1 files changed, 175 insertions, 174 deletions
diff --git a/src/util/crypto_ecc_dlog.c b/src/util/crypto_ecc_dlog.c
index 8b4344b25..6b0dc3503 100644
--- a/src/util/crypto_ecc_dlog.c
+++ b/src/util/crypto_ecc_dlog.c
@@ -44,26 +44,27 @@
 *
 */
 static void
-extract_pk(gcry_mpi_point_t pt,
+extract_pk (gcry_mpi_point_t pt,
-           gcry_ctx_t ctx,
+            gcry_ctx_t ctx,
-           struct GNUNET_PeerIdentity *pid)
+            struct GNUNET_PeerIdentity *pid)
 {
  gcry_mpi_t q_y;
-  GNUNET_assert(0 == gcry_mpi_ec_set_point("q", pt, ctx));
+  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", pt, ctx));
-  q_y = gcry_mpi_ec_get_mpi("q@eddsa", ctx, 0);
+  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
-  GNUNET_assert(q_y);
+  GNUNET_assert (q_y);
-  GNUNET_CRYPTO_mpi_print_unsigned(pid->public_key.q_y,
+  GNUNET_CRYPTO_mpi_print_unsigned (pid->public_key.q_y,
-                                   sizeof(pid->public_key.q_y),
+                                    sizeof(pid->public_key.q_y),
-                                   q_y);
+                                    q_y);
-  gcry_mpi_release(q_y);
+  gcry_mpi_release (q_y);
 }
 /**
 * Internal structure used to cache pre-calculated values for DLOG calculation.
 */
-struct GNUNET_CRYPTO_EccDlogContext {
+struct GNUNET_CRYPTO_EccDlogContext
+{
  /**
   * Maximum absolute value the calculation supports.
   */
@@ -97,19 +98,19 @@ struct GNUNET_CRYPTO_EccDlogContext {
 * @param[out] bin binary point representation
 */
 void
-GNUNET_CRYPTO_ecc_point_to_bin(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                               gcry_mpi_point_t point,
+                                gcry_mpi_point_t point,
-                               struct GNUNET_CRYPTO_EccPoint *bin)
+                                struct GNUNET_CRYPTO_EccPoint *bin)
 {
  gcry_mpi_t q_y;
-  GNUNET_assert(0 == gcry_mpi_ec_set_point("q", point, edc->ctx));
+  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx));
-  q_y = gcry_mpi_ec_get_mpi("q@eddsa", edc->ctx, 0);
+  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0);
-  GNUNET_assert(q_y);
+  GNUNET_assert (q_y);
-  GNUNET_CRYPTO_mpi_print_unsigned(bin->q_y,
+  GNUNET_CRYPTO_mpi_print_unsigned (bin->q_y,
-                                   sizeof(bin->q_y),
+                                    sizeof(bin->q_y),
-                                   q_y);
+                                    q_y);
-  gcry_mpi_release(q_y);
+  gcry_mpi_release (q_y);
 }
@@ -121,26 +122,26 @@ GNUNET_CRYPTO_ecc_point_to_bin(struct GNUNET_CRYPTO_EccDlogContext *edc,
 * @return computational representation
 */
 gcry_mpi_point_t
-GNUNET_CRYPTO_ecc_bin_to_point(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                               const struct GNUNET_CRYPTO_EccPoint *bin)
+                                const struct GNUNET_CRYPTO_EccPoint *bin)
 {
  gcry_sexp_t pub_sexpr;
  gcry_ctx_t ctx;
  gcry_mpi_point_t q;
-  (void)edc;
+  (void) edc;
-  if (0 != gcry_sexp_build(&pub_sexpr, NULL,
+  if (0 != gcry_sexp_build (&pub_sexpr, NULL,
-                           "(public-key(ecc(curve " CURVE ")(q %b)))",
+                            "(public-key(ecc(curve " CURVE ")(q %b)))",
-                           (int)sizeof(bin->q_y),
+                            (int) sizeof(bin->q_y),
-                           bin->q_y))
+                            bin->q_y))
-    {
+  {
-      GNUNET_break(0);
+    GNUNET_break (0);
-      return NULL;
+    return NULL;
-    }
+  }
-  GNUNET_assert(0 == gcry_mpi_ec_new(&ctx, pub_sexpr, NULL));
+  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
-  gcry_sexp_release(pub_sexpr);
+  gcry_sexp_release (pub_sexpr);
-  q = gcry_mpi_ec_get_point("q", ctx, 0);
+  q = gcry_mpi_ec_get_point ("q", ctx, 0);
-  gcry_ctx_release(ctx);
+  gcry_ctx_release (ctx);
  return q;
 }
@@ -153,8 +154,8 @@ GNUNET_CRYPTO_ecc_bin_to_point(struct GNUNET_CRYPTO_EccDlogContext *edc,
 * @return NULL on error
 */
 struct GNUNET_CRYPTO_EccDlogContext *
-GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max,
+GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
-                               unsigned int mem)
+                                unsigned int mem)
 {
  struct GNUNET_CRYPTO_EccDlogContext *edc;
  unsigned int K = ((max + (mem - 1)) / mem);
@@ -165,50 +166,50 @@ GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max,
  gcry_mpi_t n;
  unsigned int i;
-  GNUNET_assert(max < INT32_MAX);
+  GNUNET_assert (max < INT32_MAX);
-  edc = GNUNET_new(struct GNUNET_CRYPTO_EccDlogContext);
+  edc = GNUNET_new (struct GNUNET_CRYPTO_EccDlogContext);
  edc->max = max;
  edc->mem = mem;
-  edc->map = GNUNET_CONTAINER_multipeermap_create(mem * 2,
+  edc->map = GNUNET_CONTAINER_multipeermap_create (mem * 2,
-                                                  GNUNET_NO);
+                                                   GNUNET_NO);
-  GNUNET_assert(0 == gcry_mpi_ec_new(&edc->ctx,
+  GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
-                                     NULL,
+                                       NULL,
-                                     CURVE));
+                                       CURVE));
-  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
+  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
-  GNUNET_assert(NULL != g);
+  GNUNET_assert (NULL != g);
-  fact = gcry_mpi_new(0);
+  fact = gcry_mpi_new (0);
-  gKi = gcry_mpi_point_new(0);
+  gKi = gcry_mpi_point_new (0);
  for (i = 0; i <= mem; i++)
-    {
+  {
-      gcry_mpi_set_ui(fact, i * K);
+    gcry_mpi_set_ui (fact, i * K);
-      gcry_mpi_ec_mul(gKi, fact, g, edc->ctx);
+    gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
-      extract_pk(gKi, edc->ctx, &key);
+    extract_pk (gKi, edc->ctx, &key);
-      GNUNET_assert(GNUNET_OK ==
+    GNUNET_assert (GNUNET_OK ==
-                    GNUNET_CONTAINER_multipeermap_put(edc->map,
+                   GNUNET_CONTAINER_multipeermap_put (edc->map,
                                                      &key,
-                                                      (void*)(long)i + max,
+                                                      (void*) (long) i + max,
                                                      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
-    }
+  }
  /* negative values */
-  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
+  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
  for (i = 1; i < mem; i++)
-    {
+  {
-      gcry_mpi_set_ui(fact, i * K);
+    gcry_mpi_set_ui (fact, i * K);
-      gcry_mpi_sub(fact, n, fact);
+    gcry_mpi_sub (fact, n, fact);
-      gcry_mpi_ec_mul(gKi, fact, g, edc->ctx);
+    gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
-      extract_pk(gKi, edc->ctx, &key);
+    extract_pk (gKi, edc->ctx, &key);
-      GNUNET_assert(GNUNET_OK ==
+    GNUNET_assert (GNUNET_OK ==
-                    GNUNET_CONTAINER_multipeermap_put(edc->map,
+                   GNUNET_CONTAINER_multipeermap_put (edc->map,
                                                      &key,
-                                                      (void*)(long)max - i,
+                                                      (void*) (long) max - i,
                                                      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
-    }
+  }
-  gcry_mpi_release(fact);
+  gcry_mpi_release (fact);
-  gcry_mpi_release(n);
+  gcry_mpi_release (n);
-  gcry_mpi_point_release(gKi);
+  gcry_mpi_point_release (gKi);
-  gcry_mpi_point_release(g);
+  gcry_mpi_point_release (g);
  return edc;
 }
@@ -221,8 +222,8 @@ GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max,
 * @return INT_MAX if dlog failed, otherwise the factor
 */
 int
-GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                       gcry_mpi_point_t input)
+                        gcry_mpi_point_t input)
 {
  unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);
  gcry_mpi_point_t g;
@@ -232,36 +233,36 @@ GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc,
  int res;
  void *retp;
-  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
+  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
-  GNUNET_assert(NULL != g);
+  GNUNET_assert (NULL != g);
-  q = gcry_mpi_point_new(0);
+  q = gcry_mpi_point_new (0);
  res = INT_MAX;
  for (i = 0; i <= edc->max / edc->mem; i++)
+  {
+    if (0 == i)
+      extract_pk (input, edc->ctx, &key);
+    else
+      extract_pk (q, edc->ctx, &key);
+    retp = GNUNET_CONTAINER_multipeermap_get (edc->map,
+                                              &key);
+    if (NULL != retp)
    {
-      if (0 == i)
+      res = (((long) retp) - edc->max) * K - i;
-        extract_pk(input, edc->ctx, &key);
+      /* we continue the loop here to make the implementation
-      else
+         "constant-time". If we do not care about this, we could just
-        extract_pk(q, edc->ctx, &key);
+         'break' here and do fewer operations... */
-      retp = GNUNET_CONTAINER_multipeermap_get(edc->map,
-                                               &key);
-      if (NULL != retp)
-        {
-          res = (((long)retp) - edc->max) * K - i;
-          /* we continue the loop here to make the implementation
-             "constant-time". If we do not care about this, we could just
-             'break' here and do fewer operations... */
-        }
-      if (i == edc->max / edc->mem)
-        break;
-      /* q = q + g */
-      if (0 == i)
-        gcry_mpi_ec_add(q, input, g, edc->ctx);
-      else
-        gcry_mpi_ec_add(q, q, g, edc->ctx);
    }
-  gcry_mpi_point_release(g);
+    if (i == edc->max / edc->mem)
-  gcry_mpi_point_release(q);
+      break;
+    /* q = q + g */
+    if (0 == i)
+      gcry_mpi_ec_add (q, input, g, edc->ctx);
+    else
+      gcry_mpi_ec_add (q, q, g, edc->ctx);
+  }
+  gcry_mpi_point_release (g);
+  gcry_mpi_point_release (q);
  return res;
 }
@@ -274,30 +275,30 @@ GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc,
 * @return random value mod n.
 */
 gcry_mpi_t
-GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
+GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
 {
  gcry_mpi_t n;
  unsigned int highbit;
  gcry_mpi_t r;
-  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
+  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
  /* check public key for number of bits, bail out if key is all zeros */
  highbit = 256; /* Curve25519 */
-  while ((!gcry_mpi_test_bit(n, highbit)) &&
+  while ((! gcry_mpi_test_bit (n, highbit)) &&
         (0 != highbit))
    highbit--;
-  GNUNET_assert(0 != highbit);
+  GNUNET_assert (0 != highbit);
  /* generate fact < n (without bias) */
-  GNUNET_assert(NULL != (r = gcry_mpi_new(0)));
+  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
  do
-    {
+  {
-      gcry_mpi_randomize(r,
+    gcry_mpi_randomize (r,
-                         highbit + 1,
+                        highbit + 1,
-                         GCRY_STRONG_RANDOM);
+                        GCRY_STRONG_RANDOM);
-    }
+  }
-  while (gcry_mpi_cmp(r, n) >= 0);
+  while (gcry_mpi_cmp (r, n) >= 0);
-  gcry_mpi_release(n);
+  gcry_mpi_release (n);
  return r;
 }
@@ -308,11 +309,11 @@ GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
 * @param edc dlog context
 */
 void
-GNUNET_CRYPTO_ecc_dlog_release(struct GNUNET_CRYPTO_EccDlogContext *edc)
+GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
 {
-  gcry_ctx_release(edc->ctx);
+  gcry_ctx_release (edc->ctx);
-  GNUNET_CONTAINER_multipeermap_destroy(edc->map);
+  GNUNET_CONTAINER_multipeermap_destroy (edc->map);
-  GNUNET_free(edc);
+  GNUNET_free (edc);
 }
@@ -330,32 +331,32 @@ GNUNET_CRYPTO_ecc_dlog_release(struct GNUNET_CRYPTO_EccDlogContext *edc)
 *         must be freed using #GNUNET_CRYPTO_ecc_free()
 */
 gcry_mpi_point_t
-GNUNET_CRYPTO_ecc_dexp(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                       int val)
+                        int val)
 {
  gcry_mpi_t fact;
  gcry_mpi_t n;
  gcry_mpi_point_t g;
  gcry_mpi_point_t r;
-  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
+  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
-  GNUNET_assert(NULL != g);
+  GNUNET_assert (NULL != g);
-  fact = gcry_mpi_new(0);
+  fact = gcry_mpi_new (0);
  if (val < 0)
-    {
+  {
-      n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
+    n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
-      gcry_mpi_set_ui(fact, -val);
+    gcry_mpi_set_ui (fact, -val);
-      gcry_mpi_sub(fact, n, fact);
+    gcry_mpi_sub (fact, n, fact);
-      gcry_mpi_release(n);
+    gcry_mpi_release (n);
-    }
+  }
  else
-    {
+  {
-      gcry_mpi_set_ui(fact, val);
+    gcry_mpi_set_ui (fact, val);
-    }
+  }
-  r = gcry_mpi_point_new(0);
+  r = gcry_mpi_point_new (0);
-  gcry_mpi_ec_mul(r, fact, g, edc->ctx);
+  gcry_mpi_ec_mul (r, fact, g, edc->ctx);
-  gcry_mpi_release(fact);
+  gcry_mpi_release (fact);
-  gcry_mpi_point_release(g);
+  gcry_mpi_point_release (g);
  return r;
 }
@@ -370,17 +371,17 @@ GNUNET_CRYPTO_ecc_dexp(struct GNUNET_CRYPTO_EccDlogContext *edc,
 *         must be freed using #GNUNET_CRYPTO_ecc_free()
 */
 gcry_mpi_point_t
-GNUNET_CRYPTO_ecc_dexp_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                           gcry_mpi_t val)
+                            gcry_mpi_t val)
 {
  gcry_mpi_point_t g;
  gcry_mpi_point_t r;
-  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
+  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
-  GNUNET_assert(NULL != g);
+  GNUNET_assert (NULL != g);
-  r = gcry_mpi_point_new(0);
+  r = gcry_mpi_point_new (0);
-  gcry_mpi_ec_mul(r, val, g, edc->ctx);
+  gcry_mpi_ec_mul (r, val, g, edc->ctx);
-  gcry_mpi_point_release(g);
+  gcry_mpi_point_release (g);
  return r;
 }
@@ -394,14 +395,14 @@ GNUNET_CRYPTO_ecc_dexp_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
 * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
 */
 gcry_mpi_point_t
-GNUNET_CRYPTO_ecc_add(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                      gcry_mpi_point_t a,
+                       gcry_mpi_point_t a,
-                      gcry_mpi_point_t b)
+                       gcry_mpi_point_t b)
 {
  gcry_mpi_point_t r;
-  r = gcry_mpi_point_new(0);
+  r = gcry_mpi_point_new (0);
-  gcry_mpi_ec_add(r, a, b, edc->ctx);
+  gcry_mpi_ec_add (r, a, b, edc->ctx);
  return r;
 }
@@ -416,14 +417,14 @@ GNUNET_CRYPTO_ecc_add(struct GNUNET_CRYPTO_EccDlogContext *edc,
 *         must be freed using #GNUNET_CRYPTO_ecc_free()
 */
 gcry_mpi_point_t
-GNUNET_CRYPTO_ecc_pmul_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                           gcry_mpi_point_t p,
+                            gcry_mpi_point_t p,
-                           gcry_mpi_t val)
+                            gcry_mpi_t val)
 {
  gcry_mpi_point_t r;
-  r = gcry_mpi_point_new(0);
+  r = gcry_mpi_point_new (0);
-  gcry_mpi_ec_mul(r, val, p, edc->ctx);
+  gcry_mpi_ec_mul (r, val, p, edc->ctx);
  return r;
 }
@@ -438,31 +439,31 @@ GNUNET_CRYPTO_ecc_pmul_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
 * @param[out] r_inv set to the additive inverse of @a r
 */
 void
-GNUNET_CRYPTO_ecc_rnd(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                      gcry_mpi_point_t *r,
+                       gcry_mpi_point_t *r,
-                      gcry_mpi_point_t *r_inv)
+                       gcry_mpi_point_t *r_inv)
 {
  gcry_mpi_t fact;
  gcry_mpi_t n;
  gcry_mpi_point_t g;
-  fact = GNUNET_CRYPTO_ecc_random_mod_n(edc);
+  fact = GNUNET_CRYPTO_ecc_random_mod_n (edc);
  /* calculate 'r' */
-  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
+  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
-  GNUNET_assert(NULL != g);
+  GNUNET_assert (NULL != g);
-  *r = gcry_mpi_point_new(0);
+  *r = gcry_mpi_point_new (0);
-  gcry_mpi_ec_mul(*r, fact, g, edc->ctx);
+  gcry_mpi_ec_mul (*r, fact, g, edc->ctx);
  /* calculate 'r_inv' */
-  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
+  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
-  gcry_mpi_sub(fact, n, fact);  /* fact = n - fact = - fact */
+  gcry_mpi_sub (fact, n, fact);  /* fact = n - fact = - fact */
-  *r_inv = gcry_mpi_point_new(0);
+  *r_inv = gcry_mpi_point_new (0);
-  gcry_mpi_ec_mul(*r_inv, fact, g, edc->ctx);
+  gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);
-  gcry_mpi_release(n);
+  gcry_mpi_release (n);
-  gcry_mpi_release(fact);
+  gcry_mpi_release (fact);
-  gcry_mpi_point_release(g);
+  gcry_mpi_point_release (g);
 }
@@ -475,17 +476,17 @@ GNUNET_CRYPTO_ecc_rnd(struct GNUNET_CRYPTO_EccDlogContext *edc,
 * @param[out] r_inv set to the multiplicative inverse of @a r
 */
 void
-GNUNET_CRYPTO_ecc_rnd_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
+GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
-                          gcry_mpi_t *r,
+                           gcry_mpi_t *r,
-                          gcry_mpi_t *r_inv)
+                           gcry_mpi_t *r_inv)
 {
  gcry_mpi_t n;
-  *r = GNUNET_CRYPTO_ecc_random_mod_n(edc);
+  *r = GNUNET_CRYPTO_ecc_random_mod_n (edc);
  /* r_inv = n - r = - r */
-  *r_inv = gcry_mpi_new(0);
+  *r_inv = gcry_mpi_new (0);
-  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
+  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
-  gcry_mpi_sub(*r_inv, n, *r);
+  gcry_mpi_sub (*r_inv, n, *r);
 }
@@ -495,9 +496,9 @@ GNUNET_CRYPTO_ecc_rnd_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
 * @param p point to free
 */
 void
-GNUNET_CRYPTO_ecc_free(gcry_mpi_point_t p)
+GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p)
 {
-  gcry_mpi_point_release(p);
+  gcry_mpi_point_release (p);
 }

diff --git a/src/util/crypto_ecc_dlog.c b/src/util/crypto_ecc_dlog.c index 8b4344b25..6b0dc3503 100644 --- a/src/util/crypto_ecc_dlog.c +++ b/src/util/crypto_ecc_dlog.c
@@ -44,26 +44,27 @@
44	*	44	*
45	*/	45	*/
46	static void	46	static void
47	extract_pk(gcry_mpi_point_t pt,	47	extract_pk (gcry_mpi_point_t pt,
48	gcry_ctx_t ctx,	48	gcry_ctx_t ctx,
49	struct GNUNET_PeerIdentity *pid)	49	struct GNUNET_PeerIdentity *pid)
50	{	50	{
51	gcry_mpi_t q_y;	51	gcry_mpi_t q_y;
52		52
53	GNUNET_assert(0 == gcry_mpi_ec_set_point("q", pt, ctx));	53	GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", pt, ctx));
54	q_y = gcry_mpi_ec_get_mpi("q@eddsa", ctx, 0);	54	q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
55	GNUNET_assert(q_y);	55	GNUNET_assert (q_y);
56	GNUNET_CRYPTO_mpi_print_unsigned(pid->public_key.q_y,	56	GNUNET_CRYPTO_mpi_print_unsigned (pid->public_key.q_y,
57	sizeof(pid->public_key.q_y),	57	sizeof(pid->public_key.q_y),
58	q_y);	58	q_y);
59	gcry_mpi_release(q_y);	59	gcry_mpi_release (q_y);
60	}	60	}
61		61
62		62
63	/**	63	/**
64	* Internal structure used to cache pre-calculated values for DLOG calculation.	64	* Internal structure used to cache pre-calculated values for DLOG calculation.
65	*/	65	*/
66	struct GNUNET_CRYPTO_EccDlogContext {	66	struct GNUNET_CRYPTO_EccDlogContext
		67	{
67	/**	68	/**
68	* Maximum absolute value the calculation supports.	69	* Maximum absolute value the calculation supports.
69	*/	70	*/
@@ -97,19 +98,19 @@ struct GNUNET_CRYPTO_EccDlogContext {
97	* @param[out] bin binary point representation	98	* @param[out] bin binary point representation
98	*/	99	*/
99	void	100	void
100	GNUNET_CRYPTO_ecc_point_to_bin(struct GNUNET_CRYPTO_EccDlogContext *edc,	101	GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc,
101	gcry_mpi_point_t point,	102	gcry_mpi_point_t point,
102	struct GNUNET_CRYPTO_EccPoint *bin)	103	struct GNUNET_CRYPTO_EccPoint *bin)
103	{	104	{
104	gcry_mpi_t q_y;	105	gcry_mpi_t q_y;
105		106
106	GNUNET_assert(0 == gcry_mpi_ec_set_point("q", point, edc->ctx));	107	GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx));
107	q_y = gcry_mpi_ec_get_mpi("q@eddsa", edc->ctx, 0);	108	q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0);
108	GNUNET_assert(q_y);	109	GNUNET_assert (q_y);
109	GNUNET_CRYPTO_mpi_print_unsigned(bin->q_y,	110	GNUNET_CRYPTO_mpi_print_unsigned (bin->q_y,
110	sizeof(bin->q_y),	111	sizeof(bin->q_y),
111	q_y);	112	q_y);
112	gcry_mpi_release(q_y);	113	gcry_mpi_release (q_y);
113	}	114	}
114		115
115		116
@@ -121,26 +122,26 @@ GNUNET_CRYPTO_ecc_point_to_bin(struct GNUNET_CRYPTO_EccDlogContext *edc,
121	* @return computational representation	122	* @return computational representation
122	*/	123	*/
123	gcry_mpi_point_t	124	gcry_mpi_point_t
124	GNUNET_CRYPTO_ecc_bin_to_point(struct GNUNET_CRYPTO_EccDlogContext *edc,	125	GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc,
125	const struct GNUNET_CRYPTO_EccPoint *bin)	126	const struct GNUNET_CRYPTO_EccPoint *bin)
126	{	127	{
127	gcry_sexp_t pub_sexpr;	128	gcry_sexp_t pub_sexpr;
128	gcry_ctx_t ctx;	129	gcry_ctx_t ctx;
129	gcry_mpi_point_t q;	130	gcry_mpi_point_t q;
130		131
131	(void)edc;	132	(void) edc;
132	if (0 != gcry_sexp_build(&pub_sexpr, NULL,	133	if (0 != gcry_sexp_build (&pub_sexpr, NULL,
133	"(public-key(ecc(curve " CURVE ")(q %b)))",	134	"(public-key(ecc(curve " CURVE ")(q %b)))",
134	(int)sizeof(bin->q_y),	135	(int) sizeof(bin->q_y),
135	bin->q_y))	136	bin->q_y))
136	{	137	{
137	GNUNET_break(0);	138	GNUNET_break (0);
138	return NULL;	139	return NULL;
139	}	140	}
140	GNUNET_assert(0 == gcry_mpi_ec_new(&ctx, pub_sexpr, NULL));	141	GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
141	gcry_sexp_release(pub_sexpr);	142	gcry_sexp_release (pub_sexpr);
142	q = gcry_mpi_ec_get_point("q", ctx, 0);	143	q = gcry_mpi_ec_get_point ("q", ctx, 0);
143	gcry_ctx_release(ctx);	144	gcry_ctx_release (ctx);
144	return q;	145	return q;
145	}	146	}
146		147
@@ -153,8 +154,8 @@ GNUNET_CRYPTO_ecc_bin_to_point(struct GNUNET_CRYPTO_EccDlogContext *edc,
153	* @return NULL on error	154	* @return NULL on error
154	*/	155	*/
155	struct GNUNET_CRYPTO_EccDlogContext *	156	struct GNUNET_CRYPTO_EccDlogContext *
156	GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max,	157	GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
157	unsigned int mem)	158	unsigned int mem)
158	{	159	{
159	struct GNUNET_CRYPTO_EccDlogContext *edc;	160	struct GNUNET_CRYPTO_EccDlogContext *edc;
160	unsigned int K = ((max + (mem - 1)) / mem);	161	unsigned int K = ((max + (mem - 1)) / mem);
@@ -165,50 +166,50 @@ GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max,
165	gcry_mpi_t n;	166	gcry_mpi_t n;
166	unsigned int i;	167	unsigned int i;
167		168
168	GNUNET_assert(max < INT32_MAX);	169	GNUNET_assert (max < INT32_MAX);
169	edc = GNUNET_new(struct GNUNET_CRYPTO_EccDlogContext);	170	edc = GNUNET_new (struct GNUNET_CRYPTO_EccDlogContext);
170	edc->max = max;	171	edc->max = max;
171	edc->mem = mem;	172	edc->mem = mem;
172		173
173	edc->map = GNUNET_CONTAINER_multipeermap_create(mem * 2,	174	edc->map = GNUNET_CONTAINER_multipeermap_create (mem * 2,
174	GNUNET_NO);	175	GNUNET_NO);
175		176
176	GNUNET_assert(0 == gcry_mpi_ec_new(&edc->ctx,	177	GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
177	NULL,	178	NULL,
178	CURVE));	179	CURVE));
179	g = gcry_mpi_ec_get_point("g", edc->ctx, 0);	180	g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
180	GNUNET_assert(NULL != g);	181	GNUNET_assert (NULL != g);
181	fact = gcry_mpi_new(0);	182	fact = gcry_mpi_new (0);
182	gKi = gcry_mpi_point_new(0);	183	gKi = gcry_mpi_point_new (0);
183	for (i = 0; i <= mem; i++)	184	for (i = 0; i <= mem; i++)
184	{	185	{
185	gcry_mpi_set_ui(fact, i * K);	186	gcry_mpi_set_ui (fact, i * K);
186	gcry_mpi_ec_mul(gKi, fact, g, edc->ctx);	187	gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
187	extract_pk(gKi, edc->ctx, &key);	188	extract_pk (gKi, edc->ctx, &key);
188	GNUNET_assert(GNUNET_OK ==	189	GNUNET_assert (GNUNET_OK ==
189	GNUNET_CONTAINER_multipeermap_put(edc->map,	190	GNUNET_CONTAINER_multipeermap_put (edc->map,
190	&key,	191	&key,
191	(void*)(long)i + max,	192	(void*) (long) i + max,
192	GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));	193	GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
193	}	194	}
194	/* negative values */	195	/* negative values */
195	n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);	196	n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
196	for (i = 1; i < mem; i++)	197	for (i = 1; i < mem; i++)
197	{	198	{
198	gcry_mpi_set_ui(fact, i * K);	199	gcry_mpi_set_ui (fact, i * K);
199	gcry_mpi_sub(fact, n, fact);	200	gcry_mpi_sub (fact, n, fact);
200	gcry_mpi_ec_mul(gKi, fact, g, edc->ctx);	201	gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
201	extract_pk(gKi, edc->ctx, &key);	202	extract_pk (gKi, edc->ctx, &key);
202	GNUNET_assert(GNUNET_OK ==	203	GNUNET_assert (GNUNET_OK ==
203	GNUNET_CONTAINER_multipeermap_put(edc->map,	204	GNUNET_CONTAINER_multipeermap_put (edc->map,
204	&key,	205	&key,
205	(void*)(long)max - i,	206	(void*) (long) max - i,
206	GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));	207	GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
207	}	208	}
208	gcry_mpi_release(fact);	209	gcry_mpi_release (fact);
209	gcry_mpi_release(n);	210	gcry_mpi_release (n);
210	gcry_mpi_point_release(gKi);	211	gcry_mpi_point_release (gKi);
211	gcry_mpi_point_release(g);	212	gcry_mpi_point_release (g);
212	return edc;	213	return edc;
213	}	214	}
214		215
@@ -221,8 +222,8 @@ GNUNET_CRYPTO_ecc_dlog_prepare(unsigned int max,
221	* @return INT_MAX if dlog failed, otherwise the factor	222	* @return INT_MAX if dlog failed, otherwise the factor
222	*/	223	*/
223	int	224	int
224	GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc,	225	GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
225	gcry_mpi_point_t input)	226	gcry_mpi_point_t input)
226	{	227	{
227	unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);	228	unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);
228	gcry_mpi_point_t g;	229	gcry_mpi_point_t g;
@@ -232,36 +233,36 @@ GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc,
232	int res;	233	int res;
233	void *retp;	234	void *retp;
234		235
235	g = gcry_mpi_ec_get_point("g", edc->ctx, 0);	236	g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
236	GNUNET_assert(NULL != g);	237	GNUNET_assert (NULL != g);
237	q = gcry_mpi_point_new(0);	238	q = gcry_mpi_point_new (0);
238		239
239	res = INT_MAX;	240	res = INT_MAX;
240	for (i = 0; i <= edc->max / edc->mem; i++)	241	for (i = 0; i <= edc->max / edc->mem; i++)
		242	{
		243	if (0 == i)
		244	extract_pk (input, edc->ctx, &key);
		245	else
		246	extract_pk (q, edc->ctx, &key);
		247	retp = GNUNET_CONTAINER_multipeermap_get (edc->map,
		248	&key);
		249	if (NULL != retp)
241	{	250	{
242	if (0 == i)	251	res = (((long) retp) - edc->max) * K - i;
243	extract_pk(input, edc->ctx, &key);	252	/* we continue the loop here to make the implementation
244	else	253	"constant-time". If we do not care about this, we could just
245	extract_pk(q, edc->ctx, &key);	254	'break' here and do fewer operations... */
246	retp = GNUNET_CONTAINER_multipeermap_get(edc->map,
247	&key);
248	if (NULL != retp)
249	{
250	res = (((long)retp) - edc->max) * K - i;
251	/* we continue the loop here to make the implementation
252	"constant-time". If we do not care about this, we could just
253	'break' here and do fewer operations... */
254	}
255	if (i == edc->max / edc->mem)
256	break;
257	/* q = q + g */
258	if (0 == i)
259	gcry_mpi_ec_add(q, input, g, edc->ctx);
260	else
261	gcry_mpi_ec_add(q, q, g, edc->ctx);
262	}	255	}
263	gcry_mpi_point_release(g);	256	if (i == edc->max / edc->mem)
264	gcry_mpi_point_release(q);	257	break;
		258	/* q = q + g */
		259	if (0 == i)
		260	gcry_mpi_ec_add (q, input, g, edc->ctx);
		261	else
		262	gcry_mpi_ec_add (q, q, g, edc->ctx);
		263	}
		264	gcry_mpi_point_release (g);
		265	gcry_mpi_point_release (q);
265		266
266	return res;	267	return res;
267	}	268	}
@@ -274,30 +275,30 @@ GNUNET_CRYPTO_ecc_dlog(struct GNUNET_CRYPTO_EccDlogContext *edc,
274	* @return random value mod n.	275	* @return random value mod n.
275	*/	276	*/
276	gcry_mpi_t	277	gcry_mpi_t
277	GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)	278	GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
278	{	279	{
279	gcry_mpi_t n;	280	gcry_mpi_t n;
280	unsigned int highbit;	281	unsigned int highbit;
281	gcry_mpi_t r;	282	gcry_mpi_t r;
282		283
283	n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);	284	n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
284		285
285	/* check public key for number of bits, bail out if key is all zeros */	286	/* check public key for number of bits, bail out if key is all zeros */
286	highbit = 256; /* Curve25519 */	287	highbit = 256; /* Curve25519 */
287	while ((!gcry_mpi_test_bit(n, highbit)) &&	288	while ((! gcry_mpi_test_bit (n, highbit)) &&
288	(0 != highbit))	289	(0 != highbit))
289	highbit--;	290	highbit--;
290	GNUNET_assert(0 != highbit);	291	GNUNET_assert (0 != highbit);
291	/* generate fact < n (without bias) */	292	/* generate fact < n (without bias) */
292	GNUNET_assert(NULL != (r = gcry_mpi_new(0)));	293	GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
293	do	294	do
294	{	295	{
295	gcry_mpi_randomize(r,	296	gcry_mpi_randomize (r,
296	highbit + 1,	297	highbit + 1,
297	GCRY_STRONG_RANDOM);	298	GCRY_STRONG_RANDOM);
298	}	299	}
299	while (gcry_mpi_cmp(r, n) >= 0);	300	while (gcry_mpi_cmp (r, n) >= 0);
300	gcry_mpi_release(n);	301	gcry_mpi_release (n);
301	return r;	302	return r;
302	}	303	}
303		304
@@ -308,11 +309,11 @@ GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
308	* @param edc dlog context	309	* @param edc dlog context
309	*/	310	*/
310	void	311	void
311	GNUNET_CRYPTO_ecc_dlog_release(struct GNUNET_CRYPTO_EccDlogContext *edc)	312	GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
312	{	313	{
313	gcry_ctx_release(edc->ctx);	314	gcry_ctx_release (edc->ctx);
314	GNUNET_CONTAINER_multipeermap_destroy(edc->map);	315	GNUNET_CONTAINER_multipeermap_destroy (edc->map);
315	GNUNET_free(edc);	316	GNUNET_free (edc);
316	}	317	}
317		318
318		319
@@ -330,32 +331,32 @@ GNUNET_CRYPTO_ecc_dlog_release(struct GNUNET_CRYPTO_EccDlogContext *edc)
330	* must be freed using #GNUNET_CRYPTO_ecc_free()	331	* must be freed using #GNUNET_CRYPTO_ecc_free()
331	*/	332	*/
332	gcry_mpi_point_t	333	gcry_mpi_point_t
333	GNUNET_CRYPTO_ecc_dexp(struct GNUNET_CRYPTO_EccDlogContext *edc,	334	GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
334	int val)	335	int val)
335	{	336	{
336	gcry_mpi_t fact;	337	gcry_mpi_t fact;
337	gcry_mpi_t n;	338	gcry_mpi_t n;
338	gcry_mpi_point_t g;	339	gcry_mpi_point_t g;
339	gcry_mpi_point_t r;	340	gcry_mpi_point_t r;
340		341
341	g = gcry_mpi_ec_get_point("g", edc->ctx, 0);	342	g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
342	GNUNET_assert(NULL != g);	343	GNUNET_assert (NULL != g);
343	fact = gcry_mpi_new(0);	344	fact = gcry_mpi_new (0);
344	if (val < 0)	345	if (val < 0)
345	{	346	{
346	n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);	347	n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
347	gcry_mpi_set_ui(fact, -val);	348	gcry_mpi_set_ui (fact, -val);
348	gcry_mpi_sub(fact, n, fact);	349	gcry_mpi_sub (fact, n, fact);
349	gcry_mpi_release(n);	350	gcry_mpi_release (n);
350	}	351	}
351	else	352	else
352	{	353	{
353	gcry_mpi_set_ui(fact, val);	354	gcry_mpi_set_ui (fact, val);
354	}	355	}
355	r = gcry_mpi_point_new(0);	356	r = gcry_mpi_point_new (0);
356	gcry_mpi_ec_mul(r, fact, g, edc->ctx);	357	gcry_mpi_ec_mul (r, fact, g, edc->ctx);
357	gcry_mpi_release(fact);	358	gcry_mpi_release (fact);
358	gcry_mpi_point_release(g);	359	gcry_mpi_point_release (g);
359	return r;	360	return r;
360	}	361	}
361		362
@@ -370,17 +371,17 @@ GNUNET_CRYPTO_ecc_dexp(struct GNUNET_CRYPTO_EccDlogContext *edc,
370	* must be freed using #GNUNET_CRYPTO_ecc_free()	371	* must be freed using #GNUNET_CRYPTO_ecc_free()
371	*/	372	*/
372	gcry_mpi_point_t	373	gcry_mpi_point_t
373	GNUNET_CRYPTO_ecc_dexp_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,	374	GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
374	gcry_mpi_t val)	375	gcry_mpi_t val)
375	{	376	{
376	gcry_mpi_point_t g;	377	gcry_mpi_point_t g;
377	gcry_mpi_point_t r;	378	gcry_mpi_point_t r;
378		379
379	g = gcry_mpi_ec_get_point("g", edc->ctx, 0);	380	g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
380	GNUNET_assert(NULL != g);	381	GNUNET_assert (NULL != g);
381	r = gcry_mpi_point_new(0);	382	r = gcry_mpi_point_new (0);
382	gcry_mpi_ec_mul(r, val, g, edc->ctx);	383	gcry_mpi_ec_mul (r, val, g, edc->ctx);
383	gcry_mpi_point_release(g);	384	gcry_mpi_point_release (g);
384	return r;	385	return r;
385	}	386	}
386		387
@@ -394,14 +395,14 @@ GNUNET_CRYPTO_ecc_dexp_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
394	* @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()	395	* @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
395	*/	396	*/
396	gcry_mpi_point_t	397	gcry_mpi_point_t
397	GNUNET_CRYPTO_ecc_add(struct GNUNET_CRYPTO_EccDlogContext *edc,	398	GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
398	gcry_mpi_point_t a,	399	gcry_mpi_point_t a,
399	gcry_mpi_point_t b)	400	gcry_mpi_point_t b)
400	{	401	{
401	gcry_mpi_point_t r;	402	gcry_mpi_point_t r;
402		403
403	r = gcry_mpi_point_new(0);	404	r = gcry_mpi_point_new (0);
404	gcry_mpi_ec_add(r, a, b, edc->ctx);	405	gcry_mpi_ec_add (r, a, b, edc->ctx);
405	return r;	406	return r;
406	}	407	}
407		408
@@ -416,14 +417,14 @@ GNUNET_CRYPTO_ecc_add(struct GNUNET_CRYPTO_EccDlogContext *edc,
416	* must be freed using #GNUNET_CRYPTO_ecc_free()	417	* must be freed using #GNUNET_CRYPTO_ecc_free()
417	*/	418	*/
418	gcry_mpi_point_t	419	gcry_mpi_point_t
419	GNUNET_CRYPTO_ecc_pmul_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,	420	GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
420	gcry_mpi_point_t p,	421	gcry_mpi_point_t p,
421	gcry_mpi_t val)	422	gcry_mpi_t val)
422	{	423	{
423	gcry_mpi_point_t r;	424	gcry_mpi_point_t r;
424		425
425	r = gcry_mpi_point_new(0);	426	r = gcry_mpi_point_new (0);
426	gcry_mpi_ec_mul(r, val, p, edc->ctx);	427	gcry_mpi_ec_mul (r, val, p, edc->ctx);
427	return r;	428	return r;
428	}	429	}
429		430
@@ -438,31 +439,31 @@ GNUNET_CRYPTO_ecc_pmul_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
438	* @param[out] r_inv set to the additive inverse of @a r	439	* @param[out] r_inv set to the additive inverse of @a r
439	*/	440	*/
440	void	441	void
441	GNUNET_CRYPTO_ecc_rnd(struct GNUNET_CRYPTO_EccDlogContext *edc,	442	GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
442	gcry_mpi_point_t *r,	443	gcry_mpi_point_t *r,
443	gcry_mpi_point_t *r_inv)	444	gcry_mpi_point_t *r_inv)
444	{	445	{
445	gcry_mpi_t fact;	446	gcry_mpi_t fact;
446	gcry_mpi_t n;	447	gcry_mpi_t n;
447	gcry_mpi_point_t g;	448	gcry_mpi_point_t g;
448		449
449	fact = GNUNET_CRYPTO_ecc_random_mod_n(edc);	450	fact = GNUNET_CRYPTO_ecc_random_mod_n (edc);
450		451
451	/* calculate 'r' */	452	/* calculate 'r' */
452	g = gcry_mpi_ec_get_point("g", edc->ctx, 0);	453	g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
453	GNUNET_assert(NULL != g);	454	GNUNET_assert (NULL != g);
454	*r = gcry_mpi_point_new(0);	455	*r = gcry_mpi_point_new (0);
455	gcry_mpi_ec_mul(*r, fact, g, edc->ctx);	456	gcry_mpi_ec_mul (*r, fact, g, edc->ctx);
456		457
457	/* calculate 'r_inv' */	458	/* calculate 'r_inv' */
458	n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);	459	n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
459	gcry_mpi_sub(fact, n, fact); /* fact = n - fact = - fact */	460	gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */
460	*r_inv = gcry_mpi_point_new(0);	461	*r_inv = gcry_mpi_point_new (0);
461	gcry_mpi_ec_mul(*r_inv, fact, g, edc->ctx);	462	gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);
462		463
463	gcry_mpi_release(n);	464	gcry_mpi_release (n);
464	gcry_mpi_release(fact);	465	gcry_mpi_release (fact);
465	gcry_mpi_point_release(g);	466	gcry_mpi_point_release (g);
466	}	467	}
467		468
468		469
@@ -475,17 +476,17 @@ GNUNET_CRYPTO_ecc_rnd(struct GNUNET_CRYPTO_EccDlogContext *edc,
475	* @param[out] r_inv set to the multiplicative inverse of @a r	476	* @param[out] r_inv set to the multiplicative inverse of @a r
476	*/	477	*/
477	void	478	void
478	GNUNET_CRYPTO_ecc_rnd_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,	479	GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
479	gcry_mpi_t *r,	480	gcry_mpi_t *r,
480	gcry_mpi_t *r_inv)	481	gcry_mpi_t *r_inv)
481	{	482	{
482	gcry_mpi_t n;	483	gcry_mpi_t n;
483		484
484	*r = GNUNET_CRYPTO_ecc_random_mod_n(edc);	485	*r = GNUNET_CRYPTO_ecc_random_mod_n (edc);
485	/* r_inv = n - r = - r */	486	/* r_inv = n - r = - r */
486	*r_inv = gcry_mpi_new(0);	487	*r_inv = gcry_mpi_new (0);
487	n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);	488	n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
488	gcry_mpi_sub(r_inv, n, r);	489	gcry_mpi_sub (r_inv, n, r);
489	}	490	}
490		491
491		492
@@ -495,9 +496,9 @@ GNUNET_CRYPTO_ecc_rnd_mpi(struct GNUNET_CRYPTO_EccDlogContext *edc,
495	* @param p point to free	496	* @param p point to free
496	*/	497	*/
497	void	498	void
498	GNUNET_CRYPTO_ecc_free(gcry_mpi_point_t p)	499	GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p)
499	{	500	{
500	gcry_mpi_point_release(p);	501	gcry_mpi_point_release (p);
501	}	502	}
502		503
503		504