PascalCase *box names, remove unneeded comptime & parenthesis

Also rename (salsa20|chacha20)Internal() to a better name. And sort reexported crypto.* names
2026-02-12 20:37:54 +00:00 · 2020-10-26 08:44:40 +01:00 · 2020-10-26 08:44:40 +01:00 · ea45897fcc
commit ea45897fcc
parent 6d2f103bfb
3 changed files with 58 additions and 52 deletions
--- a/lib/std/crypto.zig
+++ b/lib/std/crypto.zig
@ -6,13 +6,17 @@

 /// Authenticated Encryption with Associated Data
 pub const aead = struct {
-    pub const Gimli = @import("crypto/gimli.zig").Aead;
-    pub const ChaCha20Poly1305 = @import("crypto/chacha20.zig").Chacha20Poly1305;
-    pub const XChaCha20Poly1305 = @import("crypto/chacha20.zig").XChacha20Poly1305;
    pub const Aegis128L = @import("crypto/aegis.zig").Aegis128L;
    pub const Aegis256 = @import("crypto/aegis.zig").Aegis256;
+
    pub const Aes128Gcm = @import("crypto/aes_gcm.zig").Aes128Gcm;
    pub const Aes256Gcm = @import("crypto/aes_gcm.zig").Aes256Gcm;
+
+    pub const Gimli = @import("crypto/gimli.zig").Aead;
+
+    pub const ChaCha20Poly1305 = @import("crypto/chacha20.zig").Chacha20Poly1305;
+    pub const XChaCha20Poly1305 = @import("crypto/chacha20.zig").XChacha20Poly1305;
+
    pub const XSalsa20Poly1305 = @import("crypto/salsa20.zig").XSalsa20Poly1305;
 };

@ -49,13 +53,13 @@ pub const ecc = struct {

 /// Hash functions.
 pub const hash = struct {
+    pub const blake2 = @import("crypto/blake2.zig");
+    pub const Blake3 = @import("crypto/blake3.zig").Blake3;
+    pub const Gimli = @import("crypto/gimli.zig").Hash;
    pub const Md5 = @import("crypto/md5.zig").Md5;
    pub const Sha1 = @import("crypto/sha1.zig").Sha1;
    pub const sha2 = @import("crypto/sha2.zig");
    pub const sha3 = @import("crypto/sha3.zig");
-    pub const blake2 = @import("crypto/blake2.zig");
-    pub const Blake3 = @import("crypto/blake3.zig").Blake3;
-    pub const Gimli = @import("crypto/gimli.zig").Hash;
 };

 /// Key derivation functions.
@ -65,8 +69,8 @@ pub const kdf = struct {

 /// MAC functions requiring single-use secret keys.
 pub const onetimeauth = struct {
-    pub const Poly1305 = @import("crypto/poly1305.zig").Poly1305;
    pub const Ghash = @import("crypto/ghash.zig").Ghash;
+    pub const Poly1305 = @import("crypto/poly1305.zig").Poly1305;
 };

 /// A password hashing function derives a uniform key from low-entropy input material such as passwords.
@ -99,17 +103,19 @@ pub const sign = struct {
 /// Most applications should be using AEAD constructions instead of stream ciphers directly.
 pub const stream = struct {
    pub const ChaCha20IETF = @import("crypto/chacha20.zig").ChaCha20IETF;
-    pub const XChaCha20IETF = @import("crypto/chacha20.zig").XChaCha20IETF;
    pub const ChaCha20With64BitNonce = @import("crypto/chacha20.zig").ChaCha20With64BitNonce;
+    pub const XChaCha20IETF = @import("crypto/chacha20.zig").XChaCha20IETF;
+
    pub const Salsa20 = @import("crypto/salsa20.zig").Salsa20;
    pub const XSalsa20 = @import("crypto/salsa20.zig").XSalsa20;
 };

 pub const nacl = struct {
    const salsa20 = @import("crypto/salsa20.zig");
-    pub const box = salsa20.box;
-    pub const secretBox = salsa20.secretBox;
-    pub const sealedBox = salsa20.sealedBox;
+
+    pub const Box = salsa20.Box;
+    pub const SecretBox = salsa20.SecretBox;
+    pub const SealedBox = salsa20.SealedBox;
 };

 const std = @import("std.zig");
--- a/lib/std/crypto/chacha20.zig
+++ b/lib/std/crypto/chacha20.zig
@ -100,7 +100,7 @@ const ChaCha20VecImpl = struct {
        x[3] +%= ctx[3];
    }

-    fn chaCha20Internal(out: []u8, in: []const u8, key: [8]u32, counter: [4]u32) void {
+    fn chacha20Xor(out: []u8, in: []const u8, key: [8]u32, counter: [4]u32) void {
        var ctx = initContext(key, counter);
        var x: BlockVec = undefined;
        var buf: [64]u8 = undefined;
@ -239,7 +239,7 @@ const ChaCha20NonVecImpl = struct {
        }
    }

-    fn chaCha20Internal(out: []u8, in: []const u8, key: [8]u32, counter: [4]u32) void {
+    fn chacha20Xor(out: []u8, in: []const u8, key: [8]u32, counter: [4]u32) void {
        var ctx = initContext(key, counter);
        var x: BlockVec = undefined;
        var buf: [64]u8 = undefined;
@ -325,7 +325,7 @@ pub const ChaCha20IETF = struct {
        c[1] = mem.readIntLittle(u32, nonce[0..4]);
        c[2] = mem.readIntLittle(u32, nonce[4..8]);
        c[3] = mem.readIntLittle(u32, nonce[8..12]);
-        ChaCha20Impl.chaCha20Internal(out, in, keyToWords(key), c);
+        ChaCha20Impl.chacha20Xor(out, in, keyToWords(key), c);
    }
 };

@ -351,7 +351,7 @@ pub const ChaCha20With64BitNonce = struct {

        // first partial big block
        if (((@intCast(u64, maxInt(u32) - @truncate(u32, counter)) + 1) << 6) < in.len) {
-            ChaCha20Impl.chaCha20Internal(out[cursor..big_block], in[cursor..big_block], k, c);
+            ChaCha20Impl.chacha20Xor(out[cursor..big_block], in[cursor..big_block], k, c);
            cursor = big_block - cursor;
            c[1] += 1;
            if (comptime @sizeOf(usize) > 4) {
@ -359,14 +359,14 @@ pub const ChaCha20With64BitNonce = struct {
                var remaining_blocks: u32 = @intCast(u32, (in.len / big_block));
                var i: u32 = 0;
                while (remaining_blocks > 0) : (remaining_blocks -= 1) {
-                    ChaCha20Impl.chaCha20Internal(out[cursor .. cursor + big_block], in[cursor .. cursor + big_block], k, c);
-                    c[1] += 1; // upper 32-bit of counter, generic chaCha20Internal() doesn't know about this.
+                    ChaCha20Impl.chacha20Xor(out[cursor .. cursor + big_block], in[cursor .. cursor + big_block], k, c);
+                    c[1] += 1; // upper 32-bit of counter, generic chacha20Xor() doesn't know about this.
                    cursor += big_block;
                }
            }
        }

-        ChaCha20Impl.chaCha20Internal(out[cursor..], in[cursor..], k, c);
+        ChaCha20Impl.chacha20Xor(out[cursor..], in[cursor..], k, c);
    }
 };

@ -694,7 +694,7 @@ fn chacha20poly1305OpenDetached(dst: []u8, ciphertext: []const u8, tag: *const [
    // See https://github.com/ziglang/zig/issues/1776
    var acc: u8 = 0;
    for (computedTag) |_, i| {
-        acc |= (computedTag[i] ^ tag[i]);
+        acc |= computedTag[i] ^ tag[i];
    }
    if (acc != 0) {
        return error.AuthenticationFailed;
--- a/lib/std/crypto/salsa20.zig
+++ b/lib/std/crypto/salsa20.zig
@ -40,7 +40,7 @@ const Salsa20NonVecImpl = struct {
        d: u6,
    };

-    inline fn Rp(comptime a: usize, comptime b: usize, comptime c: usize, comptime d: u6) QuarterRound {
+    inline fn Rp(a: usize, b: usize, c: usize, d: u6) QuarterRound {
        return QuarterRound{
            .a = a,
            .b = b,
@ -82,7 +82,7 @@ const Salsa20NonVecImpl = struct {
        }
    }

-    fn salsa20Internal(out: []u8, in: []const u8, key: [8]u32, d: [4]u32) void {
+    fn salsa20Xor(out: []u8, in: []const u8, key: [8]u32, d: [4]u32) void {
        var ctx = initContext(key, d);
        var x: BlockVec = undefined;
        var buf: [64]u8 = undefined;
@ -174,7 +174,7 @@ pub const Salsa20 = struct {
        d[1] = mem.readIntLittle(u32, nonce[4..8]);
        d[2] = @truncate(u32, counter);
        d[3] = @truncate(u32, counter >> 32);
-        Salsa20Impl.salsa20Internal(out, in, keyToWords(key), d);
+        Salsa20Impl.salsa20Xor(out, in, keyToWords(key), d);
    }
 };

@ -244,7 +244,7 @@ pub const XSalsa20Poly1305 = struct {
        mac.final(&computedTag);
        var acc: u8 = 0;
        for (computedTag) |_, i| {
-            acc |= (computedTag[i] ^ tag[i]);
+            acc |= computedTag[i] ^ tag[i];
        }
        if (acc != 0) {
            mem.secureZero(u8, &computedTag);
@ -261,7 +261,7 @@ pub const XSalsa20Poly1305 = struct {
 /// A secret key shared by all the recipients must be already known in order to use this API.
 ///
 /// Nonces are 192-bit large and can safely be chosen with a random number generator.
-pub const secretBox = struct {
+pub const SecretBox = struct {
    /// Key length in bytes.
    pub const key_length = XSalsa20Poly1305.key_length;
    /// Nonce length in bytes.
@ -295,7 +295,7 @@ pub const secretBox = struct {
 /// and is decrypted using the recipient's secret key and the sender's public key.
 ///
 /// Nonces are 192-bit large and can safely be chosen with a random number generator.
-pub const box = struct {
+pub const Box = struct {
    /// Public key length in bytes.
    pub const public_length = X25519.public_length;
    /// Secret key length in bytes.
@ -323,13 +323,13 @@ pub const box = struct {
    /// Encrypt and authenticate a message using a recipient's public key `public_key` and a sender's `secret_key`.
    pub fn seal(c: []u8, m: []const u8, npub: [nonce_length]u8, public_key: [public_length]u8, secret_key: [secret_length]u8) !void {
        const shared_key = try createSharedSecret(public_key, secret_key);
-        return secretBox.seal(c, m, npub, shared_key);
+        return SecretBox.seal(c, m, npub, shared_key);
    }

    /// Verify and decrypt a message using a recipient's secret key `public_key` and a sender's `public_key`.
    pub fn open(m: []u8, c: []const u8, npub: [nonce_length]u8, public_key: [public_length]u8, secret_key: [secret_length]u8) !void {
        const shared_key = try createSharedSecret(public_key, secret_key);
-        return secretBox.open(m, c, npub, shared_key);
+        return SecretBox.open(m, c, npub, shared_key);
    }
 };

@ -340,20 +340,20 @@ pub const box = struct {
 /// While the recipient can verify the integrity of the message, it cannot verify the identity of the sender.
 ///
 /// A message is encrypted using an ephemeral key pair, whose secret part is destroyed right after the encryption process.
-pub const sealedBox = struct {
-    pub const public_length = box.public_length;
-    pub const secret_length = box.secret_length;
-    pub const seed_length = box.seed_length;
-    pub const seal_length = box.public_length + box.tag_length;
+pub const SealedBox = struct {
+    pub const public_length = Box.public_length;
+    pub const secret_length = Box.secret_length;
+    pub const seed_length = Box.seed_length;
+    pub const seal_length = Box.public_length + Box.tag_length;

    /// A key pair.
-    pub const KeyPair = box.KeyPair;
+    pub const KeyPair = Box.KeyPair;

-    fn createNonce(pk1: [public_length]u8, pk2: [public_length]u8) [box.nonce_length]u8 {
-        var hasher = Blake2b(box.nonce_length * 8).init(.{});
+    fn createNonce(pk1: [public_length]u8, pk2: [public_length]u8) [Box.nonce_length]u8 {
+        var hasher = Blake2b(Box.nonce_length * 8).init(.{});
        hasher.update(&pk1);
        hasher.update(&pk2);
-        var nonce: [box.nonce_length]u8 = undefined;
+        var nonce: [Box.nonce_length]u8 = undefined;
        hasher.final(&nonce);
        return nonce;
    }
@ -365,7 +365,7 @@ pub const sealedBox = struct {
        var ekp = try KeyPair.create(null);
        const nonce = createNonce(ekp.public_key, public_key);
        mem.copy(u8, c[0..public_length], ekp.public_key[0..]);
-        try box.seal(c[box.public_length..], m, nonce, public_key, ekp.secret_key);
+        try Box.seal(c[Box.public_length..], m, nonce, public_key, ekp.secret_key);
        mem.secureZero(u8, ekp.secret_key[0..]);
    }

@ -377,7 +377,7 @@ pub const sealedBox = struct {
        }
        const epk = c[0..public_length];
        const nonce = createNonce(epk.*, keypair.public_key);
-        return box.open(m, c[public_length..], nonce, epk.*, keypair.secret_key);
+        return Box.open(m, c[public_length..], nonce, epk.*, keypair.secret_key);
    }
 };

@ -400,37 +400,37 @@ test "xsalsa20poly1305 secretbox" {
    var msg: [100]u8 = undefined;
    var msg2: [msg.len]u8 = undefined;
    var key: [XSalsa20Poly1305.key_length]u8 = undefined;
-    var nonce: [box.nonce_length]u8 = undefined;
-    var boxed: [msg.len + box.tag_length]u8 = undefined;
+    var nonce: [Box.nonce_length]u8 = undefined;
+    var boxed: [msg.len + Box.tag_length]u8 = undefined;
    try crypto.randomBytes(&msg);
    try crypto.randomBytes(&key);
    try crypto.randomBytes(&nonce);

-    secretBox.seal(boxed[0..], msg[0..], nonce, key);
-    try secretBox.open(msg2[0..], boxed[0..], nonce, key);
+    SecretBox.seal(boxed[0..], msg[0..], nonce, key);
+    try SecretBox.open(msg2[0..], boxed[0..], nonce, key);
 }

 test "xsalsa20poly1305 box" {
    var msg: [100]u8 = undefined;
    var msg2: [msg.len]u8 = undefined;
-    var nonce: [box.nonce_length]u8 = undefined;
-    var boxed: [msg.len + box.tag_length]u8 = undefined;
+    var nonce: [Box.nonce_length]u8 = undefined;
+    var boxed: [msg.len + Box.tag_length]u8 = undefined;
    try crypto.randomBytes(&msg);
    try crypto.randomBytes(&nonce);

-    var kp1 = try box.KeyPair.create(null);
-    var kp2 = try box.KeyPair.create(null);
-    try box.seal(boxed[0..], msg[0..], nonce, kp1.public_key, kp2.secret_key);
-    try box.open(msg2[0..], boxed[0..], nonce, kp2.public_key, kp1.secret_key);
+    var kp1 = try Box.KeyPair.create(null);
+    var kp2 = try Box.KeyPair.create(null);
+    try Box.seal(boxed[0..], msg[0..], nonce, kp1.public_key, kp2.secret_key);
+    try Box.open(msg2[0..], boxed[0..], nonce, kp2.public_key, kp1.secret_key);
 }

 test "xsalsa20poly1305 sealedbox" {
    var msg: [100]u8 = undefined;
    var msg2: [msg.len]u8 = undefined;
-    var boxed: [msg.len + sealedBox.seal_length]u8 = undefined;
+    var boxed: [msg.len + SealedBox.seal_length]u8 = undefined;
    try crypto.randomBytes(&msg);

-    var kp = try box.KeyPair.create(null);
-    try sealedBox.seal(boxed[0..], msg[0..], kp.public_key);
-    try sealedBox.open(msg2[0..], boxed[0..], kp);
+    var kp = try Box.KeyPair.create(null);
+    try SealedBox.seal(boxed[0..], msg[0..], kp.public_key);
+    try SealedBox.open(msg2[0..], boxed[0..], kp);
 }