diff options
author | Christian Grothoff <christian@grothoff.org> | 2019-10-05 15:09:28 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2019-10-05 15:09:28 +0200 |
commit | c4e9ba925ffd758aaa3feee2ccfc0b76f26fe207 (patch) | |
tree | cac3ce030d77b4cbe7c7dc62ed58cfe6d24f73e1 /src/util/crypto_paillier.c | |
parent | fbb71d527c7d6babf269a8fefce1db291b9f7068 (diff) | |
download | gnunet-c4e9ba925ffd758aaa3feee2ccfc0b76f26fe207.tar.gz gnunet-c4e9ba925ffd758aaa3feee2ccfc0b76f26fe207.zip |
global reindent, now with uncrustify hook enabled
Diffstat (limited to 'src/util/crypto_paillier.c')
-rw-r--r-- | src/util/crypto_paillier.c | 435 |
1 files changed, 226 insertions, 209 deletions
diff --git a/src/util/crypto_paillier.c b/src/util/crypto_paillier.c index 27a9af5de..75d607706 100644 --- a/src/util/crypto_paillier.c +++ b/src/util/crypto_paillier.c | |||
@@ -36,8 +36,10 @@ | |||
36 | * @param[out] private_key Where to store the private key? | 36 | * @param[out] private_key Where to store the private key? |
37 | */ | 37 | */ |
38 | void | 38 | void |
39 | GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key, | 39 | GNUNET_CRYPTO_paillier_create (struct |
40 | struct GNUNET_CRYPTO_PaillierPrivateKey *private_key) | 40 | GNUNET_CRYPTO_PaillierPublicKey *public_key, |
41 | struct GNUNET_CRYPTO_PaillierPrivateKey * | ||
42 | private_key) | ||
41 | { | 43 | { |
42 | gcry_mpi_t p; | 44 | gcry_mpi_t p; |
43 | gcry_mpi_t q; | 45 | gcry_mpi_t q; |
@@ -50,55 +52,56 @@ GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key | |||
50 | p = NULL; | 52 | p = NULL; |
51 | q = NULL; | 53 | q = NULL; |
52 | do | 54 | do |
53 | { | 55 | { |
54 | if (NULL != p) | 56 | if (NULL != p) |
55 | gcry_mpi_release(p); | 57 | gcry_mpi_release (p); |
56 | if (NULL != q) | 58 | if (NULL != q) |
57 | gcry_mpi_release(q); | 59 | gcry_mpi_release (q); |
58 | GNUNET_assert(0 == | 60 | GNUNET_assert (0 == |
59 | gcry_prime_generate(&p, | 61 | gcry_prime_generate (&p, |
60 | GNUNET_CRYPTO_PAILLIER_BITS / 2, | 62 | GNUNET_CRYPTO_PAILLIER_BITS / 2, |
61 | 0, NULL, NULL, NULL, | 63 | 0, NULL, NULL, NULL, |
62 | GCRY_STRONG_RANDOM, 0)); | 64 | GCRY_STRONG_RANDOM, 0)); |
63 | GNUNET_assert(0 == | 65 | GNUNET_assert (0 == |
64 | gcry_prime_generate(&q, | 66 | gcry_prime_generate (&q, |
65 | GNUNET_CRYPTO_PAILLIER_BITS / 2, | 67 | GNUNET_CRYPTO_PAILLIER_BITS / 2, |
66 | 0, NULL, NULL, NULL, | 68 | 0, NULL, NULL, NULL, |
67 | GCRY_STRONG_RANDOM, 0)); | 69 | GCRY_STRONG_RANDOM, 0)); |
68 | } | 70 | } |
69 | while (0 == gcry_mpi_cmp(p, q)); | 71 | while (0 == gcry_mpi_cmp (p, q)); |
70 | /* n = p * q */ | 72 | /* n = p * q */ |
71 | GNUNET_assert(NULL != (n = gcry_mpi_new(0))); | 73 | GNUNET_assert (NULL != (n = gcry_mpi_new (0))); |
72 | gcry_mpi_mul(n, | 74 | gcry_mpi_mul (n, |
73 | p, | 75 | p, |
74 | q); | 76 | q); |
75 | GNUNET_CRYPTO_mpi_print_unsigned(public_key, | 77 | GNUNET_CRYPTO_mpi_print_unsigned (public_key, |
76 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey), | 78 | sizeof(struct |
77 | n); | 79 | GNUNET_CRYPTO_PaillierPublicKey), |
80 | n); | ||
78 | 81 | ||
79 | /* compute phi(n) = (p-1)(q-1) */ | 82 | /* compute phi(n) = (p-1)(q-1) */ |
80 | GNUNET_assert(NULL != (phi = gcry_mpi_new(0))); | 83 | GNUNET_assert (NULL != (phi = gcry_mpi_new (0))); |
81 | gcry_mpi_sub_ui(p, p, 1); | 84 | gcry_mpi_sub_ui (p, p, 1); |
82 | gcry_mpi_sub_ui(q, q, 1); | 85 | gcry_mpi_sub_ui (q, q, 1); |
83 | gcry_mpi_mul(phi, p, q); | 86 | gcry_mpi_mul (phi, p, q); |
84 | gcry_mpi_release(p); | 87 | gcry_mpi_release (p); |
85 | gcry_mpi_release(q); | 88 | gcry_mpi_release (q); |
86 | 89 | ||
87 | /* lambda equals phi(n) in the simplified key generation */ | 90 | /* lambda equals phi(n) in the simplified key generation */ |
88 | GNUNET_CRYPTO_mpi_print_unsigned(private_key->lambda, | 91 | GNUNET_CRYPTO_mpi_print_unsigned (private_key->lambda, |
89 | GNUNET_CRYPTO_PAILLIER_BITS / 8, | 92 | GNUNET_CRYPTO_PAILLIER_BITS / 8, |
90 | phi); | 93 | phi); |
91 | /* mu = phi^{-1} mod n, as we use g = n + 1 */ | 94 | /* mu = phi^{-1} mod n, as we use g = n + 1 */ |
92 | GNUNET_assert(NULL != (mu = gcry_mpi_new(0))); | 95 | GNUNET_assert (NULL != (mu = gcry_mpi_new (0))); |
93 | GNUNET_assert(0 != gcry_mpi_invm(mu, | 96 | GNUNET_assert (0 != gcry_mpi_invm (mu, |
94 | phi, | 97 | phi, |
95 | n)); | 98 | n)); |
96 | gcry_mpi_release(phi); | 99 | gcry_mpi_release (phi); |
97 | gcry_mpi_release(n); | 100 | gcry_mpi_release (n); |
98 | GNUNET_CRYPTO_mpi_print_unsigned(private_key->mu, | 101 | GNUNET_CRYPTO_mpi_print_unsigned (private_key->mu, |
99 | GNUNET_CRYPTO_PAILLIER_BITS / 8, | 102 | GNUNET_CRYPTO_PAILLIER_BITS / 8, |
100 | mu); | 103 | mu); |
101 | gcry_mpi_release(mu); | 104 | gcry_mpi_release (mu); |
102 | } | 105 | } |
103 | 106 | ||
104 | 107 | ||
@@ -114,10 +117,12 @@ GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key | |||
114 | * or -1 if less than one homomorphic operation is possible | 117 | * or -1 if less than one homomorphic operation is possible |
115 | */ | 118 | */ |
116 | int | 119 | int |
117 | GNUNET_CRYPTO_paillier_encrypt1(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, | 120 | GNUNET_CRYPTO_paillier_encrypt1 (const struct |
118 | const gcry_mpi_t m, | 121 | GNUNET_CRYPTO_PaillierPublicKey *public_key, |
119 | int desired_ops, | 122 | const gcry_mpi_t m, |
120 | struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext) | 123 | int desired_ops, |
124 | struct GNUNET_CRYPTO_PaillierCiphertext * | ||
125 | ciphertext) | ||
121 | { | 126 | { |
122 | int possible_opts; | 127 | int possible_opts; |
123 | gcry_mpi_t n_square; | 128 | gcry_mpi_t n_square; |
@@ -130,70 +135,71 @@ GNUNET_CRYPTO_paillier_encrypt1(const struct GNUNET_CRYPTO_PaillierPublicKey *pu | |||
130 | 135 | ||
131 | /* determine how many operations we could allow, if the other number | 136 | /* determine how many operations we could allow, if the other number |
132 | has the same length. */ | 137 | has the same length. */ |
133 | GNUNET_assert(NULL != (tmp1 = gcry_mpi_set_ui(NULL, 1))); | 138 | GNUNET_assert (NULL != (tmp1 = gcry_mpi_set_ui (NULL, 1))); |
134 | GNUNET_assert(NULL != (tmp2 = gcry_mpi_set_ui(NULL, 2))); | 139 | GNUNET_assert (NULL != (tmp2 = gcry_mpi_set_ui (NULL, 2))); |
135 | gcry_mpi_mul_2exp(tmp1, tmp1, GNUNET_CRYPTO_PAILLIER_BITS); | 140 | gcry_mpi_mul_2exp (tmp1, tmp1, GNUNET_CRYPTO_PAILLIER_BITS); |
136 | 141 | ||
137 | /* count number of possible operations | 142 | /* count number of possible operations |
138 | this would be nicer with gcry_mpi_get_nbits, however it does not return | 143 | this would be nicer with gcry_mpi_get_nbits, however it does not return |
139 | the BITLENGTH of the given MPI's value, but the bits required | 144 | the BITLENGTH of the given MPI's value, but the bits required |
140 | to represent the number as MPI. */ | 145 | to represent the number as MPI. */ |
141 | for (possible_opts = -2; gcry_mpi_cmp(tmp1, m) > 0; possible_opts++) | 146 | for (possible_opts = -2; gcry_mpi_cmp (tmp1, m) > 0; possible_opts++) |
142 | gcry_mpi_div(tmp1, NULL, tmp1, tmp2, 0); | 147 | gcry_mpi_div (tmp1, NULL, tmp1, tmp2, 0); |
143 | gcry_mpi_release(tmp1); | 148 | gcry_mpi_release (tmp1); |
144 | gcry_mpi_release(tmp2); | 149 | gcry_mpi_release (tmp2); |
145 | 150 | ||
146 | if (possible_opts < 1) | 151 | if (possible_opts < 1) |
147 | possible_opts = 0; | 152 | possible_opts = 0; |
148 | /* soft-cap by caller */ | 153 | /* soft-cap by caller */ |
149 | possible_opts = (desired_ops < possible_opts) ? desired_ops : possible_opts; | 154 | possible_opts = (desired_ops < possible_opts) ? desired_ops : possible_opts; |
150 | 155 | ||
151 | ciphertext->remaining_ops = htonl(possible_opts); | 156 | ciphertext->remaining_ops = htonl (possible_opts); |
152 | 157 | ||
153 | GNUNET_CRYPTO_mpi_scan_unsigned(&n, | 158 | GNUNET_CRYPTO_mpi_scan_unsigned (&n, |
154 | public_key, | 159 | public_key, |
155 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); | 160 | sizeof(struct |
161 | GNUNET_CRYPTO_PaillierPublicKey)); | ||
156 | highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1; | 162 | highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1; |
157 | while ((!gcry_mpi_test_bit(n, highbit)) && | 163 | while ((! gcry_mpi_test_bit (n, highbit)) && |
158 | (0 != highbit)) | 164 | (0 != highbit)) |
159 | highbit--; | 165 | highbit--; |
160 | if (0 == highbit) | 166 | if (0 == highbit) |
161 | { | 167 | { |
162 | /* invalid public key */ | 168 | /* invalid public key */ |
163 | GNUNET_break_op(0); | 169 | GNUNET_break_op (0); |
164 | gcry_mpi_release(n); | 170 | gcry_mpi_release (n); |
165 | return GNUNET_SYSERR; | 171 | return GNUNET_SYSERR; |
166 | } | 172 | } |
167 | GNUNET_assert(0 != (n_square = gcry_mpi_new(0))); | 173 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); |
168 | GNUNET_assert(0 != (r = gcry_mpi_new(0))); | 174 | GNUNET_assert (0 != (r = gcry_mpi_new (0))); |
169 | GNUNET_assert(0 != (c = gcry_mpi_new(0))); | 175 | GNUNET_assert (0 != (c = gcry_mpi_new (0))); |
170 | gcry_mpi_mul(n_square, n, n); | 176 | gcry_mpi_mul (n_square, n, n); |
171 | 177 | ||
172 | /* generate r < n (without bias) */ | 178 | /* generate r < n (without bias) */ |
173 | do | 179 | do |
174 | { | 180 | { |
175 | gcry_mpi_randomize(r, highbit + 1, GCRY_STRONG_RANDOM); | 181 | gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM); |
176 | } | 182 | } |
177 | while (gcry_mpi_cmp(r, n) >= 0); | 183 | while (gcry_mpi_cmp (r, n) >= 0); |
178 | 184 | ||
179 | /* c = (n+1)^m mod n^2 */ | 185 | /* c = (n+1)^m mod n^2 */ |
180 | /* c = n + 1 */ | 186 | /* c = n + 1 */ |
181 | gcry_mpi_add_ui(c, n, 1); | 187 | gcry_mpi_add_ui (c, n, 1); |
182 | /* c = (n+1)^m mod n^2 */ | 188 | /* c = (n+1)^m mod n^2 */ |
183 | gcry_mpi_powm(c, c, m, n_square); | 189 | gcry_mpi_powm (c, c, m, n_square); |
184 | /* r <- r^n mod n^2 */ | 190 | /* r <- r^n mod n^2 */ |
185 | gcry_mpi_powm(r, r, n, n_square); | 191 | gcry_mpi_powm (r, r, n, n_square); |
186 | /* c <- r*c mod n^2 */ | 192 | /* c <- r*c mod n^2 */ |
187 | gcry_mpi_mulm(c, r, c, n_square); | 193 | gcry_mpi_mulm (c, r, c, n_square); |
188 | 194 | ||
189 | GNUNET_CRYPTO_mpi_print_unsigned(ciphertext->bits, | 195 | GNUNET_CRYPTO_mpi_print_unsigned (ciphertext->bits, |
190 | sizeof ciphertext->bits, | 196 | sizeof ciphertext->bits, |
191 | c); | 197 | c); |
192 | 198 | ||
193 | gcry_mpi_release(n_square); | 199 | gcry_mpi_release (n_square); |
194 | gcry_mpi_release(n); | 200 | gcry_mpi_release (n); |
195 | gcry_mpi_release(r); | 201 | gcry_mpi_release (r); |
196 | gcry_mpi_release(c); | 202 | gcry_mpi_release (c); |
197 | 203 | ||
198 | return possible_opts; | 204 | return possible_opts; |
199 | } | 205 | } |
@@ -211,10 +217,12 @@ GNUNET_CRYPTO_paillier_encrypt1(const struct GNUNET_CRYPTO_PaillierPublicKey *pu | |||
211 | * or -1 if less than one homomorphic operation is possible | 217 | * or -1 if less than one homomorphic operation is possible |
212 | */ | 218 | */ |
213 | int | 219 | int |
214 | GNUNET_CRYPTO_paillier_encrypt(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, | 220 | GNUNET_CRYPTO_paillier_encrypt (const struct |
215 | const gcry_mpi_t m, | 221 | GNUNET_CRYPTO_PaillierPublicKey *public_key, |
216 | int desired_ops, | 222 | const gcry_mpi_t m, |
217 | struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext) | 223 | int desired_ops, |
224 | struct GNUNET_CRYPTO_PaillierCiphertext * | ||
225 | ciphertext) | ||
218 | { | 226 | { |
219 | int possible_opts; | 227 | int possible_opts; |
220 | gcry_mpi_t n_square; | 228 | gcry_mpi_t n_square; |
@@ -229,87 +237,88 @@ GNUNET_CRYPTO_paillier_encrypt(const struct GNUNET_CRYPTO_PaillierPublicKey *pub | |||
229 | 237 | ||
230 | /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest | 238 | /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest |
231 | number we can have as a result */ | 239 | number we can have as a result */ |
232 | GNUNET_assert(NULL != (max_num = gcry_mpi_set_ui(NULL, 1))); | 240 | GNUNET_assert (NULL != (max_num = gcry_mpi_set_ui (NULL, 1))); |
233 | gcry_mpi_mul_2exp(max_num, | 241 | gcry_mpi_mul_2exp (max_num, |
234 | max_num, | 242 | max_num, |
235 | GNUNET_CRYPTO_PAILLIER_BITS); | 243 | GNUNET_CRYPTO_PAILLIER_BITS); |
236 | 244 | ||
237 | /* Determine how many operations we could allow, assuming the other | 245 | /* Determine how many operations we could allow, assuming the other |
238 | number has the same length (or is smaller), by counting the | 246 | number has the same length (or is smaller), by counting the |
239 | number of possible operations. We essentially divide max_num by | 247 | number of possible operations. We essentially divide max_num by |
240 | 2 until the result is no longer larger than 'm', incrementing the | 248 | 2 until the result is no longer larger than 'm', incrementing the |
241 | maximum number of operations in each round, starting at -2 */ | 249 | maximum number of operations in each round, starting at -2 */ |
242 | for (possible_opts = -2; gcry_mpi_cmp(max_num, m) > 0; possible_opts++) | 250 | for (possible_opts = -2; gcry_mpi_cmp (max_num, m) > 0; possible_opts++) |
243 | gcry_mpi_div(max_num, | 251 | gcry_mpi_div (max_num, |
244 | NULL, | 252 | NULL, |
245 | max_num, | 253 | max_num, |
246 | GCRYMPI_CONST_TWO, | 254 | GCRYMPI_CONST_TWO, |
247 | 0); | 255 | 0); |
248 | gcry_mpi_release(max_num); | 256 | gcry_mpi_release (max_num); |
249 | 257 | ||
250 | if (possible_opts < 1) | 258 | if (possible_opts < 1) |
251 | possible_opts = 0; | 259 | possible_opts = 0; |
252 | /* Enforce soft-cap by caller */ | 260 | /* Enforce soft-cap by caller */ |
253 | possible_opts = GNUNET_MIN(desired_ops, possible_opts); | 261 | possible_opts = GNUNET_MIN (desired_ops, possible_opts); |
254 | ciphertext->remaining_ops = htonl(possible_opts); | 262 | ciphertext->remaining_ops = htonl (possible_opts); |
255 | 263 | ||
256 | GNUNET_CRYPTO_mpi_scan_unsigned(&n, | 264 | GNUNET_CRYPTO_mpi_scan_unsigned (&n, |
257 | public_key, | 265 | public_key, |
258 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); | 266 | sizeof(struct |
267 | GNUNET_CRYPTO_PaillierPublicKey)); | ||
259 | 268 | ||
260 | /* check public key for number of bits, bail out if key is all zeros */ | 269 | /* check public key for number of bits, bail out if key is all zeros */ |
261 | highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1; | 270 | highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1; |
262 | while ((!gcry_mpi_test_bit(n, highbit)) && | 271 | while ((! gcry_mpi_test_bit (n, highbit)) && |
263 | (0 != highbit)) | 272 | (0 != highbit)) |
264 | highbit--; | 273 | highbit--; |
265 | if (0 == highbit) | 274 | if (0 == highbit) |
266 | { | 275 | { |
267 | /* invalid public key */ | 276 | /* invalid public key */ |
268 | GNUNET_break_op(0); | 277 | GNUNET_break_op (0); |
269 | gcry_mpi_release(n); | 278 | gcry_mpi_release (n); |
270 | return GNUNET_SYSERR; | 279 | return GNUNET_SYSERR; |
271 | } | 280 | } |
272 | 281 | ||
273 | /* generate r < n (without bias) */ | 282 | /* generate r < n (without bias) */ |
274 | GNUNET_assert(NULL != (r = gcry_mpi_new(0))); | 283 | GNUNET_assert (NULL != (r = gcry_mpi_new (0))); |
275 | do | 284 | do |
276 | { | 285 | { |
277 | gcry_mpi_randomize(r, highbit + 1, GCRY_STRONG_RANDOM); | 286 | gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM); |
278 | } | 287 | } |
279 | while (gcry_mpi_cmp(r, n) >= 0); | 288 | while (gcry_mpi_cmp (r, n) >= 0); |
280 | 289 | ||
281 | /* g = n + 1 */ | 290 | /* g = n + 1 */ |
282 | GNUNET_assert(0 != (g = gcry_mpi_new(0))); | 291 | GNUNET_assert (0 != (g = gcry_mpi_new (0))); |
283 | gcry_mpi_add_ui(g, n, 1); | 292 | gcry_mpi_add_ui (g, n, 1); |
284 | 293 | ||
285 | /* n_square = n^2 */ | 294 | /* n_square = n^2 */ |
286 | GNUNET_assert(0 != (n_square = gcry_mpi_new(0))); | 295 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); |
287 | gcry_mpi_mul(n_square, | 296 | gcry_mpi_mul (n_square, |
288 | n, | 297 | n, |
289 | n); | 298 | n); |
290 | 299 | ||
291 | /* gm = g^m mod n^2 */ | 300 | /* gm = g^m mod n^2 */ |
292 | GNUNET_assert(0 != (gm = gcry_mpi_new(0))); | 301 | GNUNET_assert (0 != (gm = gcry_mpi_new (0))); |
293 | gcry_mpi_powm(gm, g, m, n_square); | 302 | gcry_mpi_powm (gm, g, m, n_square); |
294 | gcry_mpi_release(g); | 303 | gcry_mpi_release (g); |
295 | 304 | ||
296 | /* rn <- r^n mod n^2 */ | 305 | /* rn <- r^n mod n^2 */ |
297 | GNUNET_assert(0 != (rn = gcry_mpi_new(0))); | 306 | GNUNET_assert (0 != (rn = gcry_mpi_new (0))); |
298 | gcry_mpi_powm(rn, r, n, n_square); | 307 | gcry_mpi_powm (rn, r, n, n_square); |
299 | gcry_mpi_release(r); | 308 | gcry_mpi_release (r); |
300 | gcry_mpi_release(n); | 309 | gcry_mpi_release (n); |
301 | 310 | ||
302 | /* c <- rn * gm mod n^2 */ | 311 | /* c <- rn * gm mod n^2 */ |
303 | GNUNET_assert(0 != (c = gcry_mpi_new(0))); | 312 | GNUNET_assert (0 != (c = gcry_mpi_new (0))); |
304 | gcry_mpi_mulm(c, rn, gm, n_square); | 313 | gcry_mpi_mulm (c, rn, gm, n_square); |
305 | gcry_mpi_release(n_square); | 314 | gcry_mpi_release (n_square); |
306 | gcry_mpi_release(gm); | 315 | gcry_mpi_release (gm); |
307 | gcry_mpi_release(rn); | 316 | gcry_mpi_release (rn); |
308 | 317 | ||
309 | GNUNET_CRYPTO_mpi_print_unsigned(ciphertext->bits, | 318 | GNUNET_CRYPTO_mpi_print_unsigned (ciphertext->bits, |
310 | sizeof(ciphertext->bits), | 319 | sizeof(ciphertext->bits), |
311 | c); | 320 | c); |
312 | gcry_mpi_release(c); | 321 | gcry_mpi_release (c); |
313 | 322 | ||
314 | return possible_opts; | 323 | return possible_opts; |
315 | } | 324 | } |
@@ -324,10 +333,13 @@ GNUNET_CRYPTO_paillier_encrypt(const struct GNUNET_CRYPTO_PaillierPublicKey *pub | |||
324 | * @param[out] m Decryption of @a ciphertext with @private_key. | 333 | * @param[out] m Decryption of @a ciphertext with @private_key. |
325 | */ | 334 | */ |
326 | void | 335 | void |
327 | GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, | 336 | GNUNET_CRYPTO_paillier_decrypt (const struct |
328 | const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, | 337 | GNUNET_CRYPTO_PaillierPrivateKey *private_key, |
329 | const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, | 338 | const struct |
330 | gcry_mpi_t m) | 339 | GNUNET_CRYPTO_PaillierPublicKey *public_key, |
340 | const struct | ||
341 | GNUNET_CRYPTO_PaillierCiphertext *ciphertext, | ||
342 | gcry_mpi_t m) | ||
331 | { | 343 | { |
332 | gcry_mpi_t mu; | 344 | gcry_mpi_t mu; |
333 | gcry_mpi_t lambda; | 345 | gcry_mpi_t lambda; |
@@ -338,48 +350,49 @@ GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *pr | |||
338 | gcry_mpi_t cmum1; | 350 | gcry_mpi_t cmum1; |
339 | gcry_mpi_t mod; | 351 | gcry_mpi_t mod; |
340 | 352 | ||
341 | GNUNET_CRYPTO_mpi_scan_unsigned(&lambda, | 353 | GNUNET_CRYPTO_mpi_scan_unsigned (&lambda, |
342 | private_key->lambda, | 354 | private_key->lambda, |
343 | sizeof(private_key->lambda)); | 355 | sizeof(private_key->lambda)); |
344 | GNUNET_CRYPTO_mpi_scan_unsigned(&mu, | 356 | GNUNET_CRYPTO_mpi_scan_unsigned (&mu, |
345 | private_key->mu, | 357 | private_key->mu, |
346 | sizeof(private_key->mu)); | 358 | sizeof(private_key->mu)); |
347 | GNUNET_CRYPTO_mpi_scan_unsigned(&n, | 359 | GNUNET_CRYPTO_mpi_scan_unsigned (&n, |
348 | public_key, | 360 | public_key, |
349 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); | 361 | sizeof(struct |
350 | GNUNET_CRYPTO_mpi_scan_unsigned(&c, | 362 | GNUNET_CRYPTO_PaillierPublicKey)); |
351 | ciphertext->bits, | 363 | GNUNET_CRYPTO_mpi_scan_unsigned (&c, |
352 | sizeof(ciphertext->bits)); | 364 | ciphertext->bits, |
365 | sizeof(ciphertext->bits)); | ||
353 | 366 | ||
354 | /* n_square = n * n */ | 367 | /* n_square = n * n */ |
355 | GNUNET_assert(0 != (n_square = gcry_mpi_new(0))); | 368 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); |
356 | gcry_mpi_mul(n_square, n, n); | 369 | gcry_mpi_mul (n_square, n, n); |
357 | 370 | ||
358 | /* cmu = c^lambda mod n^2 */ | 371 | /* cmu = c^lambda mod n^2 */ |
359 | GNUNET_assert(0 != (cmu = gcry_mpi_new(0))); | 372 | GNUNET_assert (0 != (cmu = gcry_mpi_new (0))); |
360 | gcry_mpi_powm(cmu, | 373 | gcry_mpi_powm (cmu, |
361 | c, | 374 | c, |
362 | lambda, | 375 | lambda, |
363 | n_square); | 376 | n_square); |
364 | gcry_mpi_release(n_square); | 377 | gcry_mpi_release (n_square); |
365 | gcry_mpi_release(lambda); | 378 | gcry_mpi_release (lambda); |
366 | gcry_mpi_release(c); | 379 | gcry_mpi_release (c); |
367 | 380 | ||
368 | /* cmum1 = cmu - 1 */ | 381 | /* cmum1 = cmu - 1 */ |
369 | GNUNET_assert(0 != (cmum1 = gcry_mpi_new(0))); | 382 | GNUNET_assert (0 != (cmum1 = gcry_mpi_new (0))); |
370 | gcry_mpi_sub_ui(cmum1, cmu, 1); | 383 | gcry_mpi_sub_ui (cmum1, cmu, 1); |
371 | gcry_mpi_release(cmu); | 384 | gcry_mpi_release (cmu); |
372 | 385 | ||
373 | /* mod = cmum1 / n (mod n) */ | 386 | /* mod = cmum1 / n (mod n) */ |
374 | GNUNET_assert(0 != (mod = gcry_mpi_new(0))); | 387 | GNUNET_assert (0 != (mod = gcry_mpi_new (0))); |
375 | gcry_mpi_div(mod, NULL, cmum1, n, 0); | 388 | gcry_mpi_div (mod, NULL, cmum1, n, 0); |
376 | gcry_mpi_release(cmum1); | 389 | gcry_mpi_release (cmum1); |
377 | 390 | ||
378 | /* m = mod * mu mod n */ | 391 | /* m = mod * mu mod n */ |
379 | gcry_mpi_mulm(m, mod, mu, n); | 392 | gcry_mpi_mulm (m, mod, mu, n); |
380 | gcry_mpi_release(mod); | 393 | gcry_mpi_release (mod); |
381 | gcry_mpi_release(mu); | 394 | gcry_mpi_release (mu); |
382 | gcry_mpi_release(n); | 395 | gcry_mpi_release (n); |
383 | } | 396 | } |
384 | 397 | ||
385 | 398 | ||
@@ -398,10 +411,13 @@ GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *pr | |||
398 | * #GNUNET_SYSERR if no more homomorphic operations are remaining. | 411 | * #GNUNET_SYSERR if no more homomorphic operations are remaining. |
399 | */ | 412 | */ |
400 | int | 413 | int |
401 | GNUNET_CRYPTO_paillier_hom_add(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, | 414 | GNUNET_CRYPTO_paillier_hom_add (const struct |
402 | const struct GNUNET_CRYPTO_PaillierCiphertext *c1, | 415 | GNUNET_CRYPTO_PaillierPublicKey *public_key, |
403 | const struct GNUNET_CRYPTO_PaillierCiphertext *c2, | 416 | const struct |
404 | struct GNUNET_CRYPTO_PaillierCiphertext *result) | 417 | GNUNET_CRYPTO_PaillierCiphertext *c1, |
418 | const struct | ||
419 | GNUNET_CRYPTO_PaillierCiphertext *c2, | ||
420 | struct GNUNET_CRYPTO_PaillierCiphertext *result) | ||
405 | { | 421 | { |
406 | gcry_mpi_t a; | 422 | gcry_mpi_t a; |
407 | gcry_mpi_t b; | 423 | gcry_mpi_t b; |
@@ -411,42 +427,43 @@ GNUNET_CRYPTO_paillier_hom_add(const struct GNUNET_CRYPTO_PaillierPublicKey *pub | |||
411 | int32_t o1; | 427 | int32_t o1; |
412 | int32_t o2; | 428 | int32_t o2; |
413 | 429 | ||
414 | o1 = (int32_t)ntohl(c1->remaining_ops); | 430 | o1 = (int32_t) ntohl (c1->remaining_ops); |
415 | o2 = (int32_t)ntohl(c2->remaining_ops); | 431 | o2 = (int32_t) ntohl (c2->remaining_ops); |
416 | if ((0 >= o1) || (0 >= o2)) | 432 | if ((0 >= o1) || (0 >= o2)) |
417 | { | 433 | { |
418 | GNUNET_break_op(0); | 434 | GNUNET_break_op (0); |
419 | return GNUNET_SYSERR; | 435 | return GNUNET_SYSERR; |
420 | } | 436 | } |
421 | 437 | ||
422 | GNUNET_CRYPTO_mpi_scan_unsigned(&a, | 438 | GNUNET_CRYPTO_mpi_scan_unsigned (&a, |
423 | c1->bits, | 439 | c1->bits, |
424 | sizeof(c1->bits)); | 440 | sizeof(c1->bits)); |
425 | GNUNET_CRYPTO_mpi_scan_unsigned(&b, | 441 | GNUNET_CRYPTO_mpi_scan_unsigned (&b, |
426 | c2->bits, | 442 | c2->bits, |
427 | sizeof(c2->bits)); | 443 | sizeof(c2->bits)); |
428 | GNUNET_CRYPTO_mpi_scan_unsigned(&n, | 444 | GNUNET_CRYPTO_mpi_scan_unsigned (&n, |
429 | public_key, | 445 | public_key, |
430 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); | 446 | sizeof(struct |
447 | GNUNET_CRYPTO_PaillierPublicKey)); | ||
431 | 448 | ||
432 | /* n_square = n * n */ | 449 | /* n_square = n * n */ |
433 | GNUNET_assert(0 != (n_square = gcry_mpi_new(0))); | 450 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); |
434 | gcry_mpi_mul(n_square, n, n); | 451 | gcry_mpi_mul (n_square, n, n); |
435 | gcry_mpi_release(n); | 452 | gcry_mpi_release (n); |
436 | 453 | ||
437 | /* c = a * b mod n_square */ | 454 | /* c = a * b mod n_square */ |
438 | GNUNET_assert(0 != (c = gcry_mpi_new(0))); | 455 | GNUNET_assert (0 != (c = gcry_mpi_new (0))); |
439 | gcry_mpi_mulm(c, a, b, n_square); | 456 | gcry_mpi_mulm (c, a, b, n_square); |
440 | gcry_mpi_release(n_square); | 457 | gcry_mpi_release (n_square); |
441 | gcry_mpi_release(a); | 458 | gcry_mpi_release (a); |
442 | gcry_mpi_release(b); | 459 | gcry_mpi_release (b); |
443 | 460 | ||
444 | result->remaining_ops = htonl(GNUNET_MIN(o1, o2) - 1); | 461 | result->remaining_ops = htonl (GNUNET_MIN (o1, o2) - 1); |
445 | GNUNET_CRYPTO_mpi_print_unsigned(result->bits, | 462 | GNUNET_CRYPTO_mpi_print_unsigned (result->bits, |
446 | sizeof(result->bits), | 463 | sizeof(result->bits), |
447 | c); | 464 | c); |
448 | gcry_mpi_release(c); | 465 | gcry_mpi_release (c); |
449 | return ntohl(result->remaining_ops); | 466 | return ntohl (result->remaining_ops); |
450 | } | 467 | } |
451 | 468 | ||
452 | 469 | ||
@@ -457,11 +474,11 @@ GNUNET_CRYPTO_paillier_hom_add(const struct GNUNET_CRYPTO_PaillierPublicKey *pub | |||
457 | * @return the number of remaining homomorphic operations | 474 | * @return the number of remaining homomorphic operations |
458 | */ | 475 | */ |
459 | int | 476 | int |
460 | GNUNET_CRYPTO_paillier_hom_get_remaining(const struct GNUNET_CRYPTO_PaillierCiphertext *c) | 477 | GNUNET_CRYPTO_paillier_hom_get_remaining (const struct |
478 | GNUNET_CRYPTO_PaillierCiphertext *c) | ||
461 | { | 479 | { |
462 | GNUNET_assert(NULL != c); | 480 | GNUNET_assert (NULL != c); |
463 | return ntohl(c->remaining_ops); | 481 | return ntohl (c->remaining_ops); |
464 | } | 482 | } |
465 | 483 | ||
466 | /* end of crypto_paillier.c */ | 484 | /* end of crypto_paillier.c */ |
467 | |||