From f1df5e4714ae01e678189ef5ea2c21433a5d7a57 Mon Sep 17 00:00:00 2001 From: Michael Hamburg Date: Tue, 1 Mar 2016 11:56:14 -0800 Subject: [PATCH] lowerCamelCase -> snake_case. Put decaf_ in front of all (most?) identifiers, except for SHAKE which is being removed before 1.0 release (for future refactoring) --- src/per_curve/crypto.tmpl.hxx | 8 +- src/per_curve/decaf.tmpl.c | 10 +- src/per_curve/decaf.tmpl.h | 4 +- src/per_curve/decaf.tmpl.hxx | 8 +- src/per_curve/decaf_gen_tables.tmpl.c | 10 +- src/per_curve/eddsa.tmpl.c | 16 +- src/per_curve/eddsa.tmpl.hxx | 4 +- src/public_include/decaf/secure_buffer.hxx | 34 +-- src/public_include/decaf/sha512.h | 26 +-- src/public_include/decaf/sha512.hxx | 18 +- src/public_include/decaf/shake.h | 153 ++++++------ src/public_include/decaf/shake.hxx | 42 ++-- src/public_include/decaf/spongerng.h | 34 +-- src/public_include/decaf/spongerng.hxx | 12 +- src/public_include/decaf/strobe.h | 16 +- src/public_include/decaf/strobe.hxx | 4 +- src/sha512.c | 18 +- src/shake.c | 256 ++++++++++----------- test/bench_decaf.cxx | 2 +- test/shakesum.c | 36 +-- test/test_ct.cxx | 4 +- test/test_decaf.cxx | 4 +- 22 files changed, 360 insertions(+), 359 deletions(-) diff --git a/src/per_curve/crypto.tmpl.hxx b/src/per_curve/crypto.tmpl.hxx index bc37c23..f7a2170 100644 --- a/src/per_curve/crypto.tmpl.hxx +++ b/src/per_curve/crypto.tmpl.hxx @@ -62,7 +62,7 @@ public: } /** Serialization size. */ - inline size_t serSize() const NOEXCEPT { return SER_BYTES; } + inline size_t ser_size() const NOEXCEPT { return SER_BYTES; } /** Verify a message */ inline void verify( @@ -132,7 +132,7 @@ public: } /** Serialization size. */ - inline size_t serSize() const NOEXCEPT { return SER_BYTES; } + inline size_t ser_size() const NOEXCEPT { return SER_BYTES; } /** Serialize into a buffer. */ inline void serialize_into(unsigned char *x) const NOEXCEPT { @@ -152,7 +152,7 @@ public: } /** Derive a shared secret */ - inline SecureBuffer sharedSecret( + inline SecureBuffer shared_secret( const PublicKey<$(cxx_ns)> &pub, size_t bytes, bool me_first @@ -166,7 +166,7 @@ public: /** Derive a shared secret */ inline decaf_error_t __attribute__((warn_unused_result)) - sharedSecretNoexcept( + shared_secret_noexcept( Buffer ret, const PublicKey<$(cxx_ns)> &pub, bool me_first diff --git a/src/per_curve/decaf.tmpl.c b/src/per_curve/decaf.tmpl.c index fba1c7c..8d92875 100644 --- a/src/per_curve/decaf.tmpl.c +++ b/src/per_curve/decaf.tmpl.c @@ -1364,11 +1364,11 @@ struct smvt_control { }; static int recode_wnaf ( - struct smvt_control *control, /* [nbits/(tableBits+1) + 3] */ + struct smvt_control *control, /* [nbits/(table_bits+1) + 3] */ const scalar_t scalar, - unsigned int tableBits + unsigned int table_bits ) { - unsigned int table_size = SCALAR_BITS/(tableBits+1) + 3; + unsigned int table_size = SCALAR_BITS/(table_bits+1) + 3; int position = table_size - 1; /* at the end */ /* place the end marker */ @@ -1382,7 +1382,7 @@ static int recode_wnaf ( */ uint64_t current = scalar->limb[0] & 0xFFFF; - uint32_t mask = (1<<(tableBits+1))-1; + uint32_t mask = (1<<(table_bits+1))-1; unsigned int w; const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2; @@ -1396,7 +1396,7 @@ static int recode_wnaf ( assert(position >= 0); uint32_t pos = __builtin_ctz((uint32_t)current), odd = (uint32_t)current >> pos; int32_t delta = odd & mask; - if (odd & 1<<(tableBits+1)) delta -= (1<<(tableBits+1)); + if (odd & 1<<(table_bits+1)) delta -= (1<<(table_bits+1)); current -= delta << pos; control[position].power = pos + 16*(w-1); control[position].addend = delta; diff --git a/src/per_curve/decaf.tmpl.h b/src/per_curve/decaf.tmpl.h index 4b747d0..d718d23 100644 --- a/src/per_curve/decaf.tmpl.h +++ b/src/per_curve/decaf.tmpl.h @@ -538,12 +538,12 @@ void $(c_ns)_scalar_cond_sel ( /** * @brief Test that a point is valid, for debugging purposes. * - * @param [in] toTest The point to test. + * @param [in] to_test The point to test. * @retval DECAF_TRUE The point is valid. * @retval DECAF_FALSE The point is invalid. */ decaf_bool_t $(c_ns)_point_valid ( - const $(c_ns)_point_t toTest + const $(c_ns)_point_t to_test ) API_VIS WARN_UNUSED NONNULL NOINLINE; /** diff --git a/src/per_curve/decaf.tmpl.hxx b/src/per_curve/decaf.tmpl.hxx index f4dfff8..08ed20c 100644 --- a/src/per_curve/decaf.tmpl.hxx +++ b/src/per_curve/decaf.tmpl.hxx @@ -104,7 +104,7 @@ public: inline Scalar(const Block &buffer) NOEXCEPT { *this = buffer; } /** Serializable instance */ - inline size_t serSize() const NOEXCEPT { return SER_BYTES; } + inline size_t ser_size() const NOEXCEPT { return SER_BYTES; } /** Serializable instance */ inline void serialize_into(unsigned char *buffer) const NOEXCEPT { @@ -378,7 +378,7 @@ public: } /** Serializable instance */ - inline size_t serSize() const NOEXCEPT { return SER_BYTES; } + inline size_t ser_size() const NOEXCEPT { return SER_BYTES; } /** Serializable instance */ inline void serialize_into(unsigned char *buffer) const NOEXCEPT { @@ -559,7 +559,7 @@ public: * initializer for points which makes this equal to the identity. */ inline Precomputed ( - const Precomputed_U &yours = *defaultValue() + const Precomputed_U &yours = *default_value() ) NOEXCEPT : OwnedOrUnowned(yours) {} @@ -617,7 +617,7 @@ public: friend class OwnedOrUnowned; static inline size_t size() NOEXCEPT { return $(c_ns)_sizeof_precomputed_s; } static inline size_t alignment() NOEXCEPT { return $(c_ns)_alignof_precomputed_s; } - static inline const Precomputed_U * defaultValue() NOEXCEPT { return $(c_ns)_precomputed_base; } + static inline const Precomputed_U * default_value() NOEXCEPT { return $(c_ns)_precomputed_base; } /** @endcond */ }; diff --git a/src/per_curve/decaf_gen_tables.tmpl.c b/src/per_curve/decaf_gen_tables.tmpl.c index 4817782..e93606c 100644 --- a/src/per_curve/decaf_gen_tables.tmpl.c +++ b/src/per_curve/decaf_gen_tables.tmpl.c @@ -59,10 +59,10 @@ int main(int argc, char **argv) { if (ret || !pre) return 1; API_NS(precompute)(pre, real_point_base); - struct niels_s *preWnaf; - ret = posix_memalign((void**)&preWnaf, API_NS(alignof_precomputed_s), API_NS(sizeof_precomputed_wnafs)); - if (ret || !preWnaf) return 1; - API_NS(precompute_wnafs)(preWnaf, real_point_base); + struct niels_s *pre_wnaf; + ret = posix_memalign((void**)&pre_wnaf, API_NS(alignof_precomputed_s), API_NS(sizeof_precomputed_wnafs)); + if (ret || !pre_wnaf) return 1; + API_NS(precompute_wnafs)(pre_wnaf, real_point_base); const gf_s *output; unsigned i; @@ -91,7 +91,7 @@ int main(int argc, char **argv) { } printf("\n};\n"); - output = (const gf_s *)preWnaf; + output = (const gf_s *)pre_wnaf; printf("const gf API_NS(precomputed_wnaf_as_fe)[%d]\n", (int)(API_NS(sizeof_precomputed_wnafs) / sizeof(gf))); printf("__attribute__((aligned(%d),visibility(\"hidden\"))) = {\n ", (int)API_NS(alignof_precomputed_s)); diff --git a/src/per_curve/eddsa.tmpl.c b/src/per_curve/eddsa.tmpl.c index a8432ae..d621bca 100644 --- a/src/per_curve/eddsa.tmpl.c +++ b/src/per_curve/eddsa.tmpl.c @@ -12,12 +12,12 @@ #define API_NAME "$(c_ns)" #define API_NS(_id) $(c_ns)_##_id -#define hash_ctx_t $(eddsa_hash)_ctx_t -#define hash_init $(eddsa_hash)_init -#define hash_update $(eddsa_hash)_update -#define hash_final $(eddsa_hash)_final -#define hash_destroy $(eddsa_hash)_destroy -#define hash_hash $(eddsa_hash)_hash +#define hash_ctx_t decaf_$(eddsa_hash)_ctx_t +#define hash_init decaf_$(eddsa_hash)_init +#define hash_update decaf_$(eddsa_hash)_update +#define hash_final decaf_$(eddsa_hash)_final +#define hash_destroy decaf_$(eddsa_hash)_destroy +#define hash_hash decaf_$(eddsa_hash)_hash #define SUPPORTS_CONTEXTS $(C_NS)_EDDSA_SUPPORTS_CONTEXTS #define EDDSA_USE_SIGMA_ISOGENY $(eddsa_sigma_iso) @@ -47,9 +47,9 @@ static void hash_init_with_dom( hash_init(hash); #if SUPPORTS_CONTEXTS - const char *domS = "$(eddsa_dom)"; + const char *dom_s = "$(eddsa_dom)"; const uint8_t dom[2] = {1+word_is_zero(prehashed), context_len}; - hash_update(hash,(const unsigned char *)domS, strlen(domS)); + hash_update(hash,(const unsigned char *)dom_s, strlen(dom_s)); hash_update(hash,dom,2); hash_update(hash,context,context_len); #else diff --git a/src/per_curve/eddsa.tmpl.hxx b/src/per_curve/eddsa.tmpl.hxx index 6befce3..0e2bdcf 100644 --- a/src/per_curve/eddsa.tmpl.hxx +++ b/src/per_curve/eddsa.tmpl.hxx @@ -145,7 +145,7 @@ public: } /** Serialization size. */ - inline size_t serSize() const NOEXCEPT { return SER_BYTES; } + inline size_t ser_size() const NOEXCEPT { return SER_BYTES; } /** Serialize into a buffer. */ inline void serialize_into(unsigned char *x) const NOEXCEPT { @@ -258,7 +258,7 @@ public: /** Serialization size. */ - inline size_t serSize() const NOEXCEPT { return SER_BYTES; } + inline size_t ser_size() const NOEXCEPT { return SER_BYTES; } /** Serialize into a buffer. */ inline void serialize_into(unsigned char *x) const NOEXCEPT { diff --git a/src/public_include/decaf/secure_buffer.hxx b/src/public_include/decaf/secure_buffer.hxx index 64583b6..d306cf0 100644 --- a/src/public_include/decaf/secure_buffer.hxx +++ b/src/public_include/decaf/secure_buffer.hxx @@ -85,7 +85,7 @@ inline bool memeq(const std::vector &a, const std::vector &b) { template class Serializable { public: /** @brief Return the number of bytes needed to serialize this object */ - inline size_t serSize() const NOEXCEPT { return static_cast(this)->serSize(); } + inline size_t ser_size() const NOEXCEPT { return static_cast(this)->ser_size(); } /** @brief Serialize this object into a buffer */ inline void serialize_into(unsigned char *buf) const NOEXCEPT { @@ -94,7 +94,7 @@ public: /** @brief Serialize this object into a SecureBuffer and return it */ inline SecureBuffer serialize() const throw(std::bad_alloc) { - SecureBuffer out(serSize()); + SecureBuffer out(ser_size()); serialize_into(out.data()); return out; } @@ -396,32 +396,32 @@ protected: Wrapped *mine; const Wrapped *yours; } ours; - bool isMine; + bool is_mine; inline void clear() NOEXCEPT { - if (isMine) { + if (is_mine) { really_bzero(ours.mine, T::size()); free(ours.mine); - ours.yours = T::defaultValue(); - isMine = false; + ours.yours = T::default_value(); + is_mine = false; } } inline void alloc() throw(std::bad_alloc) { - if (isMine) return; + if (is_mine) return; int ret = posix_memalign((void**)&ours.mine, T::alignment(), T::size()); if (ret || !ours.mine) { - isMine = false; + is_mine = false; throw std::bad_alloc(); } - isMine = true; + is_mine = true; } - inline const Wrapped *get() const NOEXCEPT { return isMine ? ours.mine : ours.yours; } + inline const Wrapped *get() const NOEXCEPT { return is_mine ? ours.mine : ours.yours; } inline OwnedOrUnowned( - const Wrapped &yours = *T::defaultValue() + const Wrapped &yours = *T::default_value() ) NOEXCEPT { ours.yours = &yours; - isMine = false; + is_mine = false; } /** @@ -429,14 +429,14 @@ protected: */ inline T &operator=(const OwnedOrUnowned &it) throw(std::bad_alloc) { if (this == &it) return *(T*)this; - if (it.isMine) { + if (it.is_mine) { alloc(); memcpy(ours.mine,it.ours.mine,T::size()); } else { clear(); ours.yours = it.ours.yours; } - isMine = it.isMine; + is_mine = it.is_mine; return *(T*)this; } @@ -445,9 +445,9 @@ protected: if (this == &it) return *(T*)this; clear(); ours = it.ours; - isMine = it.isMine; - it.isMine = false; - it.ours.yours = T::defaultValue; + is_mine = it.is_mine; + it.is_mine = false; + it.ours.yours = T::default_value; return *this; } #endif diff --git a/src/public_include/decaf/sha512.h b/src/public_include/decaf/sha512.h index 5338058..d0fd8ce 100644 --- a/src/public_include/decaf/sha512.h +++ b/src/public_include/decaf/sha512.h @@ -19,31 +19,31 @@ extern "C" { #endif -typedef struct sha512_ctx_s { +typedef struct decaf_sha512_ctx_s { uint64_t state[8]; uint8_t block[128]; - uint64_t bytesProcessed; -} sha512_ctx_s, sha512_ctx_t[1]; + uint64_t bytes_processed; +} decaf_sha512_ctx_s, decaf_sha512_ctx_t[1]; -void sha512_init(sha512_ctx_t ctx) NONNULL API_VIS; -void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) NONNULL API_VIS; -void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) NONNULL API_VIS; +void decaf_sha512_init(decaf_sha512_ctx_t ctx) NONNULL API_VIS; +void decaf_sha512_update(decaf_sha512_ctx_t ctx, const uint8_t *message, size_t length) NONNULL API_VIS; +void decaf_sha512_final(decaf_sha512_ctx_t ctx, uint8_t *out, size_t length) NONNULL API_VIS; -static inline void sha512_destroy(sha512_ctx_t ctx) { +static inline void decaf_sha512_destroy(decaf_sha512_ctx_t ctx) { decaf_bzero(ctx,sizeof(*ctx)); } -static inline void sha512_hash( +static inline void decaf_sha512_hash( uint8_t *output, size_t output_len, const uint8_t *message, size_t message_len ) { - sha512_ctx_t ctx; - sha512_init(ctx); - sha512_update(ctx,message,message_len); - sha512_final(ctx,output,output_len); - sha512_destroy(ctx); + decaf_sha512_ctx_t ctx; + decaf_sha512_init(ctx); + decaf_sha512_update(ctx,message,message_len); + decaf_sha512_final(ctx,output,output_len); + decaf_sha512_destroy(ctx); } #ifdef __cplusplus diff --git a/src/public_include/decaf/sha512.hxx b/src/public_include/decaf/sha512.hxx index 2509eaf..2cee0d6 100644 --- a/src/public_include/decaf/sha512.hxx +++ b/src/public_include/decaf/sha512.hxx @@ -1,5 +1,5 @@ /** - * @file decaf/sha512.hxx + * @file decaf/decaf_sha512.hxx * @copyright * Based on public domain code by Dan Bernstein \n * Copyright (c) 2015 Cryptography Research, Inc. \n @@ -30,7 +30,7 @@ class SHA512 { protected: /** @cond internal */ /** The C-wrapper sponge state */ - sha512_ctx_t sha; + decaf_sha512_ctx_t sha; public: @@ -44,10 +44,10 @@ public: static const size_t DEFAULT_OUTPUT_BYTES = OUTPUT_BYTES; /** Constructor */ - inline SHA512() NOEXCEPT { sha512_init(sha); } + inline SHA512() NOEXCEPT { decaf_sha512_init(sha); } /** Add more data to running hash */ - inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { sha512_update(sha,in,len); } + inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { decaf_sha512_update(sha,in,len); } /** Add more data to running hash, C++ version. */ inline void update(const Block &s) NOEXCEPT { update(s.data(),s.size()); } @@ -61,17 +61,17 @@ public: /** @brief Output bytes from the SHA context, and resets it. */ inline void final(Buffer b) throw(LengthException) { if (b.size() > OUTPUT_BYTES) throw LengthException(); - sha512_final(sha,b.data(),b.size()); + decaf_sha512_final(sha,b.data(),b.size()); } /** Resets the SHA context */ - inline void reset() NOEXCEPT { sha512_init(sha); } + inline void reset() NOEXCEPT { decaf_sha512_init(sha); } /** @brief Output bytes from the sponge. */ inline SecureBuffer final(size_t len = OUTPUT_BYTES) throw(LengthException) { if (len > OUTPUT_BYTES) throw LengthException(); SecureBuffer buffer(len); - sha512_final(sha,buffer.data(),len); + decaf_sha512_final(sha,buffer.data(),len); return buffer; } @@ -88,12 +88,12 @@ public: ) throw(LengthException, std::bad_alloc) { if (outlen > OUTPUT_BYTES) throw LengthException(); SecureBuffer buffer(outlen); - sha512_hash(buffer.data(),outlen,message.data(),message.size()); + decaf_sha512_hash(buffer.data(),outlen,message.data(),message.size()); return buffer; } /** Destructor zeroizes state */ - inline ~SHA512() NOEXCEPT { sha512_destroy(sha); } + inline ~SHA512() NOEXCEPT { decaf_sha512_destroy(sha); } }; } /* namespace decaf */ diff --git a/src/public_include/decaf/shake.h b/src/public_include/decaf/shake.h index cab7e18..6fdcea6 100644 --- a/src/public_include/decaf/shake.h +++ b/src/public_include/decaf/shake.h @@ -5,12 +5,11 @@ * Copyright (c) 2015 Cryptography Research, Inc. \n * Released under the MIT License. See LICENSE.txt for license information. * @author Mike Hamburg - * @brief SHA-3-n and SHAKE-n instances. - * @warning EXPERIMENTAL! The names, parameter orders etc are likely to change. + * @brief SHA-3-n and DECAF_SHAKE-n instances. */ -#ifndef __SHAKE_H__ -#define __SHAKE_H__ +#ifndef __DECAF_SHAKE_H__ +#define __DECAF_SHAKE_H__ #include #include @@ -24,19 +23,19 @@ extern "C" { #ifndef INTERNAL_SPONGE_STRUCT /** Sponge container object for the various primitives. */ - typedef struct keccak_sponge_s { + typedef struct decaf_keccak_sponge_s { /** @cond internal */ uint64_t opaque[26]; /** @endcond */ - } keccak_sponge_s; + } decaf_keccak_sponge_s; /** Convenience GMP-style one-element array version */ - typedef struct keccak_sponge_s keccak_sponge_t[1]; + typedef struct decaf_keccak_sponge_s decaf_keccak_sponge_t[1]; - /** Parameters for sponge construction, distinguishing SHA3 and - * SHAKE instances. + /** Parameters for sponge construction, distinguishing DECAF_SHA3 and + * DECAF_SHAKE instances. */ - struct kparams_s; + struct decaf_kparams_s; #endif /** @@ -44,48 +43,48 @@ extern "C" { * @param [out] sponge The object to initialize. * @param [in] params The sponge's parameter description. */ -void sponge_init ( - keccak_sponge_t sponge, - const struct kparams_s *params +void decaf_sponge_init ( + decaf_keccak_sponge_t sponge, + const struct decaf_kparams_s *params ) API_VIS; /** - * @brief Absorb data into a SHA3 or SHAKE hash context. + * @brief Absorb data into a DECAF_SHA3 or DECAF_SHAKE hash context. * @param [inout] sponge The context. * @param [in] in The input data. * @param [in] len The input data's length in bytes. */ -void sha3_update ( - struct keccak_sponge_s * __restrict__ sponge, +void decaf_sha3_update ( + struct decaf_keccak_sponge_s * __restrict__ sponge, const uint8_t *in, size_t len ) API_VIS; /** - * @brief Squeeze output data from a SHA3 or SHAKE hash context. + * @brief Squeeze output data from a DECAF_SHA3 or DECAF_SHAKE hash context. * This does not destroy or re-initialize the hash context, and - * sha3 output can be called more times. + * decaf_sha3 output can be called more times. * * @param [inout] sponge The context. * @param [out] out The output data. * @param [in] len The requested output data length in bytes. */ -void sha3_output ( - keccak_sponge_t sponge, +void decaf_sha3_output ( + decaf_keccak_sponge_t sponge, uint8_t * __restrict__ out, size_t len ) API_VIS; /** - * @brief Squeeze output data from a SHA3 or SHAKE hash context. + * @brief Squeeze output data from a DECAF_SHA3 or DECAF_SHAKE hash context. * This re-initializes the context to its starting parameters. * * @param [inout] sponge The context. * @param [out] out The output data. * @param [in] len The requested output data length in bytes. */ -void sha3_final ( - keccak_sponge_t sponge, +void decaf_sha3_final ( + decaf_keccak_sponge_t sponge, uint8_t * __restrict__ out, size_t len ) API_VIS; @@ -95,36 +94,36 @@ void sha3_final ( * * @param [inout] sponge The context. */ -void sha3_reset ( - keccak_sponge_t sponge +void decaf_sha3_reset ( + decaf_keccak_sponge_t sponge ) API_VIS; /** * @brief Return the default output length of the sponge construction, * for the purpose of C++ default operators. * - * Returns n/8 for SHA3-n and 2n/8 for SHAKE-n. + * Returns n/8 for DECAF_SHA3-n and 2n/8 for DECAF_SHAKE-n. */ -size_t sponge_default_output_bytes ( - const keccak_sponge_t sponge /**< [inout] The context. */ +size_t decaf_sponge_default_output_bytes ( + const decaf_keccak_sponge_t sponge /**< [inout] The context. */ ) API_VIS; /** * @brief Return the default output length of the sponge construction, * for the purpose of C++ default operators. * - * Returns n/8 for SHA3-n and SIZE_MAX for SHAKE-n. + * Returns n/8 for DECAF_SHA3-n and SIZE_MAX for DECAF_SHAKE-n. */ -size_t sponge_max_output_bytes ( - const keccak_sponge_t sponge /**< [inout] The context. */ +size_t decaf_sponge_max_output_bytes ( + const decaf_keccak_sponge_t sponge /**< [inout] The context. */ ) API_VIS; /** - * @brief Destroy a SHA3 or SHAKE sponge context by overwriting it with 0. + * @brief Destroy a DECAF_SHA3 or DECAF_SHAKE sponge context by overwriting it with 0. * @param [out] sponge The context. */ -void sponge_destroy ( - keccak_sponge_t sponge +void decaf_sponge_destroy ( + decaf_keccak_sponge_t sponge ) API_VIS; /** @@ -135,73 +134,75 @@ void sponge_destroy ( * @param [in] outlen The length of the output data. * @param [in] params The parameters of the sponge hash. */ -void sponge_hash ( +void decaf_sponge_hash ( const uint8_t *in, size_t inlen, uint8_t *out, size_t outlen, - const struct kparams_s *params + const struct decaf_kparams_s *params ) API_VIS; -/* FUTURE: expand/doxygenate individual SHAKE/SHA3 instances? */ +/* FUTURE: expand/doxygenate individual DECAF_SHAKE/DECAF_SHA3 instances? */ /** @cond internal */ -#define DECSHAKE(n) \ - extern const struct kparams_s SHAKE##n##_params_s API_VIS; \ - typedef struct shake##n##_ctx_s { keccak_sponge_t s; } shake##n##_ctx_t[1]; \ - static inline void NONNULL shake##n##_init(shake##n##_ctx_t sponge) { \ - sponge_init(sponge->s, &SHAKE##n##_params_s); \ +#define DEC_SHAKE(n) \ + extern const struct decaf_kparams_s DECAF_SHAKE##n##_params_s API_VIS; \ + typedef struct decaf_shake##n##_ctx_s { decaf_keccak_sponge_t s; } decaf_shake##n##_ctx_t[1]; \ + static inline void NONNULL decaf_shake##n##_init(decaf_shake##n##_ctx_t sponge) { \ + decaf_sponge_init(sponge->s, &DECAF_SHAKE##n##_params_s); \ } \ - static inline void NONNULL shake##n##_gen_init(keccak_sponge_t sponge) { \ - sponge_init(sponge, &SHAKE##n##_params_s); \ + static inline void NONNULL decaf_shake##n##_gen_init(decaf_keccak_sponge_t sponge) { \ + decaf_sponge_init(sponge, &DECAF_SHAKE##n##_params_s); \ } \ - static inline void NONNULL shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ - sha3_update(sponge->s, in, inlen); \ + static inline void NONNULL decaf_shake##n##_update(decaf_shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ + decaf_sha3_update(sponge->s, in, inlen); \ } \ - static inline void NONNULL shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ - sha3_output(sponge->s, out, outlen); \ - sponge_init(sponge->s, &SHAKE##n##_params_s); \ + static inline void NONNULL decaf_shake##n##_final(decaf_shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ + decaf_sha3_output(sponge->s, out, outlen); \ + decaf_sponge_init(sponge->s, &DECAF_SHAKE##n##_params_s); \ } \ - static inline void NONNULL shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ - sponge_hash(in,inlen,out,outlen,&SHAKE##n##_params_s); \ + static inline void NONNULL decaf_shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ + decaf_sponge_hash(in,inlen,out,outlen,&DECAF_SHAKE##n##_params_s); \ } \ - static inline void NONNULL shake##n##_destroy( shake##n##_ctx_t sponge ) { \ - sponge_destroy(sponge->s); \ + static inline void NONNULL decaf_shake##n##_destroy( decaf_shake##n##_ctx_t sponge ) { \ + decaf_sponge_destroy(sponge->s); \ } -#define DECSHA3(n) \ - extern const struct kparams_s SHA3_##n##_params_s API_VIS; \ - typedef struct sha3_##n##_ctx_s { keccak_sponge_t s; } sha3_##n##_ctx_t[1]; \ - static inline void NONNULL sha3_##n##_init(sha3_##n##_ctx_t sponge) { \ - sponge_init(sponge->s, &SHA3_##n##_params_s); \ +#define DEC_SHA3(n) \ + extern const struct decaf_kparams_s DECAF_SHA3_##n##_params_s API_VIS; \ + typedef struct decaf_sha3_##n##_ctx_s { decaf_keccak_sponge_t s; } decaf_sha3_##n##_ctx_t[1]; \ + static inline void NONNULL decaf_sha3_##n##_init(decaf_sha3_##n##_ctx_t sponge) { \ + decaf_sponge_init(sponge->s, &DECAF_SHA3_##n##_params_s); \ } \ - static inline void NONNULL sha3_##n##_gen_init(keccak_sponge_t sponge) { \ - sponge_init(sponge, &SHA3_##n##_params_s); \ + static inline void NONNULL decaf_sha3_##n##_gen_init(decaf_keccak_sponge_t sponge) { \ + decaf_sponge_init(sponge, &DECAF_SHA3_##n##_params_s); \ } \ - static inline void NONNULL sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ - sha3_update(sponge->s, in, inlen); \ + static inline void NONNULL decaf_sha3_##n##_update(decaf_sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ + decaf_sha3_update(sponge->s, in, inlen); \ } \ - static inline void NONNULL sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ - sha3_output(sponge->s, out, outlen); \ - sponge_init(sponge->s, &SHA3_##n##_params_s); \ + static inline void NONNULL decaf_sha3_##n##_final(decaf_sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ + decaf_sha3_output(sponge->s, out, outlen); \ + decaf_sponge_init(sponge->s, &DECAF_SHA3_##n##_params_s); \ } \ - static inline void NONNULL sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ - sponge_hash(in,inlen,out,outlen,&SHA3_##n##_params_s); \ + static inline void NONNULL decaf_sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ + decaf_sponge_hash(in,inlen,out,outlen,&DECAF_SHA3_##n##_params_s); \ } \ - static inline void NONNULL sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \ - sponge_destroy(sponge->s); \ + static inline void NONNULL decaf_sha3_##n##_destroy(decaf_sha3_##n##_ctx_t sponge) { \ + decaf_sponge_destroy(sponge->s); \ } /** @endcond */ -DECSHAKE(128) -DECSHAKE(256) -DECSHA3(224) -DECSHA3(256) -DECSHA3(384) -DECSHA3(512) +DEC_SHAKE(128) +DEC_SHAKE(256) +DEC_SHA3(224) +DEC_SHA3(256) +DEC_SHA3(384) +DEC_SHA3(512) +#undef DEC_SHAKE +#undef DEC_SHA3 #ifdef __cplusplus } /* extern "C" */ #endif -#endif /* __SHAKE_H__ */ +#endif /* __DECAF_SHAKE_H__ */ diff --git a/src/public_include/decaf/shake.hxx b/src/public_include/decaf/shake.hxx index 630da20..33591b2 100644 --- a/src/public_include/decaf/shake.hxx +++ b/src/public_include/decaf/shake.hxx @@ -1,5 +1,5 @@ /** - * @file decaf/shake.hxx + * @file decaf/decaf_shake.hxx * @copyright * Based on CC0 code by David Leon Gil, 2015 \n * Copyright (c) 2015 Cryptography Research, Inc. \n @@ -35,18 +35,18 @@ class KeccakHash { protected: /** @cond internal */ /** The C-wrapper sponge state */ - keccak_sponge_t sp; + decaf_keccak_sponge_t sp; /** Initialize from parameters */ - inline KeccakHash(const kparams_s *params) NOEXCEPT { sponge_init(sp, params); } + inline KeccakHash(const decaf_kparams_s *params) NOEXCEPT { decaf_sponge_init(sp, params); } /** @endcond */ public: /** Add more data to running hash */ - inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { sha3_update(sp,in,len); } + inline void update(const uint8_t *__restrict__ in, size_t len) NOEXCEPT { decaf_sha3_update(sp,in,len); } /** Add more data to running hash, C++ version. */ - inline void update(const Block &s) NOEXCEPT { sha3_update(sp,s.data(),s.size()); } + inline void update(const Block &s) NOEXCEPT { decaf_sha3_update(sp,s.data(),s.size()); } /** Add more data, stream version. */ inline KeccakHash &operator<<(const Block &s) NOEXCEPT { update(s); return *this; } @@ -58,7 +58,7 @@ public: inline SecureBuffer output(size_t len) throw(std::bad_alloc, LengthException) { if (len > max_output_size()) throw LengthException(); SecureBuffer buffer(len); - sha3_output(sp,buffer.data(),len); + decaf_sha3_output(sp,buffer.data(),len); return buffer; } @@ -66,7 +66,7 @@ public: inline SecureBuffer final(size_t len) throw(std::bad_alloc, LengthException) { if (len > max_output_size()) throw LengthException(); SecureBuffer buffer(len); - sha3_final(sp,buffer.data(),len); + decaf_sha3_final(sp,buffer.data(),len); return buffer; } @@ -75,22 +75,22 @@ public: * @todo make this throw exceptions. */ inline void output(Buffer b) throw(LengthException) { - sha3_output(sp,b.data(),b.size()); + decaf_sha3_output(sp,b.data(),b.size()); } /** @brief Output bytes from the sponge and reinitialize it. */ inline void final(Buffer b) throw(LengthException) { - sha3_final(sp,b.data(),b.size()); + decaf_sha3_final(sp,b.data(),b.size()); } /** @brief Return the sponge's default output size. */ inline size_t default_output_size() const NOEXCEPT { - return sponge_default_output_bytes(sp); + return decaf_sponge_default_output_bytes(sp); } /** @brief Return the sponge's maximum output size. */ inline size_t max_output_size() const NOEXCEPT { - return sponge_max_output_bytes(sp); + return decaf_sponge_max_output_bytes(sp); } /** Output the default number of bytes. */ @@ -104,17 +104,17 @@ public: } /** Reset the hash to the empty string */ - inline void reset() NOEXCEPT { sha3_reset(sp); } + inline void reset() NOEXCEPT { decaf_sha3_reset(sp); } /** Destructor zeroizes state */ - inline ~KeccakHash() NOEXCEPT { sponge_destroy(sp); } + inline ~KeccakHash() NOEXCEPT { decaf_sponge_destroy(sp); } }; /** Fixed-output-length SHA3 */ template class SHA3 : public KeccakHash { private: /** Get the parameter template block for this hash */ - static inline const struct kparams_s *get_params(); + static inline const struct decaf_kparams_s *get_params(); public: /** Number of bytes of output */ @@ -142,7 +142,7 @@ template class SHAKE : public KeccakHash { private: /** Get the parameter template block for this hash */ - static inline const struct kparams_s *get_params(); + static inline const struct decaf_kparams_s *get_params(); public: /** Number of bytes of output */ @@ -165,12 +165,12 @@ public: }; /** @cond internal */ -template<> inline const struct kparams_s *SHAKE<128>::get_params() { return &SHAKE128_params_s; } -template<> inline const struct kparams_s *SHAKE<256>::get_params() { return &SHAKE256_params_s; } -template<> inline const struct kparams_s *SHA3<224>::get_params() { return &SHA3_224_params_s; } -template<> inline const struct kparams_s *SHA3<256>::get_params() { return &SHA3_256_params_s; } -template<> inline const struct kparams_s *SHA3<384>::get_params() { return &SHA3_384_params_s; } -template<> inline const struct kparams_s *SHA3<512>::get_params() { return &SHA3_512_params_s; } +template<> inline const struct decaf_kparams_s *SHAKE<128>::get_params() { return &DECAF_SHAKE128_params_s; } +template<> inline const struct decaf_kparams_s *SHAKE<256>::get_params() { return &DECAF_SHAKE256_params_s; } +template<> inline const struct decaf_kparams_s *SHA3<224>::get_params() { return &DECAF_SHA3_224_params_s; } +template<> inline const struct decaf_kparams_s *SHA3<256>::get_params() { return &DECAF_SHA3_256_params_s; } +template<> inline const struct decaf_kparams_s *SHA3<384>::get_params() { return &DECAF_SHA3_384_params_s; } +template<> inline const struct decaf_kparams_s *SHA3<512>::get_params() { return &DECAF_SHA3_512_params_s; } /** @endcond */ } /* namespace decaf */ diff --git a/src/public_include/decaf/spongerng.h b/src/public_include/decaf/spongerng.h index 1463b42..2e0e816 100644 --- a/src/public_include/decaf/spongerng.h +++ b/src/public_include/decaf/spongerng.h @@ -20,15 +20,15 @@ extern "C" { /** Keccak CSPRNG structure as struct. */ typedef struct { - keccak_sponge_t sponge; /**< Internal sponge object. */ -} keccak_prng_s; + decaf_keccak_sponge_t sponge; /**< Internal sponge object. */ +} decaf_keccak_prng_s; /** Keccak CSPRNG structure as one-element array */ -typedef keccak_prng_s keccak_prng_t[1]; +typedef decaf_keccak_prng_s decaf_keccak_prng_t[1]; /** Initialize a sponge-based CSPRNG from a buffer. */ -void spongerng_init_from_buffer ( - keccak_prng_t prng, /**< [out] The PRNG object. */ +void decaf_spongerng_init_from_buffer ( + decaf_keccak_prng_t prng, /**< [out] The PRNG object. */ const uint8_t *__restrict__ in, /**< [in] The initialization data. */ size_t len, /**< [in] The length of the initialization data. */ int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC.*/ @@ -40,8 +40,8 @@ void spongerng_init_from_buffer ( * @retval DECAF_FAILURE failure. * @note On failure, errno can be used to determine the cause. */ -decaf_error_t spongerng_init_from_file ( - keccak_prng_t prng, /**< [out] The PRNG object. */ +decaf_error_t decaf_spongerng_init_from_file ( + decaf_keccak_prng_t prng, /**< [out] The PRNG object. */ const char *file, /**< [in] A name of a file containing initial data. */ size_t len, /**< [in] The length of the initial data. Must be positive. */ int deterministic /**< [in] If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC. */ @@ -53,36 +53,36 @@ decaf_error_t spongerng_init_from_file ( * @retval DECAF_FAILURE failure. * @note On failure, errno can be used to determine the cause. */ -decaf_error_t spongerng_init_from_dev_urandom ( - keccak_prng_t prng /**< [out] sponge The sponge object. */ +decaf_error_t decaf_spongerng_init_from_dev_urandom ( + decaf_keccak_prng_t prng /**< [out] sponge The sponge object. */ ) API_VIS WARN_UNUSED; /** Output bytes from a sponge-based CSPRNG. */ -void spongerng_next ( - keccak_prng_t prng, /**< [inout] The PRNG object. */ +void decaf_spongerng_next ( + decaf_keccak_prng_t prng, /**< [inout] The PRNG object. */ uint8_t * __restrict__ out, /**< [out] Output buffer. */ size_t len /**< [in] Number of bytes to output. */ ) API_VIS; /** Stir entropy data into a sponge-based CSPRNG from a buffer. */ -void spongerng_stir ( - keccak_prng_t prng, /**< [out] The PRNG object. */ +void decaf_spongerng_stir ( + decaf_keccak_prng_t prng, /**< [out] The PRNG object. */ const uint8_t * __restrict__ in, /**< [in] The entropy data. */ size_t len /**< [in] The length of the initial data. */ ) NONNULL API_VIS; /** Securely destroy a sponge RNG object by overwriting it. */ static INLINE UNUSED void -spongerng_destroy ( - keccak_prng_t doomed /**< [in] The object to destroy. */ +decaf_spongerng_destroy ( + decaf_keccak_prng_t doomed /**< [in] The object to destroy. */ ); /** @cond internal */ /***************************************/ /* Implementations of inline functions */ /***************************************/ -void spongerng_destroy (keccak_prng_t doomed) { - sponge_destroy(doomed->sponge); +void decaf_spongerng_destroy (decaf_keccak_prng_t doomed) { + decaf_sponge_destroy(doomed->sponge); } /** @endcond */ /* internal */ diff --git a/src/public_include/decaf/spongerng.hxx b/src/public_include/decaf/spongerng.hxx index ae15ec5..0513687 100644 --- a/src/public_include/decaf/spongerng.hxx +++ b/src/public_include/decaf/spongerng.hxx @@ -38,7 +38,7 @@ namespace decaf { class SpongeRng : public Rng { private: /** C wrapped object */ - keccak_prng_t sp; + decaf_keccak_prng_t sp; public: /** Deterministic flag. @@ -61,13 +61,13 @@ public: /** Initialize, deterministically by default, from block */ inline SpongeRng( const Block &in, Deterministic det ) { - spongerng_init_from_buffer(sp,in.data(),in.size(),(int)det); + decaf_spongerng_init_from_buffer(sp,in.data(),in.size(),(int)det); } /** Initialize, non-deterministically by default, from C/C++ filename */ inline SpongeRng( const std::string &in = "/dev/urandom", size_t len = 32, Deterministic det = RANDOM ) throw(RngException) { - decaf_error_t ret = spongerng_init_from_file(sp,in.c_str(),len,det); + decaf_error_t ret = decaf_spongerng_init_from_file(sp,in.c_str(),len,det); if (!decaf_successful(ret)) { throw RngException(errno, "Couldn't load from file"); } @@ -75,11 +75,11 @@ public: /** Stir in new data */ inline void stir( const Block &data ) NOEXCEPT { - spongerng_stir(sp,data.data(),data.size()); + decaf_spongerng_stir(sp,data.data(),data.size()); } /** Securely destroy by overwriting state. */ - inline ~SpongeRng() NOEXCEPT { spongerng_destroy(sp); } + inline ~SpongeRng() NOEXCEPT { decaf_spongerng_destroy(sp); } using Rng::read; @@ -88,7 +88,7 @@ public: #if __cplusplus >= 201103L final #endif - { spongerng_next(sp,buffer.data(),buffer.size()); } + { decaf_spongerng_next(sp,buffer.data(),buffer.size()); } private: SpongeRng(const SpongeRng &) DELETE; diff --git a/src/public_include/decaf/strobe.h b/src/public_include/decaf/strobe.h index dec8f2b..a8e30ff 100644 --- a/src/public_include/decaf/strobe.h +++ b/src/public_include/decaf/strobe.h @@ -19,29 +19,29 @@ extern "C" { /** Keccak STROBE structure as struct. */ typedef struct { - keccak_sponge_t sponge; /**< Internal sponge object. */ + decaf_keccak_sponge_t sponge; /**< Internal sponge object. */ } keccak_strobe_s; /** Keccak STROBE structure as one-element array */ typedef keccak_strobe_s keccak_strobe_t[1]; /** STROBE parameters, 128-bit estimated security for hashing and encryption */ -extern const struct kparams_s STROBE_128 API_VIS; +extern const struct decaf_kparams_s STROBE_128 API_VIS; /** STROBE parameters, 256-bit estimated security for hashing and encryption */ -extern const struct kparams_s STROBE_256 API_VIS; +extern const struct decaf_kparams_s STROBE_256 API_VIS; /** STROBE parameters, 128-bit estimated security for encryption only (not hashing) */ -extern const struct kparams_s STROBE_KEYED_128 API_VIS; +extern const struct decaf_kparams_s STROBE_KEYED_128 API_VIS; /** STROBE parameters, 256-bit estimated security for encryption only (not hashing) */ -extern const struct kparams_s STROBE_KEYED_256 API_VIS; +extern const struct decaf_kparams_s STROBE_KEYED_256 API_VIS; /** Initialize Strobe protocol context. */ void strobe_init ( keccak_strobe_t strobe, /**< [out] The uninitialized strobe object. */ - const struct kparams_s *params, /**< [in] Parameter set descriptor. */ + const struct decaf_kparams_s *params, /**< [in] Parameter set descriptor. */ const char *proto, /**< [in] Unique identifier for the protocol. TODO: define namespaces for this */ uint8_t am_client /**< [in] Nonzero if this party. */ ) NONNULL API_VIS; @@ -158,7 +158,7 @@ static inline void NONNULL strobe_prng ( /** Respecify Strobe protocol object's crypto. */ void strobe_respec ( keccak_strobe_t strobe, /**< [inout] The initialized strobe context. */ - const struct kparams_s *params /**< [in] Strobe parameter descriptor. */ + const struct decaf_kparams_s *params /**< [in] Strobe parameter descriptor. */ ) NONNULL API_VIS; /** Securely destroy a STROBE object by overwriting it. */ @@ -329,7 +329,7 @@ void strobe_prng(keccak_strobe_t strobe, unsigned char *out, uint16_t len) { } void strobe_destroy (keccak_strobe_t doomed) { - sponge_destroy(doomed->sponge); + decaf_sponge_destroy(doomed->sponge); } /** @endcond */ /* internal */ diff --git a/src/public_include/decaf/strobe.hxx b/src/public_include/decaf/strobe.hxx index a09954b..2bfa8eb 100644 --- a/src/public_include/decaf/strobe.hxx +++ b/src/public_include/decaf/strobe.hxx @@ -53,7 +53,7 @@ public: inline Strobe ( const char *description, /**< Description of this protocol. */ client_or_server whoami, /**< Am I client or server? */ - const kparams_s ¶ms = STROBE_256 /**< Strength parameters */ + const decaf_kparams_s ¶ms = STROBE_256 /**< Strength parameters */ ) NOEXCEPT { strobe_init(wrapped, ¶ms, description, whoami == CLIENT); keyed = false; @@ -222,7 +222,7 @@ public: /** Change specs, perhaps to a faster spec that takes advantage of being keyed. * @warning Experimental. */ - inline void respec(const kparams_s ¶ms) throw(ProtocolException) { + inline void respec(const decaf_kparams_s ¶ms) throw(ProtocolException) { if (!keyed) throw(ProtocolException()); strobe_respec(wrapped, ¶ms); } diff --git a/src/sha512.c b/src/sha512.c index d036cfa..670ac90 100644 --- a/src/sha512.c +++ b/src/sha512.c @@ -64,7 +64,7 @@ static uint64_t load_bigendian(const uint8_t *x) b = a; \ a = T1 + T2; -static NOINLINE void hashblock(sha512_ctx_t ctx) { +static NOINLINE void hashblock(decaf_sha512_ctx_t ctx) { const uint8_t *in = ctx->block; uint64_t a = ctx->state[0]; uint64_t b = ctx->state[1]; @@ -197,7 +197,7 @@ static NOINLINE void hashblock(sha512_ctx_t ctx) { ctx->state[7] += h; } -void sha512_init(sha512_ctx_t ctx) { +void decaf_sha512_init(decaf_sha512_ctx_t ctx) { static const uint64_t iv[8] = { 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, @@ -210,16 +210,16 @@ void sha512_init(sha512_ctx_t ctx) { }; memcpy(ctx->state,iv,sizeof(iv)); memset(ctx->block,0,sizeof(ctx->block)); - ctx->bytesProcessed = 0; + ctx->bytes_processed = 0; } -void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) { +void decaf_sha512_update(decaf_sha512_ctx_t ctx, const uint8_t *message, size_t length) { while (length > 0) { - size_t grab = length, off = ctx->bytesProcessed % 128; + size_t grab = length, off = ctx->bytes_processed % 128; if (grab > 128-off) grab = 128-off; memcpy(&ctx->block[off], message, grab); - ctx->bytesProcessed += grab; + ctx->bytes_processed += grab; length -= grab; message += grab; @@ -229,10 +229,10 @@ void sha512_update(sha512_ctx_t ctx, const uint8_t *message, size_t length) { } } -void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) { +void decaf_sha512_final(decaf_sha512_ctx_t ctx, uint8_t *out, size_t length) { assert(length <= 512/8); - size_t off = ctx->bytesProcessed % 128, bp = ctx->bytesProcessed * 8; + size_t off = ctx->bytes_processed % 128, bp = ctx->bytes_processed * 8; ctx->block[off] = 0x80; memset(&ctx->block[off+1], 0, 128-off-1); @@ -249,5 +249,5 @@ void sha512_final(sha512_ctx_t ctx, uint8_t *out, size_t length) { out[i] = ctx->state[i/8] >> (56 - 8*(i%8)); } - sha512_init(ctx); + decaf_sha512_init(ctx); } diff --git a/src/shake.c b/src/shake.c index 17a318e..84c5640 100644 --- a/src/shake.c +++ b/src/shake.c @@ -51,19 +51,19 @@ # error platform not supported #endif -/* The internal, non-opaque definition of the sponge struct. */ +/* The internal, non-opaque definition of the decaf_sponge struct. */ typedef union { uint64_t w[25]; uint8_t b[25*8]; } kdomain_t[1]; -typedef struct kparams_s { - uint8_t position, flags, rate, startRound, pad, ratePad, maxOut, client; /* client = maxOutRemaining for sha3 */ -} kparams_t[1]; +typedef struct decaf_kparams_s { + uint8_t position, flags, rate, start_round, pad, rate_pad, max_out, client; /* client = max_outRemaining for decaf_sha3 */ +} decaf_kparams_t[1]; -typedef struct keccak_sponge_s { +typedef struct decaf_keccak_sponge_s { kdomain_t state; - kparams_t params; -} keccak_sponge_s, keccak_sponge_t[1]; + decaf_kparams_t params; +} decaf_keccak_sponge_s, decaf_keccak_sponge_t[1]; #define INTERNAL_SPONGE_STRUCT 1 #include @@ -106,14 +106,14 @@ static inline uint64_t rol(uint64_t x, int s) { /*** The Keccak-f[1600] permutation ***/ static void __attribute__((noinline)) -keccakf(kdomain_t state, uint8_t startRound) { +keccakf(kdomain_t state, uint8_t start_round) { uint64_t* a = state->w; uint64_t b[5] = {0}, t, u; uint8_t x, y, i; for (i=0; i<25; i++) a[i] = le64toh(a[i]); - for (i = startRound; i < 24; i++) { + for (i = start_round; i < 24; i++) { FOR51(x, b[x] = 0; ) FOR55(y, FOR51(x, b[x] ^= a[x + y]; )) FOR55(y, FOR51(x, @@ -135,57 +135,57 @@ keccakf(kdomain_t state, uint8_t startRound) { for (i=0; i<25; i++) a[i] = htole64(a[i]); } -static inline void dokeccak (keccak_sponge_t sponge) { - keccakf(sponge->state, sponge->params->startRound); - sponge->params->position = 0; +static inline void dokeccak (decaf_keccak_sponge_t decaf_sponge) { + keccakf(decaf_sponge->state, decaf_sponge->params->start_round); + decaf_sponge->params->position = 0; } -void sha3_update ( - struct keccak_sponge_s * __restrict__ sponge, +void decaf_sha3_update ( + struct decaf_keccak_sponge_s * __restrict__ decaf_sponge, const uint8_t *in, size_t len ) { if (!len) return; - assert(sponge->params->position < sponge->params->rate); - assert(sponge->params->rate < sizeof(sponge->state)); - assert(sponge->params->flags == FLAG_ABSORBING); + assert(decaf_sponge->params->position < decaf_sponge->params->rate); + assert(decaf_sponge->params->rate < sizeof(decaf_sponge->state)); + assert(decaf_sponge->params->flags == FLAG_ABSORBING); while (len) { - size_t cando = sponge->params->rate - sponge->params->position, i; - uint8_t* state = &sponge->state->b[sponge->params->position]; + size_t cando = decaf_sponge->params->rate - decaf_sponge->params->position, i; + uint8_t* state = &decaf_sponge->state->b[decaf_sponge->params->position]; if (cando > len) { for (i = 0; i < len; i += 1) state[i] ^= in[i]; - sponge->params->position += len; + decaf_sponge->params->position += len; return; } else { for (i = 0; i < cando; i += 1) state[i] ^= in[i]; - dokeccak(sponge); + dokeccak(decaf_sponge); len -= cando; in += cando; } } } -void sha3_output ( - keccak_sponge_t sponge, +void decaf_sha3_output ( + decaf_keccak_sponge_t decaf_sponge, uint8_t * __restrict__ out, size_t len ) { - assert(sponge->params->position < sponge->params->rate); - assert(sponge->params->rate < sizeof(sponge->state)); + assert(decaf_sponge->params->position < decaf_sponge->params->rate); + assert(decaf_sponge->params->rate < sizeof(decaf_sponge->state)); - if (sponge->params->maxOut != 0xFF) { - assert(sponge->params->client >= len); - sponge->params->client -= len; + if (decaf_sponge->params->max_out != 0xFF) { + assert(decaf_sponge->params->client >= len); + decaf_sponge->params->client -= len; } - switch (sponge->params->flags) { + switch (decaf_sponge->params->flags) { case FLAG_SQUEEZING: break; case FLAG_ABSORBING: { - uint8_t* state = sponge->state->b; - state[sponge->params->position] ^= sponge->params->pad; - state[sponge->params->rate - 1] ^= sponge->params->ratePad; - dokeccak(sponge); + uint8_t* state = decaf_sponge->state->b; + state[decaf_sponge->params->position] ^= decaf_sponge->params->pad; + state[decaf_sponge->params->rate - 1] ^= decaf_sponge->params->rate_pad; + dokeccak(decaf_sponge); break; } default: @@ -193,82 +193,82 @@ void sha3_output ( } while (len) { - size_t cando = sponge->params->rate - sponge->params->position; - uint8_t* state = &sponge->state->b[sponge->params->position]; + size_t cando = decaf_sponge->params->rate - decaf_sponge->params->position; + uint8_t* state = &decaf_sponge->state->b[decaf_sponge->params->position]; if (cando > len) { memcpy(out, state, len); - sponge->params->position += len; + decaf_sponge->params->position += len; return; } else { memcpy(out, state, cando); - dokeccak(sponge); + dokeccak(decaf_sponge); len -= cando; out += cando; } } } -void sha3_final ( - keccak_sponge_t sponge, +void decaf_sha3_final ( + decaf_keccak_sponge_t decaf_sponge, uint8_t * __restrict__ out, size_t len ) { - sha3_output(sponge,out,len); - sha3_reset(sponge); + decaf_sha3_output(decaf_sponge,out,len); + decaf_sha3_reset(decaf_sponge); } -void sha3_reset ( - keccak_sponge_t sponge +void decaf_sha3_reset ( + decaf_keccak_sponge_t decaf_sponge ) { - sponge_init(sponge, sponge->params); - sponge->params->client = sponge->params->maxOut; + decaf_sponge_init(decaf_sponge, decaf_sponge->params); + decaf_sponge->params->client = decaf_sponge->params->max_out; } -void sponge_destroy (keccak_sponge_t sponge) { decaf_bzero(sponge, sizeof(keccak_sponge_t)); } +void decaf_sponge_destroy (decaf_keccak_sponge_t decaf_sponge) { decaf_bzero(decaf_sponge, sizeof(decaf_keccak_sponge_t)); } -void sponge_init ( - keccak_sponge_t sponge, - const struct kparams_s *params +void decaf_sponge_init ( + decaf_keccak_sponge_t decaf_sponge, + const struct decaf_kparams_s *params ) { - memset(sponge->state, 0, sizeof(sponge->state)); - sponge->params[0] = params[0]; - sponge->params->position = 0; + memset(decaf_sponge->state, 0, sizeof(decaf_sponge->state)); + decaf_sponge->params[0] = params[0]; + decaf_sponge->params->position = 0; } -void sponge_hash ( +void decaf_sponge_hash ( const uint8_t *in, size_t inlen, uint8_t *out, size_t outlen, - const struct kparams_s *params + const struct decaf_kparams_s *params ) { - keccak_sponge_t sponge; - sponge_init(sponge, params); - sha3_update(sponge, in, inlen); - sha3_output(sponge, out, outlen); - sponge_destroy(sponge); + decaf_keccak_sponge_t decaf_sponge; + decaf_sponge_init(decaf_sponge, params); + decaf_sha3_update(decaf_sponge, in, inlen); + decaf_sha3_output(decaf_sponge, out, outlen); + decaf_sponge_destroy(decaf_sponge); } #define DEFSHAKE(n) \ - const struct kparams_s SHAKE##n##_params_s = \ + const struct decaf_kparams_s DECAF_SHAKE##n##_params_s = \ { 0, FLAG_ABSORBING, 200-n/4, 0, 0x1f, 0x80, 0xFF, 0xFF }; #define DEFSHA3(n) \ - const struct kparams_s SHA3_##n##_params_s = \ + const struct decaf_kparams_s DECAF_SHA3_##n##_params_s = \ { 0, FLAG_ABSORBING, 200-n/4, 0, 0x06, 0x80, n/8, n/8 }; -size_t sponge_default_output_bytes ( - const keccak_sponge_t s +size_t decaf_sponge_default_output_bytes ( + const decaf_keccak_sponge_t s ) { - return (s->params->maxOut == 0xFF) + return (s->params->max_out == 0xFF) ? (200-s->params->rate) : ((200-s->params->rate)/2); } -size_t sponge_max_output_bytes ( - const keccak_sponge_t s +size_t decaf_sponge_max_output_bytes ( + const decaf_keccak_sponge_t s ) { - return (s->params->maxOut == 0xFF) + return (s->params->max_out == 0xFF) ? SIZE_MAX : ((200-s->params->rate)/2); } @@ -318,55 +318,55 @@ static void get_cpu_entropy(uint8_t *entropy, size_t len) { #endif } -static const char *SPONGERNG_NAME = "strobe::spongerng"; /* TODO: canonicalize name */ +static const char *SPONGERNG_NAME = "strobe::decaf_spongerng"; /* TODO: canonicalize name */ -void spongerng_next ( - keccak_prng_t prng, +void decaf_spongerng_next ( + decaf_keccak_prng_t prng, uint8_t * __restrict__ out, size_t len ) { - keccak_sponge_s *sponge = prng->sponge; - if (sponge->params->client) { + decaf_keccak_sponge_s *decaf_sponge = prng->sponge; + if (decaf_sponge->params->client) { /* nondet */ uint8_t cpu_entropy[32]; get_cpu_entropy(cpu_entropy, sizeof(cpu_entropy)); - strobe_transact((keccak_strobe_s*)sponge,NULL,cpu_entropy,sizeof(cpu_entropy),STROBE_CW_PRNG_CPU_SEED); + strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,cpu_entropy,sizeof(cpu_entropy),STROBE_CW_PRNG_CPU_SEED); } - strobe_transact((keccak_strobe_s*)sponge,out,NULL,len,STROBE_CW_PRNG); + strobe_transact((keccak_strobe_s*)decaf_sponge,out,NULL,len,STROBE_CW_PRNG); } -void spongerng_stir ( - keccak_prng_t sponge, +void decaf_spongerng_stir ( + decaf_keccak_prng_t decaf_sponge, const uint8_t * __restrict__ in, size_t len ) { - strobe_transact((keccak_strobe_s*)sponge,NULL,in,len,STROBE_CW_PRNG_USER_SEED); + strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,in,len,STROBE_CW_PRNG_USER_SEED); } -static const struct kparams_s spongerng_params = { +static const struct decaf_kparams_s decaf_spongerng_params = { 0, 0, 200-256/4, 0, 0x06, 0x80, 0xFF, 0 }; -void spongerng_init_from_buffer ( - keccak_prng_t prng, +void decaf_spongerng_init_from_buffer ( + decaf_keccak_prng_t prng, const uint8_t * __restrict__ in, size_t len, int deterministic ) { - keccak_sponge_s *sponge = prng->sponge; - strobe_init((keccak_strobe_s*)sponge, &spongerng_params, SPONGERNG_NAME, !deterministic); - spongerng_stir(prng, in, len); + decaf_keccak_sponge_s *decaf_sponge = prng->sponge; + strobe_init((keccak_strobe_s*)decaf_sponge, &decaf_spongerng_params, SPONGERNG_NAME, !deterministic); + decaf_spongerng_stir(prng, in, len); } -decaf_error_t spongerng_init_from_file ( - keccak_prng_t prng, +decaf_error_t decaf_spongerng_init_from_file ( + decaf_keccak_prng_t prng, const char *file, size_t len, int deterministic ) { - keccak_sponge_s *sponge = prng->sponge; - strobe_init((keccak_strobe_s*)sponge, &spongerng_params, SPONGERNG_NAME, !deterministic); + decaf_keccak_sponge_s *decaf_sponge = prng->sponge; + strobe_init((keccak_strobe_s*)decaf_sponge, &decaf_spongerng_params, SPONGERNG_NAME, !deterministic); if (!len) return DECAF_FAILURE; int fd = open(file, O_RDONLY); @@ -380,7 +380,7 @@ decaf_error_t spongerng_init_from_file ( close(fd); return DECAF_FAILURE; } - strobe_transact((keccak_strobe_s*)sponge,NULL,buffer,red, + strobe_transact((keccak_strobe_s*)decaf_sponge,NULL,buffer,red, first ? STROBE_CW_PRNG_USER_SEED : (STROBE_CW_PRNG_USER_SEED | STROBE_FLAG_MORE)); len -= red; first = 0; @@ -390,39 +390,39 @@ decaf_error_t spongerng_init_from_file ( return DECAF_SUCCESS; } -decaf_error_t spongerng_init_from_dev_urandom ( - keccak_prng_t sponge +decaf_error_t decaf_spongerng_init_from_dev_urandom ( + decaf_keccak_prng_t decaf_sponge ) { - return spongerng_init_from_file(sponge, "/dev/urandom", 64, 0); + return decaf_spongerng_init_from_file(decaf_sponge, "/dev/urandom", 64, 0); } -const struct kparams_s STROBE_128 = { 0, 0, 200-128/4, 0, 0, 0, 0, 0 }; -const struct kparams_s STROBE_256 = { 0, 0, 200-256/4, 0, 0, 0, 0, 0 }; -const struct kparams_s STROBE_KEYED_256 = { 0, 0, 200-256/4, 12, 0, 0, 0, 0 }; -const struct kparams_s STROBE_KEYED_128 = { 0, 0, 200-128/4, 12, 0, 0, 0, 0 }; +const struct decaf_kparams_s STROBE_128 = { 0, 0, 200-128/4, 0, 0, 0, 0, 0 }; +const struct decaf_kparams_s STROBE_256 = { 0, 0, 200-256/4, 0, 0, 0, 0, 0 }; +const struct decaf_kparams_s STROBE_KEYED_256 = { 0, 0, 200-256/4, 12, 0, 0, 0, 0 }; +const struct decaf_kparams_s STROBE_KEYED_128 = { 0, 0, 200-128/4, 12, 0, 0, 0, 0 }; /* Strobe is different in that its rate is padded by one byte. */ void strobe_init( keccak_strobe_t strobe, - const struct kparams_s *params, + const struct decaf_kparams_s *params, const char *proto, uint8_t am_client ) { - keccak_sponge_s *sponge = strobe->sponge; - sponge_init(sponge,params); + decaf_keccak_sponge_s *decaf_sponge = strobe->sponge; + decaf_sponge_init(decaf_sponge,params); const char *a_string = "STROBE full v0.2"; unsigned len = strlen(a_string); memcpy ( - &sponge->state->b[sizeof(sponge->state)-len], + &decaf_sponge->state->b[sizeof(decaf_sponge->state)-len], a_string, len ); strobe_transact(strobe, NULL, (const unsigned char *)proto, strlen(proto), STROBE_CW_INIT); - sponge->state->b[sponge->params->rate+1] = 1; - sponge->params->client = !!am_client; + decaf_sponge->state->b[decaf_sponge->params->rate+1] = 1; + decaf_sponge->params->client = !!am_client; } static const uint8_t EXCEEDED_RATE_PAD = 0x2; @@ -433,17 +433,17 @@ static __inline__ uint8_t CONTROL_WORD_PAD(int cw_size) { /* PERF vectorize */ static void strobe_duplex ( - struct keccak_sponge_s *__restrict__ sponge, + struct decaf_keccak_sponge_s *__restrict__ decaf_sponge, unsigned char *out, const unsigned char *in, size_t len, mode_t mode ) { - unsigned int j, r = sponge->params->rate, p = sponge->params->position; - uint8_t* __restrict__ state = &sponge->state->b[0]; + unsigned int j, r = decaf_sponge->params->rate, p = decaf_sponge->params->position; + uint8_t* __restrict__ state = &decaf_sponge->state->b[0]; /* sanity */ - assert(r < sizeof(sponge->state) && r >= p); + assert(r < sizeof(decaf_sponge->state) && r >= p); switch (mode) { case STROBE_MODE_PLAINTEXT: assert(in || len==0); @@ -533,11 +533,11 @@ static void strobe_duplex ( }; if (last) { - sponge->params->position = p+len; + decaf_sponge->params->position = p+len; return; } else { state[r] ^= EXCEEDED_RATE_PAD; - keccakf(sponge->state, sponge->params->startRound); + keccakf(decaf_sponge->state, decaf_sponge->params->start_round); len -= cando; p = 0; } @@ -559,10 +559,10 @@ void strobe_transact ( size_t len, uint32_t cw_flags ) { - keccak_sponge_s *sponge = strobe->sponge; + decaf_keccak_sponge_s *decaf_sponge = strobe->sponge; if ( (cw_flags & STROBE_FLAG_NONDIR) == 0 /* extraneous nots to change ints to bools :-/ */ - && !(cw_flags & STROBE_FLAG_RECV) != !(sponge->params->client) ) { + && !(cw_flags & STROBE_FLAG_RECV) != !(decaf_sponge->params->client) ) { cw_flags ^= STROBE_FLAG_CLIENT_SENT; } @@ -588,30 +588,30 @@ void strobe_transact ( my_len>>48, my_len>>56 }; - strobe_duplex(sponge, NULL, cwb, len_cw, STROBE_MODE_ABSORB_R); - if ((cw_flags & STROBE_FLAG_RUN_F) || (sponge->params->flags & FLAG_NOPARSE)) { - sponge->state->b[sponge->params->position] ^= CONTROL_WORD_PAD(len_cw); - dokeccak(sponge); + strobe_duplex(decaf_sponge, NULL, cwb, len_cw, STROBE_MODE_ABSORB_R); + if ((cw_flags & STROBE_FLAG_RUN_F) || (decaf_sponge->params->flags & FLAG_NOPARSE)) { + decaf_sponge->state->b[decaf_sponge->params->position] ^= CONTROL_WORD_PAD(len_cw); + dokeccak(decaf_sponge); } - sponge->params->flags &= ~FLAG_NOPARSE; + decaf_sponge->params->flags &= ~FLAG_NOPARSE; if (cw_flags & STROBE_FLAG_NO_LENGTH) { - sponge->params->flags |= FLAG_NOPARSE; + decaf_sponge->params->flags |= FLAG_NOPARSE; } } - strobe_duplex(sponge, out, in, len, get_mode(cw_flags)); + strobe_duplex(decaf_sponge, out, in, len, get_mode(cw_flags)); if (cw_flags & STROBE_FLAG_FORGET) { - uint32_t len = sponge->params->rate - sponge->params->position; - if (len < STROBE_FORGET_BYTES + len_cw) len += sponge->params->rate; + uint32_t len = decaf_sponge->params->rate - decaf_sponge->params->position; + if (len < STROBE_FORGET_BYTES + len_cw) len += decaf_sponge->params->rate; len -= len_cw; /* HACK */ if (cw_flags & STROBE_FLAG_NO_LENGTH) len = 2*STROBE_FORGET_BYTES; assert(!(cw_flags & STROBE_FLAG_MORE)); strobe_duplex( - sponge, NULL, NULL, len, + decaf_sponge, NULL, NULL, len, STROBE_MODE_FORGET ); } @@ -622,14 +622,14 @@ decaf_error_t strobe_verify_auth ( const unsigned char *in, uint16_t len ) { - keccak_sponge_s *sponge = strobe->sponge; - if (len > sponge->params->rate) return DECAF_FAILURE; + decaf_keccak_sponge_s *decaf_sponge = strobe->sponge; + if (len > decaf_sponge->params->rate) return DECAF_FAILURE; strobe_transact(strobe, NULL, in, len, strobe_cw_recv(STROBE_CW_MAC)); int32_t residue = 0; int i; for (i=0; istate->b[i]; + residue |= decaf_sponge->state->b[i]; } return decaf_succeed_if((residue-1)>>8); @@ -637,15 +637,15 @@ decaf_error_t strobe_verify_auth ( void strobe_respec ( keccak_strobe_t strobe, - const struct kparams_s *params + const struct decaf_kparams_s *params ) { - keccak_sponge_s *sponge = strobe->sponge; - uint8_t in[] = { params->rate, params->startRound }; + decaf_keccak_sponge_s *decaf_sponge = strobe->sponge; + uint8_t in[] = { params->rate, params->start_round }; strobe_transact( strobe, NULL, in, sizeof(in), STROBE_CW_RESPEC_INFO ); strobe_transact( strobe, NULL, NULL, 0, STROBE_CW_RESPEC ); - assert(sponge->params->position == 0); - sponge->params->rate = params->rate; - sponge->params->startRound = params->startRound; + assert(decaf_sponge->params->position == 0); + decaf_sponge->params->rate = params->rate; + decaf_sponge->params->start_round = params->start_round; } /* FUTURE: Keyak instances, etc */ diff --git a/test/bench_decaf.cxx b/test/bench_decaf.cxx index f01e073..c1666ee 100644 --- a/test/bench_decaf.cxx +++ b/test/bench_decaf.cxx @@ -335,7 +335,7 @@ static void macro() { } for (Benchmark b("SharedSecret",1); b.iter(); ) { - ss = s1.sharedSecret(p2,32,true); + ss = s1.shared_secret(p2,32,true); } printf("\nProtocol benchmarks:\n"); diff --git a/test/shakesum.c b/test/shakesum.c index 4c856b8..efb24b2 100644 --- a/test/shakesum.c +++ b/test/shakesum.c @@ -1,6 +1,6 @@ /** * @cond internal - * @file shakesum.c + * @file decaf_shakesum.c * @copyright * Copyright (c) 2015 Cryptography Research, Inc. \n * Released under the MIT License. See LICENSE.txt for license information. @@ -17,19 +17,19 @@ static void usage() { fprintf( stderr, - "shakesum [shake256|shake128|sha3-224|sha3-384|sha3-512|sha512] < infile > outfile\n" + "decaf_shakesum [shake256|shake128|sha3-224|sha3-384|sha3-512|sha512] < infile > outfile\n" ); } int main(int argc, char **argv) { (void)argc; (void)argv; - keccak_sponge_t sponge; - sha512_ctx_t sha512; + decaf_keccak_sponge_t sponge; + decaf_sha512_ctx_t decaf_sha512; unsigned char buf[1024]; unsigned int outlen = 512; - shake256_gen_init(sponge); + decaf_shake256_gen_init(sponge); int use_sha512 = 0; @@ -37,26 +37,26 @@ int main(int argc, char **argv) { if (argc > 1) { if (!strcmp(argv[1], "shake256") || !strcmp(argv[1], "SHAKE256")) { outlen = 512; - shake256_gen_init(sponge); + decaf_shake256_gen_init(sponge); } else if (!strcmp(argv[1], "shake128") || !strcmp(argv[1], "SHAKE128")) { outlen = 512; - shake128_gen_init(sponge); + decaf_shake128_gen_init(sponge); } else if (!strcmp(argv[1], "sha3-224") || !strcmp(argv[1], "SHA3-224")) { outlen = 224/8; - sha3_224_gen_init(sponge); + decaf_sha3_224_gen_init(sponge); } else if (!strcmp(argv[1], "sha3-256") || !strcmp(argv[1], "SHA3-256")) { outlen = 256/8; - sha3_256_gen_init(sponge); + decaf_sha3_256_gen_init(sponge); } else if (!strcmp(argv[1], "sha3-384") || !strcmp(argv[1], "SHA3-384")) { outlen = 384/8; - sha3_384_gen_init(sponge); + decaf_sha3_384_gen_init(sponge); } else if (!strcmp(argv[1], "sha3-512") || !strcmp(argv[1], "SHA3-512")) { outlen = 512/8; - sha3_512_gen_init(sponge); + decaf_sha3_512_gen_init(sponge); } else if (!strcmp(argv[1], "sha512") || !strcmp(argv[1], "SHA512")) { outlen = 512/8; use_sha512 = 1; - sha512_init(sha512); + decaf_sha512_init(decaf_sha512); } else { usage(); return 2; @@ -67,17 +67,17 @@ int main(int argc, char **argv) { do { red = read(0, buf, sizeof(buf)); if (red>0) { - if (use_sha512) sha512_update(sha512,buf,red); - else sha3_update(sponge,buf,red); + if (use_sha512) decaf_sha512_update(decaf_sha512,buf,red); + else decaf_sha3_update(sponge,buf,red); } } while (red>0); if (use_sha512) { - sha512_final(sha512,buf,outlen); - sha512_destroy(sha512); + decaf_sha512_final(decaf_sha512,buf,outlen); + decaf_sha512_destroy(decaf_sha512); } else { - sha3_output(sponge,buf,outlen); - sponge_destroy(sponge); + decaf_sha3_output(sponge,buf,outlen); + decaf_sponge_destroy(sponge); } unsigned i; for (i=0; i sk2(defrng); - (void)sk1.sharedSecretNoexcept(shared,sk2.pub(),i&1); + (void)sk1.shared_secretNoexcept(shared,sk2.pub(),i&1); #else PrivateKey sk3(rng); - (void)sk1.sharedSecretNoexcept(shared,sk3.pub(),i&1); + (void)sk1.shared_secretNoexcept(shared,sk3.pub(),i&1); #endif } } diff --git a/test/test_decaf.cxx b/test/test_decaf.cxx index bad8bde..1ac8568 100644 --- a/test/test_decaf.cxx +++ b/test/test_decaf.cxx @@ -421,8 +421,8 @@ static void test_crypto() { pub1.verify(message, sig); - SecureBuffer s1(priv1.sharedSecret(pub2,32,true)); - SecureBuffer s2(priv2.sharedSecret(pub1,32,false)); + SecureBuffer s1(priv1.shared_secret(pub2,32,true)); + SecureBuffer s2(priv2.shared_secret(pub1,32,false)); if (!memeq(s1,s2)) { test.fail(); printf(" Shared secrets disagree on iteration %d.\n",i);