📄 old_code.c
字号:
bm_put(bm_get_time(), "enc0"); //pick random sigma in {0,1}^n byte_string_init(sigma, n); crypto_rand_bytes(sigma->data, n); //Hash message byte_string_init(md_value, n); crypto_hash(md_value, M); IBE_authenticated_hidesigma(U, Varray, sigma, md_value, idarray, sender_key); byte_string_clear(md_value); //G1(sigma) is the key we use to encrypt byte_string_init(G1sigma, n); hash_G1(G1sigma, sigma); byte_string_clear(sigma); crypto_encrypt(W, M, G1sigma); byte_string_clear(G1sigma); bm_put(bm_get_time(), "enc1"); bm_report_encrypt(); return 1;}int IBE_encrypt(byte_string_t U, byte_string_t *Varray, byte_string_t W, byte_string_t M, char **idarray)//only works with short messages{ int n = params.n; byte_string_t sigma, G1sigma; byte_string_t md_value; bm_put(bm_get_time(), "enc0"); //pick random sigma in {0,1}^n byte_string_init(sigma, n); crypto_rand_bytes(sigma->data, n); byte_string_init(md_value, n); crypto_hash(md_value, M); IBE_hidesigma(U, Varray, sigma, md_value, idarray); byte_string_clear(md_value); //G1(sigma) is the key we use to encrypt byte_string_init(G1sigma, n); hash_G1(G1sigma, sigma); byte_string_clear(sigma); crypto_encrypt(W, M, G1sigma); byte_string_clear(G1sigma); bm_put(bm_get_time(), "enc1"); bm_report_encrypt(); return 1;}void IBE_authenticated_revealsigma(byte_string_t sigma, byte_string_t U, byte_string_t V, byte_string_t key, char *sender)//reveal a key sigma//given U, V, and a private key{ int i; int n = params.n; point_t xQ, PhiQ2; fp2_t s; byte_string_t md_value; byte_string_t tempbs, tempbs2; byte_string_init(md_value, n); byte_string_init(sigma, n); fp2_init(s); point_init(xQ); point_init(PhiQ2); point_set_byte_string(xQ, key); //XXX:cache this //calculate s = e(xQ, Phi(Q2)), where Q2 = public key of sender map_to_point(PhiQ2, sender); point_Phi(PhiQ2, PhiQ2); tate_pairing(s, xQ, PhiQ2); //compute sigma = V xor H(U,s) byte_string_set_fp2(tempbs2, s); byte_string_join(tempbs, U, tempbs2); hash_G1(md_value, tempbs); byte_string_clear(tempbs2); byte_string_clear(tempbs); for (i=0; i<n; i++) { sigma->data[i] = V->data[i] ^ md_value->data[i]; } byte_string_clear(md_value); fp2_clear(s); point_clear(xQ); point_clear(PhiQ2);}void IBE_revealsigma_preprocess(preprocessed_key_t pk, byte_string_t key)//speeds up miller() by caching stuff{ point_t xQ; point_init(xQ); point_set_byte_string(xQ, key); tate_preprocess(pk->mc, xQ);}void IBE_revealsigma_postprocess(byte_string_t sigma, byte_string_t U, byte_string_t V, preprocessed_key_t pk)//reveal a key sigma//given U, V, and a private key{ int i; int n = params.n; point_t rP; fp2_t res; byte_string_t md_value; byte_string_init(sigma, n); fp2_init(res); point_init(rP); point_set_byte_string(rP, U); //Compute sigma = V xor H(e(Pkey, Phi(U))) point_Phi(rP, rP); tate_postprocess(res, pk->mc, rP); byte_string_init(md_value, n); hash_H(md_value, res); for (i=0; i<n; i++) { sigma->data[i] = V->data[i] ^ md_value->data[i]; } byte_string_clear(md_value); fp2_clear(res); point_clear(rP);}void IBE_revealsigma(byte_string_t sigma, byte_string_t U, byte_string_t V, byte_string_t key)//reveal a key sigma//given U, V, and a private key{ int i; int n = params.n; point_t xQ, rP; fp2_t res; byte_string_t md_value; byte_string_init(sigma, n); fp2_init(res); point_init(xQ); point_init(rP); point_set_byte_string(xQ, key); point_set_byte_string(rP, U); //Compute sigma = V xor H(e(Pkey, Phi(U))) point_Phi(rP, rP); tate_pairing(res, xQ, rP); byte_string_init(md_value, n); hash_H(md_value, res); for (i=0; i<n; i++) { sigma->data[i] = V->data[i] ^ md_value->data[i]; } byte_string_clear(md_value); fp2_clear(res); point_clear(xQ); point_clear(rP);}int IBE_verify(byte_string_t U, byte_string_t sigma, byte_string_t hash)//verify that the ciphertext is valid//given U, a key sigma, and the hash of the plaintext{ //Set r = H1(sigma, M) mpz_t r; point_t rP, allegedrP; mpz_init(r); hash_H1(r, sigma, hash); point_init(rP); //point_mul(rP, r, params.P); point_mul_postprocess(rP, r); mpz_clear(r); point_init(allegedrP); point_set_byte_string(allegedrP, U); if (!point_equal(rP, allegedrP)) { printf("bad ciphertext: rP != U\n"); //printf("rP = "); //point_out_str(NULL, 0, rP); //printf("\n"); //printf("U = "); //point_out_str(NULL, 0, allegedrP); //printf("\n"); point_clear(rP); point_clear(allegedrP); return 0; } point_clear(rP); point_clear(allegedrP); return 1;}int IBE_authenticated_decrypt(byte_string_t M, byte_string_t U, byte_string_t V, byte_string_t W, byte_string_t d, char *sender){ int n = params.n; byte_string_t sigma, G1sigma; byte_string_t md_value; IBE_authenticated_revealsigma(sigma, U, V, d, sender); //Decrypt message with G1sigma as key byte_string_init(G1sigma, n); hash_G1(G1sigma, sigma); byte_string_clear(sigma); crypto_decrypt(M, W, G1sigma); byte_string_clear(G1sigma); byte_string_init(md_value, n); crypto_hash(md_value, M); if (!IBE_verify(U, sigma, md_value)) { byte_string_clear(md_value); byte_string_clear(sigma); printf("Message not valid!\n"); return 0; } byte_string_clear(md_value); return 1;}int IBE_decrypt(byte_string_t M, byte_string_t U, byte_string_t V, byte_string_t W, byte_string_t d){ int n = params.n; byte_string_t sigma, G1sigma; byte_string_t md_value; bm_put(bm_get_time(), "dec0"); IBE_revealsigma(sigma, U, V, d); //Decrypt message with G1sigma as key byte_string_init(G1sigma, n); hash_G1(G1sigma, sigma); crypto_decrypt(M, W, G1sigma); byte_string_clear(G1sigma); byte_string_init(md_value, n); crypto_hash(md_value, M); if (!IBE_verify(U, sigma, md_value)) { byte_string_clear(md_value); byte_string_clear(sigma); printf("Message not valid!\n"); return 0; } byte_string_clear(md_value); byte_string_clear(sigma); bm_put(bm_get_time(), "dec1"); bm_report_decrypt(); return 1;}//unused hash functionsvoid hash_G1(byte_string_t md_value, byte_string_t input){ crypto_hash(md_value, input);}void hash_H1(mpz_t r, byte_string_t c1, byte_string_t c2){ byte_string_t md_value; crypto_va_hash(md_value, 2, c1, c2); mympz_from_hash(r, params.q, md_value); byte_string_clear(md_value);}//plain encryption and decryption (without MACs) are used in the original//IBE paper because a Fujisaki-Okamoto transformation is usedvoid crypto_plain_encrypt(byte_string_t ctext, byte_string_t M, byte_string_t key){ EVP_CIPHER_CTX ctx; unsigned char sslkey[EVP_MAX_KEY_LENGTH]; int saltlen = EVP_CIPHER_iv_length(cipher); int newlen; int outl; byte_string_init(ctext, M->len + EVP_CIPHER_block_size(cipher) + saltlen); EVP_BytesToKey(cipher, EVP_md5(), NULL, key->data, key->len, 1, sslkey, NULL); if (1 != RAND_bytes(ctext->data, saltlen)) { //TODO: warn that random IV failed //return 0; } EVP_EncryptInit(&ctx, cipher, sslkey, ctext->data); newlen = saltlen; EVP_EncryptUpdate(&ctx, &ctext->data[newlen], &outl, M->data, M->len); newlen += outl; EVP_EncryptFinal(&ctx, &ctext->data[newlen], &outl); newlen += outl; byte_string_reinit(ctext, newlen);}void crypto_plain_decrypt(byte_string_t M, byte_string_t C, byte_string_t key){ EVP_CIPHER_CTX ctx; unsigned char sslkey[EVP_MAX_KEY_LENGTH]; int saltlen = EVP_CIPHER_iv_length(cipher); int mlen; int outl; EVP_BytesToKey(cipher, EVP_md5(), NULL, key->data, key->len, 1, sslkey, NULL); byte_string_init(M, C->len - saltlen + EVP_CIPHER_block_size(cipher)); EVP_DecryptInit(&ctx, cipher, sslkey, C->data); EVP_DecryptUpdate(&ctx, M->data, &mlen, &C->data[saltlen], C->len - saltlen); EVP_DecryptFinal(&ctx, &M->data[mlen], &outl); mlen += outl; byte_string_reinit(M, mlen);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -