From 45a271dc0c87cb658b7fd11144a4c220cfaee00d Mon Sep 17 00:00:00 2001
From: Mike Hamburg <mike@shiftleft.org>
Date: Tue, 5 May 2015 18:14:05 -0700
Subject: [PATCH] fix most of SUPERCOP stuff.  However, the results of `make
 bat` still are not portable because the generated tables use arch specific
 field element layout

---
 Makefile            |  8 ++++----
 src/bat/api_sign.h  |  2 +-
 src/bat/dh.c        | 16 +++++-----------
 src/bat/sign.c      | 10 ++++------
 test/test_decaf.cxx | 37 +++++++++++++++++++++++++++++++++++++
 5 files changed, 51 insertions(+), 22 deletions(-)

diff --git a/Makefile b/Makefile
index 6be457f..47bcc90 100644
--- a/Makefile
+++ b/Makefile
@@ -75,7 +75,7 @@ endif
 
 BENCHCOMPONENTS = build/bench.o build/shake.o
 
-BATBASE=ed448goldilocks-decaf-bats-$(TODAY)
+BATBASE=ed448goldilocks_decaf_bats_$(TODAY)
 BATNAME=build/$(BATBASE)
 
 all: lib  build/test build/bench build/shakesum
@@ -159,13 +159,13 @@ doc: Doxyfile doc/timestamp include/*.h src/*.c src/include/*.h src/$(FIELD)/$(A
 
 bat: $(BATNAME)
 
-$(BATNAME): include/* src/* src/*/* test/batarch.map
+$(BATNAME): include/* src/* src/*/* test/batarch.map build/decaf_tables.c # TODO tables some other way
 	rm -fr $@
 	for prim in dh sign; do \
-          targ="$@/crypto_$$prim/ed448goldilocks-decaf"; \
+          targ="$@/crypto_$$prim/ed448goldilocks_decaf"; \
 	  (while read arch where; do \
 	    mkdir -p $$targ/`basename $$arch`; \
-	    cp include/*.h src/*.c src/include/*.h src/bat/$$prim.c src/p448/$$where/*.c src/p448/$$where/*.h src/p448/*.c src/p448/*.h $$targ/`basename $$arch`; \
+	    cp include/*.h build/decaf_tables.c src/decaf_fast.c src/decaf_crypto.c src/shake.c src/include/*.h src/bat/$$prim.c src/p448/$$where/*.c src/p448/$$where/*.h src/p448/*.c src/p448/*.h $$targ/`basename $$arch`; \
 	    cp src/bat/api_$$prim.h $$targ/`basename $$arch`/api.h; \
 	    perl -p -i -e 's/SYSNAME/'`basename $(BATNAME)`_`basename $$arch`'/g' $$targ/`basename $$arch`/api.h;  \
 	    perl -p -i -e 's/__TODAY__/'$(TODAY)'/g' $$targ/`basename $$arch`/api.h;  \
diff --git a/src/bat/api_sign.h b/src/bat/api_sign.h
index 5488390..4352aea 100644
--- a/src/bat/api_sign.h
+++ b/src/bat/api_sign.h
@@ -8,7 +8,7 @@
  */
 
 #include <string.h>
-#include "goldilocks.h"
+#include "decaf_crypto.h"
 
 #define PUBLICKEY_BYTES (sizeof(decaf_448_public_key_t))
 #define SECRETKEY_BYTES (sizeof(decaf_448_private_key_t))
diff --git a/src/bat/dh.c b/src/bat/dh.c
index 415971c..6ce807b 100644
--- a/src/bat/dh.c
+++ b/src/bat/dh.c
@@ -14,16 +14,13 @@
 #include "randombytes.h"
 
 int crypto_dh_keypair (
-    unsigned char pk[SECRETKEY_BYTES],
-    unsigned char sk[PUBLICKEY_BYTES]
+    unsigned char pk[PUBLICKEY_BYTES],
+    unsigned char sk[SECRETKEY_BYTES]
 ) {
     decaf_448_symmetric_key_t proto;
     randombytes(proto,sizeof(proto));
     decaf_448_derive_private_key((decaf_448_private_key_s *)sk,proto);
-    decaf_448_private_to_public(
-        (decaf_448_public_key_s *)pk,
-        (decaf_448_private_key_s *)sk
-    );
+    decaf_448_private_to_public(pk,(decaf_448_private_key_s *)sk);
     return 0;
 }
 
@@ -32,10 +29,7 @@ int crypto_dh (
     const unsigned char pk[PUBLICKEY_BYTES],
     const unsigned char sk[SECRETKEY_BYTES]
 ) {
-    return !decaf_448_shared_secret (
-        s,
-        SHAREDSECRET_BYTES,
-        (const decaf_448_private_key_s *)sk,
-        (const decaf_448_public_key_s *)pk
+    return !decaf_448_shared_secret (s,SHAREDSECRET_BYTES,
+        (const decaf_448_private_key_s *)sk, pk
     );
 }
diff --git a/src/bat/sign.c b/src/bat/sign.c
index ba2f762..be73340 100644
--- a/src/bat/sign.c
+++ b/src/bat/sign.c
@@ -13,14 +13,13 @@
 #include "crypto_sign.h"
 
 int crypto_sign_keypair (
-    unsigned char pk[SECRETKEY_BYTES],
-    unsigned char sk[PUBLICKEY_BYTES]
+    unsigned char pk[PUBLICKEY_BYTES],
+    unsigned char sk[SECRETKEY_BYTES]
 ) {
     decaf_448_symmetric_key_t proto;
     randombytes(proto,sizeof(proto));
     decaf_448_derive_private_key((decaf_448_private_key_s *)sk,proto);
-    decaf_448_private_to_public(
-        (decaf_448_public_key_s *)pk,
+    decaf_448_private_to_public(pk,
         (decaf_448_private_key_s *)sk
     );
     return 0;
@@ -53,8 +52,7 @@ int crypto_sign_open (
     const unsigned char pk[PUBLICKEY_BYTES]
 ) {
     int ret = decaf_448_verify(
-        sm,
-        (const struct goldilocks_public_key_t *)pk,
+        sm,pk,
         sm + SIGNATURE_BYTES, smlen - SIGNATURE_BYTES
     );
     if (ret) {
diff --git a/test/test_decaf.cxx b/test/test_decaf.cxx
index e7c74bf..39d3b13 100644
--- a/test/test_decaf.cxx
+++ b/test/test_decaf.cxx
@@ -11,6 +11,7 @@
 
 #include "decaf.hxx"
 #include "shake.hxx"
+#include "decaf_crypto.h"
 #include <stdio.h>
 
 
@@ -196,11 +197,47 @@ static void test_ec() {
 
 }; // template<decaf::GroupId GROUP>
 
+
+static void test_decaf() {
+    Test test("Sample crypto");
+    decaf::SpongeRng rng(decaf::Block("test_decaf"));
+
+    decaf_448_symmetric_key_t proto1,proto2;
+    decaf_448_private_key_t s1,s2;
+    decaf_448_public_key_t p1,p2;
+    decaf_448_signature_t sig;
+    unsigned char shared1[1234],shared2[1234];
+    const char *message = "Hello, world!";
+
+    for (int i=0; i<NTESTS && test.passing_now; i++) {
+        rng.read(decaf::TmpBuffer(proto1,sizeof(proto1)));
+        rng.read(decaf::TmpBuffer(proto2,sizeof(proto2)));
+        decaf_448_derive_private_key(s1,proto1);
+        decaf_448_private_to_public(p1,s1);
+        decaf_448_derive_private_key(s2,proto2);
+        decaf_448_private_to_public(p2,s2);
+        if (!decaf_448_shared_secret (shared1,sizeof(shared1),s1,p2)) {
+            test.fail(); printf("Fail ss12\n");
+        }
+        if (!decaf_448_shared_secret (shared2,sizeof(shared2),s2,p1)) {
+            test.fail(); printf("Fail ss21\n");
+        }
+        if (memcmp(shared1,shared2,sizeof(shared1))) {
+            test.fail(); printf("Fail ss21 == ss12\n");   
+        }
+        decaf_448_sign (sig,s1,(const unsigned char *)message,strlen(message));
+        if (!decaf_448_verify (sig,p1,(const unsigned char *)message,strlen(message))) {
+            test.fail(); printf("Fail sig ver\n");   
+        }
+    }
+}
+
 int main(int argc, char **argv) {
     (void) argc; (void) argv;
     
     Tests<decaf::Ed448>::test_arithmetic();
     Tests<decaf::Ed448>::test_ec();
+    test_decaf();
     
     if (passing) printf("Passed all tests.\n");