GNUnet  0.11.x
Data Structures | Macros | Functions
crypto_ecc_dlog.c File Reference

ECC addition and discreate logarithm for small values. More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_crypto_lib.h"
#include "gnunet_container_lib.h"
Include dependency graph for crypto_ecc_dlog.c:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_EccDlogContext
 Internal structure used to cache pre-calculated values for DLOG calculation. More...
 

Macros

#define CURVE   "Ed25519"
 Name of the curve we are using. More...
 

Functions

static void extract_pk (gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
 
void GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t point, struct GNUNET_CRYPTO_EccPoint *bin)
 Convert point value to binary representation. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, const struct GNUNET_CRYPTO_EccPoint *bin)
 Convert binary representation of a point to computational representation. More...
 
struct GNUNET_CRYPTO_EccDlogContextGNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, unsigned int mem)
 Do pre-calculation for ECC discrete logarithm for small factors. More...
 
int GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t input)
 Calculate ECC discrete logarithm for small factors. More...
 
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
 Generate a random value mod n. More...
 
void GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
 Release precalculated values. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t val)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t a, gcry_mpi_point_t b)
 Add two points on the elliptic curve. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t p, gcry_mpi_t val)
 Multiply the point p on the elliptic curve by val. More...
 
void GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t *r, gcry_mpi_point_t *r_inv)
 Obtain a random point on the curve and its additive inverse. More...
 
void GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t *r, gcry_mpi_t *r_inv)
 Obtain a random scalar for point multiplication on the curve and its multiplicative inverse. More...
 
void GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p)
 Free a point value returned by the API. More...
 

Detailed Description

ECC addition and discreate logarithm for small values.

Allows us to use ECC for computations as long as the result is relativey small.

Author
Christian Grothoff

Definition in file crypto_ecc_dlog.c.

Macro Definition Documentation

◆ CURVE

#define CURVE   "Ed25519"

Name of the curve we are using.

Note that we have hard-coded structs that use 256 bits, so using a bigger curve will require changes that break stuff badly. The name of the curve given here must be agreed by all peers and be supported by libgcrypt.

Definition at line 40 of file crypto_ecc_dlog.c.

Referenced by GNUNET_CRYPTO_ecc_bin_to_point(), and GNUNET_CRYPTO_ecc_dlog_prepare().

Function Documentation

◆ extract_pk()

static void extract_pk ( gcry_mpi_point_t  pt,
gcry_ctx_t  ctx,
struct GNUNET_PeerIdentity pid 
)
static

Definition at line 47 of file crypto_ecc_dlog.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_PeerIdentity::public_key, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GNUNET_CRYPTO_ecc_dlog(), and GNUNET_CRYPTO_ecc_dlog_prepare().

50 {
51  gcry_mpi_t q_y;
52 
53  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", pt, ctx));
54  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
55  GNUNET_assert (q_y);
57  sizeof(pid->public_key.q_y),
58  q_y);
59  gcry_mpi_release (q_y);
60 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_point_to_bin()

void GNUNET_CRYPTO_ecc_point_to_bin ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  point,
struct GNUNET_CRYPTO_EccPoint bin 
)

Convert point value to binary representation.

Parameters
edccalculation context for ECC operations
pointcomputational point representation
[out]binbinary point representation

Definition at line 101 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by send_alices_cryptodata_message(), and transmit_bobs_cryptodata_message().

104 {
105  gcry_mpi_t q_y;
106 
107  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx));
108  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0);
109  GNUNET_assert (q_y);
111  sizeof(bin->q_y),
112  q_y);
113  gcry_mpi_release (q_y);
114 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_bin_to_point()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point ( struct GNUNET_CRYPTO_EccDlogContext edc,
const struct GNUNET_CRYPTO_EccPoint bin 
)

Convert binary representation of a point to computational representation.

Parameters
edccalculation context for ECC operations
binbinary point representation
Returns
computational representation

Definition at line 125 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, GNUNET_assert, GNUNET_break, q, and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by handle_alices_cryptodata_message(), and handle_bobs_cryptodata_message().

127 {
128  gcry_sexp_t pub_sexpr;
129  gcry_ctx_t ctx;
130  gcry_mpi_point_t q;
131 
132  (void) edc;
133  if (0 != gcry_sexp_build (&pub_sexpr, NULL,
134  "(public-key(ecc(curve " CURVE ")(q %b)))",
135  (int) sizeof(bin->q_y),
136  bin->q_y))
137  {
138  GNUNET_break (0);
139  return NULL;
140  }
141  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
142  gcry_sexp_release (pub_sexpr);
143  q = gcry_mpi_ec_get_point ("q", ctx, 0);
144  gcry_ctx_release (ctx);
145  return q;
146 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
#define CURVE
Name of the curve we are using.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_prepare()

struct GNUNET_CRYPTO_EccDlogContext* GNUNET_CRYPTO_ecc_dlog_prepare ( unsigned int  max,
unsigned int  mem 
)

Do pre-calculation for ECC discrete logarithm for small factors.

Parameters
maxmaximum value the factor can be
memmemory to use (should be smaller than max), must not be zero.
Returns
NULL on error

Definition at line 157 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, edc, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CONTAINER_multipeermap_put(), GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, and GNUNET_CRYPTO_EccDlogContext::mem.

Referenced by run().

159 {
161  unsigned int K = ((max + (mem - 1)) / mem);
162  gcry_mpi_point_t g;
163  struct GNUNET_PeerIdentity key;
164  gcry_mpi_point_t gKi;
165  gcry_mpi_t fact;
166  gcry_mpi_t n;
167  unsigned int i;
168 
169  GNUNET_assert (max < INT32_MAX);
171  edc->max = max;
172  edc->mem = mem;
173 
175  GNUNET_NO);
176 
177  GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
178  NULL,
179  CURVE));
180  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
181  GNUNET_assert (NULL != g);
182  fact = gcry_mpi_new (0);
183  gKi = gcry_mpi_point_new (0);
184  for (i = 0; i <= mem; i++)
185  {
186  gcry_mpi_set_ui (fact, i * K);
187  gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
188  extract_pk (gKi, edc->ctx, &key);
191  &key,
192  (void*) (long) i + max,
194  }
195  /* negative values */
196  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
197  for (i = 1; i < mem; i++)
198  {
199  gcry_mpi_set_ui (fact, i * K);
200  gcry_mpi_sub (fact, n, fact);
201  gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
202  extract_pk (gKi, edc->ctx, &key);
205  &key,
206  (void*) (long) max - i,
208  }
209  gcry_mpi_release (fact);
210  gcry_mpi_release (n);
211  gcry_mpi_point_release (gKi);
212  gcry_mpi_point_release (g);
213  return edc;
214 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
static void extract_pk(gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
#define GNUNET_NO
Definition: gnunet_common.h:78
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
static struct GNUNET_CRYPTO_EccDlogContext * edc
Context for DLOG operations on a curve.
There must only be one value per key; storing a value should fail if a value under the same key alrea...
struct GNUNET_HashCode key
The key used in the DHT.
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
The identity of the host (wraps the signing key of the peer).
Internal structure used to cache pre-calculated values for DLOG calculation.
#define CURVE
Name of the curve we are using.
unsigned int max
Maximum absolute value the calculation supports.
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog()

int GNUNET_CRYPTO_ecc_dlog ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  input 
)

Calculate ECC discrete logarithm for small factors.

Parameters
edcprecalculated values, determine range of factors
inputpoint on the curve to factor
Returns
INT_MAX if dlog failed, otherwise the factor

Definition at line 225 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_multipeermap_get(), INT_MAX, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, GNUNET_CRYPTO_EccDlogContext::mem, q, and res.

Referenced by compute_scalar_product().

227 {
228  unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);
229  gcry_mpi_point_t g;
230  struct GNUNET_PeerIdentity key;
231  gcry_mpi_point_t q;
232  unsigned int i;
233  int res;
234  void *retp;
235 
236  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
237  GNUNET_assert (NULL != g);
238  q = gcry_mpi_point_new (0);
239 
240  res = INT_MAX;
241  for (i = 0; i <= edc->max / edc->mem; i++)
242  {
243  if (0 == i)
244  extract_pk (input, edc->ctx, &key);
245  else
246  extract_pk (q, edc->ctx, &key);
248  &key);
249  if (NULL != retp)
250  {
251  res = (((long) retp) - edc->max) * K - i;
252  /* we continue the loop here to make the implementation
253  "constant-time". If we do not care about this, we could just
254  'break' here and do fewer operations... */
255  }
256  if (i == edc->max / edc->mem)
257  break;
258  /* q = q + g */
259  if (0 == i)
260  gcry_mpi_ec_add (q, input, g, edc->ctx);
261  else
262  gcry_mpi_ec_add (q, q, g, edc->ctx);
263  }
264  gcry_mpi_point_release (g);
265  gcry_mpi_point_release (q);
266 
267  return res;
268 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
static void extract_pk(gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
#define INT_MAX
static int res
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
struct GNUNET_HashCode key
The key used in the DHT.
The identity of the host (wraps the signing key of the peer).
void * GNUNET_CONTAINER_multipeermap_get(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Given a key find a value in the map matching the key.
unsigned int max
Maximum absolute value the calculation supports.
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_random_mod_n()

gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n ( struct GNUNET_CRYPTO_EccDlogContext edc)

Generate a random value mod n.

Parameters
edcECC context
Returns
random value mod n.

Definition at line 278 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by GNUNET_CRYPTO_ecc_rnd(), GNUNET_CRYPTO_ecc_rnd_mpi(), and send_alices_cryptodata_message().

279 {
280  gcry_mpi_t n;
281  unsigned int highbit;
282  gcry_mpi_t r;
283 
284  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
285 
286  /* check public key for number of bits, bail out if key is all zeros */
287  highbit = 256; /* Curve25519 */
288  while ((! gcry_mpi_test_bit (n, highbit)) &&
289  (0 != highbit))
290  highbit--;
291  GNUNET_assert (0 != highbit);
292  /* generate fact < n (without bias) */
293  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
294  do
295  {
296  gcry_mpi_randomize (r,
297  highbit + 1,
298  GCRY_STRONG_RANDOM);
299  }
300  while (gcry_mpi_cmp (r, n) >= 0);
301  gcry_mpi_release (n);
302  return r;
303 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_release()

void GNUNET_CRYPTO_ecc_dlog_release ( struct GNUNET_CRYPTO_EccDlogContext edc)

Release precalculated values.

Parameters
edcdlog context

Definition at line 312 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_CONTAINER_multipeermap_destroy(), GNUNET_free, and GNUNET_CRYPTO_EccDlogContext::map.

Referenced by shutdown_task().

313 {
314  gcry_ctx_release (edc->ctx);
316  GNUNET_free (edc);
317 }
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dexp()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp ( struct GNUNET_CRYPTO_EccDlogContext edc,
int  val 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Afterwards, point addition will correspond to integer addition. GNUNET_CRYPTO_ecc_dlog() can be used to convert a point back to an integer (as long as the integer is smaller than the MAX of the edc context).

Parameters
edccalculation context for ECC operations
valvalue to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 334 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

336 {
337  gcry_mpi_t fact;
338  gcry_mpi_t n;
339  gcry_mpi_point_t g;
340  gcry_mpi_point_t r;
341 
342  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
343  GNUNET_assert (NULL != g);
344  fact = gcry_mpi_new (0);
345  if (val < 0)
346  {
347  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
348  gcry_mpi_set_ui (fact, -val);
349  gcry_mpi_sub (fact, n, fact);
350  gcry_mpi_release (n);
351  }
352  else
353  {
354  gcry_mpi_set_ui (fact, val);
355  }
356  r = gcry_mpi_point_new (0);
357  gcry_mpi_ec_mul (r, fact, g, edc->ctx);
358  gcry_mpi_release (fact);
359  gcry_mpi_point_release (g);
360  return r;
361 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.

◆ GNUNET_CRYPTO_ecc_dexp_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_t  val 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Parameters
edccalculation context for ECC operations
val(positive) value to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 374 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by send_alices_cryptodata_message().

376 {
377  gcry_mpi_point_t g;
378  gcry_mpi_point_t r;
379 
380  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
381  GNUNET_assert (NULL != g);
382  r = gcry_mpi_point_new (0);
383  gcry_mpi_ec_mul (r, val, g, edc->ctx);
384  gcry_mpi_point_release (g);
385  return r;
386 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_add()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_add ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  a,
gcry_mpi_point_t  b 
)

Add two points on the elliptic curve.

Parameters
edccalculation context for ECC operations
asome value
bsome value
Returns
a + b, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 398 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

401 {
402  gcry_mpi_point_t r;
403 
404  r = gcry_mpi_point_new (0);
405  gcry_mpi_ec_add (r, a, b, edc->ctx);
406  return r;
407 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_pmul_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  p,
gcry_mpi_t  val 
)

Multiply the point p on the elliptic curve by val.

Parameters
edccalculation context for ECC operations
ppoint to multiply
val(positive) value to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 420 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

423 {
424  gcry_mpi_point_t r;
425 
426  r = gcry_mpi_point_new (0);
427  gcry_mpi_ec_mul (r, val, p, edc->ctx);
428  return r;
429 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd()

void GNUNET_CRYPTO_ecc_rnd ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t *  r,
gcry_mpi_point_t *  r_inv 
)

Obtain a random point on the curve and its additive inverse.

Both returned values must be freed using GNUNET_CRYPTO_ecc_free().

Parameters
edccalculation context for ECC operations
[out]rset to a random point on the curve
[out]r_invset to the additive inverse of r

Definition at line 442 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, and GNUNET_CRYPTO_ecc_random_mod_n().

445 {
446  gcry_mpi_t fact;
447  gcry_mpi_t n;
448  gcry_mpi_point_t g;
449 
450  fact = GNUNET_CRYPTO_ecc_random_mod_n (edc);
451 
452  /* calculate 'r' */
453  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
454  GNUNET_assert (NULL != g);
455  *r = gcry_mpi_point_new (0);
456  gcry_mpi_ec_mul (*r, fact, g, edc->ctx);
457 
458  /* calculate 'r_inv' */
459  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
460  gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */
461  *r_inv = gcry_mpi_point_new (0);
462  gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);
463 
464  gcry_mpi_release (n);
465  gcry_mpi_release (fact);
466  gcry_mpi_point_release (g);
467 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
Generate a random value mod n.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd_mpi()

void GNUNET_CRYPTO_ecc_rnd_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_t *  r,
gcry_mpi_t *  r_inv 
)

Obtain a random scalar for point multiplication on the curve and its multiplicative inverse.

Parameters
edccalculation context for ECC operations
[out]rset to a random scalar on the curve
[out]r_invset to the multiplicative inverse of r

Definition at line 479 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_CRYPTO_ecc_random_mod_n().

Referenced by run().

482 {
483  gcry_mpi_t n;
484 
486  /* r_inv = n - r = - r */
487  *r_inv = gcry_mpi_new (0);
488  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
489  gcry_mpi_sub (*r_inv, n, *r);
490 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
Generate a random value mod n.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_free()

void GNUNET_CRYPTO_ecc_free ( gcry_mpi_point_t  p)

Free a point value returned by the API.

Parameters
ppoint to free

Definition at line 499 of file crypto_ecc_dlog.c.

500 {
501  gcry_mpi_point_release (p);
502 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59