Unverified Commit 64926931 authored by Sofia Celi's avatar Sofia Celi

Change decaf to goldilocks types

parent ae68d25d
......@@ -70,7 +70,7 @@ ed448_sig_t = c_uint8 * DECAF_EDDSA_448_SIGNATURE_BYTES
c_uint8_p = POINTER(c_uint8)
decaf_error_t = c_int
goldilocks_error_t = c_int
# Data
try:
......@@ -81,7 +81,7 @@ except ValueError:
funs = {
'decaf_ed448_derive_public_key': (None, [ ed448_pubkey_t, ed448_privkey_t]),
'decaf_ed448_sign': (None, [ ed448_sig_t, ed448_privkey_t, ed448_pubkey_t, c_uint8_p, c_size_t, c_uint8, c_uint8_p, c_uint8 ]),
'decaf_ed448_verify': (decaf_error_t, [ ed448_sig_t, ed448_pubkey_t, c_uint8_p, c_size_t, c_uint8, c_uint8_p, c_uint8 ]),
'decaf_ed448_verify': (goldilocks_error_t, [ ed448_sig_t, ed448_pubkey_t, c_uint8_p, c_size_t, c_uint8, c_uint8_p, c_uint8 ]),
}
for i in funs:
......
......@@ -161,7 +161,7 @@ void API_NS(point_encode)( unsigned char ser[SER_BYTES], const point_t p ) {
gf_serialize(ser,s,1);
}
decaf_error_t API_NS(point_decode) (
goldilocks_error_t API_NS(point_decode) (
point_t p,
const unsigned char ser[SER_BYTES],
decaf_bool_t allow_identity
......@@ -926,7 +926,7 @@ void API_NS(point_cond_sel) (
constant_time_select(out,a,b,sizeof(point_t),bool_to_mask(pick_b),0);
}
decaf_error_t API_NS(direct_scalarmul) (
goldilocks_error_t API_NS(direct_scalarmul) (
uint8_t scaled[SER_BYTES],
const uint8_t base[SER_BYTES],
const scalar_t scalar,
......@@ -934,8 +934,8 @@ decaf_error_t API_NS(direct_scalarmul) (
decaf_bool_t short_circuit
) {
point_t basep;
decaf_error_t succ = API_NS(point_decode)(basep, base, allow_identity);
if (short_circuit && succ != DECAF_SUCCESS) return succ;
goldilocks_error_t succ = API_NS(point_decode)(basep, base, allow_identity);
if (short_circuit && succ != GOLDILOCKS_SUCCESS) return succ;
API_NS(point_cond_sel)(basep, API_NS(point_base), basep, succ);
API_NS(point_scalarmul)(basep, basep, scalar);
API_NS(point_encode)(scaled, basep);
......@@ -987,7 +987,7 @@ void API_NS(point_mul_by_ratio_and_encode_like_eddsa) (
}
decaf_error_t API_NS(point_decode_like_eddsa_and_mul_by_ratio) (
goldilocks_error_t API_NS(point_decode_like_eddsa_and_mul_by_ratio) (
point_t p,
const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]
) {
......@@ -1042,7 +1042,7 @@ decaf_error_t API_NS(point_decode_like_eddsa_and_mul_by_ratio) (
return decaf_succeed_if(mask_to_bool(succ));
}
decaf_error_t decaf_x448 (
goldilocks_error_t decaf_x448 (
uint8_t out[X_PUBLIC_BYTES],
const uint8_t base[X_PUBLIC_BYTES],
const uint8_t scalar[X_PRIVATE_BYTES]
......
......@@ -63,7 +63,7 @@ int main(int argc, char **argv) {
API_NS(point_t) real_point_base;
int ret = API_NS(point_decode)(real_point_base,base_point_ser_for_pregen,0);
if (ret != DECAF_SUCCESS) {
if (ret != GOLDILOCKS_SUCCESS) {
fprintf(stderr, "Can't decode base point!\n");
return 1;
}
......
......@@ -252,7 +252,7 @@ void decaf_ed448_sign_prehash (
decaf_bzero(hash_output,sizeof(hash_output));
}
decaf_error_t decaf_ed448_verify (
goldilocks_error_t decaf_ed448_verify (
const uint8_t signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
const uint8_t *message,
......@@ -262,11 +262,11 @@ decaf_error_t decaf_ed448_verify (
uint8_t context_len
) {
API_NS(point_t) pk_point, r_point;
decaf_error_t error = API_NS(point_decode_like_eddsa_and_mul_by_ratio)(pk_point,pubkey);
if (DECAF_SUCCESS != error) { return error; }
goldilocks_error_t error = API_NS(point_decode_like_eddsa_and_mul_by_ratio)(pk_point,pubkey);
if (GOLDILOCKS_SUCCESS != error) { return error; }
error = API_NS(point_decode_like_eddsa_and_mul_by_ratio)(r_point,signature);
if (DECAF_SUCCESS != error) { return error; }
if (GOLDILOCKS_SUCCESS != error) { return error; }
API_NS(scalar_t) challenge_scalar;
{
......@@ -307,14 +307,14 @@ decaf_error_t decaf_ed448_verify (
}
decaf_error_t decaf_ed448_verify_prehash (
goldilocks_error_t decaf_ed448_verify_prehash (
const uint8_t signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
const decaf_ed448_prehash_ctx_t hash,
const uint8_t *context,
uint8_t context_len
) {
decaf_error_t ret;
goldilocks_error_t ret;
uint8_t hash_output[EDDSA_PREHASH_BYTES];
{
......
......@@ -107,7 +107,7 @@ void API_NS(point_from_hash_uniform) (
*/
#define MAX(A,B) (((A)>(B)) ? (A) : (B))
decaf_error_t
goldilocks_error_t
API_NS(invert_elligator_nonuniform) (
unsigned char recovered_hash[SER_BYTES],
const point_t p,
......@@ -153,7 +153,7 @@ API_NS(invert_elligator_nonuniform) (
return decaf_succeed_if(mask_to_bool(succ));
}
decaf_error_t
goldilocks_error_t
API_NS(invert_elligator_uniform) (
unsigned char partial_hash[2*SER_BYTES],
const point_t p,
......
......@@ -113,7 +113,7 @@ static DECAF_INLINE void sc_montsqr (scalar_t out, const scalar_t a) {
sc_montmul(out,a,a);
}
decaf_error_t API_NS(scalar_invert) (
goldilocks_error_t API_NS(scalar_invert) (
scalar_t out,
const scalar_t a
) {
......@@ -239,7 +239,7 @@ static DECAF_INLINE void scalar_decode_short (
}
}
decaf_error_t API_NS(scalar_decode)(
goldilocks_error_t API_NS(scalar_decode)(
scalar_t s,
const unsigned char ser[SCALAR_SER_BYTES]
) {
......
......@@ -79,21 +79,21 @@ static const decaf_bool_t GOLDILOCKS_FALSE = 0;
/** Another boolean type used to indicate success or failure. */
typedef enum {
DECAF_SUCCESS = -1, /**< The operation succeeded. */
DECAF_FAILURE = 0 /**< The operation failed. */
} decaf_error_t;
GOLDILOCKS_SUCCESS = -1, /**< The operation succeeded. */
GOLDILOCKS_FAILURE = 0 /**< The operation failed. */
} goldilocks_error_t;
/** Return success if x is true */
static DECAF_INLINE decaf_error_t
static DECAF_INLINE goldilocks_error_t
decaf_succeed_if(decaf_bool_t x) {
return (decaf_error_t)x;
return (goldilocks_error_t)x;
}
/** Return GOLDILOCKS_TRUE iff x == DECAF_SUCCESS */
/** Return GOLDILOCKS_TRUE iff x == GOLDILOCKS_SUCCESS */
static DECAF_INLINE decaf_bool_t
decaf_successful(decaf_error_t e) {
decaf_dword_t w = ((decaf_word_t)e) ^ ((decaf_word_t)DECAF_SUCCESS);
decaf_successful(goldilocks_error_t e) {
decaf_dword_t w = ((decaf_word_t)e) ^ ((decaf_word_t)GOLDILOCKS_SUCCESS);
return (w-1)>>DECAF_WORD_BITS;
}
......
......@@ -156,7 +156,7 @@ void decaf_ed448_prehash_init (
* safe. The C++ wrapper is designed to make it harder to screw this up, but this C code gives
* you no seat belt.
*/
decaf_error_t decaf_ed448_verify (
goldilocks_error_t decaf_ed448_verify (
const uint8_t signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
const uint8_t *message,
......@@ -182,7 +182,7 @@ decaf_error_t decaf_ed448_verify (
* safe. The C++ wrapper is designed to make it harder to screw this up, but this C code gives
* you no seat belt.
*/
decaf_error_t decaf_ed448_verify_prehash (
goldilocks_error_t decaf_ed448_verify_prehash (
const uint8_t signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
const decaf_ed448_prehash_ctx_t hash,
......@@ -228,7 +228,7 @@ void goldilocks_448_point_mul_by_ratio_and_encode_like_eddsa (
* @param [out] enc The encoded point.
* @param [in] p The point.
*/
decaf_error_t goldilocks_448_point_decode_like_eddsa_and_mul_by_ratio (
goldilocks_error_t goldilocks_448_point_decode_like_eddsa_and_mul_by_ratio (
goldilocks_448_point_t p,
const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
......
......@@ -262,14 +262,14 @@ public:
/** Verification (i.e. public) EdDSA key, PureEdDSA version. */
template<class CRTP> class Verification<CRTP,PURE> {
public:
/** Verify a signature, returning DECAF_FAILURE if verification fails */
inline decaf_error_t DECAF_WARN_UNUSED verify_noexcept (
/** Verify a signature, returning GOLDILOCKS_FAILURE if verification fails */
inline goldilocks_error_t DECAF_WARN_UNUSED verify_noexcept (
const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,
const Block &message,
const Block &context = NO_CONTEXT()
) const /*DECAF_NOEXCEPT*/ {
if (context.size() > 255) {
return DECAF_FAILURE;
return GOLDILOCKS_FAILURE;
}
return decaf_ed448_verify (
......@@ -298,7 +298,7 @@ public:
throw LengthException();
}
if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) {
if (GOLDILOCKS_SUCCESS != verify_noexcept( sig, message, context )) {
throw CryptoException();
}
}
......@@ -308,7 +308,7 @@ public:
template<class CRTP> class Verification<CRTP,PREHASHED> {
public:
/** Verify that a signature is valid for a given prehashed message, given the context. */
inline decaf_error_t DECAF_WARN_UNUSED verify_prehashed_noexcept (
inline goldilocks_error_t DECAF_WARN_UNUSED verify_prehashed_noexcept (
const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,
const Prehash &ph
) const /*DECAF_NOEXCEPT*/ {
......@@ -326,7 +326,7 @@ public:
const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,
const Prehash &ph
) const /*throw(CryptoException)*/ {
if (DECAF_SUCCESS != decaf_ed448_verify_prehash (
if (GOLDILOCKS_SUCCESS != decaf_ed448_verify_prehash (
sig.data(),
((const CRTP*)this)->pub_.data(),
(const decaf_ed448_prehash_ctx_s*)ph.wrapped,
......
......@@ -108,11 +108,11 @@ extern const struct goldilocks_448_precomputed_s *goldilocks_448_precomputed_bas
* @param [in] ser Serialized form of a scalar.
* @param [out] out Deserialized form.
*
* @retval DECAF_SUCCESS The scalar was correctly encoded.
* @retval DECAF_FAILURE The scalar was greater than the modulus,
* @retval GOLDILOCKS_SUCCESS The scalar was correctly encoded.
* @retval GOLDILOCKS_FAILURE The scalar was greater than the modulus,
* and has been reduced modulo that modulus.
*/
decaf_error_t goldilocks_448_scalar_decode (
goldilocks_error_t goldilocks_448_scalar_decode (
goldilocks_448_scalar_t out,
const unsigned char ser[GOLDILOCKS_448_SCALAR_BYTES]
) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
......@@ -204,9 +204,9 @@ void goldilocks_448_scalar_halve (
* @brief Invert a scalar. When passed zero, return 0. The input and output may alias.
* @param [in] a A scalar.
* @param [out] out 1/a.
* @return DECAF_SUCCESS The input is nonzero.
* @return GOLDILOCKS_SUCCESS The input is nonzero.
*/
decaf_error_t goldilocks_448_scalar_invert (
goldilocks_error_t goldilocks_448_scalar_invert (
goldilocks_448_scalar_t out,
const goldilocks_448_scalar_t a
) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
......@@ -255,11 +255,11 @@ void goldilocks_448_point_encode (
* @param [out] pt The decoded point.
* @param [in] ser The serialized version of the point.
* @param [in] allow_identity GOLDILOCKS_TRUE if the identity is a legal input.
* @retval DECAF_SUCCESS The decoding succeeded.
* @retval DECAF_FAILURE The decoding didn't succeed, because
* @retval GOLDILOCKS_SUCCESS The decoding succeeded.
* @retval GOLDILOCKS_FAILURE The decoding didn't succeed, because
* ser does not represent a point.
*/
decaf_error_t goldilocks_448_point_decode (
goldilocks_error_t goldilocks_448_point_decode (
goldilocks_448_point_t pt,
const uint8_t ser[GOLDILOCKS_448_SER_BYTES],
decaf_bool_t allow_identity
......@@ -373,11 +373,11 @@ void goldilocks_448_point_scalarmul (
* @param [in] allow_identity Allow the input to be the identity.
* @param [in] short_circuit Allow a fast return if the input is illegal.
*
* @retval DECAF_SUCCESS The scalarmul succeeded.
* @retval DECAF_FAILURE The scalarmul didn't succeed, because
* @retval GOLDILOCKS_SUCCESS The scalarmul succeeded.
* @retval GOLDILOCKS_FAILURE The scalarmul didn't succeed, because
* base does not represent a point.
*/
decaf_error_t goldilocks_448_direct_scalarmul (
goldilocks_error_t goldilocks_448_direct_scalarmul (
uint8_t scaled[GOLDILOCKS_448_SER_BYTES],
const uint8_t base[GOLDILOCKS_448_SER_BYTES],
const goldilocks_448_scalar_t scalar,
......@@ -393,11 +393,11 @@ decaf_error_t goldilocks_448_direct_scalarmul (
* @param [in] base The other party's public key, used as the base of the scalarmul.
* @param [in] scalar The private scalar to multiply by.
*
* @retval DECAF_SUCCESS The scalarmul succeeded.
* @retval DECAF_FAILURE The scalarmul didn't succeed, because the base
* @retval GOLDILOCKS_SUCCESS The scalarmul succeeded.
* @retval GOLDILOCKS_FAILURE The scalarmul didn't succeed, because the base
* point is in a small subgroup.
*/
decaf_error_t decaf_x448 (
goldilocks_error_t decaf_x448 (
uint8_t shared[DECAF_X448_PUBLIC_BYTES],
const uint8_t base[DECAF_X448_PUBLIC_BYTES],
const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]
......@@ -708,10 +708,10 @@ void goldilocks_448_point_from_hash_uniform (
* @param [in] which A value determining which inverse point
* to return.
*
* @retval DECAF_SUCCESS The inverse succeeded.
* @retval DECAF_FAILURE The inverse failed.
* @retval GOLDILOCKS_SUCCESS The inverse succeeded.
* @retval GOLDILOCKS_FAILURE The inverse failed.
*/
decaf_error_t
goldilocks_error_t
goldilocks_448_invert_elligator_nonuniform (
unsigned char recovered_hash[GOLDILOCKS_448_HASH_BYTES],
const goldilocks_448_point_t pt,
......@@ -733,10 +733,10 @@ goldilocks_448_invert_elligator_nonuniform (
* @param [in] which A value determining which inverse point
* to return.
*
* @retval DECAF_SUCCESS The inverse succeeded.
* @retval DECAF_FAILURE The inverse failed.
* @retval GOLDILOCKS_SUCCESS The inverse succeeded.
* @retval GOLDILOCKS_FAILURE The inverse failed.
*/
decaf_error_t
goldilocks_error_t
goldilocks_448_invert_elligator_uniform (
unsigned char recovered_hash[2*GOLDILOCKS_448_HASH_BYTES],
const goldilocks_448_point_t pt,
......
......@@ -157,9 +157,9 @@ public:
/**
* Decode from correct-length little-endian byte sequence.
* @return DECAF_FAILURE if the scalar is greater than or equal to the group order q.
* @return GOLDILOCKS_FAILURE if the scalar is greater than or equal to the group order q.
*/
static inline decaf_error_t DECAF_WARN_UNUSED decode (
static inline goldilocks_error_t DECAF_WARN_UNUSED decode (
Scalar &sc, const FixedBlock<SER_BYTES> buffer
) DECAF_NOEXCEPT {
return goldilocks_448_scalar_decode(sc.s,buffer.data());
......@@ -191,15 +191,15 @@ public:
*/
inline Scalar inverse() const /*throw(CryptoException)*/ {
Scalar r;
if (DECAF_SUCCESS != goldilocks_448_scalar_invert(r.s,s)) {
if (GOLDILOCKS_SUCCESS != goldilocks_448_scalar_invert(r.s,s)) {
throw CryptoException();
}
return r;
}
/** Invert with Fermat's Little Theorem (slow!). If *this == 0, set r=0
* and return DECAF_FAILURE. */
inline decaf_error_t DECAF_WARN_UNUSED
* and return GOLDILOCKS_FAILURE. */
inline goldilocks_error_t DECAF_WARN_UNUSED
inverse_noexcept(Scalar &r) const DECAF_NOEXCEPT {
return goldilocks_448_scalar_invert(r.s,s);
}
......@@ -235,7 +235,7 @@ public:
) const /*throw(CryptoException)*/;
/** Direct scalar multiplication. */
inline decaf_error_t DECAF_WARN_UNUSED direct_scalarmul_noexcept(
inline goldilocks_error_t DECAF_WARN_UNUSED direct_scalarmul_noexcept(
FixedBuffer<SER_BYTES> &out,
const FixedBlock<SER_BYTES> &in,
decaf_bool_t allow_identity=GOLDILOCKS_FALSE,
......@@ -318,7 +318,7 @@ public:
*/
inline explicit Point(const FixedBlock<SER_BYTES> &buffer, bool allow_identity=true)
/*throw(CryptoException)*/ {
if (DECAF_SUCCESS != decode(buffer,allow_identity ? GOLDILOCKS_TRUE : GOLDILOCKS_FALSE)) {
if (GOLDILOCKS_SUCCESS != decode(buffer,allow_identity ? GOLDILOCKS_TRUE : GOLDILOCKS_FALSE)) {
throw CryptoException();
}
}
......@@ -327,11 +327,11 @@ public:
* Initialize from C++ fixed-length byte string.
* The all-zero string maps to the identity.
*
* @retval DECAF_SUCCESS the string was successfully decoded.
* @return DECAF_FAILURE the string was the wrong length, or wasn't the encoding of a point,
* @retval GOLDILOCKS_SUCCESS the string was successfully decoded.
* @return GOLDILOCKS_FAILURE the string was the wrong length, or wasn't the encoding of a point,
* or was the identity and allow_identity was GOLDILOCKS_FALSE. Contents of the buffer are undefined.
*/
inline decaf_error_t DECAF_WARN_UNUSED decode (
inline goldilocks_error_t DECAF_WARN_UNUSED decode (
const FixedBlock<SER_BYTES> &buffer, bool allow_identity=true
) DECAF_NOEXCEPT {
return goldilocks_448_point_decode(p,buffer.data(),allow_identity ? GOLDILOCKS_TRUE : GOLDILOCKS_FALSE);
......@@ -341,11 +341,11 @@ public:
* Initialize from C++ fixed-length byte string, like EdDSA.
* The all-zero string maps to the identity.
*
* @retval DECAF_SUCCESS the string was successfully decoded.
* @return DECAF_FAILURE the string was the wrong length, or wasn't the encoding of a point.
* @retval GOLDILOCKS_SUCCESS the string was successfully decoded.
* @return GOLDILOCKS_FAILURE the string was the wrong length, or wasn't the encoding of a point.
* Contents of the point are undefined.
*/
inline decaf_error_t DECAF_WARN_UNUSED decode_like_eddsa_and_mul_by_ratio_noexcept (
inline goldilocks_error_t DECAF_WARN_UNUSED decode_like_eddsa_and_mul_by_ratio_noexcept (
const FixedBlock<DECAF_EDDSA_448_PUBLIC_BYTES> &buffer
) DECAF_NOEXCEPT {
return goldilocks_448_point_decode_like_eddsa_and_mul_by_ratio(p,buffer.data());
......@@ -359,7 +359,7 @@ public:
inline void decode_like_eddsa_and_mul_by_ratio(
const FixedBlock<DECAF_EDDSA_448_PUBLIC_BYTES> &buffer
) /*throw(CryptoException)*/ {
if (DECAF_SUCCESS != decode_like_eddsa_and_mul_by_ratio_noexcept(buffer)) throw(CryptoException());
if (GOLDILOCKS_SUCCESS != decode_like_eddsa_and_mul_by_ratio_noexcept(buffer)) throw(CryptoException());
}
/** Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA. */
......@@ -531,10 +531,10 @@ public:
}
/**
* Modify buffer so that Point::from_hash(Buffer) == *this, and return DECAF_SUCCESS;
* or leave buf unmodified and return DECAF_FAILURE.
* Modify buffer so that Point::from_hash(Buffer) == *this, and return GOLDILOCKS_SUCCESS;
* or leave buf unmodified and return GOLDILOCKS_FAILURE.
*/
inline decaf_error_t invert_elligator (
inline goldilocks_error_t invert_elligator (
Buffer buf, uint32_t hint
) const DECAF_NOEXCEPT {
unsigned char buf2[2*HASH_BYTES];
......@@ -560,7 +560,7 @@ public:
inline SecureBuffer steg_encode(Rng &rng, size_t size=STEG_BYTES) const /*throw(std::bad_alloc, LengthException)*/ {
if (size <= HASH_BYTES + 4 || size > 2*HASH_BYTES) throw LengthException();
SecureBuffer out(STEG_BYTES);
decaf_error_t done;
goldilocks_error_t done;
do {
rng.read(Buffer(out).slice(HASH_BYTES-4,STEG_BYTES-HASH_BYTES+1));
uint32_t hint = 0;
......@@ -691,14 +691,14 @@ public:
const FixedBlock<PRIVATE_BYTES> &scalar
) /*throw(std::bad_alloc,CryptoException)*/ {
SecureBuffer out(PUBLIC_BYTES);
if (DECAF_SUCCESS != decaf_x448(out.data(), pk.data(), scalar.data())) {
if (GOLDILOCKS_SUCCESS != decaf_x448(out.data(), pk.data(), scalar.data())) {
throw CryptoException();
}
return out;
}
/** Calculate and write into out a shared secret with public key, noexcept version. */
static inline decaf_error_t DECAF_WARN_UNUSED
static inline goldilocks_error_t DECAF_WARN_UNUSED
shared_secret_noexcept (
FixedBuffer<PUBLIC_BYTES> &out,
const FixedBlock<PUBLIC_BYTES> &pk,
......@@ -765,7 +765,7 @@ inline SecureBuffer Ed448Goldilocks::Scalar::direct_scalarmul (
decaf_bool_t short_circuit
) const /*throw(CryptoException)*/ {
SecureBuffer out(Ed448Goldilocks::Point::SER_BYTES);
if (DECAF_SUCCESS !=
if (GOLDILOCKS_SUCCESS !=
goldilocks_448_direct_scalarmul(out.data(), in.data(), s, allow_identity, short_circuit)
) {
throw CryptoException();
......@@ -773,7 +773,7 @@ inline SecureBuffer Ed448Goldilocks::Scalar::direct_scalarmul (
return out;
}
inline decaf_error_t Ed448Goldilocks::Scalar::direct_scalarmul_noexcept (
inline goldilocks_error_t Ed448Goldilocks::Scalar::direct_scalarmul_noexcept (
FixedBuffer<Ed448Goldilocks::Point::SER_BYTES> &out,
const FixedBlock<Ed448Goldilocks::Point::SER_BYTES> &in,
decaf_bool_t allow_identity,
......
......@@ -53,10 +53,10 @@ void decaf_sha3_init (
* @param [inout] sponge The context.
* @param [in] in The input data.
* @param [in] len The input data's length in bytes.
* @return DECAF_FAILURE if the sponge has already been used for output.
* @return DECAF_SUCCESS otherwise.
* @return GOLDILOCKS_FAILURE if the sponge has already been used for output.
* @return GOLDILOCKS_SUCCESS otherwise.
*/
decaf_error_t decaf_sha3_update (
goldilocks_error_t decaf_sha3_update (
struct decaf_keccak_sponge_s * __restrict__ sponge,
const uint8_t *in,
size_t len
......@@ -70,10 +70,10 @@ decaf_error_t decaf_sha3_update (
* @param [inout] sponge The context.
* @param [out] out The output data.
* @param [in] len The requested output data length in bytes.
* @return DECAF_FAILURE if the sponge has exhausted its output capacity.
* @return DECAF_SUCCESS otherwise.
*/
decaf_error_t decaf_sha3_output (
* @return GOLDILOCKS_FAILURE if the sponge has exhausted its output capacity.
* @return GOLDILOCKS_SUCCESS otherwise.
*/
goldilocks_error_t decaf_sha3_output (
decaf_keccak_sponge_t sponge,
uint8_t * __restrict__ out,
size_t len
......@@ -86,8 +86,8 @@ decaf_error_t decaf_sha3_output (
* @param [inout] sponge The context.
* @param [out] out The output data.
* @param [in] len The requested output data length in bytes.
*/
decaf_error_t decaf_sha3_final (
*/
goldilocks_error_t decaf_sha3_final (
decaf_keccak_sponge_t sponge,
uint8_t * __restrict__ out,
size_t len
......@@ -97,7 +97,7 @@ decaf_error_t decaf_sha3_final (
* @brief Reset the sponge to the empty string.
*
* @param [inout] sponge The context.
*/
*/
void decaf_sha3_reset (
decaf_keccak_sponge_t sponge
) DECAF_API_VIS;
......@@ -107,7 +107,7 @@ void decaf_sha3_reset (
* for the purpose of C++ default operators.
*
* Returns n/8 for DECAF_SHA3-n and 2n/8 for DECAF_SHAKE-n.
*/
*/
size_t decaf_sha3_default_output_bytes (
const decaf_keccak_sponge_t sponge /**< [inout] The context. */
) DECAF_API_VIS;
......@@ -117,7 +117,7 @@ size_t decaf_sha3_default_output_bytes (
* for the purpose of C++ default operators.
*
* Returns n/8 for DECAF_SHA3-n and SIZE_MAX for DECAF_SHAKE-n.
*/
*/
size_t decaf_sha3_max_output_bytes (
const decaf_keccak_sponge_t sponge /**< [inout] The context. */
) DECAF_API_VIS;
......@@ -125,7 +125,7 @@ size_t decaf_sha3_max_output_bytes (
/**
* @brief Destroy a DECAF_SHA3 or DECAF_SHAKE sponge context by overwriting it with 0.
* @param [out] sponge The context.
*/
*/
void decaf_sha3_destroy (
decaf_keccak_sponge_t sponge
) DECAF_API_VIS;
......@@ -137,8 +137,8 @@ void decaf_sha3_destroy (
* @param [out] out A buffer for the output data.
* @param [in] outlen The length of the output data.
* @param [in] params The parameters of the sponge hash.
*/
decaf_error_t decaf_sha3_hash (
*/
goldilocks_error_t decaf_sha3_hash (
uint8_t *out,
size_t outlen,
const uint8_t *in,
......@@ -158,7 +158,7 @@ decaf_error_t decaf_sha3_hash (
static inline void DECAF_NONNULL decaf_shake##n##_gen_init(decaf_keccak_sponge_t sponge) { \
decaf_sha3_init(sponge, &DECAF_SHAKE##n##_params_s); \
} \
static inline decaf_error_t DECAF_NONNULL decaf_shake##n##_update(decaf_shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
static inline goldilocks_error_t DECAF_NONNULL decaf_shake##n##_update(decaf_shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
return decaf_sha3_update(sponge->s, in, inlen); \
} \
static inline void DECAF_NONNULL decaf_shake##n##_final(decaf_shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
......@@ -184,18 +184,18 @@ decaf_error_t decaf_sha3_hash (
static inline void DECAF_NONNULL decaf_sha3_##n##_gen_init(decaf_keccak_sponge_t sponge) { \
decaf_sha3_init(sponge, &DECAF_SHA3_##n##_params_s); \
} \
static inline decaf_error_t DECAF_NONNULL decaf_sha3_##n##_update(decaf_sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
static inline goldilocks_error_t DECAF_NONNULL decaf_sha3_##n##_update(decaf_sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
return decaf_sha3_update(sponge->s, in, inlen); \
} \
static inline decaf_error_t DECAF_NONNULL decaf_sha3_##n##_final(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
decaf_error_t ret = decaf_sha3_output(sponge->s, out, outlen); \
static inline goldilocks_error_t DECAF_NONNULL decaf_sha3_##n##_final(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
goldilocks_error_t ret = decaf_sha3_output(sponge->s, out, outlen); \
decaf_sha3_init(sponge->s, &DECAF_SHA3_##n##_params_s); \
return ret; \
} \
static inline decaf_error_t DECAF_NONNULL decaf_sha3_##n##_output(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
static inline goldilocks_error_t DECAF_NONNULL decaf_sha3_##n##_output(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
return decaf_sha3_output(sponge->s, out, outlen); \
} \
static inline decaf_error_t DECAF_NONNULL decaf_sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
static inline goldilocks_error_t DECAF_NONNULL decaf_sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
return decaf_sha3_hash(out,outlen,in,inlen,&DECAF_SHA3_##n##_params_s); \
} \
static inline void DECAF_NONNULL decaf_sha3_##n##_destroy(decaf_sha3_##n##_ctx_t sponge) { \
......@@ -215,5 +215,5 @@ DECAF_DEC_SHA3(512)
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* __DECAF_SHAKE_H__ */
......@@ -36,39 +36,39 @@ protected:
/** @cond internal */
/** The C-wrapper sponge state */
decaf_keccak_sponge_t wrapped;
/** Initialize from parameters */
inline KeccakHash(const decaf_kparams_s *params) DECAF_NOEXCEPT { decaf_sha3_init(wrapped, params); }
/** @endcond */
public:
/** Add more data to running hash */
inline void update(const uint8_t *__restrict__ in, size_t len) DECAF_NOEXCEPT { decaf_sha3_update(wrapped,in,len); }
/** Add more data to running hash, C++ version. */
inline void update(const Block &s) DECAF_NOEXCEPT { decaf_sha3_update(wrapped,s.data(),s.size()); }