core/crypto: Add private attributes for internals

These constants and internal routines are not intended for use outside
the actual implementations themselves.

core/crypto/chacha20/chacha20.odin

@@ -8,15 +8,23 @@ KEY_SIZE :: 32
 NONCE_SIZE :: 12
 XNONCE_SIZE :: 24
 
+@(private)
 _MAX_CTR_IETF :: 0xffffffff
 
+@(private)
 _BLOCK_SIZE :: 64
+@(private)
 _STATE_SIZE_U32 :: 16
+@(private)
 _ROUNDS :: 20
 
+@(private)
 _SIGMA_0 : u32 : 0x61707865
+@(private)
 _SIGMA_1 : u32 : 0x3320646e
+@(private)
 _SIGMA_2 : u32 : 0x79622d32
+@(private)
 _SIGMA_3 : u32 : 0x6b206574
 
 Context :: struct {
@@ -179,6 +187,7 @@ reset :: proc (ctx: ^Context) {
 	ctx._is_initialized = false
 }
 
+@(private)
 _do_blocks :: proc (ctx: ^Context, dst, src: []byte, nr_blocks: int) {
 	// Enforce the maximum consumed keystream per nonce.
 	//
@@ -441,6 +450,7 @@ _do_blocks :: proc (ctx: ^Context, dst, src: []byte, nr_blocks: int) {
 	}
 }
 
+@(private)
 _hchacha20 :: proc (dst, key, nonce: []byte) {
 	x0, x1, x2, x3 := _SIGMA_0, _SIGMA_1, _SIGMA_2, _SIGMA_3
 	x4 := util.U32_LE(key[0:4])

core/crypto/chacha20poly1305/chacha20poly1305.odin

@@ -10,8 +10,10 @@ KEY_SIZE :: chacha20.KEY_SIZE
 NONCE_SIZE :: chacha20.NONCE_SIZE
 TAG_SIZE :: poly1305.TAG_SIZE
 
+@(private)
 _P_MAX :: 64 * 0xffffffff // 64 * (2^32-1)
 
+@(private)
 _validate_common_slice_sizes :: proc (tag, key, nonce, aad, text: []byte) {
 	if len(tag) != TAG_SIZE {
 		panic("crypto/chacha20poly1305: invalid destination tag size")
@@ -37,7 +39,10 @@ _validate_common_slice_sizes :: proc (tag, key, nonce, aad, text: []byte) {
 	}
 }
 
+@(private)
 _PAD: [16]byte
+
+@(private)
 _update_mac_pad16 :: #force_inline proc (ctx: ^poly1305.Context, x_len: int) {
 	if pad_len := 16 - (x_len & (16-1)); pad_len != 16 {
 		poly1305.update(ctx, _PAD[:pad_len])

core/crypto/poly1305/poly1305.odin

@@ -8,6 +8,7 @@ import "core:mem"
 KEY_SIZE :: 32
 TAG_SIZE :: 16
 
+@(private)
 _BLOCK_SIZE :: 16
 
 sum :: proc (dst, msg, key: []byte) {
@@ -141,6 +142,7 @@ reset :: proc (ctx: ^Context) {
 	ctx._is_initialized = false
 }
 
+@(private)
 _blocks :: proc (ctx: ^Context, msg: []byte, final := false) {
 	n: field.Tight_Field_Element = ---
 	final_byte := byte(!final)

core/crypto/x25519/x25519.odin

@@ -6,8 +6,10 @@ import "core:mem"
 SCALAR_SIZE :: 32
 POINT_SIZE :: 32
 
+@(private)
 _BASE_POINT: [32]byte = {9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
 
+@(private)
 _scalar_bit :: #force_inline proc "contextless" (s: ^[32]byte, i: int) -> u8 {
 	if i < 0 {
 		return 0
@@ -15,6 +17,7 @@ _scalar_bit :: #force_inline proc "contextless" (s: ^[32]byte, i: int) -> u8 {
 	return (s[i>>3] >> uint(i&7)) & 1
 }
 
+@(private)
 _scalarmult :: proc (out, scalar, point: ^[32]byte) {
 	// Montgomery pseduo-multiplication taken from Monocypher.
 

tests/core/crypto/test_core_crypto_modern.odin

@@ -269,6 +269,12 @@ TestECDH :: struct {
 test_x25519 :: proc(t: ^testing.T) {
 	log(t, "Testing X25519")
 
+	// Local copy of this so that the base point doesn't need to be exported.
+	_BASE_POINT: [32]byte = {
+		9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+	}
+
 	test_vectors := [?]TestECDH {
 		// Test vectors from RFC 7748
 		TestECDH{
@@ -295,7 +301,7 @@ test_x25519 :: proc(t: ^testing.T) {
 		// Abuse the test vectors to sanity-check the scalar-basepoint multiply.
 		p1, p2: [x25519.POINT_SIZE]byte
 		x25519.scalarmult_basepoint(p1[:], scalar[:])
-		x25519.scalarmult(p2[:], scalar[:], x25519._BASE_POINT[:])
+		x25519.scalarmult(p2[:], scalar[:], _BASE_POINT[:])
 		p1_str, p2_str := hex_string(p1[:]), hex_string(p2[:])
 		expect(t, p1_str == p2_str, fmt.tprintf("Expected %s for %s * basepoint, but got %s instead", p2_str, v.scalar, p1_str))
 	}