diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-04-18 16:19:29 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-04-18 16:19:29 +0200 |
| commit | 66f34df177ef78a9c52f8cc299352e1630f4907f (patch) | |
| tree | a625240f110a63e2dcd12c4b544e7029a5de1091 | |
| parent | bd86cc24adeddd8738cf1a6e6178124cb181e386 (diff) | |
-SCALARPRODUCT: fix test_ecc_scalarproduct FTBFS (test still fails)
| -rw-r--r-- | src/scalarproduct/Makefile.am | 2 | ||||
| -rw-r--r-- | src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c | 7 | ||||
| -rw-r--r-- | src/scalarproduct/test_ecc_scalarproduct.c | 214 |
3 files changed, 132 insertions, 91 deletions
diff --git a/src/scalarproduct/Makefile.am b/src/scalarproduct/Makefile.am index 4b3486dda..cf05e8377 100644 --- a/src/scalarproduct/Makefile.am +++ b/src/scalarproduct/Makefile.am @@ -113,4 +113,4 @@ test_ecc_scalarproduct_SOURCES = \ test_ecc_scalarproduct.c test_ecc_scalarproduct_LDADD = \ $(top_builddir)/src/util/libgnunetutil.la \ - -lgcrypt + -lsodium diff --git a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c index 59f422f9e..b5c49e85d 100644 --- a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c +++ b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c @@ -591,8 +591,9 @@ send_alices_cryptodata_message (struct AliceServiceSession *s) /* r_i = random() mod n */ GNUNET_CRYPTO_ecc_random_mod_n (&r_i); /* g_i = g^{r_i} */ - GNUNET_CRYPTO_ecc_dexp_mpi (&r_i, - &g_i); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_dexp_mpi (&r_i, + &g_i)); /* r_ia = r_i * a */ crypto_core_ed25519_scalar_mul (&r_ia.v[0], &r_i.v[0], @@ -602,9 +603,9 @@ send_alices_cryptodata_message (struct AliceServiceSession *s) int64_t val = s->sorted_elements[i].value; struct GNUNET_CRYPTO_EccScalar vali; - r_ia_ai = r_ia; GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val, &vali); + r_ia_ai = r_ia; if (val > 0) sodium_add (r_ia_ai.v, vali.v, diff --git a/src/scalarproduct/test_ecc_scalarproduct.c b/src/scalarproduct/test_ecc_scalarproduct.c index eced3ef6a..8d3d716fb 100644 --- a/src/scalarproduct/test_ecc_scalarproduct.c +++ b/src/scalarproduct/test_ecc_scalarproduct.c @@ -45,20 +45,17 @@ test_sp (const unsigned int *avec, const unsigned int *bvec) { unsigned int len; - unsigned int i; - gcry_mpi_t a; - gcry_mpi_t a_inv; - gcry_mpi_t ri; - gcry_mpi_t val; - gcry_mpi_t ria; - gcry_mpi_t tmp; - gcry_mpi_point_t *g; - gcry_mpi_point_t *h; - gcry_mpi_point_t pg; - gcry_mpi_point_t ph; - gcry_mpi_point_t pgi; - gcry_mpi_point_t gsp; - int sp; + struct GNUNET_CRYPTO_EccScalar a; + struct GNUNET_CRYPTO_EccScalar a_inv; + struct GNUNET_CRYPTO_EccScalar ri; + struct GNUNET_CRYPTO_EccScalar ria; + struct GNUNET_CRYPTO_EccScalar tmp; + struct GNUNET_CRYPTO_EccPoint *g; + struct GNUNET_CRYPTO_EccPoint *h; + struct GNUNET_CRYPTO_EccPoint pg; + struct GNUNET_CRYPTO_EccPoint ph; + struct GNUNET_CRYPTO_EccPoint pgi; + struct GNUNET_CRYPTO_EccPoint gsp; /* determine length */ for (len = 0; 0 != avec[len]; len++) @@ -67,90 +64,133 @@ test_sp (const unsigned int *avec, return 0; /* Alice */ - GNUNET_CRYPTO_ecc_rnd_mpi (edc, - &a, &a_inv); + GNUNET_CRYPTO_ecc_rnd_mpi (&a, + &a_inv); g = GNUNET_new_array (len, - gcry_mpi_point_t); + struct GNUNET_CRYPTO_EccPoint); h = GNUNET_new_array (len, - gcry_mpi_point_t); - ria = gcry_mpi_new (0); - tmp = gcry_mpi_new (0); - for (i = 0; i < len; i++) + struct GNUNET_CRYPTO_EccPoint); + for (unsigned int i = 0; i < len; i++) { - ri = GNUNET_CRYPTO_ecc_random_mod_n (edc); - g[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc, - ri); + GNUNET_CRYPTO_ecc_random_mod_n (&ri); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_dexp_mpi (&ri, + &g[i])); /* ria = ri * a */ - gcry_mpi_mul (ria, - ri, - a); + crypto_core_ed25519_scalar_mul (&ria.v[0], + &ri.v[0], + &a.v[0]); /* tmp = ria + avec[i] */ - gcry_mpi_add_ui (tmp, - ria, - avec[i]); - h[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc, - tmp); + { + int64_t val = avec[i]; + struct GNUNET_CRYPTO_EccScalar vali; + + GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val, + &vali); + tmp = ria; + if (val > 0) + sodium_add (tmp.v, + vali.v, + sizeof (vali.v)); + else + sodium_sub (tmp.v, + vali.v, + sizeof (vali.v)); + } + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_dexp_mpi (&tmp, + &h[i])); } - gcry_mpi_release (ria); - gcry_mpi_release (tmp); /* Bob */ - val = gcry_mpi_new (0); - gcry_mpi_set_ui (val, bvec[0]); - pg = GNUNET_CRYPTO_ecc_pmul_mpi (edc, - g[0], - val); - ph = GNUNET_CRYPTO_ecc_pmul_mpi (edc, - h[0], - val); - for (i = 1; i < len; i++) { - gcry_mpi_point_t m; - gcry_mpi_point_t tmp; - - gcry_mpi_set_ui (val, bvec[i]); - m = GNUNET_CRYPTO_ecc_pmul_mpi (edc, - g[i], - val); - tmp = GNUNET_CRYPTO_ecc_add (edc, - m, - pg); - gcry_mpi_point_release (m); - gcry_mpi_point_release (pg); - gcry_mpi_point_release (g[i]); - pg = tmp; - - m = GNUNET_CRYPTO_ecc_pmul_mpi (edc, - h[i], - val); - tmp = GNUNET_CRYPTO_ecc_add (edc, - m, - ph); - gcry_mpi_point_release (m); - gcry_mpi_point_release (ph); - gcry_mpi_point_release (h[i]); - ph = tmp; + int64_t val = bvec[0]; + struct GNUNET_CRYPTO_EccScalar vali; + + GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val, + &vali); + if (val < 0) + crypto_core_ed25519_scalar_negate (&vali.v[0], + &vali.v[0]); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_pmul_mpi (&g[0], + &vali, + &pg)); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_pmul_mpi (&h[0], + &vali, + &ph)); + } + for (unsigned int i = 0; i < len; i++) + { + struct GNUNET_CRYPTO_EccPoint m; + + { + int64_t val = bvec[i]; + struct GNUNET_CRYPTO_EccScalar vali; + + GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val, + &vali); + if (val < 0) + crypto_core_ed25519_scalar_negate (&vali.v[0], + &vali.v[0]); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_pmul_mpi (&g[i], + &vali, + &m)); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_pmul_mpi (&h[i], + &vali, + &m)); + } + + if (0 != i) + { + struct GNUNET_CRYPTO_EccPoint tmp; + + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_add (&m, + &pg, + &tmp)); + pg = tmp; + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_add (&m, + &ph, + &tmp)); + ph = tmp; + } } - gcry_mpi_release (val); GNUNET_free (g); GNUNET_free (h); /* Alice */ - pgi = GNUNET_CRYPTO_ecc_pmul_mpi (edc, - pg, - a_inv); - gsp = GNUNET_CRYPTO_ecc_add (edc, - pgi, - ph); - gcry_mpi_point_release (pgi); - gcry_mpi_point_release (ph); - sp = GNUNET_CRYPTO_ecc_dlog (edc, - gsp); - gcry_mpi_point_release (gsp); - return sp; + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_pmul_mpi (&pg, + &a_inv, + &pgi)); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_add (&pgi, + &ph, + &gsp)); + return GNUNET_CRYPTO_ecc_dlog (edc, + &gsp); } +/** + * Macro that checks that @a want is equal to @a have and + * if not returns with a failure code. + */ +#define CHECK(want,have) do { \ + if (want != have) { \ + GNUNET_break (0); \ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, \ + "Wanted %d, got %d\n", want, have); \ + GNUNET_CRYPTO_ecc_dlog_release (edc); \ + return 1; \ + } } while (0) + + int main (int argc, char *argv[]) { @@ -163,12 +203,12 @@ main (int argc, char *argv[]) "WARNING", NULL); edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128); - GNUNET_assert (2 == test_sp (v11, v11)); - GNUNET_assert (4 == test_sp (v22, v11)); - GNUNET_assert (8 == test_sp (v35, v11)); - GNUNET_assert (26 == test_sp (v35, v24)); - GNUNET_assert (26 == test_sp (v24, v35)); - GNUNET_assert (16 == test_sp (v22, v35)); + CHECK (2, test_sp (v11, v11)); + CHECK (4, test_sp (v22, v11)); + CHECK (8, test_sp (v35, v11)); + CHECK (26, test_sp (v35, v24)); + CHECK (26, test_sp (v24, v35)); + CHECK (16, test_sp (v22, v35)); GNUNET_CRYPTO_ecc_dlog_release (edc); return 0; } |