#define EXTRA_CHECKS 0
-#define NEW_CRYPTO 0
-
/**
* Name of the curve we are using. Note that we have hard-coded
}
-#if !NEW_CRYPTO
-/**
- * Convert the given private key from the network format to the
- * S-expression that can be used by libgcrypt.
- *
- * @param priv private key to decode
- * @return NULL on error
- */
-static gcry_sexp_t
-decode_private_eddsa_key (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
-{
- gcry_sexp_t result;
- int rc;
-
- rc = gcry_sexp_build (&result,
- NULL,
- "(private-key(ecc(curve \"" CURVE "\")"
- "(flags eddsa)(d %b)))",
- (int) sizeof(priv->d),
- priv->d);
- if (0 != rc)
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
- GNUNET_assert (0);
- }
-#if EXTRA_CHECKS
- if (0 != (rc = gcry_pk_testkey (result)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
- GNUNET_assert (0);
- }
-#endif
- return result;
-}
-#endif /* !NEW_CRYPTO */
-
-
-#if !NEW_CRYPTO
-/**
- * Convert the given private key from the network format to the
- * S-expression that can be used by libgcrypt.
- *
- * @param priv private key to decode
- * @return NULL on error
- */
-static gcry_sexp_t
-decode_private_ecdhe_key (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv)
-{
- gcry_sexp_t result;
- int rc;
-
- rc = gcry_sexp_build (&result,
- NULL,
- "(private-key(ecc(curve \"" CURVE "\")"
- "(d %b)))",
- (int) sizeof(priv->d),
- priv->d);
- if (0 != rc)
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
- GNUNET_assert (0);
- }
-#if EXTRA_CHECKS
- if (0 != (rc = gcry_pk_testkey (result)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
- GNUNET_assert (0);
- }
-#endif
- return result;
-}
-#endif /* !NEW_CRYPTO */
-
-
/**
* Extract the public key for the given private key.
*
const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
struct GNUNET_CRYPTO_EddsaPublicKey *pub)
{
-#if NEW_CRYPTO
BENCHMARK_START (eddsa_key_get_public);
GNUNET_TWEETNACL_sign_pk_from_seed (pub->q_y, priv->d);
BENCHMARK_END (eddsa_key_get_public);
-#else
- gcry_sexp_t sexp;
- gcry_ctx_t ctx;
- gcry_mpi_t q;
-
- BENCHMARK_START (eddsa_key_get_public);
-
- sexp = decode_private_eddsa_key (priv);
- GNUNET_assert (NULL != sexp);
- GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL));
- gcry_sexp_release (sexp);
- q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
- GNUNET_assert (q);
- GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q);
- gcry_mpi_release (q);
- gcry_ctx_release (ctx);
-
- BENCHMARK_END (eddsa_key_get_public);
-#endif
}
const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
struct GNUNET_CRYPTO_EcdhePublicKey *pub)
{
-#if NEW_CRYPTO
BENCHMARK_START (ecdhe_key_get_public);
GNUNET_TWEETNACL_scalarmult_curve25519_base (pub->q_y, priv->d);
BENCHMARK_END (ecdhe_key_get_public);
-#else
- gcry_sexp_t sexp;
- gcry_ctx_t ctx;
- gcry_mpi_t q;
-
- BENCHMARK_START (ecdhe_key_get_public);
-
- sexp = decode_private_ecdhe_key (priv);
- GNUNET_assert (NULL != sexp);
- GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL));
- gcry_sexp_release (sexp);
- q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
- GNUNET_assert (q);
- GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q);
- gcry_mpi_release (q);
- gcry_ctx_release (ctx);
-
- BENCHMARK_END (ecdhe_key_get_public);
-#endif
}
int
GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
{
-#if NEW_CRYPTO
BENCHMARK_START (ecdhe_key_create);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
pk,
sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
BENCHMARK_END (ecdhe_key_create);
return GNUNET_OK;
-#else
- gcry_sexp_t priv_sexp;
- gcry_sexp_t s_keyparam;
- gcry_mpi_t d;
- int rc;
-
- BENCHMARK_START (ecdhe_key_create);
-
- /* NOTE: For libgcrypt >= 1.7, we do not need the 'eddsa' flag here,
- but should also be harmless. For libgcrypt < 1.7, using 'eddsa'
- disables an expensive key testing routine. We do not want to run
- the expensive check for ECDHE, as we generate TONS of keys to
- use for a very short time. */if (0 != (rc = gcry_sexp_build (&s_keyparam,
- NULL,
- "(genkey(ecc(curve \"" CURVE "\")"
- "(flags eddsa no-keytest)))")))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
- return GNUNET_SYSERR;
- }
- if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
- gcry_sexp_release (s_keyparam);
- return GNUNET_SYSERR;
- }
- gcry_sexp_release (s_keyparam);
-#if EXTRA_CHECKS
- if (0 != (rc = gcry_pk_testkey (priv_sexp)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
- gcry_sexp_release (priv_sexp);
- return GNUNET_SYSERR;
- }
-#endif
- if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
- gcry_sexp_release (priv_sexp);
- return GNUNET_SYSERR;
- }
- gcry_sexp_release (priv_sexp);
- GNUNET_CRYPTO_mpi_print_unsigned (pk->d, sizeof(pk->d), d);
- gcry_mpi_release (d);
-
- BENCHMARK_END (ecdhe_key_create);
-
- return GNUNET_OK;
-#endif
}
struct GNUNET_CRYPTO_EddsaPrivateKey *
GNUNET_CRYPTO_eddsa_key_create ()
{
-#if NEW_CRYPTO
struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
BENCHMARK_START (eddsa_key_create);
BENCHMARK_END (eddsa_key_create);
return priv;
-#else
- struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
- gcry_sexp_t priv_sexp;
- gcry_sexp_t s_keyparam;
- gcry_mpi_t d;
- int rc;
-
- BENCHMARK_START (eddsa_key_create);
-
-#if CRYPTO_BUG
- again:
-#endif
- if (0 != (rc = gcry_sexp_build (&s_keyparam,
- NULL,
- "(genkey(ecc(curve \"" CURVE "\")"
- "(flags eddsa)))")))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
- return NULL;
- }
- if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
- gcry_sexp_release (s_keyparam);
- return NULL;
- }
- gcry_sexp_release (s_keyparam);
-#if EXTRA_CHECKS
- if (0 != (rc = gcry_pk_testkey (priv_sexp)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
- gcry_sexp_release (priv_sexp);
- return NULL;
- }
-#endif
- if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
- gcry_sexp_release (priv_sexp);
- return NULL;
- }
- gcry_sexp_release (priv_sexp);
- priv = GNUNET_new (struct GNUNET_CRYPTO_EddsaPrivateKey);
- GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof(priv->d), d);
- gcry_mpi_release (d);
-
-#if CRYPTO_BUG
- if (GNUNET_OK != check_eddsa_key (priv))
- {
- GNUNET_break (0);
- GNUNET_free (priv);
- goto again;
- }
-#endif
-
- BENCHMARK_END (eddsa_key_create);
-
- return priv;
-#endif
}
}
-#if !NEW_CRYPTO
-/**
- * Convert the data specified in the given purpose argument to an
- * S-expression suitable for signature operations.
- *
- * @param purpose data to convert
- * @return converted s-expression
- */
-static gcry_sexp_t
-data_to_eddsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
-{
- gcry_sexp_t data;
- int rc;
-
-/* SEE #5398 */
-#if 1
- struct GNUNET_HashCode hc;
-
- GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
- if (0 != (rc = gcry_sexp_build (&data,
- NULL,
- "(data(flags eddsa)(hash-algo %s)(value %b))",
- "sha512",
- (int) sizeof(hc),
- &hc)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
- return NULL;
- }
-#else
- if (0 != (rc = gcry_sexp_build (&data,
- NULL,
- "(data(flags eddsa)(hash-algo %s)(value %b))",
- "sha512",
- ntohl (purpose->size),
- purpose)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
- return NULL;
- }
-#endif
- return data;
-}
-#endif /* !NEW_CRYPTO */
-
-
/**
* Convert the data specified in the given purpose argument to an
* S-expression suitable for signature operations.
struct GNUNET_CRYPTO_EddsaSignature *sig)
{
-#if NEW_CRYPTO
size_t mlen = ntohl (purpose->size);
unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES];
int res;
sk);
BENCHMARK_END (eddsa_sign);
return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
-#else
-
- gcry_sexp_t priv_sexp;
- gcry_sexp_t sig_sexp;
- gcry_sexp_t data;
- int rc;
- gcry_mpi_t rs[2];
-
- BENCHMARK_START (eddsa_sign);
-
- priv_sexp = decode_private_eddsa_key (priv);
- data = data_to_eddsa_value (purpose);
- if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
- {
- LOG (GNUNET_ERROR_TYPE_WARNING,
- _ ("EdDSA signing failed at %s:%d: %s\n"),
- __FILE__,
- __LINE__,
- gcry_strerror (rc));
- gcry_sexp_release (data);
- gcry_sexp_release (priv_sexp);
- return GNUNET_SYSERR;
- }
- gcry_sexp_release (priv_sexp);
- gcry_sexp_release (data);
-
- /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
- 'signature' */
- if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
- {
- GNUNET_break (0);
- gcry_sexp_release (sig_sexp);
- return GNUNET_SYSERR;
- }
- gcry_sexp_release (sig_sexp);
- GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
- GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
- gcry_mpi_release (rs[0]);
- gcry_mpi_release (rs[1]);
-
- BENCHMARK_END (eddsa_sign);
-
- return GNUNET_OK;
-#endif
}
const struct GNUNET_CRYPTO_EddsaSignature *sig,
const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
{
-#if NEW_CRYPTO
unsigned char *m = (void *) validate;
size_t mlen = ntohl (validate->size);
unsigned char *s = (void *) sig;
res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y);
BENCHMARK_END (eddsa_verify);
return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
-#else
- gcry_sexp_t data;
- gcry_sexp_t sig_sexpr;
- gcry_sexp_t pub_sexpr;
- int rc;
-
- BENCHMARK_START (eddsa_verify);
-
- if (purpose != ntohl (validate->purpose))
- return GNUNET_SYSERR; /* purpose mismatch */
-
- /* build s-expression for signature */
- if (0 != (rc = gcry_sexp_build (&sig_sexpr,
- NULL,
- "(sig-val(eddsa(r %b)(s %b)))",
- (int) sizeof(sig->r),
- sig->r,
- (int) sizeof(sig->s),
- sig->s)))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
- return GNUNET_SYSERR;
- }
- data = data_to_eddsa_value (validate);
- if (0 != (rc = gcry_sexp_build (&pub_sexpr,
- NULL,
- "(public-key(ecc(curve " CURVE
- ")(flags eddsa)(q %b)))",
- (int) sizeof(pub->q_y),
- pub->q_y)))
- {
- gcry_sexp_release (data);
- gcry_sexp_release (sig_sexpr);
- return GNUNET_SYSERR;
- }
- rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
- gcry_sexp_release (pub_sexpr);
- gcry_sexp_release (data);
- gcry_sexp_release (sig_sexpr);
- if (0 != rc)
- {
- LOG (GNUNET_ERROR_TYPE_INFO,
- _ ("EdDSA signature verification of type %u failed at %s:%d: %s\n"),
- (unsigned int) purpose,
- __FILE__,
- __LINE__,
- gcry_strerror (rc));
- BENCHMARK_END (eddsa_verify);
- return GNUNET_SYSERR;
- }
- BENCHMARK_END (eddsa_verify);
- return GNUNET_OK;
-#endif
}
const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
struct GNUNET_HashCode *key_material)
{
-#if NEW_CRYPTO
uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, pub->q_y);
GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material);
return GNUNET_OK;
-#else
- gcry_mpi_point_t result;
- gcry_mpi_point_t q;
- gcry_mpi_t d;
- gcry_ctx_t ctx;
- gcry_sexp_t pub_sexpr;
- gcry_mpi_t result_x;
- unsigned char xbuf[256 / 8];
- size_t rsize;
-
- BENCHMARK_START (ecc_ecdh);
-
- /* first, extract the q = dP value from the public key */
- if (0 != gcry_sexp_build (&pub_sexpr,
- NULL,
- "(public-key(ecc(curve " CURVE ")(q %b)))",
- (int) sizeof(pub->q_y),
- pub->q_y))
- return GNUNET_SYSERR;
- GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
- gcry_sexp_release (pub_sexpr);
- q = gcry_mpi_ec_get_point ("q", ctx, 0);
-
- /* second, extract the d value from our private key */
- GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d));
-
- /* then call the 'multiply' function, to compute the product */
- result = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (result, d, q, ctx);
- gcry_mpi_point_release (q);
- gcry_mpi_release (d);
-
- /* finally, convert point to string for hashing */
- result_x = gcry_mpi_new (256);
- if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
- gcry_mpi_point_release (result);
- gcry_ctx_release (ctx);
- return GNUNET_SYSERR;
- }
- gcry_mpi_point_release (result);
- gcry_ctx_release (ctx);
-
- rsize = sizeof(xbuf);
- GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
- /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
- as that does not include the sign bit; x should be a 255-bit
- value, so with the sign it should fit snugly into the 256-bit
- xbuf */
- GNUNET_assert (
- 0 == gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x));
- GNUNET_CRYPTO_hash (xbuf, rsize, key_material);
- gcry_mpi_release (result_x);
- BENCHMARK_END (ecc_ecdh);
- return GNUNET_OK;
-#endif
}
}
-#if !NEW_CRYPTO
-/**
- * Reverse the sequence of the bytes in @a buffer
- *
- * @param[in|out] buffer buffer to invert
- * @param length number of bytes in @a buffer
- */
-static void
-reverse_buffer (unsigned char *buffer, size_t length)
-{
- unsigned char tmp;
- size_t i;
-
- for (i = 0; i < length / 2; i++)
- {
- tmp = buffer[i];
- buffer[i] = buffer[length - 1 - i];
- buffer[length - 1 - i] = tmp;
- }
-}
-
-
-/**
- * Convert the secret @a d of an EdDSA key to the
- * value that is actually used in the EdDSA computation.
- *
- * @param d secret input
- * @return value used for the calculation in EdDSA
- */
-static gcry_mpi_t
-eddsa_d_to_a (gcry_mpi_t d)
-{
- unsigned char rawmpi[32]; /* 256-bit value */
- size_t rawmpilen;
- unsigned char digest[64]; /* 512-bit hash value */
- gcry_buffer_t hvec[2];
- unsigned int b;
- gcry_mpi_t a;
-
- b = 256 / 8; /* number of bytes in `d` */
-
- /* Note that we clear DIGEST so we can use it as input to left pad
- the key with zeroes for hashing. */
- memset (digest, 0, sizeof digest);
- memset (hvec, 0, sizeof hvec);
- rawmpilen = sizeof(rawmpi);
- GNUNET_assert (
- 0 == gcry_mpi_print (GCRYMPI_FMT_USG, rawmpi, rawmpilen, &rawmpilen, d));
- hvec[0].data = digest;
- hvec[0].off = 0;
- hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0;
- hvec[1].data = rawmpi;
- hvec[1].off = 0;
- hvec[1].len = rawmpilen;
- GNUNET_assert (
- 0 == gcry_md_hash_buffers (GCRY_MD_SHA512, 0 /* flags */, digest, hvec, 2));
- /* Compute the A value. */
- reverse_buffer (digest, 32); /* Only the first half of the hash. */
- digest[0] = (digest[0] & 0x7f) | 0x40;
- digest[31] &= 0xf8;
-
- GNUNET_CRYPTO_mpi_scan_unsigned (&a, digest, 32);
- return a;
-}
-#endif
-
-
/**
* Take point from ECDH and convert it to key material.
*
const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
struct GNUNET_HashCode *key_material)
{
-#if NEW_CRYPTO
struct GNUNET_HashCode hc;
uint8_t a[GNUNET_TWEETNACL_SCALARMULT_BYTES];
uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
+
GNUNET_CRYPTO_hash (priv,
sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
&hc);
GNUNET_TWEETNACL_SCALARMULT_BYTES,
key_material);
return GNUNET_OK;
-#else
- gcry_mpi_point_t result;
- gcry_mpi_point_t q;
- gcry_mpi_t d;
- gcry_mpi_t a;
- gcry_ctx_t ctx;
- gcry_sexp_t pub_sexpr;
- int ret;
-
- BENCHMARK_START (eddsa_ecdh);
-
- /* first, extract the q = dP value from the public key */
- if (0 != gcry_sexp_build (&pub_sexpr,
- NULL,
- "(public-key(ecc(curve " CURVE ")(q %b)))",
- (int) sizeof(pub->q_y),
- pub->q_y))
- return GNUNET_SYSERR;
- GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
- gcry_sexp_release (pub_sexpr);
- q = gcry_mpi_ec_get_point ("q", ctx, 0);
-
- /* second, extract the d value from our private key */
- GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d));
-
- /* NOW, because this is EdDSA, HASH 'd' first! */
- a = eddsa_d_to_a (d);
- gcry_mpi_release (d);
-
- /* then call the 'multiply' function, to compute the product */
- result = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (result, a, q, ctx);
- gcry_mpi_point_release (q);
- gcry_mpi_release (a);
-
- ret = point_to_hash (result, ctx, key_material);
- gcry_mpi_point_release (result);
- gcry_ctx_release (ctx);
- BENCHMARK_END (eddsa_ecdh);
- return ret;
-#endif
}
const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
struct GNUNET_HashCode *key_material)
{
-#if NEW_CRYPTO
uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES];
+
GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y);
GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk);
GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material);
return GNUNET_OK;
-#else
- gcry_mpi_point_t result;
- gcry_mpi_point_t q;
- gcry_mpi_t d;
- gcry_ctx_t ctx;
- gcry_sexp_t pub_sexpr;
- int ret;
-
- BENCHMARK_START (ecdh_eddsa);
-
- /* first, extract the q = dP value from the public key */
- if (0 != gcry_sexp_build (&pub_sexpr,
- NULL,
- "(public-key(ecc(curve " CURVE ")(q %b)))",
- (int) sizeof(pub->q_y),
- pub->q_y))
- return GNUNET_SYSERR;
- GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
- gcry_sexp_release (pub_sexpr);
- q = gcry_mpi_ec_get_point ("q", ctx, 0);
-
- /* second, extract the d value from our private key */
- GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d));
-
- /* then call the 'multiply' function, to compute the product */
- result = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (result, d, q, ctx);
- gcry_mpi_point_release (q);
- gcry_mpi_release (d);
-
- /* finally, convert point to string for hashing */
- ret = point_to_hash (result, ctx, key_material);
- gcry_mpi_point_release (result);
- gcry_ctx_release (ctx);
- BENCHMARK_END (ecdh_eddsa);
- return ret;
-#endif
}
projects / oweals / gnunet.git / commitdiff