aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_paillier.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2019-10-05 15:09:28 +0200
committerChristian Grothoff <christian@grothoff.org>2019-10-05 15:09:28 +0200
commitc4e9ba925ffd758aaa3feee2ccfc0b76f26fe207 (patch)
treecac3ce030d77b4cbe7c7dc62ed58cfe6d24f73e1 /src/util/crypto_paillier.c
parentfbb71d527c7d6babf269a8fefce1db291b9f7068 (diff)
downloadgnunet-c4e9ba925ffd758aaa3feee2ccfc0b76f26fe207.tar.gz
gnunet-c4e9ba925ffd758aaa3feee2ccfc0b76f26fe207.zip
global reindent, now with uncrustify hook enabled
Diffstat (limited to 'src/util/crypto_paillier.c')
-rw-r--r--src/util/crypto_paillier.c435
1 files changed, 226 insertions, 209 deletions
diff --git a/src/util/crypto_paillier.c b/src/util/crypto_paillier.c
index 27a9af5de..75d607706 100644
--- a/src/util/crypto_paillier.c
+++ b/src/util/crypto_paillier.c
@@ -36,8 +36,10 @@
36 * @param[out] private_key Where to store the private key? 36 * @param[out] private_key Where to store the private key?
37 */ 37 */
38void 38void
39GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 39GNUNET_CRYPTO_paillier_create (struct
40 struct GNUNET_CRYPTO_PaillierPrivateKey *private_key) 40 GNUNET_CRYPTO_PaillierPublicKey *public_key,
41 struct GNUNET_CRYPTO_PaillierPrivateKey *
42 private_key)
41{ 43{
42 gcry_mpi_t p; 44 gcry_mpi_t p;
43 gcry_mpi_t q; 45 gcry_mpi_t q;
@@ -50,55 +52,56 @@ GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key
50 p = NULL; 52 p = NULL;
51 q = NULL; 53 q = NULL;
52 do 54 do
53 { 55 {
54 if (NULL != p) 56 if (NULL != p)
55 gcry_mpi_release(p); 57 gcry_mpi_release (p);
56 if (NULL != q) 58 if (NULL != q)
57 gcry_mpi_release(q); 59 gcry_mpi_release (q);
58 GNUNET_assert(0 == 60 GNUNET_assert (0 ==
59 gcry_prime_generate(&p, 61 gcry_prime_generate (&p,
60 GNUNET_CRYPTO_PAILLIER_BITS / 2, 62 GNUNET_CRYPTO_PAILLIER_BITS / 2,
61 0, NULL, NULL, NULL, 63 0, NULL, NULL, NULL,
62 GCRY_STRONG_RANDOM, 0)); 64 GCRY_STRONG_RANDOM, 0));
63 GNUNET_assert(0 == 65 GNUNET_assert (0 ==
64 gcry_prime_generate(&q, 66 gcry_prime_generate (&q,
65 GNUNET_CRYPTO_PAILLIER_BITS / 2, 67 GNUNET_CRYPTO_PAILLIER_BITS / 2,
66 0, NULL, NULL, NULL, 68 0, NULL, NULL, NULL,
67 GCRY_STRONG_RANDOM, 0)); 69 GCRY_STRONG_RANDOM, 0));
68 } 70 }
69 while (0 == gcry_mpi_cmp(p, q)); 71 while (0 == gcry_mpi_cmp (p, q));
70 /* n = p * q */ 72 /* n = p * q */
71 GNUNET_assert(NULL != (n = gcry_mpi_new(0))); 73 GNUNET_assert (NULL != (n = gcry_mpi_new (0)));
72 gcry_mpi_mul(n, 74 gcry_mpi_mul (n,
73 p, 75 p,
74 q); 76 q);
75 GNUNET_CRYPTO_mpi_print_unsigned(public_key, 77 GNUNET_CRYPTO_mpi_print_unsigned (public_key,
76 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey), 78 sizeof(struct
77 n); 79 GNUNET_CRYPTO_PaillierPublicKey),
80 n);
78 81
79 /* compute phi(n) = (p-1)(q-1) */ 82 /* compute phi(n) = (p-1)(q-1) */
80 GNUNET_assert(NULL != (phi = gcry_mpi_new(0))); 83 GNUNET_assert (NULL != (phi = gcry_mpi_new (0)));
81 gcry_mpi_sub_ui(p, p, 1); 84 gcry_mpi_sub_ui (p, p, 1);
82 gcry_mpi_sub_ui(q, q, 1); 85 gcry_mpi_sub_ui (q, q, 1);
83 gcry_mpi_mul(phi, p, q); 86 gcry_mpi_mul (phi, p, q);
84 gcry_mpi_release(p); 87 gcry_mpi_release (p);
85 gcry_mpi_release(q); 88 gcry_mpi_release (q);
86 89
87 /* lambda equals phi(n) in the simplified key generation */ 90 /* lambda equals phi(n) in the simplified key generation */
88 GNUNET_CRYPTO_mpi_print_unsigned(private_key->lambda, 91 GNUNET_CRYPTO_mpi_print_unsigned (private_key->lambda,
89 GNUNET_CRYPTO_PAILLIER_BITS / 8, 92 GNUNET_CRYPTO_PAILLIER_BITS / 8,
90 phi); 93 phi);
91 /* mu = phi^{-1} mod n, as we use g = n + 1 */ 94 /* mu = phi^{-1} mod n, as we use g = n + 1 */
92 GNUNET_assert(NULL != (mu = gcry_mpi_new(0))); 95 GNUNET_assert (NULL != (mu = gcry_mpi_new (0)));
93 GNUNET_assert(0 != gcry_mpi_invm(mu, 96 GNUNET_assert (0 != gcry_mpi_invm (mu,
94 phi, 97 phi,
95 n)); 98 n));
96 gcry_mpi_release(phi); 99 gcry_mpi_release (phi);
97 gcry_mpi_release(n); 100 gcry_mpi_release (n);
98 GNUNET_CRYPTO_mpi_print_unsigned(private_key->mu, 101 GNUNET_CRYPTO_mpi_print_unsigned (private_key->mu,
99 GNUNET_CRYPTO_PAILLIER_BITS / 8, 102 GNUNET_CRYPTO_PAILLIER_BITS / 8,
100 mu); 103 mu);
101 gcry_mpi_release(mu); 104 gcry_mpi_release (mu);
102} 105}
103 106
104 107
@@ -114,10 +117,12 @@ GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key
114 * or -1 if less than one homomorphic operation is possible 117 * or -1 if less than one homomorphic operation is possible
115 */ 118 */
116int 119int
117GNUNET_CRYPTO_paillier_encrypt1(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 120GNUNET_CRYPTO_paillier_encrypt1 (const struct
118 const gcry_mpi_t m, 121 GNUNET_CRYPTO_PaillierPublicKey *public_key,
119 int desired_ops, 122 const gcry_mpi_t m,
120 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext) 123 int desired_ops,
124 struct GNUNET_CRYPTO_PaillierCiphertext *
125 ciphertext)
121{ 126{
122 int possible_opts; 127 int possible_opts;
123 gcry_mpi_t n_square; 128 gcry_mpi_t n_square;
@@ -130,70 +135,71 @@ GNUNET_CRYPTO_paillier_encrypt1(const struct GNUNET_CRYPTO_PaillierPublicKey *pu
130 135
131 /* determine how many operations we could allow, if the other number 136 /* determine how many operations we could allow, if the other number
132 has the same length. */ 137 has the same length. */
133 GNUNET_assert(NULL != (tmp1 = gcry_mpi_set_ui(NULL, 1))); 138 GNUNET_assert (NULL != (tmp1 = gcry_mpi_set_ui (NULL, 1)));
134 GNUNET_assert(NULL != (tmp2 = gcry_mpi_set_ui(NULL, 2))); 139 GNUNET_assert (NULL != (tmp2 = gcry_mpi_set_ui (NULL, 2)));
135 gcry_mpi_mul_2exp(tmp1, tmp1, GNUNET_CRYPTO_PAILLIER_BITS); 140 gcry_mpi_mul_2exp (tmp1, tmp1, GNUNET_CRYPTO_PAILLIER_BITS);
136 141
137 /* count number of possible operations 142 /* count number of possible operations
138 this would be nicer with gcry_mpi_get_nbits, however it does not return 143 this would be nicer with gcry_mpi_get_nbits, however it does not return
139 the BITLENGTH of the given MPI's value, but the bits required 144 the BITLENGTH of the given MPI's value, but the bits required
140 to represent the number as MPI. */ 145 to represent the number as MPI. */
141 for (possible_opts = -2; gcry_mpi_cmp(tmp1, m) > 0; possible_opts++) 146 for (possible_opts = -2; gcry_mpi_cmp (tmp1, m) > 0; possible_opts++)
142 gcry_mpi_div(tmp1, NULL, tmp1, tmp2, 0); 147 gcry_mpi_div (tmp1, NULL, tmp1, tmp2, 0);
143 gcry_mpi_release(tmp1); 148 gcry_mpi_release (tmp1);
144 gcry_mpi_release(tmp2); 149 gcry_mpi_release (tmp2);
145 150
146 if (possible_opts < 1) 151 if (possible_opts < 1)
147 possible_opts = 0; 152 possible_opts = 0;
148 /* soft-cap by caller */ 153 /* soft-cap by caller */
149 possible_opts = (desired_ops < possible_opts) ? desired_ops : possible_opts; 154 possible_opts = (desired_ops < possible_opts) ? desired_ops : possible_opts;
150 155
151 ciphertext->remaining_ops = htonl(possible_opts); 156 ciphertext->remaining_ops = htonl (possible_opts);
152 157
153 GNUNET_CRYPTO_mpi_scan_unsigned(&n, 158 GNUNET_CRYPTO_mpi_scan_unsigned (&n,
154 public_key, 159 public_key,
155 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); 160 sizeof(struct
161 GNUNET_CRYPTO_PaillierPublicKey));
156 highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1; 162 highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1;
157 while ((!gcry_mpi_test_bit(n, highbit)) && 163 while ((! gcry_mpi_test_bit (n, highbit)) &&
158 (0 != highbit)) 164 (0 != highbit))
159 highbit--; 165 highbit--;
160 if (0 == highbit) 166 if (0 == highbit)
161 { 167 {
162 /* invalid public key */ 168 /* invalid public key */
163 GNUNET_break_op(0); 169 GNUNET_break_op (0);
164 gcry_mpi_release(n); 170 gcry_mpi_release (n);
165 return GNUNET_SYSERR; 171 return GNUNET_SYSERR;
166 } 172 }
167 GNUNET_assert(0 != (n_square = gcry_mpi_new(0))); 173 GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
168 GNUNET_assert(0 != (r = gcry_mpi_new(0))); 174 GNUNET_assert (0 != (r = gcry_mpi_new (0)));
169 GNUNET_assert(0 != (c = gcry_mpi_new(0))); 175 GNUNET_assert (0 != (c = gcry_mpi_new (0)));
170 gcry_mpi_mul(n_square, n, n); 176 gcry_mpi_mul (n_square, n, n);
171 177
172 /* generate r < n (without bias) */ 178 /* generate r < n (without bias) */
173 do 179 do
174 { 180 {
175 gcry_mpi_randomize(r, highbit + 1, GCRY_STRONG_RANDOM); 181 gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM);
176 } 182 }
177 while (gcry_mpi_cmp(r, n) >= 0); 183 while (gcry_mpi_cmp (r, n) >= 0);
178 184
179 /* c = (n+1)^m mod n^2 */ 185 /* c = (n+1)^m mod n^2 */
180 /* c = n + 1 */ 186 /* c = n + 1 */
181 gcry_mpi_add_ui(c, n, 1); 187 gcry_mpi_add_ui (c, n, 1);
182 /* c = (n+1)^m mod n^2 */ 188 /* c = (n+1)^m mod n^2 */
183 gcry_mpi_powm(c, c, m, n_square); 189 gcry_mpi_powm (c, c, m, n_square);
184 /* r <- r^n mod n^2 */ 190 /* r <- r^n mod n^2 */
185 gcry_mpi_powm(r, r, n, n_square); 191 gcry_mpi_powm (r, r, n, n_square);
186 /* c <- r*c mod n^2 */ 192 /* c <- r*c mod n^2 */
187 gcry_mpi_mulm(c, r, c, n_square); 193 gcry_mpi_mulm (c, r, c, n_square);
188 194
189 GNUNET_CRYPTO_mpi_print_unsigned(ciphertext->bits, 195 GNUNET_CRYPTO_mpi_print_unsigned (ciphertext->bits,
190 sizeof ciphertext->bits, 196 sizeof ciphertext->bits,
191 c); 197 c);
192 198
193 gcry_mpi_release(n_square); 199 gcry_mpi_release (n_square);
194 gcry_mpi_release(n); 200 gcry_mpi_release (n);
195 gcry_mpi_release(r); 201 gcry_mpi_release (r);
196 gcry_mpi_release(c); 202 gcry_mpi_release (c);
197 203
198 return possible_opts; 204 return possible_opts;
199} 205}
@@ -211,10 +217,12 @@ GNUNET_CRYPTO_paillier_encrypt1(const struct GNUNET_CRYPTO_PaillierPublicKey *pu
211 * or -1 if less than one homomorphic operation is possible 217 * or -1 if less than one homomorphic operation is possible
212 */ 218 */
213int 219int
214GNUNET_CRYPTO_paillier_encrypt(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 220GNUNET_CRYPTO_paillier_encrypt (const struct
215 const gcry_mpi_t m, 221 GNUNET_CRYPTO_PaillierPublicKey *public_key,
216 int desired_ops, 222 const gcry_mpi_t m,
217 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext) 223 int desired_ops,
224 struct GNUNET_CRYPTO_PaillierCiphertext *
225 ciphertext)
218{ 226{
219 int possible_opts; 227 int possible_opts;
220 gcry_mpi_t n_square; 228 gcry_mpi_t n_square;
@@ -229,87 +237,88 @@ GNUNET_CRYPTO_paillier_encrypt(const struct GNUNET_CRYPTO_PaillierPublicKey *pub
229 237
230 /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest 238 /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest
231 number we can have as a result */ 239 number we can have as a result */
232 GNUNET_assert(NULL != (max_num = gcry_mpi_set_ui(NULL, 1))); 240 GNUNET_assert (NULL != (max_num = gcry_mpi_set_ui (NULL, 1)));
233 gcry_mpi_mul_2exp(max_num, 241 gcry_mpi_mul_2exp (max_num,
234 max_num, 242 max_num,
235 GNUNET_CRYPTO_PAILLIER_BITS); 243 GNUNET_CRYPTO_PAILLIER_BITS);
236 244
237 /* Determine how many operations we could allow, assuming the other 245 /* Determine how many operations we could allow, assuming the other
238 number has the same length (or is smaller), by counting the 246 number has the same length (or is smaller), by counting the
239 number of possible operations. We essentially divide max_num by 247 number of possible operations. We essentially divide max_num by
240 2 until the result is no longer larger than 'm', incrementing the 248 2 until the result is no longer larger than 'm', incrementing the
241 maximum number of operations in each round, starting at -2 */ 249 maximum number of operations in each round, starting at -2 */
242 for (possible_opts = -2; gcry_mpi_cmp(max_num, m) > 0; possible_opts++) 250 for (possible_opts = -2; gcry_mpi_cmp (max_num, m) > 0; possible_opts++)
243 gcry_mpi_div(max_num, 251 gcry_mpi_div (max_num,
244 NULL, 252 NULL,
245 max_num, 253 max_num,
246 GCRYMPI_CONST_TWO, 254 GCRYMPI_CONST_TWO,
247 0); 255 0);
248 gcry_mpi_release(max_num); 256 gcry_mpi_release (max_num);
249 257
250 if (possible_opts < 1) 258 if (possible_opts < 1)
251 possible_opts = 0; 259 possible_opts = 0;
252 /* Enforce soft-cap by caller */ 260 /* Enforce soft-cap by caller */
253 possible_opts = GNUNET_MIN(desired_ops, possible_opts); 261 possible_opts = GNUNET_MIN (desired_ops, possible_opts);
254 ciphertext->remaining_ops = htonl(possible_opts); 262 ciphertext->remaining_ops = htonl (possible_opts);
255 263
256 GNUNET_CRYPTO_mpi_scan_unsigned(&n, 264 GNUNET_CRYPTO_mpi_scan_unsigned (&n,
257 public_key, 265 public_key,
258 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); 266 sizeof(struct
267 GNUNET_CRYPTO_PaillierPublicKey));
259 268
260 /* check public key for number of bits, bail out if key is all zeros */ 269 /* check public key for number of bits, bail out if key is all zeros */
261 highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1; 270 highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1;
262 while ((!gcry_mpi_test_bit(n, highbit)) && 271 while ((! gcry_mpi_test_bit (n, highbit)) &&
263 (0 != highbit)) 272 (0 != highbit))
264 highbit--; 273 highbit--;
265 if (0 == highbit) 274 if (0 == highbit)
266 { 275 {
267 /* invalid public key */ 276 /* invalid public key */
268 GNUNET_break_op(0); 277 GNUNET_break_op (0);
269 gcry_mpi_release(n); 278 gcry_mpi_release (n);
270 return GNUNET_SYSERR; 279 return GNUNET_SYSERR;
271 } 280 }
272 281
273 /* generate r < n (without bias) */ 282 /* generate r < n (without bias) */
274 GNUNET_assert(NULL != (r = gcry_mpi_new(0))); 283 GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
275 do 284 do
276 { 285 {
277 gcry_mpi_randomize(r, highbit + 1, GCRY_STRONG_RANDOM); 286 gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM);
278 } 287 }
279 while (gcry_mpi_cmp(r, n) >= 0); 288 while (gcry_mpi_cmp (r, n) >= 0);
280 289
281 /* g = n + 1 */ 290 /* g = n + 1 */
282 GNUNET_assert(0 != (g = gcry_mpi_new(0))); 291 GNUNET_assert (0 != (g = gcry_mpi_new (0)));
283 gcry_mpi_add_ui(g, n, 1); 292 gcry_mpi_add_ui (g, n, 1);
284 293
285 /* n_square = n^2 */ 294 /* n_square = n^2 */
286 GNUNET_assert(0 != (n_square = gcry_mpi_new(0))); 295 GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
287 gcry_mpi_mul(n_square, 296 gcry_mpi_mul (n_square,
288 n, 297 n,
289 n); 298 n);
290 299
291 /* gm = g^m mod n^2 */ 300 /* gm = g^m mod n^2 */
292 GNUNET_assert(0 != (gm = gcry_mpi_new(0))); 301 GNUNET_assert (0 != (gm = gcry_mpi_new (0)));
293 gcry_mpi_powm(gm, g, m, n_square); 302 gcry_mpi_powm (gm, g, m, n_square);
294 gcry_mpi_release(g); 303 gcry_mpi_release (g);
295 304
296 /* rn <- r^n mod n^2 */ 305 /* rn <- r^n mod n^2 */
297 GNUNET_assert(0 != (rn = gcry_mpi_new(0))); 306 GNUNET_assert (0 != (rn = gcry_mpi_new (0)));
298 gcry_mpi_powm(rn, r, n, n_square); 307 gcry_mpi_powm (rn, r, n, n_square);
299 gcry_mpi_release(r); 308 gcry_mpi_release (r);
300 gcry_mpi_release(n); 309 gcry_mpi_release (n);
301 310
302 /* c <- rn * gm mod n^2 */ 311 /* c <- rn * gm mod n^2 */
303 GNUNET_assert(0 != (c = gcry_mpi_new(0))); 312 GNUNET_assert (0 != (c = gcry_mpi_new (0)));
304 gcry_mpi_mulm(c, rn, gm, n_square); 313 gcry_mpi_mulm (c, rn, gm, n_square);
305 gcry_mpi_release(n_square); 314 gcry_mpi_release (n_square);
306 gcry_mpi_release(gm); 315 gcry_mpi_release (gm);
307 gcry_mpi_release(rn); 316 gcry_mpi_release (rn);
308 317
309 GNUNET_CRYPTO_mpi_print_unsigned(ciphertext->bits, 318 GNUNET_CRYPTO_mpi_print_unsigned (ciphertext->bits,
310 sizeof(ciphertext->bits), 319 sizeof(ciphertext->bits),
311 c); 320 c);
312 gcry_mpi_release(c); 321 gcry_mpi_release (c);
313 322
314 return possible_opts; 323 return possible_opts;
315} 324}
@@ -324,10 +333,13 @@ GNUNET_CRYPTO_paillier_encrypt(const struct GNUNET_CRYPTO_PaillierPublicKey *pub
324 * @param[out] m Decryption of @a ciphertext with @private_key. 333 * @param[out] m Decryption of @a ciphertext with @private_key.
325 */ 334 */
326void 335void
327GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, 336GNUNET_CRYPTO_paillier_decrypt (const struct
328 const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 337 GNUNET_CRYPTO_PaillierPrivateKey *private_key,
329 const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, 338 const struct
330 gcry_mpi_t m) 339 GNUNET_CRYPTO_PaillierPublicKey *public_key,
340 const struct
341 GNUNET_CRYPTO_PaillierCiphertext *ciphertext,
342 gcry_mpi_t m)
331{ 343{
332 gcry_mpi_t mu; 344 gcry_mpi_t mu;
333 gcry_mpi_t lambda; 345 gcry_mpi_t lambda;
@@ -338,48 +350,49 @@ GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *pr
338 gcry_mpi_t cmum1; 350 gcry_mpi_t cmum1;
339 gcry_mpi_t mod; 351 gcry_mpi_t mod;
340 352
341 GNUNET_CRYPTO_mpi_scan_unsigned(&lambda, 353 GNUNET_CRYPTO_mpi_scan_unsigned (&lambda,
342 private_key->lambda, 354 private_key->lambda,
343 sizeof(private_key->lambda)); 355 sizeof(private_key->lambda));
344 GNUNET_CRYPTO_mpi_scan_unsigned(&mu, 356 GNUNET_CRYPTO_mpi_scan_unsigned (&mu,
345 private_key->mu, 357 private_key->mu,
346 sizeof(private_key->mu)); 358 sizeof(private_key->mu));
347 GNUNET_CRYPTO_mpi_scan_unsigned(&n, 359 GNUNET_CRYPTO_mpi_scan_unsigned (&n,
348 public_key, 360 public_key,
349 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); 361 sizeof(struct
350 GNUNET_CRYPTO_mpi_scan_unsigned(&c, 362 GNUNET_CRYPTO_PaillierPublicKey));
351 ciphertext->bits, 363 GNUNET_CRYPTO_mpi_scan_unsigned (&c,
352 sizeof(ciphertext->bits)); 364 ciphertext->bits,
365 sizeof(ciphertext->bits));
353 366
354 /* n_square = n * n */ 367 /* n_square = n * n */
355 GNUNET_assert(0 != (n_square = gcry_mpi_new(0))); 368 GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
356 gcry_mpi_mul(n_square, n, n); 369 gcry_mpi_mul (n_square, n, n);
357 370
358 /* cmu = c^lambda mod n^2 */ 371 /* cmu = c^lambda mod n^2 */
359 GNUNET_assert(0 != (cmu = gcry_mpi_new(0))); 372 GNUNET_assert (0 != (cmu = gcry_mpi_new (0)));
360 gcry_mpi_powm(cmu, 373 gcry_mpi_powm (cmu,
361 c, 374 c,
362 lambda, 375 lambda,
363 n_square); 376 n_square);
364 gcry_mpi_release(n_square); 377 gcry_mpi_release (n_square);
365 gcry_mpi_release(lambda); 378 gcry_mpi_release (lambda);
366 gcry_mpi_release(c); 379 gcry_mpi_release (c);
367 380
368 /* cmum1 = cmu - 1 */ 381 /* cmum1 = cmu - 1 */
369 GNUNET_assert(0 != (cmum1 = gcry_mpi_new(0))); 382 GNUNET_assert (0 != (cmum1 = gcry_mpi_new (0)));
370 gcry_mpi_sub_ui(cmum1, cmu, 1); 383 gcry_mpi_sub_ui (cmum1, cmu, 1);
371 gcry_mpi_release(cmu); 384 gcry_mpi_release (cmu);
372 385
373 /* mod = cmum1 / n (mod n) */ 386 /* mod = cmum1 / n (mod n) */
374 GNUNET_assert(0 != (mod = gcry_mpi_new(0))); 387 GNUNET_assert (0 != (mod = gcry_mpi_new (0)));
375 gcry_mpi_div(mod, NULL, cmum1, n, 0); 388 gcry_mpi_div (mod, NULL, cmum1, n, 0);
376 gcry_mpi_release(cmum1); 389 gcry_mpi_release (cmum1);
377 390
378 /* m = mod * mu mod n */ 391 /* m = mod * mu mod n */
379 gcry_mpi_mulm(m, mod, mu, n); 392 gcry_mpi_mulm (m, mod, mu, n);
380 gcry_mpi_release(mod); 393 gcry_mpi_release (mod);
381 gcry_mpi_release(mu); 394 gcry_mpi_release (mu);
382 gcry_mpi_release(n); 395 gcry_mpi_release (n);
383} 396}
384 397
385 398
@@ -398,10 +411,13 @@ GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *pr
398 * #GNUNET_SYSERR if no more homomorphic operations are remaining. 411 * #GNUNET_SYSERR if no more homomorphic operations are remaining.
399 */ 412 */
400int 413int
401GNUNET_CRYPTO_paillier_hom_add(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 414GNUNET_CRYPTO_paillier_hom_add (const struct
402 const struct GNUNET_CRYPTO_PaillierCiphertext *c1, 415 GNUNET_CRYPTO_PaillierPublicKey *public_key,
403 const struct GNUNET_CRYPTO_PaillierCiphertext *c2, 416 const struct
404 struct GNUNET_CRYPTO_PaillierCiphertext *result) 417 GNUNET_CRYPTO_PaillierCiphertext *c1,
418 const struct
419 GNUNET_CRYPTO_PaillierCiphertext *c2,
420 struct GNUNET_CRYPTO_PaillierCiphertext *result)
405{ 421{
406 gcry_mpi_t a; 422 gcry_mpi_t a;
407 gcry_mpi_t b; 423 gcry_mpi_t b;
@@ -411,42 +427,43 @@ GNUNET_CRYPTO_paillier_hom_add(const struct GNUNET_CRYPTO_PaillierPublicKey *pub
411 int32_t o1; 427 int32_t o1;
412 int32_t o2; 428 int32_t o2;
413 429
414 o1 = (int32_t)ntohl(c1->remaining_ops); 430 o1 = (int32_t) ntohl (c1->remaining_ops);
415 o2 = (int32_t)ntohl(c2->remaining_ops); 431 o2 = (int32_t) ntohl (c2->remaining_ops);
416 if ((0 >= o1) || (0 >= o2)) 432 if ((0 >= o1) || (0 >= o2))
417 { 433 {
418 GNUNET_break_op(0); 434 GNUNET_break_op (0);
419 return GNUNET_SYSERR; 435 return GNUNET_SYSERR;
420 } 436 }
421 437
422 GNUNET_CRYPTO_mpi_scan_unsigned(&a, 438 GNUNET_CRYPTO_mpi_scan_unsigned (&a,
423 c1->bits, 439 c1->bits,
424 sizeof(c1->bits)); 440 sizeof(c1->bits));
425 GNUNET_CRYPTO_mpi_scan_unsigned(&b, 441 GNUNET_CRYPTO_mpi_scan_unsigned (&b,
426 c2->bits, 442 c2->bits,
427 sizeof(c2->bits)); 443 sizeof(c2->bits));
428 GNUNET_CRYPTO_mpi_scan_unsigned(&n, 444 GNUNET_CRYPTO_mpi_scan_unsigned (&n,
429 public_key, 445 public_key,
430 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); 446 sizeof(struct
447 GNUNET_CRYPTO_PaillierPublicKey));
431 448
432 /* n_square = n * n */ 449 /* n_square = n * n */
433 GNUNET_assert(0 != (n_square = gcry_mpi_new(0))); 450 GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
434 gcry_mpi_mul(n_square, n, n); 451 gcry_mpi_mul (n_square, n, n);
435 gcry_mpi_release(n); 452 gcry_mpi_release (n);
436 453
437 /* c = a * b mod n_square */ 454 /* c = a * b mod n_square */
438 GNUNET_assert(0 != (c = gcry_mpi_new(0))); 455 GNUNET_assert (0 != (c = gcry_mpi_new (0)));
439 gcry_mpi_mulm(c, a, b, n_square); 456 gcry_mpi_mulm (c, a, b, n_square);
440 gcry_mpi_release(n_square); 457 gcry_mpi_release (n_square);
441 gcry_mpi_release(a); 458 gcry_mpi_release (a);
442 gcry_mpi_release(b); 459 gcry_mpi_release (b);
443 460
444 result->remaining_ops = htonl(GNUNET_MIN(o1, o2) - 1); 461 result->remaining_ops = htonl (GNUNET_MIN (o1, o2) - 1);
445 GNUNET_CRYPTO_mpi_print_unsigned(result->bits, 462 GNUNET_CRYPTO_mpi_print_unsigned (result->bits,
446 sizeof(result->bits), 463 sizeof(result->bits),
447 c); 464 c);
448 gcry_mpi_release(c); 465 gcry_mpi_release (c);
449 return ntohl(result->remaining_ops); 466 return ntohl (result->remaining_ops);
450} 467}
451 468
452 469
@@ -457,11 +474,11 @@ GNUNET_CRYPTO_paillier_hom_add(const struct GNUNET_CRYPTO_PaillierPublicKey *pub
457 * @return the number of remaining homomorphic operations 474 * @return the number of remaining homomorphic operations
458 */ 475 */
459int 476int
460GNUNET_CRYPTO_paillier_hom_get_remaining(const struct GNUNET_CRYPTO_PaillierCiphertext *c) 477GNUNET_CRYPTO_paillier_hom_get_remaining (const struct
478 GNUNET_CRYPTO_PaillierCiphertext *c)
461{ 479{
462 GNUNET_assert(NULL != c); 480 GNUNET_assert (NULL != c);
463 return ntohl(c->remaining_ops); 481 return ntohl (c->remaining_ops);
464} 482}
465 483
466/* end of crypto_paillier.c */ 484/* end of crypto_paillier.c */
467
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 08:07:46 +0000