#include #include "sha256avx.h" #include "sha256x8.h" #include "utils.h" // Performs sha256x8 on an initialized (and perhaps seeded) state. static void _sha256x8( sha256x8ctx *ctx, unsigned char *out0, unsigned char *out1, unsigned char *out2, unsigned char *out3, unsigned char *out4, unsigned char *out5, unsigned char *out6, unsigned char *out7, const unsigned char *in0, const unsigned char *in1, const unsigned char *in2, const unsigned char *in3, const unsigned char *in4, const unsigned char *in5, const unsigned char *in6, const unsigned char *in7, unsigned long long inlen) { unsigned long long i = 0; while (inlen - i >= 64) { sha256_transform8x(ctx, in0 + i, in1 + i, in2 + i, in3 + i, in4 + i, in5 + i, in6 + i, in7 + i ); i += 64; ctx->msglen += 512; } size_t bytes_to_copy = (size_t)(inlen - i); memcpy(&ctx->msgblocks[64 * 0], in0 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 1], in1 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 2], in2 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 3], in3 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 4], in4 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 5], in5 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 6], in6 + i, bytes_to_copy); memcpy(&ctx->msgblocks[64 * 7], in7 + i, bytes_to_copy); ctx->datalen = (unsigned int)bytes_to_copy; sha256_final8x(ctx, out0, out1, out2, out3, out4, out5, out6, out7); } void sha256x8_seeded( unsigned char *out0, unsigned char *out1, unsigned char *out2, unsigned char *out3, unsigned char *out4, unsigned char *out5, unsigned char *out6, unsigned char *out7, const sha256x8ctx *seed, const unsigned char *in0, const unsigned char *in1, const unsigned char *in2, const unsigned char *in3, const unsigned char *in4, const unsigned char *in5, const unsigned char *in6, const unsigned char *in7, unsigned long long inlen) { sha256x8ctx ctx; sha256_ctx_clone8x(&ctx, seed); _sha256x8(&ctx, out0, out1, out2, out3, out4, out5, out6, out7, in0, in1, in2, in3, in4, in5, in6, in7, inlen); } /* This provides a wrapper around the internals of 8x parallel SHA256 */ void sha256x8(unsigned char *out0, unsigned char *out1, unsigned char *out2, unsigned char *out3, unsigned char *out4, unsigned char *out5, unsigned char *out6, unsigned char *out7, const unsigned char *in0, const unsigned char *in1, const unsigned char *in2, const unsigned char *in3, const unsigned char *in4, const unsigned char *in5, const unsigned char *in6, const unsigned char *in7, unsigned long long inlen) { sha256x8ctx ctx; sha256_init8x(&ctx); _sha256x8(&ctx, out0, out1, out2, out3, out4, out5, out6, out7, in0, in1, in2, in3, in4, in5, in6, in7, inlen); } /** * Note that inlen should be sufficiently small that it still allows for * an array to be allocated on the stack. Typically 'in' is merely a seed. * Outputs outlen number of bytes */ void mgf1x8(unsigned char *outx8, unsigned long outlen, const unsigned char *in0, const unsigned char *in1, const unsigned char *in2, const unsigned char *in3, const unsigned char *in4, const unsigned char *in5, const unsigned char *in6, const unsigned char *in7, unsigned long inlen) { PQCLEAN_VLA(unsigned char, inbufx8, 8 * (inlen + 4)); unsigned char outbufx8[8 * SPX_SHA256_OUTPUT_BYTES]; uint32_t i; unsigned int j; memcpy(inbufx8 + 0 * (inlen + 4), in0, inlen); memcpy(inbufx8 + 1 * (inlen + 4), in1, inlen); memcpy(inbufx8 + 2 * (inlen + 4), in2, inlen); memcpy(inbufx8 + 3 * (inlen + 4), in3, inlen); memcpy(inbufx8 + 4 * (inlen + 4), in4, inlen); memcpy(inbufx8 + 5 * (inlen + 4), in5, inlen); memcpy(inbufx8 + 6 * (inlen + 4), in6, inlen); memcpy(inbufx8 + 7 * (inlen + 4), in7, inlen); /* While we can fit in at least another full block of SHA256 output.. */ for (i = 0; (i + 1) * SPX_SHA256_OUTPUT_BYTES <= outlen; i++) { for (j = 0; j < 8; j++) { u32_to_bytes(inbufx8 + inlen + j * (inlen + 4), i); } sha256x8(outx8 + 0 * outlen, outx8 + 1 * outlen, outx8 + 2 * outlen, outx8 + 3 * outlen, outx8 + 4 * outlen, outx8 + 5 * outlen, outx8 + 6 * outlen, outx8 + 7 * outlen, inbufx8 + 0 * (inlen + 4), inbufx8 + 1 * (inlen + 4), inbufx8 + 2 * (inlen + 4), inbufx8 + 3 * (inlen + 4), inbufx8 + 4 * (inlen + 4), inbufx8 + 5 * (inlen + 4), inbufx8 + 6 * (inlen + 4), inbufx8 + 7 * (inlen + 4), inlen + 4); outx8 += SPX_SHA256_OUTPUT_BYTES; } /* Until we cannot anymore, and we fill the remainder. */ for (j = 0; j < 8; j++) { u32_to_bytes(inbufx8 + inlen + j * (inlen + 4), i); } sha256x8(outbufx8 + 0 * SPX_SHA256_OUTPUT_BYTES, outbufx8 + 1 * SPX_SHA256_OUTPUT_BYTES, outbufx8 + 2 * SPX_SHA256_OUTPUT_BYTES, outbufx8 + 3 * SPX_SHA256_OUTPUT_BYTES, outbufx8 + 4 * SPX_SHA256_OUTPUT_BYTES, outbufx8 + 5 * SPX_SHA256_OUTPUT_BYTES, outbufx8 + 6 * SPX_SHA256_OUTPUT_BYTES, outbufx8 + 7 * SPX_SHA256_OUTPUT_BYTES, inbufx8 + 0 * (inlen + 4), inbufx8 + 1 * (inlen + 4), inbufx8 + 2 * (inlen + 4), inbufx8 + 3 * (inlen + 4), inbufx8 + 4 * (inlen + 4), inbufx8 + 5 * (inlen + 4), inbufx8 + 6 * (inlen + 4), inbufx8 + 7 * (inlen + 4), inlen + 4); for (j = 0; j < 8; j++) { memcpy(outx8 + j * outlen, outbufx8 + j * SPX_SHA256_OUTPUT_BYTES, outlen - i * SPX_SHA256_OUTPUT_BYTES); } }