diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-04-18 21:11:08 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-04-18 21:11:08 +0200 |
commit | 75cfa6370bc902765c26b50bb858c9a5bc1e8e48 (patch) | |
tree | fdadaf6e2736ad79c9f79576bf9a056ea9d0a6f5 /src/scalarproduct/test_ecc_scalarproduct.c | |
parent | 5ec7af75ea9f8ed86cf28a8efed9a917345d1681 (diff) | |
download | gnunet-75cfa6370bc902765c26b50bb858c9a5bc1e8e48.tar.gz gnunet-75cfa6370bc902765c26b50bb858c9a5bc1e8e48.zip |
SCALARPRODUCT: migrating logic from libgcrypt to libsodium (#6818).
Diffstat (limited to 'src/scalarproduct/test_ecc_scalarproduct.c')
-rw-r--r-- | src/scalarproduct/test_ecc_scalarproduct.c | 211 |
1 files changed, 123 insertions, 88 deletions
diff --git a/src/scalarproduct/test_ecc_scalarproduct.c b/src/scalarproduct/test_ecc_scalarproduct.c index eced3ef6a..85460cb05 100644 --- a/src/scalarproduct/test_ecc_scalarproduct.c +++ b/src/scalarproduct/test_ecc_scalarproduct.c | |||
@@ -45,20 +45,12 @@ test_sp (const unsigned int *avec, | |||
45 | const unsigned int *bvec) | 45 | const unsigned int *bvec) |
46 | { | 46 | { |
47 | unsigned int len; | 47 | unsigned int len; |
48 | unsigned int i; | 48 | struct GNUNET_CRYPTO_EccScalar a; |
49 | gcry_mpi_t a; | 49 | struct GNUNET_CRYPTO_EccScalar a_neg; |
50 | gcry_mpi_t a_inv; | 50 | struct GNUNET_CRYPTO_EccPoint *g; |
51 | gcry_mpi_t ri; | 51 | struct GNUNET_CRYPTO_EccPoint *h; |
52 | gcry_mpi_t val; | 52 | struct GNUNET_CRYPTO_EccPoint pg; |
53 | gcry_mpi_t ria; | 53 | struct GNUNET_CRYPTO_EccPoint ph; |
54 | gcry_mpi_t tmp; | ||
55 | gcry_mpi_point_t *g; | ||
56 | gcry_mpi_point_t *h; | ||
57 | gcry_mpi_point_t pg; | ||
58 | gcry_mpi_point_t ph; | ||
59 | gcry_mpi_point_t pgi; | ||
60 | gcry_mpi_point_t gsp; | ||
61 | int sp; | ||
62 | 54 | ||
63 | /* determine length */ | 55 | /* determine length */ |
64 | for (len = 0; 0 != avec[len]; len++) | 56 | for (len = 0; 0 != avec[len]; len++) |
@@ -67,90 +59,133 @@ test_sp (const unsigned int *avec, | |||
67 | return 0; | 59 | return 0; |
68 | 60 | ||
69 | /* Alice */ | 61 | /* Alice */ |
70 | GNUNET_CRYPTO_ecc_rnd_mpi (edc, | 62 | GNUNET_CRYPTO_ecc_rnd_mpi (&a, |
71 | &a, &a_inv); | 63 | &a_neg); |
72 | g = GNUNET_new_array (len, | 64 | g = GNUNET_new_array (len, |
73 | gcry_mpi_point_t); | 65 | struct GNUNET_CRYPTO_EccPoint); |
74 | h = GNUNET_new_array (len, | 66 | h = GNUNET_new_array (len, |
75 | gcry_mpi_point_t); | 67 | struct GNUNET_CRYPTO_EccPoint); |
76 | ria = gcry_mpi_new (0); | 68 | for (unsigned int i = 0; i < len; i++) |
77 | tmp = gcry_mpi_new (0); | ||
78 | for (i = 0; i < len; i++) | ||
79 | { | 69 | { |
80 | ri = GNUNET_CRYPTO_ecc_random_mod_n (edc); | 70 | struct GNUNET_CRYPTO_EccScalar tmp; |
81 | g[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc, | 71 | struct GNUNET_CRYPTO_EccScalar ri; |
82 | ri); | 72 | struct GNUNET_CRYPTO_EccScalar ria; |
83 | /* ria = ri * a */ | 73 | |
84 | gcry_mpi_mul (ria, | 74 | GNUNET_CRYPTO_ecc_random_mod_n (&ri); |
85 | ri, | 75 | GNUNET_assert (GNUNET_OK == |
86 | a); | 76 | GNUNET_CRYPTO_ecc_dexp_mpi (&ri, |
77 | &g[i])); | ||
78 | /* ria = ri * a mod L, where L is the order of the main subgroup */ | ||
79 | crypto_core_ed25519_scalar_mul (ria.v, | ||
80 | ri.v, | ||
81 | a.v); | ||
87 | /* tmp = ria + avec[i] */ | 82 | /* tmp = ria + avec[i] */ |
88 | gcry_mpi_add_ui (tmp, | 83 | { |
89 | ria, | 84 | int64_t val = avec[i]; |
90 | avec[i]); | 85 | struct GNUNET_CRYPTO_EccScalar vali; |
91 | h[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc, | 86 | |
92 | tmp); | 87 | GNUNET_assert (INT64_MIN != val); |
88 | GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val, | ||
89 | &vali); | ||
90 | if (val > 0) | ||
91 | crypto_core_ed25519_scalar_add (tmp.v, | ||
92 | ria.v, | ||
93 | vali.v); | ||
94 | else | ||
95 | crypto_core_ed25519_scalar_sub (tmp.v, | ||
96 | ria.v, | ||
97 | vali.v); | ||
98 | } | ||
99 | /* h[i] = g^tmp = g^{ria + avec[i]} */ | ||
100 | GNUNET_assert (GNUNET_OK == | ||
101 | GNUNET_CRYPTO_ecc_dexp_mpi (&tmp, | ||
102 | &h[i])); | ||
93 | } | 103 | } |
94 | gcry_mpi_release (ria); | ||
95 | gcry_mpi_release (tmp); | ||
96 | 104 | ||
97 | /* Bob */ | 105 | /* Bob */ |
98 | val = gcry_mpi_new (0); | 106 | for (unsigned int i = 0; i < len; i++) |
99 | gcry_mpi_set_ui (val, bvec[0]); | ||
100 | pg = GNUNET_CRYPTO_ecc_pmul_mpi (edc, | ||
101 | g[0], | ||
102 | val); | ||
103 | ph = GNUNET_CRYPTO_ecc_pmul_mpi (edc, | ||
104 | h[0], | ||
105 | val); | ||
106 | for (i = 1; i < len; i++) | ||
107 | { | 107 | { |
108 | gcry_mpi_point_t m; | 108 | struct GNUNET_CRYPTO_EccPoint gm; |
109 | gcry_mpi_point_t tmp; | 109 | struct GNUNET_CRYPTO_EccPoint hm; |
110 | 110 | ||
111 | gcry_mpi_set_ui (val, bvec[i]); | 111 | { |
112 | m = GNUNET_CRYPTO_ecc_pmul_mpi (edc, | 112 | int64_t val = bvec[i]; |
113 | g[i], | 113 | struct GNUNET_CRYPTO_EccScalar vali; |
114 | val); | 114 | |
115 | tmp = GNUNET_CRYPTO_ecc_add (edc, | 115 | GNUNET_assert (INT64_MIN != val); |
116 | m, | 116 | GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val, |
117 | pg); | 117 | &vali); |
118 | gcry_mpi_point_release (m); | 118 | if (val < 0) |
119 | gcry_mpi_point_release (pg); | 119 | crypto_core_ed25519_scalar_negate (vali.v, |
120 | gcry_mpi_point_release (g[i]); | 120 | vali.v); |
121 | pg = tmp; | 121 | /* gm = g[i]^vali */ |
122 | 122 | GNUNET_assert (GNUNET_OK == | |
123 | m = GNUNET_CRYPTO_ecc_pmul_mpi (edc, | 123 | GNUNET_CRYPTO_ecc_pmul_mpi (&g[i], |
124 | h[i], | 124 | &vali, |
125 | val); | 125 | &gm)); |
126 | tmp = GNUNET_CRYPTO_ecc_add (edc, | 126 | /* hm = h[i]^vali */ |
127 | m, | 127 | GNUNET_assert (GNUNET_OK == |
128 | ph); | 128 | GNUNET_CRYPTO_ecc_pmul_mpi (&h[i], |
129 | gcry_mpi_point_release (m); | 129 | &vali, |
130 | gcry_mpi_point_release (ph); | 130 | &hm)); |
131 | gcry_mpi_point_release (h[i]); | 131 | } |
132 | ph = tmp; | 132 | if (0 != i) |
133 | { | ||
134 | /* pg += gm */ | ||
135 | GNUNET_assert (GNUNET_OK == | ||
136 | GNUNET_CRYPTO_ecc_add (&gm, | ||
137 | &pg, | ||
138 | &pg)); | ||
139 | /* ph += hm */ | ||
140 | GNUNET_assert (GNUNET_OK == | ||
141 | GNUNET_CRYPTO_ecc_add (&hm, | ||
142 | &ph, | ||
143 | &ph)); | ||
144 | } | ||
145 | else | ||
146 | { | ||
147 | pg = gm; | ||
148 | ph = hm; | ||
149 | } | ||
133 | } | 150 | } |
134 | gcry_mpi_release (val); | ||
135 | GNUNET_free (g); | 151 | GNUNET_free (g); |
136 | GNUNET_free (h); | 152 | GNUNET_free (h); |
137 | 153 | ||
138 | /* Alice */ | 154 | /* Alice */ |
139 | pgi = GNUNET_CRYPTO_ecc_pmul_mpi (edc, | 155 | { |
140 | pg, | 156 | struct GNUNET_CRYPTO_EccPoint pgi; |
141 | a_inv); | 157 | struct GNUNET_CRYPTO_EccPoint gsp; |
142 | gsp = GNUNET_CRYPTO_ecc_add (edc, | 158 | |
143 | pgi, | 159 | /* pgi = pg^inv */ |
144 | ph); | 160 | GNUNET_assert (GNUNET_OK == |
145 | gcry_mpi_point_release (pgi); | 161 | GNUNET_CRYPTO_ecc_pmul_mpi (&pg, |
146 | gcry_mpi_point_release (ph); | 162 | &a_neg, |
147 | sp = GNUNET_CRYPTO_ecc_dlog (edc, | 163 | &pgi)); |
148 | gsp); | 164 | /* gsp = pgi + ph */ |
149 | gcry_mpi_point_release (gsp); | 165 | GNUNET_assert (GNUNET_OK == |
150 | return sp; | 166 | GNUNET_CRYPTO_ecc_add (&pgi, |
167 | &ph, | ||
168 | &gsp)); | ||
169 | return GNUNET_CRYPTO_ecc_dlog (edc, | ||
170 | &gsp); | ||
171 | } | ||
151 | } | 172 | } |
152 | 173 | ||
153 | 174 | ||
175 | /** | ||
176 | * Macro that checks that @a want is equal to @a have and | ||
177 | * if not returns with a failure code. | ||
178 | */ | ||
179 | #define CHECK(want,have) do { \ | ||
180 | if (want != have) { \ | ||
181 | GNUNET_break (0); \ | ||
182 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, \ | ||
183 | "Wanted %d, got %d\n", want, have); \ | ||
184 | GNUNET_CRYPTO_ecc_dlog_release (edc); \ | ||
185 | return 1; \ | ||
186 | } } while (0) | ||
187 | |||
188 | |||
154 | int | 189 | int |
155 | main (int argc, char *argv[]) | 190 | main (int argc, char *argv[]) |
156 | { | 191 | { |
@@ -163,12 +198,12 @@ main (int argc, char *argv[]) | |||
163 | "WARNING", | 198 | "WARNING", |
164 | NULL); | 199 | NULL); |
165 | edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128); | 200 | edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128); |
166 | GNUNET_assert (2 == test_sp (v11, v11)); | 201 | CHECK (2, test_sp (v11, v11)); |
167 | GNUNET_assert (4 == test_sp (v22, v11)); | 202 | CHECK (4, test_sp (v22, v11)); |
168 | GNUNET_assert (8 == test_sp (v35, v11)); | 203 | CHECK (8, test_sp (v35, v11)); |
169 | GNUNET_assert (26 == test_sp (v35, v24)); | 204 | CHECK (26, test_sp (v35, v24)); |
170 | GNUNET_assert (26 == test_sp (v24, v35)); | 205 | CHECK (26, test_sp (v24, v35)); |
171 | GNUNET_assert (16 == test_sp (v22, v35)); | 206 | CHECK (16, test_sp (v22, v35)); |
172 | GNUNET_CRYPTO_ecc_dlog_release (edc); | 207 | GNUNET_CRYPTO_ecc_dlog_release (edc); |
173 | return 0; | 208 | return 0; |
174 | } | 209 | } |