1 files changed, 0 insertions, 518 deletions
diff --git a/src/secretsharing/secretsharing_api.c b/src/secretsharing/secretsharing_api.c
deleted file mode 100644
index 98f800c95..000000000
--- a/src/secretsharing/secretsharing_api.c
+++ /dev/null
@@ -1,518 +0,0 @@
-/*
-     This file is part of GNUnet.
-     Copyright (C) 2012, 2016 GNUnet e.V.
-     GNUnet is free software: you can redistribute it and/or modify it
-     under the terms of the GNU Affero General Public License as published
-     by the Free Software Foundation, either version 3 of the License,
-     or (at your option) any later version.
-     GNUnet is distributed in the hope that it will be useful, but
-     WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-     Affero General Public License for more details.
-     You should have received a copy of the GNU Affero General Public License
-     along with this program.  If not, see <http://www.gnu.org/licenses/>.
-     SPDX-License-Identifier: AGPL3.0-or-later
- */
-/**
- * @file secretsharing/secretsharing_api.c
- * @brief
- * @author Florian Dold
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_secretsharing_service.h"
-#include "secretsharing.h"
-#include <gcrypt.h>
-#define LOG(kind, ...) GNUNET_log_from (kind, "secretsharing-api", __VA_ARGS__)
-/**
- * Session that will eventually establish a shared secred between
- * the involved peers and allow encryption and cooperative decryption.
- */
-struct GNUNET_SECRETSHARING_Session
-{
-  /**
-   * Message queue for @e client.
-   */
-  struct GNUNET_MQ_Handle *mq;
-  /**
-   * Called when the secret sharing is done.
-   */
-  GNUNET_SECRETSHARING_SecretReadyCallback secret_ready_cb;
-  /**
-   * Closure for @e secret_ready_cb.
-   */
-  void *secret_ready_cls;
-};
-/**
- * Handle to cancel a cooperative decryption operation.
- */
-struct GNUNET_SECRETSHARING_DecryptionHandle
-{
-  /**
-   * Message queue for @e client.
-   */
-  struct GNUNET_MQ_Handle *mq;
-  /**
-   * Called when the secret sharing is done.
-   */
-  GNUNET_SECRETSHARING_DecryptCallback decrypt_cb;
-  /**
-   * Closure for @e decrypt_cb.
-   */
-  void *decrypt_cls;
-};
-/**
- * The ElGamal prime field order as libgcrypt mpi.
- * Initialized in #init_crypto_constants.
- */
-static gcry_mpi_t elgamal_q;
-/**
- * Modulus of the prime field used for ElGamal.
- * Initialized in #init_crypto_constants.
- */
-static gcry_mpi_t elgamal_p;
-/**
- * Generator for prime field of order 'elgamal_q'.
- * Initialized in #init_crypto_constants.
- */
-static gcry_mpi_t elgamal_g;
-/**
- * Function to initialize #elgamal_q, #elgamal_p and #elgamal_g.
- */
-static void
-ensure_elgamal_initialized (void)
-{
-  if (NULL != elgamal_q)
-    return; /* looks like crypto is already initialized */
-  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX,
-                                     GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0,
-                                     NULL));
-  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX,
-                                     GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0,
-                                     NULL));
-  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX,
-                                     GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0,
-                                     NULL));
-}
-/**
- * Callback invoked when there is an error communicating with
- * the service.  Notifies the application about the error.
- *
- * @param cls the `struct GNUNET_SECRETSHARING_Session`
- * @param error error code
- */
-static void
-handle_session_client_error (void *cls,
-                             enum GNUNET_MQ_Error error)
-{
-  struct GNUNET_SECRETSHARING_Session *s = cls;
-  s->secret_ready_cb (s->secret_ready_cls, NULL, NULL, 0, NULL);
-  GNUNET_SECRETSHARING_session_destroy (s);
-}
-/**
- * Callback invoked when there is an error communicating with
- * the service.  Notifies the application about the error.
- *
- * @param cls the `struct GNUNET_SECRETSHARING_DecryptionHandle`
- * @param error error code
- */
-static void
-handle_decrypt_client_error (void *cls,
-                             enum GNUNET_MQ_Error error)
-{
-  struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls;
-  dh->decrypt_cb (dh->decrypt_cls, NULL);
-  GNUNET_SECRETSHARING_decrypt_cancel (dh);
-}
-/**
- * Handler invoked with the final result message from
- * secret sharing.  Decodes the message and passes the
- * result to the application.
- *
- * @param cls the `struct GNUNET_SECRETSHARING_Session`
- * @param m message with the result
- */
-static int
-check_secret_ready (void *cls,
-                    const struct GNUNET_SECRETSHARING_SecretReadyMessage *m)
-{
-  /* FIXME: actually check m is well-formed here! */
-  return GNUNET_OK;
-}
-/**
- * Handler invoked with the final result message from
- * secret sharing.  Decodes the message and passes the
- * result to the application.
- *
- * @param cls the `struct GNUNET_SECRETSHARING_Session`
- * @param m message with the result
- */
-static void
-handle_secret_ready (void *cls,
-                     const struct GNUNET_SECRETSHARING_SecretReadyMessage *m)
-{
-  struct GNUNET_SECRETSHARING_Session *s = cls;
-  struct GNUNET_SECRETSHARING_Share *share;
-  size_t share_size;
-  LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Got secret ready message of size %u\n",
-       ntohs (m->header.size));
-  share_size = ntohs (m->header.size) - sizeof(struct
-                                               GNUNET_SECRETSHARING_SecretReadyMessage);
-  share = GNUNET_SECRETSHARING_share_read (&m[1],
-                                           share_size,
-                                           NULL);
-  GNUNET_assert (NULL != share);  // FIXME: this can fail!
-  // should have been checked in #check_secret_ready!
-  // FIXME: below we never check &m[1] is valid!
-  // FIXME: do we leak 'share' here?
-  s->secret_ready_cb (s->secret_ready_cls,
-                      share, /* FIXME */
-                      &share->public_key,
-                      share->num_peers,
-                      (const struct GNUNET_PeerIdentity *) &m[1]);
-  GNUNET_SECRETSHARING_session_destroy (s);
-}
-/**
- * Destroy a secret sharing session.
- * The secret ready callback will not be called.
- *
- * @param s session to destroy
- */
-void
-GNUNET_SECRETSHARING_session_destroy (struct GNUNET_SECRETSHARING_Session *s)
-{
-  GNUNET_MQ_destroy (s->mq);
-  s->mq = NULL;
-  GNUNET_free (s);
-}
-/**
- * Create a session that will eventually establish a shared secret
- * with the other peers.
- *
- * @param cfg configuration to use
- * @param num_peers number of peers in @a peers
- * @param peers array of peers that we will share secrets with, can optionally contain the local peer
- * @param session_id unique session id
- * @param start When should all peers be available for sharing the secret?
- *              Random number generation can take place before the start time.
- * @param deadline point in time where the session must be established; taken as hint
- *                 by underlying consensus sessions
- * @param threshold minimum number of peers that must cooperate to decrypt a value
- * @param cb called when the secret has been established
- * @param cls closure for @a cb
- */
-struct GNUNET_SECRETSHARING_Session *
-GNUNET_SECRETSHARING_create_session (const struct
-                                     GNUNET_CONFIGURATION_Handle *cfg,
-                                     unsigned int num_peers,
-                                     const struct GNUNET_PeerIdentity *peers,
-                                     const struct GNUNET_HashCode *session_id,
-                                     struct GNUNET_TIME_Absolute start,
-                                     struct GNUNET_TIME_Absolute deadline,
-                                     unsigned int threshold,
-                                     GNUNET_SECRETSHARING_SecretReadyCallback cb,
-                                     void *cls)
-{
-  struct GNUNET_SECRETSHARING_Session *s
-    = GNUNET_new (struct GNUNET_SECRETSHARING_Session);
-  struct GNUNET_MQ_MessageHandler mq_handlers[] = {
-    GNUNET_MQ_hd_var_size (secret_ready,
-                           GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY,
-                           struct GNUNET_SECRETSHARING_SecretReadyMessage,
-                           s),
-    GNUNET_MQ_handler_end ()
-  };
-  struct GNUNET_MQ_Envelope *ev;
-  struct GNUNET_SECRETSHARING_CreateMessage *msg;
-  s->mq = GNUNET_CLIENT_connect (cfg,
-                                 "secretsharing",
-                                 mq_handlers,
-                                 &handle_session_client_error,
-                                 s);
-  if (NULL == s->mq)
-  {
-    /* secretsharing not configured correctly */
-    GNUNET_break (0);
-    GNUNET_free (s);
-    return NULL;
-  }
-  s->secret_ready_cb = cb;
-  s->secret_ready_cls = cls;
-  ev = GNUNET_MQ_msg_extra (msg,
-                            num_peers * sizeof(struct GNUNET_PeerIdentity),
-                            GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE);
-  msg->threshold = htons (threshold);
-  msg->num_peers = htons (num_peers);
-  msg->session_id = *session_id;
-  msg->start = GNUNET_TIME_absolute_hton (start);
-  msg->deadline = GNUNET_TIME_absolute_hton (deadline);
-  GNUNET_memcpy (&msg[1], peers, num_peers * sizeof(struct
-                                                    GNUNET_PeerIdentity));
-  GNUNET_MQ_send (s->mq, ev);
-  LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Secretsharing session created with %u peers\n",
-       num_peers);
-  return s;
-}
-static void
-handle_decrypt_done (void *cls,
-                     const struct
-                     GNUNET_SECRETSHARING_DecryptResponseMessage *m)
-{
-  struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls;
-  const struct GNUNET_SECRETSHARING_Plaintext *plaintext;
-  if (m->success == 0)
-    plaintext = NULL;
-  else
-    plaintext = (void *) &m->plaintext;
-  dh->decrypt_cb (dh->decrypt_cls, plaintext);
-  GNUNET_SECRETSHARING_decrypt_cancel (dh);
-}
-/**
- * Publish the given ciphertext for decryption.  Once a sufficient (>=k) number of peers has
- * published the same value, it will be decrypted.
- *
- * When the operation is canceled, the decrypt_cb is not called anymore, but the calling
- * peer may already have irrevocably contributed its share for the decryption of the value.
- *
- * @param share our secret share to use for decryption
- * @param ciphertext ciphertext to publish in order to decrypt it (if enough peers agree)
- * @param decrypt_cb callback called once the decryption succeeded
- * @param decrypt_cb_cls closure for @a decrypt_cb
- * @return handle to cancel the operation
- */
-struct GNUNET_SECRETSHARING_DecryptionHandle *
-GNUNET_SECRETSHARING_decrypt (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                              struct GNUNET_SECRETSHARING_Share *share,
-                              const struct
-                              GNUNET_SECRETSHARING_Ciphertext *ciphertext,
-                              struct GNUNET_TIME_Absolute start,
-                              struct GNUNET_TIME_Absolute deadline,
-                              GNUNET_SECRETSHARING_DecryptCallback decrypt_cb,
-                              void *decrypt_cb_cls)
-{
-  struct GNUNET_SECRETSHARING_DecryptionHandle *s
-    = GNUNET_new (struct GNUNET_SECRETSHARING_DecryptionHandle);
-  struct GNUNET_MQ_MessageHandler mq_handlers[] = {
-    GNUNET_MQ_hd_fixed_size (decrypt_done,
-                             GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE,
-                             struct GNUNET_SECRETSHARING_DecryptResponseMessage,
-                             s),
-    GNUNET_MQ_handler_end ()
-  };
-  struct GNUNET_MQ_Envelope *ev;
-  struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg;
-  size_t share_size;
-  s->decrypt_cb = decrypt_cb;
-  s->decrypt_cls = decrypt_cb_cls;
-  s->mq = GNUNET_CLIENT_connect (cfg,
-                                 "secretsharing",
-                                 mq_handlers,
-                                 &handle_decrypt_client_error,
-                                 s);
-  if (NULL == s->mq)
-  {
-    GNUNET_free (s);
-    return NULL;
-  }
-  GNUNET_assert (GNUNET_OK ==
-                 GNUNET_SECRETSHARING_share_write (share, NULL, 0,
-                                                   &share_size));
-  ev = GNUNET_MQ_msg_extra (msg,
-                            share_size,
-                            GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT);
-  GNUNET_assert (GNUNET_OK ==
-                 GNUNET_SECRETSHARING_share_write (share,
-                                                   &msg[1],
-                                                   share_size,
-                                                   NULL));
-  msg->start = GNUNET_TIME_absolute_hton (start);
-  msg->deadline = GNUNET_TIME_absolute_hton (deadline);
-  msg->ciphertext = *ciphertext;
-  GNUNET_MQ_send (s->mq, ev);
-  LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "decrypt session created\n");
-  return s;
-}
-int
-GNUNET_SECRETSHARING_plaintext_generate_i (struct
-                                           GNUNET_SECRETSHARING_Plaintext *
-                                           plaintext,
-                                           int64_t exponent)
-{
-  int negative;
-  gcry_mpi_t x;
-  ensure_elgamal_initialized ();
-  GNUNET_assert (NULL != (x = gcry_mpi_new (0)));
-  negative = GNUNET_NO;
-  if (exponent < 0)
-  {
-    negative = GNUNET_YES;
-    exponent = -exponent;
-  }
-  gcry_mpi_set_ui (x, exponent);
-  gcry_mpi_powm (x, elgamal_g, x, elgamal_p);
-  if (GNUNET_YES == negative)
-  {
-    int res;
-    res = gcry_mpi_invm (x, x, elgamal_p);
-    if (0 == res)
-      return GNUNET_SYSERR;
-  }
-  GNUNET_CRYPTO_mpi_print_unsigned (plaintext,
-                                    sizeof(struct
-                                           GNUNET_SECRETSHARING_Plaintext),
-                                    x);
-  return GNUNET_OK;
-}
-/**
- * Encrypt a value.  This operation is executed locally, no communication is
- * necessary.
- *
- * This is a helper function, encryption can be done solely with a session's public key
- * and the crypto system parameters.
- *
- * @param public_key public key to use for decryption
- * @param message message to encrypt
- * @param message_size number of bytes in @a message
- * @param result_ciphertext pointer to store the resulting ciphertext
- * @return #GNUNET_YES on success, #GNUNET_SYSERR if the message is invalid (invalid range)
- */
-int
-GNUNET_SECRETSHARING_encrypt (const struct
-                              GNUNET_SECRETSHARING_PublicKey *public_key,
-                              const struct
-                              GNUNET_SECRETSHARING_Plaintext *plaintext,
-                              struct GNUNET_SECRETSHARING_Ciphertext *
-                              result_ciphertext)
-{
-  /* pubkey */
-  gcry_mpi_t h;
-  /* nonce */
-  gcry_mpi_t y;
-  /* plaintext message */
-  gcry_mpi_t m;
-  /* temp value */
-  gcry_mpi_t tmp;
-  ensure_elgamal_initialized ();
-  GNUNET_assert (NULL != (h = gcry_mpi_new (0)));
-  GNUNET_assert (NULL != (y = gcry_mpi_new (0)));
-  GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
-  GNUNET_CRYPTO_mpi_scan_unsigned (&h, public_key, sizeof *public_key);
-  GNUNET_CRYPTO_mpi_scan_unsigned (&m, plaintext, sizeof *plaintext);
-  // Randomize y such that 0 < y < elgamal_q.
-  // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
-  do
-  {
-    gcry_mpi_randomize (y, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1,
-                        GCRY_WEAK_RANDOM);
-  }
-  while ((gcry_mpi_cmp_ui (y, 0) == 0) || (gcry_mpi_cmp (y, elgamal_q) >= 0));
-  // tmp <- g^y
-  gcry_mpi_powm (tmp, elgamal_g, y, elgamal_p);
-  // write tmp to c1
-  GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c1_bits,
-                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
-  // tmp <- h^y
-  gcry_mpi_powm (tmp, h, y, elgamal_p);
-  // tmp <- tmp * m
-  gcry_mpi_mulm (tmp, tmp, m, elgamal_p);
-  // write tmp to c2
-  GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c2_bits,
-                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
-  return GNUNET_OK;
-}
-/**
- * Cancel a decryption.
- *
- * The decrypt_cb is not called anymore, but the calling
- * peer may already have irrevocably contributed its share for the decryption of the value.
- *
- * @param dh to cancel
- */
-void
-GNUNET_SECRETSHARING_decrypt_cancel (struct
-                                     GNUNET_SECRETSHARING_DecryptionHandle *dh)
-{
-  GNUNET_MQ_destroy (dh->mq);
-  dh->mq = NULL;
-  GNUNET_free (dh);
-}
-/* end of secretsharing_api.c */

diff --git a/src/secretsharing/secretsharing_api.c b/src/secretsharing/secretsharing_api.c deleted file mode 100644 index 98f800c95..000000000 --- a/src/secretsharing/secretsharing_api.c +++ /dev/null
@@ -1,518 +0,0 @@
1	/*
2	This file is part of GNUnet.
3	Copyright (C) 2012, 2016 GNUnet e.V.
4
5	GNUnet is free software: you can redistribute it and/or modify it
6	under the terms of the GNU Affero General Public License as published
7	by the Free Software Foundation, either version 3 of the License,
8	or (at your option) any later version.
9
10	GNUnet is distributed in the hope that it will be useful, but
11	WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13	Affero General Public License for more details.
14
15	You should have received a copy of the GNU Affero General Public License
16	along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	SPDX-License-Identifier: AGPL3.0-or-later
19	*/
20
21	/**
22	* @file secretsharing/secretsharing_api.c
23	* @brief
24	* @author Florian Dold
25	*/
26	#include "platform.h"
27	#include "gnunet_util_lib.h"
28	#include "gnunet_secretsharing_service.h"
29	#include "secretsharing.h"
30	#include <gcrypt.h>
31
32
33	#define LOG(kind, ...) GNUNET_log_from (kind, "secretsharing-api", __VA_ARGS__)
34
35	/**
36	* Session that will eventually establish a shared secred between
37	* the involved peers and allow encryption and cooperative decryption.
38	*/
39	struct GNUNET_SECRETSHARING_Session
40	{
41	/**
42	* Message queue for @e client.
43	*/
44	struct GNUNET_MQ_Handle *mq;
45
46	/**
47	* Called when the secret sharing is done.
48	*/
49	GNUNET_SECRETSHARING_SecretReadyCallback secret_ready_cb;
50
51	/**
52	* Closure for @e secret_ready_cb.
53	*/
54	void *secret_ready_cls;
55	};
56
57
58	/**
59	* Handle to cancel a cooperative decryption operation.
60	*/
61	struct GNUNET_SECRETSHARING_DecryptionHandle
62	{
63	/**
64	* Message queue for @e client.
65	*/
66	struct GNUNET_MQ_Handle *mq;
67
68	/**
69	* Called when the secret sharing is done.
70	*/
71	GNUNET_SECRETSHARING_DecryptCallback decrypt_cb;
72
73	/**
74	* Closure for @e decrypt_cb.
75	*/
76	void *decrypt_cls;
77	};
78
79
80	/**
81	* The ElGamal prime field order as libgcrypt mpi.
82	* Initialized in #init_crypto_constants.
83	*/
84	static gcry_mpi_t elgamal_q;
85
86	/**
87	* Modulus of the prime field used for ElGamal.
88	* Initialized in #init_crypto_constants.
89	*/
90	static gcry_mpi_t elgamal_p;
91
92	/**
93	* Generator for prime field of order 'elgamal_q'.
94	* Initialized in #init_crypto_constants.
95	*/
96	static gcry_mpi_t elgamal_g;
97
98
99	/**
100	* Function to initialize #elgamal_q, #elgamal_p and #elgamal_g.
101	*/
102	static void
103	ensure_elgamal_initialized (void)
104	{
105	if (NULL != elgamal_q)
106	return; /* looks like crypto is already initialized */
107
108	GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX,
109	GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0,
110	NULL));
111	GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX,
112	GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0,
113	NULL));
114	GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX,
115	GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0,
116	NULL));
117	}
118
119
120	/**
121	* Callback invoked when there is an error communicating with
122	* the service. Notifies the application about the error.
123	*
124	* @param cls the `struct GNUNET_SECRETSHARING_Session`
125	* @param error error code
126	*/
127	static void
128	handle_session_client_error (void *cls,
129	enum GNUNET_MQ_Error error)
130	{
131	struct GNUNET_SECRETSHARING_Session *s = cls;
132
133	s->secret_ready_cb (s->secret_ready_cls, NULL, NULL, 0, NULL);
134	GNUNET_SECRETSHARING_session_destroy (s);
135	}
136
137
138	/**
139	* Callback invoked when there is an error communicating with
140	* the service. Notifies the application about the error.
141	*
142	* @param cls the `struct GNUNET_SECRETSHARING_DecryptionHandle`
143	* @param error error code
144	*/
145	static void
146	handle_decrypt_client_error (void *cls,
147	enum GNUNET_MQ_Error error)
148	{
149	struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls;
150
151	dh->decrypt_cb (dh->decrypt_cls, NULL);
152	GNUNET_SECRETSHARING_decrypt_cancel (dh);
153	}
154
155
156	/**
157	* Handler invoked with the final result message from
158	* secret sharing. Decodes the message and passes the
159	* result to the application.
160	*
161	* @param cls the `struct GNUNET_SECRETSHARING_Session`
162	* @param m message with the result
163	*/
164	static int
165	check_secret_ready (void *cls,
166	const struct GNUNET_SECRETSHARING_SecretReadyMessage *m)
167	{
168	/* FIXME: actually check m is well-formed here! */
169	return GNUNET_OK;
170	}
171
172
173	/**
174	* Handler invoked with the final result message from
175	* secret sharing. Decodes the message and passes the
176	* result to the application.
177	*
178	* @param cls the `struct GNUNET_SECRETSHARING_Session`
179	* @param m message with the result
180	*/
181	static void
182	handle_secret_ready (void *cls,
183	const struct GNUNET_SECRETSHARING_SecretReadyMessage *m)
184	{
185	struct GNUNET_SECRETSHARING_Session *s = cls;
186	struct GNUNET_SECRETSHARING_Share *share;
187	size_t share_size;
188
189	LOG (GNUNET_ERROR_TYPE_DEBUG,
190	"Got secret ready message of size %u\n",
191	ntohs (m->header.size));
192	share_size = ntohs (m->header.size) - sizeof(struct
193	GNUNET_SECRETSHARING_SecretReadyMessage);
194
195	share = GNUNET_SECRETSHARING_share_read (&m[1],
196	share_size,
197	NULL);
198	GNUNET_assert (NULL != share); // FIXME: this can fail!
199	// should have been checked in #check_secret_ready!
200	// FIXME: below we never check &m[1] is valid!
201	// FIXME: do we leak 'share' here?
202	s->secret_ready_cb (s->secret_ready_cls,
203	share, /* FIXME */
204	&share->public_key,
205	share->num_peers,
206	(const struct GNUNET_PeerIdentity *) &m[1]);
207
208	GNUNET_SECRETSHARING_session_destroy (s);
209	}
210
211
212	/**
213	* Destroy a secret sharing session.
214	* The secret ready callback will not be called.
215	*
216	* @param s session to destroy
217	*/
218	void
219	GNUNET_SECRETSHARING_session_destroy (struct GNUNET_SECRETSHARING_Session *s)
220	{
221	GNUNET_MQ_destroy (s->mq);
222	s->mq = NULL;
223	GNUNET_free (s);
224	}
225
226
227	/**
228	* Create a session that will eventually establish a shared secret
229	* with the other peers.
230	*
231	* @param cfg configuration to use
232	* @param num_peers number of peers in @a peers
233	* @param peers array of peers that we will share secrets with, can optionally contain the local peer
234	* @param session_id unique session id
235	* @param start When should all peers be available for sharing the secret?
236	* Random number generation can take place before the start time.
237	* @param deadline point in time where the session must be established; taken as hint
238	* by underlying consensus sessions
239	* @param threshold minimum number of peers that must cooperate to decrypt a value
240	* @param cb called when the secret has been established
241	* @param cls closure for @a cb
242	*/
243	struct GNUNET_SECRETSHARING_Session *
244	GNUNET_SECRETSHARING_create_session (const struct
245	GNUNET_CONFIGURATION_Handle *cfg,
246	unsigned int num_peers,
247	const struct GNUNET_PeerIdentity *peers,
248	const struct GNUNET_HashCode *session_id,
249	struct GNUNET_TIME_Absolute start,
250	struct GNUNET_TIME_Absolute deadline,
251	unsigned int threshold,
252	GNUNET_SECRETSHARING_SecretReadyCallback cb,
253	void *cls)
254	{
255	struct GNUNET_SECRETSHARING_Session *s
256	= GNUNET_new (struct GNUNET_SECRETSHARING_Session);
257	struct GNUNET_MQ_MessageHandler mq_handlers[] = {
258	GNUNET_MQ_hd_var_size (secret_ready,
259	GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY,
260	struct GNUNET_SECRETSHARING_SecretReadyMessage,
261	s),
262	GNUNET_MQ_handler_end ()
263	};
264	struct GNUNET_MQ_Envelope *ev;
265	struct GNUNET_SECRETSHARING_CreateMessage *msg;
266
267	s->mq = GNUNET_CLIENT_connect (cfg,
268	"secretsharing",
269	mq_handlers,
270	&handle_session_client_error,
271	s);
272	if (NULL == s->mq)
273	{
274	/* secretsharing not configured correctly */
275	GNUNET_break (0);
276	GNUNET_free (s);
277	return NULL;
278	}
279	s->secret_ready_cb = cb;
280	s->secret_ready_cls = cls;
281	ev = GNUNET_MQ_msg_extra (msg,
282	num_peers * sizeof(struct GNUNET_PeerIdentity),
283	GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE);
284
285	msg->threshold = htons (threshold);
286	msg->num_peers = htons (num_peers);
287	msg->session_id = *session_id;
288	msg->start = GNUNET_TIME_absolute_hton (start);
289	msg->deadline = GNUNET_TIME_absolute_hton (deadline);
290	GNUNET_memcpy (&msg[1], peers, num_peers * sizeof(struct
291	GNUNET_PeerIdentity));
292
293	GNUNET_MQ_send (s->mq, ev);
294
295	LOG (GNUNET_ERROR_TYPE_DEBUG,
296	"Secretsharing session created with %u peers\n",
297	num_peers);
298	return s;
299	}
300
301
302	static void
303	handle_decrypt_done (void *cls,
304	const struct
305	GNUNET_SECRETSHARING_DecryptResponseMessage *m)
306	{
307	struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls;
308	const struct GNUNET_SECRETSHARING_Plaintext *plaintext;
309
310	if (m->success == 0)
311	plaintext = NULL;
312	else
313	plaintext = (void *) &m->plaintext;
314	dh->decrypt_cb (dh->decrypt_cls, plaintext);
315	GNUNET_SECRETSHARING_decrypt_cancel (dh);
316	}
317
318
319	/**
320	* Publish the given ciphertext for decryption. Once a sufficient (>=k) number of peers has
321	* published the same value, it will be decrypted.
322	*
323	* When the operation is canceled, the decrypt_cb is not called anymore, but the calling
324	* peer may already have irrevocably contributed its share for the decryption of the value.
325	*
326	* @param share our secret share to use for decryption
327	* @param ciphertext ciphertext to publish in order to decrypt it (if enough peers agree)
328	* @param decrypt_cb callback called once the decryption succeeded
329	* @param decrypt_cb_cls closure for @a decrypt_cb
330	* @return handle to cancel the operation
331	*/
332	struct GNUNET_SECRETSHARING_DecryptionHandle *
333	GNUNET_SECRETSHARING_decrypt (const struct GNUNET_CONFIGURATION_Handle *cfg,
334	struct GNUNET_SECRETSHARING_Share *share,
335	const struct
336	GNUNET_SECRETSHARING_Ciphertext *ciphertext,
337	struct GNUNET_TIME_Absolute start,
338	struct GNUNET_TIME_Absolute deadline,
339	GNUNET_SECRETSHARING_DecryptCallback decrypt_cb,
340	void *decrypt_cb_cls)
341	{
342	struct GNUNET_SECRETSHARING_DecryptionHandle *s
343	= GNUNET_new (struct GNUNET_SECRETSHARING_DecryptionHandle);
344	struct GNUNET_MQ_MessageHandler mq_handlers[] = {
345	GNUNET_MQ_hd_fixed_size (decrypt_done,
346	GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE,
347	struct GNUNET_SECRETSHARING_DecryptResponseMessage,
348	s),
349	GNUNET_MQ_handler_end ()
350	};
351	struct GNUNET_MQ_Envelope *ev;
352	struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg;
353	size_t share_size;
354
355	s->decrypt_cb = decrypt_cb;
356	s->decrypt_cls = decrypt_cb_cls;
357	s->mq = GNUNET_CLIENT_connect (cfg,
358	"secretsharing",
359	mq_handlers,
360	&handle_decrypt_client_error,
361	s);
362	if (NULL == s->mq)
363	{
364	GNUNET_free (s);
365	return NULL;
366	}
367	GNUNET_assert (GNUNET_OK ==
368	GNUNET_SECRETSHARING_share_write (share, NULL, 0,
369	&share_size));
370
371	ev = GNUNET_MQ_msg_extra (msg,
372	share_size,
373	GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT);
374
375	GNUNET_assert (GNUNET_OK ==
376	GNUNET_SECRETSHARING_share_write (share,
377	&msg[1],
378	share_size,
379	NULL));
380
381	msg->start = GNUNET_TIME_absolute_hton (start);
382	msg->deadline = GNUNET_TIME_absolute_hton (deadline);
383	msg->ciphertext = *ciphertext;
384
385	GNUNET_MQ_send (s->mq, ev);
386
387	LOG (GNUNET_ERROR_TYPE_DEBUG,
388	"decrypt session created\n");
389	return s;
390	}
391
392
393	int
394	GNUNET_SECRETSHARING_plaintext_generate_i (struct
395	GNUNET_SECRETSHARING_Plaintext *
396	plaintext,
397	int64_t exponent)
398	{
399	int negative;
400	gcry_mpi_t x;
401
402	ensure_elgamal_initialized ();
403
404	GNUNET_assert (NULL != (x = gcry_mpi_new (0)));
405
406	negative = GNUNET_NO;
407	if (exponent < 0)
408	{
409	negative = GNUNET_YES;
410	exponent = -exponent;
411	}
412
413	gcry_mpi_set_ui (x, exponent);
414
415	gcry_mpi_powm (x, elgamal_g, x, elgamal_p);
416
417	if (GNUNET_YES == negative)
418	{
419	int res;
420	res = gcry_mpi_invm (x, x, elgamal_p);
421	if (0 == res)
422	return GNUNET_SYSERR;
423	}
424
425	GNUNET_CRYPTO_mpi_print_unsigned (plaintext,
426	sizeof(struct
427	GNUNET_SECRETSHARING_Plaintext),
428	x);
429
430	return GNUNET_OK;
431	}
432
433
434	/**
435	* Encrypt a value. This operation is executed locally, no communication is
436	* necessary.
437	*
438	* This is a helper function, encryption can be done solely with a session's public key
439	* and the crypto system parameters.
440	*
441	* @param public_key public key to use for decryption
442	* @param message message to encrypt
443	* @param message_size number of bytes in @a message
444	* @param result_ciphertext pointer to store the resulting ciphertext
445	* @return #GNUNET_YES on success, #GNUNET_SYSERR if the message is invalid (invalid range)
446	*/
447	int
448	GNUNET_SECRETSHARING_encrypt (const struct
449	GNUNET_SECRETSHARING_PublicKey *public_key,
450	const struct
451	GNUNET_SECRETSHARING_Plaintext *plaintext,
452	struct GNUNET_SECRETSHARING_Ciphertext *
453	result_ciphertext)
454	{
455	/* pubkey */
456	gcry_mpi_t h;
457	/* nonce */
458	gcry_mpi_t y;
459	/* plaintext message */
460	gcry_mpi_t m;
461	/* temp value */
462	gcry_mpi_t tmp;
463
464	ensure_elgamal_initialized ();
465
466	GNUNET_assert (NULL != (h = gcry_mpi_new (0)));
467	GNUNET_assert (NULL != (y = gcry_mpi_new (0)));
468	GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
469
470	GNUNET_CRYPTO_mpi_scan_unsigned (&h, public_key, sizeof *public_key);
471	GNUNET_CRYPTO_mpi_scan_unsigned (&m, plaintext, sizeof *plaintext);
472
473	// Randomize y such that 0 < y < elgamal_q.
474	// The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
475	do
476	{
477	gcry_mpi_randomize (y, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1,
478	GCRY_WEAK_RANDOM);
479	}
480	while ((gcry_mpi_cmp_ui (y, 0) == 0) \|\| (gcry_mpi_cmp (y, elgamal_q) >= 0));
481
482	// tmp <- g^y
483	gcry_mpi_powm (tmp, elgamal_g, y, elgamal_p);
484	// write tmp to c1
485	GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c1_bits,
486	GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
487
488	// tmp <- h^y
489	gcry_mpi_powm (tmp, h, y, elgamal_p);
490	// tmp <- tmp * m
491	gcry_mpi_mulm (tmp, tmp, m, elgamal_p);
492	// write tmp to c2
493	GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c2_bits,
494	GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
495
496	return GNUNET_OK;
497	}
498
499
500	/**
501	* Cancel a decryption.
502	*
503	* The decrypt_cb is not called anymore, but the calling
504	* peer may already have irrevocably contributed its share for the decryption of the value.
505	*
506	* @param dh to cancel
507	*/
508	void
509	GNUNET_SECRETSHARING_decrypt_cancel (struct
510	GNUNET_SECRETSHARING_DecryptionHandle *dh)
511	{
512	GNUNET_MQ_destroy (dh->mq);
513	dh->mq = NULL;
514	GNUNET_free (dh);
515	}
516
517
518	/* end of secretsharing_api.c */