sphincs · thomwiggers · Aug 29, 2022 · Aug 29, 2022 · Aug 29, 2022 · Nov 24, 2022
diff --git a/haraka-aesni/Makefile b/haraka-aesni/Makefile
@@ -5,8 +5,8 @@ CC = /usr/bin/gcc
 CFLAGS = -Wall -Wextra -Wpedantic -Wmissing-prototypes -O3 -std=c99 -march=native -fomit-frame-pointer -flto -DPARAMS=$(PARAMS) $(EXTRA_CFLAGS)
 
 
-SOURCES = hash_haraka.c hash_harakax4.c thash_haraka_$(THASH).c thash_haraka_$(THASH)x4.c address.c randombytes.c merkle.c wots.c utils.c utilsx4.c fors.c sign.c haraka.c
-HEADERS = params.h hash.h hashx4.h thash.h thashx4.h address.h randombytes.h merkle.c wots.h utils.h utilsx4.h fors.h api.h haraka.h harakax4.h
+SOURCES = hash_haraka.c hash_harakax4.c thash_haraka_$(THASH).c thash_haraka_$(THASH)x4.c address.c randombytes.c merkle.c wots.c utils.c utilsx4.c fors.c sign.c haraka.c context_haraka.c
+HEADERS = params.h hash.h hashx4.h thash.h thashx4.h address.h randombytes.h merkle.c wots.h utils.h utilsx4.h fors.h api.h haraka.h harakax4.h context.h
 
 DET_SOURCES = $(SOURCES:randombytes.%=rng.%)
 DET_HEADERS = $(HEADERS:randombytes.%=rng.%)

diff --git a/haraka-aesni/context.h b/haraka-aesni/context.h
@@ -13,4 +13,10 @@ typedef struct {
     __m128i rc[40];
 } spx_ctx;
 
+#define initialize_hash_function SPX_NAMESPACE(initialize_hash_function)
+void initialize_hash_function(spx_ctx *ctx);
+
+#define free_hash_function SPX_NAMESPACE(free_hash_function)
+void free_hash_function(spx_ctx *ctx);
+
 #endif
diff --git a/haraka-aesni/context_haraka.c b/haraka-aesni/context_haraka.c
@@ -0,0 +1 @@
+../ref/context_haraka.c
diff --git a/ref/Makefile b/ref/Makefile
@@ -5,18 +5,18 @@ CC=/usr/bin/gcc
 CFLAGS=-Wall -Wextra -Wpedantic -O3 -std=c99 -Wconversion -Wmissing-prototypes -DPARAMS=$(PARAMS) $(EXTRA_CFLAGS)
 
 SOURCES =          address.c randombytes.c merkle.c wots.c wotsx1.c utils.c utilsx1.c fors.c sign.c
-HEADERS = params.h address.h randombytes.h merkle.h wots.h wotsx1.h utils.h utilsx1.h fors.h api.h  hash.h thash.h
+HEADERS = params.h address.h randombytes.h merkle.h wots.h wotsx1.h utils.h utilsx1.h fors.h api.h hash.h thash.h context.h
 
 ifneq (,$(findstring shake,$(PARAMS)))
-	SOURCES += fips202.c hash_shake.c thash_shake_$(THASH).c
+	SOURCES += fips202.c hash_shake.c thash_shake_$(THASH).c context_shake.c
 	HEADERS += fips202.h
 endif
 ifneq (,$(findstring haraka,$(PARAMS)))
-	SOURCES += haraka.c hash_haraka.c thash_haraka_$(THASH).c
+	SOURCES += haraka.c hash_haraka.c thash_haraka_$(THASH).c context_haraka.c
 	HEADERS += haraka.h
 endif
 ifneq (,$(findstring sha2,$(PARAMS)))
-	SOURCES += sha2.c hash_sha2.c thash_sha2_$(THASH).c
+	SOURCES += sha2.c hash_sha2.c thash_sha2_$(THASH).c context_sha2.c
 	HEADERS += sha2.h
 endif
 

diff --git a/ref/context.h b/ref/context.h
@@ -2,20 +2,24 @@
 #define SPX_CONTEXT_H
 
 #include <stdint.h>
+#include <stddef.h>
 
 #include "params.h"
+#ifdef SPX_SHA2
+#include "sha2.h"
+#endif
 
 typedef struct {
     uint8_t pub_seed[SPX_N];
     uint8_t sk_seed[SPX_N];
 
 #ifdef SPX_SHA2
     // sha256 state that absorbed pub_seed
-    uint8_t state_seeded[40];
+    sha256ctx state_seeded;
 
 # if SPX_SHA512
     // sha512 state that absorbed pub_seed
-    uint8_t state_seeded_512[72];
+    sha512ctx state_seeded_512;
 # endif
 #endif
 
@@ -25,4 +29,10 @@ typedef struct {
 #endif
 } spx_ctx;
 
+#define initialize_hash_function SPX_NAMESPACE(initialize_hash_function)
+void initialize_hash_function(spx_ctx *ctx);
+
+#define free_hash_function SPX_NAMESPACE(free_hash_function)
+void free_hash_function(spx_ctx *ctx);
+
 #endif
diff --git a/ref/context_haraka.c b/ref/context_haraka.c
@@ -0,0 +1,12 @@
+#include "context.h"
+#include "haraka.h"
+
+void initialize_hash_function(spx_ctx* ctx)
+{
+    tweak_constants(ctx);
+}
+
+// we don't support heap-based haraka right now
+void free_hash_function(spx_ctx *ctx) {
+    (void)ctx; // suppress unused variable warnings
+}
diff --git a/ref/context_sha2.c b/ref/context_sha2.c
@@ -0,0 +1,42 @@
+#include "context.h"
+
+/**
+ * Absorb the constant pub_seed using one round of the compression function
+ * This initializes state_seeded and state_seeded_512, which can then be
+ * reused in thash
+ **/
+static void seed_state(spx_ctx *ctx) {
+    uint8_t block[SPX_SHA512_BLOCK_BYTES];
+    size_t i;
+
+    for (i = 0; i < SPX_N; ++i) {
+        block[i] = ctx->pub_seed[i];
+    }
+    for (i = SPX_N; i < SPX_SHA512_BLOCK_BYTES; ++i) {
+        block[i] = 0;
+    }
+    /* block has been properly initialized for both SHA-256 and SHA-512 */
+
+    sha256_inc_init(&ctx->state_seeded);
+    sha256_inc_blocks(&ctx->state_seeded, block, 1);
+#if SPX_SHA512
+    sha512_inc_init(&ctx->state_seeded_512);
+    sha512_inc_blocks(&ctx->state_seeded_512, block, 1);
+#endif
+}
+
+
+/* We initialize the state for the hash functions */
+void initialize_hash_function(spx_ctx *ctx)
+{
+    seed_state(ctx);
+}
+
+/* Free the incremental hashing context for heap-based SHA2 APIs */
+void free_hash_function(spx_ctx *ctx)
+{
+    sha256_inc_ctx_release(&ctx->state_seeded);
+#if SPX_SHA512
+    sha512_inc_ctx_release(&ctx->state_seeded_512);
+#endif
+}
diff --git a/ref/context_shake.c b/ref/context_shake.c
@@ -0,0 +1,13 @@
+#include "context.h"
+
+/* For SHAKE256, there is no immediate reason to initialize at the start,
+   so this function is an empty operation. */
+void initialize_hash_function(spx_ctx *ctx)
+{
+    (void)ctx; /* Suppress an 'unused parameter' warning. */
+}
+
+// in case the hash function api is heap-based.
+void free_hash_function(spx_ctx *ctx) {
+    (void)ctx;
+}