diff options
author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-07-13 14:01:24 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-07-13 14:01:24 +0200 |
commit | 99e5a11de13a3283c07f353471e08df241511d19 (patch) | |
tree | a92cce7ff2f96bbd0e096f6a3a267dacaa362a3d /crypto.c | |
parent | 8c7bd0fda283f8c529e5a582182b08150d875736 (diff) | |
download | libbrandt-99e5a11de13a3283c07f353471e08df241511d19.tar.gz libbrandt-99e5a11de13a3283c07f353471e08df241511d19.zip |
major random stuff
Diffstat (limited to 'crypto.c')
-rw-r--r-- | crypto.c | 577 |
1 files changed, 440 insertions, 137 deletions
@@ -20,6 +20,7 @@ | |||
20 | * @author Markus Teich | 20 | * @author Markus Teich |
21 | */ | 21 | */ |
22 | 22 | ||
23 | #include "brandt_config.h" | ||
23 | 24 | ||
24 | #include <arpa/inet.h> | 25 | #include <arpa/inet.h> |
25 | #include <gcrypt.h> | 26 | #include <gcrypt.h> |
@@ -61,17 +62,22 @@ static gcry_ctx_t ec_ctx; | |||
61 | static gcry_mpi_point_t ec_gen; | 62 | static gcry_mpi_point_t ec_gen; |
62 | static gcry_mpi_point_t ec_zero; | 63 | static gcry_mpi_point_t ec_zero; |
63 | static gcry_mpi_t ec_n; | 64 | static gcry_mpi_t ec_n; |
65 | static GNUNET_CRYPTO_EccDlogContext *ec_dlogctx; | ||
64 | 66 | ||
65 | 67 | ||
66 | /** | 68 | /** |
67 | * brandt_crypto_init initializes the crypto system and must be called before | 69 | * brandt_crypto_init initializes the crypto system and must be called before |
68 | * any other function from this file. | 70 | * any other function from this file. |
71 | * | ||
72 | * @param[in] dlogctx Pointer to the prepared dlog context. | ||
69 | */ | 73 | */ |
70 | void | 74 | void |
71 | brandt_crypto_init () | 75 | brandt_crypto_init (GNUNET_CRYPTO_EccDlogContext *dlogctx) |
72 | { | 76 | { |
73 | gcry_error_t rc; | 77 | gcry_error_t rc; |
74 | 78 | ||
79 | ec_dlogctx = dlogctx; | ||
80 | |||
75 | rc = gcry_mpi_ec_new (&ec_ctx, NULL, CURVE); | 81 | rc = gcry_mpi_ec_new (&ec_ctx, NULL, CURVE); |
76 | brandt_assert_gpgerr (rc); | 82 | brandt_assert_gpgerr (rc); |
77 | 83 | ||
@@ -159,7 +165,7 @@ ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey) | |||
159 | gcry_mpi_t sk; | 165 | gcry_mpi_t sk; |
160 | 166 | ||
161 | brandt_assert (NULL != pkey); | 167 | brandt_assert (NULL != pkey); |
162 | sk = (NULL == skey) ? gcry_mpi_new (0) : skey; | 168 | sk = (NULL == skey) ? gcry_mpi_new (256) : skey; |
163 | 169 | ||
164 | ec_skey_create (sk); | 170 | ec_skey_create (sk); |
165 | gcry_mpi_ec_mul (pkey, sk, ec_gen, ec_ctx); | 171 | gcry_mpi_ec_mul (pkey, sk, ec_gen, ec_ctx); |
@@ -191,6 +197,25 @@ ec_keypair_create_base (gcry_mpi_point_t pkey, | |||
191 | 197 | ||
192 | 198 | ||
193 | /** | 199 | /** |
200 | * ec_point_copy creates a copy of one curve point | ||
201 | * | ||
202 | * @param[out] dst where to store the copy | ||
203 | * @param[in] src the input point to be copied | ||
204 | */ | ||
205 | void | ||
206 | ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src) | ||
207 | { | ||
208 | gcry_mpi_t x = gcry_mpi_new (256); | ||
209 | gcry_mpi_t y = gcry_mpi_new (256); | ||
210 | gcry_mpi_t z = gcry_mpi_new (256); | ||
211 | |||
212 | brandt_assert (dst && src); | ||
213 | gcry_mpi_point_get (x, y, z, src); | ||
214 | gcry_mpi_point_snatch_set (dst, x, y, z); | ||
215 | } | ||
216 | |||
217 | |||
218 | /** | ||
194 | * ec_point_cmp compares two curve points | 219 | * ec_point_cmp compares two curve points |
195 | * | 220 | * |
196 | * @param[in] a the first point | 221 | * @param[in] a the first point |
@@ -202,10 +227,10 @@ int | |||
202 | ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b) | 227 | ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b) |
203 | { | 228 | { |
204 | int ret = 1; | 229 | int ret = 1; |
205 | gcry_mpi_t ax = gcry_mpi_new (0); | 230 | gcry_mpi_t ax = gcry_mpi_new (256); |
206 | gcry_mpi_t bx = gcry_mpi_new (0); | 231 | gcry_mpi_t bx = gcry_mpi_new (256); |
207 | gcry_mpi_t ay = gcry_mpi_new (0); | 232 | gcry_mpi_t ay = gcry_mpi_new (256); |
208 | gcry_mpi_t by = gcry_mpi_new (0); | 233 | gcry_mpi_t by = gcry_mpi_new (256); |
209 | 234 | ||
210 | brandt_assert (a && b); | 235 | brandt_assert (a && b); |
211 | if (!ax || !bx || !ay || !by) | 236 | if (!ax || !bx || !ay || !by) |
@@ -592,8 +617,7 @@ smc_sum (gcry_mpi_point_t out, | |||
592 | uint16_t step) | 617 | uint16_t step) |
593 | { | 618 | { |
594 | brandt_assert (NULL != out); | 619 | brandt_assert (NULL != out); |
595 | /**\todo: how to copy a point more efficiently? */ | 620 | ec_point_copy (out, ec_zero); |
596 | gcry_mpi_ec_add (out, ec_zero, ec_zero, ec_ctx); | ||
597 | for (uint16_t i = 0; i < len * step; i += step) | 621 | for (uint16_t i = 0; i < len * step; i += step) |
598 | gcry_mpi_ec_add (out, out, in[i], ec_ctx); | 622 | gcry_mpi_ec_add (out, out, in[i], ec_ctx); |
599 | } | 623 | } |
@@ -603,12 +627,12 @@ smc_sum (gcry_mpi_point_t out, | |||
603 | * smc_gen_keyshare creates the private additive keyshare and computes the | 627 | * smc_gen_keyshare creates the private additive keyshare and computes the |
604 | * public multiplicative key share | 628 | * public multiplicative key share |
605 | * | 629 | * |
606 | * @param[in,out] ad Pointer to the AuctionData struct to operate on | 630 | * @param[in,out] ad Pointer to the BRANDT_Auction struct to operate on |
607 | * @param[out] buflen \todo | 631 | * @param[out] buflen \todo |
608 | * @return \todo | 632 | * @return \todo |
609 | */ | 633 | */ |
610 | unsigned char * | 634 | unsigned char * |
611 | smc_gen_keyshare (struct AuctionData *ad, size_t *buflen) | 635 | smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) |
612 | { | 636 | { |
613 | unsigned char *ret; | 637 | unsigned char *ret; |
614 | struct proof_dl *proof1; | 638 | struct proof_dl *proof1; |
@@ -624,7 +648,7 @@ smc_gen_keyshare (struct AuctionData *ad, size_t *buflen) | |||
624 | 648 | ||
625 | proof1 = (struct proof_dl *)(ret + sizeof (struct ec_mpi)); | 649 | proof1 = (struct proof_dl *)(ret + sizeof (struct ec_mpi)); |
626 | 650 | ||
627 | ad->x = gcry_mpi_new (0); | 651 | ad->x = gcry_mpi_new (256); |
628 | ec_skey_create (ad->x); | 652 | ec_skey_create (ad->x); |
629 | smc_zkp_dl (ad->y[ad->i], ad->x, proof1); | 653 | smc_zkp_dl (ad->y[ad->i], ad->x, proof1); |
630 | ec_point_serialize ((struct ec_mpi *)ret, ad->y[ad->i]); | 654 | ec_point_serialize ((struct ec_mpi *)ret, ad->y[ad->i]); |
@@ -633,8 +657,8 @@ smc_gen_keyshare (struct AuctionData *ad, size_t *buflen) | |||
633 | 657 | ||
634 | 658 | ||
635 | int | 659 | int |
636 | smc_recv_keyshare (struct AuctionData *ad, | 660 | smc_recv_keyshare (struct BRANDT_Auction *ad, |
637 | unsigned char *buf, | 661 | const unsigned char *buf, |
638 | size_t buflen, | 662 | size_t buflen, |
639 | uint16_t sender) | 663 | uint16_t sender) |
640 | { | 664 | { |
@@ -658,8 +682,7 @@ smc_recv_keyshare (struct AuctionData *ad, | |||
658 | goto quit; | 682 | goto quit; |
659 | } | 683 | } |
660 | 684 | ||
661 | /**\todo: how to copy a point more efficiently? */ | 685 | ec_point_copy (ad->y[sender], y); |
662 | gcry_mpi_ec_add (ad->y[sender], ec_zero, y, ec_ctx); | ||
663 | 686 | ||
664 | ret = 1; | 687 | ret = 1; |
665 | quit: | 688 | quit: |
@@ -675,7 +698,7 @@ quit: | |||
675 | * @param buflen TODO | 698 | * @param buflen TODO |
676 | */ | 699 | */ |
677 | unsigned char * | 700 | unsigned char * |
678 | smc_encrypt_bid (struct AuctionData *ad, size_t *buflen) | 701 | smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) |
679 | { | 702 | { |
680 | unsigned char *ret; | 703 | unsigned char *ret; |
681 | unsigned char *cur; | 704 | unsigned char *cur; |
@@ -699,8 +722,8 @@ smc_encrypt_bid (struct AuctionData *ad, size_t *buflen) | |||
699 | ad->Y = gcry_mpi_point_new (0); | 722 | ad->Y = gcry_mpi_point_new (0); |
700 | smc_sum (ad->Y, ad->y, ad->n, 1); | 723 | smc_sum (ad->Y, ad->y, ad->n, 1); |
701 | 724 | ||
702 | r_sum = gcry_mpi_new (0); | 725 | r_sum = gcry_mpi_new (256); |
703 | r_part = gcry_mpi_new (0); | 726 | r_part = gcry_mpi_new (256); |
704 | 727 | ||
705 | for (uint16_t j = 0; j < ad->k; j++) | 728 | for (uint16_t j = 0; j < ad->k; j++) |
706 | { | 729 | { |
@@ -726,13 +749,13 @@ smc_encrypt_bid (struct AuctionData *ad, size_t *buflen) | |||
726 | 749 | ||
727 | 750 | ||
728 | int | 751 | int |
729 | smc_recv_encrypted_bid (struct AuctionData *ad, | 752 | smc_recv_encrypted_bid (struct BRANDT_Auction *ad, |
730 | unsigned char *buf, | 753 | const unsigned char *buf, |
731 | size_t buflen, | 754 | size_t buflen, |
732 | uint16_t sender) | 755 | uint16_t sender) |
733 | { | 756 | { |
734 | int ret = 0; | 757 | int ret = 0; |
735 | unsigned char *cur = buf; | 758 | const unsigned char *cur = buf; |
736 | struct proof_0og *proof3; | 759 | struct proof_0og *proof3; |
737 | gcry_mpi_point_t **ct; /* ciphertexts */ | 760 | gcry_mpi_point_t **ct; /* ciphertexts */ |
738 | gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); | 761 | gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); |
@@ -748,8 +771,8 @@ smc_recv_encrypted_bid (struct AuctionData *ad, | |||
748 | goto quit; | 771 | goto quit; |
749 | } | 772 | } |
750 | 773 | ||
751 | gcry_mpi_ec_mul (alpha_sum, GCRYMPI_CONST_ONE, ec_zero, ec_ctx); | 774 | ec_point_copy (alpha_sum, ec_zero); |
752 | gcry_mpi_ec_mul (beta_sum, GCRYMPI_CONST_ONE, ec_zero, ec_ctx); | 775 | ec_point_copy (beta_sum, ec_zero); |
753 | 776 | ||
754 | for (uint16_t j = 0; j < ad->k; j++) | 777 | for (uint16_t j = 0; j < ad->k; j++) |
755 | { | 778 | { |
@@ -779,9 +802,8 @@ smc_recv_encrypted_bid (struct AuctionData *ad, | |||
779 | 802 | ||
780 | for (uint16_t j = 0; j < ad->k; j++) | 803 | for (uint16_t j = 0; j < ad->k; j++) |
781 | { | 804 | { |
782 | /**\todo: how to copy a point more efficiently? */ | 805 | ec_point_copy (ad->alpha[sender][j], ct[0][j]); |
783 | gcry_mpi_ec_add (ad->alpha[sender][j], ec_zero, ct[0][j], ec_ctx); | 806 | ec_point_copy (ad->beta[sender][j], ct[1][j]); |
784 | gcry_mpi_ec_add (ad->beta[sender][j], ec_zero, ct[1][j], ec_ctx); | ||
785 | } | 807 | } |
786 | smc_free2 (ct, 2, ad->k); | 808 | smc_free2 (ct, 2, ad->k); |
787 | 809 | ||
@@ -794,13 +816,345 @@ quit: | |||
794 | 816 | ||
795 | 817 | ||
796 | /** | 818 | /** |
797 | * smc_compute_outcome \todo | 819 | * fp_pub_compute_outcome \todo |
820 | * | ||
821 | * @param ad TODO | ||
822 | * @param buflen TODO | ||
823 | */ | ||
824 | unsigned char * | ||
825 | fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
826 | { | ||
827 | unsigned char *ret; | ||
828 | unsigned char *cur; | ||
829 | gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); | ||
830 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
831 | gcry_mpi_point_t *tlta1; | ||
832 | gcry_mpi_point_t *tltb1; | ||
833 | gcry_mpi_point_t **tlta2; | ||
834 | gcry_mpi_point_t **tltb2; | ||
835 | struct ec_mpi *gamma; | ||
836 | struct ec_mpi *delta; | ||
837 | struct proof_2dle *proof2; | ||
838 | |||
839 | brandt_assert (ad && buflen); | ||
840 | |||
841 | *buflen = (ad->k * (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | ||
842 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | ||
843 | NULL == (ad->gamma2 = smc_init2 (ad->n, ad->k)) || | ||
844 | NULL == (ad->delta2 = smc_init2 (ad->n, ad->k)) || | ||
845 | NULL == (ad->tmpa1 = smc_init1 (ad->k)) || | ||
846 | NULL == (ad->tmpb1 = smc_init1 (ad->k))) | ||
847 | { | ||
848 | weprintf ("unable to alloc memory for first price outcome computation"); | ||
849 | return NULL; | ||
850 | } | ||
851 | |||
852 | /* create temporary lookup tables with partial sums */ | ||
853 | tlta1 = smc_init1 (ad->k); | ||
854 | tltb1 = smc_init1 (ad->k); | ||
855 | tlta2 = smc_init2 (ad->n, ad->k); | ||
856 | tltb2 = smc_init2 (ad->n, ad->k); | ||
857 | |||
858 | /* temporary lookup table for sum of bid vectors */ | ||
859 | for (uint16_t i = 0; i < ad->n; i++) | ||
860 | { | ||
861 | smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1); | ||
862 | smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1); | ||
863 | for (uint16_t j = 0; j < ad->k; j++) | ||
864 | { | ||
865 | gcry_mpi_ec_sub (tlta2[i][j], | ||
866 | tlta2[i][ad->k - 1], | ||
867 | tlta2[i][j], | ||
868 | ec_ctx); | ||
869 | gcry_mpi_ec_sub (tltb2[i][j], | ||
870 | tltb2[i][ad->k - 1], | ||
871 | tltb2[i][j], | ||
872 | ec_ctx); | ||
873 | } | ||
874 | brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); | ||
875 | brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); | ||
876 | } | ||
877 | for (uint16_t j = 0; j < ad->k; j++) | ||
878 | { | ||
879 | smc_sum (tlta1[j], &tlta2[0][j], ad->n, ad->k); | ||
880 | smc_sum (tltb1[j], &tltb2[0][j], ad->n, ad->k); | ||
881 | } | ||
882 | smc_free2 (tlta2, ad->n, ad->k); | ||
883 | smc_free2 (tltb2, ad->n, ad->k); | ||
884 | brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1])); | ||
885 | brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1])); | ||
886 | |||
887 | /* temporarily store the \sum_{i=1}^n2^{i-1}b_i in tmp1, since it is needed | ||
888 | * each time a gamma,delta pair is received from another bidder */ | ||
889 | for (uint16_t i = 0; i < ad->n; i++) | ||
890 | { | ||
891 | for (uint16_t j = 0; j < ad->k; j++) | ||
892 | { | ||
893 | gcry_mpi_ec_mul (tmp, coeff, ad->alpha[i][j], ec_ctx); | ||
894 | gcry_mpi_ec_add (ad->tmpa1[j], ad->tmpa1[j], tmp, ec_ctx); | ||
895 | gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx); | ||
896 | gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx); | ||
897 | } | ||
898 | gcry_mpi_mul_ui (coeff, coeff, 2); | ||
899 | } | ||
900 | |||
901 | for (uint16_t j = 0; j < ad->k; j++) | ||
902 | { | ||
903 | gamma = (struct ec_mpi *)cur; | ||
904 | delta = &((struct ec_mpi *)cur)[1]; | ||
905 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
906 | |||
907 | /* copy unmasked outcome to all other bidder layers so they don't | ||
908 | * have to be recomputed to check the ZK proof_2dle's from other | ||
909 | * bidders when receiving their outcome messages */ | ||
910 | for (uint16_t a = 0; a < ad->n; a++) | ||
911 | { | ||
912 | ec_point_copy (ad->gamma2[a][j], tlta1[j]); | ||
913 | ec_point_copy (ad->delta2[a][j], tltb1[j]); | ||
914 | } | ||
915 | |||
916 | /* apply random masking for losing bidders */ | ||
917 | smc_zkp_2dle (ad->gamma2[ad->i][j], | ||
918 | ad->delta2[ad->i][j], | ||
919 | tlta1[j], | ||
920 | tltb1[j], | ||
921 | NULL, | ||
922 | proof2); | ||
923 | |||
924 | ec_point_serialize (gamma, ad->gamma2[ad->i][j]); | ||
925 | ec_point_serialize (delta, ad->delta2[ad->i][j]); | ||
926 | |||
927 | /* add winner determination for own gamma,delta */ | ||
928 | gcry_mpi_ec_add (ad->gamma2[ad->i][j], | ||
929 | ad->gamma2[ad->i][j], | ||
930 | ad->tmpa1[j], | ||
931 | ec_ctx); | ||
932 | gcry_mpi_ec_add (ad->delta2[ad->i][j], | ||
933 | ad->delta2[ad->i][j], | ||
934 | ad->tmpb1[j], | ||
935 | ec_ctx); | ||
936 | |||
937 | cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); | ||
938 | } | ||
939 | |||
940 | gcry_mpi_release (coeff); | ||
941 | gcry_mpi_point_release (tmp); | ||
942 | smc_free1 (tlta1, ad->k); | ||
943 | smc_free1 (tltb1, ad->k); | ||
944 | return ret; | ||
945 | } | ||
946 | |||
947 | |||
948 | int | ||
949 | fp_pub_recv_outcome (struct BRANDT_Auction *ad, | ||
950 | const unsigned char *buf, | ||
951 | size_t buflen, | ||
952 | uint16_t sender) | ||
953 | { | ||
954 | int ret = 0; | ||
955 | const unsigned char *cur = buf; | ||
956 | struct proof_2dle *proof2; | ||
957 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); | ||
958 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); | ||
959 | |||
960 | brandt_assert (ad && buf); | ||
961 | |||
962 | if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) | ||
963 | { | ||
964 | weprintf ("wrong size of received outcome"); | ||
965 | goto quit; | ||
966 | } | ||
967 | |||
968 | for (uint16_t j = 0; j < ad->k; j++) | ||
969 | { | ||
970 | ec_point_parse (gamma, (struct ec_mpi *)cur); | ||
971 | ec_point_parse (delta, &((struct ec_mpi *)cur)[1]); | ||
972 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
973 | if (smc_zkp_2dle_check (gamma, | ||
974 | delta, | ||
975 | ad->gamma2[sender][j], | ||
976 | ad->delta2[sender][j], | ||
977 | proof2)) | ||
978 | { | ||
979 | weprintf ("wrong zkp2 for gamma, delta received"); | ||
980 | goto quit; | ||
981 | } | ||
982 | ec_point_copy (ad->gamma2[sender][j], gamma); | ||
983 | ec_point_copy (ad->delta2[sender][j], delta); | ||
984 | |||
985 | /* add winner determination summand */ | ||
986 | gcry_mpi_ec_add (ad->gamma2[sender][j], | ||
987 | ad->gamma2[sender][j], | ||
988 | ad->tmpa1[j], | ||
989 | ec_ctx); | ||
990 | gcry_mpi_ec_add (ad->delta2[sender][j], | ||
991 | ad->delta2[sender][j], | ||
992 | ad->tmpb1[j], | ||
993 | ec_ctx); | ||
994 | |||
995 | cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); | ||
996 | } | ||
997 | |||
998 | ret = 1; | ||
999 | quit: | ||
1000 | gcry_mpi_point_release (gamma); | ||
1001 | gcry_mpi_point_release (delta); | ||
1002 | return ret; | ||
1003 | } | ||
1004 | |||
1005 | |||
1006 | /** | ||
1007 | * fp_pub_decrypt_outcome \todo | ||
1008 | * | ||
1009 | * @param ad TODO | ||
1010 | * @param buflen TODO | ||
1011 | */ | ||
1012 | unsigned char * | ||
1013 | fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
1014 | { | ||
1015 | unsigned char *ret; | ||
1016 | unsigned char *cur; | ||
1017 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
1018 | struct ec_mpi *phi; | ||
1019 | struct proof_2dle *proof2; | ||
1020 | |||
1021 | brandt_assert (ad && buflen); | ||
1022 | |||
1023 | *buflen = (ad->k * (sizeof (*phi) + sizeof (*proof2))); | ||
1024 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | ||
1025 | NULL == (ad->phi2 = smc_init2 (ad->n, ad->k))) | ||
1026 | { | ||
1027 | weprintf ("unable to alloc memory for first price outcome decryption"); | ||
1028 | return NULL; | ||
1029 | } | ||
1030 | |||
1031 | for (uint16_t j = 0; j < ad->k; j++) | ||
1032 | { | ||
1033 | phi = (struct ec_mpi *)cur; | ||
1034 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | ||
1035 | |||
1036 | smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->n * ad->k); | ||
1037 | |||
1038 | /* copy still encrypted outcome to all other bidder layers so they | ||
1039 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
1040 | * other bidders when receiving their outcome decryption messages */ | ||
1041 | for (uint16_t a = 0; a < ad->n; a++) | ||
1042 | ec_point_copy (ad->phi2[a][j], tmp); | ||
1043 | |||
1044 | /* decrypt outcome component and prove the correct key was used */ | ||
1045 | smc_zkp_2dle (ad->phi2[ad->i][j], | ||
1046 | NULL, | ||
1047 | tmp, | ||
1048 | ec_gen, | ||
1049 | ad->x, | ||
1050 | proof2); | ||
1051 | |||
1052 | ec_point_serialize (phi, ad->phi2[ad->i][j]); | ||
1053 | |||
1054 | cur += sizeof (*phi) + sizeof (*proof2); | ||
1055 | } | ||
1056 | |||
1057 | gcry_mpi_point_release (tmp); | ||
1058 | return ret; | ||
1059 | } | ||
1060 | |||
1061 | |||
1062 | int | ||
1063 | fp_pub_recv_decryption (struct BRANDT_Auction *ad, | ||
1064 | const unsigned char *buf, | ||
1065 | size_t buflen, | ||
1066 | uint16_t sender) | ||
1067 | { | ||
1068 | int ret = 0; | ||
1069 | const unsigned char *cur = buf; | ||
1070 | struct proof_2dle *proof2; | ||
1071 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | ||
1072 | |||
1073 | brandt_assert (ad && buf); | ||
1074 | |||
1075 | if (buflen != (ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) | ||
1076 | { | ||
1077 | weprintf ("wrong size of received outcome decryption"); | ||
1078 | goto quit; | ||
1079 | } | ||
1080 | |||
1081 | for (uint16_t j = 0; j < ad->k; j++) | ||
1082 | { | ||
1083 | ec_point_parse (phi, (struct ec_mpi *)cur); | ||
1084 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); | ||
1085 | if (smc_zkp_2dle_check (phi, | ||
1086 | ad->y[sender], | ||
1087 | ad->phi2[sender][j], | ||
1088 | ec_gen, | ||
1089 | proof2)) | ||
1090 | { | ||
1091 | weprintf ("wrong zkp2 for phi, y received"); | ||
1092 | goto quit; | ||
1093 | } | ||
1094 | ec_point_copy (ad->phi2[sender][j], phi); | ||
1095 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); | ||
1096 | } | ||
1097 | |||
1098 | ret = 1; | ||
1099 | quit: | ||
1100 | gcry_mpi_point_release (phi); | ||
1101 | return ret; | ||
1102 | } | ||
1103 | |||
1104 | |||
1105 | int32_t | ||
1106 | fp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *winner) | ||
1107 | { | ||
1108 | int32_t ret = -1; | ||
1109 | int dlogi = -1; | ||
1110 | gcry_mpi_t dlog = gcry_mpi_new (256); | ||
1111 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); | ||
1112 | gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); | ||
1113 | |||
1114 | brandt_assert (ad); | ||
1115 | |||
1116 | for (uint16_t j = ad->k - 1; j >= 0; j--) | ||
1117 | { | ||
1118 | smc_sum (sum_gamma, &ad->gamma2[0][j], ad->n, ad->k); | ||
1119 | smc_sum (sum_phi, &ad->phi2[0][j], ad->n, ad->k); | ||
1120 | gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); | ||
1121 | /* first non-zero component determines the price */ | ||
1122 | if (ec_point_cmp (sum_gamma, ec_zero)) | ||
1123 | { | ||
1124 | ret = j; | ||
1125 | break; | ||
1126 | } | ||
1127 | } | ||
1128 | |||
1129 | dlogi = GNUNET_CRYPTO_ecc_dlog (ec_dlogctx, sum_gamma); | ||
1130 | brandt_assert (dlogi > 0); | ||
1131 | gcry_mpi_set_ui (dlog, (unsigned long)dlogi); | ||
1132 | |||
1133 | for (uint16_t i = 0; i < ad->n; i++) | ||
1134 | { | ||
1135 | if (gcry_mpi_test_bit (dlog, i)) | ||
1136 | { | ||
1137 | if (winner) | ||
1138 | winner = i; | ||
1139 | break; | ||
1140 | } | ||
1141 | } | ||
1142 | |||
1143 | gcry_mpi_release (dlog); | ||
1144 | gcry_mpi_point_release (sum_gamma); | ||
1145 | gcry_mpi_point_release (sum_phi); | ||
1146 | return ret; | ||
1147 | } | ||
1148 | |||
1149 | |||
1150 | /** | ||
1151 | * fp_priv_compute_outcome \todo | ||
798 | * | 1152 | * |
799 | * @param ad TODO | 1153 | * @param ad TODO |
800 | * @param buflen TODO | 1154 | * @param buflen TODO |
801 | */ | 1155 | */ |
802 | unsigned char * | 1156 | unsigned char * |
803 | smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | 1157 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
804 | { | 1158 | { |
805 | unsigned char *ret; | 1159 | unsigned char *ret; |
806 | unsigned char *cur; | 1160 | unsigned char *cur; |
@@ -821,8 +1175,8 @@ smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | |||
821 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | 1175 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ |
822 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | 1176 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); |
823 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | 1177 | if (NULL == (cur = (ret = calloc (1, *buflen))) || |
824 | NULL == (ad->gamma = smc_init3 (ad->n, ad->n, ad->k)) || | 1178 | NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) || |
825 | NULL == (ad->delta = smc_init3 (ad->n, ad->n, ad->k))) | 1179 | NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k))) |
826 | { | 1180 | { |
827 | weprintf ("unable to alloc memory for first price outcome computation"); | 1181 | weprintf ("unable to alloc memory for first price outcome computation"); |
828 | return NULL; | 1182 | return NULL; |
@@ -912,21 +1266,20 @@ smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | |||
912 | * bidders when receiving their outcome messages */ | 1266 | * bidders when receiving their outcome messages */ |
913 | for (uint16_t a = 0; a < ad->n; a++) | 1267 | for (uint16_t a = 0; a < ad->n; a++) |
914 | { | 1268 | { |
915 | /**\todo: how to copy a point more efficiently? */ | 1269 | ec_point_copy (ad->gamma3[a][i][j], tmpa); |
916 | gcry_mpi_ec_add (ad->gamma[a][i][j], ec_zero, tmpa, ec_ctx); | 1270 | ec_point_copy (ad->delta3[a][i][j], tmpb); |
917 | gcry_mpi_ec_add (ad->delta[a][i][j], ec_zero, tmpb, ec_ctx); | ||
918 | } | 1271 | } |
919 | 1272 | ||
920 | /* apply random masking for losing bidders */ | 1273 | /* apply random masking for losing bidders */ |
921 | smc_zkp_2dle (ad->gamma[ad->i][i][j], | 1274 | smc_zkp_2dle (ad->gamma3[ad->i][i][j], |
922 | ad->delta[ad->i][i][j], | 1275 | ad->delta3[ad->i][i][j], |
923 | tmpa, | 1276 | tmpa, |
924 | tmpb, | 1277 | tmpb, |
925 | NULL, | 1278 | NULL, |
926 | proof2); | 1279 | proof2); |
927 | 1280 | ||
928 | ec_point_serialize (gamma, ad->gamma[ad->i][i][j]); | 1281 | ec_point_serialize (gamma, ad->gamma3[ad->i][i][j]); |
929 | ec_point_serialize (delta, ad->delta[ad->i][i][j]); | 1282 | ec_point_serialize (delta, ad->delta3[ad->i][i][j]); |
930 | 1283 | ||
931 | cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); | 1284 | cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); |
932 | } | 1285 | } |
@@ -945,13 +1298,13 @@ smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | |||
945 | 1298 | ||
946 | 1299 | ||
947 | int | 1300 | int |
948 | smc_recv_outcome (struct AuctionData *ad, | 1301 | fp_priv_recv_outcome (struct BRANDT_Auction *ad, |
949 | unsigned char *buf, | 1302 | const unsigned char *buf, |
950 | size_t buflen, | 1303 | size_t buflen, |
951 | uint16_t sender) | 1304 | uint16_t sender) |
952 | { | 1305 | { |
953 | int ret = 0; | 1306 | int ret = 0; |
954 | unsigned char *cur = buf; | 1307 | const unsigned char *cur = buf; |
955 | struct proof_2dle *proof2; | 1308 | struct proof_2dle *proof2; |
956 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); | 1309 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); |
957 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); | 1310 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); |
@@ -974,15 +1327,15 @@ smc_recv_outcome (struct AuctionData *ad, | |||
974 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | 1327 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); |
975 | if (smc_zkp_2dle_check (gamma, | 1328 | if (smc_zkp_2dle_check (gamma, |
976 | delta, | 1329 | delta, |
977 | ad->gamma[sender][i][j], | 1330 | ad->gamma3[sender][i][j], |
978 | ad->delta[sender][i][j], | 1331 | ad->delta3[sender][i][j], |
979 | proof2)) | 1332 | proof2)) |
980 | { | 1333 | { |
981 | weprintf ("wrong zkp2 for gamma, delta received"); | 1334 | weprintf ("wrong zkp2 for gamma, delta received"); |
982 | goto quit; | 1335 | goto quit; |
983 | } | 1336 | } |
984 | gcry_mpi_ec_add (ad->gamma[sender][i][j], gamma, ec_zero, ec_ctx); | 1337 | ec_point_copy (ad->gamma3[sender][i][j], gamma); |
985 | gcry_mpi_ec_add (ad->delta[sender][i][j], delta, ec_zero, ec_ctx); | 1338 | ec_point_copy (ad->delta3[sender][i][j], delta); |
986 | cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); | 1339 | cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); |
987 | } | 1340 | } |
988 | } | 1341 | } |
@@ -996,13 +1349,13 @@ quit: | |||
996 | 1349 | ||
997 | 1350 | ||
998 | /** | 1351 | /** |
999 | * smc_decrypt_outcome \todo | 1352 | * fp_priv_decrypt_outcome \todo |
1000 | * | 1353 | * |
1001 | * @param ad TODO | 1354 | * @param ad TODO |
1002 | * @param buflen TODO | 1355 | * @param buflen TODO |
1003 | */ | 1356 | */ |
1004 | unsigned char * | 1357 | unsigned char * |
1005 | smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | 1358 | fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
1006 | { | 1359 | { |
1007 | unsigned char *ret; | 1360 | unsigned char *ret; |
1008 | unsigned char *cur; | 1361 | unsigned char *cur; |
@@ -1014,7 +1367,7 @@ smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | |||
1014 | 1367 | ||
1015 | *buflen = (ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1368 | *buflen = (ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); |
1016 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | 1369 | if (NULL == (cur = (ret = calloc (1, *buflen))) || |
1017 | NULL == (ad->phi = smc_init3 (ad->n, ad->n, ad->k))) | 1370 | NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k))) |
1018 | { | 1371 | { |
1019 | weprintf ("unable to alloc memory for first price outcome decryption"); | 1372 | weprintf ("unable to alloc memory for first price outcome decryption"); |
1020 | return NULL; | 1373 | return NULL; |
@@ -1027,24 +1380,23 @@ smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | |||
1027 | phi = (struct ec_mpi *)cur; | 1380 | phi = (struct ec_mpi *)cur; |
1028 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | 1381 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); |
1029 | 1382 | ||
1030 | smc_sum (tmp, &ad->delta[0][i][j], ad->n, ad->n * ad->k); | 1383 | smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); |
1031 | 1384 | ||
1032 | /* copy still encrypted outcome to all other bidder layers so they | 1385 | /* copy still encrypted outcome to all other bidder layers so they |
1033 | * don't have to be recomputed to check the ZK proof_2dle's from | 1386 | * don't have to be recomputed to check the ZK proof_2dle's from |
1034 | * other bidders when receiving their outcome decryption messages */ | 1387 | * other bidders when receiving their outcome decryption messages */ |
1035 | for (uint16_t a = 0; a < ad->n; a++) | 1388 | for (uint16_t a = 0; a < ad->n; a++) |
1036 | /**\todo: how to copy a point more efficiently? */ | 1389 | ec_point_copy (ad->phi3[a][i][j], tmp); |
1037 | gcry_mpi_ec_add (ad->phi[a][i][j], ec_zero, tmp, ec_ctx); | ||
1038 | 1390 | ||
1039 | /* decrypt outcome component and prove the correct key was used */ | 1391 | /* decrypt outcome component and prove the correct key was used */ |
1040 | smc_zkp_2dle (ad->phi[ad->i][i][j], | 1392 | smc_zkp_2dle (ad->phi3[ad->i][i][j], |
1041 | NULL, | 1393 | NULL, |
1042 | tmp, | 1394 | tmp, |
1043 | ec_gen, | 1395 | ec_gen, |
1044 | ad->x, | 1396 | ad->x, |
1045 | proof2); | 1397 | proof2); |
1046 | 1398 | ||
1047 | ec_point_serialize (phi, ad->phi[ad->i][i][j]); | 1399 | ec_point_serialize (phi, ad->phi3[ad->i][i][j]); |
1048 | 1400 | ||
1049 | cur += sizeof (*phi) + sizeof (*proof2); | 1401 | cur += sizeof (*phi) + sizeof (*proof2); |
1050 | } | 1402 | } |
@@ -1056,13 +1408,13 @@ smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | |||
1056 | 1408 | ||
1057 | 1409 | ||
1058 | int | 1410 | int |
1059 | smc_recv_decryption (struct AuctionData *ad, | 1411 | fp_priv_recv_decryption (struct BRANDT_Auction *ad, |
1060 | unsigned char *buf, | 1412 | const unsigned char *buf, |
1061 | size_t buflen, | 1413 | size_t buflen, |
1062 | uint16_t sender) | 1414 | uint16_t sender) |
1063 | { | 1415 | { |
1064 | int ret = 0; | 1416 | int ret = 0; |
1065 | unsigned char *cur = buf; | 1417 | const unsigned char *cur = buf; |
1066 | struct proof_2dle *proof2; | 1418 | struct proof_2dle *proof2; |
1067 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | 1419 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); |
1068 | 1420 | ||
@@ -1082,14 +1434,14 @@ smc_recv_decryption (struct AuctionData *ad, | |||
1082 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); | 1434 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); |
1083 | if (smc_zkp_2dle_check (phi, | 1435 | if (smc_zkp_2dle_check (phi, |
1084 | ad->y[sender], | 1436 | ad->y[sender], |
1085 | ad->phi[sender][i][j], | 1437 | ad->phi3[sender][i][j], |
1086 | ec_gen, | 1438 | ec_gen, |
1087 | proof2)) | 1439 | proof2)) |
1088 | { | 1440 | { |
1089 | weprintf ("wrong zkp2 for phi, y received"); | 1441 | weprintf ("wrong zkp2 for phi, y received"); |
1090 | goto quit; | 1442 | goto quit; |
1091 | } | 1443 | } |
1092 | gcry_mpi_ec_add (ad->phi[sender][i][j], phi, ec_zero, ec_ctx); | 1444 | ec_point_copy (ad->phi3[sender][i][j], phi); |
1093 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); | 1445 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); |
1094 | } | 1446 | } |
1095 | } | 1447 | } |
@@ -1102,7 +1454,7 @@ quit: | |||
1102 | 1454 | ||
1103 | 1455 | ||
1104 | int32_t | 1456 | int32_t |
1105 | smc_determine_outcome (struct AuctionData *ad) | 1457 | fp_priv_determine_outcome (struct BRANDT_Auction *ad) |
1106 | { | 1458 | { |
1107 | int32_t ret = -1; | 1459 | int32_t ret = -1; |
1108 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); | 1460 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); |
@@ -1112,8 +1464,8 @@ smc_determine_outcome (struct AuctionData *ad) | |||
1112 | 1464 | ||
1113 | for (uint16_t j = 0; j < ad->k; j++) | 1465 | for (uint16_t j = 0; j < ad->k; j++) |
1114 | { | 1466 | { |
1115 | smc_sum (sum_gamma, &ad->gamma[0][ad->i][j], ad->n, ad->n * ad->k); | 1467 | smc_sum (sum_gamma, &ad->gamma3[0][ad->i][j], ad->n, ad->n * ad->k); |
1116 | smc_sum (sum_phi, &ad->phi[0][ad->i][j], ad->n, ad->n * ad->k); | 1468 | smc_sum (sum_phi, &ad->phi3[0][ad->i][j], ad->n, ad->n * ad->k); |
1117 | gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); | 1469 | gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); |
1118 | if (!ec_point_cmp (sum_gamma, ec_zero)) | 1470 | if (!ec_point_cmp (sum_gamma, ec_zero)) |
1119 | { | 1471 | { |
@@ -1149,9 +1501,9 @@ smc_zkp_dl (gcry_mpi_point_t v, | |||
1149 | struct zkp_challenge_dl challenge; | 1501 | struct zkp_challenge_dl challenge; |
1150 | struct brandt_hash_code challhash; | 1502 | struct brandt_hash_code challhash; |
1151 | gcry_mpi_point_t a = gcry_mpi_point_new (0); | 1503 | gcry_mpi_point_t a = gcry_mpi_point_new (0); |
1152 | gcry_mpi_t r = gcry_mpi_new (0); | 1504 | gcry_mpi_t r = gcry_mpi_new (256); |
1153 | gcry_mpi_t c = gcry_mpi_new (0); | 1505 | gcry_mpi_t c = gcry_mpi_new (256); |
1154 | gcry_mpi_t z = gcry_mpi_new (0); | 1506 | gcry_mpi_t z = gcry_mpi_new (256); |
1155 | 1507 | ||
1156 | /* v = xg */ | 1508 | /* v = xg */ |
1157 | gcry_mpi_ec_mul (v, x, ec_gen, ec_ctx); | 1509 | gcry_mpi_ec_mul (v, x, ec_gen, ec_ctx); |
@@ -1197,8 +1549,8 @@ smc_zkp_dl_check (const gcry_mpi_point_t v, | |||
1197 | struct zkp_challenge_dl challenge; | 1549 | struct zkp_challenge_dl challenge; |
1198 | struct brandt_hash_code challhash; | 1550 | struct brandt_hash_code challhash; |
1199 | gcry_mpi_point_t a = gcry_mpi_point_new (0); | 1551 | gcry_mpi_point_t a = gcry_mpi_point_new (0); |
1200 | gcry_mpi_t r = gcry_mpi_new (0); | 1552 | gcry_mpi_t r = gcry_mpi_new (256); |
1201 | gcry_mpi_t c = gcry_mpi_new (0); | 1553 | gcry_mpi_t c = gcry_mpi_new (256); |
1202 | gcry_mpi_point_t left = gcry_mpi_point_new (0); | 1554 | gcry_mpi_point_t left = gcry_mpi_point_new (0); |
1203 | gcry_mpi_point_t right = gcry_mpi_point_new (0); | 1555 | gcry_mpi_point_t right = gcry_mpi_point_new (0); |
1204 | 1556 | ||
@@ -1260,13 +1612,13 @@ smc_zkp_2dle (gcry_mpi_point_t v, | |||
1260 | gcry_mpi_t rx; | 1612 | gcry_mpi_t rx; |
1261 | gcry_mpi_point_t a = gcry_mpi_point_new (0); | 1613 | gcry_mpi_point_t a = gcry_mpi_point_new (0); |
1262 | gcry_mpi_point_t b = gcry_mpi_point_new (0); | 1614 | gcry_mpi_point_t b = gcry_mpi_point_new (0); |
1263 | gcry_mpi_t r = gcry_mpi_new (0); | 1615 | gcry_mpi_t r = gcry_mpi_new (256); |
1264 | gcry_mpi_t c = gcry_mpi_new (0); | 1616 | gcry_mpi_t c = gcry_mpi_new (256); |
1265 | gcry_mpi_t z = gcry_mpi_new (0); | 1617 | gcry_mpi_t z = gcry_mpi_new (256); |
1266 | 1618 | ||
1267 | rv = (NULL == v) ? gcry_mpi_point_new (0) : v; | 1619 | rv = (NULL == v) ? gcry_mpi_point_new (0) : v; |
1268 | rw = (NULL == w) ? gcry_mpi_point_new (0) : w; | 1620 | rw = (NULL == w) ? gcry_mpi_point_new (0) : w; |
1269 | rx = (NULL == x) ? gcry_mpi_new (0) : x; | 1621 | rx = (NULL == x) ? gcry_mpi_new (256) : x; |
1270 | 1622 | ||
1271 | if (NULL == x) | 1623 | if (NULL == x) |
1272 | ec_skey_create (rx); | 1624 | ec_skey_create (rx); |
@@ -1339,8 +1691,8 @@ smc_zkp_2dle_check (const gcry_mpi_point_t v, | |||
1339 | struct brandt_hash_code challhash; | 1691 | struct brandt_hash_code challhash; |
1340 | gcry_mpi_point_t a = gcry_mpi_point_new (0); | 1692 | gcry_mpi_point_t a = gcry_mpi_point_new (0); |
1341 | gcry_mpi_point_t b = gcry_mpi_point_new (0); | 1693 | gcry_mpi_point_t b = gcry_mpi_point_new (0); |
1342 | gcry_mpi_t r = gcry_mpi_new (0); | 1694 | gcry_mpi_t r = gcry_mpi_new (256); |
1343 | gcry_mpi_t c = gcry_mpi_new (0); | 1695 | gcry_mpi_t c = gcry_mpi_new (256); |
1344 | gcry_mpi_point_t left = gcry_mpi_point_new (0); | 1696 | gcry_mpi_point_t left = gcry_mpi_point_new (0); |
1345 | gcry_mpi_point_t right = gcry_mpi_point_new (0); | 1697 | gcry_mpi_point_t right = gcry_mpi_point_new (0); |
1346 | 1698 | ||
@@ -1415,15 +1767,15 @@ smc_zkp_0og (int m_is_gen, | |||
1415 | gcry_mpi_point_t a2 = gcry_mpi_point_new (0); | 1767 | gcry_mpi_point_t a2 = gcry_mpi_point_new (0); |
1416 | gcry_mpi_point_t b1 = gcry_mpi_point_new (0); | 1768 | gcry_mpi_point_t b1 = gcry_mpi_point_new (0); |
1417 | gcry_mpi_point_t b2 = gcry_mpi_point_new (0); | 1769 | gcry_mpi_point_t b2 = gcry_mpi_point_new (0); |
1418 | gcry_mpi_t d1 = gcry_mpi_new (0); | 1770 | gcry_mpi_t d1 = gcry_mpi_new (256); |
1419 | gcry_mpi_t d2 = gcry_mpi_new (0); | 1771 | gcry_mpi_t d2 = gcry_mpi_new (256); |
1420 | gcry_mpi_t r1 = gcry_mpi_new (0); | 1772 | gcry_mpi_t r1 = gcry_mpi_new (256); |
1421 | gcry_mpi_t r2 = gcry_mpi_new (0); | 1773 | gcry_mpi_t r2 = gcry_mpi_new (256); |
1422 | gcry_mpi_t c = gcry_mpi_new (0); | 1774 | gcry_mpi_t c = gcry_mpi_new (256); |
1423 | gcry_mpi_t rr; | 1775 | gcry_mpi_t rr; |
1424 | gcry_mpi_t w = gcry_mpi_new (0); | 1776 | gcry_mpi_t w = gcry_mpi_new (256); |
1425 | 1777 | ||
1426 | rr = (NULL == r) ? gcry_mpi_new (0) : r; | 1778 | rr = (NULL == r) ? gcry_mpi_new (256) : r; |
1427 | 1779 | ||
1428 | /* beta = r*g */ | 1780 | /* beta = r*g */ |
1429 | ec_keypair_create (beta, rr); | 1781 | ec_keypair_create (beta, rr); |
@@ -1559,12 +1911,12 @@ smc_zkp_0og_check (const gcry_mpi_point_t y, | |||
1559 | gcry_mpi_point_t a2 = gcry_mpi_point_new (0); | 1911 | gcry_mpi_point_t a2 = gcry_mpi_point_new (0); |
1560 | gcry_mpi_point_t b1 = gcry_mpi_point_new (0); | 1912 | gcry_mpi_point_t b1 = gcry_mpi_point_new (0); |
1561 | gcry_mpi_point_t b2 = gcry_mpi_point_new (0); | 1913 | gcry_mpi_point_t b2 = gcry_mpi_point_new (0); |
1562 | gcry_mpi_t d1 = gcry_mpi_new (0); | 1914 | gcry_mpi_t d1 = gcry_mpi_new (256); |
1563 | gcry_mpi_t d2 = gcry_mpi_new (0); | 1915 | gcry_mpi_t d2 = gcry_mpi_new (256); |
1564 | gcry_mpi_t r1 = gcry_mpi_new (0); | 1916 | gcry_mpi_t r1 = gcry_mpi_new (256); |
1565 | gcry_mpi_t r2 = gcry_mpi_new (0); | 1917 | gcry_mpi_t r2 = gcry_mpi_new (256); |
1566 | gcry_mpi_t c = gcry_mpi_new (0); | 1918 | gcry_mpi_t c = gcry_mpi_new (256); |
1567 | gcry_mpi_t sum = gcry_mpi_new (0); | 1919 | gcry_mpi_t sum = gcry_mpi_new (256); |
1568 | gcry_mpi_point_t right = gcry_mpi_point_new (0); | 1920 | gcry_mpi_point_t right = gcry_mpi_point_new (0); |
1569 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 1921 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
1570 | 1922 | ||
@@ -1635,52 +1987,3 @@ smc_zkp_0og_check (const gcry_mpi_point_t y, | |||
1635 | weprintf ("ret: 0x%x", ret); | 1987 | weprintf ("ret: 0x%x", ret); |
1636 | return ret; | 1988 | return ret; |
1637 | } | 1989 | } |
1638 | |||
1639 | |||
1640 | /* --- unused stuff, might become useful later --- */ | ||
1641 | |||
1642 | ///** | ||
1643 | // * Clear memory that was used to store a private key. | ||
1644 | // * | ||
1645 | // * @param skey the key | ||
1646 | // */ | ||
1647 | //void | ||
1648 | //brandt_ec_key_clear (gcry_mpi_t skey) | ||
1649 | //{ | ||
1650 | // gcry_mpi_randomize (skey, 256, GCRY_WEAK_RANDOM); | ||
1651 | // gcry_mpi_release (skey); | ||
1652 | //} | ||
1653 | |||
1654 | |||
1655 | ///** | ||
1656 | // * Generate a random value mod n. | ||
1657 | // * | ||
1658 | // * @param edc ECC context | ||
1659 | // * @return random value mod n. | ||
1660 | // */ | ||
1661 | //gcry_mpi_t | ||
1662 | //GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc) | ||
1663 | //{ | ||
1664 | // gcry_mpi_t n; | ||
1665 | // unsigned int highbit; | ||
1666 | // gcry_mpi_t r; | ||
1667 | // | ||
1668 | // n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); | ||
1669 | // | ||
1670 | // /* check public key for number of bits, bail out if key is all zeros */ | ||
1671 | // highbit = 256; /* Curve25519 */ | ||
1672 | // while ( (! gcry_mpi_test_bit (n, highbit)) && | ||
1673 | // (0 != highbit) ) | ||
1674 | // highbit--; | ||
1675 | // GNUNET_assert (0 != highbit); | ||
1676 | // /* generate fact < n (without bias) */ | ||
1677 | // GNUNET_assert (NULL != (r = gcry_mpi_new (0))); | ||
1678 | // do { | ||
1679 | // gcry_mpi_randomize (r, | ||
1680 | // highbit + 1, | ||
1681 | // GCRY_STRONG_RANDOM); | ||
1682 | // } | ||
1683 | // while (gcry_mpi_cmp (r, n) >= 0); | ||
1684 | // gcry_mpi_release (n); | ||
1685 | // return r; | ||
1686 | //} | ||