diff options
| author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-23 12:56:44 +0200 |
|---|---|---|
| committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-23 12:56:44 +0200 |
| commit | 4561ac2026d931d9aeab36e07fd041ae60c937ee (patch) | |
| tree | 6cb70c855af6c55a0995fced1f403f140b1cf0bf /crypto.c | |
| parent | b1a5fbd3b84b09f99dfdab044f692923a813b784 (diff) | |
| download | libbrandt-4561ac2026d931d9aeab36e07fd041ae60c937ee.tar.gz libbrandt-4561ac2026d931d9aeab36e07fd041ae60c937ee.zip | |
add msg headers
Diffstat (limited to 'crypto.c')
| -rw-r--r-- | crypto.c | 130 |
1 files changed, 96 insertions, 34 deletions
| @@ -610,22 +610,26 @@ smc_sum (gcry_mpi_point_t out, | |||
| 610 | 610 | ||
| 611 | 611 | ||
| 612 | /** | 612 | /** |
| 613 | * smc_gen_keyshare creates the private additive keyshare and computes the | 613 | * smc_gen_keyshare creates the private keyshare and computes the |
| 614 | * public multiplicative key share | 614 | * public key share |
| 615 | * | 615 | * |
| 616 | * @param[in,out] ad Pointer to the BRANDT_Auction struct to operate on | 616 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
| 617 | * @param[out] buflen Size of the returned buffer in bytes | 617 | * @param[out] buflen Size of the returned message buffer in bytes |
| 618 | * @return A buffer containing the multiplicative public key share which needs | 618 | * @return A buffer containing the public key share |
| 619 | * to be broadcast | 619 | * which needs to be broadcast |
| 620 | */ | 620 | */ |
| 621 | unsigned char * | 621 | unsigned char * |
| 622 | smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) | 622 | smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) |
| 623 | { | 623 | { |
| 624 | unsigned char *ret; | 624 | unsigned char *ret; |
| 625 | struct proof_dl *proof1; | 625 | struct proof_dl *proof1; |
| 626 | struct msg_head *head; | ||
| 627 | struct ec_mpi *pubkey_share; | ||
| 626 | 628 | ||
| 627 | brandt_assert (ad && buflen); | 629 | brandt_assert (ad && buflen); |
| 628 | *buflen = (sizeof (struct ec_mpi) + sizeof (*proof1)); | 630 | *buflen = (sizeof (*head) + |
| 631 | sizeof (*pubkey_share) + | ||
| 632 | sizeof (*proof1)); | ||
| 629 | ret = GNUNET_new_array (*buflen, unsigned char); | 633 | ret = GNUNET_new_array (*buflen, unsigned char); |
| 630 | if (NULL == (ad->y = smc_init1 (ad->n))) | 634 | if (NULL == (ad->y = smc_init1 (ad->n))) |
| 631 | { | 635 | { |
| @@ -633,12 +637,18 @@ smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 633 | return NULL; | 637 | return NULL; |
| 634 | } | 638 | } |
| 635 | 639 | ||
| 636 | proof1 = (struct proof_dl *)(ret + sizeof (struct ec_mpi)); | 640 | head = (struct msg_head *)ret; |
| 641 | head->prot_version = htonl (0); | ||
| 642 | head->msg_type = htonl (msg_init); | ||
| 637 | 643 | ||
| 644 | proof1 = (struct proof_dl *)(ret + sizeof (*head) + sizeof (*pubkey_share)); | ||
| 638 | ad->x = gcry_mpi_new (256); | 645 | ad->x = gcry_mpi_new (256); |
| 639 | ec_skey_create (ad->x); | 646 | ec_skey_create (ad->x); |
| 640 | smc_zkp_dl (ad->y[ad->i], ad->x, proof1); | 647 | smc_zkp_dl (ad->y[ad->i], ad->x, proof1); |
| 641 | ec_point_serialize ((struct ec_mpi *)ret, ad->y[ad->i]); | 648 | |
| 649 | pubkey_share = (struct ec_mpi *)(ret + sizeof (*head)); | ||
| 650 | ec_point_serialize (pubkey_share, ad->y[ad->i]); | ||
| 651 | |||
| 642 | return ret; | 652 | return ret; |
| 643 | } | 653 | } |
| 644 | 654 | ||
| @@ -679,10 +689,13 @@ quit: | |||
| 679 | 689 | ||
| 680 | 690 | ||
| 681 | /** | 691 | /** |
| 682 | * smc_encrypt_bid \todo | 692 | * smc_encrypt_bid encrypts the own bid with the shared public key and packs it |
| 693 | * into a message together with proofs of correctnes. | ||
| 683 | * | 694 | * |
| 684 | * @param ad TODO | 695 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
| 685 | * @param buflen TODO | 696 | * @param[out] buflen Size of the returned message buffer in bytes |
| 697 | * @return A buffer containing the encrypted bid | ||
| 698 | * which needs to be broadcast | ||
| 686 | */ | 699 | */ |
| 687 | unsigned char * | 700 | unsigned char * |
| 688 | smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | 701 | smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) |
| @@ -690,15 +703,17 @@ smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 690 | unsigned char *ret; | 703 | unsigned char *ret; |
| 691 | unsigned char *cur; | 704 | unsigned char *cur; |
| 692 | struct proof_0og *proof3; | 705 | struct proof_0og *proof3; |
| 706 | struct msg_head *head; | ||
| 693 | gcry_mpi_t r_sum; | 707 | gcry_mpi_t r_sum; |
| 694 | gcry_mpi_t r_part; | 708 | gcry_mpi_t r_part; |
| 695 | 709 | ||
| 696 | brandt_assert (ad && buflen); | 710 | brandt_assert (ad && buflen); |
| 697 | *buflen = (ad->k * /* k * (alpha, beta, proof3) */ | 711 | *buflen = (sizeof (*head) + /* msg header */ |
| 712 | ad->k * /* k * (alpha, beta, proof3) */ | ||
| 698 | (sizeof (struct ec_mpi) * 2 + /* alpha, beta */ | 713 | (sizeof (struct ec_mpi) * 2 + /* alpha, beta */ |
| 699 | sizeof (*proof3)) + | 714 | sizeof (*proof3)) + |
| 700 | sizeof (struct proof_2dle)); | 715 | sizeof (struct proof_2dle)); |
| 701 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 716 | ret = GNUNET_new_array (*buflen, unsigned char); |
| 702 | if (NULL == (ad->alpha = smc_init2 (ad->n, ad->k)) || | 717 | if (NULL == (ad->alpha = smc_init2 (ad->n, ad->k)) || |
| 703 | NULL == (ad->beta = smc_init2 (ad->n, ad->k))) | 718 | NULL == (ad->beta = smc_init2 (ad->n, ad->k))) |
| 704 | { | 719 | { |
| @@ -706,6 +721,11 @@ smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 706 | return NULL; | 721 | return NULL; |
| 707 | } | 722 | } |
| 708 | 723 | ||
| 724 | head = (struct msg_head *)ret; | ||
| 725 | head->prot_version = htonl (0); | ||
| 726 | head->msg_type = htonl (msg_bid); | ||
| 727 | cur = ret + sizeof (*head); | ||
| 728 | |||
| 709 | ad->Y = gcry_mpi_point_new (0); | 729 | ad->Y = gcry_mpi_point_new (0); |
| 710 | smc_sum (ad->Y, ad->y, ad->n, 1); | 730 | smc_sum (ad->Y, ad->y, ad->n, 1); |
| 711 | 731 | ||
| @@ -803,16 +823,21 @@ quit: | |||
| 803 | 823 | ||
| 804 | 824 | ||
| 805 | /** | 825 | /** |
| 806 | * fp_pub_compute_outcome \todo | 826 | * fp_pub_compute_outcome computes the outcome for first price auctions with a |
| 827 | * public outcome and packs it into a message buffer together with proofs of | ||
| 828 | * correctnes. | ||
| 807 | * | 829 | * |
| 808 | * @param ad TODO | 830 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
| 809 | * @param buflen TODO | 831 | * @param[out] buflen Size of the returned message buffer in bytes |
| 832 | * @return A buffer containing the encrypted outcome vectors | ||
| 833 | * which needs to be broadcast | ||
| 810 | */ | 834 | */ |
| 811 | unsigned char * | 835 | unsigned char * |
| 812 | fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | 836 | fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
| 813 | { | 837 | { |
| 814 | unsigned char *ret; | 838 | unsigned char *ret; |
| 815 | unsigned char *cur; | 839 | unsigned char *cur; |
| 840 | struct msg_head *head; | ||
| 816 | gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); | 841 | gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); |
| 817 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 842 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
| 818 | gcry_mpi_point_t *tlta1; | 843 | gcry_mpi_point_t *tlta1; |
| @@ -825,8 +850,11 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 825 | 850 | ||
| 826 | brandt_assert (ad && buflen); | 851 | brandt_assert (ad && buflen); |
| 827 | 852 | ||
| 828 | *buflen = (ad->k * (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | 853 | *buflen = (sizeof (*head) + |
| 829 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 854 | ad->k * (sizeof (*gamma) + |
| 855 | sizeof (*delta) + | ||
| 856 | sizeof (*proof2))); | ||
| 857 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
| 830 | if (NULL == (ad->gamma2 = smc_init2 (ad->n, ad->k)) || | 858 | if (NULL == (ad->gamma2 = smc_init2 (ad->n, ad->k)) || |
| 831 | NULL == (ad->delta2 = smc_init2 (ad->n, ad->k)) || | 859 | NULL == (ad->delta2 = smc_init2 (ad->n, ad->k)) || |
| 832 | NULL == (ad->tmpa1 = smc_init1 (ad->k)) || | 860 | NULL == (ad->tmpa1 = smc_init1 (ad->k)) || |
| @@ -836,6 +864,11 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 836 | return NULL; | 864 | return NULL; |
| 837 | } | 865 | } |
| 838 | 866 | ||
| 867 | head = (struct msg_head *)ret; | ||
| 868 | head->prot_version = htonl (0); | ||
| 869 | head->msg_type = htonl (msg_outcome); | ||
| 870 | cur = ret + sizeof (*head); | ||
| 871 | |||
| 839 | /* create temporary lookup tables with partial sums */ | 872 | /* create temporary lookup tables with partial sums */ |
| 840 | tlta1 = smc_init1 (ad->k); | 873 | tlta1 = smc_init1 (ad->k); |
| 841 | tltb1 = smc_init1 (ad->k); | 874 | tltb1 = smc_init1 (ad->k); |
| @@ -998,30 +1031,39 @@ quit: | |||
| 998 | 1031 | ||
| 999 | 1032 | ||
| 1000 | /** | 1033 | /** |
| 1001 | * fp_pub_decrypt_outcome \todo | 1034 | * fp_pub_decrypt_outcome decrypts part of the outcome and packs it into a |
| 1035 | * message buffer together with proofs of correctnes. | ||
| 1002 | * | 1036 | * |
| 1003 | * @param ad TODO | 1037 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
| 1004 | * @param buflen TODO | 1038 | * @param[out] buflen Size of the returned message buffer in bytes |
| 1039 | * @return A buffer containing the own share of the decrypted outcome | ||
| 1040 | * which needs to be broadcast | ||
| 1005 | */ | 1041 | */ |
| 1006 | unsigned char * | 1042 | unsigned char * |
| 1007 | fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | 1043 | fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
| 1008 | { | 1044 | { |
| 1009 | unsigned char *ret; | 1045 | unsigned char *ret; |
| 1010 | unsigned char *cur; | 1046 | unsigned char *cur; |
| 1047 | struct msg_head *head; | ||
| 1011 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 1048 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
| 1012 | struct ec_mpi *phi; | 1049 | struct ec_mpi *phi; |
| 1013 | struct proof_2dle *proof2; | 1050 | struct proof_2dle *proof2; |
| 1014 | 1051 | ||
| 1015 | brandt_assert (ad && buflen); | 1052 | brandt_assert (ad && buflen); |
| 1016 | 1053 | ||
| 1017 | *buflen = (ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1054 | *buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2))); |
| 1018 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 1055 | ret = GNUNET_new_array (*buflen, unsigned char); |
| 1019 | if (NULL == (ad->phi2 = smc_init2 (ad->n, ad->k))) | 1056 | if (NULL == (ad->phi2 = smc_init2 (ad->n, ad->k))) |
| 1020 | { | 1057 | { |
| 1021 | weprintf ("unable to alloc memory for first price outcome decryption"); | 1058 | weprintf ("unable to alloc memory for first price outcome decryption"); |
| 1022 | return NULL; | 1059 | return NULL; |
| 1023 | } | 1060 | } |
| 1024 | 1061 | ||
| 1062 | head = (struct msg_head *)ret; | ||
| 1063 | head->prot_version = htonl (0); | ||
| 1064 | head->msg_type = htonl (msg_decrypt); | ||
| 1065 | cur = ret + sizeof (*head); | ||
| 1066 | |||
| 1025 | for (uint16_t j = 0; j < ad->k; j++) | 1067 | for (uint16_t j = 0; j < ad->k; j++) |
| 1026 | { | 1068 | { |
| 1027 | phi = (struct ec_mpi *)cur; | 1069 | phi = (struct ec_mpi *)cur; |
| @@ -1142,16 +1184,20 @@ fp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *winner) | |||
| 1142 | 1184 | ||
| 1143 | 1185 | ||
| 1144 | /** | 1186 | /** |
| 1145 | * fp_priv_compute_outcome \todo | 1187 | * fp_priv_compute_outcome computes encrypted outcome shares and packs them into |
| 1188 | * a message buffer together with proofs of correctnes. | ||
| 1146 | * | 1189 | * |
| 1147 | * @param ad TODO | 1190 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
| 1148 | * @param buflen TODO | 1191 | * @param[out] buflen Size of the returned message buffer in bytes |
| 1192 | * @return A buffer containing the encrypted outcome vectors | ||
| 1193 | * which needs to be broadcast | ||
| 1149 | */ | 1194 | */ |
| 1150 | unsigned char * | 1195 | unsigned char * |
| 1151 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | 1196 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
| 1152 | { | 1197 | { |
| 1153 | unsigned char *ret; | 1198 | unsigned char *ret; |
| 1154 | unsigned char *cur; | 1199 | unsigned char *cur; |
| 1200 | struct msg_head *head; | ||
| 1155 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); | 1201 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); |
| 1156 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); | 1202 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); |
| 1157 | gcry_mpi_point_t *tlta1; | 1203 | gcry_mpi_point_t *tlta1; |
| @@ -1166,9 +1212,10 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1166 | 1212 | ||
| 1167 | brandt_assert (ad && buflen); | 1213 | brandt_assert (ad && buflen); |
| 1168 | 1214 | ||
| 1169 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | 1215 | *buflen = (sizeof (*head) + /* msg header */ |
| 1216 | ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | ||
| 1170 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | 1217 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); |
| 1171 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 1218 | ret = GNUNET_new_array (*buflen, unsigned char); |
| 1172 | if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) || | 1219 | if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) || |
| 1173 | NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k))) | 1220 | NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k))) |
| 1174 | { | 1221 | { |
| @@ -1176,6 +1223,11 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1176 | return NULL; | 1223 | return NULL; |
| 1177 | } | 1224 | } |
| 1178 | 1225 | ||
| 1226 | head = (struct msg_head *)ret; | ||
| 1227 | head->prot_version = htonl (0); | ||
| 1228 | head->msg_type = htonl (msg_outcome); | ||
| 1229 | cur = ret + sizeof (*head); | ||
| 1230 | |||
| 1179 | /* create temporary lookup tables with partial sums */ | 1231 | /* create temporary lookup tables with partial sums */ |
| 1180 | tlta1 = smc_init1 (ad->k); | 1232 | tlta1 = smc_init1 (ad->k); |
| 1181 | tltb1 = smc_init1 (ad->k); | 1233 | tltb1 = smc_init1 (ad->k); |
| @@ -1343,30 +1395,40 @@ quit: | |||
| 1343 | 1395 | ||
| 1344 | 1396 | ||
| 1345 | /** | 1397 | /** |
| 1346 | * fp_priv_decrypt_outcome \todo | 1398 | * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them |
| 1399 | * into a message buffer together with proofs of correctnes. | ||
| 1347 | * | 1400 | * |
| 1348 | * @param ad TODO | 1401 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on |
| 1349 | * @param buflen TODO | 1402 | * @param[out] buflen Size of the returned message buffer in bytes |
| 1403 | * @return A buffer containing the own share of the decrypted outcome | ||
| 1404 | * which needs to be broadcast | ||
| 1350 | */ | 1405 | */ |
| 1351 | unsigned char * | 1406 | unsigned char * |
| 1352 | fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | 1407 | fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
| 1353 | { | 1408 | { |
| 1354 | unsigned char *ret; | 1409 | unsigned char *ret; |
| 1355 | unsigned char *cur; | 1410 | unsigned char *cur; |
| 1411 | struct msg_head *head; | ||
| 1356 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 1412 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
| 1357 | struct ec_mpi *phi; | 1413 | struct ec_mpi *phi; |
| 1358 | struct proof_2dle *proof2; | 1414 | struct proof_2dle *proof2; |
| 1359 | 1415 | ||
| 1360 | brandt_assert (ad && buflen); | 1416 | brandt_assert (ad && buflen); |
| 1361 | 1417 | ||
| 1362 | *buflen = (ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1418 | *buflen = (sizeof (*head) + |
| 1363 | cur = ret = GNUNET_new_array (*buflen, unsigned char); | 1419 | ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); |
| 1420 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
| 1364 | if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k))) | 1421 | if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k))) |
| 1365 | { | 1422 | { |
| 1366 | weprintf ("unable to alloc memory for first price outcome decryption"); | 1423 | weprintf ("unable to alloc memory for first price outcome decryption"); |
| 1367 | return NULL; | 1424 | return NULL; |
| 1368 | } | 1425 | } |
| 1369 | 1426 | ||
| 1427 | head = (struct msg_head *)ret; | ||
| 1428 | head->prot_version = htonl (0); | ||
| 1429 | head->msg_type = htonl (msg_decrypt); | ||
| 1430 | cur = ret + sizeof (*head); | ||
| 1431 | |||
| 1370 | for (uint16_t i = 0; i < ad->n; i++) | 1432 | for (uint16_t i = 0; i < ad->n; i++) |
| 1371 | { | 1433 | { |
| 1372 | for (uint16_t j = 0; j < ad->k; j++) | 1434 | for (uint16_t j = 0; j < ad->k; j++) |