GNUnet  0.10.x
Data Structures | Macros | Functions
crypto_ecc_dlog.c File Reference

ECC addition and discreate logarithm for small values. More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_crypto_lib.h"
#include "gnunet_container_lib.h"
Include dependency graph for crypto_ecc_dlog.c:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_EccDlogContext
 Internal structure used to cache pre-calculated values for DLOG calculation. More...
 

Macros

#define CURVE   "Ed25519"
 Name of the curve we are using. More...
 

Functions

static void extract_pk (gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
 
void GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t point, struct GNUNET_CRYPTO_EccPoint *bin)
 Convert point value to binary representation. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, const struct GNUNET_CRYPTO_EccPoint *bin)
 Convert binary representation of a point to computational representation. More...
 
struct GNUNET_CRYPTO_EccDlogContextGNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, unsigned int mem)
 Do pre-calculation for ECC discrete logarithm for small factors. More...
 
int GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t input)
 Calculate ECC discrete logarithm for small factors. More...
 
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
 Generate a random value mod n. More...
 
void GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *edc)
 Release precalculated values. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t val)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t a, gcry_mpi_point_t b)
 Add two points on the elliptic curve. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t p, gcry_mpi_t val)
 Multiply the point p on the elliptic curve by val. More...
 
void GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t *r, gcry_mpi_point_t *r_inv)
 Obtain a random point on the curve and its additive inverse. More...
 
void GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t *r, gcry_mpi_t *r_inv)
 Obtain a random scalar for point multiplication on the curve and its multiplicative inverse. More...
 
void GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p)
 Free a point value returned by the API. More...
 

Detailed Description

ECC addition and discreate logarithm for small values.

Allows us to use ECC for computations as long as the result is relativey small.

Author
Christian Grothoff

Definition in file crypto_ecc_dlog.c.

Macro Definition Documentation

◆ CURVE

#define CURVE   "Ed25519"

Name of the curve we are using.

Note that we have hard-coded structs that use 256 bits, so using a bigger curve will require changes that break stuff badly. The name of the curve given here must be agreed by all peers and be supported by libgcrypt.

Definition at line 40 of file crypto_ecc_dlog.c.

Referenced by GNUNET_CRYPTO_ecc_bin_to_point(), and GNUNET_CRYPTO_ecc_dlog_prepare().

Function Documentation

◆ extract_pk()

static void extract_pk ( gcry_mpi_point_t  pt,
gcry_ctx_t  ctx,
struct GNUNET_PeerIdentity pid 
)
static

Definition at line 47 of file crypto_ecc_dlog.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_PeerIdentity::public_key, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GNUNET_CRYPTO_ecc_dlog(), and GNUNET_CRYPTO_ecc_dlog_prepare().

50 {
51  gcry_mpi_t q_y;
52 
53  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", pt, ctx));
54  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
55  GNUNET_assert (q_y);
57  sizeof (pid->public_key.q_y),
58  q_y);
59  gcry_mpi_release (q_y);
60 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_point_to_bin()

void GNUNET_CRYPTO_ecc_point_to_bin ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  point,
struct GNUNET_CRYPTO_EccPoint bin 
)

Convert point value to binary representation.

Parameters
edccalculation context for ECC operations
pointcomputational point representation
[out]binbinary point representation

Definition at line 102 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by send_alices_cryptodata_message(), and transmit_bobs_cryptodata_message().

105 {
106  gcry_mpi_t q_y;
107 
108  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx));
109  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0);
110  GNUNET_assert (q_y);
112  sizeof (bin->q_y),
113  q_y);
114  gcry_mpi_release (q_y);
115 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_bin_to_point()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point ( struct GNUNET_CRYPTO_EccDlogContext edc,
const struct GNUNET_CRYPTO_EccPoint bin 
)

Convert binary representation of a point to computational representation.

Parameters
edccalculation context for ECC operations
binbinary point representation
Returns
computational representation

Definition at line 126 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, GNUNET_assert, GNUNET_break, q, and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by handle_alices_cryptodata_message(), and handle_bobs_cryptodata_message().

128 {
129  gcry_sexp_t pub_sexpr;
130  gcry_ctx_t ctx;
131  gcry_mpi_point_t q;
132 
133  (void) edc;
134  if (0 != gcry_sexp_build (&pub_sexpr, NULL,
135  "(public-key(ecc(curve " CURVE ")(q %b)))",
136  (int) sizeof (bin->q_y),
137  bin->q_y))
138  {
139  GNUNET_break (0);
140  return NULL;
141  }
142  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
143  gcry_sexp_release (pub_sexpr);
144  q = gcry_mpi_ec_get_point ("q", ctx, 0);
145  gcry_ctx_release (ctx);
146  return q;
147 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
#define CURVE
Name of the curve we are using.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_prepare()

struct GNUNET_CRYPTO_EccDlogContext* GNUNET_CRYPTO_ecc_dlog_prepare ( unsigned int  max,
unsigned int  mem 
)

Do pre-calculation for ECC discrete logarithm for small factors.

Parameters
maxmaximum value the factor can be
memmemory to use (should be smaller than max), must not be zero.
Returns
NULL on error

Definition at line 158 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, edc, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CONTAINER_multipeermap_put(), GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, and GNUNET_CRYPTO_EccDlogContext::mem.

Referenced by run().

160 {
162  unsigned int K = ((max + (mem-1)) / mem);
163  gcry_mpi_point_t g;
164  struct GNUNET_PeerIdentity key;
165  gcry_mpi_point_t gKi;
166  gcry_mpi_t fact;
167  gcry_mpi_t n;
168  unsigned int i;
169 
170  GNUNET_assert (max < INT32_MAX);
172  edc->max = max;
173  edc->mem = mem;
174 
176  GNUNET_NO);
177 
178  GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
179  NULL,
180  CURVE));
181  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
182  GNUNET_assert (NULL != g);
183  fact = gcry_mpi_new (0);
184  gKi = gcry_mpi_point_new (0);
185  for (i=0;i<=mem;i++)
186  {
187  gcry_mpi_set_ui (fact, i * K);
188  gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
189  extract_pk (gKi, edc->ctx, &key);
192  &key,
193  (void*) (long) i + max,
195  }
196  /* negative values */
197  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
198  for (i=1;i<mem;i++)
199  {
200  gcry_mpi_set_ui (fact, i * K);
201  gcry_mpi_sub (fact, n, fact);
202  gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
203  extract_pk (gKi, edc->ctx, &key);
206  &key,
207  (void*) (long) max - i,
209  }
210  gcry_mpi_release (fact);
211  gcry_mpi_release (n);
212  gcry_mpi_point_release (gKi);
213  gcry_mpi_point_release (g);
214  return edc;
215 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
static void extract_pk(gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
#define GNUNET_NO
Definition: gnunet_common.h:81
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
static struct GNUNET_CRYPTO_EccDlogContext * edc
Context for DLOG operations on a curve.
There must only be one value per key; storing a value should fail if a value under the same key alrea...
struct GNUNET_HashCode key
The key used in the DHT.
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
The identity of the host (wraps the signing key of the peer).
Internal structure used to cache pre-calculated values for DLOG calculation.
#define CURVE
Name of the curve we are using.
unsigned int max
Maximum absolute value the calculation supports.
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog()

int GNUNET_CRYPTO_ecc_dlog ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  input 
)

Calculate ECC discrete logarithm for small factors.

Parameters
edcprecalculated values, determine range of factors
inputpoint on the curve to factor
Returns
INT_MAX if dlog failed, otherwise the factor

Definition at line 226 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_multipeermap_get(), INT_MAX, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, GNUNET_CRYPTO_EccDlogContext::mem, q, and res.

Referenced by compute_scalar_product().

228 {
229  unsigned int K = ((edc->max + (edc->mem-1)) / edc->mem);
230  gcry_mpi_point_t g;
231  struct GNUNET_PeerIdentity key;
232  gcry_mpi_point_t q;
233  unsigned int i;
234  int res;
235  void *retp;
236 
237  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
238  GNUNET_assert (NULL != g);
239  q = gcry_mpi_point_new (0);
240 
241  res = INT_MAX;
242  for (i=0;i<=edc->max/edc->mem;i++)
243  {
244  if (0 == i)
245  extract_pk (input, edc->ctx, &key);
246  else
247  extract_pk (q, edc->ctx, &key);
249  &key);
250  if (NULL != retp)
251  {
252  res = (((long) retp) - edc->max) * K - i;
253  /* we continue the loop here to make the implementation
254  "constant-time". If we do not care about this, we could just
255  'break' here and do fewer operations... */
256  }
257  if (i == edc->max/edc->mem)
258  break;
259  /* q = q + g */
260  if (0 == i)
261  gcry_mpi_ec_add (q, input, g, edc->ctx);
262  else
263  gcry_mpi_ec_add (q, q, g, edc->ctx);
264  }
265  gcry_mpi_point_release (g);
266  gcry_mpi_point_release (q);
267 
268  return res;
269 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
static void extract_pk(gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
#define INT_MAX
static int res
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
struct GNUNET_HashCode key
The key used in the DHT.
The identity of the host (wraps the signing key of the peer).
void * GNUNET_CONTAINER_multipeermap_get(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Given a key find a value in the map matching the key.
unsigned int max
Maximum absolute value the calculation supports.
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_random_mod_n()

gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n ( struct GNUNET_CRYPTO_EccDlogContext edc)

Generate a random value mod n.

Parameters
edcECC context
Returns
random value mod n.

Definition at line 279 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by GNUNET_CRYPTO_ecc_rnd(), GNUNET_CRYPTO_ecc_rnd_mpi(), and send_alices_cryptodata_message().

280 {
281  gcry_mpi_t n;
282  unsigned int highbit;
283  gcry_mpi_t r;
284 
285  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
286 
287  /* check public key for number of bits, bail out if key is all zeros */
288  highbit = 256; /* Curve25519 */
289  while ( (! gcry_mpi_test_bit (n, highbit)) &&
290  (0 != highbit) )
291  highbit--;
292  GNUNET_assert (0 != highbit);
293  /* generate fact < n (without bias) */
294  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
295  do {
296  gcry_mpi_randomize (r,
297  highbit + 1,
298  GCRY_STRONG_RANDOM);
299  }
300  while (gcry_mpi_cmp (r, n) >= 0);
301  gcry_mpi_release (n);
302  return r;
303 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_release()

void GNUNET_CRYPTO_ecc_dlog_release ( struct GNUNET_CRYPTO_EccDlogContext edc)

Release precalculated values.

Parameters
edcdlog context

Definition at line 312 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_CONTAINER_multipeermap_destroy(), GNUNET_free, and GNUNET_CRYPTO_EccDlogContext::map.

Referenced by shutdown_task().

313 {
314  gcry_ctx_release (edc->ctx);
316  GNUNET_free (edc);
317 }
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dexp()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp ( struct GNUNET_CRYPTO_EccDlogContext edc,
int  val 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Afterwards, point addition will correspond to integer addition. GNUNET_CRYPTO_ecc_dlog() can be used to convert a point back to an integer (as long as the integer is smaller than the MAX of the edc context).

Parameters
edccalculation context for ECC operations
valvalue to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 334 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

336 {
337  gcry_mpi_t fact;
338  gcry_mpi_t n;
339  gcry_mpi_point_t g;
340  gcry_mpi_point_t r;
341 
342  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
343  GNUNET_assert (NULL != g);
344  fact = gcry_mpi_new (0);
345  if (val < 0)
346  {
347  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
348  gcry_mpi_set_ui (fact, - val);
349  gcry_mpi_sub (fact, n, fact);
350  gcry_mpi_release (n);
351  }
352  else
353  {
354  gcry_mpi_set_ui (fact, val);
355  }
356  r = gcry_mpi_point_new (0);
357  gcry_mpi_ec_mul (r, fact, g, edc->ctx);
358  gcry_mpi_release (fact);
359  gcry_mpi_point_release (g);
360  return r;
361 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.

◆ GNUNET_CRYPTO_ecc_dexp_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_t  val 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Parameters
edccalculation context for ECC operations
val(positive) value to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 374 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by send_alices_cryptodata_message().

376 {
377  gcry_mpi_point_t g;
378  gcry_mpi_point_t r;
379 
380  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
381  GNUNET_assert (NULL != g);
382  r = gcry_mpi_point_new (0);
383  gcry_mpi_ec_mul (r, val, g, edc->ctx);
384  gcry_mpi_point_release (g);
385  return r;
386 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_add()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_add ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  a,
gcry_mpi_point_t  b 
)

Add two points on the elliptic curve.

Parameters
edccalculation context for ECC operations
asome value
bsome value
Returns
a + b, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 398 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

401 {
402  gcry_mpi_point_t r;
403 
404  r = gcry_mpi_point_new (0);
405  gcry_mpi_ec_add (r, a, b, edc->ctx);
406  return r;
407 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_pmul_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  p,
gcry_mpi_t  val 
)

Multiply the point p on the elliptic curve by val.

Parameters
edccalculation context for ECC operations
ppoint to multiply
val(positive) value to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 420 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

423 {
424  gcry_mpi_point_t r;
425 
426  r = gcry_mpi_point_new (0);
427  gcry_mpi_ec_mul (r, val, p, edc->ctx);
428  return r;
429 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd()

void GNUNET_CRYPTO_ecc_rnd ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t *  r,
gcry_mpi_point_t *  r_inv 
)

Obtain a random point on the curve and its additive inverse.

Both returned values must be freed using GNUNET_CRYPTO_ecc_free().

Parameters
edccalculation context for ECC operations
[out]rset to a random point on the curve
[out]r_invset to the additive inverse of r

Definition at line 442 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, and GNUNET_CRYPTO_ecc_random_mod_n().

445 {
446  gcry_mpi_t fact;
447  gcry_mpi_t n;
448  gcry_mpi_point_t g;
449 
450  fact = GNUNET_CRYPTO_ecc_random_mod_n (edc);
451 
452  /* calculate 'r' */
453  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
454  GNUNET_assert (NULL != g);
455  *r = gcry_mpi_point_new (0);
456  gcry_mpi_ec_mul (*r, fact, g, edc->ctx);
457 
458  /* calculate 'r_inv' */
459  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
460  gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */
461  *r_inv = gcry_mpi_point_new (0);
462  gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);
463 
464  gcry_mpi_release (n);
465  gcry_mpi_release (fact);
466  gcry_mpi_point_release (g);
467 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
Generate a random value mod n.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd_mpi()

void GNUNET_CRYPTO_ecc_rnd_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_t *  r,
gcry_mpi_t *  r_inv 
)

Obtain a random scalar for point multiplication on the curve and its multiplicative inverse.

Parameters
edccalculation context for ECC operations
[out]rset to a random scalar on the curve
[out]r_invset to the multiplicative inverse of r

Definition at line 479 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_CRYPTO_ecc_random_mod_n().

Referenced by run().

482 {
483  gcry_mpi_t n;
484 
486  /* r_inv = n - r = - r */
487  *r_inv = gcry_mpi_new (0);
488  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
489  gcry_mpi_sub (*r_inv, n, *r);
490 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
Generate a random value mod n.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_free()

void GNUNET_CRYPTO_ecc_free ( gcry_mpi_point_t  p)

Free a point value returned by the API.

Parameters
ppoint to free

Definition at line 499 of file crypto_ecc_dlog.c.

500 {
501  gcry_mpi_point_release (p);
502 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59