pq_crypto 0.3.2 → 0.5.0

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-times4-SnP.h

@@ -1,50 +0,0 @@
-/*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
-
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
-
-To the extent possible under law, the implementer has waived all copyright
-and related or neighboring rights to the source code in this file.
-http://creativecommons.org/publicdomain/zero/1.0/
-*/
-
-#ifndef _KeccakP_1600_times4_SnP_h_
-#define _KeccakP_1600_times4_SnP_h_
-
-/** For the documentation, see PlSnP-documentation.h.
- */
-
-#include "SIMD256-config.h"
-
-#define KeccakP1600times4_implementation        "256-bit SIMD implementation (" KeccakP1600times4_implementation_config ")"
-#define KeccakP1600times4_statesSizeInBytes     800
-#define KeccakP1600times4_statesAlignment       32
-#define KeccakF1600times4_FastLoop_supported
-#define KeccakP1600times4_12rounds_FastLoop_supported
-
-#include <stddef.h>
-
-#define KeccakP1600times4_StaticInitialize()
-void KeccakP1600times4_InitializeAll(void *states);
-#define KeccakP1600times4_AddByte(states, instanceIndex, byte, offset) \
-    ((unsigned char*)(states))[(instanceIndex)*8 + ((offset)/8)*4*8 + (offset)%8] ^= (byte)
-void KeccakP1600times4_AddBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length);
-void KeccakP1600times4_AddLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset);
-void KeccakP1600times4_OverwriteBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length);
-void KeccakP1600times4_OverwriteLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset);
-void KeccakP1600times4_OverwriteWithZeroes(void *states, unsigned int instanceIndex, unsigned int byteCount);
-void KeccakP1600times4_PermuteAll_12rounds(void *states);
-void KeccakP1600times4_PermuteAll_24rounds(void *states);
-void KeccakP1600times4_ExtractBytes(const void *states, unsigned int instanceIndex, unsigned char *data, unsigned int offset, unsigned int length);
-void KeccakP1600times4_ExtractLanesAll(const void *states, unsigned char *data, unsigned int laneCount, unsigned int laneOffset);
-void KeccakP1600times4_ExtractAndAddBytes(const void *states, unsigned int instanceIndex,  const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length);
-void KeccakP1600times4_ExtractAndAddLanesAll(const void *states, const unsigned char *input, unsigned char *output, unsigned int laneCount, unsigned int laneOffset);
-size_t KeccakF1600times4_FastLoop_Absorb(void *states, unsigned int laneCount, unsigned int laneOffsetParallel, unsigned int laneOffsetSerial, const unsigned char *data, size_t dataByteLen);
-size_t KeccakP1600times4_12rounds_FastLoop_Absorb(void *states, unsigned int laneCount, unsigned int laneOffsetParallel, unsigned int laneOffsetSerial, const unsigned char *data, size_t dataByteLen);
-
-#endif

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/KeccakP-1600-unrolling.macros

@@ -1,198 +0,0 @@
-/*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
-
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
-
-To the extent possible under law, the implementer has waived all copyright
-and related or neighboring rights to the source code in this file.
-http://creativecommons.org/publicdomain/zero/1.0/
-*/
-
-#if (defined(FullUnrolling))
-#define rounds24 \
-    prepareTheta \
-    thetaRhoPiChiIotaPrepareTheta( 0, A, E) \
-    thetaRhoPiChiIotaPrepareTheta( 1, E, A) \
-    thetaRhoPiChiIotaPrepareTheta( 2, A, E) \
-    thetaRhoPiChiIotaPrepareTheta( 3, E, A) \
-    thetaRhoPiChiIotaPrepareTheta( 4, A, E) \
-    thetaRhoPiChiIotaPrepareTheta( 5, E, A) \
-    thetaRhoPiChiIotaPrepareTheta( 6, A, E) \
-    thetaRhoPiChiIotaPrepareTheta( 7, E, A) \
-    thetaRhoPiChiIotaPrepareTheta( 8, A, E) \
-    thetaRhoPiChiIotaPrepareTheta( 9, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(10, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(11, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(12, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(13, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(14, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(15, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(16, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(17, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(18, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(19, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(20, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(21, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(22, A, E) \
-    thetaRhoPiChiIota(23, E, A) \
-
-#define rounds12 \
-    prepareTheta \
-    thetaRhoPiChiIotaPrepareTheta(12, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(13, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(14, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(15, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(16, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(17, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(18, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(19, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(20, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(21, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(22, A, E) \
-    thetaRhoPiChiIota(23, E, A) \
-
-#elif (Unrolling == 12)
-#define rounds24 \
-    prepareTheta \
-    for(i=0; i<24; i+=12) { \
-        thetaRhoPiChiIotaPrepareTheta(i   , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 1, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 2, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 3, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 4, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 5, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 6, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 7, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 8, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+ 9, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+10, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+11, E, A) \
-    } \
-
-#define rounds12 \
-    prepareTheta \
-    thetaRhoPiChiIotaPrepareTheta(12, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(13, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(14, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(15, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(16, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(17, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(18, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(19, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(20, A, E) \
-    thetaRhoPiChiIotaPrepareTheta(21, E, A) \
-    thetaRhoPiChiIotaPrepareTheta(22, A, E) \
-    thetaRhoPiChiIota(23, E, A) \
-
-#elif (Unrolling == 6)
-#define rounds24 \
-    prepareTheta \
-    for(i=0; i<24; i+=6) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+3, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+4, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+5, E, A) \
-    } \
-
-#define rounds12 \
-    prepareTheta \
-    for(i=12; i<24; i+=6) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+3, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+4, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+5, E, A) \
-    } \
-
-#elif (Unrolling == 4)
-#define rounds24 \
-    prepareTheta \
-    for(i=0; i<24; i+=4) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+3, E, A) \
-    } \
-
-#define rounds12 \
-    prepareTheta \
-    for(i=12; i<24; i+=4) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+3, E, A) \
-    } \
-
-#elif (Unrolling == 3)
-#define rounds24 \
-    prepareTheta \
-    for(i=0; i<24; i+=3) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \
-        copyStateVariables(A, E) \
-    } \
-
-#define rounds12 \
-    prepareTheta \
-    for(i=12; i<24; i+=3) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-        thetaRhoPiChiIotaPrepareTheta(i+2, A, E) \
-        copyStateVariables(A, E) \
-    } \
-
-#elif (Unrolling == 2)
-#define rounds24 \
-    prepareTheta \
-    for(i=0; i<24; i+=2) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-    } \
-
-#define rounds12 \
-    prepareTheta \
-    for(i=12; i<24; i+=2) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-    } \
-
-#elif (Unrolling == 1)
-#define rounds24 \
-    prepareTheta \
-    for(i=0; i<24; i++) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        copyStateVariables(A, E) \
-    } \
-
-#define rounds12 \
-    prepareTheta \
-    for(i=12; i<24; i++) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        copyStateVariables(A, E) \
-    } \
-
-#else
-#error "Unrolling is not correctly specified!"
-#endif
-
-#define roundsN(__nrounds) \
-    prepareTheta \
-    i = 24 - (__nrounds); \
-    if ((i&1) != 0) { \
-        thetaRhoPiChiIotaPrepareTheta(i, A, E) \
-        copyStateVariables(A, E) \
-        ++i; \
-    } \
-    for( /* empty */; i<24; i+=2) { \
-        thetaRhoPiChiIotaPrepareTheta(i  , A, E) \
-        thetaRhoPiChiIotaPrepareTheta(i+1, E, A) \
-    }

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile

@@ -1,8 +0,0 @@
-KeccakP-1600-times4-SIMD256.o: KeccakP-1600-times4-SIMD256.c \
-  align.h brg_endian.h KeccakP-1600-times4-SnP.h \
-  KeccakP-1600-unrolling.macros SIMD256-config.h
-	$(CC) -O3 -mavx2 -c $< -o $@
-
-.PHONY: clean
-clean:
-	$(RM) KeccakP-1600-times4-SIMD256.o

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/Makefile.Microsoft_nmake

@@ -1,8 +0,0 @@
-KeccakP-1600-times4-SIMD256.obj: KeccakP-1600-times4-SIMD256.c \
-  align.h brg_endian.h KeccakP-1600-times4-SnP.h \
-  KeccakP-1600-unrolling.macros SIMD256-config.h
-	$(CC) /nologo /c /O2 /W4 /WX /arch:AVX2 KeccakP-1600-times4-SIMD256.c
-
-.PHONY: clean
-clean:
-	$(RM) KeccakP-1600-times4-SIMD256.obj

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/SIMD256-config.h

@@ -1,3 +0,0 @@
-#define KeccakP1600times4_implementation_config "AVX2, all rounds unrolled"
-#define KeccakP1600times4_fullUnrolling
-#define KeccakP1600times4_useAVX2

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/align.h

@@ -1,34 +0,0 @@
-/*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
-
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
-
-To the extent possible under law, the implementer has waived all copyright
-and related or neighboring rights to the source code in this file.
-http://creativecommons.org/publicdomain/zero/1.0/
-*/
-
-#ifndef _align_h_
-#define _align_h_
-
-/* on Mac OS-X and possibly others, ALIGN(x) is defined in param.h, and -Werror chokes on the redef. */
-#ifdef ALIGN
-#undef ALIGN
-#endif
-
-#if defined(__GNUC__)
-#define ALIGN(x) __attribute__ ((aligned(x)))
-#elif defined(_MSC_VER)
-#define ALIGN(x) __declspec(align(x))
-#elif defined(__ARMCC_VERSION)
-#define ALIGN(x) __align(x)
-#else
-#define ALIGN(x)
-#endif
-
-#endif

data/ext/pqcrypto/vendor/pqclean/common/keccak4x/brg_endian.h

@@ -1,142 +0,0 @@
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The redistribution and use of this software (with or without changes)
- is allowed without the payment of fees or royalties provided that:
-
-  1. source code distributions include the above copyright notice, this
-     list of conditions and the following disclaimer;
-
-  2. binary distributions include the above copyright notice, this list
-     of conditions and the following disclaimer in their documentation;
-
-  3. the name of the copyright holder is not used to endorse products
-     built using this software without specific written permission.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue Date: 20/12/2007
- Changes for ARM 9/9/2010
-*/
-
-#ifndef _BRG_ENDIAN_H
-#define _BRG_ENDIAN_H
-
-#define IS_BIG_ENDIAN      4321 /* byte 0 is most significant (mc68k) */
-#define IS_LITTLE_ENDIAN   1234 /* byte 0 is least significant (i386) */
-
-#if 0
-/* Include files where endian defines and byteswap functions may reside */
-#if defined( __sun )
-#  include <sys/isa_defs.h>
-#elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
-#  include <sys/endian.h>
-#elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
-defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
-#  include <machine/endian.h>
-#elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
-#  if !defined( __MINGW32__ ) && !defined( _AIX )
-#    include <endian.h>
-#    if !defined( __BEOS__ )
-#      include <byteswap.h>
-#    endif
-#  endif
-#endif
-#endif
-
-/* Now attempt to set the define for platform byte order using any  */
-/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, which  */
-/* seem to encompass most endian symbol definitions                 */
-
-#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN )
-#  if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN
-#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#  elif defined( BYTE_ORDER ) && BYTE_ORDER == LITTLE_ENDIAN
-#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#  endif
-#elif defined( BIG_ENDIAN )
-#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#elif defined( LITTLE_ENDIAN )
-#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#endif
-
-#if defined( _BIG_ENDIAN ) && defined( _LITTLE_ENDIAN )
-#  if defined( _BYTE_ORDER ) && _BYTE_ORDER == _BIG_ENDIAN
-#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#  elif defined( _BYTE_ORDER ) && _BYTE_ORDER == _LITTLE_ENDIAN
-#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#  endif
-#elif defined( _BIG_ENDIAN )
-#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#elif defined( _LITTLE_ENDIAN )
-#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#endif
-
-#if defined( __BIG_ENDIAN ) && defined( __LITTLE_ENDIAN )
-#  if defined( __BYTE_ORDER ) && __BYTE_ORDER == __BIG_ENDIAN
-#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#  elif defined( __BYTE_ORDER ) && __BYTE_ORDER == __LITTLE_ENDIAN
-#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#  endif
-#elif defined( __BIG_ENDIAN )
-#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#elif defined( __LITTLE_ENDIAN )
-#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#endif
-
-#if defined( __BIG_ENDIAN__ ) && defined( __LITTLE_ENDIAN__ )
-#  if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __BIG_ENDIAN__
-#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#  elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __LITTLE_ENDIAN__
-#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#  endif
-#elif defined( __BIG_ENDIAN__ )
-#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#elif defined( __LITTLE_ENDIAN__ )
-#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#endif
-
-/*  if the platform byte order could not be determined, then try to */
-/*  set this define using common machine defines                    */
-#if !defined(PLATFORM_BYTE_ORDER)
-
-#if   defined( __alpha__ ) || defined( __alpha ) || defined( i386 )       || \
-defined( __i386__ )  || defined( _M_I86 )  || defined( _M_IX86 )    || \
-defined( __OS2__ )   || defined( sun386 )  || defined( __TURBOC__ ) || \
-defined( vax )       || defined( vms )     || defined( VMS )        || \
-defined( __VMS )     || defined( _M_X64 )
-#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-
-#elif defined( AMIGA )   || defined( applec )    || defined( __AS400__ )  || \
-defined( _CRAY )   || defined( __hppa )    || defined( __hp9000 )   || \
-defined( ibm370 )  || defined( mc68000 )   || defined( m68k )       || \
-defined( __MRC__ ) || defined( __MVS__ )   || defined( __MWERKS__ ) || \
-defined( sparc )   || defined( __sparc)    || defined( SYMANTEC_C ) || \
-defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM )   || \
-defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
-#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-
-#elif defined(__arm__)
-# ifdef __BIG_ENDIAN
-#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-# else
-#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-# endif
-#elif 1     /* **** EDIT HERE IF NECESSARY **** */
-#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#elif 0     /* **** EDIT HERE IF NECESSARY **** */
-#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#else
-#  error Please edit lines 132 or 134 in brg_endian.h to set the platform byte order
-#endif
-
-#endif
-
-#endif

data/ext/pqcrypto/vendor/pqclean/common/nistseedexpander.c

@@ -1,101 +0,0 @@
-//
-//  rng.c
-//
-//  Created by Bassham, Lawrence E (Fed) on 8/29/17.
-//  Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved.
-//  Modified for PQClean by Sebastian Verschoor
-//
-
-#include "nistseedexpander.h"
-#include "aes.h"
-#include <string.h>
-
-/*
- seedexpander_init()
- ctx            - stores the current state of an instance of the seed expander
- seed           - a 32 byte random value
- diversifier    - an 8 byte diversifier
- maxlen         - maximum number of bytes (less than 2**32) generated under this seed and diversifier
- */
-int
-seedexpander_init(AES_XOF_struct *ctx,
-                  const uint8_t *seed,
-                  const uint8_t *diversifier,
-                  size_t maxlen) {
-    ctx->length_remaining = maxlen;
-
-    memcpy(ctx->key, seed, 32);
-    memcpy(ctx->ctr, diversifier, 8);
-
-    ctx->ctr[11] = maxlen % 256;
-    maxlen >>= 8;
-    ctx->ctr[10] = maxlen % 256;
-    maxlen >>= 8;
-    ctx->ctr[9] = maxlen % 256;
-    maxlen >>= 8;
-    ctx->ctr[8] = maxlen % 256;
-    memset(ctx->ctr + 12, 0x00, 4);
-
-    ctx->buffer_pos = 16;
-    memset(ctx->buffer, 0x00, 16);
-
-    return RNG_SUCCESS;
-}
-
-static void AES256_ECB(uint8_t *key, uint8_t *ctr, uint8_t *buffer) {
-    aes256ctx ctx;
-    aes256_ecb_keyexp(&ctx, key);
-    aes256_ecb(buffer, ctr, 1, &ctx);
-    aes256_ctx_release(&ctx);
-}
-
-/*
- seedexpander()
-    ctx  - stores the current state of an instance of the seed expander
-    x    - returns the XOF data
-    xlen - number of bytes to return
- */
-int
-seedexpander(AES_XOF_struct *ctx, uint8_t *x, size_t xlen) {
-    size_t offset;
-
-    if ( x == NULL ) {
-        return RNG_BAD_OUTBUF;
-    }
-    if ( xlen >= ctx->length_remaining ) {
-        return RNG_BAD_REQ_LEN;
-    }
-
-    ctx->length_remaining -= xlen;
-
-    offset = 0;
-    while ( xlen > 0 ) {
-        if ( xlen <= (16 - ctx->buffer_pos) ) { // buffer has what we need
-            memcpy(x + offset, ctx->buffer + ctx->buffer_pos, xlen);
-            ctx->buffer_pos += xlen;
-
-            return RNG_SUCCESS;
-        }
-
-        // take what's in the buffer
-        memcpy(x + offset, ctx->buffer + ctx->buffer_pos, 16 - ctx->buffer_pos);
-        xlen -= 16 - ctx->buffer_pos;
-        offset += 16 - ctx->buffer_pos;
-
-        AES256_ECB(ctx->key, ctx->ctr, ctx->buffer);
-        ctx->buffer_pos = 0;
-
-        //increment the counter
-        for (size_t i = 15; i >= 12; i--) {
-            if ( ctx->ctr[i] == 0xff ) {
-                ctx->ctr[i] = 0x00;
-            } else {
-                ctx->ctr[i]++;
-                break;
-            }
-        }
-
-    }
-
-    return RNG_SUCCESS;
-}

data/ext/pqcrypto/vendor/pqclean/common/nistseedexpander.h

@@ -1,39 +0,0 @@
-#ifndef NISTSEEDEXPANDER_H
-#define NISTSEEDEXPANDER_H
-
-//
-//  rng.h
-//
-//  Created by Bassham, Lawrence E (Fed) on 8/29/17.
-//  Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved.
-//  Modified for PQClean by Sebastian Verschoor
-//
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define NISTSEEDEXPANDER_SEED_LEN 32
-
-#define RNG_SUCCESS     ( 0)
-#define RNG_BAD_MAXLEN  (-1)
-#define RNG_BAD_OUTBUF  (-2)
-#define RNG_BAD_REQ_LEN (-3)
-
-typedef struct {
-    uint8_t buffer[16];
-    size_t  buffer_pos;
-    size_t  length_remaining;
-    uint8_t key[NISTSEEDEXPANDER_SEED_LEN];
-    uint8_t ctr[16];
-} AES_XOF_struct;
-
-int
-seedexpander_init(AES_XOF_struct *ctx,
-                  const uint8_t *seed,
-                  const uint8_t *diversifier,
-                  size_t maxlen);
-
-int
-seedexpander(AES_XOF_struct *ctx, uint8_t *x, size_t xlen);
-
-#endif /* NISTSEEDEXPANDER_H */