x448 generate_key -> derive_public_key to match ed448 nomenclature

src/GENERATED/c/curve25519/decaf.c

@@ -1324,6 +1324,13 @@ decaf_error_t decaf_x25519 (
 void decaf_x25519_generate_key (
     uint8_t out[X_PUBLIC_BYTES],
     const uint8_t scalar[X_PRIVATE_BYTES]
+) {
+    decaf_x25519_derive_public_key(out,scalar);
+}
+
+void decaf_x25519_derive_public_key (
+    uint8_t out[X_PUBLIC_BYTES],
+    const uint8_t scalar[X_PRIVATE_BYTES]
 ) {
     /* Scalar conditioning */
     uint8_t scalar2[X_PRIVATE_BYTES];

src/GENERATED/c/ed448goldilocks/decaf.c

@@ -1324,6 +1324,13 @@ decaf_error_t decaf_x448 (
 void decaf_x448_generate_key (
     uint8_t out[X_PUBLIC_BYTES],
     const uint8_t scalar[X_PRIVATE_BYTES]
+) {
+    decaf_x448_derive_public_key(out,scalar);
+}
+
+void decaf_x448_derive_public_key (
+    uint8_t out[X_PUBLIC_BYTES],
+    const uint8_t scalar[X_PRIVATE_BYTES]
 ) {
     /* Scalar conditioning */
     uint8_t scalar2[X_PRIVATE_BYTES];

src/GENERATED/include/decaf/point_255.h

@@ -404,12 +404,33 @@ extern const uint8_t decaf_x25519_base_point[DECAF_X25519_PUBLIC_BYTES] API_VIS;
  * @brief RFC 7748 Diffie-Hellman base point scalarmul.  This function uses
  * a different (non-Decaf) encoding.
  *
+ * @deprecated Renamed to decaf_x25519_derive_public_key.
+ * I have no particular timeline for removing this name.
+ *
  * @param [out] scaled The scaled point base*scalar
  * @param [in] scalar The scalar to multiply by.
  */
 void decaf_x25519_generate_key (
     uint8_t out[DECAF_X25519_PUBLIC_BYTES],
     const uint8_t scalar[DECAF_X25519_PRIVATE_BYTES]
+) API_VIS NONNULL NOINLINE
+__attribute__((deprecated(
+    "Renamed to decaf_x25519_derive_public_key"
+)));
+    
+/**
+ * @brief RFC 7748 Diffie-Hellman base point scalarmul.  This function uses
+ * a different (non-Decaf) encoding.
+ *
+ * Does exactly the same thing as decaf_x25519_generate_key,
+ * but has a better name.
+ *
+ * @param [out] scaled The scaled point base*scalar
+ * @param [in] scalar The scalar to multiply by.
+ */
+void decaf_x25519_derive_public_key (
+    uint8_t out[DECAF_X25519_PUBLIC_BYTES],
+    const uint8_t scalar[DECAF_X25519_PRIVATE_BYTES]
 ) API_VIS NONNULL NOINLINE;
 
 /* FUTURE: uint8_t decaf_255_encode_like_curve25519) */

src/GENERATED/include/decaf/point_255.hxx

@@ -645,7 +645,7 @@ public:
         return FixedBlock<PUBLIC_BYTES>(decaf_x25519_base_point);
     }
 
-    /** Generate and return a shared secret with public key.  */
+    /** Calculate and return a shared secret with public key.  */
     static inline SecureBuffer shared_secret(
         const FixedBlock<PUBLIC_BYTES> &pk,
         const FixedBlock<PRIVATE_BYTES> &scalar
@@ -657,7 +657,7 @@ public:
         return out;
     }
 
-    /** Generate and return a shared secret with public key, noexcept version.  */
+    /** Calculate and write into out a shared secret with public key, noexcept version.  */
     static inline decaf_error_t WARN_UNUSED
     shared_secret_noexcept (
         FixedBuffer<PUBLIC_BYTES> &out,
@@ -667,26 +667,55 @@ public:
        return decaf_x25519(out.data(), pk.data(), scalar.data());
     }
 
-    /** Generate and return a public key; equivalent to shared_secret(base_point(),scalar)
+    /** Calculate and return a public key; equivalent to shared_secret(base_point(),scalar)
      * but possibly faster.
+     * @deprecated Renamed to derive_public_key.
      */
-    static inline SecureBuffer generate_key(
+    static inline SecureBuffer __attribute__((deprecated(
+        "Renamed to derive_public_key"
+    ))) generate_key(
         const FixedBlock<PRIVATE_BYTES> &scalar
     ) throw(std::bad_alloc) {
         SecureBuffer out(PUBLIC_BYTES);
-        decaf_x25519_generate_key(out.data(), scalar.data());
+        decaf_x25519_derive_public_key(out.data(), scalar.data());
         return out;
     }
 
-    /** Generate and return a public key into a fixed buffer;
+    /** Calculate and return a public key; equivalent to shared_secret(base_point(),scalar)
+     * but possibly faster.
+     */
+    static inline SecureBuffer derive_public_key(
+        const FixedBlock<PRIVATE_BYTES> &scalar
+    ) throw(std::bad_alloc) {
+        SecureBuffer out(PUBLIC_BYTES);
+        decaf_x25519_derive_public_key(out.data(), scalar.data());
+        return out;
+    }
+
+    /** Calculate and return a public key into a fixed buffer;
+     * equivalent to shared_secret(base_point(),scalar) but possibly faster.
+     */
+    static inline void
+    derive_public_key_noexcept (
+        FixedBuffer<PUBLIC_BYTES> &out,
+        const FixedBlock<PRIVATE_BYTES> &scalar
+    ) NOEXCEPT {
+        decaf_x25519_derive_public_key(out.data(), scalar.data());
+    }
+
+    /** Calculate and return a public key into a fixed buffer;
      * equivalent to shared_secret(base_point(),scalar) but possibly faster.
+     * @deprecated Renamed to derive_public_key_noexcept.
      */
     static inline void
+    __attribute__((deprecated(
+        "Renamed to derive_public_key_noexcept"
+    )))
     generate_key_noexcept (
         FixedBuffer<PUBLIC_BYTES> &out,
         const FixedBlock<PRIVATE_BYTES> &scalar
     ) NOEXCEPT {
-        decaf_x25519_generate_key(out.data(), scalar.data());
+        decaf_x25519_derive_public_key(out.data(), scalar.data());
     }
 };
 

src/GENERATED/include/decaf/point_448.h

@@ -404,12 +404,33 @@ extern const uint8_t decaf_x448_base_point[DECAF_X448_PUBLIC_BYTES] API_VIS;
  * @brief RFC 7748 Diffie-Hellman base point scalarmul.  This function uses
  * a different (non-Decaf) encoding.
  *
+ * @deprecated Renamed to decaf_x448_derive_public_key.
+ * I have no particular timeline for removing this name.
+ *
  * @param [out] scaled The scaled point base*scalar
  * @param [in] scalar The scalar to multiply by.
  */
 void decaf_x448_generate_key (
     uint8_t out[DECAF_X448_PUBLIC_BYTES],
     const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]
+) API_VIS NONNULL NOINLINE
+__attribute__((deprecated(
+    "Renamed to decaf_x448_derive_public_key"
+)));
+    
+/**
+ * @brief RFC 7748 Diffie-Hellman base point scalarmul.  This function uses
+ * a different (non-Decaf) encoding.
+ *
+ * Does exactly the same thing as decaf_x448_generate_key,
+ * but has a better name.
+ *
+ * @param [out] scaled The scaled point base*scalar
+ * @param [in] scalar The scalar to multiply by.
+ */
+void decaf_x448_derive_public_key (
+    uint8_t out[DECAF_X448_PUBLIC_BYTES],
+    const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]
 ) API_VIS NONNULL NOINLINE;
 
 /* FUTURE: uint8_t decaf_448_encode_like_curve448) */

src/GENERATED/include/decaf/point_448.hxx

@@ -645,7 +645,7 @@ public:
         return FixedBlock<PUBLIC_BYTES>(decaf_x448_base_point);
     }
 
-    /** Generate and return a shared secret with public key.  */
+    /** Calculate and return a shared secret with public key.  */
     static inline SecureBuffer shared_secret(
         const FixedBlock<PUBLIC_BYTES> &pk,
         const FixedBlock<PRIVATE_BYTES> &scalar
@@ -657,7 +657,7 @@ public:
         return out;
     }
 
-    /** Generate and return a shared secret with public key, noexcept version.  */
+    /** Calculate and write into out a shared secret with public key, noexcept version.  */
     static inline decaf_error_t WARN_UNUSED
     shared_secret_noexcept (
         FixedBuffer<PUBLIC_BYTES> &out,
@@ -667,26 +667,55 @@ public:
        return decaf_x448(out.data(), pk.data(), scalar.data());
     }
 
-    /** Generate and return a public key; equivalent to shared_secret(base_point(),scalar)
+    /** Calculate and return a public key; equivalent to shared_secret(base_point(),scalar)
      * but possibly faster.
+     * @deprecated Renamed to derive_public_key.
      */
-    static inline SecureBuffer generate_key(
+    static inline SecureBuffer __attribute__((deprecated(
+        "Renamed to derive_public_key"
+    ))) generate_key(
         const FixedBlock<PRIVATE_BYTES> &scalar
     ) throw(std::bad_alloc) {
         SecureBuffer out(PUBLIC_BYTES);
-        decaf_x448_generate_key(out.data(), scalar.data());
+        decaf_x448_derive_public_key(out.data(), scalar.data());
         return out;
     }
 
-    /** Generate and return a public key into a fixed buffer;
+    /** Calculate and return a public key; equivalent to shared_secret(base_point(),scalar)
+     * but possibly faster.
+     */
+    static inline SecureBuffer derive_public_key(
+        const FixedBlock<PRIVATE_BYTES> &scalar
+    ) throw(std::bad_alloc) {
+        SecureBuffer out(PUBLIC_BYTES);
+        decaf_x448_derive_public_key(out.data(), scalar.data());
+        return out;
+    }
+
+    /** Calculate and return a public key into a fixed buffer;
+     * equivalent to shared_secret(base_point(),scalar) but possibly faster.
+     */
+    static inline void
+    derive_public_key_noexcept (
+        FixedBuffer<PUBLIC_BYTES> &out,
+        const FixedBlock<PRIVATE_BYTES> &scalar
+    ) NOEXCEPT {
+        decaf_x448_derive_public_key(out.data(), scalar.data());
+    }
+
+    /** Calculate and return a public key into a fixed buffer;
      * equivalent to shared_secret(base_point(),scalar) but possibly faster.
+     * @deprecated Renamed to derive_public_key_noexcept.
      */
     static inline void
+    __attribute__((deprecated(
+        "Renamed to derive_public_key_noexcept"
+    )))
     generate_key_noexcept (
         FixedBuffer<PUBLIC_BYTES> &out,
         const FixedBlock<PRIVATE_BYTES> &scalar
     ) NOEXCEPT {
-        decaf_x448_generate_key(out.data(), scalar.data());
+        decaf_x448_derive_public_key(out.data(), scalar.data());
     }
 };
 

src/per_curve/decaf.tmpl.c

@@ -1313,6 +1313,13 @@ decaf_error_t decaf_x$(gf_shortname) (
 void decaf_x$(gf_shortname)_generate_key (
     uint8_t out[X_PUBLIC_BYTES],
     const uint8_t scalar[X_PRIVATE_BYTES]
+) {
+    decaf_x$(gf_shortname)_derive_public_key(out,scalar);
+}
+
+void decaf_x$(gf_shortname)_derive_public_key (
+    uint8_t out[X_PUBLIC_BYTES],
+    const uint8_t scalar[X_PRIVATE_BYTES]
 ) {
     /* Scalar conditioning */
     uint8_t scalar2[X_PRIVATE_BYTES];

src/per_curve/point.tmpl.h

@@ -389,12 +389,33 @@ extern const uint8_t decaf_x$(gf_shortname)_base_point[DECAF_X$(gf_shortname)_PU
  * @brief RFC 7748 Diffie-Hellman base point scalarmul.  This function uses
  * a different (non-Decaf) encoding.
  *
+ * @deprecated Renamed to decaf_x$(gf_shortname)_derive_public_key.
+ * I have no particular timeline for removing this name.
+ *
  * @param [out] scaled The scaled point base*scalar
  * @param [in] scalar The scalar to multiply by.
  */
 void decaf_x$(gf_shortname)_generate_key (
     uint8_t out[DECAF_X$(gf_shortname)_PUBLIC_BYTES],
     const uint8_t scalar[DECAF_X$(gf_shortname)_PRIVATE_BYTES]
+) API_VIS NONNULL NOINLINE
+__attribute__((deprecated(
+    "Renamed to decaf_x$(gf_shortname)_derive_public_key"
+)));
+    
+/**
+ * @brief RFC 7748 Diffie-Hellman base point scalarmul.  This function uses
+ * a different (non-Decaf) encoding.
+ *
+ * Does exactly the same thing as decaf_x$(gf_shortname)_generate_key,
+ * but has a better name.
+ *
+ * @param [out] scaled The scaled point base*scalar
+ * @param [in] scalar The scalar to multiply by.
+ */
+void decaf_x$(gf_shortname)_derive_public_key (
+    uint8_t out[DECAF_X$(gf_shortname)_PUBLIC_BYTES],
+    const uint8_t scalar[DECAF_X$(gf_shortname)_PRIVATE_BYTES]
 ) API_VIS NONNULL NOINLINE;
 
 /* FUTURE: uint8_t $(c_ns)_encode_like_curve$(gf_shortname)) */

src/per_curve/point.tmpl.hxx

@@ -632,7 +632,7 @@ public:
         return FixedBlock<PUBLIC_BYTES>(decaf_x$(gf_shortname)_base_point);
     }
 
-    /** Generate and return a shared secret with public key.  */
+    /** Calculate and return a shared secret with public key.  */
     static inline SecureBuffer shared_secret(
         const FixedBlock<PUBLIC_BYTES> &pk,
         const FixedBlock<PRIVATE_BYTES> &scalar
@@ -644,7 +644,7 @@ public:
         return out;
     }
 
-    /** Generate and return a shared secret with public key, noexcept version.  */
+    /** Calculate and write into out a shared secret with public key, noexcept version.  */
     static inline decaf_error_t WARN_UNUSED
     shared_secret_noexcept (
         FixedBuffer<PUBLIC_BYTES> &out,
@@ -654,26 +654,55 @@ public:
        return decaf_x$(gf_shortname)(out.data(), pk.data(), scalar.data());
     }
 
-    /** Generate and return a public key; equivalent to shared_secret(base_point(),scalar)
+    /** Calculate and return a public key; equivalent to shared_secret(base_point(),scalar)
      * but possibly faster.
+     * @deprecated Renamed to derive_public_key.
      */
-    static inline SecureBuffer generate_key(
+    static inline SecureBuffer __attribute__((deprecated(
+        "Renamed to derive_public_key"
+    ))) generate_key(
         const FixedBlock<PRIVATE_BYTES> &scalar
     ) throw(std::bad_alloc) {
         SecureBuffer out(PUBLIC_BYTES);
-        decaf_x$(gf_shortname)_generate_key(out.data(), scalar.data());
+        decaf_x$(gf_shortname)_derive_public_key(out.data(), scalar.data());
         return out;
     }
 
-    /** Generate and return a public key into a fixed buffer;
+    /** Calculate and return a public key; equivalent to shared_secret(base_point(),scalar)
+     * but possibly faster.
+     */
+    static inline SecureBuffer derive_public_key(
+        const FixedBlock<PRIVATE_BYTES> &scalar
+    ) throw(std::bad_alloc) {
+        SecureBuffer out(PUBLIC_BYTES);
+        decaf_x$(gf_shortname)_derive_public_key(out.data(), scalar.data());
+        return out;
+    }
+
+    /** Calculate and return a public key into a fixed buffer;
+     * equivalent to shared_secret(base_point(),scalar) but possibly faster.
+     */
+    static inline void
+    derive_public_key_noexcept (
+        FixedBuffer<PUBLIC_BYTES> &out,
+        const FixedBlock<PRIVATE_BYTES> &scalar
+    ) NOEXCEPT {
+        decaf_x$(gf_shortname)_derive_public_key(out.data(), scalar.data());
+    }
+
+    /** Calculate and return a public key into a fixed buffer;
      * equivalent to shared_secret(base_point(),scalar) but possibly faster.
+     * @deprecated Renamed to derive_public_key_noexcept.
      */
     static inline void
+    __attribute__((deprecated(
+        "Renamed to derive_public_key_noexcept"
+    )))
     generate_key_noexcept (
         FixedBuffer<PUBLIC_BYTES> &out,
         const FixedBlock<PRIVATE_BYTES> &scalar
     ) NOEXCEPT {
-        decaf_x$(gf_shortname)_generate_key(out.data(), scalar.data());
+        decaf_x$(gf_shortname)_derive_public_key(out.data(), scalar.data());
     }
 };
 

test/bench_decaf.cxx

@@ -301,7 +301,7 @@ static void cfrg() {
     SpongeRng rng(Block("bench_cfrg_crypto"),SpongeRng::DETERMINISTIC);
     FixedArrayBuffer<Group::DhLadder::PUBLIC_BYTES> base(rng);
     FixedArrayBuffer<Group::DhLadder::PRIVATE_BYTES> s1(rng);
-    for (Benchmark b("RFC 7748 keygen"); b.iter(); ) { Group::DhLadder::generate_key(s1); }
+    for (Benchmark b("RFC 7748 keygen"); b.iter(); ) { Group::DhLadder::derive_public_key(s1); }
     for (Benchmark b("RFC 7748 shared secret"); b.iter(); ) { Group::DhLadder::shared_secret(base,s1); }
 
     FixedArrayBuffer<EdDSA<Group>::PrivateKey::SER_BYTES> e1(rng);

test/test_decaf.cxx

@@ -461,10 +461,10 @@ static void test_cfrg_crypto() {
         
         if (!memeq(
             DhLadder::shared_secret(DhLadder::base_point(),s1),
-            DhLadder::generate_key(s1)
+            DhLadder::derive_public_key(s1)
         )) {
             test.fail();
-            printf("    Generated keys disagree on iteration %d.\n",i);
+            printf("    Public keys disagree on iteration %d.\n",i);
         }
     }
 }