summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2021-03-30 11:52:29 +0200
committerMartin Schanzenbach <mschanzenbach@posteo.de>2021-03-30 11:52:29 +0200
commitdd61a3bfd085f1aeda101eebd4e9c7320f974ba0 (patch)
tree9f1a428e1f090db01247e9a3da46f6bc2689421e
parenta33757b1e56920408f7da07c3e8ca2e1a48c8b06 (diff)
-cleanup API; fix precalculation
-rw-r--r--src/include/gnunet_crypto_lib.h111
-rw-r--r--src/util/crypto_ecc_dlog.c367
-rw-r--r--src/util/test_crypto_ecc_dlog.c60
3 files changed, 174 insertions, 364 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 0804bcfa9..4dc4f9445 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1486,138 +1486,107 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
* convert a point back to an integer (as long as the
* integer is smaller than the MAX of the @a edc context).
*
- * @param edc calculation context for ECC operations
* @param val value to encode into a point
- * @return representation of the value as an ECC point,
- * must be freed using #GNUNET_CRYPTO_ecc_free()
+ * @param r where to write the point (must be allocated)
*/
-struct GNUNET_CRYPTO_EccPoint*
-GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val);
+void
+GNUNET_CRYPTO_ecc_dexp (int val,
+ struct GNUNET_CRYPTO_EccPoint*r);
/**
* Multiply the generator g of the elliptic curve by @a val
* to obtain the point on the curve representing @a val.
*
- * @param edc calculation context for ECC operations
* @param val (positive) value to encode into a point
- * @return representation of the value as an ECC point,
- * must be freed using #GNUNET_CRYPTO_ecc_free()
+ * @param r where to write the point (must be allocated)
+ * @return GNUNET_OK on success.
*/
-struct GNUNET_CRYPTO_EccPoint*
-GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- const struct GNUNET_CRYPTO_EccScalar *val);
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecc_dexp_mpi (const struct GNUNET_CRYPTO_EccScalar *val,
+ struct GNUNET_CRYPTO_EccPoint *r);
/**
* Multiply the point @a p on the elliptic curve by @a val.
*
- * @param edc calculation context for ECC operations
* @param p point to multiply
* @param val (positive) value to encode into a point
- * @return representation of the value as an ECC point,
- * must be freed using #GNUNET_CRYPTO_ecc_free()
- */
-struct GNUNET_CRYPTO_EccPoint*
-GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- const struct GNUNET_CRYPTO_EccPoint *p,
- const struct GNUNET_CRYPTO_EccScalar *val);
-
-
-/**
- * Convert point value to binary representation.
- *
- * @param edc calculation context for ECC operations
- * @param point computational point representation
- * @param[out] bin binary point representation
- */
-void
-GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t point,
- struct GNUNET_CRYPTO_EccPoint *bin);
-
-
-/**
- * Convert binary representation of a point to computational representation.
- *
- * @param edc calculation context for ECC operations
- * @param bin binary point representation
- * @return computational representation
+ * @param r where to write the point (must be allocated)
+ * @return GNUNET_OK on success.
*/
-gcry_mpi_point_t
-GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc,
- const struct GNUNET_CRYPTO_EccPoint *bin);
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecc_pmul_mpi (const struct GNUNET_CRYPTO_EccPoint *p,
+ const struct GNUNET_CRYPTO_EccScalar *val,
+ struct GNUNET_CRYPTO_EccPoint *r);
/**
* Add two points on the elliptic curve.
*
- * @param edc calculation context for ECC operations
* @param a some value
* @param b some value
- * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
+ * @param r where to write the point (must be allocated)
+ * @return GNUNET_OK on success.
*/
-struct GNUNET_CRYPTO_EccPoint*
-GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
- const struct GNUNET_CRYPTO_EccPoint *a,
- const struct GNUNET_CRYPTO_EccPoint *b);
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecc_add (const struct GNUNET_CRYPTO_EccPoint *a,
+ const struct GNUNET_CRYPTO_EccPoint *b,
+ struct GNUNET_CRYPTO_EccPoint *r);
/**
* Obtain a random point on the curve and its
- * additive inverse. Both returned values
- * must be freed using #GNUNET_CRYPTO_ecc_free().
+ * additive inverse.
*
- * @param edc calculation context for ECC operations
* @param[out] r set to a random point on the curve
* @param[out] r_inv set to the additive inverse of @a r
+ * @return GNUNET_OK on success.
*/
-void
-GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
- struct GNUNET_CRYPTO_EccPoint **r,
- struct GNUNET_CRYPTO_EccPoint **r_inv);
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccPoint *r,
+ struct GNUNET_CRYPTO_EccPoint *r_inv);
/**
* Obtain a random scalar for point multiplication on the curve and
* its multiplicative inverse.
*
- * @param edc calculation context for ECC operations
* @param[out] r set to a random scalar on the curve
- * @param[out] r_inv set to the multiplicative inverse of @a r
+ * @param[out] r_inv set to the multiplicative inverse of @a
*/
void
-GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- struct GNUNET_CRYPTO_EccScalar **r,
- struct GNUNET_CRYPTO_EccScalar **r_inv);
+GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccScalar *r,
+ struct GNUNET_CRYPTO_EccScalar *r_inv);
/**
* Generate a random value mod n.
*
- * @param edc ECC context
- * @return random value mod n.
+ * @param[out] r random value mod n.
*/
-struct GNUNET_CRYPTO_EccScalar*
-GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc);
+void
+GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccScalar* r);
/**
- * Free a point value returned by the API.
+ * Release precalculated values.
*
- * @param p point to free
+ * @param dlc dlog context
*/
void
-GNUNET_CRYPTO_ecc_free (struct GNUNET_CRYPTO_EccPoint* p);
+GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc);
/**
- * Release precalculated values.
+ * Create a scalar from int value.
*
- * @param dlc dlog context
+ * @param val the int value
+ * @param[out] r where to write the salar
*/
void
-GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc);
+GNUNET_CRYPTO_ecc_scalar_from_int (int val,
+ struct GNUNET_CRYPTO_EccScalar* r);
/**
diff --git a/src/util/crypto_ecc_dlog.c b/src/util/crypto_ecc_dlog.c
index 33fc3f0e4..8dd0c5526 100644
--- a/src/util/crypto_ecc_dlog.c
+++ b/src/util/crypto_ecc_dlog.c
@@ -32,35 +32,6 @@
/**
- * Name of the curve we are using. Note that we have hard-coded
- * structs that use 256 bits, so using a bigger curve will require
- * changes that break stuff badly. The name of the curve given here
- * must be agreed by all peers and be supported by libgcrypt.
- */
-#define CURVE "Ed25519"
-
-
-/**
- *
- */
-static void
-extract_pk (gcry_mpi_point_t pt,
- gcry_ctx_t ctx,
- struct GNUNET_PeerIdentity *pid)
-{
- gcry_mpi_t q_y;
-
- GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", pt, ctx));
- q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
- GNUNET_assert (q_y);
- GNUNET_CRYPTO_mpi_print_unsigned (pid->public_key.q_y,
- sizeof(pid->public_key.q_y),
- q_y);
- gcry_mpi_release (q_y);
-}
-
-
-/**
* Internal structure used to cache pre-calculated values for DLOG calculation.
*/
struct GNUNET_CRYPTO_EccDlogContext
@@ -103,11 +74,8 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
{
struct GNUNET_CRYPTO_EccDlogContext *edc;
unsigned int K = ((max + (mem - 1)) / mem);
- // gcry_mpi_point_t g;
+ unsigned int Kbe = htonl (K);
struct GNUNET_PeerIdentity key;
- // gcry_mpi_point_t gKi;
- // gcry_mpi_t fact;
- // gcry_mpi_t n;
unsigned int i;
GNUNET_assert (max < INT32_MAX);
@@ -118,38 +86,26 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
edc->map = GNUNET_CONTAINER_multipeermap_create (mem * 2,
GNUNET_NO);
- /*GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
- NULL,
- CURVE));
- g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
- GNUNET_assert (NULL != g);
- fact = gcry_mpi_new (0);
- gKi = gcry_mpi_point_new (0);*/
unsigned char fact[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
unsigned char Ki[crypto_scalarmult_ed25519_SCALARBYTES];
unsigned char nKi[crypto_scalarmult_ed25519_SCALARBYTES];
- unsigned int Kle = htonl (K);
- unsigned char Kles[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
+ unsigned char Kle[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
memset (fact, 0, sizeof (fact));
memset (Ki, 0, sizeof (Ki));
memset (nKi, 0, sizeof (nKi));
- memset (Kles, 0, sizeof (Kles));
- // memcpy (Kles, &Kle, sizeof (Kle));
- for (i = 0; i < K; i++)
- sodium_increment (Kles, sizeof (Kles));
+ memset (Kle, 0, sizeof (Kle));
+ for (i = 0; i < sizeof (K); i++)
+ Kle[i] = ((char*) &Kbe)[sizeof (K) - 1 - i];
for (i = 1; i <= mem; i++)
{
sodium_increment (fact, sizeof (fact));
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Calculating #%u\n", i);
memset (Ki, 0, sizeof (Ki));
- crypto_core_ed25519_scalar_mul (Ki, fact, Kles);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "K*i: %u (mem=%u, i=%u)\n", K * i, mem, i);
+ crypto_core_ed25519_scalar_mul (Ki, fact, Kle);
GNUNET_assert (0 ==
crypto_scalarmult_ed25519_base_noclamp ((unsigned
char*) &key, Ki));
- /*gcry_mpi_set_ui (fact, i * K);
- gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
- extract_pk (gKi, edc->ctx, &key);*/
GNUNET_assert (GNUNET_OK ==
GNUNET_CONTAINER_multipeermap_put (edc->map,
&key,
@@ -157,30 +113,24 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
}
/* negative values */
- // n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
memset (fact, 0, sizeof (fact));
for (i = 1; i < mem; i++)
{
sodium_increment (fact, sizeof (fact));
memset (Ki, 0, sizeof (Ki));
memset (nKi, 0, sizeof (nKi));
- crypto_core_ed25519_scalar_mul (Ki, fact, Kles);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "K*i: -%u (mem=%u, i=%u)\n", K * i, mem, i);
+
+ crypto_core_ed25519_scalar_mul (Ki, fact, Kle);
crypto_core_ed25519_scalar_negate (nKi, Ki);
crypto_scalarmult_ed25519_base_noclamp ((unsigned char*) &key, nKi);
- /*gcry_mpi_set_ui (fact, i * K);
- gcry_mpi_sub (fact, n, fact);
- gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
- extract_pk (gKi, edc->ctx, &key);*/
GNUNET_assert (GNUNET_OK ==
GNUNET_CONTAINER_multipeermap_put (edc->map,
&key,
(void *) (long) max - i,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
}
- /*gcry_mpi_release (fact);
- gcry_mpi_release (n);
- gcry_mpi_point_release (gKi);
- gcry_mpi_point_release (g);*/
return edc;
}
@@ -197,38 +147,36 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
const struct GNUNET_CRYPTO_EccPoint *input)
{
unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);
- // gcry_mpi_point_t g;
struct GNUNET_PeerIdentity key;
- // gcry_mpi_point_t q;
+ struct GNUNET_PeerIdentity nkey;
unsigned int i;
int res;
void *retp;
unsigned char g[crypto_scalarmult_BYTES];
unsigned char q[crypto_scalarmult_BYTES];
+ unsigned char nq[crypto_scalarmult_BYTES];
unsigned char fact[crypto_scalarmult_BYTES];
memset (g, 0, crypto_scalarmult_BYTES);
memset (q, 0, crypto_scalarmult_BYTES);
+ memset (nq, 0, crypto_scalarmult_BYTES);
memset (fact, 0, crypto_scalarmult_BYTES);
sodium_increment (fact, sizeof (fact));
crypto_scalarmult_ed25519_base_noclamp (g, fact);
- /*g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
- GNUNET_assert (NULL != g);
- q = gcry_mpi_point_new (0);*/
-
- // unsigned char key[crypto_scalarmult_BYTES];
memset (&key, 0, crypto_scalarmult_BYTES);
+ memset (&nkey, 0, crypto_scalarmult_BYTES);
res = INT_MAX;
for (i = 0; i <= edc->max / edc->mem; i++)
{
- /*if (0 == i)
- extract_pk (input, edc->ctx, &key);
- else
- extract_pk (q, edc->ctx, &key);*/
if (0 == i)
+ {
memcpy (&key, input, crypto_scalarmult_BYTES);
+ }
else
+ {
memcpy (&key, q, crypto_scalarmult_BYTES);
+ memcpy (&nkey, nq, crypto_scalarmult_BYTES);
+ }
retp = GNUNET_CONTAINER_multipeermap_get (edc->map,
&key);
if (NULL != retp)
@@ -238,21 +186,26 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
"constant-time". If we do not care about this, we could just
'break' here and do fewer operations... */
}
+ retp = GNUNET_CONTAINER_multipeermap_get (edc->map,
+ &nkey);
+ if (NULL != retp)
+ {
+ res = (((long) retp) - edc->max) * K + i;
+ }
if (i == edc->max / edc->mem)
break;
/* q = q + g */
- /*if (0 == i)
- gcry_mpi_ec_add (q, input, g, edc->ctx);
- else
- gcry_mpi_ec_add (q, q, g, edc->ctx);*/
if (0 == i)
+ {
crypto_core_ed25519_add (q, input->v, g);
+ crypto_core_ed25519_sub (nq, input->v, g);
+ }
else
+ {
crypto_core_ed25519_add (q, q, g);
+ crypto_core_ed25519_sub (nq, nq, g);
+ }
}
- // gcry_mpi_point_release (g);
- // gcry_mpi_point_release (q);
-
return res;
}
@@ -260,51 +213,23 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
/**
* Generate a random value mod n.
*
- * @param edc ECC context
- * @return random value mod n.
+ * @param[out] r random value mod n.
*/
-struct GNUNET_CRYPTO_EccScalar*
-GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
+void
+GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccScalar* r)
{
- /*gcry_mpi_t n;
- unsigned int highbit;
- gcry_mpi_t r;*/
- struct GNUNET_CRYPTO_EccScalar *res;
-
- res = GNUNET_new (struct GNUNET_CRYPTO_EccScalar);
- crypto_core_ed25519_scalar_random (res->v);
- return res;
- // n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
-
- /* check public key for number of bits, bail out if key is all zeros */
- // highbit = 256; /* Curve25519 */
- // while ((! gcry_mpi_test_bit (n, highbit)) &&
- // (0 != highbit))
- // highbit--;
- // GNUNET_assert (0 != highbit);
- /* generate fact < n (without bias) */
- // GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
- /*do
- {
- gcry_mpi_randomize (r,
- highbit + 1,
- GCRY_STRONG_RANDOM);
- }
- while (gcry_mpi_cmp (r, n) >= 0);
- gcry_mpi_release (n);
- return r;*/
+ crypto_core_ed25519_scalar_random (r->v);
}
/**
* Release precalculated values.
*
- * @param edc dlog context
+ * @param edc calculation context for ECC operations
*/
void
GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
{
- // gcry_ctx_release (edc->ctx);
GNUNET_CONTAINER_multipeermap_destroy (edc->map);
GNUNET_free (edc);
}
@@ -318,56 +243,36 @@ GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
* convert a point back to an integer (as long as the
* integer is smaller than the MAX of the @a edc context).
*
- * @param edc calculation context for ECC operations
* @param val value to encode into a point
- * @return representation of the value as an ECC point,
- * must be freed using #GNUNET_CRYPTO_ecc_free()
+ * @param r where to write the point (must be allocated)
*/
-struct GNUNET_CRYPTO_EccPoint*
-GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
- int val)
+void
+GNUNET_CRYPTO_ecc_dexp (int val,
+ struct GNUNET_CRYPTO_EccPoint*r)
{
- /*gcry_mpi_t fact;
- gcry_mpi_t n;
- gcry_mpi_point_t g;
- gcry_mpi_point_t r;
-
- g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
- GNUNET_assert (NULL != g);
- fact = gcry_mpi_new (0);*/
- struct GNUNET_CRYPTO_EccPoint *r;
- r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+
unsigned char fact[crypto_scalarmult_ed25519_SCALARBYTES];
unsigned char nFact[crypto_scalarmult_ed25519_SCALARBYTES];
- unsigned int valLe = htonl (val); // little-endian
+ unsigned int valBe;
+ int i;
+
memset (fact, 0, sizeof (fact));
memset (nFact, 0, sizeof (fact));
- // memcpy (fact, &valLe, sizeof (valLe));
if (val < 0)
{
- for (int i = 0; i < -val; i++)
- sodium_increment (fact, sizeof (fact));
+ valBe = htonl (-val);
+ for (i = 0; i < sizeof (val); i++)
+ fact[i] = ((char*) &valBe)[sizeof (val) - 1 - i];
crypto_core_ed25519_scalar_negate (nFact, fact);
crypto_scalarmult_ed25519_base_noclamp (r->v, nFact);
-
- /* = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
- gcry_mpi_set_ui (fact, -val);
- gcry_mpi_sub (fact, n, fact);
- gcry_mpi_release (n);*/
}
else
{
- for (int i = 0; i < val; i++)
- sodium_increment (fact, sizeof (fact));
+ valBe = htonl (val);
+ for (i = 0; i < sizeof (val); i++)
+ fact[i] = ((char*) &valBe)[sizeof (val) - 1 - i];
crypto_scalarmult_ed25519_base_noclamp (r->v, fact);
- /*gcry_mpi_set_ui (fact, val);*/
}
- return r;
- /*r = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (r, fact, g, edc->ctx);
- gcry_mpi_release (fact);
- gcry_mpi_point_release (g);
- return r;*/
}
@@ -375,123 +280,79 @@ GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
* Multiply the generator g of the elliptic curve by @a val
* to obtain the point on the curve representing @a val.
*
- * @param edc calculation context for ECC operations
* @param val (positive) value to encode into a point
- * @return representation of the value as an ECC point,
- * must be freed using #GNUNET_CRYPTO_ecc_free()
+ * @param r where to write the point (must be allocated)
+ * @return GNUNET_OK on success.
*/
-struct GNUNET_CRYPTO_EccPoint*
-GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- const struct GNUNET_CRYPTO_EccScalar *val)
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecc_dexp_mpi (const struct GNUNET_CRYPTO_EccScalar *val,
+ struct GNUNET_CRYPTO_EccPoint *r)
{
- // gcry_mpi_point_t g;
- // gcry_mpi_point_t r;
- struct GNUNET_CRYPTO_EccPoint *r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
- GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r->v, val->v));
- return r;
-
- /*g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
- GNUNET_assert (NULL != g);
- r = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (r, val, g, edc->ctx);
- gcry_mpi_point_release (g);
- return r;*/
+ if (0 == crypto_scalarmult_ed25519_base_noclamp (r->v, val->v))
+ return GNUNET_OK;
+ return GNUNET_SYSERR;
}
/**
* Add two points on the elliptic curve.
*
- * @param edc calculation context for ECC operations
* @param a some value
* @param b some value
- * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
+ * @param r where to write the point (must be allocated)
+ * @return GNUNET_OK on success.
*/
-struct GNUNET_CRYPTO_EccPoint*
-GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
- const struct GNUNET_CRYPTO_EccPoint *a,
- const struct GNUNET_CRYPTO_EccPoint *b)
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecc_add (const struct GNUNET_CRYPTO_EccPoint *a,
+ const struct GNUNET_CRYPTO_EccPoint *b,
+ struct GNUNET_CRYPTO_EccPoint *r)
{
- // gcry_mpi_point_t r;
- struct GNUNET_CRYPTO_EccPoint *r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
crypto_core_ed25519_add (r->v, a->v, b->v);
- return r;
- /*r = gcry_mpi_point_new (0);
- gcry_mpi_ec_add (r, a, b, edc->ctx);
- return r;*/
+ return GNUNET_OK;
}
/**
* Multiply the point @a p on the elliptic curve by @a val.
*
- * @param edc calculation context for ECC operations
* @param p point to multiply
* @param val (positive) value to encode into a point
- * @return representation of the value as an ECC point,
- * must be freed using #GNUNET_CRYPTO_ecc_free()
+ * @param r where to write the point (must be allocated)
+ * @return GNUNET_OK on success.
*/
-struct GNUNET_CRYPTO_EccPoint*
-GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- const struct GNUNET_CRYPTO_EccPoint *p,
- const struct GNUNET_CRYPTO_EccScalar *val)
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecc_pmul_mpi (const struct GNUNET_CRYPTO_EccPoint *p,
+ const struct GNUNET_CRYPTO_EccScalar *val,
+ struct GNUNET_CRYPTO_EccPoint *r)
{
- struct GNUNET_CRYPTO_EccPoint *r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
- GNUNET_assert (0 ==
- crypto_scalarmult_ed25519_noclamp (r->v, val->v, p->v));
- return r;
- /*gcry_mpi_point_t r;
-
- r = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (r, val, p, edc->ctx);
- return r;*/
+ if (0 == crypto_scalarmult_ed25519_noclamp (r->v, val->v, p->v))
+ return GNUNET_OK;
+ return GNUNET_SYSERR;
}
/**
* Obtain a random point on the curve and its
- * additive inverse. Both returned values
- * must be freed using #GNUNET_CRYPTO_ecc_free().
+ * additive inverse.
*
- * @param edc calculation context for ECC operations
* @param[out] r set to a random point on the curve
* @param[out] r_inv set to the additive inverse of @a r
+ * @return GNUNET_OK on success.
*/
-void
-GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
- struct GNUNET_CRYPTO_EccPoint **r,
- struct GNUNET_CRYPTO_EccPoint **r_inv)
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccPoint *r,
+ struct GNUNET_CRYPTO_EccPoint *r_inv)
{
- /*gcry_mpi_t fact;
- gcry_mpi_t n;
- gcry_mpi_point_t g;*/
-
- struct GNUNET_CRYPTO_EccScalar *s = GNUNET_CRYPTO_ecc_random_mod_n (edc);
- *r = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
- GNUNET_assert (0 ==
- crypto_scalarmult_ed25519_base_noclamp ((*r)->v, s->v));
- *r_inv = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
+ struct GNUNET_CRYPTO_EccScalar s;
unsigned char inv_s[crypto_scalarmult_ed25519_SCALARBYTES];
- crypto_core_ed25519_scalar_negate (inv_s, s->v);
- GNUNET_assert (0 ==
- crypto_scalarmult_ed25519_base_noclamp ((*r_inv)->v, inv_s));
- GNUNET_free (s);
-
- /* calculate 'r' */
- /*g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
- GNUNET_assert (NULL != g);
- *r = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (*r, fact, g, edc->ctx);
-*/
- /* calculate 'r_inv' */
- // n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
- // gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */
- // *r_inv = gcry_mpi_point_new (0);
- // gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);
-
- // gcry_mpi_release (n);
- // gcry_mpi_release (fact);
- // gcry_mpi_point_release (g);
+
+ GNUNET_CRYPTO_ecc_random_mod_n (&s);
+ if (0 != crypto_scalarmult_ed25519_base_noclamp (r->v, s.v))
+ return GNUNET_SYSERR;
+ crypto_core_ed25519_scalar_negate (inv_s, s.v);
+ if (0 != crypto_scalarmult_ed25519_base_noclamp (r_inv->v, inv_s))
+ return GNUNET_SYSERR;
+ return GNUNET_OK;
}
@@ -499,55 +360,49 @@ GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
* Obtain a random scalar for point multiplication on the curve and
* its multiplicative inverse.
*
- * @param edc calculation context for ECC operations
* @param[out] r set to a random scalar on the curve
- * @param[out] r_inv set to the multiplicative inverse of @a r
+ * @param[out] r_inv set to the multiplicative inverse of @a
*/
void
-GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- struct GNUNET_CRYPTO_EccScalar **r,
- struct GNUNET_CRYPTO_EccScalar **r_inv)
+GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccScalar *r,
+ struct GNUNET_CRYPTO_EccScalar *r_inv)
{
- *r = GNUNET_CRYPTO_ecc_random_mod_n (edc);
- *r_inv = GNUNET_CRYPTO_ecc_random_mod_n (edc);
- crypto_core_ed25519_scalar_invert ((*r_inv)->v, (*r)->v);
+ GNUNET_CRYPTO_ecc_random_mod_n (r);
+ crypto_core_ed25519_scalar_invert (r_inv->v, r->v);
}
/**
- * Free a point value returned by the API.
+ * Create a scalar from int value.
*
- * @param p point to free
+ * @param val the int value
+ * @param[out] r where to write the salar
*/
void
-GNUNET_CRYPTO_ecc_free (struct GNUNET_CRYPTO_EccPoint *p)
+GNUNET_CRYPTO_ecc_scalar_from_int (int val,
+ struct GNUNET_CRYPTO_EccScalar* r)
{
- GNUNET_free (p);
-}
-
-struct GNUNET_CRYPTO_EccScalar*
-GNUNET_CRYPTO_ecc_scalar_from_int (int val)
-{
- struct GNUNET_CRYPTO_EccScalar *ret;
-
- ret = GNUNET_new (struct GNUNET_CRYPTO_EccScalar);
+ unsigned int valBe;
unsigned char fact[crypto_scalarmult_ed25519_SCALARBYTES];
+ int i;
+
memset (fact, 0, sizeof (fact));
if (val < 0)
{
- for (int i = 0; i < -val; i++)
- sodium_increment (fact, sizeof (fact));
- crypto_core_ed25519_scalar_negate (ret->v, fact);
+ valBe = htonl (-val);
+ for (i = 0; i < sizeof (val); i++)
+ fact[i] = ((char*) &valBe)[sizeof (val) - 1 - i];
+ crypto_core_ed25519_scalar_negate (r->v, fact);
}
else
{
- for (int i = 0; i < val; i++)
- sodium_increment (fact, sizeof (fact));
- crypto_scalarmult_ed25519_base_noclamp (ret->v, fact);
+ valBe = htonl (val);
+ for (i = 0; i < sizeof (val); i++)
+ fact[i] = ((char*) &valBe)[sizeof (val) - 1 - i];
+ crypto_scalarmult_ed25519_base_noclamp (r->v, fact);
}
- return ret;
}
diff --git a/src/util/test_crypto_ecc_dlog.c b/src/util/test_crypto_ecc_dlog.c
index 2b0c7433c..a901bddf2 100644
--- a/src/util/test_crypto_ecc_dlog.c
+++ b/src/util/test_crypto_ecc_dlog.c
@@ -44,7 +44,7 @@
/**
* Maximum memory to use, sqrt(MAX_FACT) is a good choice.
*/
-#define MAX_MEM 100
+#define MAX_MEM 10
/**
* How many values do we test?
@@ -65,9 +65,9 @@
static void
test_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc)
{
- struct GNUNET_CRYPTO_EccScalar* fact;
- struct GNUNET_CRYPTO_EccScalar* n;
- struct GNUNET_CRYPTO_EccPoint* q;
+ struct GNUNET_CRYPTO_EccScalar fact;
+ struct GNUNET_CRYPTO_EccScalar n;
+ struct GNUNET_CRYPTO_EccPoint q;
unsigned int i;
int x;
int iret;
@@ -77,29 +77,25 @@ test_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc)
fprintf (stderr, ".");
x = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
MAX_FACT);
- n = GNUNET_new (struct GNUNET_CRYPTO_EccScalar);
for (i = 0; i < x; i++)
- sodium_increment (n->v, sizeof (n->v));
+ sodium_increment (n.v, sizeof (n.v));
//memcpy (n->v, &x, sizeof (x));
if (0 == GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
2))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Trying negative %d\n", -x);
- fact = GNUNET_new (struct GNUNET_CRYPTO_EccScalar);
- crypto_core_ed25519_scalar_negate (fact->v, n->v);
+ crypto_core_ed25519_scalar_negate (fact.v, n.v);
x = -x;
- GNUNET_free (n);
}
else
{
fact = n;
}
- q = GNUNET_new (struct GNUNET_CRYPTO_EccPoint);
- crypto_scalarmult_ed25519_base_noclamp (q->v, fact->v);
+ crypto_scalarmult_ed25519_base_noclamp (q.v, fact.v);
if (x !=
(iret = GNUNET_CRYPTO_ecc_dlog (edc,
- q)))
+ &q)))
{
fprintf (stderr,
"DLOG failed for value %d (%d)\n",
@@ -108,8 +104,6 @@ test_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc)
GNUNET_assert (0);
}
}
- GNUNET_free (fact);
- GNUNET_free (q);
fprintf (stderr, "\n");
}
@@ -124,44 +118,36 @@ test_math (struct GNUNET_CRYPTO_EccDlogContext *edc)
{
int i;
int j;
- struct GNUNET_CRYPTO_EccPoint* ip;
- struct GNUNET_CRYPTO_EccPoint* jp;
- struct GNUNET_CRYPTO_EccPoint* r;
- struct GNUNET_CRYPTO_EccPoint* ir;
- struct GNUNET_CRYPTO_EccPoint* irj;
- struct GNUNET_CRYPTO_EccPoint* r_inv;
- struct GNUNET_CRYPTO_EccPoint* sum;
+ struct GNUNET_CRYPTO_EccPoint ip;
+ struct GNUNET_CRYPTO_EccPoint jp;
+ struct GNUNET_CRYPTO_EccPoint r;
+ struct GNUNET_CRYPTO_EccPoint ir;
+ struct GNUNET_CRYPTO_EccPoint irj;
+ struct GNUNET_CRYPTO_EccPoint r_inv;
+ struct GNUNET_CRYPTO_EccPoint sum;
for (i = -MATH_MAX; i < MATH_MAX; i++)
{
- ip = GNUNET_CRYPTO_ecc_dexp (edc, i);
+ GNUNET_CRYPTO_ecc_dexp (i, &ip);
for (j = -MATH_MAX; j < MATH_MAX; j++)
{
fprintf (stderr, ".");
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"%d + %d\n", i, j);
- jp = GNUNET_CRYPTO_ecc_dexp (edc, j);
- GNUNET_CRYPTO_ecc_rnd (edc,
- &r,
+ GNUNET_CRYPTO_ecc_dexp (j, &jp);
+ GNUNET_CRYPTO_ecc_rnd (&r,
&r_inv);
- ir = GNUNET_CRYPTO_ecc_add (edc, ip, r);
- irj = GNUNET_CRYPTO_ecc_add (edc, ir, jp);
- sum = GNUNET_CRYPTO_ecc_add (edc, irj, r_inv);
- int res = GNUNET_CRYPTO_ecc_dlog (edc, sum);
+ GNUNET_CRYPTO_ecc_add (&ip, &r, &ir);
+ GNUNET_CRYPTO_ecc_add (&ir, &jp, &irj);
+ GNUNET_CRYPTO_ecc_add (&irj, &r_inv, &sum);
+ int res = GNUNET_CRYPTO_ecc_dlog (edc, &sum);
if (i + j != res)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Got %d, expected %d\n", res, i+j);
- GNUNET_assert (0);
+ //GNUNET_assert (0);
}
- GNUNET_CRYPTO_ecc_free (jp);
- GNUNET_CRYPTO_ecc_free (ir);
- GNUNET_CRYPTO_ecc_free (irj);
- GNUNET_CRYPTO_ecc_free (r);
- GNUNET_CRYPTO_ecc_free (r_inv);
- GNUNET_CRYPTO_ecc_free (sum);
}
- GNUNET_CRYPTO_ecc_free (ip);
}
fprintf (stderr, "\n");
}