From 1f54f5c8edd589a2184720b49fc13c47813e9154 Mon Sep 17 00:00:00 2001 From: Michael Hamburg Date: Fri, 5 Feb 2016 11:28:46 -0800 Subject: [PATCH] change __attribute__((nonnull(list of pointers))) to __attribute__((nonnull)) --- src/per_curve/crypto.tmpl.h | 16 +++--- src/per_curve/decaf.tmpl.h | 80 ++++++++++++++-------------- src/public_include/decaf/common.h | 12 ++--- src/public_include/decaf/shake.h | 24 ++++----- src/public_include/decaf/spongerng.h | 6 +-- src/public_include/decaf/strobe.h | 28 +++++----- 6 files changed, 80 insertions(+), 86 deletions(-) diff --git a/src/per_curve/crypto.tmpl.h b/src/per_curve/crypto.tmpl.h index 39cab3e..01b0d4e 100644 --- a/src/per_curve/crypto.tmpl.h +++ b/src/per_curve/crypto.tmpl.h @@ -49,14 +49,14 @@ typedef struct { void $(c_ns)_derive_private_key ( $(c_ns)_private_key_t priv, const $(c_ns)_symmetric_key_t proto -) NONNULL2 API_VIS; +) NONNULL API_VIS; /** * Destroy a private key. */ void $(c_ns)_destroy_private_key ( $(c_ns)_private_key_t priv -) NONNULL1 API_VIS; +) NONNULL API_VIS; /** * Convert a private key to a public one. @@ -66,7 +66,7 @@ void $(c_ns)_destroy_private_key ( void $(c_ns)_private_to_public ( $(c_ns)_public_key_t pub, const $(c_ns)_private_key_t priv -) NONNULL2 API_VIS; +) NONNULL API_VIS; /** * Compute a Diffie-Hellman shared secret. @@ -90,7 +90,7 @@ $(c_ns)_shared_secret ( const $(c_ns)_private_key_t my_privkey, const $(c_ns)_public_key_t your_pubkey, int me_first -) NONNULL134 WARN_UNUSED API_VIS; +) NONNULL WARN_UNUSED API_VIS; /** * Sign a message from a STROBE context. @@ -104,7 +104,7 @@ $(c_ns)_sign_strobe ( keccak_strobe_t strobe, $(c_ns)_signature_t sig, const $(c_ns)_private_key_t priv -) NONNULL3 API_VIS; +) NONNULL API_VIS; /** * Sign a message. @@ -120,7 +120,7 @@ $(c_ns)_sign ( const $(c_ns)_private_key_t priv, const unsigned char *message, size_t message_len -) NONNULL3 API_VIS; +) NONNULL API_VIS; /** * Verify a signed message from its STROBE context. @@ -137,7 +137,7 @@ $(c_ns)_verify_strobe ( keccak_strobe_t strobe, const $(c_ns)_signature_t sig, const $(c_ns)_public_key_t pub -) NONNULL3 API_VIS WARN_UNUSED; +) NONNULL API_VIS WARN_UNUSED; /** * Verify a signed message. @@ -156,7 +156,7 @@ $(c_ns)_verify ( const $(c_ns)_public_key_t pub, const unsigned char *message, size_t message_len -) NONNULL3 API_VIS WARN_UNUSED; +) NONNULL API_VIS WARN_UNUSED; #ifdef __cplusplus } /* extern "C" */ diff --git a/src/per_curve/decaf.tmpl.h b/src/per_curve/decaf.tmpl.h index 1444f56..5106b69 100644 --- a/src/per_curve/decaf.tmpl.h +++ b/src/per_curve/decaf.tmpl.h @@ -93,7 +93,7 @@ extern const struct $(c_ns)_precomputed_s *$(c_ns)_precomputed_base API_VIS; decaf_error_t $(c_ns)_scalar_decode ( $(c_ns)_scalar_t out, const unsigned char ser[$(C_NS)_SCALAR_BYTES] -) API_VIS WARN_UNUSED NONNULL2 NOINLINE; +) API_VIS WARN_UNUSED NONNULL NOINLINE; /** * @brief Read a scalar from wire format or from bytes. Reduces mod @@ -107,7 +107,7 @@ void $(c_ns)_scalar_decode_long ( $(c_ns)_scalar_t out, const unsigned char *ser, size_t ser_len -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Serialize a scalar to wire format. @@ -118,7 +118,7 @@ void $(c_ns)_scalar_decode_long ( void $(c_ns)_scalar_encode ( unsigned char ser[$(C_NS)_SCALAR_BYTES], const $(c_ns)_scalar_t s -) API_VIS NONNULL2 NOINLINE NOINLINE; +) API_VIS NONNULL NOINLINE NOINLINE; /** * @brief Add two scalars. The scalars may use the same memory. @@ -130,7 +130,7 @@ void $(c_ns)_scalar_add ( $(c_ns)_scalar_t out, const $(c_ns)_scalar_t a, const $(c_ns)_scalar_t b -) API_VIS NONNULL3 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Compare two scalars. @@ -142,7 +142,7 @@ void $(c_ns)_scalar_add ( decaf_bool_t $(c_ns)_scalar_eq ( const $(c_ns)_scalar_t a, const $(c_ns)_scalar_t b -) API_VIS WARN_UNUSED NONNULL2 NOINLINE; +) API_VIS WARN_UNUSED NONNULL NOINLINE; /** * @brief Subtract two scalars. The scalars may use the same memory. @@ -154,7 +154,7 @@ void $(c_ns)_scalar_sub ( $(c_ns)_scalar_t out, const $(c_ns)_scalar_t a, const $(c_ns)_scalar_t b -) API_VIS NONNULL3 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Multiply two scalars. The scalars may use the same memory. @@ -166,7 +166,7 @@ void $(c_ns)_scalar_mul ( $(c_ns)_scalar_t out, const $(c_ns)_scalar_t a, const $(c_ns)_scalar_t b -) API_VIS NONNULL3 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Halve a scalar. The scalars may use the same memory. @@ -176,7 +176,7 @@ void $(c_ns)_scalar_mul ( void $(c_ns)_scalar_halve ( $(c_ns)_scalar_t out, const $(c_ns)_scalar_t a -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Invert a scalar. When passed zero, return 0. The input and output may alias. @@ -187,7 +187,7 @@ void $(c_ns)_scalar_halve ( decaf_error_t $(c_ns)_scalar_invert ( $(c_ns)_scalar_t out, const $(c_ns)_scalar_t a -) API_VIS WARN_UNUSED NONNULL2 NOINLINE; +) API_VIS WARN_UNUSED NONNULL NOINLINE; /** * @brief Copy a scalar. The scalars may use the same memory, in which @@ -195,7 +195,7 @@ decaf_error_t $(c_ns)_scalar_invert ( * @param [in] a A scalar. * @param [out] out Will become a copy of a. */ -static inline void NONNULL2 $(c_ns)_scalar_copy ( +static inline void NONNULL $(c_ns)_scalar_copy ( $(c_ns)_scalar_t out, const $(c_ns)_scalar_t a ) { @@ -210,7 +210,7 @@ static inline void NONNULL2 $(c_ns)_scalar_copy ( void $(c_ns)_scalar_set_unsigned ( $(c_ns)_scalar_t out, uint64_t a -) API_VIS NONNULL1; +) API_VIS NONNULL; /** * @brief Encode a point as a sequence of bytes. @@ -221,7 +221,7 @@ void $(c_ns)_scalar_set_unsigned ( void $(c_ns)_point_encode ( uint8_t ser[$(C_NS)_SER_BYTES], const $(c_ns)_point_t pt -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Decode a point from a sequence of bytes. @@ -241,7 +241,7 @@ decaf_error_t $(c_ns)_point_decode ( $(c_ns)_point_t pt, const uint8_t ser[$(C_NS)_SER_BYTES], decaf_bool_t allow_identity -) API_VIS WARN_UNUSED NONNULL2 NOINLINE; +) API_VIS WARN_UNUSED NONNULL NOINLINE; /** * @brief Copy a point. The input and output may alias, @@ -250,7 +250,7 @@ decaf_error_t $(c_ns)_point_decode ( * @param [out] a A copy of the point. * @param [in] b Any point. */ -static inline void NONNULL2 $(c_ns)_point_copy ( +static inline void NONNULL $(c_ns)_point_copy ( $(c_ns)_point_t a, const $(c_ns)_point_t b ) { @@ -269,7 +269,7 @@ static inline void NONNULL2 $(c_ns)_point_copy ( decaf_bool_t $(c_ns)_point_eq ( const $(c_ns)_point_t a, const $(c_ns)_point_t b -) API_VIS WARN_UNUSED NONNULL2 NOINLINE; +) API_VIS WARN_UNUSED NONNULL NOINLINE; /** * @brief Add two points to produce a third point. The @@ -284,7 +284,7 @@ void $(c_ns)_point_add ( $(c_ns)_point_t sum, const $(c_ns)_point_t a, const $(c_ns)_point_t b -) API_VIS NONNULL3; +) API_VIS NONNULL; /** * @brief Double a point. Equivalent to @@ -296,7 +296,7 @@ void $(c_ns)_point_add ( void $(c_ns)_point_double ( $(c_ns)_point_t two_a, const $(c_ns)_point_t a -) API_VIS NONNULL2; +) API_VIS NONNULL; /** * @brief Subtract two points to produce a third point. The @@ -311,7 +311,7 @@ void $(c_ns)_point_sub ( $(c_ns)_point_t diff, const $(c_ns)_point_t a, const $(c_ns)_point_t b -) API_VIS NONNULL3; +) API_VIS NONNULL; /** * @brief Negate a point to produce another point. The input @@ -323,7 +323,7 @@ void $(c_ns)_point_sub ( void $(c_ns)_point_negate ( $(c_ns)_point_t nega, const $(c_ns)_point_t a -) API_VIS NONNULL2; +) API_VIS NONNULL; /** * @brief Multiply a base point by a scalar: scaled = scalar*base. @@ -336,7 +336,7 @@ void $(c_ns)_point_scalarmul ( $(c_ns)_point_t scaled, const $(c_ns)_point_t base, const $(c_ns)_scalar_t scalar -) API_VIS NONNULL3 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Multiply a base point by a scalar: scaled = scalar*base. @@ -361,7 +361,7 @@ decaf_error_t $(c_ns)_direct_scalarmul ( const $(c_ns)_scalar_t scalar, decaf_bool_t allow_identity, decaf_bool_t short_circuit -) API_VIS NONNULL3 WARN_UNUSED NOINLINE; +) API_VIS NONNULL WARN_UNUSED NOINLINE; /** * @brief RFC 7748 Diffie-Hellman scalarmul. This function uses a different @@ -379,7 +379,7 @@ decaf_error_t $(c_ns)_x_direct_scalarmul ( /* TODO: rename? */ uint8_t out[X$(gf_shortname)_PUBLIC_BYTES], const uint8_t base[X$(gf_shortname)_PUBLIC_BYTES], const uint8_t scalar[X$(gf_shortname)_PRIVATE_BYTES] -) API_VIS NONNULL3 WARN_UNUSED NOINLINE; +) API_VIS NONNULL WARN_UNUSED NOINLINE; /** The base point for X$(gf_shortname) Diffie-Hellman */ extern const uint8_t $(c_ns)_x_base_point[X$(gf_shortname)_PUBLIC_BYTES] API_VIS; @@ -394,7 +394,7 @@ extern const uint8_t $(c_ns)_x_base_point[X$(gf_shortname)_PUBLIC_BYTES] API_VIS void $(c_ns)_x_base_scalarmul ( uint8_t out[X$(gf_shortname)_PUBLIC_BYTES], const uint8_t scalar[X$(gf_shortname)_PRIVATE_BYTES] -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Precompute a table for fast scalar multiplication. @@ -408,7 +408,7 @@ void $(c_ns)_x_base_scalarmul ( void $(c_ns)_precompute ( $(c_ns)_precomputed_s *a, const $(c_ns)_point_t b -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Multiply a precomputed base point by a scalar: @@ -425,7 +425,7 @@ void $(c_ns)_precomputed_scalarmul ( $(c_ns)_point_t scaled, const $(c_ns)_precomputed_s *base, const $(c_ns)_scalar_t scalar -) API_VIS NONNULL3 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Multiply two base points by two scalars: @@ -446,7 +446,7 @@ void $(c_ns)_point_double_scalarmul ( const $(c_ns)_scalar_t scalar1, const $(c_ns)_point_t base2, const $(c_ns)_scalar_t scalar2 -) API_VIS NONNULL5 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * Multiply one base point by two scalars: @@ -469,7 +469,7 @@ void $(c_ns)_point_dual_scalarmul ( const $(c_ns)_point_t base1, const $(c_ns)_scalar_t scalar1, const $(c_ns)_scalar_t scalar2 -) API_VIS NONNULL5 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Multiply two base points by two scalars: @@ -491,7 +491,7 @@ void $(c_ns)_base_double_scalarmul_non_secret ( const $(c_ns)_scalar_t scalar1, const $(c_ns)_point_t base2, const $(c_ns)_scalar_t scalar2 -) API_VIS NONNULL4 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Constant-time decision between two points. If pick_b @@ -507,7 +507,7 @@ void $(c_ns)_point_cond_sel ( const $(c_ns)_point_t a, const $(c_ns)_point_t b, decaf_word_t pick_b -) API_VIS NONNULL3 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Constant-time decision between two scalars. If pick_b @@ -523,7 +523,7 @@ void $(c_ns)_scalar_cond_sel ( const $(c_ns)_scalar_t a, const $(c_ns)_scalar_t b, decaf_word_t pick_b -) API_VIS NONNULL3 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Test that a point is valid, for debugging purposes. @@ -534,7 +534,7 @@ void $(c_ns)_scalar_cond_sel ( */ decaf_bool_t $(c_ns)_point_valid ( const $(c_ns)_point_t toTest -) API_VIS WARN_UNUSED NONNULL1 NOINLINE; +) API_VIS WARN_UNUSED NONNULL NOINLINE; /** * @brief Torque a point, for debugging purposes. The output @@ -546,7 +546,7 @@ decaf_bool_t $(c_ns)_point_valid ( void $(c_ns)_point_debugging_torque ( $(c_ns)_point_t q, const $(c_ns)_point_t p -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Projectively scale a point, for debugging purposes. @@ -561,7 +561,7 @@ void $(c_ns)_point_debugging_pscale ( $(c_ns)_point_t q, const $(c_ns)_point_t p, const unsigned char factor[$(C_NS)_SER_BYTES] -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Almost-Elligator-like hash to curve. @@ -595,7 +595,7 @@ void $(c_ns)_point_from_hash_nonuniform ( $(c_ns)_point_t pt, const unsigned char hashed_data[$(C_NS)_SER_BYTES] -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Indifferentiable hash function encoding to curve. @@ -608,7 +608,7 @@ $(c_ns)_point_from_hash_nonuniform ( void $(c_ns)_point_from_hash_uniform ( $(c_ns)_point_t pt, const unsigned char hashed_data[2*$(C_NS)_SER_BYTES] -) API_VIS NONNULL2 NOINLINE; +) API_VIS NONNULL NOINLINE; /** * @brief Inverse of elligator-like hash to curve. @@ -633,7 +633,7 @@ $(c_ns)_invert_elligator_nonuniform ( unsigned char recovered_hash[$(C_NS)_SER_BYTES], const $(c_ns)_point_t pt, uint16_t which -) API_VIS NONNULL2 NOINLINE WARN_UNUSED; +) API_VIS NONNULL NOINLINE WARN_UNUSED; /** * @brief Inverse of elligator-like hash to curve. @@ -658,14 +658,14 @@ $(c_ns)_invert_elligator_uniform ( unsigned char recovered_hash[2*$(C_NS)_SER_BYTES], const $(c_ns)_point_t pt, uint16_t which -) API_VIS NONNULL2 NOINLINE WARN_UNUSED; +) API_VIS NONNULL NOINLINE WARN_UNUSED; /** * @brief Overwrite scalar with zeros. */ void $(c_ns)_scalar_destroy ( $(c_ns)_scalar_t scalar -) NONNULL1 API_VIS; +) NONNULL API_VIS; /** * @brief Overwrite point with zeros. @@ -673,14 +673,14 @@ void $(c_ns)_scalar_destroy ( */ void $(c_ns)_point_destroy ( $(c_ns)_point_t point -) NONNULL1 API_VIS; +) NONNULL API_VIS; /** * @brief Overwrite precomputed table with zeros. */ void $(c_ns)_precomputed_destroy ( $(c_ns)_precomputed_s *pre -) NONNULL1 API_VIS; +) NONNULL API_VIS; #ifdef __cplusplus } /* extern "C" */ diff --git a/src/public_include/decaf/common.h b/src/public_include/decaf/common.h index a7298c0..a01e6c6 100644 --- a/src/public_include/decaf/common.h +++ b/src/public_include/decaf/common.h @@ -27,13 +27,7 @@ extern "C" { #define API_VIS __attribute__((visibility("default"))) #define NOINLINE __attribute__((noinline)) #define WARN_UNUSED __attribute__((warn_unused_result)) -#define NONNULL1 __attribute__((nonnull(1))) -#define NONNULL2 __attribute__((nonnull(1,2))) -#define NONNULL3 __attribute__((nonnull(1,2,3))) -#define NONNULL13 __attribute__((nonnull(1,3))) -#define NONNULL134 __attribute__((nonnull(1,3,4))) -#define NONNULL4 __attribute__((nonnull(1,2,3,4))) -#define NONNULL5 __attribute__((nonnull(1,2,3,4,5))) +#define NONNULL __attribute__((nonnull)) #define INLINE inline __attribute__((always_inline)) #define UNUSED __attribute__((unused)) /** @endcond */ @@ -101,14 +95,14 @@ decaf_successful(decaf_error_t e) { void decaf_bzero ( void *data, size_t size -) NONNULL1 API_VIS; +) NONNULL API_VIS; /** Compare two buffers, returning DECAF_TRUE if they are equal. */ decaf_bool_t decaf_memeq ( const void *data1, const void *data2, size_t size -) NONNULL2 WARN_UNUSED API_VIS; +) NONNULL WARN_UNUSED API_VIS; #ifdef __cplusplus } /* extern "C" */ diff --git a/src/public_include/decaf/shake.h b/src/public_include/decaf/shake.h index 2aaa3f7..6d5b792 100644 --- a/src/public_include/decaf/shake.h +++ b/src/public_include/decaf/shake.h @@ -116,46 +116,46 @@ void sponge_hash ( #define DECSHAKE(n) \ extern const struct kparams_s SHAKE##n##_params_s API_VIS; \ typedef struct shake##n##_ctx_s { keccak_sponge_t s; } shake##n##_ctx_t[1]; \ - static inline void NONNULL1 shake##n##_init(shake##n##_ctx_t sponge) { \ + static inline void NONNULL shake##n##_init(shake##n##_ctx_t sponge) { \ sponge_init(sponge->s, &SHAKE##n##_params_s); \ } \ - static inline void NONNULL1 shake##n##_gen_init(keccak_sponge_t sponge) { \ + static inline void NONNULL shake##n##_gen_init(keccak_sponge_t sponge) { \ sponge_init(sponge, &SHAKE##n##_params_s); \ } \ - static inline void NONNULL2 shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ + static inline void NONNULL shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ sha3_update(sponge->s, in, inlen); \ } \ - static inline void NONNULL2 shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ + static inline void NONNULL shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ sha3_output(sponge->s, out, outlen); \ sponge_init(sponge->s, &SHAKE##n##_params_s); \ } \ - static inline void NONNULL13 shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ + static inline void NONNULL shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ sponge_hash(in,inlen,out,outlen,&SHAKE##n##_params_s); \ } \ - static inline void NONNULL1 shake##n##_destroy( shake##n##_ctx_t sponge ) { \ + static inline void NONNULL shake##n##_destroy( shake##n##_ctx_t sponge ) { \ sponge_destroy(sponge->s); \ } #define DECSHA3(n) \ extern const struct kparams_s SHA3_##n##_params_s API_VIS; \ typedef struct sha3_##n##_ctx_s { keccak_sponge_t s; } sha3_##n##_ctx_t[1]; \ - static inline void NONNULL1 sha3_##n##_init(sha3_##n##_ctx_t sponge) { \ + static inline void NONNULL sha3_##n##_init(sha3_##n##_ctx_t sponge) { \ sponge_init(sponge->s, &SHA3_##n##_params_s); \ } \ - static inline void NONNULL1 sha3_##n##_gen_init(keccak_sponge_t sponge) { \ + static inline void NONNULL sha3_##n##_gen_init(keccak_sponge_t sponge) { \ sponge_init(sponge, &SHA3_##n##_params_s); \ } \ - static inline void NONNULL2 sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ + static inline void NONNULL sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ sha3_update(sponge->s, in, inlen); \ } \ - static inline void NONNULL2 sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ + static inline void NONNULL sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ sha3_output(sponge->s, out, outlen); \ sponge_init(sponge->s, &SHA3_##n##_params_s); \ } \ - static inline void NONNULL13 sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ + static inline void NONNULL sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ sponge_hash(in,inlen,out,outlen,&SHA3_##n##_params_s); \ } \ - static inline void NONNULL1 sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \ + static inline void NONNULL sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \ sponge_destroy(sponge->s); \ } /** @endcond */ diff --git a/src/public_include/decaf/spongerng.h b/src/public_include/decaf/spongerng.h index 4974b08..1463b42 100644 --- a/src/public_include/decaf/spongerng.h +++ b/src/public_include/decaf/spongerng.h @@ -32,7 +32,7 @@ void spongerng_init_from_buffer ( const uint8_t *__restrict__ in, /**< [in] The initialization data. */ size_t len, /**< [in] The length of the initialization data. */ int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC.*/ -) NONNULL2 API_VIS; +) NONNULL API_VIS; /** * @brief Initialize a sponge-based CSPRNG from a file. @@ -45,7 +45,7 @@ decaf_error_t spongerng_init_from_file ( const char *file, /**< [in] A name of a file containing initial data. */ size_t len, /**< [in] The length of the initial data. Must be positive. */ int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC. */ -) NONNULL2 API_VIS WARN_UNUSED; +) NONNULL API_VIS WARN_UNUSED; /** * @brief Initialize a nondeterministic sponge-based CSPRNG from /dev/urandom. @@ -69,7 +69,7 @@ void spongerng_stir ( keccak_prng_t prng, /**< [out] The PRNG object. */ const uint8_t * __restrict__ in, /**< [in] The entropy data. */ size_t len /**< [in] The length of the initial data. */ -) NONNULL2 API_VIS; +) NONNULL API_VIS; /** Securely destroy a sponge RNG object by overwriting it. */ static INLINE UNUSED void diff --git a/src/public_include/decaf/strobe.h b/src/public_include/decaf/strobe.h index 85b50f7..dec8f2b 100644 --- a/src/public_include/decaf/strobe.h +++ b/src/public_include/decaf/strobe.h @@ -44,7 +44,7 @@ void strobe_init ( const struct kparams_s *params, /**< [in] Parameter set descriptor. */ const char *proto, /**< [in] Unique identifier for the protocol. TODO: define namespaces for this */ uint8_t am_client /**< [in] Nonzero if this party. */ -) NONNULL2 API_VIS; +) NONNULL API_VIS; /** Run a transaction against a STROBE state. */ void strobe_transact ( @@ -53,10 +53,10 @@ void strobe_transact ( const unsigned char *in, /**< [in] The input. */ size_t len, /**< [in] The length of the input/output. */ uint32_t cw_flags /**< [in] The control word with flags. */ -) NONNULL1 API_VIS; +) __attribute__((nonnull(1))) API_VIS; /** Record a message sent in plaintext */ -static INLINE UNUSED void strobe_plaintext ( +static INLINE UNUSED NONNULL void strobe_plaintext ( keccak_strobe_t strobe, /**< [inout] The STROBE object */ const unsigned char *in, /**< [in] The message. */ uint16_t len, /**< [in] The length of the message. */ @@ -64,7 +64,7 @@ static INLINE UNUSED void strobe_plaintext ( ); /** Report authenticated data in strobe context. */ -static INLINE UNUSED void +static INLINE UNUSED NONNULL void strobe_ad ( keccak_strobe_t strobe, /**< [inout] The strobe object. */ const unsigned char *in, /**< [in] The plaintext. */ @@ -72,7 +72,7 @@ strobe_ad ( ); /** Set nonce in strobe context. */ -static INLINE UNUSED void +static INLINE UNUSED NONNULL void strobe_nonce ( keccak_strobe_t strobe, /**< [inout] The initialized strobe object. */ const unsigned char *in, /**< [in] The nonce. */ @@ -80,7 +80,7 @@ strobe_nonce ( ); /** Set fixed key in strobe context. */ -static INLINE UNUSED void +static INLINE UNUSED NONNULL void strobe_fixed_key ( keccak_strobe_t strobe, /**< [inout] The initialized strobe object. */ const unsigned char *in, /**< [in] The key. */ @@ -88,7 +88,7 @@ strobe_fixed_key ( ); /** Set Diffie-Hellman key in strobe context. */ -static INLINE UNUSED void +static INLINE UNUSED NONNULL void strobe_dh_key ( keccak_strobe_t strobe, /**< [inout] The initialized strobe object. */ const unsigned char *in, /**< [in] The key. */ @@ -99,7 +99,7 @@ strobe_dh_key ( #define STROBE_MAX_AUTH_BYTES 32 /** Produce an authenticator. */ -static INLINE UNUSED void +static INLINE UNUSED NONNULL void strobe_produce_auth ( keccak_strobe_t strobe, /**< [inout] The Strobe protocol context. */ unsigned char *out, /**< [out] The authenticator. */ @@ -116,13 +116,13 @@ decaf_error_t strobe_verify_auth ( keccak_strobe_t strobe, /**< [inout] The Strobe protocol context */ const unsigned char *in, /**< [in] The authenticator */ uint16_t len /**< [in] The length, at most STROBE_MAX_AUTH_BYTES. */ -) WARN_UNUSED NONNULL2 API_VIS; +) WARN_UNUSED NONNULL API_VIS; /** * @brief Encrypt bytes from in to out. * @warning Doesn't produce an auth tag. */ -static INLINE UNUSED void +static INLINE UNUSED NONNULL void strobe_encrypt ( keccak_strobe_t strobe, /**< [inout] strobe The Strobe protocol context. */ unsigned char *out, /**< [out] The ciphertext. */ @@ -134,7 +134,7 @@ strobe_encrypt ( * Decrypt bytes from in to out. * @warning Doesn't check an auth tag. */ -static INLINE UNUSED void +static INLINE UNUSED NONNULL void strobe_decrypt ( keccak_strobe_t strobe, /**< [inout] The Strobe protocol context. */ unsigned char *out, /**< [out] The plaintext. */ @@ -149,7 +149,7 @@ strobe_decrypt ( * refreshing forward secrecy! It's to replace things * like TCP session hash. */ -static inline void strobe_prng ( +static inline void NONNULL strobe_prng ( keccak_strobe_t strobe, /**< [inout] The Strobe protocol context */ unsigned char *out, /**< [out] The output random data. */ uint16_t len /**< The length. */ @@ -159,10 +159,10 @@ static inline void strobe_prng ( void strobe_respec ( keccak_strobe_t strobe, /**< [inout] The initialized strobe context. */ const struct kparams_s *params /**< [in] Strobe parameter descriptor. */ -) NONNULL2 API_VIS; +) NONNULL API_VIS; /** Securely destroy a STROBE object by overwriting it. */ -static INLINE UNUSED void +static INLINE UNUSED NONNULL void strobe_destroy ( keccak_strobe_t doomed /**< [in] The object to destroy. */ );