From 8e395138b3aabd7e4685866319076de30c3480d5 Mon Sep 17 00:00:00 2001 From: Marius Arvinte Date: Sat, 30 May 2026 17:50:15 -0700 Subject: [PATCH 1/7] Release 2026.5.patch1 (#866) # :balloon: Minor Updates - Adds three canonical examples in `examples/template` - Cleans up some deprecated test fixtures for consolidation --- examples/hello_world/test_vectors/test.json | 7 -- .../hello_world/test_case/CMakeLists.txt | 0 .../hello_world/test_case/include/constants.h | 0 .../hello_world/test_case/src/main.c | 0 .../hello_world_lib/test_case/CMakeLists.txt | 13 +++ .../test_case/include/constants.h | 14 +++ .../hello_world_lib/test_case/src/hello.c | 20 +++++ .../hello_world_preset/CMakeLists.txt | 8 ++ .../hello_world_preset/CMakePresets.json | 30 +++++++ .../test_case/CMakeLists.txt | 5 ++ .../test_case/app/CMakeLists.txt | 2 + .../test_case/app/src/main.c | 12 +++ .../test_case/lib/CMakeLists.txt | 2 + .../test_case/lib/include/hello.h | 12 +++ .../test_case/lib/src/hello.c | 24 +++++ .../test_case/CMakeLists.txt | 18 ---- .../isystem_inline_dep/test_case/ext/bridge.h | 8 -- .../isystem_inline_dep/test_case/ext/caller.c | 19 ---- .../isystem_inline_dep/test_case/main.c | 10 --- .../isystem_inline_dep/test_case/util/alloc.h | 10 --- .../isystem_inline_dep/test_case/util/user.c | 6 -- .../test_case/xdiff/bridge.h | 8 -- .../test_case/xdiff/caller.c | 19 ---- .../scc_ordering_bug/test_case/CMakeLists.txt | 17 ---- .../scc_ordering_bug/test_case/include/fwd.h | 13 --- .../test_case/include/header.h | 15 ---- .../scc_ordering_bug/test_case/src/caller.c | 5 -- .../scc_ordering_bug/test_case/src/main.c | 9 -- .../scc_ordering_bug/test_case/src/state.c | 8 -- .../typedef_cross_tu/test_case/CMakeLists.txt | 16 ---- .../test_case/include/types.h | 4 - .../typedef_cross_tu/test_case/src/a.c | 17 ---- .../typedef_cross_tu/test_case/src/b.c | 5 -- .../typedef_cross_tu/test_case/src/c.c | 10 --- .../typedef_cross_tu/test_vectors/test.json | 8 -- test/test_consolidate.py | 88 ++----------------- 36 files changed, 149 insertions(+), 313 deletions(-) delete mode 100644 examples/hello_world/test_vectors/test.json rename examples/{ => templates}/hello_world/test_case/CMakeLists.txt (100%) rename examples/{ => templates}/hello_world/test_case/include/constants.h (100%) rename examples/{ => templates}/hello_world/test_case/src/main.c (100%) create mode 100644 examples/templates/hello_world_lib/test_case/CMakeLists.txt create mode 100644 examples/templates/hello_world_lib/test_case/include/constants.h create mode 100644 examples/templates/hello_world_lib/test_case/src/hello.c create mode 100644 examples/templates/hello_world_preset/CMakeLists.txt create mode 100644 examples/templates/hello_world_preset/CMakePresets.json create mode 100644 examples/templates/hello_world_preset/test_case/CMakeLists.txt create mode 100644 examples/templates/hello_world_preset/test_case/app/CMakeLists.txt create mode 100644 examples/templates/hello_world_preset/test_case/app/src/main.c create mode 100644 examples/templates/hello_world_preset/test_case/lib/CMakeLists.txt create mode 100644 examples/templates/hello_world_preset/test_case/lib/include/hello.h create mode 100644 examples/templates/hello_world_preset/test_case/lib/src/hello.c delete mode 100644 test/fixtures/isystem_inline_dep/test_case/CMakeLists.txt delete mode 100644 test/fixtures/isystem_inline_dep/test_case/ext/bridge.h delete mode 100644 test/fixtures/isystem_inline_dep/test_case/ext/caller.c delete mode 100644 test/fixtures/isystem_inline_dep/test_case/main.c delete mode 100644 test/fixtures/isystem_inline_dep/test_case/util/alloc.h delete mode 100644 test/fixtures/isystem_inline_dep/test_case/util/user.c delete mode 100644 test/fixtures/isystem_inline_dep/test_case/xdiff/bridge.h delete mode 100644 test/fixtures/isystem_inline_dep/test_case/xdiff/caller.c delete mode 100644 test/fixtures/scc_ordering_bug/test_case/CMakeLists.txt delete mode 100644 test/fixtures/scc_ordering_bug/test_case/include/fwd.h delete mode 100644 test/fixtures/scc_ordering_bug/test_case/include/header.h delete mode 100644 test/fixtures/scc_ordering_bug/test_case/src/caller.c delete mode 100644 test/fixtures/scc_ordering_bug/test_case/src/main.c delete mode 100644 test/fixtures/scc_ordering_bug/test_case/src/state.c delete mode 100644 test/fixtures/typedef_cross_tu/test_case/CMakeLists.txt delete mode 100644 test/fixtures/typedef_cross_tu/test_case/include/types.h delete mode 100644 test/fixtures/typedef_cross_tu/test_case/src/a.c delete mode 100644 test/fixtures/typedef_cross_tu/test_case/src/b.c delete mode 100644 test/fixtures/typedef_cross_tu/test_case/src/c.c delete mode 100644 test/fixtures/typedef_cross_tu/test_vectors/test.json diff --git a/examples/hello_world/test_vectors/test.json b/examples/hello_world/test_vectors/test.json deleted file mode 100644 index 09d7944..0000000 --- a/examples/hello_world/test_vectors/test.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "argv": [], - "stdin": "", - "stdout": { - "pattern": "*****\nHello World!\n*****" - } -} diff --git a/examples/hello_world/test_case/CMakeLists.txt b/examples/templates/hello_world/test_case/CMakeLists.txt similarity index 100% rename from examples/hello_world/test_case/CMakeLists.txt rename to examples/templates/hello_world/test_case/CMakeLists.txt diff --git a/examples/hello_world/test_case/include/constants.h b/examples/templates/hello_world/test_case/include/constants.h similarity index 100% rename from examples/hello_world/test_case/include/constants.h rename to examples/templates/hello_world/test_case/include/constants.h diff --git a/examples/hello_world/test_case/src/main.c b/examples/templates/hello_world/test_case/src/main.c similarity index 100% rename from examples/hello_world/test_case/src/main.c rename to examples/templates/hello_world/test_case/src/main.c diff --git a/examples/templates/hello_world_lib/test_case/CMakeLists.txt b/examples/templates/hello_world_lib/test_case/CMakeLists.txt new file mode 100644 index 0000000..fc35e57 --- /dev/null +++ b/examples/templates/hello_world_lib/test_case/CMakeLists.txt @@ -0,0 +1,13 @@ +# +# Copyright (C) 2026 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +cmake_minimum_required(VERSION 3.10) +cmake_path(GET CMAKE_CURRENT_SOURCE_DIR PARENT_PATH parent) +cmake_path(GET parent FILENAME project_name) +project(${project_name}) + +add_library(${project_name} SHARED src/hello.c) +target_include_directories(${project_name} PUBLIC include) diff --git a/examples/templates/hello_world_lib/test_case/include/constants.h b/examples/templates/hello_world_lib/test_case/include/constants.h new file mode 100644 index 0000000..c93b448 --- /dev/null +++ b/examples/templates/hello_world_lib/test_case/include/constants.h @@ -0,0 +1,14 @@ +// +// Copyright (C) 2026 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +#ifndef CONSTANTS_H +#define CONSTANTS_H + +#define GREETING "Hello World!" +#define BORDER_CHAR '*' +#define BORDER_LENGTH 5 + +#endif diff --git a/examples/templates/hello_world_lib/test_case/src/hello.c b/examples/templates/hello_world_lib/test_case/src/hello.c new file mode 100644 index 0000000..801cc4a --- /dev/null +++ b/examples/templates/hello_world_lib/test_case/src/hello.c @@ -0,0 +1,20 @@ +// +// Copyright (C) 2026 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +#include +#include "constants.h" + +void hello_print(void) { + for (int i = 0; i < BORDER_LENGTH; i++) { + printf("%c", BORDER_CHAR); + } + + printf("\n%s\n", GREETING); + + for (int i = 0; i < BORDER_LENGTH; i++) { + printf("%c", BORDER_CHAR); + } +} diff --git a/examples/templates/hello_world_preset/CMakeLists.txt b/examples/templates/hello_world_preset/CMakeLists.txt new file mode 100644 index 0000000..4d5706e --- /dev/null +++ b/examples/templates/hello_world_preset/CMakeLists.txt @@ -0,0 +1,8 @@ +cmake_minimum_required(VERSION 3.19) +project(ci_wrapper) + +set(CMAKE_RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}") +set(CMAKE_LIBRARY_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}") +set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}") + +add_subdirectory(test_case) diff --git a/examples/templates/hello_world_preset/CMakePresets.json b/examples/templates/hello_world_preset/CMakePresets.json new file mode 100644 index 0000000..b97115c --- /dev/null +++ b/examples/templates/hello_world_preset/CMakePresets.json @@ -0,0 +1,30 @@ +{ + "version": 6, + "cmakeMinimumRequired": { + "major": 3, + "minor": 19, + "patch": 0 + }, + "configurePresets": [ + { + "name": "base", + "hidden": true, + "generator": "Ninja", + "binaryDir": "build-ninja", + "cacheVariables": { + "CMAKE_C_STANDARD": "99", + "CMAKE_BUILD_TYPE": "Release" + } + }, + { + "name": "test", + "inherits": "base" + } + ], + "buildPresets": [ + { + "name": "test", + "configurePreset": "test" + } + ] +} diff --git a/examples/templates/hello_world_preset/test_case/CMakeLists.txt b/examples/templates/hello_world_preset/test_case/CMakeLists.txt new file mode 100644 index 0000000..80ff95a --- /dev/null +++ b/examples/templates/hello_world_preset/test_case/CMakeLists.txt @@ -0,0 +1,5 @@ +cmake_minimum_required(VERSION 3.10) +project(hello_world_preset C) + +add_subdirectory(lib) +add_subdirectory(app) diff --git a/examples/templates/hello_world_preset/test_case/app/CMakeLists.txt b/examples/templates/hello_world_preset/test_case/app/CMakeLists.txt new file mode 100644 index 0000000..984ae00 --- /dev/null +++ b/examples/templates/hello_world_preset/test_case/app/CMakeLists.txt @@ -0,0 +1,2 @@ +add_executable(hello_world src/main.c) +target_link_libraries(hello_world PRIVATE hello_world_lib) diff --git a/examples/templates/hello_world_preset/test_case/app/src/main.c b/examples/templates/hello_world_preset/test_case/app/src/main.c new file mode 100644 index 0000000..6f4feb8 --- /dev/null +++ b/examples/templates/hello_world_preset/test_case/app/src/main.c @@ -0,0 +1,12 @@ +// +// Copyright (C) 2026 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +#include "hello.h" + +int main(void) { + hello_print(); + return 0; +} diff --git a/examples/templates/hello_world_preset/test_case/lib/CMakeLists.txt b/examples/templates/hello_world_preset/test_case/lib/CMakeLists.txt new file mode 100644 index 0000000..b558f79 --- /dev/null +++ b/examples/templates/hello_world_preset/test_case/lib/CMakeLists.txt @@ -0,0 +1,2 @@ +add_library(hello_world_lib SHARED src/hello.c) +target_include_directories(hello_world_lib PUBLIC include) diff --git a/examples/templates/hello_world_preset/test_case/lib/include/hello.h b/examples/templates/hello_world_preset/test_case/lib/include/hello.h new file mode 100644 index 0000000..6fba946 --- /dev/null +++ b/examples/templates/hello_world_preset/test_case/lib/include/hello.h @@ -0,0 +1,12 @@ +// +// Copyright (C) 2026 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +#ifndef HELLO_H +#define HELLO_H + +void hello_print(void); + +#endif diff --git a/examples/templates/hello_world_preset/test_case/lib/src/hello.c b/examples/templates/hello_world_preset/test_case/lib/src/hello.c new file mode 100644 index 0000000..21ace1b --- /dev/null +++ b/examples/templates/hello_world_preset/test_case/lib/src/hello.c @@ -0,0 +1,24 @@ +// +// Copyright (C) 2026 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +#include +#include "hello.h" + +#define GREETING "Hello World!" +#define BORDER_CHAR '*' +#define BORDER_LENGTH 5 + +void hello_print(void) { + for (int i = 0; i < BORDER_LENGTH; i++) { + printf("%c", BORDER_CHAR); + } + + printf("\n%s\n", GREETING); + + for (int i = 0; i < BORDER_LENGTH; i++) { + printf("%c", BORDER_CHAR); + } +} diff --git a/test/fixtures/isystem_inline_dep/test_case/CMakeLists.txt b/test/fixtures/isystem_inline_dep/test_case/CMakeLists.txt deleted file mode 100644 index 4a0d24e..0000000 --- a/test/fixtures/isystem_inline_dep/test_case/CMakeLists.txt +++ /dev/null @@ -1,18 +0,0 @@ -cmake_minimum_required(VERSION 3.10) -project(isystem_inline_dep C) - -# util shared library - includes util/ with regular -I -add_library(util SHARED util/user.c) -target_include_directories(util PRIVATE util) - -# ext shared library - includes util/ with SYSTEM (generates -isystem) -# This is the pattern that causes the bug: same header directory included -# as SYSTEM in one target but regular in another. -add_library(ext SHARED ext/caller.c) -target_include_directories(ext SYSTEM PRIVATE util) -target_include_directories(ext PRIVATE ext) - -# Main executable links both -add_executable(isystem_inline_dep main.c) -target_include_directories(isystem_inline_dep PRIVATE util) -target_link_libraries(isystem_inline_dep util ext) diff --git a/test/fixtures/isystem_inline_dep/test_case/ext/bridge.h b/test/fixtures/isystem_inline_dep/test_case/ext/bridge.h deleted file mode 100644 index 1f0772a..0000000 --- a/test/fixtures/isystem_inline_dep/test_case/ext/bridge.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef BRIDGE_H -#define BRIDGE_H - -#include "alloc.h" - -#define ext_malloc(x) my_alloc(x) - -#endif diff --git a/test/fixtures/isystem_inline_dep/test_case/ext/caller.c b/test/fixtures/isystem_inline_dep/test_case/ext/caller.c deleted file mode 100644 index ebb1865..0000000 --- a/test/fixtures/isystem_inline_dep/test_case/ext/caller.c +++ /dev/null @@ -1,19 +0,0 @@ -#include "bridge.h" - -typedef struct { - int val; -} item_t; - -static item_t *make_item(int val) { - item_t *p; - if (!(p = (item_t *)ext_malloc(sizeof(item_t)))) - return (void *)0; - p->val = val; - return p; -} - -int do_work(int x) { - item_t *item = make_item(x); - if (item) return item->val; - return -1; -} diff --git a/test/fixtures/isystem_inline_dep/test_case/main.c b/test/fixtures/isystem_inline_dep/test_case/main.c deleted file mode 100644 index 2d3f860..0000000 --- a/test/fixtures/isystem_inline_dep/test_case/main.c +++ /dev/null @@ -1,10 +0,0 @@ -#include "alloc.h" - -int do_work(int x); -void *my_calloc(size_t n, size_t sz); - -int main(void) { - void *p = my_calloc(4, sizeof(int)); - if (p) free(p); - return do_work(42); -} diff --git a/test/fixtures/isystem_inline_dep/test_case/util/alloc.h b/test/fixtures/isystem_inline_dep/test_case/util/alloc.h deleted file mode 100644 index dc8fa4d..0000000 --- a/test/fixtures/isystem_inline_dep/test_case/util/alloc.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef ALLOC_H -#define ALLOC_H - -#include - -static inline void *my_alloc(size_t len) { - return malloc(len); -} - -#endif diff --git a/test/fixtures/isystem_inline_dep/test_case/util/user.c b/test/fixtures/isystem_inline_dep/test_case/util/user.c deleted file mode 100644 index a727564..0000000 --- a/test/fixtures/isystem_inline_dep/test_case/util/user.c +++ /dev/null @@ -1,6 +0,0 @@ -#include "alloc.h" - -void *my_calloc(size_t n, size_t sz) { - void *p = my_alloc(n * sz); - return p; -} diff --git a/test/fixtures/isystem_inline_dep/test_case/xdiff/bridge.h b/test/fixtures/isystem_inline_dep/test_case/xdiff/bridge.h deleted file mode 100644 index a884876..0000000 --- a/test/fixtures/isystem_inline_dep/test_case/xdiff/bridge.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef BRIDGE_H -#define BRIDGE_H - -#include "alloc.h" - -#define xdl_malloc(x) my_alloc(x) - -#endif diff --git a/test/fixtures/isystem_inline_dep/test_case/xdiff/caller.c b/test/fixtures/isystem_inline_dep/test_case/xdiff/caller.c deleted file mode 100644 index 16d4caf..0000000 --- a/test/fixtures/isystem_inline_dep/test_case/xdiff/caller.c +++ /dev/null @@ -1,19 +0,0 @@ -#include "bridge.h" - -typedef struct { - int val; -} item_t; - -static item_t *make_item(int val) { - item_t *p; - if (!(p = (item_t *)xdl_malloc(sizeof(item_t)))) - return (void *)0; - p->val = val; - return p; -} - -int do_work(int x) { - item_t *item = make_item(x); - if (item) return item->val; - return -1; -} diff --git a/test/fixtures/scc_ordering_bug/test_case/CMakeLists.txt b/test/fixtures/scc_ordering_bug/test_case/CMakeLists.txt deleted file mode 100644 index 4b9c9a5..0000000 --- a/test/fixtures/scc_ordering_bug/test_case/CMakeLists.txt +++ /dev/null @@ -1,17 +0,0 @@ -cmake_minimum_required(VERSION 3.10) -project(scc_ordering_bug) - -# Reproduces SCC ordering bug in consolidation: -# caller.c (rank 1) defines compute() which calls helper(). -# state.c (rank 2) defines helper() (inline) and vtable = { .fn = compute }. -# Cycle: compute -> helper -> vtable -> compute. -# merge_symbols picks helper from state.c (definition beats declaration). -# Within the SCC, compute (rank 1) is emitted before helper (rank 2). -# helper has declaration=None (inline) so no forward decl is emitted. -# Result: "call to undeclared function 'helper'" -add_executable(scc_ordering_bug - src/main.c - src/caller.c - src/state.c -) -target_include_directories(scc_ordering_bug PRIVATE include) diff --git a/test/fixtures/scc_ordering_bug/test_case/include/fwd.h b/test/fixtures/scc_ordering_bug/test_case/include/fwd.h deleted file mode 100644 index 4d8dd85..0000000 --- a/test/fixtures/scc_ordering_bug/test_case/include/fwd.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef FWD_H -#define FWD_H - -struct vtable_t { - int (*fn)(int); -}; - -extern struct vtable_t vtable; - -/* Forward declaration only — no definition of helper here. */ -int helper(int x); - -#endif diff --git a/test/fixtures/scc_ordering_bug/test_case/include/header.h b/test/fixtures/scc_ordering_bug/test_case/include/header.h deleted file mode 100644 index 51b2257..0000000 --- a/test/fixtures/scc_ordering_bug/test_case/include/header.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef HEADER_H -#define HEADER_H - -struct vtable_t { - int (*fn)(int); -}; - -extern struct vtable_t vtable; - -/* Full definition of helper — only included by state.c */ -inline int helper(int x) { - return vtable.fn(x); -} - -#endif diff --git a/test/fixtures/scc_ordering_bug/test_case/src/caller.c b/test/fixtures/scc_ordering_bug/test_case/src/caller.c deleted file mode 100644 index 42f15e8..0000000 --- a/test/fixtures/scc_ordering_bug/test_case/src/caller.c +++ /dev/null @@ -1,5 +0,0 @@ -#include "fwd.h" - -int compute(int x) { - return helper(x) + 1; -} diff --git a/test/fixtures/scc_ordering_bug/test_case/src/main.c b/test/fixtures/scc_ordering_bug/test_case/src/main.c deleted file mode 100644 index 8585358..0000000 --- a/test/fixtures/scc_ordering_bug/test_case/src/main.c +++ /dev/null @@ -1,9 +0,0 @@ -#include - -int helper(int x); -int compute(int x); - -int main(void) { - printf("%d\n", compute(42)); - return 0; -} diff --git a/test/fixtures/scc_ordering_bug/test_case/src/state.c b/test/fixtures/scc_ordering_bug/test_case/src/state.c deleted file mode 100644 index d9afdb2..0000000 --- a/test/fixtures/scc_ordering_bug/test_case/src/state.c +++ /dev/null @@ -1,8 +0,0 @@ -#include "header.h" - -int compute(int x); - -/* Provide external definition of helper for callers that only see the declaration */ -extern inline int helper(int x); - -struct vtable_t vtable = { .fn = compute }; diff --git a/test/fixtures/typedef_cross_tu/test_case/CMakeLists.txt b/test/fixtures/typedef_cross_tu/test_case/CMakeLists.txt deleted file mode 100644 index d0769f5..0000000 --- a/test/fixtures/typedef_cross_tu/test_case/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -cmake_minimum_required(VERSION 3.10) -project(typedef_cross_tu) - -# Library with b.c and c.c — these get parsed from compile_commands.json -# before a.c (because library objects are built first). merge_symbols -# processes b.c first → retains typedef X cursor from b.c. -add_library(xlib SHARED src/b.c src/c.c) -target_include_directories(xlib PRIVATE include) - -# Executable links against xlib; its .sources lists a.c first (from -# add_executable sources) then lib sources appended via LINK_LIBRARIES. -# So source_priority = [a.c, b.c, c.c] → ast_order rank: a.c=0, b.c=1, c.c=2 -# This gives struct X (from a.c) rank 0 < typedef X (from b.c) rank 1. -add_executable(typedef_cross_tu src/a.c) -target_include_directories(typedef_cross_tu PRIVATE include) -target_link_libraries(typedef_cross_tu xlib) diff --git a/test/fixtures/typedef_cross_tu/test_case/include/types.h b/test/fixtures/typedef_cross_tu/test_case/include/types.h deleted file mode 100644 index d1659f4..0000000 --- a/test/fixtures/typedef_cross_tu/test_case/include/types.h +++ /dev/null @@ -1,4 +0,0 @@ -#ifndef TYPES_H -#define TYPES_H -typedef struct X X; -#endif diff --git a/test/fixtures/typedef_cross_tu/test_case/src/a.c b/test/fixtures/typedef_cross_tu/test_case/src/a.c deleted file mode 100644 index 3f493a9..0000000 --- a/test/fixtures/typedef_cross_tu/test_case/src/a.c +++ /dev/null @@ -1,17 +0,0 @@ -#include "types.h" - -struct X { - X *self; - int val; -}; - -X *create_x(int v) { - (void)v; - return (X *)0; -} - -int main(void) { - X *x = create_x(42); - (void)x; - return 0; -} diff --git a/test/fixtures/typedef_cross_tu/test_case/src/b.c b/test/fixtures/typedef_cross_tu/test_case/src/b.c deleted file mode 100644 index af2d9c2..0000000 --- a/test/fixtures/typedef_cross_tu/test_case/src/b.c +++ /dev/null @@ -1,5 +0,0 @@ -#include "types.h" - -void consume_x(X *p) { - (void)p; -} diff --git a/test/fixtures/typedef_cross_tu/test_case/src/c.c b/test/fixtures/typedef_cross_tu/test_case/src/c.c deleted file mode 100644 index 2ef9bea..0000000 --- a/test/fixtures/typedef_cross_tu/test_case/src/c.c +++ /dev/null @@ -1,10 +0,0 @@ -#include "types.h" - -struct Y { - X *member; - int id; -}; - -struct Y *alloc_y(void) { - return (struct Y *)0; -} diff --git a/test/fixtures/typedef_cross_tu/test_vectors/test.json b/test/fixtures/typedef_cross_tu/test_vectors/test.json deleted file mode 100644 index 2748f42..0000000 --- a/test/fixtures/typedef_cross_tu/test_vectors/test.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "test_cases": [ - { - "input": "", - "expected_output": "" - } - ] -} diff --git a/test/test_consolidate.py b/test/test_consolidate.py index 613ea36..9febcc4 100644 --- a/test/test_consolidate.py +++ b/test/test_consolidate.py @@ -11,6 +11,8 @@ import pytest import json +from clang.cindex import TranslationUnit as TU + from ideas import ast from ideas.init.consolidate import ( create_ast_order, @@ -204,14 +206,6 @@ def test_nested_include_symbols_do_not_tie(tmp_path: Path): def test_consolidation_places_typedef_before_struct_definition(tmp_path: Path): - """ - - types.h: typedef struct X X; - - thing.h: includes types.h, defines struct X { fields }; - - thing.c: includes thing.h, uses X in function signatures - - Consolidation must place the typedef before the struct definition so - that uses of 'X' as a bare type name compile correctly. - """ types_h = tmp_path / "types.h" thing_h = tmp_path / "thing.h" thing_c = tmp_path / "thing.c" @@ -219,27 +213,21 @@ def test_consolidation_places_typedef_before_struct_definition(tmp_path: Path): types_h.write_text( dedent( """\ - #ifndef TYPES_H - #define TYPES_H - typedef struct git_callbacks git_callbacks; - #endif + typedef struct X X; """ ) ) thing_h.write_text( dedent( """\ - #ifndef THING_H - #define THING_H #include "types.h" - struct git_callbacks { - int (*notify)(git_callbacks *self, int status); + struct X { + int (*notify)(X *self, int status); void *payload; }; - int git_callbacks_init(git_callbacks *out); - #endif + int X_init(X *out); """ ) ) @@ -248,7 +236,7 @@ def test_consolidation_places_typedef_before_struct_definition(tmp_path: Path): """\ #include "thing.h" - int git_callbacks_init(git_callbacks *out) { + int X_init(X *out) { out->notify = 0; out->payload = 0; return 0; @@ -261,8 +249,6 @@ def test_consolidation_places_typedef_before_struct_definition(tmp_path: Path): compile_commands = _write_compile_commands(tmp_path, [thing_c]) consolidated = consolidate_init(compile_commands, source_priority=[]) - # The consolidated code must compile — the typedef must appear before - # the struct definition and function that use 'git_callbacks' as a type name. success, error = check_c(consolidated, flags=["-fsyntax-only", "-Wall"]) assert success, ( f"Consolidated code does not compile:\n{error}\n\nConsolidated output:\n{consolidated}" @@ -270,22 +256,6 @@ def test_consolidation_places_typedef_before_struct_definition(tmp_path: Path): def test_consolidation_typedef_before_struct_cross_tu(tmp_path: Path): - """ - Cross-TU corner case: when the struct does NOT use the typedef name internally, - the typedef and struct can end up in the same SCC with cursors from different TUs. - clang_isBeforeInTranslationUnit returns 0 for both directions (undefined cross-TU), - so order depends on sort stability. - - In valid C, if a struct body uses the typedef name, the typedef must be included - before it — meaning both symbols always appear in the same TU. So cross-TU - comparison can only happen when the struct does NOT reference the typedef, - in which case ordering doesn't affect compilability. - - - types.h: typedef struct Node Node; - - node.h: struct Node { int val; struct Node *next; }; (struct tag only) - - api.c: includes types.h + node.h, uses Node * in function - - internal.c: includes node.h only, uses struct Node * - """ types_h = tmp_path / "types.h" node_h = tmp_path / "node.h" api_c = tmp_path / "api.c" @@ -294,23 +264,17 @@ def test_consolidation_typedef_before_struct_cross_tu(tmp_path: Path): types_h.write_text( dedent( """\ - #ifndef TYPES_H - #define TYPES_H typedef struct Node Node; - #endif """ ) ) node_h.write_text( dedent( """\ - #ifndef NODE_H - #define NODE_H struct Node { int val; struct Node *next; }; - #endif """ ) ) @@ -374,20 +338,14 @@ def test_consolidation_mutual_cross_tu_typedefs(tmp_path: Path): a_types_h.write_text( dedent( """\ - #ifndef A_TYPES_H - #define A_TYPES_H typedef struct A A; - #endif """ ) ) b_types_h.write_text( dedent( """\ - #ifndef B_TYPES_H - #define B_TYPES_H typedef struct B B; - #endif """ ) ) @@ -490,7 +448,6 @@ def test_macro_wrapped_declaration(tmp_path: Path): f"Consolidated output contains unexpanded macro 'LIB_EXPORT':\n{consolidated}" ) - # It must still compile success, error = check_c(consolidated, flags=["-fsyntax-only", "-Wall"]) assert success, ( f"Consolidated code does not compile:\n{error}\n\nConsolidated output:\n{consolidated}" @@ -499,11 +456,6 @@ def test_macro_wrapped_declaration(tmp_path: Path): def test_typedef_after_struct_cross_tu_three_tus(tmp_path: Path): """ - Three-TU corner case exposing invalid ordering when typedef and struct - definition form a cycle (same SCC) but their cursors come from different TUs - after merge_symbols. - - Setup: - types.h: typedef struct X X; (forward-declares struct X via typedef) - TU1 (a.c): #include "types.h", defines struct X { X *self; int val; }; The struct body uses the typedef name 'X' → creates cycle: @@ -535,10 +487,7 @@ def test_typedef_after_struct_cross_tu_three_tus(tmp_path: Path): types_h.write_text( dedent( """\ - #ifndef TYPES_H - #define TYPES_H typedef struct X X; - #endif """ ) ) @@ -824,29 +773,6 @@ def test_isystem_inline_function_dependency_not_lost(tmp_path: Path): def test_static_inline_in_scc_emitted_before_caller(tmp_path: Path): - """ - When a static inline function from a header participates in a dependency - cycle (via a global variable whose initializer references its caller), - all participants collapse into one SCC. The lexical sort within that SCC - uses TU rank. If the caller's TU has a LOWER rank than the inline's TU, - the caller is emitted first — before the inline is defined — causing: - "call to undeclared function" - - The static inline has declaration=None (the definition IS the declaration), - so the SCC emission logic cannot emit a forward declaration for it. - - Setup: - header.h: struct vtable_t, extern vtable, static inline helper() - caller.c: #include "header.h", defines compute() which calls helper() - state.c: #include "header.h", defines vtable = { .fn = compute } - - Cycle: compute -> helper -> vtable -> compute - merge_symbols picks helper from state.c (processed first in asts). - ast_order = [caller.c, state.c] => caller.c rank 0, state.c rank 1. - SCC sort: compute(rank 0) before helper(rank 1) => BUG. - """ - from clang.cindex import TranslationUnit as TU - # header.h: static inline helper reads extern vtable header_h = tmp_path / "header.h" header_h.write_text( From 694f544159dfa76e088a6992a587ef8337513ad9 Mon Sep 17 00:00:00 2001 From: Marius Arvinte Date: Sat, 30 May 2026 17:54:17 -0700 Subject: [PATCH 2/7] Deprecate sphincs example --- .../CMakeLists.txt | 8 - .../CMakePresets.json | 35 - .../test_case/CMakeLists.txt | 18 - .../test_case/LICENSE | 116 --- .../test_case/README.md | 36 - .../test_case/app/CMakeLists.txt | 47 - .../test_case/app/include/address.h | 52 - .../test_case/app/include/api.h | 79 -- .../test_case/app/include/context.h | 28 - .../test_case/app/include/fors.h | 36 - .../test_case/app/include/forsx1.h | 12 - .../test_case/app/include/hash.h | 28 - .../test_case/app/include/merkle.h | 19 - .../test_case/app/include/params.h | 5 - .../test_case/app/include/randombytes.h | 6 - .../test_case/app/include/rng.h | 54 - .../test_case/app/include/thash.h | 13 - .../test_case/app/include/utils.h | 55 - .../test_case/app/include/utilsx1.h | 30 - .../test_case/app/include/wots.h | 25 - .../test_case/app/include/wotsx1.h | 36 - .../app/params/params-sphincs-blake-128f.h | 85 -- .../app/params/params-sphincs-blake-128s.h | 85 -- .../app/params/params-sphincs-blake-192f.h | 85 -- .../app/params/params-sphincs-blake-192s.h | 85 -- .../app/params/params-sphincs-blake-256f.h | 85 -- .../app/params/params-sphincs-blake-256s.h | 85 -- .../app/params/params-sphincs-haraka-128f.h | 80 -- .../app/params/params-sphincs-haraka-128s.h | 80 -- .../app/params/params-sphincs-haraka-192f.h | 80 -- .../app/params/params-sphincs-haraka-192s.h | 80 -- .../app/params/params-sphincs-haraka-256f.h | 80 -- .../app/params/params-sphincs-haraka-256s.h | 80 -- .../app/params/params-sphincs-sha2-128f.h | 85 -- .../app/params/params-sphincs-sha2-128s.h | 85 -- .../app/params/params-sphincs-sha2-192f.h | 85 -- .../app/params/params-sphincs-sha2-192s.h | 85 -- .../app/params/params-sphincs-sha2-256f.h | 85 -- .../app/params/params-sphincs-sha2-256s.h | 85 -- .../app/params/params-sphincs-shake-128f.h | 80 -- .../app/params/params-sphincs-shake-128s.h | 80 -- .../app/params/params-sphincs-shake-192f.h | 80 -- .../app/params/params-sphincs-shake-192s.h | 80 -- .../app/params/params-sphincs-shake-256f.h | 80 -- .../app/params/params-sphincs-shake-256s.h | 80 -- .../test_case/app/src/PQCgenKAT_sign.c | 426 -------- .../test_case/app/src/address.c | 104 -- .../test_case/app/src/fors.c | 158 --- .../test_case/app/src/merkle.c | 60 -- .../test_case/app/src/randombytes.c | 43 - .../test_case/app/src/rng.c | 219 ---- .../test_case/app/src/sign.c | 287 ------ .../test_case/app/src/utils.c | 154 --- .../test_case/app/src/utilsx1.c | 174 ---- .../test_case/app/src/wots.c | 112 -- .../test_case/app/src/wotsx1.c | 73 -- .../test_case/lib/CMakeLists.txt | 1 - .../test_case/lib/blake/CMakeLists.txt | 13 - .../test_case/lib/blake/include/blake.h | 51 - .../lib/blake/include/blake_offsets.h | 20 - .../test_case/lib/blake/src/blake256.c | 402 -------- .../test_case/lib/blake/src/blake512.c | 409 -------- .../test_case/lib/blake/src/hash_blake.c | 123 --- .../lib/blake/src/thash_blake_robust.c | 67 -- .../lib/blake/src/thash_blake_simple.c | 53 - .../test_case/lib/haraka/CMakeLists.txt | 11 - .../test_case/lib/haraka/include/haraka.h | 41 - .../lib/haraka/include/haraka_offsets.h | 20 - .../test_case/lib/haraka/src/haraka.c | 965 ------------------ .../test_case/lib/haraka/src/hash_haraka.c | 96 -- .../lib/haraka/src/thash_haraka_robust.c | 46 - .../lib/haraka/src/thash_haraka_simple.c | 37 - .../test_case/lib/sha2/CMakeLists.txt | 12 - .../test_case/lib/sha2/include/sha2.h | 44 - .../test_case/lib/sha2/include/sha2_offsets.h | 20 - .../test_case/lib/sha2/src/hash_sha2.c | 198 ---- .../test_case/lib/sha2/src/sha2.c | 701 ------------- .../lib/sha2/src/thash_sha2_robust.c | 75 -- .../lib/sha2/src/thash_sha2_simple.c | 60 -- .../test_case/lib/shake/CMakeLists.txt | 11 - .../test_case/lib/shake/include/fips202.h | 47 - .../lib/shake/include/shake_offsets.h | 20 - .../test_case/lib/shake/src/fips202.c | 598 ----------- .../test_case/lib/shake/src/hash_shake.c | 98 -- .../lib/shake/src/thash_shake_robust.c | 31 - .../lib/shake/src/thash_shake_simple.c | 24 - 86 files changed, 8822 deletions(-) delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/CMakeLists.txt delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/CMakePresets.json delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/CMakeLists.txt delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/LICENSE delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/README.md delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/CMakeLists.txt delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/address.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/api.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/context.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/fors.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/forsx1.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/hash.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/merkle.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/params.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/randombytes.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/rng.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/thash.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/utils.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/utilsx1.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/wots.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/wotsx1.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-128f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-128s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-192f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-192s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-256f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-256s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-128f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-128s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-192f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-192s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-256f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-256s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-128f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-128s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-192f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-192s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-256f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-256s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-128f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-128s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-192f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-192s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-256f.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-256s.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/PQCgenKAT_sign.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/address.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/fors.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/merkle.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/randombytes.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/rng.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/sign.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/utils.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/utilsx1.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/wots.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/wotsx1.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/CMakeLists.txt delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/CMakeLists.txt delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/include/blake.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/include/blake_offsets.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/blake256.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/blake512.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/hash_blake.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/thash_blake_robust.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/thash_blake_simple.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/CMakeLists.txt delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/include/haraka.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/include/haraka_offsets.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/haraka.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/hash_haraka.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/thash_haraka_robust.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/thash_haraka_simple.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/CMakeLists.txt delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/include/sha2.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/include/sha2_offsets.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/hash_sha2.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/sha2.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/thash_sha2_robust.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/thash_sha2_simple.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/CMakeLists.txt delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/include/fips202.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/include/shake_offsets.h delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/fips202.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/hash_shake.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/thash_shake_robust.c delete mode 100644 examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/thash_shake_simple.c diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/CMakeLists.txt b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/CMakeLists.txt deleted file mode 100644 index 4d5706e..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/CMakeLists.txt +++ /dev/null @@ -1,8 +0,0 @@ -cmake_minimum_required(VERSION 3.19) -project(ci_wrapper) - -set(CMAKE_RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}") -set(CMAKE_LIBRARY_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}") -set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}") - -add_subdirectory(test_case) diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/CMakePresets.json b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/CMakePresets.json deleted file mode 100644 index 323c68f..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/CMakePresets.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "version": 6, - "cmakeMinimumRequired": { - "major": 3, - "minor": 19, - "patch": 0 - }, - "configurePresets": [ - { - "name": "base", - "hidden": true, - "generator": "Ninja", - "binaryDir": "build-ninja", - "cacheVariables": { - "CMAKE_C_STANDARD": "99", - "CMAKE_BUILD_TYPE": "Release" - } - }, - { - "name": "test", - "inherits": "base", - "cacheVariables": { - "HASH_BACKEND": "blake", - "SECPAR": "128f", - "THASH": "simple" - } - } - ], - "buildPresets": [ - { - "name": "test", - "configurePreset": "test" - } - ] -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/CMakeLists.txt b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/CMakeLists.txt deleted file mode 100644 index d907ec6..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/CMakeLists.txt +++ /dev/null @@ -1,18 +0,0 @@ -cmake_minimum_required(VERSION 3.10) -project(SPHINCS_PLUS C) - -# Parameters for hash backend -set(HASH_BACKEND "haraka" CACHE STRING "Hash backend (haraka, sha2, shake256, blake)") -set(THASH "robust" CACHE STRING "thash variant (robust, simple)") -set(SECPAR "128s" CACHE STRING "hash parameters (secpar(s|f)") - -set(CMAKE_C_STANDARD 99) -find_program(CLANG_EXECUTABLE clang) -if(CLANG_EXECUTABLE) - set(CMAKE_C_COMPILER ${CLANG_EXECUTABLE}) -endif() -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3") - -# Add subdirectories -add_subdirectory(lib) -add_subdirectory(app) diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/LICENSE b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/LICENSE deleted file mode 100644 index 670154e..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/LICENSE +++ /dev/null @@ -1,116 +0,0 @@ -CC0 1.0 Universal - -Statement of Purpose - -The laws of most jurisdictions throughout the world automatically confer -exclusive Copyright and Related Rights (defined below) upon the creator and -subsequent owner(s) (each and all, an "owner") of an original work of -authorship and/or a database (each, a "Work"). - -Certain owners wish to permanently relinquish those rights to a Work for the -purpose of contributing to a commons of creative, cultural and scientific -works ("Commons") that the public can reliably and without fear of later -claims of infringement build upon, modify, incorporate in other works, reuse -and redistribute as freely as possible in any form whatsoever and for any -purposes, including without limitation commercial purposes. These owners may -contribute to the Commons to promote the ideal of a free culture and the -further production of creative, cultural and scientific works, or to gain -reputation or greater distribution for their Work in part through the use and -efforts of others. - -For these and/or other purposes and motivations, and without any expectation -of additional consideration or compensation, the person associating CC0 with a -Work (the "Affirmer"), to the extent that he or she is an owner of Copyright -and Related Rights in the Work, voluntarily elects to apply CC0 to the Work -and publicly distribute the Work under its terms, with knowledge of his or her -Copyright and Related Rights in the Work and the meaning and intended legal -effect of CC0 on those rights. - -1. Copyright and Related Rights. A Work made available under CC0 may be -protected by copyright and related or neighboring rights ("Copyright and -Related Rights"). Copyright and Related Rights include, but are not limited -to, the following: - - i. the right to reproduce, adapt, distribute, perform, display, communicate, - and translate a Work; - - ii. moral rights retained by the original author(s) and/or performer(s); - - iii. publicity and privacy rights pertaining to a person's image or likeness - depicted in a Work; - - iv. rights protecting against unfair competition in regards to a Work, - subject to the limitations in paragraph 4(a), below; - - v. rights protecting the extraction, dissemination, use and reuse of data in - a Work; - - vi. database rights (such as those arising under Directive 96/9/EC of the - European Parliament and of the Council of 11 March 1996 on the legal - protection of databases, and under any national implementation thereof, - including any amended or successor version of such directive); and - - vii. other similar, equivalent or corresponding rights throughout the world - based on applicable law or treaty, and any national implementations thereof. - -2. Waiver. To the greatest extent permitted by, but not in contravention of, -applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and -unconditionally waives, abandons, and surrenders all of Affirmer's Copyright -and Related Rights and associated claims and causes of action, whether now -known or unknown (including existing as well as future claims and causes of -action), in the Work (i) in all territories worldwide, (ii) for the maximum -duration provided by applicable law or treaty (including future time -extensions), (iii) in any current or future medium and for any number of -copies, and (iv) for any purpose whatsoever, including without limitation -commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes -the Waiver for the benefit of each member of the public at large and to the -detriment of Affirmer's heirs and successors, fully intending that such Waiver -shall not be subject to revocation, rescission, cancellation, termination, or -any other legal or equitable action to disrupt the quiet enjoyment of the Work -by the public as contemplated by Affirmer's express Statement of Purpose. - -3. Public License Fallback. Should any part of the Waiver for any reason be -judged legally invalid or ineffective under applicable law, then the Waiver -shall be preserved to the maximum extent permitted taking into account -Affirmer's express Statement of Purpose. In addition, to the extent the Waiver -is so judged Affirmer hereby grants to each affected person a royalty-free, -non transferable, non sublicensable, non exclusive, irrevocable and -unconditional license to exercise Affirmer's Copyright and Related Rights in -the Work (i) in all territories worldwide, (ii) for the maximum duration -provided by applicable law or treaty (including future time extensions), (iii) -in any current or future medium and for any number of copies, and (iv) for any -purpose whatsoever, including without limitation commercial, advertising or -promotional purposes (the "License"). The License shall be deemed effective as -of the date CC0 was applied by Affirmer to the Work. Should any part of the -License for any reason be judged legally invalid or ineffective under -applicable law, such partial invalidity or ineffectiveness shall not -invalidate the remainder of the License, and in such case Affirmer hereby -affirms that he or she will not (i) exercise any of his or her remaining -Copyright and Related Rights in the Work or (ii) assert any associated claims -and causes of action with respect to the Work, in either case contrary to -Affirmer's express Statement of Purpose. - -4. Limitations and Disclaimers. - - a. No trademark or patent rights held by Affirmer are waived, abandoned, - surrendered, licensed or otherwise affected by this document. - - b. Affirmer offers the Work as-is and makes no representations or warranties - of any kind concerning the Work, express, implied, statutory or otherwise, - including without limitation warranties of title, merchantability, fitness - for a particular purpose, non infringement, or the absence of latent or - other defects, accuracy, or the present or absence of errors, whether or not - discoverable, all to the greatest extent permissible under applicable law. - - c. Affirmer disclaims responsibility for clearing rights of other persons - that may apply to the Work or any use thereof, including without limitation - any person's Copyright and Related Rights in the Work. Further, Affirmer - disclaims responsibility for obtaining any necessary consents, permissions - or other rights required for any use of the Work. - - d. Affirmer understands and acknowledges that Creative Commons is not a - party to this document and has no duty or obligation with respect to this - CC0 or use of the Work. - -For more information, please see - diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/README.md b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/README.md deleted file mode 100644 index f265f00..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/README.md +++ /dev/null @@ -1,36 +0,0 @@ -SPHINCS+ -========== -This repository contains a modified version of the [SPHINCS+ scheme reference](https://github.com/eyalr0/sphincsplusc/) including Jean-Philippe Aumasson's reference implementation of BLAKE. - -SPHINCS+ is a plausibly quantum resilient hash-based signature scheme which was selected by NIST for the [FIPS 205](https://csrc.nist.gov/pubs/fips/205/final) SLH-DSA "Stateless Hash-Based Digital Signature Standard" for post-quantum signatures. -The SPHINCS+ construction combines multiple layers: Winternitz one-time signatures (WOTS+), a few-time signature scheme (FORS), Merkle trees, and a hypertree structure to enable scalable signing without state management. - -## Build Instructions -Prerequisites: -- libcrypto - -### Parameters -CMake requires three arguments to build the libraries. -- `HASH_BACKEND` Defining which underlying hash function to use `(blake, sha2, shake, haraka)` -- `THASH` Determining whether to use the robust or simple construction `(robust, simple)` -- `SECPAR` Determining the security parameter and whether to use short or fast signatures `(128f, 128s, 192f, 192s, 256f, 256s)` - -The possible values are all listed in `CMakeLists.txt` with the exception of -`SECPAR`, which are formatted as the integer parameter with an appended character `s` or `f` indicating whether the signatures should prioritize length (short) or speed (fast). The integer parameter can either be 128, 192 or 256. An example `SECPAR` value is `128s`. - -### Build Commands -To build for a particular set of parameters in a subdirectory `build`: -``` -mdkir build -cmake -B build -DHASH_BACKEND=sha2 -DTHASH=robust -DSECPAR=192f -cmake --build build -``` - -## Associated Executable -For testing purposes, there is a provided executable whose main function can be found in [PQCgenKAT_sign.c](./app/src/PQCgenKAT_sign.c). -This executable performs an in-memory test of signing and verification capabilities before producing a shake256 digest of the signature transcripts. - -PQCgenKAT_sign.c links against the underlying hash backend with parameters defined by the CMake arguments `HASH_BACKEND`, `THASH`, and `SECPAR` described earlier. - -## License -Following the original code from the [SPHINCS+ submission repository](https://github.com/sphincs/sphincsplus), the [SPHINCS+ reference implementation](https://github.com/eyalr0/sphincsplusc/), and Jean-Philippe's BLAKE implementation, all included code is available under the CC0 1.0 Universal Public Domain Dedication, with the exception of rng.c and rng.h which were provided by NIST, and PQCgenKAT_sign.c which was originally provided by NIST, but we have altered to no longer perform file IO. diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/CMakeLists.txt b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/CMakeLists.txt deleted file mode 100644 index fe1de99..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/CMakeLists.txt +++ /dev/null @@ -1,47 +0,0 @@ -# Core sources that are common to both variants --- NO random source here -set(SPHINCS_CORE_COMMON - src/address.c - src/fors.c - src/merkle.c - src/sign.c - src/utils.c - src/utilsx1.c - src/wots.c - src/wotsx1.c -) - -set(PARAMS "sphincs-${HASH_BACKEND}-${SECPAR}") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DPARAMS=${PARAMS}") -if(${HASH_BACKEND} STREQUAL "blake") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBLAKE_TR=1") -elseif(${HASH_BACKEND} STREQUAL "haraka") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DHARAKA_TR=1") -elseif(${HASH_BACKEND} STREQUAL "sha2") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DSHA2_TR=1") -elseif(${HASH_BACKEND} STREQUAL "shake") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DSHAKE_TR=1") -endif() - -# Build once as an OBJECT library (so tests and apps reuse the same objects) -add_library(sphincs_obj SHARED OBJECT ${SPHINCS_CORE_COMMON}) -target_include_directories(sphincs_obj PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) - -# Normal core (uses randombytes.c) -add_library(sphincs_core SHARED - $ - src/randombytes.c -) -target_include_directories(sphincs_core PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) - -# Deterministic core (uses rng.c) -add_library(sphincs_core_det SHARED - $ - src/rng.c -) -target_include_directories(sphincs_core_det PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) - -# Main executable uses the deterministic core (no randombytes.c) -add_executable(driver src/PQCgenKAT_sign.c) - -# Link correct hash backend based on parameter -target_link_libraries(driver sphincs_core_det ${HASH_BACKEND} crypto) diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/address.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/address.h deleted file mode 100644 index 24a84eb..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/address.h +++ /dev/null @@ -1,52 +0,0 @@ -#ifndef SPX_ADDRESS_H -#define SPX_ADDRESS_H - -#include - -#include "params.h" - -/* The hash types that are passed to set_type */ -#define SPX_ADDR_TYPE_WOTS 0 -#define SPX_ADDR_TYPE_WOTSPK 1 -#define SPX_ADDR_TYPE_HASHTREE 2 -#define SPX_ADDR_TYPE_FORSTREE 3 -#define SPX_ADDR_TYPE_FORSPK 4 -#define SPX_ADDR_TYPE_WOTSPRF 5 -#define SPX_ADDR_TYPE_FORSPRF 6 - -#define set_layer_addr SPX_NAMESPACE(set_layer_addr) -void set_layer_addr(uint32_t addr[8], uint32_t layer); - -#define set_tree_addr SPX_NAMESPACE(set_tree_addr) -void set_tree_addr(uint32_t addr[8], uint64_t tree); - -#define set_type SPX_NAMESPACE(set_type) -void set_type(uint32_t addr[8], uint32_t type); - -/* Copies the layer and tree part of one address into the other */ -#define copy_subtree_addr SPX_NAMESPACE(copy_subtree_addr) -void copy_subtree_addr(uint32_t out[8], const uint32_t in[8]); - -/* These functions are used for WOTS and FORS addresses. */ - -#define set_keypair_addr SPX_NAMESPACE(set_keypair_addr) -void set_keypair_addr(uint32_t addr[8], uint32_t keypair); - -#define set_chain_addr SPX_NAMESPACE(set_chain_addr) -void set_chain_addr(uint32_t addr[8], uint32_t chain); - -#define set_hash_addr SPX_NAMESPACE(set_hash_addr) -void set_hash_addr(uint32_t addr[8], uint32_t hash); - -#define copy_keypair_addr SPX_NAMESPACE(copy_keypair_addr) -void copy_keypair_addr(uint32_t out[8], const uint32_t in[8]); - -/* These functions are used for all hash tree addresses (including FORS). */ - -#define set_tree_height SPX_NAMESPACE(set_tree_height) -void set_tree_height(uint32_t addr[8], uint32_t tree_height); - -#define set_tree_index SPX_NAMESPACE(set_tree_index) -void set_tree_index(uint32_t addr[8], uint32_t tree_index); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/api.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/api.h deleted file mode 100644 index 9e01b41..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/api.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef SPX_API_H -#define SPX_API_H - -#include -#include - -#include "params.h" - -#ifndef CRYPTO_ALGNAME -#define CRYPTO_ALGNAME "SPHINCS+" -#endif - -#define CRYPTO_SECRETKEYBYTES SPX_SK_BYTES -#define CRYPTO_PUBLICKEYBYTES SPX_PK_BYTES -#define CRYPTO_BYTES SPX_BYTES -#define CRYPTO_SEEDBYTES 3*SPX_N - -/* - * Returns the length of a secret key, in bytes - */ -unsigned long long crypto_sign_secretkeybytes(void); - -/* - * Returns the length of a public key, in bytes - */ -unsigned long long crypto_sign_publickeybytes(void); - -/* - * Returns the length of a signature, in bytes - */ -unsigned long long crypto_sign_bytes(void); - -/* - * Returns the length of the seed required to generate a key pair, in bytes - */ -unsigned long long crypto_sign_seedbytes(void); - -/* - * Generates a SPHINCS+ key pair given a seed. - * Format sk: [SK_SEED || SK_PRF || PUB_SEED || root] - * Format pk: [root || PUB_SEED] - */ -int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); - -/* - * Generates a SPHINCS+ key pair. - * Format sk: [SK_SEED || SK_PRF || PUB_SEED || root] - * Format pk: [root || PUB_SEED] - */ -int crypto_sign_keypair(unsigned char *pk, unsigned char *sk); - -/** - * Returns an array containing a detached signature. - */ -int crypto_sign_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, const uint8_t *sk); - -/** - * Verifies a detached signature and message under a given public key. - */ -int crypto_sign_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, const uint8_t *pk); - -/** - * Returns an array containing the signature followed by the message. - */ -int crypto_sign(unsigned char *sm, unsigned long long *smlen, - const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); - -/** - * Verifies a given signature-message pair under a given public key. - */ -int crypto_sign_open(unsigned char *m, unsigned long long *mlen, - const unsigned char *sm, unsigned long long smlen, - const unsigned char *pk); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/context.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/context.h deleted file mode 100644 index aded564..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/context.h +++ /dev/null @@ -1,28 +0,0 @@ -#ifndef SPX_CONTEXT_H -#define SPX_CONTEXT_H - -#include - -#include "params.h" - -typedef struct { - uint8_t pub_seed[SPX_N]; - uint8_t sk_seed[SPX_N]; - -#ifdef SPX_SHA2 - // sha256 state that absorbed pub_seed - uint8_t state_seeded[40]; - -# if SPX_SHA512 - // sha512 state that absorbed pub_seed - uint8_t state_seeded_512[72]; -# endif -#endif - -#ifdef SPX_HARAKA - uint64_t tweaked512_rc64[10][8]; - uint32_t tweaked256_rc32[10][8]; -#endif -} spx_ctx; - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/fors.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/fors.h deleted file mode 100644 index ede956f..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/fors.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef SPX_FORS_H -#define SPX_FORS_H - -#include - -#include "context.h" -#include "params.h" - -typedef struct fors_gen_leaf_info { - uint32_t leaf_addrx[8]; -} fors_gen_leaf_info; - -/** - * Signs a message m, deriving the secret key from sk_seed and the FTS address. - * Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits. - */ -#define fors_sign SPX_NAMESPACE(fors_sign) -void fors_sign(unsigned char *sig, unsigned char *pk, - const unsigned char *m, - const spx_ctx* ctx, - const uint32_t fors_addr[8]); - -/** - * Derives the FORS public key from a signature. - * This can be used for verification by comparing to a known public key, or to - * subsequently verify a signature on the derived public key. The latter is the - * typical use-case when used as an FTS below an OTS in a hypertree. - * Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits. - */ -#define fors_pk_from_sig SPX_NAMESPACE(fors_pk_from_sig) -void fors_pk_from_sig(unsigned char *pk, - const unsigned char *sig, const unsigned char *m, - const spx_ctx* ctx, - const uint32_t fors_addr[8]); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/forsx1.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/forsx1.h deleted file mode 100644 index f40a13c..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/forsx1.h +++ /dev/null @@ -1,12 +0,0 @@ -#if !defined( FORSX1_H_ ) -#define FORSX1_H_ - -#include "context.h" -#include "fors.h" - -#define fors_gen_leafx1 SPX_NAMESPACE(fors_gen_leafx1) -void fors_gen_leafx1(unsigned char *leaf, - const spx_ctx *ctx, - uint32_t addr_idx, fors_gen_leaf_info *info); - -#endif /* FORSX1_H_ */ diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/hash.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/hash.h deleted file mode 100644 index c8fb569..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/hash.h +++ /dev/null @@ -1,28 +0,0 @@ -#ifndef SPX_HASH_H -#define SPX_HASH_H - -#include - -#include "context.h" -#include "params.h" - -#define initialize_hash_function SPX_NAMESPACE(initialize_hash_function) -void initialize_hash_function(spx_ctx *ctx); - -#define prf_addr SPX_NAMESPACE(prf_addr) -void prf_addr(unsigned char *out, const spx_ctx *ctx, - const uint32_t addr[8]); - -#define gen_message_random SPX_NAMESPACE(gen_message_random) -void gen_message_random(unsigned char *R, const unsigned char *sk_prf, - const unsigned char *optrand, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx); - -#define hash_message SPX_NAMESPACE(hash_message) -void hash_message(unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx, - const unsigned char *R, const unsigned char *pk, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/merkle.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/merkle.h deleted file mode 100644 index 3ca3160..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/merkle.h +++ /dev/null @@ -1,19 +0,0 @@ -#if !defined( MERKLE_H_ ) -#define MERKLE_H_ - -#include -#include "context.h" - -/* Generate a Merkle signature (WOTS signature followed by the Merkle */ -/* authentication path) */ -#define merkle_sign SPX_NAMESPACE(merkle_sign) -void merkle_sign(uint8_t *sig, unsigned char *root, - const spx_ctx* ctx, - uint32_t wots_addr[8], uint32_t tree_addr[8], - uint32_t idx_leaf); - -/* Compute the root node of the top-most subtree. */ -#define merkle_gen_root SPX_NAMESPACE(merkle_gen_root) -void merkle_gen_root(unsigned char *root, const spx_ctx* ctx); - -#endif /* MERKLE_H_ */ diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/params.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/params.h deleted file mode 100644 index e4653b7..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/params.h +++ /dev/null @@ -1,5 +0,0 @@ -#define str(s) #s -#define xstr(s) str(s) - -#include xstr(../params/params-PARAMS.h) - diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/randombytes.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/randombytes.h deleted file mode 100644 index 671c1b1..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/randombytes.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef SPX_RANDOMBYTES_H -#define SPX_RANDOMBYTES_H - -extern void randombytes(unsigned char * x,unsigned long long xlen); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/rng.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/rng.h deleted file mode 100644 index c4f1c60..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/rng.h +++ /dev/null @@ -1,54 +0,0 @@ -// -// rng.h -// -// Created by Bassham, Lawrence E (Fed) on 8/29/17. -// Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved. -// - -#ifndef rng_h -#define rng_h - -#include - -#define RNG_SUCCESS 0 -#define RNG_BAD_MAXLEN -1 -#define RNG_BAD_OUTBUF -2 -#define RNG_BAD_REQ_LEN -3 - -typedef struct { - unsigned char buffer[16]; - unsigned long buffer_pos; - unsigned long length_remaining; - unsigned char key[32]; - unsigned char ctr[16]; -} AES_XOF_struct; - -typedef struct { - unsigned char Key[32]; - unsigned char V[16]; - int reseed_counter; -} AES256_CTR_DRBG_struct; - - -void -AES256_CTR_DRBG_Update(unsigned char *provided_data, - unsigned char *Key, - unsigned char *V); - -int -seedexpander_init(AES_XOF_struct *ctx, - unsigned char *seed, - unsigned char *diversifier, - unsigned long maxlen); - -int -seedexpander(AES_XOF_struct *ctx, unsigned char *x, unsigned long xlen); - -void -randombytes_init(unsigned char *entropy_input, - unsigned char *personalization_string); - -int -randombytes(unsigned char *x, unsigned long long xlen); - -#endif /* rng_h */ diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/thash.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/thash.h deleted file mode 100644 index 53b27d2..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/thash.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef SPX_THASH_H -#define SPX_THASH_H - -#include - -#include "context.h" -#include "params.h" - -#define thash SPX_NAMESPACE(thash) -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/utils.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/utils.h deleted file mode 100644 index 1f9efe2..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/utils.h +++ /dev/null @@ -1,55 +0,0 @@ -#ifndef SPX_UTILS_H -#define SPX_UTILS_H - -#include - -#include "context.h" -#include "params.h" - -# define SPX_VLA(__t,__x,__s) __t __x[__s] - -/** - * Converts the value of 'in' to 'outlen' bytes in big-endian byte order. - */ -#define ull_to_bytes SPX_NAMESPACE(ull_to_bytes) -void ull_to_bytes(unsigned char *out, unsigned int outlen, - unsigned long long in); -#define u32_to_bytes SPX_NAMESPACE(u32_to_bytes) -void u32_to_bytes(unsigned char *out, uint32_t in); - -/** - * Converts the inlen bytes in 'in' from big-endian byte order to an integer. - */ -#define bytes_to_ull SPX_NAMESPACE(bytes_to_ull) -unsigned long long bytes_to_ull(const unsigned char *in, unsigned int inlen); - -/** - * Computes a root node given a leaf and an auth path. - * Expects address to be complete other than the tree_height and tree_index. - */ -#define compute_root SPX_NAMESPACE(compute_root) -void compute_root(unsigned char *root, const unsigned char *leaf, - uint32_t leaf_idx, uint32_t idx_offset, - const unsigned char *auth_path, uint32_t tree_height, - const spx_ctx *ctx, uint32_t addr[8]); - -/** - * For a given leaf index, computes the authentication path and the resulting - * root node using Merkle's TreeHash algorithm. - * Expects the layer and tree parts of the tree_addr to be set, as well as the - * tree type (i.e. SPX_ADDR_TYPE_HASHTREE or SPX_ADDR_TYPE_FORSTREE). - * Applies the offset idx_offset to indices before building addresses, so that - * it is possible to continue counting indices across trees. - */ -#define treehash SPX_NAMESPACE(treehash) -void treehash(unsigned char *root, unsigned char *auth_path, - const spx_ctx* ctx, - uint32_t leaf_idx, uint32_t idx_offset, uint32_t tree_height, - void (*gen_leaf)( - unsigned char* /* leaf */, - const spx_ctx* ctx /* ctx */, - uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */), - uint32_t tree_addr[8]); - - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/utilsx1.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/utilsx1.h deleted file mode 100644 index 14c98d0..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/utilsx1.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef SPX_UTILSX4_H -#define SPX_UTILSX4_H - -#include - -#include "context.h" -#include "fors.h" -#include "params.h" -#include "wotsx1.h" - -/** - * For a given leaf index, computes the authentication path and the resulting - * root node using Merkle's TreeHash algorithm. - * Expects the layer and tree parts of the tree_addr to be set, as well as the - * tree type (i.e. SPX_ADDR_TYPE_HASHTREE or SPX_ADDR_TYPE_FORSTREE). - * Applies the offset idx_offset to indices before building addresses, so that - * it is possible to continue counting indices across trees. - */ -#define wots_treehashx1 SPX_NAMESPACE(wots_treehashx1) -void wots_treehashx1(unsigned char *root, unsigned char *auth_path, - const spx_ctx* ctx, - uint32_t leaf_idx, uint32_t idx_offset, uint32_t tree_height, - uint32_t tree_addrx4[8], leaf_info_x1 *info); - -#define fors_treehashx1 SPX_NAMESPACE(fors_treehashx1) -void fors_treehashx1(unsigned char *root, unsigned char *auth_path, - const spx_ctx* ctx, - uint32_t leaf_idx, uint32_t idx_offset, uint32_t tree_height, - uint32_t tree_addrx4[8], fors_gen_leaf_info *info); -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/wots.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/wots.h deleted file mode 100644 index 4e7692e..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/wots.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef SPX_WOTS_H -#define SPX_WOTS_H - -#include - -#include "context.h" -#include "params.h" - -/** - * Takes a WOTS signature and an n-byte message, computes a WOTS public key. - * - * Writes the computed public key to 'pk'. - */ -#define wots_pk_from_sig SPX_NAMESPACE(wots_pk_from_sig) -void wots_pk_from_sig(unsigned char *pk, - const unsigned char *sig, const unsigned char *msg, - const spx_ctx *ctx, uint32_t addr[8]); - -/* - * Compute the chain lengths needed for a given message hash - */ -#define chain_lengths SPX_NAMESPACE(chain_lengths) -void chain_lengths(unsigned int *lengths, const unsigned char *msg); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/wotsx1.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/wotsx1.h deleted file mode 100644 index 411fa8e..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/include/wotsx1.h +++ /dev/null @@ -1,36 +0,0 @@ -#if !defined( WOTSX1_H_ ) -#define WOTSX1_H_ - -#include - -/* - * This is here to provide an interface to the internal wots_gen_leafx1 - * routine. While this routine is not referenced in the package outside of - * wots.c, it is called from the stand-alone benchmark code to characterize - * the performance - */ -typedef struct leaf_info_x1 { - unsigned char *wots_sig; - uint32_t wots_sign_leaf; /* The index of the WOTS we're using to sign */ - uint32_t *wots_steps; - uint32_t leaf_addr[8]; - uint32_t pk_addr[8]; -} leaf_info_x1; - -/* Macro to set the leaf_info to something 'benign', that is, it would */ -/* run with the same time as it does during the real signing process */ -/* Used only by the benchmark code */ -#define INITIALIZE_LEAF_INFO_X1(info, addr, step_buffer) { \ - info.wots_sig = 0; \ - info.wots_sign_leaf = ~0u; \ - info.wots_steps = step_buffer; \ - memcpy( &info.leaf_addr[0], addr, 32 ); \ - memcpy( &info.pk_addr[0], addr, 32 ); \ -} - -#define wots_gen_leafx1 SPX_NAMESPACE(wots_gen_leafx1) -void wots_gen_leafx1(unsigned char *dest, - const spx_ctx *ctx, - uint32_t leaf_idx, leaf_info_x1 *v_info); - -#endif /* WOTSX1_H_ */ diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-128f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-128f.h deleted file mode 100644 index 9c1f370..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-128f.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 16 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 66 -/* Number of subtree layer. */ -#define SPX_D 22 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 6 -#define SPX_FORS_TREES 33 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a BLAKE-based parameter set, hence whether we use BLAKE-256 - * exclusively or we use both BLAKE-256 and BLAKE-512 is controlled by - * the following #define */ -#define SPX_BLAKE512 0 /* Use BLAKE-256 for all hashes */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/blake/include/blake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-128s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-128s.h deleted file mode 100644 index 7f59db4..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-128s.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 16 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 63 -/* Number of subtree layer. */ -#define SPX_D 7 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 12 -#define SPX_FORS_TREES 14 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a BLAKE-based parameter set, hence whether we use BLAKE-256 - * exclusively or we use both BLAKE-256 and BLAKE-512 is controlled by - * the following #define */ -#define SPX_BLAKE512 0 /* Use BLAKE-256 for all hashes */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/blake/include/blake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-192f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-192f.h deleted file mode 100644 index 430fdd2..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-192f.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 24 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 66 -/* Number of subtree layer. */ -#define SPX_D 22 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 8 -#define SPX_FORS_TREES 33 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a BLAKE-based parameter set, hence whether we use BLAKE-256 - * exclusively or we use both BLAKE-256 and BLAKE-512 is controlled by - * the following #define */ -#define SPX_BLAKE512 1 /* Use BLAKE-512 */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/blake/include/blake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-192s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-192s.h deleted file mode 100644 index 3f5d9fe..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-192s.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 24 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 63 -/* Number of subtree layer. */ -#define SPX_D 7 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 14 -#define SPX_FORS_TREES 17 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a BLAKE-based parameter set, hence whether we use BLAKE-256 - * exclusively or we use both BLAKE-256 and BLAKE-512 is controlled by - * the following #define */ -#define SPX_BLAKE512 1 /* Use BLAKE-512 */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/blake/include/blake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-256f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-256f.h deleted file mode 100644 index 5d257c0..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-256f.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 32 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 68 -/* Number of subtree layer. */ -#define SPX_D 17 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 9 -#define SPX_FORS_TREES 35 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a BLAKE-based parameter set, hence whether we use BLAKE-256 - * exclusively or we use both BLAKE-256 and BLAKE-512 is controlled by - * the following #define */ -#define SPX_BLAKE512 1 /* Use BLAKE-512 */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/blake/include/blake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-256s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-256s.h deleted file mode 100644 index 9c242f8..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-blake-256s.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 32 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 64 -/* Number of subtree layer. */ -#define SPX_D 8 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 14 -#define SPX_FORS_TREES 22 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a BLAKE-based parameter set, hence whether we use BLAKE-256 - * exclusively or we use both BLAKE-256 and BLAKE-512 is controlled by - * the following #define */ -#define SPX_BLAKE512 1 /* Use BLAKE-512 */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/blake/include/blake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-128f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-128f.h deleted file mode 100644 index 6ff36d0..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-128f.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 16 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 66 -/* Number of subtree layer. */ -#define SPX_D 22 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 6 -#define SPX_FORS_TREES 33 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/haraka/include/haraka_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-128s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-128s.h deleted file mode 100644 index a84eec9..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-128s.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 16 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 63 -/* Number of subtree layer. */ -#define SPX_D 7 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 12 -#define SPX_FORS_TREES 14 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/haraka/include/haraka_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-192f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-192f.h deleted file mode 100644 index 50a6730..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-192f.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 24 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 66 -/* Number of subtree layer. */ -#define SPX_D 22 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 8 -#define SPX_FORS_TREES 33 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/haraka/include/haraka_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-192s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-192s.h deleted file mode 100644 index 61dcd25..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-192s.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 24 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 63 -/* Number of subtree layer. */ -#define SPX_D 7 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 14 -#define SPX_FORS_TREES 17 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/haraka/include/haraka_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-256f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-256f.h deleted file mode 100644 index d2cab73..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-256f.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 32 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 68 -/* Number of subtree layer. */ -#define SPX_D 17 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 9 -#define SPX_FORS_TREES 35 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/haraka/include/haraka_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-256s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-256s.h deleted file mode 100644 index 40a5145..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-haraka-256s.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 32 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 64 -/* Number of subtree layer. */ -#define SPX_D 8 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 14 -#define SPX_FORS_TREES 22 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/haraka/include/haraka_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-128f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-128f.h deleted file mode 100644 index 1392097..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-128f.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 16 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 66 -/* Number of subtree layer. */ -#define SPX_D 22 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 6 -#define SPX_FORS_TREES 33 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a SHA2-based parameter set, hence whether we use SHA-256 - * exclusively or we use both SHA-256 and SHA-512 is controlled by - * the following #define */ -#define SPX_SHA512 0 /* Use SHA-256 for all hashes */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/sha2/include/sha2_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-128s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-128s.h deleted file mode 100644 index 4a672d9..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-128s.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 16 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 63 -/* Number of subtree layer. */ -#define SPX_D 7 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 12 -#define SPX_FORS_TREES 14 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a SHA2-based parameter set, hence whether we use SHA-256 - * exclusively or we use both SHA-256 and SHA-512 is controlled by - * the following #define */ -#define SPX_SHA512 0 /* Use SHA-256 for all hashes */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/sha2/include/sha2_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-192f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-192f.h deleted file mode 100644 index 710de5f..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-192f.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 24 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 66 -/* Number of subtree layer. */ -#define SPX_D 22 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 8 -#define SPX_FORS_TREES 33 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a SHA2-based parameter set, hence whether we use SHA-256 - * exclusively or we use both SHA-256 and SHA-512 is controlled by - * the following #define */ -#define SPX_SHA512 1 /* Use SHA-512 for H and T_l, l >= 2 */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/sha2/include/sha2_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-192s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-192s.h deleted file mode 100644 index eb8000a..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-192s.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 24 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 63 -/* Number of subtree layer. */ -#define SPX_D 7 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 14 -#define SPX_FORS_TREES 17 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a SHA2-based parameter set, hence whether we use SHA-256 - * exclusively or we use both SHA-256 and SHA-512 is controlled by - * the following #define */ -#define SPX_SHA512 1 /* Use SHA-512 for H and T_l, l >= 2 */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/sha2/include/sha2_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-256f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-256f.h deleted file mode 100644 index 77ab162..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-256f.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 32 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 68 -/* Number of subtree layer. */ -#define SPX_D 17 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 9 -#define SPX_FORS_TREES 35 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a SHA2-based parameter set, hence whether we use SHA-256 - * exclusively or we use both SHA-256 and SHA-512 is controlled by - * the following #define */ -#define SPX_SHA512 1 /* Use SHA-512 for H and T_l, l >= 2 */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/sha2/include/sha2_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-256s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-256s.h deleted file mode 100644 index 15d140d..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-sha2-256s.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 32 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 64 -/* Number of subtree layer. */ -#define SPX_D 8 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 14 -#define SPX_FORS_TREES 22 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* This is a SHA2-based parameter set, hence whether we use SHA-256 - * exclusively or we use both SHA-256 and SHA-512 is controlled by - * the following #define */ -#define SPX_SHA512 1 /* Use SHA-512 for H and T_l, l >= 2 */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/sha2/include/sha2_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-128f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-128f.h deleted file mode 100644 index 478aff8..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-128f.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 16 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 66 -/* Number of subtree layer. */ -#define SPX_D 22 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 6 -#define SPX_FORS_TREES 33 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/shake/include/shake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-128s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-128s.h deleted file mode 100644 index bf974cf..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-128s.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 16 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 63 -/* Number of subtree layer. */ -#define SPX_D 7 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 12 -#define SPX_FORS_TREES 14 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/shake/include/shake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-192f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-192f.h deleted file mode 100644 index 887a886..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-192f.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 24 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 66 -/* Number of subtree layer. */ -#define SPX_D 22 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 8 -#define SPX_FORS_TREES 33 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/shake/include/shake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-192s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-192s.h deleted file mode 100644 index f59ebde..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-192s.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 24 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 63 -/* Number of subtree layer. */ -#define SPX_D 7 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 14 -#define SPX_FORS_TREES 17 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/shake/include/shake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-256f.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-256f.h deleted file mode 100644 index 4305166..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-256f.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 32 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 68 -/* Number of subtree layer. */ -#define SPX_D 17 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 9 -#define SPX_FORS_TREES 35 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/shake/include/shake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-256s.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-256s.h deleted file mode 100644 index 93ea1d3..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/params/params-sphincs-shake-256s.h +++ /dev/null @@ -1,80 +0,0 @@ -#ifndef SPX_PARAMS_H -#define SPX_PARAMS_H - -#define SPX_NAMESPACE(s) SPX_##s - -/* Hash output length in bytes. */ -#define SPX_N 32 -/* Height of the hypertree. */ -#define SPX_FULL_HEIGHT 64 -/* Number of subtree layer. */ -#define SPX_D 8 -/* FORS tree dimensions. */ -#define SPX_FORS_HEIGHT 14 -#define SPX_FORS_TREES 22 -/* Winternitz parameter, */ -#define SPX_WOTS_W 16 - -/* The hash function is defined by linking a different hash.c file, as opposed - to setting a #define constant. */ - -/* For clarity */ -#define SPX_ADDR_BYTES 32 - -/* WOTS parameters. */ -#if SPX_WOTS_W == 256 - #define SPX_WOTS_LOGW 8 -#elif SPX_WOTS_W == 16 - #define SPX_WOTS_LOGW 4 -#else - #error SPX_WOTS_W assumed 16 or 256 -#endif - -#define SPX_WOTS_LEN1 (8 * SPX_N / SPX_WOTS_LOGW) - -/* SPX_WOTS_LEN2 is floor(log(len_1 * (w - 1)) / log(w)) + 1; we precompute */ -#if SPX_WOTS_W == 256 - #if SPX_N <= 1 - #define SPX_WOTS_LEN2 1 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 2 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#elif SPX_WOTS_W == 16 - #if SPX_N <= 8 - #define SPX_WOTS_LEN2 2 - #elif SPX_N <= 136 - #define SPX_WOTS_LEN2 3 - #elif SPX_N <= 256 - #define SPX_WOTS_LEN2 4 - #else - #error Did not precompute SPX_WOTS_LEN2 for n outside {2, .., 256} - #endif -#endif - -#define SPX_WOTS_LEN (SPX_WOTS_LEN1 + SPX_WOTS_LEN2) -#define SPX_WOTS_BYTES (SPX_WOTS_LEN * SPX_N) -#define SPX_WOTS_PK_BYTES SPX_WOTS_BYTES - -/* Subtree size. */ -#define SPX_TREE_HEIGHT (SPX_FULL_HEIGHT / SPX_D) - -#if SPX_TREE_HEIGHT * SPX_D != SPX_FULL_HEIGHT - #error SPX_D should always divide SPX_FULL_HEIGHT -#endif - -/* FORS parameters. */ -#define SPX_FORS_MSG_BYTES ((SPX_FORS_HEIGHT * SPX_FORS_TREES + 7) / 8) -#define SPX_FORS_BYTES ((SPX_FORS_HEIGHT + 1) * SPX_FORS_TREES * SPX_N) -#define SPX_FORS_PK_BYTES SPX_N - -/* Resulting SPX sizes. */ -#define SPX_BYTES (SPX_N + SPX_FORS_BYTES + SPX_D * SPX_WOTS_BYTES +\ - SPX_FULL_HEIGHT * SPX_N) -#define SPX_PK_BYTES (2 * SPX_N) -#define SPX_SK_BYTES (2 * SPX_N + SPX_PK_BYTES) - -#include "../../lib/shake/include/shake_offsets.h" - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/PQCgenKAT_sign.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/PQCgenKAT_sign.c deleted file mode 100644 index 2dbd1b5..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/PQCgenKAT_sign.c +++ /dev/null @@ -1,426 +0,0 @@ -// -// PQCgenKAT_sign.c -// -// Created by Bassham, Lawrence E (Fed) on 8/29/17. -// Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved. -// - -#include -#include -#include - -#include "../include/api.h" -#include "../include/rng.h" - -#define MAX_MARKER_LEN 50 -#define BASE_MLEN 33 -#define LOOP_COUNT 7 - -#define KAT_SUCCESS 0 -#define KAT_OVERFLOW -1 -#define KAT_CRYPTO_FAILURE -2 - -#ifdef BLAKE_TR -#include "../../lib/blake/include/blake.h" -#if SPX_N >= 24 -#define blakestateX blakestate512 -#define blakeX_init blake512_init -#define blakeX_update blake512_update -#define blakeX_final blake512_final -#define blakeX_output_bytes 64 -#else -#define blakestateX blakestate256 -#define blakeX_init blake256_init -#define blakeX_update blake256_update -#define blakeX_final blake256_final -#define blakeX_output_bytes 32 -#endif - -typedef blakestateX kat_tr_ctx; - -static inline void kat_tr_init(kat_tr_ctx *ctx) { - blakeX_init(ctx); - - static const uint8_t tag[] = "KAT-TRANSCRIPT-v1-BLAKE"; - blakeX_update(ctx, tag, sizeof tag - 1); - - const uint8_t sep = 0x00; - blakeX_update(ctx, &sep, 1); -} - -static inline void kat_tr_absorb_label(kat_tr_ctx *ctx, const char *label) { - const uint8_t *p = (const uint8_t *)label; - size_t n = 0; while(p[n]) n++; - blakeX_update(ctx, p, n); - - const uint8_t sep = 0x00; - blakeX_update(ctx, &sep, 1); -} - -static inline void kat_tr_absorb_u64(kat_tr_ctx *ctx, unsigned long long x) { - uint8_t le[8]; - size_t i; - for (i = 0; i < 8; i++) { - le[i] = (uint8_t)((x >> (8 * i)) & 0xFF); - } - - uint8_t lenle[8]; - unsigned long long L = 8; - for(i = 0; i < 8; i++) { - lenle[i] = (uint8_t)((L >> (8 * i)) & 0xFF); - } - - blakeX_update(ctx, lenle, 8); - blakeX_update(ctx, le, 8); -} - -static inline void kat_tr_absorb_bytes(kat_tr_ctx *ctx, const uint8_t *buf, size_t len) { - uint8_t lenle[8]; - unsigned long long L = (unsigned long long) len; - size_t i; - for(i = 0; i < 8; i++) { - lenle[i] = (uint8_t)((L >> (8 * i)) & 0xFF); - } - blakeX_update(ctx, lenle, 8); - if(len) { - blakeX_update(ctx, buf, len); - } -} - -static inline void kat_tr_final(kat_tr_ctx *ctx, uint8_t out32[32]) { - unsigned char outbuf[blakeX_output_bytes] = {0}; - blakeX_final(ctx, outbuf); - memcpy(out32, outbuf, 32); -} -#elif HARAKA_TR -#include "../../lib/haraka/include/haraka.h" - -typedef struct { - spx_ctx inner; - uint8_t s[65]; -} kat_tr_ctx; - -static inline void kat_tr_init(kat_tr_ctx *ctx) { - size_t i; - for(i = 0; i < SPX_N; ++i) { - ctx->inner.pub_seed[i] = 0; - ctx->inner.sk_seed[i] = 0; - } - - tweak_constants(&ctx->inner); - haraka_S_inc_init(ctx->s); - - static const uint8_t tag[] = "KAT-TRANSCRIPT-v1-HARAKA"; - haraka_S_inc_absorb(ctx->s, tag, sizeof tag - 1, &ctx->inner); - - const uint8_t sep = 0x00; - haraka_S_inc_absorb(ctx->s, &sep, 1, &ctx->inner); -} - -static inline void kat_tr_absorb_label(kat_tr_ctx *ctx, const char *label) { - const uint8_t *p = (const uint8_t *)label; - size_t n = 0; while(p[n]) n++; - haraka_S_inc_absorb(ctx->s, p, n, &ctx->inner); - - const uint8_t sep = 0x00; - haraka_S_inc_absorb(ctx->s, &sep, 1, &ctx->inner); -} - -static inline void kat_tr_absorb_u64(kat_tr_ctx *ctx, unsigned long long x) { - uint8_t le[8]; - size_t i; - for (i = 0; i < 8; i++) { - le[i] = (uint8_t)((x >> (8 * i)) & 0xFF); - } - - uint8_t lenle[8]; - unsigned long long L = 8; - for(i = 0; i < 8; i++) { - lenle[i] = (uint8_t)((L >> (8 * i)) & 0xFF); - } - - haraka_S_inc_absorb(ctx->s, lenle, 8, &ctx->inner); - haraka_S_inc_absorb(ctx->s, le, 8, &ctx->inner); -} - -static inline void kat_tr_absorb_bytes(kat_tr_ctx *ctx, const uint8_t *buf, size_t len) { - uint8_t lenle[8]; - unsigned long long L = (unsigned long long) len; - size_t i; - for(i = 0; i < 8; i++) { - lenle[i] = (uint8_t)((L >> (8 * i)) & 0xFF); - } - haraka_S_inc_absorb(ctx->s, lenle, 8, &ctx->inner); - if(len) { - haraka_S_inc_absorb(ctx->s, buf, len, &ctx->inner); - } -} - -static inline void kat_tr_final(kat_tr_ctx *ctx, uint8_t out32[32]) { - haraka_S_inc_finalize(ctx->s); - haraka_S_inc_squeeze(out32, 32, ctx->s, &ctx->inner); -} -#elif SHA2_TR -#include "../../lib/sha2/include/sha2.h" -#if SPX_N >= 24 -#define shaX_inc_init sha512_inc_init -#define shaX_inc_blocks sha512_inc_blocks -#define shaX_inc_finalize sha512_inc_finalize -#define shaX_state_len 72 -#define shaX_block_bytes 128 -#define shaX_output_bytes 64 -#else -#define shaX_inc_init sha256_inc_init -#define shaX_inc_blocks sha256_inc_blocks -#define shaX_inc_finalize sha256_inc_finalize -#define shaX_state_len 40 -#define shaX_block_bytes 64 -#define shaX_output_bytes 32 -#endif - -typedef struct { - uint8_t s[shaX_state_len]; -} kat_tr_ctx; - -static inline void kat_tr_init(kat_tr_ctx *ctx) { - static const uint8_t tag[] = "KAT-TRANSCRIPT-v1-SHA2"; - uint8_t block[shaX_block_bytes]; - size_t i; - - for (i = 0; i < sizeof tag - 1; ++i) { - block[i] = tag[i]; - } - for (i = sizeof tag - 1; i < shaX_block_bytes; ++i) { - block[i] = 0; - } - - shaX_inc_init(ctx->s); - shaX_inc_blocks(ctx->s, block, 1); -} - -static inline void kat_tr_absorb_label(kat_tr_ctx *ctx, const char *label) { - const uint8_t *p = (const uint8_t *)label; - size_t n = 0; while(p[n]) n++; - size_t block_count = (n + 1 + (shaX_block_bytes - 1)) / shaX_block_bytes; - - size_t i; - for(i = 0; i < block_count; ++i) { - uint8_t block[shaX_block_bytes]; - size_t j; - - for(j = 0; i * shaX_block_bytes + j < n && j < shaX_block_bytes; ++j) { - block[j] = p[i * shaX_block_bytes + j]; - } - - if(i * shaX_block_bytes + j == n && j < shaX_block_bytes) { - block[j] = 0x00; - ++j; - } - - for(; j < shaX_block_bytes; ++j) { - block[j] = 0; - } - - shaX_inc_blocks(ctx->s, block, 1); - } -} - -static inline void kat_tr_absorb_u64(kat_tr_ctx *ctx, unsigned long long x) { - uint8_t block[shaX_block_bytes]; - uint8_t le[8]; - size_t i; - for (i = 0; i < 8; i++) { - le[i] = (uint8_t)((x >> (8 * i)) & 0xFF); - } - - uint8_t lenle[8]; - unsigned long long L = 8; - for(i = 0; i < 8; i++) { - lenle[i] = (uint8_t)((L >> (8 * i)) & 0xFF); - } - - for (i = 0; i < 8; ++i) { - block[i] = lenle[i]; - } - for (i = 0; i < 8; ++i) { - block[8+i] = le[i]; - } - for (i = 16; i < shaX_block_bytes; ++i) { - block[i] = 0; - } - - shaX_inc_blocks(ctx->s, block, 1); -} - -static inline void kat_tr_absorb_bytes(kat_tr_ctx *ctx, const uint8_t *buf, size_t len) { - uint8_t lenle[shaX_block_bytes] = {0}; - unsigned long long L = (unsigned long long) len; - size_t i; - for(i = 0; i < 8; i++) { - lenle[i] = (uint8_t)((L >> (8 * i)) & 0xFF); - } - size_t block_count = (len + (shaX_block_bytes - 1)) / shaX_block_bytes; - shaX_inc_blocks(ctx->s, lenle, 1); - - if(len != 0) { - for(i = 0; i < block_count; ++i) { - uint8_t block[shaX_block_bytes]; - size_t j; - - for(j = 0; i * shaX_block_bytes + j < len && j < shaX_block_bytes; ++j) { - block[j] = buf[i * shaX_block_bytes + j]; - } - for(; j < shaX_block_bytes; ++j) { - block[j] = 0; - } - - shaX_inc_blocks(ctx->s, block, 1); - } - } -} - -static inline void kat_tr_final(kat_tr_ctx *ctx, uint8_t out32[32]) { - unsigned char outbuf[shaX_output_bytes] = {0}; - uint8_t final_block[shaX_block_bytes] = {0}; - shaX_inc_finalize(outbuf, ctx->s, final_block, 1); - memcpy(out32, outbuf, 32); -} -#elif SHAKE_TR -#include "../../lib/shake/include/fips202.h" -typedef struct { - uint64_t s[26]; -} kat_tr_ctx; - -static inline void kat_tr_init(kat_tr_ctx *ctx) { - shake256_inc_init(ctx->s); - - static const uint8_t tag[] = "KAT-TRANSCRIPT-v1-SHAKE"; - shake256_inc_absorb(ctx->s, tag, sizeof tag - 1); - - const uint8_t sep = 0x00; - shake256_inc_absorb(ctx->s, &sep, 1); -} - -static inline void kat_tr_absorb_label(kat_tr_ctx *ctx, const char *label) { - const uint8_t *p = (const uint8_t *)label; - size_t n = 0; while(p[n]) n++; - shake256_inc_absorb(ctx->s, p, n); - - const uint8_t sep = 0x00; - shake256_inc_absorb(ctx->s, &sep, 1); -} - -static inline void kat_tr_absorb_u64(kat_tr_ctx *ctx, unsigned long long x) { - uint8_t le[8]; - size_t i; - for (i = 0; i < 8; i++) { - le[i] = (uint8_t)((x >> (8 * i)) & 0xFF); - } - - uint8_t lenle[8]; - unsigned long long L = 8; - for(i = 0; i < 8; i++) { - lenle[i] = (uint8_t)((L >> (8 * i)) & 0xFF); - } - - shake256_inc_absorb(ctx->s, lenle, 8); - shake256_inc_absorb(ctx->s, le, 8); -} - -static inline void kat_tr_absorb_bytes(kat_tr_ctx *ctx, const uint8_t *buf, size_t len) { - uint8_t lenle[8]; - unsigned long long L = (unsigned long long) len; - size_t i; - for(i = 0; i < 8; i++) { - lenle[i] = (uint8_t)((L >> (8 * i)) & 0xFF); - } - shake256_inc_absorb(ctx->s, lenle, 8); - if(len) { - shake256_inc_absorb(ctx->s, buf, len); - } -} - -static inline void kat_tr_final(kat_tr_ctx *ctx, uint8_t out32[32]) { - shake256_inc_finalize(ctx->s); - shake256_inc_squeeze(out32, 32, ctx->s); -} -#endif - -int -main(void) -{ - static unsigned char m[BASE_MLEN * LOOP_COUNT]; - static unsigned char sm[BASE_MLEN * LOOP_COUNT + CRYPTO_BYTES]; - static unsigned char m1[BASE_MLEN * LOOP_COUNT + CRYPTO_BYTES]; - static unsigned char pk[CRYPTO_PUBLICKEYBYTES]; - static unsigned char sk[CRYPTO_SECRETKEYBYTES]; - static unsigned char seed[48]; - static unsigned char entropy_input[48]; - static unsigned char msg[BASE_MLEN * LOOP_COUNT]; - - unsigned long long mlen, smlen, mlen1; - int ret; - - // Deterministic entropy to seed DRBG to make .req - for (int i = 0; i < 48; i++) { - entropy_input[i] = (unsigned char)i; - } - randombytes_init(entropy_input, NULL); - - // Initialize Transcript - kat_tr_ctx tctx; - kat_tr_init(&tctx); - kat_tr_absorb_label(&tctx, "CRYPTO_ALGNAME"); - kat_tr_absorb_bytes(&tctx, (const uint8_t *)CRYPTO_ALGNAME, strlen(CRYPTO_ALGNAME)); - kat_tr_absorb_label(&tctx, "SKBYTES"); kat_tr_absorb_u64(&tctx, CRYPTO_SECRETKEYBYTES); - kat_tr_absorb_label(&tctx, "PKBYTES"); kat_tr_absorb_u64(&tctx, CRYPTO_PUBLICKEYBYTES); - kat_tr_absorb_label(&tctx, "SIGBYTES"); kat_tr_absorb_u64(&tctx, CRYPTO_BYTES); - - for (int i = 0; i < LOOP_COUNT; i++) { - randombytes(seed, sizeof seed); - - kat_tr_absorb_label(&tctx, "count"); kat_tr_absorb_u64(&tctx, (unsigned long long) i); - kat_tr_absorb_label(&tctx, "seed"); kat_tr_absorb_bytes(&tctx, seed, sizeof seed); - - mlen = (unsigned long long int)(BASE_MLEN * (i + 1)); - if (mlen > BASE_MLEN * LOOP_COUNT) { fprintf(stderr, "mlen overflow\n"); return KAT_OVERFLOW; } - - kat_tr_absorb_label(&tctx, "mlen"); kat_tr_absorb_u64(&tctx, mlen); - - randombytes(msg, mlen); - kat_tr_absorb_label(&tctx, "msg"); kat_tr_absorb_bytes(&tctx, msg, mlen); - - memset(m, 0, mlen); - memset(m1, 0, mlen + CRYPTO_BYTES); - memset(sm, 0, mlen + CRYPTO_BYTES); - memcpy(m, msg, mlen); - - // Keypair - ret = crypto_sign_keypair(pk, sk); - if (ret) { fprintf(stderr, "crypto_sign_keypair=%d\n", ret); return KAT_CRYPTO_FAILURE; } - kat_tr_absorb_label(&tctx, "pk"); kat_tr_absorb_bytes(&tctx, pk, CRYPTO_PUBLICKEYBYTES); - kat_tr_absorb_label(&tctx, "sk"); kat_tr_absorb_bytes(&tctx, sk, CRYPTO_SECRETKEYBYTES); - - // Sign - ret = crypto_sign(sm, &smlen, m, mlen, sk); - if (ret) { fprintf(stderr, "crypto_sign=%d\n", ret); return KAT_CRYPTO_FAILURE; } - kat_tr_absorb_label(&tctx, "smlen"); kat_tr_absorb_u64(&tctx, smlen); - kat_tr_absorb_label(&tctx, "sm"); kat_tr_absorb_bytes(&tctx, sm, smlen); - - // Verify - ret = crypto_sign_open(m1, &mlen1, sm, smlen, pk); - if (ret) { fprintf(stderr, "crypto_sign_open=%d\n", ret); return KAT_CRYPTO_FAILURE; } - if (mlen1 != mlen) { fprintf(stderr, "mlen mismatch\n"); return KAT_CRYPTO_FAILURE; } - if (memcmp(m, m1, mlen) != 0) { fprintf(stderr, "m mismatch\n"); return KAT_CRYPTO_FAILURE; } - } - - // Finalize transcript digest - uint8_t digest[32] = {0}; - kat_tr_final(&tctx, digest); - - printf("KAT transcript digest = "); - for (size_t i = 0; i < 32; i++) { printf("%02X", digest[i]); } - printf("\n"); - - return KAT_SUCCESS; -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/address.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/address.c deleted file mode 100644 index 5be8fca..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/address.c +++ /dev/null @@ -1,104 +0,0 @@ -#include -#include - -#include "../include/address.h" -#include "../include/params.h" -#include "../include/utils.h" - -/* - * Specify which level of Merkle tree (the "layer") we're working on - */ -void set_layer_addr(uint32_t addr[8], uint32_t layer) -{ - ((unsigned char *)addr)[SPX_OFFSET_LAYER] = (unsigned char)layer; -} - -/* - * Specify which Merkle tree within the level (the "tree address") we're working on - */ -void set_tree_addr(uint32_t addr[8], uint64_t tree) -{ -#if (SPX_TREE_HEIGHT * (SPX_D - 1)) > 64 - #error Subtree addressing is currently limited to at most 2^64 trees -#endif - ull_to_bytes(&((unsigned char *)addr)[SPX_OFFSET_TREE], 8, tree ); -} - -/* - * Specify the reason we'll use this address structure for, that is, what - * hash will we compute with it. This is used so that unrelated types of - * hashes don't accidentally get the same address structure. The type will be - * one of the SPX_ADDR_TYPE constants - */ -void set_type(uint32_t addr[8], uint32_t type) -{ - ((unsigned char *)addr)[SPX_OFFSET_TYPE] = (unsigned char)type; -} - -/* - * Copy the layer and tree fields of the address structure. This is used - * when we're doing multiple types of hashes within the same Merkle tree - */ -void copy_subtree_addr(uint32_t out[8], const uint32_t in[8]) -{ - memcpy( out, in, SPX_OFFSET_TREE+8 ); -} - -/* These functions are used for OTS addresses. */ - -/* - * Specify which Merkle leaf we're working on; that is, which OTS keypair - * we're talking about. - */ -void set_keypair_addr(uint32_t addr[8], uint32_t keypair) -{ - u32_to_bytes(&((unsigned char *)addr)[SPX_OFFSET_KP_ADDR], keypair); -} - -/* - * Copy the layer, tree and keypair fields of the address structure. This is - * used when we're doing multiple things within the same OTS keypair - */ -void copy_keypair_addr(uint32_t out[8], const uint32_t in[8]) -{ - memcpy( out, in, SPX_OFFSET_TREE+8 ); - memcpy( (unsigned char *)out + SPX_OFFSET_KP_ADDR, (unsigned char *)in + SPX_OFFSET_KP_ADDR, 4); -} - -/* - * Specify which Merkle chain within the OTS we're working with - * (the chain address) - */ -void set_chain_addr(uint32_t addr[8], uint32_t chain) -{ - ((unsigned char *)addr)[SPX_OFFSET_CHAIN_ADDR] = (unsigned char)chain; -} - -/* - * Specify where in the Merkle chain we are -* (the hash address) - */ -void set_hash_addr(uint32_t addr[8], uint32_t hash) -{ - ((unsigned char *)addr)[SPX_OFFSET_HASH_ADDR] = (unsigned char)hash; -} - -/* These functions are used for all hash tree addresses (including FORS). */ - -/* - * Specify the height of the node in the Merkle/FORS tree we are in - * (the tree height) - */ -void set_tree_height(uint32_t addr[8], uint32_t tree_height) -{ - ((unsigned char *)addr)[SPX_OFFSET_TREE_HGT] = (unsigned char)tree_height; -} - -/* - * Specify the distance from the left edge of the node in the Merkle/FORS tree - * (the tree index) - */ -void set_tree_index(uint32_t addr[8], uint32_t tree_index) -{ - u32_to_bytes(&((unsigned char *)addr)[SPX_OFFSET_TREE_INDEX], tree_index ); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/fors.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/fors.c deleted file mode 100644 index da07f27..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/fors.c +++ /dev/null @@ -1,158 +0,0 @@ -#include -#include -#include - -#include "../include/address.h" -#include "../include/fors.h" -#include "../include/forsx1.h" -#include "../include/hash.h" -#include "../include/thash.h" -#include "../include/utils.h" -#include "../include/utilsx1.h" - -static void fors_gen_sk(unsigned char *sk, const spx_ctx *ctx, - uint32_t fors_leaf_addr[8]) -{ - prf_addr(sk, ctx, fors_leaf_addr); -} - -static void fors_sk_to_leaf(unsigned char *leaf, const unsigned char *sk, - const spx_ctx *ctx, - uint32_t fors_leaf_addr[8]) -{ - thash(leaf, sk, 1, ctx, fors_leaf_addr); -} - -void fors_gen_leafx1(unsigned char *leaf, - const spx_ctx *ctx, - uint32_t addr_idx, fors_gen_leaf_info *info) -{ - struct fors_gen_leaf_info *fors_info = info; - uint32_t *fors_leaf_addr = fors_info->leaf_addrx; - - /* Only set the parts that the caller doesn't set */ - set_tree_index(fors_leaf_addr, addr_idx); - set_type(fors_leaf_addr, SPX_ADDR_TYPE_FORSPRF); - fors_gen_sk(leaf, ctx, fors_leaf_addr); - - set_type(fors_leaf_addr, SPX_ADDR_TYPE_FORSTREE); - fors_sk_to_leaf(leaf, leaf, - ctx, fors_leaf_addr); -} - -/** - * Interprets m as SPX_FORS_HEIGHT-bit unsigned integers. - * Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits. - * Assumes indices has space for SPX_FORS_TREES integers. - */ -static void message_to_indices(uint32_t *indices, const unsigned char *m) -{ - unsigned int i, j; - unsigned int offset = 0; - - for (i = 0; i < SPX_FORS_TREES; i++) { - indices[i] = 0; - for (j = 0; j < SPX_FORS_HEIGHT; j++) { - indices[i] ^= ((m[offset >> 3] >> (offset & 0x7)) & 1u) << j; - offset++; - } - } -} - -/** - * Signs a message m, deriving the secret key from sk_seed and the FTS address. - * Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits. - */ -void fors_sign(unsigned char *sig, unsigned char *pk, - const unsigned char *m, - const spx_ctx *ctx, - const uint32_t fors_addr[8]) -{ - uint32_t indices[SPX_FORS_TREES]; - unsigned char roots[SPX_FORS_TREES * SPX_N]; - uint32_t fors_tree_addr[8] = {0}; - struct fors_gen_leaf_info fors_info = {0}; - uint32_t *fors_leaf_addr = fors_info.leaf_addrx; - uint32_t fors_pk_addr[8] = {0}; - uint32_t idx_offset; - unsigned int i; - - copy_keypair_addr(fors_tree_addr, fors_addr); - copy_keypair_addr(fors_leaf_addr, fors_addr); - - copy_keypair_addr(fors_pk_addr, fors_addr); - set_type(fors_pk_addr, SPX_ADDR_TYPE_FORSPK); - - message_to_indices(indices, m); - - for (i = 0; i < SPX_FORS_TREES; i++) { - idx_offset = i * (1 << SPX_FORS_HEIGHT); - - set_tree_height(fors_tree_addr, 0); - set_tree_index(fors_tree_addr, indices[i] + idx_offset); - set_type(fors_tree_addr, SPX_ADDR_TYPE_FORSPRF); - - /* Include the secret key part that produces the selected leaf node. */ - fors_gen_sk(sig, ctx, fors_tree_addr); - set_type(fors_tree_addr, SPX_ADDR_TYPE_FORSTREE); - sig += SPX_N; - - /* Compute the authentication path for this leaf node. */ - fors_treehashx1(roots + i*SPX_N, sig, ctx, - indices[i], idx_offset, SPX_FORS_HEIGHT, - fors_tree_addr, &fors_info); - - sig += SPX_N * SPX_FORS_HEIGHT; - } - - /* Hash horizontally across all tree roots to derive the public key. */ - thash(pk, roots, SPX_FORS_TREES, ctx, fors_pk_addr); -} - -/** - * Derives the FORS public key from a signature. - * This can be used for verification by comparing to a known public key, or to - * subsequently verify a signature on the derived public key. The latter is the - * typical use-case when used as an FTS below an OTS in a hypertree. - * Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits. - */ -void fors_pk_from_sig(unsigned char *pk, - const unsigned char *sig, const unsigned char *m, - const spx_ctx* ctx, - const uint32_t fors_addr[8]) -{ - uint32_t indices[SPX_FORS_TREES]; - unsigned char roots[SPX_FORS_TREES * SPX_N]; - unsigned char leaf[SPX_N]; - uint32_t fors_tree_addr[8] = {0}; - uint32_t fors_pk_addr[8] = {0}; - uint32_t idx_offset; - unsigned int i; - - copy_keypair_addr(fors_tree_addr, fors_addr); - copy_keypair_addr(fors_pk_addr, fors_addr); - - set_type(fors_tree_addr, SPX_ADDR_TYPE_FORSTREE); - set_type(fors_pk_addr, SPX_ADDR_TYPE_FORSPK); - - message_to_indices(indices, m); - - for (i = 0; i < SPX_FORS_TREES; i++) { - idx_offset = i * (1 << SPX_FORS_HEIGHT); - - set_tree_height(fors_tree_addr, 0); - set_tree_index(fors_tree_addr, indices[i] + idx_offset); - - /* Derive the leaf from the included secret key part. */ - fors_sk_to_leaf(leaf, sig, ctx, fors_tree_addr); - sig += SPX_N; - - /* Derive the corresponding root node of this tree. */ - compute_root(roots + i*SPX_N, leaf, indices[i], idx_offset, - sig, SPX_FORS_HEIGHT, ctx, fors_tree_addr); - sig += SPX_N * SPX_FORS_HEIGHT; - } - - /* Hash horizontally across all tree roots to derive the public key. */ - thash(pk, roots, SPX_FORS_TREES, ctx, fors_pk_addr); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/merkle.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/merkle.c deleted file mode 100644 index 9630b74..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/merkle.c +++ /dev/null @@ -1,60 +0,0 @@ -#include -#include - -#include "../include/address.h" -#include "../include/merkle.h" -#include "../include/params.h" -#include "../include/utils.h" -#include "../include/utilsx1.h" -#include "../include/wots.h" -#include "../include/wotsx1.h" - -/* - * This generates a Merkle signature (WOTS signature followed by the Merkle - * authentication path). This is in this file because most of the complexity - * is involved with the WOTS signature; the Merkle authentication path logic - * is mostly hidden in treehashx4 - */ -void merkle_sign(uint8_t *sig, unsigned char *root, - const spx_ctx *ctx, - uint32_t wots_addr[8], uint32_t tree_addr[8], - uint32_t idx_leaf) -{ - unsigned char *auth_path = sig + SPX_WOTS_BYTES; - struct leaf_info_x1 info = { 0 }; - unsigned steps[ SPX_WOTS_LEN ]; - - info.wots_sig = sig; - chain_lengths(steps, root); - info.wots_steps = steps; - - set_type(&tree_addr[0], SPX_ADDR_TYPE_HASHTREE); - set_type(&info.pk_addr[0], SPX_ADDR_TYPE_WOTSPK); - copy_subtree_addr(&info.leaf_addr[0], wots_addr); - copy_subtree_addr(&info.pk_addr[0], wots_addr); - - info.wots_sign_leaf = idx_leaf; - - wots_treehashx1(root, auth_path, ctx, - idx_leaf, 0, - SPX_TREE_HEIGHT, - tree_addr, &info); -} - -/* Compute root node of the top-most subtree. */ -void merkle_gen_root(unsigned char *root, const spx_ctx *ctx) -{ - /* We do not need the auth path in key generation, but it simplifies the - code to have just one treehash routine that computes both root and path - in one function. */ - unsigned char auth_path[SPX_TREE_HEIGHT * SPX_N + SPX_WOTS_BYTES]; - uint32_t top_tree_addr[8] = {0}; - uint32_t wots_addr[8] = {0}; - - set_layer_addr(top_tree_addr, SPX_D - 1); - set_layer_addr(wots_addr, SPX_D - 1); - - merkle_sign(auth_path, root, ctx, - wots_addr, top_tree_addr, - (uint32_t)~0 /* ~0 means "don't bother generating an auth path */ ); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/randombytes.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/randombytes.c deleted file mode 100644 index ac68df0..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/randombytes.c +++ /dev/null @@ -1,43 +0,0 @@ -/* -This code was taken from the SPHINCS reference implementation and is public domain. -*/ - -#include -#include - -#include "../include/randombytes.h" - -static int fd = -1; - -void randombytes(unsigned char *x, unsigned long long xlen) -{ - unsigned long long i; - - if (fd == -1) { - for (;;) { - fd = open("/dev/urandom", O_RDONLY); - if (fd != -1) { - break; - } - sleep(1); - } - } - - while (xlen > 0) { - if (xlen < 1048576) { - i = xlen; - } - else { - i = 1048576; - } - - i = (unsigned long long)read(fd, x, i); - if (i < 1) { - sleep(1); - continue; - } - - x += i; - xlen -= i; - } -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/rng.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/rng.c deleted file mode 100644 index 6e65ea0..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/rng.c +++ /dev/null @@ -1,219 +0,0 @@ -// -// rng.c -// -// Created by Bassham, Lawrence E (Fed) on 8/29/17. -// Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved. -// - -#include -#include -#include -#include - -#include "../include/rng.h" - -AES256_CTR_DRBG_struct DRBG_ctx; - -void AES256_ECB(unsigned char *key, unsigned char *ctr, unsigned char *buffer); - -/* - seedexpander_init() - ctx - stores the current state of an instance of the seed expander - seed - a 32 byte random value - diversifier - an 8 byte diversifier - maxlen - maximum number of bytes (less than 2**32) generated under this seed and diversifier - */ -int -seedexpander_init(AES_XOF_struct *ctx, - unsigned char *seed, - unsigned char *diversifier, - unsigned long maxlen) -{ - if ( maxlen >= 0x100000000 ) - return RNG_BAD_MAXLEN; - - ctx->length_remaining = maxlen; - - memcpy(ctx->key, seed, 32); - - memcpy(ctx->ctr, diversifier, 8); - ctx->ctr[11] = (unsigned char)(maxlen % 256); - maxlen >>= 8; - ctx->ctr[10] = (unsigned char)(maxlen % 256); - maxlen >>= 8; - ctx->ctr[9] = (unsigned char)(maxlen % 256); - maxlen >>= 8; - ctx->ctr[8] = (unsigned char)(maxlen % 256); - memset(ctx->ctr+12, 0x00, 4); - - ctx->buffer_pos = 16; - memset(ctx->buffer, 0x00, 16); - - return RNG_SUCCESS; -} - -/* - seedexpander() - ctx - stores the current state of an instance of the seed expander - x - returns the XOF data - xlen - number of bytes to return - */ -int -seedexpander(AES_XOF_struct *ctx, unsigned char *x, unsigned long xlen) -{ - unsigned long offset; - - if ( x == NULL ) - return RNG_BAD_OUTBUF; - if ( xlen >= ctx->length_remaining ) - return RNG_BAD_REQ_LEN; - - ctx->length_remaining -= xlen; - - offset = 0; - while ( xlen > 0 ) { - if ( xlen <= (16-ctx->buffer_pos) ) { // buffer has what we need - memcpy(x+offset, ctx->buffer+ctx->buffer_pos, xlen); - ctx->buffer_pos += xlen; - - return RNG_SUCCESS; - } - - // take what's in the buffer - memcpy(x+offset, ctx->buffer+ctx->buffer_pos, 16-ctx->buffer_pos); - xlen -= 16-ctx->buffer_pos; - offset += 16-ctx->buffer_pos; - - AES256_ECB(ctx->key, ctx->ctr, ctx->buffer); - ctx->buffer_pos = 0; - - //increment the counter - for (int i=15; i>=12; i--) { - if ( ctx->ctr[i] == 0xff ) - ctx->ctr[i] = 0x00; - else { - ctx->ctr[i]++; - break; - } - } - - } - - return RNG_SUCCESS; -} - - -static void handleErrors(void) -{ - ERR_print_errors_fp(stderr); - abort(); -} - -// Use whatever AES implementation you have. This uses AES from openSSL library -// key - 256-bit AES key -// ctr - a 128-bit plaintext value -// buffer - a 128-bit ciphertext value -void -AES256_ECB(unsigned char *key, unsigned char *ctr, unsigned char *buffer) -{ - EVP_CIPHER_CTX *ctx; - - int len; - - /* Create and initialise the context */ - if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); - - if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, NULL)) - handleErrors(); - - if(1 != EVP_EncryptUpdate(ctx, buffer, &len, ctr, 16)) - handleErrors(); - - /* Clean up */ - EVP_CIPHER_CTX_free(ctx); -} - -void -randombytes_init(unsigned char *entropy_input, - unsigned char *personalization_string) -{ - unsigned char seed_material[48]; - - memcpy(seed_material, entropy_input, 48); - if (personalization_string) - for (int i=0; i<48; i++) - seed_material[i] ^= personalization_string[i]; - memset(DRBG_ctx.Key, 0x00, 32); - memset(DRBG_ctx.V, 0x00, 16); - AES256_CTR_DRBG_Update(seed_material, DRBG_ctx.Key, DRBG_ctx.V); - DRBG_ctx.reseed_counter = 1; -} - -int -randombytes(unsigned char *x, unsigned long long xlen) -{ - unsigned char block[16]; - int i = 0; - - while ( xlen > 0 ) { - //increment V - for (int j=15; j>=0; j--) { - if ( DRBG_ctx.V[j] == 0xff ) - DRBG_ctx.V[j] = 0x00; - else { - DRBG_ctx.V[j]++; - break; - } - } - AES256_ECB(DRBG_ctx.Key, DRBG_ctx.V, block); - if ( xlen > 15 ) { - memcpy(x+i, block, 16); - i += 16; - xlen -= 16; - } - else { - memcpy(x+i, block, xlen); - xlen = 0; - } - } - AES256_CTR_DRBG_Update(NULL, DRBG_ctx.Key, DRBG_ctx.V); - DRBG_ctx.reseed_counter++; - - return RNG_SUCCESS; -} - -void -AES256_CTR_DRBG_Update(unsigned char *provided_data, - unsigned char *Key, - unsigned char *V) -{ - unsigned char temp[48]; - - for (int i=0; i<3; i++) { - //increment V - for (int j=15; j>=0; j--) { - if ( V[j] == 0xff ) - V[j] = 0x00; - else { - V[j]++; - break; - } - } - - AES256_ECB(Key, V, temp+16*i); - } - if ( provided_data != NULL ) - for (int i=0; i<48; i++) - temp[i] ^= provided_data[i]; - memcpy(Key, temp, 32); - memcpy(V, temp+32, 16); -} - - - - - - - - - diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/sign.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/sign.c deleted file mode 100644 index 4a2fdc6..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/sign.c +++ /dev/null @@ -1,287 +0,0 @@ -#include -#include -#include - -#include "../include/address.h" -#include "../include/api.h" -#include "../include/fors.h" -#include "../include/hash.h" -#include "../include/merkle.h" -#include "../include/params.h" -#include "../include/randombytes.h" -#include "../include/thash.h" -#include "../include/utils.h" -#include "../include/wots.h" - -/* - * Returns the length of a secret key, in bytes - */ -unsigned long long crypto_sign_secretkeybytes(void) -{ - return CRYPTO_SECRETKEYBYTES; -} - -/* - * Returns the length of a public key, in bytes - */ -unsigned long long crypto_sign_publickeybytes(void) -{ - return CRYPTO_PUBLICKEYBYTES; -} - -/* - * Returns the length of a signature, in bytes - */ -unsigned long long crypto_sign_bytes(void) -{ - return CRYPTO_BYTES; -} - -/* - * Returns the length of the seed required to generate a key pair, in bytes - */ -unsigned long long crypto_sign_seedbytes(void) -{ - return CRYPTO_SEEDBYTES; -} - -/* - * Generates an SPX key pair given a seed of length - * Format sk: [SK_SEED || SK_PRF || PUB_SEED || root] - * Format pk: [PUB_SEED || root] - */ -int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed) -{ - spx_ctx ctx; - - /* Initialize SK_SEED, SK_PRF and PUB_SEED from seed. */ - memcpy(sk, seed, CRYPTO_SEEDBYTES); - - memcpy(pk, sk + 2*SPX_N, SPX_N); - - memcpy(ctx.pub_seed, pk, SPX_N); - memcpy(ctx.sk_seed, sk, SPX_N); - - /* This hook allows the hash function instantiation to do whatever - preparation or computation it needs, based on the public seed. */ - initialize_hash_function(&ctx); - - /* Compute root node of the top-most subtree. */ - merkle_gen_root(sk + 3*SPX_N, &ctx); - - memcpy(pk + SPX_N, sk + 3*SPX_N, SPX_N); - - return 0; -} - -/* - * Generates an SPX key pair. - * Format sk: [SK_SEED || SK_PRF || PUB_SEED || root] - * Format pk: [PUB_SEED || root] - */ -int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) -{ - unsigned char seed[CRYPTO_SEEDBYTES]; - randombytes(seed, CRYPTO_SEEDBYTES); - crypto_sign_seed_keypair(pk, sk, seed); - - return 0; -} - -/** - * Returns an array containing a detached signature. - */ -int crypto_sign_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, const uint8_t *sk) -{ - spx_ctx ctx; - - const unsigned char *sk_prf = sk + SPX_N; - const unsigned char *pk = sk + 2*SPX_N; - - unsigned char optrand[SPX_N]; - unsigned char mhash[SPX_FORS_MSG_BYTES]; - unsigned char root[SPX_N]; - uint32_t i; - uint64_t tree; - uint32_t idx_leaf; - uint32_t wots_addr[8] = {0}; - uint32_t tree_addr[8] = {0}; - - memcpy(ctx.sk_seed, sk, SPX_N); - memcpy(ctx.pub_seed, pk, SPX_N); - - /* This hook allows the hash function instantiation to do whatever - preparation or computation it needs, based on the public seed. */ - initialize_hash_function(&ctx); - - set_type(wots_addr, SPX_ADDR_TYPE_WOTS); - set_type(tree_addr, SPX_ADDR_TYPE_HASHTREE); - - /* Optionally, signing can be made non-deterministic using optrand. - This can help counter side-channel attacks that would benefit from - getting a large number of traces when the signer uses the same nodes. */ - randombytes(optrand, SPX_N); - /* Compute the digest randomization value. */ - gen_message_random(sig, sk_prf, optrand, m, mlen, &ctx); - - /* Derive the message digest and leaf index from R, PK and M. */ - hash_message(mhash, &tree, &idx_leaf, sig, pk, m, mlen, &ctx); - sig += SPX_N; - - set_tree_addr(wots_addr, tree); - set_keypair_addr(wots_addr, idx_leaf); - - /* Sign the message hash using FORS. */ - fors_sign(sig, root, mhash, &ctx, wots_addr); - sig += SPX_FORS_BYTES; - - for (i = 0; i < SPX_D; i++) { - set_layer_addr(tree_addr, i); - set_tree_addr(tree_addr, tree); - - copy_subtree_addr(wots_addr, tree_addr); - set_keypair_addr(wots_addr, idx_leaf); - - merkle_sign(sig, root, &ctx, wots_addr, tree_addr, idx_leaf); - sig += SPX_WOTS_BYTES + SPX_TREE_HEIGHT * SPX_N; - - /* Update the indices for the next layer. */ - idx_leaf = (tree & ((1 << SPX_TREE_HEIGHT)-1)); - tree = tree >> SPX_TREE_HEIGHT; - } - - *siglen = SPX_BYTES; - - return 0; -} - -/** - * Verifies a detached signature and message under a given public key. - */ -int crypto_sign_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, const uint8_t *pk) -{ - spx_ctx ctx; - const unsigned char *pub_root = pk + SPX_N; - unsigned char mhash[SPX_FORS_MSG_BYTES]; - unsigned char wots_pk[SPX_WOTS_BYTES]; - unsigned char root[SPX_N]; - unsigned char leaf[SPX_N]; - unsigned int i; - uint64_t tree; - uint32_t idx_leaf; - uint32_t wots_addr[8] = {0}; - uint32_t tree_addr[8] = {0}; - uint32_t wots_pk_addr[8] = {0}; - - if (siglen != SPX_BYTES) { - return -1; - } - - memcpy(ctx.pub_seed, pk, SPX_N); - - /* This hook allows the hash function instantiation to do whatever - preparation or computation it needs, based on the public seed. */ - initialize_hash_function(&ctx); - - set_type(wots_addr, SPX_ADDR_TYPE_WOTS); - set_type(tree_addr, SPX_ADDR_TYPE_HASHTREE); - set_type(wots_pk_addr, SPX_ADDR_TYPE_WOTSPK); - - /* Derive the message digest and leaf index from R || PK || M. */ - /* The additional SPX_N is a result of the hash domain separator. */ - hash_message(mhash, &tree, &idx_leaf, sig, pk, m, mlen, &ctx); - sig += SPX_N; - - /* Layer correctly defaults to 0, so no need to set_layer_addr */ - set_tree_addr(wots_addr, tree); - set_keypair_addr(wots_addr, idx_leaf); - - fors_pk_from_sig(root, sig, mhash, &ctx, wots_addr); - sig += SPX_FORS_BYTES; - - /* For each subtree.. */ - for (i = 0; i < SPX_D; i++) { - set_layer_addr(tree_addr, i); - set_tree_addr(tree_addr, tree); - - copy_subtree_addr(wots_addr, tree_addr); - set_keypair_addr(wots_addr, idx_leaf); - - copy_keypair_addr(wots_pk_addr, wots_addr); - - /* The WOTS public key is only correct if the signature was correct. */ - /* Initially, root is the FORS pk, but on subsequent iterations it is - the root of the subtree below the currently processed subtree. */ - wots_pk_from_sig(wots_pk, sig, root, &ctx, wots_addr); - sig += SPX_WOTS_BYTES; - - /* Compute the leaf node using the WOTS public key. */ - thash(leaf, wots_pk, SPX_WOTS_LEN, &ctx, wots_pk_addr); - - /* Compute the root node of this subtree. */ - compute_root(root, leaf, idx_leaf, 0, sig, SPX_TREE_HEIGHT, - &ctx, tree_addr); - sig += SPX_TREE_HEIGHT * SPX_N; - - /* Update the indices for the next layer. */ - idx_leaf = (tree & ((1 << SPX_TREE_HEIGHT)-1)); - tree = tree >> SPX_TREE_HEIGHT; - } - - /* Check if the root node equals the root node in the public key. */ - if (memcmp(root, pub_root, SPX_N)) { - return -1; - } - - return 0; -} - - -/** - * Returns an array containing the signature followed by the message. - */ -int crypto_sign(unsigned char *sm, unsigned long long *smlen, - const unsigned char *m, unsigned long long mlen, - const unsigned char *sk) -{ - size_t siglen; - - crypto_sign_signature(sm, &siglen, m, (size_t)mlen, sk); - - memmove(sm + SPX_BYTES, m, mlen); - *smlen = siglen + mlen; - - return 0; -} - -/** - * Verifies a given signature-message pair under a given public key. - */ -int crypto_sign_open(unsigned char *m, unsigned long long *mlen, - const unsigned char *sm, unsigned long long smlen, - const unsigned char *pk) -{ - /* The API caller does not necessarily know what size a signature should be - but SPHINCS+ signatures are always exactly SPX_BYTES. */ - if (smlen < SPX_BYTES) { - memset(m, 0, smlen); - *mlen = 0; - return -1; - } - - *mlen = smlen - SPX_BYTES; - - if (crypto_sign_verify(sm, SPX_BYTES, sm + SPX_BYTES, (size_t)*mlen, pk)) { - memset(m, 0, smlen); - *mlen = 0; - return -1; - } - - /* If verification was successful, move the message to the right place. */ - memmove(m, sm + SPX_BYTES, *mlen); - - return 0; -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/utils.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/utils.c deleted file mode 100644 index 7f55917..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/utils.c +++ /dev/null @@ -1,154 +0,0 @@ -#include - -#include "../include/address.h" -#include "../include/hash.h" -#include "../include/params.h" -#include "../include/thash.h" -#include "../include/utils.h" - -/** - * Converts the value of 'in' to 'outlen' bytes in big-endian byte order. - */ -void ull_to_bytes(unsigned char *out, unsigned int outlen, - unsigned long long in) -{ - int i; - - /* Iterate over out in decreasing order, for big-endianness. */ - for (i = (signed int)outlen - 1; i >= 0; i--) { - out[i] = in & 0xff; - in = in >> 8; - } -} - -void u32_to_bytes(unsigned char *out, uint32_t in) -{ - out[0] = (unsigned char)(in >> 24); - out[1] = (unsigned char)(in >> 16); - out[2] = (unsigned char)(in >> 8); - out[3] = (unsigned char)in; -} - -/** - * Converts the inlen bytes in 'in' from big-endian byte order to an integer. - */ -unsigned long long bytes_to_ull(const unsigned char *in, unsigned int inlen) -{ - unsigned long long retval = 0; - unsigned int i; - - for (i = 0; i < inlen; i++) { - retval |= ((unsigned long long)in[i]) << (8*(inlen - 1 - i)); - } - return retval; -} - -/** - * Computes a root node given a leaf and an auth path. - * Expects address to be complete other than the tree_height and tree_index. - */ -void compute_root(unsigned char *root, const unsigned char *leaf, - uint32_t leaf_idx, uint32_t idx_offset, - const unsigned char *auth_path, uint32_t tree_height, - const spx_ctx *ctx, uint32_t addr[8]) -{ - uint32_t i; - unsigned char buffer[2 * SPX_N]; - - /* If leaf_idx is odd (last bit = 1), current path element is a right child - and auth_path has to go left. Otherwise it is the other way around. */ - if (leaf_idx & 1) { - memcpy(buffer + SPX_N, leaf, SPX_N); - memcpy(buffer, auth_path, SPX_N); - } - else { - memcpy(buffer, leaf, SPX_N); - memcpy(buffer + SPX_N, auth_path, SPX_N); - } - auth_path += SPX_N; - - for (i = 0; i < tree_height - 1; i++) { - leaf_idx >>= 1; - idx_offset >>= 1; - /* Set the address of the node we're creating. */ - set_tree_height(addr, i + 1); - set_tree_index(addr, leaf_idx + idx_offset); - - /* Pick the right or left neighbor, depending on parity of the node. */ - if (leaf_idx & 1) { - thash(buffer + SPX_N, buffer, 2, ctx, addr); - memcpy(buffer, auth_path, SPX_N); - } - else { - thash(buffer, buffer, 2, ctx, addr); - memcpy(buffer + SPX_N, auth_path, SPX_N); - } - auth_path += SPX_N; - } - - /* The last iteration is exceptional; we do not copy an auth_path node. */ - leaf_idx >>= 1; - idx_offset >>= 1; - set_tree_height(addr, tree_height); - set_tree_index(addr, leaf_idx + idx_offset); - thash(root, buffer, 2, ctx, addr); -} - -/** - * For a given leaf index, computes the authentication path and the resulting - * root node using Merkle's TreeHash algorithm. - * Expects the layer and tree parts of the tree_addr to be set, as well as the - * tree type (i.e. SPX_ADDR_TYPE_HASHTREE or SPX_ADDR_TYPE_FORSTREE). - * Applies the offset idx_offset to indices before building addresses, so that - * it is possible to continue counting indices across trees. - */ -void treehash(unsigned char *root, unsigned char *auth_path, const spx_ctx* ctx, - uint32_t leaf_idx, uint32_t idx_offset, uint32_t tree_height, - void (*gen_leaf)( - unsigned char* /* leaf */, - const spx_ctx* /* ctx */, - uint32_t /* addr_idx */, const uint32_t[8] /* tree_addr */), - uint32_t tree_addr[8]) -{ - SPX_VLA(uint8_t, stack, (tree_height+1)*SPX_N); - SPX_VLA(unsigned int, heights, tree_height+1); - unsigned int offset = 0; - uint32_t idx; - uint32_t tree_idx; - - for (idx = 0; idx < (uint32_t)(1 << tree_height); idx++) { - /* Add the next leaf node to the stack. */ - gen_leaf(stack + offset*SPX_N, ctx, idx + idx_offset, tree_addr); - offset++; - heights[offset - 1] = 0; - - /* If this is a node we need for the auth path.. */ - if ((leaf_idx ^ 0x1) == idx) { - memcpy(auth_path, stack + (offset - 1)*SPX_N, SPX_N); - } - - /* While the top-most nodes are of equal height.. */ - while (offset >= 2 && heights[offset - 1] == heights[offset - 2]) { - /* Compute index of the new node, in the next layer. */ - tree_idx = (idx >> (heights[offset - 1] + 1)); - - /* Set the address of the node we're creating. */ - set_tree_height(tree_addr, heights[offset - 1] + 1); - set_tree_index(tree_addr, - tree_idx + (idx_offset >> (heights[offset-1] + 1))); - /* Hash the top-most nodes from the stack together. */ - thash(stack + (offset - 2)*SPX_N, - stack + (offset - 2)*SPX_N, 2, ctx, tree_addr); - offset--; - /* Note that the top-most node is now one layer higher. */ - heights[offset - 1]++; - - /* If this is a node we need for the auth path.. */ - if (((leaf_idx >> heights[offset - 1]) ^ 0x1) == tree_idx) { - memcpy(auth_path + heights[offset - 1]*SPX_N, - stack + (offset - 1)*SPX_N, SPX_N); - } - } - } - memcpy(root, stack, SPX_N); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/utilsx1.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/utilsx1.c deleted file mode 100644 index e5449b4..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/utilsx1.c +++ /dev/null @@ -1,174 +0,0 @@ -#include - -#include "../include/address.h" -#include "../include/params.h" -#include "../include/forsx1.h" -#include "../include/thash.h" -#include "../include/utils.h" -#include "../include/fors.h" -#include "../include/utilsx1.h" - -/* - * Generate the entire Merkle tree, computing the authentication path for - * leaf_idx, and the resulting root node using Merkle's TreeHash algorithm. - * Expects the layer and tree parts of the tree_addr to be set, as well as the - * tree type (i.e. SPX_ADDR_TYPE_HASHTREE or SPX_ADDR_TYPE_FORSTREE) - * - * This expects tree_addr to be initialized to the addr structures for the - * Merkle tree nodes - * - * Applies the offset idx_offset to indices before building addresses, so that - * it is possible to continue counting indices across trees. - * - * This works by using the standard Merkle tree building algorithm, - */ -void wots_treehashx1(unsigned char *root, unsigned char *auth_path, - const spx_ctx* ctx, - uint32_t leaf_idx, uint32_t idx_offset, - uint32_t tree_height, - uint32_t tree_addr[8], - leaf_info_x1 *info) -{ - /* This is where we keep the intermediate nodes */ - SPX_VLA(uint8_t, stack, tree_height*SPX_N); - - uint32_t idx; - uint32_t max_idx = (uint32_t)((1 << tree_height) - 1); - for (idx = 0;; idx++) { - unsigned char current[2*SPX_N]; /* Current logical node is at */ - /* index[SPX_N]. We do this to minimize the number of copies */ - /* needed during a thash */ - wots_gen_leafx1( ¤t[SPX_N], ctx, idx + idx_offset, - info ); - - /* Now combine the freshly generated right node with previously */ - /* generated left ones */ - uint32_t internal_idx_offset = idx_offset; - uint32_t internal_idx = idx; - uint32_t internal_leaf = leaf_idx; - uint32_t h; /* The height we are in the Merkle tree */ - for (h=0;; h++, internal_idx >>= 1, internal_leaf >>= 1) { - - /* Check if we hit the top of the tree */ - if (h == tree_height) { - /* We hit the root; return it */ - memcpy( root, ¤t[SPX_N], SPX_N ); - return; - } - - /* - * Check if the node we have is a part of the - * authentication path; if it is, write it out - */ - if ((internal_idx ^ internal_leaf) == 0x01) { - memcpy( &auth_path[ h * SPX_N ], - ¤t[SPX_N], - SPX_N ); - } - - /* - * Check if we're at a left child; if so, stop going up the stack - * Exception: if we've reached the end of the tree, keep on going - * (so we combine the last 4 nodes into the one root node in two - * more iterations) - */ - if ((internal_idx & 1) == 0 && idx < max_idx) { - break; - } - - /* Ok, we're at a right node */ - /* Now combine the left and right logical nodes together */ - - /* Set the address of the node we're creating. */ - internal_idx_offset >>= 1; - set_tree_height(tree_addr, h + 1); - set_tree_index(tree_addr, internal_idx/2 + internal_idx_offset ); - - unsigned char *left = &stack[h * SPX_N]; - memcpy( ¤t[0], left, SPX_N ); - thash( ¤t[1 * SPX_N], - ¤t[0 * SPX_N], - 2, ctx, tree_addr); - } - - /* We've hit a left child; save the current for when we get the */ - /* corresponding right right */ - memcpy( &stack[h * SPX_N], ¤t[SPX_N], SPX_N); - } -} - -void fors_treehashx1(unsigned char *root, unsigned char *auth_path, - const spx_ctx* ctx, - uint32_t leaf_idx, uint32_t idx_offset, - uint32_t tree_height, - uint32_t tree_addr[8], - fors_gen_leaf_info *info) -{ - /* This is where we keep the intermediate nodes */ - SPX_VLA(uint8_t, stack, tree_height*SPX_N); - - uint32_t idx; - uint32_t max_idx = (uint32_t)((1 << tree_height) - 1); - for (idx = 0;; idx++) { - unsigned char current[2*SPX_N]; /* Current logical node is at */ - /* index[SPX_N]. We do this to minimize the number of copies */ - /* needed during a thash */ - - fors_gen_leafx1( ¤t[SPX_N], ctx, idx + idx_offset, - info ); - - /* Now combine the freshly generated right node with previously */ - /* generated left ones */ - uint32_t internal_idx_offset = idx_offset; - uint32_t internal_idx = idx; - uint32_t internal_leaf = leaf_idx; - uint32_t h; /* The height we are in the Merkle tree */ - for (h=0;; h++, internal_idx >>= 1, internal_leaf >>= 1) { - - /* Check if we hit the top of the tree */ - if (h == tree_height) { - /* We hit the root; return it */ - memcpy( root, ¤t[SPX_N], SPX_N ); - return; - } - - /* - * Check if the node we have is a part of the - * authentication path; if it is, write it out - */ - if ((internal_idx ^ internal_leaf) == 0x01) { - memcpy( &auth_path[ h * SPX_N ], - ¤t[SPX_N], - SPX_N ); - } - - /* - * Check if we're at a left child; if so, stop going up the stack - * Exception: if we've reached the end of the tree, keep on going - * (so we combine the last 4 nodes into the one root node in two - * more iterations) - */ - if ((internal_idx & 1) == 0 && idx < max_idx) { - break; - } - - /* Ok, we're at a right node */ - /* Now combine the left and right logical nodes together */ - - /* Set the address of the node we're creating. */ - internal_idx_offset >>= 1; - set_tree_height(tree_addr, h + 1); - set_tree_index(tree_addr, internal_idx/2 + internal_idx_offset ); - - unsigned char *left = &stack[h * SPX_N]; - memcpy( ¤t[0], left, SPX_N ); - thash( ¤t[1 * SPX_N], - ¤t[0 * SPX_N], - 2, ctx, tree_addr); - } - - /* We've hit a left child; save the current for when we get the */ - /* corresponding right right */ - memcpy( &stack[h * SPX_N], ¤t[SPX_N], SPX_N); - } -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/wots.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/wots.c deleted file mode 100644 index aa413a8..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/wots.c +++ /dev/null @@ -1,112 +0,0 @@ -#include -#include - -#include "../include/address.h" -#include "../include/hash.h" -#include "../include/params.h" -#include "../include/thash.h" -#include "../include/utils.h" -#include "../include/utilsx1.h" -#include "../include/wots.h" -#include "../include/wotsx1.h" - -// TODO clarify address expectations, and make them more uniform. -// TODO i.e. do we expect types to be set already? -// TODO and do we expect modifications or copies? - -/** - * Computes the chaining function. - * out and in have to be n-byte arrays. - * - * Interprets in as start-th value of the chain. - * addr has to contain the address of the chain. - */ -static void gen_chain(unsigned char *out, const unsigned char *in, - unsigned int start, unsigned int steps, - const spx_ctx *ctx, uint32_t addr[8]) -{ - uint32_t i; - - /* Initialize out with the value at position 'start'. */ - memcpy(out, in, SPX_N); - - /* Iterate 'steps' calls to the hash function. */ - for (i = start; i < (start+steps) && i < SPX_WOTS_W; i++) { - set_hash_addr(addr, i); - thash(out, out, 1, ctx, addr); - } -} - -/** - * base_w algorithm as described in draft. - * Interprets an array of bytes as integers in base w. - * This only works when log_w is a divisor of 8. - */ -static void base_w(unsigned int *output, const int out_len, - const unsigned char *input) -{ - int in = 0; - int out = 0; - unsigned char total; - int bits = 0; - int consumed; - - for (consumed = 0; consumed < out_len; consumed++) { - if (bits == 0) { - total = input[in]; - in++; - bits += 8; - } - bits -= SPX_WOTS_LOGW; - output[out] = (total >> bits) & (SPX_WOTS_W - 1); - out++; - } -} - -/* Computes the WOTS+ checksum over a message (in base_w). */ -static void wots_checksum(unsigned int *csum_base_w, - const unsigned int *msg_base_w) -{ - unsigned int csum = 0; - unsigned char csum_bytes[(SPX_WOTS_LEN2 * SPX_WOTS_LOGW + 7) / 8]; - unsigned int i; - - /* Compute checksum. */ - for (i = 0; i < SPX_WOTS_LEN1; i++) { - csum += SPX_WOTS_W - 1 - msg_base_w[i]; - } - - /* Convert checksum to base_w. */ - /* Make sure expected empty zero bits are the least significant bits. */ - csum = csum << ((8 - ((SPX_WOTS_LEN2 * SPX_WOTS_LOGW) % 8)) % 8); - ull_to_bytes(csum_bytes, sizeof(csum_bytes), csum); - base_w(csum_base_w, SPX_WOTS_LEN2, csum_bytes); -} - -/* Takes a message and derives the matching chain lengths. */ -void chain_lengths(unsigned int *lengths, const unsigned char *msg) -{ - base_w(lengths, SPX_WOTS_LEN1, msg); - wots_checksum(lengths + SPX_WOTS_LEN1, lengths); -} - -/** - * Takes a WOTS signature and an n-byte message, computes a WOTS public key. - * - * Writes the computed public key to 'pk'. - */ -void wots_pk_from_sig(unsigned char *pk, - const unsigned char *sig, const unsigned char *msg, - const spx_ctx *ctx, uint32_t addr[8]) -{ - unsigned int lengths[SPX_WOTS_LEN]; - uint32_t i; - - chain_lengths(lengths, msg); - - for (i = 0; i < SPX_WOTS_LEN; i++) { - set_chain_addr(addr, i); - gen_chain(pk + i*SPX_N, sig + i*SPX_N, - lengths[i], SPX_WOTS_W - 1 - lengths[i], ctx, addr); - } -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/wotsx1.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/wotsx1.c deleted file mode 100644 index f6d44fe..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/app/src/wotsx1.c +++ /dev/null @@ -1,73 +0,0 @@ -#include -#include - -#include "../include/address.h" -#include "../include/hash.h" -#include "../include/params.h" -#include "../include/thash.h" -#include "../include/utils.h" -#include "../include/wots.h" -#include "../include/wotsx1.h" - -/* - * This generates a WOTS public key - * It also generates the WOTS signature if leaf_info indicates - * that we're signing with this WOTS key - */ -void wots_gen_leafx1(unsigned char *dest, - const spx_ctx *ctx, - uint32_t leaf_idx, leaf_info_x1 *v_info) { - struct leaf_info_x1 *info = v_info; - uint32_t *leaf_addr = info->leaf_addr; - uint32_t *pk_addr = info->pk_addr; - unsigned int i, k; - unsigned char pk_buffer[ SPX_WOTS_BYTES ]; - unsigned char *buffer; - uint32_t wots_k_mask; - - if (leaf_idx == info->wots_sign_leaf) { - /* We're traversing the leaf that's signing; generate the WOTS */ - /* signature */ - wots_k_mask = 0; - } else { - /* Nope, we're just generating pk's; turn off the signature logic */ - wots_k_mask = (uint32_t)~0; - } - - set_keypair_addr( leaf_addr, leaf_idx ); - set_keypair_addr( pk_addr, leaf_idx ); - - for (i = 0, buffer = pk_buffer; i < SPX_WOTS_LEN; i++, buffer += SPX_N) { - uint32_t wots_k = info->wots_steps[i] | wots_k_mask; /* Set wots_k to */ - /* the step if we're generating a signature, ~0 if we're not */ - - /* Start with the secret seed */ - set_chain_addr(leaf_addr, i); - set_hash_addr(leaf_addr, 0); - set_type(leaf_addr, SPX_ADDR_TYPE_WOTSPRF); - - prf_addr(buffer, ctx, leaf_addr); - - set_type(leaf_addr, SPX_ADDR_TYPE_WOTS); - - /* Iterate down the WOTS chain */ - for (k=0;; k++) { - /* Check if this is the value that needs to be saved as a */ - /* part of the WOTS signature */ - if (k == wots_k) { - memcpy( info->wots_sig + i * SPX_N, buffer, SPX_N ); - } - - /* Check if we hit the top of the chain */ - if (k == SPX_WOTS_W - 1) break; - - /* Iterate one step on the chain */ - set_hash_addr(leaf_addr, k); - - thash(buffer, buffer, 1, ctx, leaf_addr); - } - } - - /* Do the final thash to generate the public keys */ - thash(dest, pk_buffer, SPX_WOTS_LEN, ctx, pk_addr); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/CMakeLists.txt b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/CMakeLists.txt deleted file mode 100644 index 6beebc8..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -add_subdirectory(${HASH_BACKEND}) diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/CMakeLists.txt b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/CMakeLists.txt deleted file mode 100644 index 2ffb071..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/CMakeLists.txt +++ /dev/null @@ -1,13 +0,0 @@ -set(BLAKE_SOURCES - src/blake256.c - src/blake512.c - src/hash_blake.c - ../../app/src/utils.c - src/thash_blake_${THASH}.c -) - -set(PARAMS "sphincs-blake-${SECPAR}") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DPARAMS=${PARAMS}") - -add_library(blake SHARED ${BLAKE_SOURCES}) -target_include_directories(blake PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/include/blake.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/include/blake.h deleted file mode 100644 index fe7508e..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/include/blake.h +++ /dev/null @@ -1,51 +0,0 @@ -#ifndef SPX_BLAKE_H -#define SPX_BLAKE_H - -#include - -#define SPX_BLAKE256_OUTPUT_BYTES 32 /* This does not necessarily equal SPX_N */ -#define SPX_BLAKE512_OUTPUT_BYTES 64 - -#if SPX_BLAKE256_OUTPUT_BYTES < SPX_N - #error Linking against BLAKE-256 with N larger than 32 bytes is not supported -#endif - -typedef struct -{ - unsigned int h[8], s[4], t[2]; - int buflen, nullt; - unsigned char buf[64]; -} blakestate256; - -typedef struct -{ - unsigned long long h[8], s[4], t[2]; - int buflen, nullt; - unsigned char buf[128]; -} blakestate512; - -/* Implementation of Blake-512 */ -int blake512(uint8_t *out, const unsigned char *in, unsigned long long inlen); - -void blake512_init(blakestate512 *S); -void blake512_compress(blakestate512 *S, const unsigned char *block); -void blake512_update(blakestate512 *S, const unsigned char *in, unsigned long long inlen); -void blake512_final(blakestate512 *S, unsigned char *out); - -/* Implementation of Blake-256 */ -int blake256(unsigned char *out, const unsigned char *in, unsigned long long inlen); - -void blake256_init(blakestate256 *S); -void blake256_compress(blakestate256 *S, const unsigned char *block); -void blake256_update(blakestate256 *S, const unsigned char *in, unsigned long long inlen); -void blake256_final(blakestate256 *S, unsigned char *out); - -#define blake256_mgf1 SPX_NAMESPACE(blake256_mgf1) -void blake256_mgf1(unsigned char *out, unsigned long outlen, - const unsigned char *in, unsigned long inlen); - -#define blake512_mgf1 SPX_NAMESPACE(blake512_mgf1) -void blake512_mgf1(unsigned char *out, unsigned long outlen, - const unsigned char *in, unsigned long inlen); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/include/blake_offsets.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/include/blake_offsets.h deleted file mode 100644 index 5f08e03..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/include/blake_offsets.h +++ /dev/null @@ -1,20 +0,0 @@ -#if !defined( BLAKE_OFFSETS_H_ ) -#define BLAKE_OFFSETS_H_ - -/* - * Offsets of various fields in the address structure when we use BLAKE as - * the Sphincs+ hash function - */ - -#define SPX_OFFSET_LAYER 3 /* The byte used to specify the Merkle tree layer */ -#define SPX_OFFSET_TREE 8 /* The start of the 8 byte field used to specify the tree */ -#define SPX_OFFSET_TYPE 19 /* The byte used to specify the hash type (reason) */ -#define SPX_OFFSET_KP_ADDR 20 /* The start of the 4 byte field used to specify the key pair address */ -#define SPX_OFFSET_CHAIN_ADDR 27 /* The byte used to specify the chain address (which Winternitz chain) */ -#define SPX_OFFSET_HASH_ADDR 31 /* The byte used to specify the hash address (where in the Winternitz chain) */ -#define SPX_OFFSET_TREE_HGT 27 /* The byte used to specify the height of this node in the FORS or Merkle tree */ -#define SPX_OFFSET_TREE_INDEX 28 /* The start of the 4 byte field used to specify the node in the FORS or Merkle tree */ - -#define SPX_BLAKE 1 - -#endif /* BLAKE_OFFSETS_H_ */ diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/blake256.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/blake256.c deleted file mode 100644 index 9e05a43..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/blake256.c +++ /dev/null @@ -1,402 +0,0 @@ -// supercop-20140525/crypto_hash/blake256/sandy - -/* - BLAKE reference C implementation - - Copyright (c) 2012 Jean-Philippe Aumasson - - To the extent possible under law, the author(s) have dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - - You should have received a copy of the CC0 Public Domain Dedication along - with this software. If not, see - . - */ - -#include -#include - -#include "../../../app/include/utils.h" - -#include "../include/blake.h" - -typedef unsigned long long crypto_uint64; -typedef unsigned int crypto_uint32; -typedef unsigned char crypto_uint8; - -typedef crypto_uint64 u64; -typedef crypto_uint32 u32; -typedef crypto_uint8 u8; - -#define U8TO32(p) \ - (((uint32_t)((p)[0]) << 24) | ((uint32_t)((p)[1]) << 16) | \ - ((uint32_t)((p)[2]) << 8) | ((uint32_t)((p)[3]) )) -#define U32TO8(p, v) \ - (p)[0] = (uint8_t)((v) >> 24); \ - (p)[1] = (uint8_t)((v) >> 16); \ - (p)[2] = (uint8_t)((v) >> 8); \ - (p)[3] = (uint8_t)((v)); - -static const u32 cst[16] = { - 0x243F6A88,0x85A308D3,0x13198A2E,0x03707344, - 0xA4093822,0x299F31D0,0x082EFA98,0xEC4E6C89, - 0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C, - 0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917}; - -static const u8 padding[] = - {0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - -#define BLAKE256_ROT(x,n) (((x)<<(32-n))|( (x)>>(n))) - -void blake256_compress( blakestate256 *S, const unsigned char *block ) -{ - u32 m0; - u32 m1; - u32 m2; - u32 m3; - u32 m4; - u32 m5; - u32 m6; - u32 m7; - u32 m8; - u32 m9; - u32 m10; - u32 m11; - u32 m12; - u32 m13; - u32 m14; - u32 m15; - u32 v0; - u32 v1; - u32 v2; - u32 v3; - u32 v4; - u32 v5; - u32 v6; - u32 v7; - u32 v8; - u32 v9; - u32 v10; - u32 v11; - u32 v12; - u32 v13; - u32 v14; - u32 v15; - - m0 = U8TO32(block + 0); - m1 = U8TO32(block + 4); - m2 = U8TO32(block + 8); - m3 = U8TO32(block + 12); - m4 = U8TO32(block + 16); - m5 = U8TO32(block + 20); - m6 = U8TO32(block + 24); - m7 = U8TO32(block + 28); - m8 = U8TO32(block + 32); - m9 = U8TO32(block + 36); - m10 = U8TO32(block + 40); - m11 = U8TO32(block + 44); - m12 = U8TO32(block + 48); - m13 = U8TO32(block + 52); - m14 = U8TO32(block + 56); - m15 = U8TO32(block + 60); - v0 = S->h[0]; - v1 = S->h[1]; - v2 = S->h[2]; - v3 = S->h[3]; - v4 = S->h[4]; - v5 = S->h[5]; - v6 = S->h[6]; - v7 = S->h[7]; - v8 = S->s[0] ^ 0x243F6A88; - v9 = S->s[1] ^ 0x85A308D3; - v10 = S->s[2] ^ 0x13198A2E; - v11 = S->s[3] ^ 0x03707344; - v12 = 0xA4093822; - v13 = 0x299F31D0; - v14 = 0x082EFA98; - v15 = 0xEC4E6C89; - if (S->nullt == 0) { - v12 ^= S->t[0]; - v13 ^= S->t[0]; - v14 ^= S->t[1]; - v15 ^= S->t[1]; - } - -#define ROUND(m0,c0,m1,c1,m2,c2,m3,c3,m4,c4,m5,c5,m6,c6,m7,c7,m8,c8,m9,c9,m10,c10,m11,c11,m12,c12,m13,c13,m14,c14,m15,c15) \ - v0 += m0 ^ c0; \ - v0 += v4; \ - v12 ^= v0; \ - v12 = BLAKE256_ROT( v12,16); \ - v8 += v12; \ - v4 ^= v8; \ - v4 = BLAKE256_ROT( v4,12); \ - v1 += m2 ^ c2; \ - v1 += v5; \ - v13 ^= v1; \ - v13 = BLAKE256_ROT( v13,16); \ - v9 += v13; \ - v5 ^= v9; \ - v5 = BLAKE256_ROT( v5,12); \ - v2 += m4 ^ c4; \ - v2 += v6; \ - v14 ^= v2; \ - v14 = BLAKE256_ROT( v14,16); \ - v10 += v14; \ - v6 ^= v10; \ - v6 = BLAKE256_ROT( v6,12); \ - v3 += m6 ^ c6; \ - v3 += v7; \ - v15 ^= v3; \ - v15 = BLAKE256_ROT( v15,16); \ - v11 += v15; \ - v7 ^= v11; \ - v7 = BLAKE256_ROT( v7,12); \ - v2 += m5 ^ c5; \ - v2 += v6; \ - v14 ^= v2; \ - v14 = BLAKE256_ROT( v14, 8); \ - v10 += v14; \ - v6 ^= v10; \ - v6 = BLAKE256_ROT( v6, 7); \ - v3 += m7 ^ c7; \ - v3 += v7; \ - v15 ^= v3; \ - v15 = BLAKE256_ROT( v15, 8); \ - v11 += v15; \ - v7 ^= v11; \ - v7 = BLAKE256_ROT( v7, 7); \ - v1 += m3 ^ c3; \ - v1 += v5; \ - v13 ^= v1; \ - v13 = BLAKE256_ROT( v13, 8); \ - v9 += v13; \ - v5 ^= v9; \ - v5 = BLAKE256_ROT( v5, 7); \ - v0 += m1 ^ c1; \ - v0 += v4; \ - v12 ^= v0; \ - v12 = BLAKE256_ROT( v12, 8); \ - v8 += v12; \ - v4 ^= v8; \ - v4 = BLAKE256_ROT( v4, 7); \ - v0 += m8 ^ c8; \ - v0 += v5; \ - v15 ^= v0; \ - v15 = BLAKE256_ROT( v15,16); \ - v10 += v15; \ - v5 ^= v10; \ - v5 = BLAKE256_ROT( v5,12); \ - v1 += m10 ^ c10; \ - v1 += v6; \ - v12 ^= v1; \ - v12 = BLAKE256_ROT( v12,16); \ - v11 += v12; \ - v6 ^= v11; \ - v6 = BLAKE256_ROT( v6,12); \ - v2 += m12 ^ c12; \ - v2 += v7; \ - v13 ^= v2; \ - v13 = BLAKE256_ROT( v13,16); \ - v8 += v13; \ - v7 ^= v8; \ - v7 = BLAKE256_ROT( v7,12); \ - v3 += m14 ^ c14; \ - v3 += v4; \ - v14 ^= v3; \ - v14 = BLAKE256_ROT( v14,16); \ - v9 += v14; \ - v4 ^= v9; \ - v4 = BLAKE256_ROT( v4,12); \ - v2 += m13 ^ c13; \ - v2 += v7; \ - v13 ^= v2; \ - v13 = BLAKE256_ROT( v13, 8); \ - v8 += v13; \ - v7 ^= v8; \ - v7 = BLAKE256_ROT( v7, 7); \ - v3 += m15 ^ c15; \ - v3 += v4; \ - v14 ^= v3; \ - v14 = BLAKE256_ROT( v14, 8); \ - v9 += v14; \ - v4 ^= v9; \ - v4 = BLAKE256_ROT( v4, 7); \ - v1 += m11 ^ c11; \ - v1 += v6; \ - v12 ^= v1; \ - v12 = BLAKE256_ROT( v12, 8); \ - v11 += v12; \ - v6 ^= v11; \ - v6 = BLAKE256_ROT( v6, 7); \ - v0 += m9 ^ c9; \ - v0 += v5; \ - v15 ^= v0; \ - v15 = BLAKE256_ROT( v15, 8); \ - v10 += v15; \ - v5 ^= v10; \ - v5 = BLAKE256_ROT( v5, 7); \ - - ROUND(m0,cst[1],m1,cst[0],m2,cst[3],m3,cst[2],m4,cst[5],m5,cst[4],m6,cst[7],m7,cst[6],m8,cst[9],m9,cst[8],m10,cst[11],m11,cst[10],m12,cst[13],m13,cst[12],m14,cst[15],m15,cst[14]) - ROUND(m14,cst[10],m10,cst[14],m4,cst[8],m8,cst[4],m9,cst[15],m15,cst[9],m13,cst[6],m6,cst[13],m1,cst[12],m12,cst[1],m0,cst[2],m2,cst[0],m11,cst[7],m7,cst[11],m5,cst[3],m3,cst[5]) - ROUND(m11,cst[8],m8,cst[11],m12,cst[0],m0,cst[12],m5,cst[2],m2,cst[5],m15,cst[13],m13,cst[15],m10,cst[14],m14,cst[10],m3,cst[6],m6,cst[3],m7,cst[1],m1,cst[7],m9,cst[4],m4,cst[9]) - ROUND(m7,cst[9],m9,cst[7],m3,cst[1],m1,cst[3],m13,cst[12],m12,cst[13],m11,cst[14],m14,cst[11],m2,cst[6],m6,cst[2],m5,cst[10],m10,cst[5],m4,cst[0],m0,cst[4],m15,cst[8],m8,cst[15]) - ROUND(m9,cst[0],m0,cst[9],m5,cst[7],m7,cst[5],m2,cst[4],m4,cst[2],m10,cst[15],m15,cst[10],m14,cst[1],m1,cst[14],m11,cst[12],m12,cst[11],m6,cst[8],m8,cst[6],m3,cst[13],m13,cst[3]) - ROUND(m2,cst[12],m12,cst[2],m6,cst[10],m10,cst[6],m0,cst[11],m11,cst[0],m8,cst[3],m3,cst[8],m4,cst[13],m13,cst[4],m7,cst[5],m5,cst[7],m15,cst[14],m14,cst[15],m1,cst[9],m9,cst[1]) - ROUND(m12,cst[5],m5,cst[12],m1,cst[15],m15,cst[1],m14,cst[13],m13,cst[14],m4,cst[10],m10,cst[4],m0,cst[7],m7,cst[0],m6,cst[3],m3,cst[6],m9,cst[2],m2,cst[9],m8,cst[11],m11,cst[8]) - ROUND(m13,cst[11],m11,cst[13],m7,cst[14],m14,cst[7],m12,cst[1],m1,cst[12],m3,cst[9],m9,cst[3],m5,cst[0],m0,cst[5],m15,cst[4],m4,cst[15],m8,cst[6],m6,cst[8],m2,cst[10],m10,cst[2]) - ROUND(m6,cst[15],m15,cst[6],m14,cst[9],m9,cst[14],m11,cst[3],m3,cst[11],m0,cst[8],m8,cst[0],m12,cst[2],m2,cst[12],m13,cst[7],m7,cst[13],m1,cst[4],m4,cst[1],m10,cst[5],m5,cst[10]) - ROUND(m10,cst[2],m2,cst[10],m8,cst[4],m4,cst[8],m7,cst[6],m6,cst[7],m1,cst[5],m5,cst[1],m15,cst[11],m11,cst[15],m9,cst[14],m14,cst[9],m3,cst[12],m12,cst[3],m13,cst[0],m0,cst[13]) - ROUND(m0,cst[1],m1,cst[0],m2,cst[3],m3,cst[2],m4,cst[5],m5,cst[4],m6,cst[7],m7,cst[6],m8,cst[9],m9,cst[8],m10,cst[11],m11,cst[10],m12,cst[13],m13,cst[12],m14,cst[15],m15,cst[14]) - ROUND(m14,cst[10],m10,cst[14],m4,cst[8],m8,cst[4],m9,cst[15],m15,cst[9],m13,cst[6],m6,cst[13],m1,cst[12],m12,cst[1],m0,cst[2],m2,cst[0],m11,cst[7],m7,cst[11],m5,cst[3],m3,cst[5]) - ROUND(m11,cst[8],m8,cst[11],m12,cst[0],m0,cst[12],m5,cst[2],m2,cst[5],m15,cst[13],m13,cst[15],m10,cst[14],m14,cst[10],m3,cst[6],m6,cst[3],m7,cst[1],m1,cst[7],m9,cst[4],m4,cst[9]) - ROUND(m7,cst[9],m9,cst[7],m3,cst[1],m1,cst[3],m13,cst[12],m12,cst[13],m11,cst[14],m14,cst[11],m2,cst[6],m6,cst[2],m5,cst[10],m10,cst[5],m4,cst[0],m0,cst[4],m15,cst[8],m8,cst[15]) - - v0 ^= v8; - v1 ^= v9; - v2 ^= v10; - v3 ^= v11; - v4 ^= v12; - v5 ^= v13; - v6 ^= v14; - v7 ^= v15; - - v0 ^= S->s[0]; - v1 ^= S->s[1]; - v2 ^= S->s[2]; - v3 ^= S->s[3]; - v4 ^= S->s[0]; - v5 ^= S->s[1]; - v6 ^= S->s[2]; - v7 ^= S->s[3]; - - S->h[0] ^= v0; - S->h[1] ^= v1; - S->h[2] ^= v2; - S->h[3] ^= v3; - S->h[4] ^= v4; - S->h[5] ^= v5; - S->h[6] ^= v6; - S->h[7] ^= v7; -} - - -void blake256_init( blakestate256 *S ) { - - S->h[0]=0x6A09E667; - S->h[1]=0xBB67AE85; - S->h[2]=0x3C6EF372; - S->h[3]=0xA54FF53A; - S->h[4]=0x510E527F; - S->h[5]=0x9B05688C; - S->h[6]=0x1F83D9AB; - S->h[7]=0x5BE0CD19; - S->t[0]=S->t[1]=S->buflen=S->nullt=0; - S->s[0]=S->s[1]=S->s[2]=S->s[3] =0; -} - - -void blake256_update( blakestate256 *S, const u8 *data, u64 datalen ) { - - int left=S->buflen >> 3; - int fill=64 - left; - - if( left && ( ((datalen >> 3) & 0x3F) >= fill ) ) { - memcpy( (void*) (S->buf + left), (void*) data, fill ); - S->t[0] += 512; - if (S->t[0] == 0) S->t[1]++; - blake256_compress( S, S->buf ); - data += fill; - datalen -= (fill << 3); - left = 0; - } - - while( datalen >= 512 ) { - S->t[0] += 512; - if (S->t[0] == 0) S->t[1]++; - blake256_compress( S, data ); - data += 64; - datalen -= 512; - } - - if( datalen > 0 ) { - memcpy( (void*) (S->buf + left), (void*) data, datalen>>3 ); - S->buflen = (left<<3) + datalen; - } - else S->buflen=0; -} - - -void blake256_final( blakestate256 *S, u8 *digest ) { - - u8 msglen[8], zo=0x01, oo=0x81; - u32 lo=S->t[0] + S->buflen, hi=S->t[1]; - if ( lo < S->buflen ) hi++; - U32TO8( msglen + 0, hi ); - U32TO8( msglen + 4, lo ); - - if ( S->buflen == 440 ) { /* one padding byte */ - S->t[0] -= 8; - blake256_update( S, &oo, 8 ); - } - else { - if ( S->buflen < 440 ) { /* enough space to fill the block */ - if ( !S->buflen ) S->nullt=1; - S->t[0] -= 440 - S->buflen; - blake256_update( S, padding, 440 - S->buflen ); - } - else { /* need 2 compressions */ - S->t[0] -= 512 - S->buflen; - blake256_update( S, padding, 512 - S->buflen ); - S->t[0] -= 440; - blake256_update( S, padding+1, 440 ); - S->nullt = 1; - } - blake256_update( S, &zo, 8 ); - S->t[0] -= 8; - } - S->t[0] -= 64; - blake256_update( S, msglen, 64 ); - - U32TO8( digest + 0, S->h[0]); - U32TO8( digest + 4, S->h[1]); - U32TO8( digest + 8, S->h[2]); - U32TO8( digest +12, S->h[3]); - U32TO8( digest +16, S->h[4]); - U32TO8( digest +20, S->h[5]); - U32TO8( digest +24, S->h[6]); - U32TO8( digest +28, S->h[7]); -} - -void blake256_mgf1(unsigned char *out, unsigned long outlen, - const unsigned char *in, unsigned long inlen) -{ - SPX_VLA(uint8_t, inbuf, inlen+4); - unsigned char outbuf[SPX_BLAKE256_OUTPUT_BYTES]; - unsigned long i; - - memcpy(inbuf, in, inlen); - - /* While we can fit in at least another full block of BLAKE256 output.. */ - for (i = 0; (i+1)*SPX_BLAKE256_OUTPUT_BYTES <= outlen; i++) { - u32_to_bytes(inbuf + inlen, i); - blake256(out, inbuf, inlen + 4); - out += SPX_BLAKE256_OUTPUT_BYTES; - } - /* Until we cannot anymore, and we fill the remainder. */ - if (outlen > i*SPX_BLAKE256_OUTPUT_BYTES) { - u32_to_bytes(inbuf + inlen, i); - blake256(outbuf, inbuf, inlen + 4); - memcpy(out, outbuf, outlen - i*SPX_BLAKE256_OUTPUT_BYTES); - } -} - -int blake256( unsigned char *out, const unsigned char *in, unsigned long long inlen ) -{ - blakestate256 S; - blake256_init( &S ); - blake256_update( &S, in, inlen*8 ); - blake256_final( &S, out ); - return 0; -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/blake512.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/blake512.c deleted file mode 100644 index 2983a72..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/blake512.c +++ /dev/null @@ -1,409 +0,0 @@ -// supercop-20140525/crypto_hash/blake512/sandy - -/* - BLAKE reference C implementation - - Copyright (c) 2012 Jean-Philippe Aumasson - - To the extent possible under law, the author(s) have dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - - You should have received a copy of the CC0 Public Domain Dedication along - with this software. If not, see - . - */ - -#include -#include - -#include "../../../app/include/utils.h" - -#include "../include/blake.h" - -typedef unsigned long long crypto_uint64; -typedef unsigned int crypto_uint32; -typedef unsigned char crypto_uint8; - -typedef crypto_uint64 u64; -typedef crypto_uint32 u32; -typedef crypto_uint8 u8; - -#define U8TO32(p) \ - (((uint32_t)((p)[0]) << 24) | ((uint32_t)((p)[1]) << 16) | \ - ((uint32_t)((p)[2]) << 8) | ((uint32_t)((p)[3]) )) -#define U32TO8(p, v) \ - (p)[0] = (uint8_t)((v) >> 24); \ - (p)[1] = (uint8_t)((v) >> 16); \ - (p)[2] = (uint8_t)((v) >> 8); \ - (p)[3] = (uint8_t)((v)); -#define U8TO64(p) (((uint64_t)U8TO32(p) << 32) | ((uint64_t)U8TO32(p + 4))) -#define U64TO8(p, v) \ - U32TO8((p), (uint32_t)((v) >> 32)); \ - U32TO8((p) + 4, (uint32_t)((v) )); - -const u64 cst[16] = { - 0x243F6A8885A308D3ULL,0x13198A2E03707344ULL,0xA4093822299F31D0ULL,0x082EFA98EC4E6C89ULL, - 0x452821E638D01377ULL,0xBE5466CF34E90C6CULL,0xC0AC29B7C97C50DDULL,0x3F84D5B5B5470917ULL, - 0x9216D5D98979FB1BULL,0xD1310BA698DFB5ACULL,0x2FFD72DBD01ADFB7ULL,0xB8E1AFED6A267E96ULL, - 0xBA7C9045F12C7F99ULL,0x24A19947B3916CF7ULL,0x0801F2E2858EFC16ULL,0x636920D871574E69ULL -}; - -static const u8 padding[129] = -{0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - -#define BLAKE512_ROT(x,n) (((x)<<(64-n))|( (x)>>(n))) - -void blake512_compress( blakestate512 *S, const u8 *block ) -{ - u64 m0; - u64 m1; - u64 m2; - u64 m3; - u64 m4; - u64 m5; - u64 m6; - u64 m7; - u64 m8; - u64 m9; - u64 m10; - u64 m11; - u64 m12; - u64 m13; - u64 m14; - u64 m15; - u64 v0; - u64 v1; - u64 v2; - u64 v3; - u64 v4; - u64 v5; - u64 v6; - u64 v7; - u64 v8; - u64 v9; - u64 v10; - u64 v11; - u64 v12; - u64 v13; - u64 v14; - u64 v15; - - m0 = U8TO64(block + 0); - m1 = U8TO64(block + 8); - m2 = U8TO64(block + 16); - m3 = U8TO64(block + 24); - m4 = U8TO64(block + 32); - m5 = U8TO64(block + 40); - m6 = U8TO64(block + 48); - m7 = U8TO64(block + 56); - m8 = U8TO64(block + 64); - m9 = U8TO64(block + 72); - m10 = U8TO64(block + 80); - m11 = U8TO64(block + 88); - m12 = U8TO64(block + 96); - m13 = U8TO64(block + 104); - m14 = U8TO64(block + 112); - m15 = U8TO64(block + 120); - v0 = S->h[0]; - v1 = S->h[1]; - v2 = S->h[2]; - v3 = S->h[3]; - v4 = S->h[4]; - v5 = S->h[5]; - v6 = S->h[6]; - v7 = S->h[7]; - v8 = S->s[0] ^ 0x243F6A8885A308D3ULL; - v9 = S->s[1] ^ 0x13198A2E03707344ULL; - v10 = S->s[2] ^ 0xA4093822299F31D0ULL; - v11 = S->s[3] ^ 0x082EFA98EC4E6C89ULL; - v12 = 0x452821E638D01377ULL; - v13 = 0xBE5466CF34E90C6CULL; - v14 = 0xC0AC29B7C97C50DDULL; - v15 = 0x3F84D5B5B5470917ULL; - - if (S->nullt == 0) { - v12 ^= S->t[0]; - v13 ^= S->t[0]; - v14 ^= S->t[1]; - v15 ^= S->t[1]; - } - -#define ROUND(m0,c0,m1,c1,m2,c2,m3,c3,m4,c4,m5,c5,m6,c6,m7,c7,m8,c8,m9,c9,m10,c10,m11,c11,m12,c12,m13,c13,m14,c14,m15,c15) \ - v0 += m0 ^ c0; \ - v0 += v4; \ - v12 ^= v0; \ - v12 = BLAKE512_ROT( v12,32); \ - v8 += v12; \ - v4 ^= v8; \ - v4 = BLAKE512_ROT( v4,25); \ - v1 += m2 ^ c2; \ - v1 += v5; \ - v13 ^= v1; \ - v13 = BLAKE512_ROT( v13,32); \ - v9 += v13; \ - v5 ^= v9; \ - v5 = BLAKE512_ROT( v5,25); \ - v2 += m4 ^ c4; \ - v2 += v6; \ - v14 ^= v2; \ - v14 = BLAKE512_ROT( v14,32); \ - v10 += v14; \ - v6 ^= v10; \ - v6 = BLAKE512_ROT( v6,25); \ - v3 += m6 ^ c6; \ - v3 += v7; \ - v15 ^= v3; \ - v15 = BLAKE512_ROT( v15,32); \ - v11 += v15; \ - v7 ^= v11; \ - v7 = BLAKE512_ROT( v7,25); \ - v2 += m5 ^ c5; \ - v2 += v6; \ - v14 ^= v2; \ - v14 = BLAKE512_ROT( v14,16); \ - v10 += v14; \ - v6 ^= v10; \ - v6 = BLAKE512_ROT( v6,11); \ - v3 += m7 ^ c7; \ - v3 += v7; \ - v15 ^= v3; \ - v15 = BLAKE512_ROT( v15,16); \ - v11 += v15; \ - v7 ^= v11; \ - v7 = BLAKE512_ROT( v7,11); \ - v1 += m3 ^ c3; \ - v1 += v5; \ - v13 ^= v1; \ - v13 = BLAKE512_ROT( v13,16); \ - v9 += v13; \ - v5 ^= v9; \ - v5 = BLAKE512_ROT( v5,11); \ - v0 += m1 ^ c1; \ - v0 += v4; \ - v12 ^= v0; \ - v12 = BLAKE512_ROT( v12,16); \ - v8 += v12; \ - v4 ^= v8; \ - v4 = BLAKE512_ROT( v4,11); \ - v0 += m8 ^ c8; \ - v0 += v5; \ - v15 ^= v0; \ - v15 = BLAKE512_ROT( v15,32); \ - v10 += v15; \ - v5 ^= v10; \ - v5 = BLAKE512_ROT( v5,25); \ - v1 += m10 ^ c10; \ - v1 += v6; \ - v12 ^= v1; \ - v12 = BLAKE512_ROT( v12,32); \ - v11 += v12; \ - v6 ^= v11; \ - v6 = BLAKE512_ROT( v6,25); \ - v2 += m12 ^ c12; \ - v2 += v7; \ - v13 ^= v2; \ - v13 = BLAKE512_ROT( v13,32); \ - v8 += v13; \ - v7 ^= v8; \ - v7 = BLAKE512_ROT( v7,25); \ - v3 += m14 ^ c14; \ - v3 += v4; \ - v14 ^= v3; \ - v14 = BLAKE512_ROT( v14,32); \ - v9 += v14; \ - v4 ^= v9; \ - v4 = BLAKE512_ROT( v4,25); \ - v2 += m13 ^ c13; \ - v2 += v7; \ - v13 ^= v2; \ - v13 = BLAKE512_ROT( v13,16); \ - v8 += v13; \ - v7 ^= v8; \ - v7 = BLAKE512_ROT( v7,11); \ - v3 += m15 ^ c15; \ - v3 += v4; \ - v14 ^= v3; \ - v14 = BLAKE512_ROT( v14,16); \ - v9 += v14; \ - v4 ^= v9; \ - v4 = BLAKE512_ROT( v4,11); \ - v1 += m11 ^ c11; \ - v1 += v6; \ - v12 ^= v1; \ - v12 = BLAKE512_ROT( v12,16); \ - v11 += v12; \ - v6 ^= v11; \ - v6 = BLAKE512_ROT( v6,11); \ - v0 += m9 ^ c9; \ - v0 += v5; \ - v15 ^= v0; \ - v15 = BLAKE512_ROT( v15,16); \ - v10 += v15; \ - v5 ^= v10; \ - v5 = BLAKE512_ROT( v5,11); \ - - ROUND(m0,cst[1],m1,cst[0],m2,cst[3],m3,cst[2],m4,cst[5],m5,cst[4],m6,cst[7],m7,cst[6],m8,cst[9],m9,cst[8],m10,cst[11],m11,cst[10],m12,cst[13],m13,cst[12],m14,cst[15],m15,cst[14]) - ROUND(m14,cst[10],m10,cst[14],m4,cst[8],m8,cst[4],m9,cst[15],m15,cst[9],m13,cst[6],m6,cst[13],m1,cst[12],m12,cst[1],m0,cst[2],m2,cst[0],m11,cst[7],m7,cst[11],m5,cst[3],m3,cst[5]) - ROUND(m11,cst[8],m8,cst[11],m12,cst[0],m0,cst[12],m5,cst[2],m2,cst[5],m15,cst[13],m13,cst[15],m10,cst[14],m14,cst[10],m3,cst[6],m6,cst[3],m7,cst[1],m1,cst[7],m9,cst[4],m4,cst[9]) - ROUND(m7,cst[9],m9,cst[7],m3,cst[1],m1,cst[3],m13,cst[12],m12,cst[13],m11,cst[14],m14,cst[11],m2,cst[6],m6,cst[2],m5,cst[10],m10,cst[5],m4,cst[0],m0,cst[4],m15,cst[8],m8,cst[15]) - ROUND(m9,cst[0],m0,cst[9],m5,cst[7],m7,cst[5],m2,cst[4],m4,cst[2],m10,cst[15],m15,cst[10],m14,cst[1],m1,cst[14],m11,cst[12],m12,cst[11],m6,cst[8],m8,cst[6],m3,cst[13],m13,cst[3]) - ROUND(m2,cst[12],m12,cst[2],m6,cst[10],m10,cst[6],m0,cst[11],m11,cst[0],m8,cst[3],m3,cst[8],m4,cst[13],m13,cst[4],m7,cst[5],m5,cst[7],m15,cst[14],m14,cst[15],m1,cst[9],m9,cst[1]) - ROUND(m12,cst[5],m5,cst[12],m1,cst[15],m15,cst[1],m14,cst[13],m13,cst[14],m4,cst[10],m10,cst[4],m0,cst[7],m7,cst[0],m6,cst[3],m3,cst[6],m9,cst[2],m2,cst[9],m8,cst[11],m11,cst[8]) - ROUND(m13,cst[11],m11,cst[13],m7,cst[14],m14,cst[7],m12,cst[1],m1,cst[12],m3,cst[9],m9,cst[3],m5,cst[0],m0,cst[5],m15,cst[4],m4,cst[15],m8,cst[6],m6,cst[8],m2,cst[10],m10,cst[2]) - ROUND(m6,cst[15],m15,cst[6],m14,cst[9],m9,cst[14],m11,cst[3],m3,cst[11],m0,cst[8],m8,cst[0],m12,cst[2],m2,cst[12],m13,cst[7],m7,cst[13],m1,cst[4],m4,cst[1],m10,cst[5],m5,cst[10]) - ROUND(m10,cst[2],m2,cst[10],m8,cst[4],m4,cst[8],m7,cst[6],m6,cst[7],m1,cst[5],m5,cst[1],m15,cst[11],m11,cst[15],m9,cst[14],m14,cst[9],m3,cst[12],m12,cst[3],m13,cst[0],m0,cst[13]) - ROUND(m0,cst[1],m1,cst[0],m2,cst[3],m3,cst[2],m4,cst[5],m5,cst[4],m6,cst[7],m7,cst[6],m8,cst[9],m9,cst[8],m10,cst[11],m11,cst[10],m12,cst[13],m13,cst[12],m14,cst[15],m15,cst[14]) - ROUND(m14,cst[10],m10,cst[14],m4,cst[8],m8,cst[4],m9,cst[15],m15,cst[9],m13,cst[6],m6,cst[13],m1,cst[12],m12,cst[1],m0,cst[2],m2,cst[0],m11,cst[7],m7,cst[11],m5,cst[3],m3,cst[5]) - ROUND(m11,cst[8],m8,cst[11],m12,cst[0],m0,cst[12],m5,cst[2],m2,cst[5],m15,cst[13],m13,cst[15],m10,cst[14],m14,cst[10],m3,cst[6],m6,cst[3],m7,cst[1],m1,cst[7],m9,cst[4],m4,cst[9]) - ROUND(m7,cst[9],m9,cst[7],m3,cst[1],m1,cst[3],m13,cst[12],m12,cst[13],m11,cst[14],m14,cst[11],m2,cst[6],m6,cst[2],m5,cst[10],m10,cst[5],m4,cst[0],m0,cst[4],m15,cst[8],m8,cst[15]) - ROUND(m9,cst[0],m0,cst[9],m5,cst[7],m7,cst[5],m2,cst[4],m4,cst[2],m10,cst[15],m15,cst[10],m14,cst[1],m1,cst[14],m11,cst[12],m12,cst[11],m6,cst[8],m8,cst[6],m3,cst[13],m13,cst[3]) - ROUND(m2,cst[12],m12,cst[2],m6,cst[10],m10,cst[6],m0,cst[11],m11,cst[0],m8,cst[3],m3,cst[8],m4,cst[13],m13,cst[4],m7,cst[5],m5,cst[7],m15,cst[14],m14,cst[15],m1,cst[9],m9,cst[1]) - - v0 ^= v8; - v1 ^= v9; - v2 ^= v10; - v3 ^= v11; - v4 ^= v12; - v5 ^= v13; - v6 ^= v14; - v7 ^= v15; - - v0 ^= S->s[0]; - v1 ^= S->s[1]; - v2 ^= S->s[2]; - v3 ^= S->s[3]; - v4 ^= S->s[0]; - v5 ^= S->s[1]; - v6 ^= S->s[2]; - v7 ^= S->s[3]; - - S->h[0] ^= v0; - S->h[1] ^= v1; - S->h[2] ^= v2; - S->h[3] ^= v3; - S->h[4] ^= v4; - S->h[5] ^= v5; - S->h[6] ^= v6; - S->h[7] ^= v7; -} - - -void blake512_init( blakestate512 *S ) { - S->h[0]=0x6A09E667F3BCC908ULL; - S->h[1]=0xBB67AE8584CAA73BULL; - S->h[2]=0x3C6EF372FE94F82BULL; - S->h[3]=0xA54FF53A5F1D36F1ULL; - S->h[4]=0x510E527FADE682D1ULL; - S->h[5]=0x9B05688C2B3E6C1FULL; - S->h[6]=0x1F83D9ABFB41BD6BULL; - S->h[7]=0x5BE0CD19137E2179ULL; - S->t[0]=S->t[1]=S->buflen=S->nullt=0; - S->s[0]=S->s[1]=S->s[2]=S->s[3] =0; -} - - -void blake512_update( blakestate512 * S, const u8 * data, u64 datalen ) { - - int left = (S->buflen >> 3); - int fill = 128 - left; - - if( left && ( ((datalen >> 3) & 0x7F) >= fill ) ) { - memcpy( (void *) (S->buf + left), (void *) data, fill ); - S->t[0] += 1024; - blake512_compress( S, S->buf ); - data += fill; - datalen -= (fill << 3); - left = 0; - } - - while( datalen >= 1024 ) { - S->t[0] += 1024; - blake512_compress( S, data ); - data += 128; - datalen -= 1024; - } - - if( datalen > 0 ) { - memcpy( (void *) (S->buf + left), (void *) data, ( datalen>>3 ) & 0x7F ); - S->buflen = (left<<3) + datalen; - } - else S->buflen=0; -} - - -void blake512_final( blakestate512 * S, u8 * digest ) { - - u8 msglen[16], zo=0x01,oo=0x81; - u64 lo=S->t[0] + S->buflen, hi = S->t[1]; - if ( lo < S->buflen ) hi++; - U64TO8( msglen + 0, hi ); - U64TO8( msglen + 8, lo ); - - if ( S->buflen == 888 ) { /* one padding byte */ - S->t[0] -= 8; - blake512_update( S, &oo, 8 ); - } - else { - if ( S->buflen < 888 ) { /* enough space to fill the block */ - if ( S->buflen == 0 ) S->nullt=1; - S->t[0] -= 888 - S->buflen; - blake512_update( S, padding, 888 - S->buflen ); - } - else { /* NOT enough space, need 2 compressions */ - S->t[0] -= 1024 - S->buflen; - blake512_update( S, padding, 1024 - S->buflen ); - S->t[0] -= 888; - blake512_update( S, padding+1, 888 ); - S->nullt = 1; - } - blake512_update( S, &zo, 8 ); - S->t[0] -= 8; - } - S->t[0] -= 128; - blake512_update( S, msglen, 128 ); - - U64TO8( digest + 0, S->h[0]); - U64TO8( digest + 8, S->h[1]); - U64TO8( digest +16, S->h[2]); - U64TO8( digest +24, S->h[3]); - U64TO8( digest +32, S->h[4]); - U64TO8( digest +40, S->h[5]); - U64TO8( digest +48, S->h[6]); - U64TO8( digest +56, S->h[7]); -} - -void blake512_mgf1(unsigned char *out, unsigned long outlen, - const unsigned char *in, unsigned long inlen) -{ - SPX_VLA(uint8_t, inbuf, inlen+4); - unsigned char outbuf[SPX_BLAKE512_OUTPUT_BYTES]; - unsigned long i; - - memcpy(inbuf, in, inlen); - - /* While we can fit in at least another full block of BLAKE512 output.. */ - for (i = 0; (i+1)*SPX_BLAKE512_OUTPUT_BYTES <= outlen; i++) { - u32_to_bytes(inbuf + inlen, i); - blake512(out, inbuf, inlen + 4); - out += SPX_BLAKE512_OUTPUT_BYTES; - } - /* Until we cannot anymore, and we fill the remainder. */ - if (outlen > i*SPX_BLAKE512_OUTPUT_BYTES) { - u32_to_bytes(inbuf + inlen, i); - blake512(outbuf, inbuf, inlen + 4); - memcpy(out, outbuf, outlen - i*SPX_BLAKE512_OUTPUT_BYTES); - } -} - -int blake512( unsigned char *out, const unsigned char *in, unsigned long long inlen ) { - - blakestate512 S; - blake512_init( &S ); - blake512_update( &S, in, inlen*8 ); - blake512_final( &S, out ); - return 0; -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/hash_blake.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/hash_blake.c deleted file mode 100644 index 5df5960..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/hash_blake.c +++ /dev/null @@ -1,123 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/hash.h" -#include "../../../app/include/params.h" -#include "../../../app/include/utils.h" - -#include "../include/blake.h" - -#if SPX_N >= 24 -#define SPX_BLAKEX_OUTPUT_BYTES SPX_BLAKE512_OUTPUT_BYTES -#define blakeX blake512 -#define blakestateX blakestate512 -#define blakeX_init blake512_init -#define blakeX_update blake512_update -#define blakeX_final blake512_final -#define blakeX_mgf1 blake512_mgf1 -#else -#define SPX_BLAKEX_OUTPUT_BYTES SPX_BLAKE256_OUTPUT_BYTES -#define blakeX blake256 -#define blakestateX blakestate256 -#define blakeX_init blake256_init -#define blakeX_update blake256_update -#define blakeX_final blake256_final -#define blakeX_mgf1 blake256_mgf1 -#endif - -void initialize_hash_function(spx_ctx *ctx) -{ - (void)ctx; -} - -/** - * Computes PRF(key, addr), given a secret key of SPX_N bytes and an address - */ -void prf_addr(unsigned char *out, const spx_ctx *ctx, - const uint32_t addr[8]) -{ - unsigned char buf[2*SPX_N + SPX_ADDR_BYTES] = {0}; - unsigned char outbuf[SPX_BLAKE256_OUTPUT_BYTES] = {0}; - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES); - memcpy(buf + SPX_N + SPX_ADDR_BYTES, ctx->sk_seed, SPX_N); - - blake256(outbuf, buf, SPX_N + SPX_ADDR_BYTES); - - memcpy(out, outbuf, SPX_N); -} - -/** - * Computes the message-dependent randomness R, using a secret seed and an - * optional randomization value as well as the message. - */ -void gen_message_random(unsigned char *R, const unsigned char *sk_prf, - const unsigned char *optrand, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx) -{ - (void)ctx; - blakestateX S; - - blakeX_init(&S); - blakeX_update(&S, sk_prf, SPX_N); - blakeX_update(&S, optrand, SPX_N); - blakeX_update(&S, m, mlen); - blakeX_final(&S, R); -} - -/** - * Computes the message hash using R, the public key, and the message. - * Outputs the message digest and the index of the leaf. The index is split in - * the tree index and the leaf index, for convenient copying to an address. - */ -void hash_message(unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx, - const unsigned char *R, const unsigned char *pk, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx) -{ - (void)ctx; -#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1)) -#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8) -#define SPX_LEAF_BITS SPX_TREE_HEIGHT -#define SPX_LEAF_BYTES ((SPX_LEAF_BITS + 7) / 8) -#define SPX_DGST_BYTES (SPX_FORS_MSG_BYTES + SPX_TREE_BYTES + SPX_LEAF_BYTES) - - unsigned char buf[SPX_DGST_BYTES]; - unsigned char *bufp = buf; - unsigned char seed[2*SPX_N + SPX_BLAKEX_OUTPUT_BYTES]; - - blakestateX S; - blakeX_init(&S); - - blakeX_update(&S, R, SPX_N); - blakeX_update(&S, pk, SPX_PK_BYTES); - blakeX_update(&S, m, mlen); - - blakeX_final(&S, seed+ 2 * SPX_N); - - memcpy(seed, R, SPX_N); - memcpy(seed + SPX_N, pk, SPX_N); - - blakeX_mgf1(bufp, SPX_DGST_BYTES, seed, 2*SPX_N + SPX_BLAKEX_OUTPUT_BYTES); - - memcpy(digest, bufp, SPX_FORS_MSG_BYTES); - bufp += SPX_FORS_MSG_BYTES; - -#if SPX_TREE_BITS > 64 -#error For given height and depth, 64 bits cannot represent all subtrees -#endif - - if (SPX_D == 1) { - *tree = 0; - } else { - *tree = bytes_to_ull(bufp, SPX_TREE_BYTES); - *tree &= (~(uint64_t)0) >> (64 - SPX_TREE_BITS); - } - bufp += SPX_TREE_BYTES; - - *leaf_idx = (uint32_t)bytes_to_ull(bufp, SPX_LEAF_BYTES); - *leaf_idx &= (~(uint32_t)0) >> (32 - SPX_LEAF_BITS); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/thash_blake_robust.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/thash_blake_robust.c deleted file mode 100644 index 477d206..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/thash_blake_robust.c +++ /dev/null @@ -1,67 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/params.h" -#include "../../../app/include/thash.h" -#include "../../../app/include/utils.h" - -#include "../include/blake.h" - -#if SPX_BLAKE512 -static void thash_512(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]); -#endif - -/** - * Takes an array of inblocks concatenated arrays of SPX_N bytes. - */ -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ -#if SPX_BLAKE512 - if (inblocks > 1) { - thash_512(out, in, inblocks, ctx, addr); - return; - } -#endif - unsigned char outbuf[SPX_BLAKE256_OUTPUT_BYTES]; - SPX_VLA(uint8_t, bitmask, inblocks * SPX_N); - SPX_VLA(uint8_t, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); - unsigned int i; - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES); - - blake256_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_ADDR_BYTES); - - for (i = 0; i < inblocks * SPX_N; i++) { - buf[SPX_N + SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i]; - } - - blake256(outbuf, buf + SPX_N, SPX_ADDR_BYTES + inblocks*SPX_N); - memcpy(out, outbuf, SPX_N); -} - -#if SPX_BLAKE512 -static void thash_512(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ - unsigned char outbuf[SPX_BLAKE512_OUTPUT_BYTES]; - SPX_VLA(uint8_t, bitmask, inblocks * SPX_N); - SPX_VLA(uint8_t, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); - unsigned int i; - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES); - - blake512_mgf1(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_ADDR_BYTES); - - for (i = 0; i < inblocks * SPX_N; i++) { - buf[SPX_N + SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i]; - } - - blake512(outbuf, buf + SPX_N, SPX_ADDR_BYTES + inblocks*SPX_N); - memcpy(out, outbuf, SPX_N); -} -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/thash_blake_simple.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/thash_blake_simple.c deleted file mode 100644 index 18636bc..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/blake/src/thash_blake_simple.c +++ /dev/null @@ -1,53 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/params.h" -#include "../../../app/include/thash.h" -#include "../../../app/include/utils.h" - -#include "../include/blake.h" - -#if SPX_BLAKE512 -static void thash_512(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]); -#endif - -/** - * Takes an array of inblocks concatenated arrays of SPX_N bytes. - */ -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ -#if SPX_BLAKE512 - if (inblocks > 1) { - thash_512(out, in, inblocks, ctx, addr); - return; - } -#endif - unsigned char outbuf[SPX_BLAKE256_OUTPUT_BYTES]; - SPX_VLA(uint8_t, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES); - memcpy(buf + SPX_N + SPX_ADDR_BYTES, in, inblocks * SPX_N); - - blake256(outbuf, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); - memcpy(out, outbuf, SPX_N); -} - -#if SPX_BLAKE512 -static void thash_512(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ - unsigned char outbuf[SPX_BLAKE512_OUTPUT_BYTES]; - SPX_VLA(uint8_t, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES); - memcpy(buf + SPX_N + SPX_ADDR_BYTES, in, inblocks * SPX_N); - - blake512(outbuf, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); - memcpy(out, outbuf, SPX_N); -} -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/CMakeLists.txt b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/CMakeLists.txt deleted file mode 100644 index f569a03..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/CMakeLists.txt +++ /dev/null @@ -1,11 +0,0 @@ -set(HARAKA_SOURCES - src/haraka.c - src/hash_haraka.c - src/thash_haraka_${THASH}.c -) - -set(PARAMS "sphincs-haraka-${SECPAR}") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DPARAMS=${PARAMS}") - -add_library(haraka SHARED ${HARAKA_SOURCES}) -target_include_directories(haraka PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/include/haraka.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/include/haraka.h deleted file mode 100644 index 7478222..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/include/haraka.h +++ /dev/null @@ -1,41 +0,0 @@ -#ifndef SPX_HARAKA_H -#define SPX_HARAKA_H - -#include "../../../app/include/context.h" - -/* Tweak constants with seed */ -#define tweak_constants SPX_NAMESPACE(tweak_constants) -void tweak_constants(spx_ctx *ctx); - -/* Haraka Sponge */ -#define haraka_S_inc_init SPX_NAMESPACE(haraka_S_inc_init) -void haraka_S_inc_init(uint8_t *s_inc); -#define haraka_S_inc_absorb SPX_NAMESPACE(haraka_S_inc_absorb) -void haraka_S_inc_absorb(uint8_t *s_inc, const uint8_t *m, size_t mlen, - const spx_ctx *ctx); -#define haraka_S_inc_finalize SPX_NAMESPACE(haraka_S_inc_finalize) -void haraka_S_inc_finalize(uint8_t *s_inc); -#define haraka_S_inc_squeeze SPX_NAMESPACE(haraka_S_inc_squeeze) -void haraka_S_inc_squeeze(uint8_t *out, size_t outlen, uint8_t *s_inc, - const spx_ctx *ctx); -#define haraka_S SPX_NAMESPACE(haraka_S) -void haraka_S(unsigned char *out, unsigned long long outlen, - const unsigned char *in, unsigned long long inlen, - const spx_ctx *ctx); - -/* Applies the 512-bit Haraka permutation to in. */ -#define haraka512_perm SPX_NAMESPACE(haraka512_perm) -void haraka512_perm(unsigned char *out, const unsigned char *in, - const spx_ctx *ctx); - -/* Implementation of Haraka-512 */ -#define haraka512 SPX_NAMESPACE(haraka512) -void haraka512(unsigned char *out, const unsigned char *in, - const spx_ctx *ctx); - -/* Implementation of Haraka-256 */ -#define haraka256 SPX_NAMESPACE(haraka256) -void haraka256(unsigned char *out, const unsigned char *in, - const spx_ctx *ctx); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/include/haraka_offsets.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/include/haraka_offsets.h deleted file mode 100644 index 6afa5f8..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/include/haraka_offsets.h +++ /dev/null @@ -1,20 +0,0 @@ -#if !defined( HARAKA_OFFSETS_H_ ) -#define HARAKA_OFFSETS_H_ - -/* - * Offsets of various fields in the address structure when we use Haraka as - * the Sphincs+ hash function - */ - -#define SPX_OFFSET_LAYER 3 /* The byte used to specify the Merkle tree layer */ -#define SPX_OFFSET_TREE 8 /* The start of the 8 byte field used to specify the tree */ -#define SPX_OFFSET_TYPE 19 /* The byte used to specify the hash type (reason) */ -#define SPX_OFFSET_KP_ADDR 20 /* The start of the 4 byte field used to specify the key pair address */ -#define SPX_OFFSET_CHAIN_ADDR 27 /* The byte used to specify the chain address (which Winternitz chain) */ -#define SPX_OFFSET_HASH_ADDR 31 /* The byte used to specify the hash address (where in the Winternitz chain) */ -#define SPX_OFFSET_TREE_HGT 27 /* The byte used to specify the height of this node in the FORS or Merkle tree */ -#define SPX_OFFSET_TREE_INDEX 28 /* The start of the 4 byte field used to specify the node in the FORS or Merkle tree */ - -#define SPX_HARAKA 1 - -#endif /* HARAKA_OFFSETS_H_ */ diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/haraka.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/haraka.c deleted file mode 100644 index 718908b..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/haraka.c +++ /dev/null @@ -1,965 +0,0 @@ -/* - * Constant time implementation of the Haraka hash function. - * - * The bit-sliced implementation of the AES round functions are - * based on the AES implementation in BearSSL written - * by Thomas Pornin , licensed as follows: - * - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include -#include -#include -#include - -#include "../include/haraka.h" -#include "../../../app/include/utils.h" - -#define HARAKAS_RATE 32 - -static const uint64_t haraka512_rc64[10][8] = { - {0x24cf0ab9086f628b, 0xbdd6eeecc83b8382, 0xd96fb0306cdad0a7, 0xaace082ac8f95f89, 0x449d8e8870d7041f, 0x49bb2f80b2b3e2f8, 0x0569ae98d93bb258, 0x23dc9691e7d6a4b1}, - {0xd8ba10ede0fe5b6e, 0x7ecf7dbe424c7b8e, 0x6ea9949c6df62a31, 0xbf3f3c97ec9c313e, 0x241d03a196a1861e, 0xead3a51116e5a2ea, 0x77d479fcad9574e3, 0x18657a1af894b7a0}, - {0x10671e1a7f595522, 0xd9a00ff675d28c7b, 0x2f1edf0d2b9ba661, 0xb8ff58b8e3de45f9, 0xee29261da9865c02, 0xd1532aa4b50bdf43, 0x8bf858159b231bb1, 0xdf17439d22d4f599}, - {0xdd4b2f0870b918c0, 0x757a81f3b39b1bb6, 0x7a5c556898952e3f, 0x7dd70a16d915d87a, 0x3ae61971982b8301, 0xc3ab319e030412be, 0x17c0033ac094a8cb, 0x5a0630fc1a8dc4ef}, - {0x17708988c1632f73, 0xf92ddae090b44f4f, 0x11ac0285c43aa314, 0x509059941936b8ba, 0xd03e152fa2ce9b69, 0x3fbcbcb63a32998b, 0x6204696d692254f7, 0x915542ed93ec59b4}, - {0xf4ed94aa8879236e, 0xff6cb41cd38e03c0, 0x069b38602368aeab, 0x669495b820f0ddba, 0xf42013b1b8bf9e3d, 0xcf935efe6439734d, 0xbc1dcf42ca29e3f8, 0x7e6d3ed29f78ad67}, - {0xf3b0f6837ffcddaa, 0x3a76faef934ddf41, 0xcec7ae583a9c8e35, 0xe4dd18c68f0260af, 0x2c0e5df1ad398eaa, 0x478df5236ae22e8c, 0xfb944c46fe865f39, 0xaa48f82f028132ba}, - {0x231b9ae2b76aca77, 0x292a76a712db0b40, 0x5850625dc8134491, 0x73137dd469810fb5, 0x8a12a6a202a474fd, 0xd36fd9daa78bdb80, 0xb34c5e733505706f, 0xbaf1cdca818d9d96}, - {0x2e99781335e8c641, 0xbddfe5cce47d560e, 0xf74e9bf32e5e040c, 0x1d7a709d65996be9, 0x670df36a9cf66cdd, 0xd05ef84a176a2875, 0x0f888e828cb1c44e, 0x1a79e9c9727b052c}, - {0x83497348628d84de, 0x2e9387d51f22a754, 0xb000068da2f852d6, 0x378c9e1190fd6fe5, 0x870027c316de7293, 0xe51a9d4462e047bb, 0x90ecf7f8c6251195, 0x655953bfbed90a9c}, -}; - -static inline uint32_t br_dec32le(const unsigned char *src) -{ - return (uint32_t)src[0] - | ((uint32_t)src[1] << 8) - | ((uint32_t)src[2] << 16) - | ((uint32_t)src[3] << 24); -} - -static void br_range_dec32le(uint32_t *v, size_t num, const unsigned char *src) -{ - while (num-- > 0) { - *v ++ = br_dec32le(src); - src += 4; - } -} - -static inline void br_enc32le(unsigned char *dst, uint32_t x) -{ - dst[0] = (unsigned char)x; - dst[1] = (unsigned char)(x >> 8); - dst[2] = (unsigned char)(x >> 16); - dst[3] = (unsigned char)(x >> 24); -} - - -static void br_range_enc32le(unsigned char *dst, const uint32_t *v, size_t num) -{ - while (num-- > 0) { - br_enc32le(dst, *v ++); - dst += 4; - } -} - -static void br_aes_ct64_bitslice_Sbox(uint64_t *q) { - /* - * This S-box implementation is a straightforward translation of - * the circuit described by Boyar and Peralta in "A new - * combinational logic minimization technique with applications - * to cryptology" (https://eprint.iacr.org/2009/191.pdf). - * - * Note that variables x* (input) and s* (output) are numbered - * in "reverse" order (x0 is the high bit, x7 is the low bit). - */ - - uint64_t x0, x1, x2, x3, x4, x5, x6, x7; - uint64_t y1, y2, y3, y4, y5, y6, y7, y8, y9; - uint64_t y10, y11, y12, y13, y14, y15, y16, y17, y18, y19; - uint64_t y20, y21; - uint64_t z0, z1, z2, z3, z4, z5, z6, z7, z8, z9; - uint64_t z10, z11, z12, z13, z14, z15, z16, z17; - uint64_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9; - uint64_t t10, t11, t12, t13, t14, t15, t16, t17, t18, t19; - uint64_t t20, t21, t22, t23, t24, t25, t26, t27, t28, t29; - uint64_t t30, t31, t32, t33, t34, t35, t36, t37, t38, t39; - uint64_t t40, t41, t42, t43, t44, t45, t46, t47, t48, t49; - uint64_t t50, t51, t52, t53, t54, t55, t56, t57, t58, t59; - uint64_t t60, t61, t62, t63, t64, t65, t66, t67; - uint64_t s0, s1, s2, s3, s4, s5, s6, s7; - - x0 = q[7]; - x1 = q[6]; - x2 = q[5]; - x3 = q[4]; - x4 = q[3]; - x5 = q[2]; - x6 = q[1]; - x7 = q[0]; - - /* - * Top linear transformation. - */ - y14 = x3 ^ x5; - y13 = x0 ^ x6; - y9 = x0 ^ x3; - y8 = x0 ^ x5; - t0 = x1 ^ x2; - y1 = t0 ^ x7; - y4 = y1 ^ x3; - y12 = y13 ^ y14; - y2 = y1 ^ x0; - y5 = y1 ^ x6; - y3 = y5 ^ y8; - t1 = x4 ^ y12; - y15 = t1 ^ x5; - y20 = t1 ^ x1; - y6 = y15 ^ x7; - y10 = y15 ^ t0; - y11 = y20 ^ y9; - y7 = x7 ^ y11; - y17 = y10 ^ y11; - y19 = y10 ^ y8; - y16 = t0 ^ y11; - y21 = y13 ^ y16; - y18 = x0 ^ y16; - - /* - * Non-linear section. - */ - t2 = y12 & y15; - t3 = y3 & y6; - t4 = t3 ^ t2; - t5 = y4 & x7; - t6 = t5 ^ t2; - t7 = y13 & y16; - t8 = y5 & y1; - t9 = t8 ^ t7; - t10 = y2 & y7; - t11 = t10 ^ t7; - t12 = y9 & y11; - t13 = y14 & y17; - t14 = t13 ^ t12; - t15 = y8 & y10; - t16 = t15 ^ t12; - t17 = t4 ^ t14; - t18 = t6 ^ t16; - t19 = t9 ^ t14; - t20 = t11 ^ t16; - t21 = t17 ^ y20; - t22 = t18 ^ y19; - t23 = t19 ^ y21; - t24 = t20 ^ y18; - - t25 = t21 ^ t22; - t26 = t21 & t23; - t27 = t24 ^ t26; - t28 = t25 & t27; - t29 = t28 ^ t22; - t30 = t23 ^ t24; - t31 = t22 ^ t26; - t32 = t31 & t30; - t33 = t32 ^ t24; - t34 = t23 ^ t33; - t35 = t27 ^ t33; - t36 = t24 & t35; - t37 = t36 ^ t34; - t38 = t27 ^ t36; - t39 = t29 & t38; - t40 = t25 ^ t39; - - t41 = t40 ^ t37; - t42 = t29 ^ t33; - t43 = t29 ^ t40; - t44 = t33 ^ t37; - t45 = t42 ^ t41; - z0 = t44 & y15; - z1 = t37 & y6; - z2 = t33 & x7; - z3 = t43 & y16; - z4 = t40 & y1; - z5 = t29 & y7; - z6 = t42 & y11; - z7 = t45 & y17; - z8 = t41 & y10; - z9 = t44 & y12; - z10 = t37 & y3; - z11 = t33 & y4; - z12 = t43 & y13; - z13 = t40 & y5; - z14 = t29 & y2; - z15 = t42 & y9; - z16 = t45 & y14; - z17 = t41 & y8; - - /* - * Bottom linear transformation. - */ - t46 = z15 ^ z16; - t47 = z10 ^ z11; - t48 = z5 ^ z13; - t49 = z9 ^ z10; - t50 = z2 ^ z12; - t51 = z2 ^ z5; - t52 = z7 ^ z8; - t53 = z0 ^ z3; - t54 = z6 ^ z7; - t55 = z16 ^ z17; - t56 = z12 ^ t48; - t57 = t50 ^ t53; - t58 = z4 ^ t46; - t59 = z3 ^ t54; - t60 = t46 ^ t57; - t61 = z14 ^ t57; - t62 = t52 ^ t58; - t63 = t49 ^ t58; - t64 = z4 ^ t59; - t65 = t61 ^ t62; - t66 = z1 ^ t63; - s0 = t59 ^ t63; - s6 = t56 ^ ~t62; - s7 = t48 ^ ~t60; - t67 = t64 ^ t65; - s3 = t53 ^ t66; - s4 = t51 ^ t66; - s5 = t47 ^ t65; - s1 = t64 ^ ~s3; - s2 = t55 ^ ~t67; - - q[7] = s0; - q[6] = s1; - q[5] = s2; - q[4] = s3; - q[3] = s4; - q[2] = s5; - q[1] = s6; - q[0] = s7; -} - -static void br_aes_ct_bitslice_Sbox(uint32_t *q) -{ - /* - * This S-box implementation is a straightforward translation of - * the circuit described by Boyar and Peralta in "A new - * combinational logic minimization technique with applications - * to cryptology" (https://eprint.iacr.org/2009/191.pdf). - * - * Note that variables x* (input) and s* (output) are numbered - * in "reverse" order (x0 is the high bit, x7 is the low bit). - */ - - uint32_t x0, x1, x2, x3, x4, x5, x6, x7; - uint32_t y1, y2, y3, y4, y5, y6, y7, y8, y9; - uint32_t y10, y11, y12, y13, y14, y15, y16, y17, y18, y19; - uint32_t y20, y21; - uint32_t z0, z1, z2, z3, z4, z5, z6, z7, z8, z9; - uint32_t z10, z11, z12, z13, z14, z15, z16, z17; - uint32_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9; - uint32_t t10, t11, t12, t13, t14, t15, t16, t17, t18, t19; - uint32_t t20, t21, t22, t23, t24, t25, t26, t27, t28, t29; - uint32_t t30, t31, t32, t33, t34, t35, t36, t37, t38, t39; - uint32_t t40, t41, t42, t43, t44, t45, t46, t47, t48, t49; - uint32_t t50, t51, t52, t53, t54, t55, t56, t57, t58, t59; - uint32_t t60, t61, t62, t63, t64, t65, t66, t67; - uint32_t s0, s1, s2, s3, s4, s5, s6, s7; - - x0 = q[7]; - x1 = q[6]; - x2 = q[5]; - x3 = q[4]; - x4 = q[3]; - x5 = q[2]; - x6 = q[1]; - x7 = q[0]; - - /* - * Top linear transformation. - */ - y14 = x3 ^ x5; - y13 = x0 ^ x6; - y9 = x0 ^ x3; - y8 = x0 ^ x5; - t0 = x1 ^ x2; - y1 = t0 ^ x7; - y4 = y1 ^ x3; - y12 = y13 ^ y14; - y2 = y1 ^ x0; - y5 = y1 ^ x6; - y3 = y5 ^ y8; - t1 = x4 ^ y12; - y15 = t1 ^ x5; - y20 = t1 ^ x1; - y6 = y15 ^ x7; - y10 = y15 ^ t0; - y11 = y20 ^ y9; - y7 = x7 ^ y11; - y17 = y10 ^ y11; - y19 = y10 ^ y8; - y16 = t0 ^ y11; - y21 = y13 ^ y16; - y18 = x0 ^ y16; - - /* - * Non-linear section. - */ - t2 = y12 & y15; - t3 = y3 & y6; - t4 = t3 ^ t2; - t5 = y4 & x7; - t6 = t5 ^ t2; - t7 = y13 & y16; - t8 = y5 & y1; - t9 = t8 ^ t7; - t10 = y2 & y7; - t11 = t10 ^ t7; - t12 = y9 & y11; - t13 = y14 & y17; - t14 = t13 ^ t12; - t15 = y8 & y10; - t16 = t15 ^ t12; - t17 = t4 ^ t14; - t18 = t6 ^ t16; - t19 = t9 ^ t14; - t20 = t11 ^ t16; - t21 = t17 ^ y20; - t22 = t18 ^ y19; - t23 = t19 ^ y21; - t24 = t20 ^ y18; - - t25 = t21 ^ t22; - t26 = t21 & t23; - t27 = t24 ^ t26; - t28 = t25 & t27; - t29 = t28 ^ t22; - t30 = t23 ^ t24; - t31 = t22 ^ t26; - t32 = t31 & t30; - t33 = t32 ^ t24; - t34 = t23 ^ t33; - t35 = t27 ^ t33; - t36 = t24 & t35; - t37 = t36 ^ t34; - t38 = t27 ^ t36; - t39 = t29 & t38; - t40 = t25 ^ t39; - - t41 = t40 ^ t37; - t42 = t29 ^ t33; - t43 = t29 ^ t40; - t44 = t33 ^ t37; - t45 = t42 ^ t41; - z0 = t44 & y15; - z1 = t37 & y6; - z2 = t33 & x7; - z3 = t43 & y16; - z4 = t40 & y1; - z5 = t29 & y7; - z6 = t42 & y11; - z7 = t45 & y17; - z8 = t41 & y10; - z9 = t44 & y12; - z10 = t37 & y3; - z11 = t33 & y4; - z12 = t43 & y13; - z13 = t40 & y5; - z14 = t29 & y2; - z15 = t42 & y9; - z16 = t45 & y14; - z17 = t41 & y8; - - /* - * Bottom linear transformation. - */ - t46 = z15 ^ z16; - t47 = z10 ^ z11; - t48 = z5 ^ z13; - t49 = z9 ^ z10; - t50 = z2 ^ z12; - t51 = z2 ^ z5; - t52 = z7 ^ z8; - t53 = z0 ^ z3; - t54 = z6 ^ z7; - t55 = z16 ^ z17; - t56 = z12 ^ t48; - t57 = t50 ^ t53; - t58 = z4 ^ t46; - t59 = z3 ^ t54; - t60 = t46 ^ t57; - t61 = z14 ^ t57; - t62 = t52 ^ t58; - t63 = t49 ^ t58; - t64 = z4 ^ t59; - t65 = t61 ^ t62; - t66 = z1 ^ t63; - s0 = t59 ^ t63; - s6 = t56 ^ ~t62; - s7 = t48 ^ ~t60; - t67 = t64 ^ t65; - s3 = t53 ^ t66; - s4 = t51 ^ t66; - s5 = t47 ^ t65; - s1 = t64 ^ ~s3; - s2 = t55 ^ ~t67; - - q[7] = s0; - q[6] = s1; - q[5] = s2; - q[4] = s3; - q[3] = s4; - q[2] = s5; - q[1] = s6; - q[0] = s7; -} - -static void br_aes_ct_ortho(uint32_t *q) -{ -#define SWAPN_32(cl, ch, s, x, y) do { \ - uint32_t a, b; \ - a = (x); \ - b = (y); \ - (x) = (a & (uint32_t)cl) | ((b & (uint32_t)cl) << (s)); \ - (y) = ((a & (uint32_t)ch) >> (s)) | (b & (uint32_t)ch); \ - } while (0) - -#define SWAP2_32(x, y) SWAPN_32(0x55555555, 0xAAAAAAAA, 1, x, y) -#define SWAP4_32(x, y) SWAPN_32(0x33333333, 0xCCCCCCCC, 2, x, y) -#define SWAP8_32(x, y) SWAPN_32(0x0F0F0F0F, 0xF0F0F0F0, 4, x, y) - - SWAP2_32(q[0], q[1]); - SWAP2_32(q[2], q[3]); - SWAP2_32(q[4], q[5]); - SWAP2_32(q[6], q[7]); - - SWAP4_32(q[0], q[2]); - SWAP4_32(q[1], q[3]); - SWAP4_32(q[4], q[6]); - SWAP4_32(q[5], q[7]); - - SWAP8_32(q[0], q[4]); - SWAP8_32(q[1], q[5]); - SWAP8_32(q[2], q[6]); - SWAP8_32(q[3], q[7]); -} - -static inline void add_round_key32(uint32_t *q, const uint32_t *sk) -{ - q[0] ^= sk[0]; - q[1] ^= sk[1]; - q[2] ^= sk[2]; - q[3] ^= sk[3]; - q[4] ^= sk[4]; - q[5] ^= sk[5]; - q[6] ^= sk[6]; - q[7] ^= sk[7]; -} - -static inline void shift_rows32(uint32_t *q) -{ - int i; - - for (i = 0; i < 8; i++) { - uint32_t x; - - x = q[i]; - q[i] = (x & 0x000000FF) - | ((x & 0x0000FC00) >> 2) | ((x & 0x00000300) << 6) - | ((x & 0x00F00000) >> 4) | ((x & 0x000F0000) << 4) - | ((x & 0xC0000000) >> 6) | ((x & 0x3F000000) << 2); - } -} - -static inline uint32_t rotr16(uint32_t x) -{ - return (x << 16) | (x >> 16); -} - -static inline void mix_columns32(uint32_t *q) -{ - uint32_t q0, q1, q2, q3, q4, q5, q6, q7; - uint32_t r0, r1, r2, r3, r4, r5, r6, r7; - - q0 = q[0]; - q1 = q[1]; - q2 = q[2]; - q3 = q[3]; - q4 = q[4]; - q5 = q[5]; - q6 = q[6]; - q7 = q[7]; - r0 = (q0 >> 8) | (q0 << 24); - r1 = (q1 >> 8) | (q1 << 24); - r2 = (q2 >> 8) | (q2 << 24); - r3 = (q3 >> 8) | (q3 << 24); - r4 = (q4 >> 8) | (q4 << 24); - r5 = (q5 >> 8) | (q5 << 24); - r6 = (q6 >> 8) | (q6 << 24); - r7 = (q7 >> 8) | (q7 << 24); - - q[0] = q7 ^ r7 ^ r0 ^ rotr16(q0 ^ r0); - q[1] = q0 ^ r0 ^ q7 ^ r7 ^ r1 ^ rotr16(q1 ^ r1); - q[2] = q1 ^ r1 ^ r2 ^ rotr16(q2 ^ r2); - q[3] = q2 ^ r2 ^ q7 ^ r7 ^ r3 ^ rotr16(q3 ^ r3); - q[4] = q3 ^ r3 ^ q7 ^ r7 ^ r4 ^ rotr16(q4 ^ r4); - q[5] = q4 ^ r4 ^ r5 ^ rotr16(q5 ^ r5); - q[6] = q5 ^ r5 ^ r6 ^ rotr16(q6 ^ r6); - q[7] = q6 ^ r6 ^ r7 ^ rotr16(q7 ^ r7); -} - -static void br_aes_ct64_ortho(uint64_t *q) -{ -#define SWAPN(cl, ch, s, x, y) do { \ - uint64_t a, b; \ - a = (x); \ - b = (y); \ - (x) = (a & (uint64_t)(cl)) | ((b & (uint64_t)(cl)) << (s)); \ - (y) = ((a & (uint64_t)(ch)) >> (s)) | (b & (uint64_t)(ch)); \ - } while (0) - -#define SWAP2(x, y) SWAPN(0x5555555555555555, 0xAAAAAAAAAAAAAAAA, 1, x, y) -#define SWAP4(x, y) SWAPN(0x3333333333333333, 0xCCCCCCCCCCCCCCCC, 2, x, y) -#define SWAP8(x, y) SWAPN(0x0F0F0F0F0F0F0F0F, 0xF0F0F0F0F0F0F0F0, 4, x, y) - - SWAP2(q[0], q[1]); - SWAP2(q[2], q[3]); - SWAP2(q[4], q[5]); - SWAP2(q[6], q[7]); - - SWAP4(q[0], q[2]); - SWAP4(q[1], q[3]); - SWAP4(q[4], q[6]); - SWAP4(q[5], q[7]); - - SWAP8(q[0], q[4]); - SWAP8(q[1], q[5]); - SWAP8(q[2], q[6]); - SWAP8(q[3], q[7]); -} - - -static void br_aes_ct64_interleave_in(uint64_t *q0, uint64_t *q1, const uint32_t *w) -{ - uint64_t x0, x1, x2, x3; - - x0 = w[0]; - x1 = w[1]; - x2 = w[2]; - x3 = w[3]; - x0 |= (x0 << 16); - x1 |= (x1 << 16); - x2 |= (x2 << 16); - x3 |= (x3 << 16); - x0 &= (uint64_t)0x0000FFFF0000FFFF; - x1 &= (uint64_t)0x0000FFFF0000FFFF; - x2 &= (uint64_t)0x0000FFFF0000FFFF; - x3 &= (uint64_t)0x0000FFFF0000FFFF; - x0 |= (x0 << 8); - x1 |= (x1 << 8); - x2 |= (x2 << 8); - x3 |= (x3 << 8); - x0 &= (uint64_t)0x00FF00FF00FF00FF; - x1 &= (uint64_t)0x00FF00FF00FF00FF; - x2 &= (uint64_t)0x00FF00FF00FF00FF; - x3 &= (uint64_t)0x00FF00FF00FF00FF; - *q0 = x0 | (x2 << 8); - *q1 = x1 | (x3 << 8); -} - - -static void br_aes_ct64_interleave_out(uint32_t *w, uint64_t q0, uint64_t q1) -{ - uint64_t x0, x1, x2, x3; - - x0 = q0 & (uint64_t)0x00FF00FF00FF00FF; - x1 = q1 & (uint64_t)0x00FF00FF00FF00FF; - x2 = (q0 >> 8) & (uint64_t)0x00FF00FF00FF00FF; - x3 = (q1 >> 8) & (uint64_t)0x00FF00FF00FF00FF; - x0 |= (x0 >> 8); - x1 |= (x1 >> 8); - x2 |= (x2 >> 8); - x3 |= (x3 >> 8); - x0 &= (uint64_t)0x0000FFFF0000FFFF; - x1 &= (uint64_t)0x0000FFFF0000FFFF; - x2 &= (uint64_t)0x0000FFFF0000FFFF; - x3 &= (uint64_t)0x0000FFFF0000FFFF; - w[0] = (uint32_t)x0 | (uint32_t)(x0 >> 16); - w[1] = (uint32_t)x1 | (uint32_t)(x1 >> 16); - w[2] = (uint32_t)x2 | (uint32_t)(x2 >> 16); - w[3] = (uint32_t)x3 | (uint32_t)(x3 >> 16); -} - -static inline void add_round_key(uint64_t *q, const uint64_t *sk) -{ - q[0] ^= sk[0]; - q[1] ^= sk[1]; - q[2] ^= sk[2]; - q[3] ^= sk[3]; - q[4] ^= sk[4]; - q[5] ^= sk[5]; - q[6] ^= sk[6]; - q[7] ^= sk[7]; -} - -static inline void shift_rows(uint64_t *q) -{ - int i; - - for (i = 0; i < 8; i++) { - uint64_t x; - - x = q[i]; - q[i] = (x & (uint64_t)0x000000000000FFFF) - | ((x & (uint64_t)0x00000000FFF00000) >> 4) - | ((x & (uint64_t)0x00000000000F0000) << 12) - | ((x & (uint64_t)0x0000FF0000000000) >> 8) - | ((x & (uint64_t)0x000000FF00000000) << 8) - | ((x & (uint64_t)0xF000000000000000) >> 12) - | ((x & (uint64_t)0x0FFF000000000000) << 4); - } -} - -static inline uint64_t rotr32(uint64_t x) -{ - return (x << 32) | (x >> 32); -} - -static inline void mix_columns(uint64_t *q) -{ - uint64_t q0, q1, q2, q3, q4, q5, q6, q7; - uint64_t r0, r1, r2, r3, r4, r5, r6, r7; - - q0 = q[0]; - q1 = q[1]; - q2 = q[2]; - q3 = q[3]; - q4 = q[4]; - q5 = q[5]; - q6 = q[6]; - q7 = q[7]; - r0 = (q0 >> 16) | (q0 << 48); - r1 = (q1 >> 16) | (q1 << 48); - r2 = (q2 >> 16) | (q2 << 48); - r3 = (q3 >> 16) | (q3 << 48); - r4 = (q4 >> 16) | (q4 << 48); - r5 = (q5 >> 16) | (q5 << 48); - r6 = (q6 >> 16) | (q6 << 48); - r7 = (q7 >> 16) | (q7 << 48); - - q[0] = q7 ^ r7 ^ r0 ^ rotr32(q0 ^ r0); - q[1] = q0 ^ r0 ^ q7 ^ r7 ^ r1 ^ rotr32(q1 ^ r1); - q[2] = q1 ^ r1 ^ r2 ^ rotr32(q2 ^ r2); - q[3] = q2 ^ r2 ^ q7 ^ r7 ^ r3 ^ rotr32(q3 ^ r3); - q[4] = q3 ^ r3 ^ q7 ^ r7 ^ r4 ^ rotr32(q4 ^ r4); - q[5] = q4 ^ r4 ^ r5 ^ rotr32(q5 ^ r5); - q[6] = q5 ^ r5 ^ r6 ^ rotr32(q6 ^ r6); - q[7] = q6 ^ r6 ^ r7 ^ rotr32(q7 ^ r7); -} - -static void interleave_constant(uint64_t *out, const unsigned char *in) -{ - uint32_t tmp_32_constant[16]; - int i; - - br_range_dec32le(tmp_32_constant, 16, in); - for (i = 0; i < 4; i++) { - br_aes_ct64_interleave_in(&out[i], &out[i + 4], tmp_32_constant + (i << 2)); - } - br_aes_ct64_ortho(out); -} - -static void interleave_constant32(uint32_t *out, const unsigned char *in) -{ - int i; - for (i = 0; i < 4; i++) { - out[2*i] = br_dec32le(in + 4*i); - out[2*i + 1] = br_dec32le(in + 4*i + 16); - } - br_aes_ct_ortho(out); -} - -void tweak_constants(spx_ctx *ctx) -{ - unsigned char buf[40*16]; - int i; - - /* Use the standard constants to generate tweaked ones. */ - memcpy((uint8_t *)ctx->tweaked512_rc64, (uint8_t *)haraka512_rc64, 40*16); - - /* Constants for pk.seed */ - haraka_S(buf, 40*16, ctx->pub_seed, SPX_N, ctx); - for (i = 0; i < 10; i++) { - interleave_constant32(ctx->tweaked256_rc32[i], buf + 32*i); - interleave_constant(ctx->tweaked512_rc64[i], buf + 64*i); - } -} - -static void haraka_S_absorb(unsigned char *s, unsigned int r, - const unsigned char *m, unsigned long long mlen, - unsigned char p, const spx_ctx *ctx) -{ - unsigned long long i; - SPX_VLA(uint8_t, t, r); - - while (mlen >= r) { - /* XOR block to state */ - for (i = 0; i < r; ++i) { - s[i] ^= m[i]; - } - haraka512_perm(s, s, ctx); - mlen -= r; - m += r; - } - - for (i = 0; i < r; ++i) { - t[i] = 0; - } - for (i = 0; i < mlen; ++i) { - t[i] = m[i]; - } - t[i] = p; - t[r - 1] |= 128; - for (i = 0; i < r; ++i) { - s[i] ^= t[i]; - } -} - -static void haraka_S_squeezeblocks(unsigned char *h, unsigned long long nblocks, - unsigned char *s, unsigned int r, - const spx_ctx *ctx) -{ - while (nblocks > 0) { - haraka512_perm(s, s, ctx); - memcpy(h, s, HARAKAS_RATE); - h += r; - nblocks--; - } -} - -void haraka_S_inc_init(uint8_t *s_inc) -{ - size_t i; - - for (i = 0; i < 64; i++) { - s_inc[i] = 0; - } - s_inc[64] = 0; -} - -void haraka_S_inc_absorb(uint8_t *s_inc, const uint8_t *m, size_t mlen, - const spx_ctx *ctx) -{ - size_t i; - - /* Recall that s_inc[64] is the non-absorbed bytes xored into the state */ - while (mlen + s_inc[64] >= HARAKAS_RATE) { - for (i = 0; i < (size_t)(HARAKAS_RATE - s_inc[64]); i++) { - /* Take the i'th byte from message - xor with the s_inc[64] + i'th byte of the state */ - s_inc[s_inc[64] + i] ^= m[i]; - } - mlen -= (size_t)(HARAKAS_RATE - s_inc[64]); - m += HARAKAS_RATE - (uint8_t)s_inc[64]; - s_inc[64] = 0; - - haraka512_perm(s_inc, s_inc, ctx); - } - - for (i = 0; i < mlen; i++) { - s_inc[s_inc[64] + i] ^= m[i]; - } - s_inc[64] += (uint8_t)mlen; -} - -void haraka_S_inc_finalize(uint8_t *s_inc) -{ - /* After haraka_S_inc_absorb, we are guaranteed that s_inc[64] < HARAKAS_RATE, - so we can always use one more byte for p in the current state. */ - s_inc[s_inc[64]] ^= 0x1F; - s_inc[HARAKAS_RATE - 1] ^= 128; - s_inc[64] = 0; -} - -void haraka_S_inc_squeeze(uint8_t *out, size_t outlen, uint8_t *s_inc, - const spx_ctx *ctx) -{ - size_t i; - - /* First consume any bytes we still have sitting around */ - for (i = 0; i < outlen && i < s_inc[64]; i++) { - /* There are s_inc[64] bytes left, so r - s_inc[64] is the first - available byte. We consume from there, i.e., up to r. */ - out[i] = (uint8_t)s_inc[(HARAKAS_RATE - s_inc[64] + i)]; - } - out += i; - outlen -= i; - s_inc[64] -= (uint8_t)i; - - /* Then squeeze the remaining necessary blocks */ - while (outlen > 0) { - haraka512_perm(s_inc, s_inc, ctx); - - for (i = 0; i < outlen && i < HARAKAS_RATE; i++) { - out[i] = s_inc[i]; - } - out += i; - outlen -= i; - s_inc[64] = (uint8_t)(HARAKAS_RATE - i); - } -} - -void haraka_S(unsigned char *out, unsigned long long outlen, - const unsigned char *in, unsigned long long inlen, - const spx_ctx *ctx) -{ - unsigned long long i; - unsigned char s[64]; - unsigned char d[32]; - - for (i = 0; i < 64; i++) { - s[i] = 0; - } - haraka_S_absorb(s, 32, in, inlen, 0x1F, ctx); - - haraka_S_squeezeblocks(out, outlen / 32, s, 32, ctx); - out += (outlen / 32) * 32; - - if (outlen % 32) { - haraka_S_squeezeblocks(d, 1, s, 32, ctx); - for (i = 0; i < outlen % 32; i++) { - out[i] = d[i]; - } - } -} - -void haraka512_perm(unsigned char *out, const unsigned char *in, - const spx_ctx *ctx) -{ - uint32_t w[16]; - uint64_t q[8], tmp_q; - unsigned int i, j; - - br_range_dec32le(w, 16, in); - for (i = 0; i < 4; i++) { - br_aes_ct64_interleave_in(&q[i], &q[i + 4], w + (i << 2)); - } - br_aes_ct64_ortho(q); - - /* AES rounds */ - for (i = 0; i < 5; i++) { - for (j = 0; j < 2; j++) { - br_aes_ct64_bitslice_Sbox(q); - shift_rows(q); - mix_columns(q); - add_round_key(q, ctx->tweaked512_rc64[2*i + j]); - } - /* Mix states */ - for (j = 0; j < 8; j++) { - tmp_q = q[j]; - q[j] = (tmp_q & 0x0001000100010001) << 5 | - (tmp_q & 0x0002000200020002) << 12 | - (tmp_q & 0x0004000400040004) >> 1 | - (tmp_q & 0x0008000800080008) << 6 | - (tmp_q & 0x0020002000200020) << 9 | - (tmp_q & 0x0040004000400040) >> 4 | - (tmp_q & 0x0080008000800080) << 3 | - (tmp_q & 0x2100210021002100) >> 5 | - (tmp_q & 0x0210021002100210) << 2 | - (tmp_q & 0x0800080008000800) << 4 | - (tmp_q & 0x1000100010001000) >> 12 | - (tmp_q & 0x4000400040004000) >> 10 | - (tmp_q & 0x8400840084008400) >> 3; - } - } - - br_aes_ct64_ortho(q); - for (i = 0; i < 4; i ++) { - br_aes_ct64_interleave_out(w + (i << 2), q[i], q[i + 4]); - } - br_range_enc32le(out, w, 16); -} - -void haraka512(unsigned char *out, const unsigned char *in, const spx_ctx *ctx) -{ - int i; - - unsigned char buf[64]; - - haraka512_perm(buf, in, ctx); - /* Feed-forward */ - for (i = 0; i < 64; i++) { - buf[i] = buf[i] ^ in[i]; - } - - /* Truncated */ - memcpy(out, buf + 8, 8); - memcpy(out + 8, buf + 24, 8); - memcpy(out + 16, buf + 32, 8); - memcpy(out + 24, buf + 48, 8); -} - - -void haraka256(unsigned char *out, const unsigned char *in, - const spx_ctx *ctx) -{ - uint32_t q[8], tmp_q; - int i, j; - - for (i = 0; i < 4; i++) { - q[2*i] = br_dec32le(in + 4*i); - q[2*i + 1] = br_dec32le(in + 4*i + 16); - } - br_aes_ct_ortho(q); - - /* AES rounds */ - for (i = 0; i < 5; i++) { - for (j = 0; j < 2; j++) { - br_aes_ct_bitslice_Sbox(q); - shift_rows32(q); - mix_columns32(q); - add_round_key32(q, ctx->tweaked256_rc32[2*i + j]); - } - - /* Mix states */ - for (j = 0; j < 8; j++) { - tmp_q = q[j]; - q[j] = (tmp_q & 0x81818181) | - (tmp_q & 0x02020202) << 1 | - (tmp_q & 0x04040404) << 2 | - (tmp_q & 0x08080808) << 3 | - (tmp_q & 0x10101010) >> 3 | - (tmp_q & 0x20202020) >> 2 | - (tmp_q & 0x40404040) >> 1; - } - } - - br_aes_ct_ortho(q); - for (i = 0; i < 4; i++) { - br_enc32le(out + 4*i, q[2*i]); - br_enc32le(out + 4*i + 16, q[2*i + 1]); - } - - for (i = 0; i < 32; i++) { - out[i] ^= in[i]; - } -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/hash_haraka.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/hash_haraka.c deleted file mode 100644 index cd6beac..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/hash_haraka.c +++ /dev/null @@ -1,96 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/hash.h" -#include "../../../app/include/params.h" -#include "../../../app/include/utils.h" - -#include "../include/haraka.h" - -void initialize_hash_function(spx_ctx* ctx) -{ - tweak_constants(ctx); -} - -/* - * Computes PRF(key, addr), given a secret key of SPX_N bytes and an address - */ -void prf_addr(unsigned char *out, const spx_ctx *ctx, - const uint32_t addr[8]) -{ - /* Since SPX_N may be smaller than 32, we need temporary buffers. */ - unsigned char outbuf[32]; - unsigned char buf[64] = {0}; - - memcpy(buf, addr, SPX_ADDR_BYTES); - memcpy(buf + SPX_ADDR_BYTES, ctx->sk_seed, SPX_N); - - haraka512(outbuf, buf, ctx); - memcpy(out, outbuf, SPX_N); -} - -/** - * Computes the message-dependent randomness R, using a secret seed and an - * optional randomization value as well as the message. - */ -void gen_message_random(unsigned char *R, const unsigned char* sk_prf, - const unsigned char *optrand, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx) -{ - uint8_t s_inc[65]; - - haraka_S_inc_init(s_inc); - haraka_S_inc_absorb(s_inc, sk_prf, SPX_N, ctx); - haraka_S_inc_absorb(s_inc, optrand, SPX_N, ctx); - haraka_S_inc_absorb(s_inc, m, mlen, ctx); - haraka_S_inc_finalize(s_inc); - haraka_S_inc_squeeze(R, SPX_N, s_inc, ctx); -} - -/** - * Computes the message hash using R, the public key, and the message. - * Outputs the message digest and the index of the leaf. The index is split in - * the tree index and the leaf index, for convenient copying to an address. - */ -void hash_message(unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx, - const unsigned char *R, const unsigned char *pk, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx) -{ -#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1)) -#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8) -#define SPX_LEAF_BITS SPX_TREE_HEIGHT -#define SPX_LEAF_BYTES ((SPX_LEAF_BITS + 7) / 8) -#define SPX_DGST_BYTES (SPX_FORS_MSG_BYTES + SPX_TREE_BYTES + SPX_LEAF_BYTES) - - unsigned char buf[SPX_DGST_BYTES]; - unsigned char *bufp = buf; - uint8_t s_inc[65]; - - haraka_S_inc_init(s_inc); - haraka_S_inc_absorb(s_inc, R, SPX_N, ctx); - haraka_S_inc_absorb(s_inc, pk + SPX_N, SPX_N, ctx); // Only absorb root part of pk - haraka_S_inc_absorb(s_inc, m, mlen, ctx); - haraka_S_inc_finalize(s_inc); - haraka_S_inc_squeeze(buf, SPX_DGST_BYTES, s_inc, ctx); - - memcpy(digest, bufp, SPX_FORS_MSG_BYTES); - bufp += SPX_FORS_MSG_BYTES; - -#if SPX_TREE_BITS > 64 - #error For given height and depth, 64 bits cannot represent all subtrees -#endif - - if (SPX_D == 1) { - *tree = 0; - } else { - *tree = bytes_to_ull(bufp, SPX_TREE_BYTES); - *tree &= (~(uint64_t)0) >> (64 - SPX_TREE_BITS); - } - bufp += SPX_TREE_BYTES; - - *leaf_idx = (uint32_t)bytes_to_ull(bufp, SPX_LEAF_BYTES); - *leaf_idx &= (~(uint32_t)0) >> (32 - SPX_LEAF_BITS); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/thash_haraka_robust.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/thash_haraka_robust.c deleted file mode 100644 index b540bdc..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/thash_haraka_robust.c +++ /dev/null @@ -1,46 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/thash.h" -#include "../../../app/include/params.h" -#include "../../../app/include/utils.h" - -#include "../include/haraka.h" - -/** - * Takes an array of inblocks concatenated arrays of SPX_N bytes. - */ -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ - SPX_VLA(uint8_t, buf, SPX_ADDR_BYTES + inblocks*SPX_N); - SPX_VLA(uint8_t, bitmask, inblocks*SPX_N); - unsigned char outbuf[32]; - unsigned char buf_tmp[64]; - unsigned int i; - - if (inblocks == 1) { - /* F function */ - /* Since SPX_N may be smaller than 32, we need a temporary buffer. */ - memset(buf_tmp, 0, 64); - memcpy(buf_tmp, addr, 32); - - haraka256(outbuf, buf_tmp, ctx); - for (i = 0; i < inblocks * SPX_N; i++) { - buf_tmp[SPX_ADDR_BYTES + i] = in[i] ^ outbuf[i]; - } - haraka512(outbuf, buf_tmp, ctx); - memcpy(out, outbuf, SPX_N); - } else { - /* All other tweakable hashes*/ - memcpy(buf, addr, 32); - haraka_S(bitmask, inblocks * SPX_N, buf, SPX_ADDR_BYTES, ctx); - - for (i = 0; i < inblocks * SPX_N; i++) { - buf[SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i]; - } - - haraka_S(out, SPX_N, buf, SPX_ADDR_BYTES + inblocks*SPX_N, ctx); - } -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/thash_haraka_simple.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/thash_haraka_simple.c deleted file mode 100644 index 43b14c7..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/haraka/src/thash_haraka_simple.c +++ /dev/null @@ -1,37 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/thash.h" -#include "../../../app/include/params.h" -#include "../../../app/include/utils.h" - -#include "../include/haraka.h" - -/** - * Takes an array of inblocks concatenated arrays of SPX_N bytes. - */ -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ - SPX_VLA(uint8_t, buf, SPX_ADDR_BYTES + inblocks*SPX_N); - unsigned char outbuf[32]; - unsigned char buf_tmp[64]; - - if (inblocks == 1) { - /* F function */ - /* Since SPX_N may be smaller than 32, we need a temporary buffer. */ - memset(buf_tmp, 0, 64); - memcpy(buf_tmp, addr, 32); - memcpy(buf_tmp + SPX_ADDR_BYTES, in, SPX_N); - - haraka512(outbuf, buf_tmp, ctx); - memcpy(out, outbuf, SPX_N); - } else { - /* All other tweakable hashes*/ - memcpy(buf, addr, 32); - memcpy(buf + SPX_ADDR_BYTES, in, inblocks * SPX_N); - - haraka_S(out, SPX_N, buf, SPX_ADDR_BYTES + inblocks*SPX_N, ctx); - } -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/CMakeLists.txt b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/CMakeLists.txt deleted file mode 100644 index bf65803..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/CMakeLists.txt +++ /dev/null @@ -1,12 +0,0 @@ -set(SHA2_SOURCES - src/sha2.c - src/hash_sha2.c - ../../app/src/utils.c - src/thash_sha2_${THASH}.c -) - -set(PARAMS "sphincs-sha2-${SECPAR}") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DPARAMS=${PARAMS}") - -add_library(sha2 SHARED ${SHA2_SOURCES}) -target_include_directories(sha2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/include/sha2.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/include/sha2.h deleted file mode 100644 index 83038e2..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/include/sha2.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef SPX_SHA2_H -#define SPX_SHA2_H - -#include "../../../app/include/params.h" -#include "../../../app/include/context.h" - -#define SPX_SHA256_BLOCK_BYTES 64 -#define SPX_SHA256_OUTPUT_BYTES 32 /* This does not necessarily equal SPX_N */ - -#define SPX_SHA512_BLOCK_BYTES 128 -#define SPX_SHA512_OUTPUT_BYTES 64 - -#if SPX_SHA256_OUTPUT_BYTES < SPX_N - #error Linking against SHA-256 with N larger than 32 bytes is not supported -#endif - -#define SPX_SHA256_ADDR_BYTES 22 - -#include -#include - -void sha256_inc_init(uint8_t *state); -void sha256_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks); -void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen); -void sha256(uint8_t *out, const uint8_t *in, size_t inlen); - -void sha512_inc_init(uint8_t *state); -void sha512_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks); -void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen); -void sha512(uint8_t *out, const uint8_t *in, size_t inlen); - -#define mgf1_256 SPX_NAMESPACE(mgf1_256) -void mgf1_256(unsigned char *out, unsigned long outlen, - const unsigned char *in, unsigned long inlen); - -#define mgf1_512 SPX_NAMESPACE(mgf1_512) -void mgf1_512(unsigned char *out, unsigned long outlen, - const unsigned char *in, unsigned long inlen); - -#define seed_state SPX_NAMESPACE(seed_state) -void seed_state(spx_ctx *ctx); - - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/include/sha2_offsets.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/include/sha2_offsets.h deleted file mode 100644 index 49f7e85..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/include/sha2_offsets.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef SHA2_OFFSETS_H_ -#define SHA2_OFFSETS_H_ - -/* - * Offsets of various fields in the address structure when we use SHA2 as - * the Sphincs+ hash function - */ - -#define SPX_OFFSET_LAYER 0 /* The byte used to specify the Merkle tree layer */ -#define SPX_OFFSET_TREE 1 /* The start of the 8 byte field used to specify the tree */ -#define SPX_OFFSET_TYPE 9 /* The byte used to specify the hash type (reason) */ -#define SPX_OFFSET_KP_ADDR 10 /* The start of the 4 byte field used to specify the key pair address */ -#define SPX_OFFSET_CHAIN_ADDR 17 /* The byte used to specify the chain address (which Winternitz chain) */ -#define SPX_OFFSET_HASH_ADDR 21 /* The byte used to specify the hash address (where in the Winternitz chain) */ -#define SPX_OFFSET_TREE_HGT 17 /* The byte used to specify the height of this node in the FORS or Merkle tree */ -#define SPX_OFFSET_TREE_INDEX 18 /* The start of the 4 byte field used to specify the node in the FORS or Merkle tree */ - -#define SPX_SHA2 1 - -#endif /* SHA2_OFFSETS_H_ */ diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/hash_sha2.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/hash_sha2.c deleted file mode 100644 index e84b8a3..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/hash_sha2.c +++ /dev/null @@ -1,198 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/hash.h" -#include "../../../app/include/params.h" -#include "../../../app/include/utils.h" - -#include "../include/sha2.h" - -#if SPX_N >= 24 -#define SPX_SHAX_OUTPUT_BYTES SPX_SHA512_OUTPUT_BYTES -#define SPX_SHAX_BLOCK_BYTES SPX_SHA512_BLOCK_BYTES -#define shaX_inc_init sha512_inc_init -#define shaX_inc_blocks sha512_inc_blocks -#define shaX_inc_finalize sha512_inc_finalize -#define shaX sha512 -#define mgf1_X mgf1_512 -#else -#define SPX_SHAX_OUTPUT_BYTES SPX_SHA256_OUTPUT_BYTES -#define SPX_SHAX_BLOCK_BYTES SPX_SHA256_BLOCK_BYTES -#define shaX_inc_init sha256_inc_init -#define shaX_inc_blocks sha256_inc_blocks -#define shaX_inc_finalize sha256_inc_finalize -#define shaX sha256 -#define mgf1_X mgf1_256 -#endif - - -/* For SHA, there is no immediate reason to initialize at the start, - so this function is an empty operation. */ -void initialize_hash_function(spx_ctx *ctx) -{ - seed_state(ctx); -} - -/* - * Computes PRF(pk_seed, sk_seed, addr). - */ -void prf_addr(unsigned char *out, const spx_ctx *ctx, - const uint32_t addr[8]) -{ - uint8_t sha2_state[40]; - unsigned char buf[SPX_SHA256_ADDR_BYTES + SPX_N]; - unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - - /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, ctx->state_seeded, 40 * sizeof(uint8_t)); - - /* Remainder: ADDR^c ‖ SK.seed */ - memcpy(buf, addr, SPX_SHA256_ADDR_BYTES); - memcpy(buf + SPX_SHA256_ADDR_BYTES, ctx->sk_seed, SPX_N); - - sha256_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + SPX_N); - - memcpy(out, outbuf, SPX_N); -} - -/** - * Computes the message-dependent randomness R, using a secret seed as a key - * for HMAC, and an optional randomization value prefixed to the message. - * This requires m to have at least SPX_SHAX_BLOCK_BYTES + SPX_N space - * available in front of the pointer, i.e. before the message to use for the - * prefix. This is necessary to prevent having to move the message around (and - * allocate memory for it). - */ -void gen_message_random(unsigned char *R, const unsigned char *sk_prf, - const unsigned char *optrand, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx) -{ - (void)ctx; - - unsigned char buf[SPX_SHAX_BLOCK_BYTES + SPX_SHAX_OUTPUT_BYTES]; - uint8_t state[8 + SPX_SHAX_OUTPUT_BYTES]; - int i; - -#if SPX_N > SPX_SHAX_BLOCK_BYTES - #error "Currently only supports SPX_N of at most SPX_SHAX_BLOCK_BYTES" -#endif - - /* This implements HMAC-SHA */ - for (i = 0; i < SPX_N; i++) { - buf[i] = 0x36 ^ sk_prf[i]; - } - memset(buf + SPX_N, 0x36, SPX_SHAX_BLOCK_BYTES - SPX_N); - - shaX_inc_init(state); - shaX_inc_blocks(state, buf, 1); - - memcpy(buf, optrand, SPX_N); - - /* If optrand + message cannot fill up an entire block */ - if (SPX_N + mlen < SPX_SHAX_BLOCK_BYTES) { - memcpy(buf + SPX_N, m, mlen); - shaX_inc_finalize(buf + SPX_SHAX_BLOCK_BYTES, state, - buf, mlen + SPX_N); - } - /* Otherwise first fill a block, so that finalize only uses the message */ - else { - memcpy(buf + SPX_N, m, SPX_SHAX_BLOCK_BYTES - SPX_N); - shaX_inc_blocks(state, buf, 1); - - m += SPX_SHAX_BLOCK_BYTES - SPX_N; - mlen -= SPX_SHAX_BLOCK_BYTES - SPX_N; - shaX_inc_finalize(buf + SPX_SHAX_BLOCK_BYTES, state, m, mlen); - } - - for (i = 0; i < SPX_N; i++) { - buf[i] = 0x5c ^ sk_prf[i]; - } - memset(buf + SPX_N, 0x5c, SPX_SHAX_BLOCK_BYTES - SPX_N); - - shaX(buf, buf, SPX_SHAX_BLOCK_BYTES + SPX_SHAX_OUTPUT_BYTES); - memcpy(R, buf, SPX_N); -} - -/** - * Computes the message hash using R, the public key, and the message. - * Outputs the message digest and the index of the leaf. The index is split in - * the tree index and the leaf index, for convenient copying to an address. - */ -void hash_message(unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx, - const unsigned char *R, const unsigned char *pk, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx) -{ - (void)ctx; -#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1)) -#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8) -#define SPX_LEAF_BITS SPX_TREE_HEIGHT -#define SPX_LEAF_BYTES ((SPX_LEAF_BITS + 7) / 8) -#define SPX_DGST_BYTES (SPX_FORS_MSG_BYTES + SPX_TREE_BYTES + SPX_LEAF_BYTES) - - unsigned char seed[2*SPX_N + SPX_SHAX_OUTPUT_BYTES]; - - /* Round to nearest multiple of SPX_SHAX_BLOCK_BYTES */ -#if (SPX_SHAX_BLOCK_BYTES & (SPX_SHAX_BLOCK_BYTES-1)) != 0 - #error "Assumes that SPX_SHAX_BLOCK_BYTES is a power of 2" -#endif -#define SPX_INBLOCKS (((SPX_N + SPX_PK_BYTES + SPX_SHAX_BLOCK_BYTES - 1) & \ - -SPX_SHAX_BLOCK_BYTES) / SPX_SHAX_BLOCK_BYTES) - unsigned char inbuf[SPX_INBLOCKS * SPX_SHAX_BLOCK_BYTES]; - - unsigned char buf[SPX_DGST_BYTES]; - unsigned char *bufp = buf; - uint8_t state[8 + SPX_SHAX_OUTPUT_BYTES]; - - shaX_inc_init(state); - - // seed: SHA-X(R ‖ PK.seed ‖ PK.root ‖ M) - memcpy(inbuf, R, SPX_N); - memcpy(inbuf + SPX_N, pk, SPX_PK_BYTES); - - /* If R + pk + message cannot fill up an entire block */ - if (SPX_N + SPX_PK_BYTES + mlen < SPX_INBLOCKS * SPX_SHAX_BLOCK_BYTES) { - memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, mlen); - shaX_inc_finalize(seed + 2*SPX_N, state, inbuf, SPX_N + SPX_PK_BYTES + mlen); - } - /* Otherwise first fill a block, so that finalize only uses the message */ - else { - memcpy(inbuf + SPX_N + SPX_PK_BYTES, m, - SPX_INBLOCKS * SPX_SHAX_BLOCK_BYTES - SPX_N - SPX_PK_BYTES); - shaX_inc_blocks(state, inbuf, SPX_INBLOCKS); - - m += SPX_INBLOCKS * SPX_SHAX_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - mlen -= SPX_INBLOCKS * SPX_SHAX_BLOCK_BYTES - SPX_N - SPX_PK_BYTES; - shaX_inc_finalize(seed + 2*SPX_N, state, m, mlen); - } - - // H_msg: MGF1-SHA-X(R ‖ PK.seed ‖ seed) - memcpy(seed, R, SPX_N); - memcpy(seed + SPX_N, pk, SPX_N); - - /* By doing this in two steps, we prevent hashing the message twice; - otherwise each iteration in MGF1 would hash the message again. */ - mgf1_X(bufp, SPX_DGST_BYTES, seed, 2*SPX_N + SPX_SHAX_OUTPUT_BYTES); - - memcpy(digest, bufp, SPX_FORS_MSG_BYTES); - bufp += SPX_FORS_MSG_BYTES; - -#if SPX_TREE_BITS > 64 - #error For given height and depth, 64 bits cannot represent all subtrees -#endif - - if (SPX_D == 1) { - *tree = 0; - } else { - *tree = bytes_to_ull(bufp, SPX_TREE_BYTES); - *tree &= (~(uint64_t)0) >> (64 - SPX_TREE_BITS); - } - bufp += SPX_TREE_BYTES; - - *leaf_idx = (uint32_t)bytes_to_ull(bufp, SPX_LEAF_BYTES); - *leaf_idx &= (~(uint32_t)0) >> (32 - SPX_LEAF_BITS); -} - - diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/sha2.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/sha2.c deleted file mode 100644 index 3d311eb..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/sha2.c +++ /dev/null @@ -1,701 +0,0 @@ -/* Based on the public domain implementation in - * crypto_hash/sha512/ref/ from http://bench.cr.yp.to/supercop.html - * by D. J. Bernstein */ - -#include -#include -#include - -#include "../../../app/include/utils.h" - -#include "../include/sha2.h" - -static uint32_t load_bigendian_32(const uint8_t *x) { - return (uint32_t)(x[3]) | (((uint32_t)(x[2])) << 8) | - (((uint32_t)(x[1])) << 16) | (((uint32_t)(x[0])) << 24); -} - -static uint64_t load_bigendian_64(const uint8_t *x) { - return (uint64_t)(x[7]) | (((uint64_t)(x[6])) << 8) | - (((uint64_t)(x[5])) << 16) | (((uint64_t)(x[4])) << 24) | - (((uint64_t)(x[3])) << 32) | (((uint64_t)(x[2])) << 40) | - (((uint64_t)(x[1])) << 48) | (((uint64_t)(x[0])) << 56); -} - -static void store_bigendian_32(uint8_t *x, uint64_t u) { - x[3] = (uint8_t) u; - u >>= 8; - x[2] = (uint8_t) u; - u >>= 8; - x[1] = (uint8_t) u; - u >>= 8; - x[0] = (uint8_t) u; -} - -static void store_bigendian_64(uint8_t *x, uint64_t u) { - x[7] = (uint8_t) u; - u >>= 8; - x[6] = (uint8_t) u; - u >>= 8; - x[5] = (uint8_t) u; - u >>= 8; - x[4] = (uint8_t) u; - u >>= 8; - x[3] = (uint8_t) u; - u >>= 8; - x[2] = (uint8_t) u; - u >>= 8; - x[1] = (uint8_t) u; - u >>= 8; - x[0] = (uint8_t) u; -} - -#define SHR(x, c) ((x) >> (c)) -#define ROTR_32(x, c) (((x) >> (c)) | ((x) << (32 - (c)))) -#define ROTR_64(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) - -#define Ch(x, y, z) (((x) & (y)) ^ (~(x) & (z))) -#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -#define Sigma0_32(x) (ROTR_32(x, 2) ^ ROTR_32(x,13) ^ ROTR_32(x,22)) -#define Sigma1_32(x) (ROTR_32(x, 6) ^ ROTR_32(x,11) ^ ROTR_32(x,25)) -#define sigma0_32(x) (ROTR_32(x, 7) ^ ROTR_32(x,18) ^ SHR(x, 3)) -#define sigma1_32(x) (ROTR_32(x,17) ^ ROTR_32(x,19) ^ SHR(x,10)) - -#define Sigma0_64(x) (ROTR_64(x,28) ^ ROTR_64(x,34) ^ ROTR_64(x,39)) -#define Sigma1_64(x) (ROTR_64(x,14) ^ ROTR_64(x,18) ^ ROTR_64(x,41)) -#define sigma0_64(x) (ROTR_64(x, 1) ^ ROTR_64(x, 8) ^ SHR(x,7)) -#define sigma1_64(x) (ROTR_64(x,19) ^ ROTR_64(x,61) ^ SHR(x,6)) - -#define M_32(w0, w14, w9, w1) w0 = sigma1_32(w14) + (w9) + sigma0_32(w1) + (w0); -#define M_64(w0, w14, w9, w1) w0 = sigma1_64(w14) + (w9) + sigma0_64(w1) + (w0); - -#define EXPAND_32 \ - M_32(w0, w14, w9, w1) \ - M_32(w1, w15, w10, w2) \ - M_32(w2, w0, w11, w3) \ - M_32(w3, w1, w12, w4) \ - M_32(w4, w2, w13, w5) \ - M_32(w5, w3, w14, w6) \ - M_32(w6, w4, w15, w7) \ - M_32(w7, w5, w0, w8) \ - M_32(w8, w6, w1, w9) \ - M_32(w9, w7, w2, w10) \ - M_32(w10, w8, w3, w11) \ - M_32(w11, w9, w4, w12) \ - M_32(w12, w10, w5, w13) \ - M_32(w13, w11, w6, w14) \ - M_32(w14, w12, w7, w15) \ - M_32(w15, w13, w8, w0) - -#define EXPAND_64 \ - M_64(w0 ,w14,w9 ,w1 ) \ - M_64(w1 ,w15,w10,w2 ) \ - M_64(w2 ,w0 ,w11,w3 ) \ - M_64(w3 ,w1 ,w12,w4 ) \ - M_64(w4 ,w2 ,w13,w5 ) \ - M_64(w5 ,w3 ,w14,w6 ) \ - M_64(w6 ,w4 ,w15,w7 ) \ - M_64(w7 ,w5 ,w0 ,w8 ) \ - M_64(w8 ,w6 ,w1 ,w9 ) \ - M_64(w9 ,w7 ,w2 ,w10) \ - M_64(w10,w8 ,w3 ,w11) \ - M_64(w11,w9 ,w4 ,w12) \ - M_64(w12,w10,w5 ,w13) \ - M_64(w13,w11,w6 ,w14) \ - M_64(w14,w12,w7 ,w15) \ - M_64(w15,w13,w8 ,w0 ) - -#define F_32(w, k) \ - T1 = h + Sigma1_32(e) + Ch(e, f, g) + (k) + (w); \ - T2 = Sigma0_32(a) + Maj(a, b, c); \ - h = g; \ - g = f; \ - f = e; \ - e = d + T1; \ - d = c; \ - c = b; \ - b = a; \ - a = T1 + T2; - -#define F_64(w,k) \ - T1 = h + Sigma1_64(e) + Ch(e,f,g) + k + w; \ - T2 = Sigma0_64(a) + Maj(a,b,c); \ - h = g; \ - g = f; \ - f = e; \ - e = d + T1; \ - d = c; \ - c = b; \ - b = a; \ - a = T1 + T2; - -static size_t crypto_hashblocks_sha256(uint8_t *statebytes, - const uint8_t *in, size_t inlen) { - uint32_t state[8]; - uint32_t a; - uint32_t b; - uint32_t c; - uint32_t d; - uint32_t e; - uint32_t f; - uint32_t g; - uint32_t h; - uint32_t T1; - uint32_t T2; - - a = load_bigendian_32(statebytes + 0); - state[0] = a; - b = load_bigendian_32(statebytes + 4); - state[1] = b; - c = load_bigendian_32(statebytes + 8); - state[2] = c; - d = load_bigendian_32(statebytes + 12); - state[3] = d; - e = load_bigendian_32(statebytes + 16); - state[4] = e; - f = load_bigendian_32(statebytes + 20); - state[5] = f; - g = load_bigendian_32(statebytes + 24); - state[6] = g; - h = load_bigendian_32(statebytes + 28); - state[7] = h; - - while (inlen >= 64) { - uint32_t w0 = load_bigendian_32(in + 0); - uint32_t w1 = load_bigendian_32(in + 4); - uint32_t w2 = load_bigendian_32(in + 8); - uint32_t w3 = load_bigendian_32(in + 12); - uint32_t w4 = load_bigendian_32(in + 16); - uint32_t w5 = load_bigendian_32(in + 20); - uint32_t w6 = load_bigendian_32(in + 24); - uint32_t w7 = load_bigendian_32(in + 28); - uint32_t w8 = load_bigendian_32(in + 32); - uint32_t w9 = load_bigendian_32(in + 36); - uint32_t w10 = load_bigendian_32(in + 40); - uint32_t w11 = load_bigendian_32(in + 44); - uint32_t w12 = load_bigendian_32(in + 48); - uint32_t w13 = load_bigendian_32(in + 52); - uint32_t w14 = load_bigendian_32(in + 56); - uint32_t w15 = load_bigendian_32(in + 60); - - F_32(w0, 0x428a2f98) - F_32(w1, 0x71374491) - F_32(w2, 0xb5c0fbcf) - F_32(w3, 0xe9b5dba5) - F_32(w4, 0x3956c25b) - F_32(w5, 0x59f111f1) - F_32(w6, 0x923f82a4) - F_32(w7, 0xab1c5ed5) - F_32(w8, 0xd807aa98) - F_32(w9, 0x12835b01) - F_32(w10, 0x243185be) - F_32(w11, 0x550c7dc3) - F_32(w12, 0x72be5d74) - F_32(w13, 0x80deb1fe) - F_32(w14, 0x9bdc06a7) - F_32(w15, 0xc19bf174) - - EXPAND_32 - - F_32(w0, 0xe49b69c1) - F_32(w1, 0xefbe4786) - F_32(w2, 0x0fc19dc6) - F_32(w3, 0x240ca1cc) - F_32(w4, 0x2de92c6f) - F_32(w5, 0x4a7484aa) - F_32(w6, 0x5cb0a9dc) - F_32(w7, 0x76f988da) - F_32(w8, 0x983e5152) - F_32(w9, 0xa831c66d) - F_32(w10, 0xb00327c8) - F_32(w11, 0xbf597fc7) - F_32(w12, 0xc6e00bf3) - F_32(w13, 0xd5a79147) - F_32(w14, 0x06ca6351) - F_32(w15, 0x14292967) - - EXPAND_32 - - F_32(w0, 0x27b70a85) - F_32(w1, 0x2e1b2138) - F_32(w2, 0x4d2c6dfc) - F_32(w3, 0x53380d13) - F_32(w4, 0x650a7354) - F_32(w5, 0x766a0abb) - F_32(w6, 0x81c2c92e) - F_32(w7, 0x92722c85) - F_32(w8, 0xa2bfe8a1) - F_32(w9, 0xa81a664b) - F_32(w10, 0xc24b8b70) - F_32(w11, 0xc76c51a3) - F_32(w12, 0xd192e819) - F_32(w13, 0xd6990624) - F_32(w14, 0xf40e3585) - F_32(w15, 0x106aa070) - - EXPAND_32 - - F_32(w0, 0x19a4c116) - F_32(w1, 0x1e376c08) - F_32(w2, 0x2748774c) - F_32(w3, 0x34b0bcb5) - F_32(w4, 0x391c0cb3) - F_32(w5, 0x4ed8aa4a) - F_32(w6, 0x5b9cca4f) - F_32(w7, 0x682e6ff3) - F_32(w8, 0x748f82ee) - F_32(w9, 0x78a5636f) - F_32(w10, 0x84c87814) - F_32(w11, 0x8cc70208) - F_32(w12, 0x90befffa) - F_32(w13, 0xa4506ceb) - F_32(w14, 0xbef9a3f7) - F_32(w15, 0xc67178f2) - - a += state[0]; - b += state[1]; - c += state[2]; - d += state[3]; - e += state[4]; - f += state[5]; - g += state[6]; - h += state[7]; - - state[0] = a; - state[1] = b; - state[2] = c; - state[3] = d; - state[4] = e; - state[5] = f; - state[6] = g; - state[7] = h; - - in += 64; - inlen -= 64; - } - - store_bigendian_32(statebytes + 0, state[0]); - store_bigendian_32(statebytes + 4, state[1]); - store_bigendian_32(statebytes + 8, state[2]); - store_bigendian_32(statebytes + 12, state[3]); - store_bigendian_32(statebytes + 16, state[4]); - store_bigendian_32(statebytes + 20, state[5]); - store_bigendian_32(statebytes + 24, state[6]); - store_bigendian_32(statebytes + 28, state[7]); - - return inlen; -} - -static int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) -{ - uint64_t state[8]; - uint64_t a; - uint64_t b; - uint64_t c; - uint64_t d; - uint64_t e; - uint64_t f; - uint64_t g; - uint64_t h; - uint64_t T1; - uint64_t T2; - - a = load_bigendian_64(statebytes + 0); state[0] = a; - b = load_bigendian_64(statebytes + 8); state[1] = b; - c = load_bigendian_64(statebytes + 16); state[2] = c; - d = load_bigendian_64(statebytes + 24); state[3] = d; - e = load_bigendian_64(statebytes + 32); state[4] = e; - f = load_bigendian_64(statebytes + 40); state[5] = f; - g = load_bigendian_64(statebytes + 48); state[6] = g; - h = load_bigendian_64(statebytes + 56); state[7] = h; - - while (inlen >= 128) { - uint64_t w0 = load_bigendian_64(in + 0); - uint64_t w1 = load_bigendian_64(in + 8); - uint64_t w2 = load_bigendian_64(in + 16); - uint64_t w3 = load_bigendian_64(in + 24); - uint64_t w4 = load_bigendian_64(in + 32); - uint64_t w5 = load_bigendian_64(in + 40); - uint64_t w6 = load_bigendian_64(in + 48); - uint64_t w7 = load_bigendian_64(in + 56); - uint64_t w8 = load_bigendian_64(in + 64); - uint64_t w9 = load_bigendian_64(in + 72); - uint64_t w10 = load_bigendian_64(in + 80); - uint64_t w11 = load_bigendian_64(in + 88); - uint64_t w12 = load_bigendian_64(in + 96); - uint64_t w13 = load_bigendian_64(in + 104); - uint64_t w14 = load_bigendian_64(in + 112); - uint64_t w15 = load_bigendian_64(in + 120); - - F_64(w0 ,0x428a2f98d728ae22ULL) - F_64(w1 ,0x7137449123ef65cdULL) - F_64(w2 ,0xb5c0fbcfec4d3b2fULL) - F_64(w3 ,0xe9b5dba58189dbbcULL) - F_64(w4 ,0x3956c25bf348b538ULL) - F_64(w5 ,0x59f111f1b605d019ULL) - F_64(w6 ,0x923f82a4af194f9bULL) - F_64(w7 ,0xab1c5ed5da6d8118ULL) - F_64(w8 ,0xd807aa98a3030242ULL) - F_64(w9 ,0x12835b0145706fbeULL) - F_64(w10,0x243185be4ee4b28cULL) - F_64(w11,0x550c7dc3d5ffb4e2ULL) - F_64(w12,0x72be5d74f27b896fULL) - F_64(w13,0x80deb1fe3b1696b1ULL) - F_64(w14,0x9bdc06a725c71235ULL) - F_64(w15,0xc19bf174cf692694ULL) - - EXPAND_64 - - F_64(w0 ,0xe49b69c19ef14ad2ULL) - F_64(w1 ,0xefbe4786384f25e3ULL) - F_64(w2 ,0x0fc19dc68b8cd5b5ULL) - F_64(w3 ,0x240ca1cc77ac9c65ULL) - F_64(w4 ,0x2de92c6f592b0275ULL) - F_64(w5 ,0x4a7484aa6ea6e483ULL) - F_64(w6 ,0x5cb0a9dcbd41fbd4ULL) - F_64(w7 ,0x76f988da831153b5ULL) - F_64(w8 ,0x983e5152ee66dfabULL) - F_64(w9 ,0xa831c66d2db43210ULL) - F_64(w10,0xb00327c898fb213fULL) - F_64(w11,0xbf597fc7beef0ee4ULL) - F_64(w12,0xc6e00bf33da88fc2ULL) - F_64(w13,0xd5a79147930aa725ULL) - F_64(w14,0x06ca6351e003826fULL) - F_64(w15,0x142929670a0e6e70ULL) - - EXPAND_64 - - F_64(w0 ,0x27b70a8546d22ffcULL) - F_64(w1 ,0x2e1b21385c26c926ULL) - F_64(w2 ,0x4d2c6dfc5ac42aedULL) - F_64(w3 ,0x53380d139d95b3dfULL) - F_64(w4 ,0x650a73548baf63deULL) - F_64(w5 ,0x766a0abb3c77b2a8ULL) - F_64(w6 ,0x81c2c92e47edaee6ULL) - F_64(w7 ,0x92722c851482353bULL) - F_64(w8 ,0xa2bfe8a14cf10364ULL) - F_64(w9 ,0xa81a664bbc423001ULL) - F_64(w10,0xc24b8b70d0f89791ULL) - F_64(w11,0xc76c51a30654be30ULL) - F_64(w12,0xd192e819d6ef5218ULL) - F_64(w13,0xd69906245565a910ULL) - F_64(w14,0xf40e35855771202aULL) - F_64(w15,0x106aa07032bbd1b8ULL) - - EXPAND_64 - - F_64(w0 ,0x19a4c116b8d2d0c8ULL) - F_64(w1 ,0x1e376c085141ab53ULL) - F_64(w2 ,0x2748774cdf8eeb99ULL) - F_64(w3 ,0x34b0bcb5e19b48a8ULL) - F_64(w4 ,0x391c0cb3c5c95a63ULL) - F_64(w5 ,0x4ed8aa4ae3418acbULL) - F_64(w6 ,0x5b9cca4f7763e373ULL) - F_64(w7 ,0x682e6ff3d6b2b8a3ULL) - F_64(w8 ,0x748f82ee5defb2fcULL) - F_64(w9 ,0x78a5636f43172f60ULL) - F_64(w10,0x84c87814a1f0ab72ULL) - F_64(w11,0x8cc702081a6439ecULL) - F_64(w12,0x90befffa23631e28ULL) - F_64(w13,0xa4506cebde82bde9ULL) - F_64(w14,0xbef9a3f7b2c67915ULL) - F_64(w15,0xc67178f2e372532bULL) - - EXPAND_64 - - F_64(w0 ,0xca273eceea26619cULL) - F_64(w1 ,0xd186b8c721c0c207ULL) - F_64(w2 ,0xeada7dd6cde0eb1eULL) - F_64(w3 ,0xf57d4f7fee6ed178ULL) - F_64(w4 ,0x06f067aa72176fbaULL) - F_64(w5 ,0x0a637dc5a2c898a6ULL) - F_64(w6 ,0x113f9804bef90daeULL) - F_64(w7 ,0x1b710b35131c471bULL) - F_64(w8 ,0x28db77f523047d84ULL) - F_64(w9 ,0x32caab7b40c72493ULL) - F_64(w10,0x3c9ebe0a15c9bebcULL) - F_64(w11,0x431d67c49c100d4cULL) - F_64(w12,0x4cc5d4becb3e42b6ULL) - F_64(w13,0x597f299cfc657e2aULL) - F_64(w14,0x5fcb6fab3ad6faecULL) - F_64(w15,0x6c44198c4a475817ULL) - - a += state[0]; - b += state[1]; - c += state[2]; - d += state[3]; - e += state[4]; - f += state[5]; - g += state[6]; - h += state[7]; - - state[0] = a; - state[1] = b; - state[2] = c; - state[3] = d; - state[4] = e; - state[5] = f; - state[6] = g; - state[7] = h; - - in += 128; - inlen -= 128; - } - - store_bigendian_64(statebytes + 0,state[0]); - store_bigendian_64(statebytes + 8,state[1]); - store_bigendian_64(statebytes + 16,state[2]); - store_bigendian_64(statebytes + 24,state[3]); - store_bigendian_64(statebytes + 32,state[4]); - store_bigendian_64(statebytes + 40,state[5]); - store_bigendian_64(statebytes + 48,state[6]); - store_bigendian_64(statebytes + 56,state[7]); - - return inlen; -} - - -static const uint8_t iv_256[32] = { - 0x6a, 0x09, 0xe6, 0x67, 0xbb, 0x67, 0xae, 0x85, - 0x3c, 0x6e, 0xf3, 0x72, 0xa5, 0x4f, 0xf5, 0x3a, - 0x51, 0x0e, 0x52, 0x7f, 0x9b, 0x05, 0x68, 0x8c, - 0x1f, 0x83, 0xd9, 0xab, 0x5b, 0xe0, 0xcd, 0x19 -}; - -static const uint8_t iv_512[64] = { - 0x6a, 0x09, 0xe6, 0x67, 0xf3, 0xbc, 0xc9, 0x08, 0xbb, 0x67, 0xae, - 0x85, 0x84, 0xca, 0xa7, 0x3b, 0x3c, 0x6e, 0xf3, 0x72, 0xfe, 0x94, - 0xf8, 0x2b, 0xa5, 0x4f, 0xf5, 0x3a, 0x5f, 0x1d, 0x36, 0xf1, 0x51, - 0x0e, 0x52, 0x7f, 0xad, 0xe6, 0x82, 0xd1, 0x9b, 0x05, 0x68, 0x8c, - 0x2b, 0x3e, 0x6c, 0x1f, 0x1f, 0x83, 0xd9, 0xab, 0xfb, 0x41, 0xbd, - 0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79 -}; - -void sha256_inc_init(uint8_t *state) { - for (size_t i = 0; i < 32; ++i) { - state[i] = iv_256[i]; - } - for (size_t i = 32; i < 40; ++i) { - state[i] = 0; - } -} - -void sha512_inc_init(uint8_t *state) { - for (size_t i = 0; i < 64; ++i) { - state[i] = iv_512[i]; - } - for (size_t i = 64; i < 72; ++i) { - state[i] = 0; - } -} - -void sha256_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) { - uint64_t bytes = load_bigendian_64(state + 32); - - crypto_hashblocks_sha256(state, in, 64 * inblocks); - bytes += 64 * inblocks; - - store_bigendian_64(state + 32, bytes); -} - -void sha512_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) { - uint64_t bytes = load_bigendian_64(state + 64); - - crypto_hashblocks_sha512(state, in, 128 * inblocks); - bytes += 128 * inblocks; - - store_bigendian_64(state + 64, bytes); -} - -void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) { - uint8_t padded[128]; - uint64_t bytes = load_bigendian_64(state + 32) + inlen; - - crypto_hashblocks_sha256(state, in, inlen); - in += inlen; - inlen &= 63; - in -= inlen; - - for (size_t i = 0; i < inlen; ++i) { - padded[i] = in[i]; - } - padded[inlen] = 0x80; - - if (inlen < 56) { - for (size_t i = inlen + 1; i < 56; ++i) { - padded[i] = 0; - } - padded[56] = (uint8_t) (bytes >> 53); - padded[57] = (uint8_t) (bytes >> 45); - padded[58] = (uint8_t) (bytes >> 37); - padded[59] = (uint8_t) (bytes >> 29); - padded[60] = (uint8_t) (bytes >> 21); - padded[61] = (uint8_t) (bytes >> 13); - padded[62] = (uint8_t) (bytes >> 5); - padded[63] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha256(state, padded, 64); - } else { - for (size_t i = inlen + 1; i < 120; ++i) { - padded[i] = 0; - } - padded[120] = (uint8_t) (bytes >> 53); - padded[121] = (uint8_t) (bytes >> 45); - padded[122] = (uint8_t) (bytes >> 37); - padded[123] = (uint8_t) (bytes >> 29); - padded[124] = (uint8_t) (bytes >> 21); - padded[125] = (uint8_t) (bytes >> 13); - padded[126] = (uint8_t) (bytes >> 5); - padded[127] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha256(state, padded, 128); - } - - for (size_t i = 0; i < 32; ++i) { - out[i] = state[i]; - } - -} - -void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) { - uint8_t padded[256]; - uint64_t bytes = load_bigendian_64(state + 64) + inlen; - - crypto_hashblocks_sha512(state, in, inlen); - in += inlen; - inlen &= 127; - in -= inlen; - - for (size_t i = 0; i < inlen; ++i) { - padded[i] = in[i]; - } - padded[inlen] = 0x80; - - if (inlen < 112) { - for (size_t i = inlen + 1; i < 119; ++i) { - padded[i] = 0; - } - padded[119] = (uint8_t) (bytes >> 61); - padded[120] = (uint8_t) (bytes >> 53); - padded[121] = (uint8_t) (bytes >> 45); - padded[122] = (uint8_t) (bytes >> 37); - padded[123] = (uint8_t) (bytes >> 29); - padded[124] = (uint8_t) (bytes >> 21); - padded[125] = (uint8_t) (bytes >> 13); - padded[126] = (uint8_t) (bytes >> 5); - padded[127] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha512(state, padded, 128); - } else { - for (size_t i = inlen + 1; i < 247; ++i) { - padded[i] = 0; - } - padded[247] = (uint8_t) (bytes >> 61); - padded[248] = (uint8_t) (bytes >> 53); - padded[249] = (uint8_t) (bytes >> 45); - padded[250] = (uint8_t) (bytes >> 37); - padded[251] = (uint8_t) (bytes >> 29); - padded[252] = (uint8_t) (bytes >> 21); - padded[253] = (uint8_t) (bytes >> 13); - padded[254] = (uint8_t) (bytes >> 5); - padded[255] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha512(state, padded, 256); - } - - for (size_t i = 0; i < 64; ++i) { - out[i] = state[i]; - } -} - -void sha256(uint8_t *out, const uint8_t *in, size_t inlen) { - uint8_t state[40]; - - sha256_inc_init(state); - sha256_inc_finalize(out, state, in, inlen); -} - -void sha512(uint8_t *out, const uint8_t *in, size_t inlen) { - uint8_t state[72]; - - sha512_inc_init(state); - sha512_inc_finalize(out, state, in, inlen); -} - -/** - * mgf1 function based on the SHA-256 hash function - * Note that inlen should be sufficiently small that it still allows for - * an array to be allocated on the stack. Typically 'in' is merely a seed. - * Outputs outlen number of bytes - */ -void mgf1_256(unsigned char *out, unsigned long outlen, - const unsigned char *in, unsigned long inlen) -{ - SPX_VLA(uint8_t, inbuf, inlen+4); - unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - unsigned long i; - - memcpy(inbuf, in, inlen); - - /* While we can fit in at least another full block of SHA256 output.. */ - for (i = 0; (i+1)*SPX_SHA256_OUTPUT_BYTES <= outlen; i++) { - u32_to_bytes(inbuf + inlen, i); - sha256(out, inbuf, inlen + 4); - out += SPX_SHA256_OUTPUT_BYTES; - } - /* Until we cannot anymore, and we fill the remainder. */ - if (outlen > i*SPX_SHA256_OUTPUT_BYTES) { - u32_to_bytes(inbuf + inlen, i); - sha256(outbuf, inbuf, inlen + 4); - memcpy(out, outbuf, outlen - i*SPX_SHA256_OUTPUT_BYTES); - } -} - -/* - * mgf1 function based on the SHA-512 hash function - */ -void mgf1_512(unsigned char *out, unsigned long outlen, - const unsigned char *in, unsigned long inlen) -{ - SPX_VLA(uint8_t, inbuf, inlen+4); - unsigned char outbuf[SPX_SHA512_OUTPUT_BYTES]; - unsigned long i; - - memcpy(inbuf, in, inlen); - - /* While we can fit in at least another full block of SHA512 output.. */ - for (i = 0; (i+1)*SPX_SHA512_OUTPUT_BYTES <= outlen; i++) { - u32_to_bytes(inbuf + inlen, i); - sha512(out, inbuf, inlen + 4); - out += SPX_SHA512_OUTPUT_BYTES; - } - /* Until we cannot anymore, and we fill the remainder. */ - if (outlen > i*SPX_SHA512_OUTPUT_BYTES) { - u32_to_bytes(inbuf + inlen, i); - sha512(outbuf, inbuf, inlen + 4); - memcpy(out, outbuf, outlen - i*SPX_SHA512_OUTPUT_BYTES); - } -} - - -/** - * Absorb the constant pub_seed using one round of the compression function - * This initializes state_seeded and state_seeded_512, which can then be - * reused in thash - **/ -void seed_state(spx_ctx *ctx) { - uint8_t block[SPX_SHA512_BLOCK_BYTES]; - size_t i; - - for (i = 0; i < SPX_N; ++i) { - block[i] = ctx->pub_seed[i]; - } - for (i = SPX_N; i < SPX_SHA512_BLOCK_BYTES; ++i) { - block[i] = 0; - } - /* block has been properly initialized for both SHA-256 and SHA-512 */ - - sha256_inc_init(ctx->state_seeded); - sha256_inc_blocks(ctx->state_seeded, block, 1); -#if SPX_SHA512 - sha512_inc_init(ctx->state_seeded_512); - sha512_inc_blocks(ctx->state_seeded_512, block, 1); -#endif -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/thash_sha2_robust.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/thash_sha2_robust.c deleted file mode 100644 index 1918bab..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/thash_sha2_robust.c +++ /dev/null @@ -1,75 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/thash.h" -#include "../../../app/include/params.h" -#include "../../../app/include/utils.h" - -#include "../include/sha2.h" - -#if SPX_SHA512 -static void thash_512(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]); -#endif - -/** - * Takes an array of inblocks concatenated arrays of SPX_N bytes. - */ -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ -#if SPX_SHA512 - if (inblocks > 1) { - thash_512(out, in, inblocks, ctx, addr); - return; - } -#endif - unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - SPX_VLA(uint8_t, bitmask, inblocks * SPX_N); - SPX_VLA(uint8_t, buf, SPX_N + SPX_SHA256_OUTPUT_BYTES + inblocks*SPX_N); - uint8_t sha2_state[40]; - unsigned int i; - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_SHA256_ADDR_BYTES); - mgf1_256(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); - - /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, ctx->state_seeded, 40 * sizeof(uint8_t)); - - for (i = 0; i < inblocks * SPX_N; i++) { - buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; - } - - sha256_inc_finalize(outbuf, sha2_state, buf + SPX_N, - SPX_SHA256_ADDR_BYTES + inblocks*SPX_N); - memcpy(out, outbuf, SPX_N); -} - -#if SPX_SHA512 -static void thash_512(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ - unsigned char outbuf[SPX_SHA512_OUTPUT_BYTES]; - SPX_VLA(uint8_t, bitmask, inblocks * SPX_N); - SPX_VLA(uint8_t, buf, SPX_N + SPX_SHA256_ADDR_BYTES + inblocks*SPX_N); - uint8_t sha2_state[72]; - unsigned int i; - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_SHA256_ADDR_BYTES); - mgf1_512(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_SHA256_ADDR_BYTES); - - /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, ctx->state_seeded_512, 72 * sizeof(uint8_t)); - - for (i = 0; i < inblocks * SPX_N; i++) { - buf[SPX_N + SPX_SHA256_ADDR_BYTES + i] = in[i] ^ bitmask[i]; - } - - sha512_inc_finalize(outbuf, sha2_state, buf + SPX_N, - SPX_SHA256_ADDR_BYTES + inblocks*SPX_N); - memcpy(out, outbuf, SPX_N); -} -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/thash_sha2_simple.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/thash_sha2_simple.c deleted file mode 100644 index 7c22884..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/sha2/src/thash_sha2_simple.c +++ /dev/null @@ -1,60 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/params.h" -#include "../../../app/include/thash.h" -#include "../../../app/include/utils.h" - -#include "../include/sha2.h" - -#if SPX_SHA512 -static void thash_512(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]); -#endif - -/** - * Takes an array of inblocks concatenated arrays of SPX_N bytes. - */ -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ -#if SPX_SHA512 - if (inblocks > 1) { - thash_512(out, in, inblocks, ctx, addr); - return; - } -#endif - - unsigned char outbuf[SPX_SHA256_OUTPUT_BYTES]; - uint8_t sha2_state[40]; - SPX_VLA(uint8_t, buf, SPX_SHA256_ADDR_BYTES + inblocks*SPX_N); - - /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, ctx->state_seeded, 40 * sizeof(uint8_t)); - - memcpy(buf, addr, SPX_SHA256_ADDR_BYTES); - memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); - - sha256_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks*SPX_N); - memcpy(out, outbuf, SPX_N); -} - -#if SPX_SHA512 -static void thash_512(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ - unsigned char outbuf[SPX_SHA512_OUTPUT_BYTES]; - uint8_t sha2_state[72]; - SPX_VLA(uint8_t, buf, SPX_SHA256_ADDR_BYTES + inblocks*SPX_N); - - /* Retrieve precomputed state containing pub_seed */ - memcpy(sha2_state, ctx->state_seeded_512, 72 * sizeof(uint8_t)); - - memcpy(buf, addr, SPX_SHA256_ADDR_BYTES); - memcpy(buf + SPX_SHA256_ADDR_BYTES, in, inblocks * SPX_N); - - sha512_inc_finalize(outbuf, sha2_state, buf, SPX_SHA256_ADDR_BYTES + inblocks*SPX_N); - memcpy(out, outbuf, SPX_N); -} -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/CMakeLists.txt b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/CMakeLists.txt deleted file mode 100644 index 1ccfe5b..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/CMakeLists.txt +++ /dev/null @@ -1,11 +0,0 @@ -set(SHAKE_SOURCES - src/fips202.c - src/hash_shake.c - src/thash_shake_${THASH}.c -) - -set(PARAMS "sphincs-shake-${SECPAR}") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DPARAMS=${PARAMS}") - -add_library(shake SHARED ${SHAKE_SOURCES}) -target_include_directories(shake PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/include/fips202.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/include/fips202.h deleted file mode 100644 index e11cb7f..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/include/fips202.h +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef SPX_FIPS202_H -#define SPX_FIPS202_H - -#include -#include - -#define SHAKE128_RATE 168 -#define SHAKE256_RATE 136 -#define SHA3_256_RATE 136 -#define SHA3_512_RATE 72 - -void shake128_absorb(uint64_t *s, const uint8_t *input, size_t inlen); - -void shake128_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s); - -void shake128_inc_init(uint64_t *s_inc); -void shake128_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen); -void shake128_inc_finalize(uint64_t *s_inc); -void shake128_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc); - -void shake256_absorb(uint64_t *s, const uint8_t *input, size_t inlen); -void shake256_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s); - -void shake256_inc_init(uint64_t *s_inc); -void shake256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen); -void shake256_inc_finalize(uint64_t *s_inc); -void shake256_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc); - -void shake128(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen); - -void shake256(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen); - -void sha3_256_inc_init(uint64_t *s_inc); -void sha3_256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen); -void sha3_256_inc_finalize(uint8_t *output, uint64_t *s_inc); - -void sha3_256(uint8_t *output, const uint8_t *input, size_t inlen); - -void sha3_512_inc_init(uint64_t *s_inc); -void sha3_512_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen); -void sha3_512_inc_finalize(uint8_t *output, uint64_t *s_inc); - -void sha3_512(uint8_t *output, const uint8_t *input, size_t inlen); - -#endif diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/include/shake_offsets.h b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/include/shake_offsets.h deleted file mode 100644 index 0407bdf..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/include/shake_offsets.h +++ /dev/null @@ -1,20 +0,0 @@ -#if !defined( SHAKE_OFFSETS_H_ ) -#define SHAKE_OFFSETS_H_ - -/* - * Offsets of various fields in the address structure when we use SHAKE as - * the Sphincs+ hash function - */ - -#define SPX_OFFSET_LAYER 3 /* The byte used to specify the Merkle tree layer */ -#define SPX_OFFSET_TREE 8 /* The start of the 8 byte field used to specify the tree */ -#define SPX_OFFSET_TYPE 19 /* The byte used to specify the hash type (reason) */ -#define SPX_OFFSET_KP_ADDR 20 /* The start of the 4 byte field used to specify the key pair address */ -#define SPX_OFFSET_CHAIN_ADDR 27 /* The byte used to specify the chain address (which Winternitz chain) */ -#define SPX_OFFSET_HASH_ADDR 31 /* The byte used to specify the hash address (where in the Winternitz chain) */ -#define SPX_OFFSET_TREE_HGT 27 /* The byte used to specify the height of this node in the FORS or Merkle tree */ -#define SPX_OFFSET_TREE_INDEX 28 /* The start of the 4 byte field used to specify the node in the FORS or Merkle tree */ - -#define SPX_SHAKE 1 - -#endif /* SHAKE_OFFSETS_H_ */ diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/fips202.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/fips202.c deleted file mode 100644 index 3e73f09..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/fips202.c +++ /dev/null @@ -1,598 +0,0 @@ -/* Based on the public domain implementation in - * crypto_hash/keccakc512/simple/ from http://bench.cr.yp.to/supercop.html - * by Ronny Van Keer - * and the public domain "TweetFips202" implementation - * from https://twitter.com/tweetfips202 - * by Gilles Van Assche, Daniel J. Bernstein, and Peter Schwabe */ - -#include -#include - -#include "../include/fips202.h" - -#define NROUNDS 24 -#define ROL(a, offset) (((a) << (offset)) ^ ((a) >> (64 - (offset)))) - -/************************************************* - * Name: load64 - * - * Description: Load 8 bytes into uint64_t in little-endian order - * - * Arguments: - const uint8_t *x: pointer to input byte array - * - * Returns the loaded 64-bit unsigned integer - **************************************************/ -static uint64_t load64(const uint8_t *x) { - uint64_t r = 0; - for (size_t i = 0; i < 8; ++i) { - r |= (uint64_t)x[i] << 8 * i; - } - - return r; -} - -/************************************************* - * Name: store64 - * - * Description: Store a 64-bit integer to a byte array in little-endian order - * - * Arguments: - uint8_t *x: pointer to the output byte array - * - uint64_t u: input 64-bit unsigned integer - **************************************************/ -static void store64(uint8_t *x, uint64_t u) { - for (size_t i = 0; i < 8; ++i) { - x[i] = (uint8_t) (u >> 8 * i); - } -} - -/* Keccak round constants */ -static const uint64_t KeccakF_RoundConstants[NROUNDS] = { - 0x0000000000000001ULL, 0x0000000000008082ULL, - 0x800000000000808aULL, 0x8000000080008000ULL, - 0x000000000000808bULL, 0x0000000080000001ULL, - 0x8000000080008081ULL, 0x8000000000008009ULL, - 0x000000000000008aULL, 0x0000000000000088ULL, - 0x0000000080008009ULL, 0x000000008000000aULL, - 0x000000008000808bULL, 0x800000000000008bULL, - 0x8000000000008089ULL, 0x8000000000008003ULL, - 0x8000000000008002ULL, 0x8000000000000080ULL, - 0x000000000000800aULL, 0x800000008000000aULL, - 0x8000000080008081ULL, 0x8000000000008080ULL, - 0x0000000080000001ULL, 0x8000000080008008ULL -}; - -/************************************************* - * Name: KeccakF1600_StatePermute - * - * Description: The Keccak F1600 Permutation - * - * Arguments: - uint64_t *state: pointer to input/output Keccak state - **************************************************/ -static void KeccakF1600_StatePermute(uint64_t *state) { - int round; - - uint64_t Aba, Abe, Abi, Abo, Abu; - uint64_t Aga, Age, Agi, Ago, Agu; - uint64_t Aka, Ake, Aki, Ako, Aku; - uint64_t Ama, Ame, Ami, Amo, Amu; - uint64_t Asa, Ase, Asi, Aso, Asu; - uint64_t BCa, BCe, BCi, BCo, BCu; - uint64_t Da, De, Di, Do, Du; - uint64_t Eba, Ebe, Ebi, Ebo, Ebu; - uint64_t Ega, Ege, Egi, Ego, Egu; - uint64_t Eka, Eke, Eki, Eko, Eku; - uint64_t Ema, Eme, Emi, Emo, Emu; - uint64_t Esa, Ese, Esi, Eso, Esu; - - // copyFromState(A, state) - Aba = state[0]; - Abe = state[1]; - Abi = state[2]; - Abo = state[3]; - Abu = state[4]; - Aga = state[5]; - Age = state[6]; - Agi = state[7]; - Ago = state[8]; - Agu = state[9]; - Aka = state[10]; - Ake = state[11]; - Aki = state[12]; - Ako = state[13]; - Aku = state[14]; - Ama = state[15]; - Ame = state[16]; - Ami = state[17]; - Amo = state[18]; - Amu = state[19]; - Asa = state[20]; - Ase = state[21]; - Asi = state[22]; - Aso = state[23]; - Asu = state[24]; - - for (round = 0; round < NROUNDS; round += 2) { - // prepareTheta - BCa = Aba ^ Aga ^ Aka ^ Ama ^ Asa; - BCe = Abe ^ Age ^ Ake ^ Ame ^ Ase; - BCi = Abi ^ Agi ^ Aki ^ Ami ^ Asi; - BCo = Abo ^ Ago ^ Ako ^ Amo ^ Aso; - BCu = Abu ^ Agu ^ Aku ^ Amu ^ Asu; - - // thetaRhoPiChiIotaPrepareTheta(round , A, E) - Da = BCu ^ ROL(BCe, 1); - De = BCa ^ ROL(BCi, 1); - Di = BCe ^ ROL(BCo, 1); - Do = BCi ^ ROL(BCu, 1); - Du = BCo ^ ROL(BCa, 1); - - Aba ^= Da; - BCa = Aba; - Age ^= De; - BCe = ROL(Age, 44); - Aki ^= Di; - BCi = ROL(Aki, 43); - Amo ^= Do; - BCo = ROL(Amo, 21); - Asu ^= Du; - BCu = ROL(Asu, 14); - Eba = BCa ^ ((~BCe) & BCi); - Eba ^= KeccakF_RoundConstants[round]; - Ebe = BCe ^ ((~BCi) & BCo); - Ebi = BCi ^ ((~BCo) & BCu); - Ebo = BCo ^ ((~BCu) & BCa); - Ebu = BCu ^ ((~BCa) & BCe); - - Abo ^= Do; - BCa = ROL(Abo, 28); - Agu ^= Du; - BCe = ROL(Agu, 20); - Aka ^= Da; - BCi = ROL(Aka, 3); - Ame ^= De; - BCo = ROL(Ame, 45); - Asi ^= Di; - BCu = ROL(Asi, 61); - Ega = BCa ^ ((~BCe) & BCi); - Ege = BCe ^ ((~BCi) & BCo); - Egi = BCi ^ ((~BCo) & BCu); - Ego = BCo ^ ((~BCu) & BCa); - Egu = BCu ^ ((~BCa) & BCe); - - Abe ^= De; - BCa = ROL(Abe, 1); - Agi ^= Di; - BCe = ROL(Agi, 6); - Ako ^= Do; - BCi = ROL(Ako, 25); - Amu ^= Du; - BCo = ROL(Amu, 8); - Asa ^= Da; - BCu = ROL(Asa, 18); - Eka = BCa ^ ((~BCe) & BCi); - Eke = BCe ^ ((~BCi) & BCo); - Eki = BCi ^ ((~BCo) & BCu); - Eko = BCo ^ ((~BCu) & BCa); - Eku = BCu ^ ((~BCa) & BCe); - - Abu ^= Du; - BCa = ROL(Abu, 27); - Aga ^= Da; - BCe = ROL(Aga, 36); - Ake ^= De; - BCi = ROL(Ake, 10); - Ami ^= Di; - BCo = ROL(Ami, 15); - Aso ^= Do; - BCu = ROL(Aso, 56); - Ema = BCa ^ ((~BCe) & BCi); - Eme = BCe ^ ((~BCi) & BCo); - Emi = BCi ^ ((~BCo) & BCu); - Emo = BCo ^ ((~BCu) & BCa); - Emu = BCu ^ ((~BCa) & BCe); - - Abi ^= Di; - BCa = ROL(Abi, 62); - Ago ^= Do; - BCe = ROL(Ago, 55); - Aku ^= Du; - BCi = ROL(Aku, 39); - Ama ^= Da; - BCo = ROL(Ama, 41); - Ase ^= De; - BCu = ROL(Ase, 2); - Esa = BCa ^ ((~BCe) & BCi); - Ese = BCe ^ ((~BCi) & BCo); - Esi = BCi ^ ((~BCo) & BCu); - Eso = BCo ^ ((~BCu) & BCa); - Esu = BCu ^ ((~BCa) & BCe); - - // prepareTheta - BCa = Eba ^ Ega ^ Eka ^ Ema ^ Esa; - BCe = Ebe ^ Ege ^ Eke ^ Eme ^ Ese; - BCi = Ebi ^ Egi ^ Eki ^ Emi ^ Esi; - BCo = Ebo ^ Ego ^ Eko ^ Emo ^ Eso; - BCu = Ebu ^ Egu ^ Eku ^ Emu ^ Esu; - - // thetaRhoPiChiIotaPrepareTheta(round+1, E, A) - Da = BCu ^ ROL(BCe, 1); - De = BCa ^ ROL(BCi, 1); - Di = BCe ^ ROL(BCo, 1); - Do = BCi ^ ROL(BCu, 1); - Du = BCo ^ ROL(BCa, 1); - - Eba ^= Da; - BCa = Eba; - Ege ^= De; - BCe = ROL(Ege, 44); - Eki ^= Di; - BCi = ROL(Eki, 43); - Emo ^= Do; - BCo = ROL(Emo, 21); - Esu ^= Du; - BCu = ROL(Esu, 14); - Aba = BCa ^ ((~BCe) & BCi); - Aba ^= KeccakF_RoundConstants[round + 1]; - Abe = BCe ^ ((~BCi) & BCo); - Abi = BCi ^ ((~BCo) & BCu); - Abo = BCo ^ ((~BCu) & BCa); - Abu = BCu ^ ((~BCa) & BCe); - - Ebo ^= Do; - BCa = ROL(Ebo, 28); - Egu ^= Du; - BCe = ROL(Egu, 20); - Eka ^= Da; - BCi = ROL(Eka, 3); - Eme ^= De; - BCo = ROL(Eme, 45); - Esi ^= Di; - BCu = ROL(Esi, 61); - Aga = BCa ^ ((~BCe) & BCi); - Age = BCe ^ ((~BCi) & BCo); - Agi = BCi ^ ((~BCo) & BCu); - Ago = BCo ^ ((~BCu) & BCa); - Agu = BCu ^ ((~BCa) & BCe); - - Ebe ^= De; - BCa = ROL(Ebe, 1); - Egi ^= Di; - BCe = ROL(Egi, 6); - Eko ^= Do; - BCi = ROL(Eko, 25); - Emu ^= Du; - BCo = ROL(Emu, 8); - Esa ^= Da; - BCu = ROL(Esa, 18); - Aka = BCa ^ ((~BCe) & BCi); - Ake = BCe ^ ((~BCi) & BCo); - Aki = BCi ^ ((~BCo) & BCu); - Ako = BCo ^ ((~BCu) & BCa); - Aku = BCu ^ ((~BCa) & BCe); - - Ebu ^= Du; - BCa = ROL(Ebu, 27); - Ega ^= Da; - BCe = ROL(Ega, 36); - Eke ^= De; - BCi = ROL(Eke, 10); - Emi ^= Di; - BCo = ROL(Emi, 15); - Eso ^= Do; - BCu = ROL(Eso, 56); - Ama = BCa ^ ((~BCe) & BCi); - Ame = BCe ^ ((~BCi) & BCo); - Ami = BCi ^ ((~BCo) & BCu); - Amo = BCo ^ ((~BCu) & BCa); - Amu = BCu ^ ((~BCa) & BCe); - - Ebi ^= Di; - BCa = ROL(Ebi, 62); - Ego ^= Do; - BCe = ROL(Ego, 55); - Eku ^= Du; - BCi = ROL(Eku, 39); - Ema ^= Da; - BCo = ROL(Ema, 41); - Ese ^= De; - BCu = ROL(Ese, 2); - Asa = BCa ^ ((~BCe) & BCi); - Ase = BCe ^ ((~BCi) & BCo); - Asi = BCi ^ ((~BCo) & BCu); - Aso = BCo ^ ((~BCu) & BCa); - Asu = BCu ^ ((~BCa) & BCe); - } - - // copyToState(state, A) - state[0] = Aba; - state[1] = Abe; - state[2] = Abi; - state[3] = Abo; - state[4] = Abu; - state[5] = Aga; - state[6] = Age; - state[7] = Agi; - state[8] = Ago; - state[9] = Agu; - state[10] = Aka; - state[11] = Ake; - state[12] = Aki; - state[13] = Ako; - state[14] = Aku; - state[15] = Ama; - state[16] = Ame; - state[17] = Ami; - state[18] = Amo; - state[19] = Amu; - state[20] = Asa; - state[21] = Ase; - state[22] = Asi; - state[23] = Aso; - state[24] = Asu; -} - -/************************************************* - * Name: keccak_absorb - * - * Description: Absorb step of Keccak; - * non-incremental, starts by zeroeing the state. - * - * Arguments: - uint64_t *s: pointer to (uninitialized) output Keccak state - * - uint32_t r: rate in bytes (e.g., 168 for SHAKE128) - * - const uint8_t *m: pointer to input to be absorbed into s - * - size_t mlen: length of input in bytes - * - uint8_t p: domain-separation byte for different - * Keccak-derived functions - **************************************************/ -static void keccak_absorb(uint64_t *s, uint32_t r, const uint8_t *m, - size_t mlen, uint8_t p) { - size_t i; - uint8_t t[200]; - - /* Zero state */ - for (i = 0; i < 25; ++i) { - s[i] = 0; - } - - while (mlen >= r) { - for (i = 0; i < r / 8; ++i) { - s[i] ^= load64(m + 8 * i); - } - - KeccakF1600_StatePermute(s); - mlen -= r; - m += r; - } - - for (i = 0; i < r; ++i) { - t[i] = 0; - } - for (i = 0; i < mlen; ++i) { - t[i] = m[i]; - } - t[i] = p; - t[r - 1] |= 128; - for (i = 0; i < r / 8; ++i) { - s[i] ^= load64(t + 8 * i); - } -} - -/************************************************* - * Name: keccak_squeezeblocks - * - * Description: Squeeze step of Keccak. Squeezes full blocks of r bytes each. - * Modifies the state. Can be called multiple times to keep - * squeezing, i.e., is incremental. - * - * Arguments: - uint8_t *h: pointer to output blocks - * - size_t nblocks: number of blocks to be - * squeezed (written to h) - * - uint64_t *s: pointer to input/output Keccak state - * - uint32_t r: rate in bytes (e.g., 168 for SHAKE128) - **************************************************/ -static void keccak_squeezeblocks(uint8_t *h, size_t nblocks, - uint64_t *s, uint32_t r) { - while (nblocks > 0) { - KeccakF1600_StatePermute(s); - for (size_t i = 0; i < (r >> 3); i++) { - store64(h + 8 * i, s[i]); - } - h += r; - nblocks--; - } -} - -/************************************************* - * Name: keccak_inc_init - * - * Description: Initializes the incremental Keccak state to zero. - * - * Arguments: - uint64_t *s_inc: pointer to input/output incremental state - * First 25 values represent Keccak state. - * 26th value represents either the number of absorbed bytes - * that have not been permuted, or not-yet-squeezed bytes. - **************************************************/ -static void keccak_inc_init(uint64_t *s_inc) { - size_t i; - - for (i = 0; i < 25; ++i) { - s_inc[i] = 0; - } - s_inc[25] = 0; -} - -/************************************************* - * Name: keccak_inc_absorb - * - * Description: Incremental keccak absorb - * Preceded by keccak_inc_init, succeeded by keccak_inc_finalize - * - * Arguments: - uint64_t *s_inc: pointer to input/output incremental state - * First 25 values represent Keccak state. - * 26th value represents either the number of absorbed bytes - * that have not been permuted, or not-yet-squeezed bytes. - * - uint32_t r: rate in bytes (e.g., 168 for SHAKE128) - * - const uint8_t *m: pointer to input to be absorbed into s - * - size_t mlen: length of input in bytes - **************************************************/ -static void keccak_inc_absorb(uint64_t *s_inc, uint32_t r, const uint8_t *m, - size_t mlen) { - size_t i; - - /* Recall that s_inc[25] is the non-absorbed bytes xored into the state */ - while (mlen + s_inc[25] >= r) { - for (i = 0; i < r - s_inc[25]; i++) { - /* Take the i'th byte from message - xor with the s_inc[25] + i'th byte of the state; little-endian */ - s_inc[(s_inc[25] + i) >> 3] ^= (uint64_t)m[i] << (8 * ((s_inc[25] + i) & 0x07)); - } - mlen -= (size_t)(r - s_inc[25]); - m += r - s_inc[25]; - s_inc[25] = 0; - - KeccakF1600_StatePermute(s_inc); - } - - for (i = 0; i < mlen; i++) { - s_inc[(s_inc[25] + i) >> 3] ^= (uint64_t)m[i] << (8 * ((s_inc[25] + i) & 0x07)); - } - s_inc[25] += mlen; -} - -/************************************************* - * Name: keccak_inc_finalize - * - * Description: Finalizes Keccak absorb phase, prepares for squeezing - * - * Arguments: - uint64_t *s_inc: pointer to input/output incremental state - * First 25 values represent Keccak state. - * 26th value represents either the number of absorbed bytes - * that have not been permuted, or not-yet-squeezed bytes. - * - uint32_t r: rate in bytes (e.g., 168 for SHAKE128) - * - uint8_t p: domain-separation byte for different - * Keccak-derived functions - **************************************************/ -static void keccak_inc_finalize(uint64_t *s_inc, uint32_t r, uint8_t p) { - /* After keccak_inc_absorb, we are guaranteed that s_inc[25] < r, - so we can always use one more byte for p in the current state. */ - s_inc[s_inc[25] >> 3] ^= (uint64_t)p << (8 * (s_inc[25] & 0x07)); - s_inc[(r - 1) >> 3] ^= (uint64_t)128 << (8 * ((r - 1) & 0x07)); - s_inc[25] = 0; -} - -/************************************************* - * Name: keccak_inc_squeeze - * - * Description: Incremental Keccak squeeze; can be called on byte-level - * - * Arguments: - uint8_t *h: pointer to output bytes - * - size_t outlen: number of bytes to be squeezed - * - uint64_t *s_inc: pointer to input/output incremental state - * First 25 values represent Keccak state. - * 26th value represents either the number of absorbed bytes - * that have not been permuted, or not-yet-squeezed bytes. - * - uint32_t r: rate in bytes (e.g., 168 for SHAKE128) - **************************************************/ -static void keccak_inc_squeeze(uint8_t *h, size_t outlen, - uint64_t *s_inc, uint32_t r) { - size_t i; - - /* First consume any bytes we still have sitting around */ - for (i = 0; i < outlen && i < s_inc[25]; i++) { - /* There are s_inc[25] bytes left, so r - s_inc[25] is the first - available byte. We consume from there, i.e., up to r. */ - h[i] = (uint8_t)(s_inc[(r - s_inc[25] + i) >> 3] >> (8 * ((r - s_inc[25] + i) & 0x07))); - } - h += i; - outlen -= i; - s_inc[25] -= i; - - /* Then squeeze the remaining necessary blocks */ - while (outlen > 0) { - KeccakF1600_StatePermute(s_inc); - - for (i = 0; i < outlen && i < r; i++) { - h[i] = (uint8_t)(s_inc[i >> 3] >> (8 * (i & 0x07))); - } - h += i; - outlen -= i; - s_inc[25] = r - i; - } -} - -void shake256_inc_init(uint64_t *s_inc) { - keccak_inc_init(s_inc); -} - -void shake256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) { - keccak_inc_absorb(s_inc, SHAKE256_RATE, input, inlen); -} - -void shake256_inc_finalize(uint64_t *s_inc) { - keccak_inc_finalize(s_inc, SHAKE256_RATE, 0x1F); -} - -void shake256_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc) { - keccak_inc_squeeze(output, outlen, s_inc, SHAKE256_RATE); -} - -/************************************************* - * Name: shake256_absorb - * - * Description: Absorb step of the SHAKE256 XOF. - * non-incremental, starts by zeroeing the state. - * - * Arguments: - uint64_t *s: pointer to (uninitialized) output Keccak state - * - const uint8_t *input: pointer to input to be absorbed - * into s - * - size_t inlen: length of input in bytes - **************************************************/ -void shake256_absorb(uint64_t *s, const uint8_t *input, size_t inlen) { - keccak_absorb(s, SHAKE256_RATE, input, inlen, 0x1F); -} - -/************************************************* - * Name: shake256_squeezeblocks - * - * Description: Squeeze step of SHAKE256 XOF. Squeezes full blocks of - * SHAKE256_RATE bytes each. Modifies the state. Can be called - * multiple times to keep squeezing, i.e., is incremental. - * - * Arguments: - uint8_t *output: pointer to output blocks - * - size_t nblocks: number of blocks to be squeezed - * (written to output) - * - uint64_t *s: pointer to input/output Keccak state - **************************************************/ -void shake256_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s) { - keccak_squeezeblocks(output, nblocks, s, SHAKE256_RATE); -} - -/************************************************* - * Name: shake256 - * - * Description: SHAKE256 XOF with non-incremental API - * - * Arguments: - uint8_t *output: pointer to output - * - size_t outlen: requested output length in bytes - * - const uint8_t *input: pointer to input - * - size_t inlen: length of input in bytes - **************************************************/ -void shake256(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen) { - size_t nblocks = outlen / SHAKE256_RATE; - uint8_t t[SHAKE256_RATE]; - uint64_t s[25]; - - shake256_absorb(s, input, inlen); - shake256_squeezeblocks(output, nblocks, s); - - output += nblocks * SHAKE256_RATE; - outlen -= nblocks * SHAKE256_RATE; - - if (outlen) { - shake256_squeezeblocks(t, 1, s); - for (size_t i = 0; i < outlen; ++i) { - output[i] = t[i]; - } - } -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/hash_shake.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/hash_shake.c deleted file mode 100644 index 87e8992..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/hash_shake.c +++ /dev/null @@ -1,98 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/hash.h" -#include "../../../app/include/params.h" -#include "../../../app/include/utils.h" - -#include "../include/fips202.h" - -/* For SHAKE256, there is no immediate reason to initialize at the start, - so this function is an empty operation. */ -void initialize_hash_function(spx_ctx* ctx) -{ - (void)ctx; /* Suppress an 'unused parameter' warning. */ -} - -/* - * Computes PRF(pk_seed, sk_seed, addr) - */ -void prf_addr(unsigned char *out, const spx_ctx *ctx, - const uint32_t addr[8]) -{ - unsigned char buf[2*SPX_N + SPX_ADDR_BYTES]; - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES); - memcpy(buf + SPX_N + SPX_ADDR_BYTES, ctx->sk_seed, SPX_N); - - shake256(out, SPX_N, buf, 2*SPX_N + SPX_ADDR_BYTES); -} - -/** - * Computes the message-dependent randomness R, using a secret seed and an - * optional randomization value as well as the message. - */ -void gen_message_random(unsigned char *R, const unsigned char *sk_prf, - const unsigned char *optrand, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx) -{ - (void)ctx; - uint64_t s_inc[26]; - - shake256_inc_init(s_inc); - shake256_inc_absorb(s_inc, sk_prf, SPX_N); - shake256_inc_absorb(s_inc, optrand, SPX_N); - shake256_inc_absorb(s_inc, m, mlen); - shake256_inc_finalize(s_inc); - shake256_inc_squeeze(R, SPX_N, s_inc); -} - -/** - * Computes the message hash using R, the public key, and the message. - * Outputs the message digest and the index of the leaf. The index is split in - * the tree index and the leaf index, for convenient copying to an address. - */ -void hash_message(unsigned char *digest, uint64_t *tree, uint32_t *leaf_idx, - const unsigned char *R, const unsigned char *pk, - const unsigned char *m, unsigned long long mlen, - const spx_ctx *ctx) -{ - (void)ctx; -#define SPX_TREE_BITS (SPX_TREE_HEIGHT * (SPX_D - 1)) -#define SPX_TREE_BYTES ((SPX_TREE_BITS + 7) / 8) -#define SPX_LEAF_BITS SPX_TREE_HEIGHT -#define SPX_LEAF_BYTES ((SPX_LEAF_BITS + 7) / 8) -#define SPX_DGST_BYTES (SPX_FORS_MSG_BYTES + SPX_TREE_BYTES + SPX_LEAF_BYTES) - - unsigned char buf[SPX_DGST_BYTES]; - unsigned char *bufp = buf; - uint64_t s_inc[26]; - - shake256_inc_init(s_inc); - shake256_inc_absorb(s_inc, R, SPX_N); - shake256_inc_absorb(s_inc, pk, SPX_PK_BYTES); - shake256_inc_absorb(s_inc, m, mlen); - shake256_inc_finalize(s_inc); - shake256_inc_squeeze(buf, SPX_DGST_BYTES, s_inc); - - memcpy(digest, bufp, SPX_FORS_MSG_BYTES); - bufp += SPX_FORS_MSG_BYTES; - -#if SPX_TREE_BITS > 64 - #error For given height and depth, 64 bits cannot represent all subtrees -#endif - - if (SPX_D == 1) { - *tree = 0; - } else { - *tree = bytes_to_ull(bufp, SPX_TREE_BYTES); - *tree &= (~(uint64_t)0) >> (64 - SPX_TREE_BITS); - } - bufp += SPX_TREE_BYTES; - - *leaf_idx = (uint32_t)bytes_to_ull(bufp, SPX_LEAF_BYTES); - *leaf_idx &= (~(uint32_t)0) >> (32 - SPX_LEAF_BITS); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/thash_shake_robust.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/thash_shake_robust.c deleted file mode 100644 index fb22444..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/thash_shake_robust.c +++ /dev/null @@ -1,31 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/params.h" -#include "../../../app/include/thash.h" -#include "../../../app/include/utils.h" - -#include "../include/fips202.h" - -/** - * Takes an array of inblocks concatenated arrays of SPX_N bytes. - */ -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ - SPX_VLA(uint8_t, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); - SPX_VLA(uint8_t, bitmask, inblocks * SPX_N); - unsigned int i; - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES); - - shake256(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_ADDR_BYTES); - - for (i = 0; i < inblocks * SPX_N; i++) { - buf[SPX_N + SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i]; - } - - shake256(out, SPX_N, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); -} diff --git a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/thash_shake_simple.c b/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/thash_shake_simple.c deleted file mode 100644 index 71bedab..0000000 --- a/examples/sphincs_PQCgenKAT_sign_blake_128f_simple/test_case/lib/shake/src/thash_shake_simple.c +++ /dev/null @@ -1,24 +0,0 @@ -#include -#include - -#include "../../../app/include/address.h" -#include "../../../app/include/params.h" -#include "../../../app/include/thash.h" -#include "../../../app/include/utils.h" - -#include "../include/fips202.h" - -/** - * Takes an array of inblocks concatenated arrays of SPX_N bytes. - */ -void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks, - const spx_ctx *ctx, uint32_t addr[8]) -{ - SPX_VLA(uint8_t, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); - - memcpy(buf, ctx->pub_seed, SPX_N); - memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES); - memcpy(buf + SPX_N + SPX_ADDR_BYTES, in, inblocks * SPX_N); - - shake256(out, SPX_N, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N); -} From d7fcb94c544235510c3fb6d5298cbe443c40f240 Mon Sep 17 00:00:00 2001 From: Marius Arvinte Date: Sat, 30 May 2026 19:34:37 -0700 Subject: [PATCH 3/7] Guarantee we use `Ninja` and `build-ninja` (#868) (#869) (#42) More robustly ensure CMakePresets always use Ninja --- src/ideas/cmake.py | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/src/ideas/cmake.py b/src/ideas/cmake.py index cca4d34..6cdbe16 100644 --- a/src/ideas/cmake.py +++ b/src/ideas/cmake.py @@ -69,7 +69,17 @@ def configure( if not preset: cmd = ["cmake", "-S", str(source_dir), "-B", str(build_dir), "-G", "Ninja"] + flags else: - cmd = ["cmake", "-S", ".", "--preset", preset] + flags + cmd = [ + "cmake", + "-S", + ".", + "--preset", + preset, + "-B", + str(build_dir), + "-G", + "Ninja", + ] + flags success, output, error, _ = run_subprocess(cmd) if not success: @@ -95,10 +105,27 @@ def build(build_dir: Path, preset: str | None = None) -> None: raise RuntimeError(f"CMake build failed: {' '.join(cmd)}\n{output + error}") +def patch_preset_binary_dir(preset_path: Path, build_dir: Path) -> None: + """Ensure binaryDir and generator in all configure presets are set to ninja.""" + data = json.loads(preset_path.read_text()) + for preset in data.get("configurePresets", []): + if "binaryDir" in preset and preset["binaryDir"] != str(build_dir): + preset["binaryDir"] = str(build_dir) + + if "generator" in preset and preset["generator"] != "Ninja": + preset["generator"] = "Ninja" + + preset_path.write_text(json.dumps(data, indent=2)) + + def _main(cfg: CmakeConfig) -> None: # Determine Cmake preset preset = "test" if os.path.exists("CMakePresets.json") else None + # Patch binaryDir in presets to match our expected build directory + if preset: + patch_preset_binary_dir(Path("CMakePresets.json"), cfg.build_dir) + # Configure Cmake configure( source_dir=cfg.source_dir, From b51128b8672f3de3aa5de9c8bedfc1a8945010bf Mon Sep 17 00:00:00 2001 From: Marius Arvinte Date: Mon, 1 Jun 2026 08:57:32 -0700 Subject: [PATCH 4/7] Fix cache for LARGE_PROJECT=1 (#876) Co-authored-by: Cory Cornelius --- src/ideas/translate_recurrent.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/ideas/translate_recurrent.py b/src/ideas/translate_recurrent.py index 9c7671b..6f11119 100644 --- a/src/ideas/translate_recurrent.py +++ b/src/ideas/translate_recurrent.py @@ -276,14 +276,13 @@ def translate( with self.crate.rust_src_path.open("a") as f: f.write(translation.text + "\n") - if self.wrap_symbol is None: - # If we don't want a wrapper, then we are done - return pred - # Generate wrapper, that may modify the translation, for each symbol unsafe_translation = translation wrappers: dict[str, dspy.Prediction] = {} for symbol in symbols: + # If we don't have a wrapper function, then skip the symbol + if self.wrap_symbol is None: + continue # We can only hybrid build-test functions and variables if not (symbol.is_function and symbol.is_definition) and not symbol.is_variable: continue @@ -330,8 +329,9 @@ def translate( # Cache successful translation and wrappers if pred.success: self.translate_symbol.write_cache(pred) - for wrapper in wrappers.values(): - self.wrap_symbol.write_cache(wrapper) + if self.wrap_symbol is not None: + for wrapper in wrappers.values(): + self.wrap_symbol.write_cache(wrapper) # Return wrappers for next retry pred.wrappers = {name: wrapper.wrapper for name, wrapper in wrappers.items()} From c1c9150f828546cad17576447a0cedcab000682f Mon Sep 17 00:00:00 2001 From: Marius Arvinte Date: Mon, 1 Jun 2026 11:00:09 -0700 Subject: [PATCH 5/7] For libraries, keep variables and global function wrappers (#878) (#879) (#44) For libraries, keep variables and global function wrappers Co-authored-by: Cory Cornelius --- src/ideas/translate.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/ideas/translate.py b/src/ideas/translate.py index 86326ec..7ed24df 100644 --- a/src/ideas/translate.py +++ b/src/ideas/translate.py @@ -113,14 +113,14 @@ def _cleanup(crate: Crate, symbols: dict) -> None: ) logger.info("Removed bindgen artifacts") - # Remove wrappers for symbols that are not globally linked - keepers = { - mangle(s.spelling) - for s in symbols.values() - if s.is_global - and not crate.is_bin - and (s.is_variable or (s.is_function and s.is_definition)) - } + # For libaries, keep variables and global functions + keepers: set[str] = set() + if not crate.is_bin: + keepers = { + mangle(s.spelling) + for s in symbols.values() + if s.is_variable or (s.is_global and s.is_function and s.is_definition) + } wrapper_dir = crate.rust_src_path.parent / "wrapper" wrapper_module = crate.rust_src_path.parent / "wrapper.rs" From 3a2b69d2e2f986f8d1b8e42cc166ef2479998f51 Mon Sep 17 00:00:00 2001 From: Marius Arvinte Date: Mon, 1 Jun 2026 12:53:37 -0700 Subject: [PATCH 6/7] For binaries, delete wrappers (#880) (#881) (#45) --- src/ideas/translate.py | 29 ++++------------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/src/ideas/translate.py b/src/ideas/translate.py index 7ed24df..6ca94b0 100644 --- a/src/ideas/translate.py +++ b/src/ideas/translate.py @@ -18,7 +18,6 @@ from ideas import adapters, model, ModelConfig, GenerateConfig from ideas import SnippetTranslator, RecurrentTranslator, WrapperGenerator, SymbolTester from ideas import create_translation_unit, extract_info_c -from ideas.ast_rust import mangle from ideas.init.consolidate import get_symbols_and_dependencies from .tools import Crate, LARGE_PROJECT @@ -113,30 +112,10 @@ def _cleanup(crate: Crate, symbols: dict) -> None: ) logger.info("Removed bindgen artifacts") - # For libaries, keep variables and global functions - keepers: set[str] = set() - if not crate.is_bin: - keepers = { - mangle(s.spelling) - for s in symbols.values() - if s.is_variable or (s.is_global and s.is_function and s.is_definition) - } - wrapper_dir = crate.rust_src_path.parent / "wrapper" - wrapper_module = crate.rust_src_path.parent / "wrapper.rs" - - lines = wrapper_module.read_text().splitlines() if wrapper_module.exists() else [] - if wrapper_dir.exists(): - for wrapper_file in wrapper_dir.glob("*.rs"): - if wrapper_file.stem not in keepers: - crate.vcs.rm(wrapper_file, force=True) - logger.info(f"Removed non-global wrapper: {wrapper_file.name}") - mod_line = f"pub mod {wrapper_file.stem};" - if mod_line in lines: - lines.remove(mod_line) - if lines: - wrapper_module.write_text("\n".join(lines) + "\n") - crate.vcs.add(wrapper_module) - else: + # For binaries, delete wrappers + if crate.is_bin: + wrapper_dir = crate.rust_src_path.parent / "wrapper" + wrapper_module = crate.rust_src_path.parent / "wrapper.rs" crate.vcs.rm(wrapper_module, wrapper_dir, force=True) From a6aa394b6863f98a0d81bb959b6d5b8fe8b19dc3 Mon Sep 17 00:00:00 2001 From: Marius Arvinte Date: Tue, 2 Jun 2026 13:59:49 -0700 Subject: [PATCH 7/7] Do not consolidate for `LARGE_PROJECT` (#885) --- IDEAS.mk | 33 +++++++++++++++++++++++++++++++ Makefile | 2 +- src/ideas/init/consolidate.py | 4 ++++ src/ideas/translate.py | 34 +++++++++++++++++++++++++------- src/ideas/translate_recurrent.py | 5 +++-- 5 files changed, 68 insertions(+), 10 deletions(-) diff --git a/IDEAS.mk b/IDEAS.mk index b31e521..b93f65f 100644 --- a/IDEAS.mk +++ b/IDEAS.mk @@ -37,8 +37,13 @@ endif EVALUATION_TEST ?= test_cases TEST_FILES := $(wildcard test_vectors/*.json) +ifeq ($(LARGE_PROJECT),1) +TARGETS_LIB ?= +TARGETS_BIN ?= $(shell [ -d build-ninja ] && find build-ninja -maxdepth 1 -name '*.sources' ! -name '*.so.sources' -exec basename {} .sources \; ) +else TARGETS_LIB ?= $(shell [ -d build-ninja ] && find build-ninja -maxdepth 1 -name 'lib*.so.sources' -exec basename {} .so.sources \; | sed -e "s/^lib//gi") TARGETS_BIN ?= $(shell [ -d build-ninja ] && find build-ninja -maxdepth 1 -name '*.sources' ! -name 'lib*.so.sources' -exec basename {} .sources \; ) +endif TARGETS ?= $(TARGETS_BIN) $(TARGETS_LIB) ifeq (${TARGETS},) ifeq ($(filter cmake clean,$(MAKECMDGOALS)),) @@ -122,6 +127,33 @@ translate: $(patsubst %,${TRANSLATION_DIR}/%/translate,${TARGETS}) ; ${TRANSLATION_DIR}/%/translate: ${TRANSLATION_DIR}/%/src/lib.rs | build-ninja/lib%.so.sources ; ${TRANSLATION_DIR}/%/translate: ${TRANSLATION_DIR}/%/src/main.rs | build-ninja/%.sources ; +ifeq ($(LARGE_PROJECT),1) +.PRECIOUS: ${TRANSLATION_DIR}/%/src/lib.rs +${TRANSLATION_DIR}/%/src/lib.rs: | ${TRANSLATION_DIR}/%/Cargo.toml ${TRANSLATION_DIR}/%/tests/${TRANSLATION_TEST}.rs build-ninja/compile_commands.json + -uv run python -m ideas.translate model.name=${PROVIDER}/${MODEL} \ + filename=build-ninja/compile_commands.json \ + cargo_toml=${TRANSLATION_DIR}/$*/Cargo.toml \ + source_priority=build-ninja/lib$*.so.sources \ + tests=${TRANSLATION_TEST} \ + vcs=${VCS} \ + hydra.output_subdir=.translate \ + hydra.job.name=translate \ + hydra.run.dir=${TRANSLATION_DIR}/$* ${TRANSLATE_ARGS} + @touch $@ + +.PRECIOUS: ${TRANSLATION_DIR}/%/src/main.rs +${TRANSLATION_DIR}/%/src/main.rs: | ${TRANSLATION_DIR}/%/Cargo.toml ${TRANSLATION_DIR}/%/tests/${TRANSLATION_TEST}.rs build-ninja/compile_commands.json + -uv run python -m ideas.translate model.name=${PROVIDER}/${MODEL} \ + filename=build-ninja/compile_commands.json \ + cargo_toml=${TRANSLATION_DIR}/$*/Cargo.toml \ + source_priority=build-ninja/$*.sources \ + tests=${TRANSLATION_TEST} \ + vcs=${VCS} \ + hydra.output_subdir=.translate \ + hydra.job.name=translate \ + hydra.run.dir=${TRANSLATION_DIR}/$* ${TRANSLATE_ARGS} + @touch $@ +else .PRECIOUS: ${TRANSLATION_DIR}/%/src/lib.rs ${TRANSLATION_DIR}/%/src/lib.rs: ${TRANSLATION_DIR}/%/src/lib.c | ${TRANSLATION_DIR}/%/Cargo.toml ${TRANSLATION_DIR}/%/tests/${TRANSLATION_TEST}.rs -uv run python -m ideas.translate model.name=${PROVIDER}/${MODEL} \ @@ -145,6 +177,7 @@ ${TRANSLATION_DIR}/%/src/main.rs: ${TRANSLATION_DIR}/%/src/main.c | ${TRANSLATIO hydra.job.name=translate \ hydra.run.dir=${TRANSLATION_DIR}/$* ${TRANSLATE_ARGS} @touch $@ +endif # build .PHONY: build diff --git a/Makefile b/Makefile index df83e8d..107a267 100644 --- a/Makefile +++ b/Makefile @@ -85,7 +85,7 @@ install-clang:## Install Clang-21, must be sudo .PHONY: install-sys-deps install-sys-deps:## Install system dependencies, must be sudo - apt install libpcre3-dev + apt install libpcre3-dev libpcre2-dev .PHONY: serve serve:## Start vLLM server diff --git a/src/ideas/init/consolidate.py b/src/ideas/init/consolidate.py index f048596..b0cccd7 100644 --- a/src/ideas/init/consolidate.py +++ b/src/ideas/init/consolidate.py @@ -629,6 +629,10 @@ def merge_symbols( def _main(cfg: ConsolidateConfig): + if LARGE_PROJECT: + logger.info("LARGE_PROJECT mode enabled: consolidation is disabled!") + return + output_dir = Path(HydraConfig.get().runtime.output_dir) # Get crate information diff --git a/src/ideas/translate.py b/src/ideas/translate.py index 6ca94b0..d2638ef 100644 --- a/src/ideas/translate.py +++ b/src/ideas/translate.py @@ -18,7 +18,7 @@ from ideas import adapters, model, ModelConfig, GenerateConfig from ideas import SnippetTranslator, RecurrentTranslator, WrapperGenerator, SymbolTester from ideas import create_translation_unit, extract_info_c -from ideas.init.consolidate import get_symbols_and_dependencies +from ideas.init.consolidate import get_symbols_and_dependencies, get_asts, create_ast_order from .tools import Crate, LARGE_PROJECT logger = logging.getLogger("ideas.translate") @@ -33,6 +33,8 @@ class TranslateConfig: cargo_toml: Path = MISSING tests: str = MISSING + source_priority: Path | None = None + translator: str = "ChainOfThought" translator_max_iters: int = 5 wrapper_max_iters: int = 5 @@ -50,7 +52,15 @@ def _main(cfg: TranslateConfig) -> None: logger.info(f"Saving results to {output_dir}") crate = Crate(cargo_toml=cfg.cargo_toml.resolve(), vcs=cfg.vcs) # type: ignore[reportArgumentType] + # Resolve source priority + source_priority: list[Path] = [] + if cfg.source_priority: + lines = cfg.source_priority.read_text().splitlines() + source_priority = [Path(line.strip()).resolve() for line in lines if line.strip()] + # Save C source since it will be modified by the agent + if LARGE_PROJECT: + crate.c_src_path.write_text("") orig_c_src = crate.c_src_path.read_bytes() # Make sure Rust source is in known state (i.e., empty) @@ -60,11 +70,21 @@ def _main(cfg: TranslateConfig) -> None: crate.vcs.rm(crate.cargo_toml.parent / "build.rs", force=True) # Get global symbol table - tu = create_translation_unit(cfg.filename) - asts = [extract_info_c(tu)] - symbols, dependencies = get_symbols_and_dependencies( - asts, external_symbol_names=["c:@F@main"] if crate.is_bin else None - ) + if cfg.filename.suffix == ".c": + tu = create_translation_unit(cfg.filename) + asts = [extract_info_c(tu)] + ast_order = None + symbols, dependencies = get_symbols_and_dependencies( + asts, external_symbol_names=["c:@F@main"] if crate.is_bin else None + ) + else: + asts = get_asts(cfg.filename, source_priority) + ast_order = create_ast_order(source_priority, asts) + symbols, dependencies = get_symbols_and_dependencies( + asts, + external_symbol_names=["c:@F@main"] if crate.is_bin else None, + ast_order=ast_order, + ) # Create translation agent model.configure(cfg.model, cfg.generate) @@ -80,7 +100,7 @@ def _main(cfg: TranslateConfig) -> None: ) # Run translation agent and write it to disk - pred = agent(symbols, dependencies) + pred = agent(symbols, dependencies, ast_order) crate.rust_src_path.write_text(pred.translation.text) usage = model.format_usage(pred) if pred.success: diff --git a/src/ideas/translate_recurrent.py b/src/ideas/translate_recurrent.py index 6f11119..e908eca 100644 --- a/src/ideas/translate_recurrent.py +++ b/src/ideas/translate_recurrent.py @@ -11,7 +11,7 @@ import dspy import networkx as nx -from .ast import CodeC, Symbol +from .ast import CodeC, Symbol, TreeResult from .ast_rust import CodeRust, get_signatures from .tools import Crate, LARGE_PROJECT from .init.consolidate import create_symbol_lexical_key_fn @@ -43,6 +43,7 @@ def forward( self, symbols: dict[SymbolName, Symbol], dependencies: dict[SymbolGroup, Iterable[SymbolGroup]], + ast_order: dict[Path, TreeResult] | None = None, ) -> dspy.Prediction: # We always start with an empty crate self.crate.rust_src_path.write_text("") @@ -53,7 +54,7 @@ def forward( assert isinstance(G, nx.DiGraph) groups = list( nx.lexicographical_topological_sort( - G.reverse(copy=False), key=create_symbol_lexical_key_fn(symbols) + G.reverse(copy=False), key=create_symbol_lexical_key_fn(symbols, ast_order) ) )