fix most of SUPERCOP stuff. However, the results of `make bat` still are not portable because the generated tables use arch specific field element layout

Makefile

@@ -75,7 +75,7 @@ endif
 
 BENCHCOMPONENTS = build/bench.o build/shake.o
 
-BATBASE=ed448goldilocks-decaf-bats-$(TODAY)
+BATBASE=ed448goldilocks_decaf_bats_$(TODAY)
 BATNAME=build/$(BATBASE)
 
 all: lib  build/test build/bench build/shakesum
@@ -159,13 +159,13 @@ doc: Doxyfile doc/timestamp include/*.h src/*.c src/include/*.h src/$(FIELD)/$(A
 
 bat: $(BATNAME)
 
-$(BATNAME): include/* src/* src/*/* test/batarch.map
+$(BATNAME): include/* src/* src/*/* test/batarch.map build/decaf_tables.c # TODO tables some other way
 	rm -fr $@
 	for prim in dh sign; do \
-          targ="$@/crypto_$$prim/ed448goldilocks-decaf"; \
+          targ="$@/crypto_$$prim/ed448goldilocks_decaf"; \
 	  (while read arch where; do \
 	    mkdir -p $$targ/`basename $$arch`; \
-	    cp include/*.h src/*.c src/include/*.h src/bat/$$prim.c src/p448/$$where/*.c src/p448/$$where/*.h src/p448/*.c src/p448/*.h $$targ/`basename $$arch`; \
+	    cp include/*.h build/decaf_tables.c src/decaf_fast.c src/decaf_crypto.c src/shake.c src/include/*.h src/bat/$$prim.c src/p448/$$where/*.c src/p448/$$where/*.h src/p448/*.c src/p448/*.h $$targ/`basename $$arch`; \
 	    cp src/bat/api_$$prim.h $$targ/`basename $$arch`/api.h; \
 	    perl -p -i -e 's/SYSNAME/'`basename $(BATNAME)`_`basename $$arch`'/g' $$targ/`basename $$arch`/api.h;  \
 	    perl -p -i -e 's/__TODAY__/'$(TODAY)'/g' $$targ/`basename $$arch`/api.h;  \

src/bat/api_sign.h

@@ -8,7 +8,7 @@
  */
 
 #include <string.h>
-#include "goldilocks.h"
+#include "decaf_crypto.h"
 
 #define PUBLICKEY_BYTES (sizeof(decaf_448_public_key_t))
 #define SECRETKEY_BYTES (sizeof(decaf_448_private_key_t))

src/bat/dh.c

@@ -14,16 +14,13 @@
 #include "randombytes.h"
 
 int crypto_dh_keypair (
-    unsigned char pk[SECRETKEY_BYTES],
-    unsigned char sk[PUBLICKEY_BYTES]
+    unsigned char pk[PUBLICKEY_BYTES],
+    unsigned char sk[SECRETKEY_BYTES]
 ) {
     decaf_448_symmetric_key_t proto;
     randombytes(proto,sizeof(proto));
     decaf_448_derive_private_key((decaf_448_private_key_s *)sk,proto);
-    decaf_448_private_to_public(
-        (decaf_448_public_key_s *)pk,
-        (decaf_448_private_key_s *)sk
-    );
+    decaf_448_private_to_public(pk,(decaf_448_private_key_s *)sk);
     return 0;
 }
 
@@ -32,10 +29,7 @@ int crypto_dh (
     const unsigned char pk[PUBLICKEY_BYTES],
     const unsigned char sk[SECRETKEY_BYTES]
 ) {
-    return !decaf_448_shared_secret (
-        s,
-        SHAREDSECRET_BYTES,
-        (const decaf_448_private_key_s *)sk,
-        (const decaf_448_public_key_s *)pk
+    return !decaf_448_shared_secret (s,SHAREDSECRET_BYTES,
+        (const decaf_448_private_key_s *)sk, pk
     );
 }

src/bat/sign.c

@@ -13,14 +13,13 @@
 #include "crypto_sign.h"
 
 int crypto_sign_keypair (
-    unsigned char pk[SECRETKEY_BYTES],
-    unsigned char sk[PUBLICKEY_BYTES]
+    unsigned char pk[PUBLICKEY_BYTES],
+    unsigned char sk[SECRETKEY_BYTES]
 ) {
     decaf_448_symmetric_key_t proto;
     randombytes(proto,sizeof(proto));
     decaf_448_derive_private_key((decaf_448_private_key_s *)sk,proto);
-    decaf_448_private_to_public(
-        (decaf_448_public_key_s *)pk,
+    decaf_448_private_to_public(pk,
         (decaf_448_private_key_s *)sk
     );
     return 0;
@@ -53,8 +52,7 @@ int crypto_sign_open (
     const unsigned char pk[PUBLICKEY_BYTES]
 ) {
     int ret = decaf_448_verify(
-        sm,
-        (const struct goldilocks_public_key_t *)pk,
+        sm,pk,
         sm + SIGNATURE_BYTES, smlen - SIGNATURE_BYTES
     );
     if (ret) {

test/test_decaf.cxx

@@ -11,6 +11,7 @@
 
 #include "decaf.hxx"
 #include "shake.hxx"
+#include "decaf_crypto.h"
 #include <stdio.h>
 
 
@@ -196,11 +197,47 @@ static void test_ec() {
 
 }; // template<decaf::GroupId GROUP>
 
+
+static void test_decaf() {
+    Test test("Sample crypto");
+    decaf::SpongeRng rng(decaf::Block("test_decaf"));
+
+    decaf_448_symmetric_key_t proto1,proto2;
+    decaf_448_private_key_t s1,s2;
+    decaf_448_public_key_t p1,p2;
+    decaf_448_signature_t sig;
+    unsigned char shared1[1234],shared2[1234];
+    const char *message = "Hello, world!";
+
+    for (int i=0; i<NTESTS && test.passing_now; i++) {
+        rng.read(decaf::TmpBuffer(proto1,sizeof(proto1)));
+        rng.read(decaf::TmpBuffer(proto2,sizeof(proto2)));
+        decaf_448_derive_private_key(s1,proto1);
+        decaf_448_private_to_public(p1,s1);
+        decaf_448_derive_private_key(s2,proto2);
+        decaf_448_private_to_public(p2,s2);
+        if (!decaf_448_shared_secret (shared1,sizeof(shared1),s1,p2)) {
+            test.fail(); printf("Fail ss12\n");
+        }
+        if (!decaf_448_shared_secret (shared2,sizeof(shared2),s2,p1)) {
+            test.fail(); printf("Fail ss21\n");
+        }
+        if (memcmp(shared1,shared2,sizeof(shared1))) {
+            test.fail(); printf("Fail ss21 == ss12\n");   
+        }
+        decaf_448_sign (sig,s1,(const unsigned char *)message,strlen(message));
+        if (!decaf_448_verify (sig,p1,(const unsigned char *)message,strlen(message))) {
+            test.fail(); printf("Fail sig ver\n");   
+        }
+    }
+}
+
 int main(int argc, char **argv) {
     (void) argc; (void) argv;
     
     Tests<decaf::Ed448>::test_arithmetic();
     Tests<decaf::Ed448>::test_ec();
+    test_decaf();
     
     if (passing) printf("Passed all tests.\n");