add sphincs

2026-06-16 09:53:39 +08:00 · 2019-03-13 22:26:55 +08:00
parent c87cc29427
commit 0337c38628
29 changed files with 2021 additions and 0 deletions
--- a/crypto/sphincs/primitives/haraka.c
+++ b/crypto/sphincs/primitives/haraka.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2017 Nagravision S.A.
+ */
+
+#include "haraka.h"
+#include <string.h>
+
+
+void aesenc (uint8_t *s, const uint8_t *rk) {
+    uint8_t i, t, u, v[4][4];
+    for (i = 0; i < 16; ++i) v[((i / 4) + 4 - (i % 4)) % 4][i % 4] = sbox[s[i]];
+    for (i = 0; i < 4; ++i) {
+        t = v[i][0];
+        u = v[i][0] ^ v[i][1] ^ v[i][2] ^ v[i][3];
+        v[i][0] ^= u ^ XT (v[i][0] ^ v[i][1]);
+        v[i][1] ^= u ^ XT (v[i][1] ^ v[i][2]);
+        v[i][2] ^= u ^ XT (v[i][2] ^ v[i][3]);
+        v[i][3] ^= u ^ XT (v[i][3] ^ t);
+    }
+    for (i = 0; i < 16; ++i) s[i] = v[i / 4][i % 4] ^ rk[i];
+}
+
+
+void haraka256_256 (uint8_t *out, const uint8_t *in) {
+
+    uint8_t s0[16], s1[16];
+    uint32_t tmp[4];
+    int i;
+
+    memcpy (s0, in, 16);
+    memcpy (s1, in + 16, 16);
+
+    AES2 (0);
+    MIX2;
+    AES2 (4);
+    MIX2;
+    AES2 (8);
+    MIX2;
+    AES2 (12);
+    MIX2;
+    AES2 (16);
+    MIX2;
+    AES2 (20);
+    MIX2;
+
+    for (i = 0; i < 16; ++i) {
+        out[i] = in[i] ^ s0[i];
+        out[i + 16] = in[i + 16] ^ s1[i];
+    }
+}
+
+void haraka256_256_chain (uint8_t *out, const uint8_t *in, int chainlen) {
+
+    uint8_t s0[16], s1[16];
+    uint8_t t0[16], t1[16];
+    uint32_t tmp[4];
+    int i, j;
+
+    memcpy (s0, in, 16);
+    memcpy (s1, in + 16, 16);
+    memcpy (t0, in, 16);
+    memcpy (t1, in + 16, 16);
+
+    for (j = 0; j < chainlen; ++j) {
+
+        AES2 (0);
+        MIX2;
+        AES2 (4);
+        MIX2;
+        AES2 (8);
+        MIX2;
+        AES2 (12);
+        MIX2;
+        AES2 (16);
+        MIX2;
+        AES2 (20);
+        MIX2;
+
+        for (i = 0; i < 16; ++i) {
+            s0[i] = t0[i] = t0[i] ^ s0[i];
+            s1[i] = t1[i] = t1[i] ^ s1[i];
+        }
+    }
+    for (i = 0; i < 16; ++i) {
+        out[i] = s0[i];
+        out[i + 16] = s1[i];
+    }
+}
+
+void haraka512_256 (uint8_t *out, const uint8_t *in) {
+
+    uint8_t s0[16], s1[16], s2[16], s3[16];
+    uint32_t tmp[5];
+    int i;
+
+    memcpy (s0, in, 16);
+    memcpy (s1, in + 16, 16);
+    memcpy (s2, in + 32, 16);
+    memcpy (s3, in + 48, 16);
+
+    AES4 (0);
+    MIX4;
+    AES4 (8);
+    MIX4;
+    AES4 (16);
+    MIX4;
+    AES4 (24);
+    MIX4;
+    AES4 (32);
+    MIX4;
+    AES4 (40);
+    MIX4;
+
+    for (i = 0; i < 16; ++i) {
+        s0[i] = in[i] ^ s0[i];
+        s1[i] = in[i + 16] ^ s1[i];
+        s2[i] = in[i + 32] ^ s2[i];
+        s3[i] = in[i + 48] ^ s3[i];
+    }
+
+    ((uint64_t *)out)[0] = ((uint64_t *)s0)[1];
+    ((uint64_t *)out)[1] = ((uint64_t *)s1)[1];
+    ((uint64_t *)out)[2] = ((uint64_t *)s2)[0];
+    ((uint64_t *)out)[3] = ((uint64_t *)s3)[0];
+}