1 files changed, 39 insertions, 18 deletions
diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c
index 2ff7c70ce..049f63062 100644
--- a/src/lib/util/crypto_cs.c
+++ b/src/lib/util/crypto_cs.c
@@ -158,8 +158,12 @@ cs_full_domain_hash (const struct GNUNET_CRYPTO_CsRPublic *r_dash,
  // SHA-512 hash of R' and message
  size_t r_m_concat_len = sizeof(struct GNUNET_CRYPTO_CsRPublic) + msg_len;
  char r_m_concat[r_m_concat_len];
-  memcpy (r_m_concat, r_dash, sizeof(struct GNUNET_CRYPTO_CsRPublic));
+  memcpy (r_m_concat,
-  memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic), msg, msg_len);
+          r_dash,
+          sizeof(struct GNUNET_CRYPTO_CsRPublic));
+  memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic),
+          msg,
+          msg_len);
  struct GNUNET_HashCode prehash;
  GNUNET_CRYPTO_hash (r_m_concat,
@@ -215,18 +219,21 @@ calc_r_dash (const struct GNUNET_CRYPTO_CsBlindingSecret *bs,
                   alpha_mul_base.y,
                   bs->alpha.d));
  struct GNUNET_CRYPTO_Cs25519Point beta_mul_pub;
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (beta_mul_pub.y,
+  GNUNET_assert (0 ==
-                                                         bs->beta.d,
+                 crypto_scalarmult_ed25519_noclamp (
-                                                         pub->point.y));
+                   beta_mul_pub.y,
+                   bs->beta.d,
+                   pub->point.y));
  struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base_plus_beta_mul_pub;
  GNUNET_assert (0 == crypto_core_ed25519_add (
                   alpha_mul_base_plus_beta_mul_pub.y,
                   alpha_mul_base.y,
                   beta_mul_pub.y));
-  GNUNET_assert (0 == crypto_core_ed25519_add (blinded_r_pub->point.y,
+  GNUNET_assert (0 ==
-                                               r_pub->point.y,
+                 crypto_core_ed25519_add (
-                                               alpha_mul_base_plus_beta_mul_pub.
+                   blinded_r_pub->point.y,
-                                               y));
+                   r_pub->point.y,
+                   alpha_mul_base_plus_beta_mul_pub.y));
 }
@@ -238,19 +245,33 @@ GNUNET_CRYPTO_cs_calc_blinded_c (
  const void *msg,
  size_t msg_len,
  struct GNUNET_CRYPTO_CsC blinded_c[2],
-  struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
+  struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
 {
-  // for i 0/1: R'i = Ri + alpha i*G + beta i*pub
+  /* for i 0/1: R'i = Ri + alpha i*G + beta i*pub */
-  calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]);
+  calc_r_dash (&bs[0],
-  calc_r_dash (&bs[1], &r_pub[1], pub, &blinded_r_pub[1]);
+               &r_pub[0],
+               pub,
-  // for i 0/1: c'i = H(R'i, msg)
+               &r_pub_blind->r_pub[0]);
+  calc_r_dash (&bs[1],
+               &r_pub[1],
+               pub,
+               &r_pub_blind->r_pub[1]);
+  /* for i 0/1: c'i = H(R'i, msg) */
  struct GNUNET_CRYPTO_CsC c_dash_0;
  struct GNUNET_CRYPTO_CsC c_dash_1;
-  cs_full_domain_hash (&blinded_r_pub[0], msg, msg_len, pub, &c_dash_0);
+  cs_full_domain_hash (&r_pub_blind->r_pub[0],
-  cs_full_domain_hash (&blinded_r_pub[1], msg, msg_len, pub, &c_dash_1);
+                       msg,
+                       msg_len,
+                       pub,
+                       &c_dash_0);
+  cs_full_domain_hash (&r_pub_blind->r_pub[1],
+                       msg,
+                       msg_len,
+                       pub,
+                       &c_dash_1);
-  // for i 0/1: ci = c'i + beta i mod p
+  /* for i 0/1: ci = c'i + beta i mod p */
  crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d,
                                  c_dash_0.scalar.d,
                                  bs[0].beta.d);

diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c index 2ff7c70ce..049f63062 100644 --- a/src/lib/util/crypto_cs.c +++ b/src/lib/util/crypto_cs.c
@@ -158,8 +158,12 @@ cs_full_domain_hash (const struct GNUNET_CRYPTO_CsRPublic *r_dash,
158	// SHA-512 hash of R' and message	158	// SHA-512 hash of R' and message
159	size_t r_m_concat_len = sizeof(struct GNUNET_CRYPTO_CsRPublic) + msg_len;	159	size_t r_m_concat_len = sizeof(struct GNUNET_CRYPTO_CsRPublic) + msg_len;
160	char r_m_concat[r_m_concat_len];	160	char r_m_concat[r_m_concat_len];
161	memcpy (r_m_concat, r_dash, sizeof(struct GNUNET_CRYPTO_CsRPublic));	161	memcpy (r_m_concat,
162	memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic), msg, msg_len);	162	r_dash,
		163	sizeof(struct GNUNET_CRYPTO_CsRPublic));
		164	memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic),
		165	msg,
		166	msg_len);
163	struct GNUNET_HashCode prehash;	167	struct GNUNET_HashCode prehash;
164		168
165	GNUNET_CRYPTO_hash (r_m_concat,	169	GNUNET_CRYPTO_hash (r_m_concat,
@@ -215,18 +219,21 @@ calc_r_dash (const struct GNUNET_CRYPTO_CsBlindingSecret *bs,
215	alpha_mul_base.y,	219	alpha_mul_base.y,
216	bs->alpha.d));	220	bs->alpha.d));
217	struct GNUNET_CRYPTO_Cs25519Point beta_mul_pub;	221	struct GNUNET_CRYPTO_Cs25519Point beta_mul_pub;
218	GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (beta_mul_pub.y,	222	GNUNET_assert (0 ==
219	bs->beta.d,	223	crypto_scalarmult_ed25519_noclamp (
220	pub->point.y));	224	beta_mul_pub.y,
		225	bs->beta.d,
		226	pub->point.y));
221	struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base_plus_beta_mul_pub;	227	struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base_plus_beta_mul_pub;
222	GNUNET_assert (0 == crypto_core_ed25519_add (	228	GNUNET_assert (0 == crypto_core_ed25519_add (
223	alpha_mul_base_plus_beta_mul_pub.y,	229	alpha_mul_base_plus_beta_mul_pub.y,
224	alpha_mul_base.y,	230	alpha_mul_base.y,
225	beta_mul_pub.y));	231	beta_mul_pub.y));
226	GNUNET_assert (0 == crypto_core_ed25519_add (blinded_r_pub->point.y,	232	GNUNET_assert (0 ==
227	r_pub->point.y,	233	crypto_core_ed25519_add (
228	alpha_mul_base_plus_beta_mul_pub.	234	blinded_r_pub->point.y,
229	y));	235	r_pub->point.y,
		236	alpha_mul_base_plus_beta_mul_pub.y));
230	}	237	}
231		238
232		239
@@ -238,19 +245,33 @@ GNUNET_CRYPTO_cs_calc_blinded_c (
238	const void *msg,	245	const void *msg,
239	size_t msg_len,	246	size_t msg_len,
240	struct GNUNET_CRYPTO_CsC blinded_c[2],	247	struct GNUNET_CRYPTO_CsC blinded_c[2],
241	struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])	248	struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
242	{	249	{
243	// for i 0/1: R'i = Ri + alpha iG + beta ipub	250	/* for i 0/1: R'i = Ri + alpha iG + beta ipub */
244	calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]);	251	calc_r_dash (&bs[0],
245	calc_r_dash (&bs[1], &r_pub[1], pub, &blinded_r_pub[1]);	252	&r_pub[0],
246		253	pub,
247	// for i 0/1: c'i = H(R'i, msg)	254	&r_pub_blind->r_pub[0]);
		255	calc_r_dash (&bs[1],
		256	&r_pub[1],
		257	pub,
		258	&r_pub_blind->r_pub[1]);
		259
		260	/* for i 0/1: c'i = H(R'i, msg) */
248	struct GNUNET_CRYPTO_CsC c_dash_0;	261	struct GNUNET_CRYPTO_CsC c_dash_0;
249	struct GNUNET_CRYPTO_CsC c_dash_1;	262	struct GNUNET_CRYPTO_CsC c_dash_1;
250	cs_full_domain_hash (&blinded_r_pub[0], msg, msg_len, pub, &c_dash_0);	263	cs_full_domain_hash (&r_pub_blind->r_pub[0],
251	cs_full_domain_hash (&blinded_r_pub[1], msg, msg_len, pub, &c_dash_1);	264	msg,
		265	msg_len,
		266	pub,
		267	&c_dash_0);
		268	cs_full_domain_hash (&r_pub_blind->r_pub[1],
		269	msg,
		270	msg_len,
		271	pub,
		272	&c_dash_1);
252		273
253	// for i 0/1: ci = c'i + beta i mod p	274	/* for i 0/1: ci = c'i + beta i mod p */
254	crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d,	275	crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d,
255	c_dash_0.scalar.d,	276	c_dash_0.scalar.d,
256	bs[0].beta.d);	277	bs[0].beta.d);