diff options
| author | Florian Dold <florian.dold@gmail.com> | 2014-01-07 11:10:05 +0000 |
|---|---|---|
| committer | Florian Dold <florian.dold@gmail.com> | 2014-01-07 11:10:05 +0000 |
| commit | 9b4bee4d09a77662448a9416f4deaf6994b2eb07 (patch) | |
| tree | 552f05303a35bb1fb0060737b7513e0f900933d8 /src/secretsharing | |
| parent | 47a164b83ebd56bc13167a57bf38aeafe78d354b (diff) | |
| download | gnunet-9b4bee4d09a77662448a9416f4deaf6994b2eb07.tar.gz gnunet-9b4bee4d09a77662448a9416f4deaf6994b2eb07.zip | |
- correctly adjust buffer when printing MPIs
- fix confusion between paillier and elgamal field elements
Diffstat (limited to 'src/secretsharing')
| -rw-r--r-- | src/secretsharing/gnunet-service-secretsharing.c | 142 | ||||
| -rw-r--r-- | src/secretsharing/secretsharing_protocol.h | 6 |
2 files changed, 77 insertions, 71 deletions
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c index 9298e38ad..fe02f55bc 100644 --- a/src/secretsharing/gnunet-service-secretsharing.c +++ b/src/secretsharing/gnunet-service-secretsharing.c | |||
| @@ -44,12 +44,7 @@ struct KeygenPeerInfo | |||
| 44 | struct GNUNET_PeerIdentity peer; | 44 | struct GNUNET_PeerIdentity peer; |
| 45 | 45 | ||
| 46 | /** | 46 | /** |
| 47 | * g-component of the peer's paillier public key. | 47 | * The peer's paillier public key. |
| 48 | */ | ||
| 49 | gcry_mpi_t paillier_g; | ||
| 50 | |||
| 51 | /** | ||
| 52 | * mu-component of the peer's paillier public key. | ||
| 53 | */ | 48 | */ |
| 54 | gcry_mpi_t paillier_n; | 49 | gcry_mpi_t paillier_n; |
| 55 | 50 | ||
| @@ -318,13 +313,45 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg; | |||
| 318 | */ | 313 | */ |
| 319 | static struct GNUNET_SERVER_Handle *srv; | 314 | static struct GNUNET_SERVER_Handle *srv; |
| 320 | 315 | ||
| 316 | |||
| 317 | /** | ||
| 318 | * If target != size, move @a target bytes to the end of the size-sized | ||
| 319 | * buffer and zero out the first @a target - @a size bytes. | ||
| 320 | * | ||
| 321 | * @param buf original buffer | ||
| 322 | * @param size number of bytes in @a buf | ||
| 323 | * @param target target size of the buffer | ||
| 324 | */ | ||
| 325 | static void | ||
| 326 | adjust (unsigned char *buf, | ||
| 327 | size_t size, | ||
| 328 | size_t target) | ||
| 329 | { | ||
| 330 | if (size < target) | ||
| 331 | { | ||
| 332 | memmove (&buf[target - size], buf, size); | ||
| 333 | memset (buf, 0, target - size); | ||
| 334 | } | ||
| 335 | } | ||
| 336 | |||
| 337 | |||
| 321 | /** | 338 | /** |
| 322 | * Print a field element in a fixed-size buffer. | 339 | * Print an MPI to a buffer, so that is contains the MPI's |
| 340 | * the little endian representation of size @a size. | ||
| 341 | * | ||
| 342 | * @param buf buffer to write to | ||
| 343 | * @param x mpi to be written in the buffer | ||
| 344 | * @param bytes how many bytes should the value use | ||
| 345 | * @param | ||
| 323 | */ | 346 | */ |
| 324 | static void | 347 | static void |
| 325 | print_field_element (void *buf, gcry_mpi_t x) | 348 | print_mpi_fixed (void *buf, gcry_mpi_t x, size_t size) |
| 326 | { | 349 | { |
| 327 | GNUNET_assert (0); | 350 | size_t written; |
| 351 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
| 352 | buf, size, &written, | ||
| 353 | x)); | ||
| 354 | adjust (buf, written, size); | ||
| 328 | } | 355 | } |
| 329 | 356 | ||
| 330 | 357 | ||
| @@ -499,13 +526,12 @@ compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, | |||
| 499 | * Uses the simplified key generation of Jonathan Katz, Yehuda Lindell, | 526 | * Uses the simplified key generation of Jonathan Katz, Yehuda Lindell, |
| 500 | * "Introduction to Modern Cryptography: Principles and Protocols". | 527 | * "Introduction to Modern Cryptography: Principles and Protocols". |
| 501 | * | 528 | * |
| 502 | * @param g g-component of public key | ||
| 503 | * @param n n-component of public key | 529 | * @param n n-component of public key |
| 504 | * @param lambda lambda-component of private key | 530 | * @param lambda lambda-component of private key |
| 505 | * @param mu mu-componenent of private key | 531 | * @param mu mu-componenent of private key |
| 506 | */ | 532 | */ |
| 507 | static void | 533 | static void |
| 508 | paillier_create (gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) | 534 | paillier_create (gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) |
| 509 | { | 535 | { |
| 510 | gcry_mpi_t p; | 536 | gcry_mpi_t p; |
| 511 | gcry_mpi_t q; | 537 | gcry_mpi_t q; |
| @@ -521,7 +547,6 @@ paillier_create (gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) | |||
| 521 | GNUNET_assert (0 == gcry_prime_generate (&q, PAILLIER_BITS / 2, 0, NULL, NULL, NULL, | 547 | GNUNET_assert (0 == gcry_prime_generate (&q, PAILLIER_BITS / 2, 0, NULL, NULL, NULL, |
| 522 | GCRY_WEAK_RANDOM, 0)); | 548 | GCRY_WEAK_RANDOM, 0)); |
| 523 | gcry_mpi_mul (n, p, q); | 549 | gcry_mpi_mul (n, p, q); |
| 524 | gcry_mpi_add_ui (g, n, 1); | ||
| 525 | // compute phi(n) = (p-1)(q-1) | 550 | // compute phi(n) = (p-1)(q-1) |
| 526 | gcry_mpi_sub_ui (phi, p, 1); | 551 | gcry_mpi_sub_ui (phi, p, 1); |
| 527 | gcry_mpi_sub_ui (tmp, q, 1); | 552 | gcry_mpi_sub_ui (tmp, q, 1); |
| @@ -542,17 +567,20 @@ paillier_create (gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) | |||
| 542 | * | 567 | * |
| 543 | * @param c resulting ciphertext | 568 | * @param c resulting ciphertext |
| 544 | * @param m plaintext to encrypt | 569 | * @param m plaintext to encrypt |
| 545 | * @param g g-component of public key | ||
| 546 | * @param n n-component of public key | 570 | * @param n n-component of public key |
| 547 | */ | 571 | */ |
| 548 | static void | 572 | static void |
| 549 | paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n) | 573 | paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t n) |
| 550 | { | 574 | { |
| 551 | gcry_mpi_t n_square; | 575 | gcry_mpi_t n_square; |
| 552 | gcry_mpi_t r; | 576 | gcry_mpi_t r; |
| 577 | gcry_mpi_t g; | ||
| 553 | 578 | ||
| 554 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); | 579 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); |
| 555 | GNUNET_assert (0 != (r = gcry_mpi_new (0))); | 580 | GNUNET_assert (0 != (r = gcry_mpi_new (0))); |
| 581 | GNUNET_assert (0 != (g = gcry_mpi_new (0))); | ||
| 582 | |||
| 583 | gcry_mpi_add_ui (g, n, 1); | ||
| 556 | 584 | ||
| 557 | gcry_mpi_mul (n_square, n, n); | 585 | gcry_mpi_mul (n_square, n, n); |
| 558 | 586 | ||
| @@ -617,9 +645,9 @@ generate_presecret_polynomial (struct KeygenSession *ks) | |||
| 617 | ks->presecret_polynomial = GNUNET_malloc (ks->threshold * sizeof (gcry_mpi_t)); | 645 | ks->presecret_polynomial = GNUNET_malloc (ks->threshold * sizeof (gcry_mpi_t)); |
| 618 | for (i = 0; i < ks->threshold; i++) | 646 | for (i = 0; i < ks->threshold; i++) |
| 619 | { | 647 | { |
| 620 | ks->presecret_polynomial[i] = gcry_mpi_new (PAILLIER_BITS); | 648 | ks->presecret_polynomial[i] = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS); |
| 621 | GNUNET_assert (0 != ks->presecret_polynomial[i]); | 649 | GNUNET_assert (0 != ks->presecret_polynomial[i]); |
| 622 | gcry_mpi_randomize (ks->presecret_polynomial[i], PAILLIER_BITS, | 650 | gcry_mpi_randomize (ks->presecret_polynomial[i], GNUNET_SECRETSHARING_KEY_BITS, |
| 623 | GCRY_WEAK_RANDOM); | 651 | GCRY_WEAK_RANDOM); |
| 624 | } | 652 | } |
| 625 | } | 653 | } |
| @@ -681,8 +709,6 @@ keygen_round1_new_element (void *cls, | |||
| 681 | return; | 709 | return; |
| 682 | } | 710 | } |
| 683 | 711 | ||
| 684 | GNUNET_assert (0 == gcry_mpi_scan (&info->paillier_g, GCRYMPI_FMT_USG, | ||
| 685 | &d->pubkey.g, sizeof d->pubkey.g, NULL)); | ||
| 686 | GNUNET_assert (0 == gcry_mpi_scan (&info->paillier_n, GCRYMPI_FMT_USG, | 712 | GNUNET_assert (0 == gcry_mpi_scan (&info->paillier_n, GCRYMPI_FMT_USG, |
| 687 | &d->pubkey.n, sizeof d->pubkey.n, NULL)); | 713 | &d->pubkey.n, sizeof d->pubkey.n, NULL)); |
| 688 | GNUNET_assert (0 == gcry_mpi_scan (&info->presecret_commitment, GCRYMPI_FMT_USG, | 714 | GNUNET_assert (0 == gcry_mpi_scan (&info->presecret_commitment, GCRYMPI_FMT_USG, |
| @@ -731,8 +757,8 @@ keygen_round2_conclude (void *cls) | |||
| 731 | 757 | ||
| 732 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); | 758 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); |
| 733 | 759 | ||
| 734 | GNUNET_assert (0 != (s = gcry_mpi_new (PAILLIER_BITS))); | 760 | GNUNET_assert (0 != (s = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
| 735 | GNUNET_assert (0 != (h = gcry_mpi_new (PAILLIER_BITS))); | 761 | GNUNET_assert (0 != (h = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
| 736 | 762 | ||
| 737 | // multiplicative identity | 763 | // multiplicative identity |
| 738 | gcry_mpi_set_ui (s, 1); | 764 | gcry_mpi_set_ui (s, 1); |
| @@ -762,8 +788,8 @@ keygen_round2_conclude (void *cls) | |||
| 762 | } | 788 | } |
| 763 | } | 789 | } |
| 764 | 790 | ||
| 765 | gcry_mpi_print (GCRYMPI_FMT_USG, (void *) &share->my_share, PAILLIER_BITS / 8, NULL, s); | 791 | print_mpi_fixed (&share->my_share, s, GNUNET_SECRETSHARING_KEY_BITS / 8); |
| 766 | gcry_mpi_print (GCRYMPI_FMT_USG, (void *) &share->public_key, PAILLIER_BITS / 8, NULL, s); | 792 | print_mpi_fixed (&share->public_key, h, GNUNET_SECRETSHARING_KEY_BITS / 8); |
| 767 | 793 | ||
| 768 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen successful with %u peers\n", share->num_peers); | 794 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen successful with %u peers\n", share->num_peers); |
| 769 | 795 | ||
| @@ -803,12 +829,12 @@ insert_round2_element (struct KeygenSession *ks) | |||
| 803 | gcry_mpi_t idx; | 829 | gcry_mpi_t idx; |
| 804 | gcry_mpi_t v; | 830 | gcry_mpi_t v; |
| 805 | 831 | ||
| 806 | GNUNET_assert (0 != (v = gcry_mpi_new (PAILLIER_BITS))); | 832 | GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
| 807 | GNUNET_assert (0 != (idx = gcry_mpi_new (PAILLIER_BITS))); | 833 | GNUNET_assert (0 != (idx = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
| 808 | 834 | ||
| 809 | element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + | 835 | element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + |
| 810 | 2 * PAILLIER_BITS / 8 * ks->num_peers + | 836 | 2 * GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->num_peers + |
| 811 | 1 * PAILLIER_BITS / 8 * ks->threshold); | 837 | 1 * GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->threshold); |
| 812 | 838 | ||
| 813 | element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size); | 839 | element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size); |
| 814 | element->size = element_size; | 840 | element->size = element_size; |
| @@ -830,8 +856,8 @@ insert_round2_element (struct KeygenSession *ks) | |||
| 830 | horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, elgamal_p); | 856 | horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, elgamal_p); |
| 831 | // take g to the result | 857 | // take g to the result |
| 832 | gcry_mpi_powm (v, elgamal_g, v, elgamal_p); | 858 | gcry_mpi_powm (v, elgamal_g, v, elgamal_p); |
| 833 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | 859 | print_mpi_fixed (pos, v, GNUNET_SECRETSHARING_KEY_BITS / 8); |
| 834 | pos += PAILLIER_BITS / 8; | 860 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8; |
| 835 | } | 861 | } |
| 836 | 862 | ||
| 837 | // encrypted pre-shares | 863 | // encrypted pre-shares |
| @@ -842,10 +868,9 @@ insert_round2_element (struct KeygenSession *ks) | |||
| 842 | if (GNUNET_NO == ks->info[i].round1_valid) | 868 | if (GNUNET_NO == ks->info[i].round1_valid) |
| 843 | gcry_mpi_set_ui (v, 0); | 869 | gcry_mpi_set_ui (v, 0); |
| 844 | else | 870 | else |
| 845 | paillier_encrypt (v, ks->presecret_polynomial[0], | 871 | paillier_encrypt (v, ks->presecret_polynomial[0], ks->info[i].paillier_n); |
| 846 | ks->info[i].paillier_g, ks->info[i].paillier_g); | 872 | print_mpi_fixed (pos, v, GNUNET_SECRETSHARING_KEY_BITS / 8); |
| 847 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | 873 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8; |
| 848 | pos += PAILLIER_BITS / 8; | ||
| 849 | } | 874 | } |
| 850 | 875 | ||
| 851 | // exponentiated coefficients | 876 | // exponentiated coefficients |
| @@ -854,8 +879,8 @@ insert_round2_element (struct KeygenSession *ks) | |||
| 854 | ptrdiff_t remaining = last_pos - pos; | 879 | ptrdiff_t remaining = last_pos - pos; |
| 855 | GNUNET_assert (remaining > 0); | 880 | GNUNET_assert (remaining > 0); |
| 856 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); | 881 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); |
| 857 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | 882 | print_mpi_fixed (pos, v, GNUNET_SECRETSHARING_KEY_BITS / 8); |
| 858 | pos += PAILLIER_BITS / 8; | 883 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8; |
| 859 | } | 884 | } |
| 860 | 885 | ||
| 861 | d->purpose.size = htonl (element_size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); | 886 | d->purpose.size = htonl (element_size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); |
| @@ -888,8 +913,8 @@ keygen_round2_new_element (void *cls, | |||
| 888 | } | 913 | } |
| 889 | 914 | ||
| 890 | expected_element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + | 915 | expected_element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + |
| 891 | 2 * PAILLIER_BITS / 8 * ks->num_peers + | 916 | 2 * GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->num_peers + |
| 892 | 1 * PAILLIER_BITS / 8 * ks->threshold); | 917 | 1 * GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->threshold); |
| 893 | 918 | ||
| 894 | if (element->size != expected_element_size) | 919 | if (element->size != expected_element_size) |
| 895 | { | 920 | { |
| @@ -932,16 +957,16 @@ keygen_round2_new_element (void *cls, | |||
| 932 | 957 | ||
| 933 | pos = (void *) &d[1]; | 958 | pos = (void *) &d[1]; |
| 934 | // skip exponentiated pre-shares | 959 | // skip exponentiated pre-shares |
| 935 | pos += PAILLIER_BITS / 8 * ks->num_peers; | 960 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->num_peers; |
| 936 | // skip encrypted pre-shares | 961 | // skip encrypted pre-shares |
| 937 | pos += PAILLIER_BITS / 8 * ks->num_peers; | 962 | pos += PAILLIER_BITS / 8 * ks->num_peers; |
| 938 | // the first exponentiated coefficient is the public key share | 963 | // the first exponentiated coefficient is the public key share |
| 939 | GNUNET_assert (0 == gcry_mpi_scan (&info->public_key_share, GCRYMPI_FMT_USG, | 964 | GNUNET_assert (0 == gcry_mpi_scan (&info->public_key_share, GCRYMPI_FMT_USG, |
| 940 | pos, PAILLIER_BITS / 8, NULL)); | 965 | pos, GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
| 941 | 966 | ||
| 942 | pos = (void *) &d[1]; | 967 | pos = (void *) &d[1]; |
| 943 | // skip exp. pre-shares | 968 | // skip exp. pre-shares |
| 944 | pos += PAILLIER_BITS / 8 * ks->num_peers; | 969 | pos += GNUNET_SECRETSHARING_KEY_BITS / 8 * ks->num_peers; |
| 945 | // skip to the encrypted value for our peer | 970 | // skip to the encrypted value for our peer |
| 946 | pos += PAILLIER_BITS / 8 * ks->local_peer_idx; | 971 | pos += PAILLIER_BITS / 8 * ks->local_peer_idx; |
| 947 | 972 | ||
| @@ -1013,7 +1038,7 @@ insert_round1_element (struct KeygenSession *ks) | |||
| 1013 | // g^a_{i,0} | 1038 | // g^a_{i,0} |
| 1014 | gcry_mpi_t v; | 1039 | gcry_mpi_t v; |
| 1015 | // big-endian representation of 'v' | 1040 | // big-endian representation of 'v' |
| 1016 | unsigned char v_data[PAILLIER_BITS / 8]; | 1041 | unsigned char v_data[GNUNET_SECRETSHARING_KEY_BITS / 8]; |
| 1017 | 1042 | ||
| 1018 | element = GNUNET_malloc (sizeof *element + sizeof *d); | 1043 | element = GNUNET_malloc (sizeof *element + sizeof *d); |
| 1019 | d = (void *) &element[1]; | 1044 | d = (void *) &element[1]; |
| @@ -1026,27 +1051,16 @@ insert_round1_element (struct KeygenSession *ks) | |||
| 1026 | 1051 | ||
| 1027 | d->peer = my_peer; | 1052 | d->peer = my_peer; |
| 1028 | 1053 | ||
| 1029 | GNUNET_assert (0 != (v = gcry_mpi_new (PAILLIER_BITS))); | 1054 | GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_KEY_BITS))); |
| 1030 | 1055 | ||
| 1031 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); | 1056 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); |
| 1032 | 1057 | ||
| 1033 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | 1058 | print_mpi_fixed (v_data, v, GNUNET_SECRETSHARING_KEY_BITS); |
| 1034 | v_data, PAILLIER_BITS / 8, NULL, | ||
| 1035 | v)); | ||
| 1036 | |||
| 1037 | GNUNET_CRYPTO_hash (v_data, PAILLIER_BITS / 8, &d->commitment); | ||
| 1038 | |||
| 1039 | /* | ||
| 1040 | 1059 | ||
| 1041 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | 1060 | GNUNET_CRYPTO_hash (v_data, GNUNET_SECRETSHARING_KEY_BITS / 8, &d->commitment); |
| 1042 | (unsigned char *) d->pubkey.g, PAILLIER_BITS / 8, NULL, | ||
| 1043 | ks->info[ks->local_peer_idx].paillier_g)); | ||
| 1044 | |||
| 1045 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
| 1046 | (unsigned char *) d->pubkey.n, PAILLIER_BITS / 8, NULL, | ||
| 1047 | ks->info[ks->local_peer_idx].paillier_n)); | ||
| 1048 | 1061 | ||
| 1049 | */ | 1062 | print_mpi_fixed (d->pubkey.n, ks->info[ks->local_peer_idx].paillier_n, |
| 1063 | PAILLIER_BITS / 8); | ||
| 1050 | 1064 | ||
| 1051 | d->purpose.size = htonl ((sizeof *d) - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); | 1065 | d->purpose.size = htonl ((sizeof *d) - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); |
| 1052 | d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); | 1066 | d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); |
| @@ -1105,13 +1119,11 @@ static void handle_client_keygen (void *cls, | |||
| 1105 | for (i = 0; i < ks->num_peers; i++) | 1119 | for (i = 0; i < ks->num_peers; i++) |
| 1106 | ks->info[i].peer = ks->peers[i]; | 1120 | ks->info[i].peer = ks->peers[i]; |
| 1107 | 1121 | ||
| 1108 | GNUNET_assert (0 != (ks->info[ks->local_peer_idx].paillier_g = mpi_new (0))); | ||
| 1109 | GNUNET_assert (0 != (ks->info[ks->local_peer_idx].paillier_n = mpi_new (0))); | 1122 | GNUNET_assert (0 != (ks->info[ks->local_peer_idx].paillier_n = mpi_new (0))); |
| 1110 | GNUNET_assert (0 != (ks->paillier_lambda = mpi_new (0))); | 1123 | GNUNET_assert (0 != (ks->paillier_lambda = mpi_new (0))); |
| 1111 | GNUNET_assert (0 != (ks->paillier_mu = mpi_new (0))); | 1124 | GNUNET_assert (0 != (ks->paillier_mu = mpi_new (0))); |
| 1112 | 1125 | ||
| 1113 | paillier_create (ks->info[ks->local_peer_idx].paillier_g, | 1126 | paillier_create (ks->info[ks->local_peer_idx].paillier_n, |
| 1114 | ks->info[ks->local_peer_idx].paillier_n, | ||
| 1115 | ks->paillier_lambda, | 1127 | ks->paillier_lambda, |
| 1116 | ks->paillier_mu); | 1128 | ks->paillier_mu); |
| 1117 | 1129 | ||
| @@ -1176,14 +1188,14 @@ decrypt_conclude (void *cls) | |||
| 1176 | } | 1188 | } |
| 1177 | 1189 | ||
| 1178 | GNUNET_assert (0 == gcry_mpi_scan (&c_2, GCRYMPI_FMT_USG, ds->ciphertext.c2_bits, | 1190 | GNUNET_assert (0 == gcry_mpi_scan (&c_2, GCRYMPI_FMT_USG, ds->ciphertext.c2_bits, |
| 1179 | PAILLIER_BITS / 8, NULL)); | 1191 | GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
| 1180 | 1192 | ||
| 1181 | // m <- c_2 / m | 1193 | // m <- c_2 / m |
| 1182 | gcry_mpi_invm (m, m, elgamal_p); | 1194 | gcry_mpi_invm (m, m, elgamal_p); |
| 1183 | gcry_mpi_mulm (m, c_2, m, elgamal_p); | 1195 | gcry_mpi_mulm (m, c_2, m, elgamal_p); |
| 1184 | 1196 | ||
| 1185 | ev = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); | 1197 | ev = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); |
| 1186 | print_field_element (&msg->plaintext, m); | 1198 | print_mpi_fixed (&msg->plaintext, m, GNUNET_SECRETSHARING_KEY_BITS / 8); |
| 1187 | msg->success = htonl (1); | 1199 | msg->success = htonl (1); |
| 1188 | GNUNET_MQ_send (ds->client_mq, ev); | 1200 | GNUNET_MQ_send (ds->client_mq, ev); |
| 1189 | 1201 | ||
| @@ -1236,7 +1248,7 @@ decrypt_new_element (void *cls, | |||
| 1236 | // FIXME: check NIZP first | 1248 | // FIXME: check NIZP first |
| 1237 | 1249 | ||
| 1238 | GNUNET_assert (0 == gcry_mpi_scan (&info->partial_decryption, | 1250 | GNUNET_assert (0 == gcry_mpi_scan (&info->partial_decryption, |
| 1239 | GCRYMPI_FMT_USG, &d->partial_decryption, PAILLIER_BITS / 8, NULL)); | 1251 | GCRYMPI_FMT_USG, &d->partial_decryption, GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
| 1240 | } | 1252 | } |
| 1241 | 1253 | ||
| 1242 | static void | 1254 | static void |
| @@ -1247,8 +1259,8 @@ insert_decrypt_element (struct DecryptSession *ds) | |||
| 1247 | gcry_mpi_t x; | 1259 | gcry_mpi_t x; |
| 1248 | gcry_mpi_t s; | 1260 | gcry_mpi_t s; |
| 1249 | 1261 | ||
| 1250 | GNUNET_assert (0 == gcry_mpi_scan (&x, GCRYMPI_FMT_USG, ds->ciphertext.c1_bits, PAILLIER_BITS / 8, NULL)); | 1262 | GNUNET_assert (0 == gcry_mpi_scan (&x, GCRYMPI_FMT_USG, ds->ciphertext.c1_bits, GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
| 1251 | GNUNET_assert (0 == gcry_mpi_scan (&s, GCRYMPI_FMT_USG, &ds->share->my_share, PAILLIER_BITS / 8, NULL)); | 1263 | GNUNET_assert (0 == gcry_mpi_scan (&s, GCRYMPI_FMT_USG, &ds->share->my_share, GNUNET_SECRETSHARING_KEY_BITS / 8, NULL)); |
| 1252 | 1264 | ||
| 1253 | gcry_mpi_powm (x, x, s, elgamal_p); | 1265 | gcry_mpi_powm (x, x, s, elgamal_p); |
| 1254 | 1266 | ||
| @@ -1260,7 +1272,7 @@ insert_decrypt_element (struct DecryptSession *ds) | |||
| 1260 | d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); | 1272 | d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); |
| 1261 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, &d.purpose, &d.signature); | 1273 | GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, &d.purpose, &d.signature); |
| 1262 | 1274 | ||
| 1263 | print_field_element (&d.partial_decryption, x); | 1275 | print_mpi_fixed (&d.partial_decryption, x, GNUNET_SECRETSHARING_KEY_BITS / 8); |
| 1264 | 1276 | ||
| 1265 | GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); | 1277 | GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); |
| 1266 | } | 1278 | } |
diff --git a/src/secretsharing/secretsharing_protocol.h b/src/secretsharing/secretsharing_protocol.h index b8904ca24..5d833cbb3 100644 --- a/src/secretsharing/secretsharing_protocol.h +++ b/src/secretsharing/secretsharing_protocol.h | |||
| @@ -48,12 +48,6 @@ struct PaillierPublicKey | |||
| 48 | { | 48 | { |
| 49 | /** | 49 | /** |
| 50 | * Network order representation of the | 50 | * Network order representation of the |
| 51 | * g-component. | ||
| 52 | */ | ||
| 53 | uint32_t g[PAILLIER_BITS / 8 / sizeof (uint32_t)]; | ||
| 54 | |||
| 55 | /** | ||
| 56 | * Network order representation of the | ||
| 57 | * n-component. | 51 | * n-component. |
| 58 | */ | 52 | */ |
| 59 | uint32_t n[PAILLIER_BITS / 8 / sizeof (uint32_t)]; | 53 | uint32_t n[PAILLIER_BITS / 8 / sizeof (uint32_t)]; |