From 6461896475ad6cd556a0ccb8a779c10867ca40f8 Mon Sep 17 00:00:00 2001 From: Douglas Stebila Date: Wed, 17 Jul 2019 22:42:51 -0400 Subject: [PATCH 1/3] Add abstract state duplication for SHA256 incremental hashing API --- common/sha2.c | 5 +++++ common/sha2.h | 1 + .../sphincs-sha256-128f-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-128f-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-128s-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-128s-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-192f-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-192f-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-192s-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-192s-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-256f-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-256f-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-256s-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-256s-simple/clean/thash_sha256_simple.c | 2 +- 14 files changed, 18 insertions(+), 12 deletions(-) diff --git a/common/sha2.c b/common/sha2.c index cc42f760..47bc62fc 100644 --- a/common/sha2.c +++ b/common/sha2.c @@ -4,6 +4,7 @@ #include #include +#include #include "sha2.h" @@ -528,6 +529,10 @@ void sha512_inc_init(sha512ctx *state) { } } +void sha256_inc_dupe_state(sha256ctx *stateout, const sha256ctx *statein) { + memcpy(stateout, statein, sizeof(sha256ctx)); +} + void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks) { uint64_t bytes = load_bigendian_64(state->ctx + 32); diff --git a/common/sha2.h b/common/sha2.h index 618683ef..540034d5 100644 --- a/common/sha2.h +++ b/common/sha2.h @@ -30,6 +30,7 @@ void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size void sha224(uint8_t *out, const uint8_t *in, size_t inlen); void sha256_inc_init(sha256ctx *state); +void sha256_inc_dupe_state(sha256ctx *stateout, const sha256ctx *statein); void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks); void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen); void sha256(uint8_t *out, const uint8_t *in, size_t inlen); diff --git a/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c index ceea98dd..b07ae586 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c index 757017f8..137f4f7e 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c index eeea86cb..5716ee51 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c index 17bf47c2..9a5f8371 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c index fab005e0..54d218bc 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c index f45671e6..ad4a9f39 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c index 3478bb7a..043f17ee 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c index 89735cc0..7e150cc6 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c index 04dc532b..9cbd681c 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c index 250308f1..9937ca10 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c index 9601ee62..010d58b0 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c index 9a20129b..338b1d9b 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - memcpy(&sha2_state, hash_state_seeded, sizeof(sha256ctx)); + sha256_inc_dupe_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); From 4d7e5886c9233985a6cf4e158cf2c0578219ea35 Mon Sep 17 00:00:00 2001 From: Douglas Stebila Date: Tue, 30 Jul 2019 13:23:22 -0400 Subject: [PATCH 2/3] Rename dupe to clone --- common/sha2.c | 2 +- common/sha2.h | 2 +- .../sphincs-sha256-128f-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-128f-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-128s-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-128s-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-192f-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-192f-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-192s-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-192s-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-256f-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-256f-simple/clean/thash_sha256_simple.c | 2 +- .../sphincs-sha256-256s-robust/clean/thash_sha256_robust.c | 2 +- .../sphincs-sha256-256s-simple/clean/thash_sha256_simple.c | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/common/sha2.c b/common/sha2.c index 47bc62fc..82accc08 100644 --- a/common/sha2.c +++ b/common/sha2.c @@ -529,7 +529,7 @@ void sha512_inc_init(sha512ctx *state) { } } -void sha256_inc_dupe_state(sha256ctx *stateout, const sha256ctx *statein) { +void sha256_inc_clone_state(sha256ctx *stateout, const sha256ctx *statein) { memcpy(stateout, statein, sizeof(sha256ctx)); } diff --git a/common/sha2.h b/common/sha2.h index 540034d5..b6bdd6a6 100644 --- a/common/sha2.h +++ b/common/sha2.h @@ -30,7 +30,7 @@ void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size void sha224(uint8_t *out, const uint8_t *in, size_t inlen); void sha256_inc_init(sha256ctx *state); -void sha256_inc_dupe_state(sha256ctx *stateout, const sha256ctx *statein); +void sha256_inc_clone_state(sha256ctx *stateout, const sha256ctx *statein); void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks); void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen); void sha256(uint8_t *out, const uint8_t *in, size_t inlen); diff --git a/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c index b07ae586..2234de81 100644 --- a/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-128f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256128FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c index 137f4f7e..982e8f75 100644 --- a/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-128f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256128FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c index 5716ee51..14062b65 100644 --- a/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-128s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256128SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c index 9a5f8371..038bfe11 100644 --- a/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-128s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256128SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c index 54d218bc..d25fcce2 100644 --- a/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-192f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256192FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c index ad4a9f39..964e6aa7 100644 --- a/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-192f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256192FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c index 043f17ee..6c9ec592 100644 --- a/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-192s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256192SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c index 7e150cc6..e889d7c5 100644 --- a/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-192s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256192SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c index 9cbd681c..2306390a 100644 --- a/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-256f-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c index 9937ca10..d7fe8df3 100644 --- a/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-256f-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256256FSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); diff --git a/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c b/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c index 010d58b0..1211b6fb 100644 --- a/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c +++ b/crypto_sign/sphincs-sha256-256s-robust/clean/thash_sha256_robust.c @@ -28,7 +28,7 @@ static void PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_thash( PQCLEAN_SPHINCSSHA256256SROBUST_CLEAN_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); for (i = 0; i < inblocks * SPX_N; i++) { buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; diff --git a/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c b/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c index 338b1d9b..8f92638b 100644 --- a/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c +++ b/crypto_sign/sphincs-sha256-256s-simple/clean/thash_sha256_simple.c @@ -23,7 +23,7 @@ static void PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_thash( (void)pub_seed; /* Suppress an 'unused parameter' warning. */ /* Retrieve precomputed state containing pub_seed */ - sha256_inc_dupe_state(&sha2_state, hash_state_seeded); + sha256_inc_clone_state(&sha2_state, hash_state_seeded); PQCLEAN_SPHINCSSHA256256SSIMPLE_CLEAN_compress_address(buf, addr); memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); From b70216eb8df521bb7e6770509eb2a0059f16f244 Mon Sep 17 00:00:00 2001 From: Douglas Stebila Date: Tue, 30 Jul 2019 13:25:23 -0400 Subject: [PATCH 3/3] Implement state clone for rest of SHA-2 incremental API --- common/sha2.c | 12 ++++++++++++ common/sha2.h | 3 +++ 2 files changed, 15 insertions(+) diff --git a/common/sha2.c b/common/sha2.c index 82accc08..c7214345 100644 --- a/common/sha2.c +++ b/common/sha2.c @@ -529,10 +529,22 @@ void sha512_inc_init(sha512ctx *state) { } } +void sha224_inc_clone_state(sha224ctx *stateout, const sha224ctx *statein) { + memcpy(stateout, statein, sizeof(sha224ctx)); +} + void sha256_inc_clone_state(sha256ctx *stateout, const sha256ctx *statein) { memcpy(stateout, statein, sizeof(sha256ctx)); } +void sha384_inc_clone_state(sha384ctx *stateout, const sha384ctx *statein) { + memcpy(stateout, statein, sizeof(sha384ctx)); +} + +void sha512_inc_clone_state(sha512ctx *stateout, const sha512ctx *statein) { + memcpy(stateout, statein, sizeof(sha512ctx)); +} + void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks) { uint64_t bytes = load_bigendian_64(state->ctx + 32); diff --git a/common/sha2.h b/common/sha2.h index b6bdd6a6..b7334810 100644 --- a/common/sha2.h +++ b/common/sha2.h @@ -25,6 +25,7 @@ typedef struct { } sha512ctx; void sha224_inc_init(sha224ctx *state); +void sha224_inc_clone_state(sha224ctx *stateout, const sha224ctx *statein); void sha224_inc_blocks(sha224ctx *state, const uint8_t *in, size_t inblocks); void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size_t inlen); void sha224(uint8_t *out, const uint8_t *in, size_t inlen); @@ -36,11 +37,13 @@ void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size void sha256(uint8_t *out, const uint8_t *in, size_t inlen); void sha384_inc_init(sha384ctx *state); +void sha384_inc_clone_state(sha384ctx *stateout, const sha384ctx *statein); void sha384_inc_blocks(sha384ctx *state, const uint8_t *in, size_t inblocks); void sha384_inc_finalize(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen); void sha384(uint8_t *out, const uint8_t *in, size_t inlen); void sha512_inc_init(sha512ctx *state); +void sha512_inc_clone_state(sha512ctx *stateout, const sha512ctx *statein); void sha512_inc_blocks(sha512ctx *state, const uint8_t *in, size_t inblocks); void sha512_inc_finalize(uint8_t *out, sha512ctx *state, const uint8_t *in, size_t inlen); void sha512(uint8_t *out, const uint8_t *in, size_t inlen);