Move all inout parameters to the front of the arguments list

aead.c

@@ -19,21 +19,19 @@
 
 
 int
-lc_aead_seal(const struct lc_aead_impl *impl, const uint8_t *key,
+lc_aead_seal(const struct lc_aead_impl *impl, uint8_t *out, size_t *outlen,
-    size_t keylen, const uint8_t *iv, size_t ivlen, uint8_t *out,
+    const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
-    size_t *outlen, const uint8_t *aad, size_t aadlen, const uint8_t *in,
+    const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen)
-    size_t inlen)
 {
-	return impl->seal(key, keylen, iv, ivlen, out, outlen, aad, aadlen, in,
+	return impl->seal(out, outlen, key, keylen, iv, ivlen, aad, aadlen, in,
 	    inlen);
 }
 
 int
-lc_aead_open(const struct lc_aead_impl *impl, const uint8_t *key,
+lc_aead_open(const struct lc_aead_impl *impl, uint8_t *out, size_t *outlen,
-    size_t keylen, const uint8_t *iv, size_t ivlen, uint8_t *out,
+    const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
-    size_t *outlen, const uint8_t *aad, size_t aadlen, const uint8_t *in,
+    const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen)
-    size_t inlen)
 {
-	return impl->open(key, keylen, iv, ivlen, out, outlen, aad, aadlen, in,
+	return impl->open(out, outlen, key, keylen, iv, ivlen, aad, aadlen, in,
 	    inlen);
 }

aead.h

@@ -19,10 +19,10 @@
 
 
 struct lc_aead_impl {
-	int	(*seal)(const uint8_t *, size_t, const uint8_t *, size_t,
+	int	(*seal)(uint8_t *, size_t *, const uint8_t *, size_t,
-		    uint8_t *, size_t *, const uint8_t *, size_t,
+		    const uint8_t *, size_t, const uint8_t *, size_t,
 		    const uint8_t *, size_t);
-	int	(*open)(const uint8_t *, size_t, const uint8_t *, size_t,
+	int	(*open)(uint8_t *, size_t *, const uint8_t *, size_t,
-		    uint8_t *, size_t *, const uint8_t *, size_t,
+		    const uint8_t *, size_t, const uint8_t *, size_t,
 		    const uint8_t *, size_t);
 };

aead_chacha20_poly1305.c

@@ -25,14 +25,16 @@
 
 
 /*
- * Implements ChaCha20-Poly1305 according to RFC 8439.
+ * Implements ChaCha20-Poly1305 according to RFC 8439, XChaCha20-Poly1305
+ * according to draft-irtf-cfrg-xchacha-03.
  */
 
-static uint8_t	zeropad[16];
+static const uint8_t	zeropad[16];
+
 
 static int
-chacha20_poly1305_seal(const uint8_t *key, size_t keylen, const uint8_t *iv,
+chacha20_poly1305_seal(uint8_t *out, size_t *outlen, const uint8_t *key,
-    size_t ivlen, uint8_t *out, size_t *outlen, const uint8_t *aad,
+    size_t keylen, const uint8_t *iv, size_t ivlen, const uint8_t *aad,
     size_t aadlen, const uint8_t *in, size_t inlen)
 {
 	struct chacha20_ctx	cctx;
@@ -102,8 +104,8 @@ chacha20_poly1305_seal(const uint8_t *key, size_t keylen, const uint8_t *iv,
 }
 
 static int
-chacha20_poly1305_open(const uint8_t *key, size_t keylen, const uint8_t *iv,
+chacha20_poly1305_open(uint8_t *out, size_t *outlen, const uint8_t *key,
-    size_t ivlen, uint8_t *out, size_t *outlen, const uint8_t *aad,
+    size_t keylen, const uint8_t *iv, size_t ivlen, const uint8_t *aad,
     size_t aadlen, const uint8_t *in, size_t inlen)
 {
 	const uint8_t		*tagp;
@@ -181,8 +183,8 @@ chacha20_poly1305_open(const uint8_t *key, size_t keylen, const uint8_t *iv,
 }
 
 static int
-xchacha20_poly1305_seal(const uint8_t *key, size_t keylen, const uint8_t *iv,
+xchacha20_poly1305_seal(uint8_t *out, size_t *outlen, const uint8_t *key,
-    size_t ivlen, uint8_t *out, size_t *outlen, const uint8_t *aad,
+    size_t keylen, const uint8_t *iv, size_t ivlen, const uint8_t *aad,
     size_t aadlen, const uint8_t *in, size_t inlen)
 {
 	struct chacha20_ctx	cctx;
@@ -252,8 +254,8 @@ xchacha20_poly1305_seal(const uint8_t *key, size_t keylen, const uint8_t *iv,
 }
 
 static int
-xchacha20_poly1305_open(const uint8_t *key, size_t keylen, const uint8_t *iv,
+xchacha20_poly1305_open(uint8_t *out, size_t *outlen, const uint8_t *key,
-    size_t ivlen, uint8_t *out, size_t *outlen, const uint8_t *aad,
+    size_t keylen, const uint8_t *iv, size_t ivlen, const uint8_t *aad,
     size_t aadlen, const uint8_t *in, size_t inlen)
 {
 	const uint8_t		*tagp;
@@ -346,6 +348,7 @@ lc_aead_impl_chacha20_poly1305(void)
 {
 	return &chacha20_poly1305_impl;
 }
+
 const struct lc_aead_impl *
 lc_aead_impl_xchacha20_poly1305(void)
 {

auth.c

@@ -40,10 +40,10 @@ lc_auth_final(struct lc_auth_ctx *ctx, uint8_t *out, size_t *outlen)
 }
 
 int
-lc_auth(const struct lc_auth_impl *impl, const uint8_t *key, size_t keylen,
+lc_auth(const struct lc_auth_impl *impl, uint8_t *out, size_t *outlen,
-    uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen)
+    const uint8_t *key, size_t keylen, const uint8_t *in, size_t inlen)
 {
-	return impl->auth(key, keylen, out, outlen, in, inlen);
+	return impl->auth(out, outlen, key, keylen, in, inlen);
 }
 
 struct lc_auth_ctx *

auth.h

@@ -22,7 +22,7 @@ struct lc_auth_impl {
 	int	 (*init)(void *, const uint8_t *, size_t);
 	int	 (*update)(void *, const uint8_t *, size_t);
 	int	 (*final)(void *, uint8_t *, size_t *);
-	int	 (*auth)(const uint8_t *, size_t, uint8_t *, size_t *,
+	int	 (*auth)(uint8_t *, size_t *, const uint8_t *, size_t,
 		    const uint8_t *, size_t);
 
 	void	*(*ctx_new)(void);

auth_poly1305.c

@@ -138,7 +138,7 @@ poly1305_final(void *arg, uint8_t *out, size_t *outlen)
 }
 
 static int
-poly1305_auth(const uint8_t *key, size_t keylen, uint8_t *out, size_t *outlen,
+poly1305_auth(uint8_t *out, size_t *outlen, const uint8_t *key, size_t keylen,
     const uint8_t *in, size_t inlen)
 {
 	struct poly1305_ctx	ctx;

cipher.c

@@ -42,11 +42,11 @@ lc_cipher_encrypt_final(struct lc_cipher_ctx *ctx, uint8_t *out,
 }
 
 int
-lc_cipher_encrypt(const struct lc_cipher_impl *impl, const uint8_t *key,
+lc_cipher_encrypt(const struct lc_cipher_impl *impl, uint8_t *out,
-    size_t keylen, const uint8_t *iv, size_t ivlen, uint8_t *out,
+    size_t *outlen, const uint8_t *key, size_t keylen, const uint8_t *iv,
-    size_t *outlen, const uint8_t *in, size_t inlen)
+    size_t ivlen, const uint8_t *in, size_t inlen)
 {
-	return impl->encrypt(key, keylen, iv, ivlen, out, outlen, in, inlen);
+	return impl->encrypt(out, outlen, key, keylen, iv, ivlen, in, inlen);
 }
 
 int
@@ -71,11 +71,11 @@ lc_cipher_decrypt_final(struct lc_cipher_ctx *ctx, uint8_t *out,
 }
 
 int
-lc_cipher_decrypt(const struct lc_cipher_impl *impl, const uint8_t *key,
+lc_cipher_decrypt(const struct lc_cipher_impl *impl, uint8_t *out,
-    size_t keylen, const uint8_t *iv, size_t ivlen, uint8_t *out,
+    size_t *outlen, const uint8_t *key, size_t keylen, const uint8_t *iv,
-    size_t *outlen, const uint8_t *in, size_t inlen)
+    size_t ivlen, const uint8_t *in, size_t inlen)
 {
-	return impl->decrypt(key, keylen, iv, ivlen, out, outlen, in, inlen);
+	return impl->decrypt(out, outlen, key, keylen, iv, ivlen, in, inlen);
 }
 
 struct lc_cipher_ctx *

cipher.h

@@ -24,16 +24,16 @@ struct lc_cipher_impl {
 	int	 (*encrypt_update)(void *, uint8_t *, size_t *, const uint8_t *,
 		    size_t);
 	int	 (*encrypt_final)(void *, uint8_t *, size_t *);
-	int	 (*encrypt)(const uint8_t *, size_t, const uint8_t *, size_t,
+	int	 (*encrypt)(uint8_t *, size_t *, const uint8_t *, size_t,
-		    uint8_t *, size_t *, const uint8_t *, size_t);
+		    const uint8_t *, size_t, const uint8_t *, size_t);
 
 	int	 (*decrypt_init)(void *, const uint8_t *, size_t,
 		    const uint8_t *, size_t);
 	int	 (*decrypt_update)(void *, uint8_t *, size_t *, const uint8_t *,
 		    size_t);
 	int	 (*decrypt_final)(void *, uint8_t *, size_t *);
-	int	 (*decrypt)(const uint8_t *, size_t, const uint8_t *, size_t,
+	int	 (*decrypt)(uint8_t *, size_t *, const uint8_t *, size_t,
-		    uint8_t *, size_t *, const uint8_t *, size_t);
+		    const uint8_t *, size_t, const uint8_t *, size_t);
 
 	void	*(*ctx_new)(void);
 	void	 (*ctx_free)(void *);

cipher_chacha20.c

@@ -193,8 +193,8 @@ chacha20_common_final(void *arg, uint8_t *out, size_t *outlen)
 }
 
 int
-chacha20_common(const uint8_t *key, size_t keylen, const uint8_t *iv,
+chacha20_common(uint8_t *out, size_t *outlen, const uint8_t *key,
-    size_t ivlen, uint8_t *out, size_t *outlen, const uint8_t *in,
+    size_t keylen, const uint8_t *iv, size_t ivlen, const uint8_t *in,
     size_t inlen)
 {
 	struct chacha20_ctx	ctx;

cipher_chacha20.h

@@ -29,5 +29,5 @@ int	xchacha20_common_init(void *, const uint8_t *, size_t, const uint8_t *,
 int	chacha20_common_update(void *, uint8_t *, size_t *, const uint8_t *,
 	    size_t);
 int	chacha20_common_final(void *, uint8_t *, size_t *);
-int	chacha20_common(const uint8_t *, size_t, const uint8_t *, size_t,
+int	chacha20_common(uint8_t *, size_t *, const uint8_t *, size_t,
-	    uint8_t *, size_t *, const uint8_t *, size_t);
+	    const uint8_t *, size_t, const uint8_t *, size_t);

lilcrypto.h

@@ -14,6 +14,9 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#ifndef LILCRYPTO_H
+#define LILCRYPTO_H
+
 #include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
@@ -81,8 +84,8 @@ struct lc_auth_impl;
 int	lc_auth_init(struct lc_auth_ctx *, const uint8_t *, size_t);
 int	lc_auth_update(struct lc_auth_ctx *, const uint8_t *, size_t);
 int	lc_auth_final(struct lc_auth_ctx *, uint8_t *, size_t *);
-int	lc_auth(const struct lc_auth_impl *, const uint8_t *, size_t,
+int	lc_auth(const struct lc_auth_impl *, uint8_t *, size_t *,
-	    uint8_t *, size_t *, const uint8_t *, size_t);
+	    const uint8_t *, size_t, const uint8_t *, size_t);
 
 struct lc_auth_ctx	*lc_auth_ctx_new(const struct lc_auth_impl *);
 void			 lc_auth_ctx_free(struct lc_auth_ctx *);
@@ -107,17 +110,17 @@ int	lc_cipher_encrypt_init(struct lc_cipher_ctx *, const uint8_t *, size_t,
 int	lc_cipher_encrypt_update(struct lc_cipher_ctx *, uint8_t *, size_t *,
 	    const uint8_t *, size_t);
 int	lc_cipher_encrypt_final(struct lc_cipher_ctx *, uint8_t *, size_t *);
-int	lc_cipher_encrypt(const struct lc_cipher_impl *, const uint8_t *,
+int	lc_cipher_encrypt(const struct lc_cipher_impl *, uint8_t *, size_t *,
-	    size_t, const uint8_t *, size_t, uint8_t *, size_t *,
+	    const uint8_t *, size_t, const uint8_t *, size_t, const uint8_t *,
-	    const uint8_t *, size_t);
+	    size_t);
 int	lc_cipher_decrypt_init(struct lc_cipher_ctx *, const uint8_t *, size_t,
 	    const uint8_t *, size_t);
 int	lc_cipher_decrypt_update(struct lc_cipher_ctx *, uint8_t *, size_t *,
 	    const uint8_t *, size_t);
 int	lc_cipher_decrypt_final(struct lc_cipher_ctx *, uint8_t *, size_t *);
-int	lc_cipher_decrypt(const struct lc_cipher_impl *, const uint8_t *,
+int	lc_cipher_decrypt(const struct lc_cipher_impl *, uint8_t *, size_t *,
-	    size_t, const uint8_t *, size_t, uint8_t *, size_t *,
+	    const uint8_t *, size_t, const uint8_t *, size_t, const uint8_t *,
-	    const uint8_t *, size_t);
+	    size_t);
 
 struct lc_cipher_ctx	*lc_cipher_ctx_new(const struct lc_cipher_impl *);
 void			 lc_cipher_ctx_free(struct lc_cipher_ctx *);
@@ -133,12 +136,12 @@ const struct lc_cipher_impl	*lc_cipher_impl_xchacha20(void);
 struct lc_aead_impl;
 
 
-int	lc_aead_seal(const struct lc_aead_impl *, const uint8_t *, size_t,
+int	lc_aead_seal(const struct lc_aead_impl *, uint8_t *, size_t *,
-    const uint8_t *, size_t, uint8_t *, size_t *, const uint8_t *, size_t,
+	    const uint8_t *, size_t, const uint8_t *, size_t, const uint8_t *,
-    const uint8_t *, size_t);
+	    size_t, const uint8_t *, size_t);
-int	lc_aead_open(const struct lc_aead_impl *, const uint8_t *, size_t,
+int	lc_aead_open(const struct lc_aead_impl *, uint8_t *, size_t *,
-    const uint8_t *, size_t, uint8_t *, size_t *, const uint8_t *, size_t,
+	    const uint8_t *, size_t, const uint8_t *, size_t, const uint8_t *,
-    const uint8_t *, size_t);
+	    size_t, const uint8_t *, size_t);
 
 const struct lc_aead_impl	*lc_aead_impl_chacha20_poly1305(void);
 const struct lc_aead_impl	*lc_aead_impl_xchacha20_poly1305(void);
@@ -150,3 +153,5 @@ const struct lc_aead_impl	*lc_aead_impl_xchacha20_poly1305(void);
 
 int	lc_hexdump_fp(FILE *, const void *, size_t);
 void	lc_scrub(void *, size_t);
+
+#endif /* LILCRYPTO_H */

wycheproof_aead.c

@@ -235,7 +235,7 @@ main(int argc, char *argv[])
 
 	/* Encryption. */
 
-	if (!lc_aead_seal(impl, key, keylenarg, iv, ivlenarg, NULL, &encoutlen,
+	if (!lc_aead_seal(impl, NULL, &encoutlen, key, keylenarg, iv, ivlenarg,
 	    aad, aadlen, msg, msglen)) {
 		puts("invalid");
 		return 1;
@@ -243,8 +243,8 @@ main(int argc, char *argv[])
 	encout = malloc(encoutlen);
 	if (encout == NULL)
 		err(1, "out of memory");
-	if (!lc_aead_seal(impl, key, keylenarg, iv, ivlenarg, encout,
+	if (!lc_aead_seal(impl, encout, &encoutlen, key, keylenarg, iv,
-	    &encoutlen, aad, aadlen, msg, msglen)) {
+	    ivlenarg, aad, aadlen, msg, msglen)) {
 		puts("invalid");
 		return 1;
 	}
@@ -272,7 +272,8 @@ main(int argc, char *argv[])
 			    (size_t)LC_POLY1305_TAGLEN);
 			lc_hexdump_fp(stderr, tag, taglen);
 			fprintf(stderr, "\n");
-			lc_hexdump_fp(stderr, encout + ctlen, LC_POLY1305_TAGLEN);
+			lc_hexdump_fp(stderr, encout + ctlen,
+			    LC_POLY1305_TAGLEN);
 			fprintf(stderr, "\n");
 		}
 		puts("invalid");
@@ -287,7 +288,7 @@ main(int argc, char *argv[])
 	memcpy(buf, ct, ctlen);
 	memcpy(buf + ctlen, tag, taglen);
 
-	if (!lc_aead_open(impl, key, keylenarg, iv, ivlenarg, NULL, &decoutlen,
+	if (!lc_aead_open(impl, NULL, &decoutlen, key, keylenarg, iv, ivlenarg,
 	    aad, aadlen, buf, ctlen + taglen)) {
 		puts("invalid");
 		return 1;
@@ -295,8 +296,8 @@ main(int argc, char *argv[])
 	decout = malloc(decoutlen);
 	if (encout == NULL)
 		err(1, "out of memory");
-	if (!lc_aead_open(impl, key, keylenarg, iv, ivlenarg, decout,
+	if (!lc_aead_open(impl, decout, &decoutlen, key, keylenarg, iv,
-	    &decoutlen, aad, aadlen, buf, ctlen + taglen)) {
+	    ivlenarg, aad, aadlen, buf, ctlen + taglen)) {
 		puts("invalid");
 		return 1;
 	}