diff --git a/common/sha2.c b/common/sha2.c index cc42f760..c7214345 100644 --- a/common/sha2.c +++ b/common/sha2.c @@ -4,6 +4,7 @@ #include #include +#include #include "sha2.h" @@ -528,6 +529,22 @@ void sha512_inc_init(sha512ctx *state) { } } +void sha224_inc_clone_state(sha224ctx *stateout, const sha224ctx *statein) { + memcpy(stateout, statein, sizeof(sha224ctx)); +} + +void sha256_inc_clone_state(sha256ctx *stateout, const sha256ctx *statein) { + memcpy(stateout, statein, sizeof(sha256ctx)); +} + +void sha384_inc_clone_state(sha384ctx *stateout, const sha384ctx *statein) { + memcpy(stateout, statein, sizeof(sha384ctx)); +} + +void sha512_inc_clone_state(sha512ctx *stateout, const sha512ctx *statein) { + memcpy(stateout, statein, sizeof(sha512ctx)); +} + void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks) { uint64_t bytes = load_bigendian_64(state->ctx + 32); diff --git a/common/sha2.h b/common/sha2.h index 618683ef..b7334810 100644 --- a/common/sha2.h +++ b/common/sha2.h @@ -25,21 +25,25 @@ typedef struct { } sha512ctx; void sha224_inc_init(sha224ctx *state); +void sha224_inc_clone_state(sha224ctx *stateout, const sha224ctx *statein); void sha224_inc_blocks(sha224ctx *state, const uint8_t *in, size_t inblocks); void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size_t inlen); void sha224(uint8_t *out, const uint8_t *in, size_t inlen); void sha256_inc_init(sha256ctx *state); +void sha256_inc_clone_state(sha256ctx *stateout, const sha256ctx *statein); void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks); void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen); void sha256(uint8_t *out, const uint8_t *in, size_t inlen); void sha384_inc_init(sha384ctx *state); +void sha384_inc_clone_state(sha384ctx *stateout, const sha384ctx *statein); void sha384_inc_blocks(sha384ctx *state, const uint8_t *in, size_t inblocks); void sha384_inc_finalize(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen); void sha384(uint8_t *out, const uint8_t *in, size_t inlen); void sha512_inc_init(sha512ctx *state); +void sha512_inc_clone_state(sha512ctx *stateout, const sha512ctx *statein); void sha512_inc_blocks(sha512ctx *state, const uint8_t *in, size_t inblocks); void sha512_inc_finalize(uint8_t *out, sha512ctx *state, const uint8_t *in, size_t inlen); void sha512(uint8_t *out, const uint8_t *in, size_t inlen); diff --git a/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c index ceea98dd..2234de81 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c index 757017f8..982e8f75 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c index eeea86cb..14062b65 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c index 17bf47c2..038bfe11 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c index fab005e0..d25fcce2 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c index f45671e6..964e6aa7 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c index 3478bb7a..6c9ec592 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c index 89735cc0..e889d7c5 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c index 04dc532b..2306390a 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c index 250308f1..d7fe8df3 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c index 9601ee62..1211b6fb 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c index 9a20129b..8f92638b 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N);