From 8bc3f7d410b2dcc804627b4c4e450307701a87bd Mon Sep 17 00:00:00 2001
From: d-z-m <dzm@unexpl0.red>
Date: Sat, 23 Sep 2023 13:25:23 -0400
Subject: [PATCH] use XORBytes utility in crypto/subtle

use the XORBytes utility function in crypto/subtle, which has architecture specific assembly implementations
---
 .github/workflows/go.yml   | 2 +-
 go.mod                     | 9 ++++-----
 go.sum                     | 7 -------
 tweakable/sha256Tweak.go   | 4 +++-
 tweakable/shake256Tweak.go | 6 ++++--
 util/util.go               | 9 ---------
 6 files changed, 12 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 8bc4493..2649fd0 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -16,7 +16,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.15
+        go-version: '1.20'
 
     - name: Build
       run: go build -v ./...
diff --git a/go.mod b/go.mod
index c1f4366..925b5bf 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,7 @@
 module github.com/kasperdi/SPHINCSPLUS-golang
 
-go 1.15
+go 1.20
 
-require (
-	golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
-)
+require golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
+
+require golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
diff --git a/go.sum b/go.sum
index 0a23370..091b92d 100644
--- a/go.sum
+++ b/go.sum
@@ -1,11 +1,4 @@
 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0=
 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/tweakable/sha256Tweak.go b/tweakable/sha256Tweak.go
index 1a0a2c7..180a9ec 100644
--- a/tweakable/sha256Tweak.go
+++ b/tweakable/sha256Tweak.go
@@ -3,6 +3,7 @@ package tweakable
 import (
 	"crypto/hmac"
 	"crypto/sha256"
+	"crypto/subtle"
 
 	"github.com/kasperdi/SPHINCSPLUS-golang/address"
 	"github.com/kasperdi/SPHINCSPLUS-golang/util"
@@ -51,7 +52,8 @@ func (h *Sha256Tweak) F(PKseed []byte, adrs *address.ADRS, tmp []byte) []byte {
 
 	if h.Variant == Robust {
 		bitmask := mgf1sha256(append(PKseed, compressedADRS...), len(tmp))
-		M1 = util.XorBytes(tmp, bitmask)
+		M1 = make([]byte, len(tmp))
+		_ = subtle.XORBytes(M1, tmp, bitmask)
 	} else if h.Variant == Simple {
 		M1 = tmp
 	}
diff --git a/tweakable/shake256Tweak.go b/tweakable/shake256Tweak.go
index b6541a8..698c0fd 100644
--- a/tweakable/shake256Tweak.go
+++ b/tweakable/shake256Tweak.go
@@ -1,8 +1,9 @@
 package tweakable
 
 import (
+	"crypto/subtle"
+
 	"github.com/kasperdi/SPHINCSPLUS-golang/address"
-	"github.com/kasperdi/SPHINCSPLUS-golang/util"
 	"golang.org/x/crypto/sha3"
 )
 
@@ -51,7 +52,8 @@ func (h *Shake256Tweak) F(PKseed []byte, adrs *address.ADRS, tmp []byte) []byte
 
 	if h.Variant == Robust {
 		bitmask := generateBitmask(PKseed, adrs, 8*len(tmp))
-		M1 = util.XorBytes(tmp, bitmask)
+		M1 = make([]byte, len(tmp))
+		_ = subtle.XORBytes(M1, tmp, bitmask)
 	} else if h.Variant == Simple {
 		M1 = tmp
 	}
diff --git a/util/util.go b/util/util.go
index 4c04f7d..13ac300 100644
--- a/util/util.go
+++ b/util/util.go
@@ -31,15 +31,6 @@ func BytesToUint32(in []byte) uint32 {
 	return res
 }
 
-// Returns a XOR b, where a and b has to have same length
-func XorBytes(a []byte, b []byte) []byte {
-	res := make([]byte, len(a))
-	for i, elem := range a {
-		res[i] = elem ^ b[i]
-	}
-	return res
-}
-
 func Base_w(X []byte, w int, out_len int) []int {
 	in := 0
 	out := 0