frosix

Multiparty signature service (experimental)
Log | Files | Refs | README | LICENSE

frost_low.c (10458B)

      1 /*
      2   This file is part of Frosix
      3   Copyright (C) 2022, 2023 Joel Urech
      4 
      5   Frosix is free software; you can redistribute it and/or modify it under the
      6   terms of the GNU Affero General Public License as published by the Free Software
      7   Foundation; either version 3, or (at your option) any later version.
      8 
      9   Frosix is distributed in the hope that it will be useful, but WITHOUT ANY
     10   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
     11   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
     12 
     13   You should have received a copy of the GNU Affero General Public License along with
     14   Frosix; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
     15 */
     16 /**
     17  * @file frost_low.c
     18  * @brief Wrapper of all used functions from the crypto library libsodium
     19  * @author Joel Urech
     20 */
     21 #include <string.h>
     22 #include <gnunet/gnunet_util_lib.h>
     23 #include "frost_low.h"
     24 
     25 int
     26 FROST_low_init ()
     27 {
     28   return sodium_init ();
     29 }
     30 
     31 
     32 // Points
     33 void
     34 FROST_point_mul_scalar (struct FROST_Point *result,
     35                         const struct FROST_Point *pt,
     36                         const struct FROST_Scalar *scal)
     37 {
     38   GNUNET_assert (0 == crypto_scalarmult_ristretto255 (result->xcoord,
     39                                                       scal->scalarbytes,
     40                                                       pt->xcoord));
     41 }
     42 
     43 
     44 void
     45 FROST_point_add_point (struct FROST_Point *result,
     46                        const struct FROST_Point *p,
     47                        const struct FROST_Point *q)
     48 {
     49   GNUNET_assert (0 == crypto_core_ristretto255_add (result->xcoord,
     50                                                     p->xcoord,
     51                                                     q->xcoord));
     52 }
     53 
     54 
     55 void
     56 FROST_point_sub_point (struct FROST_Point *result,
     57                        const struct FROST_Point *p,
     58                        const struct FROST_Point *q)
     59 {
     60   GNUNET_assert (0 == crypto_core_ristretto255_sub (result->xcoord,
     61                                                     p->xcoord,
     62                                                     q->xcoord));
     63 }
     64 
     65 
     66 void
     67 FROST_point_identity (struct FROST_Point *result)
     68 {
     69   memset (result->xcoord,
     70           0,
     71           sizeof (*result));
     72 }
     73 
     74 
     75 void
     76 FROST_base_mul_scalar (struct FROST_Point *result,
     77                        const struct FROST_Scalar *scal)
     78 {
     79   GNUNET_assert (0 == crypto_scalarmult_ristretto255_base (result->xcoord,
     80                                                            scal->scalarbytes));
     81 }
     82 
     83 
     84 void
     85 FROST_scalar_add_scalar (struct FROST_Scalar *result,
     86                          const struct FROST_Scalar *xscal,
     87                          const struct FROST_Scalar *yscal)
     88 {
     89   crypto_core_ristretto255_scalar_add (result->scalarbytes,
     90                                        xscal->scalarbytes,
     91                                        yscal->scalarbytes);
     92 }
     93 
     94 
     95 void
     96 FROST_scalar_mul_scalar (struct FROST_Scalar *result,
     97                          const struct FROST_Scalar *xscal,
     98                          const struct FROST_Scalar *yscal)
     99 {
    100   crypto_core_ristretto255_scalar_mul (result->scalarbytes,
    101                                        xscal->scalarbytes,
    102                                        yscal->scalarbytes);
    103 }
    104 
    105 
    106 void
    107 FROST_scalar_sub_scalar (struct FROST_Scalar *result,
    108                          const struct FROST_Scalar *xscal,
    109                          const struct FROST_Scalar *yscal)
    110 {
    111   crypto_core_ristretto255_scalar_sub (result->scalarbytes,
    112                                        xscal->scalarbytes,
    113                                        yscal->scalarbytes);
    114 }
    115 
    116 
    117 void
    118 FROST_scalar_invert (struct FROST_Scalar *result,
    119                      const struct FROST_Scalar *scal)
    120 {
    121   GNUNET_assert (0 == crypto_core_ristretto255_scalar_invert (
    122                    result->scalarbytes,
    123                    scal->scalarbytes));
    124 }
    125 
    126 
    127 void
    128 FROST_point_random (struct FROST_Point *result)
    129 {
    130   crypto_core_ristretto255_random (result->xcoord);
    131 }
    132 
    133 
    134 void
    135 FROST_scalar_random (struct FROST_Scalar *result)
    136 {
    137   crypto_core_ristretto255_scalar_random (result->scalarbytes);
    138 }
    139 
    140 
    141 void
    142 FROST_hash_init (struct FROST_HashState *state)
    143 {
    144   GNUNET_assert (0 == crypto_hash_sha512_init (&state->state));
    145 }
    146 
    147 
    148 void
    149 FROST_hash_fixed_update (struct FROST_HashState *state,
    150                          const void *msg,
    151                          size_t len)
    152 {
    153   GNUNET_assert (0 == crypto_hash_sha512_update (&state->state,
    154                                                  msg,
    155                                                  len));
    156 }
    157 
    158 
    159 void
    160 FROST_hash_point_update (struct FROST_HashState *state,
    161                          const struct FROST_Point *pt)
    162 {
    163   GNUNET_assert (0 == crypto_hash_sha512_update (&state->state,
    164                                                  pt->xcoord,
    165                                                  sizeof (*pt)));
    166 }
    167 
    168 
    169 void
    170 FROST_hash_hash_update (struct FROST_HashState *state,
    171                         const struct FROST_HashCode *hash)
    172 {
    173   GNUNET_assert (0 == crypto_hash_sha512_update (&state->state,
    174                                                  hash->hashbytes,
    175                                                  sizeof (*hash)));
    176 }
    177 
    178 
    179 void
    180 FROST_hash_scalar_update (struct FROST_HashState *state,
    181                           const struct FROST_Scalar *scal)
    182 {
    183   GNUNET_assert (0 == crypto_hash_sha512_update (&state->state,
    184                                                  scal->scalarbytes,
    185                                                  sizeof (*scal)));
    186 }
    187 
    188 
    189 void
    190 FROST_hash_uint8_update (struct FROST_HashState *state,
    191                          uint8_t identifier)
    192 {
    193   GNUNET_assert (0 == crypto_hash_sha512_update (&state->state,
    194                                                  &identifier,
    195                                                  sizeof (identifier)));
    196 }
    197 
    198 
    199 void
    200 FROST_hash_final (struct FROST_HashState *state,
    201                   struct FROST_HashCode *result)
    202 {
    203   GNUNET_assert (0 == crypto_hash_sha512_final (&state->state,
    204                                                 result->hashbytes));
    205 }
    206 
    207 
    208 void
    209 FROST_hash_to_curve (struct FROST_Point *result,
    210                      const struct FROST_HashCode *hash)
    211 {
    212   GNUNET_assert (0 == crypto_core_ristretto255_from_hash (result->xcoord,
    213                                                           hash->hashbytes));
    214 }
    215 
    216 
    217 enum GNUNET_GenericReturnValue
    218 FROST_hash_cmp (const struct FROST_HashCode *first,
    219                 const struct FROST_HashCode *second)
    220 {
    221   if (0 == memcmp (&first->hashbytes,
    222                    &second->hashbytes,
    223                    sizeof (*first)))
    224     return GNUNET_OK;
    225   return GNUNET_NO;
    226 }
    227 
    228 
    229 void
    230 FROST_hash_to_scalar (struct FROST_Scalar *result,
    231                       const struct FROST_HashCode *hash)
    232 {
    233   crypto_core_ristretto255_scalar_reduce (result->scalarbytes,
    234                                           hash->hashbytes);
    235 }
    236 
    237 
    238 void
    239 FROST_short_hash_init (struct FROST_ShortHashState *state)
    240 {
    241   GNUNET_assert (0 == crypto_hash_sha256_init (&state->state));
    242 }
    243 
    244 
    245 void
    246 FROST_short_hash_update_fixed (struct FROST_ShortHashState *state,
    247                                const void *msg,
    248                                size_t len)
    249 {
    250   GNUNET_assert (0 == crypto_hash_sha256_update (&state->state,
    251                                                  msg,
    252                                                  len));
    253 }
    254 
    255 
    256 void
    257 FROST_short_hash_final (struct FROST_ShortHashState *state,
    258                         struct FROST_ShortHashCode *result)
    259 {
    260   GNUNET_assert (0 == crypto_hash_sha256_final (&state->state,
    261                                                 result->hashbytes));
    262 }
    263 
    264 
    265 void
    266 FROST_point_copy_to (struct FROST_Point *destination,
    267                      const struct FROST_Point *origin)
    268 {
    269   memcpy (&destination->xcoord,
    270           &origin->xcoord,
    271           sizeof (*destination));
    272 }
    273 
    274 
    275 void
    276 FROST_scalar_copy_to (struct FROST_Scalar *destination,
    277                       const struct FROST_Scalar *origin)
    278 {
    279   memcpy (&destination->scalarbytes,
    280           &origin->scalarbytes,
    281           sizeof (*destination));
    282 }
    283 
    284 
    285 void
    286 FROST_scalar_zero (struct FROST_Scalar *scal)
    287 {
    288   memset (scal->scalarbytes,
    289           0,
    290           sizeof (*scal));
    291 }
    292 
    293 
    294 void
    295 FROST_scalar_one (struct FROST_Scalar *scal)
    296 {
    297   memset (scal->scalarbytes,
    298           0,
    299           sizeof (*scal));
    300   uint8_t one = 1;
    301   memcpy (scal->scalarbytes,
    302           &one,
    303           sizeof (one));
    304 }
    305 
    306 
    307 void
    308 FROST_scalar_set_uint8 (struct FROST_Scalar *result,
    309                         uint8_t number)
    310 {
    311   FROST_scalar_zero (result);
    312   memcpy (result,
    313           &number,
    314           sizeof (number));
    315 }
    316 
    317 
    318 enum GNUNET_GenericReturnValue
    319 FROST_point_cmp (const struct FROST_Point *p,
    320                  const struct FROST_Point *q)
    321 {
    322   if (0 == memcmp (p,
    323                    q,
    324                    crypto_core_ristretto255_BYTES))
    325     return GNUNET_OK;
    326   return GNUNET_NO;
    327 }
    328 
    329 
    330 enum GNUNET_GenericReturnValue
    331 FROST_is_valid_point (const struct FROST_Point *p)
    332 {
    333   struct FROST_Point identity;
    334   FROST_point_identity (&identity);
    335 
    336   if (1 == crypto_core_ristretto255_is_valid_point (p->xcoord)
    337       && GNUNET_NO == FROST_point_cmp (&identity,
    338                                        p))
    339     return GNUNET_OK;
    340   return GNUNET_NO;
    341 }
    342 
    343 
    344 void
    345 FROST_kdf_scalar_to_curve (struct FROST_Scalar *subkey,
    346                            uint64_t subkey_id,
    347                            const struct FROST_ShortHashCode *masterkey)
    348 {
    349   struct FROST_HashCode subkey_raw;
    350   GNUNET_assert (0 == crypto_kdf_derive_from_key (subkey_raw.hashbytes,
    351                                                   sizeof (subkey_raw),
    352                                                   subkey_id,
    353                                                   "FROSTLOW",
    354                                                   masterkey->hashbytes));
    355 
    356   FROST_hash_to_scalar (subkey,
    357                         &subkey_raw);
    358 }
    359 
    360 
    361 enum GNUNET_GenericReturnValue
    362 FROST_pow_hash (struct FROST_HashCode *hash,
    363                 const char *answer,
    364                 size_t length,
    365                 const struct FROST_PowSalt *salt,
    366                 uint8_t difficulty)
    367 {
    368   if (0 != crypto_pwhash (hash->hashbytes,
    369                           sizeof (*hash),
    370                           answer,
    371                           length,
    372                           salt->bytes,
    373                           crypto_pwhash_OPSLIMIT_MODERATE * difficulty,
    374                           crypto_pwhash_MEMLIMIT_MODERATE,
    375                           crypto_pwhash_ALG_ARGON2ID13))
    376     return GNUNET_NO;
    377   return GNUNET_OK;
    378 }