diff options
| author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-03 12:26:51 +0200 |
|---|---|---|
| committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-03 12:26:51 +0200 |
| commit | 342d3729dfcb88060c3541d2b38d23d3294a11fb (patch) | |
| tree | 2cf7efb54ca8fce0321c8c6984916f79854e720e /crypto.c | |
| parent | 3dea4b69f58a1545068bf56824787f6316ad5b95 (diff) | |
| download | libbrandt-342d3729dfcb88060c3541d2b38d23d3294a11fb.tar.gz libbrandt-342d3729dfcb88060c3541d2b38d23d3294a11fb.zip | |
style
Diffstat (limited to 'crypto.c')
| -rw-r--r-- | crypto.c | 142 |
1 files changed, 89 insertions, 53 deletions
| @@ -58,17 +58,17 @@ struct zkp_challenge_0og { | |||
| 58 | }; | 58 | }; |
| 59 | 59 | ||
| 60 | 60 | ||
| 61 | static gcry_ctx_t ec_ctx; | 61 | static gcry_ctx_t ec_ctx; |
| 62 | static gcry_mpi_point_t ec_gen; | 62 | static gcry_mpi_point_t ec_gen; |
| 63 | static gcry_mpi_point_t ec_zero; | 63 | static gcry_mpi_point_t ec_zero; |
| 64 | static gcry_mpi_t ec_n; | 64 | static gcry_mpi_t ec_n; |
| 65 | static struct GNUNET_CRYPTO_EccDlogContext *ec_dlogctx; | 65 | static struct GNUNET_CRYPTO_EccDlogContext *ec_dlogctx; |
| 66 | 66 | ||
| 67 | 67 | ||
| 68 | /** | 68 | /** |
| 69 | * brandt_crypto_init initializes the crypto system and must be called before | 69 | * brandt_crypto_init initializes the crypto system and must be called before |
| 70 | * any other function from this file. | 70 | * any other function from this file. |
| 71 | * | 71 | * |
| 72 | * @param[in] dlogctx Pointer to the prepared dlog context. | 72 | * @param[in] dlogctx Pointer to the prepared dlog context. |
| 73 | */ | 73 | */ |
| 74 | void | 74 | void |
| @@ -648,9 +648,9 @@ smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 648 | 648 | ||
| 649 | int | 649 | int |
| 650 | smc_recv_keyshare (struct BRANDT_Auction *ad, | 650 | smc_recv_keyshare (struct BRANDT_Auction *ad, |
| 651 | const unsigned char *buf, | 651 | const unsigned char *buf, |
| 652 | size_t buflen, | 652 | size_t buflen, |
| 653 | uint16_t sender) | 653 | uint16_t sender) |
| 654 | { | 654 | { |
| 655 | int ret = 0; | 655 | int ret = 0; |
| 656 | struct proof_dl *proof1; | 656 | struct proof_dl *proof1; |
| @@ -740,16 +740,16 @@ smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 740 | 740 | ||
| 741 | int | 741 | int |
| 742 | smc_recv_encrypted_bid (struct BRANDT_Auction *ad, | 742 | smc_recv_encrypted_bid (struct BRANDT_Auction *ad, |
| 743 | const unsigned char *buf, | 743 | const unsigned char *buf, |
| 744 | size_t buflen, | 744 | size_t buflen, |
| 745 | uint16_t sender) | 745 | uint16_t sender) |
| 746 | { | 746 | { |
| 747 | int ret = 0; | 747 | int ret = 0; |
| 748 | const unsigned char *cur = buf; | 748 | const unsigned char *cur = buf; |
| 749 | struct proof_0og *proof3; | 749 | struct proof_0og *proof3; |
| 750 | gcry_mpi_point_t **ct; /* ciphertexts */ | 750 | gcry_mpi_point_t **ct; /* ciphertexts */ |
| 751 | gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); | 751 | gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); |
| 752 | gcry_mpi_point_t beta_sum = gcry_mpi_point_new (0); | 752 | gcry_mpi_point_t beta_sum = gcry_mpi_point_new (0); |
| 753 | 753 | ||
| 754 | brandt_assert (ad && buf); | 754 | brandt_assert (ad && buf); |
| 755 | 755 | ||
| @@ -944,15 +944,15 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 944 | 944 | ||
| 945 | int | 945 | int |
| 946 | fp_pub_recv_outcome (struct BRANDT_Auction *ad, | 946 | fp_pub_recv_outcome (struct BRANDT_Auction *ad, |
| 947 | const unsigned char *buf, | 947 | const unsigned char *buf, |
| 948 | size_t buflen, | 948 | size_t buflen, |
| 949 | uint16_t sender) | 949 | uint16_t sender) |
| 950 | { | 950 | { |
| 951 | int ret = 0; | 951 | int ret = 0; |
| 952 | const unsigned char *cur = buf; | 952 | const unsigned char *cur = buf; |
| 953 | struct proof_2dle *proof2; | 953 | struct proof_2dle *proof2; |
| 954 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); | 954 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); |
| 955 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); | 955 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); |
| 956 | 956 | ||
| 957 | brandt_assert (ad && buf); | 957 | brandt_assert (ad && buf); |
| 958 | 958 | ||
| @@ -1058,14 +1058,14 @@ fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1058 | 1058 | ||
| 1059 | int | 1059 | int |
| 1060 | fp_pub_recv_decryption (struct BRANDT_Auction *ad, | 1060 | fp_pub_recv_decryption (struct BRANDT_Auction *ad, |
| 1061 | const unsigned char *buf, | 1061 | const unsigned char *buf, |
| 1062 | size_t buflen, | 1062 | size_t buflen, |
| 1063 | uint16_t sender) | 1063 | uint16_t sender) |
| 1064 | { | 1064 | { |
| 1065 | int ret = 0; | 1065 | int ret = 0; |
| 1066 | const unsigned char *cur = buf; | 1066 | const unsigned char *cur = buf; |
| 1067 | struct proof_2dle *proof2; | 1067 | struct proof_2dle *proof2; |
| 1068 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | 1068 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); |
| 1069 | 1069 | ||
| 1070 | brandt_assert (ad && buf); | 1070 | brandt_assert (ad && buf); |
| 1071 | 1071 | ||
| @@ -1296,15 +1296,15 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1296 | 1296 | ||
| 1297 | int | 1297 | int |
| 1298 | fp_priv_recv_outcome (struct BRANDT_Auction *ad, | 1298 | fp_priv_recv_outcome (struct BRANDT_Auction *ad, |
| 1299 | const unsigned char *buf, | 1299 | const unsigned char *buf, |
| 1300 | size_t buflen, | 1300 | size_t buflen, |
| 1301 | uint16_t sender) | 1301 | uint16_t sender) |
| 1302 | { | 1302 | { |
| 1303 | int ret = 0; | 1303 | int ret = 0; |
| 1304 | const unsigned char *cur = buf; | 1304 | const unsigned char *cur = buf; |
| 1305 | struct proof_2dle *proof2; | 1305 | struct proof_2dle *proof2; |
| 1306 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); | 1306 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); |
| 1307 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); | 1307 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); |
| 1308 | 1308 | ||
| 1309 | brandt_assert (ad && buf); | 1309 | brandt_assert (ad && buf); |
| 1310 | 1310 | ||
| @@ -1406,14 +1406,14 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1406 | 1406 | ||
| 1407 | int | 1407 | int |
| 1408 | fp_priv_recv_decryption (struct BRANDT_Auction *ad, | 1408 | fp_priv_recv_decryption (struct BRANDT_Auction *ad, |
| 1409 | const unsigned char *buf, | 1409 | const unsigned char *buf, |
| 1410 | size_t buflen, | 1410 | size_t buflen, |
| 1411 | uint16_t sender) | 1411 | uint16_t sender) |
| 1412 | { | 1412 | { |
| 1413 | int ret = 0; | 1413 | int ret = 0; |
| 1414 | const unsigned char *cur = buf; | 1414 | const unsigned char *cur = buf; |
| 1415 | struct proof_2dle *proof2; | 1415 | struct proof_2dle *proof2; |
| 1416 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | 1416 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); |
| 1417 | 1417 | ||
| 1418 | brandt_assert (ad && buf); | 1418 | brandt_assert (ad && buf); |
| 1419 | 1419 | ||
| @@ -1511,7 +1511,13 @@ smc_zkp_dl (gcry_mpi_point_t v, | |||
| 1511 | ec_point_serialize (&challenge.g, ec_gen); | 1511 | ec_point_serialize (&challenge.g, ec_gen); |
| 1512 | ec_point_serialize (&challenge.v, v); | 1512 | ec_point_serialize (&challenge.v, v); |
| 1513 | ec_point_serialize (&challenge.a, a); | 1513 | ec_point_serialize (&challenge.a, a); |
| 1514 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp dl"); | 1514 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
| 1515 | ec_n, | ||
| 1516 | NULL, | ||
| 1517 | 0, | ||
| 1518 | &challenge, | ||
| 1519 | sizeof (challenge), | ||
| 1520 | "libbrandt zkp dl"); | ||
| 1515 | 1521 | ||
| 1516 | /* r = z + cx */ | 1522 | /* r = z + cx */ |
| 1517 | gcry_mpi_mulm (r, c, x, ec_n); | 1523 | gcry_mpi_mulm (r, c, x, ec_n); |
| @@ -1554,7 +1560,13 @@ smc_zkp_dl_check (const gcry_mpi_point_t v, | |||
| 1554 | ec_point_serialize (&challenge.g, ec_gen); | 1560 | ec_point_serialize (&challenge.g, ec_gen); |
| 1555 | ec_point_serialize (&challenge.v, v); | 1561 | ec_point_serialize (&challenge.v, v); |
| 1556 | ec_point_serialize (&challenge.a, a); | 1562 | ec_point_serialize (&challenge.a, a); |
| 1557 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp dl"); | 1563 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
| 1564 | ec_n, | ||
| 1565 | NULL, | ||
| 1566 | 0, | ||
| 1567 | &challenge, | ||
| 1568 | sizeof (challenge), | ||
| 1569 | "libbrandt zkp dl"); | ||
| 1558 | 1570 | ||
| 1559 | /* rg =? a + cv */ | 1571 | /* rg =? a + cv */ |
| 1560 | gcry_mpi_ec_mul (left, r, ec_gen, ec_ctx); | 1572 | gcry_mpi_ec_mul (left, r, ec_gen, ec_ctx); |
| @@ -1632,7 +1644,13 @@ smc_zkp_2dle (gcry_mpi_point_t v, | |||
| 1632 | ec_point_serialize (&challenge.w, rw); | 1644 | ec_point_serialize (&challenge.w, rw); |
| 1633 | ec_point_serialize (&challenge.a, a); | 1645 | ec_point_serialize (&challenge.a, a); |
| 1634 | ec_point_serialize (&challenge.b, b); | 1646 | ec_point_serialize (&challenge.b, b); |
| 1635 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 2dle"); | 1647 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
| 1648 | ec_n, | ||
| 1649 | NULL, | ||
| 1650 | 0, | ||
| 1651 | &challenge, | ||
| 1652 | sizeof (challenge), | ||
| 1653 | "libbrandt zkp 2dle"); | ||
| 1636 | 1654 | ||
| 1637 | /* r = z + cx */ | 1655 | /* r = z + cx */ |
| 1638 | gcry_mpi_mulm (r, c, rx, ec_n); | 1656 | gcry_mpi_mulm (r, c, rx, ec_n); |
| @@ -1694,7 +1712,13 @@ smc_zkp_2dle_check (const gcry_mpi_point_t v, | |||
| 1694 | ec_point_serialize (&challenge.w, w); | 1712 | ec_point_serialize (&challenge.w, w); |
| 1695 | ec_point_serialize (&challenge.a, a); | 1713 | ec_point_serialize (&challenge.a, a); |
| 1696 | ec_point_serialize (&challenge.b, b); | 1714 | ec_point_serialize (&challenge.b, b); |
| 1697 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 2dle"); | 1715 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
| 1716 | ec_n, | ||
| 1717 | NULL, | ||
| 1718 | 0, | ||
| 1719 | &challenge, | ||
| 1720 | sizeof (challenge), | ||
| 1721 | "libbrandt zkp 2dle"); | ||
| 1698 | 1722 | ||
| 1699 | /* r*g1 =? a + cv */ | 1723 | /* r*g1 =? a + cv */ |
| 1700 | gcry_mpi_ec_mul (left, r, g1, ec_ctx); | 1724 | gcry_mpi_ec_mul (left, r, g1, ec_ctx); |
| @@ -1825,7 +1849,13 @@ smc_zkp_0og (int m_is_gen, | |||
| 1825 | ec_point_serialize (&challenge.a2, a2); | 1849 | ec_point_serialize (&challenge.a2, a2); |
| 1826 | ec_point_serialize (&challenge.b1, b1); | 1850 | ec_point_serialize (&challenge.b1, b1); |
| 1827 | ec_point_serialize (&challenge.b2, b2); | 1851 | ec_point_serialize (&challenge.b2, b2); |
| 1828 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 0og"); | 1852 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
| 1853 | ec_n, | ||
| 1854 | NULL, | ||
| 1855 | 0, | ||
| 1856 | &challenge, | ||
| 1857 | sizeof (challenge), | ||
| 1858 | "libbrandt zkp 0og"); | ||
| 1829 | 1859 | ||
| 1830 | if (!m_is_gen) | 1860 | if (!m_is_gen) |
| 1831 | { /* m == 0 */ | 1861 | { /* m == 0 */ |
| @@ -1918,7 +1948,13 @@ smc_zkp_0og_check (const gcry_mpi_point_t y, | |||
| 1918 | ec_point_serialize (&challenge.a2, a2); | 1948 | ec_point_serialize (&challenge.a2, a2); |
| 1919 | ec_point_serialize (&challenge.b1, b1); | 1949 | ec_point_serialize (&challenge.b1, b1); |
| 1920 | ec_point_serialize (&challenge.b2, b2); | 1950 | ec_point_serialize (&challenge.b2, b2); |
| 1921 | GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 0og"); | 1951 | GNUNET_CRYPTO_kdf_mod_mpi (&c, |
| 1952 | ec_n, | ||
| 1953 | NULL, | ||
| 1954 | 0, | ||
| 1955 | &challenge, | ||
| 1956 | sizeof (challenge), | ||
| 1957 | "libbrandt zkp 0og"); | ||
| 1922 | 1958 | ||
| 1923 | /* c == d1 + d2 */ | 1959 | /* c == d1 + d2 */ |
| 1924 | gcry_mpi_addm (sum, d1, d2, ec_n); | 1960 | gcry_mpi_addm (sum, d1, d2, ec_n); |