-
Notifications
You must be signed in to change notification settings - Fork 2
/
thash_shake_robust.c
60 lines (51 loc) · 2.09 KB
/
thash_shake_robust.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
/*
* Copyright (c) 2022 Arm Limited
* Copyright (c) 2022 Matthias Kannwischer
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
*/
//
// This implementation is based on the public domain implementation of SPHINCS+
// available on https://github.com/sphincs/sphincsplus
//
#include <stdint.h>
#include <string.h>
#include "thash.h"
#include "address.h"
#include "params.h"
#include "fips202.h"
/**
* Takes an array of inblocks concatenated arrays of SPX_N bytes.
*/
void thash(unsigned char *out, const unsigned char *in, unsigned int inblocks,
const spx_ctx *ctx, uint32_t addr[8])
{
unsigned char buf[SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N];
unsigned char bitmask[inblocks * SPX_N];
unsigned int i;
memcpy(buf, ctx->pub_seed, SPX_N);
memcpy(buf + SPX_N, addr, SPX_ADDR_BYTES);
shake256(bitmask, inblocks * SPX_N, buf, SPX_N + SPX_ADDR_BYTES);
for (i = 0; i < inblocks * SPX_N; i++) {
buf[SPX_N + SPX_ADDR_BYTES + i] = in[i] ^ bitmask[i];
}
shake256(out, SPX_N, buf, SPX_N + SPX_ADDR_BYTES + inblocks*SPX_N);
}