some minor changes to get the arch_32 stuff compiling, and a few tweaks for my use

10 years ago · a941e639bc
--- a/include/goldilocks.h
+++ b/include/goldilocks.h
@@ -38,7 +38,7 @@
 /** The size of a Goldilocks private key, in bytes. */
 #define GOLDI_PRIVATE_KEY_BYTES   (2*GOLDI_FIELD_BYTES + GOLDI_SYMKEY_BYTES)

 /** The size of a Goldilocks private key, in bytes. */
 /** The size of a Goldilocks signature, in bytes. */
 #define GOLDI_SIGNATURE_BYTES     (2*GOLDI_FIELD_BYTES)

 /**
@@ -206,7 +206,8 @@ goldilocks_shared_secret (
    const struct goldilocks_private_key_t *my_privkey,
    const struct goldilocks_public_key_t *your_pubkey
 ) __attribute__((warn_unused_result,nonnull(1,2,3),visibility ("default")));
    

 #ifdef GOLDI_IMPLEMENT_SIGNATURES
 /**
 * @brief Sign a message.
 *
@@ -264,6 +265,7 @@ goldilocks_verify (
    uint64_t message_len,
    const struct goldilocks_public_key_t *pubkey
 ) __attribute__((warn_unused_result,nonnull(1,2,4),visibility ("default")));
 #endif

 #if GOLDI_IMPLEMENT_PRECOMPUTED_KEYS

--- a/src/arch_32/p448.c
+++ b/src/arch_32/p448.c
@@ -88,7 +88,7 @@ p448_mulw (
    const p448_t *as,
    uint64_t b
 ) {
    const uint32_t bhi = b>>28, blo = b & (1<<28)-1;
    const uint32_t bhi = b>>28, blo = b & ((1<<28)-1);
    
    const uint32_t *a = as->limb;
    uint32_t *c = cs->limb;
@@ -223,7 +223,7 @@ p448_deserialize (
        for (j=0; j<7; j++) {
            out |= ((uint64_t)serial[7*i+j])<<(8*j);
        }
        x->limb[2*i] = out & (1ull<<28)-1;
        x->limb[2*i] = out & ((1ull<<28)-1);
        x->limb[2*i+1] = out >> 28;
    }
    
--- a/src/arch_32/p448.h
+++ b/src/arch_32/p448.h
@@ -173,7 +173,7 @@ p448_set_ui (
    uint64_t x
 ) {
    int i;
    out->limb[0] = x & (1<<28)-1;
    out->limb[0] = x & ((1<<28)-1);
    out->limb[1] = x>>28;
    for (i=2; i<16; i++) {
      out->limb[i] = 0;
@@ -188,7 +188,7 @@ p448_cond_swap (
 ) {
    big_register_t *aa = (big_register_t*)a;
    big_register_t *bb = (big_register_t*)b;
    big_register_t m = doswap;
    big_register_t m = br_set_to_mask(doswap);

    unsigned int i;
    for (i=0; i<sizeof(*a)/sizeof(*aa); i++) {
@@ -260,7 +260,7 @@ p448_cond_neg(
    struct p448_t negated;
    big_register_t *aa = (big_register_t *)a;
    big_register_t *nn = (big_register_t*)&negated;
    big_register_t m = doNegate;
    big_register_t m = br_set_to_mask(doNegate);
    
    p448_neg(&negated, a);
    p448_bias(&negated, 2);
--- a/src/goldilocks.c
+++ b/src/goldilocks.c
@@ -306,6 +306,7 @@ goldilocks_shared_secret (
    );
 }

 #ifdef GOLDI_IMPLEMENT_SIGNATURES
 static void
 goldilocks_derive_challenge(
    word_t challenge[GOLDI_FIELD_WORDS],
@@ -448,6 +449,7 @@ goldilocks_verify (
    
    return succ ? 0 : GOLDI_EINVAL;
 }
 #endif

 #if GOLDI_IMPLEMENT_PRECOMPUTED_KEYS

--- a/src/include/config.h
+++ b/src/include/config.h
@@ -55,6 +55,18 @@
 */
 #define EXPERIMENT_ECDH_OBLITERATE_CT   1

 /**
 * @brief Whether or not define the signing functions, which
 * currently require SHA-512.
 */
 #define GOLDI_IMPLEMENT_SIGNATURES      1

 /**
 * @brief Whether or not to define and implement functions
 * working with pre-computed keys.
 */
 #define GOLDI_IMPLEMENT_PRECOMPUTED_KEYS 0

 /**
 * @brief ECDH adds public keys into the hash, to prevent
 * esoteric attacks.