summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2021-03-30 00:04:31 +0200
committerMartin Schanzenbach <mschanzenbach@posteo.de>2021-03-30 00:04:31 +0200
commita33757b1e56920408f7da07c3e8ca2e1a48c8b06 (patch)
tree2dcac797cb5d8b9735a7d2d871d43e8c6dd73874
parent3515b8cb39b2c240a6d4af298d83862fb7a502d0 (diff)
-hacking dlog with libsodium; ftbfs
-rw-r--r--src/include/gnunet_crypto_lib.h41
-rw-r--r--src/util/crypto_ecc_dlog.c339
-rw-r--r--src/util/test_crypto_ecc_dlog.c65
3 files changed, 252 insertions, 193 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index d01457b4a..0804bcfa9 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1443,9 +1443,16 @@ struct GNUNET_CRYPTO_EccPoint
* Q consists of an x- and a y-value, each mod p (256 bits), given
* here in affine coordinates and Ed25519 standard compact format.
*/
- unsigned char q_y[256 / 8];
+ unsigned char v[256 / 8];
};
+/**
+ * A ECC scalar for use in point multiplications
+ */
+struct GNUNET_CRYPTO_EccScalar
+{
+ unsigned char v[256 / 8]; //TODO probably too small
+};
/**
* Do pre-calculation for ECC discrete logarithm for small factors.
@@ -1468,7 +1475,7 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, unsigned int mem);
*/
int
GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t input);
+ const struct GNUNET_CRYPTO_EccPoint *input);
/**
@@ -1484,7 +1491,7 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @return representation of the value as an ECC point,
* must be freed using #GNUNET_CRYPTO_ecc_free()
*/
-gcry_mpi_point_t
+struct GNUNET_CRYPTO_EccPoint*
GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val);
@@ -1497,9 +1504,9 @@ GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val);
* @return representation of the value as an ECC point,
* must be freed using #GNUNET_CRYPTO_ecc_free()
*/
-gcry_mpi_point_t
+struct GNUNET_CRYPTO_EccPoint*
GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_t val);
+ const struct GNUNET_CRYPTO_EccScalar *val);
/**
@@ -1511,10 +1518,10 @@ GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @return representation of the value as an ECC point,
* must be freed using #GNUNET_CRYPTO_ecc_free()
*/
-gcry_mpi_point_t
+struct GNUNET_CRYPTO_EccPoint*
GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t p,
- gcry_mpi_t val);
+ const struct GNUNET_CRYPTO_EccPoint *p,
+ const struct GNUNET_CRYPTO_EccScalar *val);
/**
@@ -1550,10 +1557,10 @@ GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @param b some value
* @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
*/
-gcry_mpi_point_t
+struct GNUNET_CRYPTO_EccPoint*
GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t a,
- gcry_mpi_point_t b);
+ const struct GNUNET_CRYPTO_EccPoint *a,
+ const struct GNUNET_CRYPTO_EccPoint *b);
/**
@@ -1567,8 +1574,8 @@ GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
*/
void
GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t *r,
- gcry_mpi_point_t *r_inv);
+ struct GNUNET_CRYPTO_EccPoint **r,
+ struct GNUNET_CRYPTO_EccPoint **r_inv);
/**
@@ -1581,8 +1588,8 @@ GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
*/
void
GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_t *r,
- gcry_mpi_t *r_inv);
+ struct GNUNET_CRYPTO_EccScalar **r,
+ struct GNUNET_CRYPTO_EccScalar **r_inv);
/**
@@ -1591,7 +1598,7 @@ GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @param edc ECC context
* @return random value mod n.
*/
-gcry_mpi_t
+struct GNUNET_CRYPTO_EccScalar*
GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc);
@@ -1601,7 +1608,7 @@ GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc);
* @param p point to free
*/
void
-GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p);
+GNUNET_CRYPTO_ecc_free (struct GNUNET_CRYPTO_EccPoint* p);
/**
diff --git a/src/util/crypto_ecc_dlog.c b/src/util/crypto_ecc_dlog.c
index 408d64e58..33fc3f0e4 100644
--- a/src/util/crypto_ecc_dlog.c
+++ b/src/util/crypto_ecc_dlog.c
@@ -91,62 +91,6 @@ struct GNUNET_CRYPTO_EccDlogContext
/**
- * Convert point value to binary representation.
- *
- * @param edc calculation context for ECC operations
- * @param point computational point representation
- * @param[out] bin binary point representation
- */
-void
-GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t point,
- struct GNUNET_CRYPTO_EccPoint *bin)
-{
- gcry_mpi_t q_y;
-
- GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx));
- q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0);
- GNUNET_assert (q_y);
- GNUNET_CRYPTO_mpi_print_unsigned (bin->q_y,
- sizeof(bin->q_y),
- q_y);
- gcry_mpi_release (q_y);
-}
-
-
-/**
- * Convert binary representation of a point to computational representation.
- *
- * @param edc calculation context for ECC operations
- * @param bin binary point representation
- * @return computational representation
- */
-gcry_mpi_point_t
-GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc,
- const struct GNUNET_CRYPTO_EccPoint *bin)
-{
- gcry_sexp_t pub_sexpr;
- gcry_ctx_t ctx;
- gcry_mpi_point_t q;
-
- (void) edc;
- if (0 != gcry_sexp_build (&pub_sexpr, NULL,
- "(public-key(ecc(curve " CURVE ")(q %b)))",
- (int) sizeof(bin->q_y),
- bin->q_y))
- {
- GNUNET_break (0);
- return NULL;
- }
- GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
- gcry_sexp_release (pub_sexpr);
- q = gcry_mpi_ec_get_point ("q", ctx, 0);
- gcry_ctx_release (ctx);
- return q;
-}
-
-
-/**
* Do pre-calculation for ECC discrete logarithm for small factors.
*
* @param max maximum value the factor can be
@@ -159,11 +103,11 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
{
struct GNUNET_CRYPTO_EccDlogContext *edc;
unsigned int K = ((max + (mem - 1)) / mem);
- gcry_mpi_point_t g;
+ // gcry_mpi_point_t g;
struct GNUNET_PeerIdentity key;
- gcry_mpi_point_t gKi;
- gcry_mpi_t fact;
- gcry_mpi_t n;
+ // gcry_mpi_point_t gKi;
+ // gcry_mpi_t fact;
+ // gcry_mpi_t n;
unsigned int i;
GNUNET_assert (max < INT32_MAX);
@@ -174,18 +118,38 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
edc->map = GNUNET_CONTAINER_multipeermap_create (mem * 2,
GNUNET_NO);
- GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
+ /*GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
NULL,
CURVE));
g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
GNUNET_assert (NULL != g);
fact = gcry_mpi_new (0);
- gKi = gcry_mpi_point_new (0);
- for (i = 0; i <= mem; i++)
+ gKi = gcry_mpi_point_new (0);*/
+ unsigned char fact[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
+ unsigned char Ki[crypto_scalarmult_ed25519_SCALARBYTES];
+ unsigned char nKi[crypto_scalarmult_ed25519_SCALARBYTES];
+ unsigned int Kle = htonl (K);
+ unsigned char Kles[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
+ memset (fact, 0, sizeof (fact));
+ memset (Ki, 0, sizeof (Ki));
+ memset (nKi, 0, sizeof (nKi));
+ memset (Kles, 0, sizeof (Kles));
+ // memcpy (Kles, &Kle, sizeof (Kle));
+ for (i = 0; i < K; i++)
+ sodium_increment (Kles, sizeof (Kles));
+ for (i = 1; i <= mem; i++)
{
- gcry_mpi_set_ui (fact, i * K);
+ sodium_increment (fact, sizeof (fact));
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Calculating #%u\n", i);
+ memset (Ki, 0, sizeof (Ki));
+ crypto_core_ed25519_scalar_mul (Ki, fact, Kles);
+ GNUNET_assert (0 ==
+ crypto_scalarmult_ed25519_base_noclamp ((unsigned
+ char*) &key, Ki));
+ /*gcry_mpi_set_ui (fact, i * K);
gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
- extract_pk (gKi, edc->ctx, &key);
+ extract_pk (gKi, edc->ctx, &key);*/
GNUNET_assert (GNUNET_OK ==
GNUNET_CONTAINER_multipeermap_put (edc->map,
&key,
@@ -193,23 +157,30 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
}
/* negative values */
- n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
+ // n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
+ memset (fact, 0, sizeof (fact));
for (i = 1; i < mem; i++)
{
- gcry_mpi_set_ui (fact, i * K);
+ sodium_increment (fact, sizeof (fact));
+ memset (Ki, 0, sizeof (Ki));
+ memset (nKi, 0, sizeof (nKi));
+ crypto_core_ed25519_scalar_mul (Ki, fact, Kles);
+ crypto_core_ed25519_scalar_negate (nKi, Ki);
+ crypto_scalarmult_ed25519_base_noclamp ((unsigned char*) &key, nKi);
+ /*gcry_mpi_set_ui (fact, i * K);
gcry_mpi_sub (fact, n, fact);
gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
- extract_pk (gKi, edc->ctx, &key);
+ extract_pk (gKi, edc->ctx, &key);*/
GNUNET_assert (GNUNET_OK ==
GNUNET_CONTAINER_multipeermap_put (edc->map,
&key,
(void *) (long) max - i,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
}
- gcry_mpi_release (fact);
+ /*gcry_mpi_release (fact);
gcry_mpi_release (n);
gcry_mpi_point_release (gKi);
- gcry_mpi_point_release (g);
+ gcry_mpi_point_release (g);*/
return edc;
}
@@ -223,27 +194,41 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
*/
int
GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t input)
+ const struct GNUNET_CRYPTO_EccPoint *input)
{
unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);
- gcry_mpi_point_t g;
+ // gcry_mpi_point_t g;
struct GNUNET_PeerIdentity key;
- gcry_mpi_point_t q;
+ // gcry_mpi_point_t q;
unsigned int i;
int res;
void *retp;
- g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
+ unsigned char g[crypto_scalarmult_BYTES];
+ unsigned char q[crypto_scalarmult_BYTES];
+ unsigned char fact[crypto_scalarmult_BYTES];
+ memset (g, 0, crypto_scalarmult_BYTES);
+ memset (q, 0, crypto_scalarmult_BYTES);
+ memset (fact, 0, crypto_scalarmult_BYTES);
+ sodium_increment (fact, sizeof (fact));
+ crypto_scalarmult_ed25519_base_noclamp (g, fact);
+ /*g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
GNUNET_assert (NULL != g);
- q = gcry_mpi_point_new (0);
+ q = gcry_mpi_point_new (0);*/
+ // unsigned char key[crypto_scalarmult_BYTES];
+ memset (&key, 0, crypto_scalarmult_BYTES);
res = INT_MAX;
for (i = 0; i <= edc->max / edc->mem; i++)
{
- if (0 == i)
+ /*if (0 == i)
extract_pk (input, edc->ctx, &key);
else
- extract_pk (q, edc->ctx, &key);
+ extract_pk (q, edc->ctx, &key);*/
+ if (0 == i)
+ memcpy (&key, input, crypto_scalarmult_BYTES);
+ else
+ memcpy (&key, q, crypto_scalarmult_BYTES);
retp = GNUNET_CONTAINER_multipeermap_get (edc->map,
&key);
if (NULL != retp)
@@ -256,13 +241,17 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
if (i == edc->max / edc->mem)
break;
/* q = q + g */
- if (0 == i)
+ /*if (0 == i)
gcry_mpi_ec_add (q, input, g, edc->ctx);
else
- gcry_mpi_ec_add (q, q, g, edc->ctx);
+ gcry_mpi_ec_add (q, q, g, edc->ctx);*/
+ if (0 == i)
+ crypto_core_ed25519_add (q, input->v, g);
+ else
+ crypto_core_ed25519_add (q, q, g);
}
- gcry_mpi_point_release (g);
- gcry_mpi_point_release (q);
+ // gcry_mpi_point_release (g);
+ // gcry_mpi_point_release (q);
return res;
}
@@ -274,24 +263,28 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @param edc ECC context
* @return random value mod n.
*/
-gcry_mpi_t
+struct GNUNET_CRYPTO_EccScalar*
GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
{
- gcry_mpi_t n;
+ /*gcry_mpi_t n;
unsigned int highbit;
- gcry_mpi_t r;
+ gcry_mpi_t r;*/
+ struct GNUNET_CRYPTO_EccScalar *res;
- n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
+ res = GNUNET_new (struct GNUNET_CRYPTO_EccScalar);
+ crypto_core_ed25519_scalar_random (res->v);
+ return res;
+ // n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
/* check public key for number of bits, bail out if key is all zeros */
- highbit = 256; /* Curve25519 */
- while ((! gcry_mpi_test_bit (n, highbit)) &&
- (0 != highbit))
- highbit--;
- GNUNET_assert (0 != highbit);
+ // highbit = 256; /* Curve25519 */
+ // while ((! gcry_mpi_test_bit (n, highbit)) &&
+ // (0 != highbit))
+ // highbit--;
+ // GNUNET_assert (0 != highbit);
/* generate fact < n (without bias) */
- GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
- do
+ // GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
+ /*do
{
gcry_mpi_randomize (r,
highbit + 1,
@@ -299,7 +292,7 @@ GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
}
while (gcry_mpi_cmp (r, n) >= 0);
gcry_mpi_release (n);
- return r;
+ return r;*/
}
@@ -311,7 +304,7 @@ GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
void
GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
{
- gcry_ctx_release (edc->ctx);
+ // gcry_ctx_release (edc->ctx);
GNUNET_CONTAINER_multipeermap_destroy (edc->map);
GNUNET_free (edc);
}
@@ -330,34 +323,51 @@ GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
* @return representation of the value as an ECC point,
* must be freed using #GNUNET_CRYPTO_ecc_free()
*/
-gcry_mpi_point_t
+struct GNUNET_CRYPTO_EccPoint*
GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
int val)
{
- gcry_mpi_t fact;
+ /*gcry_mpi_t fact;
gcry_mpi_t n;
gcry_mpi_point_t g;
gcry_mpi_point_t r;
g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
GNUNET_assert (NULL != g);
- fact = gcry_mpi_new (0);
+ fact = gcry_mpi_new (0);*/
+ struct GNUNET_CRYPTO_EccPoint *r;
+ r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+ unsigned char fact[crypto_scalarmult_ed25519_SCALARBYTES];
+ unsigned char nFact[crypto_scalarmult_ed25519_SCALARBYTES];
+ unsigned int valLe = htonl (val); // little-endian
+ memset (fact, 0, sizeof (fact));
+ memset (nFact, 0, sizeof (fact));
+ // memcpy (fact, &valLe, sizeof (valLe));
if (val < 0)
{
- n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
+ for (int i = 0; i < -val; i++)
+ sodium_increment (fact, sizeof (fact));
+ crypto_core_ed25519_scalar_negate (nFact, fact);
+ crypto_scalarmult_ed25519_base_noclamp (r->v, nFact);
+
+ /* = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
gcry_mpi_set_ui (fact, -val);
gcry_mpi_sub (fact, n, fact);
- gcry_mpi_release (n);
+ gcry_mpi_release (n);*/
}
else
{
- gcry_mpi_set_ui (fact, val);
+ for (int i = 0; i < val; i++)
+ sodium_increment (fact, sizeof (fact));
+ crypto_scalarmult_ed25519_base_noclamp (r->v, fact);
+ /*gcry_mpi_set_ui (fact, val);*/
}
- r = gcry_mpi_point_new (0);
+ return r;
+ /*r = gcry_mpi_point_new (0);
gcry_mpi_ec_mul (r, fact, g, edc->ctx);
gcry_mpi_release (fact);
gcry_mpi_point_release (g);
- return r;
+ return r;*/
}
@@ -370,19 +380,22 @@ GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @return representation of the value as an ECC point,
* must be freed using #GNUNET_CRYPTO_ecc_free()
*/
-gcry_mpi_point_t
+struct GNUNET_CRYPTO_EccPoint*
GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_t val)
+ const struct GNUNET_CRYPTO_EccScalar *val)
{
- gcry_mpi_point_t g;
- gcry_mpi_point_t r;
+ // gcry_mpi_point_t g;
+ // gcry_mpi_point_t r;
+ struct GNUNET_CRYPTO_EccPoint *r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+ GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r->v, val->v));
+ return r;
- g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
+ /*g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
GNUNET_assert (NULL != g);
r = gcry_mpi_point_new (0);
gcry_mpi_ec_mul (r, val, g, edc->ctx);
gcry_mpi_point_release (g);
- return r;
+ return r;*/
}
@@ -394,16 +407,18 @@ GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @param b some value
* @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
*/
-gcry_mpi_point_t
+struct GNUNET_CRYPTO_EccPoint*
GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t a,
- gcry_mpi_point_t b)
+ const struct GNUNET_CRYPTO_EccPoint *a,
+ const struct GNUNET_CRYPTO_EccPoint *b)
{
- gcry_mpi_point_t r;
-
- r = gcry_mpi_point_new (0);
- gcry_mpi_ec_add (r, a, b, edc->ctx);
+ // gcry_mpi_point_t r;
+ struct GNUNET_CRYPTO_EccPoint *r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+ crypto_core_ed25519_add (r->v, a->v, b->v);
return r;
+ /*r = gcry_mpi_point_new (0);
+ gcry_mpi_ec_add (r, a, b, edc->ctx);
+ return r;*/
}
@@ -416,16 +431,20 @@ GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @return representation of the value as an ECC point,
* must be freed using #GNUNET_CRYPTO_ecc_free()
*/
-gcry_mpi_point_t
+struct GNUNET_CRYPTO_EccPoint*
GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t p,
- gcry_mpi_t val)
+ const struct GNUNET_CRYPTO_EccPoint *p,
+ const struct GNUNET_CRYPTO_EccScalar *val)
{
- gcry_mpi_point_t r;
+ struct GNUNET_CRYPTO_EccPoint *r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+ GNUNET_assert (0 ==
+ crypto_scalarmult_ed25519_noclamp (r->v, val->v, p->v));
+ return r;
+ /*gcry_mpi_point_t r;
r = gcry_mpi_point_new (0);
gcry_mpi_ec_mul (r, val, p, edc->ctx);
- return r;
+ return r;*/
}
@@ -440,30 +459,39 @@ GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
*/
void
GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t *r,
- gcry_mpi_point_t *r_inv)
+ struct GNUNET_CRYPTO_EccPoint **r,
+ struct GNUNET_CRYPTO_EccPoint **r_inv)
{
- gcry_mpi_t fact;
+ /*gcry_mpi_t fact;
gcry_mpi_t n;
- gcry_mpi_point_t g;
-
- fact = GNUNET_CRYPTO_ecc_random_mod_n (edc);
+ gcry_mpi_point_t g;*/
+
+ struct GNUNET_CRYPTO_EccScalar *s = GNUNET_CRYPTO_ecc_random_mod_n (edc);
+ *r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+ GNUNET_assert (0 ==
+ crypto_scalarmult_ed25519_base_noclamp ((*r)->v, s->v));
+ *r_inv = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+ unsigned char inv_s[crypto_scalarmult_ed25519_SCALARBYTES];
+ crypto_core_ed25519_scalar_negate (inv_s, s->v);
+ GNUNET_assert (0 ==
+ crypto_scalarmult_ed25519_base_noclamp ((*r_inv)->v, inv_s));
+ GNUNET_free (s);
/* calculate 'r' */
- g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
+ /*g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
GNUNET_assert (NULL != g);
*r = gcry_mpi_point_new (0);
gcry_mpi_ec_mul (*r, fact, g, edc->ctx);
-
+*/
/* calculate 'r_inv' */
- n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
- gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */
- *r_inv = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);
-
- gcry_mpi_release (n);
- gcry_mpi_release (fact);
- gcry_mpi_point_release (g);
+ // n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
+ // gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */
+ // *r_inv = gcry_mpi_point_new (0);
+ // gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);
+
+ // gcry_mpi_release (n);
+ // gcry_mpi_release (fact);
+ // gcry_mpi_point_release (g);
}
@@ -477,16 +505,13 @@ GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
*/
void
GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_t *r,
- gcry_mpi_t *r_inv)
+ struct GNUNET_CRYPTO_EccScalar **r,
+ struct GNUNET_CRYPTO_EccScalar **r_inv)
{
- gcry_mpi_t n;
*r = GNUNET_CRYPTO_ecc_random_mod_n (edc);
- /* r_inv = n - r = - r */
- *r_inv = gcry_mpi_new (0);
- n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
- gcry_mpi_sub (*r_inv, n, *r);
+ *r_inv = GNUNET_CRYPTO_ecc_random_mod_n (edc);
+ crypto_core_ed25519_scalar_invert ((*r_inv)->v, (*r)->v);
}
@@ -496,9 +521,33 @@ GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
* @param p point to free
*/
void
-GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p)
+GNUNET_CRYPTO_ecc_free (struct GNUNET_CRYPTO_EccPoint *p)
+{
+ GNUNET_free (p);
+}
+
+struct GNUNET_CRYPTO_EccScalar*
+GNUNET_CRYPTO_ecc_scalar_from_int (int val)
{
- gcry_mpi_point_release (p);
+ struct GNUNET_CRYPTO_EccScalar *ret;
+
+ ret = GNUNET_new (struct GNUNET_CRYPTO_EccScalar);
+ unsigned char fact[crypto_scalarmult_ed25519_SCALARBYTES];
+ memset (fact, 0, sizeof (fact));
+
+ if (val < 0)
+ {
+ for (int i = 0; i < -val; i++)
+ sodium_increment (fact, sizeof (fact));
+ crypto_core_ed25519_scalar_negate (ret->v, fact);
+ }
+ else
+ {
+ for (int i = 0; i < val; i++)
+ sodium_increment (fact, sizeof (fact));
+ crypto_scalarmult_ed25519_base_noclamp (ret->v, fact);
+ }
+ return ret;
}
diff --git a/src/util/test_crypto_ecc_dlog.c b/src/util/test_crypto_ecc_dlog.c
index a2c02a94e..2b0c7433c 100644
--- a/src/util/test_crypto_ecc_dlog.c
+++ b/src/util/test_crypto_ecc_dlog.c
@@ -44,7 +44,7 @@
/**
* Maximum memory to use, sqrt(MAX_FACT) is a good choice.
*/
-#define MAX_MEM 10
+#define MAX_MEM 100
/**
* How many values do we test?
@@ -65,38 +65,38 @@
static void
test_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc)
{
- gcry_mpi_t fact;
- gcry_mpi_t n;
- gcry_ctx_t ctx;
- gcry_mpi_point_t q;
- gcry_mpi_point_t g;
+ struct GNUNET_CRYPTO_EccScalar* fact;
+ struct GNUNET_CRYPTO_EccScalar* n;
+ struct GNUNET_CRYPTO_EccPoint* q;
unsigned int i;
int x;
int iret;
- GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
- g = gcry_mpi_ec_get_point ("g", ctx, 0);
- GNUNET_assert (NULL != g);
- n = gcry_mpi_ec_get_mpi ("n", ctx, 0);
- q = gcry_mpi_point_new (0);
- fact = gcry_mpi_new (0);
for (i = 0; i < TEST_ITER; i++)
{
fprintf (stderr, ".");
x = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
MAX_FACT);
+ n = GNUNET_new (struct GNUNET_CRYPTO_EccScalar);
+ for (i = 0; i < x; i++)
+ sodium_increment (n->v, sizeof (n->v));
+ //memcpy (n->v, &x, sizeof (x));
if (0 == GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
2))
{
- gcry_mpi_set_ui (fact, x);
- gcry_mpi_sub (fact, n, fact);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Trying negative %d\n", -x);
+ fact = GNUNET_new (struct GNUNET_CRYPTO_EccScalar);
+ crypto_core_ed25519_scalar_negate (fact->v, n->v);
x = -x;
+ GNUNET_free (n);
}
else
{
- gcry_mpi_set_ui (fact, x);
+ fact = n;
}
- gcry_mpi_ec_mul (q, fact, g, ctx);
+ q = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+ crypto_scalarmult_ed25519_base_noclamp (q->v, fact->v);
if (x !=
(iret = GNUNET_CRYPTO_ecc_dlog (edc,
q)))
@@ -108,11 +108,8 @@ test_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc)
GNUNET_assert (0);
}
}
- gcry_mpi_release (fact);
- gcry_mpi_release (n);
- gcry_mpi_point_release (g);
- gcry_mpi_point_release (q);
- gcry_ctx_release (ctx);
+ GNUNET_free (fact);
+ GNUNET_free (q);
fprintf (stderr, "\n");
}
@@ -127,13 +124,13 @@ test_math (struct GNUNET_CRYPTO_EccDlogContext *edc)
{
int i;
int j;
- gcry_mpi_point_t ip;
- gcry_mpi_point_t jp;
- gcry_mpi_point_t r;
- gcry_mpi_point_t ir;
- gcry_mpi_point_t irj;
- gcry_mpi_point_t r_inv;
- gcry_mpi_point_t sum;
+ struct GNUNET_CRYPTO_EccPoint* ip;
+ struct GNUNET_CRYPTO_EccPoint* jp;
+ struct GNUNET_CRYPTO_EccPoint* r;
+ struct GNUNET_CRYPTO_EccPoint* ir;
+ struct GNUNET_CRYPTO_EccPoint* irj;
+ struct GNUNET_CRYPTO_EccPoint* r_inv;
+ struct GNUNET_CRYPTO_EccPoint* sum;
for (i = -MATH_MAX; i < MATH_MAX; i++)
{
@@ -141,6 +138,8 @@ test_math (struct GNUNET_CRYPTO_EccDlogContext *edc)
for (j = -MATH_MAX; j < MATH_MAX; j++)
{
fprintf (stderr, ".");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "%d + %d\n", i, j);
jp = GNUNET_CRYPTO_ecc_dexp (edc, j);
GNUNET_CRYPTO_ecc_rnd (edc,
&r,
@@ -148,9 +147,13 @@ test_math (struct GNUNET_CRYPTO_EccDlogContext *edc)
ir = GNUNET_CRYPTO_ecc_add (edc, ip, r);
irj = GNUNET_CRYPTO_ecc_add (edc, ir, jp);
sum = GNUNET_CRYPTO_ecc_add (edc, irj, r_inv);
- GNUNET_assert (i + j ==
- GNUNET_CRYPTO_ecc_dlog (edc,
- sum));
+ int res = GNUNET_CRYPTO_ecc_dlog (edc, sum);
+ if (i + j != res)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Got %d, expected %d\n", res, i+j);
+ GNUNET_assert (0);
+ }
GNUNET_CRYPTO_ecc_free (jp);
GNUNET_CRYPTO_ecc_free (ir);
GNUNET_CRYPTO_ecc_free (irj);