diff options
author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-23 12:56:44 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-23 12:56:44 +0200 |
commit | 4561ac2026d931d9aeab36e07fd041ae60c937ee (patch) | |
tree | 6cb70c855af6c55a0995fced1f403f140b1cf0bf /crypto.c | |
parent | b1a5fbd3b84b09f99dfdab044f692923a813b784 (diff) | |
download | libbrandt-4561ac2026d931d9aeab36e07fd041ae60c937ee.tar.gz libbrandt-4561ac2026d931d9aeab36e07fd041ae60c937ee.zip |
add msg headers
Diffstat (limited to 'crypto.c')
-rw-r--r-- | crypto.c | 130 |
1 files changed, 96 insertions, 34 deletions
@@ -610,22 +610,26 @@ smc_sum (gcry_mpi_point_t out, | |||
610 | 610 | ||
611 | 611 | ||
612 | /** | 612 | /** |
613 | * smc_gen_keyshare creates the private additive keyshare and computes the | 613 | * smc_gen_keyshare creates the private keyshare and computes the |
614 | * public multiplicative key share | 614 | * public key share |
615 | * | 615 | * |
616 | * @param[in,out] ad Pointer to the BRANDT_Auction struct to operate on | 616 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
617 | * @param[out] buflen Size of the returned buffer in bytes | 617 | * @param[out] buflen Size of the returned message buffer in bytes |
618 | * @return A buffer containing the multiplicative public key share which needs | 618 | * @return A buffer containing the public key share |
619 | * to be broadcast | 619 | * which needs to be broadcast |
620 | */ | 620 | */ |
621 | unsigned char * | 621 | unsigned char * |
622 | smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) | 622 | smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) |
623 | { | 623 | { |
624 | unsigned char *ret; | 624 | unsigned char *ret; |
625 | struct proof_dl *proof1; | 625 | struct proof_dl *proof1; |
626 | struct msg_head *head; | ||
627 | struct ec_mpi *pubkey_share; | ||
626 | 628 | ||
627 | brandt_assert (ad && buflen); | 629 | brandt_assert (ad && buflen); |
628 | *buflen = (sizeof (struct ec_mpi) + sizeof (*proof1)); | 630 | *buflen = (sizeof (*head) + |
631 | sizeof (*pubkey_share) + | ||
632 | sizeof (*proof1)); | ||
629 | ret = GNUNET_new_array (*buflen, unsigned char); | 633 | ret = GNUNET_new_array (*buflen, unsigned char); |
630 | if (NULL == (ad->y = smc_init1 (ad->n))) | 634 | if (NULL == (ad->y = smc_init1 (ad->n))) |
631 | { | 635 | { |
@@ -633,12 +637,18 @@ smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) | |||
633 | return NULL; | 637 | return NULL; |
634 | } | 638 | } |
635 | 639 | ||
636 | proof1 = (struct proof_dl *)(ret + sizeof (struct ec_mpi)); | 640 | head = (struct msg_head *)ret; |
641 | head->prot_version = htonl (0); | ||
642 | head->msg_type = htonl (msg_init); | ||
637 | 643 | ||
644 | proof1 = (struct proof_dl *)(ret + sizeof (*head) + sizeof (*pubkey_share)); | ||
638 | ad->x = gcry_mpi_new (256); | 645 | ad->x = gcry_mpi_new (256); |
639 | ec_skey_create (ad->x); | 646 | ec_skey_create (ad->x); |
640 | smc_zkp_dl (ad->y[ad->i], ad->x, proof1); | 647 | smc_zkp_dl (ad->y[ad->i], ad->x, proof1); |
641 | ec_point_serialize ((struct ec_mpi *)ret, ad->y[ad->i]); | 648 | |
649 | pubkey_share = (struct ec_mpi *)(ret + sizeof (*head)); | ||
650 | ec_point_serialize (pubkey_share, ad->y[ad->i]); | ||
651 | |||
642 | return ret; | 652 | return ret; |
643 | } | 653 | } |
644 | 654 | ||
@@ -679,10 +689,13 @@ quit: | |||
679 | 689 | ||
680 | 690 | ||
681 | /** | 691 | /** |
682 | * smc_encrypt_bid \todo | 692 | * smc_encrypt_bid encrypts the own bid with the shared public key and packs it |
693 | * into a message together with proofs of correctnes. | ||
683 | * | 694 | * |
684 | * @param ad TODO | 695 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
685 | * @param buflen TODO | 696 | * @param[out] buflen Size of the returned message buffer in bytes |
697 | * @return A buffer containing the encrypted bid | ||
698 | * which needs to be broadcast | ||
686 | */ | 699 | */ |
687 | unsigned char * | 700 | unsigned char * |
688 | smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | 701 | smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) |
@@ -690,15 +703,17 @@ smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | |||
690 | unsigned char *ret; | 703 | unsigned char *ret; |
691 | unsigned char *cur; | 704 | unsigned char *cur; |
692 | struct proof_0og *proof3; | 705 | struct proof_0og *proof3; |
706 | struct msg_head *head; | ||
693 | gcry_mpi_t r_sum; | 707 | gcry_mpi_t r_sum; |
694 | gcry_mpi_t r_part; | 708 | gcry_mpi_t r_part; |
695 | 709 | ||
696 | brandt_assert (ad && buflen); | 710 | brandt_assert (ad && buflen); |
697 | *buflen = (ad->k * /* k * (alpha, beta, proof3) */ | 711 | *buflen = (sizeof (*head) + /* msg header */ |
712 | ad->k * /* k * (alpha, beta, proof3) */ | ||
698 | (sizeof (struct ec_mpi) * 2 + /* alpha, beta */ | 713 | (sizeof (struct ec_mpi) * 2 + /* alpha, beta */ |
699 | sizeof (*proof3)) + | 714 | sizeof (*proof3)) + |
700 | sizeof (struct proof_2dle)); | 715 | sizeof (struct proof_2dle)); |
701 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 716 | ret = GNUNET_new_array (*buflen, unsigned char); |
702 | if (NULL == (ad->alpha = smc_init2 (ad->n, ad->k)) || | 717 | if (NULL == (ad->alpha = smc_init2 (ad->n, ad->k)) || |
703 | NULL == (ad->beta = smc_init2 (ad->n, ad->k))) | 718 | NULL == (ad->beta = smc_init2 (ad->n, ad->k))) |
704 | { | 719 | { |
@@ -706,6 +721,11 @@ smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | |||
706 | return NULL; | 721 | return NULL; |
707 | } | 722 | } |
708 | 723 | ||
724 | head = (struct msg_head *)ret; | ||
725 | head->prot_version = htonl (0); | ||
726 | head->msg_type = htonl (msg_bid); | ||
727 | cur = ret + sizeof (*head); | ||
728 | |||
709 | ad->Y = gcry_mpi_point_new (0); | 729 | ad->Y = gcry_mpi_point_new (0); |
710 | smc_sum (ad->Y, ad->y, ad->n, 1); | 730 | smc_sum (ad->Y, ad->y, ad->n, 1); |
711 | 731 | ||
@@ -803,16 +823,21 @@ quit: | |||
803 | 823 | ||
804 | 824 | ||
805 | /** | 825 | /** |
806 | * fp_pub_compute_outcome \todo | 826 | * fp_pub_compute_outcome computes the outcome for first price auctions with a |
827 | * public outcome and packs it into a message buffer together with proofs of | ||
828 | * correctnes. | ||
807 | * | 829 | * |
808 | * @param ad TODO | 830 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
809 | * @param buflen TODO | 831 | * @param[out] buflen Size of the returned message buffer in bytes |
832 | * @return A buffer containing the encrypted outcome vectors | ||
833 | * which needs to be broadcast | ||
810 | */ | 834 | */ |
811 | unsigned char * | 835 | unsigned char * |
812 | fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | 836 | fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
813 | { | 837 | { |
814 | unsigned char *ret; | 838 | unsigned char *ret; |
815 | unsigned char *cur; | 839 | unsigned char *cur; |
840 | struct msg_head *head; | ||
816 | gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); | 841 | gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); |
817 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 842 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
818 | gcry_mpi_point_t *tlta1; | 843 | gcry_mpi_point_t *tlta1; |
@@ -825,8 +850,11 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
825 | 850 | ||
826 | brandt_assert (ad && buflen); | 851 | brandt_assert (ad && buflen); |
827 | 852 | ||
828 | *buflen = (ad->k * (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | 853 | *buflen = (sizeof (*head) + |
829 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 854 | ad->k * (sizeof (*gamma) + |
855 | sizeof (*delta) + | ||
856 | sizeof (*proof2))); | ||
857 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
830 | if (NULL == (ad->gamma2 = smc_init2 (ad->n, ad->k)) || | 858 | if (NULL == (ad->gamma2 = smc_init2 (ad->n, ad->k)) || |
831 | NULL == (ad->delta2 = smc_init2 (ad->n, ad->k)) || | 859 | NULL == (ad->delta2 = smc_init2 (ad->n, ad->k)) || |
832 | NULL == (ad->tmpa1 = smc_init1 (ad->k)) || | 860 | NULL == (ad->tmpa1 = smc_init1 (ad->k)) || |
@@ -836,6 +864,11 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
836 | return NULL; | 864 | return NULL; |
837 | } | 865 | } |
838 | 866 | ||
867 | head = (struct msg_head *)ret; | ||
868 | head->prot_version = htonl (0); | ||
869 | head->msg_type = htonl (msg_outcome); | ||
870 | cur = ret + sizeof (*head); | ||
871 | |||
839 | /* create temporary lookup tables with partial sums */ | 872 | /* create temporary lookup tables with partial sums */ |
840 | tlta1 = smc_init1 (ad->k); | 873 | tlta1 = smc_init1 (ad->k); |
841 | tltb1 = smc_init1 (ad->k); | 874 | tltb1 = smc_init1 (ad->k); |
@@ -998,30 +1031,39 @@ quit: | |||
998 | 1031 | ||
999 | 1032 | ||
1000 | /** | 1033 | /** |
1001 | * fp_pub_decrypt_outcome \todo | 1034 | * fp_pub_decrypt_outcome decrypts part of the outcome and packs it into a |
1035 | * message buffer together with proofs of correctnes. | ||
1002 | * | 1036 | * |
1003 | * @param ad TODO | 1037 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
1004 | * @param buflen TODO | 1038 | * @param[out] buflen Size of the returned message buffer in bytes |
1039 | * @return A buffer containing the own share of the decrypted outcome | ||
1040 | * which needs to be broadcast | ||
1005 | */ | 1041 | */ |
1006 | unsigned char * | 1042 | unsigned char * |
1007 | fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | 1043 | fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
1008 | { | 1044 | { |
1009 | unsigned char *ret; | 1045 | unsigned char *ret; |
1010 | unsigned char *cur; | 1046 | unsigned char *cur; |
1047 | struct msg_head *head; | ||
1011 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 1048 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
1012 | struct ec_mpi *phi; | 1049 | struct ec_mpi *phi; |
1013 | struct proof_2dle *proof2; | 1050 | struct proof_2dle *proof2; |
1014 | 1051 | ||
1015 | brandt_assert (ad && buflen); | 1052 | brandt_assert (ad && buflen); |
1016 | 1053 | ||
1017 | *buflen = (ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1054 | *buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2))); |
1018 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 1055 | ret = GNUNET_new_array (*buflen, unsigned char); |
1019 | if (NULL == (ad->phi2 = smc_init2 (ad->n, ad->k))) | 1056 | if (NULL == (ad->phi2 = smc_init2 (ad->n, ad->k))) |
1020 | { | 1057 | { |
1021 | weprintf ("unable to alloc memory for first price outcome decryption"); | 1058 | weprintf ("unable to alloc memory for first price outcome decryption"); |
1022 | return NULL; | 1059 | return NULL; |
1023 | } | 1060 | } |
1024 | 1061 | ||
1062 | head = (struct msg_head *)ret; | ||
1063 | head->prot_version = htonl (0); | ||
1064 | head->msg_type = htonl (msg_decrypt); | ||
1065 | cur = ret + sizeof (*head); | ||
1066 | |||
1025 | for (uint16_t j = 0; j < ad->k; j++) | 1067 | for (uint16_t j = 0; j < ad->k; j++) |
1026 | { | 1068 | { |
1027 | phi = (struct ec_mpi *)cur; | 1069 | phi = (struct ec_mpi *)cur; |
@@ -1142,16 +1184,20 @@ fp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *winner) | |||
1142 | 1184 | ||
1143 | 1185 | ||
1144 | /** | 1186 | /** |
1145 | * fp_priv_compute_outcome \todo | 1187 | * fp_priv_compute_outcome computes encrypted outcome shares and packs them into |
1188 | * a message buffer together with proofs of correctnes. | ||
1146 | * | 1189 | * |
1147 | * @param ad TODO | 1190 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
1148 | * @param buflen TODO | 1191 | * @param[out] buflen Size of the returned message buffer in bytes |
1192 | * @return A buffer containing the encrypted outcome vectors | ||
1193 | * which needs to be broadcast | ||
1149 | */ | 1194 | */ |
1150 | unsigned char * | 1195 | unsigned char * |
1151 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | 1196 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
1152 | { | 1197 | { |
1153 | unsigned char *ret; | 1198 | unsigned char *ret; |
1154 | unsigned char *cur; | 1199 | unsigned char *cur; |
1200 | struct msg_head *head; | ||
1155 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); | 1201 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); |
1156 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); | 1202 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); |
1157 | gcry_mpi_point_t *tlta1; | 1203 | gcry_mpi_point_t *tlta1; |
@@ -1166,9 +1212,10 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1166 | 1212 | ||
1167 | brandt_assert (ad && buflen); | 1213 | brandt_assert (ad && buflen); |
1168 | 1214 | ||
1169 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | 1215 | *buflen = (sizeof (*head) + /* msg header */ |
1216 | ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | ||
1170 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | 1217 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); |
1171 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 1218 | ret = GNUNET_new_array (*buflen, unsigned char); |
1172 | if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) || | 1219 | if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) || |
1173 | NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k))) | 1220 | NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k))) |
1174 | { | 1221 | { |
@@ -1176,6 +1223,11 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1176 | return NULL; | 1223 | return NULL; |
1177 | } | 1224 | } |
1178 | 1225 | ||
1226 | head = (struct msg_head *)ret; | ||
1227 | head->prot_version = htonl (0); | ||
1228 | head->msg_type = htonl (msg_outcome); | ||
1229 | cur = ret + sizeof (*head); | ||
1230 | |||
1179 | /* create temporary lookup tables with partial sums */ | 1231 | /* create temporary lookup tables with partial sums */ |
1180 | tlta1 = smc_init1 (ad->k); | 1232 | tlta1 = smc_init1 (ad->k); |
1181 | tltb1 = smc_init1 (ad->k); | 1233 | tltb1 = smc_init1 (ad->k); |
@@ -1343,30 +1395,40 @@ quit: | |||
1343 | 1395 | ||
1344 | 1396 | ||
1345 | /** | 1397 | /** |
1346 | * fp_priv_decrypt_outcome \todo | 1398 | * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them |
1399 | * into a message buffer together with proofs of correctnes. | ||
1347 | * | 1400 | * |
1348 | * @param ad TODO | 1401 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
1349 | * @param buflen TODO | 1402 | * @param[out] buflen Size of the returned message buffer in bytes |
1403 | * @return A buffer containing the own share of the decrypted outcome | ||
1404 | * which needs to be broadcast | ||
1350 | */ | 1405 | */ |
1351 | unsigned char * | 1406 | unsigned char * |
1352 | fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | 1407 | fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
1353 | { | 1408 | { |
1354 | unsigned char *ret; | 1409 | unsigned char *ret; |
1355 | unsigned char *cur; | 1410 | unsigned char *cur; |
1411 | struct msg_head *head; | ||
1356 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 1412 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
1357 | struct ec_mpi *phi; | 1413 | struct ec_mpi *phi; |
1358 | struct proof_2dle *proof2; | 1414 | struct proof_2dle *proof2; |
1359 | 1415 | ||
1360 | brandt_assert (ad && buflen); | 1416 | brandt_assert (ad && buflen); |
1361 | 1417 | ||
1362 | *buflen = (ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1418 | *buflen = (sizeof (*head) + |
1363 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 1419 | ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); |
1420 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
1364 | if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k))) | 1421 | if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k))) |
1365 | { | 1422 | { |
1366 | weprintf ("unable to alloc memory for first price outcome decryption"); | 1423 | weprintf ("unable to alloc memory for first price outcome decryption"); |
1367 | return NULL; | 1424 | return NULL; |
1368 | } | 1425 | } |
1369 | 1426 | ||
1427 | head = (struct msg_head *)ret; | ||
1428 | head->prot_version = htonl (0); | ||
1429 | head->msg_type = htonl (msg_decrypt); | ||
1430 | cur = ret + sizeof (*head); | ||
1431 | |||
1370 | for (uint16_t i = 0; i < ad->n; i++) | 1432 | for (uint16_t i = 0; i < ad->n; i++) |
1371 | { | 1433 | { |
1372 | for (uint16_t j = 0; j < ad->k; j++) | 1434 | for (uint16_t j = 0; j < ad->k; j++) |