diff options
author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-03 12:26:51 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-03 12:26:51 +0200 |
commit | 342d3729dfcb88060c3541d2b38d23d3294a11fb (patch) | |
tree | 2cf7efb54ca8fce0321c8c6984916f79854e720e /crypto.c | |
parent | 3dea4b69f58a1545068bf56824787f6316ad5b95 (diff) | |
download | libbrandt-342d3729dfcb88060c3541d2b38d23d3294a11fb.tar.gz libbrandt-342d3729dfcb88060c3541d2b38d23d3294a11fb.zip |
style
Diffstat (limited to 'crypto.c')
-rw-r--r-- | crypto.c | 142 |
1 files changed, 89 insertions, 53 deletions
@@ -58,17 +58,17 @@ struct zkp_challenge_0og { | |||
58 | }; | 58 | }; |
59 | 59 | ||
60 | 60 | ||
61 | static gcry_ctx_t ec_ctx; | 61 | static gcry_ctx_t ec_ctx; |
62 | static gcry_mpi_point_t ec_gen; | 62 | static gcry_mpi_point_t ec_gen; |
63 | static gcry_mpi_point_t ec_zero; | 63 | static gcry_mpi_point_t ec_zero; |
64 | static gcry_mpi_t ec_n; | 64 | static gcry_mpi_t ec_n; |
65 | static struct GNUNET_CRYPTO_EccDlogContext *ec_dlogctx; | 65 | static struct GNUNET_CRYPTO_EccDlogContext *ec_dlogctx; |
66 | 66 | ||
67 | 67 | ||
68 | /** | 68 | /** |
69 | * brandt_crypto_init initializes the crypto system and must be called before | 69 | * brandt_crypto_init initializes the crypto system and must be called before |
70 | * any other function from this file. | 70 | * any other function from this file. |
71 | * | 71 | * |
72 | * @param[in] dlogctx Pointer to the prepared dlog context. | 72 | * @param[in] dlogctx Pointer to the prepared dlog context. |
73 | */ | 73 | */ |
74 | void | 74 | void |
@@ -648,9 +648,9 @@ smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) | |||
648 | 648 | ||
649 | int | 649 | int |
650 | smc_recv_keyshare (struct BRANDT_Auction *ad, | 650 | smc_recv_keyshare (struct BRANDT_Auction *ad, |
651 | const unsigned char *buf, | 651 | const unsigned char *buf, |
652 | size_t buflen, | 652 | size_t buflen, |
653 | uint16_t sender) | 653 | uint16_t sender) |
654 | { | 654 | { |
655 | int ret = 0; | 655 | int ret = 0; |
656 | struct proof_dl *proof1; | 656 | struct proof_dl *proof1; |
@@ -740,16 +740,16 @@ smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | |||
740 | 740 | ||
741 | int | 741 | int |
742 | smc_recv_encrypted_bid (struct BRANDT_Auction *ad, | 742 | smc_recv_encrypted_bid (struct BRANDT_Auction *ad, |
743 | const unsigned char *buf, | 743 | const unsigned char *buf, |
744 | size_t buflen, | 744 | size_t buflen, |
745 | uint16_t sender) | 745 | uint16_t sender) |
746 | { | 746 | { |
747 | int ret = 0; | 747 | int ret = 0; |
748 | const unsigned char *cur = buf; | 748 | const unsigned char *cur = buf; |
749 | struct proof_0og *proof3; | 749 | struct proof_0og *proof3; |
750 | gcry_mpi_point_t **ct; /* ciphertexts */ | 750 | gcry_mpi_point_t **ct; /* ciphertexts */ |
751 | gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); | 751 | gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); |
752 | gcry_mpi_point_t beta_sum = gcry_mpi_point_new (0); | 752 | gcry_mpi_point_t beta_sum = gcry_mpi_point_new (0); |
753 | 753 | ||
754 | brandt_assert (ad && buf); | 754 | brandt_assert (ad && buf); |
755 | 755 | ||
@@ -944,15 +944,15 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
944 | 944 | ||
945 | int | 945 | int |
946 | fp_pub_recv_outcome (struct BRANDT_Auction *ad, | 946 | fp_pub_recv_outcome (struct BRANDT_Auction *ad, |
947 | const unsigned char *buf, | 947 | const unsigned char *buf, |
948 | size_t buflen, | 948 | size_t buflen, |
949 | uint16_t sender) | 949 | uint16_t sender) |
950 | { | 950 | { |
951 | int ret = 0; | 951 | int ret = 0; |
952 | const unsigned char *cur = buf; | 952 | const unsigned char *cur = buf; |
953 | struct proof_2dle *proof2; | 953 | struct proof_2dle *proof2; |
954 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); | 954 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); |
955 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); | 955 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); |
956 | 956 | ||
957 | brandt_assert (ad && buf); | 957 | brandt_assert (ad && buf); |
958 | 958 | ||
@@ -1058,14 +1058,14 @@ fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1058 | 1058 | ||
1059 | int | 1059 | int |
1060 | fp_pub_recv_decryption (struct BRANDT_Auction *ad, | 1060 | fp_pub_recv_decryption (struct BRANDT_Auction *ad, |
1061 | const unsigned char *buf, | 1061 | const unsigned char *buf, |
1062 | size_t buflen, | 1062 | size_t buflen, |
1063 | uint16_t sender) | 1063 | uint16_t sender) |
1064 | { | 1064 | { |
1065 | int ret = 0; | 1065 | int ret = 0; |
1066 | const unsigned char *cur = buf; | 1066 | const unsigned char *cur = buf; |
1067 | struct proof_2dle *proof2; | 1067 | struct proof_2dle *proof2; |
1068 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | 1068 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); |
1069 | 1069 | ||
1070 | brandt_assert (ad && buf); | 1070 | brandt_assert (ad && buf); |
1071 | 1071 | ||
@@ -1296,15 +1296,15 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1296 | 1296 | ||
1297 | int | 1297 | int |
1298 | fp_priv_recv_outcome (struct BRANDT_Auction *ad, | 1298 | fp_priv_recv_outcome (struct BRANDT_Auction *ad, |
1299 | const unsigned char *buf, | 1299 | const unsigned char *buf, |
1300 | size_t buflen, | 1300 | size_t buflen, |
1301 | uint16_t sender) | 1301 | uint16_t sender) |
1302 | { | 1302 | { |
1303 | int ret = 0; | 1303 | int ret = 0; |
1304 | const unsigned char *cur = buf; | 1304 | const unsigned char *cur = buf; |
1305 | struct proof_2dle *proof2; | 1305 | struct proof_2dle *proof2; |
1306 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); | 1306 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); |
1307 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); | 1307 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); |
1308 | 1308 | ||
1309 | brandt_assert (ad && buf); | 1309 | brandt_assert (ad && buf); |
1310 | 1310 | ||
@@ -1406,14 +1406,14 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1406 | 1406 | ||
1407 | int | 1407 | int |
1408 | fp_priv_recv_decryption (struct BRANDT_Auction *ad, | 1408 | fp_priv_recv_decryption (struct BRANDT_Auction *ad, |
1409 | const unsigned char *buf, | 1409 | const unsigned char *buf, |
1410 | size_t buflen, | 1410 | size_t buflen, |
1411 | uint16_t sender) | 1411 | uint16_t sender) |
1412 | { | 1412 | { |
1413 | int ret = 0; | 1413 | int ret = 0; |
1414 | const unsigned char *cur = buf; | 1414 | const unsigned char *cur = buf; |
1415 | struct proof_2dle *proof2; | 1415 | struct proof_2dle *proof2; |
1416 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | 1416 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); |
1417 | 1417 | ||
1418 | brandt_assert (ad && buf); | 1418 | brandt_assert (ad && buf); |
1419 | 1419 | ||
@@ -1511,7 +1511,13 @@ smc_zkp_dl (gcry_mpi_point_t v, | |||
1511 | ec_point_serialize (&challenge.g, ec_gen); | 1511 | ec_point_serialize (&challenge.g, ec_gen); |
1512 | ec_point_serialize (&challenge.v, v); | 1512 | ec_point_serialize (&challenge.v, v); |
1513 | ec_point_serialize (&challenge.a, a); | 1513 | ec_point_serialize (&challenge.a, a); |
1514 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp dl"); | 1514 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
1515 | ec_n, | ||
1516 | NULL, | ||
1517 | 0, | ||
1518 | &challenge, | ||
1519 | sizeof (challenge), | ||
1520 | "libbrandt zkp dl"); | ||
1515 | 1521 | ||
1516 | /* r = z + cx */ | 1522 | /* r = z + cx */ |
1517 | gcry_mpi_mulm (r, c, x, ec_n); | 1523 | gcry_mpi_mulm (r, c, x, ec_n); |
@@ -1554,7 +1560,13 @@ smc_zkp_dl_check (const gcry_mpi_point_t v, | |||
1554 | ec_point_serialize (&challenge.g, ec_gen); | 1560 | ec_point_serialize (&challenge.g, ec_gen); |
1555 | ec_point_serialize (&challenge.v, v); | 1561 | ec_point_serialize (&challenge.v, v); |
1556 | ec_point_serialize (&challenge.a, a); | 1562 | ec_point_serialize (&challenge.a, a); |
1557 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp dl"); | 1563 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
1564 | ec_n, | ||
1565 | NULL, | ||
1566 | 0, | ||
1567 | &challenge, | ||
1568 | sizeof (challenge), | ||
1569 | "libbrandt zkp dl"); | ||
1558 | 1570 | ||
1559 | /* rg =? a + cv */ | 1571 | /* rg =? a + cv */ |
1560 | gcry_mpi_ec_mul (left, r, ec_gen, ec_ctx); | 1572 | gcry_mpi_ec_mul (left, r, ec_gen, ec_ctx); |
@@ -1632,7 +1644,13 @@ smc_zkp_2dle (gcry_mpi_point_t v, | |||
1632 | ec_point_serialize (&challenge.w, rw); | 1644 | ec_point_serialize (&challenge.w, rw); |
1633 | ec_point_serialize (&challenge.a, a); | 1645 | ec_point_serialize (&challenge.a, a); |
1634 | ec_point_serialize (&challenge.b, b); | 1646 | ec_point_serialize (&challenge.b, b); |
1635 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 2dle"); | 1647 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
1648 | ec_n, | ||
1649 | NULL, | ||
1650 | 0, | ||
1651 | &challenge, | ||
1652 | sizeof (challenge), | ||
1653 | "libbrandt zkp 2dle"); | ||
1636 | 1654 | ||
1637 | /* r = z + cx */ | 1655 | /* r = z + cx */ |
1638 | gcry_mpi_mulm (r, c, rx, ec_n); | 1656 | gcry_mpi_mulm (r, c, rx, ec_n); |
@@ -1694,7 +1712,13 @@ smc_zkp_2dle_check (const gcry_mpi_point_t v, | |||
1694 | ec_point_serialize (&challenge.w, w); | 1712 | ec_point_serialize (&challenge.w, w); |
1695 | ec_point_serialize (&challenge.a, a); | 1713 | ec_point_serialize (&challenge.a, a); |
1696 | ec_point_serialize (&challenge.b, b); | 1714 | ec_point_serialize (&challenge.b, b); |
1697 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 2dle"); | 1715 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
1716 | ec_n, | ||
1717 | NULL, | ||
1718 | 0, | ||
1719 | &challenge, | ||
1720 | sizeof (challenge), | ||
1721 | "libbrandt zkp 2dle"); | ||
1698 | 1722 | ||
1699 | /* r*g1 =? a + cv */ | 1723 | /* r*g1 =? a + cv */ |
1700 | gcry_mpi_ec_mul (left, r, g1, ec_ctx); | 1724 | gcry_mpi_ec_mul (left, r, g1, ec_ctx); |
@@ -1825,7 +1849,13 @@ smc_zkp_0og (int m_is_gen, | |||
1825 | ec_point_serialize (&challenge.a2, a2); | 1849 | ec_point_serialize (&challenge.a2, a2); |
1826 | ec_point_serialize (&challenge.b1, b1); | 1850 | ec_point_serialize (&challenge.b1, b1); |
1827 | ec_point_serialize (&challenge.b2, b2); | 1851 | ec_point_serialize (&challenge.b2, b2); |
1828 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 0og"); | 1852 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
1853 | ec_n, | ||
1854 | NULL, | ||
1855 | 0, | ||
1856 | &challenge, | ||
1857 | sizeof (challenge), | ||
1858 | "libbrandt zkp 0og"); | ||
1829 | 1859 | ||
1830 | if (!m_is_gen) | 1860 | if (!m_is_gen) |
1831 | { /* m == 0 */ | 1861 | { /* m == 0 */ |
@@ -1918,7 +1948,13 @@ smc_zkp_0og_check (const gcry_mpi_point_t y, | |||
1918 | ec_point_serialize (&challenge.a2, a2); | 1948 | ec_point_serialize (&challenge.a2, a2); |
1919 | ec_point_serialize (&challenge.b1, b1); | 1949 | ec_point_serialize (&challenge.b1, b1); |
1920 | ec_point_serialize (&challenge.b2, b2); | 1950 | ec_point_serialize (&challenge.b2, b2); |
1921 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 0og"); | 1951 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
1952 | ec_n, | ||
1953 | NULL, | ||
1954 | 0, | ||
1955 | &challenge, | ||
1956 | sizeof (challenge), | ||
1957 | "libbrandt zkp 0og"); | ||
1922 | 1958 | ||
1923 | /* c == d1 + d2 */ | 1959 | /* c == d1 + d2 */ |
1924 | gcry_mpi_addm (sum, d1, d2, ec_n); | 1960 | gcry_mpi_addm (sum, d1, d2, ec_n); |