diff --git a/src/crandom.c b/src/crandom.c index da0c3c9..4f36644 100644 --- a/src/crandom.c +++ b/src/crandom.c @@ -301,7 +301,7 @@ crandom_chacha_expand(u_int64_t iv, int crandom_init_from_file( - struct crandom_state_t *state, + crandom_state_a_t state, const char *filename, int reseed_interval, int reseeds_mandatory @@ -338,7 +338,7 @@ crandom_init_from_file( void crandom_init_from_buffer( - struct crandom_state_t *state, + crandom_state_a_t state, const char initial_seed[32] ) { memcpy(state->seed, initial_seed, 32); @@ -350,7 +350,7 @@ crandom_init_from_buffer( int crandom_generate( - struct crandom_state_t *state, + crandom_state_a_t state, unsigned char *output, unsigned long long length ) { @@ -475,7 +475,7 @@ crandom_generate( void crandom_destroy( - struct crandom_state_t *state + crandom_state_a_t state ) { if (state->magic == CRANDOM_MAGIC && state->randomfd) { (void) close(state->randomfd); diff --git a/src/ec_point.c b/src/ec_point.c index e78852b..2582372 100644 --- a/src/ec_point.c +++ b/src/ec_point.c @@ -14,8 +14,8 @@ void add_tw_niels_to_tw_extensible ( - struct tw_extensible_t* d, - const struct tw_niels_t* e + tw_extensible_a_t d, + const tw_niels_a_t e ) { ANALYZE_THIS_ROUTINE_CAREFULLY; field_a_t L0, L1; @@ -36,8 +36,8 @@ add_tw_niels_to_tw_extensible ( void sub_tw_niels_from_tw_extensible ( - struct tw_extensible_t* d, - const struct tw_niels_t* e + tw_extensible_a_t d, + const tw_niels_a_t e ) { ANALYZE_THIS_ROUTINE_CAREFULLY; field_a_t L0, L1; @@ -58,29 +58,29 @@ sub_tw_niels_from_tw_extensible ( void add_tw_pniels_to_tw_extensible ( - struct tw_extensible_t* e, - const struct tw_pniels_t* a + tw_extensible_a_t e, + const tw_pniels_a_t a ) { field_a_t L0; field_mul ( L0, e->z, a->z ); field_copy ( e->z, L0 ); - add_tw_niels_to_tw_extensible( e, &a->n ); + add_tw_niels_to_tw_extensible( e, a->n ); } void sub_tw_pniels_from_tw_extensible ( - struct tw_extensible_t* e, - const struct tw_pniels_t* a + tw_extensible_a_t e, + const tw_pniels_a_t a ) { field_a_t L0; field_mul ( L0, e->z, a->z ); field_copy ( e->z, L0 ); - sub_tw_niels_from_tw_extensible( e, &a->n ); + sub_tw_niels_from_tw_extensible( e, a->n ); } void double_tw_extensible ( - struct tw_extensible_t* a + tw_extensible_a_t a ) { ANALYZE_THIS_ROUTINE_CAREFULLY; field_a_t L0, L1, L2; @@ -105,7 +105,7 @@ double_tw_extensible ( void double_extensible ( - struct extensible_t* a + extensible_a_t a ) { ANALYZE_THIS_ROUTINE_CAREFULLY; field_a_t L0, L1, L2; @@ -130,8 +130,8 @@ double_extensible ( void twist_and_double ( - struct tw_extensible_t* b, - const struct extensible_t* a + tw_extensible_a_t b, + const extensible_a_t a ) { field_a_t L0; field_sqr ( b->x, a->x ); @@ -151,8 +151,8 @@ twist_and_double ( void untwist_and_double ( - struct extensible_t* b, - const struct tw_extensible_t* a + extensible_a_t b, + const tw_extensible_a_t a ) { field_a_t L0; field_sqr ( b->x, a->x ); @@ -172,20 +172,20 @@ untwist_and_double ( void convert_tw_affine_to_tw_pniels ( - struct tw_pniels_t* b, - const struct tw_affine_t* a + tw_pniels_a_t b, + const tw_affine_a_t a ) { - field_sub ( b->n.a, a->y, a->x ); - field_add ( b->n.b, a->x, a->y ); + field_sub ( b->n->a, a->y, a->x ); + field_add ( b->n->b, a->x, a->y ); field_mul ( b->z, a->y, a->x ); - field_mulw_scc_wr ( b->n.c, b->z, 2*EDWARDS_D-2 ); + field_mulw_scc_wr ( b->n->c, b->z, 2*EDWARDS_D-2 ); field_set_ui( b->z, 2 ); } void convert_tw_affine_to_tw_extensible ( - struct tw_extensible_t* b, - const struct tw_affine_t* a + tw_extensible_a_t b, + const tw_affine_a_t a ) { field_copy ( b->x, a->x ); field_copy ( b->y, a->y ); @@ -196,8 +196,8 @@ convert_tw_affine_to_tw_extensible ( void convert_affine_to_extensible ( - struct extensible_t* b, - const struct affine_t* a + extensible_a_t b, + const affine_a_t a ) { field_copy ( b->x, a->x ); field_copy ( b->y, a->y ); @@ -208,23 +208,23 @@ convert_affine_to_extensible ( void convert_tw_extensible_to_tw_pniels ( - struct tw_pniels_t* b, - const struct tw_extensible_t* a + tw_pniels_a_t b, + const tw_extensible_a_t a ) { - field_sub ( b->n.a, a->y, a->x ); - field_add ( b->n.b, a->x, a->y ); + field_sub ( b->n->a, a->y, a->x ); + field_add ( b->n->b, a->x, a->y ); field_mul ( b->z, a->u, a->t ); - field_mulw_scc_wr ( b->n.c, b->z, 2*EDWARDS_D-2 ); + field_mulw_scc_wr ( b->n->c, b->z, 2*EDWARDS_D-2 ); field_add ( b->z, a->z, a->z ); } void convert_tw_pniels_to_tw_extensible ( - struct tw_extensible_t* e, - const struct tw_pniels_t* d + tw_extensible_a_t e, + const tw_pniels_a_t d ) { - field_add ( e->u, d->n.b, d->n.a ); - field_sub ( e->t, d->n.b, d->n.a ); + field_add ( e->u, d->n->b, d->n->a ); + field_sub ( e->t, d->n->b, d->n->a ); field_mul ( e->x, d->z, e->t ); field_mul ( e->y, d->z, e->u ); field_sqr ( e->z, d->z ); @@ -232,8 +232,8 @@ convert_tw_pniels_to_tw_extensible ( void convert_tw_niels_to_tw_extensible ( - struct tw_extensible_t* e, - const struct tw_niels_t* d + tw_extensible_a_t e, + const tw_niels_a_t d ) { field_add ( e->y, d->b, d->a ); field_sub ( e->x, d->b, d->a ); @@ -244,7 +244,7 @@ convert_tw_niels_to_tw_extensible ( void montgomery_step ( - struct montgomery_t* a + montgomery_a_t a ) { ANALYZE_THIS_ROUTINE_CAREFULLY; field_a_t L0, L1; @@ -272,7 +272,7 @@ montgomery_step ( void deserialize_montgomery ( - struct montgomery_t* a, + montgomery_a_t a, const field_a_t sbz ) { field_sqr ( a->z0, sbz ); @@ -285,7 +285,7 @@ deserialize_montgomery ( mask_t serialize_montgomery ( field_a_t b, - const struct montgomery_t* a, + const montgomery_a_t a, const field_a_t sbz ) { mask_t L4, L5, L6; @@ -332,7 +332,7 @@ serialize_montgomery ( void serialize_extensible ( field_a_t b, - const struct extensible_t* a + const extensible_a_t a ) { field_a_t L0, L1, L2; field_sub ( L0, a->y, a->z ); @@ -351,7 +351,7 @@ serialize_extensible ( void untwist_and_double_and_serialize ( field_a_t b, - const struct tw_extensible_t* a + const tw_extensible_a_t a ) { field_a_t L0, L1, L2, L3; field_mul ( L3, a->y, a->x ); @@ -375,8 +375,8 @@ untwist_and_double_and_serialize ( void twist_even ( - struct tw_extensible_t* b, - const struct extensible_t* a + tw_extensible_a_t b, + const extensible_a_t a ) { field_sqr ( b->y, a->z ); field_sqr ( b->z, a->x ); @@ -401,8 +401,8 @@ twist_even ( void test_only_twist ( - struct tw_extensible_t* b, - const struct extensible_t* a + tw_extensible_a_t b, + const extensible_a_t a ) { field_a_t L0, L1; field_sqr ( b->u, a->z ); @@ -436,7 +436,7 @@ test_only_twist ( mask_t is_even_pt ( - const struct extensible_t* a + const extensible_a_t a ) { field_a_t L0, L1, L2; field_sqr ( L2, a->z ); @@ -447,7 +447,7 @@ is_even_pt ( mask_t is_even_tw ( - const struct tw_extensible_t* a + const tw_extensible_a_t a ) { field_a_t L0, L1, L2; field_sqr ( L2, a->z ); @@ -458,7 +458,7 @@ is_even_tw ( mask_t deserialize_affine ( - struct affine_t* a, + affine_a_t a, const field_a_t sz ) { field_a_t L0, L1, L2, L3; @@ -492,7 +492,7 @@ deserialize_affine ( mask_t deserialize_and_twist_approx ( - struct tw_extensible_t* a, + tw_extensible_a_t a, const field_a_t sz ) { field_a_t L0, L1; @@ -537,7 +537,7 @@ deserialize_and_twist_approx ( void set_identity_extensible ( - struct extensible_t* a + extensible_a_t a ) { field_set_ui( a->x, 0 ); field_set_ui( a->y, 1 ); @@ -548,7 +548,7 @@ set_identity_extensible ( void set_identity_tw_extensible ( - struct tw_extensible_t* a + tw_extensible_a_t a ) { field_set_ui( a->x, 0 ); field_set_ui( a->y, 1 ); @@ -559,7 +559,7 @@ set_identity_tw_extensible ( void set_identity_affine ( - struct affine_t* a + affine_a_t a ) { field_set_ui( a->x, 0 ); field_set_ui( a->y, 1 ); @@ -567,8 +567,8 @@ set_identity_affine ( mask_t eq_affine ( - const struct affine_t* a, - const struct affine_t* b + const affine_a_t a, + const affine_a_t b ) { mask_t L1, L2; field_a_t L0; @@ -581,8 +581,8 @@ eq_affine ( mask_t eq_extensible ( - const struct extensible_t* a, - const struct extensible_t* b + const extensible_a_t a, + const extensible_a_t b ) { mask_t L3, L4; field_a_t L0, L1, L2; @@ -599,8 +599,8 @@ eq_extensible ( mask_t eq_tw_extensible ( - const struct tw_extensible_t* a, - const struct tw_extensible_t* b + const tw_extensible_a_t a, + const tw_extensible_a_t b ) { mask_t L3, L4; field_a_t L0, L1, L2; @@ -617,7 +617,7 @@ eq_tw_extensible ( void elligator_2s_inject ( - struct affine_t* a, + affine_a_t a, const field_a_t r ) { field_a_t L2, L3, L4, L5, L6, L7, L8; @@ -676,7 +676,7 @@ elligator_2s_inject ( mask_t validate_affine ( - const struct affine_t* a + const affine_a_t a ) { field_a_t L0, L1, L2, L3; field_sqr ( L0, a->y ); @@ -691,7 +691,7 @@ validate_affine ( mask_t validate_tw_extensible ( - const struct tw_extensible_t* ext + const tw_extensible_a_t ext ) { mask_t L4, L5; field_a_t L0, L1, L2, L3; @@ -728,7 +728,7 @@ validate_tw_extensible ( mask_t validate_extensible ( - const struct extensible_t* ext + const extensible_a_t ext ) { mask_t L4, L5; field_a_t L0, L1, L2, L3; diff --git a/src/goldilocks.c b/src/goldilocks.c index 7cba9c4..1c647f4 100644 --- a/src/goldilocks.c +++ b/src/goldilocks.c @@ -41,7 +41,7 @@ #else #define FIELD_HASH_BYTES (SHA512_OUTPUT_BYTES * ((FIELD_BYTES-1)/SHA512_OUTPUT_BYTES + 1)) static inline void field_hash_final ( - struct sha512_ctx_t *ctx, + sha512_ctx_a_t *ctx, unsigned char out[FIELD_HASH_BYTES] ) { /* SHA PRNG I guess? I really should have used SHAKE */ @@ -67,19 +67,19 @@ struct goldilocks_precomputed_public_key_t { /* FUTURE: auto. */ static struct { - const char * volatile state; + const char * volatile status; #if GOLDILOCKS_USE_PTHREAD pthread_mutex_t mutex; #endif - struct tw_niels_t combs[COMB_N << (COMB_T-1)]; + tw_niels_a_t combs[COMB_N << (COMB_T-1)]; struct fixed_base_table_t fixed_base; - struct tw_niels_t wnafs[1<= sizeof(sk)); - struct sha512_ctx_t ctx; - struct tw_extensible_t exta; + sha512_ctx_a_t ctx; + tw_extensible_a_t exta; field_a_t pk; - sha512_init(&ctx); - sha512_update(&ctx, (const unsigned char *)"derivepk", GOLDI_DIVERSIFY_BYTES); - sha512_update(&ctx, proto, GOLDI_SYMKEY_BYTES); - field_hash_final(&ctx, (unsigned char *)skb); + sha512_init(ctx); + sha512_update(ctx, (const unsigned char *)"derivepk", GOLDI_DIVERSIFY_BYTES); + sha512_update(ctx, proto, GOLDI_SYMKEY_BYTES); + field_hash_final(ctx, (unsigned char *)skb); barrett_deserialize_and_reduce(sk, skb, sizeof(skb), &curve_prime_order); barrett_serialize(privkey->opaque, sk, GOLDI_FIELD_BYTES); - scalarmul_fixed_base(&exta, sk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base); - untwist_and_double_and_serialize(pk, &exta); + scalarmul_fixed_base(exta, sk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base); + untwist_and_double_and_serialize(pk, exta); field_serialize(&privkey->opaque[GOLDI_FIELD_BYTES], pk); @@ -204,7 +204,7 @@ goldilocks_keygen ( if (ml_ret) return ml_ret; #endif - int ret = crandom_generate(&goldilocks_global.rand, proto, sizeof(proto)); + int ret = crandom_generate(goldilocks_global.rand, proto, sizeof(proto)); #if GOLDILOCKS_USE_PTHREAD ml_ret = pthread_mutex_unlock(&goldilocks_global.mutex); @@ -267,9 +267,9 @@ goldilocks_shared_secret_core ( #if GOLDI_IMPLEMENT_PRECOMPUTED_KEYS if (pre) { - struct tw_extensible_t tw; - succ &= scalarmul_fixed_base(&tw, sk, GOLDI_SCALAR_BITS, &pre->table); - untwist_and_double_and_serialize(pk, &tw); + tw_extensible_a_t tw; + succ &= scalarmul_fixed_base(tw, sk, GOLDI_SCALAR_BITS, &pre->table); + untwist_and_double_and_serialize(pk, tw); } else { succ &= montgomery_ladder(pk,pk,sk,GOLDI_SCALAR_BITS,1); } @@ -282,8 +282,8 @@ goldilocks_shared_secret_core ( field_serialize(gxy,pk); /* obliterate records of our failure by adjusting with obliteration key */ - struct sha512_ctx_t ctx; - sha512_init(&ctx); + sha512_ctx_a_t ctx; + sha512_init(ctx); #ifdef EXPERIMENT_ECDH_OBLITERATE_CT uint8_t oblit[GOLDI_DIVERSIFY_BYTES + GOLDI_SYMKEY_BYTES]; @@ -294,21 +294,21 @@ goldilocks_shared_secret_core ( for (i=0; iopaque[2*GOLDI_FIELD_BYTES+i] & ~(succ&msucc); } - sha512_update(&ctx, oblit, sizeof(oblit)); + sha512_update(ctx, oblit, sizeof(oblit)); #endif #ifdef EXPERIMENT_ECDH_STIR_IN_PUBKEYS /* stir in the sum and product of the pubkeys. */ uint8_t a_pk[GOLDI_FIELD_BYTES]; field_serialize(a_pk, sum); - sha512_update(&ctx, a_pk, GOLDI_FIELD_BYTES); + sha512_update(ctx, a_pk, GOLDI_FIELD_BYTES); field_serialize(a_pk, prod); - sha512_update(&ctx, a_pk, GOLDI_FIELD_BYTES); + sha512_update(ctx, a_pk, GOLDI_FIELD_BYTES); #endif /* stir in the shared key and finish */ - sha512_update(&ctx, gxy, GOLDI_FIELD_BYTES); - sha512_final(&ctx, shared); + sha512_update(ctx, gxy, GOLDI_FIELD_BYTES); + sha512_final(ctx, shared); return (GOLDI_ECORRUPT & ~msucc) | (GOLDI_EINVAL & msucc &~ succ) @@ -340,12 +340,12 @@ goldilocks_derive_challenge( ) { /* challenge = H(pk, [nonceG], message). */ unsigned char sha_out[FIELD_HASH_BYTES]; - struct sha512_ctx_t ctx; - sha512_init(&ctx); - sha512_update(&ctx, pubkey, GOLDI_FIELD_BYTES); - sha512_update(&ctx, gnonce, GOLDI_FIELD_BYTES); - sha512_update(&ctx, message, message_len); - field_hash_final(&ctx, sha_out); + sha512_ctx_a_t ctx; + sha512_init(ctx); + sha512_update(ctx, pubkey, GOLDI_FIELD_BYTES); + sha512_update(ctx, gnonce, GOLDI_FIELD_BYTES); + sha512_update(ctx, message, message_len); + field_hash_final(ctx, sha_out); barrett_deserialize_and_reduce(challenge, sha_out, sizeof(sha_out), &curve_prime_order); } @@ -371,22 +371,22 @@ goldilocks_sign ( /* Derive a nonce. TODO: use HMAC. FUTURE: factor. */ unsigned char sha_out[FIELD_HASH_BYTES]; word_t tk[GOLDI_FIELD_WORDS]; - struct sha512_ctx_t ctx; - sha512_init(&ctx); - sha512_update(&ctx, (const unsigned char *)"signonce", 8); - sha512_update(&ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES); - sha512_update(&ctx, message, message_len); - sha512_update(&ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES); - field_hash_final(&ctx, sha_out); + sha512_ctx_a_t ctx; + sha512_init(ctx); + sha512_update(ctx, (const unsigned char *)"signonce", 8); + sha512_update(ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES); + sha512_update(ctx, message, message_len); + sha512_update(ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES); + field_hash_final(ctx, sha_out); barrett_deserialize_and_reduce(tk, sha_out, sizeof(sha_out), &curve_prime_order); /* 4[nonce]G */ uint8_t signature_tmp[GOLDI_FIELD_BYTES]; - struct tw_extensible_t exta; + tw_extensible_a_t exta; field_a_t gsk; - scalarmul_fixed_base(&exta, tk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base); - double_tw_extensible(&exta); - untwist_and_double_and_serialize(gsk, &exta); + scalarmul_fixed_base(exta, tk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base); + double_tw_extensible(exta); + untwist_and_double_and_serialize(gsk, exta); field_serialize(signature_tmp, gsk); word_t challenge[GOLDI_FIELD_WORDS]; @@ -450,21 +450,21 @@ goldilocks_verify ( goldilocks_derive_challenge(challenge, pubkey->opaque, signature, message, message_len); field_a_t eph; - struct tw_extensible_t pk_text; + tw_extensible_a_t pk_text; /* deserialize [nonce]G */ succ = field_deserialize(eph, signature); if (!succ) return GOLDI_EINVAL; - succ = deserialize_and_twist_approx(&pk_text, pk); + succ = deserialize_and_twist_approx(pk_text, pk); if (!succ) return GOLDI_EINVAL; - linear_combo_var_fixed_vt( &pk_text, + linear_combo_var_fixed_vt( pk_text, challenge, GOLDI_SCALAR_BITS, s, GOLDI_SCALAR_BITS, goldilocks_global.wnafs, WNAF_PRECMP_BITS ); - untwist_and_double_and_serialize( pk, &pk_text ); + untwist_and_double_and_serialize( pk, pk_text ); succ = field_eq(eph, pk); return succ ? 0 : GOLDI_EINVAL; @@ -483,7 +483,7 @@ goldilocks_precompute_public_key ( if (!precom) return NULL; - struct tw_extensible_t pk_text; + tw_extensible_a_t pk_text; field_a_t pk; mask_t succ = field_deserialize(pk, pub->opaque); @@ -492,13 +492,13 @@ goldilocks_precompute_public_key ( return NULL; } - succ = deserialize_and_twist_approx(&pk_text, pk); + succ = deserialize_and_twist_approx(pk_text, pk); if (!succ) { free(precom); return NULL; } - succ = precompute_fixed_base(&precom->table, &pk_text, + succ = precompute_fixed_base(&precom->table, pk_text, COMB_N, COMB_T, COMB_S, NULL); if (!succ) { free(precom); @@ -539,20 +539,20 @@ goldilocks_verify_precomputed ( goldilocks_derive_challenge(challenge, pubkey->pub.opaque, signature, message, message_len); field_a_t eph, pk; - struct tw_extensible_t pk_text; + tw_extensible_a_t pk_text; /* deserialize [nonce]G */ succ = field_deserialize(eph, signature); if (!succ) return GOLDI_EINVAL; succ = linear_combo_combs_vt ( - &pk_text, + pk_text, challenge, GOLDI_SCALAR_BITS, &pubkey->table, s, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base ); if (!succ) return GOLDI_EINVAL; - untwist_and_double_and_serialize( pk, &pk_text ); + untwist_and_double_and_serialize( pk, pk_text ); succ = field_eq(eph, pk); return succ ? 0 : GOLDI_EINVAL; diff --git a/src/include/crandom.h b/src/include/crandom.h index 90cc374..c9f4c26 100644 --- a/src/include/crandom.h +++ b/src/include/crandom.h @@ -39,6 +39,7 @@ struct crandom_state_t { int reseeds_mandatory; int randomfd; } __attribute__((aligned(16))) ; +typedef struct crandom_state_t crandom_state_a_t[1]; #ifdef __cplusplus extern "C" { @@ -64,7 +65,7 @@ extern "C" { */ int crandom_init_from_file ( - struct crandom_state_t *state, + crandom_state_a_t state, const char *filename, int reseed_interval, int reseeds_mandatory @@ -87,7 +88,7 @@ crandom_init_from_file ( */ void crandom_init_from_buffer ( - struct crandom_state_t *state, + crandom_state_a_t state, const char initial_seed[32] ); @@ -118,7 +119,7 @@ crandom_init_from_buffer ( */ int crandom_generate ( - struct crandom_state_t *state, + crandom_state_a_t state, unsigned char *output, unsigned long long length ); @@ -131,7 +132,7 @@ crandom_generate ( */ void crandom_destroy ( - struct crandom_state_t *state + crandom_state_a_t state ); #ifdef __cplusplus diff --git a/src/include/ec_point.h b/src/include/ec_point.h index 9d0f4f3..54ab9cb 100644 --- a/src/include/ec_point.h +++ b/src/include/ec_point.h @@ -20,23 +20,23 @@ extern "C" { /** * Affine point on an Edwards curve. */ -struct affine_t { +typedef struct affine_t { field_a_t x, y; -}; +} affine_a_t[1]; /** * Affine point on a twisted Edwards curve. */ -struct tw_affine_t { +typedef struct tw_affine_t { field_a_t x, y; -}; +} tw_affine_a_t[1]; /** * Montgomery buffer. */ -struct montgomery_t { +typedef struct montgomery_t { field_a_t z0, xd, zd, xa, za; -}; +} montgomery_a_t[1]; /** * Extensible coordinates for Edwards curves, suitable for @@ -56,36 +56,36 @@ struct montgomery_t { * lookahead trick. It might be worth considering that trick * instead. */ -struct extensible_t { +typedef struct extensible_t { field_a_t x, y, z, t, u; -}; +} extensible_a_t[1]; /** * Extensible coordinates for twisted Edwards curves, * suitable for accumulators. */ -struct tw_extensible_t { +typedef struct tw_extensible_t { field_a_t x, y, z, t, u; -}; +} tw_extensible_a_t[1]; /** * Niels coordinates for twisted Edwards curves. * * Good for mixed readdition; suitable for fixed tables. */ -struct tw_niels_t { +typedef struct tw_niels_t { field_a_t a, b, c; -}; +} tw_niels_a_t[1]; /** * Projective niels coordinates for twisted Edwards curves. * * Good for readdition; suitable for temporary tables. */ -struct tw_pniels_t { - struct tw_niels_t n; +typedef struct tw_pniels_t { + tw_niels_a_t n; field_a_t z; -}; +} tw_pniels_a_t[1]; /** @@ -93,8 +93,8 @@ struct tw_pniels_t { */ static __inline__ void copy_affine ( - struct affine_t* a, - const struct affine_t* ds + affine_a_t a, + const affine_a_t ds ) __attribute__((unused,always_inline)); /** @@ -102,8 +102,8 @@ copy_affine ( */ static __inline__ void copy_tw_affine ( - struct tw_affine_t* a, - const struct tw_affine_t* ds + tw_affine_a_t a, + const tw_affine_a_t ds ) __attribute__((unused,always_inline)); /** @@ -111,8 +111,8 @@ copy_tw_affine ( */ static __inline__ void copy_montgomery ( - struct montgomery_t* a, - const struct montgomery_t* ds + montgomery_a_t a, + const montgomery_a_t ds ) __attribute__((unused,always_inline)); /** @@ -120,8 +120,8 @@ copy_montgomery ( */ static __inline__ void copy_extensible ( - struct extensible_t* a, - const struct extensible_t* ds + extensible_a_t a, + const extensible_a_t ds ) __attribute__((unused,always_inline)); /** @@ -129,8 +129,8 @@ copy_extensible ( */ static __inline__ void copy_tw_extensible ( - struct tw_extensible_t* a, - const struct tw_extensible_t* ds + tw_extensible_a_t a, + const tw_extensible_a_t ds ) __attribute__((unused,always_inline)); /** @@ -138,8 +138,8 @@ copy_tw_extensible ( */ static __inline__ void copy_tw_niels ( - struct tw_niels_t* a, - const struct tw_niels_t* ds + tw_niels_a_t a, + const tw_niels_a_t ds ) __attribute__((unused,always_inline)); /** @@ -147,8 +147,8 @@ copy_tw_niels ( */ static __inline__ void copy_tw_pniels ( - struct tw_pniels_t* a, - const struct tw_pniels_t* ds + tw_pniels_a_t a, + const tw_pniels_a_t ds ) __attribute__((unused,always_inline)); /** @@ -157,8 +157,8 @@ copy_tw_pniels ( */ void add_tw_niels_to_tw_extensible ( - struct tw_extensible_t* d, - const struct tw_niels_t* e + tw_extensible_a_t d, + const tw_niels_a_t e ); /** @@ -167,8 +167,8 @@ add_tw_niels_to_tw_extensible ( */ void sub_tw_niels_from_tw_extensible ( - struct tw_extensible_t* d, - const struct tw_niels_t* e + tw_extensible_a_t d, + const tw_niels_a_t e ); /** @@ -177,8 +177,8 @@ sub_tw_niels_from_tw_extensible ( */ void add_tw_pniels_to_tw_extensible ( - struct tw_extensible_t* e, - const struct tw_pniels_t* a + tw_extensible_a_t e, + const tw_pniels_a_t a ); /** @@ -187,8 +187,8 @@ add_tw_pniels_to_tw_extensible ( */ void sub_tw_pniels_from_tw_extensible ( - struct tw_extensible_t* e, - const struct tw_pniels_t* a + tw_extensible_a_t e, + const tw_pniels_a_t a ); /** @@ -196,7 +196,7 @@ sub_tw_pniels_from_tw_extensible ( */ void double_tw_extensible ( - struct tw_extensible_t* a + tw_extensible_a_t a ); /** @@ -204,7 +204,7 @@ double_tw_extensible ( */ void double_extensible ( - struct extensible_t* a + extensible_a_t a ); /** @@ -214,8 +214,8 @@ double_extensible ( */ void twist_and_double ( - struct tw_extensible_t* b, - const struct extensible_t* a + tw_extensible_a_t b, + const extensible_a_t a ); /** @@ -225,61 +225,61 @@ twist_and_double ( */ void untwist_and_double ( - struct extensible_t* b, - const struct tw_extensible_t* a + extensible_a_t b, + const tw_extensible_a_t a ); void convert_tw_affine_to_tw_pniels ( - struct tw_pniels_t* b, - const struct tw_affine_t* a + tw_pniels_a_t b, + const tw_affine_a_t a ); void convert_tw_affine_to_tw_extensible ( - struct tw_extensible_t* b, - const struct tw_affine_t* a + tw_extensible_a_t b, + const tw_affine_a_t a ); void convert_affine_to_extensible ( - struct extensible_t* b, - const struct affine_t* a + extensible_a_t b, + const affine_a_t a ); void convert_tw_extensible_to_tw_pniels ( - struct tw_pniels_t* b, - const struct tw_extensible_t* a + tw_pniels_a_t b, + const tw_extensible_a_t a ); void convert_tw_pniels_to_tw_extensible ( - struct tw_extensible_t* e, - const struct tw_pniels_t* d + tw_extensible_a_t e, + const tw_pniels_a_t d ); void convert_tw_niels_to_tw_extensible ( - struct tw_extensible_t* e, - const struct tw_niels_t* d + tw_extensible_a_t e, + const tw_niels_a_t d ); void montgomery_step ( - struct montgomery_t* a + montgomery_a_t a ); void deserialize_montgomery ( - struct montgomery_t* a, + montgomery_a_t a, const field_a_t sbz ); mask_t serialize_montgomery ( field_a_t b, - const struct montgomery_t* a, + const montgomery_a_t a, const field_a_t sbz ); @@ -297,7 +297,7 @@ serialize_montgomery ( void serialize_extensible ( field_a_t b, - const struct extensible_t* a + const extensible_a_t a ); /** @@ -306,7 +306,7 @@ serialize_extensible ( void untwist_and_double_and_serialize ( field_a_t b, - const struct tw_extensible_t* a + const tw_extensible_a_t a ); /** @@ -320,8 +320,8 @@ untwist_and_double_and_serialize ( */ void twist_even ( - struct tw_extensible_t* b, - const struct extensible_t* a + tw_extensible_a_t b, + const extensible_a_t a ); /** @@ -339,8 +339,8 @@ twist_even ( */ void test_only_twist ( - struct tw_extensible_t* b, - const struct extensible_t* a + tw_extensible_a_t b, + const extensible_a_t a ); mask_t @@ -350,12 +350,12 @@ field_is_square ( mask_t is_even_pt ( - const struct extensible_t* a + const extensible_a_t a ); mask_t is_even_tw ( - const struct tw_extensible_t* a + const tw_extensible_a_t a ); /** @@ -363,7 +363,7 @@ is_even_tw ( */ mask_t deserialize_affine ( - struct affine_t* a, + affine_a_t a, const field_a_t sz ); @@ -376,52 +376,52 @@ deserialize_affine ( */ mask_t deserialize_and_twist_approx ( - struct tw_extensible_t* a, + tw_extensible_a_t a, const field_a_t sz ); void set_identity_extensible ( - struct extensible_t* a + extensible_a_t a ); void set_identity_tw_extensible ( - struct tw_extensible_t* a + tw_extensible_a_t a ); void set_identity_affine ( - struct affine_t* a + affine_a_t a ); mask_t eq_affine ( - const struct affine_t* a, - const struct affine_t* b + const affine_a_t a, + const affine_a_t b ); mask_t eq_extensible ( - const struct extensible_t* a, - const struct extensible_t* b + const extensible_a_t a, + const extensible_a_t b ); mask_t eq_tw_extensible ( - const struct tw_extensible_t* a, - const struct tw_extensible_t* b + const tw_extensible_a_t a, + const tw_extensible_a_t b ); void elligator_2s_inject ( - struct affine_t* a, + affine_a_t a, const field_a_t r ); mask_t validate_affine ( - const struct affine_t* a + const affine_a_t a ); /** @@ -431,7 +431,7 @@ validate_affine ( */ mask_t validate_tw_extensible ( - const struct tw_extensible_t* ext + const tw_extensible_a_t ext ); /** @@ -441,7 +441,7 @@ validate_tw_extensible ( */ mask_t validate_extensible ( - const struct extensible_t* ext + const extensible_a_t ext ); /** @@ -450,7 +450,7 @@ validate_extensible ( static __inline__ void __attribute__((unused)) cond_negate_tw_niels ( - struct tw_niels_t *n, + tw_niels_a_t n, mask_t doNegate ) { constant_time_cond_swap(n->a, n->b, sizeof(n->a), doNegate); @@ -463,16 +463,16 @@ cond_negate_tw_niels ( static __inline__ void __attribute__((unused)) cond_negate_tw_pniels ( - struct tw_pniels_t *n, + tw_pniels_a_t n, mask_t doNegate ) { - cond_negate_tw_niels(&n->n, doNegate); + cond_negate_tw_niels(n->n, doNegate); } void copy_affine ( - struct affine_t* a, - const struct affine_t* ds + affine_a_t a, + const affine_a_t ds ) { field_copy ( a->x, ds->x ); field_copy ( a->y, ds->y ); @@ -480,8 +480,8 @@ copy_affine ( void copy_tw_affine ( - struct tw_affine_t* a, - const struct tw_affine_t* ds + tw_affine_a_t a, + const tw_affine_a_t ds ) { field_copy ( a->x, ds->x ); field_copy ( a->y, ds->y ); @@ -489,8 +489,8 @@ copy_tw_affine ( void copy_montgomery ( - struct montgomery_t* a, - const struct montgomery_t* ds + montgomery_a_t a, + const montgomery_a_t ds ) { field_copy ( a->z0, ds->z0 ); field_copy ( a->xd, ds->xd ); @@ -501,8 +501,8 @@ copy_montgomery ( void copy_extensible ( - struct extensible_t* a, - const struct extensible_t* ds + extensible_a_t a, + const extensible_a_t ds ) { field_copy ( a->x, ds->x ); field_copy ( a->y, ds->y ); @@ -513,8 +513,8 @@ copy_extensible ( void copy_tw_extensible ( - struct tw_extensible_t* a, - const struct tw_extensible_t* ds + tw_extensible_a_t a, + const tw_extensible_a_t ds ) { field_copy ( a->x, ds->x ); field_copy ( a->y, ds->y ); @@ -525,8 +525,8 @@ copy_tw_extensible ( void copy_tw_niels ( - struct tw_niels_t* a, - const struct tw_niels_t* ds + tw_niels_a_t a, + const tw_niels_a_t ds ) { field_copy ( a->a, ds->a ); field_copy ( a->b, ds->b ); @@ -535,10 +535,10 @@ copy_tw_niels ( void copy_tw_pniels ( - struct tw_pniels_t* a, - const struct tw_pniels_t* ds + tw_pniels_a_t a, + const tw_pniels_a_t ds ) { - copy_tw_niels( &a->n, &ds->n ); + copy_tw_niels( a->n, ds->n ); field_copy ( a->z, ds->z ); } diff --git a/src/include/magic.h b/src/include/magic.h index 1627a6b..1d186f2 100644 --- a/src/include/magic.h +++ b/src/include/magic.h @@ -50,7 +50,7 @@ extern const field_a_t sqrt_d_minus_1; /** * @brief The base point for Goldilocks. */ -extern const struct affine_t goldilocks_base_point; +extern const affine_a_t goldilocks_base_point; /** * @brief The Goldilocks prime subgroup order. diff --git a/src/include/scalarmul.h b/src/include/scalarmul.h index ecb1782..dab8a99 100644 --- a/src/include/scalarmul.h +++ b/src/include/scalarmul.h @@ -30,7 +30,7 @@ typedef word_t scalar_t[SCALAR_WORDS]; */ struct fixed_base_table_t { /** Comb tables containing multiples of the base point. */ - struct tw_niels_t *table; + tw_niels_a_t *table; /** Adjustments to the scalar in even and odd cases, respectively. */ word_t scalar_adjustments[2*SCALAR_WORDS]; @@ -109,7 +109,7 @@ montgomery_ladder ( */ void scalarmul ( - struct tw_extensible_t *working, + tw_extensible_a_t working, const word_t scalar[SCALAR_WORDS] /* TODO? int nbits */ ); @@ -130,7 +130,7 @@ scalarmul ( */ void scalarmul_vlook ( - struct tw_extensible_t *working, + tw_extensible_a_t working, const word_t scalar[SCALAR_WORDS] ); @@ -161,11 +161,11 @@ scalarmul_vlook ( mask_t precompute_fixed_base ( struct fixed_base_table_t *out, - const struct tw_extensible_t *base, + const tw_extensible_a_t base, unsigned int n, unsigned int t, unsigned int s, - struct tw_niels_t *prealloc + tw_niels_a_t *prealloc ) __attribute__((warn_unused_result)); /** @@ -197,7 +197,7 @@ destroy_fixed_base ( */ mask_t scalarmul_fixed_base ( - struct tw_extensible_t *out, + tw_extensible_a_t out, const word_t *scalar, unsigned int nbits, const struct fixed_base_table_t *table @@ -215,7 +215,7 @@ scalarmul_fixed_base ( */ void scalarmul_vt ( - struct tw_extensible_t *working, + tw_extensible_a_t working, const word_t *scalar, unsigned int nbits ); @@ -236,8 +236,8 @@ scalarmul_vt ( */ mask_t precompute_fixed_base_wnaf ( - struct tw_niels_t *out, - const struct tw_extensible_t *base, + tw_niels_a_t *out, + const tw_extensible_a_t base, unsigned int tbits ) __attribute__((warn_unused_result)); @@ -256,10 +256,10 @@ precompute_fixed_base_wnaf ( */ void scalarmul_fixed_base_wnaf_vt ( - struct tw_extensible_t *out, + tw_extensible_a_t out, const word_t *scalar, unsigned int nbits, - const struct tw_niels_t *precmp, + const tw_niels_a_t *precmp, unsigned int table_bits ); @@ -281,12 +281,12 @@ scalarmul_fixed_base_wnaf_vt ( */ void linear_combo_var_fixed_vt ( - struct tw_extensible_t *working, + tw_extensible_a_t working, const word_t scalar_var[SCALAR_WORDS], unsigned int nbits_var, const word_t scalar_pre[SCALAR_WORDS], unsigned int nbits_pre, - const struct tw_niels_t *precmp, + const tw_niels_a_t *precmp, unsigned int table_bits_pre ); @@ -309,7 +309,7 @@ linear_combo_var_fixed_vt ( */ mask_t linear_combo_combs_vt ( - struct tw_extensible_t *out, + tw_extensible_a_t out, const word_t scalar1[SCALAR_WORDS], unsigned int nbits1, const struct fixed_base_table_t *table1, diff --git a/src/include/sha512.h b/src/include/sha512.h index 760e31e..807f73d 100644 --- a/src/include/sha512.h +++ b/src/include/sha512.h @@ -17,28 +17,28 @@ extern "C" { * * This structure is opaque. */ -struct sha512_ctx_t { +typedef struct { /** @privatesection */ uint64_t chain[8]; uint8_t block[128]; uint64_t nbytes; -}; +} sha512_ctx_a_t[1]; void sha512_init ( - struct sha512_ctx_t *ctx + sha512_ctx_a_t ctx ); void sha512_update ( - struct sha512_ctx_t *ctx, + sha512_ctx_a_t ctx, const unsigned char *data, uint64_t bytes ); void sha512_final ( - struct sha512_ctx_t *ctx, + sha512_ctx_a_t ctx, uint8_t result[SHA512_OUTPUT_BYTES] ); diff --git a/src/p448/magic.c b/src/p448/magic.c index 20c5fa5..74b433c 100644 --- a/src/p448/magic.c +++ b/src/p448/magic.c @@ -33,7 +33,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = { U64LE(0x0000000000000000) }; -const struct affine_t goldilocks_base_point = { +const affine_a_t goldilocks_base_point = {{ #ifdef USE_NEON_PERM {{{ 0xaed939f,0xc59d070,0xf0de840,0x5f065c3, 0xf4ba0c7,0xdf73324,0xc170033,0x3a6a26a, 0x4c63d96,0x4609845,0xf3932d9,0x1b4faff, 0x6147eaa,0xa2692ff,0x9cecfa9,0x297ea0e @@ -46,7 +46,7 @@ const struct affine_t goldilocks_base_point = { }}}, #endif {{{ 19 }}} -}; +}}; static const word_t curve_prime_order_lo[(224+WORD_BITS-1)/WORD_BITS] = { U64LE(0xdc873d6d54a7bb0d), diff --git a/src/p480/magic.c b/src/p480/magic.c index 8615071..7ae8304 100644 --- a/src/p480/magic.c +++ b/src/p480/magic.c @@ -35,7 +35,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = { 0x00000000 }; -const struct affine_t goldilocks_base_point = { +const affine_a_t goldilocks_base_point = {{ {{{ U60LE(0x849ff7f845c30d3), U60LE(0x7dda488553a4c5b), @@ -47,7 +47,7 @@ const struct affine_t goldilocks_base_point = { U60LE(0x7ca42af3d564280) }}}, {{{ 5 }}} -}; +}}; static const word_t curve_prime_order_lo[(240+WORD_BITS-1)/WORD_BITS] = { U64LE(0x72e70941cf8da597), diff --git a/src/p521/magic.c b/src/p521/magic.c index f8ab264..4613958 100644 --- a/src/p521/magic.c +++ b/src/p521/magic.c @@ -38,7 +38,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = { 0x0 }; -const struct affine_t goldilocks_base_point = { +const affine_a_t goldilocks_base_point = {{ {{{ #ifdef USE_P521_3x3_TRANSPOSE U58LE(0x02a940a2f19ba6c), @@ -66,7 +66,7 @@ const struct affine_t goldilocks_base_point = { #endif }}}, {{{ 12 }}} -}; +}}; static const word_t curve_prime_order_lo[(261+WORD_BITS-1)/WORD_BITS] = { U64LE(0xbf15dbca0ae7f295), diff --git a/src/scalarmul.c b/src/scalarmul.c index cf95984..12925b2 100644 --- a/src/scalarmul.c +++ b/src/scalarmul.c @@ -21,8 +21,8 @@ montgomery_ladder ( unsigned int nbits, unsigned int n_extra_doubles ) { - struct montgomery_t mont; - deserialize_montgomery(&mont, in); + montgomery_a_t mont; + deserialize_montgomery(mont, in); int i,j,n=(nbits-1)%WORD_BITS; mask_t pflip = 0; @@ -30,29 +30,29 @@ montgomery_ladder ( word_t w = scalar[j]; for (i=n; i>=0; i--) { mask_t flip = -((w>>i)&1); - constant_time_cond_swap(mont.xa,mont.xd,sizeof(mont.xd),flip^pflip); - constant_time_cond_swap(mont.za,mont.zd,sizeof(mont.xd),flip^pflip); - montgomery_step(&mont); + constant_time_cond_swap(mont->xa,mont->xd,sizeof(mont->xd),flip^pflip); + constant_time_cond_swap(mont->za,mont->zd,sizeof(mont->xd),flip^pflip); + montgomery_step(mont); pflip = flip; } n = WORD_BITS-1; } - constant_time_cond_swap(mont.xa,mont.xd,sizeof(mont.xd),pflip); - constant_time_cond_swap(mont.za,mont.zd,sizeof(mont.xd),pflip); + constant_time_cond_swap(mont->xa,mont->xd,sizeof(mont->xd),pflip); + constant_time_cond_swap(mont->za,mont->zd,sizeof(mont->xd),pflip); assert(n_extra_doubles < INT_MAX); for (j=0; j<(int)n_extra_doubles; j++) { - montgomery_step(&mont); + montgomery_step(mont); } - return serialize_montgomery(out, &mont, in); + return serialize_montgomery(out, mont, in); } static __inline__ void __attribute__((unused,always_inline)) constant_time_lookup_tw_pniels ( - struct tw_pniels_t *out, - const struct tw_pniels_t *in, + tw_pniels_a_t out, + const tw_pniels_a_t *in, int nin, int idx ) { @@ -62,8 +62,8 @@ constant_time_lookup_tw_pniels ( static __inline__ void __attribute__((unused,always_inline)) constant_time_lookup_tw_niels ( - struct tw_niels_t *out, - const struct tw_niels_t *in, + tw_niels_a_t out, + const tw_niels_a_t *in, int nin, int idx ) { @@ -73,8 +73,8 @@ constant_time_lookup_tw_niels ( /* static __inline__ void constant_time_lookup_tw_pniels ( - struct tw_pniels_t *out, - const struct tw_pniels_t *in, + tw_pniels_a_t out, + const tw_pniels_a_t in, int nin, int idx ) { @@ -95,8 +95,8 @@ constant_time_lookup_tw_pniels ( static __inline__ void constant_time_lookup_tw_niels ( - struct tw_niels_t *out, - const struct tw_niels_t *in, + tw_niels_a_t out, + const tw_niels_a_t in, int nin, int idx ) { @@ -145,7 +145,7 @@ convert_to_signed_window_form ( void scalarmul ( - struct tw_extensible_t *working, + tw_extensible_a_t working, const word_t scalar[SCALAR_WORDS] ) { const int WINDOW = SCALARMUL_FIXED_WINDOW_SIZE, @@ -159,20 +159,20 @@ scalarmul ( SCALARMUL_FIXED_WINDOW_ADJUSTMENT, SCALAR_WORDS ); - struct tw_extensible_t tabulator; - copy_tw_extensible(&tabulator, working); - double_tw_extensible(&tabulator); + tw_extensible_a_t tabulator; + copy_tw_extensible(tabulator, working); + double_tw_extensible(tabulator); - struct tw_pniels_t - pn VECTOR_ALIGNED, - multiples[NTABLE] VECTOR_ALIGNED; - convert_tw_extensible_to_tw_pniels(&pn, &tabulator); - convert_tw_extensible_to_tw_pniels(&multiples[0], working); + tw_pniels_a_t + pn VECTOR_ALIGNED, + multiples[NTABLE] VECTOR_ALIGNED; + convert_tw_extensible_to_tw_pniels(pn, tabulator); + convert_tw_extensible_to_tw_pniels(multiples[0], working); int i,j; for (i=1; i>(WINDOW-1))-1; bits ^= inv; - constant_time_lookup_tw_pniels(&pn, multiples, NTABLE, bits & WINDOW_T_MASK); - cond_negate_tw_pniels(&pn, inv); - convert_tw_pniels_to_tw_extensible(working, &pn); + constant_time_lookup_tw_pniels(pn, multiples, NTABLE, bits & WINDOW_T_MASK); + cond_negate_tw_pniels(pn, inv); + convert_tw_pniels_to_tw_extensible(working, pn); for (i-=WINDOW; i>=0; i-=WINDOW) { @@ -200,15 +200,15 @@ scalarmul ( inv = (bits>>(WINDOW-1))-1; bits ^= inv; - constant_time_lookup_tw_pniels(&pn, multiples, NTABLE, bits & WINDOW_T_MASK); - cond_negate_tw_pniels(&pn, inv); - add_tw_pniels_to_tw_extensible(working, &pn); + constant_time_lookup_tw_pniels(pn, multiples, NTABLE, bits & WINDOW_T_MASK); + cond_negate_tw_pniels(pn, inv); + add_tw_pniels_to_tw_extensible(working, pn); } } void scalarmul_vlook ( - struct tw_extensible_t *working, + tw_extensible_a_t working, const word_t scalar[SCALAR_WORDS] ) { const int WINDOW = SCALARMUL_FIXED_WINDOW_SIZE, @@ -223,20 +223,20 @@ scalarmul_vlook ( ); - struct tw_extensible_t tabulator; - copy_tw_extensible(&tabulator, working); - double_tw_extensible(&tabulator); + tw_extensible_a_t tabulator; + copy_tw_extensible(tabulator, working); + double_tw_extensible(tabulator); - struct tw_pniels_t - pn VECTOR_ALIGNED, - multiples[NTABLE] VECTOR_ALIGNED; - convert_tw_extensible_to_tw_pniels(&pn, &tabulator); - convert_tw_extensible_to_tw_pniels(&multiples[0], working); + tw_pniels_a_t + pn VECTOR_ALIGNED, + multiples[NTABLE] VECTOR_ALIGNED; + convert_tw_extensible_to_tw_pniels(pn, tabulator); + convert_tw_extensible_to_tw_pniels(multiples[0], working); int i,j; for (i=1; i>(WINDOW-1))-1; bits ^= inv; - copy_tw_pniels(&pn, &multiples[bits & WINDOW_T_MASK]); - cond_negate_tw_pniels(&pn, inv); - convert_tw_pniels_to_tw_extensible(working, &pn); + copy_tw_pniels(pn, multiples[bits & WINDOW_T_MASK]); + cond_negate_tw_pniels(pn, inv); + convert_tw_pniels_to_tw_extensible(working, pn); for (i-=WINDOW; i>=0; i-=WINDOW) { @@ -264,9 +264,9 @@ scalarmul_vlook ( inv = (bits>>(WINDOW-1))-1; bits ^= inv; - copy_tw_pniels(&pn, &multiples[bits & WINDOW_T_MASK]); - cond_negate_tw_pniels(&pn, inv); - add_tw_pniels_to_tw_extensible(working, &pn); + copy_tw_pniels(pn, multiples[bits & WINDOW_T_MASK]); + cond_negate_tw_pniels(pn, inv); + add_tw_pniels_to_tw_extensible(working, pn); } } @@ -275,7 +275,7 @@ schedule_scalar_for_combs ( word_t *scalar2, const word_t *scalar, unsigned int nbits, - const struct fixed_base_table_t *table + const struct fixed_base_table_t* table ) { unsigned int i; unsigned int n = table->n, t = table->t, s = table->s; @@ -312,10 +312,10 @@ schedule_scalar_for_combs ( mask_t scalarmul_fixed_base ( - struct tw_extensible_t *out, + tw_extensible_a_t out, const word_t scalar[SCALAR_WORDS], unsigned int nbits, - const struct fixed_base_table_t *table + const struct fixed_base_table_t* table ) { unsigned int i,j,k; unsigned int n = table->n, t = table->t, s = table->s; @@ -332,7 +332,7 @@ scalarmul_fixed_base ( assert(t >= 1); #endif - struct tw_niels_t ni; + tw_niels_a_t ni; for (i=0; itable + (j<<(t-1)), 1<<(t-1), tab); - cond_negate_tw_niels(&ni, invert); + constant_time_lookup_tw_niels(ni, table->table + (j<<(t-1)), 1<<(t-1), tab); + cond_negate_tw_niels(ni, invert); if (i||j) { - add_tw_niels_to_tw_extensible(out, &ni); + add_tw_niels_to_tw_extensible(out, ni); } else { - convert_tw_niels_to_tw_extensible(out, &ni); + convert_tw_niels_to_tw_extensible(out, ni); } } } @@ -370,13 +370,13 @@ scalarmul_fixed_base ( mask_t linear_combo_combs_vt ( - struct tw_extensible_t *out, + tw_extensible_a_t out, const word_t scalar1[SCALAR_WORDS], unsigned int nbits1, - const struct fixed_base_table_t *table1, + const struct fixed_base_table_t* table1, const word_t scalar2[SCALAR_WORDS], unsigned int nbits2, - const struct fixed_base_table_t *table2 + const struct fixed_base_table_t* table2 ) { unsigned int i,j,k,sc; unsigned int s1 = table1->s, s2 = table2->s, smax = (s1 > s2) ? s1 : s2; @@ -402,7 +402,7 @@ linear_combo_combs_vt ( assert(table2->t >= 1); #endif - struct tw_niels_t ni; + tw_niels_a_t ni; unsigned int swords[2] = {scalar1b_words, scalar2b_words}, started = 0; word_t *scalars[2] = {scalar1b,scalar2b}; @@ -411,7 +411,7 @@ linear_combo_combs_vt ( if (i) double_tw_extensible(out); for (sc=0; sc<2; sc++) { - const struct fixed_base_table_t *table = sc ? table2 : table1; + const struct fixed_base_table_t* table = sc ? table2 : table1; int ii = i-smax+table->s; if (ii < 0) continue; @@ -432,13 +432,13 @@ linear_combo_combs_vt ( tab ^= invert; tab &= (1<<(table->t-1)) - 1; - copy_tw_niels(&ni, &table->table[tab + (j<<(table->t-1))]); - cond_negate_tw_niels(&ni,invert); + copy_tw_niels(ni, table->table[tab + (j<<(table->t-1))]); + cond_negate_tw_niels(ni,invert); if (started) { - add_tw_niels_to_tw_extensible(out, &ni); + add_tw_niels_to_tw_extensible(out, ni); } else { - convert_tw_niels_to_tw_extensible(out, &ni); + convert_tw_niels_to_tw_extensible(out, ni); started = 1; } @@ -454,12 +454,12 @@ linear_combo_combs_vt ( mask_t precompute_fixed_base ( - struct fixed_base_table_t *out, - const struct tw_extensible_t *base, + struct fixed_base_table_t* out, + const tw_extensible_a_t base, unsigned int n, unsigned int t, unsigned int s, - struct tw_niels_t *prealloc + tw_niels_a_t *prealloc ) { if (s < 1 || t < 1 || n < 1 || n*t*s < SCALAR_BITS) { really_memset(out, 0, sizeof(*out)); @@ -470,19 +470,19 @@ precompute_fixed_base ( out->t = t; out->s = s; - struct tw_extensible_t working, start; - copy_tw_extensible(&working, base); - struct tw_pniels_t pn_tmp; + tw_extensible_a_t working, start; + copy_tw_extensible(working, base); + tw_pniels_a_t pn_tmp; - struct tw_pniels_t *doubles = (struct tw_pniels_t *) malloc_vector(sizeof(*doubles) * (t-1)); + tw_pniels_a_t *doubles = (tw_pniels_a_t *) malloc_vector(sizeof(*doubles) * (t-1)); field_a_t *zs = (field_a_t *) malloc_vector(sizeof(*zs) * (n<<(t-1))); field_a_t *zis = (field_a_t *) malloc_vector(sizeof(*zis) * (n<<(t-1))); - struct tw_niels_t *table = prealloc; + tw_niels_a_t *table = prealloc; if (prealloc) { out->own_table = 0; } else { - table = (struct tw_niels_t *) malloc_vector(sizeof(*table) * (n<<(t-1))); + table = (tw_niels_a_t *) malloc_vector(sizeof(*table) * (n<<(t-1))); out->own_table = 1; } out->table = table; @@ -535,23 +535,23 @@ precompute_fixed_base ( /* doubling phase */ for (j=0; j>1); int idx = (((i+1)<<(t-1))-1) ^ gray; - convert_tw_extensible_to_tw_pniels(&pn_tmp, &start); - copy_tw_niels(&table[idx], &pn_tmp.n); - field_copy(zs[idx], pn_tmp.z); + convert_tw_extensible_to_tw_pniels(pn_tmp, start); + copy_tw_niels(table[idx], pn_tmp->n); + field_copy(zs[idx], pn_tmp->z); if (j >= (1u<<(t-1)) - 1) break; int delta = (j+1) ^ ((j+1)>>1) ^ gray; @@ -572,10 +572,10 @@ precompute_fixed_base ( if (gray & (1<a, zis[i]); field_strong_reduce(product); - field_copy(table[i].a, product); + field_copy(table[i]->a, product); - field_mul(product, table[i].b, zis[i]); + field_mul(product, table[i]->b, zis[i]); field_strong_reduce(product); - field_copy(table[i].b, product); + field_copy(table[i]->b, product); - field_mul(product, table[i].c, zis[i]); + field_mul(product, table[i]->c, zis[i]); field_strong_reduce(product); - field_copy(table[i].c, product); + field_copy(table[i]->c, product); } mask_t ret = ~field_is_zero(zis[0]); @@ -617,7 +617,7 @@ precompute_fixed_base ( void destroy_fixed_base ( - struct fixed_base_table_t *table + struct fixed_base_table_t* table ) { if (table->table) { really_memset(table->table,0,sizeof(*table->table)*(table->n<<(table->t-1))); @@ -630,8 +630,8 @@ destroy_fixed_base ( mask_t precompute_fixed_base_wnaf ( - struct tw_niels_t *out, - const struct tw_extensible_t *const_base, + tw_niels_a_t *out, + const tw_extensible_a_t const_base, unsigned int tbits ) { int i; @@ -644,29 +644,29 @@ precompute_fixed_base_wnaf ( return 0; } - struct tw_extensible_t base; - copy_tw_extensible(&base,const_base); + tw_extensible_a_t base; + copy_tw_extensible(base,const_base); - struct tw_pniels_t twop, tmp; + tw_pniels_a_t twop, tmp; - convert_tw_extensible_to_tw_pniels(&tmp, &base); - field_copy(zs[0], tmp.z); - copy_tw_niels(&out[0], &tmp.n); + convert_tw_extensible_to_tw_pniels(tmp, base); + field_copy(zs[0], tmp->z); + copy_tw_niels(out[0], tmp->n); if (tbits > 0) { - double_tw_extensible(&base); - convert_tw_extensible_to_tw_pniels(&twop, &base); - add_tw_pniels_to_tw_extensible(&base, &tmp); + double_tw_extensible(base); + convert_tw_extensible_to_tw_pniels(twop, base); + add_tw_pniels_to_tw_extensible(base, tmp); - convert_tw_extensible_to_tw_pniels(&tmp, &base); - field_copy(zs[1], tmp.z); - copy_tw_niels(&out[1], &tmp.n); + convert_tw_extensible_to_tw_pniels(tmp, base); + field_copy(zs[1], tmp->z); + copy_tw_niels(out[1], tmp->n); for (i=2; i < 1<z); + copy_tw_niels(out[i], tmp->n); } } @@ -674,17 +674,17 @@ precompute_fixed_base_wnaf ( field_a_t product; for (i=0; i<1<a, zis[i]); field_strong_reduce(product); - field_copy(out[i].a, product); + field_copy(out[i]->a, product); - field_mul(product, out[i].b, zis[i]); + field_mul(product, out[i]->b, zis[i]); field_strong_reduce(product); - field_copy(out[i].b, product); + field_copy(out[i]->b, product); - field_mul(product, out[i].c, zis[i]); + field_mul(product, out[i]->c, zis[i]); field_strong_reduce(product); - field_copy(out[i].c, product); + field_copy(out[i]->c, product); } free(zs); @@ -760,31 +760,31 @@ recode_wnaf( static void prepare_wnaf_table( - struct tw_pniels_t *output, - struct tw_extensible_t *working, + tw_pniels_a_t *output, + tw_extensible_a_t working, unsigned int tbits ) { int i; - convert_tw_extensible_to_tw_pniels(&output[0], working); + convert_tw_extensible_to_tw_pniels(output[0], working); if (tbits == 0) return; double_tw_extensible(working); - struct tw_pniels_t twop; - convert_tw_extensible_to_tw_pniels(&twop, working); + tw_pniels_a_t twop; + convert_tw_extensible_to_tw_pniels(twop, working); - add_tw_pniels_to_tw_extensible(working, &output[0]); - convert_tw_extensible_to_tw_pniels(&output[1], working); + add_tw_pniels_to_tw_extensible(working, output[0]); + convert_tw_extensible_to_tw_pniels(output[1], working); for (i=2; i < 1< 0) { assert(control[0].addend > 0); assert(control[0].power >= 0); - convert_tw_pniels_to_tw_extensible(working, &precmp[control[0].addend >> 1]); + convert_tw_pniels_to_tw_extensible(working, precmp[control[0].addend >> 1]); } else { set_identity_tw_extensible(working); return; @@ -813,9 +813,9 @@ scalarmul_vt ( assert(control[conti].addend); if (control[conti].addend > 0) { - add_tw_pniels_to_tw_extensible(working, &precmp[control[conti].addend >> 1]); + add_tw_pniels_to_tw_extensible(working, precmp[control[conti].addend >> 1]); } else { - sub_tw_pniels_from_tw_extensible(working, &precmp[(-control[conti].addend) >> 1]); + sub_tw_pniels_from_tw_extensible(working, precmp[(-control[conti].addend) >> 1]); } conti++; assert(conti <= control_bits); @@ -825,10 +825,10 @@ scalarmul_vt ( void scalarmul_fixed_base_wnaf_vt ( - struct tw_extensible_t *working, + tw_extensible_a_t working, const word_t scalar[SCALAR_WORDS], unsigned int nbits, - const struct tw_niels_t *precmp, + const tw_niels_a_t *precmp, unsigned int table_bits ) { struct smvt_control control[nbits/(table_bits+1)+3]; @@ -838,7 +838,7 @@ scalarmul_fixed_base_wnaf_vt ( if (control_bits > 0) { assert(control[0].addend > 0); assert(control[0].power >= 0); - convert_tw_niels_to_tw_extensible(working, &precmp[control[0].addend >> 1]); + convert_tw_niels_to_tw_extensible(working, precmp[control[0].addend >> 1]); } else { set_identity_tw_extensible(working); return; @@ -853,9 +853,9 @@ scalarmul_fixed_base_wnaf_vt ( assert(control[conti].addend); if (control[conti].addend > 0) { - add_tw_niels_to_tw_extensible(working, &precmp[control[conti].addend >> 1]); + add_tw_niels_to_tw_extensible(working, precmp[control[conti].addend >> 1]); } else { - sub_tw_niels_from_tw_extensible(working, &precmp[(-control[conti].addend) >> 1]); + sub_tw_niels_from_tw_extensible(working, precmp[(-control[conti].addend) >> 1]); } } @@ -866,12 +866,12 @@ scalarmul_fixed_base_wnaf_vt ( void linear_combo_var_fixed_vt( - struct tw_extensible_t *working, + tw_extensible_a_t working, const word_t scalar_var[SCALAR_WORDS], unsigned int nbits_var, const word_t scalar_pre[SCALAR_WORDS], unsigned int nbits_pre, - const struct tw_niels_t *precmp, + const tw_niels_a_t *precmp, unsigned int table_bits_pre ) { const int table_bits_var = SCALARMUL_WNAF_COMBO_TABLE_BITS; @@ -883,22 +883,22 @@ linear_combo_var_fixed_vt( (void)ncb_var; (void)ncb_pre; - struct tw_pniels_t precmp_var[1< control_pre[0].power) { - convert_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[0].addend >> 1]); + convert_tw_pniels_to_tw_extensible(working, precmp_var[control_var[0].addend >> 1]); contv++; } else if (i == control_pre[0].power && i >=0 ) { - convert_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[0].addend >> 1]); - add_tw_niels_to_tw_extensible(working, &precmp[control_pre[0].addend >> 1]); + convert_tw_pniels_to_tw_extensible(working, precmp_var[control_var[0].addend >> 1]); + add_tw_niels_to_tw_extensible(working, precmp[control_pre[0].addend >> 1]); contv++; contp++; } else { i = control_pre[0].power; - convert_tw_niels_to_tw_extensible(working, &precmp[control_pre[0].addend >> 1]); + convert_tw_niels_to_tw_extensible(working, precmp[control_pre[0].addend >> 1]); contp++; } @@ -914,9 +914,9 @@ linear_combo_var_fixed_vt( assert(control_var[contv].addend); if (control_var[contv].addend > 0) { - add_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[contv].addend >> 1]); + add_tw_pniels_to_tw_extensible(working, precmp_var[control_var[contv].addend >> 1]); } else { - sub_tw_pniels_from_tw_extensible(working, &precmp_var[(-control_var[contv].addend) >> 1]); + sub_tw_pniels_from_tw_extensible(working, precmp_var[(-control_var[contv].addend) >> 1]); } contv++; } @@ -925,9 +925,9 @@ linear_combo_var_fixed_vt( assert(control_pre[contp].addend); if (control_pre[contp].addend > 0) { - add_tw_niels_to_tw_extensible(working, &precmp[control_pre[contp].addend >> 1]); + add_tw_niels_to_tw_extensible(working, precmp[control_pre[contp].addend >> 1]); } else { - sub_tw_niels_from_tw_extensible(working, &precmp[(-control_pre[contp].addend) >> 1]); + sub_tw_niels_from_tw_extensible(working, precmp[(-control_pre[contp].addend) >> 1]); } contp++; } diff --git a/src/sha512.c b/src/sha512.c index 82f81ad..9a11bd0 100644 --- a/src/sha512.c +++ b/src/sha512.c @@ -72,7 +72,7 @@ static inline uint64_t maj(uint64_t h1, uint64_t h2, uint64_t h3) { static void sha512_process_block ( - struct sha512_ctx_t *ctx + sha512_ctx_a_t ctx ) { uint64_t i, tmp, a, b, *w = (uint64_t *) ctx->block, @@ -119,7 +119,7 @@ sha512_process_block ( void sha512_init ( - struct sha512_ctx_t *ctx + sha512_ctx_a_t ctx ) { ctx->nbytes = 0; memcpy(ctx->chain, sha512_init_state, sizeof(sha512_init_state)); @@ -128,7 +128,7 @@ sha512_init ( void sha512_update ( - struct sha512_ctx_t *ctx, + sha512_ctx_a_t ctx, const unsigned char *data, uint64_t bytes ) { @@ -153,7 +153,7 @@ sha512_update ( void sha512_final ( - struct sha512_ctx_t *ctx, + sha512_ctx_a_t ctx, uint8_t result[64] ) { uint64_t fill = ctx->nbytes % 128, i; diff --git a/test/bench.c b/test/bench.c index 350415b..2c16c65 100644 --- a/test/bench.c +++ b/test/bench.c @@ -146,19 +146,19 @@ int main(int argc, char **argv) { when = now() - when; printf("rand448: %5.1fns\n", when * 1e9 / i); - struct sha512_ctx_t sha; + sha512_ctx_a_t sha; uint8_t hashout[128]; when = now(); for (i=0; i