Move output arguments to the front

bavc.c

@@ -82,8 +82,8 @@ static inline unsigned int pos_in_tree(unsigned int i, unsigned int j,
 }
 
 // BAVC.Commit for FAEST
-static void bavc_commit_faest(const uint8_t* rootKey, const uint8_t* iv,
-                              const faest_paramset_t* params, bavc_t* vecCom) {
+static void bavc_commit_faest(bavc_t* bavc, const uint8_t* root_key, const uint8_t* iv,
+                              const faest_paramset_t* params) {
   const unsigned int lambda       = params->lambda;
   const unsigned int L            = params->L;
   const unsigned int lambda_bytes = lambda / 8;
@@ -98,15 +98,15 @@ static void bavc_commit_faest(const uint8_t* rootKey, const uint8_t* iv,
   H1_init(&h1_com_ctx, lambda);
 
   // Generating the tree (k)
-  uint8_t* nodes = generate_seeds(rootKey, iv, params);
+  uint8_t* nodes = generate_seeds(root_key, iv, params);
 
   // Initialzing stuff
-  vecCom->h   = malloc(lambda_bytes * 2);
-  vecCom->com = malloc(L * com_size);
-  vecCom->sd  = malloc(L * lambda_bytes);
+  bavc->h   = malloc(lambda_bytes * 2);
+  bavc->com = malloc(L * com_size);
+  bavc->sd  = malloc(L * lambda_bytes);
 
   // Step: 1..3
-  vecCom->k = NODE(nodes, 0, lambda_bytes);
+  bavc->k = NODE(nodes, 0, lambda_bytes);
 
   // Step: 4..5
   // compute commitments for remaining instances
@@ -120,9 +120,9 @@ static void bavc_commit_faest(const uint8_t* rootKey, const uint8_t* iv,
     const unsigned int N_i = bavc_max_node_index(i, params->tau1, params->k);
     for (unsigned int j = 0; j < N_i; ++j, ++offset) {
       const unsigned int alpha = pos_in_tree(i, j, params);
-      faest_leaf_commit(vecCom->sd + offset * lambda_bytes, vecCom->com + offset * com_size,
+      faest_leaf_commit(bavc->sd + offset * lambda_bytes, bavc->com + offset * com_size,
                         NODE(nodes, alpha, lambda_bytes), iv, i + L - 1, uhash, lambda);
-      H1_update(&h1_ctx, vecCom->com + offset * com_size, com_size);
+      H1_update(&h1_ctx, bavc->com + offset * com_size, com_size);
     }
 
     uint8_t hi[MAX_LAMBDA_BYTES * 2];
@@ -134,12 +134,12 @@ static void bavc_commit_faest(const uint8_t* rootKey, const uint8_t* iv,
   H0_clear(&uhash_ctx);
 
   // Step 12
-  H1_final(&h1_com_ctx, vecCom->h, lambda_bytes * 2);
+  H1_final(&h1_com_ctx, bavc->h, lambda_bytes * 2);
 }
 
 // BAVC.Commit for FAEST-EM
-static void bavc_commit_faest_em(const uint8_t* rootKey, const uint8_t* iv,
-                                 const faest_paramset_t* params, bavc_t* vecCom) {
+static void bavc_commit_faest_em(bavc_t* bavc, const uint8_t* rootKey, const uint8_t* iv,
+                                 const faest_paramset_t* params) {
   const unsigned int lambda       = params->lambda;
   const unsigned int L            = params->L;
   const unsigned int lambda_bytes = lambda / 8;
@@ -152,12 +152,12 @@ static void bavc_commit_faest_em(const uint8_t* rootKey, const uint8_t* iv,
   uint8_t* nodes = generate_seeds(rootKey, iv, params);
 
   // Initialzing stuff
-  vecCom->h   = malloc(lambda_bytes * 2);
-  vecCom->com = malloc(L * com_size);
-  vecCom->sd  = malloc(L * lambda_bytes);
+  bavc->h   = malloc(lambda_bytes * 2);
+  bavc->com = malloc(L * com_size);
+  bavc->sd  = malloc(L * lambda_bytes);
 
   // Step: 1..3
-  vecCom->k = NODE(nodes, 0, lambda_bytes);
+  bavc->k = NODE(nodes, 0, lambda_bytes);
 
   // Step: 4..5
   // compute commitments for remaining instances
@@ -168,9 +168,9 @@ static void bavc_commit_faest_em(const uint8_t* rootKey, const uint8_t* iv,
     const unsigned int N_i = bavc_max_node_index(i, params->tau1, params->k);
     for (unsigned int j = 0; j < N_i; ++j, ++offset) {
       const unsigned int alpha = pos_in_tree(i, j, params);
-      faest_em_leaf_commit(vecCom->sd + offset * lambda_bytes, vecCom->com + offset * com_size,
+      faest_em_leaf_commit(bavc->sd + offset * lambda_bytes, bavc->com + offset * com_size,
                            NODE(nodes, alpha, lambda_bytes), iv, i + L - 1, lambda);
-      H1_update(&h1_ctx, vecCom->com + offset * com_size, com_size);
+      H1_update(&h1_ctx, bavc->com + offset * com_size, com_size);
     }
 
     uint8_t hi[MAX_LAMBDA_BYTES * 2];
@@ -181,19 +181,19 @@ static void bavc_commit_faest_em(const uint8_t* rootKey, const uint8_t* iv,
   }
 
   // Step 12
-  H1_final(&h1_com_ctx, vecCom->h, lambda_bytes * 2);
+  H1_final(&h1_com_ctx, bavc->h, lambda_bytes * 2);
 }
 
-void bavc_commit(const uint8_t* rootKey, const uint8_t* iv, const faest_paramset_t* params,
-                 bavc_t* vecCom) {
+void bavc_commit(bavc_t* bavc, const uint8_t* root_key, const uint8_t* iv,
+                 const faest_paramset_t* params) {
   if (faest_is_em(params)) {
-    bavc_commit_faest_em(rootKey, iv, params, vecCom);
+    bavc_commit_faest_em(bavc, root_key, iv, params);
   } else {
-    bavc_commit_faest(rootKey, iv, params, vecCom);
+    bavc_commit_faest(bavc, root_key, iv, params);
   }
 }
 
-bool bavc_open(const bavc_t* vc, const uint16_t* i_delta, uint8_t* decom_i,
+bool bavc_open(uint8_t* decom_i, const bavc_t* vc, const uint16_t* i_delta,
                const faest_paramset_t* params) {
   const unsigned int lambda       = params->lambda;
   const unsigned int L            = params->L;
@@ -300,9 +300,9 @@ static bool reconstruct_keys(uint8_t* s, uint8_t* keys, const uint8_t* decom_i,
   return true;
 }
 
-static bool bavc_reconstruct_faest(const uint8_t* decom_i, const uint16_t* i_delta,
-                                   const uint8_t* iv, const faest_paramset_t* params,
-                                   bavc_rec_t* vecComRec) {
+static bool bavc_reconstruct_faest(bavc_rec_t* bavc_rec, const uint8_t* decom_i,
+                                   const uint16_t* i_delta, const uint8_t* iv,
+                                   const faest_paramset_t* params) {
   // Initializing
   const unsigned int lambda       = params->lambda;
   const unsigned int L            = params->L;
@@ -344,8 +344,8 @@ static bool bavc_reconstruct_faest(const uint8_t* decom_i, const uint16_t* i_del
         H1_update(&h1_ctx, decom_i + i * com_size, com_size);
       } else {
         uint8_t com[3 * MAX_LAMBDA_BYTES];
-        faest_leaf_commit(vecComRec->s + offset * lambda_bytes, com, keys + alpha * lambda_bytes,
-                          iv, i + L - 1, uhash, lambda);
+        faest_leaf_commit(bavc_rec->s + offset * lambda_bytes, com, keys + alpha * lambda_bytes, iv,
+                          i + L - 1, uhash, lambda);
         ++offset;
         H1_update(&h1_ctx, com, com_size);
       }
@@ -357,16 +357,16 @@ static bool bavc_reconstruct_faest(const uint8_t* decom_i, const uint16_t* i_del
   }
   H0_clear(&uhash_ctx);
 
-  H1_final(&h1_com_ctx, vecComRec->h, lambda_bytes * 2);
+  H1_final(&h1_com_ctx, bavc_rec->h, lambda_bytes * 2);
 
   free(keys);
   free(s);
   return true;
 }
 
-static bool bavc_reconstruct_faest_em(const uint8_t* decom_i, const uint16_t* i_delta,
-                                      const uint8_t* iv, const faest_paramset_t* params,
-                                      bavc_rec_t* vecComRec) {
+static bool bavc_reconstruct_faest_em(bavc_rec_t* bavc_rec, const uint8_t* decom_i,
+                                      const uint16_t* i_delta, const uint8_t* iv,
+                                      const faest_paramset_t* params) {
   // Initializing
   const unsigned int lambda       = params->lambda;
   const unsigned int L            = params->L;
@@ -401,7 +401,7 @@ static bool bavc_reconstruct_faest_em(const uint8_t* decom_i, const uint16_t* i_
         H1_update(&h1_ctx, decom_i + i * com_size, com_size);
       } else {
         uint8_t com[2 * MAX_LAMBDA_BYTES];
-        faest_em_leaf_commit(vecComRec->s + offset * lambda_bytes, com, keys + alpha * lambda_bytes,
+        faest_em_leaf_commit(bavc_rec->s + offset * lambda_bytes, com, keys + alpha * lambda_bytes,
                              iv, i + L - 1, lambda);
         ++offset;
         H1_update(&h1_ctx, com, com_size);
@@ -413,17 +413,17 @@ static bool bavc_reconstruct_faest_em(const uint8_t* decom_i, const uint16_t* i_
     H1_update(&h1_com_ctx, hi, lambda_bytes * 2);
   }
 
-  H1_final(&h1_com_ctx, vecComRec->h, lambda_bytes * 2);
+  H1_final(&h1_com_ctx, bavc_rec->h, lambda_bytes * 2);
 
   free(keys);
   free(s);
   return true;
 }
 
-bool bavc_reconstruct(const uint8_t* decom_i, const uint16_t* i_delta, const uint8_t* iv,
-                      const faest_paramset_t* params, bavc_rec_t* vecComRec) {
-  return faest_is_em(params) ? bavc_reconstruct_faest_em(decom_i, i_delta, iv, params, vecComRec)
-                             : bavc_reconstruct_faest(decom_i, i_delta, iv, params, vecComRec);
+bool bavc_reconstruct(bavc_rec_t* bavc_rec, const uint8_t* decom_i, const uint16_t* i_delta,
+                      const uint8_t* iv, const faest_paramset_t* params) {
+  return faest_is_em(params) ? bavc_reconstruct_faest_em(bavc_rec, decom_i, i_delta, iv, params)
+                             : bavc_reconstruct_faest(bavc_rec, decom_i, i_delta, iv, params);
 }
 
 void bavc_clear(bavc_t* com) {

bavc.h

@@ -28,26 +28,28 @@ static inline ATTR_CONST unsigned int bavc_max_node_depth(unsigned int i, unsign
 
 static inline ATTR_CONST unsigned int bavc_max_node_index(unsigned int i, unsigned int tau_1,
                                                           unsigned int k) {
-#if defined(__clang_anaalyzer)
+#if defined(__clang_analyzer__)
   // for scan-build
   assert(k << MAX_DEPTH);
 #endif
-  return 1 << bavc_max_node_depth(i, tau_1, k);
+  return 1u << bavc_max_node_depth(i, tau_1, k);
 }
 
-void bavc_commit(const uint8_t* rootKey, const uint8_t* iv, const faest_paramset_t* params,
-                 bavc_t* vecCom);
+void bavc_commit(bavc_t* bavc, const uint8_t* root_key, const uint8_t* iv,
+                 const faest_paramset_t* params);
 
-bool bavc_open(const bavc_t* vc, const uint16_t* i_delta, uint8_t* decom_i,
+bool bavc_open(uint8_t* decom_i, const bavc_t* vc, const uint16_t* i_delta,
                const faest_paramset_t* params);
 
-bool bavc_reconstruct(const uint8_t* decom_i, const uint16_t* i_delta, const uint8_t* iv,
-                      const faest_paramset_t* params, bavc_rec_t* vecComRec);
+bool bavc_reconstruct(bavc_rec_t* bavc_rec, const uint8_t* decom_i, const uint16_t* i_delta,
+                      const uint8_t* iv, const faest_paramset_t* params);
 
 void bavc_clear(bavc_t* com);
 
+#if defined(FAEST_TESTS)
 void leaf_commit(uint8_t* sd, uint8_t* com, const uint8_t* key, const uint8_t* iv, uint32_t tweak,
                  const uint8_t* uhash, const faest_paramset_t* params);
+#endif
 
 FAEST_END_C_DECL
 

faest.c

@@ -407,7 +407,7 @@ void faest_sign(uint8_t* sig, const uint8_t* msg, size_t msg_len, const uint8_t*
     }
 
     // :27
-    if (bavc_open(&bavc, decoded_chall_3, signature_decom_i(sig, params), params)) {
+    if (bavc_open(signature_decom_i(sig, params), &bavc, decoded_chall_3, params)) {
       break;
     }
   }

tests/bavc.cpp

@@ -59,7 +59,7 @@ namespace {
     const auto com_size     = (faest_is_em(&params) ? 2 : 3) * lambda_bytes;
 
     bavc_t vc;
-    bavc_commit(root_key.data(), iv.data(), &params, &vc);
+    bavc_commit(&vc, root_key.data(), iv.data(), &params);
 
     const std::vector<uint8_t> h{vc.h, vc.h + HSize},
         expected_h_vec{expected_h.begin(), expected_h.end()};
@@ -73,7 +73,7 @@ namespace {
 
     std::vector<uint8_t> decom_i;
     decom_i.resize(com_size * params.tau + params.T_open * lambda_bytes);
-    BOOST_TEST(bavc_open(&vc, i_delta.data(), decom_i.data(), &params));
+    BOOST_TEST(bavc_open(decom_i.data(), &vc, i_delta.data(), &params));
 
     // compare hashed decom_i to reduce size of the TVs
     const auto hashed_decom_i = hash_array(decom_i);
@@ -87,7 +87,7 @@ namespace {
     vc_rec.h = rec_h.data();
     vc_rec.s = rec_s.data();
 
-    BOOST_TEST(bavc_reconstruct(decom_i.data(), i_delta.data(), iv.data(), &params, &vc_rec));
+    BOOST_TEST(bavc_reconstruct(&vc_rec, decom_i.data(), i_delta.data(), iv.data(), &params));
     BOOST_TEST(rec_h == expected_h_vec);
 
     // compare hashed sd_ij to reduce size of the TVs
@@ -191,7 +191,7 @@ BOOST_DATA_TEST_CASE(test_keys, all_parameters, param_id) {
     const auto lambda_bytes = lambda / 8;
 
     bavc_t vc;
-    bavc_commit(root_key.data(), iv.data(), &params, &vc);
+    bavc_commit(&vc, root_key.data(), iv.data(), &params);
 
     std::vector<uint8_t> decom_i;
     std::vector<uint16_t> i_delta;
@@ -208,7 +208,7 @@ BOOST_DATA_TEST_CASE(test_keys, all_parameters, param_id) {
       decom_i.clear();
       decom_i.resize(((faest_is_em(&params) ? 2 : 3) * params.tau + params.T_open) * lambda_bytes);
 
-      ret = bavc_open(&vc, i_delta.data(), decom_i.data(), &params);
+      ret = bavc_open(decom_i.data(), &vc, i_delta.data(), &params);
     }
     BOOST_TEST(ret);
 
@@ -220,7 +220,7 @@ BOOST_DATA_TEST_CASE(test_keys, all_parameters, param_id) {
     vc_rec.h = rec_h.data();
     vc_rec.s = rec_s.data();
 
-    BOOST_TEST(bavc_reconstruct(decom_i.data(), i_delta.data(), iv.data(), &params, &vc_rec));
+    BOOST_TEST(bavc_reconstruct(&vc_rec, decom_i.data(), i_delta.data(), iv.data(), &params));
     BOOST_TEST(memcmp(vc.h, vc_rec.h, 2 * lambda_bytes) == 0);
 
     bavc_clear(&vc);

tests/generate_bavc_tv.cpp

@@ -44,7 +44,7 @@ int main() {
     const auto com_size     = (faest_is_em(&params) ? 2 : 3) * lambda_bytes;
 
     bavc_t vc;
-    bavc_commit(root_key.data(), iv.data(), &params, &vc);
+    bavc_commit(&vc, root_key.data(), iv.data(), &params);
 
     auto hashed_k  = hash_array(vc.k, (2 * params.L - 1) * lambda_bytes);
     auto hashed_sd = hash_array(vc.sd, params.L * lambda_bytes);
@@ -69,7 +69,7 @@ int main() {
       decom_i.clear();
       decom_i.resize(com_size * params.tau + params.T_open * lambda_bytes);
 
-      ret = bavc_open(&vc, i_delta.data(), decom_i.data(), &params);
+      ret = bavc_open(decom_i.data(), &vc, i_delta.data(), &params);
     }
 
     auto hashed_decom_i = hash_array(decom_i);
@@ -86,7 +86,7 @@ int main() {
     vc_rec.h = rec_h.data();
     vc_rec.s = rec_s.data();
 
-    bavc_reconstruct(decom_i.data(), i_delta.data(), iv.data(), &params, &vc_rec);
+    bavc_reconstruct(&vc_rec, decom_i.data(), i_delta.data(), iv.data(), &params);
 
     auto hashed_rec_sd = hash_array(rec_s);
     print_named_array("hashed_rec_sd", "uint8_t", hashed_rec_sd);

tests/generate_vole_tv.cpp

@@ -82,7 +82,7 @@ int main() {
 
       uint16_t i_delta[MAX_TAU];
       decode_all_chall_3(i_delta, chal.data(), &params);
-      if (!bavc_open(&bavc_com, i_delta, decom_i.data(), &params)) {
+      if (!bavc_open(decom_i.data(), &bavc_com, i_delta, &params)) {
         continue;
       }
       print_named_array("chall", "uint8_t", chal);

tests/vole.cpp

@@ -76,7 +76,7 @@ BOOST_DATA_TEST_CASE(vole_commit_verify, all_parameters, param_id) {
       decom_i.resize(com_size * params->tau + params->T_open * lambda_bytes);
 
       BOOST_TEST(decode_all_chall_3(i_delta.data(), chal.data(), params));
-      if (!bavc_open(&bavc_com, i_delta.data(), decom_i.data(), params)) {
+      if (!bavc_open(decom_i.data(), &bavc_com, i_delta.data(), params)) {
         continue;
       }
       tested = true;
@@ -190,7 +190,7 @@ namespace {
     std::vector<uint16_t> i_delta;
     i_delta.resize(params->tau);
     BOOST_TEST(decode_all_chall_3(i_delta.data(), challenge.data(), params));
-    BOOST_TEST(bavc_open(&bavc_com, i_delta.data(), decom_i.data(), params));
+    BOOST_TEST(bavc_open(decom_i.data(), &bavc_com, i_delta.data(), params));
 
     std::vector<uint8_t> hcom_rec;
     hcom_rec.resize(lambda_bytes * 2);