knock out a couple TODOs

src/p25519/arch_ref64/f_impl.c

@@ -41,7 +41,7 @@ gf_25519_mul (
         c[i] = accum & mask;
         accum >>= 51;
     }
-    /* PERF: parallelize? eh well this is reference */
+    
     accum *= 19;
     accum += c[0];
     c[0] = accum & mask;
@@ -68,7 +68,7 @@ gf_25519_mulw (
         c[i] = accum & mask;
         accum >>= 51;
     }
-    /* PERF: parallelize? eh well this is reference */
+    
     accum *= 19;
     accum += c[0];
     c[0] = accum & mask;

src/public_include/decaf/common.h

@@ -65,7 +65,6 @@ static const decaf_bool_t DECAF_TRUE = -(decaf_bool_t)1;
 static const decaf_bool_t DECAF_FALSE = 0;
 
 /** Another boolean type used to indicate success or failure. */
-// FIXME: deploy project-wide
 typedef enum {
     DECAF_SUCCESS = -1, /**< The operation succeeded. */
     DECAF_FAILURE = 0   /**< The operation failed. */
@@ -87,17 +86,13 @@ decaf_successful(decaf_error_t e) {
     return (w-1)>>DECAF_WORD_BITS;
 }
     
-/**
-* @brief Overwrite data with zeros.  Uses memset_s if available.
-*/
+/** Overwrite data with zeros.  Uses memset_s if available. */
 void decaf_bzero (
     void *data,
     size_t size
 ) NONNULL1 API_VIS;
 
-/**
-* @brief Compare two buffers, returning DECAF_TRUE if they are equal.
-*/
+/** Compare two buffers, returning DECAF_TRUE if they are equal. */
 decaf_bool_t decaf_memeq (
     const void *data1,
     const void *data2,

src/public_include/decaf/shake.hxx

@@ -102,17 +102,25 @@ template<int bits> class SHA3 : public KeccakHash {
 private:
     /** Get the parameter template block for this hash */
     static inline const struct kparams_s *get_params();
+    
 public:
+    /** Number of bytes of output */
+    static const size_t MAX_OUTPUT_BYTES = bits/8;
+    
     /** Initializer */
     inline SHA3() NOEXCEPT : KeccakHash(get_params()) {}
 
     /** Reset the hash to the empty string */
     inline void reset() NOEXCEPT { sponge_init(sp, get_params()); }
 
-    
-    /** Hash bytes with this SHA3 instance.  TODO: output length? */
-    static inline SecureBuffer hash(const Block &b) throw(std::bad_alloc) {
-        SHA3 s; s += b; return s.output();
+    /** Hash bytes with this SHA3 instance.
+     * @throw LengthException if nbytes > MAX_OUTPUT_BYTES
+     */
+    static inline SecureBuffer hash(const Block &b, size_t nbytes = MAX_OUTPUT_BYTES) throw(std::bad_alloc, LengthException) {
+        if (nbytes > MAX_OUTPUT_BYTES) {
+            throw LengthException();
+        }
+        SHA3 s; s += b; return s.output(nbytes);
     }
 };
 
@@ -306,8 +314,8 @@ public:
     }
     
     /** Produce an authenticator into a buffer. */
-    inline void produce_auth(Buffer out) throw(LengthException,ProtocolException) {
-        if (!keyed) throw ProtocolException(); /* TODO: maybe.  Could use for eg sanity or dos protection */
+    inline void produce_auth(Buffer out, bool even_though_unkeyed = false) throw(LengthException,ProtocolException) {
+        if (!keyed && !even_though_unkeyed) throw ProtocolException();
         if (out.size() > STROBE_MAX_AUTH_BYTES) throw LengthException();
         strobe_produce_auth(sp, out.data(), out.size());
     }

test/bench_decaf.cxx

@@ -280,7 +280,7 @@ static void spake2ee(
     client.verify_auth(tag);    
     tag = client.produce_auth();
     client.respec(STROBE_KEYED_128);
-    /* TODO: fork... */
+    /* A real protocol would continue with fork etc here... */
     
     server.verify_auth(tag);
     server.respec(STROBE_KEYED_128);