1
1
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-30 03:11:43 +00:00
pqcrypto/crypto_sign/sphincs-haraka-256f-robust/aesni/utilsx4.c
Thom Wiggers facb527c7c SPHINCS+ optimized implementations (#253)
* Add state destroy to SHA2 API

* Include optimized SPHINCS+ implementations

I've generated new implementations from the sphincsplus repository.

* Don't destroy sha256ctx after finalize

* Attempt to shut up MSVC

* Make sure to drop errors in rmtree
2021-03-24 21:02:45 +00:00

99 lines
9.3 KiB
C

#include "address.h"
#include "params.h"
#include "thashx4.h"
#include "utils.h"
#include "utilsx4.h"
#include <string.h>
/**
* For a given leaf index, computes the authentication path and the resulting
* root node using Merkle's TreeHash algorithm.
* Expects the layer and tree parts of the tree_addr to be set, as well as the
* tree type (i.e. PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_ADDR_TYPE_HASHTREE or PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_ADDR_TYPE_FORSTREE).
* Applies the offset idx_offset to indices before building addresses, so that
* it is possible to continue counting indices across trees.
*/
#define treehashx4_variant(name, tree_height) \
void PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_treehashx4_##name( \
unsigned char *rootx4, unsigned char *auth_pathx4, const unsigned char *sk_seed, \
const unsigned char *pub_seed, const uint32_t leaf_idx[4], uint32_t idx_offset[4], \
void (*gen_leafx4)(unsigned char * /* leaf0 */, unsigned char * /* leaf1 */, \
unsigned char * /* leaf2 */, unsigned char * /* leaf3 */, \
const unsigned char * /* sk_seed */, \
const unsigned char * /* pub_seed */, uint32_t /* addr_idx0 */, \
uint32_t /* addr_idx1 */, uint32_t /* addr_idx2 */, \
uint32_t /* addr_idx3 */, const uint32_t[8] /* tree_addr */, \
const hash_state * /* state_seeded */), \
uint32_t tree_addrx4[4 * 8], const hash_state *state_seeded) { \
unsigned char stackx4[4 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N]; \
unsigned int heights[(tree_height) + 1]; \
unsigned int offset = 0; \
uint32_t idx; \
uint32_t tree_idx; \
unsigned int j; \
\
for (idx = 0; idx < (uint32_t)(1 << (tree_height)); idx++) { \
/* Add the next leaf node to the stack. */ \
gen_leafx4(stackx4 + 0 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + offset * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 1 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + offset * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 2 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + offset * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 3 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + offset * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, sk_seed, \
pub_seed, idx + idx_offset[0], idx + idx_offset[1], idx + idx_offset[2], \
idx + idx_offset[3], tree_addrx4, state_seeded); \
offset++; \
heights[offset - 1] = 0; \
\
/* If this is a node we need for the auth path.. */ \
for (j = 0; j < 4; j++) { \
if ((leaf_idx[j] ^ 0x1) == idx) { \
memcpy(auth_pathx4 + j * (tree_height)*PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + j * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N); \
} \
} \
\
/* While the top-most nodes are of equal height.. */ \
while (offset >= 2 && heights[offset - 1] == heights[offset - 2]) { \
/* Compute index of the new node, in the next layer. */ \
tree_idx = (idx >> (heights[offset - 1] + 1)); \
\
/* Set the address of the node we're creating. */ \
for (j = 0; j < 4; j++) { \
PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_set_tree_height(tree_addrx4 + j * 8, heights[offset - 1] + 1); \
PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_set_tree_index(tree_addrx4 + j * 8, \
tree_idx + (idx_offset[j] >> (heights[offset - 1] + 1))); \
} \
/* Hash the top-most nodes from the stack together. */ \
PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_thashx4_2(stackx4 + 0 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 2) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 1 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 2) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 2 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 2) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 3 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 2) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 0 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 2) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 1 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 2) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 2 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 2) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + 3 * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 2) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
pub_seed, tree_addrx4, state_seeded); \
offset--; \
/* Note that the top-most node is now one layer higher. */ \
heights[offset - 1]++; \
\
/* If this is a node we need for the auth path.. */ \
for (j = 0; j < 4; j++) { \
if (((leaf_idx[j] >> heights[offset - 1]) ^ 0x1) == tree_idx) { \
memcpy(auth_pathx4 + j * (tree_height)*PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + \
heights[offset - 1] * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
stackx4 + j * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N + (offset - 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, \
PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N); \
} \
} \
} \
} \
\
for (j = 0; j < 4; j++) { \
memcpy(rootx4 + j * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, stackx4 + j * ((tree_height) + 1) * PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N, PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_N); \
} \
}
treehashx4_variant(FORS_HEIGHT, PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_FORS_HEIGHT)