@@ -122,11 +122,11 @@ void | |||||
decaf_255_sign_shake ( | decaf_255_sign_shake ( | ||||
decaf_255_signature_t sig, | decaf_255_signature_t sig, | ||||
const decaf_255_private_key_t priv, | const decaf_255_private_key_t priv, | ||||
const keccak_sponge_t shake | |||||
const shake256_ctx_t shake | |||||
) NONNULL3 API_VIS; | ) NONNULL3 API_VIS; | ||||
/** | /** | ||||
* @brief Sign a message from its SHAKE context. | |||||
* @brief Sign a message. | |||||
* | * | ||||
* @param [out] sig The signature. | * @param [out] sig The signature. | ||||
* @param [in] priv Your private key. | * @param [in] priv Your private key. | ||||
@@ -152,7 +152,7 @@ decaf_bool_t | |||||
decaf_255_verify_shake ( | decaf_255_verify_shake ( | ||||
const decaf_255_signature_t sig, | const decaf_255_signature_t sig, | ||||
const decaf_255_public_key_t pub, | const decaf_255_public_key_t pub, | ||||
const keccak_sponge_t shake | |||||
const shake256_ctx_t shake | |||||
) NONNULL3 API_VIS WARN_UNUSED; | ) NONNULL3 API_VIS WARN_UNUSED; | ||||
/** | /** | ||||
@@ -26,7 +26,6 @@ | |||||
#define NONNULL3 __attribute__((nonnull(1,2,3))) | #define NONNULL3 __attribute__((nonnull(1,2,3))) | ||||
/** @endcond */ | /** @endcond */ | ||||
/* TODO: different containing structs for each primitive? */ | |||||
#ifndef INTERNAL_SPONGE_STRUCT | #ifndef INTERNAL_SPONGE_STRUCT | ||||
/** Sponge container object for the various primitives. */ | /** Sponge container object for the various primitives. */ | ||||
typedef struct keccak_sponge_s { | typedef struct keccak_sponge_s { | ||||
@@ -119,40 +118,48 @@ void sponge_hash ( | |||||
/** @cond internal */ | /** @cond internal */ | ||||
#define DECSHAKE(n) \ | #define DECSHAKE(n) \ | ||||
extern const struct kparams_s SHAKE##n##_params_s API_VIS; \ | extern const struct kparams_s SHAKE##n##_params_s API_VIS; \ | ||||
static inline void NONNULL1 shake##n##_init(keccak_sponge_t sponge) { \ | |||||
typedef struct shake##n##_ctx_s { keccak_sponge_t s; } shake##n##_ctx_t[1]; \ | |||||
static inline void NONNULL1 shake##n##_init(shake##n##_ctx_t sponge) { \ | |||||
sponge_init(sponge->s, &SHAKE##n##_params_s); \ | |||||
} \ | |||||
static inline void NONNULL1 shake##n##_gen_init(keccak_sponge_t sponge) { \ | |||||
sponge_init(sponge, &SHAKE##n##_params_s); \ | sponge_init(sponge, &SHAKE##n##_params_s); \ | ||||
} \ | } \ | ||||
static inline void NONNULL2 shake##n##_update(keccak_sponge_t sponge, const uint8_t *in, size_t inlen ) { \ | |||||
sha3_update(sponge, in, inlen); \ | |||||
static inline void NONNULL2 shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ | |||||
sha3_update(sponge->s, in, inlen); \ | |||||
} \ | } \ | ||||
static inline void NONNULL2 shake##n##_final(keccak_sponge_t sponge, uint8_t *out, size_t outlen ) { \ | |||||
sha3_output(sponge, out, outlen); \ | |||||
sponge_init(sponge, &SHAKE##n##_params_s); \ | |||||
static inline void NONNULL2 shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ | |||||
sha3_output(sponge->s, out, outlen); \ | |||||
sponge_init(sponge->s, &SHAKE##n##_params_s); \ | |||||
} \ | } \ | ||||
static inline void NONNULL13 shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ | static inline void NONNULL13 shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ | ||||
sponge_hash(in,inlen,out,outlen,&SHAKE##n##_params_s); \ | sponge_hash(in,inlen,out,outlen,&SHAKE##n##_params_s); \ | ||||
} \ | } \ | ||||
static inline void NONNULL1 shake##n##_destroy( keccak_sponge_t sponge ) { \ | |||||
sponge_destroy(sponge); \ | |||||
static inline void NONNULL1 shake##n##_destroy( shake##n##_ctx_t sponge ) { \ | |||||
sponge_destroy(sponge->s); \ | |||||
} | } | ||||
#define DECSHA3(n) \ | #define DECSHA3(n) \ | ||||
extern const struct kparams_s SHA3_##n##_params_s API_VIS; \ | extern const struct kparams_s SHA3_##n##_params_s API_VIS; \ | ||||
static inline void NONNULL1 sha3_##n##_init(keccak_sponge_t sponge) { \ | |||||
typedef struct sha3_##n##_ctx_s { keccak_sponge_t s; } sha3_##n##_ctx_t[1]; \ | |||||
static inline void NONNULL1 sha3_##n##_init(sha3_##n##_ctx_t sponge) { \ | |||||
sponge_init(sponge->s, &SHA3_##n##_params_s); \ | |||||
} \ | |||||
static inline void NONNULL1 sha3_##n##_gen_init(keccak_sponge_t sponge) { \ | |||||
sponge_init(sponge, &SHA3_##n##_params_s); \ | sponge_init(sponge, &SHA3_##n##_params_s); \ | ||||
} \ | } \ | ||||
static inline void NONNULL2 sha3_##n##_update(keccak_sponge_t sponge, const uint8_t *in, size_t inlen ) { \ | |||||
sha3_update(sponge, in, inlen); \ | |||||
static inline void NONNULL2 sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ | |||||
sha3_update(sponge->s, in, inlen); \ | |||||
} \ | } \ | ||||
static inline void NONNULL2 sha3_##n##_final(keccak_sponge_t sponge, uint8_t *out, size_t outlen ) { \ | |||||
sha3_output(sponge, out, outlen); \ | |||||
sponge_init(sponge, &SHA3_##n##_params_s); \ | |||||
static inline void NONNULL2 sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ | |||||
sha3_output(sponge->s, out, outlen); \ | |||||
sponge_init(sponge->s, &SHA3_##n##_params_s); \ | |||||
} \ | } \ | ||||
static inline void NONNULL13 sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ | static inline void NONNULL13 sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ | ||||
sponge_hash(in,inlen,out,outlen,&SHA3_##n##_params_s); \ | sponge_hash(in,inlen,out,outlen,&SHA3_##n##_params_s); \ | ||||
} \ | } \ | ||||
static inline void NONNULL1 sha3_##n##_destroy( keccak_sponge_t sponge ) { \ | |||||
sponge_destroy(sponge); \ | |||||
static inline void NONNULL1 sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \ | |||||
sponge_destroy(sponge->s); \ | |||||
} | } | ||||
/** @endcond */ | /** @endcond */ | ||||
@@ -253,7 +260,6 @@ extern const struct kparams_s STROBE_256 API_VIS; | |||||
extern const struct kparams_s STROBE_KEYED_128 API_VIS; | extern const struct kparams_s STROBE_KEYED_128 API_VIS; | ||||
extern const struct kparams_s STROBE_KEYED_256 API_VIS; | extern const struct kparams_s STROBE_KEYED_256 API_VIS; | ||||
/** TODO: remove this restriction?? */ | |||||
#define STROBE_MAX_AUTH_BYTES 255 | #define STROBE_MAX_AUTH_BYTES 255 | ||||
/** TODO: check "more" flags? */ | /** TODO: check "more" flags? */ | ||||
@@ -81,7 +81,6 @@ const decaf_448_point_t decaf_448_point_base = {{ | |||||
struct decaf_448_precomputed_s { decaf_448_point_t p[1]; }; | struct decaf_448_precomputed_s { decaf_448_point_t p[1]; }; | ||||
/* FIXME: restore */ | |||||
const struct decaf_448_precomputed_s *decaf_448_precomputed_base = | const struct decaf_448_precomputed_s *decaf_448_precomputed_base = | ||||
(const struct decaf_448_precomputed_s *)decaf_448_point_base; | (const struct decaf_448_precomputed_s *)decaf_448_point_base; | ||||
@@ -21,7 +21,7 @@ void decaf_255_derive_private_key ( | |||||
uint8_t encoded_scalar[DECAF_255_SCALAR_OVERKILL_BYTES]; | uint8_t encoded_scalar[DECAF_255_SCALAR_OVERKILL_BYTES]; | ||||
decaf_255_point_t pub; | decaf_255_point_t pub; | ||||
keccak_sponge_t sponge; | |||||
shake256_ctx_t sponge; | |||||
shake256_init(sponge); | shake256_init(sponge); | ||||
shake256_update(sponge, proto, sizeof(decaf_255_symmetric_key_t)); | shake256_update(sponge, proto, sizeof(decaf_255_symmetric_key_t)); | ||||
shake256_update(sponge, (const unsigned char *)magic, strlen(magic)); | shake256_update(sponge, (const unsigned char *)magic, strlen(magic)); | ||||
@@ -77,7 +77,7 @@ decaf_255_shared_secret ( | |||||
} | } | ||||
less >>= 8; | less >>= 8; | ||||
keccak_sponge_t sponge; | |||||
shake256_ctx_t sponge; | |||||
shake256_init(sponge); | shake256_init(sponge); | ||||
/* update the lesser */ | /* update the lesser */ | ||||
@@ -117,7 +117,7 @@ void | |||||
decaf_255_sign_shake ( | decaf_255_sign_shake ( | ||||
decaf_255_signature_t sig, | decaf_255_signature_t sig, | ||||
const decaf_255_private_key_t priv, | const decaf_255_private_key_t priv, | ||||
const keccak_sponge_t shake | |||||
const shake256_ctx_t shake | |||||
) { | ) { | ||||
const char *magic = "decaf_255_sign_shake"; | const char *magic = "decaf_255_sign_shake"; | ||||
@@ -126,7 +126,7 @@ decaf_255_sign_shake ( | |||||
decaf_255_scalar_t nonce, challenge; | decaf_255_scalar_t nonce, challenge; | ||||
/* Derive nonce */ | /* Derive nonce */ | ||||
keccak_sponge_t ctx; | |||||
shake256_ctx_t ctx; | |||||
memcpy(ctx, shake, sizeof(ctx)); | memcpy(ctx, shake, sizeof(ctx)); | ||||
shake256_update(ctx, priv->sym, sizeof(priv->sym)); | shake256_update(ctx, priv->sym, sizeof(priv->sym)); | ||||
shake256_update(ctx, (const unsigned char *)magic, strlen(magic)); | shake256_update(ctx, (const unsigned char *)magic, strlen(magic)); | ||||
@@ -163,7 +163,7 @@ decaf_bool_t | |||||
decaf_255_verify_shake ( | decaf_255_verify_shake ( | ||||
const decaf_255_signature_t sig, | const decaf_255_signature_t sig, | ||||
const decaf_255_public_key_t pub, | const decaf_255_public_key_t pub, | ||||
const keccak_sponge_t shake | |||||
const shake256_ctx_t shake | |||||
) { | ) { | ||||
decaf_bool_t ret; | decaf_bool_t ret; | ||||
@@ -172,7 +172,7 @@ decaf_255_verify_shake ( | |||||
decaf_255_scalar_t challenge, response; | decaf_255_scalar_t challenge, response; | ||||
/* Derive challenge */ | /* Derive challenge */ | ||||
keccak_sponge_t ctx; | |||||
shake256_ctx_t ctx; | |||||
memcpy(ctx, shake, sizeof(ctx)); | memcpy(ctx, shake, sizeof(ctx)); | ||||
shake256_update(ctx, pub, sizeof(decaf_255_public_key_t)); | shake256_update(ctx, pub, sizeof(decaf_255_public_key_t)); | ||||
shake256_update(ctx, sig, DECAF_255_SER_BYTES); | shake256_update(ctx, sig, DECAF_255_SER_BYTES); | ||||
@@ -201,7 +201,7 @@ decaf_255_sign ( | |||||
const unsigned char *message, | const unsigned char *message, | ||||
size_t message_len | size_t message_len | ||||
) { | ) { | ||||
keccak_sponge_t ctx; | |||||
shake256_ctx_t ctx; | |||||
shake256_init(ctx); | shake256_init(ctx); | ||||
shake256_update(ctx, message, message_len); | shake256_update(ctx, message, message_len); | ||||
decaf_255_sign_shake(sig, priv, ctx); | decaf_255_sign_shake(sig, priv, ctx); | ||||
@@ -215,7 +215,7 @@ decaf_255_verify ( | |||||
const unsigned char *message, | const unsigned char *message, | ||||
size_t message_len | size_t message_len | ||||
) { | ) { | ||||
keccak_sponge_t ctx; | |||||
shake256_ctx_t ctx; | |||||
shake256_init(ctx); | shake256_init(ctx); | ||||
shake256_update(ctx, message, message_len); | shake256_update(ctx, message, message_len); | ||||
decaf_bool_t ret = decaf_255_verify_shake(sig, pub, ctx); | decaf_bool_t ret = decaf_255_verify_shake(sig, pub, ctx); | ||||
@@ -151,7 +151,8 @@ int main(int argc, char **argv) { | |||||
} | } | ||||
scalar_print("sc_r2", smadj); | scalar_print("sc_r2", smadj); | ||||
API_NS(scalar_sub)(smadj,API_NS(scalar_zero),API_NS(scalar_one)); /* HACK */ | |||||
API_NS(scalar_sub)(smadj,API_NS(scalar_zero),API_NS(scalar_one)); /* get p-1 */ | |||||
unsigned long long w = 1, plo = smadj->limb[0]+1; | unsigned long long w = 1, plo = smadj->limb[0]+1; | ||||
#if DECAF_WORD_BITS == 32 | #if DECAF_WORD_BITS == 32 | ||||
@@ -618,7 +618,7 @@ p448_mulw ( | |||||
vo[1] += vmovn_u64(accum); | vo[1] += vmovn_u64(accum); | ||||
} | } | ||||
/* TODO: vectorize? */ | |||||
/* PERF: vectorize? */ | |||||
void | void | ||||
p448_strong_reduce ( | p448_strong_reduce ( | ||||
p448_t *a | p448_t *a | ||||
@@ -7,10 +7,6 @@ | |||||
#include <stdint.h> | #include <stdint.h> | ||||
/* TODO: non x86-64 versions of these. | |||||
* FUTURE: autogenerate | |||||
*/ | |||||
static __inline__ __uint128_t widemul(const uint64_t *a, const uint64_t *b) { | static __inline__ __uint128_t widemul(const uint64_t *a, const uint64_t *b) { | ||||
#ifndef __BMI2__ | #ifndef __BMI2__ | ||||
uint64_t c,d; | uint64_t c,d; | ||||
@@ -669,11 +669,13 @@ decaf_bool_t strobe_prng ( | |||||
size_t len, | size_t len, | ||||
uint8_t more | uint8_t more | ||||
) { | ) { | ||||
/* FIXME: length?? */ | |||||
unsigned char control[] = { PRNG }; | |||||
unsigned char control[9] = { PRNG }; | |||||
int i; | |||||
for (i=0; i<8; i++) control[i+1] = len>>(8*i); | |||||
decaf_bool_t ret = strobe_control_word(sponge, control, sizeof(control), more); | decaf_bool_t ret = strobe_control_word(sponge, control, sizeof(control), more); | ||||
strobe_duplex(sponge, out, NULL, len); | strobe_duplex(sponge, out, NULL, len); | ||||
// /** TODO: orly? */ | |||||
// TODO: forget as follows? this breaks "more" | |||||
// unsigned char control2[] = { 0, STROBE_FORGET_BYTES, TAGFORGET }; | // unsigned char control2[] = { 0, STROBE_FORGET_BYTES, TAGFORGET }; | ||||
// ret &= strobe_control_word(sponge, control2, sizeof(control2)); | // ret &= strobe_control_word(sponge, control2, sizeof(control2)); | ||||
// strobe_forget(sponge, STROBE_FORGET_BYTES); | // strobe_forget(sponge, STROBE_FORGET_BYTES); | ||||
@@ -681,7 +683,6 @@ decaf_bool_t strobe_prng ( | |||||
return ret; | return ret; | ||||
} | } | ||||
/* TODO: remove reliance on decaf? */ | |||||
decaf_bool_t strobe_verify_auth ( | decaf_bool_t strobe_verify_auth ( | ||||
keccak_sponge_t sponge, | keccak_sponge_t sponge, | ||||
const unsigned char *in, | const unsigned char *in, | ||||
@@ -720,4 +721,4 @@ decaf_bool_t strobe_respec ( | |||||
return ret; | return ret; | ||||
} | } | ||||
/* TODO: Keyak instances, etc */ | |||||
/* FUTURE: Keyak instances, etc */ |
@@ -20,28 +20,28 @@ int main(int argc, char **argv) { | |||||
unsigned char buf[1024]; | unsigned char buf[1024]; | ||||
unsigned int outlen = 512; | unsigned int outlen = 512; | ||||
shake256_init(sponge); | |||||
shake256_gen_init(sponge); | |||||
/* Sloppy. Real utility would parse --algo, --size ... */ | /* Sloppy. Real utility would parse --algo, --size ... */ | ||||
if (argc > 1) { | if (argc > 1) { | ||||
if (!strcmp(argv[1], "shake256") || !strcmp(argv[1], "SHAKE256")) { | if (!strcmp(argv[1], "shake256") || !strcmp(argv[1], "SHAKE256")) { | ||||
outlen = 512; | outlen = 512; | ||||
shake256_init(sponge); | |||||
shake256_gen_init(sponge); | |||||
} else if (!strcmp(argv[1], "shake128") || !strcmp(argv[1], "SHAKE128")) { | } else if (!strcmp(argv[1], "shake128") || !strcmp(argv[1], "SHAKE128")) { | ||||
outlen = 512; | outlen = 512; | ||||
shake128_init(sponge); | |||||
shake128_gen_init(sponge); | |||||
} else if (!strcmp(argv[1], "sha3-224") || !strcmp(argv[1], "SHA3-224")) { | } else if (!strcmp(argv[1], "sha3-224") || !strcmp(argv[1], "SHA3-224")) { | ||||
outlen = 224/8; | outlen = 224/8; | ||||
sha3_224_init(sponge); | |||||
sha3_224_gen_init(sponge); | |||||
} else if (!strcmp(argv[1], "sha3-256") || !strcmp(argv[1], "SHA3-256")) { | } else if (!strcmp(argv[1], "sha3-256") || !strcmp(argv[1], "SHA3-256")) { | ||||
outlen = 256/8; | outlen = 256/8; | ||||
sha3_256_init(sponge); | |||||
sha3_256_gen_init(sponge); | |||||
} else if (!strcmp(argv[1], "sha3-384") || !strcmp(argv[1], "SHA3-384")) { | } else if (!strcmp(argv[1], "sha3-384") || !strcmp(argv[1], "SHA3-384")) { | ||||
outlen = 384/8; | outlen = 384/8; | ||||
sha3_384_init(sponge); | |||||
sha3_384_gen_init(sponge); | |||||
} else if (!strcmp(argv[1], "sha3-512") || !strcmp(argv[1], "SHA3-512")) { | } else if (!strcmp(argv[1], "sha3-512") || !strcmp(argv[1], "SHA3-512")) { | ||||
outlen = 512/8; | outlen = 512/8; | ||||
sha3_512_init(sponge); | |||||
sha3_512_gen_init(sponge); | |||||
} | } | ||||
} | } | ||||