Unverified Commit b49276b3 authored by Ola Bini's avatar Ola Bini
Browse files

Fix libotr-ng#103 for this library - remove all type names ending in _t - make...

Fix libotr-ng#103 for this library - remove all type names ending in _t - make those with one entry arrays end in _p instead, and make sure the struct name ending in _s is always exposed
parent 229862e0
......@@ -4,7 +4,7 @@
#include <goldilocks.h>
#define API_NS(_id) goldilocks_448_##_id
const API_NS(point_t) API_NS(point_base) = {{
const API_NS(point_p) API_NS(point_base) = {{
{FIELD_LITERAL(0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0080000000000000,0x00fffffffffffffe,0x00ffffffffffffff,0x00ffffffffffffff,0x007fffffffffffff)},
{FIELD_LITERAL(0x006079b4dfdd4a64,0x000c1e3ab470a1c8,0x0044d73f48e5199b,0x0050452714141818,0x004c74c393d5242c,0x0024080526437050,0x00d48d06c13078ca,0x008508de14f04286)},
{FIELD_LITERAL(0x0000000000000001,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000)},
......
......@@ -16,7 +16,7 @@
#include <string.h>
#include "api.h"
#define hash_ctx_t goldilocks_shake256_ctx_t
#define hash_ctx_p goldilocks_shake256_ctx_p
#define hash_init goldilocks_shake256_init
#define hash_update goldilocks_shake256_update
#define hash_final goldilocks_shake256_final
......@@ -48,7 +48,7 @@ static void clamp (
/* is ed448 by default with no context? */
static void hash_init_with_dom(
hash_ctx_t hash,
hash_ctx_p hash,
uint8_t prehashed,
uint8_t for_prehash,
const uint8_t *context,
......@@ -73,7 +73,7 @@ static void hash_init_with_dom(
}
void goldilocks_ed448_prehash_init (
hash_ctx_t hash
hash_ctx_p hash
) {
hash_init(hash);
}
......@@ -95,7 +95,7 @@ void goldilocks_ed448_convert_private_key_to_x448 (
/* Specially for libotrv4 */
void goldilocks_ed448_derive_secret_scalar (
API_NS(scalar_t) secret,
API_NS(scalar_p) secret,
const uint8_t privkey[GOLDILOCKS_EDDSA_448_PRIVATE_BYTES]
) {
/* only this much used for keygen */
......@@ -128,10 +128,10 @@ void goldilocks_ed448_derive_public_key (
uint8_t pubkey[GOLDILOCKS_EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey[GOLDILOCKS_EDDSA_448_PRIVATE_BYTES]
) {
API_NS(scalar_t) secret_scalar;
API_NS(scalar_p) secret_scalar;
goldilocks_ed448_derive_secret_scalar(secret_scalar, privkey);
API_NS(point_t) p;
API_NS(point_p) p;
API_NS(precomputed_scalarmul)(p,API_NS(precomputed_base),secret_scalar);
API_NS(point_mul_by_ratio_and_encode_like_eddsa)(pubkey, p);
......@@ -151,8 +151,8 @@ void goldilocks_ed448_sign (
const uint8_t *context,
uint8_t context_len
) {
API_NS(scalar_t) secret_scalar;
hash_ctx_t hash;
API_NS(scalar_p) secret_scalar;
hash_ctx_p hash;
{
/* Schedule the secret key */
struct {
......@@ -176,7 +176,7 @@ void goldilocks_ed448_sign (
}
/* Decode the nonce */
API_NS(scalar_t) nonce_scalar;
API_NS(scalar_p) nonce_scalar;
{
uint8_t nonce[2*GOLDILOCKS_EDDSA_448_PRIVATE_BYTES];
hash_final(hash,nonce,sizeof(nonce));
......@@ -187,20 +187,20 @@ void goldilocks_ed448_sign (
uint8_t nonce_point[GOLDILOCKS_EDDSA_448_PUBLIC_BYTES] = {0};
{
/* Scalarmul to create the nonce-point */
API_NS(scalar_t) nonce_scalar_2;
API_NS(scalar_p) nonce_scalar_2;
API_NS(scalar_halve)(nonce_scalar_2,nonce_scalar);
for (unsigned int c = 2; c < GOLDILOCKS_448_EDDSA_ENCODE_RATIO; c <<= 1) {
API_NS(scalar_halve)(nonce_scalar_2,nonce_scalar_2);
}
API_NS(point_t) p;
API_NS(point_p) p;
API_NS(precomputed_scalarmul)(p,API_NS(precomputed_base),nonce_scalar_2);
API_NS(point_mul_by_ratio_and_encode_like_eddsa)(nonce_point, p);
API_NS(point_destroy)(p);
API_NS(scalar_destroy)(nonce_scalar_2);
}
API_NS(scalar_t) challenge_scalar;
API_NS(scalar_p) challenge_scalar;
{
/* Compute the challenge */
hash_init_with_dom(hash,prehashed,0,context,context_len);
......@@ -231,13 +231,13 @@ void goldilocks_ed448_sign_prehash (
uint8_t signature[GOLDILOCKS_EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[GOLDILOCKS_EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[GOLDILOCKS_EDDSA_448_PUBLIC_BYTES],
const goldilocks_ed448_prehash_ctx_t hash,
const goldilocks_ed448_prehash_ctx_p hash,
const uint8_t *context,
uint8_t context_len
) {
uint8_t hash_output[EDDSA_PREHASH_BYTES];
{
goldilocks_ed448_prehash_ctx_t hash_too;
goldilocks_ed448_prehash_ctx_p hash_too;
memcpy(hash_too,hash,sizeof(hash_too));
hash_final(hash_too,hash_output,sizeof(hash_output));
hash_destroy(hash_too);
......@@ -256,17 +256,17 @@ goldilocks_error_t goldilocks_ed448_verify (
const uint8_t *context,
uint8_t context_len
) {
API_NS(point_t) pk_point, r_point;
API_NS(point_p) pk_point, r_point;
goldilocks_error_t error = API_NS(point_decode_like_eddsa_and_mul_by_ratio)(pk_point,pubkey);
if (GOLDILOCKS_SUCCESS != error) { return error; }
error = API_NS(point_decode_like_eddsa_and_mul_by_ratio)(r_point,signature);
if (GOLDILOCKS_SUCCESS != error) { return error; }
API_NS(scalar_t) challenge_scalar;
API_NS(scalar_p) challenge_scalar;
{
/* Compute the challenge */
hash_ctx_t hash;
hash_ctx_p hash;
hash_init_with_dom(hash,prehashed,0,context,context_len);
hash_update(hash,signature,GOLDILOCKS_EDDSA_448_PUBLIC_BYTES);
hash_update(hash,pubkey,GOLDILOCKS_EDDSA_448_PUBLIC_BYTES);
......@@ -279,7 +279,7 @@ goldilocks_error_t goldilocks_ed448_verify (
}
API_NS(scalar_sub)(challenge_scalar, API_NS(scalar_zero), challenge_scalar);
API_NS(scalar_t) response_scalar;
API_NS(scalar_p) response_scalar;
API_NS(scalar_decode_long)(
response_scalar,
&signature[GOLDILOCKS_EDDSA_448_PUBLIC_BYTES],
......@@ -305,7 +305,7 @@ goldilocks_error_t goldilocks_ed448_verify (
goldilocks_error_t goldilocks_ed448_verify_prehash (
const uint8_t signature[GOLDILOCKS_EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[GOLDILOCKS_EDDSA_448_PUBLIC_BYTES],
const goldilocks_ed448_prehash_ctx_t hash,
const goldilocks_ed448_prehash_ctx_p hash,
const uint8_t *context,
uint8_t context_len
) {
......@@ -313,7 +313,7 @@ goldilocks_error_t goldilocks_ed448_verify_prehash (
uint8_t hash_output[EDDSA_PREHASH_BYTES];
{
goldilocks_ed448_prehash_ctx_t hash_too;
goldilocks_ed448_prehash_ctx_p hash_too;
memcpy(hash_too,hash,sizeof(hash_too));
hash_final(hash_too,hash_output,sizeof(hash_output));
hash_destroy(hash_too);
......
......@@ -15,7 +15,7 @@
#include "api.h"
/* Template stuff */
#define point_t API_NS(point_t)
#define point_p API_NS(point_p)
static const int EDWARDS_D = -39081;
/* End of template stuff */
......@@ -23,14 +23,14 @@ extern mask_t API_NS(deisogenize) (
gf_s *__restrict__ s,
gf_s *__restrict__ inv_el_sum,
gf_s *__restrict__ inv_el_m1,
const point_t p,
const point_p p,
mask_t toggle_hibit_s,
mask_t toggle_altx,
mask_t toggle_rotation
);
void API_NS(point_from_hash_nonuniform) (
point_t p,
point_p p,
const unsigned char ser[SER_BYTES]
) {
gf r0,r,a,b,c,N,e;
......@@ -83,10 +83,10 @@ void API_NS(point_from_hash_nonuniform) (
}
void API_NS(point_from_hash_uniform) (
point_t pt,
point_p pt,
const unsigned char hashed_data[2*SER_BYTES]
) {
point_t pt2;
point_p pt2;
API_NS(point_from_hash_nonuniform)(pt,hashed_data);
API_NS(point_from_hash_nonuniform)(pt2,&hashed_data[SER_BYTES]);
API_NS(point_add)(pt,pt,pt2);
......@@ -103,7 +103,7 @@ void API_NS(point_from_hash_uniform) (
goldilocks_error_t
API_NS(invert_elligator_nonuniform) (
unsigned char recovered_hash[SER_BYTES],
const point_t p,
const point_p p,
uint32_t hint_
) {
mask_t hint = hint_;
......@@ -145,10 +145,10 @@ API_NS(invert_elligator_nonuniform) (
goldilocks_error_t
API_NS(invert_elligator_uniform) (
unsigned char partial_hash[2*SER_BYTES],
const point_t p,
const point_p p,
uint32_t hint
) {
point_t pt2;
point_p pt2;
API_NS(point_from_hash_nonuniform)(pt2,&partial_hash[SER_BYTES]);
API_NS(point_sub)(pt2,p,pt2);
return API_NS(invert_elligator_nonuniform)(partial_hash,pt2,hint);
......
......@@ -25,14 +25,14 @@
#define SER_BYTES 56
typedef struct gf_448_s {
word_t limb[NLIMBS];
} __attribute__((aligned(32))) gf_448_s, gf_448_t[1];
} __attribute__((aligned(32))) gf_448_s, gf_448_p[1];
#define GF_LIT_LIMB_BITS 56
#define GF_BITS 448
#define ZERO gf_448_ZERO
#define ONE gf_448_ONE
#define MODULUS gf_448_MODULUS
#define gf gf_448_t
#define gf gf_448_p
#define gf_s gf_448_s
#define gf_eq gf_448_eq
#define gf_hibit gf_448_hibit
......
......@@ -18,7 +18,7 @@
#include "api.h"
/* Template stuff */
#define point_t API_NS(point_t)
#define point_p API_NS(point_p)
#define precomputed_s API_NS(precomputed_s)
/* Comb config: number of combs, n, t, s. */
......@@ -30,7 +30,7 @@
#define GOLDILOCKS_WNAF_VAR_TABLE_BITS 3
static const int EDWARDS_D = -39081;
static const scalar_t point_scalarmul_adjustment = {{{
static const scalar_p point_scalarmul_adjustment = {{{
SC_LIMB(0xc873d6d54a7bb0cf), SC_LIMB(0xe933d8d723a70aad), SC_LIMB(0xbb124b65129c96fd), SC_LIMB(0x00000008335dc163)
}}}, precomputed_scalarmul_adjustment = {{{
SC_LIMB(0xc873d6d54a7bb0cf), SC_LIMB(0xe933d8d723a70aad), SC_LIMB(0xbb124b65129c96fd), SC_LIMB(0x00000008335dc163)
......@@ -49,14 +49,14 @@ const gf GOLDILOCKS_448_FACTOR = {FIELD_LITERAL(
/* End of template stuff */
extern const point_t API_NS(point_base);
extern const point_p API_NS(point_base);
/* Projective Niels coordinates */
typedef struct { gf a, b, c; } niels_s, niels_t[1];
typedef struct { niels_t n; gf z; } VECTOR_ALIGNED pniels_s, pniels_t[1];
typedef struct { gf a, b, c; } niels_s, niels_p[1];
typedef struct { niels_p n; gf z; } VECTOR_ALIGNED pniels_s, pniels_p[1];
/* Precomputed base */
struct precomputed_s { niels_t table [COMBS_N<<(COMBS_T-1)]; };
struct precomputed_s { niels_p table [COMBS_N<<(COMBS_T-1)]; };
extern const gf API_NS(precomputed_base_as_fe)[];
const precomputed_s *API_NS(precomputed_base) =
......@@ -79,14 +79,14 @@ gf_invert(gf y, const gf x, int assert_nonzero) {
}
/** identity = (0,1) */
const point_t API_NS(point_identity) = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}};
const point_p API_NS(point_identity) = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}};
/* Predeclare because not static: called by elligator */
void API_NS(deisogenize) (
gf_s *__restrict__ s,
gf_s *__restrict__ inv_el_sum,
gf_s *__restrict__ inv_el_m1,
const point_t p,
const point_p p,
mask_t toggle_s,
mask_t toggle_altx,
mask_t toggle_rotation
......@@ -98,7 +98,7 @@ void API_NS(deisogenize) (
gf_s *__restrict__ s,
gf_s *__restrict__ inv_el_sum,
gf_s *__restrict__ inv_el_m1,
const point_t p,
const point_p p,
mask_t toggle_s,
mask_t toggle_altx,
mask_t toggle_rotation
......@@ -130,14 +130,14 @@ void API_NS(deisogenize) (
gf_add(inv_el_m1,inv_el_m1,p->t);
}
void API_NS(point_encode)( unsigned char ser[SER_BYTES], const point_t p ) {
void API_NS(point_encode)( unsigned char ser[SER_BYTES], const point_p p ) {
gf s,ie1,ie2;
API_NS(deisogenize)(s,ie1,ie2,p,0,0,0);
gf_serialize(ser,s,1);
}
goldilocks_error_t API_NS(point_decode) (
point_t p,
point_p p,
const unsigned char ser[SER_BYTES],
goldilocks_bool_t allow_identity
) {
......@@ -173,9 +173,9 @@ goldilocks_error_t API_NS(point_decode) (
}
void API_NS(point_sub) (
point_t p,
const point_t q,
const point_t r
point_p p,
const point_p q,
const point_p r
) {
gf a, b, c, d;
gf_sub_nr ( b, q->y, q->x ); /* 3+e */
......@@ -200,9 +200,9 @@ void API_NS(point_sub) (
}
void API_NS(point_add) (
point_t p,
const point_t q,
const point_t r
point_p p,
const point_p q,
const point_p r
) {
gf a, b, c, d;
gf_sub_nr ( b, q->y, q->x ); /* 3+e */
......@@ -228,8 +228,8 @@ void API_NS(point_add) (
static GOLDILOCKS_NOINLINE void
point_double_internal (
point_t p,
const point_t q,
point_p p,
const point_p q,
int before_double
) {
gf a, b, c, d;
......@@ -250,13 +250,13 @@ point_double_internal (
if (!before_double) gf_mul ( p->t, b, d );
}
void API_NS(point_double)(point_t p, const point_t q) {
void API_NS(point_double)(point_p p, const point_p q) {
point_double_internal(p,q,0);
}
void API_NS(point_negate) (
point_t nega,
const point_t a
point_p nega,
const point_p a
) {
gf_sub(nega->x, ZERO, a->x);
gf_copy(nega->y, a->y);
......@@ -267,7 +267,7 @@ void API_NS(point_negate) (
/* Operations on [p]niels */
static GOLDILOCKS_INLINE void
cond_neg_niels (
niels_t n,
niels_p n,
mask_t neg
) {
gf_cond_swap(n->a, n->b, neg);
......@@ -275,8 +275,8 @@ cond_neg_niels (
}
static GOLDILOCKS_NOINLINE void pt_to_pniels (
pniels_t b,
const point_t a
pniels_p b,
const point_p a
) {
gf_sub ( b->n->a, a->y, a->x );
gf_add ( b->n->b, a->x, a->y );
......@@ -285,8 +285,8 @@ static GOLDILOCKS_NOINLINE void pt_to_pniels (
}
static GOLDILOCKS_NOINLINE void pniels_to_pt (
point_t e,
const pniels_t d
point_p e,
const pniels_p d
) {
gf eu;
gf_add ( eu, d->n->b, d->n->a );
......@@ -299,8 +299,8 @@ static GOLDILOCKS_NOINLINE void pniels_to_pt (
static GOLDILOCKS_NOINLINE void
niels_to_pt (
point_t e,
const niels_t n
point_p e,
const niels_p n
) {
gf_add ( e->y, n->b, n->a );
gf_sub ( e->x, n->b, n->a );
......@@ -310,8 +310,8 @@ niels_to_pt (
static GOLDILOCKS_NOINLINE void
add_niels_to_pt (
point_t d,
const niels_t e,
point_p d,
const niels_p e,
int before_double
) {
gf a, b, c;
......@@ -332,8 +332,8 @@ add_niels_to_pt (
static GOLDILOCKS_NOINLINE void
sub_niels_from_pt (
point_t d,
const niels_t e,
point_p d,
const niels_p e,
int before_double
) {
gf a, b, c;
......@@ -354,8 +354,8 @@ sub_niels_from_pt (
static void
add_pniels_to_pt (
point_t p,
const pniels_t pn,
point_p p,
const pniels_p pn,
int before_double
) {
gf L0;
......@@ -366,8 +366,8 @@ add_pniels_to_pt (
static void
sub_pniels_from_pt (
point_t p,
const pniels_t pn,
point_p p,
const pniels_p pn,
int before_double
) {
gf L0;
......@@ -378,12 +378,12 @@ sub_pniels_from_pt (
static GOLDILOCKS_NOINLINE void
prepare_fixed_window(
pniels_t *multiples,
const point_t b,
pniels_p *multiples,
const point_p b,
int ntable
) {
point_t tmp;
pniels_t pn;
point_p tmp;
pniels_p pn;
int i;
point_double_internal(tmp, b, 0);
......@@ -400,22 +400,22 @@ prepare_fixed_window(
}
void API_NS(point_scalarmul) (
point_t a,
const point_t b,
const scalar_t scalar
point_p a,
const point_p b,
const scalar_p scalar
) {
const int WINDOW = GOLDILOCKS_WINDOW_BITS,
WINDOW_MASK = (1<<WINDOW)-1,
WINDOW_T_MASK = WINDOW_MASK >> 1,
NTABLE = 1<<(WINDOW-1);
scalar_t scalar1x;
scalar_p scalar1x;
API_NS(scalar_add)(scalar1x, scalar, point_scalarmul_adjustment);
API_NS(scalar_halve)(scalar1x,scalar1x);
/* Set up a precomputed table with odd multiples of b. */
pniels_t pn, multiples[NTABLE];
point_t tmp;
pniels_p pn, multiples[NTABLE];
point_p tmp;
prepare_fixed_window(multiples, b, NTABLE);
/* Initialize. */
......@@ -460,26 +460,26 @@ void API_NS(point_scalarmul) (
}
void API_NS(point_double_scalarmul) (
point_t a,
const point_t b,
const scalar_t scalarb,
const point_t c,
const scalar_t scalarc
point_p a,
const point_p b,
const scalar_p scalarb,
const point_p c,
const scalar_p scalarc
) {
const int WINDOW = GOLDILOCKS_WINDOW_BITS,
WINDOW_MASK = (1<<WINDOW)-1,
WINDOW_T_MASK = WINDOW_MASK >> 1,
NTABLE = 1<<(WINDOW-1);
scalar_t scalar1x, scalar2x;
scalar_p scalar1x, scalar2x;
API_NS(scalar_add)(scalar1x, scalarb, point_scalarmul_adjustment);
API_NS(scalar_halve)(scalar1x,scalar1x);
API_NS(scalar_add)(scalar2x, scalarc, point_scalarmul_adjustment);
API_NS(scalar_halve)(scalar2x,scalar2x);
/* Set up a precomputed table with odd multiples of b. */
pniels_t pn, multiples1[NTABLE], multiples2[NTABLE];
point_t tmp;
pniels_p pn, multiples1[NTABLE], multiples2[NTABLE];
point_p tmp;
prepare_fixed_window(multiples1, b, NTABLE);
prepare_fixed_window(multiples2, c, NTABLE);
......@@ -535,26 +535,26 @@ void API_NS(point_double_scalarmul) (
}
void API_NS(point_dual_scalarmul) (
point_t a1,
point_t a2,
const point_t b,
const scalar_t scalar1,
const scalar_t scalar2
point_p a1,
point_p a2,
const point_p b,
const scalar_p scalar1,
const scalar_p scalar2
) {
const int WINDOW = GOLDILOCKS_WINDOW_BITS,
WINDOW_MASK = (1<<WINDOW)-1,
WINDOW_T_MASK = WINDOW_MASK >> 1,
NTABLE = 1<<(WINDOW-1);
scalar_t scalar1x, scalar2x;
scalar_p scalar1x, scalar2x;
API_NS(scalar_add)(scalar1x, scalar1, point_scalarmul_adjustment);
API_NS(scalar_halve)(scalar1x,scalar1x);
API_NS(scalar_add)(scalar2x, scalar2, point_scalarmul_adjustment);
API_NS(scalar_halve)(scalar2x,scalar2x);
/* Set up a precomputed table with odd multiples of b. */
point_t multiples1[NTABLE], multiples2[NTABLE], working, tmp;
pniels_t pn;
point_p multiples1[NTABLE], multiples2[NTABLE], working, tmp;
pniels_p pn;
API_NS(point_copy)(working, b);
......@@ -634,7 +634,7 @@ void API_NS(point_dual_scalarmul) (
goldilocks_bzero(working,sizeof(working));
}
goldilocks_bool_t API_NS(point_eq) ( const point_t p, const point_t q ) {
goldilocks_bool_t API_NS(point_eq) ( const point_p p, const point_p q ) {
/* equality mod 2-torsion compares x/y */
gf a, b;
gf_mul ( a, p->y, q->x );
......@@ -645,7 +645,7 @@ goldilocks_bool_t API_NS(point_eq) ( const point_t p, const point_t q ) {
}
goldilocks_bool_t API_NS(point_valid) (
const point_t p
const point_p p
) {
gf a,b,c;
gf_mul(a,p->x,p->y);
......@@ -664,8 +664,8 @@ goldilocks_bool_t API_NS(point_valid) (
}
void API_NS(point_debugging_torque) (
point_t q,
const point_t p
point_p q,
const point_p p
) {
gf_sub(q->x,ZERO,p->x);
gf_sub(q->y,ZERO,p->y);
......@@ -674,8 +674,8 @@ void API_NS(point_debugging_torque) (
}
void API_NS(point_debugging_pscale) (
point_t q,
const point_t p,
point_p q,
const point_p p,
const uint8_t factor[SER_BYTES]
) {
gf gfac,tmp;
......@@ -717,7 +717,7 @@ static void gf_batch_invert (
}
static void batch_normalize_niels (
niels_t *table,
niels_p *table,
const gf *zs,
gf *__restrict__ zis,
int n
......@@ -745,14 +745,14 @@ static void batch_normalize_niels (
void API_NS(precompute) (
precomputed_s *table,
const point_t base
const point_p base
) {
const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S;
assert(n*t*s >= SCALAR_BITS);
point_t working, start, doubles[t-1];
point_p working, start, doubles[t-1];
API_NS(point_copy)(working, base);
pniels_t pn_tmp;
pniels_p pn_tmp;
gf zs[n<<(t-1)], zis[n<<(t-1)];
......@@ -811,7 +811,7 @@ void API_NS(precompute) (
static GOLDILOCKS_INLINE void
constant_time_lookup_niels (
niels_s *__restrict__ ni,
const niels_t *table,
const niels_p *table,
int nelts,