1 #include <stdint.h>
2 #include <string.h>
3
4 #include "address.h"
5 #include "haraka.h"
6 #include "hash.h"
7 #include "params.h"
8 #include "utils.h"
9
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(hash_state * hash_state_seeded,const unsigned char * pub_seed,const unsigned char * sk_seed)10 void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_initialize_hash_function(
11 hash_state *hash_state_seeded,
12 const unsigned char *pub_seed, const unsigned char *sk_seed) {
13 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_tweak_constants(hash_state_seeded, pub_seed, sk_seed, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N);
14 }
15
16 /* The haraka implementation is stack based and won't be replaced in PQClean/OQS,
17 so we don't need to do anything */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_destroy_hash_function(hash_state * hash_state_seeded)18 void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_destroy_hash_function(
19 hash_state *hash_state_seeded) { // NOLINT(readability-non-const-parameter)
20 (void)hash_state_seeded;
21 }
22
23 /*
24 * Computes PRF(key, addr), given a secret key of PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N bytes and an address
25 */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_prf_addr(unsigned char * out,const unsigned char * key,const uint32_t addr[8],const hash_state * hash_state_seeded)26 void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_prf_addr(
27 unsigned char *out, const unsigned char *key, const uint32_t addr[8],
28 const hash_state *hash_state_seeded) {
29 unsigned char buf[PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_ADDR_BYTES];
30 /* Since PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N may be smaller than 32, we need a temporary buffer. */
31 unsigned char outbuf[32];
32
33 (void)key; /* Suppress an 'unused parameter' warning. */
34
35 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_addr_to_bytes(buf, addr);
36 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka256_sk(outbuf, buf, hash_state_seeded);
37 memcpy(out, outbuf, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N);
38 }
39
40 /**
41 * Computes the message-dependent randomness R, using a secret seed and an
42 * optional randomization value as well as the message.
43 */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_gen_message_random(unsigned char * R,const unsigned char * sk_prf,const unsigned char * optrand,const unsigned char * m,size_t mlen,const hash_state * hash_state_seeded)44 void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_gen_message_random(
45 unsigned char *R,
46 const unsigned char *sk_prf, const unsigned char *optrand,
47 const unsigned char *m, size_t mlen,
48 const hash_state *hash_state_seeded) {
49 uint8_t s_inc[65];
50
51 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
52 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, sk_prf, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N, hash_state_seeded);
53 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, optrand, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N, hash_state_seeded);
54 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
55 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
56 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_squeeze(R, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N, s_inc, hash_state_seeded);
57 }
58
59 /**
60 * Computes the message hash using R, the public key, and the message.
61 * Outputs the message digest and the index of the leaf. The index is split in
62 * the tree index and the leaf index, for convenient copying to an address.
63 */
PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_hash_message(unsigned char * digest,uint64_t * tree,uint32_t * leaf_idx,const unsigned char * R,const unsigned char * pk,const unsigned char * m,size_t mlen,const hash_state * hash_state_seeded)64 void PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_hash_message(
65 unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx,
66 const unsigned char *R, const unsigned char *pk,
67 const unsigned char *m, size_t mlen,
68 const hash_state *hash_state_seeded) {
69 #define PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_BITS (PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_HEIGHT * (PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_D - 1))
70 #define PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_BYTES ((PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_BITS + 7) / 8)
71 #define PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_LEAF_BITS PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_HEIGHT
72 #define PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_LEAF_BYTES ((PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_LEAF_BITS + 7) / 8)
73 #define PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_DGST_BYTES (PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_FORS_MSG_BYTES + PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_BYTES + PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_LEAF_BYTES)
74
75 unsigned char buf[PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_DGST_BYTES];
76 unsigned char *bufp = buf;
77 uint8_t s_inc[65];
78
79 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_init(s_inc);
80 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, R, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N, hash_state_seeded);
81 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, pk + PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_N, hash_state_seeded);
82 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_absorb(s_inc, m, mlen, hash_state_seeded);
83 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_finalize(s_inc);
84 PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_haraka_S_inc_squeeze(buf, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_DGST_BYTES, s_inc, hash_state_seeded);
85
86 memcpy(digest, bufp, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_FORS_MSG_BYTES);
87 bufp += PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_FORS_MSG_BYTES;
88
89 *tree = PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_bytes_to_ull(bufp, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_BYTES);
90 *tree &= (~(uint64_t)0) >> (64 - PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_BITS);
91 bufp += PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_TREE_BYTES;
92
93 *leaf_idx = (uint32_t)PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_bytes_to_ull(
94 bufp, PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_LEAF_BYTES);
95 *leaf_idx &= (~(uint32_t)0) >> (32 - PQCLEAN_SPHINCSHARAKA192FSIMPLE_CLEAN_LEAF_BITS);
96 }
97