kris
/
pqcrypto
mirror of https://github.com/henrydcase/pqc.git
1
1
Fork 0
Code Issues 1 Releases 2 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
916 Commits
9 Branches
121 MiB
 
 
 
Tree: 8a372ad2e8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8a372ad2e8'
${ noResults }
pqcrypto/crypto_sign/sphincs-sha256-256f-simple/avx2/sha256.c

72 lines
3.1 KiB
Raw Blame History 

  1. /* Based on the public domain implementation in

  2.  * crypto_hash/sha512/ref/ from http://bench.cr.yp.to/supercop.html

  3.  * by D. J. Bernstein */

  4. 

  5. #include <stddef.h>

  6. #include <stdint.h>

  7. #include <string.h>

  8. 

  9. #include "sha2.h"

  10. #include "sha256.h"

  11. #include "utils.h"

  12. 

  13. /*

  14.  * Compresses an address to a 22-byte sequence.

  15.  * This reduces the number of required SHA256 compression calls, as the last

  16.  * block of input is padded with at least 65 bits.

  17.  */

  18. void PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_compress_address(unsigned char *out, const uint32_t addr[8]) {

  19.     PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(out,      1, addr[0]); /* drop 3 bytes of the layer field */

  20.     PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(out + 1,  4, addr[2]); /* drop the highest tree address word */

  21.     PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(out + 5,  4, addr[3]);

  22.     PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(out + 9,  1, addr[4]); /* drop 3 bytes of the type field */

  23.     PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(out + 10, 4, addr[5]);

  24.     PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(out + 14, 4, addr[6]);

  25.     PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(out + 18, 4, addr[7]);

  26. }

  27. 

  28. /**

  29.  * Requires 'input_plus_four_bytes' to have 'inlen' + 4 bytes, so that the last

  30.  * four bytes can be used for the counter. Typically 'input' is merely a seed.

  31.  * Outputs outlen number of bytes

  32.  */

  33. void PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_mgf1(

  34.     unsigned char *out, unsigned long outlen,

  35.     unsigned char *input_plus_four_bytes, unsigned long inlen) {

  36.     unsigned char outbuf[PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_SHA256_OUTPUT_BYTES];

  37.     unsigned long i;

  38. 

  39.     /* While we can fit in at least another full block of SHA256 output.. */

  40.     for (i = 0; (i + 1)*PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_SHA256_OUTPUT_BYTES <= outlen; i++) {

  41.         PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(input_plus_four_bytes + inlen, 4, i);

  42.         sha256(out, input_plus_four_bytes, inlen + 4);

  43.         out += PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_SHA256_OUTPUT_BYTES;

  44.     }

  45.     /* Until we cannot anymore, and we fill the remainder. */

  46.     if (outlen > i * PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_SHA256_OUTPUT_BYTES) {

  47.         PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_ull_to_bytes(input_plus_four_bytes + inlen, 4, i);

  48.         sha256(outbuf, input_plus_four_bytes, inlen + 4);

  49.         memcpy(out, outbuf, outlen - i * PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_SHA256_OUTPUT_BYTES);

  50.     }

  51. }

  52. 

  53. 

  54. /**

  55.  * Absorb the constant pub_seed using one round of the compression function

  56.  * This initializes hash_state_seeded, which can then be reused in thash

  57.  **/

  58. void PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_seed_state(sha256ctx *hash_state_seeded, const unsigned char *pub_seed) {

  59.     uint8_t block[PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_SHA256_BLOCK_BYTES];

  60.     size_t i;

  61. 

  62.     for (i = 0; i < PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_N; ++i) {

  63.         block[i] = pub_seed[i];

  64.     }

  65.     for (i = PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_N; i < PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_SHA256_BLOCK_BYTES; ++i) {

  66.         block[i] = 0;

  67.     }

  68. 

  69.     sha256_inc_init(hash_state_seeded);

  70.     sha256_inc_blocks(hash_state_seeded, block, 1);

  71. }