summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/scalarproduct/Makefile.am2
-rw-r--r--src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c7
-rw-r--r--src/scalarproduct/test_ecc_scalarproduct.c214
3 files changed, 132 insertions, 91 deletions
diff --git a/src/scalarproduct/Makefile.am b/src/scalarproduct/Makefile.am
index 4b3486dda..cf05e8377 100644
--- a/src/scalarproduct/Makefile.am
+++ b/src/scalarproduct/Makefile.am
@@ -113,4 +113,4 @@ test_ecc_scalarproduct_SOURCES = \
test_ecc_scalarproduct.c
test_ecc_scalarproduct_LDADD = \
$(top_builddir)/src/util/libgnunetutil.la \
- -lgcrypt
+ -lsodium
diff --git a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
index 59f422f9e..b5c49e85d 100644
--- a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
+++ b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
@@ -591,8 +591,9 @@ send_alices_cryptodata_message (struct AliceServiceSession *s)
/* r_i = random() mod n */
GNUNET_CRYPTO_ecc_random_mod_n (&r_i);
/* g_i = g^{r_i} */
- GNUNET_CRYPTO_ecc_dexp_mpi (&r_i,
- &g_i);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_dexp_mpi (&r_i,
+ &g_i));
/* r_ia = r_i * a */
crypto_core_ed25519_scalar_mul (&r_ia.v[0],
&r_i.v[0],
@@ -602,9 +603,9 @@ send_alices_cryptodata_message (struct AliceServiceSession *s)
int64_t val = s->sorted_elements[i].value;
struct GNUNET_CRYPTO_EccScalar vali;
- r_ia_ai = r_ia;
GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
&vali);
+ r_ia_ai = r_ia;
if (val > 0)
sodium_add (r_ia_ai.v,
vali.v,
diff --git a/src/scalarproduct/test_ecc_scalarproduct.c b/src/scalarproduct/test_ecc_scalarproduct.c
index eced3ef6a..8d3d716fb 100644
--- a/src/scalarproduct/test_ecc_scalarproduct.c
+++ b/src/scalarproduct/test_ecc_scalarproduct.c
@@ -45,20 +45,17 @@ test_sp (const unsigned int *avec,
const unsigned int *bvec)
{
unsigned int len;
- unsigned int i;
- gcry_mpi_t a;
- gcry_mpi_t a_inv;
- gcry_mpi_t ri;
- gcry_mpi_t val;
- gcry_mpi_t ria;
- gcry_mpi_t tmp;
- gcry_mpi_point_t *g;
- gcry_mpi_point_t *h;
- gcry_mpi_point_t pg;
- gcry_mpi_point_t ph;
- gcry_mpi_point_t pgi;
- gcry_mpi_point_t gsp;
- int sp;
+ struct GNUNET_CRYPTO_EccScalar a;
+ struct GNUNET_CRYPTO_EccScalar a_inv;
+ struct GNUNET_CRYPTO_EccScalar ri;
+ struct GNUNET_CRYPTO_EccScalar ria;
+ struct GNUNET_CRYPTO_EccScalar tmp;
+ struct GNUNET_CRYPTO_EccPoint *g;
+ struct GNUNET_CRYPTO_EccPoint *h;
+ struct GNUNET_CRYPTO_EccPoint pg;
+ struct GNUNET_CRYPTO_EccPoint ph;
+ struct GNUNET_CRYPTO_EccPoint pgi;
+ struct GNUNET_CRYPTO_EccPoint gsp;
/* determine length */
for (len = 0; 0 != avec[len]; len++)
@@ -67,90 +64,133 @@ test_sp (const unsigned int *avec,
return 0;
/* Alice */
- GNUNET_CRYPTO_ecc_rnd_mpi (edc,
- &a, &a_inv);
+ GNUNET_CRYPTO_ecc_rnd_mpi (&a,
+ &a_inv);
g = GNUNET_new_array (len,
- gcry_mpi_point_t);
+ struct GNUNET_CRYPTO_EccPoint);
h = GNUNET_new_array (len,
- gcry_mpi_point_t);
- ria = gcry_mpi_new (0);
- tmp = gcry_mpi_new (0);
- for (i = 0; i < len; i++)
+ struct GNUNET_CRYPTO_EccPoint);
+ for (unsigned int i = 0; i < len; i++)
{
- ri = GNUNET_CRYPTO_ecc_random_mod_n (edc);
- g[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc,
- ri);
+ GNUNET_CRYPTO_ecc_random_mod_n (&ri);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_dexp_mpi (&ri,
+ &g[i]));
/* ria = ri * a */
- gcry_mpi_mul (ria,
- ri,
- a);
+ crypto_core_ed25519_scalar_mul (&ria.v[0],
+ &ri.v[0],
+ &a.v[0]);
/* tmp = ria + avec[i] */
- gcry_mpi_add_ui (tmp,
- ria,
- avec[i]);
- h[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc,
- tmp);
+ {
+ int64_t val = avec[i];
+ struct GNUNET_CRYPTO_EccScalar vali;
+
+ GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
+ &vali);
+ tmp = ria;
+ if (val > 0)
+ sodium_add (tmp.v,
+ vali.v,
+ sizeof (vali.v));
+ else
+ sodium_sub (tmp.v,
+ vali.v,
+ sizeof (vali.v));
+ }
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_dexp_mpi (&tmp,
+ &h[i]));
}
- gcry_mpi_release (ria);
- gcry_mpi_release (tmp);
/* Bob */
- val = gcry_mpi_new (0);
- gcry_mpi_set_ui (val, bvec[0]);
- pg = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
- g[0],
- val);
- ph = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
- h[0],
- val);
- for (i = 1; i < len; i++)
{
- gcry_mpi_point_t m;
- gcry_mpi_point_t tmp;
-
- gcry_mpi_set_ui (val, bvec[i]);
- m = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
- g[i],
- val);
- tmp = GNUNET_CRYPTO_ecc_add (edc,
- m,
- pg);
- gcry_mpi_point_release (m);
- gcry_mpi_point_release (pg);
- gcry_mpi_point_release (g[i]);
- pg = tmp;
-
- m = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
- h[i],
- val);
- tmp = GNUNET_CRYPTO_ecc_add (edc,
- m,
- ph);
- gcry_mpi_point_release (m);
- gcry_mpi_point_release (ph);
- gcry_mpi_point_release (h[i]);
- ph = tmp;
+ int64_t val = bvec[0];
+ struct GNUNET_CRYPTO_EccScalar vali;
+
+ GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
+ &vali);
+ if (val < 0)
+ crypto_core_ed25519_scalar_negate (&vali.v[0],
+ &vali.v[0]);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_pmul_mpi (&g[0],
+ &vali,
+ &pg));
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_pmul_mpi (&h[0],
+ &vali,
+ &ph));
+ }
+ for (unsigned int i = 0; i < len; i++)
+ {
+ struct GNUNET_CRYPTO_EccPoint m;
+
+ {
+ int64_t val = bvec[i];
+ struct GNUNET_CRYPTO_EccScalar vali;
+
+ GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
+ &vali);
+ if (val < 0)
+ crypto_core_ed25519_scalar_negate (&vali.v[0],
+ &vali.v[0]);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_pmul_mpi (&g[i],
+ &vali,
+ &m));
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_pmul_mpi (&h[i],
+ &vali,
+ &m));
+ }
+
+ if (0 != i)
+ {
+ struct GNUNET_CRYPTO_EccPoint tmp;
+
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_add (&m,
+ &pg,
+ &tmp));
+ pg = tmp;
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_add (&m,
+ &ph,
+ &tmp));
+ ph = tmp;
+ }
}
- gcry_mpi_release (val);
GNUNET_free (g);
GNUNET_free (h);
/* Alice */
- pgi = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
- pg,
- a_inv);
- gsp = GNUNET_CRYPTO_ecc_add (edc,
- pgi,
- ph);
- gcry_mpi_point_release (pgi);
- gcry_mpi_point_release (ph);
- sp = GNUNET_CRYPTO_ecc_dlog (edc,
- gsp);
- gcry_mpi_point_release (gsp);
- return sp;
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_pmul_mpi (&pg,
+ &a_inv,
+ &pgi));
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecc_add (&pgi,
+ &ph,
+ &gsp));
+ return GNUNET_CRYPTO_ecc_dlog (edc,
+ &gsp);
}
+/**
+ * Macro that checks that @a want is equal to @a have and
+ * if not returns with a failure code.
+ */
+#define CHECK(want,have) do { \
+ if (want != have) { \
+ GNUNET_break (0); \
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, \
+ "Wanted %d, got %d\n", want, have); \
+ GNUNET_CRYPTO_ecc_dlog_release (edc); \
+ return 1; \
+ } } while (0)
+
+
int
main (int argc, char *argv[])
{
@@ -163,12 +203,12 @@ main (int argc, char *argv[])
"WARNING",
NULL);
edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128);
- GNUNET_assert (2 == test_sp (v11, v11));
- GNUNET_assert (4 == test_sp (v22, v11));
- GNUNET_assert (8 == test_sp (v35, v11));
- GNUNET_assert (26 == test_sp (v35, v24));
- GNUNET_assert (26 == test_sp (v24, v35));
- GNUNET_assert (16 == test_sp (v22, v35));
+ CHECK (2, test_sp (v11, v11));
+ CHECK (4, test_sp (v22, v11));
+ CHECK (8, test_sp (v35, v11));
+ CHECK (26, test_sp (v35, v24));
+ CHECK (26, test_sp (v24, v35));
+ CHECK (16, test_sp (v22, v35));
GNUNET_CRYPTO_ecc_dlog_release (edc);
return 0;
}