aboutsummaryrefslogtreecommitdiff
path: root/src/secretsharing
diff options
context:
space:
mode:
authorng0 <ng0@n0.is>2019-09-08 12:33:09 +0000
committerng0 <ng0@n0.is>2019-09-08 12:33:09 +0000
commitd41ed82a4ea0cc8e1674b6d5d2c49fd6462610bb (patch)
tree9efd18ea7d425652085ed0bd5e8e45604bc5f6b9 /src/secretsharing
parenta0fce305c565c0937d917a92712f15e9c5736260 (diff)
downloadgnunet-d41ed82a4ea0cc8e1674b6d5d2c49fd6462610bb.tar.gz
gnunet-d41ed82a4ea0cc8e1674b6d5d2c49fd6462610bb.zip
uncrustify as demanded.
Diffstat (limited to 'src/secretsharing')
-rw-r--r--src/secretsharing/gnunet-secretsharing-profiler.c502
-rw-r--r--src/secretsharing/gnunet-service-secretsharing.c2096
-rw-r--r--src/secretsharing/secretsharing.h26
-rw-r--r--src/secretsharing/secretsharing_api.c337
-rw-r--r--src/secretsharing/secretsharing_common.c92
-rw-r--r--src/secretsharing/secretsharing_protocol.h16
-rw-r--r--src/secretsharing/test_secretsharing_api.c68
7 files changed, 1557 insertions, 1580 deletions
diff --git a/src/secretsharing/gnunet-secretsharing-profiler.c b/src/secretsharing/gnunet-secretsharing-profiler.c
index 85abe154b..0bd2cc6a9 100644
--- a/src/secretsharing/gnunet-secretsharing-profiler.c
+++ b/src/secretsharing/gnunet-secretsharing-profiler.c
@@ -11,7 +11,7 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
@@ -122,10 +122,10 @@ static int in_shutdown;
122 * @param event information about the event 122 * @param event information about the event
123 */ 123 */
124static void 124static void
125controller_cb (void *cls, 125controller_cb(void *cls,
126 const struct GNUNET_TESTBED_EventInformation *event) 126 const struct GNUNET_TESTBED_EventInformation *event)
127{ 127{
128 GNUNET_assert (0); 128 GNUNET_assert(0);
129} 129}
130 130
131 131
@@ -139,30 +139,29 @@ controller_cb (void *cls,
139 * operation has executed successfully. 139 * operation has executed successfully.
140 */ 140 */
141static void 141static void
142session_connect_complete (void *cls, 142session_connect_complete(void *cls,
143 struct GNUNET_TESTBED_Operation *op, 143 struct GNUNET_TESTBED_Operation *op,
144 void *ca_result, 144 void *ca_result,
145 const char *emsg) 145 const char *emsg)
146{ 146{
147
148 if (NULL != emsg) 147 if (NULL != emsg)
149 { 148 {
150 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 149 GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
151 "testbed connect emsg: %s\n", 150 "testbed connect emsg: %s\n",
152 emsg); 151 emsg);
153 GNUNET_assert (0); 152 GNUNET_assert(0);
154 } 153 }
155 154
156 num_connected_sessions++; 155 num_connected_sessions++;
157 156
158 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 157 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
159 "dkg: session connect complete\n"); 158 "dkg: session connect complete\n");
160 159
161 if (num_connected_sessions == num_peers) 160 if (num_connected_sessions == num_peers)
162 { 161 {
163 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 162 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
164 "dkg: all peers connected\n"); 163 "dkg: all peers connected\n");
165 } 164 }
166} 165}
167 166
168 167
@@ -176,30 +175,29 @@ session_connect_complete (void *cls,
176 * operation has executed successfully. 175 * operation has executed successfully.
177 */ 176 */
178static void 177static void
179decrypt_connect_complete (void *cls, 178decrypt_connect_complete(void *cls,
180 struct GNUNET_TESTBED_Operation *op, 179 struct GNUNET_TESTBED_Operation *op,
181 void *ca_result, 180 void *ca_result,
182 const char *emsg) 181 const char *emsg)
183{ 182{
184
185 if (NULL != emsg) 183 if (NULL != emsg)
186 { 184 {
187 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 185 GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
188 "testbed connect emsg: %s\n", 186 "testbed connect emsg: %s\n",
189 emsg); 187 emsg);
190 GNUNET_assert (0); 188 GNUNET_assert(0);
191 } 189 }
192 190
193 num_connected_decrypt++; 191 num_connected_decrypt++;
194 192
195 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 193 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
196 "decrypt: session connect complete\n"); 194 "decrypt: session connect complete\n");
197 195
198 if (num_connected_decrypt == num_peers) 196 if (num_connected_decrypt == num_peers)
199 { 197 {
200 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 198 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
201 "decrypt: all peers connected\n"); 199 "decrypt: all peers connected\n");
202 } 200 }
203} 201}
204 202
205 203
@@ -209,35 +207,36 @@ decrypt_connect_complete (void *cls,
209 * @param cls Plaintext 207 * @param cls Plaintext
210 * @param plaintext Plaintext 208 * @param plaintext Plaintext
211 */ 209 */
212static void decrypt_cb (void *cls, 210static void decrypt_cb(void *cls,
213 const struct GNUNET_SECRETSHARING_Plaintext *plaintext) 211 const struct GNUNET_SECRETSHARING_Plaintext *plaintext)
214{ 212{
215 struct GNUNET_SECRETSHARING_DecryptionHandle **dhp = cls; 213 struct GNUNET_SECRETSHARING_DecryptionHandle **dhp = cls;
216 unsigned int n = dhp - decrypt_handles; 214 unsigned int n = dhp - decrypt_handles;
215
217 num_decrypted++; 216 num_decrypted++;
218 217
219 *dhp = NULL; 218 *dhp = NULL;
220 219
221 // we should still be connected if this is called 220 // we should still be connected if this is called
222 GNUNET_assert (NULL != connect_ops[n]); 221 GNUNET_assert(NULL != connect_ops[n]);
223 222
224 GNUNET_TESTBED_operation_done (connect_ops[n]); 223 GNUNET_TESTBED_operation_done(connect_ops[n]);
225 224
226 if (NULL == plaintext) 225 if (NULL == plaintext)
227 { 226 {
228 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt failed for peer %u\n", n); 227 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt failed for peer %u\n", n);
229 return; 228 return;
230 } 229 }
231 else if (0 == GNUNET_memcmp (&reference_plaintext, plaintext)) 230 else if (0 == GNUNET_memcmp(&reference_plaintext, plaintext))
232 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "decrypt got correct result for peer %u\n", n); 231 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "decrypt got correct result for peer %u\n", n);
233 else 232 else
234 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt got wrong result for peer %u\n", n); 233 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt got wrong result for peer %u\n", n);
235 234
236 if (num_decrypted == num_peers) 235 if (num_decrypted == num_peers)
237 { 236 {
238 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "every peer decrypted\n"); 237 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "every peer decrypted\n");
239 GNUNET_SCHEDULER_shutdown (); 238 GNUNET_SCHEDULER_shutdown();
240 } 239 }
241 240
242 *dhp = NULL; 241 *dhp = NULL;
243} 242}
@@ -255,19 +254,19 @@ static void decrypt_cb (void *cls,
255 * @return service handle to return in 'op_result', NULL on error 254 * @return service handle to return in 'op_result', NULL on error
256 */ 255 */
257static void * 256static void *
258decrypt_connect_adapter (void *cls, 257decrypt_connect_adapter(void *cls,
259 const struct GNUNET_CONFIGURATION_Handle *cfg) 258 const struct GNUNET_CONFIGURATION_Handle *cfg)
260{ 259{
261 struct GNUNET_SECRETSHARING_DecryptionHandle **hp = cls; 260 struct GNUNET_SECRETSHARING_DecryptionHandle **hp = cls;
262 unsigned int n = hp - decrypt_handles; 261 unsigned int n = hp - decrypt_handles;
263 262
264 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 263 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
265 "decrypt connect adapter, %d peers\n", 264 "decrypt connect adapter, %d peers\n",
266 num_peers); 265 num_peers);
267 *hp = GNUNET_SECRETSHARING_decrypt (cfg, shares[n], &ciphertext, 266 *hp = GNUNET_SECRETSHARING_decrypt(cfg, shares[n], &ciphertext,
268 decrypt_start, decrypt_deadline, 267 decrypt_start, decrypt_deadline,
269 decrypt_cb, 268 decrypt_cb,
270 hp); 269 hp);
271 270
272 return *hp; 271 return *hp;
273} 272}
@@ -286,25 +285,25 @@ decrypt_disconnect_adapter(void *cls, void *op_result)
286 struct GNUNET_SECRETSHARING_DecryptionHandle **dh = cls; 285 struct GNUNET_SECRETSHARING_DecryptionHandle **dh = cls;
287 unsigned int n = dh - decrypt_handles; 286 unsigned int n = dh - decrypt_handles;
288 287
289 GNUNET_assert (*dh == decrypt_handles[n]); 288 GNUNET_assert(*dh == decrypt_handles[n]);
290 289
291 if (NULL != *dh) 290 if (NULL != *dh)
292 { 291 {
293 GNUNET_SECRETSHARING_decrypt_cancel (*dh); 292 GNUNET_SECRETSHARING_decrypt_cancel(*dh);
294 *dh = NULL; 293 *dh = NULL;
295 } 294 }
296 295
297 GNUNET_assert (NULL != connect_ops[n]); 296 GNUNET_assert(NULL != connect_ops[n]);
298 connect_ops[n] = NULL; 297 connect_ops[n] = NULL;
299} 298}
300 299
301 300
302static void 301static void
303secret_ready_cb (void *cls, 302secret_ready_cb(void *cls,
304 struct GNUNET_SECRETSHARING_Share *my_share, 303 struct GNUNET_SECRETSHARING_Share *my_share,
305 struct GNUNET_SECRETSHARING_PublicKey *public_key, 304 struct GNUNET_SECRETSHARING_PublicKey *public_key,
306 unsigned int num_ready_peers, 305 unsigned int num_ready_peers,
307 const struct GNUNET_PeerIdentity *ready_peers) 306 const struct GNUNET_PeerIdentity *ready_peers)
308{ 307{
309 struct GNUNET_SECRETSHARING_Session **sp = cls; 308 struct GNUNET_SECRETSHARING_Session **sp = cls;
310 unsigned int n = sp - session_handles; 309 unsigned int n = sp - session_handles;
@@ -315,36 +314,35 @@ secret_ready_cb (void *cls,
315 *sp = NULL; 314 *sp = NULL;
316 shares[n] = my_share; 315 shares[n] = my_share;
317 if (NULL == my_share) 316 if (NULL == my_share)
318 {
319 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "key generation failed for peer #%u\n", n);
320 }
321 else
322 {
323 ret = GNUNET_STRINGS_data_to_string (public_key, sizeof *public_key, pubkey_str, 1024);
324 GNUNET_assert (NULL != ret);
325 *ret = '\0';
326 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "key generation successful for peer #%u, pubkey %s\n", n,
327 pubkey_str);
328
329 /* we're the first to get the key -> store it */
330 if (num_generated == 1)
331 { 317 {
332 common_pubkey = *public_key; 318 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "key generation failed for peer #%u\n", n);
333 } 319 }
334 else if (0 != GNUNET_memcmp (public_key, &common_pubkey)) 320 else
335 { 321 {
336 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "generated public keys do not match\n"); 322 ret = GNUNET_STRINGS_data_to_string(public_key, sizeof *public_key, pubkey_str, 1024);
337 GNUNET_SCHEDULER_shutdown (); 323 GNUNET_assert(NULL != ret);
338 return; 324 *ret = '\0';
325 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "key generation successful for peer #%u, pubkey %s\n", n,
326 pubkey_str);
327
328 /* we're the first to get the key -> store it */
329 if (num_generated == 1)
330 {
331 common_pubkey = *public_key;
332 }
333 else if (0 != GNUNET_memcmp(public_key, &common_pubkey))
334 {
335 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "generated public keys do not match\n");
336 GNUNET_SCHEDULER_shutdown();
337 return;
338 }
339 } 339 }
340 }
341 340
342 // we should still be connected 341 // we should still be connected
343 GNUNET_assert (NULL != connect_ops[n]); 342 GNUNET_assert(NULL != connect_ops[n]);
344 343
345 // disconnect from the service, will call the disconnect callback 344 // disconnect from the service, will call the disconnect callback
346 GNUNET_TESTBED_operation_done (connect_ops[n]); 345 GNUNET_TESTBED_operation_done(connect_ops[n]);
347
348} 346}
349 347
350 348
@@ -359,22 +357,22 @@ secret_ready_cb (void *cls,
359 * @return service handle to return in 'op_result', NULL on error 357 * @return service handle to return in 'op_result', NULL on error
360 */ 358 */
361static void * 359static void *
362session_connect_adapter (void *cls, 360session_connect_adapter(void *cls,
363 const struct GNUNET_CONFIGURATION_Handle *cfg) 361 const struct GNUNET_CONFIGURATION_Handle *cfg)
364{ 362{
365 struct GNUNET_SECRETSHARING_Session **sp = cls; 363 struct GNUNET_SECRETSHARING_Session **sp = cls;
366 364
367 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 365 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
368 "connect adapter, %d peers\n", 366 "connect adapter, %d peers\n",
369 num_peers); 367 num_peers);
370 *sp = GNUNET_SECRETSHARING_create_session (cfg, 368 *sp = GNUNET_SECRETSHARING_create_session(cfg,
371 num_peers, 369 num_peers,
372 peer_ids, 370 peer_ids,
373 &session_id, 371 &session_id,
374 dkg_start, 372 dkg_start,
375 dkg_deadline, 373 dkg_deadline,
376 threshold, 374 threshold,
377 &secret_ready_cb, sp); 375 &secret_ready_cb, sp);
378 return *sp; 376 return *sp;
379} 377}
380 378
@@ -388,20 +386,20 @@ session_connect_adapter (void *cls,
388 * @param op_result service handle returned from the connect adapter 386 * @param op_result service handle returned from the connect adapter
389 */ 387 */
390static void 388static void
391session_disconnect_adapter (void *cls, void *op_result) 389session_disconnect_adapter(void *cls, void *op_result)
392{ 390{
393 struct GNUNET_SECRETSHARING_Session **sp = cls; 391 struct GNUNET_SECRETSHARING_Session **sp = cls;
394 unsigned int n = (sp - session_handles); 392 unsigned int n = (sp - session_handles);
395 393
396 GNUNET_assert (*sp == session_handles[n]); 394 GNUNET_assert(*sp == session_handles[n]);
397 395
398 if (NULL != *sp) 396 if (NULL != *sp)
399 { 397 {
400 GNUNET_SECRETSHARING_session_destroy (*sp); 398 GNUNET_SECRETSHARING_session_destroy(*sp);
401 *sp = NULL; 399 *sp = NULL;
402 } 400 }
403 401
404 GNUNET_assert (NULL != connect_ops[n]); 402 GNUNET_assert(NULL != connect_ops[n]);
405 connect_ops[n] = NULL; 403 connect_ops[n] = NULL;
406 404
407 if (GNUNET_YES == in_shutdown) 405 if (GNUNET_YES == in_shutdown)
@@ -409,29 +407,29 @@ session_disconnect_adapter (void *cls, void *op_result)
409 407
410 // all peers received their secret 408 // all peers received their secret
411 if (num_generated == num_peers) 409 if (num_generated == num_peers)
412 {
413 int i;
414
415 // only do decryption if requested by the user
416 if (GNUNET_NO == decrypt)
417 { 410 {
418 GNUNET_SCHEDULER_shutdown (); 411 int i;
419 return;
420 }
421 412
422 decrypt_start = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), delay); 413 // only do decryption if requested by the user
423 decrypt_deadline = GNUNET_TIME_absolute_add (decrypt_start, timeout); 414 if (GNUNET_NO == decrypt)
415 {
416 GNUNET_SCHEDULER_shutdown();
417 return;
418 }
424 419
425 // compute g^42 as the plaintext which we will decrypt and then 420 decrypt_start = GNUNET_TIME_absolute_add(GNUNET_TIME_absolute_get(), delay);
426 // cooperatively decrypt 421 decrypt_deadline = GNUNET_TIME_absolute_add(decrypt_start, timeout);
427 GNUNET_SECRETSHARING_plaintext_generate_i (&reference_plaintext, 42);
428 GNUNET_SECRETSHARING_encrypt (&common_pubkey, &reference_plaintext, &ciphertext);
429 422
430 for (i = 0; i < num_peers; i++) 423 // compute g^42 as the plaintext which we will decrypt and then
431 connect_ops[i] = 424 // cooperatively decrypt
432 GNUNET_TESTBED_service_connect (NULL, peers[i], "secretsharing", &decrypt_connect_complete, NULL, 425 GNUNET_SECRETSHARING_plaintext_generate_i(&reference_plaintext, 42);
433 &decrypt_connect_adapter, &decrypt_disconnect_adapter, &decrypt_handles[i]); 426 GNUNET_SECRETSHARING_encrypt(&common_pubkey, &reference_plaintext, &ciphertext);
434 } 427
428 for (i = 0; i < num_peers; i++)
429 connect_ops[i] =
430 GNUNET_TESTBED_service_connect(NULL, peers[i], "secretsharing", &decrypt_connect_complete, NULL,
431 &decrypt_connect_adapter, &decrypt_disconnect_adapter, &decrypt_handles[i]);
432 }
435} 433}
436 434
437 435
@@ -445,34 +443,34 @@ session_disconnect_adapter (void *cls, void *op_result)
445 * operation is successfull 443 * operation is successfull
446 */ 444 */
447static void 445static void
448peer_info_cb (void *cb_cls, 446peer_info_cb(void *cb_cls,
449 struct GNUNET_TESTBED_Operation *op, 447 struct GNUNET_TESTBED_Operation *op,
450 const struct GNUNET_TESTBED_PeerInformation *pinfo, 448 const struct GNUNET_TESTBED_PeerInformation *pinfo,
451 const char *emsg) 449 const char *emsg)
452{ 450{
453 struct GNUNET_PeerIdentity *p; 451 struct GNUNET_PeerIdentity *p;
454 int i; 452 int i;
455 453
456 GNUNET_assert (NULL == emsg); 454 GNUNET_assert(NULL == emsg);
457 455
458 p = (struct GNUNET_PeerIdentity *) cb_cls; 456 p = (struct GNUNET_PeerIdentity *)cb_cls;
459 457
460 if (pinfo->pit == GNUNET_TESTBED_PIT_IDENTITY) 458 if (pinfo->pit == GNUNET_TESTBED_PIT_IDENTITY)
461 { 459 {
462 *p = *pinfo->result.id; 460 *p = *pinfo->result.id;
463 num_retrieved_peer_ids++; 461 num_retrieved_peer_ids++;
464 if (num_retrieved_peer_ids == num_peers) 462 if (num_retrieved_peer_ids == num_peers)
465 for (i = 0; i < num_peers; i++) 463 for (i = 0; i < num_peers; i++)
466 connect_ops[i] = 464 connect_ops[i] =
467 GNUNET_TESTBED_service_connect (NULL, peers[i], "secretsharing", session_connect_complete, NULL, 465 GNUNET_TESTBED_service_connect(NULL, peers[i], "secretsharing", session_connect_complete, NULL,
468 session_connect_adapter, session_disconnect_adapter, &session_handles[i]); 466 session_connect_adapter, session_disconnect_adapter, &session_handles[i]);
469 } 467 }
470 else 468 else
471 { 469 {
472 GNUNET_assert (0); 470 GNUNET_assert(0);
473 } 471 }
474 472
475 GNUNET_TESTBED_operation_done (op); 473 GNUNET_TESTBED_operation_done(op);
476} 474}
477 475
478 476
@@ -482,21 +480,21 @@ peer_info_cb (void *cb_cls,
482 * @param cls closure 480 * @param cls closure
483 */ 481 */
484static void 482static void
485handle_shutdown (void *cls) 483handle_shutdown(void *cls)
486{ 484{
487 in_shutdown = GNUNET_YES; 485 in_shutdown = GNUNET_YES;
488 486
489 if (NULL != connect_ops) 487 if (NULL != connect_ops)
490 { 488 {
491 unsigned int i; 489 unsigned int i;
492 for (i = 0; i < num_peers; i++) 490 for (i = 0; i < num_peers; i++)
493 if (NULL != connect_ops[i]) 491 if (NULL != connect_ops[i])
494 { 492 {
495 // the disconnect callback will set the op to NULL 493 // the disconnect callback will set the op to NULL
496 GNUNET_TESTBED_operation_done (connect_ops[i]); 494 GNUNET_TESTBED_operation_done(connect_ops[i]);
497 } 495 }
498 GNUNET_free (connect_ops); 496 GNUNET_free(connect_ops);
499 } 497 }
500 498
501 // killing the testbed operation will take care of remaining 499 // killing the testbed operation will take care of remaining
502 // service handles in the disconnect callback 500 // service handles in the disconnect callback
@@ -517,131 +515,131 @@ handle_shutdown (void *cls)
517 * failed 515 * failed
518 */ 516 */
519static void 517static void
520test_master (void *cls, 518test_master(void *cls,
521 struct GNUNET_TESTBED_RunHandle *h, 519 struct GNUNET_TESTBED_RunHandle *h,
522 unsigned int num_peers, 520 unsigned int num_peers,
523 struct GNUNET_TESTBED_Peer **started_peers, 521 struct GNUNET_TESTBED_Peer **started_peers,
524 unsigned int links_succeeded, 522 unsigned int links_succeeded,
525 unsigned int links_failed) 523 unsigned int links_failed)
526{ 524{
527 int i; 525 int i;
528 526
529 GNUNET_log_setup ("gnunet-secretsharing-profiler", "INFO", NULL); 527 GNUNET_log_setup("gnunet-secretsharing-profiler", "INFO", NULL);
530 528
531 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "test master\n"); 529 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "test master\n");
532 530
533 GNUNET_SCHEDULER_add_shutdown (&handle_shutdown, NULL); 531 GNUNET_SCHEDULER_add_shutdown(&handle_shutdown, NULL);
534 532
535 peers = started_peers; 533 peers = started_peers;
536 534
537 peer_ids = GNUNET_malloc (num_peers * sizeof (struct GNUNET_PeerIdentity)); 535 peer_ids = GNUNET_malloc(num_peers * sizeof(struct GNUNET_PeerIdentity));
538 536
539 session_handles = GNUNET_new_array (num_peers, struct GNUNET_SECRETSHARING_Session *); 537 session_handles = GNUNET_new_array(num_peers, struct GNUNET_SECRETSHARING_Session *);
540 decrypt_handles = GNUNET_new_array (num_peers, struct GNUNET_SECRETSHARING_DecryptionHandle *); 538 decrypt_handles = GNUNET_new_array(num_peers, struct GNUNET_SECRETSHARING_DecryptionHandle *);
541 connect_ops = GNUNET_new_array (num_peers, struct GNUNET_TESTBED_Operation *); 539 connect_ops = GNUNET_new_array(num_peers, struct GNUNET_TESTBED_Operation *);
542 shares = GNUNET_new_array (num_peers, struct GNUNET_SECRETSHARING_Share *); 540 shares = GNUNET_new_array(num_peers, struct GNUNET_SECRETSHARING_Share *);
543 541
544 for (i = 0; i < num_peers; i++) 542 for (i = 0; i < num_peers; i++)
545 { 543 {
546 // we do not store the returned operation, as peer_info_cb 544 // we do not store the returned operation, as peer_info_cb
547 // will receive it as a parameter and call GNUNET_TESTBED_operation_done. 545 // will receive it as a parameter and call GNUNET_TESTBED_operation_done.
548 GNUNET_TESTBED_peer_get_information (peers[i], 546 GNUNET_TESTBED_peer_get_information(peers[i],
549 GNUNET_TESTBED_PIT_IDENTITY, 547 GNUNET_TESTBED_PIT_IDENTITY,
550 peer_info_cb, 548 peer_info_cb,
551 &peer_ids[i]); 549 &peer_ids[i]);
552 } 550 }
553} 551}
554 552
555 553
556static void 554static void
557run (void *cls, char *const *args, const char *cfgfile, 555run(void *cls, char *const *args, const char *cfgfile,
558 const struct GNUNET_CONFIGURATION_Handle *cfg) 556 const struct GNUNET_CONFIGURATION_Handle *cfg)
559{ 557{
560 static char *session_str = "gnunet-secretsharing/test"; 558 static char *session_str = "gnunet-secretsharing/test";
561 char *topology; 559 char *topology;
562 int topology_cmp_result; 560 int topology_cmp_result;
563 561
564 dkg_start = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), delay); 562 dkg_start = GNUNET_TIME_absolute_add(GNUNET_TIME_absolute_get(), delay);
565 dkg_deadline = GNUNET_TIME_absolute_add (dkg_start, timeout); 563 dkg_deadline = GNUNET_TIME_absolute_add(dkg_start, timeout);
566 564
567 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "testbed", "OVERLAY_TOPOLOGY", &topology)) 565 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string(cfg, "testbed", "OVERLAY_TOPOLOGY", &topology))
568 { 566 {
569 fprintf (stderr, 567 fprintf(stderr,
570 "'OVERLAY_TOPOLOGY' not found in 'testbed' config section, " 568 "'OVERLAY_TOPOLOGY' not found in 'testbed' config section, "
571 "seems like you passed the wrong configuration file\n"); 569 "seems like you passed the wrong configuration file\n");
572 return; 570 return;
573 } 571 }
574 572
575 topology_cmp_result = strcasecmp (topology, "NONE"); 573 topology_cmp_result = strcasecmp(topology, "NONE");
576 GNUNET_free (topology); 574 GNUNET_free(topology);
577 575
578 if (0 == topology_cmp_result) 576 if (0 == topology_cmp_result)
579 { 577 {
580 fprintf (stderr, 578 fprintf(stderr,
581 "'OVERLAY_TOPOLOGY' set to 'NONE', " 579 "'OVERLAY_TOPOLOGY' set to 'NONE', "
582 "seems like you passed the wrong configuration file\n"); 580 "seems like you passed the wrong configuration file\n");
583 return; 581 return;
584 } 582 }
585 583
586 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 584 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
587 "running gnunet-secretsharing-profiler\n"); 585 "running gnunet-secretsharing-profiler\n");
588 586
589 GNUNET_CRYPTO_hash (session_str, strlen (session_str), &session_id); 587 GNUNET_CRYPTO_hash(session_str, strlen(session_str), &session_id);
590 588
591 (void) GNUNET_TESTBED_test_run ("gnunet-secretsharing-profiler", 589 (void)GNUNET_TESTBED_test_run("gnunet-secretsharing-profiler",
592 cfgfile, 590 cfgfile,
593 num_peers, 591 num_peers,
594 0, 592 0,
595 controller_cb, 593 controller_cb,
596 NULL, 594 NULL,
597 test_master, 595 test_master,
598 NULL); 596 NULL);
599} 597}
600 598
601 599
602int 600int
603main (int argc, char **argv) 601main(int argc, char **argv)
604{ 602{
605 struct GNUNET_GETOPT_CommandLineOption options[] = { 603 struct GNUNET_GETOPT_CommandLineOption options[] = {
606 604 GNUNET_GETOPT_option_uint('n',
607 GNUNET_GETOPT_option_uint ('n', 605 "num-peers",
608 "num-peers", 606 NULL,
609 NULL, 607 gettext_noop("number of peers in consensus"),
610 gettext_noop ("number of peers in consensus"), 608 &num_peers),
611 &num_peers), 609
612 610 GNUNET_GETOPT_option_relative_time('D',
613 GNUNET_GETOPT_option_relative_time ('D', 611 "delay",
614 "delay", 612 NULL,
615 NULL, 613 gettext_noop("dkg start delay"),
616 gettext_noop ("dkg start delay"), 614 &delay),
617 &delay), 615
618 616 GNUNET_GETOPT_option_relative_time('t',
619 GNUNET_GETOPT_option_relative_time ('t', 617 "timeout",
620 "timeout", 618 NULL,
621 NULL, 619 gettext_noop("dkg timeout"),
622 gettext_noop ("dkg timeout"), 620 &timeout),
623 &timeout), 621
624 622 GNUNET_GETOPT_option_uint('k',
625 GNUNET_GETOPT_option_uint ('k', 623 "threshold",
626 "threshold", 624 NULL,
627 NULL, 625 gettext_noop("threshold"),
628 gettext_noop ("threshold"), 626 &threshold),
629 &threshold), 627
630 628 GNUNET_GETOPT_option_flag('d',
631 GNUNET_GETOPT_option_flag ('d', 629 "descrypt",
632 "descrypt", 630 gettext_noop("also profile decryption"),
633 gettext_noop ("also profile decryption"), 631 &decrypt),
634 &decrypt), 632
635 633
636 634 GNUNET_GETOPT_option_verbose(&verbose),
637 GNUNET_GETOPT_option_verbose (&verbose),
638 635
639 GNUNET_GETOPT_OPTION_END 636 GNUNET_GETOPT_OPTION_END
640 }; 637 };
638
641 delay = GNUNET_TIME_UNIT_ZERO; 639 delay = GNUNET_TIME_UNIT_ZERO;
642 timeout = GNUNET_TIME_UNIT_MINUTES; 640 timeout = GNUNET_TIME_UNIT_MINUTES;
643 GNUNET_PROGRAM_run2 (argc, argv, "gnunet-secretsharing-profiler", 641 GNUNET_PROGRAM_run2(argc, argv, "gnunet-secretsharing-profiler",
644 "help", 642 "help",
645 options, &run, NULL, GNUNET_YES); 643 options, &run, NULL, GNUNET_YES);
646 return 0; 644 return 0;
647} 645}
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c
index d136c5a68..828ff04af 100644
--- a/src/secretsharing/gnunet-service-secretsharing.c
+++ b/src/secretsharing/gnunet-service-secretsharing.c
@@ -16,7 +16,7 @@
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
18 SPDX-License-Identifier: AGPL3.0-or-later 18 SPDX-License-Identifier: AGPL3.0-or-later
19*/ 19 */
20 20
21/** 21/**
22 * @file secretsharing/gnunet-service-secretsharing.c 22 * @file secretsharing/gnunet-service-secretsharing.c
@@ -39,8 +39,7 @@
39/** 39/**
40 * Info about a peer in a key generation session. 40 * Info about a peer in a key generation session.
41 */ 41 */
42struct KeygenPeerInfo 42struct KeygenPeerInfo {
43{
44 /** 43 /**
45 * Peer identity of the peer. 44 * Peer identity of the peer.
46 */ 45 */
@@ -85,8 +84,7 @@ struct KeygenPeerInfo
85/** 84/**
86 * Information about a peer in a decrypt session. 85 * Information about a peer in a decrypt session.
87 */ 86 */
88struct DecryptPeerInfo 87struct DecryptPeerInfo {
89{
90 /** 88 /**
91 * Identity of the peer. 89 * Identity of the peer.
92 */ 90 */
@@ -117,9 +115,7 @@ struct ClientState;
117/** 115/**
118 * Session to establish a threshold-shared secret. 116 * Session to establish a threshold-shared secret.
119 */ 117 */
120struct KeygenSession 118struct KeygenSession {
121{
122
123 /** 119 /**
124 * Current consensus, used for both DKG rounds. 120 * Current consensus, used for both DKG rounds.
125 */ 121 */
@@ -212,9 +208,7 @@ struct KeygenSession
212/** 208/**
213 * Session to cooperatively decrypt a value. 209 * Session to cooperatively decrypt a value.
214 */ 210 */
215struct DecryptSession 211struct DecryptSession {
216{
217
218 /** 212 /**
219 * Handle to the consensus over partial decryptions. 213 * Handle to the consensus over partial decryptions.
220 */ 214 */
@@ -258,8 +252,7 @@ struct DecryptSession
258/** 252/**
259 * State we keep per client. 253 * State we keep per client.
260 */ 254 */
261struct ClientState 255struct ClientState {
262{
263 /** 256 /**
264 * Decrypt session of the client, if any. 257 * Decrypt session of the client, if any.
265 */ 258 */
@@ -279,7 +272,6 @@ struct ClientState
279 * MQ to talk to @a client. 272 * MQ to talk to @a client.
280 */ 273 */
281 struct GNUNET_MQ_Handle *mq; 274 struct GNUNET_MQ_Handle *mq;
282
283}; 275};
284 276
285 277
@@ -325,12 +317,13 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
325 * @return The Keygen peer info, or NULL if the peer could not be found. 317 * @return The Keygen peer info, or NULL if the peer could not be found.
326 */ 318 */
327static struct KeygenPeerInfo * 319static struct KeygenPeerInfo *
328get_keygen_peer_info (const struct KeygenSession *ks, 320get_keygen_peer_info(const struct KeygenSession *ks,
329 const struct GNUNET_PeerIdentity *peer) 321 const struct GNUNET_PeerIdentity *peer)
330{ 322{
331 unsigned int i; 323 unsigned int i;
324
332 for (i = 0; i < ks->num_peers; i++) 325 for (i = 0; i < ks->num_peers; i++)
333 if (0 == GNUNET_memcmp (peer, &ks->info[i].peer)) 326 if (0 == GNUNET_memcmp(peer, &ks->info[i].peer))
334 return &ks->info[i]; 327 return &ks->info[i];
335 return NULL; 328 return NULL;
336} 329}
@@ -344,12 +337,13 @@ get_keygen_peer_info (const struct KeygenSession *ks,
344 * @return The decrypt peer info, or NULL if the peer could not be found. 337 * @return The decrypt peer info, or NULL if the peer could not be found.
345 */ 338 */
346static struct DecryptPeerInfo * 339static struct DecryptPeerInfo *
347get_decrypt_peer_info (const struct DecryptSession *ds, 340get_decrypt_peer_info(const struct DecryptSession *ds,
348 const struct GNUNET_PeerIdentity *peer) 341 const struct GNUNET_PeerIdentity *peer)
349{ 342{
350 unsigned int i; 343 unsigned int i;
344
351 for (i = 0; i < ds->share->num_peers; i++) 345 for (i = 0; i < ds->share->num_peers; i++)
352 if (0 == GNUNET_memcmp (peer, &ds->info[i].peer)) 346 if (0 == GNUNET_memcmp(peer, &ds->info[i].peer))
353 return &ds->info[i]; 347 return &ds->info[i];
354 return NULL; 348 return NULL;
355} 349}
@@ -364,14 +358,14 @@ get_decrypt_peer_info (const struct DecryptSession *ds,
364 * @param denum denumerator of the scale factor 358 * @param denum denumerator of the scale factor
365 */ 359 */
366static struct GNUNET_TIME_Absolute 360static struct GNUNET_TIME_Absolute
367time_between (struct GNUNET_TIME_Absolute start, 361time_between(struct GNUNET_TIME_Absolute start,
368 struct GNUNET_TIME_Absolute end, 362 struct GNUNET_TIME_Absolute end,
369 int num, int denum) 363 int num, int denum)
370{ 364{
371 struct GNUNET_TIME_Absolute result; 365 struct GNUNET_TIME_Absolute result;
372 uint64_t diff; 366 uint64_t diff;
373 367
374 GNUNET_assert (start.abs_value_us <= end.abs_value_us); 368 GNUNET_assert(start.abs_value_us <= end.abs_value_us);
375 diff = end.abs_value_us - start.abs_value_us; 369 diff = end.abs_value_us - start.abs_value_us;
376 result.abs_value_us = start.abs_value_us + ((diff * num) / denum); 370 result.abs_value_us = start.abs_value_us + ((diff * num) / denum);
377 371
@@ -387,11 +381,11 @@ time_between (struct GNUNET_TIME_Absolute start,
387 * @return 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2. 381 * @return 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2.
388 */ 382 */
389static int 383static int
390peer_id_cmp (const void *p1, const void *p2) 384peer_id_cmp(const void *p1, const void *p2)
391{ 385{
392 return memcmp (p1, 386 return memcmp(p1,
393 p2, 387 p2,
394 sizeof (struct GNUNET_PeerIdentity)); 388 sizeof(struct GNUNET_PeerIdentity));
395} 389}
396 390
397 391
@@ -405,14 +399,14 @@ peer_id_cmp (const void *p1, const void *p2)
405 * is not in the list. 399 * is not in the list.
406 */ 400 */
407static int 401static int
408peer_find (const struct GNUNET_PeerIdentity *haystack, unsigned int n, 402peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n,
409 const struct GNUNET_PeerIdentity *needle) 403 const struct GNUNET_PeerIdentity *needle)
410{ 404{
411 unsigned int i; 405 unsigned int i;
412 406
413 for (i = 0; i < n; i++) 407 for (i = 0; i < n; i++)
414 if (0 == GNUNET_memcmp (&haystack[i], 408 if (0 == GNUNET_memcmp(&haystack[i],
415 needle)) 409 needle))
416 return i; 410 return i;
417 return -1; 411 return -1;
418} 412}
@@ -429,10 +423,10 @@ peer_find (const struct GNUNET_PeerIdentity *haystack, unsigned int n,
429 * @return Normalized list, must be free'd by the caller. 423 * @return Normalized list, must be free'd by the caller.
430 */ 424 */
431static struct GNUNET_PeerIdentity * 425static struct GNUNET_PeerIdentity *
432normalize_peers (struct GNUNET_PeerIdentity *listed, 426normalize_peers(struct GNUNET_PeerIdentity *listed,
433 unsigned int num_listed, 427 unsigned int num_listed,
434 unsigned int *num_normalized, 428 unsigned int *num_normalized,
435 unsigned int *my_peer_idx) 429 unsigned int *my_peer_idx)
436{ 430{
437 unsigned int local_peer_in_list; 431 unsigned int local_peer_in_list;
438 /* number of peers in the normalized list */ 432 /* number of peers in the normalized list */
@@ -441,28 +435,28 @@ normalize_peers (struct GNUNET_PeerIdentity *listed,
441 435
442 local_peer_in_list = GNUNET_YES; 436 local_peer_in_list = GNUNET_YES;
443 n = num_listed; 437 n = num_listed;
444 if (peer_find (listed, num_listed, &my_peer) < 0) 438 if (peer_find(listed, num_listed, &my_peer) < 0)
445 { 439 {
446 local_peer_in_list = GNUNET_NO; 440 local_peer_in_list = GNUNET_NO;
447 n += 1; 441 n += 1;
448 } 442 }
449 443
450 normalized = GNUNET_new_array (n, 444 normalized = GNUNET_new_array(n,
451 struct GNUNET_PeerIdentity); 445 struct GNUNET_PeerIdentity);
452 446
453 if (GNUNET_NO == local_peer_in_list) 447 if (GNUNET_NO == local_peer_in_list)
454 normalized[n - 1] = my_peer; 448 normalized[n - 1] = my_peer;
455 449
456 GNUNET_memcpy (normalized, 450 GNUNET_memcpy(normalized,
457 listed, 451 listed,
458 num_listed * sizeof (struct GNUNET_PeerIdentity)); 452 num_listed * sizeof(struct GNUNET_PeerIdentity));
459 qsort (normalized, 453 qsort(normalized,
460 n, 454 n,
461 sizeof (struct GNUNET_PeerIdentity), 455 sizeof(struct GNUNET_PeerIdentity),
462 &peer_id_cmp); 456 &peer_id_cmp);
463 457
464 if (NULL != my_peer_idx) 458 if (NULL != my_peer_idx)
465 *my_peer_idx = peer_find (normalized, n, &my_peer); 459 *my_peer_idx = peer_find(normalized, n, &my_peer);
466 if (NULL != num_normalized) 460 if (NULL != num_normalized)
467 *num_normalized = n; 461 *num_normalized = n;
468 462
@@ -479,9 +473,9 @@ normalize_peers (struct GNUNET_PeerIdentity *listed,
479 * @param num number of indices in @a indices 473 * @param num number of indices in @a indices
480 */ 474 */
481static void 475static void
482compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, 476compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j,
483 unsigned int *indices, 477 unsigned int *indices,
484 unsigned int num) 478 unsigned int num)
485{ 479{
486 unsigned int i; 480 unsigned int i;
487 /* numerator */ 481 /* numerator */
@@ -491,41 +485,41 @@ compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j,
491 /* temp value for l-j */ 485 /* temp value for l-j */
492 gcry_mpi_t tmp; 486 gcry_mpi_t tmp;
493 487
494 GNUNET_assert (0 != coeff); 488 GNUNET_assert(0 != coeff);
495 489
496 GNUNET_assert (0 != (n = gcry_mpi_new (0))); 490 GNUNET_assert(0 != (n = gcry_mpi_new(0)));
497 GNUNET_assert (0 != (d = gcry_mpi_new (0))); 491 GNUNET_assert(0 != (d = gcry_mpi_new(0)));
498 GNUNET_assert (0 != (tmp = gcry_mpi_new (0))); 492 GNUNET_assert(0 != (tmp = gcry_mpi_new(0)));
499 493
500 gcry_mpi_set_ui (n, 1); 494 gcry_mpi_set_ui(n, 1);
501 gcry_mpi_set_ui (d, 1); 495 gcry_mpi_set_ui(d, 1);
502 496
503 for (i = 0; i < num; i++) 497 for (i = 0; i < num; i++)
504 { 498 {
505 unsigned int l = indices[i]; 499 unsigned int l = indices[i];
506 if (l == j) 500 if (l == j)
507 continue; 501 continue;
508 gcry_mpi_mul_ui (n, n, l + 1); 502 gcry_mpi_mul_ui(n, n, l + 1);
509 // d <- d * (l-j) 503 // d <- d * (l-j)
510 gcry_mpi_set_ui (tmp, l + 1); 504 gcry_mpi_set_ui(tmp, l + 1);
511 gcry_mpi_sub_ui (tmp, tmp, j + 1); 505 gcry_mpi_sub_ui(tmp, tmp, j + 1);
512 gcry_mpi_mul (d, d, tmp); 506 gcry_mpi_mul(d, d, tmp);
513 } 507 }
514 508
515 // gcry_mpi_invm does not like negative numbers ... 509 // gcry_mpi_invm does not like negative numbers ...
516 gcry_mpi_mod (d, d, elgamal_q); 510 gcry_mpi_mod(d, d, elgamal_q);
517 511
518 GNUNET_assert (gcry_mpi_cmp_ui (d, 0) > 0); 512 GNUNET_assert(gcry_mpi_cmp_ui(d, 0) > 0);
519 513
520 // now we do the actual division, with everything mod q, as we 514 // now we do the actual division, with everything mod q, as we
521 // are not operating on elements from <g>, but on exponents 515 // are not operating on elements from <g>, but on exponents
522 GNUNET_assert (0 != gcry_mpi_invm (d, d, elgamal_q)); 516 GNUNET_assert(0 != gcry_mpi_invm(d, d, elgamal_q));
523 517
524 gcry_mpi_mulm (coeff, n, d, elgamal_q); 518 gcry_mpi_mulm(coeff, n, d, elgamal_q);
525 519
526 gcry_mpi_release (n); 520 gcry_mpi_release(n);
527 gcry_mpi_release (d); 521 gcry_mpi_release(d);
528 gcry_mpi_release (tmp); 522 gcry_mpi_release(tmp);
529} 523}
530 524
531 525
@@ -536,117 +530,117 @@ compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j,
536 * @param ds decrypt session to destroy 530 * @param ds decrypt session to destroy
537 */ 531 */
538static void 532static void
539decrypt_session_destroy (struct DecryptSession *ds) 533decrypt_session_destroy(struct DecryptSession *ds)
540{ 534{
541 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 535 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
542 "destroying decrypt session\n"); 536 "destroying decrypt session\n");
543 if (NULL != ds->cs) 537 if (NULL != ds->cs)
544 { 538 {
545 ds->cs->decrypt_session = NULL; 539 ds->cs->decrypt_session = NULL;
546 ds->cs = NULL; 540 ds->cs = NULL;
547 } 541 }
548 if (NULL != ds->consensus) 542 if (NULL != ds->consensus)
549 { 543 {
550 GNUNET_CONSENSUS_destroy (ds->consensus); 544 GNUNET_CONSENSUS_destroy(ds->consensus);
551 ds->consensus = NULL; 545 ds->consensus = NULL;
552 } 546 }
553 547
554 if (NULL != ds->info) 548 if (NULL != ds->info)
555 {
556 for (unsigned int i = 0; i < ds->share->num_peers; i++)
557 { 549 {
558 if (NULL != ds->info[i].partial_decryption) 550 for (unsigned int i = 0; i < ds->share->num_peers; i++)
559 { 551 {
560 gcry_mpi_release (ds->info[i].partial_decryption); 552 if (NULL != ds->info[i].partial_decryption)
561 ds->info[i].partial_decryption = NULL; 553 {
562 } 554 gcry_mpi_release(ds->info[i].partial_decryption);
555 ds->info[i].partial_decryption = NULL;
556 }
557 }
558 GNUNET_free(ds->info);
559 ds->info = NULL;
563 } 560 }
564 GNUNET_free (ds->info);
565 ds->info = NULL;
566 }
567 if (NULL != ds->share) 561 if (NULL != ds->share)
568 { 562 {
569 GNUNET_SECRETSHARING_share_destroy (ds->share); 563 GNUNET_SECRETSHARING_share_destroy(ds->share);
570 ds->share = NULL; 564 ds->share = NULL;
571 } 565 }
572 566
573 GNUNET_free (ds); 567 GNUNET_free(ds);
574} 568}
575 569
576 570
577static void 571static void
578keygen_info_destroy (struct KeygenPeerInfo *info) 572keygen_info_destroy(struct KeygenPeerInfo *info)
579{ 573{
580 if (NULL != info->sigma) 574 if (NULL != info->sigma)
581 { 575 {
582 gcry_mpi_release (info->sigma); 576 gcry_mpi_release(info->sigma);
583 info->sigma = NULL; 577 info->sigma = NULL;
584 } 578 }
585 if (NULL != info->presecret_commitment) 579 if (NULL != info->presecret_commitment)
586 { 580 {
587 gcry_mpi_release (info->presecret_commitment); 581 gcry_mpi_release(info->presecret_commitment);
588 info->presecret_commitment = NULL; 582 info->presecret_commitment = NULL;
589 } 583 }
590 if (NULL != info->preshare_commitment) 584 if (NULL != info->preshare_commitment)
591 { 585 {
592 gcry_mpi_release (info->preshare_commitment); 586 gcry_mpi_release(info->preshare_commitment);
593 info->preshare_commitment = NULL; 587 info->preshare_commitment = NULL;
594 } 588 }
595} 589}
596 590
597 591
598static void 592static void
599keygen_session_destroy (struct KeygenSession *ks) 593keygen_session_destroy(struct KeygenSession *ks)
600{ 594{
601 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 595 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
602 "destroying keygen session\n"); 596 "destroying keygen session\n");
603 597
604 if (NULL != ks->cs) 598 if (NULL != ks->cs)
605 { 599 {
606 ks->cs->keygen_session = NULL; 600 ks->cs->keygen_session = NULL;
607 ks->cs = NULL; 601 ks->cs = NULL;
608 } 602 }
609 if (NULL != ks->info) 603 if (NULL != ks->info)
610 { 604 {
611 for (unsigned int i = 0; i < ks->num_peers; i++) 605 for (unsigned int i = 0; i < ks->num_peers; i++)
612 keygen_info_destroy (&ks->info[i]); 606 keygen_info_destroy(&ks->info[i]);
613 GNUNET_free (ks->info); 607 GNUNET_free(ks->info);
614 ks->info = NULL; 608 ks->info = NULL;
615 } 609 }
616 610
617 if (NULL != ks->consensus) 611 if (NULL != ks->consensus)
618 { 612 {
619 GNUNET_CONSENSUS_destroy (ks->consensus); 613 GNUNET_CONSENSUS_destroy(ks->consensus);
620 ks->consensus = NULL; 614 ks->consensus = NULL;
621 } 615 }
622 616
623 if (NULL != ks->presecret_polynomial) 617 if (NULL != ks->presecret_polynomial)
624 {
625 for (unsigned int i = 0; i < ks->threshold; i++)
626 { 618 {
627 GNUNET_assert (NULL != ks->presecret_polynomial[i]); 619 for (unsigned int i = 0; i < ks->threshold; i++)
628 gcry_mpi_release (ks->presecret_polynomial[i]); 620 {
629 ks->presecret_polynomial[i] = NULL; 621 GNUNET_assert(NULL != ks->presecret_polynomial[i]);
622 gcry_mpi_release(ks->presecret_polynomial[i]);
623 ks->presecret_polynomial[i] = NULL;
624 }
625 GNUNET_free(ks->presecret_polynomial);
626 ks->presecret_polynomial = NULL;
630 } 627 }
631 GNUNET_free (ks->presecret_polynomial);
632 ks->presecret_polynomial = NULL;
633 }
634 if (NULL != ks->my_share) 628 if (NULL != ks->my_share)
635 { 629 {
636 gcry_mpi_release (ks->my_share); 630 gcry_mpi_release(ks->my_share);
637 ks->my_share = NULL; 631 ks->my_share = NULL;
638 } 632 }
639 if (NULL != ks->public_key) 633 if (NULL != ks->public_key)
640 { 634 {
641 gcry_mpi_release (ks->public_key); 635 gcry_mpi_release(ks->public_key);
642 ks->public_key = NULL; 636 ks->public_key = NULL;
643 } 637 }
644 if (NULL != ks->peers) 638 if (NULL != ks->peers)
645 { 639 {
646 GNUNET_free (ks->peers); 640 GNUNET_free(ks->peers);
647 ks->peers = NULL; 641 ks->peers = NULL;
648 } 642 }
649 GNUNET_free (ks); 643 GNUNET_free(ks);
650} 644}
651 645
652 646
@@ -657,7 +651,7 @@ keygen_session_destroy (struct KeygenSession *ks)
657 * @param tc unused 651 * @param tc unused
658 */ 652 */
659static void 653static void
660cleanup_task (void *cls) 654cleanup_task(void *cls)
661{ 655{
662 /* Nothing to do! */ 656 /* Nothing to do! */
663} 657}
@@ -670,25 +664,26 @@ cleanup_task (void *cls)
670 * @param ks the session 664 * @param ks the session
671 */ 665 */
672static void 666static void
673generate_presecret_polynomial (struct KeygenSession *ks) 667generate_presecret_polynomial(struct KeygenSession *ks)
674{ 668{
675 int i; 669 int i;
676 gcry_mpi_t v; 670 gcry_mpi_t v;
677 671
678 GNUNET_assert (NULL == ks->presecret_polynomial); 672 GNUNET_assert(NULL == ks->presecret_polynomial);
679 ks->presecret_polynomial = GNUNET_new_array (ks->threshold, 673 ks->presecret_polynomial = GNUNET_new_array(ks->threshold,
680 gcry_mpi_t); 674 gcry_mpi_t);
681 for (i = 0; i < ks->threshold; i++) 675 for (i = 0; i < ks->threshold; i++)
682 {
683 v = ks->presecret_polynomial[i] = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS);
684 GNUNET_assert (NULL != v);
685 // Randomize v such that 0 < v < elgamal_q.
686 // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
687 do
688 { 676 {
689 gcry_mpi_randomize (v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); 677 v = ks->presecret_polynomial[i] = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS);
690 } while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v, elgamal_q) >= 0)); 678 GNUNET_assert(NULL != v);
691 } 679 // Randomize v such that 0 < v < elgamal_q.
680 // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
681 do
682 {
683 gcry_mpi_randomize(v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
684 }
685 while ((gcry_mpi_cmp_ui(v, 0) == 0) || (gcry_mpi_cmp(v, elgamal_q) >= 0));
686 }
692} 687}
693 688
694 689
@@ -701,57 +696,57 @@ generate_presecret_polynomial (struct KeygenSession *ks)
701 * NULL if consensus failed. 696 * NULL if consensus failed.
702 */ 697 */
703static void 698static void
704keygen_round1_new_element (void *cls, 699keygen_round1_new_element(void *cls,
705 const struct GNUNET_SET_Element *element) 700 const struct GNUNET_SET_Element *element)
706{ 701{
707 const struct GNUNET_SECRETSHARING_KeygenCommitData *d; 702 const struct GNUNET_SECRETSHARING_KeygenCommitData *d;
708 struct KeygenSession *ks = cls; 703 struct KeygenSession *ks = cls;
709 struct KeygenPeerInfo *info; 704 struct KeygenPeerInfo *info;
710 705
711 if (NULL == element) 706 if (NULL == element)
712 { 707 {
713 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n"); 708 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n");
714 return; 709 return;
715 } 710 }
716 711
717 /* elements have fixed size */ 712 /* elements have fixed size */
718 if (element->size != sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData)) 713 if (element->size != sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData))
719 { 714 {
720 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 715 GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
721 "keygen commit data with wrong size (%u) in consensus, %u expected\n", 716 "keygen commit data with wrong size (%u) in consensus, %u expected\n",
722 (unsigned int) element->size, 717 (unsigned int)element->size,
723 (unsigned int) sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData)); 718 (unsigned int)sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData));
724 return; 719 return;
725 } 720 }
726 721
727 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round1 element\n"); 722 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "got round1 element\n");
728 723
729 d = element->data; 724 d = element->data;
730 info = get_keygen_peer_info (ks, &d->peer); 725 info = get_keygen_peer_info(ks, &d->peer);
731 726
732 if (NULL == info) 727 if (NULL == info)
733 { 728 {
734 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", 729 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n",
735 GNUNET_i2s (&d->peer)); 730 GNUNET_i2s(&d->peer));
736 return; 731 return;
737 } 732 }
738 733
739 /* Check that the right amount of data has been signed. */ 734 /* Check that the right amount of data has been signed. */
740 if (d->purpose.size != 735 if (d->purpose.size !=
741 htonl (element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose))) 736 htonl(element->size - offsetof(struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)))
742 { 737 {
743 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong signature purpose size in consensus\n"); 738 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong signature purpose size in consensus\n");
744 return; 739 return;
745 } 740 }
746 741
747 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, 742 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1,
748 &d->purpose, &d->signature, &d->peer.public_key)) 743 &d->purpose, &d->signature, &d->peer.public_key))
749 { 744 {
750 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with invalid signature in consensus\n"); 745 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with invalid signature in consensus\n");
751 return; 746 return;
752 } 747 }
753 info->paillier_public_key = d->pubkey; 748 info->paillier_public_key = d->pubkey;
754 GNUNET_CRYPTO_mpi_scan_unsigned (&info->presecret_commitment, &d->commitment, 512 / 8); 749 GNUNET_CRYPTO_mpi_scan_unsigned(&info->presecret_commitment, &d->commitment, 512 / 8);
755 info->round1_valid = GNUNET_YES; 750 info->round1_valid = GNUNET_YES;
756} 751}
757 752
@@ -767,22 +762,22 @@ keygen_round1_new_element (void *cls,
767 * @param m what group are we operating in? 762 * @param m what group are we operating in?
768 */ 763 */
769static void 764static void
770horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m) 765horner_eval(gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m)
771{ 766{
772 unsigned int i; 767 unsigned int i;
773 768
774 gcry_mpi_set_ui (z, 0); 769 gcry_mpi_set_ui(z, 0);
775 for (i = 0; i < num_coeff; i++) 770 for (i = 0; i < num_coeff; i++)
776 { 771 {
777 // z <- zx + c 772 // z <- zx + c
778 gcry_mpi_mul (z, z, x); 773 gcry_mpi_mul(z, z, x);
779 gcry_mpi_addm (z, z, coeff[num_coeff - i - 1], m); 774 gcry_mpi_addm(z, z, coeff[num_coeff - i - 1], m);
780 } 775 }
781} 776}
782 777
783 778
784static void 779static void
785keygen_round2_conclude (void *cls) 780keygen_round2_conclude(void *cls)
786{ 781{
787 struct KeygenSession *ks = cls; 782 struct KeygenSession *ks = cls;
788 struct GNUNET_SECRETSHARING_SecretReadyMessage *m; 783 struct GNUNET_SECRETSHARING_SecretReadyMessage *m;
@@ -792,12 +787,12 @@ keygen_round2_conclude (void *cls)
792 unsigned int j; 787 unsigned int j;
793 struct GNUNET_SECRETSHARING_Share *share; 788 struct GNUNET_SECRETSHARING_Share *share;
794 789
795 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); 790 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "round2 conclude\n");
796 791
797 GNUNET_CONSENSUS_destroy (ks->consensus); 792 GNUNET_CONSENSUS_destroy(ks->consensus);
798 ks->consensus = NULL; 793 ks->consensus = NULL;
799 794
800 share = GNUNET_new (struct GNUNET_SECRETSHARING_Share); 795 share = GNUNET_new(struct GNUNET_SECRETSHARING_Share);
801 796
802 share->num_peers = 0; 797 share->num_peers = 0;
803 798
@@ -805,71 +800,71 @@ keygen_round2_conclude (void *cls)
805 if (GNUNET_YES == ks->info[i].round2_valid) 800 if (GNUNET_YES == ks->info[i].round2_valid)
806 share->num_peers++; 801 share->num_peers++;
807 802
808 share->peers = GNUNET_new_array (share->num_peers, 803 share->peers = GNUNET_new_array(share->num_peers,
809 struct GNUNET_PeerIdentity); 804 struct GNUNET_PeerIdentity);
810 share->sigmas = 805 share->sigmas =
811 GNUNET_new_array (share->num_peers, 806 GNUNET_new_array(share->num_peers,
812 struct GNUNET_SECRETSHARING_FieldElement); 807 struct GNUNET_SECRETSHARING_FieldElement);
813 share->original_indices = GNUNET_new_array (share->num_peers, 808 share->original_indices = GNUNET_new_array(share->num_peers,
814 uint16_t); 809 uint16_t);
815 810
816 /* maybe we're not even in the list of peers? */ 811 /* maybe we're not even in the list of peers? */
817 share->my_peer = share->num_peers; 812 share->my_peer = share->num_peers;
818 813
819 j = 0; /* running index of valid peers */ 814 j = 0; /* running index of valid peers */
820 for (i = 0; i < ks->num_peers; i++) 815 for (i = 0; i < ks->num_peers; i++)
821 {
822 if (GNUNET_YES == ks->info[i].round2_valid)
823 { 816 {
824 share->peers[j] = ks->info[i].peer; 817 if (GNUNET_YES == ks->info[i].round2_valid)
825 GNUNET_CRYPTO_mpi_print_unsigned (&share->sigmas[j], 818 {
826 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 819 share->peers[j] = ks->info[i].peer;
827 ks->info[i].sigma); 820 GNUNET_CRYPTO_mpi_print_unsigned(&share->sigmas[j],
828 share->original_indices[i] = j; 821 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
829 if (0 == GNUNET_memcmp (&share->peers[i], &my_peer)) 822 ks->info[i].sigma);
830 share->my_peer = j; 823 share->original_indices[i] = j;
831 j += 1; 824 if (0 == GNUNET_memcmp(&share->peers[i], &my_peer))
825 share->my_peer = j;
826 j += 1;
827 }
832 } 828 }
833 }
834 829
835 if (share->my_peer == share->num_peers) 830 if (share->my_peer == share->num_peers)
836 { 831 {
837 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n", ks->local_peer_idx); 832 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n", ks->local_peer_idx);
838 } 833 }
839 834
840 GNUNET_CRYPTO_mpi_print_unsigned (&share->my_share, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 835 GNUNET_CRYPTO_mpi_print_unsigned(&share->my_share, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
841 ks->my_share); 836 ks->my_share);
842 GNUNET_CRYPTO_mpi_print_unsigned (&share->public_key, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 837 GNUNET_CRYPTO_mpi_print_unsigned(&share->public_key, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
843 ks->public_key); 838 ks->public_key);
844 839
845 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n", share->num_peers); 840 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n", share->num_peers);
846 841
847 /* Write the share. If 0 peers completed the dkg, an empty 842 /* Write the share. If 0 peers completed the dkg, an empty
848 * share will be sent. */ 843 * share will be sent. */
849 844
850 GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, NULL, 0, &share_size)); 845 GNUNET_assert(GNUNET_OK == GNUNET_SECRETSHARING_share_write(share, NULL, 0, &share_size));
851 846
852 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n", 847 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n",
853 (unsigned int) share_size); 848 (unsigned int)share_size);
854 849
855 ev = GNUNET_MQ_msg_extra (m, share_size, 850 ev = GNUNET_MQ_msg_extra(m, share_size,
856 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY); 851 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY);
857 852
858 GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, &m[1], share_size, NULL)); 853 GNUNET_assert(GNUNET_OK == GNUNET_SECRETSHARING_share_write(share, &m[1], share_size, NULL));
859 854
860 GNUNET_SECRETSHARING_share_destroy (share); 855 GNUNET_SECRETSHARING_share_destroy(share);
861 share = NULL; 856 share = NULL;
862 857
863 GNUNET_MQ_send (ks->cs->mq, 858 GNUNET_MQ_send(ks->cs->mq,
864 ev); 859 ev);
865} 860}
866 861
867 862
868 863
869static void 864static void
870restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, 865restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
871 const struct GNUNET_SECRETSHARING_FairEncryption *fe, 866 const struct GNUNET_SECRETSHARING_FairEncryption *fe,
872 gcry_mpi_t x, gcry_mpi_t xres) 867 gcry_mpi_t x, gcry_mpi_t xres)
873{ 868{
874 gcry_mpi_t a_1; 869 gcry_mpi_t a_1;
875 gcry_mpi_t a_2; 870 gcry_mpi_t a_2;
@@ -886,101 +881,101 @@ restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
886 gcry_mpi_t v; 881 gcry_mpi_t v;
887 882
888 883
889 GNUNET_assert (NULL != (n = gcry_mpi_new (0))); 884 GNUNET_assert(NULL != (n = gcry_mpi_new(0)));
890 GNUNET_assert (NULL != (t = gcry_mpi_new (0))); 885 GNUNET_assert(NULL != (t = gcry_mpi_new(0)));
891 GNUNET_assert (NULL != (t_1 = gcry_mpi_new (0))); 886 GNUNET_assert(NULL != (t_1 = gcry_mpi_new(0)));
892 GNUNET_assert (NULL != (t_2 = gcry_mpi_new (0))); 887 GNUNET_assert(NULL != (t_2 = gcry_mpi_new(0)));
893 GNUNET_assert (NULL != (r = gcry_mpi_new (0))); 888 GNUNET_assert(NULL != (r = gcry_mpi_new(0)));
894 GNUNET_assert (NULL != (big_t = gcry_mpi_new (0))); 889 GNUNET_assert(NULL != (big_t = gcry_mpi_new(0)));
895 GNUNET_assert (NULL != (v = gcry_mpi_new (0))); 890 GNUNET_assert(NULL != (v = gcry_mpi_new(0)));
896 GNUNET_assert (NULL != (big_a = gcry_mpi_new (0))); 891 GNUNET_assert(NULL != (big_a = gcry_mpi_new(0)));
897 GNUNET_assert (NULL != (big_b = gcry_mpi_new (0))); 892 GNUNET_assert(NULL != (big_b = gcry_mpi_new(0)));
898 893
899 // a = (N,0)^T 894 // a = (N,0)^T
900 GNUNET_CRYPTO_mpi_scan_unsigned (&a_1, 895 GNUNET_CRYPTO_mpi_scan_unsigned(&a_1,
901 ppub, 896 ppub,
902 sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); 897 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey));
903 GNUNET_assert (NULL != (a_2 = gcry_mpi_new (0))); 898 GNUNET_assert(NULL != (a_2 = gcry_mpi_new(0)));
904 gcry_mpi_set_ui (a_2, 0); 899 gcry_mpi_set_ui(a_2, 0);
905 // b = (x,1)^T 900 // b = (x,1)^T
906 GNUNET_assert (NULL != (b_1 = gcry_mpi_new (0))); 901 GNUNET_assert(NULL != (b_1 = gcry_mpi_new(0)));
907 gcry_mpi_set (b_1, x); 902 gcry_mpi_set(b_1, x);
908 GNUNET_assert (NULL != (b_2 = gcry_mpi_new (0))); 903 GNUNET_assert(NULL != (b_2 = gcry_mpi_new(0)));
909 gcry_mpi_set_ui (b_2, 1); 904 gcry_mpi_set_ui(b_2, 1);
910 905
911 // A = a DOT a 906 // A = a DOT a
912 gcry_mpi_mul (t, a_1, a_1); 907 gcry_mpi_mul(t, a_1, a_1);
913 gcry_mpi_mul (big_a, a_2, a_2); 908 gcry_mpi_mul(big_a, a_2, a_2);
914 gcry_mpi_add (big_a, big_a, t); 909 gcry_mpi_add(big_a, big_a, t);
915 910
916 // B = b DOT b 911 // B = b DOT b
917 gcry_mpi_mul (t, b_1, b_1); 912 gcry_mpi_mul(t, b_1, b_1);
918 gcry_mpi_mul (big_b, b_2, b_2); 913 gcry_mpi_mul(big_b, b_2, b_2);
919 gcry_mpi_add (big_b, big_b, t); 914 gcry_mpi_add(big_b, big_b, t);
920 915
921 while (1) 916 while (1)
922 {
923 // n = a DOT b
924 gcry_mpi_mul (t, a_1, b_1);
925 gcry_mpi_mul (n, a_2, b_2);
926 gcry_mpi_add (n, n, t);
927
928 // r = nearest(n/B)
929 gcry_mpi_div (r, NULL, n, big_b, 0);
930
931 // T := A - 2rn + rrB
932 gcry_mpi_mul (v, r, n);
933 gcry_mpi_mul_ui (v, v, 2);
934 gcry_mpi_sub (big_t, big_a, v);
935 gcry_mpi_mul (v, r, r);
936 gcry_mpi_mul (v, v, big_b);
937 gcry_mpi_add (big_t, big_t, v);
938
939 if (gcry_mpi_cmp (big_t, big_b) >= 0)
940 { 917 {
941 break; 918 // n = a DOT b
919 gcry_mpi_mul(t, a_1, b_1);
920 gcry_mpi_mul(n, a_2, b_2);
921 gcry_mpi_add(n, n, t);
922
923 // r = nearest(n/B)
924 gcry_mpi_div(r, NULL, n, big_b, 0);
925
926 // T := A - 2rn + rrB
927 gcry_mpi_mul(v, r, n);
928 gcry_mpi_mul_ui(v, v, 2);
929 gcry_mpi_sub(big_t, big_a, v);
930 gcry_mpi_mul(v, r, r);
931 gcry_mpi_mul(v, v, big_b);
932 gcry_mpi_add(big_t, big_t, v);
933
934 if (gcry_mpi_cmp(big_t, big_b) >= 0)
935 {
936 break;
937 }
938
939 // t = a - rb
940 gcry_mpi_mul(v, r, b_1);
941 gcry_mpi_sub(t_1, a_1, v);
942 gcry_mpi_mul(v, r, b_2);
943 gcry_mpi_sub(t_2, a_2, v);
944
945 // a = b
946 gcry_mpi_set(a_1, b_1);
947 gcry_mpi_set(a_2, b_2);
948 // b = t
949 gcry_mpi_set(b_1, t_1);
950 gcry_mpi_set(b_2, t_2);
951
952 gcry_mpi_set(big_a, big_b);
953 gcry_mpi_set(big_b, big_t);
942 } 954 }
943 955
944 // t = a - rb 956 gcry_mpi_set(xres, b_2);
945 gcry_mpi_mul (v, r, b_1); 957 gcry_mpi_invm(xres, xres, elgamal_q);
946 gcry_mpi_sub (t_1, a_1, v); 958 gcry_mpi_mulm(xres, xres, b_1, elgamal_q);
947 gcry_mpi_mul (v, r, b_2); 959
948 gcry_mpi_sub (t_2, a_2, v); 960 gcry_mpi_release(a_1);
949 961 gcry_mpi_release(a_2);
950 // a = b 962 gcry_mpi_release(b_1);
951 gcry_mpi_set (a_1, b_1); 963 gcry_mpi_release(b_2);
952 gcry_mpi_set (a_2, b_2); 964 gcry_mpi_release(big_a);
953 // b = t 965 gcry_mpi_release(big_b);
954 gcry_mpi_set (b_1, t_1); 966 gcry_mpi_release(big_t);
955 gcry_mpi_set (b_2, t_2); 967 gcry_mpi_release(n);
956 968 gcry_mpi_release(t_1);
957 gcry_mpi_set (big_a, big_b); 969 gcry_mpi_release(t_2);
958 gcry_mpi_set (big_b, big_t); 970 gcry_mpi_release(t);
959 } 971 gcry_mpi_release(r);
960 972 gcry_mpi_release(v);
961 gcry_mpi_set (xres, b_2);
962 gcry_mpi_invm (xres, xres, elgamal_q);
963 gcry_mpi_mulm (xres, xres, b_1, elgamal_q);
964
965 gcry_mpi_release (a_1);
966 gcry_mpi_release (a_2);
967 gcry_mpi_release (b_1);
968 gcry_mpi_release (b_2);
969 gcry_mpi_release (big_a);
970 gcry_mpi_release (big_b);
971 gcry_mpi_release (big_t);
972 gcry_mpi_release (n);
973 gcry_mpi_release (t_1);
974 gcry_mpi_release (t_2);
975 gcry_mpi_release (t);
976 gcry_mpi_release (r);
977 gcry_mpi_release (v);
978} 973}
979 974
980 975
981static void 976static void
982get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption *fe, 977get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe,
983 gcry_mpi_t *e) 978 gcry_mpi_t *e)
984{ 979{
985 struct { 980 struct {
986 struct GNUNET_CRYPTO_PaillierCiphertext c; 981 struct GNUNET_CRYPTO_PaillierCiphertext c;
@@ -990,27 +985,27 @@ get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption
990 } hash_data; 985 } hash_data;
991 struct GNUNET_HashCode e_hash; 986 struct GNUNET_HashCode e_hash;
992 987
993 memset (&hash_data, 988 memset(&hash_data,
994 0, 989 0,
995 sizeof (hash_data)); 990 sizeof(hash_data));
996 GNUNET_memcpy (&hash_data.c, &fe->c, sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)); 991 GNUNET_memcpy(&hash_data.c, &fe->c, sizeof(struct GNUNET_CRYPTO_PaillierCiphertext));
997 GNUNET_memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 992 GNUNET_memcpy(&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
998 GNUNET_memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 993 GNUNET_memcpy(&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
999 GNUNET_memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); 994 GNUNET_memcpy(&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
1000 GNUNET_CRYPTO_hash (&hash_data, 995 GNUNET_CRYPTO_hash(&hash_data,
1001 sizeof (hash_data), 996 sizeof(hash_data),
1002 &e_hash); 997 &e_hash);
1003 /* This allocates "e" */ 998 /* This allocates "e" */
1004 GNUNET_CRYPTO_mpi_scan_unsigned (e, 999 GNUNET_CRYPTO_mpi_scan_unsigned(e,
1005 &e_hash, 1000 &e_hash,
1006 sizeof (struct GNUNET_HashCode)); 1001 sizeof(struct GNUNET_HashCode));
1007 gcry_mpi_mod (*e, *e, elgamal_q); 1002 gcry_mpi_mod(*e, *e, elgamal_q);
1008} 1003}
1009 1004
1010 1005
1011static int 1006static int
1012verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, 1007verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
1013 const struct GNUNET_SECRETSHARING_FairEncryption *fe) 1008 const struct GNUNET_SECRETSHARING_FairEncryption *fe)
1014{ 1009{
1015 gcry_mpi_t n; 1010 gcry_mpi_t n;
1016 gcry_mpi_t n_sq; 1011 gcry_mpi_t n_sq;
@@ -1025,73 +1020,73 @@ verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
1025 gcry_mpi_t big_y; 1020 gcry_mpi_t big_y;
1026 int res; 1021 int res;
1027 1022
1028 GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0))); 1023 GNUNET_assert(NULL != (n_sq = gcry_mpi_new(0)));
1029 GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0))); 1024 GNUNET_assert(NULL != (tmp1 = gcry_mpi_new(0)));
1030 GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0))); 1025 GNUNET_assert(NULL != (tmp2 = gcry_mpi_new(0)));
1031 1026
1032 get_fair_encryption_challenge (fe, 1027 get_fair_encryption_challenge(fe,
1033 &e /* this allocates e */); 1028 &e /* this allocates e */);
1034 1029
1035 GNUNET_CRYPTO_mpi_scan_unsigned (&n, 1030 GNUNET_CRYPTO_mpi_scan_unsigned(&n,
1036 ppub, 1031 ppub,
1037 sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); 1032 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey));
1038 GNUNET_CRYPTO_mpi_scan_unsigned (&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS / 8); 1033 GNUNET_CRYPTO_mpi_scan_unsigned(&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS / 8);
1039 GNUNET_CRYPTO_mpi_scan_unsigned (&z, fe->z, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1034 GNUNET_CRYPTO_mpi_scan_unsigned(&z, fe->z, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1040 GNUNET_CRYPTO_mpi_scan_unsigned (&y, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1035 GNUNET_CRYPTO_mpi_scan_unsigned(&y, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1041 GNUNET_CRYPTO_mpi_scan_unsigned (&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8); 1036 GNUNET_CRYPTO_mpi_scan_unsigned(&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8);
1042 GNUNET_CRYPTO_mpi_scan_unsigned (&big_y, fe->c.bits, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); 1037 GNUNET_CRYPTO_mpi_scan_unsigned(&big_y, fe->c.bits, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
1043 GNUNET_CRYPTO_mpi_scan_unsigned (&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); 1038 GNUNET_CRYPTO_mpi_scan_unsigned(&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
1044 gcry_mpi_mul (n_sq, n, n); 1039 gcry_mpi_mul(n_sq, n, n);
1045 1040
1046 // tmp1 = g^z 1041 // tmp1 = g^z
1047 gcry_mpi_powm (tmp1, elgamal_g, z, elgamal_p); 1042 gcry_mpi_powm(tmp1, elgamal_g, z, elgamal_p);
1048 // tmp2 = y^{-e} 1043 // tmp2 = y^{-e}
1049 gcry_mpi_powm (tmp1, y, e, elgamal_p); 1044 gcry_mpi_powm(tmp1, y, e, elgamal_p);
1050 gcry_mpi_invm (tmp1, tmp1, elgamal_p); 1045 gcry_mpi_invm(tmp1, tmp1, elgamal_p);
1051 // tmp1 = tmp1 * tmp2 1046 // tmp1 = tmp1 * tmp2
1052 gcry_mpi_mulm (tmp1, tmp1, tmp2, elgamal_p); 1047 gcry_mpi_mulm(tmp1, tmp1, tmp2, elgamal_p);
1053 1048
1054 if (0 == gcry_mpi_cmp (t1, tmp1)) 1049 if (0 == gcry_mpi_cmp(t1, tmp1))
1055 { 1050 {
1056 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n"); 1051 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n");
1057 res = GNUNET_NO; 1052 res = GNUNET_NO;
1058 goto cleanup; 1053 goto cleanup;
1059 } 1054 }
1060 1055
1061 gcry_mpi_powm (big_y, big_y, e, n_sq); 1056 gcry_mpi_powm(big_y, big_y, e, n_sq);
1062 gcry_mpi_invm (big_y, big_y, n_sq); 1057 gcry_mpi_invm(big_y, big_y, n_sq);
1063 1058
1064 gcry_mpi_add_ui (tmp1, n, 1); 1059 gcry_mpi_add_ui(tmp1, n, 1);
1065 gcry_mpi_powm (tmp1, tmp1, z, n_sq); 1060 gcry_mpi_powm(tmp1, tmp1, z, n_sq);
1066 1061
1067 gcry_mpi_powm (tmp2, w, n, n_sq); 1062 gcry_mpi_powm(tmp2, w, n, n_sq);
1068 1063
1069 gcry_mpi_mulm (tmp1, tmp1, tmp2, n_sq); 1064 gcry_mpi_mulm(tmp1, tmp1, tmp2, n_sq);
1070 gcry_mpi_mulm (tmp1, tmp1, big_y, n_sq); 1065 gcry_mpi_mulm(tmp1, tmp1, big_y, n_sq);
1071 1066
1072 1067
1073 if (0 == gcry_mpi_cmp (t2, tmp1)) 1068 if (0 == gcry_mpi_cmp(t2, tmp1))
1074 { 1069 {
1075 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n"); 1070 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n");
1076 res = GNUNET_NO; 1071 res = GNUNET_NO;
1077 goto cleanup; 1072 goto cleanup;
1078 } 1073 }
1079 1074
1080 res = GNUNET_YES; 1075 res = GNUNET_YES;
1081 1076
1082cleanup: 1077cleanup:
1083 1078
1084 gcry_mpi_release (n); 1079 gcry_mpi_release(n);
1085 gcry_mpi_release (n_sq); 1080 gcry_mpi_release(n_sq);
1086 gcry_mpi_release (z); 1081 gcry_mpi_release(z);
1087 gcry_mpi_release (t1); 1082 gcry_mpi_release(t1);
1088 gcry_mpi_release (t2); 1083 gcry_mpi_release(t2);
1089 gcry_mpi_release (e); 1084 gcry_mpi_release(e);
1090 gcry_mpi_release (w); 1085 gcry_mpi_release(w);
1091 gcry_mpi_release (tmp1); 1086 gcry_mpi_release(tmp1);
1092 gcry_mpi_release (tmp2); 1087 gcry_mpi_release(tmp2);
1093 gcry_mpi_release (y); 1088 gcry_mpi_release(y);
1094 gcry_mpi_release (big_y); 1089 gcry_mpi_release(big_y);
1095 return res; 1090 return res;
1096} 1091}
1097 1092
@@ -1103,9 +1098,9 @@ cleanup:
1103 * @param[out] fe the fair encryption 1098 * @param[out] fe the fair encryption
1104 */ 1099 */
1105static void 1100static void
1106encrypt_fair (gcry_mpi_t v, 1101encrypt_fair(gcry_mpi_t v,
1107 const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, 1102 const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
1108 struct GNUNET_SECRETSHARING_FairEncryption *fe) 1103 struct GNUNET_SECRETSHARING_FairEncryption *fe)
1109{ 1104{
1110 gcry_mpi_t r; 1105 gcry_mpi_t r;
1111 gcry_mpi_t s; 1106 gcry_mpi_t s;
@@ -1121,97 +1116,99 @@ encrypt_fair (gcry_mpi_t v,
1121 gcry_mpi_t G; 1116 gcry_mpi_t G;
1122 gcry_mpi_t h; 1117 gcry_mpi_t h;
1123 1118
1124 GNUNET_assert (NULL != (r = gcry_mpi_new (0))); 1119 GNUNET_assert(NULL != (r = gcry_mpi_new(0)));
1125 GNUNET_assert (NULL != (s = gcry_mpi_new (0))); 1120 GNUNET_assert(NULL != (s = gcry_mpi_new(0)));
1126 GNUNET_assert (NULL != (t1 = gcry_mpi_new (0))); 1121 GNUNET_assert(NULL != (t1 = gcry_mpi_new(0)));
1127 GNUNET_assert (NULL != (t2 = gcry_mpi_new (0))); 1122 GNUNET_assert(NULL != (t2 = gcry_mpi_new(0)));
1128 GNUNET_assert (NULL != (z = gcry_mpi_new (0))); 1123 GNUNET_assert(NULL != (z = gcry_mpi_new(0)));
1129 GNUNET_assert (NULL != (w = gcry_mpi_new (0))); 1124 GNUNET_assert(NULL != (w = gcry_mpi_new(0)));
1130 GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0))); 1125 GNUNET_assert(NULL != (n_sq = gcry_mpi_new(0)));
1131 GNUNET_assert (NULL != (u = gcry_mpi_new (0))); 1126 GNUNET_assert(NULL != (u = gcry_mpi_new(0)));
1132 GNUNET_assert (NULL != (Y = gcry_mpi_new (0))); 1127 GNUNET_assert(NULL != (Y = gcry_mpi_new(0)));
1133 GNUNET_assert (NULL != (G = gcry_mpi_new (0))); 1128 GNUNET_assert(NULL != (G = gcry_mpi_new(0)));
1134 GNUNET_assert (NULL != (h = gcry_mpi_new (0))); 1129 GNUNET_assert(NULL != (h = gcry_mpi_new(0)));
1135 1130
1136 GNUNET_CRYPTO_mpi_scan_unsigned (&n, 1131 GNUNET_CRYPTO_mpi_scan_unsigned(&n,
1137 ppub, 1132 ppub,
1138 sizeof (struct GNUNET_CRYPTO_PaillierPublicKey)); 1133 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey));
1139 gcry_mpi_mul (n_sq, n, n); 1134 gcry_mpi_mul(n_sq, n, n);
1140 gcry_mpi_add_ui (G, n, 1); 1135 gcry_mpi_add_ui(G, n, 1);
1141
1142 do {
1143 gcry_mpi_randomize (u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1144 }
1145 while (gcry_mpi_cmp (u, n) >= 0);
1146 1136
1147 gcry_mpi_powm (t1, G, v, n_sq); 1137 do
1148 gcry_mpi_powm (t2, u, n, n_sq); 1138 {
1149 gcry_mpi_mulm (Y, t1, t2, n_sq); 1139 gcry_mpi_randomize(u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1140 }
1141 while (gcry_mpi_cmp(u, n) >= 0);
1150 1142
1151 GNUNET_CRYPTO_mpi_print_unsigned (fe->c.bits, 1143 gcry_mpi_powm(t1, G, v, n_sq);
1152 sizeof fe->c.bits, 1144 gcry_mpi_powm(t2, u, n, n_sq);
1153 Y); 1145 gcry_mpi_mulm(Y, t1, t2, n_sq);
1154 1146
1147 GNUNET_CRYPTO_mpi_print_unsigned(fe->c.bits,
1148 sizeof fe->c.bits,
1149 Y);
1155 1150
1156 gcry_mpi_randomize (r, 2048, GCRY_WEAK_RANDOM); 1151
1157 do { 1152 gcry_mpi_randomize(r, 2048, GCRY_WEAK_RANDOM);
1158 gcry_mpi_randomize (s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); 1153 do
1159 } 1154 {
1160 while (gcry_mpi_cmp (s, n) >= 0); 1155 gcry_mpi_randomize(s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1156 }
1157 while (gcry_mpi_cmp(s, n) >= 0);
1161 1158
1162 // compute t1 1159 // compute t1
1163 gcry_mpi_mulm (t1, elgamal_g, r, elgamal_p); 1160 gcry_mpi_mulm(t1, elgamal_g, r, elgamal_p);
1164 // compute t2 (use z and w as temp) 1161 // compute t2 (use z and w as temp)
1165 gcry_mpi_powm (z, G, r, n_sq); 1162 gcry_mpi_powm(z, G, r, n_sq);
1166 gcry_mpi_powm (w, s, n, n_sq); 1163 gcry_mpi_powm(w, s, n, n_sq);
1167 gcry_mpi_mulm (t2, z, w, n_sq); 1164 gcry_mpi_mulm(t2, z, w, n_sq);
1168 1165
1169 1166
1170 gcry_mpi_powm (h, elgamal_g, v, elgamal_p); 1167 gcry_mpi_powm(h, elgamal_g, v, elgamal_p);
1171 1168
1172 GNUNET_CRYPTO_mpi_print_unsigned (fe->h, 1169 GNUNET_CRYPTO_mpi_print_unsigned(fe->h,
1173 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 1170 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
1174 h); 1171 h);
1175 1172
1176 GNUNET_CRYPTO_mpi_print_unsigned (fe->t1, 1173 GNUNET_CRYPTO_mpi_print_unsigned(fe->t1,
1177 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 1174 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
1178 t1); 1175 t1);
1179 1176
1180 GNUNET_CRYPTO_mpi_print_unsigned (fe->t2, 1177 GNUNET_CRYPTO_mpi_print_unsigned(fe->t2,
1181 GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8, 1178 GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8,
1182 t2); 1179 t2);
1183 1180
1184 get_fair_encryption_challenge (fe, 1181 get_fair_encryption_challenge(fe,
1185 &e /* This allocates "e" */); 1182 &e /* This allocates "e" */);
1186 1183
1187 // compute z 1184 // compute z
1188 gcry_mpi_mul (z, e, v); 1185 gcry_mpi_mul(z, e, v);
1189 gcry_mpi_addm (z, z, r, elgamal_q); 1186 gcry_mpi_addm(z, z, r, elgamal_q);
1190 // compute w 1187 // compute w
1191 gcry_mpi_powm (w, u, e, n); 1188 gcry_mpi_powm(w, u, e, n);
1192 gcry_mpi_mulm (w, w, s, n); 1189 gcry_mpi_mulm(w, w, s, n);
1193 1190
1194 GNUNET_CRYPTO_mpi_print_unsigned (fe->z, 1191 GNUNET_CRYPTO_mpi_print_unsigned(fe->z,
1195 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 1192 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
1196 z); 1193 z);
1197 1194
1198 GNUNET_CRYPTO_mpi_print_unsigned (fe->w, 1195 GNUNET_CRYPTO_mpi_print_unsigned(fe->w,
1199 GNUNET_CRYPTO_PAILLIER_BITS / 8, 1196 GNUNET_CRYPTO_PAILLIER_BITS / 8,
1200 w); 1197 w);
1201 1198
1202 gcry_mpi_release (n); 1199 gcry_mpi_release(n);
1203 gcry_mpi_release (r); 1200 gcry_mpi_release(r);
1204 gcry_mpi_release (s); 1201 gcry_mpi_release(s);
1205 gcry_mpi_release (t1); 1202 gcry_mpi_release(t1);
1206 gcry_mpi_release (t2); 1203 gcry_mpi_release(t2);
1207 gcry_mpi_release (z); 1204 gcry_mpi_release(z);
1208 gcry_mpi_release (w); 1205 gcry_mpi_release(w);
1209 gcry_mpi_release (e); 1206 gcry_mpi_release(e);
1210 gcry_mpi_release (n_sq); 1207 gcry_mpi_release(n_sq);
1211 gcry_mpi_release (u); 1208 gcry_mpi_release(u);
1212 gcry_mpi_release (Y); 1209 gcry_mpi_release(Y);
1213 gcry_mpi_release (G); 1210 gcry_mpi_release(G);
1214 gcry_mpi_release (h); 1211 gcry_mpi_release(h);
1215} 1212}
1216 1213
1217 1214
@@ -1226,7 +1223,7 @@ encrypt_fair (gcry_mpi_t v,
1226 * @param ks session to use 1223 * @param ks session to use
1227 */ 1224 */
1228static void 1225static void
1229insert_round2_element (struct KeygenSession *ks) 1226insert_round2_element(struct KeygenSession *ks)
1230{ 1227{
1231 struct GNUNET_SET_Element *element; 1228 struct GNUNET_SET_Element *element;
1232 struct GNUNET_SECRETSHARING_KeygenRevealData *d; 1229 struct GNUNET_SECRETSHARING_KeygenRevealData *d;
@@ -1237,140 +1234,140 @@ insert_round2_element (struct KeygenSession *ks)
1237 gcry_mpi_t idx; 1234 gcry_mpi_t idx;
1238 gcry_mpi_t v; 1235 gcry_mpi_t v;
1239 1236
1240 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n", 1237 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n",
1241 ks->local_peer_idx); 1238 ks->local_peer_idx);
1242 1239
1243 GNUNET_assert (NULL != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS))); 1240 GNUNET_assert(NULL != (v = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1244 GNUNET_assert (NULL != (idx = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS))); 1241 GNUNET_assert(NULL != (idx = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1245 1242
1246 element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + 1243 element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) +
1247 sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + 1244 sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers +
1248 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); 1245 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold);
1249 1246
1250 element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size); 1247 element = GNUNET_malloc(sizeof(struct GNUNET_SET_Element) + element_size);
1251 element->size = element_size; 1248 element->size = element_size;
1252 element->data = (void *) &element[1]; 1249 element->data = (void *)&element[1];
1253 1250
1254 d = (void *) element->data; 1251 d = (void *)element->data;
1255 d->peer = my_peer; 1252 d->peer = my_peer;
1256 1253
1257 // start inserting vector elements 1254 // start inserting vector elements
1258 // after the fixed part of the element's data 1255 // after the fixed part of the element's data
1259 pos = (void *) &d[1]; 1256 pos = (void *)&d[1];
1260 last_pos = pos + element_size; 1257 last_pos = pos + element_size;
1261 1258
1262 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n", 1259 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n",
1263 ks->local_peer_idx); 1260 ks->local_peer_idx);
1264 1261
1265 // encrypted pre-shares 1262 // encrypted pre-shares
1266 // and fair encryption proof 1263 // and fair encryption proof
1267 { 1264 {
1268 for (i = 0; i < ks->num_peers; i++) 1265 for (i = 0; i < ks->num_peers; i++)
1269 {
1270 ptrdiff_t remaining = last_pos - pos;
1271 struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *) pos;
1272
1273 GNUNET_assert (remaining > 0);
1274 memset (fe, 0, sizeof *fe);
1275 if (GNUNET_YES == ks->info[i].round1_valid)
1276 { 1266 {
1277 gcry_mpi_set_ui (idx, i + 1); 1267 ptrdiff_t remaining = last_pos - pos;
1278 // evaluate the polynomial 1268 struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *)pos;
1279 horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, elgamal_q); 1269
1280 // encrypt the result 1270 GNUNET_assert(remaining > 0);
1281 encrypt_fair (v, &ks->info[i].paillier_public_key, fe); 1271 memset(fe, 0, sizeof *fe);
1272 if (GNUNET_YES == ks->info[i].round1_valid)
1273 {
1274 gcry_mpi_set_ui(idx, i + 1);
1275 // evaluate the polynomial
1276 horner_eval(v, ks->presecret_polynomial, ks->threshold, idx, elgamal_q);
1277 // encrypt the result
1278 encrypt_fair(v, &ks->info[i].paillier_public_key, fe);
1279 }
1280 pos += sizeof *fe;
1282 } 1281 }
1283 pos += sizeof *fe;
1284 }
1285 } 1282 }
1286 1283
1287 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n", 1284 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n",
1288 ks->local_peer_idx); 1285 ks->local_peer_idx);
1289 1286
1290 // exponentiated coefficients 1287 // exponentiated coefficients
1291 for (i = 0; i < ks->threshold; i++) 1288 for (i = 0; i < ks->threshold; i++)
1292 { 1289 {
1293 ptrdiff_t remaining = last_pos - pos; 1290 ptrdiff_t remaining = last_pos - pos;
1294 GNUNET_assert (remaining > 0); 1291 GNUNET_assert(remaining > 0);
1295 gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); 1292 gcry_mpi_powm(v, elgamal_g, ks->presecret_polynomial[i], elgamal_p);
1296 GNUNET_CRYPTO_mpi_print_unsigned (pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); 1293 GNUNET_CRYPTO_mpi_print_unsigned(pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v);
1297 pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8; 1294 pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8;
1298 } 1295 }
1299 1296
1300 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n", 1297 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n",
1301 ks->local_peer_idx); 1298 ks->local_peer_idx);
1302 1299
1303 1300
1304 d->purpose.size = htonl (element_size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); 1301 d->purpose.size = htonl(element_size - offsetof(struct GNUNET_SECRETSHARING_KeygenRevealData, purpose));
1305 d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2); 1302 d->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2);
1306 GNUNET_assert (GNUNET_OK == 1303 GNUNET_assert(GNUNET_OK ==
1307 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, 1304 GNUNET_CRYPTO_eddsa_sign(my_peer_private_key,
1308 &d->purpose, 1305 &d->purpose,
1309 &d->signature)); 1306 &d->signature));
1310 1307
1311 GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); 1308 GNUNET_CONSENSUS_insert(ks->consensus, element, NULL, NULL);
1312 GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */ 1309 GNUNET_free(element); /* FIXME: maybe stack-allocate instead? */
1313 1310
1314 gcry_mpi_release (v); 1311 gcry_mpi_release(v);
1315 gcry_mpi_release (idx); 1312 gcry_mpi_release(idx);
1316} 1313}
1317 1314
1318 1315
1319static gcry_mpi_t 1316static gcry_mpi_t
1320keygen_reveal_get_exp_coeff (struct KeygenSession *ks, 1317keygen_reveal_get_exp_coeff(struct KeygenSession *ks,
1321 const struct GNUNET_SECRETSHARING_KeygenRevealData *d, 1318 const struct GNUNET_SECRETSHARING_KeygenRevealData *d,
1322 unsigned int idx) 1319 unsigned int idx)
1323{ 1320{
1324 unsigned char *pos; 1321 unsigned char *pos;
1325 gcry_mpi_t exp_coeff; 1322 gcry_mpi_t exp_coeff;
1326 1323
1327 GNUNET_assert (idx < ks->threshold); 1324 GNUNET_assert(idx < ks->threshold);
1328 1325
1329 pos = (void *) &d[1]; 1326 pos = (void *)&d[1];
1330 // skip encrypted pre-shares 1327 // skip encrypted pre-shares
1331 pos += sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers; 1328 pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers;
1332 // skip exp. coeffs we are not interested in 1329 // skip exp. coeffs we are not interested in
1333 pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx; 1330 pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx;
1334 // the first exponentiated coefficient is the public key share 1331 // the first exponentiated coefficient is the public key share
1335 GNUNET_CRYPTO_mpi_scan_unsigned (&exp_coeff, pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1332 GNUNET_CRYPTO_mpi_scan_unsigned(&exp_coeff, pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1336 return exp_coeff; 1333 return exp_coeff;
1337} 1334}
1338 1335
1339 1336
1340static struct GNUNET_SECRETSHARING_FairEncryption * 1337static struct GNUNET_SECRETSHARING_FairEncryption *
1341keygen_reveal_get_enc_preshare (struct KeygenSession *ks, 1338keygen_reveal_get_enc_preshare(struct KeygenSession *ks,
1342 const struct GNUNET_SECRETSHARING_KeygenRevealData *d, 1339 const struct GNUNET_SECRETSHARING_KeygenRevealData *d,
1343 unsigned int idx) 1340 unsigned int idx)
1344{ 1341{
1345 unsigned char *pos; 1342 unsigned char *pos;
1346 1343
1347 GNUNET_assert (idx < ks->num_peers); 1344 GNUNET_assert(idx < ks->num_peers);
1348 1345
1349 pos = (void *) &d[1]; 1346 pos = (void *)&d[1];
1350 // skip encrypted pre-shares we're not interested in 1347 // skip encrypted pre-shares we're not interested in
1351 pos += sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * idx; 1348 pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * idx;
1352 return (struct GNUNET_SECRETSHARING_FairEncryption *) pos; 1349 return (struct GNUNET_SECRETSHARING_FairEncryption *)pos;
1353} 1350}
1354 1351
1355 1352
1356static gcry_mpi_t 1353static gcry_mpi_t
1357keygen_reveal_get_exp_preshare (struct KeygenSession *ks, 1354keygen_reveal_get_exp_preshare(struct KeygenSession *ks,
1358 const struct GNUNET_SECRETSHARING_KeygenRevealData *d, 1355 const struct GNUNET_SECRETSHARING_KeygenRevealData *d,
1359 unsigned int idx) 1356 unsigned int idx)
1360{ 1357{
1361 gcry_mpi_t exp_preshare; 1358 gcry_mpi_t exp_preshare;
1362 struct GNUNET_SECRETSHARING_FairEncryption *fe; 1359 struct GNUNET_SECRETSHARING_FairEncryption *fe;
1363 1360
1364 GNUNET_assert (idx < ks->num_peers); 1361 GNUNET_assert(idx < ks->num_peers);
1365 fe = keygen_reveal_get_enc_preshare (ks, d, idx); 1362 fe = keygen_reveal_get_enc_preshare(ks, d, idx);
1366 GNUNET_CRYPTO_mpi_scan_unsigned (&exp_preshare, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1363 GNUNET_CRYPTO_mpi_scan_unsigned(&exp_preshare, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1367 return exp_preshare; 1364 return exp_preshare;
1368} 1365}
1369 1366
1370 1367
1371static void 1368static void
1372keygen_round2_new_element (void *cls, 1369keygen_round2_new_element(void *cls,
1373 const struct GNUNET_SET_Element *element) 1370 const struct GNUNET_SET_Element *element)
1374{ 1371{
1375 struct KeygenSession *ks = cls; 1372 struct KeygenSession *ks = cls;
1376 const struct GNUNET_SECRETSHARING_KeygenRevealData *d; 1373 const struct GNUNET_SECRETSHARING_KeygenRevealData *d;
@@ -1383,181 +1380,180 @@ keygen_round2_new_element (void *cls,
1383 gcry_mpi_t preshare; 1380 gcry_mpi_t preshare;
1384 1381
1385 if (NULL == element) 1382 if (NULL == element)
1386 { 1383 {
1387 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n"); 1384 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n");
1388 return; 1385 return;
1389 } 1386 }
1390 1387
1391 expected_element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + 1388 expected_element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) +
1392 sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + 1389 sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers +
1393 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); 1390 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold);
1394 1391
1395 if (element->size != expected_element_size) 1392 if (element->size != expected_element_size)
1396 { 1393 {
1397 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 1394 GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
1398 "keygen round2 data with wrong size (%u) in consensus, %u expected\n", 1395 "keygen round2 data with wrong size (%u) in consensus, %u expected\n",
1399 (unsigned int) element->size, 1396 (unsigned int)element->size,
1400 (unsigned int) expected_element_size); 1397 (unsigned int)expected_element_size);
1401 return; 1398 return;
1402 } 1399 }
1403 1400
1404 d = (const void *) element->data; 1401 d = (const void *)element->data;
1405 1402
1406 info = get_keygen_peer_info (ks, &d->peer); 1403 info = get_keygen_peer_info(ks, &d->peer);
1407 1404
1408 if (NULL == info) 1405 if (NULL == info)
1409 { 1406 {
1410 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", 1407 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n",
1411 GNUNET_i2s (&d->peer)); 1408 GNUNET_i2s(&d->peer));
1412 return; 1409 return;
1413 } 1410 }
1414 1411
1415 if (GNUNET_NO == info->round1_valid) 1412 if (GNUNET_NO == info->round1_valid)
1416 { 1413 {
1417 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 1414 GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
1418 "ignoring round2 element from peer with invalid round1 element (%s)\n", 1415 "ignoring round2 element from peer with invalid round1 element (%s)\n",
1419 GNUNET_i2s (&d->peer)); 1416 GNUNET_i2s(&d->peer));
1420 return; 1417 return;
1421 } 1418 }
1422 1419
1423 if (GNUNET_YES == info->round2_valid) 1420 if (GNUNET_YES == info->round2_valid)
1424 { 1421 {
1425 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 1422 GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
1426 "ignoring duplicate round2 element (%s)\n", 1423 "ignoring duplicate round2 element (%s)\n",
1427 GNUNET_i2s (&d->peer)); 1424 GNUNET_i2s(&d->peer));
1428 return; 1425 return;
1429 } 1426 }
1430 1427
1431 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round2 element\n"); 1428 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "got round2 element\n");
1432 1429
1433 if (ntohl (d->purpose.size) != 1430 if (ntohl(d->purpose.size) !=
1434 element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)) 1431 element->size - offsetof(struct GNUNET_SECRETSHARING_KeygenRevealData, purpose))
1435 { 1432 {
1436 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with wrong signature purpose size in consensus\n"); 1433 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with wrong signature purpose size in consensus\n");
1437 return; 1434 return;
1438 } 1435 }
1439 1436
1440 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, 1437 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2,
1441 &d->purpose, &d->signature, &d->peer.public_key)) 1438 &d->purpose, &d->signature, &d->peer.public_key))
1442 { 1439 {
1443 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with invalid signature in consensus\n"); 1440 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with invalid signature in consensus\n");
1444 return; 1441 return;
1445 } 1442 }
1446 1443
1447 public_key_share = keygen_reveal_get_exp_coeff (ks, d, 0); 1444 public_key_share = keygen_reveal_get_exp_coeff(ks, d, 0);
1448 info->preshare_commitment = keygen_reveal_get_exp_preshare (ks, d, ks->local_peer_idx); 1445 info->preshare_commitment = keygen_reveal_get_exp_preshare(ks, d, ks->local_peer_idx);
1449 1446
1450 if (NULL == ks->public_key) 1447 if (NULL == ks->public_key)
1451 { 1448 {
1452 GNUNET_assert (NULL != (ks->public_key = gcry_mpi_new (0))); 1449 GNUNET_assert(NULL != (ks->public_key = gcry_mpi_new(0)));
1453 gcry_mpi_set_ui (ks->public_key, 1); 1450 gcry_mpi_set_ui(ks->public_key, 1);
1454 } 1451 }
1455 gcry_mpi_mulm (ks->public_key, ks->public_key, public_key_share, elgamal_p); 1452 gcry_mpi_mulm(ks->public_key, ks->public_key, public_key_share, elgamal_p);
1456 1453
1457 gcry_mpi_release (public_key_share); 1454 gcry_mpi_release(public_key_share);
1458 public_key_share = NULL; 1455 public_key_share = NULL;
1459 1456
1460 { 1457 {
1461 struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare (ks, d, ks->local_peer_idx); 1458 struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare(ks, d, ks->local_peer_idx);
1462 GNUNET_assert (NULL != (preshare = gcry_mpi_new (0))); 1459 GNUNET_assert(NULL != (preshare = gcry_mpi_new(0)));
1463 GNUNET_CRYPTO_paillier_decrypt (&ks->paillier_private_key, 1460 GNUNET_CRYPTO_paillier_decrypt(&ks->paillier_private_key,
1464 &ks->info[ks->local_peer_idx].paillier_public_key, 1461 &ks->info[ks->local_peer_idx].paillier_public_key,
1465 &fe->c, 1462 &fe->c,
1466 preshare); 1463 preshare);
1467 1464
1468 // FIXME: not doing the restoration is less expensive 1465 // FIXME: not doing the restoration is less expensive
1469 restore_fair (&ks->info[ks->local_peer_idx].paillier_public_key, 1466 restore_fair(&ks->info[ks->local_peer_idx].paillier_public_key,
1470 fe, 1467 fe,
1471 preshare, 1468 preshare,
1472 preshare); 1469 preshare);
1473 } 1470 }
1474 1471
1475 GNUNET_assert (NULL != (tmp = gcry_mpi_new (0))); 1472 GNUNET_assert(NULL != (tmp = gcry_mpi_new(0)));
1476 gcry_mpi_powm (tmp, elgamal_g, preshare, elgamal_p); 1473 gcry_mpi_powm(tmp, elgamal_g, preshare, elgamal_p);
1477 1474
1478 cmp_result = gcry_mpi_cmp (tmp, info->preshare_commitment); 1475 cmp_result = gcry_mpi_cmp(tmp, info->preshare_commitment);
1479 gcry_mpi_release (tmp); 1476 gcry_mpi_release(tmp);
1480 tmp = NULL; 1477 tmp = NULL;
1481 if (0 != cmp_result) 1478 if (0 != cmp_result)
1482 { 1479 {
1483 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: Got invalid presecret from P%u\n", 1480 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: Got invalid presecret from P%u\n",
1484 (unsigned int) ks->local_peer_idx, (unsigned int) (info - ks->info)); 1481 (unsigned int)ks->local_peer_idx, (unsigned int)(info - ks->info));
1485 return; 1482 return;
1486 } 1483 }
1487 1484
1488 if (NULL == ks->my_share) 1485 if (NULL == ks->my_share)
1489 { 1486 {
1490 GNUNET_assert (NULL != (ks->my_share = gcry_mpi_new (0))); 1487 GNUNET_assert(NULL != (ks->my_share = gcry_mpi_new(0)));
1491 } 1488 }
1492 gcry_mpi_addm (ks->my_share, ks->my_share, preshare, elgamal_q); 1489 gcry_mpi_addm(ks->my_share, ks->my_share, preshare, elgamal_q);
1493 1490
1494 for (j = 0; j < ks->num_peers; j++) 1491 for (j = 0; j < ks->num_peers; j++)
1495 {
1496 gcry_mpi_t presigma;
1497 if (NULL == ks->info[j].sigma)
1498 { 1492 {
1499 GNUNET_assert (NULL != (ks->info[j].sigma = gcry_mpi_new (0))); 1493 gcry_mpi_t presigma;
1500 gcry_mpi_set_ui (ks->info[j].sigma, 1); 1494 if (NULL == ks->info[j].sigma)
1495 {
1496 GNUNET_assert(NULL != (ks->info[j].sigma = gcry_mpi_new(0)));
1497 gcry_mpi_set_ui(ks->info[j].sigma, 1);
1498 }
1499 presigma = keygen_reveal_get_exp_preshare(ks, d, j);
1500 gcry_mpi_mulm(ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p);
1501 gcry_mpi_release(presigma);
1501 } 1502 }
1502 presigma = keygen_reveal_get_exp_preshare (ks, d, j);
1503 gcry_mpi_mulm (ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p);
1504 gcry_mpi_release (presigma);
1505 }
1506 1503
1507 gcry_mpi_t prod; 1504 gcry_mpi_t prod;
1508 GNUNET_assert (NULL != (prod = gcry_mpi_new (0))); 1505 GNUNET_assert(NULL != (prod = gcry_mpi_new(0)));
1509 gcry_mpi_t j_to_k; 1506 gcry_mpi_t j_to_k;
1510 GNUNET_assert (NULL != (j_to_k = gcry_mpi_new (0))); 1507 GNUNET_assert(NULL != (j_to_k = gcry_mpi_new(0)));
1511 // validate that the polynomial sharing matches the additive sharing 1508 // validate that the polynomial sharing matches the additive sharing
1512 for (j = 0; j < ks->num_peers; j++) 1509 for (j = 0; j < ks->num_peers; j++)
1513 {
1514 unsigned int k;
1515 int cmp_result;
1516 gcry_mpi_t exp_preshare;
1517 gcry_mpi_set_ui (prod, 1);
1518 for (k = 0; k < ks->threshold; k++)
1519 { 1510 {
1520 // Using pow(double,double) is a bit sketchy. 1511 unsigned int k;
1521 // We count players from 1, but shares from 0. 1512 int cmp_result;
1522 gcry_mpi_t tmp; 1513 gcry_mpi_t exp_preshare;
1523 gcry_mpi_set_ui (j_to_k, (unsigned int) pow(j+1, k)); 1514 gcry_mpi_set_ui(prod, 1);
1524 tmp = keygen_reveal_get_exp_coeff (ks, d, k); 1515 for (k = 0; k < ks->threshold; k++)
1525 gcry_mpi_powm (tmp, tmp, j_to_k, elgamal_p); 1516 {
1526 gcry_mpi_mulm (prod, prod, tmp, elgamal_p); 1517 // Using pow(double,double) is a bit sketchy.
1527 gcry_mpi_release (tmp); 1518 // We count players from 1, but shares from 0.
1528 } 1519 gcry_mpi_t tmp;
1529 exp_preshare = keygen_reveal_get_exp_preshare (ks, d, j); 1520 gcry_mpi_set_ui(j_to_k, (unsigned int)pow(j + 1, k));
1530 gcry_mpi_mod (exp_preshare, exp_preshare, elgamal_p); 1521 tmp = keygen_reveal_get_exp_coeff(ks, d, k);
1531 cmp_result = gcry_mpi_cmp (prod, exp_preshare); 1522 gcry_mpi_powm(tmp, tmp, j_to_k, elgamal_p);
1532 gcry_mpi_release (exp_preshare); 1523 gcry_mpi_mulm(prod, prod, tmp, elgamal_p);
1533 exp_preshare = NULL; 1524 gcry_mpi_release(tmp);
1534 if (0 != cmp_result) 1525 }
1535 { 1526 exp_preshare = keygen_reveal_get_exp_preshare(ks, d, j);
1536 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect\n", 1527 gcry_mpi_mod(exp_preshare, exp_preshare, elgamal_p);
1537 ks->local_peer_idx, j); 1528 cmp_result = gcry_mpi_cmp(prod, exp_preshare);
1538 /* no need for further verification, round2 stays invalid ... */ 1529 gcry_mpi_release(exp_preshare);
1539 return; 1530 exp_preshare = NULL;
1531 if (0 != cmp_result)
1532 {
1533 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect\n",
1534 ks->local_peer_idx, j);
1535 /* no need for further verification, round2 stays invalid ... */
1536 return;
1537 }
1540 } 1538 }
1541 }
1542 1539
1543 // TODO: verify proof of fair encryption (once implemented) 1540 // TODO: verify proof of fair encryption (once implemented)
1544 for (j = 0; j < ks->num_peers; j++) 1541 for (j = 0; j < ks->num_peers; j++)
1545 {
1546 struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare (ks, d, j);
1547 if (GNUNET_YES != verify_fair (&ks->info[j].paillier_public_key, fe))
1548 { 1542 {
1549 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect (fair encryption)\n", 1543 struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare(ks, d, j);
1550 ks->local_peer_idx, j); 1544 if (GNUNET_YES != verify_fair(&ks->info[j].paillier_public_key, fe))
1551 return; 1545 {
1546 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect (fair encryption)\n",
1547 ks->local_peer_idx, j);
1548 return;
1549 }
1552 } 1550 }
1553 1551
1554 }
1555
1556 info->round2_valid = GNUNET_YES; 1552 info->round2_valid = GNUNET_YES;
1557 1553
1558 gcry_mpi_release (preshare); 1554 gcry_mpi_release(preshare);
1559 gcry_mpi_release (prod); 1555 gcry_mpi_release(prod);
1560 gcry_mpi_release (j_to_k); 1556 gcry_mpi_release(j_to_k);
1561} 1557}
1562 1558
1563 1559
@@ -1568,22 +1564,22 @@ keygen_round2_new_element (void *cls,
1568 * @param cls closure 1564 * @param cls closure
1569 */ 1565 */
1570static void 1566static void
1571keygen_round1_conclude (void *cls) 1567keygen_round1_conclude(void *cls)
1572{ 1568{
1573 struct KeygenSession *ks = cls; 1569 struct KeygenSession *ks = cls;
1574 1570
1575 GNUNET_CONSENSUS_destroy (ks->consensus); 1571 GNUNET_CONSENSUS_destroy(ks->consensus);
1576 1572
1577 ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &ks->session_id, 1573 ks->consensus = GNUNET_CONSENSUS_create(cfg, ks->num_peers, ks->peers, &ks->session_id,
1578 time_between (ks->start_time, ks->deadline, 1, 2), 1574 time_between(ks->start_time, ks->deadline, 1, 2),
1579 ks->deadline, 1575 ks->deadline,
1580 keygen_round2_new_element, ks); 1576 keygen_round2_new_element, ks);
1581 1577
1582 insert_round2_element (ks); 1578 insert_round2_element(ks);
1583 1579
1584 GNUNET_CONSENSUS_conclude (ks->consensus, 1580 GNUNET_CONSENSUS_conclude(ks->consensus,
1585 keygen_round2_conclude, 1581 keygen_round2_conclude,
1586 ks); 1582 ks);
1587} 1583}
1588 1584
1589 1585
@@ -1594,7 +1590,7 @@ keygen_round1_conclude (void *cls)
1594 * @param ks session to use 1590 * @param ks session to use
1595 */ 1591 */
1596static void 1592static void
1597insert_round1_element (struct KeygenSession *ks) 1593insert_round1_element(struct KeygenSession *ks)
1598{ 1594{
1599 struct GNUNET_SET_Element *element; 1595 struct GNUNET_SET_Element *element;
1600 struct GNUNET_SECRETSHARING_KeygenCommitData *d; 1596 struct GNUNET_SECRETSHARING_KeygenCommitData *d;
@@ -1603,34 +1599,34 @@ insert_round1_element (struct KeygenSession *ks)
1603 // big-endian representation of 'v' 1599 // big-endian representation of 'v'
1604 unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; 1600 unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
1605 1601
1606 element = GNUNET_malloc (sizeof *element + sizeof *d); 1602 element = GNUNET_malloc(sizeof *element + sizeof *d);
1607 d = (void *) &element[1]; 1603 d = (void *)&element[1];
1608 element->data = d; 1604 element->data = d;
1609 element->size = sizeof *d; 1605 element->size = sizeof *d;
1610 1606
1611 d->peer = my_peer; 1607 d->peer = my_peer;
1612 1608
1613 GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS))); 1609 GNUNET_assert(0 != (v = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1614 1610
1615 gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); 1611 gcry_mpi_powm(v, elgamal_g, ks->presecret_polynomial[0], elgamal_p);
1616 1612
1617 GNUNET_CRYPTO_mpi_print_unsigned (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); 1613 GNUNET_CRYPTO_mpi_print_unsigned(v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v);
1618 1614
1619 GNUNET_CRYPTO_hash (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, &d->commitment); 1615 GNUNET_CRYPTO_hash(v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, &d->commitment);
1620 1616
1621 d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key; 1617 d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key;
1622 1618
1623 d->purpose.size = htonl ((sizeof *d) - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); 1619 d->purpose.size = htonl((sizeof *d) - offsetof(struct GNUNET_SECRETSHARING_KeygenCommitData, purpose));
1624 d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); 1620 d->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1);
1625 GNUNET_assert (GNUNET_OK == 1621 GNUNET_assert(GNUNET_OK ==
1626 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, 1622 GNUNET_CRYPTO_eddsa_sign(my_peer_private_key,
1627 &d->purpose, 1623 &d->purpose,
1628 &d->signature)); 1624 &d->signature));
1629 1625
1630 GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); 1626 GNUNET_CONSENSUS_insert(ks->consensus, element, NULL, NULL);
1631 1627
1632 gcry_mpi_release (v); 1628 gcry_mpi_release(v);
1633 GNUNET_free (element); 1629 GNUNET_free(element);
1634} 1630}
1635 1631
1636 1632
@@ -1642,17 +1638,17 @@ insert_round1_element (struct KeygenSession *ks)
1642 * @return #GNUNET_OK if @a msg is well-formed 1638 * @return #GNUNET_OK if @a msg is well-formed
1643 */ 1639 */
1644static int 1640static int
1645check_client_keygen (void *cls, 1641check_client_keygen(void *cls,
1646 const struct GNUNET_SECRETSHARING_CreateMessage *msg) 1642 const struct GNUNET_SECRETSHARING_CreateMessage *msg)
1647{ 1643{
1648 unsigned int num_peers = ntohs (msg->num_peers); 1644 unsigned int num_peers = ntohs(msg->num_peers);
1649 1645
1650 if (ntohs (msg->header.size) - sizeof (*msg) != 1646 if (ntohs(msg->header.size) - sizeof(*msg) !=
1651 num_peers * sizeof (struct GNUNET_PeerIdentity)) 1647 num_peers * sizeof(struct GNUNET_PeerIdentity))
1652 { 1648 {
1653 GNUNET_break (0); 1649 GNUNET_break(0);
1654 return GNUNET_SYSERR; 1650 return GNUNET_SYSERR;
1655 } 1651 }
1656 return GNUNET_OK; 1652 return GNUNET_OK;
1657} 1653}
1658 1654
@@ -1665,72 +1661,72 @@ check_client_keygen (void *cls,
1665 * @param msg the actual message 1661 * @param msg the actual message
1666 */ 1662 */
1667static void 1663static void
1668handle_client_keygen (void *cls, 1664handle_client_keygen(void *cls,
1669 const struct GNUNET_SECRETSHARING_CreateMessage *msg) 1665 const struct GNUNET_SECRETSHARING_CreateMessage *msg)
1670{ 1666{
1671 struct ClientState *cs = cls; 1667 struct ClientState *cs = cls;
1672 struct KeygenSession *ks; 1668 struct KeygenSession *ks;
1673 1669
1674 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 1670 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
1675 "client requested key generation\n"); 1671 "client requested key generation\n");
1676 if (NULL != cs->keygen_session) 1672 if (NULL != cs->keygen_session)
1677 { 1673 {
1678 GNUNET_break (0); 1674 GNUNET_break(0);
1679 GNUNET_SERVICE_client_drop (cs->client); 1675 GNUNET_SERVICE_client_drop(cs->client);
1680 return; 1676 return;
1681 } 1677 }
1682 ks = GNUNET_new (struct KeygenSession); 1678 ks = GNUNET_new(struct KeygenSession);
1683 ks->cs = cs; 1679 ks->cs = cs;
1684 cs->keygen_session = ks; 1680 cs->keygen_session = ks;
1685 ks->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline); 1681 ks->deadline = GNUNET_TIME_absolute_ntoh(msg->deadline);
1686 ks->threshold = ntohs (msg->threshold); 1682 ks->threshold = ntohs(msg->threshold);
1687 ks->num_peers = ntohs (msg->num_peers); 1683 ks->num_peers = ntohs(msg->num_peers);
1688 1684
1689 ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1], 1685 ks->peers = normalize_peers((struct GNUNET_PeerIdentity *)&msg[1],
1690 ks->num_peers, 1686 ks->num_peers,
1691 &ks->num_peers, 1687 &ks->num_peers,
1692 &ks->local_peer_idx); 1688 &ks->local_peer_idx);
1693 1689
1694 1690
1695 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 1691 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
1696 "first round of consensus with %u peers\n", 1692 "first round of consensus with %u peers\n",
1697 ks->num_peers); 1693 ks->num_peers);
1698 ks->consensus = GNUNET_CONSENSUS_create (cfg, 1694 ks->consensus = GNUNET_CONSENSUS_create(cfg,
1699 ks->num_peers, 1695 ks->num_peers,
1700 ks->peers, 1696 ks->peers,
1701 &msg->session_id, 1697 &msg->session_id,
1702 GNUNET_TIME_absolute_ntoh (msg->start), 1698 GNUNET_TIME_absolute_ntoh(msg->start),
1703 GNUNET_TIME_absolute_ntoh (msg->deadline), 1699 GNUNET_TIME_absolute_ntoh(msg->deadline),
1704 keygen_round1_new_element, 1700 keygen_round1_new_element,
1705 ks); 1701 ks);
1706 1702
1707 ks->info = GNUNET_new_array (ks->num_peers, 1703 ks->info = GNUNET_new_array(ks->num_peers,
1708 struct KeygenPeerInfo); 1704 struct KeygenPeerInfo);
1709 1705
1710 for (unsigned int i = 0; i < ks->num_peers; i++) 1706 for (unsigned int i = 0; i < ks->num_peers; i++)
1711 ks->info[i].peer = ks->peers[i]; 1707 ks->info[i].peer = ks->peers[i];
1712 1708
1713 GNUNET_CRYPTO_paillier_create (&ks->info[ks->local_peer_idx].paillier_public_key, 1709 GNUNET_CRYPTO_paillier_create(&ks->info[ks->local_peer_idx].paillier_public_key,
1714 &ks->paillier_private_key); 1710 &ks->paillier_private_key);
1715 1711
1716 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1712 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
1717 "P%u: Generated paillier key pair\n", 1713 "P%u: Generated paillier key pair\n",
1718 ks->local_peer_idx); 1714 ks->local_peer_idx);
1719 generate_presecret_polynomial (ks); 1715 generate_presecret_polynomial(ks);
1720 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1716 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
1721 "P%u: Generated presecret polynomial\n", 1717 "P%u: Generated presecret polynomial\n",
1722 ks->local_peer_idx); 1718 ks->local_peer_idx);
1723 insert_round1_element (ks); 1719 insert_round1_element(ks);
1724 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1720 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
1725 "P%u: Concluding for round 1\n", 1721 "P%u: Concluding for round 1\n",
1726 ks->local_peer_idx); 1722 ks->local_peer_idx);
1727 GNUNET_CONSENSUS_conclude (ks->consensus, 1723 GNUNET_CONSENSUS_conclude(ks->consensus,
1728 keygen_round1_conclude, 1724 keygen_round1_conclude,
1729 ks); 1725 ks);
1730 GNUNET_SERVICE_client_continue (cs->client); 1726 GNUNET_SERVICE_client_continue(cs->client);
1731 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1727 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
1732 "P%u: Waiting for round 1 elements ...\n", 1728 "P%u: Waiting for round 1 elements ...\n",
1733 ks->local_peer_idx); 1729 ks->local_peer_idx);
1734} 1730}
1735 1731
1736 1732
@@ -1738,7 +1734,7 @@ handle_client_keygen (void *cls,
1738 * Called when the partial decryption consensus concludes. 1734 * Called when the partial decryption consensus concludes.
1739 */ 1735 */
1740static void 1736static void
1741decrypt_conclude (void *cls) 1737decrypt_conclude(void *cls)
1742{ 1738{
1743 struct DecryptSession *ds = cls; 1739 struct DecryptSession *ds = cls;
1744 struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg; 1740 struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg;
@@ -1753,59 +1749,58 @@ decrypt_conclude (void *cls)
1753 unsigned int i; 1749 unsigned int i;
1754 unsigned int j; 1750 unsigned int j;
1755 1751
1756 GNUNET_CONSENSUS_destroy (ds->consensus); 1752 GNUNET_CONSENSUS_destroy(ds->consensus);
1757 ds->consensus = NULL; 1753 ds->consensus = NULL;
1758 1754
1759 GNUNET_assert (0 != (lagrange = gcry_mpi_new (0))); 1755 GNUNET_assert(0 != (lagrange = gcry_mpi_new(0)));
1760 GNUNET_assert (0 != (m = gcry_mpi_new (0))); 1756 GNUNET_assert(0 != (m = gcry_mpi_new(0)));
1761 GNUNET_assert (0 != (tmp = gcry_mpi_new (0))); 1757 GNUNET_assert(0 != (tmp = gcry_mpi_new(0)));
1762 GNUNET_assert (0 != (prod = gcry_mpi_new (0))); 1758 GNUNET_assert(0 != (prod = gcry_mpi_new(0)));
1763 1759
1764 num = 0; 1760 num = 0;
1765 for (i = 0; i < ds->share->num_peers; i++) 1761 for (i = 0; i < ds->share->num_peers; i++)
1766 if (NULL != ds->info[i].partial_decryption) 1762 if (NULL != ds->info[i].partial_decryption)
1767 num++; 1763 num++;
1768 1764
1769 indices = GNUNET_new_array (num, 1765 indices = GNUNET_new_array(num,
1770 unsigned int); 1766 unsigned int);
1771 j = 0; 1767 j = 0;
1772 for (i = 0; i < ds->share->num_peers; i++) 1768 for (i = 0; i < ds->share->num_peers; i++)
1773 if (NULL != ds->info[i].partial_decryption) 1769 if (NULL != ds->info[i].partial_decryption)
1774 indices[j++] = ds->info[i].original_index; 1770 indices[j++] = ds->info[i].original_index;
1775 1771
1776 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 1772 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
1777 "P%u: decrypt conclude, with %u peers\n", 1773 "P%u: decrypt conclude, with %u peers\n",
1778 ds->share->my_peer, 1774 ds->share->my_peer,
1779 num); 1775 num);
1780 1776
1781 gcry_mpi_set_ui (prod, 1); 1777 gcry_mpi_set_ui(prod, 1);
1782 for (i = 0; i < num; i++) 1778 for (i = 0; i < num; i++)
1783 { 1779 {
1784 1780 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
1785 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 1781 "P%u: index of %u: %u\n",
1786 "P%u: index of %u: %u\n", 1782 ds->share->my_peer, i, indices[i]);
1787 ds->share->my_peer, i, indices[i]); 1783 compute_lagrange_coefficient(lagrange, indices[i], indices, num);
1788 compute_lagrange_coefficient (lagrange, indices[i], indices, num); 1784 // w_i^{\lambda_i}
1789 // w_i^{\lambda_i} 1785 gcry_mpi_powm(tmp, ds->info[indices[i]].partial_decryption, lagrange, elgamal_p);
1790 gcry_mpi_powm (tmp, ds->info[indices[i]].partial_decryption, lagrange, elgamal_p); 1786
1791 1787 // product of all exponentiated partiel decryptions ...
1792 // product of all exponentiated partiel decryptions ... 1788 gcry_mpi_mulm(prod, prod, tmp, elgamal_p);
1793 gcry_mpi_mulm (prod, prod, tmp, elgamal_p); 1789 }
1794 }
1795 1790
1796 GNUNET_CRYPTO_mpi_scan_unsigned (&c_2, ds->ciphertext.c2_bits, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1791 GNUNET_CRYPTO_mpi_scan_unsigned(&c_2, ds->ciphertext.c2_bits, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1797 1792
1798 GNUNET_assert (0 != gcry_mpi_invm (prod, prod, elgamal_p)); 1793 GNUNET_assert(0 != gcry_mpi_invm(prod, prod, elgamal_p));
1799 gcry_mpi_mulm (m, c_2, prod, elgamal_p); 1794 gcry_mpi_mulm(m, c_2, prod, elgamal_p);
1800 ev = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); 1795 ev = GNUNET_MQ_msg(msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE);
1801 GNUNET_CRYPTO_mpi_print_unsigned (&msg->plaintext, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m); 1796 GNUNET_CRYPTO_mpi_print_unsigned(&msg->plaintext, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m);
1802 msg->success = htonl (1); 1797 msg->success = htonl(1);
1803 GNUNET_MQ_send (ds->cs->mq, 1798 GNUNET_MQ_send(ds->cs->mq,
1804 ev); 1799 ev);
1805 1800
1806 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n"); 1801 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n");
1807 1802
1808 GNUNET_free (indices); 1803 GNUNET_free(indices);
1809 1804
1810 gcry_mpi_release(lagrange); 1805 gcry_mpi_release(lagrange);
1811 gcry_mpi_release(m); 1806 gcry_mpi_release(m);
@@ -1825,12 +1820,12 @@ decrypt_conclude (void *cls)
1825 * @return string representation of @a mpi, must be free'd by the caller 1820 * @return string representation of @a mpi, must be free'd by the caller
1826 */ 1821 */
1827static char * 1822static char *
1828mpi_to_str (gcry_mpi_t mpi) 1823mpi_to_str(gcry_mpi_t mpi)
1829{ 1824{
1830 unsigned char *buf; 1825 unsigned char *buf;
1831 1826
1832 GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, mpi)); 1827 GNUNET_assert(0 == gcry_mpi_aprint(GCRYMPI_FMT_HEX, &buf, NULL, mpi));
1833 return (char *) buf; 1828 return (char *)buf;
1834} 1829}
1835 1830
1836 1831
@@ -1838,8 +1833,8 @@ mpi_to_str (gcry_mpi_t mpi)
1838 * Called when a new partial decryption arrives. 1833 * Called when a new partial decryption arrives.
1839 */ 1834 */
1840static void 1835static void
1841decrypt_new_element (void *cls, 1836decrypt_new_element(void *cls,
1842 const struct GNUNET_SET_Element *element) 1837 const struct GNUNET_SET_Element *element)
1843{ 1838{
1844 struct DecryptSession *session = cls; 1839 struct DecryptSession *session = cls;
1845 const struct GNUNET_SECRETSHARING_DecryptData *d; 1840 const struct GNUNET_SECRETSHARING_DecryptData *d;
@@ -1867,132 +1862,132 @@ decrypt_new_element (void *cls,
1867 gcry_mpi_t tmp2; 1862 gcry_mpi_t tmp2;
1868 1863
1869 if (NULL == element) 1864 if (NULL == element)
1870 { 1865 {
1871 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n"); 1866 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decryption failed\n");
1872 /* FIXME: destroy */ 1867 /* FIXME: destroy */
1873 return; 1868 return;
1874 } 1869 }
1875 1870
1876 if (element->size != sizeof *d) 1871 if (element->size != sizeof *d)
1877 { 1872 {
1878 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "element of wrong size in decrypt consensus\n"); 1873 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "element of wrong size in decrypt consensus\n");
1879 return; 1874 return;
1880 } 1875 }
1881 1876
1882 d = element->data; 1877 d = element->data;
1883 1878
1884 info = get_decrypt_peer_info (session, &d->peer); 1879 info = get_decrypt_peer_info(session, &d->peer);
1885 1880
1886 if (NULL == info) 1881 if (NULL == info)
1887 { 1882 {
1888 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element from invalid peer (%s)\n", 1883 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt element from invalid peer (%s)\n",
1889 GNUNET_i2s (&d->peer)); 1884 GNUNET_i2s(&d->peer));
1890 return; 1885 return;
1891 } 1886 }
1892 1887
1893 if (NULL != info->partial_decryption) 1888 if (NULL != info->partial_decryption)
1894 { 1889 {
1895 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n"); 1890 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n");
1896 return; 1891 return;
1897 } 1892 }
1898 1893
1899 if (0 != GNUNET_memcmp (&d->ciphertext, &session->ciphertext)) 1894 if (0 != GNUNET_memcmp(&d->ciphertext, &session->ciphertext))
1900 { 1895 {
1901 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: got decrypt element with non-matching ciphertext from P%u\n", 1896 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: got decrypt element with non-matching ciphertext from P%u\n",
1902 (unsigned int) session->share->my_peer, (unsigned int) (info - session->info)); 1897 (unsigned int)session->share->my_peer, (unsigned int)(info - session->info));
1903 1898
1904 return; 1899 return;
1905 } 1900 }
1906 1901
1907 1902
1908 GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *) d, 1903 GNUNET_CRYPTO_hash(offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *)d,
1909 offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - 1904 offsetof(struct GNUNET_SECRETSHARING_DecryptData, nizk_response) -
1910 offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext), 1905 offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext),
1911 &challenge_hash); 1906 &challenge_hash);
1912 1907
1913 GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash, 1908 GNUNET_CRYPTO_mpi_scan_unsigned(&challenge, &challenge_hash,
1914 sizeof (struct GNUNET_HashCode)); 1909 sizeof(struct GNUNET_HashCode));
1915 1910
1916 GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &session->share->sigmas[info - session->info], 1911 GNUNET_CRYPTO_mpi_scan_unsigned(&sigma, &session->share->sigmas[info - session->info],
1917 sizeof (struct GNUNET_SECRETSHARING_FieldElement)); 1912 sizeof(struct GNUNET_SECRETSHARING_FieldElement));
1918 1913
1919 GNUNET_CRYPTO_mpi_scan_unsigned (&c1, session->ciphertext.c1_bits, 1914 GNUNET_CRYPTO_mpi_scan_unsigned(&c1, session->ciphertext.c1_bits,
1920 sizeof (struct GNUNET_SECRETSHARING_FieldElement)); 1915 sizeof(struct GNUNET_SECRETSHARING_FieldElement));
1921 1916
1922 GNUNET_CRYPTO_mpi_scan_unsigned (&commit1, &d->nizk_commit1, 1917 GNUNET_CRYPTO_mpi_scan_unsigned(&commit1, &d->nizk_commit1,
1923 sizeof (struct GNUNET_SECRETSHARING_FieldElement)); 1918 sizeof(struct GNUNET_SECRETSHARING_FieldElement));
1924 1919
1925 GNUNET_CRYPTO_mpi_scan_unsigned (&commit2, &d->nizk_commit2, 1920 GNUNET_CRYPTO_mpi_scan_unsigned(&commit2, &d->nizk_commit2,
1926 sizeof (struct GNUNET_SECRETSHARING_FieldElement)); 1921 sizeof(struct GNUNET_SECRETSHARING_FieldElement));
1927 1922
1928 GNUNET_CRYPTO_mpi_scan_unsigned (&r, &d->nizk_response, 1923 GNUNET_CRYPTO_mpi_scan_unsigned(&r, &d->nizk_response,
1929 sizeof (struct GNUNET_SECRETSHARING_FieldElement)); 1924 sizeof(struct GNUNET_SECRETSHARING_FieldElement));
1930 1925
1931 GNUNET_CRYPTO_mpi_scan_unsigned (&w, &d->partial_decryption, 1926 GNUNET_CRYPTO_mpi_scan_unsigned(&w, &d->partial_decryption,
1932 sizeof (struct GNUNET_SECRETSHARING_FieldElement)); 1927 sizeof(struct GNUNET_SECRETSHARING_FieldElement));
1933 1928
1934 GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0))); 1929 GNUNET_assert(NULL != (tmp1 = gcry_mpi_new(0)));
1935 GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0))); 1930 GNUNET_assert(NULL != (tmp2 = gcry_mpi_new(0)));
1936 1931
1937 // tmp1 = g^r 1932 // tmp1 = g^r
1938 gcry_mpi_powm (tmp1, elgamal_g, r, elgamal_p); 1933 gcry_mpi_powm(tmp1, elgamal_g, r, elgamal_p);
1939 1934
1940 // tmp2 = g^\beta * \sigma^challenge 1935 // tmp2 = g^\beta * \sigma^challenge
1941 gcry_mpi_powm (tmp2, sigma, challenge, elgamal_p); 1936 gcry_mpi_powm(tmp2, sigma, challenge, elgamal_p);
1942 gcry_mpi_mulm (tmp2, tmp2, commit1, elgamal_p); 1937 gcry_mpi_mulm(tmp2, tmp2, commit1, elgamal_p);
1943 1938
1944 if (0 != gcry_mpi_cmp (tmp1, tmp2)) 1939 if (0 != gcry_mpi_cmp(tmp1, tmp2))
1945 { 1940 {
1946 char *tmp1_str; 1941 char *tmp1_str;
1947 char *tmp2_str; 1942 char *tmp2_str;
1948 1943
1949 tmp1_str = mpi_to_str (tmp1); 1944 tmp1_str = mpi_to_str(tmp1);
1950 tmp2_str = mpi_to_str (tmp2); 1945 tmp2_str = mpi_to_str(tmp2);
1951 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 1946 GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
1952 "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n", 1947 "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n",
1953 session->share->my_peer, 1948 session->share->my_peer,
1954 (unsigned int) (info - session->info), 1949 (unsigned int)(info - session->info),
1955 tmp1_str, 1950 tmp1_str,
1956 tmp2_str); 1951 tmp2_str);
1957 GNUNET_free (tmp1_str); 1952 GNUNET_free(tmp1_str);
1958 GNUNET_free (tmp2_str); 1953 GNUNET_free(tmp2_str);
1959 goto cleanup; 1954 goto cleanup;
1960 } 1955 }
1961 1956
1962 1957
1963 gcry_mpi_powm (tmp1, c1, r, elgamal_p); 1958 gcry_mpi_powm(tmp1, c1, r, elgamal_p);
1964 1959
1965 gcry_mpi_powm (tmp2, w, challenge, elgamal_p); 1960 gcry_mpi_powm(tmp2, w, challenge, elgamal_p);
1966 gcry_mpi_mulm (tmp2, tmp2, commit2, elgamal_p); 1961 gcry_mpi_mulm(tmp2, tmp2, commit2, elgamal_p);
1967 1962
1968 1963
1969 if (0 != gcry_mpi_cmp (tmp1, tmp2)) 1964 if (0 != gcry_mpi_cmp(tmp1, tmp2))
1970 { 1965 {
1971 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 1966 GNUNET_log(GNUNET_ERROR_TYPE_WARNING,
1972 "P%u: Received invalid partial decryption from P%u (eqn 2)\n", 1967 "P%u: Received invalid partial decryption from P%u (eqn 2)\n",
1973 session->share->my_peer, 1968 session->share->my_peer,
1974 (unsigned int) (info - session->info)); 1969 (unsigned int)(info - session->info));
1975 goto cleanup; 1970 goto cleanup;
1976 } 1971 }
1977 1972
1978 1973
1979 GNUNET_CRYPTO_mpi_scan_unsigned (&info->partial_decryption, &d->partial_decryption, 1974 GNUNET_CRYPTO_mpi_scan_unsigned(&info->partial_decryption, &d->partial_decryption,
1980 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1975 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1981cleanup: 1976cleanup:
1982 gcry_mpi_release (tmp1); 1977 gcry_mpi_release(tmp1);
1983 gcry_mpi_release (tmp2); 1978 gcry_mpi_release(tmp2);
1984 gcry_mpi_release (sigma); 1979 gcry_mpi_release(sigma);
1985 gcry_mpi_release (commit1); 1980 gcry_mpi_release(commit1);
1986 gcry_mpi_release (commit2); 1981 gcry_mpi_release(commit2);
1987 gcry_mpi_release (r); 1982 gcry_mpi_release(r);
1988 gcry_mpi_release (w); 1983 gcry_mpi_release(w);
1989 gcry_mpi_release (challenge); 1984 gcry_mpi_release(challenge);
1990 gcry_mpi_release (c1); 1985 gcry_mpi_release(c1);
1991} 1986}
1992 1987
1993 1988
1994static void 1989static void
1995insert_decrypt_element (struct DecryptSession *ds) 1990insert_decrypt_element(struct DecryptSession *ds)
1996{ 1991{
1997 struct GNUNET_SECRETSHARING_DecryptData d; 1992 struct GNUNET_SECRETSHARING_DecryptData d;
1998 struct GNUNET_SET_Element element; 1993 struct GNUNET_SET_Element element;
@@ -2010,99 +2005,100 @@ insert_decrypt_element (struct DecryptSession *ds)
2010 struct GNUNET_HashCode challenge_hash; 2005 struct GNUNET_HashCode challenge_hash;
2011 2006
2012 /* make vagrind happy until we implement the real deal ... */ 2007 /* make vagrind happy until we implement the real deal ... */
2013 memset (&d, 0, sizeof d); 2008 memset(&d, 0, sizeof d);
2014 2009
2015 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n", 2010 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n",
2016 ds->share->my_peer); 2011 ds->share->my_peer);
2017 2012
2018 GNUNET_assert (ds->share->my_peer < ds->share->num_peers); 2013 GNUNET_assert(ds->share->my_peer < ds->share->num_peers);
2019 2014
2020 GNUNET_CRYPTO_mpi_scan_unsigned (&c1, &ds->ciphertext.c1_bits, 2015 GNUNET_CRYPTO_mpi_scan_unsigned(&c1, &ds->ciphertext.c1_bits,
2021 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 2016 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
2022 GNUNET_CRYPTO_mpi_scan_unsigned (&s, &ds->share->my_share, 2017 GNUNET_CRYPTO_mpi_scan_unsigned(&s, &ds->share->my_share,
2023 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 2018 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
2024 GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &ds->share->sigmas[ds->share->my_peer], 2019 GNUNET_CRYPTO_mpi_scan_unsigned(&sigma, &ds->share->sigmas[ds->share->my_peer],
2025 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 2020 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
2026 2021
2027 GNUNET_assert (NULL != (w = gcry_mpi_new (0))); 2022 GNUNET_assert(NULL != (w = gcry_mpi_new(0)));
2028 GNUNET_assert (NULL != (beta = gcry_mpi_new (0))); 2023 GNUNET_assert(NULL != (beta = gcry_mpi_new(0)));
2029 GNUNET_assert (NULL != (tmp = gcry_mpi_new (0))); 2024 GNUNET_assert(NULL != (tmp = gcry_mpi_new(0)));
2030 2025
2031 // FIXME: unnecessary, remove once crypto works 2026 // FIXME: unnecessary, remove once crypto works
2032 gcry_mpi_powm (tmp, elgamal_g, s, elgamal_p); 2027 gcry_mpi_powm(tmp, elgamal_g, s, elgamal_p);
2033 if (0 != gcry_mpi_cmp (tmp, sigma)) 2028 if (0 != gcry_mpi_cmp(tmp, sigma))
2034 { 2029 {
2035 char *sigma_str = mpi_to_str (sigma); 2030 char *sigma_str = mpi_to_str(sigma);
2036 char *tmp_str = mpi_to_str (tmp); 2031 char *tmp_str = mpi_to_str(tmp);
2037 char *s_str = mpi_to_str (s); 2032 char *s_str = mpi_to_str(s);
2038 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Share of P%u is invalid, ref sigma %s, " 2033 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Share of P%u is invalid, ref sigma %s, "
2039 "computed sigma %s, s %s\n", 2034 "computed sigma %s, s %s\n",
2040 ds->share->my_peer, 2035 ds->share->my_peer,
2041 sigma_str, tmp_str, s_str); 2036 sigma_str, tmp_str, s_str);
2042 GNUNET_free (sigma_str); 2037 GNUNET_free(sigma_str);
2043 GNUNET_free (tmp_str); 2038 GNUNET_free(tmp_str);
2044 GNUNET_free (s_str); 2039 GNUNET_free(s_str);
2045 } 2040 }
2046 2041
2047 gcry_mpi_powm (w, c1, s, elgamal_p); 2042 gcry_mpi_powm(w, c1, s, elgamal_p);
2048 2043
2049 element.data = (void *) &d; 2044 element.data = (void *)&d;
2050 element.size = sizeof (struct GNUNET_SECRETSHARING_DecryptData); 2045 element.size = sizeof(struct GNUNET_SECRETSHARING_DecryptData);
2051 element.element_type = 0; 2046 element.element_type = 0;
2052 2047
2053 d.ciphertext = ds->ciphertext; 2048 d.ciphertext = ds->ciphertext;
2054 d.peer = my_peer; 2049 d.peer = my_peer;
2055 GNUNET_CRYPTO_mpi_print_unsigned (&d.partial_decryption, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w); 2050 GNUNET_CRYPTO_mpi_print_unsigned(&d.partial_decryption, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w);
2056 2051
2057 // create the zero knowledge proof 2052 // create the zero knowledge proof
2058 // randomly choose beta such that 0 < beta < q 2053 // randomly choose beta such that 0 < beta < q
2059 do 2054 do
2060 { 2055 {
2061 gcry_mpi_randomize (beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); 2056 gcry_mpi_randomize(beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
2062 } while ((gcry_mpi_cmp_ui (beta, 0) == 0) || (gcry_mpi_cmp (beta, elgamal_q) >= 0)); 2057 }
2058 while ((gcry_mpi_cmp_ui(beta, 0) == 0) || (gcry_mpi_cmp(beta, elgamal_q) >= 0));
2063 // tmp = g^beta 2059 // tmp = g^beta
2064 gcry_mpi_powm (tmp, elgamal_g, beta, elgamal_p); 2060 gcry_mpi_powm(tmp, elgamal_g, beta, elgamal_p);
2065 GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); 2061 GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_commit1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
2066 // tmp = (c_1)^beta 2062 // tmp = (c_1)^beta
2067 gcry_mpi_powm (tmp, c1, beta, elgamal_p); 2063 gcry_mpi_powm(tmp, c1, beta, elgamal_p);
2068 GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit2, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); 2064 GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_commit2, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
2069 2065
2070 // the challenge is the hash of everything up to the response 2066 // the challenge is the hash of everything up to the response
2071 GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *) &d, 2067 GNUNET_CRYPTO_hash(offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *)&d,
2072 offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - 2068 offsetof(struct GNUNET_SECRETSHARING_DecryptData, nizk_response) -
2073 offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext), 2069 offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext),
2074 &challenge_hash); 2070 &challenge_hash);
2075 2071
2076 GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash, 2072 GNUNET_CRYPTO_mpi_scan_unsigned(&challenge, &challenge_hash,
2077 sizeof (struct GNUNET_HashCode)); 2073 sizeof(struct GNUNET_HashCode));
2078 2074
2079 // compute the response in tmp, 2075 // compute the response in tmp,
2080 // tmp = (c * s + beta) mod q 2076 // tmp = (c * s + beta) mod q
2081 gcry_mpi_mulm (tmp, challenge, s, elgamal_q); 2077 gcry_mpi_mulm(tmp, challenge, s, elgamal_q);
2082 gcry_mpi_addm (tmp, tmp, beta, elgamal_q); 2078 gcry_mpi_addm(tmp, tmp, beta, elgamal_q);
2083 2079
2084 GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_response, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); 2080 GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_response, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
2085 2081
2086 d.purpose.size = htonl (element.size - offsetof (struct GNUNET_SECRETSHARING_DecryptData, purpose)); 2082 d.purpose.size = htonl(element.size - offsetof(struct GNUNET_SECRETSHARING_DecryptData, purpose));
2087 d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); 2083 d.purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION);
2088 2084
2089 GNUNET_assert (GNUNET_OK == 2085 GNUNET_assert(GNUNET_OK ==
2090 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, 2086 GNUNET_CRYPTO_eddsa_sign(my_peer_private_key,
2091 &d.purpose, 2087 &d.purpose,
2092 &d.signature)); 2088 &d.signature));
2093 2089
2094 GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); 2090 GNUNET_CONSENSUS_insert(ds->consensus, &element, NULL, NULL);
2095 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 2091 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
2096 "P%u: Inserting decrypt element done!\n", 2092 "P%u: Inserting decrypt element done!\n",
2097 ds->share->my_peer); 2093 ds->share->my_peer);
2098 2094
2099 gcry_mpi_release (s); 2095 gcry_mpi_release(s);
2100 gcry_mpi_release (w); 2096 gcry_mpi_release(w);
2101 gcry_mpi_release (c1); 2097 gcry_mpi_release(c1);
2102 gcry_mpi_release (beta); 2098 gcry_mpi_release(beta);
2103 gcry_mpi_release (tmp); 2099 gcry_mpi_release(tmp);
2104 gcry_mpi_release (challenge); 2100 gcry_mpi_release(challenge);
2105 gcry_mpi_release (sigma); 2101 gcry_mpi_release(sigma);
2106} 2102}
2107 2103
2108 2104
@@ -2114,8 +2110,8 @@ insert_decrypt_element (struct DecryptSession *ds)
2114 * @return #GNUNET_OK (check deferred a bit) 2110 * @return #GNUNET_OK (check deferred a bit)
2115 */ 2111 */
2116static int 2112static int
2117check_client_decrypt (void *cls, 2113check_client_decrypt(void *cls,
2118 const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) 2114 const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
2119{ 2115{
2120 /* we check later, it's complicated */ 2116 /* we check later, it's complicated */
2121 return GNUNET_OK; 2117 return GNUNET_OK;
@@ -2130,77 +2126,77 @@ check_client_decrypt (void *cls,
2130 * @param msg the actual message 2126 * @param msg the actual message
2131 */ 2127 */
2132static void 2128static void
2133handle_client_decrypt (void *cls, 2129handle_client_decrypt(void *cls,
2134 const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) 2130 const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
2135{ 2131{
2136 struct ClientState *cs = cls; 2132 struct ClientState *cs = cls;
2137 struct DecryptSession *ds; 2133 struct DecryptSession *ds;
2138 struct GNUNET_HashCode session_id; 2134 struct GNUNET_HashCode session_id;
2139 2135
2140 if (NULL != cs->decrypt_session) 2136 if (NULL != cs->decrypt_session)
2141 { 2137 {
2142 GNUNET_break (0); 2138 GNUNET_break(0);
2143 GNUNET_SERVICE_client_drop (cs->client); 2139 GNUNET_SERVICE_client_drop(cs->client);
2144 return; 2140 return;
2145 } 2141 }
2146 ds = GNUNET_new (struct DecryptSession); 2142 ds = GNUNET_new(struct DecryptSession);
2147 cs->decrypt_session = ds; 2143 cs->decrypt_session = ds;
2148 ds->cs = cs; 2144 ds->cs = cs;
2149 ds->start = GNUNET_TIME_absolute_ntoh (msg->start); 2145 ds->start = GNUNET_TIME_absolute_ntoh(msg->start);
2150 ds->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline); 2146 ds->deadline = GNUNET_TIME_absolute_ntoh(msg->deadline);
2151 ds->ciphertext = msg->ciphertext; 2147 ds->ciphertext = msg->ciphertext;
2152 2148
2153 ds->share = GNUNET_SECRETSHARING_share_read (&msg[1], 2149 ds->share = GNUNET_SECRETSHARING_share_read(&msg[1],
2154 ntohs (msg->header.size) - sizeof (*msg), 2150 ntohs(msg->header.size) - sizeof(*msg),
2155 NULL); 2151 NULL);
2156 if (NULL == ds->share) 2152 if (NULL == ds->share)
2157 { 2153 {
2158 GNUNET_break (0); 2154 GNUNET_break(0);
2159 GNUNET_SERVICE_client_drop (cs->client); 2155 GNUNET_SERVICE_client_drop(cs->client);
2160 return; 2156 return;
2161 } 2157 }
2162 2158
2163 /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */ 2159 /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */
2164 GNUNET_CRYPTO_hash (&msg->ciphertext, 2160 GNUNET_CRYPTO_hash(&msg->ciphertext,
2165 sizeof (struct GNUNET_SECRETSHARING_Ciphertext), 2161 sizeof(struct GNUNET_SECRETSHARING_Ciphertext),
2166 &session_id); 2162 &session_id);
2167 ds->consensus = GNUNET_CONSENSUS_create (cfg, 2163 ds->consensus = GNUNET_CONSENSUS_create(cfg,
2168 ds->share->num_peers, 2164 ds->share->num_peers,
2169 ds->share->peers, 2165 ds->share->peers,
2170 &session_id, 2166 &session_id,
2171 ds->start, 2167 ds->start,
2172 ds->deadline, 2168 ds->deadline,
2173 &decrypt_new_element, 2169 &decrypt_new_element,
2174 ds); 2170 ds);
2175 2171
2176 2172
2177 ds->info = GNUNET_new_array (ds->share->num_peers, 2173 ds->info = GNUNET_new_array(ds->share->num_peers,
2178 struct DecryptPeerInfo); 2174 struct DecryptPeerInfo);
2179 for (unsigned int i = 0; i < ds->share->num_peers; i++) 2175 for (unsigned int i = 0; i < ds->share->num_peers; i++)
2180 { 2176 {
2181 ds->info[i].peer = ds->share->peers[i]; 2177 ds->info[i].peer = ds->share->peers[i];
2182 ds->info[i].original_index = ds->share->original_indices[i]; 2178 ds->info[i].original_index = ds->share->original_indices[i];
2183 } 2179 }
2184 insert_decrypt_element (ds); 2180 insert_decrypt_element(ds);
2185 GNUNET_CONSENSUS_conclude (ds->consensus, 2181 GNUNET_CONSENSUS_conclude(ds->consensus,
2186 decrypt_conclude, 2182 decrypt_conclude,
2187 ds); 2183 ds);
2188 GNUNET_SERVICE_client_continue (cs->client); 2184 GNUNET_SERVICE_client_continue(cs->client);
2189 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 2185 GNUNET_log(GNUNET_ERROR_TYPE_INFO,
2190 "decrypting with %u peers\n", 2186 "decrypting with %u peers\n",
2191 ds->share->num_peers); 2187 ds->share->num_peers);
2192} 2188}
2193 2189
2194 2190
2195static void 2191static void
2196init_crypto_constants (void) 2192init_crypto_constants(void)
2197{ 2193{
2198 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX, 2194 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_q, GCRYMPI_FMT_HEX,
2199 GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL)); 2195 GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL));
2200 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX, 2196 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_p, GCRYMPI_FMT_HEX,
2201 GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL)); 2197 GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL));
2202 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX, 2198 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_g, GCRYMPI_FMT_HEX,
2203 GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL)); 2199 GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL));
2204} 2200}
2205 2201
2206 2202
@@ -2212,33 +2208,33 @@ init_crypto_constants (void)
2212 * @param service the initialized service 2208 * @param service the initialized service
2213 */ 2209 */
2214static void 2210static void
2215run (void *cls, 2211run(void *cls,
2216 const struct GNUNET_CONFIGURATION_Handle *c, 2212 const struct GNUNET_CONFIGURATION_Handle *c,
2217 struct GNUNET_SERVICE_Handle *service) 2213 struct GNUNET_SERVICE_Handle *service)
2218{ 2214{
2219 cfg = c; 2215 cfg = c;
2220 my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (c); 2216 my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration(c);
2221 if (NULL == my_peer_private_key) 2217 if (NULL == my_peer_private_key)
2222 { 2218 {
2223 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 2219 GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
2224 "could not access host private key\n"); 2220 "could not access host private key\n");
2225 GNUNET_break (0); 2221 GNUNET_break(0);
2226 GNUNET_SCHEDULER_shutdown (); 2222 GNUNET_SCHEDULER_shutdown();
2227 return; 2223 return;
2228 } 2224 }
2229 init_crypto_constants (); 2225 init_crypto_constants();
2230 if (GNUNET_OK != 2226 if (GNUNET_OK !=
2231 GNUNET_CRYPTO_get_peer_identity (cfg, 2227 GNUNET_CRYPTO_get_peer_identity(cfg,
2232 &my_peer)) 2228 &my_peer))
2233 { 2229 {
2234 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 2230 GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
2235 "could not retrieve host identity\n"); 2231 "could not retrieve host identity\n");
2236 GNUNET_break (0); 2232 GNUNET_break(0);
2237 GNUNET_SCHEDULER_shutdown (); 2233 GNUNET_SCHEDULER_shutdown();
2238 return; 2234 return;
2239 } 2235 }
2240 GNUNET_SCHEDULER_add_shutdown (&cleanup_task, 2236 GNUNET_SCHEDULER_add_shutdown(&cleanup_task,
2241 NULL); 2237 NULL);
2242} 2238}
2243 2239
2244 2240
@@ -2251,11 +2247,11 @@ run (void *cls,
2251 * @return @a c 2247 * @return @a c
2252 */ 2248 */
2253static void * 2249static void *
2254client_connect_cb (void *cls, 2250client_connect_cb(void *cls,
2255 struct GNUNET_SERVICE_Client *c, 2251 struct GNUNET_SERVICE_Client *c,
2256 struct GNUNET_MQ_Handle *mq) 2252 struct GNUNET_MQ_Handle *mq)
2257{ 2253{
2258 struct ClientState *cs = GNUNET_new (struct ClientState);; 2254 struct ClientState *cs = GNUNET_new(struct ClientState);;
2259 2255
2260 cs->client = c; 2256 cs->client = c;
2261 cs->mq = mq; 2257 cs->mq = mq;
@@ -2271,18 +2267,18 @@ client_connect_cb (void *cls,
2271 * @param internal_cls should be equal to @a c 2267 * @param internal_cls should be equal to @a c
2272 */ 2268 */
2273static void 2269static void
2274client_disconnect_cb (void *cls, 2270client_disconnect_cb(void *cls,
2275 struct GNUNET_SERVICE_Client *c, 2271 struct GNUNET_SERVICE_Client *c,
2276 void *internal_cls) 2272 void *internal_cls)
2277{ 2273{
2278 struct ClientState *cs = internal_cls; 2274 struct ClientState *cs = internal_cls;
2279 2275
2280 if (NULL != cs->keygen_session) 2276 if (NULL != cs->keygen_session)
2281 keygen_session_destroy (cs->keygen_session); 2277 keygen_session_destroy(cs->keygen_session);
2282 2278
2283 if (NULL != cs->decrypt_session) 2279 if (NULL != cs->decrypt_session)
2284 decrypt_session_destroy (cs->decrypt_session); 2280 decrypt_session_destroy(cs->decrypt_session);
2285 GNUNET_free (cs); 2281 GNUNET_free(cs);
2286} 2282}
2287 2283
2288 2284
@@ -2290,18 +2286,18 @@ client_disconnect_cb (void *cls,
2290 * Define "main" method using service macro. 2286 * Define "main" method using service macro.
2291 */ 2287 */
2292GNUNET_SERVICE_MAIN 2288GNUNET_SERVICE_MAIN
2293("secretsharing", 2289 ("secretsharing",
2294 GNUNET_SERVICE_OPTION_NONE, 2290 GNUNET_SERVICE_OPTION_NONE,
2295 &run, 2291 &run,
2296 &client_connect_cb, 2292 &client_connect_cb,
2297 &client_disconnect_cb, 2293 &client_disconnect_cb,
2298 NULL, 2294 NULL,
2299 GNUNET_MQ_hd_var_size (client_keygen, 2295 GNUNET_MQ_hd_var_size(client_keygen,
2300 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, 2296 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE,
2301 struct GNUNET_SECRETSHARING_CreateMessage, 2297 struct GNUNET_SECRETSHARING_CreateMessage,
2302 NULL), 2298 NULL),
2303 GNUNET_MQ_hd_var_size (client_decrypt, 2299 GNUNET_MQ_hd_var_size(client_decrypt,
2304 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, 2300 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT,
2305 struct GNUNET_SECRETSHARING_DecryptRequestMessage, 2301 struct GNUNET_SECRETSHARING_DecryptRequestMessage,
2306 NULL), 2302 NULL),
2307 GNUNET_MQ_handler_end ()); 2303 GNUNET_MQ_handler_end());
diff --git a/src/secretsharing/secretsharing.h b/src/secretsharing/secretsharing.h
index d3f054919..98b7b9a94 100644
--- a/src/secretsharing/secretsharing.h
+++ b/src/secretsharing/secretsharing.h
@@ -11,12 +11,12 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
18 SPDX-License-Identifier: AGPL3.0-or-later 18 SPDX-License-Identifier: AGPL3.0-or-later
19*/ 19 */
20 20
21/** 21/**
22 * @author Florian Dold 22 * @author Florian Dold
@@ -35,8 +35,7 @@
35 35
36GNUNET_NETWORK_STRUCT_BEGIN 36GNUNET_NETWORK_STRUCT_BEGIN
37 37
38struct GNUNET_SECRETSHARING_FieldElement 38struct GNUNET_SECRETSHARING_FieldElement {
39{
40 /** 39 /**
41 * Value of an element in &lt;elgamal_g&gt;. 40 * Value of an element in &lt;elgamal_g&gt;.
42 */ 41 */
@@ -44,8 +43,7 @@ struct GNUNET_SECRETSHARING_FieldElement
44}; 43};
45 44
46 45
47struct GNUNET_SECRETSHARING_CreateMessage 46struct GNUNET_SECRETSHARING_CreateMessage {
48{
49 /** 47 /**
50 * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE 48 * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE
51 */ 49 */
@@ -82,8 +80,7 @@ struct GNUNET_SECRETSHARING_CreateMessage
82 80
83 81
84 82
85struct GNUNET_SECRETSHARING_ShareHeaderNBO 83struct GNUNET_SECRETSHARING_ShareHeaderNBO {
86{
87 /** 84 /**
88 * Threshold for the key this share belongs to. 85 * Threshold for the key this share belongs to.
89 */ 86 */
@@ -116,20 +113,17 @@ struct GNUNET_SECRETSHARING_ShareHeaderNBO
116 * Notify the client that then threshold secret has been 113 * Notify the client that then threshold secret has been
117 * established. 114 * established.
118 */ 115 */
119struct GNUNET_SECRETSHARING_SecretReadyMessage 116struct GNUNET_SECRETSHARING_SecretReadyMessage {
120{
121 /** 117 /**
122 * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY 118 * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY
123 */ 119 */
124 struct GNUNET_MessageHeader header; 120 struct GNUNET_MessageHeader header;
125 121
126 /* rest: the serialized share */ 122 /* rest: the serialized share */
127
128}; 123};
129 124
130 125
131struct GNUNET_SECRETSHARING_DecryptRequestMessage 126struct GNUNET_SECRETSHARING_DecryptRequestMessage {
132{
133 /** 127 /**
134 * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_REQUEST 128 * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_REQUEST
135 */ 129 */
@@ -154,8 +148,7 @@ struct GNUNET_SECRETSHARING_DecryptRequestMessage
154}; 148};
155 149
156 150
157struct GNUNET_SECRETSHARING_DecryptResponseMessage 151struct GNUNET_SECRETSHARING_DecryptResponseMessage {
158{
159 /** 152 /**
160 * Type: #GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE 153 * Type: #GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE
161 */ 154 */
@@ -180,8 +173,7 @@ GNUNET_NETWORK_STRUCT_END
180/** 173/**
181 * A share, with all values in in host byte order. 174 * A share, with all values in in host byte order.
182 */ 175 */
183struct GNUNET_SECRETSHARING_Share 176struct GNUNET_SECRETSHARING_Share {
184{
185 /** 177 /**
186 * Threshold for the key this share belongs to. 178 * Threshold for the key this share belongs to.
187 */ 179 */
diff --git a/src/secretsharing/secretsharing_api.c b/src/secretsharing/secretsharing_api.c
index 065aac8d7..da9e14d1e 100644
--- a/src/secretsharing/secretsharing_api.c
+++ b/src/secretsharing/secretsharing_api.c
@@ -11,12 +11,12 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
18 SPDX-License-Identifier: AGPL3.0-or-later 18 SPDX-License-Identifier: AGPL3.0-or-later
19*/ 19 */
20 20
21/** 21/**
22 * @file secretsharing/secretsharing_api.c 22 * @file secretsharing/secretsharing_api.c
@@ -30,15 +30,13 @@
30#include <gcrypt.h> 30#include <gcrypt.h>
31 31
32 32
33#define LOG(kind,...) GNUNET_log_from (kind, "secretsharing-api",__VA_ARGS__) 33#define LOG(kind, ...) GNUNET_log_from(kind, "secretsharing-api", __VA_ARGS__)
34 34
35/** 35/**
36 * Session that will eventually establish a shared secred between 36 * Session that will eventually establish a shared secred between
37 * the involved peers and allow encryption and cooperative decryption. 37 * the involved peers and allow encryption and cooperative decryption.
38 */ 38 */
39struct GNUNET_SECRETSHARING_Session 39struct GNUNET_SECRETSHARING_Session {
40{
41
42 /** 40 /**
43 * Message queue for @e client. 41 * Message queue for @e client.
44 */ 42 */
@@ -59,9 +57,7 @@ struct GNUNET_SECRETSHARING_Session
59/** 57/**
60 * Handle to cancel a cooperative decryption operation. 58 * Handle to cancel a cooperative decryption operation.
61 */ 59 */
62struct GNUNET_SECRETSHARING_DecryptionHandle 60struct GNUNET_SECRETSHARING_DecryptionHandle {
63{
64
65 /** 61 /**
66 * Message queue for @e client. 62 * Message queue for @e client.
67 */ 63 */
@@ -102,17 +98,17 @@ static gcry_mpi_t elgamal_g;
102 * Function to initialize #elgamal_q, #elgamal_p and #elgamal_g. 98 * Function to initialize #elgamal_q, #elgamal_p and #elgamal_g.
103 */ 99 */
104static void 100static void
105ensure_elgamal_initialized (void) 101ensure_elgamal_initialized(void)
106{ 102{
107 if (NULL != elgamal_q) 103 if (NULL != elgamal_q)
108 return; /* looks like crypto is already initialized */ 104 return; /* looks like crypto is already initialized */
109 105
110 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX, 106 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_q, GCRYMPI_FMT_HEX,
111 GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL)); 107 GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL));
112 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX, 108 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_p, GCRYMPI_FMT_HEX,
113 GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL)); 109 GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL));
114 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX, 110 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_g, GCRYMPI_FMT_HEX,
115 GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL)); 111 GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL));
116} 112}
117 113
118 114
@@ -124,13 +120,13 @@ ensure_elgamal_initialized (void)
124 * @param error error code 120 * @param error error code
125 */ 121 */
126static void 122static void
127handle_session_client_error (void *cls, 123handle_session_client_error(void *cls,
128 enum GNUNET_MQ_Error error) 124 enum GNUNET_MQ_Error error)
129{ 125{
130 struct GNUNET_SECRETSHARING_Session *s = cls; 126 struct GNUNET_SECRETSHARING_Session *s = cls;
131 127
132 s->secret_ready_cb (s->secret_ready_cls, NULL, NULL, 0, NULL); 128 s->secret_ready_cb(s->secret_ready_cls, NULL, NULL, 0, NULL);
133 GNUNET_SECRETSHARING_session_destroy (s); 129 GNUNET_SECRETSHARING_session_destroy(s);
134} 130}
135 131
136 132
@@ -142,13 +138,13 @@ handle_session_client_error (void *cls,
142 * @param error error code 138 * @param error error code
143 */ 139 */
144static void 140static void
145handle_decrypt_client_error (void *cls, 141handle_decrypt_client_error(void *cls,
146 enum GNUNET_MQ_Error error) 142 enum GNUNET_MQ_Error error)
147{ 143{
148 struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls; 144 struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls;
149 145
150 dh->decrypt_cb (dh->decrypt_cls, NULL); 146 dh->decrypt_cb(dh->decrypt_cls, NULL);
151 GNUNET_SECRETSHARING_decrypt_cancel (dh); 147 GNUNET_SECRETSHARING_decrypt_cancel(dh);
152} 148}
153 149
154 150
@@ -161,8 +157,8 @@ handle_decrypt_client_error (void *cls,
161 * @param m message with the result 157 * @param m message with the result
162 */ 158 */
163static int 159static int
164check_secret_ready (void *cls, 160check_secret_ready(void *cls,
165 const struct GNUNET_SECRETSHARING_SecretReadyMessage *m) 161 const struct GNUNET_SECRETSHARING_SecretReadyMessage *m)
166{ 162{
167 /* FIXME: actually check m is well-formed here! */ 163 /* FIXME: actually check m is well-formed here! */
168 return GNUNET_OK; 164 return GNUNET_OK;
@@ -178,32 +174,32 @@ check_secret_ready (void *cls,
178 * @param m message with the result 174 * @param m message with the result
179 */ 175 */
180static void 176static void
181handle_secret_ready (void *cls, 177handle_secret_ready(void *cls,
182 const struct GNUNET_SECRETSHARING_SecretReadyMessage *m) 178 const struct GNUNET_SECRETSHARING_SecretReadyMessage *m)
183{ 179{
184 struct GNUNET_SECRETSHARING_Session *s = cls; 180 struct GNUNET_SECRETSHARING_Session *s = cls;
185 struct GNUNET_SECRETSHARING_Share *share; 181 struct GNUNET_SECRETSHARING_Share *share;
186 size_t share_size; 182 size_t share_size;
187 183
188 LOG (GNUNET_ERROR_TYPE_DEBUG, 184 LOG(GNUNET_ERROR_TYPE_DEBUG,
189 "Got secret ready message of size %u\n", 185 "Got secret ready message of size %u\n",
190 ntohs (m->header.size)); 186 ntohs(m->header.size));
191 share_size = ntohs (m->header.size) - sizeof (struct GNUNET_SECRETSHARING_SecretReadyMessage); 187 share_size = ntohs(m->header.size) - sizeof(struct GNUNET_SECRETSHARING_SecretReadyMessage);
192 188
193 share = GNUNET_SECRETSHARING_share_read (&m[1], 189 share = GNUNET_SECRETSHARING_share_read(&m[1],
194 share_size, 190 share_size,
195 NULL); 191 NULL);
196 GNUNET_assert (NULL != share); // FIXME: this can fail! 192 GNUNET_assert(NULL != share); // FIXME: this can fail!
197 // should have been checked in #check_secret_ready! 193 // should have been checked in #check_secret_ready!
198 // FIXME: below we never check &m[1] is valid! 194 // FIXME: below we never check &m[1] is valid!
199 // FIXME: do we leak 'share' here? 195 // FIXME: do we leak 'share' here?
200 s->secret_ready_cb (s->secret_ready_cls, 196 s->secret_ready_cb(s->secret_ready_cls,
201 share, /* FIXME */ 197 share, /* FIXME */
202 &share->public_key, 198 &share->public_key,
203 share->num_peers, 199 share->num_peers,
204 (const struct GNUNET_PeerIdentity *) &m[1]); 200 (const struct GNUNET_PeerIdentity *)&m[1]);
205 201
206 GNUNET_SECRETSHARING_session_destroy (s); 202 GNUNET_SECRETSHARING_session_destroy(s);
207} 203}
208 204
209 205
@@ -214,11 +210,11 @@ handle_secret_ready (void *cls,
214 * @param s session to destroy 210 * @param s session to destroy
215 */ 211 */
216void 212void
217GNUNET_SECRETSHARING_session_destroy (struct GNUNET_SECRETSHARING_Session *s) 213GNUNET_SECRETSHARING_session_destroy(struct GNUNET_SECRETSHARING_Session *s)
218{ 214{
219 GNUNET_MQ_destroy (s->mq); 215 GNUNET_MQ_destroy(s->mq);
220 s->mq = NULL; 216 s->mq = NULL;
221 GNUNET_free (s); 217 GNUNET_free(s);
222} 218}
223 219
224 220
@@ -239,65 +235,65 @@ GNUNET_SECRETSHARING_session_destroy (struct GNUNET_SECRETSHARING_Session *s)
239 * @param cls closure for @a cb 235 * @param cls closure for @a cb
240 */ 236 */
241struct GNUNET_SECRETSHARING_Session * 237struct GNUNET_SECRETSHARING_Session *
242GNUNET_SECRETSHARING_create_session (const struct GNUNET_CONFIGURATION_Handle *cfg, 238GNUNET_SECRETSHARING_create_session(const struct GNUNET_CONFIGURATION_Handle *cfg,
243 unsigned int num_peers, 239 unsigned int num_peers,
244 const struct GNUNET_PeerIdentity *peers, 240 const struct GNUNET_PeerIdentity *peers,
245 const struct GNUNET_HashCode *session_id, 241 const struct GNUNET_HashCode *session_id,
246 struct GNUNET_TIME_Absolute start, 242 struct GNUNET_TIME_Absolute start,
247 struct GNUNET_TIME_Absolute deadline, 243 struct GNUNET_TIME_Absolute deadline,
248 unsigned int threshold, 244 unsigned int threshold,
249 GNUNET_SECRETSHARING_SecretReadyCallback cb, 245 GNUNET_SECRETSHARING_SecretReadyCallback cb,
250 void *cls) 246 void *cls)
251{ 247{
252 struct GNUNET_SECRETSHARING_Session *s 248 struct GNUNET_SECRETSHARING_Session *s
253 = GNUNET_new (struct GNUNET_SECRETSHARING_Session); 249 = GNUNET_new(struct GNUNET_SECRETSHARING_Session);
254 struct GNUNET_MQ_MessageHandler mq_handlers[] = { 250 struct GNUNET_MQ_MessageHandler mq_handlers[] = {
255 GNUNET_MQ_hd_var_size (secret_ready, 251 GNUNET_MQ_hd_var_size(secret_ready,
256 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY, 252 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY,
257 struct GNUNET_SECRETSHARING_SecretReadyMessage, 253 struct GNUNET_SECRETSHARING_SecretReadyMessage,
258 s), 254 s),
259 GNUNET_MQ_handler_end () 255 GNUNET_MQ_handler_end()
260 }; 256 };
261 struct GNUNET_MQ_Envelope *ev; 257 struct GNUNET_MQ_Envelope *ev;
262 struct GNUNET_SECRETSHARING_CreateMessage *msg; 258 struct GNUNET_SECRETSHARING_CreateMessage *msg;
263 259
264 s->mq = GNUNET_CLIENT_connect (cfg, 260 s->mq = GNUNET_CLIENT_connect(cfg,
265 "secretsharing", 261 "secretsharing",
266 mq_handlers, 262 mq_handlers,
267 &handle_session_client_error, 263 &handle_session_client_error,
268 s); 264 s);
269 if (NULL == s->mq) 265 if (NULL == s->mq)
270 { 266 {
271 /* secretsharing not configured correctly */ 267 /* secretsharing not configured correctly */
272 GNUNET_break (0); 268 GNUNET_break(0);
273 GNUNET_free (s); 269 GNUNET_free(s);
274 return NULL; 270 return NULL;
275 } 271 }
276 s->secret_ready_cb = cb; 272 s->secret_ready_cb = cb;
277 s->secret_ready_cls = cls; 273 s->secret_ready_cls = cls;
278 ev = GNUNET_MQ_msg_extra (msg, 274 ev = GNUNET_MQ_msg_extra(msg,
279 num_peers * sizeof (struct GNUNET_PeerIdentity), 275 num_peers * sizeof(struct GNUNET_PeerIdentity),
280 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE); 276 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE);
281 277
282 msg->threshold = htons (threshold); 278 msg->threshold = htons(threshold);
283 msg->num_peers = htons (num_peers); 279 msg->num_peers = htons(num_peers);
284 msg->session_id = *session_id; 280 msg->session_id = *session_id;
285 msg->start = GNUNET_TIME_absolute_hton (start); 281 msg->start = GNUNET_TIME_absolute_hton(start);
286 msg->deadline = GNUNET_TIME_absolute_hton (deadline); 282 msg->deadline = GNUNET_TIME_absolute_hton(deadline);
287 GNUNET_memcpy (&msg[1], peers, num_peers * sizeof (struct GNUNET_PeerIdentity)); 283 GNUNET_memcpy(&msg[1], peers, num_peers * sizeof(struct GNUNET_PeerIdentity));
288 284
289 GNUNET_MQ_send (s->mq, ev); 285 GNUNET_MQ_send(s->mq, ev);
290 286
291 LOG (GNUNET_ERROR_TYPE_DEBUG, 287 LOG(GNUNET_ERROR_TYPE_DEBUG,
292 "Secretsharing session created with %u peers\n", 288 "Secretsharing session created with %u peers\n",
293 num_peers); 289 num_peers);
294 return s; 290 return s;
295} 291}
296 292
297 293
298static void 294static void
299handle_decrypt_done (void *cls, 295handle_decrypt_done(void *cls,
300 const struct GNUNET_SECRETSHARING_DecryptResponseMessage *m) 296 const struct GNUNET_SECRETSHARING_DecryptResponseMessage *m)
301{ 297{
302 struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls; 298 struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls;
303 const struct GNUNET_SECRETSHARING_Plaintext *plaintext; 299 const struct GNUNET_SECRETSHARING_Plaintext *plaintext;
@@ -305,9 +301,9 @@ handle_decrypt_done (void *cls,
305 if (m->success == 0) 301 if (m->success == 0)
306 plaintext = NULL; 302 plaintext = NULL;
307 else 303 else
308 plaintext = (void *) &m->plaintext; 304 plaintext = (void *)&m->plaintext;
309 dh->decrypt_cb (dh->decrypt_cls, plaintext); 305 dh->decrypt_cb(dh->decrypt_cls, plaintext);
310 GNUNET_SECRETSHARING_decrypt_cancel (dh); 306 GNUNET_SECRETSHARING_decrypt_cancel(dh);
311} 307}
312 308
313 309
@@ -325,22 +321,22 @@ handle_decrypt_done (void *cls,
325 * @return handle to cancel the operation 321 * @return handle to cancel the operation
326 */ 322 */
327struct GNUNET_SECRETSHARING_DecryptionHandle * 323struct GNUNET_SECRETSHARING_DecryptionHandle *
328GNUNET_SECRETSHARING_decrypt (const struct GNUNET_CONFIGURATION_Handle *cfg, 324GNUNET_SECRETSHARING_decrypt(const struct GNUNET_CONFIGURATION_Handle *cfg,
329 struct GNUNET_SECRETSHARING_Share *share, 325 struct GNUNET_SECRETSHARING_Share *share,
330 const struct GNUNET_SECRETSHARING_Ciphertext *ciphertext, 326 const struct GNUNET_SECRETSHARING_Ciphertext *ciphertext,
331 struct GNUNET_TIME_Absolute start, 327 struct GNUNET_TIME_Absolute start,
332 struct GNUNET_TIME_Absolute deadline, 328 struct GNUNET_TIME_Absolute deadline,
333 GNUNET_SECRETSHARING_DecryptCallback decrypt_cb, 329 GNUNET_SECRETSHARING_DecryptCallback decrypt_cb,
334 void *decrypt_cb_cls) 330 void *decrypt_cb_cls)
335{ 331{
336 struct GNUNET_SECRETSHARING_DecryptionHandle *s 332 struct GNUNET_SECRETSHARING_DecryptionHandle *s
337 = GNUNET_new (struct GNUNET_SECRETSHARING_DecryptionHandle); 333 = GNUNET_new(struct GNUNET_SECRETSHARING_DecryptionHandle);
338 struct GNUNET_MQ_MessageHandler mq_handlers[] = { 334 struct GNUNET_MQ_MessageHandler mq_handlers[] = {
339 GNUNET_MQ_hd_fixed_size (decrypt_done, 335 GNUNET_MQ_hd_fixed_size(decrypt_done,
340 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE, 336 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE,
341 struct GNUNET_SECRETSHARING_DecryptResponseMessage, 337 struct GNUNET_SECRETSHARING_DecryptResponseMessage,
342 s), 338 s),
343 GNUNET_MQ_handler_end () 339 GNUNET_MQ_handler_end()
344 }; 340 };
345 struct GNUNET_MQ_Envelope *ev; 341 struct GNUNET_MQ_Envelope *ev;
346 struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg; 342 struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg;
@@ -348,75 +344,75 @@ GNUNET_SECRETSHARING_decrypt (const struct GNUNET_CONFIGURATION_Handle *cfg,
348 344
349 s->decrypt_cb = decrypt_cb; 345 s->decrypt_cb = decrypt_cb;
350 s->decrypt_cls = decrypt_cb_cls; 346 s->decrypt_cls = decrypt_cb_cls;
351 s->mq = GNUNET_CLIENT_connect (cfg, 347 s->mq = GNUNET_CLIENT_connect(cfg,
352 "secretsharing", 348 "secretsharing",
353 mq_handlers, 349 mq_handlers,
354 &handle_decrypt_client_error, 350 &handle_decrypt_client_error,
355 s); 351 s);
356 if (NULL == s->mq) 352 if (NULL == s->mq)
357 { 353 {
358 GNUNET_free (s); 354 GNUNET_free(s);
359 return NULL; 355 return NULL;
360 } 356 }
361 GNUNET_assert (GNUNET_OK == 357 GNUNET_assert(GNUNET_OK ==
362 GNUNET_SECRETSHARING_share_write (share, NULL, 0, 358 GNUNET_SECRETSHARING_share_write(share, NULL, 0,
363 &share_size)); 359 &share_size));
364 360
365 ev = GNUNET_MQ_msg_extra (msg, 361 ev = GNUNET_MQ_msg_extra(msg,
366 share_size, 362 share_size,
367 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT); 363 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT);
368 364
369 GNUNET_assert (GNUNET_OK == 365 GNUNET_assert(GNUNET_OK ==
370 GNUNET_SECRETSHARING_share_write (share, 366 GNUNET_SECRETSHARING_share_write(share,
371 &msg[1], 367 &msg[1],
372 share_size, 368 share_size,
373 NULL)); 369 NULL));
374 370
375 msg->start = GNUNET_TIME_absolute_hton (start); 371 msg->start = GNUNET_TIME_absolute_hton(start);
376 msg->deadline = GNUNET_TIME_absolute_hton (deadline); 372 msg->deadline = GNUNET_TIME_absolute_hton(deadline);
377 msg->ciphertext = *ciphertext; 373 msg->ciphertext = *ciphertext;
378 374
379 GNUNET_MQ_send (s->mq, ev); 375 GNUNET_MQ_send(s->mq, ev);
380 376
381 LOG (GNUNET_ERROR_TYPE_DEBUG, 377 LOG(GNUNET_ERROR_TYPE_DEBUG,
382 "decrypt session created\n"); 378 "decrypt session created\n");
383 return s; 379 return s;
384} 380}
385 381
386 382
387int 383int
388GNUNET_SECRETSHARING_plaintext_generate_i (struct GNUNET_SECRETSHARING_Plaintext *plaintext, 384GNUNET_SECRETSHARING_plaintext_generate_i(struct GNUNET_SECRETSHARING_Plaintext *plaintext,
389 int64_t exponent) 385 int64_t exponent)
390{ 386{
391 int negative; 387 int negative;
392 gcry_mpi_t x; 388 gcry_mpi_t x;
393 389
394 ensure_elgamal_initialized (); 390 ensure_elgamal_initialized();
395 391
396 GNUNET_assert (NULL != (x = gcry_mpi_new (0))); 392 GNUNET_assert(NULL != (x = gcry_mpi_new(0)));
397 393
398 negative = GNUNET_NO; 394 negative = GNUNET_NO;
399 if (exponent < 0) 395 if (exponent < 0)
400 { 396 {
401 negative = GNUNET_YES; 397 negative = GNUNET_YES;
402 exponent = -exponent; 398 exponent = -exponent;
403 } 399 }
404 400
405 gcry_mpi_set_ui (x, exponent); 401 gcry_mpi_set_ui(x, exponent);
406 402
407 gcry_mpi_powm (x, elgamal_g, x, elgamal_p); 403 gcry_mpi_powm(x, elgamal_g, x, elgamal_p);
408 404
409 if (GNUNET_YES == negative) 405 if (GNUNET_YES == negative)
410 { 406 {
411 int res; 407 int res;
412 res = gcry_mpi_invm (x, x, elgamal_p); 408 res = gcry_mpi_invm(x, x, elgamal_p);
413 if (0 == res) 409 if (0 == res)
414 return GNUNET_SYSERR; 410 return GNUNET_SYSERR;
415 } 411 }
416 412
417 GNUNET_CRYPTO_mpi_print_unsigned (plaintext, 413 GNUNET_CRYPTO_mpi_print_unsigned(plaintext,
418 sizeof (struct GNUNET_SECRETSHARING_Plaintext), 414 sizeof(struct GNUNET_SECRETSHARING_Plaintext),
419 x); 415 x);
420 416
421 return GNUNET_OK; 417 return GNUNET_OK;
422} 418}
@@ -436,9 +432,9 @@ GNUNET_SECRETSHARING_plaintext_generate_i (struct GNUNET_SECRETSHARING_Plaintext
436 * @return #GNUNET_YES on succes, #GNUNET_SYSERR if the message is invalid (invalid range) 432 * @return #GNUNET_YES on succes, #GNUNET_SYSERR if the message is invalid (invalid range)
437 */ 433 */
438int 434int
439GNUNET_SECRETSHARING_encrypt (const struct GNUNET_SECRETSHARING_PublicKey *public_key, 435GNUNET_SECRETSHARING_encrypt(const struct GNUNET_SECRETSHARING_PublicKey *public_key,
440 const struct GNUNET_SECRETSHARING_Plaintext *plaintext, 436 const struct GNUNET_SECRETSHARING_Plaintext *plaintext,
441 struct GNUNET_SECRETSHARING_Ciphertext *result_ciphertext) 437 struct GNUNET_SECRETSHARING_Ciphertext *result_ciphertext)
442{ 438{
443 /* pubkey */ 439 /* pubkey */
444 gcry_mpi_t h; 440 gcry_mpi_t h;
@@ -449,35 +445,36 @@ GNUNET_SECRETSHARING_encrypt (const struct GNUNET_SECRETSHARING_PublicKey *publi
449 /* temp value */ 445 /* temp value */
450 gcry_mpi_t tmp; 446 gcry_mpi_t tmp;
451 447
452 ensure_elgamal_initialized (); 448 ensure_elgamal_initialized();
453 449
454 GNUNET_assert (NULL != (h = gcry_mpi_new (0))); 450 GNUNET_assert(NULL != (h = gcry_mpi_new(0)));
455 GNUNET_assert (NULL != (y = gcry_mpi_new (0))); 451 GNUNET_assert(NULL != (y = gcry_mpi_new(0)));
456 GNUNET_assert (NULL != (tmp = gcry_mpi_new (0))); 452 GNUNET_assert(NULL != (tmp = gcry_mpi_new(0)));
457 453
458 GNUNET_CRYPTO_mpi_scan_unsigned (&h, public_key, sizeof *public_key); 454 GNUNET_CRYPTO_mpi_scan_unsigned(&h, public_key, sizeof *public_key);
459 GNUNET_CRYPTO_mpi_scan_unsigned (&m, plaintext, sizeof *plaintext); 455 GNUNET_CRYPTO_mpi_scan_unsigned(&m, plaintext, sizeof *plaintext);
460 456
461 // Randomize y such that 0 < y < elgamal_q. 457 // Randomize y such that 0 < y < elgamal_q.
462 // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. 458 // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
463 do 459 do
464 { 460 {
465 gcry_mpi_randomize (y, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); 461 gcry_mpi_randomize(y, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
466 } while ((gcry_mpi_cmp_ui (y, 0) == 0) || (gcry_mpi_cmp (y, elgamal_q) >= 0)); 462 }
463 while ((gcry_mpi_cmp_ui(y, 0) == 0) || (gcry_mpi_cmp(y, elgamal_q) >= 0));
467 464
468 // tmp <- g^y 465 // tmp <- g^y
469 gcry_mpi_powm (tmp, elgamal_g, y, elgamal_p); 466 gcry_mpi_powm(tmp, elgamal_g, y, elgamal_p);
470 // write tmp to c1 467 // write tmp to c1
471 GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c1_bits, 468 GNUNET_CRYPTO_mpi_print_unsigned(&result_ciphertext->c1_bits,
472 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); 469 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
473 470
474 // tmp <- h^y 471 // tmp <- h^y
475 gcry_mpi_powm (tmp, h, y, elgamal_p); 472 gcry_mpi_powm(tmp, h, y, elgamal_p);
476 // tmp <- tmp * m 473 // tmp <- tmp * m
477 gcry_mpi_mulm (tmp, tmp, m, elgamal_p); 474 gcry_mpi_mulm(tmp, tmp, m, elgamal_p);
478 // write tmp to c2 475 // write tmp to c2
479 GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c2_bits, 476 GNUNET_CRYPTO_mpi_print_unsigned(&result_ciphertext->c2_bits,
480 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); 477 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
481 478
482 return GNUNET_OK; 479 return GNUNET_OK;
483} 480}
@@ -492,11 +489,11 @@ GNUNET_SECRETSHARING_encrypt (const struct GNUNET_SECRETSHARING_PublicKey *publi
492 * @param dh to cancel 489 * @param dh to cancel
493 */ 490 */
494void 491void
495GNUNET_SECRETSHARING_decrypt_cancel (struct GNUNET_SECRETSHARING_DecryptionHandle *dh) 492GNUNET_SECRETSHARING_decrypt_cancel(struct GNUNET_SECRETSHARING_DecryptionHandle *dh)
496{ 493{
497 GNUNET_MQ_destroy (dh->mq); 494 GNUNET_MQ_destroy(dh->mq);
498 dh->mq = NULL; 495 dh->mq = NULL;
499 GNUNET_free (dh); 496 GNUNET_free(dh);
500} 497}
501 498
502/* end of secretsharing_api.c */ 499/* end of secretsharing_api.c */
diff --git a/src/secretsharing/secretsharing_common.c b/src/secretsharing/secretsharing_common.c
index 7fb45793e..4707c2462 100644
--- a/src/secretsharing/secretsharing_common.c
+++ b/src/secretsharing/secretsharing_common.c
@@ -11,12 +11,12 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
18 SPDX-License-Identifier: AGPL3.0-or-later 18 SPDX-License-Identifier: AGPL3.0-or-later
19*/ 19 */
20 20
21#include "secretsharing.h" 21#include "secretsharing.h"
22 22
@@ -30,9 +30,9 @@
30 * @return The share, or NULL on error. 30 * @return The share, or NULL on error.
31 */ 31 */
32struct GNUNET_SECRETSHARING_Share * 32struct GNUNET_SECRETSHARING_Share *
33GNUNET_SECRETSHARING_share_read (const void *data, 33GNUNET_SECRETSHARING_share_read(const void *data,
34 size_t len, 34 size_t len,
35 size_t *readlen) 35 size_t *readlen)
36{ 36{
37 struct GNUNET_SECRETSHARING_Share *share; 37 struct GNUNET_SECRETSHARING_Share *share;
38 const struct GNUNET_SECRETSHARING_ShareHeaderNBO *sh = data; 38 const struct GNUNET_SECRETSHARING_ShareHeaderNBO *sh = data;
@@ -40,40 +40,40 @@ GNUNET_SECRETSHARING_share_read (const void *data,
40 size_t n; 40 size_t n;
41 uint16_t payload_size; 41 uint16_t payload_size;
42 42
43 payload_size = ntohs (sh->num_peers) * 43 payload_size = ntohs(sh->num_peers) *
44 (sizeof (uint16_t) + sizeof (struct GNUNET_SECRETSHARING_FieldElement) + 44 (sizeof(uint16_t) + sizeof(struct GNUNET_SECRETSHARING_FieldElement) +
45 sizeof (struct GNUNET_PeerIdentity)); 45 sizeof(struct GNUNET_PeerIdentity));
46 46
47 if (NULL != readlen) 47 if (NULL != readlen)
48 *readlen = payload_size + sizeof *sh; 48 *readlen = payload_size + sizeof *sh;
49 49
50 share = GNUNET_new (struct GNUNET_SECRETSHARING_Share); 50 share = GNUNET_new(struct GNUNET_SECRETSHARING_Share);
51 51
52 share->threshold = ntohs (sh->threshold); 52 share->threshold = ntohs(sh->threshold);
53 share->num_peers = ntohs (sh->num_peers); 53 share->num_peers = ntohs(sh->num_peers);
54 share->my_peer = ntohs (sh->my_peer); 54 share->my_peer = ntohs(sh->my_peer);
55 55
56 share->my_share = sh->my_share; 56 share->my_share = sh->my_share;
57 share->public_key = sh->public_key; 57 share->public_key = sh->public_key;
58 58
59 p = (const char *) &sh[1]; 59 p = (const char *)&sh[1];
60 60
61 n = share->num_peers * sizeof (struct GNUNET_PeerIdentity); 61 n = share->num_peers * sizeof(struct GNUNET_PeerIdentity);
62 share->peers = GNUNET_new_array (share->num_peers, 62 share->peers = GNUNET_new_array(share->num_peers,
63 struct GNUNET_PeerIdentity); 63 struct GNUNET_PeerIdentity);
64 GNUNET_memcpy (share->peers, p, n); 64 GNUNET_memcpy(share->peers, p, n);
65 p += n; 65 p += n;
66 66
67 n = share->num_peers * sizeof (struct GNUNET_SECRETSHARING_FieldElement); 67 n = share->num_peers * sizeof(struct GNUNET_SECRETSHARING_FieldElement);
68 share->sigmas = GNUNET_new_array (share->num_peers, 68 share->sigmas = GNUNET_new_array(share->num_peers,
69 struct GNUNET_SECRETSHARING_FieldElement); 69 struct GNUNET_SECRETSHARING_FieldElement);
70 GNUNET_memcpy (share->sigmas, p, n); 70 GNUNET_memcpy(share->sigmas, p, n);
71 p += n; 71 p += n;
72 72
73 n = share->num_peers * sizeof (uint16_t); 73 n = share->num_peers * sizeof(uint16_t);
74 share->original_indices = GNUNET_new_array (share->num_peers, 74 share->original_indices = GNUNET_new_array(share->num_peers,
75 uint16_t); 75 uint16_t);
76 GNUNET_memcpy (share->original_indices, p, n); 76 GNUNET_memcpy(share->original_indices, p, n);
77 77
78 return share; 78 return share;
79} 79}
@@ -91,8 +91,8 @@ GNUNET_SECRETSHARING_share_read (const void *data,
91 * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure. 91 * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure.
92 */ 92 */
93int 93int
94GNUNET_SECRETSHARING_share_write (const struct GNUNET_SECRETSHARING_Share *share, 94GNUNET_SECRETSHARING_share_write(const struct GNUNET_SECRETSHARING_Share *share,
95 void *buf, size_t buflen, size_t *writelen) 95 void *buf, size_t buflen, size_t *writelen)
96{ 96{
97 uint16_t payload_size; 97 uint16_t payload_size;
98 struct GNUNET_SECRETSHARING_ShareHeaderNBO *sh; 98 struct GNUNET_SECRETSHARING_ShareHeaderNBO *sh;
@@ -100,54 +100,54 @@ GNUNET_SECRETSHARING_share_write (const struct GNUNET_SECRETSHARING_Share *share
100 int n; 100 int n;
101 101
102 payload_size = share->num_peers * 102 payload_size = share->num_peers *
103 (sizeof (uint16_t) + sizeof (struct GNUNET_SECRETSHARING_FieldElement) + 103 (sizeof(uint16_t) + sizeof(struct GNUNET_SECRETSHARING_FieldElement) +
104 sizeof (struct GNUNET_PeerIdentity)); 104 sizeof(struct GNUNET_PeerIdentity));
105 105
106 if (NULL != writelen) 106 if (NULL != writelen)
107 *writelen = payload_size + sizeof (struct GNUNET_SECRETSHARING_ShareHeaderNBO); 107 *writelen = payload_size + sizeof(struct GNUNET_SECRETSHARING_ShareHeaderNBO);
108 108
109 /* just a query for the writelen */ 109 /* just a query for the writelen */
110 if (buf == NULL) 110 if (buf == NULL)
111 return GNUNET_OK; 111 return GNUNET_OK;
112 112
113 /* wrong buffer size */ 113 /* wrong buffer size */
114 if (buflen < payload_size + sizeof (struct GNUNET_SECRETSHARING_ShareHeaderNBO)) 114 if (buflen < payload_size + sizeof(struct GNUNET_SECRETSHARING_ShareHeaderNBO))
115 return GNUNET_SYSERR; 115 return GNUNET_SYSERR;
116 116
117 sh = buf; 117 sh = buf;
118 118
119 sh->threshold = htons (share->threshold); 119 sh->threshold = htons(share->threshold);
120 sh->num_peers = htons (share->num_peers); 120 sh->num_peers = htons(share->num_peers);
121 sh->my_peer = htons (share->my_peer); 121 sh->my_peer = htons(share->my_peer);
122 122
123 sh->my_share = share->my_share; 123 sh->my_share = share->my_share;
124 sh->public_key = share->public_key; 124 sh->public_key = share->public_key;
125 125
126 p = (void *) &sh[1]; 126 p = (void *)&sh[1];
127 127
128 n = share->num_peers * sizeof (struct GNUNET_PeerIdentity); 128 n = share->num_peers * sizeof(struct GNUNET_PeerIdentity);
129 GNUNET_memcpy (p, share->peers, n); 129 GNUNET_memcpy(p, share->peers, n);
130 p += n; 130 p += n;
131 131
132 n = share->num_peers * sizeof (struct GNUNET_SECRETSHARING_FieldElement); 132 n = share->num_peers * sizeof(struct GNUNET_SECRETSHARING_FieldElement);
133 GNUNET_memcpy (p, share->sigmas, n); 133 GNUNET_memcpy(p, share->sigmas, n);
134 p += n; 134 p += n;
135 135
136 n = share->num_peers * sizeof (uint16_t); 136 n = share->num_peers * sizeof(uint16_t);
137 GNUNET_memcpy (p, share->original_indices, n); 137 GNUNET_memcpy(p, share->original_indices, n);
138 138
139 return GNUNET_OK; 139 return GNUNET_OK;
140} 140}
141 141
142 142
143void 143void
144GNUNET_SECRETSHARING_share_destroy (struct GNUNET_SECRETSHARING_Share *share) 144GNUNET_SECRETSHARING_share_destroy(struct GNUNET_SECRETSHARING_Share *share)
145{ 145{
146 GNUNET_free (share->original_indices); 146 GNUNET_free(share->original_indices);
147 share->original_indices = NULL; 147 share->original_indices = NULL;
148 GNUNET_free (share->sigmas); 148 GNUNET_free(share->sigmas);
149 share->sigmas = NULL; 149 share->sigmas = NULL;
150 GNUNET_free (share->peers); 150 GNUNET_free(share->peers);
151 share->peers = NULL; 151 share->peers = NULL;
152 GNUNET_free (share); 152 GNUNET_free(share);
153} 153}
diff --git a/src/secretsharing/secretsharing_protocol.h b/src/secretsharing/secretsharing_protocol.h
index f05d27e29..949ab79d9 100644
--- a/src/secretsharing/secretsharing_protocol.h
+++ b/src/secretsharing/secretsharing_protocol.h
@@ -11,12 +11,12 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
18 SPDX-License-Identifier: AGPL3.0-or-later 18 SPDX-License-Identifier: AGPL3.0-or-later
19*/ 19 */
20 20
21 21
22/** 22/**
@@ -40,8 +40,7 @@ GNUNET_NETWORK_STRUCT_BEGIN
40/** 40/**
41 * Consensus element data used in the first round of key generation. 41 * Consensus element data used in the first round of key generation.
42 */ 42 */
43struct GNUNET_SECRETSHARING_KeygenCommitData 43struct GNUNET_SECRETSHARING_KeygenCommitData {
44{
45 /** 44 /**
46 * Signature over the rest of the message. 45 * Signature over the rest of the message.
47 */ 46 */
@@ -66,8 +65,7 @@ struct GNUNET_SECRETSHARING_KeygenCommitData
66}; 65};
67 66
68 67
69struct GNUNET_SECRETSHARING_KeygenRevealData 68struct GNUNET_SECRETSHARING_KeygenRevealData {
70{
71 /** 69 /**
72 * Signature over rest of the message. 70 * Signature over rest of the message.
73 */ 71 */
@@ -89,8 +87,7 @@ struct GNUNET_SECRETSHARING_KeygenRevealData
89 * Data of then element put in consensus 87 * Data of then element put in consensus
90 * for decrypting a value. 88 * for decrypting a value.
91 */ 89 */
92struct GNUNET_SECRETSHARING_DecryptData 90struct GNUNET_SECRETSHARING_DecryptData {
93{
94 /* 91 /*
95 * Signature over rest of the message. 92 * Signature over rest of the message.
96 */ 93 */
@@ -129,8 +126,7 @@ struct GNUNET_SECRETSHARING_DecryptData
129}; 126};
130 127
131 128
132struct GNUNET_SECRETSHARING_FairEncryption 129struct GNUNET_SECRETSHARING_FairEncryption {
133{
134 struct GNUNET_CRYPTO_PaillierCiphertext c; 130 struct GNUNET_CRYPTO_PaillierCiphertext c;
135 /** 131 /**
136 * h = g^x, where x is the fairly encrypte secret. 132 * h = g^x, where x is the fairly encrypte secret.
diff --git a/src/secretsharing/test_secretsharing_api.c b/src/secretsharing/test_secretsharing_api.c
index a217bafcc..08533f703 100644
--- a/src/secretsharing/test_secretsharing_api.c
+++ b/src/secretsharing/test_secretsharing_api.c
@@ -11,12 +11,12 @@
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
18 SPDX-License-Identifier: AGPL3.0-or-later 18 SPDX-License-Identifier: AGPL3.0-or-later
19*/ 19 */
20 20
21/** 21/**
22 * @file secretsharing/test_secretsharing_api.c 22 * @file secretsharing/test_secretsharing_api.c
@@ -34,70 +34,68 @@ static struct GNUNET_SECRETSHARING_Session *keygen;
34 34
35 35
36static void 36static void
37secret_ready_cb (void *cls, 37secret_ready_cb(void *cls,
38 struct GNUNET_SECRETSHARING_Share *my_share, 38 struct GNUNET_SECRETSHARING_Share *my_share,
39 struct GNUNET_SECRETSHARING_PublicKey *public_key, 39 struct GNUNET_SECRETSHARING_PublicKey *public_key,
40 unsigned int num_ready_peers, 40 unsigned int num_ready_peers,
41 const struct GNUNET_PeerIdentity *ready_peers) 41 const struct GNUNET_PeerIdentity *ready_peers)
42{ 42{
43 keygen = NULL; 43 keygen = NULL;
44 if (num_ready_peers == 1) 44 if (num_ready_peers == 1)
45 success = 1; 45 success = 1;
46 // FIXME: check that our share is valid, which we can do as there's only 46 // FIXME: check that our share is valid, which we can do as there's only
47 // one peer. 47 // one peer.
48 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "secret ready, shutting down\n"); 48 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "secret ready, shutting down\n");
49 GNUNET_SCHEDULER_shutdown (); 49 GNUNET_SCHEDULER_shutdown();
50} 50}
51 51
52 52
53static void 53static void
54handle_shutdown (void *cls) 54handle_shutdown(void *cls)
55{ 55{
56 if (NULL != keygen) 56 if (NULL != keygen)
57 { 57 {
58 GNUNET_SECRETSHARING_session_destroy (keygen); 58 GNUNET_SECRETSHARING_session_destroy(keygen);
59 keygen = NULL; 59 keygen = NULL;
60 } 60 }
61} 61}
62 62
63 63
64static void 64static void
65run (void *cls, 65run(void *cls,
66 const struct GNUNET_CONFIGURATION_Handle *cfg, 66 const struct GNUNET_CONFIGURATION_Handle *cfg,
67 struct GNUNET_TESTING_Peer *peer) 67 struct GNUNET_TESTING_Peer *peer)
68{ 68{
69 struct GNUNET_HashCode session_id; 69 struct GNUNET_HashCode session_id;
70 struct GNUNET_TIME_Absolute start; 70 struct GNUNET_TIME_Absolute start;
71 struct GNUNET_TIME_Absolute deadline; 71 struct GNUNET_TIME_Absolute deadline;
72 72
73 GNUNET_SCHEDULER_add_shutdown (&handle_shutdown, NULL); 73 GNUNET_SCHEDULER_add_shutdown(&handle_shutdown, NULL);
74
75 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "testing secretsharing api\n");
76 74
77 GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK, &session_id); 75 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "testing secretsharing api\n");
78 76
79 start = GNUNET_TIME_absolute_get (); 77 GNUNET_CRYPTO_hash_create_random(GNUNET_CRYPTO_QUALITY_WEAK, &session_id);
80 deadline = GNUNET_TIME_absolute_add (start, GNUNET_TIME_UNIT_SECONDS);
81
82 keygen = GNUNET_SECRETSHARING_create_session (cfg,
83 0, NULL, /* only the local peer */
84 &session_id,
85 start, deadline,
86 1,
87 secret_ready_cb, NULL);
88 78
79 start = GNUNET_TIME_absolute_get();
80 deadline = GNUNET_TIME_absolute_add(start, GNUNET_TIME_UNIT_SECONDS);
89 81
82 keygen = GNUNET_SECRETSHARING_create_session(cfg,
83 0, NULL, /* only the local peer */
84 &session_id,
85 start, deadline,
86 1,
87 secret_ready_cb, NULL);
90} 88}
91 89
92 90
93int 91int
94main (int argc, char **argv) 92main(int argc, char **argv)
95{ 93{
96
97 int ret; 94 int ret;
98 ret = GNUNET_TESTING_peer_run ("test_secretsharing_api", 95
99 "test_secretsharing.conf", 96 ret = GNUNET_TESTING_peer_run("test_secretsharing_api",
100 &run, NULL); 97 "test_secretsharing.conf",
98 &run, NULL);
101 if (0 != ret) 99 if (0 != ret)
102 return ret; 100 return ret;
103 return (GNUNET_YES == success) ? 0 : 1; 101 return (GNUNET_YES == success) ? 0 : 1;
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 23:32:31 +0000