jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

lowerCamelCase -> snake_case. Put decaf_ in front of all (most?) identifiers, except for SHAKE which is being removed before 1.0 release (for future refactoring)

master
Michael Hamburg 10 years ago
parent
85fafd2d52
commit
f1df5e4714
22 changed files with 360 additions and 359 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -4
      src/per_curve/crypto.tmpl.hxx
  2. +5
    -5
      src/per_curve/decaf.tmpl.c
  3. +2
    -2
      src/per_curve/decaf.tmpl.h
  4. +4
    -4
      src/per_curve/decaf.tmpl.hxx
  5. +5
    -5
      src/per_curve/decaf_gen_tables.tmpl.c
  6. +8
    -8
      src/per_curve/eddsa.tmpl.c
  7. +2
    -2
      src/per_curve/eddsa.tmpl.hxx
  8. +17
    -17
      src/public_include/decaf/secure_buffer.hxx
  9. +13
    -13
      src/public_include/decaf/sha512.h
  10. +9
    -9
      src/public_include/decaf/sha512.hxx
  11. +77
    -76
      src/public_include/decaf/shake.h
  12. +21
    -21
      src/public_include/decaf/shake.hxx
  13. +17
    -17
      src/public_include/decaf/spongerng.h
  14. +6
    -6
      src/public_include/decaf/spongerng.hxx
  15. +8
    -8
      src/public_include/decaf/strobe.h
  16. +2
    -2
      src/public_include/decaf/strobe.hxx
  17. +9
    -9
      src/sha512.c
  18. +128
    -128
      src/shake.c
  19. +1
    -1
      test/bench_decaf.cxx
  20. +18
    -18
      test/shakesum.c
  21. +2
    -2
      test/test_ct.cxx
  22. +2
    -2
      test/test_decaf.cxx

+ 4
- 4
src/per_curve/crypto.tmpl.hxx View File

@@ -62,7 +62,7 @@ public:
}
/** Serialization size. */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }
/** Verify a message */
inline void verify(
@@ -132,7 +132,7 @@ public:
}
/** Serialization size. */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }
/** Serialize into a buffer. */
inline void serialize_into(unsigned char *x) const NOEXCEPT {
@@ -152,7 +152,7 @@ public:
}
/** Derive a shared secret */
inline SecureBuffer sharedSecret(
inline SecureBuffer shared_secret(
const PublicKey<$(cxx_ns)> &pub,
size_t bytes,
bool me_first
@@ -166,7 +166,7 @@ public:
/** Derive a shared secret */
inline decaf_error_t __attribute__((warn_unused_result))
sharedSecretNoexcept(
shared_secret_noexcept(
Buffer ret,
const PublicKey<$(cxx_ns)> &pub,
bool me_first


+ 5
- 5
src/per_curve/decaf.tmpl.c View File

@@ -1364,11 +1364,11 @@ struct smvt_control {
};

static int recode_wnaf (
struct smvt_control *control, /* [nbits/(tableBits+1) + 3] */
struct smvt_control *control, /* [nbits/(table_bits+1) + 3] */
const scalar_t scalar,
unsigned int tableBits
unsigned int table_bits
) {
unsigned int table_size = SCALAR_BITS/(tableBits+1) + 3;
unsigned int table_size = SCALAR_BITS/(table_bits+1) + 3;
int position = table_size - 1; /* at the end */
/* place the end marker */
@@ -1382,7 +1382,7 @@ static int recode_wnaf (
*/
uint64_t current = scalar->limb[0] & 0xFFFF;
uint32_t mask = (1<<(tableBits+1))-1;
uint32_t mask = (1<<(table_bits+1))-1;

unsigned int w;
const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2;
@@ -1396,7 +1396,7 @@ static int recode_wnaf (
assert(position >= 0);
uint32_t pos = __builtin_ctz((uint32_t)current), odd = (uint32_t)current >> pos;
int32_t delta = odd & mask;
if (odd & 1<<(tableBits+1)) delta -= (1<<(tableBits+1));
if (odd & 1<<(table_bits+1)) delta -= (1<<(table_bits+1));
current -= delta << pos;
control[position].power = pos + 16*(w-1);
control[position].addend = delta;


+ 2
- 2
src/per_curve/decaf.tmpl.h View File

@@ -538,12 +538,12 @@ void $(c_ns)_scalar_cond_sel (
/**
* @brief Test that a point is valid, for debugging purposes.
*
* @param [in] toTest The point to test.
* @param [in] to_test The point to test.
* @retval DECAF_TRUE The point is valid.
* @retval DECAF_FALSE The point is invalid.
*/
decaf_bool_t $(c_ns)_point_valid (
const $(c_ns)_point_t toTest
const $(c_ns)_point_t to_test
) API_VIS WARN_UNUSED NONNULL NOINLINE;

/**


+ 4
- 4
src/per_curve/decaf.tmpl.hxx View File

@@ -104,7 +104,7 @@ public:
inline Scalar(const Block &buffer) NOEXCEPT { *this = buffer; }

/** Serializable instance */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }

/** Serializable instance */
inline void serialize_into(unsigned char *buffer) const NOEXCEPT {
@@ -378,7 +378,7 @@ public:
}

/** Serializable instance */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }

/** Serializable instance */
inline void serialize_into(unsigned char *buffer) const NOEXCEPT {
@@ -559,7 +559,7 @@ public:
* initializer for points which makes this equal to the identity.
*/
inline Precomputed (
const Precomputed_U &yours = *defaultValue()
const Precomputed_U &yours = *default_value()
) NOEXCEPT : OwnedOrUnowned<Precomputed,Precomputed_U>(yours) {}


@@ -617,7 +617,7 @@ public:
friend class OwnedOrUnowned<Precomputed,Precomputed_U>;
static inline size_t size() NOEXCEPT { return $(c_ns)_sizeof_precomputed_s; }
static inline size_t alignment() NOEXCEPT { return $(c_ns)_alignof_precomputed_s; }
static inline const Precomputed_U * defaultValue() NOEXCEPT { return $(c_ns)_precomputed_base; }
static inline const Precomputed_U * default_value() NOEXCEPT { return $(c_ns)_precomputed_base; }
/** @endcond */
};



+ 5
- 5
src/per_curve/decaf_gen_tables.tmpl.c View File

@@ -59,10 +59,10 @@ int main(int argc, char **argv) {
if (ret || !pre) return 1;
API_NS(precompute)(pre, real_point_base);
struct niels_s *preWnaf;
ret = posix_memalign((void**)&preWnaf, API_NS(alignof_precomputed_s), API_NS(sizeof_precomputed_wnafs));
if (ret || !preWnaf) return 1;
API_NS(precompute_wnafs)(preWnaf, real_point_base);
struct niels_s *pre_wnaf;
ret = posix_memalign((void**)&pre_wnaf, API_NS(alignof_precomputed_s), API_NS(sizeof_precomputed_wnafs));
if (ret || !pre_wnaf) return 1;
API_NS(precompute_wnafs)(pre_wnaf, real_point_base);

const gf_s *output;
unsigned i;
@@ -91,7 +91,7 @@ int main(int argc, char **argv) {
}
printf("\n};\n");
output = (const gf_s *)preWnaf;
output = (const gf_s *)pre_wnaf;
printf("const gf API_NS(precomputed_wnaf_as_fe)[%d]\n",
(int)(API_NS(sizeof_precomputed_wnafs) / sizeof(gf)));
printf("__attribute__((aligned(%d),visibility(\"hidden\"))) = {\n ", (int)API_NS(alignof_precomputed_s));


+ 8
- 8
src/per_curve/eddsa.tmpl.c View File

@@ -12,12 +12,12 @@
#define API_NAME "$(c_ns)"
#define API_NS(_id) $(c_ns)_##_id

#define hash_ctx_t $(eddsa_hash)_ctx_t
#define hash_init $(eddsa_hash)_init
#define hash_update $(eddsa_hash)_update
#define hash_final $(eddsa_hash)_final
#define hash_destroy $(eddsa_hash)_destroy
#define hash_hash $(eddsa_hash)_hash
#define hash_ctx_t decaf_$(eddsa_hash)_ctx_t
#define hash_init decaf_$(eddsa_hash)_init
#define hash_update decaf_$(eddsa_hash)_update
#define hash_final decaf_$(eddsa_hash)_final
#define hash_destroy decaf_$(eddsa_hash)_destroy
#define hash_hash decaf_$(eddsa_hash)_hash

#define SUPPORTS_CONTEXTS $(C_NS)_EDDSA_SUPPORTS_CONTEXTS
#define EDDSA_USE_SIGMA_ISOGENY $(eddsa_sigma_iso)
@@ -47,9 +47,9 @@ static void hash_init_with_dom(
hash_init(hash);
#if SUPPORTS_CONTEXTS
const char *domS = "$(eddsa_dom)";
const char *dom_s = "$(eddsa_dom)";
const uint8_t dom[2] = {1+word_is_zero(prehashed), context_len};
hash_update(hash,(const unsigned char *)domS, strlen(domS));
hash_update(hash,(const unsigned char *)dom_s, strlen(dom_s));
hash_update(hash,dom,2);
hash_update(hash,context,context_len);
#else


+ 2
- 2
src/per_curve/eddsa.tmpl.hxx View File

@@ -145,7 +145,7 @@ public:
}
/** Serialization size. */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }
/** Serialize into a buffer. */
inline void serialize_into(unsigned char *x) const NOEXCEPT {
@@ -258,7 +258,7 @@ public:

/** Serialization size. */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }
/** Serialize into a buffer. */
inline void serialize_into(unsigned char *x) const NOEXCEPT {


+ 17
- 17
src/public_include/decaf/secure_buffer.hxx View File

@@ -85,7 +85,7 @@ inline bool memeq(const std::vector<T,U> &a, const std::vector<V,W> &b) {
template<class Base> class Serializable {
public:
/** @brief Return the number of bytes needed to serialize this object */
inline size_t serSize() const NOEXCEPT { return static_cast<const Base*>(this)->serSize(); }
inline size_t ser_size() const NOEXCEPT { return static_cast<const Base*>(this)->ser_size(); }
/** @brief Serialize this object into a buffer */
inline void serialize_into(unsigned char *buf) const NOEXCEPT {
@@ -94,7 +94,7 @@ public:
/** @brief Serialize this object into a SecureBuffer and return it */
inline SecureBuffer serialize() const throw(std::bad_alloc) {
SecureBuffer out(serSize());
SecureBuffer out(ser_size());
serialize_into(out.data());
return out;
}
@@ -396,32 +396,32 @@ protected:
Wrapped *mine;
const Wrapped *yours;
} ours;
bool isMine;
bool is_mine;

inline void clear() NOEXCEPT {
if (isMine) {
if (is_mine) {
really_bzero(ours.mine, T::size());
free(ours.mine);
ours.yours = T::defaultValue();
isMine = false;
ours.yours = T::default_value();
is_mine = false;
}
}
inline void alloc() throw(std::bad_alloc) {
if (isMine) return;
if (is_mine) return;
int ret = posix_memalign((void**)&ours.mine, T::alignment(), T::size());
if (ret || !ours.mine) {
isMine = false;
is_mine = false;
throw std::bad_alloc();
}
isMine = true;
is_mine = true;
}
inline const Wrapped *get() const NOEXCEPT { return isMine ? ours.mine : ours.yours; }
inline const Wrapped *get() const NOEXCEPT { return is_mine ? ours.mine : ours.yours; }

inline OwnedOrUnowned(
const Wrapped &yours = *T::defaultValue()
const Wrapped &yours = *T::default_value()
) NOEXCEPT {
ours.yours = &yours;
isMine = false;
is_mine = false;
}

/**
@@ -429,14 +429,14 @@ protected:
*/
inline T &operator=(const OwnedOrUnowned &it) throw(std::bad_alloc) {
if (this == &it) return *(T*)this;
if (it.isMine) {
if (it.is_mine) {
alloc();
memcpy(ours.mine,it.ours.mine,T::size());
} else {
clear();
ours.yours = it.ours.yours;
}
isMine = it.isMine;
is_mine = it.is_mine;
return *(T*)this;
}

@@ -445,9 +445,9 @@ protected:
if (this == &it) return *(T*)this;
clear();
ours = it.ours;
isMine = it.isMine;
it.isMine = false;
it.ours.yours = T::defaultValue;
is_mine = it.is_mine;
it.is_mine = false;
it.ours.yours = T::default_value;
return *this;
}
#endif


+ 13
- 13
src/public_include/decaf/sha512.h View File

@@ -19,31 +19,31 @@ extern "C" {
#endif

typedef struct sha512_ctx_s {
typedef struct decaf_sha512_ctx_s {
uint64_t state[8];
uint8_t block[128];
uint64_t bytesProcessed;
} sha512_ctx_s, sha512_ctx_t[1];
uint64_t bytes_processed;
} decaf_sha512_ctx_s, decaf_sha512_ctx_t[1];

void sha512_init(sha512_ctx_t ctx) NONNULL API_VIS;
void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) NONNULL API_VIS;
void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) NONNULL API_VIS;
void decaf_sha512_init(decaf_sha512_ctx_t ctx) NONNULL API_VIS;
void decaf_sha512_update(decaf_sha512_ctx_t ctx, const uint8_t *message, size_t length) NONNULL API_VIS;
void decaf_sha512_final(decaf_sha512_ctx_t ctx, uint8_t *out, size_t length) NONNULL API_VIS;

static inline void sha512_destroy(sha512_ctx_t ctx) {
static inline void decaf_sha512_destroy(decaf_sha512_ctx_t ctx) {
decaf_bzero(ctx,sizeof(*ctx));
}

static inline void sha512_hash(
static inline void decaf_sha512_hash(
uint8_t *output,
size_t output_len,
const uint8_t *message,
size_t message_len
) {
sha512_ctx_t ctx;
sha512_init(ctx);
sha512_update(ctx,message,message_len);
sha512_final(ctx,output,output_len);
sha512_destroy(ctx);
decaf_sha512_ctx_t ctx;
decaf_sha512_init(ctx);
decaf_sha512_update(ctx,message,message_len);
decaf_sha512_final(ctx,output,output_len);
decaf_sha512_destroy(ctx);
}

#ifdef __cplusplus


+ 9
- 9
src/public_include/decaf/sha512.hxx View File

@@ -1,5 +1,5 @@
/**
* @file decaf/sha512.hxx
* @file decaf/decaf_sha512.hxx
* @copyright
* Based on public domain code by Dan Bernstein \n
* Copyright (c) 2015 Cryptography Research, Inc. \n
@@ -30,7 +30,7 @@ class SHA512 {
protected:
/** @cond internal */
/** The C-wrapper sponge state */
sha512_ctx_t sha;
decaf_sha512_ctx_t sha;

public:
@@ -44,10 +44,10 @@ public:
static const size_t DEFAULT_OUTPUT_BYTES = OUTPUT_BYTES;
/** Constructor */
inline SHA512() NOEXCEPT { sha512_init(sha); }
inline SHA512() NOEXCEPT { decaf_sha512_init(sha); }
/** Add more data to running hash */
inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { sha512_update(sha,in,len); }
inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { decaf_sha512_update(sha,in,len); }

/** Add more data to running hash, C++ version. */
inline void update(const Block &s) NOEXCEPT { update(s.data(),s.size()); }
@@ -61,17 +61,17 @@ public:
/** @brief Output bytes from the SHA context, and resets it. */
inline void final(Buffer b) throw(LengthException) {
if (b.size() > OUTPUT_BYTES) throw LengthException();
sha512_final(sha,b.data(),b.size());
decaf_sha512_final(sha,b.data(),b.size());
}
/** Resets the SHA context */
inline void reset() NOEXCEPT { sha512_init(sha); }
inline void reset() NOEXCEPT { decaf_sha512_init(sha); }

/** @brief Output bytes from the sponge. */
inline SecureBuffer final(size_t len = OUTPUT_BYTES) throw(LengthException) {
if (len > OUTPUT_BYTES) throw LengthException();
SecureBuffer buffer(len);
sha512_final(sha,buffer.data(),len);
decaf_sha512_final(sha,buffer.data(),len);
return buffer;
}

@@ -88,12 +88,12 @@ public:
) throw(LengthException, std::bad_alloc) {
if (outlen > OUTPUT_BYTES) throw LengthException();
SecureBuffer buffer(outlen);
sha512_hash(buffer.data(),outlen,message.data(),message.size());
decaf_sha512_hash(buffer.data(),outlen,message.data(),message.size());
return buffer;
}

/** Destructor zeroizes state */
inline ~SHA512() NOEXCEPT { sha512_destroy(sha); }
inline ~SHA512() NOEXCEPT { decaf_sha512_destroy(sha); }
};
} /* namespace decaf */


+ 77
- 76
src/public_include/decaf/shake.h View File

@@ -5,12 +5,11 @@
* Copyright (c) 2015 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
* @author Mike Hamburg
* @brief SHA-3-n and SHAKE-n instances.
* @warning EXPERIMENTAL! The names, parameter orders etc are likely to change.
* @brief SHA-3-n and DECAF_SHAKE-n instances.
*/

#ifndef __SHAKE_H__
#define __SHAKE_H__
#ifndef __DECAF_SHAKE_H__
#define __DECAF_SHAKE_H__

#include <stdint.h>
#include <sys/types.h>
@@ -24,19 +23,19 @@ extern "C" {

#ifndef INTERNAL_SPONGE_STRUCT
/** Sponge container object for the various primitives. */
typedef struct keccak_sponge_s {
typedef struct decaf_keccak_sponge_s {
/** @cond internal */
uint64_t opaque[26];
/** @endcond */
} keccak_sponge_s;
} decaf_keccak_sponge_s;

/** Convenience GMP-style one-element array version */
typedef struct keccak_sponge_s keccak_sponge_t[1];
typedef struct decaf_keccak_sponge_s decaf_keccak_sponge_t[1];

/** Parameters for sponge construction, distinguishing SHA3 and
* SHAKE instances.
/** Parameters for sponge construction, distinguishing DECAF_SHA3 and
* DECAF_SHAKE instances.
*/
struct kparams_s;
struct decaf_kparams_s;
#endif

/**
@@ -44,48 +43,48 @@ extern "C" {
* @param [out] sponge The object to initialize.
* @param [in] params The sponge's parameter description.
*/
void sponge_init (
keccak_sponge_t sponge,
const struct kparams_s *params
void decaf_sponge_init (
decaf_keccak_sponge_t sponge,
const struct decaf_kparams_s *params
) API_VIS;

/**
* @brief Absorb data into a SHA3 or SHAKE hash context.
* @brief Absorb data into a DECAF_SHA3 or DECAF_SHAKE hash context.
* @param [inout] sponge The context.
* @param [in] in The input data.
* @param [in] len The input data's length in bytes.
*/
void sha3_update (
struct keccak_sponge_s * __restrict__ sponge,
void decaf_sha3_update (
struct decaf_keccak_sponge_s * __restrict__ sponge,
const uint8_t *in,
size_t len
) API_VIS;

/**
* @brief Squeeze output data from a SHA3 or SHAKE hash context.
* @brief Squeeze output data from a DECAF_SHA3 or DECAF_SHAKE hash context.
* This does not destroy or re-initialize the hash context, and
* sha3 output can be called more times.
* decaf_sha3 output can be called more times.
*
* @param [inout] sponge The context.
* @param [out] out The output data.
* @param [in] len The requested output data length in bytes.
*/
void sha3_output (
keccak_sponge_t sponge,
void decaf_sha3_output (
decaf_keccak_sponge_t sponge,
uint8_t * __restrict__ out,
size_t len
) API_VIS;

/**
* @brief Squeeze output data from a SHA3 or SHAKE hash context.
* @brief Squeeze output data from a DECAF_SHA3 or DECAF_SHAKE hash context.
* This re-initializes the context to its starting parameters.
*
* @param [inout] sponge The context.
* @param [out] out The output data.
* @param [in] len The requested output data length in bytes.
*/
void sha3_final (
keccak_sponge_t sponge,
void decaf_sha3_final (
decaf_keccak_sponge_t sponge,
uint8_t * __restrict__ out,
size_t len
) API_VIS;
@@ -95,36 +94,36 @@ void sha3_final (
*
* @param [inout] sponge The context.
*/
void sha3_reset (
keccak_sponge_t sponge
void decaf_sha3_reset (
decaf_keccak_sponge_t sponge
) API_VIS;

/**
* @brief Return the default output length of the sponge construction,
* for the purpose of C++ default operators.
*
* Returns n/8 for SHA3-n and 2n/8 for SHAKE-n.
* Returns n/8 for DECAF_SHA3-n and 2n/8 for DECAF_SHAKE-n.
*/
size_t sponge_default_output_bytes (
const keccak_sponge_t sponge /**< [inout] The context. */
size_t decaf_sponge_default_output_bytes (
const decaf_keccak_sponge_t sponge /**< [inout] The context. */
) API_VIS;

/**
* @brief Return the default output length of the sponge construction,
* for the purpose of C++ default operators.
*
* Returns n/8 for SHA3-n and SIZE_MAX for SHAKE-n.
* Returns n/8 for DECAF_SHA3-n and SIZE_MAX for DECAF_SHAKE-n.
*/
size_t sponge_max_output_bytes (
const keccak_sponge_t sponge /**< [inout] The context. */
size_t decaf_sponge_max_output_bytes (
const decaf_keccak_sponge_t sponge /**< [inout] The context. */
) API_VIS;

/**
* @brief Destroy a SHA3 or SHAKE sponge context by overwriting it with 0.
* @brief Destroy a DECAF_SHA3 or DECAF_SHAKE sponge context by overwriting it with 0.
* @param [out] sponge The context.
*/
void sponge_destroy (
keccak_sponge_t sponge
void decaf_sponge_destroy (
decaf_keccak_sponge_t sponge
) API_VIS;

/**
@@ -135,73 +134,75 @@ void sponge_destroy (
* @param [in] outlen The length of the output data.
* @param [in] params The parameters of the sponge hash.
*/
void sponge_hash (
void decaf_sponge_hash (
const uint8_t *in,
size_t inlen,
uint8_t *out,
size_t outlen,
const struct kparams_s *params
const struct decaf_kparams_s *params
) API_VIS;

/* FUTURE: expand/doxygenate individual SHAKE/SHA3 instances? */
/* FUTURE: expand/doxygenate individual DECAF_SHAKE/DECAF_SHA3 instances? */

/** @cond internal */
#define DECSHAKE(n) \
extern const struct kparams_s SHAKE##n##_params_s API_VIS; \
typedef struct shake##n##_ctx_s { keccak_sponge_t s; } shake##n##_ctx_t[1]; \
static inline void NONNULL shake##n##_init(shake##n##_ctx_t sponge) { \
sponge_init(sponge->s, &SHAKE##n##_params_s); \
#define DEC_SHAKE(n) \
extern const struct decaf_kparams_s DECAF_SHAKE##n##_params_s API_VIS; \
typedef struct decaf_shake##n##_ctx_s { decaf_keccak_sponge_t s; } decaf_shake##n##_ctx_t[1]; \
static inline void NONNULL decaf_shake##n##_init(decaf_shake##n##_ctx_t sponge) { \
decaf_sponge_init(sponge->s, &DECAF_SHAKE##n##_params_s); \
} \
static inline void NONNULL shake##n##_gen_init(keccak_sponge_t sponge) { \
sponge_init(sponge, &SHAKE##n##_params_s); \
static inline void NONNULL decaf_shake##n##_gen_init(decaf_keccak_sponge_t sponge) { \
decaf_sponge_init(sponge, &DECAF_SHAKE##n##_params_s); \
} \
static inline void NONNULL shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
sha3_update(sponge->s, in, inlen); \
static inline void NONNULL decaf_shake##n##_update(decaf_shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
decaf_sha3_update(sponge->s, in, inlen); \
} \
static inline void NONNULL shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
sha3_output(sponge->s, out, outlen); \
sponge_init(sponge->s, &SHAKE##n##_params_s); \
static inline void NONNULL decaf_shake##n##_final(decaf_shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
decaf_sha3_output(sponge->s, out, outlen); \
decaf_sponge_init(sponge->s, &DECAF_SHAKE##n##_params_s); \
} \
static inline void NONNULL shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
sponge_hash(in,inlen,out,outlen,&SHAKE##n##_params_s); \
static inline void NONNULL decaf_shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
decaf_sponge_hash(in,inlen,out,outlen,&DECAF_SHAKE##n##_params_s); \
} \
static inline void NONNULL shake##n##_destroy( shake##n##_ctx_t sponge ) { \
sponge_destroy(sponge->s); \
static inline void NONNULL decaf_shake##n##_destroy( decaf_shake##n##_ctx_t sponge ) { \
decaf_sponge_destroy(sponge->s); \
}

#define DECSHA3(n) \
extern const struct kparams_s SHA3_##n##_params_s API_VIS; \
typedef struct sha3_##n##_ctx_s { keccak_sponge_t s; } sha3_##n##_ctx_t[1]; \
static inline void NONNULL sha3_##n##_init(sha3_##n##_ctx_t sponge) { \
sponge_init(sponge->s, &SHA3_##n##_params_s); \
#define DEC_SHA3(n) \
extern const struct decaf_kparams_s DECAF_SHA3_##n##_params_s API_VIS; \
typedef struct decaf_sha3_##n##_ctx_s { decaf_keccak_sponge_t s; } decaf_sha3_##n##_ctx_t[1]; \
static inline void NONNULL decaf_sha3_##n##_init(decaf_sha3_##n##_ctx_t sponge) { \
decaf_sponge_init(sponge->s, &DECAF_SHA3_##n##_params_s); \
} \
static inline void NONNULL sha3_##n##_gen_init(keccak_sponge_t sponge) { \
sponge_init(sponge, &SHA3_##n##_params_s); \
static inline void NONNULL decaf_sha3_##n##_gen_init(decaf_keccak_sponge_t sponge) { \
decaf_sponge_init(sponge, &DECAF_SHA3_##n##_params_s); \
} \
static inline void NONNULL sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
sha3_update(sponge->s, in, inlen); \
static inline void NONNULL decaf_sha3_##n##_update(decaf_sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
decaf_sha3_update(sponge->s, in, inlen); \
} \
static inline void NONNULL sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
sha3_output(sponge->s, out, outlen); \
sponge_init(sponge->s, &SHA3_##n##_params_s); \
static inline void NONNULL decaf_sha3_##n##_final(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
decaf_sha3_output(sponge->s, out, outlen); \
decaf_sponge_init(sponge->s, &DECAF_SHA3_##n##_params_s); \
} \
static inline void NONNULL sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
sponge_hash(in,inlen,out,outlen,&SHA3_##n##_params_s); \
static inline void NONNULL decaf_sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
decaf_sponge_hash(in,inlen,out,outlen,&DECAF_SHA3_##n##_params_s); \
} \
static inline void NONNULL sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \
sponge_destroy(sponge->s); \
static inline void NONNULL decaf_sha3_##n##_destroy(decaf_sha3_##n##_ctx_t sponge) { \
decaf_sponge_destroy(sponge->s); \
}
/** @endcond */

DECSHAKE(128)
DECSHAKE(256)
DECSHA3(224)
DECSHA3(256)
DECSHA3(384)
DECSHA3(512)
DEC_SHAKE(128)
DEC_SHAKE(256)
DEC_SHA3(224)
DEC_SHA3(256)
DEC_SHA3(384)
DEC_SHA3(512)
#undef DEC_SHAKE
#undef DEC_SHA3

#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* __SHAKE_H__ */
#endif /* __DECAF_SHAKE_H__ */

+ 21
- 21
src/public_include/decaf/shake.hxx View File

@@ -1,5 +1,5 @@
/**
* @file decaf/shake.hxx
* @file decaf/decaf_shake.hxx
* @copyright
* Based on CC0 code by David Leon Gil, 2015 \n
* Copyright (c) 2015 Cryptography Research, Inc. \n
@@ -35,18 +35,18 @@ class KeccakHash {
protected:
/** @cond internal */
/** The C-wrapper sponge state */
keccak_sponge_t sp;
decaf_keccak_sponge_t sp;
/** Initialize from parameters */
inline KeccakHash(const kparams_s *params) NOEXCEPT { sponge_init(sp, params); }
inline KeccakHash(const decaf_kparams_s *params) NOEXCEPT { decaf_sponge_init(sp, params); }
/** @endcond */
public:
/** Add more data to running hash */
inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { sha3_update(sp,in,len); }
inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { decaf_sha3_update(sp,in,len); }

/** Add more data to running hash, C++ version. */
inline void update(const Block &s) NOEXCEPT { sha3_update(sp,s.data(),s.size()); }
inline void update(const Block &s) NOEXCEPT { decaf_sha3_update(sp,s.data(),s.size()); }
/** Add more data, stream version. */
inline KeccakHash &operator<<(const Block &s) NOEXCEPT { update(s); return *this; }
@@ -58,7 +58,7 @@ public:
inline SecureBuffer output(size_t len) throw(std::bad_alloc, LengthException) {
if (len > max_output_size()) throw LengthException();
SecureBuffer buffer(len);
sha3_output(sp,buffer.data(),len);
decaf_sha3_output(sp,buffer.data(),len);
return buffer;
}
@@ -66,7 +66,7 @@ public:
inline SecureBuffer final(size_t len) throw(std::bad_alloc, LengthException) {
if (len > max_output_size()) throw LengthException();
SecureBuffer buffer(len);
sha3_final(sp,buffer.data(),len);
decaf_sha3_final(sp,buffer.data(),len);
return buffer;
}

@@ -75,22 +75,22 @@ public:
* @todo make this throw exceptions.
*/
inline void output(Buffer b) throw(LengthException) {
sha3_output(sp,b.data(),b.size());
decaf_sha3_output(sp,b.data(),b.size());
}
/** @brief Output bytes from the sponge and reinitialize it. */
inline void final(Buffer b) throw(LengthException) {
sha3_final(sp,b.data(),b.size());
decaf_sha3_final(sp,b.data(),b.size());
}
/** @brief Return the sponge's default output size. */
inline size_t default_output_size() const NOEXCEPT {
return sponge_default_output_bytes(sp);
return decaf_sponge_default_output_bytes(sp);
}
/** @brief Return the sponge's maximum output size. */
inline size_t max_output_size() const NOEXCEPT {
return sponge_max_output_bytes(sp);
return decaf_sponge_max_output_bytes(sp);
}
/** Output the default number of bytes. */
@@ -104,17 +104,17 @@ public:
}

/** Reset the hash to the empty string */
inline void reset() NOEXCEPT { sha3_reset(sp); }
inline void reset() NOEXCEPT { decaf_sha3_reset(sp); }
/** Destructor zeroizes state */
inline ~KeccakHash() NOEXCEPT { sponge_destroy(sp); }
inline ~KeccakHash() NOEXCEPT { decaf_sponge_destroy(sp); }
};

/** Fixed-output-length SHA3 */
template<int bits> class SHA3 : public KeccakHash {
private:
/** Get the parameter template block for this hash */
static inline const struct kparams_s *get_params();
static inline const struct decaf_kparams_s *get_params();
public:
/** Number of bytes of output */
@@ -142,7 +142,7 @@ template<int bits>
class SHAKE : public KeccakHash {
private:
/** Get the parameter template block for this hash */
static inline const struct kparams_s *get_params();
static inline const struct decaf_kparams_s *get_params();
public:
/** Number of bytes of output */
@@ -165,12 +165,12 @@ public:
};

/** @cond internal */
template<> inline const struct kparams_s *SHAKE<128>::get_params() { return &SHAKE128_params_s; }
template<> inline const struct kparams_s *SHAKE<256>::get_params() { return &SHAKE256_params_s; }
template<> inline const struct kparams_s *SHA3<224>::get_params() { return &SHA3_224_params_s; }
template<> inline const struct kparams_s *SHA3<256>::get_params() { return &SHA3_256_params_s; }
template<> inline const struct kparams_s *SHA3<384>::get_params() { return &SHA3_384_params_s; }
template<> inline const struct kparams_s *SHA3<512>::get_params() { return &SHA3_512_params_s; }
template<> inline const struct decaf_kparams_s *SHAKE<128>::get_params() { return &DECAF_SHAKE128_params_s; }
template<> inline const struct decaf_kparams_s *SHAKE<256>::get_params() { return &DECAF_SHAKE256_params_s; }
template<> inline const struct decaf_kparams_s *SHA3<224>::get_params() { return &DECAF_SHA3_224_params_s; }
template<> inline const struct decaf_kparams_s *SHA3<256>::get_params() { return &DECAF_SHA3_256_params_s; }
template<> inline const struct decaf_kparams_s *SHA3<384>::get_params() { return &DECAF_SHA3_384_params_s; }
template<> inline const struct decaf_kparams_s *SHA3<512>::get_params() { return &DECAF_SHA3_512_params_s; }
/** @endcond */
} /* namespace decaf */


+ 17
- 17
src/public_include/decaf/spongerng.h View File

@@ -20,15 +20,15 @@ extern "C" {
/** Keccak CSPRNG structure as struct. */
typedef struct {
keccak_sponge_t sponge; /**< Internal sponge object. */
} keccak_prng_s;
decaf_keccak_sponge_t sponge; /**< Internal sponge object. */
} decaf_keccak_prng_s;
/** Keccak CSPRNG structure as one-element array */
typedef keccak_prng_s keccak_prng_t[1];
typedef decaf_keccak_prng_s decaf_keccak_prng_t[1];
/** Initialize a sponge-based CSPRNG from a buffer. */
void spongerng_init_from_buffer (
keccak_prng_t prng, /**< [out] The PRNG object. */
void decaf_spongerng_init_from_buffer (
decaf_keccak_prng_t prng, /**< [out] The PRNG object. */
const uint8_t *__restrict__ in, /**< [in] The initialization data. */
size_t len, /**< [in] The length of the initialization data. */
int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC.*/
@@ -40,8 +40,8 @@ void spongerng_init_from_buffer (
* @retval DECAF_FAILURE failure.
* @note On failure, errno can be used to determine the cause.
*/
decaf_error_t spongerng_init_from_file (
keccak_prng_t prng, /**< [out] The PRNG object. */
decaf_error_t decaf_spongerng_init_from_file (
decaf_keccak_prng_t prng, /**< [out] The PRNG object. */
const char *file, /**< [in] A name of a file containing initial data. */
size_t len, /**< [in] The length of the initial data. Must be positive. */
int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC. */
@@ -53,36 +53,36 @@ decaf_error_t spongerng_init_from_file (
* @retval DECAF_FAILURE failure.
* @note On failure, errno can be used to determine the cause.
*/
decaf_error_t spongerng_init_from_dev_urandom (
keccak_prng_t prng /**< [out] sponge The sponge object. */
decaf_error_t decaf_spongerng_init_from_dev_urandom (
decaf_keccak_prng_t prng /**< [out] sponge The sponge object. */
) API_VIS WARN_UNUSED;

/** Output bytes from a sponge-based CSPRNG. */
void spongerng_next (
keccak_prng_t prng, /**< [inout] The PRNG object. */
void decaf_spongerng_next (
decaf_keccak_prng_t prng, /**< [inout] The PRNG object. */
uint8_t * __restrict__ out, /**< [out] Output buffer. */
size_t len /**< [in] Number of bytes to output. */
) API_VIS;

/** Stir entropy data into a sponge-based CSPRNG from a buffer. */
void spongerng_stir (
keccak_prng_t prng, /**< [out] The PRNG object. */
void decaf_spongerng_stir (
decaf_keccak_prng_t prng, /**< [out] The PRNG object. */
const uint8_t * __restrict__ in, /**< [in] The entropy data. */
size_t len /**< [in] The length of the initial data. */
) NONNULL API_VIS;
/** Securely destroy a sponge RNG object by overwriting it. */
static INLINE UNUSED void
spongerng_destroy (
keccak_prng_t doomed /**< [in] The object to destroy. */
decaf_spongerng_destroy (
decaf_keccak_prng_t doomed /**< [in] The object to destroy. */
);

/** @cond internal */
/***************************************/
/* Implementations of inline functions */
/***************************************/
void spongerng_destroy (keccak_prng_t doomed) {
sponge_destroy(doomed->sponge);
void decaf_spongerng_destroy (decaf_keccak_prng_t doomed) {
decaf_sponge_destroy(doomed->sponge);
}
/** @endcond */ /* internal */



+ 6
- 6
src/public_include/decaf/spongerng.hxx View File

@@ -38,7 +38,7 @@ namespace decaf {
class SpongeRng : public Rng {
private:
/** C wrapped object */
keccak_prng_t sp;
decaf_keccak_prng_t sp;
public:
/** Deterministic flag.
@@ -61,13 +61,13 @@ public:
/** Initialize, deterministically by default, from block */
inline SpongeRng( const Block &in, Deterministic det ) {
spongerng_init_from_buffer(sp,in.data(),in.size(),(int)det);
decaf_spongerng_init_from_buffer(sp,in.data(),in.size(),(int)det);
}
/** Initialize, non-deterministically by default, from C/C++ filename */
inline SpongeRng( const std::string &in = "/dev/urandom", size_t len = 32, Deterministic det = RANDOM )
throw(RngException) {
decaf_error_t ret = spongerng_init_from_file(sp,in.c_str(),len,det);
decaf_error_t ret = decaf_spongerng_init_from_file(sp,in.c_str(),len,det);
if (!decaf_successful(ret)) {
throw RngException(errno, "Couldn't load from file");
}
@@ -75,11 +75,11 @@ public:
/** Stir in new data */
inline void stir( const Block &data ) NOEXCEPT {
spongerng_stir(sp,data.data(),data.size());
decaf_spongerng_stir(sp,data.data(),data.size());
}
/** Securely destroy by overwriting state. */
inline ~SpongeRng() NOEXCEPT { spongerng_destroy(sp); }
inline ~SpongeRng() NOEXCEPT { decaf_spongerng_destroy(sp); }
using Rng::read;
@@ -88,7 +88,7 @@ public:
#if __cplusplus >= 201103L
final
#endif
{ spongerng_next(sp,buffer.data(),buffer.size()); }
{ decaf_spongerng_next(sp,buffer.data(),buffer.size()); }
private:
SpongeRng(const SpongeRng &) DELETE;


+ 8
- 8
src/public_include/decaf/strobe.h View File

@@ -19,29 +19,29 @@ extern "C" {
/** Keccak STROBE structure as struct. */
typedef struct {
keccak_sponge_t sponge; /**< Internal sponge object. */
decaf_keccak_sponge_t sponge; /**< Internal sponge object. */
} keccak_strobe_s;
/** Keccak STROBE structure as one-element array */
typedef keccak_strobe_s keccak_strobe_t[1];

/** STROBE parameters, 128-bit estimated security for hashing and encryption */
extern const struct kparams_s STROBE_128 API_VIS;
extern const struct decaf_kparams_s STROBE_128 API_VIS;

/** STROBE parameters, 256-bit estimated security for hashing and encryption */
extern const struct kparams_s STROBE_256 API_VIS;
extern const struct decaf_kparams_s STROBE_256 API_VIS;

/** STROBE parameters, 128-bit estimated security for encryption only (not hashing) */
extern const struct kparams_s STROBE_KEYED_128 API_VIS;
extern const struct decaf_kparams_s STROBE_KEYED_128 API_VIS;

/** STROBE parameters, 256-bit estimated security for encryption only (not hashing) */
extern const struct kparams_s STROBE_KEYED_256 API_VIS;
extern const struct decaf_kparams_s STROBE_KEYED_256 API_VIS;


/** Initialize Strobe protocol context. */
void strobe_init (
keccak_strobe_t strobe, /**< [out] The uninitialized strobe object. */
const struct kparams_s *params, /**< [in] Parameter set descriptor. */
const struct decaf_kparams_s *params, /**< [in] Parameter set descriptor. */
const char *proto, /**< [in] Unique identifier for the protocol. TODO: define namespaces for this */
uint8_t am_client /**< [in] Nonzero if this party. */
) NONNULL API_VIS;
@@ -158,7 +158,7 @@ static inline void NONNULL strobe_prng (
/** Respecify Strobe protocol object's crypto. */
void strobe_respec (
keccak_strobe_t strobe, /**< [inout] The initialized strobe context. */
const struct kparams_s *params /**< [in] Strobe parameter descriptor. */
const struct decaf_kparams_s *params /**< [in] Strobe parameter descriptor. */
) NONNULL API_VIS;

/** Securely destroy a STROBE object by overwriting it. */
@@ -329,7 +329,7 @@ void strobe_prng(keccak_strobe_t strobe, unsigned char *out, uint16_t len) {
}

void strobe_destroy (keccak_strobe_t doomed) {
sponge_destroy(doomed->sponge);
decaf_sponge_destroy(doomed->sponge);
}

/** @endcond */ /* internal */


+ 2
- 2
src/public_include/decaf/strobe.hxx View File

@@ -53,7 +53,7 @@ public:
inline Strobe (
const char *description, /**< Description of this protocol. */
client_or_server whoami, /**< Am I client or server? */
const kparams_s &params = STROBE_256 /**< Strength parameters */
const decaf_kparams_s &params = STROBE_256 /**< Strength parameters */
) NOEXCEPT {
strobe_init(wrapped, &params, description, whoami == CLIENT);
keyed = false;
@@ -222,7 +222,7 @@ public:
/** Change specs, perhaps to a faster spec that takes advantage of being keyed.
* @warning Experimental.
*/
inline void respec(const kparams_s &params) throw(ProtocolException) {
inline void respec(const decaf_kparams_s &params) throw(ProtocolException) {
if (!keyed) throw(ProtocolException());
strobe_respec(wrapped, &params);
}


+ 9
- 9
src/sha512.c View File

@@ -64,7 +64,7 @@ static uint64_t load_bigendian(const uint8_t *x)
b = a; \
a = T1 + T2;

static NOINLINE void hashblock(sha512_ctx_t ctx) {
static NOINLINE void hashblock(decaf_sha512_ctx_t ctx) {
const uint8_t *in = ctx->block;
uint64_t a = ctx->state[0];
uint64_t b = ctx->state[1];
@@ -197,7 +197,7 @@ static NOINLINE void hashblock(sha512_ctx_t ctx) {
ctx->state[7] += h;
}

void sha512_init(sha512_ctx_t ctx) {
void decaf_sha512_init(decaf_sha512_ctx_t ctx) {
static const uint64_t iv[8] = {
0x6a09e667f3bcc908,
0xbb67ae8584caa73b,
@@ -210,16 +210,16 @@ void sha512_init(sha512_ctx_t ctx) {
};
memcpy(ctx->state,iv,sizeof(iv));
memset(ctx->block,0,sizeof(ctx->block));
ctx->bytesProcessed = 0;
ctx->bytes_processed = 0;
}

void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) {
void decaf_sha512_update(decaf_sha512_ctx_t ctx, const uint8_t *message, size_t length) {
while (length > 0) {
size_t grab = length, off = ctx->bytesProcessed % 128;
size_t grab = length, off = ctx->bytes_processed % 128;
if (grab > 128-off) grab = 128-off;
memcpy(&ctx->block[off], message, grab);
ctx->bytesProcessed += grab;
ctx->bytes_processed += grab;
length -= grab;
message += grab;
@@ -229,10 +229,10 @@ void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) {
}
}

void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) {
void decaf_sha512_final(decaf_sha512_ctx_t ctx, uint8_t *out, size_t length) {
assert(length <= 512/8);
size_t off = ctx->bytesProcessed % 128, bp = ctx->bytesProcessed * 8;
size_t off = ctx->bytes_processed % 128, bp = ctx->bytes_processed * 8;
ctx->block[off] = 0x80;
memset(&ctx->block[off+1], 0, 128-off-1);
@@ -249,5 +249,5 @@ void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) {
out[i] = ctx->state[i/8] >> (56 - 8*(i%8));
}
sha512_init(ctx);
decaf_sha512_init(ctx);
}

+ 128
- 128
src/shake.c View File

@@ -51,19 +51,19 @@
# error platform not supported
#endif

/* The internal, non-opaque definition of the sponge struct. */
/* The internal, non-opaque definition of the decaf_sponge struct. */
typedef union {
uint64_t w[25]; uint8_t b[25*8];
} kdomain_t[1];

typedef struct kparams_s {
uint8_t position, flags, rate, startRound, pad, ratePad, maxOut, client; /* client = maxOutRemaining for sha3 */
} kparams_t[1];
typedef struct decaf_kparams_s {
uint8_t position, flags, rate, start_round, pad, rate_pad, max_out, client; /* client = max_outRemaining for decaf_sha3 */
} decaf_kparams_t[1];

typedef struct keccak_sponge_s {
typedef struct decaf_keccak_sponge_s {
kdomain_t state;
kparams_t params;
} keccak_sponge_s, keccak_sponge_t[1];
decaf_kparams_t params;
} decaf_keccak_sponge_s, decaf_keccak_sponge_t[1];

#define INTERNAL_SPONGE_STRUCT 1
#include <decaf/shake.h>
@@ -106,14 +106,14 @@ static inline uint64_t rol(uint64_t x, int s) {
/*** The Keccak-f[1600] permutation ***/
static void
__attribute__((noinline))
keccakf(kdomain_t state, uint8_t startRound) {
keccakf(kdomain_t state, uint8_t start_round) {
uint64_t* a = state->w;
uint64_t b[5] = {0}, t, u;
uint8_t x, y, i;
for (i=0; i<25; i++) a[i] = le64toh(a[i]);

for (i = startRound; i < 24; i++) {
for (i = start_round; i < 24; i++) {
FOR51(x, b[x] = 0; )
FOR55(y, FOR51(x, b[x] ^= a[x + y]; ))
FOR55(y, FOR51(x,
@@ -135,57 +135,57 @@ keccakf(kdomain_t state, uint8_t startRound) {
for (i=0; i<25; i++) a[i] = htole64(a[i]);
}

static inline void dokeccak (keccak_sponge_t sponge) {
keccakf(sponge->state, sponge->params->startRound);
sponge->params->position = 0;
static inline void dokeccak (decaf_keccak_sponge_t decaf_sponge) {
keccakf(decaf_sponge->state, decaf_sponge->params->start_round);
decaf_sponge->params->position = 0;
}

void sha3_update (
struct keccak_sponge_s * __restrict__ sponge,
void decaf_sha3_update (
struct decaf_keccak_sponge_s * __restrict__ decaf_sponge,
const uint8_t *in,
size_t len
) {
if (!len) return;
assert(sponge->params->position < sponge->params->rate);
assert(sponge->params->rate < sizeof(sponge->state));
assert(sponge->params->flags == FLAG_ABSORBING);
assert(decaf_sponge->params->position < decaf_sponge->params->rate);
assert(decaf_sponge->params->rate < sizeof(decaf_sponge->state));
assert(decaf_sponge->params->flags == FLAG_ABSORBING);
while (len) {
size_t cando = sponge->params->rate - sponge->params->position, i;
uint8_t* state = &sponge->state->b[sponge->params->position];
size_t cando = decaf_sponge->params->rate - decaf_sponge->params->position, i;
uint8_t* state = &decaf_sponge->state->b[decaf_sponge->params->position];
if (cando > len) {
for (i = 0; i < len; i += 1) state[i] ^= in[i];
sponge->params->position += len;
decaf_sponge->params->position += len;
return;
} else {
for (i = 0; i < cando; i += 1) state[i] ^= in[i];
dokeccak(sponge);
dokeccak(decaf_sponge);
len -= cando;
in += cando;
}
}
}

void sha3_output (
keccak_sponge_t sponge,
void decaf_sha3_output (
decaf_keccak_sponge_t decaf_sponge,
uint8_t * __restrict__ out,
size_t len
) {
assert(sponge->params->position < sponge->params->rate);
assert(sponge->params->rate < sizeof(sponge->state));
assert(decaf_sponge->params->position < decaf_sponge->params->rate);
assert(decaf_sponge->params->rate < sizeof(decaf_sponge->state));
if (sponge->params->maxOut != 0xFF) {
assert(sponge->params->client >= len);
sponge->params->client -= len;
if (decaf_sponge->params->max_out != 0xFF) {
assert(decaf_sponge->params->client >= len);
decaf_sponge->params->client -= len;
}
switch (sponge->params->flags) {
switch (decaf_sponge->params->flags) {
case FLAG_SQUEEZING: break;
case FLAG_ABSORBING:
{
uint8_t* state = sponge->state->b;
state[sponge->params->position] ^= sponge->params->pad;
state[sponge->params->rate - 1] ^= sponge->params->ratePad;
dokeccak(sponge);
uint8_t* state = decaf_sponge->state->b;
state[decaf_sponge->params->position] ^= decaf_sponge->params->pad;
state[decaf_sponge->params->rate - 1] ^= decaf_sponge->params->rate_pad;
dokeccak(decaf_sponge);
break;
}
default:
@@ -193,82 +193,82 @@ void sha3_output (
}
while (len) {
size_t cando = sponge->params->rate - sponge->params->position;
uint8_t* state = &sponge->state->b[sponge->params->position];
size_t cando = decaf_sponge->params->rate - decaf_sponge->params->position;
uint8_t* state = &decaf_sponge->state->b[decaf_sponge->params->position];
if (cando > len) {
memcpy(out, state, len);
sponge->params->position += len;
decaf_sponge->params->position += len;
return;
} else {
memcpy(out, state, cando);
dokeccak(sponge);
dokeccak(decaf_sponge);
len -= cando;
out += cando;
}
}
}

void sha3_final (
keccak_sponge_t sponge,
void decaf_sha3_final (
decaf_keccak_sponge_t decaf_sponge,
uint8_t * __restrict__ out,
size_t len
) {
sha3_output(sponge,out,len);
sha3_reset(sponge);
decaf_sha3_output(decaf_sponge,out,len);
decaf_sha3_reset(decaf_sponge);
}

void sha3_reset (
keccak_sponge_t sponge
void decaf_sha3_reset (
decaf_keccak_sponge_t decaf_sponge
) {
sponge_init(sponge, sponge->params);
sponge->params->client = sponge->params->maxOut;
decaf_sponge_init(decaf_sponge, decaf_sponge->params);
decaf_sponge->params->client = decaf_sponge->params->max_out;
}

void sponge_destroy (keccak_sponge_t sponge) { decaf_bzero(sponge, sizeof(keccak_sponge_t)); }
void decaf_sponge_destroy (decaf_keccak_sponge_t decaf_sponge) { decaf_bzero(decaf_sponge, sizeof(decaf_keccak_sponge_t)); }

void sponge_init (
keccak_sponge_t sponge,
const struct kparams_s *params
void decaf_sponge_init (
decaf_keccak_sponge_t decaf_sponge,
const struct decaf_kparams_s *params
) {
memset(sponge->state, 0, sizeof(sponge->state));
sponge->params[0] = params[0];
sponge->params->position = 0;
memset(decaf_sponge->state, 0, sizeof(decaf_sponge->state));
decaf_sponge->params[0] = params[0];
decaf_sponge->params->position = 0;
}

void sponge_hash (
void decaf_sponge_hash (
const uint8_t *in,
size_t inlen,
uint8_t *out,
size_t outlen,
const struct kparams_s *params
const struct decaf_kparams_s *params
) {
keccak_sponge_t sponge;
sponge_init(sponge, params);
sha3_update(sponge, in, inlen);
sha3_output(sponge, out, outlen);
sponge_destroy(sponge);
decaf_keccak_sponge_t decaf_sponge;
decaf_sponge_init(decaf_sponge, params);
decaf_sha3_update(decaf_sponge, in, inlen);
decaf_sha3_output(decaf_sponge, out, outlen);
decaf_sponge_destroy(decaf_sponge);
}

#define DEFSHAKE(n) \
const struct kparams_s SHAKE##n##_params_s = \
const struct decaf_kparams_s DECAF_SHAKE##n##_params_s = \
{ 0, FLAG_ABSORBING, 200-n/4, 0, 0x1f, 0x80, 0xFF, 0xFF };
#define DEFSHA3(n) \
const struct kparams_s SHA3_##n##_params_s = \
const struct decaf_kparams_s DECAF_SHA3_##n##_params_s = \
{ 0, FLAG_ABSORBING, 200-n/4, 0, 0x06, 0x80, n/8, n/8 };

size_t sponge_default_output_bytes (
const keccak_sponge_t s
size_t decaf_sponge_default_output_bytes (
const decaf_keccak_sponge_t s
) {
return (s->params->maxOut == 0xFF)
return (s->params->max_out == 0xFF)
? (200-s->params->rate)
: ((200-s->params->rate)/2);
}

size_t sponge_max_output_bytes (
const keccak_sponge_t s
size_t decaf_sponge_max_output_bytes (
const decaf_keccak_sponge_t s
) {
return (s->params->maxOut == 0xFF)
return (s->params->max_out == 0xFF)
? SIZE_MAX
: ((200-s->params->rate)/2);
}
@@ -318,55 +318,55 @@ static void get_cpu_entropy(uint8_t *entropy, size_t len) {
#endif
}

static const char *SPONGERNG_NAME = "strobe::spongerng"; /* TODO: canonicalize name */
static const char *SPONGERNG_NAME = "strobe::decaf_spongerng"; /* TODO: canonicalize name */

void spongerng_next (
keccak_prng_t prng,
void decaf_spongerng_next (
decaf_keccak_prng_t prng,
uint8_t * __restrict__ out,
size_t len
) {
keccak_sponge_s *sponge = prng->sponge;
if (sponge->params->client) {
decaf_keccak_sponge_s *decaf_sponge = prng->sponge;
if (decaf_sponge->params->client) {
/* nondet */
uint8_t cpu_entropy[32];
get_cpu_entropy(cpu_entropy, sizeof(cpu_entropy));
strobe_transact((keccak_strobe_s*)sponge,NULL,cpu_entropy,sizeof(cpu_entropy),STROBE_CW_PRNG_CPU_SEED);
strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,cpu_entropy,sizeof(cpu_entropy),STROBE_CW_PRNG_CPU_SEED);
}
strobe_transact((keccak_strobe_s*)sponge,out,NULL,len,STROBE_CW_PRNG);
strobe_transact((keccak_strobe_s*)decaf_sponge,out,NULL,len,STROBE_CW_PRNG);
}

void spongerng_stir (
keccak_prng_t sponge,
void decaf_spongerng_stir (
decaf_keccak_prng_t decaf_sponge,
const uint8_t * __restrict__ in,
size_t len
) {
strobe_transact((keccak_strobe_s*)sponge,NULL,in,len,STROBE_CW_PRNG_USER_SEED);
strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,in,len,STROBE_CW_PRNG_USER_SEED);
}

static const struct kparams_s spongerng_params = {
static const struct decaf_kparams_s decaf_spongerng_params = {
0, 0, 200-256/4, 0, 0x06, 0x80, 0xFF, 0
};

void spongerng_init_from_buffer (
keccak_prng_t prng,
void decaf_spongerng_init_from_buffer (
decaf_keccak_prng_t prng,
const uint8_t * __restrict__ in,
size_t len,
int deterministic
) {
keccak_sponge_s *sponge = prng->sponge;
strobe_init((keccak_strobe_s*)sponge, &spongerng_params, SPONGERNG_NAME, !deterministic);
spongerng_stir(prng, in, len);
decaf_keccak_sponge_s *decaf_sponge = prng->sponge;
strobe_init((keccak_strobe_s*)decaf_sponge, &decaf_spongerng_params, SPONGERNG_NAME, !deterministic);
decaf_spongerng_stir(prng, in, len);
}

decaf_error_t spongerng_init_from_file (
keccak_prng_t prng,
decaf_error_t decaf_spongerng_init_from_file (
decaf_keccak_prng_t prng,
const char *file,
size_t len,
int deterministic
) {
keccak_sponge_s *sponge = prng->sponge;
strobe_init((keccak_strobe_s*)sponge, &spongerng_params, SPONGERNG_NAME, !deterministic);
decaf_keccak_sponge_s *decaf_sponge = prng->sponge;
strobe_init((keccak_strobe_s*)decaf_sponge, &decaf_spongerng_params, SPONGERNG_NAME, !deterministic);
if (!len) return DECAF_FAILURE;

int fd = open(file, O_RDONLY);
@@ -380,7 +380,7 @@ decaf_error_t spongerng_init_from_file (
close(fd);
return DECAF_FAILURE;
}
strobe_transact((keccak_strobe_s*)sponge,NULL,buffer,red,
strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,buffer,red,
first ? STROBE_CW_PRNG_USER_SEED : (STROBE_CW_PRNG_USER_SEED | STROBE_FLAG_MORE));
len -= red;
first = 0;
@@ -390,39 +390,39 @@ decaf_error_t spongerng_init_from_file (
return DECAF_SUCCESS;
}

decaf_error_t spongerng_init_from_dev_urandom (
keccak_prng_t sponge
decaf_error_t decaf_spongerng_init_from_dev_urandom (
decaf_keccak_prng_t decaf_sponge
) {
return spongerng_init_from_file(sponge, "/dev/urandom", 64, 0);
return decaf_spongerng_init_from_file(decaf_sponge, "/dev/urandom", 64, 0);
}

const struct kparams_s STROBE_128 = { 0, 0, 200-128/4, 0, 0, 0, 0, 0 };
const struct kparams_s STROBE_256 = { 0, 0, 200-256/4, 0, 0, 0, 0, 0 };
const struct kparams_s STROBE_KEYED_256 = { 0, 0, 200-256/4, 12, 0, 0, 0, 0 };
const struct kparams_s STROBE_KEYED_128 = { 0, 0, 200-128/4, 12, 0, 0, 0, 0 };
const struct decaf_kparams_s STROBE_128 = { 0, 0, 200-128/4, 0, 0, 0, 0, 0 };
const struct decaf_kparams_s STROBE_256 = { 0, 0, 200-256/4, 0, 0, 0, 0, 0 };
const struct decaf_kparams_s STROBE_KEYED_256 = { 0, 0, 200-256/4, 12, 0, 0, 0, 0 };
const struct decaf_kparams_s STROBE_KEYED_128 = { 0, 0, 200-128/4, 12, 0, 0, 0, 0 };

/* Strobe is different in that its rate is padded by one byte. */
void strobe_init(
keccak_strobe_t strobe,
const struct kparams_s *params,
const struct decaf_kparams_s *params,
const char *proto,
uint8_t am_client
) {
keccak_sponge_s *sponge = strobe->sponge;
sponge_init(sponge,params);
decaf_keccak_sponge_s *decaf_sponge = strobe->sponge;
decaf_sponge_init(decaf_sponge,params);
const char *a_string = "STROBE full v0.2";
unsigned len = strlen(a_string);
memcpy (
&sponge->state->b[sizeof(sponge->state)-len],
&decaf_sponge->state->b[sizeof(decaf_sponge->state)-len],
a_string,
len
);
strobe_transact(strobe, NULL, (const unsigned char *)proto, strlen(proto), STROBE_CW_INIT);
sponge->state->b[sponge->params->rate+1] = 1;
sponge->params->client = !!am_client;
decaf_sponge->state->b[decaf_sponge->params->rate+1] = 1;
decaf_sponge->params->client = !!am_client;
}

static const uint8_t EXCEEDED_RATE_PAD = 0x2;
@@ -433,17 +433,17 @@ static __inline__ uint8_t CONTROL_WORD_PAD(int cw_size) {

/* PERF vectorize */
static void strobe_duplex (
struct keccak_sponge_s *__restrict__ sponge,
struct decaf_keccak_sponge_s *__restrict__ decaf_sponge,
unsigned char *out,
const unsigned char *in,
size_t len,
mode_t mode
) {
unsigned int j, r = sponge->params->rate, p = sponge->params->position;
uint8_t* __restrict__ state = &sponge->state->b[0];
unsigned int j, r = decaf_sponge->params->rate, p = decaf_sponge->params->position;
uint8_t* __restrict__ state = &decaf_sponge->state->b[0];
/* sanity */
assert(r < sizeof(sponge->state) && r >= p);
assert(r < sizeof(decaf_sponge->state) && r >= p);
switch (mode) {
case STROBE_MODE_PLAINTEXT:
assert(in || len==0);
@@ -533,11 +533,11 @@ static void strobe_duplex (
};
if (last) {
sponge->params->position = p+len;
decaf_sponge->params->position = p+len;
return;
} else {
state[r] ^= EXCEEDED_RATE_PAD;
keccakf(sponge->state, sponge->params->startRound);
keccakf(decaf_sponge->state, decaf_sponge->params->start_round);
len -= cando;
p = 0;
}
@@ -559,10 +559,10 @@ void strobe_transact (
size_t len,
uint32_t cw_flags
) {
keccak_sponge_s *sponge = strobe->sponge;
decaf_keccak_sponge_s *decaf_sponge = strobe->sponge;
if ( (cw_flags & STROBE_FLAG_NONDIR) == 0
/* extraneous nots to change ints to bools :-/ */
&& !(cw_flags & STROBE_FLAG_RECV) != !(sponge->params->client) ) {
&& !(cw_flags & STROBE_FLAG_RECV) != !(decaf_sponge->params->client) ) {
cw_flags ^= STROBE_FLAG_CLIENT_SENT;
}
@@ -588,30 +588,30 @@ void strobe_transact (
my_len>>48,
my_len>>56
};
strobe_duplex(sponge, NULL, cwb, len_cw, STROBE_MODE_ABSORB_R);
if ((cw_flags & STROBE_FLAG_RUN_F) || (sponge->params->flags & FLAG_NOPARSE)) {
sponge->state->b[sponge->params->position] ^= CONTROL_WORD_PAD(len_cw);
dokeccak(sponge);
strobe_duplex(decaf_sponge, NULL, cwb, len_cw, STROBE_MODE_ABSORB_R);
if ((cw_flags & STROBE_FLAG_RUN_F) || (decaf_sponge->params->flags & FLAG_NOPARSE)) {
decaf_sponge->state->b[decaf_sponge->params->position] ^= CONTROL_WORD_PAD(len_cw);
dokeccak(decaf_sponge);
}

sponge->params->flags &= ~FLAG_NOPARSE;
decaf_sponge->params->flags &= ~FLAG_NOPARSE;
if (cw_flags & STROBE_FLAG_NO_LENGTH) {
sponge->params->flags |= FLAG_NOPARSE;
decaf_sponge->params->flags |= FLAG_NOPARSE;
}
}
strobe_duplex(sponge, out, in, len, get_mode(cw_flags));
strobe_duplex(decaf_sponge, out, in, len, get_mode(cw_flags));
if (cw_flags & STROBE_FLAG_FORGET) {
uint32_t len = sponge->params->rate - sponge->params->position;
if (len < STROBE_FORGET_BYTES + len_cw) len += sponge->params->rate;
uint32_t len = decaf_sponge->params->rate - decaf_sponge->params->position;
if (len < STROBE_FORGET_BYTES + len_cw) len += decaf_sponge->params->rate;
len -= len_cw; /* HACK */
if (cw_flags & STROBE_FLAG_NO_LENGTH) len = 2*STROBE_FORGET_BYTES;
assert(!(cw_flags & STROBE_FLAG_MORE));
strobe_duplex(
sponge, NULL, NULL, len,
decaf_sponge, NULL, NULL, len,
STROBE_MODE_FORGET
);
}
@@ -622,14 +622,14 @@ decaf_error_t strobe_verify_auth (
const unsigned char *in,
uint16_t len
) {
keccak_sponge_s *sponge = strobe->sponge;
if (len > sponge->params->rate) return DECAF_FAILURE;
decaf_keccak_sponge_s *decaf_sponge = strobe->sponge;
if (len > decaf_sponge->params->rate) return DECAF_FAILURE;
strobe_transact(strobe, NULL, in, len, strobe_cw_recv(STROBE_CW_MAC));
int32_t residue = 0;
int i;
for (i=0; i<len; i++) {
residue |= sponge->state->b[i];
residue |= decaf_sponge->state->b[i];
}
return decaf_succeed_if((residue-1)>>8);
@@ -637,15 +637,15 @@ decaf_error_t strobe_verify_auth (

void strobe_respec (
keccak_strobe_t strobe,
const struct kparams_s *params
const struct decaf_kparams_s *params
) {
keccak_sponge_s *sponge = strobe->sponge;
uint8_t in[] = { params->rate, params->startRound };
decaf_keccak_sponge_s *decaf_sponge = strobe->sponge;
uint8_t in[] = { params->rate, params->start_round };
strobe_transact( strobe, NULL, in, sizeof(in), STROBE_CW_RESPEC_INFO );
strobe_transact( strobe, NULL, NULL, 0, STROBE_CW_RESPEC );
assert(sponge->params->position == 0);
sponge->params->rate = params->rate;
sponge->params->startRound = params->startRound;
assert(decaf_sponge->params->position == 0);
decaf_sponge->params->rate = params->rate;
decaf_sponge->params->start_round = params->start_round;
}

/* FUTURE: Keyak instances, etc */

+ 1
- 1
test/bench_decaf.cxx View File

@@ -335,7 +335,7 @@ static void macro() {
}
for (Benchmark b("SharedSecret",1); b.iter(); ) {
ss = s1.sharedSecret(p2,32,true);
ss = s1.shared_secret(p2,32,true);
}
printf("\nProtocol benchmarks:\n");


+ 18
- 18
test/shakesum.c View File

@@ -1,6 +1,6 @@
/**
* @cond internal
* @file shakesum.c
* @file decaf_shakesum.c
* @copyright
* Copyright (c) 2015 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
@@ -17,19 +17,19 @@
static void usage() {
fprintf(
stderr,
"shakesum [shake256|shake128|sha3-224|sha3-384|sha3-512|sha512] < infile > outfile\n"
"decaf_shakesum [shake256|shake128|sha3-224|sha3-384|sha3-512|sha512] < infile > outfile\n"
);
}

int main(int argc, char **argv) {
(void)argc; (void)argv;

keccak_sponge_t sponge;
sha512_ctx_t sha512;
decaf_keccak_sponge_t sponge;
decaf_sha512_ctx_t decaf_sha512;
unsigned char buf[1024];
unsigned int outlen = 512;
shake256_gen_init(sponge);
decaf_shake256_gen_init(sponge);
int use_sha512 = 0;

@@ -37,26 +37,26 @@ int main(int argc, char **argv) {
if (argc > 1) {
if (!strcmp(argv[1], "shake256") || !strcmp(argv[1], "SHAKE256")) {
outlen = 512;
shake256_gen_init(sponge);
decaf_shake256_gen_init(sponge);
} else if (!strcmp(argv[1], "shake128") || !strcmp(argv[1], "SHAKE128")) {
outlen = 512;
shake128_gen_init(sponge);
decaf_shake128_gen_init(sponge);
} else if (!strcmp(argv[1], "sha3-224") || !strcmp(argv[1], "SHA3-224")) {
outlen = 224/8;
sha3_224_gen_init(sponge);
decaf_sha3_224_gen_init(sponge);
} else if (!strcmp(argv[1], "sha3-256") || !strcmp(argv[1], "SHA3-256")) {
outlen = 256/8;
sha3_256_gen_init(sponge);
decaf_sha3_256_gen_init(sponge);
} else if (!strcmp(argv[1], "sha3-384") || !strcmp(argv[1], "SHA3-384")) {
outlen = 384/8;
sha3_384_gen_init(sponge);
decaf_sha3_384_gen_init(sponge);
} else if (!strcmp(argv[1], "sha3-512") || !strcmp(argv[1], "SHA3-512")) {
outlen = 512/8;
sha3_512_gen_init(sponge);
decaf_sha3_512_gen_init(sponge);
} else if (!strcmp(argv[1], "sha512") || !strcmp(argv[1], "SHA512")) {
outlen = 512/8;
use_sha512 = 1;
sha512_init(sha512);
decaf_sha512_init(decaf_sha512);
} else {
usage();
return 2;
@@ -67,17 +67,17 @@ int main(int argc, char **argv) {
do {
red = read(0, buf, sizeof(buf));
if (red>0) {
if (use_sha512) sha512_update(sha512,buf,red);
else sha3_update(sponge,buf,red);
if (use_sha512) decaf_sha512_update(decaf_sha512,buf,red);
else decaf_sha3_update(sponge,buf,red);
}
} while (red>0);

if (use_sha512) {
sha512_final(sha512,buf,outlen);
sha512_destroy(sha512);
decaf_sha512_final(decaf_sha512,buf,outlen);
decaf_sha512_destroy(decaf_sha512);
} else {
sha3_output(sponge,buf,outlen);
sponge_destroy(sponge);
decaf_sha3_output(sponge,buf,outlen);
decaf_sponge_destroy(sponge);
}
unsigned i;
for (i=0; i<outlen; i++) {


+ 2
- 2
test/test_ct.cxx View File

@@ -126,10 +126,10 @@ static void test_crypto() {

#if DECAF_CRYPTO_SHARED_SECRET_SHORT_CIRUIT
PrivateKey<Group> sk2(defrng);
(void)sk1.sharedSecretNoexcept(shared,sk2.pub(),i&1);
(void)sk1.shared_secretNoexcept(shared,sk2.pub(),i&1);
#else
PrivateKey<Group> sk3(rng);
(void)sk1.sharedSecretNoexcept(shared,sk3.pub(),i&1);
(void)sk1.shared_secretNoexcept(shared,sk3.pub(),i&1);
#endif
}
}


+ 2
- 2
test/test_decaf.cxx View File

@@ -421,8 +421,8 @@ static void test_crypto() {

pub1.verify(message, sig);
SecureBuffer s1(priv1.sharedSecret(pub2,32,true));
SecureBuffer s2(priv2.sharedSecret(pub1,32,false));
SecureBuffer s1(priv1.shared_secret(pub2,32,true));
SecureBuffer s2(priv2.shared_secret(pub1,32,false));
if (!memeq(s1,s2)) {
test.fail();
printf(" Shared secrets disagree on iteration %d.\n",i);


Write Preview
Loading…
Cancel
Save