1 files changed, 123 insertions, 88 deletions
diff --git a/src/scalarproduct/test_ecc_scalarproduct.c b/src/scalarproduct/test_ecc_scalarproduct.c
index eced3ef6a..85460cb05 100644
--- a/src/scalarproduct/test_ecc_scalarproduct.c
+++ b/src/scalarproduct/test_ecc_scalarproduct.c
@@ -45,20 +45,12 @@ test_sp (const unsigned int *avec,
         const unsigned int *bvec)
 {
  unsigned int len;
-  unsigned int i;
+  struct GNUNET_CRYPTO_EccScalar a;
-  gcry_mpi_t a;
+  struct GNUNET_CRYPTO_EccScalar a_neg;
-  gcry_mpi_t a_inv;
+  struct GNUNET_CRYPTO_EccPoint *g;
-  gcry_mpi_t ri;
+  struct GNUNET_CRYPTO_EccPoint *h;
-  gcry_mpi_t val;
+  struct GNUNET_CRYPTO_EccPoint pg;
-  gcry_mpi_t ria;
+  struct GNUNET_CRYPTO_EccPoint ph;
-  gcry_mpi_t tmp;
-  gcry_mpi_point_t *g;
-  gcry_mpi_point_t *h;
-  gcry_mpi_point_t pg;
-  gcry_mpi_point_t ph;
-  gcry_mpi_point_t pgi;
-  gcry_mpi_point_t gsp;
-  int sp;
  /* determine length */
  for (len = 0; 0 != avec[len]; len++)
@@ -67,90 +59,133 @@ test_sp (const unsigned int *avec,
    return 0;
  /* Alice */
-  GNUNET_CRYPTO_ecc_rnd_mpi (edc,
+  GNUNET_CRYPTO_ecc_rnd_mpi (&a,
-                             &a, &a_inv);
+                             &a_neg);
  g = GNUNET_new_array (len,
-                        gcry_mpi_point_t);
+                        struct GNUNET_CRYPTO_EccPoint);
  h = GNUNET_new_array (len,
-                        gcry_mpi_point_t);
+                        struct GNUNET_CRYPTO_EccPoint);
-  ria = gcry_mpi_new (0);
+  for (unsigned int i = 0; i < len; i++)
-  tmp = gcry_mpi_new (0);
-  for (i = 0; i < len; i++)
  {
-    ri = GNUNET_CRYPTO_ecc_random_mod_n (edc);
+    struct GNUNET_CRYPTO_EccScalar tmp;
-    g[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc,
+    struct GNUNET_CRYPTO_EccScalar ri;
-                                       ri);
+    struct GNUNET_CRYPTO_EccScalar ria;
-    /* ria = ri * a */
-    gcry_mpi_mul (ria,
+    GNUNET_CRYPTO_ecc_random_mod_n (&ri);
-                  ri,
+    GNUNET_assert (GNUNET_OK ==
-                  a);
+                   GNUNET_CRYPTO_ecc_dexp_mpi (&ri,
+                                               &g[i]));
+    /* ria = ri * a mod L, where L is the order of the main subgroup */
+    crypto_core_ed25519_scalar_mul (ria.v,
+                                    ri.v,
+                                    a.v);
    /* tmp = ria + avec[i] */
-    gcry_mpi_add_ui (tmp,
+    {
-                     ria,
+      int64_t val = avec[i];
-                     avec[i]);
+      struct GNUNET_CRYPTO_EccScalar vali;
-    h[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc,
-                                       tmp);
+      GNUNET_assert (INT64_MIN != val);
+      GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
+                                         &vali);
+      if (val > 0)
+        crypto_core_ed25519_scalar_add (tmp.v,
+                                        ria.v,
+                                        vali.v);
+      else
+        crypto_core_ed25519_scalar_sub (tmp.v,
+                                        ria.v,
+                                        vali.v);
+    }
+    /* h[i] = g^tmp = g^{ria + avec[i]} */
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_ecc_dexp_mpi (&tmp,
+                                               &h[i]));
  }
-  gcry_mpi_release (ria);
-  gcry_mpi_release (tmp);
  /* Bob */
-  val = gcry_mpi_new (0);
+  for (unsigned int i = 0; i < len; i++)
-  gcry_mpi_set_ui (val, bvec[0]);
-  pg = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
-                                   g[0],
-                                   val);
-  ph = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
-                                   h[0],
-                                   val);
-  for (i = 1; i < len; i++)
  {
-    gcry_mpi_point_t m;
+    struct GNUNET_CRYPTO_EccPoint gm;
-    gcry_mpi_point_t tmp;
+    struct GNUNET_CRYPTO_EccPoint hm;
-    gcry_mpi_set_ui (val, bvec[i]);
+    {
-    m = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
+      int64_t val = bvec[i];
-                                    g[i],
+      struct GNUNET_CRYPTO_EccScalar vali;
-                                    val);
-    tmp = GNUNET_CRYPTO_ecc_add (edc,
+      GNUNET_assert (INT64_MIN != val);
-                                 m,
+      GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
-                                 pg);
+                                         &vali);
-    gcry_mpi_point_release (m);
+      if (val < 0)
-    gcry_mpi_point_release (pg);
+        crypto_core_ed25519_scalar_negate (vali.v,
-    gcry_mpi_point_release (g[i]);
+                                           vali.v);
-    pg = tmp;
+      /* gm = g[i]^vali */
+      GNUNET_assert (GNUNET_OK ==
-    m = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
+                     GNUNET_CRYPTO_ecc_pmul_mpi (&g[i],
-                                    h[i],
+                                                 &vali,
-                                    val);
+                                                 &gm));
-    tmp = GNUNET_CRYPTO_ecc_add (edc,
+      /* hm = h[i]^vali */
-                                 m,
+      GNUNET_assert (GNUNET_OK ==
-                                 ph);
+                     GNUNET_CRYPTO_ecc_pmul_mpi (&h[i],
-    gcry_mpi_point_release (m);
+                                                 &vali,
-    gcry_mpi_point_release (ph);
+                                                 &hm));
-    gcry_mpi_point_release (h[i]);
+    }
-    ph = tmp;
+    if (0 != i)
+    {
+      /* pg += gm */
+      GNUNET_assert (GNUNET_OK ==
+                     GNUNET_CRYPTO_ecc_add (&gm,
+                                            &pg,
+                                            &pg));
+      /* ph += hm */
+      GNUNET_assert (GNUNET_OK ==
+                     GNUNET_CRYPTO_ecc_add (&hm,
+                                            &ph,
+                                            &ph));
+    }
+    else
+    {
+      pg = gm;
+      ph = hm;
+    }
  }
-  gcry_mpi_release (val);
  GNUNET_free (g);
  GNUNET_free (h);
  /* Alice */
-  pgi = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
+  {
-                                    pg,
+    struct GNUNET_CRYPTO_EccPoint pgi;
-                                    a_inv);
+    struct GNUNET_CRYPTO_EccPoint gsp;
-  gsp = GNUNET_CRYPTO_ecc_add (edc,
-                               pgi,
+    /* pgi = pg^inv */
-                               ph);
+    GNUNET_assert (GNUNET_OK ==
-  gcry_mpi_point_release (pgi);
+                   GNUNET_CRYPTO_ecc_pmul_mpi (&pg,
-  gcry_mpi_point_release (ph);
+                                               &a_neg,
-  sp = GNUNET_CRYPTO_ecc_dlog (edc,
+                                               &pgi));
-                               gsp);
+    /* gsp = pgi + ph */
-  gcry_mpi_point_release (gsp);
+    GNUNET_assert (GNUNET_OK ==
-  return sp;
+                   GNUNET_CRYPTO_ecc_add (&pgi,
+                                          &ph,
+                                          &gsp));
+    return GNUNET_CRYPTO_ecc_dlog (edc,
+                                   &gsp);
+  }
 }
+/**
+ * Macro that checks that @a want is equal to @a have and
+ * if not returns with a failure code.
+ */
+#define CHECK(want,have) do { \
+    if (want != have) {         \
+      GNUNET_break (0);         \
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR, \
+                  "Wanted %d, got %d\n", want, have);   \
+      GNUNET_CRYPTO_ecc_dlog_release (edc); \
+      return 1; \
+    } } while (0)
 int
 main (int argc, char *argv[])
 {
@@ -163,12 +198,12 @@ main (int argc, char *argv[])
                    "WARNING",
                    NULL);
  edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128);
-  GNUNET_assert (2 == test_sp (v11, v11));
+  CHECK (2, test_sp (v11, v11));
-  GNUNET_assert (4 == test_sp (v22, v11));
+  CHECK (4, test_sp (v22, v11));
-  GNUNET_assert (8 == test_sp (v35, v11));
+  CHECK (8, test_sp (v35, v11));
-  GNUNET_assert (26 == test_sp (v35, v24));
+  CHECK (26, test_sp (v35, v24));
-  GNUNET_assert (26 == test_sp (v24, v35));
+  CHECK (26, test_sp (v24, v35));
-  GNUNET_assert (16 == test_sp (v22, v35));
+  CHECK (16, test_sp (v22, v35));
  GNUNET_CRYPTO_ecc_dlog_release (edc);
  return 0;
 }

diff --git a/src/scalarproduct/test_ecc_scalarproduct.c b/src/scalarproduct/test_ecc_scalarproduct.c index eced3ef6a..85460cb05 100644 --- a/src/scalarproduct/test_ecc_scalarproduct.c +++ b/src/scalarproduct/test_ecc_scalarproduct.c
@@ -45,20 +45,12 @@ test_sp (const unsigned int *avec,
45	const unsigned int *bvec)	45	const unsigned int *bvec)
46	{	46	{
47	unsigned int len;	47	unsigned int len;
48	unsigned int i;	48	struct GNUNET_CRYPTO_EccScalar a;
49	gcry_mpi_t a;	49	struct GNUNET_CRYPTO_EccScalar a_neg;
50	gcry_mpi_t a_inv;	50	struct GNUNET_CRYPTO_EccPoint *g;
51	gcry_mpi_t ri;	51	struct GNUNET_CRYPTO_EccPoint *h;
52	gcry_mpi_t val;	52	struct GNUNET_CRYPTO_EccPoint pg;
53	gcry_mpi_t ria;	53	struct GNUNET_CRYPTO_EccPoint ph;
54	gcry_mpi_t tmp;
55	gcry_mpi_point_t *g;
56	gcry_mpi_point_t *h;
57	gcry_mpi_point_t pg;
58	gcry_mpi_point_t ph;
59	gcry_mpi_point_t pgi;
60	gcry_mpi_point_t gsp;
61	int sp;
62		54
63	/* determine length */	55	/* determine length */
64	for (len = 0; 0 != avec[len]; len++)	56	for (len = 0; 0 != avec[len]; len++)
@@ -67,90 +59,133 @@ test_sp (const unsigned int *avec,
67	return 0;	59	return 0;
68		60
69	/* Alice */	61	/* Alice */
70	GNUNET_CRYPTO_ecc_rnd_mpi (edc,	62	GNUNET_CRYPTO_ecc_rnd_mpi (&a,
71	&a, &a_inv);	63	&a_neg);
72	g = GNUNET_new_array (len,	64	g = GNUNET_new_array (len,
73	gcry_mpi_point_t);	65	struct GNUNET_CRYPTO_EccPoint);
74	h = GNUNET_new_array (len,	66	h = GNUNET_new_array (len,
75	gcry_mpi_point_t);	67	struct GNUNET_CRYPTO_EccPoint);
76	ria = gcry_mpi_new (0);	68	for (unsigned int i = 0; i < len; i++)
77	tmp = gcry_mpi_new (0);
78	for (i = 0; i < len; i++)
79	{	69	{
80	ri = GNUNET_CRYPTO_ecc_random_mod_n (edc);	70	struct GNUNET_CRYPTO_EccScalar tmp;
81	g[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc,	71	struct GNUNET_CRYPTO_EccScalar ri;
82	ri);	72	struct GNUNET_CRYPTO_EccScalar ria;
83	/* ria = ri * a */	73
84	gcry_mpi_mul (ria,	74	GNUNET_CRYPTO_ecc_random_mod_n (&ri);
85	ri,	75	GNUNET_assert (GNUNET_OK ==
86	a);	76	GNUNET_CRYPTO_ecc_dexp_mpi (&ri,
		77	&g[i]));
		78	/* ria = ri * a mod L, where L is the order of the main subgroup */
		79	crypto_core_ed25519_scalar_mul (ria.v,
		80	ri.v,
		81	a.v);
87	/* tmp = ria + avec[i] */	82	/* tmp = ria + avec[i] */
88	gcry_mpi_add_ui (tmp,	83	{
89	ria,	84	int64_t val = avec[i];
90	avec[i]);	85	struct GNUNET_CRYPTO_EccScalar vali;
91	h[i] = GNUNET_CRYPTO_ecc_dexp_mpi (edc,	86
92	tmp);	87	GNUNET_assert (INT64_MIN != val);
		88	GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
		89	&vali);
		90	if (val > 0)
		91	crypto_core_ed25519_scalar_add (tmp.v,
		92	ria.v,
		93	vali.v);
		94	else
		95	crypto_core_ed25519_scalar_sub (tmp.v,
		96	ria.v,
		97	vali.v);
		98	}
		99	/* h[i] = g^tmp = g^{ria + avec[i]} */
		100	GNUNET_assert (GNUNET_OK ==
		101	GNUNET_CRYPTO_ecc_dexp_mpi (&tmp,
		102	&h[i]));
93	}	103	}
94	gcry_mpi_release (ria);
95	gcry_mpi_release (tmp);
96		104
97	/* Bob */	105	/* Bob */
98	val = gcry_mpi_new (0);	106	for (unsigned int i = 0; i < len; i++)
99	gcry_mpi_set_ui (val, bvec[0]);
100	pg = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
101	g[0],
102	val);
103	ph = GNUNET_CRYPTO_ecc_pmul_mpi (edc,
104	h[0],
105	val);
106	for (i = 1; i < len; i++)
107	{	107	{
108	gcry_mpi_point_t m;	108	struct GNUNET_CRYPTO_EccPoint gm;
109	gcry_mpi_point_t tmp;	109	struct GNUNET_CRYPTO_EccPoint hm;
110		110
111	gcry_mpi_set_ui (val, bvec[i]);	111	{
112	m = GNUNET_CRYPTO_ecc_pmul_mpi (edc,	112	int64_t val = bvec[i];
113	g[i],	113	struct GNUNET_CRYPTO_EccScalar vali;
114	val);	114
115	tmp = GNUNET_CRYPTO_ecc_add (edc,	115	GNUNET_assert (INT64_MIN != val);
116	m,	116	GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
117	pg);	117	&vali);
118	gcry_mpi_point_release (m);	118	if (val < 0)
119	gcry_mpi_point_release (pg);	119	crypto_core_ed25519_scalar_negate (vali.v,
120	gcry_mpi_point_release (g[i]);	120	vali.v);
121	pg = tmp;	121	/* gm = g[i]^vali */
122		122	GNUNET_assert (GNUNET_OK ==
123	m = GNUNET_CRYPTO_ecc_pmul_mpi (edc,	123	GNUNET_CRYPTO_ecc_pmul_mpi (&g[i],
124	h[i],	124	&vali,
125	val);	125	&gm));
126	tmp = GNUNET_CRYPTO_ecc_add (edc,	126	/* hm = h[i]^vali */
127	m,	127	GNUNET_assert (GNUNET_OK ==
128	ph);	128	GNUNET_CRYPTO_ecc_pmul_mpi (&h[i],
129	gcry_mpi_point_release (m);	129	&vali,
130	gcry_mpi_point_release (ph);	130	&hm));
131	gcry_mpi_point_release (h[i]);	131	}
132	ph = tmp;	132	if (0 != i)
		133	{
		134	/* pg += gm */
		135	GNUNET_assert (GNUNET_OK ==
		136	GNUNET_CRYPTO_ecc_add (&gm,
		137	&pg,
		138	&pg));
		139	/* ph += hm */
		140	GNUNET_assert (GNUNET_OK ==
		141	GNUNET_CRYPTO_ecc_add (&hm,
		142	&ph,
		143	&ph));
		144	}
		145	else
		146	{
		147	pg = gm;
		148	ph = hm;
		149	}
133	}	150	}
134	gcry_mpi_release (val);
135	GNUNET_free (g);	151	GNUNET_free (g);
136	GNUNET_free (h);	152	GNUNET_free (h);
137		153
138	/* Alice */	154	/* Alice */
139	pgi = GNUNET_CRYPTO_ecc_pmul_mpi (edc,	155	{
140	pg,	156	struct GNUNET_CRYPTO_EccPoint pgi;
141	a_inv);	157	struct GNUNET_CRYPTO_EccPoint gsp;
142	gsp = GNUNET_CRYPTO_ecc_add (edc,	158
143	pgi,	159	/* pgi = pg^inv */
144	ph);	160	GNUNET_assert (GNUNET_OK ==
145	gcry_mpi_point_release (pgi);	161	GNUNET_CRYPTO_ecc_pmul_mpi (&pg,
146	gcry_mpi_point_release (ph);	162	&a_neg,
147	sp = GNUNET_CRYPTO_ecc_dlog (edc,	163	&pgi));
148	gsp);	164	/* gsp = pgi + ph */
149	gcry_mpi_point_release (gsp);	165	GNUNET_assert (GNUNET_OK ==
150	return sp;	166	GNUNET_CRYPTO_ecc_add (&pgi,
		167	&ph,
		168	&gsp));
		169	return GNUNET_CRYPTO_ecc_dlog (edc,
		170	&gsp);
		171	}
151	}	172	}
152		173
153		174
		175	/**
		176	* Macro that checks that @a want is equal to @a have and
		177	* if not returns with a failure code.
		178	*/
		179	#define CHECK(want,have) do { \
		180	if (want != have) { \
		181	GNUNET_break (0); \
		182	GNUNET_log (GNUNET_ERROR_TYPE_ERROR, \
		183	"Wanted %d, got %d\n", want, have); \
		184	GNUNET_CRYPTO_ecc_dlog_release (edc); \
		185	return 1; \
		186	} } while (0)
		187
		188
154	int	189	int
155	main (int argc, char *argv[])	190	main (int argc, char *argv[])
156	{	191	{
@@ -163,12 +198,12 @@ main (int argc, char *argv[])
163	"WARNING",	198	"WARNING",
164	NULL);	199	NULL);
165	edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128);	200	edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128);
166	GNUNET_assert (2 == test_sp (v11, v11));	201	CHECK (2, test_sp (v11, v11));
167	GNUNET_assert (4 == test_sp (v22, v11));	202	CHECK (4, test_sp (v22, v11));
168	GNUNET_assert (8 == test_sp (v35, v11));	203	CHECK (8, test_sp (v35, v11));
169	GNUNET_assert (26 == test_sp (v35, v24));	204	CHECK (26, test_sp (v35, v24));
170	GNUNET_assert (26 == test_sp (v24, v35));	205	CHECK (26, test_sp (v24, v35));
171	GNUNET_assert (16 == test_sp (v22, v35));	206	CHECK (16, test_sp (v22, v35));
172	GNUNET_CRYPTO_ecc_dlog_release (edc);	207	GNUNET_CRYPTO_ecc_dlog_release (edc);
173	return 0;	208	return 0;
174	}	209	}