diff options
author | Christian Grothoff <christian@grothoff.org> | 2019-10-05 15:09:28 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2019-10-05 15:09:28 +0200 |
commit | c4e9ba925ffd758aaa3feee2ccfc0b76f26fe207 (patch) | |
tree | cac3ce030d77b4cbe7c7dc62ed58cfe6d24f73e1 /src/secretsharing | |
parent | fbb71d527c7d6babf269a8fefce1db291b9f7068 (diff) | |
download | gnunet-c4e9ba925ffd758aaa3feee2ccfc0b76f26fe207.tar.gz gnunet-c4e9ba925ffd758aaa3feee2ccfc0b76f26fe207.zip |
global reindent, now with uncrustify hook enabled
Diffstat (limited to 'src/secretsharing')
-rw-r--r-- | src/secretsharing/gnunet-secretsharing-profiler.c | 518 | ||||
-rw-r--r-- | src/secretsharing/gnunet-service-secretsharing.c | 2202 | ||||
-rw-r--r-- | src/secretsharing/secretsharing.h | 21 | ||||
-rw-r--r-- | src/secretsharing/secretsharing_api.c | 350 | ||||
-rw-r--r-- | src/secretsharing/secretsharing_common.c | 83 | ||||
-rw-r--r-- | src/secretsharing/secretsharing_protocol.h | 12 | ||||
-rw-r--r-- | src/secretsharing/test_secretsharing_api.c | 60 |
7 files changed, 1706 insertions, 1540 deletions
diff --git a/src/secretsharing/gnunet-secretsharing-profiler.c b/src/secretsharing/gnunet-secretsharing-profiler.c index 0bd2cc6a9..38163e2c2 100644 --- a/src/secretsharing/gnunet-secretsharing-profiler.c +++ b/src/secretsharing/gnunet-secretsharing-profiler.c | |||
@@ -122,10 +122,10 @@ static int in_shutdown; | |||
122 | * @param event information about the event | 122 | * @param event information about the event |
123 | */ | 123 | */ |
124 | static void | 124 | static void |
125 | controller_cb(void *cls, | 125 | controller_cb (void *cls, |
126 | const struct GNUNET_TESTBED_EventInformation *event) | 126 | const struct GNUNET_TESTBED_EventInformation *event) |
127 | { | 127 | { |
128 | GNUNET_assert(0); | 128 | GNUNET_assert (0); |
129 | } | 129 | } |
130 | 130 | ||
131 | 131 | ||
@@ -139,29 +139,29 @@ controller_cb(void *cls, | |||
139 | * operation has executed successfully. | 139 | * operation has executed successfully. |
140 | */ | 140 | */ |
141 | static void | 141 | static void |
142 | session_connect_complete(void *cls, | 142 | session_connect_complete (void *cls, |
143 | struct GNUNET_TESTBED_Operation *op, | 143 | struct GNUNET_TESTBED_Operation *op, |
144 | void *ca_result, | 144 | void *ca_result, |
145 | const char *emsg) | 145 | const char *emsg) |
146 | { | 146 | { |
147 | if (NULL != emsg) | 147 | if (NULL != emsg) |
148 | { | 148 | { |
149 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 149 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
150 | "testbed connect emsg: %s\n", | 150 | "testbed connect emsg: %s\n", |
151 | emsg); | 151 | emsg); |
152 | GNUNET_assert(0); | 152 | GNUNET_assert (0); |
153 | } | 153 | } |
154 | 154 | ||
155 | num_connected_sessions++; | 155 | num_connected_sessions++; |
156 | 156 | ||
157 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 157 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
158 | "dkg: session connect complete\n"); | 158 | "dkg: session connect complete\n"); |
159 | 159 | ||
160 | if (num_connected_sessions == num_peers) | 160 | if (num_connected_sessions == num_peers) |
161 | { | 161 | { |
162 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 162 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
163 | "dkg: all peers connected\n"); | 163 | "dkg: all peers connected\n"); |
164 | } | 164 | } |
165 | } | 165 | } |
166 | 166 | ||
167 | 167 | ||
@@ -175,29 +175,29 @@ session_connect_complete(void *cls, | |||
175 | * operation has executed successfully. | 175 | * operation has executed successfully. |
176 | */ | 176 | */ |
177 | static void | 177 | static void |
178 | decrypt_connect_complete(void *cls, | 178 | decrypt_connect_complete (void *cls, |
179 | struct GNUNET_TESTBED_Operation *op, | 179 | struct GNUNET_TESTBED_Operation *op, |
180 | void *ca_result, | 180 | void *ca_result, |
181 | const char *emsg) | 181 | const char *emsg) |
182 | { | 182 | { |
183 | if (NULL != emsg) | 183 | if (NULL != emsg) |
184 | { | 184 | { |
185 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 185 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
186 | "testbed connect emsg: %s\n", | 186 | "testbed connect emsg: %s\n", |
187 | emsg); | 187 | emsg); |
188 | GNUNET_assert(0); | 188 | GNUNET_assert (0); |
189 | } | 189 | } |
190 | 190 | ||
191 | num_connected_decrypt++; | 191 | num_connected_decrypt++; |
192 | 192 | ||
193 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 193 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
194 | "decrypt: session connect complete\n"); | 194 | "decrypt: session connect complete\n"); |
195 | 195 | ||
196 | if (num_connected_decrypt == num_peers) | 196 | if (num_connected_decrypt == num_peers) |
197 | { | 197 | { |
198 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 198 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
199 | "decrypt: all peers connected\n"); | 199 | "decrypt: all peers connected\n"); |
200 | } | 200 | } |
201 | } | 201 | } |
202 | 202 | ||
203 | 203 | ||
@@ -207,8 +207,8 @@ decrypt_connect_complete(void *cls, | |||
207 | * @param cls Plaintext | 207 | * @param cls Plaintext |
208 | * @param plaintext Plaintext | 208 | * @param plaintext Plaintext |
209 | */ | 209 | */ |
210 | static void decrypt_cb(void *cls, | 210 | static void decrypt_cb (void *cls, |
211 | const struct GNUNET_SECRETSHARING_Plaintext *plaintext) | 211 | const struct GNUNET_SECRETSHARING_Plaintext *plaintext) |
212 | { | 212 | { |
213 | struct GNUNET_SECRETSHARING_DecryptionHandle **dhp = cls; | 213 | struct GNUNET_SECRETSHARING_DecryptionHandle **dhp = cls; |
214 | unsigned int n = dhp - decrypt_handles; | 214 | unsigned int n = dhp - decrypt_handles; |
@@ -218,25 +218,27 @@ static void decrypt_cb(void *cls, | |||
218 | *dhp = NULL; | 218 | *dhp = NULL; |
219 | 219 | ||
220 | // we should still be connected if this is called | 220 | // we should still be connected if this is called |
221 | GNUNET_assert(NULL != connect_ops[n]); | 221 | GNUNET_assert (NULL != connect_ops[n]); |
222 | 222 | ||
223 | GNUNET_TESTBED_operation_done(connect_ops[n]); | 223 | GNUNET_TESTBED_operation_done (connect_ops[n]); |
224 | 224 | ||
225 | if (NULL == plaintext) | 225 | if (NULL == plaintext) |
226 | { | 226 | { |
227 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt failed for peer %u\n", n); | 227 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt failed for peer %u\n", n); |
228 | return; | 228 | return; |
229 | } | 229 | } |
230 | else if (0 == GNUNET_memcmp(&reference_plaintext, plaintext)) | 230 | else if (0 == GNUNET_memcmp (&reference_plaintext, plaintext)) |
231 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "decrypt got correct result for peer %u\n", n); | 231 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
232 | "decrypt got correct result for peer %u\n", n); | ||
232 | else | 233 | else |
233 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt got wrong result for peer %u\n", n); | 234 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
235 | "decrypt got wrong result for peer %u\n", n); | ||
234 | 236 | ||
235 | if (num_decrypted == num_peers) | 237 | if (num_decrypted == num_peers) |
236 | { | 238 | { |
237 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "every peer decrypted\n"); | 239 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "every peer decrypted\n"); |
238 | GNUNET_SCHEDULER_shutdown(); | 240 | GNUNET_SCHEDULER_shutdown (); |
239 | } | 241 | } |
240 | 242 | ||
241 | *dhp = NULL; | 243 | *dhp = NULL; |
242 | } | 244 | } |
@@ -254,19 +256,19 @@ static void decrypt_cb(void *cls, | |||
254 | * @return service handle to return in 'op_result', NULL on error | 256 | * @return service handle to return in 'op_result', NULL on error |
255 | */ | 257 | */ |
256 | static void * | 258 | static void * |
257 | decrypt_connect_adapter(void *cls, | 259 | decrypt_connect_adapter (void *cls, |
258 | const struct GNUNET_CONFIGURATION_Handle *cfg) | 260 | const struct GNUNET_CONFIGURATION_Handle *cfg) |
259 | { | 261 | { |
260 | struct GNUNET_SECRETSHARING_DecryptionHandle **hp = cls; | 262 | struct GNUNET_SECRETSHARING_DecryptionHandle **hp = cls; |
261 | unsigned int n = hp - decrypt_handles; | 263 | unsigned int n = hp - decrypt_handles; |
262 | 264 | ||
263 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 265 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
264 | "decrypt connect adapter, %d peers\n", | 266 | "decrypt connect adapter, %d peers\n", |
265 | num_peers); | 267 | num_peers); |
266 | *hp = GNUNET_SECRETSHARING_decrypt(cfg, shares[n], &ciphertext, | 268 | *hp = GNUNET_SECRETSHARING_decrypt (cfg, shares[n], &ciphertext, |
267 | decrypt_start, decrypt_deadline, | 269 | decrypt_start, decrypt_deadline, |
268 | decrypt_cb, | 270 | decrypt_cb, |
269 | hp); | 271 | hp); |
270 | 272 | ||
271 | return *hp; | 273 | return *hp; |
272 | } | 274 | } |
@@ -280,30 +282,30 @@ decrypt_connect_adapter(void *cls, | |||
280 | * @param op_result service handle returned from the connect adapter | 282 | * @param op_result service handle returned from the connect adapter |
281 | */ | 283 | */ |
282 | static void | 284 | static void |
283 | decrypt_disconnect_adapter(void *cls, void *op_result) | 285 | decrypt_disconnect_adapter (void *cls, void *op_result) |
284 | { | 286 | { |
285 | struct GNUNET_SECRETSHARING_DecryptionHandle **dh = cls; | 287 | struct GNUNET_SECRETSHARING_DecryptionHandle **dh = cls; |
286 | unsigned int n = dh - decrypt_handles; | 288 | unsigned int n = dh - decrypt_handles; |
287 | 289 | ||
288 | GNUNET_assert(*dh == decrypt_handles[n]); | 290 | GNUNET_assert (*dh == decrypt_handles[n]); |
289 | 291 | ||
290 | if (NULL != *dh) | 292 | if (NULL != *dh) |
291 | { | 293 | { |
292 | GNUNET_SECRETSHARING_decrypt_cancel(*dh); | 294 | GNUNET_SECRETSHARING_decrypt_cancel (*dh); |
293 | *dh = NULL; | 295 | *dh = NULL; |
294 | } | 296 | } |
295 | 297 | ||
296 | GNUNET_assert(NULL != connect_ops[n]); | 298 | GNUNET_assert (NULL != connect_ops[n]); |
297 | connect_ops[n] = NULL; | 299 | connect_ops[n] = NULL; |
298 | } | 300 | } |
299 | 301 | ||
300 | 302 | ||
301 | static void | 303 | static void |
302 | secret_ready_cb(void *cls, | 304 | secret_ready_cb (void *cls, |
303 | struct GNUNET_SECRETSHARING_Share *my_share, | 305 | struct GNUNET_SECRETSHARING_Share *my_share, |
304 | struct GNUNET_SECRETSHARING_PublicKey *public_key, | 306 | struct GNUNET_SECRETSHARING_PublicKey *public_key, |
305 | unsigned int num_ready_peers, | 307 | unsigned int num_ready_peers, |
306 | const struct GNUNET_PeerIdentity *ready_peers) | 308 | const struct GNUNET_PeerIdentity *ready_peers) |
307 | { | 309 | { |
308 | struct GNUNET_SECRETSHARING_Session **sp = cls; | 310 | struct GNUNET_SECRETSHARING_Session **sp = cls; |
309 | unsigned int n = sp - session_handles; | 311 | unsigned int n = sp - session_handles; |
@@ -314,35 +316,39 @@ secret_ready_cb(void *cls, | |||
314 | *sp = NULL; | 316 | *sp = NULL; |
315 | shares[n] = my_share; | 317 | shares[n] = my_share; |
316 | if (NULL == my_share) | 318 | if (NULL == my_share) |
319 | { | ||
320 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "key generation failed for peer #%u\n", | ||
321 | n); | ||
322 | } | ||
323 | else | ||
324 | { | ||
325 | ret = GNUNET_STRINGS_data_to_string (public_key, sizeof *public_key, | ||
326 | pubkey_str, 1024); | ||
327 | GNUNET_assert (NULL != ret); | ||
328 | *ret = '\0'; | ||
329 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
330 | "key generation successful for peer #%u, pubkey %s\n", n, | ||
331 | pubkey_str); | ||
332 | |||
333 | /* we're the first to get the key -> store it */ | ||
334 | if (num_generated == 1) | ||
317 | { | 335 | { |
318 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "key generation failed for peer #%u\n", n); | 336 | common_pubkey = *public_key; |
319 | } | 337 | } |
320 | else | 338 | else if (0 != GNUNET_memcmp (public_key, &common_pubkey)) |
321 | { | 339 | { |
322 | ret = GNUNET_STRINGS_data_to_string(public_key, sizeof *public_key, pubkey_str, 1024); | 340 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
323 | GNUNET_assert(NULL != ret); | 341 | "generated public keys do not match\n"); |
324 | *ret = '\0'; | 342 | GNUNET_SCHEDULER_shutdown (); |
325 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "key generation successful for peer #%u, pubkey %s\n", n, | 343 | return; |
326 | pubkey_str); | ||
327 | |||
328 | /* we're the first to get the key -> store it */ | ||
329 | if (num_generated == 1) | ||
330 | { | ||
331 | common_pubkey = *public_key; | ||
332 | } | ||
333 | else if (0 != GNUNET_memcmp(public_key, &common_pubkey)) | ||
334 | { | ||
335 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "generated public keys do not match\n"); | ||
336 | GNUNET_SCHEDULER_shutdown(); | ||
337 | return; | ||
338 | } | ||
339 | } | 344 | } |
345 | } | ||
340 | 346 | ||
341 | // we should still be connected | 347 | // we should still be connected |
342 | GNUNET_assert(NULL != connect_ops[n]); | 348 | GNUNET_assert (NULL != connect_ops[n]); |
343 | 349 | ||
344 | // disconnect from the service, will call the disconnect callback | 350 | // disconnect from the service, will call the disconnect callback |
345 | GNUNET_TESTBED_operation_done(connect_ops[n]); | 351 | GNUNET_TESTBED_operation_done (connect_ops[n]); |
346 | } | 352 | } |
347 | 353 | ||
348 | 354 | ||
@@ -357,22 +363,22 @@ secret_ready_cb(void *cls, | |||
357 | * @return service handle to return in 'op_result', NULL on error | 363 | * @return service handle to return in 'op_result', NULL on error |
358 | */ | 364 | */ |
359 | static void * | 365 | static void * |
360 | session_connect_adapter(void *cls, | 366 | session_connect_adapter (void *cls, |
361 | const struct GNUNET_CONFIGURATION_Handle *cfg) | 367 | const struct GNUNET_CONFIGURATION_Handle *cfg) |
362 | { | 368 | { |
363 | struct GNUNET_SECRETSHARING_Session **sp = cls; | 369 | struct GNUNET_SECRETSHARING_Session **sp = cls; |
364 | 370 | ||
365 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 371 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
366 | "connect adapter, %d peers\n", | 372 | "connect adapter, %d peers\n", |
367 | num_peers); | 373 | num_peers); |
368 | *sp = GNUNET_SECRETSHARING_create_session(cfg, | 374 | *sp = GNUNET_SECRETSHARING_create_session (cfg, |
369 | num_peers, | 375 | num_peers, |
370 | peer_ids, | 376 | peer_ids, |
371 | &session_id, | 377 | &session_id, |
372 | dkg_start, | 378 | dkg_start, |
373 | dkg_deadline, | 379 | dkg_deadline, |
374 | threshold, | 380 | threshold, |
375 | &secret_ready_cb, sp); | 381 | &secret_ready_cb, sp); |
376 | return *sp; | 382 | return *sp; |
377 | } | 383 | } |
378 | 384 | ||
@@ -386,20 +392,20 @@ session_connect_adapter(void *cls, | |||
386 | * @param op_result service handle returned from the connect adapter | 392 | * @param op_result service handle returned from the connect adapter |
387 | */ | 393 | */ |
388 | static void | 394 | static void |
389 | session_disconnect_adapter(void *cls, void *op_result) | 395 | session_disconnect_adapter (void *cls, void *op_result) |
390 | { | 396 | { |
391 | struct GNUNET_SECRETSHARING_Session **sp = cls; | 397 | struct GNUNET_SECRETSHARING_Session **sp = cls; |
392 | unsigned int n = (sp - session_handles); | 398 | unsigned int n = (sp - session_handles); |
393 | 399 | ||
394 | GNUNET_assert(*sp == session_handles[n]); | 400 | GNUNET_assert (*sp == session_handles[n]); |
395 | 401 | ||
396 | if (NULL != *sp) | 402 | if (NULL != *sp) |
397 | { | 403 | { |
398 | GNUNET_SECRETSHARING_session_destroy(*sp); | 404 | GNUNET_SECRETSHARING_session_destroy (*sp); |
399 | *sp = NULL; | 405 | *sp = NULL; |
400 | } | 406 | } |
401 | 407 | ||
402 | GNUNET_assert(NULL != connect_ops[n]); | 408 | GNUNET_assert (NULL != connect_ops[n]); |
403 | connect_ops[n] = NULL; | 409 | connect_ops[n] = NULL; |
404 | 410 | ||
405 | if (GNUNET_YES == in_shutdown) | 411 | if (GNUNET_YES == in_shutdown) |
@@ -407,29 +413,34 @@ session_disconnect_adapter(void *cls, void *op_result) | |||
407 | 413 | ||
408 | // all peers received their secret | 414 | // all peers received their secret |
409 | if (num_generated == num_peers) | 415 | if (num_generated == num_peers) |
410 | { | 416 | { |
411 | int i; | 417 | int i; |
412 | |||
413 | // only do decryption if requested by the user | ||
414 | if (GNUNET_NO == decrypt) | ||
415 | { | ||
416 | GNUNET_SCHEDULER_shutdown(); | ||
417 | return; | ||
418 | } | ||
419 | |||
420 | decrypt_start = GNUNET_TIME_absolute_add(GNUNET_TIME_absolute_get(), delay); | ||
421 | decrypt_deadline = GNUNET_TIME_absolute_add(decrypt_start, timeout); | ||
422 | |||
423 | // compute g^42 as the plaintext which we will decrypt and then | ||
424 | // cooperatively decrypt | ||
425 | GNUNET_SECRETSHARING_plaintext_generate_i(&reference_plaintext, 42); | ||
426 | GNUNET_SECRETSHARING_encrypt(&common_pubkey, &reference_plaintext, &ciphertext); | ||
427 | 418 | ||
428 | for (i = 0; i < num_peers; i++) | 419 | // only do decryption if requested by the user |
429 | connect_ops[i] = | 420 | if (GNUNET_NO == decrypt) |
430 | GNUNET_TESTBED_service_connect(NULL, peers[i], "secretsharing", &decrypt_connect_complete, NULL, | 421 | { |
431 | &decrypt_connect_adapter, &decrypt_disconnect_adapter, &decrypt_handles[i]); | 422 | GNUNET_SCHEDULER_shutdown (); |
423 | return; | ||
432 | } | 424 | } |
425 | |||
426 | decrypt_start = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), | ||
427 | delay); | ||
428 | decrypt_deadline = GNUNET_TIME_absolute_add (decrypt_start, timeout); | ||
429 | |||
430 | // compute g^42 as the plaintext which we will decrypt and then | ||
431 | // cooperatively decrypt | ||
432 | GNUNET_SECRETSHARING_plaintext_generate_i (&reference_plaintext, 42); | ||
433 | GNUNET_SECRETSHARING_encrypt (&common_pubkey, &reference_plaintext, | ||
434 | &ciphertext); | ||
435 | |||
436 | for (i = 0; i < num_peers; i++) | ||
437 | connect_ops[i] = | ||
438 | GNUNET_TESTBED_service_connect (NULL, peers[i], "secretsharing", | ||
439 | &decrypt_connect_complete, NULL, | ||
440 | &decrypt_connect_adapter, | ||
441 | &decrypt_disconnect_adapter, | ||
442 | &decrypt_handles[i]); | ||
443 | } | ||
433 | } | 444 | } |
434 | 445 | ||
435 | 446 | ||
@@ -443,34 +454,37 @@ session_disconnect_adapter(void *cls, void *op_result) | |||
443 | * operation is successfull | 454 | * operation is successfull |
444 | */ | 455 | */ |
445 | static void | 456 | static void |
446 | peer_info_cb(void *cb_cls, | 457 | peer_info_cb (void *cb_cls, |
447 | struct GNUNET_TESTBED_Operation *op, | 458 | struct GNUNET_TESTBED_Operation *op, |
448 | const struct GNUNET_TESTBED_PeerInformation *pinfo, | 459 | const struct GNUNET_TESTBED_PeerInformation *pinfo, |
449 | const char *emsg) | 460 | const char *emsg) |
450 | { | 461 | { |
451 | struct GNUNET_PeerIdentity *p; | 462 | struct GNUNET_PeerIdentity *p; |
452 | int i; | 463 | int i; |
453 | 464 | ||
454 | GNUNET_assert(NULL == emsg); | 465 | GNUNET_assert (NULL == emsg); |
455 | 466 | ||
456 | p = (struct GNUNET_PeerIdentity *)cb_cls; | 467 | p = (struct GNUNET_PeerIdentity *) cb_cls; |
457 | 468 | ||
458 | if (pinfo->pit == GNUNET_TESTBED_PIT_IDENTITY) | 469 | if (pinfo->pit == GNUNET_TESTBED_PIT_IDENTITY) |
459 | { | 470 | { |
460 | *p = *pinfo->result.id; | 471 | *p = *pinfo->result.id; |
461 | num_retrieved_peer_ids++; | 472 | num_retrieved_peer_ids++; |
462 | if (num_retrieved_peer_ids == num_peers) | 473 | if (num_retrieved_peer_ids == num_peers) |
463 | for (i = 0; i < num_peers; i++) | 474 | for (i = 0; i < num_peers; i++) |
464 | connect_ops[i] = | 475 | connect_ops[i] = |
465 | GNUNET_TESTBED_service_connect(NULL, peers[i], "secretsharing", session_connect_complete, NULL, | 476 | GNUNET_TESTBED_service_connect (NULL, peers[i], "secretsharing", |
466 | session_connect_adapter, session_disconnect_adapter, &session_handles[i]); | 477 | session_connect_complete, NULL, |
467 | } | 478 | session_connect_adapter, |
479 | session_disconnect_adapter, | ||
480 | &session_handles[i]); | ||
481 | } | ||
468 | else | 482 | else |
469 | { | 483 | { |
470 | GNUNET_assert(0); | 484 | GNUNET_assert (0); |
471 | } | 485 | } |
472 | 486 | ||
473 | GNUNET_TESTBED_operation_done(op); | 487 | GNUNET_TESTBED_operation_done (op); |
474 | } | 488 | } |
475 | 489 | ||
476 | 490 | ||
@@ -480,21 +494,21 @@ peer_info_cb(void *cb_cls, | |||
480 | * @param cls closure | 494 | * @param cls closure |
481 | */ | 495 | */ |
482 | static void | 496 | static void |
483 | handle_shutdown(void *cls) | 497 | handle_shutdown (void *cls) |
484 | { | 498 | { |
485 | in_shutdown = GNUNET_YES; | 499 | in_shutdown = GNUNET_YES; |
486 | 500 | ||
487 | if (NULL != connect_ops) | 501 | if (NULL != connect_ops) |
488 | { | 502 | { |
489 | unsigned int i; | 503 | unsigned int i; |
490 | for (i = 0; i < num_peers; i++) | 504 | for (i = 0; i < num_peers; i++) |
491 | if (NULL != connect_ops[i]) | 505 | if (NULL != connect_ops[i]) |
492 | { | 506 | { |
493 | // the disconnect callback will set the op to NULL | 507 | // the disconnect callback will set the op to NULL |
494 | GNUNET_TESTBED_operation_done(connect_ops[i]); | 508 | GNUNET_TESTBED_operation_done (connect_ops[i]); |
495 | } | 509 | } |
496 | GNUNET_free(connect_ops); | 510 | GNUNET_free (connect_ops); |
497 | } | 511 | } |
498 | 512 | ||
499 | // killing the testbed operation will take care of remaining | 513 | // killing the testbed operation will take care of remaining |
500 | // service handles in the disconnect callback | 514 | // service handles in the disconnect callback |
@@ -515,131 +529,135 @@ handle_shutdown(void *cls) | |||
515 | * failed | 529 | * failed |
516 | */ | 530 | */ |
517 | static void | 531 | static void |
518 | test_master(void *cls, | 532 | test_master (void *cls, |
519 | struct GNUNET_TESTBED_RunHandle *h, | 533 | struct GNUNET_TESTBED_RunHandle *h, |
520 | unsigned int num_peers, | 534 | unsigned int num_peers, |
521 | struct GNUNET_TESTBED_Peer **started_peers, | 535 | struct GNUNET_TESTBED_Peer **started_peers, |
522 | unsigned int links_succeeded, | 536 | unsigned int links_succeeded, |
523 | unsigned int links_failed) | 537 | unsigned int links_failed) |
524 | { | 538 | { |
525 | int i; | 539 | int i; |
526 | 540 | ||
527 | GNUNET_log_setup("gnunet-secretsharing-profiler", "INFO", NULL); | 541 | GNUNET_log_setup ("gnunet-secretsharing-profiler", "INFO", NULL); |
528 | 542 | ||
529 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "test master\n"); | 543 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "test master\n"); |
530 | 544 | ||
531 | GNUNET_SCHEDULER_add_shutdown(&handle_shutdown, NULL); | 545 | GNUNET_SCHEDULER_add_shutdown (&handle_shutdown, NULL); |
532 | 546 | ||
533 | peers = started_peers; | 547 | peers = started_peers; |
534 | 548 | ||
535 | peer_ids = GNUNET_malloc(num_peers * sizeof(struct GNUNET_PeerIdentity)); | 549 | peer_ids = GNUNET_malloc (num_peers * sizeof(struct GNUNET_PeerIdentity)); |
536 | 550 | ||
537 | session_handles = GNUNET_new_array(num_peers, struct GNUNET_SECRETSHARING_Session *); | 551 | session_handles = GNUNET_new_array (num_peers, struct |
538 | decrypt_handles = GNUNET_new_array(num_peers, struct GNUNET_SECRETSHARING_DecryptionHandle *); | 552 | GNUNET_SECRETSHARING_Session *); |
539 | connect_ops = GNUNET_new_array(num_peers, struct GNUNET_TESTBED_Operation *); | 553 | decrypt_handles = GNUNET_new_array (num_peers, struct |
540 | shares = GNUNET_new_array(num_peers, struct GNUNET_SECRETSHARING_Share *); | 554 | GNUNET_SECRETSHARING_DecryptionHandle *); |
555 | connect_ops = GNUNET_new_array (num_peers, struct GNUNET_TESTBED_Operation *); | ||
556 | shares = GNUNET_new_array (num_peers, struct GNUNET_SECRETSHARING_Share *); | ||
541 | 557 | ||
542 | for (i = 0; i < num_peers; i++) | 558 | for (i = 0; i < num_peers; i++) |
543 | { | 559 | { |
544 | // we do not store the returned operation, as peer_info_cb | 560 | // we do not store the returned operation, as peer_info_cb |
545 | // will receive it as a parameter and call GNUNET_TESTBED_operation_done. | 561 | // will receive it as a parameter and call GNUNET_TESTBED_operation_done. |
546 | GNUNET_TESTBED_peer_get_information(peers[i], | 562 | GNUNET_TESTBED_peer_get_information (peers[i], |
547 | GNUNET_TESTBED_PIT_IDENTITY, | 563 | GNUNET_TESTBED_PIT_IDENTITY, |
548 | peer_info_cb, | 564 | peer_info_cb, |
549 | &peer_ids[i]); | 565 | &peer_ids[i]); |
550 | } | 566 | } |
551 | } | 567 | } |
552 | 568 | ||
553 | 569 | ||
554 | static void | 570 | static void |
555 | run(void *cls, char *const *args, const char *cfgfile, | 571 | run (void *cls, char *const *args, const char *cfgfile, |
556 | const struct GNUNET_CONFIGURATION_Handle *cfg) | 572 | const struct GNUNET_CONFIGURATION_Handle *cfg) |
557 | { | 573 | { |
558 | static char *session_str = "gnunet-secretsharing/test"; | 574 | static char *session_str = "gnunet-secretsharing/test"; |
559 | char *topology; | 575 | char *topology; |
560 | int topology_cmp_result; | 576 | int topology_cmp_result; |
561 | 577 | ||
562 | dkg_start = GNUNET_TIME_absolute_add(GNUNET_TIME_absolute_get(), delay); | 578 | dkg_start = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), delay); |
563 | dkg_deadline = GNUNET_TIME_absolute_add(dkg_start, timeout); | 579 | dkg_deadline = GNUNET_TIME_absolute_add (dkg_start, timeout); |
564 | 580 | ||
565 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string(cfg, "testbed", "OVERLAY_TOPOLOGY", &topology)) | 581 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "testbed", |
566 | { | 582 | "OVERLAY_TOPOLOGY", |
567 | fprintf(stderr, | 583 | &topology)) |
568 | "'OVERLAY_TOPOLOGY' not found in 'testbed' config section, " | 584 | { |
569 | "seems like you passed the wrong configuration file\n"); | 585 | fprintf (stderr, |
570 | return; | 586 | "'OVERLAY_TOPOLOGY' not found in 'testbed' config section, " |
571 | } | 587 | "seems like you passed the wrong configuration file\n"); |
588 | return; | ||
589 | } | ||
572 | 590 | ||
573 | topology_cmp_result = strcasecmp(topology, "NONE"); | 591 | topology_cmp_result = strcasecmp (topology, "NONE"); |
574 | GNUNET_free(topology); | 592 | GNUNET_free (topology); |
575 | 593 | ||
576 | if (0 == topology_cmp_result) | 594 | if (0 == topology_cmp_result) |
577 | { | 595 | { |
578 | fprintf(stderr, | 596 | fprintf (stderr, |
579 | "'OVERLAY_TOPOLOGY' set to 'NONE', " | 597 | "'OVERLAY_TOPOLOGY' set to 'NONE', " |
580 | "seems like you passed the wrong configuration file\n"); | 598 | "seems like you passed the wrong configuration file\n"); |
581 | return; | 599 | return; |
582 | } | 600 | } |
583 | 601 | ||
584 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 602 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
585 | "running gnunet-secretsharing-profiler\n"); | 603 | "running gnunet-secretsharing-profiler\n"); |
586 | 604 | ||
587 | GNUNET_CRYPTO_hash(session_str, strlen(session_str), &session_id); | 605 | GNUNET_CRYPTO_hash (session_str, strlen (session_str), &session_id); |
588 | 606 | ||
589 | (void)GNUNET_TESTBED_test_run("gnunet-secretsharing-profiler", | 607 | (void) GNUNET_TESTBED_test_run ("gnunet-secretsharing-profiler", |
590 | cfgfile, | 608 | cfgfile, |
591 | num_peers, | 609 | num_peers, |
592 | 0, | 610 | 0, |
593 | controller_cb, | 611 | controller_cb, |
594 | NULL, | 612 | NULL, |
595 | test_master, | 613 | test_master, |
596 | NULL); | 614 | NULL); |
597 | } | 615 | } |
598 | 616 | ||
599 | 617 | ||
600 | int | 618 | int |
601 | main(int argc, char **argv) | 619 | main (int argc, char **argv) |
602 | { | 620 | { |
603 | struct GNUNET_GETOPT_CommandLineOption options[] = { | 621 | struct GNUNET_GETOPT_CommandLineOption options[] = { |
604 | GNUNET_GETOPT_option_uint('n', | 622 | GNUNET_GETOPT_option_uint ('n', |
605 | "num-peers", | 623 | "num-peers", |
606 | NULL, | 624 | NULL, |
607 | gettext_noop("number of peers in consensus"), | 625 | gettext_noop ("number of peers in consensus"), |
608 | &num_peers), | 626 | &num_peers), |
609 | 627 | ||
610 | GNUNET_GETOPT_option_relative_time('D', | 628 | GNUNET_GETOPT_option_relative_time ('D', |
611 | "delay", | 629 | "delay", |
612 | NULL, | 630 | NULL, |
613 | gettext_noop("dkg start delay"), | 631 | gettext_noop ("dkg start delay"), |
614 | &delay), | 632 | &delay), |
615 | 633 | ||
616 | GNUNET_GETOPT_option_relative_time('t', | 634 | GNUNET_GETOPT_option_relative_time ('t', |
617 | "timeout", | 635 | "timeout", |
618 | NULL, | 636 | NULL, |
619 | gettext_noop("dkg timeout"), | 637 | gettext_noop ("dkg timeout"), |
620 | &timeout), | 638 | &timeout), |
621 | 639 | ||
622 | GNUNET_GETOPT_option_uint('k', | 640 | GNUNET_GETOPT_option_uint ('k', |
623 | "threshold", | 641 | "threshold", |
624 | NULL, | 642 | NULL, |
625 | gettext_noop("threshold"), | 643 | gettext_noop ("threshold"), |
626 | &threshold), | 644 | &threshold), |
627 | 645 | ||
628 | GNUNET_GETOPT_option_flag('d', | 646 | GNUNET_GETOPT_option_flag ('d', |
629 | "descrypt", | 647 | "descrypt", |
630 | gettext_noop("also profile decryption"), | 648 | gettext_noop ("also profile decryption"), |
631 | &decrypt), | 649 | &decrypt), |
632 | 650 | ||
633 | 651 | ||
634 | GNUNET_GETOPT_option_verbose(&verbose), | 652 | GNUNET_GETOPT_option_verbose (&verbose), |
635 | 653 | ||
636 | GNUNET_GETOPT_OPTION_END | 654 | GNUNET_GETOPT_OPTION_END |
637 | }; | 655 | }; |
638 | 656 | ||
639 | delay = GNUNET_TIME_UNIT_ZERO; | 657 | delay = GNUNET_TIME_UNIT_ZERO; |
640 | timeout = GNUNET_TIME_UNIT_MINUTES; | 658 | timeout = GNUNET_TIME_UNIT_MINUTES; |
641 | GNUNET_PROGRAM_run2(argc, argv, "gnunet-secretsharing-profiler", | 659 | GNUNET_PROGRAM_run2 (argc, argv, "gnunet-secretsharing-profiler", |
642 | "help", | 660 | "help", |
643 | options, &run, NULL, GNUNET_YES); | 661 | options, &run, NULL, GNUNET_YES); |
644 | return 0; | 662 | return 0; |
645 | } | 663 | } |
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c index 828ff04af..bf7f35920 100644 --- a/src/secretsharing/gnunet-service-secretsharing.c +++ b/src/secretsharing/gnunet-service-secretsharing.c | |||
@@ -39,7 +39,8 @@ | |||
39 | /** | 39 | /** |
40 | * Info about a peer in a key generation session. | 40 | * Info about a peer in a key generation session. |
41 | */ | 41 | */ |
42 | struct KeygenPeerInfo { | 42 | struct KeygenPeerInfo |
43 | { | ||
43 | /** | 44 | /** |
44 | * Peer identity of the peer. | 45 | * Peer identity of the peer. |
45 | */ | 46 | */ |
@@ -84,7 +85,8 @@ struct KeygenPeerInfo { | |||
84 | /** | 85 | /** |
85 | * Information about a peer in a decrypt session. | 86 | * Information about a peer in a decrypt session. |
86 | */ | 87 | */ |
87 | struct DecryptPeerInfo { | 88 | struct DecryptPeerInfo |
89 | { | ||
88 | /** | 90 | /** |
89 | * Identity of the peer. | 91 | * Identity of the peer. |
90 | */ | 92 | */ |
@@ -115,7 +117,8 @@ struct ClientState; | |||
115 | /** | 117 | /** |
116 | * Session to establish a threshold-shared secret. | 118 | * Session to establish a threshold-shared secret. |
117 | */ | 119 | */ |
118 | struct KeygenSession { | 120 | struct KeygenSession |
121 | { | ||
119 | /** | 122 | /** |
120 | * Current consensus, used for both DKG rounds. | 123 | * Current consensus, used for both DKG rounds. |
121 | */ | 124 | */ |
@@ -208,7 +211,8 @@ struct KeygenSession { | |||
208 | /** | 211 | /** |
209 | * Session to cooperatively decrypt a value. | 212 | * Session to cooperatively decrypt a value. |
210 | */ | 213 | */ |
211 | struct DecryptSession { | 214 | struct DecryptSession |
215 | { | ||
212 | /** | 216 | /** |
213 | * Handle to the consensus over partial decryptions. | 217 | * Handle to the consensus over partial decryptions. |
214 | */ | 218 | */ |
@@ -252,7 +256,8 @@ struct DecryptSession { | |||
252 | /** | 256 | /** |
253 | * State we keep per client. | 257 | * State we keep per client. |
254 | */ | 258 | */ |
255 | struct ClientState { | 259 | struct ClientState |
260 | { | ||
256 | /** | 261 | /** |
257 | * Decrypt session of the client, if any. | 262 | * Decrypt session of the client, if any. |
258 | */ | 263 | */ |
@@ -317,13 +322,13 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg; | |||
317 | * @return The Keygen peer info, or NULL if the peer could not be found. | 322 | * @return The Keygen peer info, or NULL if the peer could not be found. |
318 | */ | 323 | */ |
319 | static struct KeygenPeerInfo * | 324 | static struct KeygenPeerInfo * |
320 | get_keygen_peer_info(const struct KeygenSession *ks, | 325 | get_keygen_peer_info (const struct KeygenSession *ks, |
321 | const struct GNUNET_PeerIdentity *peer) | 326 | const struct GNUNET_PeerIdentity *peer) |
322 | { | 327 | { |
323 | unsigned int i; | 328 | unsigned int i; |
324 | 329 | ||
325 | for (i = 0; i < ks->num_peers; i++) | 330 | for (i = 0; i < ks->num_peers; i++) |
326 | if (0 == GNUNET_memcmp(peer, &ks->info[i].peer)) | 331 | if (0 == GNUNET_memcmp (peer, &ks->info[i].peer)) |
327 | return &ks->info[i]; | 332 | return &ks->info[i]; |
328 | return NULL; | 333 | return NULL; |
329 | } | 334 | } |
@@ -337,13 +342,13 @@ get_keygen_peer_info(const struct KeygenSession *ks, | |||
337 | * @return The decrypt peer info, or NULL if the peer could not be found. | 342 | * @return The decrypt peer info, or NULL if the peer could not be found. |
338 | */ | 343 | */ |
339 | static struct DecryptPeerInfo * | 344 | static struct DecryptPeerInfo * |
340 | get_decrypt_peer_info(const struct DecryptSession *ds, | 345 | get_decrypt_peer_info (const struct DecryptSession *ds, |
341 | const struct GNUNET_PeerIdentity *peer) | 346 | const struct GNUNET_PeerIdentity *peer) |
342 | { | 347 | { |
343 | unsigned int i; | 348 | unsigned int i; |
344 | 349 | ||
345 | for (i = 0; i < ds->share->num_peers; i++) | 350 | for (i = 0; i < ds->share->num_peers; i++) |
346 | if (0 == GNUNET_memcmp(peer, &ds->info[i].peer)) | 351 | if (0 == GNUNET_memcmp (peer, &ds->info[i].peer)) |
347 | return &ds->info[i]; | 352 | return &ds->info[i]; |
348 | return NULL; | 353 | return NULL; |
349 | } | 354 | } |
@@ -358,14 +363,14 @@ get_decrypt_peer_info(const struct DecryptSession *ds, | |||
358 | * @param denum denumerator of the scale factor | 363 | * @param denum denumerator of the scale factor |
359 | */ | 364 | */ |
360 | static struct GNUNET_TIME_Absolute | 365 | static struct GNUNET_TIME_Absolute |
361 | time_between(struct GNUNET_TIME_Absolute start, | 366 | time_between (struct GNUNET_TIME_Absolute start, |
362 | struct GNUNET_TIME_Absolute end, | 367 | struct GNUNET_TIME_Absolute end, |
363 | int num, int denum) | 368 | int num, int denum) |
364 | { | 369 | { |
365 | struct GNUNET_TIME_Absolute result; | 370 | struct GNUNET_TIME_Absolute result; |
366 | uint64_t diff; | 371 | uint64_t diff; |
367 | 372 | ||
368 | GNUNET_assert(start.abs_value_us <= end.abs_value_us); | 373 | GNUNET_assert (start.abs_value_us <= end.abs_value_us); |
369 | diff = end.abs_value_us - start.abs_value_us; | 374 | diff = end.abs_value_us - start.abs_value_us; |
370 | result.abs_value_us = start.abs_value_us + ((diff * num) / denum); | 375 | result.abs_value_us = start.abs_value_us + ((diff * num) / denum); |
371 | 376 | ||
@@ -381,11 +386,11 @@ time_between(struct GNUNET_TIME_Absolute start, | |||
381 | * @return 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2. | 386 | * @return 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2. |
382 | */ | 387 | */ |
383 | static int | 388 | static int |
384 | peer_id_cmp(const void *p1, const void *p2) | 389 | peer_id_cmp (const void *p1, const void *p2) |
385 | { | 390 | { |
386 | return memcmp(p1, | 391 | return memcmp (p1, |
387 | p2, | 392 | p2, |
388 | sizeof(struct GNUNET_PeerIdentity)); | 393 | sizeof(struct GNUNET_PeerIdentity)); |
389 | } | 394 | } |
390 | 395 | ||
391 | 396 | ||
@@ -399,14 +404,14 @@ peer_id_cmp(const void *p1, const void *p2) | |||
399 | * is not in the list. | 404 | * is not in the list. |
400 | */ | 405 | */ |
401 | static int | 406 | static int |
402 | peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n, | 407 | peer_find (const struct GNUNET_PeerIdentity *haystack, unsigned int n, |
403 | const struct GNUNET_PeerIdentity *needle) | 408 | const struct GNUNET_PeerIdentity *needle) |
404 | { | 409 | { |
405 | unsigned int i; | 410 | unsigned int i; |
406 | 411 | ||
407 | for (i = 0; i < n; i++) | 412 | for (i = 0; i < n; i++) |
408 | if (0 == GNUNET_memcmp(&haystack[i], | 413 | if (0 == GNUNET_memcmp (&haystack[i], |
409 | needle)) | 414 | needle)) |
410 | return i; | 415 | return i; |
411 | return -1; | 416 | return -1; |
412 | } | 417 | } |
@@ -423,10 +428,10 @@ peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n, | |||
423 | * @return Normalized list, must be free'd by the caller. | 428 | * @return Normalized list, must be free'd by the caller. |
424 | */ | 429 | */ |
425 | static struct GNUNET_PeerIdentity * | 430 | static struct GNUNET_PeerIdentity * |
426 | normalize_peers(struct GNUNET_PeerIdentity *listed, | 431 | normalize_peers (struct GNUNET_PeerIdentity *listed, |
427 | unsigned int num_listed, | 432 | unsigned int num_listed, |
428 | unsigned int *num_normalized, | 433 | unsigned int *num_normalized, |
429 | unsigned int *my_peer_idx) | 434 | unsigned int *my_peer_idx) |
430 | { | 435 | { |
431 | unsigned int local_peer_in_list; | 436 | unsigned int local_peer_in_list; |
432 | /* number of peers in the normalized list */ | 437 | /* number of peers in the normalized list */ |
@@ -435,28 +440,28 @@ normalize_peers(struct GNUNET_PeerIdentity *listed, | |||
435 | 440 | ||
436 | local_peer_in_list = GNUNET_YES; | 441 | local_peer_in_list = GNUNET_YES; |
437 | n = num_listed; | 442 | n = num_listed; |
438 | if (peer_find(listed, num_listed, &my_peer) < 0) | 443 | if (peer_find (listed, num_listed, &my_peer) < 0) |
439 | { | 444 | { |
440 | local_peer_in_list = GNUNET_NO; | 445 | local_peer_in_list = GNUNET_NO; |
441 | n += 1; | 446 | n += 1; |
442 | } | 447 | } |
443 | 448 | ||
444 | normalized = GNUNET_new_array(n, | 449 | normalized = GNUNET_new_array (n, |
445 | struct GNUNET_PeerIdentity); | 450 | struct GNUNET_PeerIdentity); |
446 | 451 | ||
447 | if (GNUNET_NO == local_peer_in_list) | 452 | if (GNUNET_NO == local_peer_in_list) |
448 | normalized[n - 1] = my_peer; | 453 | normalized[n - 1] = my_peer; |
449 | 454 | ||
450 | GNUNET_memcpy(normalized, | 455 | GNUNET_memcpy (normalized, |
451 | listed, | 456 | listed, |
452 | num_listed * sizeof(struct GNUNET_PeerIdentity)); | 457 | num_listed * sizeof(struct GNUNET_PeerIdentity)); |
453 | qsort(normalized, | 458 | qsort (normalized, |
454 | n, | 459 | n, |
455 | sizeof(struct GNUNET_PeerIdentity), | 460 | sizeof(struct GNUNET_PeerIdentity), |
456 | &peer_id_cmp); | 461 | &peer_id_cmp); |
457 | 462 | ||
458 | if (NULL != my_peer_idx) | 463 | if (NULL != my_peer_idx) |
459 | *my_peer_idx = peer_find(normalized, n, &my_peer); | 464 | *my_peer_idx = peer_find (normalized, n, &my_peer); |
460 | if (NULL != num_normalized) | 465 | if (NULL != num_normalized) |
461 | *num_normalized = n; | 466 | *num_normalized = n; |
462 | 467 | ||
@@ -473,9 +478,9 @@ normalize_peers(struct GNUNET_PeerIdentity *listed, | |||
473 | * @param num number of indices in @a indices | 478 | * @param num number of indices in @a indices |
474 | */ | 479 | */ |
475 | static void | 480 | static void |
476 | compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j, | 481 | compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, |
477 | unsigned int *indices, | 482 | unsigned int *indices, |
478 | unsigned int num) | 483 | unsigned int num) |
479 | { | 484 | { |
480 | unsigned int i; | 485 | unsigned int i; |
481 | /* numerator */ | 486 | /* numerator */ |
@@ -485,41 +490,41 @@ compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j, | |||
485 | /* temp value for l-j */ | 490 | /* temp value for l-j */ |
486 | gcry_mpi_t tmp; | 491 | gcry_mpi_t tmp; |
487 | 492 | ||
488 | GNUNET_assert(0 != coeff); | 493 | GNUNET_assert (0 != coeff); |
489 | 494 | ||
490 | GNUNET_assert(0 != (n = gcry_mpi_new(0))); | 495 | GNUNET_assert (0 != (n = gcry_mpi_new (0))); |
491 | GNUNET_assert(0 != (d = gcry_mpi_new(0))); | 496 | GNUNET_assert (0 != (d = gcry_mpi_new (0))); |
492 | GNUNET_assert(0 != (tmp = gcry_mpi_new(0))); | 497 | GNUNET_assert (0 != (tmp = gcry_mpi_new (0))); |
493 | 498 | ||
494 | gcry_mpi_set_ui(n, 1); | 499 | gcry_mpi_set_ui (n, 1); |
495 | gcry_mpi_set_ui(d, 1); | 500 | gcry_mpi_set_ui (d, 1); |
496 | 501 | ||
497 | for (i = 0; i < num; i++) | 502 | for (i = 0; i < num; i++) |
498 | { | 503 | { |
499 | unsigned int l = indices[i]; | 504 | unsigned int l = indices[i]; |
500 | if (l == j) | 505 | if (l == j) |
501 | continue; | 506 | continue; |
502 | gcry_mpi_mul_ui(n, n, l + 1); | 507 | gcry_mpi_mul_ui (n, n, l + 1); |
503 | // d <- d * (l-j) | 508 | // d <- d * (l-j) |
504 | gcry_mpi_set_ui(tmp, l + 1); | 509 | gcry_mpi_set_ui (tmp, l + 1); |
505 | gcry_mpi_sub_ui(tmp, tmp, j + 1); | 510 | gcry_mpi_sub_ui (tmp, tmp, j + 1); |
506 | gcry_mpi_mul(d, d, tmp); | 511 | gcry_mpi_mul (d, d, tmp); |
507 | } | 512 | } |
508 | 513 | ||
509 | // gcry_mpi_invm does not like negative numbers ... | 514 | // gcry_mpi_invm does not like negative numbers ... |
510 | gcry_mpi_mod(d, d, elgamal_q); | 515 | gcry_mpi_mod (d, d, elgamal_q); |
511 | 516 | ||
512 | GNUNET_assert(gcry_mpi_cmp_ui(d, 0) > 0); | 517 | GNUNET_assert (gcry_mpi_cmp_ui (d, 0) > 0); |
513 | 518 | ||
514 | // now we do the actual division, with everything mod q, as we | 519 | // now we do the actual division, with everything mod q, as we |
515 | // are not operating on elements from <g>, but on exponents | 520 | // are not operating on elements from <g>, but on exponents |
516 | GNUNET_assert(0 != gcry_mpi_invm(d, d, elgamal_q)); | 521 | GNUNET_assert (0 != gcry_mpi_invm (d, d, elgamal_q)); |
517 | 522 | ||
518 | gcry_mpi_mulm(coeff, n, d, elgamal_q); | 523 | gcry_mpi_mulm (coeff, n, d, elgamal_q); |
519 | 524 | ||
520 | gcry_mpi_release(n); | 525 | gcry_mpi_release (n); |
521 | gcry_mpi_release(d); | 526 | gcry_mpi_release (d); |
522 | gcry_mpi_release(tmp); | 527 | gcry_mpi_release (tmp); |
523 | } | 528 | } |
524 | 529 | ||
525 | 530 | ||
@@ -530,117 +535,117 @@ compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j, | |||
530 | * @param ds decrypt session to destroy | 535 | * @param ds decrypt session to destroy |
531 | */ | 536 | */ |
532 | static void | 537 | static void |
533 | decrypt_session_destroy(struct DecryptSession *ds) | 538 | decrypt_session_destroy (struct DecryptSession *ds) |
534 | { | 539 | { |
535 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 540 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
536 | "destroying decrypt session\n"); | 541 | "destroying decrypt session\n"); |
537 | if (NULL != ds->cs) | 542 | if (NULL != ds->cs) |
538 | { | 543 | { |
539 | ds->cs->decrypt_session = NULL; | 544 | ds->cs->decrypt_session = NULL; |
540 | ds->cs = NULL; | 545 | ds->cs = NULL; |
541 | } | 546 | } |
542 | if (NULL != ds->consensus) | 547 | if (NULL != ds->consensus) |
543 | { | 548 | { |
544 | GNUNET_CONSENSUS_destroy(ds->consensus); | 549 | GNUNET_CONSENSUS_destroy (ds->consensus); |
545 | ds->consensus = NULL; | 550 | ds->consensus = NULL; |
546 | } | 551 | } |
547 | 552 | ||
548 | if (NULL != ds->info) | 553 | if (NULL != ds->info) |
554 | { | ||
555 | for (unsigned int i = 0; i < ds->share->num_peers; i++) | ||
549 | { | 556 | { |
550 | for (unsigned int i = 0; i < ds->share->num_peers; i++) | 557 | if (NULL != ds->info[i].partial_decryption) |
551 | { | 558 | { |
552 | if (NULL != ds->info[i].partial_decryption) | 559 | gcry_mpi_release (ds->info[i].partial_decryption); |
553 | { | 560 | ds->info[i].partial_decryption = NULL; |
554 | gcry_mpi_release(ds->info[i].partial_decryption); | 561 | } |
555 | ds->info[i].partial_decryption = NULL; | ||
556 | } | ||
557 | } | ||
558 | GNUNET_free(ds->info); | ||
559 | ds->info = NULL; | ||
560 | } | 562 | } |
563 | GNUNET_free (ds->info); | ||
564 | ds->info = NULL; | ||
565 | } | ||
561 | if (NULL != ds->share) | 566 | if (NULL != ds->share) |
562 | { | 567 | { |
563 | GNUNET_SECRETSHARING_share_destroy(ds->share); | 568 | GNUNET_SECRETSHARING_share_destroy (ds->share); |
564 | ds->share = NULL; | 569 | ds->share = NULL; |
565 | } | 570 | } |
566 | 571 | ||
567 | GNUNET_free(ds); | 572 | GNUNET_free (ds); |
568 | } | 573 | } |
569 | 574 | ||
570 | 575 | ||
571 | static void | 576 | static void |
572 | keygen_info_destroy(struct KeygenPeerInfo *info) | 577 | keygen_info_destroy (struct KeygenPeerInfo *info) |
573 | { | 578 | { |
574 | if (NULL != info->sigma) | 579 | if (NULL != info->sigma) |
575 | { | 580 | { |
576 | gcry_mpi_release(info->sigma); | 581 | gcry_mpi_release (info->sigma); |
577 | info->sigma = NULL; | 582 | info->sigma = NULL; |
578 | } | 583 | } |
579 | if (NULL != info->presecret_commitment) | 584 | if (NULL != info->presecret_commitment) |
580 | { | 585 | { |
581 | gcry_mpi_release(info->presecret_commitment); | 586 | gcry_mpi_release (info->presecret_commitment); |
582 | info->presecret_commitment = NULL; | 587 | info->presecret_commitment = NULL; |
583 | } | 588 | } |
584 | if (NULL != info->preshare_commitment) | 589 | if (NULL != info->preshare_commitment) |
585 | { | 590 | { |
586 | gcry_mpi_release(info->preshare_commitment); | 591 | gcry_mpi_release (info->preshare_commitment); |
587 | info->preshare_commitment = NULL; | 592 | info->preshare_commitment = NULL; |
588 | } | 593 | } |
589 | } | 594 | } |
590 | 595 | ||
591 | 596 | ||
592 | static void | 597 | static void |
593 | keygen_session_destroy(struct KeygenSession *ks) | 598 | keygen_session_destroy (struct KeygenSession *ks) |
594 | { | 599 | { |
595 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 600 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
596 | "destroying keygen session\n"); | 601 | "destroying keygen session\n"); |
597 | 602 | ||
598 | if (NULL != ks->cs) | 603 | if (NULL != ks->cs) |
599 | { | 604 | { |
600 | ks->cs->keygen_session = NULL; | 605 | ks->cs->keygen_session = NULL; |
601 | ks->cs = NULL; | 606 | ks->cs = NULL; |
602 | } | 607 | } |
603 | if (NULL != ks->info) | 608 | if (NULL != ks->info) |
604 | { | 609 | { |
605 | for (unsigned int i = 0; i < ks->num_peers; i++) | 610 | for (unsigned int i = 0; i < ks->num_peers; i++) |
606 | keygen_info_destroy(&ks->info[i]); | 611 | keygen_info_destroy (&ks->info[i]); |
607 | GNUNET_free(ks->info); | 612 | GNUNET_free (ks->info); |
608 | ks->info = NULL; | 613 | ks->info = NULL; |
609 | } | 614 | } |
610 | 615 | ||
611 | if (NULL != ks->consensus) | 616 | if (NULL != ks->consensus) |
612 | { | 617 | { |
613 | GNUNET_CONSENSUS_destroy(ks->consensus); | 618 | GNUNET_CONSENSUS_destroy (ks->consensus); |
614 | ks->consensus = NULL; | 619 | ks->consensus = NULL; |
615 | } | 620 | } |
616 | 621 | ||
617 | if (NULL != ks->presecret_polynomial) | 622 | if (NULL != ks->presecret_polynomial) |
623 | { | ||
624 | for (unsigned int i = 0; i < ks->threshold; i++) | ||
618 | { | 625 | { |
619 | for (unsigned int i = 0; i < ks->threshold; i++) | 626 | GNUNET_assert (NULL != ks->presecret_polynomial[i]); |
620 | { | 627 | gcry_mpi_release (ks->presecret_polynomial[i]); |
621 | GNUNET_assert(NULL != ks->presecret_polynomial[i]); | 628 | ks->presecret_polynomial[i] = NULL; |
622 | gcry_mpi_release(ks->presecret_polynomial[i]); | ||
623 | ks->presecret_polynomial[i] = NULL; | ||
624 | } | ||
625 | GNUNET_free(ks->presecret_polynomial); | ||
626 | ks->presecret_polynomial = NULL; | ||
627 | } | 629 | } |
630 | GNUNET_free (ks->presecret_polynomial); | ||
631 | ks->presecret_polynomial = NULL; | ||
632 | } | ||
628 | if (NULL != ks->my_share) | 633 | if (NULL != ks->my_share) |
629 | { | 634 | { |
630 | gcry_mpi_release(ks->my_share); | 635 | gcry_mpi_release (ks->my_share); |
631 | ks->my_share = NULL; | 636 | ks->my_share = NULL; |
632 | } | 637 | } |
633 | if (NULL != ks->public_key) | 638 | if (NULL != ks->public_key) |
634 | { | 639 | { |
635 | gcry_mpi_release(ks->public_key); | 640 | gcry_mpi_release (ks->public_key); |
636 | ks->public_key = NULL; | 641 | ks->public_key = NULL; |
637 | } | 642 | } |
638 | if (NULL != ks->peers) | 643 | if (NULL != ks->peers) |
639 | { | 644 | { |
640 | GNUNET_free(ks->peers); | 645 | GNUNET_free (ks->peers); |
641 | ks->peers = NULL; | 646 | ks->peers = NULL; |
642 | } | 647 | } |
643 | GNUNET_free(ks); | 648 | GNUNET_free (ks); |
644 | } | 649 | } |
645 | 650 | ||
646 | 651 | ||
@@ -651,7 +656,7 @@ keygen_session_destroy(struct KeygenSession *ks) | |||
651 | * @param tc unused | 656 | * @param tc unused |
652 | */ | 657 | */ |
653 | static void | 658 | static void |
654 | cleanup_task(void *cls) | 659 | cleanup_task (void *cls) |
655 | { | 660 | { |
656 | /* Nothing to do! */ | 661 | /* Nothing to do! */ |
657 | } | 662 | } |
@@ -664,26 +669,28 @@ cleanup_task(void *cls) | |||
664 | * @param ks the session | 669 | * @param ks the session |
665 | */ | 670 | */ |
666 | static void | 671 | static void |
667 | generate_presecret_polynomial(struct KeygenSession *ks) | 672 | generate_presecret_polynomial (struct KeygenSession *ks) |
668 | { | 673 | { |
669 | int i; | 674 | int i; |
670 | gcry_mpi_t v; | 675 | gcry_mpi_t v; |
671 | 676 | ||
672 | GNUNET_assert(NULL == ks->presecret_polynomial); | 677 | GNUNET_assert (NULL == ks->presecret_polynomial); |
673 | ks->presecret_polynomial = GNUNET_new_array(ks->threshold, | 678 | ks->presecret_polynomial = GNUNET_new_array (ks->threshold, |
674 | gcry_mpi_t); | 679 | gcry_mpi_t); |
675 | for (i = 0; i < ks->threshold; i++) | 680 | for (i = 0; i < ks->threshold; i++) |
681 | { | ||
682 | v = ks->presecret_polynomial[i] = gcry_mpi_new ( | ||
683 | GNUNET_SECRETSHARING_ELGAMAL_BITS); | ||
684 | GNUNET_assert (NULL != v); | ||
685 | // Randomize v such that 0 < v < elgamal_q. | ||
686 | // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. | ||
687 | do | ||
676 | { | 688 | { |
677 | v = ks->presecret_polynomial[i] = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS); | 689 | gcry_mpi_randomize (v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, |
678 | GNUNET_assert(NULL != v); | 690 | GCRY_WEAK_RANDOM); |
679 | // Randomize v such that 0 < v < elgamal_q. | ||
680 | // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. | ||
681 | do | ||
682 | { | ||
683 | gcry_mpi_randomize(v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); | ||
684 | } | ||
685 | while ((gcry_mpi_cmp_ui(v, 0) == 0) || (gcry_mpi_cmp(v, elgamal_q) >= 0)); | ||
686 | } | 691 | } |
692 | while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v, elgamal_q) >= 0)); | ||
693 | } | ||
687 | } | 694 | } |
688 | 695 | ||
689 | 696 | ||
@@ -696,57 +703,66 @@ generate_presecret_polynomial(struct KeygenSession *ks) | |||
696 | * NULL if consensus failed. | 703 | * NULL if consensus failed. |
697 | */ | 704 | */ |
698 | static void | 705 | static void |
699 | keygen_round1_new_element(void *cls, | 706 | keygen_round1_new_element (void *cls, |
700 | const struct GNUNET_SET_Element *element) | 707 | const struct GNUNET_SET_Element *element) |
701 | { | 708 | { |
702 | const struct GNUNET_SECRETSHARING_KeygenCommitData *d; | 709 | const struct GNUNET_SECRETSHARING_KeygenCommitData *d; |
703 | struct KeygenSession *ks = cls; | 710 | struct KeygenSession *ks = cls; |
704 | struct KeygenPeerInfo *info; | 711 | struct KeygenPeerInfo *info; |
705 | 712 | ||
706 | if (NULL == element) | 713 | if (NULL == element) |
707 | { | 714 | { |
708 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n"); | 715 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n"); |
709 | return; | 716 | return; |
710 | } | 717 | } |
711 | 718 | ||
712 | /* elements have fixed size */ | 719 | /* elements have fixed size */ |
713 | if (element->size != sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData)) | 720 | if (element->size != sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData)) |
714 | { | 721 | { |
715 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 722 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
716 | "keygen commit data with wrong size (%u) in consensus, %u expected\n", | 723 | "keygen commit data with wrong size (%u) in consensus, %u expected\n", |
717 | (unsigned int)element->size, | 724 | (unsigned int) element->size, |
718 | (unsigned int)sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData)); | 725 | (unsigned int) sizeof(struct |
719 | return; | 726 | GNUNET_SECRETSHARING_KeygenCommitData)); |
720 | } | 727 | return; |
728 | } | ||
721 | 729 | ||
722 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "got round1 element\n"); | 730 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round1 element\n"); |
723 | 731 | ||
724 | d = element->data; | 732 | d = element->data; |
725 | info = get_keygen_peer_info(ks, &d->peer); | 733 | info = get_keygen_peer_info (ks, &d->peer); |
726 | 734 | ||
727 | if (NULL == info) | 735 | if (NULL == info) |
728 | { | 736 | { |
729 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", | 737 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
730 | GNUNET_i2s(&d->peer)); | 738 | "keygen commit data with wrong peer identity (%s) in consensus\n", |
731 | return; | 739 | GNUNET_i2s (&d->peer)); |
732 | } | 740 | return; |
741 | } | ||
733 | 742 | ||
734 | /* Check that the right amount of data has been signed. */ | 743 | /* Check that the right amount of data has been signed. */ |
735 | if (d->purpose.size != | 744 | if (d->purpose.size != |
736 | htonl(element->size - offsetof(struct GNUNET_SECRETSHARING_KeygenCommitData, purpose))) | 745 | htonl (element->size - offsetof (struct |
737 | { | 746 | GNUNET_SECRETSHARING_KeygenCommitData, |
738 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong signature purpose size in consensus\n"); | 747 | purpose))) |
739 | return; | 748 | { |
740 | } | 749 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
750 | "keygen commit data with wrong signature purpose size in consensus\n"); | ||
751 | return; | ||
752 | } | ||
741 | 753 | ||
742 | if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, | 754 | if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( |
743 | &d->purpose, &d->signature, &d->peer.public_key)) | 755 | GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, |
744 | { | 756 | &d->purpose, &d->signature, |
745 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with invalid signature in consensus\n"); | 757 | &d->peer.public_key)) |
746 | return; | 758 | { |
747 | } | 759 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
760 | "keygen commit data with invalid signature in consensus\n"); | ||
761 | return; | ||
762 | } | ||
748 | info->paillier_public_key = d->pubkey; | 763 | info->paillier_public_key = d->pubkey; |
749 | GNUNET_CRYPTO_mpi_scan_unsigned(&info->presecret_commitment, &d->commitment, 512 / 8); | 764 | GNUNET_CRYPTO_mpi_scan_unsigned (&info->presecret_commitment, &d->commitment, |
765 | 512 / 8); | ||
750 | info->round1_valid = GNUNET_YES; | 766 | info->round1_valid = GNUNET_YES; |
751 | } | 767 | } |
752 | 768 | ||
@@ -762,22 +778,23 @@ keygen_round1_new_element(void *cls, | |||
762 | * @param m what group are we operating in? | 778 | * @param m what group are we operating in? |
763 | */ | 779 | */ |
764 | static void | 780 | static void |
765 | horner_eval(gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m) | 781 | horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t |
782 | x, gcry_mpi_t m) | ||
766 | { | 783 | { |
767 | unsigned int i; | 784 | unsigned int i; |
768 | 785 | ||
769 | gcry_mpi_set_ui(z, 0); | 786 | gcry_mpi_set_ui (z, 0); |
770 | for (i = 0; i < num_coeff; i++) | 787 | for (i = 0; i < num_coeff; i++) |
771 | { | 788 | { |
772 | // z <- zx + c | 789 | // z <- zx + c |
773 | gcry_mpi_mul(z, z, x); | 790 | gcry_mpi_mul (z, z, x); |
774 | gcry_mpi_addm(z, z, coeff[num_coeff - i - 1], m); | 791 | gcry_mpi_addm (z, z, coeff[num_coeff - i - 1], m); |
775 | } | 792 | } |
776 | } | 793 | } |
777 | 794 | ||
778 | 795 | ||
779 | static void | 796 | static void |
780 | keygen_round2_conclude(void *cls) | 797 | keygen_round2_conclude (void *cls) |
781 | { | 798 | { |
782 | struct KeygenSession *ks = cls; | 799 | struct KeygenSession *ks = cls; |
783 | struct GNUNET_SECRETSHARING_SecretReadyMessage *m; | 800 | struct GNUNET_SECRETSHARING_SecretReadyMessage *m; |
@@ -787,12 +804,12 @@ keygen_round2_conclude(void *cls) | |||
787 | unsigned int j; | 804 | unsigned int j; |
788 | struct GNUNET_SECRETSHARING_Share *share; | 805 | struct GNUNET_SECRETSHARING_Share *share; |
789 | 806 | ||
790 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); | 807 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); |
791 | 808 | ||
792 | GNUNET_CONSENSUS_destroy(ks->consensus); | 809 | GNUNET_CONSENSUS_destroy (ks->consensus); |
793 | ks->consensus = NULL; | 810 | ks->consensus = NULL; |
794 | 811 | ||
795 | share = GNUNET_new(struct GNUNET_SECRETSHARING_Share); | 812 | share = GNUNET_new (struct GNUNET_SECRETSHARING_Share); |
796 | 813 | ||
797 | share->num_peers = 0; | 814 | share->num_peers = 0; |
798 | 815 | ||
@@ -800,71 +817,78 @@ keygen_round2_conclude(void *cls) | |||
800 | if (GNUNET_YES == ks->info[i].round2_valid) | 817 | if (GNUNET_YES == ks->info[i].round2_valid) |
801 | share->num_peers++; | 818 | share->num_peers++; |
802 | 819 | ||
803 | share->peers = GNUNET_new_array(share->num_peers, | 820 | share->peers = GNUNET_new_array (share->num_peers, |
804 | struct GNUNET_PeerIdentity); | 821 | struct GNUNET_PeerIdentity); |
805 | share->sigmas = | 822 | share->sigmas = |
806 | GNUNET_new_array(share->num_peers, | 823 | GNUNET_new_array (share->num_peers, |
807 | struct GNUNET_SECRETSHARING_FieldElement); | 824 | struct GNUNET_SECRETSHARING_FieldElement); |
808 | share->original_indices = GNUNET_new_array(share->num_peers, | 825 | share->original_indices = GNUNET_new_array (share->num_peers, |
809 | uint16_t); | 826 | uint16_t); |
810 | 827 | ||
811 | /* maybe we're not even in the list of peers? */ | 828 | /* maybe we're not even in the list of peers? */ |
812 | share->my_peer = share->num_peers; | 829 | share->my_peer = share->num_peers; |
813 | 830 | ||
814 | j = 0; /* running index of valid peers */ | 831 | j = 0; /* running index of valid peers */ |
815 | for (i = 0; i < ks->num_peers; i++) | 832 | for (i = 0; i < ks->num_peers; i++) |
833 | { | ||
834 | if (GNUNET_YES == ks->info[i].round2_valid) | ||
816 | { | 835 | { |
817 | if (GNUNET_YES == ks->info[i].round2_valid) | 836 | share->peers[j] = ks->info[i].peer; |
818 | { | 837 | GNUNET_CRYPTO_mpi_print_unsigned (&share->sigmas[j], |
819 | share->peers[j] = ks->info[i].peer; | 838 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
820 | GNUNET_CRYPTO_mpi_print_unsigned(&share->sigmas[j], | 839 | ks->info[i].sigma); |
821 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 840 | share->original_indices[i] = j; |
822 | ks->info[i].sigma); | 841 | if (0 == GNUNET_memcmp (&share->peers[i], &my_peer)) |
823 | share->original_indices[i] = j; | 842 | share->my_peer = j; |
824 | if (0 == GNUNET_memcmp(&share->peers[i], &my_peer)) | 843 | j += 1; |
825 | share->my_peer = j; | ||
826 | j += 1; | ||
827 | } | ||
828 | } | 844 | } |
845 | } | ||
829 | 846 | ||
830 | if (share->my_peer == share->num_peers) | 847 | if (share->my_peer == share->num_peers) |
831 | { | 848 | { |
832 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n", ks->local_peer_idx); | 849 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n", |
833 | } | 850 | ks->local_peer_idx); |
851 | } | ||
834 | 852 | ||
835 | GNUNET_CRYPTO_mpi_print_unsigned(&share->my_share, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 853 | GNUNET_CRYPTO_mpi_print_unsigned (&share->my_share, |
836 | ks->my_share); | 854 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
837 | GNUNET_CRYPTO_mpi_print_unsigned(&share->public_key, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 855 | ks->my_share); |
838 | ks->public_key); | 856 | GNUNET_CRYPTO_mpi_print_unsigned (&share->public_key, |
857 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | ||
858 | ks->public_key); | ||
839 | 859 | ||
840 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n", share->num_peers); | 860 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n", |
861 | share->num_peers); | ||
841 | 862 | ||
842 | /* Write the share. If 0 peers completed the dkg, an empty | 863 | /* Write the share. If 0 peers completed the dkg, an empty |
843 | * share will be sent. */ | 864 | * share will be sent. */ |
844 | 865 | ||
845 | GNUNET_assert(GNUNET_OK == GNUNET_SECRETSHARING_share_write(share, NULL, 0, &share_size)); | 866 | GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, NULL, 0, |
867 | &share_size)); | ||
846 | 868 | ||
847 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n", | 869 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n", |
848 | (unsigned int)share_size); | 870 | (unsigned int) share_size); |
849 | 871 | ||
850 | ev = GNUNET_MQ_msg_extra(m, share_size, | 872 | ev = GNUNET_MQ_msg_extra (m, share_size, |
851 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY); | 873 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY); |
852 | 874 | ||
853 | GNUNET_assert(GNUNET_OK == GNUNET_SECRETSHARING_share_write(share, &m[1], share_size, NULL)); | 875 | GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, &m[1], |
876 | share_size, | ||
877 | NULL)); | ||
854 | 878 | ||
855 | GNUNET_SECRETSHARING_share_destroy(share); | 879 | GNUNET_SECRETSHARING_share_destroy (share); |
856 | share = NULL; | 880 | share = NULL; |
857 | 881 | ||
858 | GNUNET_MQ_send(ks->cs->mq, | 882 | GNUNET_MQ_send (ks->cs->mq, |
859 | ev); | 883 | ev); |
860 | } | 884 | } |
861 | 885 | ||
862 | 886 | ||
863 | 887 | ||
864 | static void | 888 | static void |
865 | restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | 889 | restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, |
866 | const struct GNUNET_SECRETSHARING_FairEncryption *fe, | 890 | const struct GNUNET_SECRETSHARING_FairEncryption *fe, |
867 | gcry_mpi_t x, gcry_mpi_t xres) | 891 | gcry_mpi_t x, gcry_mpi_t xres) |
868 | { | 892 | { |
869 | gcry_mpi_t a_1; | 893 | gcry_mpi_t a_1; |
870 | gcry_mpi_t a_2; | 894 | gcry_mpi_t a_2; |
@@ -881,103 +905,106 @@ restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | |||
881 | gcry_mpi_t v; | 905 | gcry_mpi_t v; |
882 | 906 | ||
883 | 907 | ||
884 | GNUNET_assert(NULL != (n = gcry_mpi_new(0))); | 908 | GNUNET_assert (NULL != (n = gcry_mpi_new (0))); |
885 | GNUNET_assert(NULL != (t = gcry_mpi_new(0))); | 909 | GNUNET_assert (NULL != (t = gcry_mpi_new (0))); |
886 | GNUNET_assert(NULL != (t_1 = gcry_mpi_new(0))); | 910 | GNUNET_assert (NULL != (t_1 = gcry_mpi_new (0))); |
887 | GNUNET_assert(NULL != (t_2 = gcry_mpi_new(0))); | 911 | GNUNET_assert (NULL != (t_2 = gcry_mpi_new (0))); |
888 | GNUNET_assert(NULL != (r = gcry_mpi_new(0))); | 912 | GNUNET_assert (NULL != (r = gcry_mpi_new (0))); |
889 | GNUNET_assert(NULL != (big_t = gcry_mpi_new(0))); | 913 | GNUNET_assert (NULL != (big_t = gcry_mpi_new (0))); |
890 | GNUNET_assert(NULL != (v = gcry_mpi_new(0))); | 914 | GNUNET_assert (NULL != (v = gcry_mpi_new (0))); |
891 | GNUNET_assert(NULL != (big_a = gcry_mpi_new(0))); | 915 | GNUNET_assert (NULL != (big_a = gcry_mpi_new (0))); |
892 | GNUNET_assert(NULL != (big_b = gcry_mpi_new(0))); | 916 | GNUNET_assert (NULL != (big_b = gcry_mpi_new (0))); |
893 | 917 | ||
894 | // a = (N,0)^T | 918 | // a = (N,0)^T |
895 | GNUNET_CRYPTO_mpi_scan_unsigned(&a_1, | 919 | GNUNET_CRYPTO_mpi_scan_unsigned (&a_1, |
896 | ppub, | 920 | ppub, |
897 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); | 921 | sizeof(struct |
898 | GNUNET_assert(NULL != (a_2 = gcry_mpi_new(0))); | 922 | GNUNET_CRYPTO_PaillierPublicKey)); |
899 | gcry_mpi_set_ui(a_2, 0); | 923 | GNUNET_assert (NULL != (a_2 = gcry_mpi_new (0))); |
924 | gcry_mpi_set_ui (a_2, 0); | ||
900 | // b = (x,1)^T | 925 | // b = (x,1)^T |
901 | GNUNET_assert(NULL != (b_1 = gcry_mpi_new(0))); | 926 | GNUNET_assert (NULL != (b_1 = gcry_mpi_new (0))); |
902 | gcry_mpi_set(b_1, x); | 927 | gcry_mpi_set (b_1, x); |
903 | GNUNET_assert(NULL != (b_2 = gcry_mpi_new(0))); | 928 | GNUNET_assert (NULL != (b_2 = gcry_mpi_new (0))); |
904 | gcry_mpi_set_ui(b_2, 1); | 929 | gcry_mpi_set_ui (b_2, 1); |
905 | 930 | ||
906 | // A = a DOT a | 931 | // A = a DOT a |
907 | gcry_mpi_mul(t, a_1, a_1); | 932 | gcry_mpi_mul (t, a_1, a_1); |
908 | gcry_mpi_mul(big_a, a_2, a_2); | 933 | gcry_mpi_mul (big_a, a_2, a_2); |
909 | gcry_mpi_add(big_a, big_a, t); | 934 | gcry_mpi_add (big_a, big_a, t); |
910 | 935 | ||
911 | // B = b DOT b | 936 | // B = b DOT b |
912 | gcry_mpi_mul(t, b_1, b_1); | 937 | gcry_mpi_mul (t, b_1, b_1); |
913 | gcry_mpi_mul(big_b, b_2, b_2); | 938 | gcry_mpi_mul (big_b, b_2, b_2); |
914 | gcry_mpi_add(big_b, big_b, t); | 939 | gcry_mpi_add (big_b, big_b, t); |
915 | 940 | ||
916 | while (1) | 941 | while (1) |
942 | { | ||
943 | // n = a DOT b | ||
944 | gcry_mpi_mul (t, a_1, b_1); | ||
945 | gcry_mpi_mul (n, a_2, b_2); | ||
946 | gcry_mpi_add (n, n, t); | ||
947 | |||
948 | // r = nearest(n/B) | ||
949 | gcry_mpi_div (r, NULL, n, big_b, 0); | ||
950 | |||
951 | // T := A - 2rn + rrB | ||
952 | gcry_mpi_mul (v, r, n); | ||
953 | gcry_mpi_mul_ui (v, v, 2); | ||
954 | gcry_mpi_sub (big_t, big_a, v); | ||
955 | gcry_mpi_mul (v, r, r); | ||
956 | gcry_mpi_mul (v, v, big_b); | ||
957 | gcry_mpi_add (big_t, big_t, v); | ||
958 | |||
959 | if (gcry_mpi_cmp (big_t, big_b) >= 0) | ||
917 | { | 960 | { |
918 | // n = a DOT b | 961 | break; |
919 | gcry_mpi_mul(t, a_1, b_1); | ||
920 | gcry_mpi_mul(n, a_2, b_2); | ||
921 | gcry_mpi_add(n, n, t); | ||
922 | |||
923 | // r = nearest(n/B) | ||
924 | gcry_mpi_div(r, NULL, n, big_b, 0); | ||
925 | |||
926 | // T := A - 2rn + rrB | ||
927 | gcry_mpi_mul(v, r, n); | ||
928 | gcry_mpi_mul_ui(v, v, 2); | ||
929 | gcry_mpi_sub(big_t, big_a, v); | ||
930 | gcry_mpi_mul(v, r, r); | ||
931 | gcry_mpi_mul(v, v, big_b); | ||
932 | gcry_mpi_add(big_t, big_t, v); | ||
933 | |||
934 | if (gcry_mpi_cmp(big_t, big_b) >= 0) | ||
935 | { | ||
936 | break; | ||
937 | } | ||
938 | |||
939 | // t = a - rb | ||
940 | gcry_mpi_mul(v, r, b_1); | ||
941 | gcry_mpi_sub(t_1, a_1, v); | ||
942 | gcry_mpi_mul(v, r, b_2); | ||
943 | gcry_mpi_sub(t_2, a_2, v); | ||
944 | |||
945 | // a = b | ||
946 | gcry_mpi_set(a_1, b_1); | ||
947 | gcry_mpi_set(a_2, b_2); | ||
948 | // b = t | ||
949 | gcry_mpi_set(b_1, t_1); | ||
950 | gcry_mpi_set(b_2, t_2); | ||
951 | |||
952 | gcry_mpi_set(big_a, big_b); | ||
953 | gcry_mpi_set(big_b, big_t); | ||
954 | } | 962 | } |
955 | 963 | ||
956 | gcry_mpi_set(xres, b_2); | 964 | // t = a - rb |
957 | gcry_mpi_invm(xres, xres, elgamal_q); | 965 | gcry_mpi_mul (v, r, b_1); |
958 | gcry_mpi_mulm(xres, xres, b_1, elgamal_q); | 966 | gcry_mpi_sub (t_1, a_1, v); |
959 | 967 | gcry_mpi_mul (v, r, b_2); | |
960 | gcry_mpi_release(a_1); | 968 | gcry_mpi_sub (t_2, a_2, v); |
961 | gcry_mpi_release(a_2); | 969 | |
962 | gcry_mpi_release(b_1); | 970 | // a = b |
963 | gcry_mpi_release(b_2); | 971 | gcry_mpi_set (a_1, b_1); |
964 | gcry_mpi_release(big_a); | 972 | gcry_mpi_set (a_2, b_2); |
965 | gcry_mpi_release(big_b); | 973 | // b = t |
966 | gcry_mpi_release(big_t); | 974 | gcry_mpi_set (b_1, t_1); |
967 | gcry_mpi_release(n); | 975 | gcry_mpi_set (b_2, t_2); |
968 | gcry_mpi_release(t_1); | 976 | |
969 | gcry_mpi_release(t_2); | 977 | gcry_mpi_set (big_a, big_b); |
970 | gcry_mpi_release(t); | 978 | gcry_mpi_set (big_b, big_t); |
971 | gcry_mpi_release(r); | 979 | } |
972 | gcry_mpi_release(v); | 980 | |
981 | gcry_mpi_set (xres, b_2); | ||
982 | gcry_mpi_invm (xres, xres, elgamal_q); | ||
983 | gcry_mpi_mulm (xres, xres, b_1, elgamal_q); | ||
984 | |||
985 | gcry_mpi_release (a_1); | ||
986 | gcry_mpi_release (a_2); | ||
987 | gcry_mpi_release (b_1); | ||
988 | gcry_mpi_release (b_2); | ||
989 | gcry_mpi_release (big_a); | ||
990 | gcry_mpi_release (big_b); | ||
991 | gcry_mpi_release (big_t); | ||
992 | gcry_mpi_release (n); | ||
993 | gcry_mpi_release (t_1); | ||
994 | gcry_mpi_release (t_2); | ||
995 | gcry_mpi_release (t); | ||
996 | gcry_mpi_release (r); | ||
997 | gcry_mpi_release (v); | ||
973 | } | 998 | } |
974 | 999 | ||
975 | 1000 | ||
976 | static void | 1001 | static void |
977 | get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe, | 1002 | get_fair_encryption_challenge (const struct |
978 | gcry_mpi_t *e) | 1003 | GNUNET_SECRETSHARING_FairEncryption *fe, |
1004 | gcry_mpi_t *e) | ||
979 | { | 1005 | { |
980 | struct { | 1006 | struct |
1007 | { | ||
981 | struct GNUNET_CRYPTO_PaillierCiphertext c; | 1008 | struct GNUNET_CRYPTO_PaillierCiphertext c; |
982 | char h[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; | 1009 | char h[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; |
983 | char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; | 1010 | char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; |
@@ -985,27 +1012,28 @@ get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption * | |||
985 | } hash_data; | 1012 | } hash_data; |
986 | struct GNUNET_HashCode e_hash; | 1013 | struct GNUNET_HashCode e_hash; |
987 | 1014 | ||
988 | memset(&hash_data, | 1015 | memset (&hash_data, |
989 | 0, | 1016 | 0, |
990 | sizeof(hash_data)); | 1017 | sizeof(hash_data)); |
991 | GNUNET_memcpy(&hash_data.c, &fe->c, sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); | 1018 | GNUNET_memcpy (&hash_data.c, &fe->c, sizeof(struct |
992 | GNUNET_memcpy(&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1019 | GNUNET_CRYPTO_PaillierCiphertext)); |
993 | GNUNET_memcpy(&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1020 | GNUNET_memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
994 | GNUNET_memcpy(&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); | 1021 | GNUNET_memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
995 | GNUNET_CRYPTO_hash(&hash_data, | 1022 | GNUNET_memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); |
996 | sizeof(hash_data), | 1023 | GNUNET_CRYPTO_hash (&hash_data, |
997 | &e_hash); | 1024 | sizeof(hash_data), |
1025 | &e_hash); | ||
998 | /* This allocates "e" */ | 1026 | /* This allocates "e" */ |
999 | GNUNET_CRYPTO_mpi_scan_unsigned(e, | 1027 | GNUNET_CRYPTO_mpi_scan_unsigned (e, |
1000 | &e_hash, | 1028 | &e_hash, |
1001 | sizeof(struct GNUNET_HashCode)); | 1029 | sizeof(struct GNUNET_HashCode)); |
1002 | gcry_mpi_mod(*e, *e, elgamal_q); | 1030 | gcry_mpi_mod (*e, *e, elgamal_q); |
1003 | } | 1031 | } |
1004 | 1032 | ||
1005 | 1033 | ||
1006 | static int | 1034 | static int |
1007 | verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | 1035 | verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, |
1008 | const struct GNUNET_SECRETSHARING_FairEncryption *fe) | 1036 | const struct GNUNET_SECRETSHARING_FairEncryption *fe) |
1009 | { | 1037 | { |
1010 | gcry_mpi_t n; | 1038 | gcry_mpi_t n; |
1011 | gcry_mpi_t n_sq; | 1039 | gcry_mpi_t n_sq; |
@@ -1020,73 +1048,79 @@ verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | |||
1020 | gcry_mpi_t big_y; | 1048 | gcry_mpi_t big_y; |
1021 | int res; | 1049 | int res; |
1022 | 1050 | ||
1023 | GNUNET_assert(NULL != (n_sq = gcry_mpi_new(0))); | 1051 | GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0))); |
1024 | GNUNET_assert(NULL != (tmp1 = gcry_mpi_new(0))); | 1052 | GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0))); |
1025 | GNUNET_assert(NULL != (tmp2 = gcry_mpi_new(0))); | 1053 | GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0))); |
1026 | 1054 | ||
1027 | get_fair_encryption_challenge(fe, | 1055 | get_fair_encryption_challenge (fe, |
1028 | &e /* this allocates e */); | 1056 | &e /* this allocates e */); |
1029 | 1057 | ||
1030 | GNUNET_CRYPTO_mpi_scan_unsigned(&n, | 1058 | GNUNET_CRYPTO_mpi_scan_unsigned (&n, |
1031 | ppub, | 1059 | ppub, |
1032 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); | 1060 | sizeof(struct |
1033 | GNUNET_CRYPTO_mpi_scan_unsigned(&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS / 8); | 1061 | GNUNET_CRYPTO_PaillierPublicKey)); |
1034 | GNUNET_CRYPTO_mpi_scan_unsigned(&z, fe->z, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1062 | GNUNET_CRYPTO_mpi_scan_unsigned (&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS |
1035 | GNUNET_CRYPTO_mpi_scan_unsigned(&y, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1063 | / 8); |
1036 | GNUNET_CRYPTO_mpi_scan_unsigned(&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8); | 1064 | GNUNET_CRYPTO_mpi_scan_unsigned (&z, fe->z, |
1037 | GNUNET_CRYPTO_mpi_scan_unsigned(&big_y, fe->c.bits, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); | 1065 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
1038 | GNUNET_CRYPTO_mpi_scan_unsigned(&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); | 1066 | GNUNET_CRYPTO_mpi_scan_unsigned (&y, fe->h, |
1039 | gcry_mpi_mul(n_sq, n, n); | 1067 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
1068 | GNUNET_CRYPTO_mpi_scan_unsigned (&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8); | ||
1069 | GNUNET_CRYPTO_mpi_scan_unsigned (&big_y, fe->c.bits, | ||
1070 | GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); | ||
1071 | GNUNET_CRYPTO_mpi_scan_unsigned (&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS | ||
1072 | * 2 / 8); | ||
1073 | gcry_mpi_mul (n_sq, n, n); | ||
1040 | 1074 | ||
1041 | // tmp1 = g^z | 1075 | // tmp1 = g^z |
1042 | gcry_mpi_powm(tmp1, elgamal_g, z, elgamal_p); | 1076 | gcry_mpi_powm (tmp1, elgamal_g, z, elgamal_p); |
1043 | // tmp2 = y^{-e} | 1077 | // tmp2 = y^{-e} |
1044 | gcry_mpi_powm(tmp1, y, e, elgamal_p); | 1078 | gcry_mpi_powm (tmp1, y, e, elgamal_p); |
1045 | gcry_mpi_invm(tmp1, tmp1, elgamal_p); | 1079 | gcry_mpi_invm (tmp1, tmp1, elgamal_p); |
1046 | // tmp1 = tmp1 * tmp2 | 1080 | // tmp1 = tmp1 * tmp2 |
1047 | gcry_mpi_mulm(tmp1, tmp1, tmp2, elgamal_p); | 1081 | gcry_mpi_mulm (tmp1, tmp1, tmp2, elgamal_p); |
1048 | 1082 | ||
1049 | if (0 == gcry_mpi_cmp(t1, tmp1)) | 1083 | if (0 == gcry_mpi_cmp (t1, tmp1)) |
1050 | { | 1084 | { |
1051 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n"); | 1085 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n"); |
1052 | res = GNUNET_NO; | 1086 | res = GNUNET_NO; |
1053 | goto cleanup; | 1087 | goto cleanup; |
1054 | } | 1088 | } |
1055 | 1089 | ||
1056 | gcry_mpi_powm(big_y, big_y, e, n_sq); | 1090 | gcry_mpi_powm (big_y, big_y, e, n_sq); |
1057 | gcry_mpi_invm(big_y, big_y, n_sq); | 1091 | gcry_mpi_invm (big_y, big_y, n_sq); |
1058 | 1092 | ||
1059 | gcry_mpi_add_ui(tmp1, n, 1); | 1093 | gcry_mpi_add_ui (tmp1, n, 1); |
1060 | gcry_mpi_powm(tmp1, tmp1, z, n_sq); | 1094 | gcry_mpi_powm (tmp1, tmp1, z, n_sq); |
1061 | 1095 | ||
1062 | gcry_mpi_powm(tmp2, w, n, n_sq); | 1096 | gcry_mpi_powm (tmp2, w, n, n_sq); |
1063 | 1097 | ||
1064 | gcry_mpi_mulm(tmp1, tmp1, tmp2, n_sq); | 1098 | gcry_mpi_mulm (tmp1, tmp1, tmp2, n_sq); |
1065 | gcry_mpi_mulm(tmp1, tmp1, big_y, n_sq); | 1099 | gcry_mpi_mulm (tmp1, tmp1, big_y, n_sq); |
1066 | 1100 | ||
1067 | 1101 | ||
1068 | if (0 == gcry_mpi_cmp(t2, tmp1)) | 1102 | if (0 == gcry_mpi_cmp (t2, tmp1)) |
1069 | { | 1103 | { |
1070 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n"); | 1104 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n"); |
1071 | res = GNUNET_NO; | 1105 | res = GNUNET_NO; |
1072 | goto cleanup; | 1106 | goto cleanup; |
1073 | } | 1107 | } |
1074 | 1108 | ||
1075 | res = GNUNET_YES; | 1109 | res = GNUNET_YES; |
1076 | 1110 | ||
1077 | cleanup: | 1111 | cleanup: |
1078 | 1112 | ||
1079 | gcry_mpi_release(n); | 1113 | gcry_mpi_release (n); |
1080 | gcry_mpi_release(n_sq); | 1114 | gcry_mpi_release (n_sq); |
1081 | gcry_mpi_release(z); | 1115 | gcry_mpi_release (z); |
1082 | gcry_mpi_release(t1); | 1116 | gcry_mpi_release (t1); |
1083 | gcry_mpi_release(t2); | 1117 | gcry_mpi_release (t2); |
1084 | gcry_mpi_release(e); | 1118 | gcry_mpi_release (e); |
1085 | gcry_mpi_release(w); | 1119 | gcry_mpi_release (w); |
1086 | gcry_mpi_release(tmp1); | 1120 | gcry_mpi_release (tmp1); |
1087 | gcry_mpi_release(tmp2); | 1121 | gcry_mpi_release (tmp2); |
1088 | gcry_mpi_release(y); | 1122 | gcry_mpi_release (y); |
1089 | gcry_mpi_release(big_y); | 1123 | gcry_mpi_release (big_y); |
1090 | return res; | 1124 | return res; |
1091 | } | 1125 | } |
1092 | 1126 | ||
@@ -1098,9 +1132,9 @@ cleanup: | |||
1098 | * @param[out] fe the fair encryption | 1132 | * @param[out] fe the fair encryption |
1099 | */ | 1133 | */ |
1100 | static void | 1134 | static void |
1101 | encrypt_fair(gcry_mpi_t v, | 1135 | encrypt_fair (gcry_mpi_t v, |
1102 | const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, | 1136 | const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, |
1103 | struct GNUNET_SECRETSHARING_FairEncryption *fe) | 1137 | struct GNUNET_SECRETSHARING_FairEncryption *fe) |
1104 | { | 1138 | { |
1105 | gcry_mpi_t r; | 1139 | gcry_mpi_t r; |
1106 | gcry_mpi_t s; | 1140 | gcry_mpi_t s; |
@@ -1116,99 +1150,100 @@ encrypt_fair(gcry_mpi_t v, | |||
1116 | gcry_mpi_t G; | 1150 | gcry_mpi_t G; |
1117 | gcry_mpi_t h; | 1151 | gcry_mpi_t h; |
1118 | 1152 | ||
1119 | GNUNET_assert(NULL != (r = gcry_mpi_new(0))); | 1153 | GNUNET_assert (NULL != (r = gcry_mpi_new (0))); |
1120 | GNUNET_assert(NULL != (s = gcry_mpi_new(0))); | 1154 | GNUNET_assert (NULL != (s = gcry_mpi_new (0))); |
1121 | GNUNET_assert(NULL != (t1 = gcry_mpi_new(0))); | 1155 | GNUNET_assert (NULL != (t1 = gcry_mpi_new (0))); |
1122 | GNUNET_assert(NULL != (t2 = gcry_mpi_new(0))); | 1156 | GNUNET_assert (NULL != (t2 = gcry_mpi_new (0))); |
1123 | GNUNET_assert(NULL != (z = gcry_mpi_new(0))); | 1157 | GNUNET_assert (NULL != (z = gcry_mpi_new (0))); |
1124 | GNUNET_assert(NULL != (w = gcry_mpi_new(0))); | 1158 | GNUNET_assert (NULL != (w = gcry_mpi_new (0))); |
1125 | GNUNET_assert(NULL != (n_sq = gcry_mpi_new(0))); | 1159 | GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0))); |
1126 | GNUNET_assert(NULL != (u = gcry_mpi_new(0))); | 1160 | GNUNET_assert (NULL != (u = gcry_mpi_new (0))); |
1127 | GNUNET_assert(NULL != (Y = gcry_mpi_new(0))); | 1161 | GNUNET_assert (NULL != (Y = gcry_mpi_new (0))); |
1128 | GNUNET_assert(NULL != (G = gcry_mpi_new(0))); | 1162 | GNUNET_assert (NULL != (G = gcry_mpi_new (0))); |
1129 | GNUNET_assert(NULL != (h = gcry_mpi_new(0))); | 1163 | GNUNET_assert (NULL != (h = gcry_mpi_new (0))); |
1130 | 1164 | ||
1131 | GNUNET_CRYPTO_mpi_scan_unsigned(&n, | 1165 | GNUNET_CRYPTO_mpi_scan_unsigned (&n, |
1132 | ppub, | 1166 | ppub, |
1133 | sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); | 1167 | sizeof(struct |
1134 | gcry_mpi_mul(n_sq, n, n); | 1168 | GNUNET_CRYPTO_PaillierPublicKey)); |
1135 | gcry_mpi_add_ui(G, n, 1); | 1169 | gcry_mpi_mul (n_sq, n, n); |
1170 | gcry_mpi_add_ui (G, n, 1); | ||
1136 | 1171 | ||
1137 | do | 1172 | do |
1138 | { | 1173 | { |
1139 | gcry_mpi_randomize(u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); | 1174 | gcry_mpi_randomize (u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); |
1140 | } | 1175 | } |
1141 | while (gcry_mpi_cmp(u, n) >= 0); | 1176 | while (gcry_mpi_cmp (u, n) >= 0); |
1142 | 1177 | ||
1143 | gcry_mpi_powm(t1, G, v, n_sq); | 1178 | gcry_mpi_powm (t1, G, v, n_sq); |
1144 | gcry_mpi_powm(t2, u, n, n_sq); | 1179 | gcry_mpi_powm (t2, u, n, n_sq); |
1145 | gcry_mpi_mulm(Y, t1, t2, n_sq); | 1180 | gcry_mpi_mulm (Y, t1, t2, n_sq); |
1146 | 1181 | ||
1147 | GNUNET_CRYPTO_mpi_print_unsigned(fe->c.bits, | 1182 | GNUNET_CRYPTO_mpi_print_unsigned (fe->c.bits, |
1148 | sizeof fe->c.bits, | 1183 | sizeof fe->c.bits, |
1149 | Y); | 1184 | Y); |
1150 | 1185 | ||
1151 | 1186 | ||
1152 | gcry_mpi_randomize(r, 2048, GCRY_WEAK_RANDOM); | 1187 | gcry_mpi_randomize (r, 2048, GCRY_WEAK_RANDOM); |
1153 | do | 1188 | do |
1154 | { | 1189 | { |
1155 | gcry_mpi_randomize(s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); | 1190 | gcry_mpi_randomize (s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); |
1156 | } | 1191 | } |
1157 | while (gcry_mpi_cmp(s, n) >= 0); | 1192 | while (gcry_mpi_cmp (s, n) >= 0); |
1158 | 1193 | ||
1159 | // compute t1 | 1194 | // compute t1 |
1160 | gcry_mpi_mulm(t1, elgamal_g, r, elgamal_p); | 1195 | gcry_mpi_mulm (t1, elgamal_g, r, elgamal_p); |
1161 | // compute t2 (use z and w as temp) | 1196 | // compute t2 (use z and w as temp) |
1162 | gcry_mpi_powm(z, G, r, n_sq); | 1197 | gcry_mpi_powm (z, G, r, n_sq); |
1163 | gcry_mpi_powm(w, s, n, n_sq); | 1198 | gcry_mpi_powm (w, s, n, n_sq); |
1164 | gcry_mpi_mulm(t2, z, w, n_sq); | 1199 | gcry_mpi_mulm (t2, z, w, n_sq); |
1165 | 1200 | ||
1166 | 1201 | ||
1167 | gcry_mpi_powm(h, elgamal_g, v, elgamal_p); | 1202 | gcry_mpi_powm (h, elgamal_g, v, elgamal_p); |
1168 | 1203 | ||
1169 | GNUNET_CRYPTO_mpi_print_unsigned(fe->h, | 1204 | GNUNET_CRYPTO_mpi_print_unsigned (fe->h, |
1170 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 1205 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
1171 | h); | 1206 | h); |
1172 | 1207 | ||
1173 | GNUNET_CRYPTO_mpi_print_unsigned(fe->t1, | 1208 | GNUNET_CRYPTO_mpi_print_unsigned (fe->t1, |
1174 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 1209 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
1175 | t1); | 1210 | t1); |
1176 | 1211 | ||
1177 | GNUNET_CRYPTO_mpi_print_unsigned(fe->t2, | 1212 | GNUNET_CRYPTO_mpi_print_unsigned (fe->t2, |
1178 | GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8, | 1213 | GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8, |
1179 | t2); | 1214 | t2); |
1180 | 1215 | ||
1181 | get_fair_encryption_challenge(fe, | 1216 | get_fair_encryption_challenge (fe, |
1182 | &e /* This allocates "e" */); | 1217 | &e /* This allocates "e" */); |
1183 | 1218 | ||
1184 | // compute z | 1219 | // compute z |
1185 | gcry_mpi_mul(z, e, v); | 1220 | gcry_mpi_mul (z, e, v); |
1186 | gcry_mpi_addm(z, z, r, elgamal_q); | 1221 | gcry_mpi_addm (z, z, r, elgamal_q); |
1187 | // compute w | 1222 | // compute w |
1188 | gcry_mpi_powm(w, u, e, n); | 1223 | gcry_mpi_powm (w, u, e, n); |
1189 | gcry_mpi_mulm(w, w, s, n); | 1224 | gcry_mpi_mulm (w, w, s, n); |
1190 | 1225 | ||
1191 | GNUNET_CRYPTO_mpi_print_unsigned(fe->z, | 1226 | GNUNET_CRYPTO_mpi_print_unsigned (fe->z, |
1192 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, | 1227 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
1193 | z); | 1228 | z); |
1194 | 1229 | ||
1195 | GNUNET_CRYPTO_mpi_print_unsigned(fe->w, | 1230 | GNUNET_CRYPTO_mpi_print_unsigned (fe->w, |
1196 | GNUNET_CRYPTO_PAILLIER_BITS / 8, | 1231 | GNUNET_CRYPTO_PAILLIER_BITS / 8, |
1197 | w); | 1232 | w); |
1198 | 1233 | ||
1199 | gcry_mpi_release(n); | 1234 | gcry_mpi_release (n); |
1200 | gcry_mpi_release(r); | 1235 | gcry_mpi_release (r); |
1201 | gcry_mpi_release(s); | 1236 | gcry_mpi_release (s); |
1202 | gcry_mpi_release(t1); | 1237 | gcry_mpi_release (t1); |
1203 | gcry_mpi_release(t2); | 1238 | gcry_mpi_release (t2); |
1204 | gcry_mpi_release(z); | 1239 | gcry_mpi_release (z); |
1205 | gcry_mpi_release(w); | 1240 | gcry_mpi_release (w); |
1206 | gcry_mpi_release(e); | 1241 | gcry_mpi_release (e); |
1207 | gcry_mpi_release(n_sq); | 1242 | gcry_mpi_release (n_sq); |
1208 | gcry_mpi_release(u); | 1243 | gcry_mpi_release (u); |
1209 | gcry_mpi_release(Y); | 1244 | gcry_mpi_release (Y); |
1210 | gcry_mpi_release(G); | 1245 | gcry_mpi_release (G); |
1211 | gcry_mpi_release(h); | 1246 | gcry_mpi_release (h); |
1212 | } | 1247 | } |
1213 | 1248 | ||
1214 | 1249 | ||
@@ -1223,7 +1258,7 @@ encrypt_fair(gcry_mpi_t v, | |||
1223 | * @param ks session to use | 1258 | * @param ks session to use |
1224 | */ | 1259 | */ |
1225 | static void | 1260 | static void |
1226 | insert_round2_element(struct KeygenSession *ks) | 1261 | insert_round2_element (struct KeygenSession *ks) |
1227 | { | 1262 | { |
1228 | struct GNUNET_SET_Element *element; | 1263 | struct GNUNET_SET_Element *element; |
1229 | struct GNUNET_SECRETSHARING_KeygenRevealData *d; | 1264 | struct GNUNET_SECRETSHARING_KeygenRevealData *d; |
@@ -1234,140 +1269,152 @@ insert_round2_element(struct KeygenSession *ks) | |||
1234 | gcry_mpi_t idx; | 1269 | gcry_mpi_t idx; |
1235 | gcry_mpi_t v; | 1270 | gcry_mpi_t v; |
1236 | 1271 | ||
1237 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n", | 1272 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n", |
1238 | ks->local_peer_idx); | 1273 | ks->local_peer_idx); |
1239 | 1274 | ||
1240 | GNUNET_assert(NULL != (v = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); | 1275 | GNUNET_assert (NULL != (v = gcry_mpi_new ( |
1241 | GNUNET_assert(NULL != (idx = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); | 1276 | GNUNET_SECRETSHARING_ELGAMAL_BITS))); |
1277 | GNUNET_assert (NULL != (idx = gcry_mpi_new ( | ||
1278 | GNUNET_SECRETSHARING_ELGAMAL_BITS))); | ||
1242 | 1279 | ||
1243 | element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) + | 1280 | element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) |
1244 | sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + | 1281 | + sizeof(struct GNUNET_SECRETSHARING_FairEncryption) |
1245 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); | 1282 | * ks->num_peers |
1283 | + GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); | ||
1246 | 1284 | ||
1247 | element = GNUNET_malloc(sizeof(struct GNUNET_SET_Element) + element_size); | 1285 | element = GNUNET_malloc (sizeof(struct GNUNET_SET_Element) + element_size); |
1248 | element->size = element_size; | 1286 | element->size = element_size; |
1249 | element->data = (void *)&element[1]; | 1287 | element->data = (void *) &element[1]; |
1250 | 1288 | ||
1251 | d = (void *)element->data; | 1289 | d = (void *) element->data; |
1252 | d->peer = my_peer; | 1290 | d->peer = my_peer; |
1253 | 1291 | ||
1254 | // start inserting vector elements | 1292 | // start inserting vector elements |
1255 | // after the fixed part of the element's data | 1293 | // after the fixed part of the element's data |
1256 | pos = (void *)&d[1]; | 1294 | pos = (void *) &d[1]; |
1257 | last_pos = pos + element_size; | 1295 | last_pos = pos + element_size; |
1258 | 1296 | ||
1259 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n", | 1297 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n", |
1260 | ks->local_peer_idx); | 1298 | ks->local_peer_idx); |
1261 | 1299 | ||
1262 | // encrypted pre-shares | 1300 | // encrypted pre-shares |
1263 | // and fair encryption proof | 1301 | // and fair encryption proof |
1264 | { | 1302 | { |
1265 | for (i = 0; i < ks->num_peers; i++) | 1303 | for (i = 0; i < ks->num_peers; i++) |
1304 | { | ||
1305 | ptrdiff_t remaining = last_pos - pos; | ||
1306 | struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *) pos; | ||
1307 | |||
1308 | GNUNET_assert (remaining > 0); | ||
1309 | memset (fe, 0, sizeof *fe); | ||
1310 | if (GNUNET_YES == ks->info[i].round1_valid) | ||
1266 | { | 1311 | { |
1267 | ptrdiff_t remaining = last_pos - pos; | 1312 | gcry_mpi_set_ui (idx, i + 1); |
1268 | struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *)pos; | 1313 | // evaluate the polynomial |
1269 | 1314 | horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, | |
1270 | GNUNET_assert(remaining > 0); | 1315 | elgamal_q); |
1271 | memset(fe, 0, sizeof *fe); | 1316 | // encrypt the result |
1272 | if (GNUNET_YES == ks->info[i].round1_valid) | 1317 | encrypt_fair (v, &ks->info[i].paillier_public_key, fe); |
1273 | { | ||
1274 | gcry_mpi_set_ui(idx, i + 1); | ||
1275 | // evaluate the polynomial | ||
1276 | horner_eval(v, ks->presecret_polynomial, ks->threshold, idx, elgamal_q); | ||
1277 | // encrypt the result | ||
1278 | encrypt_fair(v, &ks->info[i].paillier_public_key, fe); | ||
1279 | } | ||
1280 | pos += sizeof *fe; | ||
1281 | } | 1318 | } |
1319 | pos += sizeof *fe; | ||
1320 | } | ||
1282 | } | 1321 | } |
1283 | 1322 | ||
1284 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n", | 1323 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n", |
1285 | ks->local_peer_idx); | 1324 | ks->local_peer_idx); |
1286 | 1325 | ||
1287 | // exponentiated coefficients | 1326 | // exponentiated coefficients |
1288 | for (i = 0; i < ks->threshold; i++) | 1327 | for (i = 0; i < ks->threshold; i++) |
1289 | { | 1328 | { |
1290 | ptrdiff_t remaining = last_pos - pos; | 1329 | ptrdiff_t remaining = last_pos - pos; |
1291 | GNUNET_assert(remaining > 0); | 1330 | GNUNET_assert (remaining > 0); |
1292 | gcry_mpi_powm(v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); | 1331 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); |
1293 | GNUNET_CRYPTO_mpi_print_unsigned(pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); | 1332 | GNUNET_CRYPTO_mpi_print_unsigned (pos, GNUNET_SECRETSHARING_ELGAMAL_BITS |
1294 | pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8; | 1333 | / 8, v); |
1295 | } | 1334 | pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8; |
1335 | } | ||
1296 | 1336 | ||
1297 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n", | 1337 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n", |
1298 | ks->local_peer_idx); | 1338 | ks->local_peer_idx); |
1299 | 1339 | ||
1300 | 1340 | ||
1301 | d->purpose.size = htonl(element_size - offsetof(struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); | 1341 | d->purpose.size = htonl (element_size - offsetof (struct |
1302 | d->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2); | 1342 | GNUNET_SECRETSHARING_KeygenRevealData, |
1303 | GNUNET_assert(GNUNET_OK == | 1343 | purpose)); |
1304 | GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, | 1344 | d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2); |
1305 | &d->purpose, | 1345 | GNUNET_assert (GNUNET_OK == |
1306 | &d->signature)); | 1346 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, |
1347 | &d->purpose, | ||
1348 | &d->signature)); | ||
1307 | 1349 | ||
1308 | GNUNET_CONSENSUS_insert(ks->consensus, element, NULL, NULL); | 1350 | GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); |
1309 | GNUNET_free(element); /* FIXME: maybe stack-allocate instead? */ | 1351 | GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */ |
1310 | 1352 | ||
1311 | gcry_mpi_release(v); | 1353 | gcry_mpi_release (v); |
1312 | gcry_mpi_release(idx); | 1354 | gcry_mpi_release (idx); |
1313 | } | 1355 | } |
1314 | 1356 | ||
1315 | 1357 | ||
1316 | static gcry_mpi_t | 1358 | static gcry_mpi_t |
1317 | keygen_reveal_get_exp_coeff(struct KeygenSession *ks, | 1359 | keygen_reveal_get_exp_coeff (struct KeygenSession *ks, |
1318 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, | 1360 | const struct |
1319 | unsigned int idx) | 1361 | GNUNET_SECRETSHARING_KeygenRevealData *d, |
1362 | unsigned int idx) | ||
1320 | { | 1363 | { |
1321 | unsigned char *pos; | 1364 | unsigned char *pos; |
1322 | gcry_mpi_t exp_coeff; | 1365 | gcry_mpi_t exp_coeff; |
1323 | 1366 | ||
1324 | GNUNET_assert(idx < ks->threshold); | 1367 | GNUNET_assert (idx < ks->threshold); |
1325 | 1368 | ||
1326 | pos = (void *)&d[1]; | 1369 | pos = (void *) &d[1]; |
1327 | // skip encrypted pre-shares | 1370 | // skip encrypted pre-shares |
1328 | pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers; | 1371 | pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers; |
1329 | // skip exp. coeffs we are not interested in | 1372 | // skip exp. coeffs we are not interested in |
1330 | pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx; | 1373 | pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx; |
1331 | // the first exponentiated coefficient is the public key share | 1374 | // the first exponentiated coefficient is the public key share |
1332 | GNUNET_CRYPTO_mpi_scan_unsigned(&exp_coeff, pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1375 | GNUNET_CRYPTO_mpi_scan_unsigned (&exp_coeff, pos, |
1376 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | ||
1333 | return exp_coeff; | 1377 | return exp_coeff; |
1334 | } | 1378 | } |
1335 | 1379 | ||
1336 | 1380 | ||
1337 | static struct GNUNET_SECRETSHARING_FairEncryption * | 1381 | static struct GNUNET_SECRETSHARING_FairEncryption * |
1338 | keygen_reveal_get_enc_preshare(struct KeygenSession *ks, | 1382 | keygen_reveal_get_enc_preshare (struct KeygenSession *ks, |
1339 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, | 1383 | const struct |
1340 | unsigned int idx) | 1384 | GNUNET_SECRETSHARING_KeygenRevealData *d, |
1385 | unsigned int idx) | ||
1341 | { | 1386 | { |
1342 | unsigned char *pos; | 1387 | unsigned char *pos; |
1343 | 1388 | ||
1344 | GNUNET_assert(idx < ks->num_peers); | 1389 | GNUNET_assert (idx < ks->num_peers); |
1345 | 1390 | ||
1346 | pos = (void *)&d[1]; | 1391 | pos = (void *) &d[1]; |
1347 | // skip encrypted pre-shares we're not interested in | 1392 | // skip encrypted pre-shares we're not interested in |
1348 | pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * idx; | 1393 | pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * idx; |
1349 | return (struct GNUNET_SECRETSHARING_FairEncryption *)pos; | 1394 | return (struct GNUNET_SECRETSHARING_FairEncryption *) pos; |
1350 | } | 1395 | } |
1351 | 1396 | ||
1352 | 1397 | ||
1353 | static gcry_mpi_t | 1398 | static gcry_mpi_t |
1354 | keygen_reveal_get_exp_preshare(struct KeygenSession *ks, | 1399 | keygen_reveal_get_exp_preshare (struct KeygenSession *ks, |
1355 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d, | 1400 | const struct |
1356 | unsigned int idx) | 1401 | GNUNET_SECRETSHARING_KeygenRevealData *d, |
1402 | unsigned int idx) | ||
1357 | { | 1403 | { |
1358 | gcry_mpi_t exp_preshare; | 1404 | gcry_mpi_t exp_preshare; |
1359 | struct GNUNET_SECRETSHARING_FairEncryption *fe; | 1405 | struct GNUNET_SECRETSHARING_FairEncryption *fe; |
1360 | 1406 | ||
1361 | GNUNET_assert(idx < ks->num_peers); | 1407 | GNUNET_assert (idx < ks->num_peers); |
1362 | fe = keygen_reveal_get_enc_preshare(ks, d, idx); | 1408 | fe = keygen_reveal_get_enc_preshare (ks, d, idx); |
1363 | GNUNET_CRYPTO_mpi_scan_unsigned(&exp_preshare, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1409 | GNUNET_CRYPTO_mpi_scan_unsigned (&exp_preshare, fe->h, |
1410 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | ||
1364 | return exp_preshare; | 1411 | return exp_preshare; |
1365 | } | 1412 | } |
1366 | 1413 | ||
1367 | 1414 | ||
1368 | static void | 1415 | static void |
1369 | keygen_round2_new_element(void *cls, | 1416 | keygen_round2_new_element (void *cls, |
1370 | const struct GNUNET_SET_Element *element) | 1417 | const struct GNUNET_SET_Element *element) |
1371 | { | 1418 | { |
1372 | struct KeygenSession *ks = cls; | 1419 | struct KeygenSession *ks = cls; |
1373 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d; | 1420 | const struct GNUNET_SECRETSHARING_KeygenRevealData *d; |
@@ -1380,180 +1427,197 @@ keygen_round2_new_element(void *cls, | |||
1380 | gcry_mpi_t preshare; | 1427 | gcry_mpi_t preshare; |
1381 | 1428 | ||
1382 | if (NULL == element) | 1429 | if (NULL == element) |
1383 | { | 1430 | { |
1384 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n"); | 1431 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n"); |
1385 | return; | 1432 | return; |
1386 | } | 1433 | } |
1387 | 1434 | ||
1388 | expected_element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) + | 1435 | expected_element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) |
1389 | sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + | 1436 | + sizeof(struct |
1390 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); | 1437 | GNUNET_SECRETSHARING_FairEncryption) |
1438 | * ks->num_peers | ||
1439 | + GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 | ||
1440 | * ks->threshold); | ||
1391 | 1441 | ||
1392 | if (element->size != expected_element_size) | 1442 | if (element->size != expected_element_size) |
1393 | { | 1443 | { |
1394 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1444 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1395 | "keygen round2 data with wrong size (%u) in consensus, %u expected\n", | 1445 | "keygen round2 data with wrong size (%u) in consensus, %u expected\n", |
1396 | (unsigned int)element->size, | 1446 | (unsigned int) element->size, |
1397 | (unsigned int)expected_element_size); | 1447 | (unsigned int) expected_element_size); |
1398 | return; | 1448 | return; |
1399 | } | 1449 | } |
1400 | 1450 | ||
1401 | d = (const void *)element->data; | 1451 | d = (const void *) element->data; |
1402 | 1452 | ||
1403 | info = get_keygen_peer_info(ks, &d->peer); | 1453 | info = get_keygen_peer_info (ks, &d->peer); |
1404 | 1454 | ||
1405 | if (NULL == info) | 1455 | if (NULL == info) |
1406 | { | 1456 | { |
1407 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", | 1457 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1408 | GNUNET_i2s(&d->peer)); | 1458 | "keygen commit data with wrong peer identity (%s) in consensus\n", |
1409 | return; | 1459 | GNUNET_i2s (&d->peer)); |
1410 | } | 1460 | return; |
1461 | } | ||
1411 | 1462 | ||
1412 | if (GNUNET_NO == info->round1_valid) | 1463 | if (GNUNET_NO == info->round1_valid) |
1413 | { | 1464 | { |
1414 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1465 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1415 | "ignoring round2 element from peer with invalid round1 element (%s)\n", | 1466 | "ignoring round2 element from peer with invalid round1 element (%s)\n", |
1416 | GNUNET_i2s(&d->peer)); | 1467 | GNUNET_i2s (&d->peer)); |
1417 | return; | 1468 | return; |
1418 | } | 1469 | } |
1419 | 1470 | ||
1420 | if (GNUNET_YES == info->round2_valid) | 1471 | if (GNUNET_YES == info->round2_valid) |
1421 | { | 1472 | { |
1422 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1473 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1423 | "ignoring duplicate round2 element (%s)\n", | 1474 | "ignoring duplicate round2 element (%s)\n", |
1424 | GNUNET_i2s(&d->peer)); | 1475 | GNUNET_i2s (&d->peer)); |
1425 | return; | 1476 | return; |
1426 | } | 1477 | } |
1427 | 1478 | ||
1428 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "got round2 element\n"); | 1479 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round2 element\n"); |
1429 | 1480 | ||
1430 | if (ntohl(d->purpose.size) != | 1481 | if (ntohl (d->purpose.size) != |
1431 | element->size - offsetof(struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)) | 1482 | element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, |
1432 | { | 1483 | purpose)) |
1433 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with wrong signature purpose size in consensus\n"); | 1484 | { |
1434 | return; | 1485 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1435 | } | 1486 | "keygen reveal data with wrong signature purpose size in consensus\n"); |
1487 | return; | ||
1488 | } | ||
1436 | 1489 | ||
1437 | if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, | 1490 | if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( |
1438 | &d->purpose, &d->signature, &d->peer.public_key)) | 1491 | GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, |
1439 | { | 1492 | &d->purpose, &d->signature, |
1440 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with invalid signature in consensus\n"); | 1493 | &d->peer.public_key)) |
1441 | return; | 1494 | { |
1442 | } | 1495 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1496 | "keygen reveal data with invalid signature in consensus\n"); | ||
1497 | return; | ||
1498 | } | ||
1443 | 1499 | ||
1444 | public_key_share = keygen_reveal_get_exp_coeff(ks, d, 0); | 1500 | public_key_share = keygen_reveal_get_exp_coeff (ks, d, 0); |
1445 | info->preshare_commitment = keygen_reveal_get_exp_preshare(ks, d, ks->local_peer_idx); | 1501 | info->preshare_commitment = keygen_reveal_get_exp_preshare (ks, d, |
1502 | ks->local_peer_idx); | ||
1446 | 1503 | ||
1447 | if (NULL == ks->public_key) | 1504 | if (NULL == ks->public_key) |
1448 | { | 1505 | { |
1449 | GNUNET_assert(NULL != (ks->public_key = gcry_mpi_new(0))); | 1506 | GNUNET_assert (NULL != (ks->public_key = gcry_mpi_new (0))); |
1450 | gcry_mpi_set_ui(ks->public_key, 1); | 1507 | gcry_mpi_set_ui (ks->public_key, 1); |
1451 | } | 1508 | } |
1452 | gcry_mpi_mulm(ks->public_key, ks->public_key, public_key_share, elgamal_p); | 1509 | gcry_mpi_mulm (ks->public_key, ks->public_key, public_key_share, elgamal_p); |
1453 | 1510 | ||
1454 | gcry_mpi_release(public_key_share); | 1511 | gcry_mpi_release (public_key_share); |
1455 | public_key_share = NULL; | 1512 | public_key_share = NULL; |
1456 | 1513 | ||
1457 | { | 1514 | { |
1458 | struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare(ks, d, ks->local_peer_idx); | 1515 | struct GNUNET_SECRETSHARING_FairEncryption *fe = |
1459 | GNUNET_assert(NULL != (preshare = gcry_mpi_new(0))); | 1516 | keygen_reveal_get_enc_preshare (ks, d, ks->local_peer_idx); |
1460 | GNUNET_CRYPTO_paillier_decrypt(&ks->paillier_private_key, | 1517 | GNUNET_assert (NULL != (preshare = gcry_mpi_new (0))); |
1461 | &ks->info[ks->local_peer_idx].paillier_public_key, | 1518 | GNUNET_CRYPTO_paillier_decrypt (&ks->paillier_private_key, |
1462 | &fe->c, | 1519 | &ks->info[ks->local_peer_idx]. |
1463 | preshare); | 1520 | paillier_public_key, |
1521 | &fe->c, | ||
1522 | preshare); | ||
1464 | 1523 | ||
1465 | // FIXME: not doing the restoration is less expensive | 1524 | // FIXME: not doing the restoration is less expensive |
1466 | restore_fair(&ks->info[ks->local_peer_idx].paillier_public_key, | 1525 | restore_fair (&ks->info[ks->local_peer_idx].paillier_public_key, |
1467 | fe, | 1526 | fe, |
1468 | preshare, | 1527 | preshare, |
1469 | preshare); | 1528 | preshare); |
1470 | } | 1529 | } |
1471 | 1530 | ||
1472 | GNUNET_assert(NULL != (tmp = gcry_mpi_new(0))); | 1531 | GNUNET_assert (NULL != (tmp = gcry_mpi_new (0))); |
1473 | gcry_mpi_powm(tmp, elgamal_g, preshare, elgamal_p); | 1532 | gcry_mpi_powm (tmp, elgamal_g, preshare, elgamal_p); |
1474 | 1533 | ||
1475 | cmp_result = gcry_mpi_cmp(tmp, info->preshare_commitment); | 1534 | cmp_result = gcry_mpi_cmp (tmp, info->preshare_commitment); |
1476 | gcry_mpi_release(tmp); | 1535 | gcry_mpi_release (tmp); |
1477 | tmp = NULL; | 1536 | tmp = NULL; |
1478 | if (0 != cmp_result) | 1537 | if (0 != cmp_result) |
1479 | { | 1538 | { |
1480 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: Got invalid presecret from P%u\n", | 1539 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1481 | (unsigned int)ks->local_peer_idx, (unsigned int)(info - ks->info)); | 1540 | "P%u: Got invalid presecret from P%u\n", |
1482 | return; | 1541 | (unsigned int) ks->local_peer_idx, (unsigned int) (info |
1483 | } | 1542 | - ks->info)); |
1543 | return; | ||
1544 | } | ||
1484 | 1545 | ||
1485 | if (NULL == ks->my_share) | 1546 | if (NULL == ks->my_share) |
1486 | { | 1547 | { |
1487 | GNUNET_assert(NULL != (ks->my_share = gcry_mpi_new(0))); | 1548 | GNUNET_assert (NULL != (ks->my_share = gcry_mpi_new (0))); |
1488 | } | 1549 | } |
1489 | gcry_mpi_addm(ks->my_share, ks->my_share, preshare, elgamal_q); | 1550 | gcry_mpi_addm (ks->my_share, ks->my_share, preshare, elgamal_q); |
1490 | 1551 | ||
1491 | for (j = 0; j < ks->num_peers; j++) | 1552 | for (j = 0; j < ks->num_peers; j++) |
1553 | { | ||
1554 | gcry_mpi_t presigma; | ||
1555 | if (NULL == ks->info[j].sigma) | ||
1492 | { | 1556 | { |
1493 | gcry_mpi_t presigma; | 1557 | GNUNET_assert (NULL != (ks->info[j].sigma = gcry_mpi_new (0))); |
1494 | if (NULL == ks->info[j].sigma) | 1558 | gcry_mpi_set_ui (ks->info[j].sigma, 1); |
1495 | { | ||
1496 | GNUNET_assert(NULL != (ks->info[j].sigma = gcry_mpi_new(0))); | ||
1497 | gcry_mpi_set_ui(ks->info[j].sigma, 1); | ||
1498 | } | ||
1499 | presigma = keygen_reveal_get_exp_preshare(ks, d, j); | ||
1500 | gcry_mpi_mulm(ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p); | ||
1501 | gcry_mpi_release(presigma); | ||
1502 | } | 1559 | } |
1560 | presigma = keygen_reveal_get_exp_preshare (ks, d, j); | ||
1561 | gcry_mpi_mulm (ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p); | ||
1562 | gcry_mpi_release (presigma); | ||
1563 | } | ||
1503 | 1564 | ||
1504 | gcry_mpi_t prod; | 1565 | gcry_mpi_t prod; |
1505 | GNUNET_assert(NULL != (prod = gcry_mpi_new(0))); | 1566 | GNUNET_assert (NULL != (prod = gcry_mpi_new (0))); |
1506 | gcry_mpi_t j_to_k; | 1567 | gcry_mpi_t j_to_k; |
1507 | GNUNET_assert(NULL != (j_to_k = gcry_mpi_new(0))); | 1568 | GNUNET_assert (NULL != (j_to_k = gcry_mpi_new (0))); |
1508 | // validate that the polynomial sharing matches the additive sharing | 1569 | // validate that the polynomial sharing matches the additive sharing |
1509 | for (j = 0; j < ks->num_peers; j++) | 1570 | for (j = 0; j < ks->num_peers; j++) |
1571 | { | ||
1572 | unsigned int k; | ||
1573 | int cmp_result; | ||
1574 | gcry_mpi_t exp_preshare; | ||
1575 | gcry_mpi_set_ui (prod, 1); | ||
1576 | for (k = 0; k < ks->threshold; k++) | ||
1577 | { | ||
1578 | // Using pow(double,double) is a bit sketchy. | ||
1579 | // We count players from 1, but shares from 0. | ||
1580 | gcry_mpi_t tmp; | ||
1581 | gcry_mpi_set_ui (j_to_k, (unsigned int) pow (j + 1, k)); | ||
1582 | tmp = keygen_reveal_get_exp_coeff (ks, d, k); | ||
1583 | gcry_mpi_powm (tmp, tmp, j_to_k, elgamal_p); | ||
1584 | gcry_mpi_mulm (prod, prod, tmp, elgamal_p); | ||
1585 | gcry_mpi_release (tmp); | ||
1586 | } | ||
1587 | exp_preshare = keygen_reveal_get_exp_preshare (ks, d, j); | ||
1588 | gcry_mpi_mod (exp_preshare, exp_preshare, elgamal_p); | ||
1589 | cmp_result = gcry_mpi_cmp (prod, exp_preshare); | ||
1590 | gcry_mpi_release (exp_preshare); | ||
1591 | exp_preshare = NULL; | ||
1592 | if (0 != cmp_result) | ||
1510 | { | 1593 | { |
1511 | unsigned int k; | 1594 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1512 | int cmp_result; | 1595 | "P%u: reveal data from P%u incorrect\n", |
1513 | gcry_mpi_t exp_preshare; | 1596 | ks->local_peer_idx, j); |
1514 | gcry_mpi_set_ui(prod, 1); | 1597 | /* no need for further verification, round2 stays invalid ... */ |
1515 | for (k = 0; k < ks->threshold; k++) | 1598 | return; |
1516 | { | ||
1517 | // Using pow(double,double) is a bit sketchy. | ||
1518 | // We count players from 1, but shares from 0. | ||
1519 | gcry_mpi_t tmp; | ||
1520 | gcry_mpi_set_ui(j_to_k, (unsigned int)pow(j + 1, k)); | ||
1521 | tmp = keygen_reveal_get_exp_coeff(ks, d, k); | ||
1522 | gcry_mpi_powm(tmp, tmp, j_to_k, elgamal_p); | ||
1523 | gcry_mpi_mulm(prod, prod, tmp, elgamal_p); | ||
1524 | gcry_mpi_release(tmp); | ||
1525 | } | ||
1526 | exp_preshare = keygen_reveal_get_exp_preshare(ks, d, j); | ||
1527 | gcry_mpi_mod(exp_preshare, exp_preshare, elgamal_p); | ||
1528 | cmp_result = gcry_mpi_cmp(prod, exp_preshare); | ||
1529 | gcry_mpi_release(exp_preshare); | ||
1530 | exp_preshare = NULL; | ||
1531 | if (0 != cmp_result) | ||
1532 | { | ||
1533 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect\n", | ||
1534 | ks->local_peer_idx, j); | ||
1535 | /* no need for further verification, round2 stays invalid ... */ | ||
1536 | return; | ||
1537 | } | ||
1538 | } | 1599 | } |
1600 | } | ||
1539 | 1601 | ||
1540 | // TODO: verify proof of fair encryption (once implemented) | 1602 | // TODO: verify proof of fair encryption (once implemented) |
1541 | for (j = 0; j < ks->num_peers; j++) | 1603 | for (j = 0; j < ks->num_peers; j++) |
1604 | { | ||
1605 | struct GNUNET_SECRETSHARING_FairEncryption *fe = | ||
1606 | keygen_reveal_get_enc_preshare (ks, d, j); | ||
1607 | if (GNUNET_YES != verify_fair (&ks->info[j].paillier_public_key, fe)) | ||
1542 | { | 1608 | { |
1543 | struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare(ks, d, j); | 1609 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1544 | if (GNUNET_YES != verify_fair(&ks->info[j].paillier_public_key, fe)) | 1610 | "P%u: reveal data from P%u incorrect (fair encryption)\n", |
1545 | { | 1611 | ks->local_peer_idx, j); |
1546 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect (fair encryption)\n", | 1612 | return; |
1547 | ks->local_peer_idx, j); | ||
1548 | return; | ||
1549 | } | ||
1550 | } | 1613 | } |
1614 | } | ||
1551 | 1615 | ||
1552 | info->round2_valid = GNUNET_YES; | 1616 | info->round2_valid = GNUNET_YES; |
1553 | 1617 | ||
1554 | gcry_mpi_release(preshare); | 1618 | gcry_mpi_release (preshare); |
1555 | gcry_mpi_release(prod); | 1619 | gcry_mpi_release (prod); |
1556 | gcry_mpi_release(j_to_k); | 1620 | gcry_mpi_release (j_to_k); |
1557 | } | 1621 | } |
1558 | 1622 | ||
1559 | 1623 | ||
@@ -1564,22 +1628,24 @@ keygen_round2_new_element(void *cls, | |||
1564 | * @param cls closure | 1628 | * @param cls closure |
1565 | */ | 1629 | */ |
1566 | static void | 1630 | static void |
1567 | keygen_round1_conclude(void *cls) | 1631 | keygen_round1_conclude (void *cls) |
1568 | { | 1632 | { |
1569 | struct KeygenSession *ks = cls; | 1633 | struct KeygenSession *ks = cls; |
1570 | 1634 | ||
1571 | GNUNET_CONSENSUS_destroy(ks->consensus); | 1635 | GNUNET_CONSENSUS_destroy (ks->consensus); |
1572 | 1636 | ||
1573 | ks->consensus = GNUNET_CONSENSUS_create(cfg, ks->num_peers, ks->peers, &ks->session_id, | 1637 | ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, |
1574 | time_between(ks->start_time, ks->deadline, 1, 2), | 1638 | &ks->session_id, |
1575 | ks->deadline, | 1639 | time_between (ks->start_time, |
1576 | keygen_round2_new_element, ks); | 1640 | ks->deadline, 1, 2), |
1641 | ks->deadline, | ||
1642 | keygen_round2_new_element, ks); | ||
1577 | 1643 | ||
1578 | insert_round2_element(ks); | 1644 | insert_round2_element (ks); |
1579 | 1645 | ||
1580 | GNUNET_CONSENSUS_conclude(ks->consensus, | 1646 | GNUNET_CONSENSUS_conclude (ks->consensus, |
1581 | keygen_round2_conclude, | 1647 | keygen_round2_conclude, |
1582 | ks); | 1648 | ks); |
1583 | } | 1649 | } |
1584 | 1650 | ||
1585 | 1651 | ||
@@ -1590,7 +1656,7 @@ keygen_round1_conclude(void *cls) | |||
1590 | * @param ks session to use | 1656 | * @param ks session to use |
1591 | */ | 1657 | */ |
1592 | static void | 1658 | static void |
1593 | insert_round1_element(struct KeygenSession *ks) | 1659 | insert_round1_element (struct KeygenSession *ks) |
1594 | { | 1660 | { |
1595 | struct GNUNET_SET_Element *element; | 1661 | struct GNUNET_SET_Element *element; |
1596 | struct GNUNET_SECRETSHARING_KeygenCommitData *d; | 1662 | struct GNUNET_SECRETSHARING_KeygenCommitData *d; |
@@ -1599,34 +1665,38 @@ insert_round1_element(struct KeygenSession *ks) | |||
1599 | // big-endian representation of 'v' | 1665 | // big-endian representation of 'v' |
1600 | unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; | 1666 | unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; |
1601 | 1667 | ||
1602 | element = GNUNET_malloc(sizeof *element + sizeof *d); | 1668 | element = GNUNET_malloc (sizeof *element + sizeof *d); |
1603 | d = (void *)&element[1]; | 1669 | d = (void *) &element[1]; |
1604 | element->data = d; | 1670 | element->data = d; |
1605 | element->size = sizeof *d; | 1671 | element->size = sizeof *d; |
1606 | 1672 | ||
1607 | d->peer = my_peer; | 1673 | d->peer = my_peer; |
1608 | 1674 | ||
1609 | GNUNET_assert(0 != (v = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); | 1675 | GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS))); |
1610 | 1676 | ||
1611 | gcry_mpi_powm(v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); | 1677 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); |
1612 | 1678 | ||
1613 | GNUNET_CRYPTO_mpi_print_unsigned(v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); | 1679 | GNUNET_CRYPTO_mpi_print_unsigned (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS |
1680 | / 8, v); | ||
1614 | 1681 | ||
1615 | GNUNET_CRYPTO_hash(v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, &d->commitment); | 1682 | GNUNET_CRYPTO_hash (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, |
1683 | &d->commitment); | ||
1616 | 1684 | ||
1617 | d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key; | 1685 | d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key; |
1618 | 1686 | ||
1619 | d->purpose.size = htonl((sizeof *d) - offsetof(struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); | 1687 | d->purpose.size = htonl ((sizeof *d) - offsetof (struct |
1620 | d->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); | 1688 | GNUNET_SECRETSHARING_KeygenCommitData, |
1621 | GNUNET_assert(GNUNET_OK == | 1689 | purpose)); |
1622 | GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, | 1690 | d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); |
1623 | &d->purpose, | 1691 | GNUNET_assert (GNUNET_OK == |
1624 | &d->signature)); | 1692 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, |
1693 | &d->purpose, | ||
1694 | &d->signature)); | ||
1625 | 1695 | ||
1626 | GNUNET_CONSENSUS_insert(ks->consensus, element, NULL, NULL); | 1696 | GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); |
1627 | 1697 | ||
1628 | gcry_mpi_release(v); | 1698 | gcry_mpi_release (v); |
1629 | GNUNET_free(element); | 1699 | GNUNET_free (element); |
1630 | } | 1700 | } |
1631 | 1701 | ||
1632 | 1702 | ||
@@ -1638,17 +1708,17 @@ insert_round1_element(struct KeygenSession *ks) | |||
1638 | * @return #GNUNET_OK if @a msg is well-formed | 1708 | * @return #GNUNET_OK if @a msg is well-formed |
1639 | */ | 1709 | */ |
1640 | static int | 1710 | static int |
1641 | check_client_keygen(void *cls, | 1711 | check_client_keygen (void *cls, |
1642 | const struct GNUNET_SECRETSHARING_CreateMessage *msg) | 1712 | const struct GNUNET_SECRETSHARING_CreateMessage *msg) |
1643 | { | 1713 | { |
1644 | unsigned int num_peers = ntohs(msg->num_peers); | 1714 | unsigned int num_peers = ntohs (msg->num_peers); |
1645 | 1715 | ||
1646 | if (ntohs(msg->header.size) - sizeof(*msg) != | 1716 | if (ntohs (msg->header.size) - sizeof(*msg) != |
1647 | num_peers * sizeof(struct GNUNET_PeerIdentity)) | 1717 | num_peers * sizeof(struct GNUNET_PeerIdentity)) |
1648 | { | 1718 | { |
1649 | GNUNET_break(0); | 1719 | GNUNET_break (0); |
1650 | return GNUNET_SYSERR; | 1720 | return GNUNET_SYSERR; |
1651 | } | 1721 | } |
1652 | return GNUNET_OK; | 1722 | return GNUNET_OK; |
1653 | } | 1723 | } |
1654 | 1724 | ||
@@ -1661,72 +1731,75 @@ check_client_keygen(void *cls, | |||
1661 | * @param msg the actual message | 1731 | * @param msg the actual message |
1662 | */ | 1732 | */ |
1663 | static void | 1733 | static void |
1664 | handle_client_keygen(void *cls, | 1734 | handle_client_keygen (void *cls, |
1665 | const struct GNUNET_SECRETSHARING_CreateMessage *msg) | 1735 | const struct GNUNET_SECRETSHARING_CreateMessage *msg) |
1666 | { | 1736 | { |
1667 | struct ClientState *cs = cls; | 1737 | struct ClientState *cs = cls; |
1668 | struct KeygenSession *ks; | 1738 | struct KeygenSession *ks; |
1669 | 1739 | ||
1670 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 1740 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
1671 | "client requested key generation\n"); | 1741 | "client requested key generation\n"); |
1672 | if (NULL != cs->keygen_session) | 1742 | if (NULL != cs->keygen_session) |
1673 | { | 1743 | { |
1674 | GNUNET_break(0); | 1744 | GNUNET_break (0); |
1675 | GNUNET_SERVICE_client_drop(cs->client); | 1745 | GNUNET_SERVICE_client_drop (cs->client); |
1676 | return; | 1746 | return; |
1677 | } | 1747 | } |
1678 | ks = GNUNET_new(struct KeygenSession); | 1748 | ks = GNUNET_new (struct KeygenSession); |
1679 | ks->cs = cs; | 1749 | ks->cs = cs; |
1680 | cs->keygen_session = ks; | 1750 | cs->keygen_session = ks; |
1681 | ks->deadline = GNUNET_TIME_absolute_ntoh(msg->deadline); | 1751 | ks->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline); |
1682 | ks->threshold = ntohs(msg->threshold); | 1752 | ks->threshold = ntohs (msg->threshold); |
1683 | ks->num_peers = ntohs(msg->num_peers); | 1753 | ks->num_peers = ntohs (msg->num_peers); |
1684 | 1754 | ||
1685 | ks->peers = normalize_peers((struct GNUNET_PeerIdentity *)&msg[1], | 1755 | ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1], |
1686 | ks->num_peers, | 1756 | ks->num_peers, |
1687 | &ks->num_peers, | 1757 | &ks->num_peers, |
1688 | &ks->local_peer_idx); | 1758 | &ks->local_peer_idx); |
1689 | 1759 | ||
1690 | 1760 | ||
1691 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 1761 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
1692 | "first round of consensus with %u peers\n", | 1762 | "first round of consensus with %u peers\n", |
1693 | ks->num_peers); | 1763 | ks->num_peers); |
1694 | ks->consensus = GNUNET_CONSENSUS_create(cfg, | 1764 | ks->consensus = GNUNET_CONSENSUS_create (cfg, |
1695 | ks->num_peers, | 1765 | ks->num_peers, |
1696 | ks->peers, | 1766 | ks->peers, |
1697 | &msg->session_id, | 1767 | &msg->session_id, |
1698 | GNUNET_TIME_absolute_ntoh(msg->start), | 1768 | GNUNET_TIME_absolute_ntoh ( |
1699 | GNUNET_TIME_absolute_ntoh(msg->deadline), | 1769 | msg->start), |
1700 | keygen_round1_new_element, | 1770 | GNUNET_TIME_absolute_ntoh ( |
1701 | ks); | 1771 | msg->deadline), |
1702 | 1772 | keygen_round1_new_element, | |
1703 | ks->info = GNUNET_new_array(ks->num_peers, | 1773 | ks); |
1704 | struct KeygenPeerInfo); | 1774 | |
1775 | ks->info = GNUNET_new_array (ks->num_peers, | ||
1776 | struct KeygenPeerInfo); | ||
1705 | 1777 | ||
1706 | for (unsigned int i = 0; i < ks->num_peers; i++) | 1778 | for (unsigned int i = 0; i < ks->num_peers; i++) |
1707 | ks->info[i].peer = ks->peers[i]; | 1779 | ks->info[i].peer = ks->peers[i]; |
1708 | 1780 | ||
1709 | GNUNET_CRYPTO_paillier_create(&ks->info[ks->local_peer_idx].paillier_public_key, | 1781 | GNUNET_CRYPTO_paillier_create ( |
1710 | &ks->paillier_private_key); | 1782 | &ks->info[ks->local_peer_idx].paillier_public_key, |
1711 | 1783 | &ks->paillier_private_key); | |
1712 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1784 | |
1713 | "P%u: Generated paillier key pair\n", | 1785 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1714 | ks->local_peer_idx); | 1786 | "P%u: Generated paillier key pair\n", |
1715 | generate_presecret_polynomial(ks); | 1787 | ks->local_peer_idx); |
1716 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1788 | generate_presecret_polynomial (ks); |
1717 | "P%u: Generated presecret polynomial\n", | 1789 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1718 | ks->local_peer_idx); | 1790 | "P%u: Generated presecret polynomial\n", |
1719 | insert_round1_element(ks); | 1791 | ks->local_peer_idx); |
1720 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1792 | insert_round1_element (ks); |
1721 | "P%u: Concluding for round 1\n", | 1793 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1722 | ks->local_peer_idx); | 1794 | "P%u: Concluding for round 1\n", |
1723 | GNUNET_CONSENSUS_conclude(ks->consensus, | 1795 | ks->local_peer_idx); |
1724 | keygen_round1_conclude, | 1796 | GNUNET_CONSENSUS_conclude (ks->consensus, |
1725 | ks); | 1797 | keygen_round1_conclude, |
1726 | GNUNET_SERVICE_client_continue(cs->client); | 1798 | ks); |
1727 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1799 | GNUNET_SERVICE_client_continue (cs->client); |
1728 | "P%u: Waiting for round 1 elements ...\n", | 1800 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1729 | ks->local_peer_idx); | 1801 | "P%u: Waiting for round 1 elements ...\n", |
1802 | ks->local_peer_idx); | ||
1730 | } | 1803 | } |
1731 | 1804 | ||
1732 | 1805 | ||
@@ -1734,7 +1807,7 @@ handle_client_keygen(void *cls, | |||
1734 | * Called when the partial decryption consensus concludes. | 1807 | * Called when the partial decryption consensus concludes. |
1735 | */ | 1808 | */ |
1736 | static void | 1809 | static void |
1737 | decrypt_conclude(void *cls) | 1810 | decrypt_conclude (void *cls) |
1738 | { | 1811 | { |
1739 | struct DecryptSession *ds = cls; | 1812 | struct DecryptSession *ds = cls; |
1740 | struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg; | 1813 | struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg; |
@@ -1749,64 +1822,68 @@ decrypt_conclude(void *cls) | |||
1749 | unsigned int i; | 1822 | unsigned int i; |
1750 | unsigned int j; | 1823 | unsigned int j; |
1751 | 1824 | ||
1752 | GNUNET_CONSENSUS_destroy(ds->consensus); | 1825 | GNUNET_CONSENSUS_destroy (ds->consensus); |
1753 | ds->consensus = NULL; | 1826 | ds->consensus = NULL; |
1754 | 1827 | ||
1755 | GNUNET_assert(0 != (lagrange = gcry_mpi_new(0))); | 1828 | GNUNET_assert (0 != (lagrange = gcry_mpi_new (0))); |
1756 | GNUNET_assert(0 != (m = gcry_mpi_new(0))); | 1829 | GNUNET_assert (0 != (m = gcry_mpi_new (0))); |
1757 | GNUNET_assert(0 != (tmp = gcry_mpi_new(0))); | 1830 | GNUNET_assert (0 != (tmp = gcry_mpi_new (0))); |
1758 | GNUNET_assert(0 != (prod = gcry_mpi_new(0))); | 1831 | GNUNET_assert (0 != (prod = gcry_mpi_new (0))); |
1759 | 1832 | ||
1760 | num = 0; | 1833 | num = 0; |
1761 | for (i = 0; i < ds->share->num_peers; i++) | 1834 | for (i = 0; i < ds->share->num_peers; i++) |
1762 | if (NULL != ds->info[i].partial_decryption) | 1835 | if (NULL != ds->info[i].partial_decryption) |
1763 | num++; | 1836 | num++; |
1764 | 1837 | ||
1765 | indices = GNUNET_new_array(num, | 1838 | indices = GNUNET_new_array (num, |
1766 | unsigned int); | 1839 | unsigned int); |
1767 | j = 0; | 1840 | j = 0; |
1768 | for (i = 0; i < ds->share->num_peers; i++) | 1841 | for (i = 0; i < ds->share->num_peers; i++) |
1769 | if (NULL != ds->info[i].partial_decryption) | 1842 | if (NULL != ds->info[i].partial_decryption) |
1770 | indices[j++] = ds->info[i].original_index; | 1843 | indices[j++] = ds->info[i].original_index; |
1771 | 1844 | ||
1772 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 1845 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
1773 | "P%u: decrypt conclude, with %u peers\n", | 1846 | "P%u: decrypt conclude, with %u peers\n", |
1774 | ds->share->my_peer, | 1847 | ds->share->my_peer, |
1775 | num); | 1848 | num); |
1776 | 1849 | ||
1777 | gcry_mpi_set_ui(prod, 1); | 1850 | gcry_mpi_set_ui (prod, 1); |
1778 | for (i = 0; i < num; i++) | 1851 | for (i = 0; i < num; i++) |
1779 | { | 1852 | { |
1780 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 1853 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
1781 | "P%u: index of %u: %u\n", | 1854 | "P%u: index of %u: %u\n", |
1782 | ds->share->my_peer, i, indices[i]); | 1855 | ds->share->my_peer, i, indices[i]); |
1783 | compute_lagrange_coefficient(lagrange, indices[i], indices, num); | 1856 | compute_lagrange_coefficient (lagrange, indices[i], indices, num); |
1784 | // w_i^{\lambda_i} | 1857 | // w_i^{\lambda_i} |
1785 | gcry_mpi_powm(tmp, ds->info[indices[i]].partial_decryption, lagrange, elgamal_p); | 1858 | gcry_mpi_powm (tmp, ds->info[indices[i]].partial_decryption, lagrange, |
1786 | 1859 | elgamal_p); | |
1787 | // product of all exponentiated partiel decryptions ... | 1860 | |
1788 | gcry_mpi_mulm(prod, prod, tmp, elgamal_p); | 1861 | // product of all exponentiated partiel decryptions ... |
1789 | } | 1862 | gcry_mpi_mulm (prod, prod, tmp, elgamal_p); |
1863 | } | ||
1790 | 1864 | ||
1791 | GNUNET_CRYPTO_mpi_scan_unsigned(&c_2, ds->ciphertext.c2_bits, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 1865 | GNUNET_CRYPTO_mpi_scan_unsigned (&c_2, ds->ciphertext.c2_bits, |
1866 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | ||
1792 | 1867 | ||
1793 | GNUNET_assert(0 != gcry_mpi_invm(prod, prod, elgamal_p)); | 1868 | GNUNET_assert (0 != gcry_mpi_invm (prod, prod, elgamal_p)); |
1794 | gcry_mpi_mulm(m, c_2, prod, elgamal_p); | 1869 | gcry_mpi_mulm (m, c_2, prod, elgamal_p); |
1795 | ev = GNUNET_MQ_msg(msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); | 1870 | ev = GNUNET_MQ_msg (msg, |
1796 | GNUNET_CRYPTO_mpi_print_unsigned(&msg->plaintext, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m); | 1871 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); |
1797 | msg->success = htonl(1); | 1872 | GNUNET_CRYPTO_mpi_print_unsigned (&msg->plaintext, |
1798 | GNUNET_MQ_send(ds->cs->mq, | 1873 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m); |
1799 | ev); | 1874 | msg->success = htonl (1); |
1875 | GNUNET_MQ_send (ds->cs->mq, | ||
1876 | ev); | ||
1800 | 1877 | ||
1801 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n"); | 1878 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n"); |
1802 | 1879 | ||
1803 | GNUNET_free(indices); | 1880 | GNUNET_free (indices); |
1804 | 1881 | ||
1805 | gcry_mpi_release(lagrange); | 1882 | gcry_mpi_release (lagrange); |
1806 | gcry_mpi_release(m); | 1883 | gcry_mpi_release (m); |
1807 | gcry_mpi_release(tmp); | 1884 | gcry_mpi_release (tmp); |
1808 | gcry_mpi_release(prod); | 1885 | gcry_mpi_release (prod); |
1809 | gcry_mpi_release(c_2); | 1886 | gcry_mpi_release (c_2); |
1810 | 1887 | ||
1811 | // FIXME: what if not enough peers participated? | 1888 | // FIXME: what if not enough peers participated? |
1812 | } | 1889 | } |
@@ -1820,12 +1897,12 @@ decrypt_conclude(void *cls) | |||
1820 | * @return string representation of @a mpi, must be free'd by the caller | 1897 | * @return string representation of @a mpi, must be free'd by the caller |
1821 | */ | 1898 | */ |
1822 | static char * | 1899 | static char * |
1823 | mpi_to_str(gcry_mpi_t mpi) | 1900 | mpi_to_str (gcry_mpi_t mpi) |
1824 | { | 1901 | { |
1825 | unsigned char *buf; | 1902 | unsigned char *buf; |
1826 | 1903 | ||
1827 | GNUNET_assert(0 == gcry_mpi_aprint(GCRYMPI_FMT_HEX, &buf, NULL, mpi)); | 1904 | GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, mpi)); |
1828 | return (char *)buf; | 1905 | return (char *) buf; |
1829 | } | 1906 | } |
1830 | 1907 | ||
1831 | 1908 | ||
@@ -1833,8 +1910,8 @@ mpi_to_str(gcry_mpi_t mpi) | |||
1833 | * Called when a new partial decryption arrives. | 1910 | * Called when a new partial decryption arrives. |
1834 | */ | 1911 | */ |
1835 | static void | 1912 | static void |
1836 | decrypt_new_element(void *cls, | 1913 | decrypt_new_element (void *cls, |
1837 | const struct GNUNET_SET_Element *element) | 1914 | const struct GNUNET_SET_Element *element) |
1838 | { | 1915 | { |
1839 | struct DecryptSession *session = cls; | 1916 | struct DecryptSession *session = cls; |
1840 | const struct GNUNET_SECRETSHARING_DecryptData *d; | 1917 | const struct GNUNET_SECRETSHARING_DecryptData *d; |
@@ -1862,132 +1939,150 @@ decrypt_new_element(void *cls, | |||
1862 | gcry_mpi_t tmp2; | 1939 | gcry_mpi_t tmp2; |
1863 | 1940 | ||
1864 | if (NULL == element) | 1941 | if (NULL == element) |
1865 | { | 1942 | { |
1866 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decryption failed\n"); | 1943 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n"); |
1867 | /* FIXME: destroy */ | 1944 | /* FIXME: destroy */ |
1868 | return; | 1945 | return; |
1869 | } | 1946 | } |
1870 | 1947 | ||
1871 | if (element->size != sizeof *d) | 1948 | if (element->size != sizeof *d) |
1872 | { | 1949 | { |
1873 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "element of wrong size in decrypt consensus\n"); | 1950 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1874 | return; | 1951 | "element of wrong size in decrypt consensus\n"); |
1875 | } | 1952 | return; |
1953 | } | ||
1876 | 1954 | ||
1877 | d = element->data; | 1955 | d = element->data; |
1878 | 1956 | ||
1879 | info = get_decrypt_peer_info(session, &d->peer); | 1957 | info = get_decrypt_peer_info (session, &d->peer); |
1880 | 1958 | ||
1881 | if (NULL == info) | 1959 | if (NULL == info) |
1882 | { | 1960 | { |
1883 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt element from invalid peer (%s)\n", | 1961 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1884 | GNUNET_i2s(&d->peer)); | 1962 | "decrypt element from invalid peer (%s)\n", |
1885 | return; | 1963 | GNUNET_i2s (&d->peer)); |
1886 | } | 1964 | return; |
1965 | } | ||
1887 | 1966 | ||
1888 | if (NULL != info->partial_decryption) | 1967 | if (NULL != info->partial_decryption) |
1889 | { | 1968 | { |
1890 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n"); | 1969 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n"); |
1891 | return; | 1970 | return; |
1892 | } | 1971 | } |
1893 | |||
1894 | if (0 != GNUNET_memcmp(&d->ciphertext, &session->ciphertext)) | ||
1895 | { | ||
1896 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: got decrypt element with non-matching ciphertext from P%u\n", | ||
1897 | (unsigned int)session->share->my_peer, (unsigned int)(info - session->info)); | ||
1898 | 1972 | ||
1899 | return; | 1973 | if (0 != GNUNET_memcmp (&d->ciphertext, &session->ciphertext)) |
1900 | } | 1974 | { |
1975 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1976 | "P%u: got decrypt element with non-matching ciphertext from P%u\n", | ||
1977 | (unsigned int) session->share->my_peer, (unsigned int) (info | ||
1978 | - | ||
1979 | session | ||
1980 | ->info)); | ||
1981 | |||
1982 | return; | ||
1983 | } | ||
1901 | 1984 | ||
1902 | 1985 | ||
1903 | GNUNET_CRYPTO_hash(offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *)d, | 1986 | GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, |
1904 | offsetof(struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - | 1987 | ciphertext) + (char *) d, |
1905 | offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext), | 1988 | offsetof (struct GNUNET_SECRETSHARING_DecryptData, |
1906 | &challenge_hash); | 1989 | nizk_response) |
1990 | - offsetof (struct GNUNET_SECRETSHARING_DecryptData, | ||
1991 | ciphertext), | ||
1992 | &challenge_hash); | ||
1907 | 1993 | ||
1908 | GNUNET_CRYPTO_mpi_scan_unsigned(&challenge, &challenge_hash, | 1994 | GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash, |
1909 | sizeof(struct GNUNET_HashCode)); | 1995 | sizeof(struct GNUNET_HashCode)); |
1910 | 1996 | ||
1911 | GNUNET_CRYPTO_mpi_scan_unsigned(&sigma, &session->share->sigmas[info - session->info], | 1997 | GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &session->share->sigmas[info |
1912 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); | 1998 | - session-> |
1999 | info], | ||
2000 | sizeof(struct | ||
2001 | GNUNET_SECRETSHARING_FieldElement)); | ||
1913 | 2002 | ||
1914 | GNUNET_CRYPTO_mpi_scan_unsigned(&c1, session->ciphertext.c1_bits, | 2003 | GNUNET_CRYPTO_mpi_scan_unsigned (&c1, session->ciphertext.c1_bits, |
1915 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); | 2004 | sizeof(struct |
2005 | GNUNET_SECRETSHARING_FieldElement)); | ||
1916 | 2006 | ||
1917 | GNUNET_CRYPTO_mpi_scan_unsigned(&commit1, &d->nizk_commit1, | 2007 | GNUNET_CRYPTO_mpi_scan_unsigned (&commit1, &d->nizk_commit1, |
1918 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); | 2008 | sizeof(struct |
2009 | GNUNET_SECRETSHARING_FieldElement)); | ||
1919 | 2010 | ||
1920 | GNUNET_CRYPTO_mpi_scan_unsigned(&commit2, &d->nizk_commit2, | 2011 | GNUNET_CRYPTO_mpi_scan_unsigned (&commit2, &d->nizk_commit2, |
1921 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); | 2012 | sizeof(struct |
2013 | GNUNET_SECRETSHARING_FieldElement)); | ||
1922 | 2014 | ||
1923 | GNUNET_CRYPTO_mpi_scan_unsigned(&r, &d->nizk_response, | 2015 | GNUNET_CRYPTO_mpi_scan_unsigned (&r, &d->nizk_response, |
1924 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); | 2016 | sizeof(struct |
2017 | GNUNET_SECRETSHARING_FieldElement)); | ||
1925 | 2018 | ||
1926 | GNUNET_CRYPTO_mpi_scan_unsigned(&w, &d->partial_decryption, | 2019 | GNUNET_CRYPTO_mpi_scan_unsigned (&w, &d->partial_decryption, |
1927 | sizeof(struct GNUNET_SECRETSHARING_FieldElement)); | 2020 | sizeof(struct |
2021 | GNUNET_SECRETSHARING_FieldElement)); | ||
1928 | 2022 | ||
1929 | GNUNET_assert(NULL != (tmp1 = gcry_mpi_new(0))); | 2023 | GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0))); |
1930 | GNUNET_assert(NULL != (tmp2 = gcry_mpi_new(0))); | 2024 | GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0))); |
1931 | 2025 | ||
1932 | // tmp1 = g^r | 2026 | // tmp1 = g^r |
1933 | gcry_mpi_powm(tmp1, elgamal_g, r, elgamal_p); | 2027 | gcry_mpi_powm (tmp1, elgamal_g, r, elgamal_p); |
1934 | 2028 | ||
1935 | // tmp2 = g^\beta * \sigma^challenge | 2029 | // tmp2 = g^\beta * \sigma^challenge |
1936 | gcry_mpi_powm(tmp2, sigma, challenge, elgamal_p); | 2030 | gcry_mpi_powm (tmp2, sigma, challenge, elgamal_p); |
1937 | gcry_mpi_mulm(tmp2, tmp2, commit1, elgamal_p); | 2031 | gcry_mpi_mulm (tmp2, tmp2, commit1, elgamal_p); |
1938 | 2032 | ||
1939 | if (0 != gcry_mpi_cmp(tmp1, tmp2)) | 2033 | if (0 != gcry_mpi_cmp (tmp1, tmp2)) |
1940 | { | 2034 | { |
1941 | char *tmp1_str; | 2035 | char *tmp1_str; |
1942 | char *tmp2_str; | 2036 | char *tmp2_str; |
1943 | 2037 | ||
1944 | tmp1_str = mpi_to_str(tmp1); | 2038 | tmp1_str = mpi_to_str (tmp1); |
1945 | tmp2_str = mpi_to_str(tmp2); | 2039 | tmp2_str = mpi_to_str (tmp2); |
1946 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 2040 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1947 | "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n", | 2041 | "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n", |
1948 | session->share->my_peer, | 2042 | session->share->my_peer, |
1949 | (unsigned int)(info - session->info), | 2043 | (unsigned int) (info - session->info), |
1950 | tmp1_str, | 2044 | tmp1_str, |
1951 | tmp2_str); | 2045 | tmp2_str); |
1952 | GNUNET_free(tmp1_str); | 2046 | GNUNET_free (tmp1_str); |
1953 | GNUNET_free(tmp2_str); | 2047 | GNUNET_free (tmp2_str); |
1954 | goto cleanup; | 2048 | goto cleanup; |
1955 | } | 2049 | } |
1956 | 2050 | ||
1957 | 2051 | ||
1958 | gcry_mpi_powm(tmp1, c1, r, elgamal_p); | 2052 | gcry_mpi_powm (tmp1, c1, r, elgamal_p); |
1959 | 2053 | ||
1960 | gcry_mpi_powm(tmp2, w, challenge, elgamal_p); | 2054 | gcry_mpi_powm (tmp2, w, challenge, elgamal_p); |
1961 | gcry_mpi_mulm(tmp2, tmp2, commit2, elgamal_p); | 2055 | gcry_mpi_mulm (tmp2, tmp2, commit2, elgamal_p); |
1962 | 2056 | ||
1963 | 2057 | ||
1964 | if (0 != gcry_mpi_cmp(tmp1, tmp2)) | 2058 | if (0 != gcry_mpi_cmp (tmp1, tmp2)) |
1965 | { | 2059 | { |
1966 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 2060 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1967 | "P%u: Received invalid partial decryption from P%u (eqn 2)\n", | 2061 | "P%u: Received invalid partial decryption from P%u (eqn 2)\n", |
1968 | session->share->my_peer, | 2062 | session->share->my_peer, |
1969 | (unsigned int)(info - session->info)); | 2063 | (unsigned int) (info - session->info)); |
1970 | goto cleanup; | 2064 | goto cleanup; |
1971 | } | 2065 | } |
1972 | 2066 | ||
1973 | 2067 | ||
1974 | GNUNET_CRYPTO_mpi_scan_unsigned(&info->partial_decryption, &d->partial_decryption, | 2068 | GNUNET_CRYPTO_mpi_scan_unsigned (&info->partial_decryption, |
1975 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 2069 | &d->partial_decryption, |
2070 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | ||
1976 | cleanup: | 2071 | cleanup: |
1977 | gcry_mpi_release(tmp1); | 2072 | gcry_mpi_release (tmp1); |
1978 | gcry_mpi_release(tmp2); | 2073 | gcry_mpi_release (tmp2); |
1979 | gcry_mpi_release(sigma); | 2074 | gcry_mpi_release (sigma); |
1980 | gcry_mpi_release(commit1); | 2075 | gcry_mpi_release (commit1); |
1981 | gcry_mpi_release(commit2); | 2076 | gcry_mpi_release (commit2); |
1982 | gcry_mpi_release(r); | 2077 | gcry_mpi_release (r); |
1983 | gcry_mpi_release(w); | 2078 | gcry_mpi_release (w); |
1984 | gcry_mpi_release(challenge); | 2079 | gcry_mpi_release (challenge); |
1985 | gcry_mpi_release(c1); | 2080 | gcry_mpi_release (c1); |
1986 | } | 2081 | } |
1987 | 2082 | ||
1988 | 2083 | ||
1989 | static void | 2084 | static void |
1990 | insert_decrypt_element(struct DecryptSession *ds) | 2085 | insert_decrypt_element (struct DecryptSession *ds) |
1991 | { | 2086 | { |
1992 | struct GNUNET_SECRETSHARING_DecryptData d; | 2087 | struct GNUNET_SECRETSHARING_DecryptData d; |
1993 | struct GNUNET_SET_Element element; | 2088 | struct GNUNET_SET_Element element; |
@@ -2005,100 +2100,113 @@ insert_decrypt_element(struct DecryptSession *ds) | |||
2005 | struct GNUNET_HashCode challenge_hash; | 2100 | struct GNUNET_HashCode challenge_hash; |
2006 | 2101 | ||
2007 | /* make vagrind happy until we implement the real deal ... */ | 2102 | /* make vagrind happy until we implement the real deal ... */ |
2008 | memset(&d, 0, sizeof d); | 2103 | memset (&d, 0, sizeof d); |
2009 | 2104 | ||
2010 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n", | 2105 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n", |
2011 | ds->share->my_peer); | 2106 | ds->share->my_peer); |
2012 | 2107 | ||
2013 | GNUNET_assert(ds->share->my_peer < ds->share->num_peers); | 2108 | GNUNET_assert (ds->share->my_peer < ds->share->num_peers); |
2014 | 2109 | ||
2015 | GNUNET_CRYPTO_mpi_scan_unsigned(&c1, &ds->ciphertext.c1_bits, | 2110 | GNUNET_CRYPTO_mpi_scan_unsigned (&c1, &ds->ciphertext.c1_bits, |
2016 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 2111 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
2017 | GNUNET_CRYPTO_mpi_scan_unsigned(&s, &ds->share->my_share, | 2112 | GNUNET_CRYPTO_mpi_scan_unsigned (&s, &ds->share->my_share, |
2018 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 2113 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); |
2019 | GNUNET_CRYPTO_mpi_scan_unsigned(&sigma, &ds->share->sigmas[ds->share->my_peer], | 2114 | GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, |
2020 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | 2115 | &ds->share->sigmas[ds->share->my_peer], |
2116 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); | ||
2021 | 2117 | ||
2022 | GNUNET_assert(NULL != (w = gcry_mpi_new(0))); | 2118 | GNUNET_assert (NULL != (w = gcry_mpi_new (0))); |
2023 | GNUNET_assert(NULL != (beta = gcry_mpi_new(0))); | 2119 | GNUNET_assert (NULL != (beta = gcry_mpi_new (0))); |
2024 | GNUNET_assert(NULL != (tmp = gcry_mpi_new(0))); | 2120 | GNUNET_assert (NULL != (tmp = gcry_mpi_new (0))); |
2025 | 2121 | ||
2026 | // FIXME: unnecessary, remove once crypto works | 2122 | // FIXME: unnecessary, remove once crypto works |
2027 | gcry_mpi_powm(tmp, elgamal_g, s, elgamal_p); | 2123 | gcry_mpi_powm (tmp, elgamal_g, s, elgamal_p); |
2028 | if (0 != gcry_mpi_cmp(tmp, sigma)) | 2124 | if (0 != gcry_mpi_cmp (tmp, sigma)) |
2029 | { | 2125 | { |
2030 | char *sigma_str = mpi_to_str(sigma); | 2126 | char *sigma_str = mpi_to_str (sigma); |
2031 | char *tmp_str = mpi_to_str(tmp); | 2127 | char *tmp_str = mpi_to_str (tmp); |
2032 | char *s_str = mpi_to_str(s); | 2128 | char *s_str = mpi_to_str (s); |
2033 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Share of P%u is invalid, ref sigma %s, " | 2129 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2034 | "computed sigma %s, s %s\n", | 2130 | "Share of P%u is invalid, ref sigma %s, " |
2035 | ds->share->my_peer, | 2131 | "computed sigma %s, s %s\n", |
2036 | sigma_str, tmp_str, s_str); | 2132 | ds->share->my_peer, |
2037 | GNUNET_free(sigma_str); | 2133 | sigma_str, tmp_str, s_str); |
2038 | GNUNET_free(tmp_str); | 2134 | GNUNET_free (sigma_str); |
2039 | GNUNET_free(s_str); | 2135 | GNUNET_free (tmp_str); |
2040 | } | 2136 | GNUNET_free (s_str); |
2137 | } | ||
2041 | 2138 | ||
2042 | gcry_mpi_powm(w, c1, s, elgamal_p); | 2139 | gcry_mpi_powm (w, c1, s, elgamal_p); |
2043 | 2140 | ||
2044 | element.data = (void *)&d; | 2141 | element.data = (void *) &d; |
2045 | element.size = sizeof(struct GNUNET_SECRETSHARING_DecryptData); | 2142 | element.size = sizeof(struct GNUNET_SECRETSHARING_DecryptData); |
2046 | element.element_type = 0; | 2143 | element.element_type = 0; |
2047 | 2144 | ||
2048 | d.ciphertext = ds->ciphertext; | 2145 | d.ciphertext = ds->ciphertext; |
2049 | d.peer = my_peer; | 2146 | d.peer = my_peer; |
2050 | GNUNET_CRYPTO_mpi_print_unsigned(&d.partial_decryption, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w); | 2147 | GNUNET_CRYPTO_mpi_print_unsigned (&d.partial_decryption, |
2148 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w); | ||
2051 | 2149 | ||
2052 | // create the zero knowledge proof | 2150 | // create the zero knowledge proof |
2053 | // randomly choose beta such that 0 < beta < q | 2151 | // randomly choose beta such that 0 < beta < q |
2054 | do | 2152 | do |
2055 | { | 2153 | { |
2056 | gcry_mpi_randomize(beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); | 2154 | gcry_mpi_randomize (beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, |
2057 | } | 2155 | GCRY_WEAK_RANDOM); |
2058 | while ((gcry_mpi_cmp_ui(beta, 0) == 0) || (gcry_mpi_cmp(beta, elgamal_q) >= 0)); | 2156 | } |
2157 | while ((gcry_mpi_cmp_ui (beta, 0) == 0) || (gcry_mpi_cmp (beta, elgamal_q) >= | ||
2158 | 0)); | ||
2059 | // tmp = g^beta | 2159 | // tmp = g^beta |
2060 | gcry_mpi_powm(tmp, elgamal_g, beta, elgamal_p); | 2160 | gcry_mpi_powm (tmp, elgamal_g, beta, elgamal_p); |
2061 | GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_commit1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | 2161 | GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit1, |
2162 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | ||
2062 | // tmp = (c_1)^beta | 2163 | // tmp = (c_1)^beta |
2063 | gcry_mpi_powm(tmp, c1, beta, elgamal_p); | 2164 | gcry_mpi_powm (tmp, c1, beta, elgamal_p); |
2064 | GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_commit2, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | 2165 | GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit2, |
2166 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | ||
2065 | 2167 | ||
2066 | // the challenge is the hash of everything up to the response | 2168 | // the challenge is the hash of everything up to the response |
2067 | GNUNET_CRYPTO_hash(offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *)&d, | 2169 | GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, |
2068 | offsetof(struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - | 2170 | ciphertext) + (char *) &d, |
2069 | offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext), | 2171 | offsetof (struct GNUNET_SECRETSHARING_DecryptData, |
2070 | &challenge_hash); | 2172 | nizk_response) |
2173 | - offsetof (struct GNUNET_SECRETSHARING_DecryptData, | ||
2174 | ciphertext), | ||
2175 | &challenge_hash); | ||
2071 | 2176 | ||
2072 | GNUNET_CRYPTO_mpi_scan_unsigned(&challenge, &challenge_hash, | 2177 | GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash, |
2073 | sizeof(struct GNUNET_HashCode)); | 2178 | sizeof(struct GNUNET_HashCode)); |
2074 | 2179 | ||
2075 | // compute the response in tmp, | 2180 | // compute the response in tmp, |
2076 | // tmp = (c * s + beta) mod q | 2181 | // tmp = (c * s + beta) mod q |
2077 | gcry_mpi_mulm(tmp, challenge, s, elgamal_q); | 2182 | gcry_mpi_mulm (tmp, challenge, s, elgamal_q); |
2078 | gcry_mpi_addm(tmp, tmp, beta, elgamal_q); | 2183 | gcry_mpi_addm (tmp, tmp, beta, elgamal_q); |
2079 | 2184 | ||
2080 | GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_response, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | 2185 | GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_response, |
2081 | 2186 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | |
2082 | d.purpose.size = htonl(element.size - offsetof(struct GNUNET_SECRETSHARING_DecryptData, purpose)); | 2187 | |
2083 | d.purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); | 2188 | d.purpose.size = htonl (element.size - offsetof (struct |
2084 | 2189 | GNUNET_SECRETSHARING_DecryptData, | |
2085 | GNUNET_assert(GNUNET_OK == | 2190 | purpose)); |
2086 | GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, | 2191 | d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); |
2087 | &d.purpose, | 2192 | |
2088 | &d.signature)); | 2193 | GNUNET_assert (GNUNET_OK == |
2089 | 2194 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, | |
2090 | GNUNET_CONSENSUS_insert(ds->consensus, &element, NULL, NULL); | 2195 | &d.purpose, |
2091 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 2196 | &d.signature)); |
2092 | "P%u: Inserting decrypt element done!\n", | 2197 | |
2093 | ds->share->my_peer); | 2198 | GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); |
2094 | 2199 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | |
2095 | gcry_mpi_release(s); | 2200 | "P%u: Inserting decrypt element done!\n", |
2096 | gcry_mpi_release(w); | 2201 | ds->share->my_peer); |
2097 | gcry_mpi_release(c1); | 2202 | |
2098 | gcry_mpi_release(beta); | 2203 | gcry_mpi_release (s); |
2099 | gcry_mpi_release(tmp); | 2204 | gcry_mpi_release (w); |
2100 | gcry_mpi_release(challenge); | 2205 | gcry_mpi_release (c1); |
2101 | gcry_mpi_release(sigma); | 2206 | gcry_mpi_release (beta); |
2207 | gcry_mpi_release (tmp); | ||
2208 | gcry_mpi_release (challenge); | ||
2209 | gcry_mpi_release (sigma); | ||
2102 | } | 2210 | } |
2103 | 2211 | ||
2104 | 2212 | ||
@@ -2110,8 +2218,9 @@ insert_decrypt_element(struct DecryptSession *ds) | |||
2110 | * @return #GNUNET_OK (check deferred a bit) | 2218 | * @return #GNUNET_OK (check deferred a bit) |
2111 | */ | 2219 | */ |
2112 | static int | 2220 | static int |
2113 | check_client_decrypt(void *cls, | 2221 | check_client_decrypt (void *cls, |
2114 | const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) | 2222 | const struct |
2223 | GNUNET_SECRETSHARING_DecryptRequestMessage *msg) | ||
2115 | { | 2224 | { |
2116 | /* we check later, it's complicated */ | 2225 | /* we check later, it's complicated */ |
2117 | return GNUNET_OK; | 2226 | return GNUNET_OK; |
@@ -2126,77 +2235,82 @@ check_client_decrypt(void *cls, | |||
2126 | * @param msg the actual message | 2235 | * @param msg the actual message |
2127 | */ | 2236 | */ |
2128 | static void | 2237 | static void |
2129 | handle_client_decrypt(void *cls, | 2238 | handle_client_decrypt (void *cls, |
2130 | const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) | 2239 | const struct |
2240 | GNUNET_SECRETSHARING_DecryptRequestMessage *msg) | ||
2131 | { | 2241 | { |
2132 | struct ClientState *cs = cls; | 2242 | struct ClientState *cs = cls; |
2133 | struct DecryptSession *ds; | 2243 | struct DecryptSession *ds; |
2134 | struct GNUNET_HashCode session_id; | 2244 | struct GNUNET_HashCode session_id; |
2135 | 2245 | ||
2136 | if (NULL != cs->decrypt_session) | 2246 | if (NULL != cs->decrypt_session) |
2137 | { | 2247 | { |
2138 | GNUNET_break(0); | 2248 | GNUNET_break (0); |
2139 | GNUNET_SERVICE_client_drop(cs->client); | 2249 | GNUNET_SERVICE_client_drop (cs->client); |
2140 | return; | 2250 | return; |
2141 | } | 2251 | } |
2142 | ds = GNUNET_new(struct DecryptSession); | 2252 | ds = GNUNET_new (struct DecryptSession); |
2143 | cs->decrypt_session = ds; | 2253 | cs->decrypt_session = ds; |
2144 | ds->cs = cs; | 2254 | ds->cs = cs; |
2145 | ds->start = GNUNET_TIME_absolute_ntoh(msg->start); | 2255 | ds->start = GNUNET_TIME_absolute_ntoh (msg->start); |
2146 | ds->deadline = GNUNET_TIME_absolute_ntoh(msg->deadline); | 2256 | ds->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline); |
2147 | ds->ciphertext = msg->ciphertext; | 2257 | ds->ciphertext = msg->ciphertext; |
2148 | 2258 | ||
2149 | ds->share = GNUNET_SECRETSHARING_share_read(&msg[1], | 2259 | ds->share = GNUNET_SECRETSHARING_share_read (&msg[1], |
2150 | ntohs(msg->header.size) - sizeof(*msg), | 2260 | ntohs (msg->header.size) |
2151 | NULL); | 2261 | - sizeof(*msg), |
2262 | NULL); | ||
2152 | if (NULL == ds->share) | 2263 | if (NULL == ds->share) |
2153 | { | 2264 | { |
2154 | GNUNET_break(0); | 2265 | GNUNET_break (0); |
2155 | GNUNET_SERVICE_client_drop(cs->client); | 2266 | GNUNET_SERVICE_client_drop (cs->client); |
2156 | return; | 2267 | return; |
2157 | } | 2268 | } |
2158 | 2269 | ||
2159 | /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */ | 2270 | /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */ |
2160 | GNUNET_CRYPTO_hash(&msg->ciphertext, | 2271 | GNUNET_CRYPTO_hash (&msg->ciphertext, |
2161 | sizeof(struct GNUNET_SECRETSHARING_Ciphertext), | 2272 | sizeof(struct GNUNET_SECRETSHARING_Ciphertext), |
2162 | &session_id); | 2273 | &session_id); |
2163 | ds->consensus = GNUNET_CONSENSUS_create(cfg, | 2274 | ds->consensus = GNUNET_CONSENSUS_create (cfg, |
2164 | ds->share->num_peers, | 2275 | ds->share->num_peers, |
2165 | ds->share->peers, | 2276 | ds->share->peers, |
2166 | &session_id, | 2277 | &session_id, |
2167 | ds->start, | 2278 | ds->start, |
2168 | ds->deadline, | 2279 | ds->deadline, |
2169 | &decrypt_new_element, | 2280 | &decrypt_new_element, |
2170 | ds); | 2281 | ds); |
2171 | 2282 | ||
2172 | 2283 | ||
2173 | ds->info = GNUNET_new_array(ds->share->num_peers, | 2284 | ds->info = GNUNET_new_array (ds->share->num_peers, |
2174 | struct DecryptPeerInfo); | 2285 | struct DecryptPeerInfo); |
2175 | for (unsigned int i = 0; i < ds->share->num_peers; i++) | 2286 | for (unsigned int i = 0; i < ds->share->num_peers; i++) |
2176 | { | 2287 | { |
2177 | ds->info[i].peer = ds->share->peers[i]; | 2288 | ds->info[i].peer = ds->share->peers[i]; |
2178 | ds->info[i].original_index = ds->share->original_indices[i]; | 2289 | ds->info[i].original_index = ds->share->original_indices[i]; |
2179 | } | 2290 | } |
2180 | insert_decrypt_element(ds); | 2291 | insert_decrypt_element (ds); |
2181 | GNUNET_CONSENSUS_conclude(ds->consensus, | 2292 | GNUNET_CONSENSUS_conclude (ds->consensus, |
2182 | decrypt_conclude, | 2293 | decrypt_conclude, |
2183 | ds); | 2294 | ds); |
2184 | GNUNET_SERVICE_client_continue(cs->client); | 2295 | GNUNET_SERVICE_client_continue (cs->client); |
2185 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 2296 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
2186 | "decrypting with %u peers\n", | 2297 | "decrypting with %u peers\n", |
2187 | ds->share->num_peers); | 2298 | ds->share->num_peers); |
2188 | } | 2299 | } |
2189 | 2300 | ||
2190 | 2301 | ||
2191 | static void | 2302 | static void |
2192 | init_crypto_constants(void) | 2303 | init_crypto_constants (void) |
2193 | { | 2304 | { |
2194 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_q, GCRYMPI_FMT_HEX, | 2305 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX, |
2195 | GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL)); | 2306 | GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, |
2196 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_p, GCRYMPI_FMT_HEX, | 2307 | NULL)); |
2197 | GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL)); | 2308 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX, |
2198 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_g, GCRYMPI_FMT_HEX, | 2309 | GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, |
2199 | GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL)); | 2310 | NULL)); |
2311 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX, | ||
2312 | GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, | ||
2313 | NULL)); | ||
2200 | } | 2314 | } |
2201 | 2315 | ||
2202 | 2316 | ||
@@ -2208,33 +2322,33 @@ init_crypto_constants(void) | |||
2208 | * @param service the initialized service | 2322 | * @param service the initialized service |
2209 | */ | 2323 | */ |
2210 | static void | 2324 | static void |
2211 | run(void *cls, | 2325 | run (void *cls, |
2212 | const struct GNUNET_CONFIGURATION_Handle *c, | 2326 | const struct GNUNET_CONFIGURATION_Handle *c, |
2213 | struct GNUNET_SERVICE_Handle *service) | 2327 | struct GNUNET_SERVICE_Handle *service) |
2214 | { | 2328 | { |
2215 | cfg = c; | 2329 | cfg = c; |
2216 | my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration(c); | 2330 | my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (c); |
2217 | if (NULL == my_peer_private_key) | 2331 | if (NULL == my_peer_private_key) |
2218 | { | 2332 | { |
2219 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 2333 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2220 | "could not access host private key\n"); | 2334 | "could not access host private key\n"); |
2221 | GNUNET_break(0); | 2335 | GNUNET_break (0); |
2222 | GNUNET_SCHEDULER_shutdown(); | 2336 | GNUNET_SCHEDULER_shutdown (); |
2223 | return; | 2337 | return; |
2224 | } | 2338 | } |
2225 | init_crypto_constants(); | 2339 | init_crypto_constants (); |
2226 | if (GNUNET_OK != | 2340 | if (GNUNET_OK != |
2227 | GNUNET_CRYPTO_get_peer_identity(cfg, | 2341 | GNUNET_CRYPTO_get_peer_identity (cfg, |
2228 | &my_peer)) | 2342 | &my_peer)) |
2229 | { | 2343 | { |
2230 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, | 2344 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2231 | "could not retrieve host identity\n"); | 2345 | "could not retrieve host identity\n"); |
2232 | GNUNET_break(0); | 2346 | GNUNET_break (0); |
2233 | GNUNET_SCHEDULER_shutdown(); | 2347 | GNUNET_SCHEDULER_shutdown (); |
2234 | return; | 2348 | return; |
2235 | } | 2349 | } |
2236 | GNUNET_SCHEDULER_add_shutdown(&cleanup_task, | 2350 | GNUNET_SCHEDULER_add_shutdown (&cleanup_task, |
2237 | NULL); | 2351 | NULL); |
2238 | } | 2352 | } |
2239 | 2353 | ||
2240 | 2354 | ||
@@ -2247,11 +2361,11 @@ run(void *cls, | |||
2247 | * @return @a c | 2361 | * @return @a c |
2248 | */ | 2362 | */ |
2249 | static void * | 2363 | static void * |
2250 | client_connect_cb(void *cls, | 2364 | client_connect_cb (void *cls, |
2251 | struct GNUNET_SERVICE_Client *c, | 2365 | struct GNUNET_SERVICE_Client *c, |
2252 | struct GNUNET_MQ_Handle *mq) | 2366 | struct GNUNET_MQ_Handle *mq) |
2253 | { | 2367 | { |
2254 | struct ClientState *cs = GNUNET_new(struct ClientState);; | 2368 | struct ClientState *cs = GNUNET_new (struct ClientState);; |
2255 | 2369 | ||
2256 | cs->client = c; | 2370 | cs->client = c; |
2257 | cs->mq = mq; | 2371 | cs->mq = mq; |
@@ -2267,18 +2381,18 @@ client_connect_cb(void *cls, | |||
2267 | * @param internal_cls should be equal to @a c | 2381 | * @param internal_cls should be equal to @a c |
2268 | */ | 2382 | */ |
2269 | static void | 2383 | static void |
2270 | client_disconnect_cb(void *cls, | 2384 | client_disconnect_cb (void *cls, |
2271 | struct GNUNET_SERVICE_Client *c, | 2385 | struct GNUNET_SERVICE_Client *c, |
2272 | void *internal_cls) | 2386 | void *internal_cls) |
2273 | { | 2387 | { |
2274 | struct ClientState *cs = internal_cls; | 2388 | struct ClientState *cs = internal_cls; |
2275 | 2389 | ||
2276 | if (NULL != cs->keygen_session) | 2390 | if (NULL != cs->keygen_session) |
2277 | keygen_session_destroy(cs->keygen_session); | 2391 | keygen_session_destroy (cs->keygen_session); |
2278 | 2392 | ||
2279 | if (NULL != cs->decrypt_session) | 2393 | if (NULL != cs->decrypt_session) |
2280 | decrypt_session_destroy(cs->decrypt_session); | 2394 | decrypt_session_destroy (cs->decrypt_session); |
2281 | GNUNET_free(cs); | 2395 | GNUNET_free (cs); |
2282 | } | 2396 | } |
2283 | 2397 | ||
2284 | 2398 | ||
@@ -2292,12 +2406,12 @@ GNUNET_SERVICE_MAIN | |||
2292 | &client_connect_cb, | 2406 | &client_connect_cb, |
2293 | &client_disconnect_cb, | 2407 | &client_disconnect_cb, |
2294 | NULL, | 2408 | NULL, |
2295 | GNUNET_MQ_hd_var_size(client_keygen, | 2409 | GNUNET_MQ_hd_var_size (client_keygen, |
2296 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, | 2410 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, |
2297 | struct GNUNET_SECRETSHARING_CreateMessage, | 2411 | struct GNUNET_SECRETSHARING_CreateMessage, |
2298 | NULL), | 2412 | NULL), |
2299 | GNUNET_MQ_hd_var_size(client_decrypt, | 2413 | GNUNET_MQ_hd_var_size (client_decrypt, |
2300 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, | 2414 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, |
2301 | struct GNUNET_SECRETSHARING_DecryptRequestMessage, | 2415 | struct GNUNET_SECRETSHARING_DecryptRequestMessage, |
2302 | NULL), | 2416 | NULL), |
2303 | GNUNET_MQ_handler_end()); | 2417 | GNUNET_MQ_handler_end ()); |
diff --git a/src/secretsharing/secretsharing.h b/src/secretsharing/secretsharing.h index 98b7b9a94..01d7dcf6b 100644 --- a/src/secretsharing/secretsharing.h +++ b/src/secretsharing/secretsharing.h | |||
@@ -35,7 +35,8 @@ | |||
35 | 35 | ||
36 | GNUNET_NETWORK_STRUCT_BEGIN | 36 | GNUNET_NETWORK_STRUCT_BEGIN |
37 | 37 | ||
38 | struct GNUNET_SECRETSHARING_FieldElement { | 38 | struct GNUNET_SECRETSHARING_FieldElement |
39 | { | ||
39 | /** | 40 | /** |
40 | * Value of an element in <elgamal_g>. | 41 | * Value of an element in <elgamal_g>. |
41 | */ | 42 | */ |
@@ -43,7 +44,8 @@ struct GNUNET_SECRETSHARING_FieldElement { | |||
43 | }; | 44 | }; |
44 | 45 | ||
45 | 46 | ||
46 | struct GNUNET_SECRETSHARING_CreateMessage { | 47 | struct GNUNET_SECRETSHARING_CreateMessage |
48 | { | ||
47 | /** | 49 | /** |
48 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE | 50 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE |
49 | */ | 51 | */ |
@@ -80,7 +82,8 @@ struct GNUNET_SECRETSHARING_CreateMessage { | |||
80 | 82 | ||
81 | 83 | ||
82 | 84 | ||
83 | struct GNUNET_SECRETSHARING_ShareHeaderNBO { | 85 | struct GNUNET_SECRETSHARING_ShareHeaderNBO |
86 | { | ||
84 | /** | 87 | /** |
85 | * Threshold for the key this share belongs to. | 88 | * Threshold for the key this share belongs to. |
86 | */ | 89 | */ |
@@ -113,7 +116,8 @@ struct GNUNET_SECRETSHARING_ShareHeaderNBO { | |||
113 | * Notify the client that then threshold secret has been | 116 | * Notify the client that then threshold secret has been |
114 | * established. | 117 | * established. |
115 | */ | 118 | */ |
116 | struct GNUNET_SECRETSHARING_SecretReadyMessage { | 119 | struct GNUNET_SECRETSHARING_SecretReadyMessage |
120 | { | ||
117 | /** | 121 | /** |
118 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY | 122 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY |
119 | */ | 123 | */ |
@@ -123,7 +127,8 @@ struct GNUNET_SECRETSHARING_SecretReadyMessage { | |||
123 | }; | 127 | }; |
124 | 128 | ||
125 | 129 | ||
126 | struct GNUNET_SECRETSHARING_DecryptRequestMessage { | 130 | struct GNUNET_SECRETSHARING_DecryptRequestMessage |
131 | { | ||
127 | /** | 132 | /** |
128 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_REQUEST | 133 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_REQUEST |
129 | */ | 134 | */ |
@@ -148,7 +153,8 @@ struct GNUNET_SECRETSHARING_DecryptRequestMessage { | |||
148 | }; | 153 | }; |
149 | 154 | ||
150 | 155 | ||
151 | struct GNUNET_SECRETSHARING_DecryptResponseMessage { | 156 | struct GNUNET_SECRETSHARING_DecryptResponseMessage |
157 | { | ||
152 | /** | 158 | /** |
153 | * Type: #GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE | 159 | * Type: #GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE |
154 | */ | 160 | */ |
@@ -173,7 +179,8 @@ GNUNET_NETWORK_STRUCT_END | |||
173 | /** | 179 | /** |
174 | * A share, with all values in in host byte order. | 180 | * A share, with all values in in host byte order. |
175 | */ | 181 | */ |
176 | struct GNUNET_SECRETSHARING_Share { | 182 | struct GNUNET_SECRETSHARING_Share |
183 | { | ||
177 | /** | 184 | /** |
178 | * Threshold for the key this share belongs to. | 185 | * Threshold for the key this share belongs to. |
179 | */ | 186 | */ |
diff --git a/src/secretsharing/secretsharing_api.c b/src/secretsharing/secretsharing_api.c index da9e14d1e..4e35bf87a 100644 --- a/src/secretsharing/secretsharing_api.c +++ b/src/secretsharing/secretsharing_api.c | |||
@@ -30,13 +30,14 @@ | |||
30 | #include <gcrypt.h> | 30 | #include <gcrypt.h> |
31 | 31 | ||
32 | 32 | ||
33 | #define LOG(kind, ...) GNUNET_log_from(kind, "secretsharing-api", __VA_ARGS__) | 33 | #define LOG(kind, ...) GNUNET_log_from (kind, "secretsharing-api", __VA_ARGS__) |
34 | 34 | ||
35 | /** | 35 | /** |
36 | * Session that will eventually establish a shared secred between | 36 | * Session that will eventually establish a shared secred between |
37 | * the involved peers and allow encryption and cooperative decryption. | 37 | * the involved peers and allow encryption and cooperative decryption. |
38 | */ | 38 | */ |
39 | struct GNUNET_SECRETSHARING_Session { | 39 | struct GNUNET_SECRETSHARING_Session |
40 | { | ||
40 | /** | 41 | /** |
41 | * Message queue for @e client. | 42 | * Message queue for @e client. |
42 | */ | 43 | */ |
@@ -57,7 +58,8 @@ struct GNUNET_SECRETSHARING_Session { | |||
57 | /** | 58 | /** |
58 | * Handle to cancel a cooperative decryption operation. | 59 | * Handle to cancel a cooperative decryption operation. |
59 | */ | 60 | */ |
60 | struct GNUNET_SECRETSHARING_DecryptionHandle { | 61 | struct GNUNET_SECRETSHARING_DecryptionHandle |
62 | { | ||
61 | /** | 63 | /** |
62 | * Message queue for @e client. | 64 | * Message queue for @e client. |
63 | */ | 65 | */ |
@@ -98,17 +100,20 @@ static gcry_mpi_t elgamal_g; | |||
98 | * Function to initialize #elgamal_q, #elgamal_p and #elgamal_g. | 100 | * Function to initialize #elgamal_q, #elgamal_p and #elgamal_g. |
99 | */ | 101 | */ |
100 | static void | 102 | static void |
101 | ensure_elgamal_initialized(void) | 103 | ensure_elgamal_initialized (void) |
102 | { | 104 | { |
103 | if (NULL != elgamal_q) | 105 | if (NULL != elgamal_q) |
104 | return; /* looks like crypto is already initialized */ | 106 | return; /* looks like crypto is already initialized */ |
105 | 107 | ||
106 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_q, GCRYMPI_FMT_HEX, | 108 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX, |
107 | GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL)); | 109 | GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, |
108 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_p, GCRYMPI_FMT_HEX, | 110 | NULL)); |
109 | GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL)); | 111 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX, |
110 | GNUNET_assert(0 == gcry_mpi_scan(&elgamal_g, GCRYMPI_FMT_HEX, | 112 | GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, |
111 | GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL)); | 113 | NULL)); |
114 | GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX, | ||
115 | GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, | ||
116 | NULL)); | ||
112 | } | 117 | } |
113 | 118 | ||
114 | 119 | ||
@@ -120,13 +125,13 @@ ensure_elgamal_initialized(void) | |||
120 | * @param error error code | 125 | * @param error error code |
121 | */ | 126 | */ |
122 | static void | 127 | static void |
123 | handle_session_client_error(void *cls, | 128 | handle_session_client_error (void *cls, |
124 | enum GNUNET_MQ_Error error) | 129 | enum GNUNET_MQ_Error error) |
125 | { | 130 | { |
126 | struct GNUNET_SECRETSHARING_Session *s = cls; | 131 | struct GNUNET_SECRETSHARING_Session *s = cls; |
127 | 132 | ||
128 | s->secret_ready_cb(s->secret_ready_cls, NULL, NULL, 0, NULL); | 133 | s->secret_ready_cb (s->secret_ready_cls, NULL, NULL, 0, NULL); |
129 | GNUNET_SECRETSHARING_session_destroy(s); | 134 | GNUNET_SECRETSHARING_session_destroy (s); |
130 | } | 135 | } |
131 | 136 | ||
132 | 137 | ||
@@ -138,13 +143,13 @@ handle_session_client_error(void *cls, | |||
138 | * @param error error code | 143 | * @param error error code |
139 | */ | 144 | */ |
140 | static void | 145 | static void |
141 | handle_decrypt_client_error(void *cls, | 146 | handle_decrypt_client_error (void *cls, |
142 | enum GNUNET_MQ_Error error) | 147 | enum GNUNET_MQ_Error error) |
143 | { | 148 | { |
144 | struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls; | 149 | struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls; |
145 | 150 | ||
146 | dh->decrypt_cb(dh->decrypt_cls, NULL); | 151 | dh->decrypt_cb (dh->decrypt_cls, NULL); |
147 | GNUNET_SECRETSHARING_decrypt_cancel(dh); | 152 | GNUNET_SECRETSHARING_decrypt_cancel (dh); |
148 | } | 153 | } |
149 | 154 | ||
150 | 155 | ||
@@ -157,8 +162,8 @@ handle_decrypt_client_error(void *cls, | |||
157 | * @param m message with the result | 162 | * @param m message with the result |
158 | */ | 163 | */ |
159 | static int | 164 | static int |
160 | check_secret_ready(void *cls, | 165 | check_secret_ready (void *cls, |
161 | const struct GNUNET_SECRETSHARING_SecretReadyMessage *m) | 166 | const struct GNUNET_SECRETSHARING_SecretReadyMessage *m) |
162 | { | 167 | { |
163 | /* FIXME: actually check m is well-formed here! */ | 168 | /* FIXME: actually check m is well-formed here! */ |
164 | return GNUNET_OK; | 169 | return GNUNET_OK; |
@@ -174,32 +179,33 @@ check_secret_ready(void *cls, | |||
174 | * @param m message with the result | 179 | * @param m message with the result |
175 | */ | 180 | */ |
176 | static void | 181 | static void |
177 | handle_secret_ready(void *cls, | 182 | handle_secret_ready (void *cls, |
178 | const struct GNUNET_SECRETSHARING_SecretReadyMessage *m) | 183 | const struct GNUNET_SECRETSHARING_SecretReadyMessage *m) |
179 | { | 184 | { |
180 | struct GNUNET_SECRETSHARING_Session *s = cls; | 185 | struct GNUNET_SECRETSHARING_Session *s = cls; |
181 | struct GNUNET_SECRETSHARING_Share *share; | 186 | struct GNUNET_SECRETSHARING_Share *share; |
182 | size_t share_size; | 187 | size_t share_size; |
183 | 188 | ||
184 | LOG(GNUNET_ERROR_TYPE_DEBUG, | 189 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
185 | "Got secret ready message of size %u\n", | 190 | "Got secret ready message of size %u\n", |
186 | ntohs(m->header.size)); | 191 | ntohs (m->header.size)); |
187 | share_size = ntohs(m->header.size) - sizeof(struct GNUNET_SECRETSHARING_SecretReadyMessage); | 192 | share_size = ntohs (m->header.size) - sizeof(struct |
193 | GNUNET_SECRETSHARING_SecretReadyMessage); | ||
188 | 194 | ||
189 | share = GNUNET_SECRETSHARING_share_read(&m[1], | 195 | share = GNUNET_SECRETSHARING_share_read (&m[1], |
190 | share_size, | 196 | share_size, |
191 | NULL); | 197 | NULL); |
192 | GNUNET_assert(NULL != share); // FIXME: this can fail! | 198 | GNUNET_assert (NULL != share); // FIXME: this can fail! |
193 | // should have been checked in #check_secret_ready! | 199 | // should have been checked in #check_secret_ready! |
194 | // FIXME: below we never check &m[1] is valid! | 200 | // FIXME: below we never check &m[1] is valid! |
195 | // FIXME: do we leak 'share' here? | 201 | // FIXME: do we leak 'share' here? |
196 | s->secret_ready_cb(s->secret_ready_cls, | 202 | s->secret_ready_cb (s->secret_ready_cls, |
197 | share, /* FIXME */ | 203 | share, /* FIXME */ |
198 | &share->public_key, | 204 | &share->public_key, |
199 | share->num_peers, | 205 | share->num_peers, |
200 | (const struct GNUNET_PeerIdentity *)&m[1]); | 206 | (const struct GNUNET_PeerIdentity *) &m[1]); |
201 | 207 | ||
202 | GNUNET_SECRETSHARING_session_destroy(s); | 208 | GNUNET_SECRETSHARING_session_destroy (s); |
203 | } | 209 | } |
204 | 210 | ||
205 | 211 | ||
@@ -210,11 +216,11 @@ handle_secret_ready(void *cls, | |||
210 | * @param s session to destroy | 216 | * @param s session to destroy |
211 | */ | 217 | */ |
212 | void | 218 | void |
213 | GNUNET_SECRETSHARING_session_destroy(struct GNUNET_SECRETSHARING_Session *s) | 219 | GNUNET_SECRETSHARING_session_destroy (struct GNUNET_SECRETSHARING_Session *s) |
214 | { | 220 | { |
215 | GNUNET_MQ_destroy(s->mq); | 221 | GNUNET_MQ_destroy (s->mq); |
216 | s->mq = NULL; | 222 | s->mq = NULL; |
217 | GNUNET_free(s); | 223 | GNUNET_free (s); |
218 | } | 224 | } |
219 | 225 | ||
220 | 226 | ||
@@ -235,65 +241,68 @@ GNUNET_SECRETSHARING_session_destroy(struct GNUNET_SECRETSHARING_Session *s) | |||
235 | * @param cls closure for @a cb | 241 | * @param cls closure for @a cb |
236 | */ | 242 | */ |
237 | struct GNUNET_SECRETSHARING_Session * | 243 | struct GNUNET_SECRETSHARING_Session * |
238 | GNUNET_SECRETSHARING_create_session(const struct GNUNET_CONFIGURATION_Handle *cfg, | 244 | GNUNET_SECRETSHARING_create_session (const struct |
239 | unsigned int num_peers, | 245 | GNUNET_CONFIGURATION_Handle *cfg, |
240 | const struct GNUNET_PeerIdentity *peers, | 246 | unsigned int num_peers, |
241 | const struct GNUNET_HashCode *session_id, | 247 | const struct GNUNET_PeerIdentity *peers, |
242 | struct GNUNET_TIME_Absolute start, | 248 | const struct GNUNET_HashCode *session_id, |
243 | struct GNUNET_TIME_Absolute deadline, | 249 | struct GNUNET_TIME_Absolute start, |
244 | unsigned int threshold, | 250 | struct GNUNET_TIME_Absolute deadline, |
245 | GNUNET_SECRETSHARING_SecretReadyCallback cb, | 251 | unsigned int threshold, |
246 | void *cls) | 252 | GNUNET_SECRETSHARING_SecretReadyCallback cb, |
253 | void *cls) | ||
247 | { | 254 | { |
248 | struct GNUNET_SECRETSHARING_Session *s | 255 | struct GNUNET_SECRETSHARING_Session *s |
249 | = GNUNET_new(struct GNUNET_SECRETSHARING_Session); | 256 | = GNUNET_new (struct GNUNET_SECRETSHARING_Session); |
250 | struct GNUNET_MQ_MessageHandler mq_handlers[] = { | 257 | struct GNUNET_MQ_MessageHandler mq_handlers[] = { |
251 | GNUNET_MQ_hd_var_size(secret_ready, | 258 | GNUNET_MQ_hd_var_size (secret_ready, |
252 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY, | 259 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY, |
253 | struct GNUNET_SECRETSHARING_SecretReadyMessage, | 260 | struct GNUNET_SECRETSHARING_SecretReadyMessage, |
254 | s), | 261 | s), |
255 | GNUNET_MQ_handler_end() | 262 | GNUNET_MQ_handler_end () |
256 | }; | 263 | }; |
257 | struct GNUNET_MQ_Envelope *ev; | 264 | struct GNUNET_MQ_Envelope *ev; |
258 | struct GNUNET_SECRETSHARING_CreateMessage *msg; | 265 | struct GNUNET_SECRETSHARING_CreateMessage *msg; |
259 | 266 | ||
260 | s->mq = GNUNET_CLIENT_connect(cfg, | 267 | s->mq = GNUNET_CLIENT_connect (cfg, |
261 | "secretsharing", | 268 | "secretsharing", |
262 | mq_handlers, | 269 | mq_handlers, |
263 | &handle_session_client_error, | 270 | &handle_session_client_error, |
264 | s); | 271 | s); |
265 | if (NULL == s->mq) | 272 | if (NULL == s->mq) |
266 | { | 273 | { |
267 | /* secretsharing not configured correctly */ | 274 | /* secretsharing not configured correctly */ |
268 | GNUNET_break(0); | 275 | GNUNET_break (0); |
269 | GNUNET_free(s); | 276 | GNUNET_free (s); |
270 | return NULL; | 277 | return NULL; |
271 | } | 278 | } |
272 | s->secret_ready_cb = cb; | 279 | s->secret_ready_cb = cb; |
273 | s->secret_ready_cls = cls; | 280 | s->secret_ready_cls = cls; |
274 | ev = GNUNET_MQ_msg_extra(msg, | 281 | ev = GNUNET_MQ_msg_extra (msg, |
275 | num_peers * sizeof(struct GNUNET_PeerIdentity), | 282 | num_peers * sizeof(struct GNUNET_PeerIdentity), |
276 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE); | 283 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE); |
277 | 284 | ||
278 | msg->threshold = htons(threshold); | 285 | msg->threshold = htons (threshold); |
279 | msg->num_peers = htons(num_peers); | 286 | msg->num_peers = htons (num_peers); |
280 | msg->session_id = *session_id; | 287 | msg->session_id = *session_id; |
281 | msg->start = GNUNET_TIME_absolute_hton(start); | 288 | msg->start = GNUNET_TIME_absolute_hton (start); |
282 | msg->deadline = GNUNET_TIME_absolute_hton(deadline); | 289 | msg->deadline = GNUNET_TIME_absolute_hton (deadline); |
283 | GNUNET_memcpy(&msg[1], peers, num_peers * sizeof(struct GNUNET_PeerIdentity)); | 290 | GNUNET_memcpy (&msg[1], peers, num_peers * sizeof(struct |
291 | GNUNET_PeerIdentity)); | ||
284 | 292 | ||
285 | GNUNET_MQ_send(s->mq, ev); | 293 | GNUNET_MQ_send (s->mq, ev); |
286 | 294 | ||
287 | LOG(GNUNET_ERROR_TYPE_DEBUG, | 295 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
288 | "Secretsharing session created with %u peers\n", | 296 | "Secretsharing session created with %u peers\n", |
289 | num_peers); | 297 | num_peers); |
290 | return s; | 298 | return s; |
291 | } | 299 | } |
292 | 300 | ||
293 | 301 | ||
294 | static void | 302 | static void |
295 | handle_decrypt_done(void *cls, | 303 | handle_decrypt_done (void *cls, |
296 | const struct GNUNET_SECRETSHARING_DecryptResponseMessage *m) | 304 | const struct |
305 | GNUNET_SECRETSHARING_DecryptResponseMessage *m) | ||
297 | { | 306 | { |
298 | struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls; | 307 | struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls; |
299 | const struct GNUNET_SECRETSHARING_Plaintext *plaintext; | 308 | const struct GNUNET_SECRETSHARING_Plaintext *plaintext; |
@@ -301,9 +310,9 @@ handle_decrypt_done(void *cls, | |||
301 | if (m->success == 0) | 310 | if (m->success == 0) |
302 | plaintext = NULL; | 311 | plaintext = NULL; |
303 | else | 312 | else |
304 | plaintext = (void *)&m->plaintext; | 313 | plaintext = (void *) &m->plaintext; |
305 | dh->decrypt_cb(dh->decrypt_cls, plaintext); | 314 | dh->decrypt_cb (dh->decrypt_cls, plaintext); |
306 | GNUNET_SECRETSHARING_decrypt_cancel(dh); | 315 | GNUNET_SECRETSHARING_decrypt_cancel (dh); |
307 | } | 316 | } |
308 | 317 | ||
309 | 318 | ||
@@ -321,22 +330,23 @@ handle_decrypt_done(void *cls, | |||
321 | * @return handle to cancel the operation | 330 | * @return handle to cancel the operation |
322 | */ | 331 | */ |
323 | struct GNUNET_SECRETSHARING_DecryptionHandle * | 332 | struct GNUNET_SECRETSHARING_DecryptionHandle * |
324 | GNUNET_SECRETSHARING_decrypt(const struct GNUNET_CONFIGURATION_Handle *cfg, | 333 | GNUNET_SECRETSHARING_decrypt (const struct GNUNET_CONFIGURATION_Handle *cfg, |
325 | struct GNUNET_SECRETSHARING_Share *share, | 334 | struct GNUNET_SECRETSHARING_Share *share, |
326 | const struct GNUNET_SECRETSHARING_Ciphertext *ciphertext, | 335 | const struct |
327 | struct GNUNET_TIME_Absolute start, | 336 | GNUNET_SECRETSHARING_Ciphertext *ciphertext, |
328 | struct GNUNET_TIME_Absolute deadline, | 337 | struct GNUNET_TIME_Absolute start, |
329 | GNUNET_SECRETSHARING_DecryptCallback decrypt_cb, | 338 | struct GNUNET_TIME_Absolute deadline, |
330 | void *decrypt_cb_cls) | 339 | GNUNET_SECRETSHARING_DecryptCallback decrypt_cb, |
340 | void *decrypt_cb_cls) | ||
331 | { | 341 | { |
332 | struct GNUNET_SECRETSHARING_DecryptionHandle *s | 342 | struct GNUNET_SECRETSHARING_DecryptionHandle *s |
333 | = GNUNET_new(struct GNUNET_SECRETSHARING_DecryptionHandle); | 343 | = GNUNET_new (struct GNUNET_SECRETSHARING_DecryptionHandle); |
334 | struct GNUNET_MQ_MessageHandler mq_handlers[] = { | 344 | struct GNUNET_MQ_MessageHandler mq_handlers[] = { |
335 | GNUNET_MQ_hd_fixed_size(decrypt_done, | 345 | GNUNET_MQ_hd_fixed_size (decrypt_done, |
336 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE, | 346 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE, |
337 | struct GNUNET_SECRETSHARING_DecryptResponseMessage, | 347 | struct GNUNET_SECRETSHARING_DecryptResponseMessage, |
338 | s), | 348 | s), |
339 | GNUNET_MQ_handler_end() | 349 | GNUNET_MQ_handler_end () |
340 | }; | 350 | }; |
341 | struct GNUNET_MQ_Envelope *ev; | 351 | struct GNUNET_MQ_Envelope *ev; |
342 | struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg; | 352 | struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg; |
@@ -344,75 +354,78 @@ GNUNET_SECRETSHARING_decrypt(const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
344 | 354 | ||
345 | s->decrypt_cb = decrypt_cb; | 355 | s->decrypt_cb = decrypt_cb; |
346 | s->decrypt_cls = decrypt_cb_cls; | 356 | s->decrypt_cls = decrypt_cb_cls; |
347 | s->mq = GNUNET_CLIENT_connect(cfg, | 357 | s->mq = GNUNET_CLIENT_connect (cfg, |
348 | "secretsharing", | 358 | "secretsharing", |
349 | mq_handlers, | 359 | mq_handlers, |
350 | &handle_decrypt_client_error, | 360 | &handle_decrypt_client_error, |
351 | s); | 361 | s); |
352 | if (NULL == s->mq) | 362 | if (NULL == s->mq) |
353 | { | 363 | { |
354 | GNUNET_free(s); | 364 | GNUNET_free (s); |
355 | return NULL; | 365 | return NULL; |
356 | } | 366 | } |
357 | GNUNET_assert(GNUNET_OK == | 367 | GNUNET_assert (GNUNET_OK == |
358 | GNUNET_SECRETSHARING_share_write(share, NULL, 0, | 368 | GNUNET_SECRETSHARING_share_write (share, NULL, 0, |
359 | &share_size)); | 369 | &share_size)); |
360 | 370 | ||
361 | ev = GNUNET_MQ_msg_extra(msg, | 371 | ev = GNUNET_MQ_msg_extra (msg, |
362 | share_size, | 372 | share_size, |
363 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT); | 373 | GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT); |
364 | 374 | ||
365 | GNUNET_assert(GNUNET_OK == | 375 | GNUNET_assert (GNUNET_OK == |
366 | GNUNET_SECRETSHARING_share_write(share, | 376 | GNUNET_SECRETSHARING_share_write (share, |
367 | &msg[1], | 377 | &msg[1], |
368 | share_size, | 378 | share_size, |
369 | NULL)); | 379 | NULL)); |
370 | 380 | ||
371 | msg->start = GNUNET_TIME_absolute_hton(start); | 381 | msg->start = GNUNET_TIME_absolute_hton (start); |
372 | msg->deadline = GNUNET_TIME_absolute_hton(deadline); | 382 | msg->deadline = GNUNET_TIME_absolute_hton (deadline); |
373 | msg->ciphertext = *ciphertext; | 383 | msg->ciphertext = *ciphertext; |
374 | 384 | ||
375 | GNUNET_MQ_send(s->mq, ev); | 385 | GNUNET_MQ_send (s->mq, ev); |
376 | 386 | ||
377 | LOG(GNUNET_ERROR_TYPE_DEBUG, | 387 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
378 | "decrypt session created\n"); | 388 | "decrypt session created\n"); |
379 | return s; | 389 | return s; |
380 | } | 390 | } |
381 | 391 | ||
382 | 392 | ||
383 | int | 393 | int |
384 | GNUNET_SECRETSHARING_plaintext_generate_i(struct GNUNET_SECRETSHARING_Plaintext *plaintext, | 394 | GNUNET_SECRETSHARING_plaintext_generate_i (struct |
385 | int64_t exponent) | 395 | GNUNET_SECRETSHARING_Plaintext * |
396 | plaintext, | ||
397 | int64_t exponent) | ||
386 | { | 398 | { |
387 | int negative; | 399 | int negative; |
388 | gcry_mpi_t x; | 400 | gcry_mpi_t x; |
389 | 401 | ||
390 | ensure_elgamal_initialized(); | 402 | ensure_elgamal_initialized (); |
391 | 403 | ||
392 | GNUNET_assert(NULL != (x = gcry_mpi_new(0))); | 404 | GNUNET_assert (NULL != (x = gcry_mpi_new (0))); |
393 | 405 | ||
394 | negative = GNUNET_NO; | 406 | negative = GNUNET_NO; |
395 | if (exponent < 0) | 407 | if (exponent < 0) |
396 | { | 408 | { |
397 | negative = GNUNET_YES; | 409 | negative = GNUNET_YES; |
398 | exponent = -exponent; | 410 | exponent = -exponent; |
399 | } | 411 | } |
400 | 412 | ||
401 | gcry_mpi_set_ui(x, exponent); | 413 | gcry_mpi_set_ui (x, exponent); |
402 | 414 | ||
403 | gcry_mpi_powm(x, elgamal_g, x, elgamal_p); | 415 | gcry_mpi_powm (x, elgamal_g, x, elgamal_p); |
404 | 416 | ||
405 | if (GNUNET_YES == negative) | 417 | if (GNUNET_YES == negative) |
406 | { | 418 | { |
407 | int res; | 419 | int res; |
408 | res = gcry_mpi_invm(x, x, elgamal_p); | 420 | res = gcry_mpi_invm (x, x, elgamal_p); |
409 | if (0 == res) | 421 | if (0 == res) |
410 | return GNUNET_SYSERR; | 422 | return GNUNET_SYSERR; |
411 | } | 423 | } |
412 | 424 | ||
413 | GNUNET_CRYPTO_mpi_print_unsigned(plaintext, | 425 | GNUNET_CRYPTO_mpi_print_unsigned (plaintext, |
414 | sizeof(struct GNUNET_SECRETSHARING_Plaintext), | 426 | sizeof(struct |
415 | x); | 427 | GNUNET_SECRETSHARING_Plaintext), |
428 | x); | ||
416 | 429 | ||
417 | return GNUNET_OK; | 430 | return GNUNET_OK; |
418 | } | 431 | } |
@@ -432,9 +445,12 @@ GNUNET_SECRETSHARING_plaintext_generate_i(struct GNUNET_SECRETSHARING_Plaintext | |||
432 | * @return #GNUNET_YES on succes, #GNUNET_SYSERR if the message is invalid (invalid range) | 445 | * @return #GNUNET_YES on succes, #GNUNET_SYSERR if the message is invalid (invalid range) |
433 | */ | 446 | */ |
434 | int | 447 | int |
435 | GNUNET_SECRETSHARING_encrypt(const struct GNUNET_SECRETSHARING_PublicKey *public_key, | 448 | GNUNET_SECRETSHARING_encrypt (const struct |
436 | const struct GNUNET_SECRETSHARING_Plaintext *plaintext, | 449 | GNUNET_SECRETSHARING_PublicKey *public_key, |
437 | struct GNUNET_SECRETSHARING_Ciphertext *result_ciphertext) | 450 | const struct |
451 | GNUNET_SECRETSHARING_Plaintext *plaintext, | ||
452 | struct GNUNET_SECRETSHARING_Ciphertext * | ||
453 | result_ciphertext) | ||
438 | { | 454 | { |
439 | /* pubkey */ | 455 | /* pubkey */ |
440 | gcry_mpi_t h; | 456 | gcry_mpi_t h; |
@@ -445,36 +461,37 @@ GNUNET_SECRETSHARING_encrypt(const struct GNUNET_SECRETSHARING_PublicKey *public | |||
445 | /* temp value */ | 461 | /* temp value */ |
446 | gcry_mpi_t tmp; | 462 | gcry_mpi_t tmp; |
447 | 463 | ||
448 | ensure_elgamal_initialized(); | 464 | ensure_elgamal_initialized (); |
449 | 465 | ||
450 | GNUNET_assert(NULL != (h = gcry_mpi_new(0))); | 466 | GNUNET_assert (NULL != (h = gcry_mpi_new (0))); |
451 | GNUNET_assert(NULL != (y = gcry_mpi_new(0))); | 467 | GNUNET_assert (NULL != (y = gcry_mpi_new (0))); |
452 | GNUNET_assert(NULL != (tmp = gcry_mpi_new(0))); | 468 | GNUNET_assert (NULL != (tmp = gcry_mpi_new (0))); |
453 | 469 | ||
454 | GNUNET_CRYPTO_mpi_scan_unsigned(&h, public_key, sizeof *public_key); | 470 | GNUNET_CRYPTO_mpi_scan_unsigned (&h, public_key, sizeof *public_key); |
455 | GNUNET_CRYPTO_mpi_scan_unsigned(&m, plaintext, sizeof *plaintext); | 471 | GNUNET_CRYPTO_mpi_scan_unsigned (&m, plaintext, sizeof *plaintext); |
456 | 472 | ||
457 | // Randomize y such that 0 < y < elgamal_q. | 473 | // Randomize y such that 0 < y < elgamal_q. |
458 | // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. | 474 | // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. |
459 | do | 475 | do |
460 | { | 476 | { |
461 | gcry_mpi_randomize(y, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); | 477 | gcry_mpi_randomize (y, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, |
462 | } | 478 | GCRY_WEAK_RANDOM); |
463 | while ((gcry_mpi_cmp_ui(y, 0) == 0) || (gcry_mpi_cmp(y, elgamal_q) >= 0)); | 479 | } |
480 | while ((gcry_mpi_cmp_ui (y, 0) == 0) || (gcry_mpi_cmp (y, elgamal_q) >= 0)); | ||
464 | 481 | ||
465 | // tmp <- g^y | 482 | // tmp <- g^y |
466 | gcry_mpi_powm(tmp, elgamal_g, y, elgamal_p); | 483 | gcry_mpi_powm (tmp, elgamal_g, y, elgamal_p); |
467 | // write tmp to c1 | 484 | // write tmp to c1 |
468 | GNUNET_CRYPTO_mpi_print_unsigned(&result_ciphertext->c1_bits, | 485 | GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c1_bits, |
469 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | 486 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); |
470 | 487 | ||
471 | // tmp <- h^y | 488 | // tmp <- h^y |
472 | gcry_mpi_powm(tmp, h, y, elgamal_p); | 489 | gcry_mpi_powm (tmp, h, y, elgamal_p); |
473 | // tmp <- tmp * m | 490 | // tmp <- tmp * m |
474 | gcry_mpi_mulm(tmp, tmp, m, elgamal_p); | 491 | gcry_mpi_mulm (tmp, tmp, m, elgamal_p); |
475 | // write tmp to c2 | 492 | // write tmp to c2 |
476 | GNUNET_CRYPTO_mpi_print_unsigned(&result_ciphertext->c2_bits, | 493 | GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c2_bits, |
477 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); | 494 | GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); |
478 | 495 | ||
479 | return GNUNET_OK; | 496 | return GNUNET_OK; |
480 | } | 497 | } |
@@ -489,11 +506,12 @@ GNUNET_SECRETSHARING_encrypt(const struct GNUNET_SECRETSHARING_PublicKey *public | |||
489 | * @param dh to cancel | 506 | * @param dh to cancel |
490 | */ | 507 | */ |
491 | void | 508 | void |
492 | GNUNET_SECRETSHARING_decrypt_cancel(struct GNUNET_SECRETSHARING_DecryptionHandle *dh) | 509 | GNUNET_SECRETSHARING_decrypt_cancel (struct |
510 | GNUNET_SECRETSHARING_DecryptionHandle *dh) | ||
493 | { | 511 | { |
494 | GNUNET_MQ_destroy(dh->mq); | 512 | GNUNET_MQ_destroy (dh->mq); |
495 | dh->mq = NULL; | 513 | dh->mq = NULL; |
496 | GNUNET_free(dh); | 514 | GNUNET_free (dh); |
497 | } | 515 | } |
498 | 516 | ||
499 | /* end of secretsharing_api.c */ | 517 | /* end of secretsharing_api.c */ |
diff --git a/src/secretsharing/secretsharing_common.c b/src/secretsharing/secretsharing_common.c index 4707c2462..3003109a4 100644 --- a/src/secretsharing/secretsharing_common.c +++ b/src/secretsharing/secretsharing_common.c | |||
@@ -30,9 +30,9 @@ | |||
30 | * @return The share, or NULL on error. | 30 | * @return The share, or NULL on error. |
31 | */ | 31 | */ |
32 | struct GNUNET_SECRETSHARING_Share * | 32 | struct GNUNET_SECRETSHARING_Share * |
33 | GNUNET_SECRETSHARING_share_read(const void *data, | 33 | GNUNET_SECRETSHARING_share_read (const void *data, |
34 | size_t len, | 34 | size_t len, |
35 | size_t *readlen) | 35 | size_t *readlen) |
36 | { | 36 | { |
37 | struct GNUNET_SECRETSHARING_Share *share; | 37 | struct GNUNET_SECRETSHARING_Share *share; |
38 | const struct GNUNET_SECRETSHARING_ShareHeaderNBO *sh = data; | 38 | const struct GNUNET_SECRETSHARING_ShareHeaderNBO *sh = data; |
@@ -40,40 +40,41 @@ GNUNET_SECRETSHARING_share_read(const void *data, | |||
40 | size_t n; | 40 | size_t n; |
41 | uint16_t payload_size; | 41 | uint16_t payload_size; |
42 | 42 | ||
43 | payload_size = ntohs(sh->num_peers) * | 43 | payload_size = ntohs (sh->num_peers) |
44 | (sizeof(uint16_t) + sizeof(struct GNUNET_SECRETSHARING_FieldElement) + | 44 | * (sizeof(uint16_t) + sizeof(struct |
45 | sizeof(struct GNUNET_PeerIdentity)); | 45 | GNUNET_SECRETSHARING_FieldElement) |
46 | + sizeof(struct GNUNET_PeerIdentity)); | ||
46 | 47 | ||
47 | if (NULL != readlen) | 48 | if (NULL != readlen) |
48 | *readlen = payload_size + sizeof *sh; | 49 | *readlen = payload_size + sizeof *sh; |
49 | 50 | ||
50 | share = GNUNET_new(struct GNUNET_SECRETSHARING_Share); | 51 | share = GNUNET_new (struct GNUNET_SECRETSHARING_Share); |
51 | 52 | ||
52 | share->threshold = ntohs(sh->threshold); | 53 | share->threshold = ntohs (sh->threshold); |
53 | share->num_peers = ntohs(sh->num_peers); | 54 | share->num_peers = ntohs (sh->num_peers); |
54 | share->my_peer = ntohs(sh->my_peer); | 55 | share->my_peer = ntohs (sh->my_peer); |
55 | 56 | ||
56 | share->my_share = sh->my_share; | 57 | share->my_share = sh->my_share; |
57 | share->public_key = sh->public_key; | 58 | share->public_key = sh->public_key; |
58 | 59 | ||
59 | p = (const char *)&sh[1]; | 60 | p = (const char *) &sh[1]; |
60 | 61 | ||
61 | n = share->num_peers * sizeof(struct GNUNET_PeerIdentity); | 62 | n = share->num_peers * sizeof(struct GNUNET_PeerIdentity); |
62 | share->peers = GNUNET_new_array(share->num_peers, | 63 | share->peers = GNUNET_new_array (share->num_peers, |
63 | struct GNUNET_PeerIdentity); | 64 | struct GNUNET_PeerIdentity); |
64 | GNUNET_memcpy(share->peers, p, n); | 65 | GNUNET_memcpy (share->peers, p, n); |
65 | p += n; | 66 | p += n; |
66 | 67 | ||
67 | n = share->num_peers * sizeof(struct GNUNET_SECRETSHARING_FieldElement); | 68 | n = share->num_peers * sizeof(struct GNUNET_SECRETSHARING_FieldElement); |
68 | share->sigmas = GNUNET_new_array(share->num_peers, | 69 | share->sigmas = GNUNET_new_array (share->num_peers, |
69 | struct GNUNET_SECRETSHARING_FieldElement); | 70 | struct GNUNET_SECRETSHARING_FieldElement); |
70 | GNUNET_memcpy(share->sigmas, p, n); | 71 | GNUNET_memcpy (share->sigmas, p, n); |
71 | p += n; | 72 | p += n; |
72 | 73 | ||
73 | n = share->num_peers * sizeof(uint16_t); | 74 | n = share->num_peers * sizeof(uint16_t); |
74 | share->original_indices = GNUNET_new_array(share->num_peers, | 75 | share->original_indices = GNUNET_new_array (share->num_peers, |
75 | uint16_t); | 76 | uint16_t); |
76 | GNUNET_memcpy(share->original_indices, p, n); | 77 | GNUNET_memcpy (share->original_indices, p, n); |
77 | 78 | ||
78 | return share; | 79 | return share; |
79 | } | 80 | } |
@@ -91,63 +92,67 @@ GNUNET_SECRETSHARING_share_read(const void *data, | |||
91 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure. | 92 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure. |
92 | */ | 93 | */ |
93 | int | 94 | int |
94 | GNUNET_SECRETSHARING_share_write(const struct GNUNET_SECRETSHARING_Share *share, | 95 | GNUNET_SECRETSHARING_share_write (const struct |
95 | void *buf, size_t buflen, size_t *writelen) | 96 | GNUNET_SECRETSHARING_Share *share, |
97 | void *buf, size_t buflen, size_t *writelen) | ||
96 | { | 98 | { |
97 | uint16_t payload_size; | 99 | uint16_t payload_size; |
98 | struct GNUNET_SECRETSHARING_ShareHeaderNBO *sh; | 100 | struct GNUNET_SECRETSHARING_ShareHeaderNBO *sh; |
99 | char *p; | 101 | char *p; |
100 | int n; | 102 | int n; |
101 | 103 | ||
102 | payload_size = share->num_peers * | 104 | payload_size = share->num_peers |
103 | (sizeof(uint16_t) + sizeof(struct GNUNET_SECRETSHARING_FieldElement) + | 105 | * (sizeof(uint16_t) + sizeof(struct |
104 | sizeof(struct GNUNET_PeerIdentity)); | 106 | GNUNET_SECRETSHARING_FieldElement) |
107 | + sizeof(struct GNUNET_PeerIdentity)); | ||
105 | 108 | ||
106 | if (NULL != writelen) | 109 | if (NULL != writelen) |
107 | *writelen = payload_size + sizeof(struct GNUNET_SECRETSHARING_ShareHeaderNBO); | 110 | *writelen = payload_size + sizeof(struct |
111 | GNUNET_SECRETSHARING_ShareHeaderNBO); | ||
108 | 112 | ||
109 | /* just a query for the writelen */ | 113 | /* just a query for the writelen */ |
110 | if (buf == NULL) | 114 | if (buf == NULL) |
111 | return GNUNET_OK; | 115 | return GNUNET_OK; |
112 | 116 | ||
113 | /* wrong buffer size */ | 117 | /* wrong buffer size */ |
114 | if (buflen < payload_size + sizeof(struct GNUNET_SECRETSHARING_ShareHeaderNBO)) | 118 | if (buflen < payload_size + sizeof(struct |
119 | GNUNET_SECRETSHARING_ShareHeaderNBO)) | ||
115 | return GNUNET_SYSERR; | 120 | return GNUNET_SYSERR; |
116 | 121 | ||
117 | sh = buf; | 122 | sh = buf; |
118 | 123 | ||
119 | sh->threshold = htons(share->threshold); | 124 | sh->threshold = htons (share->threshold); |
120 | sh->num_peers = htons(share->num_peers); | 125 | sh->num_peers = htons (share->num_peers); |
121 | sh->my_peer = htons(share->my_peer); | 126 | sh->my_peer = htons (share->my_peer); |
122 | 127 | ||
123 | sh->my_share = share->my_share; | 128 | sh->my_share = share->my_share; |
124 | sh->public_key = share->public_key; | 129 | sh->public_key = share->public_key; |
125 | 130 | ||
126 | p = (void *)&sh[1]; | 131 | p = (void *) &sh[1]; |
127 | 132 | ||
128 | n = share->num_peers * sizeof(struct GNUNET_PeerIdentity); | 133 | n = share->num_peers * sizeof(struct GNUNET_PeerIdentity); |
129 | GNUNET_memcpy(p, share->peers, n); | 134 | GNUNET_memcpy (p, share->peers, n); |
130 | p += n; | 135 | p += n; |
131 | 136 | ||
132 | n = share->num_peers * sizeof(struct GNUNET_SECRETSHARING_FieldElement); | 137 | n = share->num_peers * sizeof(struct GNUNET_SECRETSHARING_FieldElement); |
133 | GNUNET_memcpy(p, share->sigmas, n); | 138 | GNUNET_memcpy (p, share->sigmas, n); |
134 | p += n; | 139 | p += n; |
135 | 140 | ||
136 | n = share->num_peers * sizeof(uint16_t); | 141 | n = share->num_peers * sizeof(uint16_t); |
137 | GNUNET_memcpy(p, share->original_indices, n); | 142 | GNUNET_memcpy (p, share->original_indices, n); |
138 | 143 | ||
139 | return GNUNET_OK; | 144 | return GNUNET_OK; |
140 | } | 145 | } |
141 | 146 | ||
142 | 147 | ||
143 | void | 148 | void |
144 | GNUNET_SECRETSHARING_share_destroy(struct GNUNET_SECRETSHARING_Share *share) | 149 | GNUNET_SECRETSHARING_share_destroy (struct GNUNET_SECRETSHARING_Share *share) |
145 | { | 150 | { |
146 | GNUNET_free(share->original_indices); | 151 | GNUNET_free (share->original_indices); |
147 | share->original_indices = NULL; | 152 | share->original_indices = NULL; |
148 | GNUNET_free(share->sigmas); | 153 | GNUNET_free (share->sigmas); |
149 | share->sigmas = NULL; | 154 | share->sigmas = NULL; |
150 | GNUNET_free(share->peers); | 155 | GNUNET_free (share->peers); |
151 | share->peers = NULL; | 156 | share->peers = NULL; |
152 | GNUNET_free(share); | 157 | GNUNET_free (share); |
153 | } | 158 | } |
diff --git a/src/secretsharing/secretsharing_protocol.h b/src/secretsharing/secretsharing_protocol.h index 949ab79d9..d43d1cee5 100644 --- a/src/secretsharing/secretsharing_protocol.h +++ b/src/secretsharing/secretsharing_protocol.h | |||
@@ -40,7 +40,8 @@ GNUNET_NETWORK_STRUCT_BEGIN | |||
40 | /** | 40 | /** |
41 | * Consensus element data used in the first round of key generation. | 41 | * Consensus element data used in the first round of key generation. |
42 | */ | 42 | */ |
43 | struct GNUNET_SECRETSHARING_KeygenCommitData { | 43 | struct GNUNET_SECRETSHARING_KeygenCommitData |
44 | { | ||
44 | /** | 45 | /** |
45 | * Signature over the rest of the message. | 46 | * Signature over the rest of the message. |
46 | */ | 47 | */ |
@@ -65,7 +66,8 @@ struct GNUNET_SECRETSHARING_KeygenCommitData { | |||
65 | }; | 66 | }; |
66 | 67 | ||
67 | 68 | ||
68 | struct GNUNET_SECRETSHARING_KeygenRevealData { | 69 | struct GNUNET_SECRETSHARING_KeygenRevealData |
70 | { | ||
69 | /** | 71 | /** |
70 | * Signature over rest of the message. | 72 | * Signature over rest of the message. |
71 | */ | 73 | */ |
@@ -87,7 +89,8 @@ struct GNUNET_SECRETSHARING_KeygenRevealData { | |||
87 | * Data of then element put in consensus | 89 | * Data of then element put in consensus |
88 | * for decrypting a value. | 90 | * for decrypting a value. |
89 | */ | 91 | */ |
90 | struct GNUNET_SECRETSHARING_DecryptData { | 92 | struct GNUNET_SECRETSHARING_DecryptData |
93 | { | ||
91 | /* | 94 | /* |
92 | * Signature over rest of the message. | 95 | * Signature over rest of the message. |
93 | */ | 96 | */ |
@@ -126,7 +129,8 @@ struct GNUNET_SECRETSHARING_DecryptData { | |||
126 | }; | 129 | }; |
127 | 130 | ||
128 | 131 | ||
129 | struct GNUNET_SECRETSHARING_FairEncryption { | 132 | struct GNUNET_SECRETSHARING_FairEncryption |
133 | { | ||
130 | struct GNUNET_CRYPTO_PaillierCiphertext c; | 134 | struct GNUNET_CRYPTO_PaillierCiphertext c; |
131 | /** | 135 | /** |
132 | * h = g^x, where x is the fairly encrypte secret. | 136 | * h = g^x, where x is the fairly encrypte secret. |
diff --git a/src/secretsharing/test_secretsharing_api.c b/src/secretsharing/test_secretsharing_api.c index 08533f703..227af1c3e 100644 --- a/src/secretsharing/test_secretsharing_api.c +++ b/src/secretsharing/test_secretsharing_api.c | |||
@@ -34,68 +34,68 @@ static struct GNUNET_SECRETSHARING_Session *keygen; | |||
34 | 34 | ||
35 | 35 | ||
36 | static void | 36 | static void |
37 | secret_ready_cb(void *cls, | 37 | secret_ready_cb (void *cls, |
38 | struct GNUNET_SECRETSHARING_Share *my_share, | 38 | struct GNUNET_SECRETSHARING_Share *my_share, |
39 | struct GNUNET_SECRETSHARING_PublicKey *public_key, | 39 | struct GNUNET_SECRETSHARING_PublicKey *public_key, |
40 | unsigned int num_ready_peers, | 40 | unsigned int num_ready_peers, |
41 | const struct GNUNET_PeerIdentity *ready_peers) | 41 | const struct GNUNET_PeerIdentity *ready_peers) |
42 | { | 42 | { |
43 | keygen = NULL; | 43 | keygen = NULL; |
44 | if (num_ready_peers == 1) | 44 | if (num_ready_peers == 1) |
45 | success = 1; | 45 | success = 1; |
46 | // FIXME: check that our share is valid, which we can do as there's only | 46 | // FIXME: check that our share is valid, which we can do as there's only |
47 | // one peer. | 47 | // one peer. |
48 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "secret ready, shutting down\n"); | 48 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "secret ready, shutting down\n"); |
49 | GNUNET_SCHEDULER_shutdown(); | 49 | GNUNET_SCHEDULER_shutdown (); |
50 | } | 50 | } |
51 | 51 | ||
52 | 52 | ||
53 | static void | 53 | static void |
54 | handle_shutdown(void *cls) | 54 | handle_shutdown (void *cls) |
55 | { | 55 | { |
56 | if (NULL != keygen) | 56 | if (NULL != keygen) |
57 | { | 57 | { |
58 | GNUNET_SECRETSHARING_session_destroy(keygen); | 58 | GNUNET_SECRETSHARING_session_destroy (keygen); |
59 | keygen = NULL; | 59 | keygen = NULL; |
60 | } | 60 | } |
61 | } | 61 | } |
62 | 62 | ||
63 | 63 | ||
64 | static void | 64 | static void |
65 | run(void *cls, | 65 | run (void *cls, |
66 | const struct GNUNET_CONFIGURATION_Handle *cfg, | 66 | const struct GNUNET_CONFIGURATION_Handle *cfg, |
67 | struct GNUNET_TESTING_Peer *peer) | 67 | struct GNUNET_TESTING_Peer *peer) |
68 | { | 68 | { |
69 | struct GNUNET_HashCode session_id; | 69 | struct GNUNET_HashCode session_id; |
70 | struct GNUNET_TIME_Absolute start; | 70 | struct GNUNET_TIME_Absolute start; |
71 | struct GNUNET_TIME_Absolute deadline; | 71 | struct GNUNET_TIME_Absolute deadline; |
72 | 72 | ||
73 | GNUNET_SCHEDULER_add_shutdown(&handle_shutdown, NULL); | 73 | GNUNET_SCHEDULER_add_shutdown (&handle_shutdown, NULL); |
74 | 74 | ||
75 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "testing secretsharing api\n"); | 75 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "testing secretsharing api\n"); |
76 | 76 | ||
77 | GNUNET_CRYPTO_hash_create_random(GNUNET_CRYPTO_QUALITY_WEAK, &session_id); | 77 | GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK, &session_id); |
78 | 78 | ||
79 | start = GNUNET_TIME_absolute_get(); | 79 | start = GNUNET_TIME_absolute_get (); |
80 | deadline = GNUNET_TIME_absolute_add(start, GNUNET_TIME_UNIT_SECONDS); | 80 | deadline = GNUNET_TIME_absolute_add (start, GNUNET_TIME_UNIT_SECONDS); |
81 | 81 | ||
82 | keygen = GNUNET_SECRETSHARING_create_session(cfg, | 82 | keygen = GNUNET_SECRETSHARING_create_session (cfg, |
83 | 0, NULL, /* only the local peer */ | 83 | 0, NULL, /* only the local peer */ |
84 | &session_id, | 84 | &session_id, |
85 | start, deadline, | 85 | start, deadline, |
86 | 1, | 86 | 1, |
87 | secret_ready_cb, NULL); | 87 | secret_ready_cb, NULL); |
88 | } | 88 | } |
89 | 89 | ||
90 | 90 | ||
91 | int | 91 | int |
92 | main(int argc, char **argv) | 92 | main (int argc, char **argv) |
93 | { | 93 | { |
94 | int ret; | 94 | int ret; |
95 | 95 | ||
96 | ret = GNUNET_TESTING_peer_run("test_secretsharing_api", | 96 | ret = GNUNET_TESTING_peer_run ("test_secretsharing_api", |
97 | "test_secretsharing.conf", | 97 | "test_secretsharing.conf", |
98 | &run, NULL); | 98 | &run, NULL); |
99 | if (0 != ret) | 99 | if (0 != ret) |
100 | return ret; | 100 | return ret; |
101 | return (GNUNET_YES == success) ? 0 : 1; | 101 | return (GNUNET_YES == success) ? 0 : 1; |