diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-09-05 18:03:58 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-09-05 18:03:58 +0000 |
commit | 14f9ba0d86025dfd2defb1635899c75da4815d16 (patch) | |
tree | d88c4404b496a1fc27fc0c4b6239c5ec4aee4510 /src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c | |
parent | 29ee3958cd75cf5f91846f8235278061e6c9309f (diff) | |
download | gnunet-14f9ba0d86025dfd2defb1635899c75da4815d16.tar.gz gnunet-14f9ba0d86025dfd2defb1635899c75da4815d16.zip |
-towards ECC variant of SP
Diffstat (limited to 'src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c')
-rw-r--r-- | src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c | 474 |
1 files changed, 116 insertions, 358 deletions
diff --git a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c index 565cc3104..773682234 100644 --- a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c +++ b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet. | 2 | This file is part of GNUnet. |
3 | Copyright (C) 2013, 2014 Christian Grothoff (and other contributing authors) | 3 | Copyright (C) 2013-2015 Christian Grothoff (and other contributing authors) |
4 | 4 | ||
5 | GNUnet is free software; you can redistribute it and/or modify | 5 | GNUnet is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published | 6 | it under the terms of the GNU General Public License as published |
@@ -18,7 +18,7 @@ | |||
18 | Boston, MA 02110-1301, USA. | 18 | Boston, MA 02110-1301, USA. |
19 | */ | 19 | */ |
20 | /** | 20 | /** |
21 | * @file scalarproduct/gnunet-service-scalarproduct_alice.c | 21 | * @file scalarproduct/gnunet-service-scalarproduct-ecc_alice.c |
22 | * @brief scalarproduct service implementation | 22 | * @brief scalarproduct service implementation |
23 | * @author Christian M. Fuchs | 23 | * @author Christian M. Fuchs |
24 | * @author Christian Grothoff | 24 | * @author Christian Grothoff |
@@ -34,11 +34,17 @@ | |||
34 | #include "gnunet_scalarproduct_service.h" | 34 | #include "gnunet_scalarproduct_service.h" |
35 | #include "gnunet_set_service.h" | 35 | #include "gnunet_set_service.h" |
36 | #include "scalarproduct.h" | 36 | #include "scalarproduct.h" |
37 | #include "gnunet-service-scalarproduct.h" | 37 | #include "gnunet-service-scalarproduct-ecc.h" |
38 | 38 | ||
39 | #define LOG(kind,...) GNUNET_log_from (kind, "scalarproduct-alice", __VA_ARGS__) | 39 | #define LOG(kind,...) GNUNET_log_from (kind, "scalarproduct-alice", __VA_ARGS__) |
40 | 40 | ||
41 | /** | 41 | /** |
42 | * Maximum allowed result value for the scalarproduct computation. | ||
43 | * DLOG will fail if the result is bigger. | ||
44 | */ | ||
45 | #define MAX_RESULT (1024 * 1024) | ||
46 | |||
47 | /** | ||
42 | * An encrypted element key-value pair. | 48 | * An encrypted element key-value pair. |
43 | */ | 49 | */ |
44 | struct MpiElement | 50 | struct MpiElement |
@@ -51,9 +57,15 @@ struct MpiElement | |||
51 | const struct GNUNET_HashCode *key; | 57 | const struct GNUNET_HashCode *key; |
52 | 58 | ||
53 | /** | 59 | /** |
54 | * Value represented (a). | 60 | * a_i value, not disclosed to Bob. |
55 | */ | 61 | */ |
56 | gcry_mpi_t value; | 62 | gcry_mpi_t value; |
63 | |||
64 | /** | ||
65 | * r_i value, chosen at random, not disclosed to Bob. | ||
66 | */ | ||
67 | gcry_mpi_t r_i; | ||
68 | |||
57 | }; | 69 | }; |
58 | 70 | ||
59 | 71 | ||
@@ -123,26 +135,6 @@ struct AliceServiceSession | |||
123 | struct MpiElement *sorted_elements; | 135 | struct MpiElement *sorted_elements; |
124 | 136 | ||
125 | /** | 137 | /** |
126 | * Bob's permutation p of R | ||
127 | */ | ||
128 | struct GNUNET_CRYPTO_PaillierCiphertext *r; | ||
129 | |||
130 | /** | ||
131 | * Bob's permutation q of R | ||
132 | */ | ||
133 | struct GNUNET_CRYPTO_PaillierCiphertext *r_prime; | ||
134 | |||
135 | /** | ||
136 | * Bob's "s" | ||
137 | */ | ||
138 | struct GNUNET_CRYPTO_PaillierCiphertext s; | ||
139 | |||
140 | /** | ||
141 | * Bob's "s'" | ||
142 | */ | ||
143 | struct GNUNET_CRYPTO_PaillierCiphertext s_prime; | ||
144 | |||
145 | /** | ||
146 | * The computed scalar | 138 | * The computed scalar |
147 | */ | 139 | */ |
148 | gcry_mpi_t product; | 140 | gcry_mpi_t product; |
@@ -167,12 +159,6 @@ struct AliceServiceSession | |||
167 | uint32_t client_received_element_count; | 159 | uint32_t client_received_element_count; |
168 | 160 | ||
169 | /** | 161 | /** |
170 | * Already transferred elements from Bob to us. | ||
171 | * Less or equal than @e total. | ||
172 | */ | ||
173 | uint32_t cadet_received_element_count; | ||
174 | |||
175 | /** | ||
176 | * State of this session. In | 162 | * State of this session. In |
177 | * #GNUNET_SCALARPRODUCT_STATUS_ACTIVE while operation is | 163 | * #GNUNET_SCALARPRODUCT_STATUS_ACTIVE while operation is |
178 | * ongoing, afterwards in #GNUNET_SCALARPRODUCT_STATUS_SUCCESS or | 164 | * ongoing, afterwards in #GNUNET_SCALARPRODUCT_STATUS_SUCCESS or |
@@ -195,19 +181,19 @@ struct AliceServiceSession | |||
195 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | 181 | static const struct GNUNET_CONFIGURATION_Handle *cfg; |
196 | 182 | ||
197 | /** | 183 | /** |
198 | * Service's own public key | 184 | * Context for DLOG operations on a curve. |
199 | */ | 185 | */ |
200 | static struct GNUNET_CRYPTO_PaillierPublicKey my_pubkey; | 186 | static struct GNUNET_CRYPTO_EccDlogContext *edc; |
201 | 187 | ||
202 | /** | 188 | /** |
203 | * Service's own private key | 189 | * Alice's private key ('a'). |
204 | */ | 190 | */ |
205 | static struct GNUNET_CRYPTO_PaillierPrivateKey my_privkey; | 191 | static gcry_mpi_t my_privkey; |
206 | 192 | ||
207 | /** | 193 | /** |
208 | * Service's offset for values that could possibly be negative but are plaintext for encryption. | 194 | * Inverse of Alice's private key ('a_inv'). |
209 | */ | 195 | */ |
210 | static gcry_mpi_t my_offset; | 196 | static gcry_mpi_t my_privkey_inv; |
211 | 197 | ||
212 | /** | 198 | /** |
213 | * Handle to the CADET service. | 199 | * Handle to the CADET service. |
@@ -300,16 +286,6 @@ destroy_service_session (struct AliceServiceSession *s) | |||
300 | GNUNET_free (s->sorted_elements); | 286 | GNUNET_free (s->sorted_elements); |
301 | s->sorted_elements = NULL; | 287 | s->sorted_elements = NULL; |
302 | } | 288 | } |
303 | if (NULL != s->r) | ||
304 | { | ||
305 | GNUNET_free (s->r); | ||
306 | s->r = NULL; | ||
307 | } | ||
308 | if (NULL != s->r_prime) | ||
309 | { | ||
310 | GNUNET_free (s->r_prime); | ||
311 | s->r_prime = NULL; | ||
312 | } | ||
313 | if (NULL != s->product) | 289 | if (NULL != s->product) |
314 | { | 290 | { |
315 | gcry_mpi_release (s->product); | 291 | gcry_mpi_release (s->product); |
@@ -463,248 +439,41 @@ cb_channel_destruction (void *cls, | |||
463 | 439 | ||
464 | 440 | ||
465 | /** | 441 | /** |
466 | * Computes the square sum over a vector of a given length. | ||
467 | * | ||
468 | * @param vector the vector to compute over | ||
469 | * @param length the length of the vector | ||
470 | * @return an MPI value containing the calculated sum, never NULL | ||
471 | */ | ||
472 | static gcry_mpi_t | ||
473 | compute_square_sum_mpi_elements (const struct MpiElement *vector, | ||
474 | uint32_t length) | ||
475 | { | ||
476 | gcry_mpi_t elem; | ||
477 | gcry_mpi_t sum; | ||
478 | uint32_t i; | ||
479 | |||
480 | GNUNET_assert (NULL != (sum = gcry_mpi_new (0))); | ||
481 | GNUNET_assert (NULL != (elem = gcry_mpi_new (0))); | ||
482 | for (i = 0; i < length; i++) | ||
483 | { | ||
484 | gcry_mpi_mul (elem, vector[i].value, vector[i].value); | ||
485 | gcry_mpi_add (sum, sum, elem); | ||
486 | } | ||
487 | gcry_mpi_release (elem); | ||
488 | return sum; | ||
489 | } | ||
490 | |||
491 | |||
492 | /** | ||
493 | * Computes the square sum over a vector of a given length. | ||
494 | * | ||
495 | * @param vector the vector to compute over | ||
496 | * @param length the length of the vector | ||
497 | * @return an MPI value containing the calculated sum, never NULL | ||
498 | */ | ||
499 | static gcry_mpi_t | ||
500 | compute_square_sum (const gcry_mpi_t *vector, | ||
501 | uint32_t length) | ||
502 | { | ||
503 | gcry_mpi_t elem; | ||
504 | gcry_mpi_t sum; | ||
505 | uint32_t i; | ||
506 | |||
507 | GNUNET_assert (NULL != (sum = gcry_mpi_new (0))); | ||
508 | GNUNET_assert (NULL != (elem = gcry_mpi_new (0))); | ||
509 | for (i = 0; i < length; i++) | ||
510 | { | ||
511 | gcry_mpi_mul (elem, vector[i], vector[i]); | ||
512 | gcry_mpi_add (sum, sum, elem); | ||
513 | } | ||
514 | gcry_mpi_release (elem); | ||
515 | return sum; | ||
516 | } | ||
517 | |||
518 | |||
519 | /** | ||
520 | * Compute our scalar product, done by Alice | 442 | * Compute our scalar product, done by Alice |
521 | * | 443 | * |
522 | * @param session the session associated with this computation | 444 | * @param session the session associated with this computation |
445 | * @param prod_g_i_b_i value from Bob | ||
446 | * @param prod_h_i_b_i value from Bob | ||
523 | * @return product as MPI, never NULL | 447 | * @return product as MPI, never NULL |
524 | */ | 448 | */ |
525 | static gcry_mpi_t | 449 | static gcry_mpi_t |
526 | compute_scalar_product (struct AliceServiceSession *session) | 450 | compute_scalar_product (struct AliceServiceSession *session, |
451 | gcry_mpi_point_t prod_g_i_b_i, | ||
452 | gcry_mpi_point_t prod_h_i_b_i) | ||
527 | { | 453 | { |
528 | uint32_t count; | 454 | gcry_mpi_point_t g_i_b_i_a_inv; |
529 | gcry_mpi_t t; | 455 | gcry_mpi_point_t g_ai_bi; |
530 | gcry_mpi_t u; | 456 | int ai_bi; |
531 | gcry_mpi_t u_prime; | 457 | gcry_mpi_t ret; |
532 | gcry_mpi_t p; | 458 | |
533 | gcry_mpi_t p_prime; | 459 | g_i_b_i_a_inv = GNUNET_CRYPTO_ecc_pmul_mpi (edc, |
534 | gcry_mpi_t tmp; | 460 | prod_g_i_b_i, |
535 | gcry_mpi_t r[session->used_element_count]; | 461 | my_privkey_inv); |
536 | gcry_mpi_t r_prime[session->used_element_count]; | 462 | g_ai_bi = GNUNET_CRYPTO_ecc_add (edc, |
537 | gcry_mpi_t s; | 463 | g_i_b_i_a_inv, |
538 | gcry_mpi_t s_prime; | 464 | prod_h_i_b_i); |
539 | unsigned int i; | 465 | gcry_mpi_point_release (g_i_b_i_a_inv); |
540 | 466 | ai_bi = GNUNET_CRYPTO_ecc_dlog (edc, | |
541 | count = session->used_element_count; | 467 | g_ai_bi); |
542 | // due to the introduced static offset S, we now also have to remove this | 468 | gcry_mpi_point_release (g_ai_bi); |
543 | // from the E(a_pi)(+)E(-b_pi-r_pi) and E(a_qi)(+)E(-r_qi) twice each, | 469 | if (MAX_RESULT == ai_bi) |
544 | // the result is E((S + a_pi) + (S -b_pi-r_pi)) and E(S + a_qi + S - r_qi) | ||
545 | for (i = 0; i < count; i++) | ||
546 | { | 470 | { |
547 | r[i] = gcry_mpi_new (0); | 471 | /* result too big */ |
548 | GNUNET_CRYPTO_paillier_decrypt (&my_privkey, | 472 | return NULL; |
549 | &my_pubkey, | ||
550 | &session->r[i], | ||
551 | r[i]); | ||
552 | gcry_mpi_sub (r[i], | ||
553 | r[i], | ||
554 | my_offset); | ||
555 | gcry_mpi_sub (r[i], | ||
556 | r[i], | ||
557 | my_offset); | ||
558 | r_prime[i] = gcry_mpi_new (0); | ||
559 | GNUNET_CRYPTO_paillier_decrypt (&my_privkey, | ||
560 | &my_pubkey, | ||
561 | &session->r_prime[i], | ||
562 | r_prime[i]); | ||
563 | gcry_mpi_sub (r_prime[i], | ||
564 | r_prime[i], | ||
565 | my_offset); | ||
566 | gcry_mpi_sub (r_prime[i], | ||
567 | r_prime[i], | ||
568 | my_offset); | ||
569 | } | 473 | } |
570 | 474 | ret = gcry_mpi_new (0); | |
571 | // calculate t = sum(ai) | 475 | gcry_mpi_set_ui (ret, ai_bi); |
572 | t = compute_square_sum_mpi_elements (session->sorted_elements, | 476 | return ret; |
573 | count); | ||
574 | // calculate U | ||
575 | u = gcry_mpi_new (0); | ||
576 | tmp = compute_square_sum (r, count); | ||
577 | gcry_mpi_sub (u, u, tmp); | ||
578 | gcry_mpi_release (tmp); | ||
579 | |||
580 | //calculate U' | ||
581 | u_prime = gcry_mpi_new (0); | ||
582 | tmp = compute_square_sum (r_prime, count); | ||
583 | gcry_mpi_sub (u_prime, u_prime, tmp); | ||
584 | |||
585 | GNUNET_assert (p = gcry_mpi_new (0)); | ||
586 | GNUNET_assert (p_prime = gcry_mpi_new (0)); | ||
587 | GNUNET_assert (s = gcry_mpi_new (0)); | ||
588 | GNUNET_assert (s_prime = gcry_mpi_new (0)); | ||
589 | |||
590 | // compute P | ||
591 | GNUNET_CRYPTO_paillier_decrypt (&my_privkey, | ||
592 | &my_pubkey, | ||
593 | &session->s, | ||
594 | s); | ||
595 | GNUNET_CRYPTO_paillier_decrypt (&my_privkey, | ||
596 | &my_pubkey, | ||
597 | &session->s_prime, | ||
598 | s_prime); | ||
599 | |||
600 | // compute P | ||
601 | gcry_mpi_add (p, s, t); | ||
602 | gcry_mpi_add (p, p, u); | ||
603 | |||
604 | // compute P' | ||
605 | gcry_mpi_add (p_prime, s_prime, t); | ||
606 | gcry_mpi_add (p_prime, p_prime, u_prime); | ||
607 | |||
608 | gcry_mpi_release (t); | ||
609 | gcry_mpi_release (u); | ||
610 | gcry_mpi_release (u_prime); | ||
611 | gcry_mpi_release (s); | ||
612 | gcry_mpi_release (s_prime); | ||
613 | |||
614 | // compute product | ||
615 | gcry_mpi_sub (p, p, p_prime); | ||
616 | gcry_mpi_release (p_prime); | ||
617 | tmp = gcry_mpi_set_ui (tmp, 2); | ||
618 | gcry_mpi_div (p, NULL, p, tmp, 0); | ||
619 | |||
620 | gcry_mpi_release (tmp); | ||
621 | for (i = 0; i < count; i++) | ||
622 | { | ||
623 | gcry_mpi_release (session->sorted_elements[i].value); | ||
624 | gcry_mpi_release (r[i]); | ||
625 | gcry_mpi_release (r_prime[i]); | ||
626 | } | ||
627 | GNUNET_free (session->sorted_elements); | ||
628 | session->sorted_elements = NULL; | ||
629 | GNUNET_free (session->r); | ||
630 | session->r = NULL; | ||
631 | GNUNET_free (session->r_prime); | ||
632 | session->r_prime = NULL; | ||
633 | |||
634 | return p; | ||
635 | } | ||
636 | |||
637 | |||
638 | /** | ||
639 | * Handle a multipart chunk of a response we got from another service | ||
640 | * we wanted to calculate a scalarproduct with. | ||
641 | * | ||
642 | * @param cls closure (set from #GNUNET_CADET_connect) | ||
643 | * @param channel connection to the other end | ||
644 | * @param channel_ctx place to store local state associated with the @a channel | ||
645 | * @param message the actual message | ||
646 | * @return #GNUNET_OK to keep the connection open, | ||
647 | * #GNUNET_SYSERR to close it (signal serious error) | ||
648 | */ | ||
649 | static int | ||
650 | handle_bobs_cryptodata_multipart (void *cls, | ||
651 | struct GNUNET_CADET_Channel *channel, | ||
652 | void **channel_ctx, | ||
653 | const struct GNUNET_MessageHeader *message) | ||
654 | { | ||
655 | struct AliceServiceSession *s = *channel_ctx; | ||
656 | const struct BobCryptodataMultipartMessage *msg; | ||
657 | const struct GNUNET_CRYPTO_PaillierCiphertext *payload; | ||
658 | size_t i; | ||
659 | uint32_t contained; | ||
660 | size_t msg_size; | ||
661 | size_t required_size; | ||
662 | |||
663 | if (NULL == s) | ||
664 | { | ||
665 | GNUNET_break_op (0); | ||
666 | return GNUNET_SYSERR; | ||
667 | } | ||
668 | msg_size = ntohs (message->size); | ||
669 | if (sizeof (struct BobCryptodataMultipartMessage) > msg_size) | ||
670 | { | ||
671 | GNUNET_break_op (0); | ||
672 | return GNUNET_SYSERR; | ||
673 | } | ||
674 | msg = (const struct BobCryptodataMultipartMessage *) message; | ||
675 | contained = ntohl (msg->contained_element_count); | ||
676 | required_size = sizeof (struct BobCryptodataMultipartMessage) | ||
677 | + 2 * contained * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext); | ||
678 | if ( (required_size != msg_size) || | ||
679 | (s->cadet_received_element_count + contained > s->used_element_count) ) | ||
680 | { | ||
681 | GNUNET_break (0); | ||
682 | return GNUNET_SYSERR; | ||
683 | } | ||
684 | |||
685 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
686 | "Received %u additional crypto values from Bob\n", | ||
687 | (unsigned int) contained); | ||
688 | |||
689 | payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1]; | ||
690 | /* Convert each k[][perm] to its MPI_value */ | ||
691 | for (i = 0; i < contained; i++) | ||
692 | { | ||
693 | memcpy (&s->r[s->cadet_received_element_count + i], | ||
694 | &payload[2 * i], | ||
695 | sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
696 | memcpy (&s->r_prime[s->cadet_received_element_count + i], | ||
697 | &payload[2 * i], | ||
698 | sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
699 | } | ||
700 | s->cadet_received_element_count += contained; | ||
701 | GNUNET_CADET_receive_done (s->channel); | ||
702 | if (s->cadet_received_element_count != s->used_element_count) | ||
703 | return GNUNET_OK; | ||
704 | |||
705 | s->product = compute_scalar_product (s); | ||
706 | transmit_client_response (s); | ||
707 | return GNUNET_OK; | ||
708 | } | 477 | } |
709 | 478 | ||
710 | 479 | ||
@@ -726,12 +495,11 @@ handle_bobs_cryptodata_message (void *cls, | |||
726 | const struct GNUNET_MessageHeader *message) | 495 | const struct GNUNET_MessageHeader *message) |
727 | { | 496 | { |
728 | struct AliceServiceSession *s = *channel_ctx; | 497 | struct AliceServiceSession *s = *channel_ctx; |
729 | const struct BobCryptodataMessage *msg; | 498 | const struct EccBobCryptodataMessage *msg; |
730 | const struct GNUNET_CRYPTO_PaillierCiphertext *payload; | ||
731 | uint32_t i; | ||
732 | uint32_t contained; | 499 | uint32_t contained; |
733 | uint16_t msg_size; | 500 | uint16_t msg_size; |
734 | size_t required_size; | 501 | gcry_mpi_point_t prod_g_i_b_i; |
502 | gcry_mpi_point_t prod_h_i_b_i; | ||
735 | 503 | ||
736 | if (NULL == s) | 504 | if (NULL == s) |
737 | { | 505 | { |
@@ -739,19 +507,14 @@ handle_bobs_cryptodata_message (void *cls, | |||
739 | return GNUNET_SYSERR; | 507 | return GNUNET_SYSERR; |
740 | } | 508 | } |
741 | msg_size = ntohs (message->size); | 509 | msg_size = ntohs (message->size); |
742 | if (sizeof (struct BobCryptodataMessage) > msg_size) | 510 | if (sizeof (struct EccBobCryptodataMessage) > msg_size) |
743 | { | 511 | { |
744 | GNUNET_break_op (0); | 512 | GNUNET_break_op (0); |
745 | return GNUNET_SYSERR; | 513 | return GNUNET_SYSERR; |
746 | } | 514 | } |
747 | msg = (const struct BobCryptodataMessage *) message; | 515 | msg = (const struct EccBobCryptodataMessage *) message; |
748 | contained = ntohl (msg->contained_element_count); | 516 | contained = ntohl (msg->contained_element_count); |
749 | required_size = sizeof (struct BobCryptodataMessage) | 517 | if (2 != contained) |
750 | + 2 * contained * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) | ||
751 | + 2 * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext); | ||
752 | if ( (msg_size != required_size) || | ||
753 | (contained > UINT16_MAX) || | ||
754 | (s->used_element_count < contained) ) | ||
755 | { | 518 | { |
756 | GNUNET_break_op (0); | 519 | GNUNET_break_op (0); |
757 | return GNUNET_SYSERR; | 520 | return GNUNET_SYSERR; |
@@ -771,37 +534,16 @@ handle_bobs_cryptodata_message (void *cls, | |||
771 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 534 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
772 | "Received %u crypto values from Bob\n", | 535 | "Received %u crypto values from Bob\n", |
773 | (unsigned int) contained); | 536 | (unsigned int) contained); |
774 | |||
775 | payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1]; | ||
776 | memcpy (&s->s, | ||
777 | &payload[0], | ||
778 | sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
779 | memcpy (&s->s_prime, | ||
780 | &payload[1], | ||
781 | sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
782 | payload = &payload[2]; | ||
783 | |||
784 | s->r = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * s->used_element_count); | ||
785 | s->r_prime = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * s->used_element_count); | ||
786 | for (i = 0; i < contained; i++) | ||
787 | { | ||
788 | memcpy (&s->r[i], | ||
789 | &payload[2 * i], | ||
790 | sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
791 | memcpy (&s->r_prime[i], | ||
792 | &payload[2 * i + 1], | ||
793 | sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
794 | } | ||
795 | s->cadet_received_element_count = contained; | ||
796 | GNUNET_CADET_receive_done (s->channel); | 537 | GNUNET_CADET_receive_done (s->channel); |
797 | 538 | prod_g_i_b_i = GNUNET_CRYPTO_ecc_bin_to_point (edc, | |
798 | if (s->cadet_received_element_count != s->used_element_count) | 539 | &msg->prod_g_i_b_i); |
799 | { | 540 | prod_h_i_b_i = GNUNET_CRYPTO_ecc_bin_to_point (edc, |
800 | /* More to come */ | 541 | &msg->prod_h_i_b_i); |
801 | return GNUNET_OK; | 542 | s->product = compute_scalar_product (s, |
802 | } | 543 | prod_g_i_b_i, |
803 | 544 | prod_h_i_b_i); | |
804 | s->product = compute_scalar_product (s); | 545 | gcry_mpi_point_release (prod_g_i_b_i); |
546 | gcry_mpi_point_release (prod_h_i_b_i); | ||
805 | transmit_client_response (s); | 547 | transmit_client_response (s); |
806 | return GNUNET_OK; | 548 | return GNUNET_OK; |
807 | } | 549 | } |
@@ -832,6 +574,8 @@ copy_element_cb (void *cls, | |||
832 | else | 574 | else |
833 | gcry_mpi_add_ui (mval, mval, val); | 575 | gcry_mpi_add_ui (mval, mval, val); |
834 | s->sorted_elements [s->used_element_count].value = mval; | 576 | s->sorted_elements [s->used_element_count].value = mval; |
577 | s->sorted_elements [s->used_element_count].r_i | ||
578 | = GNUNET_CRYPTO_ecc_random_mod_n (edc); | ||
835 | s->sorted_elements [s->used_element_count].key = &e->key; | 579 | s->sorted_elements [s->used_element_count].key = &e->key; |
836 | s->used_element_count++; | 580 | s->used_element_count++; |
837 | return GNUNET_OK; | 581 | return GNUNET_OK; |
@@ -861,7 +605,7 @@ element_cmp (const void *a, | |||
861 | * Maximum number of elements we can put into a single cryptodata | 605 | * Maximum number of elements we can put into a single cryptodata |
862 | * message | 606 | * message |
863 | */ | 607 | */ |
864 | #define ELEMENT_CAPACITY ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct AliceCryptodataMessage)) / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)) | 608 | #define ELEMENT_CAPACITY ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct EccAliceCryptodataMessage)) / sizeof (struct GNUNET_CRYPTO_EccPoint)) |
865 | 609 | ||
866 | 610 | ||
867 | /** | 611 | /** |
@@ -873,13 +617,16 @@ element_cmp (const void *a, | |||
873 | static void | 617 | static void |
874 | send_alices_cryptodata_message (struct AliceServiceSession *s) | 618 | send_alices_cryptodata_message (struct AliceServiceSession *s) |
875 | { | 619 | { |
876 | struct AliceCryptodataMessage *msg; | 620 | struct EccAliceCryptodataMessage *msg; |
877 | struct GNUNET_MQ_Envelope *e; | 621 | struct GNUNET_MQ_Envelope *e; |
878 | struct GNUNET_CRYPTO_PaillierCiphertext *payload; | 622 | struct GNUNET_CRYPTO_EccPoint *payload; |
623 | gcry_mpi_point_t g_i; | ||
624 | gcry_mpi_point_t h_i; | ||
625 | gcry_mpi_t r_ia; | ||
626 | gcry_mpi_t r_ia_ai; | ||
879 | unsigned int i; | 627 | unsigned int i; |
880 | uint32_t todo_count; | 628 | unsigned int off; |
881 | gcry_mpi_t a; | 629 | unsigned int todo_count; |
882 | uint32_t off; | ||
883 | 630 | ||
884 | s->sorted_elements | 631 | s->sorted_elements |
885 | = GNUNET_malloc (GNUNET_CONTAINER_multihashmap_size (s->intersected_elements) * | 632 | = GNUNET_malloc (GNUNET_CONTAINER_multihashmap_size (s->intersected_elements) * |
@@ -907,23 +654,37 @@ send_alices_cryptodata_message (struct AliceServiceSession *s) | |||
907 | (unsigned int) s->used_element_count); | 654 | (unsigned int) s->used_element_count); |
908 | 655 | ||
909 | e = GNUNET_MQ_msg_extra (msg, | 656 | e = GNUNET_MQ_msg_extra (msg, |
910 | todo_count * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext), | 657 | todo_count * 2 * sizeof (struct GNUNET_CRYPTO_EccPoint), |
911 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_CRYPTODATA); | 658 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ECC_ALICE_CRYPTODATA); |
912 | msg->contained_element_count = htonl (todo_count); | 659 | msg->contained_element_count = htonl (todo_count); |
913 | payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1]; | 660 | payload = (struct GNUNET_CRYPTO_EccPoint *) &msg[1]; |
914 | a = gcry_mpi_new (0); | 661 | r_ia = gcry_mpi_new (0); |
662 | r_ia_ai = gcry_mpi_new (0); | ||
915 | for (i = off; i < off + todo_count; i++) | 663 | for (i = off; i < off + todo_count; i++) |
916 | { | 664 | { |
917 | gcry_mpi_add (a, | 665 | g_i = GNUNET_CRYPTO_ecc_dexp_mpi (edc, |
666 | s->sorted_elements [i].r_i); | ||
667 | /* r_ia = r_i * a */ | ||
668 | gcry_mpi_mul (s->sorted_elements[i].r_i, | ||
669 | my_privkey, | ||
670 | r_ia); | ||
671 | /* r_ia_ai = r_ia + a_i */ | ||
672 | gcry_mpi_add (r_ia_ai, | ||
918 | s->sorted_elements[i].value, | 673 | s->sorted_elements[i].value, |
919 | my_offset); | 674 | r_ia); |
920 | GNUNET_assert (3 == | 675 | h_i = GNUNET_CRYPTO_ecc_dexp_mpi (edc, |
921 | GNUNET_CRYPTO_paillier_encrypt (&my_pubkey, | 676 | r_ia_ai); |
922 | a, | 677 | GNUNET_CRYPTO_ecc_point_to_bin (edc, |
923 | 3, | 678 | g_i, |
924 | &payload[i - off])); | 679 | &payload[(i - off) * 2]); |
680 | GNUNET_CRYPTO_ecc_point_to_bin (edc, | ||
681 | h_i, | ||
682 | &payload[(i - off) * 2 + 1]); | ||
683 | gcry_mpi_point_release (g_i); | ||
684 | gcry_mpi_point_release (h_i); | ||
925 | } | 685 | } |
926 | gcry_mpi_release (a); | 686 | gcry_mpi_release (r_ia); |
687 | gcry_mpi_release (r_ia_ai); | ||
927 | off += todo_count; | 688 | off += todo_count; |
928 | GNUNET_MQ_send (s->cadet_mq, | 689 | GNUNET_MQ_send (s->cadet_mq, |
929 | e); | 690 | e); |
@@ -1069,7 +830,7 @@ cb_intersection_request_alice (void *cls, | |||
1069 | static void | 830 | static void |
1070 | client_request_complete_alice (struct AliceServiceSession *s) | 831 | client_request_complete_alice (struct AliceServiceSession *s) |
1071 | { | 832 | { |
1072 | struct ServiceRequestMessage *msg; | 833 | struct EccServiceRequestMessage *msg; |
1073 | struct GNUNET_MQ_Envelope *e; | 834 | struct GNUNET_MQ_Envelope *e; |
1074 | 835 | ||
1075 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 836 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -1079,7 +840,7 @@ client_request_complete_alice (struct AliceServiceSession *s) | |||
1079 | = GNUNET_CADET_channel_create (my_cadet, | 840 | = GNUNET_CADET_channel_create (my_cadet, |
1080 | s, | 841 | s, |
1081 | &s->peer, | 842 | &s->peer, |
1082 | GNUNET_APPLICATION_TYPE_SCALARPRODUCT, | 843 | GNUNET_APPLICATION_TYPE_SCALARPRODUCT_ECC, |
1083 | GNUNET_CADET_OPTION_RELIABLE); | 844 | GNUNET_CADET_OPTION_RELIABLE); |
1084 | if (NULL == s->channel) | 845 | if (NULL == s->channel) |
1085 | { | 846 | { |
@@ -1104,9 +865,8 @@ client_request_complete_alice (struct AliceServiceSession *s) | |||
1104 | } | 865 | } |
1105 | 866 | ||
1106 | e = GNUNET_MQ_msg (msg, | 867 | e = GNUNET_MQ_msg (msg, |
1107 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SESSION_INITIALIZATION); | 868 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ECC_SESSION_INITIALIZATION); |
1108 | msg->session_id = s->session_id; | 869 | msg->session_id = s->session_id; |
1109 | msg->public_key = my_pubkey; | ||
1110 | GNUNET_MQ_send (s->cadet_mq, | 870 | GNUNET_MQ_send (s->cadet_mq, |
1111 | e); | 871 | e); |
1112 | } | 872 | } |
@@ -1327,6 +1087,11 @@ shutdown_task (void *cls, | |||
1327 | GNUNET_CADET_disconnect (my_cadet); | 1087 | GNUNET_CADET_disconnect (my_cadet); |
1328 | my_cadet = NULL; | 1088 | my_cadet = NULL; |
1329 | } | 1089 | } |
1090 | if (NULL != edc) | ||
1091 | { | ||
1092 | GNUNET_CRYPTO_ecc_dlog_release (edc); | ||
1093 | edc = NULL; | ||
1094 | } | ||
1330 | } | 1095 | } |
1331 | 1096 | ||
1332 | 1097 | ||
@@ -1375,10 +1140,7 @@ run (void *cls, | |||
1375 | { | 1140 | { |
1376 | static const struct GNUNET_CADET_MessageHandler cadet_handlers[] = { | 1141 | static const struct GNUNET_CADET_MessageHandler cadet_handlers[] = { |
1377 | { &handle_bobs_cryptodata_message, | 1142 | { &handle_bobs_cryptodata_message, |
1378 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA, | 1143 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ECC_BOB_CRYPTODATA, |
1379 | 0}, | ||
1380 | { &handle_bobs_cryptodata_multipart, | ||
1381 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA_MULTIPART, | ||
1382 | 0}, | 1144 | 0}, |
1383 | { NULL, 0, 0} | 1145 | { NULL, 0, 0} |
1384 | }; | 1146 | }; |
@@ -1393,16 +1155,12 @@ run (void *cls, | |||
1393 | }; | 1155 | }; |
1394 | 1156 | ||
1395 | cfg = c; | 1157 | cfg = c; |
1396 | /* | 1158 | edc = GNUNET_CRYPTO_ecc_dlog_prepare (MAX_RESULT /* max value */, |
1397 | offset has to be sufficiently small to allow computation of: | 1159 | 1024 /* RAM */); |
1398 | m1+m2 mod n == (S + a) + (S + b) mod n, | 1160 | /* Select a random 'a' value for Alice */ |
1399 | if we have more complex operations, this factor needs to be lowered */ | 1161 | GNUNET_CRYPTO_ecc_rnd_mpi (edc, |
1400 | my_offset = gcry_mpi_new (GNUNET_CRYPTO_PAILLIER_BITS / 3); | 1162 | &my_privkey, |
1401 | gcry_mpi_set_bit (my_offset, | 1163 | &my_privkey_inv); |
1402 | GNUNET_CRYPTO_PAILLIER_BITS / 3); | ||
1403 | |||
1404 | GNUNET_CRYPTO_paillier_create (&my_pubkey, | ||
1405 | &my_privkey); | ||
1406 | GNUNET_SERVER_add_handlers (server, | 1164 | GNUNET_SERVER_add_handlers (server, |
1407 | server_handlers); | 1165 | server_handlers); |
1408 | GNUNET_SERVER_disconnect_notify (server, | 1166 | GNUNET_SERVER_disconnect_notify (server, |
@@ -1445,4 +1203,4 @@ main (int argc, | |||
1445 | &run, NULL)) ? 0 : 1; | 1203 | &run, NULL)) ? 0 : 1; |
1446 | } | 1204 | } |
1447 | 1205 | ||
1448 | /* end of gnunet-service-scalarproduct_alice.c */ | 1206 | /* end of gnunet-service-scalarproduct-ecc_alice.c */ |