GNUnet  0.10.x
Data Structures | Macros | Functions
crypto_ecc_dlog.c File Reference

ECC addition and discreate logarithm for small values. More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_crypto_lib.h"
#include "gnunet_container_lib.h"
Include dependency graph for crypto_ecc_dlog.c:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_EccDlogContext
 Internal structure used to cache pre-calculated values for DLOG calculation. More...
 

Macros

#define CURVE   "Ed25519"
 Name of the curve we are using. More...
 

Functions

static void extract_pk (gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
 
void GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t point, struct GNUNET_CRYPTO_EccPoint *bin)
 Convert point value to binary representation. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, const struct GNUNET_CRYPTO_EccPoint *bin)
 Convert binary representation of a point to computational representation. More...
 
struct GNUNET_CRYPTO_EccDlogContextGNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, unsigned int mem)
 Do pre-calculation for ECC discrete logarithm for small factors. More...
 
int GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t input)
 Calculate ECC discrete logarithm for small factors. More...
 
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
 Generate a random value mod n. More...
 
void GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
 Release precalculated values. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t val)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t a, gcry_mpi_point_t b)
 Add two points on the elliptic curve. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t p, gcry_mpi_t val)
 Multiply the point p on the elliptic curve by val. More...
 
void GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t *r, gcry_mpi_point_t *r_inv)
 Obtain a random point on the curve and its additive inverse. More...
 
void GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t *r, gcry_mpi_t *r_inv)
 Obtain a random scalar for point multiplication on the curve and its multiplicative inverse. More...
 
void GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p)
 Free a point value returned by the API. More...
 

Detailed Description

ECC addition and discreate logarithm for small values.

Allows us to use ECC for computations as long as the result is relativey small.

Author
Christian Grothoff

Definition in file crypto_ecc_dlog.c.

Macro Definition Documentation

◆ CURVE

#define CURVE   "Ed25519"

Name of the curve we are using.

Note that we have hard-coded structs that use 256 bits, so using a bigger curve will require changes that break stuff badly. The name of the curve given here must be agreed by all peers and be supported by libgcrypt.

Definition at line 40 of file crypto_ecc_dlog.c.

Referenced by GNUNET_CRYPTO_ecc_bin_to_point(), and GNUNET_CRYPTO_ecc_dlog_prepare().

Function Documentation

◆ extract_pk()

static void extract_pk ( gcry_mpi_point_t  pt,
gcry_ctx_t  ctx,
struct GNUNET_PeerIdentity pid 
)
static

Definition at line 47 of file crypto_ecc_dlog.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_PeerIdentity::public_key, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GNUNET_CRYPTO_ecc_dlog(), and GNUNET_CRYPTO_ecc_dlog_prepare().

50 {
51  gcry_mpi_t q_y;
52 
53  GNUNET_assert(0 == gcry_mpi_ec_set_point("q", pt, ctx));
54  q_y = gcry_mpi_ec_get_mpi("q@eddsa", ctx, 0);
55  GNUNET_assert(q_y);
57  sizeof(pid->public_key.q_y),
58  q_y);
59  gcry_mpi_release(q_y);
60 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_point_to_bin()

void GNUNET_CRYPTO_ecc_point_to_bin ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  point,
struct GNUNET_CRYPTO_EccPoint bin 
)

Convert point value to binary representation.

Parameters
edccalculation context for ECC operations
pointcomputational point representation
[out]binbinary point representation

Definition at line 100 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by send_alices_cryptodata_message(), and transmit_bobs_cryptodata_message().

103 {
104  gcry_mpi_t q_y;
105 
106  GNUNET_assert(0 == gcry_mpi_ec_set_point("q", point, edc->ctx));
107  q_y = gcry_mpi_ec_get_mpi("q@eddsa", edc->ctx, 0);
108  GNUNET_assert(q_y);
110  sizeof(bin->q_y),
111  q_y);
112  gcry_mpi_release(q_y);
113 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_bin_to_point()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point ( struct GNUNET_CRYPTO_EccDlogContext edc,
const struct GNUNET_CRYPTO_EccPoint bin 
)

Convert binary representation of a point to computational representation.

Parameters
edccalculation context for ECC operations
binbinary point representation
Returns
computational representation

Definition at line 124 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, GNUNET_assert, GNUNET_break, q, and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by handle_alices_cryptodata_message(), and handle_bobs_cryptodata_message().

126 {
127  gcry_sexp_t pub_sexpr;
128  gcry_ctx_t ctx;
129  gcry_mpi_point_t q;
130 
131  (void)edc;
132  if (0 != gcry_sexp_build(&pub_sexpr, NULL,
133  "(public-key(ecc(curve " CURVE ")(q %b)))",
134  (int)sizeof(bin->q_y),
135  bin->q_y))
136  {
137  GNUNET_break(0);
138  return NULL;
139  }
140  GNUNET_assert(0 == gcry_mpi_ec_new(&ctx, pub_sexpr, NULL));
141  gcry_sexp_release(pub_sexpr);
142  q = gcry_mpi_ec_get_point("q", ctx, 0);
143  gcry_ctx_release(ctx);
144  return q;
145 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
#define CURVE
Name of the curve we are using.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_prepare()

struct GNUNET_CRYPTO_EccDlogContext* GNUNET_CRYPTO_ecc_dlog_prepare ( unsigned int  max,
unsigned int  mem 
)

Do pre-calculation for ECC discrete logarithm for small factors.

Parameters
maxmaximum value the factor can be
memmemory to use (should be smaller than max), must not be zero.
Returns
NULL on error

Definition at line 156 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, edc, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CONTAINER_multipeermap_put(), GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, and GNUNET_CRYPTO_EccDlogContext::mem.

Referenced by run().

158 {
160  unsigned int K = ((max + (mem - 1)) / mem);
161  gcry_mpi_point_t g;
162  struct GNUNET_PeerIdentity key;
163  gcry_mpi_point_t gKi;
164  gcry_mpi_t fact;
165  gcry_mpi_t n;
166  unsigned int i;
167 
168  GNUNET_assert(max < INT32_MAX);
170  edc->max = max;
171  edc->mem = mem;
172 
174  GNUNET_NO);
175 
176  GNUNET_assert(0 == gcry_mpi_ec_new(&edc->ctx,
177  NULL,
178  CURVE));
179  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
180  GNUNET_assert(NULL != g);
181  fact = gcry_mpi_new(0);
182  gKi = gcry_mpi_point_new(0);
183  for (i = 0; i <= mem; i++)
184  {
185  gcry_mpi_set_ui(fact, i * K);
186  gcry_mpi_ec_mul(gKi, fact, g, edc->ctx);
187  extract_pk(gKi, edc->ctx, &key);
190  &key,
191  (void*)(long)i + max,
193  }
194  /* negative values */
195  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
196  for (i = 1; i < mem; i++)
197  {
198  gcry_mpi_set_ui(fact, i * K);
199  gcry_mpi_sub(fact, n, fact);
200  gcry_mpi_ec_mul(gKi, fact, g, edc->ctx);
201  extract_pk(gKi, edc->ctx, &key);
204  &key,
205  (void*)(long)max - i,
207  }
208  gcry_mpi_release(fact);
209  gcry_mpi_release(n);
210  gcry_mpi_point_release(gKi);
211  gcry_mpi_point_release(g);
212  return edc;
213 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
static void extract_pk(gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
#define GNUNET_NO
Definition: gnunet_common.h:78
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
static struct GNUNET_CRYPTO_EccDlogContext * edc
Context for DLOG operations on a curve.
There must only be one value per key; storing a value should fail if a value under the same key alrea...
struct GNUNET_HashCode key
The key used in the DHT.
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
The identity of the host (wraps the signing key of the peer).
Internal structure used to cache pre-calculated values for DLOG calculation.
#define CURVE
Name of the curve we are using.
unsigned int max
Maximum absolute value the calculation supports.
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog()

int GNUNET_CRYPTO_ecc_dlog ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  input 
)

Calculate ECC discrete logarithm for small factors.

Parameters
edcprecalculated values, determine range of factors
inputpoint on the curve to factor
Returns
INT_MAX if dlog failed, otherwise the factor

Definition at line 224 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_multipeermap_get(), INT_MAX, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, GNUNET_CRYPTO_EccDlogContext::mem, q, and res.

Referenced by compute_scalar_product().

226 {
227  unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);
228  gcry_mpi_point_t g;
229  struct GNUNET_PeerIdentity key;
230  gcry_mpi_point_t q;
231  unsigned int i;
232  int res;
233  void *retp;
234 
235  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
236  GNUNET_assert(NULL != g);
237  q = gcry_mpi_point_new(0);
238 
239  res = INT_MAX;
240  for (i = 0; i <= edc->max / edc->mem; i++)
241  {
242  if (0 == i)
243  extract_pk(input, edc->ctx, &key);
244  else
245  extract_pk(q, edc->ctx, &key);
247  &key);
248  if (NULL != retp)
249  {
250  res = (((long)retp) - edc->max) * K - i;
251  /* we continue the loop here to make the implementation
252  "constant-time". If we do not care about this, we could just
253  'break' here and do fewer operations... */
254  }
255  if (i == edc->max / edc->mem)
256  break;
257  /* q = q + g */
258  if (0 == i)
259  gcry_mpi_ec_add(q, input, g, edc->ctx);
260  else
261  gcry_mpi_ec_add(q, q, g, edc->ctx);
262  }
263  gcry_mpi_point_release(g);
264  gcry_mpi_point_release(q);
265 
266  return res;
267 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
static void extract_pk(gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
#define INT_MAX
static int res
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
struct GNUNET_HashCode key
The key used in the DHT.
The identity of the host (wraps the signing key of the peer).
void * GNUNET_CONTAINER_multipeermap_get(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Given a key find a value in the map matching the key.
unsigned int max
Maximum absolute value the calculation supports.
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_random_mod_n()

gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n ( struct GNUNET_CRYPTO_EccDlogContext edc)

Generate a random value mod n.

Parameters
edcECC context
Returns
random value mod n.

Definition at line 277 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by GNUNET_CRYPTO_ecc_rnd(), GNUNET_CRYPTO_ecc_rnd_mpi(), and send_alices_cryptodata_message().

278 {
279  gcry_mpi_t n;
280  unsigned int highbit;
281  gcry_mpi_t r;
282 
283  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
284 
285  /* check public key for number of bits, bail out if key is all zeros */
286  highbit = 256; /* Curve25519 */
287  while ((!gcry_mpi_test_bit(n, highbit)) &&
288  (0 != highbit))
289  highbit--;
290  GNUNET_assert(0 != highbit);
291  /* generate fact < n (without bias) */
292  GNUNET_assert(NULL != (r = gcry_mpi_new(0)));
293  do
294  {
295  gcry_mpi_randomize(r,
296  highbit + 1,
297  GCRY_STRONG_RANDOM);
298  }
299  while (gcry_mpi_cmp(r, n) >= 0);
300  gcry_mpi_release(n);
301  return r;
302 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_release()

void GNUNET_CRYPTO_ecc_dlog_release ( struct GNUNET_CRYPTO_EccDlogContext edc)

Release precalculated values.

Parameters
edcdlog context

Definition at line 311 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_CONTAINER_multipeermap_destroy(), GNUNET_free, and GNUNET_CRYPTO_EccDlogContext::map.

Referenced by shutdown_task().

312 {
313  gcry_ctx_release(edc->ctx);
315  GNUNET_free(edc);
316 }
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dexp()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp ( struct GNUNET_CRYPTO_EccDlogContext edc,
int  val 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Afterwards, point addition will correspond to integer addition. GNUNET_CRYPTO_ecc_dlog() can be used to convert a point back to an integer (as long as the integer is smaller than the MAX of the edc context).

Parameters
edccalculation context for ECC operations
valvalue to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 333 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

335 {
336  gcry_mpi_t fact;
337  gcry_mpi_t n;
338  gcry_mpi_point_t g;
339  gcry_mpi_point_t r;
340 
341  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
342  GNUNET_assert(NULL != g);
343  fact = gcry_mpi_new(0);
344  if (val < 0)
345  {
346  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
347  gcry_mpi_set_ui(fact, -val);
348  gcry_mpi_sub(fact, n, fact);
349  gcry_mpi_release(n);
350  }
351  else
352  {
353  gcry_mpi_set_ui(fact, val);
354  }
355  r = gcry_mpi_point_new(0);
356  gcry_mpi_ec_mul(r, fact, g, edc->ctx);
357  gcry_mpi_release(fact);
358  gcry_mpi_point_release(g);
359  return r;
360 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.

◆ GNUNET_CRYPTO_ecc_dexp_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_t  val 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Parameters
edccalculation context for ECC operations
val(positive) value to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 373 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by send_alices_cryptodata_message().

375 {
376  gcry_mpi_point_t g;
377  gcry_mpi_point_t r;
378 
379  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
380  GNUNET_assert(NULL != g);
381  r = gcry_mpi_point_new(0);
382  gcry_mpi_ec_mul(r, val, g, edc->ctx);
383  gcry_mpi_point_release(g);
384  return r;
385 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_add()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_add ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  a,
gcry_mpi_point_t  b 
)

Add two points on the elliptic curve.

Parameters
edccalculation context for ECC operations
asome value
bsome value
Returns
a + b, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 397 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

400 {
401  gcry_mpi_point_t r;
402 
403  r = gcry_mpi_point_new(0);
404  gcry_mpi_ec_add(r, a, b, edc->ctx);
405  return r;
406 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_pmul_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  p,
gcry_mpi_t  val 
)

Multiply the point p on the elliptic curve by val.

Parameters
edccalculation context for ECC operations
ppoint to multiply
val(positive) value to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 419 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

422 {
423  gcry_mpi_point_t r;
424 
425  r = gcry_mpi_point_new(0);
426  gcry_mpi_ec_mul(r, val, p, edc->ctx);
427  return r;
428 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd()

void GNUNET_CRYPTO_ecc_rnd ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t *  r,
gcry_mpi_point_t *  r_inv 
)

Obtain a random point on the curve and its additive inverse.

Both returned values must be freed using GNUNET_CRYPTO_ecc_free().

Parameters
edccalculation context for ECC operations
[out]rset to a random point on the curve
[out]r_invset to the additive inverse of r

Definition at line 441 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, and GNUNET_CRYPTO_ecc_random_mod_n().

444 {
445  gcry_mpi_t fact;
446  gcry_mpi_t n;
447  gcry_mpi_point_t g;
448 
449  fact = GNUNET_CRYPTO_ecc_random_mod_n(edc);
450 
451  /* calculate 'r' */
452  g = gcry_mpi_ec_get_point("g", edc->ctx, 0);
453  GNUNET_assert(NULL != g);
454  *r = gcry_mpi_point_new(0);
455  gcry_mpi_ec_mul(*r, fact, g, edc->ctx);
456 
457  /* calculate 'r_inv' */
458  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
459  gcry_mpi_sub(fact, n, fact); /* fact = n - fact = - fact */
460  *r_inv = gcry_mpi_point_new(0);
461  gcry_mpi_ec_mul(*r_inv, fact, g, edc->ctx);
462 
463  gcry_mpi_release(n);
464  gcry_mpi_release(fact);
465  gcry_mpi_point_release(g);
466 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
Generate a random value mod n.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd_mpi()

void GNUNET_CRYPTO_ecc_rnd_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_t *  r,
gcry_mpi_t *  r_inv 
)

Obtain a random scalar for point multiplication on the curve and its multiplicative inverse.

Parameters
edccalculation context for ECC operations
[out]rset to a random scalar on the curve
[out]r_invset to the multiplicative inverse of r

Definition at line 478 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_CRYPTO_ecc_random_mod_n().

Referenced by run().

481 {
482  gcry_mpi_t n;
483 
485  /* r_inv = n - r = - r */
486  *r_inv = gcry_mpi_new(0);
487  n = gcry_mpi_ec_get_mpi("n", edc->ctx, 1);
488  gcry_mpi_sub(*r_inv, n, *r);
489 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
Generate a random value mod n.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_free()

void GNUNET_CRYPTO_ecc_free ( gcry_mpi_point_t  p)

Free a point value returned by the API.

Parameters
ppoint to free

Definition at line 498 of file crypto_ecc_dlog.c.

499 {
500  gcry_mpi_point_release(p);
501 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59