diff options
Diffstat (limited to 'lib/liboqs/src/common')
72 files changed, 0 insertions, 8583 deletions
diff --git a/lib/liboqs/src/common/Makefile b/lib/liboqs/src/common/Makefile deleted file mode 100644 index fe090f3ff..000000000 --- a/lib/liboqs/src/common/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -USE_GCOV = -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -WARNING_CFLAGS = $(NULL) - diff --git a/lib/liboqs/src/common/aes/Makefile b/lib/liboqs/src/common/aes/Makefile deleted file mode 100644 index fe090f3ff..000000000 --- a/lib/liboqs/src/common/aes/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -USE_GCOV = -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -WARNING_CFLAGS = $(NULL) - diff --git a/lib/liboqs/src/common/aes/aes.c b/lib/liboqs/src/common/aes/aes.c deleted file mode 100644 index 1fef083a7..000000000 --- a/lib/liboqs/src/common/aes/aes.c +++ /dev/null @@ -1,137 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include <assert.h> -#include <stdio.h> -#include <string.h> - -#include <oqs/common.h> - -#include "aes.h" -#include "aes_local.h" - -#if defined(OQS_DIST_X86_64_BUILD) -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - do { \ - if (OQS_CPU_has_extension(OQS_CPU_EXT_AES)) { \ - stmt_ni; \ - } else { \ - stmt_c; \ - } \ - } while(0) -#elif defined(OQS_DIST_ARM64_V8_BUILD) -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - do { \ - if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_AES)) { \ - stmt_arm; \ - } else { \ - stmt_c; \ - } \ - } while(0) -#elif defined(OQS_USE_AES_INSTRUCTIONS) -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - stmt_ni -#elif defined(OQS_USE_ARM_AES_INSTRUCTIONS) -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - stmt_arm -#else -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - stmt_c -#endif - -void OQS_AES128_ECB_load_schedule(const uint8_t *key, void **_schedule) { - C_OR_NI_OR_ARM( - oqs_aes128_load_schedule_c(key, _schedule), - oqs_aes128_load_schedule_ni(key, _schedule), - oqs_aes128_load_schedule_no_bitslice(key, _schedule) - ); -} - -void OQS_AES128_free_schedule(void *schedule) { - C_OR_NI_OR_ARM( - oqs_aes128_free_schedule_c(schedule), - oqs_aes128_free_schedule_ni(schedule), - oqs_aes128_free_schedule_no_bitslice(schedule) - ); -} - -void OQS_AES256_ECB_load_schedule(const uint8_t *key, void **_schedule) { - C_OR_NI_OR_ARM( - oqs_aes256_load_schedule_c(key, _schedule), - oqs_aes256_load_schedule_ni(key, _schedule), - oqs_aes256_load_schedule_no_bitslice(key, _schedule) - ); -} - -void OQS_AES256_CTR_inc_init(const uint8_t *key, void **_schedule) { - OQS_AES256_ECB_load_schedule(key, _schedule); -} - -void OQS_AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *_schedule) { - C_OR_NI_OR_ARM( - oqs_aes256_load_iv_c(iv, iv_len, _schedule), - oqs_aes256_load_iv_ni(iv, iv_len, _schedule), - oqs_aes256_load_iv_armv8(iv, iv_len, _schedule) - ); -} - -void OQS_AES256_CTR_inc_ivu64(uint64_t iv, void *_schedule) { - C_OR_NI_OR_ARM( - oqs_aes256_load_iv_u64_c(iv, _schedule), - oqs_aes256_load_iv_u64_ni(iv, _schedule), - (void) iv; (void) _schedule - ); -} - -void OQS_AES256_free_schedule(void *schedule) { - C_OR_NI_OR_ARM( - oqs_aes256_free_schedule_c(schedule), - oqs_aes256_free_schedule_ni(schedule), - oqs_aes256_free_schedule_no_bitslice(schedule) - ); -} - -void OQS_AES128_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { - void *schedule = NULL; - OQS_AES128_ECB_load_schedule(key, &schedule); - OQS_AES128_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); - OQS_AES128_free_schedule(schedule); -} - -void OQS_AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { - C_OR_NI_OR_ARM( - oqs_aes128_ecb_enc_sch_c(plaintext, plaintext_len, schedule, ciphertext), - oqs_aes128_ecb_enc_sch_ni(plaintext, plaintext_len, schedule, ciphertext), - oqs_aes128_ecb_enc_sch_armv8(plaintext, plaintext_len, schedule, ciphertext) - ); -} - -void OQS_AES256_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { - void *schedule = NULL; - OQS_AES256_ECB_load_schedule(key, &schedule); - OQS_AES256_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); - OQS_AES256_free_schedule(schedule); -} - -void OQS_AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { - C_OR_NI_OR_ARM( - oqs_aes256_ecb_enc_sch_c(plaintext, plaintext_len, schedule, ciphertext), - oqs_aes256_ecb_enc_sch_ni(plaintext, plaintext_len, schedule, ciphertext), - oqs_aes256_ecb_enc_sch_armv8(plaintext, plaintext_len, schedule, ciphertext) - ); -} - -void OQS_AES256_CTR_inc_stream_iv(const uint8_t *iv, const size_t iv_len, const void *schedule, uint8_t *out, size_t out_len) { - C_OR_NI_OR_ARM( - oqs_aes256_ctr_enc_sch_c(iv, iv_len, schedule, out, out_len), - oqs_aes256_ctr_enc_sch_ni(iv, iv_len, schedule, out, out_len), - oqs_aes256_ctr_enc_sch_armv8(iv, iv_len, schedule, out, out_len) - ); -} - -void OQS_AES256_CTR_inc_stream_blks(void *schedule, uint8_t *out, size_t out_blks) { - C_OR_NI_OR_ARM( - oqs_aes256_ctr_enc_sch_upd_blks_c(schedule, out, out_blks), - oqs_aes256_ctr_enc_sch_upd_blks_ni(schedule, out, out_blks), - oqs_aes256_ctr_enc_sch_upd_blks_armv8(schedule, out, out_blks) - ); -} diff --git a/lib/liboqs/src/common/aes/aes.gyp b/lib/liboqs/src/common/aes/aes.gyp deleted file mode 100644 index 851c954be..000000000 --- a/lib/liboqs/src/common/aes/aes.gyp +++ /dev/null @@ -1,40 +0,0 @@ -# DO NOT EDIT: generated from subdir.gyp.template -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../../../../coreconf/config.gypi' - ], - 'targets': [ - { - 'target_name': 'oqs_src_common_aes', - 'type': 'static_library', - 'sources': [ - 'aes.c', - 'aes_c.c', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } - ], - 'target_defaults': { - 'defines': [ - ], - 'include_dirs': [ - '<(DEPTH)/lib/liboqs/src/common/pqclean_shims', - '<(DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits', - ], - [ 'OS=="mac"', { - 'defines': [ - 'OQS_HAVE_POSIX_MEMALIGN', - 'OQS_HAVE_ALIGNED_ALLOC', - 'OQS_HAVE_MEMALIGN' - ] - }] - }, - 'variables': { - 'module': 'oqs' - } -} diff --git a/lib/liboqs/src/common/aes/aes.h b/lib/liboqs/src/common/aes/aes.h deleted file mode 100644 index ce0cb3616..000000000 --- a/lib/liboqs/src/common/aes/aes.h +++ /dev/null @@ -1,151 +0,0 @@ -/** - * \file aes.h - * \brief Header defining the API for OQS AES - * - * SPDX-License-Identifier: MIT - */ - -#ifndef OQS_AES_H -#define OQS_AES_H - -#include <stdint.h> -#include <stdlib.h> - -#if defined(__cplusplus) -extern "C" { -#endif - -/** - * Function to fill a key schedule given an initial key for use in ECB mode. - * - * @param key Initial Key. - * @param ctx Abstract data structure for a key schedule. - */ -void OQS_AES128_ECB_load_schedule(const uint8_t *key, void **ctx); - -/** - * Function to free a key schedule. - * - * @param ctx Context generated with OQS_AES128_ECB_load_schedule(). - */ -void OQS_AES128_free_schedule(void *ctx); - -/** - * Function to encrypt blocks of plaintext using ECB mode. - * A schedule based on the key is generated and used internally. - * - * @param plaintext Plaintext to be encrypted. - * @param plaintext_len Length on the plaintext in bytes. Must be a multiple of 16. - * @param key Key to be used for encryption. - * @param ciphertext Pointer to a block of memory which >= in size to the plaintext block. The result will be written here. - * @warning plaintext_len must be a multiple of 16. - */ -void OQS_AES128_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext); - -/** - * Same as OQS_AES128_ECB_enc() except a schedule generated by - * OQS_AES128_ECB_load_schedule() is passed rather then a key. This is faster - * if the same schedule is used for multiple encryptions since it does - * not have to be regenerated from the key. - */ -void OQS_AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); - -/** - * Function to fill a key schedule given an initial key for use in ECB mode encryption. - * - * @param key Initial Key. - * @param ctx Abstract data structure for a key schedule. - */ -void OQS_AES256_ECB_load_schedule(const uint8_t *key, void **ctx); - -/** - * Function to initialize a context and fill a key schedule given an initial key for - * use in CTR mode. - * - * @param key Initial Key. - * @param ctx Abstract data structure for a key schedule. - */ -void OQS_AES256_CTR_inc_init(const uint8_t *key, void **ctx); - -/** - * Function to fill a context given an IV for use in CTR mode. - * - * Handles a 12- or 16-byte IV. If a 12-byte IV is given, then 4 counter - * bytes are initialized to all zeros. - * - * @param iv Initialization Vector. - * @param iv_len Length of the initialization vector. - * @param ctx Abstract data structure for IV. - */ -void OQS_AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *ctx); - -/** - * Function to fill a context given an IV for use in CTR mode. - * Handles an 8-byte IV passed as a 64-bit unsigned integer, - * counter bytes are initialized to zero. - * - * @param iv Initialization Vector as 64-bit integer. - * @param ctx Abstract data structure for IV. - */ -void OQS_AES256_CTR_inc_ivu64(uint64_t iv, void *ctx); - -/** - * Function to free a key schedule. - * - * @param ctx Schedule generated with OQS_AES256_ECB_load_schedule - * or OQS_AES256_CTR_inc_init. - */ -void OQS_AES256_free_schedule(void *ctx); - -/** - * Function to encrypt blocks of plaintext using ECB mode. - * A schedule based on the key is generated and used internally. - * - * @param plaintext Plaintext to be encrypted. - * @param plaintext_len Length on the plaintext in bytes. Must be a multiple of 16. - * @param key Key to be used for encryption. - * @param ciphertext Pointer to a block of memory which >= in size to the plaintext block. The result will be written here. - * @warning plaintext_len must be a multiple of 16. - */ -void OQS_AES256_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext); - -/** - * Same as OQS_AES256_ECB_enc() except a schedule generated by - * OQS_AES256_ECB_load_schedule() is passed rather then a key. This is faster - * if the same schedule is used for multiple encryptions since it does - * not have to be regenerated from the key. - */ -void OQS_AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); - -/** - * AES counter mode keystream generator. A context generated by - * OQS_AES256_CTR_inc_init() is passed rather then a key. - * - * Handles a 12- or 16-byte IV. If a 12-byte IV is given, then 4 counter - * bytes are initialized to all zeros. - * - * @param iv 12- or 16-byte initialization vector. - * @param iv_len Lengh of IV in bytes. - * @param ctx Abstract data structure for a key schedule. - * @param out Pointer to a block of memory which is big enough to contain out_len bytes; the result will be written here. - * @param out_len Length of output bytes to generate. - */ -void OQS_AES256_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const void *ctx, uint8_t *out, size_t out_len); - -/** - * AES counter mode keystream generator. A context generated by - * OQS_AES256_CTR_inc_init() and OQS_AES256_CTR_inc_iv() is passed - * rather than a key and an IV. The counter is internally updated, which allows - * the function to be called multiple times. - * - * @param ctx Abstract data structure for key schedule and IV. - * @param out Pointer to a block of memory which is big enough to contain out_blks*16 bytes; the result will be written here. - * @param out_blks Length of output blocks to generate, where one block is 16 bytes. - */ -void OQS_AES256_CTR_inc_stream_blks(void *ctx, uint8_t *out, size_t out_blks); - -#if defined(__cplusplus) -} // extern "C" -#endif - -#endif // OQS_AES_H diff --git a/lib/liboqs/src/common/aes/aes_c.c b/lib/liboqs/src/common/aes/aes_c.c deleted file mode 100644 index e55869024..000000000 --- a/lib/liboqs/src/common/aes/aes_c.c +++ /dev/null @@ -1,774 +0,0 @@ -// SPDX-License-Identifier: MIT -/* Adapted for OQS from PQClean. */ -/* - * AES implementation based on code from BearSSL (https://bearssl.org/) - * by Thomas Pornin. - * - * - * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org> - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include <assert.h> -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -#include "aes.h" -#include <oqs/common.h> - -#define AES128_KEYBYTES 16 -#define AES256_KEYBYTES 32 -#define AESCTR_NONCEBYTES 12 -#define AES_BLOCKBYTES 16 - -#define PQC_AES128_STATESIZE 88 -typedef struct { - uint64_t sk_exp[PQC_AES128_STATESIZE]; - uint8_t iv[AES_BLOCKBYTES]; -} aes128ctx; - -#define PQC_AES256_STATESIZE 120 -typedef struct { - uint64_t sk_exp[PQC_AES256_STATESIZE]; - uint8_t iv[AES_BLOCKBYTES]; -} aes256ctx; - -typedef struct { - uint32_t sk_exp[60]; - uint8_t iv[16]; -} aes256ctx_nobitslice; - -static inline uint32_t br_dec32le(const unsigned char *src) { - return (uint32_t)src[0] - | ((uint32_t)src[1] << 8) - | ((uint32_t)src[2] << 16) - | ((uint32_t)src[3] << 24); -} - - -static void br_range_dec32le(uint32_t *v, size_t num, const unsigned char *src) { - while (num-- > 0) { - *v ++ = br_dec32le(src); - src += 4; - } -} - - -static inline uint32_t br_swap32(uint32_t x) { - x = ((x & (uint32_t)0x00FF00FF) << 8) - | ((x >> 8) & (uint32_t)0x00FF00FF); - return (x << 16) | (x >> 16); -} - - -static inline void br_enc32le(unsigned char *dst, uint32_t x) { - dst[0] = (unsigned char)x; - dst[1] = (unsigned char)(x >> 8); - dst[2] = (unsigned char)(x >> 16); - dst[3] = (unsigned char)(x >> 24); -} - -static inline void br_enc32be(unsigned char *dst, uint32_t x) { - dst[0] = (unsigned char)(x >> 24); - dst[1] = (unsigned char)(x >> 16); - dst[2] = (unsigned char)(x >> 8); - dst[3] = (unsigned char)x; -} - -static void br_range_enc32le(unsigned char *dst, const uint32_t *v, size_t num) { - while (num-- > 0) { - br_enc32le(dst, *v ++); - dst += 4; - } -} - - -static void br_aes_ct64_bitslice_Sbox(uint64_t *q) { - /* - * This S-box implementation is a straightforward translation of - * the circuit described by Boyar and Peralta in "A new - * combinational logic minimization technique with applications - * to cryptology" (https://eprint.iacr.org/2009/191.pdf). - * - * Note that variables x* (input) and s* (output) are numbered - * in "reverse" order (x0 is the high bit, x7 is the low bit). - */ - - uint64_t x0, x1, x2, x3, x4, x5, x6, x7; - uint64_t y1, y2, y3, y4, y5, y6, y7, y8, y9; - uint64_t y10, y11, y12, y13, y14, y15, y16, y17, y18, y19; - uint64_t y20, y21; - uint64_t z0, z1, z2, z3, z4, z5, z6, z7, z8, z9; - uint64_t z10, z11, z12, z13, z14, z15, z16, z17; - uint64_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9; - uint64_t t10, t11, t12, t13, t14, t15, t16, t17, t18, t19; - uint64_t t20, t21, t22, t23, t24, t25, t26, t27, t28, t29; - uint64_t t30, t31, t32, t33, t34, t35, t36, t37, t38, t39; - uint64_t t40, t41, t42, t43, t44, t45, t46, t47, t48, t49; - uint64_t t50, t51, t52, t53, t54, t55, t56, t57, t58, t59; - uint64_t t60, t61, t62, t63, t64, t65, t66, t67; - uint64_t s0, s1, s2, s3, s4, s5, s6, s7; - - x0 = q[7]; - x1 = q[6]; - x2 = q[5]; - x3 = q[4]; - x4 = q[3]; - x5 = q[2]; - x6 = q[1]; - x7 = q[0]; - - /* - * Top linear transformation. - */ - y14 = x3 ^ x5; - y13 = x0 ^ x6; - y9 = x0 ^ x3; - y8 = x0 ^ x5; - t0 = x1 ^ x2; - y1 = t0 ^ x7; - y4 = y1 ^ x3; - y12 = y13 ^ y14; - y2 = y1 ^ x0; - y5 = y1 ^ x6; - y3 = y5 ^ y8; - t1 = x4 ^ y12; - y15 = t1 ^ x5; - y20 = t1 ^ x1; - y6 = y15 ^ x7; - y10 = y15 ^ t0; - y11 = y20 ^ y9; - y7 = x7 ^ y11; - y17 = y10 ^ y11; - y19 = y10 ^ y8; - y16 = t0 ^ y11; - y21 = y13 ^ y16; - y18 = x0 ^ y16; - - /* - * Non-linear section. - */ - t2 = y12 & y15; - t3 = y3 & y6; - t4 = t3 ^ t2; - t5 = y4 & x7; - t6 = t5 ^ t2; - t7 = y13 & y16; - t8 = y5 & y1; - t9 = t8 ^ t7; - t10 = y2 & y7; - t11 = t10 ^ t7; - t12 = y9 & y11; - t13 = y14 & y17; - t14 = t13 ^ t12; - t15 = y8 & y10; - t16 = t15 ^ t12; - t17 = t4 ^ t14; - t18 = t6 ^ t16; - t19 = t9 ^ t14; - t20 = t11 ^ t16; - t21 = t17 ^ y20; - t22 = t18 ^ y19; - t23 = t19 ^ y21; - t24 = t20 ^ y18; - - t25 = t21 ^ t22; - t26 = t21 & t23; - t27 = t24 ^ t26; - t28 = t25 & t27; - t29 = t28 ^ t22; - t30 = t23 ^ t24; - t31 = t22 ^ t26; - t32 = t31 & t30; - t33 = t32 ^ t24; - t34 = t23 ^ t33; - t35 = t27 ^ t33; - t36 = t24 & t35; - t37 = t36 ^ t34; - t38 = t27 ^ t36; - t39 = t29 & t38; - t40 = t25 ^ t39; - - t41 = t40 ^ t37; - t42 = t29 ^ t33; - t43 = t29 ^ t40; - t44 = t33 ^ t37; - t45 = t42 ^ t41; - z0 = t44 & y15; - z1 = t37 & y6; - z2 = t33 & x7; - z3 = t43 & y16; - z4 = t40 & y1; - z5 = t29 & y7; - z6 = t42 & y11; - z7 = t45 & y17; - z8 = t41 & y10; - z9 = t44 & y12; - z10 = t37 & y3; - z11 = t33 & y4; - z12 = t43 & y13; - z13 = t40 & y5; - z14 = t29 & y2; - z15 = t42 & y9; - z16 = t45 & y14; - z17 = t41 & y8; - - /* - * Bottom linear transformation. - */ - t46 = z15 ^ z16; - t47 = z10 ^ z11; - t48 = z5 ^ z13; - t49 = z9 ^ z10; - t50 = z2 ^ z12; - t51 = z2 ^ z5; - t52 = z7 ^ z8; - t53 = z0 ^ z3; - t54 = z6 ^ z7; - t55 = z16 ^ z17; - t56 = z12 ^ t48; - t57 = t50 ^ t53; - t58 = z4 ^ t46; - t59 = z3 ^ t54; - t60 = t46 ^ t57; - t61 = z14 ^ t57; - t62 = t52 ^ t58; - t63 = t49 ^ t58; - t64 = z4 ^ t59; - t65 = t61 ^ t62; - t66 = z1 ^ t63; - s0 = t59 ^ t63; - s6 = t56 ^ ~t62; - s7 = t48 ^ ~t60; - t67 = t64 ^ t65; - s3 = t53 ^ t66; - s4 = t51 ^ t66; - s5 = t47 ^ t65; - s1 = t64 ^ ~s3; - s2 = t55 ^ ~t67; - - q[7] = s0; - q[6] = s1; - q[5] = s2; - q[4] = s3; - q[3] = s4; - q[2] = s5; - q[1] = s6; - q[0] = s7; -} - -static void br_aes_ct64_ortho(uint64_t *q) { -#define SWAPN(cl, ch, s, x, y) do { \ - uint64_t a, b; \ - a = (x); \ - b = (y); \ - (x) = (a & (uint64_t)(cl)) | ((b & (uint64_t)(cl)) << (s)); \ - (y) = ((a & (uint64_t)(ch)) >> (s)) | (b & (uint64_t)(ch)); \ - } while (0) - -#define SWAP2(x, y) SWAPN(0x5555555555555555, 0xAAAAAAAAAAAAAAAA, 1, x, y) -#define SWAP4(x, y) SWAPN(0x3333333333333333, 0xCCCCCCCCCCCCCCCC, 2, x, y) -#define SWAP8(x, y) SWAPN(0x0F0F0F0F0F0F0F0F, 0xF0F0F0F0F0F0F0F0, 4, x, y) - - SWAP2(q[0], q[1]); - SWAP2(q[2], q[3]); - SWAP2(q[4], q[5]); - SWAP2(q[6], q[7]); - - SWAP4(q[0], q[2]); - SWAP4(q[1], q[3]); - SWAP4(q[4], q[6]); - SWAP4(q[5], q[7]); - - SWAP8(q[0], q[4]); - SWAP8(q[1], q[5]); - SWAP8(q[2], q[6]); - SWAP8(q[3], q[7]); -} - - -static void br_aes_ct64_interleave_in(uint64_t *q0, uint64_t *q1, const uint32_t *w) { - uint64_t x0, x1, x2, x3; - - x0 = w[0]; - x1 = w[1]; - x2 = w[2]; - x3 = w[3]; - x0 |= (x0 << 16); - x1 |= (x1 << 16); - x2 |= (x2 << 16); - x3 |= (x3 << 16); - x0 &= (uint64_t)0x0000FFFF0000FFFF; - x1 &= (uint64_t)0x0000FFFF0000FFFF; - x2 &= (uint64_t)0x0000FFFF0000FFFF; - x3 &= (uint64_t)0x0000FFFF0000FFFF; - x0 |= (x0 << 8); - x1 |= (x1 << 8); - x2 |= (x2 << 8); - x3 |= (x3 << 8); - x0 &= (uint64_t)0x00FF00FF00FF00FF; - x1 &= (uint64_t)0x00FF00FF00FF00FF; - x2 &= (uint64_t)0x00FF00FF00FF00FF; - x3 &= (uint64_t)0x00FF00FF00FF00FF; - *q0 = x0 | (x2 << 8); - *q1 = x1 | (x3 << 8); -} - - -static void br_aes_ct64_interleave_out(uint32_t *w, uint64_t q0, uint64_t q1) { - uint64_t x0, x1, x2, x3; - - x0 = q0 & (uint64_t)0x00FF00FF00FF00FF; - x1 = q1 & (uint64_t)0x00FF00FF00FF00FF; - x2 = (q0 >> 8) & (uint64_t)0x00FF00FF00FF00FF; - x3 = (q1 >> 8) & (uint64_t)0x00FF00FF00FF00FF; - x0 |= (x0 >> 8); - x1 |= (x1 >> 8); - x2 |= (x2 >> 8); - x3 |= (x3 >> 8); - x0 &= (uint64_t)0x0000FFFF0000FFFF; - x1 &= (uint64_t)0x0000FFFF0000FFFF; - x2 &= (uint64_t)0x0000FFFF0000FFFF; - x3 &= (uint64_t)0x0000FFFF0000FFFF; - w[0] = (uint32_t)x0 | (uint32_t)(x0 >> 16); - w[1] = (uint32_t)x1 | (uint32_t)(x1 >> 16); - w[2] = (uint32_t)x2 | (uint32_t)(x2 >> 16); - w[3] = (uint32_t)x3 | (uint32_t)(x3 >> 16); -} - -static const unsigned char Rcon[] = { - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 -}; - -static uint32_t sub_word(uint32_t x) { - uint64_t q[8]; - - memset(q, 0, sizeof q); - q[0] = x; - br_aes_ct64_ortho(q); - br_aes_ct64_bitslice_Sbox(q); - br_aes_ct64_ortho(q); - return (uint32_t)q[0]; -} - -static void br_aes_ct64_keysched(uint64_t *comp_skey, const unsigned char *key, unsigned int key_len) { - unsigned int i, j, k, nk, nkf; - uint32_t tmp; - uint32_t skey[60]; - unsigned nrounds = 10 + ((key_len - 16) >> 2); - - nk = (key_len >> 2); - nkf = ((nrounds + 1) << 2); - br_range_dec32le(skey, (key_len >> 2), key); - tmp = skey[(key_len >> 2) - 1]; - for (i = nk, j = 0, k = 0; i < nkf; i ++) { - if (j == 0) { - tmp = (tmp << 24) | (tmp >> 8); - tmp = sub_word(tmp) ^ Rcon[k]; - } else if (nk > 6 && j == 4) { - tmp = sub_word(tmp); - } - tmp ^= skey[i - nk]; - skey[i] = tmp; - if (++ j == nk) { - j = 0; - k ++; - } - } - - for (i = 0, j = 0; i < nkf; i += 4, j += 2) { - uint64_t q[8]; - - br_aes_ct64_interleave_in(&q[0], &q[4], skey + i); - q[1] = q[0]; - q[2] = q[0]; - q[3] = q[0]; - q[5] = q[4]; - q[6] = q[4]; - q[7] = q[4]; - br_aes_ct64_ortho(q); - comp_skey[j + 0] = - (q[0] & (uint64_t)0x1111111111111111) - | (q[1] & (uint64_t)0x2222222222222222) - | (q[2] & (uint64_t)0x4444444444444444) - | (q[3] & (uint64_t)0x8888888888888888); - comp_skey[j + 1] = - (q[4] & (uint64_t)0x1111111111111111) - | (q[5] & (uint64_t)0x2222222222222222) - | (q[6] & (uint64_t)0x4444444444444444) - | (q[7] & (uint64_t)0x8888888888888888); - } -} - -static void br_aes_ct64_skey_expand(uint64_t *skey, const uint64_t *comp_skey, unsigned int nrounds) { - unsigned u, v, n; - - n = (nrounds + 1) << 1; - for (u = 0, v = 0; u < n; u ++, v += 4) { - uint64_t x0, x1, x2, x3; - - x0 = x1 = x2 = x3 = comp_skey[u]; - x0 &= (uint64_t)0x1111111111111111; - x1 &= (uint64_t)0x2222222222222222; - x2 &= (uint64_t)0x4444444444444444; - x3 &= (uint64_t)0x8888888888888888; - x1 >>= 1; - x2 >>= 2; - x3 >>= 3; - skey[v + 0] = (x0 << 4) - x0; - skey[v + 1] = (x1 << 4) - x1; - skey[v + 2] = (x2 << 4) - x2; - skey[v + 3] = (x3 << 4) - x3; - } -} - - -static inline void add_round_key(uint64_t *q, const uint64_t *sk) { - q[0] ^= sk[0]; - q[1] ^= sk[1]; - q[2] ^= sk[2]; - q[3] ^= sk[3]; - q[4] ^= sk[4]; - q[5] ^= sk[5]; - q[6] ^= sk[6]; - q[7] ^= sk[7]; -} - -static inline void shift_rows(uint64_t *q) { - int i; - - for (i = 0; i < 8; i ++) { - uint64_t x; - - x = q[i]; - q[i] = (x & (uint64_t)0x000000000000FFFF) - | ((x & (uint64_t)0x00000000FFF00000) >> 4) - | ((x & (uint64_t)0x00000000000F0000) << 12) - | ((x & (uint64_t)0x0000FF0000000000) >> 8) - | ((x & (uint64_t)0x000000FF00000000) << 8) - | ((x & (uint64_t)0xF000000000000000) >> 12) - | ((x & (uint64_t)0x0FFF000000000000) << 4); - } -} - -static inline uint64_t rotr32(uint64_t x) { - return (x << 32) | (x >> 32); -} - -static inline void mix_columns(uint64_t *q) { - uint64_t q0, q1, q2, q3, q4, q5, q6, q7; - uint64_t r0, r1, r2, r3, r4, r5, r6, r7; - - q0 = q[0]; - q1 = q[1]; - q2 = q[2]; - q3 = q[3]; - q4 = q[4]; - q5 = q[5]; - q6 = q[6]; - q7 = q[7]; - r0 = (q0 >> 16) | (q0 << 48); - r1 = (q1 >> 16) | (q1 << 48); - r2 = (q2 >> 16) | (q2 << 48); - r3 = (q3 >> 16) | (q3 << 48); - r4 = (q4 >> 16) | (q4 << 48); - r5 = (q5 >> 16) | (q5 << 48); - r6 = (q6 >> 16) | (q6 << 48); - r7 = (q7 >> 16) | (q7 << 48); - - q[0] = q7 ^ r7 ^ r0 ^ rotr32(q0 ^ r0); - q[1] = q0 ^ r0 ^ q7 ^ r7 ^ r1 ^ rotr32(q1 ^ r1); - q[2] = q1 ^ r1 ^ r2 ^ rotr32(q2 ^ r2); - q[3] = q2 ^ r2 ^ q7 ^ r7 ^ r3 ^ rotr32(q3 ^ r3); - q[4] = q3 ^ r3 ^ q7 ^ r7 ^ r4 ^ rotr32(q4 ^ r4); - q[5] = q4 ^ r4 ^ r5 ^ rotr32(q5 ^ r5); - q[6] = q5 ^ r5 ^ r6 ^ rotr32(q6 ^ r6); - q[7] = q6 ^ r6 ^ r7 ^ rotr32(q7 ^ r7); -} - - -static void inc4_be(uint32_t *x) { - uint32_t t = br_swap32(*x) + 4; - *x = br_swap32(t); -} - - -static void aes_ecb4x(unsigned char out[64], const uint32_t ivw[16], const uint64_t *sk_exp, unsigned int nrounds) { - uint32_t w[16]; - uint64_t q[8]; - unsigned int i; - - memcpy(w, ivw, sizeof(w)); - for (i = 0; i < 4; i++) { - br_aes_ct64_interleave_in(&q[i], &q[i + 4], w + (i << 2)); - } - br_aes_ct64_ortho(q); - - - add_round_key(q, sk_exp); - for (i = 1; i < nrounds; i++) { - br_aes_ct64_bitslice_Sbox(q); - shift_rows(q); - mix_columns(q); - add_round_key(q, sk_exp + (i << 3)); - } - br_aes_ct64_bitslice_Sbox(q); - shift_rows(q); - add_round_key(q, sk_exp + 8 * nrounds); - - br_aes_ct64_ortho(q); - for (i = 0; i < 4; i ++) { - br_aes_ct64_interleave_out(w + (i << 2), q[i], q[i + 4]); - } - br_range_enc32le(out, w, 16); -} - - -static void aes_ctr4x(unsigned char out[64], uint32_t ivw[16], const uint64_t *sk_exp, unsigned int nrounds) { - aes_ecb4x(out, ivw, sk_exp, nrounds); - - /* Increase counter for next 4 blocks */ - inc4_be(ivw + 3); - inc4_be(ivw + 7); - inc4_be(ivw + 11); - inc4_be(ivw + 15); -} - - -static void aes_ecb(unsigned char *out, const unsigned char *in, size_t nblocks, const uint64_t *rkeys, unsigned int nrounds) { - uint32_t blocks[16]; - unsigned char t[64]; - - while (nblocks >= 4) { - br_range_dec32le(blocks, 16, in); - aes_ecb4x(out, blocks, rkeys, nrounds); - nblocks -= 4; - in += 64; - out += 64; - } - - if (nblocks) { - br_range_dec32le(blocks, nblocks * 4, in); - aes_ecb4x(t, blocks, rkeys, nrounds); - memcpy(out, t, nblocks * 16); - } -} - -static inline void aes256_ctr_upd_blks(unsigned char *out, size_t outblks, aes256ctx *ctx) { - uint32_t ivw[16]; - size_t i; - uint32_t cc; - uint8_t *iv = ctx->iv; - uint32_t blocks = (uint32_t) outblks; - unsigned int nrounds = 14; - - br_range_dec32le(ivw, 4, iv); - - memcpy(ivw + 4, ivw, 3 * sizeof(uint32_t)); - memcpy(ivw + 8, ivw, 3 * sizeof(uint32_t)); - memcpy(ivw + 12, ivw, 3 * sizeof(uint32_t)); - cc = br_swap32(ivw[3]); - ivw[ 7] = br_swap32(cc + 1); - ivw[11] = br_swap32(cc + 2); - ivw[15] = br_swap32(cc + 3); - - while (outblks >= 4) { - aes_ctr4x(out, ivw, ctx->sk_exp, nrounds); - out += 64; - outblks -= 4; - } - if (outblks > 0) { - unsigned char tmp[64]; - aes_ctr4x(tmp, ivw, ctx->sk_exp, nrounds); - for (i = 0; i < outblks * 16; i++) { - out[i] = tmp[i]; - } - } - br_enc32be(&ctx->iv[12], cc + blocks); -} - -static void aes_ctr(unsigned char *out, size_t outlen, const unsigned char *iv, const size_t iv_len, const uint64_t *rkeys, unsigned int nrounds) { - uint32_t ivw[16]; - size_t i; - uint32_t cc; - - if (iv_len == 12) { - br_range_dec32le(ivw, 3, iv); - ivw[3] = 0; - } else if (iv_len == 16) { - br_range_dec32le(ivw, 4, iv); - } else { - exit(EXIT_FAILURE); - } - memcpy(ivw + 4, ivw, 3 * sizeof(uint32_t)); - memcpy(ivw + 8, ivw, 3 * sizeof(uint32_t)); - memcpy(ivw + 12, ivw, 3 * sizeof(uint32_t)); - cc = br_swap32(ivw[3]); - ivw[ 7] = br_swap32(cc + 1); - ivw[11] = br_swap32(cc + 2); - ivw[15] = br_swap32(cc + 3); - - while (outlen >= 64) { - aes_ctr4x(out, ivw, rkeys, nrounds); - out += 64; - outlen -= 64; - } - if (outlen > 0) { - unsigned char tmp[64]; - aes_ctr4x(tmp, ivw, rkeys, nrounds); - for (i = 0; i < outlen; i++) { - out[i] = tmp[i]; - } - } -} - -void oqs_aes128_load_schedule_c(const uint8_t *key, void **_schedule) { - *_schedule = malloc(sizeof(aes128ctx)); - OQS_EXIT_IF_NULLPTR(*_schedule); - aes128ctx *ctx = (aes128ctx *) *_schedule; - uint64_t skey[22]; - br_aes_ct64_keysched(skey, key, 16); - br_aes_ct64_skey_expand(ctx->sk_exp, skey, 10); -} - -void oqs_aes256_load_schedule_c(const uint8_t *key, void **_schedule) { - *_schedule = malloc(sizeof(aes256ctx)); - OQS_EXIT_IF_NULLPTR(*_schedule); - aes256ctx *ctx = (aes256ctx *) *_schedule; - uint64_t skey[30]; - br_aes_ct64_keysched(skey, key, 32); - br_aes_ct64_skey_expand(ctx->sk_exp, skey, 14); -} - -static void aes_keysched_no_bitslice(uint32_t *skey, const unsigned char *key, unsigned int key_len) { - unsigned int i, j, k, nk, nkf; - uint32_t tmp; - unsigned nrounds = 10 + ((key_len - 16) >> 2); - - nk = (key_len >> 2); - nkf = ((nrounds + 1) << 2); - br_range_dec32le(skey, (key_len >> 2), key); - tmp = skey[(key_len >> 2) - 1]; - for (i = nk, j = 0, k = 0; i < nkf; i ++) { - if (j == 0) { - tmp = (tmp << 24) | (tmp >> 8); - tmp = sub_word(tmp) ^ Rcon[k]; - } else if (nk > 6 && j == 4) { - tmp = sub_word(tmp); - } - tmp ^= skey[i - nk]; - skey[i] = tmp; - if (++ j == nk) { - j = 0; - k ++; - } - } -} - -void oqs_aes256_load_schedule_no_bitslice(const uint8_t *key, void **_schedule) { - *_schedule = malloc(sizeof(aes256ctx_nobitslice)); - assert(*_schedule != NULL); - uint32_t *schedule = ((aes256ctx_nobitslice *) *_schedule)->sk_exp; - aes_keysched_no_bitslice(schedule, (const unsigned char *) key, 32); -} - -void oqs_aes256_load_iv_c(const uint8_t *iv, size_t iv_len, void *_schedule) { - aes256ctx *ctx = _schedule; - if (iv_len == 12) { - memcpy(ctx->iv, iv, 12); - memset(&ctx->iv[12], 0, 4); - } else if (iv_len == 16) { - memcpy(ctx->iv, iv, 16); - } else { - exit(EXIT_FAILURE); - } -} - -void oqs_aes256_load_iv_u64_c(uint64_t iv, void *schedule) { - OQS_EXIT_IF_NULLPTR(schedule); - aes256ctx *ctx = (aes256ctx *) schedule; - ctx->iv[7] = (unsigned char)(iv >> 56); - ctx->iv[6] = (unsigned char)(iv >> 48); - ctx->iv[5] = (unsigned char)(iv >> 40); - ctx->iv[4] = (unsigned char)(iv >> 32); - ctx->iv[3] = (unsigned char)(iv >> 24); - ctx->iv[2] = (unsigned char)(iv >> 16); - ctx->iv[1] = (unsigned char)(iv >> 8); - ctx->iv[0] = (unsigned char)iv; - memset(&ctx->iv[8], 0, 8); -} - -void oqs_aes128_load_schedule_no_bitslice(const uint8_t *key, void **_schedule) { - *_schedule = malloc(44 * sizeof(int)); - assert(*_schedule != NULL); - uint32_t *schedule = (uint32_t *) *_schedule; - aes_keysched_no_bitslice(schedule, (const unsigned char *) key, 16); -} - -void oqs_aes128_ecb_enc_sch_c(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { - assert(plaintext_len % 16 == 0); - const aes128ctx *ctx = (const aes128ctx *) schedule; - aes_ecb(ciphertext, plaintext, plaintext_len / 16, ctx->sk_exp, 10); -} - -void oqs_aes256_ecb_enc_sch_c(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { - assert(plaintext_len % 16 == 0); - const aes256ctx *ctx = (const aes256ctx *) schedule; - aes_ecb(ciphertext, plaintext, plaintext_len / 16, ctx->sk_exp, 14); -} - -void oqs_aes256_ctr_enc_sch_c(const uint8_t *iv, const size_t iv_len, const void *schedule, uint8_t *out, size_t out_len) { - const aes256ctx *ctx = (const aes256ctx *) schedule; - aes_ctr(out, out_len, iv, iv_len, ctx->sk_exp, 14); -} - -void oqs_aes256_ctr_enc_sch_upd_blks_c(void *schedule, uint8_t *out, size_t out_blks) { - aes256ctx *ctx = (aes256ctx *) schedule; - aes256_ctr_upd_blks(out, out_blks, ctx); -} - -void oqs_aes128_free_schedule_c(void *schedule) { - if (schedule != NULL) { - aes128ctx *ctx = (aes128ctx *) schedule; - OQS_MEM_secure_free(ctx, sizeof(aes128ctx)); - } -} - -void oqs_aes256_free_schedule_c(void *schedule) { - if (schedule != NULL) { - aes256ctx *ctx = (aes256ctx *) schedule; - OQS_MEM_secure_free(ctx, sizeof(aes256ctx)); - } -} - -void oqs_aes256_free_schedule_no_bitslice(void *schedule) { - if (schedule != NULL) { - OQS_MEM_secure_free(schedule, sizeof(aes256ctx_nobitslice)); - } -} - -void oqs_aes128_free_schedule_no_bitslice(void *schedule) { - if (schedule != NULL) { - OQS_MEM_secure_free(schedule, 44 * sizeof(int)); - } -} diff --git a/lib/liboqs/src/common/aes/aes_local.h b/lib/liboqs/src/common/aes/aes_local.h deleted file mode 100644 index eac879352..000000000 --- a/lib/liboqs/src/common/aes/aes_local.h +++ /dev/null @@ -1,42 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include <stdint.h> - -void oqs_aes128_load_schedule_ni(const uint8_t *key, void **_schedule); -void oqs_aes128_free_schedule_ni(void *schedule); -void oqs_aes128_enc_sch_block_ni(const uint8_t *plaintext, const void *_schedule, uint8_t *ciphertext); -void oqs_aes128_ecb_enc_sch_ni(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); - -void oqs_aes128_load_schedule_c(const uint8_t *key, void **_schedule); -void oqs_aes128_free_schedule_c(void *schedule); -void oqs_aes128_ecb_enc_sch_c(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); - -void oqs_aes128_load_schedule_no_bitslice(const uint8_t *key, void **_schedule); -void oqs_aes128_free_schedule_no_bitslice(void *schedule); -void oqs_aes128_enc_sch_block_armv8(const uint8_t *plaintext, const void *_schedule, uint8_t *ciphertext); -void oqs_aes128_ecb_enc_sch_armv8(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); - -void oqs_aes256_load_schedule_ni(const uint8_t *key, void **_schedule); -void oqs_aes256_load_iv_ni(const uint8_t *iv, size_t iv_len, void *_schedule); -void oqs_aes256_load_iv_u64_ni(uint64_t iv, void *_schedule); -void oqs_aes256_free_schedule_ni(void *schedule); -void oqs_aes256_enc_sch_block_ni(const uint8_t *plaintext, const void *_schedule, uint8_t *ciphertext); -void oqs_aes256_ecb_enc_sch_ni(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); -void oqs_aes256_ctr_enc_sch_ni(const uint8_t *iv, const size_t iv_len, const void *schedule, uint8_t *out, size_t out_len); -void oqs_aes256_ctr_enc_sch_upd_blks_ni(void *schedule, uint8_t *out, size_t out_len); - -void oqs_aes256_load_schedule_c(const uint8_t *key, void **_schedule); -void oqs_aes256_load_iv_c(const uint8_t *iv, size_t iv_len, void *_schedule); -void oqs_aes256_load_iv_u64_c(uint64_t iv, void *_schedule); -void oqs_aes256_free_schedule_c(void *schedule); -void oqs_aes256_ecb_enc_sch_c(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); -void oqs_aes256_ctr_enc_sch_c(const uint8_t *iv, const size_t iv_len, const void *schedule, uint8_t *out, size_t out_len); -void oqs_aes256_ctr_enc_sch_upd_blks_c(void *schedule, uint8_t *out, size_t out_len); - -void oqs_aes256_load_schedule_no_bitslice(const uint8_t *key, void **_schedule); -void oqs_aes256_load_iv_armv8(const uint8_t *iv, size_t iv_len, void *_schedule); -void oqs_aes256_free_schedule_no_bitslice(void *schedule); -void oqs_aes256_enc_sch_block_armv8(const uint8_t *plaintext, const void *_schedule, uint8_t *ciphertext); -void oqs_aes256_ecb_enc_sch_armv8(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); -void oqs_aes256_ctr_enc_sch_armv8(const uint8_t *iv, const size_t iv_len, const void *schedule, uint8_t *out, size_t out_len); -void oqs_aes256_ctr_enc_sch_upd_blks_armv8(void *schedule, uint8_t *out, size_t out_blks); diff --git a/lib/liboqs/src/common/aes/config.mk b/lib/liboqs/src/common/aes/config.mk deleted file mode 100644 index b28c9ce64..000000000 --- a/lib/liboqs/src/common/aes/config.mk +++ /dev/null @@ -1,17 +0,0 @@ -# DO NOT EDIT: generated from config.mk.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# add fixes for platform integration issues here. -# -# liboqs programs expect the public include files to be in oqs/xxxx, -# So we put liboqs in it's own module, oqs, and point to the dist files -INCLUDES += -I$(CORE_DEPTH)/lib/liboqs/src/common/pqclean_shims -I$(CORE_DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits -DEFINES += - -ifeq ($(OS_ARCH), Darwin) -DEFINES += -DOQS_HAVE_ALIGNED_ALLOC -DOQS_HAVE_MEMALIGN -DOQS_HAVE_POSIX_MEMALIGN -endif - diff --git a/lib/liboqs/src/common/aes/manifest.mn b/lib/liboqs/src/common/aes/manifest.mn deleted file mode 100644 index c43db70c6..000000000 --- a/lib/liboqs/src/common/aes/manifest.mn +++ /dev/null @@ -1,24 +0,0 @@ -# DO NOT EDIT: generated from manifest.mn.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../../../.. - -MODULE = oqs - -LIBRARY_NAME = oqs_src_common_aes -SHARED_LIBRARY = $(NULL) - -CSRCS = \ - aes.c \ - aes_c.c \ - $(NULL) - -# only add module debugging in opt builds if DEBUG_PKCS11 is set -ifdef DEBUG_PKCS11 - DEFINES += -DDEBUG_MODULE -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/src/common/common.c b/lib/liboqs/src/common/common.c deleted file mode 100644 index 43f6b58aa..000000000 --- a/lib/liboqs/src/common/common.c +++ /dev/null @@ -1,324 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 AND MIT - -#if !defined(_WIN32) && !defined(OQS_HAVE_EXPLICIT_BZERO) -// Request memset_s -#define __STDC_WANT_LIB_EXT1__ 1 -#endif - -#include <oqs/common.h> - -#include <errno.h> -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#if !defined(OQS_HAVE_POSIX_MEMALIGN) || defined(__MINGW32__) || defined(__MINGW64__) || defined(_MSC_VER) -#include <malloc.h> -#endif - -#if defined(_WIN32) -#include <windows.h> -#endif - -/* Identifying the CPU is expensive so we cache the results in cpu_ext_data */ -#if defined(OQS_DIST_BUILD) -static unsigned int cpu_ext_data[OQS_CPU_EXT_COUNT] = {0}; -#endif - -#if defined(OQS_DIST_X86_64_BUILD) -/* set_available_cpu_extensions_x86_64() has been written using: - * https://github.com/google/cpu_features/blob/master/src/cpuinfo_x86.c - */ -#include "x86_64_helpers.h" -static void set_available_cpu_extensions(void) { - /* mark that this function has been called */ - cpu_ext_data[OQS_CPU_EXT_INIT] = 1; - - cpuid_out leaf_1; - cpuid(&leaf_1, 1); - if (leaf_1.eax == 0) { - return; - } - - cpuid_out leaf_7; - cpuid(&leaf_7, 7); - - const unsigned int has_xsave = is_bit_set(leaf_1.ecx, 26); - const unsigned int has_osxsave = is_bit_set(leaf_1.ecx, 27); - const uint32_t xcr0_eax = (has_xsave && has_osxsave) ? xgetbv_eax(0) : 0; - - cpu_ext_data[OQS_CPU_EXT_AES] = is_bit_set(leaf_1.ecx, 25); - if (has_mask(xcr0_eax, MASK_XMM | MASK_YMM)) { - cpu_ext_data[OQS_CPU_EXT_AVX] = is_bit_set(leaf_1.ecx, 28); - cpu_ext_data[OQS_CPU_EXT_AVX2] = is_bit_set(leaf_7.ebx, 5); - } - cpu_ext_data[OQS_CPU_EXT_PCLMULQDQ] = is_bit_set(leaf_1.ecx, 1); - cpu_ext_data[OQS_CPU_EXT_POPCNT] = is_bit_set(leaf_1.ecx, 23); - cpu_ext_data[OQS_CPU_EXT_BMI1] = is_bit_set(leaf_7.ebx, 3); - cpu_ext_data[OQS_CPU_EXT_BMI2] = is_bit_set(leaf_7.ebx, 8); - cpu_ext_data[OQS_CPU_EXT_ADX] = is_bit_set(leaf_7.ebx, 19); - - if (has_mask(xcr0_eax, MASK_XMM)) { - cpu_ext_data[OQS_CPU_EXT_SSE] = is_bit_set(leaf_1.edx, 25); - cpu_ext_data[OQS_CPU_EXT_SSE2] = is_bit_set(leaf_1.edx, 26); - cpu_ext_data[OQS_CPU_EXT_SSE3] = is_bit_set(leaf_1.ecx, 0); - } - - if (has_mask(xcr0_eax, MASK_XMM | MASK_YMM | MASK_MASKREG | MASK_ZMM0_15 | MASK_ZMM16_31)) { - unsigned int avx512f = is_bit_set(leaf_7.ebx, 16); - unsigned int avx512bw = is_bit_set(leaf_7.ebx, 30); - unsigned int avx512dq = is_bit_set(leaf_7.ebx, 17); - if (avx512f && avx512bw && avx512dq) { - cpu_ext_data[OQS_CPU_EXT_AVX512] = 1; - } - cpu_ext_data[OQS_CPU_EXT_VPCLMULQDQ] = is_bit_set(leaf_7.ecx, 10); - } -} -#elif defined(OQS_DIST_X86_BUILD) -static void set_available_cpu_extensions(void) { - /* mark that this function has been called */ - cpu_ext_data[OQS_CPU_EXT_INIT] = 1; -} -#elif defined(OQS_DIST_ARM64_V8_BUILD) -#if defined(__APPLE__) -#include <sys/sysctl.h> -static unsigned int macos_feature_detection(const char *feature_name) { - int p; - size_t p_len = sizeof(p); - int res = sysctlbyname(feature_name, &p, &p_len, NULL, 0); - if (res != 0) { - return 0; - } else { - return (p != 0) ? 1 : 0; - } -} -static void set_available_cpu_extensions(void) { - /* mark that this function has been called */ - cpu_ext_data[OQS_CPU_EXT_ARM_AES] = 1; - cpu_ext_data[OQS_CPU_EXT_ARM_SHA2] = 1; - cpu_ext_data[OQS_CPU_EXT_ARM_SHA3] = macos_feature_detection("hw.optional.armv8_2_sha3"); - cpu_ext_data[OQS_CPU_EXT_ARM_NEON] = macos_feature_detection("hw.optional.neon"); - cpu_ext_data[OQS_CPU_EXT_INIT] = 1; -} -#elif defined(__FreeBSD__) || defined(__FreeBSD) -#include <sys/auxv.h> -#include <machine/elf.h> - -static void set_available_cpu_extensions(void) { - /* mark that this function has been called */ - u_long hwcaps = 0; - cpu_ext_data[OQS_CPU_EXT_INIT] = 1; - if (elf_aux_info(AT_HWCAP, &hwcaps, sizeof(u_long))) { - fprintf(stderr, "Error getting HWCAP for ARM on FreeBSD\n"); - return; - } - if (hwcaps & HWCAP_AES) { - cpu_ext_data[OQS_CPU_EXT_ARM_AES] = 1; - } - if (hwcaps & HWCAP_ASIMD) { - cpu_ext_data[OQS_CPU_EXT_ARM_NEON] = 1; - } - if (hwcaps & HWCAP_SHA2) { - cpu_ext_data[OQS_CPU_EXT_ARM_SHA2] = 1; - } - if (hwcaps & HWCAP_SHA3) { - cpu_ext_data[OQS_CPU_EXT_ARM_SHA3] = 1; - } -} -#else -#include <sys/auxv.h> -#include <asm/hwcap.h> -static void set_available_cpu_extensions(void) { - /* mark that this function has been called */ - cpu_ext_data[OQS_CPU_EXT_INIT] = 1; - unsigned long int hwcaps = getauxval(AT_HWCAP); - if (hwcaps & HWCAP_AES) { - cpu_ext_data[OQS_CPU_EXT_ARM_AES] = 1; - } - if (hwcaps & HWCAP_SHA2) { - cpu_ext_data[OQS_CPU_EXT_ARM_SHA2] = 1; - } - if (hwcaps & HWCAP_SHA3) { - cpu_ext_data[OQS_CPU_EXT_ARM_SHA3] = 1; - } - if (hwcaps & HWCAP_ASIMD) { - cpu_ext_data[OQS_CPU_EXT_ARM_NEON] = 1; - } -} -#endif -#elif defined(OQS_DIST_ARM32v7_BUILD) -#include <sys/auxv.h> -#include <asm/hwcap.h> -static void set_available_cpu_extensions(void) { - /* mark that this function has been called */ - cpu_ext_data[OQS_CPU_EXT_INIT] = 1; - unsigned long int hwcaps = getauxval(AT_HWCAP); - unsigned long int hwcaps2 = getauxval(AT_HWCAP2); - if (hwcaps2 & HWCAP2_AES) { - cpu_ext_data[OQS_CPU_EXT_ARM_AES] = 1; - } - if (hwcaps2 & HWCAP2_SHA2) { - cpu_ext_data[OQS_CPU_EXT_ARM_SHA2] = 1; - } - if (hwcaps & HWCAP_NEON) { - cpu_ext_data[OQS_CPU_EXT_ARM_NEON] = 1; - } -} -#elif defined(OQS_DIST_PPC64LE_BUILD) -static void set_available_cpu_extensions(void) { - /* mark that this function has been called */ - cpu_ext_data[OQS_CPU_EXT_INIT] = 1; -} -#elif defined(OQS_DIST_S390X_BUILD) -static void set_available_cpu_extensions(void) { - /* mark that this function has been called */ - cpu_ext_data[OQS_CPU_EXT_INIT] = 1; -} -#elif defined(OQS_DIST_BUILD) -static void set_available_cpu_extensions(void) { -} -#endif - -OQS_API int OQS_CPU_has_extension(OQS_CPU_EXT ext) { -#if defined(OQS_DIST_BUILD) - if (0 == cpu_ext_data[OQS_CPU_EXT_INIT]) { - set_available_cpu_extensions(); - } - if (0 < ext && ext < OQS_CPU_EXT_COUNT) { - return (int)cpu_ext_data[ext]; - } -#else - (void)ext; -#endif - return 0; -} - -OQS_API void OQS_init(void) { -#if defined(OQS_DIST_BUILD) - OQS_CPU_has_extension(OQS_CPU_EXT_INIT); -#endif - return; -} - -OQS_API const char *OQS_version(void) { - return OQS_VERSION_TEXT; -} - -OQS_API int OQS_MEM_secure_bcmp(const void *a, const void *b, size_t len) { - /* Assume CHAR_BIT = 8 */ - uint8_t r = 0; - - for (size_t i = 0; i < len; i++) { - r |= ((const uint8_t *)a)[i] ^ ((const uint8_t *)b)[i]; - } - - // We have 0 <= r < 256, and unsigned int is at least 16 bits. - return 1 & ((-(unsigned int)r) >> 8); -} - -OQS_API void OQS_MEM_cleanse(void *ptr, size_t len) { -#if defined(_WIN32) - SecureZeroMemory(ptr, len); -#elif defined(OQS_HAVE_EXPLICIT_BZERO) - explicit_bzero(ptr, len); -#elif defined(__STDC_LIB_EXT1__) || defined(OQS_HAVE_MEMSET_S) - if (0U < len && memset_s(ptr, (rsize_t)len, 0, (rsize_t)len) != 0) { - abort(); - } -#else - typedef void *(*memset_t)(void *, int, size_t); - static volatile memset_t memset_func = memset; - memset_func(ptr, 0, len); -#endif -} - -OQS_API void OQS_MEM_secure_free(void *ptr, size_t len) { - if (ptr != NULL) { - OQS_MEM_cleanse(ptr, len); - free(ptr); // IGNORE free-check - } -} - -OQS_API void OQS_MEM_insecure_free(void *ptr) { - free(ptr); // IGNORE free-check -} - -void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) { -#if defined(OQS_HAVE_ALIGNED_ALLOC) // glibc and other implementations providing aligned_alloc - return aligned_alloc(alignment, size); -#else - // Check alignment (power of 2, and >= sizeof(void*)) and size (multiple of alignment) - if (alignment & (alignment - 1) || size & (alignment - 1) || alignment < sizeof(void *)) { - errno = EINVAL; - return NULL; - } - -#if defined(OQS_HAVE_POSIX_MEMALIGN) - void *ptr = NULL; - const int err = posix_memalign(&ptr, alignment, size); - if (err) { - errno = err; - ptr = NULL; - } - return ptr; -#elif defined(OQS_HAVE_MEMALIGN) - return memalign(alignment, size); -#elif defined(__MINGW32__) || defined(__MINGW64__) - return __mingw_aligned_malloc(size, alignment); -#elif defined(_MSC_VER) - return _aligned_malloc(size, alignment); -#else - if (!size) { - return NULL; - } - // Overallocate to be able to align the pointer (alignment -1) and to store - // the difference between the pointer returned to the user (ptr) and the - // pointer returned by malloc (buffer). The difference is caped to 255 and - // can be made larger if necessary, but this should be enough for all users - // in liboqs. - // - // buffer ptr - // ↓ ↓ - // ...........|................... - // | - // diff = ptr - buffer - const size_t offset = alignment - 1 + sizeof(uint8_t); - uint8_t *buffer = malloc(size + offset); - if (!buffer) { - return NULL; - } - - // Align the pointer returned to the user. - uint8_t *ptr = (uint8_t *)(((uintptr_t)(buffer) + offset) & ~(alignment - 1)); - ptrdiff_t diff = ptr - buffer; - if (diff > UINT8_MAX) { - // This should never happen in our code, but just to be safe - free(buffer); // IGNORE free-check - errno = EINVAL; - return NULL; - } - // Store the difference one byte ahead the returned poitner so that free - // can reconstruct buffer. - ptr[-1] = diff; - return ptr; -#endif -#endif -} - -void OQS_MEM_aligned_free(void *ptr) { -#if defined(OQS_HAVE_ALIGNED_ALLOC) || defined(OQS_HAVE_POSIX_MEMALIGN) || defined(OQS_HAVE_MEMALIGN) - free(ptr); // IGNORE free-check -#elif defined(__MINGW32__) || defined(__MINGW64__) - __mingw_aligned_free(ptr); -#elif defined(_MSC_VER) - _aligned_free(ptr); -#else - if (ptr) { - // Reconstruct the pointer returned from malloc using the difference - // stored one byte ahead of ptr. - uint8_t *u8ptr = ptr; - free(u8ptr - u8ptr[-1]); // IGNORE free-check - } -#endif -} diff --git a/lib/liboqs/src/common/common.gyp b/lib/liboqs/src/common/common.gyp deleted file mode 100644 index eda664cb0..000000000 --- a/lib/liboqs/src/common/common.gyp +++ /dev/null @@ -1,39 +0,0 @@ -# DO NOT EDIT: generated from subdir.gyp.template -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../../../coreconf/config.gypi' - ], - 'targets': [ - { - 'target_name': 'oqs_src_common', - 'type': 'static_library', - 'sources': [ - 'common.c', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } - ], - 'target_defaults': { - 'defines': [ - ], - 'include_dirs': [ - '<(DEPTH)/lib/liboqs/src/common/pqclean_shims', - '<(DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits', - ], - [ 'OS=="mac"', { - 'defines': [ - 'OQS_HAVE_POSIX_MEMALIGN', - 'OQS_HAVE_ALIGNED_ALLOC', - 'OQS_HAVE_MEMALIGN' - ] - }] - }, - 'variables': { - 'module': 'oqs' - } -} diff --git a/lib/liboqs/src/common/common.h b/lib/liboqs/src/common/common.h deleted file mode 100644 index a06064fea..000000000 --- a/lib/liboqs/src/common/common.h +++ /dev/null @@ -1,217 +0,0 @@ -/** - * \file common.h - * \brief Utility functions for use in liboqs. - * - * SPDX-License-Identifier: MIT - */ - - -#ifndef OQS_COMMON_H -#define OQS_COMMON_H - -#include <limits.h> -#include <stdint.h> -#include <stdlib.h> - -#include <oqs/oqsconfig.h> - -#if defined(__cplusplus) -extern "C" { -#endif - -/** - * Macro for terminating the program if x is - * a null pointer. - */ -#define OQS_EXIT_IF_NULLPTR(x) \ - do { \ - if ( (x) == (void*)0 ) \ - exit(EXIT_FAILURE); \ - } while (0) - -/** - * This macro is intended to replace those assert()s - * involving side-effecting statements in aes/aes_ossl.c. - * - * assert() becomes a no-op when -DNDEBUG is defined, - * which causes compilation failures when the statement - * being checked also results in side-effects. - * - * This is a temporary workaround until a better error - * handling strategy is developed. - */ -#define OQS_OPENSSL_GUARD(x) \ - do { \ - if( 1 != (x) ) { \ - exit(EXIT_FAILURE); \ - } \ - } while (0) - -/** - * Certain functions (such as OQS_randombytes_openssl in - * src/rand/rand.c) take in a size_t parameter, but can - * only handle values up to INT_MAX for those parameters. - * This macro is a temporary workaround for such functions. - */ -#define SIZE_T_TO_INT_OR_EXIT(size_t_var_name, int_var_name) \ - int int_var_name = 0; \ - if (size_t_var_name <= INT_MAX) { \ - int_var_name = (int)size_t_var_name; \ - } else { \ - exit(EXIT_FAILURE); \ - } - -/** - * Defines which functions should be exposed outside the LibOQS library - * - * By default the visibility of all the symbols is defined to "hidden" - * Only the library API should be marked as default - * - * Example: OQS_API return_value function_name(void); - */ -#if defined(_WIN32) -#define OQS_API __declspec(dllexport) -#else -#define OQS_API __attribute__((visibility("default"))) -#endif - -#if defined(OQS_SYS_UEFI) -#undef OQS_API -#define OQS_API -#endif - -/** - * Represents return values from functions. - * - * Callers should compare with the symbol rather than the individual value. - * For example, - * - * ret = OQS_KEM_encaps(...); - * if (ret == OQS_SUCCESS) { ... } - * - * rather than - * - * if (!OQS_KEM_encaps(...) { ... } - * - */ -typedef enum { - /** Used to indicate that some undefined error occurred. */ - OQS_ERROR = -1, - /** Used to indicate successful return from function. */ - OQS_SUCCESS = 0, - /** Used to indicate failures in external libraries (e.g., OpenSSL). */ - OQS_EXTERNAL_LIB_ERROR_OPENSSL = 50, -} OQS_STATUS; - -/** - * CPU runtime detection flags - */ -typedef enum { - OQS_CPU_EXT_INIT, /* Must be first */ - /* Start extension list */ - OQS_CPU_EXT_ADX, - OQS_CPU_EXT_AES, - OQS_CPU_EXT_AVX, - OQS_CPU_EXT_AVX2, - OQS_CPU_EXT_AVX512, - OQS_CPU_EXT_BMI1, - OQS_CPU_EXT_BMI2, - OQS_CPU_EXT_PCLMULQDQ, - OQS_CPU_EXT_VPCLMULQDQ, - OQS_CPU_EXT_POPCNT, - OQS_CPU_EXT_SSE, - OQS_CPU_EXT_SSE2, - OQS_CPU_EXT_SSE3, - OQS_CPU_EXT_ARM_AES, - OQS_CPU_EXT_ARM_SHA2, - OQS_CPU_EXT_ARM_SHA3, - OQS_CPU_EXT_ARM_NEON, - /* End extension list */ - OQS_CPU_EXT_COUNT, /* Must be last */ -} OQS_CPU_EXT; - -/** - * Checks if the CPU supports a given extension - * - * \return 1 if the given CPU extension is available, 0 otherwise. - */ -OQS_API int OQS_CPU_has_extension(OQS_CPU_EXT ext); - -/** - * This currently only sets the values in the OQS_CPU_EXTENSIONS, - * and so has effect only when OQS_DIST_BUILD is set. - */ -OQS_API void OQS_init(void); - -/** - * Return library version string. - */ -OQS_API const char *OQS_version(void); - -/** - * Constant time comparison of byte sequences `a` and `b` of length `len`. - * Returns 0 if the byte sequences are equal or if `len`=0. - * Returns 1 otherwise. - * - * @param[in] a A byte sequence of length at least `len`. - * @param[in] b A byte sequence of length at least `len`. - * @param[in] len The number of bytes to compare. - */ -OQS_API int OQS_MEM_secure_bcmp(const void *a, const void *b, size_t len); - -/** - * Zeros out `len` bytes of memory starting at `ptr`. - * - * Designed to be protected against optimizing compilers which try to remove - * "unnecessary" operations. Should be used for all buffers containing secret - * data. - * - * @param[in] ptr The start of the memory to zero out. - * @param[in] len The number of bytes to zero out. - */ -OQS_API void OQS_MEM_cleanse(void *ptr, size_t len); - -/** - * Zeros out `len` bytes of memory starting at `ptr`, then frees `ptr`. - * - * Can be called with `ptr = NULL`, in which case no operation is performed. - * - * Designed to be protected against optimizing compilers which try to remove - * "unnecessary" operations. Should be used for all buffers containing secret - * data. - * - * @param[in] ptr The start of the memory to zero out and free. - * @param[in] len The number of bytes to zero out. - */ -OQS_API void OQS_MEM_secure_free(void *ptr, size_t len); - -/** - * Frees `ptr`. - * - * Can be called with `ptr = NULL`, in which case no operation is performed. - * - * Should only be used on non-secret data. - * - * @param[in] ptr The start of the memory to free. - */ -OQS_API void OQS_MEM_insecure_free(void *ptr); - -/** - * Internal implementation of C11 aligned_alloc to work around compiler quirks. - * - * Allocates size bytes of uninitialized memory with a base pointer that is - * a multiple of alignment. Alignment must be a power of two and a multiple - * of sizeof(void *). Size must be a multiple of alignment. - */ -void *OQS_MEM_aligned_alloc(size_t alignment, size_t size); - -/** - * Free memory allocated with OQS_MEM_aligned_alloc. - */ -void OQS_MEM_aligned_free(void *ptr); - -#if defined(__cplusplus) -} // extern "C" -#endif - -#endif // OQS_COMMON_H diff --git a/lib/liboqs/src/common/config.mk b/lib/liboqs/src/common/config.mk deleted file mode 100644 index b28c9ce64..000000000 --- a/lib/liboqs/src/common/config.mk +++ /dev/null @@ -1,17 +0,0 @@ -# DO NOT EDIT: generated from config.mk.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# add fixes for platform integration issues here. -# -# liboqs programs expect the public include files to be in oqs/xxxx, -# So we put liboqs in it's own module, oqs, and point to the dist files -INCLUDES += -I$(CORE_DEPTH)/lib/liboqs/src/common/pqclean_shims -I$(CORE_DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits -DEFINES += - -ifeq ($(OS_ARCH), Darwin) -DEFINES += -DOQS_HAVE_ALIGNED_ALLOC -DOQS_HAVE_MEMALIGN -DOQS_HAVE_POSIX_MEMALIGN -endif - diff --git a/lib/liboqs/src/common/manifest.mn b/lib/liboqs/src/common/manifest.mn deleted file mode 100644 index 73149e114..000000000 --- a/lib/liboqs/src/common/manifest.mn +++ /dev/null @@ -1,23 +0,0 @@ -# DO NOT EDIT: generated from manifest.mn.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../../.. - -MODULE = oqs - -LIBRARY_NAME = oqs_src_common -SHARED_LIBRARY = $(NULL) - -CSRCS = \ - common.c \ - $(NULL) - -# only add module debugging in opt builds if DEBUG_PKCS11 is set -ifdef DEBUG_PKCS11 - DEFINES += -DDEBUG_MODULE -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/src/common/pqclean_shims/Makefile b/lib/liboqs/src/common/pqclean_shims/Makefile deleted file mode 100644 index fe090f3ff..000000000 --- a/lib/liboqs/src/common/pqclean_shims/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -USE_GCOV = -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -WARNING_CFLAGS = $(NULL) - diff --git a/lib/liboqs/src/common/pqclean_shims/aes.h b/lib/liboqs/src/common/pqclean_shims/aes.h deleted file mode 100644 index 58ae1e67c..000000000 --- a/lib/liboqs/src/common/pqclean_shims/aes.h +++ /dev/null @@ -1,46 +0,0 @@ -// SPDX-License-Identifier: MIT - -#ifndef AES_H -#define AES_H - -#include <stdint.h> -#include <stdlib.h> - -#include <oqs/aes.h> - -#define AES256_KEYBYTES 32 -#define AESCTR_NONCEBYTES 12 -#define AES_BLOCKBYTES 16 - -typedef void *aes256ctx; - -#define aes256_ecb_keyexp(r, key) OQS_AES256_ECB_load_schedule((key), (r)) -#define aes256_ecb(out, in, nblocks, ctx) OQS_AES256_ECB_enc_sch((in), (nblocks) * AES_BLOCKBYTES, *(ctx), (out)) -#define aes256_ctr_keyexp(r, key) OQS_AES256_CTR_inc_init((key), (r)) -#define aes256_ctr(out, outlen, iv, ctx) OQS_AES256_CTR_inc_stream_iv((iv), AESCTR_NONCEBYTES, *(ctx), (out), (outlen)) -#define aes256_ctx_release(ctx) OQS_AES256_free_schedule(*(ctx)) - -#define aes256ctr_squeezeblocks(out, outlen, state) OQS_AES256_CTR_inc_stream_blks(*state, out, 4*outlen) -#define aes256ctr_squeezeblocks_u64(out, outlen, iv, ctx) OQS_AES256_CTR_inc_stream_ivu64_blks((iv), *(ctx), (out), (4*outlen)) -#define aes256ctr_init_key(state, key) OQS_AES256_CTR_inc_init(key, state) -#define aes256ctr_init_iv(state, nonce) OQS_AES256_CTR_inc_iv(nonce, 12, *state) -#define aes256ctr_init_iv_u64(state, nonce) OQS_AES256_CTR_inc_ivu64(nonce, *state) - -static inline void aes256ctr_init(void **_schedule, const uint8_t *key, const uint8_t *nonce) { - OQS_AES256_CTR_inc_init(key, _schedule); - OQS_AES256_CTR_inc_iv(nonce, 12, *_schedule); -} - -static inline void aes256ctr_init_u64(void **_schedule, const uint8_t *key, uint64_t nonce) { - OQS_AES256_CTR_inc_init(key, _schedule); - OQS_AES256_CTR_inc_ivu64(nonce, *_schedule); -} - -static inline void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t key[32], uint8_t nonce[12]) { - aes256ctx state; - OQS_AES256_CTR_inc_init(key, &state); - OQS_AES256_CTR_inc_stream_iv(nonce, 12, state, out, outlen); - OQS_AES256_free_schedule(state); -} - -#endif diff --git a/lib/liboqs/src/common/pqclean_shims/aes256ctr.h b/lib/liboqs/src/common/pqclean_shims/aes256ctr.h deleted file mode 100644 index eeb603789..000000000 --- a/lib/liboqs/src/common/pqclean_shims/aes256ctr.h +++ /dev/null @@ -1,12 +0,0 @@ -// SPDX-License-Identifier: MIT - -#ifndef AES256CTR_H -#define AES256CTR_H - -#include "aes.h" - -typedef aes256ctx aes256ctr_ctx; - -#define AES256CTR_BLOCKBYTES 64 - -#endif diff --git a/lib/liboqs/src/common/pqclean_shims/compat.h b/lib/liboqs/src/common/pqclean_shims/compat.h deleted file mode 100644 index d495f5a51..000000000 --- a/lib/liboqs/src/common/pqclean_shims/compat.h +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef OQS_COMMON_COMPAT_H -#define OQS_COMMON_COMPAT_H - -/* This file serves to solve compatibility issues between different - * versions of compilers. - * - * This file is allowed to use #ifdefs and toggle things by compiler versions. - * - * SPDX-License-Identifier: MIT - * - */ - - -// From https://github.com/gcc-mirror/gcc/blob/af73a8b2027d9ab64944d7dbbb48e207d7790ce6/gcc/config/i386/avxintrin.h#L62-L71 -/* Unaligned versions of the vector types */ -#define UNALIGNED_VECTOR_POLYFILL_GCC \ - typedef float __m256_u __attribute__ ((__vector_size__ (32), __may_alias__, __aligned__ (1))); \ - typedef double __m256d_u __attribute__ ((__vector_size__ (32), __may_alias__, __aligned__ (1))); \ - typedef long long __m256i_u __attribute__ ((__vector_size__ (32), __may_alias__, __aligned__ (1))); - - - -#if defined(__GNUC__) && !defined(__clang__) - -#if ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((7) << 16) + (1)) // at least GCC 7.1 -/* Versions of the GCC pre-7.1 don't have __m256*_u types */ -UNALIGNED_VECTOR_POLYFILL_GCC -# endif // GCC >= 7.1 - -#elif defined(__GNUC__) && defined(__clang__) - -# if __clang__major__ < 9 -/* Versions of Clang pre-9.0 don't have __m256*_u types */ -UNALIGNED_VECTOR_POLYFILL_GCC -# endif - -#else -// Neither MSVC nor other compilers seem to have these types -#define __m256_u __m256 -#define __m256d_u __m256d -#define __m256i_u __m256i - -#endif // compiler selector - - - -#endif // OQS_COMMON_COMPAT_H diff --git a/lib/liboqs/src/common/pqclean_shims/config.mk b/lib/liboqs/src/common/pqclean_shims/config.mk deleted file mode 100644 index b28c9ce64..000000000 --- a/lib/liboqs/src/common/pqclean_shims/config.mk +++ /dev/null @@ -1,17 +0,0 @@ -# DO NOT EDIT: generated from config.mk.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# add fixes for platform integration issues here. -# -# liboqs programs expect the public include files to be in oqs/xxxx, -# So we put liboqs in it's own module, oqs, and point to the dist files -INCLUDES += -I$(CORE_DEPTH)/lib/liboqs/src/common/pqclean_shims -I$(CORE_DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits -DEFINES += - -ifeq ($(OS_ARCH), Darwin) -DEFINES += -DOQS_HAVE_ALIGNED_ALLOC -DOQS_HAVE_MEMALIGN -DOQS_HAVE_POSIX_MEMALIGN -endif - diff --git a/lib/liboqs/src/common/pqclean_shims/fips202.c b/lib/liboqs/src/common/pqclean_shims/fips202.c deleted file mode 100644 index caf0fe659..000000000 --- a/lib/liboqs/src/common/pqclean_shims/fips202.c +++ /dev/null @@ -1,15 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include "fips202.h" - -void shake128_absorb_once(shake128incctx *state, const uint8_t *in, size_t inlen) { - shake128_inc_ctx_reset(state); - shake128_inc_absorb(state, in, inlen); - shake128_inc_finalize(state); -} - -void shake256_absorb_once(shake256incctx *state, const uint8_t *in, size_t inlen) { - shake256_inc_ctx_reset(state); - shake256_inc_absorb(state, in, inlen); - shake256_inc_finalize(state); -} diff --git a/lib/liboqs/src/common/pqclean_shims/fips202.h b/lib/liboqs/src/common/pqclean_shims/fips202.h deleted file mode 100644 index 94d09ee0f..000000000 --- a/lib/liboqs/src/common/pqclean_shims/fips202.h +++ /dev/null @@ -1,68 +0,0 @@ -// SPDX-License-Identifier: MIT - -#ifndef FIPS202_H -#define FIPS202_H - -#include <oqs/sha3.h> - -#define SHAKE128_RATE OQS_SHA3_SHAKE128_RATE -#define shake128 OQS_SHA3_shake128 - -#define SHAKE256_RATE OQS_SHA3_SHAKE256_RATE -#define shake256 OQS_SHA3_shake256 - -#define SHA3_256_RATE OQS_SHA3_SHA3_256_RATE -#define sha3_256 OQS_SHA3_sha3_256 -#define sha3_256_inc_init OQS_SHA3_sha3_256_inc_init -#define sha3_256_inc_absorb OQS_SHA3_sha3_256_inc_absorb -#define sha3_256_inc_finalize OQS_SHA3_sha3_256_inc_finalize -#define sha3_256_inc_ctx_clone OQS_SHA3_sha3_256_inc_ctx_clone -#define sha3_256_inc_ctx_release OQS_SHA3_sha3_256_inc_ctx_release - -#define SHA3_384_RATE OQS_SHA3_SHA3_384_RATE -#define sha3_384 OQS_SHA3_sha3_384 -#define sha3_384_inc_init OQS_SHA3_sha3_384_inc_init -#define sha3_384_inc_absorb OQS_SHA3_sha3_384_inc_absorb -#define sha3_384_inc_finalize OQS_SHA3_sha3_384_inc_finalize -#define sha3_384_inc_ctx_clone OQS_SHA3_sha3_384_inc_ctx_clone -#define sha3_384_inc_ctx_release OQS_SHA3_sha3_384_inc_ctx_release - -#define SHA3_512_RATE OQS_SHA3_SHA3_512_RATE -#define sha3_512 OQS_SHA3_sha3_512 -#define sha3_512_inc_init OQS_SHA3_sha3_512_inc_init -#define sha3_512_inc_absorb OQS_SHA3_sha3_512_inc_absorb -#define sha3_512_inc_finalize OQS_SHA3_sha3_512_inc_finalize -#define sha3_512_inc_ctx_clone OQS_SHA3_sha3_512_inc_ctx_clone -#define sha3_512_inc_ctx_release OQS_SHA3_sha3_512_inc_ctx_release - -#define shake128incctx OQS_SHA3_shake128_inc_ctx -#define shake128_inc_init OQS_SHA3_shake128_inc_init -#define shake128_inc_absorb OQS_SHA3_shake128_inc_absorb -#define shake128_inc_finalize OQS_SHA3_shake128_inc_finalize -#define shake128_inc_squeeze OQS_SHA3_shake128_inc_squeeze -#define shake128_inc_ctx_release OQS_SHA3_shake128_inc_ctx_release -#define shake128_inc_ctx_clone OQS_SHA3_shake128_inc_ctx_clone -#define shake128_inc_ctx_reset OQS_SHA3_shake128_inc_ctx_reset - -#define shake256incctx OQS_SHA3_shake256_inc_ctx -#define shake256_inc_init OQS_SHA3_shake256_inc_init -#define shake256_inc_absorb OQS_SHA3_shake256_inc_absorb -#define shake256_inc_finalize OQS_SHA3_shake256_inc_finalize -#define shake256_inc_squeeze OQS_SHA3_shake256_inc_squeeze -#define shake256_inc_ctx_release OQS_SHA3_shake256_inc_ctx_release -#define shake256_inc_ctx_clone OQS_SHA3_shake256_inc_ctx_clone -#define shake256_inc_ctx_reset OQS_SHA3_shake256_inc_ctx_reset - -#define shake128_absorb_once OQS_SHA3_shake128_absorb_once -void OQS_SHA3_shake128_absorb_once(shake128incctx *state, const uint8_t *in, size_t inlen); - -#define shake256_absorb_once OQS_SHA3_shake256_absorb_once -void OQS_SHA3_shake256_absorb_once(shake256incctx *state, const uint8_t *in, size_t inlen); - -#define shake128_squeezeblocks(OUT, NBLOCKS, STATE) \ - OQS_SHA3_shake128_inc_squeeze(OUT, (NBLOCKS)*OQS_SHA3_SHAKE128_RATE, STATE) - -#define shake256_squeezeblocks(OUT, NBLOCKS, STATE) \ - OQS_SHA3_shake256_inc_squeeze(OUT, (NBLOCKS)*OQS_SHA3_SHAKE256_RATE, STATE) - -#endif diff --git a/lib/liboqs/src/common/pqclean_shims/fips202x4.c b/lib/liboqs/src/common/pqclean_shims/fips202x4.c deleted file mode 100644 index 03756167d..000000000 --- a/lib/liboqs/src/common/pqclean_shims/fips202x4.c +++ /dev/null @@ -1,15 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include "fips202x4.h" - -void shake128x4_absorb_once(shake128x4incctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { - shake128x4_inc_ctx_reset(state); - shake128x4_inc_absorb(state, in0, in1, in2, in3, inlen); - shake128x4_inc_finalize(state); -} - -void shake256x4_absorb_once(shake256x4incctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { - shake256x4_inc_ctx_reset(state); - shake256x4_inc_absorb(state, in0, in1, in2, in3, inlen); - shake256x4_inc_finalize(state); -} diff --git a/lib/liboqs/src/common/pqclean_shims/fips202x4.h b/lib/liboqs/src/common/pqclean_shims/fips202x4.h deleted file mode 100644 index d01cdebca..000000000 --- a/lib/liboqs/src/common/pqclean_shims/fips202x4.h +++ /dev/null @@ -1,51 +0,0 @@ -// SPDX-License-Identifier: MIT - -#ifndef FIPS202X4_H -#define FIPS202X4_H - -#include <oqs/sha3x4.h> - -#define shake128x4incctx OQS_SHA3_shake128_x4_inc_ctx -#define shake128x4_inc_init OQS_SHA3_shake128_x4_inc_init -#define shake128x4_inc_absorb OQS_SHA3_shake128_x4_inc_absorb -#define shake128x4_inc_finalize OQS_SHA3_shake128_x4_inc_finalize -#define shake128x4_inc_squeeze OQS_SHA3_shake128_x4_inc_squeeze -#define shake128x4_inc_ctx_release OQS_SHA3_shake128_x4_inc_ctx_release -#define shake128x4_inc_ctx_clone OQS_SHA3_shake128_x4_inc_ctx_clone -#define shake128x4_inc_ctx_reset OQS_SHA3_shake128_x4_inc_ctx_reset - -#define shake256x4incctx OQS_SHA3_shake256_x4_inc_ctx -#define shake256x4_inc_init OQS_SHA3_shake256_x4_inc_init -#define shake256x4_inc_absorb OQS_SHA3_shake256_x4_inc_absorb -#define shake256x4_inc_finalize OQS_SHA3_shake256_x4_inc_finalize -#define shake256x4_inc_squeeze OQS_SHA3_shake256_x4_inc_squeeze -#define shake256x4_inc_ctx_release OQS_SHA3_shake256_x4_inc_ctx_release -#define shake256x4_inc_ctx_clone OQS_SHA3_shake256_x4_inc_ctx_clone -#define shake256x4_inc_ctx_reset OQS_SHA3_shake256_x4_inc_ctx_reset - -#define PQCLEAN_SPHINCSSHAKE256128FROBUST_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256128FSIMPLE_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256128SROBUST_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256128SSIMPLE_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256192FROBUST_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256192FSIMPLE_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256192SROBUST_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256192SSIMPLE_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256256FROBUST_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256256FSIMPLE_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256256SROBUST_AVX2_shake256x4 OQS_SHA3_shake256_x4 -#define PQCLEAN_SPHINCSSHAKE256256SSIMPLE_AVX2_shake256x4 OQS_SHA3_shake256_x4 - -#define shake128x4_absorb_once OQS_SHA3_shake128_x4_absorb_once -void OQS_SHA3_shake128_x4_absorb_once(shake128x4incctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen); - -#define shake256x4_absorb_once OQS_SHA3_shake256_x4_absorb_once -void OQS_SHA3_shake256_x4_absorb_once(shake256x4incctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen); - -#define shake128x4_squeezeblocks(OUT0, OUT1, OUT2, OUT3, NBLOCKS, STATE) \ - OQS_SHA3_shake128_x4_inc_squeeze(OUT0, OUT1, OUT2, OUT3, (NBLOCKS)*OQS_SHA3_SHAKE128_RATE, STATE) - -#define shake256x4_squeezeblocks(OUT0, OUT1, OUT2, OUT3, NBLOCKS, STATE) \ - OQS_SHA3_shake256_x4_inc_squeeze(OUT0, OUT1, OUT2, OUT3, (NBLOCKS)*OQS_SHA3_SHAKE256_RATE, STATE) - -#endif diff --git a/lib/liboqs/src/common/pqclean_shims/manifest.mn b/lib/liboqs/src/common/pqclean_shims/manifest.mn deleted file mode 100644 index 12a037e0b..000000000 --- a/lib/liboqs/src/common/pqclean_shims/manifest.mn +++ /dev/null @@ -1,25 +0,0 @@ -# DO NOT EDIT: generated from manifest.mn.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../../../.. - -MODULE = oqs - -LIBRARY_NAME = oqs_src_common_pqclean_shims -SHARED_LIBRARY = $(NULL) - -CSRCS = \ - nistseedexpander.c \ - fips202.c \ - fips202x4.c \ - $(NULL) - -# only add module debugging in opt builds if DEBUG_PKCS11 is set -ifdef DEBUG_PKCS11 - DEFINES += -DDEBUG_MODULE -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/src/common/pqclean_shims/nistseedexpander.c b/lib/liboqs/src/common/pqclean_shims/nistseedexpander.c deleted file mode 100644 index 839b8be52..000000000 --- a/lib/liboqs/src/common/pqclean_shims/nistseedexpander.c +++ /dev/null @@ -1,109 +0,0 @@ -// -// rng.c -// -// Created by Bassham, Lawrence E (Fed) on 8/29/17. -// Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved. -/* -NIST-developed software is provided by NIST as a public service. You may use, copy, and distribute copies of the software in any medium, provided that you keep intact this entire notice. You may improve, modify, and create derivative works of the software or any portion of the software, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the software and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the software. - -NIST-developed software is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT, OR ARISING BY OPERATION OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND DATA ACCURACY. NIST NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY, RELIABILITY, OR USEFULNESS OF THE SOFTWARE. - -You are solely responsible for determining the appropriateness of using and distributing the software and you assume all risks associated with its use, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and the unavailability or interruption of operation. This software is not intended to be used in any situation where a failure could cause risk of injury or damage to property. The software developed by NIST employees is not subject to copyright protection within the United States. -*/ -// SPDX-License-Identifier: Unknown -// Modified for PQClean by Sebastian Verschoor -// - -#include "nistseedexpander.h" -#include "aes.h" -#include <string.h> - -/* - seedexpander_init() - ctx - stores the current state of an instance of the seed expander - seed - a 32 byte random value - diversifier - an 8 byte diversifier - maxlen - maximum number of bytes (less than 2**32) generated under this seed and diversifier - */ -int -seedexpander_init(AES_XOF_struct *ctx, - const uint8_t *seed, - const uint8_t *diversifier, - size_t maxlen) { - ctx->length_remaining = maxlen; - - memcpy(ctx->key, seed, 32); - memcpy(ctx->ctr, diversifier, 8); - - ctx->ctr[11] = (uint8_t) (maxlen % 256); - maxlen >>= 8; - ctx->ctr[10] = (uint8_t) (maxlen % 256); - maxlen >>= 8; - ctx->ctr[9] = (uint8_t) (maxlen % 256); - maxlen >>= 8; - ctx->ctr[8] = (uint8_t) (maxlen % 256); - memset(ctx->ctr + 12, 0x00, 4); - - ctx->buffer_pos = 16; - memset(ctx->buffer, 0x00, 16); - - return RNG_SUCCESS; -} - -static void AES256_ECB(uint8_t *key, uint8_t *ctr, uint8_t *buffer) { - aes256ctx ctx; - aes256_ecb_keyexp(&ctx, key); - aes256_ecb(buffer, ctr, 1, &ctx); - aes256_ctx_release(&ctx); -} - -/* - seedexpander() - ctx - stores the current state of an instance of the seed expander - x - returns the XOF data - xlen - number of bytes to return - */ -int -seedexpander(AES_XOF_struct *ctx, uint8_t *x, size_t xlen) { - size_t offset; - - if ( x == NULL ) { - return RNG_BAD_OUTBUF; - } - if ( xlen >= ctx->length_remaining ) { - return RNG_BAD_REQ_LEN; - } - - ctx->length_remaining -= xlen; - - offset = 0; - while ( xlen > 0 ) { - if ( xlen <= (16 - ctx->buffer_pos) ) { // buffer has what we need - memcpy(x + offset, ctx->buffer + ctx->buffer_pos, xlen); - ctx->buffer_pos += xlen; - - return RNG_SUCCESS; - } - - // take what's in the buffer - memcpy(x + offset, ctx->buffer + ctx->buffer_pos, 16 - ctx->buffer_pos); - xlen -= 16 - ctx->buffer_pos; - offset += 16 - ctx->buffer_pos; - - AES256_ECB(ctx->key, ctx->ctr, ctx->buffer); - ctx->buffer_pos = 0; - - //increment the counter - for (size_t i = 15; i >= 12; i--) { - if ( ctx->ctr[i] == 0xff ) { - ctx->ctr[i] = 0x00; - } else { - ctx->ctr[i]++; - break; - } - } - - } - - return RNG_SUCCESS; -} diff --git a/lib/liboqs/src/common/pqclean_shims/nistseedexpander.h b/lib/liboqs/src/common/pqclean_shims/nistseedexpander.h deleted file mode 100644 index 320902ba0..000000000 --- a/lib/liboqs/src/common/pqclean_shims/nistseedexpander.h +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef NISTSEEDEXPANDER_H -#define NISTSEEDEXPANDER_H - -// -// rng.h -// -// Created by Bassham, Lawrence E (Fed) on 8/29/17. -// Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved. -/* -NIST-developed software is provided by NIST as a public service. You may use, copy, and distribute copies of the software in any medium, provided that you keep intact this entire notice. You may improve, modify, and create derivative works of the software or any portion of the software, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the software and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the software. - -NIST-developed software is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT, OR ARISING BY OPERATION OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND DATA ACCURACY. NIST NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY, RELIABILITY, OR USEFULNESS OF THE SOFTWARE. - -You are solely responsible for determining the appropriateness of using and distributing the software and you assume all risks associated with its use, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and the unavailability or interruption of operation. This software is not intended to be used in any situation where a failure could cause risk of injury or damage to property. The software developed by NIST employees is not subject to copyright protection within the United States. -*/ -// SPDX-License-Identifier: Unknown -// Modified for PQClean by Sebastian Verschoor -// - -#include <stddef.h> -#include <stdint.h> - -#define NISTSEEDEXPANDER_SEED_LEN 32 - -#define RNG_SUCCESS ( 0) -#define RNG_BAD_MAXLEN (-1) -#define RNG_BAD_OUTBUF (-2) -#define RNG_BAD_REQ_LEN (-3) - -typedef struct { - uint8_t buffer[16]; - size_t buffer_pos; - size_t length_remaining; - uint8_t key[NISTSEEDEXPANDER_SEED_LEN]; - uint8_t ctr[16]; -} AES_XOF_struct; - -int -seedexpander_init(AES_XOF_struct *ctx, - const uint8_t *seed, - const uint8_t *diversifier, - size_t maxlen); - -int -seedexpander(AES_XOF_struct *ctx, uint8_t *x, size_t xlen); - -#endif /* NISTSEEDEXPANDER_H */ diff --git a/lib/liboqs/src/common/pqclean_shims/pqclean_shims.gyp b/lib/liboqs/src/common/pqclean_shims/pqclean_shims.gyp deleted file mode 100644 index ae5902fa4..000000000 --- a/lib/liboqs/src/common/pqclean_shims/pqclean_shims.gyp +++ /dev/null @@ -1,41 +0,0 @@ -# DO NOT EDIT: generated from subdir.gyp.template -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../../../../coreconf/config.gypi' - ], - 'targets': [ - { - 'target_name': 'oqs_src_common_pqclean_shims', - 'type': 'static_library', - 'sources': [ - 'nistseedexpander.c', - 'fips202.c', - 'fips202x4.c', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } - ], - 'target_defaults': { - 'defines': [ - ], - 'include_dirs': [ - '<(DEPTH)/lib/liboqs/src/common/pqclean_shims', - '<(DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits', - ], - [ 'OS=="mac"', { - 'defines': [ - 'OQS_HAVE_POSIX_MEMALIGN', - 'OQS_HAVE_ALIGNED_ALLOC', - 'OQS_HAVE_MEMALIGN' - ] - }] - }, - 'variables': { - 'module': 'oqs' - } -} diff --git a/lib/liboqs/src/common/pqclean_shims/randombytes.h b/lib/liboqs/src/common/pqclean_shims/randombytes.h deleted file mode 100644 index 0a7a5f18f..000000000 --- a/lib/liboqs/src/common/pqclean_shims/randombytes.h +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-License-Identifier: MIT - -#ifndef RANDOMBYTES_H -#define RANDOMBYTES_H - -#include <oqs/rand.h> - -#define randombytes OQS_randombytes - -#endif diff --git a/lib/liboqs/src/common/pqclean_shims/sha2.h b/lib/liboqs/src/common/pqclean_shims/sha2.h deleted file mode 100644 index 625439f45..000000000 --- a/lib/liboqs/src/common/pqclean_shims/sha2.h +++ /dev/null @@ -1,33 +0,0 @@ -// SPDX-License-Identifier: MIT - -#ifndef SHA2_H -#define SHA2_H - -#include <oqs/sha2.h> - -#define sha256 OQS_SHA2_sha256 -#define sha384 OQS_SHA2_sha384 -#define sha512 OQS_SHA2_sha512 - -#define sha256ctx OQS_SHA2_sha256_ctx -#define sha256_inc_init OQS_SHA2_sha256_inc_init -#define sha256_inc_ctx_clone OQS_SHA2_sha256_inc_ctx_clone -#define sha256_inc_ctx_release OQS_SHA2_sha256_inc_ctx_release -#define sha256_inc_blocks OQS_SHA2_sha256_inc_blocks -#define sha256_inc_finalize OQS_SHA2_sha256_inc_finalize - -#define sha384ctx OQS_SHA2_sha384_ctx -#define sha384_inc_init OQS_SHA2_sha384_inc_init -#define sha384_inc_ctx_clone OQS_SHA2_sha384_inc_ctx_clone -#define sha384_inc_ctx_release OQS_SHA2_sha384_inc_ctx_release -#define sha384_inc_blocks OQS_SHA2_sha384_inc_blocks -#define sha384_inc_finalize OQS_SHA2_sha384_inc_finalize - -#define sha512ctx OQS_SHA2_sha512_ctx -#define sha512_inc_init OQS_SHA2_sha512_inc_init -#define sha512_inc_ctx_clone OQS_SHA2_sha512_inc_ctx_clone -#define sha512_inc_ctx_release OQS_SHA2_sha512_inc_ctx_release -#define sha512_inc_blocks OQS_SHA2_sha512_inc_blocks -#define sha512_inc_finalize OQS_SHA2_sha512_inc_finalize - -#endif diff --git a/lib/liboqs/src/common/rand/Makefile b/lib/liboqs/src/common/rand/Makefile deleted file mode 100644 index fe090f3ff..000000000 --- a/lib/liboqs/src/common/rand/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -USE_GCOV = -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -WARNING_CFLAGS = $(NULL) - diff --git a/lib/liboqs/src/common/rand/config.mk b/lib/liboqs/src/common/rand/config.mk deleted file mode 100644 index b28c9ce64..000000000 --- a/lib/liboqs/src/common/rand/config.mk +++ /dev/null @@ -1,17 +0,0 @@ -# DO NOT EDIT: generated from config.mk.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# add fixes for platform integration issues here. -# -# liboqs programs expect the public include files to be in oqs/xxxx, -# So we put liboqs in it's own module, oqs, and point to the dist files -INCLUDES += -I$(CORE_DEPTH)/lib/liboqs/src/common/pqclean_shims -I$(CORE_DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits -DEFINES += - -ifeq ($(OS_ARCH), Darwin) -DEFINES += -DOQS_HAVE_ALIGNED_ALLOC -DOQS_HAVE_MEMALIGN -DOQS_HAVE_POSIX_MEMALIGN -endif - diff --git a/lib/liboqs/src/common/rand/manifest.mn b/lib/liboqs/src/common/rand/manifest.mn deleted file mode 100644 index 227c76619..000000000 --- a/lib/liboqs/src/common/rand/manifest.mn +++ /dev/null @@ -1,24 +0,0 @@ -# DO NOT EDIT: generated from manifest.mn.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../../../.. - -MODULE = oqs - -LIBRARY_NAME = oqs_src_common_rand -SHARED_LIBRARY = $(NULL) - -CSRCS = \ - rand.c \ - rand_nist.c \ - $(NULL) - -# only add module debugging in opt builds if DEBUG_PKCS11 is set -ifdef DEBUG_PKCS11 - DEFINES += -DDEBUG_MODULE -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/src/common/rand/rand.c b/lib/liboqs/src/common/rand/rand.c deleted file mode 100644 index cb7404a4e..000000000 --- a/lib/liboqs/src/common/rand/rand.c +++ /dev/null @@ -1,142 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include <stdio.h> -#if defined(_WIN32) -#include <windows.h> -#include <wincrypt.h> -#define strcasecmp _stricmp -#else -#include <unistd.h> -#include <strings.h> -#if defined(__APPLE__) -#include <TargetConditionals.h> -#if TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR -#include <Security/SecRandom.h> -#else -#include <sys/random.h> -#endif -#else -#include <unistd.h> -#endif -#endif -#include <fcntl.h> -#include <stdlib.h> - -#include <oqs/oqs.h> - -void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read); -void OQS_randombytes_nist_kat(uint8_t *random_array, size_t bytes_to_read); -#ifdef OQS_USE_OPENSSL -void OQS_randombytes_openssl(uint8_t *random_array, size_t bytes_to_read); -#endif - -#ifdef OQS_USE_OPENSSL -#include <openssl/rand.h> -// Use OpenSSL's RAND_bytes as the default PRNG -static void (*oqs_randombytes_algorithm)(uint8_t *, size_t) = &OQS_randombytes_openssl; -#else -static void (*oqs_randombytes_algorithm)(uint8_t *, size_t) = &OQS_randombytes_system; -#endif -OQS_API OQS_STATUS OQS_randombytes_switch_algorithm(const char *algorithm) { - if (0 == strcasecmp(OQS_RAND_alg_system, algorithm)) { - oqs_randombytes_algorithm = &OQS_randombytes_system; - return OQS_SUCCESS; - } else if (0 == strcasecmp(OQS_RAND_alg_nist_kat, algorithm)) { - oqs_randombytes_algorithm = &OQS_randombytes_nist_kat; - return OQS_SUCCESS; - } else if (0 == strcasecmp(OQS_RAND_alg_openssl, algorithm)) { -#ifdef OQS_USE_OPENSSL - oqs_randombytes_algorithm = &OQS_randombytes_openssl; - return OQS_SUCCESS; -#else - return OQS_ERROR; -#endif - } else { - return OQS_ERROR; - } -} - -OQS_API void OQS_randombytes_custom_algorithm(void (*algorithm_ptr)(uint8_t *, size_t)) { - oqs_randombytes_algorithm = algorithm_ptr; -} - -OQS_API void OQS_randombytes(uint8_t *random_array, size_t bytes_to_read) { - oqs_randombytes_algorithm(random_array, bytes_to_read); -} - -#if !defined(_WIN32) -#if defined(OQS_HAVE_GETENTROPY) -void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) { - while (bytes_to_read > 256) { - if (getentropy(random_array, 256)) { - exit(EXIT_FAILURE); - } - random_array += 256; - bytes_to_read -= 256; - } - if (getentropy(random_array, bytes_to_read)) { - exit(EXIT_FAILURE); - } -} -#else -#if defined(__APPLE__) && (TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR) -void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) { - int status = - SecRandomCopyBytes(kSecRandomDefault, bytes_to_read, random_array); - - if (status == errSecSuccess) { - perror("OQS_randombytes"); - exit(EXIT_FAILURE); - } -} -#else -void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) { - FILE *handle; - size_t bytes_read; - - handle = fopen("/dev/urandom", "rb"); - if (!handle) { - perror("OQS_randombytes"); - exit(EXIT_FAILURE); - } - - bytes_read = fread(random_array, 1, bytes_to_read, handle); - if (bytes_read < bytes_to_read || ferror(handle)) { - perror("OQS_randombytes"); - exit(EXIT_FAILURE); - } - - fclose(handle); -} -#endif -#endif -#else -void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) { - HCRYPTPROV hCryptProv; - if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) || - !CryptGenRandom(hCryptProv, (DWORD) bytes_to_read, random_array)) { - exit(EXIT_FAILURE); // better to fail than to return bad random data - } - CryptReleaseContext(hCryptProv, 0); -} -#endif - -#ifdef OQS_USE_OPENSSL -#define OQS_RAND_POLL_RETRY 3 // in case failure to get randomness is a temporary problem, allow some repeats -void OQS_randombytes_openssl(uint8_t *random_array, size_t bytes_to_read) { - int rep = OQS_RAND_POLL_RETRY; - SIZE_T_TO_INT_OR_EXIT(bytes_to_read, bytes_to_read_int) - do { - if (RAND_status() == 1) { - break; - } - RAND_poll(); - } while (rep-- >= 0); - if (RAND_bytes(random_array, bytes_to_read_int) != 1) { - fprintf(stderr, "No OpenSSL randomness retrieved. DRBG available?\n"); - // because of void signature we have no other way to signal the problem - // we cannot possibly return without randomness - exit(EXIT_FAILURE); - } -} -#endif diff --git a/lib/liboqs/src/common/rand/rand.gyp b/lib/liboqs/src/common/rand/rand.gyp deleted file mode 100644 index 24a439dbb..000000000 --- a/lib/liboqs/src/common/rand/rand.gyp +++ /dev/null @@ -1,40 +0,0 @@ -# DO NOT EDIT: generated from subdir.gyp.template -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../../../../coreconf/config.gypi' - ], - 'targets': [ - { - 'target_name': 'oqs_src_common_rand', - 'type': 'static_library', - 'sources': [ - 'rand.c', - 'rand_nist.c', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } - ], - 'target_defaults': { - 'defines': [ - ], - 'include_dirs': [ - '<(DEPTH)/lib/liboqs/src/common/pqclean_shims', - '<(DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits', - ], - [ 'OS=="mac"', { - 'defines': [ - 'OQS_HAVE_POSIX_MEMALIGN', - 'OQS_HAVE_ALIGNED_ALLOC', - 'OQS_HAVE_MEMALIGN' - ] - }] - }, - 'variables': { - 'module': 'oqs' - } -} diff --git a/lib/liboqs/src/common/rand/rand.h b/lib/liboqs/src/common/rand/rand.h deleted file mode 100644 index 3499c2593..000000000 --- a/lib/liboqs/src/common/rand/rand.h +++ /dev/null @@ -1,73 +0,0 @@ -/** - * \file rand.h - * \brief Random number generator. - * - * SPDX-License-Identifier: MIT - */ - -#ifndef OQS_RANDOM_H -#define OQS_RANDOM_H - -#include <stdbool.h> -#include <stddef.h> -#include <stdint.h> - -#include <oqs/common.h> - -#if defined(__cplusplus) -extern "C" { -#endif - -/** Algorithm identifier for system PRNG. */ -#define OQS_RAND_alg_system "system" -/** Algorithm identifier for NIST deterministic RNG for KATs. */ -#define OQS_RAND_alg_nist_kat "NIST-KAT" -/** Algorithm identifier for using OpenSSL's PRNG. */ -#define OQS_RAND_alg_openssl "OpenSSL" - -/** - * Switches OQS_randombytes to use the specified algorithm. - * - * @param[in] algorithm The name of the algorithm to use. - * @return OQS_SUCCESS if `algorithm` is a supported algorithm name, OQS_ERROR otherwise. - */ -OQS_API OQS_STATUS OQS_randombytes_switch_algorithm(const char *algorithm); - -/** - * Switches OQS_randombytes to use the given function. - * - * This allows additional custom RNGs besides the provided ones. The provided RNG - * function must have the same signature as `OQS_randombytes`. - * - * @param[in] algorithm_ptr Pointer to the RNG function to use. - */ -OQS_API void OQS_randombytes_custom_algorithm(void (*algorithm_ptr)(uint8_t *, size_t)); - -/** - * Fills the given memory with the requested number of (pseudo)random bytes. - * - * This implementation uses whichever algorithm has been selected by - * OQS_randombytes_switch_algorithm. The default is OQS_randombytes_system, which - * reads bytes directly from `/dev/urandom`. - * - * The caller is responsible for providing a buffer allocated with sufficient room. - * - * @param[out] random_array Pointer to the memory to fill with (pseudo)random bytes - * @param[in] bytes_to_read The number of random bytes to read into memory - */ -OQS_API void OQS_randombytes(uint8_t *random_array, size_t bytes_to_read); - -/** - * Initializes the NIST DRBG with a given seed and with 256-bit security. - * - * @param[in] entropy_input The seed; must be exactly 48 bytes - * @param[in] personalization_string An optional personalization string; - * may be NULL; if not NULL, must be at least 48 bytes long - */ -OQS_API void OQS_randombytes_nist_kat_init_256bit(const uint8_t *entropy_input, const uint8_t *personalization_string); - -#if defined(__cplusplus) -} // extern "C" -#endif - -#endif // OQS_RANDOM_H diff --git a/lib/liboqs/src/common/rand/rand_nist.c b/lib/liboqs/src/common/rand/rand_nist.c deleted file mode 100644 index b6c6398a7..000000000 --- a/lib/liboqs/src/common/rand/rand_nist.c +++ /dev/null @@ -1,151 +0,0 @@ -// -// rng.c -// -// Created by Bassham, Lawrence E (Fed) on 8/29/17. -// Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved. -/* -NIST-developed software is provided by NIST as a public service. You may use, copy, and distribute copies of the software in any medium, provided that you keep intact this entire notice. You may improve, modify, and create derivative works of the software or any portion of the software, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the software and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the software. - -NIST-developed software is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT, OR ARISING BY OPERATION OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND DATA ACCURACY. NIST NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY, RELIABILITY, OR USEFULNESS OF THE SOFTWARE. - -You are solely responsible for determining the appropriateness of using and distributing the software and you assume all risks associated with its use, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and the unavailability or interruption of operation. This software is not intended to be used in any situation where a failure could cause risk of injury or damage to property. The software developed by NIST employees is not subject to copyright protection within the United States. -*/ -// SPDX-License-Identifier: Unknown -// Modified for liboqs by Douglas Stebila -// - -#include <assert.h> -#include <string.h> - -#include <oqs/common.h> -#include <oqs/rand.h> - -#ifdef OQS_USE_OPENSSL -#include <openssl/conf.h> -#include <openssl/evp.h> -#include <openssl/err.h> -#else -#include <oqs/aes.h> -#endif - -void OQS_randombytes_nist_kat(unsigned char *x, size_t xlen); - -typedef struct { - unsigned char Key[32]; - unsigned char V[16]; - int reseed_counter; -} AES256_CTR_DRBG_struct; - -static AES256_CTR_DRBG_struct DRBG_ctx; -static void AES256_CTR_DRBG_Update(unsigned char *provided_data, unsigned char *Key, unsigned char *V); - -#ifdef OQS_USE_OPENSSL -# if defined(_MSC_VER) -__declspec(noreturn) -# else -__attribute__((noreturn)) -# endif -static void handleErrors(void) { - ERR_print_errors_fp(stderr); - abort(); -} -#endif - -// Use whatever AES implementation you have. This uses AES from openSSL library -// key - 256-bit AES key -// ctr - a 128-bit plaintext value -// buffer - a 128-bit ciphertext value -static void AES256_ECB(unsigned char *key, unsigned char *ctr, unsigned char *buffer) { -#ifdef OQS_USE_OPENSSL - EVP_CIPHER_CTX *ctx; - - int len; - - /* Create and initialise the context */ - if (!(ctx = EVP_CIPHER_CTX_new())) { - handleErrors(); - } - - if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, NULL)) { - handleErrors(); - } - - if (1 != EVP_EncryptUpdate(ctx, buffer, &len, ctr, 16)) { - handleErrors(); - } - - /* Clean up */ - EVP_CIPHER_CTX_free(ctx); -#else - void *schedule = NULL; - OQS_AES256_ECB_load_schedule(key, &schedule); - OQS_AES256_ECB_enc(ctr, 16, key, buffer); - OQS_AES256_free_schedule(schedule); -#endif -} - -OQS_API void OQS_randombytes_nist_kat_init_256bit(const uint8_t *entropy_input, const uint8_t *personalization_string) { - unsigned char seed_material[48]; - - memcpy(seed_material, entropy_input, 48); - if (personalization_string) - for (int i = 0; i < 48; i++) { - seed_material[i] ^= personalization_string[i]; - } - memset(DRBG_ctx.Key, 0x00, 32); - memset(DRBG_ctx.V, 0x00, 16); - AES256_CTR_DRBG_Update(seed_material, DRBG_ctx.Key, DRBG_ctx.V); - DRBG_ctx.reseed_counter = 1; -} - -void OQS_randombytes_nist_kat(unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; - - while (xlen > 0) { - //increment V - for (int j = 15; j >= 0; j--) { - if (DRBG_ctx.V[j] == 0xff) { - DRBG_ctx.V[j] = 0x00; - } else { - DRBG_ctx.V[j]++; - break; - } - } - AES256_ECB(DRBG_ctx.Key, DRBG_ctx.V, block); - if (xlen > 15) { - memcpy(x + i, block, 16); - i += 16; - xlen -= 16; - } else { - memcpy(x + i, block, xlen); - xlen = 0; - } - } - AES256_CTR_DRBG_Update(NULL, DRBG_ctx.Key, DRBG_ctx.V); - DRBG_ctx.reseed_counter++; -} - -static void AES256_CTR_DRBG_Update(unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; - - for (int i = 0; i < 3; i++) { - //increment V - for (int j = 15; j >= 0; j--) { - if (V[j] == 0xff) { - V[j] = 0x00; - } else { - V[j]++; - break; - } - } - - AES256_ECB(Key, V, temp + 16 * i); - } - if (provided_data != NULL) - for (int i = 0; i < 48; i++) { - temp[i] ^= provided_data[i]; - } - memcpy(Key, temp, 32); - memcpy(V, temp + 32, 16); -} diff --git a/lib/liboqs/src/common/sha2/Makefile b/lib/liboqs/src/common/sha2/Makefile deleted file mode 100644 index fe090f3ff..000000000 --- a/lib/liboqs/src/common/sha2/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -USE_GCOV = -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -WARNING_CFLAGS = $(NULL) - diff --git a/lib/liboqs/src/common/sha2/config.mk b/lib/liboqs/src/common/sha2/config.mk deleted file mode 100644 index b28c9ce64..000000000 --- a/lib/liboqs/src/common/sha2/config.mk +++ /dev/null @@ -1,17 +0,0 @@ -# DO NOT EDIT: generated from config.mk.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# add fixes for platform integration issues here. -# -# liboqs programs expect the public include files to be in oqs/xxxx, -# So we put liboqs in it's own module, oqs, and point to the dist files -INCLUDES += -I$(CORE_DEPTH)/lib/liboqs/src/common/pqclean_shims -I$(CORE_DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits -DEFINES += - -ifeq ($(OS_ARCH), Darwin) -DEFINES += -DOQS_HAVE_ALIGNED_ALLOC -DOQS_HAVE_MEMALIGN -DOQS_HAVE_POSIX_MEMALIGN -endif - diff --git a/lib/liboqs/src/common/sha2/manifest.mn b/lib/liboqs/src/common/sha2/manifest.mn deleted file mode 100644 index cf7207622..000000000 --- a/lib/liboqs/src/common/sha2/manifest.mn +++ /dev/null @@ -1,24 +0,0 @@ -# DO NOT EDIT: generated from manifest.mn.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../../../.. - -MODULE = oqs - -LIBRARY_NAME = oqs_src_common_sha2 -SHARED_LIBRARY = $(NULL) - -CSRCS = \ - sha2.c \ - sha2_c.c \ - $(NULL) - -# only add module debugging in opt builds if DEBUG_PKCS11 is set -ifdef DEBUG_PKCS11 - DEFINES += -DDEBUG_MODULE -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/src/common/sha2/sha2.c b/lib/liboqs/src/common/sha2/sha2.c deleted file mode 100644 index d622b883f..000000000 --- a/lib/liboqs/src/common/sha2/sha2.c +++ /dev/null @@ -1,132 +0,0 @@ -// SPDX-License-Identifier: MIT -#include <stdio.h> - -#include <oqs/common.h> - -#include "sha2.h" -#include "sha2_local.h" - -#if defined(OQS_DIST_ARM64_V8_BUILD) -#define C_OR_ARM(stmt_c, stmt_arm) \ - do { \ - if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_SHA2)) { \ - stmt_arm; \ - } else { \ - stmt_c; \ - } \ - } while(0) -#elif defined(OQS_USE_ARM_SHA2_INSTRUCTIONS) -#define C_OR_ARM(stmt_c, stmt_arm) \ - stmt_arm -#else -#define C_OR_ARM(stmt_c, stmt_arm) \ - stmt_c -#endif -void OQS_SHA2_sha224_inc_init(OQS_SHA2_sha224_ctx *state) { - oqs_sha2_sha224_inc_init_c((sha224ctx *) state); -} - -void OQS_SHA2_sha224_inc_ctx_clone(OQS_SHA2_sha224_ctx *dest, const OQS_SHA2_sha224_ctx *src) { - oqs_sha2_sha224_inc_ctx_clone_c((sha224ctx *) dest, (const sha224ctx *) src); -} - -void OQS_SHA2_sha224_inc_blocks(OQS_SHA2_sha224_ctx *state, const uint8_t *in, size_t inblocks) { - C_OR_ARM( - oqs_sha2_sha224_inc_blocks_c((sha224ctx *) state, in, inblocks), - oqs_sha2_sha224_inc_blocks_armv8((sha224ctx *) state, in, inblocks) - ); -} - -void OQS_SHA2_sha224_inc_finalize(uint8_t *out, OQS_SHA2_sha224_ctx *state, const uint8_t *in, size_t inlen) { - oqs_sha2_sha224_inc_finalize_c(out, (sha224ctx *) state, in, inlen); -} - -void OQS_SHA2_sha224_inc_ctx_release(OQS_SHA2_sha224_ctx *state) { - oqs_sha2_sha224_inc_ctx_release_c((sha224ctx *) state); -} - -void OQS_SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state) { - oqs_sha2_sha256_inc_init_c((sha256ctx *) state); -} - -void OQS_SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src) { - oqs_sha2_sha256_inc_ctx_clone_c((sha256ctx *) dest, (const sha256ctx *) src); -} - -void OQS_SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks) { - C_OR_ARM( - oqs_sha2_sha256_inc_blocks_c((sha256ctx *) state, in, inblocks), - oqs_sha2_sha256_inc_blocks_armv8((sha256ctx *) state, in, inblocks) - ); -} - -void OQS_SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen) { - oqs_sha2_sha256_inc_finalize_c(out, (sha256ctx *) state, in, inlen); -} - -void OQS_SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state) { - oqs_sha2_sha256_inc_ctx_release_c((sha256ctx *) state); -} - -void OQS_SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state) { - oqs_sha2_sha384_inc_init_c((sha384ctx *)state); -} - -void OQS_SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src) { - oqs_sha2_sha384_inc_ctx_clone_c((sha384ctx *) dest, (const sha384ctx *) src); -} - -void OQS_SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks) { - oqs_sha2_sha384_inc_blocks_c((sha384ctx *) state, in, inblocks); -} - -void OQS_SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen) { - oqs_sha2_sha384_inc_finalize_c(out, (sha384ctx *) state, in, inlen); -} - -void OQS_SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state) { - oqs_sha2_sha384_inc_ctx_release_c((sha384ctx *) state); -} - -void OQS_SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state) { - oqs_sha2_sha512_inc_init_c((sha512ctx *)state); -} - -void OQS_SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src) { - oqs_sha2_sha512_inc_ctx_clone_c((sha512ctx *) dest, (const sha512ctx *) src); -} - -void OQS_SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks) { - oqs_sha2_sha512_inc_blocks_c((sha512ctx *) state, in, inblocks); -} - -void OQS_SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen) { - oqs_sha2_sha512_inc_finalize_c(out, (sha512ctx *) state, in, inlen); -} - -void OQS_SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state) { - oqs_sha2_sha512_inc_ctx_release_c((sha512ctx *) state); -} - -void OQS_SHA2_sha224(uint8_t *out, const uint8_t *in, size_t inlen) { - C_OR_ARM ( - oqs_sha2_sha224_c(out, in, inlen), - oqs_sha2_sha224_armv8(out, in, inlen) - ); -} - -void OQS_SHA2_sha256(uint8_t *out, const uint8_t *in, size_t inlen) { - C_OR_ARM ( - oqs_sha2_sha256_c(out, in, inlen), - oqs_sha2_sha256_armv8(out, in, inlen) - ); -} - -void OQS_SHA2_sha384(uint8_t *out, const uint8_t *in, size_t inlen) { - oqs_sha2_sha384_c(out, in, inlen); -} - -void OQS_SHA2_sha512(uint8_t *out, const uint8_t *in, size_t inlen) { - oqs_sha2_sha512_c(out, in, inlen); -} - diff --git a/lib/liboqs/src/common/sha2/sha2.gyp b/lib/liboqs/src/common/sha2/sha2.gyp deleted file mode 100644 index ae77cd08a..000000000 --- a/lib/liboqs/src/common/sha2/sha2.gyp +++ /dev/null @@ -1,40 +0,0 @@ -# DO NOT EDIT: generated from subdir.gyp.template -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../../../../coreconf/config.gypi' - ], - 'targets': [ - { - 'target_name': 'oqs_src_common_sha2', - 'type': 'static_library', - 'sources': [ - 'sha2.c', - 'sha2_c.c', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } - ], - 'target_defaults': { - 'defines': [ - ], - 'include_dirs': [ - '<(DEPTH)/lib/liboqs/src/common/pqclean_shims', - '<(DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits', - ], - [ 'OS=="mac"', { - 'defines': [ - 'OQS_HAVE_POSIX_MEMALIGN', - 'OQS_HAVE_ALIGNED_ALLOC', - 'OQS_HAVE_MEMALIGN' - ] - }] - }, - 'variables': { - 'module': 'oqs' - } -} diff --git a/lib/liboqs/src/common/sha2/sha2.h b/lib/liboqs/src/common/sha2/sha2.h deleted file mode 100644 index 8d8973e4c..000000000 --- a/lib/liboqs/src/common/sha2/sha2.h +++ /dev/null @@ -1,257 +0,0 @@ -/** - * \file sha2.h - * \brief SHA2 functions; not part of the OQS public API - * - * Contains the API and documentation for SHA2 digest implementation - * - * <b>Note this is not part of the OQS public API: implementations within liboqs can use these - * functions, but external consumers of liboqs should not use these functions.</b> - * - * \author Douglas Stebila - * - * SPDX-License-Identifier: MIT - */ - -#ifndef OQS_SHA2_H -#define OQS_SHA2_H - -#include <stddef.h> -#include <stdint.h> - -#if defined(__cplusplus) -extern "C" { -#endif - -/** Data structure for the state of the SHA-224 incremental hashing API. */ -typedef struct { - /** Internal state */ - void *ctx; -} OQS_SHA2_sha224_ctx; - -/** - * \brief Process a message with SHA-256 and return the hash code in the output byte array. - * - * \warning The output array must be at least 32 bytes in length. - * - * \param output The output byte array - * \param input The message input byte array - * \param inplen The number of message bytes to process - */ -void OQS_SHA2_sha256(uint8_t *output, const uint8_t *input, size_t inplen); - -/** Data structure for the state of the SHA-256 incremental hashing API. */ -typedef struct { - /** Internal state */ - void *ctx; -} OQS_SHA2_sha256_ctx; - -/** - * \brief Allocate and initialize the state for the SHA-256 incremental hashing API. - * - * \warning The state must be released by OQS_SHA2_sha256_inc_finalize - * or OQS_SHA2_sha256_inc_ctx_release. - * - * \param state Pointer to the state - */ -void OQS_SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state); - -/** - * \brief Duplicate state for the SHA-256 incremental hashing API. - * - * \warning dest must be allocated by the caller. Caller is responsible - * for releasing dest by calling either OQS_SHA3_sha3_256_inc_finalize or - * OQS_SHA3_sha3_256_inc_ctx_release. - * - * \param dest The function state to copy into; must be initialized - * \param src The function state to copy; must be initialized - */ -void OQS_SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src); - -/** - * \brief Process blocks with SHA-256 and update the state. - * - * \warning The state must be initialized by OQS_SHA2_sha256_inc_init or OQS_SHA2_sha256_inc_ctx_clone. - * - * \param state The state to update - * \param in Message input byte array - * \param inblocks The number of blocks of message bytes to process - */ -void OQS_SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks); - -/** - * \brief Process more message bytes with SHA-256 and return the hash code in the output byte array. - * - * \warning The output array must be at least 32 bytes in length. The state is - * deallocated by this function and can not be used again after calling - * this function without calling OQS_SHA2_sha256_inc_init again. - * - * \param out The output byte array - * \param state The state - * \param in Additional message input byte array - * \param inlen The number of additional message bytes to process - */ -void OQS_SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen); - -/** - * \brief Destroy state. - * - * \warning The state is deallocated by this function and can not be used again after calling - * this function without calling OQS_SHA2_sha256_inc_init again. - * - * \param state The state - */ -void OQS_SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state); - -/** - * \brief Process a message with SHA-384 and return the hash code in the output byte array. - * - * \warning The output array must be at least 48 bytes in length. - * - * \param output The output byte array - * \param input The message input byte array - * \param inplen The number of message bytes to process - */ -void OQS_SHA2_sha384(uint8_t *output, const uint8_t *input, size_t inplen); - -/** Data structure for the state of the SHA-384 incremental hashing API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA2_sha384_ctx; - -/** - * \brief Allocate and initialize the state for the SHA-384 incremental hashing API. - * - * \warning The state must be released by OQS_SHA2_sha384_inc_finalize - * or OQS_SHA2_sha384_inc_ctx_release. - * - * \param state Pointer to the state - */ -void OQS_SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state); - -/** - * \brief Duplicate state for the SHA-384 incremental hashing API. - * - * \warning dest must be allocated by the caller. Caller is responsible - * for releasing dest by calling either OQS_SHA3_sha3_384_inc_finalize or - * OQS_SHA3_sha3_384_inc_ctx_release. - * - * \param dest The function state to copy into; must be initialized - * \param src The function state to copy; must be initialized - */ -void OQS_SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src); - -/** - * \brief Process blocks with SHA-384 and update the state. - * - * \warning The state must be initialized by OQS_SHA2_sha384_inc_init or OQS_SHA2_sha384_inc_ctx_clone. - * - * \param state The state to update - * \param in Message input byte array - * \param inblocks The number of blocks of message bytes to process - */ -void OQS_SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks); - -/** - * \brief Process more message bytes with SHA-384 and return the hash code in the output byte array. - * - * \warning The output array must be at least 48 bytes in length. The state is - * deallocated by this function and can not be used again after calling - * this function without calling OQS_SHA2_sha384_inc_init again. - * - * \param out The output byte array - * \param state The state - * \param in Additional message input byte array - * \param inlen The number of additional message bytes to process - */ -void OQS_SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen); - -/** - * \brief Destroy state. - * - * \warning The state is deallocated by this function and can not be used again after calling - * this function without calling OQS_SHA2_sha384_inc_init again. - * - * \param state The state - */ -void OQS_SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state); - -/** - * \brief Process a message with SHA-512 and return the hash code in the output byte array. - * - * \warning The output array must be at least 64 bytes in length. - * - * \param output The output byte array - * \param input The message input byte array - * \param inplen The number of message bytes to process - */ -void OQS_SHA2_sha512(uint8_t *output, const uint8_t *input, size_t inplen); - -/** Data structure for the state of the SHA-512 incremental hashing API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA2_sha512_ctx; - -/** - * \brief Allocate and initialize the state for the SHA-512 incremental hashing API. - * - * \warning The state must be released by OQS_SHA2_sha512_inc_finalize - * or OQS_SHA2_sha512_inc_ctx_release. - * - * \param state Pointer to the state - */ -void OQS_SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state); - -/** - * \brief Duplicate state for the SHA-512 incremental hashing API. - * - * \warning dest must be allocated by the caller. Caller is responsible - * for releasing dest by calling either OQS_SHA3_sha3_512_inc_finalize or - * OQS_SHA3_sha3_512_inc_ctx_release. - * - * \param dest The function state to copy into; must be initialized - * \param src The function state to copy; must be initialized - */ -void OQS_SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src); - -/** - * \brief Process blocks with SHA-512 and update the state. - * - * \warning The state must be initialized by OQS_SHA2_sha512_inc_init or OQS_SHA2_sha512_inc_ctx_clone. - * - * \param state The state to update - * \param in Message input byte array - * \param inblocks The number of blocks of message bytes to process - */ -void OQS_SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks); - -/** - * \brief Process more message bytes with SHA-512 and return the hash code in the output byte array. - * - * \warning The output array must be at least 64 bytes in length. The state is - * deallocated by this function and can not be used again after calling - * this function without calling OQS_SHA2_sha512_inc_init again. - * - * \param out The output byte array - * \param state The state - * \param in Additional message input byte array - * \param inlen The number of additional message bytes to process - */ -void OQS_SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen); - -/** - * \brief Destroy state. - * - * \warning The state is deallocated by this function and can not be used again after calling - * this function without calling OQS_SHA2_sha512_inc_init again. - * - * \param state The state - */ -void OQS_SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state); - -#if defined(__cplusplus) -} // extern "C" -#endif - -#endif // OQS_SHA2_H diff --git a/lib/liboqs/src/common/sha2/sha2_c.c b/lib/liboqs/src/common/sha2/sha2_c.c deleted file mode 100644 index 1de100c30..000000000 --- a/lib/liboqs/src/common/sha2/sha2_c.c +++ /dev/null @@ -1,777 +0,0 @@ -// SPDX-License-Identifier: Public domain - -#include <oqs/oqs.h> - -#include "sha2_local.h" -#include <stdio.h> - -#define PQC_SHA256CTX_BYTES 40 -#define PQC_SHA512CTX_BYTES 72 -/* Based on the public domain implementation in - * crypto_hash/sha512/ref/ from http://bench.cr.yp.to/supercop.html - * by D. J. Bernstein */ - -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -static uint32_t load_bigendian_32(const uint8_t *x) { - return (uint32_t)(x[3]) | (((uint32_t)(x[2])) << 8) | - (((uint32_t)(x[1])) << 16) | (((uint32_t)(x[0])) << 24); -} - -static uint64_t load_bigendian_64(const uint8_t *x) { - return (uint64_t)(x[7]) | (((uint64_t)(x[6])) << 8) | - (((uint64_t)(x[5])) << 16) | (((uint64_t)(x[4])) << 24) | - (((uint64_t)(x[3])) << 32) | (((uint64_t)(x[2])) << 40) | - (((uint64_t)(x[1])) << 48) | (((uint64_t)(x[0])) << 56); -} - -static void store_bigendian_32(uint8_t *x, uint64_t u) { - x[3] = (uint8_t) u; - u >>= 8; - x[2] = (uint8_t) u; - u >>= 8; - x[1] = (uint8_t) u; - u >>= 8; - x[0] = (uint8_t) u; -} - -static void store_bigendian_64(uint8_t *x, uint64_t u) { - x[7] = (uint8_t) u; - u >>= 8; - x[6] = (uint8_t) u; - u >>= 8; - x[5] = (uint8_t) u; - u >>= 8; - x[4] = (uint8_t) u; - u >>= 8; - x[3] = (uint8_t) u; - u >>= 8; - x[2] = (uint8_t) u; - u >>= 8; - x[1] = (uint8_t) u; - u >>= 8; - x[0] = (uint8_t) u; -} - -#define SHR(x, c) ((x) >> (c)) -#define ROTR_32(x, c) (((x) >> (c)) | ((x) << (32 - (c)))) -#define ROTR_64(x, c) (((x) >> (c)) | ((x) << (64 - (c)))) - -#define Ch(x, y, z) (((x) & (y)) ^ (~(x) & (z))) -#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -#define Sigma0_32(x) (ROTR_32(x, 2) ^ ROTR_32(x,13) ^ ROTR_32(x,22)) -#define Sigma1_32(x) (ROTR_32(x, 6) ^ ROTR_32(x,11) ^ ROTR_32(x,25)) -#define sigma0_32(x) (ROTR_32(x, 7) ^ ROTR_32(x,18) ^ SHR(x, 3)) -#define sigma1_32(x) (ROTR_32(x,17) ^ ROTR_32(x,19) ^ SHR(x,10)) - -#define Sigma0_64(x) (ROTR_64(x, 28) ^ ROTR_64(x, 34) ^ ROTR_64(x, 39)) -#define Sigma1_64(x) (ROTR_64(x, 14) ^ ROTR_64(x, 18) ^ ROTR_64(x, 41)) -#define sigma0_64(x) (ROTR_64(x, 1) ^ ROTR_64(x, 8) ^ SHR(x, 7)) -#define sigma1_64(x) (ROTR_64(x, 19) ^ ROTR_64(x, 61) ^ SHR(x, 6)) - -#define M_32(w0, w14, w9, w1) w0 = sigma1_32(w14) + (w9) + sigma0_32(w1) + (w0); -#define M_64(w0, w14, w9, w1) w0 = sigma1_64(w14) + (w9) + sigma0_64(w1) + (w0); - -#define EXPAND_32 \ - M_32(w0, w14, w9, w1) \ - M_32(w1, w15, w10, w2) \ - M_32(w2, w0, w11, w3) \ - M_32(w3, w1, w12, w4) \ - M_32(w4, w2, w13, w5) \ - M_32(w5, w3, w14, w6) \ - M_32(w6, w4, w15, w7) \ - M_32(w7, w5, w0, w8) \ - M_32(w8, w6, w1, w9) \ - M_32(w9, w7, w2, w10) \ - M_32(w10, w8, w3, w11) \ - M_32(w11, w9, w4, w12) \ - M_32(w12, w10, w5, w13) \ - M_32(w13, w11, w6, w14) \ - M_32(w14, w12, w7, w15) \ - M_32(w15, w13, w8, w0) - -#define EXPAND_64 \ - M_64(w0, w14, w9, w1) \ - M_64(w1, w15, w10, w2) \ - M_64(w2, w0, w11, w3) \ - M_64(w3, w1, w12, w4) \ - M_64(w4, w2, w13, w5) \ - M_64(w5, w3, w14, w6) \ - M_64(w6, w4, w15, w7) \ - M_64(w7, w5, w0, w8) \ - M_64(w8, w6, w1, w9) \ - M_64(w9, w7, w2, w10) \ - M_64(w10, w8, w3, w11) \ - M_64(w11, w9, w4, w12) \ - M_64(w12, w10, w5, w13) \ - M_64(w13, w11, w6, w14) \ - M_64(w14, w12, w7, w15) \ - M_64(w15, w13, w8, w0) - -#define F_32(w, k) \ - T1 = h + Sigma1_32(e) + Ch(e, f, g) + (k) + (w); \ - T2 = Sigma0_32(a) + Maj(a, b, c); \ - h = g; \ - g = f; \ - f = e; \ - e = d + T1; \ - d = c; \ - c = b; \ - b = a; \ - a = T1 + T2; - -#define F_64(w, k) \ - T1 = h + Sigma1_64(e) + Ch(e, f, g) + (k) + (w); \ - T2 = Sigma0_64(a) + Maj(a, b, c); \ - h = g; \ - g = f; \ - f = e; \ - e = d + T1; \ - d = c; \ - c = b; \ - b = a; \ - a = T1 + T2; - -static size_t crypto_hashblocks_sha256_c(uint8_t *statebytes, - const uint8_t *in, size_t inlen) { - uint32_t state[8]; - uint32_t a; - uint32_t b; - uint32_t c; - uint32_t d; - uint32_t e; - uint32_t f; - uint32_t g; - uint32_t h; - uint32_t T1; - uint32_t T2; - - a = load_bigendian_32(statebytes + 0); - state[0] = a; - b = load_bigendian_32(statebytes + 4); - state[1] = b; - c = load_bigendian_32(statebytes + 8); - state[2] = c; - d = load_bigendian_32(statebytes + 12); - state[3] = d; - e = load_bigendian_32(statebytes + 16); - state[4] = e; - f = load_bigendian_32(statebytes + 20); - state[5] = f; - g = load_bigendian_32(statebytes + 24); - state[6] = g; - h = load_bigendian_32(statebytes + 28); - state[7] = h; - - while (inlen >= 64) { - uint32_t w0 = load_bigendian_32(in + 0); - uint32_t w1 = load_bigendian_32(in + 4); - uint32_t w2 = load_bigendian_32(in + 8); - uint32_t w3 = load_bigendian_32(in + 12); - uint32_t w4 = load_bigendian_32(in + 16); - uint32_t w5 = load_bigendian_32(in + 20); - uint32_t w6 = load_bigendian_32(in + 24); - uint32_t w7 = load_bigendian_32(in + 28); - uint32_t w8 = load_bigendian_32(in + 32); - uint32_t w9 = load_bigendian_32(in + 36); - uint32_t w10 = load_bigendian_32(in + 40); - uint32_t w11 = load_bigendian_32(in + 44); - uint32_t w12 = load_bigendian_32(in + 48); - uint32_t w13 = load_bigendian_32(in + 52); - uint32_t w14 = load_bigendian_32(in + 56); - uint32_t w15 = load_bigendian_32(in + 60); - - F_32(w0, 0x428a2f98) - F_32(w1, 0x71374491) - F_32(w2, 0xb5c0fbcf) - F_32(w3, 0xe9b5dba5) - F_32(w4, 0x3956c25b) - F_32(w5, 0x59f111f1) - F_32(w6, 0x923f82a4) - F_32(w7, 0xab1c5ed5) - F_32(w8, 0xd807aa98) - F_32(w9, 0x12835b01) - F_32(w10, 0x243185be) - F_32(w11, 0x550c7dc3) - F_32(w12, 0x72be5d74) - F_32(w13, 0x80deb1fe) - F_32(w14, 0x9bdc06a7) - F_32(w15, 0xc19bf174) - - EXPAND_32 - - F_32(w0, 0xe49b69c1) - F_32(w1, 0xefbe4786) - F_32(w2, 0x0fc19dc6) - F_32(w3, 0x240ca1cc) - F_32(w4, 0x2de92c6f) - F_32(w5, 0x4a7484aa) - F_32(w6, 0x5cb0a9dc) - F_32(w7, 0x76f988da) - F_32(w8, 0x983e5152) - F_32(w9, 0xa831c66d) - F_32(w10, 0xb00327c8) - F_32(w11, 0xbf597fc7) - F_32(w12, 0xc6e00bf3) - F_32(w13, 0xd5a79147) - F_32(w14, 0x06ca6351) - F_32(w15, 0x14292967) - - EXPAND_32 - - F_32(w0, 0x27b70a85) - F_32(w1, 0x2e1b2138) - F_32(w2, 0x4d2c6dfc) - F_32(w3, 0x53380d13) - F_32(w4, 0x650a7354) - F_32(w5, 0x766a0abb) - F_32(w6, 0x81c2c92e) - F_32(w7, 0x92722c85) - F_32(w8, 0xa2bfe8a1) - F_32(w9, 0xa81a664b) - F_32(w10, 0xc24b8b70) - F_32(w11, 0xc76c51a3) - F_32(w12, 0xd192e819) - F_32(w13, 0xd6990624) - F_32(w14, 0xf40e3585) - F_32(w15, 0x106aa070) - - EXPAND_32 - - F_32(w0, 0x19a4c116) - F_32(w1, 0x1e376c08) - F_32(w2, 0x2748774c) - F_32(w3, 0x34b0bcb5) - F_32(w4, 0x391c0cb3) - F_32(w5, 0x4ed8aa4a) - F_32(w6, 0x5b9cca4f) - F_32(w7, 0x682e6ff3) - F_32(w8, 0x748f82ee) - F_32(w9, 0x78a5636f) - F_32(w10, 0x84c87814) - F_32(w11, 0x8cc70208) - F_32(w12, 0x90befffa) - F_32(w13, 0xa4506ceb) - F_32(w14, 0xbef9a3f7) - F_32(w15, 0xc67178f2) - - a += state[0]; - b += state[1]; - c += state[2]; - d += state[3]; - e += state[4]; - f += state[5]; - g += state[6]; - h += state[7]; - - state[0] = a; - state[1] = b; - state[2] = c; - state[3] = d; - state[4] = e; - state[5] = f; - state[6] = g; - state[7] = h; - - in += 64; - inlen -= 64; - } - - store_bigendian_32(statebytes + 0, state[0]); - store_bigendian_32(statebytes + 4, state[1]); - store_bigendian_32(statebytes + 8, state[2]); - store_bigendian_32(statebytes + 12, state[3]); - store_bigendian_32(statebytes + 16, state[4]); - store_bigendian_32(statebytes + 20, state[5]); - store_bigendian_32(statebytes + 24, state[6]); - store_bigendian_32(statebytes + 28, state[7]); - - return inlen; -} - -static size_t crypto_hashblocks_sha512_c(uint8_t *statebytes, - const uint8_t *in, size_t inlen) { - uint64_t state[8]; - uint64_t a; - uint64_t b; - uint64_t c; - uint64_t d; - uint64_t e; - uint64_t f; - uint64_t g; - uint64_t h; - uint64_t T1; - uint64_t T2; - - a = load_bigendian_64(statebytes + 0); - state[0] = a; - b = load_bigendian_64(statebytes + 8); - state[1] = b; - c = load_bigendian_64(statebytes + 16); - state[2] = c; - d = load_bigendian_64(statebytes + 24); - state[3] = d; - e = load_bigendian_64(statebytes + 32); - state[4] = e; - f = load_bigendian_64(statebytes + 40); - state[5] = f; - g = load_bigendian_64(statebytes + 48); - state[6] = g; - h = load_bigendian_64(statebytes + 56); - state[7] = h; - - while (inlen >= 128) { - uint64_t w0 = load_bigendian_64(in + 0); - uint64_t w1 = load_bigendian_64(in + 8); - uint64_t w2 = load_bigendian_64(in + 16); - uint64_t w3 = load_bigendian_64(in + 24); - uint64_t w4 = load_bigendian_64(in + 32); - uint64_t w5 = load_bigendian_64(in + 40); - uint64_t w6 = load_bigendian_64(in + 48); - uint64_t w7 = load_bigendian_64(in + 56); - uint64_t w8 = load_bigendian_64(in + 64); - uint64_t w9 = load_bigendian_64(in + 72); - uint64_t w10 = load_bigendian_64(in + 80); - uint64_t w11 = load_bigendian_64(in + 88); - uint64_t w12 = load_bigendian_64(in + 96); - uint64_t w13 = load_bigendian_64(in + 104); - uint64_t w14 = load_bigendian_64(in + 112); - uint64_t w15 = load_bigendian_64(in + 120); - - F_64(w0, 0x428a2f98d728ae22ULL) - F_64(w1, 0x7137449123ef65cdULL) - F_64(w2, 0xb5c0fbcfec4d3b2fULL) - F_64(w3, 0xe9b5dba58189dbbcULL) - F_64(w4, 0x3956c25bf348b538ULL) - F_64(w5, 0x59f111f1b605d019ULL) - F_64(w6, 0x923f82a4af194f9bULL) - F_64(w7, 0xab1c5ed5da6d8118ULL) - F_64(w8, 0xd807aa98a3030242ULL) - F_64(w9, 0x12835b0145706fbeULL) - F_64(w10, 0x243185be4ee4b28cULL) - F_64(w11, 0x550c7dc3d5ffb4e2ULL) - F_64(w12, 0x72be5d74f27b896fULL) - F_64(w13, 0x80deb1fe3b1696b1ULL) - F_64(w14, 0x9bdc06a725c71235ULL) - F_64(w15, 0xc19bf174cf692694ULL) - - EXPAND_64 - - F_64(w0, 0xe49b69c19ef14ad2ULL) - F_64(w1, 0xefbe4786384f25e3ULL) - F_64(w2, 0x0fc19dc68b8cd5b5ULL) - F_64(w3, 0x240ca1cc77ac9c65ULL) - F_64(w4, 0x2de92c6f592b0275ULL) - F_64(w5, 0x4a7484aa6ea6e483ULL) - F_64(w6, 0x5cb0a9dcbd41fbd4ULL) - F_64(w7, 0x76f988da831153b5ULL) - F_64(w8, 0x983e5152ee66dfabULL) - F_64(w9, 0xa831c66d2db43210ULL) - F_64(w10, 0xb00327c898fb213fULL) - F_64(w11, 0xbf597fc7beef0ee4ULL) - F_64(w12, 0xc6e00bf33da88fc2ULL) - F_64(w13, 0xd5a79147930aa725ULL) - F_64(w14, 0x06ca6351e003826fULL) - F_64(w15, 0x142929670a0e6e70ULL) - - EXPAND_64 - - F_64(w0, 0x27b70a8546d22ffcULL) - F_64(w1, 0x2e1b21385c26c926ULL) - F_64(w2, 0x4d2c6dfc5ac42aedULL) - F_64(w3, 0x53380d139d95b3dfULL) - F_64(w4, 0x650a73548baf63deULL) - F_64(w5, 0x766a0abb3c77b2a8ULL) - F_64(w6, 0x81c2c92e47edaee6ULL) - F_64(w7, 0x92722c851482353bULL) - F_64(w8, 0xa2bfe8a14cf10364ULL) - F_64(w9, 0xa81a664bbc423001ULL) - F_64(w10, 0xc24b8b70d0f89791ULL) - F_64(w11, 0xc76c51a30654be30ULL) - F_64(w12, 0xd192e819d6ef5218ULL) - F_64(w13, 0xd69906245565a910ULL) - F_64(w14, 0xf40e35855771202aULL) - F_64(w15, 0x106aa07032bbd1b8ULL) - - EXPAND_64 - - F_64(w0, 0x19a4c116b8d2d0c8ULL) - F_64(w1, 0x1e376c085141ab53ULL) - F_64(w2, 0x2748774cdf8eeb99ULL) - F_64(w3, 0x34b0bcb5e19b48a8ULL) - F_64(w4, 0x391c0cb3c5c95a63ULL) - F_64(w5, 0x4ed8aa4ae3418acbULL) - F_64(w6, 0x5b9cca4f7763e373ULL) - F_64(w7, 0x682e6ff3d6b2b8a3ULL) - F_64(w8, 0x748f82ee5defb2fcULL) - F_64(w9, 0x78a5636f43172f60ULL) - F_64(w10, 0x84c87814a1f0ab72ULL) - F_64(w11, 0x8cc702081a6439ecULL) - F_64(w12, 0x90befffa23631e28ULL) - F_64(w13, 0xa4506cebde82bde9ULL) - F_64(w14, 0xbef9a3f7b2c67915ULL) - F_64(w15, 0xc67178f2e372532bULL) - - EXPAND_64 - - F_64(w0, 0xca273eceea26619cULL) - F_64(w1, 0xd186b8c721c0c207ULL) - F_64(w2, 0xeada7dd6cde0eb1eULL) - F_64(w3, 0xf57d4f7fee6ed178ULL) - F_64(w4, 0x06f067aa72176fbaULL) - F_64(w5, 0x0a637dc5a2c898a6ULL) - F_64(w6, 0x113f9804bef90daeULL) - F_64(w7, 0x1b710b35131c471bULL) - F_64(w8, 0x28db77f523047d84ULL) - F_64(w9, 0x32caab7b40c72493ULL) - F_64(w10, 0x3c9ebe0a15c9bebcULL) - F_64(w11, 0x431d67c49c100d4cULL) - F_64(w12, 0x4cc5d4becb3e42b6ULL) - F_64(w13, 0x597f299cfc657e2aULL) - F_64(w14, 0x5fcb6fab3ad6faecULL) - F_64(w15, 0x6c44198c4a475817ULL) - - a += state[0]; - b += state[1]; - c += state[2]; - d += state[3]; - e += state[4]; - f += state[5]; - g += state[6]; - h += state[7]; - - state[0] = a; - state[1] = b; - state[2] = c; - state[3] = d; - state[4] = e; - state[5] = f; - state[6] = g; - state[7] = h; - - in += 128; - inlen -= 128; - } - - store_bigendian_64(statebytes + 0, state[0]); - store_bigendian_64(statebytes + 8, state[1]); - store_bigendian_64(statebytes + 16, state[2]); - store_bigendian_64(statebytes + 24, state[3]); - store_bigendian_64(statebytes + 32, state[4]); - store_bigendian_64(statebytes + 40, state[5]); - store_bigendian_64(statebytes + 48, state[6]); - store_bigendian_64(statebytes + 56, state[7]); - - return inlen; -} - -static const uint8_t iv_224[32] = { - 0xc1, 0x05, 0x9e, 0xd8, 0x36, 0x7c, 0xd5, 0x07, - 0x30, 0x70, 0xdd, 0x17, 0xf7, 0x0e, 0x59, 0x39, - 0xff, 0xc0, 0x0b, 0x31, 0x68, 0x58, 0x15, 0x11, - 0x64, 0xf9, 0x8f, 0xa7, 0xbe, 0xfa, 0x4f, 0xa4 -}; - -static const uint8_t iv_256[32] = { - 0x6a, 0x09, 0xe6, 0x67, 0xbb, 0x67, 0xae, 0x85, - 0x3c, 0x6e, 0xf3, 0x72, 0xa5, 0x4f, 0xf5, 0x3a, - 0x51, 0x0e, 0x52, 0x7f, 0x9b, 0x05, 0x68, 0x8c, - 0x1f, 0x83, 0xd9, 0xab, 0x5b, 0xe0, 0xcd, 0x19 -}; - -static const uint8_t iv_384[64] = { - 0xcb, 0xbb, 0x9d, 0x5d, 0xc1, 0x05, 0x9e, 0xd8, 0x62, 0x9a, 0x29, - 0x2a, 0x36, 0x7c, 0xd5, 0x07, 0x91, 0x59, 0x01, 0x5a, 0x30, 0x70, - 0xdd, 0x17, 0x15, 0x2f, 0xec, 0xd8, 0xf7, 0x0e, 0x59, 0x39, 0x67, - 0x33, 0x26, 0x67, 0xff, 0xc0, 0x0b, 0x31, 0x8e, 0xb4, 0x4a, 0x87, - 0x68, 0x58, 0x15, 0x11, 0xdb, 0x0c, 0x2e, 0x0d, 0x64, 0xf9, 0x8f, - 0xa7, 0x47, 0xb5, 0x48, 0x1d, 0xbe, 0xfa, 0x4f, 0xa4 -}; - -static const uint8_t iv_512[64] = { - 0x6a, 0x09, 0xe6, 0x67, 0xf3, 0xbc, 0xc9, 0x08, 0xbb, 0x67, 0xae, - 0x85, 0x84, 0xca, 0xa7, 0x3b, 0x3c, 0x6e, 0xf3, 0x72, 0xfe, 0x94, - 0xf8, 0x2b, 0xa5, 0x4f, 0xf5, 0x3a, 0x5f, 0x1d, 0x36, 0xf1, 0x51, - 0x0e, 0x52, 0x7f, 0xad, 0xe6, 0x82, 0xd1, 0x9b, 0x05, 0x68, 0x8c, - 0x2b, 0x3e, 0x6c, 0x1f, 0x1f, 0x83, 0xd9, 0xab, 0xfb, 0x41, 0xbd, - 0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79 -}; - -void oqs_sha2_sha224_inc_init_c(sha224ctx *state) { - state->ctx = malloc(PQC_SHA256CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - for (size_t i = 0; i < 32; ++i) { - state->ctx[i] = iv_224[i]; - } - for (size_t i = 32; i < 40; ++i) { - state->ctx[i] = 0; - } -} - -void oqs_sha2_sha256_inc_init_c(sha256ctx *state) { - state->ctx = malloc(PQC_SHA256CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - for (size_t i = 0; i < 32; ++i) { - state->ctx[i] = iv_256[i]; - } - for (size_t i = 32; i < 40; ++i) { - state->ctx[i] = 0; - } -} - -void oqs_sha2_sha384_inc_init_c(sha384ctx *state) { - state->ctx = malloc(PQC_SHA512CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - for (size_t i = 0; i < 64; ++i) { - state->ctx[i] = iv_384[i]; - } - for (size_t i = 64; i < 72; ++i) { - state->ctx[i] = 0; - } -} - -void oqs_sha2_sha512_inc_init_c(sha512ctx *state) { - state->ctx = malloc(PQC_SHA512CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - for (size_t i = 0; i < 64; ++i) { - state->ctx[i] = iv_512[i]; - } - for (size_t i = 64; i < 72; ++i) { - state->ctx[i] = 0; - } -} - -void oqs_sha2_sha224_inc_ctx_clone_c(sha224ctx *stateout, const sha224ctx *statein) { - stateout->ctx = malloc(PQC_SHA256CTX_BYTES); - if (stateout->ctx == NULL) { - exit(111); - } - memcpy(stateout->ctx, statein->ctx, PQC_SHA256CTX_BYTES); -} - -void oqs_sha2_sha256_inc_ctx_clone_c(sha256ctx *stateout, const sha256ctx *statein) { - stateout->ctx = malloc(PQC_SHA256CTX_BYTES); - if (stateout->ctx == NULL) { - exit(111); - } - memcpy(stateout->ctx, statein->ctx, PQC_SHA256CTX_BYTES); -} - -void oqs_sha2_sha384_inc_ctx_clone_c(sha384ctx *stateout, const sha384ctx *statein) { - stateout->ctx = malloc(PQC_SHA512CTX_BYTES); - if (stateout->ctx == NULL) { - exit(111); - } - memcpy(stateout->ctx, statein->ctx, PQC_SHA512CTX_BYTES); -} - -void oqs_sha2_sha512_inc_ctx_clone_c(sha512ctx *stateout, const sha512ctx *statein) { - stateout->ctx = malloc(PQC_SHA512CTX_BYTES); - if (stateout->ctx == NULL) { - exit(111); - } - memcpy(stateout->ctx, statein->ctx, PQC_SHA512CTX_BYTES); -} - -/* Destroy the hash state. */ -void oqs_sha2_sha224_inc_ctx_release_c(sha224ctx *state) { - free(state->ctx); // IGNORE free-check -} - -/* Destroy the hash state. */ -void oqs_sha2_sha256_inc_ctx_release_c(sha256ctx *state) { - free(state->ctx); // IGNORE free-check -} - -/* Destroy the hash state. */ -void oqs_sha2_sha384_inc_ctx_release_c(sha384ctx *state) { - free(state->ctx); // IGNORE free-check -} - -/* Destroy the hash state. */ -void oqs_sha2_sha512_inc_ctx_release_c(sha512ctx *state) { - free(state->ctx); // IGNORE free-check -} - -void oqs_sha2_sha256_inc_blocks_c(sha256ctx *state, const uint8_t *in, size_t inblocks) { - uint64_t bytes = load_bigendian_64(state->ctx + 32); - - crypto_hashblocks_sha256_c(state->ctx, in, 64 * inblocks); - bytes += 64 * inblocks; - - store_bigendian_64(state->ctx + 32, bytes); -} - -void oqs_sha2_sha224_inc_blocks_c(sha224ctx *state, const uint8_t *in, size_t inblocks) { - oqs_sha2_sha256_inc_blocks_c((sha256ctx *) state, in, inblocks); -} - -void oqs_sha2_sha512_inc_blocks_c(sha512ctx *state, const uint8_t *in, size_t inblocks) { - uint64_t bytes = load_bigendian_64(state->ctx + 64); - - crypto_hashblocks_sha512_c(state->ctx, in, 128 * inblocks); - bytes += 128 * inblocks; - - store_bigendian_64(state->ctx + 64, bytes); -} - -void oqs_sha2_sha384_inc_blocks_c(sha384ctx *state, const uint8_t *in, size_t inblocks) { - oqs_sha2_sha512_inc_blocks_c((sha512ctx *) state, in, inblocks); -} - -void oqs_sha2_sha256_inc_finalize_c(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen) { - uint8_t padded[128]; - uint64_t bytes = load_bigendian_64(state->ctx + 32) + inlen; - - crypto_hashblocks_sha256_c(state->ctx, in, inlen); - in += inlen; - inlen &= 63; - in -= inlen; - - for (size_t i = 0; i < inlen; ++i) { - padded[i] = in[i]; - } - padded[inlen] = 0x80; - - if (inlen < 56) { - for (size_t i = inlen + 1; i < 56; ++i) { - padded[i] = 0; - } - padded[56] = (uint8_t) (bytes >> 53); - padded[57] = (uint8_t) (bytes >> 45); - padded[58] = (uint8_t) (bytes >> 37); - padded[59] = (uint8_t) (bytes >> 29); - padded[60] = (uint8_t) (bytes >> 21); - padded[61] = (uint8_t) (bytes >> 13); - padded[62] = (uint8_t) (bytes >> 5); - padded[63] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha256_c(state->ctx, padded, 64); - } else { - for (size_t i = inlen + 1; i < 120; ++i) { - padded[i] = 0; - } - padded[120] = (uint8_t) (bytes >> 53); - padded[121] = (uint8_t) (bytes >> 45); - padded[122] = (uint8_t) (bytes >> 37); - padded[123] = (uint8_t) (bytes >> 29); - padded[124] = (uint8_t) (bytes >> 21); - padded[125] = (uint8_t) (bytes >> 13); - padded[126] = (uint8_t) (bytes >> 5); - padded[127] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha256_c(state->ctx, padded, 128); - } - - for (size_t i = 0; i < 32; ++i) { - out[i] = state->ctx[i]; - } - oqs_sha2_sha256_inc_ctx_release_c(state); -} - -void oqs_sha2_sha224_inc_finalize_c(uint8_t *out, sha224ctx *state, const uint8_t *in, size_t inlen) { - uint8_t tmp[32]; - oqs_sha2_sha256_inc_finalize_c(tmp, (sha256ctx *)state, in, inlen); - - for (size_t i = 0; i < 28; ++i) { - out[i] = tmp[i]; - } -} - -void oqs_sha2_sha512_inc_finalize_c(uint8_t *out, sha512ctx *state, const uint8_t *in, size_t inlen) { - uint8_t padded[256]; - uint64_t bytes = load_bigendian_64(state->ctx + 64) + inlen; - - crypto_hashblocks_sha512_c(state->ctx, in, inlen); - in += inlen; - inlen &= 127; - in -= inlen; - - for (size_t i = 0; i < inlen; ++i) { - padded[i] = in[i]; - } - padded[inlen] = 0x80; - - if (inlen < 112) { - for (size_t i = inlen + 1; i < 119; ++i) { - padded[i] = 0; - } - padded[119] = (uint8_t) (bytes >> 61); - padded[120] = (uint8_t) (bytes >> 53); - padded[121] = (uint8_t) (bytes >> 45); - padded[122] = (uint8_t) (bytes >> 37); - padded[123] = (uint8_t) (bytes >> 29); - padded[124] = (uint8_t) (bytes >> 21); - padded[125] = (uint8_t) (bytes >> 13); - padded[126] = (uint8_t) (bytes >> 5); - padded[127] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha512_c(state->ctx, padded, 128); - } else { - for (size_t i = inlen + 1; i < 247; ++i) { - padded[i] = 0; - } - padded[247] = (uint8_t) (bytes >> 61); - padded[248] = (uint8_t) (bytes >> 53); - padded[249] = (uint8_t) (bytes >> 45); - padded[250] = (uint8_t) (bytes >> 37); - padded[251] = (uint8_t) (bytes >> 29); - padded[252] = (uint8_t) (bytes >> 21); - padded[253] = (uint8_t) (bytes >> 13); - padded[254] = (uint8_t) (bytes >> 5); - padded[255] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha512_c(state->ctx, padded, 256); - } - - for (size_t i = 0; i < 64; ++i) { - out[i] = state->ctx[i]; - } - oqs_sha2_sha512_inc_ctx_release_c(state); -} - -void oqs_sha2_sha384_inc_finalize_c(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen) { - uint8_t tmp[64]; - oqs_sha2_sha512_inc_finalize_c(tmp, (sha512ctx *)state, in, inlen); - - for (size_t i = 0; i < 48; ++i) { - out[i] = tmp[i]; - } -} - -void oqs_sha2_sha224_c(uint8_t *out, const uint8_t *in, size_t inlen) { - sha224ctx state; - - oqs_sha2_sha224_inc_init_c(&state); - oqs_sha2_sha224_inc_finalize_c(out, &state, in, inlen); -} - -void oqs_sha2_sha256_c(uint8_t *out, const uint8_t *in, size_t inlen) { - sha256ctx state; - - oqs_sha2_sha256_inc_init_c(&state); - oqs_sha2_sha256_inc_finalize_c(out, &state, in, inlen); -} - -void oqs_sha2_sha384_c(uint8_t *out, const uint8_t *in, size_t inlen) { - sha384ctx state; - - oqs_sha2_sha384_inc_init_c(&state); - oqs_sha2_sha384_inc_finalize_c(out, &state, in, inlen); -} - -void oqs_sha2_sha512_c(uint8_t *out, const uint8_t *in, size_t inlen) { - sha512ctx state; - - oqs_sha2_sha512_inc_init_c(&state); - oqs_sha2_sha512_inc_finalize_c(out, &state, in, inlen); -} - diff --git a/lib/liboqs/src/common/sha2/sha2_local.h b/lib/liboqs/src/common/sha2/sha2_local.h deleted file mode 100644 index 028de764b..000000000 --- a/lib/liboqs/src/common/sha2/sha2_local.h +++ /dev/null @@ -1,86 +0,0 @@ -/** - * \file sha2_local.h - * \brief Internal SHA2 functions that enable easy switching between native instructions - * and c implementations - * - * <b>Note this is not part of the OQS public API: implementations within liboqs can use these - * functions, but external consumers of liboqs should not use these functions.</b> - * - * \author Douglas Stebila - * - * SPDX-License-Identifier: MIT - */ - -#ifndef OQS_SHA2_LOCAL_H -#define OQS_SHA2_LOCAL_H - -#include <stddef.h> -#include <stdint.h> - -#if defined(__cplusplus) -extern "C" { -#endif - -typedef struct { - uint8_t *ctx; -} sha224ctx; - -typedef struct { - uint8_t *ctx; -} sha256ctx; - -typedef struct { - uint8_t *ctx; -} sha384ctx; - -typedef struct { - uint8_t *ctx; -} sha512ctx; - -void oqs_sha2_sha224_inc_init_c(sha224ctx *state); -void oqs_sha2_sha224_inc_ctx_clone_c(sha224ctx *dest, const sha224ctx *src); -void oqs_sha2_sha224_inc_blocks_c(sha224ctx *state, const uint8_t *in, size_t inblocks); -void oqs_sha2_sha224_inc_finalize_c(uint8_t *out, sha224ctx *state, const uint8_t *in, size_t inlen); -void oqs_sha2_sha224_inc_ctx_release_c(sha224ctx *state); - -void oqs_sha2_sha256_inc_init_c(sha256ctx *state); -void oqs_sha2_sha256_inc_ctx_clone_c(sha256ctx *dest, const sha256ctx *src); -void oqs_sha2_sha256_inc_blocks_c(sha256ctx *state, const uint8_t *in, size_t inblocks); -void oqs_sha2_sha256_inc_finalize_c(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen); -void oqs_sha2_sha256_inc_ctx_release_c(sha256ctx *state); - -void oqs_sha2_sha384(uint8_t *output, const uint8_t *input, size_t inplen); -void oqs_sha2_sha384_inc_init_c(sha384ctx *state); -void oqs_sha2_sha384_inc_ctx_clone_c(sha384ctx *dest, const sha384ctx *src); -void oqs_sha2_sha384_inc_blocks_c(sha384ctx *state, const uint8_t *in, size_t inblocks); -void oqs_sha2_sha384_inc_finalize_c(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen); -void oqs_sha2_sha384_inc_ctx_release_c(sha384ctx *state); - -void oqs_sha2_sha512_inc_init_c(sha512ctx *state); -void oqs_sha2_sha512_inc_ctx_clone_c(sha512ctx *dest, const sha512ctx *src); -void oqs_sha2_sha512_inc_blocks_c(sha512ctx *state, const uint8_t *in, size_t inblocks); -void oqs_sha2_sha512_inc_finalize_c(uint8_t *out, sha512ctx *state, const uint8_t *in, size_t inlen); -void oqs_sha2_sha512_inc_ctx_release_c(sha512ctx *state); - -// ARMv8 Crypto Extension functions -void oqs_sha2_sha224_inc_blocks_armv8(sha224ctx *state, const uint8_t *in, size_t inblocks); -void oqs_sha2_sha224_armv8(uint8_t *out, const uint8_t *in, size_t inlen); -void oqs_sha2_sha256_inc_blocks_armv8(sha256ctx *state, const uint8_t *in, size_t inblocks); -void oqs_sha2_sha256_armv8(uint8_t *out, const uint8_t *in, size_t inlen); - -void oqs_sha2_sha384_inc_init_armv8(sha384ctx *state); -void oqs_sha2_sha384_inc_ctx_clone_armv8(sha384ctx *dest, const sha384ctx *src); -void oqs_sha2_sha384_inc_blocks_armv8(sha384ctx *state, const uint8_t *in, size_t inblocks); -void oqs_sha2_sha384_inc_finalize_armv8(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen); -void oqs_sha2_sha384_inc_ctx_release_armv8(sha384ctx *state); - -void oqs_sha2_sha224_c(uint8_t *out, const uint8_t *in, size_t inlen); -void oqs_sha2_sha256_c(uint8_t *out, const uint8_t *in, size_t inlen); -void oqs_sha2_sha384_c(uint8_t *out, const uint8_t *in, size_t inlen); -void oqs_sha2_sha512_c(uint8_t *out, const uint8_t *in, size_t inlen); - -#if defined(__cplusplus) -} // extern "C" -#endif - -#endif // OQS_SHA2_LOCAL_H diff --git a/lib/liboqs/src/common/sha3/Makefile b/lib/liboqs/src/common/sha3/Makefile deleted file mode 100644 index fe090f3ff..000000000 --- a/lib/liboqs/src/common/sha3/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -USE_GCOV = -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -WARNING_CFLAGS = $(NULL) - diff --git a/lib/liboqs/src/common/sha3/config.mk b/lib/liboqs/src/common/sha3/config.mk deleted file mode 100644 index b28c9ce64..000000000 --- a/lib/liboqs/src/common/sha3/config.mk +++ /dev/null @@ -1,17 +0,0 @@ -# DO NOT EDIT: generated from config.mk.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# add fixes for platform integration issues here. -# -# liboqs programs expect the public include files to be in oqs/xxxx, -# So we put liboqs in it's own module, oqs, and point to the dist files -INCLUDES += -I$(CORE_DEPTH)/lib/liboqs/src/common/pqclean_shims -I$(CORE_DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits -DEFINES += - -ifeq ($(OS_ARCH), Darwin) -DEFINES += -DOQS_HAVE_ALIGNED_ALLOC -DOQS_HAVE_MEMALIGN -DOQS_HAVE_POSIX_MEMALIGN -endif - diff --git a/lib/liboqs/src/common/sha3/manifest.mn b/lib/liboqs/src/common/sha3/manifest.mn deleted file mode 100644 index f430a10f8..000000000 --- a/lib/liboqs/src/common/sha3/manifest.mn +++ /dev/null @@ -1,24 +0,0 @@ -# DO NOT EDIT: generated from manifest.mn.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../../../.. - -MODULE = oqs - -LIBRARY_NAME = oqs_src_common_sha3 -SHARED_LIBRARY = $(NULL) - -CSRCS = \ - xkcp_sha3.c \ - xkcp_sha3x4.c \ - $(NULL) - -# only add module debugging in opt builds if DEBUG_PKCS11 is set -ifdef DEBUG_PKCS11 - DEFINES += -DDEBUG_MODULE -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/src/common/sha3/sha3.gyp b/lib/liboqs/src/common/sha3/sha3.gyp deleted file mode 100644 index 114c93cab..000000000 --- a/lib/liboqs/src/common/sha3/sha3.gyp +++ /dev/null @@ -1,40 +0,0 @@ -# DO NOT EDIT: generated from subdir.gyp.template -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../../../../coreconf/config.gypi' - ], - 'targets': [ - { - 'target_name': 'oqs_src_common_sha3', - 'type': 'static_library', - 'sources': [ - 'xkcp_sha3.c', - 'xkcp_sha3x4.c', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } - ], - 'target_defaults': { - 'defines': [ - ], - 'include_dirs': [ - '<(DEPTH)/lib/liboqs/src/common/pqclean_shims', - '<(DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits', - ], - [ 'OS=="mac"', { - 'defines': [ - 'OQS_HAVE_POSIX_MEMALIGN', - 'OQS_HAVE_ALIGNED_ALLOC', - 'OQS_HAVE_MEMALIGN' - ] - }] - }, - 'variables': { - 'module': 'oqs' - } -} diff --git a/lib/liboqs/src/common/sha3/sha3.h b/lib/liboqs/src/common/sha3/sha3.h deleted file mode 100644 index d66c7289e..000000000 --- a/lib/liboqs/src/common/sha3/sha3.h +++ /dev/null @@ -1,429 +0,0 @@ -/** - * \file sha3.h - * \brief SHA3 and SHAKE functions; not part of the OQS public API - * - * Contains the API and documentation for SHA3 digest and SHAKE implementations. - * - * <b>Note this is not part of the OQS public API: implementations within liboqs can use these - * functions, but external consumers of liboqs should not use these functions.</b> - * - * \author John Underhill, Douglas Stebila - * - * SPDX-License-Identifier: MIT - */ - -#ifndef OQS_SHA3_H -#define OQS_SHA3_H - -#include <stddef.h> -#include <stdint.h> - -#if defined(__cplusplus) -extern "C" { -#endif - -/* SHA3 */ - -/** The SHA-256 byte absorption rate */ -#define OQS_SHA3_SHA3_256_RATE 136 - -/** - * \brief Process a message with SHA3-256 and return the digest in the output byte array. - * - * \warning The output array must be at least 32 bytes in length. - * - * \param output The output byte array - * \param input The message input byte array - * \param inplen The number of message bytes to process - */ -void OQS_SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inplen); - -/** Data structure for the state of the incremental SHA3-256 API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA3_sha3_256_inc_ctx; - -/** - * \brief Initialize the state for the incremental SHA3-256 API. - * - * \warning Caller is responsible for releasing state by calling - * OQS_SHA3_sha3_256_inc_ctx_release. - * - * \param state The function state to be allocated and initialized. - */ -void OQS_SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state); - -/** - * \brief The SHA3-256 absorb function. - * Absorb an input into the state. - * - * \param state The function state; must be initialized - * \param input The input array - * \param inlen The length of the input - */ -void OQS_SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inlen); - -/** - * \brief The SHA3-256 finalize-and-squeeze function. - * Finalizes the state and squeezes a 32 byte digest. - * - * \warning Output array must be at least 32 bytes. - * State cannot be used after this without calling OQS_SHA3_sha3_256_inc_reset. - * - * \param output The output byte array - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state); - -/** - * \brief Release the state for the SHA3-256 incremental API. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state); - -/** - * \brief Resets the state for the SHA3-256 incremental API. - * Alternative to freeing and reinitializing the state. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state); - -/** - * \brief Clone the state for the SHA3-256 incremental API. - * - * \param dest The function state to copy into; must be initialized - * \param src The function state to copy; must be initialized - */ -void OQS_SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src); - -/** The SHA-384 byte absorption rate */ -#define OQS_SHA3_SHA3_384_RATE 104 - -/** - * \brief Process a message with SHA3-384 and return the digest in the output byte array. - * - * \warning The output array must be at least 48 bytes in length. - * - * \param output The output byte array - * \param input The message input byte array - * \param inplen The number of message bytes to process - */ -void OQS_SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inplen); - -/** Data structure for the state of the incremental SHA3-384 API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA3_sha3_384_inc_ctx; - -/** - * \brief Initialize the state for the incremental SHA3-384 API. - * - * \warning Caller is responsible for releasing state by calling - * OQS_SHA3_sha3_384_inc_ctx_release. - * - * \param state The function state to be allocated and initialized. - */ -void OQS_SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state); - -/** - * \brief The SHA3-384 absorb function. - * Absorb an input into the state. - * - * \param state The function state; must be initialized - * \param input The input array - * \param inlen The length of the input - */ -void OQS_SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inlen); - -/** - * \brief The SHA3-384 finalize-and-squeeze function. - * Finalizes the state and squeezes a 48 byte digest. - * - * \warning Output array must be at least 48 bytes. - * State cannot be used after this without calling OQS_SHA3_sha3_384_inc_reset. - * - * \param output The output byte array - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state); - -/** - * \brief Release the state for the SHA3-384 incremental API. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state); - -/** - * \brief Resets the state for the SHA3-384 incremental API. - * Alternative to freeing and reinitializing the state. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state); - -/** - * \brief Clone the state for the SHA3-384 incremental API. - * - * \param dest The function state to copy into; must be initialized - * \param src The function state to copy; must be initialized - */ -void OQS_SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src); - -/** The SHA-512 byte absorption rate */ -#define OQS_SHA3_SHA3_512_RATE 72 - -/** - * \brief Process a message with SHA3-512 and return the digest in the output byte array. - * - * \warning The output array must be at least 64 bytes in length. - * - * \param output The output byte array - * \param input The message input byte array - * \param inplen The number of message bytes to process - */ -void OQS_SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen); - -/** Data structure for the state of the incremental SHA3-512 API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA3_sha3_512_inc_ctx; - -/** - * \brief Initialize the state for the incremental SHA3-512 API. - * - * \warning Caller is responsible for releasing state by calling - * OQS_SHA3_sha3_512_inc_ctx_release. - * - * \param state The function state to be allocated and initialized. - */ -void OQS_SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state); - -/** - * \brief The SHA3-512 absorb function. - * Absorb an input into the state. - * - * \param state The function state; must be initialized - * \param input The input array - * \param inlen The length of the input - */ -void OQS_SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inlen); - -/** - * \brief The SHA3-512 finalize-and-squeeze function. - * Finalizes the state and squeezes a 64 byte digest. - * - * \warning Output array must be at least 64 bytes. - * State cannot be used after this without calling OQS_SHA3_sha3_512_inc_reset. - * - * \param output The output byte array - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state); - -/** - * \brief Release the state for the SHA3-512 incremental API. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state); - -/** - * \brief Resets the state for the SHA3-512 incremental API. - * Alternative to freeing and reinitializing the state. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state); - -/** - * \brief Clone the state for the SHA3-512 incremental API. - * - * \param dest The function state to copy into; must be initialized - * \param src The function state to copy; must be initialized - */ -void OQS_SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src); - -/* SHAKE */ - -/** The SHAKE-128 byte absorption rate */ -#define OQS_SHA3_SHAKE128_RATE 168 - -/** - * \brief Seed a SHAKE-128 instance, and generate an array of pseudo-random bytes. - * - * \warning The output array length must not be zero. - * - * \param output The output byte array - * \param outlen The number of output bytes to generate - * \param input The input seed byte array - * \param inplen The number of seed bytes to process - */ -void OQS_SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen); - -/** Data structure for the state of the incremental SHAKE-128 API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA3_shake128_inc_ctx; - -/** - * \brief Initialize the state for the incremental SHAKE-128 API. - * - * \warning Caller is responsible for releasing state by calling - * OQS_SHA3_shake128_inc_ctx_release. - * - * \param state The function state to be initialized; must be allocated - */ -void OQS_SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state); - -/** - * \brief The SHAKE-128 absorb function. - * Absorb an input into the state. - * - * \warning State must be initialized. - * - * \param state The function state; must be initialized - * \param input input buffer - * \param inlen length of input buffer - */ -void OQS_SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inlen); - -/** - * \brief The SHAKE-128 finalize function. - * Prepares the state for squeezing. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state); - -/** - * \brief The SHAKE-128 squeeze function. - * Extracts to an output byte array. - * - * \param output output buffer - * \param outlen bytes of outbut buffer - * \param state The function state; must be initialized and finalized - */ -void OQS_SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state); - -/** - * \brief Frees the state for the incremental SHAKE-128 API. - * - * \param state The state to free - */ -void OQS_SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state); - -/** - * \brief Copies the state for the SHAKE-128 incremental API. - * - * \warning Caller is responsible for releasing dest by calling - * OQS_SHA3_shake128_inc_ctx_release. - * - * \param dest The function state to copy into; must be initialized - * \param src The function state to copy; must be initialized - */ -void OQS_SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src); - -/** - * \brief Resets the state for the SHAKE-128 incremental API. Allows a context - * to be re-used without free and init calls. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state); - -/** The SHAKE-256 byte absorption rate */ -#define OQS_SHA3_SHAKE256_RATE 136 - -/** - * \brief Seed a SHAKE-256 instance, and generate an array of pseudo-random bytes. - * - * \warning The output array length must not be zero. - * - * \param output The output byte array - * \param outlen The number of output bytes to generate - * \param input The input seed byte array - * \param inplen The number of seed bytes to process - */ -void OQS_SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen); - -/** Data structure for the state of the incremental SHAKE-256 API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA3_shake256_inc_ctx; - -/** - * \brief Initialize the state for the incremental SHAKE-256 API. - * - * \param state The function state to be initialized; must be allocated - */ -void OQS_SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state); - -/** - * \brief The SHAKE-256 absorb function. - * Absorb an input message array directly into the state. - * - * \warning State must be initialized by the caller. - * - * \param state The function state; must be initialized - * \param input input buffer - * \param inlen length of input buffer - */ -void OQS_SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inlen); - -/** - * \brief The SHAKE-256 finalize function. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state); - -/** - * \brief The SHAKE-256 squeeze function. - * Extracts to an output byte array. - * - * \param output output buffer - * \param outlen bytes of outbut buffer - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state); - -/** - * \brief Frees the state for the incremental SHAKE-256 API. - * - * \param state The state to free - */ -void OQS_SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state); - -/** - * \brief Copies the state for the incremental SHAKE-256 API. - * - * \warning dest must be allocated. dest must be freed by calling - * OQS_SHA3_shake256_inc_ctx_release. - * - * \param dest The state to copy into; must be initialized - * \param src The state to copy from; must be initialized - */ -void OQS_SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src); - -/** - * \brief Resets the state for the SHAKE-256 incremental API. Allows a context - * to be re-used without free and init calls. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state); - - -#if defined(__cplusplus) -} // extern "C" -#endif - -#endif // OQS_SHA3_H diff --git a/lib/liboqs/src/common/sha3/sha3x4.h b/lib/liboqs/src/common/sha3/sha3x4.h deleted file mode 100644 index cef4e6750..000000000 --- a/lib/liboqs/src/common/sha3/sha3x4.h +++ /dev/null @@ -1,263 +0,0 @@ -/** - * \file shakex4.h - * \brief SHA3, SHAKE, and cSHAKE functions; not part of the OQS public API - * - * Contains the API and documentation for SHA3 digest and SHAKE implementations. - * - * <b>Note this is not part of the OQS public API: implementations within liboqs can use these - * functions, but external consumers of liboqs should not use these functions.</b> - * - * \author John Underhill, Douglas Stebila - * - * SPDX-License-Identifier: MIT - */ - -#ifndef OQS_SHA3X4_H -#define OQS_SHA3X4_H - -#include <stddef.h> -#include <stdint.h> - -#if defined(__cplusplus) -extern "C" { -#endif - -/** - * \brief Seed 4 parallel SHAKE-128 instances, and generate 4 arrays of pseudo-random bytes. - * - * \warning The output array length must not be zero. - * - * \param out0 The first output byte array - * \param out1 The second output byte array - * \param out2 The third output byte array - * \param out3 The fourth output byte array - * \param outlen The number of output bytes to generate in every output array - * \param in0 The first input seed byte array - * \param in1 The second input seed byte array - * \param in2 The third input seed byte array - * \param in3 The fourth input seed byte array - * \param inlen The number of seed bytes to process from every input array - */ -void OQS_SHA3_shake128_x4( - uint8_t *out0, - uint8_t *out1, - uint8_t *out2, - uint8_t *out3, - size_t outlen, - const uint8_t *in0, - const uint8_t *in1, - const uint8_t *in2, - const uint8_t *in3, - size_t inlen); - -/** Data structure for the state of the four-way parallel incremental SHAKE-128 API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA3_shake128_x4_inc_ctx; - -/** - * \brief Initialize the state for four-way parallel incremental SHAKE-128 API. - * - * \param state The function state to be initialized; must be allocated - */ -void OQS_SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state); - -/** - * \brief Four-way parallel SHAKE-128 absorb function. - * Absorb four input messages of the same length into four parallel states. - * - * \warning State must be initialized by the caller. - * - * \param state The function state; must be initialized - * \param in0 The input to be absorbed into first instance - * \param in1 The input to be absorbed into first instance - * \param in2 The input to be absorbed into first instance - * \param in3 The input to be absorbed into first instance - * \param inlen The number of bytes to process from each input array - */ -void OQS_SHA3_shake128_x4_inc_absorb( - OQS_SHA3_shake128_x4_inc_ctx *state, - const uint8_t *in0, - const uint8_t *in1, - const uint8_t *in2, - const uint8_t *in3, - size_t inlen); - -/** - * \brief Four-way parallel SHAKE-128 finalize function. - * Prepares the states for squeezing. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state); - -/** - * \brief Four-way parallel SHAKE-128 squeeze function. - * Extracts from four parallel states into four output buffers - * - * \param out0 output buffer for the first instance - * \param out1 output buffer for the second instance - * \param out2 output buffer for the third instance - * \param out3 output buffer for the fourth instance - * \param outlen bytes of outbut buffer - * \param state The function state; must be initialized and finalized. - */ -void OQS_SHA3_shake128_x4_inc_squeeze( - uint8_t *out0, - uint8_t *out1, - uint8_t *out2, - uint8_t *out3, - size_t outlen, - OQS_SHA3_shake128_x4_inc_ctx *state); - -/** - * \brief Frees the state for the four-way parallel incremental SHAKE-128 API. - * - * \param state The state to free - */ -void OQS_SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state); - -/** - * \brief Copies the state for the four-way parallel incremental SHAKE-128 API. - * - * \param dest The state to copy into; must be initialized - * \param src The state to copy from; must be initialized - */ -void OQS_SHA3_shake128_x4_inc_ctx_clone( - OQS_SHA3_shake128_x4_inc_ctx *dest, - const OQS_SHA3_shake128_x4_inc_ctx *src); - -/** - * \brief Resets the state for the four-way parallel incremental SHAKE-128 API. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state); - -/* SHAKE256 */ - -/** - * \brief Seed 4 parallel SHAKE-256 instances, and generate 4 arrays of pseudo-random bytes. - * - * Uses a vectorized (AVX2) implementation of SHAKE-256 if available. - * - * \warning The output array length must not be zero. - * - * \param out0 The first output byte array - * \param out1 The second output byte array - * \param out2 The third output byte array - * \param out3 The fourth output byte array - * \param outlen The number of output bytes to generate in every output array - * \param in0 The first input seed byte array - * \param in1 The second input seed byte array - * \param in2 The third input seed byte array - * \param in3 The fourth input seed byte array - * \param inlen The number of seed bytes to process from every input array - */ -void OQS_SHA3_shake256_x4( - uint8_t *out0, - uint8_t *out1, - uint8_t *out2, - uint8_t *out3, - size_t outlen, - const uint8_t *in0, - const uint8_t *in1, - const uint8_t *in2, - const uint8_t *in3, - size_t inlen); - -/** Data structure for the state of the four-way parallel incremental SHAKE-256 API. */ -typedef struct { - /** Internal state. */ - void *ctx; -} OQS_SHA3_shake256_x4_inc_ctx; - -/** - * \brief Initialize the state for four-way parallel incremental SHAKE-256 API. - * - * \param state The function state to be initialized; must be allocated - */ -void OQS_SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state); - -/** - * \brief Four-way parallel SHAKE-256 absorb function. - * Absorb four input messages of the same length into four parallel states. - * - * \warning State must be initialized by the caller. - * - * \param state The function state; must be initialized - * \param in0 The input to be absorbed into first instance - * \param in1 The input to be absorbed into first instance - * \param in2 The input to be absorbed into first instance - * \param in3 The input to be absorbed into first instance - * \param inlen The number of bytes to process from each input array - */ -void OQS_SHA3_shake256_x4_inc_absorb( - OQS_SHA3_shake256_x4_inc_ctx *state, - const uint8_t *in0, - const uint8_t *in1, - const uint8_t *in2, - const uint8_t *in3, - size_t inlen); - -/** - * \brief Four-way parallel SHAKE-256 finalize function. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state); - -/** - * \brief Four-way parallel SHAKE-256 squeeze function. - * Extracts from four parallel states into four output buffers - * - * \param out0 output buffer for the first instance - * \param out1 output buffer for the second instance - * \param out2 output buffer for the third instance - * \param out3 output buffer for the fourth instance - * \param outlen bytes of outbut buffer - * \param state The function state; must be initialized and finalized - */ -void OQS_SHA3_shake256_x4_inc_squeeze( - uint8_t *out0, - uint8_t *out1, - uint8_t *out2, - uint8_t *out3, - size_t outlen, - OQS_SHA3_shake256_x4_inc_ctx *state); - -/** - * \brief Frees the state for the four-way parallel incremental SHAKE-256 API. - * - * \param state The state to free - */ -void OQS_SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state); - -/** - * \brief Copies the state for the four-way parallel incremental SHAKE-256 API. - * - * \warning dest must be allocated. dest must be freed by calling - * OQS_SHA3_shake256_inc_ctx_release. - * - * \param dest The state to copy into; must be initialized - * \param src The state to copy from; must be initialized - */ -void OQS_SHA3_shake256_x4_inc_ctx_clone( - OQS_SHA3_shake256_x4_inc_ctx *dest, - const OQS_SHA3_shake256_x4_inc_ctx *src); - -/** - * \brief Resets the state for the four-way parallel incremental SHAKE-256 API. - * Allows a context to be re-used without free and init calls. - * - * \param state The function state; must be initialized - */ -void OQS_SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state); - - -#if defined(__cplusplus) -} // extern "C" -#endif - -#endif // OQS_SHA3_H diff --git a/lib/liboqs/src/common/sha3/xkcp_dispatch.h b/lib/liboqs/src/common/sha3/xkcp_dispatch.h deleted file mode 100644 index 15103dbe6..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_dispatch.h +++ /dev/null @@ -1,82 +0,0 @@ -/* XKCP calls can be dispatched to platform-specific implementation at runtime. - * - * If this is a dist build we put a "_arch" suffix on each symbol in each xkcp_low - * library that we build. If it's not a dist build, we omit the suffix and only build - * one library. Hence we will either have a single "KeccakP1600_Initialize" or we will have - * one or more symbols of the form "KeccakP1600_Initialize_arch". - * - * This header file defines all of the symbols that might be available. - * - * SPDX-License-Identifier: MIT - */ - -#ifndef OQS_SHA3_XKCP_DISPATCH_H -#define OQS_SHA3_XKCP_DISPATCH_H - -typedef void KeccakInitFn(void *); -extern KeccakInitFn \ -KeccakP1600_Initialize, \ -KeccakP1600_Initialize_plain64, \ -KeccakP1600_Initialize_avx2; - -typedef void KeccakAddByteFn(void *, const uint8_t, unsigned int); -extern KeccakAddByteFn \ -KeccakP1600_AddByte, \ -KeccakP1600_AddByte_plain64, \ -KeccakP1600_AddByte_avx2; - -typedef void KeccakAddBytesFn(void *, const uint8_t *, unsigned int, unsigned int); -extern KeccakAddBytesFn \ -KeccakP1600_AddBytes, \ -KeccakP1600_AddBytes_plain64, \ -KeccakP1600_AddBytes_avx2; - -typedef void KeccakPermuteFn(void *); -extern KeccakPermuteFn \ -KeccakP1600_Permute_24rounds, \ -KeccakP1600_Permute_24rounds_plain64, \ -KeccakP1600_Permute_24rounds_avx2; - -typedef void KeccakExtractBytesFn(const void *, uint8_t *, unsigned int, unsigned int); -extern KeccakExtractBytesFn \ -KeccakP1600_ExtractBytes, \ -KeccakP1600_ExtractBytes_plain64, \ -KeccakP1600_ExtractBytes_avx2; - -typedef size_t KeccakFastLoopAbsorbFn(void *, unsigned int, const uint8_t *, size_t); -extern KeccakFastLoopAbsorbFn \ -KeccakF1600_FastLoop_Absorb, \ -KeccakF1600_FastLoop_Absorb_plain64, \ -KeccakF1600_FastLoop_Absorb_avx2; - -typedef void KeccakX4InitFn(void *); -extern KeccakX4InitFn \ -KeccakP1600times4_InitializeAll, \ -KeccakP1600times4_InitializeAll_serial, \ -KeccakP1600times4_InitializeAll_avx2; - -typedef void KeccakX4AddByteFn(void *, unsigned int, unsigned char, unsigned int); -extern KeccakX4AddByteFn \ -KeccakP1600times4_AddByte, \ -KeccakP1600times4_AddByte_serial, \ -KeccakP1600times4_AddByte_avx2; - -typedef void KeccakX4AddBytesFn(void *, unsigned int, const unsigned char *, unsigned int, unsigned int); -extern KeccakX4AddBytesFn \ -KeccakP1600times4_AddBytes, \ -KeccakP1600times4_AddBytes_serial, \ -KeccakP1600times4_AddBytes_avx2; - -typedef void KeccakX4PermuteFn(void *); -extern KeccakX4PermuteFn \ -KeccakP1600times4_PermuteAll_24rounds, \ -KeccakP1600times4_PermuteAll_24rounds_serial, \ -KeccakP1600times4_PermuteAll_24rounds_avx2; - -typedef void KeccakX4ExtractBytesFn(const void *, unsigned int, unsigned char *, unsigned int, unsigned int); -extern KeccakX4ExtractBytesFn \ -KeccakP1600times4_ExtractBytes, \ -KeccakP1600times4_ExtractBytes_serial, \ -KeccakP1600times4_ExtractBytes_avx2; - -#endif // OQS_SHA3_XKCP_DISPATCH_H diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-64.macros b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-64.macros deleted file mode 100644 index c4dee90a3..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-64.macros +++ /dev/null @@ -1,754 +0,0 @@ -/* -The eXtended Keccak Code Package (XKCP) -https://github.com/XKCP/XKCP - -The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. - -Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer". - -For more information, feedback or questions, please refer to the Keccak Team website: -https://keccak.team/ - -To the extent possible under law, the implementer has waived all copyright -and related or neighboring rights to the source code in this file. -http://creativecommons.org/publicdomain/zero/1.0/ -*/ - -#define declareABCDE \ - uint64_t Aba, Abe, Abi, Abo, Abu; \ - uint64_t Aga, Age, Agi, Ago, Agu; \ - uint64_t Aka, Ake, Aki, Ako, Aku; \ - uint64_t Ama, Ame, Ami, Amo, Amu; \ - uint64_t Asa, Ase, Asi, Aso, Asu; \ - uint64_t Bba, Bbe, Bbi, Bbo, Bbu; \ - uint64_t Bga, Bge, Bgi, Bgo, Bgu; \ - uint64_t Bka, Bke, Bki, Bko, Bku; \ - uint64_t Bma, Bme, Bmi, Bmo, Bmu; \ - uint64_t Bsa, Bse, Bsi, Bso, Bsu; \ - uint64_t Ca, Ce, Ci, Co, Cu; \ - uint64_t Da, De, Di, Do, Du; \ - uint64_t Eba, Ebe, Ebi, Ebo, Ebu; \ - uint64_t Ega, Ege, Egi, Ego, Egu; \ - uint64_t Eka, Eke, Eki, Eko, Eku; \ - uint64_t Ema, Eme, Emi, Emo, Emu; \ - uint64_t Esa, Ese, Esi, Eso, Esu; \ - -#define prepareTheta \ - Ca = Aba^Aga^Aka^Ama^Asa; \ - Ce = Abe^Age^Ake^Ame^Ase; \ - Ci = Abi^Agi^Aki^Ami^Asi; \ - Co = Abo^Ago^Ako^Amo^Aso; \ - Cu = Abu^Agu^Aku^Amu^Asu; \ - -#ifdef UseBebigokimisa -/* --- Code for round, with prepare-theta (lane complementing pattern 'bebigokimisa') */ -/* --- 64-bit lanes mapped to 64-bit words */ -#define thetaRhoPiChiIotaPrepareTheta(i, A, E) \ - Da = Cu^ROL64(Ce, 1); \ - De = Ca^ROL64(Ci, 1); \ - Di = Ce^ROL64(Co, 1); \ - Do = Ci^ROL64(Cu, 1); \ - Du = Co^ROL64(Ca, 1); \ -\ - A##ba ^= Da; \ - Bba = A##ba; \ - A##ge ^= De; \ - Bbe = ROL64(A##ge, 44); \ - A##ki ^= Di; \ - Bbi = ROL64(A##ki, 43); \ - A##mo ^= Do; \ - Bbo = ROL64(A##mo, 21); \ - A##su ^= Du; \ - Bbu = ROL64(A##su, 14); \ - E##ba = Bba ^( Bbe | Bbi ); \ - E##ba ^= KeccakF1600RoundConstants[i]; \ - Ca = E##ba; \ - E##be = Bbe ^((~Bbi)| Bbo ); \ - Ce = E##be; \ - E##bi = Bbi ^( Bbo & Bbu ); \ - Ci = E##bi; \ - E##bo = Bbo ^( Bbu | Bba ); \ - Co = E##bo; \ - E##bu = Bbu ^( Bba & Bbe ); \ - Cu = E##bu; \ -\ - A##bo ^= Do; \ - Bga = ROL64(A##bo, 28); \ - A##gu ^= Du; \ - Bge = ROL64(A##gu, 20); \ - A##ka ^= Da; \ - Bgi = ROL64(A##ka, 3); \ - A##me ^= De; \ - Bgo = ROL64(A##me, 45); \ - A##si ^= Di; \ - Bgu = ROL64(A##si, 61); \ - E##ga = Bga ^( Bge | Bgi ); \ - Ca ^= E##ga; \ - E##ge = Bge ^( Bgi & Bgo ); \ - Ce ^= E##ge; \ - E##gi = Bgi ^( Bgo |(~Bgu)); \ - Ci ^= E##gi; \ - E##go = Bgo ^( Bgu | Bga ); \ - Co ^= E##go; \ - E##gu = Bgu ^( Bga & Bge ); \ - Cu ^= E##gu; \ -\ - A##be ^= De; \ - Bka = ROL64(A##be, 1); \ - A##gi ^= Di; \ - Bke = ROL64(A##gi, 6); \ - A##ko ^= Do; \ - Bki = ROL64(A##ko, 25); \ - A##mu ^= Du; \ - Bko = ROL64(A##mu, 8); \ - A##sa ^= Da; \ - Bku = ROL64(A##sa, 18); \ - E##ka = Bka ^( Bke | Bki ); \ - Ca ^= E##ka; \ - E##ke = Bke ^( Bki & Bko ); \ - Ce ^= E##ke; \ - E##ki = Bki ^((~Bko)& Bku ); \ - Ci ^= E##ki; \ - E##ko = (~Bko)^( Bku | Bka ); \ - Co ^= E##ko; \ - E##ku = Bku ^( Bka & Bke ); \ - Cu ^= E##ku; \ -\ - A##bu ^= Du; \ - Bma = ROL64(A##bu, 27); \ - A##ga ^= Da; \ - Bme = ROL64(A##ga, 36); \ - A##ke ^= De; \ - Bmi = ROL64(A##ke, 10); \ - A##mi ^= Di; \ - Bmo = ROL64(A##mi, 15); \ - A##so ^= Do; \ - Bmu = ROL64(A##so, 56); \ - E##ma = Bma ^( Bme & Bmi ); \ - Ca ^= E##ma; \ - E##me = Bme ^( Bmi | Bmo ); \ - Ce ^= E##me; \ - E##mi = Bmi ^((~Bmo)| Bmu ); \ - Ci ^= E##mi; \ - E##mo = (~Bmo)^( Bmu & Bma ); \ - Co ^= E##mo; \ - E##mu = Bmu ^( Bma | Bme ); \ - Cu ^= E##mu; \ -\ - A##bi ^= Di; \ - Bsa = ROL64(A##bi, 62); \ - A##go ^= Do; \ - Bse = ROL64(A##go, 55); \ - A##ku ^= Du; \ - Bsi = ROL64(A##ku, 39); \ - A##ma ^= Da; \ - Bso = ROL64(A##ma, 41); \ - A##se ^= De; \ - Bsu = ROL64(A##se, 2); \ - E##sa = Bsa ^((~Bse)& Bsi ); \ - Ca ^= E##sa; \ - E##se = (~Bse)^( Bsi | Bso ); \ - Ce ^= E##se; \ - E##si = Bsi ^( Bso & Bsu ); \ - Ci ^= E##si; \ - E##so = Bso ^( Bsu | Bsa ); \ - Co ^= E##so; \ - E##su = Bsu ^( Bsa & Bse ); \ - Cu ^= E##su; \ -\ - -/* --- Code for round (lane complementing pattern 'bebigokimisa') */ -/* --- 64-bit lanes mapped to 64-bit words */ -#define thetaRhoPiChiIota(i, A, E) \ - Da = Cu^ROL64(Ce, 1); \ - De = Ca^ROL64(Ci, 1); \ - Di = Ce^ROL64(Co, 1); \ - Do = Ci^ROL64(Cu, 1); \ - Du = Co^ROL64(Ca, 1); \ -\ - A##ba ^= Da; \ - Bba = A##ba; \ - A##ge ^= De; \ - Bbe = ROL64(A##ge, 44); \ - A##ki ^= Di; \ - Bbi = ROL64(A##ki, 43); \ - A##mo ^= Do; \ - Bbo = ROL64(A##mo, 21); \ - A##su ^= Du; \ - Bbu = ROL64(A##su, 14); \ - E##ba = Bba ^( Bbe | Bbi ); \ - E##ba ^= KeccakF1600RoundConstants[i]; \ - E##be = Bbe ^((~Bbi)| Bbo ); \ - E##bi = Bbi ^( Bbo & Bbu ); \ - E##bo = Bbo ^( Bbu | Bba ); \ - E##bu = Bbu ^( Bba & Bbe ); \ -\ - A##bo ^= Do; \ - Bga = ROL64(A##bo, 28); \ - A##gu ^= Du; \ - Bge = ROL64(A##gu, 20); \ - A##ka ^= Da; \ - Bgi = ROL64(A##ka, 3); \ - A##me ^= De; \ - Bgo = ROL64(A##me, 45); \ - A##si ^= Di; \ - Bgu = ROL64(A##si, 61); \ - E##ga = Bga ^( Bge | Bgi ); \ - E##ge = Bge ^( Bgi & Bgo ); \ - E##gi = Bgi ^( Bgo |(~Bgu)); \ - E##go = Bgo ^( Bgu | Bga ); \ - E##gu = Bgu ^( Bga & Bge ); \ -\ - A##be ^= De; \ - Bka = ROL64(A##be, 1); \ - A##gi ^= Di; \ - Bke = ROL64(A##gi, 6); \ - A##ko ^= Do; \ - Bki = ROL64(A##ko, 25); \ - A##mu ^= Du; \ - Bko = ROL64(A##mu, 8); \ - A##sa ^= Da; \ - Bku = ROL64(A##sa, 18); \ - E##ka = Bka ^( Bke | Bki ); \ - E##ke = Bke ^( Bki & Bko ); \ - E##ki = Bki ^((~Bko)& Bku ); \ - E##ko = (~Bko)^( Bku | Bka ); \ - E##ku = Bku ^( Bka & Bke ); \ -\ - A##bu ^= Du; \ - Bma = ROL64(A##bu, 27); \ - A##ga ^= Da; \ - Bme = ROL64(A##ga, 36); \ - A##ke ^= De; \ - Bmi = ROL64(A##ke, 10); \ - A##mi ^= Di; \ - Bmo = ROL64(A##mi, 15); \ - A##so ^= Do; \ - Bmu = ROL64(A##so, 56); \ - E##ma = Bma ^( Bme & Bmi ); \ - E##me = Bme ^( Bmi | Bmo ); \ - E##mi = Bmi ^((~Bmo)| Bmu ); \ - E##mo = (~Bmo)^( Bmu & Bma ); \ - E##mu = Bmu ^( Bma | Bme ); \ -\ - A##bi ^= Di; \ - Bsa = ROL64(A##bi, 62); \ - A##go ^= Do; \ - Bse = ROL64(A##go, 55); \ - A##ku ^= Du; \ - Bsi = ROL64(A##ku, 39); \ - A##ma ^= Da; \ - Bso = ROL64(A##ma, 41); \ - A##se ^= De; \ - Bsu = ROL64(A##se, 2); \ - E##sa = Bsa ^((~Bse)& Bsi ); \ - E##se = (~Bse)^( Bsi | Bso ); \ - E##si = Bsi ^( Bso & Bsu ); \ - E##so = Bso ^( Bsu | Bsa ); \ - E##su = Bsu ^( Bsa & Bse ); \ -\ - -#else /* UseBebigokimisa */ -/* --- Code for round, with prepare-theta */ -/* --- 64-bit lanes mapped to 64-bit words */ -#define thetaRhoPiChiIotaPrepareTheta(i, A, E) \ - Da = Cu^ROL64(Ce, 1); \ - De = Ca^ROL64(Ci, 1); \ - Di = Ce^ROL64(Co, 1); \ - Do = Ci^ROL64(Cu, 1); \ - Du = Co^ROL64(Ca, 1); \ -\ - A##ba ^= Da; \ - Bba = A##ba; \ - A##ge ^= De; \ - Bbe = ROL64(A##ge, 44); \ - A##ki ^= Di; \ - Bbi = ROL64(A##ki, 43); \ - A##mo ^= Do; \ - Bbo = ROL64(A##mo, 21); \ - A##su ^= Du; \ - Bbu = ROL64(A##su, 14); \ - E##ba = Bba ^((~Bbe)& Bbi ); \ - E##ba ^= KeccakF1600RoundConstants[i]; \ - Ca = E##ba; \ - E##be = Bbe ^((~Bbi)& Bbo ); \ - Ce = E##be; \ - E##bi = Bbi ^((~Bbo)& Bbu ); \ - Ci = E##bi; \ - E##bo = Bbo ^((~Bbu)& Bba ); \ - Co = E##bo; \ - E##bu = Bbu ^((~Bba)& Bbe ); \ - Cu = E##bu; \ -\ - A##bo ^= Do; \ - Bga = ROL64(A##bo, 28); \ - A##gu ^= Du; \ - Bge = ROL64(A##gu, 20); \ - A##ka ^= Da; \ - Bgi = ROL64(A##ka, 3); \ - A##me ^= De; \ - Bgo = ROL64(A##me, 45); \ - A##si ^= Di; \ - Bgu = ROL64(A##si, 61); \ - E##ga = Bga ^((~Bge)& Bgi ); \ - Ca ^= E##ga; \ - E##ge = Bge ^((~Bgi)& Bgo ); \ - Ce ^= E##ge; \ - E##gi = Bgi ^((~Bgo)& Bgu ); \ - Ci ^= E##gi; \ - E##go = Bgo ^((~Bgu)& Bga ); \ - Co ^= E##go; \ - E##gu = Bgu ^((~Bga)& Bge ); \ - Cu ^= E##gu; \ -\ - A##be ^= De; \ - Bka = ROL64(A##be, 1); \ - A##gi ^= Di; \ - Bke = ROL64(A##gi, 6); \ - A##ko ^= Do; \ - Bki = ROL64(A##ko, 25); \ - A##mu ^= Du; \ - Bko = ROL64(A##mu, 8); \ - A##sa ^= Da; \ - Bku = ROL64(A##sa, 18); \ - E##ka = Bka ^((~Bke)& Bki ); \ - Ca ^= E##ka; \ - E##ke = Bke ^((~Bki)& Bko ); \ - Ce ^= E##ke; \ - E##ki = Bki ^((~Bko)& Bku ); \ - Ci ^= E##ki; \ - E##ko = Bko ^((~Bku)& Bka ); \ - Co ^= E##ko; \ - E##ku = Bku ^((~Bka)& Bke ); \ - Cu ^= E##ku; \ -\ - A##bu ^= Du; \ - Bma = ROL64(A##bu, 27); \ - A##ga ^= Da; \ - Bme = ROL64(A##ga, 36); \ - A##ke ^= De; \ - Bmi = ROL64(A##ke, 10); \ - A##mi ^= Di; \ - Bmo = ROL64(A##mi, 15); \ - A##so ^= Do; \ - Bmu = ROL64(A##so, 56); \ - E##ma = Bma ^((~Bme)& Bmi ); \ - Ca ^= E##ma; \ - E##me = Bme ^((~Bmi)& Bmo ); \ - Ce ^= E##me; \ - E##mi = Bmi ^((~Bmo)& Bmu ); \ - Ci ^= E##mi; \ - E##mo = Bmo ^((~Bmu)& Bma ); \ - Co ^= E##mo; \ - E##mu = Bmu ^((~Bma)& Bme ); \ - Cu ^= E##mu; \ -\ - A##bi ^= Di; \ - Bsa = ROL64(A##bi, 62); \ - A##go ^= Do; \ - Bse = ROL64(A##go, 55); \ - A##ku ^= Du; \ - Bsi = ROL64(A##ku, 39); \ - A##ma ^= Da; \ - Bso = ROL64(A##ma, 41); \ - A##se ^= De; \ - Bsu = ROL64(A##se, 2); \ - E##sa = Bsa ^((~Bse)& Bsi ); \ - Ca ^= E##sa; \ - E##se = Bse ^((~Bsi)& Bso ); \ - Ce ^= E##se; \ - E##si = Bsi ^((~Bso)& Bsu ); \ - Ci ^= E##si; \ - E##so = Bso ^((~Bsu)& Bsa ); \ - Co ^= E##so; \ - E##su = Bsu ^((~Bsa)& Bse ); \ - Cu ^= E##su; \ -\ - -/* --- Code for round */ -/* --- 64-bit lanes mapped to 64-bit words */ -#define thetaRhoPiChiIota(i, A, E) \ - Da = Cu^ROL64(Ce, 1); \ - De = Ca^ROL64(Ci, 1); \ - Di = Ce^ROL64(Co, 1); \ - Do = Ci^ROL64(Cu, 1); \ - Du = Co^ROL64(Ca, 1); \ -\ - A##ba ^= Da; \ - Bba = A##ba; \ - A##ge ^= De; \ - Bbe = ROL64(A##ge, 44); \ - A##ki ^= Di; \ - Bbi = ROL64(A##ki, 43); \ - A##mo ^= Do; \ - Bbo = ROL64(A##mo, 21); \ - A##su ^= Du; \ - Bbu = ROL64(A##su, 14); \ - E##ba = Bba ^((~Bbe)& Bbi ); \ - E##ba ^= KeccakF1600RoundConstants[i]; \ - E##be = Bbe ^((~Bbi)& Bbo ); \ - E##bi = Bbi ^((~Bbo)& Bbu ); \ - E##bo = Bbo ^((~Bbu)& Bba ); \ - E##bu = Bbu ^((~Bba)& Bbe ); \ -\ - A##bo ^= Do; \ - Bga = ROL64(A##bo, 28); \ - A##gu ^= Du; \ - Bge = ROL64(A##gu, 20); \ - A##ka ^= Da; \ - Bgi = ROL64(A##ka, 3); \ - A##me ^= De; \ - Bgo = ROL64(A##me, 45); \ - A##si ^= Di; \ - Bgu = ROL64(A##si, 61); \ - E##ga = Bga ^((~Bge)& Bgi ); \ - E##ge = Bge ^((~Bgi)& Bgo ); \ - E##gi = Bgi ^((~Bgo)& Bgu ); \ - E##go = Bgo ^((~Bgu)& Bga ); \ - E##gu = Bgu ^((~Bga)& Bge ); \ -\ - A##be ^= De; \ - Bka = ROL64(A##be, 1); \ - A##gi ^= Di; \ - Bke = ROL64(A##gi, 6); \ - A##ko ^= Do; \ - Bki = ROL64(A##ko, 25); \ - A##mu ^= Du; \ - Bko = ROL64(A##mu, 8); \ - A##sa ^= Da; \ - Bku = ROL64(A##sa, 18); \ - E##ka = Bka ^((~Bke)& Bki ); \ - E##ke = Bke ^((~Bki)& Bko ); \ - E##ki = Bki ^((~Bko)& Bku ); \ - E##ko = Bko ^((~Bku)& Bka ); \ - E##ku = Bku ^((~Bka)& Bke ); \ -\ - A##bu ^= Du; \ - Bma = ROL64(A##bu, 27); \ - A##ga ^= Da; \ - Bme = ROL64(A##ga, 36); \ - A##ke ^= De; \ - Bmi = ROL64(A##ke, 10); \ - A##mi ^= Di; \ - Bmo = ROL64(A##mi, 15); \ - A##so ^= Do; \ - Bmu = ROL64(A##so, 56); \ - E##ma = Bma ^((~Bme)& Bmi ); \ - E##me = Bme ^((~Bmi)& Bmo ); \ - E##mi = Bmi ^((~Bmo)& Bmu ); \ - E##mo = Bmo ^((~Bmu)& Bma ); \ - E##mu = Bmu ^((~Bma)& Bme ); \ -\ - A##bi ^= Di; \ - Bsa = ROL64(A##bi, 62); \ - A##go ^= Do; \ - Bse = ROL64(A##go, 55); \ - A##ku ^= Du; \ - Bsi = ROL64(A##ku, 39); \ - A##ma ^= Da; \ - Bso = ROL64(A##ma, 41); \ - A##se ^= De; \ - Bsu = ROL64(A##se, 2); \ - E##sa = Bsa ^((~Bse)& Bsi ); \ - E##se = Bse ^((~Bsi)& Bso ); \ - E##si = Bsi ^((~Bso)& Bsu ); \ - E##so = Bso ^((~Bsu)& Bsa ); \ - E##su = Bsu ^((~Bsa)& Bse ); \ -\ - -#endif /* UseBebigokimisa */ - -#define copyFromState(X, state) \ - X##ba = state[ 0]; \ - X##be = state[ 1]; \ - X##bi = state[ 2]; \ - X##bo = state[ 3]; \ - X##bu = state[ 4]; \ - X##ga = state[ 5]; \ - X##ge = state[ 6]; \ - X##gi = state[ 7]; \ - X##go = state[ 8]; \ - X##gu = state[ 9]; \ - X##ka = state[10]; \ - X##ke = state[11]; \ - X##ki = state[12]; \ - X##ko = state[13]; \ - X##ku = state[14]; \ - X##ma = state[15]; \ - X##me = state[16]; \ - X##mi = state[17]; \ - X##mo = state[18]; \ - X##mu = state[19]; \ - X##sa = state[20]; \ - X##se = state[21]; \ - X##si = state[22]; \ - X##so = state[23]; \ - X##su = state[24]; \ - -#define copyToState(state, X) \ - state[ 0] = X##ba; \ - state[ 1] = X##be; \ - state[ 2] = X##bi; \ - state[ 3] = X##bo; \ - state[ 4] = X##bu; \ - state[ 5] = X##ga; \ - state[ 6] = X##ge; \ - state[ 7] = X##gi; \ - state[ 8] = X##go; \ - state[ 9] = X##gu; \ - state[10] = X##ka; \ - state[11] = X##ke; \ - state[12] = X##ki; \ - state[13] = X##ko; \ - state[14] = X##ku; \ - state[15] = X##ma; \ - state[16] = X##me; \ - state[17] = X##mi; \ - state[18] = X##mo; \ - state[19] = X##mu; \ - state[20] = X##sa; \ - state[21] = X##se; \ - state[22] = X##si; \ - state[23] = X##so; \ - state[24] = X##su; \ - -#define copyStateVariables(X, Y) \ - X##ba = Y##ba; \ - X##be = Y##be; \ - X##bi = Y##bi; \ - X##bo = Y##bo; \ - X##bu = Y##bu; \ - X##ga = Y##ga; \ - X##ge = Y##ge; \ - X##gi = Y##gi; \ - X##go = Y##go; \ - X##gu = Y##gu; \ - X##ka = Y##ka; \ - X##ke = Y##ke; \ - X##ki = Y##ki; \ - X##ko = Y##ko; \ - X##ku = Y##ku; \ - X##ma = Y##ma; \ - X##me = Y##me; \ - X##mi = Y##mi; \ - X##mo = Y##mo; \ - X##mu = Y##mu; \ - X##sa = Y##sa; \ - X##se = Y##se; \ - X##si = Y##si; \ - X##so = Y##so; \ - X##su = Y##su; \ - -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) -#define LOAD64(x) ((x)[0] \ - | (uint64_t) (x)[1] << 0x08 \ - | (uint64_t) (x)[2] << 0x10 \ - | (uint64_t) (x)[3] << 0x18 \ - | (uint64_t) (x)[4] << 0x20 \ - | (uint64_t) (x)[5] << 0x28 \ - | (uint64_t) (x)[6] << 0x30 \ - | (uint64_t) (x)[7] << 0x38 ) -#else -#define LOAD64(x) ((x)[7] \ - | (uint64_t) (x)[6] << 0x08 \ - | (uint64_t) (x)[5] << 0x10 \ - | (uint64_t) (x)[4] << 0x18 \ - | (uint64_t) (x)[3] << 0x20 \ - | (uint64_t) (x)[2] << 0x28 \ - | (uint64_t) (x)[1] << 0x30 \ - | (uint64_t) (x)[0] << 0x38 ) -#endif - -#define addInput(X, input, laneCount) \ - if (laneCount == 21) { \ - X##ba ^= LOAD64(input + 0x00); \ - X##be ^= LOAD64(input + 0x08); \ - X##bi ^= LOAD64(input + 0x10); \ - X##bo ^= LOAD64(input + 0x18); \ - X##bu ^= LOAD64(input + 0x20); \ - X##ga ^= LOAD64(input + 0x28); \ - X##ge ^= LOAD64(input + 0x30); \ - X##gi ^= LOAD64(input + 0x38); \ - X##go ^= LOAD64(input + 0x40); \ - X##gu ^= LOAD64(input + 0x48); \ - X##ka ^= LOAD64(input + 0x50); \ - X##ke ^= LOAD64(input + 0x58); \ - X##ki ^= LOAD64(input + 0x60); \ - X##ko ^= LOAD64(input + 0x68); \ - X##ku ^= LOAD64(input + 0x70); \ - X##ma ^= LOAD64(input + 0x78); \ - X##me ^= LOAD64(input + 0x80); \ - X##mi ^= LOAD64(input + 0x88); \ - X##mo ^= LOAD64(input + 0x90); \ - X##mu ^= LOAD64(input + 0x98); \ - X##sa ^= LOAD64(input + 0xA0); \ - } \ - else if (laneCount < 16) { \ - if (laneCount < 8) { \ - if (laneCount < 4) { \ - if (laneCount < 2) { \ - if (laneCount < 1) { \ - } \ - else { \ - X##ba ^= LOAD64(input + 0x00); \ - } \ - } \ - else { \ - X##ba ^= LOAD64(input + 0x00); \ - X##be ^= LOAD64(input + 0x08); \ - if (laneCount < 3) { \ - } \ - else { \ - X##bi ^= LOAD64(input + 0x10); \ - } \ - } \ - } \ - else { \ - X##ba ^= LOAD64(input + 0x00); \ - X##be ^= LOAD64(input + 0x08); \ - X##bi ^= LOAD64(input + 0x10); \ - X##bo ^= LOAD64(input + 0x18); \ - if (laneCount < 6) { \ - if (laneCount < 5) { \ - } \ - else { \ - X##bu ^= LOAD64(input + 0x20); \ - } \ - } \ - else { \ - X##bu ^= LOAD64(input + 0x20); \ - X##ga ^= LOAD64(input + 0x28); \ - if (laneCount < 7) { \ - } \ - else { \ - X##ge ^= LOAD64(input + 0x30); \ - } \ - } \ - } \ - } \ - else { \ - X##ba ^= LOAD64(input + 0x00); \ - X##be ^= LOAD64(input + 0x08); \ - X##bi ^= LOAD64(input + 0x10); \ - X##bo ^= LOAD64(input + 0x18); \ - X##bu ^= LOAD64(input + 0x20); \ - X##ga ^= LOAD64(input + 0x28); \ - X##ge ^= LOAD64(input + 0x30); \ - X##gi ^= LOAD64(input + 0x38); \ - if (laneCount < 12) { \ - if (laneCount < 10) { \ - if (laneCount < 9) { \ - } \ - else { \ - X##go ^= LOAD64(input + 0x40); \ - } \ - } \ - else { \ - X##go ^= LOAD64(input + 0x40); \ - X##gu ^= LOAD64(input + 0x48); \ - if (laneCount < 11) { \ - } \ - else { \ - X##ka ^= LOAD64(input + 0x50); \ - } \ - } \ - } \ - else { \ - X##go ^= LOAD64(input + 0x40); \ - X##gu ^= LOAD64(input + 0x48); \ - X##ka ^= LOAD64(input + 0x50); \ - X##ke ^= LOAD64(input + 0x58); \ - if (laneCount < 14) { \ - if (laneCount < 13) { \ - } \ - else { \ - X##ki ^= LOAD64(input + 0x60); \ - } \ - } \ - else { \ - X##ki ^= LOAD64(input + 0x60); \ - X##ko ^= LOAD64(input + 0x68); \ - if (laneCount < 15) { \ - } \ - else { \ - X##ku ^= LOAD64(input + 0x70); \ - } \ - } \ - } \ - } \ - } \ - else { \ - X##ba ^= LOAD64(input + 0x00); \ - X##be ^= LOAD64(input + 0x08); \ - X##bi ^= LOAD64(input + 0x10); \ - X##bo ^= LOAD64(input + 0x18); \ - X##bu ^= LOAD64(input + 0x20); \ - X##ga ^= LOAD64(input + 0x28); \ - X##ge ^= LOAD64(input + 0x30); \ - X##gi ^= LOAD64(input + 0x38); \ - X##go ^= LOAD64(input + 0x40); \ - X##gu ^= LOAD64(input + 0x48); \ - X##ka ^= LOAD64(input + 0x50); \ - X##ke ^= LOAD64(input + 0x58); \ - X##ki ^= LOAD64(input + 0x60); \ - X##ko ^= LOAD64(input + 0x68); \ - X##ku ^= LOAD64(input + 0x70); \ - X##ma ^= LOAD64(input + 0x78); \ - if (laneCount < 24) { \ - if (laneCount < 20) { \ - if (laneCount < 18) { \ - if (laneCount < 17) { \ - } \ - else { \ - X##me ^= LOAD64(input + 0x80); \ - } \ - } \ - else { \ - X##me ^= LOAD64(input + 0x80); \ - X##mi ^= LOAD64(input + 0x88); \ - if (laneCount < 19) { \ - } \ - else { \ - X##mo ^= LOAD64(input + 0x90); \ - } \ - } \ - } \ - else { \ - X##me ^= LOAD64(input + 0x80); \ - X##mi ^= LOAD64(input + 0x88); \ - X##mo ^= LOAD64(input + 0x90); \ - X##mu ^= LOAD64(input + 0x98); \ - if (laneCount < 22) { \ - if (laneCount < 21) { \ - } \ - else { \ - X##sa ^= LOAD64(input + 0xA0); \ - } \ - } \ - else { \ - X##sa ^= LOAD64(input + 0xA0); \ - X##se ^= LOAD64(input + 0xA8); \ - if (laneCount < 23) { \ - } \ - else { \ - X##si ^= LOAD64(input + 0xA8); \ - } \ - } \ - } \ - } \ - else { \ - X##me ^= LOAD64(input + 0x80); \ - X##mi ^= LOAD64(input + 0x88); \ - X##mo ^= LOAD64(input + 0x90); \ - X##mu ^= LOAD64(input + 0x98); \ - X##sa ^= LOAD64(input + 0xA0); \ - X##se ^= LOAD64(input + 0xA8); \ - X##si ^= LOAD64(input + 0xB0); \ - X##so ^= LOAD64(input + 0xB8); \ - if (laneCount < 25) { \ - } \ - else { \ - X##su ^= LOAD64(input + 0xC0); \ - } \ - } \ - } diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-SnP.h b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-SnP.h deleted file mode 100644 index 078fbc36a..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-SnP.h +++ /dev/null @@ -1,86 +0,0 @@ -/* -The eXtended Keccak Code Package (XKCP) -https://github.com/XKCP/XKCP - -The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. - -Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer". - -For more information, feedback or questions, please refer to the Keccak Team website: -https://keccak.team/ - -To the extent possible under law, the implementer has waived all copyright -and related or neighboring rights to the source code in this file. -http://creativecommons.org/publicdomain/zero/1.0/ - ---- - -Please refer to SnP-documentation.h for more details. -*/ - -#ifndef _KeccakP_1600_SnP_h_ -#define _KeccakP_1600_SnP_h_ - -#include "brg_endian.h" -#include "KeccakP-1600-opt64-config.h" - -#include <stddef.h> - -#define KeccakP1600_implementation_plain64 "generic 64-bit optimized implementation (" KeccakP1600_implementation_config ")" -#define KeccakP1600_stateSizeInBytes_plain64 200 -#define KeccakP1600_stateAlignment_plain64 8 -#define KeccakF1600_FastLoop_supported_plain64 -#define KeccakP1600_12rounds_FastLoop_supported_plain64 - -#if defined(ADD_SYMBOL_SUFFIX) -#define KECCAK_SYMBOL_SUFFIX plain64 -#define KECCAK_IMPL_NAMESPACE(x) x##_plain64 -#else -#define KECCAK_IMPL_NAMESPACE(x) x -#define KeccakP1600_implementation KeccakP1600_implementation_plain64 -#define KeccakP1600_stateSizeInBytes KeccakP1600_stateSizeInBytes_plain64 -#define KeccakP1600_stateAlignment KeccakP1600_stateAlignment_plain64 -#define KeccakF1600_FastLoop_supported KeccakF1600_FastLoop_supported_plain64 -#define KeccakP1600_12rounds_FastLoop_supported KeccakP1600_12rounds_FastLoop_supported_plain64 -#endif - -#define KeccakP1600_StaticInitialize KECCAK_IMPL_NAMESPACE(KeccakP1600_StaticInitialize) -void KeccakP1600_StaticInitialize(void); - -#define KeccakP1600_Initialize KECCAK_IMPL_NAMESPACE(KeccakP1600_Initialize) -void KeccakP1600_Initialize(void *state); - -#define KeccakP1600_AddByte KECCAK_IMPL_NAMESPACE(KeccakP1600_AddByte) -void KeccakP1600_AddByte(void *state, unsigned char data, unsigned int offset); - -#define KeccakP1600_AddBytes KECCAK_IMPL_NAMESPACE(KeccakP1600_AddBytes) -void KeccakP1600_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length); - -#define KeccakP1600_OverwriteBytes KECCAK_IMPL_NAMESPACE(KeccakP1600_OverwriteBytes) -void KeccakP1600_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length); - -#define KeccakP1600_OverwriteWithZeroes KECCAK_IMPL_NAMESPACE(KeccakP1600_OverwriteWithZeroes) -void KeccakP1600_OverwriteWithZeroes(void *state, unsigned int byteCount); - -#define KeccakP1600_Permute_Nrounds KECCAK_IMPL_NAMESPACE(KeccakP1600_Permute_Nrounds) -void KeccakP1600_Permute_Nrounds(void *state, unsigned int nrounds); - -#define KeccakP1600_Permute_12rounds KECCAK_IMPL_NAMESPACE(KeccakP1600_Permute_12rounds) -void KeccakP1600_Permute_12rounds(void *state); - -#define KeccakP1600_Permute_24rounds KECCAK_IMPL_NAMESPACE(KeccakP1600_Permute_24rounds) -void KeccakP1600_Permute_24rounds(void *state); - -#define KeccakP1600_ExtractBytes KECCAK_IMPL_NAMESPACE(KeccakP1600_ExtractBytes) -void KeccakP1600_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length); - -#define KeccakP1600_ExtractAndAddBytes KECCAK_IMPL_NAMESPACE(KeccakP1600_ExtractAndAddBytes) -void KeccakP1600_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length); - -#define KeccakF1600_FastLoop_Absorb KECCAK_IMPL_NAMESPACE(KeccakF1600_FastLoop_Absorb) -size_t KeccakF1600_FastLoop_Absorb(void *state, unsigned int laneCount, const unsigned char *data, size_t dataByteLen); - -#define KeccakP1600_12rounds_FastLoop_Absorb KECCAK_IMPL_NAMESPACE(KeccakP1600_12rounds_FastLoop_Absorb) -size_t KeccakP1600_12rounds_FastLoop_Absorb(void *state, unsigned int laneCount, const unsigned char *data, size_t dataByteLen); - -#endif diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-opt64-config.h b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-opt64-config.h deleted file mode 100644 index 085b6c958..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-opt64-config.h +++ /dev/null @@ -1,6 +0,0 @@ -/* -This file defines some parameters of the implementation in the parent directory. -*/ - -#define KeccakP1600_implementation_config "all rounds unrolled" -#define KeccakP1600_fullUnrolling diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-opt64.c b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-opt64.c deleted file mode 100644 index d813a3679..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-opt64.c +++ /dev/null @@ -1,519 +0,0 @@ -/* -The eXtended Keccak Code Package (XKCP) -https://github.com/XKCP/XKCP - -The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. - -Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer". - -For more information, feedback or questions, please refer to the Keccak Team website: -https://keccak.team/ - -To the extent possible under law, the implementer has waived all copyright -and related or neighboring rights to the source code in this file. -http://creativecommons.org/publicdomain/zero/1.0/ - ---- - -This file implements Keccak-p[1600] in a SnP-compatible way. -Please refer to SnP-documentation.h for more details. - -This implementation comes with KeccakP-1600-SnP.h in the same folder. -Please refer to LowLevel.build for the exact list of other files it must be combined with. -*/ - -#include <stdint.h> -#include <string.h> -#include <stdlib.h> -#include "brg_endian.h" -#include "KeccakP-1600-SnP.h" -#include "KeccakP-1600-opt64-config.h" - -#define UseBebigokimisa - -#if defined(_MSC_VER) -#define ROL64(a, offset) _rotl64(a, offset) -#elif defined(KeccakP1600_useSHLD) -#define ROL64(x,N) ({ \ - register uint64_t __out; \ - register uint64_t __in = x; \ - __asm__ ("shld %2,%0,%0" : "=r"(__out) : "0"(__in), "i"(N)); \ - __out; \ - }) -#else -#define ROL64(a, offset) ((((uint64_t)a) << offset) ^ (((uint64_t)a) >> (64-offset))) -#endif - -#include "KeccakP-1600-64.macros" -#define FullUnrolling -#include "KeccakP-1600-unrolling.macros" -#include "SnP-Relaned.h" - -static const uint64_t KeccakF1600RoundConstants[24] = { - 0x0000000000000001ULL, - 0x0000000000008082ULL, - 0x800000000000808aULL, - 0x8000000080008000ULL, - 0x000000000000808bULL, - 0x0000000080000001ULL, - 0x8000000080008081ULL, - 0x8000000000008009ULL, - 0x000000000000008aULL, - 0x0000000000000088ULL, - 0x0000000080008009ULL, - 0x000000008000000aULL, - 0x000000008000808bULL, - 0x800000000000008bULL, - 0x8000000000008089ULL, - 0x8000000000008003ULL, - 0x8000000000008002ULL, - 0x8000000000000080ULL, - 0x000000000000800aULL, - 0x800000008000000aULL, - 0x8000000080008081ULL, - 0x8000000000008080ULL, - 0x0000000080000001ULL, - 0x8000000080008008ULL -}; - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_StaticInitialize(void) { } - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_Initialize(void *state) { - memset(state, 0, 200); - ((uint64_t *)state)[ 1] = ~(uint64_t)0; - ((uint64_t *)state)[ 2] = ~(uint64_t)0; - ((uint64_t *)state)[ 8] = ~(uint64_t)0; - ((uint64_t *)state)[12] = ~(uint64_t)0; - ((uint64_t *)state)[17] = ~(uint64_t)0; - ((uint64_t *)state)[20] = ~(uint64_t)0; -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_AddBytesInLane(void *state, unsigned int lanePosition, const unsigned char *data, unsigned int offset, unsigned int length) { -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - uint64_t lane; - if (length == 0) { - return; - } - if (length == 1) { - lane = data[0]; - } else { - lane = 0; - memcpy(&lane, data, length); - } - lane <<= offset * 8; -#else - uint64_t lane = 0; - unsigned int i; - for (i = 0; i < length; i++) { - lane |= ((uint64_t)data[i]) << ((i + offset) * 8); - } -#endif - ((uint64_t *)state)[lanePosition] ^= lane; -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_AddLanes(void *state, const unsigned char *data, unsigned int laneCount) { -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - unsigned int i = 0; - /* If either pointer is misaligned, fall back to byte-wise xor. */ - if (((((uintptr_t)state) & 7) != 0) || ((((uintptr_t)data) & 7) != 0)) { - for (i = 0; i < laneCount * 8; i++) { - ((unsigned char *)state)[i] ^= data[i]; - } - } else { - /* Otherwise... */ - for ( ; (i + 8) <= laneCount; i += 8) { - ((uint64_t *)state)[i + 0] ^= ((const uint64_t *)data)[i + 0]; - ((uint64_t *)state)[i + 1] ^= ((const uint64_t *)data)[i + 1]; - ((uint64_t *)state)[i + 2] ^= ((const uint64_t *)data)[i + 2]; - ((uint64_t *)state)[i + 3] ^= ((const uint64_t *)data)[i + 3]; - ((uint64_t *)state)[i + 4] ^= ((const uint64_t *)data)[i + 4]; - ((uint64_t *)state)[i + 5] ^= ((const uint64_t *)data)[i + 5]; - ((uint64_t *)state)[i + 6] ^= ((const uint64_t *)data)[i + 6]; - ((uint64_t *)state)[i + 7] ^= ((const uint64_t *)data)[i + 7]; - } - for ( ; (i + 4) <= laneCount; i += 4) { - ((uint64_t *)state)[i + 0] ^= ((const uint64_t *)data)[i + 0]; - ((uint64_t *)state)[i + 1] ^= ((const uint64_t *)data)[i + 1]; - ((uint64_t *)state)[i + 2] ^= ((const uint64_t *)data)[i + 2]; - ((uint64_t *)state)[i + 3] ^= ((const uint64_t *)data)[i + 3]; - } - for ( ; (i + 2) <= laneCount; i += 2) { - ((uint64_t *)state)[i + 0] ^= ((const uint64_t *)data)[i + 0]; - ((uint64_t *)state)[i + 1] ^= ((const uint64_t *)data)[i + 1]; - } - if (i < laneCount) { - ((uint64_t *)state)[i + 0] ^= ((const uint64_t *)data)[i + 0]; - } - } -#else - unsigned int i; - const uint8_t *curData = data; - for (i = 0; i < laneCount; i++, curData += 8) { - uint64_t lane = (uint64_t)curData[0] - | ((uint64_t)curData[1] << 8) - | ((uint64_t)curData[2] << 16) - | ((uint64_t)curData[3] << 24) - | ((uint64_t)curData[4] << 32) - | ((uint64_t)curData[5] << 40) - | ((uint64_t)curData[6] << 48) - | ((uint64_t)curData[7] << 56); - ((uint64_t *)state)[i] ^= lane; - } -#endif -} - -/* ---------------------------------------------------------------- */ - -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) -void KeccakP1600_AddByte(void *state, unsigned char byte, unsigned int offset) { - ((unsigned char *)state)[offset] ^= byte; -} -#else -void KeccakP1600_AddByte(void *state, unsigned char byte, unsigned int offset) { - uint64_t lane = byte; - lane <<= (offset % 8) * 8; - ((uint64_t *)state)[offset / 8] ^= lane; -} -#endif - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length) { - SnP_AddBytes(state, data, offset, length, KeccakP1600_AddLanes, KeccakP1600_AddBytesInLane, 8); -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_OverwriteBytesInLane(void *state, unsigned int lanePosition, const unsigned char *data, unsigned int offset, unsigned int length) { -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - unsigned int i; - for (i = 0; i < length; i++) { - ((unsigned char *)state)[lanePosition * 8 + offset + i] = ~data[i]; - } - } else { - memcpy((unsigned char *)state + lanePosition * 8 + offset, data, length); - } -#else - uint64_t lane = ((uint64_t *)state)[lanePosition]; - unsigned int i; - for (i = 0; i < length; i++) { - lane &= ~((uint64_t)0xFF << ((offset + i) * 8)); - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - lane |= (uint64_t)(data[i] ^ 0xFF) << ((offset + i) * 8); - } else { - lane |= (uint64_t)data[i] << ((offset + i) * 8); - } - } - ((uint64_t *)state)[lanePosition] = lane; -#endif -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_OverwriteLanes(void *state, const unsigned char *data, unsigned int laneCount) { -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - unsigned int lanePosition; - - for (lanePosition = 0; lanePosition < laneCount; lanePosition++) { - memcpy(((uint64_t *)state) + lanePosition, data, sizeof(uint64_t)); - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - ((uint64_t *)state)[lanePosition] = ~((uint64_t *)state)[lanePosition]; - } - } -#else - unsigned int lanePosition; - const uint8_t *curData = data; - for (lanePosition = 0; lanePosition < laneCount; lanePosition++, curData += 8) { - uint64_t lane = (uint64_t)curData[0] - | ((uint64_t)curData[1] << 8) - | ((uint64_t)curData[2] << 16) - | ((uint64_t)curData[3] << 24) - | ((uint64_t)curData[4] << 32) - | ((uint64_t)curData[5] << 40) - | ((uint64_t)curData[6] << 48) - | ((uint64_t)curData[7] << 56); - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - ((uint64_t *)state)[lanePosition] = ~lane; - } else { - ((uint64_t *)state)[lanePosition] = lane; - } - } -#endif -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length) { - SnP_OverwriteBytes(state, data, offset, length, KeccakP1600_OverwriteLanes, KeccakP1600_OverwriteBytesInLane, 8); -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_OverwriteWithZeroes(void *state, unsigned int byteCount) { -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - unsigned int lanePosition; - - for (lanePosition = 0; lanePosition < byteCount / 8; lanePosition++) - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - ((uint64_t *)state)[lanePosition] = ~(uint64_t)0; - } else { - ((uint64_t *)state)[lanePosition] = 0; - } - if (byteCount % 8 != 0) { - lanePosition = byteCount / 8; - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - memset((unsigned char *)state + lanePosition * 8, 0xFF, byteCount % 8); - } else { - memset((unsigned char *)state + lanePosition * 8, 0, byteCount % 8); - } - } -#else - unsigned int i, j; - for (i = 0; i < byteCount; i += 8) { - unsigned int lanePosition = i / 8; - if (i + 8 <= byteCount) { - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - ((uint64_t *)state)[lanePosition] = ~(uint64_t)0; - } else { - ((uint64_t *)state)[lanePosition] = 0; - } - } else { - uint64_t lane = ((uint64_t *)state)[lanePosition]; - for (j = 0; j < byteCount % 8; j++) { - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - lane |= (uint64_t)0xFF << (j * 8); - } else { - lane &= ~((uint64_t)0xFF << (j * 8)); - } - } - ((uint64_t *)state)[lanePosition] = lane; - } - } -#endif -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_Permute_Nrounds(void *state, unsigned int nr) { - declareABCDE - unsigned int i; - uint64_t *stateAsLanes = (uint64_t *)state; - - copyFromState(A, stateAsLanes) - roundsN(nr) - copyToState(stateAsLanes, A) - -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_Permute_24rounds(void *state) { - declareABCDE - uint64_t *stateAsLanes = (uint64_t *)state; - - copyFromState(A, stateAsLanes) - rounds24 - copyToState(stateAsLanes, A) -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_Permute_12rounds(void *state) { - declareABCDE - uint64_t *stateAsLanes = (uint64_t *)state; - - copyFromState(A, stateAsLanes) - rounds12 - copyToState(stateAsLanes, A) -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_ExtractBytesInLane(const void *state, unsigned int lanePosition, unsigned char *data, unsigned int offset, unsigned int length) { - uint64_t lane = ((const uint64_t *)state)[lanePosition]; - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - lane = ~lane; - } -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - { - uint64_t lane1[1]; - lane1[0] = lane; - memcpy(data, (uint8_t *)lane1 + offset, length); - } -#else - unsigned int i; - lane >>= offset * 8; - for (i = 0; i < length; i++) { - data[i] = lane & 0xFF; - lane >>= 8; - } -#endif -} - -/* ---------------------------------------------------------------- */ - -#if (PLATFORM_BYTE_ORDER != IS_LITTLE_ENDIAN) -static void fromWordToBytes(uint8_t *bytes, const uint64_t word) { - unsigned int i; - - for (i = 0; i < (64 / 8); i++) { - bytes[i] = (word >> (8 * i)) & 0xFF; - } -} -#endif - -void KeccakP1600_ExtractLanes(const void *state, unsigned char *data, unsigned int laneCount) { -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - memcpy(data, state, laneCount * 8); -#else - for (unsigned int i = 0; i < laneCount; i++) { - fromWordToBytes(data + (i * 8), ((const uint64_t *)state)[i]); - } -#endif -#define COMPL(lane) for(unsigned int i=0; i<8; i++) data[8*lane+i] = ~data[8*lane+i] - if (laneCount > 1) { - COMPL(1); - if (laneCount > 2) { - COMPL(2); - if (laneCount > 8) { - COMPL(8); - if (laneCount > 12) { - COMPL(12); - if (laneCount > 17) { - COMPL(17); - if (laneCount > 20) { - COMPL(20); - } - } - } - } - } - } -#undef COMPL -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length) { - SnP_ExtractBytes(state, data, offset, length, KeccakP1600_ExtractLanes, KeccakP1600_ExtractBytesInLane, 8); -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_ExtractAndAddBytesInLane(const void *state, unsigned int lanePosition, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length) { - uint64_t lane = ((const uint64_t *)state)[lanePosition]; - if ((lanePosition == 1) || (lanePosition == 2) || (lanePosition == 8) || (lanePosition == 12) || (lanePosition == 17) || (lanePosition == 20)) { - lane = ~lane; - } -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - { - unsigned int i; - for (i = 0; i < length; i++) { - output[i] = input[i] ^ ((uint8_t *)&lane)[offset + i]; - } - } -#else - unsigned int i; - lane >>= offset * 8; - for (i = 0; i < length; i++) { - output[i] = input[i] ^ (lane & 0xFF); - lane >>= 8; - } -#endif -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_ExtractAndAddLanes(const void *state, const unsigned char *input, unsigned char *output, unsigned int laneCount) { - unsigned int i; -#if (PLATFORM_BYTE_ORDER != IS_LITTLE_ENDIAN) - unsigned char temp[8]; - unsigned int j; -#else - uint64_t lane; -#endif - - for (i = 0; i < laneCount; i++) { -#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) - memcpy(&lane, input + 8 * i, sizeof(uint64_t)); - lane ^= ((const uint64_t *)state)[i]; - memcpy(output + 8 * i, &lane, sizeof(uint64_t)); -#else - fromWordToBytes(temp, ((const uint64_t *)state)[i]); - for (j = 0; j < 8; j++) { - output[i * 8 + j] = input[i * 8 + j] ^ temp[j]; - } -#endif - } -#define COMPL(lane) for(i=0; i<8; i++) output[8*lane+i] = ~output[8*lane+i] - if (laneCount > 1) { - COMPL(1); - if (laneCount > 2) { - COMPL(2); - if (laneCount > 8) { - COMPL(8); - if (laneCount > 12) { - COMPL(12); - if (laneCount > 17) { - COMPL(17); - if (laneCount > 20) { - COMPL(20); - } - } - } - } - } - } -#undef COMPL -} - -/* ---------------------------------------------------------------- */ - -void KeccakP1600_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length) { - SnP_ExtractAndAddBytes(state, input, output, offset, length, KeccakP1600_ExtractAndAddLanes, KeccakP1600_ExtractAndAddBytesInLane, 8); -} - -/* ---------------------------------------------------------------- */ - -size_t KeccakF1600_FastLoop_Absorb(void *state, unsigned int laneCount, const unsigned char *data, size_t dataByteLen) { - size_t originalDataByteLen = dataByteLen; - declareABCDE - uint64_t *stateAsLanes = (uint64_t *)state; - - copyFromState(A, stateAsLanes) - while (dataByteLen >= laneCount * 8) { - addInput(A, data, laneCount) - rounds24 - data += laneCount * 8; - dataByteLen -= laneCount * 8; - } - copyToState(stateAsLanes, A) - return originalDataByteLen - dataByteLen; -} - -/* ---------------------------------------------------------------- */ - -size_t KeccakP1600_12rounds_FastLoop_Absorb(void *state, unsigned int laneCount, const unsigned char *data, size_t dataByteLen) { - size_t originalDataByteLen = dataByteLen; - declareABCDE - uint64_t *stateAsLanes = (uint64_t *)state; - - copyFromState(A, stateAsLanes) - while (dataByteLen >= laneCount * 8) { - addInput(A, data, laneCount) - rounds12 - data += laneCount * 8; - dataByteLen -= laneCount * 8; - } - copyToState(stateAsLanes, A) - return originalDataByteLen - dataByteLen; -} diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-unrolling.macros b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-unrolling.macros deleted file mode 100644 index 9f7200226..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/KeccakP-1600-unrolling.macros +++ /dev/null @@ -1,305 +0,0 @@ -/* -The eXtended Keccak Code Package (XKCP) -https://github.com/XKCP/XKCP - -The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. - -Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer". - -For more information, feedback or questions, please refer to the Keccak Team website: -https://keccak.team/ - -To the extent possible under law, the implementer has waived all copyright -and related or neighboring rights to the source code in this file. -http://creativecommons.org/publicdomain/zero/1.0/ -*/ - -#if (defined(FullUnrolling)) -#define rounds24 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta( 0, A, E) \ - thetaRhoPiChiIotaPrepareTheta( 1, E, A) \ - thetaRhoPiChiIotaPrepareTheta( 2, A, E) \ - thetaRhoPiChiIotaPrepareTheta( 3, E, A) \ - thetaRhoPiChiIotaPrepareTheta( 4, A, E) \ - thetaRhoPiChiIotaPrepareTheta( 5, E, A) \ - thetaRhoPiChiIotaPrepareTheta( 6, A, E) \ - thetaRhoPiChiIotaPrepareTheta( 7, E, A) \ - thetaRhoPiChiIotaPrepareTheta( 8, A, E) \ - thetaRhoPiChiIotaPrepareTheta( 9, E, A) \ - thetaRhoPiChiIotaPrepareTheta(10, A, E) \ - thetaRhoPiChiIotaPrepareTheta(11, E, A) \ - thetaRhoPiChiIotaPrepareTheta(12, A, E) \ - thetaRhoPiChiIotaPrepareTheta(13, E, A) \ - thetaRhoPiChiIotaPrepareTheta(14, A, E) \ - thetaRhoPiChiIotaPrepareTheta(15, E, A) \ - thetaRhoPiChiIotaPrepareTheta(16, A, E) \ - thetaRhoPiChiIotaPrepareTheta(17, E, A) \ - thetaRhoPiChiIotaPrepareTheta(18, A, E) \ - thetaRhoPiChiIotaPrepareTheta(19, E, A) \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#define rounds12 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(12, A, E) \ - thetaRhoPiChiIotaPrepareTheta(13, E, A) \ - thetaRhoPiChiIotaPrepareTheta(14, A, E) \ - thetaRhoPiChiIotaPrepareTheta(15, E, A) \ - thetaRhoPiChiIotaPrepareTheta(16, A, E) \ - thetaRhoPiChiIotaPrepareTheta(17, E, A) \ - thetaRhoPiChiIotaPrepareTheta(18, A, E) \ - thetaRhoPiChiIotaPrepareTheta(19, E, A) \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#define rounds6 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(18, A, E) \ - thetaRhoPiChiIotaPrepareTheta(19, E, A) \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#define rounds4 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#elif (Unrolling == 12) -#define rounds24 \ - prepareTheta \ - for(i=0; i<24; i+=12) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+ 1, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+ 2, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+ 3, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+ 4, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+ 5, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+ 6, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+ 7, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+ 8, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+ 9, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+10, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+11, E, A) \ - } \ - -#define rounds12 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(12, A, E) \ - thetaRhoPiChiIotaPrepareTheta(13, E, A) \ - thetaRhoPiChiIotaPrepareTheta(14, A, E) \ - thetaRhoPiChiIotaPrepareTheta(15, E, A) \ - thetaRhoPiChiIotaPrepareTheta(16, A, E) \ - thetaRhoPiChiIotaPrepareTheta(17, E, A) \ - thetaRhoPiChiIotaPrepareTheta(18, A, E) \ - thetaRhoPiChiIotaPrepareTheta(19, E, A) \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#define rounds6 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(18, A, E) \ - thetaRhoPiChiIotaPrepareTheta(19, E, A) \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#define rounds4 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#elif (Unrolling == 6) -#define rounds24 \ - prepareTheta \ - for(i=0; i<24; i+=6) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+3, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+4, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+5, E, A) \ - } \ - -#define rounds12 \ - prepareTheta \ - for(i=12; i<24; i+=6) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+3, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+4, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+5, E, A) \ - } \ - -#define rounds6 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(18, A, E) \ - thetaRhoPiChiIotaPrepareTheta(19, E, A) \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#define rounds4 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#elif (Unrolling == 4) -#define rounds24 \ - prepareTheta \ - for(i=0; i<24; i+=4) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+3, E, A) \ - } \ - -#define rounds12 \ - prepareTheta \ - for(i=12; i<24; i+=4) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+3, E, A) \ - } \ - -#define rounds6 \ - prepareTheta \ - for(i=18; i<24; i+=2) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - } \ - -#define rounds4 \ - prepareTheta \ - thetaRhoPiChiIotaPrepareTheta(20, A, E) \ - thetaRhoPiChiIotaPrepareTheta(21, E, A) \ - thetaRhoPiChiIotaPrepareTheta(22, A, E) \ - thetaRhoPiChiIota(23, E, A) \ - -#elif (Unrolling == 3) -#define rounds24 \ - prepareTheta \ - for(i=0; i<24; i+=3) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \ - copyStateVariables(A, E) \ - } \ - -#define rounds12 \ - prepareTheta \ - for(i=12; i<24; i+=3) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \ - copyStateVariables(A, E) \ - } \ - -#define rounds6 \ - prepareTheta \ - for(i=18; i<24; i+=3) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \ - copyStateVariables(A, E) \ - } \ - -#define rounds4 \ - prepareTheta \ - for(i=20; i<24; i+=2) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - } \ - -#elif (Unrolling == 2) -#define rounds24 \ - prepareTheta \ - for(i=0; i<24; i+=2) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - } \ - -#define rounds12 \ - prepareTheta \ - for(i=12; i<24; i+=2) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - } \ - -#define rounds6 \ - prepareTheta \ - for(i=18; i<24; i+=2) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - } \ - -#define rounds4 \ - prepareTheta \ - for(i=20; i<24; i+=2) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - } \ - -#elif (Unrolling == 1) -#define rounds24 \ - prepareTheta \ - for(i=0; i<24; i++) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - copyStateVariables(A, E) \ - } \ - -#define rounds12 \ - prepareTheta \ - for(i=12; i<24; i++) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - copyStateVariables(A, E) \ - } \ - -#define rounds6 \ - prepareTheta \ - for(i=18; i<24; i++) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - copyStateVariables(A, E) \ - } \ - -#define rounds4 \ - prepareTheta \ - for(i=20; i<24; i++) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - copyStateVariables(A, E) \ - } \ - -#else -#error "Unrolling is not correctly specified!" -#endif - -#define roundsN(__nrounds) \ - prepareTheta \ - i = 24 - (__nrounds); \ - if ((i&1) != 0) { \ - thetaRhoPiChiIotaPrepareTheta(i, A, E) \ - copyStateVariables(A, E) \ - ++i; \ - } \ - for( /* empty */; i<24; i+=2) { \ - thetaRhoPiChiIotaPrepareTheta(i , A, E) \ - thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \ - } diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/Makefile b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/Makefile deleted file mode 100644 index fe090f3ff..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -USE_GCOV = -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -WARNING_CFLAGS = $(NULL) - diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/SnP-Relaned.h b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/SnP-Relaned.h deleted file mode 100644 index 631fb5ae2..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/SnP-Relaned.h +++ /dev/null @@ -1,141 +0,0 @@ -/* -The eXtended Keccak Code Package (XKCP) -https://github.com/XKCP/XKCP - -Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer". - -For more information, feedback or questions, please refer to the Keccak Team website: -https://keccak.team/ - -To the extent possible under law, the implementer has waived all copyright -and related or neighboring rights to the source code in this file. -http://creativecommons.org/publicdomain/zero/1.0/ - ---- - -This file contains macros that help implement a permutation in a SnP-compatible way. -It converts an implementation that implement state input/output functions -in a lane-oriented fashion (i.e., using SnP_AddLanes() and SnP_AddBytesInLane, -and similarly for Overwite, Extract and ExtractAndAdd) to the byte-oriented SnP. -Please refer to SnP-documentation.h for more details. -*/ - -#ifndef _SnP_Relaned_h_ -#define _SnP_Relaned_h_ - -#define SnP_AddBytes(state, data, offset, length, SnP_AddLanes, SnP_AddBytesInLane, SnP_laneLengthInBytes) \ - { \ - if ((offset) == 0) { \ - SnP_AddLanes(state, data, (length)/SnP_laneLengthInBytes); \ - SnP_AddBytesInLane(state, \ - (length)/SnP_laneLengthInBytes, \ - (data)+((length)/SnP_laneLengthInBytes)*SnP_laneLengthInBytes, \ - 0, \ - (length)%SnP_laneLengthInBytes); \ - } \ - else { \ - unsigned int _sizeLeft = (length); \ - unsigned int _lanePosition = (offset)/SnP_laneLengthInBytes; \ - unsigned int _offsetInLane = (offset)%SnP_laneLengthInBytes; \ - const unsigned char *_curData = (data); \ - while(_sizeLeft > 0) { \ - unsigned int _bytesInLane = SnP_laneLengthInBytes - _offsetInLane; \ - if (_bytesInLane > _sizeLeft) \ - _bytesInLane = _sizeLeft; \ - SnP_AddBytesInLane(state, _lanePosition, _curData, _offsetInLane, _bytesInLane); \ - _sizeLeft -= _bytesInLane; \ - _lanePosition++; \ - _offsetInLane = 0; \ - _curData += _bytesInLane; \ - } \ - } \ - } - -#define SnP_OverwriteBytes(state, data, offset, length, SnP_OverwriteLanes, SnP_OverwriteBytesInLane, SnP_laneLengthInBytes) \ - { \ - if ((offset) == 0) { \ - SnP_OverwriteLanes(state, data, (length)/SnP_laneLengthInBytes); \ - SnP_OverwriteBytesInLane(state, \ - (length)/SnP_laneLengthInBytes, \ - (data)+((length)/SnP_laneLengthInBytes)*SnP_laneLengthInBytes, \ - 0, \ - (length)%SnP_laneLengthInBytes); \ - } \ - else { \ - unsigned int _sizeLeft = (length); \ - unsigned int _lanePosition = (offset)/SnP_laneLengthInBytes; \ - unsigned int _offsetInLane = (offset)%SnP_laneLengthInBytes; \ - const unsigned char *_curData = (data); \ - while(_sizeLeft > 0) { \ - unsigned int _bytesInLane = SnP_laneLengthInBytes - _offsetInLane; \ - if (_bytesInLane > _sizeLeft) \ - _bytesInLane = _sizeLeft; \ - SnP_OverwriteBytesInLane(state, _lanePosition, _curData, _offsetInLane, _bytesInLane); \ - _sizeLeft -= _bytesInLane; \ - _lanePosition++; \ - _offsetInLane = 0; \ - _curData += _bytesInLane; \ - } \ - } \ - } - -#define SnP_ExtractBytes(state, data, offset, length, SnP_ExtractLanes, SnP_ExtractBytesInLane, SnP_laneLengthInBytes) \ - { \ - if ((offset) == 0) { \ - SnP_ExtractLanes(state, data, (length)/SnP_laneLengthInBytes); \ - SnP_ExtractBytesInLane(state, \ - (length)/SnP_laneLengthInBytes, \ - (data)+((length)/SnP_laneLengthInBytes)*SnP_laneLengthInBytes, \ - 0, \ - (length)%SnP_laneLengthInBytes); \ - } \ - else { \ - unsigned int _sizeLeft = (length); \ - unsigned int _lanePosition = (offset)/SnP_laneLengthInBytes; \ - unsigned int _offsetInLane = (offset)%SnP_laneLengthInBytes; \ - unsigned char *_curData = (data); \ - while(_sizeLeft > 0) { \ - unsigned int _bytesInLane = SnP_laneLengthInBytes - _offsetInLane; \ - if (_bytesInLane > _sizeLeft) \ - _bytesInLane = _sizeLeft; \ - SnP_ExtractBytesInLane(state, _lanePosition, _curData, _offsetInLane, _bytesInLane); \ - _sizeLeft -= _bytesInLane; \ - _lanePosition++; \ - _offsetInLane = 0; \ - _curData += _bytesInLane; \ - } \ - } \ - } - -#define SnP_ExtractAndAddBytes(state, input, output, offset, length, SnP_ExtractAndAddLanes, SnP_ExtractAndAddBytesInLane, SnP_laneLengthInBytes) \ - { \ - if ((offset) == 0) { \ - SnP_ExtractAndAddLanes(state, input, output, (length)/SnP_laneLengthInBytes); \ - SnP_ExtractAndAddBytesInLane(state, \ - (length)/SnP_laneLengthInBytes, \ - (input)+((length)/SnP_laneLengthInBytes)*SnP_laneLengthInBytes, \ - (output)+((length)/SnP_laneLengthInBytes)*SnP_laneLengthInBytes, \ - 0, \ - (length)%SnP_laneLengthInBytes); \ - } \ - else { \ - unsigned int _sizeLeft = (length); \ - unsigned int _lanePosition = (offset)/SnP_laneLengthInBytes; \ - unsigned int _offsetInLane = (offset)%SnP_laneLengthInBytes; \ - const unsigned char *_curInput = (input); \ - unsigned char *_curOutput = (output); \ - while(_sizeLeft > 0) { \ - unsigned int _bytesInLane = SnP_laneLengthInBytes - _offsetInLane; \ - if (_bytesInLane > _sizeLeft) \ - _bytesInLane = _sizeLeft; \ - SnP_ExtractAndAddBytesInLane(state, _lanePosition, _curInput, _curOutput, _offsetInLane, _bytesInLane); \ - _sizeLeft -= _bytesInLane; \ - _lanePosition++; \ - _offsetInLane = 0; \ - _curInput += _bytesInLane; \ - _curOutput += _bytesInLane; \ - } \ - } \ - } - -#endif diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/brg_endian.h b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/brg_endian.h deleted file mode 100644 index efb408ff0..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/brg_endian.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 - Changes for ARM 9/9/2010 -*/ - -#ifndef _BRG_ENDIAN_H -#define _BRG_ENDIAN_H - -#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */ -#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ - - -/* Now attempt to set the define for platform byte order using any */ -/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, which */ -/* seem to encompass most endian symbol definitions */ - -#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN ) -# if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( BYTE_ORDER ) && BYTE_ORDER == LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( _BIG_ENDIAN ) && defined( _LITTLE_ENDIAN ) -# if defined( _BYTE_ORDER ) && _BYTE_ORDER == _BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( _BYTE_ORDER ) && _BYTE_ORDER == _LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( _BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( _LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( __BIG_ENDIAN ) && defined( __LITTLE_ENDIAN ) -# if defined( __BYTE_ORDER ) && __BYTE_ORDER == __BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( __BYTE_ORDER ) && __BYTE_ORDER == __LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( __BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( __LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( __BIG_ENDIAN__ ) && defined( __LITTLE_ENDIAN__ ) -# if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __BIG_ENDIAN__ -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __LITTLE_ENDIAN__ -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( __BIG_ENDIAN__ ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( __LITTLE_ENDIAN__ ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -/* if the platform byte order could not be determined, then try to */ -/* set this define using common machine defines */ -#if !defined(PLATFORM_BYTE_ORDER) - -#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \ - defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \ - defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \ - defined( vax ) || defined( vms ) || defined( VMS ) || \ - defined( __VMS ) || defined( _M_X64 ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN - -#elif defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \ - defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \ - defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \ - defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \ - defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \ - defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM ) || \ - defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX ) || \ - defined( __s390__ ) || defined( __s390x__ ) || defined( __zarch__ ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN - -#elif defined(__arm__) -# ifdef __BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# else -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#else -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#endif - -#endif diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/config.mk b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/config.mk deleted file mode 100644 index b28c9ce64..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/config.mk +++ /dev/null @@ -1,17 +0,0 @@ -# DO NOT EDIT: generated from config.mk.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# add fixes for platform integration issues here. -# -# liboqs programs expect the public include files to be in oqs/xxxx, -# So we put liboqs in it's own module, oqs, and point to the dist files -INCLUDES += -I$(CORE_DEPTH)/lib/liboqs/src/common/pqclean_shims -I$(CORE_DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits -DEFINES += - -ifeq ($(OS_ARCH), Darwin) -DEFINES += -DOQS_HAVE_ALIGNED_ALLOC -DOQS_HAVE_MEMALIGN -DOQS_HAVE_POSIX_MEMALIGN -endif - diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/manifest.mn b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/manifest.mn deleted file mode 100644 index 31ee9a8c9..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/manifest.mn +++ /dev/null @@ -1,23 +0,0 @@ -# DO NOT EDIT: generated from manifest.mn.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../../../../../../.. - -MODULE = oqs - -LIBRARY_NAME = oqs_src_common_sha3_xkcp_low_KeccakP-1600_plain-64bits -SHARED_LIBRARY = $(NULL) - -CSRCS = \ - KeccakP-1600-opt64.c \ - $(NULL) - -# only add module debugging in opt builds if DEBUG_PKCS11 is set -ifdef DEBUG_PKCS11 - DEFINES += -DDEBUG_MODULE -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/plain-64bits.gyp b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/plain-64bits.gyp deleted file mode 100644 index aa4fdfa5c..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits/plain-64bits.gyp +++ /dev/null @@ -1,39 +0,0 @@ -# DO NOT EDIT: generated from subdir.gyp.template -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../../../../../../../coreconf/config.gypi' - ], - 'targets': [ - { - 'target_name': 'oqs_src_common_sha3_xkcp_low_KeccakP-1600_plain-64bits', - 'type': 'static_library', - 'sources': [ - 'KeccakP-1600-opt64.c', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } - ], - 'target_defaults': { - 'defines': [ - ], - 'include_dirs': [ - '<(DEPTH)/lib/liboqs/src/common/pqclean_shims', - '<(DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits', - ], - [ 'OS=="mac"', { - 'defines': [ - 'OQS_HAVE_POSIX_MEMALIGN', - 'OQS_HAVE_ALIGNED_ALLOC', - 'OQS_HAVE_MEMALIGN' - ] - }] - }, - 'variables': { - 'module': 'oqs' - } -} diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/KeccakP-1600-times4-SnP.h b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/KeccakP-1600-times4-SnP.h deleted file mode 100644 index 9698a922f..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/KeccakP-1600-times4-SnP.h +++ /dev/null @@ -1,82 +0,0 @@ -/* -The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. - -Implementation by Gilles Van Assche, hereby denoted as "the implementer". - -For more information, feedback or questions, please refer to the Keccak Team website: -https://keccak.team/ - -To the extent possible under law, the implementer has waived all copyright -and related or neighboring rights to the source code in this file. -http://creativecommons.org/publicdomain/zero/1.0/ - ---- - -Please refer to PlSnP-documentation.h for more details. -*/ - -#ifndef _KeccakP_1600_times4_SnP_h_ -#define _KeccakP_1600_times4_SnP_h_ - -#include "KeccakP-1600-SnP.h" - -#if defined(ADD_SYMBOL_SUFFIX) -#define KECCAKTIMES4_NAMESPACE(x) KeccakP1600times4_##x##_serial -#else -#define KECCAKTIMES4_NAMESPACE(x) KeccakP1600times4_##x -#endif - -#define KeccakP1600times4_implementation "fallback on serial implementation (" KeccakP1600_implementation ")" -#define KeccakP1600times4_isFallback -#define KeccakP1600times4_statesAlignment KeccakP1600_stateAlignment -#define KeccakP1600times4_statesSizeInBytes (((KeccakP1600_stateSizeInBytes+(KeccakP1600_stateAlignment-1))/KeccakP1600_stateAlignment)*KeccakP1600_stateAlignment*4) - -#define KeccakP1600times4_StaticInitialize KECCAKTIMES4_NAMESPACE(KeccakP1600times4_StaticInitialize) -void KeccakP1600times4_StaticInitialize( void ); - -#define KeccakP1600times4_InitializeAll KECCAKTIMES4_NAMESPACE(KeccakP1600times4_InitializeAll) -void KeccakP1600times4_InitializeAll(void *states); - -#define KeccakP1600times4_AddByte KECCAKTIMES4_NAMESPACE(KeccakP1600times4_AddByte) -void KeccakP1600times4_AddByte(void *states, unsigned int instanceIndex, unsigned char data, unsigned int offset); - -#define KeccakP1600times4_AddBytes KECCAKTIMES4_NAMESPACE(KeccakP1600times4_AddBytes) -void KeccakP1600times4_AddBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length); - -#define KeccakP1600times4_AddLanesAll KECCAKTIMES4_NAMESPACE(KeccakP1600times4_AddLanesAll) -void KeccakP1600times4_AddLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset); - -#define KeccakP1600times4_OverwriteBytes KECCAKTIMES4_NAMESPACE(KeccakP1600times4_OverwriteBytes) -void KeccakP1600times4_OverwriteBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length); - -#define KeccakP1600times4_OverwriteLanesAll KECCAKTIMES4_NAMESPACE(KeccakP1600times4_OverwriteLanesAll) -void KeccakP1600times4_OverwriteLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset); - -#define KeccakP1600times4_OverwriteWithZeroes KECCAKTIMES4_NAMESPACE(KeccakP1600times4_OverwriteWithZeroes) -void KeccakP1600times4_OverwriteWithZeroes(void *states, unsigned int instanceIndex, unsigned int byteCount); - -#define KeccakP1600times4_PermuteAll_4rounds KECCAKTIMES4_NAMESPACE(KeccakP1600times4_PermuteAll_4rounds) -void KeccakP1600times4_PermuteAll_4rounds(void *states); - -#define KeccakP1600times4_PermuteAll_6rounds KECCAKTIMES4_NAMESPACE(KeccakP1600times4_PermuteAll_6rounds) -void KeccakP1600times4_PermuteAll_6rounds(void *states); - -#define KeccakP1600times4_PermuteAll_12rounds KECCAKTIMES4_NAMESPACE(KeccakP1600times4_PermuteAll_12rounds) -void KeccakP1600times4_PermuteAll_12rounds(void *states); - -#define KeccakP1600times4_PermuteAll_24rounds KECCAKTIMES4_NAMESPACE(KeccakP1600times4_PermuteAll_24rounds) -void KeccakP1600times4_PermuteAll_24rounds(void *states); - -#define KeccakP1600times4_ExtractBytes KECCAKTIMES4_NAMESPACE(KeccakP1600times4_ExtractBytes) -void KeccakP1600times4_ExtractBytes(const void *states, unsigned int instanceIndex, unsigned char *data, unsigned int offset, unsigned int length); - -#define KeccakP1600times4_ExtractLanesAll KECCAKTIMES4_NAMESPACE(KeccakP1600times4_ExtractLanesAll) -void KeccakP1600times4_ExtractLanesAll(const void *states, unsigned char *data, unsigned int laneCount, unsigned int laneOffset); - -#define KeccakP1600times4_ExtractAndAddBytes KECCAKTIMES4_NAMESPACE(KeccakP1600times4_ExtractAndAddBytes) -void KeccakP1600times4_ExtractAndAddBytes(const void *states, unsigned int instanceIndex, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length); - -#define KeccakP1600times4_ExtractAndAddLanesAll KECCAKTIMES4_NAMESPACE(KeccakP1600times4_ExtractAndAddLanesAll) -void KeccakP1600times4_ExtractAndAddLanesAll(const void *states, const unsigned char *input, unsigned char *output, unsigned int laneCount, unsigned int laneOffset); - -#endif diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/KeccakP-1600-times4-on1.c b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/KeccakP-1600-times4-on1.c deleted file mode 100644 index 629757054..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/KeccakP-1600-times4-on1.c +++ /dev/null @@ -1,56 +0,0 @@ -/* -The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. - -Implementation by Gilles Van Assche, hereby denoted as "the implementer". - -For more information, feedback or questions, please refer to the Keccak Team website: -https://keccak.team/ - -To the extent possible under law, the implementer has waived all copyright -and related or neighboring rights to the source code in this file. -http://creativecommons.org/publicdomain/zero/1.0/ - ---- - -This file implements Keccak-p[1600]×4 in a PlSnP-compatible way. -Please refer to PlSnP-documentation.h for more details. - -This implementation comes with KeccakP-1600-times4-SnP.h in the same folder. -Please refer to LowLevel.build for the exact list of other files it must be combined with. -*/ - -#include "KeccakP-1600-SnP.h" - -#define prefix KeccakP1600times4 -#define suffix serial -#define PlSnP_baseParallelism 1 -#define PlSnP_targetParallelism 4 -#define SnP_laneLengthInBytes 8 -#define SnP_prefix KeccakP1600 -#define SnP_suffix KECCAK_SYMBOL_SUFFIX - -#if defined(ADD_SYMBOL_SUFFIX) -#define JOIN0(a,b,c) a##_##b##_##c -#define JOIN(a,b) JOIN0(a,b,c) - -#define SnP_Permute JOIN(SnP_prefix, Permute_24rounds, SnP_suffix) -#define SnP_Permute_12rounds JOIN(SnP_prefix, Permute_12rounds, SnP_suffix) -#define SnP_Permute_Nrounds JOIN(SnP_prefix, Permute_Nrounds, SnP_suffix) -#define PlSnP_PermuteAll JOIN(prefix, PermuteAll_24rounds, suffix) -#define PlSnP_PermuteAll_12rounds JOIN(prefix, PermuteAll_12rounds, suffix) -#define PlSnP_PermuteAll_6rounds JOIN(prefix, PermuteAll_6rounds, suffix) -#define PlSnP_PermuteAll_4rounds JOIN(prefix, PermuteAll_4rounds, suffix) - -#undef JOIN0 -#undef JOIN -#else -#define SnP_Permute KeccakP1600_Permute_24rounds -#define SnP_Permute_12rounds KeccakP1600_Permute_12rounds -#define SnP_Permute_Nrounds KeccakP1600_Permute_Nrounds -#define PlSnP_PermuteAll KeccakP1600times4_PermuteAll_24rounds -#define PlSnP_PermuteAll_12rounds KeccakP1600times4_PermuteAll_12rounds -#define PlSnP_PermuteAll_6rounds KeccakP1600times4_PermuteAll_6rounds -#define PlSnP_PermuteAll_4rounds KeccakP1600times4_PermuteAll_4rounds -#endif - -#include "PlSnP-Fallback.inc" diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/Makefile b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/Makefile deleted file mode 100644 index fe090f3ff..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -USE_GCOV = -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -WARNING_CFLAGS = $(NULL) - diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/PlSnP-Fallback.inc b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/PlSnP-Fallback.inc deleted file mode 100644 index 7006c126b..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/PlSnP-Fallback.inc +++ /dev/null @@ -1,295 +0,0 @@ -/* -The eXtended Keccak Code Package (XKCP) -https://github.com/XKCP/XKCP - -Implementation by Gilles Van Assche, hereby denoted as "the implementer". - -For more information, feedback or questions, please refer to the Keccak Team website: -https://keccak.team/ - -To the extent possible under law, the implementer has waived all copyright -and related or neighboring rights to the source code in this file. -http://creativecommons.org/publicdomain/zero/1.0/ - ---- - -This file contains macros that help make a PlSnP-compatible implementation by -serially falling back on a SnP-compatible implementation or on a PlSnP-compatible -implementation of lower parallism degree. - -Please refer to PlSnP-documentation.h for more details. -*/ - -/* expect PlSnP_baseParallelism, PlSnP_targetParallelism */ -/* expect SnP_stateSizeInBytes, SnP_stateAlignment */ -/* expect prefix */ -/* expect SnP_* */ - -#if defined(ADD_SYMBOL_SUFFIX) -#define JOIN0(a, b, c) a ## _ ## b ## _ ## c -#define JOIN(a, b, c) JOIN0(a, b, c) -#else -#define JOIN0(a, b) a ## _ ## b -#define JOIN(a, b, c) JOIN0(a, b) -#endif - -#define PlSnP_StaticInitialize JOIN(prefix, StaticInitialize, suffix) -#define PlSnP_InitializeAll JOIN(prefix, InitializeAll, suffix) -#define PlSnP_AddByte JOIN(prefix, AddByte, suffix) -#define PlSnP_AddBytes JOIN(prefix, AddBytes, suffix) -#define PlSnP_AddLanesAll JOIN(prefix, AddLanesAll, suffix) -#define PlSnP_OverwriteBytes JOIN(prefix, OverwriteBytes, suffix) -#define PlSnP_OverwriteLanesAll JOIN(prefix, OverwriteLanesAll, suffix) -#define PlSnP_OverwriteWithZeroes JOIN(prefix, OverwriteWithZeroes, suffix) -#define PlSnP_ExtractBytes JOIN(prefix, ExtractBytes, suffix) -#define PlSnP_ExtractLanesAll JOIN(prefix, ExtractLanesAll, suffix) -#define PlSnP_ExtractAndAddBytes JOIN(prefix, ExtractAndAddBytes, suffix) -#define PlSnP_ExtractAndAddLanesAll JOIN(prefix, ExtractAndAddLanesAll, suffix) - -#if (PlSnP_baseParallelism == 1) - #define SnP_stateSizeInBytes JOIN(SnP_prefix, stateSizeInBytes, SnP_suffix) - #define SnP_stateAlignment JOIN(SnP_prefix, stateAlignment, SnP_suffix) -#else - #define SnP_stateSizeInBytes JOIN(SnP_prefix, statesSizeInBytes, SnP_suffix) - #define SnP_stateAlignment JOIN(SnP_prefix, statesAlignment, SnP_suffix) -#endif -#define PlSnP_factor ((PlSnP_targetParallelism)/(PlSnP_baseParallelism)) -#define SnP_stateOffset (((SnP_stateSizeInBytes+(SnP_stateAlignment-1))/SnP_stateAlignment)*SnP_stateAlignment) -#define stateWithIndex(i) ((unsigned char *)states+((i)*SnP_stateOffset)) - -#define SnP_StaticInitialize JOIN(SnP_prefix, StaticInitialize, SnP_suffix) -#define SnP_Initialize JOIN(SnP_prefix, Initialize, SnP_suffix) -#define SnP_InitializeAll JOIN(SnP_prefix, InitializeAll, SnP_suffix) -#define SnP_AddByte JOIN(SnP_prefix, AddByte, SnP_suffix) -#define SnP_AddBytes JOIN(SnP_prefix, AddBytes, SnP_suffix) -#define SnP_AddLanesAll JOIN(SnP_prefix, AddLanesAll, SnP_suffix) -#define SnP_OverwriteBytes JOIN(SnP_prefix, OverwriteBytes, SnP_suffix) -#define SnP_OverwriteLanesAll JOIN(SnP_prefix, OverwriteLanesAll, SnP_suffix) -#define SnP_OverwriteWithZeroes JOIN(SnP_prefix, OverwriteWithZeroes, SnP_suffix) -#define SnP_ExtractBytes JOIN(SnP_prefix, ExtractBytes, SnP_suffix) -#define SnP_ExtractLanesAll JOIN(SnP_prefix, ExtractLanesAll, SnP_suffix) -#define SnP_ExtractAndAddBytes JOIN(SnP_prefix, ExtractAndAddBytes, SnP_suffix) -#define SnP_ExtractAndAddLanesAll JOIN(SnP_prefix, ExtractAndAddLanesAll, SnP_suffix) - -void PlSnP_StaticInitialize( void ) -{ - SnP_StaticInitialize(); -} - -void PlSnP_InitializeAll(void *states) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) - #if (PlSnP_baseParallelism == 1) - SnP_Initialize(stateWithIndex(i)); - #else - SnP_InitializeAll(stateWithIndex(i)); - #endif -} - -void PlSnP_AddByte(void *states, unsigned int instanceIndex, unsigned char byte, unsigned int offset) -{ - #if (PlSnP_baseParallelism == 1) - SnP_AddByte(stateWithIndex(instanceIndex), byte, offset); - #else - SnP_AddByte(stateWithIndex(instanceIndex/PlSnP_baseParallelism), instanceIndex%PlSnP_baseParallelism, byte, offset); - #endif -} - -void PlSnP_AddBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length) -{ - #if (PlSnP_baseParallelism == 1) - SnP_AddBytes(stateWithIndex(instanceIndex), data, offset, length); - #else - SnP_AddBytes(stateWithIndex(instanceIndex/PlSnP_baseParallelism), instanceIndex%PlSnP_baseParallelism, data, offset, length); - #endif -} - -void PlSnP_AddLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) { - #if (PlSnP_baseParallelism == 1) - SnP_AddBytes(stateWithIndex(i), data, 0, laneCount*SnP_laneLengthInBytes); - #else - SnP_AddLanesAll(stateWithIndex(i), data, laneCount, laneOffset); - #endif - data += PlSnP_baseParallelism*laneOffset*SnP_laneLengthInBytes; - } -} - -void PlSnP_OverwriteBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length) -{ - #if (PlSnP_baseParallelism == 1) - SnP_OverwriteBytes(stateWithIndex(instanceIndex), data, offset, length); - #else - SnP_OverwriteBytes(stateWithIndex(instanceIndex/PlSnP_baseParallelism), instanceIndex%PlSnP_baseParallelism, data, offset, length); - #endif -} - -void PlSnP_OverwriteLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) { - #if (PlSnP_baseParallelism == 1) - SnP_OverwriteBytes(stateWithIndex(i), data, 0, laneCount*SnP_laneLengthInBytes); - #else - SnP_OverwriteLanesAll(stateWithIndex(i), data, laneCount, laneOffset); - #endif - data += PlSnP_baseParallelism*laneOffset*SnP_laneLengthInBytes; - } -} - -void PlSnP_OverwriteWithZeroes(void *states, unsigned int instanceIndex, unsigned int byteCount) -{ - #if (PlSnP_baseParallelism == 1) - SnP_OverwriteWithZeroes(stateWithIndex(instanceIndex), byteCount); - #else - SnP_OverwriteWithZeroes(stateWithIndex(instanceIndex/PlSnP_baseParallelism), instanceIndex%PlSnP_baseParallelism, byteCount); - #endif -} - -void PlSnP_PermuteAll(void *states) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) { - #if (PlSnP_baseParallelism == 1) - SnP_Permute(stateWithIndex(i)); - #else - SnP_PermuteAll(stateWithIndex(i)); - #endif - } -} - -#if (defined(SnP_Permute_12rounds) || defined(SnP_PermuteAll_12rounds)) -void PlSnP_PermuteAll_12rounds(void *states) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) { - #if (PlSnP_baseParallelism == 1) - SnP_Permute_12rounds(stateWithIndex(i)); - #else - SnP_PermuteAll_12rounds(stateWithIndex(i)); - #endif - } -} -#endif - -#if (defined(SnP_Permute_Nrounds) || defined(SnP_PermuteAll_6rounds)) -void PlSnP_PermuteAll_6rounds(void *states) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) { - #if (PlSnP_baseParallelism == 1) - SnP_Permute_Nrounds(stateWithIndex(i), 6); - #else - SnP_PermuteAll_6rounds(stateWithIndex(i)); - #endif - } -} -#endif - -#if (defined(SnP_Permute_Nrounds) || defined(SnP_PermuteAll_4rounds)) -void PlSnP_PermuteAll_4rounds(void *states) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) { - #if (PlSnP_baseParallelism == 1) - SnP_Permute_Nrounds(stateWithIndex(i), 4); - #else - SnP_PermuteAll_4rounds(stateWithIndex(i)); - #endif - } -} -#endif - -void PlSnP_ExtractBytes(void *states, unsigned int instanceIndex, unsigned char *data, unsigned int offset, unsigned int length) -{ - #if (PlSnP_baseParallelism == 1) - SnP_ExtractBytes(stateWithIndex(instanceIndex), data, offset, length); - #else - SnP_ExtractBytes(stateWithIndex(instanceIndex/PlSnP_baseParallelism), instanceIndex%PlSnP_baseParallelism, data, offset, length); - #endif -} - -void PlSnP_ExtractLanesAll(void *states, unsigned char *data, unsigned int laneCount, unsigned int laneOffset) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) { - #if (PlSnP_baseParallelism == 1) - SnP_ExtractBytes(stateWithIndex(i), data, 0, laneCount*SnP_laneLengthInBytes); - #else - SnP_ExtractLanesAll(stateWithIndex(i), data, laneCount, laneOffset); - #endif - data += laneOffset*SnP_laneLengthInBytes*PlSnP_baseParallelism; - } -} - -void PlSnP_ExtractAndAddBytes(void *states, unsigned int instanceIndex, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length) -{ - #if (PlSnP_baseParallelism == 1) - SnP_ExtractAndAddBytes(stateWithIndex(instanceIndex), input, output, offset, length); - #else - SnP_ExtractAndAddBytes(stateWithIndex(instanceIndex/PlSnP_baseParallelism), instanceIndex%PlSnP_baseParallelism, input, output, offset, length); - #endif -} - -void PlSnP_ExtractAndAddLanesAll(void *states, const unsigned char *input, unsigned char *output, unsigned int laneCount, unsigned int laneOffset) -{ - unsigned int i; - - for(i=0; i<PlSnP_factor; i++) { - #if (PlSnP_baseParallelism == 1) - SnP_ExtractAndAddBytes(stateWithIndex(i), input, output, 0, laneCount*SnP_laneLengthInBytes); - #else - SnP_ExtractAndAddLanesAll(stateWithIndex(i), input, output, laneCount, laneOffset); - #endif - input += laneOffset*SnP_laneLengthInBytes*PlSnP_baseParallelism; - output += laneOffset*SnP_laneLengthInBytes*PlSnP_baseParallelism; - } -} - -#undef PlSnP_factor -#undef SnP_stateOffset -#undef stateWithIndex -#undef JOIN0 -#undef JOIN -#undef PlSnP_StaticInitialize -#undef PlSnP_InitializeAll -#undef PlSnP_AddByte -#undef PlSnP_AddBytes -#undef PlSnP_AddLanesAll -#undef PlSnP_OverwriteBytes -#undef PlSnP_OverwriteLanesAll -#undef PlSnP_OverwriteWithZeroes -#undef PlSnP_PermuteAll -#undef PlSnP_ExtractBytes -#undef PlSnP_ExtractLanesAll -#undef PlSnP_ExtractAndAddBytes -#undef PlSnP_ExtractAndAddLanesAll -#undef SnP_stateAlignment -#undef SnP_stateSizeInBytes -#undef PlSnP_factor -#undef SnP_stateOffset -#undef stateWithIndex -#undef SnP_StaticInitialize -#undef SnP_Initialize -#undef SnP_InitializeAll -#undef SnP_AddByte -#undef SnP_AddBytes -#undef SnP_AddLanesAll -#undef SnP_OverwriteBytes -#undef SnP_OverwriteWithZeroes -#undef SnP_OverwriteLanesAll -#undef SnP_ExtractBytes -#undef SnP_ExtractLanesAll -#undef SnP_ExtractAndAddBytes -#undef SnP_ExtractAndAddLanesAll diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/config.mk b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/config.mk deleted file mode 100644 index b28c9ce64..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/config.mk +++ /dev/null @@ -1,17 +0,0 @@ -# DO NOT EDIT: generated from config.mk.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# add fixes for platform integration issues here. -# -# liboqs programs expect the public include files to be in oqs/xxxx, -# So we put liboqs in it's own module, oqs, and point to the dist files -INCLUDES += -I$(CORE_DEPTH)/lib/liboqs/src/common/pqclean_shims -I$(CORE_DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits -DEFINES += - -ifeq ($(OS_ARCH), Darwin) -DEFINES += -DOQS_HAVE_ALIGNED_ALLOC -DOQS_HAVE_MEMALIGN -DOQS_HAVE_POSIX_MEMALIGN -endif - diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/manifest.mn b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/manifest.mn deleted file mode 100644 index 73dc52adb..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/manifest.mn +++ /dev/null @@ -1,23 +0,0 @@ -# DO NOT EDIT: generated from manifest.mn.subdirs.template -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../../../../../../.. - -MODULE = oqs - -LIBRARY_NAME = oqs_src_common_sha3_xkcp_low_KeccakP-1600times4_serial -SHARED_LIBRARY = $(NULL) - -CSRCS = \ - KeccakP-1600-times4-on1.c \ - $(NULL) - -# only add module debugging in opt builds if DEBUG_PKCS11 is set -ifdef DEBUG_PKCS11 - DEFINES += -DDEBUG_MODULE -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/serial.gyp b/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/serial.gyp deleted file mode 100644 index 2ede44409..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600times4/serial/serial.gyp +++ /dev/null @@ -1,39 +0,0 @@ -# DO NOT EDIT: generated from subdir.gyp.template -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../../../../../../../coreconf/config.gypi' - ], - 'targets': [ - { - 'target_name': 'oqs_src_common_sha3_xkcp_low_KeccakP-1600times4_serial', - 'type': 'static_library', - 'sources': [ - 'KeccakP-1600-times4-on1.c', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } - ], - 'target_defaults': { - 'defines': [ - ], - 'include_dirs': [ - '<(DEPTH)/lib/liboqs/src/common/pqclean_shims', - '<(DEPTH)/lib/liboqs/src/common/sha3/xkcp_low/KeccakP-1600/plain-64bits', - ], - [ 'OS=="mac"', { - 'defines': [ - 'OQS_HAVE_POSIX_MEMALIGN', - 'OQS_HAVE_ALIGNED_ALLOC', - 'OQS_HAVE_MEMALIGN' - ] - }] - }, - 'variables': { - 'module': 'oqs' - } -} diff --git a/lib/liboqs/src/common/sha3/xkcp_sha3.c b/lib/liboqs/src/common/sha3/xkcp_sha3.c deleted file mode 100644 index ede460734..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_sha3.c +++ /dev/null @@ -1,388 +0,0 @@ -/** -* \file sha3_xkcp.c -* \brief Implementation of the OQS SHA3 API using the XKCP low interface. -* The high level keccak_absorb, squeezeblocks, etc. are based on fips202.c -* from PQClean (https://github.com/PQClean/PQClean/tree/master/common) -* -* SPDX-License-Identifier: MIT -*/ - -#include "sha3.h" - -#include "xkcp_dispatch.h" - -#include <oqs/common.h> - -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -#define KECCAK_CTX_ALIGNMENT 32 -#define _KECCAK_CTX_BYTES (200+sizeof(uint64_t)) -#define KECCAK_CTX_BYTES (KECCAK_CTX_ALIGNMENT * \ - ((_KECCAK_CTX_BYTES + KECCAK_CTX_ALIGNMENT - 1)/KECCAK_CTX_ALIGNMENT)) - -/* The first call to Keccak_Initialize will be routed through dispatch, which - * updates all of the function pointers used below. - */ -static KeccakInitFn Keccak_Dispatch; -static KeccakInitFn *Keccak_Initialize_ptr = &Keccak_Dispatch; -static KeccakAddByteFn *Keccak_AddByte_ptr = NULL; -static KeccakAddBytesFn *Keccak_AddBytes_ptr = NULL; -static KeccakPermuteFn *Keccak_Permute_ptr = NULL; -static KeccakExtractBytesFn *Keccak_ExtractBytes_ptr = NULL; -static KeccakFastLoopAbsorbFn *Keccak_FastLoopAbsorb_ptr = NULL; - -static void Keccak_Dispatch(void *state) { -// TODO: Simplify this when we have a Windows-compatible AVX2 implementation of SHA3 -#if defined(OQS_DIST_X86_64_BUILD) -#if defined(OQS_ENABLE_SHA3_xkcp_low_avx2) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2)) { - Keccak_Initialize_ptr = &KeccakP1600_Initialize_avx2; - Keccak_AddByte_ptr = &KeccakP1600_AddByte_avx2; - Keccak_AddBytes_ptr = &KeccakP1600_AddBytes_avx2; - Keccak_Permute_ptr = &KeccakP1600_Permute_24rounds_avx2; - Keccak_ExtractBytes_ptr = &KeccakP1600_ExtractBytes_avx2; - Keccak_FastLoopAbsorb_ptr = &KeccakF1600_FastLoop_Absorb_avx2; - } else { - Keccak_Initialize_ptr = &KeccakP1600_Initialize_plain64; - Keccak_AddByte_ptr = &KeccakP1600_AddByte_plain64; - Keccak_AddBytes_ptr = &KeccakP1600_AddBytes_plain64; - Keccak_Permute_ptr = &KeccakP1600_Permute_24rounds_plain64; - Keccak_ExtractBytes_ptr = &KeccakP1600_ExtractBytes_plain64; - Keccak_FastLoopAbsorb_ptr = &KeccakF1600_FastLoop_Absorb_plain64; - } -#else // Windows - Keccak_Initialize_ptr = &KeccakP1600_Initialize_plain64; - Keccak_AddByte_ptr = &KeccakP1600_AddByte_plain64; - Keccak_AddBytes_ptr = &KeccakP1600_AddBytes_plain64; - Keccak_Permute_ptr = &KeccakP1600_Permute_24rounds_plain64; - Keccak_ExtractBytes_ptr = &KeccakP1600_ExtractBytes_plain64; - Keccak_FastLoopAbsorb_ptr = &KeccakF1600_FastLoop_Absorb_plain64; -#endif -#else - Keccak_Initialize_ptr = &KeccakP1600_Initialize; - Keccak_AddByte_ptr = &KeccakP1600_AddByte; - Keccak_AddBytes_ptr = &KeccakP1600_AddBytes; - Keccak_Permute_ptr = &KeccakP1600_Permute_24rounds; - Keccak_ExtractBytes_ptr = &KeccakP1600_ExtractBytes; - Keccak_FastLoopAbsorb_ptr = &KeccakF1600_FastLoop_Absorb; -#endif - - (*Keccak_Initialize_ptr)(state); -} - -/************************************************* - * Name: keccak_inc_reset - * - * Description: Initializes the incremental Keccak state to zero. - * - * Arguments: - uint64_t *s: pointer to input/output incremental state - * First 25 values represent Keccak state. - * 26th value represents either the number of absorbed bytes - * that have not been permuted, or not-yet-squeezed bytes. - **************************************************/ -static void keccak_inc_reset(uint64_t *s) { - (*Keccak_Initialize_ptr)(s); - s[25] = 0; -} - -/************************************************* - * Name: keccak_inc_absorb - * - * Description: Incremental keccak absorb - * Preceded by keccak_inc_reset, succeeded by keccak_inc_finalize - * - * Arguments: - uint64_t *s: pointer to input/output incremental state - * First 25 values represent Keccak state. - * 26th value represents either the number of absorbed bytes - * that have not been permuted, or not-yet-squeezed bytes. - * - uint32_t r: rate in bytes (e.g., 168 for SHAKE128) - * - const uint8_t *m: pointer to input to be absorbed into s - * - size_t mlen: length of input in bytes - **************************************************/ -static void keccak_inc_absorb(uint64_t *s, uint32_t r, const uint8_t *m, - size_t mlen) { - uint64_t c = r - s[25]; - - if (s[25] && mlen >= c) { - (*Keccak_AddBytes_ptr)(s, m, (unsigned int)s[25], (unsigned int)c); - (*Keccak_Permute_ptr)(s); - mlen -= c; - m += c; - s[25] = 0; - } - -#ifdef KeccakF1600_FastLoop_supported - if (mlen >= r) { - c = (*Keccak_FastLoop_Absorb_ptr)(s, r / 8, m, mlen); - mlen -= c; - m += c; - } -#else - while (mlen >= r) { - (*Keccak_AddBytes_ptr)(s, m, 0, r); - (*Keccak_Permute_ptr)(s); - mlen -= r; - m += r; - } -#endif - - (*Keccak_AddBytes_ptr)(s, m, (unsigned int)s[25], (unsigned int)mlen); - s[25] += mlen; -} - -/************************************************* - * Name: keccak_inc_finalize - * - * Description: Finalizes Keccak absorb phase, prepares for squeezing - * - * Arguments: - uint64_t *s: pointer to input/output incremental state - * First 25 values represent Keccak state. - * 26th value represents either the number of absorbed bytes - * that have not been permuted, or not-yet-squeezed bytes. - * - uint32_t r: rate in bytes (e.g., 168 for SHAKE128) - * - uint8_t p: domain-separation byte for different - * Keccak-derived functions - **************************************************/ -static void keccak_inc_finalize(uint64_t *s, uint32_t r, uint8_t p) { - /* After keccak_inc_absorb, we are guaranteed that s[25] < r, - so we can always use one more byte for p in the current state. */ - (*Keccak_AddByte_ptr)(s, p, (unsigned int)s[25]); - (*Keccak_AddByte_ptr)(s, 0x80, (unsigned int)(r - 1)); - s[25] = 0; -} - -/************************************************* - * Name: keccak_inc_squeeze - * - * Description: Incremental Keccak squeeze; can be called on byte-level - * - * Arguments: - uint8_t *h: pointer to output bytes - * - size_t outlen: number of bytes to be squeezed - * - uint64_t *s: pointer to input/output incremental state - * First 25 values represent Keccak state. - * 26th value represents either the number of absorbed bytes - * that have not been permuted, or not-yet-squeezed bytes. - * - uint32_t r: rate in bytes (e.g., 168 for SHAKE128) - **************************************************/ -static void keccak_inc_squeeze(uint8_t *h, size_t outlen, - uint64_t *s, uint32_t r) { - while (outlen > s[25]) { - (*Keccak_ExtractBytes_ptr)(s, h, (unsigned int)(r - s[25]), (unsigned int)s[25]); - (*Keccak_Permute_ptr)(s); - h += s[25]; - outlen -= s[25]; - s[25] = r; - } - (*Keccak_ExtractBytes_ptr)(s, h, (unsigned int)(r - s[25]), (unsigned int)outlen); - s[25] -= outlen; -} - -/* SHA3-256 */ - -void OQS_SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inlen) { - OQS_SHA3_sha3_256_inc_ctx s; - OQS_SHA3_sha3_256_inc_init(&s); - OQS_SHA3_sha3_256_inc_absorb(&s, input, inlen); - OQS_SHA3_sha3_256_inc_finalize(output, &s); - OQS_SHA3_sha3_256_inc_ctx_release(&s); -} - -void OQS_SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state) { - state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - keccak_inc_reset((uint64_t *)state->ctx); -} - -void OQS_SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inlen) { - keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHA3_256_RATE, input, inlen); -} - -void OQS_SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state) { - keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHA3_256_RATE, 0x06); - keccak_inc_squeeze(output, 32, (uint64_t *)state->ctx, OQS_SHA3_SHA3_256_RATE); -} - -void OQS_SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state) { - OQS_MEM_aligned_free(state->ctx); -} - -void OQS_SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src) { - memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); -} - -void OQS_SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state) { - keccak_inc_reset((uint64_t *)state->ctx); -} - -/* SHA3-384 */ - -void OQS_SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inlen) { - OQS_SHA3_sha3_384_inc_ctx s; - OQS_SHA3_sha3_384_inc_init(&s); - OQS_SHA3_sha3_384_inc_absorb(&s, input, inlen); - OQS_SHA3_sha3_384_inc_finalize(output, &s); - OQS_SHA3_sha3_384_inc_ctx_release(&s); -} - -void OQS_SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state) { - state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - keccak_inc_reset((uint64_t *)state->ctx); -} - -void OQS_SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inlen) { - keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHA3_384_RATE, input, inlen); -} - -void OQS_SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state) { - keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHA3_384_RATE, 0x06); - keccak_inc_squeeze(output, 48, (uint64_t *)state->ctx, OQS_SHA3_SHA3_384_RATE); -} - -void OQS_SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state) { - OQS_MEM_aligned_free(state->ctx); -} - -void OQS_SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src) { - memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); -} - -void OQS_SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state) { - keccak_inc_reset((uint64_t *)state->ctx); -} - -/* SHA3-512 */ - -void OQS_SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inlen) { - OQS_SHA3_sha3_512_inc_ctx s; - OQS_SHA3_sha3_512_inc_init(&s); - OQS_SHA3_sha3_512_inc_absorb(&s, input, inlen); - OQS_SHA3_sha3_512_inc_finalize(output, &s); - OQS_SHA3_sha3_512_inc_ctx_release(&s); -} - -void OQS_SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) { - state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - keccak_inc_reset((uint64_t *)state->ctx); -} - -void OQS_SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inlen) { - keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHA3_512_RATE, input, inlen); -} - -void OQS_SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state) { - keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHA3_512_RATE, 0x06); - keccak_inc_squeeze(output, 64, (uint64_t *)state->ctx, OQS_SHA3_SHA3_512_RATE); -} - -void OQS_SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state) { - OQS_MEM_aligned_free(state->ctx); -} - -void OQS_SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src) { - memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); -} - -void OQS_SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state) { - keccak_inc_reset((uint64_t *)state->ctx); -} - -/* SHAKE128 */ - -void OQS_SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen) { - OQS_SHA3_shake128_inc_ctx s; - OQS_SHA3_shake128_inc_init(&s); - OQS_SHA3_shake128_inc_absorb(&s, input, inlen); - OQS_SHA3_shake128_inc_finalize(&s); - OQS_SHA3_shake128_inc_squeeze(output, outlen, &s); - OQS_SHA3_shake128_inc_ctx_release(&s); -} - -/* SHAKE128 incremental */ - -void OQS_SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { - state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - keccak_inc_reset((uint64_t *)state->ctx); -} - -void OQS_SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inlen) { - keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE, input, inlen); -} - -void OQS_SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state) { - keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE, 0x1F); -} - -void OQS_SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state) { - keccak_inc_squeeze(output, outlen, (uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE); -} - -void OQS_SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src) { - memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); -} - -void OQS_SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) { - OQS_MEM_aligned_free(state->ctx); -} - -void OQS_SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) { - keccak_inc_reset((uint64_t *)state->ctx); -} - -/* SHAKE256 */ - -void OQS_SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen) { - OQS_SHA3_shake256_inc_ctx s; - OQS_SHA3_shake256_inc_init(&s); - OQS_SHA3_shake256_inc_absorb(&s, input, inlen); - OQS_SHA3_shake256_inc_finalize(&s); - OQS_SHA3_shake256_inc_squeeze(output, outlen, &s); - OQS_SHA3_shake256_inc_ctx_release(&s); -} - -/* SHAKE256 incremental */ - -void OQS_SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { - state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - keccak_inc_reset((uint64_t *)state->ctx); -} - -void OQS_SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inlen) { - keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE, input, inlen); -} - -void OQS_SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state) { - keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE, 0x1F); -} - -void OQS_SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state) { - keccak_inc_squeeze(output, outlen, state->ctx, OQS_SHA3_SHAKE256_RATE); -} - -void OQS_SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) { - OQS_MEM_aligned_free(state->ctx); -} - -void OQS_SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) { - memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); -} - -void OQS_SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state) { - keccak_inc_reset((uint64_t *)state->ctx); -} diff --git a/lib/liboqs/src/common/sha3/xkcp_sha3x4.c b/lib/liboqs/src/common/sha3/xkcp_sha3x4.c deleted file mode 100644 index ef95ac6f0..000000000 --- a/lib/liboqs/src/common/sha3/xkcp_sha3x4.c +++ /dev/null @@ -1,237 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include "sha3.h" -#include "sha3x4.h" - -#include "xkcp_dispatch.h" - -#include <oqs/common.h> -#include <oqs/oqsconfig.h> - -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -#define KECCAK_X4_CTX_ALIGNMENT 32 -#define _KECCAK_X4_CTX_BYTES (800+sizeof(uint64_t)) -#define KECCAK_X4_CTX_BYTES (KECCAK_X4_CTX_ALIGNMENT * \ - ((_KECCAK_X4_CTX_BYTES + KECCAK_X4_CTX_ALIGNMENT - 1)/KECCAK_X4_CTX_ALIGNMENT)) - -/* The first call to Keccak_Initialize will be routed through dispatch, which - * updates all of the function pointers used below. - */ -static KeccakX4InitFn Keccak_X4_Dispatch; -static KeccakX4InitFn *Keccak_X4_Initialize_ptr = &Keccak_X4_Dispatch; -static KeccakX4AddByteFn *Keccak_X4_AddByte_ptr = NULL; -static KeccakX4AddBytesFn *Keccak_X4_AddBytes_ptr = NULL; -static KeccakX4PermuteFn *Keccak_X4_Permute_ptr = NULL; -static KeccakX4ExtractBytesFn *Keccak_X4_ExtractBytes_ptr = NULL; - -static void Keccak_X4_Dispatch(void *state) { -// TODO: Simplify this when we have a Windows-compatible AVX2 implementation of SHA3 -#if defined(OQS_DIST_X86_64_BUILD) -#if defined(OQS_ENABLE_SHA3_xkcp_low_avx2) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2)) { - Keccak_X4_Initialize_ptr = &KeccakP1600times4_InitializeAll_avx2; - Keccak_X4_AddByte_ptr = &KeccakP1600times4_AddByte_avx2; - Keccak_X4_AddBytes_ptr = &KeccakP1600times4_AddBytes_avx2; - Keccak_X4_Permute_ptr = &KeccakP1600times4_PermuteAll_24rounds_avx2; - Keccak_X4_ExtractBytes_ptr = &KeccakP1600times4_ExtractBytes_avx2; - } else { - Keccak_X4_Initialize_ptr = &KeccakP1600times4_InitializeAll_serial; - Keccak_X4_AddByte_ptr = &KeccakP1600times4_AddByte_serial; - Keccak_X4_AddBytes_ptr = &KeccakP1600times4_AddBytes_serial; - Keccak_X4_Permute_ptr = &KeccakP1600times4_PermuteAll_24rounds_serial; - Keccak_X4_ExtractBytes_ptr = &KeccakP1600times4_ExtractBytes_serial; - } -#else // Windows - Keccak_X4_Initialize_ptr = &KeccakP1600times4_InitializeAll_serial; - Keccak_X4_AddByte_ptr = &KeccakP1600times4_AddByte_serial; - Keccak_X4_AddBytes_ptr = &KeccakP1600times4_AddBytes_serial; - Keccak_X4_Permute_ptr = &KeccakP1600times4_PermuteAll_24rounds_serial; - Keccak_X4_ExtractBytes_ptr = &KeccakP1600times4_ExtractBytes_serial; -#endif -#else - Keccak_X4_Initialize_ptr = &KeccakP1600times4_InitializeAll; - Keccak_X4_AddByte_ptr = &KeccakP1600times4_AddByte; - Keccak_X4_AddBytes_ptr = &KeccakP1600times4_AddBytes; - Keccak_X4_Permute_ptr = &KeccakP1600times4_PermuteAll_24rounds; - Keccak_X4_ExtractBytes_ptr = &KeccakP1600times4_ExtractBytes; -#endif - - (*Keccak_X4_Initialize_ptr)(state); -} - -static void keccak_x4_inc_reset(uint64_t *s) { - (*Keccak_X4_Initialize_ptr)(s); - s[100] = 0; -} - -static void keccak_x4_inc_absorb(uint64_t *s, uint32_t r, - const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { - uint64_t c = r - s[100]; - - if (s[100] && inlen >= c) { - (*Keccak_X4_AddBytes_ptr)(s, 0, in0, (unsigned int)s[100], (unsigned int)c); - (*Keccak_X4_AddBytes_ptr)(s, 1, in1, (unsigned int)s[100], (unsigned int)c); - (*Keccak_X4_AddBytes_ptr)(s, 2, in2, (unsigned int)s[100], (unsigned int)c); - (*Keccak_X4_AddBytes_ptr)(s, 3, in3, (unsigned int)s[100], (unsigned int)c); - (*Keccak_X4_Permute_ptr)(s); - inlen -= c; - in0 += c; - in1 += c; - in2 += c; - in3 += c; - s[100] = 0; - } - - while (inlen >= r) { - (*Keccak_X4_AddBytes_ptr)(s, 0, in0, 0, (unsigned int)r); - (*Keccak_X4_AddBytes_ptr)(s, 1, in1, 0, (unsigned int)r); - (*Keccak_X4_AddBytes_ptr)(s, 2, in2, 0, (unsigned int)r); - (*Keccak_X4_AddBytes_ptr)(s, 3, in3, 0, (unsigned int)r); - (*Keccak_X4_Permute_ptr)(s); - inlen -= r; - in0 += r; - in1 += r; - in2 += r; - in3 += r; - } - - (*Keccak_X4_AddBytes_ptr)(s, 0, in0, (unsigned int)s[100], (unsigned int)inlen); - (*Keccak_X4_AddBytes_ptr)(s, 1, in1, (unsigned int)s[100], (unsigned int)inlen); - (*Keccak_X4_AddBytes_ptr)(s, 2, in2, (unsigned int)s[100], (unsigned int)inlen); - (*Keccak_X4_AddBytes_ptr)(s, 3, in3, (unsigned int)s[100], (unsigned int)inlen); - s[100] += inlen; -} - -static void keccak_x4_inc_finalize(uint64_t *s, uint32_t r, uint8_t p) { - (*Keccak_X4_AddByte_ptr)(s, 0, p, (unsigned int)s[100]); - (*Keccak_X4_AddByte_ptr)(s, 1, p, (unsigned int)s[100]); - (*Keccak_X4_AddByte_ptr)(s, 2, p, (unsigned int)s[100]); - (*Keccak_X4_AddByte_ptr)(s, 3, p, (unsigned int)s[100]); - - (*Keccak_X4_AddByte_ptr)(s, 0, 0x80, (unsigned int)(r - 1)); - (*Keccak_X4_AddByte_ptr)(s, 1, 0x80, (unsigned int)(r - 1)); - (*Keccak_X4_AddByte_ptr)(s, 2, 0x80, (unsigned int)(r - 1)); - (*Keccak_X4_AddByte_ptr)(s, 3, 0x80, (unsigned int)(r - 1)); - - s[100] = 0; -} - -static void keccak_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, - size_t outlen, uint64_t *s, uint32_t r) { - - while (outlen > s[100]) { - (*Keccak_X4_ExtractBytes_ptr)(s, 0, out0, (unsigned int)(r - s[100]), (unsigned int)s[100]); - (*Keccak_X4_ExtractBytes_ptr)(s, 1, out1, (unsigned int)(r - s[100]), (unsigned int)s[100]); - (*Keccak_X4_ExtractBytes_ptr)(s, 2, out2, (unsigned int)(r - s[100]), (unsigned int)s[100]); - (*Keccak_X4_ExtractBytes_ptr)(s, 3, out3, (unsigned int)(r - s[100]), (unsigned int)s[100]); - (*Keccak_X4_Permute_ptr)(s); - out0 += s[100]; - out1 += s[100]; - out2 += s[100]; - out3 += s[100]; - outlen -= s[100]; - s[100] = r; - } - - (*Keccak_X4_ExtractBytes_ptr)(s, 0, out0, (unsigned int)(r - s[100]), (unsigned int)outlen); - (*Keccak_X4_ExtractBytes_ptr)(s, 1, out1, (unsigned int)(r - s[100]), (unsigned int)outlen); - (*Keccak_X4_ExtractBytes_ptr)(s, 2, out2, (unsigned int)(r - s[100]), (unsigned int)outlen); - (*Keccak_X4_ExtractBytes_ptr)(s, 3, out3, (unsigned int)(r - s[100]), (unsigned int)outlen); - - s[100] -= outlen; -} - -/********** SHAKE128 ***********/ - -void OQS_SHA3_shake128_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { - OQS_SHA3_shake128_x4_inc_ctx s; - OQS_SHA3_shake128_x4_inc_init(&s); - OQS_SHA3_shake128_x4_inc_absorb(&s, in0, in1, in2, in3, inlen); - OQS_SHA3_shake128_x4_inc_finalize(&s); - OQS_SHA3_shake128_x4_inc_squeeze(out0, out1, out2, out3, outlen, &s); - OQS_SHA3_shake128_x4_inc_ctx_release(&s); -} - -/* SHAKE128 incremental */ - -void OQS_SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { - state->ctx = OQS_MEM_aligned_alloc(KECCAK_X4_CTX_ALIGNMENT, KECCAK_X4_CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - keccak_x4_inc_reset((uint64_t *)state->ctx); -} - -void OQS_SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { - keccak_x4_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE, in0, in1, in2, in3, inlen); -} - -void OQS_SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state) { - keccak_x4_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE, 0x1F); -} - -void OQS_SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake128_x4_inc_ctx *state) { - keccak_x4_inc_squeeze(out0, out1, out2, out3, outlen, (uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE); -} - -void OQS_SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, const OQS_SHA3_shake128_x4_inc_ctx *src) { - memcpy(dest->ctx, src->ctx, KECCAK_X4_CTX_BYTES); -} - -void OQS_SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) { - OQS_MEM_aligned_free(state->ctx); -} - -void OQS_SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { - keccak_x4_inc_reset((uint64_t *)state->ctx); -} - -/********** SHAKE256 ***********/ - -void OQS_SHA3_shake256_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { - OQS_SHA3_shake256_x4_inc_ctx s; - OQS_SHA3_shake256_x4_inc_init(&s); - OQS_SHA3_shake256_x4_inc_absorb(&s, in0, in1, in2, in3, inlen); - OQS_SHA3_shake256_x4_inc_finalize(&s); - OQS_SHA3_shake256_x4_inc_squeeze(out0, out1, out2, out3, outlen, &s); - OQS_SHA3_shake256_x4_inc_ctx_release(&s); -} - -/* SHAKE256 incremental */ - -void OQS_SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { - state->ctx = OQS_MEM_aligned_alloc(KECCAK_X4_CTX_ALIGNMENT, KECCAK_X4_CTX_BYTES); - if (state->ctx == NULL) { - exit(111); - } - keccak_x4_inc_reset((uint64_t *)state->ctx); -} - -void OQS_SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { - keccak_x4_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE, in0, in1, in2, in3, inlen); -} - -void OQS_SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state) { - keccak_x4_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE, 0x1F); -} - -void OQS_SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake256_x4_inc_ctx *state) { - keccak_x4_inc_squeeze(out0, out1, out2, out3, outlen, (uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE); -} - -void OQS_SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, const OQS_SHA3_shake256_x4_inc_ctx *src) { - memcpy(dest->ctx, src->ctx, KECCAK_X4_CTX_BYTES); -} - -void OQS_SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) { - OQS_MEM_aligned_free(state->ctx); -} - -void OQS_SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { - keccak_x4_inc_reset((uint64_t *)state->ctx); -} - diff --git a/lib/liboqs/src/common/x86_64_helpers.h b/lib/liboqs/src/common/x86_64_helpers.h deleted file mode 100644 index f62009eee..000000000 --- a/lib/liboqs/src/common/x86_64_helpers.h +++ /dev/null @@ -1,67 +0,0 @@ -/* This file has been written using: - * https://github.com/vectorclass/version2/blob/master/instrset_detect.cpp - * https://github.com/google/cpu_features/blob/master/src/cpuinfo_x86.c - * SPDX-License-Identifier: Apache-2.0 - */ - -#include <stdint.h> - -#if defined(_MSC_VER) -#include <immintrin.h> -#include <intrin.h> -#endif - -#define MASK_XMM 0x2 -#define MASK_YMM 0x4 -#define MASK_MASKREG 0x20 -#define MASK_ZMM0_15 0x40 -#define MASK_ZMM16_31 0x80 - -typedef struct { - uint32_t eax; - uint32_t ebx; - uint32_t ecx; - uint32_t edx; -} cpuid_out; - -static inline uint32_t xgetbv_eax(uint32_t xcr) { -#if defined(__GNUC__) || defined(__clang__) - uint32_t eax; - __asm__ ( ".byte 0x0f, 0x01, 0xd0" : "=a"(eax) : "c"(xcr)); - return eax; -#elif defined(_MSC_VER) - return _xgetbv(xcr) & 0xFFFF; -#else -#error "Only GCC, Clang, and MSVC are supported." -#endif -} - -static unsigned int has_mask(const uint32_t value, const uint32_t mask) { - return (value & mask) == mask; -} - -static inline unsigned int is_bit_set(const uint32_t val, const unsigned int bit_pos) { - return val & (1 << bit_pos) ? 1 : 0; -} - -static inline void cpuid(cpuid_out *out, const uint32_t eax_leaf) { - const uint32_t ecx_leaf = 0; - -#if defined(__GNUC__) || defined(__clang__) - uint32_t eax, ebx, ecx, edx; - __asm__("cpuid" : "=a"(eax), "=b"(ebx), "=c"(ecx), "=d"(edx) : "a"(eax_leaf), "c"(ecx_leaf) : ); - out->eax = eax; - out->ebx = ebx; - out->ecx = ecx; - out->edx = edx; -#elif defined(_MSC_VER) - uint32_t output[4]; - __cpuidex(output, eax_leaf, ecx_leaf); - out->eax = output[0]; - out->ebx = output[1]; - out->ecx = output[2]; - out->edx = output[3]; -#else -#error "Only GCC, Clang, and MSVC are supported." -#endif -} |