Reindent

.clang-format

@@ -1,95 +1,165 @@
 ---
-Language:        Cpp
+Language: Cpp
 AccessModifierOffset: -4
 AlignAfterOpenBracket: Align
+AlignConsecutiveMacros: true
 AlignConsecutiveAssignments: true
+AlignConsecutiveBitFields: true
 AlignConsecutiveDeclarations: true
-AlignEscapedNewlinesLeft: true
-AlignOperands:   true
-AlignTrailingComments: true
+AlignEscapedNewlines: true
+AlignOperands: true
+AlignTrailingComments: false
+AllowAllArgumentsOnNextLine: true
+AllowAllConstructorInitializersOnNextLine: true
 AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortEnumsOnASingleLine: true
 AllowShortBlocksOnASingleLine: false
 AllowShortCaseLabelsOnASingleLine: false
-AllowShortFunctionsOnASingleLine: Inline
-AllowShortIfStatementsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: false
+AllowShortLambdasOnASingleLine: All
+AllowShortIfStatementsOnASingleLine: Never
 AllowShortLoopsOnASingleLine: false
 AlwaysBreakAfterDefinitionReturnType: None
 AlwaysBreakAfterReturnType: TopLevelDefinitions
 AlwaysBreakBeforeMultilineStrings: true
-AlwaysBreakTemplateDeclarations: true
+AlwaysBreakTemplateDeclarations: MultiLine
+AttributeMacros:
+  - __capability
 BinPackArguments: true
 BinPackParameters: true
-BraceWrapping:   
-  AfterClass:      false
-  AfterControlStatement: false
-  AfterEnum:       false
-  AfterFunction:   true
-  AfterNamespace:  false
+BraceWrapping:
+  AfterCaseLabel: false
+  AfterClass: false
+  AfterControlStatement: Never
+  AfterEnum: false
+  AfterFunction: true
+  AfterNamespace: false
   AfterObjCDeclaration: false
-  AfterStruct:     false
-  AfterUnion:      false
-  BeforeCatch:     false
-  BeforeElse:      false
-  IndentBraces:    false
+  AfterStruct: false
+  AfterUnion: false
+  AfterExternBlock: false
+  BeforeCatch: false
+  BeforeElse: false
+  BeforeLambdaBody: false
+  BeforeWhile: false
+  IndentBraces: false
+  SplitEmptyFunction: true
+  SplitEmptyRecord: true
+  SplitEmptyNamespace: true
 BreakBeforeBinaryOperators: None
+BreakBeforeConceptDeclarations: true
 BreakBeforeBraces: WebKit
+BreakBeforeInheritanceComma: true
+BreakInheritanceList: BeforeColon
 BreakBeforeTernaryOperators: true
-BreakConstructorInitializersBeforeComma: true
+BreakConstructorInitializersBeforeComma: false
+BreakConstructorInitializers: BeforeComma
 BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: true
-ColumnLimit:     100
-CommentPragmas:  '^ IWYU pragma:'
+ColumnLimit: 100
+CommentPragmas: "^ IWYU pragma:"
+CompactNamespaces: false
 ConstructorInitializerAllOnOneLineOrOnePerLine: false
 ConstructorInitializerIndentWidth: 4
 ContinuationIndentWidth: 4
 Cpp11BracedListStyle: false
+DeriveLineEnding: true
 DerivePointerAlignment: true
-DisableFormat:   false
-ExperimentalAutoDetectBinPacking: false
-ForEachMacros:   [ foreach, Q_FOREACH, BOOST_FOREACH ]
-IncludeCategories: 
-  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
-    Priority:        2
-  - Regex:           '^(<|"(gtest|isl|json)/)'
-    Priority:        3
-  - Regex:           '.*'
-    Priority:        1
-IncludeIsMainRegex: '$'
+DisableFormat: false
+EmptyLineBeforeAccessModifier: LogicalBlock
+ExperimentalAutoDetectBinPacking: true
+FixNamespaceComments: false
+ForEachMacros:
+  - foreach
+  - Q_FOREACH
+  - BOOST_FOREACH
+StatementAttributeLikeMacros:
+  - Q_EMIT
+IncludeBlocks: Preserve
+IncludeCategories:
+  - Regex: '^"(llvm|llvm-c|clang|clang-c)/'
+    Priority: 2
+    SortPriority: 0
+    CaseSensitive: false
+  - Regex: '^(<|"(gtest|gmock|isl|json)/)'
+    Priority: 3
+    SortPriority: 0
+    CaseSensitive: false
+  - Regex: ".*"
+    Priority: 1
+    SortPriority: 0
+    CaseSensitive: false
+IncludeIsMainRegex: "(Test)?$"
+IncludeIsMainSourceRegex: ""
 IndentCaseLabels: false
-IndentWidth:     4
+IndentCaseBlocks: false
+IndentGotoLabels: true
+IndentPPDirectives: None
+IndentExternBlock: AfterExternBlock
+IndentRequires: false
+IndentWidth: 4
 IndentWrappedFunctionNames: false
+InsertTrailingCommas: None
 JavaScriptQuotes: Leave
 JavaScriptWrapImports: true
-KeepEmptyLinesAtTheStartOfBlocks: false
-MacroBlockBegin: ''
-MacroBlockEnd:   ''
+KeepEmptyLinesAtTheStartOfBlocks: true
+MacroBlockBegin: ""
+MacroBlockEnd: ""
 MaxEmptyLinesToKeep: 1
 NamespaceIndentation: Inner
+ObjCBinPackProtocolList: Auto
 ObjCBlockIndentWidth: 4
+ObjCBreakBeforeNestedBlockParam: true
 ObjCSpaceAfterProperty: true
 ObjCSpaceBeforeProtocolList: true
+PenaltyBreakAssignment: 2
 PenaltyBreakBeforeFirstCallParameter: 19
 PenaltyBreakComment: 300
 PenaltyBreakFirstLessLess: 120
 PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
 PenaltyExcessCharacter: 1000000
 PenaltyReturnTypeOnItsOwnLine: 60
-PointerAlignment: Right
-ReflowComments:  true
-SortIncludes:    true
+PenaltyIndentedWhitespace: 0
+PointerAlignment: Left
+ReflowComments: true
+SortIncludes: true
+SortJavaStaticImport: Before
+SortUsingDeclarations: true
 SpaceAfterCStyleCast: true
+SpaceAfterLogicalNot: false
 SpaceAfterTemplateKeyword: true
 SpaceBeforeAssignmentOperators: true
+SpaceBeforeCaseColon: false
+SpaceBeforeCpp11BracedList: true
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
 SpaceBeforeParens: ControlStatements
+SpaceAroundPointerQualifiers: Default
+SpaceBeforeRangeBasedForLoopColon: true
+SpaceInEmptyBlock: true
 SpaceInEmptyParentheses: false
 SpacesBeforeTrailingComments: 1
-SpacesInAngles:  false
+SpacesInAngles: false
+SpacesInConditionalStatement: false
 SpacesInContainerLiterals: true
 SpacesInCStyleCastParentheses: false
 SpacesInParentheses: false
 SpacesInSquareBrackets: false
-Standard:        Cpp11
-TabWidth:        8
-UseTab:          Never
-...
+SpaceBeforeSquareBrackets: false
+BitFieldColonSpacing: Both
+Standard: Latest
+StatementMacros:
+  - Q_UNUSED
+  - QT_REQUIRE_VERSION
+TabWidth: 4
+UseCRLF: false
+UseTab: Never
+WhitespaceSensitiveMacros:
+  - STRINGIZE
+  - PP_STRINGIZE
+  - BOOST_PP_STRINGIZE
+  - NS_SWIFT_NAME
+  - CF_SWIFT_NAME
+---
 

hydrogen.c

@@ -3,9 +3,10 @@
 #include "impl/common.h"
 #include "impl/hydrogen_p.h"
 
+#include "impl/random.h"
+
 #include "impl/core.h"
 #include "impl/gimli-core.h"
-#include "impl/random.h"
 
 #include "impl/hash.h"
 #include "impl/kdf.h"

hydrogen.h

@@ -17,12 +17,12 @@ extern "C" {
 #else
 #define _hydro_attr_(X)
 #endif
-#define _hydro_attr_deprecated_ _hydro_attr_((deprecated))
-#define _hydro_attr_malloc_ _hydro_attr_((malloc))
-#define _hydro_attr_noinline_ _hydro_attr_((noinline))
-#define _hydro_attr_noreturn_ _hydro_attr_((noreturn))
+#define _hydro_attr_deprecated_         _hydro_attr_((deprecated))
+#define _hydro_attr_malloc_             _hydro_attr_((malloc))
+#define _hydro_attr_noinline_           _hydro_attr_((noinline))
+#define _hydro_attr_noreturn_           _hydro_attr_((noreturn))
 #define _hydro_attr_warn_unused_result_ _hydro_attr_((warn_unused_result))
-#define _hydro_attr_weak_ _hydro_attr_((weak))
+#define _hydro_attr_weak_               _hydro_attr_((weak))
 
 #if defined(__INTEL_COMPILER) || defined(_MSC_VER)
 #define _hydro_attr_aligned_(X) __declspec(align(X))
@@ -56,11 +56,11 @@ void hydro_random_reseed(void);
 
 /* ---------------- */
 
-#define hydro_hash_BYTES 32
-#define hydro_hash_BYTES_MAX 65535
-#define hydro_hash_BYTES_MIN 16
+#define hydro_hash_BYTES        32
+#define hydro_hash_BYTES_MAX    65535
+#define hydro_hash_BYTES_MIN    16
 #define hydro_hash_CONTEXTBYTES 8
-#define hydro_hash_KEYBYTES 32
+#define hydro_hash_KEYBYTES     32
 
 typedef struct hydro_hash_state {
     uint32_t state[12];
@@ -84,9 +84,9 @@ int hydro_hash_hash(uint8_t *out, size_t out_len, const void *in_, size_t in_len
 /* ---------------- */
 
 #define hydro_secretbox_CONTEXTBYTES 8
-#define hydro_secretbox_HEADERBYTES (20 + 16)
-#define hydro_secretbox_KEYBYTES 32
-#define hydro_secretbox_PROBEBYTES 16
+#define hydro_secretbox_HEADERBYTES  (20 + 16)
+#define hydro_secretbox_KEYBYTES     32
+#define hydro_secretbox_PROBEBYTES   16
 
 void hydro_secretbox_keygen(uint8_t key[hydro_secretbox_KEYBYTES]);
 
@@ -111,9 +111,9 @@ int hydro_secretbox_probe_verify(const uint8_t probe[hydro_secretbox_PROBEBYTES]
 /* ---------------- */
 
 #define hydro_kdf_CONTEXTBYTES 8
-#define hydro_kdf_KEYBYTES 32
-#define hydro_kdf_BYTES_MAX 65535
-#define hydro_kdf_BYTES_MIN 16
+#define hydro_kdf_KEYBYTES     32
+#define hydro_kdf_BYTES_MAX    65535
+#define hydro_kdf_BYTES_MIN    16
 
 void hydro_kdf_keygen(uint8_t key[hydro_kdf_KEYBYTES]);
 
@@ -123,11 +123,11 @@ int hydro_kdf_derive_from_key(uint8_t *subkey, size_t subkey_len, uint64_t subke
 
 /* ---------------- */
 
-#define hydro_sign_BYTES 64
-#define hydro_sign_CONTEXTBYTES 8
+#define hydro_sign_BYTES          64
+#define hydro_sign_CONTEXTBYTES   8
 #define hydro_sign_PUBLICKEYBYTES 32
 #define hydro_sign_SECRETKEYBYTES 64
-#define hydro_sign_SEEDBYTES 32
+#define hydro_sign_SEEDBYTES      32
 
 typedef struct hydro_sign_state {
     hydro_hash_state hash_st;
@@ -165,10 +165,10 @@ int hydro_sign_verify(const uint8_t csig[hydro_sign_BYTES], const void *m_, size
 /* ---------------- */
 
 #define hydro_kx_SESSIONKEYBYTES 32
-#define hydro_kx_PUBLICKEYBYTES 32
-#define hydro_kx_SECRETKEYBYTES 32
-#define hydro_kx_PSKBYTES 32
-#define hydro_kx_SEEDBYTES 32
+#define hydro_kx_PUBLICKEYBYTES  32
+#define hydro_kx_SECRETKEYBYTES  32
+#define hydro_kx_PSKBYTES        32
+#define hydro_kx_SEEDBYTES       32
 
 typedef struct hydro_kx_keypair {
     uint8_t pk[hydro_kx_PUBLICKEYBYTES];
@@ -261,9 +261,9 @@ int hydro_kx_nk_3(hydro_kx_state *state, hydro_kx_session_keypair *kp,
 
 /* ---------------- */
 
-#define hydro_pwhash_CONTEXTBYTES 8
+#define hydro_pwhash_CONTEXTBYTES   8
 #define hydro_pwhash_MASTERKEYBYTES 32
-#define hydro_pwhash_STOREDBYTES 128
+#define hydro_pwhash_STOREDBYTES    128
 
 void hydro_pwhash_keygen(uint8_t master_key[hydro_pwhash_MASTERKEYBYTES]);
 

impl/common.h

@@ -155,7 +155,7 @@ store16_le(uint8_t dst[2], uint16_t w)
 #else
     dst[0] = (uint8_t) w;
     w >>= 8;
-    dst[1] = (uint8_t) w;
+    dst[1]     = (uint8_t) w;
 #endif
 }
 
@@ -237,7 +237,7 @@ store32_be(uint8_t dst[4], uint32_t w)
     w >>= 8;
     dst[1] = (uint8_t) w;
     w >>= 8;
-    dst[0] = (uint8_t) w;
+    dst[0]     = (uint8_t) w;
 #endif
 }
 

impl/hash.h

@@ -43,10 +43,10 @@ hydro_hash_init(hydro_hash_state *state, const char ctx[hydro_hash_CONTEXTBYTES]
     if (key != NULL) {
         block[gimli_RATE] = (uint8_t) hydro_hash_KEYBYTES;
         memcpy(block + gimli_RATE + 1, key, hydro_hash_KEYBYTES);
-        p = (gimli_RATE + 1 + hydro_hash_KEYBYTES + (gimli_RATE - 1)) & ~(size_t)(gimli_RATE - 1);
+        p = (gimli_RATE + 1 + hydro_hash_KEYBYTES + (gimli_RATE - 1)) & ~(size_t) (gimli_RATE - 1);
     } else {
         block[gimli_RATE] = (uint8_t) 0;
-        p                 = (gimli_RATE + 1 + 0 + (gimli_RATE - 1)) & ~(size_t)(gimli_RATE - 1);
+        p = (gimli_RATE + 1 + 0 + (gimli_RATE - 1)) & ~(size_t) (gimli_RATE - 1);
     }
     mem_zero(state, sizeof *state);
     hydro_hash_update(state, block, p);
@@ -71,10 +71,10 @@ hydro_hash_init_with_tweak(hydro_hash_state *state, const char ctx[hydro_hash_CO
     if (key != NULL) {
         block[gimli_RATE] = (uint8_t) hydro_hash_KEYBYTES;
         memcpy(block + gimli_RATE + 1, key, hydro_hash_KEYBYTES);
-        p = (gimli_RATE + 1 + hydro_hash_KEYBYTES + (gimli_RATE - 1)) & ~(size_t)(gimli_RATE - 1);
+        p = (gimli_RATE + 1 + hydro_hash_KEYBYTES + (gimli_RATE - 1)) & ~(size_t) (gimli_RATE - 1);
     } else {
         block[gimli_RATE] = (uint8_t) 0;
-        p                 = (gimli_RATE + 1 + 0 + (gimli_RATE - 1)) & ~(size_t)(gimli_RATE - 1);
+        p = (gimli_RATE + 1 + 0 + (gimli_RATE - 1)) & ~(size_t) (gimli_RATE - 1);
     }
     block[p] = (uint8_t) sizeof tweak;
     STORE64_LE(&block[p + 1], tweak);
@@ -99,9 +99,9 @@ hydro_hash_final(hydro_hash_state *state, uint8_t *out, size_t out_len)
     }
     COMPILER_ASSERT(hydro_hash_BYTES_MAX <= 0xffff);
     lc[1]  = (uint8_t) out_len;
-    lc[2]  = (uint8_t)(out_len >> 8);
+    lc[2]  = (uint8_t) (out_len >> 8);
     lc[3]  = 0;
-    lc_len = (size_t)(1 + (lc[2] != 0));
+    lc_len = (size_t) (1 + (lc[2] != 0));
     lc[0]  = (uint8_t) lc_len;
     hydro_hash_update(state, lc, 1 + lc_len + 1);
     gimli_pad_u8(buf, state->buf_off, gimli_DOMAIN_XOF);

impl/hydrogen_p.h

@@ -3,18 +3,18 @@ static int hydro_random_init(void);
 /* ---------------- */
 
 #define gimli_BLOCKBYTES 48
-#define gimli_CAPACITY 32
-#define gimli_RATE 16
+#define gimli_CAPACITY   32
+#define gimli_RATE       16
 
-#define gimli_TAG_HEADER 0x01
+#define gimli_TAG_HEADER  0x01
 #define gimli_TAG_PAYLOAD 0x02
-#define gimli_TAG_FINAL 0x08
-#define gimli_TAG_FINAL0 0xf8
-#define gimli_TAG_KEY0 0xfe
-#define gimli_TAG_KEY 0xff
+#define gimli_TAG_FINAL   0x08
+#define gimli_TAG_FINAL0  0xf8
+#define gimli_TAG_KEY0    0xfe
+#define gimli_TAG_KEY     0xff
 
 #define gimli_DOMAIN_AEAD 0x0
-#define gimli_DOMAIN_XOF 0xf
+#define gimli_DOMAIN_XOF  0xf
 
 static void gimli_core_u8(uint8_t state_u8[gimli_BLOCKBYTES], uint8_t tag);
 
@@ -28,7 +28,7 @@ gimli_pad_u8(uint8_t buf[gimli_BLOCKBYTES], size_t pos, uint8_t domain)
 static inline void
 hydro_mem_ct_zero_u32(uint32_t *dst_, size_t n)
 {
-    volatile uint32_t *volatile dst = (volatile uint32_t * volatile)(void *) dst_;
+    volatile uint32_t *volatile dst = (volatile uint32_t *volatile) (void *) dst_;
     size_t i;
 
     for (i = 0; i < n; i++) {
@@ -42,7 +42,7 @@ static inline uint32_t hydro_mem_ct_cmp_u32(const uint32_t *b1_, const uint32_t
 static inline uint32_t
 hydro_mem_ct_cmp_u32(const uint32_t *b1_, const uint32_t *b2, size_t n)
 {
-    const volatile uint32_t *volatile b1 = (const volatile uint32_t *volatile)(const void *) b1_;
+    const volatile uint32_t *volatile b1 = (const volatile uint32_t *volatile) (const void *) b1_;
     size_t   i;
     uint32_t cv = 0;
 
@@ -61,11 +61,11 @@ static int hydro_hash_init_with_tweak(hydro_hash_state *state,
 /* ---------------- */
 
 #define hydro_secretbox_NONCEBYTES 20
-#define hydro_secretbox_MACBYTES 16
+#define hydro_secretbox_MACBYTES   16
 
 /* ---------------- */
 
-#define hydro_x25519_BYTES 32
+#define hydro_x25519_BYTES          32
 #define hydro_x25519_PUBLICKEYBYTES 32
 #define hydro_x25519_SECRETKEYBYTES 32
 

impl/pwhash.h

@@ -1,16 +1,16 @@
-#define hydro_pwhash_ENC_ALGBYTES 1
+#define hydro_pwhash_ENC_ALGBYTES  1
 #define hydro_pwhash_HASH_ALGBYTES 1
-#define hydro_pwhash_THREADSBYTES 1
+#define hydro_pwhash_THREADSBYTES  1
 #define hydro_pwhash_OPSLIMITBYTES 8
 #define hydro_pwhash_MEMLIMITBYTES 8
-#define hydro_pwhash_HASHBYTES 32
-#define hydro_pwhash_SALTBYTES 16
+#define hydro_pwhash_HASHBYTES     32
+#define hydro_pwhash_SALTBYTES     16
 #define hydro_pwhash_PARAMSBYTES                                                           \
     (hydro_pwhash_HASH_ALGBYTES + hydro_pwhash_THREADSBYTES + hydro_pwhash_OPSLIMITBYTES + \
      hydro_pwhash_MEMLIMITBYTES + hydro_pwhash_SALTBYTES + hydro_pwhash_HASHBYTES)
-#define hydro_pwhash_ENC_ALG 0x01
+#define hydro_pwhash_ENC_ALG  0x01
 #define hydro_pwhash_HASH_ALG 0x01
-#define hydro_pwhash_CONTEXT "hydro_pw"
+#define hydro_pwhash_CONTEXT  "hydro_pw"
 
 static int
 _hydro_pwhash_hash(uint8_t out[hydro_random_SEEDBYTES], size_t h_len,

impl/random/avr.h

@@ -5,7 +5,7 @@ hydro_random_rbit(uint16_t x)
 {
     uint8_t x8;
 
-    x8 = ((uint8_t)(x >> 8)) ^ (uint8_t) x;
+    x8 = ((uint8_t) (x >> 8)) ^ (uint8_t) x;
     x8 = (x8 >> 4) ^ (x8 & 0xf);
     x8 = (x8 >> 2) ^ (x8 & 0x3);
     x8 = (x8 >> 1) ^ x8;
@@ -58,4 +58,4 @@ hydro_random_init(void)
     return 0;
 }
 
-ISR(WDT_vect) {}
+ISR(WDT_vect) { }

impl/random/esp32.h

@@ -1,7 +1,7 @@
 // Important: RF *must* be activated on ESP board
 // https://techtutorialsx.com/2017/12/22/esp32-arduino-random-number-generation/
 #ifdef ESP32
-# include <esp_system.h>
+#include <esp_system.h>
 #endif
 
 static int

impl/random/mbed.h

@@ -23,8 +23,8 @@ hydro_random_init(void)
     do {
         const uint8_t dataLeftToConsume = gimli_BLOCKBYTES - pos;
         const uint8_t currentChunkSize  = (dataLeftToConsume > MBEDTLS_ENTROPY_BLOCK_SIZE)
-                                             ? MBEDTLS_ENTROPY_BLOCK_SIZE
-                                             : dataLeftToConsume;
+                                              ? MBEDTLS_ENTROPY_BLOCK_SIZE
+                                              : dataLeftToConsume;
 
         // Forces mbedTLS to fetch fresh entropy, then get some to feed libhydrogen.
         if (mbedtls_entropy_gather(&entropy) != 0 ||
@@ -40,5 +40,5 @@ hydro_random_init(void)
     return 0;
 }
 #else
-# error Need an entropy source
+#error Need an entropy source
 #endif

impl/random/unix.h

@@ -52,7 +52,7 @@ hydro_random_safe_read(const int fd, void *const buf_, size_t len)
         buf += readnb;
     } while (len > (ssize_t) 0);
 
-    return (ssize_t)(buf - (unsigned char *) buf_);
+    return (ssize_t) (buf - (unsigned char *) buf_);
 }
 
 static int

impl/secretbox.h

@@ -1,4 +1,4 @@
-#define hydro_secretbox_IVBYTES 20
+#define hydro_secretbox_IVBYTES  20
 #define hydro_secretbox_SIVBYTES 20
 #define hydro_secretbox_MACBYTES 16
 

impl/sign.h

@@ -1,6 +1,6 @@
 #define hydro_sign_CHALLENGEBYTES 32
-#define hydro_sign_NONCEBYTES 32
-#define hydro_sign_PREHASHBYTES 64
+#define hydro_sign_NONCEBYTES     32
+#define hydro_sign_PREHASHBYTES   64
 
 static void
 hydro_sign_p2(uint8_t sig[hydro_x25519_BYTES], const uint8_t challenge[hydro_sign_CHALLENGEBYTES],

impl/x25519.h

@@ -15,13 +15,13 @@ typedef uint64_t    hydro_x25519_limb_t;
 typedef __uint128_t hydro_x25519_dlimb_t;
 typedef __int128_t  hydro_x25519_sdlimb_t;
 #define hydro_x25519_eswap_limb(X) LOAD64_LE((const uint8_t *) &(X))
-#define hydro_x25519_LIMB(x) x##ull
+#define hydro_x25519_LIMB(x)       x##ull
 #elif hydro_x25519_WBITS == 32
 typedef uint32_t hydro_x25519_limb_t;
 typedef uint64_t hydro_x25519_dlimb_t;
 typedef int64_t  hydro_x25519_sdlimb_t;
 #define hydro_x25519_eswap_limb(X) LOAD32_LE((const uint8_t *) &(X))
-#define hydro_x25519_LIMB(x) (uint32_t)(x##ull), (uint32_t)((x##ull) >> 32)
+#define hydro_x25519_LIMB(x)       (uint32_t)(x##ull), (uint32_t) ((x##ull) >> 32)
 #else
 #error "Need to know hydro_x25519_WBITS"
 #endif
@@ -109,10 +109,10 @@ hydro_x25519_sub(hydro_x25519_fe out, const hydro_x25519_fe a, const hydro_x2551
     int                   i;
 
     for (i = 0; i < hydro_x25519_NLIMBS; i++) {
-        out[i] = (hydro_x25519_limb_t)(carry = carry + a[i] - b[i]);
+        out[i] = (hydro_x25519_limb_t) (carry = carry + a[i] - b[i]);
         carry >>= hydro_x25519_WBITS;
     }
-    hydro_x25519_propagate(out, (hydro_x25519_limb_t)(1 + carry));
+    hydro_x25519_propagate(out, (hydro_x25519_limb_t) (1 + carry));
 }
 
 static void
@@ -207,7 +207,7 @@ hydro_x25519_canon(hydro_x25519_fe x)
     carry = -19;
     res   = 0;
     for (i = 0; i < hydro_x25519_NLIMBS; i++) {
-        res |= x[i] = (hydro_x25519_limb_t)(carry += x[i]);
+        res |= x[i] = (hydro_x25519_limb_t) (carry += x[i]);
         carry >>= hydro_x25519_WBITS;
     }
     return ((hydro_x25519_dlimb_t) res - 1) >> hydro_x25519_WBITS;
@@ -218,17 +218,17 @@ hydro_x25519_ladder_part1(hydro_x25519_fe xs[5])
 {
     hydro_x25519_limb_t *x2 = xs[0], *z2 = xs[1], *x3 = xs[2], *z3 = xs[3], *t1 = xs[4];
 
-    hydro_x25519_add(t1, x2, z2);              // t1 = A
-    hydro_x25519_sub(z2, x2, z2);              // z2 = B
-    hydro_x25519_add(x2, x3, z3);              // x2 = C
-    hydro_x25519_sub(z3, x3, z3);              // z3 = D
-    hydro_x25519_mul1(z3, t1);                 // z3 = DA
-    hydro_x25519_mul1(x2, z2);                 // x3 = BC
-    hydro_x25519_add(x3, z3, x2);              // x3 = DA+CB
-    hydro_x25519_sub(z3, z3, x2);              // z3 = DA-CB
-    hydro_x25519_sqr1(t1);                     // t1 = AA
-    hydro_x25519_sqr1(z2);                     // z2 = BB
-    hydro_x25519_sub(x2, t1, z2);              // x2 = E = AA-BB
+    hydro_x25519_add(t1, x2, z2); // t1 = A
+    hydro_x25519_sub(z2, x2, z2); // z2 = B
+    hydro_x25519_add(x2, x3, z3); // x2 = C
+    hydro_x25519_sub(z3, x3, z3); // z3 = D
+    hydro_x25519_mul1(z3, t1);    // z3 = DA
+    hydro_x25519_mul1(x2, z2);    // x3 = BC
+    hydro_x25519_add(x3, z3, x2); // x3 = DA+CB
+    hydro_x25519_sub(z3, z3, x2); // z3 = DA-CB
+    hydro_x25519_sqr1(t1);        // t1 = AA
+    hydro_x25519_sqr1(z2);        // z2 = BB
+    hydro_x25519_sub(x2, t1, z2); // x2 = E = AA-BB
     hydro_x25519_mul(z2, x2, hydro_x25519_a24, // z2 = E*a24
                      sizeof(hydro_x25519_a24) / sizeof(hydro_x25519_a24[0]));
     hydro_x25519_add(z2, z2, t1); // z2 = E*a24 + AA
@@ -275,7 +275,7 @@ hydro_x25519_core(hydro_x25519_fe xs[5], const uint8_t scalar[hydro_x25519_BYTES
                 bytei |= 0x40;
             }
         }
-        doswap = 1U + ~(hydro_x25519_limb_t)((bytei >> (i % 8)) & 1);
+        doswap = 1U + ~(hydro_x25519_limb_t) ((bytei >> (i % 8)) & 1);
         hydro_x25519_condswap(x2, x3, swap ^ doswap);
         swap = doswap;
         hydro_x25519_ladder_part1(xs);
@@ -372,7 +372,7 @@ hydro_x25519_sc_montmul(hydro_x25519_scalar_t out, const hydro_x25519_scalar_t a
     /* Reduce */
     hydro_x25519_sdlimb_t scarry = 0;
     for (i = 0; i < hydro_x25519_NLIMBS; i++) {
-        out[i] = (hydro_x25519_limb_t)(scarry = scarry + out[i] - hydro_x25519_sc_p[i]);
+        out[i] = (hydro_x25519_limb_t) (scarry = scarry + out[i] - hydro_x25519_sc_p[i]);
         scarry >>= hydro_x25519_WBITS;
     }
     hydro_x25519_limb_t need_add = (hydro_x25519_limb_t) - (scarry + hic);

tests/tests.c

@@ -81,7 +81,7 @@ test_hash(void)
     uint8_t          dk[hydro_random_SEEDBYTES];
     uint8_t          h[100];
     uint8_t          key[hydro_hash_KEYBYTES];
-#ifdef  __TRUSTINSOFT_ANALYZER__
+#ifdef __TRUSTINSOFT_ANALYZER__
     uint8_t          msg[32];
 #else
     uint8_t          msg[1000];
@@ -100,7 +100,7 @@ test_hash(void)
     }
     hydro_hash_final(&st, h, sizeof h);
     hydro_bin2hex(hex, sizeof hex, h, sizeof h);
-#ifndef  __TRUSTINSOFT_ANALYZER__
+#ifndef __TRUSTINSOFT_ANALYZER__
     assert_streq(
         "e5d2beb77a039965850ee76327e06b2fa6cb5121db8038b11bce4641a9c4bd843658104bdf07342570bb5fd1d7"
         "2c0d31a8981b47c718fddaffbd4171605c873cbaf921bb57988dd814f3a3fbef9799ff7c762705c4bf37ab2981"
@@ -109,7 +109,7 @@ test_hash(void)
 #endif
     hydro_hash_hash(h, sizeof h, msg, sizeof msg, ctx, key);
     hydro_bin2hex(hex, sizeof hex, h, sizeof h);
-#ifndef  __TRUSTINSOFT_ANALYZER__
+#ifndef __TRUSTINSOFT_ANALYZER__
     assert_streq(
         "724bd8883df73320ffd70923cb997f9a99bc670c4d78887be4975add0099fbf489b266a85d1f56743062d60a05"
         "590cbce47e45108367879bf4641cbaefe584e8618cbeb8c230ae956da22c7c5c4f11a8804ca576ec20fa5da239"
@@ -118,13 +118,13 @@ test_hash(void)
 #endif
     hydro_hash_hash(h, hydro_hash_BYTES, msg, sizeof msg, ctx, key);
     hydro_bin2hex(hex, sizeof hex, h, hydro_hash_BYTES);
-#ifndef  __TRUSTINSOFT_ANALYZER__
+#ifndef __TRUSTINSOFT_ANALYZER__
     assert_streq("7dfa45ce18210e2422fd658bf7beccb6e534e44f99ae359f4af3ba41af8ca463", hex);
 #endif
     /* total input length is a multiple of the rate */
     hydro_hash_hash(h, hydro_hash_BYTES, msg, 13, ctx, key);
     hydro_bin2hex(hex, sizeof hex, h, hydro_hash_BYTES);
-#ifndef  __TRUSTINSOFT_ANALYZER__
+#ifndef __TRUSTINSOFT_ANALYZER__
     assert_streq("d57a9800549bb4bab6a06fa6e16e08aad68d7d4313fb69a81b9f5d5af375dbe7", hex);
 #endif
 }
@@ -252,10 +252,10 @@ test_kdf(void)
 static void
 test_sign(void)
 {
-#ifdef  __TRUSTINSOFT_ANALYZER__
-    uint8_t            msg[32];
+#ifdef __TRUSTINSOFT_ANALYZER__
+    uint8_t msg[32];
 #else
-    uint8_t            msg[500];
+    uint8_t msg[500];
 #endif
     uint8_t            sig[hydro_sign_BYTES];
     hydro_sign_state   st;