diff options
Diffstat (limited to 'src/util/crypto_ecc_dlog.c')
-rw-r--r-- | src/util/crypto_ecc_dlog.c | 377 |
1 files changed, 188 insertions, 189 deletions
diff --git a/src/util/crypto_ecc_dlog.c b/src/util/crypto_ecc_dlog.c index 07777e377..8b4344b25 100644 --- a/src/util/crypto_ecc_dlog.c +++ b/src/util/crypto_ecc_dlog.c | |||
@@ -11,12 +11,12 @@ | |||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | 11 | WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | Affero General Public License for more details. | 13 | Affero General Public License for more details. |
14 | 14 | ||
15 | You should have received a copy of the GNU Affero General Public License | 15 | You should have received a copy of the GNU Affero General Public License |
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | 16 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
17 | 17 | ||
18 | SPDX-License-Identifier: AGPL3.0-or-later | 18 | SPDX-License-Identifier: AGPL3.0-or-later |
19 | */ | 19 | */ |
20 | 20 | ||
21 | /** | 21 | /** |
22 | * @file util/crypto_ecc_dlog.c | 22 | * @file util/crypto_ecc_dlog.c |
@@ -44,27 +44,26 @@ | |||
44 | * | 44 | * |
45 | */ | 45 | */ |
46 | static void | 46 | static void |
47 | extract_pk (gcry_mpi_point_t pt, | 47 | extract_pk(gcry_mpi_point_t pt, |
48 | gcry_ctx_t ctx, | 48 | gcry_ctx_t ctx, |
49 | struct GNUNET_PeerIdentity *pid) | 49 | struct GNUNET_PeerIdentity *pid) |
50 | { | 50 | { |
51 | gcry_mpi_t q_y; | 51 | gcry_mpi_t q_y; |
52 | 52 | ||
53 | GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", pt, ctx)); | 53 | GNUNET_assert(0 == gcry_mpi_ec_set_point("q", pt, ctx)); |
54 | q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); | 54 | q_y = gcry_mpi_ec_get_mpi("q@eddsa", ctx, 0); |
55 | GNUNET_assert (q_y); | 55 | GNUNET_assert(q_y); |
56 | GNUNET_CRYPTO_mpi_print_unsigned (pid->public_key.q_y, | 56 | GNUNET_CRYPTO_mpi_print_unsigned(pid->public_key.q_y, |
57 | sizeof (pid->public_key.q_y), | 57 | sizeof(pid->public_key.q_y), |
58 | q_y); | 58 | q_y); |
59 | gcry_mpi_release (q_y); | 59 | gcry_mpi_release(q_y); |
60 | } | 60 | } |
61 | 61 | ||
62 | 62 | ||
63 | /** | 63 | /** |
64 | * Internal structure used to cache pre-calculated values for DLOG calculation. | 64 | * Internal structure used to cache pre-calculated values for DLOG calculation. |
65 | */ | 65 | */ |
66 | struct GNUNET_CRYPTO_EccDlogContext | 66 | struct GNUNET_CRYPTO_EccDlogContext { |
67 | { | ||
68 | /** | 67 | /** |
69 | * Maximum absolute value the calculation supports. | 68 | * Maximum absolute value the calculation supports. |
70 | */ | 69 | */ |
@@ -87,7 +86,6 @@ struct GNUNET_CRYPTO_EccDlogContext | |||
87 | * Context to use for operations on the elliptic curve. | 86 | * Context to use for operations on the elliptic curve. |
88 | */ | 87 | */ |
89 | gcry_ctx_t ctx; | 88 | gcry_ctx_t ctx; |
90 | |||
91 | }; | 89 | }; |
92 | 90 | ||
93 | 91 | ||
@@ -99,19 +97,19 @@ struct GNUNET_CRYPTO_EccDlogContext | |||
99 | * @param[out] bin binary point representation | 97 | * @param[out] bin binary point representation |
100 | */ | 98 | */ |
101 | void | 99 | void |
102 | GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, | 100 | GNUNET_CRYPTO_ecc_point_to_bin(struct GNUNET_CRYPTO_EccDlogContext *edc, |
103 | gcry_mpi_point_t point, | 101 | gcry_mpi_point_t point, |
104 | struct GNUNET_CRYPTO_EccPoint *bin) | 102 | struct GNUNET_CRYPTO_EccPoint *bin) |
105 | { | 103 | { |
106 | gcry_mpi_t q_y; | 104 | gcry_mpi_t q_y; |
107 | 105 | ||
108 | GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx)); | 106 | GNUNET_assert(0 == gcry_mpi_ec_set_point("q", point, edc->ctx)); |
109 | q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0); | 107 | q_y = gcry_mpi_ec_get_mpi("q@eddsa", edc->ctx, 0); |
110 | GNUNET_assert (q_y); | 108 | GNUNET_assert(q_y); |
111 | GNUNET_CRYPTO_mpi_print_unsigned (bin->q_y, | 109 | GNUNET_CRYPTO_mpi_print_unsigned(bin->q_y, |
112 | sizeof (bin->q_y), | 110 | sizeof(bin->q_y), |
113 | q_y); | 111 | q_y); |
114 | gcry_mpi_release (q_y); | 112 | gcry_mpi_release(q_y); |
115 | } | 113 | } |
116 | 114 | ||
117 | 115 | ||
@@ -123,26 +121,26 @@ GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
123 | * @return computational representation | 121 | * @return computational representation |
124 | */ | 122 | */ |
125 | gcry_mpi_point_t | 123 | gcry_mpi_point_t |
126 | GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, | 124 | GNUNET_CRYPTO_ecc_bin_to_point(struct GNUNET_CRYPTO_EccDlogContext *edc, |
127 | const struct GNUNET_CRYPTO_EccPoint *bin) | 125 | const struct GNUNET_CRYPTO_EccPoint *bin) |
128 | { | 126 | { |
129 | gcry_sexp_t pub_sexpr; | 127 | gcry_sexp_t pub_sexpr; |
130 | gcry_ctx_t ctx; | 128 | gcry_ctx_t ctx; |
131 | gcry_mpi_point_t q; | 129 | gcry_mpi_point_t q; |
132 | 130 | ||
133 | (void) edc; | 131 | (void)edc; |
134 | if (0 != gcry_sexp_build (&pub_sexpr, NULL, | 132 | if (0 != gcry_sexp_build(&pub_sexpr, NULL, |
135 | "(public-key(ecc(curve " CURVE ")(q %b)))", | 133 | "(public-key(ecc(curve " CURVE ")(q %b)))", |
136 | (int) sizeof (bin->q_y), | 134 | (int)sizeof(bin->q_y), |
137 | bin->q_y)) | 135 | bin->q_y)) |
138 | { | 136 | { |
139 | GNUNET_break (0); | 137 | GNUNET_break(0); |
140 | return NULL; | 138 | return NULL; |
141 | } | 139 | } |
142 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); | 140 | GNUNET_assert(0 == gcry_mpi_ec_new(&ctx, pub_sexpr, NULL)); |
143 | gcry_sexp_release (pub_sexpr); | 141 | gcry_sexp_release(pub_sexpr); |
144 | q = gcry_mpi_ec_get_point ("q", ctx, 0); | 142 | q = gcry_mpi_ec_get_point("q", ctx, 0); |
145 | gcry_ctx_release (ctx); | 143 | gcry_ctx_release(ctx); |
146 | return q; | 144 | return q; |
147 | } | 145 | } |
148 | 146 | ||
@@ -155,11 +153,11 @@ GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
155 | * @return NULL on error | 153 | * @return NULL on error |
156 | */ | 154 | */ |
157 | struct GNUNET_CRYPTO_EccDlogContext * | 155 | struct GNUNET_CRYPTO_EccDlogContext * |
158 | GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, | 156 | GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max, |
159 | unsigned int mem) | 157 | unsigned int mem) |
160 | { | 158 | { |
161 | struct GNUNET_CRYPTO_EccDlogContext *edc; | 159 | struct GNUNET_CRYPTO_EccDlogContext *edc; |
162 | unsigned int K = ((max + (mem-1)) / mem); | 160 | unsigned int K = ((max + (mem - 1)) / mem); |
163 | gcry_mpi_point_t g; | 161 | gcry_mpi_point_t g; |
164 | struct GNUNET_PeerIdentity key; | 162 | struct GNUNET_PeerIdentity key; |
165 | gcry_mpi_point_t gKi; | 163 | gcry_mpi_point_t gKi; |
@@ -167,50 +165,50 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, | |||
167 | gcry_mpi_t n; | 165 | gcry_mpi_t n; |
168 | unsigned int i; | 166 | unsigned int i; |
169 | 167 | ||
170 | GNUNET_assert (max < INT32_MAX); | 168 | GNUNET_assert(max < INT32_MAX); |
171 | edc = GNUNET_new (struct GNUNET_CRYPTO_EccDlogContext); | 169 | edc = GNUNET_new(struct GNUNET_CRYPTO_EccDlogContext); |
172 | edc->max = max; | 170 | edc->max = max; |
173 | edc->mem = mem; | 171 | edc->mem = mem; |
174 | 172 | ||
175 | edc->map = GNUNET_CONTAINER_multipeermap_create (mem * 2, | 173 | edc->map = GNUNET_CONTAINER_multipeermap_create(mem * 2, |
176 | GNUNET_NO); | 174 | GNUNET_NO); |
177 | 175 | ||
178 | GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx, | 176 | GNUNET_assert(0 == gcry_mpi_ec_new(&edc->ctx, |
179 | NULL, | 177 | NULL, |
180 | CURVE)); | 178 | CURVE)); |
181 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); | 179 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); |
182 | GNUNET_assert (NULL != g); | 180 | GNUNET_assert(NULL != g); |
183 | fact = gcry_mpi_new (0); | 181 | fact = gcry_mpi_new(0); |
184 | gKi = gcry_mpi_point_new (0); | 182 | gKi = gcry_mpi_point_new(0); |
185 | for (i=0;i<=mem;i++) | 183 | for (i = 0; i <= mem; i++) |
186 | { | 184 | { |
187 | gcry_mpi_set_ui (fact, i * K); | 185 | gcry_mpi_set_ui(fact, i * K); |
188 | gcry_mpi_ec_mul (gKi, fact, g, edc->ctx); | 186 | gcry_mpi_ec_mul(gKi, fact, g, edc->ctx); |
189 | extract_pk (gKi, edc->ctx, &key); | 187 | extract_pk(gKi, edc->ctx, &key); |
190 | GNUNET_assert (GNUNET_OK == | 188 | GNUNET_assert(GNUNET_OK == |
191 | GNUNET_CONTAINER_multipeermap_put (edc->map, | 189 | GNUNET_CONTAINER_multipeermap_put(edc->map, |
192 | &key, | 190 | &key, |
193 | (void*) (long) i + max, | 191 | (void*)(long)i + max, |
194 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | 192 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); |
195 | } | 193 | } |
196 | /* negative values */ | 194 | /* negative values */ |
197 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); | 195 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); |
198 | for (i=1;i<mem;i++) | 196 | for (i = 1; i < mem; i++) |
199 | { | 197 | { |
200 | gcry_mpi_set_ui (fact, i * K); | 198 | gcry_mpi_set_ui(fact, i * K); |
201 | gcry_mpi_sub (fact, n, fact); | 199 | gcry_mpi_sub(fact, n, fact); |
202 | gcry_mpi_ec_mul (gKi, fact, g, edc->ctx); | 200 | gcry_mpi_ec_mul(gKi, fact, g, edc->ctx); |
203 | extract_pk (gKi, edc->ctx, &key); | 201 | extract_pk(gKi, edc->ctx, &key); |
204 | GNUNET_assert (GNUNET_OK == | 202 | GNUNET_assert(GNUNET_OK == |
205 | GNUNET_CONTAINER_multipeermap_put (edc->map, | 203 | GNUNET_CONTAINER_multipeermap_put(edc->map, |
206 | &key, | 204 | &key, |
207 | (void*) (long) max - i, | 205 | (void*)(long)max - i, |
208 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | 206 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); |
209 | } | 207 | } |
210 | gcry_mpi_release (fact); | 208 | gcry_mpi_release(fact); |
211 | gcry_mpi_release (n); | 209 | gcry_mpi_release(n); |
212 | gcry_mpi_point_release (gKi); | 210 | gcry_mpi_point_release(gKi); |
213 | gcry_mpi_point_release (g); | 211 | gcry_mpi_point_release(g); |
214 | return edc; | 212 | return edc; |
215 | } | 213 | } |
216 | 214 | ||
@@ -223,10 +221,10 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, | |||
223 | * @return INT_MAX if dlog failed, otherwise the factor | 221 | * @return INT_MAX if dlog failed, otherwise the factor |
224 | */ | 222 | */ |
225 | int | 223 | int |
226 | GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, | 224 | GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc, |
227 | gcry_mpi_point_t input) | 225 | gcry_mpi_point_t input) |
228 | { | 226 | { |
229 | unsigned int K = ((edc->max + (edc->mem-1)) / edc->mem); | 227 | unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem); |
230 | gcry_mpi_point_t g; | 228 | gcry_mpi_point_t g; |
231 | struct GNUNET_PeerIdentity key; | 229 | struct GNUNET_PeerIdentity key; |
232 | gcry_mpi_point_t q; | 230 | gcry_mpi_point_t q; |
@@ -234,36 +232,36 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
234 | int res; | 232 | int res; |
235 | void *retp; | 233 | void *retp; |
236 | 234 | ||
237 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); | 235 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); |
238 | GNUNET_assert (NULL != g); | 236 | GNUNET_assert(NULL != g); |
239 | q = gcry_mpi_point_new (0); | 237 | q = gcry_mpi_point_new(0); |
240 | 238 | ||
241 | res = INT_MAX; | 239 | res = INT_MAX; |
242 | for (i=0;i<=edc->max/edc->mem;i++) | 240 | for (i = 0; i <= edc->max / edc->mem; i++) |
243 | { | ||
244 | if (0 == i) | ||
245 | extract_pk (input, edc->ctx, &key); | ||
246 | else | ||
247 | extract_pk (q, edc->ctx, &key); | ||
248 | retp = GNUNET_CONTAINER_multipeermap_get (edc->map, | ||
249 | &key); | ||
250 | if (NULL != retp) | ||
251 | { | 241 | { |
252 | res = (((long) retp) - edc->max) * K - i; | 242 | if (0 == i) |
253 | /* we continue the loop here to make the implementation | 243 | extract_pk(input, edc->ctx, &key); |
254 | "constant-time". If we do not care about this, we could just | 244 | else |
255 | 'break' here and do fewer operations... */ | 245 | extract_pk(q, edc->ctx, &key); |
246 | retp = GNUNET_CONTAINER_multipeermap_get(edc->map, | ||
247 | &key); | ||
248 | if (NULL != retp) | ||
249 | { | ||
250 | res = (((long)retp) - edc->max) * K - i; | ||
251 | /* we continue the loop here to make the implementation | ||
252 | "constant-time". If we do not care about this, we could just | ||
253 | 'break' here and do fewer operations... */ | ||
254 | } | ||
255 | if (i == edc->max / edc->mem) | ||
256 | break; | ||
257 | /* q = q + g */ | ||
258 | if (0 == i) | ||
259 | gcry_mpi_ec_add(q, input, g, edc->ctx); | ||
260 | else | ||
261 | gcry_mpi_ec_add(q, q, g, edc->ctx); | ||
256 | } | 262 | } |
257 | if (i == edc->max/edc->mem) | 263 | gcry_mpi_point_release(g); |
258 | break; | 264 | gcry_mpi_point_release(q); |
259 | /* q = q + g */ | ||
260 | if (0 == i) | ||
261 | gcry_mpi_ec_add (q, input, g, edc->ctx); | ||
262 | else | ||
263 | gcry_mpi_ec_add (q, q, g, edc->ctx); | ||
264 | } | ||
265 | gcry_mpi_point_release (g); | ||
266 | gcry_mpi_point_release (q); | ||
267 | 265 | ||
268 | return res; | 266 | return res; |
269 | } | 267 | } |
@@ -276,29 +274,30 @@ GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
276 | * @return random value mod n. | 274 | * @return random value mod n. |
277 | */ | 275 | */ |
278 | gcry_mpi_t | 276 | gcry_mpi_t |
279 | GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc) | 277 | GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc) |
280 | { | 278 | { |
281 | gcry_mpi_t n; | 279 | gcry_mpi_t n; |
282 | unsigned int highbit; | 280 | unsigned int highbit; |
283 | gcry_mpi_t r; | 281 | gcry_mpi_t r; |
284 | 282 | ||
285 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); | 283 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); |
286 | 284 | ||
287 | /* check public key for number of bits, bail out if key is all zeros */ | 285 | /* check public key for number of bits, bail out if key is all zeros */ |
288 | highbit = 256; /* Curve25519 */ | 286 | highbit = 256; /* Curve25519 */ |
289 | while ( (! gcry_mpi_test_bit (n, highbit)) && | 287 | while ((!gcry_mpi_test_bit(n, highbit)) && |
290 | (0 != highbit) ) | 288 | (0 != highbit)) |
291 | highbit--; | 289 | highbit--; |
292 | GNUNET_assert (0 != highbit); | 290 | GNUNET_assert(0 != highbit); |
293 | /* generate fact < n (without bias) */ | 291 | /* generate fact < n (without bias) */ |
294 | GNUNET_assert (NULL != (r = gcry_mpi_new (0))); | 292 | GNUNET_assert(NULL != (r = gcry_mpi_new(0))); |
295 | do { | 293 | do |
296 | gcry_mpi_randomize (r, | 294 | { |
297 | highbit + 1, | 295 | gcry_mpi_randomize(r, |
298 | GCRY_STRONG_RANDOM); | 296 | highbit + 1, |
299 | } | 297 | GCRY_STRONG_RANDOM); |
300 | while (gcry_mpi_cmp (r, n) >= 0); | 298 | } |
301 | gcry_mpi_release (n); | 299 | while (gcry_mpi_cmp(r, n) >= 0); |
300 | gcry_mpi_release(n); | ||
302 | return r; | 301 | return r; |
303 | } | 302 | } |
304 | 303 | ||
@@ -309,11 +308,11 @@ GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc) | |||
309 | * @param edc dlog context | 308 | * @param edc dlog context |
310 | */ | 309 | */ |
311 | void | 310 | void |
312 | GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc) | 311 | GNUNET_CRYPTO_ecc_dlog_release(struct GNUNET_CRYPTO_EccDlogContext *edc) |
313 | { | 312 | { |
314 | gcry_ctx_release (edc->ctx); | 313 | gcry_ctx_release(edc->ctx); |
315 | GNUNET_CONTAINER_multipeermap_destroy (edc->map); | 314 | GNUNET_CONTAINER_multipeermap_destroy(edc->map); |
316 | GNUNET_free (edc); | 315 | GNUNET_free(edc); |
317 | } | 316 | } |
318 | 317 | ||
319 | 318 | ||
@@ -331,32 +330,32 @@ GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc) | |||
331 | * must be freed using #GNUNET_CRYPTO_ecc_free() | 330 | * must be freed using #GNUNET_CRYPTO_ecc_free() |
332 | */ | 331 | */ |
333 | gcry_mpi_point_t | 332 | gcry_mpi_point_t |
334 | GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, | 333 | GNUNET_CRYPTO_ecc_dexp(struct GNUNET_CRYPTO_EccDlogContext *edc, |
335 | int val) | 334 | int val) |
336 | { | 335 | { |
337 | gcry_mpi_t fact; | 336 | gcry_mpi_t fact; |
338 | gcry_mpi_t n; | 337 | gcry_mpi_t n; |
339 | gcry_mpi_point_t g; | 338 | gcry_mpi_point_t g; |
340 | gcry_mpi_point_t r; | 339 | gcry_mpi_point_t r; |
341 | 340 | ||
342 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); | 341 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); |
343 | GNUNET_assert (NULL != g); | 342 | GNUNET_assert(NULL != g); |
344 | fact = gcry_mpi_new (0); | 343 | fact = gcry_mpi_new(0); |
345 | if (val < 0) | 344 | if (val < 0) |
346 | { | 345 | { |
347 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); | 346 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); |
348 | gcry_mpi_set_ui (fact, - val); | 347 | gcry_mpi_set_ui(fact, -val); |
349 | gcry_mpi_sub (fact, n, fact); | 348 | gcry_mpi_sub(fact, n, fact); |
350 | gcry_mpi_release (n); | 349 | gcry_mpi_release(n); |
351 | } | 350 | } |
352 | else | 351 | else |
353 | { | 352 | { |
354 | gcry_mpi_set_ui (fact, val); | 353 | gcry_mpi_set_ui(fact, val); |
355 | } | 354 | } |
356 | r = gcry_mpi_point_new (0); | 355 | r = gcry_mpi_point_new(0); |
357 | gcry_mpi_ec_mul (r, fact, g, edc->ctx); | 356 | gcry_mpi_ec_mul(r, fact, g, edc->ctx); |
358 | gcry_mpi_release (fact); | 357 | gcry_mpi_release(fact); |
359 | gcry_mpi_point_release (g); | 358 | gcry_mpi_point_release(g); |
360 | return r; | 359 | return r; |
361 | } | 360 | } |
362 | 361 | ||
@@ -371,17 +370,17 @@ GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
371 | * must be freed using #GNUNET_CRYPTO_ecc_free() | 370 | * must be freed using #GNUNET_CRYPTO_ecc_free() |
372 | */ | 371 | */ |
373 | gcry_mpi_point_t | 372 | gcry_mpi_point_t |
374 | GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, | 373 | GNUNET_CRYPTO_ecc_dexp_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, |
375 | gcry_mpi_t val) | 374 | gcry_mpi_t val) |
376 | { | 375 | { |
377 | gcry_mpi_point_t g; | 376 | gcry_mpi_point_t g; |
378 | gcry_mpi_point_t r; | 377 | gcry_mpi_point_t r; |
379 | 378 | ||
380 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); | 379 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); |
381 | GNUNET_assert (NULL != g); | 380 | GNUNET_assert(NULL != g); |
382 | r = gcry_mpi_point_new (0); | 381 | r = gcry_mpi_point_new(0); |
383 | gcry_mpi_ec_mul (r, val, g, edc->ctx); | 382 | gcry_mpi_ec_mul(r, val, g, edc->ctx); |
384 | gcry_mpi_point_release (g); | 383 | gcry_mpi_point_release(g); |
385 | return r; | 384 | return r; |
386 | } | 385 | } |
387 | 386 | ||
@@ -395,14 +394,14 @@ GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
395 | * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free() | 394 | * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free() |
396 | */ | 395 | */ |
397 | gcry_mpi_point_t | 396 | gcry_mpi_point_t |
398 | GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, | 397 | GNUNET_CRYPTO_ecc_add(struct GNUNET_CRYPTO_EccDlogContext *edc, |
399 | gcry_mpi_point_t a, | 398 | gcry_mpi_point_t a, |
400 | gcry_mpi_point_t b) | 399 | gcry_mpi_point_t b) |
401 | { | 400 | { |
402 | gcry_mpi_point_t r; | 401 | gcry_mpi_point_t r; |
403 | 402 | ||
404 | r = gcry_mpi_point_new (0); | 403 | r = gcry_mpi_point_new(0); |
405 | gcry_mpi_ec_add (r, a, b, edc->ctx); | 404 | gcry_mpi_ec_add(r, a, b, edc->ctx); |
406 | return r; | 405 | return r; |
407 | } | 406 | } |
408 | 407 | ||
@@ -417,14 +416,14 @@ GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
417 | * must be freed using #GNUNET_CRYPTO_ecc_free() | 416 | * must be freed using #GNUNET_CRYPTO_ecc_free() |
418 | */ | 417 | */ |
419 | gcry_mpi_point_t | 418 | gcry_mpi_point_t |
420 | GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, | 419 | GNUNET_CRYPTO_ecc_pmul_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, |
421 | gcry_mpi_point_t p, | 420 | gcry_mpi_point_t p, |
422 | gcry_mpi_t val) | 421 | gcry_mpi_t val) |
423 | { | 422 | { |
424 | gcry_mpi_point_t r; | 423 | gcry_mpi_point_t r; |
425 | 424 | ||
426 | r = gcry_mpi_point_new (0); | 425 | r = gcry_mpi_point_new(0); |
427 | gcry_mpi_ec_mul (r, val, p, edc->ctx); | 426 | gcry_mpi_ec_mul(r, val, p, edc->ctx); |
428 | return r; | 427 | return r; |
429 | } | 428 | } |
430 | 429 | ||
@@ -439,31 +438,31 @@ GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
439 | * @param[out] r_inv set to the additive inverse of @a r | 438 | * @param[out] r_inv set to the additive inverse of @a r |
440 | */ | 439 | */ |
441 | void | 440 | void |
442 | GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, | 441 | GNUNET_CRYPTO_ecc_rnd(struct GNUNET_CRYPTO_EccDlogContext *edc, |
443 | gcry_mpi_point_t *r, | 442 | gcry_mpi_point_t *r, |
444 | gcry_mpi_point_t *r_inv) | 443 | gcry_mpi_point_t *r_inv) |
445 | { | 444 | { |
446 | gcry_mpi_t fact; | 445 | gcry_mpi_t fact; |
447 | gcry_mpi_t n; | 446 | gcry_mpi_t n; |
448 | gcry_mpi_point_t g; | 447 | gcry_mpi_point_t g; |
449 | 448 | ||
450 | fact = GNUNET_CRYPTO_ecc_random_mod_n (edc); | 449 | fact = GNUNET_CRYPTO_ecc_random_mod_n(edc); |
451 | 450 | ||
452 | /* calculate 'r' */ | 451 | /* calculate 'r' */ |
453 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); | 452 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); |
454 | GNUNET_assert (NULL != g); | 453 | GNUNET_assert(NULL != g); |
455 | *r = gcry_mpi_point_new (0); | 454 | *r = gcry_mpi_point_new(0); |
456 | gcry_mpi_ec_mul (*r, fact, g, edc->ctx); | 455 | gcry_mpi_ec_mul(*r, fact, g, edc->ctx); |
457 | 456 | ||
458 | /* calculate 'r_inv' */ | 457 | /* calculate 'r_inv' */ |
459 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); | 458 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); |
460 | gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */ | 459 | gcry_mpi_sub(fact, n, fact); /* fact = n - fact = - fact */ |
461 | *r_inv = gcry_mpi_point_new (0); | 460 | *r_inv = gcry_mpi_point_new(0); |
462 | gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx); | 461 | gcry_mpi_ec_mul(*r_inv, fact, g, edc->ctx); |
463 | 462 | ||
464 | gcry_mpi_release (n); | 463 | gcry_mpi_release(n); |
465 | gcry_mpi_release (fact); | 464 | gcry_mpi_release(fact); |
466 | gcry_mpi_point_release (g); | 465 | gcry_mpi_point_release(g); |
467 | } | 466 | } |
468 | 467 | ||
469 | 468 | ||
@@ -476,17 +475,17 @@ GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
476 | * @param[out] r_inv set to the multiplicative inverse of @a r | 475 | * @param[out] r_inv set to the multiplicative inverse of @a r |
477 | */ | 476 | */ |
478 | void | 477 | void |
479 | GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, | 478 | GNUNET_CRYPTO_ecc_rnd_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, |
480 | gcry_mpi_t *r, | 479 | gcry_mpi_t *r, |
481 | gcry_mpi_t *r_inv) | 480 | gcry_mpi_t *r_inv) |
482 | { | 481 | { |
483 | gcry_mpi_t n; | 482 | gcry_mpi_t n; |
484 | 483 | ||
485 | *r = GNUNET_CRYPTO_ecc_random_mod_n (edc); | 484 | *r = GNUNET_CRYPTO_ecc_random_mod_n(edc); |
486 | /* r_inv = n - r = - r */ | 485 | /* r_inv = n - r = - r */ |
487 | *r_inv = gcry_mpi_new (0); | 486 | *r_inv = gcry_mpi_new(0); |
488 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); | 487 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); |
489 | gcry_mpi_sub (*r_inv, n, *r); | 488 | gcry_mpi_sub(*r_inv, n, *r); |
490 | } | 489 | } |
491 | 490 | ||
492 | 491 | ||
@@ -496,9 +495,9 @@ GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
496 | * @param p point to free | 495 | * @param p point to free |
497 | */ | 496 | */ |
498 | void | 497 | void |
499 | GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p) | 498 | GNUNET_CRYPTO_ecc_free(gcry_mpi_point_t p) |
500 | { | 499 | { |
501 | gcry_mpi_point_release (p); | 500 | gcry_mpi_point_release(p); |
502 | } | 501 | } |
503 | 502 | ||
504 | 503 | ||