Brenton/curly braces (#1971)

* fix formatting

* properly adjust various lines
breakup multiple statements onto multiple lines

* insert {} around if, for, etc.
This commit is contained in:
Brenton Bostick 2023-05-01 14:48:16 -04:00 committed by GitHub
parent e6802690b8
commit f73e51e94c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
57 changed files with 2247 additions and 1082 deletions

View file

@ -731,7 +731,9 @@ static void crypto_scalarmult(u8 *mypublic, const u8 *secret, const u8 *basepoin
uint8_t e[32];
int i;
for (i = 0; i < 32; ++i) e[i] = secret[i];
for (i = 0; i < 32; ++i) {
e[i] = secret[i];
}
e[0] &= 248;
e[31] &= 127;
e[31] |= 64;
@ -837,14 +839,12 @@ static inline void reduce_add_sub(fe25519 *r)
crypto_uint32 t;
int i,rep;
for(rep=0;rep<4;rep++)
{
for(rep=0;rep<4;rep++) {
t = r->v[31] >> 7;
r->v[31] &= 127;
t = times19(t);
r->v[0] += t;
for(i=0;i<31;i++)
{
for(i=0;i<31;i++) {
t = r->v[i] >> 8;
r->v[i+1] += t;
r->v[i] &= 255;
@ -857,14 +857,12 @@ static inline void reduce_mul(fe25519 *r)
crypto_uint32 t;
int i,rep;
for(rep=0;rep<2;rep++)
{
for(rep=0;rep<2;rep++) {
t = r->v[31] >> 7;
r->v[31] &= 127;
t = times19(t);
r->v[0] += t;
for(i=0;i<31;i++)
{
for(i=0;i<31;i++) {
t = r->v[i] >> 8;
r->v[i+1] += t;
r->v[i] &= 255;
@ -877,22 +875,26 @@ static inline void fe25519_freeze(fe25519 *r)
{
int i;
crypto_uint32 m = equal(r->v[31],127);
for(i=30;i>0;i--)
for(i=30;i>0;i--) {
m &= equal(r->v[i],255);
}
m &= ge(r->v[0],237);
m = -m;
r->v[31] -= m&127;
for(i=30;i>0;i--)
for(i=30;i>0;i--) {
r->v[i] -= m&255;
}
r->v[0] -= m&237;
}
static inline void fe25519_unpack(fe25519 *r, const unsigned char x[32])
{
int i;
for(i=0;i<32;i++) r->v[i] = x[i];
for(i=0;i<32;i++) {
r->v[i] = x[i];
}
r->v[31] &= 127;
}
@ -902,8 +904,9 @@ static inline void fe25519_pack(unsigned char r[32], const fe25519 *x)
int i;
fe25519 y = *x;
fe25519_freeze(&y);
for(i=0;i<32;i++)
for(i=0;i<32;i++) {
r[i] = y.v[i];
}
}
static inline int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y)
@ -913,8 +916,11 @@ static inline int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y)
fe25519 t2 = *y;
fe25519_freeze(&t1);
fe25519_freeze(&t2);
for(i=0;i<32;i++)
if(t1.v[i] != t2.v[i]) return 0;
for(i=0;i<32;i++) {
if (t1.v[i] != t2.v[i]) {
return 0;
}
}
return 1;
}
@ -923,7 +929,9 @@ static inline void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b)
int i;
crypto_uint32 mask = b;
mask = -mask;
for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]);
for(i=0;i<32;i++) {
r->v[i] ^= mask & (x->v[i] ^ r->v[i]);
}
}
static inline unsigned char fe25519_getparity(const fe25519 *x)
@ -937,20 +945,26 @@ static inline void fe25519_setone(fe25519 *r)
{
int i;
r->v[0] = 1;
for(i=1;i<32;i++) r->v[i]=0;
for(i=1;i<32;i++) {
r->v[i]=0;
}
}
static inline void fe25519_setzero(fe25519 *r)
{
int i;
for(i=0;i<32;i++) r->v[i]=0;
for(i=0;i<32;i++) {
r->v[i]=0;
}
}
static inline void fe25519_neg(fe25519 *r, const fe25519 *x)
{
fe25519 t;
int i;
for(i=0;i<32;i++) t.v[i]=x->v[i];
for(i=0;i<32;i++) {
t.v[i]=x->v[i];
}
fe25519_setzero(r);
fe25519_sub(r, r, &t);
}
@ -958,7 +972,9 @@ static inline void fe25519_neg(fe25519 *r, const fe25519 *x)
static inline void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y)
{
int i;
for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
for(i=0;i<32;i++) {
r->v[i] = x->v[i] + y->v[i];
}
reduce_add_sub(r);
}
@ -968,8 +984,12 @@ static inline void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
crypto_uint32 t[32];
t[0] = x->v[0] + 0x1da;
t[31] = x->v[31] + 0xfe;
for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe;
for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i];
for(i=1;i<31;i++) {
t[i] = x->v[i] + 0x1fe;
}
for(i=0;i<32;i++) {
r->v[i] = t[i] - y->v[i];
}
reduce_add_sub(r);
}
@ -977,14 +997,19 @@ static inline void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y)
{
int i,j;
crypto_uint32 t[63];
for(i=0;i<63;i++)t[i] = 0;
for(i=0;i<63;i++) {
t[i] = 0;
}
for(i=0;i<32;i++)
for(j=0;j<32;j++)
for(i=0;i<32;i++) {
for(j=0;j<32;j++) {
t[i+j] += x->v[i] * y->v[j];
}
}
for(i=32;i<63;i++)
for(i=32;i<63;i++) {
r->v[i-32] = t[i-32] + times38(t[i]);
}
r->v[31] = t[31]; /* result now in r[0]...r[31] */
reduce_mul(r);
@ -1136,16 +1161,16 @@ static inline void reduce_add_sub(sc25519 *r)
int i;
unsigned char t[32];
for(i=0;i<32;i++)
{
for(i=0;i<32;i++) {
pb += m[i];
b = lt(r->v[i],pb);
t[i] = r->v[i]-pb+(b<<8);
pb = b;
}
mask = b - 1;
for(i=0;i<32;i++)
for(i=0;i<32;i++) {
r->v[i] ^= mask & (r->v[i] ^ t[i]);
}
}
/* Reduce coefficients of x before calling barrett_reduce */
@ -1161,31 +1186,43 @@ static inline void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
crypto_uint32 pb = 0;
crypto_uint32 b;
for (i = 0;i < 66;++i) q2[i] = 0;
for (i = 0;i < 33;++i) r2[i] = 0;
for (i = 0;i < 66;++i) {
q2[i] = 0;
}
for (i = 0;i < 33;++i) {
r2[i] = 0;
}
for(i=0;i<33;i++)
for(j=0;j<33;j++)
if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
for(i=0;i<33;i++) {
for(j=0;j<33;j++) {
if(i+j >= 31) {
q2[i+j] += mu[i]*x[j+31];
}
}
}
carry = q2[31] >> 8;
q2[32] += carry;
carry = q2[32] >> 8;
q2[33] += carry;
for(i=0;i<33;i++)r1[i] = x[i];
for(i=0;i<32;i++)
for(j=0;j<33;j++)
if(i+j < 33) r2[i+j] += m[i]*q3[j];
for(i=0;i<33;i++) {
r1[i] = x[i];
}
for(i=0;i<32;i++) {
for(j=0;j<33;j++) {
if(i+j < 33) {
r2[i+j] += m[i]*q3[j];
}
}
}
for(i=0;i<32;i++)
{
for(i=0;i<32;i++) {
carry = r2[i] >> 8;
r2[i+1] += carry;
r2[i] &= 0xff;
}
for(i=0;i<32;i++)
{
for(i=0;i<32;i++) {
pb += r2[i];
b = lt(r1[i],pb);
r->v[i] = r1[i]-pb+(b<<8);
@ -1204,8 +1241,12 @@ static inline void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
{
int i;
crypto_uint32 t[64];
for(i=0;i<32;i++) t[i] = x[i];
for(i=32;i<64;++i) t[i] = 0;
for(i=0;i<32;i++) {
t[i] = x[i];
}
for(i=32;i<64;++i) {
t[i] = 0;
}
barrett_reduce(r, t);
}
@ -1213,22 +1254,27 @@ static inline void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
{
int i;
crypto_uint32 t[64];
for(i=0;i<64;i++) t[i] = x[i];
for(i=0;i<64;i++) {
t[i] = x[i];
}
barrett_reduce(r, t);
}
static inline void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
{
int i;
for(i=0;i<32;i++) r[i] = x->v[i];
for(i=0;i<32;i++) {
r[i] = x->v[i];
}
}
static inline void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y)
{
int i, carry;
for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
for(i=0;i<31;i++)
{
for(i=0;i<32;i++) {
r->v[i] = x->v[i] + y->v[i];
}
for(i=0;i<31;i++) {
carry = r->v[i] >> 8;
r->v[i+1] += carry;
r->v[i] &= 0xff;
@ -1240,14 +1286,17 @@ static inline void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
{
int i,j,carry;
crypto_uint32 t[64];
for(i=0;i<64;i++)t[i] = 0;
for(i=0;i<64;i++) {
t[i] = 0;
}
for(i=0;i<32;i++)
for(j=0;j<32;j++)
for(i=0;i<32;i++) {
for(j=0;j<32;j++) {
t[i+j] += x->v[i] * y->v[j];
}
}
for(i=0;i<63;i++)
{
for(i=0;i<63;i++) {
carry = t[i] >> 8;
t[i+1] += carry;
t[i] &= 0xff;
@ -1260,8 +1309,7 @@ static inline void sc25519_window3(signed char r[85], const sc25519 *s)
{
char carry;
int i;
for(i=0;i<10;i++)
{
for(i=0;i<10;i++) {
r[8*i+0] = s->v[3*i+0] & 7;
r[8*i+1] = (s->v[3*i+0] >> 3) & 7;
r[8*i+2] = (s->v[3*i+0] >> 6) & 7;
@ -1282,8 +1330,7 @@ static inline void sc25519_window3(signed char r[85], const sc25519 *s)
/* Making it signed */
carry = 0;
for(i=0;i<84;i++)
{
for(i=0;i<84;i++) {
r[i] += carry;
r[i+1] += r[i] >> 3;
r[i] &= 7;
@ -1296,8 +1343,7 @@ static inline void sc25519_window3(signed char r[85], const sc25519 *s)
static inline void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2)
{
int i;
for(i=0;i<31;i++)
{
for(i=0;i<31;i++) {
r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2);
r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2);
r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2);
@ -2341,18 +2387,21 @@ static inline int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p
/* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */
fe25519_square(&chk, &r->x);
fe25519_mul(&chk, &chk, &den);
if (!fe25519_iseq_vartime(&chk, &num))
if (!fe25519_iseq_vartime(&chk, &num)) {
fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1);
}
/* 4. Now we have one of the two square roots, except if input was not a square */
fe25519_square(&chk, &r->x);
fe25519_mul(&chk, &chk, &den);
if (!fe25519_iseq_vartime(&chk, &num))
if (!fe25519_iseq_vartime(&chk, &num)) {
return -1;
}
/* 5. Choose the desired square root according to parity: */
if(fe25519_getparity(&r->x) != (1-par))
if(fe25519_getparity(&r->x) != (1-par)) {
fe25519_neg(&r->x, &r->x);
}
fe25519_mul(&r->t, &r->x, &r->y);
return 0;
@ -2399,18 +2448,19 @@ static inline void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge2551
/* scalar multiplication */
*r = pre[b[126]];
for(i=125;i>=0;i--)
{
for(i=125;i>=0;i--) {
dbl_p1p1(&tp1p1, (ge25519_p2 *)r);
p1p1_to_p2((ge25519_p2 *) r, &tp1p1);
dbl_p1p1(&tp1p1, (ge25519_p2 *)r);
if(b[i]!=0)
{
if(b[i]!=0) {
p1p1_to_p3(r, &tp1p1);
add_p1p1(&tp1p1, r, &pre[b[i]]);
}
if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1);
else p1p1_to_p3(r, &tp1p1);
if (i != 0) {
p1p1_to_p2((ge25519_p2 *)r, &tp1p1);
} else {
p1p1_to_p3(r, &tp1p1);
}
}
}
@ -2424,8 +2474,7 @@ static inline void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s)
choose_t((ge25519_aff *)r, 0, b[0]);
fe25519_setone(&r->z);
fe25519_mul(&r->t, &r->x, &r->y);
for(i=1;i<85;i++)
{
for(i=1;i<85;i++) {
choose_t(&t, (unsigned long long) i, b[i]);
ge25519_mixadd2(r, &t);
}
@ -2435,9 +2484,15 @@ static inline void get_hram(unsigned char *hram, const unsigned char *sm, const
{
unsigned long long i;
for (i = 0;i < 32;++i) playground[i] = sm[i];
for (i = 32;i < 64;++i) playground[i] = pk[i-32];
for (i = 64;i < smlen;++i) playground[i] = sm[i];
for (i = 0;i < 32;++i) {
playground[i] = sm[i];
}
for (i = 32;i < 64;++i) {
playground[i] = pk[i-32];
}
for (i = 64;i < smlen;++i) {
playground[i] = sm[i];
}
ZeroTier::SHA512(hram,playground,(unsigned int)smlen);
}
@ -2491,10 +2546,12 @@ void C25519::sign(const C25519::Private &myPrivate,const C25519::Public &myPubli
extsk[31] &= 127;
extsk[31] |= 64;
for(unsigned int i=0;i<32;i++)
for(unsigned int i=0;i<32;i++) {
sig[32 + i] = extsk[32 + i];
for(unsigned int i=0;i<32;i++)
}
for(unsigned int i=0;i<32;i++) {
sig[64 + i] = digest[i];
}
SHA512(hmg,sig + 32,64);
@ -2504,8 +2561,9 @@ void C25519::sign(const C25519::Private &myPrivate,const C25519::Public &myPubli
ge25519_pack(r, &ger);
/* Computation of s */
for(unsigned int i=0;i<32;i++)
for(unsigned int i=0;i<32;i++) {
sig[i] = r[i];
}
get_hram(hram,sig,myPublic.data + 32,sig,96);
@ -2516,8 +2574,9 @@ void C25519::sign(const C25519::Private &myPrivate,const C25519::Public &myPubli
sc25519_add(&scs, &scs, &sck);
sc25519_to32bytes(s,&scs); /* cat s */
for(unsigned int i=0;i<32;i++)
for(unsigned int i=0;i<32;i++) {
sig[32 + i] = s[i];
}
#endif
}
@ -2526,8 +2585,9 @@ bool C25519::verify(const C25519::Public &their,const void *msg,unsigned int len
const unsigned char *const sig = (const unsigned char *)signature;
unsigned char digest[64]; // we sign the first 32 bytes of SHA-512(msg)
SHA512(digest,msg,len);
if (!Utils::secureEq(sig + 64,digest,32))
if (!Utils::secureEq(sig + 64,digest,32)) {
return false;
}
unsigned char t2[32];
ge25519 get1, get2;
@ -2535,8 +2595,9 @@ bool C25519::verify(const C25519::Public &their,const void *msg,unsigned int len
unsigned char hram[crypto_hash_sha512_BYTES];
unsigned char m[96];
if (ge25519_unpackneg_vartime(&get1,their.data + 32))
if (ge25519_unpackneg_vartime(&get1,their.data + 32)) {
return false;
}
get_hram(hram,sig,their.data + 32,m,96);