status_t element_random(element_t e)
{
if(e->isInitialized == TRUE) {
if(e->type == ZR) {
bn_t n;
bn_inits(n);
g1_get_ord(n);
bn_t t = e->bn;
bn_rand(t, BN_POS, bn_bits(n));
bn_mod(t, t, n);
bn_free(n);
}
else if(e->type == G1) {
g1_rand(e->g1);
}
else if(e->type == G2) {
g2_rand(e->g2);
}
else if(e->type == GT) {
gt_rand(e->gt);
}
return ELEMENT_OK;
}
return ELEMENT_UNINITIALIZED;
}
int cp_pss_sig(g1_t a, g1_t b, uint8_t *msg, int len, bn_t r, bn_t s) {
bn_t m, n;
int result = RLC_OK;
bn_null(m);
bn_null(n);
TRY {
bn_new(m);
bn_new(n);
g1_get_ord(n);
bn_read_bin(m, msg, len);
bn_mul(m, m, s);
bn_mod(m, m, n);
bn_add(m, m, r);
bn_mod(m, m, n);
g1_rand(a);
g1_mul(b, a, m);
}
CATCH_ANY {
result = RLC_ERR;
}
FINALLY {
bn_free(m);
bn_free(n);
}
return result;
}
int cp_bgn_gen(bgn_t pub, bgn_t prv) {
bn_t n;
int result = STS_OK;
bn_null(n);
TRY {
bn_new(n);
g1_get_ord(n);
bn_rand_mod(prv->x, n);
bn_rand_mod(prv->y, n);
bn_rand_mod(prv->z, n);
g1_mul_gen(pub->gx, prv->x);
g1_mul_gen(pub->gy, prv->y);
g1_mul_gen(pub->gz, prv->z);
g2_mul_gen(pub->hx, prv->x);
g2_mul_gen(pub->hy, prv->y);
g2_mul_gen(pub->hz, prv->z);
}
CATCH_ANY {
result = STS_ERR;
}
FINALLY {
bn_free(n);
}
return result;
}
int get_order(integer_t x)
{
if(x != NULL) {
g1_get_ord(x);
return TRUE;
}
return FALSE;
}
int cp_pss_ver(g1_t a, g1_t b, uint8_t *msg, int len, g2_t g, g2_t x, g2_t y) {
g1_t p[2];
g2_t r[2];
gt_t e;
bn_t m, n;
int result = 1;
g1_null(p[0]);
g1_null(p[1]);
g2_null(r[0]);
g2_null(r[1]);
gt_null(e);
bn_null(m);
bn_null(n);
TRY {
g1_new(p[0]);
g1_new(p[1]);
g2_new(r[0]);
g2_new(r[1]);
gt_new(e);
bn_new(m);
bn_new(n);
if (g1_is_infty(a)) {
result = 0;
}
g1_copy(p[0], a);
g1_copy(p[1], b);
g2_copy(r[1], g);
g2_neg(r[1], r[1]);
g1_get_ord(n);
bn_read_bin(m, msg, len);
bn_mod(m, m, n);
g2_mul(r[0], y, m);
g2_add(r[0], r[0], x);
g2_norm(r[0], r[0]);
pc_map_sim(e, p, r, 2);
if (!gt_is_unity(e)) {
result = 0;
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
g1_free(p[0]);
g1_free(p[1]);
g2_free(r[0]);
g2_free(r[1]);
gt_free(e);
bn_free(m);
bn_free(n);
}
return result;
}
int cp_bgn_dec1(dig_t *out, g1_t in[2], bgn_t prv) {
bn_t r, n;
g1_t s, t, u;
int i, result = STS_ERR;
bn_null(n);
bn_null(r);
g1_null(s);
g1_null(t);
g1_null(u);
TRY {
bn_new(n);
bn_new(r);
g1_new(s);
g1_new(t);
g1_new(u);
g1_get_ord(n);
/* Compute T = x(ym + r)G - (zm + xr)G = m(xy - z)G. */
g1_mul(t, in[0], prv->x);
g1_sub(t, t, in[1]);
g1_norm(t, t);
/* Compute U = (xy - z)G and find m. */
bn_mul(r, prv->x, prv->y);
bn_sub(r, r, prv->z);
bn_mod(r, r, n);
g1_mul_gen(s, r);
g1_copy(u, s);
if (g1_is_infty(t) == 1){
*out = 0;
result = STS_OK;
} else {
for (i = 0; i < INT_MAX; i++) {
if (g1_cmp(t, u) == CMP_EQ) {
*out = i + 1;
result = STS_OK;
break;
}
g1_add(u, u, s);
g1_norm(u, u);
}
}
} CATCH_ANY {
result = STS_ERR;
}
FINALLY {
bn_free(n);
bn_free(r);
g1_free(s);
g1_free(t);
g1_free(u);
}
return result;
}
status_t element_init_GT(element_t e)
{
gt_inits(e->gt);
bn_inits(e->order);
gt_set_unity(e->gt);
g1_get_ord(e->order);
e->isInitialized = TRUE;
e->type = GT;
return ELEMENT_OK;
}
status_t element_init_G1(element_t e)
{
// if(e->g1 != NULL) g1_free(e->g1);
g1_inits(e->g1);
bn_inits(e->order);
g1_set_infty(e->g1);
g1_get_ord(e->order);
e->isInitialized = TRUE;
e->type = G1;
return ELEMENT_OK;
}
status_t element_init_Zr(element_t e, int init_value)
{
// if(e->bn != NULL) bn_free(e->bn);
bn_inits(e->bn);
bn_inits(e->order);
if(init_value == 0) /* default value */
bn_zero(e->bn);
else
bn_set_dig(e->bn, (dig_t) init_value);
g1_get_ord(e->order);
e->isInitialized = TRUE;
e->type = ZR;
return ELEMENT_OK;
}
int cp_bbs_sig(g1_t s, uint8_t *msg, int len, int hash, bn_t d) {
bn_t m, n, r;
uint8_t h[MD_LEN];
int result = STS_OK;
bn_null(m);
bn_null(n);
bn_null(r);
TRY {
bn_new(m);
bn_new(n);
bn_new(r);
g1_get_ord(n);
/* m = H(msg). */
if (hash) {
bn_read_bin(m, msg, len);
} else {
md_map(h, msg, len);
bn_read_bin(m, h, MD_LEN);
}
bn_mod(m, m, n);
/* m = 1/(m + d) mod n. */
bn_add(m, m, d);
bn_gcd_ext(r, m, NULL, m, n);
if (bn_sign(m) == BN_NEG) {
bn_add(m, m, n);
}
/* s = 1/(m+d) * g1. */
g1_mul_gen(s, m);
}
CATCH_ANY {
result = STS_ERR;
}
FINALLY {
bn_free(m);
bn_free(n);
bn_free(r);
}
return result;
}
int cp_sokaka_gen(bn_t master) {
bn_t n;
int result = STS_OK;
bn_null(n);
TRY {
bn_new(n);
g1_get_ord(n);
bn_rand_mod(master, n);
}
CATCH_ANY {
result = STS_ERR;
}
FINALLY {
bn_free(n);
}
return result;
}
int cp_bgn_enc1(g1_t out[2], dig_t in, bgn_t pub) {
bn_t r, n;
g1_t t;
int result = STS_OK;
bn_null(n);
bn_null(r);
g1_null(t);
TRY {
bn_new(n);
bn_new(r);
g1_new(t);
g1_get_ord(n);
bn_rand_mod(r, n);
/* Compute c0 = (ym + r)G. */
g1_mul_dig(out[0], pub->gy, in);
g1_mul_gen(t, r);
g1_add(out[0], out[0], t);
g1_norm(out[0], out[0]);
/* Compute c1 = (zm + xr)G. */
g1_mul_dig(out[1], pub->gz, in);
g1_mul(t, pub->gx, r);
g1_add(out[1], out[1], t);
g1_norm(out[1], out[1]);
}
CATCH_ANY {
result = STS_ERR;
}
FINALLY {
bn_free(n);
bn_free(r);
g1_free(t);
}
return result;
}
int cp_psb_sig(g1_t a, g1_t b, uint8_t *msgs[], int lens[], bn_t r, bn_t s[],
int l) {
bn_t m, n, t;
int i, result = RLC_OK;
bn_null(m);
bn_null(n);
bn_null(t);
TRY {
bn_new(m);
bn_new(n);
bn_new(t);
/* Choose random a in G1. */
g1_rand(a);
/* Compute b = a^x+\sum y_im_i. */
g1_get_ord(n);
bn_copy(t, r);
for (i = 0; i < l; i++) {
bn_read_bin(m, msgs[i], lens[i]);
bn_mod(m, m, n);
bn_mul(m, m, s[i]);
bn_mod(m, m, n);
bn_add(t, t, m);
bn_mod(t, t, n);
}
g1_mul(b, a, t);
}
CATCH_ANY {
result = RLC_ERR;
}
FINALLY {
bn_free(m);
bn_free(n);
bn_free(t);
}
return result;
}
int cp_psb_ver(g1_t a, g1_t b, uint8_t *msgs[], int lens[], g2_t g, g2_t x,
g2_t y[], int l) {
g1_t p[2];
g2_t q[2];
gt_t e;
bn_t m, n;
int i, result = 1;
g1_null(p[0]);
g1_null(p[1]);
g2_null(q[0]);
g2_null(q[1]);
gt_null(e);
bn_null(m);
bn_null(n);
TRY {
g1_new(p[0]);
g1_new(p[1]);
g2_new(q[0]);
g2_new(q[1]);
gt_new(e);
bn_new(m);
bn_new(n);
if (g1_is_infty(a)) {
result = 0;
}
/* Check that e(a, x \prod y_i^m_i) = e(b, g). */
g1_copy(p[0], a);
g1_copy(p[1], b);
g2_copy(q[0], x);
g1_get_ord(n);
for (i = 0; i < l; i++) {
bn_read_bin(m, msgs[i], lens[i]);
bn_mod(m, m, n);
g2_mul(q[1], y[i], m);
g2_add(q[0], q[0], q[1]);
}
g2_norm(q[0], q[0]);
g2_copy(q[1], g);
g2_neg(q[1], q[1]);
pc_map_sim(e, p, q, 2);
if (!gt_is_unity(e)) {
result = 0;
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
g1_free(p[0]);
g1_free(p[1]);
g2_free(q[0]);
g2_free(q[1]);
gt_free(e);
bn_free(m);
bn_free(n);
}
return result;
}