From a941e639bc5c22e86c672e8414e225d80861a5ba Mon Sep 17 00:00:00 2001
From: Nicholas Wilson <nicholas.wilson@realvnc.com>
Date: Fri, 29 Aug 2014 18:10:06 +0100
Subject: [PATCH] some minor changes to get the arch_32 stuff compiling, and a
 few tweaks for my use

---
 include/goldilocks.h |  6 ++++--
 src/arch_32/p448.c   |  4 ++--
 src/arch_32/p448.h   |  6 +++---
 src/goldilocks.c     |  2 ++
 src/include/config.h | 12 ++++++++++++
 5 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/include/goldilocks.h b/include/goldilocks.h
index a62fb6a..7043809 100644
--- a/include/goldilocks.h
+++ b/include/goldilocks.h
@@ -38,7 +38,7 @@
 /** The size of a Goldilocks private key, in bytes. */
 #define GOLDI_PRIVATE_KEY_BYTES   (2*GOLDI_FIELD_BYTES + GOLDI_SYMKEY_BYTES)
 
-/** The size of a Goldilocks private key, in bytes. */
+/** The size of a Goldilocks signature, in bytes. */
 #define GOLDI_SIGNATURE_BYTES     (2*GOLDI_FIELD_BYTES)
 
 /**
@@ -206,7 +206,8 @@ goldilocks_shared_secret (
     const struct goldilocks_private_key_t *my_privkey,
     const struct goldilocks_public_key_t *your_pubkey
 ) __attribute__((warn_unused_result,nonnull(1,2,3),visibility ("default")));
-    
+
+#ifdef GOLDI_IMPLEMENT_SIGNATURES
 /**
  * @brief Sign a message.
  *
@@ -264,6 +265,7 @@ goldilocks_verify (
     uint64_t message_len,
     const struct goldilocks_public_key_t *pubkey
 ) __attribute__((warn_unused_result,nonnull(1,2,4),visibility ("default")));
+#endif
 
 #if GOLDI_IMPLEMENT_PRECOMPUTED_KEYS
 
diff --git a/src/arch_32/p448.c b/src/arch_32/p448.c
index e45778a..9dab9fb 100644
--- a/src/arch_32/p448.c
+++ b/src/arch_32/p448.c
@@ -88,7 +88,7 @@ p448_mulw (
     const p448_t *as,
     uint64_t b
 ) {
-    const uint32_t bhi = b>>28, blo = b & (1<<28)-1;
+    const uint32_t bhi = b>>28, blo = b & ((1<<28)-1);
     
     const uint32_t *a = as->limb;
     uint32_t *c = cs->limb;
@@ -223,7 +223,7 @@ p448_deserialize (
         for (j=0; j<7; j++) {
             out |= ((uint64_t)serial[7*i+j])<<(8*j);
         }
-        x->limb[2*i] = out & (1ull<<28)-1;
+        x->limb[2*i] = out & ((1ull<<28)-1);
         x->limb[2*i+1] = out >> 28;
     }
     
diff --git a/src/arch_32/p448.h b/src/arch_32/p448.h
index 4628a89..94dacd7 100644
--- a/src/arch_32/p448.h
+++ b/src/arch_32/p448.h
@@ -173,7 +173,7 @@ p448_set_ui (
     uint64_t x
 ) {
     int i;
-    out->limb[0] = x & (1<<28)-1;
+    out->limb[0] = x & ((1<<28)-1);
     out->limb[1] = x>>28;
     for (i=2; i<16; i++) {
       out->limb[i] = 0;
@@ -188,7 +188,7 @@ p448_cond_swap (
 ) {
     big_register_t *aa = (big_register_t*)a;
     big_register_t *bb = (big_register_t*)b;
-    big_register_t m = doswap;
+    big_register_t m = br_set_to_mask(doswap);
 
     unsigned int i;
     for (i=0; i<sizeof(*a)/sizeof(*aa); i++) {
@@ -260,7 +260,7 @@ p448_cond_neg(
     struct p448_t negated;
     big_register_t *aa = (big_register_t *)a;
     big_register_t *nn = (big_register_t*)&negated;
-    big_register_t m = doNegate;
+    big_register_t m = br_set_to_mask(doNegate);
     
     p448_neg(&negated, a);
     p448_bias(&negated, 2);
diff --git a/src/goldilocks.c b/src/goldilocks.c
index 3016e1f..af70d1c 100644
--- a/src/goldilocks.c
+++ b/src/goldilocks.c
@@ -306,6 +306,7 @@ goldilocks_shared_secret (
     );
 }
 
+#ifdef GOLDI_IMPLEMENT_SIGNATURES
 static void
 goldilocks_derive_challenge(
     word_t challenge[GOLDI_FIELD_WORDS],
@@ -448,6 +449,7 @@ goldilocks_verify (
     
     return succ ? 0 : GOLDI_EINVAL;
 }
+#endif
 
 #if GOLDI_IMPLEMENT_PRECOMPUTED_KEYS
 
diff --git a/src/include/config.h b/src/include/config.h
index ca6da24..4a98087 100644
--- a/src/include/config.h
+++ b/src/include/config.h
@@ -55,6 +55,18 @@
  */
 #define EXPERIMENT_ECDH_OBLITERATE_CT   1
 
+/**
+ * @brief Whether or not define the signing functions, which
+ * currently require SHA-512.
+ */
+#define GOLDI_IMPLEMENT_SIGNATURES      1
+
+/**
+ * @brief Whether or not to define and implement functions
+ * working with pre-computed keys.
+ */
+#define GOLDI_IMPLEMENT_PRECOMPUTED_KEYS 0
+
 /**
  * @brief ECDH adds public keys into the hash, to prevent
  * esoteric attacks.