aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-09-24 22:02:13 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-09-24 22:02:13 +0200
commitb998d469d3e7c4810541767d2814a217ec68c7cc (patch)
treeb8f233fdad747db70589ba06d5544baff6555ae2
parenthchacha20: keep in native endian in words (diff)
downloadWireGuard-master.tar.xz
WireGuard-master.zip
crypto: make constant naming scheme consistentHEADmaster
-rw-r--r--contrib/examples/keygen-html/src/curve25519_generate.c4
-rw-r--r--src/crypto/include/zinc/blake2s.h10
-rw-r--r--src/crypto/include/zinc/chacha20.h6
-rw-r--r--src/crypto/include/zinc/chacha20poly1305.h22
-rw-r--r--src/crypto/include/zinc/curve25519.h12
-rw-r--r--src/crypto/zinc/blake2s/blake2s.c68
-rw-r--r--src/crypto/zinc/chacha20poly1305.c24
-rw-r--r--src/crypto/zinc/curve25519/curve25519-arm-glue.h16
-rw-r--r--src/crypto/zinc/curve25519/curve25519-fiat32.h6
-rw-r--r--src/crypto/zinc/curve25519/curve25519-hacl64.h6
-rw-r--r--src/crypto/zinc/curve25519/curve25519-x86_64-glue.h10
-rw-r--r--src/crypto/zinc/curve25519/curve25519-x86_64.h38
-rw-r--r--src/crypto/zinc/curve25519/curve25519.c36
-rw-r--r--src/crypto/zinc/selftest/blake2s.h18
-rw-r--r--src/crypto/zinc/selftest/chacha20poly1305.h4
-rw-r--r--src/crypto/zinc/selftest/curve25519.h20
-rw-r--r--src/messages.h10
-rw-r--r--src/noise.c30
-rw-r--r--src/tools/curve25519.c6
-rw-r--r--src/tools/curve25519.h8
20 files changed, 177 insertions, 177 deletions
diff --git a/contrib/examples/keygen-html/src/curve25519_generate.c b/contrib/examples/keygen-html/src/curve25519_generate.c
index c280b89..50d35de 100644
--- a/contrib/examples/keygen-html/src/curve25519_generate.c
+++ b/contrib/examples/keygen-html/src/curve25519_generate.c
@@ -10,7 +10,7 @@ typedef unsigned int u32;
typedef unsigned char u8;
typedef u32 __le32;
-enum { CURVE25519_POINT_SIZE = 32 };
+enum { CURVE25519_KEY_SIZE = 32 };
#ifndef __always_inline
#define __always_inline __inline __attribute__((__always_inline__))
@@ -37,7 +37,7 @@ enum { CURVE25519_POINT_SIZE = 32 };
/* We don't even attempt to deal with this in javascript. */
#define memzero_explicit(a, b)
-static __always_inline void normalize_secret(u8 secret[CURVE25519_POINT_SIZE])
+static __always_inline void normalize_secret(u8 secret[CURVE25519_KEY_SIZE])
{
secret[0] &= 248;
secret[31] &= 127;
diff --git a/src/crypto/include/zinc/blake2s.h b/src/crypto/include/zinc/blake2s.h
index f14230e..da313de 100644
--- a/src/crypto/include/zinc/blake2s.h
+++ b/src/crypto/include/zinc/blake2s.h
@@ -11,16 +11,16 @@
#include <crypto/algapi.h>
enum blake2s_lengths {
- BLAKE2S_BLOCKBYTES = 64,
- BLAKE2S_OUTBYTES = 32,
- BLAKE2S_KEYBYTES = 32
+ BLAKE2S_BLOCK_SIZE = 64,
+ BLAKE2S_HASH_SIZE = 32,
+ BLAKE2S_KEY_SIZE = 32
};
struct blake2s_state {
u32 h[8];
u32 t[2];
u32 f[2];
- u8 buf[BLAKE2S_BLOCKBYTES];
+ u8 buf[BLAKE2S_BLOCK_SIZE];
size_t buflen;
u8 last_node;
};
@@ -39,7 +39,7 @@ static inline void blake2s(u8 *out, const u8 *in, const u8 *key,
#ifdef DEBUG
BUG_ON((!in && inlen > 0) || !out || !outlen ||
- outlen > BLAKE2S_OUTBYTES || keylen > BLAKE2S_KEYBYTES ||
+ outlen > BLAKE2S_HASH_SIZE || keylen > BLAKE2S_KEY_SIZE ||
(!key && keylen));
#endif
diff --git a/src/crypto/include/zinc/chacha20.h b/src/crypto/include/zinc/chacha20.h
index 34d577d..14bbadd 100644
--- a/src/crypto/include/zinc/chacha20.h
+++ b/src/crypto/include/zinc/chacha20.h
@@ -12,13 +12,13 @@
#include <linux/types.h>
enum {
- CHACHA20_IV_SIZE = 16,
+ CHACHA20_NONCE_SIZE = 16,
CHACHA20_KEY_SIZE = 32,
CHACHA20_KEY_WORDS = CHACHA20_KEY_SIZE / sizeof(u32),
CHACHA20_BLOCK_SIZE = 64,
CHACHA20_BLOCK_WORDS = CHACHA20_BLOCK_SIZE / sizeof(u32),
- HCHACHA20_KEY_SIZE = 32,
- HCHACHA20_NONCE_SIZE = 16
+ HCHACHA20_NONCE_SIZE = CHACHA20_NONCE_SIZE,
+ HCHACHA20_KEY_SIZE = CHACHA20_KEY_SIZE
};
enum { /* expand 32-byte k */
diff --git a/src/crypto/include/zinc/chacha20poly1305.h b/src/crypto/include/zinc/chacha20poly1305.h
index 50b2be9..d2753c5 100644
--- a/src/crypto/include/zinc/chacha20poly1305.h
+++ b/src/crypto/include/zinc/chacha20poly1305.h
@@ -12,39 +12,39 @@
struct scatterlist;
enum chacha20poly1305_lengths {
- XCHACHA20POLY1305_NONCELEN = 24,
- CHACHA20POLY1305_KEYLEN = 32,
- CHACHA20POLY1305_AUTHTAGLEN = 16
+ XCHACHA20POLY1305_NONCE_SIZE = 24,
+ CHACHA20POLY1305_KEY_SIZE = 32,
+ CHACHA20POLY1305_AUTHTAG_SIZE = 16
};
void chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN]);
+ const u8 key[CHACHA20POLY1305_KEY_SIZE]);
bool __must_check chacha20poly1305_encrypt_sg(
struct scatterlist *dst, struct scatterlist *src, const size_t src_len,
const u8 *ad, const size_t ad_len, const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN], simd_context_t *simd_context);
+ const u8 key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context);
bool __must_check
chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len, const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN]);
+ const u8 key[CHACHA20POLY1305_KEY_SIZE]);
bool __must_check chacha20poly1305_decrypt_sg(
struct scatterlist *dst, struct scatterlist *src, const size_t src_len,
const u8 *ad, const size_t ad_len, const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN], simd_context_t *simd_context);
+ const u8 key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context);
void xchacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
- const u8 nonce[XCHACHA20POLY1305_NONCELEN],
- const u8 key[CHACHA20POLY1305_KEYLEN]);
+ const u8 nonce[XCHACHA20POLY1305_NONCE_SIZE],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE]);
bool __must_check xchacha20poly1305_decrypt(
u8 *dst, const u8 *src, const size_t src_len, const u8 *ad,
- const size_t ad_len, const u8 nonce[XCHACHA20POLY1305_NONCELEN],
- const u8 key[CHACHA20POLY1305_KEYLEN]);
+ const size_t ad_len, const u8 nonce[XCHACHA20POLY1305_NONCE_SIZE],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE]);
#endif /* _ZINC_CHACHA20POLY1305_H */
diff --git a/src/crypto/include/zinc/curve25519.h b/src/crypto/include/zinc/curve25519.h
index ac5979c..def173e 100644
--- a/src/crypto/include/zinc/curve25519.h
+++ b/src/crypto/include/zinc/curve25519.h
@@ -9,14 +9,14 @@
#include <linux/types.h>
enum curve25519_lengths {
- CURVE25519_POINT_SIZE = 32
+ CURVE25519_KEY_SIZE = 32
};
-bool __must_check curve25519(u8 mypublic[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE],
- const u8 basepoint[CURVE25519_POINT_SIZE]);
-void curve25519_generate_secret(u8 secret[CURVE25519_POINT_SIZE]);
+bool __must_check curve25519(u8 mypublic[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE],
+ const u8 basepoint[CURVE25519_KEY_SIZE]);
+void curve25519_generate_secret(u8 secret[CURVE25519_KEY_SIZE]);
bool __must_check curve25519_generate_public(
- u8 pub[CURVE25519_POINT_SIZE], const u8 secret[CURVE25519_POINT_SIZE]);
+ u8 pub[CURVE25519_KEY_SIZE], const u8 secret[CURVE25519_KEY_SIZE]);
#endif /* _ZINC_CURVE25519_H */
diff --git a/src/crypto/zinc/blake2s/blake2s.c b/src/crypto/zinc/blake2s/blake2s.c
index a797524..5ce74c1 100644
--- a/src/crypto/zinc/blake2s/blake2s.c
+++ b/src/crypto/zinc/blake2s/blake2s.c
@@ -87,7 +87,7 @@ void blake2s_init(struct blake2s_state *state, const size_t outlen)
};
#ifdef DEBUG
- BUG_ON(!outlen || outlen > BLAKE2S_OUTBYTES);
+ BUG_ON(!outlen || outlen > BLAKE2S_HASH_SIZE);
#endif
blake2s_init_param(state, &param);
}
@@ -100,16 +100,16 @@ void blake2s_init_key(struct blake2s_state *state, const size_t outlen,
.key_length = keylen,
.fanout = 1,
.depth = 1 };
- u8 block[BLAKE2S_BLOCKBYTES] = { 0 };
+ u8 block[BLAKE2S_BLOCK_SIZE] = { 0 };
#ifdef DEBUG
- BUG_ON(!outlen || outlen > BLAKE2S_OUTBYTES || !key || !keylen ||
- keylen > BLAKE2S_KEYBYTES);
+ BUG_ON(!outlen || outlen > BLAKE2S_HASH_SIZE || !key || !keylen ||
+ keylen > BLAKE2S_KEY_SIZE);
#endif
blake2s_init_param(state, &param);
memcpy(block, key, keylen);
- blake2s_update(state, block, BLAKE2S_BLOCKBYTES);
- memzero_explicit(block, BLAKE2S_BLOCKBYTES);
+ blake2s_update(state, block, BLAKE2S_BLOCK_SIZE);
+ memzero_explicit(block, BLAKE2S_BLOCK_SIZE);
}
EXPORT_SYMBOL(blake2s_init_key);
@@ -136,7 +136,7 @@ static inline void blake2s_compress(struct blake2s_state *state,
int i;
#ifdef DEBUG
- BUG_ON(nblocks > 1 && inc != BLAKE2S_BLOCKBYTES);
+ BUG_ON(nblocks > 1 && inc != BLAKE2S_BLOCK_SIZE);
#endif
if (blake2s_arch(state, block, nblocks, inc))
@@ -146,7 +146,7 @@ static inline void blake2s_compress(struct blake2s_state *state,
blake2s_increment_counter(state, inc);
#ifdef __LITTLE_ENDIAN
- memcpy(m, block, BLAKE2S_BLOCKBYTES);
+ memcpy(m, block, BLAKE2S_BLOCK_SIZE);
#else
for (i = 0; i < 16; ++i)
m[i] = get_unaligned_le32(block + i * sizeof(m[i]));
@@ -199,31 +199,31 @@ static inline void blake2s_compress(struct blake2s_state *state,
for (i = 0; i < 8; ++i)
state->h[i] ^= v[i] ^ v[i + 8];
- block += BLAKE2S_BLOCKBYTES;
+ block += BLAKE2S_BLOCK_SIZE;
--nblocks;
}
}
void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen)
{
- const size_t fill = BLAKE2S_BLOCKBYTES - state->buflen;
+ const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen;
if (unlikely(!inlen))
return;
if (inlen > fill) {
memcpy(state->buf + state->buflen, in, fill);
- blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCKBYTES);
+ blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCK_SIZE);
state->buflen = 0;
in += fill;
inlen -= fill;
}
- if (inlen > BLAKE2S_BLOCKBYTES) {
+ if (inlen > BLAKE2S_BLOCK_SIZE) {
const size_t nblocks =
- (inlen + BLAKE2S_BLOCKBYTES - 1) / BLAKE2S_BLOCKBYTES;
+ (inlen + BLAKE2S_BLOCK_SIZE - 1) / BLAKE2S_BLOCK_SIZE;
/* Hash one less (full) block than strictly possible */
- blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCKBYTES);
- in += BLAKE2S_BLOCKBYTES * (nblocks - 1);
- inlen -= BLAKE2S_BLOCKBYTES * (nblocks - 1);
+ blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
+ in += BLAKE2S_BLOCK_SIZE * (nblocks - 1);
+ inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1);
}
memcpy(state->buf + state->buflen, in, inlen);
state->buflen += inlen;
@@ -233,11 +233,11 @@ EXPORT_SYMBOL(blake2s_update);
void blake2s_final(struct blake2s_state *state, u8 *out, const size_t outlen)
{
#ifdef DEBUG
- BUG_ON(!out || !outlen || outlen > BLAKE2S_OUTBYTES);
+ BUG_ON(!out || !outlen || outlen > BLAKE2S_HASH_SIZE);
#endif
blake2s_set_lastblock(state);
memset(state->buf + state->buflen, 0,
- BLAKE2S_BLOCKBYTES - state->buflen); /* Padding */
+ BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */
blake2s_compress(state, state->buf, 1, state->buflen);
cpu_to_le32_array(state->h, ARRAY_SIZE(state->h));
memcpy(out, state->h, outlen);
@@ -249,36 +249,36 @@ void blake2s_hmac(u8 *out, const u8 *in, const u8 *key, const size_t outlen,
const size_t inlen, const size_t keylen)
{
struct blake2s_state state;
- u8 x_key[BLAKE2S_BLOCKBYTES] __aligned(__alignof__(u32)) = { 0 };
- u8 i_hash[BLAKE2S_OUTBYTES] __aligned(__alignof__(u32));
+ u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 };
+ u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32));
int i;
- if (keylen > BLAKE2S_BLOCKBYTES) {
- blake2s_init(&state, BLAKE2S_OUTBYTES);
+ if (keylen > BLAKE2S_BLOCK_SIZE) {
+ blake2s_init(&state, BLAKE2S_HASH_SIZE);
blake2s_update(&state, key, keylen);
- blake2s_final(&state, x_key, BLAKE2S_OUTBYTES);
+ blake2s_final(&state, x_key, BLAKE2S_HASH_SIZE);
} else
memcpy(x_key, key, keylen);
- for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i)
+ for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
x_key[i] ^= 0x36;
- blake2s_init(&state, BLAKE2S_OUTBYTES);
- blake2s_update(&state, x_key, BLAKE2S_BLOCKBYTES);
+ blake2s_init(&state, BLAKE2S_HASH_SIZE);
+ blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE);
blake2s_update(&state, in, inlen);
- blake2s_final(&state, i_hash, BLAKE2S_OUTBYTES);
+ blake2s_final(&state, i_hash, BLAKE2S_HASH_SIZE);
- for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i)
+ for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
x_key[i] ^= 0x5c ^ 0x36;
- blake2s_init(&state, BLAKE2S_OUTBYTES);
- blake2s_update(&state, x_key, BLAKE2S_BLOCKBYTES);
- blake2s_update(&state, i_hash, BLAKE2S_OUTBYTES);
- blake2s_final(&state, i_hash, BLAKE2S_OUTBYTES);
+ blake2s_init(&state, BLAKE2S_HASH_SIZE);
+ blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE);
+ blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE);
+ blake2s_final(&state, i_hash, BLAKE2S_HASH_SIZE);
memcpy(out, i_hash, outlen);
- memzero_explicit(x_key, BLAKE2S_BLOCKBYTES);
- memzero_explicit(i_hash, BLAKE2S_OUTBYTES);
+ memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE);
+ memzero_explicit(i_hash, BLAKE2S_HASH_SIZE);
}
EXPORT_SYMBOL(blake2s_hmac);
diff --git a/src/crypto/zinc/chacha20poly1305.c b/src/crypto/zinc/chacha20poly1305.c
index f2d82a1..2d975c3 100644
--- a/src/crypto/zinc/chacha20poly1305.c
+++ b/src/crypto/zinc/chacha20poly1305.c
@@ -34,7 +34,7 @@ static struct blkcipher_desc chacha20_desc = {
static inline void
__chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len, const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE],
simd_context_t *simd_context)
{
struct poly1305_ctx poly1305_state;
@@ -73,7 +73,7 @@ __chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
void chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN])
+ const u8 key[CHACHA20POLY1305_KEY_SIZE])
{
simd_context_t simd_context;
@@ -88,7 +88,7 @@ bool chacha20poly1305_encrypt_sg(struct scatterlist *dst,
struct scatterlist *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE],
simd_context_t *simd_context)
{
struct poly1305_ctx poly1305_state;
@@ -157,7 +157,7 @@ EXPORT_SYMBOL(chacha20poly1305_encrypt_sg);
static inline bool
__chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len, const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE],
simd_context_t *simd_context)
{
struct poly1305_ctx poly1305_state;
@@ -207,7 +207,7 @@ __chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
bool chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN])
+ const u8 key[CHACHA20POLY1305_KEY_SIZE])
{
simd_context_t simd_context, ret;
@@ -223,7 +223,7 @@ bool chacha20poly1305_decrypt_sg(struct scatterlist *dst,
struct scatterlist *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
const u64 nonce,
- const u8 key[CHACHA20POLY1305_KEYLEN],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE],
simd_context_t *simd_context)
{
struct poly1305_ctx poly1305_state;
@@ -301,8 +301,8 @@ EXPORT_SYMBOL(chacha20poly1305_decrypt_sg);
void xchacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
- const u8 nonce[XCHACHA20POLY1305_NONCELEN],
- const u8 key[CHACHA20POLY1305_KEYLEN])
+ const u8 nonce[XCHACHA20POLY1305_NONCE_SIZE],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE])
{
simd_context_t simd_context;
u32 derived_key[CHACHA20_KEY_WORDS] __aligned(16);
@@ -313,15 +313,15 @@ void xchacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
__chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
get_unaligned_le64(nonce + 16),
(u8 *)derived_key, &simd_context);
- memzero_explicit(derived_key, CHACHA20POLY1305_KEYLEN);
+ memzero_explicit(derived_key, CHACHA20POLY1305_KEY_SIZE);
simd_put(&simd_context);
}
EXPORT_SYMBOL(xchacha20poly1305_encrypt);
bool xchacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
- const u8 nonce[XCHACHA20POLY1305_NONCELEN],
- const u8 key[CHACHA20POLY1305_KEYLEN])
+ const u8 nonce[XCHACHA20POLY1305_NONCE_SIZE],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE])
{
bool ret;
simd_context_t simd_context;
@@ -333,7 +333,7 @@ bool xchacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
ret = __chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
get_unaligned_le64(nonce + 16),
(u8 *)derived_key, &simd_context);
- memzero_explicit(derived_key, CHACHA20POLY1305_KEYLEN);
+ memzero_explicit(derived_key, CHACHA20POLY1305_KEY_SIZE);
simd_put(&simd_context);
return ret;
}
diff --git a/src/crypto/zinc/curve25519/curve25519-arm-glue.h b/src/crypto/zinc/curve25519/curve25519-arm-glue.h
index 6b20931..9211bca 100644
--- a/src/crypto/zinc/curve25519/curve25519-arm-glue.h
+++ b/src/crypto/zinc/curve25519/curve25519-arm-glue.h
@@ -8,9 +8,9 @@
#include <asm/simd.h>
#if defined(CONFIG_KERNEL_MODE_NEON)
-asmlinkage void curve25519_neon(u8 mypublic[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE],
- const u8 basepoint[CURVE25519_POINT_SIZE]);
+asmlinkage void curve25519_neon(u8 mypublic[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE],
+ const u8 basepoint[CURVE25519_KEY_SIZE]);
#endif
static bool curve25519_use_neon __ro_after_init;
@@ -20,9 +20,9 @@ static void __init curve25519_fpu_init(void)
curve25519_use_neon = elf_hwcap & HWCAP_NEON;
}
-static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE],
- const u8 basepoint[CURVE25519_POINT_SIZE])
+static inline bool curve25519_arch(u8 mypublic[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE],
+ const u8 basepoint[CURVE25519_KEY_SIZE])
{
#if defined(CONFIG_KERNEL_MODE_NEON)
if (curve25519_use_neon && may_use_simd()) {
@@ -35,8 +35,8 @@ static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE],
return false;
}
-static inline bool curve25519_base_arch(u8 pub[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE])
+static inline bool curve25519_base_arch(u8 pub[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE])
{
return false;
}
diff --git a/src/crypto/zinc/curve25519/curve25519-fiat32.h b/src/crypto/zinc/curve25519/curve25519-fiat32.h
index e9d00c6..32b5ec7 100644
--- a/src/crypto/zinc/curve25519/curve25519-fiat32.h
+++ b/src/crypto/zinc/curve25519/curve25519-fiat32.h
@@ -749,9 +749,9 @@ static __always_inline void fe_mul121666(fe *h, const fe_loose *f)
fe_mul_121666_impl(h->v, f->v);
}
-static void curve25519_generic(u8 out[CURVE25519_POINT_SIZE],
- const u8 scalar[CURVE25519_POINT_SIZE],
- const u8 point[CURVE25519_POINT_SIZE])
+static void curve25519_generic(u8 out[CURVE25519_KEY_SIZE],
+ const u8 scalar[CURVE25519_KEY_SIZE],
+ const u8 point[CURVE25519_KEY_SIZE])
{
fe x1, x2, z2, x3, z3;
fe_loose x2l, z2l, x3l;
diff --git a/src/crypto/zinc/curve25519/curve25519-hacl64.h b/src/crypto/zinc/curve25519/curve25519-hacl64.h
index 547deac..c7b2924 100644
--- a/src/crypto/zinc/curve25519/curve25519-hacl64.h
+++ b/src/crypto/zinc/curve25519/curve25519-hacl64.h
@@ -753,9 +753,9 @@ static __always_inline void format_scalar_of_point(u8 *scalar, u64 *point)
format_fcontract(scalar, sc);
}
-static void curve25519_generic(u8 mypublic[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE],
- const u8 basepoint[CURVE25519_POINT_SIZE])
+static void curve25519_generic(u8 mypublic[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE],
+ const u8 basepoint[CURVE25519_KEY_SIZE])
{
u64 buf0[10] __aligned(32) = { 0 };
u64 *x0 = buf0;
diff --git a/src/crypto/zinc/curve25519/curve25519-x86_64-glue.h b/src/crypto/zinc/curve25519/curve25519-x86_64-glue.h
index 00dbfde..142e467 100644
--- a/src/crypto/zinc/curve25519/curve25519-x86_64-glue.h
+++ b/src/crypto/zinc/curve25519/curve25519-x86_64-glue.h
@@ -18,9 +18,9 @@ static void __init curve25519_fpu_init(void)
boot_cpu_has(X86_FEATURE_ADX);
}
-static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE],
- const u8 basepoint[CURVE25519_POINT_SIZE])
+static inline bool curve25519_arch(u8 mypublic[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE],
+ const u8 basepoint[CURVE25519_KEY_SIZE])
{
if (curve25519_use_adx) {
curve25519_adx(mypublic, secret, basepoint);
@@ -32,8 +32,8 @@ static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE],
return false;
}
-static inline bool curve25519_base_arch(u8 pub[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE])
+static inline bool curve25519_base_arch(u8 pub[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE])
{
if (curve25519_use_adx) {
curve25519_adx_base(pub, secret);
diff --git a/src/crypto/zinc/curve25519/curve25519-x86_64.h b/src/crypto/zinc/curve25519/curve25519-x86_64.h
index 6c895f7..258a30d 100644
--- a/src/crypto/zinc/curve25519/curve25519-x86_64.h
+++ b/src/crypto/zinc/curve25519/curve25519-x86_64.h
@@ -1935,23 +1935,23 @@ static __always_inline void cselect(u8 bit, u64 *const px, const u64 *const py)
);
}
-static __always_inline void clamp_secret(u8 secret[CURVE25519_POINT_SIZE])
+static __always_inline void clamp_secret(u8 secret[CURVE25519_KEY_SIZE])
{
secret[0] &= 248;
secret[31] &= 127;
secret[31] |= 64;
}
-static void curve25519_adx(u8 shared[CURVE25519_POINT_SIZE],
- const u8 private_key[CURVE25519_POINT_SIZE],
- const u8 session_key[CURVE25519_POINT_SIZE])
+static void curve25519_adx(u8 shared[CURVE25519_KEY_SIZE],
+ const u8 private_key[CURVE25519_KEY_SIZE],
+ const u8 session_key[CURVE25519_KEY_SIZE])
{
struct {
u64 buffer[4 * NUM_WORDS_ELTFP25519];
u64 coordinates[4 * NUM_WORDS_ELTFP25519];
u64 workspace[6 * NUM_WORDS_ELTFP25519];
- u8 session[CURVE25519_POINT_SIZE];
- u8 private[CURVE25519_POINT_SIZE];
+ u8 session[CURVE25519_KEY_SIZE];
+ u8 private[CURVE25519_KEY_SIZE];
} __aligned(32) m;
int i = 0, j = 0;
@@ -1991,7 +1991,7 @@ static void curve25519_adx(u8 shared[CURVE25519_POINT_SIZE],
* reserve the sign bit for use in other protocols and to
* increase resistance to implementation fingerprinting
*/
- m.session[CURVE25519_POINT_SIZE - 1] &= (1 << (255 % 8)) - 1;
+ m.session[CURVE25519_KEY_SIZE - 1] &= (1 << (255 % 8)) - 1;
copy_eltfp25519_1w(Px, X1);
setzero_eltfp25519_1w(Pz);
@@ -2043,14 +2043,14 @@ static void curve25519_adx(u8 shared[CURVE25519_POINT_SIZE],
memzero_explicit(&m, sizeof(m));
}
-static void curve25519_adx_base(u8 session_key[CURVE25519_POINT_SIZE],
- const u8 private_key[CURVE25519_POINT_SIZE])
+static void curve25519_adx_base(u8 session_key[CURVE25519_KEY_SIZE],
+ const u8 private_key[CURVE25519_KEY_SIZE])
{
struct {
u64 buffer[4 * NUM_WORDS_ELTFP25519];
u64 coordinates[4 * NUM_WORDS_ELTFP25519];
u64 workspace[4 * NUM_WORDS_ELTFP25519];
- u8 private[CURVE25519_POINT_SIZE];
+ u8 private[CURVE25519_KEY_SIZE];
} __aligned(32) m;
const int ite[4] = { 64, 64, 64, 63 };
@@ -2137,16 +2137,16 @@ static void curve25519_adx_base(u8 session_key[CURVE25519_POINT_SIZE],
memzero_explicit(&m, sizeof(m));
}
-static void curve25519_bmi2(u8 shared[CURVE25519_POINT_SIZE],
- const u8 private_key[CURVE25519_POINT_SIZE],
- const u8 session_key[CURVE25519_POINT_SIZE])
+static void curve25519_bmi2(u8 shared[CURVE25519_KEY_SIZE],
+ const u8 private_key[CURVE25519_KEY_SIZE],
+ const u8 session_key[CURVE25519_KEY_SIZE])
{
struct {
u64 buffer[4 * NUM_WORDS_ELTFP25519];
u64 coordinates[4 * NUM_WORDS_ELTFP25519];
u64 workspace[6 * NUM_WORDS_ELTFP25519];
- u8 session[CURVE25519_POINT_SIZE];
- u8 private[CURVE25519_POINT_SIZE];
+ u8 session[CURVE25519_KEY_SIZE];
+ u8 private[CURVE25519_KEY_SIZE];
} __aligned(32) m;
int i = 0, j = 0;
@@ -2186,7 +2186,7 @@ static void curve25519_bmi2(u8 shared[CURVE25519_POINT_SIZE],
* reserve the sign bit for use in other protocols and to
* increase resistance to implementation fingerprinting
*/
- m.session[CURVE25519_POINT_SIZE - 1] &= (1 << (255 % 8)) - 1;
+ m.session[CURVE25519_KEY_SIZE - 1] &= (1 << (255 % 8)) - 1;
copy_eltfp25519_1w(Px, X1);
setzero_eltfp25519_1w(Pz);
@@ -2238,14 +2238,14 @@ static void curve25519_bmi2(u8 shared[CURVE25519_POINT_SIZE],
memzero_explicit(&m, sizeof(m));
}
-static void curve25519_bmi2_base(u8 session_key[CURVE25519_POINT_SIZE],
- const u8 private_key[CURVE25519_POINT_SIZE])
+static void curve25519_bmi2_base(u8 session_key[CURVE25519_KEY_SIZE],
+ const u8 private_key[CURVE25519_KEY_SIZE])
{
struct {
u64 buffer[4 * NUM_WORDS_ELTFP25519];
u64 coordinates[4 * NUM_WORDS_ELTFP25519];
u64 workspace[4 * NUM_WORDS_ELTFP25519];
- u8 private[CURVE25519_POINT_SIZE];
+ u8 private[CURVE25519_KEY_SIZE];
} __aligned(32) m;
const int ite[4] = { 64, 64, 64, 63 };
diff --git a/src/crypto/zinc/curve25519/curve25519.c b/src/crypto/zinc/curve25519/curve25519.c
index fd46b36..a1f35aa 100644
--- a/src/crypto/zinc/curve25519/curve25519.c
+++ b/src/crypto/zinc/curve25519/curve25519.c
@@ -27,20 +27,20 @@
void __init curve25519_fpu_init(void)
{
}
-static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE],
- const u8 basepoint[CURVE25519_POINT_SIZE])
+static inline bool curve25519_arch(u8 mypublic[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE],
+ const u8 basepoint[CURVE25519_KEY_SIZE])
{
return false;
}
-static inline bool curve25519_base_arch(u8 pub[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE])
+static inline bool curve25519_base_arch(u8 pub[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE])
{
return false;
}
#endif
-static __always_inline void normalize_secret(u8 secret[CURVE25519_POINT_SIZE])
+static __always_inline void normalize_secret(u8 secret[CURVE25519_KEY_SIZE])
{
secret[0] &= 248;
secret[31] &= 127;
@@ -53,35 +53,35 @@ static __always_inline void normalize_secret(u8 secret[CURVE25519_POINT_SIZE])
#include "curve25519-fiat32.h"
#endif
-static const u8 null_point[CURVE25519_POINT_SIZE] = { 0 };
+static const u8 null_point[CURVE25519_KEY_SIZE] = { 0 };
-bool curve25519(u8 mypublic[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE],
- const u8 basepoint[CURVE25519_POINT_SIZE])
+bool curve25519(u8 mypublic[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE],
+ const u8 basepoint[CURVE25519_KEY_SIZE])
{
if (!curve25519_arch(mypublic, secret, basepoint))
curve25519_generic(mypublic, secret, basepoint);
- return crypto_memneq(mypublic, null_point, CURVE25519_POINT_SIZE);
+ return crypto_memneq(mypublic, null_point, CURVE25519_KEY_SIZE);
}
EXPORT_SYMBOL(curve25519);
-bool curve25519_generate_public(u8 pub[CURVE25519_POINT_SIZE],
- const u8 secret[CURVE25519_POINT_SIZE])
+bool curve25519_generate_public(u8 pub[CURVE25519_KEY_SIZE],
+ const u8 secret[CURVE25519_KEY_SIZE])
{
- static const u8 basepoint[CURVE25519_POINT_SIZE] __aligned(32) = { 9 };
+ static const u8 basepoint[CURVE25519_KEY_SIZE] __aligned(32) = { 9 };
- if (unlikely(!crypto_memneq(secret, null_point, CURVE25519_POINT_SIZE)))
+ if (unlikely(!crypto_memneq(secret, null_point, CURVE25519_KEY_SIZE)))
return false;
if (curve25519_base_arch(pub, secret))
- return crypto_memneq(pub, null_point, CURVE25519_POINT_SIZE);
+ return crypto_memneq(pub, null_point, CURVE25519_KEY_SIZE);
return curve25519(pub, secret, basepoint);
}
EXPORT_SYMBOL(curve25519_generate_public);
-void curve25519_generate_secret(u8 secret[CURVE25519_POINT_SIZE])
+void curve25519_generate_secret(u8 secret[CURVE25519_KEY_SIZE])
{
- get_random_bytes_wait(secret, CURVE25519_POINT_SIZE);
+ get_random_bytes_wait(secret, CURVE25519_KEY_SIZE);
normalize_secret(secret);
}
EXPORT_SYMBOL(curve25519_generate_secret);
diff --git a/src/crypto/zinc/selftest/blake2s.h b/src/crypto/zinc/selftest/blake2s.h
index dea18f4..b15cc56 100644
--- a/src/crypto/zinc/selftest/blake2s.h
+++ b/src/crypto/zinc/selftest/blake2s.h
@@ -4,7 +4,7 @@
*/
#ifdef DEBUG
-static const u8 blake2s_testvecs[][BLAKE2S_OUTBYTES] __initconst = {
+static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {
{ 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
@@ -1031,7 +1031,7 @@ static const u8 blake2s_testvecs[][BLAKE2S_OUTBYTES] __initconst = {
0x86, 0xaa, 0x99, 0x4a, 0xcb, 0x38, 0xfe, 0x2d }
};
-static const u8 blake2s_keyed_testvecs[][BLAKE2S_OUTBYTES] __initconst = {
+static const u8 blake2s_keyed_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {
{ 0x48, 0xa8, 0x99, 0x7d, 0xa4, 0x07, 0x87, 0x6b,
0x3d, 0x79, 0xc0, 0xd9, 0x23, 0x25, 0xad, 0x3b,
0x89, 0xcb, 0xb7, 0x54, 0xd8, 0x6a, 0xb7, 0x1a,
@@ -2060,29 +2060,29 @@ static const u8 blake2s_keyed_testvecs[][BLAKE2S_OUTBYTES] __initconst = {
static bool __init blake2s_selftest(void)
{
- u8 key[BLAKE2S_KEYBYTES];
+ u8 key[BLAKE2S_KEY_SIZE];
u8 buf[ARRAY_SIZE(blake2s_testvecs)];
- u8 hash[BLAKE2S_OUTBYTES];
+ u8 hash[BLAKE2S_HASH_SIZE];
size_t i;
bool success = true;
- for (i = 0; i < BLAKE2S_KEYBYTES; ++i)
+ for (i = 0; i < BLAKE2S_KEY_SIZE; ++i)
key[i] = (u8)i;
for (i = 0; i < ARRAY_SIZE(blake2s_testvecs); ++i)
buf[i] = (u8)i;
for (i = 0; i < ARRAY_SIZE(blake2s_keyed_testvecs); ++i) {
- blake2s(hash, buf, key, BLAKE2S_OUTBYTES, i, BLAKE2S_KEYBYTES);
- if (memcmp(hash, blake2s_keyed_testvecs[i], BLAKE2S_OUTBYTES)) {
+ blake2s(hash, buf, key, BLAKE2S_HASH_SIZE, i, BLAKE2S_KEY_SIZE);
+ if (memcmp(hash, blake2s_keyed_testvecs[i], BLAKE2S_HASH_SIZE)) {
pr_info("blake2s keyed self-test %zu: FAIL\n", i + 1);
success = false;
}
}
for (i = 0; i < ARRAY_SIZE(blake2s_testvecs); ++i) {
- blake2s(hash, buf, NULL, BLAKE2S_OUTBYTES, i, 0);
- if (memcmp(hash, blake2s_testvecs[i], BLAKE2S_OUTBYTES)) {
+ blake2s(hash, buf, NULL, BLAKE2S_HASH_SIZE, i, 0);
+ if (memcmp(hash, blake2s_testvecs[i], BLAKE2S_HASH_SIZE)) {
pr_info("blake2s unkeyed self-test %zu: FAIL\n", i + i);
success = false;
}
diff --git a/src/crypto/zinc/selftest/chacha20poly1305.h b/src/crypto/zinc/selftest/chacha20poly1305.h
index 2a75dfa..0510a8e 100644
--- a/src/crypto/zinc/selftest/chacha20poly1305.h
+++ b/src/crypto/zinc/selftest/chacha20poly1305.h
@@ -8817,7 +8817,7 @@ chacha20poly1305_selftest_encrypt_bignonce(u8 *dst, const u8 *src,
const size_t src_len, const u8 *ad,
const size_t ad_len,
const u8 nonce[12],
- const u8 key[CHACHA20POLY1305_KEYLEN])
+ const u8 key[CHACHA20POLY1305_KEY_SIZE])
{
simd_context_t simd_context;
struct poly1305_ctx poly1305_state;
@@ -8856,7 +8856,7 @@ static void __init
chacha20poly1305_selftest_encrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
const u8 *nonce, const size_t nonce_len,
- const u8 key[CHACHA20POLY1305_KEYLEN])
+ const u8 key[CHACHA20POLY1305_KEY_SIZE])
{
if (nonce_len == 8)
chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
diff --git a/src/crypto/zinc/selftest/curve25519.h b/src/crypto/zinc/selftest/curve25519.h
index 5d3f268..8c11d80 100644
--- a/src/crypto/zinc/selftest/curve25519.h
+++ b/src/crypto/zinc/selftest/curve25519.h
@@ -5,9 +5,9 @@
#ifdef DEBUG
struct curve25519_test_vector {
- u8 private[CURVE25519_POINT_SIZE];
- u8 public[CURVE25519_POINT_SIZE];
- u8 result[CURVE25519_POINT_SIZE];
+ u8 private[CURVE25519_KEY_SIZE];
+ u8 public[CURVE25519_KEY_SIZE];
+ u8 result[CURVE25519_KEY_SIZE];
bool valid;
};
static const struct curve25519_test_vector curve25519_test_vectors[] __initconst = {
@@ -1283,16 +1283,16 @@ static bool __init curve25519_selftest(void)
{
bool success = true, ret, ret2;
size_t i = 0, j;
- u8 in[CURVE25519_POINT_SIZE];
- u8 out[CURVE25519_POINT_SIZE], out2[CURVE25519_POINT_SIZE];
+ u8 in[CURVE25519_KEY_SIZE];
+ u8 out[CURVE25519_KEY_SIZE], out2[CURVE25519_KEY_SIZE];
for (i = 0; i < ARRAY_SIZE(curve25519_test_vectors); ++i) {
- memset(out, 0, CURVE25519_POINT_SIZE);
+ memset(out, 0, CURVE25519_KEY_SIZE);
ret = curve25519(out, curve25519_test_vectors[i].private,
curve25519_test_vectors[i].public);
if (ret != curve25519_test_vectors[i].valid ||
memcmp(out, curve25519_test_vectors[i].result,
- CURVE25519_POINT_SIZE)) {
+ CURVE25519_KEY_SIZE)) {
pr_info("curve25519 self-test %zu: FAIL\n", i + 1);
success = false;
break;
@@ -1302,11 +1302,11 @@ static bool __init curve25519_selftest(void)
for (i = 0; i < 5; ++i) {
get_random_bytes(in, sizeof(in));
ret = curve25519_generate_public(out, in);
- ret2 = curve25519(out2, in, (u8[CURVE25519_POINT_SIZE]){ 9 });
- if (ret != ret2 || memcmp(out, out2, CURVE25519_POINT_SIZE)) {
+ ret2 = curve25519(out2, in, (u8[CURVE25519_KEY_SIZE]){ 9 });
+ if (ret != ret2 || memcmp(out, out2, CURVE25519_KEY_SIZE)) {
pr_info("curve25519 basepoint self-test %zu: FAIL: input - 0x",
i + 1);
- for (j = CURVE25519_POINT_SIZE; j-- > 0;)
+ for (j = CURVE25519_KEY_SIZE; j-- > 0;)
printk(KERN_CONT "%02x", in[j]);
printk(KERN_CONT "\n");
success = false;
diff --git a/src/messages.h b/src/messages.h
index 131e1c4..090e6f0 100644
--- a/src/messages.h
+++ b/src/messages.h
@@ -15,11 +15,11 @@
#include <linux/skbuff.h>
enum noise_lengths {
- NOISE_PUBLIC_KEY_LEN = CURVE25519_POINT_SIZE,
- NOISE_SYMMETRIC_KEY_LEN = CHACHA20POLY1305_KEYLEN,
+ NOISE_PUBLIC_KEY_LEN = CURVE25519_KEY_SIZE,
+ NOISE_SYMMETRIC_KEY_LEN = CHACHA20POLY1305_KEY_SIZE,
NOISE_TIMESTAMP_LEN = sizeof(u64) + sizeof(u32),
- NOISE_AUTHTAG_LEN = CHACHA20POLY1305_AUTHTAGLEN,
- NOISE_HASH_LEN = BLAKE2S_OUTBYTES
+ NOISE_AUTHTAG_LEN = CHACHA20POLY1305_AUTHTAG_SIZE,
+ NOISE_HASH_LEN = BLAKE2S_HASH_SIZE
};
#define noise_encrypted_len(plain_len) (plain_len + NOISE_AUTHTAG_LEN)
@@ -27,7 +27,7 @@ enum noise_lengths {
enum cookie_values {
COOKIE_SECRET_MAX_AGE = 2 * 60,
COOKIE_SECRET_LATENCY = 5,
- COOKIE_NONCE_LEN = XCHACHA20POLY1305_NONCELEN,
+ COOKIE_NONCE_LEN = XCHACHA20POLY1305_NONCE_SIZE,
COOKIE_LEN = 16
};
diff --git a/src/noise.c b/src/noise.c
index 1d5d48b..7ab3890 100644
--- a/src/noise.c
+++ b/src/noise.c
@@ -286,19 +286,19 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data,
size_t first_len, size_t second_len, size_t third_len,
size_t data_len, const u8 chaining_key[NOISE_HASH_LEN])
{
- u8 output[BLAKE2S_OUTBYTES + 1];
- u8 secret[BLAKE2S_OUTBYTES];
+ u8 output[BLAKE2S_HASH_SIZE + 1];
+ u8 secret[BLAKE2S_HASH_SIZE];
#ifdef DEBUG
- BUG_ON(first_len > BLAKE2S_OUTBYTES || second_len > BLAKE2S_OUTBYTES ||
- third_len > BLAKE2S_OUTBYTES ||
+ BUG_ON(first_len > BLAKE2S_HASH_SIZE || second_len > BLAKE2S_HASH_SIZE ||
+ third_len > BLAKE2S_HASH_SIZE ||
((second_len || second_dst || third_len || third_dst) &&
(!first_len || !first_dst)) ||
((third_len || third_dst) && (!second_len || !second_dst)));
#endif
/* Extract entropy from data into secret */
- blake2s_hmac(secret, data, chaining_key, BLAKE2S_OUTBYTES, data_len,
+ blake2s_hmac(secret, data, chaining_key, BLAKE2S_HASH_SIZE, data_len,
NOISE_HASH_LEN);
if (!first_dst || !first_len)
@@ -306,32 +306,32 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data,
/* Expand first key: key = secret, data = 0x1 */
output[0] = 1;
- blake2s_hmac(output, output, secret, BLAKE2S_OUTBYTES, 1,
- BLAKE2S_OUTBYTES);
+ blake2s_hmac(output, output, secret, BLAKE2S_HASH_SIZE, 1,
+ BLAKE2S_HASH_SIZE);
memcpy(first_dst, output, first_len);
if (!second_dst || !second_len)
goto out;
/* Expand second key: key = secret, data = first-key || 0x2 */
- output[BLAKE2S_OUTBYTES] = 2;
- blake2s_hmac(output, output, secret, BLAKE2S_OUTBYTES,
- BLAKE2S_OUTBYTES + 1, BLAKE2S_OUTBYTES);
+ output[BLAKE2S_HASH_SIZE] = 2;
+ blake2s_hmac(output, output, secret, BLAKE2S_HASH_SIZE,
+ BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE);
memcpy(second_dst, output, second_len);
if (!third_dst || !third_len)
goto out;
/* Expand third key: key = secret, data = second-key || 0x3 */
- output[BLAKE2S_OUTBYTES] = 3;
- blake2s_hmac(output, output, secret, BLAKE2S_OUTBYTES,
- BLAKE2S_OUTBYTES + 1, BLAKE2S_OUTBYTES);
+ output[BLAKE2S_HASH_SIZE] = 3;
+ blake2s_hmac(output, output, secret, BLAKE2S_HASH_SIZE,
+ BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE);
memcpy(third_dst, output, third_len);
out:
/* Clear sensitive data from stack */
- memzero_explicit(secret, BLAKE2S_OUTBYTES);
- memzero_explicit(output, BLAKE2S_OUTBYTES + 1);
+ memzero_explicit(secret, BLAKE2S_HASH_SIZE);
+ memzero_explicit(output, BLAKE2S_HASH_SIZE + 1);
}
static void symmetric_key_init(struct noise_symmetric_key *key)
diff --git a/src/tools/curve25519.c b/src/tools/curve25519.c
index e76588b..5367c06 100644
--- a/src/tools/curve25519.c
+++ b/src/tools/curve25519.c
@@ -58,14 +58,14 @@ static noinline void memzero_explicit(void *s, size_t count)
#include "../crypto/zinc/curve25519/curve25519-fiat32.h"
#endif
-void curve25519_generate_public(uint8_t pub[static CURVE25519_POINT_SIZE], const uint8_t secret[static CURVE25519_POINT_SIZE])
+void curve25519_generate_public(uint8_t pub[static CURVE25519_KEY_SIZE], const uint8_t secret[static CURVE25519_KEY_SIZE])
{
- static const uint8_t basepoint[CURVE25519_POINT_SIZE] = { 9 };
+ static const uint8_t basepoint[CURVE25519_KEY_SIZE] = { 9 };
curve25519(pub, secret, basepoint);
}
-void curve25519(uint8_t mypublic[static CURVE25519_POINT_SIZE], const uint8_t secret[static CURVE25519_POINT_SIZE], const uint8_t basepoint[static CURVE25519_POINT_SIZE])
+void curve25519(uint8_t mypublic[static CURVE25519_KEY_SIZE], const uint8_t secret[static CURVE25519_KEY_SIZE], const uint8_t basepoint[static CURVE25519_KEY_SIZE])
{
curve25519_generic(mypublic, secret, basepoint);
}
diff --git a/src/tools/curve25519.h b/src/tools/curve25519.h
index 09ca6b9..ef0a09f 100644
--- a/src/tools/curve25519.h
+++ b/src/tools/curve25519.h
@@ -10,12 +10,12 @@
#include <sys/types.h>
enum curve25519_lengths {
- CURVE25519_POINT_SIZE = 32,
+ CURVE25519_KEY_SIZE = 32,
};
-void curve25519(uint8_t mypublic[static CURVE25519_POINT_SIZE], const uint8_t secret[static CURVE25519_POINT_SIZE], const uint8_t basepoint[static CURVE25519_POINT_SIZE]);
-void curve25519_generate_public(uint8_t pub[static CURVE25519_POINT_SIZE], const uint8_t secret[static CURVE25519_POINT_SIZE]);
-static inline void curve25519_normalize_secret(uint8_t secret[static CURVE25519_POINT_SIZE])
+void curve25519(uint8_t mypublic[static CURVE25519_KEY_SIZE], const uint8_t secret[static CURVE25519_KEY_SIZE], const uint8_t basepoint[static CURVE25519_KEY_SIZE]);
+void curve25519_generate_public(uint8_t pub[static CURVE25519_KEY_SIZE], const uint8_t secret[static CURVE25519_KEY_SIZE]);
+static inline void curve25519_normalize_secret(uint8_t secret[static CURVE25519_KEY_SIZE])
{
secret[0] &= 248;
secret[31] &= 127;