aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_paillier.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/crypto_paillier.c')
-rw-r--r--src/util/crypto_paillier.c423
1 files changed, 213 insertions, 210 deletions
diff --git a/src/util/crypto_paillier.c b/src/util/crypto_paillier.c
index 622ce81fa..27a9af5de 100644
--- a/src/util/crypto_paillier.c
+++ b/src/util/crypto_paillier.c
@@ -11,7 +11,7 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
@@ -36,8 +36,8 @@
36 * @param[out] private_key Where to store the private key? 36 * @param[out] private_key Where to store the private key?
37 */ 37 */
38void 38void
39GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 39GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
40 struct GNUNET_CRYPTO_PaillierPrivateKey *private_key) 40 struct GNUNET_CRYPTO_PaillierPrivateKey *private_key)
41{ 41{
42 gcry_mpi_t p; 42 gcry_mpi_t p;
43 gcry_mpi_t q; 43 gcry_mpi_t q;
@@ -49,55 +49,56 @@ GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_ke
49 is executed more than once is very very low... */ 49 is executed more than once is very very low... */
50 p = NULL; 50 p = NULL;
51 q = NULL; 51 q = NULL;
52 do { 52 do
53 if (NULL != p) 53 {
54 gcry_mpi_release (p); 54 if (NULL != p)
55 if (NULL != q) 55 gcry_mpi_release(p);
56 gcry_mpi_release (q); 56 if (NULL != q)
57 GNUNET_assert (0 == 57 gcry_mpi_release(q);
58 gcry_prime_generate (&p, 58 GNUNET_assert(0 ==
59 gcry_prime_generate(&p,
59 GNUNET_CRYPTO_PAILLIER_BITS / 2, 60 GNUNET_CRYPTO_PAILLIER_BITS / 2,
60 0, NULL, NULL, NULL, 61 0, NULL, NULL, NULL,
61 GCRY_STRONG_RANDOM, 0)); 62 GCRY_STRONG_RANDOM, 0));
62 GNUNET_assert (0 == 63 GNUNET_assert(0 ==
63 gcry_prime_generate (&q, 64 gcry_prime_generate(&q,
64 GNUNET_CRYPTO_PAILLIER_BITS / 2, 65 GNUNET_CRYPTO_PAILLIER_BITS / 2,
65 0, NULL, NULL, NULL, 66 0, NULL, NULL, NULL,
66 GCRY_STRONG_RANDOM, 0)); 67 GCRY_STRONG_RANDOM, 0));
67 } 68 }
68 while (0 == gcry_mpi_cmp (p, q)); 69 while (0 == gcry_mpi_cmp(p, q));
69 /* n = p * q */ 70 /* n = p * q */
70 GNUNET_assert (NULL != (n = gcry_mpi_new (0))); 71 GNUNET_assert(NULL != (n = gcry_mpi_new(0)));
71 gcry_mpi_mul (n, 72 gcry_mpi_mul(n,
72 p, 73 p,
73 q); 74 q);
74 GNUNET_CRYPTO_mpi_print_unsigned (public_key, 75 GNUNET_CRYPTO_mpi_print_unsigned(public_key,
75 sizeof (struct GNUNET_CRYPTO_PaillierPublicKey), 76 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey),
76 n); 77 n);
77 78
78 /* compute phi(n) = (p-1)(q-1) */ 79 /* compute phi(n) = (p-1)(q-1) */
79 GNUNET_assert (NULL != (phi = gcry_mpi_new (0))); 80 GNUNET_assert(NULL != (phi = gcry_mpi_new(0)));
80 gcry_mpi_sub_ui (p, p, 1); 81 gcry_mpi_sub_ui(p, p, 1);
81 gcry_mpi_sub_ui (q, q, 1); 82 gcry_mpi_sub_ui(q, q, 1);
82 gcry_mpi_mul (phi, p, q); 83 gcry_mpi_mul(phi, p, q);
83 gcry_mpi_release (p); 84 gcry_mpi_release(p);
84 gcry_mpi_release (q); 85 gcry_mpi_release(q);
85 86
86 /* lambda equals phi(n) in the simplified key generation */ 87 /* lambda equals phi(n) in the simplified key generation */
87 GNUNET_CRYPTO_mpi_print_unsigned (private_key->lambda, 88 GNUNET_CRYPTO_mpi_print_unsigned(private_key->lambda,
88 GNUNET_CRYPTO_PAILLIER_BITS / 8, 89 GNUNET_CRYPTO_PAILLIER_BITS / 8,
89 phi); 90 phi);
90 /* mu = phi^{-1} mod n, as we use g = n + 1 */ 91 /* mu = phi^{-1} mod n, as we use g = n + 1 */
91 GNUNET_assert (NULL != (mu = gcry_mpi_new (0))); 92 GNUNET_assert(NULL != (mu = gcry_mpi_new(0)));
92 GNUNET_assert (0 != gcry_mpi_invm (mu, 93 GNUNET_assert(0 != gcry_mpi_invm(mu,
93 phi, 94 phi,
94 n)); 95 n));
95 gcry_mpi_release (phi); 96 gcry_mpi_release(phi);
96 gcry_mpi_release (n); 97 gcry_mpi_release(n);
97 GNUNET_CRYPTO_mpi_print_unsigned (private_key->mu, 98 GNUNET_CRYPTO_mpi_print_unsigned(private_key->mu,
98 GNUNET_CRYPTO_PAILLIER_BITS / 8, 99 GNUNET_CRYPTO_PAILLIER_BITS / 8,
99 mu); 100 mu);
100 gcry_mpi_release (mu); 101 gcry_mpi_release(mu);
101} 102}
102 103
103 104
@@ -113,7 +114,7 @@ GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_ke
113 * or -1 if less than one homomorphic operation is possible 114 * or -1 if less than one homomorphic operation is possible
114 */ 115 */
115int 116int
116GNUNET_CRYPTO_paillier_encrypt1 (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 117GNUNET_CRYPTO_paillier_encrypt1(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
117 const gcry_mpi_t m, 118 const gcry_mpi_t m,
118 int desired_ops, 119 int desired_ops,
119 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext) 120 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext)
@@ -129,69 +130,70 @@ GNUNET_CRYPTO_paillier_encrypt1 (const struct GNUNET_CRYPTO_PaillierPublicKey *p
129 130
130 /* determine how many operations we could allow, if the other number 131 /* determine how many operations we could allow, if the other number
131 has the same length. */ 132 has the same length. */
132 GNUNET_assert (NULL != (tmp1 = gcry_mpi_set_ui (NULL, 1))); 133 GNUNET_assert(NULL != (tmp1 = gcry_mpi_set_ui(NULL, 1)));
133 GNUNET_assert (NULL != (tmp2 = gcry_mpi_set_ui (NULL, 2))); 134 GNUNET_assert(NULL != (tmp2 = gcry_mpi_set_ui(NULL, 2)));
134 gcry_mpi_mul_2exp (tmp1, tmp1, GNUNET_CRYPTO_PAILLIER_BITS); 135 gcry_mpi_mul_2exp(tmp1, tmp1, GNUNET_CRYPTO_PAILLIER_BITS);
135 136
136 /* count number of possible operations 137 /* count number of possible operations
137 this would be nicer with gcry_mpi_get_nbits, however it does not return 138 this would be nicer with gcry_mpi_get_nbits, however it does not return
138 the BITLENGTH of the given MPI's value, but the bits required 139 the BITLENGTH of the given MPI's value, but the bits required
139 to represent the number as MPI. */ 140 to represent the number as MPI. */
140 for (possible_opts = -2; gcry_mpi_cmp (tmp1, m) > 0; possible_opts++) 141 for (possible_opts = -2; gcry_mpi_cmp(tmp1, m) > 0; possible_opts++)
141 gcry_mpi_div (tmp1, NULL, tmp1, tmp2, 0); 142 gcry_mpi_div(tmp1, NULL, tmp1, tmp2, 0);
142 gcry_mpi_release (tmp1); 143 gcry_mpi_release(tmp1);
143 gcry_mpi_release (tmp2); 144 gcry_mpi_release(tmp2);
144 145
145 if (possible_opts < 1) 146 if (possible_opts < 1)
146 possible_opts = 0; 147 possible_opts = 0;
147 /* soft-cap by caller */ 148 /* soft-cap by caller */
148 possible_opts = (desired_ops < possible_opts)? desired_ops : possible_opts; 149 possible_opts = (desired_ops < possible_opts) ? desired_ops : possible_opts;
149 150
150 ciphertext->remaining_ops = htonl (possible_opts); 151 ciphertext->remaining_ops = htonl(possible_opts);
151 152
152 GNUNET_CRYPTO_mpi_scan_unsigned (&n, 153 GNUNET_CRYPTO_mpi_scan_unsigned(&n,
153 public_key, 154 public_key,
154 sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); 155 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey));
155 highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1; 156 highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1;
156 while ( (! gcry_mpi_test_bit (n, highbit)) && 157 while ((!gcry_mpi_test_bit(n, highbit)) &&
157 (0 != highbit) ) 158 (0 != highbit))
158 highbit--; 159 highbit--;
159 if (0 == highbit) 160 if (0 == highbit)
160 { 161 {
161 /* invalid public key */ 162 /* invalid public key */
162 GNUNET_break_op (0); 163 GNUNET_break_op(0);
163 gcry_mpi_release (n); 164 gcry_mpi_release(n);
164 return GNUNET_SYSERR; 165 return GNUNET_SYSERR;
165 } 166 }
166 GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); 167 GNUNET_assert(0 != (n_square = gcry_mpi_new(0)));
167 GNUNET_assert (0 != (r = gcry_mpi_new (0))); 168 GNUNET_assert(0 != (r = gcry_mpi_new(0)));
168 GNUNET_assert (0 != (c = gcry_mpi_new (0))); 169 GNUNET_assert(0 != (c = gcry_mpi_new(0)));
169 gcry_mpi_mul (n_square, n, n); 170 gcry_mpi_mul(n_square, n, n);
170 171
171 /* generate r < n (without bias) */ 172 /* generate r < n (without bias) */
172 do { 173 do
173 gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM); 174 {
174 } 175 gcry_mpi_randomize(r, highbit + 1, GCRY_STRONG_RANDOM);
175 while (gcry_mpi_cmp (r, n) >= 0); 176 }
177 while (gcry_mpi_cmp(r, n) >= 0);
176 178
177 /* c = (n+1)^m mod n^2 */ 179 /* c = (n+1)^m mod n^2 */
178 /* c = n + 1 */ 180 /* c = n + 1 */
179 gcry_mpi_add_ui (c, n, 1); 181 gcry_mpi_add_ui(c, n, 1);
180 /* c = (n+1)^m mod n^2 */ 182 /* c = (n+1)^m mod n^2 */
181 gcry_mpi_powm (c, c, m, n_square); 183 gcry_mpi_powm(c, c, m, n_square);
182 /* r <- r^n mod n^2 */ 184 /* r <- r^n mod n^2 */
183 gcry_mpi_powm (r, r, n, n_square); 185 gcry_mpi_powm(r, r, n, n_square);
184 /* c <- r*c mod n^2 */ 186 /* c <- r*c mod n^2 */
185 gcry_mpi_mulm (c, r, c, n_square); 187 gcry_mpi_mulm(c, r, c, n_square);
186 188
187 GNUNET_CRYPTO_mpi_print_unsigned (ciphertext->bits, 189 GNUNET_CRYPTO_mpi_print_unsigned(ciphertext->bits,
188 sizeof ciphertext->bits, 190 sizeof ciphertext->bits,
189 c); 191 c);
190 192
191 gcry_mpi_release (n_square); 193 gcry_mpi_release(n_square);
192 gcry_mpi_release (n); 194 gcry_mpi_release(n);
193 gcry_mpi_release (r); 195 gcry_mpi_release(r);
194 gcry_mpi_release (c); 196 gcry_mpi_release(c);
195 197
196 return possible_opts; 198 return possible_opts;
197} 199}
@@ -209,10 +211,10 @@ GNUNET_CRYPTO_paillier_encrypt1 (const struct GNUNET_CRYPTO_PaillierPublicKey *p
209 * or -1 if less than one homomorphic operation is possible 211 * or -1 if less than one homomorphic operation is possible
210 */ 212 */
211int 213int
212GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 214GNUNET_CRYPTO_paillier_encrypt(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
213 const gcry_mpi_t m, 215 const gcry_mpi_t m,
214 int desired_ops, 216 int desired_ops,
215 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext) 217 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext)
216{ 218{
217 int possible_opts; 219 int possible_opts;
218 gcry_mpi_t n_square; 220 gcry_mpi_t n_square;
@@ -227,86 +229,87 @@ GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *pu
227 229
228 /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest 230 /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest
229 number we can have as a result */ 231 number we can have as a result */
230 GNUNET_assert (NULL != (max_num = gcry_mpi_set_ui (NULL, 1))); 232 GNUNET_assert(NULL != (max_num = gcry_mpi_set_ui(NULL, 1)));
231 gcry_mpi_mul_2exp (max_num, 233 gcry_mpi_mul_2exp(max_num,
232 max_num, 234 max_num,
233 GNUNET_CRYPTO_PAILLIER_BITS); 235 GNUNET_CRYPTO_PAILLIER_BITS);
234 236
235 /* Determine how many operations we could allow, assuming the other 237 /* Determine how many operations we could allow, assuming the other
236 number has the same length (or is smaller), by counting the 238 number has the same length (or is smaller), by counting the
237 number of possible operations. We essentially divide max_num by 239 number of possible operations. We essentially divide max_num by
238 2 until the result is no longer larger than 'm', incrementing the 240 2 until the result is no longer larger than 'm', incrementing the
239 maximum number of operations in each round, starting at -2 */ 241 maximum number of operations in each round, starting at -2 */
240 for (possible_opts = -2; gcry_mpi_cmp (max_num, m) > 0; possible_opts++) 242 for (possible_opts = -2; gcry_mpi_cmp(max_num, m) > 0; possible_opts++)
241 gcry_mpi_div (max_num, 243 gcry_mpi_div(max_num,
242 NULL, 244 NULL,
243 max_num, 245 max_num,
244 GCRYMPI_CONST_TWO, 246 GCRYMPI_CONST_TWO,
245 0); 247 0);
246 gcry_mpi_release (max_num); 248 gcry_mpi_release(max_num);
247 249
248 if (possible_opts < 1) 250 if (possible_opts < 1)
249 possible_opts = 0; 251 possible_opts = 0;
250 /* Enforce soft-cap by caller */ 252 /* Enforce soft-cap by caller */
251 possible_opts = GNUNET_MIN (desired_ops, possible_opts); 253 possible_opts = GNUNET_MIN(desired_ops, possible_opts);
252 ciphertext->remaining_ops = htonl (possible_opts); 254 ciphertext->remaining_ops = htonl(possible_opts);
253 255
254 GNUNET_CRYPTO_mpi_scan_unsigned (&n, 256 GNUNET_CRYPTO_mpi_scan_unsigned(&n,
255 public_key, 257 public_key,
256 sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); 258 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey));
257 259
258 /* check public key for number of bits, bail out if key is all zeros */ 260 /* check public key for number of bits, bail out if key is all zeros */
259 highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1; 261 highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1;
260 while ( (! gcry_mpi_test_bit (n, highbit)) && 262 while ((!gcry_mpi_test_bit(n, highbit)) &&
261 (0 != highbit) ) 263 (0 != highbit))
262 highbit--; 264 highbit--;
263 if (0 == highbit) 265 if (0 == highbit)
264 { 266 {
265 /* invalid public key */ 267 /* invalid public key */
266 GNUNET_break_op (0); 268 GNUNET_break_op(0);
267 gcry_mpi_release (n); 269 gcry_mpi_release(n);
268 return GNUNET_SYSERR; 270 return GNUNET_SYSERR;
269 } 271 }
270 272
271 /* generate r < n (without bias) */ 273 /* generate r < n (without bias) */
272 GNUNET_assert (NULL != (r = gcry_mpi_new (0))); 274 GNUNET_assert(NULL != (r = gcry_mpi_new(0)));
273 do { 275 do
274 gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM); 276 {
275 } 277 gcry_mpi_randomize(r, highbit + 1, GCRY_STRONG_RANDOM);
276 while (gcry_mpi_cmp (r, n) >= 0); 278 }
279 while (gcry_mpi_cmp(r, n) >= 0);
277 280
278 /* g = n + 1 */ 281 /* g = n + 1 */
279 GNUNET_assert (0 != (g = gcry_mpi_new (0))); 282 GNUNET_assert(0 != (g = gcry_mpi_new(0)));
280 gcry_mpi_add_ui (g, n, 1); 283 gcry_mpi_add_ui(g, n, 1);
281 284
282 /* n_square = n^2 */ 285 /* n_square = n^2 */
283 GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); 286 GNUNET_assert(0 != (n_square = gcry_mpi_new(0)));
284 gcry_mpi_mul (n_square, 287 gcry_mpi_mul(n_square,
285 n, 288 n,
286 n); 289 n);
287 290
288 /* gm = g^m mod n^2 */ 291 /* gm = g^m mod n^2 */
289 GNUNET_assert (0 != (gm = gcry_mpi_new (0))); 292 GNUNET_assert(0 != (gm = gcry_mpi_new(0)));
290 gcry_mpi_powm (gm, g, m, n_square); 293 gcry_mpi_powm(gm, g, m, n_square);
291 gcry_mpi_release (g); 294 gcry_mpi_release(g);
292 295
293 /* rn <- r^n mod n^2 */ 296 /* rn <- r^n mod n^2 */
294 GNUNET_assert (0 != (rn = gcry_mpi_new (0))); 297 GNUNET_assert(0 != (rn = gcry_mpi_new(0)));
295 gcry_mpi_powm (rn, r, n, n_square); 298 gcry_mpi_powm(rn, r, n, n_square);
296 gcry_mpi_release (r); 299 gcry_mpi_release(r);
297 gcry_mpi_release (n); 300 gcry_mpi_release(n);
298 301
299 /* c <- rn * gm mod n^2 */ 302 /* c <- rn * gm mod n^2 */
300 GNUNET_assert (0 != (c = gcry_mpi_new (0))); 303 GNUNET_assert(0 != (c = gcry_mpi_new(0)));
301 gcry_mpi_mulm (c, rn, gm, n_square); 304 gcry_mpi_mulm(c, rn, gm, n_square);
302 gcry_mpi_release (n_square); 305 gcry_mpi_release(n_square);
303 gcry_mpi_release (gm); 306 gcry_mpi_release(gm);
304 gcry_mpi_release (rn); 307 gcry_mpi_release(rn);
305 308
306 GNUNET_CRYPTO_mpi_print_unsigned (ciphertext->bits, 309 GNUNET_CRYPTO_mpi_print_unsigned(ciphertext->bits,
307 sizeof (ciphertext->bits), 310 sizeof(ciphertext->bits),
308 c); 311 c);
309 gcry_mpi_release (c); 312 gcry_mpi_release(c);
310 313
311 return possible_opts; 314 return possible_opts;
312} 315}
@@ -321,10 +324,10 @@ GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *pu
321 * @param[out] m Decryption of @a ciphertext with @private_key. 324 * @param[out] m Decryption of @a ciphertext with @private_key.
322 */ 325 */
323void 326void
324GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, 327GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key,
325 const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 328 const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
326 const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, 329 const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext,
327 gcry_mpi_t m) 330 gcry_mpi_t m)
328{ 331{
329 gcry_mpi_t mu; 332 gcry_mpi_t mu;
330 gcry_mpi_t lambda; 333 gcry_mpi_t lambda;
@@ -335,48 +338,48 @@ GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *p
335 gcry_mpi_t cmum1; 338 gcry_mpi_t cmum1;
336 gcry_mpi_t mod; 339 gcry_mpi_t mod;
337 340
338 GNUNET_CRYPTO_mpi_scan_unsigned (&lambda, 341 GNUNET_CRYPTO_mpi_scan_unsigned(&lambda,
339 private_key->lambda, 342 private_key->lambda,
340 sizeof (private_key->lambda)); 343 sizeof(private_key->lambda));
341 GNUNET_CRYPTO_mpi_scan_unsigned (&mu, 344 GNUNET_CRYPTO_mpi_scan_unsigned(&mu,
342 private_key->mu, 345 private_key->mu,
343 sizeof (private_key->mu)); 346 sizeof(private_key->mu));
344 GNUNET_CRYPTO_mpi_scan_unsigned (&n, 347 GNUNET_CRYPTO_mpi_scan_unsigned(&n,
345 public_key, 348 public_key,
346 sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); 349 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey));
347 GNUNET_CRYPTO_mpi_scan_unsigned (&c, 350 GNUNET_CRYPTO_mpi_scan_unsigned(&c,
348 ciphertext->bits, 351 ciphertext->bits,
349 sizeof (ciphertext->bits)); 352 sizeof(ciphertext->bits));
350 353
351 /* n_square = n * n */ 354 /* n_square = n * n */
352 GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); 355 GNUNET_assert(0 != (n_square = gcry_mpi_new(0)));
353 gcry_mpi_mul (n_square, n, n); 356 gcry_mpi_mul(n_square, n, n);
354 357
355 /* cmu = c^lambda mod n^2 */ 358 /* cmu = c^lambda mod n^2 */
356 GNUNET_assert (0 != (cmu = gcry_mpi_new (0))); 359 GNUNET_assert(0 != (cmu = gcry_mpi_new(0)));
357 gcry_mpi_powm (cmu, 360 gcry_mpi_powm(cmu,
358 c, 361 c,
359 lambda, 362 lambda,
360 n_square); 363 n_square);
361 gcry_mpi_release (n_square); 364 gcry_mpi_release(n_square);
362 gcry_mpi_release (lambda); 365 gcry_mpi_release(lambda);
363 gcry_mpi_release (c); 366 gcry_mpi_release(c);
364 367
365 /* cmum1 = cmu - 1 */ 368 /* cmum1 = cmu - 1 */
366 GNUNET_assert (0 != (cmum1 = gcry_mpi_new (0))); 369 GNUNET_assert(0 != (cmum1 = gcry_mpi_new(0)));
367 gcry_mpi_sub_ui (cmum1, cmu, 1); 370 gcry_mpi_sub_ui(cmum1, cmu, 1);
368 gcry_mpi_release (cmu); 371 gcry_mpi_release(cmu);
369 372
370 /* mod = cmum1 / n (mod n) */ 373 /* mod = cmum1 / n (mod n) */
371 GNUNET_assert (0 != (mod = gcry_mpi_new (0))); 374 GNUNET_assert(0 != (mod = gcry_mpi_new(0)));
372 gcry_mpi_div (mod, NULL, cmum1, n, 0); 375 gcry_mpi_div(mod, NULL, cmum1, n, 0);
373 gcry_mpi_release (cmum1); 376 gcry_mpi_release(cmum1);
374 377
375 /* m = mod * mu mod n */ 378 /* m = mod * mu mod n */
376 gcry_mpi_mulm (m, mod, mu, n); 379 gcry_mpi_mulm(m, mod, mu, n);
377 gcry_mpi_release (mod); 380 gcry_mpi_release(mod);
378 gcry_mpi_release (mu); 381 gcry_mpi_release(mu);
379 gcry_mpi_release (n); 382 gcry_mpi_release(n);
380} 383}
381 384
382 385
@@ -395,10 +398,10 @@ GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *p
395 * #GNUNET_SYSERR if no more homomorphic operations are remaining. 398 * #GNUNET_SYSERR if no more homomorphic operations are remaining.
396 */ 399 */
397int 400int
398GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, 401GNUNET_CRYPTO_paillier_hom_add(const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
399 const struct GNUNET_CRYPTO_PaillierCiphertext *c1, 402 const struct GNUNET_CRYPTO_PaillierCiphertext *c1,
400 const struct GNUNET_CRYPTO_PaillierCiphertext *c2, 403 const struct GNUNET_CRYPTO_PaillierCiphertext *c2,
401 struct GNUNET_CRYPTO_PaillierCiphertext *result) 404 struct GNUNET_CRYPTO_PaillierCiphertext *result)
402{ 405{
403 gcry_mpi_t a; 406 gcry_mpi_t a;
404 gcry_mpi_t b; 407 gcry_mpi_t b;
@@ -408,42 +411,42 @@ GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *pu
408 int32_t o1; 411 int32_t o1;
409 int32_t o2; 412 int32_t o2;
410 413
411 o1 = (int32_t) ntohl (c1->remaining_ops); 414 o1 = (int32_t)ntohl(c1->remaining_ops);
412 o2 = (int32_t) ntohl (c2->remaining_ops); 415 o2 = (int32_t)ntohl(c2->remaining_ops);
413 if ( (0 >= o1) || (0 >= o2) ) 416 if ((0 >= o1) || (0 >= o2))
414 { 417 {
415 GNUNET_break_op (0); 418 GNUNET_break_op(0);
416 return GNUNET_SYSERR; 419 return GNUNET_SYSERR;
417 } 420 }
418 421
419 GNUNET_CRYPTO_mpi_scan_unsigned (&a, 422 GNUNET_CRYPTO_mpi_scan_unsigned(&a,
420 c1->bits, 423 c1->bits,
421 sizeof (c1->bits)); 424 sizeof(c1->bits));
422 GNUNET_CRYPTO_mpi_scan_unsigned (&b, 425 GNUNET_CRYPTO_mpi_scan_unsigned(&b,
423 c2->bits, 426 c2->bits,
424 sizeof (c2->bits)); 427 sizeof(c2->bits));
425 GNUNET_CRYPTO_mpi_scan_unsigned (&n, 428 GNUNET_CRYPTO_mpi_scan_unsigned(&n,
426 public_key, 429 public_key,
427 sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); 430 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey));
428 431
429 /* n_square = n * n */ 432 /* n_square = n * n */
430 GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); 433 GNUNET_assert(0 != (n_square = gcry_mpi_new(0)));
431 gcry_mpi_mul (n_square, n, n); 434 gcry_mpi_mul(n_square, n, n);
432 gcry_mpi_release (n); 435 gcry_mpi_release(n);
433 436
434 /* c = a * b mod n_square */ 437 /* c = a * b mod n_square */
435 GNUNET_assert (0 != (c = gcry_mpi_new (0))); 438 GNUNET_assert(0 != (c = gcry_mpi_new(0)));
436 gcry_mpi_mulm (c, a, b, n_square); 439 gcry_mpi_mulm(c, a, b, n_square);
437 gcry_mpi_release (n_square); 440 gcry_mpi_release(n_square);
438 gcry_mpi_release (a); 441 gcry_mpi_release(a);
439 gcry_mpi_release (b); 442 gcry_mpi_release(b);
440 443
441 result->remaining_ops = htonl (GNUNET_MIN (o1, o2) - 1); 444 result->remaining_ops = htonl(GNUNET_MIN(o1, o2) - 1);
442 GNUNET_CRYPTO_mpi_print_unsigned (result->bits, 445 GNUNET_CRYPTO_mpi_print_unsigned(result->bits,
443 sizeof (result->bits), 446 sizeof(result->bits),
444 c); 447 c);
445 gcry_mpi_release (c); 448 gcry_mpi_release(c);
446 return ntohl (result->remaining_ops); 449 return ntohl(result->remaining_ops);
447} 450}
448 451
449 452
@@ -454,10 +457,10 @@ GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *pu
454 * @return the number of remaining homomorphic operations 457 * @return the number of remaining homomorphic operations
455 */ 458 */
456int 459int
457GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c) 460GNUNET_CRYPTO_paillier_hom_get_remaining(const struct GNUNET_CRYPTO_PaillierCiphertext *c)
458{ 461{
459 GNUNET_assert (NULL != c); 462 GNUNET_assert(NULL != c);
460 return ntohl (c->remaining_ops); 463 return ntohl(c->remaining_ops);
461} 464}
462 465
463/* end of crypto_paillier.c */ 466/* end of crypto_paillier.c */
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-24 21:38:33 +0000