From 5a38316acc2f550b1403d7189dec338d9327cb57 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 3 Nov 2023 17:23:26 +0900 Subject: [PATCH] Make common algorithms pluggable This allows applications to replace the implementation of common cryptographic algorithms at runtime, by setting callback functions for each operations with OQS_AES_set_callbacks, OQS_SHA2_set_callbacks, OQS_SHA3_set_callbacks, and OQS_SHA3_x4_callbacks. Those functions may be called once before OQS_init; otherwise the default implementation will be used. Signed-off-by: Daiki Ueno --- src/common/CMakeLists.txt | 17 ++-- src/common/aes/aes.c | 117 +++++------------------- src/common/aes/aes.h | 28 ++++++ src/common/aes/aes_impl.c | 160 +++++++++++++++++++++++++++++++++ src/common/aes/aes_local.h | 2 + src/common/aes/aes_ossl.c | 42 ++++++--- src/common/sha2/sha2.c | 90 +++++-------------- src/common/sha2/sha2.h | 39 ++++++-- src/common/sha2/sha2_impl.c | 123 ++++++++++++++++++++++++++ src/common/sha2/sha2_local.h | 2 + src/common/sha2/sha2_ossl.c | 67 +++++++++----- src/common/sha3/ossl_sha3.c | 116 ++++++++++++++++-------- src/common/sha3/ossl_sha3x4.c | 57 ++++++++---- src/common/sha3/sha3.c | 161 ++++++++++++++++++++++++++++++++++ src/common/sha3/sha3.h | 51 +++++++++++ src/common/sha3/sha3x4.c | 77 ++++++++++++++++ src/common/sha3/sha3x4.h | 93 ++++++++++++++++++++ src/common/sha3/xkcp_sha3.c | 116 ++++++++++++++++-------- src/common/sha3/xkcp_sha3x4.c | 53 +++++++---- 19 files changed, 1091 insertions(+), 320 deletions(-) create mode 100644 src/common/aes/aes_impl.c create mode 100644 src/common/sha2/sha2_impl.c create mode 100644 src/common/sha3/sha3.c create mode 100644 src/common/sha3/sha3x4.c diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index 79172404c1..231bafae13 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -22,7 +22,7 @@ if(${OQS_USE_AES_OPENSSL}) set(AES_IMPL aes/aes_ossl.c) set(OSSL_HELPERS ossl_helpers.c) else() - set(AES_IMPL aes/aes.c aes/aes_c.c) + set(AES_IMPL aes/aes_impl.c aes/aes_c.c) if (OQS_DIST_X86_64_BUILD OR OQS_USE_AES_INSTRUCTIONS) set(AES_IMPL ${AES_IMPL} aes/aes128_ni.c) set(AES_IMPL ${AES_IMPL} aes/aes256_ni.c) @@ -47,7 +47,7 @@ if(${OQS_USE_SHA2_OPENSSL}) set(SHA2_IMPL sha2/sha2_ossl.c) set(OSSL_HELPERS ossl_helpers.c) else() - set(SHA2_IMPL sha2/sha2.c sha2/sha2_c.c) + set(SHA2_IMPL sha2/sha2_impl.c sha2/sha2_c.c) if (OQS_DIST_ARM64_V8_BUILD) set(SHA2_IMPL ${SHA2_IMPL} sha2/sha2_armv8.c) set_source_files_properties(sha2/sha2_armv8.c PROPERTIES COMPILE_FLAGS -mcpu=cortex-a53+crypto) @@ -71,9 +71,9 @@ else() # using XKCP set(SHA3_IMPL sha3/xkcp_sha3.c sha3/xkcp_sha3x4.c) endif() -add_library(common OBJECT ${AES_IMPL} - ${SHA2_IMPL} - ${SHA3_IMPL} +add_library(common OBJECT ${AES_IMPL} aes/aes.c + ${SHA2_IMPL} sha2/sha2.c + ${SHA3_IMPL} sha3/sha3.c sha3/sha3x4.c ${OSSL_HELPERS} common.c pqclean_shims/fips202.c @@ -81,11 +81,12 @@ add_library(common OBJECT ${AES_IMPL} rand/rand.c) # Implementations of the internal API to be exposed to test programs -add_library(internal OBJECT ${AES_IMPL} - ${SHA2_IMPL} - ${SHA3_IMPL} +add_library(internal OBJECT ${AES_IMPL} aes/aes.c + ${SHA2_IMPL} sha2/sha2.c + ${SHA3_IMPL} sha3/sha3.c sha3/sha3x4.c ${OSSL_HELPERS} common.c + rand/rand.c rand/rand_nist.c) set_property(TARGET internal PROPERTY C_VISIBILITY_PRESET default) diff --git a/src/common/aes/aes.c b/src/common/aes/aes.c index 1fef083a72..3ac8794991 100644 --- a/src/common/aes/aes.c +++ b/src/common/aes/aes.c @@ -9,129 +9,60 @@ #include "aes.h" #include "aes_local.h" -#if defined(OQS_DIST_X86_64_BUILD) -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - do { \ - if (OQS_CPU_has_extension(OQS_CPU_EXT_AES)) { \ - stmt_ni; \ - } else { \ - stmt_c; \ - } \ - } while(0) -#elif defined(OQS_DIST_ARM64_V8_BUILD) -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - do { \ - if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_AES)) { \ - stmt_arm; \ - } else { \ - stmt_c; \ - } \ - } while(0) -#elif defined(OQS_USE_AES_INSTRUCTIONS) -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - stmt_ni -#elif defined(OQS_USE_ARM_AES_INSTRUCTIONS) -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - stmt_arm -#else -#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ - stmt_c -#endif - -void OQS_AES128_ECB_load_schedule(const uint8_t *key, void **_schedule) { - C_OR_NI_OR_ARM( - oqs_aes128_load_schedule_c(key, _schedule), - oqs_aes128_load_schedule_ni(key, _schedule), - oqs_aes128_load_schedule_no_bitslice(key, _schedule) - ); +static struct OQS_AES_callbacks *callbacks = &aes_default_callbacks; + +OQS_API void OQS_AES_set_callbacks(struct OQS_AES_callbacks *new_callbacks) { + callbacks = new_callbacks; +} + +void OQS_AES128_ECB_load_schedule(const uint8_t *key, void **schedule) { + callbacks->AES128_ECB_load_schedule(key, schedule); } void OQS_AES128_free_schedule(void *schedule) { - C_OR_NI_OR_ARM( - oqs_aes128_free_schedule_c(schedule), - oqs_aes128_free_schedule_ni(schedule), - oqs_aes128_free_schedule_no_bitslice(schedule) - ); + callbacks->AES128_free_schedule(schedule); } -void OQS_AES256_ECB_load_schedule(const uint8_t *key, void **_schedule) { - C_OR_NI_OR_ARM( - oqs_aes256_load_schedule_c(key, _schedule), - oqs_aes256_load_schedule_ni(key, _schedule), - oqs_aes256_load_schedule_no_bitslice(key, _schedule) - ); +void OQS_AES256_ECB_load_schedule(const uint8_t *key, void **schedule) { + callbacks->AES256_ECB_load_schedule(key, schedule); } -void OQS_AES256_CTR_inc_init(const uint8_t *key, void **_schedule) { - OQS_AES256_ECB_load_schedule(key, _schedule); +void OQS_AES256_CTR_inc_init(const uint8_t *key, void **schedule) { + callbacks->AES256_CTR_inc_init(key, schedule); } -void OQS_AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *_schedule) { - C_OR_NI_OR_ARM( - oqs_aes256_load_iv_c(iv, iv_len, _schedule), - oqs_aes256_load_iv_ni(iv, iv_len, _schedule), - oqs_aes256_load_iv_armv8(iv, iv_len, _schedule) - ); +void OQS_AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *schedule) { + callbacks->AES256_CTR_inc_iv(iv, iv_len, schedule); } -void OQS_AES256_CTR_inc_ivu64(uint64_t iv, void *_schedule) { - C_OR_NI_OR_ARM( - oqs_aes256_load_iv_u64_c(iv, _schedule), - oqs_aes256_load_iv_u64_ni(iv, _schedule), - (void) iv; (void) _schedule - ); +void OQS_AES256_CTR_inc_ivu64(uint64_t iv, void *schedule) { + callbacks->AES256_CTR_inc_ivu64(iv, schedule); } void OQS_AES256_free_schedule(void *schedule) { - C_OR_NI_OR_ARM( - oqs_aes256_free_schedule_c(schedule), - oqs_aes256_free_schedule_ni(schedule), - oqs_aes256_free_schedule_no_bitslice(schedule) - ); + callbacks->AES256_free_schedule(schedule); } void OQS_AES128_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { - void *schedule = NULL; - OQS_AES128_ECB_load_schedule(key, &schedule); - OQS_AES128_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); - OQS_AES128_free_schedule(schedule); + callbacks->AES128_ECB_enc(plaintext, plaintext_len, key, ciphertext); } void OQS_AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { - C_OR_NI_OR_ARM( - oqs_aes128_ecb_enc_sch_c(plaintext, plaintext_len, schedule, ciphertext), - oqs_aes128_ecb_enc_sch_ni(plaintext, plaintext_len, schedule, ciphertext), - oqs_aes128_ecb_enc_sch_armv8(plaintext, plaintext_len, schedule, ciphertext) - ); + callbacks->AES128_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); } void OQS_AES256_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { - void *schedule = NULL; - OQS_AES256_ECB_load_schedule(key, &schedule); - OQS_AES256_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); - OQS_AES256_free_schedule(schedule); + callbacks->AES256_ECB_enc(plaintext, plaintext_len, key, ciphertext); } void OQS_AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { - C_OR_NI_OR_ARM( - oqs_aes256_ecb_enc_sch_c(plaintext, plaintext_len, schedule, ciphertext), - oqs_aes256_ecb_enc_sch_ni(plaintext, plaintext_len, schedule, ciphertext), - oqs_aes256_ecb_enc_sch_armv8(plaintext, plaintext_len, schedule, ciphertext) - ); + callbacks->AES256_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); } void OQS_AES256_CTR_inc_stream_iv(const uint8_t *iv, const size_t iv_len, const void *schedule, uint8_t *out, size_t out_len) { - C_OR_NI_OR_ARM( - oqs_aes256_ctr_enc_sch_c(iv, iv_len, schedule, out, out_len), - oqs_aes256_ctr_enc_sch_ni(iv, iv_len, schedule, out, out_len), - oqs_aes256_ctr_enc_sch_armv8(iv, iv_len, schedule, out, out_len) - ); + callbacks->AES256_CTR_inc_stream_iv(iv, iv_len, schedule, out, out_len); } void OQS_AES256_CTR_inc_stream_blks(void *schedule, uint8_t *out, size_t out_blks) { - C_OR_NI_OR_ARM( - oqs_aes256_ctr_enc_sch_upd_blks_c(schedule, out, out_blks), - oqs_aes256_ctr_enc_sch_upd_blks_ni(schedule, out, out_blks), - oqs_aes256_ctr_enc_sch_upd_blks_armv8(schedule, out, out_blks) - ); + callbacks->AES256_CTR_inc_stream_blks(schedule, out, out_blks); } diff --git a/src/common/aes/aes.h b/src/common/aes/aes.h index 83649dbe72..8b8a330ea1 100644 --- a/src/common/aes/aes.h +++ b/src/common/aes/aes.h @@ -14,6 +14,8 @@ #include #include +#include + #if defined(__cplusplus) extern "C" { #endif @@ -147,6 +149,32 @@ void OQS_AES256_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const void * */ void OQS_AES256_CTR_inc_stream_blks(void *ctx, uint8_t *out, size_t out_blks); +struct OQS_AES_callbacks { + void (*AES128_ECB_load_schedule)(const uint8_t *key, void **ctx); + void (*AES128_free_schedule)(void *ctx); + void (*AES128_ECB_enc)(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext); + void (*AES128_ECB_enc_sch)(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); + void (*AES256_ECB_load_schedule)(const uint8_t *key, void **ctx); + void (*AES256_CTR_inc_init)(const uint8_t *key, void **ctx); + void (*AES256_CTR_inc_iv)(const uint8_t *iv, size_t iv_len, void *ctx); + void (*AES256_CTR_inc_ivu64)(uint64_t iv, void *ctx); + void (*AES256_free_schedule)(void *ctx); + void (*AES256_ECB_enc)(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext); + void (*AES256_ECB_enc_sch)(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); + void (*AES256_CTR_inc_stream_iv)(const uint8_t *iv, size_t iv_len, const void *ctx, uint8_t *out, size_t out_len); + void (*AES256_CTR_inc_stream_blks)(void *ctx, uint8_t *out, size_t out_blks); +}; + +/** + * Set callback functions for AES operations. + * + * This function may be called at most once before OQS_init to replace + * the implementation of AES operations. + * + * @param[in] new_callbacks Callback functions defined in OQS_AES_callbacks + */ +OQS_API void OQS_AES_set_callbacks(struct OQS_AES_callbacks *new_callbacks); + #if defined(__cplusplus) } // extern "C" #endif diff --git a/src/common/aes/aes_impl.c b/src/common/aes/aes_impl.c new file mode 100644 index 0000000000..ae9be662cf --- /dev/null +++ b/src/common/aes/aes_impl.c @@ -0,0 +1,160 @@ +// SPDX-License-Identifier: MIT + +#include +#include +#include + +#include + +#include "aes.h" +#include "aes_local.h" + +#if defined(OQS_DIST_X86_64_BUILD) +#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ + do { \ + if (OQS_CPU_has_extension(OQS_CPU_EXT_AES)) { \ + stmt_ni; \ + } else { \ + stmt_c; \ + } \ + } while(0) +#elif defined(OQS_DIST_ARM64_V8_BUILD) +#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ + do { \ + if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_AES)) { \ + stmt_arm; \ + } else { \ + stmt_c; \ + } \ + } while(0) +#elif defined(OQS_USE_AES_INSTRUCTIONS) +#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ + stmt_ni +#elif defined(OQS_USE_ARM_AES_INSTRUCTIONS) +#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ + stmt_arm +#else +#define C_OR_NI_OR_ARM(stmt_c, stmt_ni, stmt_arm) \ + stmt_c +#endif + +static void AES128_ECB_load_schedule(const uint8_t *key, void **_schedule) { + C_OR_NI_OR_ARM( + oqs_aes128_load_schedule_c(key, _schedule), + oqs_aes128_load_schedule_ni(key, _schedule), + oqs_aes128_load_schedule_no_bitslice(key, _schedule) + ); +} + +static void AES128_free_schedule(void *schedule) { + C_OR_NI_OR_ARM( + oqs_aes128_free_schedule_c(schedule), + oqs_aes128_free_schedule_ni(schedule), + oqs_aes128_free_schedule_no_bitslice(schedule) + ); +} + +static void AES256_ECB_load_schedule(const uint8_t *key, void **_schedule) { + C_OR_NI_OR_ARM( + oqs_aes256_load_schedule_c(key, _schedule), + oqs_aes256_load_schedule_ni(key, _schedule), + oqs_aes256_load_schedule_no_bitslice(key, _schedule) + ); +} + +static void AES256_CTR_inc_init(const uint8_t *key, void **_schedule) { + AES256_ECB_load_schedule(key, _schedule); +} + +static void AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *_schedule) { + C_OR_NI_OR_ARM( + oqs_aes256_load_iv_c(iv, iv_len, _schedule), + oqs_aes256_load_iv_ni(iv, iv_len, _schedule), + oqs_aes256_load_iv_armv8(iv, iv_len, _schedule) + ); +} + +static void AES256_CTR_inc_ivu64(uint64_t iv, void *_schedule) { + C_OR_NI_OR_ARM( + oqs_aes256_load_iv_u64_c(iv, _schedule), + oqs_aes256_load_iv_u64_ni(iv, _schedule), + (void) iv; (void) _schedule + ); +} + +static void AES256_free_schedule(void *schedule) { + C_OR_NI_OR_ARM( + oqs_aes256_free_schedule_c(schedule), + oqs_aes256_free_schedule_ni(schedule), + oqs_aes256_free_schedule_no_bitslice(schedule) + ); +} + +static void AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); + +static void AES128_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { + void *schedule = NULL; + AES128_ECB_load_schedule(key, &schedule); + AES128_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); + AES128_free_schedule(schedule); +} + +static void AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { + C_OR_NI_OR_ARM( + oqs_aes128_ecb_enc_sch_c(plaintext, plaintext_len, schedule, ciphertext), + oqs_aes128_ecb_enc_sch_ni(plaintext, plaintext_len, schedule, ciphertext), + oqs_aes128_ecb_enc_sch_armv8(plaintext, plaintext_len, schedule, ciphertext) + ); +} + +static void AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); + +static void AES256_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { + void *schedule = NULL; + AES256_ECB_load_schedule(key, &schedule); + AES256_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); + AES256_free_schedule(schedule); +} + +static void AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { + C_OR_NI_OR_ARM( + oqs_aes256_ecb_enc_sch_c(plaintext, plaintext_len, schedule, ciphertext), + oqs_aes256_ecb_enc_sch_ni(plaintext, plaintext_len, schedule, ciphertext), + oqs_aes256_ecb_enc_sch_armv8(plaintext, plaintext_len, schedule, ciphertext) + ); +} + +static void AES256_CTR_inc_stream_iv(const uint8_t *iv, const size_t iv_len, const void *schedule, uint8_t *out, size_t out_len) { + C_OR_NI_OR_ARM( + oqs_aes256_ctr_enc_sch_c(iv, iv_len, schedule, out, out_len), + oqs_aes256_ctr_enc_sch_ni(iv, iv_len, schedule, out, out_len), + oqs_aes256_ctr_enc_sch_armv8(iv, iv_len, schedule, out, out_len) + ); +} + +static void AES256_CTR_inc_stream_blks(void *schedule, uint8_t *out, size_t out_blks) { + C_OR_NI_OR_ARM( + oqs_aes256_ctr_enc_sch_upd_blks_c(schedule, out, out_blks), + oqs_aes256_ctr_enc_sch_upd_blks_ni(schedule, out, out_blks), + oqs_aes256_ctr_enc_sch_upd_blks_armv8(schedule, out, out_blks) + ); +} + +struct OQS_AES_callbacks aes_default_callbacks = { + AES128_ECB_load_schedule, + AES128_free_schedule, + AES128_ECB_enc, + AES128_ECB_enc_sch, + AES256_ECB_load_schedule, + AES256_CTR_inc_init, + AES256_CTR_inc_iv, + AES256_CTR_inc_ivu64, + AES256_free_schedule, + AES256_ECB_enc, + AES256_ECB_enc_sch, + AES256_CTR_inc_stream_iv, + AES256_CTR_inc_stream_blks, +}; + +void OQS_AES_init(void) { +} diff --git a/src/common/aes/aes_local.h b/src/common/aes/aes_local.h index eac879352c..4c9942a085 100644 --- a/src/common/aes/aes_local.h +++ b/src/common/aes/aes_local.h @@ -40,3 +40,5 @@ void oqs_aes256_enc_sch_block_armv8(const uint8_t *plaintext, const void *_sched void oqs_aes256_ecb_enc_sch_armv8(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); void oqs_aes256_ctr_enc_sch_armv8(const uint8_t *iv, const size_t iv_len, const void *schedule, uint8_t *out, size_t out_len); void oqs_aes256_ctr_enc_sch_upd_blks_armv8(void *schedule, uint8_t *out, size_t out_blks); + +extern struct OQS_AES_callbacks aes_default_callbacks; diff --git a/src/common/aes/aes_ossl.c b/src/common/aes/aes_ossl.c index 67193292ef..0696b53624 100644 --- a/src/common/aes/aes_ossl.c +++ b/src/common/aes/aes_ossl.c @@ -28,7 +28,7 @@ static inline void br_enc64be(unsigned char *dst, uint64_t x) { dst[0] = (unsigned char)x; } -void OQS_AES128_ECB_load_schedule(const uint8_t *key, void **schedule) { +static void AES128_ECB_load_schedule(const uint8_t *key, void **schedule) { *schedule = malloc(sizeof(struct key_schedule)); OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL"); struct key_schedule *ks = (struct key_schedule *) *schedule; @@ -39,7 +39,7 @@ void OQS_AES128_ECB_load_schedule(const uint8_t *key, void **schedule) { EVP_CIPHER_CTX_set_padding(ks->ctx, 0); } -void OQS_AES128_free_schedule(void *schedule) { +static void AES128_free_schedule(void *schedule) { if (schedule != NULL) { struct key_schedule *ks = (struct key_schedule *) schedule; if (ks->ctx != NULL) { @@ -50,14 +50,14 @@ void OQS_AES128_free_schedule(void *schedule) { } } -void OQS_AES128_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { +static void AES128_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { void *schedule = NULL; OQS_AES128_ECB_load_schedule(key, &schedule); OQS_AES128_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); OQS_AES128_free_schedule(schedule); } -void OQS_AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { +static void AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { assert(plaintext_len % 16 == 0); int outlen; const struct key_schedule *ks = (const struct key_schedule *) schedule; @@ -67,7 +67,7 @@ void OQS_AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len OQS_OPENSSL_GUARD(EVP_EncryptFinal_ex(ks->ctx, ciphertext, &outlen)); } -void OQS_AES256_ECB_load_schedule(const uint8_t *key, void **schedule) { +static void AES256_ECB_load_schedule(const uint8_t *key, void **schedule) { *schedule = malloc(sizeof(struct key_schedule)); OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL"); struct key_schedule *ks = (struct key_schedule *) *schedule; @@ -78,7 +78,7 @@ void OQS_AES256_ECB_load_schedule(const uint8_t *key, void **schedule) { EVP_CIPHER_CTX_set_padding(ks->ctx, 0); } -void OQS_AES256_CTR_inc_init(const uint8_t *key, void **schedule) { +static void AES256_CTR_inc_init(const uint8_t *key, void **schedule) { *schedule = malloc(sizeof(struct key_schedule)); struct key_schedule *ks = (struct key_schedule *) *schedule; EVP_CIPHER_CTX *ctr_ctx = EVP_CIPHER_CTX_new(); @@ -90,7 +90,7 @@ void OQS_AES256_CTR_inc_init(const uint8_t *key, void **schedule) { memcpy(ks->key, key, 32); } -void OQS_AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *schedule) { +static void AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *schedule) { OQS_EXIT_IF_NULLPTR(schedule, "OpenSSL"); struct key_schedule *ks = (struct key_schedule *) schedule; if (iv_len == 12) { @@ -104,7 +104,7 @@ void OQS_AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *schedule) { OQS_OPENSSL_GUARD(EVP_EncryptInit_ex(ks->ctx, oqs_aes_256_ctr(), NULL, ks->key, ks->iv)); } -void OQS_AES256_CTR_inc_ivu64(uint64_t iv, void *schedule) { +static void AES256_CTR_inc_ivu64(uint64_t iv, void *schedule) { OQS_EXIT_IF_NULLPTR(schedule, "OpenSSL"); struct key_schedule *ks = (struct key_schedule *) schedule; br_enc64be(ks->iv, iv); @@ -112,24 +112,24 @@ void OQS_AES256_CTR_inc_ivu64(uint64_t iv, void *schedule) { OQS_OPENSSL_GUARD(EVP_EncryptInit_ex(ks->ctx, oqs_aes_256_ctr(), NULL, ks->key, ks->iv)); } -void OQS_AES256_free_schedule(void *schedule) { +static void AES256_free_schedule(void *schedule) { // actually same code as AES 128 OQS_AES128_free_schedule(schedule); } -void OQS_AES256_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { +static void AES256_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext) { void *schedule = NULL; OQS_AES256_ECB_load_schedule(key, &schedule); OQS_AES256_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); OQS_AES256_free_schedule(schedule); } -void OQS_AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { +static void AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext) { // actually same code as AES 128 OQS_AES128_ECB_enc_sch(plaintext, plaintext_len, schedule, ciphertext); } -void OQS_AES256_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const void *schedule, uint8_t *out, size_t out_len) { +static void AES256_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const void *schedule, uint8_t *out, size_t out_len) { EVP_CIPHER_CTX *ctr_ctx = EVP_CIPHER_CTX_new(); assert(ctr_ctx != NULL); uint8_t iv_ctr[16]; @@ -155,7 +155,7 @@ void OQS_AES256_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const void * EVP_CIPHER_CTX_free(ctr_ctx); } -void OQS_AES256_CTR_inc_stream_blks(void *schedule, uint8_t *out, size_t out_blks) { +static void AES256_CTR_inc_stream_blks(void *schedule, uint8_t *out, size_t out_blks) { size_t out_len = out_blks * 16; struct key_schedule *ks = (struct key_schedule *) schedule; int out_len_output; @@ -163,3 +163,19 @@ void OQS_AES256_CTR_inc_stream_blks(void *schedule, uint8_t *out, size_t out_blk memset(out, 0, (size_t)out_len_input_int); OQS_OPENSSL_GUARD(EVP_EncryptUpdate(ks->ctx, out, &out_len_output, out, (int) out_len)); } + +struct OQS_AES_callbacks aes_default_callbacks = { + AES128_ECB_load_schedule, + AES128_free_schedule, + AES128_ECB_enc, + AES128_ECB_enc_sch, + AES256_ECB_load_schedule, + AES256_CTR_inc_init, + AES256_CTR_inc_iv, + AES256_CTR_inc_ivu64, + AES256_free_schedule, + AES256_ECB_enc, + AES256_ECB_enc_sch, + AES256_CTR_inc_stream_iv, + AES256_CTR_inc_stream_blks, +}; diff --git a/src/common/sha2/sha2.c b/src/common/sha2/sha2.c index d622b883f1..9cc732d1d3 100644 --- a/src/common/sha2/sha2.c +++ b/src/common/sha2/sha2.c @@ -1,132 +1,84 @@ // SPDX-License-Identifier: MIT #include -#include - #include "sha2.h" #include "sha2_local.h" -#if defined(OQS_DIST_ARM64_V8_BUILD) -#define C_OR_ARM(stmt_c, stmt_arm) \ - do { \ - if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_SHA2)) { \ - stmt_arm; \ - } else { \ - stmt_c; \ - } \ - } while(0) -#elif defined(OQS_USE_ARM_SHA2_INSTRUCTIONS) -#define C_OR_ARM(stmt_c, stmt_arm) \ - stmt_arm -#else -#define C_OR_ARM(stmt_c, stmt_arm) \ - stmt_c -#endif -void OQS_SHA2_sha224_inc_init(OQS_SHA2_sha224_ctx *state) { - oqs_sha2_sha224_inc_init_c((sha224ctx *) state); -} - -void OQS_SHA2_sha224_inc_ctx_clone(OQS_SHA2_sha224_ctx *dest, const OQS_SHA2_sha224_ctx *src) { - oqs_sha2_sha224_inc_ctx_clone_c((sha224ctx *) dest, (const sha224ctx *) src); -} - -void OQS_SHA2_sha224_inc_blocks(OQS_SHA2_sha224_ctx *state, const uint8_t *in, size_t inblocks) { - C_OR_ARM( - oqs_sha2_sha224_inc_blocks_c((sha224ctx *) state, in, inblocks), - oqs_sha2_sha224_inc_blocks_armv8((sha224ctx *) state, in, inblocks) - ); -} - -void OQS_SHA2_sha224_inc_finalize(uint8_t *out, OQS_SHA2_sha224_ctx *state, const uint8_t *in, size_t inlen) { - oqs_sha2_sha224_inc_finalize_c(out, (sha224ctx *) state, in, inlen); -} +static struct OQS_SHA2_callbacks *callbacks = &sha2_default_callbacks; -void OQS_SHA2_sha224_inc_ctx_release(OQS_SHA2_sha224_ctx *state) { - oqs_sha2_sha224_inc_ctx_release_c((sha224ctx *) state); +OQS_API void OQS_SHA2_set_callbacks(struct OQS_SHA2_callbacks *new_callbacks) { + callbacks = new_callbacks; } void OQS_SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state) { - oqs_sha2_sha256_inc_init_c((sha256ctx *) state); + callbacks->SHA2_sha256_inc_init(state); } void OQS_SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src) { - oqs_sha2_sha256_inc_ctx_clone_c((sha256ctx *) dest, (const sha256ctx *) src); + callbacks->SHA2_sha256_inc_ctx_clone(dest, src); } void OQS_SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks) { - C_OR_ARM( - oqs_sha2_sha256_inc_blocks_c((sha256ctx *) state, in, inblocks), - oqs_sha2_sha256_inc_blocks_armv8((sha256ctx *) state, in, inblocks) - ); + callbacks->SHA2_sha256_inc_blocks(state, in, inblocks); } void OQS_SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen) { - oqs_sha2_sha256_inc_finalize_c(out, (sha256ctx *) state, in, inlen); + callbacks->SHA2_sha256_inc_finalize(out, state, in, inlen); } void OQS_SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state) { - oqs_sha2_sha256_inc_ctx_release_c((sha256ctx *) state); + callbacks->SHA2_sha256_inc_ctx_release(state); } void OQS_SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state) { - oqs_sha2_sha384_inc_init_c((sha384ctx *)state); + callbacks->SHA2_sha384_inc_init(state); } void OQS_SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src) { - oqs_sha2_sha384_inc_ctx_clone_c((sha384ctx *) dest, (const sha384ctx *) src); + callbacks->SHA2_sha384_inc_ctx_clone(dest, src); } void OQS_SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks) { - oqs_sha2_sha384_inc_blocks_c((sha384ctx *) state, in, inblocks); + callbacks->SHA2_sha384_inc_blocks(state, in, inblocks); } void OQS_SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen) { - oqs_sha2_sha384_inc_finalize_c(out, (sha384ctx *) state, in, inlen); + callbacks->SHA2_sha384_inc_finalize(out, state, in, inlen); } void OQS_SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state) { - oqs_sha2_sha384_inc_ctx_release_c((sha384ctx *) state); + callbacks->SHA2_sha384_inc_ctx_release(state); } void OQS_SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state) { - oqs_sha2_sha512_inc_init_c((sha512ctx *)state); + callbacks->SHA2_sha512_inc_init(state); } void OQS_SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src) { - oqs_sha2_sha512_inc_ctx_clone_c((sha512ctx *) dest, (const sha512ctx *) src); + callbacks->SHA2_sha512_inc_ctx_clone(dest, src); } void OQS_SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks) { - oqs_sha2_sha512_inc_blocks_c((sha512ctx *) state, in, inblocks); + callbacks->SHA2_sha512_inc_blocks(state, in, inblocks); } void OQS_SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen) { - oqs_sha2_sha512_inc_finalize_c(out, (sha512ctx *) state, in, inlen); + callbacks->SHA2_sha512_inc_finalize(out, state, in, inlen); } void OQS_SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state) { - oqs_sha2_sha512_inc_ctx_release_c((sha512ctx *) state); -} - -void OQS_SHA2_sha224(uint8_t *out, const uint8_t *in, size_t inlen) { - C_OR_ARM ( - oqs_sha2_sha224_c(out, in, inlen), - oqs_sha2_sha224_armv8(out, in, inlen) - ); + callbacks->SHA2_sha512_inc_ctx_release(state); } void OQS_SHA2_sha256(uint8_t *out, const uint8_t *in, size_t inlen) { - C_OR_ARM ( - oqs_sha2_sha256_c(out, in, inlen), - oqs_sha2_sha256_armv8(out, in, inlen) - ); + callbacks->SHA2_sha256(out, in, inlen); } void OQS_SHA2_sha384(uint8_t *out, const uint8_t *in, size_t inlen) { - oqs_sha2_sha384_c(out, in, inlen); + callbacks->SHA2_sha384(out, in, inlen); } void OQS_SHA2_sha512(uint8_t *out, const uint8_t *in, size_t inlen) { - oqs_sha2_sha512_c(out, in, inlen); + callbacks->SHA2_sha512(out, in, inlen); } diff --git a/src/common/sha2/sha2.h b/src/common/sha2/sha2.h index e50a16397b..b5d829456a 100644 --- a/src/common/sha2/sha2.h +++ b/src/common/sha2/sha2.h @@ -18,16 +18,12 @@ #include #include +#include + #if defined(__cplusplus) extern "C" { #endif -/** Data structure for the state of the SHA-224 incremental hashing API. */ -typedef struct { - /** Internal state */ - void *ctx; -} OQS_SHA2_sha224_ctx; - /** * \brief Process a message with SHA-256 and return the hash code in the output byte array. * @@ -250,6 +246,37 @@ void OQS_SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, cons */ void OQS_SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state); +struct OQS_SHA2_callbacks { + void (*SHA2_sha256)(uint8_t *output, const uint8_t *input, size_t inplen); + void (*SHA2_sha256_inc_init)(OQS_SHA2_sha256_ctx *state); + void (*SHA2_sha256_inc_ctx_clone)(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src); + void (*SHA2_sha256_inc_blocks)(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks); + void (*SHA2_sha256_inc_finalize)(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen); + void (*SHA2_sha256_inc_ctx_release)(OQS_SHA2_sha256_ctx *state); + void (*SHA2_sha384)(uint8_t *output, const uint8_t *input, size_t inplen); + void (*SHA2_sha384_inc_init)(OQS_SHA2_sha384_ctx *state); + void (*SHA2_sha384_inc_ctx_clone)(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src); + void (*SHA2_sha384_inc_blocks)(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks); + void (*SHA2_sha384_inc_finalize)(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen); + void (*SHA2_sha384_inc_ctx_release)(OQS_SHA2_sha384_ctx *state); + void (*SHA2_sha512)(uint8_t *output, const uint8_t *input, size_t inplen); + void (*SHA2_sha512_inc_init)(OQS_SHA2_sha512_ctx *state); + void (*SHA2_sha512_inc_ctx_clone)(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src); + void (*SHA2_sha512_inc_blocks)(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks); + void (*SHA2_sha512_inc_finalize)(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen); + void (*SHA2_sha512_inc_ctx_release)(OQS_SHA2_sha512_ctx *state); +}; + +/** + * Set callback functions for SHA2 operations. + * + * This function may be called at most once before OQS_init to replace + * the implementation of SHA2 operations. + * + * @param[in] new_callbacks Callback functions defined in OQS_SHA2_callbacks + */ +OQS_API void OQS_SHA2_set_callbacks(struct OQS_SHA2_callbacks *new_callbacks); + #if defined(__cplusplus) } // extern "C" #endif diff --git a/src/common/sha2/sha2_impl.c b/src/common/sha2/sha2_impl.c new file mode 100644 index 0000000000..f7f01b24f5 --- /dev/null +++ b/src/common/sha2/sha2_impl.c @@ -0,0 +1,123 @@ +// SPDX-License-Identifier: MIT +#include + +#include + +#include "sha2.h" +#include "sha2_local.h" + +#if defined(OQS_DIST_ARM64_V8_BUILD) +#define C_OR_ARM(stmt_c, stmt_arm) \ + do { \ + if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_SHA2)) { \ + stmt_arm; \ + } else { \ + stmt_c; \ + } \ + } while(0) +#elif defined(OQS_USE_ARM_SHA2_INSTRUCTIONS) +#define C_OR_ARM(stmt_c, stmt_arm) \ + stmt_arm +#else +#define C_OR_ARM(stmt_c, stmt_arm) \ + stmt_c +#endif + +static void SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state) { + oqs_sha2_sha256_inc_init_c((sha256ctx *) state); +} + +static void SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src) { + oqs_sha2_sha256_inc_ctx_clone_c((sha256ctx *) dest, (const sha256ctx *) src); +} + +static void SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks) { + C_OR_ARM( + oqs_sha2_sha256_inc_blocks_c((sha256ctx *) state, in, inblocks), + oqs_sha2_sha256_inc_blocks_armv8((sha256ctx *) state, in, inblocks) + ); +} + +static void SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen) { + oqs_sha2_sha256_inc_finalize_c(out, (sha256ctx *) state, in, inlen); +} + +static void SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state) { + oqs_sha2_sha256_inc_ctx_release_c((sha256ctx *) state); +} + +static void SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state) { + oqs_sha2_sha384_inc_init_c((sha384ctx *)state); +} + +static void SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src) { + oqs_sha2_sha384_inc_ctx_clone_c((sha384ctx *) dest, (const sha384ctx *) src); +} + +static void SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks) { + oqs_sha2_sha384_inc_blocks_c((sha384ctx *) state, in, inblocks); +} + +static void SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen) { + oqs_sha2_sha384_inc_finalize_c(out, (sha384ctx *) state, in, inlen); +} + +static void SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state) { + oqs_sha2_sha384_inc_ctx_release_c((sha384ctx *) state); +} + +static void SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state) { + oqs_sha2_sha512_inc_init_c((sha512ctx *)state); +} + +static void SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src) { + oqs_sha2_sha512_inc_ctx_clone_c((sha512ctx *) dest, (const sha512ctx *) src); +} + +static void SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks) { + oqs_sha2_sha512_inc_blocks_c((sha512ctx *) state, in, inblocks); +} + +static void SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen) { + oqs_sha2_sha512_inc_finalize_c(out, (sha512ctx *) state, in, inlen); +} + +static void SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state) { + oqs_sha2_sha512_inc_ctx_release_c((sha512ctx *) state); +} + +static void SHA2_sha256(uint8_t *out, const uint8_t *in, size_t inlen) { + C_OR_ARM ( + oqs_sha2_sha256_c(out, in, inlen), + oqs_sha2_sha256_armv8(out, in, inlen) + ); +} + +static void SHA2_sha384(uint8_t *out, const uint8_t *in, size_t inlen) { + oqs_sha2_sha384_c(out, in, inlen); +} + +static void SHA2_sha512(uint8_t *out, const uint8_t *in, size_t inlen) { + oqs_sha2_sha512_c(out, in, inlen); +} + +struct OQS_SHA2_callbacks sha2_default_callbacks = { + SHA2_sha256, + SHA2_sha256_inc_init, + SHA2_sha256_inc_ctx_clone, + SHA2_sha256_inc_blocks, + SHA2_sha256_inc_finalize, + SHA2_sha256_inc_ctx_release, + SHA2_sha384, + SHA2_sha384_inc_init, + SHA2_sha384_inc_ctx_clone, + SHA2_sha384_inc_blocks, + SHA2_sha384_inc_finalize, + SHA2_sha384_inc_ctx_release, + SHA2_sha512, + SHA2_sha512_inc_init, + SHA2_sha512_inc_ctx_clone, + SHA2_sha512_inc_blocks, + SHA2_sha512_inc_finalize, + SHA2_sha512_inc_ctx_release, +}; diff --git a/src/common/sha2/sha2_local.h b/src/common/sha2/sha2_local.h index 028de764b8..dcb1392841 100644 --- a/src/common/sha2/sha2_local.h +++ b/src/common/sha2/sha2_local.h @@ -79,6 +79,8 @@ void oqs_sha2_sha256_c(uint8_t *out, const uint8_t *in, size_t inlen); void oqs_sha2_sha384_c(uint8_t *out, const uint8_t *in, size_t inlen); void oqs_sha2_sha512_c(uint8_t *out, const uint8_t *in, size_t inlen); +extern struct OQS_SHA2_callbacks sha2_default_callbacks; + #if defined(__cplusplus) } // extern "C" #endif diff --git a/src/common/sha2/sha2_ossl.c b/src/common/sha2/sha2_ossl.c index e8bff7f7e7..93ee91d4c8 100644 --- a/src/common/sha2/sha2_ossl.c +++ b/src/common/sha2/sha2_ossl.c @@ -25,21 +25,21 @@ static void do_hash(uint8_t *output, const uint8_t *input, size_t inplen, const EVP_MD_CTX_free(mdctx); } -void OQS_SHA2_sha256(uint8_t *output, const uint8_t *input, size_t inplen) { +static void SHA2_sha256(uint8_t *output, const uint8_t *input, size_t inplen) { const EVP_MD *md; md = oqs_sha256(); OQS_EXIT_IF_NULLPTR(md, "OpenSSL"); do_hash(output, input, inplen, md); } -void OQS_SHA2_sha384(uint8_t *output, const uint8_t *input, size_t inplen) { +static void SHA2_sha384(uint8_t *output, const uint8_t *input, size_t inplen) { const EVP_MD *md; md = oqs_sha384(); OQS_EXIT_IF_NULLPTR(md, "OpenSSL"); do_hash(output, input, inplen, md); } -void OQS_SHA2_sha512(uint8_t *output, const uint8_t *input, size_t inplen) { +static void SHA2_sha512(uint8_t *output, const uint8_t *input, size_t inplen) { const EVP_MD *md; md = oqs_sha512(); OQS_EXIT_IF_NULLPTR(md, "OpenSSL"); @@ -48,7 +48,7 @@ void OQS_SHA2_sha512(uint8_t *output, const uint8_t *input, size_t inplen) { #define SHA2_BLOCK_SIZE 64 -void OQS_SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state) { +static void SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state) { EVP_MD_CTX *mdctx; const EVP_MD *md = NULL; md = oqs_sha256(); @@ -59,11 +59,11 @@ void OQS_SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state) { state->ctx = mdctx; } -void OQS_SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks) { +static void SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks) { OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE)); } -void OQS_SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen) { +static void SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen) { unsigned int md_len; if (inlen > 0) { OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen)); @@ -73,17 +73,17 @@ void OQS_SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, cons state->ctx = NULL; } -void OQS_SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state) { +static void SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state) { EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); state->ctx = NULL; } -void OQS_SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src) { - OQS_SHA2_sha256_inc_init(dest); +static void SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src) { + SHA2_sha256_inc_init(dest); OQS_OPENSSL_GUARD(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx)); } -void OQS_SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state) { +static void SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state) { EVP_MD_CTX *mdctx; const EVP_MD *md = NULL; md = oqs_sha384(); @@ -94,11 +94,11 @@ void OQS_SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state) { state->ctx = mdctx; } -void OQS_SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks) { - OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * 2 * SHA2_BLOCK_SIZE)); +static void SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks) { + OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE)); } -void OQS_SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen) { +static void SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen) { unsigned int md_len; if (inlen > 0) { OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen)); @@ -108,17 +108,17 @@ void OQS_SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, cons state->ctx = NULL; } -void OQS_SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state) { +static void SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state) { EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); state->ctx = NULL; } -void OQS_SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src) { - OQS_SHA2_sha384_inc_init(dest); +static void SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src) { + SHA2_sha384_inc_init(dest); OQS_OPENSSL_GUARD(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx)); } -void OQS_SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state) { +static void SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state) { EVP_MD_CTX *mdctx; const EVP_MD *md = NULL; md = oqs_sha512(); @@ -129,11 +129,11 @@ void OQS_SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state) { state->ctx = mdctx; } -void OQS_SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks) { - OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * 2 * SHA2_BLOCK_SIZE)); +static void SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks) { + OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE)); } -void OQS_SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen) { +static void SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen) { unsigned int md_len; if (inlen > 0) { OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen)); @@ -143,14 +143,35 @@ void OQS_SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, cons state->ctx = NULL; } -void OQS_SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state) { +static void SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state) { EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); state->ctx = NULL; } -void OQS_SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src) { - OQS_SHA2_sha512_inc_init(dest); +static void SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src) { + SHA2_sha512_inc_init(dest); OQS_OPENSSL_GUARD(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx)); } +struct OQS_SHA2_callbacks sha2_default_callbacks = { + SHA2_sha256, + SHA2_sha256_inc_init, + SHA2_sha256_inc_ctx_clone, + SHA2_sha256_inc_blocks, + SHA2_sha256_inc_finalize, + SHA2_sha256_inc_ctx_release, + SHA2_sha384, + SHA2_sha384_inc_init, + SHA2_sha384_inc_ctx_clone, + SHA2_sha384_inc_blocks, + SHA2_sha384_inc_finalize, + SHA2_sha384_inc_ctx_release, + SHA2_sha512, + SHA2_sha512_inc_init, + SHA2_sha512_inc_ctx_clone, + SHA2_sha512_inc_blocks, + SHA2_sha512_inc_finalize, + SHA2_sha512_inc_ctx_release, +}; + #endif diff --git a/src/common/sha3/ossl_sha3.c b/src/common/sha3/ossl_sha3.c index 8b8678a26f..9a39894539 100644 --- a/src/common/sha3/ossl_sha3.c +++ b/src/common/sha3/ossl_sha3.c @@ -35,35 +35,35 @@ static void do_xof(uint8_t *output, size_t outlen, const uint8_t *input, size_t /* SHA3-256 */ -void OQS_SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inplen) { +static void SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inplen) { do_hash(output, input, inplen, oqs_sha3_256()); } /* SHA3-256 incremental */ -void OQS_SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state) { +static void SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state) { state->ctx = EVP_MD_CTX_new(); EVP_MD_CTX *s = (EVP_MD_CTX *)state->ctx; EVP_DigestInit_ex(s, oqs_sha3_256(), NULL); } -void OQS_SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inplen) { +static void SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inplen) { EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen); } -void OQS_SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state) { +static void SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state) { EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL); } -void OQS_SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state) { +static void SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state) { EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx); } -void OQS_SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src) { +static void SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src) { EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx); } -void OQS_SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state) { +static void SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state) { EVP_MD_CTX *s = state->ctx; EVP_MD_CTX_reset(s); EVP_DigestInit_ex(s, oqs_sha3_256(), NULL); @@ -71,33 +71,33 @@ void OQS_SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state) { /* SHA3-384 */ -void OQS_SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inplen) { +static void SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inplen) { do_hash(output, input, inplen, oqs_sha3_384()); } /* SHA3-384 incremental */ -void OQS_SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state) { +static void SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state) { state->ctx = EVP_MD_CTX_new(); EVP_DigestInit_ex((EVP_MD_CTX *)state->ctx, oqs_sha3_384(), NULL); } -void OQS_SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inplen) { +static void SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inplen) { EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen); } -void OQS_SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state) { +static void SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state) { EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL); } -void OQS_SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state) { +static void SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state) { EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx); } -void OQS_SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src) { +static void SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src) { EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx); } -void OQS_SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state) { +static void SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state) { EVP_MD_CTX *s = state->ctx; EVP_MD_CTX_reset(s); EVP_DigestInit_ex(s, oqs_sha3_384(), NULL); @@ -105,34 +105,34 @@ void OQS_SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state) { /* SHA3-512 */ -void OQS_SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen) { +static void SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen) { do_hash(output, input, inplen, oqs_sha3_512()); } /* SHA3-512 incremental */ -void OQS_SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) { +static void SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) { state->ctx = EVP_MD_CTX_new(); EVP_DigestInit_ex((EVP_MD_CTX *)state->ctx, oqs_sha3_512(), NULL); } -void OQS_SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inplen) { +static void SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inplen) { EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen); } -void OQS_SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state) { +static void SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state) { EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL); } -void OQS_SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state) { +static void SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state) { EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx); } -void OQS_SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src) { +static void SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src) { EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx); } -void OQS_SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state) { +static void SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state) { EVP_MD_CTX *s = state->ctx; EVP_MD_CTX_reset(s); EVP_DigestInit_ex(s, oqs_sha3_512(), NULL); @@ -140,7 +140,7 @@ void OQS_SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state) { /* SHAKE-128 */ -void OQS_SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen) { +static void SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen) { do_xof(output, outlen, input, inplen, oqs_shake128()); } @@ -166,7 +166,7 @@ typedef struct { size_t n_out; } intrn_shake128_inc_ctx; -void OQS_SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { state->ctx = malloc(sizeof(intrn_shake128_inc_ctx)); intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; @@ -175,16 +175,16 @@ void OQS_SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { EVP_DigestInit_ex(s->mdctx, oqs_shake128(), NULL); } -void OQS_SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inplen) { +static void SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inplen) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; EVP_DigestUpdate(s->mdctx, input, inplen); } -void OQS_SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state) { (void)state; } -void OQS_SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; EVP_MD_CTX *clone; @@ -207,20 +207,20 @@ void OQS_SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shak s->n_out += outlen; } -void OQS_SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; EVP_MD_CTX_free(s->mdctx); free(s); // IGNORE free-check } -void OQS_SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src) { +static void SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)src->ctx; intrn_shake128_inc_ctx *d = (intrn_shake128_inc_ctx *)dest->ctx; EVP_MD_CTX_copy_ex(d->mdctx, s->mdctx); d->n_out = s->n_out; } -void OQS_SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; EVP_MD_CTX_reset(s->mdctx); EVP_DigestInit_ex(s->mdctx, oqs_shake128(), NULL); @@ -229,7 +229,7 @@ void OQS_SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) { /* SHAKE-256 */ -void OQS_SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen) { +static void SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen) { do_xof(output, outlen, input, inplen, oqs_shake256()); } @@ -243,7 +243,7 @@ typedef struct { size_t n_out; } intrn_shake256_inc_ctx; -void OQS_SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { state->ctx = malloc(sizeof(intrn_shake256_inc_ctx)); intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; @@ -252,16 +252,16 @@ void OQS_SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { EVP_DigestInit_ex(s->mdctx, oqs_shake256(), NULL); } -void OQS_SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inplen) { +static void SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inplen) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; EVP_DigestUpdate(s->mdctx, input, inplen); } -void OQS_SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state) { (void)state; } -void OQS_SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; EVP_MD_CTX *clone; @@ -284,24 +284,66 @@ void OQS_SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shak s->n_out += outlen; } -void OQS_SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; EVP_MD_CTX_free(s->mdctx); free(s); // IGNORE free-check } -void OQS_SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) { +static void SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)src->ctx; intrn_shake256_inc_ctx *d = (intrn_shake256_inc_ctx *)dest->ctx; EVP_MD_CTX_copy_ex(d->mdctx, s->mdctx); d->n_out = s->n_out; } -void OQS_SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; EVP_MD_CTX_reset(s->mdctx); EVP_DigestInit_ex(s->mdctx, oqs_shake256(), NULL); s->n_out = 0; } +extern struct OQS_SHA3_callbacks sha3_default_callbacks; + +struct OQS_SHA3_callbacks sha3_default_callbacks = { + SHA3_sha3_256, + SHA3_sha3_256_inc_init, + SHA3_sha3_256_inc_absorb, + SHA3_sha3_256_inc_finalize, + SHA3_sha3_256_inc_ctx_release, + SHA3_sha3_256_inc_ctx_reset, + SHA3_sha3_256_inc_ctx_clone, + SHA3_sha3_384, + SHA3_sha3_384_inc_init, + SHA3_sha3_384_inc_absorb, + SHA3_sha3_384_inc_finalize, + SHA3_sha3_384_inc_ctx_release, + SHA3_sha3_384_inc_ctx_reset, + SHA3_sha3_384_inc_ctx_clone, + SHA3_sha3_512, + SHA3_sha3_512_inc_init, + SHA3_sha3_512_inc_absorb, + SHA3_sha3_512_inc_finalize, + SHA3_sha3_512_inc_ctx_release, + SHA3_sha3_512_inc_ctx_reset, + SHA3_sha3_512_inc_ctx_clone, + SHA3_shake128, + SHA3_shake128_inc_init, + SHA3_shake128_inc_absorb, + SHA3_shake128_inc_finalize, + SHA3_shake128_inc_squeeze, + SHA3_shake128_inc_ctx_release, + SHA3_shake128_inc_ctx_clone, + SHA3_shake128_inc_ctx_reset, + SHA3_shake256, + SHA3_shake256_inc_init, + SHA3_shake256_inc_absorb, + SHA3_shake256_inc_finalize, + SHA3_shake256_inc_squeeze, + SHA3_shake256_inc_ctx_release, + SHA3_shake256_inc_ctx_clone, + SHA3_shake256_inc_ctx_reset, +}; + #endif diff --git a/src/common/sha3/ossl_sha3x4.c b/src/common/sha3/ossl_sha3x4.c index 1e4697201c..6674397a04 100644 --- a/src/common/sha3/ossl_sha3x4.c +++ b/src/common/sha3/ossl_sha3x4.c @@ -14,8 +14,8 @@ /* SHAKE-128 */ -void OQS_SHA3_shake128_x4(uint8_t *output0, uint8_t *output1, uint8_t *output2, uint8_t *output3, size_t outlen, - const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { +static void SHA3_shake128_x4(uint8_t *output0, uint8_t *output1, uint8_t *output2, uint8_t *output3, size_t outlen, + const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { OQS_SHA3_shake128(output0, outlen, in0, inplen); OQS_SHA3_shake128(output1, outlen, in1, inplen); OQS_SHA3_shake128(output2, outlen, in2, inplen); @@ -32,7 +32,7 @@ typedef struct { size_t n_out; } intrn_shake128_x4_inc_ctx; -void OQS_SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { state->ctx = malloc(sizeof(intrn_shake128_x4_inc_ctx)); intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; @@ -47,7 +47,7 @@ void OQS_SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { s->n_out = 0; } -void OQS_SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { +static void SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; EVP_DigestUpdate(s->mdctx0, in0, inplen); EVP_DigestUpdate(s->mdctx1, in1, inplen); @@ -55,11 +55,11 @@ void OQS_SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state, const EVP_DigestUpdate(s->mdctx3, in3, inplen); } -void OQS_SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state) { (void)state; } -void OQS_SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake128_x4_inc_ctx *state) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; EVP_MD_CTX *clone; @@ -98,7 +98,7 @@ void OQS_SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out s->n_out += outlen; } -void OQS_SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, const OQS_SHA3_shake128_x4_inc_ctx *src) { +static void SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, const OQS_SHA3_shake128_x4_inc_ctx *src) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)src->ctx; intrn_shake128_x4_inc_ctx *d = (intrn_shake128_x4_inc_ctx *)dest->ctx; EVP_MD_CTX_copy_ex(d->mdctx0, s->mdctx0); @@ -108,7 +108,7 @@ void OQS_SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, cons d->n_out = s->n_out; } -void OQS_SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; EVP_MD_CTX_free(s->mdctx0); EVP_MD_CTX_free(s->mdctx1); @@ -117,7 +117,7 @@ void OQS_SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) { free(s); // IGNORE free-check } -void OQS_SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; EVP_MD_CTX_reset(s->mdctx0); EVP_MD_CTX_reset(s->mdctx1); @@ -132,8 +132,8 @@ void OQS_SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { /* SHAKE-256 */ -void OQS_SHA3_shake256_x4(uint8_t *output0, uint8_t *output1, uint8_t *output2, uint8_t *output3, size_t outlen, - const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { +static void SHA3_shake256_x4(uint8_t *output0, uint8_t *output1, uint8_t *output2, uint8_t *output3, size_t outlen, + const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { OQS_SHA3_shake256(output0, outlen, in0, inplen); OQS_SHA3_shake256(output1, outlen, in1, inplen); OQS_SHA3_shake256(output2, outlen, in2, inplen); @@ -150,7 +150,7 @@ typedef struct { size_t n_out; } intrn_shake256_x4_inc_ctx; -void OQS_SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { state->ctx = malloc(sizeof(intrn_shake256_x4_inc_ctx)); intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; @@ -165,7 +165,7 @@ void OQS_SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { s->n_out = 0; } -void OQS_SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { +static void SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; EVP_DigestUpdate(s->mdctx0, in0, inplen); EVP_DigestUpdate(s->mdctx1, in1, inplen); @@ -173,11 +173,11 @@ void OQS_SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state, const EVP_DigestUpdate(s->mdctx3, in3, inplen); } -void OQS_SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state) { (void)state; } -void OQS_SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake256_x4_inc_ctx *state) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; EVP_MD_CTX *clone; @@ -216,7 +216,7 @@ void OQS_SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out s->n_out += outlen; } -void OQS_SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, const OQS_SHA3_shake256_x4_inc_ctx *src) { +static void SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, const OQS_SHA3_shake256_x4_inc_ctx *src) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)src->ctx; intrn_shake256_x4_inc_ctx *d = (intrn_shake256_x4_inc_ctx *)dest->ctx; EVP_MD_CTX_copy_ex(d->mdctx0, s->mdctx0); @@ -226,7 +226,7 @@ void OQS_SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, cons d->n_out = s->n_out; } -void OQS_SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; EVP_MD_CTX_free(s->mdctx0); EVP_MD_CTX_free(s->mdctx1); @@ -235,7 +235,7 @@ void OQS_SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) { free(s); // IGNORE free-check } -void OQS_SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; EVP_MD_CTX_reset(s->mdctx0); EVP_MD_CTX_reset(s->mdctx1); @@ -248,4 +248,25 @@ void OQS_SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { s->n_out = 0; } +extern struct OQS_SHA3_x4_callbacks sha3_x4_default_callbacks; + +struct OQS_SHA3_x4_callbacks sha3_x4_default_callbacks = { + SHA3_shake128_x4, + SHA3_shake128_x4_inc_init, + SHA3_shake128_x4_inc_absorb, + SHA3_shake128_x4_inc_finalize, + SHA3_shake128_x4_inc_squeeze, + SHA3_shake128_x4_inc_ctx_release, + SHA3_shake128_x4_inc_ctx_clone, + SHA3_shake128_x4_inc_ctx_reset, + SHA3_shake256_x4, + SHA3_shake256_x4_inc_init, + SHA3_shake256_x4_inc_absorb, + SHA3_shake256_x4_inc_finalize, + SHA3_shake256_x4_inc_squeeze, + SHA3_shake256_x4_inc_ctx_release, + SHA3_shake256_x4_inc_ctx_clone, + SHA3_shake256_x4_inc_ctx_reset, +}; + #endif diff --git a/src/common/sha3/sha3.c b/src/common/sha3/sha3.c new file mode 100644 index 0000000000..600fc19839 --- /dev/null +++ b/src/common/sha3/sha3.c @@ -0,0 +1,161 @@ +// SPDX-License-Identifier: MIT + +#include + +#include "sha3.h" + +extern struct OQS_SHA3_callbacks sha3_default_callbacks; + +static struct OQS_SHA3_callbacks *callbacks = &sha3_default_callbacks; + +OQS_API void OQS_SHA3_set_callbacks(struct OQS_SHA3_callbacks *new_callbacks) { + callbacks = new_callbacks; +} + +void OQS_SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inplen) { + callbacks->SHA3_sha3_256(output, input, inplen); +} + +void OQS_SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state) { + callbacks->SHA3_sha3_256_inc_init(state); +} + +void OQS_SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inlen) { + callbacks->SHA3_sha3_256_inc_absorb(state, input, inlen); +} + +void OQS_SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state) { + callbacks->SHA3_sha3_256_inc_finalize(output, state); +} + +void OQS_SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state) { + callbacks->SHA3_sha3_256_inc_ctx_release(state); +} + +void OQS_SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state) { + callbacks->SHA3_sha3_256_inc_ctx_reset(state); +} + +void OQS_SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src) { + callbacks->SHA3_sha3_256_inc_ctx_clone(dest, src); +} + +void OQS_SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inplen) { + callbacks->SHA3_sha3_384(output, input, inplen); +} + +void OQS_SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state) { + callbacks->SHA3_sha3_384_inc_init(state); +} + +void OQS_SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inlen) { + callbacks->SHA3_sha3_384_inc_absorb(state, input, inlen); +} + +void OQS_SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state) { + callbacks->SHA3_sha3_384_inc_finalize(output, state); +} + +void OQS_SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state) { + callbacks->SHA3_sha3_384_inc_ctx_release(state); +} + +void OQS_SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state) { + callbacks->SHA3_sha3_384_inc_ctx_reset(state); +} + +void OQS_SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src) { + callbacks->SHA3_sha3_384_inc_ctx_clone(dest, src); +} + +void OQS_SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen) { + callbacks->SHA3_sha3_512(output, input, inplen); +} + +void OQS_SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) { + callbacks->SHA3_sha3_512_inc_init(state); +} + +void OQS_SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inlen) { + callbacks->SHA3_sha3_512_inc_absorb(state, input, inlen); +} + +void OQS_SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state) { + callbacks->SHA3_sha3_512_inc_finalize(output, state); +} + +void OQS_SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state) { + callbacks->SHA3_sha3_512_inc_ctx_release(state); +} + +void OQS_SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state) { + callbacks->SHA3_sha3_512_inc_ctx_reset(state); +} + +void OQS_SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src) { + callbacks->SHA3_sha3_512_inc_ctx_clone(dest, src); +} + +void OQS_SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen) { + callbacks->SHA3_shake128(output, outlen, input, inplen); +} + +void OQS_SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { + callbacks->SHA3_shake128_inc_init(state); +} + +void OQS_SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inlen) { + callbacks->SHA3_shake128_inc_absorb(state, input, inlen); +} + +void OQS_SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state) { + callbacks->SHA3_shake128_inc_finalize(state); +} + +void OQS_SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state) { + callbacks->SHA3_shake128_inc_squeeze(output, outlen, state); +} + +void OQS_SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) { + callbacks->SHA3_shake128_inc_ctx_release(state); +} + +void OQS_SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src) { + callbacks->SHA3_shake128_inc_ctx_clone(dest, src); +} + +void OQS_SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) { + callbacks->SHA3_shake128_inc_ctx_reset(state); +} + +void OQS_SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen) { + callbacks->SHA3_shake256(output, outlen, input, inplen); +} + +void OQS_SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { + callbacks->SHA3_shake256_inc_init(state); +} + +void OQS_SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inlen) { + callbacks->SHA3_shake256_inc_absorb(state, input, inlen); +} + +void OQS_SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state) { + callbacks->SHA3_shake256_inc_finalize(state); +} + +void OQS_SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state) { + callbacks->SHA3_shake256_inc_squeeze(output, outlen, state); +} + +void OQS_SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) { + callbacks->SHA3_shake256_inc_ctx_release(state); +} + +void OQS_SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) { + callbacks->SHA3_shake256_inc_ctx_clone(dest, src); +} + +void OQS_SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state) { + callbacks->SHA3_shake256_inc_ctx_reset(state); +} diff --git a/src/common/sha3/sha3.h b/src/common/sha3/sha3.h index d66c7289ec..0702b04ad9 100644 --- a/src/common/sha3/sha3.h +++ b/src/common/sha3/sha3.h @@ -18,6 +18,8 @@ #include #include +#include + #if defined(__cplusplus) extern "C" { #endif @@ -421,6 +423,55 @@ void OQS_SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_ */ void OQS_SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state); +struct OQS_SHA3_callbacks { + void (*SHA3_sha3_256)(uint8_t *output, const uint8_t *input, size_t inplen); + void (*SHA3_sha3_256_inc_init)(OQS_SHA3_sha3_256_inc_ctx *state); + void (*SHA3_sha3_256_inc_absorb)(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inlen); + void (*SHA3_sha3_256_inc_finalize)(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state); + void (*SHA3_sha3_256_inc_ctx_release)(OQS_SHA3_sha3_256_inc_ctx *state); + void (*SHA3_sha3_256_inc_ctx_reset)(OQS_SHA3_sha3_256_inc_ctx *state); + void (*SHA3_sha3_256_inc_ctx_clone)(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src); + void (*SHA3_sha3_384)(uint8_t *output, const uint8_t *input, size_t inplen); + void (*SHA3_sha3_384_inc_init)(OQS_SHA3_sha3_384_inc_ctx *state); + void (*SHA3_sha3_384_inc_absorb)(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inlen); + void (*SHA3_sha3_384_inc_finalize)(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state); + void (*SHA3_sha3_384_inc_ctx_release)(OQS_SHA3_sha3_384_inc_ctx *state); + void (*SHA3_sha3_384_inc_ctx_reset)(OQS_SHA3_sha3_384_inc_ctx *state); + void (*SHA3_sha3_384_inc_ctx_clone)(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src); + void (*SHA3_sha3_512)(uint8_t *output, const uint8_t *input, size_t inplen); + void (*SHA3_sha3_512_inc_init)(OQS_SHA3_sha3_512_inc_ctx *state); + void (*SHA3_sha3_512_inc_absorb)(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inlen); + void (*SHA3_sha3_512_inc_finalize)(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state); + void (*SHA3_sha3_512_inc_ctx_release)(OQS_SHA3_sha3_512_inc_ctx *state); + void (*SHA3_sha3_512_inc_ctx_reset)(OQS_SHA3_sha3_512_inc_ctx *state); + void (*SHA3_sha3_512_inc_ctx_clone)(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src); + void (*SHA3_shake128)(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen); + void (*SHA3_shake128_inc_init)(OQS_SHA3_shake128_inc_ctx *state); + void (*SHA3_shake128_inc_absorb)(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inlen); + void (*SHA3_shake128_inc_finalize)(OQS_SHA3_shake128_inc_ctx *state); + void (*SHA3_shake128_inc_squeeze)(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state); + void (*SHA3_shake128_inc_ctx_release)(OQS_SHA3_shake128_inc_ctx *state); + void (*SHA3_shake128_inc_ctx_clone)(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src); + void (*SHA3_shake128_inc_ctx_reset)(OQS_SHA3_shake128_inc_ctx *state); + void (*SHA3_shake256)(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen); + void (*SHA3_shake256_inc_init)(OQS_SHA3_shake256_inc_ctx *state); + void (*SHA3_shake256_inc_absorb)(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inlen); + void (*SHA3_shake256_inc_finalize)(OQS_SHA3_shake256_inc_ctx *state); + void (*SHA3_shake256_inc_squeeze)(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state); + void (*SHA3_shake256_inc_ctx_release)(OQS_SHA3_shake256_inc_ctx *state); + void (*SHA3_shake256_inc_ctx_clone)(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src); + void (*SHA3_shake256_inc_ctx_reset)(OQS_SHA3_shake256_inc_ctx *state); +}; + +/** + * Set callback functions for SHA3 operations. + * + * This function may be called at most once before OQS_init to replace + * the implementation of SHA3 operations. + * + * @param new_callbacks Callback functions defined in OQS_SHA3_callbacks struct + */ +OQS_API void OQS_SHA3_set_callbacks(struct OQS_SHA3_callbacks *new_callbacks); #if defined(__cplusplus) } // extern "C" diff --git a/src/common/sha3/sha3x4.c b/src/common/sha3/sha3x4.c new file mode 100644 index 0000000000..b41ea08d3f --- /dev/null +++ b/src/common/sha3/sha3x4.c @@ -0,0 +1,77 @@ +// SPDX-License-Identifier: MIT + +#include + +#include "sha3x4.h" + +extern struct OQS_SHA3_x4_callbacks sha3_x4_default_callbacks; + +static struct OQS_SHA3_x4_callbacks *callbacks = &sha3_x4_default_callbacks; + +OQS_API void OQS_SHA3_x4_set_callbacks(struct OQS_SHA3_x4_callbacks *new_callbacks) { + callbacks = new_callbacks; +} + +void OQS_SHA3_shake128_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { + callbacks->SHA3_shake128_x4(out0, out1, out2, out3, outlen, in0, in1, in2, in3, inlen); +} + +void OQS_SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { + callbacks->SHA3_shake128_x4_inc_init(state); +} + +void OQS_SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { + callbacks->SHA3_shake128_x4_inc_absorb(state, in0, in1, in2, in3, inlen); +} + +void OQS_SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state) { + callbacks->SHA3_shake128_x4_inc_finalize(state); +} + +void OQS_SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake128_x4_inc_ctx *state) { + callbacks->SHA3_shake128_x4_inc_squeeze(out0, out1, out2, out3, outlen, state); +} + +void OQS_SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) { + callbacks->SHA3_shake128_x4_inc_ctx_release(state); +} + +void OQS_SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, const OQS_SHA3_shake128_x4_inc_ctx *src) { + callbacks->SHA3_shake128_x4_inc_ctx_clone(dest, src); +} + +void OQS_SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { + callbacks->SHA3_shake128_x4_inc_ctx_reset(state); +} + +void OQS_SHA3_shake256_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { + callbacks->SHA3_shake256_x4(out0, out1, out2, out3, outlen, in0, in1, in2, in3, inlen); +} + +void OQS_SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { + callbacks->SHA3_shake256_x4_inc_init(state); +} + +void OQS_SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { + callbacks->SHA3_shake256_x4_inc_absorb(state, in0, in1, in2, in3, inlen); +} + +void OQS_SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state) { + callbacks->SHA3_shake256_x4_inc_finalize(state); +} + +void OQS_SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake256_x4_inc_ctx *state) { + callbacks->SHA3_shake256_x4_inc_squeeze(out0, out1, out2, out3, outlen, state); +} + +void OQS_SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) { + callbacks->SHA3_shake256_x4_inc_ctx_release(state); +} + +void OQS_SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, const OQS_SHA3_shake256_x4_inc_ctx *src) { + callbacks->SHA3_shake256_x4_inc_ctx_clone(dest, src); +} + +void OQS_SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { + callbacks->SHA3_shake256_x4_inc_ctx_reset(state); +} diff --git a/src/common/sha3/sha3x4.h b/src/common/sha3/sha3x4.h index cef4e6750e..11d6225bb7 100644 --- a/src/common/sha3/sha3x4.h +++ b/src/common/sha3/sha3x4.h @@ -18,6 +18,8 @@ #include #include +#include + #if defined(__cplusplus) extern "C" { #endif @@ -255,6 +257,97 @@ void OQS_SHA3_shake256_x4_inc_ctx_clone( */ void OQS_SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state); +struct OQS_SHA3_x4_callbacks { + void (*SHA3_shake128_x4)( + uint8_t *out0, + uint8_t *out1, + uint8_t *out2, + uint8_t *out3, + size_t outlen, + const uint8_t *in0, + const uint8_t *in1, + const uint8_t *in2, + const uint8_t *in3, + size_t inlen); + + void (*SHA3_shake128_x4_inc_init)(OQS_SHA3_shake128_x4_inc_ctx *state); + + void (*SHA3_shake128_x4_inc_absorb)( + OQS_SHA3_shake128_x4_inc_ctx *state, + const uint8_t *in0, + const uint8_t *in1, + const uint8_t *in2, + const uint8_t *in3, + size_t inlen); + + void (*SHA3_shake128_x4_inc_finalize)(OQS_SHA3_shake128_x4_inc_ctx *state); + + void (*SHA3_shake128_x4_inc_squeeze)( + uint8_t *out0, + uint8_t *out1, + uint8_t *out2, + uint8_t *out3, + size_t outlen, + OQS_SHA3_shake128_x4_inc_ctx *state); + + void (*SHA3_shake128_x4_inc_ctx_release)(OQS_SHA3_shake128_x4_inc_ctx *state); + + void (*SHA3_shake128_x4_inc_ctx_clone)( + OQS_SHA3_shake128_x4_inc_ctx *dest, + const OQS_SHA3_shake128_x4_inc_ctx *src); + + void (*SHA3_shake128_x4_inc_ctx_reset)(OQS_SHA3_shake128_x4_inc_ctx *state); + + void (*SHA3_shake256_x4)( + uint8_t *out0, + uint8_t *out1, + uint8_t *out2, + uint8_t *out3, + size_t outlen, + const uint8_t *in0, + const uint8_t *in1, + const uint8_t *in2, + const uint8_t *in3, + size_t inlen); + + void (*SHA3_shake256_x4_inc_init)(OQS_SHA3_shake256_x4_inc_ctx *state); + + void (*SHA3_shake256_x4_inc_absorb)( + OQS_SHA3_shake256_x4_inc_ctx *state, + const uint8_t *in0, + const uint8_t *in1, + const uint8_t *in2, + const uint8_t *in3, + size_t inlen); + + void (*SHA3_shake256_x4_inc_finalize)(OQS_SHA3_shake256_x4_inc_ctx *state); + + void (*SHA3_shake256_x4_inc_squeeze)( + uint8_t *out0, + uint8_t *out1, + uint8_t *out2, + uint8_t *out3, + size_t outlen, + OQS_SHA3_shake256_x4_inc_ctx *state); + + void (*SHA3_shake256_x4_inc_ctx_release)(OQS_SHA3_shake256_x4_inc_ctx *state); + + void (*SHA3_shake256_x4_inc_ctx_clone)( + OQS_SHA3_shake256_x4_inc_ctx *dest, + const OQS_SHA3_shake256_x4_inc_ctx *src); + + void (*SHA3_shake256_x4_inc_ctx_reset)(OQS_SHA3_shake256_x4_inc_ctx *state); +}; + +/** + * Set callback functions for 4-parallel SHA3 operations. + * + * This function may be called at most once before OQS_init to replace + * the implementation of 4-parallel SHA3 operations. + * + * @param new_callbacks Callback functions defined in OQS_SHA3_x4_callbacks struct + */ +OQS_API void OQS_SHA3_x4_set_callbacks(struct OQS_SHA3_x4_callbacks *new_callbacks); #if defined(__cplusplus) } // extern "C" diff --git a/src/common/sha3/xkcp_sha3.c b/src/common/sha3/xkcp_sha3.c index e9192862ef..2fce9d9fe0 100644 --- a/src/common/sha3/xkcp_sha3.c +++ b/src/common/sha3/xkcp_sha3.c @@ -190,7 +190,7 @@ static void keccak_inc_squeeze(uint8_t *h, size_t outlen, /* SHA3-256 */ -void OQS_SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inlen) { +static void SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inlen) { OQS_SHA3_sha3_256_inc_ctx s; OQS_SHA3_sha3_256_inc_init(&s); OQS_SHA3_sha3_256_inc_absorb(&s, input, inlen); @@ -198,7 +198,7 @@ void OQS_SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inlen) { OQS_SHA3_sha3_256_inc_ctx_release(&s); } -void OQS_SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state) { +static void SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state) { state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); if (state->ctx == NULL) { exit(111); @@ -206,30 +206,30 @@ void OQS_SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } -void OQS_SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inlen) { +static void SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inlen) { keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHA3_256_RATE, input, inlen); } -void OQS_SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state) { +static void SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state) { keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHA3_256_RATE, 0x06); keccak_inc_squeeze(output, 32, (uint64_t *)state->ctx, OQS_SHA3_SHA3_256_RATE); } -void OQS_SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state) { +static void SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state) { OQS_MEM_aligned_free(state->ctx); } -void OQS_SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src) { +static void SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src) { memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); } -void OQS_SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state) { +static void SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } /* SHA3-384 */ -void OQS_SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inlen) { +static void SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inlen) { OQS_SHA3_sha3_384_inc_ctx s; OQS_SHA3_sha3_384_inc_init(&s); OQS_SHA3_sha3_384_inc_absorb(&s, input, inlen); @@ -237,7 +237,7 @@ void OQS_SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inlen) { OQS_SHA3_sha3_384_inc_ctx_release(&s); } -void OQS_SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state) { +static void SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state) { state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); if (state->ctx == NULL) { exit(111); @@ -245,30 +245,30 @@ void OQS_SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } -void OQS_SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inlen) { +static void SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inlen) { keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHA3_384_RATE, input, inlen); } -void OQS_SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state) { +static void SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state) { keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHA3_384_RATE, 0x06); keccak_inc_squeeze(output, 48, (uint64_t *)state->ctx, OQS_SHA3_SHA3_384_RATE); } -void OQS_SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state) { +static void SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state) { OQS_MEM_aligned_free(state->ctx); } -void OQS_SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src) { +static void SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src) { memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); } -void OQS_SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state) { +static void SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } /* SHA3-512 */ -void OQS_SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inlen) { +static void SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inlen) { OQS_SHA3_sha3_512_inc_ctx s; OQS_SHA3_sha3_512_inc_init(&s); OQS_SHA3_sha3_512_inc_absorb(&s, input, inlen); @@ -276,7 +276,7 @@ void OQS_SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inlen) { OQS_SHA3_sha3_512_inc_ctx_release(&s); } -void OQS_SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) { +static void SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) { state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); if (state->ctx == NULL) { exit(111); @@ -284,30 +284,30 @@ void OQS_SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } -void OQS_SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inlen) { +static void SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inlen) { keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHA3_512_RATE, input, inlen); } -void OQS_SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state) { +static void SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state) { keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHA3_512_RATE, 0x06); keccak_inc_squeeze(output, 64, (uint64_t *)state->ctx, OQS_SHA3_SHA3_512_RATE); } -void OQS_SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state) { +static void SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state) { OQS_MEM_aligned_free(state->ctx); } -void OQS_SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src) { +static void SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src) { memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); } -void OQS_SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state) { +static void SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } /* SHAKE128 */ -void OQS_SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen) { +static void SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen) { OQS_SHA3_shake128_inc_ctx s; OQS_SHA3_shake128_inc_init(&s); OQS_SHA3_shake128_inc_absorb(&s, input, inlen); @@ -318,7 +318,7 @@ void OQS_SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, siz /* SHAKE128 incremental */ -void OQS_SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); if (state->ctx == NULL) { exit(111); @@ -326,33 +326,33 @@ void OQS_SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } -void OQS_SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inlen) { +static void SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inlen) { keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE, input, inlen); } -void OQS_SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state) { keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE, 0x1F); } -void OQS_SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state) { keccak_inc_squeeze(output, outlen, (uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE); } -void OQS_SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src) { +static void SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src) { memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); } -void OQS_SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) { OQS_MEM_aligned_free(state->ctx); } -void OQS_SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) { +static void SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } /* SHAKE256 */ -void OQS_SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen) { +static void SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen) { OQS_SHA3_shake256_inc_ctx s; OQS_SHA3_shake256_inc_init(&s); OQS_SHA3_shake256_inc_absorb(&s, input, inlen); @@ -363,7 +363,7 @@ void OQS_SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, siz /* SHAKE256 incremental */ -void OQS_SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { state->ctx = OQS_MEM_aligned_alloc(KECCAK_CTX_ALIGNMENT, KECCAK_CTX_BYTES); if (state->ctx == NULL) { exit(111); @@ -371,26 +371,68 @@ void OQS_SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } -void OQS_SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inlen) { +static void SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inlen) { keccak_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE, input, inlen); } -void OQS_SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state) { keccak_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE, 0x1F); } -void OQS_SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state) { keccak_inc_squeeze(output, outlen, state->ctx, OQS_SHA3_SHAKE256_RATE); } -void OQS_SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) { OQS_MEM_aligned_free(state->ctx); } -void OQS_SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) { +static void SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) { memcpy(dest->ctx, src->ctx, KECCAK_CTX_BYTES); } -void OQS_SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state) { +static void SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state) { keccak_inc_reset((uint64_t *)state->ctx); } + +extern struct OQS_SHA3_callbacks sha3_default_callbacks; + +struct OQS_SHA3_callbacks sha3_default_callbacks = { + SHA3_sha3_256, + SHA3_sha3_256_inc_init, + SHA3_sha3_256_inc_absorb, + SHA3_sha3_256_inc_finalize, + SHA3_sha3_256_inc_ctx_release, + SHA3_sha3_256_inc_ctx_reset, + SHA3_sha3_256_inc_ctx_clone, + SHA3_sha3_384, + SHA3_sha3_384_inc_init, + SHA3_sha3_384_inc_absorb, + SHA3_sha3_384_inc_finalize, + SHA3_sha3_384_inc_ctx_release, + SHA3_sha3_384_inc_ctx_reset, + SHA3_sha3_384_inc_ctx_clone, + SHA3_sha3_512, + SHA3_sha3_512_inc_init, + SHA3_sha3_512_inc_absorb, + SHA3_sha3_512_inc_finalize, + SHA3_sha3_512_inc_ctx_release, + SHA3_sha3_512_inc_ctx_reset, + SHA3_sha3_512_inc_ctx_clone, + SHA3_shake128, + SHA3_shake128_inc_init, + SHA3_shake128_inc_absorb, + SHA3_shake128_inc_finalize, + SHA3_shake128_inc_squeeze, + SHA3_shake128_inc_ctx_release, + SHA3_shake128_inc_ctx_clone, + SHA3_shake128_inc_ctx_reset, + SHA3_shake256, + SHA3_shake256_inc_init, + SHA3_shake256_inc_absorb, + SHA3_shake256_inc_finalize, + SHA3_shake256_inc_squeeze, + SHA3_shake256_inc_ctx_release, + SHA3_shake256_inc_ctx_clone, + SHA3_shake256_inc_ctx_reset, +}; diff --git a/src/common/sha3/xkcp_sha3x4.c b/src/common/sha3/xkcp_sha3x4.c index fbd9a0e8c5..8ed5da878b 100644 --- a/src/common/sha3/xkcp_sha3x4.c +++ b/src/common/sha3/xkcp_sha3x4.c @@ -155,7 +155,7 @@ static void keccak_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, u /********** SHAKE128 ***********/ -void OQS_SHA3_shake128_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { +static void SHA3_shake128_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { OQS_SHA3_shake128_x4_inc_ctx s; OQS_SHA3_shake128_x4_inc_init(&s); OQS_SHA3_shake128_x4_inc_absorb(&s, in0, in1, in2, in3, inlen); @@ -166,7 +166,7 @@ void OQS_SHA3_shake128_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t * /* SHAKE128 incremental */ -void OQS_SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { state->ctx = OQS_MEM_aligned_alloc(KECCAK_X4_CTX_ALIGNMENT, KECCAK_X4_CTX_BYTES); if (state->ctx == NULL) { exit(111); @@ -174,33 +174,33 @@ void OQS_SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { keccak_x4_inc_reset((uint64_t *)state->ctx); } -void OQS_SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { +static void SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { keccak_x4_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE, in0, in1, in2, in3, inlen); } -void OQS_SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state) { keccak_x4_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE, 0x1F); } -void OQS_SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake128_x4_inc_ctx *state) { keccak_x4_inc_squeeze(out0, out1, out2, out3, outlen, (uint64_t *)state->ctx, OQS_SHA3_SHAKE128_RATE); } -void OQS_SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, const OQS_SHA3_shake128_x4_inc_ctx *src) { +static void SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, const OQS_SHA3_shake128_x4_inc_ctx *src) { memcpy(dest->ctx, src->ctx, KECCAK_X4_CTX_BYTES); } -void OQS_SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) { OQS_MEM_aligned_free(state->ctx); } -void OQS_SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { +static void SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { keccak_x4_inc_reset((uint64_t *)state->ctx); } /********** SHAKE256 ***********/ -void OQS_SHA3_shake256_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { +static void SHA3_shake256_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { OQS_SHA3_shake256_x4_inc_ctx s; OQS_SHA3_shake256_x4_inc_init(&s); OQS_SHA3_shake256_x4_inc_absorb(&s, in0, in1, in2, in3, inlen); @@ -211,7 +211,7 @@ void OQS_SHA3_shake256_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t * /* SHAKE256 incremental */ -void OQS_SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { state->ctx = OQS_MEM_aligned_alloc(KECCAK_X4_CTX_ALIGNMENT, KECCAK_X4_CTX_BYTES); if (state->ctx == NULL) { exit(111); @@ -219,26 +219,47 @@ void OQS_SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { keccak_x4_inc_reset((uint64_t *)state->ctx); } -void OQS_SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { +static void SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) { keccak_x4_inc_absorb((uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE, in0, in1, in2, in3, inlen); } -void OQS_SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state) { keccak_x4_inc_finalize((uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE, 0x1F); } -void OQS_SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, OQS_SHA3_shake256_x4_inc_ctx *state) { keccak_x4_inc_squeeze(out0, out1, out2, out3, outlen, (uint64_t *)state->ctx, OQS_SHA3_SHAKE256_RATE); } -void OQS_SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, const OQS_SHA3_shake256_x4_inc_ctx *src) { +static void SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, const OQS_SHA3_shake256_x4_inc_ctx *src) { memcpy(dest->ctx, src->ctx, KECCAK_X4_CTX_BYTES); } -void OQS_SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) { OQS_MEM_aligned_free(state->ctx); } -void OQS_SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { +static void SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { keccak_x4_inc_reset((uint64_t *)state->ctx); } + +extern struct OQS_SHA3_x4_callbacks sha3_x4_default_callbacks; + +struct OQS_SHA3_x4_callbacks sha3_x4_default_callbacks = { + SHA3_shake128_x4, + SHA3_shake128_x4_inc_init, + SHA3_shake128_x4_inc_absorb, + SHA3_shake128_x4_inc_finalize, + SHA3_shake128_x4_inc_squeeze, + SHA3_shake128_x4_inc_ctx_release, + SHA3_shake128_x4_inc_ctx_clone, + SHA3_shake128_x4_inc_ctx_reset, + SHA3_shake256_x4, + SHA3_shake256_x4_inc_init, + SHA3_shake256_x4_inc_absorb, + SHA3_shake256_x4_inc_finalize, + SHA3_shake256_x4_inc_squeeze, + SHA3_shake256_x4_inc_ctx_release, + SHA3_shake256_x4_inc_ctx_clone, + SHA3_shake256_x4_inc_ctx_reset, +};