diff options
author | ng0 <ng0@n0.is> | 2019-09-08 12:33:09 +0000 |
---|---|---|
committer | ng0 <ng0@n0.is> | 2019-09-08 12:33:09 +0000 |
commit | d41ed82a4ea0cc8e1674b6d5d2c49fd6462610bb (patch) | |
tree | 9efd18ea7d425652085ed0bd5e8e45604bc5f6b9 /src/secretsharing/gnunet-service-secretsharing.c | |
parent | a0fce305c565c0937d917a92712f15e9c5736260 (diff) | |
download | gnunet-d41ed82a4ea0cc8e1674b6d5d2c49fd6462610bb.tar.gz gnunet-d41ed82a4ea0cc8e1674b6d5d2c49fd6462610bb.zip |
uncrustify as demanded.
Diffstat (limited to 'src/secretsharing/gnunet-service-secretsharing.c')
-rw-r--r-- | src/secretsharing/gnunet-service-secretsharing.c | 2096 |
1 files changed, 1046 insertions, 1050 deletions
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c index d136c5a68..828ff04af 100644 --- a/src/secretsharing/gnunet-service-secretsharing.c +++ b/src/secretsharing/gnunet-service-secretsharing.c | |||
@@ -16,7 +16,7 @@ | |||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | 16 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
17 | 17 | ||
18 | SPDX-License-Identifier: AGPL3.0-or-later | 18 | SPDX-License-Identifier: AGPL3.0-or-later |
19 | */ | 19 | */ |
20 | 20 | ||
21 | /** | 21 | /** |
22 | * @file secretsharing/gnunet-service-secretsharing.c | 22 | * @file secretsharing/gnunet-service-secretsharing.c |
@@ -39,8 +39,7 @@ | |||
39 | /** | 39 | /** |
40 | * Info about a peer in a key generation session. | 40 | * Info about a peer in a key generation session. |
41 | */ | 41 | */ |
42 | struct KeygenPeerInfo | 42 | struct KeygenPeerInfo { |
43 | { | ||
44 | /** | 43 | /** |
45 | * Peer identity of the peer. | 44 | * Peer identity of the peer. |
46 | */ | 45 | */ |
@@ -85,8 +84,7 @@ struct KeygenPeerInfo | |||
85 | /** | 84 | /** |
86 | * Information about a peer in a decrypt session. | 85 | * Information about a peer in a decrypt session. |
87 | */ | 86 | */ |
88 | struct DecryptPeerInfo | 87 | struct DecryptPeerInfo { |
89 | { | ||
90 | /** | 88 | /** |
91 | * Identity of the peer. | 89 | * Identity of the peer. |
92 | */ | 90 | */ |
@@ -117,9 +115,7 @@ struct ClientState; | |||
117 | /** | 115 | /** |
118 | * Session to establish a threshold-shared secret. | 116 | * Session to establish a threshold-shared secret. |
119 | */ | 117 | */ |
120 | struct KeygenSession | 118 | struct KeygenSession { |
121 | { | ||
122 | |||
123 | /** | 119 | /** |
124 | * Current consensus, used for both DKG rounds. | 120 | * Current consensus, used for both DKG rounds. |
125 | */ | 121 | */ |
@@ -212,9 +208,7 @@ struct KeygenSession | |||
212 | /** | 208 | /** |
213 | * Session to cooperatively decrypt a value. | 209 | * Session to cooperatively decrypt a value. |
214 | */ | 210 | */ |
215 | struct DecryptSession | 211 | struct DecryptSession { |
216 | { | ||
217 | |||
218 | /** | 212 | /** |
219 | * Handle to the consensus over partial decryptions. | 213 | * Handle to the consensus over partial decryptions. |
220 | */ | 214 | */ |
@@ -258,8 +252,7 @@ struct DecryptSession | |||
258 | /** | 252 | /** |
259 | * State we keep per client. | 253 | * State we keep per client. |
260 | */ | 254 | */ |
261 | struct ClientState | 255 | struct ClientState { |
262 | { | ||
263 | /** | 256 | /** |
264 | * Decrypt session of the client, if any. | 257 | * Decrypt session of the client, if any. |
265 | */ | 258 | */ |
@@ -279,7 +272,6 @@ struct ClientState | |||
279 | * MQ to talk to @a client. | 272 | * MQ to talk to @a client. |
280 | */ | 273 | */ |
281 | struct GNUNET_MQ_Handle *mq; | 274 | struct GNUNET_MQ_Handle *mq; |
282 | |||
283 | }; | 275 | }; |
284 | 276 | ||
285 | 277 | ||
@@ -325,12 +317,13 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg; | |||
325 | * @return The Keygen peer info, or NULL if the peer could not be found. | 317 | * @return The Keygen peer info, or NULL if the peer could not be found. |
326 | */ | 318 | */ |
327 | static struct KeygenPeerInfo * | 319 | static struct KeygenPeerInfo * |
328 | get_keygen_peer_info (const struct KeygenSession *ks, | 320 | get_keygen_peer_info(const struct KeygenSession *ks, |
329 | const struct GNUNET_PeerIdentity *peer) | 321 | const struct GNUNET_PeerIdentity *peer) |
330 | { | 322 | { |
331 | unsigned int i; | 323 | unsigned int i; |
324 | |||
332 | for (i = 0; i < ks->num_peers; i++) | 325 | for (i = 0; i < ks->num_peers; i++) |
333 | if (0 == GNUNET_memcmp (peer, &ks->info[i].peer)) | 326 | if (0 == GNUNET_memcmp(peer, &ks->info[i].peer)) |
334 | return &ks->info[i]; | 327 | return &ks->info[i]; |
335 | return NULL; | 328 | return NULL; |
336 | } | 329 | } |
@@ -344,12 +337,13 @@ get_keygen_peer_info (const struct KeygenSession *ks, | |||
344 | * @return The decrypt peer info, or NULL if the peer could not be found. | 337 | * @return The decrypt peer info, or NULL if the peer could not be found. |
345 | */ | 338 | */ |
346 | static struct DecryptPeerInfo * | 339 | static struct DecryptPeerInfo * |
347 | get_decrypt_peer_info (const struct DecryptSession *ds, | 340 | get_decrypt_peer_info(const struct DecryptSession *ds, |
348 | const struct GNUNET_PeerIdentity *peer) | 341 | const struct GNUNET_PeerIdentity *peer) |
349 | { | 342 | { |
350 | unsigned int i; | 343 | unsigned int i; |
344 | |||
351 | for (i = 0; i < ds->share->num_peers; i++) | 345 | for (i = 0; i < ds->share->num_peers; i++) |
352 | if (0 == GNUNET_memcmp (peer, &ds->info[i].peer)) | 346 | if (0 == GNUNET_memcmp(peer, &ds->info[i].peer)) |
353 | return &ds->info[i]; | 347 | return &ds->info[i]; |
354 | return NULL; | 348 | return NULL; |
355 | } | 349 | } |
@@ -364,14 +358,14 @@ get_decrypt_peer_info (const struct DecryptSession *ds, | |||
364 | * @param denum denumerator of the scale factor | 358 | * @param denum denumerator of the scale factor |
365 | */ | 359 | */ |
366 | static struct GNUNET_TIME_Absolute | 360 | static struct GNUNET_TIME_Absolute |
367 | time_between (struct GNUNET_TIME_Absolute start, | 361 | time_between(struct GNUNET_TIME_Absolute start, |
368 | struct GNUNET_TIME_Absolute end, | 362 | struct GNUNET_TIME_Absolute end, |
369 | int num, int denum) | 363 | int num, int denum) |
370 | { | 364 | { |
371 | struct GNUNET_TIME_Absolute result; | 365 | struct GNUNET_TIME_Absolute result; |
372 | uint64_t diff; | 366 | uint64_t diff; |
373 | 367 | ||
374 | GNUNET_assert (start.abs_value_us <= end.abs_value_us); | 368 | GNUNET_assert(start.abs_value_us <= end.abs_value_us); |
375 | diff = end.abs_value_us - start.abs_value_us; | 369 | diff = end.abs_value_us - start.abs_value_us; |
376 | result.abs_value_us = start.abs_value_us + ((diff * num) / denum); | 370 | result.abs_value_us = start.abs_value_us + ((diff * num) / denum); |
377 | 371 | ||
@@ -387,11 +381,11 @@ time_between (struct GNUNET_TIME_Absolute start, | |||
387 | * @return 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2. | 381 | * @return 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2. |
388 | */ | 382 | */ |
389 | static int | 383 | static int |
390 | peer_id_cmp (const void *p1, const void *p2) | 384 | peer_id_cmp(const void *p1, const void *p2) |
391 | { | 385 | { |
392 | return memcmp (p1, | 386 | return memcmp(p1, |
393 | p2, | 387 | p2, |
394 | sizeof (struct GNUNET_PeerIdentity)); | 388 | sizeof(struct GNUNET_PeerIdentity)); |
395 | } | 389 | } |
396 | 390 | ||
397 | 391 | ||
@@ -405,14 +399,14 @@ peer_id_cmp (const void *p1, const void *p2) | |||
405 | * is not in the list. | 399 | * is not in the list. |
406 | */ | 400 | */ |
407 | static int | 401 | static int |
408 | peer_find (const struct GNUNET_PeerIdentity *haystack, unsigned int n, | 402 | peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n, |
409 | const struct GNUNET_PeerIdentity *needle) | 403 | const struct GNUNET_PeerIdentity *needle) |
410 | { | 404 | { |
411 | unsigned int i; | 405 | unsigned int i; |
412 | 406 | ||
413 | for (i = 0; i < n; i++) | 407 | for (i = 0; i < n; i++) |
414 | if (0 == GNUNET_memcmp (&haystack[i], | 408 | if (0 == GNUNET_memcmp(&haystack[i], |
415 | needle)) | 409 | needle)) |
416 | return i; | 410 | return i; |
417 | return -1; | 411 | return -1; |
418 | } | 412 | } |
@@ -429,10 +423,10 @@ peer_find (const struct GNUNET_PeerIdentity *haystack, unsigned int n, | |||
429 | * @return Normalized list, must be free'd by the caller. | 423 | * @return Normalized list, must be free'd by the caller. |
430 | */ | 424 | */ |
431 | static struct GNUNET_PeerIdentity * | 425 | static struct GNUNET_PeerIdentity * |
432 | normalize_peers (struct GNUNET_PeerIdentity *listed, | 426 | normalize_peers(struct GNUNET_PeerIdentity *listed, |
433 | unsigned int num_listed, | 427 | unsigned int num_listed, |
434 | unsigned int *num_normalized, | 428 | unsigned int *num_normalized, |
435 | unsigned int *my_peer_idx) | 429 | unsigned int *my_peer_idx) |
436 | { | 430 | { |
437 | unsigned int local_peer_in_list; | 431 | unsigned int local_peer_in_list; |
438 | /* number of peers in the normalized list */ | 432 | /* number of peers in the normalized list */ |
@@ -441,28 +435,28 @@ normalize_peers (struct GNUNET_PeerIdentity *listed, | |||
441 | 435 | ||
442 | local_peer_in_list = GNUNET_YES; | 436 | local_peer_in_list = GNUNET_YES; |
443 | n = num_listed; | 437 | n = num_listed; |
444 | if (peer_find (listed, num_listed, &my_peer) < 0) | 438 | if (peer_find(listed, num_listed, &my_peer) < 0) |
445 | { | 439 | { |
446 | local_peer_in_list = GNUNET_NO; | 440 | local_peer_in_list = GNUNET_NO; |
447 | n += 1; | 441 | n += 1; |
448 | } | 442 | } |
449 | 443 | ||
450 | normalized = GNUNET_new_array (n, | 444 | normalized = GNUNET_new_array(n, |
451 | struct GNUNET_PeerIdentity); | 445 | struct GNUNET_PeerIdentity); |
452 | 446 | ||
453 | if (GNUNET_NO == local_peer_in_list) | 447 | if (GNUNET_NO == local_peer_in_list) |
454 | normalized[n - 1] = my_peer; | 448 | normalized[n - 1] = my_peer; |
455 | 449 | ||
456 | GNUNET_memcpy (normalized, | 450 | GNUNET_memcpy(normalized, |
457 | listed, | 451 | listed, |
458 | num_listed * sizeof (struct GNUNET_PeerIdentity)); | 452 | num_listed * sizeof(struct GNUNET_PeerIdentity)); |
459 | qsort (normalized, | 453 | qsort(normalized, |
460 | n, | 454 | n, |
461 | sizeof (struct GNUNET_PeerIdentity), | 455 | sizeof(struct GNUNET_PeerIdentity), |
462 | &peer_id_cmp); | 456 | &peer_id_cmp); |
463 | 457 | ||
464 | if (NULL != my_peer_idx) | 458 | if (NULL != my_peer_idx) |
465 | *my_peer_idx = peer_find (normalized, n, &my_peer); | 459 | *my_peer_idx = peer_find(normalized, n, &my_peer); |
466 | if (NULL != num_normalized) | 460 | if (NULL != num_normalized) |
467 | *num_normalized = n; | 461 | *num_normalized = n; |
468 | 462 | ||
@@ -479,9 +473,9 @@ normalize_peers (struct GNUNET_PeerIdentity *listed, | |||
479 | * @param num number of indices in @a indices | 473 | * @param num number of indices in @a indices |
480 | */ | 474 | */ |
481 | static void | 475 | static void |
482 | compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, | 476 | compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j, |
483 | unsigned int *indices, | 477 | unsigned int *indices, |
484 | unsigned int num) | 478 | unsigned int num) |
485 | { | 479 | { |
486 | unsigned int i; | 480 | unsigned int i; |
487 | /* numerator */ | 481 | /* numerator */ |
@@ -491,41 +485,41 @@ compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, | |||
491 | /* temp value for l-j */ | 485 | /* temp value for l-j */ |
492 | gcry_mpi_t tmp; | 486 | gcry_mpi_t tmp; |
493 | 487 | ||
494 | GNUNET_assert (0 != coeff); | 488 | GNUNET_assert(0 != coeff); |
495 | 489 | ||
496 | GNUNET_assert (0 != (n = gcry_mpi_new (0))); | 490 | GNUNET_assert(0 != (n = gcry_mpi_new(0))); |
497 | GNUNET_assert (0 != (d = gcry_mpi_new (0))); | 491 | GNUNET_assert(0 != (d = gcry_mpi_new(0))); |
498 | GNUNET_assert (0 != (tmp = gcry_mpi_new (0))); | 492 | GNUNET_assert(0 != (tmp = gcry_mpi_new(0))); |
499 | 493 | ||
500 | gcry_mpi_set_ui (n, 1); | 494 | gcry_mpi_set_ui(n, 1); |
501 | gcry_mpi_set_ui (d, 1); | 495 | gcry_mpi_set_ui(d, 1); |
502 | 496 | ||
503 | for (i = 0; i < num; i++) | 497 | for (i = 0; i < num; i++) |
504 | { | 498 | { |
505 | unsigned int l = indices[i]; | 499 | unsigned int l = indices[i]; |
506 | if (l == j) | 500 | if (l == j) |
507 | continue; | 501 | continue; |
508 | gcry_mpi_mul_ui (n, n, l + 1); | 502 | gcry_mpi_mul_ui(n, n, l + 1); |
509 | // d <- d * (l-j) | 503 | // d <- d * (l-j) |
510 | gcry_mpi_set_ui (tmp, l + 1); | 504 | gcry_mpi_set_ui(tmp, l + 1); |
511 | gcry_mpi_sub_ui (tmp, tmp, j + 1); | 505 | gcry_mpi_sub_ui(tmp, tmp, j + 1); |
512 | gcry_mpi_mul (d, d, tmp); | 506 | gcry_mpi_mul(d, d, tmp); |
513 | } | 507 | } |
514 | 508 | ||
515 | // gcry_mpi_invm does not like negative numbers ... | 509 | // gcry_mpi_invm does not like negative numbers ... |
516 | gcry_mpi_mod (d, d, elgamal_q); | 510 | gcry_mpi_mod(d, d, elgamal_q); |
517 | 511 | ||
518 | GNUNET_assert (gcry_mpi_cmp_ui (d, 0) > 0); | 512 | GNUNET_assert(gcry_mpi_cmp_ui(d, 0) > 0); |
519 | 513 | ||
520 | // now we do the actual division, with everything mod q, as we | 514 | // now we do the actual division, with everything mod q, as we |
521 | // are not operating on elements from <g>, but on exponents | 515 | // are not operating on elements from <g>, but on exponents |
522 | GNUNET_assert (0 != gcry_mpi_invm (d, d, elgamal_q)); | 516 | GNUNET_assert(0 != gcry_mpi_invm(d, d, elgamal_q)); |
523 | 517 | ||
524 | gcry_mpi_mulm (coeff, n, d, elgamal_q); | 518 | gcry_mpi_mulm(coeff, n, d, elgamal_q); |
525 | 519 | ||
526 | gcry_mpi_release (n); | 520 | gcry_mpi_release(n); |
527 | gcry_mpi_release (d); | 521 | gcry_mpi_release(d); |
528 | gcry_mpi_release (tmp); | 522 | gcry_mpi_release(tmp); |
529 | } | 523 | } |
530 | 524 | ||
531 | 525 | ||
@@ -536,117 +530,117 @@ compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, | |||
536 | * @param ds decrypt session to destroy | 530 | * @param ds decrypt session to destroy |
537 | */ | 531 | */ |
538 | static void | 532 | static void |
539 | decrypt_session_destroy (struct DecryptSession *ds) | 533 | decrypt_session_destroy(struct DecryptSession *ds) |
540 | { | 534 | { |
541 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 535 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
542 | "destroying decrypt session\n"); | 536 | "destroying decrypt session\n"); |
543 | if (NULL != ds->cs) | 537 | if (NULL != ds->cs) |
544 | { | 538 | { |
545 | ds->cs->decrypt_session = NULL; | 539 | ds->cs->decrypt_session = NULL; |
546 | ds->cs = NULL; | 540 | ds->cs = NULL; |
547 | } | 541 | } |
548 | if (NULL != ds->consensus) | 542 | if (NULL != ds->consensus) |
549 | { | 543 | { |
550 | GNUNET_CONSENSUS_destroy (ds->consensus); | 544 | GNUNET_CONSENSUS_destroy(ds->consensus); |
551 | ds->consensus = NULL; | 545 | ds->consensus = NULL; |
552 | } | 546 | } |
553 | 547 | ||
554 | if (NULL != ds->info) | 548 | if (NULL != ds->info) |
555 | { | ||
556 | for (unsigned int i = 0; i < ds->share->num_peers; i++) | ||
557 | { | 549 | { |
558 | if (NULL != ds->info[i].partial_decryption) | 550 | for (unsigned int i = 0; i < ds->share->num_peers; i++) |
559 | { | 551 | { |
560 | gcry_mpi_release (ds->info[i].partial_decryption); | 552 | if (NULL != ds->info[i].partial_decryption) |
561 | ds->info[i].partial_decryption = NULL; | 553 | { |
562 | } | 554 | gcry_mpi_release(ds->info[i].partial_decryption); |
555 | ds->info[i].partial_decryption = NULL; | ||
556 | } | ||
557 | } | ||
558 | GNUNET_free(ds->info); | ||
559 | ds->info = NULL; | ||
563 | } | 560 | } |
564 | GNUNET_free (ds->info); | ||
565 | ds->info = NULL; | ||
566 | } | ||
567 | if (NULL != ds->share) | 561 | if (NULL != ds->share) |
568 | { | 562 | { |
569 | GNUNET_SECRETSHARING_share_destroy (ds->share); | 563 | GNUNET_SECRETSHARING_share_destroy(ds->share); |
570 | ds->share = NULL; | 564 | ds->share = NULL; |
571 | } | 565 | } |
572 | 566 | ||
573 | GNUNET_free (ds); | 567 | GNUNET_free(ds); |
574 | } | 568 | } |
575 | 569 | ||
576 | 570 | ||
577 | static void | 571 | static void |
578 | keygen_info_destroy (struct KeygenPeerInfo *info) | 572 | keygen_info_destroy(struct KeygenPeerInfo *info) |
579 | { | 573 | { |
580 | if (NULL != info->sigma) | 574 | if (NULL != info->sigma) |
581 | { | 575 | { |
582 | gcry_mpi_release (info->sigma); | 576 | gcry_mpi_release(info->sigma); |
583 | info->sigma = NULL; | 577 | info->sigma = NULL; |
584 | } | 578 | } |
585 | if (NULL != info->presecret_commitment) | 579 | if (NULL != info->presecret_commitment) |
586 | { | 580 | { |
587 | gcry_mpi_release (info->presecret_commitment); | 581 | gcry_mpi_release(info->presecret_commitment); |
588 | info->presecret_commitment = NULL; | 582 | info->presecret_commitment = NULL; |
589 | } | 583 | } |
590 | if (NULL != info->preshare_commitment) | 584 | if (NULL != info->preshare_commitment) |
591 | { | 585 | { |
592 | gcry_mpi_release (info->preshare_commitment); | 586 | gcry_mpi_release(info->preshare_commitment); |
593 | info->preshare_commitment = NULL; | 587 | info->preshare_commitment = NULL; |
594 | } | 588 | } |
595 | } | 589 | } |
596 | 590 | ||
597 | 591 | ||
598 | static void | 592 | static void |
599 | keygen_session_destroy (struct KeygenSession *ks) | 593 | keygen_session_destroy(struct KeygenSession *ks) |
600 | { | 594 | { |
601 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 595 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
602 | "destroying keygen session\n"); | 596 | "destroying keygen session\n"); |
603 | 597 | ||
604 | if (NULL != ks->cs) | 598 | if (NULL != ks->cs) |
605 | { | 599 | { |
606 | ks->cs->keygen_session = NULL; | 600 | ks->cs->keygen_session = NULL; |
607 | ks->cs = NULL; | 601 | ks->cs = NULL; |
608 | } | 602 | } |
609 | if (NULL != ks->info) | 603 | if (NULL != ks->info) |
610 | { | 604 | { |
611 | for (unsigned int i = 0; i < ks->num_peers; i++) | 605 | for (unsigned int i = 0; i < ks->num_peers; i++) |
612 | keygen_info_destroy (&ks->info[i]); | 606 | keygen_info_destroy(&ks->info[i]); |
613 | GNUNET_free (ks->info); | 607 | GNUNET_free(ks->info); |
614 | ks->info = NULL; | 608 | ks->info = NULL; |
615 | } | 609 | } |
616 | 610 | ||
617 | if (NULL != ks->consensus) | 611 | if (NULL != ks->consensus) |
618 | { | 612 | { |
619 | GNUNET_CONSENSUS_destroy (ks->consensus); | 613 | GNUNET_CONSENSUS_destroy(ks->consensus); |
620 | ks->consensus = NULL; | 614 | ks->consensus = NULL; |
621 | } | 615 | } |
622 | 616 | ||
623 | if (NULL != ks->presecret_polynomial) | 617 | if (NULL != ks->presecret_polynomial) |
624 | { | ||
625 | for (unsigned int i = 0; i < ks->threshold; i++) | ||
626 | { | 618 | { |
627 | GNUNET_assert (NULL != ks->presecret_polynomial[i]); | 619 | for (unsigned int i = 0; i < ks->threshold; i++) |
628 | gcry_mpi_release (ks->presecret_polynomial[i]); | 620 | { |
629 | ks->presecret_polynomial[i] = NULL; | 621 | GNUNET_assert(NULL != ks->presecret_polynomial[i]); |
622 | gcry_mpi_release(ks->presecret_polynomial[i]); | ||
623 | ks->presecret_polynomial[i] = NULL; | ||
624 | } | ||
625 | GNUNET_free(ks->presecret_polynomial); | ||
626 | ks->presecret_polynomial = NULL; | ||
630 | } | 627 | } |
631 | GNUNET_free (ks->presecret_polynomial); | ||
632 | ks->presecret_polynomial = NULL; | ||
633 | } | ||
634 | if (NULL != ks->my_share) | 628 | if (NULL != ks->my_share) |
635 | { | 629 | { |
636 | gcry_mpi_release (ks->my_share); | 630 | gcry_mpi_release(ks->my_share); |
637 | ks->my_share = NULL; | 631 | ks->my_share = NULL; |
638 | } | 632 | } |
639 | if (NULL != ks->public_key) | 633 | if (NULL != ks->public_key) |
640 | { | 634 | { |
641 | gcry_mpi_release (ks->public_key); | 635 | gcry_mpi_release(ks->public_key); |
642 | ks->public_key = NULL; | 636 | ks->public_key = NULL; |
643 | } | 637 | } |
644 | if (NULL != ks->peers) | 638 | if (NULL != ks->peers) |
645 | { | 639 | { |
646 | GNUNET_free (ks->peers); | 640 | GNUNET_free(ks->peers); |
647 | ks->peers = NULL; | 641 | ks->peers = NULL; |
648 | } | 642 | } |
649 | GNUNET_free (ks); | 643 | GNUNET_free(ks); |
650 | } | 644 | } |
651 | 645 | ||
652 | 646 | ||
@@ -657,7 +651,7 @@ keygen_session_destroy (struct KeygenSession *ks) | |||
657 | * @param tc unused | 651 | * @param tc unused |
658 | */ | 652 | */ |
659 | static void | 653 | static void |
660 | cleanup_task (void *cls) | 654 | cleanup_task(void *cls) |
661 | { | 655 | { |
662 | /* Nothing to do! */ | 656 | /* Nothing to do! */ |
663 | } | 657 | } |
@@ -670,25 +664,26 @@ cleanup_task (void *cls) | |||
670 | * @param ks the session | 664 | * @param ks the session |
671 | */ | 665 | */ |
672 | static void | 666 | static void |
673 | generate_presecret_polynomial (struct KeygenSession *ks) | 667 | generate_presecret_polynomial(struct KeygenSession *ks) |
674 | { | 668 | { |
675 | int i; | 669 | int i; |
676 | gcry_mpi_t v; | 670 | gcry_mpi_t v; |
677 | 671 | ||
678 | GNUNET_assert (NULL == ks->presecret_polynomial); | 672 | GNUNET_assert(NULL == ks->presecret_polynomial); |
679 | ks->presecret_polynomial = GNUNET_new_array (ks->threshold, | 673 | ks->presecret_polynomial = GNUNET_new_array(ks->threshold, |
680 | gcry_mpi_t); | 674 | gcry_mpi_t); |
681 | for (i = 0; i < ks->threshold; i++) | 675 | for (i = 0; i < ks->threshold; i++) |
682 | { | ||
683 | v = ks->presecret_polynomial[i] = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS); | ||
684 | GNUNET_assert (NULL != v); | ||
685 | // Randomize v such that 0 < v < elgamal_q. | ||
686 | // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. | ||
687 | do | ||
688 | { | 676 | { |
689 | gcry_mpi_randomize (v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); | 677 | v = ks->presecret_polynomial[i] = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS); |
690 | } while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v, elgamal_q) >= 0)); | 678 | GNUNET_assert(NULL != v); |
691 | } | 679 | // Randomize v such that 0 < v < elgamal_q. |
680 | // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. | ||
681 | do | ||
682 | { | ||
683 | gcry_mpi_randomize(v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); | ||
684 | } | ||
685 | while ((gcry_mpi_cmp_ui(v, 0) == 0) || (gcry_mpi_cmp(v, elgamal_q) >= 0)); | ||
686 | } | ||
692 | } | 687 | } |
693 | 688 | ||
694 | 689 | ||
@@ -701,57 +696,57 @@ generate_presecret_polynomial (struct KeygenSession *ks) | |||
701 | * NULL if consensus failed. | 696 | * NULL if consensus failed. |
702 | */ | 697 | */ |
703 | static void | 698 | static void |
704 | keygen_round1_new_element (void *cls, | 699 | keygen_round1_new_element(void *cls, |
705 | const struct GNUNET_SET_Element *element) | 700 | const struct GNUNET_SET_Element *element) |
706 | { | 701 | { |
707 | const struct GNUNET_SECRETSHARING_KeygenCommitData *d; | 702 | const struct GNUNET_SECRETSHARING_KeygenCommitData *d; |
708 | struct KeygenSession *ks = cls; | 703 | struct KeygenSession *ks = cls; |
709 | struct KeygenPeerInfo *info; | 704 | struct KeygenPeerInfo *info; |
710 | 705 | ||
711 | if (NULL == element) | 706 | if (NULL == element) |
712 | { | 707 | { |
713 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n"); | 708 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n"); |
714 | return; | 709 | return; |
715 | } | 710 | } |
716 | 711 | ||
717 | /* elements have fixed size */ | 712 | /* elements have fixed size */ |
718 | if (element->size != sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData)) | 713 | if (element->size != sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData)) |
719 | { | 714 | { |
720 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 715 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, |
721 | "keygen commit data with wrong size (%u) in consensus, %u expected\n", | 716 | "keygen commit data with wrong size (%u) in consensus, %u expected\n", |
722 | (unsigned int) element->size, | 717 | (unsigned int)element->size, |
723 | (unsigned int) sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData)); | 718 | (unsigned int)sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData)); |
724 | return; | 719 | return; |
725 | } | 720 | } |
726 | 721 | ||
727 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round1 element\n"); | 722 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "got round1 element\n"); |
728 | 723 | ||
729 | d = element->data; | 724 | d = element->data; |
730 | info = get_keygen_peer_info (ks, &d->peer); | 725 | info = get_keygen_peer_info(ks, &d->peer); |
731 | 726 | ||
732 | if (NULL == info) | 727 | if (NULL == info) |
733 | { | 728 | { |
734 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", | 729 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", |
735 | GNUNET_i2s (&d->peer)); | 730 | GNUNET_i2s(&d->peer)); |
736 | return; | 731 | return; |
737 | } | 732 | } |
738 | 733 | ||
739 | /* Check that the right amount of data has been signed. */ | 734 | /* Check that the right amount of data has been signed. */ |
740 | if (d->purpose.size != | 735 | if (d->purpose.size != |
741 | htonl (element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose))) | 736 | htonl(element->size - offsetof(struct GNUNET_SECRETSHARING_KeygenCommitData, purpose))) |
742 | { | 737 | { |
743 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong signature purpose size in consensus\n"); | 738 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong signature purpose size in consensus\n"); |
744 | return; | 739 | return; |
745 | } | 740 | } |
746 | 741 | ||
747 | if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, | 742 | if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, |
748 | &d->purpose, &d->signature, &d->peer.public_key)) | 743 | &d->purpose, &d->signature, &d->peer.public_key)) |
749 | { | 744 | { |
750 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with invalid signature in consensus\n"); | 745 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with invalid signature in consensus\n"); |
751 | return; | 746 | return; |
752 | } | 747 | } |
753 | info->paillier_public_key = d->pubkey; | 748 | info->paillier_public_key = d->pubkey; |
754 | GNUNET_CRYPTO_mpi_scan_unsigned (&info->presecret_commitment, &d->commitment, 512 / 8); | 749 | GNUNET_CRYPTO_mpi_scan_unsigned(&info->presecret_commitment, &d->commitment, 512 / 8); |
755 | info->round1_valid = GNUNET_YES; | 750 | info->round1_valid = GNUNET_YES; |
756 | } | 751 | } |
757 | 752 | ||
@@ -767,22 +762,22 @@ keygen_round1_new_element (void *cls, | |||
767 | * @param m what group are we operating in? | 762 | * @param m what group are we operating in? |
768 | */ | 763 | */ |
769 | static void | 764 | static void |
770 | horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m) | 765 | horner_eval(gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m) |
771 | { | 766 | { |
772 | unsigned int i; | 767 | unsigned int i; |
773 | 768 | ||
774 | gcry_mpi_set_ui (z, 0); | 769 | gcry_mpi_set_ui(z, 0); |
775 | for (i = 0; i < num_coeff; i++) | 770 | for (i = 0; i < num_coeff; i++) |
776 | { | 771 | { |
777 | // z <- zx + c | 772 | // z <- zx + c |
778 | gcry_mpi_mul (z, z, x); | 773 | gcry_mpi_mul(z, z, x); |
779 | gcry_mpi_addm (z, z, coeff[num_coeff - i - 1], m); | 774 | gcry_mpi_addm(z, z, coeff[num_coeff - i - 1], m); |
780 | } | 775 | } |
781 | } | 776 | } |
782 | 777 | ||
783 | 778 | ||
784 | static void | 779 | static void |
785 | keygen_round2_conclude (void *cls) | 780 | keygen_round2_conclude(void *cls) |
786 | { | 781 | { |
787 | struct KeygenSession *ks = cls; | 782 | struct KeygenSession *ks = cls; |
788 | struct GNUNET_SECRETSHARING_SecretReadyMessage *m; | 783 | struct GNUNET_SECRETSHARING_SecretReadyMessage *m; |
@@ -792,12 +787,12 @@ keygen_round2_conclude (void *cls) | |||
792 | unsigned int j; | 787 | unsigned int j; |
793 | struct GNUNET_SECRETSHARING_Share *share; | 788 | struct GNUNET_SECRETSHARING_Share *share; |
794 | 789 | ||
795 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); | 790 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); |
796 | 791 | ||
797 | GNUNET_CONSENSUS_destroy (ks->consensus); | 792 | GNUNET_CONSENSUS_destroy(ks->consensus); |
798 | ks->consensus = NULL; | 793 | ks->consensus = NULL; |
799 | 794 | ||
800 | share = GNUNET_new (struct GNUNET_SECRETSHARING_Share); | 795 | share = GNUNET_new(struct GNUNET_SECRETSHARING_Share); |
801 | 796 | ||
802 | share->num_peers = 0; | 797 | share->num_peers = 0; |
803 | 798 | ||
@@ -805,71 +800,71 @@ keygen_round2_conclude (void *cls) | |||
805 | if (GNUNET_YES == ks->info[i].round2_valid) | 800 | if (GNUNET_YES == ks->info[i].round2_valid) |
806 | share->num_peers++; | 801 | share->num_peers++; |
807 | 802 | ||
808 | share->peers = GNUNET_new_array (share->num_peers, | 803 | share->peers = GNUNET_new_array(share->num_peers, |
809 | struct GNUNET_PeerIdentity); | 804 | struct GNUNET_PeerIdentity); |
810 | share->sigmas = | 805 | share->sigmas = |
811 | GNUNET_new_array (share->num_peers, | 806 | GNUNET_new_array(share->num_peers, |
812 | struct GNUNET_SECRETSHARING_FieldElement); | 807 | struct GNUNET_SECRETSHARING_FieldElement); |
813 | share->original_indices = GNUNET_new_array (share->num_peers, | 808 | share->original_indices = GNUNET_new_array(share->num_peers, |
814 | uint16_t); | 809 | uint16_t); |
815 | 810 | ||
816 | /* maybe we're not even in the list of peers? */ | 811 | /* maybe we're not even in the list of peers? */ |
817 | share->my_peer = share->num_peers; | 812 | share->my_peer = share->num_peers; |
818 | 813 | ||
819 | j = 0; /* running index of valid peers */ | 814 | j = 0; /* running index of valid peers */ |
820 | for (i = 0; i < ks->num_peers; i++) | 815 | for (i = 0; i < ks->num_peers; i++) |
821 | { | ||
822 | if (GNUNET_YES == ks->info[i].round2_valid) | ||
823 | { | 816 | { |
824 | share->peers[j] = ks->info[i].peer; | 817 | if (GNUNET_YES == ks->info[i].round2_valid) |
825 | GNUNET_CRYPTO_mpi_print_unsigned (&share->sigmas[j], | 818 | { |
826 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 819 | share->peers[j] = ks->info[i].peer; |
827 | ks->info[i].sigma); | 820 | GNUNET_CRYPTO_mpi_print_unsigned(&share->sigmas[j], |
828 | share->original_indices[i] = j; | 821 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
829 | if (0 == GNUNET_memcmp (&share->peers[i], &my_peer)) | 822 | ks->info[i].sigma); |
830 | share->my_peer = j; | 823 | share->original_indices[i] = j; |
831 | j += 1; | 824 | if (0 == GNUNET_memcmp(&share->peers[i], &my_peer)) |
825 | share->my_peer = j; | ||
826 | j += 1; | ||
827 | } | ||
832 | } | 828 | } |
833 | } | ||
834 | 829 | ||
835 | if (share->my_peer == share->num_peers) | 830 | if (share->my_peer == share->num_peers) |
836 | { | 831 | { |
837 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n", ks->local_peer_idx); | 832 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n", ks->local_peer_idx); |
838 | } | 833 | } |
839 | 834 | ||
840 | GNUNET_CRYPTO_mpi_print_unsigned (&share->my_share, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 835 | GNUNET_CRYPTO_mpi_print_unsigned(&share->my_share, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
841 | ks->my_share); | 836 | ks->my_share); |
842 | GNUNET_CRYPTO_mpi_print_unsigned (&share->public_key, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 837 | GNUNET_CRYPTO_mpi_print_unsigned(&share->public_key, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
843 | ks->public_key); | 838 | ks->public_key); |
844 | 839 | ||
845 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n", share->num_peers); | 840 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n", share->num_peers); |
846 | 841 | ||
847 | /* Write the share. If 0 peers completed the dkg, an empty | 842 | /* Write the share. If 0 peers completed the dkg, an empty |
848 | * share will be sent. */ | 843 | * share will be sent. */ |
849 | 844 | ||
850 | GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, NULL, 0, &share_size)); | 845 | GNUNET_assert(GNUNET_OK == GNUNET_SECRETSHARING_share_write(share, NULL, 0, &share_size)); |
851 | 846 | ||
852 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n", | 847 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n", |
853 | (unsigned int) share_size); | 848 | (unsigned int)share_size); |
854 | 849 | ||
855 | ev = GNUNET_MQ_msg_extra (m, share_size, | 850 | ev = GNUNET_MQ_msg_extra(m, share_size, |
856 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY); | 851 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY); |
857 | 852 | ||
858 | GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, &m[1], share_size, NULL)); | 853 | GNUNET_assert(GNUNET_OK == GNUNET_SECRETSHARING_share_write(share, &m[1], share_size, NULL)); |
859 | 854 | ||
860 | GNUNET_SECRETSHARING_share_destroy (share); | 855 | GNUNET_SECRETSHARING_share_destroy(share); |
861 | share = NULL; | 856 | share = NULL; |
862 | 857 | ||
863 | GNUNET_MQ_send (ks->cs->mq, | 858 | GNUNET_MQ_send(ks->cs->mq, |
864 | ev); | 859 | ev); |
865 | } | 860 | } |
866 | 861 | ||
867 | 862 | ||
868 | 863 | ||
869 | static void | 864 | static void |
870 | restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | 865 | restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, |
871 | const struct GNUNET_SECRETSHARING_FairEncryption *fe, | 866 | const struct GNUNET_SECRETSHARING_FairEncryption *fe, |
872 | gcry_mpi_t x, gcry_mpi_t xres) | 867 | gcry_mpi_t x, gcry_mpi_t xres) |
873 | { | 868 | { |
874 | gcry_mpi_t a_1; | 869 | gcry_mpi_t a_1; |
875 | gcry_mpi_t a_2; | 870 | gcry_mpi_t a_2; |
@@ -886,101 +881,101 @@ restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | |||
886 | gcry_mpi_t v; | 881 | gcry_mpi_t v; |
887 | 882 | ||
888 | 883 | ||
889 | GNUNET_assert (NULL != (n = gcry_mpi_new (0))); | 884 | GNUNET_assert(NULL != (n = gcry_mpi_new(0))); |
890 | GNUNET_assert (NULL != (t = gcry_mpi_new (0))); | 885 | GNUNET_assert(NULL != (t = gcry_mpi_new(0))); |
891 | GNUNET_assert (NULL != (t_1 = gcry_mpi_new (0))); | 886 | GNUNET_assert(NULL != (t_1 = gcry_mpi_new(0))); |
892 | GNUNET_assert (NULL != (t_2 = gcry_mpi_new (0))); | 887 | GNUNET_assert(NULL != (t_2 = gcry_mpi_new(0))); |
893 | GNUNET_assert (NULL != (r = gcry_mpi_new (0))); | 888 | GNUNET_assert(NULL != (r = gcry_mpi_new(0))); |
894 | GNUNET_assert (NULL != (big_t = gcry_mpi_new (0))); | 889 | GNUNET_assert(NULL != (big_t = gcry_mpi_new(0))); |
895 | GNUNET_assert (NULL != (v = gcry_mpi_new (0))); | 890 | GNUNET_assert(NULL != (v = gcry_mpi_new(0))); |
896 | GNUNET_assert (NULL != (big_a = gcry_mpi_new (0))); | 891 | GNUNET_assert(NULL != (big_a = gcry_mpi_new(0))); |
897 | GNUNET_assert (NULL != (big_b = gcry_mpi_new (0))); | 892 | GNUNET_assert(NULL != (big_b = gcry_mpi_new(0))); |
898 | 893 | ||
899 | // a = (N,0)^T | 894 | // a = (N,0)^T |
900 | GNUNET_CRYPTO_mpi_scan_unsigned (&a_1, | 895 | GNUNET_CRYPTO_mpi_scan_unsigned(&a_1, |
901 | ppub, | 896 | ppub, |
902 | sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); | 897 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); |
903 | GNUNET_assert (NULL != (a_2 = gcry_mpi_new (0))); | 898 | GNUNET_assert(NULL != (a_2 = gcry_mpi_new(0))); |
904 | gcry_mpi_set_ui (a_2, 0); | 899 | gcry_mpi_set_ui(a_2, 0); |
905 | // b = (x,1)^T | 900 | // b = (x,1)^T |
906 | GNUNET_assert (NULL != (b_1 = gcry_mpi_new (0))); | 901 | GNUNET_assert(NULL != (b_1 = gcry_mpi_new(0))); |
907 | gcry_mpi_set (b_1, x); | 902 | gcry_mpi_set(b_1, x); |
908 | GNUNET_assert (NULL != (b_2 = gcry_mpi_new (0))); | 903 | GNUNET_assert(NULL != (b_2 = gcry_mpi_new(0))); |
909 | gcry_mpi_set_ui (b_2, 1); | 904 | gcry_mpi_set_ui(b_2, 1); |
910 | 905 | ||
911 | // A = a DOT a | 906 | // A = a DOT a |
912 | gcry_mpi_mul (t, a_1, a_1); | 907 | gcry_mpi_mul(t, a_1, a_1); |
913 | gcry_mpi_mul (big_a, a_2, a_2); | 908 | gcry_mpi_mul(big_a, a_2, a_2); |
914 | gcry_mpi_add (big_a, big_a, t); | 909 | gcry_mpi_add(big_a, big_a, t); |
915 | 910 | ||
916 | // B = b DOT b | 911 | // B = b DOT b |
917 | gcry_mpi_mul (t, b_1, b_1); | 912 | gcry_mpi_mul(t, b_1, b_1); |
918 | gcry_mpi_mul (big_b, b_2, b_2); | 913 | gcry_mpi_mul(big_b, b_2, b_2); |
919 | gcry_mpi_add (big_b, big_b, t); | 914 | gcry_mpi_add(big_b, big_b, t); |
920 | 915 | ||
921 | while (1) | 916 | while (1) |
922 | { | ||
923 | // n = a DOT b | ||
924 | gcry_mpi_mul (t, a_1, b_1); | ||
925 | gcry_mpi_mul (n, a_2, b_2); | ||
926 | gcry_mpi_add (n, n, t); | ||
927 | |||
928 | // r = nearest(n/B) | ||
929 | gcry_mpi_div (r, NULL, n, big_b, 0); | ||
930 | |||
931 | // T := A - 2rn + rrB | ||
932 | gcry_mpi_mul (v, r, n); | ||
933 | gcry_mpi_mul_ui (v, v, 2); | ||
934 | gcry_mpi_sub (big_t, big_a, v); | ||
935 | gcry_mpi_mul (v, r, r); | ||
936 | gcry_mpi_mul (v, v, big_b); | ||
937 | gcry_mpi_add (big_t, big_t, v); | ||
938 | |||
939 | if (gcry_mpi_cmp (big_t, big_b) >= 0) | ||
940 | { | 917 | { |
941 | break; | 918 | // n = a DOT b |
919 | gcry_mpi_mul(t, a_1, b_1); | ||
920 | gcry_mpi_mul(n, a_2, b_2); | ||
921 | gcry_mpi_add(n, n, t); | ||
922 | |||
923 | // r = nearest(n/B) | ||
924 | gcry_mpi_div(r, NULL, n, big_b, 0); | ||
925 | |||
926 | // T := A - 2rn + rrB | ||
927 | gcry_mpi_mul(v, r, n); | ||
928 | gcry_mpi_mul_ui(v, v, 2); | ||
929 | gcry_mpi_sub(big_t, big_a, v); | ||
930 | gcry_mpi_mul(v, r, r); | ||
931 | gcry_mpi_mul(v, v, big_b); | ||
932 | gcry_mpi_add(big_t, big_t, v); | ||
933 | |||
934 | if (gcry_mpi_cmp(big_t, big_b) >= 0) | ||
935 | { | ||
936 | break; | ||
937 | } | ||
938 | |||
939 | // t = a - rb | ||
940 | gcry_mpi_mul(v, r, b_1); | ||
941 | gcry_mpi_sub(t_1, a_1, v); | ||
942 | gcry_mpi_mul(v, r, b_2); | ||
943 | gcry_mpi_sub(t_2, a_2, v); | ||
944 | |||
945 | // a = b | ||
946 | gcry_mpi_set(a_1, b_1); | ||
947 | gcry_mpi_set(a_2, b_2); | ||
948 | // b = t | ||
949 | gcry_mpi_set(b_1, t_1); | ||
950 | gcry_mpi_set(b_2, t_2); | ||
951 | |||
952 | gcry_mpi_set(big_a, big_b); | ||
953 | gcry_mpi_set(big_b, big_t); | ||
942 | } | 954 | } |
943 | 955 | ||
944 | // t = a - rb | 956 | gcry_mpi_set(xres, b_2); |
945 | gcry_mpi_mul (v, r, b_1); | 957 | gcry_mpi_invm(xres, xres, elgamal_q); |
946 | gcry_mpi_sub (t_1, a_1, v); | 958 | gcry_mpi_mulm(xres, xres, b_1, elgamal_q); |
947 | gcry_mpi_mul (v, r, b_2); | 959 | |
948 | gcry_mpi_sub (t_2, a_2, v); | 960 | gcry_mpi_release(a_1); |
949 | 961 | gcry_mpi_release(a_2); | |
950 | // a = b | 962 | gcry_mpi_release(b_1); |
951 | gcry_mpi_set (a_1, b_1); | 963 | gcry_mpi_release(b_2); |
952 | gcry_mpi_set (a_2, b_2); | 964 | gcry_mpi_release(big_a); |
953 | // b = t | 965 | gcry_mpi_release(big_b); |
954 | gcry_mpi_set (b_1, t_1); | 966 | gcry_mpi_release(big_t); |
955 | gcry_mpi_set (b_2, t_2); | 967 | gcry_mpi_release(n); |
956 | 968 | gcry_mpi_release(t_1); | |
957 | gcry_mpi_set (big_a, big_b); | 969 | gcry_mpi_release(t_2); |
958 | gcry_mpi_set (big_b, big_t); | 970 | gcry_mpi_release(t); |
959 | } | 971 | gcry_mpi_release(r); |
960 | 972 | gcry_mpi_release(v); | |
961 | gcry_mpi_set (xres, b_2); | ||
962 | gcry_mpi_invm (xres, xres, elgamal_q); | ||
963 | gcry_mpi_mulm (xres, xres, b_1, elgamal_q); | ||
964 | |||
965 | gcry_mpi_release (a_1); | ||
966 | gcry_mpi_release (a_2); | ||
967 | gcry_mpi_release (b_1); | ||
968 | gcry_mpi_release (b_2); | ||
969 | gcry_mpi_release (big_a); | ||
970 | gcry_mpi_release (big_b); | ||
971 | gcry_mpi_release (big_t); | ||
972 | gcry_mpi_release (n); | ||
973 | gcry_mpi_release (t_1); | ||
974 | gcry_mpi_release (t_2); | ||
975 | gcry_mpi_release (t); | ||
976 | gcry_mpi_release (r); | ||
977 | gcry_mpi_release (v); | ||
978 | } | 973 | } |
979 | 974 | ||
980 | 975 | ||
981 | static void | 976 | static void |
982 | get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption *fe, | 977 | get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe, |
983 | gcry_mpi_t *e) | 978 | gcry_mpi_t *e) |
984 | { | 979 | { |
985 | struct { | 980 | struct { |
986 | struct GNUNET_CRYPTO_PaillierCiphertext c; | 981 | struct GNUNET_CRYPTO_PaillierCiphertext c; |
@@ -990,27 +985,27 @@ get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption | |||
990 | } hash_data; | 985 | } hash_data; |
991 | struct GNUNET_HashCode e_hash; | 986 | struct GNUNET_HashCode e_hash; |
992 | 987 | ||
993 | memset (&hash_data, | 988 | memset(&hash_data, |
994 | 0, | 989 | 0, |
995 | sizeof (hash_data)); | 990 | sizeof(hash_data)); |
996 | GNUNET_memcpy (&hash_data.c, &fe->c, sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)); | 991 | GNUNET_memcpy(&hash_data.c, &fe->c, sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); |
997 | GNUNET_memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 992 | GNUNET_memcpy(&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
998 | GNUNET_memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 993 | GNUNET_memcpy(&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
999 | GNUNET_memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); | 994 | GNUNET_memcpy(&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); |
1000 | GNUNET_CRYPTO_hash (&hash_data, | 995 | GNUNET_CRYPTO_hash(&hash_data, |
1001 | sizeof (hash_data), | 996 | sizeof(hash_data), |
1002 | &e_hash); | 997 | &e_hash); |
1003 | /* This allocates "e" */ | 998 | /* This allocates "e" */ |
1004 | GNUNET_CRYPTO_mpi_scan_unsigned (e, | 999 | GNUNET_CRYPTO_mpi_scan_unsigned(e, |
1005 | &e_hash, | 1000 | &e_hash, |
1006 | sizeof (struct GNUNET_HashCode)); | 1001 | sizeof(struct GNUNET_HashCode)); |
1007 | gcry_mpi_mod (*e, *e, elgamal_q); | 1002 | gcry_mpi_mod(*e, *e, elgamal_q); |
1008 | } | 1003 | } |
1009 | 1004 | ||
1010 | 1005 | ||
1011 | static int | 1006 | static int |
1012 | verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | 1007 | verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, |
1013 | const struct GNUNET_SECRETSHARING_FairEncryption *fe) | 1008 | const struct GNUNET_SECRETSHARING_FairEncryption *fe) |
1014 | { | 1009 | { |
1015 | gcry_mpi_t n; | 1010 | gcry_mpi_t n; |
1016 | gcry_mpi_t n_sq; | 1011 | gcry_mpi_t n_sq; |
@@ -1025,73 +1020,73 @@ verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | |||
1025 | gcry_mpi_t big_y; | 1020 | gcry_mpi_t big_y; |
1026 | int res; | 1021 | int res; |
1027 | 1022 | ||
1028 | GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0))); | 1023 | GNUNET_assert(NULL != (n_sq = gcry_mpi_new(0))); |
1029 | GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0))); | 1024 | GNUNET_assert(NULL != (tmp1 = gcry_mpi_new(0))); |
1030 | GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0))); | 1025 | GNUNET_assert(NULL != (tmp2 = gcry_mpi_new(0))); |
1031 | 1026 | ||
1032 | get_fair_encryption_challenge (fe, | 1027 | get_fair_encryption_challenge(fe, |
1033 | &e /* this allocates e */); | 1028 | &e /* this allocates e */); |
1034 | 1029 | ||
1035 | GNUNET_CRYPTO_mpi_scan_unsigned (&n, | 1030 | GNUNET_CRYPTO_mpi_scan_unsigned(&n, |
1036 | ppub, | 1031 | ppub, |
1037 | sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); | 1032 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); |
1038 | GNUNET_CRYPTO_mpi_scan_unsigned (&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS / 8); | 1033 | GNUNET_CRYPTO_mpi_scan_unsigned(&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS / 8); |
1039 | GNUNET_CRYPTO_mpi_scan_unsigned (&z, fe->z, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1034 | GNUNET_CRYPTO_mpi_scan_unsigned(&z, fe->z, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
1040 | GNUNET_CRYPTO_mpi_scan_unsigned (&y, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1035 | GNUNET_CRYPTO_mpi_scan_unsigned(&y, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
1041 | GNUNET_CRYPTO_mpi_scan_unsigned (&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8); | 1036 | GNUNET_CRYPTO_mpi_scan_unsigned(&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8); |
1042 | GNUNET_CRYPTO_mpi_scan_unsigned (&big_y, fe->c.bits, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); | 1037 | GNUNET_CRYPTO_mpi_scan_unsigned(&big_y, fe->c.bits, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); |
1043 | GNUNET_CRYPTO_mpi_scan_unsigned (&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); | 1038 | GNUNET_CRYPTO_mpi_scan_unsigned(&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); |
1044 | gcry_mpi_mul (n_sq, n, n); | 1039 | gcry_mpi_mul(n_sq, n, n); |
1045 | 1040 | ||
1046 | // tmp1 = g^z | 1041 | // tmp1 = g^z |
1047 | gcry_mpi_powm (tmp1, elgamal_g, z, elgamal_p); | 1042 | gcry_mpi_powm(tmp1, elgamal_g, z, elgamal_p); |
1048 | // tmp2 = y^{-e} | 1043 | // tmp2 = y^{-e} |
1049 | gcry_mpi_powm (tmp1, y, e, elgamal_p); | 1044 | gcry_mpi_powm(tmp1, y, e, elgamal_p); |
1050 | gcry_mpi_invm (tmp1, tmp1, elgamal_p); | 1045 | gcry_mpi_invm(tmp1, tmp1, elgamal_p); |
1051 | // tmp1 = tmp1 * tmp2 | 1046 | // tmp1 = tmp1 * tmp2 |
1052 | gcry_mpi_mulm (tmp1, tmp1, tmp2, elgamal_p); | 1047 | gcry_mpi_mulm(tmp1, tmp1, tmp2, elgamal_p); |
1053 | 1048 | ||
1054 | if (0 == gcry_mpi_cmp (t1, tmp1)) | 1049 | if (0 == gcry_mpi_cmp(t1, tmp1)) |
1055 | { | 1050 | { |
1056 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n"); | 1051 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n"); |
1057 | res = GNUNET_NO; | 1052 | res = GNUNET_NO; |
1058 | goto cleanup; | 1053 | goto cleanup; |
1059 | } | 1054 | } |
1060 | 1055 | ||
1061 | gcry_mpi_powm (big_y, big_y, e, n_sq); | 1056 | gcry_mpi_powm(big_y, big_y, e, n_sq); |
1062 | gcry_mpi_invm (big_y, big_y, n_sq); | 1057 | gcry_mpi_invm(big_y, big_y, n_sq); |
1063 | 1058 | ||
1064 | gcry_mpi_add_ui (tmp1, n, 1); | 1059 | gcry_mpi_add_ui(tmp1, n, 1); |
1065 | gcry_mpi_powm (tmp1, tmp1, z, n_sq); | 1060 | gcry_mpi_powm(tmp1, tmp1, z, n_sq); |
1066 | 1061 | ||
1067 | gcry_mpi_powm (tmp2, w, n, n_sq); | 1062 | gcry_mpi_powm(tmp2, w, n, n_sq); |
1068 | 1063 | ||
1069 | gcry_mpi_mulm (tmp1, tmp1, tmp2, n_sq); | 1064 | gcry_mpi_mulm(tmp1, tmp1, tmp2, n_sq); |
1070 | gcry_mpi_mulm (tmp1, tmp1, big_y, n_sq); | 1065 | gcry_mpi_mulm(tmp1, tmp1, big_y, n_sq); |
1071 | 1066 | ||
1072 | 1067 | ||
1073 | if (0 == gcry_mpi_cmp (t2, tmp1)) | 1068 | if (0 == gcry_mpi_cmp(t2, tmp1)) |
1074 | { | 1069 | { |
1075 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n"); | 1070 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n"); |
1076 | res = GNUNET_NO; | 1071 | res = GNUNET_NO; |
1077 | goto cleanup; | 1072 | goto cleanup; |
1078 | } | 1073 | } |
1079 | 1074 | ||
1080 | res = GNUNET_YES; | 1075 | res = GNUNET_YES; |
1081 | 1076 | ||
1082 | cleanup: | 1077 | cleanup: |
1083 | 1078 | ||
1084 | gcry_mpi_release (n); | 1079 | gcry_mpi_release(n); |
1085 | gcry_mpi_release (n_sq); | 1080 | gcry_mpi_release(n_sq); |
1086 | gcry_mpi_release (z); | 1081 | gcry_mpi_release(z); |
1087 | gcry_mpi_release (t1); | 1082 | gcry_mpi_release(t1); |
1088 | gcry_mpi_release (t2); | 1083 | gcry_mpi_release(t2); |
1089 | gcry_mpi_release (e); | 1084 | gcry_mpi_release(e); |
1090 | gcry_mpi_release (w); | 1085 | gcry_mpi_release(w); |
1091 | gcry_mpi_release (tmp1); | 1086 | gcry_mpi_release(tmp1); |
1092 | gcry_mpi_release (tmp2); | 1087 | gcry_mpi_release(tmp2); |
1093 | gcry_mpi_release (y); | 1088 | gcry_mpi_release(y); |
1094 | gcry_mpi_release (big_y); | 1089 | gcry_mpi_release(big_y); |
1095 | return res; | 1090 | return res; |
1096 | } | 1091 | } |
1097 | 1092 | ||
@@ -1103,9 +1098,9 @@ cleanup: | |||
1103 | * @param[out] fe the fair encryption | 1098 | * @param[out] fe the fair encryption |
1104 | */ | 1099 | */ |
1105 | static void | 1100 | static void |
1106 | encrypt_fair (gcry_mpi_t v, | 1101 | encrypt_fair(gcry_mpi_t v, |
1107 | const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | 1102 | const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, |
1108 | struct GNUNET_SECRETSHARING_FairEncryption *fe) | 1103 | struct GNUNET_SECRETSHARING_FairEncryption *fe) |
1109 | { | 1104 | { |
1110 | gcry_mpi_t r; | 1105 | gcry_mpi_t r; |
1111 | gcry_mpi_t s; | 1106 | gcry_mpi_t s; |
@@ -1121,97 +1116,99 @@ encrypt_fair (gcry_mpi_t v, | |||
1121 | gcry_mpi_t G; | 1116 | gcry_mpi_t G; |
1122 | gcry_mpi_t h; | 1117 | gcry_mpi_t h; |
1123 | 1118 | ||
1124 | GNUNET_assert (NULL != (r = gcry_mpi_new (0))); | 1119 | GNUNET_assert(NULL != (r = gcry_mpi_new(0))); |
1125 | GNUNET_assert (NULL != (s = gcry_mpi_new (0))); | 1120 | GNUNET_assert(NULL != (s = gcry_mpi_new(0))); |
1126 | GNUNET_assert (NULL != (t1 = gcry_mpi_new (0))); | 1121 | GNUNET_assert(NULL != (t1 = gcry_mpi_new(0))); |
1127 | GNUNET_assert (NULL != (t2 = gcry_mpi_new (0))); | 1122 | GNUNET_assert(NULL != (t2 = gcry_mpi_new(0))); |
1128 | GNUNET_assert (NULL != (z = gcry_mpi_new (0))); | 1123 | GNUNET_assert(NULL != (z = gcry_mpi_new(0))); |
1129 | GNUNET_assert (NULL != (w = gcry_mpi_new (0))); | 1124 | GNUNET_assert(NULL != (w = gcry_mpi_new(0))); |
1130 | GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0))); | 1125 | GNUNET_assert(NULL != (n_sq = gcry_mpi_new(0))); |
1131 | GNUNET_assert (NULL != (u = gcry_mpi_new (0))); | 1126 | GNUNET_assert(NULL != (u = gcry_mpi_new(0))); |
1132 | GNUNET_assert (NULL != (Y = gcry_mpi_new (0))); | 1127 | GNUNET_assert(NULL != (Y = gcry_mpi_new(0))); |
1133 | GNUNET_assert (NULL != (G = gcry_mpi_new (0))); | 1128 | GNUNET_assert(NULL != (G = gcry_mpi_new(0))); |
1134 | GNUNET_assert (NULL != (h = gcry_mpi_new (0))); | 1129 | GNUNET_assert(NULL != (h = gcry_mpi_new(0))); |
1135 | 1130 | ||
1136 | GNUNET_CRYPTO_mpi_scan_unsigned (&n, | 1131 | GNUNET_CRYPTO_mpi_scan_unsigned(&n, |
1137 | ppub, | 1132 | ppub, |
1138 | sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); | 1133 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); |
1139 | gcry_mpi_mul (n_sq, n, n); | 1134 | gcry_mpi_mul(n_sq, n, n); |
1140 | gcry_mpi_add_ui (G, n, 1); | 1135 | gcry_mpi_add_ui(G, n, 1); |
1141 | |||
1142 | do { | ||
1143 | gcry_mpi_randomize (u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); | ||
1144 | } | ||
1145 | while (gcry_mpi_cmp (u, n) >= 0); | ||
1146 | 1136 | ||
1147 | gcry_mpi_powm (t1, G, v, n_sq); | 1137 | do |
1148 | gcry_mpi_powm (t2, u, n, n_sq); | 1138 | { |
1149 | gcry_mpi_mulm (Y, t1, t2, n_sq); | 1139 | gcry_mpi_randomize(u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); |
1140 | } | ||
1141 | while (gcry_mpi_cmp(u, n) >= 0); | ||
1150 | 1142 | ||
1151 | GNUNET_CRYPTO_mpi_print_unsigned (fe->c.bits, | 1143 | gcry_mpi_powm(t1, G, v, n_sq); |
1152 | sizeof fe->c.bits, | 1144 | gcry_mpi_powm(t2, u, n, n_sq); |
1153 | Y); | 1145 | gcry_mpi_mulm(Y, t1, t2, n_sq); |
1154 | 1146 | ||
1147 | GNUNET_CRYPTO_mpi_print_unsigned(fe->c.bits, | ||
1148 | sizeof fe->c.bits, | ||
1149 | Y); | ||
1155 | 1150 | ||
1156 | gcry_mpi_randomize (r, 2048, GCRY_WEAK_RANDOM); | 1151 | |
1157 | do { | 1152 | gcry_mpi_randomize(r, 2048, GCRY_WEAK_RANDOM); |
1158 | gcry_mpi_randomize (s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); | 1153 | do |
1159 | } | 1154 | { |
1160 | while (gcry_mpi_cmp (s, n) >= 0); | 1155 | gcry_mpi_randomize(s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); |
1156 | } | ||
1157 | while (gcry_mpi_cmp(s, n) >= 0); | ||
1161 | 1158 | ||
1162 | // compute t1 | 1159 | // compute t1 |
1163 | gcry_mpi_mulm (t1, elgamal_g, r, elgamal_p); | 1160 | gcry_mpi_mulm(t1, elgamal_g, r, elgamal_p); |
1164 | // compute t2 (use z and w as temp) | 1161 | // compute t2 (use z and w as temp) |
1165 | gcry_mpi_powm (z, G, r, n_sq); | 1162 | gcry_mpi_powm(z, G, r, n_sq); |
1166 | gcry_mpi_powm (w, s, n, n_sq); | 1163 | gcry_mpi_powm(w, s, n, n_sq); |
1167 | gcry_mpi_mulm (t2, z, w, n_sq); | 1164 | gcry_mpi_mulm(t2, z, w, n_sq); |
1168 | 1165 | ||
1169 | 1166 | ||
1170 | gcry_mpi_powm (h, elgamal_g, v, elgamal_p); | 1167 | gcry_mpi_powm(h, elgamal_g, v, elgamal_p); |
1171 | 1168 | ||
1172 | GNUNET_CRYPTO_mpi_print_unsigned (fe->h, | 1169 | GNUNET_CRYPTO_mpi_print_unsigned(fe->h, |
1173 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 1170 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
1174 | h); | 1171 | h); |
1175 | 1172 | ||
1176 | GNUNET_CRYPTO_mpi_print_unsigned (fe->t1, | 1173 | GNUNET_CRYPTO_mpi_print_unsigned(fe->t1, |
1177 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 1174 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
1178 | t1); | 1175 | t1); |
1179 | 1176 | ||
1180 | GNUNET_CRYPTO_mpi_print_unsigned (fe->t2, | 1177 | GNUNET_CRYPTO_mpi_print_unsigned(fe->t2, |
1181 | GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8, | 1178 | GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8, |
1182 | t2); | 1179 | t2); |
1183 | 1180 | ||
1184 | get_fair_encryption_challenge (fe, | 1181 | get_fair_encryption_challenge(fe, |
1185 | &e /* This allocates "e" */); | 1182 | &e /* This allocates "e" */); |
1186 | 1183 | ||
1187 | // compute z | 1184 | // compute z |
1188 | gcry_mpi_mul (z, e, v); | 1185 | gcry_mpi_mul(z, e, v); |
1189 | gcry_mpi_addm (z, z, r, elgamal_q); | 1186 | gcry_mpi_addm(z, z, r, elgamal_q); |
1190 | // compute w | 1187 | // compute w |
1191 | gcry_mpi_powm (w, u, e, n); | 1188 | gcry_mpi_powm(w, u, e, n); |
1192 | gcry_mpi_mulm (w, w, s, n); | 1189 | gcry_mpi_mulm(w, w, s, n); |
1193 | 1190 | ||
1194 | GNUNET_CRYPTO_mpi_print_unsigned (fe->z, | 1191 | GNUNET_CRYPTO_mpi_print_unsigned(fe->z, |
1195 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 1192 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
1196 | z); | 1193 | z); |
1197 | 1194 | ||
1198 | GNUNET_CRYPTO_mpi_print_unsigned (fe->w, | 1195 | GNUNET_CRYPTO_mpi_print_unsigned(fe->w, |
1199 | GNUNET_CRYPTO_PAILLIER_BITS / 8, | 1196 | GNUNET_CRYPTO_PAILLIER_BITS / 8, |
1200 | w); | 1197 | w); |
1201 | 1198 | ||
1202 | gcry_mpi_release (n); | 1199 | gcry_mpi_release(n); |
1203 | gcry_mpi_release (r); | 1200 | gcry_mpi_release(r); |
1204 | gcry_mpi_release (s); | 1201 | gcry_mpi_release(s); |
1205 | gcry_mpi_release (t1); | 1202 | gcry_mpi_release(t1); |
1206 | gcry_mpi_release (t2); | 1203 | gcry_mpi_release(t2); |
1207 | gcry_mpi_release (z); | 1204 | gcry_mpi_release(z); |
1208 | gcry_mpi_release (w); | 1205 | gcry_mpi_release(w); |
1209 | gcry_mpi_release (e); | 1206 | gcry_mpi_release(e); |
1210 | gcry_mpi_release (n_sq); | 1207 | gcry_mpi_release(n_sq); |
1211 | gcry_mpi_release (u); | 1208 | gcry_mpi_release(u); |
1212 | gcry_mpi_release (Y); | 1209 | gcry_mpi_release(Y); |
1213 | gcry_mpi_release (G); | 1210 | gcry_mpi_release(G); |
1214 | gcry_mpi_release (h); | 1211 | gcry_mpi_release(h); |
1215 | } | 1212 | } |
1216 | 1213 | ||
1217 | 1214 | ||
@@ -1226,7 +1223,7 @@ encrypt_fair (gcry_mpi_t v, | |||
1226 | * @param ks session to use | 1223 | * @param ks session to use |
1227 | */ | 1224 | */ |
1228 | static void | 1225 | static void |
1229 | insert_round2_element (struct KeygenSession *ks) | 1226 | insert_round2_element(struct KeygenSession *ks) |
1230 | { | 1227 | { |
1231 | struct GNUNET_SET_Element *element; | 1228 | struct GNUNET_SET_Element *element; |
1232 | struct GNUNET_SECRETSHARING_KeygenRevealData *d; | 1229 | struct GNUNET_SECRETSHARING_KeygenRevealData *d; |
@@ -1237,140 +1234,140 @@ insert_round2_element (struct KeygenSession *ks) | |||
1237 | gcry_mpi_t idx; | 1234 | gcry_mpi_t idx; |
1238 | gcry_mpi_t v; | 1235 | gcry_mpi_t v; |
1239 | 1236 | ||
1240 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n", | 1237 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n", |
1241 | ks->local_peer_idx); | 1238 | ks->local_peer_idx); |
1242 | 1239 | ||
1243 | GNUNET_assert (NULL != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS))); | 1240 | GNUNET_assert(NULL != (v = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); |
1244 | GNUNET_assert (NULL != (idx = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS))); | 1241 | GNUNET_assert(NULL != (idx = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); |
1245 | 1242 | ||
1246 | element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + | 1243 | element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) + |
1247 | sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + | 1244 | sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + |
1248 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); | 1245 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); |
1249 | 1246 | ||
1250 | element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size); | 1247 | element = GNUNET_malloc(sizeof(struct GNUNET_SET_Element) + element_size); |
1251 | element->size = element_size; | 1248 | element->size = element_size; |
1252 | element->data = (void *) &element[1]; | 1249 | element->data = (void *)&element[1]; |
1253 | 1250 | ||
1254 | d = (void *) element->data; | 1251 | d = (void *)element->data; |
1255 | d->peer = my_peer; | 1252 | d->peer = my_peer; |
1256 | 1253 | ||
1257 | // start inserting vector elements | 1254 | // start inserting vector elements |
1258 | // after the fixed part of the element's data | 1255 | // after the fixed part of the element's data |
1259 | pos = (void *) &d[1]; | 1256 | pos = (void *)&d[1]; |
1260 | last_pos = pos + element_size; | 1257 | last_pos = pos + element_size; |
1261 | 1258 | ||
1262 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n", | 1259 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n", |
1263 | ks->local_peer_idx); | 1260 | ks->local_peer_idx); |
1264 | 1261 | ||
1265 | // encrypted pre-shares | 1262 | // encrypted pre-shares |
1266 | // and fair encryption proof | 1263 | // and fair encryption proof |
1267 | { | 1264 | { |
1268 | for (i = 0; i < ks->num_peers; i++) | 1265 | for (i = 0; i < ks->num_peers; i++) |
1269 | { | ||
1270 | ptrdiff_t remaining = last_pos - pos; | ||
1271 | struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *) pos; | ||
1272 | |||
1273 | GNUNET_assert (remaining > 0); | ||
1274 | memset (fe, 0, sizeof *fe); | ||
1275 | if (GNUNET_YES == ks->info[i].round1_valid) | ||
1276 | { | 1266 | { |
1277 | gcry_mpi_set_ui (idx, i + 1); | 1267 | ptrdiff_t remaining = last_pos - pos; |
1278 | // evaluate the polynomial | 1268 | struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *)pos; |
1279 | horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, elgamal_q); | 1269 | |
1280 | // encrypt the result | 1270 | GNUNET_assert(remaining > 0); |
1281 | encrypt_fair (v, &ks->info[i].paillier_public_key, fe); | 1271 | memset(fe, 0, sizeof *fe); |
1272 | if (GNUNET_YES == ks->info[i].round1_valid) | ||
1273 | { | ||
1274 | gcry_mpi_set_ui(idx, i + 1); | ||
1275 | // evaluate the polynomial | ||
1276 | horner_eval(v, ks->presecret_polynomial, ks->threshold, idx, elgamal_q); | ||
1277 | // encrypt the result | ||
1278 | encrypt_fair(v, &ks->info[i].paillier_public_key, fe); | ||
1279 | } | ||
1280 | pos += sizeof *fe; | ||
1282 | } | 1281 | } |
1283 | pos += sizeof *fe; | ||
1284 | } | ||
1285 | } | 1282 | } |
1286 | 1283 | ||
1287 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n", | 1284 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n", |
1288 | ks->local_peer_idx); | 1285 | ks->local_peer_idx); |
1289 | 1286 | ||
1290 | // exponentiated coefficients | 1287 | // exponentiated coefficients |
1291 | for (i = 0; i < ks->threshold; i++) | 1288 | for (i = 0; i < ks->threshold; i++) |
1292 | { | 1289 | { |
1293 | ptrdiff_t remaining = last_pos - pos; | 1290 | ptrdiff_t remaining = last_pos - pos; |
1294 | GNUNET_assert (remaining > 0); | 1291 | GNUNET_assert(remaining > 0); |
1295 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); | 1292 | gcry_mpi_powm(v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); |
1296 | GNUNET_CRYPTO_mpi_print_unsigned (pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); | 1293 | GNUNET_CRYPTO_mpi_print_unsigned(pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); |
1297 | pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8; | 1294 | pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8; |
1298 | } | 1295 | } |
1299 | 1296 | ||
1300 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n", | 1297 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n", |
1301 | ks->local_peer_idx); | 1298 | ks->local_peer_idx); |
1302 | 1299 | ||
1303 | 1300 | ||
1304 | d->purpose.size = htonl (element_size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); | 1301 | d->purpose.size = htonl(element_size - offsetof(struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); |
1305 | d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2); | 1302 | d->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2); |
1306 | GNUNET_assert (GNUNET_OK == | 1303 | GNUNET_assert(GNUNET_OK == |
1307 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, | 1304 | GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, |
1308 | &d->purpose, | 1305 | &d->purpose, |
1309 | &d->signature)); | 1306 | &d->signature)); |
1310 | 1307 | ||
1311 | GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); | 1308 | GNUNET_CONSENSUS_insert(ks->consensus, element, NULL, NULL); |
1312 | GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */ | 1309 | GNUNET_free(element); /* FIXME: maybe stack-allocate instead? */ |
1313 | 1310 | ||
1314 | gcry_mpi_release (v); | 1311 | gcry_mpi_release(v); |
1315 | gcry_mpi_release (idx); | 1312 | gcry_mpi_release(idx); |
1316 | } | 1313 | } |
1317 | 1314 | ||
1318 | 1315 | ||
1319 | static gcry_mpi_t | 1316 | static gcry_mpi_t |
1320 | keygen_reveal_get_exp_coeff (struct KeygenSession *ks, | 1317 | keygen_reveal_get_exp_coeff(struct KeygenSession *ks, |
1321 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, | 1318 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, |
1322 | unsigned int idx) | 1319 | unsigned int idx) |
1323 | { | 1320 | { |
1324 | unsigned char *pos; | 1321 | unsigned char *pos; |
1325 | gcry_mpi_t exp_coeff; | 1322 | gcry_mpi_t exp_coeff; |
1326 | 1323 | ||
1327 | GNUNET_assert (idx < ks->threshold); | 1324 | GNUNET_assert(idx < ks->threshold); |
1328 | 1325 | ||
1329 | pos = (void *) &d[1]; | 1326 | pos = (void *)&d[1]; |
1330 | // skip encrypted pre-shares | 1327 | // skip encrypted pre-shares |
1331 | pos += sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers; | 1328 | pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers; |
1332 | // skip exp. coeffs we are not interested in | 1329 | // skip exp. coeffs we are not interested in |
1333 | pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx; | 1330 | pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx; |
1334 | // the first exponentiated coefficient is the public key share | 1331 | // the first exponentiated coefficient is the public key share |
1335 | GNUNET_CRYPTO_mpi_scan_unsigned (&exp_coeff, pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1332 | GNUNET_CRYPTO_mpi_scan_unsigned(&exp_coeff, pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
1336 | return exp_coeff; | 1333 | return exp_coeff; |
1337 | } | 1334 | } |
1338 | 1335 | ||
1339 | 1336 | ||
1340 | static struct GNUNET_SECRETSHARING_FairEncryption * | 1337 | static struct GNUNET_SECRETSHARING_FairEncryption * |
1341 | keygen_reveal_get_enc_preshare (struct KeygenSession *ks, | 1338 | keygen_reveal_get_enc_preshare(struct KeygenSession *ks, |
1342 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, | 1339 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, |
1343 | unsigned int idx) | 1340 | unsigned int idx) |
1344 | { | 1341 | { |
1345 | unsigned char *pos; | 1342 | unsigned char *pos; |
1346 | 1343 | ||
1347 | GNUNET_assert (idx < ks->num_peers); | 1344 | GNUNET_assert(idx < ks->num_peers); |
1348 | 1345 | ||
1349 | pos = (void *) &d[1]; | 1346 | pos = (void *)&d[1]; |
1350 | // skip encrypted pre-shares we're not interested in | 1347 | // skip encrypted pre-shares we're not interested in |
1351 | pos += sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * idx; | 1348 | pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * idx; |
1352 | return (struct GNUNET_SECRETSHARING_FairEncryption *) pos; | 1349 | return (struct GNUNET_SECRETSHARING_FairEncryption *)pos; |
1353 | } | 1350 | } |
1354 | 1351 | ||
1355 | 1352 | ||
1356 | static gcry_mpi_t | 1353 | static gcry_mpi_t |
1357 | keygen_reveal_get_exp_preshare (struct KeygenSession *ks, | 1354 | keygen_reveal_get_exp_preshare(struct KeygenSession *ks, |
1358 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, | 1355 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, |
1359 | unsigned int idx) | 1356 | unsigned int idx) |
1360 | { | 1357 | { |
1361 | gcry_mpi_t exp_preshare; | 1358 | gcry_mpi_t exp_preshare; |
1362 | struct GNUNET_SECRETSHARING_FairEncryption *fe; | 1359 | struct GNUNET_SECRETSHARING_FairEncryption *fe; |
1363 | 1360 | ||
1364 | GNUNET_assert (idx < ks->num_peers); | 1361 | GNUNET_assert(idx < ks->num_peers); |
1365 | fe = keygen_reveal_get_enc_preshare (ks, d, idx); | 1362 | fe = keygen_reveal_get_enc_preshare(ks, d, idx); |
1366 | GNUNET_CRYPTO_mpi_scan_unsigned (&exp_preshare, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1363 | GNUNET_CRYPTO_mpi_scan_unsigned(&exp_preshare, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
1367 | return exp_preshare; | 1364 | return exp_preshare; |
1368 | } | 1365 | } |
1369 | 1366 | ||
1370 | 1367 | ||
1371 | static void | 1368 | static void |
1372 | keygen_round2_new_element (void *cls, | 1369 | keygen_round2_new_element(void *cls, |
1373 | const struct GNUNET_SET_Element *element) | 1370 | const struct GNUNET_SET_Element *element) |
1374 | { | 1371 | { |
1375 | struct KeygenSession *ks = cls; | 1372 | struct KeygenSession *ks = cls; |
1376 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d; | 1373 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d; |
@@ -1383,181 +1380,180 @@ keygen_round2_new_element (void *cls, | |||
1383 | gcry_mpi_t preshare; | 1380 | gcry_mpi_t preshare; |
1384 | 1381 | ||
1385 | if (NULL == element) | 1382 | if (NULL == element) |
1386 | { | 1383 | { |
1387 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n"); | 1384 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n"); |
1388 | return; | 1385 | return; |
1389 | } | 1386 | } |
1390 | 1387 | ||
1391 | expected_element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + | 1388 | expected_element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) + |
1392 | sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + | 1389 | sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + |
1393 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); | 1390 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); |
1394 | 1391 | ||
1395 | if (element->size != expected_element_size) | 1392 | if (element->size != expected_element_size) |
1396 | { | 1393 | { |
1397 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1394 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, |
1398 | "keygen round2 data with wrong size (%u) in consensus, %u expected\n", | 1395 | "keygen round2 data with wrong size (%u) in consensus, %u expected\n", |
1399 | (unsigned int) element->size, | 1396 | (unsigned int)element->size, |
1400 | (unsigned int) expected_element_size); | 1397 | (unsigned int)expected_element_size); |
1401 | return; | 1398 | return; |
1402 | } | 1399 | } |
1403 | 1400 | ||
1404 | d = (const void *) element->data; | 1401 | d = (const void *)element->data; |
1405 | 1402 | ||
1406 | info = get_keygen_peer_info (ks, &d->peer); | 1403 | info = get_keygen_peer_info(ks, &d->peer); |
1407 | 1404 | ||
1408 | if (NULL == info) | 1405 | if (NULL == info) |
1409 | { | 1406 | { |
1410 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", | 1407 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", |
1411 | GNUNET_i2s (&d->peer)); | 1408 | GNUNET_i2s(&d->peer)); |
1412 | return; | 1409 | return; |
1413 | } | 1410 | } |
1414 | 1411 | ||
1415 | if (GNUNET_NO == info->round1_valid) | 1412 | if (GNUNET_NO == info->round1_valid) |
1416 | { | 1413 | { |
1417 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1414 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, |
1418 | "ignoring round2 element from peer with invalid round1 element (%s)\n", | 1415 | "ignoring round2 element from peer with invalid round1 element (%s)\n", |
1419 | GNUNET_i2s (&d->peer)); | 1416 | GNUNET_i2s(&d->peer)); |
1420 | return; | 1417 | return; |
1421 | } | 1418 | } |
1422 | 1419 | ||
1423 | if (GNUNET_YES == info->round2_valid) | 1420 | if (GNUNET_YES == info->round2_valid) |
1424 | { | 1421 | { |
1425 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1422 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, |
1426 | "ignoring duplicate round2 element (%s)\n", | 1423 | "ignoring duplicate round2 element (%s)\n", |
1427 | GNUNET_i2s (&d->peer)); | 1424 | GNUNET_i2s(&d->peer)); |
1428 | return; | 1425 | return; |
1429 | } | 1426 | } |
1430 | 1427 | ||
1431 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round2 element\n"); | 1428 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "got round2 element\n"); |
1432 | 1429 | ||
1433 | if (ntohl (d->purpose.size) != | 1430 | if (ntohl(d->purpose.size) != |
1434 | element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)) | 1431 | element->size - offsetof(struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)) |
1435 | { | 1432 | { |
1436 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with wrong signature purpose size in consensus\n"); | 1433 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with wrong signature purpose size in consensus\n"); |
1437 | return; | 1434 | return; |
1438 | } | 1435 | } |
1439 | 1436 | ||
1440 | if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, | 1437 | if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, |
1441 | &d->purpose, &d->signature, &d->peer.public_key)) | 1438 | &d->purpose, &d->signature, &d->peer.public_key)) |
1442 | { | 1439 | { |
1443 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with invalid signature in consensus\n"); | 1440 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with invalid signature in consensus\n"); |
1444 | return; | 1441 | return; |
1445 | } | 1442 | } |
1446 | 1443 | ||
1447 | public_key_share = keygen_reveal_get_exp_coeff (ks, d, 0); | 1444 | public_key_share = keygen_reveal_get_exp_coeff(ks, d, 0); |
1448 | info->preshare_commitment = keygen_reveal_get_exp_preshare (ks, d, ks->local_peer_idx); | 1445 | info->preshare_commitment = keygen_reveal_get_exp_preshare(ks, d, ks->local_peer_idx); |
1449 | 1446 | ||
1450 | if (NULL == ks->public_key) | 1447 | if (NULL == ks->public_key) |
1451 | { | 1448 | { |
1452 | GNUNET_assert (NULL != (ks->public_key = gcry_mpi_new (0))); | 1449 | GNUNET_assert(NULL != (ks->public_key = gcry_mpi_new(0))); |
1453 | gcry_mpi_set_ui (ks->public_key, 1); | 1450 | gcry_mpi_set_ui(ks->public_key, 1); |
1454 | } | 1451 | } |
1455 | gcry_mpi_mulm (ks->public_key, ks->public_key, public_key_share, elgamal_p); | 1452 | gcry_mpi_mulm(ks->public_key, ks->public_key, public_key_share, elgamal_p); |
1456 | 1453 | ||
1457 | gcry_mpi_release (public_key_share); | 1454 | gcry_mpi_release(public_key_share); |
1458 | public_key_share = NULL; | 1455 | public_key_share = NULL; |
1459 | 1456 | ||
1460 | { | 1457 | { |
1461 | struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare (ks, d, ks->local_peer_idx); | 1458 | struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare(ks, d, ks->local_peer_idx); |
1462 | GNUNET_assert (NULL != (preshare = gcry_mpi_new (0))); | 1459 | GNUNET_assert(NULL != (preshare = gcry_mpi_new(0))); |
1463 | GNUNET_CRYPTO_paillier_decrypt (&ks->paillier_private_key, | 1460 | GNUNET_CRYPTO_paillier_decrypt(&ks->paillier_private_key, |
1464 | &ks->info[ks->local_peer_idx].paillier_public_key, | 1461 | &ks->info[ks->local_peer_idx].paillier_public_key, |
1465 | &fe->c, | 1462 | &fe->c, |
1466 | preshare); | 1463 | preshare); |
1467 | 1464 | ||
1468 | // FIXME: not doing the restoration is less expensive | 1465 | // FIXME: not doing the restoration is less expensive |
1469 | restore_fair (&ks->info[ks->local_peer_idx].paillier_public_key, | 1466 | restore_fair(&ks->info[ks->local_peer_idx].paillier_public_key, |
1470 | fe, | 1467 | fe, |
1471 | preshare, | 1468 | preshare, |
1472 | preshare); | 1469 | preshare); |
1473 | } | 1470 | } |
1474 | 1471 | ||
1475 | GNUNET_assert (NULL != (tmp = gcry_mpi_new (0))); | 1472 | GNUNET_assert(NULL != (tmp = gcry_mpi_new(0))); |
1476 | gcry_mpi_powm (tmp, elgamal_g, preshare, elgamal_p); | 1473 | gcry_mpi_powm(tmp, elgamal_g, preshare, elgamal_p); |
1477 | 1474 | ||
1478 | cmp_result = gcry_mpi_cmp (tmp, info->preshare_commitment); | 1475 | cmp_result = gcry_mpi_cmp(tmp, info->preshare_commitment); |
1479 | gcry_mpi_release (tmp); | 1476 | gcry_mpi_release(tmp); |
1480 | tmp = NULL; | 1477 | tmp = NULL; |
1481 | if (0 != cmp_result) | 1478 | if (0 != cmp_result) |
1482 | { | 1479 | { |
1483 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: Got invalid presecret from P%u\n", | 1480 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: Got invalid presecret from P%u\n", |
1484 | (unsigned int) ks->local_peer_idx, (unsigned int) (info - ks->info)); | 1481 | (unsigned int)ks->local_peer_idx, (unsigned int)(info - ks->info)); |
1485 | return; | 1482 | return; |
1486 | } | 1483 | } |
1487 | 1484 | ||
1488 | if (NULL == ks->my_share) | 1485 | if (NULL == ks->my_share) |
1489 | { | 1486 | { |
1490 | GNUNET_assert (NULL != (ks->my_share = gcry_mpi_new (0))); | 1487 | GNUNET_assert(NULL != (ks->my_share = gcry_mpi_new(0))); |
1491 | } | 1488 | } |
1492 | gcry_mpi_addm (ks->my_share, ks->my_share, preshare, elgamal_q); | 1489 | gcry_mpi_addm(ks->my_share, ks->my_share, preshare, elgamal_q); |
1493 | 1490 | ||
1494 | for (j = 0; j < ks->num_peers; j++) | 1491 | for (j = 0; j < ks->num_peers; j++) |
1495 | { | ||
1496 | gcry_mpi_t presigma; | ||
1497 | if (NULL == ks->info[j].sigma) | ||
1498 | { | 1492 | { |
1499 | GNUNET_assert (NULL != (ks->info[j].sigma = gcry_mpi_new (0))); | 1493 | gcry_mpi_t presigma; |
1500 | gcry_mpi_set_ui (ks->info[j].sigma, 1); | 1494 | if (NULL == ks->info[j].sigma) |
1495 | { | ||
1496 | GNUNET_assert(NULL != (ks->info[j].sigma = gcry_mpi_new(0))); | ||
1497 | gcry_mpi_set_ui(ks->info[j].sigma, 1); | ||
1498 | } | ||
1499 | presigma = keygen_reveal_get_exp_preshare(ks, d, j); | ||
1500 | gcry_mpi_mulm(ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p); | ||
1501 | gcry_mpi_release(presigma); | ||
1501 | } | 1502 | } |
1502 | presigma = keygen_reveal_get_exp_preshare (ks, d, j); | ||
1503 | gcry_mpi_mulm (ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p); | ||
1504 | gcry_mpi_release (presigma); | ||
1505 | } | ||
1506 | 1503 | ||
1507 | gcry_mpi_t prod; | 1504 | gcry_mpi_t prod; |
1508 | GNUNET_assert (NULL != (prod = gcry_mpi_new (0))); | 1505 | GNUNET_assert(NULL != (prod = gcry_mpi_new(0))); |
1509 | gcry_mpi_t j_to_k; | 1506 | gcry_mpi_t j_to_k; |
1510 | GNUNET_assert (NULL != (j_to_k = gcry_mpi_new (0))); | 1507 | GNUNET_assert(NULL != (j_to_k = gcry_mpi_new(0))); |
1511 | // validate that the polynomial sharing matches the additive sharing | 1508 | // validate that the polynomial sharing matches the additive sharing |
1512 | for (j = 0; j < ks->num_peers; j++) | 1509 | for (j = 0; j < ks->num_peers; j++) |
1513 | { | ||
1514 | unsigned int k; | ||
1515 | int cmp_result; | ||
1516 | gcry_mpi_t exp_preshare; | ||
1517 | gcry_mpi_set_ui (prod, 1); | ||
1518 | for (k = 0; k < ks->threshold; k++) | ||
1519 | { | 1510 | { |
1520 | // Using pow(double,double) is a bit sketchy. | 1511 | unsigned int k; |
1521 | // We count players from 1, but shares from 0. | 1512 | int cmp_result; |
1522 | gcry_mpi_t tmp; | 1513 | gcry_mpi_t exp_preshare; |
1523 | gcry_mpi_set_ui (j_to_k, (unsigned int) pow(j+1, k)); | 1514 | gcry_mpi_set_ui(prod, 1); |
1524 | tmp = keygen_reveal_get_exp_coeff (ks, d, k); | 1515 | for (k = 0; k < ks->threshold; k++) |
1525 | gcry_mpi_powm (tmp, tmp, j_to_k, elgamal_p); | 1516 | { |
1526 | gcry_mpi_mulm (prod, prod, tmp, elgamal_p); | 1517 | // Using pow(double,double) is a bit sketchy. |
1527 | gcry_mpi_release (tmp); | 1518 | // We count players from 1, but shares from 0. |
1528 | } | 1519 | gcry_mpi_t tmp; |
1529 | exp_preshare = keygen_reveal_get_exp_preshare (ks, d, j); | 1520 | gcry_mpi_set_ui(j_to_k, (unsigned int)pow(j + 1, k)); |
1530 | gcry_mpi_mod (exp_preshare, exp_preshare, elgamal_p); | 1521 | tmp = keygen_reveal_get_exp_coeff(ks, d, k); |
1531 | cmp_result = gcry_mpi_cmp (prod, exp_preshare); | 1522 | gcry_mpi_powm(tmp, tmp, j_to_k, elgamal_p); |
1532 | gcry_mpi_release (exp_preshare); | 1523 | gcry_mpi_mulm(prod, prod, tmp, elgamal_p); |
1533 | exp_preshare = NULL; | 1524 | gcry_mpi_release(tmp); |
1534 | if (0 != cmp_result) | 1525 | } |
1535 | { | 1526 | exp_preshare = keygen_reveal_get_exp_preshare(ks, d, j); |
1536 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect\n", | 1527 | gcry_mpi_mod(exp_preshare, exp_preshare, elgamal_p); |
1537 | ks->local_peer_idx, j); | 1528 | cmp_result = gcry_mpi_cmp(prod, exp_preshare); |
1538 | /* no need for further verification, round2 stays invalid ... */ | 1529 | gcry_mpi_release(exp_preshare); |
1539 | return; | 1530 | exp_preshare = NULL; |
1531 | if (0 != cmp_result) | ||
1532 | { | ||
1533 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect\n", | ||
1534 | ks->local_peer_idx, j); | ||
1535 | /* no need for further verification, round2 stays invalid ... */ | ||
1536 | return; | ||
1537 | } | ||
1540 | } | 1538 | } |
1541 | } | ||
1542 | 1539 | ||
1543 | // TODO: verify proof of fair encryption (once implemented) | 1540 | // TODO: verify proof of fair encryption (once implemented) |
1544 | for (j = 0; j < ks->num_peers; j++) | 1541 | for (j = 0; j < ks->num_peers; j++) |
1545 | { | ||
1546 | struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare (ks, d, j); | ||
1547 | if (GNUNET_YES != verify_fair (&ks->info[j].paillier_public_key, fe)) | ||
1548 | { | 1542 | { |
1549 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect (fair encryption)\n", | 1543 | struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare(ks, d, j); |
1550 | ks->local_peer_idx, j); | 1544 | if (GNUNET_YES != verify_fair(&ks->info[j].paillier_public_key, fe)) |
1551 | return; | 1545 | { |
1546 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect (fair encryption)\n", | ||
1547 | ks->local_peer_idx, j); | ||
1548 | return; | ||
1549 | } | ||
1552 | } | 1550 | } |
1553 | 1551 | ||
1554 | } | ||
1555 | |||
1556 | info->round2_valid = GNUNET_YES; | 1552 | info->round2_valid = GNUNET_YES; |
1557 | 1553 | ||
1558 | gcry_mpi_release (preshare); | 1554 | gcry_mpi_release(preshare); |
1559 | gcry_mpi_release (prod); | 1555 | gcry_mpi_release(prod); |
1560 | gcry_mpi_release (j_to_k); | 1556 | gcry_mpi_release(j_to_k); |
1561 | } | 1557 | } |
1562 | 1558 | ||
1563 | 1559 | ||
@@ -1568,22 +1564,22 @@ keygen_round2_new_element (void *cls, | |||
1568 | * @param cls closure | 1564 | * @param cls closure |
1569 | */ | 1565 | */ |
1570 | static void | 1566 | static void |
1571 | keygen_round1_conclude (void *cls) | 1567 | keygen_round1_conclude(void *cls) |
1572 | { | 1568 | { |
1573 | struct KeygenSession *ks = cls; | 1569 | struct KeygenSession *ks = cls; |
1574 | 1570 | ||
1575 | GNUNET_CONSENSUS_destroy (ks->consensus); | 1571 | GNUNET_CONSENSUS_destroy(ks->consensus); |
1576 | 1572 | ||
1577 | ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &ks->session_id, | 1573 | ks->consensus = GNUNET_CONSENSUS_create(cfg, ks->num_peers, ks->peers, &ks->session_id, |
1578 | time_between (ks->start_time, ks->deadline, 1, 2), | 1574 | time_between(ks->start_time, ks->deadline, 1, 2), |
1579 | ks->deadline, | 1575 | ks->deadline, |
1580 | keygen_round2_new_element, ks); | 1576 | keygen_round2_new_element, ks); |
1581 | 1577 | ||
1582 | insert_round2_element (ks); | 1578 | insert_round2_element(ks); |
1583 | 1579 | ||
1584 | GNUNET_CONSENSUS_conclude (ks->consensus, | 1580 | GNUNET_CONSENSUS_conclude(ks->consensus, |
1585 | keygen_round2_conclude, | 1581 | keygen_round2_conclude, |
1586 | ks); | 1582 | ks); |
1587 | } | 1583 | } |
1588 | 1584 | ||
1589 | 1585 | ||
@@ -1594,7 +1590,7 @@ keygen_round1_conclude (void *cls) | |||
1594 | * @param ks session to use | 1590 | * @param ks session to use |
1595 | */ | 1591 | */ |
1596 | static void | 1592 | static void |
1597 | insert_round1_element (struct KeygenSession *ks) | 1593 | insert_round1_element(struct KeygenSession *ks) |
1598 | { | 1594 | { |
1599 | struct GNUNET_SET_Element *element; | 1595 | struct GNUNET_SET_Element *element; |
1600 | struct GNUNET_SECRETSHARING_KeygenCommitData *d; | 1596 | struct GNUNET_SECRETSHARING_KeygenCommitData *d; |
@@ -1603,34 +1599,34 @@ insert_round1_element (struct KeygenSession *ks) | |||
1603 | // big-endian representation of 'v' | 1599 | // big-endian representation of 'v' |
1604 | unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; | 1600 | unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; |
1605 | 1601 | ||
1606 | element = GNUNET_malloc (sizeof *element + sizeof *d); | 1602 | element = GNUNET_malloc(sizeof *element + sizeof *d); |
1607 | d = (void *) &element[1]; | 1603 | d = (void *)&element[1]; |
1608 | element->data = d; | 1604 | element->data = d; |
1609 | element->size = sizeof *d; | 1605 | element->size = sizeof *d; |
1610 | 1606 | ||
1611 | d->peer = my_peer; | 1607 | d->peer = my_peer; |
1612 | 1608 | ||
1613 | GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS))); | 1609 | GNUNET_assert(0 != (v = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); |
1614 | 1610 | ||
1615 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); | 1611 | gcry_mpi_powm(v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); |
1616 | 1612 | ||
1617 | GNUNET_CRYPTO_mpi_print_unsigned (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); | 1613 | GNUNET_CRYPTO_mpi_print_unsigned(v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); |
1618 | 1614 | ||
1619 | GNUNET_CRYPTO_hash (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, &d->commitment); | 1615 | GNUNET_CRYPTO_hash(v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, &d->commitment); |
1620 | 1616 | ||
1621 | d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key; | 1617 | d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key; |
1622 | 1618 | ||
1623 | d->purpose.size = htonl ((sizeof *d) - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); | 1619 | d->purpose.size = htonl((sizeof *d) - offsetof(struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); |
1624 | d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); | 1620 | d->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); |
1625 | GNUNET_assert (GNUNET_OK == | 1621 | GNUNET_assert(GNUNET_OK == |
1626 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, | 1622 | GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, |
1627 | &d->purpose, | 1623 | &d->purpose, |
1628 | &d->signature)); | 1624 | &d->signature)); |
1629 | 1625 | ||
1630 | GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); | 1626 | GNUNET_CONSENSUS_insert(ks->consensus, element, NULL, NULL); |
1631 | 1627 | ||
1632 | gcry_mpi_release (v); | 1628 | gcry_mpi_release(v); |
1633 | GNUNET_free (element); | 1629 | GNUNET_free(element); |
1634 | } | 1630 | } |
1635 | 1631 | ||
1636 | 1632 | ||
@@ -1642,17 +1638,17 @@ insert_round1_element (struct KeygenSession *ks) | |||
1642 | * @return #GNUNET_OK if @a msg is well-formed | 1638 | * @return #GNUNET_OK if @a msg is well-formed |
1643 | */ | 1639 | */ |
1644 | static int | 1640 | static int |
1645 | check_client_keygen (void *cls, | 1641 | check_client_keygen(void *cls, |
1646 | const struct GNUNET_SECRETSHARING_CreateMessage *msg) | 1642 | const struct GNUNET_SECRETSHARING_CreateMessage *msg) |
1647 | { | 1643 | { |
1648 | unsigned int num_peers = ntohs (msg->num_peers); | 1644 | unsigned int num_peers = ntohs(msg->num_peers); |
1649 | 1645 | ||
1650 | if (ntohs (msg->header.size) - sizeof (*msg) != | 1646 | if (ntohs(msg->header.size) - sizeof(*msg) != |
1651 | num_peers * sizeof (struct GNUNET_PeerIdentity)) | 1647 | num_peers * sizeof(struct GNUNET_PeerIdentity)) |
1652 | { | 1648 | { |
1653 | GNUNET_break (0); | 1649 | GNUNET_break(0); |
1654 | return GNUNET_SYSERR; | 1650 | return GNUNET_SYSERR; |
1655 | } | 1651 | } |
1656 | return GNUNET_OK; | 1652 | return GNUNET_OK; |
1657 | } | 1653 | } |
1658 | 1654 | ||
@@ -1665,72 +1661,72 @@ check_client_keygen (void *cls, | |||
1665 | * @param msg the actual message | 1661 | * @param msg the actual message |
1666 | */ | 1662 | */ |
1667 | static void | 1663 | static void |
1668 | handle_client_keygen (void *cls, | 1664 | handle_client_keygen(void *cls, |
1669 | const struct GNUNET_SECRETSHARING_CreateMessage *msg) | 1665 | const struct GNUNET_SECRETSHARING_CreateMessage *msg) |
1670 | { | 1666 | { |
1671 | struct ClientState *cs = cls; | 1667 | struct ClientState *cs = cls; |
1672 | struct KeygenSession *ks; | 1668 | struct KeygenSession *ks; |
1673 | 1669 | ||
1674 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1670 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, |
1675 | "client requested key generation\n"); | 1671 | "client requested key generation\n"); |
1676 | if (NULL != cs->keygen_session) | 1672 | if (NULL != cs->keygen_session) |
1677 | { | 1673 | { |
1678 | GNUNET_break (0); | 1674 | GNUNET_break(0); |
1679 | GNUNET_SERVICE_client_drop (cs->client); | 1675 | GNUNET_SERVICE_client_drop(cs->client); |
1680 | return; | 1676 | return; |
1681 | } | 1677 | } |
1682 | ks = GNUNET_new (struct KeygenSession); | 1678 | ks = GNUNET_new(struct KeygenSession); |
1683 | ks->cs = cs; | 1679 | ks->cs = cs; |
1684 | cs->keygen_session = ks; | 1680 | cs->keygen_session = ks; |
1685 | ks->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline); | 1681 | ks->deadline = GNUNET_TIME_absolute_ntoh(msg->deadline); |
1686 | ks->threshold = ntohs (msg->threshold); | 1682 | ks->threshold = ntohs(msg->threshold); |
1687 | ks->num_peers = ntohs (msg->num_peers); | 1683 | ks->num_peers = ntohs(msg->num_peers); |
1688 | 1684 | ||
1689 | ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1], | 1685 | ks->peers = normalize_peers((struct GNUNET_PeerIdentity *)&msg[1], |
1690 | ks->num_peers, | 1686 | ks->num_peers, |
1691 | &ks->num_peers, | 1687 | &ks->num_peers, |
1692 | &ks->local_peer_idx); | 1688 | &ks->local_peer_idx); |
1693 | 1689 | ||
1694 | 1690 | ||
1695 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1691 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, |
1696 | "first round of consensus with %u peers\n", | 1692 | "first round of consensus with %u peers\n", |
1697 | ks->num_peers); | 1693 | ks->num_peers); |
1698 | ks->consensus = GNUNET_CONSENSUS_create (cfg, | 1694 | ks->consensus = GNUNET_CONSENSUS_create(cfg, |
1699 | ks->num_peers, | 1695 | ks->num_peers, |
1700 | ks->peers, | 1696 | ks->peers, |
1701 | &msg->session_id, | 1697 | &msg->session_id, |
1702 | GNUNET_TIME_absolute_ntoh (msg->start), | 1698 | GNUNET_TIME_absolute_ntoh(msg->start), |
1703 | GNUNET_TIME_absolute_ntoh (msg->deadline), | 1699 | GNUNET_TIME_absolute_ntoh(msg->deadline), |
1704 | keygen_round1_new_element, | 1700 | keygen_round1_new_element, |
1705 | ks); | 1701 | ks); |
1706 | 1702 | ||
1707 | ks->info = GNUNET_new_array (ks->num_peers, | 1703 | ks->info = GNUNET_new_array(ks->num_peers, |
1708 | struct KeygenPeerInfo); | 1704 | struct KeygenPeerInfo); |
1709 | 1705 | ||
1710 | for (unsigned int i = 0; i < ks->num_peers; i++) | 1706 | for (unsigned int i = 0; i < ks->num_peers; i++) |
1711 | ks->info[i].peer = ks->peers[i]; | 1707 | ks->info[i].peer = ks->peers[i]; |
1712 | 1708 | ||
1713 | GNUNET_CRYPTO_paillier_create (&ks->info[ks->local_peer_idx].paillier_public_key, | 1709 | GNUNET_CRYPTO_paillier_create(&ks->info[ks->local_peer_idx].paillier_public_key, |
1714 | &ks->paillier_private_key); | 1710 | &ks->paillier_private_key); |
1715 | 1711 | ||
1716 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1712 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
1717 | "P%u: Generated paillier key pair\n", | 1713 | "P%u: Generated paillier key pair\n", |
1718 | ks->local_peer_idx); | 1714 | ks->local_peer_idx); |
1719 | generate_presecret_polynomial (ks); | 1715 | generate_presecret_polynomial(ks); |
1720 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1716 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
1721 | "P%u: Generated presecret polynomial\n", | 1717 | "P%u: Generated presecret polynomial\n", |
1722 | ks->local_peer_idx); | 1718 | ks->local_peer_idx); |
1723 | insert_round1_element (ks); | 1719 | insert_round1_element(ks); |
1724 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1720 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
1725 | "P%u: Concluding for round 1\n", | 1721 | "P%u: Concluding for round 1\n", |
1726 | ks->local_peer_idx); | 1722 | ks->local_peer_idx); |
1727 | GNUNET_CONSENSUS_conclude (ks->consensus, | 1723 | GNUNET_CONSENSUS_conclude(ks->consensus, |
1728 | keygen_round1_conclude, | 1724 | keygen_round1_conclude, |
1729 | ks); | 1725 | ks); |
1730 | GNUNET_SERVICE_client_continue (cs->client); | 1726 | GNUNET_SERVICE_client_continue(cs->client); |
1731 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1727 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
1732 | "P%u: Waiting for round 1 elements ...\n", | 1728 | "P%u: Waiting for round 1 elements ...\n", |
1733 | ks->local_peer_idx); | 1729 | ks->local_peer_idx); |
1734 | } | 1730 | } |
1735 | 1731 | ||
1736 | 1732 | ||
@@ -1738,7 +1734,7 @@ handle_client_keygen (void *cls, | |||
1738 | * Called when the partial decryption consensus concludes. | 1734 | * Called when the partial decryption consensus concludes. |
1739 | */ | 1735 | */ |
1740 | static void | 1736 | static void |
1741 | decrypt_conclude (void *cls) | 1737 | decrypt_conclude(void *cls) |
1742 | { | 1738 | { |
1743 | struct DecryptSession *ds = cls; | 1739 | struct DecryptSession *ds = cls; |
1744 | struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg; | 1740 | struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg; |
@@ -1753,59 +1749,58 @@ decrypt_conclude (void *cls) | |||
1753 | unsigned int i; | 1749 | unsigned int i; |
1754 | unsigned int j; | 1750 | unsigned int j; |
1755 | 1751 | ||
1756 | GNUNET_CONSENSUS_destroy (ds->consensus); | 1752 | GNUNET_CONSENSUS_destroy(ds->consensus); |
1757 | ds->consensus = NULL; | 1753 | ds->consensus = NULL; |
1758 | 1754 | ||
1759 | GNUNET_assert (0 != (lagrange = gcry_mpi_new (0))); | 1755 | GNUNET_assert(0 != (lagrange = gcry_mpi_new(0))); |
1760 | GNUNET_assert (0 != (m = gcry_mpi_new (0))); | 1756 | GNUNET_assert(0 != (m = gcry_mpi_new(0))); |
1761 | GNUNET_assert (0 != (tmp = gcry_mpi_new (0))); | 1757 | GNUNET_assert(0 != (tmp = gcry_mpi_new(0))); |
1762 | GNUNET_assert (0 != (prod = gcry_mpi_new (0))); | 1758 | GNUNET_assert(0 != (prod = gcry_mpi_new(0))); |
1763 | 1759 | ||
1764 | num = 0; | 1760 | num = 0; |
1765 | for (i = 0; i < ds->share->num_peers; i++) | 1761 | for (i = 0; i < ds->share->num_peers; i++) |
1766 | if (NULL != ds->info[i].partial_decryption) | 1762 | if (NULL != ds->info[i].partial_decryption) |
1767 | num++; | 1763 | num++; |
1768 | 1764 | ||
1769 | indices = GNUNET_new_array (num, | 1765 | indices = GNUNET_new_array(num, |
1770 | unsigned int); | 1766 | unsigned int); |
1771 | j = 0; | 1767 | j = 0; |
1772 | for (i = 0; i < ds->share->num_peers; i++) | 1768 | for (i = 0; i < ds->share->num_peers; i++) |
1773 | if (NULL != ds->info[i].partial_decryption) | 1769 | if (NULL != ds->info[i].partial_decryption) |
1774 | indices[j++] = ds->info[i].original_index; | 1770 | indices[j++] = ds->info[i].original_index; |
1775 | 1771 | ||
1776 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1772 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, |
1777 | "P%u: decrypt conclude, with %u peers\n", | 1773 | "P%u: decrypt conclude, with %u peers\n", |
1778 | ds->share->my_peer, | 1774 | ds->share->my_peer, |
1779 | num); | 1775 | num); |
1780 | 1776 | ||
1781 | gcry_mpi_set_ui (prod, 1); | 1777 | gcry_mpi_set_ui(prod, 1); |
1782 | for (i = 0; i < num; i++) | 1778 | for (i = 0; i < num; i++) |
1783 | { | 1779 | { |
1784 | 1780 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | |
1785 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1781 | "P%u: index of %u: %u\n", |
1786 | "P%u: index of %u: %u\n", | 1782 | ds->share->my_peer, i, indices[i]); |
1787 | ds->share->my_peer, i, indices[i]); | 1783 | compute_lagrange_coefficient(lagrange, indices[i], indices, num); |
1788 | compute_lagrange_coefficient (lagrange, indices[i], indices, num); | 1784 | // w_i^{\lambda_i} |
1789 | // w_i^{\lambda_i} | 1785 | gcry_mpi_powm(tmp, ds->info[indices[i]].partial_decryption, lagrange, elgamal_p); |
1790 | gcry_mpi_powm (tmp, ds->info[indices[i]].partial_decryption, lagrange, elgamal_p); | 1786 | |
1791 | 1787 | // product of all exponentiated partiel decryptions ... | |
1792 | // product of all exponentiated partiel decryptions ... | 1788 | gcry_mpi_mulm(prod, prod, tmp, elgamal_p); |
1793 | gcry_mpi_mulm (prod, prod, tmp, elgamal_p); | 1789 | } |
1794 | } | ||
1795 | 1790 | ||
1796 | GNUNET_CRYPTO_mpi_scan_unsigned (&c_2, ds->ciphertext.c2_bits, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1791 | GNUNET_CRYPTO_mpi_scan_unsigned(&c_2, ds->ciphertext.c2_bits, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
1797 | 1792 | ||
1798 | GNUNET_assert (0 != gcry_mpi_invm (prod, prod, elgamal_p)); | 1793 | GNUNET_assert(0 != gcry_mpi_invm(prod, prod, elgamal_p)); |
1799 | gcry_mpi_mulm (m, c_2, prod, elgamal_p); | 1794 | gcry_mpi_mulm(m, c_2, prod, elgamal_p); |
1800 | ev = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); | 1795 | ev = GNUNET_MQ_msg(msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); |
1801 | GNUNET_CRYPTO_mpi_print_unsigned (&msg->plaintext, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m); | 1796 | GNUNET_CRYPTO_mpi_print_unsigned(&msg->plaintext, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m); |
1802 | msg->success = htonl (1); | 1797 | msg->success = htonl(1); |
1803 | GNUNET_MQ_send (ds->cs->mq, | 1798 | GNUNET_MQ_send(ds->cs->mq, |
1804 | ev); | 1799 | ev); |
1805 | 1800 | ||
1806 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n"); | 1801 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n"); |
1807 | 1802 | ||
1808 | GNUNET_free (indices); | 1803 | GNUNET_free(indices); |
1809 | 1804 | ||
1810 | gcry_mpi_release(lagrange); | 1805 | gcry_mpi_release(lagrange); |
1811 | gcry_mpi_release(m); | 1806 | gcry_mpi_release(m); |
@@ -1825,12 +1820,12 @@ decrypt_conclude (void *cls) | |||
1825 | * @return string representation of @a mpi, must be free'd by the caller | 1820 | * @return string representation of @a mpi, must be free'd by the caller |
1826 | */ | 1821 | */ |
1827 | static char * | 1822 | static char * |
1828 | mpi_to_str (gcry_mpi_t mpi) | 1823 | mpi_to_str(gcry_mpi_t mpi) |
1829 | { | 1824 | { |
1830 | unsigned char *buf; | 1825 | unsigned char *buf; |
1831 | 1826 | ||
1832 | GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, mpi)); | 1827 | GNUNET_assert(0 == gcry_mpi_aprint(GCRYMPI_FMT_HEX, &buf, NULL, mpi)); |
1833 | return (char *) buf; | 1828 | return (char *)buf; |
1834 | } | 1829 | } |
1835 | 1830 | ||
1836 | 1831 | ||
@@ -1838,8 +1833,8 @@ mpi_to_str (gcry_mpi_t mpi) | |||
1838 | * Called when a new partial decryption arrives. | 1833 | * Called when a new partial decryption arrives. |
1839 | */ | 1834 | */ |
1840 | static void | 1835 | static void |
1841 | decrypt_new_element (void *cls, | 1836 | decrypt_new_element(void *cls, |
1842 | const struct GNUNET_SET_Element *element) | 1837 | const struct GNUNET_SET_Element *element) |
1843 | { | 1838 | { |
1844 | struct DecryptSession *session = cls; | 1839 | struct DecryptSession *session = cls; |
1845 | const struct GNUNET_SECRETSHARING_DecryptData *d; | 1840 | const struct GNUNET_SECRETSHARING_DecryptData *d; |
@@ -1867,132 +1862,132 @@ decrypt_new_element (void *cls, | |||
1867 | gcry_mpi_t tmp2; | 1862 | gcry_mpi_t tmp2; |
1868 | 1863 | ||
1869 | if (NULL == element) | 1864 | if (NULL == element) |
1870 | { | 1865 | { |
1871 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n"); | 1866 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decryption failed\n"); |
1872 | /* FIXME: destroy */ | 1867 | /* FIXME: destroy */ |
1873 | return; | 1868 | return; |
1874 | } | 1869 | } |
1875 | 1870 | ||
1876 | if (element->size != sizeof *d) | 1871 | if (element->size != sizeof *d) |
1877 | { | 1872 | { |
1878 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "element of wrong size in decrypt consensus\n"); | 1873 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "element of wrong size in decrypt consensus\n"); |
1879 | return; | 1874 | return; |
1880 | } | 1875 | } |
1881 | 1876 | ||
1882 | d = element->data; | 1877 | d = element->data; |
1883 | 1878 | ||
1884 | info = get_decrypt_peer_info (session, &d->peer); | 1879 | info = get_decrypt_peer_info(session, &d->peer); |
1885 | 1880 | ||
1886 | if (NULL == info) | 1881 | if (NULL == info) |
1887 | { | 1882 | { |
1888 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element from invalid peer (%s)\n", | 1883 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt element from invalid peer (%s)\n", |
1889 | GNUNET_i2s (&d->peer)); | 1884 | GNUNET_i2s(&d->peer)); |
1890 | return; | 1885 | return; |
1891 | } | 1886 | } |
1892 | 1887 | ||
1893 | if (NULL != info->partial_decryption) | 1888 | if (NULL != info->partial_decryption) |
1894 | { | 1889 | { |
1895 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n"); | 1890 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n"); |
1896 | return; | 1891 | return; |
1897 | } | 1892 | } |
1898 | 1893 | ||
1899 | if (0 != GNUNET_memcmp (&d->ciphertext, &session->ciphertext)) | 1894 | if (0 != GNUNET_memcmp(&d->ciphertext, &session->ciphertext)) |
1900 | { | 1895 | { |
1901 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: got decrypt element with non-matching ciphertext from P%u\n", | 1896 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: got decrypt element with non-matching ciphertext from P%u\n", |
1902 | (unsigned int) session->share->my_peer, (unsigned int) (info - session->info)); | 1897 | (unsigned int)session->share->my_peer, (unsigned int)(info - session->info)); |
1903 | 1898 | ||
1904 | return; | 1899 | return; |
1905 | } | 1900 | } |
1906 | 1901 | ||
1907 | 1902 | ||
1908 | GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *) d, | 1903 | GNUNET_CRYPTO_hash(offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *)d, |
1909 | offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - | 1904 | offsetof(struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - |
1910 | offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext), | 1905 | offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext), |
1911 | &challenge_hash); | 1906 | &challenge_hash); |
1912 | 1907 | ||
1913 | GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash, | 1908 | GNUNET_CRYPTO_mpi_scan_unsigned(&challenge, &challenge_hash, |
1914 | sizeof (struct GNUNET_HashCode)); | 1909 | sizeof(struct GNUNET_HashCode)); |
1915 | 1910 | ||
1916 | GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &session->share->sigmas[info - session->info], | 1911 | GNUNET_CRYPTO_mpi_scan_unsigned(&sigma, &session->share->sigmas[info - session->info], |
1917 | sizeof (struct GNUNET_SECRETSHARING_FieldElement)); | 1912 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); |
1918 | 1913 | ||
1919 | GNUNET_CRYPTO_mpi_scan_unsigned (&c1, session->ciphertext.c1_bits, | 1914 | GNUNET_CRYPTO_mpi_scan_unsigned(&c1, session->ciphertext.c1_bits, |
1920 | sizeof (struct GNUNET_SECRETSHARING_FieldElement)); | 1915 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); |
1921 | 1916 | ||
1922 | GNUNET_CRYPTO_mpi_scan_unsigned (&commit1, &d->nizk_commit1, | 1917 | GNUNET_CRYPTO_mpi_scan_unsigned(&commit1, &d->nizk_commit1, |
1923 | sizeof (struct GNUNET_SECRETSHARING_FieldElement)); | 1918 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); |
1924 | 1919 | ||
1925 | GNUNET_CRYPTO_mpi_scan_unsigned (&commit2, &d->nizk_commit2, | 1920 | GNUNET_CRYPTO_mpi_scan_unsigned(&commit2, &d->nizk_commit2, |
1926 | sizeof (struct GNUNET_SECRETSHARING_FieldElement)); | 1921 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); |
1927 | 1922 | ||
1928 | GNUNET_CRYPTO_mpi_scan_unsigned (&r, &d->nizk_response, | 1923 | GNUNET_CRYPTO_mpi_scan_unsigned(&r, &d->nizk_response, |
1929 | sizeof (struct GNUNET_SECRETSHARING_FieldElement)); | 1924 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); |
1930 | 1925 | ||
1931 | GNUNET_CRYPTO_mpi_scan_unsigned (&w, &d->partial_decryption, | 1926 | GNUNET_CRYPTO_mpi_scan_unsigned(&w, &d->partial_decryption, |
1932 | sizeof (struct GNUNET_SECRETSHARING_FieldElement)); | 1927 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); |
1933 | 1928 | ||
1934 | GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0))); | 1929 | GNUNET_assert(NULL != (tmp1 = gcry_mpi_new(0))); |
1935 | GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0))); | 1930 | GNUNET_assert(NULL != (tmp2 = gcry_mpi_new(0))); |
1936 | 1931 | ||
1937 | // tmp1 = g^r | 1932 | // tmp1 = g^r |
1938 | gcry_mpi_powm (tmp1, elgamal_g, r, elgamal_p); | 1933 | gcry_mpi_powm(tmp1, elgamal_g, r, elgamal_p); |
1939 | 1934 | ||
1940 | // tmp2 = g^\beta * \sigma^challenge | 1935 | // tmp2 = g^\beta * \sigma^challenge |
1941 | gcry_mpi_powm (tmp2, sigma, challenge, elgamal_p); | 1936 | gcry_mpi_powm(tmp2, sigma, challenge, elgamal_p); |
1942 | gcry_mpi_mulm (tmp2, tmp2, commit1, elgamal_p); | 1937 | gcry_mpi_mulm(tmp2, tmp2, commit1, elgamal_p); |
1943 | 1938 | ||
1944 | if (0 != gcry_mpi_cmp (tmp1, tmp2)) | 1939 | if (0 != gcry_mpi_cmp(tmp1, tmp2)) |
1945 | { | 1940 | { |
1946 | char *tmp1_str; | 1941 | char *tmp1_str; |
1947 | char *tmp2_str; | 1942 | char *tmp2_str; |
1948 | 1943 | ||
1949 | tmp1_str = mpi_to_str (tmp1); | 1944 | tmp1_str = mpi_to_str(tmp1); |
1950 | tmp2_str = mpi_to_str (tmp2); | 1945 | tmp2_str = mpi_to_str(tmp2); |
1951 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1946 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, |
1952 | "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n", | 1947 | "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n", |
1953 | session->share->my_peer, | 1948 | session->share->my_peer, |
1954 | (unsigned int) (info - session->info), | 1949 | (unsigned int)(info - session->info), |
1955 | tmp1_str, | 1950 | tmp1_str, |
1956 | tmp2_str); | 1951 | tmp2_str); |
1957 | GNUNET_free (tmp1_str); | 1952 | GNUNET_free(tmp1_str); |
1958 | GNUNET_free (tmp2_str); | 1953 | GNUNET_free(tmp2_str); |
1959 | goto cleanup; | 1954 | goto cleanup; |
1960 | } | 1955 | } |
1961 | 1956 | ||
1962 | 1957 | ||
1963 | gcry_mpi_powm (tmp1, c1, r, elgamal_p); | 1958 | gcry_mpi_powm(tmp1, c1, r, elgamal_p); |
1964 | 1959 | ||
1965 | gcry_mpi_powm (tmp2, w, challenge, elgamal_p); | 1960 | gcry_mpi_powm(tmp2, w, challenge, elgamal_p); |
1966 | gcry_mpi_mulm (tmp2, tmp2, commit2, elgamal_p); | 1961 | gcry_mpi_mulm(tmp2, tmp2, commit2, elgamal_p); |
1967 | 1962 | ||
1968 | 1963 | ||
1969 | if (0 != gcry_mpi_cmp (tmp1, tmp2)) | 1964 | if (0 != gcry_mpi_cmp(tmp1, tmp2)) |
1970 | { | 1965 | { |
1971 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1966 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, |
1972 | "P%u: Received invalid partial decryption from P%u (eqn 2)\n", | 1967 | "P%u: Received invalid partial decryption from P%u (eqn 2)\n", |
1973 | session->share->my_peer, | 1968 | session->share->my_peer, |
1974 | (unsigned int) (info - session->info)); | 1969 | (unsigned int)(info - session->info)); |
1975 | goto cleanup; | 1970 | goto cleanup; |
1976 | } | 1971 | } |
1977 | 1972 | ||
1978 | 1973 | ||
1979 | GNUNET_CRYPTO_mpi_scan_unsigned (&info->partial_decryption, &d->partial_decryption, | 1974 | GNUNET_CRYPTO_mpi_scan_unsigned(&info->partial_decryption, &d->partial_decryption, |
1980 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1975 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
1981 | cleanup: | 1976 | cleanup: |
1982 | gcry_mpi_release (tmp1); | 1977 | gcry_mpi_release(tmp1); |
1983 | gcry_mpi_release (tmp2); | 1978 | gcry_mpi_release(tmp2); |
1984 | gcry_mpi_release (sigma); | 1979 | gcry_mpi_release(sigma); |
1985 | gcry_mpi_release (commit1); | 1980 | gcry_mpi_release(commit1); |
1986 | gcry_mpi_release (commit2); | 1981 | gcry_mpi_release(commit2); |
1987 | gcry_mpi_release (r); | 1982 | gcry_mpi_release(r); |
1988 | gcry_mpi_release (w); | 1983 | gcry_mpi_release(w); |
1989 | gcry_mpi_release (challenge); | 1984 | gcry_mpi_release(challenge); |
1990 | gcry_mpi_release (c1); | 1985 | gcry_mpi_release(c1); |
1991 | } | 1986 | } |
1992 | 1987 | ||
1993 | 1988 | ||
1994 | static void | 1989 | static void |
1995 | insert_decrypt_element (struct DecryptSession *ds) | 1990 | insert_decrypt_element(struct DecryptSession *ds) |
1996 | { | 1991 | { |
1997 | struct GNUNET_SECRETSHARING_DecryptData d; | 1992 | struct GNUNET_SECRETSHARING_DecryptData d; |
1998 | struct GNUNET_SET_Element element; | 1993 | struct GNUNET_SET_Element element; |
@@ -2010,99 +2005,100 @@ insert_decrypt_element (struct DecryptSession *ds) | |||
2010 | struct GNUNET_HashCode challenge_hash; | 2005 | struct GNUNET_HashCode challenge_hash; |
2011 | 2006 | ||
2012 | /* make vagrind happy until we implement the real deal ... */ | 2007 | /* make vagrind happy until we implement the real deal ... */ |
2013 | memset (&d, 0, sizeof d); | 2008 | memset(&d, 0, sizeof d); |
2014 | 2009 | ||
2015 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n", | 2010 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n", |
2016 | ds->share->my_peer); | 2011 | ds->share->my_peer); |
2017 | 2012 | ||
2018 | GNUNET_assert (ds->share->my_peer < ds->share->num_peers); | 2013 | GNUNET_assert(ds->share->my_peer < ds->share->num_peers); |
2019 | 2014 | ||
2020 | GNUNET_CRYPTO_mpi_scan_unsigned (&c1, &ds->ciphertext.c1_bits, | 2015 | GNUNET_CRYPTO_mpi_scan_unsigned(&c1, &ds->ciphertext.c1_bits, |
2021 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 2016 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
2022 | GNUNET_CRYPTO_mpi_scan_unsigned (&s, &ds->share->my_share, | 2017 | GNUNET_CRYPTO_mpi_scan_unsigned(&s, &ds->share->my_share, |
2023 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 2018 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
2024 | GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &ds->share->sigmas[ds->share->my_peer], | 2019 | GNUNET_CRYPTO_mpi_scan_unsigned(&sigma, &ds->share->sigmas[ds->share->my_peer], |
2025 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 2020 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
2026 | 2021 | ||
2027 | GNUNET_assert (NULL != (w = gcry_mpi_new (0))); | 2022 | GNUNET_assert(NULL != (w = gcry_mpi_new(0))); |
2028 | GNUNET_assert (NULL != (beta = gcry_mpi_new (0))); | 2023 | GNUNET_assert(NULL != (beta = gcry_mpi_new(0))); |
2029 | GNUNET_assert (NULL != (tmp = gcry_mpi_new (0))); | 2024 | GNUNET_assert(NULL != (tmp = gcry_mpi_new(0))); |
2030 | 2025 | ||
2031 | // FIXME: unnecessary, remove once crypto works | 2026 | // FIXME: unnecessary, remove once crypto works |
2032 | gcry_mpi_powm (tmp, elgamal_g, s, elgamal_p); | 2027 | gcry_mpi_powm(tmp, elgamal_g, s, elgamal_p); |
2033 | if (0 != gcry_mpi_cmp (tmp, sigma)) | 2028 | if (0 != gcry_mpi_cmp(tmp, sigma)) |
2034 | { | 2029 | { |
2035 | char *sigma_str = mpi_to_str (sigma); | 2030 | char *sigma_str = mpi_to_str(sigma); |
2036 | char *tmp_str = mpi_to_str (tmp); | 2031 | char *tmp_str = mpi_to_str(tmp); |
2037 | char *s_str = mpi_to_str (s); | 2032 | char *s_str = mpi_to_str(s); |
2038 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Share of P%u is invalid, ref sigma %s, " | 2033 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Share of P%u is invalid, ref sigma %s, " |
2039 | "computed sigma %s, s %s\n", | 2034 | "computed sigma %s, s %s\n", |
2040 | ds->share->my_peer, | 2035 | ds->share->my_peer, |
2041 | sigma_str, tmp_str, s_str); | 2036 | sigma_str, tmp_str, s_str); |
2042 | GNUNET_free (sigma_str); | 2037 | GNUNET_free(sigma_str); |
2043 | GNUNET_free (tmp_str); | 2038 | GNUNET_free(tmp_str); |
2044 | GNUNET_free (s_str); | 2039 | GNUNET_free(s_str); |
2045 | } | 2040 | } |
2046 | 2041 | ||
2047 | gcry_mpi_powm (w, c1, s, elgamal_p); | 2042 | gcry_mpi_powm(w, c1, s, elgamal_p); |
2048 | 2043 | ||
2049 | element.data = (void *) &d; | 2044 | element.data = (void *)&d; |
2050 | element.size = sizeof (struct GNUNET_SECRETSHARING_DecryptData); | 2045 | element.size = sizeof(struct GNUNET_SECRETSHARING_DecryptData); |
2051 | element.element_type = 0; | 2046 | element.element_type = 0; |
2052 | 2047 | ||
2053 | d.ciphertext = ds->ciphertext; | 2048 | d.ciphertext = ds->ciphertext; |
2054 | d.peer = my_peer; | 2049 | d.peer = my_peer; |
2055 | GNUNET_CRYPTO_mpi_print_unsigned (&d.partial_decryption, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w); | 2050 | GNUNET_CRYPTO_mpi_print_unsigned(&d.partial_decryption, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w); |
2056 | 2051 | ||
2057 | // create the zero knowledge proof | 2052 | // create the zero knowledge proof |
2058 | // randomly choose beta such that 0 < beta < q | 2053 | // randomly choose beta such that 0 < beta < q |
2059 | do | 2054 | do |
2060 | { | 2055 | { |
2061 | gcry_mpi_randomize (beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); | 2056 | gcry_mpi_randomize(beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); |
2062 | } while ((gcry_mpi_cmp_ui (beta, 0) == 0) || (gcry_mpi_cmp (beta, elgamal_q) >= 0)); | 2057 | } |
2058 | while ((gcry_mpi_cmp_ui(beta, 0) == 0) || (gcry_mpi_cmp(beta, elgamal_q) >= 0)); | ||
2063 | // tmp = g^beta | 2059 | // tmp = g^beta |
2064 | gcry_mpi_powm (tmp, elgamal_g, beta, elgamal_p); | 2060 | gcry_mpi_powm(tmp, elgamal_g, beta, elgamal_p); |
2065 | GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | 2061 | GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_commit1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); |
2066 | // tmp = (c_1)^beta | 2062 | // tmp = (c_1)^beta |
2067 | gcry_mpi_powm (tmp, c1, beta, elgamal_p); | 2063 | gcry_mpi_powm(tmp, c1, beta, elgamal_p); |
2068 | GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit2, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | 2064 | GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_commit2, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); |
2069 | 2065 | ||
2070 | // the challenge is the hash of everything up to the response | 2066 | // the challenge is the hash of everything up to the response |
2071 | GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *) &d, | 2067 | GNUNET_CRYPTO_hash(offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *)&d, |
2072 | offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - | 2068 | offsetof(struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - |
2073 | offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext), | 2069 | offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext), |
2074 | &challenge_hash); | 2070 | &challenge_hash); |
2075 | 2071 | ||
2076 | GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash, | 2072 | GNUNET_CRYPTO_mpi_scan_unsigned(&challenge, &challenge_hash, |
2077 | sizeof (struct GNUNET_HashCode)); | 2073 | sizeof(struct GNUNET_HashCode)); |
2078 | 2074 | ||
2079 | // compute the response in tmp, | 2075 | // compute the response in tmp, |
2080 | // tmp = (c * s + beta) mod q | 2076 | // tmp = (c * s + beta) mod q |
2081 | gcry_mpi_mulm (tmp, challenge, s, elgamal_q); | 2077 | gcry_mpi_mulm(tmp, challenge, s, elgamal_q); |
2082 | gcry_mpi_addm (tmp, tmp, beta, elgamal_q); | 2078 | gcry_mpi_addm(tmp, tmp, beta, elgamal_q); |
2083 | 2079 | ||
2084 | GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_response, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | 2080 | GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_response, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); |
2085 | 2081 | ||
2086 | d.purpose.size = htonl (element.size - offsetof (struct GNUNET_SECRETSHARING_DecryptData, purpose)); | 2082 | d.purpose.size = htonl(element.size - offsetof(struct GNUNET_SECRETSHARING_DecryptData, purpose)); |
2087 | d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); | 2083 | d.purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); |
2088 | 2084 | ||
2089 | GNUNET_assert (GNUNET_OK == | 2085 | GNUNET_assert(GNUNET_OK == |
2090 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, | 2086 | GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, |
2091 | &d.purpose, | 2087 | &d.purpose, |
2092 | &d.signature)); | 2088 | &d.signature)); |
2093 | 2089 | ||
2094 | GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); | 2090 | GNUNET_CONSENSUS_insert(ds->consensus, &element, NULL, NULL); |
2095 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2091 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
2096 | "P%u: Inserting decrypt element done!\n", | 2092 | "P%u: Inserting decrypt element done!\n", |
2097 | ds->share->my_peer); | 2093 | ds->share->my_peer); |
2098 | 2094 | ||
2099 | gcry_mpi_release (s); | 2095 | gcry_mpi_release(s); |
2100 | gcry_mpi_release (w); | 2096 | gcry_mpi_release(w); |
2101 | gcry_mpi_release (c1); | 2097 | gcry_mpi_release(c1); |
2102 | gcry_mpi_release (beta); | 2098 | gcry_mpi_release(beta); |
2103 | gcry_mpi_release (tmp); | 2099 | gcry_mpi_release(tmp); |
2104 | gcry_mpi_release (challenge); | 2100 | gcry_mpi_release(challenge); |
2105 | gcry_mpi_release (sigma); | 2101 | gcry_mpi_release(sigma); |
2106 | } | 2102 | } |
2107 | 2103 | ||
2108 | 2104 | ||
@@ -2114,8 +2110,8 @@ insert_decrypt_element (struct DecryptSession *ds) | |||
2114 | * @return #GNUNET_OK (check deferred a bit) | 2110 | * @return #GNUNET_OK (check deferred a bit) |
2115 | */ | 2111 | */ |
2116 | static int | 2112 | static int |
2117 | check_client_decrypt (void *cls, | 2113 | check_client_decrypt(void *cls, |
2118 | const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) | 2114 | const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) |
2119 | { | 2115 | { |
2120 | /* we check later, it's complicated */ | 2116 | /* we check later, it's complicated */ |
2121 | return GNUNET_OK; | 2117 | return GNUNET_OK; |
@@ -2130,77 +2126,77 @@ check_client_decrypt (void *cls, | |||
2130 | * @param msg the actual message | 2126 | * @param msg the actual message |
2131 | */ | 2127 | */ |
2132 | static void | 2128 | static void |
2133 | handle_client_decrypt (void *cls, | 2129 | handle_client_decrypt(void *cls, |
2134 | const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) | 2130 | const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) |
2135 | { | 2131 | { |
2136 | struct ClientState *cs = cls; | 2132 | struct ClientState *cs = cls; |
2137 | struct DecryptSession *ds; | 2133 | struct DecryptSession *ds; |
2138 | struct GNUNET_HashCode session_id; | 2134 | struct GNUNET_HashCode session_id; |
2139 | 2135 | ||
2140 | if (NULL != cs->decrypt_session) | 2136 | if (NULL != cs->decrypt_session) |
2141 | { | 2137 | { |
2142 | GNUNET_break (0); | 2138 | GNUNET_break(0); |
2143 | GNUNET_SERVICE_client_drop (cs->client); | 2139 | GNUNET_SERVICE_client_drop(cs->client); |
2144 | return; | 2140 | return; |
2145 | } | 2141 | } |
2146 | ds = GNUNET_new (struct DecryptSession); | 2142 | ds = GNUNET_new(struct DecryptSession); |
2147 | cs->decrypt_session = ds; | 2143 | cs->decrypt_session = ds; |
2148 | ds->cs = cs; | 2144 | ds->cs = cs; |
2149 | ds->start = GNUNET_TIME_absolute_ntoh (msg->start); | 2145 | ds->start = GNUNET_TIME_absolute_ntoh(msg->start); |
2150 | ds->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline); | 2146 | ds->deadline = GNUNET_TIME_absolute_ntoh(msg->deadline); |
2151 | ds->ciphertext = msg->ciphertext; | 2147 | ds->ciphertext = msg->ciphertext; |
2152 | 2148 | ||
2153 | ds->share = GNUNET_SECRETSHARING_share_read (&msg[1], | 2149 | ds->share = GNUNET_SECRETSHARING_share_read(&msg[1], |
2154 | ntohs (msg->header.size) - sizeof (*msg), | 2150 | ntohs(msg->header.size) - sizeof(*msg), |
2155 | NULL); | 2151 | NULL); |
2156 | if (NULL == ds->share) | 2152 | if (NULL == ds->share) |
2157 | { | 2153 | { |
2158 | GNUNET_break (0); | 2154 | GNUNET_break(0); |
2159 | GNUNET_SERVICE_client_drop (cs->client); | 2155 | GNUNET_SERVICE_client_drop(cs->client); |
2160 | return; | 2156 | return; |
2161 | } | 2157 | } |
2162 | 2158 | ||
2163 | /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */ | 2159 | /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */ |
2164 | GNUNET_CRYPTO_hash (&msg->ciphertext, | 2160 | GNUNET_CRYPTO_hash(&msg->ciphertext, |
2165 | sizeof (struct GNUNET_SECRETSHARING_Ciphertext), | 2161 | sizeof(struct GNUNET_SECRETSHARING_Ciphertext), |
2166 | &session_id); | 2162 | &session_id); |
2167 | ds->consensus = GNUNET_CONSENSUS_create (cfg, | 2163 | ds->consensus = GNUNET_CONSENSUS_create(cfg, |
2168 | ds->share->num_peers, | 2164 | ds->share->num_peers, |
2169 | ds->share->peers, | 2165 | ds->share->peers, |
2170 | &session_id, | 2166 | &session_id, |
2171 | ds->start, | 2167 | ds->start, |
2172 | ds->deadline, | 2168 | ds->deadline, |
2173 | &decrypt_new_element, | 2169 | &decrypt_new_element, |
2174 | ds); | 2170 | ds); |
2175 | 2171 | ||
2176 | 2172 | ||
2177 | ds->info = GNUNET_new_array (ds->share->num_peers, | 2173 | ds->info = GNUNET_new_array(ds->share->num_peers, |
2178 | struct DecryptPeerInfo); | 2174 | struct DecryptPeerInfo); |
2179 | for (unsigned int i = 0; i < ds->share->num_peers; i++) | 2175 | for (unsigned int i = 0; i < ds->share->num_peers; i++) |
2180 | { | 2176 | { |
2181 | ds->info[i].peer = ds->share->peers[i]; | 2177 | ds->info[i].peer = ds->share->peers[i]; |
2182 | ds->info[i].original_index = ds->share->original_indices[i]; | 2178 | ds->info[i].original_index = ds->share->original_indices[i]; |
2183 | } | 2179 | } |
2184 | insert_decrypt_element (ds); | 2180 | insert_decrypt_element(ds); |
2185 | GNUNET_CONSENSUS_conclude (ds->consensus, | 2181 | GNUNET_CONSENSUS_conclude(ds->consensus, |
2186 | decrypt_conclude, | 2182 | decrypt_conclude, |
2187 | ds); | 2183 | ds); |
2188 | GNUNET_SERVICE_client_continue (cs->client); | 2184 | GNUNET_SERVICE_client_continue(cs->client); |
2189 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 2185 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, |
2190 | "decrypting with %u peers\n", | 2186 | "decrypting with %u peers\n", |
2191 | ds->share->num_peers); | 2187 | ds->share->num_peers); |
2192 | } | 2188 | } |
2193 | 2189 | ||
2194 | 2190 | ||
2195 | static void | 2191 | static void |
2196 | init_crypto_constants (void) | 2192 | init_crypto_constants(void) |
2197 | { | 2193 | { |
2198 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX, | 2194 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_q, GCRYMPI_FMT_HEX, |
2199 | GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL)); | 2195 | GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL)); |
2200 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX, | 2196 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_p, GCRYMPI_FMT_HEX, |
2201 | GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL)); | 2197 | GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL)); |
2202 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX, | 2198 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_g, GCRYMPI_FMT_HEX, |
2203 | GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL)); | 2199 | GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL)); |
2204 | } | 2200 | } |
2205 | 2201 | ||
2206 | 2202 | ||
@@ -2212,33 +2208,33 @@ init_crypto_constants (void) | |||
2212 | * @param service the initialized service | 2208 | * @param service the initialized service |
2213 | */ | 2209 | */ |
2214 | static void | 2210 | static void |
2215 | run (void *cls, | 2211 | run(void *cls, |
2216 | const struct GNUNET_CONFIGURATION_Handle *c, | 2212 | const struct GNUNET_CONFIGURATION_Handle *c, |
2217 | struct GNUNET_SERVICE_Handle *service) | 2213 | struct GNUNET_SERVICE_Handle *service) |
2218 | { | 2214 | { |
2219 | cfg = c; | 2215 | cfg = c; |
2220 | my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (c); | 2216 | my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration(c); |
2221 | if (NULL == my_peer_private_key) | 2217 | if (NULL == my_peer_private_key) |
2222 | { | 2218 | { |
2223 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 2219 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, |
2224 | "could not access host private key\n"); | 2220 | "could not access host private key\n"); |
2225 | GNUNET_break (0); | 2221 | GNUNET_break(0); |
2226 | GNUNET_SCHEDULER_shutdown (); | 2222 | GNUNET_SCHEDULER_shutdown(); |
2227 | return; | 2223 | return; |
2228 | } | 2224 | } |
2229 | init_crypto_constants (); | 2225 | init_crypto_constants(); |
2230 | if (GNUNET_OK != | 2226 | if (GNUNET_OK != |
2231 | GNUNET_CRYPTO_get_peer_identity (cfg, | 2227 | GNUNET_CRYPTO_get_peer_identity(cfg, |
2232 | &my_peer)) | 2228 | &my_peer)) |
2233 | { | 2229 | { |
2234 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 2230 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, |
2235 | "could not retrieve host identity\n"); | 2231 | "could not retrieve host identity\n"); |
2236 | GNUNET_break (0); | 2232 | GNUNET_break(0); |
2237 | GNUNET_SCHEDULER_shutdown (); | 2233 | GNUNET_SCHEDULER_shutdown(); |
2238 | return; | 2234 | return; |
2239 | } | 2235 | } |
2240 | GNUNET_SCHEDULER_add_shutdown (&cleanup_task, | 2236 | GNUNET_SCHEDULER_add_shutdown(&cleanup_task, |
2241 | NULL); | 2237 | NULL); |
2242 | } | 2238 | } |
2243 | 2239 | ||
2244 | 2240 | ||
@@ -2251,11 +2247,11 @@ run (void *cls, | |||
2251 | * @return @a c | 2247 | * @return @a c |
2252 | */ | 2248 | */ |
2253 | static void * | 2249 | static void * |
2254 | client_connect_cb (void *cls, | 2250 | client_connect_cb(void *cls, |
2255 | struct GNUNET_SERVICE_Client *c, | 2251 | struct GNUNET_SERVICE_Client *c, |
2256 | struct GNUNET_MQ_Handle *mq) | 2252 | struct GNUNET_MQ_Handle *mq) |
2257 | { | 2253 | { |
2258 | struct ClientState *cs = GNUNET_new (struct ClientState);; | 2254 | struct ClientState *cs = GNUNET_new(struct ClientState);; |
2259 | 2255 | ||
2260 | cs->client = c; | 2256 | cs->client = c; |
2261 | cs->mq = mq; | 2257 | cs->mq = mq; |
@@ -2271,18 +2267,18 @@ client_connect_cb (void *cls, | |||
2271 | * @param internal_cls should be equal to @a c | 2267 | * @param internal_cls should be equal to @a c |
2272 | */ | 2268 | */ |
2273 | static void | 2269 | static void |
2274 | client_disconnect_cb (void *cls, | 2270 | client_disconnect_cb(void *cls, |
2275 | struct GNUNET_SERVICE_Client *c, | 2271 | struct GNUNET_SERVICE_Client *c, |
2276 | void *internal_cls) | 2272 | void *internal_cls) |
2277 | { | 2273 | { |
2278 | struct ClientState *cs = internal_cls; | 2274 | struct ClientState *cs = internal_cls; |
2279 | 2275 | ||
2280 | if (NULL != cs->keygen_session) | 2276 | if (NULL != cs->keygen_session) |
2281 | keygen_session_destroy (cs->keygen_session); | 2277 | keygen_session_destroy(cs->keygen_session); |
2282 | 2278 | ||
2283 | if (NULL != cs->decrypt_session) | 2279 | if (NULL != cs->decrypt_session) |
2284 | decrypt_session_destroy (cs->decrypt_session); | 2280 | decrypt_session_destroy(cs->decrypt_session); |
2285 | GNUNET_free (cs); | 2281 | GNUNET_free(cs); |
2286 | } | 2282 | } |
2287 | 2283 | ||
2288 | 2284 | ||
@@ -2290,18 +2286,18 @@ client_disconnect_cb (void *cls, | |||
2290 | * Define "main" method using service macro. | 2286 | * Define "main" method using service macro. |
2291 | */ | 2287 | */ |
2292 | GNUNET_SERVICE_MAIN | 2288 | GNUNET_SERVICE_MAIN |
2293 | ("secretsharing", | 2289 | ("secretsharing", |
2294 | GNUNET_SERVICE_OPTION_NONE, | 2290 | GNUNET_SERVICE_OPTION_NONE, |
2295 | &run, | 2291 | &run, |
2296 | &client_connect_cb, | 2292 | &client_connect_cb, |
2297 | &client_disconnect_cb, | 2293 | &client_disconnect_cb, |
2298 | NULL, | 2294 | NULL, |
2299 | GNUNET_MQ_hd_var_size (client_keygen, | 2295 | GNUNET_MQ_hd_var_size(client_keygen, |
2300 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, | 2296 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, |
2301 | struct GNUNET_SECRETSHARING_CreateMessage, | 2297 | struct GNUNET_SECRETSHARING_CreateMessage, |
2302 | NULL), | 2298 | NULL), |
2303 | GNUNET_MQ_hd_var_size (client_decrypt, | 2299 | GNUNET_MQ_hd_var_size(client_decrypt, |
2304 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, | 2300 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, |
2305 | struct GNUNET_SECRETSHARING_DecryptRequestMessage, | 2301 | struct GNUNET_SECRETSHARING_DecryptRequestMessage, |
2306 | NULL), | 2302 | NULL), |
2307 | GNUNET_MQ_handler_end ()); | 2303 | GNUNET_MQ_handler_end()); |