Unverified Commit d2f3dc4e authored by Sofia Celi's avatar Sofia Celi

Change decaf to goldilocks on nonnull attribute

parent 64926931
......@@ -28,7 +28,7 @@ extern "C" {
#define DECAF_API_VIS __attribute__((visibility("default")))
#define DECAF_NOINLINE __attribute__((noinline))
#define DECAF_WARN_UNUSED __attribute__((warn_unused_result))
#define DECAF_NONNULL __attribute__((nonnull))
#define GOLDILOCKS_NONNULL __attribute__((nonnull))
#define DECAF_INLINE inline __attribute__((always_inline,unused))
// Cribbed from libnotmuch
#if defined (__clang_major__) && __clang_major__ >= 3 \
......@@ -101,14 +101,14 @@ decaf_successful(goldilocks_error_t e) {
void decaf_bzero (
void *data,
size_t size
) DECAF_NONNULL DECAF_API_VIS;
) GOLDILOCKS_NONNULL DECAF_API_VIS;
/** Compare two buffers, returning GOLDILOCKS_TRUE if they are equal. */
decaf_bool_t decaf_memeq (
const void *data1,
const void *data2,
size_t size
) DECAF_NONNULL DECAF_WARN_UNUSED DECAF_API_VIS;
) GOLDILOCKS_NONNULL DECAF_WARN_UNUSED DECAF_API_VIS;
#ifdef __cplusplus
} /* extern "C" */
......
......@@ -63,7 +63,7 @@ extern "C" {
void decaf_ed448_derive_secret_scalar (
goldilocks_448_scalar_t secret,
const uint8_t privkey[DECAF_EDDSA_448_PRIVATE_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief EdDSA key generation. This function uses a different (non-Decaf)
......@@ -75,7 +75,7 @@ void decaf_ed448_derive_secret_scalar (
void decaf_ed448_derive_public_key (
uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey[DECAF_EDDSA_448_PRIVATE_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief EdDSA signing.
......@@ -217,7 +217,7 @@ goldilocks_error_t decaf_ed448_verify_prehash (
void goldilocks_448_point_mul_by_ratio_and_encode_like_eddsa (
uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES],
const goldilocks_448_point_t p
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief EdDSA point decoding. Multiplies by GOLDILOCKS_448_EDDSA_DECODE_RATIO,
......@@ -231,7 +231,7 @@ void goldilocks_448_point_mul_by_ratio_and_encode_like_eddsa (
goldilocks_error_t goldilocks_448_point_decode_like_eddsa_and_mul_by_ratio (
goldilocks_448_point_t p,
const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief EdDSA to ECDH public key conversion
......@@ -247,7 +247,7 @@ goldilocks_error_t goldilocks_448_point_decode_like_eddsa_and_mul_by_ratio (
void decaf_ed448_convert_public_key_to_x448 (
uint8_t x[DECAF_X448_PUBLIC_BYTES],
const uint8_t ed[DECAF_EDDSA_448_PUBLIC_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief EdDSA to ECDH private key conversion
......@@ -260,7 +260,7 @@ void decaf_ed448_convert_public_key_to_x448 (
void decaf_ed448_convert_private_key_to_x448 (
uint8_t x[DECAF_X448_PRIVATE_BYTES],
const uint8_t ed[DECAF_EDDSA_448_PRIVATE_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
#ifdef __cplusplus
} /* extern "C" */
......
......@@ -115,7 +115,7 @@ extern const struct goldilocks_448_precomputed_s *goldilocks_448_precomputed_bas
goldilocks_error_t goldilocks_448_scalar_decode (
goldilocks_448_scalar_t out,
const unsigned char ser[GOLDILOCKS_448_SCALAR_BYTES]
) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS DECAF_WARN_UNUSED GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Read a scalar from wire format or from bytes. Reduces mod
......@@ -129,7 +129,7 @@ void goldilocks_448_scalar_decode_long (
goldilocks_448_scalar_t out,
const unsigned char *ser,
size_t ser_len
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Serialize a scalar to wire format.
......@@ -140,7 +140,7 @@ void goldilocks_448_scalar_decode_long (
void goldilocks_448_scalar_encode (
unsigned char ser[GOLDILOCKS_448_SCALAR_BYTES],
const goldilocks_448_scalar_t s
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE DECAF_NOINLINE;
/**
* @brief Add two scalars. The scalars may use the same memory.
......@@ -152,7 +152,7 @@ void goldilocks_448_scalar_add (
goldilocks_448_scalar_t out,
const goldilocks_448_scalar_t a,
const goldilocks_448_scalar_t b
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Compare two scalars.
......@@ -164,7 +164,7 @@ void goldilocks_448_scalar_add (
decaf_bool_t goldilocks_448_scalar_eq (
const goldilocks_448_scalar_t a,
const goldilocks_448_scalar_t b
) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS DECAF_WARN_UNUSED GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Subtract two scalars. The scalars may use the same memory.
......@@ -176,7 +176,7 @@ void goldilocks_448_scalar_sub (
goldilocks_448_scalar_t out,
const goldilocks_448_scalar_t a,
const goldilocks_448_scalar_t b
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Multiply two scalars. The scalars may use the same memory.
......@@ -188,7 +188,7 @@ void goldilocks_448_scalar_mul (
goldilocks_448_scalar_t out,
const goldilocks_448_scalar_t a,
const goldilocks_448_scalar_t b
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Halve a scalar. The scalars may use the same memory.
......@@ -198,7 +198,7 @@ void goldilocks_448_scalar_mul (
void goldilocks_448_scalar_halve (
goldilocks_448_scalar_t out,
const goldilocks_448_scalar_t a
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Invert a scalar. When passed zero, return 0. The input and output may alias.
......@@ -209,7 +209,7 @@ void goldilocks_448_scalar_halve (
goldilocks_error_t goldilocks_448_scalar_invert (
goldilocks_448_scalar_t out,
const goldilocks_448_scalar_t a
) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS DECAF_WARN_UNUSED GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Copy a scalar. The scalars may use the same memory, in which
......@@ -217,7 +217,7 @@ goldilocks_error_t goldilocks_448_scalar_invert (
* @param [in] a A scalar.
* @param [out] out Will become a copy of a.
*/
static inline void DECAF_NONNULL goldilocks_448_scalar_copy (
static inline void GOLDILOCKS_NONNULL goldilocks_448_scalar_copy (
goldilocks_448_scalar_t out,
const goldilocks_448_scalar_t a
) {
......@@ -232,7 +232,7 @@ static inline void DECAF_NONNULL goldilocks_448_scalar_copy (
void goldilocks_448_scalar_set_unsigned (
goldilocks_448_scalar_t out,
uint64_t a
) DECAF_API_VIS DECAF_NONNULL;
) DECAF_API_VIS GOLDILOCKS_NONNULL;
/**
* @brief Encode a point as a sequence of bytes.
......@@ -243,7 +243,7 @@ void goldilocks_448_scalar_set_unsigned (
void goldilocks_448_point_encode (
uint8_t ser[GOLDILOCKS_448_SER_BYTES],
const goldilocks_448_point_t pt
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Decode a point from a sequence of bytes.
......@@ -263,7 +263,7 @@ goldilocks_error_t goldilocks_448_point_decode (
goldilocks_448_point_t pt,
const uint8_t ser[GOLDILOCKS_448_SER_BYTES],
decaf_bool_t allow_identity
) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS DECAF_WARN_UNUSED GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Copy a point. The input and output may alias,
......@@ -272,7 +272,7 @@ goldilocks_error_t goldilocks_448_point_decode (
* @param [out] a A copy of the point.
* @param [in] b Any point.
*/
static inline void DECAF_NONNULL goldilocks_448_point_copy (
static inline void GOLDILOCKS_NONNULL goldilocks_448_point_copy (
goldilocks_448_point_t a,
const goldilocks_448_point_t b
) {
......@@ -291,7 +291,7 @@ static inline void DECAF_NONNULL goldilocks_448_point_copy (
decaf_bool_t goldilocks_448_point_eq (
const goldilocks_448_point_t a,
const goldilocks_448_point_t b
) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS DECAF_WARN_UNUSED GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Add two points to produce a third point. The
......@@ -306,7 +306,7 @@ void goldilocks_448_point_add (
goldilocks_448_point_t sum,
const goldilocks_448_point_t a,
const goldilocks_448_point_t b
) DECAF_API_VIS DECAF_NONNULL;
) DECAF_API_VIS GOLDILOCKS_NONNULL;
/**
* @brief Double a point. Equivalent to
......@@ -318,7 +318,7 @@ void goldilocks_448_point_add (
void goldilocks_448_point_double (
goldilocks_448_point_t two_a,
const goldilocks_448_point_t a
) DECAF_API_VIS DECAF_NONNULL;
) DECAF_API_VIS GOLDILOCKS_NONNULL;
/**
* @brief Subtract two points to produce a third point. The
......@@ -333,7 +333,7 @@ void goldilocks_448_point_sub (
goldilocks_448_point_t diff,
const goldilocks_448_point_t a,
const goldilocks_448_point_t b
) DECAF_API_VIS DECAF_NONNULL;
) DECAF_API_VIS GOLDILOCKS_NONNULL;
/**
* @brief Negate a point to produce another point. The input
......@@ -345,7 +345,7 @@ void goldilocks_448_point_sub (
void goldilocks_448_point_negate (
goldilocks_448_point_t nega,
const goldilocks_448_point_t a
) DECAF_API_VIS DECAF_NONNULL;
) DECAF_API_VIS GOLDILOCKS_NONNULL;
/**
* @brief Multiply a base point by a scalar: scaled = scalar*base.
......@@ -358,7 +358,7 @@ void goldilocks_448_point_scalarmul (
goldilocks_448_point_t scaled,
const goldilocks_448_point_t base,
const goldilocks_448_scalar_t scalar
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Multiply a base point by a scalar: scaled = scalar*base.
......@@ -383,7 +383,7 @@ goldilocks_error_t goldilocks_448_direct_scalarmul (
const goldilocks_448_scalar_t scalar,
decaf_bool_t allow_identity,
decaf_bool_t short_circuit
) DECAF_API_VIS DECAF_NONNULL DECAF_WARN_UNUSED DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_WARN_UNUSED DECAF_NOINLINE;
/**
* @brief RFC 7748 Diffie-Hellman scalarmul, used to compute shared secrets.
......@@ -401,7 +401,7 @@ goldilocks_error_t decaf_x448 (
uint8_t shared[DECAF_X448_PUBLIC_BYTES],
const uint8_t base[DECAF_X448_PUBLIC_BYTES],
const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_WARN_UNUSED DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_WARN_UNUSED DECAF_NOINLINE;
/**
* @brief Multiply a point by DECAF_X448_ENCODE_RATIO,
......@@ -426,7 +426,7 @@ goldilocks_error_t decaf_x448 (
void goldilocks_448_point_mul_by_ratio_and_encode_like_x448 (
uint8_t out[DECAF_X448_PUBLIC_BYTES],
const goldilocks_448_point_t p
) DECAF_API_VIS DECAF_NONNULL;
) DECAF_API_VIS GOLDILOCKS_NONNULL;
/** The base point for X448 Diffie-Hellman */
extern const uint8_t
......@@ -450,7 +450,7 @@ extern const uint8_t
void decaf_x448_generate_key (
uint8_t out[DECAF_X448_PUBLIC_BYTES],
const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE DECAF_DEPRECATED("Renamed to decaf_x448_derive_public_key");
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE DECAF_DEPRECATED("Renamed to decaf_x448_derive_public_key");
/**
* @brief RFC 7748 Diffie-Hellman base point scalarmul. This function uses
......@@ -465,7 +465,7 @@ void decaf_x448_generate_key (
void decaf_x448_derive_public_key (
uint8_t out[DECAF_X448_PUBLIC_BYTES],
const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/* FUTURE: uint8_t goldilocks_448_encode_like_curve448) */
......@@ -481,7 +481,7 @@ void decaf_x448_derive_public_key (
void goldilocks_448_precompute (
goldilocks_448_precomputed_s *a,
const goldilocks_448_point_t b
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Multiply a precomputed base point by a scalar:
......@@ -498,7 +498,7 @@ void goldilocks_448_precomputed_scalarmul (
goldilocks_448_point_t scaled,
const goldilocks_448_precomputed_s *base,
const goldilocks_448_scalar_t scalar
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Multiply two base points by two scalars:
......@@ -519,7 +519,7 @@ void goldilocks_448_point_double_scalarmul (
const goldilocks_448_scalar_t scalar1,
const goldilocks_448_point_t base2,
const goldilocks_448_scalar_t scalar2
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* Multiply one base point by two scalars:
......@@ -542,7 +542,7 @@ void goldilocks_448_point_dual_scalarmul (
const goldilocks_448_point_t base1,
const goldilocks_448_scalar_t scalar1,
const goldilocks_448_scalar_t scalar2
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Multiply two base points by two scalars:
......@@ -564,7 +564,7 @@ void goldilocks_448_base_double_scalarmul_non_secret (
const goldilocks_448_scalar_t scalar1,
const goldilocks_448_point_t base2,
const goldilocks_448_scalar_t scalar2
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Constant-time decision between two points. If pick_b
......@@ -580,7 +580,7 @@ void goldilocks_448_point_cond_sel (
const goldilocks_448_point_t a,
const goldilocks_448_point_t b,
decaf_word_t pick_b
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Constant-time decision between two scalars. If pick_b
......@@ -596,7 +596,7 @@ void goldilocks_448_scalar_cond_sel (
const goldilocks_448_scalar_t a,
const goldilocks_448_scalar_t b,
decaf_word_t pick_b
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Test that a point is valid, for debugging purposes.
......@@ -607,7 +607,7 @@ void goldilocks_448_scalar_cond_sel (
*/
decaf_bool_t goldilocks_448_point_valid (
const goldilocks_448_point_t to_test
) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS DECAF_WARN_UNUSED GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Torque a point, for debugging purposes. The output
......@@ -619,7 +619,7 @@ decaf_bool_t goldilocks_448_point_valid (
void goldilocks_448_point_debugging_torque (
goldilocks_448_point_t q,
const goldilocks_448_point_t p
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Projectively scale a point, for debugging purposes.
......@@ -634,7 +634,7 @@ void goldilocks_448_point_debugging_pscale (
goldilocks_448_point_t q,
const goldilocks_448_point_t p,
const unsigned char factor[GOLDILOCKS_448_SER_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Almost-Elligator-like hash to curve.
......@@ -668,7 +668,7 @@ void
goldilocks_448_point_from_hash_nonuniform (
goldilocks_448_point_t pt,
const unsigned char hashed_data[GOLDILOCKS_448_HASH_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Indifferentiable hash function encoding to curve.
......@@ -681,7 +681,7 @@ goldilocks_448_point_from_hash_nonuniform (
void goldilocks_448_point_from_hash_uniform (
goldilocks_448_point_t pt,
const unsigned char hashed_data[2*GOLDILOCKS_448_HASH_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief Inverse of elligator-like hash to curve.
......@@ -716,7 +716,7 @@ goldilocks_448_invert_elligator_nonuniform (
unsigned char recovered_hash[GOLDILOCKS_448_HASH_BYTES],
const goldilocks_448_point_t pt,
uint32_t which
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED;
/**
* @brief Inverse of elligator-like hash to curve.
......@@ -741,26 +741,26 @@ goldilocks_448_invert_elligator_uniform (
unsigned char recovered_hash[2*GOLDILOCKS_448_HASH_BYTES],
const goldilocks_448_point_t pt,
uint32_t which
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED;
/** Securely erase a scalar. */
void goldilocks_448_scalar_destroy (
goldilocks_448_scalar_t scalar
) DECAF_NONNULL DECAF_API_VIS;
) GOLDILOCKS_NONNULL DECAF_API_VIS;
/** Securely erase a point by overwriting it with zeros.
* @warning This causes the point object to become invalid.
*/
void goldilocks_448_point_destroy (
goldilocks_448_point_t point
) DECAF_NONNULL DECAF_API_VIS;
) GOLDILOCKS_NONNULL DECAF_API_VIS;
/** Securely erase a precomputed table by overwriting it with zeros.
* @warning This causes the table object to become invalid.
*/
void goldilocks_448_precomputed_destroy (
goldilocks_448_precomputed_s *pre
) DECAF_NONNULL DECAF_API_VIS;
) GOLDILOCKS_NONNULL DECAF_API_VIS;
#ifdef __cplusplus
} /* extern "C" */
......
/**
* @file decaf/shake.h
* @copyright Public domain.
* @author Mike Hamburg
* @brief SHA2-512
*/
#ifndef __DECAF_SHA512_H__
#define __DECAF_SHA512_H__
#include <stdint.h>
#include <sys/types.h>
#include <stdlib.h> /* for NULL */
#include <decaf/common.h>
#ifdef __cplusplus
extern "C" {
#endif
/** Hash context for SHA-512 */
typedef struct decaf_sha512_ctx_s {
/** @cond internal */
uint64_t state[8];
uint8_t block[128];
uint64_t bytes_processed;
/* @endcond */
} decaf_sha512_ctx_s, decaf_sha512_ctx_t[1];
/** Initialize a SHA-512 context. */
void decaf_sha512_init(decaf_sha512_ctx_t ctx) DECAF_NONNULL DECAF_API_VIS;
/** Update context by hashing part of a message. */
void decaf_sha512_update(decaf_sha512_ctx_t ctx, const uint8_t *message, size_t message_len) DECAF_NONNULL DECAF_API_VIS;
/** Finalize context and write out hash.
* @param [inout] ctx The context. Will be destroyed and re-initialized on return.
* @param [out] output Place to store the output hash.
* @param [in] output_len Length in bytes of the output hash. Must between 0 and 64, inclusive.
*/
void decaf_sha512_final(decaf_sha512_ctx_t ctx, uint8_t *output, size_t output_len) DECAF_NONNULL DECAF_API_VIS;
/** Securely destroy a SHA512 context. */
static inline void decaf_sha512_destroy(decaf_sha512_ctx_t ctx) {
decaf_bzero(ctx,sizeof(*ctx));
}
/** Hash a message.
* @param [out] output Place to store the output hash.
* @param [in] output_len Length in bytes of the output hash. Must between 0 and 64, inclusive.
* @param [in] message A message to hash.
* @param [in] message_len Length in bytes of the input message.
*/
static inline void decaf_sha512_hash(
uint8_t *output,
size_t output_len,
const uint8_t *message,
size_t message_len
) {
decaf_sha512_ctx_t ctx;
decaf_sha512_init(ctx);
decaf_sha512_update(ctx,message,message_len);
decaf_sha512_final(ctx,output,output_len);
decaf_sha512_destroy(ctx);
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* __DECAF_SHA512_H__ */
......@@ -152,53 +152,53 @@ goldilocks_error_t decaf_sha3_hash (
#define DECAF_DEC_SHAKE(n) \
extern const struct decaf_kparams_s DECAF_SHAKE##n##_params_s DECAF_API_VIS; \
typedef struct decaf_shake##n##_ctx_s { decaf_keccak_sponge_t s; } decaf_shake##n##_ctx_t[1]; \
static inline void DECAF_NONNULL decaf_shake##n##_init(decaf_shake##n##_ctx_t sponge) { \
static inline void GOLDILOCKS_NONNULL decaf_shake##n##_init(decaf_shake##n##_ctx_t sponge) { \
decaf_sha3_init(sponge->s, &DECAF_SHAKE##n##_params_s); \
} \
static inline void DECAF_NONNULL decaf_shake##n##_gen_init(decaf_keccak_sponge_t sponge) { \
static inline void GOLDILOCKS_NONNULL decaf_shake##n##_gen_init(decaf_keccak_sponge_t sponge) { \
decaf_sha3_init(sponge, &DECAF_SHAKE##n##_params_s); \
} \
static inline goldilocks_error_t DECAF_NONNULL decaf_shake##n##_update(decaf_shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
static inline goldilocks_error_t GOLDILOCKS_NONNULL decaf_shake##n##_update(decaf_shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
return decaf_sha3_update(sponge->s, in, inlen); \
} \
static inline void DECAF_NONNULL decaf_shake##n##_final(decaf_shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
static inline void GOLDILOCKS_NONNULL decaf_shake##n##_final(decaf_shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
decaf_sha3_output(sponge->s, out, outlen); \
decaf_sha3_init(sponge->s, &DECAF_SHAKE##n##_params_s); \
} \
static inline void DECAF_NONNULL decaf_shake##n##_output(decaf_shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
static inline void GOLDILOCKS_NONNULL decaf_shake##n##_output(decaf_shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
decaf_sha3_output(sponge->s, out, outlen); \
} \
static inline void DECAF_NONNULL decaf_shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
static inline void GOLDILOCKS_NONNULL decaf_shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
decaf_sha3_hash(out,outlen,in,inlen,&DECAF_SHAKE##n##_params_s); \
} \
static inline void DECAF_NONNULL decaf_shake##n##_destroy( decaf_shake##n##_ctx_t sponge ) { \
static inline void GOLDILOCKS_NONNULL decaf_shake##n##_destroy( decaf_shake##n##_ctx_t sponge ) { \
decaf_sha3_destroy(sponge->s); \
}
#define DECAF_DEC_SHA3(n) \
extern const struct decaf_kparams_s DECAF_SHA3_##n##_params_s DECAF_API_VIS; \
typedef struct decaf_sha3_##n##_ctx_s { decaf_keccak_sponge_t s; } decaf_sha3_##n##_ctx_t[1]; \
static inline void DECAF_NONNULL decaf_sha3_##n##_init(decaf_sha3_##n##_ctx_t sponge) { \
static inline void GOLDILOCKS_NONNULL decaf_sha3_##n##_init(decaf_sha3_##n##_ctx_t sponge) { \
decaf_sha3_init(sponge->s, &DECAF_SHA3_##n##_params_s); \
} \
static inline void DECAF_NONNULL decaf_sha3_##n##_gen_init(decaf_keccak_sponge_t sponge) { \
static inline void GOLDILOCKS_NONNULL decaf_sha3_##n##_gen_init(decaf_keccak_sponge_t sponge) { \
decaf_sha3_init(sponge, &DECAF_SHA3_##n##_params_s); \
} \
static inline goldilocks_error_t DECAF_NONNULL decaf_sha3_##n##_update(decaf_sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
static inline goldilocks_error_t GOLDILOCKS_NONNULL decaf_sha3_##n##_update(decaf_sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
return decaf_sha3_update(sponge->s, in, inlen); \
} \
static inline goldilocks_error_t DECAF_NONNULL decaf_sha3_##n##_final(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
static inline goldilocks_error_t GOLDILOCKS_NONNULL decaf_sha3_##n##_final(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
goldilocks_error_t ret = decaf_sha3_output(sponge->s, out, outlen); \
decaf_sha3_init(sponge->s, &DECAF_SHA3_##n##_params_s); \
return ret; \
} \
static inline goldilocks_error_t DECAF_NONNULL decaf_sha3_##n##_output(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
static inline goldilocks_error_t GOLDILOCKS_NONNULL decaf_sha3_##n##_output(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
return decaf_sha3_output(sponge->s, out, outlen); \
} \
static inline goldilocks_error_t DECAF_NONNULL decaf_sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
static inline goldilocks_error_t GOLDILOCKS_NONNULL decaf_sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
return decaf_sha3_hash(out,outlen,in,inlen,&DECAF_SHA3_##n##_params_s); \
} \
static inline void DECAF_NONNULL decaf_sha3_##n##_destroy(decaf_sha3_##n##_ctx_t sponge) { \
static inline void GOLDILOCKS_NONNULL decaf_sha3_##n##_destroy(decaf_sha3_##n##_ctx_t sponge) { \
decaf_sha3_destroy(sponge->s); \
}
/** @endcond */
......
......@@ -32,7 +32,7 @@ void decaf_spongerng_init_from_buffer (
const uint8_t *__restrict__ in, /**< [in] The initialization data. */
size_t len, /**< [in] The length of the initialization data. */
int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC.*/
) DECAF_NONNULL DECAF_API_VIS;
) GOLDILOCKS_NONNULL DECAF_API_VIS;
/**
* @brief Initialize a sponge-based CSPRNG from a file.
......@@ -45,7 +45,7 @@ goldilocks_error_t decaf_spongerng_init_from_file (
const char *file, /**< [in] A name of a file containing initial data. */
size_t len, /**< [in] The length of the initial data. Must be positive. */
int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC. */
) DECAF_NONNULL DECAF_API_VIS DECAF_WARN_UNUSED;
) GOLDILOCKS_NONNULL DECAF_API_VIS DECAF_WARN_UNUSED;
/**
* @brief Initialize a nondeterministic sponge-based CSPRNG from /dev/urandom.
......@@ -69,7 +69,7 @@ void decaf_spongerng_stir (
decaf_keccak_prng_t prng, /**< [out] The PRNG object. */
const uint8_t * __restrict__ in, /**< [in] The entropy data. */
size_t len /**< [in] The length of the initial data. */
) DECAF_NONNULL DECAF_API_VIS;
) GOLDILOCKS_NONNULL DECAF_API_VIS;
/** Securely destroy a sponge RNG object by overwriting it. */
static DECAF_INLINE void
......
......@@ -48,7 +48,7 @@ $("extern const uint8_t * const DECAF_ED" + 448 + "_NO_CONTEXT DECAF_API_VIS;\n"
void decaf_ed448_derive_secret_scalar (
$(c_ns)_scalar_t secret,
const uint8_t privkey[DECAF_EDDSA_448_PRIVATE_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief EdDSA key generation. This function uses a different (non-Decaf)
......@@ -60,7 +60,7 @@ void decaf_ed448_derive_secret_scalar (
void decaf_ed448_derive_public_key (
uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey[DECAF_EDDSA_448_PRIVATE_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief EdDSA signing.
......@@ -202,7 +202,7 @@ goldilocks_error_t decaf_ed448_verify_prehash (
void $(c_ns)_point_mul_by_ratio_and_encode_like_eddsa (
uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES],
const $(c_ns)_point_t p
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;
/**
* @brief EdDSA point decoding. Multiplies by $(C_NS)_EDDSA_DECODE_RATIO,
......@@ -216,7 +216,7 @@ void $(c_ns)_point_mul_by_ratio_and_encode_like_eddsa (
goldilocks_error_t $(c_ns)_point_decode_like_eddsa_and_mul_by_ratio (
$(c_ns)_point_t p,
const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]
) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
) DECAF_API_VIS GOLDILOCKS_NONNULL DECAF_NOINLINE;