summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-04-18 18:34:48 +0200
committerChristian Grothoff <christian@grothoff.org>2021-04-18 18:34:48 +0200
commitb3975349cff5bf414f76fdb91223958acf37e179 (patch)
tree8410a445eb0a865080e1bf97ac143469671cb76a
parenteb3eb0149dcbd7dbf17e57d93ac21d1424c7afda (diff)
-SCALARPRODUCT: tests pass, migration complete
-rw-r--r--src/include/gnunet_crypto_lib.h6
-rw-r--r--src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c22
-rw-r--r--src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c7
-rw-r--r--src/scalarproduct/scalarproduct_api.c50
-rw-r--r--src/scalarproduct/test_ecc_scalarproduct.c115
-rwxr-xr-xsrc/scalarproduct/test_scalarproduct_negative.sh3
-rw-r--r--src/util/crypto_ecc_dlog.c23
7 files changed, 112 insertions, 114 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 7920dd54e..54c4d6ffc 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1551,14 +1551,14 @@ GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccPoint *r,
/**
* Obtain a random scalar for point multiplication on the curve and
- * its multiplicative inverse.
+ * its additive inverse.
*
* @param[out] r set to a random scalar on the curve
- * @param[out] r_inv set to the multiplicative inverse of @a
+ * @param[out] r_neg set to the negation of @a
*/
void
GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccScalar *r,
- struct GNUNET_CRYPTO_EccScalar *r_inv);
+ struct GNUNET_CRYPTO_EccScalar *r_neg);
/**
diff --git a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
index b5c49e85d..e33d589be 100644
--- a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
+++ b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
@@ -337,8 +337,6 @@ transmit_client_response (struct AliceServiceSession *s)
range = -1;
gcry_mpi_set_ui (value,
-s->product);
- gcry_mpi_neg (value,
- value);
}
else if (0 < s->product)
{
@@ -595,25 +593,25 @@ send_alices_cryptodata_message (struct AliceServiceSession *s)
GNUNET_CRYPTO_ecc_dexp_mpi (&r_i,
&g_i));
/* r_ia = r_i * a */
- crypto_core_ed25519_scalar_mul (&r_ia.v[0],
- &r_i.v[0],
- &my_privkey.v[0]);
+ crypto_core_ed25519_scalar_mul (r_ia.v,
+ r_i.v,
+ my_privkey.v);
/* r_ia_ai = r_ia + a_i */
{
int64_t val = s->sorted_elements[i].value;
struct GNUNET_CRYPTO_EccScalar vali;
+ GNUNET_assert (INT64_MIN != val);
GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
&vali);
- r_ia_ai = r_ia;
if (val > 0)
- sodium_add (r_ia_ai.v,
- vali.v,
- sizeof (vali.v));
+ crypto_core_ed25519_scalar_add (r_ia_ai.v,
+ r_ia.v,
+ vali.v);
else
- sodium_sub (r_ia_ai.v,
- vali.v,
- sizeof (vali.v));
+ crypto_core_ed25519_scalar_sub (r_ia_ai.v,
+ r_ia.v,
+ vali.v);
}
/* h_i = g^{r_ia_ai} */
GNUNET_assert (GNUNET_OK ==
diff --git a/src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c b/src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
index 0216aa86d..02a62c164 100644
--- a/src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
+++ b/src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
@@ -496,17 +496,20 @@ handle_alices_cryptodata_message (void *cls,
int64_t val = s->sorted_elements[i + s->cadet_received_element_count].value;
struct GNUNET_CRYPTO_EccScalar vali;
+ GNUNET_assert (INT64_MIN != val);
GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
&vali);
if (val < 0)
- crypto_core_ed25519_scalar_negate (&vali.v[0],
- &vali.v[0]);
+ crypto_core_ed25519_scalar_negate (vali.v,
+ vali.v);
g_i = &payload[i * 2];
+ /* g_i_b_i = g_i^vali */
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecc_pmul_mpi (g_i,
&vali,
&g_i_b_i));
h_i = &payload[i * 2 + 1];
+ /* h_i_b_i = h_i^vali */
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecc_pmul_mpi (h_i,
&vali,
diff --git a/src/scalarproduct/scalarproduct_api.c b/src/scalarproduct/scalarproduct_api.c
index b2a90c222..4ac39614a 100644
--- a/src/scalarproduct/scalarproduct_api.c
+++ b/src/scalarproduct/scalarproduct_api.c
@@ -42,14 +42,10 @@
* @param status processing status code
*/
typedef void
-(*GNUNET_SCALARPRODUCT_ResponseMessageHandler) (struct
- GNUNET_SCALARPRODUCT_ComputationHandle
- *h,
- const struct
- ClientResponseMessage *msg,
- enum
- GNUNET_SCALARPRODUCT_ResponseStatus
- status);
+(*GNUNET_SCALARPRODUCT_ResponseMessageHandler) (
+ struct GNUNET_SCALARPRODUCT_ComputationHandle *h,
+ const struct ClientResponseMessage *msg,
+ enum GNUNET_SCALARPRODUCT_ResponseStatus status);
/**
@@ -172,13 +168,12 @@ check_unique (const struct GNUNET_SCALARPRODUCT_Element *elements,
uint32_t element_count)
{
struct GNUNET_CONTAINER_MultiHashMap *map;
- uint32_t i;
int ok;
ok = GNUNET_OK;
map = GNUNET_CONTAINER_multihashmap_create (2 * element_count,
GNUNET_YES);
- for (i = 0; i < element_count; i++)
+ for (uint32_t i = 0; i < element_count; i++)
if (GNUNET_OK !=
GNUNET_CONTAINER_multihashmap_put (map,
&elements[i].key,
@@ -227,16 +222,13 @@ mq_error_handler (void *cls,
* @return a new handle for this computation
*/
struct GNUNET_SCALARPRODUCT_ComputationHandle *
-GNUNET_SCALARPRODUCT_accept_computation (const struct
- GNUNET_CONFIGURATION_Handle *cfg,
- const struct
- GNUNET_HashCode *session_key,
- const struct
- GNUNET_SCALARPRODUCT_Element *elements,
- uint32_t element_count,
- GNUNET_SCALARPRODUCT_ContinuationWithStatus
- cont,
- void *cont_cls)
+GNUNET_SCALARPRODUCT_accept_computation (
+ const struct GNUNET_CONFIGURATION_Handle *cfg,
+ const struct GNUNET_HashCode *session_key,
+ const struct GNUNET_SCALARPRODUCT_Element *elements,
+ uint32_t element_count,
+ GNUNET_SCALARPRODUCT_ContinuationWithStatus cont,
+ void *cont_cls)
{
struct GNUNET_SCALARPRODUCT_ComputationHandle *h
= GNUNET_new (struct GNUNET_SCALARPRODUCT_ComputationHandle);
@@ -389,16 +381,14 @@ process_result_message (struct GNUNET_SCALARPRODUCT_ComputationHandle *h,
* @return a new handle for this computation
*/
struct GNUNET_SCALARPRODUCT_ComputationHandle *
-GNUNET_SCALARPRODUCT_start_computation (const struct
- GNUNET_CONFIGURATION_Handle *cfg,
- const struct
- GNUNET_HashCode *session_key,
- const struct GNUNET_PeerIdentity *peer,
- const struct
- GNUNET_SCALARPRODUCT_Element *elements,
- uint32_t element_count,
- GNUNET_SCALARPRODUCT_DatumProcessor cont,
- void *cont_cls)
+GNUNET_SCALARPRODUCT_start_computation (
+ const struct GNUNET_CONFIGURATION_Handle *cfg,
+ const struct GNUNET_HashCode *session_key,
+ const struct GNUNET_PeerIdentity *peer,
+ const struct GNUNET_SCALARPRODUCT_Element *elements,
+ uint32_t element_count,
+ GNUNET_SCALARPRODUCT_DatumProcessor cont,
+ void *cont_cls)
{
struct GNUNET_SCALARPRODUCT_ComputationHandle *h
= GNUNET_new (struct GNUNET_SCALARPRODUCT_ComputationHandle);
diff --git a/src/scalarproduct/test_ecc_scalarproduct.c b/src/scalarproduct/test_ecc_scalarproduct.c
index 8d3d716fb..85460cb05 100644
--- a/src/scalarproduct/test_ecc_scalarproduct.c
+++ b/src/scalarproduct/test_ecc_scalarproduct.c
@@ -46,16 +46,11 @@ test_sp (const unsigned int *avec,
{
unsigned int len;
struct GNUNET_CRYPTO_EccScalar a;
- struct GNUNET_CRYPTO_EccScalar a_inv;
- struct GNUNET_CRYPTO_EccScalar ri;
- struct GNUNET_CRYPTO_EccScalar ria;
- struct GNUNET_CRYPTO_EccScalar tmp;
+ struct GNUNET_CRYPTO_EccScalar a_neg;
struct GNUNET_CRYPTO_EccPoint *g;
struct GNUNET_CRYPTO_EccPoint *h;
struct GNUNET_CRYPTO_EccPoint pg;
struct GNUNET_CRYPTO_EccPoint ph;
- struct GNUNET_CRYPTO_EccPoint pgi;
- struct GNUNET_CRYPTO_EccPoint gsp;
/* determine length */
for (len = 0; 0 != avec[len]; len++)
@@ -65,115 +60,115 @@ test_sp (const unsigned int *avec,
/* Alice */
GNUNET_CRYPTO_ecc_rnd_mpi (&a,
- &a_inv);
+ &a_neg);
g = GNUNET_new_array (len,
struct GNUNET_CRYPTO_EccPoint);
h = GNUNET_new_array (len,
struct GNUNET_CRYPTO_EccPoint);
for (unsigned int i = 0; i < len; i++)
{
+ struct GNUNET_CRYPTO_EccScalar tmp;
+ struct GNUNET_CRYPTO_EccScalar ri;
+ struct GNUNET_CRYPTO_EccScalar ria;
+
GNUNET_CRYPTO_ecc_random_mod_n (&ri);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecc_dexp_mpi (&ri,
&g[i]));
- /* ria = ri * a */
- crypto_core_ed25519_scalar_mul (&ria.v[0],
- &ri.v[0],
- &a.v[0]);
+ /* ria = ri * a mod L, where L is the order of the main subgroup */
+ crypto_core_ed25519_scalar_mul (ria.v,
+ ri.v,
+ a.v);
/* tmp = ria + avec[i] */
{
int64_t val = avec[i];
struct GNUNET_CRYPTO_EccScalar vali;
+ GNUNET_assert (INT64_MIN != val);
GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
&vali);
- tmp = ria;
if (val > 0)
- sodium_add (tmp.v,
- vali.v,
- sizeof (vali.v));
+ crypto_core_ed25519_scalar_add (tmp.v,
+ ria.v,
+ vali.v);
else
- sodium_sub (tmp.v,
- vali.v,
- sizeof (vali.v));
+ crypto_core_ed25519_scalar_sub (tmp.v,
+ ria.v,
+ vali.v);
}
+ /* h[i] = g^tmp = g^{ria + avec[i]} */
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecc_dexp_mpi (&tmp,
&h[i]));
}
/* Bob */
- {
- int64_t val = bvec[0];
- struct GNUNET_CRYPTO_EccScalar vali;
-
- GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
- &vali);
- if (val < 0)
- crypto_core_ed25519_scalar_negate (&vali.v[0],
- &vali.v[0]);
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_ecc_pmul_mpi (&g[0],
- &vali,
- &pg));
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_ecc_pmul_mpi (&h[0],
- &vali,
- &ph));
- }
for (unsigned int i = 0; i < len; i++)
{
- struct GNUNET_CRYPTO_EccPoint m;
+ struct GNUNET_CRYPTO_EccPoint gm;
+ struct GNUNET_CRYPTO_EccPoint hm;
{
int64_t val = bvec[i];
struct GNUNET_CRYPTO_EccScalar vali;
+ GNUNET_assert (INT64_MIN != val);
GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
&vali);
if (val < 0)
- crypto_core_ed25519_scalar_negate (&vali.v[0],
- &vali.v[0]);
+ crypto_core_ed25519_scalar_negate (vali.v,
+ vali.v);
+ /* gm = g[i]^vali */
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecc_pmul_mpi (&g[i],
&vali,
- &m));
+ &gm));
+ /* hm = h[i]^vali */
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecc_pmul_mpi (&h[i],
&vali,
- &m));
+ &hm));
}
-
if (0 != i)
{
- struct GNUNET_CRYPTO_EccPoint tmp;
-
+ /* pg += gm */
GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_ecc_add (&m,
+ GNUNET_CRYPTO_ecc_add (&gm,
&pg,
- &tmp));
- pg = tmp;
+ &pg));
+ /* ph += hm */
GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_ecc_add (&m,
+ GNUNET_CRYPTO_ecc_add (&hm,
&ph,
- &tmp));
- ph = tmp;
+ &ph));
+ }
+ else
+ {
+ pg = gm;
+ ph = hm;
}
}
GNUNET_free (g);
GNUNET_free (h);
/* Alice */
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_ecc_pmul_mpi (&pg,
- &a_inv,
- &pgi));
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_ecc_add (&pgi,
- &ph,
- &gsp));
- return GNUNET_CRYPTO_ecc_dlog (edc,
- &gsp);
+ {
+ struct GNUNET_CRYPTO_EccPoint pgi;
+ struct GNUNET_CRYPTO_EccPoint gsp;
+
+ /* pgi = pg^inv */
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_pmul_mpi (&pg,
+ &a_neg,
+ &pgi));
+ /* gsp = pgi + ph */
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_add (&pgi,
+ &ph,
+ &gsp));
+ return GNUNET_CRYPTO_ecc_dlog (edc,
+ &gsp);
+ }
}
diff --git a/src/scalarproduct/test_scalarproduct_negative.sh b/src/scalarproduct/test_scalarproduct_negative.sh
index b08e4527f..459406836 100755
--- a/src/scalarproduct/test_scalarproduct_negative.sh
+++ b/src/scalarproduct/test_scalarproduct_negative.sh
@@ -5,6 +5,9 @@ INPUTALICE="-k CCC -e 'AB,10;RO,-3;FL,-3;LOL,1;'"
INPUTBOB="-k CCC -e 'BC,-20000;RO,1000;FL,100;LOL,24;'"
# necessary to make the testing prefix deterministic, so we can access the config files
+unset XDG_DATA_HOME
+unset XDG_CONFIG_HOME
+
PREFIX=/tmp/test-scalarproduct`date +%H%M%S`
# where can we find the peers config files?
diff --git a/src/util/crypto_ecc_dlog.c b/src/util/crypto_ecc_dlog.c
index e084b33c7..916acd9dd 100644
--- a/src/util/crypto_ecc_dlog.c
+++ b/src/util/crypto_ecc_dlog.c
@@ -236,10 +236,12 @@ GNUNET_CRYPTO_ecc_add (const struct GNUNET_CRYPTO_EccPoint *a,
const struct GNUNET_CRYPTO_EccPoint *b,
struct GNUNET_CRYPTO_EccPoint *r)
{
- crypto_core_ed25519_add (r->v,
- a->v,
- b->v);
- return GNUNET_OK;
+ if (0 ==
+ crypto_core_ed25519_add (r->v,
+ a->v,
+ b->v))
+ return GNUNET_OK;
+ return GNUNET_SYSERR;
}
@@ -281,10 +283,10 @@ GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccPoint *r,
void
GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccScalar *r,
- struct GNUNET_CRYPTO_EccScalar *r_inv)
+ struct GNUNET_CRYPTO_EccScalar *r_neg)
{
GNUNET_CRYPTO_ecc_random_mod_n (r);
- crypto_core_ed25519_scalar_invert (r_inv->v,
+ crypto_core_ed25519_scalar_negate (r_neg->v,
r->v);
}
@@ -299,7 +301,10 @@ GNUNET_CRYPTO_ecc_scalar_from_int (int64_t val,
GNUNET_assert (sizeof (*r) == sizeof (fact));
if (val < 0)
{
- valBe = GNUNET_htonll ((uint64_t) (-val));
+ if (INT64_MIN == val)
+ valBe = GNUNET_htonll ((uint64_t) INT64_MAX);
+ else
+ valBe = GNUNET_htonll ((uint64_t) (-val));
}
else
{
@@ -312,6 +317,10 @@ GNUNET_CRYPTO_ecc_scalar_from_int (int64_t val,
fact[i] = ((unsigned char*) &valBe)[sizeof (val) - 1 - i];
if (val < 0)
{
+ if (INT64_MIN == val)
+ /* See above: fact is one too small, increment now that we can */
+ sodium_increment (fact,
+ sizeof (fact));
crypto_core_ed25519_scalar_negate (r->v,
fact);
}