parallel-sphincsplus/prehash.cpp at main · sphincs/parallel-sphincsplus · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
///
/// \file prehash.cpp
/// \brief This is the module that supports the prehash version of SLH-DSA
///
/// It's in a separate module because it is rarely used
///
#include <string.h>
#include <stdint.h>
#include "api.h"
#include "internal.h"

namespace slh_dsa {

//
// The various prehash OIDs
//
// SHA256
hash_type ph_sha256 = {
    32, 11,
    "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01"
};

// SHA512
hash_type ph_sha512 = {
    64, 11,
    "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03"
};

// SHAKE-128 (32 byte output)
hash_type ph_shake128 = {
    32, 11,
    "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x0B"
};

// SHAKE-256 (64 byte otuput)
hash_type ph_shake256 = {
    64, 11,
    "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x0C"
};

//
// The prehash version of the sign routine
success_flag key::sign(
            unsigned char *signature, size_t len_signature_buffer,
            const unsigned char *message, size_t len_message,
	    const hash_type& hash,
	    const void *context, size_t len_context,
            const random& rand) {

    // Check if the message length is what we expect
    if (len_message != hash.length) {
        return failure;
    }

    // Do the actual signature
    sign_flag s = sign_internal(
            signature, len_signature_buffer,
	    0x01,           // Domain separator == "Prehashed"
	    context, len_context,
	    hash.oid, hash.oid_length,  // Include the oid
            message, len_message, rand);

    if (s == sign_success) {
	return success;
    } else {
	return failure;    // We don't bother reporting the failure reason
    }
}

// The C++ version of prehashed sign is in stl.cpp

//
// The prehashed version of verify
success_flag key::verify(
            const unsigned char *signature, size_t len_signature,
            const void *message, size_t len_message,
	    const hash_type& hash,
	    const void *context, size_t len_context) {

    // Note: we don't check if the message length is the expected hash
    // length.  Should we?

    return verify_internal( signature, len_signature,
	    0x01,           // Domain separator == "Prehashed"
	    context, len_context,
	    hash.oid, hash.oid_length,  // Include the oid
            message, len_message );
}

}  /* namespace slh_dsa */