Commit 5dc742f4 authored by Bernard van Gastel's avatar Bernard van Gastel
Browse files

Converted remaining tabs to spaces.

parent fc764dfd
...@@ -9,14 +9,14 @@ ...@@ -9,14 +9,14 @@
#include "sodium/crypto_hash_sha512.h" #include "sodium/crypto_hash_sha512.h"
#ifndef NDEBUG #ifndef NDEBUG
#define EXPECT(e) ((e) ? (void)0 : CrashAssert(__func__, __FILE__, __LINE__, #e)) #define EXPECT(e) ((e) ? (void)0 : CrashAssert(__func__, __FILE__, __LINE__, #e))
#define EXPECT_TEXT(e, text) ((e) ? (void)0 : CrashAssert(__func__, __FILE__, __LINE__, #e, text)) #define EXPECT_TEXT(e, text) ((e) ? (void)0 : CrashAssert(__func__, __FILE__, __LINE__, #e, text))
#else #else
#define EXPECT(e) ((void)0) #define EXPECT(e) ((void)0)
#define EXPECT_TEXT(e, text) ((void)0) #define EXPECT_TEXT(e, text) ((void)0)
#endif #endif
#define ENSURE(e) ((e) ? (void)0 : CrashAssert(__func__, __FILE__, __LINE__, #e)) #define ENSURE(e) ((e) ? (void)0 : CrashAssert(__func__, __FILE__, __LINE__, #e))
#define ENSURE_TEXT(e, text) ((e) ? (void)0 : CrashAssert(__func__, __FILE__, __LINE__, #e, text)) #define ENSURE_TEXT(e, text) ((e) ? (void)0 : CrashAssert(__func__, __FILE__, __LINE__, #e, text))
extern "C" [[noreturn]] void CrashAssert(const char* func, const char* file, int line, const char* condition, const char* explanation = nullptr); extern "C" [[noreturn]] void CrashAssert(const char* func, const char* file, int line, const char* condition, const char* explanation = nullptr);
namespace radboud { namespace radboud {
...@@ -26,29 +26,29 @@ struct GroupElement; ...@@ -26,29 +26,29 @@ struct GroupElement;
struct Scalar { struct Scalar {
static const constexpr size_t BYTES = 32; static const constexpr size_t BYTES = 32;
uint8_t value[BYTES]; uint8_t value[BYTES];
Scalar() { Scalar() {
memset(value, 0, sizeof(value)); memset(value, 0, sizeof(value));
} }
Scalar(const Scalar& rhs) { Scalar(const Scalar& rhs) {
*this = rhs; *this = rhs;
} }
Scalar& operator=(const Scalar& rhs) { Scalar& operator=(const Scalar& rhs) {
memcpy(value, rhs.value, sizeof(value)); memcpy(value, rhs.value, sizeof(value));
return *this; return *this;
} }
std::string_view raw() const { std::string_view raw() const {
return {reinterpret_cast<const char*>(value), sizeof(value)}; return {reinterpret_cast<const char*>(value), sizeof(value)};
} }
GroupElement base() const; GroupElement base() const;
Scalar invert() const ; // s * s^-1 = 1 Scalar invert() const ; // s * s^-1 = 1
Scalar complement() const ; // s + comp = 1 (mod L) Scalar complement() const ; // s + comp = 1 (mod L)
Scalar operator-() const; // negate Scalar operator-() const; // negate
bool zero() const; bool zero() const;
bool valid() const; bool valid() const;
// returns a scalar != 0 // returns a scalar != 0
static Scalar Random(); static Scalar Random();
static Scalar FromHash(uint8_t (&value)[64]); static Scalar FromHash(uint8_t (&value)[64]);
}; };
bool operator==(const Scalar& lhs, const Scalar& rhs); bool operator==(const Scalar& lhs, const Scalar& rhs);
...@@ -56,24 +56,24 @@ bool operator!=(const Scalar& lhs, const Scalar& rhs); ...@@ -56,24 +56,24 @@ bool operator!=(const Scalar& lhs, const Scalar& rhs);
struct GroupElement { struct GroupElement {
static const constexpr size_t BYTES = 32; static const constexpr size_t BYTES = 32;
uint8_t value[BYTES]; uint8_t value[BYTES];
GroupElement() { GroupElement() {
memset(value, 0, sizeof(value)); memset(value, 0, sizeof(value));
} }
GroupElement(const GroupElement& rhs) { GroupElement(const GroupElement& rhs) {
*this = rhs; *this = rhs;
} }
GroupElement& operator=(const GroupElement& rhs) { GroupElement& operator=(const GroupElement& rhs) {
memcpy(value, rhs.value, sizeof(value)); memcpy(value, rhs.value, sizeof(value));
return *this; return *this;
} }
std::string_view raw() const { std::string_view raw() const {
return {reinterpret_cast<const char*>(value), sizeof(value)}; return {reinterpret_cast<const char*>(value), sizeof(value)};
} }
bool zero() const; bool zero() const;
bool valid() const; bool valid() const;
static GroupElement Random(); static GroupElement Random();
static GroupElement FromHash(uint8_t (&value)[64]); static GroupElement FromHash(uint8_t (&value)[64]);
}; };
bool operator==(const GroupElement& lhs, const GroupElement& rhs); bool operator==(const GroupElement& lhs, const GroupElement& rhs);
...@@ -106,22 +106,22 @@ inline void _SHA512Update(crypto_hash_sha512_state*) { ...@@ -106,22 +106,22 @@ inline void _SHA512Update(crypto_hash_sha512_state*) {
template <typename... Args> template <typename... Args>
void _SHA512Update(crypto_hash_sha512_state* cxt, std::string in, const Args& ... args) { void _SHA512Update(crypto_hash_sha512_state* cxt, std::string in, const Args& ... args) {
crypto_hash_sha512_update(cxt, reinterpret_cast<const unsigned char*>(in.data()), in.length()); crypto_hash_sha512_update(cxt, reinterpret_cast<const unsigned char*>(in.data()), in.length());
_SHA512Update(cxt, args...); _SHA512Update(cxt, args...);
} }
template <typename... Args> template <typename... Args>
void _SHA512Update(crypto_hash_sha512_state* cxt, std::string_view in, const Args& ... args) { void _SHA512Update(crypto_hash_sha512_state* cxt, std::string_view in, const Args& ... args) {
crypto_hash_sha512_update(cxt, reinterpret_cast<const unsigned char*>(in.data()), in.length()); crypto_hash_sha512_update(cxt, reinterpret_cast<const unsigned char*>(in.data()), in.length());
_SHA512Update(cxt, args...); _SHA512Update(cxt, args...);
} }
template <typename... Args> template <typename... Args>
void SHA512(HashSHA512& hash, const Args& ... args) { void SHA512(HashSHA512& hash, const Args& ... args) {
crypto_hash_sha512_state context; crypto_hash_sha512_state context;
crypto_hash_sha512_init(&context); crypto_hash_sha512_init(&context);
_SHA512Update(&context, args...); _SHA512Update(&context, args...);
crypto_hash_sha512_final(&context, &hash[0]); crypto_hash_sha512_final(&context, &hash[0]);
// see http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html and is slow // see http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html and is slow
} }
...@@ -129,15 +129,15 @@ void RandomBytes(void* ptr, std::size_t length); ...@@ -129,15 +129,15 @@ void RandomBytes(void* ptr, std::size_t length);
template <size_t N> template <size_t N>
void RandomBytes(char (&buffer)[N]) { void RandomBytes(char (&buffer)[N]) {
RandomBytes(buffer, N); RandomBytes(buffer, N);
} }
template <size_t N> template <size_t N>
void RandomBytes(uint8_t (&buffer)[N]) { void RandomBytes(uint8_t (&buffer)[N]) {
RandomBytes(buffer, N); RandomBytes(buffer, N);
} }
template <typename T> template <typename T>
void RandomBytes(T & t, typename std::enable_if<std::is_integral<T>::value, void*>::type = nullptr) { void RandomBytes(T & t, typename std::enable_if<std::is_integral<T>::value, void*>::type = nullptr) {
RandomBytes(&t, sizeof(T)); RandomBytes(&t, sizeof(T));
} }
// KDF = Blake2b // KDF = Blake2b
......
...@@ -8,13 +8,13 @@ namespace radboud { ...@@ -8,13 +8,13 @@ namespace radboud {
namespace pep { namespace pep {
struct ElGamal { struct ElGamal {
GroupElement B; GroupElement B;
GroupElement C; GroupElement C;
GroupElement Y; GroupElement Y;
ElGamal() { } ElGamal() { }
ElGamal(GroupElement _B, const GroupElement& _C, const GroupElement& _Y); ElGamal(GroupElement _B, const GroupElement& _C, const GroupElement& _Y);
bool operator==(const ElGamal& rhs) const; bool operator==(const ElGamal& rhs) const;
bool operator!=(const ElGamal& rhs) const; bool operator!=(const ElGamal& rhs) const;
}; };
// encrypt message M using public key Y // encrypt message M using public key Y
......
...@@ -33,16 +33,16 @@ extern "C" { ...@@ -33,16 +33,16 @@ extern "C" {
#if defined(WIN32) #if defined(WIN32)
inline int strncasecmp(const char* s1, const char* s2, size_t n) { inline int strncasecmp(const char* s1, const char* s2, size_t n) {
return _strnicmp(s1, s2, n); return _strnicmp(s1, s2, n);
} }
inline int link(const char* oldPlace, const char *newPlace) { inline int link(const char* oldPlace, const char *newPlace) {
if (CreateHardLinkA(newPlace, oldPlace, NULL)) if (CreateHardLinkA(newPlace, oldPlace, NULL))
return 0; return 0;
return -1; return -1;
} }
inline void bzero(void* b, size_t len) { inline void bzero(void* b, size_t len) {
memset(b, '\0', len); memset(b, '\0', len);
} }
#endif #endif
......
...@@ -20,32 +20,32 @@ static_assert(crypto_core_ristretto255_BYTES == GroupElement::BYTES); ...@@ -20,32 +20,32 @@ static_assert(crypto_core_ristretto255_BYTES == GroupElement::BYTES);
// documentation of libsodium primitives: https://libsodium.gitbook.io/doc/advanced/point-arithmetic/ristretto // documentation of libsodium primitives: https://libsodium.gitbook.io/doc/advanced/point-arithmetic/ristretto
GroupElement Scalar::base() const { GroupElement Scalar::base() const {
GroupElement r; GroupElement r;
ENSURE(crypto_scalarmult_ristretto255_base(r.value, value) == 0); ENSURE(crypto_scalarmult_ristretto255_base(r.value, value) == 0);
return r; return r;
} }
Scalar Scalar::invert() const { Scalar Scalar::invert() const {
Scalar r; Scalar r;
crypto_core_ristretto255_scalar_invert(r.value, value); crypto_core_ristretto255_scalar_invert(r.value, value);
return r; return r;
}; };
Scalar Scalar::operator-() const { Scalar Scalar::operator-() const {
Scalar r; Scalar r;
crypto_core_ristretto255_scalar_negate(r.value, value); crypto_core_ristretto255_scalar_negate(r.value, value);
return r; return r;
} }
Scalar Scalar::complement() const { Scalar Scalar::complement() const {
Scalar r; Scalar r;
crypto_core_ristretto255_scalar_complement(r.value, value); crypto_core_ristretto255_scalar_complement(r.value, value);
return r; return r;
} }
[[maybe_unused]] bool Scalar::zero() const { [[maybe_unused]] bool Scalar::zero() const {
return sodium_is_zero(value, sizeof(value)); return sodium_is_zero(value, sizeof(value));
} }
bool Scalar::valid() const { bool Scalar::valid() const {
// sc25519_is_canonical() from ed25519_ref10.c // sc25519_is_canonical() from ed25519_ref10.c
/* 2^252+27742317777372353535851937790883648493 */ /* 2^252+27742317777372353535851937790883648493 */
static const unsigned char L[32] = { static const unsigned char L[32] = {
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7,
0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
...@@ -65,15 +65,15 @@ bool Scalar::valid() const { ...@@ -65,15 +65,15 @@ bool Scalar::valid() const {
} }
Scalar Scalar::Random() { Scalar Scalar::Random() {
Scalar r; Scalar r;
// does random bytes, and check if it is canonical and != zero // does random bytes, and check if it is canonical and != zero
crypto_core_ristretto255_scalar_random(r.value); crypto_core_ristretto255_scalar_random(r.value);
return r; return r;
} }
Scalar Scalar::FromHash(uint8_t (&value)[64]) { Scalar Scalar::FromHash(uint8_t (&value)[64]) {
Scalar r; Scalar r;
crypto_core_ristretto255_scalar_reduce(r.value, value); crypto_core_ristretto255_scalar_reduce(r.value, value);
return r; return r;
} }
[[maybe_unused]] bool GroupElement::zero() const { [[maybe_unused]] bool GroupElement::zero() const {
return sodium_is_zero(value, sizeof(value)); return sodium_is_zero(value, sizeof(value));
...@@ -82,76 +82,76 @@ bool GroupElement::valid() const { ...@@ -82,76 +82,76 @@ bool GroupElement::valid() const {
return crypto_core_ristretto255_is_valid_point(value); return crypto_core_ristretto255_is_valid_point(value);
} }
GroupElement GroupElement::FromHash(uint8_t (&value)[64]) { GroupElement GroupElement::FromHash(uint8_t (&value)[64]) {
GroupElement r; GroupElement r;
crypto_core_ristretto255_from_hash(r.value, value); crypto_core_ristretto255_from_hash(r.value, value);
return r; return r;
} }
GroupElement GroupElement::Random() { GroupElement GroupElement::Random() {
GroupElement r; GroupElement r;
// random bytes and calls *_from_hash(...) // random bytes and calls *_from_hash(...)
crypto_core_ristretto255_random(r.value); crypto_core_ristretto255_random(r.value);
return r; return r;
} }
namespace radboud { namespace radboud {
namespace pep { namespace pep {
GroupElement operator+(const GroupElement& lhs, const GroupElement& rhs) { GroupElement operator+(const GroupElement& lhs, const GroupElement& rhs) {
GroupElement r; GroupElement r;
crypto_core_ristretto255_add(r.value, lhs.value, rhs.value); crypto_core_ristretto255_add(r.value, lhs.value, rhs.value);
return r; return r;
} }
GroupElement operator-(const GroupElement& lhs, const GroupElement& rhs) { GroupElement operator-(const GroupElement& lhs, const GroupElement& rhs) {
GroupElement r; GroupElement r;
crypto_core_ristretto255_sub(r.value, lhs.value, rhs.value); crypto_core_ristretto255_sub(r.value, lhs.value, rhs.value);
return r; return r;
} }
Scalar operator+(const Scalar& lhs, const Scalar& rhs) { Scalar operator+(const Scalar& lhs, const Scalar& rhs) {
Scalar r; Scalar r;
crypto_core_ristretto255_scalar_add(r.value, lhs.value, rhs.value); crypto_core_ristretto255_scalar_add(r.value, lhs.value, rhs.value);
return r; return r;
} }
[[maybe_unused]] Scalar operator-(const Scalar& lhs, const Scalar& rhs) { [[maybe_unused]] Scalar operator-(const Scalar& lhs, const Scalar& rhs) {
Scalar r; Scalar r;
crypto_core_ristretto255_scalar_sub(r.value, lhs.value, rhs.value); crypto_core_ristretto255_scalar_sub(r.value, lhs.value, rhs.value);
return r; return r;
} }
Scalar operator*(const Scalar& lhs, const Scalar& rhs) { Scalar operator*(const Scalar& lhs, const Scalar& rhs) {
Scalar r; Scalar r;
crypto_core_ristretto255_scalar_mul(r.value, lhs.value, rhs.value); crypto_core_ristretto255_scalar_mul(r.value, lhs.value, rhs.value);
return r; return r;
} }
Scalar operator/(const Scalar& lhs, const Scalar& rhs) { Scalar operator/(const Scalar& lhs, const Scalar& rhs) {
Scalar r = rhs.invert(); Scalar r = rhs.invert();
crypto_core_ristretto255_scalar_mul(r.value, lhs.value, r.value); crypto_core_ristretto255_scalar_mul(r.value, lhs.value, r.value);
return r; return r;
} }
[[maybe_unused]] bool operator==(const Scalar& lhs, const Scalar& rhs) { [[maybe_unused]] bool operator==(const Scalar& lhs, const Scalar& rhs) {
for (size_t i = 0; i < sizeof(lhs.value); ++i) for (size_t i = 0; i < sizeof(lhs.value); ++i)
if (lhs.value[i] != rhs.value[i]) if (lhs.value[i] != rhs.value[i])
return false; return false;
return true; return true;
} }
[[maybe_unused]] bool operator!=(const Scalar& lhs, const Scalar& rhs) { [[maybe_unused]] bool operator!=(const Scalar& lhs, const Scalar& rhs) {
return !operator==(lhs, rhs); return !operator==(lhs, rhs);
} }
GroupElement operator*(const Scalar& lhs, const GroupElement& rhs) { GroupElement operator*(const Scalar& lhs, const GroupElement& rhs) {
GroupElement r; GroupElement r;
ENSURE(0 == crypto_scalarmult_ristretto255(r.value, lhs.value, rhs.value)); ENSURE(0 == crypto_scalarmult_ristretto255(r.value, lhs.value, rhs.value));
return r; return r;
} }
GroupElement operator/(const GroupElement& lhs, const Scalar& rhs) { GroupElement operator/(const GroupElement& lhs, const Scalar& rhs) {
GroupElement r; GroupElement r;
ENSURE(0 == crypto_scalarmult_ristretto255(r.value, rhs.invert().value, lhs.value)); ENSURE(0 == crypto_scalarmult_ristretto255(r.value, rhs.invert().value, lhs.value));
return r; return r;
} }
bool operator==(const GroupElement& lhs, const GroupElement& rhs) { bool operator==(const GroupElement& lhs, const GroupElement& rhs) {
for (size_t i = 0; i < sizeof(lhs.value); ++i) for (size_t i = 0; i < sizeof(lhs.value); ++i)
if (lhs.value[i] != rhs.value[i]) if (lhs.value[i] != rhs.value[i])
return false; return false;
return true; return true;
} }
bool operator!=(const GroupElement& lhs, const GroupElement& rhs) { bool operator!=(const GroupElement& lhs, const GroupElement& rhs) {
return !operator==(lhs, rhs); return !operator==(lhs, rhs);
} }
GroupElement operator*(const Scalar& lhs, const _G&) { GroupElement operator*(const Scalar& lhs, const _G&) {
...@@ -166,11 +166,11 @@ static_assert(crypto_kdf_KEYBYTES == KDF_SEEDKEYBYTES); ...@@ -166,11 +166,11 @@ static_assert(crypto_kdf_KEYBYTES == KDF_SEEDKEYBYTES);
static_assert(crypto_kdf_blake2b_CONTEXTBYTES == KDF_CONTEXTBYTES); static_assert(crypto_kdf_blake2b_CONTEXTBYTES == KDF_CONTEXTBYTES);
void KDFGenerateSeedKey(KDFSeedKey& seedKey) { void KDFGenerateSeedKey(KDFSeedKey& seedKey) {
crypto_kdf_keygen(seedKey); crypto_kdf_keygen(seedKey);
} }
void KDF(unsigned char *output, size_t outputLength, uint64_t subkey_id, const KDFContext& context, const KDFSeedKey& seedKey) { void KDF(unsigned char *output, size_t outputLength, uint64_t subkey_id, const KDFContext& context, const KDFSeedKey& seedKey) {
ENSURE(0 == crypto_kdf_derive_from_key(output, outputLength, subkey_id, context, seedKey)); ENSURE(0 == crypto_kdf_derive_from_key(output, outputLength, subkey_id, context, seedKey));
} }
} }
......
...@@ -17,37 +17,37 @@ bool radboud::pep::ElGamal::operator!=(const ElGamal& rhs) const { ...@@ -17,37 +17,37 @@ bool radboud::pep::ElGamal::operator!=(const ElGamal& rhs) const {
// encrypt message M using public key Y // encrypt message M using public key Y
ElGamal radboud::pep::Encrypt(const GroupElement& M, const GroupElement& Y) { ElGamal radboud::pep::Encrypt(const GroupElement& M, const GroupElement& Y) {
auto r = Scalar::Random(); auto r = Scalar::Random();
EXPECT(!r.zero()); // Random() does never return a zero scalar EXPECT(!r.zero()); // Random() does never return a zero scalar
ENSURE(!Y.zero()); // we should not encrypt anything with an empty public key, as this will result in plain text send over the line ENSURE(!Y.zero()); // we should not encrypt anything with an empty public key, as this will result in plain text send over the line
return {r * G, M + r*Y, Y}; return {r * G, M + r*Y, Y};
} }
// decrypt encrypted ElGamal tuple with secret key y // decrypt encrypted ElGamal tuple with secret key y
GroupElement radboud::pep::Decrypt(const ElGamal& in, const Scalar& y) { GroupElement radboud::pep::Decrypt(const ElGamal& in, const Scalar& y) {
return in.C - y * in.B; return in.C - y * in.B;
} }
ElGamal RerandomizeY(const ElGamal& in, const Scalar& s) { ElGamal RerandomizeY(const ElGamal& in, const Scalar& s) {
return {in.B - s*G, in.C, in.Y + s*G}; return {in.B - s*G, in.C, in.Y + s*G};
} }
// randomize the encryption // randomize the encryption
ElGamal radboud::pep::Rerandomize(const ElGamal& in, const Scalar& s) { ElGamal radboud::pep::Rerandomize(const ElGamal& in, const Scalar& s) {
return {s * G + in.B, s * in.Y + in.C, in.Y}; return {s * G + in.B, s * in.Y + in.C, in.Y};
} }
// make it decryptable with another key k*y (with y the original private key) // make it decryptable with another key k*y (with y the original private key)
ElGamal radboud::pep::Rekey(const ElGamal& in, const Scalar& k) { ElGamal radboud::pep::Rekey(const ElGamal& in, const Scalar& k) {
return {in.B / k, in.C, k * in.Y}; return {in.B / k, in.C, k * in.Y};
} }
// adjust the encrypted cypher text to be n*M (with M the original text being encrypted) // adjust the encrypted cypher text to be n*M (with M the original text being encrypted)
ElGamal radboud::pep::Reshuffle(const ElGamal& in, const Scalar& n) { ElGamal radboud::pep::Reshuffle(const ElGamal& in, const Scalar& n) {
return {n * in.B, n * in.C, in.Y}; return {n * in.B, n * in.C, in.Y};
} }
// combination of Rekey(k) and Reshuffle(n) // combination of Rekey(k) and Reshuffle(n)
ElGamal radboud::pep::RKS(const ElGamal& in, const Scalar& k, const Scalar& n) { ElGamal radboud::pep::RKS(const ElGamal& in, const Scalar& k, const Scalar& n) {
return {(n / k) * in.B, n * in.C, k * in.Y}; return {(n / k) * in.B, n * in.C, k * in.Y};
} }
...@@ -5,115 +5,115 @@ ...@@ -5,115 +5,115 @@
using namespace radboud::pep; using namespace radboud::pep;
std::tuple<GroupElement,Proof> radboud::pep::CreateProof(const Scalar& a /*secret*/, const GroupElement& M /*public*/) { std::tuple<GroupElement,Proof> radboud::pep::CreateProof(const Scalar& a /*secret*/, const GroupElement& M /*public*/) {
Scalar r = Scalar::Random(); Scalar r = Scalar::Random();
GroupElement A = a * G; GroupElement A = a * G;
GroupElement N = a * M; GroupElement N = a * M;
GroupElement C1 = r * G; GroupElement C1 = r * G;
GroupElement C2 = r * M; GroupElement C2 = r * M;
HashSHA512 hash; HashSHA512 hash;
SHA512(hash, SHA512(hash,
A.raw(), A.raw(),
M.raw(), M.raw(),
N.raw(), N.raw(),
C1.raw(), C1.raw(),
C2.raw()); C2.raw());
Scalar e = Scalar::FromHash(hash); Scalar e = Scalar::FromHash(hash);
Scalar s = a*e + r; Scalar s = a*e + r;
return {A, {N, C1, C2, s}};