gmp-style foo_t[1] for points too

Conflicts:
	src/include/ec_point.h

src/crandom.c

@@ -301,7 +301,7 @@ crandom_chacha_expand(u_int64_t iv,
 
 int
 crandom_init_from_file(
-    struct crandom_state_t *state,
+    crandom_state_a_t state,
     const char *filename,
     int reseed_interval,
     int reseeds_mandatory
@@ -338,7 +338,7 @@ crandom_init_from_file(
 
 void
 crandom_init_from_buffer(
-    struct crandom_state_t *state,
+    crandom_state_a_t state,
     const char initial_seed[32]
 ) {
     memcpy(state->seed, initial_seed, 32);
@@ -350,7 +350,7 @@ crandom_init_from_buffer(
 
 int
 crandom_generate(
-    struct crandom_state_t *state,
+    crandom_state_a_t state,
     unsigned char *output,
     unsigned long long length
 ) {
@@ -475,7 +475,7 @@ crandom_generate(
 
 void
 crandom_destroy(
-    struct crandom_state_t *state
+    crandom_state_a_t state
 ) { 
     if (state->magic == CRANDOM_MAGIC && state->randomfd) {
         (void) close(state->randomfd);

src/ec_point.c

@@ -14,8 +14,8 @@
 
 void
 add_tw_niels_to_tw_extensible (
-    struct tw_extensible_t*  d,
-    const struct tw_niels_t* e
+    tw_extensible_a_t  d,
+    const tw_niels_a_t e
 ) {
     ANALYZE_THIS_ROUTINE_CAREFULLY;
     field_a_t L0, L1;
@@ -36,8 +36,8 @@ add_tw_niels_to_tw_extensible (
 
 void
 sub_tw_niels_from_tw_extensible (
-    struct tw_extensible_t*  d,
-    const struct tw_niels_t* e
+    tw_extensible_a_t  d,
+    const tw_niels_a_t e
 ) {
     ANALYZE_THIS_ROUTINE_CAREFULLY;
     field_a_t L0, L1;
@@ -58,29 +58,29 @@ sub_tw_niels_from_tw_extensible (
 
 void
 add_tw_pniels_to_tw_extensible (
-    struct tw_extensible_t*   e,
-    const struct tw_pniels_t* a
+    tw_extensible_a_t   e,
+    const tw_pniels_a_t a
 ) {
     field_a_t L0;
     field_mul ( L0, e->z, a->z );
     field_copy ( e->z, L0 );
-    add_tw_niels_to_tw_extensible( e, &a->n );
+    add_tw_niels_to_tw_extensible( e, a->n );
 }
 
 void
 sub_tw_pniels_from_tw_extensible (
-    struct tw_extensible_t*   e,
-    const struct tw_pniels_t* a
+    tw_extensible_a_t   e,
+    const tw_pniels_a_t a
 ) {
     field_a_t L0;
     field_mul ( L0, e->z, a->z );
     field_copy ( e->z, L0 );
-    sub_tw_niels_from_tw_extensible( e, &a->n );
+    sub_tw_niels_from_tw_extensible( e, a->n );
 }
 
 void
 double_tw_extensible (
-    struct tw_extensible_t* a
+    tw_extensible_a_t a
 ) {
     ANALYZE_THIS_ROUTINE_CAREFULLY;
     field_a_t L0, L1, L2;
@@ -105,7 +105,7 @@ double_tw_extensible (
 
 void
 double_extensible (
-    struct extensible_t* a
+    extensible_a_t a
 ) {
     ANALYZE_THIS_ROUTINE_CAREFULLY;
     field_a_t L0, L1, L2;
@@ -130,8 +130,8 @@ double_extensible (
 
 void
 twist_and_double (
-    struct tw_extensible_t*    b,
-    const struct extensible_t* a
+    tw_extensible_a_t    b,
+    const extensible_a_t a
 ) {
     field_a_t L0;
     field_sqr ( b->x, a->x );
@@ -151,8 +151,8 @@ twist_and_double (
 
 void
 untwist_and_double (
-    struct extensible_t*          b,
-    const struct tw_extensible_t* a
+    extensible_a_t          b,
+    const tw_extensible_a_t a
 ) {
     field_a_t L0;
     field_sqr ( b->x, a->x );
@@ -172,20 +172,20 @@ untwist_and_double (
 
 void
 convert_tw_affine_to_tw_pniels (
-    struct tw_pniels_t*       b,
-    const struct tw_affine_t* a
+    tw_pniels_a_t       b,
+    const tw_affine_a_t a
 ) {
-    field_sub ( b->n.a, a->y, a->x );
-    field_add ( b->n.b, a->x, a->y );
+    field_sub ( b->n->a, a->y, a->x );
+    field_add ( b->n->b, a->x, a->y );
     field_mul ( b->z, a->y, a->x );
-    field_mulw_scc_wr ( b->n.c, b->z, 2*EDWARDS_D-2 );
+    field_mulw_scc_wr ( b->n->c, b->z, 2*EDWARDS_D-2 );
     field_set_ui( b->z, 2 );
 }
 
 void
 convert_tw_affine_to_tw_extensible (
-    struct tw_extensible_t*   b,
-    const struct tw_affine_t* a
+    tw_extensible_a_t   b,
+    const tw_affine_a_t a
 ) {
     field_copy ( b->x, a->x );
     field_copy ( b->y, a->y );
@@ -196,8 +196,8 @@ convert_tw_affine_to_tw_extensible (
 
 void
 convert_affine_to_extensible (
-    struct extensible_t*   b,
-    const struct affine_t* a
+    extensible_a_t   b,
+    const affine_a_t a
 ) {
     field_copy ( b->x, a->x );
     field_copy ( b->y, a->y );
@@ -208,23 +208,23 @@ convert_affine_to_extensible (
 
 void
 convert_tw_extensible_to_tw_pniels (
-    struct tw_pniels_t*           b,
-    const struct tw_extensible_t* a
+    tw_pniels_a_t           b,
+    const tw_extensible_a_t a
 ) {
-    field_sub ( b->n.a, a->y, a->x );
-    field_add ( b->n.b, a->x, a->y );
+    field_sub ( b->n->a, a->y, a->x );
+    field_add ( b->n->b, a->x, a->y );
     field_mul ( b->z, a->u, a->t );
-    field_mulw_scc_wr ( b->n.c, b->z, 2*EDWARDS_D-2 );
+    field_mulw_scc_wr ( b->n->c, b->z, 2*EDWARDS_D-2 );
     field_add ( b->z, a->z, a->z );
 }
 
 void
 convert_tw_pniels_to_tw_extensible (
-    struct tw_extensible_t*   e,
-    const struct tw_pniels_t* d
+    tw_extensible_a_t   e,
+    const tw_pniels_a_t d
 ) {
-    field_add ( e->u, d->n.b, d->n.a );
-    field_sub ( e->t, d->n.b, d->n.a );
+    field_add ( e->u, d->n->b, d->n->a );
+    field_sub ( e->t, d->n->b, d->n->a );
     field_mul ( e->x, d->z, e->t );
     field_mul ( e->y, d->z, e->u );
     field_sqr ( e->z, d->z );
@@ -232,8 +232,8 @@ convert_tw_pniels_to_tw_extensible (
 
 void
 convert_tw_niels_to_tw_extensible (
-    struct tw_extensible_t*  e,
-    const struct tw_niels_t* d
+    tw_extensible_a_t  e,
+    const tw_niels_a_t d
 ) {
     field_add ( e->y, d->b, d->a );
     field_sub ( e->x, d->b, d->a );
@@ -244,7 +244,7 @@ convert_tw_niels_to_tw_extensible (
 
 void
 deserialize_montgomery_decaf (
-    struct montgomery_aux_t* a,
+    montgomery_aux_a_t a,
     const field_a_t s
 ) {
     field_copy ( a->s0, s );
@@ -280,7 +280,7 @@ montgomery_aux_step (
 
 void
 montgomery_step (
-    struct montgomery_t* a
+    montgomery_a_t a
 ) {
     ANALYZE_THIS_ROUTINE_CAREFULLY;
     field_a_t L0, L1;
@@ -308,7 +308,7 @@ montgomery_step (
 
 void
 deserialize_montgomery (
-    struct montgomery_t* a,
+    montgomery_a_t a,
     const field_a_t sbz
 ) {
     field_sqr ( a->z0, sbz );
@@ -321,7 +321,7 @@ deserialize_montgomery (
 mask_t
 serialize_montgomery (
     field_a_t             b,
-    const struct montgomery_t* a,
+    const montgomery_a_t a,
     const field_a_t       sbz
 ) {
     mask_t L4, L5, L6;
@@ -368,7 +368,7 @@ serialize_montgomery (
 void
 serialize_extensible (
     field_a_t             b,
-    const struct extensible_t* a
+    const extensible_a_t a
 ) {
     field_a_t L0, L1, L2;
     field_sub ( L0, a->y, a->z );
@@ -395,7 +395,7 @@ decaf_make_even (
 void
 decaf_serialize_extensible (
     field_a_t b,
-    const struct extensible_t* a
+    const extensible_a_t a
 ) {
     field_a_t L0, L1, L2, L3;
     field_mulw_scc ( L2, a->y, EDWARDS_D ); 
@@ -422,7 +422,7 @@ decaf_serialize_extensible (
 void
 decaf_serialize_tw_extensible (
     field_a_t            b,
-    const struct tw_extensible_t* a
+    const tw_extensible_a_t a
 ) {
     field_a_t L0, L1, L2, L3;
     field_mulw_scc ( L2, a->y, 1-EDWARDS_D ); 
@@ -448,7 +448,7 @@ decaf_serialize_tw_extensible (
 
 mask_t
 decaf_deserialize_affine (
-    struct affine_t       *a,
+    affine_a_t a,
     const field_a_t s,
     mask_t allow_identity
 ) {
@@ -489,7 +489,7 @@ decaf_deserialize_affine (
 
 mask_t
 decaf_deserialize_tw_affine (
-    struct tw_affine_t    *a,
+    tw_affine_a_t a,
     const field_a_t s,
     mask_t allow_identity
 ) {
@@ -531,7 +531,7 @@ decaf_deserialize_tw_affine (
 void
 untwist_and_double_and_serialize (
     field_a_t                b,
-    const struct tw_extensible_t* a
+    const tw_extensible_a_t a
 ) {
     field_a_t L0, L1, L2, L3;
     field_mul ( L3, a->y, a->x );
@@ -555,8 +555,8 @@ untwist_and_double_and_serialize (
 
 void
 twist_even (
-    struct tw_extensible_t*    b,
-    const struct extensible_t* a
+    tw_extensible_a_t    b,
+    const extensible_a_t a
 ) {
     field_sqr ( b->y, a->z );
     field_sqr ( b->z, a->x );
@@ -581,8 +581,8 @@ twist_even (
 
 void
 test_only_twist (
-    struct tw_extensible_t*    b,
-    const struct extensible_t* a
+    tw_extensible_a_t    b,
+    const extensible_a_t a
 ) {
     field_a_t L0, L1;
     field_sqr ( b->u, a->z );
@@ -616,7 +616,7 @@ test_only_twist (
 
 mask_t
 is_even_pt (
-    const struct extensible_t* a
+    const extensible_a_t a
 ) {
     field_a_t L0, L1, L2;
     field_sqr ( L2, a->z );
@@ -627,7 +627,7 @@ is_even_pt (
 
 mask_t
 is_even_tw (
-    const struct tw_extensible_t* a
+    const tw_extensible_a_t a
 ) {
     field_a_t L0, L1, L2;
     field_sqr ( L2, a->z );
@@ -638,7 +638,7 @@ is_even_tw (
 
 mask_t
 deserialize_affine (
-    struct affine_t*     a,
+    affine_a_t     a,
     const field_a_t sz
 ) {
     field_a_t L0, L1, L2, L3;
@@ -672,7 +672,7 @@ deserialize_affine (
 
 mask_t
 deserialize_and_twist_approx (
-    struct tw_extensible_t* a,
+    tw_extensible_a_t a,
     const field_a_t    sz
 ) {
     field_a_t L0, L1;
@@ -717,7 +717,7 @@ deserialize_and_twist_approx (
 
 void
 set_identity_extensible (
-    struct extensible_t* a
+    extensible_a_t a
 ) {
     field_set_ui( a->x, 0 );
     field_set_ui( a->y, 1 );
@@ -728,7 +728,7 @@ set_identity_extensible (
 
 void
 set_identity_tw_extensible (
-    struct tw_extensible_t* a
+    tw_extensible_a_t a
 ) {
     field_set_ui( a->x, 0 );
     field_set_ui( a->y, 1 );
@@ -739,7 +739,7 @@ set_identity_tw_extensible (
 
 void
 set_identity_affine (
-    struct affine_t* a
+    affine_a_t a
 ) {
     field_set_ui( a->x, 0 );
     field_set_ui( a->y, 1 );
@@ -773,8 +773,8 @@ decaf_eq_tw_extensible (
 
 mask_t
 eq_affine (
-    const struct affine_t* a,
-    const struct affine_t* b
+    const affine_a_t a,
+    const affine_a_t b
 ) {
     mask_t L1, L2;
     field_a_t L0;
@@ -787,8 +787,8 @@ eq_affine (
 
 mask_t
 eq_extensible (
-    const struct extensible_t* a,
-    const struct extensible_t* b
+    const extensible_a_t a,
+    const extensible_a_t b
 ) {
     mask_t L3, L4;
     field_a_t L0, L1, L2;
@@ -805,8 +805,8 @@ eq_extensible (
 
 mask_t
 eq_tw_extensible (
-    const struct tw_extensible_t* a,
-    const struct tw_extensible_t* b
+    const tw_extensible_a_t a,
+    const tw_extensible_a_t b
 ) {
     mask_t L3, L4;
     field_a_t L0, L1, L2;
@@ -823,7 +823,7 @@ eq_tw_extensible (
 
 void
 elligator_2s_inject (
-    struct affine_t*     a,
+    affine_a_t     a,
     const field_a_t r
 ) {
     field_a_t L2, L3, L4, L5, L6, L7, L8;
@@ -882,7 +882,7 @@ elligator_2s_inject (
 
 mask_t
 validate_affine (
-    const struct affine_t* a
+    const affine_a_t a
 ) {
     field_a_t L0, L1, L2, L3;
     field_sqr ( L0, a->y );
@@ -897,7 +897,7 @@ validate_affine (
 
 mask_t
 validate_tw_extensible (
-    const struct tw_extensible_t* ext
+    const tw_extensible_a_t ext
 ) {
     mask_t L4, L5;
     field_a_t L0, L1, L2, L3;
@@ -934,7 +934,7 @@ validate_tw_extensible (
 
 mask_t
 validate_extensible (
-    const struct extensible_t* ext
+    const extensible_a_t ext
 ) {
     mask_t L4, L5;
     field_a_t L0, L1, L2, L3;

src/goldilocks.c

@@ -41,7 +41,7 @@
 #else
 #define FIELD_HASH_BYTES (SHA512_OUTPUT_BYTES * ((FIELD_BYTES-1)/SHA512_OUTPUT_BYTES + 1))
 static inline void field_hash_final (
-    struct sha512_ctx_t *ctx,
+    sha512_ctx_a_t *ctx,
     unsigned char out[FIELD_HASH_BYTES]
 ) {
     /* SHA PRNG I guess? I really should have used SHAKE */
@@ -67,19 +67,19 @@ struct goldilocks_precomputed_public_key_t {
 
 /* FUTURE: auto. */
 static struct {
-    const char * volatile state;
+    const char * volatile status;
 #if GOLDILOCKS_USE_PTHREAD
     pthread_mutex_t mutex;
 #endif
-    struct tw_niels_t combs[COMB_N << (COMB_T-1)];
+    tw_niels_a_t combs[COMB_N << (COMB_T-1)];
     struct fixed_base_table_t fixed_base;
-    struct tw_niels_t wnafs[1<<WNAF_PRECMP_BITS];
-    struct crandom_state_t rand;
+    tw_niels_a_t wnafs[1<<WNAF_PRECMP_BITS];
+    crandom_state_a_t rand;
 } goldilocks_global;
 
 static inline mask_t
 goldilocks_check_init(void) {
-    if (likely(goldilocks_global.state == G_INITED)) {
+    if (likely(goldilocks_global.status == G_INITED)) {
         return MASK_SUCCESS;
     } else {
         return MASK_FAILURE;
@@ -88,7 +88,7 @@ goldilocks_check_init(void) {
 
 int
 goldilocks_init (void) {
-    const char *res = compare_and_swap(&goldilocks_global.state, NULL, G_INITING);
+    const char *res = compare_and_swap(&goldilocks_global.status, NULL, G_INITING);
     if (res == G_INITED) return GOLDI_EALREADYINIT;
     else if (res) {
         return GOLDI_ECORRUPT;
@@ -99,37 +99,37 @@ goldilocks_init (void) {
     if (ret) goto fail;
 #endif
     
-    struct extensible_t ext;
-    struct tw_extensible_t text;
+    extensible_a_t ext;
+    tw_extensible_a_t text;
     
     /* Sanity check: the base point is on the curve. */
-    assert(validate_affine(&goldilocks_base_point));
+    assert(validate_affine(goldilocks_base_point));
     
     /* Convert it to twisted Edwards. */
-    convert_affine_to_extensible(&ext, &goldilocks_base_point);
-    twist_even(&text, &ext);
+    convert_affine_to_extensible(ext, goldilocks_base_point);
+    twist_even(text, ext);
     
     /* Precompute the tables. */
     mask_t succ;
 
-    succ =  precompute_fixed_base(&goldilocks_global.fixed_base, &text,
+    succ =  precompute_fixed_base(&goldilocks_global.fixed_base, text,
         COMB_N, COMB_T, COMB_S, goldilocks_global.combs);
-    succ &= precompute_fixed_base_wnaf(goldilocks_global.wnafs, &text, WNAF_PRECMP_BITS);
+    succ &= precompute_fixed_base_wnaf(goldilocks_global.wnafs, text, WNAF_PRECMP_BITS);
     
-    int criff_res = crandom_init_from_file(&goldilocks_global.rand,
+    int criff_res = crandom_init_from_file(goldilocks_global.rand,
         GOLDILOCKS_RANDOM_INIT_FILE,
         GOLDILOCKS_RANDOM_RESEED_INTERVAL,
         GOLDILOCKS_RANDOM_RESEEDS_MANDATORY);
         
 #ifdef SUPERCOP_WONT_LET_ME_OPEN_FILES
     if (criff_res == EMFILE) {
-        crandom_init_from_buffer(&goldilocks_global.rand, "SUPERCOP won't let me open files");
+        crandom_init_from_buffer(goldilocks_global.rand, "SUPERCOP won't let me open files");
         criff_res = 0;
     }
 #endif
         
     if (succ & !criff_res) {
-        if (!bool_compare_and_swap(&goldilocks_global.state, G_INITING, G_INITED)) {
+        if (!bool_compare_and_swap(&goldilocks_global.status, G_INITING, G_INITED)) {
             abort();
         }
         return 0;
@@ -138,7 +138,7 @@ goldilocks_init (void) {
     /* it failed! fall though... */
 
 fail:
-    if (!bool_compare_and_swap(&goldilocks_global.state, G_INITING, G_FAILED)) {
+    if (!bool_compare_and_swap(&goldilocks_global.status, G_INITING, G_FAILED)) {
         /* ok something is seriously wrong */
         abort();
     }
@@ -160,20 +160,20 @@ goldilocks_derive_private_key (
     word_t sk[GOLDI_FIELD_WORDS];
     assert(sizeof(skb) >= sizeof(sk));
     
-    struct sha512_ctx_t ctx;
-    struct tw_extensible_t exta;
+    sha512_ctx_a_t ctx;
+    tw_extensible_a_t exta;
     field_a_t pk;
     
-    sha512_init(&ctx);
-    sha512_update(&ctx, (const unsigned char *)"derivepk", GOLDI_DIVERSIFY_BYTES);
-    sha512_update(&ctx, proto, GOLDI_SYMKEY_BYTES);
-    field_hash_final(&ctx, (unsigned char *)skb);
+    sha512_init(ctx);
+    sha512_update(ctx, (const unsigned char *)"derivepk", GOLDI_DIVERSIFY_BYTES);
+    sha512_update(ctx, proto, GOLDI_SYMKEY_BYTES);
+    field_hash_final(ctx, (unsigned char *)skb);
 
     barrett_deserialize_and_reduce(sk, skb, sizeof(skb), &curve_prime_order);
     barrett_serialize(privkey->opaque, sk, GOLDI_FIELD_BYTES);
 
-    scalarmul_fixed_base(&exta, sk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
-    untwist_and_double_and_serialize(pk, &exta);
+    scalarmul_fixed_base(exta, sk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
+    untwist_and_double_and_serialize(pk, exta);
     
     field_serialize(&privkey->opaque[GOLDI_FIELD_BYTES], pk);
     
@@ -204,7 +204,7 @@ goldilocks_keygen (
     if (ml_ret) return ml_ret;
 #endif
 
-    int ret = crandom_generate(&goldilocks_global.rand, proto, sizeof(proto));
+    int ret = crandom_generate(goldilocks_global.rand, proto, sizeof(proto));
 
 #if GOLDILOCKS_USE_PTHREAD
     ml_ret = pthread_mutex_unlock(&goldilocks_global.mutex);
@@ -267,9 +267,9 @@ goldilocks_shared_secret_core (
     
 #if GOLDI_IMPLEMENT_PRECOMPUTED_KEYS
     if (pre) {
-        struct tw_extensible_t tw;
-        succ &= scalarmul_fixed_base(&tw, sk, GOLDI_SCALAR_BITS, &pre->table);
-        untwist_and_double_and_serialize(pk, &tw);
+        tw_extensible_a_t tw;
+        succ &= scalarmul_fixed_base(tw, sk, GOLDI_SCALAR_BITS, &pre->table);
+        untwist_and_double_and_serialize(pk, tw);
     } else {
         succ &= montgomery_ladder(pk,pk,sk,GOLDI_SCALAR_BITS,1);
     }
@@ -282,8 +282,8 @@ goldilocks_shared_secret_core (
     field_serialize(gxy,pk);
     
     /* obliterate records of our failure by adjusting with obliteration key */
-    struct sha512_ctx_t ctx;
-    sha512_init(&ctx);
+    sha512_ctx_a_t ctx;
+    sha512_init(ctx);
 
 #ifdef EXPERIMENT_ECDH_OBLITERATE_CT
     uint8_t oblit[GOLDI_DIVERSIFY_BYTES + GOLDI_SYMKEY_BYTES];
@@ -294,21 +294,21 @@ goldilocks_shared_secret_core (
     for (i=0; i<GOLDI_SYMKEY_BYTES; i++) {
         oblit[GOLDI_DIVERSIFY_BYTES+i] = my_privkey->opaque[2*GOLDI_FIELD_BYTES+i] & ~(succ&msucc);
     }
-    sha512_update(&ctx, oblit, sizeof(oblit));
+    sha512_update(ctx, oblit, sizeof(oblit));
 #endif
     
 #ifdef EXPERIMENT_ECDH_STIR_IN_PUBKEYS
     /* stir in the sum and product of the pubkeys. */
     uint8_t a_pk[GOLDI_FIELD_BYTES];
     field_serialize(a_pk, sum);
-    sha512_update(&ctx, a_pk, GOLDI_FIELD_BYTES);
+    sha512_update(ctx, a_pk, GOLDI_FIELD_BYTES);
     field_serialize(a_pk, prod);
-    sha512_update(&ctx, a_pk, GOLDI_FIELD_BYTES);
+    sha512_update(ctx, a_pk, GOLDI_FIELD_BYTES);
 #endif
        
     /* stir in the shared key and finish */
-    sha512_update(&ctx, gxy, GOLDI_FIELD_BYTES);
-    sha512_final(&ctx, shared);
+    sha512_update(ctx, gxy, GOLDI_FIELD_BYTES);
+    sha512_final(ctx, shared);
     
     return (GOLDI_ECORRUPT & ~msucc)
         | (GOLDI_EINVAL & msucc &~ succ)
@@ -340,12 +340,12 @@ goldilocks_derive_challenge(
 ) {
     /* challenge = H(pk, [nonceG], message). */
     unsigned char sha_out[FIELD_HASH_BYTES];
-    struct sha512_ctx_t ctx;
-    sha512_init(&ctx);
-    sha512_update(&ctx, pubkey, GOLDI_FIELD_BYTES);
-    sha512_update(&ctx, gnonce, GOLDI_FIELD_BYTES);
-    sha512_update(&ctx, message, message_len);
-    field_hash_final(&ctx, sha_out);
+    sha512_ctx_a_t ctx;
+    sha512_init(ctx);
+    sha512_update(ctx, pubkey, GOLDI_FIELD_BYTES);
+    sha512_update(ctx, gnonce, GOLDI_FIELD_BYTES);
+    sha512_update(ctx, message, message_len);
+    field_hash_final(ctx, sha_out);
     barrett_deserialize_and_reduce(challenge, sha_out, sizeof(sha_out), &curve_prime_order);
 }
 
@@ -371,22 +371,22 @@ goldilocks_sign (
     /* Derive a nonce.  TODO: use HMAC. FUTURE: factor. */
     unsigned char sha_out[FIELD_HASH_BYTES];
     word_t tk[GOLDI_FIELD_WORDS];
-    struct sha512_ctx_t ctx;
-    sha512_init(&ctx);
-    sha512_update(&ctx, (const unsigned char *)"signonce", 8);
-    sha512_update(&ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES);
-    sha512_update(&ctx, message, message_len);
-    sha512_update(&ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES);
-    field_hash_final(&ctx, sha_out);
+    sha512_ctx_a_t ctx;
+    sha512_init(ctx);
+    sha512_update(ctx, (const unsigned char *)"signonce", 8);
+    sha512_update(ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES);
+    sha512_update(ctx, message, message_len);
+    sha512_update(ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES);
+    field_hash_final(ctx, sha_out);
     barrett_deserialize_and_reduce(tk, sha_out, sizeof(sha_out), &curve_prime_order);
     
     /* 4[nonce]G */
     uint8_t signature_tmp[GOLDI_FIELD_BYTES];
-    struct tw_extensible_t exta;
+    tw_extensible_a_t exta;
     field_a_t gsk;
-    scalarmul_fixed_base(&exta, tk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
-    double_tw_extensible(&exta);
-    untwist_and_double_and_serialize(gsk, &exta);
+    scalarmul_fixed_base(exta, tk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
+    double_tw_extensible(exta);
+    untwist_and_double_and_serialize(gsk, exta);
     field_serialize(signature_tmp, gsk);
     
     word_t challenge[GOLDI_FIELD_WORDS];
@@ -450,21 +450,21 @@ goldilocks_verify (
     goldilocks_derive_challenge(challenge, pubkey->opaque, signature, message, message_len);
     
     field_a_t eph;
-    struct tw_extensible_t pk_text;
+    tw_extensible_a_t pk_text;
     
     /* deserialize [nonce]G */
     succ = field_deserialize(eph, signature);
     if (!succ) return GOLDI_EINVAL;
     
-    succ = deserialize_and_twist_approx(&pk_text, pk);
+    succ = deserialize_and_twist_approx(pk_text, pk);
     if (!succ) return GOLDI_EINVAL;
     
-    linear_combo_var_fixed_vt( &pk_text,
+    linear_combo_var_fixed_vt( pk_text,
         challenge, GOLDI_SCALAR_BITS,
         s, GOLDI_SCALAR_BITS,
         goldilocks_global.wnafs, WNAF_PRECMP_BITS );
     
-    untwist_and_double_and_serialize( pk, &pk_text );
+    untwist_and_double_and_serialize( pk, pk_text );
 
     succ = field_eq(eph, pk);
     return succ ? 0 : GOLDI_EINVAL;
@@ -483,7 +483,7 @@ goldilocks_precompute_public_key (
     
     if (!precom) return NULL;
     
-    struct tw_extensible_t pk_text;
+    tw_extensible_a_t pk_text;
     
     field_a_t pk;
     mask_t succ = field_deserialize(pk, pub->opaque);
@@ -492,13 +492,13 @@ goldilocks_precompute_public_key (
         return NULL;
     }
     
-    succ = deserialize_and_twist_approx(&pk_text, pk);
+    succ = deserialize_and_twist_approx(pk_text, pk);
     if (!succ) {
         free(precom);
         return NULL;
     }
 
-    succ =  precompute_fixed_base(&precom->table, &pk_text,
+    succ =  precompute_fixed_base(&precom->table, pk_text,
         COMB_N, COMB_T, COMB_S, NULL);
     if (!succ) {
         free(precom);
@@ -539,20 +539,20 @@ goldilocks_verify_precomputed (
     goldilocks_derive_challenge(challenge, pubkey->pub.opaque, signature, message, message_len);
     
     field_a_t eph, pk;
-    struct tw_extensible_t pk_text;
+    tw_extensible_a_t pk_text;
     
     /* deserialize [nonce]G */
     succ = field_deserialize(eph, signature);
     if (!succ) return GOLDI_EINVAL;
         
     succ = linear_combo_combs_vt (
-        &pk_text,
+        pk_text,
         challenge, GOLDI_SCALAR_BITS, &pubkey->table,
         s, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base
     );
     if (!succ) return GOLDI_EINVAL;
     
-    untwist_and_double_and_serialize( pk, &pk_text );
+    untwist_and_double_and_serialize( pk, pk_text );
 
     succ = field_eq(eph, pk);
     return succ ? 0 : GOLDI_EINVAL;

src/include/crandom.h

@@ -39,6 +39,7 @@ struct crandom_state_t {
     int reseeds_mandatory;
     int randomfd;
 } __attribute__((aligned(16))) ;
+typedef struct crandom_state_t crandom_state_a_t[1];
 
 #ifdef __cplusplus
 extern "C" {
@@ -64,7 +65,7 @@ extern "C" {
  */
 int
 crandom_init_from_file (
-    struct crandom_state_t *state,
+    crandom_state_a_t state,
     const char *filename,
     int reseed_interval,
     int reseeds_mandatory
@@ -87,7 +88,7 @@ crandom_init_from_file (
  */
 void
 crandom_init_from_buffer (
-    struct crandom_state_t *state,
+    crandom_state_a_t state,
     const char initial_seed[32]
 );
 
@@ -118,7 +119,7 @@ crandom_init_from_buffer (
  */
 int
 crandom_generate (
-    struct crandom_state_t *state,
+    crandom_state_a_t state,
     unsigned char *output,
     unsigned long long length
 );
@@ -131,7 +132,7 @@ crandom_generate (
  */
 void
 crandom_destroy (
-    struct crandom_state_t *state
+    crandom_state_a_t state
 );
 
 #ifdef __cplusplus

src/include/ec_point.h

@@ -20,30 +20,30 @@ extern "C" {
 /**
  * Affine point on an Edwards curve.
  */
-struct affine_t {
+typedef struct affine_t {
     field_a_t x, y;
-};
+} affine_a_t[1];
 
 /**
  * Affine point on a twisted Edwards curve.
  */
-struct tw_affine_t {
+typedef struct tw_affine_t {
     field_a_t x, y;
-};
+} tw_affine_a_t[1];
 
 /**
  * Montgomery buffer.
  */
-struct montgomery_t {
+typedef struct montgomery_t {
     field_a_t z0, xd, zd, xa, za;
-};
+} montgomery_a_t[1];
 
 /**
  * Montgomery buffer, augmented version.
  */
-struct montgomery_aux_t {
+typedef struct montgomery_aux_t {
     field_a_t s0, xd, zd, xa, za, xs, zs;
-};
+} montgomery_aux_a_t[1];
 
 /**
  * Extensible coordinates for Edwards curves, suitable for
@@ -63,36 +63,36 @@ struct montgomery_aux_t {
  * lookahead trick.  It might be worth considering that trick
  * instead.
  */
-struct extensible_t {
+typedef struct extensible_t {
     field_a_t x, y, z, t, u;
-};
+} extensible_a_t[1];
 
 /**
  * Extensible coordinates for twisted Edwards curves,
  * suitable for accumulators.
  */
-struct tw_extensible_t {
+typedef struct tw_extensible_t {
     field_a_t x, y, z, t, u;
-};
+} tw_extensible_a_t[1];
 
 /**
  * Niels coordinates for twisted Edwards curves.
  * 
  * Good for mixed readdition; suitable for fixed tables.
  */
-struct tw_niels_t {
+typedef struct tw_niels_t {
     field_a_t a, b, c;
-};
+} tw_niels_a_t[1];
 
 /**
  * Projective niels coordinates for twisted Edwards curves.
  * 
  * Good for readdition; suitable for temporary tables.
  */
-struct tw_pniels_t {
-    struct tw_niels_t n;
+typedef struct tw_pniels_t {
+    tw_niels_a_t n;
     field_a_t z;
-};
+} tw_pniels_a_t[1];
 
 
 /**
@@ -100,8 +100,8 @@ struct tw_pniels_t {
  */
 static __inline__ void
 copy_affine (
-    struct affine_t*       a,
-    const struct affine_t* ds
+    affine_a_t       a,
+    const affine_a_t ds
 ) __attribute__((unused,always_inline));
 
 /**
@@ -109,8 +109,8 @@ copy_affine (
  */
 static __inline__ void
 copy_tw_affine (
-    struct tw_affine_t*       a,
-    const struct tw_affine_t* ds
+    tw_affine_a_t       a,
+    const tw_affine_a_t ds
 ) __attribute__((unused,always_inline));
 
 /**
@@ -118,8 +118,8 @@ copy_tw_affine (
  */
 static __inline__ void
 copy_montgomery (
-    struct montgomery_t*       a,
-    const struct montgomery_t* ds
+    montgomery_a_t       a,
+    const montgomery_a_t ds
 ) __attribute__((unused,always_inline));
 
 /**
@@ -127,8 +127,8 @@ copy_montgomery (
  */
 static __inline__ void
 copy_extensible (
-    struct extensible_t*       a,
-    const struct extensible_t* ds
+    extensible_a_t       a,
+    const extensible_a_t ds
 ) __attribute__((unused,always_inline));
 
 /**
@@ -136,8 +136,8 @@ copy_extensible (
  */
 static __inline__ void
 copy_tw_extensible (
-    struct tw_extensible_t*       a,
-    const struct tw_extensible_t* ds
+    tw_extensible_a_t       a,
+    const tw_extensible_a_t ds
 ) __attribute__((unused,always_inline));
 
 /**
@@ -145,8 +145,8 @@ copy_tw_extensible (
  */
 static __inline__ void
 copy_tw_niels (
-    struct tw_niels_t*       a,
-    const struct tw_niels_t* ds
+    tw_niels_a_t       a,
+    const tw_niels_a_t ds
 ) __attribute__((unused,always_inline));
 
 /**
@@ -154,8 +154,8 @@ copy_tw_niels (
  */
 static __inline__ void
 copy_tw_pniels (
-    struct tw_pniels_t*       a,
-    const struct tw_pniels_t* ds
+    tw_pniels_a_t       a,
+    const tw_pniels_a_t ds
 ) __attribute__((unused,always_inline));
 
 /**
@@ -164,8 +164,8 @@ copy_tw_pniels (
  */
 void
 add_tw_niels_to_tw_extensible (
-    struct tw_extensible_t*  d,
-    const struct tw_niels_t* e
+    tw_extensible_a_t  d,
+    const tw_niels_a_t e
 );
 
 /**
@@ -174,8 +174,8 @@ add_tw_niels_to_tw_extensible (
  */
 void
 sub_tw_niels_from_tw_extensible (
-    struct tw_extensible_t*  d,
-    const struct tw_niels_t* e
+    tw_extensible_a_t  d,
+    const tw_niels_a_t e
 );
 
 /**
@@ -184,8 +184,8 @@ sub_tw_niels_from_tw_extensible (
  */
 void
 add_tw_pniels_to_tw_extensible (
-    struct tw_extensible_t*   e,
-    const struct tw_pniels_t* a
+    tw_extensible_a_t   e,
+    const tw_pniels_a_t a
 );
 
 /**
@@ -194,8 +194,8 @@ add_tw_pniels_to_tw_extensible (
  */
 void
 sub_tw_pniels_from_tw_extensible (
-    struct tw_extensible_t*   e,
-    const struct tw_pniels_t* a
+    tw_extensible_a_t   e,
+    const tw_pniels_a_t a
 );
 
 /**
@@ -203,7 +203,7 @@ sub_tw_pniels_from_tw_extensible (
  */
 void
 double_tw_extensible (
-    struct tw_extensible_t* a
+    tw_extensible_a_t a
 );
 
 /**
@@ -211,7 +211,7 @@ double_tw_extensible (
  */
 void
 double_extensible (
-    struct extensible_t* a
+    extensible_a_t a
 );
 
 /**
@@ -221,8 +221,8 @@ double_extensible (
  */
 void
 twist_and_double (
-    struct tw_extensible_t*    b,
-    const struct extensible_t* a
+    tw_extensible_a_t    b,
+    const extensible_a_t a
 );
 
 /**
@@ -232,72 +232,72 @@ twist_and_double (
  */
 void
 untwist_and_double (
-    struct extensible_t*          b,
-    const struct tw_extensible_t* a
+    extensible_a_t          b,
+    const tw_extensible_a_t a
 );
 
 void
 convert_tw_affine_to_tw_pniels (
-    struct tw_pniels_t*       b,
-    const struct tw_affine_t* a
+    tw_pniels_a_t       b,
+    const tw_affine_a_t a
 );
 
 void
 convert_tw_affine_to_tw_extensible (
-    struct tw_extensible_t*   b,
-    const struct tw_affine_t* a
+    tw_extensible_a_t   b,
+    const tw_affine_a_t a
 );
 
 void
 convert_affine_to_extensible (
-    struct extensible_t*   b,
-    const struct affine_t* a
+    extensible_a_t   b,
+    const affine_a_t a
 );
 
 void
 convert_tw_extensible_to_tw_pniels (
-    struct tw_pniels_t*           b,
-    const struct tw_extensible_t* a
+    tw_pniels_a_t           b,
+    const tw_extensible_a_t a
 );
 
 void
 convert_tw_pniels_to_tw_extensible (
-    struct tw_extensible_t*   e,
-    const struct tw_pniels_t* d
+    tw_extensible_a_t   e,
+    const tw_pniels_a_t d
 );
 
 void
 convert_tw_niels_to_tw_extensible (
-    struct tw_extensible_t*  e,
-    const struct tw_niels_t* d
+    tw_extensible_a_t  e,
+    const tw_niels_a_t d
 );
 
 void
 montgomery_step (
-    struct montgomery_t* a
+    montgomery_a_t a
 );
 
 void
 montgomery_aux_step (
-    struct montgomery_aux_t* a
+    montgomery_aux_a_t a
 );
 
 void
 deserialize_montgomery (
-    struct montgomery_t* a,
+    montgomery_a_t a,
     const field_a_t sbz
 );
 
 mask_t
 serialize_montgomery (
     field_a_t             b,
-    const struct montgomery_t* a,
+    const montgomery_a_t a,
     const field_a_t       sbz
 );
     
 void
 deserialize_montgomery_decaf (
-    struct montgomery_aux_t* a,
+    montgomery_aux_a_t a,
     const field_a_t s
 );
 
@@ -315,7 +315,7 @@ deserialize_montgomery_decaf (
 void
 serialize_extensible (
     field_a_t             b,
-    const struct extensible_t* a
+    const extensible_a_t a
 );
 
 /**
@@ -324,7 +324,7 @@ serialize_extensible (
 void
 untwist_and_double_and_serialize (
     field_a_t                b,
-    const struct tw_extensible_t* a
+    const tw_extensible_a_t a
 );
 
 /**
@@ -338,8 +338,8 @@ untwist_and_double_and_serialize (
  */
 void
 twist_even (
-    struct tw_extensible_t*    b,
-    const struct extensible_t* a
+    tw_extensible_a_t    b,
+    const extensible_a_t a
 );
 
 /**
@@ -357,8 +357,8 @@ twist_even (
  */
 void
 test_only_twist (
-    struct tw_extensible_t*    b,
-    const struct extensible_t* a
+    tw_extensible_a_t    b,
+    const extensible_a_t a
 );
 
 mask_t
@@ -368,12 +368,12 @@ field_is_square (
 
 mask_t
 is_even_pt (
-    const struct extensible_t* a
+    const extensible_a_t a
 );
 
 mask_t
 is_even_tw (
-    const struct tw_extensible_t* a
+    const tw_extensible_a_t a
 );
 
 /**
@@ -381,7 +381,7 @@ is_even_tw (
  */
 mask_t
 deserialize_affine (
-    struct affine_t*     a,
+    affine_a_t     a,
     const field_a_t sz
 );
 
@@ -394,14 +394,14 @@ deserialize_affine (
  */
 mask_t
 deserialize_and_twist_approx (
-    struct tw_extensible_t* a,
+    tw_extensible_a_t a,
     const field_a_t sz
 )
 __attribute__((warn_unused_result));
 
 mask_t
 decaf_deserialize_affine (
-    struct affine_t *a,
+    affine_a_t a,
     const field_a_t s,
     mask_t allow_identity
 )
@@ -410,13 +410,13 @@ __attribute__((warn_unused_result));
 void
 decaf_serialize_extensible (
     field_a_t b,
-    const struct extensible_t* a
+    const extensible_a_t a
 );
 
 
 mask_t
 decaf_deserialize_tw_affine (
-    struct tw_affine_t       *a,
+    tw_affine_a_t       a,
     const field_a_t s,
     mask_t allow_identity
 )
@@ -425,64 +425,64 @@ __attribute__((warn_unused_result));
 void
 decaf_serialize_tw_extensible (
     field_a_t            b,
-    const struct tw_extensible_t* a
+    const tw_extensible_a_t a
 );
 
 void
 set_identity_extensible (
-    struct extensible_t* a
+    extensible_a_t a
 );
 
 void
 set_identity_tw_extensible (
-    struct tw_extensible_t* a
+    tw_extensible_a_t a
 );
 
 void
 set_identity_affine (
-    struct affine_t* a
+    affine_a_t a
 );
 
 mask_t
 eq_affine (
-    const struct affine_t* a,
-    const struct affine_t* b
+    const affine_a_t a,
+    const affine_a_t b
 );
 
 mask_t
 eq_extensible (
-    const struct extensible_t* a,
-    const struct extensible_t* b
+    const extensible_a_t a,
+    const extensible_a_t b
 );
 
 mask_t
 eq_tw_extensible (
-    const struct tw_extensible_t* a,
-    const struct tw_extensible_t* b
+    const tw_extensible_a_t a,
+    const tw_extensible_a_t b
 );
 
 void
 elligator_2s_inject (
-    struct affine_t*     a,
+    affine_a_t     a,
     const field_a_t r
 );
 
 mask_t
 validate_affine (
-    const struct affine_t* a
+    const affine_a_t a
 );
 
 mask_t
 decaf_eq_tw_extensible (
-    const struct tw_extensible_t* a,
-    const struct tw_extensible_t* b
+    const tw_extensible_a_t a,
+    const tw_extensible_a_t b
 )
 __attribute__((warn_unused_result));
 
 mask_t
 decaf_eq_extensible (
-    const struct extensible_t* a,
-    const struct extensible_t* b
+    const extensible_a_t a,
+    const extensible_a_t b
 )
 __attribute__((warn_unused_result));
 
@@ -493,7 +493,7 @@ __attribute__((warn_unused_result));
  */
 mask_t
 validate_tw_extensible (
-    const struct tw_extensible_t* ext
+    const tw_extensible_a_t ext
 );
 
 /**
@@ -503,7 +503,7 @@ validate_tw_extensible (
  */
 mask_t
 validate_extensible (
-    const struct extensible_t* ext
+    const extensible_a_t ext
 );
 
 /**
@@ -512,7 +512,7 @@ validate_extensible (
 static __inline__ void
 __attribute__((unused))
 cond_negate_tw_niels (
-    struct tw_niels_t *n,
+    tw_niels_a_t n,
     mask_t doNegate
 ) {
     constant_time_cond_swap(n->a, n->b, sizeof(n->a), doNegate);
@@ -525,16 +525,16 @@ cond_negate_tw_niels (
 static __inline__ void
 __attribute__((unused))
 cond_negate_tw_pniels (
-    struct tw_pniels_t *n,
+    tw_pniels_a_t n,
     mask_t doNegate
 ) {
-    cond_negate_tw_niels(&n->n, doNegate);
+    cond_negate_tw_niels(n->n, doNegate);
 }
 
 void
 copy_affine (
-    struct affine_t*       a,
-    const struct affine_t* ds
+    affine_a_t       a,
+    const affine_a_t ds
 ) {
     field_copy ( a->x, ds->x );
     field_copy ( a->y, ds->y );
@@ -542,8 +542,8 @@ copy_affine (
 
 void
 copy_tw_affine (
-    struct tw_affine_t*       a,
-    const struct tw_affine_t* ds
+    tw_affine_a_t       a,
+    const tw_affine_a_t ds
 ) {
     field_copy ( a->x, ds->x );
     field_copy ( a->y, ds->y );
@@ -551,8 +551,8 @@ copy_tw_affine (
 
 void
 copy_montgomery (
-    struct montgomery_t*       a,
-    const struct montgomery_t* ds
+    montgomery_a_t       a,
+    const montgomery_a_t ds
 ) {
     field_copy ( a->z0, ds->z0 );
     field_copy ( a->xd, ds->xd );
@@ -563,8 +563,8 @@ copy_montgomery (
 
 void
 copy_extensible (
-    struct extensible_t*       a,
-    const struct extensible_t* ds
+    extensible_a_t       a,
+    const extensible_a_t ds
 ) {
     field_copy ( a->x, ds->x );
     field_copy ( a->y, ds->y );
@@ -575,8 +575,8 @@ copy_extensible (
 
 void
 copy_tw_extensible (
-    struct tw_extensible_t*       a,
-    const struct tw_extensible_t* ds
+    tw_extensible_a_t       a,
+    const tw_extensible_a_t ds
 ) {
     field_copy ( a->x, ds->x );
     field_copy ( a->y, ds->y );
@@ -587,8 +587,8 @@ copy_tw_extensible (
 
 void
 copy_tw_niels (
-    struct tw_niels_t*       a,
-    const struct tw_niels_t* ds
+    tw_niels_a_t       a,
+    const tw_niels_a_t ds
 ) {
     field_copy ( a->a, ds->a );
     field_copy ( a->b, ds->b );
@@ -597,10 +597,10 @@ copy_tw_niels (
 
 void
 copy_tw_pniels (
-    struct tw_pniels_t*       a,
-    const struct tw_pniels_t* ds
+    tw_pniels_a_t       a,
+    const tw_pniels_a_t ds
 ) {
-    copy_tw_niels( &a->n, &ds->n );
+    copy_tw_niels( a->n, ds->n );
     field_copy ( a->z, ds->z );
 }
 

src/include/field.h

@@ -141,7 +141,7 @@ field_low_bit (const field_a_t f) {
     field_a_t red;
     field_copy(red,f);
     field_strong_reduce(red);
-    return -(1&red.limb[0]);
+    return -(1&red->limb[0]);
 }
 
 static __inline__ mask_t

src/include/magic.h

@@ -55,7 +55,7 @@ extern const field_a_t sqrt_minus_d;
 /**
  * @brief The base point for Goldilocks.
  */
-extern const struct affine_t goldilocks_base_point;
+extern const affine_a_t goldilocks_base_point;
 
 /**
  * @brief The Goldilocks prime subgroup order.

src/include/scalarmul.h

@@ -30,7 +30,7 @@ typedef word_t scalar_t[SCALAR_WORDS];
  */
 struct fixed_base_table_t {
    /** Comb tables containing multiples of the base point. */
-  struct tw_niels_t *table;
+  tw_niels_a_t *table;
   
   /** Adjustments to the scalar in even and odd cases, respectively. */
   word_t scalar_adjustments[2*SCALAR_WORDS];
@@ -109,7 +109,7 @@ montgomery_ladder (
  */
 void
 scalarmul (
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t scalar[SCALAR_WORDS]
     /* TODO? int nbits */
 );
@@ -130,7 +130,7 @@ scalarmul (
  */
 void
 scalarmul_vlook (
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t scalar[SCALAR_WORDS]
 );
 
@@ -161,11 +161,11 @@ scalarmul_vlook (
 mask_t
 precompute_fixed_base (
   struct fixed_base_table_t *out,
-  const struct tw_extensible_t *base,
+  const tw_extensible_a_t base,
   unsigned int n,
   unsigned int t,
   unsigned int s,
-  struct tw_niels_t *prealloc
+  tw_niels_a_t *prealloc
 ) __attribute__((warn_unused_result));
 
  /**
@@ -197,7 +197,7 @@ destroy_fixed_base (
  */ 
 mask_t
 scalarmul_fixed_base (
-    struct tw_extensible_t *out,
+    tw_extensible_a_t out,
     const word_t *scalar,
     unsigned int nbits,
     const struct fixed_base_table_t *table
@@ -215,7 +215,7 @@ scalarmul_fixed_base (
  */ 
 void
 scalarmul_vt (
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t *scalar,
     unsigned int nbits
 );
@@ -236,8 +236,8 @@ scalarmul_vt (
  */
 mask_t
 precompute_fixed_base_wnaf (
-    struct tw_niels_t *out,
-    const struct tw_extensible_t *base,
+    tw_niels_a_t *out,
+    const tw_extensible_a_t base,
     unsigned int tbits
 ) __attribute__((warn_unused_result));
 
@@ -256,10 +256,10 @@ precompute_fixed_base_wnaf (
  */ 
 void
 scalarmul_fixed_base_wnaf_vt (
-    struct tw_extensible_t *out,
+    tw_extensible_a_t out,
     const word_t *scalar,
     unsigned int nbits,
-    const struct tw_niels_t *precmp,
+    const tw_niels_a_t *precmp,
     unsigned int table_bits
 );
 
@@ -281,12 +281,12 @@ scalarmul_fixed_base_wnaf_vt (
  */ 
 void
 linear_combo_var_fixed_vt (
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t scalar_var[SCALAR_WORDS],
     unsigned int nbits_var,
     const word_t scalar_pre[SCALAR_WORDS],
     unsigned int nbits_pre,
-    const struct tw_niels_t *precmp,
+    const tw_niels_a_t *precmp,
     unsigned int table_bits_pre
 );
 
@@ -309,7 +309,7 @@ linear_combo_var_fixed_vt (
  */
 mask_t
 linear_combo_combs_vt (
-    struct tw_extensible_t *out,
+    tw_extensible_a_t out,
     const word_t scalar1[SCALAR_WORDS],
     unsigned int nbits1,
     const struct fixed_base_table_t *table1,

src/include/sha512.h

@@ -17,28 +17,28 @@ extern "C" {
  *
  * This structure is opaque.
  */
-struct sha512_ctx_t {
+typedef struct {
     /** @privatesection */
     uint64_t chain[8];
     uint8_t block[128];
     uint64_t nbytes;
-};
+} sha512_ctx_a_t[1];
 
 void
 sha512_init (
-    struct sha512_ctx_t *ctx
+    sha512_ctx_a_t ctx
 );
 
 void
 sha512_update (
-    struct sha512_ctx_t *ctx,
+    sha512_ctx_a_t ctx,
     const unsigned char *data,
     uint64_t bytes
 );
     
 void
 sha512_final (
-    struct sha512_ctx_t *ctx,
+    sha512_ctx_a_t ctx,
     uint8_t result[SHA512_OUTPUT_BYTES]
 );
     

src/p448/magic.c

@@ -33,7 +33,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = {
     U64LE(0x0000000000000000)
 };
 
-const struct affine_t goldilocks_base_point = {
+const affine_a_t goldilocks_base_point = {{
 #ifdef USE_NEON_PERM
     {{{ 0xaed939f,0xc59d070,0xf0de840,0x5f065c3, 0xf4ba0c7,0xdf73324,0xc170033,0x3a6a26a,
        0x4c63d96,0x4609845,0xf3932d9,0x1b4faff, 0x6147eaa,0xa2692ff,0x9cecfa9,0x297ea0e
@@ -46,7 +46,7 @@ const struct affine_t goldilocks_base_point = {
     }}},
 #endif
     {{{ 19 }}}
-};
+}};
 
 static const word_t curve_prime_order_lo[(224+WORD_BITS-1)/WORD_BITS] = {
     U64LE(0xdc873d6d54a7bb0d),

src/p480/magic.c

@@ -35,7 +35,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = {
     0x00000000
 };
 
-const struct affine_t goldilocks_base_point = {
+const affine_a_t goldilocks_base_point = {{
     {{{
         U60LE(0x849ff7f845c30d3),
         U60LE(0x7dda488553a4c5b),
@@ -47,7 +47,7 @@ const struct affine_t goldilocks_base_point = {
         U60LE(0x7ca42af3d564280)
     }}},
     {{{ 5 }}}
-};
+}};
 
 static const word_t curve_prime_order_lo[(240+WORD_BITS-1)/WORD_BITS] = {
     U64LE(0x72e70941cf8da597),

src/p521/magic.c

@@ -38,7 +38,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = {
     0x0
 };
 
-const struct affine_t goldilocks_base_point = {
+const affine_a_t goldilocks_base_point = {{
     {{{
 #ifdef USE_P521_3x3_TRANSPOSE
         U58LE(0x02a940a2f19ba6c),
@@ -66,7 +66,7 @@ const struct affine_t goldilocks_base_point = {
 #endif
     }}},
     {{{ 12 }}}
-};
+}};
 
 static const word_t curve_prime_order_lo[(261+WORD_BITS-1)/WORD_BITS] = {
     U64LE(0xbf15dbca0ae7f295),

src/scalarmul.c

@@ -21,8 +21,8 @@ montgomery_ladder (
     unsigned int nbits,
     unsigned int n_extra_doubles
 ) { 
-    struct montgomery_t mont;
-    deserialize_montgomery(&mont, in);
+    montgomery_a_t mont;
+    deserialize_montgomery(mont, in);
     
     int i,j,n=(nbits-1)%WORD_BITS;
     mask_t pflip = 0;
@@ -30,29 +30,29 @@ montgomery_ladder (
         word_t w = scalar[j];
         for (i=n; i>=0; i--) {
             mask_t flip = -((w>>i)&1);
-            constant_time_cond_swap(mont.xa,mont.xd,sizeof(mont.xd),flip^pflip);
-            constant_time_cond_swap(mont.za,mont.zd,sizeof(mont.xd),flip^pflip);
-            montgomery_step(&mont);
+            constant_time_cond_swap(mont->xa,mont->xd,sizeof(mont->xd),flip^pflip);
+            constant_time_cond_swap(mont->za,mont->zd,sizeof(mont->xd),flip^pflip);
+            montgomery_step(mont);
             pflip = flip;
         }
         n = WORD_BITS-1;
     }
-    constant_time_cond_swap(mont.xa,mont.xd,sizeof(mont.xd),pflip);
-    constant_time_cond_swap(mont.za,mont.zd,sizeof(mont.xd),pflip);
+    constant_time_cond_swap(mont->xa,mont->xd,sizeof(mont->xd),pflip);
+    constant_time_cond_swap(mont->za,mont->zd,sizeof(mont->xd),pflip);
     
     assert(n_extra_doubles < INT_MAX);
     for (j=0; j<(int)n_extra_doubles; j++) {
-        montgomery_step(&mont);
+        montgomery_step(mont);
     }
     
-    return serialize_montgomery(out, &mont, in);
+    return serialize_montgomery(out, mont, in);
 }
 
 static __inline__ void
 __attribute__((unused,always_inline))
 constant_time_lookup_tw_pniels (
-    struct tw_pniels_t *out,
-    const struct tw_pniels_t *in,
+    tw_pniels_a_t out,
+    const tw_pniels_a_t *in,
     int nin,
     int idx
 ) {
@@ -62,8 +62,8 @@ constant_time_lookup_tw_pniels (
 static __inline__ void
 __attribute__((unused,always_inline))
 constant_time_lookup_tw_niels (
-    struct tw_niels_t *out,
-    const struct tw_niels_t *in,
+    tw_niels_a_t out,
+    const tw_niels_a_t *in,
     int nin,
     int idx
 ) {
@@ -73,8 +73,8 @@ constant_time_lookup_tw_niels (
 /*
 static __inline__ void
 constant_time_lookup_tw_pniels (
-    struct tw_pniels_t *out,
-    const struct tw_pniels_t *in,
+    tw_pniels_a_t out,
+    const tw_pniels_a_t in,
     int nin,
     int idx
 ) {
@@ -95,8 +95,8 @@ constant_time_lookup_tw_pniels (
 
 static __inline__ void
 constant_time_lookup_tw_niels (
-    struct tw_niels_t *out,
-    const struct tw_niels_t *in,
+    tw_niels_a_t out,
+    const tw_niels_a_t in,
     int nin,
     int idx
 ) {
@@ -145,7 +145,7 @@ convert_to_signed_window_form (
 
 void
 scalarmul (
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t scalar[SCALAR_WORDS]
 ) {
     const int WINDOW = SCALARMUL_FIXED_WINDOW_SIZE,
@@ -159,20 +159,20 @@ scalarmul (
         SCALARMUL_FIXED_WINDOW_ADJUSTMENT, SCALAR_WORDS
     );
 
-    struct tw_extensible_t tabulator;
-    copy_tw_extensible(&tabulator, working);
-    double_tw_extensible(&tabulator);
+    tw_extensible_a_t tabulator;
+    copy_tw_extensible(tabulator, working);
+    double_tw_extensible(tabulator);
 
-    struct tw_pniels_t
-	pn VECTOR_ALIGNED,
-	multiples[NTABLE] VECTOR_ALIGNED;
-    convert_tw_extensible_to_tw_pniels(&pn, &tabulator);
-    convert_tw_extensible_to_tw_pniels(&multiples[0], working);
+    tw_pniels_a_t
+	  pn VECTOR_ALIGNED,
+	  multiples[NTABLE] VECTOR_ALIGNED;
+    convert_tw_extensible_to_tw_pniels(pn, tabulator);
+    convert_tw_extensible_to_tw_pniels(multiples[0], working);
 
     int i,j;
     for (i=1; i<NTABLE; i++) {
-        add_tw_pniels_to_tw_extensible(working, &pn);
-        convert_tw_extensible_to_tw_pniels(&multiples[i], working);
+        add_tw_pniels_to_tw_extensible(working, pn);
+        convert_tw_extensible_to_tw_pniels(multiples[i], working);
     }
 
     i = nbits - WINDOW;
@@ -180,9 +180,9 @@ scalarmul (
         inv = (bits>>(WINDOW-1))-1;
     bits ^= inv;
     
-    constant_time_lookup_tw_pniels(&pn, multiples, NTABLE, bits & WINDOW_T_MASK);
-    cond_negate_tw_pniels(&pn, inv);
-    convert_tw_pniels_to_tw_extensible(working, &pn);
+    constant_time_lookup_tw_pniels(pn, multiples, NTABLE, bits & WINDOW_T_MASK);
+    cond_negate_tw_pniels(pn, inv);
+    convert_tw_pniels_to_tw_extensible(working, pn);
 		
 
     for (i-=WINDOW; i>=0; i-=WINDOW) {
@@ -200,15 +200,15 @@ scalarmul (
         inv = (bits>>(WINDOW-1))-1;
         bits ^= inv;
     
-        constant_time_lookup_tw_pniels(&pn, multiples, NTABLE, bits & WINDOW_T_MASK);
-        cond_negate_tw_pniels(&pn, inv);
-        add_tw_pniels_to_tw_extensible(working, &pn);
+        constant_time_lookup_tw_pniels(pn, multiples, NTABLE, bits & WINDOW_T_MASK);
+        cond_negate_tw_pniels(pn, inv);
+        add_tw_pniels_to_tw_extensible(working, pn);
     }
 }
 
 void
 scalarmul_vlook (
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t scalar[SCALAR_WORDS]
 ) {    
     const int WINDOW = SCALARMUL_FIXED_WINDOW_SIZE,
@@ -223,20 +223,20 @@ scalarmul_vlook (
     );
 
 
-    struct tw_extensible_t tabulator;
-    copy_tw_extensible(&tabulator, working);
-    double_tw_extensible(&tabulator);
+    tw_extensible_a_t tabulator;
+    copy_tw_extensible(tabulator, working);
+    double_tw_extensible(tabulator);
 
-    struct tw_pniels_t
-	pn VECTOR_ALIGNED,
-	multiples[NTABLE] VECTOR_ALIGNED;
-    convert_tw_extensible_to_tw_pniels(&pn, &tabulator);
-    convert_tw_extensible_to_tw_pniels(&multiples[0], working);
+    tw_pniels_a_t
+	  pn VECTOR_ALIGNED,
+	  multiples[NTABLE] VECTOR_ALIGNED;
+    convert_tw_extensible_to_tw_pniels(pn, tabulator);
+    convert_tw_extensible_to_tw_pniels(multiples[0], working);
 
     int i,j;
     for (i=1; i<NTABLE; i++) {
-        add_tw_pniels_to_tw_extensible(working, &pn);
-        convert_tw_extensible_to_tw_pniels(&multiples[i], working);
+        add_tw_pniels_to_tw_extensible(working, pn);
+        convert_tw_extensible_to_tw_pniels(multiples[i], working);
     }
 
     i = nbits - WINDOW;
@@ -244,9 +244,9 @@ scalarmul_vlook (
         inv = (bits>>(WINDOW-1))-1;
     bits ^= inv;
 
-    copy_tw_pniels(&pn, &multiples[bits & WINDOW_T_MASK]);
-    cond_negate_tw_pniels(&pn, inv);
-    convert_tw_pniels_to_tw_extensible(working, &pn);
+    copy_tw_pniels(pn, multiples[bits & WINDOW_T_MASK]);
+    cond_negate_tw_pniels(pn, inv);
+    convert_tw_pniels_to_tw_extensible(working, pn);
 		
 
     for (i-=WINDOW; i>=0; i-=WINDOW) {
@@ -264,9 +264,9 @@ scalarmul_vlook (
         inv = (bits>>(WINDOW-1))-1;
         bits ^= inv;
     
-        copy_tw_pniels(&pn, &multiples[bits & WINDOW_T_MASK]);
-        cond_negate_tw_pniels(&pn, inv);
-        add_tw_pniels_to_tw_extensible(working, &pn);
+        copy_tw_pniels(pn, multiples[bits & WINDOW_T_MASK]);
+        cond_negate_tw_pniels(pn, inv);
+        add_tw_pniels_to_tw_extensible(working, pn);
     }
 }
 
@@ -275,7 +275,7 @@ schedule_scalar_for_combs (
     word_t *scalar2,
     const word_t *scalar,
     unsigned int nbits,
-    const struct fixed_base_table_t *table
+    const struct fixed_base_table_t* table
 ) {
     unsigned int i;
     unsigned int n = table->n, t = table->t, s = table->s;
@@ -312,10 +312,10 @@ schedule_scalar_for_combs (
 
 mask_t
 scalarmul_fixed_base (
-    struct tw_extensible_t *out,
+    tw_extensible_a_t out,
     const word_t scalar[SCALAR_WORDS],
     unsigned int nbits,
-    const struct fixed_base_table_t *table
+    const struct fixed_base_table_t* table
 ) {
     unsigned int i,j,k;
     unsigned int n = table->n, t = table->t, s = table->s;
@@ -332,7 +332,7 @@ scalarmul_fixed_base (
     assert(t >= 1);
 #endif
     
-    struct tw_niels_t ni;
+    tw_niels_a_t ni;
     
     for (i=0; i<s; i++) {
         if (i) double_tw_extensible(out);
@@ -355,12 +355,12 @@ scalarmul_fixed_base (
             tab ^= invert;
             tab &= (1<<(t-1)) - 1;
             
-            constant_time_lookup_tw_niels(&ni, table->table + (j<<(t-1)), 1<<(t-1), tab);
-            cond_negate_tw_niels(&ni, invert);
+            constant_time_lookup_tw_niels(ni, table->table + (j<<(t-1)), 1<<(t-1), tab);
+            cond_negate_tw_niels(ni, invert);
             if (i||j) {
-                add_tw_niels_to_tw_extensible(out, &ni);
+                add_tw_niels_to_tw_extensible(out, ni);
             } else {
-                convert_tw_niels_to_tw_extensible(out, &ni);
+                convert_tw_niels_to_tw_extensible(out, ni);
             }
         }
     }
@@ -370,13 +370,13 @@ scalarmul_fixed_base (
 
 mask_t
 linear_combo_combs_vt (
-    struct tw_extensible_t *out,
+    tw_extensible_a_t out,
     const word_t scalar1[SCALAR_WORDS],
     unsigned int nbits1,
-    const struct fixed_base_table_t *table1,
+    const struct fixed_base_table_t* table1,
     const word_t scalar2[SCALAR_WORDS],
     unsigned int nbits2,
-    const struct fixed_base_table_t *table2
+    const struct fixed_base_table_t* table2
 ) { 
     unsigned int i,j,k,sc;
     unsigned int s1 = table1->s, s2 = table2->s, smax = (s1 > s2) ? s1 : s2;
@@ -402,7 +402,7 @@ linear_combo_combs_vt (
     assert(table2->t >= 1);
 #endif
   
-    struct tw_niels_t ni;
+    tw_niels_a_t ni;
     
     unsigned int swords[2] = {scalar1b_words, scalar2b_words}, started = 0;
     word_t *scalars[2] = {scalar1b,scalar2b};
@@ -411,7 +411,7 @@ linear_combo_combs_vt (
         if (i) double_tw_extensible(out);
             
         for (sc=0; sc<2; sc++) {
-            const struct fixed_base_table_t *table = sc ? table2 : table1;
+            const struct fixed_base_table_t* table = sc ? table2 : table1;
             
             int ii = i-smax+table->s;
             if (ii < 0) continue;
@@ -432,13 +432,13 @@ linear_combo_combs_vt (
                 tab ^= invert;
                 tab &= (1<<(table->t-1)) - 1;
             
-                copy_tw_niels(&ni, &table->table[tab + (j<<(table->t-1))]);
-                cond_negate_tw_niels(&ni,invert);
+                copy_tw_niels(ni, table->table[tab + (j<<(table->t-1))]);
+                cond_negate_tw_niels(ni,invert);
                 
                 if (started) {
-                    add_tw_niels_to_tw_extensible(out, &ni);
+                    add_tw_niels_to_tw_extensible(out, ni);
                 } else {
-                    convert_tw_niels_to_tw_extensible(out, &ni);
+                    convert_tw_niels_to_tw_extensible(out, ni);
                     started = 1;
                 }
             
@@ -454,12 +454,12 @@ linear_combo_combs_vt (
 
 mask_t
 precompute_fixed_base (
-  struct fixed_base_table_t *out,
-  const struct tw_extensible_t *base,
+  struct fixed_base_table_t* out,
+  const tw_extensible_a_t base,
   unsigned int n,
   unsigned int t,
   unsigned int s,
-  struct tw_niels_t *prealloc
+  tw_niels_a_t *prealloc
 ) {
     if (s < 1 || t < 1 || n < 1 || n*t*s < SCALAR_BITS) {
         really_memset(out, 0, sizeof(*out));
@@ -470,19 +470,19 @@ precompute_fixed_base (
     out->t = t;
     out->s = s;
   
-    struct tw_extensible_t working, start;
-    copy_tw_extensible(&working, base);
-    struct tw_pniels_t pn_tmp;
+    tw_extensible_a_t working, start;
+    copy_tw_extensible(working, base);
+    tw_pniels_a_t pn_tmp;
   
-    struct tw_pniels_t *doubles = (struct tw_pniels_t *) malloc_vector(sizeof(*doubles) * (t-1));
+    tw_pniels_a_t *doubles = (tw_pniels_a_t *) malloc_vector(sizeof(*doubles) * (t-1));
     field_a_t *zs  = (field_a_t *) malloc_vector(sizeof(*zs) * (n<<(t-1)));
     field_a_t *zis = (field_a_t *) malloc_vector(sizeof(*zis) * (n<<(t-1)));
     
-    struct tw_niels_t *table = prealloc;
+    tw_niels_a_t *table = prealloc;
     if (prealloc) {
         out->own_table = 0;
     } else {
-        table = (struct tw_niels_t *) malloc_vector(sizeof(*table) * (n<<(t-1)));
+        table = (tw_niels_a_t *) malloc_vector(sizeof(*table) * (n<<(t-1)));
         out->own_table = 1;
     }
     out->table = table;
@@ -535,23 +535,23 @@ precompute_fixed_base (
         /* doubling phase */
         for (j=0; j<t; j++) {
             if (j) {
-                convert_tw_extensible_to_tw_pniels(&pn_tmp, &working);
-                add_tw_pniels_to_tw_extensible(&start, &pn_tmp);
+                convert_tw_extensible_to_tw_pniels(pn_tmp, working);
+                add_tw_pniels_to_tw_extensible(start, pn_tmp);
             } else {
-                copy_tw_extensible(&start, &working);
+                copy_tw_extensible(start, working);
             }
 
             if (j==t-1 && i==n-1) {
                 break;
             }
 
-            double_tw_extensible(&working);
+            double_tw_extensible(working);
             if (j<t-1) {
-                convert_tw_extensible_to_tw_pniels(&doubles[j], &working);
+                convert_tw_extensible_to_tw_pniels(doubles[j], working);
             }
 
             for (k=0; k<s-1; k++) {
-                double_tw_extensible(&working);
+                double_tw_extensible(working);
             }
         }
 
@@ -560,9 +560,9 @@ precompute_fixed_base (
             int gray = j ^ (j>>1);
             int idx = (((i+1)<<(t-1))-1) ^ gray;
 
-            convert_tw_extensible_to_tw_pniels(&pn_tmp, &start);
-            copy_tw_niels(&table[idx], &pn_tmp.n);
-            field_copy(zs[idx], pn_tmp.z);
+            convert_tw_extensible_to_tw_pniels(pn_tmp, start);
+            copy_tw_niels(table[idx], pn_tmp->n);
+            field_copy(zs[idx], pn_tmp->z);
 			
             if (j >= (1u<<(t-1)) - 1) break;
             int delta = (j+1) ^ ((j+1)>>1) ^ gray;
@@ -572,10 +572,10 @@ precompute_fixed_base (
             
             if (gray & (1<<k)) {
                 /* start += doubles[k] */
-                add_tw_pniels_to_tw_extensible(&start, &doubles[k]);
+                add_tw_pniels_to_tw_extensible(start, doubles[k]);
             } else {
                 /* start -= doubles[k] */
-                sub_tw_pniels_from_tw_extensible(&start, &doubles[k]);
+                sub_tw_pniels_from_tw_extensible(start, doubles[k]);
             }
             
             
@@ -586,17 +586,17 @@ precompute_fixed_base (
 
     field_a_t product;
     for (i=0; i<n<<(t-1); i++) {
-        field_mul(product, table[i].a, zis[i]);
+        field_mul(product, table[i]->a, zis[i]);
         field_strong_reduce(product);
-        field_copy(table[i].a, product);
+        field_copy(table[i]->a, product);
         
-        field_mul(product, table[i].b, zis[i]);
+        field_mul(product, table[i]->b, zis[i]);
         field_strong_reduce(product);
-        field_copy(table[i].b, product);
+        field_copy(table[i]->b, product);
         
-        field_mul(product, table[i].c, zis[i]);
+        field_mul(product, table[i]->c, zis[i]);
         field_strong_reduce(product);
-        field_copy(table[i].c, product);
+        field_copy(table[i]->c, product);
     }
 	
 	mask_t ret = ~field_is_zero(zis[0]);
@@ -617,7 +617,7 @@ precompute_fixed_base (
 
 void
 destroy_fixed_base (
-    struct fixed_base_table_t *table
+    struct fixed_base_table_t* table
 ) {
     if (table->table) {
         really_memset(table->table,0,sizeof(*table->table)*(table->n<<(table->t-1)));
@@ -630,8 +630,8 @@ destroy_fixed_base (
 
 mask_t
 precompute_fixed_base_wnaf (
-    struct tw_niels_t *out,
-    const struct tw_extensible_t *const_base,
+    tw_niels_a_t *out,
+    const tw_extensible_a_t const_base,
     unsigned int tbits
 ) {
     int i;
@@ -644,29 +644,29 @@ precompute_fixed_base_wnaf (
         return 0;
     }
 
-    struct tw_extensible_t base;
-    copy_tw_extensible(&base,const_base);
+    tw_extensible_a_t base;
+    copy_tw_extensible(base,const_base);
     
-    struct tw_pniels_t twop, tmp;
+    tw_pniels_a_t twop, tmp;
     
-    convert_tw_extensible_to_tw_pniels(&tmp, &base);
-    field_copy(zs[0], tmp.z);
-    copy_tw_niels(&out[0], &tmp.n);
+    convert_tw_extensible_to_tw_pniels(tmp, base);
+    field_copy(zs[0], tmp->z);
+    copy_tw_niels(out[0], tmp->n);
 
     if (tbits > 0) {
-        double_tw_extensible(&base);
-        convert_tw_extensible_to_tw_pniels(&twop, &base);
-        add_tw_pniels_to_tw_extensible(&base, &tmp);
+        double_tw_extensible(base);
+        convert_tw_extensible_to_tw_pniels(twop, base);
+        add_tw_pniels_to_tw_extensible(base, tmp);
         
-        convert_tw_extensible_to_tw_pniels(&tmp, &base);
-        field_copy(zs[1], tmp.z);
-        copy_tw_niels(&out[1], &tmp.n);
+        convert_tw_extensible_to_tw_pniels(tmp, base);
+        field_copy(zs[1], tmp->z);
+        copy_tw_niels(out[1], tmp->n);
 
         for (i=2; i < 1<<tbits; i++) {
-            add_tw_pniels_to_tw_extensible(&base, &twop);
-            convert_tw_extensible_to_tw_pniels(&tmp, &base);
-            field_copy(zs[i], tmp.z);
-            copy_tw_niels(&out[i], &tmp.n);
+            add_tw_pniels_to_tw_extensible(base, twop);
+            convert_tw_extensible_to_tw_pniels(tmp, base);
+            field_copy(zs[i], tmp->z);
+            copy_tw_niels(out[i], tmp->n);
         }
     }
     
@@ -674,17 +674,17 @@ precompute_fixed_base_wnaf (
 
     field_a_t product;
     for (i=0; i<1<<tbits; i++) {
-        field_mul(product, out[i].a, zis[i]);
+        field_mul(product, out[i]->a, zis[i]);
         field_strong_reduce(product);
-        field_copy(out[i].a, product);
+        field_copy(out[i]->a, product);
         
-        field_mul(product, out[i].b, zis[i]);
+        field_mul(product, out[i]->b, zis[i]);
         field_strong_reduce(product);
-        field_copy(out[i].b, product);
+        field_copy(out[i]->b, product);
         
-        field_mul(product, out[i].c, zis[i]);
+        field_mul(product, out[i]->c, zis[i]);
         field_strong_reduce(product);
-        field_copy(out[i].c, product);
+        field_copy(out[i]->c, product);
     }
 
     free(zs);
@@ -760,31 +760,31 @@ recode_wnaf(
 
 static void
 prepare_wnaf_table(
-    struct tw_pniels_t *output,
-    struct tw_extensible_t *working,
+    tw_pniels_a_t *output,
+    tw_extensible_a_t working,
     unsigned int tbits
 ) {
     int i;
-    convert_tw_extensible_to_tw_pniels(&output[0], working);
+    convert_tw_extensible_to_tw_pniels(output[0], working);
 
     if (tbits == 0) return;
 
     double_tw_extensible(working);
-    struct tw_pniels_t twop;
-    convert_tw_extensible_to_tw_pniels(&twop, working);
+    tw_pniels_a_t twop;
+    convert_tw_extensible_to_tw_pniels(twop, working);
 
-    add_tw_pniels_to_tw_extensible(working, &output[0]);
-    convert_tw_extensible_to_tw_pniels(&output[1], working);
+    add_tw_pniels_to_tw_extensible(working, output[0]);
+    convert_tw_extensible_to_tw_pniels(output[1], working);
 
     for (i=2; i < 1<<tbits; i++) {
-        add_tw_pniels_to_tw_extensible(working, &twop);
-        convert_tw_extensible_to_tw_pniels(&output[i], working);
+        add_tw_pniels_to_tw_extensible(working, twop);
+        convert_tw_extensible_to_tw_pniels(output[i], working);
     }
 }
 
 void
 scalarmul_vt (
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t scalar[SCALAR_WORDS],
     unsigned int nbits
 ) {
@@ -793,13 +793,13 @@ scalarmul_vt (
     
     int control_bits = recode_wnaf(control, scalar, nbits, table_bits);
   
-    struct tw_pniels_t precmp[1<<table_bits];
+    tw_pniels_a_t precmp[1<<table_bits];
     prepare_wnaf_table(precmp, working, table_bits);
   
     if (control_bits > 0) {
         assert(control[0].addend > 0);
         assert(control[0].power >= 0);
-        convert_tw_pniels_to_tw_extensible(working, &precmp[control[0].addend >> 1]);
+        convert_tw_pniels_to_tw_extensible(working, precmp[control[0].addend >> 1]);
     } else {
         set_identity_tw_extensible(working);
         return;
@@ -813,9 +813,9 @@ scalarmul_vt (
             assert(control[conti].addend);
 
             if (control[conti].addend > 0) {
-                add_tw_pniels_to_tw_extensible(working, &precmp[control[conti].addend >> 1]);
+                add_tw_pniels_to_tw_extensible(working, precmp[control[conti].addend >> 1]);
             } else {
-                sub_tw_pniels_from_tw_extensible(working, &precmp[(-control[conti].addend) >> 1]);
+                sub_tw_pniels_from_tw_extensible(working, precmp[(-control[conti].addend) >> 1]);
             }
             conti++;
             assert(conti <= control_bits);
@@ -825,10 +825,10 @@ scalarmul_vt (
 
 void
 scalarmul_fixed_base_wnaf_vt (
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t scalar[SCALAR_WORDS],
     unsigned int nbits,
-    const struct tw_niels_t *precmp,
+    const tw_niels_a_t *precmp,
     unsigned int table_bits
 ) {
     struct smvt_control control[nbits/(table_bits+1)+3];
@@ -838,7 +838,7 @@ scalarmul_fixed_base_wnaf_vt (
     if (control_bits > 0) {
         assert(control[0].addend > 0);
         assert(control[0].power >= 0);
-        convert_tw_niels_to_tw_extensible(working, &precmp[control[0].addend >> 1]);
+        convert_tw_niels_to_tw_extensible(working, precmp[control[0].addend >> 1]);
     } else {
         set_identity_tw_extensible(working);
         return;
@@ -853,9 +853,9 @@ scalarmul_fixed_base_wnaf_vt (
         
         assert(control[conti].addend);
         if (control[conti].addend > 0) {
-            add_tw_niels_to_tw_extensible(working, &precmp[control[conti].addend >> 1]);
+            add_tw_niels_to_tw_extensible(working, precmp[control[conti].addend >> 1]);
         } else {
-            sub_tw_niels_from_tw_extensible(working, &precmp[(-control[conti].addend) >> 1]);
+            sub_tw_niels_from_tw_extensible(working, precmp[(-control[conti].addend) >> 1]);
         }
     }
 
@@ -866,12 +866,12 @@ scalarmul_fixed_base_wnaf_vt (
 
 void
 linear_combo_var_fixed_vt(
-    struct tw_extensible_t *working,
+    tw_extensible_a_t working,
     const word_t scalar_var[SCALAR_WORDS],
     unsigned int nbits_var,
     const word_t scalar_pre[SCALAR_WORDS],
     unsigned int nbits_pre,
-    const struct tw_niels_t *precmp,
+    const tw_niels_a_t *precmp,
     unsigned int table_bits_pre
 ) {
     const int table_bits_var = SCALARMUL_WNAF_COMBO_TABLE_BITS;
@@ -883,22 +883,22 @@ linear_combo_var_fixed_vt(
     (void)ncb_var;
     (void)ncb_pre;
   
-    struct tw_pniels_t precmp_var[1<<table_bits_var];
+    tw_pniels_a_t precmp_var[1<<table_bits_var];
     prepare_wnaf_table(precmp_var, working, table_bits_var);
   
     int contp=0, contv=0, i;
   
     i = control_var[0].power;
     if (i > control_pre[0].power) {
-        convert_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[0].addend >> 1]);
+        convert_tw_pniels_to_tw_extensible(working, precmp_var[control_var[0].addend >> 1]);
         contv++;
     } else if (i == control_pre[0].power && i >=0 ) {
-        convert_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[0].addend >> 1]);
-        add_tw_niels_to_tw_extensible(working, &precmp[control_pre[0].addend >> 1]);
+        convert_tw_pniels_to_tw_extensible(working, precmp_var[control_var[0].addend >> 1]);
+        add_tw_niels_to_tw_extensible(working, precmp[control_pre[0].addend >> 1]);
         contv++; contp++;
     } else {
         i = control_pre[0].power;
-        convert_tw_niels_to_tw_extensible(working, &precmp[control_pre[0].addend >> 1]);
+        convert_tw_niels_to_tw_extensible(working, precmp[control_pre[0].addend >> 1]);
         contp++;
     }
     
@@ -914,9 +914,9 @@ linear_combo_var_fixed_vt(
             assert(control_var[contv].addend);
 
             if (control_var[contv].addend > 0) {
-                add_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[contv].addend >> 1]);
+                add_tw_pniels_to_tw_extensible(working, precmp_var[control_var[contv].addend >> 1]);
             } else {
-                sub_tw_pniels_from_tw_extensible(working, &precmp_var[(-control_var[contv].addend) >> 1]);
+                sub_tw_pniels_from_tw_extensible(working, precmp_var[(-control_var[contv].addend) >> 1]);
             }
             contv++;
         }
@@ -925,9 +925,9 @@ linear_combo_var_fixed_vt(
             assert(control_pre[contp].addend);
 
             if (control_pre[contp].addend > 0) {
-                add_tw_niels_to_tw_extensible(working, &precmp[control_pre[contp].addend >> 1]);
+                add_tw_niels_to_tw_extensible(working, precmp[control_pre[contp].addend >> 1]);
             } else {
-                sub_tw_niels_from_tw_extensible(working, &precmp[(-control_pre[contp].addend) >> 1]);
+                sub_tw_niels_from_tw_extensible(working, precmp[(-control_pre[contp].addend) >> 1]);
             }
             contp++;
         }

src/sha512.c

@@ -72,7 +72,7 @@ static inline uint64_t maj(uint64_t h1, uint64_t h2, uint64_t h3) {
 
 static void
 sha512_process_block (
-    struct sha512_ctx_t *ctx
+    sha512_ctx_a_t ctx
 ) {
     uint64_t i, tmp, a, b,
         *w = (uint64_t *) ctx->block,
@@ -119,7 +119,7 @@ sha512_process_block (
 
 void
 sha512_init (
-    struct sha512_ctx_t *ctx
+    sha512_ctx_a_t ctx
 ) {
     ctx->nbytes = 0;
     memcpy(ctx->chain, sha512_init_state, sizeof(sha512_init_state));
@@ -128,7 +128,7 @@ sha512_init (
 
 void
 sha512_update (
-    struct sha512_ctx_t *ctx,
+    sha512_ctx_a_t ctx,
     const unsigned char *data,
     uint64_t bytes
 ) {
@@ -153,7 +153,7 @@ sha512_update (
 
 void
 sha512_final (
-    struct sha512_ctx_t *ctx,
+    sha512_ctx_a_t ctx,
     uint8_t result[64]
 ) {
     uint64_t fill = ctx->nbytes % 128, i;

test/bench.c

@@ -146,19 +146,19 @@ int main(int argc, char **argv) {
     when = now() - when;
     printf("rand448:     %5.1fns\n", when * 1e9 / i);
     
-    struct sha512_ctx_t sha;
+    sha512_ctx_a_t sha;
     uint8_t hashout[128];
     when = now();
     for (i=0; i<nbase; i++) {
-        sha512_init(&sha);
-        sha512_final(&sha, hashout);
+        sha512_init(sha);
+        sha512_final(sha, hashout);
     }
     when = now() - when;
     printf("sha512 1blk: %5.1fns\n", when * 1e9 / i);
     
     when = now();
     for (i=0; i<nbase; i++) {
-        sha512_update(&sha, hashout, 128);
+        sha512_update(sha, hashout, 128);
     }
     when = now() - when;
     printf("sha512 blk:  %5.1fns (%0.2f MB/s)\n", when * 1e9 / i, 128*i/when/1e6);
@@ -356,7 +356,7 @@ int main(int argc, char **argv) {
     when = now() - when;
     printf("edwards vtm: %5.1fµs\n", when * 1e6 / i);
     
-    struct tw_niels_t wnaft[1<<6];
+    tw_niels_a_t wnaft[1<<6];
     when = now();
     for (i=0; i<nbase/10; i++) {
         ignore_result(precompute_fixed_base_wnaf(wnaft,&ext,6));

test/test_pointops.c

@@ -371,12 +371,12 @@ int test_pointops (void) {
     crandom_init_from_buffer(&crand, "test_pointops random initializer");
     
     struct extensible_t ext_base;
-    if (!validate_affine(&goldilocks_base_point)) {
+    if (!validate_affine(goldilocks_base_point)) {
         youfail();
         printf("  Base point isn't on the curve.\n");
         return -1;
     }
-    convert_affine_to_extensible(&ext_base, &goldilocks_base_point);
+    convert_affine_to_extensible(&ext_base, goldilocks_base_point);
     if (!validate_ext(&ext_base, 2, "base")) return -1;
     
     int i, ret;

test/test_scalarmul.c

@@ -80,7 +80,7 @@ single_scalarmul_compatibility_test (
     
     /* compute using precomp wNAF */
     for (i=0; i<nsizes; i++) {
-        struct tw_niels_t pre[1<<i];
+        tw_niels_a_t pre[1<<i];
         
         succ = precompute_fixed_base_wnaf(pre, &text, i);
         if (!succ) {
@@ -177,7 +177,7 @@ single_linear_combo_test (
     if (!succ) return 1;
     
     struct fixed_base_table_t t1, t2;
-    struct tw_niels_t wnaf[32];
+    tw_niels_a_t wnaf[32];
     memset(&t1,0,sizeof(t1));
     memset(&t2,0,sizeof(t2));
     

test/test_sha512.c

@@ -11,8 +11,8 @@ static int sha512_monte_carlo_core (
     const char *seed,
     const char *checks[100]
 ) { 
-    struct sha512_ctx_t sha;
-    sha512_init(&sha);
+    sha512_ctx_a_t sha;
+    sha512_init(sha);
     
     unsigned char md0[64],md1[64],md2[64];
     
@@ -31,12 +31,12 @@ static int sha512_monte_carlo_core (
     for (j=0; j<100; j++) {
         
         for (i=3; i<1003; i++) {
-            sha512_update(&sha,md0,sizeof(md0));
-            sha512_update(&sha,md1,sizeof(md1));
-            sha512_update(&sha,md2,sizeof(md2));
+            sha512_update(sha,md0,sizeof(md0));
+            sha512_update(sha,md1,sizeof(md1));
+            sha512_update(sha,md2,sizeof(md2));
             memcpy(md0,md1,sizeof(md1));
             memcpy(md1,md2,sizeof(md1));
-            sha512_final(&sha,md2);
+            sha512_final(sha,md2);
         }
         
         ret = hexdecode(md0,checks[j],64);