static int fq_from_bytes(element_t e, unsigned char *data) { eptr p = e->data; int len; len = element_from_bytes(p->x, data); len += element_from_bytes(p->y, data + len); return len; }
int pbgp_ibe_signature_unserialize(unsigned char *buf, ibe_signature_t *signature) { int len = 0; len += element_from_bytes(signature->u, buf + len); len += element_from_bytes(signature->v, buf + len); len += element_from_bytes(signature->w, buf + len); return len; }
static int curve_from_bytes(element_t e, unsigned char *data) { point_ptr P = (point_ptr)e->data; int len; P->inf_flag = 0; len = element_from_bytes(P->x, data); len += element_from_bytes(P->y, data + len); //if point does not lie on curve, set it to O if (!curve_is_valid_point(e)) { element_set0(e); } return len; }
CipherText::CipherText(unsigned char* buf, pairing_t* p){ this->p = p; this->m = NULL; this->s = NULL; element_init_GT(this->c1, *p); element_init_G1(this->c0, *p); int pos = 0; pos += element_from_bytes(this->c1, buf + pos); // element_printf("c1:%B\n", this->c1); pos += element_from_bytes(this->c0, buf + pos); // element_printf("c0:%B\n", this->c0); printf("pos: %d -> reconstruct c1 and c0 ok\n", pos); this->policy = new Policy(buf + pos, p); printf("reconstruct policy ok\n"); }
/** * Memoized version of element_from_hash * for performance reason */ static inline void _element_from_hash(element_t e, void *data, int len) { // @fixme: store is "left open" when executable close static store_t *store = NULL; if (!store) { store = pbgp_store_open(NULL); } store_key_t key = { 0, 0, len, (unsigned char *) data }; size_t size = 0; int ret = 0; if (0 == pbgp_store_uget_size(store, &key, &size)) { unsigned char buf[size]; memset (buf, 0, size); pbgp_store_uget(store, &key, buf, &size); ret = element_from_bytes(e, buf); } if (0 == ret) { element_from_hash(e, data, len); unsigned char edata[element_length_in_bytes(e)]; element_to_bytes(edata, e); pbgp_store_put(store, &key, edata, sizeof(edata)); } }
/* * Convert an unsigned char array to an element * Elements from G1 or G2 will also be decompressed! */ void BilinearMappingHandler::byteArrayToElement(element_t saveHere, unsigned char* compressedElem, bool isElementOfGT) { if (isElementOfGT) element_from_bytes(saveHere,compressedElem); else element_from_bytes_compressed(saveHere, compressedElem); }//end of byteArrayToElement()
// start_index从1开始 int BCEChangeDecryptionProduct(byte *global_params_path, int start_index, int length, int *adds, int n_adds, int *rems, int n_rems, byte *decr_prod, byte *decr_prod_out) { global_broadcast_params_t gbs; struct single_priv_key_s *priv_key; int i, writelen = 0; if (global_params_path == NULL) return 1; if (start_index % NUM_USER_DIVISOR != 1) return 2; if (adds == NULL && rems == NULL) return 4; if (decr_prod == NULL) return 8; if (decr_prod_out == NULL) return 9; LoadGlobalParams((char *) global_params_path, &gbs); if (n_adds > gbs->num_users) return 5; if (n_rems > gbs->num_users) return 7; priv_key = (priv_key_t) malloc(length * sizeof(struct single_priv_key_s)); for (i = 0; i < length; i++) { // restore index priv_key[i].index = start_index + i; // restore fake g_i_gamma element_init(priv_key[i].g_i_gamma, gbs->pairing->G1); // restore fake g_i element_init(priv_key[i].g_i, gbs->pairing->G1); // restore fake h_i element_init(priv_key[i].h_i, gbs->pairing->G2); // restore real decr_prod element_init(priv_key[i].decr_prod, gbs->pairing->G1); decr_prod += element_from_bytes(priv_key[i].decr_prod, decr_prod); } for (i = 0; i < length; i++) { Change_decr_prod_indicies(gbs, priv_key[i].index, adds, n_adds, rems, n_rems, &priv_key[i]); writelen += element_to_bytes(decr_prod_out + writelen, priv_key[i].decr_prod); } for (i = 0; i < length; i++) FreePK(&priv_key[i]); free(priv_key); FreeGBP(gbs); pbc_free(gbs); return 0; }
// Requires e to be a point on an elliptic curve. int element_from_bytes_x_only(element_ptr e, unsigned char *data) { curve_data_ptr cdp = (curve_data_ptr)e->field->data; point_ptr P = (point_ptr)e->data; int len; len = element_from_bytes(P->x, data); point_from_x(P, P->x, cdp->a, cdp->b); return len; }
static inline void in(element_t elem, FILE *myfile) { int sz; fread(&sz, 4, 1, myfile); unsigned char* data = pbc_malloc(sz); fread(data, sz, 1, myfile); element_from_bytes(elem, data); pbc_free(data); }
void element_from_file(element_t element, char* inputFile){ unsigned char element_byte_form[2048] = {0}; FILE* fp_element_byte_form = fopen(inputFile, "r"); int int_read_bytes = fread(element_byte_form, 1, 1024, fp_element_byte_form); element_from_bytes(element, element_byte_form); fclose(fp_element_byte_form); }
void element_to_file(element_t element, char* outputFile){ const int int_bytes_of_element = element_length_in_bytes(element); unsigned char * element_byte_form = (unsigned char *)malloc( int_bytes_of_element * sizeof(unsigned char)); element_to_bytes(element_byte_form, element); element_from_bytes(element, element_byte_form); FILE* fp_element = fopen(outputFile, "w"); fwrite(element_byte_form, 1, int_bytes_of_element, fp_element); fclose( fp_element ); free(element_byte_form); }
static inline int in(element_t elem, unsigned char *my_feed) { int sz; printf( "Prepare reading sz\n"); memcpy(&sz, my_feed, 4); printf( "Size of pbc element: %d\n", sz); unsigned char* data = pbc_malloc(sz); memcpy(data, my_feed+4, sz); element_from_bytes(elem, data); pbc_free(data); return sz+4; }
// Requires e to be a point on an elliptic curve. int element_from_bytes_compressed(element_ptr e, unsigned char *data) { curve_data_ptr cdp = (curve_data_ptr)e->field->data; point_ptr P = (point_ptr)e->data; int len; len = element_from_bytes(P->x, data); point_from_x(P, P->x, cdp->a, cdp->b); if (data[len]) { if (element_sign(P->y) < 0) element_neg(P->y, P->y); } else if (element_sign(P->y) > 0) { element_neg(P->y, P->y); } len++; return len; }
int bb_verify(unsigned char *sig, unsigned int hashlen, unsigned char *hash, bb_public_key_t pk) { element_t sigma, r; element_t m; element_t t0, t1, t2; int res; int len; pairing_ptr pairing = pk->param->pairing; element_init(m, pairing->Zr); element_from_hash(m, hash, hashlen); element_init(sigma, pairing->G1); len = element_from_bytes_x_only(sigma, sig); element_init(r, pairing->Zr); element_from_bytes(r, sig + len); element_init(t0, pairing->G2); element_init(t1, pairing->G2); element_init(t2, pairing->GT); element_pow_zn(t0, pk->g2, m); element_pow_zn(t1, pk->v, r); element_mul(t0, t0, t1); element_mul(t0, t0, pk->u); element_pairing(t2, sigma, t0); if (!element_cmp(t2, pk->z)) { res = 1; } else { element_mul(t2, t2, pk->z); res = element_is1(t2); } element_clear(t0); element_clear(t1); element_clear(t2); element_clear(m); element_clear(sigma); element_clear(r); return res; }
int newepoch_load(char *in,epoch_item_t *ep,setup_params_t * setup) { FILE *fp = NULL; uint32_t elem_size = 0; int rv = 0; unsigned char *buf = NULL; fp=fopen(in,"rb"); if(!fp) { pbgp_error("newepoch_load :: %s\n",strerror(errno)); return -1; } fread(&elem_size,sizeof(uint32_t),1,fp); buf = (unsigned char *) malloc(elem_size); if(!buf) { pbgp_error("newepoch_load :: cannot allocate buf\n"); rv = -1; goto out; } fread(buf,elem_size,1,fp); element_from_bytes(ep->acc->elem,buf); mpz_inp_raw (ep->s_acc,fp); ids_load_fp(fp,ep->epls.act); mpz_inp_raw(ep->s_new,fp); ids_load_fp(fp,ep->epls.rvk); mpz_inp_raw(ep->s_rvk,fp); out: if(buf) free(buf); fclose(fp); return rv; }
void BSActivity(unsigned char *da, unsigned char *db, unsigned char *dc, unsigned char *dcu) { //signature decompress //printf("Verifying....\n"); element_t cu, A, B, C; element_init_G1(A, pairing); element_init_G1(B, pairing); element_init_G1(C, pairing); element_init_Zr(cu, pairing2); element_from_bytes_compressed(A, da); element_from_bytes_compressed(B, db); element_from_bytes_compressed(C, dc); element_from_bytes(cu, dcu); pbc_free(da); pbc_free(db); pbc_free(dc); pbc_free(dcu); //verification I element_t exbcu; element_t tmp1, tmp2, right, left; element_init_GT(exbcu, pairing); element_init_GT(tmp1, pairing); element_init_GT(tmp2, pairing); element_init_GT(right, pairing); element_init_GT(left, pairing); element_pairing(tmp1, X, A); element_pairing(tmp2, X, B); element_pow_zn(exbcu, tmp2, cu); element_mul(left, tmp1, exbcu); element_pairing(right, g, C); if (!element_cmp(left, right)) { //printf("part 1 verifies\n"); } else { printf("*BUG* part 1 does not verify *BUG*\n"); } //verification II element_pairing(left, A, Y); element_pairing(right, g, B); if (!element_cmp(left, right)) { //printf("part 2 verifies\n"); } else { printf("*BUG* part 2 does not verify *BUG*\n"); } if(ifsize) { int totalsize = sizeof(tmp1) + sizeof(tmp2) + sizeof(right) + sizeof(left) + sizeof(A) + sizeof(B) + sizeof(C) + sizeof(cu); printf("Memory used at base station is %d bytes. \n", totalsize); } element_clear(exbcu); element_clear(tmp1); element_clear(tmp2); element_clear(right); element_clear(left); element_clear(A); element_clear(B); element_clear(C); element_clear(cu); return; }
static void test_gf3m_to_bytes(void) { element_random(a); element_to_bytes(data, a); element_from_bytes(b, data); EXPECT(0 == element_cmp(a, b)); }
//start_index从1开始,不算0 int BCEGenPrivateKeys(byte *sys_params_path, byte *sys_priv_key, int num_user, int start_index, int length, byte *user_priv_keys_out, int check_array) { global_broadcast_params_t gbs; broadcast_system_t sys; int priv_key_read, i; //struct single_priv_key_s user_keys[length]; // Problematic Memory Allocation struct single_priv_key_s *user_keys; char *recip; // char recip[num_user / NUM_USER_DIVISOR]; if (sys_params_path == NULL) return 1; if (sys_priv_key == NULL) return 2; if (num_user % NUM_USER_DIVISOR != 0) return 3; if (start_index % NUM_USER_DIVISOR != 1) return 4; if (user_priv_keys_out == NULL) return 6; if (length > check_array) return -2; LoadParams((char *) sys_params_path, &gbs, &sys); priv_key_read = element_from_bytes(sys->priv_key, sys_priv_key); if (priv_key_read != BCE_ZR_LENGTH) return -1; recip = (char *) malloc(num_user / NUM_USER_DIVISOR); memset(recip, BIT_VECTOR_UNIT_VALUE, num_user / NUM_USER_DIVISOR); user_keys = (priv_key_t) malloc(length * sizeof(struct single_priv_key_s)); //** for (i = 0; i < length; i++) { Get_priv_key(gbs, sys, start_index + i, &user_keys[i]); Gen_decr_prod_from_bitvec(gbs, start_index + i, recip, &user_keys[i]); } for (i = 0; i < length; i++) { int_to_bytes(user_keys[i].index, user_priv_keys_out); user_priv_keys_out += 4; user_priv_keys_out += element_to_bytes(user_priv_keys_out, user_keys[i].g_i_gamma); user_priv_keys_out += element_to_bytes(user_priv_keys_out, user_keys[i].g_i); user_priv_keys_out += element_to_bytes(user_priv_keys_out, user_keys[i].h_i); user_priv_keys_out += element_to_bytes(user_priv_keys_out, user_keys[i].decr_prod); } memset(recip, BIT_VECTOR_CLEAR_UNIT_VALUE, num_user / NUM_USER_DIVISOR); free(recip); for (i = 0; i < length; i++) { FreePK(&user_keys[i]); } free(user_keys); FreeBCS(sys); pbc_free(sys); FreeGBP(gbs); pbc_free(gbs); return 0; }
int bbs_open(element_t A, bbs_group_public_key_t gpk, bbs_manager_private_key_t gmsk, int hashlen, void *hash, unsigned char *sig) { bbs_sys_param_ptr param = gpk->param; pairing_ptr pairing = param->pairing; field_ptr Fp = pairing->Zr; element_t T1, T2, T3; element_t R1, R2, R3, R4, R5; element_t c, salpha, sbeta, sx, sdelta1, sdelta2; element_t e10, et0, z0; unsigned char *readptr = sig; int result; UNUSED_VAR (hashlen); UNUSED_VAR (hash); //TODO: consolidate with verify element_init_G1(T1, pairing); element_init_G1(T2, pairing); element_init_G1(T3, pairing); element_init_G1(R1, pairing); element_init_G1(R2, pairing); element_init_GT(R3, pairing); element_init_G1(R4, pairing); element_init_G1(R5, pairing); element_init(c, Fp); element_init(salpha, Fp); element_init(sbeta, Fp); element_init(sx, Fp); element_init(sdelta1, Fp); element_init(sdelta2, Fp); element_init_G1(e10, pairing); element_init_GT(et0, pairing); element_init(z0, Fp); readptr += element_from_bytes(T1, readptr); readptr += element_from_bytes(T2, readptr); readptr += element_from_bytes(T3, readptr); readptr += element_from_bytes(c, readptr); readptr += element_from_bytes(salpha, readptr); readptr += element_from_bytes(sbeta, readptr); readptr += element_from_bytes(sx, readptr); readptr += element_from_bytes(sdelta1, readptr); readptr += element_from_bytes(sdelta2, readptr); element_neg(z0, c); element_pow_zn(R1, gpk->u, salpha); element_pow_zn(e10, T1, z0); element_mul(R1, R1, e10); element_pow_zn(R2, gpk->v, sbeta); element_pow_zn(e10, T2, z0); element_mul(R2, R2, e10); element_neg(z0, sdelta1); element_pow_zn(R4, gpk->u, z0); element_pow_zn(e10, T1, sx); element_mul(R4, R4, e10); element_neg(z0, sdelta2); element_pow_zn(R5, gpk->v, z0); element_pow_zn(e10, T2, sx); element_mul(R5, R5, e10); pairing_apply(R3, T3, gpk->w, pairing); pairing_apply(et0, gpk->g1, gpk->g2, pairing); element_invert(et0, et0); element_mul(R3, R3, et0); element_pow_zn(R3, R3, c); pairing_apply(et0, T3, gpk->g2, pairing); element_pow_zn(et0, et0, sx); element_mul(R3, R3, et0); element_add(z0, salpha, sbeta); element_neg(z0, z0); pairing_apply(et0, gpk->h, gpk->w, pairing); element_pow_zn(et0, et0, z0); element_mul(R3, R3, et0); element_add(z0, sdelta1, sdelta2); element_neg(z0, z0); pairing_apply(et0, gpk->h, gpk->g2, pairing); element_pow_zn(et0, et0, z0); element_mul(R3, R3, et0); //if mismatch result = 0; //} else { element_pow_zn(A, T1, gmsk->xi1); element_pow_zn(e10, T2, gmsk->xi2); element_mul(A, A, e10); element_invert(A, A); element_mul(A, A, T3); result =1; //} element_clear(T1); element_clear(T2); element_clear(T3); element_clear(R1); element_clear(R2); element_clear(R3); element_clear(R4); element_clear(R5); element_clear(c); element_clear(salpha); element_clear(sbeta); element_clear(sx); element_clear(sdelta1); element_clear(sdelta2); element_clear(e10); element_clear(et0); element_clear(z0); return result; }
FENC_ERROR import_components_from_buffer(uint8* buffer, size_t buf_len, size_t *imported_len, char* fmt, ...) { FENC_ERROR result = FENC_ERROR_NONE; va_list comp_list; uint32 deserialized_len = 0; fenc_attribute_list *attr_list = NULL; fenc_attribute_policy *pol_tree = NULL; char *attrs; size_t len; int32 temp_int; uint8* buf_ptr; char* fmt_ptr; element_t *elt; /* Iterate through the variable-length argument list. */ va_start(comp_list, fmt); for(fmt_ptr = fmt; *fmt_ptr != '\0'; fmt_ptr++) { if(*fmt_ptr != '%') { continue; } buf_ptr = (uint8*)(buffer + deserialized_len); switch(*++fmt_ptr) { case 'E': /* Uncompressed element. */ elt = va_arg(comp_list, element_t*); deserialized_len += element_from_bytes(*elt, buf_ptr); break; case 'C': /* Compressed element. */ elt = va_arg(comp_list, element_t*); deserialized_len += element_from_bytes_compressed(*elt, buf_ptr); break; case 's': strcpy(va_arg(comp_list, char *), (const char *) buf_ptr); deserialized_len += strlen((char *)buf_ptr) + 1; break; case 'd': IMPORT_INT32(temp_int, buf_ptr); *(va_arg(comp_list, int32*)) = temp_int; deserialized_len += sizeof(int32); break; case 'A': len = strlen((char *)buf_ptr); /* assume attribute list is NULL terminated */ attrs = SAFE_MALLOC(len+1); memset(attrs, 0, len+1); strncpy(attrs, (const char *) buf_ptr, len); // printf("Raw list: '%s'\n", attrs); deserialized_len += len + 1; attr_list = va_arg(comp_list, fenc_attribute_list*); /* tokenize the string and place in attribute_list */ fenc_buffer_to_attribute_list(&attrs, attr_list); free(attrs); break; case 'P': len = strlen((char *) buf_ptr); /* assume policy is NULL terminated */ pol_tree = va_arg(comp_list, fenc_attribute_policy *); /* get the users ptr to fenc_attribute_policy */ fenc_policy_from_string(pol_tree, (char *) buf_ptr); /* store policy into given policy structure */ deserialized_len += len + 1; /* increment pointer to next component */ break; default: /* Unrecognized symbol. */ result = FENC_ERROR_INVALID_INPUT; break; } if (deserialized_len > buf_len) { /* Return the length we read. */ if (imported_len != NULL) { *imported_len = deserialized_len; } return FENC_ERROR_BUFFER_TOO_SMALL; } } va_end(comp_list); /* Return the length we read. */ if (imported_len != NULL) { *imported_len = deserialized_len; } return result; }
static int mulg_from_bytes(element_ptr e, unsigned char *data) { return element_from_bytes(e->data, data); }
int join_load(char *in, action_data_t *join) { FILE *fpin = NULL; int rv = 0,i = 0; int elem_size = 0,pfix_count = 0; unsigned char *buf = NULL; unsigned char *sbuf = NULL; prefls_t *p = NULL; fpin = fopen(in,"rb"); if(!fpin) { goto err; } rv = ibe_keypair_loadfp(fpin,join->ibk); if(rv < 0 ) { goto err; } fread(&elem_size,sizeof(uint32_t),1,fpin); buf = (unsigned char *) malloc(elem_size); if(!buf) { goto err; } fread(buf,elem_size,1,fpin); element_from_bytes(join->witness,buf); fread(&pfix_count,sizeof(uint32_t),1,fpin); rv = pfix_init(&join->pfixlist,pfix_count,join->ibk->setup); if(rv < 0) goto err; p = join->pfixlist; //read prefix list + signatures for(i = 0; i < p->size; i++) { fread(&p->ina[i],sizeof(struct in_addr),1,fpin); fread(&p->netmask[i],sizeof(uint8_t),1,fpin); fread(&elem_size,sizeof(uint32_t),1,fpin); sbuf = (unsigned char *) malloc(elem_size); if(!sbuf) { pbgp_error("join_load(), sbuf malloc :: %s\n",strerror(errno)); goto err; } fread(sbuf,elem_size,1,fpin); rv = ibe_signature_deserialize(p->pf_sign[i],sbuf); free(sbuf); if(rv < 0) goto err; } fread(&join->pfixlist->tsca,sizeof(time_t),1,fpin); goto out; err: rv = -1; pbgp_error("join_load :: %s\n",strerror(errno)); out: if(fpin) fclose(fpin); if(buf) free(buf); return rv; }
int bbs_verify(unsigned char *sig, int hashlen, void *hash, bbs_group_public_key_t gpk) { bbs_sys_param_ptr param = gpk->param; pairing_ptr pairing = param->pairing; field_ptr Fp = pairing->Zr; element_t T1, T2, T3; element_t R1, R2, R3, R4, R5; element_t c, salpha, sbeta, sx, sdelta1, sdelta2; element_t e10, e20, e21, et0, z0, z1; unsigned char *readptr = sig; element_init_G1(T1, pairing); element_init_G1(T2, pairing); element_init_G1(T3, pairing); element_init_G1(R1, pairing); element_init_G1(R2, pairing); element_init_GT(R3, pairing); element_init_G1(R4, pairing); element_init_G1(R5, pairing); element_init(c, Fp); element_init(salpha, Fp); element_init(sbeta, Fp); element_init(sx, Fp); element_init(sdelta1, Fp); element_init(sdelta2, Fp); element_init_G1(e10, pairing); element_init_G2(e20, pairing); element_init_G2(e21, pairing); element_init_GT(et0, pairing); element_init(z0, Fp); element_init(z1, Fp); readptr += element_from_bytes(T1, readptr); readptr += element_from_bytes(T2, readptr); readptr += element_from_bytes(T3, readptr); readptr += element_from_bytes(c, readptr); readptr += element_from_bytes(salpha, readptr); readptr += element_from_bytes(sbeta, readptr); readptr += element_from_bytes(sx, readptr); readptr += element_from_bytes(sdelta1, readptr); readptr += element_from_bytes(sdelta2, readptr); element_neg(z0, c); //element_pow_zn(R1, gpk->u, salpha); //element_pow_zn(e10, T1, z0); //element_mul(R1, R1, e10); element_pow2_zn(R1, gpk->u, salpha, T1, z0); //element_pow_zn(R2, gpk->v, sbeta); //element_pow_zn(e10, T2, z0); //element_mul(R2, R2, e10); element_pow2_zn(R2, gpk->v, sbeta, T2, z0); element_neg(z0, sdelta1); //element_pow_zn(R4, gpk->u, z0); //element_pow_zn(e10, T1, sx); //element_mul(R4, R4, e10); element_pow2_zn(R4, gpk->u, z0, T1, sx); element_neg(z0, sdelta2); //element_pow_zn(R5, gpk->v, z0); //element_pow_zn(e10, T2, sx); //element_mul(R5, R5, e10); element_pow2_zn(R5, gpk->v, z0, T2, sx); /* * compute R3 more efficiently. use precomputed e(g1,g2)^{-1}, * e(h,g2), and e(h,w). this leaves e(T3,g2)^sx and e(T3,w)^c; * compute these with one pairing as e(T3, g2^sx w^c). */ //element_pow_zn(e20, gpk->g2, sx); //element_pow_zn(e21, gpk->w, c); //element_mul(e20, e20, e21); element_pow2_zn(e20, gpk->g2, sx, gpk->w, c); pairing_apply(R3, T3, e20, pairing); //element_pow_zn(et0, gpk->pr_g1_g2_inv, c); //element_mul(R3, R3, et0); element_add(z0, salpha, sbeta); element_neg(z0, z0); //element_pow_zn(et0, gpk->pr_h_w, z0); //element_mul(R3, R3, et0); element_add(z1, sdelta1, sdelta2); element_neg(z1, z1); //element_pow_zn(et0, gpk->pr_h_g2, z1); element_pow3_zn(et0, gpk->pr_g1_g2_inv, c, gpk->pr_h_w, z0, gpk->pr_h_g2, z1); element_mul(R3, R3, et0); #ifdef DEBUG element_printf("T1: %B\n", T1); element_printf("T2: %B\n", T2); element_printf("T3: %B\n", T3); element_printf("R1: %B\n", R1); element_printf("R2: %B\n", R2); element_printf("R3: %B\n", R3); element_printf("R4: %B\n", R4); element_printf("R5: %B\n", R5); #endif int result = 0; element_t M; element_init_G1(M, pairing); element_from_hash(M, hash, hashlen); unsigned int hash_input_length = element_length_in_bytes(T1) + element_length_in_bytes(T2) + element_length_in_bytes(T3) + element_length_in_bytes(R1) + element_length_in_bytes(R2) + element_length_in_bytes(R3) + element_length_in_bytes(R4) + element_length_in_bytes(R5) + element_length_in_bytes(M); unsigned char *hash_input = malloc(hash_input_length); hash_input += element_to_bytes(hash_input, T1); hash_input += element_to_bytes(hash_input, T2); hash_input += element_to_bytes(hash_input, T3); hash_input += element_to_bytes(hash_input, R1); hash_input += element_to_bytes(hash_input, R2); hash_input += element_to_bytes(hash_input, R3); hash_input += element_to_bytes(hash_input, R4); hash_input += element_to_bytes(hash_input, R5); hash_input += element_to_bytes(hash_input, M); // Could avoid converting to bytes and from bytes hash_input -= hash_input_length; hash_ctx_t context; unsigned char digest[hash_length]; hash_init(context); hash_update(context, hash_input, hash_input_length); hash_final(digest, context); free(hash_input); element_t c1; element_init(c1, Fp); element_from_hash(c1, digest, sizeof(digest)); if (!element_cmp(c, c1)) { result = 1; } element_clear(M); element_clear(c1); element_clear(T1); element_clear(T2); element_clear(T3); element_clear(R1); element_clear(R2); element_clear(R3); element_clear(R4); element_clear(R5); element_clear(c); element_clear(salpha); element_clear(sbeta); element_clear(sx); element_clear(sdelta1); element_clear(sdelta2); element_clear(e10); element_clear(e20); element_clear(e21); element_clear(et0); element_clear(z0); element_clear(z1); return result; }
int BCEDecrypt(byte *global_params_path, byte *priv_key_block, byte *CT_C0, byte *CT_C1, byte *symmetric_key_out) { global_broadcast_params_t gbs; priv_key_t priv_key; ct_t shared_CT; element_t symmetric_key; int suffix = 0, retlen; if (global_params_path == NULL) return 1; if (priv_key_block == NULL) return 2; if (CT_C0 == NULL) return 3; if (CT_C1 == NULL) return 4; if (symmetric_key_out == NULL) return 5; LoadGlobalParams((char *) global_params_path, &gbs); priv_key = (priv_key_t) pbc_malloc(sizeof(struct single_priv_key_s)); // restore index priv_key->index = bytes_to_int(priv_key_block); suffix += PRK_INDEX_LENGTH; // restore g_i_gamma element_init(priv_key->g_i_gamma, gbs->pairing->G1); retlen = element_from_bytes(priv_key->g_i_gamma, priv_key_block + suffix); if (retlen != PRK_G_I_GAMMA_LENGTH) return 6; suffix += PRK_G_I_GAMMA_LENGTH; // restore g_i element_init(priv_key->g_i, gbs->pairing->G1); retlen = element_from_bytes(priv_key->g_i, priv_key_block + suffix); if (retlen != PRK_G_I_LENGTH) return 7; suffix += PRK_G_I_LENGTH; // restore h_i element_init(priv_key->h_i, gbs->pairing->G2); retlen = element_from_bytes(priv_key->h_i, priv_key_block + suffix); if (retlen != PRK_H_I_LENGTH) return 8; suffix += PRK_H_I_LENGTH; // restore decr_prod element_init(priv_key->decr_prod, gbs->pairing->G1); retlen = element_from_bytes(priv_key->decr_prod, priv_key_block + suffix); if (retlen != PRK_DECR_PROD_LENGTH) return 9; shared_CT = (ct_t) pbc_malloc(sizeof(struct ciphertext_s)); element_init(shared_CT->C0, gbs->pairing->G2); element_init(shared_CT->C1, gbs->pairing->G1); element_from_bytes(shared_CT->C0, CT_C0); element_from_bytes(shared_CT->C1, CT_C1); DecryptKEM_using_product(gbs, priv_key, symmetric_key, shared_CT); retlen = element_to_bytes(symmetric_key_out, symmetric_key); if (retlen != SYMMETRIC_KEY_LENGTH) return 10; element_random(symmetric_key); element_clear(symmetric_key); FreeCT(shared_CT); pbc_free(shared_CT); FreePK(priv_key); pbc_free(priv_key); FreeGBP(gbs); pbc_free(gbs); return 0; }