GNUnet  0.10.x
secretsharing_api.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2012, 2016 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19 */
20 
26 #include "platform.h"
27 #include "gnunet_util_lib.h"
29 #include "secretsharing.h"
30 #include <gcrypt.h>
31 
32 
33 #define LOG(kind,...) GNUNET_log_from (kind, "secretsharing-api",__VA_ARGS__)
34 
40 {
41 
46 
51 
56 };
57 
58 
63 {
64 
69 
74 
78  void *decrypt_cls;
79 };
80 
81 
86 static gcry_mpi_t elgamal_q;
87 
92 static gcry_mpi_t elgamal_p;
93 
98 static gcry_mpi_t elgamal_g;
99 
100 
104 static void
106 {
107  if (NULL != elgamal_q)
108  return; /* looks like crypto is already initialized */
109 
110  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX,
112  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX,
114  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX,
116 }
117 
118 
126 static void
128  enum GNUNET_MQ_Error error)
129 {
130  struct GNUNET_SECRETSHARING_Session *s = cls;
131 
132  s->secret_ready_cb (s->secret_ready_cls, NULL, NULL, 0, NULL);
134 }
135 
136 
144 static void
146  enum GNUNET_MQ_Error error)
147 {
148  struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls;
149 
150  dh->decrypt_cb (dh->decrypt_cls, NULL);
152 }
153 
154 
163 static int
166 {
167  /* FIXME: actually check m is well-formed here! */
168  return GNUNET_OK;
169 }
170 
171 
180 static void
183 {
184  struct GNUNET_SECRETSHARING_Session *s = cls;
185  struct GNUNET_SECRETSHARING_Share *share;
186  size_t share_size;
187 
189  "Got secret ready message of size %u\n",
190  ntohs (m->header.size));
191  share_size = ntohs (m->header.size) - sizeof (struct GNUNET_SECRETSHARING_SecretReadyMessage);
192 
193  share = GNUNET_SECRETSHARING_share_read (&m[1],
194  share_size,
195  NULL);
196  GNUNET_assert (NULL != share); // FIXME: this can fail!
197  // should have been checked in #check_secret_ready!
198  // FIXME: below we never check &m[1] is valid!
199  // FIXME: do we leak 'share' here?
201  share, /* FIXME */
202  &share->public_key,
203  share->num_peers,
204  (const struct GNUNET_PeerIdentity *) &m[1]);
205 
207 }
208 
209 
216 void
218 {
219  GNUNET_MQ_destroy (s->mq);
220  s->mq = NULL;
221  GNUNET_free (s);
222 }
223 
224 
243  unsigned int num_peers,
244  const struct GNUNET_PeerIdentity *peers,
245  const struct GNUNET_HashCode *session_id,
248  unsigned int threshold,
250  void *cls)
251 {
254  struct GNUNET_MQ_MessageHandler mq_handlers[] = {
255  GNUNET_MQ_hd_var_size (secret_ready,
258  s),
260  };
261  struct GNUNET_MQ_Envelope *ev;
263 
264  s->mq = GNUNET_CLIENT_connect (cfg,
265  "secretsharing",
266  mq_handlers,
268  s);
269  if (NULL == s->mq)
270  {
271  /* secretsharing not configured correctly */
272  GNUNET_break (0);
273  GNUNET_free (s);
274  return NULL;
275  }
276  s->secret_ready_cb = cb;
277  s->secret_ready_cls = cls;
278  ev = GNUNET_MQ_msg_extra (msg,
279  num_peers * sizeof (struct GNUNET_PeerIdentity),
281 
282  msg->threshold = htons (threshold);
283  msg->num_peers = htons (num_peers);
284  msg->session_id = *session_id;
285  msg->start = GNUNET_TIME_absolute_hton (start);
286  msg->deadline = GNUNET_TIME_absolute_hton (deadline);
287  GNUNET_memcpy (&msg[1], peers, num_peers * sizeof (struct GNUNET_PeerIdentity));
288 
289  GNUNET_MQ_send (s->mq, ev);
290 
292  "Secretsharing session created with %u peers\n",
293  num_peers);
294  return s;
295 }
296 
297 
298 static void
301 {
302  struct GNUNET_SECRETSHARING_DecryptionHandle *dh = cls;
303  const struct GNUNET_SECRETSHARING_Plaintext *plaintext;
304 
305  if (m->success == 0)
306  plaintext = NULL;
307  else
308  plaintext = (void *) &m->plaintext;
309  dh->decrypt_cb (dh->decrypt_cls, plaintext);
311 }
312 
313 
329  struct GNUNET_SECRETSHARING_Share *share,
334  void *decrypt_cb_cls)
335 {
338  struct GNUNET_MQ_MessageHandler mq_handlers[] = {
339  GNUNET_MQ_hd_fixed_size (decrypt_done,
342  s),
344  };
345  struct GNUNET_MQ_Envelope *ev;
347  size_t share_size;
348 
349  s->decrypt_cb = decrypt_cb;
350  s->decrypt_cls = decrypt_cb_cls;
351  s->mq = GNUNET_CLIENT_connect (cfg,
352  "secretsharing",
353  mq_handlers,
355  s);
356  if (NULL == s->mq)
357  {
358  GNUNET_free (s);
359  return NULL;
360  }
362  GNUNET_SECRETSHARING_share_write (share, NULL, 0,
363  &share_size));
364 
365  ev = GNUNET_MQ_msg_extra (msg,
366  share_size,
368 
371  &msg[1],
372  share_size,
373  NULL));
374 
375  msg->start = GNUNET_TIME_absolute_hton (start);
376  msg->deadline = GNUNET_TIME_absolute_hton (deadline);
377  msg->ciphertext = *ciphertext;
378 
379  GNUNET_MQ_send (s->mq, ev);
380 
382  "decrypt session created\n");
383  return s;
384 }
385 
386 
387 int
389  int64_t exponent)
390 {
391  int negative;
392  gcry_mpi_t x;
393 
395 
396  GNUNET_assert (NULL != (x = gcry_mpi_new (0)));
397 
398  negative = GNUNET_NO;
399  if (exponent < 0)
400  {
401  negative = GNUNET_YES;
402  exponent = -exponent;
403  }
404 
405  gcry_mpi_set_ui (x, exponent);
406 
407  gcry_mpi_powm (x, elgamal_g, x, elgamal_p);
408 
409  if (GNUNET_YES == negative)
410  {
411  int res;
412  res = gcry_mpi_invm (x, x, elgamal_p);
413  if (0 == res)
414  return GNUNET_SYSERR;
415  }
416 
418  sizeof (struct GNUNET_SECRETSHARING_Plaintext),
419  x);
420 
421  return GNUNET_OK;
422 }
423 
424 
438 int
440  const struct GNUNET_SECRETSHARING_Plaintext *plaintext,
441  struct GNUNET_SECRETSHARING_Ciphertext *result_ciphertext)
442 {
443  /* pubkey */
444  gcry_mpi_t h;
445  /* nonce */
446  gcry_mpi_t y;
447  /* plaintext message */
448  gcry_mpi_t m;
449  /* temp value */
450  gcry_mpi_t tmp;
451 
453 
454  GNUNET_assert (NULL != (h = gcry_mpi_new (0)));
455  GNUNET_assert (NULL != (y = gcry_mpi_new (0)));
456  GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
457 
458  GNUNET_CRYPTO_mpi_scan_unsigned (&h, public_key, sizeof *public_key);
459  GNUNET_CRYPTO_mpi_scan_unsigned (&m, plaintext, sizeof *plaintext);
460 
461  // Randomize y such that 0 < y < elgamal_q.
462  // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
463  do
464  {
465  gcry_mpi_randomize (y, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
466  } while ((gcry_mpi_cmp_ui (y, 0) == 0) || (gcry_mpi_cmp (y, elgamal_q) >= 0));
467 
468  // tmp <- g^y
469  gcry_mpi_powm (tmp, elgamal_g, y, elgamal_p);
470  // write tmp to c1
471  GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c1_bits,
473 
474  // tmp <- h^y
475  gcry_mpi_powm (tmp, h, y, elgamal_p);
476  // tmp <- tmp * m
477  gcry_mpi_mulm (tmp, tmp, m, elgamal_p);
478  // write tmp to c2
479  GNUNET_CRYPTO_mpi_print_unsigned (&result_ciphertext->c2_bits,
481 
482  return GNUNET_OK;
483 }
484 
485 
494 void
496 {
497  GNUNET_MQ_destroy (dh->mq);
498  dh->mq = NULL;
499  GNUNET_free (dh);
500 }
501 
502 /* end of secretsharing_api.c */
struct GNUNET_TIME_AbsoluteNBO start
Start time for communication with the other peers.
Definition: secretsharing.h:62
static unsigned int threshold
What should the threshold for then key be?
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
struct GNUNET_SECRETSHARING_Share * GNUNET_SECRETSHARING_share_read(const void *data, size_t len, size_t *readlen)
Read a share from its binary representation.
#define GNUNET_SECRETSHARING_ELGAMAL_G_HEX
The g-parameter for ElGamal encryption, a generator of the unique size q subgroup of Z_p^*...
GNUNET_SECRETSHARING_SecretReadyCallback secret_ready_cb
Called when the secret sharing is done.
struct GNUNET_MQ_Handle * GNUNET_CLIENT_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *service_name, const struct GNUNET_MQ_MessageHandler *handlers, GNUNET_MQ_ErrorHandler error_handler, void *error_handler_cls)
Create a message queue to connect to a GNUnet service.
Definition: client.c:901
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY.
static void handle_session_client_error(void *cls, enum GNUNET_MQ_Error error)
Callback invoked when there is an error communicating with the service.
struct GNUNET_SECRETSHARING_FieldElement plaintext
Decrypted plaintext.
GNUNET_MQ_Error
Error codes for the queue.
static int start
Set if we are to start default services (including ARM).
Definition: gnunet-arm.c:39
struct GNUNET_MQ_Handle * mq
Message queue for client.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
messages used for the secretsharing api
#define GNUNET_SECRETSHARING_ELGAMAL_Q_HEX
The q-parameter for ElGamal encryption, a 1023-bit Sophie Germain prime, q = (p-1)/2.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_MQ_hd_fixed_size(name, code, str, ctx)
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT
Request the decryption of a ciphertext.
A share, with all values in in host byte order.
static struct GNUNET_HashCode session_id
#define GNUNET_NO
Definition: gnunet_common.h:81
void * secret_ready_cls
Closure for secret_ready_cb.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_new(type)
Allocate a struct or union of the given type.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
GNUNET_SECRETSHARING_DecryptCallback decrypt_cb
Called when the secret sharing is done.
static void ensure_elgamal_initialized(void)
Function to initialize elgamal_q, elgamal_p and elgamal_g.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_SECRETSHARING_DecryptionHandle * GNUNET_SECRETSHARING_decrypt(const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_SECRETSHARING_Share *share, const struct GNUNET_SECRETSHARING_Ciphertext *ciphertext, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, GNUNET_SECRETSHARING_DecryptCallback decrypt_cb, void *decrypt_cb_cls)
Publish the given ciphertext for decryption.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:94
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
Public key of a group sharing a secret.
#define GNUNET_SECRETSHARING_ELGAMAL_P_HEX
The q-parameter for ElGamal encryption, a 1024-bit safe prime.
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:99
void GNUNET_SECRETSHARING_session_destroy(struct GNUNET_SECRETSHARING_Session *s)
Destroy a secret sharing session.
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE
The service succeeded in decrypting a ciphertext.
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct...
Definition: gnunet_mq_lib.h:52
int GNUNET_SECRETSHARING_plaintext_generate_i(struct GNUNET_SECRETSHARING_Plaintext *plaintext, int64_t exponent)
static void handle_secret_ready(void *cls, const struct GNUNET_SECRETSHARING_SecretReadyMessage *m)
Handler invoked with the final result message from secret sharing.
#define GNUNET_memcpy(dst, src, n)
struct GNUNET_TIME_AbsoluteNBO deadline
Deadline for the establishment of the crypto system.
Definition: secretsharing.h:67
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
struct GNUNET_SECRETSHARING_Session * GNUNET_SECRETSHARING_create_session(const struct GNUNET_CONFIGURATION_Handle *cfg, unsigned int num_peers, const struct GNUNET_PeerIdentity *peers, const struct GNUNET_HashCode *session_id, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, unsigned int threshold, GNUNET_SECRETSHARING_SecretReadyCallback cb, void *cls)
Create a session that will eventually establish a shared secret with the other peers.
void GNUNET_SECRETSHARING_decrypt_cancel(struct GNUNET_SECRETSHARING_DecryptionHandle *dh)
Cancel a decryption.
int GNUNET_SECRETSHARING_share_write(const struct GNUNET_SECRETSHARING_Share *share, void *buf, size_t buflen, size_t *writelen)
Convert a share to its binary representation.
static struct GNUNET_SECRETSHARING_Ciphertext ciphertext
A 512-bit hashcode.
struct GNUNET_TIME_AbsoluteNBO deadline
Until when should the decryption be finished?
#define LOG(kind,...)
Message handler for a specific message type.
uint16_t threshold
Mininum number of cooperating peers to decrypt a value.
Definition: secretsharing.h:73
static int res
Session that will eventually establish a shared secred between the involved peers and allow encryptio...
uint32_t c1_bits[1024/8/sizeof(uint32_t)]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
static struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
Definition: gnunet-arm.c:104
int GNUNET_SECRETSHARING_encrypt(const struct GNUNET_SECRETSHARING_PublicKey *public_key, const struct GNUNET_SECRETSHARING_Plaintext *plaintext, struct GNUNET_SECRETSHARING_Ciphertext *result_ciphertext)
Encrypt a value.
Handle to cancel a cooperative decryption operation.
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
static void handle_decrypt_done(void *cls, const struct GNUNET_SECRETSHARING_DecryptResponseMessage *m)
struct GNUNET_TIME_AbsoluteNBO start
Until when should the decryption start?
static unsigned int num_peers
Handle to a message queue.
Definition: mq.c:85
The identity of the host (wraps the signing key of the peer).
uint32_t success
Zero if decryption failed, non-zero if decryption succeeded.
configuration data
Definition: configuration.c:85
static struct CadetPeer * peers
Operation to get peer ids.
Plain, unencrypted message that can be encrypted with a group public key.
static void handle_decrypt_client_error(void *cls, enum GNUNET_MQ_Error error)
Callback invoked when there is an error communicating with the service.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
uint16_t num_peers
Number of peers at the end of this message.
Definition: secretsharing.h:78
static struct GNUNET_TIME_Absolute deadline
Deadline for all consensuses.
void * decrypt_cls
Closure for decrypt_cb.
Time for absolute times used by GNUnet, in microseconds.
void GNUNET_MQ_destroy(struct GNUNET_MQ_Handle *mq)
Destroy the message queue.
Definition: mq.c:824
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY
The cryptosystem has been established.
static void decrypt_cb(void *cls, const struct GNUNET_SECRETSHARING_Plaintext *plaintext)
Called when a decryption has succeeded.
#define GNUNET_YES
Definition: gnunet_common.h:80
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:353
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE
Establish a new session.
struct GNUNET_MQ_Handle * mq
Message queue for client.
void(* GNUNET_SECRETSHARING_DecryptCallback)(void *cls, const struct GNUNET_SECRETSHARING_Plaintext *plaintext)
Called when a decryption has succeeded.
uint16_t num_peers
Peers that have the share.
struct GNUNET_HashCode session_id
Session ID, will be used for consensus.
Definition: secretsharing.h:57
static int check_secret_ready(void *cls, const struct GNUNET_SECRETSHARING_SecretReadyMessage *m)
Handler invoked with the final result message from secret sharing.
struct GNUNET_SECRETSHARING_PublicKey public_key
Public key.
uint32_t c2_bits[1024/8/sizeof(uint32_t)]
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:654
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
Notify the client that then threshold secret has been established.
void(* GNUNET_SECRETSHARING_SecretReadyCallback)(void *cls, struct GNUNET_SECRETSHARING_Share *my_share, struct GNUNET_SECRETSHARING_PublicKey *public_key, unsigned int num_ready_peers, const struct GNUNET_PeerIdentity *ready_peers)
Called once the secret has been established with all peers, or the deadline is due.
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.