diff options
author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-09-08 19:17:15 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-09-08 19:17:15 +0200 |
commit | 14546eccb205aa844657d2c350c83f6be1289b67 (patch) | |
tree | 8d081850e2ca5dd44b1e03d7ed39a61c487c9725 /crypto.c | |
parent | f294cd3a85c084490a10ae6ac9c1dab4c60a7678 (diff) | |
download | libbrandt-14546eccb205aa844657d2c350c83f6be1289b67.tar.gz libbrandt-14546eccb205aa844657d2c350c83f6be1289b67.zip |
test_brandt nearly done
Diffstat (limited to 'crypto.c')
-rw-r--r-- | crypto.c | 203 |
1 files changed, 161 insertions, 42 deletions
@@ -455,18 +455,11 @@ gcry_mpi_point_t ** | |||
455 | smc_init2 (uint16_t size1, uint16_t size2) | 455 | smc_init2 (uint16_t size1, uint16_t size2) |
456 | { | 456 | { |
457 | gcry_mpi_point_t **ret; | 457 | gcry_mpi_point_t **ret; |
458 | gcry_mpi_point_t *data; | ||
459 | 458 | ||
460 | if (NULL == (ret = calloc (size1, sizeof (*ret) + size2 * sizeof (**ret)))) | 459 | ret = GNUNET_new_array_2d (size1, size2, gcry_mpi_point_t); |
461 | { | ||
462 | weprintf ("could not alloc memory for 2 dimensional point array"); | ||
463 | return NULL; | ||
464 | } | ||
465 | 460 | ||
466 | data = (gcry_mpi_point_t *)&ret[size1]; | ||
467 | for (uint16_t i = 0; i < size1; i++) | 461 | for (uint16_t i = 0; i < size1; i++) |
468 | { | 462 | { |
469 | ret[i] = &data[i * size2]; | ||
470 | for (uint16_t j = 0; j < size2; j++) | 463 | for (uint16_t j = 0; j < size2; j++) |
471 | { | 464 | { |
472 | if (NULL == (ret[i][j] = gcry_mpi_point_new (0))) | 465 | if (NULL == (ret[i][j] = gcry_mpi_point_new (0))) |
@@ -523,25 +516,13 @@ gcry_mpi_point_t *** | |||
523 | smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3) | 516 | smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3) |
524 | { | 517 | { |
525 | gcry_mpi_point_t ***ret; | 518 | gcry_mpi_point_t ***ret; |
526 | gcry_mpi_point_t **layer1; | ||
527 | gcry_mpi_point_t *layer2; | ||
528 | 519 | ||
529 | if (NULL == (ret = calloc (size1, sizeof (*ret) + | 520 | ret = GNUNET_new_array_3d (size1, size2, size3, gcry_mpi_point_t); |
530 | size2 * sizeof (**ret) + | ||
531 | size2 * size3 * sizeof (***ret)))) | ||
532 | { | ||
533 | weprintf ("could not alloc memory for 3 dimensional point array"); | ||
534 | return NULL; | ||
535 | } | ||
536 | 521 | ||
537 | layer1 = (gcry_mpi_point_t **)&ret[size1]; | ||
538 | layer2 = (gcry_mpi_point_t *)&layer1[size1 * size2]; | ||
539 | for (uint16_t i = 0; i < size1; i++) | 522 | for (uint16_t i = 0; i < size1; i++) |
540 | { | 523 | { |
541 | ret[i] = &layer1[i * size2]; | ||
542 | for (uint16_t j = 0; j < size2; j++) | 524 | for (uint16_t j = 0; j < size2; j++) |
543 | { | 525 | { |
544 | layer1[i * size2 + j] = &layer2[(i * size2 + j) * size3]; | ||
545 | for (uint16_t k = 0; k < size3; k++) | 526 | for (uint16_t k = 0; k < size3; k++) |
546 | { | 527 | { |
547 | if (NULL == (ret[i][j][k] = gcry_mpi_point_new (0))) | 528 | if (NULL == (ret[i][j][k] = gcry_mpi_point_new (0))) |
@@ -1476,6 +1457,12 @@ fp_priv_prep_decryption (struct BRANDT_Auction *ad) | |||
1476 | ad->phi3 = smc_init3 (ad->n, ad->n, ad->k); | 1457 | ad->phi3 = smc_init3 (ad->n, ad->n, ad->k); |
1477 | brandt_assert (ad->phi3); | 1458 | brandt_assert (ad->phi3); |
1478 | 1459 | ||
1460 | ad->phiproofs3 = GNUNET_new_array_3d (ad->n, | ||
1461 | ad->n, | ||
1462 | ad->k, | ||
1463 | struct proof_2dle); | ||
1464 | brandt_assert (ad->phiproofs3); | ||
1465 | |||
1479 | for (uint16_t i = 0; i < ad->n; i++) | 1466 | for (uint16_t i = 0; i < ad->n; i++) |
1480 | { | 1467 | { |
1481 | for (uint16_t j = 0; j < ad->k; j++) | 1468 | for (uint16_t j = 0; j < ad->k; j++) |
@@ -1494,17 +1481,8 @@ fp_priv_prep_decryption (struct BRANDT_Auction *ad) | |||
1494 | } | 1481 | } |
1495 | 1482 | ||
1496 | 1483 | ||
1497 | /** | 1484 | static unsigned char * |
1498 | * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them | 1485 | fp_priv_decrypt_outcome_seller (struct BRANDT_Auction *ad, size_t *buflen) |
1499 | * into a message buffer together with proofs of correctnes. | ||
1500 | * | ||
1501 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on | ||
1502 | * @param[out] buflen Size of the returned message buffer in bytes | ||
1503 | * @return A buffer containing the own share of the decrypted outcome | ||
1504 | * which needs to be broadcast | ||
1505 | */ | ||
1506 | unsigned char * | ||
1507 | fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
1508 | { | 1486 | { |
1509 | unsigned char *ret; | 1487 | unsigned char *ret; |
1510 | unsigned char *cur; | 1488 | unsigned char *cur; |
@@ -1513,7 +1491,51 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1513 | struct ec_mpi *phi; | 1491 | struct ec_mpi *phi; |
1514 | struct proof_2dle *proof2; | 1492 | struct proof_2dle *proof2; |
1515 | 1493 | ||
1516 | brandt_assert (ad && buflen); | 1494 | *buflen = (sizeof (*head) + |
1495 | (ad->n - 1) * ad->n * ad->k * (sizeof (*phi) + | ||
1496 | sizeof (*proof2))); | ||
1497 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
1498 | |||
1499 | head = (struct msg_head *)ret; | ||
1500 | head->prot_version = htonl (0); | ||
1501 | head->msg_type = htonl (msg_decrypt); | ||
1502 | cur = ret + sizeof (*head); | ||
1503 | |||
1504 | for (uint16_t h = 0; h < ad->n; h++) | ||
1505 | { | ||
1506 | for (uint16_t i = 0; i < ad->n; i++) | ||
1507 | { | ||
1508 | /* don't reveal outcome to losing bidders */ | ||
1509 | if (h == i) | ||
1510 | continue; | ||
1511 | |||
1512 | for (uint16_t j = 0; j < ad->k; j++) | ||
1513 | { | ||
1514 | phi = (struct ec_mpi *)cur; | ||
1515 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | ||
1516 | |||
1517 | ec_point_serialize (phi, ad->phi3[h][i][j]); | ||
1518 | memcpy (proof2, &ad->phiproofs3[h][i][j], sizeof (*proof2)); | ||
1519 | |||
1520 | cur += sizeof (*phi) + sizeof (*proof2); | ||
1521 | } | ||
1522 | } | ||
1523 | } | ||
1524 | |||
1525 | gcry_mpi_point_release (tmp); | ||
1526 | return ret; | ||
1527 | } | ||
1528 | |||
1529 | |||
1530 | static unsigned char * | ||
1531 | fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen) | ||
1532 | { | ||
1533 | unsigned char *ret; | ||
1534 | unsigned char *cur; | ||
1535 | struct msg_head *head; | ||
1536 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
1537 | struct ec_mpi *phi; | ||
1538 | struct proof_2dle *proof2; | ||
1517 | 1539 | ||
1518 | *buflen = (sizeof (*head) + | 1540 | *buflen = (sizeof (*head) + |
1519 | ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1541 | ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); |
@@ -1552,22 +1574,42 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1552 | } | 1574 | } |
1553 | 1575 | ||
1554 | 1576 | ||
1555 | int | 1577 | /** |
1556 | fp_priv_recv_decryption (struct BRANDT_Auction *ad, | 1578 | * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them |
1557 | const unsigned char *buf, | 1579 | * into a message buffer together with proofs of correctnes. When this is called |
1558 | size_t buflen, | 1580 | * as the seller it will not decrypt anything, but just create the message |
1559 | uint16_t sender) | 1581 | * buffer from all received decryption shares to broadcast back to all bidders. |
1582 | * | ||
1583 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on | ||
1584 | * @param[out] buflen Size of the returned message buffer in bytes | ||
1585 | * @return A buffer containing the share of the decrypted outcome | ||
1586 | * which needs to be broadcast | ||
1587 | */ | ||
1588 | unsigned char * | ||
1589 | fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
1590 | { | ||
1591 | brandt_assert (ad && buflen); | ||
1592 | if (ad->seller_mode) | ||
1593 | return fp_priv_decrypt_outcome_seller (ad, buflen); | ||
1594 | else | ||
1595 | return fp_priv_decrypt_outcome_bidder (ad, buflen); | ||
1596 | } | ||
1597 | |||
1598 | |||
1599 | static int | ||
1600 | fp_priv_recv_decryption_seller (struct BRANDT_Auction *ad, | ||
1601 | const unsigned char *buf, | ||
1602 | size_t buflen, | ||
1603 | uint16_t sender) | ||
1560 | { | 1604 | { |
1561 | int ret = 0; | 1605 | int ret = 0; |
1562 | const unsigned char *cur = buf; | 1606 | const unsigned char *cur = buf; |
1563 | struct proof_2dle *proof2; | 1607 | struct proof_2dle *proof2; |
1564 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | 1608 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); |
1565 | 1609 | ||
1566 | brandt_assert (ad && buf); | ||
1567 | |||
1568 | if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) | 1610 | if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) |
1569 | { | 1611 | { |
1570 | weprintf ("wrong size of received outcome decryption"); | 1612 | weprintf ("wrong size of received outcome decryption from bidder"); |
1571 | goto quit; | 1613 | goto quit; |
1572 | } | 1614 | } |
1573 | 1615 | ||
@@ -1583,9 +1625,13 @@ fp_priv_recv_decryption (struct BRANDT_Auction *ad, | |||
1583 | ec_gen, | 1625 | ec_gen, |
1584 | proof2)) | 1626 | proof2)) |
1585 | { | 1627 | { |
1586 | weprintf ("wrong zkp2 for phi, y received"); | 1628 | weprintf ("wrong zkp2 for phi, y received from bidder"); |
1587 | goto quit; | 1629 | goto quit; |
1588 | } | 1630 | } |
1631 | |||
1632 | /* store proof. we need to rebroadcast it to the other bidders */ | ||
1633 | memcpy (&ad->phiproofs3[sender][i][j], proof2, sizeof (*proof2)); | ||
1634 | |||
1589 | ec_point_copy (ad->phi3[sender][i][j], phi); | 1635 | ec_point_copy (ad->phi3[sender][i][j], phi); |
1590 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); | 1636 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); |
1591 | } | 1637 | } |
@@ -1598,6 +1644,79 @@ quit: | |||
1598 | } | 1644 | } |
1599 | 1645 | ||
1600 | 1646 | ||
1647 | static int | ||
1648 | fp_priv_recv_decryption_bidder (struct BRANDT_Auction *ad, | ||
1649 | const unsigned char *buf, | ||
1650 | size_t buflen, | ||
1651 | uint16_t sender) | ||
1652 | { | ||
1653 | int ret = 0; | ||
1654 | const unsigned char *cur = buf; | ||
1655 | struct proof_2dle *proof2; | ||
1656 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | ||
1657 | |||
1658 | if (buflen != ((ad->n - 1) * ad->n * ad->k * (sizeof (struct ec_mpi) + | ||
1659 | sizeof (*proof2)))) | ||
1660 | { | ||
1661 | weprintf ("wrong size of received outcome decryption from seller"); | ||
1662 | goto quit; | ||
1663 | } | ||
1664 | |||
1665 | for (uint16_t h = 0; h < ad->n; h++) | ||
1666 | { | ||
1667 | for (uint16_t i = 0; i < ad->n; i++) | ||
1668 | { | ||
1669 | /* those combinations are not sent by the seller */ | ||
1670 | if (h == i) | ||
1671 | continue; | ||
1672 | |||
1673 | /* we already have our own phi values */ | ||
1674 | if (h == ad->i) | ||
1675 | { | ||
1676 | cur += ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)); | ||
1677 | continue; | ||
1678 | } | ||
1679 | |||
1680 | for (uint16_t j = 0; j < ad->k; j++) | ||
1681 | { | ||
1682 | ec_point_parse (phi, (struct ec_mpi *)cur); | ||
1683 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); | ||
1684 | if (smc_zkp_2dle_check (phi, | ||
1685 | ad->y[h], | ||
1686 | ad->phi3[h][i][j], | ||
1687 | ec_gen, | ||
1688 | proof2)) | ||
1689 | { | ||
1690 | weprintf ("wrong zkp2 for phi, y received from seller"); | ||
1691 | goto quit; | ||
1692 | } | ||
1693 | ec_point_copy (ad->phi3[h][i][j], phi); | ||
1694 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); | ||
1695 | } | ||
1696 | } | ||
1697 | } | ||
1698 | |||
1699 | ret = 1; | ||
1700 | quit: | ||
1701 | gcry_mpi_point_release (phi); | ||
1702 | return ret; | ||
1703 | } | ||
1704 | |||
1705 | |||
1706 | int | ||
1707 | fp_priv_recv_decryption (struct BRANDT_Auction *ad, | ||
1708 | const unsigned char *buf, | ||
1709 | size_t buflen, | ||
1710 | uint16_t sender) | ||
1711 | { | ||
1712 | brandt_assert (ad && buf); | ||
1713 | if (ad->seller_mode) | ||
1714 | return fp_priv_recv_decryption_seller (ad, buf, buflen, sender); | ||
1715 | else | ||
1716 | return fp_priv_recv_decryption_bidder (ad, buf, buflen, sender); | ||
1717 | } | ||
1718 | |||
1719 | |||
1601 | struct BRANDT_Result *fp_priv_determine_outcome (struct BRANDT_Auction *ad, | 1720 | struct BRANDT_Result *fp_priv_determine_outcome (struct BRANDT_Auction *ad, |
1602 | uint16_t *len) | 1721 | uint16_t *len) |
1603 | { | 1722 | { |