jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

lowerCamelCase -> snake_case. Put decaf_ in front of all (most?) identifiers, except for SHAKE which is being removed before 1.0 release (for future refactoring)

master
Michael Hamburg 8 years ago
parent
85fafd2d52
commit
f1df5e4714
22 changed files with 360 additions and 359 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -4
      src/per_curve/crypto.tmpl.hxx
  2. +5
    -5
      src/per_curve/decaf.tmpl.c
  3. +2
    -2
      src/per_curve/decaf.tmpl.h
  4. +4
    -4
      src/per_curve/decaf.tmpl.hxx
  5. +5
    -5
      src/per_curve/decaf_gen_tables.tmpl.c
  6. +8
    -8
      src/per_curve/eddsa.tmpl.c
  7. +2
    -2
      src/per_curve/eddsa.tmpl.hxx
  8. +17
    -17
      src/public_include/decaf/secure_buffer.hxx
  9. +13
    -13
      src/public_include/decaf/sha512.h
  10. +9
    -9
      src/public_include/decaf/sha512.hxx
  11. +77
    -76
      src/public_include/decaf/shake.h
  12. +21
    -21
      src/public_include/decaf/shake.hxx
  13. +17
    -17
      src/public_include/decaf/spongerng.h
  14. +6
    -6
      src/public_include/decaf/spongerng.hxx
  15. +8
    -8
      src/public_include/decaf/strobe.h
  16. +2
    -2
      src/public_include/decaf/strobe.hxx
  17. +9
    -9
      src/sha512.c
  18. +128
    -128
      src/shake.c
  19. +1
    -1
      test/bench_decaf.cxx
  20. +18
    -18
      test/shakesum.c
  21. +2
    -2
      test/test_ct.cxx
  22. +2
    -2
      test/test_decaf.cxx

+ 4
- 4
src/per_curve/crypto.tmpl.hxx View File

@@ -62,7 +62,7 @@ public:
}
/** Serialization size. */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }
/** Verify a message */
inline void verify(
@@ -132,7 +132,7 @@ public:
}
/** Serialization size. */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }
/** Serialize into a buffer. */
inline void serialize_into(unsigned char *x) const NOEXCEPT {
@@ -152,7 +152,7 @@ public:
}
/** Derive a shared secret */
inline SecureBuffer sharedSecret(
inline SecureBuffer shared_secret(
const PublicKey<$(cxx_ns)> &pub,
size_t bytes,
bool me_first
@@ -166,7 +166,7 @@ public:
/** Derive a shared secret */
inline decaf_error_t __attribute__((warn_unused_result))
sharedSecretNoexcept(
shared_secret_noexcept(
Buffer ret,
const PublicKey<$(cxx_ns)> &pub,
bool me_first


+ 5
- 5
src/per_curve/decaf.tmpl.c View File

@@ -1364,11 +1364,11 @@ struct smvt_control {
};

static int recode_wnaf (
struct smvt_control *control, /* [nbits/(tableBits+1) + 3] */
struct smvt_control *control, /* [nbits/(table_bits+1) + 3] */
const scalar_t scalar,
unsigned int tableBits
unsigned int table_bits
) {
unsigned int table_size = SCALAR_BITS/(tableBits+1) + 3;
unsigned int table_size = SCALAR_BITS/(table_bits+1) + 3;
int position = table_size - 1; /* at the end */
/* place the end marker */
@@ -1382,7 +1382,7 @@ static int recode_wnaf (
*/
uint64_t current = scalar->limb[0] & 0xFFFF;
uint32_t mask = (1<<(tableBits+1))-1;
uint32_t mask = (1<<(table_bits+1))-1;

unsigned int w;
const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2;
@@ -1396,7 +1396,7 @@ static int recode_wnaf (
assert(position >= 0);
uint32_t pos = __builtin_ctz((uint32_t)current), odd = (uint32_t)current >> pos;
int32_t delta = odd & mask;
if (odd & 1<<(tableBits+1)) delta -= (1<<(tableBits+1));
if (odd & 1<<(table_bits+1)) delta -= (1<<(table_bits+1));
current -= delta << pos;
control[position].power = pos + 16*(w-1);
control[position].addend = delta;


+ 2
- 2
src/per_curve/decaf.tmpl.h View File

@@ -538,12 +538,12 @@ void $(c_ns)_scalar_cond_sel (
/**
* @brief Test that a point is valid, for debugging purposes.
*
* @param [in] toTest The point to test.
* @param [in] to_test The point to test.
* @retval DECAF_TRUE The point is valid.
* @retval DECAF_FALSE The point is invalid.
*/
decaf_bool_t $(c_ns)_point_valid (
const $(c_ns)_point_t toTest
const $(c_ns)_point_t to_test
) API_VIS WARN_UNUSED NONNULL NOINLINE;

/**


+ 4
- 4
src/per_curve/decaf.tmpl.hxx View File

@@ -104,7 +104,7 @@ public:
inline Scalar(const Block &buffer) NOEXCEPT { *this = buffer; }

/** Serializable instance */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }

/** Serializable instance */
inline void serialize_into(unsigned char *buffer) const NOEXCEPT {
@@ -378,7 +378,7 @@ public:
}

/** Serializable instance */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }

/** Serializable instance */
inline void serialize_into(unsigned char *buffer) const NOEXCEPT {
@@ -559,7 +559,7 @@ public:
* initializer for points which makes this equal to the identity.
*/
inline Precomputed (
const Precomputed_U &yours = *defaultValue()
const Precomputed_U &yours = *default_value()
) NOEXCEPT : OwnedOrUnowned<Precomputed,Precomputed_U>(yours) {}


@@ -617,7 +617,7 @@ public:
friend class OwnedOrUnowned<Precomputed,Precomputed_U>;
static inline size_t size() NOEXCEPT { return $(c_ns)_sizeof_precomputed_s; }
static inline size_t alignment() NOEXCEPT { return $(c_ns)_alignof_precomputed_s; }
static inline const Precomputed_U * defaultValue() NOEXCEPT { return $(c_ns)_precomputed_base; }
static inline const Precomputed_U * default_value() NOEXCEPT { return $(c_ns)_precomputed_base; }
/** @endcond */
};



+ 5
- 5
src/per_curve/decaf_gen_tables.tmpl.c View File

@@ -59,10 +59,10 @@ int main(int argc, char **argv) {
if (ret || !pre) return 1;
API_NS(precompute)(pre, real_point_base);
struct niels_s *preWnaf;
ret = posix_memalign((void**)&preWnaf, API_NS(alignof_precomputed_s), API_NS(sizeof_precomputed_wnafs));
if (ret || !preWnaf) return 1;
API_NS(precompute_wnafs)(preWnaf, real_point_base);
struct niels_s *pre_wnaf;
ret = posix_memalign((void**)&pre_wnaf, API_NS(alignof_precomputed_s), API_NS(sizeof_precomputed_wnafs));
if (ret || !pre_wnaf) return 1;
API_NS(precompute_wnafs)(pre_wnaf, real_point_base);

const gf_s *output;
unsigned i;
@@ -91,7 +91,7 @@ int main(int argc, char **argv) {
}
printf("\n};\n");
output = (const gf_s *)preWnaf;
output = (const gf_s *)pre_wnaf;
printf("const gf API_NS(precomputed_wnaf_as_fe)[%d]\n",
(int)(API_NS(sizeof_precomputed_wnafs) / sizeof(gf)));
printf("__attribute__((aligned(%d),visibility(\"hidden\"))) = {\n ", (int)API_NS(alignof_precomputed_s));


+ 8
- 8
src/per_curve/eddsa.tmpl.c View File

@@ -12,12 +12,12 @@
#define API_NAME "$(c_ns)"
#define API_NS(_id) $(c_ns)_##_id

#define hash_ctx_t $(eddsa_hash)_ctx_t
#define hash_init $(eddsa_hash)_init
#define hash_update $(eddsa_hash)_update
#define hash_final $(eddsa_hash)_final
#define hash_destroy $(eddsa_hash)_destroy
#define hash_hash $(eddsa_hash)_hash
#define hash_ctx_t decaf_$(eddsa_hash)_ctx_t
#define hash_init decaf_$(eddsa_hash)_init
#define hash_update decaf_$(eddsa_hash)_update
#define hash_final decaf_$(eddsa_hash)_final
#define hash_destroy decaf_$(eddsa_hash)_destroy
#define hash_hash decaf_$(eddsa_hash)_hash

#define SUPPORTS_CONTEXTS $(C_NS)_EDDSA_SUPPORTS_CONTEXTS
#define EDDSA_USE_SIGMA_ISOGENY $(eddsa_sigma_iso)
@@ -47,9 +47,9 @@ static void hash_init_with_dom(
hash_init(hash);
#if SUPPORTS_CONTEXTS
const char *domS = "$(eddsa_dom)";
const char *dom_s = "$(eddsa_dom)";
const uint8_t dom[2] = {1+word_is_zero(prehashed), context_len};
hash_update(hash,(const unsigned char *)domS, strlen(domS));
hash_update(hash,(const unsigned char *)dom_s, strlen(dom_s));
hash_update(hash,dom,2);
hash_update(hash,context,context_len);
#else


+ 2
- 2
src/per_curve/eddsa.tmpl.hxx View File

@@ -145,7 +145,7 @@ public:
}
/** Serialization size. */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }
/** Serialize into a buffer. */
inline void serialize_into(unsigned char *x) const NOEXCEPT {
@@ -258,7 +258,7 @@ public:

/** Serialization size. */
inline size_t serSize() const NOEXCEPT { return SER_BYTES; }
inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }
/** Serialize into a buffer. */
inline void serialize_into(unsigned char *x) const NOEXCEPT {


+ 17
- 17
src/public_include/decaf/secure_buffer.hxx View File

@@ -85,7 +85,7 @@ inline bool memeq(const std::vector<T,U> &a, const std::vector<V,W> &b) {
template<class Base> class Serializable {
public:
/** @brief Return the number of bytes needed to serialize this object */
inline size_t serSize() const NOEXCEPT { return static_cast<const Base*>(this)->serSize(); }
inline size_t ser_size() const NOEXCEPT { return static_cast<const Base*>(this)->ser_size(); }
/** @brief Serialize this object into a buffer */
inline void serialize_into(unsigned char *buf) const NOEXCEPT {
@@ -94,7 +94,7 @@ public:
/** @brief Serialize this object into a SecureBuffer and return it */
inline SecureBuffer serialize() const throw(std::bad_alloc) {
SecureBuffer out(serSize());
SecureBuffer out(ser_size());
serialize_into(out.data());
return out;
}
@@ -396,32 +396,32 @@ protected:
Wrapped *mine;
const Wrapped *yours;
} ours;
bool isMine;
bool is_mine;

inline void clear() NOEXCEPT {
if (isMine) {
if (is_mine) {
really_bzero(ours.mine, T::size());
free(ours.mine);
ours.yours = T::defaultValue();
isMine = false;
ours.yours = T::default_value();
is_mine = false;
}
}
inline void alloc() throw(std::bad_alloc) {
if (isMine) return;
if (is_mine) return;
int ret = posix_memalign((void**)&ours.mine, T::alignment(), T::size());
if (ret || !ours.mine) {
isMine = false;
is_mine = false;
throw std::bad_alloc();
}
isMine = true;
is_mine = true;
}
inline const Wrapped *get() const NOEXCEPT { return isMine ? ours.mine : ours.yours; }
inline const Wrapped *get() const NOEXCEPT { return is_mine ? ours.mine : ours.yours; }

inline OwnedOrUnowned(
const Wrapped &yours = *T::defaultValue()
const Wrapped &yours = *T::default_value()
) NOEXCEPT {
ours.yours = &yours;
isMine = false;
is_mine = false;
}

/**
@@ -429,14 +429,14 @@ protected:
*/
inline T &operator=(const OwnedOrUnowned &it) throw(std::bad_alloc) {
if (this == &it) return *(T*)this;
if (it.isMine) {
if (it.is_mine) {
alloc();
memcpy(ours.mine,it.ours.mine,T::size());
} else {
clear();
ours.yours = it.ours.yours;
}
isMine = it.isMine;
is_mine = it.is_mine;
return *(T*)this;
}

@@ -445,9 +445,9 @@ protected:
if (this == &it) return *(T*)this;
clear();
ours = it.ours;
isMine = it.isMine;
it.isMine = false;
it.ours.yours = T::defaultValue;
is_mine = it.is_mine;
it.is_mine = false;
it.ours.yours = T::default_value;
return *this;
}
#endif


+ 13
- 13
src/public_include/decaf/sha512.h View File

@@ -19,31 +19,31 @@ extern "C" {
#endif

typedef struct sha512_ctx_s {
typedef struct decaf_sha512_ctx_s {
uint64_t state[8];
uint8_t block[128];
uint64_t bytesProcessed;
} sha512_ctx_s, sha512_ctx_t[1];
uint64_t bytes_processed;
} decaf_sha512_ctx_s, decaf_sha512_ctx_t[1];

void sha512_init(sha512_ctx_t ctx) NONNULL API_VIS;
void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) NONNULL API_VIS;
void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) NONNULL API_VIS;
void decaf_sha512_init(decaf_sha512_ctx_t ctx) NONNULL API_VIS;
void decaf_sha512_update(decaf_sha512_ctx_t ctx, const uint8_t *message, size_t length) NONNULL API_VIS;
void decaf_sha512_final(decaf_sha512_ctx_t ctx, uint8_t *out, size_t length) NONNULL API_VIS;

static inline void sha512_destroy(sha512_ctx_t ctx) {
static inline void decaf_sha512_destroy(decaf_sha512_ctx_t ctx) {
decaf_bzero(ctx,sizeof(*ctx));
}

static inline void sha512_hash(
static inline void decaf_sha512_hash(
uint8_t *output,
size_t output_len,
const uint8_t *message,
size_t message_len
) {
sha512_ctx_t ctx;
sha512_init(ctx);
sha512_update(ctx,message,message_len);
sha512_final(ctx,output,output_len);
sha512_destroy(ctx);
decaf_sha512_ctx_t ctx;
decaf_sha512_init(ctx);
decaf_sha512_update(ctx,message,message_len);
decaf_sha512_final(ctx,output,output_len);
decaf_sha512_destroy(ctx);
}

#ifdef __cplusplus


+ 9
- 9
src/public_include/decaf/sha512.hxx View File

@@ -1,5 +1,5 @@
/**
* @file decaf/sha512.hxx
* @file decaf/decaf_sha512.hxx
* @copyright
* Based on public domain code by Dan Bernstein \n
* Copyright (c) 2015 Cryptography Research, Inc. \n
@@ -30,7 +30,7 @@ class SHA512 {
protected:
/** @cond internal */
/** The C-wrapper sponge state */
sha512_ctx_t sha;
decaf_sha512_ctx_t sha;

public:
@@ -44,10 +44,10 @@ public:
static const size_t DEFAULT_OUTPUT_BYTES = OUTPUT_BYTES;
/** Constructor */
inline SHA512() NOEXCEPT { sha512_init(sha); }
inline SHA512() NOEXCEPT { decaf_sha512_init(sha); }
/** Add more data to running hash */
inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { sha512_update(sha,in,len); }
inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { decaf_sha512_update(sha,in,len); }

/** Add more data to running hash, C++ version. */
inline void update(const Block &s) NOEXCEPT { update(s.data(),s.size()); }
@@ -61,17 +61,17 @@ public:
/** @brief Output bytes from the SHA context, and resets it. */
inline void final(Buffer b) throw(LengthException) {
if (b.size() > OUTPUT_BYTES) throw LengthException();
sha512_final(sha,b.data(),b.size());
decaf_sha512_final(sha,b.data(),b.size());
}
/** Resets the SHA context */
inline void reset() NOEXCEPT { sha512_init(sha); }
inline void reset() NOEXCEPT { decaf_sha512_init(sha); }

/** @brief Output bytes from the sponge. */
inline SecureBuffer final(size_t len = OUTPUT_BYTES) throw(LengthException) {
if (len > OUTPUT_BYTES) throw LengthException();
SecureBuffer buffer(len);
sha512_final(sha,buffer.data(),len);
decaf_sha512_final(sha,buffer.data(),len);
return buffer;
}

@@ -88,12 +88,12 @@ public:
) throw(LengthException, std::bad_alloc) {
if (outlen > OUTPUT_BYTES) throw LengthException();
SecureBuffer buffer(outlen);
sha512_hash(buffer.data(),outlen,message.data(),message.size());
decaf_sha512_hash(buffer.data(),outlen,message.data(),message.size());
return buffer;
}

/** Destructor zeroizes state */
inline ~SHA512() NOEXCEPT { sha512_destroy(sha); }
inline ~SHA512() NOEXCEPT { decaf_sha512_destroy(sha); }
};
} /* namespace decaf */


+ 77
- 76
src/public_include/decaf/shake.h View File

@@ -5,12 +5,11 @@
* Copyright (c) 2015 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
* @author Mike Hamburg
* @brief SHA-3-n and SHAKE-n instances.
* @warning EXPERIMENTAL! The names, parameter orders etc are likely to change.
* @brief SHA-3-n and DECAF_SHAKE-n instances.
*/

#ifndef __SHAKE_H__
#define __SHAKE_H__
#ifndef __DECAF_SHAKE_H__
#define __DECAF_SHAKE_H__

#include <stdint.h>
#include <sys/types.h>
@@ -24,19 +23,19 @@ extern "C" {

#ifndef INTERNAL_SPONGE_STRUCT
/** Sponge container object for the various primitives. */
typedef struct keccak_sponge_s {
typedef struct decaf_keccak_sponge_s {
/** @cond internal */
uint64_t opaque[26];
/** @endcond */
} keccak_sponge_s;
} decaf_keccak_sponge_s;

/** Convenience GMP-style one-element array version */
typedef struct keccak_sponge_s keccak_sponge_t[1];
typedef struct decaf_keccak_sponge_s decaf_keccak_sponge_t[1];

/** Parameters for sponge construction, distinguishing SHA3 and
* SHAKE instances.
/** Parameters for sponge construction, distinguishing DECAF_SHA3 and
* DECAF_SHAKE instances.
*/
struct kparams_s;
struct decaf_kparams_s;
#endif

/**
@@ -44,48 +43,48 @@ extern "C" {
* @param [out] sponge The object to initialize.
* @param [in] params The sponge's parameter description.
*/
void sponge_init (
keccak_sponge_t sponge,
const struct kparams_s *params
void decaf_sponge_init (
decaf_keccak_sponge_t sponge,
const struct decaf_kparams_s *params
) API_VIS;

/**
* @brief Absorb data into a SHA3 or SHAKE hash context.
* @brief Absorb data into a DECAF_SHA3 or DECAF_SHAKE hash context.
* @param [inout] sponge The context.
* @param [in] in The input data.
* @param [in] len The input data's length in bytes.
*/
void sha3_update (
struct keccak_sponge_s * __restrict__ sponge,
void decaf_sha3_update (
struct decaf_keccak_sponge_s * __restrict__ sponge,
const uint8_t *in,
size_t len
) API_VIS;

/**
* @brief Squeeze output data from a SHA3 or SHAKE hash context.
* @brief Squeeze output data from a DECAF_SHA3 or DECAF_SHAKE hash context.
* This does not destroy or re-initialize the hash context, and
* sha3 output can be called more times.
* decaf_sha3 output can be called more times.
*
* @param [inout] sponge The context.
* @param [out] out The output data.
* @param [in] len The requested output data length in bytes.
*/
void sha3_output (
keccak_sponge_t sponge,
void decaf_sha3_output (
decaf_keccak_sponge_t sponge,
uint8_t * __restrict__ out,
size_t len
) API_VIS;

/**
* @brief Squeeze output data from a SHA3 or SHAKE hash context.
* @brief Squeeze output data from a DECAF_SHA3 or DECAF_SHAKE hash context.
* This re-initializes the context to its starting parameters.
*
* @param [inout] sponge The context.
* @param [out] out The output data.
* @param [in] len The requested output data length in bytes.
*/
void sha3_final (
keccak_sponge_t sponge,
void decaf_sha3_final (
decaf_keccak_sponge_t sponge,
uint8_t * __restrict__ out,
size_t len
) API_VIS;
@@ -95,36 +94,36 @@ void sha3_final (
*
* @param [inout] sponge The context.
*/
void sha3_reset (
keccak_sponge_t sponge
void decaf_sha3_reset (
decaf_keccak_sponge_t sponge
) API_VIS;

/**
* @brief Return the default output length of the sponge construction,
* for the purpose of C++ default operators.
*
* Returns n/8 for SHA3-n and 2n/8 for SHAKE-n.
* Returns n/8 for DECAF_SHA3-n and 2n/8 for DECAF_SHAKE-n.
*/
size_t sponge_default_output_bytes (
const keccak_sponge_t sponge /**< [inout] The context. */
size_t decaf_sponge_default_output_bytes (
const decaf_keccak_sponge_t sponge /**< [inout] The context. */
) API_VIS;

/**
* @brief Return the default output length of the sponge construction,
* for the purpose of C++ default operators.
*
* Returns n/8 for SHA3-n and SIZE_MAX for SHAKE-n.
* Returns n/8 for DECAF_SHA3-n and SIZE_MAX for DECAF_SHAKE-n.
*/
size_t sponge_max_output_bytes (
const keccak_sponge_t sponge /**< [inout] The context. */
size_t decaf_sponge_max_output_bytes (
const decaf_keccak_sponge_t sponge /**< [inout] The context. */
) API_VIS;

/**
* @brief Destroy a SHA3 or SHAKE sponge context by overwriting it with 0.
* @brief Destroy a DECAF_SHA3 or DECAF_SHAKE sponge context by overwriting it with 0.
* @param [out] sponge The context.
*/
void sponge_destroy (
keccak_sponge_t sponge
void decaf_sponge_destroy (
decaf_keccak_sponge_t sponge
) API_VIS;

/**
@@ -135,73 +134,75 @@ void sponge_destroy (
* @param [in] outlen The length of the output data.
* @param [in] params The parameters of the sponge hash.
*/
void sponge_hash (
void decaf_sponge_hash (
const uint8_t *in,
size_t inlen,
uint8_t *out,
size_t outlen,
const struct kparams_s *params
const struct decaf_kparams_s *params
) API_VIS;

/* FUTURE: expand/doxygenate individual SHAKE/SHA3 instances? */
/* FUTURE: expand/doxygenate individual DECAF_SHAKE/DECAF_SHA3 instances? */

/** @cond internal */
#define DECSHAKE(n) \
extern const struct kparams_s SHAKE##n##_params_s API_VIS; \
typedef struct shake##n##_ctx_s { keccak_sponge_t s; } shake##n##_ctx_t[1]; \
static inline void NONNULL shake##n##_init(shake##n##_ctx_t sponge) { \
sponge_init(sponge->s, &SHAKE##n##_params_s); \
#define DEC_SHAKE(n) \
extern const struct decaf_kparams_s DECAF_SHAKE##n##_params_s API_VIS; \
typedef struct decaf_shake##n##_ctx_s { decaf_keccak_sponge_t s; } decaf_shake##n##_ctx_t[1]; \
static inline void NONNULL decaf_shake##n##_init(decaf_shake##n##_ctx_t sponge) { \
decaf_sponge_init(sponge->s, &DECAF_SHAKE##n##_params_s); \
} \
static inline void NONNULL shake##n##_gen_init(keccak_sponge_t sponge) { \
sponge_init(sponge, &SHAKE##n##_params_s); \
static inline void NONNULL decaf_shake##n##_gen_init(decaf_keccak_sponge_t sponge) { \
decaf_sponge_init(sponge, &DECAF_SHAKE##n##_params_s); \
} \
static inline void NONNULL shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
sha3_update(sponge->s, in, inlen); \
static inline void NONNULL decaf_shake##n##_update(decaf_shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
decaf_sha3_update(sponge->s, in, inlen); \
} \
static inline void NONNULL shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
sha3_output(sponge->s, out, outlen); \
sponge_init(sponge->s, &SHAKE##n##_params_s); \
static inline void NONNULL decaf_shake##n##_final(decaf_shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
decaf_sha3_output(sponge->s, out, outlen); \
decaf_sponge_init(sponge->s, &DECAF_SHAKE##n##_params_s); \
} \
static inline void NONNULL shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
sponge_hash(in,inlen,out,outlen,&SHAKE##n##_params_s); \
static inline void NONNULL decaf_shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
decaf_sponge_hash(in,inlen,out,outlen,&DECAF_SHAKE##n##_params_s); \
} \
static inline void NONNULL shake##n##_destroy( shake##n##_ctx_t sponge ) { \
sponge_destroy(sponge->s); \
static inline void NONNULL decaf_shake##n##_destroy( decaf_shake##n##_ctx_t sponge ) { \
decaf_sponge_destroy(sponge->s); \
}

#define DECSHA3(n) \
extern const struct kparams_s SHA3_##n##_params_s API_VIS; \
typedef struct sha3_##n##_ctx_s { keccak_sponge_t s; } sha3_##n##_ctx_t[1]; \
static inline void NONNULL sha3_##n##_init(sha3_##n##_ctx_t sponge) { \
sponge_init(sponge->s, &SHA3_##n##_params_s); \
#define DEC_SHA3(n) \
extern const struct decaf_kparams_s DECAF_SHA3_##n##_params_s API_VIS; \
typedef struct decaf_sha3_##n##_ctx_s { decaf_keccak_sponge_t s; } decaf_sha3_##n##_ctx_t[1]; \
static inline void NONNULL decaf_sha3_##n##_init(decaf_sha3_##n##_ctx_t sponge) { \
decaf_sponge_init(sponge->s, &DECAF_SHA3_##n##_params_s); \
} \
static inline void NONNULL sha3_##n##_gen_init(keccak_sponge_t sponge) { \
sponge_init(sponge, &SHA3_##n##_params_s); \
static inline void NONNULL decaf_sha3_##n##_gen_init(decaf_keccak_sponge_t sponge) { \
decaf_sponge_init(sponge, &DECAF_SHA3_##n##_params_s); \
} \
static inline void NONNULL sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
sha3_update(sponge->s, in, inlen); \
static inline void NONNULL decaf_sha3_##n##_update(decaf_sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
decaf_sha3_update(sponge->s, in, inlen); \
} \
static inline void NONNULL sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
sha3_output(sponge->s, out, outlen); \
sponge_init(sponge->s, &SHA3_##n##_params_s); \
static inline void NONNULL decaf_sha3_##n##_final(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
decaf_sha3_output(sponge->s, out, outlen); \
decaf_sponge_init(sponge->s, &DECAF_SHA3_##n##_params_s); \
} \
static inline void NONNULL sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
sponge_hash(in,inlen,out,outlen,&SHA3_##n##_params_s); \
static inline void NONNULL decaf_sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
decaf_sponge_hash(in,inlen,out,outlen,&DECAF_SHA3_##n##_params_s); \
} \
static inline void NONNULL sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \
sponge_destroy(sponge->s); \
static inline void NONNULL decaf_sha3_##n##_destroy(decaf_sha3_##n##_ctx_t sponge) { \
decaf_sponge_destroy(sponge->s); \
}
/** @endcond */

DECSHAKE(128)
DECSHAKE(256)
DECSHA3(224)
DECSHA3(256)
DECSHA3(384)
DECSHA3(512)
DEC_SHAKE(128)
DEC_SHAKE(256)
DEC_SHA3(224)
DEC_SHA3(256)
DEC_SHA3(384)
DEC_SHA3(512)
#undef DEC_SHAKE
#undef DEC_SHA3

#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* __SHAKE_H__ */
#endif /* __DECAF_SHAKE_H__ */

+ 21
- 21
src/public_include/decaf/shake.hxx View File

@@ -1,5 +1,5 @@
/**
* @file decaf/shake.hxx
* @file decaf/decaf_shake.hxx
* @copyright
* Based on CC0 code by David Leon Gil, 2015 \n
* Copyright (c) 2015 Cryptography Research, Inc. \n
@@ -35,18 +35,18 @@ class KeccakHash {
protected:
/** @cond internal */
/** The C-wrapper sponge state */
keccak_sponge_t sp;
decaf_keccak_sponge_t sp;
/** Initialize from parameters */
inline KeccakHash(const kparams_s *params) NOEXCEPT { sponge_init(sp, params); }
inline KeccakHash(const decaf_kparams_s *params) NOEXCEPT { decaf_sponge_init(sp, params); }
/** @endcond */
public:
/** Add more data to running hash */
inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { sha3_update(sp,in,len); }
inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { decaf_sha3_update(sp,in,len); }

/** Add more data to running hash, C++ version. */
inline void update(const Block &s) NOEXCEPT { sha3_update(sp,s.data(),s.size()); }
inline void update(const Block &s) NOEXCEPT { decaf_sha3_update(sp,s.data(),s.size()); }
/** Add more data, stream version. */
inline KeccakHash &operator<<(const Block &s) NOEXCEPT { update(s); return *this; }
@@ -58,7 +58,7 @@ public:
inline SecureBuffer output(size_t len) throw(std::bad_alloc, LengthException) {
if (len > max_output_size()) throw LengthException();
SecureBuffer buffer(len);
sha3_output(sp,buffer.data(),len);
decaf_sha3_output(sp,buffer.data(),len);
return buffer;
}
@@ -66,7 +66,7 @@ public:
inline SecureBuffer final(size_t len) throw(std::bad_alloc, LengthException) {
if (len > max_output_size()) throw LengthException();
SecureBuffer buffer(len);
sha3_final(sp,buffer.data(),len);
decaf_sha3_final(sp,buffer.data(),len);
return buffer;
}

@@ -75,22 +75,22 @@ public:
* @todo make this throw exceptions.
*/
inline void output(Buffer b) throw(LengthException) {
sha3_output(sp,b.data(),b.size());
decaf_sha3_output(sp,b.data(),b.size());
}
/** @brief Output bytes from the sponge and reinitialize it. */
inline void final(Buffer b) throw(LengthException) {
sha3_final(sp,b.data(),b.size());
decaf_sha3_final(sp,b.data(),b.size());
}
/** @brief Return the sponge's default output size. */
inline size_t default_output_size() const NOEXCEPT {
return sponge_default_output_bytes(sp);
return decaf_sponge_default_output_bytes(sp);
}
/** @brief Return the sponge's maximum output size. */
inline size_t max_output_size() const NOEXCEPT {
return sponge_max_output_bytes(sp);
return decaf_sponge_max_output_bytes(sp);
}
/** Output the default number of bytes. */
@@ -104,17 +104,17 @@ public:
}

/** Reset the hash to the empty string */
inline void reset() NOEXCEPT { sha3_reset(sp); }
inline void reset() NOEXCEPT { decaf_sha3_reset(sp); }
/** Destructor zeroizes state */
inline ~KeccakHash() NOEXCEPT { sponge_destroy(sp); }
inline ~KeccakHash() NOEXCEPT { decaf_sponge_destroy(sp); }
};

/** Fixed-output-length SHA3 */
template<int bits> class SHA3 : public KeccakHash {
private:
/** Get the parameter template block for this hash */
static inline const struct kparams_s *get_params();
static inline const struct decaf_kparams_s *get_params();
public:
/** Number of bytes of output */
@@ -142,7 +142,7 @@ template<int bits>
class SHAKE : public KeccakHash {
private:
/** Get the parameter template block for this hash */
static inline const struct kparams_s *get_params();
static inline const struct decaf_kparams_s *get_params();
public:
/** Number of bytes of output */
@@ -165,12 +165,12 @@ public:
};

/** @cond internal */
template<> inline const struct kparams_s *SHAKE<128>::get_params() { return &SHAKE128_params_s; }
template<> inline const struct kparams_s *SHAKE<256>::get_params() { return &SHAKE256_params_s; }
template<> inline const struct kparams_s *SHA3<224>::get_params() { return &SHA3_224_params_s; }
template<> inline const struct kparams_s *SHA3<256>::get_params() { return &SHA3_256_params_s; }
template<> inline const struct kparams_s *SHA3<384>::get_params() { return &SHA3_384_params_s; }
template<> inline const struct kparams_s *SHA3<512>::get_params() { return &SHA3_512_params_s; }
template<> inline const struct decaf_kparams_s *SHAKE<128>::get_params() { return &DECAF_SHAKE128_params_s; }
template<> inline const struct decaf_kparams_s *SHAKE<256>::get_params() { return &DECAF_SHAKE256_params_s; }
template<> inline const struct decaf_kparams_s *SHA3<224>::get_params() { return &DECAF_SHA3_224_params_s; }
template<> inline const struct decaf_kparams_s *SHA3<256>::get_params() { return &DECAF_SHA3_256_params_s; }
template<> inline const struct decaf_kparams_s *SHA3<384>::get_params() { return &DECAF_SHA3_384_params_s; }
template<> inline const struct decaf_kparams_s *SHA3<512>::get_params() { return &DECAF_SHA3_512_params_s; }
/** @endcond */
} /* namespace decaf */


+ 17
- 17
src/public_include/decaf/spongerng.h View File

@@ -20,15 +20,15 @@ extern "C" {
/** Keccak CSPRNG structure as struct. */
typedef struct {
keccak_sponge_t sponge; /**< Internal sponge object. */
} keccak_prng_s;
decaf_keccak_sponge_t sponge; /**< Internal sponge object. */
} decaf_keccak_prng_s;
/** Keccak CSPRNG structure as one-element array */
typedef keccak_prng_s keccak_prng_t[1];
typedef decaf_keccak_prng_s decaf_keccak_prng_t[1];
/** Initialize a sponge-based CSPRNG from a buffer. */
void spongerng_init_from_buffer (
keccak_prng_t prng, /**< [out] The PRNG object. */
void decaf_spongerng_init_from_buffer (
decaf_keccak_prng_t prng, /**< [out] The PRNG object. */
const uint8_t *__restrict__ in, /**< [in] The initialization data. */
size_t len, /**< [in] The length of the initialization data. */
int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC.*/
@@ -40,8 +40,8 @@ void spongerng_init_from_buffer (
* @retval DECAF_FAILURE failure.
* @note On failure, errno can be used to determine the cause.
*/
decaf_error_t spongerng_init_from_file (
keccak_prng_t prng, /**< [out] The PRNG object. */
decaf_error_t decaf_spongerng_init_from_file (
decaf_keccak_prng_t prng, /**< [out] The PRNG object. */
const char *file, /**< [in] A name of a file containing initial data. */
size_t len, /**< [in] The length of the initial data. Must be positive. */
int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC. */
@@ -53,36 +53,36 @@ decaf_error_t spongerng_init_from_file (
* @retval DECAF_FAILURE failure.
* @note On failure, errno can be used to determine the cause.
*/
decaf_error_t spongerng_init_from_dev_urandom (
keccak_prng_t prng /**< [out] sponge The sponge object. */
decaf_error_t decaf_spongerng_init_from_dev_urandom (
decaf_keccak_prng_t prng /**< [out] sponge The sponge object. */
) API_VIS WARN_UNUSED;

/** Output bytes from a sponge-based CSPRNG. */
void spongerng_next (
keccak_prng_t prng, /**< [inout] The PRNG object. */
void decaf_spongerng_next (
decaf_keccak_prng_t prng, /**< [inout] The PRNG object. */
uint8_t * __restrict__ out, /**< [out] Output buffer. */
size_t len /**< [in] Number of bytes to output. */
) API_VIS;

/** Stir entropy data into a sponge-based CSPRNG from a buffer. */
void spongerng_stir (
keccak_prng_t prng, /**< [out] The PRNG object. */
void decaf_spongerng_stir (
decaf_keccak_prng_t prng, /**< [out] The PRNG object. */
const uint8_t * __restrict__ in, /**< [in] The entropy data. */
size_t len /**< [in] The length of the initial data. */
) NONNULL API_VIS;
/** Securely destroy a sponge RNG object by overwriting it. */
static INLINE UNUSED void
spongerng_destroy (
keccak_prng_t doomed /**< [in] The object to destroy. */
decaf_spongerng_destroy (
decaf_keccak_prng_t doomed /**< [in] The object to destroy. */
);

/** @cond internal */
/***************************************/
/* Implementations of inline functions */
/***************************************/
void spongerng_destroy (keccak_prng_t doomed) {
sponge_destroy(doomed->sponge);
void decaf_spongerng_destroy (decaf_keccak_prng_t doomed) {
decaf_sponge_destroy(doomed->sponge);
}
/** @endcond */ /* internal */



+ 6
- 6
src/public_include/decaf/spongerng.hxx View File

@@ -38,7 +38,7 @@ namespace decaf {
class SpongeRng : public Rng {
private:
/** C wrapped object */
keccak_prng_t sp;
decaf_keccak_prng_t sp;
public:
/** Deterministic flag.
@@ -61,13 +61,13 @@ public:
/** Initialize, deterministically by default, from block */
inline SpongeRng( const Block &in, Deterministic det ) {
spongerng_init_from_buffer(sp,in.data(),in.size(),(int)det);
decaf_spongerng_init_from_buffer(sp,in.data(),in.size(),(int)det);
}
/** Initialize, non-deterministically by default, from C/C++ filename */
inline SpongeRng( const std::string &in = "/dev/urandom", size_t len = 32, Deterministic det = RANDOM )
throw(RngException) {
decaf_error_t ret = spongerng_init_from_file(sp,in.c_str(),len,det);
decaf_error_t ret = decaf_spongerng_init_from_file(sp,in.c_str(),len,det);
if (!decaf_successful(ret)) {
throw RngException(errno, "Couldn't load from file");
}
@@ -75,11 +75,11 @@ public:
/** Stir in new data */
inline void stir( const Block &data ) NOEXCEPT {
spongerng_stir(sp,data.data(),data.size());
decaf_spongerng_stir(sp,data.data(),data.size());
}
/** Securely destroy by overwriting state. */
inline ~SpongeRng() NOEXCEPT { spongerng_destroy(sp); }
inline ~SpongeRng() NOEXCEPT { decaf_spongerng_destroy(sp); }
using Rng::read;
@@ -88,7 +88,7 @@ public:
#if __cplusplus >= 201103L
final
#endif
{ spongerng_next(sp,buffer.data(),buffer.size()); }
{ decaf_spongerng_next(sp,buffer.data(),buffer.size()); }
private:
SpongeRng(const SpongeRng &) DELETE;


+ 8
- 8
src/public_include/decaf/strobe.h View File

@@ -19,29 +19,29 @@ extern "C" {
/** Keccak STROBE structure as struct. */
typedef struct {
keccak_sponge_t sponge; /**< Internal sponge object. */
decaf_keccak_sponge_t sponge; /**< Internal sponge object. */
} keccak_strobe_s;
/** Keccak STROBE structure as one-element array */
typedef keccak_strobe_s keccak_strobe_t[1];

/** STROBE parameters, 128-bit estimated security for hashing and encryption */
extern const struct kparams_s STROBE_128 API_VIS;
extern const struct decaf_kparams_s STROBE_128 API_VIS;

/** STROBE parameters, 256-bit estimated security for hashing and encryption */
extern const struct kparams_s STROBE_256 API_VIS;
extern const struct decaf_kparams_s STROBE_256 API_VIS;

/** STROBE parameters, 128-bit estimated security for encryption only (not hashing) */
extern const struct kparams_s STROBE_KEYED_128 API_VIS;
extern const struct decaf_kparams_s STROBE_KEYED_128 API_VIS;

/** STROBE parameters, 256-bit estimated security for encryption only (not hashing) */
extern const struct kparams_s STROBE_KEYED_256 API_VIS;
extern const struct decaf_kparams_s STROBE_KEYED_256 API_VIS;


/** Initialize Strobe protocol context. */
void strobe_init (
keccak_strobe_t strobe, /**< [out] The uninitialized strobe object. */
const struct kparams_s *params, /**< [in] Parameter set descriptor. */
const struct decaf_kparams_s *params, /**< [in] Parameter set descriptor. */
const char *proto, /**< [in] Unique identifier for the protocol. TODO: define namespaces for this */
uint8_t am_client /**< [in] Nonzero if this party. */
) NONNULL API_VIS;
@@ -158,7 +158,7 @@ static inline void NONNULL strobe_prng (
/** Respecify Strobe protocol object's crypto. */
void strobe_respec (
keccak_strobe_t strobe, /**< [inout] The initialized strobe context. */
const struct kparams_s *params /**< [in] Strobe parameter descriptor. */
const struct decaf_kparams_s *params /**< [in] Strobe parameter descriptor. */
) NONNULL API_VIS;

/** Securely destroy a STROBE object by overwriting it. */
@@ -329,7 +329,7 @@ void strobe_prng(keccak_strobe_t strobe, unsigned char *out, uint16_t len) {
}

void strobe_destroy (keccak_strobe_t doomed) {
sponge_destroy(doomed->sponge);
decaf_sponge_destroy(doomed->sponge);
}

/** @endcond */ /* internal */


+ 2
- 2
src/public_include/decaf/strobe.hxx View File

@@ -53,7 +53,7 @@ public:
inline Strobe (
const char *description, /**< Description of this protocol. */
client_or_server whoami, /**< Am I client or server? */
const kparams_s &params = STROBE_256 /**< Strength parameters */
const decaf_kparams_s &params = STROBE_256 /**< Strength parameters */
) NOEXCEPT {
strobe_init(wrapped, &params, description, whoami == CLIENT);
keyed = false;
@@ -222,7 +222,7 @@ public:
/** Change specs, perhaps to a faster spec that takes advantage of being keyed.
* @warning Experimental.
*/
inline void respec(const kparams_s &params) throw(ProtocolException) {
inline void respec(const decaf_kparams_s &params) throw(ProtocolException) {
if (!keyed) throw(ProtocolException());
strobe_respec(wrapped, &params);
}


+ 9
- 9
src/sha512.c View File

@@ -64,7 +64,7 @@ static uint64_t load_bigendian(const uint8_t *x)
b = a; \
a = T1 + T2;

static NOINLINE void hashblock(sha512_ctx_t ctx) {
static NOINLINE void hashblock(decaf_sha512_ctx_t ctx) {
const uint8_t *in = ctx->block;
uint64_t a = ctx->state[0];
uint64_t b = ctx->state[1];
@@ -197,7 +197,7 @@ static NOINLINE void hashblock(sha512_ctx_t ctx) {
ctx->state[7] += h;
}

void sha512_init(sha512_ctx_t ctx) {
void decaf_sha512_init(decaf_sha512_ctx_t ctx) {
static const uint64_t iv[8] = {
0x6a09e667f3bcc908,
0xbb67ae8584caa73b,
@@ -210,16 +210,16 @@ void sha512_init(sha512_ctx_t ctx) {
};
memcpy(ctx->state,iv,sizeof(iv));
memset(ctx->block,0,sizeof(ctx->block));
ctx->bytesProcessed = 0;
ctx->bytes_processed = 0;
}

void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) {
void decaf_sha512_update(decaf_sha512_ctx_t ctx, const uint8_t *message, size_t length) {
while (length > 0) {
size_t grab = length, off = ctx->bytesProcessed % 128;
size_t grab = length, off = ctx->bytes_processed % 128;
if (grab > 128-off) grab = 128-off;
memcpy(&ctx->block[off], message, grab);
ctx->bytesProcessed += grab;
ctx->bytes_processed += grab;
length -= grab;
message += grab;
@@ -229,10 +229,10 @@ void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) {
}
}

void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) {
void decaf_sha512_final(decaf_sha512_ctx_t ctx, uint8_t *out, size_t length) {
assert(length <= 512/8);
size_t off = ctx->bytesProcessed % 128, bp = ctx->bytesProcessed * 8;
size_t off = ctx->bytes_processed % 128, bp = ctx->bytes_processed * 8;
ctx->block[off] = 0x80;
memset(&ctx->block[off+1], 0, 128-off-1);
@@ -249,5 +249,5 @@ void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) {
out[i] = ctx->state[i/8] >> (56 - 8*(i%8));
}
sha512_init(ctx);
decaf_sha512_init(ctx);
}

+ 128
- 128
src/shake.c View File

@@ -51,19 +51,19 @@
# error platform not supported
#endif

/* The internal, non-opaque definition of the sponge struct. */
/* The internal, non-opaque definition of the decaf_sponge struct. */
typedef union {
uint64_t w[25]; uint8_t b[25*8];
} kdomain_t[1];

typedef struct kparams_s {
uint8_t position, flags, rate, startRound, pad, ratePad, maxOut, client; /* client = maxOutRemaining for sha3 */
} kparams_t[1];
typedef struct decaf_kparams_s {
uint8_t position, flags, rate, start_round, pad, rate_pad, max_out, client; /* client = max_outRemaining for decaf_sha3 */
} decaf_kparams_t[1];

typedef struct keccak_sponge_s {
typedef struct decaf_keccak_sponge_s {
kdomain_t state;
kparams_t params;
} keccak_sponge_s, keccak_sponge_t[1];
decaf_kparams_t params;
} decaf_keccak_sponge_s, decaf_keccak_sponge_t[1];

#define INTERNAL_SPONGE_STRUCT 1
#include <decaf/shake.h>
@@ -106,14 +106,14 @@ static inline uint64_t rol(uint64_t x, int s) {
/*** The Keccak-f[1600] permutation ***/
static void
__attribute__((noinline))
keccakf(kdomain_t state, uint8_t startRound) {
keccakf(kdomain_t state, uint8_t start_round) {
uint64_t* a = state->w;
uint64_t b[5] = {0}, t, u;
uint8_t x, y, i;
for (i=0; i<25; i++) a[i] = le64toh(a[i]);

for (i = startRound; i < 24; i++) {
for (i = start_round; i < 24; i++) {
FOR51(x, b[x] = 0; )
FOR55(y, FOR51(x, b[x] ^= a[x + y]; ))
FOR55(y, FOR51(x,
@@ -135,57 +135,57 @@ keccakf(kdomain_t state, uint8_t startRound) {
for (i=0; i<25; i++) a[i] = htole64(a[i]);
}

static inline void dokeccak (keccak_sponge_t sponge) {
keccakf(sponge->state, sponge->params->startRound);
sponge->params->position = 0;
static inline void dokeccak (decaf_keccak_sponge_t decaf_sponge) {
keccakf(decaf_sponge->state, decaf_sponge->params->start_round);
decaf_sponge->params->position = 0;
}

void sha3_update (
struct keccak_sponge_s * __restrict__ sponge,
void decaf_sha3_update (
struct decaf_keccak_sponge_s * __restrict__ decaf_sponge,
const uint8_t *in,
size_t len
) {
if (!len) return;
assert(sponge->params->position < sponge->params->rate);
assert(sponge->params->rate < sizeof(sponge->state));
assert(sponge->params->flags == FLAG_ABSORBING);
assert(decaf_sponge->params->position < decaf_sponge->params->rate);
assert(decaf_sponge->params->rate < sizeof(decaf_sponge->state));
assert(decaf_sponge->params->flags == FLAG_ABSORBING);
while (len) {
size_t cando = sponge->params->rate - sponge->params->position, i;
uint8_t* state = &sponge->state->b[sponge->params->position];
size_t cando = decaf_sponge->params->rate - decaf_sponge->params->position, i;
uint8_t* state = &decaf_sponge->state->b[decaf_sponge->params->position];
if (cando > len) {
for (i = 0; i < len; i += 1) state[i] ^= in[i];
sponge->params->position += len;
decaf_sponge->params->position += len;
return;
} else {
for (i = 0; i < cando; i += 1) state[i] ^= in[i];
dokeccak(sponge);
dokeccak(decaf_sponge);
len -= cando;
in += cando;
}
}
}

void sha3_output (
keccak_sponge_t sponge,
void decaf_sha3_output (
decaf_keccak_sponge_t decaf_sponge,
uint8_t * __restrict__ out,
size_t len
) {
assert(sponge->params->position < sponge->params->rate);
assert(sponge->params->rate < sizeof(sponge->state));
assert(decaf_sponge->params->position < decaf_sponge->params->rate);
assert(decaf_sponge->params->rate < sizeof(decaf_sponge->state));
if (sponge->params->maxOut != 0xFF) {
assert(sponge->params->client >= len);
sponge->params->client -= len;
if (decaf_sponge->params->max_out != 0xFF) {
assert(decaf_sponge->params->client >= len);
decaf_sponge->params->client -= len;
}
switch (sponge->params->flags) {
switch (decaf_sponge->params->flags) {
case FLAG_SQUEEZING: break;
case FLAG_ABSORBING:
{
uint8_t* state = sponge->state->b;
state[sponge->params->position] ^= sponge->params->pad;
state[sponge->params->rate - 1] ^= sponge->params->ratePad;
dokeccak(sponge);
uint8_t* state = decaf_sponge->state->b;
state[decaf_sponge->params->position] ^= decaf_sponge->params->pad;
state[decaf_sponge->params->rate - 1] ^= decaf_sponge->params->rate_pad;
dokeccak(decaf_sponge);
break;
}
default:
@@ -193,82 +193,82 @@ void sha3_output (
}
while (len) {
size_t cando = sponge->params->rate - sponge->params->position;
uint8_t* state = &sponge->state->b[sponge->params->position];
size_t cando = decaf_sponge->params->rate - decaf_sponge->params->position;
uint8_t* state = &decaf_sponge->state->b[decaf_sponge->params->position];
if (cando > len) {
memcpy(out, state, len);
sponge->params->position += len;
decaf_sponge->params->position += len;
return;
} else {
memcpy(out, state, cando);
dokeccak(sponge);
dokeccak(decaf_sponge);
len -= cando;
out += cando;
}
}
}

void sha3_final (
keccak_sponge_t sponge,
void decaf_sha3_final (
decaf_keccak_sponge_t decaf_sponge,
uint8_t * __restrict__ out,
size_t len
) {
sha3_output(sponge,out,len);
sha3_reset(sponge);
decaf_sha3_output(decaf_sponge,out,len);
decaf_sha3_reset(decaf_sponge);
}

void sha3_reset (
keccak_sponge_t sponge
void decaf_sha3_reset (
decaf_keccak_sponge_t decaf_sponge
) {
sponge_init(sponge, sponge->params);
sponge->params->client = sponge->params->maxOut;
decaf_sponge_init(decaf_sponge, decaf_sponge->params);
decaf_sponge->params->client = decaf_sponge->params->max_out;
}

void sponge_destroy (keccak_sponge_t sponge) { decaf_bzero(sponge, sizeof(keccak_sponge_t)); }
void decaf_sponge_destroy (decaf_keccak_sponge_t decaf_sponge) { decaf_bzero(decaf_sponge, sizeof(decaf_keccak_sponge_t)); }

void sponge_init (
keccak_sponge_t sponge,
const struct kparams_s *params
void decaf_sponge_init (
decaf_keccak_sponge_t decaf_sponge,
const struct decaf_kparams_s *params
) {
memset(sponge->state, 0, sizeof(sponge->state));
sponge->params[0] = params[0];
sponge->params->position = 0;
memset(decaf_sponge->state, 0, sizeof(decaf_sponge->state));
decaf_sponge->params[0] = params[0];
decaf_sponge->params->position = 0;
}

void sponge_hash (
void decaf_sponge_hash (
const uint8_t *in,
size_t inlen,
uint8_t *out,
size_t outlen,
const struct kparams_s *params
const struct decaf_kparams_s *params
) {
keccak_sponge_t sponge;
sponge_init(sponge, params);
sha3_update(sponge, in, inlen);
sha3_output(sponge, out, outlen);
sponge_destroy(sponge);
decaf_keccak_sponge_t decaf_sponge;
decaf_sponge_init(decaf_sponge, params);
decaf_sha3_update(decaf_sponge, in, inlen);
decaf_sha3_output(decaf_sponge, out, outlen);
decaf_sponge_destroy(decaf_sponge);
}

#define DEFSHAKE(n) \
const struct kparams_s SHAKE##n##_params_s = \
const struct decaf_kparams_s DECAF_SHAKE##n##_params_s = \
{ 0, FLAG_ABSORBING, 200-n/4, 0, 0x1f, 0x80, 0xFF, 0xFF };
#define DEFSHA3(n) \
const struct kparams_s SHA3_##n##_params_s = \
const struct decaf_kparams_s DECAF_SHA3_##n##_params_s = \
{ 0, FLAG_ABSORBING, 200-n/4, 0, 0x06, 0x80, n/8, n/8 };

size_t sponge_default_output_bytes (
const keccak_sponge_t s
size_t decaf_sponge_default_output_bytes (
const decaf_keccak_sponge_t s
) {
return (s->params->maxOut == 0xFF)
return (s->params->max_out == 0xFF)
? (200-s->params->rate)
: ((200-s->params->rate)/2);
}

size_t sponge_max_output_bytes (
const keccak_sponge_t s
size_t decaf_sponge_max_output_bytes (
const decaf_keccak_sponge_t s
) {
return (s->params->maxOut == 0xFF)
return (s->params->max_out == 0xFF)
? SIZE_MAX
: ((200-s->params->rate)/2);
}
@@ -318,55 +318,55 @@ static void get_cpu_entropy(uint8_t *entropy, size_t len) {
#endif
}

static const char *SPONGERNG_NAME = "strobe::spongerng"; /* TODO: canonicalize name */
static const char *SPONGERNG_NAME = "strobe::decaf_spongerng"; /* TODO: canonicalize name */

void spongerng_next (
keccak_prng_t prng,
void decaf_spongerng_next (
decaf_keccak_prng_t prng,
uint8_t * __restrict__ out,
size_t len
) {
keccak_sponge_s *sponge = prng->sponge;
if (sponge->params->client) {
decaf_keccak_sponge_s *decaf_sponge = prng->sponge;
if (decaf_sponge->params->client) {
/* nondet */
uint8_t cpu_entropy[32];
get_cpu_entropy(cpu_entropy, sizeof(cpu_entropy));
strobe_transact((keccak_strobe_s*)sponge,NULL,cpu_entropy,sizeof(cpu_entropy),STROBE_CW_PRNG_CPU_SEED);
strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,cpu_entropy,sizeof(cpu_entropy),STROBE_CW_PRNG_CPU_SEED);
}
strobe_transact((keccak_strobe_s*)sponge,out,NULL,len,STROBE_CW_PRNG);
strobe_transact((keccak_strobe_s*)decaf_sponge,out,NULL,len,STROBE_CW_PRNG);
}

void spongerng_stir (
keccak_prng_t sponge,
void decaf_spongerng_stir (
decaf_keccak_prng_t decaf_sponge,
const uint8_t * __restrict__ in,
size_t len
) {
strobe_transact((keccak_strobe_s*)sponge,NULL,in,len,STROBE_CW_PRNG_USER_SEED);
strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,in,len,STROBE_CW_PRNG_USER_SEED);
}

static const struct kparams_s spongerng_params = {
static const struct decaf_kparams_s decaf_spongerng_params = {
0, 0, 200-256/4, 0, 0x06, 0x80, 0xFF, 0
};

void spongerng_init_from_buffer (
keccak_prng_t prng,
void decaf_spongerng_init_from_buffer (
decaf_keccak_prng_t prng,
const uint8_t * __restrict__ in,
size_t len,
int deterministic
) {
keccak_sponge_s *sponge = prng->sponge;
strobe_init((keccak_strobe_s*)sponge, &spongerng_params, SPONGERNG_NAME, !deterministic);
spongerng_stir(prng, in, len);
decaf_keccak_sponge_s *decaf_sponge = prng->sponge;
strobe_init((keccak_strobe_s*)decaf_sponge, &decaf_spongerng_params, SPONGERNG_NAME, !deterministic);
decaf_spongerng_stir(prng, in, len);
}

decaf_error_t spongerng_init_from_file (
keccak_prng_t prng,
decaf_error_t decaf_spongerng_init_from_file (
decaf_keccak_prng_t prng,
const char *file,
size_t len,
int deterministic
) {
keccak_sponge_s *sponge = prng->sponge;
strobe_init((keccak_strobe_s*)sponge, &spongerng_params, SPONGERNG_NAME, !deterministic);
decaf_keccak_sponge_s *decaf_sponge = prng->sponge;
strobe_init((keccak_strobe_s*)decaf_sponge, &decaf_spongerng_params, SPONGERNG_NAME, !deterministic);
if (!len) return DECAF_FAILURE;

int fd = open(file, O_RDONLY);
@@ -380,7 +380,7 @@ decaf_error_t spongerng_init_from_file (
close(fd);
return DECAF_FAILURE;
}
strobe_transact((keccak_strobe_s*)sponge,NULL,buffer,red,
strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,buffer,red,
first ? STROBE_CW_PRNG_USER_SEED : (STROBE_CW_PRNG_USER_SEED | STROBE_FLAG_MORE));
len -= red;
first = 0;
@@ -390,39 +390,39 @@ decaf_error_t spongerng_init_from_file (
return DECAF_SUCCESS;
}

decaf_error_t spongerng_init_from_dev_urandom (
keccak_prng_t sponge
decaf_error_t decaf_spongerng_init_from_dev_urandom (
decaf_keccak_prng_t decaf_sponge
) {
return spongerng_init_from_file(sponge, "/dev/urandom", 64, 0);
return decaf_spongerng_init_from_file(decaf_sponge, "/dev/urandom", 64, 0);
}

const struct kparams_s STROBE_128 = { 0, 0, 200-128/4, 0, 0, 0, 0, 0 };
const struct kparams_s STROBE_256 = { 0, 0, 200-256/4, 0, 0, 0, 0, 0 };
const struct kparams_s STROBE_KEYED_256 = { 0, 0, 200-256/4, 12, 0, 0, 0, 0 };
const struct kparams_s STROBE_KEYED_128 = { 0, 0, 200-128/4, 12, 0, 0, 0, 0 };
const struct decaf_kparams_s STROBE_128 = { 0, 0, 200-128/4, 0, 0, 0, 0, 0 };
const struct decaf_kparams_s STROBE_256 = { 0, 0, 200-256/4, 0, 0, 0, 0, 0 };
const struct decaf_kparams_s STROBE_KEYED_256 = { 0, 0, 200-256/4, 12, 0, 0, 0, 0 };
const struct decaf_kparams_s STROBE_KEYED_128 = { 0, 0, 200-128/4, 12, 0, 0, 0, 0 };

/* Strobe is different in that its rate is padded by one byte. */
void strobe_init(
keccak_strobe_t strobe,
const struct kparams_s *params,
const struct decaf_kparams_s *params,
const char *proto,
uint8_t am_client
) {
keccak_sponge_s *sponge = strobe->sponge;
sponge_init(sponge,params);
decaf_keccak_sponge_s *decaf_sponge = strobe->sponge;
decaf_sponge_init(decaf_sponge,params);
const char *a_string = "STROBE full v0.2";
unsigned len = strlen(a_string);
memcpy (
&sponge->state->b[sizeof(sponge->state)-len],
&decaf_sponge->state->b[sizeof(decaf_sponge->state)-len],
a_string,
len
);
strobe_transact(strobe, NULL, (const unsigned char *)proto, strlen(proto), STROBE_CW_INIT);
sponge->state->b[sponge->params->rate+1] = 1;
sponge->params->client = !!am_client;
decaf_sponge->state->b[decaf_sponge->params->rate+1] = 1;
decaf_sponge->params->client = !!am_client;
}

static const uint8_t EXCEEDED_RATE_PAD = 0x2;
@@ -433,17 +433,17 @@ static __inline__ uint8_t CONTROL_WORD_PAD(int cw_size) {

/* PERF vectorize */
static void strobe_duplex (
struct keccak_sponge_s *__restrict__ sponge,
struct decaf_keccak_sponge_s *__restrict__ decaf_sponge,
unsigned char *out,
const unsigned char *in,
size_t len,
mode_t mode
) {
unsigned int j, r = sponge->params->rate, p = sponge->params->position;
uint8_t* __restrict__ state = &sponge->state->b[0];
unsigned int j, r = decaf_sponge->params->rate, p = decaf_sponge->params->position;
uint8_t* __restrict__ state = &decaf_sponge->state->b[0];
/* sanity */
assert(r < sizeof(sponge->state) && r >= p);
assert(r < sizeof(decaf_sponge->state) && r >= p);
switch (mode) {
case STROBE_MODE_PLAINTEXT:
assert(in || len==0);
@@ -533,11 +533,11 @@ static void strobe_duplex (
};
if (last) {
sponge->params->position = p+len;
decaf_sponge->params->position = p+len;
return;
} else {
state[r] ^= EXCEEDED_RATE_PAD;
keccakf(sponge->state, sponge->params->startRound);
keccakf(decaf_sponge->state, decaf_sponge->params->start_round);
len -= cando;
p = 0;
}
@@ -559,10 +559,10 @@ void strobe_transact (
size_t len,
uint32_t cw_flags
) {
keccak_sponge_s *sponge = strobe->sponge;
decaf_keccak_sponge_s *decaf_sponge = strobe->sponge;
if ( (cw_flags & STROBE_FLAG_NONDIR) == 0
/* extraneous nots to change ints to bools :-/ */
&& !(cw_flags & STROBE_FLAG_RECV) != !(sponge->params->client) ) {
&& !(cw_flags & STROBE_FLAG_RECV) != !(decaf_sponge->params->client) ) {
cw_flags ^= STROBE_FLAG_CLIENT_SENT;
}
@@ -588,30 +588,30 @@ void strobe_transact (
my_len>>48,
my_len>>56
};
strobe_duplex(sponge, NULL, cwb, len_cw, STROBE_MODE_ABSORB_R);
if ((cw_flags & STROBE_FLAG_RUN_F) || (sponge->params->flags & FLAG_NOPARSE)) {
sponge->state->b[sponge->params->position] ^= CONTROL_WORD_PAD(len_cw);
dokeccak(sponge);
strobe_duplex(decaf_sponge, NULL, cwb, len_cw, STROBE_MODE_ABSORB_R);
if ((cw_flags & STROBE_FLAG_RUN_F) || (decaf_sponge->params->flags & FLAG_NOPARSE)) {
decaf_sponge->state->b[decaf_sponge->params->position] ^= CONTROL_WORD_PAD(len_cw);
dokeccak(decaf_sponge);
}

sponge->params->flags &= ~FLAG_NOPARSE;
decaf_sponge->params->flags &= ~FLAG_NOPARSE;
if (cw_flags & STROBE_FLAG_NO_LENGTH) {
sponge->params->flags |= FLAG_NOPARSE;
decaf_sponge->params->flags |= FLAG_NOPARSE;
}
}
strobe_duplex(sponge, out, in, len, get_mode(cw_flags));
strobe_duplex(decaf_sponge, out, in, len, get_mode(cw_flags));
if (cw_flags & STROBE_FLAG_FORGET) {
uint32_t len = sponge->params->rate - sponge->params->position;
if (len < STROBE_FORGET_BYTES + len_cw) len += sponge->params->rate;
uint32_t len = decaf_sponge->params->rate - decaf_sponge->params->position;
if (len < STROBE_FORGET_BYTES + len_cw) len += decaf_sponge->params->rate;
len -= len_cw; /* HACK */
if (cw_flags & STROBE_FLAG_NO_LENGTH) len = 2*STROBE_FORGET_BYTES;
assert(!(cw_flags & STROBE_FLAG_MORE));
strobe_duplex(
sponge, NULL, NULL, len,
decaf_sponge, NULL, NULL, len,
STROBE_MODE_FORGET
);
}
@@ -622,14 +622,14 @@ decaf_error_t strobe_verify_auth (
const unsigned char *in,
uint16_t len
) {
keccak_sponge_s *sponge = strobe->sponge;
if (len > sponge->params->rate) return DECAF_FAILURE;
decaf_keccak_sponge_s *decaf_sponge = strobe->sponge;
if (len > decaf_sponge->params->rate) return DECAF_FAILURE;
strobe_transact(strobe, NULL, in, len, strobe_cw_recv(STROBE_CW_MAC));
int32_t residue = 0;
int i;
for (i=0; i<len; i++) {
residue |= sponge->state->b[i];
residue |= decaf_sponge->state->b[i];
}
return decaf_succeed_if((residue-1)>>8);
@@ -637,15 +637,15 @@ decaf_error_t strobe_verify_auth (

void strobe_respec (
keccak_strobe_t strobe,
const struct kparams_s *params
const struct decaf_kparams_s *params
) {
keccak_sponge_s *sponge = strobe->sponge;
uint8_t in[] = { params->rate, params->startRound };
decaf_keccak_sponge_s *decaf_sponge = strobe->sponge;
uint8_t in[] = { params->rate, params->start_round };
strobe_transact( strobe, NULL, in, sizeof(in), STROBE_CW_RESPEC_INFO );
strobe_transact( strobe, NULL, NULL, 0, STROBE_CW_RESPEC );
assert(sponge->params->position == 0);
sponge->params->rate = params->rate;
sponge->params->startRound = params->startRound;
assert(decaf_sponge->params->position == 0);
decaf_sponge->params->rate = params->rate;
decaf_sponge->params->start_round = params->start_round;
}

/* FUTURE: Keyak instances, etc */

+ 1
- 1
test/bench_decaf.cxx View File

@@ -335,7 +335,7 @@ static void macro() {
}
for (Benchmark b("SharedSecret",1); b.iter(); ) {
ss = s1.sharedSecret(p2,32,true);
ss = s1.shared_secret(p2,32,true);
}
printf("\nProtocol benchmarks:\n");


+ 18
- 18
test/shakesum.c View File

@@ -1,6 +1,6 @@
/**
* @cond internal
* @file shakesum.c
* @file decaf_shakesum.c
* @copyright
* Copyright (c) 2015 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
@@ -17,19 +17,19 @@
static void usage() {
fprintf(
stderr,
"shakesum [shake256|shake128|sha3-224|sha3-384|sha3-512|sha512] < infile > outfile\n"
"decaf_shakesum [shake256|shake128|sha3-224|sha3-384|sha3-512|sha512] < infile > outfile\n"
);
}

int main(int argc, char **argv) {
(void)argc; (void)argv;

keccak_sponge_t sponge;
sha512_ctx_t sha512;
decaf_keccak_sponge_t sponge;
decaf_sha512_ctx_t decaf_sha512;
unsigned char buf[1024];
unsigned int outlen = 512;
shake256_gen_init(sponge);
decaf_shake256_gen_init(sponge);
int use_sha512 = 0;

@@ -37,26 +37,26 @@ int main(int argc, char **argv) {
if (argc > 1) {
if (!strcmp(argv[1], "shake256") || !strcmp(argv[1], "SHAKE256")) {
outlen = 512;
shake256_gen_init(sponge);
decaf_shake256_gen_init(sponge);
} else if (!strcmp(argv[1], "shake128") || !strcmp(argv[1], "SHAKE128")) {
outlen = 512;
shake128_gen_init(sponge);
decaf_shake128_gen_init(sponge);
} else if (!strcmp(argv[1], "sha3-224") || !strcmp(argv[1], "SHA3-224")) {
outlen = 224/8;
sha3_224_gen_init(sponge);
decaf_sha3_224_gen_init(sponge);
} else if (!strcmp(argv[1], "sha3-256") || !strcmp(argv[1], "SHA3-256")) {
outlen = 256/8;
sha3_256_gen_init(sponge);
decaf_sha3_256_gen_init(sponge);
} else if (!strcmp(argv[1], "sha3-384") || !strcmp(argv[1], "SHA3-384")) {
outlen = 384/8;
sha3_384_gen_init(sponge);
decaf_sha3_384_gen_init(sponge);
} else if (!strcmp(argv[1], "sha3-512") || !strcmp(argv[1], "SHA3-512")) {
outlen = 512/8;
sha3_512_gen_init(sponge);
decaf_sha3_512_gen_init(sponge);
} else if (!strcmp(argv[1], "sha512") || !strcmp(argv[1], "SHA512")) {
outlen = 512/8;
use_sha512 = 1;
sha512_init(sha512);
decaf_sha512_init(decaf_sha512);
} else {
usage();
return 2;
@@ -67,17 +67,17 @@ int main(int argc, char **argv) {
do {
red = read(0, buf, sizeof(buf));
if (red>0) {
if (use_sha512) sha512_update(sha512,buf,red);
else sha3_update(sponge,buf,red);
if (use_sha512) decaf_sha512_update(decaf_sha512,buf,red);
else decaf_sha3_update(sponge,buf,red);
}
} while (red>0);

if (use_sha512) {
sha512_final(sha512,buf,outlen);
sha512_destroy(sha512);
decaf_sha512_final(decaf_sha512,buf,outlen);
decaf_sha512_destroy(decaf_sha512);
} else {
sha3_output(sponge,buf,outlen);
sponge_destroy(sponge);
decaf_sha3_output(sponge,buf,outlen);
decaf_sponge_destroy(sponge);
}
unsigned i;
for (i=0; i<outlen; i++) {


+ 2
- 2
test/test_ct.cxx View File

@@ -126,10 +126,10 @@ static void test_crypto() {

#if DECAF_CRYPTO_SHARED_SECRET_SHORT_CIRUIT
PrivateKey<Group> sk2(defrng);
(void)sk1.sharedSecretNoexcept(shared,sk2.pub(),i&1);
(void)sk1.shared_secretNoexcept(shared,sk2.pub(),i&1);
#else
PrivateKey<Group> sk3(rng);
(void)sk1.sharedSecretNoexcept(shared,sk3.pub(),i&1);
(void)sk1.shared_secretNoexcept(shared,sk3.pub(),i&1);
#endif
}
}


+ 2
- 2
test/test_decaf.cxx View File

@@ -421,8 +421,8 @@ static void test_crypto() {

pub1.verify(message, sig);
SecureBuffer s1(priv1.sharedSecret(pub2,32,true));
SecureBuffer s2(priv2.sharedSecret(pub1,32,false));
SecureBuffer s1(priv1.shared_secret(pub2,32,true));
SecureBuffer s2(priv2.shared_secret(pub1,32,false));
if (!memeq(s1,s2)) {
test.fail();
printf(" Shared secrets disagree on iteration %d.\n",i);


Write Preview
Loading…
Cancel
Save