diff options
author | Florian Dold <florian.dold@gmail.com> | 2014-01-07 11:10:05 +0000 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2014-01-07 11:10:05 +0000 |
commit | 9b4bee4d09a77662448a9416f4deaf6994b2eb07 (patch) | |
tree | 552f05303a35bb1fb0060737b7513e0f900933d8 /src/secretsharing/gnunet-service-secretsharing.c | |
parent | 47a164b83ebd56bc13167a57bf38aeafe78d354b (diff) | |
download | gnunet-9b4bee4d09a77662448a9416f4deaf6994b2eb07.tar.gz gnunet-9b4bee4d09a77662448a9416f4deaf6994b2eb07.zip |
- correctly adjust buffer when printing MPIs
- fix confusion between paillier and elgamal field elements
Diffstat (limited to 'src/secretsharing/gnunet-service-secretsharing.c')
-rw-r--r-- | src/secretsharing/gnunet-service-secretsharing.c | 142 |
1 files changed, 77 insertions, 65 deletions
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c index 9298e38ad..fe02f55bc 100644 --- a/src/secretsharing/gnunet-service-secretsharing.c +++ b/src/secretsharing/gnunet-service-secretsharing.c | |||
@@ -44,12 +44,7 @@ struct KeygenPeerInfo | |||
44 | struct GNUNET_PeerIdentity peer; | 44 | struct GNUNET_PeerIdentity peer; |
45 | 45 | ||
46 | /** | 46 | /** |
47 | * g-component of the peer's paillier public key. | 47 | * The peer's paillier public key. |
48 | */ | ||
49 | gcry_mpi_t paillier_g; | ||
50 | |||
51 | /** | ||
52 | * mu-component of the peer's paillier public key. | ||
53 | */ | 48 | */ |
54 | gcry_mpi_t paillier_n; | 49 | gcry_mpi_t paillier_n; |
55 | 50 | ||
@@ -318,13 +313,45 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg; | |||
318 | */ | 313 | */ |
319 | static struct GNUNET_SERVER_Handle *srv; | 314 | static struct GNUNET_SERVER_Handle *srv; |
320 | 315 | ||
316 | |||
317 | /** | ||
318 | * If target != size, move @a target bytes to the end of the size-sized | ||
319 | * buffer and zero out the first @a target - @a size bytes. | ||
320 | * | ||
321 | * @param buf original buffer | ||
322 | * @param size number of bytes in @a buf | ||
323 | * @param target target size of the buffer | ||
324 | */ | ||
325 | static void | ||
326 | adjust (unsigned char *buf, | ||
327 | size_t size, | ||
328 | size_t target) | ||
329 | { | ||
330 | if (size < target) | ||
331 | { | ||
332 | memmove (&buf[target - size], buf, size); | ||
333 | memset (buf, 0, target - size); | ||
334 | } | ||
335 | } | ||
336 | |||
337 | |||
321 | /** | 338 | /** |
322 | * Print a field element in a fixed-size buffer. | 339 | * Print an MPI to a buffer, so that is contains the MPI's |
340 | * the little endian representation of size @a size. | ||
341 | * | ||
342 | * @param buf buffer to write to | ||
343 | * @param x mpi to be written in the buffer | ||
344 | * @param bytes how many bytes should the value use | ||
345 | * @param | ||
323 | */ | 346 | */ |
324 | static void | 347 | static void |
325 | print_field_element (void *buf, gcry_mpi_t x) | 348 | print_mpi_fixed (void *buf, gcry_mpi_t x, size_t size) |
326 | { | 349 | { |
327 | GNUNET_assert (0); | 350 | size_t written; |
351 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
352 | buf, size, &written, | ||
353 | x)); | ||
354 | adjust (buf, written, size); | ||
328 | } | 355 | } |
329 | 356 | ||
330 | 357 | ||
@@ -499,13 +526,12 @@ compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, | |||
499 | * Uses the simplified key generation of Jonathan Katz, Yehuda Lindell, | 526 | * Uses the simplified key generation of Jonathan Katz, Yehuda Lindell, |
500 | * "Introduction to Modern Cryptography: Principles and Protocols". | 527 | * "Introduction to Modern Cryptography: Principles and Protocols". |
501 | * | 528 | * |
502 | * @param g g-component of public key | ||
503 | * @param n n-component of public key | 529 | * @param n n-component of public key |
504 | * @param lambda lambda-component of private key | 530 | * @param lambda lambda-component of private key |
505 | * @param mu mu-componenent of private key | 531 | * @param mu mu-componenent of private key |
506 | */ | 532 | */ |
507 | static void | 533 | static void |
508 | paillier_create (gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) | 534 | paillier_create (gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) |
509 | { | 535 | { |
510 | gcry_mpi_t p; | 536 | gcry_mpi_t p; |
511 | gcry_mpi_t q; | 537 | gcry_mpi_t q; |
@@ -521,7 +547,6 @@ paillier_create (gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) | |||
521 | GNUNET_assert (0 == gcry_prime_generate (&q, PAILLIER_BITS / 2, 0, NULL, NULL, NULL, | 547 | GNUNET_assert (0 == gcry_prime_generate (&q, PAILLIER_BITS / 2, 0, NULL, NULL, NULL, |
522 | GCRY_WEAK_RANDOM, 0)); | 548 | GCRY_WEAK_RANDOM, 0)); |
523 | gcry_mpi_mul (n, p, q); | 549 | gcry_mpi_mul (n, p, q); |
524 | gcry_mpi_add_ui (g, n, 1); | ||
525 | // compute phi(n) = (p-1)(q-1) | 550 | // compute phi(n) = (p-1)(q-1) |
526 | gcry_mpi_sub_ui (phi, p, 1); | 551 | gcry_mpi_sub_ui (phi, p, 1); |
527 | gcry_mpi_sub_ui (tmp, q, 1); | 552 | gcry_mpi_sub_ui (tmp, q, 1); |
@@ -542,17 +567,20 @@ paillier_create (gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) | |||
542 | * | 567 | * |
543 | * @param c resulting ciphertext | 568 | * @param c resulting ciphertext |
544 | * @param m plaintext to encrypt | 569 | * @param m plaintext to encrypt |
545 | * @param g g-component of public key | ||
546 | * @param n n-component of public key | 570 | * @param n n-component of public key |
547 | */ | 571 | */ |
548 | static void | 572 | static void |
549 | paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n) | 573 | paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t n) |
550 | { | 574 | { |
551 | gcry_mpi_t n_square; | 575 | gcry_mpi_t n_square; |
552 | gcry_mpi_t r; | 576 | gcry_mpi_t r; |
577 | gcry_mpi_t g; | ||
553 | 578 | ||
554 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); | 579 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); |
555 | GNUNET_assert (0 != (r = gcry_mpi_new (0))); | 580 | GNUNET_assert (0 != (r = gcry_mpi_new (0))); |
581 | GNUNET_assert (0 != (g = gcry_mpi_new (0))); | ||
582 | |||
583 | gcry_mpi_add_ui (g, n, 1); | ||
556 | 584 | ||
557 | gcry_mpi_mul (n_square, n, n); | 585 | gcry_mpi_mul (n_square, n, n); |
558 | 586 | ||
@@ -617,9 +645,9 @@ generate_presecret_polynomial (struct KeygenSession *ks) | |||
617 | ks->presecret_polynomial = GNUNET_malloc (ks->threshold * sizeof (gcry_mpi_t)); | 645 | ks->presecret_polynomial = GNUNET_malloc (ks->threshold * sizeof (gcry_mpi_t)); |
618 | for (i = 0; i < ks->threshold; i++) | 646 | for (i = 0; i < ks->threshold; i++) |
619 | { | 647 | { |
620 | ks->presecret_polynomial[i] = gcry_mpi_new (PAILLIER_BITS); | 648 | ks->presecret_polynomial[i] = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS); |
621 | GNUNET_assert (0 != ks->presecret_polynomial[i]); | 649 | GNUNET_assert (0 != ks->presecret_polynomial[i]); |
622 | gcry_mpi_randomize (ks->presecret_polynomial[i], PAILLIER_BITS, | 650 | gcry_mpi_randomize (ks->presecret_polynomial[i], GNUNET_SECRETSHARING_KEY_BITS, |
623 | GCRY_WEAK_RANDOM); | 651 | GCRY_WEAK_RANDOM); |
624 | } | 652 | } |
625 | } | 653 | } |
@@ -681,8 +709,6 @@ keygen_round1_new_element (void *cls, | |||
681 | return; | 709 | return; |
682 | } | 710 | } |
683 | 711 | ||
684 | GNUNET_assert (0 == gcry_mpi_scan (&info->paillier_g, GCRYMPI_FMT_USG, | ||
685 | &d->pubkey.g, sizeof d->pubkey.g, NULL)); | ||
686 | GNUNET_assert (0 == gcry_mpi_scan (&info->paillier_n, GCRYMPI_FMT_USG, | 712 | GNUNET_assert (0 == gcry_mpi_scan (&info->paillier_n, GCRYMPI_FMT_USG, |
687 | &d->pubkey.n, sizeof d->pubkey.n, NULL)); | 713 | &d->pubkey.n, sizeof d->pubkey.n, NULL)); |
688 | GNUNET_assert (0 == gcry_mpi_scan (&info->presecret_commitment, GCRYMPI_FMT_USG, | 714 | GNUNET_assert (0 == gcry_mpi_scan (&info->presecret_commitment, GCRYMPI_FMT_USG, |
@@ -731,8 +757,8 @@ keygen_round2_conclude (void *cls) | |||
731 | 757 | ||
732 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); | 758 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); |
733 | 759 | ||
734 | GNUNET_assert (0 != (s = gcry_mpi_new (PAILLIER_BITS))); | 760 | GNUNET_assert (0 != (s = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
735 | GNUNET_assert (0 != (h = gcry_mpi_new (PAILLIER_BITS))); | 761 | GNUNET_assert (0 != (h = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
736 | 762 | ||
737 | // multiplicative identity | 763 | // multiplicative identity |
738 | gcry_mpi_set_ui (s, 1); | 764 | gcry_mpi_set_ui (s, 1); |
@@ -762,8 +788,8 @@ keygen_round2_conclude (void *cls) | |||
762 | } | 788 | } |
763 | } | 789 | } |
764 | 790 | ||
765 | gcry_mpi_print (GCRYMPI_FMT_USG, (void *) &share->my_share, PAILLIER_BITS / 8, NULL, s); | 791 | print_mpi_fixed (&share->my_share, s, GNUNET_SECRETSHARING_KEY_BITS / 8); |
766 | gcry_mpi_print (GCRYMPI_FMT_USG, (void *) &share->public_key, PAILLIER_BITS / 8, NULL, s); | 792 | print_mpi_fixed (&share->public_key, h, GNUNET_SECRETSHARING_KEY_BITS / 8); |
767 | 793 | ||
768 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen successful with %u peers\n", share->num_peers); | 794 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen successful with %u peers\n", share->num_peers); |
769 | 795 | ||
@@ -803,12 +829,12 @@ insert_round2_element (struct KeygenSession *ks) | |||
803 | gcry_mpi_t idx; | 829 | gcry_mpi_t idx; |
804 | gcry_mpi_t v; | 830 | gcry_mpi_t v; |
805 | 831 | ||
806 | GNUNET_assert (0 != (v = gcry_mpi_new (PAILLIER_BITS))); | 832 | GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
807 | GNUNET_assert (0 != (idx = gcry_mpi_new (PAILLIER_BITS))); | 833 | GNUNET_assert (0 != (idx = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
808 | 834 | ||
809 | element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + | 835 | element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + |
810 | 2 * PAILLIER_BITS / 8 * ks->num_peers + | 836 | 2 * GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->num_peers + |
811 | 1 * PAILLIER_BITS / 8 * ks->threshold); | 837 | 1 * GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->threshold); |
812 | 838 | ||
813 | element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size); | 839 | element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size); |
814 | element->size = element_size; | 840 | element->size = element_size; |
@@ -830,8 +856,8 @@ insert_round2_element (struct KeygenSession *ks) | |||
830 | horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, elgamal_p); | 856 | horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, elgamal_p); |
831 | // take g to the result | 857 | // take g to the result |
832 | gcry_mpi_powm (v, elgamal_g, v, elgamal_p); | 858 | gcry_mpi_powm (v, elgamal_g, v, elgamal_p); |
833 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | 859 | print_mpi_fixed (pos, v, GNUNET_SECRETSHARING_KEY_BITS / 8); |
834 | pos += PAILLIER_BITS / 8; | 860 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8; |
835 | } | 861 | } |
836 | 862 | ||
837 | // encrypted pre-shares | 863 | // encrypted pre-shares |
@@ -842,10 +868,9 @@ insert_round2_element (struct KeygenSession *ks) | |||
842 | if (GNUNET_NO == ks->info[i].round1_valid) | 868 | if (GNUNET_NO == ks->info[i].round1_valid) |
843 | gcry_mpi_set_ui (v, 0); | 869 | gcry_mpi_set_ui (v, 0); |
844 | else | 870 | else |
845 | paillier_encrypt (v, ks->presecret_polynomial[0], | 871 | paillier_encrypt (v, ks->presecret_polynomial[0], ks->info[i].paillier_n); |
846 | ks->info[i].paillier_g, ks->info[i].paillier_g); | 872 | print_mpi_fixed (pos, v, GNUNET_SECRETSHARING_KEY_BITS / 8); |
847 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | 873 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8; |
848 | pos += PAILLIER_BITS / 8; | ||
849 | } | 874 | } |
850 | 875 | ||
851 | // exponentiated coefficients | 876 | // exponentiated coefficients |
@@ -854,8 +879,8 @@ insert_round2_element (struct KeygenSession *ks) | |||
854 | ptrdiff_t remaining = last_pos - pos; | 879 | ptrdiff_t remaining = last_pos - pos; |
855 | GNUNET_assert (remaining > 0); | 880 | GNUNET_assert (remaining > 0); |
856 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); | 881 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); |
857 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | 882 | print_mpi_fixed (pos, v, GNUNET_SECRETSHARING_KEY_BITS / 8); |
858 | pos += PAILLIER_BITS / 8; | 883 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8; |
859 | } | 884 | } |
860 | 885 | ||
861 | d->purpose.size = htonl (element_size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); | 886 | d->purpose.size = htonl (element_size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); |
@@ -888,8 +913,8 @@ keygen_round2_new_element (void *cls, | |||
888 | } | 913 | } |
889 | 914 | ||
890 | expected_element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + | 915 | expected_element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + |
891 | 2 * PAILLIER_BITS / 8 * ks->num_peers + | 916 | 2 * GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->num_peers + |
892 | 1 * PAILLIER_BITS / 8 * ks->threshold); | 917 | 1 * GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->threshold); |
893 | 918 | ||
894 | if (element->size != expected_element_size) | 919 | if (element->size != expected_element_size) |
895 | { | 920 | { |
@@ -932,16 +957,16 @@ keygen_round2_new_element (void *cls, | |||
932 | 957 | ||
933 | pos = (void *) &d[1]; | 958 | pos = (void *) &d[1]; |
934 | // skip exponentiated pre-shares | 959 | // skip exponentiated pre-shares |
935 | pos += PAILLIER_BITS / 8 * ks->num_peers; | 960 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->num_peers; |
936 | // skip encrypted pre-shares | 961 | // skip encrypted pre-shares |
937 | pos += PAILLIER_BITS / 8 * ks->num_peers; | 962 | pos += PAILLIER_BITS / 8 * ks->num_peers; |
938 | // the first exponentiated coefficient is the public key share | 963 | // the first exponentiated coefficient is the public key share |
939 | GNUNET_assert (0 == gcry_mpi_scan (&info->public_key_share, GCRYMPI_FMT_USG, | 964 | GNUNET_assert (0 == gcry_mpi_scan (&info->public_key_share, GCRYMPI_FMT_USG, |
940 | pos, PAILLIER_BITS / 8, NULL)); | 965 | pos, GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
941 | 966 | ||
942 | pos = (void *) &d[1]; | 967 | pos = (void *) &d[1]; |
943 | // skip exp. pre-shares | 968 | // skip exp. pre-shares |
944 | pos += PAILLIER_BITS / 8 * ks->num_peers; | 969 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->num_peers; |
945 | // skip to the encrypted value for our peer | 970 | // skip to the encrypted value for our peer |
946 | pos += PAILLIER_BITS / 8 * ks->local_peer_idx; | 971 | pos += PAILLIER_BITS / 8 * ks->local_peer_idx; |
947 | 972 | ||
@@ -1013,7 +1038,7 @@ insert_round1_element (struct KeygenSession *ks) | |||
1013 | // g^a_{i,0} | 1038 | // g^a_{i,0} |
1014 | gcry_mpi_t v; | 1039 | gcry_mpi_t v; |
1015 | // big-endian representation of 'v' | 1040 | // big-endian representation of 'v' |
1016 | unsigned char v_data[PAILLIER_BITS / 8]; | 1041 | unsigned char v_data[GNUNET_SECRETSHARING_KEY_BITS / 8]; |
1017 | 1042 | ||
1018 | element = GNUNET_malloc (sizeof *element + sizeof *d); | 1043 | element = GNUNET_malloc (sizeof *element + sizeof *d); |
1019 | d = (void *) &element[1]; | 1044 | d = (void *) &element[1]; |
@@ -1026,27 +1051,16 @@ insert_round1_element (struct KeygenSession *ks) | |||
1026 | 1051 | ||
1027 | d->peer = my_peer; | 1052 | d->peer = my_peer; |
1028 | 1053 | ||
1029 | GNUNET_assert (0 != (v = gcry_mpi_new (PAILLIER_BITS))); | 1054 | GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
1030 | 1055 | ||
1031 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); | 1056 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); |
1032 | 1057 | ||
1033 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | 1058 | print_mpi_fixed (v_data, v, GNUNET_SECRETSHARING_KEY_BITS); |
1034 | v_data, PAILLIER_BITS / 8, NULL, | ||
1035 | v)); | ||
1036 | |||
1037 | GNUNET_CRYPTO_hash (v_data, PAILLIER_BITS / 8, &d->commitment); | ||
1038 | |||
1039 | /* | ||
1040 | 1059 | ||
1041 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | 1060 | GNUNET_CRYPTO_hash (v_data, GNUNET_SECRETSHARING_KEY_BITS / 8, &d->commitment); |
1042 | (unsigned char *) d->pubkey.g, PAILLIER_BITS / 8, NULL, | ||
1043 | ks->info[ks->local_peer_idx].paillier_g)); | ||
1044 | |||
1045 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
1046 | (unsigned char *) d->pubkey.n, PAILLIER_BITS / 8, NULL, | ||
1047 | ks->info[ks->local_peer_idx].paillier_n)); | ||
1048 | 1061 | ||
1049 | */ | 1062 | print_mpi_fixed (d->pubkey.n, ks->info[ks->local_peer_idx].paillier_n, |
1063 | PAILLIER_BITS / 8); | ||
1050 | 1064 | ||
1051 | d->purpose.size = htonl ((sizeof *d) - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); | 1065 | d->purpose.size = htonl ((sizeof *d) - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); |
1052 | d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); | 1066 | d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); |
@@ -1105,13 +1119,11 @@ static void handle_client_keygen (void *cls, | |||
1105 | for (i = 0; i < ks->num_peers; i++) | 1119 | for (i = 0; i < ks->num_peers; i++) |
1106 | ks->info[i].peer = ks->peers[i]; | 1120 | ks->info[i].peer = ks->peers[i]; |
1107 | 1121 | ||
1108 | GNUNET_assert (0 != (ks->info[ks->local_peer_idx].paillier_g = mpi_new (0))); | ||
1109 | GNUNET_assert (0 != (ks->info[ks->local_peer_idx].paillier_n = mpi_new (0))); | 1122 | GNUNET_assert (0 != (ks->info[ks->local_peer_idx].paillier_n = mpi_new (0))); |
1110 | GNUNET_assert (0 != (ks->paillier_lambda = mpi_new (0))); | 1123 | GNUNET_assert (0 != (ks->paillier_lambda = mpi_new (0))); |
1111 | GNUNET_assert (0 != (ks->paillier_mu = mpi_new (0))); | 1124 | GNUNET_assert (0 != (ks->paillier_mu = mpi_new (0))); |
1112 | 1125 | ||
1113 | paillier_create (ks->info[ks->local_peer_idx].paillier_g, | 1126 | paillier_create (ks->info[ks->local_peer_idx].paillier_n, |
1114 | ks->info[ks->local_peer_idx].paillier_n, | ||
1115 | ks->paillier_lambda, | 1127 | ks->paillier_lambda, |
1116 | ks->paillier_mu); | 1128 | ks->paillier_mu); |
1117 | 1129 | ||
@@ -1176,14 +1188,14 @@ decrypt_conclude (void *cls) | |||
1176 | } | 1188 | } |
1177 | 1189 | ||
1178 | GNUNET_assert (0 == gcry_mpi_scan (&c_2, GCRYMPI_FMT_USG, ds->ciphertext.c2_bits, | 1190 | GNUNET_assert (0 == gcry_mpi_scan (&c_2, GCRYMPI_FMT_USG, ds->ciphertext.c2_bits, |
1179 | PAILLIER_BITS / 8, NULL)); | 1191 | GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
1180 | 1192 | ||
1181 | // m <- c_2 / m | 1193 | // m <- c_2 / m |
1182 | gcry_mpi_invm (m, m, elgamal_p); | 1194 | gcry_mpi_invm (m, m, elgamal_p); |
1183 | gcry_mpi_mulm (m, c_2, m, elgamal_p); | 1195 | gcry_mpi_mulm (m, c_2, m, elgamal_p); |
1184 | 1196 | ||
1185 | ev = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); | 1197 | ev = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); |
1186 | print_field_element (&msg->plaintext, m); | 1198 | print_mpi_fixed (&msg->plaintext, m, GNUNET_SECRETSHARING_KEY_BITS / 8); |
1187 | msg->success = htonl (1); | 1199 | msg->success = htonl (1); |
1188 | GNUNET_MQ_send (ds->client_mq, ev); | 1200 | GNUNET_MQ_send (ds->client_mq, ev); |
1189 | 1201 | ||
@@ -1236,7 +1248,7 @@ decrypt_new_element (void *cls, | |||
1236 | // FIXME: check NIZP first | 1248 | // FIXME: check NIZP first |
1237 | 1249 | ||
1238 | GNUNET_assert (0 == gcry_mpi_scan (&info->partial_decryption, | 1250 | GNUNET_assert (0 == gcry_mpi_scan (&info->partial_decryption, |
1239 | GCRYMPI_FMT_USG, &d->partial_decryption, PAILLIER_BITS / 8, NULL)); | 1251 | GCRYMPI_FMT_USG, &d->partial_decryption, GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
1240 | } | 1252 | } |
1241 | 1253 | ||
1242 | static void | 1254 | static void |
@@ -1247,8 +1259,8 @@ insert_decrypt_element (struct DecryptSession *ds) | |||
1247 | gcry_mpi_t x; | 1259 | gcry_mpi_t x; |
1248 | gcry_mpi_t s; | 1260 | gcry_mpi_t s; |
1249 | 1261 | ||
1250 | GNUNET_assert (0 == gcry_mpi_scan (&x, GCRYMPI_FMT_USG, ds->ciphertext.c1_bits, PAILLIER_BITS / 8, NULL)); | 1262 | GNUNET_assert (0 == gcry_mpi_scan (&x, GCRYMPI_FMT_USG, ds->ciphertext.c1_bits, GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
1251 | GNUNET_assert (0 == gcry_mpi_scan (&s, GCRYMPI_FMT_USG, &ds->share->my_share, PAILLIER_BITS / 8, NULL)); | 1263 | GNUNET_assert (0 == gcry_mpi_scan (&s, GCRYMPI_FMT_USG, &ds->share->my_share, GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
1252 | 1264 | ||
1253 | gcry_mpi_powm (x, x, s, elgamal_p); | 1265 | gcry_mpi_powm (x, x, s, elgamal_p); |
1254 | 1266 | ||
@@ -1260,7 +1272,7 @@ insert_decrypt_element (struct DecryptSession *ds) | |||
1260 | d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); | 1272 | d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); |
1261 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, &d.purpose, &d.signature); | 1273 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, &d.purpose, &d.signature); |
1262 | 1274 | ||
1263 | print_field_element (&d.partial_decryption, x); | 1275 | print_mpi_fixed (&d.partial_decryption, x, GNUNET_SECRETSHARING_KEY_BITS / 8); |
1264 | 1276 | ||
1265 | GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); | 1277 | GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); |
1266 | } | 1278 | } |