trying to make headers the same, for future unified generation

9 years ago · a3b094eb99
--- a/src/decaf_crypto.c
+++ b/src/decaf_crypto.c
@@ -15,18 +15,24 @@
 #include "curve_data.inc.c"
 #define SCALAR_BYTES ((SCALAR_BITS + 7)/8)

 /* TODO: canonicalize and freeze the STROBE constants in this file
  * (and STROBE itself for that matter)
  */
 static const char *DERIVE_MAGIC = API_NAME"::derive_private_key";
 static const char *SIGN_MAGIC = API_NAME"::sign";
 static const char *SHARED_SECRET_MAGIC = API_NAME"::shared_secret";
 static const uint16_t SHARED_SECRET_MAX_BLOCK_SIZE = 1<<12;
 static const unsigned int SCALAR_OVERKILL_BYTES = SCALAR_BYTES + 8;

 void API_NS(derive_private_key) (
    API_NS(private_key_t) priv,
    const API_NS(symmetric_key_t) proto
 ) {
    const char *magic = API_NAME"::derive_private_key"; /* TODO: canonicalize and freeze */
    uint8_t encoded_scalar[SCALAR_OVERKILL_BYTES];
    API_NS(point_t) pub;
    
    keccak_strobe_t strobe;
    strobe_init(strobe, &STROBE_256, magic, 0);
    strobe_init(strobe, &STROBE_256, DERIVE_MAGIC, 0);
    strobe_fixed_key(strobe, proto, sizeof(API_NS(symmetric_key_t)));
    strobe_prng(strobe, encoded_scalar, sizeof(encoded_scalar));
    strobe_destroy(strobe);
@@ -54,8 +60,6 @@ void API_NS(private_to_public) (
    memcpy(pub, priv->pub, sizeof(API_NS(public_key_t)));
 }

 static const uint16_t SHARED_SECRET_MAX_BLOCK_SIZE = 1<<12; /* TODO: standardize and freeze */

 decaf_error_t
 API_NS(shared_secret) (
    uint8_t *shared,
@@ -64,9 +68,8 @@ API_NS(shared_secret) (
    const API_NS(public_key_t) your_pubkey,
    int me_first
 ) {
    const char *magic = API_NAME"::shared_secret"; /* TODO: canonicalize and freeze */
    keccak_strobe_t strobe;
    strobe_init(strobe, &STROBE_256, magic, 0);
    strobe_init(strobe, &STROBE_256, SHARED_SECRET_MAGIC, 0);
    
    uint8_t ss_ser[SER_BYTES];
    
@@ -194,7 +197,7 @@ API_NS(sign) (
    size_t message_len
 ) {
    keccak_strobe_t ctx;
    strobe_init(ctx,&STROBE_256,API_NAME"::sign",0); /* TODO: canonicalize and freeze */
    strobe_init(ctx,&STROBE_256,SIGN_MAGIC,0);
    strobe_transact(ctx, NULL, message, message_len, STROBE_CW_STREAMING_PLAINTEXT);
    API_NS(sign_strobe)(ctx, sig, priv);
    strobe_destroy(ctx);
@@ -208,7 +211,7 @@ API_NS(verify) (
    size_t message_len
 ) {
    keccak_strobe_t ctx;
    strobe_init(ctx,&STROBE_256,API_NAME"::sign",0); /* TODO: canonicalize and freeze */
    strobe_init(ctx,&STROBE_256,SIGN_MAGIC,0);
    strobe_transact(ctx, NULL, message, message_len, STROBE_CW_STREAMING_PLAINTEXT);
    decaf_error_t ret = API_NS(verify_strobe)(ctx, sig, pub);
    strobe_destroy(ctx);
--- a/src/public_include/decaf.hxx
+++ b/src/public_include/decaf.hxx
@@ -1,9 +1,16 @@

 /**
 * @file decaf/decaf.hxx
 * @copyright
 *   Copyright (c) 2016 Cryptography Research, Inc.  \n
 *   Released under the MIT License.  See LICENSE.txt for license information.
 * @author Mike Hamburg
 * @brief Decaf curve metaheader.
 * @todo TODO remove/autogenerate all these headers.
 */
 #ifndef __DECAF_HXX__
 #define __DECAF_HXX__ 1

 #include <decaf/decaf_255.hxx> // MAGIC
 #include <decaf/decaf_448.hxx> // MAGIC
 #include <decaf/decaf_255.hxx>
 #include <decaf/decaf_448.hxx>

 #endif /* __DECAF_H__ */

--- a/src/public_include/decaf/decaf_255.h
+++ b/src/public_include/decaf/decaf_255.h
@@ -22,11 +22,14 @@ extern "C" {
 #define DECAF_255_SCALAR_LIMBS (256/DECAF_WORD_BITS)

 /** Galois field element internal structure */
 #ifndef __DECAF_255_GF_DEFINED__
 #define __DECAF_255_GF_DEFINED__ 1
 typedef struct gf_25519_s {
    /** @cond internal */
    decaf_word_t limb[DECAF_255_LIMBS];
    /** @endcond */
 } __attribute__((aligned(32))) gf_25519_s, gf_25519_t[1];
 #endif /* __DECAF_255_GF_DEFINED__ */

 /** Number of bytes in a serialized point. */
 #define DECAF_255_SER_BYTES 32
@@ -36,9 +39,9 @@ typedef struct gf_25519_s {

 /** Twisted Edwards (-1,d-1) extended homogeneous coordinates */
 typedef struct decaf_255_point_s {
    /**@cond internal*/
    /** @cond internal */
    gf_25519_t x,y,z,t;
    /**@endcond*/
    /** @endcond */
 } decaf_255_point_t[1];

 /** Precomputed table based on a point.  Can be trivial implementation. */
@@ -451,10 +454,10 @@ void decaf_255_base_double_scalarmul_non_secret (
 * @param [in] pick_b If nonzero, choose point b.
 */
 void decaf_255_point_cond_sel (
     decaf_255_point_t out,
     const decaf_255_point_t a,
     const decaf_255_point_t b,
     decaf_word_t pick_b
    decaf_255_point_t out,
    const decaf_255_point_t a,
    const decaf_255_point_t b,
    decaf_word_t pick_b
 ) API_VIS NONNULL3 NOINLINE;

 /**
@@ -467,10 +470,10 @@ void decaf_255_point_cond_sel (
 * @param [in] pick_b If nonzero, choose scalar b.
 */
 void decaf_255_scalar_cond_sel (
     decaf_255_scalar_t out,
     const decaf_255_scalar_t a,
     const decaf_255_scalar_t b,
     decaf_word_t pick_b
    decaf_255_scalar_t out,
    const decaf_255_scalar_t a,
    const decaf_255_scalar_t b,
    decaf_word_t pick_b
 ) API_VIS NONNULL3 NOINLINE;

 /**
@@ -492,8 +495,8 @@ decaf_bool_t decaf_255_point_valid (
 * @param [in] p The point to torque.
 */
 void decaf_255_point_debugging_torque (
     decaf_255_point_t q,
     const decaf_255_point_t p
    decaf_255_point_t q,
    const decaf_255_point_t p
 ) API_VIS NONNULL2 NOINLINE;

 /**
@@ -506,9 +509,9 @@ void decaf_255_point_debugging_torque (
 * @param [in] factor Serialized GF factor to scale.
 */
 void decaf_255_point_debugging_pscale (
     decaf_255_point_t q,
     const decaf_255_point_t p,
     const unsigned char factor[DECAF_255_SER_BYTES]
    decaf_255_point_t q,
    const decaf_255_point_t p,
    const unsigned char factor[DECAF_255_SER_BYTES]
 ) API_VIS NONNULL2 NOINLINE;

 /**
@@ -612,7 +615,7 @@ decaf_255_invert_elligator_uniform (
 * @brief Overwrite scalar with zeros.
 */
 void decaf_255_scalar_destroy (
  decaf_255_scalar_t scalar
    decaf_255_scalar_t scalar
 ) NONNULL1 API_VIS;

 /**
@@ -620,14 +623,14 @@ void decaf_255_scalar_destroy (
 * @todo Use this internally.
 */
 void decaf_255_point_destroy (
  decaf_255_point_t point
    decaf_255_point_t point
 ) NONNULL1 API_VIS;

 /**
 * @brief Overwrite precomputed table with zeros.
 */
 void decaf_255_precomputed_destroy (
  decaf_255_precomputed_s *pre
    decaf_255_precomputed_s *pre
 ) NONNULL1 API_VIS;

 #ifdef __cplusplus
--- a/src/public_include/decaf/decaf_448.h
+++ b/src/public_include/decaf/decaf_448.h
@@ -6,7 +6,7 @@
 *   Copyright (c) 2015 Cryptography Research, Inc.  \n
 *   Released under the MIT License.  See LICENSE.txt for license information.
 *
 * @brief A group of prime order p, based on Ed448-Goldilocks.
 * @brief A group of prime order p, based on Ed448.
 */
 #ifndef __DECAF_448_H__
 #define __DECAF_448_H__ 1
@@ -25,10 +25,11 @@ extern "C" {
 #ifndef __DECAF_448_GF_DEFINED__
 #define __DECAF_448_GF_DEFINED__ 1
 typedef struct gf_448_s {
    /** @cond internal */
    decaf_word_t limb[DECAF_448_LIMBS];
    /** @endcond */
 } __attribute__((aligned(32))) gf_448_s, gf_448_t[1];
 #endif /* __DECAF_448_GF_DEFINED__ */
 /** @endcond */

 /** Number of bytes in a serialized point. */
 #define DECAF_448_SER_BYTES 56
@@ -37,7 +38,11 @@ typedef struct gf_448_s {
 #define DECAF_448_SCALAR_BYTES 56

 /** Twisted Edwards (-1,d-1) extended homogeneous coordinates */
 typedef struct decaf_448_point_s { /**@cond internal*/gf_448_t x,y,z,t;/**@endcond*/ } decaf_448_point_t[1];
 typedef struct decaf_448_point_s {
    /** @cond internal */
    gf_448_t x,y,z,t;
    /** @endcond */
 } decaf_448_point_t[1];

 /** Precomputed table based on a point.  Can be trivial implementation. */
 struct decaf_448_precomputed_s;
@@ -162,7 +167,7 @@ void decaf_448_scalar_mul (
 * @brief Invert a scalar.  When passed zero, return 0.  The input and output may alias.
 * @param [in] a A scalar.
 * @param [out] out 1/a.
 * @return DECAF_TRUE The input is nonzero.
 * @return DECAF_SUCCESS The input is nonzero.
 */  
 decaf_error_t decaf_448_scalar_invert (
    decaf_448_scalar_t out,
@@ -183,7 +188,7 @@ static inline void NONNULL2 decaf_448_scalar_copy (
 }

 /**
 * @brief Set a scalar to an integer.
 * @brief Set a scalar to an unsigned integer.
 * @param [in] a An integer.
 * @param [out] out Will become equal to a.
 */  
@@ -400,7 +405,7 @@ void decaf_448_point_double_scalarmul (
 * a1 = scalar1 * base
 * a2 = scalar2 * base
 *
 * Equivalent to two calls to decaf_255_point_scalarmul, but may be
 * Equivalent to two calls to decaf_448_point_scalarmul, but may be
 * faster.
 *
 * @param [out] a1 The first multiple
@@ -410,11 +415,11 @@ void decaf_448_point_double_scalarmul (
 * @param [in] scalar2 A second scalar to multiply by.
 */
 void decaf_448_point_dual_scalarmul (
   decaf_448_point_t a1,
   decaf_448_point_t a2,
   const decaf_448_point_t b,
   const decaf_448_scalar_t scalar1,
   const decaf_448_scalar_t scalar2
    decaf_448_point_t a1,
    decaf_448_point_t a2,
    const decaf_448_point_t b,
    const decaf_448_scalar_t scalar1,
    const decaf_448_scalar_t scalar2
 ) API_VIS NONNULL5 NOINLINE;

 /**
@@ -441,14 +446,14 @@ void decaf_448_base_double_scalarmul_non_secret (
    

 /**
 * @brief Constant-time decision between two points.  If pick_b
 * is zero, out = a; else out = b.
 *
 * @param [out] q The output.  It may be the same as either input.
 * @param [in] a Any point.
 * @param [in] b Any point.
 * @param [in] pick_b If nonzero, choose point b.
 */
 * @brief Constant-time decision between two points.  If pick_b
 * is zero, out = a; else out = b.
 *
 * @param [out] q The output.  It may be the same as either input.
 * @param [in] a Any point.
 * @param [in] b Any point.
 * @param [in] pick_b If nonzero, choose point b.
 */
 void decaf_448_point_cond_sel (
    decaf_448_point_t out,
    const decaf_448_point_t a,
@@ -457,14 +462,14 @@ void decaf_448_point_cond_sel (
 ) API_VIS NONNULL3 NOINLINE;

 /**
 * @brief Constant-time decision between two scalars.  If pick_b
 * is zero, out = a; else out = b.
 *
 * @param [out] q The output.  It may be the same as either input.
 * @param [in] a Any scalar.
 * @param [in] b Any scalar.
 * @param [in] pick_b If nonzero, choose scalar b.
 */
 * @brief Constant-time decision between two scalars.  If pick_b
 * is zero, out = a; else out = b.
 *
 * @param [out] q The output.  It may be the same as either input.
 * @param [in] a Any scalar.
 * @param [in] b Any scalar.
 * @param [in] pick_b If nonzero, choose scalar b.
 */
 void decaf_448_scalar_cond_sel (
    decaf_448_scalar_t out,
    const decaf_448_scalar_t a,
@@ -484,14 +489,15 @@ decaf_bool_t decaf_448_point_valid (
 ) API_VIS WARN_UNUSED NONNULL1 NOINLINE;

 /**
 * @brief Torque a point, for debugging purposes.
 * @brief Torque a point, for debugging purposes.  The output
 * will be equal to the input.
 *
 * @param [out] q The point to torque.
 * @param [in] p The point to torque.
 */
 void decaf_448_point_debugging_torque (
     decaf_448_point_t q,
     const decaf_448_point_t p
    decaf_448_point_t q,
    const decaf_448_point_t p
 ) API_VIS NONNULL2 NOINLINE;

 /**
@@ -504,9 +510,9 @@ void decaf_448_point_debugging_torque (
 * @param [in] factor Serialized GF factor to scale.
 */
 void decaf_448_point_debugging_pscale (
     decaf_448_point_t q,
     const decaf_448_point_t p,
     const unsigned char factor[DECAF_448_SER_BYTES]
    decaf_448_point_t q,
    const decaf_448_point_t p,
    const unsigned char factor[DECAF_448_SER_BYTES]
 ) API_VIS NONNULL2 NOINLINE;

 /**
@@ -610,7 +616,7 @@ decaf_448_invert_elligator_uniform (
 * @brief Overwrite scalar with zeros.
 */
 void decaf_448_scalar_destroy (
  decaf_448_scalar_t scalar
    decaf_448_scalar_t scalar
 ) NONNULL1 API_VIS;

 /**
@@ -618,14 +624,14 @@ void decaf_448_scalar_destroy (
 * @todo Use this internally.
 */
 void decaf_448_point_destroy (
  decaf_448_point_t point
    decaf_448_point_t point
 ) NONNULL1 API_VIS;

 /**
 * @brief Overwrite precomputed table with zeros.
 */
 void decaf_448_precomputed_destroy (
  decaf_448_precomputed_s *pre
    decaf_448_precomputed_s *pre
 ) NONNULL1 API_VIS;

 #ifdef __cplusplus