diff options
-rw-r--r-- | src/include/gnunet_secretsharing_service.h | 104 | ||||
-rw-r--r-- | src/secretsharing/Makefile.am | 5 | ||||
-rw-r--r-- | src/secretsharing/gnunet-service-secretsharing.c | 589 | ||||
-rw-r--r-- | src/secretsharing/secretsharing.h | 132 | ||||
-rw-r--r-- | src/secretsharing/secretsharing_protocol.h | 99 |
5 files changed, 873 insertions, 56 deletions
diff --git a/src/include/gnunet_secretsharing_service.h b/src/include/gnunet_secretsharing_service.h index f30761486..7752bb2d2 100644 --- a/src/include/gnunet_secretsharing_service.h +++ b/src/include/gnunet_secretsharing_service.h | |||
@@ -43,6 +43,14 @@ extern "C" | |||
43 | 43 | ||
44 | 44 | ||
45 | /** | 45 | /** |
46 | * Number of bits for secretsharing keys. | ||
47 | * Must be smaller than the Pallier key size used internally | ||
48 | * by the secretsharing service. | ||
49 | */ | ||
50 | #define GNUNET_SECRETSHARING_KEY_BITS 1024 | ||
51 | |||
52 | |||
53 | /** | ||
46 | * Session that will eventually establish a shared secred between | 54 | * Session that will eventually establish a shared secred between |
47 | * the involved peers and allow encryption and cooperative decryption. | 55 | * the involved peers and allow encryption and cooperative decryption. |
48 | */ | 56 | */ |
@@ -50,6 +58,8 @@ struct GNUNET_SECRETSHARING_Session; | |||
50 | 58 | ||
51 | /** | 59 | /** |
52 | * Share of a secret shared with a group of peers. | 60 | * Share of a secret shared with a group of peers. |
61 | * Contains both the share and information about the peers that have | ||
62 | * the other parts of the share. | ||
53 | */ | 63 | */ |
54 | struct GNUNET_SECRETSHARING_Share; | 64 | struct GNUNET_SECRETSHARING_Share; |
55 | 65 | ||
@@ -65,10 +75,7 @@ struct GNUNET_SECRETSHARING_DecryptionHandle; | |||
65 | */ | 75 | */ |
66 | struct GNUNET_SECRETSHARING_PublicKey | 76 | struct GNUNET_SECRETSHARING_PublicKey |
67 | { | 77 | { |
68 | /** | 78 | uint32_t bits[GNUNET_SECRETSHARING_KEY_BITS / 8 / sizeof (uint32_t)]; |
69 | * Value of the private key. | ||
70 | */ | ||
71 | gcry_mpi_t value; | ||
72 | }; | 79 | }; |
73 | 80 | ||
74 | 81 | ||
@@ -77,14 +84,7 @@ struct GNUNET_SECRETSHARING_PublicKey | |||
77 | */ | 84 | */ |
78 | struct GNUNET_SECRETSHARING_Ciphertext | 85 | struct GNUNET_SECRETSHARING_Ciphertext |
79 | { | 86 | { |
80 | /** | 87 | uint32_t bits[2 * GNUNET_SECRETSHARING_KEY_BITS / 8 / sizeof (uint32_t)]; |
81 | * First component. | ||
82 | */ | ||
83 | gcry_mpi_t c1; | ||
84 | /** | ||
85 | * Second component. | ||
86 | */ | ||
87 | gcry_mpi_t c2; | ||
88 | }; | 88 | }; |
89 | 89 | ||
90 | 90 | ||
@@ -104,10 +104,12 @@ struct GNUNET_SECRETSHARING_Message | |||
104 | /** | 104 | /** |
105 | * Called once the secret has been established with all peers, or the deadline is due. | 105 | * Called once the secret has been established with all peers, or the deadline is due. |
106 | * | 106 | * |
107 | * Note that the number of peers can be smaller that 'k' (this threshold parameter), which | 107 | * Note that the number of peers can be smaller than 'k' (this threshold parameter), which |
108 | * makes the threshold crypto system useless. However, in this case one can still determine which peers | 108 | * makes the threshold crypto system useless. However, in this case one can still determine which peers |
109 | * were able to participate in the secret sharing successfully. | 109 | * were able to participate in the secret sharing successfully. |
110 | * | 110 | * |
111 | * If the secret sharing failed, num_ready_peers is 0 and my_share and public_key is NULL. | ||
112 | * | ||
111 | * @param cls closure | 113 | * @param cls closure |
112 | * @param my_share the share of this peer | 114 | * @param my_share the share of this peer |
113 | * @param public_key public key of the session | 115 | * @param public_key public key of the session |
@@ -160,36 +162,6 @@ GNUNET_SECRETSHARING_create_session (const struct GNUNET_CONFIGURATION_Handle *c | |||
160 | 162 | ||
161 | 163 | ||
162 | /** | 164 | /** |
163 | * Load a session from an existing share. | ||
164 | * | ||
165 | * @param cfg configuration to use for connecting to the secretsharing service | ||
166 | * @param share share to load the session from | ||
167 | */ | ||
168 | struct GNUNET_SECRETSHARING_Session * | ||
169 | GNUNET_SECRETSHARING_load_session_DEPRECATED (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
170 | const struct GNUNET_SECRETSHARING_Share *share); | ||
171 | |||
172 | /** | ||
173 | * Convert a secret share to a string. | ||
174 | * | ||
175 | * @param share share to serialize | ||
176 | * @return the serialized secret share, to be freed by the caller | ||
177 | */ | ||
178 | char * | ||
179 | GNUNET_SECRETSHARING_share_to_BIN (const struct GNUNET_SECRETSHARING_Share *share); | ||
180 | |||
181 | |||
182 | /** | ||
183 | * Convert a secret share to a string. | ||
184 | * | ||
185 | * @param str string to deserialize | ||
186 | * @return the serialized secret share, to be freed by the caller | ||
187 | */ | ||
188 | const struct GNUNET_SECRETSHARING_Share * | ||
189 | GNUNET_SECRETSHARING_share_from_BIN (const char *str); | ||
190 | |||
191 | |||
192 | /** | ||
193 | * Destroy a secret share. | 165 | * Destroy a secret share. |
194 | * | 166 | * |
195 | * @param share secret share to destroy | 167 | * @param share secret share to destroy |
@@ -214,15 +186,14 @@ GNUNET_SECRETSHARING_destroy_session (struct GNUNET_SECRETSHARING_Session *sessi | |||
214 | * This is a helper function, encryption can be done soley with a session's public key | 186 | * This is a helper function, encryption can be done soley with a session's public key |
215 | * and the crypto system parameters. | 187 | * and the crypto system parameters. |
216 | * | 188 | * |
217 | * @param session session to take the key for encryption from, | 189 | * @param public_key public key to use for decryption |
218 | * the session's ready callback must have been already called | ||
219 | * @param message message to encrypt | 190 | * @param message message to encrypt |
220 | * @param message_size number of bytes in @a message | 191 | * @param message_size number of bytes in @a message |
221 | * @param result_ciphertext pointer to store the resulting ciphertext | 192 | * @param result_ciphertext pointer to store the resulting ciphertext |
222 | * @return #GNUNET_YES on succes, #GNUNET_SYSERR if the message is invalid (invalid range) | 193 | * @return #GNUNET_YES on succes, #GNUNET_SYSERR if the message is invalid (invalid range) |
223 | */ | 194 | */ |
224 | int | 195 | int |
225 | GNUNET_SECRETSHARING_encrypt (const struct GNUNET_SECRETSHARING_PublicKey *session, | 196 | GNUNET_SECRETSHARING_encrypt (struct GNUNET_SECRETSHARING_PublicKey *public_key, |
226 | const void *message, | 197 | const void *message, |
227 | size_t message_size, | 198 | size_t message_size, |
228 | struct GNUNET_SECRETSHARING_Ciphertext *result_ciphertext); | 199 | struct GNUNET_SECRETSHARING_Ciphertext *result_ciphertext); |
@@ -235,14 +206,14 @@ GNUNET_SECRETSHARING_encrypt (const struct GNUNET_SECRETSHARING_PublicKey *sessi | |||
235 | * When the operation is canceled, the decrypt_cb is not called anymore, but the calling | 206 | * When the operation is canceled, the decrypt_cb is not called anymore, but the calling |
236 | * peer may already have irrevocably contributed his share for the decryption of the value. | 207 | * peer may already have irrevocably contributed his share for the decryption of the value. |
237 | * | 208 | * |
238 | * @param session session to use for the decryption | 209 | * @param share our secret share to use for decryption |
239 | * @param ciphertext ciphertext to publish in order to decrypt it (if enough peers agree) | 210 | * @param ciphertext ciphertext to publish in order to decrypt it (if enough peers agree) |
240 | * @param decrypt_cb callback called once the decryption succeeded | 211 | * @param decrypt_cb callback called once the decryption succeeded |
241 | * @param decrypt_cb_cls closure for @a decrypt_cb | 212 | * @param decrypt_cb_cls closure for @a decrypt_cb |
242 | * @return handle to cancel the operation | 213 | * @return handle to cancel the operation |
243 | */ | 214 | */ |
244 | struct GNUNET_SECRETSHARING_DecryptionHandle * | 215 | struct GNUNET_SECRETSHARING_DecryptionHandle * |
245 | GNUNET_SECRETSHARING_decrypt (struct GNUNET_SECRETSHARING_Session *session, | 216 | GNUNET_SECRETSHARING_decrypt (struct GNUNET_SECRETSHARING_Share *share, |
246 | struct GNUNET_SECRETSHARING_Ciphertext *ciphertext, | 217 | struct GNUNET_SECRETSHARING_Ciphertext *ciphertext, |
247 | GNUNET_SECRETSHARING_DecryptCallback decrypt_cb, | 218 | GNUNET_SECRETSHARING_DecryptCallback decrypt_cb, |
248 | void *decrypt_cb_cls); | 219 | void *decrypt_cb_cls); |
@@ -260,6 +231,43 @@ void | |||
260 | GNUNET_SECRETSHARING_decrypt_cancel (struct GNUNET_SECRETSHARING_DecryptionHandle *decryption_handle); | 231 | GNUNET_SECRETSHARING_decrypt_cancel (struct GNUNET_SECRETSHARING_DecryptionHandle *decryption_handle); |
261 | 232 | ||
262 | 233 | ||
234 | /** | ||
235 | * Read a share from its binary representation. | ||
236 | * | ||
237 | * @param data binary representation of the share | ||
238 | * @param len length of @a data | ||
239 | * @return the share, or NULL on error | ||
240 | */ | ||
241 | struct GNUNET_SECRETSHARING_Share * | ||
242 | GNUNET_SECRETSHARING_share_read (void *data, size_t len); | ||
243 | |||
244 | |||
245 | /** | ||
246 | * Convert a share to its binary representation. Use | ||
247 | * #GNUNET_SECRETSHARING_share_size to get the necessary size for the binary | ||
248 | * representation. | ||
249 | * | ||
250 | * @param share share to write | ||
251 | * @param buf buffer to write to | ||
252 | * @param buflen number of writable bytes in @a buffer | ||
253 | * @param[out] writelen pointer to store number of bytes written, | ||
254 | * ignored if NULL | ||
255 | * @return GNUNET_YES on success, GNUNET_NO on failure | ||
256 | */ | ||
257 | int | ||
258 | GNUNET_SECRETSHARING_share_write (struct GNUNET_SECRETSHARING_Share *share, | ||
259 | void *buf, size_t buflen, size_t *writelen); | ||
260 | |||
261 | |||
262 | /** | ||
263 | * Get the number of bytes necessary to represent the given share. | ||
264 | * | ||
265 | * @param share share | ||
266 | * @return number of bytes necessary to represent @a share | ||
267 | */ | ||
268 | size_t | ||
269 | GNUNET_SECRETSHARING_share_size (struct GNUNET_SECRETSHARING_Share *share); | ||
270 | |||
263 | 271 | ||
264 | 272 | ||
265 | #if 0 /* keep Emacsens' auto-indent happy */ | 273 | #if 0 /* keep Emacsens' auto-indent happy */ |
diff --git a/src/secretsharing/Makefile.am b/src/secretsharing/Makefile.am index 7a925dd0e..96af95a44 100644 --- a/src/secretsharing/Makefile.am +++ b/src/secretsharing/Makefile.am | |||
@@ -25,9 +25,8 @@ gnunet_service_secretsharing_SOURCES = \ | |||
25 | gnunet-service-secretsharing.c | 25 | gnunet-service-secretsharing.c |
26 | gnunet_service_secretsharing_LDADD = \ | 26 | gnunet_service_secretsharing_LDADD = \ |
27 | $(top_builddir)/src/util/libgnunetutil.la \ | 27 | $(top_builddir)/src/util/libgnunetutil.la \ |
28 | $(top_builddir)/src/core/libgnunetcore.la \ | 28 | $(top_builddir)/src/consensus/libgnunetconsensus.la \ |
29 | $(top_builddir)/src/mesh/libgnunetmesh.la \ | 29 | $(LIBGCRYPT_LIBS) \ |
30 | $(top_builddir)/src/set/libgnunetset.la \ | ||
31 | $(GN_LIBINTL) | 30 | $(GN_LIBINTL) |
32 | gnunet_service_secretsharing_DEPENDENCIES = \ | 31 | gnunet_service_secretsharing_DEPENDENCIES = \ |
33 | $(top_builddir)/src/set/libgnunetset.la | 32 | $(top_builddir)/src/set/libgnunetset.la |
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c index a16f88079..c7b1f2d0d 100644 --- a/src/secretsharing/gnunet-service-secretsharing.c +++ b/src/secretsharing/gnunet-service-secretsharing.c | |||
@@ -25,6 +25,353 @@ | |||
25 | */ | 25 | */ |
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet_util_lib.h" | 27 | #include "gnunet_util_lib.h" |
28 | #include "gnunet_time_lib.h" | ||
29 | #include "gnunet_consensus_service.h" | ||
30 | #include "secretsharing.h" | ||
31 | #include "secretsharing_protocol.h" | ||
32 | #include <gcrypt.h> | ||
33 | |||
34 | |||
35 | |||
36 | /** | ||
37 | * Info about a peer in a key generation session. | ||
38 | */ | ||
39 | struct KeygenPeerInfo | ||
40 | { | ||
41 | /** | ||
42 | * Peer identity of the peer. | ||
43 | */ | ||
44 | struct GNUNET_PeerIdentity peer; | ||
45 | |||
46 | /** | ||
47 | * g-component of the peer's paillier public key. | ||
48 | */ | ||
49 | gcry_mpi_t paillier_g; | ||
50 | |||
51 | /** | ||
52 | * mu-component of the peer's paillier public key. | ||
53 | */ | ||
54 | gcry_mpi_t paillier_mu; | ||
55 | |||
56 | /** | ||
57 | * The peer's commitment to his presecret. | ||
58 | */ | ||
59 | gcry_mpi_t presecret_commitment; | ||
60 | |||
61 | /** | ||
62 | * GNUNET_YES if the peer has been disqualified, | ||
63 | * GNUNET_NO otherwise. | ||
64 | */ | ||
65 | int disqualified; | ||
66 | }; | ||
67 | |||
68 | |||
69 | /** | ||
70 | * Session to establish a threshold-shared secret. | ||
71 | */ | ||
72 | struct KeygenSession | ||
73 | { | ||
74 | /** | ||
75 | * Keygen sessions are held in a linked list. | ||
76 | */ | ||
77 | struct KeygenSession *next; | ||
78 | |||
79 | /** | ||
80 | * Keygen sessions are held in a linked list. | ||
81 | */ | ||
82 | struct KeygenSession *prev; | ||
83 | |||
84 | /** | ||
85 | * Current consensus, used for both DKG rounds. | ||
86 | */ | ||
87 | struct GNUNET_CONSENSUS_Handle *consensus; | ||
88 | |||
89 | /** | ||
90 | * Client that is interested in the result | ||
91 | * of this key generation session. | ||
92 | */ | ||
93 | struct GNUNET_SERVER_Client *client; | ||
94 | |||
95 | /** | ||
96 | * Randomly generated coefficients of the polynomial for sharing our | ||
97 | * pre-secret, where 'preshares[0]' is our pre-secret. Contains 'threshold' | ||
98 | * elements, thus represents a polynomial of degree 'threshold-1', which can | ||
99 | * be interpolated with 'threshold' data points. | ||
100 | * | ||
101 | * The pre-secret-shares 'i=1,...,num_peers' are given by evaluating this | ||
102 | * polyomial at 'i' for share i. | ||
103 | */ | ||
104 | gcry_mpi_t *presecret_polynomial; | ||
105 | |||
106 | /** | ||
107 | * Minimum number of shares required to restore the secret. | ||
108 | */ | ||
109 | unsigned int threshold; | ||
110 | |||
111 | /** | ||
112 | * Total number of peers. | ||
113 | */ | ||
114 | unsigned int num_peers; | ||
115 | |||
116 | /** | ||
117 | * Index of the local peer. | ||
118 | */ | ||
119 | unsigned int local_peer; | ||
120 | |||
121 | /** | ||
122 | * Information about all participating peers. | ||
123 | */ | ||
124 | struct KeygenPeerInfo *info; | ||
125 | |||
126 | /** | ||
127 | * List of all peers involved in the secret sharing session. | ||
128 | */ | ||
129 | struct GNUNET_PeerIdentity *peers; | ||
130 | |||
131 | /** | ||
132 | * Identifier for this session. | ||
133 | */ | ||
134 | struct GNUNET_HashCode session_id; | ||
135 | |||
136 | /** | ||
137 | * g-component of our peer's paillier private key. | ||
138 | */ | ||
139 | gcry_mpi_t paillier_g; | ||
140 | |||
141 | /** | ||
142 | * g-component of our peer's paillier private key. | ||
143 | */ | ||
144 | gcry_mpi_t paillier_mu; | ||
145 | |||
146 | struct GNUNET_TIME_Absolute deadline; | ||
147 | |||
148 | /** | ||
149 | * Index of the local peer in the ordered list | ||
150 | * of peers in the session. | ||
151 | */ | ||
152 | unsigned int local_peer_idx; | ||
153 | }; | ||
154 | |||
155 | |||
156 | struct DecryptSession | ||
157 | { | ||
158 | struct DecryptSession *next; | ||
159 | struct DecryptSession *prev; | ||
160 | |||
161 | struct GNUNET_CONSENSUS_Handle *consensus; | ||
162 | |||
163 | struct GNUNET_SERVER_Client *client; | ||
164 | }; | ||
165 | |||
166 | /** | ||
167 | * Decrypt sessions are held in a linked list. | ||
168 | */ | ||
169 | static struct DecryptSession *decrypt_sessions_head; | ||
170 | |||
171 | /** | ||
172 | * Decrypt sessions are held in a linked list. | ||
173 | */ | ||
174 | static struct DecryptSession *decrypt_sessions_tail; | ||
175 | |||
176 | /** | ||
177 | * Decrypt sessions are held in a linked list. | ||
178 | */ | ||
179 | static struct KeygenSession *keygen_sessions_head; | ||
180 | |||
181 | /** | ||
182 | * Decrypt sessions are held in a linked list. | ||
183 | */ | ||
184 | static struct KeygenSession *keygen_sessions_tail; | ||
185 | |||
186 | /** | ||
187 | * The ElGamal prime field order as libgcrypt mpi. | ||
188 | * Will be initialized to 'ELGAMAL_Q_DATA'. | ||
189 | */ | ||
190 | static gcry_mpi_t elgamal_q; | ||
191 | |||
192 | /** | ||
193 | * Modulus of the prime field used for ElGamal. | ||
194 | * Will be initialized to 'ELGAMAL_P_DATA'. | ||
195 | */ | ||
196 | static gcry_mpi_t elgamal_p; | ||
197 | |||
198 | /** | ||
199 | * Generator for prime field of order 'elgamal_q'. | ||
200 | * Will be initialized to 'ELGAMAL_G_DATA'. | ||
201 | */ | ||
202 | static gcry_mpi_t elgamal_g; | ||
203 | |||
204 | /** | ||
205 | * Peer that runs this service. | ||
206 | */ | ||
207 | static struct GNUNET_PeerIdentity my_peer; | ||
208 | |||
209 | /** | ||
210 | * Configuration of this service. | ||
211 | */ | ||
212 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
213 | |||
214 | /** | ||
215 | * Server for this service. | ||
216 | */ | ||
217 | static struct GNUNET_SERVER_Handle *srv; | ||
218 | |||
219 | |||
220 | /** | ||
221 | * Although GNUNET_CRYPTO_hash_cmp exisits, it does not have | ||
222 | * the correct signature to be used with e.g. qsort. | ||
223 | * We use this function instead. | ||
224 | * | ||
225 | * @param h1 some hash code | ||
226 | * @param h2 some hash code | ||
227 | * @return 1 if h1 > h2, -1 if h1 < h2 and 0 if h1 == h2. | ||
228 | */ | ||
229 | static int | ||
230 | hash_cmp (const void *h1, const void *h2) | ||
231 | { | ||
232 | return GNUNET_CRYPTO_hash_cmp ((struct GNUNET_HashCode *) h1, (struct GNUNET_HashCode *) h2); | ||
233 | } | ||
234 | |||
235 | |||
236 | /** | ||
237 | * Normalize the given list of peers, by including the local peer | ||
238 | * (if it is missing) and sorting the peers by their identity. | ||
239 | * | ||
240 | * @param listed peers in the unnormalized list | ||
241 | * @param num_listed peers in the un-normalized list | ||
242 | * @param num_normalized[out] number of peers in the normalized list | ||
243 | * @param my_peer_idx[out] index of the local peer in the normalized list | ||
244 | * @return normalized list, must be free'd by the caller | ||
245 | */ | ||
246 | static struct GNUNET_PeerIdentity * | ||
247 | normalize_peers (struct GNUNET_PeerIdentity *listed, | ||
248 | unsigned int num_listed, | ||
249 | unsigned int *num_normalized, | ||
250 | unsigned int *my_peer_idx) | ||
251 | { | ||
252 | unsigned int local_peer_in_list; | ||
253 | unsigned int n; | ||
254 | unsigned int i; | ||
255 | struct GNUNET_PeerIdentity *normalized; | ||
256 | |||
257 | local_peer_in_list = GNUNET_NO; | ||
258 | for (i = 0; i < num_listed; i++) | ||
259 | { | ||
260 | if (0 == memcmp (&listed[i], &my_peer, sizeof (struct GNUNET_PeerIdentity))) | ||
261 | { | ||
262 | local_peer_in_list = GNUNET_YES; | ||
263 | break; | ||
264 | } | ||
265 | } | ||
266 | |||
267 | n = num_listed; | ||
268 | if (GNUNET_NO == local_peer_in_list) | ||
269 | n++; | ||
270 | |||
271 | normalized = GNUNET_malloc (n * sizeof (struct GNUNET_PeerIdentity)); | ||
272 | |||
273 | if (GNUNET_NO == local_peer_in_list) | ||
274 | normalized[n - 1] = my_peer; | ||
275 | |||
276 | memcpy (normalized, listed, num_listed * sizeof (struct GNUNET_PeerIdentity)); | ||
277 | qsort (normalized, n, sizeof (struct GNUNET_PeerIdentity), &hash_cmp); | ||
278 | |||
279 | if (NULL != my_peer_idx) | ||
280 | { | ||
281 | for (i = 0; i < num_listed; i++) | ||
282 | { | ||
283 | if (0 == memcmp (&normalized[i], &my_peer, sizeof (struct GNUNET_PeerIdentity))) | ||
284 | { | ||
285 | *my_peer_idx = i; | ||
286 | break; | ||
287 | } | ||
288 | } | ||
289 | } | ||
290 | |||
291 | *num_normalized = n; | ||
292 | return normalized; | ||
293 | } | ||
294 | |||
295 | |||
296 | /** | ||
297 | * Create a key pair for the paillier crypto system. | ||
298 | * | ||
299 | * Uses the simplified key generation of Jonathan Katz, Yehuda Lindell, | ||
300 | * "Introduction to Modern Cryptography: Principles and Protocols". | ||
301 | */ | ||
302 | static void | ||
303 | paillier_create (unsigned int s, gcry_mpi_t n, gcry_mpi_t g, gcry_mpi_t lambda, gcry_mpi_t mu) | ||
304 | { | ||
305 | gcry_mpi_t p; | ||
306 | gcry_mpi_t q; | ||
307 | gcry_mpi_t phi; | ||
308 | gcry_mpi_t tmp; | ||
309 | |||
310 | GNUNET_assert (0 != (phi = gcry_mpi_new (PAILLIER_BITS))); | ||
311 | GNUNET_assert (0 != (tmp = gcry_mpi_new (PAILLIER_BITS))); | ||
312 | |||
313 | // generate rsa modulus | ||
314 | GNUNET_assert (0 == gcry_prime_generate (&p, s, 0, NULL, NULL, NULL, | ||
315 | GCRY_WEAK_RANDOM, 0)); | ||
316 | GNUNET_assert (0 == gcry_prime_generate (&q, s, 0, NULL, NULL, NULL, | ||
317 | GCRY_WEAK_RANDOM, 0)); | ||
318 | gcry_mpi_mul (n, p, q); | ||
319 | gcry_mpi_add_ui (g, n, 1); | ||
320 | // compute phi(n) = (p-1)(q-1) | ||
321 | gcry_mpi_sub_ui (phi, p, 1); | ||
322 | gcry_mpi_sub_ui (tmp, q, 1); | ||
323 | gcry_mpi_mul (phi, phi, tmp); | ||
324 | gcry_mpi_set (lambda, phi); | ||
325 | // compute mu | ||
326 | GNUNET_assert (0 != gcry_mpi_invm (mu, phi, n)); | ||
327 | |||
328 | gcry_mpi_release (p); | ||
329 | gcry_mpi_release (q); | ||
330 | gcry_mpi_release (phi); | ||
331 | gcry_mpi_release (tmp); | ||
332 | } | ||
333 | |||
334 | |||
335 | static void | ||
336 | paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n) | ||
337 | { | ||
338 | gcry_mpi_t n_square; | ||
339 | gcry_mpi_t r; | ||
340 | |||
341 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); | ||
342 | GNUNET_assert (0 != (r = gcry_mpi_new (0))); | ||
343 | |||
344 | gcry_mpi_mul (n_square, n, n); | ||
345 | |||
346 | // generate r < n | ||
347 | do | ||
348 | { | ||
349 | gcry_mpi_randomize (r, PAILLIER_BITS, GCRY_WEAK_RANDOM); | ||
350 | } | ||
351 | while (gcry_mpi_cmp (r, n) > 0); | ||
352 | |||
353 | gcry_mpi_powm (c, g, m, n_square); | ||
354 | gcry_mpi_powm (r, r, n, n_square); | ||
355 | gcry_mpi_mulm (c, r, c, n_square); | ||
356 | |||
357 | gcry_mpi_release (n_square); | ||
358 | gcry_mpi_release (r); | ||
359 | } | ||
360 | |||
361 | |||
362 | static void | ||
363 | paillier_decrypt (gcry_mpi_t m, gcry_mpi_t c, gcry_mpi_t mu, gcry_mpi_t lambda, gcry_mpi_t n) | ||
364 | { | ||
365 | gcry_mpi_t n_square; | ||
366 | GNUNET_assert (0 != (n_square = gcry_mpi_new (0))); | ||
367 | gcry_mpi_mul (n_square, n, n); | ||
368 | gcry_mpi_powm (m, c, lambda, n_square); | ||
369 | gcry_mpi_sub_ui (m, m, 1); | ||
370 | // m = m/n | ||
371 | gcry_mpi_div (m, NULL, m, n, 0); | ||
372 | gcry_mpi_mulm (m, m, mu, n); | ||
373 | gcry_mpi_release (n_square); | ||
374 | } | ||
28 | 375 | ||
29 | 376 | ||
30 | /** | 377 | /** |
@@ -40,6 +387,230 @@ cleanup_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
40 | } | 387 | } |
41 | 388 | ||
42 | 389 | ||
390 | static void | ||
391 | generate_presecret_polynomial (struct KeygenSession *ks) | ||
392 | { | ||
393 | int i; | ||
394 | GNUNET_assert (NULL == ks->presecret_polynomial); | ||
395 | ks->presecret_polynomial = GNUNET_malloc (ks->threshold * sizeof (gcry_mpi_t)); | ||
396 | for (i = 0; i < ks->threshold; i++) | ||
397 | { | ||
398 | ks->presecret_polynomial[i] = gcry_mpi_new (PAILLIER_BITS); | ||
399 | gcry_mpi_randomize (ks->presecret_polynomial[i], PAILLIER_BITS, | ||
400 | GCRY_WEAK_RANDOM); | ||
401 | } | ||
402 | } | ||
403 | |||
404 | |||
405 | static void | ||
406 | keygen_round1_new_element (void *cls, | ||
407 | const struct GNUNET_SET_Element *element) | ||
408 | { | ||
409 | const struct GNUNET_SECRETSHARING_KeygenCommitData *d; | ||
410 | struct KeygenSession *ks = cls; | ||
411 | unsigned int i; | ||
412 | |||
413 | if (element->size != sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData)) | ||
414 | { | ||
415 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong size in consensus\n"); | ||
416 | return; | ||
417 | } | ||
418 | |||
419 | d = element->data; | ||
420 | |||
421 | for (i = 0; i < ks->num_peers; i++) | ||
422 | { | ||
423 | if (0 == memcmp (&d->peer, &ks->info[i].peer, sizeof (struct GNUNET_PeerIdentity))) | ||
424 | { | ||
425 | // TODO: check signature and store key data | ||
426 | return; | ||
427 | } | ||
428 | } | ||
429 | |||
430 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity in consensus\n"); | ||
431 | |||
432 | } | ||
433 | |||
434 | |||
435 | /** | ||
436 | * Evaluate the polynomial with coefficients @a coeff at @a x. | ||
437 | * The i-th element in @coeff corresponds to the coefficient of x^i. | ||
438 | * | ||
439 | * @param[out] z result of the evaluation | ||
440 | * @param coeff array of coefficients | ||
441 | * @param num_coeff number of coefficients | ||
442 | * @param x where to evaluate the polynomial | ||
443 | * @param m what group are we operating in? | ||
444 | */ | ||
445 | static void | ||
446 | horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m) | ||
447 | { | ||
448 | unsigned int i; | ||
449 | |||
450 | gcry_mpi_set_ui (z, 0); | ||
451 | for (i = 0; i < num_coeff; i++) | ||
452 | { | ||
453 | // z <- zx + c | ||
454 | gcry_mpi_mul (z, z, x); | ||
455 | gcry_mpi_addm (z, z, coeff[num_coeff - i - 1], m); | ||
456 | } | ||
457 | } | ||
458 | |||
459 | |||
460 | static void | ||
461 | keygen_round2_conclude (void *cls) | ||
462 | { | ||
463 | // TODO: recombine shares and send to client | ||
464 | GNUNET_assert (0); | ||
465 | } | ||
466 | |||
467 | |||
468 | static void | ||
469 | insert_round2_element (struct KeygenSession *ks) | ||
470 | { | ||
471 | struct GNUNET_SET_Element *element; | ||
472 | unsigned int i; | ||
473 | uint16_t big_y_size; | ||
474 | gcry_mpi_t c; | ||
475 | gcry_mpi_t idx; | ||
476 | gcry_mpi_t preshare; | ||
477 | |||
478 | GNUNET_assert (0 != (c = gcry_mpi_new (PAILLIER_BITS))); | ||
479 | GNUNET_assert (0 != (preshare = gcry_mpi_new (PAILLIER_BITS))); | ||
480 | GNUNET_assert (0 != (idx = gcry_mpi_new (PAILLIER_BITS))); | ||
481 | |||
482 | big_y_size = PAILLIER_BITS / 8 * ks->num_peers; | ||
483 | |||
484 | element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + big_y_size); | ||
485 | |||
486 | for (i = 0; i < ks->num_peers; i++) | ||
487 | { | ||
488 | gcry_mpi_set_ui (idx, i + 1); | ||
489 | horner_eval (preshare, ks->presecret_polynomial, ks->threshold, idx, elgamal_p); | ||
490 | // concat 'A', 'y' and 'Y' to the vector | ||
491 | } | ||
492 | |||
493 | for (i = 0; i < ks->threshold; i++) | ||
494 | { | ||
495 | // concat 'a' to the vector | ||
496 | } | ||
497 | |||
498 | GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); | ||
499 | } | ||
500 | |||
501 | |||
502 | |||
503 | static void | ||
504 | keygen_round1_conclude (void *cls) | ||
505 | { | ||
506 | struct KeygenSession *ks = cls; | ||
507 | |||
508 | // TODO: destroy old consensus | ||
509 | |||
510 | ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &ks->session_id, | ||
511 | keygen_round1_new_element, ks); | ||
512 | |||
513 | insert_round2_element (ks); | ||
514 | |||
515 | GNUNET_CONSENSUS_conclude (ks->consensus, GNUNET_TIME_UNIT_FOREVER_REL /* FIXME */, keygen_round2_conclude, ks); | ||
516 | } | ||
517 | |||
518 | |||
519 | static void | ||
520 | insert_round1_element (struct KeygenSession *ks) | ||
521 | { | ||
522 | struct GNUNET_SET_Element *element; | ||
523 | struct GNUNET_SECRETSHARING_KeygenCommitData *d; | ||
524 | gcry_mpi_t v; | ||
525 | unsigned char v_data[PAILLIER_BITS / 8]; | ||
526 | |||
527 | element = GNUNET_malloc (sizeof *element + sizeof *d); | ||
528 | d = (void *) &element[1]; | ||
529 | element->data = d; | ||
530 | element->size = sizeof *d; | ||
531 | |||
532 | GNUNET_assert (0 != (v = gcry_mpi_new (PAILLIER_BITS))); | ||
533 | |||
534 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); | ||
535 | |||
536 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
537 | v_data, PAILLIER_BITS / 8, NULL, | ||
538 | v)); | ||
539 | |||
540 | GNUNET_CRYPTO_hash (v_data, PAILLIER_BITS / 8, &d->commitment); | ||
541 | |||
542 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
543 | (unsigned char *) d->pubkey.g, PAILLIER_BITS / 8, NULL, | ||
544 | ks->paillier_g)); | ||
545 | |||
546 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
547 | (unsigned char *) d->pubkey.mu, PAILLIER_BITS / 8, NULL, | ||
548 | ks->paillier_mu)); | ||
549 | |||
550 | // FIXME: sign stuff | ||
551 | |||
552 | d->peer = my_peer; | ||
553 | |||
554 | GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); | ||
555 | } | ||
556 | |||
557 | |||
558 | /** | ||
559 | * Functions with this signature are called whenever a message is | ||
560 | * received. | ||
561 | * | ||
562 | * @param cls closure | ||
563 | * @param client identification of the client | ||
564 | * @param message the actual message | ||
565 | */ | ||
566 | static void handle_client_keygen (void *cls, | ||
567 | struct GNUNET_SERVER_Client *client, | ||
568 | const struct GNUNET_MessageHeader | ||
569 | *message) | ||
570 | { | ||
571 | const struct GNUNET_SECRETSHARING_CreateMessage *msg = | ||
572 | (const struct GNUNET_SECRETSHARING_CreateMessage *) message; | ||
573 | struct KeygenSession *ks; | ||
574 | |||
575 | ks = GNUNET_new (struct KeygenSession); | ||
576 | |||
577 | GNUNET_CONTAINER_DLL_insert (keygen_sessions_head, keygen_sessions_tail, ks); | ||
578 | |||
579 | ks->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline); | ||
580 | ks->threshold = ntohs (msg->threshold); | ||
581 | ks->num_peers = ntohs (msg->num_peers); | ||
582 | |||
583 | ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1], ks->num_peers, | ||
584 | &ks->num_peers, &ks->local_peer_idx); | ||
585 | |||
586 | ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &msg->session_id, | ||
587 | keygen_round1_new_element, ks); | ||
588 | |||
589 | generate_presecret_polynomial (ks); | ||
590 | |||
591 | insert_round1_element (ks); | ||
592 | |||
593 | GNUNET_CONSENSUS_conclude (ks->consensus, GNUNET_TIME_UNIT_FOREVER_REL /* FIXME */, keygen_round1_conclude, ks); | ||
594 | } | ||
595 | |||
596 | |||
597 | /** | ||
598 | * Functions with this signature are called whenever a message is | ||
599 | * received. | ||
600 | * | ||
601 | * @param cls closure | ||
602 | * @param client identification of the client | ||
603 | * @param message the actual message | ||
604 | */ | ||
605 | static void handle_client_decrypt (void *cls, | ||
606 | struct GNUNET_SERVER_Client *client, | ||
607 | const struct GNUNET_MessageHeader | ||
608 | *message) | ||
609 | { | ||
610 | GNUNET_assert (0); | ||
611 | } | ||
612 | |||
613 | |||
43 | /** | 614 | /** |
44 | * Process template requests. | 615 | * Process template requests. |
45 | * | 616 | * |
@@ -49,13 +620,22 @@ cleanup_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
49 | */ | 620 | */ |
50 | static void | 621 | static void |
51 | run (void *cls, struct GNUNET_SERVER_Handle *server, | 622 | run (void *cls, struct GNUNET_SERVER_Handle *server, |
52 | const struct GNUNET_CONFIGURATION_Handle *cfg) | 623 | const struct GNUNET_CONFIGURATION_Handle *c) |
53 | { | 624 | { |
54 | static const struct GNUNET_SERVER_MessageHandler handlers[] = { | 625 | static const struct GNUNET_SERVER_MessageHandler handlers[] = { |
55 | /* FIXME: add handlers here! */ | 626 | {handle_client_keygen, NULL, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, 0}, |
627 | {handle_client_decrypt, NULL, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, 0}, | ||
56 | {NULL, NULL, 0, 0} | 628 | {NULL, NULL, 0, 0} |
57 | }; | 629 | }; |
58 | /* FIXME: do setup here */ | 630 | cfg = c; |
631 | srv = server; | ||
632 | if (GNUNET_OK != GNUNET_CRYPTO_get_peer_identity (cfg, &my_peer)) | ||
633 | { | ||
634 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "could not retrieve host identity\n"); | ||
635 | GNUNET_break (0); | ||
636 | GNUNET_SCHEDULER_shutdown (); | ||
637 | return; | ||
638 | } | ||
59 | GNUNET_SERVER_add_handlers (server, handlers); | 639 | GNUNET_SERVER_add_handlers (server, handlers); |
60 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup_task, | 640 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup_task, |
61 | NULL); | 641 | NULL); |
@@ -73,8 +653,7 @@ int | |||
73 | main (int argc, char *const *argv) | 653 | main (int argc, char *const *argv) |
74 | { | 654 | { |
75 | return (GNUNET_OK == | 655 | return (GNUNET_OK == |
76 | GNUNET_SERVICE_run (argc, argv, "template", | 656 | GNUNET_SERVICE_run (argc, argv, "secretsharing", |
77 | GNUNET_SERVICE_OPTION_NONE, &run, NULL)) ? 0 : 1; | 657 | GNUNET_SERVICE_OPTION_NONE, &run, NULL)) ? 0 : 1; |
78 | } | 658 | } |
79 | 659 | ||
80 | /* end of gnunet-service-template.c */ | ||
diff --git a/src/secretsharing/secretsharing.h b/src/secretsharing/secretsharing.h new file mode 100644 index 000000000..7025fdfea --- /dev/null +++ b/src/secretsharing/secretsharing.h | |||
@@ -0,0 +1,132 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2013 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @author Florian Dold | ||
23 | * @file secretsharing/secretsharing.h | ||
24 | * @brief messages used for the secretsharing api | ||
25 | */ | ||
26 | #ifndef SECRETSHARING_H | ||
27 | #define SECRETSHARING_H | ||
28 | |||
29 | #include "platform.h" | ||
30 | #include "gnunet_common.h" | ||
31 | #include "gnunet_time_lib.h" | ||
32 | #include "gnunet_secretsharing_service.h" | ||
33 | |||
34 | |||
35 | GNUNET_NETWORK_STRUCT_BEGIN | ||
36 | |||
37 | |||
38 | struct GNUNET_SECRETSHARING_CreateMessage | ||
39 | { | ||
40 | /** | ||
41 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE | ||
42 | */ | ||
43 | struct GNUNET_MessageHeader header; | ||
44 | |||
45 | /** | ||
46 | * Session ID, will be used for consensus. | ||
47 | */ | ||
48 | struct GNUNET_HashCode session_id GNUNET_PACKED; | ||
49 | |||
50 | /** | ||
51 | * Deadline for the establishment of the crypto system. | ||
52 | */ | ||
53 | struct GNUNET_TIME_AbsoluteNBO deadline; | ||
54 | |||
55 | /** | ||
56 | * Mininum number of cooperating peers to decrypt a | ||
57 | * value. | ||
58 | */ | ||
59 | uint16_t threshold GNUNET_PACKED; | ||
60 | |||
61 | /** | ||
62 | * Number of peers at the end of this message. | ||
63 | */ | ||
64 | uint16_t num_peers GNUNET_PACKED; | ||
65 | |||
66 | /* struct GNUNET_PeerIdentity[num_peers]; */ | ||
67 | }; | ||
68 | |||
69 | |||
70 | struct GNUNET_SECRETSHARING_SecretEstablishedMessage | ||
71 | { | ||
72 | /** | ||
73 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_ESTABLISHED | ||
74 | */ | ||
75 | struct GNUNET_MessageHeader header; | ||
76 | |||
77 | /** | ||
78 | * Secret share in network byte order. | ||
79 | */ | ||
80 | unsigned char secret[GNUNET_SECRETSHARING_KEY_BITS / 8]; | ||
81 | |||
82 | /** | ||
83 | * Number of peers at the end of this message. | ||
84 | * Includes peers that are part of the established | ||
85 | * threshold crypto system. | ||
86 | */ | ||
87 | uint16_t num_secret_peers GNUNET_PACKED; | ||
88 | |||
89 | /* struct GNUNET_PeerIdentity[num_peers]; */ | ||
90 | }; | ||
91 | |||
92 | |||
93 | struct GNUNET_SECRETSHARING_DecryptMessage | ||
94 | { | ||
95 | /** | ||
96 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT | ||
97 | */ | ||
98 | struct GNUNET_MessageHeader header; | ||
99 | |||
100 | /** | ||
101 | * Ciphertext to request decryption for. | ||
102 | */ | ||
103 | unsigned char ciphertext[GNUNET_SECRETSHARING_KEY_BITS / 8]; | ||
104 | |||
105 | /** | ||
106 | * Number of peers at the end of this message. | ||
107 | * Includes peers that are part of the established | ||
108 | * threshold crypto system. | ||
109 | */ | ||
110 | uint16_t num_secret_peers GNUNET_PACKED; | ||
111 | |||
112 | /* struct GNUNET_PeerIdentity[num_peers]; */ | ||
113 | }; | ||
114 | |||
115 | |||
116 | struct GNUNET_SECRETSHARING_DecryptDoneMessage | ||
117 | { | ||
118 | /** | ||
119 | * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE | ||
120 | */ | ||
121 | struct GNUNET_MessageHeader header; | ||
122 | |||
123 | /** | ||
124 | * Ciphertext to request decryption for. | ||
125 | */ | ||
126 | unsigned char plaintext[GNUNET_SECRETSHARING_KEY_BITS / 8]; | ||
127 | }; | ||
128 | |||
129 | |||
130 | GNUNET_NETWORK_STRUCT_END | ||
131 | |||
132 | #endif | ||
diff --git a/src/secretsharing/secretsharing_protocol.h b/src/secretsharing/secretsharing_protocol.h new file mode 100644 index 000000000..71e6d50a9 --- /dev/null +++ b/src/secretsharing/secretsharing_protocol.h | |||
@@ -0,0 +1,99 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | (C) 2012 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | |||
22 | /** | ||
23 | * @file secretsharing/secretsharing_protocol.h | ||
24 | * @brief p2p message definitions for secretsharing | ||
25 | * @author Florian Dold | ||
26 | */ | ||
27 | |||
28 | #ifndef GNUNET_SECRETSHARING_PROTOCOL_H | ||
29 | #define GNUNET_SECRETSHARING_PROTOCOL_H | ||
30 | |||
31 | #include "platform.h" | ||
32 | #include "gnunet_common.h" | ||
33 | #include "gnunet_protocols.h" | ||
34 | |||
35 | /** | ||
36 | * Bit length used for the Paillier crypto system. | ||
37 | */ | ||
38 | #define PAILLIER_BITS 2048 | ||
39 | |||
40 | /** | ||
41 | * Big endian representation of the prime field order used | ||
42 | * for ElGamal. | ||
43 | */ | ||
44 | #define ELGAMAL_Q_DATA {0x00 /* FIXME */}; | ||
45 | |||
46 | |||
47 | GNUNET_NETWORK_STRUCT_BEGIN | ||
48 | |||
49 | |||
50 | /** | ||
51 | * Public key for the Paillier crypto system. | ||
52 | */ | ||
53 | struct PaillierPublicKey | ||
54 | { | ||
55 | /** | ||
56 | * Network order representation of the | ||
57 | * g-component. | ||
58 | */ | ||
59 | uint32_t g[PAILLIER_BITS / 8 / sizeof (uint32_t)]; | ||
60 | |||
61 | /** | ||
62 | * Network order representation of the | ||
63 | * g-component. | ||
64 | */ | ||
65 | uint32_t mu[PAILLIER_BITS / 8 / sizeof (uint32_t)]; | ||
66 | }; | ||
67 | |||
68 | |||
69 | /** | ||
70 | * Consensus element data used in the first round of key generation. | ||
71 | */ | ||
72 | struct GNUNET_SECRETSHARING_KeygenCommitData | ||
73 | { | ||
74 | /** | ||
75 | * Signature purpose for signing the keygen commit data. | ||
76 | */ | ||
77 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
78 | /** | ||
79 | * Peer that inserts this element. | ||
80 | */ | ||
81 | struct GNUNET_PeerIdentity peer; | ||
82 | /** | ||
83 | * Ephemeral paillier public key used by 'peer' for | ||
84 | * this session. | ||
85 | */ | ||
86 | struct PaillierPublicKey pubkey GNUNET_PACKED; | ||
87 | /** | ||
88 | * Commitment of 'peer' to his presecret. | ||
89 | */ | ||
90 | struct GNUNET_HashCode commitment GNUNET_PACKED; | ||
91 | /** | ||
92 | * Signature over the previous values. | ||
93 | */ | ||
94 | struct GNUNET_CRYPTO_EddsaSignature signature; | ||
95 | }; | ||
96 | |||
97 | GNUNET_NETWORK_STRUCT_END | ||
98 | |||
99 | #endif | ||