static int fq_from_bytes(element_t e, unsigned char *data) {
eptr p = e->data;
int len;
len = element_from_bytes(p->x, data);
len += element_from_bytes(p->y, data + len);
return len;
}
int
pbgp_ibe_signature_unserialize(unsigned char *buf, ibe_signature_t *signature)
{
int len = 0;
len += element_from_bytes(signature->u, buf + len);
len += element_from_bytes(signature->v, buf + len);
len += element_from_bytes(signature->w, buf + len);
return len;
}
static int curve_from_bytes(element_t e, unsigned char *data) {
point_ptr P = (point_ptr)e->data;
int len;
P->inf_flag = 0;
len = element_from_bytes(P->x, data);
len += element_from_bytes(P->y, data + len);
//if point does not lie on curve, set it to O
if (!curve_is_valid_point(e)) {
element_set0(e);
}
return len;
}
CipherText::CipherText(unsigned char* buf, pairing_t* p){
this->p = p;
this->m = NULL;
this->s = NULL;
element_init_GT(this->c1, *p);
element_init_G1(this->c0, *p);
int pos = 0;
pos += element_from_bytes(this->c1, buf + pos);
// element_printf("c1:%B\n", this->c1);
pos += element_from_bytes(this->c0, buf + pos);
// element_printf("c0:%B\n", this->c0);
printf("pos: %d -> reconstruct c1 and c0 ok\n", pos);
this->policy = new Policy(buf + pos, p);
printf("reconstruct policy ok\n");
}
/**
* Memoized version of element_from_hash
* for performance reason
*/
static inline void
_element_from_hash(element_t e, void *data, int len)
{
// @fixme: store is "left open" when executable close
static store_t *store = NULL;
if (!store) {
store = pbgp_store_open(NULL);
}
store_key_t key = { 0, 0, len, (unsigned char *) data };
size_t size = 0;
int ret = 0;
if (0 == pbgp_store_uget_size(store, &key, &size)) {
unsigned char buf[size];
memset (buf, 0, size);
pbgp_store_uget(store, &key, buf, &size);
ret = element_from_bytes(e, buf);
}
if (0 == ret) {
element_from_hash(e, data, len);
unsigned char edata[element_length_in_bytes(e)];
element_to_bytes(edata, e);
pbgp_store_put(store, &key, edata, sizeof(edata));
}
}
/*
* Convert an unsigned char array to an element
* Elements from G1 or G2 will also be decompressed!
*/
void BilinearMappingHandler::byteArrayToElement(element_t saveHere, unsigned char* compressedElem, bool isElementOfGT)
{
if (isElementOfGT)
element_from_bytes(saveHere,compressedElem);
else
element_from_bytes_compressed(saveHere, compressedElem);
}//end of byteArrayToElement()
// start_index从1开始
int BCEChangeDecryptionProduct(byte *global_params_path, int start_index, int length, int *adds, int n_adds, int *rems, int n_rems, byte *decr_prod, byte *decr_prod_out)
{
global_broadcast_params_t gbs;
struct single_priv_key_s *priv_key;
int i, writelen = 0;
if (global_params_path == NULL)
return 1;
if (start_index % NUM_USER_DIVISOR != 1)
return 2;
if (adds == NULL && rems == NULL)
return 4;
if (decr_prod == NULL)
return 8;
if (decr_prod_out == NULL)
return 9;
LoadGlobalParams((char *) global_params_path, &gbs);
if (n_adds > gbs->num_users)
return 5;
if (n_rems > gbs->num_users)
return 7;
priv_key = (priv_key_t) malloc(length * sizeof(struct single_priv_key_s));
for (i = 0; i < length; i++)
{
// restore index
priv_key[i].index = start_index + i;
// restore fake g_i_gamma
element_init(priv_key[i].g_i_gamma, gbs->pairing->G1);
// restore fake g_i
element_init(priv_key[i].g_i, gbs->pairing->G1);
// restore fake h_i
element_init(priv_key[i].h_i, gbs->pairing->G2);
// restore real decr_prod
element_init(priv_key[i].decr_prod, gbs->pairing->G1);
decr_prod += element_from_bytes(priv_key[i].decr_prod, decr_prod);
}
for (i = 0; i < length; i++)
{
Change_decr_prod_indicies(gbs, priv_key[i].index, adds, n_adds, rems, n_rems, &priv_key[i]);
writelen += element_to_bytes(decr_prod_out + writelen, priv_key[i].decr_prod);
}
for (i = 0; i < length; i++)
FreePK(&priv_key[i]);
free(priv_key);
FreeGBP(gbs);
pbc_free(gbs);
return 0;
}
// Requires e to be a point on an elliptic curve.
int element_from_bytes_x_only(element_ptr e, unsigned char *data) {
curve_data_ptr cdp = (curve_data_ptr)e->field->data;
point_ptr P = (point_ptr)e->data;
int len;
len = element_from_bytes(P->x, data);
point_from_x(P, P->x, cdp->a, cdp->b);
return len;
}
static inline void in(element_t elem, FILE *myfile) {
int sz;
fread(&sz, 4, 1, myfile);
unsigned char* data = pbc_malloc(sz);
fread(data, sz, 1, myfile);
element_from_bytes(elem, data);
pbc_free(data);
}
void element_from_file(element_t element, char* inputFile){
unsigned char element_byte_form[2048] = {0};
FILE* fp_element_byte_form = fopen(inputFile, "r");
int int_read_bytes = fread(element_byte_form, 1, 1024, fp_element_byte_form);
element_from_bytes(element, element_byte_form);
fclose(fp_element_byte_form);
}
void element_to_file(element_t element, char* outputFile){
const int int_bytes_of_element = element_length_in_bytes(element);
unsigned char * element_byte_form = (unsigned char *)malloc( int_bytes_of_element * sizeof(unsigned char));
element_to_bytes(element_byte_form, element);
element_from_bytes(element, element_byte_form);
FILE* fp_element = fopen(outputFile, "w");
fwrite(element_byte_form, 1, int_bytes_of_element, fp_element);
fclose( fp_element );
free(element_byte_form);
}
static inline int in(element_t elem, unsigned char *my_feed) {
int sz;
printf( "Prepare reading sz\n");
memcpy(&sz, my_feed, 4);
printf( "Size of pbc element: %d\n", sz);
unsigned char* data = pbc_malloc(sz);
memcpy(data, my_feed+4, sz);
element_from_bytes(elem, data);
pbc_free(data);
return sz+4;
}
// Requires e to be a point on an elliptic curve.
int element_from_bytes_compressed(element_ptr e, unsigned char *data) {
curve_data_ptr cdp = (curve_data_ptr)e->field->data;
point_ptr P = (point_ptr)e->data;
int len;
len = element_from_bytes(P->x, data);
point_from_x(P, P->x, cdp->a, cdp->b);
if (data[len]) {
if (element_sign(P->y) < 0) element_neg(P->y, P->y);
} else if (element_sign(P->y) > 0) {
element_neg(P->y, P->y);
}
len++;
return len;
}
int bb_verify(unsigned char *sig, unsigned int hashlen, unsigned char *hash, bb_public_key_t pk)
{
element_t sigma, r;
element_t m;
element_t t0, t1, t2;
int res;
int len;
pairing_ptr pairing = pk->param->pairing;
element_init(m, pairing->Zr);
element_from_hash(m, hash, hashlen);
element_init(sigma, pairing->G1);
len = element_from_bytes_x_only(sigma, sig);
element_init(r, pairing->Zr);
element_from_bytes(r, sig + len);
element_init(t0, pairing->G2);
element_init(t1, pairing->G2);
element_init(t2, pairing->GT);
element_pow_zn(t0, pk->g2, m);
element_pow_zn(t1, pk->v, r);
element_mul(t0, t0, t1);
element_mul(t0, t0, pk->u);
element_pairing(t2, sigma, t0);
if (!element_cmp(t2, pk->z)) {
res = 1;
} else {
element_mul(t2, t2, pk->z);
res = element_is1(t2);
}
element_clear(t0);
element_clear(t1);
element_clear(t2);
element_clear(m);
element_clear(sigma);
element_clear(r);
return res;
}
int
newepoch_load(char *in,epoch_item_t *ep,setup_params_t * setup)
{
FILE *fp = NULL;
uint32_t elem_size = 0;
int rv = 0;
unsigned char *buf = NULL;
fp=fopen(in,"rb");
if(!fp) {
pbgp_error("newepoch_load :: %s\n",strerror(errno));
return -1;
}
fread(&elem_size,sizeof(uint32_t),1,fp);
buf = (unsigned char *) malloc(elem_size);
if(!buf) {
pbgp_error("newepoch_load :: cannot allocate buf\n");
rv = -1;
goto out;
}
fread(buf,elem_size,1,fp);
element_from_bytes(ep->acc->elem,buf);
mpz_inp_raw (ep->s_acc,fp);
ids_load_fp(fp,ep->epls.act);
mpz_inp_raw(ep->s_new,fp);
ids_load_fp(fp,ep->epls.rvk);
mpz_inp_raw(ep->s_rvk,fp);
out:
if(buf)
free(buf);
fclose(fp);
return rv;
}
void BSActivity(unsigned char *da, unsigned char *db, unsigned char *dc, unsigned char *dcu) {
//signature decompress
//printf("Verifying....\n");
element_t cu, A, B, C;
element_init_G1(A, pairing);
element_init_G1(B, pairing);
element_init_G1(C, pairing);
element_init_Zr(cu, pairing2);
element_from_bytes_compressed(A, da);
element_from_bytes_compressed(B, db);
element_from_bytes_compressed(C, dc);
element_from_bytes(cu, dcu);
pbc_free(da);
pbc_free(db);
pbc_free(dc);
pbc_free(dcu);
//verification I
element_t exbcu;
element_t tmp1, tmp2, right, left;
element_init_GT(exbcu, pairing);
element_init_GT(tmp1, pairing);
element_init_GT(tmp2, pairing);
element_init_GT(right, pairing);
element_init_GT(left, pairing);
element_pairing(tmp1, X, A);
element_pairing(tmp2, X, B);
element_pow_zn(exbcu, tmp2, cu);
element_mul(left, tmp1, exbcu);
element_pairing(right, g, C);
if (!element_cmp(left, right)) {
//printf("part 1 verifies\n");
} else {
printf("*BUG* part 1 does not verify *BUG*\n");
}
//verification II
element_pairing(left, A, Y);
element_pairing(right, g, B);
if (!element_cmp(left, right)) {
//printf("part 2 verifies\n");
} else {
printf("*BUG* part 2 does not verify *BUG*\n");
}
if(ifsize) {
int totalsize = sizeof(tmp1) + sizeof(tmp2) + sizeof(right) + sizeof(left) +
sizeof(A) + sizeof(B) + sizeof(C) + sizeof(cu);
printf("Memory used at base station is %d bytes. \n", totalsize);
}
element_clear(exbcu);
element_clear(tmp1);
element_clear(tmp2);
element_clear(right);
element_clear(left);
element_clear(A);
element_clear(B);
element_clear(C);
element_clear(cu);
return;
}
static void test_gf3m_to_bytes(void) {
element_random(a);
element_to_bytes(data, a);
element_from_bytes(b, data);
EXPECT(0 == element_cmp(a, b));
}
//start_index从1开始,不算0
int BCEGenPrivateKeys(byte *sys_params_path, byte *sys_priv_key, int num_user, int start_index, int length, byte *user_priv_keys_out, int check_array)
{
global_broadcast_params_t gbs;
broadcast_system_t sys;
int priv_key_read, i;
//struct single_priv_key_s user_keys[length]; // Problematic Memory Allocation
struct single_priv_key_s *user_keys;
char *recip;
// char recip[num_user / NUM_USER_DIVISOR];
if (sys_params_path == NULL)
return 1;
if (sys_priv_key == NULL)
return 2;
if (num_user % NUM_USER_DIVISOR != 0)
return 3;
if (start_index % NUM_USER_DIVISOR != 1)
return 4;
if (user_priv_keys_out == NULL)
return 6;
if (length > check_array)
return -2;
LoadParams((char *) sys_params_path, &gbs, &sys);
priv_key_read = element_from_bytes(sys->priv_key, sys_priv_key);
if (priv_key_read != BCE_ZR_LENGTH)
return -1;
recip = (char *) malloc(num_user / NUM_USER_DIVISOR);
memset(recip, BIT_VECTOR_UNIT_VALUE, num_user / NUM_USER_DIVISOR);
user_keys = (priv_key_t) malloc(length * sizeof(struct single_priv_key_s)); //**
for (i = 0; i < length; i++)
{
Get_priv_key(gbs, sys, start_index + i, &user_keys[i]);
Gen_decr_prod_from_bitvec(gbs, start_index + i, recip, &user_keys[i]);
}
for (i = 0; i < length; i++)
{
int_to_bytes(user_keys[i].index, user_priv_keys_out);
user_priv_keys_out += 4;
user_priv_keys_out += element_to_bytes(user_priv_keys_out, user_keys[i].g_i_gamma);
user_priv_keys_out += element_to_bytes(user_priv_keys_out, user_keys[i].g_i);
user_priv_keys_out += element_to_bytes(user_priv_keys_out, user_keys[i].h_i);
user_priv_keys_out += element_to_bytes(user_priv_keys_out, user_keys[i].decr_prod);
}
memset(recip, BIT_VECTOR_CLEAR_UNIT_VALUE, num_user / NUM_USER_DIVISOR);
free(recip);
for (i = 0; i < length; i++)
{
FreePK(&user_keys[i]);
}
free(user_keys);
FreeBCS(sys);
pbc_free(sys);
FreeGBP(gbs);
pbc_free(gbs);
return 0;
}
int bbs_open(element_t A, bbs_group_public_key_t gpk, bbs_manager_private_key_t gmsk, int hashlen, void *hash, unsigned char *sig)
{
bbs_sys_param_ptr param = gpk->param;
pairing_ptr pairing = param->pairing;
field_ptr Fp = pairing->Zr;
element_t T1, T2, T3;
element_t R1, R2, R3, R4, R5;
element_t c, salpha, sbeta, sx, sdelta1, sdelta2;
element_t e10, et0, z0;
unsigned char *readptr = sig;
int result;
UNUSED_VAR (hashlen);
UNUSED_VAR (hash);
//TODO: consolidate with verify
element_init_G1(T1, pairing);
element_init_G1(T2, pairing);
element_init_G1(T3, pairing);
element_init_G1(R1, pairing);
element_init_G1(R2, pairing);
element_init_GT(R3, pairing);
element_init_G1(R4, pairing);
element_init_G1(R5, pairing);
element_init(c, Fp);
element_init(salpha, Fp);
element_init(sbeta, Fp);
element_init(sx, Fp);
element_init(sdelta1, Fp);
element_init(sdelta2, Fp);
element_init_G1(e10, pairing);
element_init_GT(et0, pairing);
element_init(z0, Fp);
readptr += element_from_bytes(T1, readptr);
readptr += element_from_bytes(T2, readptr);
readptr += element_from_bytes(T3, readptr);
readptr += element_from_bytes(c, readptr);
readptr += element_from_bytes(salpha, readptr);
readptr += element_from_bytes(sbeta, readptr);
readptr += element_from_bytes(sx, readptr);
readptr += element_from_bytes(sdelta1, readptr);
readptr += element_from_bytes(sdelta2, readptr);
element_neg(z0, c);
element_pow_zn(R1, gpk->u, salpha);
element_pow_zn(e10, T1, z0);
element_mul(R1, R1, e10);
element_pow_zn(R2, gpk->v, sbeta);
element_pow_zn(e10, T2, z0);
element_mul(R2, R2, e10);
element_neg(z0, sdelta1);
element_pow_zn(R4, gpk->u, z0);
element_pow_zn(e10, T1, sx);
element_mul(R4, R4, e10);
element_neg(z0, sdelta2);
element_pow_zn(R5, gpk->v, z0);
element_pow_zn(e10, T2, sx);
element_mul(R5, R5, e10);
pairing_apply(R3, T3, gpk->w, pairing);
pairing_apply(et0, gpk->g1, gpk->g2, pairing);
element_invert(et0, et0);
element_mul(R3, R3, et0);
element_pow_zn(R3, R3, c);
pairing_apply(et0, T3, gpk->g2, pairing);
element_pow_zn(et0, et0, sx);
element_mul(R3, R3, et0);
element_add(z0, salpha, sbeta);
element_neg(z0, z0);
pairing_apply(et0, gpk->h, gpk->w, pairing);
element_pow_zn(et0, et0, z0);
element_mul(R3, R3, et0);
element_add(z0, sdelta1, sdelta2);
element_neg(z0, z0);
pairing_apply(et0, gpk->h, gpk->g2, pairing);
element_pow_zn(et0, et0, z0);
element_mul(R3, R3, et0);
//if mismatch result = 0;
//} else {
element_pow_zn(A, T1, gmsk->xi1);
element_pow_zn(e10, T2, gmsk->xi2);
element_mul(A, A, e10);
element_invert(A, A);
element_mul(A, A, T3);
result =1;
//}
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(R1);
element_clear(R2);
element_clear(R3);
element_clear(R4);
element_clear(R5);
element_clear(c);
element_clear(salpha);
element_clear(sbeta);
element_clear(sx);
element_clear(sdelta1);
element_clear(sdelta2);
element_clear(e10);
element_clear(et0);
element_clear(z0);
return result;
}
FENC_ERROR
import_components_from_buffer(uint8* buffer, size_t buf_len, size_t *imported_len, char* fmt, ...)
{
FENC_ERROR result = FENC_ERROR_NONE;
va_list comp_list;
uint32 deserialized_len = 0;
fenc_attribute_list *attr_list = NULL;
fenc_attribute_policy *pol_tree = NULL;
char *attrs;
size_t len;
int32 temp_int;
uint8* buf_ptr;
char* fmt_ptr;
element_t *elt;
/* Iterate through the variable-length argument list. */
va_start(comp_list, fmt);
for(fmt_ptr = fmt; *fmt_ptr != '\0'; fmt_ptr++) {
if(*fmt_ptr != '%') {
continue;
}
buf_ptr = (uint8*)(buffer + deserialized_len);
switch(*++fmt_ptr) {
case 'E':
/* Uncompressed element. */
elt = va_arg(comp_list, element_t*);
deserialized_len += element_from_bytes(*elt, buf_ptr);
break;
case 'C':
/* Compressed element. */
elt = va_arg(comp_list, element_t*);
deserialized_len += element_from_bytes_compressed(*elt, buf_ptr);
break;
case 's':
strcpy(va_arg(comp_list, char *), (const char *) buf_ptr);
deserialized_len += strlen((char *)buf_ptr) + 1;
break;
case 'd':
IMPORT_INT32(temp_int, buf_ptr);
*(va_arg(comp_list, int32*)) = temp_int;
deserialized_len += sizeof(int32);
break;
case 'A':
len = strlen((char *)buf_ptr); /* assume attribute list is NULL terminated */
attrs = SAFE_MALLOC(len+1);
memset(attrs, 0, len+1);
strncpy(attrs, (const char *) buf_ptr, len);
// printf("Raw list: '%s'\n", attrs);
deserialized_len += len + 1;
attr_list = va_arg(comp_list, fenc_attribute_list*);
/* tokenize the string and place in attribute_list */
fenc_buffer_to_attribute_list(&attrs, attr_list);
free(attrs);
break;
case 'P':
len = strlen((char *) buf_ptr); /* assume policy is NULL terminated */
pol_tree = va_arg(comp_list, fenc_attribute_policy *); /* get the users ptr to fenc_attribute_policy */
fenc_policy_from_string(pol_tree, (char *) buf_ptr); /* store policy into given policy structure */
deserialized_len += len + 1; /* increment pointer to next component */
break;
default:
/* Unrecognized symbol. */
result = FENC_ERROR_INVALID_INPUT;
break;
}
if (deserialized_len > buf_len) {
/* Return the length we read. */
if (imported_len != NULL) {
*imported_len = deserialized_len;
}
return FENC_ERROR_BUFFER_TOO_SMALL;
}
}
va_end(comp_list);
/* Return the length we read. */
if (imported_len != NULL) {
*imported_len = deserialized_len;
}
return result;
}
static int mulg_from_bytes(element_ptr e, unsigned char *data) {
return element_from_bytes(e->data, data);
}
int
join_load(char *in, action_data_t *join)
{
FILE *fpin = NULL;
int rv = 0,i = 0;
int elem_size = 0,pfix_count = 0;
unsigned char *buf = NULL;
unsigned char *sbuf = NULL;
prefls_t *p = NULL;
fpin = fopen(in,"rb");
if(!fpin) {
goto err;
}
rv = ibe_keypair_loadfp(fpin,join->ibk);
if(rv < 0 ) {
goto err;
}
fread(&elem_size,sizeof(uint32_t),1,fpin);
buf = (unsigned char *) malloc(elem_size);
if(!buf) {
goto err;
}
fread(buf,elem_size,1,fpin);
element_from_bytes(join->witness,buf);
fread(&pfix_count,sizeof(uint32_t),1,fpin);
rv = pfix_init(&join->pfixlist,pfix_count,join->ibk->setup);
if(rv < 0)
goto err;
p = join->pfixlist;
//read prefix list + signatures
for(i = 0; i < p->size; i++) {
fread(&p->ina[i],sizeof(struct in_addr),1,fpin);
fread(&p->netmask[i],sizeof(uint8_t),1,fpin);
fread(&elem_size,sizeof(uint32_t),1,fpin);
sbuf = (unsigned char *) malloc(elem_size);
if(!sbuf) {
pbgp_error("join_load(), sbuf malloc :: %s\n",strerror(errno));
goto err;
}
fread(sbuf,elem_size,1,fpin);
rv = ibe_signature_deserialize(p->pf_sign[i],sbuf);
free(sbuf);
if(rv < 0)
goto err;
}
fread(&join->pfixlist->tsca,sizeof(time_t),1,fpin);
goto out;
err:
rv = -1;
pbgp_error("join_load :: %s\n",strerror(errno));
out:
if(fpin) fclose(fpin);
if(buf) free(buf);
return rv;
}
int bbs_verify(unsigned char *sig, int hashlen, void *hash, bbs_group_public_key_t gpk)
{
bbs_sys_param_ptr param = gpk->param;
pairing_ptr pairing = param->pairing;
field_ptr Fp = pairing->Zr;
element_t T1, T2, T3;
element_t R1, R2, R3, R4, R5;
element_t c, salpha, sbeta, sx, sdelta1, sdelta2;
element_t e10, e20, e21, et0, z0, z1;
unsigned char *readptr = sig;
element_init_G1(T1, pairing);
element_init_G1(T2, pairing);
element_init_G1(T3, pairing);
element_init_G1(R1, pairing);
element_init_G1(R2, pairing);
element_init_GT(R3, pairing);
element_init_G1(R4, pairing);
element_init_G1(R5, pairing);
element_init(c, Fp);
element_init(salpha, Fp);
element_init(sbeta, Fp);
element_init(sx, Fp);
element_init(sdelta1, Fp);
element_init(sdelta2, Fp);
element_init_G1(e10, pairing);
element_init_G2(e20, pairing);
element_init_G2(e21, pairing);
element_init_GT(et0, pairing);
element_init(z0, Fp);
element_init(z1, Fp);
readptr += element_from_bytes(T1, readptr);
readptr += element_from_bytes(T2, readptr);
readptr += element_from_bytes(T3, readptr);
readptr += element_from_bytes(c, readptr);
readptr += element_from_bytes(salpha, readptr);
readptr += element_from_bytes(sbeta, readptr);
readptr += element_from_bytes(sx, readptr);
readptr += element_from_bytes(sdelta1, readptr);
readptr += element_from_bytes(sdelta2, readptr);
element_neg(z0, c);
//element_pow_zn(R1, gpk->u, salpha);
//element_pow_zn(e10, T1, z0);
//element_mul(R1, R1, e10);
element_pow2_zn(R1, gpk->u, salpha, T1, z0);
//element_pow_zn(R2, gpk->v, sbeta);
//element_pow_zn(e10, T2, z0);
//element_mul(R2, R2, e10);
element_pow2_zn(R2, gpk->v, sbeta, T2, z0);
element_neg(z0, sdelta1);
//element_pow_zn(R4, gpk->u, z0);
//element_pow_zn(e10, T1, sx);
//element_mul(R4, R4, e10);
element_pow2_zn(R4, gpk->u, z0, T1, sx);
element_neg(z0, sdelta2);
//element_pow_zn(R5, gpk->v, z0);
//element_pow_zn(e10, T2, sx);
//element_mul(R5, R5, e10);
element_pow2_zn(R5, gpk->v, z0, T2, sx);
/*
* compute R3 more efficiently. use precomputed e(g1,g2)^{-1},
* e(h,g2), and e(h,w). this leaves e(T3,g2)^sx and e(T3,w)^c;
* compute these with one pairing as e(T3, g2^sx w^c).
*/
//element_pow_zn(e20, gpk->g2, sx);
//element_pow_zn(e21, gpk->w, c);
//element_mul(e20, e20, e21);
element_pow2_zn(e20, gpk->g2, sx, gpk->w, c);
pairing_apply(R3, T3, e20, pairing);
//element_pow_zn(et0, gpk->pr_g1_g2_inv, c);
//element_mul(R3, R3, et0);
element_add(z0, salpha, sbeta);
element_neg(z0, z0);
//element_pow_zn(et0, gpk->pr_h_w, z0);
//element_mul(R3, R3, et0);
element_add(z1, sdelta1, sdelta2);
element_neg(z1, z1);
//element_pow_zn(et0, gpk->pr_h_g2, z1);
element_pow3_zn(et0, gpk->pr_g1_g2_inv, c, gpk->pr_h_w, z0, gpk->pr_h_g2, z1);
element_mul(R3, R3, et0);
#ifdef DEBUG
element_printf("T1: %B\n", T1);
element_printf("T2: %B\n", T2);
element_printf("T3: %B\n", T3);
element_printf("R1: %B\n", R1);
element_printf("R2: %B\n", R2);
element_printf("R3: %B\n", R3);
element_printf("R4: %B\n", R4);
element_printf("R5: %B\n", R5);
#endif
int result = 0;
element_t M;
element_init_G1(M, pairing);
element_from_hash(M, hash, hashlen);
unsigned int hash_input_length = element_length_in_bytes(T1) +
element_length_in_bytes(T2) +
element_length_in_bytes(T3) +
element_length_in_bytes(R1) +
element_length_in_bytes(R2) +
element_length_in_bytes(R3) +
element_length_in_bytes(R4) +
element_length_in_bytes(R5) +
element_length_in_bytes(M);
unsigned char *hash_input = malloc(hash_input_length);
hash_input += element_to_bytes(hash_input, T1);
hash_input += element_to_bytes(hash_input, T2);
hash_input += element_to_bytes(hash_input, T3);
hash_input += element_to_bytes(hash_input, R1);
hash_input += element_to_bytes(hash_input, R2);
hash_input += element_to_bytes(hash_input, R3);
hash_input += element_to_bytes(hash_input, R4);
hash_input += element_to_bytes(hash_input, R5);
hash_input += element_to_bytes(hash_input, M); // Could avoid converting to bytes and from bytes
hash_input -= hash_input_length;
hash_ctx_t context;
unsigned char digest[hash_length];
hash_init(context);
hash_update(context, hash_input, hash_input_length);
hash_final(digest, context);
free(hash_input);
element_t c1;
element_init(c1, Fp);
element_from_hash(c1, digest, sizeof(digest));
if (!element_cmp(c, c1)) {
result = 1;
}
element_clear(M);
element_clear(c1);
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(R1);
element_clear(R2);
element_clear(R3);
element_clear(R4);
element_clear(R5);
element_clear(c);
element_clear(salpha);
element_clear(sbeta);
element_clear(sx);
element_clear(sdelta1);
element_clear(sdelta2);
element_clear(e10);
element_clear(e20);
element_clear(e21);
element_clear(et0);
element_clear(z0);
element_clear(z1);
return result;
}
int BCEDecrypt(byte *global_params_path, byte *priv_key_block, byte *CT_C0, byte *CT_C1, byte *symmetric_key_out)
{
global_broadcast_params_t gbs;
priv_key_t priv_key;
ct_t shared_CT;
element_t symmetric_key;
int suffix = 0, retlen;
if (global_params_path == NULL)
return 1;
if (priv_key_block == NULL)
return 2;
if (CT_C0 == NULL)
return 3;
if (CT_C1 == NULL)
return 4;
if (symmetric_key_out == NULL)
return 5;
LoadGlobalParams((char *) global_params_path, &gbs);
priv_key = (priv_key_t) pbc_malloc(sizeof(struct single_priv_key_s));
// restore index
priv_key->index = bytes_to_int(priv_key_block);
suffix += PRK_INDEX_LENGTH;
// restore g_i_gamma
element_init(priv_key->g_i_gamma, gbs->pairing->G1);
retlen = element_from_bytes(priv_key->g_i_gamma, priv_key_block + suffix);
if (retlen != PRK_G_I_GAMMA_LENGTH)
return 6;
suffix += PRK_G_I_GAMMA_LENGTH;
// restore g_i
element_init(priv_key->g_i, gbs->pairing->G1);
retlen = element_from_bytes(priv_key->g_i, priv_key_block + suffix);
if (retlen != PRK_G_I_LENGTH)
return 7;
suffix += PRK_G_I_LENGTH;
// restore h_i
element_init(priv_key->h_i, gbs->pairing->G2);
retlen = element_from_bytes(priv_key->h_i, priv_key_block + suffix);
if (retlen != PRK_H_I_LENGTH)
return 8;
suffix += PRK_H_I_LENGTH;
// restore decr_prod
element_init(priv_key->decr_prod, gbs->pairing->G1);
retlen = element_from_bytes(priv_key->decr_prod, priv_key_block + suffix);
if (retlen != PRK_DECR_PROD_LENGTH)
return 9;
shared_CT = (ct_t) pbc_malloc(sizeof(struct ciphertext_s));
element_init(shared_CT->C0, gbs->pairing->G2);
element_init(shared_CT->C1, gbs->pairing->G1);
element_from_bytes(shared_CT->C0, CT_C0);
element_from_bytes(shared_CT->C1, CT_C1);
DecryptKEM_using_product(gbs, priv_key, symmetric_key, shared_CT);
retlen = element_to_bytes(symmetric_key_out, symmetric_key);
if (retlen != SYMMETRIC_KEY_LENGTH)
return 10;
element_random(symmetric_key);
element_clear(symmetric_key);
FreeCT(shared_CT);
pbc_free(shared_CT);
FreePK(priv_key);
pbc_free(priv_key);
FreeGBP(gbs);
pbc_free(gbs);
return 0;
}
