From e77725774638ae974a70fd8b1bc0566ccfa03ac0 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 16 Nov 2017 16:27:48 +0000
Subject: [PATCH] Rename decaf_448_* to curve448_*

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
---
 crypto/ec/curve448/decaf.c        |  75 ++++++------
 crypto/ec/curve448/decaf_tables.c |   5 +-
 crypto/ec/curve448/ed448.h        |  10 +-
 crypto/ec/curve448/eddsa.c        |  79 +++++++------
 crypto/ec/curve448/point_448.h    | 186 +++++++++++++++---------------
 crypto/ec/curve448/scalar.c       |  39 +++----
 6 files changed, 195 insertions(+), 199 deletions(-)

diff --git a/crypto/ec/curve448/decaf.c b/crypto/ec/curve448/decaf.c
index 72b9b6fd2a..0cba2011d5 100644
--- a/crypto/ec/curve448/decaf.c
+++ b/crypto/ec/curve448/decaf.c
@@ -20,13 +20,12 @@
 #include "curve448_lcl.h"
 
 /* Template stuff */
-#define API_NS(_id) decaf_448_##_id
 #define SCALAR_BITS DECAF_448_SCALAR_BITS
 #define SCALAR_SER_BYTES DECAF_448_SCALAR_BYTES
 #define SCALAR_LIMBS DECAF_448_SCALAR_LIMBS
-#define scalar_t API_NS(scalar_t)
-#define point_t API_NS(point_t)
-#define precomputed_s API_NS(precomputed_s)
+#define scalar_t curve448_scalar_t
+#define point_t curve448_point_t
+#define precomputed_s curve448_precomputed_s
 #define COFACTOR 4
 
 /* Comb config: number of combs, n, t, s. */
@@ -66,9 +65,9 @@ typedef struct { niels_t n; gf z; } VECTOR_ALIGNED pniels_s, pniels_t[1];
 /* Precomputed base */
 struct precomputed_s { niels_t table [COMBS_N<<(COMBS_T-1)]; };
 
-extern const gf API_NS(precomputed_base_as_fe)[];
-const precomputed_s *API_NS(precomputed_base) =
-    (const precomputed_s *) &API_NS(precomputed_base_as_fe);
+extern const gf curve448_precomputed_base_as_fe[];
+const precomputed_s *curve448_precomputed_base =
+    (const precomputed_s *) &curve448_precomputed_base_as_fe;
 
 /** Inverse. */
 static void
@@ -84,7 +83,7 @@ gf_invert(gf y, const gf x, int assert_nonzero) {
 }
 
 /** identity = (0,1) */
-const point_t API_NS(point_identity) = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}};
+const point_t curve448_point_identity = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}};
 
 static DECAF_NOINLINE void
 point_double_internal (
@@ -110,7 +109,7 @@ point_double_internal (
     if (!before_double) gf_mul ( p->t, b, d );
 }
 
-void API_NS(point_double)(point_t p, const point_t q) {
+void curve448_point_double(point_t p, const point_t q) {
     point_double_internal(p,q,0);
 }
 
@@ -226,7 +225,7 @@ sub_pniels_from_pt (
     sub_niels_from_pt( p, pn->n, before_double );
 }
 
-decaf_bool_t API_NS(point_eq) ( const point_t p, const point_t q ) {
+decaf_bool_t curve448_point_eq ( const point_t p, const point_t q ) {
     /* equality mod 2-torsion compares x/y */
     gf a, b;
     gf_mul ( a, p->y, q->x );
@@ -236,7 +235,7 @@ decaf_bool_t API_NS(point_eq) ( const point_t p, const point_t q ) {
     return mask_to_bool(succ);
 }
 
-decaf_bool_t API_NS(point_valid) (
+decaf_bool_t curve448_point_valid (
     const point_t p
 ) {
     gf a,b,c;
@@ -265,7 +264,7 @@ constant_time_lookup_niels (
     constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx);
 }
 
-void API_NS(precomputed_scalarmul) (
+void curve448_precomputed_scalarmul (
     point_t out,
     const precomputed_s *table,
     const scalar_t scalar
@@ -275,8 +274,8 @@ void API_NS(precomputed_scalarmul) (
     const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S;
     
     scalar_t scalar1x;
-    API_NS(scalar_add)(scalar1x, scalar, precomputed_scalarmul_adjustment);
-    API_NS(scalar_halve)(scalar1x,scalar1x);
+    curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
+    curve448_scalar_halve(scalar1x,scalar1x);
     
     niels_t ni;
     
@@ -312,7 +311,7 @@ void API_NS(precomputed_scalarmul) (
     OPENSSL_cleanse(scalar1x,sizeof(scalar1x));
 }
 
-void API_NS(point_mul_by_ratio_and_encode_like_eddsa) (
+void curve448_point_mul_by_ratio_and_encode_like_eddsa (
     uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES],
     const point_t p
 ) {
@@ -320,7 +319,7 @@ void API_NS(point_mul_by_ratio_and_encode_like_eddsa) (
     /* The point is now on the twisted curve.  Move it to untwisted. */
     gf x, y, z, t;
     point_t q;
-    API_NS(point_copy)(q,p);
+    curve448_point_copy(q,p);
 
     {
         /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */
@@ -355,11 +354,11 @@ void API_NS(point_mul_by_ratio_and_encode_like_eddsa) (
     OPENSSL_cleanse(y,sizeof(y));
     OPENSSL_cleanse(z,sizeof(z));
     OPENSSL_cleanse(t,sizeof(t));
-    API_NS(point_destroy)(q);
+    curve448_point_destroy(q);
 }
 
 
-decaf_error_t API_NS(point_decode_like_eddsa_and_mul_by_ratio) (
+decaf_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio (
     point_t p,
     const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]
 ) {
@@ -410,7 +409,7 @@ decaf_error_t API_NS(point_decode_like_eddsa_and_mul_by_ratio) (
     }
     
     OPENSSL_cleanse(enc2,sizeof(enc2));
-    assert(API_NS(point_valid)(p) || ~succ);
+    assert(curve448_point_valid(p) || ~succ);
     
     return decaf_succeed_if(mask_to_bool(succ));
 }
@@ -514,17 +513,17 @@ void decaf_ed448_convert_public_key_to_x448 (
     }
 }
 
-void API_NS(point_mul_by_ratio_and_encode_like_x448) (
+void curve448_point_mul_by_ratio_and_encode_like_x448 (
     uint8_t out[X_PUBLIC_BYTES],
     const point_t p
 ) {
     point_t q;
-    API_NS(point_copy)(q,p);
+    curve448_point_copy(q,p);
     gf_invert(q->t,q->x,0); /* 1/x */
     gf_mul(q->z,q->t,q->y); /* y/x */
     gf_sqr(q->y,q->z); /* (y/x)^2 */
     gf_serialize(out,q->y,1);
-    API_NS(point_destroy(q));
+    curve448_point_destroy(q);
 }
 
 void decaf_x448_derive_public_key (
@@ -540,16 +539,16 @@ void decaf_x448_derive_public_key (
     scalar2[X_PRIVATE_BYTES-1] |= 1<<((X_PRIVATE_BITS+7)%8);
     
     scalar_t the_scalar;
-    API_NS(scalar_decode_long)(the_scalar,scalar2,sizeof(scalar2));
+    curve448_scalar_decode_long(the_scalar,scalar2,sizeof(scalar2));
     
     /* Compensate for the encoding ratio */
     for (unsigned i=1; i<DECAF_X448_ENCODE_RATIO; i<<=1) {
-        API_NS(scalar_halve)(the_scalar,the_scalar);
+        curve448_scalar_halve(the_scalar,the_scalar);
     }
     point_t p;
-    API_NS(precomputed_scalarmul)(p,API_NS(precomputed_base),the_scalar);
-    API_NS(point_mul_by_ratio_and_encode_like_x448)(out,p);
-    API_NS(point_destroy)(p);
+    curve448_precomputed_scalarmul(p,curve448_precomputed_base,the_scalar);
+    curve448_point_mul_by_ratio_and_encode_like_x448(out,p);
+    curve448_point_destroy(p);
 }
 
 /**
@@ -624,7 +623,7 @@ prepare_wnaf_table(
 
     if (tbits == 0) return;
 
-    API_NS(point_double)(tmp,working);
+    curve448_point_double(tmp,working);
     pniels_t twop;
     pt_to_pniels(twop, tmp);
 
@@ -636,14 +635,14 @@ prepare_wnaf_table(
         pt_to_pniels(output[i], tmp);
     }
     
-    API_NS(point_destroy)(tmp);
+    curve448_point_destroy(tmp);
     OPENSSL_cleanse(twop,sizeof(twop));
 }
 
-extern const gf API_NS(precomputed_wnaf_as_fe)[];
-static const niels_t *API_NS(wnaf_base) = (const niels_t *)API_NS(precomputed_wnaf_as_fe);
+extern const gf curve448_precomputed_wnaf_as_fe[];
+static const niels_t *curve448_wnaf_base = (const niels_t *)curve448_precomputed_wnaf_as_fe;
 
-void API_NS(base_double_scalarmul_non_secret) (
+void curve448_base_double_scalarmul_non_secret (
     point_t combo,
     const scalar_t scalar1,
     const point_t base2,
@@ -663,18 +662,18 @@ void API_NS(base_double_scalarmul_non_secret) (
     int contp=0, contv=0, i = control_var[0].power;
 
     if (i < 0) {
-        API_NS(point_copy)(combo, API_NS(point_identity));
+        curve448_point_copy(combo, curve448_point_identity);
         return;
     } else if (i > control_pre[0].power) {
         pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
         contv++;
     } else if (i == control_pre[0].power && i >=0 ) {
         pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
-        add_niels_to_pt(combo, API_NS(wnaf_base)[control_pre[0].addend >> 1], i);
+        add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1], i);
         contv++; contp++;
     } else {
         i = control_pre[0].power;
-        niels_to_pt(combo, API_NS(wnaf_base)[control_pre[0].addend >> 1]);
+        niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);
         contp++;
     }
     
@@ -697,9 +696,9 @@ void API_NS(base_double_scalarmul_non_secret) (
             assert(control_pre[contp].addend);
 
             if (control_pre[contp].addend > 0) {
-                add_niels_to_pt(combo, API_NS(wnaf_base)[control_pre[contp].addend >> 1], i);
+                add_niels_to_pt(combo, curve448_wnaf_base[control_pre[contp].addend >> 1], i);
             } else {
-                sub_niels_from_pt(combo, API_NS(wnaf_base)[(-control_pre[contp].addend) >> 1], i);
+                sub_niels_from_pt(combo, curve448_wnaf_base[(-control_pre[contp].addend) >> 1], i);
             }
             contp++;
         }
@@ -714,7 +713,7 @@ void API_NS(base_double_scalarmul_non_secret) (
     assert(contp == ncb_pre); (void)ncb_pre;
 }
 
-void API_NS(point_destroy) (
+void curve448_point_destroy (
     point_t point
 ) {
     OPENSSL_cleanse(point, sizeof(point_t));
diff --git a/crypto/ec/curve448/decaf_tables.c b/crypto/ec/curve448/decaf_tables.c
index 2b303a75fe..8785a04865 100644
--- a/crypto/ec/curve448/decaf_tables.c
+++ b/crypto/ec/curve448/decaf_tables.c
@@ -3,8 +3,7 @@
 
 #include "point_448.h"
 
-#define API_NS(_id) decaf_448_##_id
-const gf API_NS(precomputed_base_as_fe)[240]
+const gf curve448_precomputed_base_as_fe[240]
 VECTOR_ALIGNED __attribute__((visibility("hidden"))) = {
   {FIELD_LITERAL(0x00cc3b062366f4cc,0x003d6e34e314aa3c,0x00d51c0a7521774d,0x0094e060eec6ab8b,0x00d21291b4d80082,0x00befed12b55ef1e,0x00c3dd2df5c94518,0x00e0a7b112b8d4e6)},
   {FIELD_LITERAL(0x0019eb5608d8723a,0x00d1bab52fb3aedb,0x00270a7311ebc90c,0x0037c12b91be7f13,0x005be16cd8b5c704,0x003e181acda888e1,0x00bc1f00fc3fc6d0,0x00d3839bfa319e20)},
@@ -247,7 +246,7 @@ VECTOR_ALIGNED __attribute__((visibility("hidden"))) = {
   {FIELD_LITERAL(0x004a2902926f8d3f,0x00ad79b42637ab75,0x0088f60b90f2d4e8,0x0030f54ef0e398c4,0x00021dc9bf99681e,0x007ebf66fde74ee3,0x004ade654386e9a4,0x00e7485066be4c27)},
   {FIELD_LITERAL(0x00445f1263983be0,0x004cf371dda45e6a,0x00744a89d5a310e7,0x001f20ce4f904833,0x00e746edebe66e29,0x000912ab1f6c153d,0x00f61d77d9b2444c,0x0001499cd6647610)}
 };
-const gf API_NS(precomputed_wnaf_as_fe)[96]
+const gf curve448_precomputed_wnaf_as_fe[96]
 VECTOR_ALIGNED __attribute__((visibility("hidden"))) = {
   {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x00e822938a0a0c0c,0x00263a61c9ea9216,0x001204029321b828,0x006a468360983c65,0x0002846f0a782143)},
   {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x006822938a0a0c0c,0x00263a61c9ea9215,0x001204029321b828,0x006a468360983c65,0x0082846f0a782143)},
diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h
index 72e94d5807..9258e0ade5 100644
--- a/crypto/ec/curve448/ed448.h
+++ b/crypto/ec/curve448/ed448.h
@@ -195,22 +195,22 @@ decaf_error_t decaf_ed448_verify_prehash (
  * @param [out] enc The encoded point.
  * @param [in] p The point.
  */       
-void decaf_448_point_mul_by_ratio_and_encode_like_eddsa (
+void curve448_point_mul_by_ratio_and_encode_like_eddsa (
     uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES],
-    const decaf_448_point_t p
+    const curve448_point_t p
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
 /**
  * @brief EdDSA point decoding.  Multiplies by DECAF_448_EDDSA_DECODE_RATIO,
  * and ignores cofactor information.
  *
- * See notes on decaf_448_point_mul_by_ratio_and_encode_like_eddsa
+ * See notes on curve448_point_mul_by_ratio_and_encode_like_eddsa
  *
  * @param [out] enc The encoded point.
  * @param [in] p The point.
  */       
-decaf_error_t decaf_448_point_decode_like_eddsa_and_mul_by_ratio (
-    decaf_448_point_t p,
+decaf_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio (
+    curve448_point_t p,
     const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index 2fa7d5dce2..7d44e2362b 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -20,7 +20,6 @@
 #include <string.h>
 
 #define API_NAME "decaf_448"
-#define API_NS(_id) decaf_448_##_id
 
 #define hash_ctx_t   decaf_shake256_ctx_t
 #define hash_init    decaf_shake256_init
@@ -121,8 +120,8 @@ void decaf_ed448_derive_public_key (
     );
     clamp(secret_scalar_ser);
         
-    API_NS(scalar_t) secret_scalar;
-    API_NS(scalar_decode_long)(secret_scalar, secret_scalar_ser, sizeof(secret_scalar_ser));
+    curve448_scalar_t secret_scalar;
+    curve448_scalar_decode_long(secret_scalar, secret_scalar_ser, sizeof(secret_scalar_ser));
     
     /* Since we are going to mul_by_cofactor during encoding, divide by it here.
      * However, the EdDSA base point is not the same as the decaf base point if
@@ -131,17 +130,17 @@ void decaf_ed448_derive_public_key (
      * picks up a factor of 2 from the isogenies.  So we might start at 2 instead of 1. 
      */
     for (unsigned int c=1; c<DECAF_448_EDDSA_ENCODE_RATIO; c <<= 1) {
-        API_NS(scalar_halve)(secret_scalar,secret_scalar);
+        curve448_scalar_halve(secret_scalar,secret_scalar);
     }
     
-    API_NS(point_t) p;
-    API_NS(precomputed_scalarmul)(p,API_NS(precomputed_base),secret_scalar);
+    curve448_point_t p;
+    curve448_precomputed_scalarmul(p,curve448_precomputed_base,secret_scalar);
     
-    API_NS(point_mul_by_ratio_and_encode_like_eddsa)(pubkey, p);
+    curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
         
     /* Cleanup */
-    API_NS(scalar_destroy)(secret_scalar);
-    API_NS(point_destroy)(p);
+    curve448_scalar_destroy(secret_scalar);
+    curve448_point_destroy(p);
     OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser));
 }
 
@@ -155,7 +154,7 @@ void decaf_ed448_sign (
     const uint8_t *context,
     uint8_t context_len
 ) {
-    API_NS(scalar_t) secret_scalar;
+    curve448_scalar_t secret_scalar;
     hash_ctx_t hash;
     {
         /* Schedule the secret key */
@@ -170,7 +169,7 @@ void decaf_ed448_sign (
             DECAF_EDDSA_448_PRIVATE_BYTES
         );
         clamp(expanded.secret_scalar_ser);   
-        API_NS(scalar_decode_long)(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser));
+        curve448_scalar_decode_long(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser));
     
         /* Hash to create the nonce */
         hash_init_with_dom(hash,prehashed,0,context,context_len);
@@ -180,31 +179,31 @@ void decaf_ed448_sign (
     }
     
     /* Decode the nonce */
-    API_NS(scalar_t) nonce_scalar;
+    curve448_scalar_t nonce_scalar;
     {
         uint8_t nonce[2*DECAF_EDDSA_448_PRIVATE_BYTES];
         hash_final(hash,nonce,sizeof(nonce));
-        API_NS(scalar_decode_long)(nonce_scalar, nonce, sizeof(nonce));
+        curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
         OPENSSL_cleanse(nonce, sizeof(nonce));
     }
     
     uint8_t nonce_point[DECAF_EDDSA_448_PUBLIC_BYTES] = {0};
     {
         /* Scalarmul to create the nonce-point */
-        API_NS(scalar_t) nonce_scalar_2;
-        API_NS(scalar_halve)(nonce_scalar_2,nonce_scalar);
+        curve448_scalar_t nonce_scalar_2;
+        curve448_scalar_halve(nonce_scalar_2,nonce_scalar);
         for (unsigned int c = 2; c < DECAF_448_EDDSA_ENCODE_RATIO; c <<= 1) {
-            API_NS(scalar_halve)(nonce_scalar_2,nonce_scalar_2);
+            curve448_scalar_halve(nonce_scalar_2,nonce_scalar_2);
         }
         
-        API_NS(point_t) p;
-        API_NS(precomputed_scalarmul)(p,API_NS(precomputed_base),nonce_scalar_2);
-        API_NS(point_mul_by_ratio_and_encode_like_eddsa)(nonce_point, p);
-        API_NS(point_destroy)(p);
-        API_NS(scalar_destroy)(nonce_scalar_2);
+        curve448_point_t p;
+        curve448_precomputed_scalarmul(p,curve448_precomputed_base,nonce_scalar_2);
+        curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
+        curve448_point_destroy(p);
+        curve448_scalar_destroy(nonce_scalar_2);
     }
     
-    API_NS(scalar_t) challenge_scalar;
+    curve448_scalar_t challenge_scalar;
     {
         /* Compute the challenge */
         hash_init_with_dom(hash,prehashed,0,context,context_len);
@@ -214,20 +213,20 @@ void decaf_ed448_sign (
         uint8_t challenge[2*DECAF_EDDSA_448_PRIVATE_BYTES];
         hash_final(hash,challenge,sizeof(challenge));
         hash_destroy(hash);
-        API_NS(scalar_decode_long)(challenge_scalar,challenge,sizeof(challenge));
+        curve448_scalar_decode_long(challenge_scalar,challenge,sizeof(challenge));
         OPENSSL_cleanse(challenge,sizeof(challenge));
     }
     
-    API_NS(scalar_mul)(challenge_scalar,challenge_scalar,secret_scalar);
-    API_NS(scalar_add)(challenge_scalar,challenge_scalar,nonce_scalar);
+    curve448_scalar_mul(challenge_scalar,challenge_scalar,secret_scalar);
+    curve448_scalar_add(challenge_scalar,challenge_scalar,nonce_scalar);
     
     OPENSSL_cleanse(signature,DECAF_EDDSA_448_SIGNATURE_BYTES);
     memcpy(signature,nonce_point,sizeof(nonce_point));
-    API_NS(scalar_encode)(&signature[DECAF_EDDSA_448_PUBLIC_BYTES],challenge_scalar);
+    curve448_scalar_encode(&signature[DECAF_EDDSA_448_PUBLIC_BYTES],challenge_scalar);
     
-    API_NS(scalar_destroy)(secret_scalar);
-    API_NS(scalar_destroy)(nonce_scalar);
-    API_NS(scalar_destroy)(challenge_scalar);
+    curve448_scalar_destroy(secret_scalar);
+    curve448_scalar_destroy(nonce_scalar);
+    curve448_scalar_destroy(challenge_scalar);
 }
 
 
@@ -260,14 +259,14 @@ decaf_error_t decaf_ed448_verify (
     const uint8_t *context,
     uint8_t context_len
 ) { 
-    API_NS(point_t) pk_point, r_point;
-    decaf_error_t error = API_NS(point_decode_like_eddsa_and_mul_by_ratio)(pk_point,pubkey);
+    curve448_point_t pk_point, r_point;
+    decaf_error_t error = curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point,pubkey);
     if (DECAF_SUCCESS != error) { return error; }
     
-    error = API_NS(point_decode_like_eddsa_and_mul_by_ratio)(r_point,signature);
+    error = curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point,signature);
     if (DECAF_SUCCESS != error) { return error; }
     
-    API_NS(scalar_t) challenge_scalar;
+    curve448_scalar_t challenge_scalar;
     {
         /* Compute the challenge */
         hash_ctx_t hash;
@@ -278,31 +277,31 @@ decaf_error_t decaf_ed448_verify (
         uint8_t challenge[2*DECAF_EDDSA_448_PRIVATE_BYTES];
         hash_final(hash,challenge,sizeof(challenge));
         hash_destroy(hash);
-        API_NS(scalar_decode_long)(challenge_scalar,challenge,sizeof(challenge));
+        curve448_scalar_decode_long(challenge_scalar,challenge,sizeof(challenge));
         OPENSSL_cleanse(challenge,sizeof(challenge));
     }
-    API_NS(scalar_sub)(challenge_scalar, API_NS(scalar_zero), challenge_scalar);
+    curve448_scalar_sub(challenge_scalar, curve448_scalar_zero, challenge_scalar);
     
-    API_NS(scalar_t) response_scalar;
-    API_NS(scalar_decode_long)(
+    curve448_scalar_t response_scalar;
+    curve448_scalar_decode_long(
         response_scalar,
         &signature[DECAF_EDDSA_448_PUBLIC_BYTES],
         DECAF_EDDSA_448_PRIVATE_BYTES
     );
     
     for (unsigned c=1; c<DECAF_448_EDDSA_DECODE_RATIO; c<<=1) {
-        API_NS(scalar_add)(response_scalar,response_scalar,response_scalar);
+        curve448_scalar_add(response_scalar,response_scalar,response_scalar);
     }
     
     
     /* pk_point = -c(x(P)) + (cx + k)G = kG */
-    API_NS(base_double_scalarmul_non_secret)(
+    curve448_base_double_scalarmul_non_secret(
         pk_point,
         response_scalar,
         pk_point,
         challenge_scalar
     );
-    return decaf_succeed_if(API_NS(point_eq(pk_point,r_point)));
+    return decaf_succeed_if(curve448_point_eq(pk_point,r_point));
 }
 
 
diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h
index ca2e17c828..31b4bb5f79 100644
--- a/crypto/ec/curve448/point_448.h
+++ b/crypto/ec/curve448/point_448.h
@@ -56,39 +56,39 @@ extern "C" {
 #define DECAF_X448_PRIVATE_BYTES 56
 
 /** Twisted Edwards extended homogeneous coordinates */
-typedef struct decaf_448_point_s {
+typedef struct curve448_point_s {
     /** @cond internal */
     gf_448_t x,y,z,t;
     /** @endcond */
-} decaf_448_point_t[1];
+} curve448_point_t[1];
 
 /** Precomputed table based on a point.  Can be trivial implementation. */
-struct decaf_448_precomputed_s;
+struct curve448_precomputed_s;
 
 /** Precomputed table based on a point.  Can be trivial implementation. */
-typedef struct decaf_448_precomputed_s decaf_448_precomputed_s; 
+typedef struct curve448_precomputed_s curve448_precomputed_s; 
 
 /** Scalar is stored packed, because we don't need the speed. */
-typedef struct decaf_448_scalar_s {
+typedef struct curve448_scalar_s {
     /** @cond internal */
     decaf_word_t limb[DECAF_448_SCALAR_LIMBS];
     /** @endcond */
-} decaf_448_scalar_t[1];
+} curve448_scalar_t[1];
 
 /** A scalar equal to 1. */
-extern const decaf_448_scalar_t decaf_448_scalar_one DECAF_API_VIS;
+extern const curve448_scalar_t curve448_scalar_one DECAF_API_VIS;
 
 /** A scalar equal to 0. */
-extern const decaf_448_scalar_t decaf_448_scalar_zero DECAF_API_VIS;
+extern const curve448_scalar_t curve448_scalar_zero DECAF_API_VIS;
 
 /** The identity point on the curve. */
-extern const decaf_448_point_t decaf_448_point_identity DECAF_API_VIS;
+extern const curve448_point_t curve448_point_identity DECAF_API_VIS;
 
 /** An arbitrarily chosen base point on the curve. */
-extern const decaf_448_point_t decaf_448_point_base DECAF_API_VIS;
+extern const curve448_point_t curve448_point_base DECAF_API_VIS;
 
 /** Precomputed table for the base point on the curve. */
-extern const struct decaf_448_precomputed_s *decaf_448_precomputed_base DECAF_API_VIS;
+extern const struct curve448_precomputed_s *curve448_precomputed_base DECAF_API_VIS;
 
 /**
  * @brief Read a scalar from wire format or from bytes.
@@ -100,8 +100,8 @@ extern const struct decaf_448_precomputed_s *decaf_448_precomputed_base DECAF_AP
  * @retval DECAF_FAILURE The scalar was greater than the modulus,
  * and has been reduced modulo that modulus.
  */
-decaf_error_t decaf_448_scalar_decode (
-    decaf_448_scalar_t out,
+decaf_error_t curve448_scalar_decode (
+    curve448_scalar_t out,
     const unsigned char ser[DECAF_448_SCALAR_BYTES]
 ) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
 
@@ -113,8 +113,8 @@ decaf_error_t decaf_448_scalar_decode (
  * @param [in] ser_len Length of serialized form.
  * @param [out] out Deserialized form.
  */
-void decaf_448_scalar_decode_long (
-    decaf_448_scalar_t out,
+void curve448_scalar_decode_long (
+    curve448_scalar_t out,
     const unsigned char *ser,
     size_t ser_len
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
@@ -125,9 +125,9 @@ void decaf_448_scalar_decode_long (
  * @param [out] ser Serialized form of a scalar.
  * @param [in] s Deserialized scalar.
  */
-void decaf_448_scalar_encode (
+void curve448_scalar_encode (
     unsigned char ser[DECAF_448_SCALAR_BYTES],
-    const decaf_448_scalar_t s
+    const curve448_scalar_t s
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE DECAF_NOINLINE;
         
 /**
@@ -136,10 +136,10 @@ void decaf_448_scalar_encode (
  * @param [in] b Another scalar.
  * @param [out] out a+b.
  */
-void decaf_448_scalar_add (
-    decaf_448_scalar_t out,
-    const decaf_448_scalar_t a,
-    const decaf_448_scalar_t b
+void curve448_scalar_add (
+    curve448_scalar_t out,
+    const curve448_scalar_t a,
+    const curve448_scalar_t b
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
 /**
@@ -149,9 +149,9 @@ void decaf_448_scalar_add (
  * @retval DECAF_TRUE The scalars are equal.
  * @retval DECAF_FALSE The scalars are not equal.
  */    
-decaf_bool_t decaf_448_scalar_eq (
-    const decaf_448_scalar_t a,
-    const decaf_448_scalar_t b
+decaf_bool_t curve448_scalar_eq (
+    const curve448_scalar_t a,
+    const curve448_scalar_t b
 ) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
 
 /**
@@ -160,10 +160,10 @@ decaf_bool_t decaf_448_scalar_eq (
  * @param [in] b Another scalar.
  * @param [out] out a-b.
  */  
-void decaf_448_scalar_sub (
-    decaf_448_scalar_t out,
-    const decaf_448_scalar_t a,
-    const decaf_448_scalar_t b
+void curve448_scalar_sub (
+    curve448_scalar_t out,
+    const curve448_scalar_t a,
+    const curve448_scalar_t b
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
 /**
@@ -172,10 +172,10 @@ void decaf_448_scalar_sub (
  * @param [in] b Another scalar.
  * @param [out] out a*b.
  */  
-void decaf_448_scalar_mul (
-    decaf_448_scalar_t out,
-    const decaf_448_scalar_t a,
-    const decaf_448_scalar_t b
+void curve448_scalar_mul (
+    curve448_scalar_t out,
+    const curve448_scalar_t a,
+    const curve448_scalar_t b
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
         
 /**
@@ -183,9 +183,9 @@ void decaf_448_scalar_mul (
 * @param [in] a A scalar.
 * @param [out] out a/2.
 */
-void decaf_448_scalar_halve (
-   decaf_448_scalar_t out,
-   const decaf_448_scalar_t a
+void curve448_scalar_halve (
+   curve448_scalar_t out,
+   const curve448_scalar_t a
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
 /**
@@ -194,9 +194,9 @@ void decaf_448_scalar_halve (
  * @param [out] out 1/a.
  * @return DECAF_SUCCESS The input is nonzero.
  */  
-decaf_error_t decaf_448_scalar_invert (
-    decaf_448_scalar_t out,
-    const decaf_448_scalar_t a
+decaf_error_t curve448_scalar_invert (
+    curve448_scalar_t out,
+    const curve448_scalar_t a
 ) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
 
 /**
@@ -205,9 +205,9 @@ decaf_error_t decaf_448_scalar_invert (
  * @param [in] a A scalar.
  * @param [out] out Will become a copy of a.
  */
-static inline void DECAF_NONNULL decaf_448_scalar_copy (
-    decaf_448_scalar_t out,
-    const decaf_448_scalar_t a
+static inline void DECAF_NONNULL curve448_scalar_copy (
+    curve448_scalar_t out,
+    const curve448_scalar_t a
 ) {
     *out = *a;
 }
@@ -217,8 +217,8 @@ static inline void DECAF_NONNULL decaf_448_scalar_copy (
  * @param [in] a An integer.
  * @param [out] out Will become equal to a.
  */  
-void decaf_448_scalar_set_unsigned (
-    decaf_448_scalar_t out,
+void curve448_scalar_set_unsigned (
+    curve448_scalar_t out,
     uint64_t a
 ) DECAF_API_VIS DECAF_NONNULL;
 
@@ -229,9 +229,9 @@ void decaf_448_scalar_set_unsigned (
  * @param [out] a A copy of the point.
  * @param [in] b Any point.
  */
-static inline void DECAF_NONNULL decaf_448_point_copy (
-    decaf_448_point_t a,
-    const decaf_448_point_t b
+static inline void DECAF_NONNULL curve448_point_copy (
+    curve448_point_t a,
+    const curve448_point_t b
 ) {
     *a=*b;
 }
@@ -245,21 +245,21 @@ static inline void DECAF_NONNULL decaf_448_point_copy (
  * @retval DECAF_TRUE The points are equal.
  * @retval DECAF_FALSE The points are not equal.
  */
-decaf_bool_t decaf_448_point_eq (
-    const decaf_448_point_t a,
-    const decaf_448_point_t b
+decaf_bool_t curve448_point_eq (
+    const curve448_point_t a,
+    const curve448_point_t b
 ) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
 
 /**
  * @brief Double a point.  Equivalent to
- * decaf_448_point_add(two_a,a,a), but potentially faster.
+ * curve448_point_add(two_a,a,a), but potentially faster.
  *
  * @param [out] two_a The sum a+a.
  * @param [in] a A point.
  */
-void decaf_448_point_double (
-    decaf_448_point_t two_a,
-    const decaf_448_point_t a
+void curve448_point_double (
+    curve448_point_t two_a,
+    const curve448_point_t a
 ) DECAF_API_VIS DECAF_NONNULL;
 
 /**
@@ -300,9 +300,9 @@ decaf_error_t decaf_x448 (
  * @param [out] out The scaled and encoded point.
  * @param [in] p The point to be scaled and encoded.
  */
-void decaf_448_point_mul_by_ratio_and_encode_like_x448 (
+void curve448_point_mul_by_ratio_and_encode_like_x448 (
     uint8_t out[DECAF_X448_PUBLIC_BYTES],
-    const decaf_448_point_t p
+    const curve448_point_t p
 ) DECAF_API_VIS DECAF_NONNULL;
 
 /** The base point for X448 Diffie-Hellman */
@@ -323,7 +323,7 @@ void decaf_x448_derive_public_key (
     const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
-/* FUTURE: uint8_t decaf_448_encode_like_curve448) */
+/* FUTURE: uint8_t curve448_encode_like_curve448) */
 
 /**
  * @brief Precompute a table for fast scalar multiplication.
@@ -334,9 +334,9 @@ void decaf_x448_derive_public_key (
  * @param [out] a A precomputed table of multiples of the point.
  * @param [in] b Any point.
  */
-void decaf_448_precompute (
-    decaf_448_precomputed_s *a,
-    const decaf_448_point_t b
+void curve448_precompute (
+    curve448_precomputed_s *a,
+    const curve448_point_t b
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
 /**
@@ -344,24 +344,24 @@ void decaf_448_precompute (
  * scaled = scalar*base.
  * Some implementations do not include precomputed points; for
  * those implementations, this function is the same as
- * decaf_448_point_scalarmul
+ * curve448_point_scalarmul
  *
  * @param [out] scaled The scaled point base*scalar
  * @param [in] base The point to be scaled.
  * @param [in] scalar The scalar to multiply by.
  */
-void decaf_448_precomputed_scalarmul (
-    decaf_448_point_t scaled,
-    const decaf_448_precomputed_s *base,
-    const decaf_448_scalar_t scalar
+void curve448_precomputed_scalarmul (
+    curve448_point_t scaled,
+    const curve448_precomputed_s *base,
+    const curve448_scalar_t scalar
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
 
 /**
  * @brief Multiply two base points by two scalars:
- * scaled = scalar1*decaf_448_point_base + scalar2*base2.
+ * scaled = scalar1*curve448_point_base + scalar2*base2.
  *
- * Otherwise equivalent to decaf_448_point_double_scalarmul, but may be
+ * Otherwise equivalent to curve448_point_double_scalarmul, but may be
  * faster at the expense of being variable time.
  *
  * @param [out] combo The linear combination scalar1*base + scalar2*base2.
@@ -372,11 +372,11 @@ void decaf_448_precomputed_scalarmul (
  * @warning: This function takes variable time, and may leak the scalars
  * used.  It is designed for signature verification.
  */
-void decaf_448_base_double_scalarmul_non_secret (
-    decaf_448_point_t combo,
-    const decaf_448_scalar_t scalar1,
-    const decaf_448_point_t base2,
-    const decaf_448_scalar_t scalar2
+void curve448_base_double_scalarmul_non_secret (
+    curve448_point_t combo,
+    const curve448_scalar_t scalar1,
+    const curve448_point_t base2,
+    const curve448_scalar_t scalar2
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
 /**
@@ -388,10 +388,10 @@ void decaf_448_base_double_scalarmul_non_secret (
  * @param [in] b Any scalar.
  * @param [in] pick_b If nonzero, choose scalar b.
  */
-void decaf_448_scalar_cond_sel (
-    decaf_448_scalar_t out,
-    const decaf_448_scalar_t a,
-    const decaf_448_scalar_t b,
+void curve448_scalar_cond_sel (
+    curve448_scalar_t out,
+    const curve448_scalar_t a,
+    const curve448_scalar_t b,
     decaf_word_t pick_b
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
@@ -402,8 +402,8 @@ void decaf_448_scalar_cond_sel (
  * @retval DECAF_TRUE The point is valid.
  * @retval DECAF_FALSE The point is invalid.
  */
-decaf_bool_t decaf_448_point_valid (
-    const decaf_448_point_t to_test
+decaf_bool_t curve448_point_valid (
+    const curve448_point_t to_test
 ) DECAF_API_VIS DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE;
 
 
@@ -412,7 +412,7 @@ decaf_bool_t decaf_448_point_valid (
  *
  * Call this function with the output of a hash to make a hash to the curve.
  *
- * This function runs Elligator2 on the decaf_448 Jacobi quartic model.  It then
+ * This function runs Elligator2 on the curve448 Jacobi quartic model.  It then
  * uses the isogeny to put the result in twisted Edwards form.  As a result,
  * it is safe (cannot produce points of order 4), and would be compatible with
  * hypothetical other implementations of Decaf using a Montgomery or untwisted
@@ -436,21 +436,21 @@ decaf_bool_t decaf_448_point_valid (
  * @param [out] pt The data hashed to the curve.
  */
 void
-decaf_448_point_from_hash_nonuniform (
-    decaf_448_point_t pt,
+curve448_point_from_hash_nonuniform (
+    curve448_point_t pt,
     const unsigned char hashed_data[DECAF_448_HASH_BYTES]
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
 /**
  * @brief Indifferentiable hash function encoding to curve.
  *
- * Equivalent to calling decaf_448_point_from_hash_nonuniform twice and adding.
+ * Equivalent to calling curve448_point_from_hash_nonuniform twice and adding.
  *
  * @param [in] hashed_data Output of some hash function.
  * @param [out] pt The data hashed to the curve.
  */ 
-void decaf_448_point_from_hash_uniform (
-    decaf_448_point_t pt,
+void curve448_point_from_hash_uniform (
+    curve448_point_t pt,
     const unsigned char hashed_data[2*DECAF_448_HASH_BYTES]
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE;
 
@@ -458,7 +458,7 @@ void decaf_448_point_from_hash_uniform (
  * @brief Inverse of elligator-like hash to curve.
  *
  * This function writes to the buffer, to make it so that
- * decaf_448_point_from_hash_nonuniform(buffer) = pt if
+ * curve448_point_from_hash_nonuniform(buffer) = pt if
  * possible.  Since there may be multiple preimages, the
  * "which" parameter chooses between them.  To ensure uniform
  * inverse sampling, this function succeeds or fails
@@ -483,9 +483,9 @@ void decaf_448_point_from_hash_uniform (
  * @retval DECAF_FAILURE The inverse failed.
  */
 decaf_error_t
-decaf_448_invert_elligator_nonuniform (
+curve448_invert_elligator_nonuniform (
     unsigned char recovered_hash[DECAF_448_HASH_BYTES],
-    const decaf_448_point_t pt,
+    const curve448_point_t pt,
     uint32_t which
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED;
 
@@ -493,7 +493,7 @@ decaf_448_invert_elligator_nonuniform (
  * @brief Inverse of elligator-like hash to curve.
  *
  * This function writes to the buffer, to make it so that
- * decaf_448_point_from_hash_uniform(buffer) = pt if
+ * curve448_point_from_hash_uniform(buffer) = pt if
  * possible.  Since there may be multiple preimages, the
  * "which" parameter chooses between them.  To ensure uniform
  * inverse sampling, this function succeeds or fails
@@ -508,24 +508,24 @@ decaf_448_invert_elligator_nonuniform (
  * @retval DECAF_FAILURE The inverse failed.
  */
 decaf_error_t
-decaf_448_invert_elligator_uniform (
+curve448_invert_elligator_uniform (
     unsigned char recovered_hash[2*DECAF_448_HASH_BYTES],
-    const decaf_448_point_t pt,
+    const curve448_point_t pt,
     uint32_t which
 ) DECAF_API_VIS DECAF_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED;
 
 /**
  * @brief Overwrite scalar with zeros.
  */
-void decaf_448_scalar_destroy (
-    decaf_448_scalar_t scalar
+void curve448_scalar_destroy (
+    curve448_scalar_t scalar
 ) DECAF_NONNULL DECAF_API_VIS;
 
 /**
  * @brief Overwrite point with zeros.
  */
-void decaf_448_point_destroy (
-    decaf_448_point_t point
+void curve448_point_destroy (
+    curve448_point_t point
 ) DECAF_NONNULL DECAF_API_VIS;
 
 #ifdef __cplusplus
diff --git a/crypto/ec/curve448/scalar.c b/crypto/ec/curve448/scalar.c
index c3c4643c07..cd8a5086f8 100644
--- a/crypto/ec/curve448/scalar.c
+++ b/crypto/ec/curve448/scalar.c
@@ -18,11 +18,10 @@
 #include "point_448.h"
 
 /* Template stuff */
-#define API_NS(_id) decaf_448_##_id
 #define SCALAR_BITS DECAF_448_SCALAR_BITS
 #define SCALAR_SER_BYTES DECAF_448_SCALAR_BYTES
 #define SCALAR_LIMBS DECAF_448_SCALAR_LIMBS
-#define scalar_t API_NS(scalar_t)
+#define scalar_t curve448_scalar_t
 
 static const decaf_word_t MONTGOMERY_FACTOR = (decaf_word_t)0x3bd440fae918bc5ull;
 static const scalar_t sc_p = {{{
@@ -34,7 +33,7 @@ static const scalar_t sc_p = {{{
 
 #define WBITS DECAF_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */
 
-const scalar_t API_NS(scalar_one) = {{{1}}}, API_NS(scalar_zero) = {{{0}}};
+const scalar_t curve448_scalar_one = {{{1}}}, curve448_scalar_zero = {{{0}}};
 
 /** {extra,accum} - sub +? p
  * Must have extra <= 1
@@ -101,7 +100,7 @@ static DECAF_NOINLINE void sc_montmul (
     sc_subx(out, accum, sc_p, sc_p, hi_carry);
 }
 
-void API_NS(scalar_mul) (
+void curve448_scalar_mul (
     scalar_t out,
     const scalar_t a,
     const scalar_t b
@@ -110,7 +109,7 @@ void API_NS(scalar_mul) (
     sc_montmul(out,out,sc_r2);
 }
 
-void API_NS(scalar_sub) (
+void curve448_scalar_sub (
     scalar_t out,
     const scalar_t a,
     const scalar_t b
@@ -118,7 +117,7 @@ void API_NS(scalar_sub) (
     sc_subx(out, a->limb, b, sc_p, 0);
 }
 
-void API_NS(scalar_add) (
+void curve448_scalar_add (
     scalar_t out,
     const scalar_t a,
     const scalar_t b
@@ -148,7 +147,7 @@ static DECAF_INLINE void scalar_decode_short (
     }
 }
 
-decaf_error_t API_NS(scalar_decode)(
+decaf_error_t curve448_scalar_decode(
     scalar_t s,
     const unsigned char ser[SCALAR_SER_BYTES]
 ) {
@@ -160,24 +159,24 @@ decaf_error_t API_NS(scalar_decode)(
     }
     /* Here accum == 0 or -1 */
     
-    API_NS(scalar_mul)(s,s,API_NS(scalar_one)); /* ham-handed reduce */
+    curve448_scalar_mul(s,s,curve448_scalar_one); /* ham-handed reduce */
     
     return decaf_succeed_if(~word_is_zero(accum));
 }
 
-void API_NS(scalar_destroy) (
+void curve448_scalar_destroy (
     scalar_t scalar
 ) {
     OPENSSL_cleanse(scalar, sizeof(scalar_t));
 }
 
-void API_NS(scalar_decode_long)(
+void curve448_scalar_decode_long(
     scalar_t s,
     const unsigned char *ser,
     size_t ser_len
 ) {
     if (ser_len == 0) {
-        API_NS(scalar_copy)(s, API_NS(scalar_zero));
+        curve448_scalar_copy(s, curve448_scalar_zero);
         return;
     }
     
@@ -192,24 +191,24 @@ void API_NS(scalar_decode_long)(
     if (ser_len == sizeof(scalar_t)) {
         assert(i==0);
         /* ham-handed reduce */
-        API_NS(scalar_mul)(s,t1,API_NS(scalar_one));
-        API_NS(scalar_destroy)(t1);
+        curve448_scalar_mul(s,t1,curve448_scalar_one);
+        curve448_scalar_destroy(t1);
         return;
     }
 
     while (i) {
         i -= SCALAR_SER_BYTES;
         sc_montmul(t1,t1,sc_r2);
-        ignore_result( API_NS(scalar_decode)(t2, ser+i) );
-        API_NS(scalar_add)(t1, t1, t2);
+        ignore_result( curve448_scalar_decode(t2, ser+i) );
+        curve448_scalar_add(t1, t1, t2);
     }
 
-    API_NS(scalar_copy)(s, t1);
-    API_NS(scalar_destroy)(t1);
-    API_NS(scalar_destroy)(t2);
+    curve448_scalar_copy(s, t1);
+    curve448_scalar_destroy(t1);
+    curve448_scalar_destroy(t2);
 }
 
-void API_NS(scalar_encode)(
+void curve448_scalar_encode(
     unsigned char ser[SCALAR_SER_BYTES],
     const scalar_t s
 ) {
@@ -221,7 +220,7 @@ void API_NS(scalar_encode)(
     }
 }
 
-void API_NS(scalar_halve) (
+void curve448_scalar_halve (
     scalar_t out,
     const scalar_t a
 ) {
-- 
2.25.1