t tree_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, sk_seed);

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_type(
@@ -163,11 +163,11 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_signature(
randombytes(optrand, SPX_N);
/* Compute the digest randomization value. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_gen_message_random(
sig, sk_prf, optrand, m, mlen, &state_seeded);
sig, sk_prf, optrand, m, mlen, &hash_state_seeded);

/* Derive the message digest and leaf index from R, PK and M. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_tree_addr(wots_addr, tree);
@@ -176,7 +176,7 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_signature(

/* Sign the message hash using FORS. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_fors_sign(
sig, root, mhash, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, mhash, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

for (i = 0; i < SPX_D; i++) {
@@ -190,13 +190,13 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_signature(

/* Compute a WOTS signature. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_sign(
sig, root, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the authentication path for the used WOTS leaf. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
root, sig, sk_seed, pub_seed, idx_leaf, 0,
wots_gen_leaf, tree_addr, &state_seeded);
wots_gen_leaf, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */
@@ -228,7 +228,7 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_verify(
uint32_t tree_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

if (siglen != SPX_BYTES) {
return -1;
@@ -237,7 +237,7 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_verify(
/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, NULL);

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_type(
@@ -250,7 +250,7 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_verify(
/* Derive the message digest and leaf index from R || PK || M. */
/* The additional SPX_N is a result of the hash domain separator. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

/* Layer correctly defaults to 0, so no need to set_layer_addr */
@@ -259,7 +259,7 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_verify(
wots_addr, idx_leaf);

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_fors_pk_from_sig(
root, sig, mhash, pub_seed, wots_addr, &state_seeded);
root, sig, mhash, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

/* For each subtree.. */
@@ -279,17 +279,17 @@ int PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_crypto_sign_verify(
/* Initially, root is the FORS pk, but on subsequent iterations it is
the root of the subtree below the currently processed subtree. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_pk_from_sig(
wots_pk, sig, root, pub_seed, wots_addr, &state_seeded);
wots_pk, sig, root, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the leaf node using the WOTS public key. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_WOTS_LEN(
leaf, wots_pk, pub_seed, wots_pk_addr, &state_seeded);
leaf, wots_pk, pub_seed, wots_pk_addr, &hash_state_seeded);

/* Compute the root node of this subtree. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_compute_root(
root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT,
pub_seed, tree_addr, &state_seeded);
pub_seed, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */


+ 5
- 5
crypto_sign/sphincs-haraka-192f-simple/clean/thash.h Ver arquivo

@@ -2,26 +2,26 @@
#define SPX_THASH_H

#include <stdint.h>
#include "primitive.h"
#include "hash_state.h"

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 11
- 12
crypto_sign/sphincs-haraka-192f-simple/clean/thash_haraka_simple.c Ver arquivo

@@ -14,13 +14,12 @@ static void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash(
unsigned char *out, unsigned char *buf,
const unsigned char *in, unsigned int inblocks,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char outbuf[32];
unsigned char buf_tmp[64];

(void)pub_seed; /* Suppress an 'unused parameter' warning. */
(void)state_seeded;

if (inblocks == 1) {
/* F function */
@@ -29,7 +28,7 @@ static void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash(
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_addr_to_bytes(buf_tmp, addr);
memcpy(buf_tmp + SPX_ADDR_BYTES, in, SPX_N);

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka512(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka512(outbuf, buf_tmp, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
} else {
/* All other tweakable hashes*/
@@ -37,7 +36,7 @@ static void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash(
memcpy(buf + SPX_ADDR_BYTES, in, inblocks * SPX_N);

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S(
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, state_seeded);
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, hash_state_seeded);
}
}

@@ -46,39 +45,39 @@ static void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash(
void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 1 * SPX_N];
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash(
out, buf, in, 1, pub_seed, addr, state_seeded);
out, buf, in, 1, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 2 * SPX_N];
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash(
out, buf, in, 2, pub_seed, addr, state_seeded);
out, buf, in, 2, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_WOTS_LEN * SPX_N];
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash(
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, state_seeded);
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_FORS_TREES * SPX_N];
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash(
out, buf, in, SPX_FORS_TREES, pub_seed, addr, state_seeded);
out, buf, in, SPX_FORS_TREES, pub_seed, addr, hash_state_seeded);
}

+ 15
- 15
crypto_sign/sphincs-haraka-192f-simple/clean/utils.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

@@ -43,7 +43,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;
unsigned char buffer[2 * SPX_N];

@@ -69,11 +69,11 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_compute_root(
/* Pick the right or left neighbor, depending on parity of the node. */
if (leaf_idx & 1) {
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_2(
buffer + SPX_N, buffer, pub_seed, addr, state_seeded);
buffer + SPX_N, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer, auth_path, SPX_N);
} else {
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_2(
buffer, buffer, pub_seed, addr, state_seeded);
buffer, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer + SPX_N, auth_path, SPX_N);
}
auth_path += SPX_N;
@@ -86,7 +86,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_compute_root(
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_tree_index(
addr, leaf_idx + idx_offset);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_2(
root, buffer, pub_seed, addr, state_seeded);
root, buffer, pub_seed, addr, hash_state_seeded);
}

/**
@@ -107,9 +107,9 @@ static void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned int offset = 0;
uint32_t idx;
@@ -119,7 +119,7 @@ static void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash(
/* Add the next leaf node to the stack. */
gen_leaf(stack + offset * SPX_N,
sk_seed, pub_seed, idx + idx_offset, tree_addr,
state_seeded);
hash_state_seeded);
offset++;
heights[offset - 1] = 0;

@@ -141,7 +141,7 @@ static void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash(
/* Hash the top-most nodes from the stack together. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_2(
stack + (offset - 2)*SPX_N, stack + (offset - 2)*SPX_N,
pub_seed, tree_addr, state_seeded);
pub_seed, tree_addr, hash_state_seeded);
offset--;
/* Note that the top-most node is now one layer higher. */
heights[offset - 1]++;
@@ -167,15 +167,15 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_FORS_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_FORS_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
@@ -187,13 +187,13 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_TREE_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_TREE_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

+ 6
- 6
crypto_sign/sphincs-haraka-192f-simple/clean/utils.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_UTILS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stddef.h>
#include <stdint.h>

@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* For a given leaf index, computes the authentication path and the resulting
@@ -46,8 +46,8 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
unsigned char *root, unsigned char *auth_path,
@@ -58,7 +58,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

#endif

+ 13
- 13
crypto_sign/sphincs-haraka-192f-simple/clean/wots.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"
#include "wots.h"
@@ -19,12 +19,12 @@
*/
static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t wots_addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
/* Make sure that the hash address is actually zeroed. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_hash_addr(wots_addr, 0);

/* Generate sk element. */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_prf_addr(sk, sk_seed, wots_addr, state_seeded);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_prf_addr(sk, sk_seed, wots_addr, hash_state_seeded);
}

/**
@@ -37,7 +37,7 @@ static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
static void gen_chain(unsigned char *out, const unsigned char *in,
unsigned int start, unsigned int steps,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

/* Initialize out with the value at position 'start'. */
@@ -47,7 +47,7 @@ static void gen_chain(unsigned char *out, const unsigned char *in,
for (i = start; i < (start + steps) && i < SPX_WOTS_W; i++) {
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_hash_addr(addr, i);
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_thash_1(
out, out, pub_seed, addr, state_seeded);
out, out, pub_seed, addr, hash_state_seeded);
}
}

@@ -113,14 +113,14 @@ static void chain_lengths(unsigned int *lengths, const unsigned char *msg) {
void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, state_seeded);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(pk + i * SPX_N, pk + i * SPX_N,
0, SPX_WOTS_W - 1, pub_seed, addr, state_seeded);
0, SPX_WOTS_W - 1, pub_seed, addr, hash_state_seeded);
}
}

@@ -130,7 +130,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded) {
uint32_t addr[8], const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -138,8 +138,8 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_sign(

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, state_seeded);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, hash_state_seeded);
}
}

@@ -152,7 +152,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -162,6 +162,6 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_pk_from_sig(
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_set_chain_addr(addr, i);
gen_chain(pk + i * SPX_N, sig + i * SPX_N,
lengths[i], SPX_WOTS_W - 1 - lengths[i], pub_seed, addr,
state_seeded);
hash_state_seeded);
}
}

+ 4
- 4
crypto_sign/sphincs-haraka-192f-simple/clean/wots.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_WOTS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stdint.h>

/**
@@ -16,7 +16,7 @@
void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* Takes a n-byte message and the 32-byte seed for the private key to compute a
@@ -25,7 +25,7 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded);
uint32_t addr[8], const hash_state *hash_state_seeded);

/**
* Takes a WOTS signature and an n-byte message, computes a WOTS public key.
@@ -36,6 +36,6 @@ void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 16
- 16
crypto_sign/sphincs-haraka-192s-robust/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-192s-robust/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-192s-robust/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-192s-robust/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


crypto_sign/sphincs-haraka-192s-robust/clean/primitive.h → crypto_sign/sphincs-haraka-192s-robust/clean/hash_state.h Ver arquivo


+ 21
- 21
crypto_sign/sphincs-haraka-192s-robust/clean/sign.c Ver arquivo

@@ -7,7 +7,7 @@
#include "fors.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "randombytes.h"
#include "thash.h"
#include "utils.h"
@@ -20,7 +20,7 @@
static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char pk[SPX_WOTS_BYTES];
uint32_t wots_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};
@@ -35,12 +35,12 @@ static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_keypair_addr(
wots_addr, addr_idx);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_gen_pk(
pk, sk_seed, pub_seed, wots_addr, state_seeded);
pk, sk_seed, pub_seed, wots_addr, hash_state_seeded);

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_copy_keypair_addr(
wots_pk_addr, wots_addr);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_WOTS_LEN(
leaf, pk, pub_seed, wots_pk_addr, state_seeded);
leaf, pk, pub_seed, wots_pk_addr, hash_state_seeded);
}

/*
@@ -83,7 +83,7 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_seed_keypair(
in one function. */
unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N];
uint32_t top_tree_addr[8] = {0};
hash_state state_seeded;
hash_state hash_state_seeded;

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_layer_addr(
top_tree_addr, SPX_D - 1);
@@ -97,12 +97,12 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_seed_keypair(

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_initialize_hash_function(&state_seeded, pk, sk);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_initialize_hash_function(&hash_state_seeded, pk, sk);

/* Compute root node of the top-most subtree. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_TREE_HEIGHT(
sk + 3 * SPX_N, auth_path, sk, sk + 2 * SPX_N, 0, 0,
wots_gen_leaf, top_tree_addr, &state_seeded);
wots_gen_leaf, top_tree_addr, &hash_state_seeded);

memcpy(pk + SPX_N, sk + 3 * SPX_N, SPX_N);

@@ -144,12 +144,12 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_signature(
uint32_t wots_addr[8] = {0};
uint32_t tree_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, sk_seed);

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_type(
@@ -163,11 +163,11 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_signature(
randombytes(optrand, SPX_N);
/* Compute the digest randomization value. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_gen_message_random(
sig, sk_prf, optrand, m, mlen, &state_seeded);
sig, sk_prf, optrand, m, mlen, &hash_state_seeded);

/* Derive the message digest and leaf index from R, PK and M. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_tree_addr(wots_addr, tree);
@@ -176,7 +176,7 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_signature(

/* Sign the message hash using FORS. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_fors_sign(
sig, root, mhash, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, mhash, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

for (i = 0; i < SPX_D; i++) {
@@ -190,13 +190,13 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_signature(

/* Compute a WOTS signature. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_sign(
sig, root, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the authentication path for the used WOTS leaf. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_TREE_HEIGHT(
root, sig, sk_seed, pub_seed, idx_leaf, 0,
wots_gen_leaf, tree_addr, &state_seeded);
wots_gen_leaf, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */
@@ -228,7 +228,7 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_verify(
uint32_t tree_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

if (siglen != SPX_BYTES) {
return -1;
@@ -237,7 +237,7 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_verify(
/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, NULL);

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_type(
@@ -250,7 +250,7 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_verify(
/* Derive the message digest and leaf index from R || PK || M. */
/* The additional SPX_N is a result of the hash domain separator. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

/* Layer correctly defaults to 0, so no need to set_layer_addr */
@@ -259,7 +259,7 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_verify(
wots_addr, idx_leaf);

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_fors_pk_from_sig(
root, sig, mhash, pub_seed, wots_addr, &state_seeded);
root, sig, mhash, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

/* For each subtree.. */
@@ -279,17 +279,17 @@ int PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_crypto_sign_verify(
/* Initially, root is the FORS pk, but on subsequent iterations it is
the root of the subtree below the currently processed subtree. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_pk_from_sig(
wots_pk, sig, root, pub_seed, wots_addr, &state_seeded);
wots_pk, sig, root, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the leaf node using the WOTS public key. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_WOTS_LEN(
leaf, wots_pk, pub_seed, wots_pk_addr, &state_seeded);
leaf, wots_pk, pub_seed, wots_pk_addr, &hash_state_seeded);

/* Compute the root node of this subtree. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_compute_root(
root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT,
pub_seed, tree_addr, &state_seeded);
pub_seed, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */


+ 5
- 5
crypto_sign/sphincs-haraka-192s-robust/clean/thash.h Ver arquivo

@@ -2,26 +2,26 @@
#define SPX_THASH_H

#include <stdint.h>
#include "primitive.h"
#include "hash_state.h"

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 15
crypto_sign/sphincs-haraka-192s-robust/clean/thash_haraka_robust.c Ver arquivo

@@ -3,7 +3,7 @@

#include "address.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"

#include "haraka.h"
@@ -15,7 +15,7 @@ static void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash(
unsigned char *out, unsigned char *buf,
const unsigned char *in, unsigned int inblocks,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char *bitmask = buf + SPX_ADDR_BYTES;
unsigned char outbuf[32];
@@ -23,7 +23,6 @@ static void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash(
unsigned int i;

(void)pub_seed; /* Suppress an 'unused parameter' warning. */
(void)state_seeded; /* TODO this should be fed into haraka */

if (inblocks == 1) {
/* F function */
@@ -31,24 +30,24 @@ static void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash(
memset(buf_tmp, 0, 64);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_addr_to_bytes(buf_tmp, addr);

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka256(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka256(outbuf, buf_tmp, hash_state_seeded);
for (i = 0; i < inblocks * SPX_N; i++) {
buf_tmp[SPX_ADDR_BYTES + i] = in[i] ^ outbuf[i];
}
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka512(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka512(outbuf, buf_tmp, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
} else {
/* All other tweakable hashes*/
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S(
bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, state_seeded);
bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, hash_state_seeded);

for (i = 0; i < inblocks * SPX_N; i++) {
buf[SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i];
}

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_haraka_S(
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, state_seeded);
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, hash_state_seeded);
}
}

@@ -57,39 +56,39 @@ static void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash(
void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 1 * SPX_N];
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash(
out, buf, in, 1, pub_seed, addr, state_seeded);
out, buf, in, 1, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 2 * SPX_N];
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash(
out, buf, in, 2, pub_seed, addr, state_seeded);
out, buf, in, 2, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_WOTS_LEN * SPX_N];
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash(
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, state_seeded);
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_FORS_TREES * SPX_N];
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash(
out, buf, in, SPX_FORS_TREES, pub_seed, addr, state_seeded);
out, buf, in, SPX_FORS_TREES, pub_seed, addr, hash_state_seeded);
}

+ 15
- 15
crypto_sign/sphincs-haraka-192s-robust/clean/utils.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

@@ -43,7 +43,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;
unsigned char buffer[2 * SPX_N];

@@ -69,11 +69,11 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_compute_root(
/* Pick the right or left neighbor, depending on parity of the node. */
if (leaf_idx & 1) {
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_2(
buffer + SPX_N, buffer, pub_seed, addr, state_seeded);
buffer + SPX_N, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer, auth_path, SPX_N);
} else {
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_2(
buffer, buffer, pub_seed, addr, state_seeded);
buffer, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer + SPX_N, auth_path, SPX_N);
}
auth_path += SPX_N;
@@ -86,7 +86,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_compute_root(
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_tree_index(
addr, leaf_idx + idx_offset);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_2(
root, buffer, pub_seed, addr, state_seeded);
root, buffer, pub_seed, addr, hash_state_seeded);
}

/**
@@ -107,9 +107,9 @@ static void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned int offset = 0;
uint32_t idx;
@@ -119,7 +119,7 @@ static void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash(
/* Add the next leaf node to the stack. */
gen_leaf(stack + offset * SPX_N,
sk_seed, pub_seed, idx + idx_offset, tree_addr,
state_seeded);
hash_state_seeded);
offset++;
heights[offset - 1] = 0;

@@ -141,7 +141,7 @@ static void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash(
/* Hash the top-most nodes from the stack together. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_2(
stack + (offset - 2)*SPX_N, stack + (offset - 2)*SPX_N,
pub_seed, tree_addr, state_seeded);
pub_seed, tree_addr, hash_state_seeded);
offset--;
/* Note that the top-most node is now one layer higher. */
heights[offset - 1]++;
@@ -167,15 +167,15 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_FORS_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_FORS_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_TREE_HEIGHT(
@@ -187,13 +187,13 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_TREE_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_TREE_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

+ 6
- 6
crypto_sign/sphincs-haraka-192s-robust/clean/utils.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_UTILS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stddef.h>
#include <stdint.h>

@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* For a given leaf index, computes the authentication path and the resulting
@@ -46,8 +46,8 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_TREE_HEIGHT(
unsigned char *root, unsigned char *auth_path,
@@ -58,7 +58,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

#endif

+ 13
- 13
crypto_sign/sphincs-haraka-192s-robust/clean/wots.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"
#include "wots.h"
@@ -19,12 +19,12 @@
*/
static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t wots_addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
/* Make sure that the hash address is actually zeroed. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_hash_addr(wots_addr, 0);

/* Generate sk element. */
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_prf_addr(sk, sk_seed, wots_addr, state_seeded);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_prf_addr(sk, sk_seed, wots_addr, hash_state_seeded);
}

/**
@@ -37,7 +37,7 @@ static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
static void gen_chain(unsigned char *out, const unsigned char *in,
unsigned int start, unsigned int steps,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

/* Initialize out with the value at position 'start'. */
@@ -47,7 +47,7 @@ static void gen_chain(unsigned char *out, const unsigned char *in,
for (i = start; i < (start + steps) && i < SPX_WOTS_W; i++) {
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_hash_addr(addr, i);
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_thash_1(
out, out, pub_seed, addr, state_seeded);
out, out, pub_seed, addr, hash_state_seeded);
}
}

@@ -113,14 +113,14 @@ static void chain_lengths(unsigned int *lengths, const unsigned char *msg) {
void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, state_seeded);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(pk + i * SPX_N, pk + i * SPX_N,
0, SPX_WOTS_W - 1, pub_seed, addr, state_seeded);
0, SPX_WOTS_W - 1, pub_seed, addr, hash_state_seeded);
}
}

@@ -130,7 +130,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded) {
uint32_t addr[8], const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -138,8 +138,8 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_sign(

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, state_seeded);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, hash_state_seeded);
}
}

@@ -152,7 +152,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -162,6 +162,6 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_pk_from_sig(
PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_set_chain_addr(addr, i);
gen_chain(pk + i * SPX_N, sig + i * SPX_N,
lengths[i], SPX_WOTS_W - 1 - lengths[i], pub_seed, addr,
state_seeded);
hash_state_seeded);
}
}

+ 4
- 4
crypto_sign/sphincs-haraka-192s-robust/clean/wots.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_WOTS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stdint.h>

/**
@@ -16,7 +16,7 @@
void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* Takes a n-byte message and the 32-byte seed for the private key to compute a
@@ -25,7 +25,7 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded);
uint32_t addr[8], const hash_state *hash_state_seeded);

/**
* Takes a WOTS signature and an n-byte message, computes a WOTS public key.
@@ -36,6 +36,6 @@ void PQCLEAN_SPHINCSHARAKA192SROBUST_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 16
- 16
crypto_sign/sphincs-haraka-192s-simple/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-192s-simple/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-192s-simple/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-192s-simple/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


crypto_sign/sphincs-haraka-192s-simple/clean/primitive.h → crypto_sign/sphincs-haraka-192s-simple/clean/hash_state.h Ver arquivo


+ 21
- 21
crypto_sign/sphincs-haraka-192s-simple/clean/sign.c Ver arquivo

@@ -7,7 +7,7 @@
#include "fors.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "randombytes.h"
#include "thash.h"
#include "utils.h"
@@ -20,7 +20,7 @@
static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char pk[SPX_WOTS_BYTES];
uint32_t wots_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};
@@ -35,12 +35,12 @@ static void wots_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_keypair_addr(
wots_addr, addr_idx);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_gen_pk(
pk, sk_seed, pub_seed, wots_addr, state_seeded);
pk, sk_seed, pub_seed, wots_addr, hash_state_seeded);

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_copy_keypair_addr(
wots_pk_addr, wots_addr);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_WOTS_LEN(
leaf, pk, pub_seed, wots_pk_addr, state_seeded);
leaf, pk, pub_seed, wots_pk_addr, hash_state_seeded);
}

/*
@@ -83,7 +83,7 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_seed_keypair(
in one function. */
unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N];
uint32_t top_tree_addr[8] = {0};
hash_state state_seeded;
hash_state hash_state_seeded;

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_layer_addr(
top_tree_addr, SPX_D - 1);
@@ -97,12 +97,12 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_seed_keypair(

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_initialize_hash_function(&state_seeded, pk, sk);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_initialize_hash_function(&hash_state_seeded, pk, sk);

/* Compute root node of the top-most subtree. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
sk + 3 * SPX_N, auth_path, sk, sk + 2 * SPX_N, 0, 0,
wots_gen_leaf, top_tree_addr, &state_seeded);
wots_gen_leaf, top_tree_addr, &hash_state_seeded);

memcpy(pk + SPX_N, sk + 3 * SPX_N, SPX_N);

@@ -144,12 +144,12 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_signature(
uint32_t wots_addr[8] = {0};
uint32_t tree_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, sk_seed);

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_type(
@@ -163,11 +163,11 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_signature(
randombytes(optrand, SPX_N);
/* Compute the digest randomization value. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_gen_message_random(
sig, sk_prf, optrand, m, mlen, &state_seeded);
sig, sk_prf, optrand, m, mlen, &hash_state_seeded);

/* Derive the message digest and leaf index from R, PK and M. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_tree_addr(wots_addr, tree);
@@ -176,7 +176,7 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_signature(

/* Sign the message hash using FORS. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_fors_sign(
sig, root, mhash, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, mhash, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

for (i = 0; i < SPX_D; i++) {
@@ -190,13 +190,13 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_signature(

/* Compute a WOTS signature. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_sign(
sig, root, sk_seed, pub_seed, wots_addr, &state_seeded);
sig, root, sk_seed, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the authentication path for the used WOTS leaf. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
root, sig, sk_seed, pub_seed, idx_leaf, 0,
wots_gen_leaf, tree_addr, &state_seeded);
wots_gen_leaf, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */
@@ -228,7 +228,7 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_verify(
uint32_t tree_addr[8] = {0};
uint32_t wots_pk_addr[8] = {0};

hash_state state_seeded;
hash_state hash_state_seeded;

if (siglen != SPX_BYTES) {
return -1;
@@ -237,7 +237,7 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_verify(
/* This hook allows the hash function instantiation to do whatever
preparation or computation it needs, based on the public seed. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_initialize_hash_function(
&state_seeded,
&hash_state_seeded,
pub_seed, NULL);

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_type(
@@ -250,7 +250,7 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_verify(
/* Derive the message digest and leaf index from R || PK || M. */
/* The additional SPX_N is a result of the hash domain separator. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_hash_message(
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &state_seeded);
mhash, &tree, &idx_leaf, sig, pk, m, mlen, &hash_state_seeded);
sig += SPX_N;

/* Layer correctly defaults to 0, so no need to set_layer_addr */
@@ -259,7 +259,7 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_verify(
wots_addr, idx_leaf);

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_fors_pk_from_sig(
root, sig, mhash, pub_seed, wots_addr, &state_seeded);
root, sig, mhash, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_FORS_BYTES;

/* For each subtree.. */
@@ -279,17 +279,17 @@ int PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_crypto_sign_verify(
/* Initially, root is the FORS pk, but on subsequent iterations it is
the root of the subtree below the currently processed subtree. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_pk_from_sig(
wots_pk, sig, root, pub_seed, wots_addr, &state_seeded);
wots_pk, sig, root, pub_seed, wots_addr, &hash_state_seeded);
sig += SPX_WOTS_BYTES;

/* Compute the leaf node using the WOTS public key. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_WOTS_LEN(
leaf, wots_pk, pub_seed, wots_pk_addr, &state_seeded);
leaf, wots_pk, pub_seed, wots_pk_addr, &hash_state_seeded);

/* Compute the root node of this subtree. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_compute_root(
root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT,
pub_seed, tree_addr, &state_seeded);
pub_seed, tree_addr, &hash_state_seeded);
sig += SPX_TREE_HEIGHT * SPX_N;

/* Update the indices for the next layer. */


+ 5
- 5
crypto_sign/sphincs-haraka-192s-simple/clean/thash.h Ver arquivo

@@ -2,26 +2,26 @@
#define SPX_THASH_H

#include <stdint.h>
#include "primitive.h"
#include "hash_state.h"

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 11
- 12
crypto_sign/sphincs-haraka-192s-simple/clean/thash_haraka_simple.c Ver arquivo

@@ -14,13 +14,12 @@ static void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash(
unsigned char *out, unsigned char *buf,
const unsigned char *in, unsigned int inblocks,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char outbuf[32];
unsigned char buf_tmp[64];

(void)pub_seed; /* Suppress an 'unused parameter' warning. */
(void)state_seeded;

if (inblocks == 1) {
/* F function */
@@ -29,7 +28,7 @@ static void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash(
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_addr_to_bytes(buf_tmp, addr);
memcpy(buf_tmp + SPX_ADDR_BYTES, in, SPX_N);

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka512(outbuf, buf_tmp, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka512(outbuf, buf_tmp, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
} else {
/* All other tweakable hashes*/
@@ -37,7 +36,7 @@ static void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash(
memcpy(buf + SPX_ADDR_BYTES, in, inblocks * SPX_N);

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_haraka_S(
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, state_seeded);
out, SPX_N, buf, SPX_ADDR_BYTES + inblocks * SPX_N, hash_state_seeded);
}
}

@@ -46,39 +45,39 @@ static void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash(
void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_1(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 1 * SPX_N];
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash(
out, buf, in, 1, pub_seed, addr, state_seeded);
out, buf, in, 1, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_2(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + 2 * SPX_N];
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash(
out, buf, in, 2, pub_seed, addr, state_seeded);
out, buf, in, 2, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_WOTS_LEN(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_WOTS_LEN * SPX_N];
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash(
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, state_seeded);
out, buf, in, SPX_WOTS_LEN, pub_seed, addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_FORS_TREES(
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned char buf[SPX_ADDR_BYTES + SPX_FORS_TREES * SPX_N];
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash(
out, buf, in, SPX_FORS_TREES, pub_seed, addr, state_seeded);
out, buf, in, SPX_FORS_TREES, pub_seed, addr, hash_state_seeded);
}

+ 15
- 15
crypto_sign/sphincs-haraka-192s-simple/clean/utils.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

@@ -43,7 +43,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;
unsigned char buffer[2 * SPX_N];

@@ -69,11 +69,11 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_compute_root(
/* Pick the right or left neighbor, depending on parity of the node. */
if (leaf_idx & 1) {
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_2(
buffer + SPX_N, buffer, pub_seed, addr, state_seeded);
buffer + SPX_N, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer, auth_path, SPX_N);
} else {
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_2(
buffer, buffer, pub_seed, addr, state_seeded);
buffer, buffer, pub_seed, addr, hash_state_seeded);
memcpy(buffer + SPX_N, auth_path, SPX_N);
}
auth_path += SPX_N;
@@ -86,7 +86,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_compute_root(
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_tree_index(
addr, leaf_idx + idx_offset);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_2(
root, buffer, pub_seed, addr, state_seeded);
root, buffer, pub_seed, addr, hash_state_seeded);
}

/**
@@ -107,9 +107,9 @@ static void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {

unsigned int offset = 0;
uint32_t idx;
@@ -119,7 +119,7 @@ static void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash(
/* Add the next leaf node to the stack. */
gen_leaf(stack + offset * SPX_N,
sk_seed, pub_seed, idx + idx_offset, tree_addr,
state_seeded);
hash_state_seeded);
offset++;
heights[offset - 1] = 0;

@@ -141,7 +141,7 @@ static void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash(
/* Hash the top-most nodes from the stack together. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_2(
stack + (offset - 2)*SPX_N, stack + (offset - 2)*SPX_N,
pub_seed, tree_addr, state_seeded);
pub_seed, tree_addr, hash_state_seeded);
offset--;
/* Note that the top-most node is now one layer higher. */
heights[offset - 1]++;
@@ -167,15 +167,15 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_FORS_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_FORS_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_FORS_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
@@ -187,13 +187,13 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded) {
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded) {

unsigned char stack[(SPX_TREE_HEIGHT + 1)*SPX_N];
unsigned int heights[SPX_TREE_HEIGHT + 1];

PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash(
root, auth_path, stack, heights, sk_seed, pub_seed,
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, state_seeded);
leaf_idx, idx_offset, SPX_TREE_HEIGHT, gen_leaf, tree_addr, hash_state_seeded);
}

+ 6
- 6
crypto_sign/sphincs-haraka-192s-simple/clean/utils.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_UTILS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stddef.h>
#include <stdint.h>

@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_compute_root(
uint32_t leaf_idx, uint32_t idx_offset,
const unsigned char *auth_path, uint32_t tree_height,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* For a given leaf index, computes the authentication path and the resulting
@@ -46,8 +46,8 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_FORS_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
unsigned char *root, unsigned char *auth_path,
@@ -58,7 +58,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_treehash_TREE_HEIGHT(
const unsigned char * /* sk_seed */,
const unsigned char * /* pub_seed */,
uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */,
hash_state * /* state_seeded */),
uint32_t tree_addr[8], hash_state *state_seeded);
const hash_state * /* hash_state_seeded */),
uint32_t tree_addr[8], const hash_state *hash_state_seeded);

#endif

+ 13
- 13
crypto_sign/sphincs-haraka-192s-simple/clean/wots.c Ver arquivo

@@ -4,7 +4,7 @@
#include "address.h"
#include "hash.h"
#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"
#include "wots.h"
@@ -19,12 +19,12 @@
*/
static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t wots_addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
/* Make sure that the hash address is actually zeroed. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_hash_addr(wots_addr, 0);

/* Generate sk element. */
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_prf_addr(sk, sk_seed, wots_addr, state_seeded);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_prf_addr(sk, sk_seed, wots_addr, hash_state_seeded);
}

/**
@@ -37,7 +37,7 @@ static void wots_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
static void gen_chain(unsigned char *out, const unsigned char *in,
unsigned int start, unsigned int steps,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

/* Initialize out with the value at position 'start'. */
@@ -47,7 +47,7 @@ static void gen_chain(unsigned char *out, const unsigned char *in,
for (i = start; i < (start + steps) && i < SPX_WOTS_W; i++) {
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_hash_addr(addr, i);
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_thash_1(
out, out, pub_seed, addr, state_seeded);
out, out, pub_seed, addr, hash_state_seeded);
}
}

@@ -113,14 +113,14 @@ static void chain_lengths(unsigned int *lengths, const unsigned char *msg) {
void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t i;

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, state_seeded);
wots_gen_sk(pk + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(pk + i * SPX_N, pk + i * SPX_N,
0, SPX_WOTS_W - 1, pub_seed, addr, state_seeded);
0, SPX_WOTS_W - 1, pub_seed, addr, hash_state_seeded);
}
}

@@ -130,7 +130,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded) {
uint32_t addr[8], const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -138,8 +138,8 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_sign(

for (i = 0; i < SPX_WOTS_LEN; i++) {
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_chain_addr(addr, i);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, state_seeded);
wots_gen_sk(sig + i * SPX_N, sk_seed, addr, hash_state_seeded);
gen_chain(sig + i * SPX_N, sig + i * SPX_N, 0, lengths[i], pub_seed, addr, hash_state_seeded);
}
}

@@ -152,7 +152,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned int lengths[SPX_WOTS_LEN];
uint32_t i;

@@ -162,6 +162,6 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_pk_from_sig(
PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_set_chain_addr(addr, i);
gen_chain(pk + i * SPX_N, sig + i * SPX_N,
lengths[i], SPX_WOTS_W - 1 - lengths[i], pub_seed, addr,
state_seeded);
hash_state_seeded);
}
}

+ 4
- 4
crypto_sign/sphincs-haraka-192s-simple/clean/wots.h Ver arquivo

@@ -2,7 +2,7 @@
#define SPX_WOTS_H

#include "params.h"
#include "primitive.h"
#include "hash_state.h"
#include <stdint.h>

/**
@@ -16,7 +16,7 @@
void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_gen_pk(
unsigned char *pk, const unsigned char *sk_seed,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

/**
* Takes a n-byte message and the 32-byte seed for the private key to compute a
@@ -25,7 +25,7 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_gen_pk(
void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_sign(
unsigned char *sig, const unsigned char *msg,
const unsigned char *sk_seed, const unsigned char *pub_seed,
uint32_t addr[8], hash_state *state_seeded);
uint32_t addr[8], const hash_state *hash_state_seeded);

/**
* Takes a WOTS signature and an n-byte message, computes a WOTS public key.
@@ -36,6 +36,6 @@ void PQCLEAN_SPHINCSHARAKA192SSIMPLE_CLEAN_wots_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *msg,
const unsigned char *pub_seed, uint32_t addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 16
- 16
crypto_sign/sphincs-haraka-256f-robust/clean/fors.c Ver arquivo

@@ -5,28 +5,28 @@
#include "address.h"
#include "fors.h"
#include "hash.h"
#include "primitive.h"
#include "hash_state.h"
#include "thash.h"
#include "utils.h"

static void fors_gen_sk(unsigned char *sk, const unsigned char *sk_seed,
uint32_t fors_leaf_addr[8], const hash_state *state_seeded) {
uint32_t fors_leaf_addr[8], const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_prf_addr(
sk, sk_seed, fors_leaf_addr, state_seeded);
sk, sk_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk,
const unsigned char *pub_seed,
uint32_t fors_leaf_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_thash_1(
leaf, sk, pub_seed, fors_leaf_addr, state_seeded);
leaf, sk, pub_seed, fors_leaf_addr, hash_state_seeded);
}

static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
const unsigned char *pub_seed,
uint32_t addr_idx, const uint32_t fors_tree_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t fors_leaf_addr[8] = {0};

/* Only copy the parts that must be kept in fors_leaf_addr. */
@@ -37,8 +37,8 @@ static void fors_gen_leaf(unsigned char *leaf, const unsigned char *sk_seed,
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_set_tree_index(
fors_leaf_addr, addr_idx);

fors_gen_sk(leaf, sk_seed, fors_leaf_addr, state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, state_seeded);
fors_gen_sk(leaf, sk_seed, fors_leaf_addr, hash_state_seeded);
fors_sk_to_leaf(leaf, leaf, pub_seed, fors_leaf_addr, hash_state_seeded);
}

/**
@@ -67,7 +67,7 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded) {
const uint32_t fors_addr[8], const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
uint32_t fors_tree_addr[8] = {0};
@@ -96,20 +96,20 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_fors_sign(
fors_tree_addr, indices[i] + idx_offset);

/* Include the secret key part that produces the selected leaf node. */
fors_gen_sk(sig, sk_seed, fors_tree_addr, state_seeded);
fors_gen_sk(sig, sk_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Compute the authentication path for this leaf node. */
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_treehash_FORS_HEIGHT(
roots + i * SPX_N, sig, sk_seed, pub_seed,
indices[i], idx_offset, fors_gen_leaf, fors_tree_addr,
state_seeded);
hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

/**
@@ -123,7 +123,7 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint32_t indices[SPX_FORS_TREES];
unsigned char roots[SPX_FORS_TREES * SPX_N];
unsigned char leaf[SPX_N];
@@ -153,17 +153,17 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_fors_pk_from_sig(
fors_tree_addr, indices[i] + idx_offset);

/* Derive the leaf from the included secret key part. */
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, state_seeded);
fors_sk_to_leaf(leaf, sig, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N;

/* Derive the corresponding root node of this tree. */
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_compute_root(
roots + i * SPX_N, leaf, indices[i], idx_offset, sig,
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, state_seeded);
SPX_FORS_HEIGHT, pub_seed, fors_tree_addr, hash_state_seeded);
sig += SPX_N * SPX_FORS_HEIGHT;
}

/* Hash horizontally across all tree roots to derive the public key. */
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_thash_FORS_TREES(
pk, roots, pub_seed, fors_pk_addr, state_seeded);
pk, roots, pub_seed, fors_pk_addr, hash_state_seeded);
}

+ 3
- 3
crypto_sign/sphincs-haraka-256f-robust/clean/fors.h Ver arquivo

@@ -4,7 +4,7 @@
#include <stdint.h>

#include "params.h"
#include "primitive.h"
#include "hash_state.h"

/**
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
@@ -14,7 +14,7 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_fors_sign(
unsigned char *sig, unsigned char *pk,
const unsigned char *m,
const unsigned char *sk_seed, const unsigned char *pub_seed,
const uint32_t fors_addr[8], hash_state *state_seeded);
const uint32_t fors_addr[8], const hash_state *hash_state_seeded);

/**
* Derives the FORS public key from a signature.
@@ -27,6 +27,6 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_fors_pk_from_sig(
unsigned char *pk,
const unsigned char *sig, const unsigned char *m,
const unsigned char *pub_seed, const uint32_t fors_addr[8],
hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 5
- 5
crypto_sign/sphincs-haraka-256f-robust/clean/hash.h Ver arquivo

@@ -1,29 +1,29 @@
#ifndef SPX_HASH_H
#define SPX_HASH_H

#include "primitive.h"
#include "hash_state.h"

#include <stddef.h>
#include <stdint.h>

void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed);

void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded);
const hash_state *hash_state_seeded);

#endif

+ 14
- 14
crypto_sign/sphincs-haraka-256f-robust/clean/hash_haraka.c Ver arquivo

@@ -9,9 +9,9 @@
#include "haraka.h"

void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_initialize_hash_function(
hash_state *state_seeded,
hash_state *hash_state_seeded,
const unsigned char *pub_seed, const unsigned char *sk_seed) {
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_tweak_constants(state_seeded, pub_seed, sk_seed, SPX_N);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, SPX_N);
}

/*
@@ -19,7 +19,7 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_initialize_hash_function(
*/
void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_prf_addr(
unsigned char *out, const unsigned char *key, const uint32_t addr[8],
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
unsigned char buf[SPX_ADDR_BYTES];
/* Since SPX_N may be smaller than 32, we need a temporary buffer. */
unsigned char outbuf[32];
@@ -27,7 +27,7 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_prf_addr(
(void)key; /* Suppress an 'unused parameter' warning. */

PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_addr_to_bytes(buf, addr);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka256_sk(outbuf, buf, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
memcpy(out, outbuf, SPX_N);
}

@@ -39,15 +39,15 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_gen_message_random(
unsigned char *R,
const unsigned char *sk_prf, const unsigned char *optrand,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, optrand, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_squeeze(R, SPX_N, s_inc, hash_state_seeded);
}

/**
@@ -59,7 +59,7 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_hash_message(
unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
const unsigned char *R, const unsigned char *pk,
const unsigned char *m, size_t mlen,
const hash_state *state_seeded) {
const hash_state *hash_state_seeded) {
#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1))
#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8)
#define SPX_LEAF_BITS SPX_TREE_HEIGHT
@@ -71,11 +71,11 @@ void PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_hash_message(
uint8_t s_inc[65];

PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_init(s_inc);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, R, SPX_N, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, pk, SPX_PK_BYTES, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_finalize(s_inc);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, state_seeded);
PQCLEAN_SPHINCSHARAKA256FROBUST_CLEAN_haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, hash_state_seeded);

memcpy(digest, bufp, SPX_FORS_MSG_BYTES);
bufp += SPX_FORS_MSG_BYTES;


Alguns arquivos não foram mostrados porque muitos arquivos mudaram nesse diff

Escrever Pré-visualização
Carregando…
Cancelar
Salvar