void gotr_ecbd_gen_flake_key(gcry_mpi_point_t *ret,
gcry_mpi_point_t y0,
gcry_mpi_t r1,
gcry_mpi_point_t R1,
gcry_mpi_point_t R0,
gcry_mpi_point_t V1)
{
gcry_mpi_point_t tmp = gcry_mpi_point_new(0);
gcry_mpi_t n = gcry_mpi_new(0);
gcry_mpi_point_release(*ret);
*ret = gcry_mpi_point_new(0);
gcry_mpi_mul_ui(n, r1, 4);
gcry_mpi_ec_mul(*ret, n, y0, edctx);
gcry_mpi_set_ui(n, 3);
gcry_mpi_ec_mul(tmp, n, R1, edctx);
gcry_mpi_ec_add(*ret, *ret, tmp, edctx);
gcry_mpi_ec_dup(tmp, R0, edctx);
gcry_mpi_ec_add(*ret, *ret, tmp, edctx);
gcry_mpi_ec_add(*ret, *ret, V1, edctx);
gcry_mpi_point_release(tmp);
gcry_mpi_release(n);
}
int deserialize_mpi(gcry_mpi_t *x, enum disp_format df, const char *buf,
int inlen)
{
switch(df) {
case DF_BIN:
gcry_mpi_scan(x, GCRYMPI_FMT_USG, buf, inlen, NULL);
gcry_mpi_set_flag(*x, GCRYMPI_FLAG_SECURE);
break;
case DF_COMPACT:
case DF_BASE36:
do {
const char *digits = get_digits(df);
unsigned int digit_count = get_digit_count(df);
char *d;
int i;
*x = gcry_mpi_snew(0);
for(i = 0; i < inlen; i++) {
if (! (d = memchr(digits, buf[i], digit_count))) {
gcry_mpi_release(*x);
return 0;
}
gcry_mpi_mul_ui(*x, *x, digit_count);
gcry_mpi_add_ui(*x, *x, d - digits);
}
} while (0);
break;
default:
assert(0);
}
return 1;
}
static bigint_t
wrap_gcry_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b)
{
if (w == NULL)
w = _gnutls_mpi_alloc_like (a);
if (w == NULL)
return NULL;
gcry_mpi_mul_ui (w, a, b);
return w;
}
static void
mpz_randomize (gcry_mpi_t n, unsigned int nbits, struct GNUNET_HashCode * rnd)
{
struct GNUNET_HashCode hc;
struct GNUNET_HashCode tmp;
int bits_per_hc = sizeof (struct GNUNET_HashCode) * 8;
int cnt;
int i;
GNUNET_assert (nbits > 0);
cnt = (nbits + bits_per_hc - 1) / bits_per_hc;
gcry_mpi_set_ui (n, 0);
tmp = *rnd;
for (i = 0; i < cnt; i++)
{
int j;
if (i > 0)
GNUNET_CRYPTO_hash (&hc, sizeof (struct GNUNET_HashCode), &tmp);
for (j = 0; j < sizeof (struct GNUNET_HashCode) / sizeof (uint32_t); j++)
{
#if HAVE_GCRY_MPI_LSHIFT
gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8);
#else
gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4));
gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4));
#endif
gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j]));
}
hc = tmp;
}
GNUNET_CRYPTO_hash (&hc, sizeof (struct GNUNET_HashCode), rnd);
i = gcry_mpi_get_nbits (n);
while (i > nbits)
gcry_mpi_clear_bit (n, --i);
}
int ssh_gcry_dec2bn(bignum *bn, const char *data) {
int count;
*bn = bignum_new();
if (*bn == NULL) {
return 0;
}
gcry_mpi_set_ui(*bn, 0);
for (count = 0; data[count]; count++) {
gcry_mpi_mul_ui(*bn, *bn, 10);
gcry_mpi_add_ui(*bn, *bn, data[count] - '0');
}
return count;
}
int ECIES_decryption(char *key, const struct affine_point *R,
const gcry_mpi_t d, const struct curve_params *cp)
{
struct affine_point Z;
gcry_mpi_t e;
int res = 0;
if (! embedded_key_validation(R, &cp->dp))
return 0;
e = gcry_mpi_snew(0);
gcry_mpi_mul_ui(e, d, cp->dp.cofactor);
Z = pointmul(R, e, &cp->dp);
gcry_mpi_release(e);
if ((res = ! point_is_zero(&Z)))
ECIES_KDF(key, Z.x, R, cp->elem_len_bin);
point_release(&Z);
return res;
}
struct affine_point ECIES_encryption(char *key, const struct affine_point *Q,
const struct curve_params *cp)
{
struct affine_point Z, R;
gcry_mpi_t k;
Step1:
k = get_random_exponent(cp);
R = pointmul(&cp->dp.base, k, &cp->dp);
gcry_mpi_mul_ui(k, k, cp->dp.cofactor);
Z = pointmul(Q, k, &cp->dp);
gcry_mpi_release(k);
if (point_is_zero(&Z)) {
point_release(&R);
point_release(&Z);
goto Step1;
}
ECIES_KDF(key, Z.x, &R, cp->elem_len_bin);
point_release(&Z);
return R;
}
void gotr_ecbd_gen_circle_key(gcry_mpi_point_t *ret, gcry_mpi_point_t *X,
gcry_mpi_point_t Z, gcry_mpi_t r)
{
gcry_mpi_point_t tmp = gcry_mpi_point_new(0);
gcry_mpi_t n = gcry_mpi_new(0);
unsigned int i;
gcry_mpi_point_release(*ret);
*ret = gcry_mpi_point_set(NULL, NULL, GCRYMPI_CONST_ONE, GCRYMPI_CONST_ONE);
for (i = 0; X[i]; i++) {
gcry_mpi_set_ui(n, i+1);
gcry_mpi_ec_mul(tmp, n, X[i], edctx);
gcry_mpi_ec_add(*ret, *ret, tmp, edctx);
}
gcry_mpi_mul_ui(n, r, i+1);
gcry_mpi_ec_mul(tmp, n, Z, edctx);
gcry_mpi_ec_add(*ret, *ret, tmp, edctx);
gcry_mpi_release(n);
gcry_mpi_point_release(tmp);
}
