diff options
Diffstat (limited to 'src/util/crypto_ecc_dlog.c')
-rw-r--r-- | src/util/crypto_ecc_dlog.c | 349 |
1 files changed, 175 insertions, 174 deletions
diff --git a/src/util/crypto_ecc_dlog.c b/src/util/crypto_ecc_dlog.c index 8b4344b25..6b0dc3503 100644 --- a/src/util/crypto_ecc_dlog.c +++ b/src/util/crypto_ecc_dlog.c | |||
@@ -44,26 +44,27 @@ | |||
44 | * | 44 | * |
45 | */ | 45 | */ |
46 | static void | 46 | static void |
47 | extract_pk(gcry_mpi_point_t pt, | 47 | extract_pk (gcry_mpi_point_t pt, |
48 | gcry_ctx_t ctx, | 48 | gcry_ctx_t ctx, |
49 | struct GNUNET_PeerIdentity *pid) | 49 | struct GNUNET_PeerIdentity *pid) |
50 | { | 50 | { |
51 | gcry_mpi_t q_y; | 51 | gcry_mpi_t q_y; |
52 | 52 | ||
53 | GNUNET_assert(0 == gcry_mpi_ec_set_point("q", pt, ctx)); | 53 | GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", pt, ctx)); |
54 | q_y = gcry_mpi_ec_get_mpi("q@eddsa", ctx, 0); | 54 | q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); |
55 | GNUNET_assert(q_y); | 55 | GNUNET_assert (q_y); |
56 | GNUNET_CRYPTO_mpi_print_unsigned(pid->public_key.q_y, | 56 | GNUNET_CRYPTO_mpi_print_unsigned (pid->public_key.q_y, |
57 | sizeof(pid->public_key.q_y), | 57 | sizeof(pid->public_key.q_y), |
58 | q_y); | 58 | q_y); |
59 | gcry_mpi_release(q_y); | 59 | gcry_mpi_release (q_y); |
60 | } | 60 | } |
61 | 61 | ||
62 | 62 | ||
63 | /** | 63 | /** |
64 | * Internal structure used to cache pre-calculated values for DLOG calculation. | 64 | * Internal structure used to cache pre-calculated values for DLOG calculation. |
65 | */ | 65 | */ |
66 | struct GNUNET_CRYPTO_EccDlogContext { | 66 | struct GNUNET_CRYPTO_EccDlogContext |
67 | { | ||
67 | /** | 68 | /** |
68 | * Maximum absolute value the calculation supports. | 69 | * Maximum absolute value the calculation supports. |
69 | */ | 70 | */ |
@@ -97,19 +98,19 @@ struct GNUNET_CRYPTO_EccDlogContext { | |||
97 | * @param[out] bin binary point representation | 98 | * @param[out] bin binary point representation |
98 | */ | 99 | */ |
99 | void | 100 | void |
100 | GNUNET_CRYPTO_ecc_point_to_bin(struct GNUNET_CRYPTO_EccDlogContext *edc, | 101 | GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, |
101 | gcry_mpi_point_t point, | 102 | gcry_mpi_point_t point, |
102 | struct GNUNET_CRYPTO_EccPoint *bin) | 103 | struct GNUNET_CRYPTO_EccPoint *bin) |
103 | { | 104 | { |
104 | gcry_mpi_t q_y; | 105 | gcry_mpi_t q_y; |
105 | 106 | ||
106 | GNUNET_assert(0 == gcry_mpi_ec_set_point("q", point, edc->ctx)); | 107 | GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx)); |
107 | q_y = gcry_mpi_ec_get_mpi("q@eddsa", edc->ctx, 0); | 108 | q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0); |
108 | GNUNET_assert(q_y); | 109 | GNUNET_assert (q_y); |
109 | GNUNET_CRYPTO_mpi_print_unsigned(bin->q_y, | 110 | GNUNET_CRYPTO_mpi_print_unsigned (bin->q_y, |
110 | sizeof(bin->q_y), | 111 | sizeof(bin->q_y), |
111 | q_y); | 112 | q_y); |
112 | gcry_mpi_release(q_y); | 113 | gcry_mpi_release (q_y); |
113 | } | 114 | } |
114 | 115 | ||
115 | 116 | ||
@@ -121,26 +122,26 @@ GNUNET_CRYPTO_ecc_point_to_bin(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
121 | * @return computational representation | 122 | * @return computational representation |
122 | */ | 123 | */ |
123 | gcry_mpi_point_t | 124 | gcry_mpi_point_t |
124 | GNUNET_CRYPTO_ecc_bin_to_point(struct GNUNET_CRYPTO_EccDlogContext *edc, | 125 | GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, |
125 | const struct GNUNET_CRYPTO_EccPoint *bin) | 126 | const struct GNUNET_CRYPTO_EccPoint *bin) |
126 | { | 127 | { |
127 | gcry_sexp_t pub_sexpr; | 128 | gcry_sexp_t pub_sexpr; |
128 | gcry_ctx_t ctx; | 129 | gcry_ctx_t ctx; |
129 | gcry_mpi_point_t q; | 130 | gcry_mpi_point_t q; |
130 | 131 | ||
131 | (void)edc; | 132 | (void) edc; |
132 | if (0 != gcry_sexp_build(&pub_sexpr, NULL, | 133 | if (0 != gcry_sexp_build (&pub_sexpr, NULL, |
133 | "(public-key(ecc(curve " CURVE ")(q %b)))", | 134 | "(public-key(ecc(curve " CURVE ")(q %b)))", |
134 | (int)sizeof(bin->q_y), | 135 | (int) sizeof(bin->q_y), |
135 | bin->q_y)) | 136 | bin->q_y)) |
136 | { | 137 | { |
137 | GNUNET_break(0); | 138 | GNUNET_break (0); |
138 | return NULL; | 139 | return NULL; |
139 | } | 140 | } |
140 | GNUNET_assert(0 == gcry_mpi_ec_new(&ctx, pub_sexpr, NULL)); | 141 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); |
141 | gcry_sexp_release(pub_sexpr); | 142 | gcry_sexp_release (pub_sexpr); |
142 | q = gcry_mpi_ec_get_point("q", ctx, 0); | 143 | q = gcry_mpi_ec_get_point ("q", ctx, 0); |
143 | gcry_ctx_release(ctx); | 144 | gcry_ctx_release (ctx); |
144 | return q; | 145 | return q; |
145 | } | 146 | } |
146 | 147 | ||
@@ -153,8 +154,8 @@ GNUNET_CRYPTO_ecc_bin_to_point(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
153 | * @return NULL on error | 154 | * @return NULL on error |
154 | */ | 155 | */ |
155 | struct GNUNET_CRYPTO_EccDlogContext * | 156 | struct GNUNET_CRYPTO_EccDlogContext * |
156 | GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max, | 157 | GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, |
157 | unsigned int mem) | 158 | unsigned int mem) |
158 | { | 159 | { |
159 | struct GNUNET_CRYPTO_EccDlogContext *edc; | 160 | struct GNUNET_CRYPTO_EccDlogContext *edc; |
160 | unsigned int K = ((max + (mem - 1)) / mem); | 161 | unsigned int K = ((max + (mem - 1)) / mem); |
@@ -165,50 +166,50 @@ GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max, | |||
165 | gcry_mpi_t n; | 166 | gcry_mpi_t n; |
166 | unsigned int i; | 167 | unsigned int i; |
167 | 168 | ||
168 | GNUNET_assert(max < INT32_MAX); | 169 | GNUNET_assert (max < INT32_MAX); |
169 | edc = GNUNET_new(struct GNUNET_CRYPTO_EccDlogContext); | 170 | edc = GNUNET_new (struct GNUNET_CRYPTO_EccDlogContext); |
170 | edc->max = max; | 171 | edc->max = max; |
171 | edc->mem = mem; | 172 | edc->mem = mem; |
172 | 173 | ||
173 | edc->map = GNUNET_CONTAINER_multipeermap_create(mem * 2, | 174 | edc->map = GNUNET_CONTAINER_multipeermap_create (mem * 2, |
174 | GNUNET_NO); | 175 | GNUNET_NO); |
175 | 176 | ||
176 | GNUNET_assert(0 == gcry_mpi_ec_new(&edc->ctx, | 177 | GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx, |
177 | NULL, | 178 | NULL, |
178 | CURVE)); | 179 | CURVE)); |
179 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); | 180 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); |
180 | GNUNET_assert(NULL != g); | 181 | GNUNET_assert (NULL != g); |
181 | fact = gcry_mpi_new(0); | 182 | fact = gcry_mpi_new (0); |
182 | gKi = gcry_mpi_point_new(0); | 183 | gKi = gcry_mpi_point_new (0); |
183 | for (i = 0; i <= mem; i++) | 184 | for (i = 0; i <= mem; i++) |
184 | { | 185 | { |
185 | gcry_mpi_set_ui(fact, i * K); | 186 | gcry_mpi_set_ui (fact, i * K); |
186 | gcry_mpi_ec_mul(gKi, fact, g, edc->ctx); | 187 | gcry_mpi_ec_mul (gKi, fact, g, edc->ctx); |
187 | extract_pk(gKi, edc->ctx, &key); | 188 | extract_pk (gKi, edc->ctx, &key); |
188 | GNUNET_assert(GNUNET_OK == | 189 | GNUNET_assert (GNUNET_OK == |
189 | GNUNET_CONTAINER_multipeermap_put(edc->map, | 190 | GNUNET_CONTAINER_multipeermap_put (edc->map, |
190 | &key, | 191 | &key, |
191 | (void*)(long)i + max, | 192 | (void*) (long) i + max, |
192 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | 193 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); |
193 | } | 194 | } |
194 | /* negative values */ | 195 | /* negative values */ |
195 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); | 196 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); |
196 | for (i = 1; i < mem; i++) | 197 | for (i = 1; i < mem; i++) |
197 | { | 198 | { |
198 | gcry_mpi_set_ui(fact, i * K); | 199 | gcry_mpi_set_ui (fact, i * K); |
199 | gcry_mpi_sub(fact, n, fact); | 200 | gcry_mpi_sub (fact, n, fact); |
200 | gcry_mpi_ec_mul(gKi, fact, g, edc->ctx); | 201 | gcry_mpi_ec_mul (gKi, fact, g, edc->ctx); |
201 | extract_pk(gKi, edc->ctx, &key); | 202 | extract_pk (gKi, edc->ctx, &key); |
202 | GNUNET_assert(GNUNET_OK == | 203 | GNUNET_assert (GNUNET_OK == |
203 | GNUNET_CONTAINER_multipeermap_put(edc->map, | 204 | GNUNET_CONTAINER_multipeermap_put (edc->map, |
204 | &key, | 205 | &key, |
205 | (void*)(long)max - i, | 206 | (void*) (long) max - i, |
206 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | 207 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); |
207 | } | 208 | } |
208 | gcry_mpi_release(fact); | 209 | gcry_mpi_release (fact); |
209 | gcry_mpi_release(n); | 210 | gcry_mpi_release (n); |
210 | gcry_mpi_point_release(gKi); | 211 | gcry_mpi_point_release (gKi); |
211 | gcry_mpi_point_release(g); | 212 | gcry_mpi_point_release (g); |
212 | return edc; | 213 | return edc; |
213 | } | 214 | } |
214 | 215 | ||
@@ -221,8 +222,8 @@ GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max, | |||
221 | * @return INT_MAX if dlog failed, otherwise the factor | 222 | * @return INT_MAX if dlog failed, otherwise the factor |
222 | */ | 223 | */ |
223 | int | 224 | int |
224 | GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc, | 225 | GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, |
225 | gcry_mpi_point_t input) | 226 | gcry_mpi_point_t input) |
226 | { | 227 | { |
227 | unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem); | 228 | unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem); |
228 | gcry_mpi_point_t g; | 229 | gcry_mpi_point_t g; |
@@ -232,36 +233,36 @@ GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
232 | int res; | 233 | int res; |
233 | void *retp; | 234 | void *retp; |
234 | 235 | ||
235 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); | 236 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); |
236 | GNUNET_assert(NULL != g); | 237 | GNUNET_assert (NULL != g); |
237 | q = gcry_mpi_point_new(0); | 238 | q = gcry_mpi_point_new (0); |
238 | 239 | ||
239 | res = INT_MAX; | 240 | res = INT_MAX; |
240 | for (i = 0; i <= edc->max / edc->mem; i++) | 241 | for (i = 0; i <= edc->max / edc->mem; i++) |
242 | { | ||
243 | if (0 == i) | ||
244 | extract_pk (input, edc->ctx, &key); | ||
245 | else | ||
246 | extract_pk (q, edc->ctx, &key); | ||
247 | retp = GNUNET_CONTAINER_multipeermap_get (edc->map, | ||
248 | &key); | ||
249 | if (NULL != retp) | ||
241 | { | 250 | { |
242 | if (0 == i) | 251 | res = (((long) retp) - edc->max) * K - i; |
243 | extract_pk(input, edc->ctx, &key); | 252 | /* we continue the loop here to make the implementation |
244 | else | 253 | "constant-time". If we do not care about this, we could just |
245 | extract_pk(q, edc->ctx, &key); | 254 | 'break' here and do fewer operations... */ |
246 | retp = GNUNET_CONTAINER_multipeermap_get(edc->map, | ||
247 | &key); | ||
248 | if (NULL != retp) | ||
249 | { | ||
250 | res = (((long)retp) - edc->max) * K - i; | ||
251 | /* we continue the loop here to make the implementation | ||
252 | "constant-time". If we do not care about this, we could just | ||
253 | 'break' here and do fewer operations... */ | ||
254 | } | ||
255 | if (i == edc->max / edc->mem) | ||
256 | break; | ||
257 | /* q = q + g */ | ||
258 | if (0 == i) | ||
259 | gcry_mpi_ec_add(q, input, g, edc->ctx); | ||
260 | else | ||
261 | gcry_mpi_ec_add(q, q, g, edc->ctx); | ||
262 | } | 255 | } |
263 | gcry_mpi_point_release(g); | 256 | if (i == edc->max / edc->mem) |
264 | gcry_mpi_point_release(q); | 257 | break; |
258 | /* q = q + g */ | ||
259 | if (0 == i) | ||
260 | gcry_mpi_ec_add (q, input, g, edc->ctx); | ||
261 | else | ||
262 | gcry_mpi_ec_add (q, q, g, edc->ctx); | ||
263 | } | ||
264 | gcry_mpi_point_release (g); | ||
265 | gcry_mpi_point_release (q); | ||
265 | 266 | ||
266 | return res; | 267 | return res; |
267 | } | 268 | } |
@@ -274,30 +275,30 @@ GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
274 | * @return random value mod n. | 275 | * @return random value mod n. |
275 | */ | 276 | */ |
276 | gcry_mpi_t | 277 | gcry_mpi_t |
277 | GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc) | 278 | GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc) |
278 | { | 279 | { |
279 | gcry_mpi_t n; | 280 | gcry_mpi_t n; |
280 | unsigned int highbit; | 281 | unsigned int highbit; |
281 | gcry_mpi_t r; | 282 | gcry_mpi_t r; |
282 | 283 | ||
283 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); | 284 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); |
284 | 285 | ||
285 | /* check public key for number of bits, bail out if key is all zeros */ | 286 | /* check public key for number of bits, bail out if key is all zeros */ |
286 | highbit = 256; /* Curve25519 */ | 287 | highbit = 256; /* Curve25519 */ |
287 | while ((!gcry_mpi_test_bit(n, highbit)) && | 288 | while ((! gcry_mpi_test_bit (n, highbit)) && |
288 | (0 != highbit)) | 289 | (0 != highbit)) |
289 | highbit--; | 290 | highbit--; |
290 | GNUNET_assert(0 != highbit); | 291 | GNUNET_assert (0 != highbit); |
291 | /* generate fact < n (without bias) */ | 292 | /* generate fact < n (without bias) */ |
292 | GNUNET_assert(NULL != (r = gcry_mpi_new(0))); | 293 | GNUNET_assert (NULL != (r = gcry_mpi_new (0))); |
293 | do | 294 | do |
294 | { | 295 | { |
295 | gcry_mpi_randomize(r, | 296 | gcry_mpi_randomize (r, |
296 | highbit + 1, | 297 | highbit + 1, |
297 | GCRY_STRONG_RANDOM); | 298 | GCRY_STRONG_RANDOM); |
298 | } | 299 | } |
299 | while (gcry_mpi_cmp(r, n) >= 0); | 300 | while (gcry_mpi_cmp (r, n) >= 0); |
300 | gcry_mpi_release(n); | 301 | gcry_mpi_release (n); |
301 | return r; | 302 | return r; |
302 | } | 303 | } |
303 | 304 | ||
@@ -308,11 +309,11 @@ GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc) | |||
308 | * @param edc dlog context | 309 | * @param edc dlog context |
309 | */ | 310 | */ |
310 | void | 311 | void |
311 | GNUNET_CRYPTO_ecc_dlog_release(struct GNUNET_CRYPTO_EccDlogContext *edc) | 312 | GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc) |
312 | { | 313 | { |
313 | gcry_ctx_release(edc->ctx); | 314 | gcry_ctx_release (edc->ctx); |
314 | GNUNET_CONTAINER_multipeermap_destroy(edc->map); | 315 | GNUNET_CONTAINER_multipeermap_destroy (edc->map); |
315 | GNUNET_free(edc); | 316 | GNUNET_free (edc); |
316 | } | 317 | } |
317 | 318 | ||
318 | 319 | ||
@@ -330,32 +331,32 @@ GNUNET_CRYPTO_ecc_dlog_release(struct GNUNET_CRYPTO_EccDlogContext *edc) | |||
330 | * must be freed using #GNUNET_CRYPTO_ecc_free() | 331 | * must be freed using #GNUNET_CRYPTO_ecc_free() |
331 | */ | 332 | */ |
332 | gcry_mpi_point_t | 333 | gcry_mpi_point_t |
333 | GNUNET_CRYPTO_ecc_dexp(struct GNUNET_CRYPTO_EccDlogContext *edc, | 334 | GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, |
334 | int val) | 335 | int val) |
335 | { | 336 | { |
336 | gcry_mpi_t fact; | 337 | gcry_mpi_t fact; |
337 | gcry_mpi_t n; | 338 | gcry_mpi_t n; |
338 | gcry_mpi_point_t g; | 339 | gcry_mpi_point_t g; |
339 | gcry_mpi_point_t r; | 340 | gcry_mpi_point_t r; |
340 | 341 | ||
341 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); | 342 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); |
342 | GNUNET_assert(NULL != g); | 343 | GNUNET_assert (NULL != g); |
343 | fact = gcry_mpi_new(0); | 344 | fact = gcry_mpi_new (0); |
344 | if (val < 0) | 345 | if (val < 0) |
345 | { | 346 | { |
346 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); | 347 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); |
347 | gcry_mpi_set_ui(fact, -val); | 348 | gcry_mpi_set_ui (fact, -val); |
348 | gcry_mpi_sub(fact, n, fact); | 349 | gcry_mpi_sub (fact, n, fact); |
349 | gcry_mpi_release(n); | 350 | gcry_mpi_release (n); |
350 | } | 351 | } |
351 | else | 352 | else |
352 | { | 353 | { |
353 | gcry_mpi_set_ui(fact, val); | 354 | gcry_mpi_set_ui (fact, val); |
354 | } | 355 | } |
355 | r = gcry_mpi_point_new(0); | 356 | r = gcry_mpi_point_new (0); |
356 | gcry_mpi_ec_mul(r, fact, g, edc->ctx); | 357 | gcry_mpi_ec_mul (r, fact, g, edc->ctx); |
357 | gcry_mpi_release(fact); | 358 | gcry_mpi_release (fact); |
358 | gcry_mpi_point_release(g); | 359 | gcry_mpi_point_release (g); |
359 | return r; | 360 | return r; |
360 | } | 361 | } |
361 | 362 | ||
@@ -370,17 +371,17 @@ GNUNET_CRYPTO_ecc_dexp(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
370 | * must be freed using #GNUNET_CRYPTO_ecc_free() | 371 | * must be freed using #GNUNET_CRYPTO_ecc_free() |
371 | */ | 372 | */ |
372 | gcry_mpi_point_t | 373 | gcry_mpi_point_t |
373 | GNUNET_CRYPTO_ecc_dexp_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, | 374 | GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, |
374 | gcry_mpi_t val) | 375 | gcry_mpi_t val) |
375 | { | 376 | { |
376 | gcry_mpi_point_t g; | 377 | gcry_mpi_point_t g; |
377 | gcry_mpi_point_t r; | 378 | gcry_mpi_point_t r; |
378 | 379 | ||
379 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); | 380 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); |
380 | GNUNET_assert(NULL != g); | 381 | GNUNET_assert (NULL != g); |
381 | r = gcry_mpi_point_new(0); | 382 | r = gcry_mpi_point_new (0); |
382 | gcry_mpi_ec_mul(r, val, g, edc->ctx); | 383 | gcry_mpi_ec_mul (r, val, g, edc->ctx); |
383 | gcry_mpi_point_release(g); | 384 | gcry_mpi_point_release (g); |
384 | return r; | 385 | return r; |
385 | } | 386 | } |
386 | 387 | ||
@@ -394,14 +395,14 @@ GNUNET_CRYPTO_ecc_dexp_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
394 | * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free() | 395 | * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free() |
395 | */ | 396 | */ |
396 | gcry_mpi_point_t | 397 | gcry_mpi_point_t |
397 | GNUNET_CRYPTO_ecc_add(struct GNUNET_CRYPTO_EccDlogContext *edc, | 398 | GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, |
398 | gcry_mpi_point_t a, | 399 | gcry_mpi_point_t a, |
399 | gcry_mpi_point_t b) | 400 | gcry_mpi_point_t b) |
400 | { | 401 | { |
401 | gcry_mpi_point_t r; | 402 | gcry_mpi_point_t r; |
402 | 403 | ||
403 | r = gcry_mpi_point_new(0); | 404 | r = gcry_mpi_point_new (0); |
404 | gcry_mpi_ec_add(r, a, b, edc->ctx); | 405 | gcry_mpi_ec_add (r, a, b, edc->ctx); |
405 | return r; | 406 | return r; |
406 | } | 407 | } |
407 | 408 | ||
@@ -416,14 +417,14 @@ GNUNET_CRYPTO_ecc_add(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
416 | * must be freed using #GNUNET_CRYPTO_ecc_free() | 417 | * must be freed using #GNUNET_CRYPTO_ecc_free() |
417 | */ | 418 | */ |
418 | gcry_mpi_point_t | 419 | gcry_mpi_point_t |
419 | GNUNET_CRYPTO_ecc_pmul_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, | 420 | GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, |
420 | gcry_mpi_point_t p, | 421 | gcry_mpi_point_t p, |
421 | gcry_mpi_t val) | 422 | gcry_mpi_t val) |
422 | { | 423 | { |
423 | gcry_mpi_point_t r; | 424 | gcry_mpi_point_t r; |
424 | 425 | ||
425 | r = gcry_mpi_point_new(0); | 426 | r = gcry_mpi_point_new (0); |
426 | gcry_mpi_ec_mul(r, val, p, edc->ctx); | 427 | gcry_mpi_ec_mul (r, val, p, edc->ctx); |
427 | return r; | 428 | return r; |
428 | } | 429 | } |
429 | 430 | ||
@@ -438,31 +439,31 @@ GNUNET_CRYPTO_ecc_pmul_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
438 | * @param[out] r_inv set to the additive inverse of @a r | 439 | * @param[out] r_inv set to the additive inverse of @a r |
439 | */ | 440 | */ |
440 | void | 441 | void |
441 | GNUNET_CRYPTO_ecc_rnd(struct GNUNET_CRYPTO_EccDlogContext *edc, | 442 | GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, |
442 | gcry_mpi_point_t *r, | 443 | gcry_mpi_point_t *r, |
443 | gcry_mpi_point_t *r_inv) | 444 | gcry_mpi_point_t *r_inv) |
444 | { | 445 | { |
445 | gcry_mpi_t fact; | 446 | gcry_mpi_t fact; |
446 | gcry_mpi_t n; | 447 | gcry_mpi_t n; |
447 | gcry_mpi_point_t g; | 448 | gcry_mpi_point_t g; |
448 | 449 | ||
449 | fact = GNUNET_CRYPTO_ecc_random_mod_n(edc); | 450 | fact = GNUNET_CRYPTO_ecc_random_mod_n (edc); |
450 | 451 | ||
451 | /* calculate 'r' */ | 452 | /* calculate 'r' */ |
452 | g = gcry_mpi_ec_get_point("g", edc->ctx, 0); | 453 | g = gcry_mpi_ec_get_point ("g", edc->ctx, 0); |
453 | GNUNET_assert(NULL != g); | 454 | GNUNET_assert (NULL != g); |
454 | *r = gcry_mpi_point_new(0); | 455 | *r = gcry_mpi_point_new (0); |
455 | gcry_mpi_ec_mul(*r, fact, g, edc->ctx); | 456 | gcry_mpi_ec_mul (*r, fact, g, edc->ctx); |
456 | 457 | ||
457 | /* calculate 'r_inv' */ | 458 | /* calculate 'r_inv' */ |
458 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); | 459 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); |
459 | gcry_mpi_sub(fact, n, fact); /* fact = n - fact = - fact */ | 460 | gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */ |
460 | *r_inv = gcry_mpi_point_new(0); | 461 | *r_inv = gcry_mpi_point_new (0); |
461 | gcry_mpi_ec_mul(*r_inv, fact, g, edc->ctx); | 462 | gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx); |
462 | 463 | ||
463 | gcry_mpi_release(n); | 464 | gcry_mpi_release (n); |
464 | gcry_mpi_release(fact); | 465 | gcry_mpi_release (fact); |
465 | gcry_mpi_point_release(g); | 466 | gcry_mpi_point_release (g); |
466 | } | 467 | } |
467 | 468 | ||
468 | 469 | ||
@@ -475,17 +476,17 @@ GNUNET_CRYPTO_ecc_rnd(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
475 | * @param[out] r_inv set to the multiplicative inverse of @a r | 476 | * @param[out] r_inv set to the multiplicative inverse of @a r |
476 | */ | 477 | */ |
477 | void | 478 | void |
478 | GNUNET_CRYPTO_ecc_rnd_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, | 479 | GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, |
479 | gcry_mpi_t *r, | 480 | gcry_mpi_t *r, |
480 | gcry_mpi_t *r_inv) | 481 | gcry_mpi_t *r_inv) |
481 | { | 482 | { |
482 | gcry_mpi_t n; | 483 | gcry_mpi_t n; |
483 | 484 | ||
484 | *r = GNUNET_CRYPTO_ecc_random_mod_n(edc); | 485 | *r = GNUNET_CRYPTO_ecc_random_mod_n (edc); |
485 | /* r_inv = n - r = - r */ | 486 | /* r_inv = n - r = - r */ |
486 | *r_inv = gcry_mpi_new(0); | 487 | *r_inv = gcry_mpi_new (0); |
487 | n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1); | 488 | n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); |
488 | gcry_mpi_sub(*r_inv, n, *r); | 489 | gcry_mpi_sub (*r_inv, n, *r); |
489 | } | 490 | } |
490 | 491 | ||
491 | 492 | ||
@@ -495,9 +496,9 @@ GNUNET_CRYPTO_ecc_rnd_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc, | |||
495 | * @param p point to free | 496 | * @param p point to free |
496 | */ | 497 | */ |
497 | void | 498 | void |
498 | GNUNET_CRYPTO_ecc_free(gcry_mpi_point_t p) | 499 | GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p) |
499 | { | 500 | { |
500 | gcry_mpi_point_release(p); | 501 | gcry_mpi_point_release (p); |
501 | } | 502 | } |
502 | 503 | ||
503 | 504 | ||