aboutsummaryrefslogtreecommitdiff
path: root/src/secretsharing/gnunet-service-secretsharing.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/secretsharing/gnunet-service-secretsharing.c')
-rw-r--r--src/secretsharing/gnunet-service-secretsharing.c2202
1 files changed, 1158 insertions, 1044 deletions
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c
index 828ff04af..bf7f35920 100644
--- a/src/secretsharing/gnunet-service-secretsharing.c
+++ b/src/secretsharing/gnunet-service-secretsharing.c
@@ -39,7 +39,8 @@
39/** 39/**
40 * Info about a peer in a key generation session. 40 * Info about a peer in a key generation session.
41 */ 41 */
42struct KeygenPeerInfo { 42struct KeygenPeerInfo
43{
43 /** 44 /**
44 * Peer identity of the peer. 45 * Peer identity of the peer.
45 */ 46 */
@@ -84,7 +85,8 @@ struct KeygenPeerInfo {
84/** 85/**
85 * Information about a peer in a decrypt session. 86 * Information about a peer in a decrypt session.
86 */ 87 */
87struct DecryptPeerInfo { 88struct DecryptPeerInfo
89{
88 /** 90 /**
89 * Identity of the peer. 91 * Identity of the peer.
90 */ 92 */
@@ -115,7 +117,8 @@ struct ClientState;
115/** 117/**
116 * Session to establish a threshold-shared secret. 118 * Session to establish a threshold-shared secret.
117 */ 119 */
118struct KeygenSession { 120struct KeygenSession
121{
119 /** 122 /**
120 * Current consensus, used for both DKG rounds. 123 * Current consensus, used for both DKG rounds.
121 */ 124 */
@@ -208,7 +211,8 @@ struct KeygenSession {
208/** 211/**
209 * Session to cooperatively decrypt a value. 212 * Session to cooperatively decrypt a value.
210 */ 213 */
211struct DecryptSession { 214struct DecryptSession
215{
212 /** 216 /**
213 * Handle to the consensus over partial decryptions. 217 * Handle to the consensus over partial decryptions.
214 */ 218 */
@@ -252,7 +256,8 @@ struct DecryptSession {
252/** 256/**
253 * State we keep per client. 257 * State we keep per client.
254 */ 258 */
255struct ClientState { 259struct ClientState
260{
256 /** 261 /**
257 * Decrypt session of the client, if any. 262 * Decrypt session of the client, if any.
258 */ 263 */
@@ -317,13 +322,13 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
317 * @return The Keygen peer info, or NULL if the peer could not be found. 322 * @return The Keygen peer info, or NULL if the peer could not be found.
318 */ 323 */
319static struct KeygenPeerInfo * 324static struct KeygenPeerInfo *
320get_keygen_peer_info(const struct KeygenSession *ks, 325get_keygen_peer_info (const struct KeygenSession *ks,
321 const struct GNUNET_PeerIdentity *peer) 326 const struct GNUNET_PeerIdentity *peer)
322{ 327{
323 unsigned int i; 328 unsigned int i;
324 329
325 for (i = 0; i < ks->num_peers; i++) 330 for (i = 0; i < ks->num_peers; i++)
326 if (0 == GNUNET_memcmp(peer, &ks->info[i].peer)) 331 if (0 == GNUNET_memcmp (peer, &ks->info[i].peer))
327 return &ks->info[i]; 332 return &ks->info[i];
328 return NULL; 333 return NULL;
329} 334}
@@ -337,13 +342,13 @@ get_keygen_peer_info(const struct KeygenSession *ks,
337 * @return The decrypt peer info, or NULL if the peer could not be found. 342 * @return The decrypt peer info, or NULL if the peer could not be found.
338 */ 343 */
339static struct DecryptPeerInfo * 344static struct DecryptPeerInfo *
340get_decrypt_peer_info(const struct DecryptSession *ds, 345get_decrypt_peer_info (const struct DecryptSession *ds,
341 const struct GNUNET_PeerIdentity *peer) 346 const struct GNUNET_PeerIdentity *peer)
342{ 347{
343 unsigned int i; 348 unsigned int i;
344 349
345 for (i = 0; i < ds->share->num_peers; i++) 350 for (i = 0; i < ds->share->num_peers; i++)
346 if (0 == GNUNET_memcmp(peer, &ds->info[i].peer)) 351 if (0 == GNUNET_memcmp (peer, &ds->info[i].peer))
347 return &ds->info[i]; 352 return &ds->info[i];
348 return NULL; 353 return NULL;
349} 354}
@@ -358,14 +363,14 @@ get_decrypt_peer_info(const struct DecryptSession *ds,
358 * @param denum denumerator of the scale factor 363 * @param denum denumerator of the scale factor
359 */ 364 */
360static struct GNUNET_TIME_Absolute 365static struct GNUNET_TIME_Absolute
361time_between(struct GNUNET_TIME_Absolute start, 366time_between (struct GNUNET_TIME_Absolute start,
362 struct GNUNET_TIME_Absolute end, 367 struct GNUNET_TIME_Absolute end,
363 int num, int denum) 368 int num, int denum)
364{ 369{
365 struct GNUNET_TIME_Absolute result; 370 struct GNUNET_TIME_Absolute result;
366 uint64_t diff; 371 uint64_t diff;
367 372
368 GNUNET_assert(start.abs_value_us <= end.abs_value_us); 373 GNUNET_assert (start.abs_value_us <= end.abs_value_us);
369 diff = end.abs_value_us - start.abs_value_us; 374 diff = end.abs_value_us - start.abs_value_us;
370 result.abs_value_us = start.abs_value_us + ((diff * num) / denum); 375 result.abs_value_us = start.abs_value_us + ((diff * num) / denum);
371 376
@@ -381,11 +386,11 @@ time_between(struct GNUNET_TIME_Absolute start,
381 * @return 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2. 386 * @return 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2.
382 */ 387 */
383static int 388static int
384peer_id_cmp(const void *p1, const void *p2) 389peer_id_cmp (const void *p1, const void *p2)
385{ 390{
386 return memcmp(p1, 391 return memcmp (p1,
387 p2, 392 p2,
388 sizeof(struct GNUNET_PeerIdentity)); 393 sizeof(struct GNUNET_PeerIdentity));
389} 394}
390 395
391 396
@@ -399,14 +404,14 @@ peer_id_cmp(const void *p1, const void *p2)
399 * is not in the list. 404 * is not in the list.
400 */ 405 */
401static int 406static int
402peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n, 407peer_find (const struct GNUNET_PeerIdentity *haystack, unsigned int n,
403 const struct GNUNET_PeerIdentity *needle) 408 const struct GNUNET_PeerIdentity *needle)
404{ 409{
405 unsigned int i; 410 unsigned int i;
406 411
407 for (i = 0; i < n; i++) 412 for (i = 0; i < n; i++)
408 if (0 == GNUNET_memcmp(&haystack[i], 413 if (0 == GNUNET_memcmp (&haystack[i],
409 needle)) 414 needle))
410 return i; 415 return i;
411 return -1; 416 return -1;
412} 417}
@@ -423,10 +428,10 @@ peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n,
423 * @return Normalized list, must be free'd by the caller. 428 * @return Normalized list, must be free'd by the caller.
424 */ 429 */
425static struct GNUNET_PeerIdentity * 430static struct GNUNET_PeerIdentity *
426normalize_peers(struct GNUNET_PeerIdentity *listed, 431normalize_peers (struct GNUNET_PeerIdentity *listed,
427 unsigned int num_listed, 432 unsigned int num_listed,
428 unsigned int *num_normalized, 433 unsigned int *num_normalized,
429 unsigned int *my_peer_idx) 434 unsigned int *my_peer_idx)
430{ 435{
431 unsigned int local_peer_in_list; 436 unsigned int local_peer_in_list;
432 /* number of peers in the normalized list */ 437 /* number of peers in the normalized list */
@@ -435,28 +440,28 @@ normalize_peers(struct GNUNET_PeerIdentity *listed,
435 440
436 local_peer_in_list = GNUNET_YES; 441 local_peer_in_list = GNUNET_YES;
437 n = num_listed; 442 n = num_listed;
438 if (peer_find(listed, num_listed, &my_peer) < 0) 443 if (peer_find (listed, num_listed, &my_peer) < 0)
439 { 444 {
440 local_peer_in_list = GNUNET_NO; 445 local_peer_in_list = GNUNET_NO;
441 n += 1; 446 n += 1;
442 } 447 }
443 448
444 normalized = GNUNET_new_array(n, 449 normalized = GNUNET_new_array (n,
445 struct GNUNET_PeerIdentity); 450 struct GNUNET_PeerIdentity);
446 451
447 if (GNUNET_NO == local_peer_in_list) 452 if (GNUNET_NO == local_peer_in_list)
448 normalized[n - 1] = my_peer; 453 normalized[n - 1] = my_peer;
449 454
450 GNUNET_memcpy(normalized, 455 GNUNET_memcpy (normalized,
451 listed, 456 listed,
452 num_listed * sizeof(struct GNUNET_PeerIdentity)); 457 num_listed * sizeof(struct GNUNET_PeerIdentity));
453 qsort(normalized, 458 qsort (normalized,
454 n, 459 n,
455 sizeof(struct GNUNET_PeerIdentity), 460 sizeof(struct GNUNET_PeerIdentity),
456 &peer_id_cmp); 461 &peer_id_cmp);
457 462
458 if (NULL != my_peer_idx) 463 if (NULL != my_peer_idx)
459 *my_peer_idx = peer_find(normalized, n, &my_peer); 464 *my_peer_idx = peer_find (normalized, n, &my_peer);
460 if (NULL != num_normalized) 465 if (NULL != num_normalized)
461 *num_normalized = n; 466 *num_normalized = n;
462 467
@@ -473,9 +478,9 @@ normalize_peers(struct GNUNET_PeerIdentity *listed,
473 * @param num number of indices in @a indices 478 * @param num number of indices in @a indices
474 */ 479 */
475static void 480static void
476compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j, 481compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j,
477 unsigned int *indices, 482 unsigned int *indices,
478 unsigned int num) 483 unsigned int num)
479{ 484{
480 unsigned int i; 485 unsigned int i;
481 /* numerator */ 486 /* numerator */
@@ -485,41 +490,41 @@ compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j,
485 /* temp value for l-j */ 490 /* temp value for l-j */
486 gcry_mpi_t tmp; 491 gcry_mpi_t tmp;
487 492
488 GNUNET_assert(0 != coeff); 493 GNUNET_assert (0 != coeff);
489 494
490 GNUNET_assert(0 != (n = gcry_mpi_new(0))); 495 GNUNET_assert (0 != (n = gcry_mpi_new (0)));
491 GNUNET_assert(0 != (d = gcry_mpi_new(0))); 496 GNUNET_assert (0 != (d = gcry_mpi_new (0)));
492 GNUNET_assert(0 != (tmp = gcry_mpi_new(0))); 497 GNUNET_assert (0 != (tmp = gcry_mpi_new (0)));
493 498
494 gcry_mpi_set_ui(n, 1); 499 gcry_mpi_set_ui (n, 1);
495 gcry_mpi_set_ui(d, 1); 500 gcry_mpi_set_ui (d, 1);
496 501
497 for (i = 0; i < num; i++) 502 for (i = 0; i < num; i++)
498 { 503 {
499 unsigned int l = indices[i]; 504 unsigned int l = indices[i];
500 if (l == j) 505 if (l == j)
501 continue; 506 continue;
502 gcry_mpi_mul_ui(n, n, l + 1); 507 gcry_mpi_mul_ui (n, n, l + 1);
503 // d <- d * (l-j) 508 // d <- d * (l-j)
504 gcry_mpi_set_ui(tmp, l + 1); 509 gcry_mpi_set_ui (tmp, l + 1);
505 gcry_mpi_sub_ui(tmp, tmp, j + 1); 510 gcry_mpi_sub_ui (tmp, tmp, j + 1);
506 gcry_mpi_mul(d, d, tmp); 511 gcry_mpi_mul (d, d, tmp);
507 } 512 }
508 513
509 // gcry_mpi_invm does not like negative numbers ... 514 // gcry_mpi_invm does not like negative numbers ...
510 gcry_mpi_mod(d, d, elgamal_q); 515 gcry_mpi_mod (d, d, elgamal_q);
511 516
512 GNUNET_assert(gcry_mpi_cmp_ui(d, 0) > 0); 517 GNUNET_assert (gcry_mpi_cmp_ui (d, 0) > 0);
513 518
514 // now we do the actual division, with everything mod q, as we 519 // now we do the actual division, with everything mod q, as we
515 // are not operating on elements from <g>, but on exponents 520 // are not operating on elements from <g>, but on exponents
516 GNUNET_assert(0 != gcry_mpi_invm(d, d, elgamal_q)); 521 GNUNET_assert (0 != gcry_mpi_invm (d, d, elgamal_q));
517 522
518 gcry_mpi_mulm(coeff, n, d, elgamal_q); 523 gcry_mpi_mulm (coeff, n, d, elgamal_q);
519 524
520 gcry_mpi_release(n); 525 gcry_mpi_release (n);
521 gcry_mpi_release(d); 526 gcry_mpi_release (d);
522 gcry_mpi_release(tmp); 527 gcry_mpi_release (tmp);
523} 528}
524 529
525 530
@@ -530,117 +535,117 @@ compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j,
530 * @param ds decrypt session to destroy 535 * @param ds decrypt session to destroy
531 */ 536 */
532static void 537static void
533decrypt_session_destroy(struct DecryptSession *ds) 538decrypt_session_destroy (struct DecryptSession *ds)
534{ 539{
535 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 540 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
536 "destroying decrypt session\n"); 541 "destroying decrypt session\n");
537 if (NULL != ds->cs) 542 if (NULL != ds->cs)
538 { 543 {
539 ds->cs->decrypt_session = NULL; 544 ds->cs->decrypt_session = NULL;
540 ds->cs = NULL; 545 ds->cs = NULL;
541 } 546 }
542 if (NULL != ds->consensus) 547 if (NULL != ds->consensus)
543 { 548 {
544 GNUNET_CONSENSUS_destroy(ds->consensus); 549 GNUNET_CONSENSUS_destroy (ds->consensus);
545 ds->consensus = NULL; 550 ds->consensus = NULL;
546 } 551 }
547 552
548 if (NULL != ds->info) 553 if (NULL != ds->info)
554 {
555 for (unsigned int i = 0; i < ds->share->num_peers; i++)
549 { 556 {
550 for (unsigned int i = 0; i < ds->share->num_peers; i++) 557 if (NULL != ds->info[i].partial_decryption)
551 { 558 {
552 if (NULL != ds->info[i].partial_decryption) 559 gcry_mpi_release (ds->info[i].partial_decryption);
553 { 560 ds->info[i].partial_decryption = NULL;
554 gcry_mpi_release(ds->info[i].partial_decryption); 561 }
555 ds->info[i].partial_decryption = NULL;
556 }
557 }
558 GNUNET_free(ds->info);
559 ds->info = NULL;
560 } 562 }
563 GNUNET_free (ds->info);
564 ds->info = NULL;
565 }
561 if (NULL != ds->share) 566 if (NULL != ds->share)
562 { 567 {
563 GNUNET_SECRETSHARING_share_destroy(ds->share); 568 GNUNET_SECRETSHARING_share_destroy (ds->share);
564 ds->share = NULL; 569 ds->share = NULL;
565 } 570 }
566 571
567 GNUNET_free(ds); 572 GNUNET_free (ds);
568} 573}
569 574
570 575
571static void 576static void
572keygen_info_destroy(struct KeygenPeerInfo *info) 577keygen_info_destroy (struct KeygenPeerInfo *info)
573{ 578{
574 if (NULL != info->sigma) 579 if (NULL != info->sigma)
575 { 580 {
576 gcry_mpi_release(info->sigma); 581 gcry_mpi_release (info->sigma);
577 info->sigma = NULL; 582 info->sigma = NULL;
578 } 583 }
579 if (NULL != info->presecret_commitment) 584 if (NULL != info->presecret_commitment)
580 { 585 {
581 gcry_mpi_release(info->presecret_commitment); 586 gcry_mpi_release (info->presecret_commitment);
582 info->presecret_commitment = NULL; 587 info->presecret_commitment = NULL;
583 } 588 }
584 if (NULL != info->preshare_commitment) 589 if (NULL != info->preshare_commitment)
585 { 590 {
586 gcry_mpi_release(info->preshare_commitment); 591 gcry_mpi_release (info->preshare_commitment);
587 info->preshare_commitment = NULL; 592 info->preshare_commitment = NULL;
588 } 593 }
589} 594}
590 595
591 596
592static void 597static void
593keygen_session_destroy(struct KeygenSession *ks) 598keygen_session_destroy (struct KeygenSession *ks)
594{ 599{
595 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 600 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
596 "destroying keygen session\n"); 601 "destroying keygen session\n");
597 602
598 if (NULL != ks->cs) 603 if (NULL != ks->cs)
599 { 604 {
600 ks->cs->keygen_session = NULL; 605 ks->cs->keygen_session = NULL;
601 ks->cs = NULL; 606 ks->cs = NULL;
602 } 607 }
603 if (NULL != ks->info) 608 if (NULL != ks->info)
604 { 609 {
605 for (unsigned int i = 0; i < ks->num_peers; i++) 610 for (unsigned int i = 0; i < ks->num_peers; i++)
606 keygen_info_destroy(&ks->info[i]); 611 keygen_info_destroy (&ks->info[i]);
607 GNUNET_free(ks->info); 612 GNUNET_free (ks->info);
608 ks->info = NULL; 613 ks->info = NULL;
609 } 614 }
610 615
611 if (NULL != ks->consensus) 616 if (NULL != ks->consensus)
612 { 617 {
613 GNUNET_CONSENSUS_destroy(ks->consensus); 618 GNUNET_CONSENSUS_destroy (ks->consensus);
614 ks->consensus = NULL; 619 ks->consensus = NULL;
615 } 620 }
616 621
617 if (NULL != ks->presecret_polynomial) 622 if (NULL != ks->presecret_polynomial)
623 {
624 for (unsigned int i = 0; i < ks->threshold; i++)
618 { 625 {
619 for (unsigned int i = 0; i < ks->threshold; i++) 626 GNUNET_assert (NULL != ks->presecret_polynomial[i]);
620 { 627 gcry_mpi_release (ks->presecret_polynomial[i]);
621 GNUNET_assert(NULL != ks->presecret_polynomial[i]); 628 ks->presecret_polynomial[i] = NULL;
622 gcry_mpi_release(ks->presecret_polynomial[i]);
623 ks->presecret_polynomial[i] = NULL;
624 }
625 GNUNET_free(ks->presecret_polynomial);
626 ks->presecret_polynomial = NULL;
627 } 629 }
630 GNUNET_free (ks->presecret_polynomial);
631 ks->presecret_polynomial = NULL;
632 }
628 if (NULL != ks->my_share) 633 if (NULL != ks->my_share)
629 { 634 {
630 gcry_mpi_release(ks->my_share); 635 gcry_mpi_release (ks->my_share);
631 ks->my_share = NULL; 636 ks->my_share = NULL;
632 } 637 }
633 if (NULL != ks->public_key) 638 if (NULL != ks->public_key)
634 { 639 {
635 gcry_mpi_release(ks->public_key); 640 gcry_mpi_release (ks->public_key);
636 ks->public_key = NULL; 641 ks->public_key = NULL;
637 } 642 }
638 if (NULL != ks->peers) 643 if (NULL != ks->peers)
639 { 644 {
640 GNUNET_free(ks->peers); 645 GNUNET_free (ks->peers);
641 ks->peers = NULL; 646 ks->peers = NULL;
642 } 647 }
643 GNUNET_free(ks); 648 GNUNET_free (ks);
644} 649}
645 650
646 651
@@ -651,7 +656,7 @@ keygen_session_destroy(struct KeygenSession *ks)
651 * @param tc unused 656 * @param tc unused
652 */ 657 */
653static void 658static void
654cleanup_task(void *cls) 659cleanup_task (void *cls)
655{ 660{
656 /* Nothing to do! */ 661 /* Nothing to do! */
657} 662}
@@ -664,26 +669,28 @@ cleanup_task(void *cls)
664 * @param ks the session 669 * @param ks the session
665 */ 670 */
666static void 671static void
667generate_presecret_polynomial(struct KeygenSession *ks) 672generate_presecret_polynomial (struct KeygenSession *ks)
668{ 673{
669 int i; 674 int i;
670 gcry_mpi_t v; 675 gcry_mpi_t v;
671 676
672 GNUNET_assert(NULL == ks->presecret_polynomial); 677 GNUNET_assert (NULL == ks->presecret_polynomial);
673 ks->presecret_polynomial = GNUNET_new_array(ks->threshold, 678 ks->presecret_polynomial = GNUNET_new_array (ks->threshold,
674 gcry_mpi_t); 679 gcry_mpi_t);
675 for (i = 0; i < ks->threshold; i++) 680 for (i = 0; i < ks->threshold; i++)
681 {
682 v = ks->presecret_polynomial[i] = gcry_mpi_new (
683 GNUNET_SECRETSHARING_ELGAMAL_BITS);
684 GNUNET_assert (NULL != v);
685 // Randomize v such that 0 < v < elgamal_q.
686 // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
687 do
676 { 688 {
677 v = ks->presecret_polynomial[i] = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS); 689 gcry_mpi_randomize (v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1,
678 GNUNET_assert(NULL != v); 690 GCRY_WEAK_RANDOM);
679 // Randomize v such that 0 < v < elgamal_q.
680 // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
681 do
682 {
683 gcry_mpi_randomize(v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
684 }
685 while ((gcry_mpi_cmp_ui(v, 0) == 0) || (gcry_mpi_cmp(v, elgamal_q) >= 0));
686 } 691 }
692 while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v, elgamal_q) >= 0));
693 }
687} 694}
688 695
689 696
@@ -696,57 +703,66 @@ generate_presecret_polynomial(struct KeygenSession *ks)
696 * NULL if consensus failed. 703 * NULL if consensus failed.
697 */ 704 */
698static void 705static void
699keygen_round1_new_element(void *cls, 706keygen_round1_new_element (void *cls,
700 const struct GNUNET_SET_Element *element) 707 const struct GNUNET_SET_Element *element)
701{ 708{
702 const struct GNUNET_SECRETSHARING_KeygenCommitData *d; 709 const struct GNUNET_SECRETSHARING_KeygenCommitData *d;
703 struct KeygenSession *ks = cls; 710 struct KeygenSession *ks = cls;
704 struct KeygenPeerInfo *info; 711 struct KeygenPeerInfo *info;
705 712
706 if (NULL == element) 713 if (NULL == element)
707 { 714 {
708 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n"); 715 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n");
709 return; 716 return;
710 } 717 }
711 718
712 /* elements have fixed size */ 719 /* elements have fixed size */
713 if (element->size != sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData)) 720 if (element->size != sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData))
714 { 721 {
715 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 722 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
716 "keygen commit data with wrong size (%u) in consensus, %u expected\n", 723 "keygen commit data with wrong size (%u) in consensus, %u expected\n",
717 (unsigned int)element->size, 724 (unsigned int) element->size,
718 (unsigned int)sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData)); 725 (unsigned int) sizeof(struct
719 return; 726 GNUNET_SECRETSHARING_KeygenCommitData));
720 } 727 return;
728 }
721 729
722 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "got round1 element\n"); 730 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round1 element\n");
723 731
724 d = element->data; 732 d = element->data;
725 info = get_keygen_peer_info(ks, &d->peer); 733 info = get_keygen_peer_info (ks, &d->peer);
726 734
727 if (NULL == info) 735 if (NULL == info)
728 { 736 {
729 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", 737 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
730 GNUNET_i2s(&d->peer)); 738 "keygen commit data with wrong peer identity (%s) in consensus\n",
731 return; 739 GNUNET_i2s (&d->peer));
732 } 740 return;
741 }
733 742
734 /* Check that the right amount of data has been signed. */ 743 /* Check that the right amount of data has been signed. */
735 if (d->purpose.size != 744 if (d->purpose.size !=
736 htonl(element->size - offsetof(struct GNUNET_SECRETSHARING_KeygenCommitData, purpose))) 745 htonl (element->size - offsetof (struct
737 { 746 GNUNET_SECRETSHARING_KeygenCommitData,
738 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong signature purpose size in consensus\n"); 747 purpose)))
739 return; 748 {
740 } 749 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
750 "keygen commit data with wrong signature purpose size in consensus\n");
751 return;
752 }
741 753
742 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, 754 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (
743 &d->purpose, &d->signature, &d->peer.public_key)) 755 GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1,
744 { 756 &d->purpose, &d->signature,
745 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with invalid signature in consensus\n"); 757 &d->peer.public_key))
746 return; 758 {
747 } 759 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
760 "keygen commit data with invalid signature in consensus\n");
761 return;
762 }
748 info->paillier_public_key = d->pubkey; 763 info->paillier_public_key = d->pubkey;
749 GNUNET_CRYPTO_mpi_scan_unsigned(&info->presecret_commitment, &d->commitment, 512 / 8); 764 GNUNET_CRYPTO_mpi_scan_unsigned (&info->presecret_commitment, &d->commitment,
765 512 / 8);
750 info->round1_valid = GNUNET_YES; 766 info->round1_valid = GNUNET_YES;
751} 767}
752 768
@@ -762,22 +778,23 @@ keygen_round1_new_element(void *cls,
762 * @param m what group are we operating in? 778 * @param m what group are we operating in?
763 */ 779 */
764static void 780static void
765horner_eval(gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m) 781horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t
782 x, gcry_mpi_t m)
766{ 783{
767 unsigned int i; 784 unsigned int i;
768 785
769 gcry_mpi_set_ui(z, 0); 786 gcry_mpi_set_ui (z, 0);
770 for (i = 0; i < num_coeff; i++) 787 for (i = 0; i < num_coeff; i++)
771 { 788 {
772 // z <- zx + c 789 // z <- zx + c
773 gcry_mpi_mul(z, z, x); 790 gcry_mpi_mul (z, z, x);
774 gcry_mpi_addm(z, z, coeff[num_coeff - i - 1], m); 791 gcry_mpi_addm (z, z, coeff[num_coeff - i - 1], m);
775 } 792 }
776} 793}
777 794
778 795
779static void 796static void
780keygen_round2_conclude(void *cls) 797keygen_round2_conclude (void *cls)
781{ 798{
782 struct KeygenSession *ks = cls; 799 struct KeygenSession *ks = cls;
783 struct GNUNET_SECRETSHARING_SecretReadyMessage *m; 800 struct GNUNET_SECRETSHARING_SecretReadyMessage *m;
@@ -787,12 +804,12 @@ keygen_round2_conclude(void *cls)
787 unsigned int j; 804 unsigned int j;
788 struct GNUNET_SECRETSHARING_Share *share; 805 struct GNUNET_SECRETSHARING_Share *share;
789 806
790 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "round2 conclude\n"); 807 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n");
791 808
792 GNUNET_CONSENSUS_destroy(ks->consensus); 809 GNUNET_CONSENSUS_destroy (ks->consensus);
793 ks->consensus = NULL; 810 ks->consensus = NULL;
794 811
795 share = GNUNET_new(struct GNUNET_SECRETSHARING_Share); 812 share = GNUNET_new (struct GNUNET_SECRETSHARING_Share);
796 813
797 share->num_peers = 0; 814 share->num_peers = 0;
798 815
@@ -800,71 +817,78 @@ keygen_round2_conclude(void *cls)
800 if (GNUNET_YES == ks->info[i].round2_valid) 817 if (GNUNET_YES == ks->info[i].round2_valid)
801 share->num_peers++; 818 share->num_peers++;
802 819
803 share->peers = GNUNET_new_array(share->num_peers, 820 share->peers = GNUNET_new_array (share->num_peers,
804 struct GNUNET_PeerIdentity); 821 struct GNUNET_PeerIdentity);
805 share->sigmas = 822 share->sigmas =
806 GNUNET_new_array(share->num_peers, 823 GNUNET_new_array (share->num_peers,
807 struct GNUNET_SECRETSHARING_FieldElement); 824 struct GNUNET_SECRETSHARING_FieldElement);
808 share->original_indices = GNUNET_new_array(share->num_peers, 825 share->original_indices = GNUNET_new_array (share->num_peers,
809 uint16_t); 826 uint16_t);
810 827
811 /* maybe we're not even in the list of peers? */ 828 /* maybe we're not even in the list of peers? */
812 share->my_peer = share->num_peers; 829 share->my_peer = share->num_peers;
813 830
814 j = 0; /* running index of valid peers */ 831 j = 0; /* running index of valid peers */
815 for (i = 0; i < ks->num_peers; i++) 832 for (i = 0; i < ks->num_peers; i++)
833 {
834 if (GNUNET_YES == ks->info[i].round2_valid)
816 { 835 {
817 if (GNUNET_YES == ks->info[i].round2_valid) 836 share->peers[j] = ks->info[i].peer;
818 { 837 GNUNET_CRYPTO_mpi_print_unsigned (&share->sigmas[j],
819 share->peers[j] = ks->info[i].peer; 838 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
820 GNUNET_CRYPTO_mpi_print_unsigned(&share->sigmas[j], 839 ks->info[i].sigma);
821 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 840 share->original_indices[i] = j;
822 ks->info[i].sigma); 841 if (0 == GNUNET_memcmp (&share->peers[i], &my_peer))
823 share->original_indices[i] = j; 842 share->my_peer = j;
824 if (0 == GNUNET_memcmp(&share->peers[i], &my_peer)) 843 j += 1;
825 share->my_peer = j;
826 j += 1;
827 }
828 } 844 }
845 }
829 846
830 if (share->my_peer == share->num_peers) 847 if (share->my_peer == share->num_peers)
831 { 848 {
832 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n", ks->local_peer_idx); 849 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n",
833 } 850 ks->local_peer_idx);
851 }
834 852
835 GNUNET_CRYPTO_mpi_print_unsigned(&share->my_share, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 853 GNUNET_CRYPTO_mpi_print_unsigned (&share->my_share,
836 ks->my_share); 854 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
837 GNUNET_CRYPTO_mpi_print_unsigned(&share->public_key, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 855 ks->my_share);
838 ks->public_key); 856 GNUNET_CRYPTO_mpi_print_unsigned (&share->public_key,
857 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
858 ks->public_key);
839 859
840 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n", share->num_peers); 860 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n",
861 share->num_peers);
841 862
842 /* Write the share. If 0 peers completed the dkg, an empty 863 /* Write the share. If 0 peers completed the dkg, an empty
843 * share will be sent. */ 864 * share will be sent. */
844 865
845 GNUNET_assert(GNUNET_OK == GNUNET_SECRETSHARING_share_write(share, NULL, 0, &share_size)); 866 GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, NULL, 0,
867 &share_size));
846 868
847 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n", 869 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n",
848 (unsigned int)share_size); 870 (unsigned int) share_size);
849 871
850 ev = GNUNET_MQ_msg_extra(m, share_size, 872 ev = GNUNET_MQ_msg_extra (m, share_size,
851 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY); 873 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY);
852 874
853 GNUNET_assert(GNUNET_OK == GNUNET_SECRETSHARING_share_write(share, &m[1], share_size, NULL)); 875 GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, &m[1],
876 share_size,
877 NULL));
854 878
855 GNUNET_SECRETSHARING_share_destroy(share); 879 GNUNET_SECRETSHARING_share_destroy (share);
856 share = NULL; 880 share = NULL;
857 881
858 GNUNET_MQ_send(ks->cs->mq, 882 GNUNET_MQ_send (ks->cs->mq,
859 ev); 883 ev);
860} 884}
861 885
862 886
863 887
864static void 888static void
865restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, 889restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
866 const struct GNUNET_SECRETSHARING_FairEncryption *fe, 890 const struct GNUNET_SECRETSHARING_FairEncryption *fe,
867 gcry_mpi_t x, gcry_mpi_t xres) 891 gcry_mpi_t x, gcry_mpi_t xres)
868{ 892{
869 gcry_mpi_t a_1; 893 gcry_mpi_t a_1;
870 gcry_mpi_t a_2; 894 gcry_mpi_t a_2;
@@ -881,103 +905,106 @@ restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
881 gcry_mpi_t v; 905 gcry_mpi_t v;
882 906
883 907
884 GNUNET_assert(NULL != (n = gcry_mpi_new(0))); 908 GNUNET_assert (NULL != (n = gcry_mpi_new (0)));
885 GNUNET_assert(NULL != (t = gcry_mpi_new(0))); 909 GNUNET_assert (NULL != (t = gcry_mpi_new (0)));
886 GNUNET_assert(NULL != (t_1 = gcry_mpi_new(0))); 910 GNUNET_assert (NULL != (t_1 = gcry_mpi_new (0)));
887 GNUNET_assert(NULL != (t_2 = gcry_mpi_new(0))); 911 GNUNET_assert (NULL != (t_2 = gcry_mpi_new (0)));
888 GNUNET_assert(NULL != (r = gcry_mpi_new(0))); 912 GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
889 GNUNET_assert(NULL != (big_t = gcry_mpi_new(0))); 913 GNUNET_assert (NULL != (big_t = gcry_mpi_new (0)));
890 GNUNET_assert(NULL != (v = gcry_mpi_new(0))); 914 GNUNET_assert (NULL != (v = gcry_mpi_new (0)));
891 GNUNET_assert(NULL != (big_a = gcry_mpi_new(0))); 915 GNUNET_assert (NULL != (big_a = gcry_mpi_new (0)));
892 GNUNET_assert(NULL != (big_b = gcry_mpi_new(0))); 916 GNUNET_assert (NULL != (big_b = gcry_mpi_new (0)));
893 917
894 // a = (N,0)^T 918 // a = (N,0)^T
895 GNUNET_CRYPTO_mpi_scan_unsigned(&a_1, 919 GNUNET_CRYPTO_mpi_scan_unsigned (&a_1,
896 ppub, 920 ppub,
897 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); 921 sizeof(struct
898 GNUNET_assert(NULL != (a_2 = gcry_mpi_new(0))); 922 GNUNET_CRYPTO_PaillierPublicKey));
899 gcry_mpi_set_ui(a_2, 0); 923 GNUNET_assert (NULL != (a_2 = gcry_mpi_new (0)));
924 gcry_mpi_set_ui (a_2, 0);
900 // b = (x,1)^T 925 // b = (x,1)^T
901 GNUNET_assert(NULL != (b_1 = gcry_mpi_new(0))); 926 GNUNET_assert (NULL != (b_1 = gcry_mpi_new (0)));
902 gcry_mpi_set(b_1, x); 927 gcry_mpi_set (b_1, x);
903 GNUNET_assert(NULL != (b_2 = gcry_mpi_new(0))); 928 GNUNET_assert (NULL != (b_2 = gcry_mpi_new (0)));
904 gcry_mpi_set_ui(b_2, 1); 929 gcry_mpi_set_ui (b_2, 1);
905 930
906 // A = a DOT a 931 // A = a DOT a
907 gcry_mpi_mul(t, a_1, a_1); 932 gcry_mpi_mul (t, a_1, a_1);
908 gcry_mpi_mul(big_a, a_2, a_2); 933 gcry_mpi_mul (big_a, a_2, a_2);
909 gcry_mpi_add(big_a, big_a, t); 934 gcry_mpi_add (big_a, big_a, t);
910 935
911 // B = b DOT b 936 // B = b DOT b
912 gcry_mpi_mul(t, b_1, b_1); 937 gcry_mpi_mul (t, b_1, b_1);
913 gcry_mpi_mul(big_b, b_2, b_2); 938 gcry_mpi_mul (big_b, b_2, b_2);
914 gcry_mpi_add(big_b, big_b, t); 939 gcry_mpi_add (big_b, big_b, t);
915 940
916 while (1) 941 while (1)
942 {
943 // n = a DOT b
944 gcry_mpi_mul (t, a_1, b_1);
945 gcry_mpi_mul (n, a_2, b_2);
946 gcry_mpi_add (n, n, t);
947
948 // r = nearest(n/B)
949 gcry_mpi_div (r, NULL, n, big_b, 0);
950
951 // T := A - 2rn + rrB
952 gcry_mpi_mul (v, r, n);
953 gcry_mpi_mul_ui (v, v, 2);
954 gcry_mpi_sub (big_t, big_a, v);
955 gcry_mpi_mul (v, r, r);
956 gcry_mpi_mul (v, v, big_b);
957 gcry_mpi_add (big_t, big_t, v);
958
959 if (gcry_mpi_cmp (big_t, big_b) >= 0)
917 { 960 {
918 // n = a DOT b 961 break;
919 gcry_mpi_mul(t, a_1, b_1);
920 gcry_mpi_mul(n, a_2, b_2);
921 gcry_mpi_add(n, n, t);
922
923 // r = nearest(n/B)
924 gcry_mpi_div(r, NULL, n, big_b, 0);
925
926 // T := A - 2rn + rrB
927 gcry_mpi_mul(v, r, n);
928 gcry_mpi_mul_ui(v, v, 2);
929 gcry_mpi_sub(big_t, big_a, v);
930 gcry_mpi_mul(v, r, r);
931 gcry_mpi_mul(v, v, big_b);
932 gcry_mpi_add(big_t, big_t, v);
933
934 if (gcry_mpi_cmp(big_t, big_b) >= 0)
935 {
936 break;
937 }
938
939 // t = a - rb
940 gcry_mpi_mul(v, r, b_1);
941 gcry_mpi_sub(t_1, a_1, v);
942 gcry_mpi_mul(v, r, b_2);
943 gcry_mpi_sub(t_2, a_2, v);
944
945 // a = b
946 gcry_mpi_set(a_1, b_1);
947 gcry_mpi_set(a_2, b_2);
948 // b = t
949 gcry_mpi_set(b_1, t_1);
950 gcry_mpi_set(b_2, t_2);
951
952 gcry_mpi_set(big_a, big_b);
953 gcry_mpi_set(big_b, big_t);
954 } 962 }
955 963
956 gcry_mpi_set(xres, b_2); 964 // t = a - rb
957 gcry_mpi_invm(xres, xres, elgamal_q); 965 gcry_mpi_mul (v, r, b_1);
958 gcry_mpi_mulm(xres, xres, b_1, elgamal_q); 966 gcry_mpi_sub (t_1, a_1, v);
959 967 gcry_mpi_mul (v, r, b_2);
960 gcry_mpi_release(a_1); 968 gcry_mpi_sub (t_2, a_2, v);
961 gcry_mpi_release(a_2); 969
962 gcry_mpi_release(b_1); 970 // a = b
963 gcry_mpi_release(b_2); 971 gcry_mpi_set (a_1, b_1);
964 gcry_mpi_release(big_a); 972 gcry_mpi_set (a_2, b_2);
965 gcry_mpi_release(big_b); 973 // b = t
966 gcry_mpi_release(big_t); 974 gcry_mpi_set (b_1, t_1);
967 gcry_mpi_release(n); 975 gcry_mpi_set (b_2, t_2);
968 gcry_mpi_release(t_1); 976
969 gcry_mpi_release(t_2); 977 gcry_mpi_set (big_a, big_b);
970 gcry_mpi_release(t); 978 gcry_mpi_set (big_b, big_t);
971 gcry_mpi_release(r); 979 }
972 gcry_mpi_release(v); 980
981 gcry_mpi_set (xres, b_2);
982 gcry_mpi_invm (xres, xres, elgamal_q);
983 gcry_mpi_mulm (xres, xres, b_1, elgamal_q);
984
985 gcry_mpi_release (a_1);
986 gcry_mpi_release (a_2);
987 gcry_mpi_release (b_1);
988 gcry_mpi_release (b_2);
989 gcry_mpi_release (big_a);
990 gcry_mpi_release (big_b);
991 gcry_mpi_release (big_t);
992 gcry_mpi_release (n);
993 gcry_mpi_release (t_1);
994 gcry_mpi_release (t_2);
995 gcry_mpi_release (t);
996 gcry_mpi_release (r);
997 gcry_mpi_release (v);
973} 998}
974 999
975 1000
976static void 1001static void
977get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe, 1002get_fair_encryption_challenge (const struct
978 gcry_mpi_t *e) 1003 GNUNET_SECRETSHARING_FairEncryption *fe,
1004 gcry_mpi_t *e)
979{ 1005{
980 struct { 1006 struct
1007 {
981 struct GNUNET_CRYPTO_PaillierCiphertext c; 1008 struct GNUNET_CRYPTO_PaillierCiphertext c;
982 char h[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; 1009 char h[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
983 char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; 1010 char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
@@ -985,27 +1012,28 @@ get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *
985 } hash_data; 1012 } hash_data;
986 struct GNUNET_HashCode e_hash; 1013 struct GNUNET_HashCode e_hash;
987 1014
988 memset(&hash_data, 1015 memset (&hash_data,
989 0, 1016 0,
990 sizeof(hash_data)); 1017 sizeof(hash_data));
991 GNUNET_memcpy(&hash_data.c, &fe->c, sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); 1018 GNUNET_memcpy (&hash_data.c, &fe->c, sizeof(struct
992 GNUNET_memcpy(&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1019 GNUNET_CRYPTO_PaillierCiphertext));
993 GNUNET_memcpy(&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1020 GNUNET_memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
994 GNUNET_memcpy(&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); 1021 GNUNET_memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
995 GNUNET_CRYPTO_hash(&hash_data, 1022 GNUNET_memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
996 sizeof(hash_data), 1023 GNUNET_CRYPTO_hash (&hash_data,
997 &e_hash); 1024 sizeof(hash_data),
1025 &e_hash);
998 /* This allocates "e" */ 1026 /* This allocates "e" */
999 GNUNET_CRYPTO_mpi_scan_unsigned(e, 1027 GNUNET_CRYPTO_mpi_scan_unsigned (e,
1000 &e_hash, 1028 &e_hash,
1001 sizeof(struct GNUNET_HashCode)); 1029 sizeof(struct GNUNET_HashCode));
1002 gcry_mpi_mod(*e, *e, elgamal_q); 1030 gcry_mpi_mod (*e, *e, elgamal_q);
1003} 1031}
1004 1032
1005 1033
1006static int 1034static int
1007verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, 1035verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
1008 const struct GNUNET_SECRETSHARING_FairEncryption *fe) 1036 const struct GNUNET_SECRETSHARING_FairEncryption *fe)
1009{ 1037{
1010 gcry_mpi_t n; 1038 gcry_mpi_t n;
1011 gcry_mpi_t n_sq; 1039 gcry_mpi_t n_sq;
@@ -1020,73 +1048,79 @@ verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
1020 gcry_mpi_t big_y; 1048 gcry_mpi_t big_y;
1021 int res; 1049 int res;
1022 1050
1023 GNUNET_assert(NULL != (n_sq = gcry_mpi_new(0))); 1051 GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
1024 GNUNET_assert(NULL != (tmp1 = gcry_mpi_new(0))); 1052 GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
1025 GNUNET_assert(NULL != (tmp2 = gcry_mpi_new(0))); 1053 GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
1026 1054
1027 get_fair_encryption_challenge(fe, 1055 get_fair_encryption_challenge (fe,
1028 &e /* this allocates e */); 1056 &e /* this allocates e */);
1029 1057
1030 GNUNET_CRYPTO_mpi_scan_unsigned(&n, 1058 GNUNET_CRYPTO_mpi_scan_unsigned (&n,
1031 ppub, 1059 ppub,
1032 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); 1060 sizeof(struct
1033 GNUNET_CRYPTO_mpi_scan_unsigned(&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS / 8); 1061 GNUNET_CRYPTO_PaillierPublicKey));
1034 GNUNET_CRYPTO_mpi_scan_unsigned(&z, fe->z, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1062 GNUNET_CRYPTO_mpi_scan_unsigned (&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS
1035 GNUNET_CRYPTO_mpi_scan_unsigned(&y, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1063 / 8);
1036 GNUNET_CRYPTO_mpi_scan_unsigned(&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8); 1064 GNUNET_CRYPTO_mpi_scan_unsigned (&z, fe->z,
1037 GNUNET_CRYPTO_mpi_scan_unsigned(&big_y, fe->c.bits, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); 1065 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1038 GNUNET_CRYPTO_mpi_scan_unsigned(&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8); 1066 GNUNET_CRYPTO_mpi_scan_unsigned (&y, fe->h,
1039 gcry_mpi_mul(n_sq, n, n); 1067 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1068 GNUNET_CRYPTO_mpi_scan_unsigned (&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8);
1069 GNUNET_CRYPTO_mpi_scan_unsigned (&big_y, fe->c.bits,
1070 GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
1071 GNUNET_CRYPTO_mpi_scan_unsigned (&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS
1072 * 2 / 8);
1073 gcry_mpi_mul (n_sq, n, n);
1040 1074
1041 // tmp1 = g^z 1075 // tmp1 = g^z
1042 gcry_mpi_powm(tmp1, elgamal_g, z, elgamal_p); 1076 gcry_mpi_powm (tmp1, elgamal_g, z, elgamal_p);
1043 // tmp2 = y^{-e} 1077 // tmp2 = y^{-e}
1044 gcry_mpi_powm(tmp1, y, e, elgamal_p); 1078 gcry_mpi_powm (tmp1, y, e, elgamal_p);
1045 gcry_mpi_invm(tmp1, tmp1, elgamal_p); 1079 gcry_mpi_invm (tmp1, tmp1, elgamal_p);
1046 // tmp1 = tmp1 * tmp2 1080 // tmp1 = tmp1 * tmp2
1047 gcry_mpi_mulm(tmp1, tmp1, tmp2, elgamal_p); 1081 gcry_mpi_mulm (tmp1, tmp1, tmp2, elgamal_p);
1048 1082
1049 if (0 == gcry_mpi_cmp(t1, tmp1)) 1083 if (0 == gcry_mpi_cmp (t1, tmp1))
1050 { 1084 {
1051 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n"); 1085 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n");
1052 res = GNUNET_NO; 1086 res = GNUNET_NO;
1053 goto cleanup; 1087 goto cleanup;
1054 } 1088 }
1055 1089
1056 gcry_mpi_powm(big_y, big_y, e, n_sq); 1090 gcry_mpi_powm (big_y, big_y, e, n_sq);
1057 gcry_mpi_invm(big_y, big_y, n_sq); 1091 gcry_mpi_invm (big_y, big_y, n_sq);
1058 1092
1059 gcry_mpi_add_ui(tmp1, n, 1); 1093 gcry_mpi_add_ui (tmp1, n, 1);
1060 gcry_mpi_powm(tmp1, tmp1, z, n_sq); 1094 gcry_mpi_powm (tmp1, tmp1, z, n_sq);
1061 1095
1062 gcry_mpi_powm(tmp2, w, n, n_sq); 1096 gcry_mpi_powm (tmp2, w, n, n_sq);
1063 1097
1064 gcry_mpi_mulm(tmp1, tmp1, tmp2, n_sq); 1098 gcry_mpi_mulm (tmp1, tmp1, tmp2, n_sq);
1065 gcry_mpi_mulm(tmp1, tmp1, big_y, n_sq); 1099 gcry_mpi_mulm (tmp1, tmp1, big_y, n_sq);
1066 1100
1067 1101
1068 if (0 == gcry_mpi_cmp(t2, tmp1)) 1102 if (0 == gcry_mpi_cmp (t2, tmp1))
1069 { 1103 {
1070 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n"); 1104 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n");
1071 res = GNUNET_NO; 1105 res = GNUNET_NO;
1072 goto cleanup; 1106 goto cleanup;
1073 } 1107 }
1074 1108
1075 res = GNUNET_YES; 1109 res = GNUNET_YES;
1076 1110
1077cleanup: 1111cleanup:
1078 1112
1079 gcry_mpi_release(n); 1113 gcry_mpi_release (n);
1080 gcry_mpi_release(n_sq); 1114 gcry_mpi_release (n_sq);
1081 gcry_mpi_release(z); 1115 gcry_mpi_release (z);
1082 gcry_mpi_release(t1); 1116 gcry_mpi_release (t1);
1083 gcry_mpi_release(t2); 1117 gcry_mpi_release (t2);
1084 gcry_mpi_release(e); 1118 gcry_mpi_release (e);
1085 gcry_mpi_release(w); 1119 gcry_mpi_release (w);
1086 gcry_mpi_release(tmp1); 1120 gcry_mpi_release (tmp1);
1087 gcry_mpi_release(tmp2); 1121 gcry_mpi_release (tmp2);
1088 gcry_mpi_release(y); 1122 gcry_mpi_release (y);
1089 gcry_mpi_release(big_y); 1123 gcry_mpi_release (big_y);
1090 return res; 1124 return res;
1091} 1125}
1092 1126
@@ -1098,9 +1132,9 @@ cleanup:
1098 * @param[out] fe the fair encryption 1132 * @param[out] fe the fair encryption
1099 */ 1133 */
1100static void 1134static void
1101encrypt_fair(gcry_mpi_t v, 1135encrypt_fair (gcry_mpi_t v,
1102 const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, 1136 const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
1103 struct GNUNET_SECRETSHARING_FairEncryption *fe) 1137 struct GNUNET_SECRETSHARING_FairEncryption *fe)
1104{ 1138{
1105 gcry_mpi_t r; 1139 gcry_mpi_t r;
1106 gcry_mpi_t s; 1140 gcry_mpi_t s;
@@ -1116,99 +1150,100 @@ encrypt_fair(gcry_mpi_t v,
1116 gcry_mpi_t G; 1150 gcry_mpi_t G;
1117 gcry_mpi_t h; 1151 gcry_mpi_t h;
1118 1152
1119 GNUNET_assert(NULL != (r = gcry_mpi_new(0))); 1153 GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
1120 GNUNET_assert(NULL != (s = gcry_mpi_new(0))); 1154 GNUNET_assert (NULL != (s = gcry_mpi_new (0)));
1121 GNUNET_assert(NULL != (t1 = gcry_mpi_new(0))); 1155 GNUNET_assert (NULL != (t1 = gcry_mpi_new (0)));
1122 GNUNET_assert(NULL != (t2 = gcry_mpi_new(0))); 1156 GNUNET_assert (NULL != (t2 = gcry_mpi_new (0)));
1123 GNUNET_assert(NULL != (z = gcry_mpi_new(0))); 1157 GNUNET_assert (NULL != (z = gcry_mpi_new (0)));
1124 GNUNET_assert(NULL != (w = gcry_mpi_new(0))); 1158 GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
1125 GNUNET_assert(NULL != (n_sq = gcry_mpi_new(0))); 1159 GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
1126 GNUNET_assert(NULL != (u = gcry_mpi_new(0))); 1160 GNUNET_assert (NULL != (u = gcry_mpi_new (0)));
1127 GNUNET_assert(NULL != (Y = gcry_mpi_new(0))); 1161 GNUNET_assert (NULL != (Y = gcry_mpi_new (0)));
1128 GNUNET_assert(NULL != (G = gcry_mpi_new(0))); 1162 GNUNET_assert (NULL != (G = gcry_mpi_new (0)));
1129 GNUNET_assert(NULL != (h = gcry_mpi_new(0))); 1163 GNUNET_assert (NULL != (h = gcry_mpi_new (0)));
1130 1164
1131 GNUNET_CRYPTO_mpi_scan_unsigned(&n, 1165 GNUNET_CRYPTO_mpi_scan_unsigned (&n,
1132 ppub, 1166 ppub,
1133 sizeof(struct GNUNET_CRYPTO_PaillierPublicKey)); 1167 sizeof(struct
1134 gcry_mpi_mul(n_sq, n, n); 1168 GNUNET_CRYPTO_PaillierPublicKey));
1135 gcry_mpi_add_ui(G, n, 1); 1169 gcry_mpi_mul (n_sq, n, n);
1170 gcry_mpi_add_ui (G, n, 1);
1136 1171
1137 do 1172 do
1138 { 1173 {
1139 gcry_mpi_randomize(u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); 1174 gcry_mpi_randomize (u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1140 } 1175 }
1141 while (gcry_mpi_cmp(u, n) >= 0); 1176 while (gcry_mpi_cmp (u, n) >= 0);
1142 1177
1143 gcry_mpi_powm(t1, G, v, n_sq); 1178 gcry_mpi_powm (t1, G, v, n_sq);
1144 gcry_mpi_powm(t2, u, n, n_sq); 1179 gcry_mpi_powm (t2, u, n, n_sq);
1145 gcry_mpi_mulm(Y, t1, t2, n_sq); 1180 gcry_mpi_mulm (Y, t1, t2, n_sq);
1146 1181
1147 GNUNET_CRYPTO_mpi_print_unsigned(fe->c.bits, 1182 GNUNET_CRYPTO_mpi_print_unsigned (fe->c.bits,
1148 sizeof fe->c.bits, 1183 sizeof fe->c.bits,
1149 Y); 1184 Y);
1150 1185
1151 1186
1152 gcry_mpi_randomize(r, 2048, GCRY_WEAK_RANDOM); 1187 gcry_mpi_randomize (r, 2048, GCRY_WEAK_RANDOM);
1153 do 1188 do
1154 { 1189 {
1155 gcry_mpi_randomize(s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM); 1190 gcry_mpi_randomize (s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1156 } 1191 }
1157 while (gcry_mpi_cmp(s, n) >= 0); 1192 while (gcry_mpi_cmp (s, n) >= 0);
1158 1193
1159 // compute t1 1194 // compute t1
1160 gcry_mpi_mulm(t1, elgamal_g, r, elgamal_p); 1195 gcry_mpi_mulm (t1, elgamal_g, r, elgamal_p);
1161 // compute t2 (use z and w as temp) 1196 // compute t2 (use z and w as temp)
1162 gcry_mpi_powm(z, G, r, n_sq); 1197 gcry_mpi_powm (z, G, r, n_sq);
1163 gcry_mpi_powm(w, s, n, n_sq); 1198 gcry_mpi_powm (w, s, n, n_sq);
1164 gcry_mpi_mulm(t2, z, w, n_sq); 1199 gcry_mpi_mulm (t2, z, w, n_sq);
1165 1200
1166 1201
1167 gcry_mpi_powm(h, elgamal_g, v, elgamal_p); 1202 gcry_mpi_powm (h, elgamal_g, v, elgamal_p);
1168 1203
1169 GNUNET_CRYPTO_mpi_print_unsigned(fe->h, 1204 GNUNET_CRYPTO_mpi_print_unsigned (fe->h,
1170 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 1205 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
1171 h); 1206 h);
1172 1207
1173 GNUNET_CRYPTO_mpi_print_unsigned(fe->t1, 1208 GNUNET_CRYPTO_mpi_print_unsigned (fe->t1,
1174 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 1209 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
1175 t1); 1210 t1);
1176 1211
1177 GNUNET_CRYPTO_mpi_print_unsigned(fe->t2, 1212 GNUNET_CRYPTO_mpi_print_unsigned (fe->t2,
1178 GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8, 1213 GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8,
1179 t2); 1214 t2);
1180 1215
1181 get_fair_encryption_challenge(fe, 1216 get_fair_encryption_challenge (fe,
1182 &e /* This allocates "e" */); 1217 &e /* This allocates "e" */);
1183 1218
1184 // compute z 1219 // compute z
1185 gcry_mpi_mul(z, e, v); 1220 gcry_mpi_mul (z, e, v);
1186 gcry_mpi_addm(z, z, r, elgamal_q); 1221 gcry_mpi_addm (z, z, r, elgamal_q);
1187 // compute w 1222 // compute w
1188 gcry_mpi_powm(w, u, e, n); 1223 gcry_mpi_powm (w, u, e, n);
1189 gcry_mpi_mulm(w, w, s, n); 1224 gcry_mpi_mulm (w, w, s, n);
1190 1225
1191 GNUNET_CRYPTO_mpi_print_unsigned(fe->z, 1226 GNUNET_CRYPTO_mpi_print_unsigned (fe->z,
1192 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, 1227 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
1193 z); 1228 z);
1194 1229
1195 GNUNET_CRYPTO_mpi_print_unsigned(fe->w, 1230 GNUNET_CRYPTO_mpi_print_unsigned (fe->w,
1196 GNUNET_CRYPTO_PAILLIER_BITS / 8, 1231 GNUNET_CRYPTO_PAILLIER_BITS / 8,
1197 w); 1232 w);
1198 1233
1199 gcry_mpi_release(n); 1234 gcry_mpi_release (n);
1200 gcry_mpi_release(r); 1235 gcry_mpi_release (r);
1201 gcry_mpi_release(s); 1236 gcry_mpi_release (s);
1202 gcry_mpi_release(t1); 1237 gcry_mpi_release (t1);
1203 gcry_mpi_release(t2); 1238 gcry_mpi_release (t2);
1204 gcry_mpi_release(z); 1239 gcry_mpi_release (z);
1205 gcry_mpi_release(w); 1240 gcry_mpi_release (w);
1206 gcry_mpi_release(e); 1241 gcry_mpi_release (e);
1207 gcry_mpi_release(n_sq); 1242 gcry_mpi_release (n_sq);
1208 gcry_mpi_release(u); 1243 gcry_mpi_release (u);
1209 gcry_mpi_release(Y); 1244 gcry_mpi_release (Y);
1210 gcry_mpi_release(G); 1245 gcry_mpi_release (G);
1211 gcry_mpi_release(h); 1246 gcry_mpi_release (h);
1212} 1247}
1213 1248
1214 1249
@@ -1223,7 +1258,7 @@ encrypt_fair(gcry_mpi_t v,
1223 * @param ks session to use 1258 * @param ks session to use
1224 */ 1259 */
1225static void 1260static void
1226insert_round2_element(struct KeygenSession *ks) 1261insert_round2_element (struct KeygenSession *ks)
1227{ 1262{
1228 struct GNUNET_SET_Element *element; 1263 struct GNUNET_SET_Element *element;
1229 struct GNUNET_SECRETSHARING_KeygenRevealData *d; 1264 struct GNUNET_SECRETSHARING_KeygenRevealData *d;
@@ -1234,140 +1269,152 @@ insert_round2_element(struct KeygenSession *ks)
1234 gcry_mpi_t idx; 1269 gcry_mpi_t idx;
1235 gcry_mpi_t v; 1270 gcry_mpi_t v;
1236 1271
1237 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n", 1272 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n",
1238 ks->local_peer_idx); 1273 ks->local_peer_idx);
1239 1274
1240 GNUNET_assert(NULL != (v = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); 1275 GNUNET_assert (NULL != (v = gcry_mpi_new (
1241 GNUNET_assert(NULL != (idx = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); 1276 GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1277 GNUNET_assert (NULL != (idx = gcry_mpi_new (
1278 GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1242 1279
1243 element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) + 1280 element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData)
1244 sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + 1281 + sizeof(struct GNUNET_SECRETSHARING_FairEncryption)
1245 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); 1282 * ks->num_peers
1283 + GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold);
1246 1284
1247 element = GNUNET_malloc(sizeof(struct GNUNET_SET_Element) + element_size); 1285 element = GNUNET_malloc (sizeof(struct GNUNET_SET_Element) + element_size);
1248 element->size = element_size; 1286 element->size = element_size;
1249 element->data = (void *)&element[1]; 1287 element->data = (void *) &element[1];
1250 1288
1251 d = (void *)element->data; 1289 d = (void *) element->data;
1252 d->peer = my_peer; 1290 d->peer = my_peer;
1253 1291
1254 // start inserting vector elements 1292 // start inserting vector elements
1255 // after the fixed part of the element's data 1293 // after the fixed part of the element's data
1256 pos = (void *)&d[1]; 1294 pos = (void *) &d[1];
1257 last_pos = pos + element_size; 1295 last_pos = pos + element_size;
1258 1296
1259 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n", 1297 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n",
1260 ks->local_peer_idx); 1298 ks->local_peer_idx);
1261 1299
1262 // encrypted pre-shares 1300 // encrypted pre-shares
1263 // and fair encryption proof 1301 // and fair encryption proof
1264 { 1302 {
1265 for (i = 0; i < ks->num_peers; i++) 1303 for (i = 0; i < ks->num_peers; i++)
1304 {
1305 ptrdiff_t remaining = last_pos - pos;
1306 struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *) pos;
1307
1308 GNUNET_assert (remaining > 0);
1309 memset (fe, 0, sizeof *fe);
1310 if (GNUNET_YES == ks->info[i].round1_valid)
1266 { 1311 {
1267 ptrdiff_t remaining = last_pos - pos; 1312 gcry_mpi_set_ui (idx, i + 1);
1268 struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *)pos; 1313 // evaluate the polynomial
1269 1314 horner_eval (v, ks->presecret_polynomial, ks->threshold, idx,
1270 GNUNET_assert(remaining > 0); 1315 elgamal_q);
1271 memset(fe, 0, sizeof *fe); 1316 // encrypt the result
1272 if (GNUNET_YES == ks->info[i].round1_valid) 1317 encrypt_fair (v, &ks->info[i].paillier_public_key, fe);
1273 {
1274 gcry_mpi_set_ui(idx, i + 1);
1275 // evaluate the polynomial
1276 horner_eval(v, ks->presecret_polynomial, ks->threshold, idx, elgamal_q);
1277 // encrypt the result
1278 encrypt_fair(v, &ks->info[i].paillier_public_key, fe);
1279 }
1280 pos += sizeof *fe;
1281 } 1318 }
1319 pos += sizeof *fe;
1320 }
1282 } 1321 }
1283 1322
1284 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n", 1323 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n",
1285 ks->local_peer_idx); 1324 ks->local_peer_idx);
1286 1325
1287 // exponentiated coefficients 1326 // exponentiated coefficients
1288 for (i = 0; i < ks->threshold; i++) 1327 for (i = 0; i < ks->threshold; i++)
1289 { 1328 {
1290 ptrdiff_t remaining = last_pos - pos; 1329 ptrdiff_t remaining = last_pos - pos;
1291 GNUNET_assert(remaining > 0); 1330 GNUNET_assert (remaining > 0);
1292 gcry_mpi_powm(v, elgamal_g, ks->presecret_polynomial[i], elgamal_p); 1331 gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p);
1293 GNUNET_CRYPTO_mpi_print_unsigned(pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); 1332 GNUNET_CRYPTO_mpi_print_unsigned (pos, GNUNET_SECRETSHARING_ELGAMAL_BITS
1294 pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8; 1333 / 8, v);
1295 } 1334 pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8;
1335 }
1296 1336
1297 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n", 1337 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n",
1298 ks->local_peer_idx); 1338 ks->local_peer_idx);
1299 1339
1300 1340
1301 d->purpose.size = htonl(element_size - offsetof(struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)); 1341 d->purpose.size = htonl (element_size - offsetof (struct
1302 d->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2); 1342 GNUNET_SECRETSHARING_KeygenRevealData,
1303 GNUNET_assert(GNUNET_OK == 1343 purpose));
1304 GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, 1344 d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2);
1305 &d->purpose, 1345 GNUNET_assert (GNUNET_OK ==
1306 &d->signature)); 1346 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
1347 &d->purpose,
1348 &d->signature));
1307 1349
1308 GNUNET_CONSENSUS_insert(ks->consensus, element, NULL, NULL); 1350 GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
1309 GNUNET_free(element); /* FIXME: maybe stack-allocate instead? */ 1351 GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */
1310 1352
1311 gcry_mpi_release(v); 1353 gcry_mpi_release (v);
1312 gcry_mpi_release(idx); 1354 gcry_mpi_release (idx);
1313} 1355}
1314 1356
1315 1357
1316static gcry_mpi_t 1358static gcry_mpi_t
1317keygen_reveal_get_exp_coeff(struct KeygenSession *ks, 1359keygen_reveal_get_exp_coeff (struct KeygenSession *ks,
1318 const struct GNUNET_SECRETSHARING_KeygenRevealData *d, 1360 const struct
1319 unsigned int idx) 1361 GNUNET_SECRETSHARING_KeygenRevealData *d,
1362 unsigned int idx)
1320{ 1363{
1321 unsigned char *pos; 1364 unsigned char *pos;
1322 gcry_mpi_t exp_coeff; 1365 gcry_mpi_t exp_coeff;
1323 1366
1324 GNUNET_assert(idx < ks->threshold); 1367 GNUNET_assert (idx < ks->threshold);
1325 1368
1326 pos = (void *)&d[1]; 1369 pos = (void *) &d[1];
1327 // skip encrypted pre-shares 1370 // skip encrypted pre-shares
1328 pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers; 1371 pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers;
1329 // skip exp. coeffs we are not interested in 1372 // skip exp. coeffs we are not interested in
1330 pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx; 1373 pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx;
1331 // the first exponentiated coefficient is the public key share 1374 // the first exponentiated coefficient is the public key share
1332 GNUNET_CRYPTO_mpi_scan_unsigned(&exp_coeff, pos, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1375 GNUNET_CRYPTO_mpi_scan_unsigned (&exp_coeff, pos,
1376 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1333 return exp_coeff; 1377 return exp_coeff;
1334} 1378}
1335 1379
1336 1380
1337static struct GNUNET_SECRETSHARING_FairEncryption * 1381static struct GNUNET_SECRETSHARING_FairEncryption *
1338keygen_reveal_get_enc_preshare(struct KeygenSession *ks, 1382keygen_reveal_get_enc_preshare (struct KeygenSession *ks,
1339 const struct GNUNET_SECRETSHARING_KeygenRevealData *d, 1383 const struct
1340 unsigned int idx) 1384 GNUNET_SECRETSHARING_KeygenRevealData *d,
1385 unsigned int idx)
1341{ 1386{
1342 unsigned char *pos; 1387 unsigned char *pos;
1343 1388
1344 GNUNET_assert(idx < ks->num_peers); 1389 GNUNET_assert (idx < ks->num_peers);
1345 1390
1346 pos = (void *)&d[1]; 1391 pos = (void *) &d[1];
1347 // skip encrypted pre-shares we're not interested in 1392 // skip encrypted pre-shares we're not interested in
1348 pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * idx; 1393 pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * idx;
1349 return (struct GNUNET_SECRETSHARING_FairEncryption *)pos; 1394 return (struct GNUNET_SECRETSHARING_FairEncryption *) pos;
1350} 1395}
1351 1396
1352 1397
1353static gcry_mpi_t 1398static gcry_mpi_t
1354keygen_reveal_get_exp_preshare(struct KeygenSession *ks, 1399keygen_reveal_get_exp_preshare (struct KeygenSession *ks,
1355 const struct GNUNET_SECRETSHARING_KeygenRevealData *d, 1400 const struct
1356 unsigned int idx) 1401 GNUNET_SECRETSHARING_KeygenRevealData *d,
1402 unsigned int idx)
1357{ 1403{
1358 gcry_mpi_t exp_preshare; 1404 gcry_mpi_t exp_preshare;
1359 struct GNUNET_SECRETSHARING_FairEncryption *fe; 1405 struct GNUNET_SECRETSHARING_FairEncryption *fe;
1360 1406
1361 GNUNET_assert(idx < ks->num_peers); 1407 GNUNET_assert (idx < ks->num_peers);
1362 fe = keygen_reveal_get_enc_preshare(ks, d, idx); 1408 fe = keygen_reveal_get_enc_preshare (ks, d, idx);
1363 GNUNET_CRYPTO_mpi_scan_unsigned(&exp_preshare, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1409 GNUNET_CRYPTO_mpi_scan_unsigned (&exp_preshare, fe->h,
1410 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1364 return exp_preshare; 1411 return exp_preshare;
1365} 1412}
1366 1413
1367 1414
1368static void 1415static void
1369keygen_round2_new_element(void *cls, 1416keygen_round2_new_element (void *cls,
1370 const struct GNUNET_SET_Element *element) 1417 const struct GNUNET_SET_Element *element)
1371{ 1418{
1372 struct KeygenSession *ks = cls; 1419 struct KeygenSession *ks = cls;
1373 const struct GNUNET_SECRETSHARING_KeygenRevealData *d; 1420 const struct GNUNET_SECRETSHARING_KeygenRevealData *d;
@@ -1380,180 +1427,197 @@ keygen_round2_new_element(void *cls,
1380 gcry_mpi_t preshare; 1427 gcry_mpi_t preshare;
1381 1428
1382 if (NULL == element) 1429 if (NULL == element)
1383 { 1430 {
1384 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n"); 1431 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n");
1385 return; 1432 return;
1386 } 1433 }
1387 1434
1388 expected_element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData) + 1435 expected_element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData)
1389 sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers + 1436 + sizeof(struct
1390 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold); 1437 GNUNET_SECRETSHARING_FairEncryption)
1438 * ks->num_peers
1439 + GNUNET_SECRETSHARING_ELGAMAL_BITS / 8
1440 * ks->threshold);
1391 1441
1392 if (element->size != expected_element_size) 1442 if (element->size != expected_element_size)
1393 { 1443 {
1394 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 1444 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1395 "keygen round2 data with wrong size (%u) in consensus, %u expected\n", 1445 "keygen round2 data with wrong size (%u) in consensus, %u expected\n",
1396 (unsigned int)element->size, 1446 (unsigned int) element->size,
1397 (unsigned int)expected_element_size); 1447 (unsigned int) expected_element_size);
1398 return; 1448 return;
1399 } 1449 }
1400 1450
1401 d = (const void *)element->data; 1451 d = (const void *) element->data;
1402 1452
1403 info = get_keygen_peer_info(ks, &d->peer); 1453 info = get_keygen_peer_info (ks, &d->peer);
1404 1454
1405 if (NULL == info) 1455 if (NULL == info)
1406 { 1456 {
1407 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n", 1457 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1408 GNUNET_i2s(&d->peer)); 1458 "keygen commit data with wrong peer identity (%s) in consensus\n",
1409 return; 1459 GNUNET_i2s (&d->peer));
1410 } 1460 return;
1461 }
1411 1462
1412 if (GNUNET_NO == info->round1_valid) 1463 if (GNUNET_NO == info->round1_valid)
1413 { 1464 {
1414 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 1465 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1415 "ignoring round2 element from peer with invalid round1 element (%s)\n", 1466 "ignoring round2 element from peer with invalid round1 element (%s)\n",
1416 GNUNET_i2s(&d->peer)); 1467 GNUNET_i2s (&d->peer));
1417 return; 1468 return;
1418 } 1469 }
1419 1470
1420 if (GNUNET_YES == info->round2_valid) 1471 if (GNUNET_YES == info->round2_valid)
1421 { 1472 {
1422 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 1473 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1423 "ignoring duplicate round2 element (%s)\n", 1474 "ignoring duplicate round2 element (%s)\n",
1424 GNUNET_i2s(&d->peer)); 1475 GNUNET_i2s (&d->peer));
1425 return; 1476 return;
1426 } 1477 }
1427 1478
1428 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "got round2 element\n"); 1479 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round2 element\n");
1429 1480
1430 if (ntohl(d->purpose.size) != 1481 if (ntohl (d->purpose.size) !=
1431 element->size - offsetof(struct GNUNET_SECRETSHARING_KeygenRevealData, purpose)) 1482 element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData,
1432 { 1483 purpose))
1433 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with wrong signature purpose size in consensus\n"); 1484 {
1434 return; 1485 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1435 } 1486 "keygen reveal data with wrong signature purpose size in consensus\n");
1487 return;
1488 }
1436 1489
1437 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, 1490 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (
1438 &d->purpose, &d->signature, &d->peer.public_key)) 1491 GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2,
1439 { 1492 &d->purpose, &d->signature,
1440 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with invalid signature in consensus\n"); 1493 &d->peer.public_key))
1441 return; 1494 {
1442 } 1495 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1496 "keygen reveal data with invalid signature in consensus\n");
1497 return;
1498 }
1443 1499
1444 public_key_share = keygen_reveal_get_exp_coeff(ks, d, 0); 1500 public_key_share = keygen_reveal_get_exp_coeff (ks, d, 0);
1445 info->preshare_commitment = keygen_reveal_get_exp_preshare(ks, d, ks->local_peer_idx); 1501 info->preshare_commitment = keygen_reveal_get_exp_preshare (ks, d,
1502 ks->local_peer_idx);
1446 1503
1447 if (NULL == ks->public_key) 1504 if (NULL == ks->public_key)
1448 { 1505 {
1449 GNUNET_assert(NULL != (ks->public_key = gcry_mpi_new(0))); 1506 GNUNET_assert (NULL != (ks->public_key = gcry_mpi_new (0)));
1450 gcry_mpi_set_ui(ks->public_key, 1); 1507 gcry_mpi_set_ui (ks->public_key, 1);
1451 } 1508 }
1452 gcry_mpi_mulm(ks->public_key, ks->public_key, public_key_share, elgamal_p); 1509 gcry_mpi_mulm (ks->public_key, ks->public_key, public_key_share, elgamal_p);
1453 1510
1454 gcry_mpi_release(public_key_share); 1511 gcry_mpi_release (public_key_share);
1455 public_key_share = NULL; 1512 public_key_share = NULL;
1456 1513
1457 { 1514 {
1458 struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare(ks, d, ks->local_peer_idx); 1515 struct GNUNET_SECRETSHARING_FairEncryption *fe =
1459 GNUNET_assert(NULL != (preshare = gcry_mpi_new(0))); 1516 keygen_reveal_get_enc_preshare (ks, d, ks->local_peer_idx);
1460 GNUNET_CRYPTO_paillier_decrypt(&ks->paillier_private_key, 1517 GNUNET_assert (NULL != (preshare = gcry_mpi_new (0)));
1461 &ks->info[ks->local_peer_idx].paillier_public_key, 1518 GNUNET_CRYPTO_paillier_decrypt (&ks->paillier_private_key,
1462 &fe->c, 1519 &ks->info[ks->local_peer_idx].
1463 preshare); 1520 paillier_public_key,
1521 &fe->c,
1522 preshare);
1464 1523
1465 // FIXME: not doing the restoration is less expensive 1524 // FIXME: not doing the restoration is less expensive
1466 restore_fair(&ks->info[ks->local_peer_idx].paillier_public_key, 1525 restore_fair (&ks->info[ks->local_peer_idx].paillier_public_key,
1467 fe, 1526 fe,
1468 preshare, 1527 preshare,
1469 preshare); 1528 preshare);
1470 } 1529 }
1471 1530
1472 GNUNET_assert(NULL != (tmp = gcry_mpi_new(0))); 1531 GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
1473 gcry_mpi_powm(tmp, elgamal_g, preshare, elgamal_p); 1532 gcry_mpi_powm (tmp, elgamal_g, preshare, elgamal_p);
1474 1533
1475 cmp_result = gcry_mpi_cmp(tmp, info->preshare_commitment); 1534 cmp_result = gcry_mpi_cmp (tmp, info->preshare_commitment);
1476 gcry_mpi_release(tmp); 1535 gcry_mpi_release (tmp);
1477 tmp = NULL; 1536 tmp = NULL;
1478 if (0 != cmp_result) 1537 if (0 != cmp_result)
1479 { 1538 {
1480 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: Got invalid presecret from P%u\n", 1539 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1481 (unsigned int)ks->local_peer_idx, (unsigned int)(info - ks->info)); 1540 "P%u: Got invalid presecret from P%u\n",
1482 return; 1541 (unsigned int) ks->local_peer_idx, (unsigned int) (info
1483 } 1542 - ks->info));
1543 return;
1544 }
1484 1545
1485 if (NULL == ks->my_share) 1546 if (NULL == ks->my_share)
1486 { 1547 {
1487 GNUNET_assert(NULL != (ks->my_share = gcry_mpi_new(0))); 1548 GNUNET_assert (NULL != (ks->my_share = gcry_mpi_new (0)));
1488 } 1549 }
1489 gcry_mpi_addm(ks->my_share, ks->my_share, preshare, elgamal_q); 1550 gcry_mpi_addm (ks->my_share, ks->my_share, preshare, elgamal_q);
1490 1551
1491 for (j = 0; j < ks->num_peers; j++) 1552 for (j = 0; j < ks->num_peers; j++)
1553 {
1554 gcry_mpi_t presigma;
1555 if (NULL == ks->info[j].sigma)
1492 { 1556 {
1493 gcry_mpi_t presigma; 1557 GNUNET_assert (NULL != (ks->info[j].sigma = gcry_mpi_new (0)));
1494 if (NULL == ks->info[j].sigma) 1558 gcry_mpi_set_ui (ks->info[j].sigma, 1);
1495 {
1496 GNUNET_assert(NULL != (ks->info[j].sigma = gcry_mpi_new(0)));
1497 gcry_mpi_set_ui(ks->info[j].sigma, 1);
1498 }
1499 presigma = keygen_reveal_get_exp_preshare(ks, d, j);
1500 gcry_mpi_mulm(ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p);
1501 gcry_mpi_release(presigma);
1502 } 1559 }
1560 presigma = keygen_reveal_get_exp_preshare (ks, d, j);
1561 gcry_mpi_mulm (ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p);
1562 gcry_mpi_release (presigma);
1563 }
1503 1564
1504 gcry_mpi_t prod; 1565 gcry_mpi_t prod;
1505 GNUNET_assert(NULL != (prod = gcry_mpi_new(0))); 1566 GNUNET_assert (NULL != (prod = gcry_mpi_new (0)));
1506 gcry_mpi_t j_to_k; 1567 gcry_mpi_t j_to_k;
1507 GNUNET_assert(NULL != (j_to_k = gcry_mpi_new(0))); 1568 GNUNET_assert (NULL != (j_to_k = gcry_mpi_new (0)));
1508 // validate that the polynomial sharing matches the additive sharing 1569 // validate that the polynomial sharing matches the additive sharing
1509 for (j = 0; j < ks->num_peers; j++) 1570 for (j = 0; j < ks->num_peers; j++)
1571 {
1572 unsigned int k;
1573 int cmp_result;
1574 gcry_mpi_t exp_preshare;
1575 gcry_mpi_set_ui (prod, 1);
1576 for (k = 0; k < ks->threshold; k++)
1577 {
1578 // Using pow(double,double) is a bit sketchy.
1579 // We count players from 1, but shares from 0.
1580 gcry_mpi_t tmp;
1581 gcry_mpi_set_ui (j_to_k, (unsigned int) pow (j + 1, k));
1582 tmp = keygen_reveal_get_exp_coeff (ks, d, k);
1583 gcry_mpi_powm (tmp, tmp, j_to_k, elgamal_p);
1584 gcry_mpi_mulm (prod, prod, tmp, elgamal_p);
1585 gcry_mpi_release (tmp);
1586 }
1587 exp_preshare = keygen_reveal_get_exp_preshare (ks, d, j);
1588 gcry_mpi_mod (exp_preshare, exp_preshare, elgamal_p);
1589 cmp_result = gcry_mpi_cmp (prod, exp_preshare);
1590 gcry_mpi_release (exp_preshare);
1591 exp_preshare = NULL;
1592 if (0 != cmp_result)
1510 { 1593 {
1511 unsigned int k; 1594 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1512 int cmp_result; 1595 "P%u: reveal data from P%u incorrect\n",
1513 gcry_mpi_t exp_preshare; 1596 ks->local_peer_idx, j);
1514 gcry_mpi_set_ui(prod, 1); 1597 /* no need for further verification, round2 stays invalid ... */
1515 for (k = 0; k < ks->threshold; k++) 1598 return;
1516 {
1517 // Using pow(double,double) is a bit sketchy.
1518 // We count players from 1, but shares from 0.
1519 gcry_mpi_t tmp;
1520 gcry_mpi_set_ui(j_to_k, (unsigned int)pow(j + 1, k));
1521 tmp = keygen_reveal_get_exp_coeff(ks, d, k);
1522 gcry_mpi_powm(tmp, tmp, j_to_k, elgamal_p);
1523 gcry_mpi_mulm(prod, prod, tmp, elgamal_p);
1524 gcry_mpi_release(tmp);
1525 }
1526 exp_preshare = keygen_reveal_get_exp_preshare(ks, d, j);
1527 gcry_mpi_mod(exp_preshare, exp_preshare, elgamal_p);
1528 cmp_result = gcry_mpi_cmp(prod, exp_preshare);
1529 gcry_mpi_release(exp_preshare);
1530 exp_preshare = NULL;
1531 if (0 != cmp_result)
1532 {
1533 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect\n",
1534 ks->local_peer_idx, j);
1535 /* no need for further verification, round2 stays invalid ... */
1536 return;
1537 }
1538 } 1599 }
1600 }
1539 1601
1540 // TODO: verify proof of fair encryption (once implemented) 1602 // TODO: verify proof of fair encryption (once implemented)
1541 for (j = 0; j < ks->num_peers; j++) 1603 for (j = 0; j < ks->num_peers; j++)
1604 {
1605 struct GNUNET_SECRETSHARING_FairEncryption *fe =
1606 keygen_reveal_get_enc_preshare (ks, d, j);
1607 if (GNUNET_YES != verify_fair (&ks->info[j].paillier_public_key, fe))
1542 { 1608 {
1543 struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare(ks, d, j); 1609 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1544 if (GNUNET_YES != verify_fair(&ks->info[j].paillier_public_key, fe)) 1610 "P%u: reveal data from P%u incorrect (fair encryption)\n",
1545 { 1611 ks->local_peer_idx, j);
1546 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect (fair encryption)\n", 1612 return;
1547 ks->local_peer_idx, j);
1548 return;
1549 }
1550 } 1613 }
1614 }
1551 1615
1552 info->round2_valid = GNUNET_YES; 1616 info->round2_valid = GNUNET_YES;
1553 1617
1554 gcry_mpi_release(preshare); 1618 gcry_mpi_release (preshare);
1555 gcry_mpi_release(prod); 1619 gcry_mpi_release (prod);
1556 gcry_mpi_release(j_to_k); 1620 gcry_mpi_release (j_to_k);
1557} 1621}
1558 1622
1559 1623
@@ -1564,22 +1628,24 @@ keygen_round2_new_element(void *cls,
1564 * @param cls closure 1628 * @param cls closure
1565 */ 1629 */
1566static void 1630static void
1567keygen_round1_conclude(void *cls) 1631keygen_round1_conclude (void *cls)
1568{ 1632{
1569 struct KeygenSession *ks = cls; 1633 struct KeygenSession *ks = cls;
1570 1634
1571 GNUNET_CONSENSUS_destroy(ks->consensus); 1635 GNUNET_CONSENSUS_destroy (ks->consensus);
1572 1636
1573 ks->consensus = GNUNET_CONSENSUS_create(cfg, ks->num_peers, ks->peers, &ks->session_id, 1637 ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers,
1574 time_between(ks->start_time, ks->deadline, 1, 2), 1638 &ks->session_id,
1575 ks->deadline, 1639 time_between (ks->start_time,
1576 keygen_round2_new_element, ks); 1640 ks->deadline, 1, 2),
1641 ks->deadline,
1642 keygen_round2_new_element, ks);
1577 1643
1578 insert_round2_element(ks); 1644 insert_round2_element (ks);
1579 1645
1580 GNUNET_CONSENSUS_conclude(ks->consensus, 1646 GNUNET_CONSENSUS_conclude (ks->consensus,
1581 keygen_round2_conclude, 1647 keygen_round2_conclude,
1582 ks); 1648 ks);
1583} 1649}
1584 1650
1585 1651
@@ -1590,7 +1656,7 @@ keygen_round1_conclude(void *cls)
1590 * @param ks session to use 1656 * @param ks session to use
1591 */ 1657 */
1592static void 1658static void
1593insert_round1_element(struct KeygenSession *ks) 1659insert_round1_element (struct KeygenSession *ks)
1594{ 1660{
1595 struct GNUNET_SET_Element *element; 1661 struct GNUNET_SET_Element *element;
1596 struct GNUNET_SECRETSHARING_KeygenCommitData *d; 1662 struct GNUNET_SECRETSHARING_KeygenCommitData *d;
@@ -1599,34 +1665,38 @@ insert_round1_element(struct KeygenSession *ks)
1599 // big-endian representation of 'v' 1665 // big-endian representation of 'v'
1600 unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8]; 1666 unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
1601 1667
1602 element = GNUNET_malloc(sizeof *element + sizeof *d); 1668 element = GNUNET_malloc (sizeof *element + sizeof *d);
1603 d = (void *)&element[1]; 1669 d = (void *) &element[1];
1604 element->data = d; 1670 element->data = d;
1605 element->size = sizeof *d; 1671 element->size = sizeof *d;
1606 1672
1607 d->peer = my_peer; 1673 d->peer = my_peer;
1608 1674
1609 GNUNET_assert(0 != (v = gcry_mpi_new(GNUNET_SECRETSHARING_ELGAMAL_BITS))); 1675 GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1610 1676
1611 gcry_mpi_powm(v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); 1677 gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p);
1612 1678
1613 GNUNET_CRYPTO_mpi_print_unsigned(v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, v); 1679 GNUNET_CRYPTO_mpi_print_unsigned (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS
1680 / 8, v);
1614 1681
1615 GNUNET_CRYPTO_hash(v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, &d->commitment); 1682 GNUNET_CRYPTO_hash (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
1683 &d->commitment);
1616 1684
1617 d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key; 1685 d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key;
1618 1686
1619 d->purpose.size = htonl((sizeof *d) - offsetof(struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)); 1687 d->purpose.size = htonl ((sizeof *d) - offsetof (struct
1620 d->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); 1688 GNUNET_SECRETSHARING_KeygenCommitData,
1621 GNUNET_assert(GNUNET_OK == 1689 purpose));
1622 GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, 1690 d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1);
1623 &d->purpose, 1691 GNUNET_assert (GNUNET_OK ==
1624 &d->signature)); 1692 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
1693 &d->purpose,
1694 &d->signature));
1625 1695
1626 GNUNET_CONSENSUS_insert(ks->consensus, element, NULL, NULL); 1696 GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
1627 1697
1628 gcry_mpi_release(v); 1698 gcry_mpi_release (v);
1629 GNUNET_free(element); 1699 GNUNET_free (element);
1630} 1700}
1631 1701
1632 1702
@@ -1638,17 +1708,17 @@ insert_round1_element(struct KeygenSession *ks)
1638 * @return #GNUNET_OK if @a msg is well-formed 1708 * @return #GNUNET_OK if @a msg is well-formed
1639 */ 1709 */
1640static int 1710static int
1641check_client_keygen(void *cls, 1711check_client_keygen (void *cls,
1642 const struct GNUNET_SECRETSHARING_CreateMessage *msg) 1712 const struct GNUNET_SECRETSHARING_CreateMessage *msg)
1643{ 1713{
1644 unsigned int num_peers = ntohs(msg->num_peers); 1714 unsigned int num_peers = ntohs (msg->num_peers);
1645 1715
1646 if (ntohs(msg->header.size) - sizeof(*msg) != 1716 if (ntohs (msg->header.size) - sizeof(*msg) !=
1647 num_peers * sizeof(struct GNUNET_PeerIdentity)) 1717 num_peers * sizeof(struct GNUNET_PeerIdentity))
1648 { 1718 {
1649 GNUNET_break(0); 1719 GNUNET_break (0);
1650 return GNUNET_SYSERR; 1720 return GNUNET_SYSERR;
1651 } 1721 }
1652 return GNUNET_OK; 1722 return GNUNET_OK;
1653} 1723}
1654 1724
@@ -1661,72 +1731,75 @@ check_client_keygen(void *cls,
1661 * @param msg the actual message 1731 * @param msg the actual message
1662 */ 1732 */
1663static void 1733static void
1664handle_client_keygen(void *cls, 1734handle_client_keygen (void *cls,
1665 const struct GNUNET_SECRETSHARING_CreateMessage *msg) 1735 const struct GNUNET_SECRETSHARING_CreateMessage *msg)
1666{ 1736{
1667 struct ClientState *cs = cls; 1737 struct ClientState *cs = cls;
1668 struct KeygenSession *ks; 1738 struct KeygenSession *ks;
1669 1739
1670 GNUNET_log(GNUNET_ERROR_TYPE_INFO, 1740 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1671 "client requested key generation\n"); 1741 "client requested key generation\n");
1672 if (NULL != cs->keygen_session) 1742 if (NULL != cs->keygen_session)
1673 { 1743 {
1674 GNUNET_break(0); 1744 GNUNET_break (0);
1675 GNUNET_SERVICE_client_drop(cs->client); 1745 GNUNET_SERVICE_client_drop (cs->client);
1676 return; 1746 return;
1677 } 1747 }
1678 ks = GNUNET_new(struct KeygenSession); 1748 ks = GNUNET_new (struct KeygenSession);
1679 ks->cs = cs; 1749 ks->cs = cs;
1680 cs->keygen_session = ks; 1750 cs->keygen_session = ks;
1681 ks->deadline = GNUNET_TIME_absolute_ntoh(msg->deadline); 1751 ks->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline);
1682 ks->threshold = ntohs(msg->threshold); 1752 ks->threshold = ntohs (msg->threshold);
1683 ks->num_peers = ntohs(msg->num_peers); 1753 ks->num_peers = ntohs (msg->num_peers);
1684 1754
1685 ks->peers = normalize_peers((struct GNUNET_PeerIdentity *)&msg[1], 1755 ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1],
1686 ks->num_peers, 1756 ks->num_peers,
1687 &ks->num_peers, 1757 &ks->num_peers,
1688 &ks->local_peer_idx); 1758 &ks->local_peer_idx);
1689 1759
1690 1760
1691 GNUNET_log(GNUNET_ERROR_TYPE_INFO, 1761 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1692 "first round of consensus with %u peers\n", 1762 "first round of consensus with %u peers\n",
1693 ks->num_peers); 1763 ks->num_peers);
1694 ks->consensus = GNUNET_CONSENSUS_create(cfg, 1764 ks->consensus = GNUNET_CONSENSUS_create (cfg,
1695 ks->num_peers, 1765 ks->num_peers,
1696 ks->peers, 1766 ks->peers,
1697 &msg->session_id, 1767 &msg->session_id,
1698 GNUNET_TIME_absolute_ntoh(msg->start), 1768 GNUNET_TIME_absolute_ntoh (
1699 GNUNET_TIME_absolute_ntoh(msg->deadline), 1769 msg->start),
1700 keygen_round1_new_element, 1770 GNUNET_TIME_absolute_ntoh (
1701 ks); 1771 msg->deadline),
1702 1772 keygen_round1_new_element,
1703 ks->info = GNUNET_new_array(ks->num_peers, 1773 ks);
1704 struct KeygenPeerInfo); 1774
1775 ks->info = GNUNET_new_array (ks->num_peers,
1776 struct KeygenPeerInfo);
1705 1777
1706 for (unsigned int i = 0; i < ks->num_peers; i++) 1778 for (unsigned int i = 0; i < ks->num_peers; i++)
1707 ks->info[i].peer = ks->peers[i]; 1779 ks->info[i].peer = ks->peers[i];
1708 1780
1709 GNUNET_CRYPTO_paillier_create(&ks->info[ks->local_peer_idx].paillier_public_key, 1781 GNUNET_CRYPTO_paillier_create (
1710 &ks->paillier_private_key); 1782 &ks->info[ks->local_peer_idx].paillier_public_key,
1711 1783 &ks->paillier_private_key);
1712 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 1784
1713 "P%u: Generated paillier key pair\n", 1785 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1714 ks->local_peer_idx); 1786 "P%u: Generated paillier key pair\n",
1715 generate_presecret_polynomial(ks); 1787 ks->local_peer_idx);
1716 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 1788 generate_presecret_polynomial (ks);
1717 "P%u: Generated presecret polynomial\n", 1789 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1718 ks->local_peer_idx); 1790 "P%u: Generated presecret polynomial\n",
1719 insert_round1_element(ks); 1791 ks->local_peer_idx);
1720 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 1792 insert_round1_element (ks);
1721 "P%u: Concluding for round 1\n", 1793 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1722 ks->local_peer_idx); 1794 "P%u: Concluding for round 1\n",
1723 GNUNET_CONSENSUS_conclude(ks->consensus, 1795 ks->local_peer_idx);
1724 keygen_round1_conclude, 1796 GNUNET_CONSENSUS_conclude (ks->consensus,
1725 ks); 1797 keygen_round1_conclude,
1726 GNUNET_SERVICE_client_continue(cs->client); 1798 ks);
1727 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 1799 GNUNET_SERVICE_client_continue (cs->client);
1728 "P%u: Waiting for round 1 elements ...\n", 1800 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1729 ks->local_peer_idx); 1801 "P%u: Waiting for round 1 elements ...\n",
1802 ks->local_peer_idx);
1730} 1803}
1731 1804
1732 1805
@@ -1734,7 +1807,7 @@ handle_client_keygen(void *cls,
1734 * Called when the partial decryption consensus concludes. 1807 * Called when the partial decryption consensus concludes.
1735 */ 1808 */
1736static void 1809static void
1737decrypt_conclude(void *cls) 1810decrypt_conclude (void *cls)
1738{ 1811{
1739 struct DecryptSession *ds = cls; 1812 struct DecryptSession *ds = cls;
1740 struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg; 1813 struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg;
@@ -1749,64 +1822,68 @@ decrypt_conclude(void *cls)
1749 unsigned int i; 1822 unsigned int i;
1750 unsigned int j; 1823 unsigned int j;
1751 1824
1752 GNUNET_CONSENSUS_destroy(ds->consensus); 1825 GNUNET_CONSENSUS_destroy (ds->consensus);
1753 ds->consensus = NULL; 1826 ds->consensus = NULL;
1754 1827
1755 GNUNET_assert(0 != (lagrange = gcry_mpi_new(0))); 1828 GNUNET_assert (0 != (lagrange = gcry_mpi_new (0)));
1756 GNUNET_assert(0 != (m = gcry_mpi_new(0))); 1829 GNUNET_assert (0 != (m = gcry_mpi_new (0)));
1757 GNUNET_assert(0 != (tmp = gcry_mpi_new(0))); 1830 GNUNET_assert (0 != (tmp = gcry_mpi_new (0)));
1758 GNUNET_assert(0 != (prod = gcry_mpi_new(0))); 1831 GNUNET_assert (0 != (prod = gcry_mpi_new (0)));
1759 1832
1760 num = 0; 1833 num = 0;
1761 for (i = 0; i < ds->share->num_peers; i++) 1834 for (i = 0; i < ds->share->num_peers; i++)
1762 if (NULL != ds->info[i].partial_decryption) 1835 if (NULL != ds->info[i].partial_decryption)
1763 num++; 1836 num++;
1764 1837
1765 indices = GNUNET_new_array(num, 1838 indices = GNUNET_new_array (num,
1766 unsigned int); 1839 unsigned int);
1767 j = 0; 1840 j = 0;
1768 for (i = 0; i < ds->share->num_peers; i++) 1841 for (i = 0; i < ds->share->num_peers; i++)
1769 if (NULL != ds->info[i].partial_decryption) 1842 if (NULL != ds->info[i].partial_decryption)
1770 indices[j++] = ds->info[i].original_index; 1843 indices[j++] = ds->info[i].original_index;
1771 1844
1772 GNUNET_log(GNUNET_ERROR_TYPE_INFO, 1845 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1773 "P%u: decrypt conclude, with %u peers\n", 1846 "P%u: decrypt conclude, with %u peers\n",
1774 ds->share->my_peer, 1847 ds->share->my_peer,
1775 num); 1848 num);
1776 1849
1777 gcry_mpi_set_ui(prod, 1); 1850 gcry_mpi_set_ui (prod, 1);
1778 for (i = 0; i < num; i++) 1851 for (i = 0; i < num; i++)
1779 { 1852 {
1780 GNUNET_log(GNUNET_ERROR_TYPE_INFO, 1853 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1781 "P%u: index of %u: %u\n", 1854 "P%u: index of %u: %u\n",
1782 ds->share->my_peer, i, indices[i]); 1855 ds->share->my_peer, i, indices[i]);
1783 compute_lagrange_coefficient(lagrange, indices[i], indices, num); 1856 compute_lagrange_coefficient (lagrange, indices[i], indices, num);
1784 // w_i^{\lambda_i} 1857 // w_i^{\lambda_i}
1785 gcry_mpi_powm(tmp, ds->info[indices[i]].partial_decryption, lagrange, elgamal_p); 1858 gcry_mpi_powm (tmp, ds->info[indices[i]].partial_decryption, lagrange,
1786 1859 elgamal_p);
1787 // product of all exponentiated partiel decryptions ... 1860
1788 gcry_mpi_mulm(prod, prod, tmp, elgamal_p); 1861 // product of all exponentiated partiel decryptions ...
1789 } 1862 gcry_mpi_mulm (prod, prod, tmp, elgamal_p);
1863 }
1790 1864
1791 GNUNET_CRYPTO_mpi_scan_unsigned(&c_2, ds->ciphertext.c2_bits, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 1865 GNUNET_CRYPTO_mpi_scan_unsigned (&c_2, ds->ciphertext.c2_bits,
1866 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1792 1867
1793 GNUNET_assert(0 != gcry_mpi_invm(prod, prod, elgamal_p)); 1868 GNUNET_assert (0 != gcry_mpi_invm (prod, prod, elgamal_p));
1794 gcry_mpi_mulm(m, c_2, prod, elgamal_p); 1869 gcry_mpi_mulm (m, c_2, prod, elgamal_p);
1795 ev = GNUNET_MQ_msg(msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE); 1870 ev = GNUNET_MQ_msg (msg,
1796 GNUNET_CRYPTO_mpi_print_unsigned(&msg->plaintext, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m); 1871 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE);
1797 msg->success = htonl(1); 1872 GNUNET_CRYPTO_mpi_print_unsigned (&msg->plaintext,
1798 GNUNET_MQ_send(ds->cs->mq, 1873 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m);
1799 ev); 1874 msg->success = htonl (1);
1875 GNUNET_MQ_send (ds->cs->mq,
1876 ev);
1800 1877
1801 GNUNET_log(GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n"); 1878 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n");
1802 1879
1803 GNUNET_free(indices); 1880 GNUNET_free (indices);
1804 1881
1805 gcry_mpi_release(lagrange); 1882 gcry_mpi_release (lagrange);
1806 gcry_mpi_release(m); 1883 gcry_mpi_release (m);
1807 gcry_mpi_release(tmp); 1884 gcry_mpi_release (tmp);
1808 gcry_mpi_release(prod); 1885 gcry_mpi_release (prod);
1809 gcry_mpi_release(c_2); 1886 gcry_mpi_release (c_2);
1810 1887
1811 // FIXME: what if not enough peers participated? 1888 // FIXME: what if not enough peers participated?
1812} 1889}
@@ -1820,12 +1897,12 @@ decrypt_conclude(void *cls)
1820 * @return string representation of @a mpi, must be free'd by the caller 1897 * @return string representation of @a mpi, must be free'd by the caller
1821 */ 1898 */
1822static char * 1899static char *
1823mpi_to_str(gcry_mpi_t mpi) 1900mpi_to_str (gcry_mpi_t mpi)
1824{ 1901{
1825 unsigned char *buf; 1902 unsigned char *buf;
1826 1903
1827 GNUNET_assert(0 == gcry_mpi_aprint(GCRYMPI_FMT_HEX, &buf, NULL, mpi)); 1904 GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, mpi));
1828 return (char *)buf; 1905 return (char *) buf;
1829} 1906}
1830 1907
1831 1908
@@ -1833,8 +1910,8 @@ mpi_to_str(gcry_mpi_t mpi)
1833 * Called when a new partial decryption arrives. 1910 * Called when a new partial decryption arrives.
1834 */ 1911 */
1835static void 1912static void
1836decrypt_new_element(void *cls, 1913decrypt_new_element (void *cls,
1837 const struct GNUNET_SET_Element *element) 1914 const struct GNUNET_SET_Element *element)
1838{ 1915{
1839 struct DecryptSession *session = cls; 1916 struct DecryptSession *session = cls;
1840 const struct GNUNET_SECRETSHARING_DecryptData *d; 1917 const struct GNUNET_SECRETSHARING_DecryptData *d;
@@ -1862,132 +1939,150 @@ decrypt_new_element(void *cls,
1862 gcry_mpi_t tmp2; 1939 gcry_mpi_t tmp2;
1863 1940
1864 if (NULL == element) 1941 if (NULL == element)
1865 { 1942 {
1866 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decryption failed\n"); 1943 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n");
1867 /* FIXME: destroy */ 1944 /* FIXME: destroy */
1868 return; 1945 return;
1869 } 1946 }
1870 1947
1871 if (element->size != sizeof *d) 1948 if (element->size != sizeof *d)
1872 { 1949 {
1873 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "element of wrong size in decrypt consensus\n"); 1950 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1874 return; 1951 "element of wrong size in decrypt consensus\n");
1875 } 1952 return;
1953 }
1876 1954
1877 d = element->data; 1955 d = element->data;
1878 1956
1879 info = get_decrypt_peer_info(session, &d->peer); 1957 info = get_decrypt_peer_info (session, &d->peer);
1880 1958
1881 if (NULL == info) 1959 if (NULL == info)
1882 { 1960 {
1883 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt element from invalid peer (%s)\n", 1961 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1884 GNUNET_i2s(&d->peer)); 1962 "decrypt element from invalid peer (%s)\n",
1885 return; 1963 GNUNET_i2s (&d->peer));
1886 } 1964 return;
1965 }
1887 1966
1888 if (NULL != info->partial_decryption) 1967 if (NULL != info->partial_decryption)
1889 { 1968 {
1890 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n"); 1969 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n");
1891 return; 1970 return;
1892 } 1971 }
1893
1894 if (0 != GNUNET_memcmp(&d->ciphertext, &session->ciphertext))
1895 {
1896 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "P%u: got decrypt element with non-matching ciphertext from P%u\n",
1897 (unsigned int)session->share->my_peer, (unsigned int)(info - session->info));
1898 1972
1899 return; 1973 if (0 != GNUNET_memcmp (&d->ciphertext, &session->ciphertext))
1900 } 1974 {
1975 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1976 "P%u: got decrypt element with non-matching ciphertext from P%u\n",
1977 (unsigned int) session->share->my_peer, (unsigned int) (info
1978 -
1979 session
1980 ->info));
1981
1982 return;
1983 }
1901 1984
1902 1985
1903 GNUNET_CRYPTO_hash(offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *)d, 1986 GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData,
1904 offsetof(struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - 1987 ciphertext) + (char *) d,
1905 offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext), 1988 offsetof (struct GNUNET_SECRETSHARING_DecryptData,
1906 &challenge_hash); 1989 nizk_response)
1990 - offsetof (struct GNUNET_SECRETSHARING_DecryptData,
1991 ciphertext),
1992 &challenge_hash);
1907 1993
1908 GNUNET_CRYPTO_mpi_scan_unsigned(&challenge, &challenge_hash, 1994 GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash,
1909 sizeof(struct GNUNET_HashCode)); 1995 sizeof(struct GNUNET_HashCode));
1910 1996
1911 GNUNET_CRYPTO_mpi_scan_unsigned(&sigma, &session->share->sigmas[info - session->info], 1997 GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &session->share->sigmas[info
1912 sizeof(struct GNUNET_SECRETSHARING_FieldElement)); 1998 - session->
1999 info],
2000 sizeof(struct
2001 GNUNET_SECRETSHARING_FieldElement));
1913 2002
1914 GNUNET_CRYPTO_mpi_scan_unsigned(&c1, session->ciphertext.c1_bits, 2003 GNUNET_CRYPTO_mpi_scan_unsigned (&c1, session->ciphertext.c1_bits,
1915 sizeof(struct GNUNET_SECRETSHARING_FieldElement)); 2004 sizeof(struct
2005 GNUNET_SECRETSHARING_FieldElement));
1916 2006
1917 GNUNET_CRYPTO_mpi_scan_unsigned(&commit1, &d->nizk_commit1, 2007 GNUNET_CRYPTO_mpi_scan_unsigned (&commit1, &d->nizk_commit1,
1918 sizeof(struct GNUNET_SECRETSHARING_FieldElement)); 2008 sizeof(struct
2009 GNUNET_SECRETSHARING_FieldElement));
1919 2010
1920 GNUNET_CRYPTO_mpi_scan_unsigned(&commit2, &d->nizk_commit2, 2011 GNUNET_CRYPTO_mpi_scan_unsigned (&commit2, &d->nizk_commit2,
1921 sizeof(struct GNUNET_SECRETSHARING_FieldElement)); 2012 sizeof(struct
2013 GNUNET_SECRETSHARING_FieldElement));
1922 2014
1923 GNUNET_CRYPTO_mpi_scan_unsigned(&r, &d->nizk_response, 2015 GNUNET_CRYPTO_mpi_scan_unsigned (&r, &d->nizk_response,
1924 sizeof(struct GNUNET_SECRETSHARING_FieldElement)); 2016 sizeof(struct
2017 GNUNET_SECRETSHARING_FieldElement));
1925 2018
1926 GNUNET_CRYPTO_mpi_scan_unsigned(&w, &d->partial_decryption, 2019 GNUNET_CRYPTO_mpi_scan_unsigned (&w, &d->partial_decryption,
1927 sizeof(struct GNUNET_SECRETSHARING_FieldElement)); 2020 sizeof(struct
2021 GNUNET_SECRETSHARING_FieldElement));
1928 2022
1929 GNUNET_assert(NULL != (tmp1 = gcry_mpi_new(0))); 2023 GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
1930 GNUNET_assert(NULL != (tmp2 = gcry_mpi_new(0))); 2024 GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
1931 2025
1932 // tmp1 = g^r 2026 // tmp1 = g^r
1933 gcry_mpi_powm(tmp1, elgamal_g, r, elgamal_p); 2027 gcry_mpi_powm (tmp1, elgamal_g, r, elgamal_p);
1934 2028
1935 // tmp2 = g^\beta * \sigma^challenge 2029 // tmp2 = g^\beta * \sigma^challenge
1936 gcry_mpi_powm(tmp2, sigma, challenge, elgamal_p); 2030 gcry_mpi_powm (tmp2, sigma, challenge, elgamal_p);
1937 gcry_mpi_mulm(tmp2, tmp2, commit1, elgamal_p); 2031 gcry_mpi_mulm (tmp2, tmp2, commit1, elgamal_p);
1938 2032
1939 if (0 != gcry_mpi_cmp(tmp1, tmp2)) 2033 if (0 != gcry_mpi_cmp (tmp1, tmp2))
1940 { 2034 {
1941 char *tmp1_str; 2035 char *tmp1_str;
1942 char *tmp2_str; 2036 char *tmp2_str;
1943 2037
1944 tmp1_str = mpi_to_str(tmp1); 2038 tmp1_str = mpi_to_str (tmp1);
1945 tmp2_str = mpi_to_str(tmp2); 2039 tmp2_str = mpi_to_str (tmp2);
1946 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 2040 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1947 "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n", 2041 "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n",
1948 session->share->my_peer, 2042 session->share->my_peer,
1949 (unsigned int)(info - session->info), 2043 (unsigned int) (info - session->info),
1950 tmp1_str, 2044 tmp1_str,
1951 tmp2_str); 2045 tmp2_str);
1952 GNUNET_free(tmp1_str); 2046 GNUNET_free (tmp1_str);
1953 GNUNET_free(tmp2_str); 2047 GNUNET_free (tmp2_str);
1954 goto cleanup; 2048 goto cleanup;
1955 } 2049 }
1956 2050
1957 2051
1958 gcry_mpi_powm(tmp1, c1, r, elgamal_p); 2052 gcry_mpi_powm (tmp1, c1, r, elgamal_p);
1959 2053
1960 gcry_mpi_powm(tmp2, w, challenge, elgamal_p); 2054 gcry_mpi_powm (tmp2, w, challenge, elgamal_p);
1961 gcry_mpi_mulm(tmp2, tmp2, commit2, elgamal_p); 2055 gcry_mpi_mulm (tmp2, tmp2, commit2, elgamal_p);
1962 2056
1963 2057
1964 if (0 != gcry_mpi_cmp(tmp1, tmp2)) 2058 if (0 != gcry_mpi_cmp (tmp1, tmp2))
1965 { 2059 {
1966 GNUNET_log(GNUNET_ERROR_TYPE_WARNING, 2060 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1967 "P%u: Received invalid partial decryption from P%u (eqn 2)\n", 2061 "P%u: Received invalid partial decryption from P%u (eqn 2)\n",
1968 session->share->my_peer, 2062 session->share->my_peer,
1969 (unsigned int)(info - session->info)); 2063 (unsigned int) (info - session->info));
1970 goto cleanup; 2064 goto cleanup;
1971 } 2065 }
1972 2066
1973 2067
1974 GNUNET_CRYPTO_mpi_scan_unsigned(&info->partial_decryption, &d->partial_decryption, 2068 GNUNET_CRYPTO_mpi_scan_unsigned (&info->partial_decryption,
1975 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 2069 &d->partial_decryption,
2070 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1976cleanup: 2071cleanup:
1977 gcry_mpi_release(tmp1); 2072 gcry_mpi_release (tmp1);
1978 gcry_mpi_release(tmp2); 2073 gcry_mpi_release (tmp2);
1979 gcry_mpi_release(sigma); 2074 gcry_mpi_release (sigma);
1980 gcry_mpi_release(commit1); 2075 gcry_mpi_release (commit1);
1981 gcry_mpi_release(commit2); 2076 gcry_mpi_release (commit2);
1982 gcry_mpi_release(r); 2077 gcry_mpi_release (r);
1983 gcry_mpi_release(w); 2078 gcry_mpi_release (w);
1984 gcry_mpi_release(challenge); 2079 gcry_mpi_release (challenge);
1985 gcry_mpi_release(c1); 2080 gcry_mpi_release (c1);
1986} 2081}
1987 2082
1988 2083
1989static void 2084static void
1990insert_decrypt_element(struct DecryptSession *ds) 2085insert_decrypt_element (struct DecryptSession *ds)
1991{ 2086{
1992 struct GNUNET_SECRETSHARING_DecryptData d; 2087 struct GNUNET_SECRETSHARING_DecryptData d;
1993 struct GNUNET_SET_Element element; 2088 struct GNUNET_SET_Element element;
@@ -2005,100 +2100,113 @@ insert_decrypt_element(struct DecryptSession *ds)
2005 struct GNUNET_HashCode challenge_hash; 2100 struct GNUNET_HashCode challenge_hash;
2006 2101
2007 /* make vagrind happy until we implement the real deal ... */ 2102 /* make vagrind happy until we implement the real deal ... */
2008 memset(&d, 0, sizeof d); 2103 memset (&d, 0, sizeof d);
2009 2104
2010 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n", 2105 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n",
2011 ds->share->my_peer); 2106 ds->share->my_peer);
2012 2107
2013 GNUNET_assert(ds->share->my_peer < ds->share->num_peers); 2108 GNUNET_assert (ds->share->my_peer < ds->share->num_peers);
2014 2109
2015 GNUNET_CRYPTO_mpi_scan_unsigned(&c1, &ds->ciphertext.c1_bits, 2110 GNUNET_CRYPTO_mpi_scan_unsigned (&c1, &ds->ciphertext.c1_bits,
2016 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 2111 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
2017 GNUNET_CRYPTO_mpi_scan_unsigned(&s, &ds->share->my_share, 2112 GNUNET_CRYPTO_mpi_scan_unsigned (&s, &ds->share->my_share,
2018 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 2113 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
2019 GNUNET_CRYPTO_mpi_scan_unsigned(&sigma, &ds->share->sigmas[ds->share->my_peer], 2114 GNUNET_CRYPTO_mpi_scan_unsigned (&sigma,
2020 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8); 2115 &ds->share->sigmas[ds->share->my_peer],
2116 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
2021 2117
2022 GNUNET_assert(NULL != (w = gcry_mpi_new(0))); 2118 GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
2023 GNUNET_assert(NULL != (beta = gcry_mpi_new(0))); 2119 GNUNET_assert (NULL != (beta = gcry_mpi_new (0)));
2024 GNUNET_assert(NULL != (tmp = gcry_mpi_new(0))); 2120 GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
2025 2121
2026 // FIXME: unnecessary, remove once crypto works 2122 // FIXME: unnecessary, remove once crypto works
2027 gcry_mpi_powm(tmp, elgamal_g, s, elgamal_p); 2123 gcry_mpi_powm (tmp, elgamal_g, s, elgamal_p);
2028 if (0 != gcry_mpi_cmp(tmp, sigma)) 2124 if (0 != gcry_mpi_cmp (tmp, sigma))
2029 { 2125 {
2030 char *sigma_str = mpi_to_str(sigma); 2126 char *sigma_str = mpi_to_str (sigma);
2031 char *tmp_str = mpi_to_str(tmp); 2127 char *tmp_str = mpi_to_str (tmp);
2032 char *s_str = mpi_to_str(s); 2128 char *s_str = mpi_to_str (s);
2033 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Share of P%u is invalid, ref sigma %s, " 2129 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2034 "computed sigma %s, s %s\n", 2130 "Share of P%u is invalid, ref sigma %s, "
2035 ds->share->my_peer, 2131 "computed sigma %s, s %s\n",
2036 sigma_str, tmp_str, s_str); 2132 ds->share->my_peer,
2037 GNUNET_free(sigma_str); 2133 sigma_str, tmp_str, s_str);
2038 GNUNET_free(tmp_str); 2134 GNUNET_free (sigma_str);
2039 GNUNET_free(s_str); 2135 GNUNET_free (tmp_str);
2040 } 2136 GNUNET_free (s_str);
2137 }
2041 2138
2042 gcry_mpi_powm(w, c1, s, elgamal_p); 2139 gcry_mpi_powm (w, c1, s, elgamal_p);
2043 2140
2044 element.data = (void *)&d; 2141 element.data = (void *) &d;
2045 element.size = sizeof(struct GNUNET_SECRETSHARING_DecryptData); 2142 element.size = sizeof(struct GNUNET_SECRETSHARING_DecryptData);
2046 element.element_type = 0; 2143 element.element_type = 0;
2047 2144
2048 d.ciphertext = ds->ciphertext; 2145 d.ciphertext = ds->ciphertext;
2049 d.peer = my_peer; 2146 d.peer = my_peer;
2050 GNUNET_CRYPTO_mpi_print_unsigned(&d.partial_decryption, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w); 2147 GNUNET_CRYPTO_mpi_print_unsigned (&d.partial_decryption,
2148 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w);
2051 2149
2052 // create the zero knowledge proof 2150 // create the zero knowledge proof
2053 // randomly choose beta such that 0 < beta < q 2151 // randomly choose beta such that 0 < beta < q
2054 do 2152 do
2055 { 2153 {
2056 gcry_mpi_randomize(beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM); 2154 gcry_mpi_randomize (beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1,
2057 } 2155 GCRY_WEAK_RANDOM);
2058 while ((gcry_mpi_cmp_ui(beta, 0) == 0) || (gcry_mpi_cmp(beta, elgamal_q) >= 0)); 2156 }
2157 while ((gcry_mpi_cmp_ui (beta, 0) == 0) || (gcry_mpi_cmp (beta, elgamal_q) >=
2158 0));
2059 // tmp = g^beta 2159 // tmp = g^beta
2060 gcry_mpi_powm(tmp, elgamal_g, beta, elgamal_p); 2160 gcry_mpi_powm (tmp, elgamal_g, beta, elgamal_p);
2061 GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_commit1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); 2161 GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit1,
2162 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
2062 // tmp = (c_1)^beta 2163 // tmp = (c_1)^beta
2063 gcry_mpi_powm(tmp, c1, beta, elgamal_p); 2164 gcry_mpi_powm (tmp, c1, beta, elgamal_p);
2064 GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_commit2, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); 2165 GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit2,
2166 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
2065 2167
2066 // the challenge is the hash of everything up to the response 2168 // the challenge is the hash of everything up to the response
2067 GNUNET_CRYPTO_hash(offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *)&d, 2169 GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData,
2068 offsetof(struct GNUNET_SECRETSHARING_DecryptData, nizk_response) - 2170 ciphertext) + (char *) &d,
2069 offsetof(struct GNUNET_SECRETSHARING_DecryptData, ciphertext), 2171 offsetof (struct GNUNET_SECRETSHARING_DecryptData,
2070 &challenge_hash); 2172 nizk_response)
2173 - offsetof (struct GNUNET_SECRETSHARING_DecryptData,
2174 ciphertext),
2175 &challenge_hash);
2071 2176
2072 GNUNET_CRYPTO_mpi_scan_unsigned(&challenge, &challenge_hash, 2177 GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash,
2073 sizeof(struct GNUNET_HashCode)); 2178 sizeof(struct GNUNET_HashCode));
2074 2179
2075 // compute the response in tmp, 2180 // compute the response in tmp,
2076 // tmp = (c * s + beta) mod q 2181 // tmp = (c * s + beta) mod q
2077 gcry_mpi_mulm(tmp, challenge, s, elgamal_q); 2182 gcry_mpi_mulm (tmp, challenge, s, elgamal_q);
2078 gcry_mpi_addm(tmp, tmp, beta, elgamal_q); 2183 gcry_mpi_addm (tmp, tmp, beta, elgamal_q);
2079 2184
2080 GNUNET_CRYPTO_mpi_print_unsigned(&d.nizk_response, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp); 2185 GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_response,
2081 2186 GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
2082 d.purpose.size = htonl(element.size - offsetof(struct GNUNET_SECRETSHARING_DecryptData, purpose)); 2187
2083 d.purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); 2188 d.purpose.size = htonl (element.size - offsetof (struct
2084 2189 GNUNET_SECRETSHARING_DecryptData,
2085 GNUNET_assert(GNUNET_OK == 2190 purpose));
2086 GNUNET_CRYPTO_eddsa_sign(my_peer_private_key, 2191 d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION);
2087 &d.purpose, 2192
2088 &d.signature)); 2193 GNUNET_assert (GNUNET_OK ==
2089 2194 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
2090 GNUNET_CONSENSUS_insert(ds->consensus, &element, NULL, NULL); 2195 &d.purpose,
2091 GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, 2196 &d.signature));
2092 "P%u: Inserting decrypt element done!\n", 2197
2093 ds->share->my_peer); 2198 GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL);
2094 2199 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2095 gcry_mpi_release(s); 2200 "P%u: Inserting decrypt element done!\n",
2096 gcry_mpi_release(w); 2201 ds->share->my_peer);
2097 gcry_mpi_release(c1); 2202
2098 gcry_mpi_release(beta); 2203 gcry_mpi_release (s);
2099 gcry_mpi_release(tmp); 2204 gcry_mpi_release (w);
2100 gcry_mpi_release(challenge); 2205 gcry_mpi_release (c1);
2101 gcry_mpi_release(sigma); 2206 gcry_mpi_release (beta);
2207 gcry_mpi_release (tmp);
2208 gcry_mpi_release (challenge);
2209 gcry_mpi_release (sigma);
2102} 2210}
2103 2211
2104 2212
@@ -2110,8 +2218,9 @@ insert_decrypt_element(struct DecryptSession *ds)
2110 * @return #GNUNET_OK (check deferred a bit) 2218 * @return #GNUNET_OK (check deferred a bit)
2111 */ 2219 */
2112static int 2220static int
2113check_client_decrypt(void *cls, 2221check_client_decrypt (void *cls,
2114 const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) 2222 const struct
2223 GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
2115{ 2224{
2116 /* we check later, it's complicated */ 2225 /* we check later, it's complicated */
2117 return GNUNET_OK; 2226 return GNUNET_OK;
@@ -2126,77 +2235,82 @@ check_client_decrypt(void *cls,
2126 * @param msg the actual message 2235 * @param msg the actual message
2127 */ 2236 */
2128static void 2237static void
2129handle_client_decrypt(void *cls, 2238handle_client_decrypt (void *cls,
2130 const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg) 2239 const struct
2240 GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
2131{ 2241{
2132 struct ClientState *cs = cls; 2242 struct ClientState *cs = cls;
2133 struct DecryptSession *ds; 2243 struct DecryptSession *ds;
2134 struct GNUNET_HashCode session_id; 2244 struct GNUNET_HashCode session_id;
2135 2245
2136 if (NULL != cs->decrypt_session) 2246 if (NULL != cs->decrypt_session)
2137 { 2247 {
2138 GNUNET_break(0); 2248 GNUNET_break (0);
2139 GNUNET_SERVICE_client_drop(cs->client); 2249 GNUNET_SERVICE_client_drop (cs->client);
2140 return; 2250 return;
2141 } 2251 }
2142 ds = GNUNET_new(struct DecryptSession); 2252 ds = GNUNET_new (struct DecryptSession);
2143 cs->decrypt_session = ds; 2253 cs->decrypt_session = ds;
2144 ds->cs = cs; 2254 ds->cs = cs;
2145 ds->start = GNUNET_TIME_absolute_ntoh(msg->start); 2255 ds->start = GNUNET_TIME_absolute_ntoh (msg->start);
2146 ds->deadline = GNUNET_TIME_absolute_ntoh(msg->deadline); 2256 ds->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline);
2147 ds->ciphertext = msg->ciphertext; 2257 ds->ciphertext = msg->ciphertext;
2148 2258
2149 ds->share = GNUNET_SECRETSHARING_share_read(&msg[1], 2259 ds->share = GNUNET_SECRETSHARING_share_read (&msg[1],
2150 ntohs(msg->header.size) - sizeof(*msg), 2260 ntohs (msg->header.size)
2151 NULL); 2261 - sizeof(*msg),
2262 NULL);
2152 if (NULL == ds->share) 2263 if (NULL == ds->share)
2153 { 2264 {
2154 GNUNET_break(0); 2265 GNUNET_break (0);
2155 GNUNET_SERVICE_client_drop(cs->client); 2266 GNUNET_SERVICE_client_drop (cs->client);
2156 return; 2267 return;
2157 } 2268 }
2158 2269
2159 /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */ 2270 /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */
2160 GNUNET_CRYPTO_hash(&msg->ciphertext, 2271 GNUNET_CRYPTO_hash (&msg->ciphertext,
2161 sizeof(struct GNUNET_SECRETSHARING_Ciphertext), 2272 sizeof(struct GNUNET_SECRETSHARING_Ciphertext),
2162 &session_id); 2273 &session_id);
2163 ds->consensus = GNUNET_CONSENSUS_create(cfg, 2274 ds->consensus = GNUNET_CONSENSUS_create (cfg,
2164 ds->share->num_peers, 2275 ds->share->num_peers,
2165 ds->share->peers, 2276 ds->share->peers,
2166 &session_id, 2277 &session_id,
2167 ds->start, 2278 ds->start,
2168 ds->deadline, 2279 ds->deadline,
2169 &decrypt_new_element, 2280 &decrypt_new_element,
2170 ds); 2281 ds);
2171 2282
2172 2283
2173 ds->info = GNUNET_new_array(ds->share->num_peers, 2284 ds->info = GNUNET_new_array (ds->share->num_peers,
2174 struct DecryptPeerInfo); 2285 struct DecryptPeerInfo);
2175 for (unsigned int i = 0; i < ds->share->num_peers; i++) 2286 for (unsigned int i = 0; i < ds->share->num_peers; i++)
2176 { 2287 {
2177 ds->info[i].peer = ds->share->peers[i]; 2288 ds->info[i].peer = ds->share->peers[i];
2178 ds->info[i].original_index = ds->share->original_indices[i]; 2289 ds->info[i].original_index = ds->share->original_indices[i];
2179 } 2290 }
2180 insert_decrypt_element(ds); 2291 insert_decrypt_element (ds);
2181 GNUNET_CONSENSUS_conclude(ds->consensus, 2292 GNUNET_CONSENSUS_conclude (ds->consensus,
2182 decrypt_conclude, 2293 decrypt_conclude,
2183 ds); 2294 ds);
2184 GNUNET_SERVICE_client_continue(cs->client); 2295 GNUNET_SERVICE_client_continue (cs->client);
2185 GNUNET_log(GNUNET_ERROR_TYPE_INFO, 2296 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2186 "decrypting with %u peers\n", 2297 "decrypting with %u peers\n",
2187 ds->share->num_peers); 2298 ds->share->num_peers);
2188} 2299}
2189 2300
2190 2301
2191static void 2302static void
2192init_crypto_constants(void) 2303init_crypto_constants (void)
2193{ 2304{
2194 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_q, GCRYMPI_FMT_HEX, 2305 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX,
2195 GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0, NULL)); 2306 GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0,
2196 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_p, GCRYMPI_FMT_HEX, 2307 NULL));
2197 GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0, NULL)); 2308 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX,
2198 GNUNET_assert(0 == gcry_mpi_scan(&elgamal_g, GCRYMPI_FMT_HEX, 2309 GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0,
2199 GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0, NULL)); 2310 NULL));
2311 GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX,
2312 GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0,
2313 NULL));
2200} 2314}
2201 2315
2202 2316
@@ -2208,33 +2322,33 @@ init_crypto_constants(void)
2208 * @param service the initialized service 2322 * @param service the initialized service
2209 */ 2323 */
2210static void 2324static void
2211run(void *cls, 2325run (void *cls,
2212 const struct GNUNET_CONFIGURATION_Handle *c, 2326 const struct GNUNET_CONFIGURATION_Handle *c,
2213 struct GNUNET_SERVICE_Handle *service) 2327 struct GNUNET_SERVICE_Handle *service)
2214{ 2328{
2215 cfg = c; 2329 cfg = c;
2216 my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration(c); 2330 my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (c);
2217 if (NULL == my_peer_private_key) 2331 if (NULL == my_peer_private_key)
2218 { 2332 {
2219 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, 2333 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2220 "could not access host private key\n"); 2334 "could not access host private key\n");
2221 GNUNET_break(0); 2335 GNUNET_break (0);
2222 GNUNET_SCHEDULER_shutdown(); 2336 GNUNET_SCHEDULER_shutdown ();
2223 return; 2337 return;
2224 } 2338 }
2225 init_crypto_constants(); 2339 init_crypto_constants ();
2226 if (GNUNET_OK != 2340 if (GNUNET_OK !=
2227 GNUNET_CRYPTO_get_peer_identity(cfg, 2341 GNUNET_CRYPTO_get_peer_identity (cfg,
2228 &my_peer)) 2342 &my_peer))
2229 { 2343 {
2230 GNUNET_log(GNUNET_ERROR_TYPE_ERROR, 2344 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2231 "could not retrieve host identity\n"); 2345 "could not retrieve host identity\n");
2232 GNUNET_break(0); 2346 GNUNET_break (0);
2233 GNUNET_SCHEDULER_shutdown(); 2347 GNUNET_SCHEDULER_shutdown ();
2234 return; 2348 return;
2235 } 2349 }
2236 GNUNET_SCHEDULER_add_shutdown(&cleanup_task, 2350 GNUNET_SCHEDULER_add_shutdown (&cleanup_task,
2237 NULL); 2351 NULL);
2238} 2352}
2239 2353
2240 2354
@@ -2247,11 +2361,11 @@ run(void *cls,
2247 * @return @a c 2361 * @return @a c
2248 */ 2362 */
2249static void * 2363static void *
2250client_connect_cb(void *cls, 2364client_connect_cb (void *cls,
2251 struct GNUNET_SERVICE_Client *c, 2365 struct GNUNET_SERVICE_Client *c,
2252 struct GNUNET_MQ_Handle *mq) 2366 struct GNUNET_MQ_Handle *mq)
2253{ 2367{
2254 struct ClientState *cs = GNUNET_new(struct ClientState);; 2368 struct ClientState *cs = GNUNET_new (struct ClientState);;
2255 2369
2256 cs->client = c; 2370 cs->client = c;
2257 cs->mq = mq; 2371 cs->mq = mq;
@@ -2267,18 +2381,18 @@ client_connect_cb(void *cls,
2267 * @param internal_cls should be equal to @a c 2381 * @param internal_cls should be equal to @a c
2268 */ 2382 */
2269static void 2383static void
2270client_disconnect_cb(void *cls, 2384client_disconnect_cb (void *cls,
2271 struct GNUNET_SERVICE_Client *c, 2385 struct GNUNET_SERVICE_Client *c,
2272 void *internal_cls) 2386 void *internal_cls)
2273{ 2387{
2274 struct ClientState *cs = internal_cls; 2388 struct ClientState *cs = internal_cls;
2275 2389
2276 if (NULL != cs->keygen_session) 2390 if (NULL != cs->keygen_session)
2277 keygen_session_destroy(cs->keygen_session); 2391 keygen_session_destroy (cs->keygen_session);
2278 2392
2279 if (NULL != cs->decrypt_session) 2393 if (NULL != cs->decrypt_session)
2280 decrypt_session_destroy(cs->decrypt_session); 2394 decrypt_session_destroy (cs->decrypt_session);
2281 GNUNET_free(cs); 2395 GNUNET_free (cs);
2282} 2396}
2283 2397
2284 2398
@@ -2292,12 +2406,12 @@ GNUNET_SERVICE_MAIN
2292 &client_connect_cb, 2406 &client_connect_cb,
2293 &client_disconnect_cb, 2407 &client_disconnect_cb,
2294 NULL, 2408 NULL,
2295 GNUNET_MQ_hd_var_size(client_keygen, 2409 GNUNET_MQ_hd_var_size (client_keygen,
2296 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, 2410 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE,
2297 struct GNUNET_SECRETSHARING_CreateMessage, 2411 struct GNUNET_SECRETSHARING_CreateMessage,
2298 NULL), 2412 NULL),
2299 GNUNET_MQ_hd_var_size(client_decrypt, 2413 GNUNET_MQ_hd_var_size (client_decrypt,
2300 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, 2414 GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT,
2301 struct GNUNET_SECRETSHARING_DecryptRequestMessage, 2415 struct GNUNET_SECRETSHARING_DecryptRequestMessage,
2302 NULL), 2416 NULL),
2303 GNUNET_MQ_handler_end()); 2417 GNUNET_MQ_handler_end ());
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 11:43:08 +0000