secret sharing service More...

#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_time_lib.h"
#include "gnunet_signatures.h"
#include "gnunet_consensus_service.h"
#include "secretsharing.h"
#include "secretsharing_protocol.h"
#include <gcrypt.h>

Include dependency graph for gnunet-service-secretsharing.c:

Data Structures
struct	KeygenPeerInfo
	Info about a peer in a key generation session. More...

struct	DecryptPeerInfo
	Information about a peer in a decrypt session. More...

struct	KeygenSession
	Session to establish a threshold-shared secret. More...

struct	DecryptSession
	Session to cooperatively decrypt a value. More...

struct	ClientState
	State we keep per client. More...

Macros
#define	EXTRA_CHECKS 1

Functions
static struct KeygenPeerInfo *	get_keygen_peer_info (const struct KeygenSession ks, const struct GNUNET_PeerIdentity peer)
	Get the peer info belonging to a peer identity in a keygen session. More...

static struct DecryptPeerInfo *	get_decrypt_peer_info (const struct DecryptSession ds, const struct GNUNET_PeerIdentity peer)
	Get the peer info belonging to a peer identity in a decrypt session. More...

static struct GNUNET_TIME_Absolute	time_between (struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end, int num, int denum)
	Interpolate between two points in time. More...

static int	peer_id_cmp (const void p1, const void p2)
	Compare two peer identities. More...

static int	peer_find (const struct GNUNET_PeerIdentity haystack, unsigned int n, const struct GNUNET_PeerIdentity needle)
	Get the index of a peer in an array of peers. More...

static struct GNUNET_PeerIdentity *	normalize_peers (struct GNUNET_PeerIdentity listed, unsigned int num_listed, unsigned int num_normalized, unsigned int *my_peer_idx)
	Normalize the given list of peers, by including the local peer (if it is missing) and sorting the peers by their identity. More...

static void	compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, unsigned int *indices, unsigned int num)
	Get a the j-th lagrange coefficient for a set of indices. More...

static void	decrypt_session_destroy (struct DecryptSession *ds)
	Destroy a decrypt session, removing it from the linked list of decrypt sessions. More...

static void	keygen_info_destroy (struct KeygenPeerInfo *info)

static void	keygen_session_destroy (struct KeygenSession *ks)

static void	cleanup_task (void *cls)
	Task run during shutdown. More...

static void	generate_presecret_polynomial (struct KeygenSession *ks)
	Generate the random coefficients of our pre-secret polynomial. More...

static void	keygen_round1_new_element (void cls, const struct GNUNET_SET_Element element)
	Consensus element handler for round one. More...

static void	horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m)
	Evaluate the polynomial with coefficients coeff at x. More...

static void	keygen_round2_conclude (void *cls)

static void	restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey ppub, const struct GNUNET_SECRETSHARING_FairEncryption fe, gcry_mpi_t x, gcry_mpi_t xres)

static void	get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption fe, gcry_mpi_t e)

static int	verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey ppub, const struct GNUNET_SECRETSHARING_FairEncryption fe)

static void	encrypt_fair (gcry_mpi_t v, const struct GNUNET_CRYPTO_PaillierPublicKey ppub, struct GNUNET_SECRETSHARING_FairEncryption fe)
	Create a fair Paillier encryption of then given ciphertext. More...

static void	insert_round2_element (struct KeygenSession *ks)
	Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coefficients A_{i,l}=g^{a_{i,l}} (2) The exponentiated pre-shares y_{i,j}=g^{s_{i,j}} (3) The encrypted pre-shares Y_{i,j} (4) The zero knowledge proof for fairness of the encryption. More...

static gcry_mpi_t	keygen_reveal_get_exp_coeff (struct KeygenSession ks, const struct GNUNET_SECRETSHARING_KeygenRevealData d, unsigned int idx)

static struct GNUNET_SECRETSHARING_FairEncryption *	keygen_reveal_get_enc_preshare (struct KeygenSession ks, const struct GNUNET_SECRETSHARING_KeygenRevealData d, unsigned int idx)

static gcry_mpi_t	keygen_reveal_get_exp_preshare (struct KeygenSession ks, const struct GNUNET_SECRETSHARING_KeygenRevealData d, unsigned int idx)

static void	keygen_round2_new_element (void cls, const struct GNUNET_SET_Element element)

static void	keygen_round1_conclude (void *cls)
	Called when the first consensus round has concluded. More...

static void	insert_round1_element (struct KeygenSession *ks)
	Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given session. More...

static int	check_client_keygen (void cls, const struct GNUNET_SECRETSHARING_CreateMessage msg)
	Check that msg is well-formed. More...

static void	handle_client_keygen (void cls, const struct GNUNET_SECRETSHARING_CreateMessage msg)
	Functions with this signature are called whenever a message is received. More...

static void	decrypt_conclude (void *cls)
	Called when the partial decryption consensus concludes. More...

static char *	mpi_to_str (gcry_mpi_t mpi)
	Get a string representation of an MPI. More...

static void	decrypt_new_element (void cls, const struct GNUNET_SET_Element element)
	Called when a new partial decryption arrives. More...

static void	insert_decrypt_element (struct DecryptSession *ds)

static int	check_client_decrypt (void cls, const struct GNUNET_SECRETSHARING_DecryptRequestMessage msg)
	Check that msg is well-formed. More...

static void	handle_client_decrypt (void cls, const struct GNUNET_SECRETSHARING_DecryptRequestMessage msg)
	Functions with this signature are called whenever a message is received. More...

static void	init_crypto_constants (void)

static void	run (void cls, const struct GNUNET_CONFIGURATION_Handle c, struct GNUNET_SERVICE_Handle *service)
	Initialize secretsharing service. More...

static void *	client_connect_cb (void cls, struct GNUNET_SERVICE_Client c, struct GNUNET_MQ_Handle *mq)
	Callback called when a client connects to the service. More...

static void	client_disconnect_cb (void cls, struct GNUNET_SERVICE_Client c, void *internal_cls)
	Callback called when a client disconnected from the service. More...

	GNUNET_SERVICE_MAIN (GNUNET_OS_project_data_gnunet(), "secretsharing", GNUNET_SERVICE_OPTION_NONE, &run, &client_connect_cb, &client_disconnect_cb, NULL, GNUNET_MQ_hd_var_size(client_keygen, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, struct GNUNET_SECRETSHARING_CreateMessage, NULL), GNUNET_MQ_hd_var_size(client_decrypt, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, struct GNUNET_SECRETSHARING_DecryptRequestMessage, NULL), GNUNET_MQ_handler_end())
	Define "main" method using service macro. More...

Variables
static gcry_mpi_t	elgamal_q
	The ElGamal prime field order as libgcrypt mpi. More...

static gcry_mpi_t	elgamal_p
	Modulus of the prime field used for ElGamal. More...

static gcry_mpi_t	elgamal_g
	Generator for prime field of order 'elgamal_q'. More...

static struct GNUNET_PeerIdentity	my_peer
	Peer that runs this service. More...

static struct GNUNET_CRYPTO_EddsaPrivateKey *	my_peer_private_key
	Peer that runs this service. More...

static const struct GNUNET_CONFIGURATION_Handle *	cfg
	Configuration of this service. More...

Detailed Description

secret sharing service

Author: Florian Dold

Definition in file gnunet-service-secretsharing.c.

Macro Definition Documentation

◆ EXTRA_CHECKS

#define EXTRA_CHECKS 1

Definition at line 36 of file gnunet-service-secretsharing.c.

Function Documentation

◆ get_keygen_peer_info()

static struct KeygenPeerInfo * get_keygen_peer_info	(	const struct KeygenSession *	ks,
		const struct GNUNET_PeerIdentity *	peer
	)

static

Get the peer info belonging to a peer identity in a keygen session.

Parameters

ks	The keygen session.
peer	The peer identity.

Returns: The Keygen peer info, or NULL if the peer could not be found.

Definition at line 325 of file gnunet-service-secretsharing.c.

{
  unsigned int i;
 
  for (i = 0; i < ks->num_peers; i++)
    if (0 == GNUNET_memcmp (peer, &ks->info[i].peer))
      return &ks->info[i];
  return NULL;
}

References GNUNET_memcmp, KeygenSession::info, KeygenSession::num_peers, and KeygenPeerInfo::peer.

Referenced by keygen_round1_new_element(), and keygen_round2_new_element().

Here is the caller graph for this function:

◆ get_decrypt_peer_info()

static struct DecryptPeerInfo * get_decrypt_peer_info	(	const struct DecryptSession *	ds,
		const struct GNUNET_PeerIdentity *	peer
	)

static

Get the peer info belonging to a peer identity in a decrypt session.

Parameters

ds	The decrypt session.
peer	The peer identity.

Returns: The decrypt peer info, or NULL if the peer could not be found.

Definition at line 345 of file gnunet-service-secretsharing.c.

{
  unsigned int i;
 
  for (i = 0; i < ds->share->num_peers; i++)
    if (0 == GNUNET_memcmp (peer, &ds->info[i].peer))
      return &ds->info[i];
  return NULL;
}

References ds, GNUNET_memcmp, and DecryptPeerInfo::peer.

Referenced by decrypt_new_element().

Here is the caller graph for this function:

◆ time_between()

static struct GNUNET_TIME_Absolute time_between	(	struct GNUNET_TIME_Absolute	start,
		struct GNUNET_TIME_Absolute	end,
		int	num,
		int	denum
	)

static

Interpolate between two points in time.

Parameters

start	start time
end	end time
num	numerator of the scale factor
denum	denumerator of the scale factor

Definition at line 366 of file gnunet-service-secretsharing.c.

{
  struct GNUNET_TIME_Absolute result;
  uint64_t diff;
 
  GNUNET_assert (start.abs_value_us <= end.abs_value_us);
  diff = end.abs_value_us - start.abs_value_us;
  result.abs_value_us = start.abs_value_us + ((diff * num) / denum);
 
  return result;
}

References end, GNUNET_assert, result, and start.

Referenced by keygen_round1_conclude().

Here is the caller graph for this function:

◆ peer_id_cmp()

static int peer_id_cmp	(	const void *	p1,
		const void *	p2
	)

static

Compare two peer identities.

Intended to be used with qsort or bsearch.

Parameters

p1	Some peer identity.
p2	Some peer identity.

Returns: 1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2.

Definition at line 389 of file gnunet-service-secretsharing.c.

{
  return memcmp (p1,
                 p2,
                 sizeof(struct GNUNET_PeerIdentity));
}

Referenced by normalize_peers().

Here is the caller graph for this function:

◆ peer_find()

static int peer_find	(	const struct GNUNET_PeerIdentity *	haystack,
		unsigned int	n,
		const struct GNUNET_PeerIdentity *	needle
	)

static

Get the index of a peer in an array of peers.

Parameters

haystack	Array of peers.
n	Size of haystack.
needle	Peer to find

Returns: Index of needle in haystack, or -1 if peer is not in the list.

Definition at line 407 of file gnunet-service-secretsharing.c.

{
  unsigned int i;
 
  for (i = 0; i < n; i++)
    if (0 == GNUNET_memcmp (&haystack[i],
                            needle))
      return i;
  return -1;
}

References GNUNET_memcmp.

Referenced by normalize_peers().

Here is the caller graph for this function:

◆ normalize_peers()

static struct GNUNET_PeerIdentity * normalize_peers	(	struct GNUNET_PeerIdentity *	listed,
		unsigned int	num_listed,
		unsigned int *	num_normalized,
		unsigned int *	my_peer_idx
	)

static

Normalize the given list of peers, by including the local peer (if it is missing) and sorting the peers by their identity.

Parameters

	listed	Peers in the unnormalized list.
	num_listed	Peers in the un-normalized list.
[out]	num_normalized	Number of peers in the normalized list.
[out]	my_peer_idx	Index of the local peer in the normalized list.

Returns: Normalized list, must be free'd by the caller.

Definition at line 431 of file gnunet-service-secretsharing.c.

{
  unsigned int local_peer_in_list;
  /* number of peers in the normalized list */
  unsigned int n;
  struct GNUNET_PeerIdentity *normalized;
 
  local_peer_in_list = GNUNET_YES;
  n = num_listed;
  if (peer_find (listed, num_listed, &my_peer) < 0)
  {
    local_peer_in_list = GNUNET_NO;
    n += 1;
  }
 
  normalized = GNUNET_new_array (n,
                                 struct GNUNET_PeerIdentity);
 
  if (GNUNET_NO == local_peer_in_list)
    normalized[n - 1] = my_peer;
 
  GNUNET_memcpy (normalized,
                 listed,
                 num_listed * sizeof(struct GNUNET_PeerIdentity));
  qsort (normalized,
         n,
         sizeof(struct GNUNET_PeerIdentity),
         &peer_id_cmp);
 
  if (NULL != my_peer_idx)
    *my_peer_idx = peer_find (normalized, n, &my_peer);
  if (NULL != num_normalized)
    *num_normalized = n;
 
  return normalized;
}

References GNUNET_memcpy, GNUNET_new_array, GNUNET_NO, GNUNET_YES, my_peer, peer_find(), and peer_id_cmp().

Referenced by handle_client_keygen().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ compute_lagrange_coefficient()

static void compute_lagrange_coefficient	(	gcry_mpi_t	coeff,
		unsigned int	j,
		unsigned int *	indices,
		unsigned int	num
	)

static

Get a the j-th lagrange coefficient for a set of indices.

Parameters

[out]	coeff	the lagrange coefficient
	j	lagrange coefficient we want to compute
	indices	indices
	num	number of indices in indices

Definition at line 481 of file gnunet-service-secretsharing.c.

{
  unsigned int i;
  /* numerator */
  gcry_mpi_t n;
  /* denominator */
  gcry_mpi_t d;
  /* temp value for l-j */
  gcry_mpi_t tmp;
 
  GNUNET_assert (0 != coeff);
 
  GNUNET_assert (0 != (n = gcry_mpi_new (0)));
  GNUNET_assert (0 != (d = gcry_mpi_new (0)));
  GNUNET_assert (0 != (tmp = gcry_mpi_new (0)));
 
  gcry_mpi_set_ui (n, 1);
  gcry_mpi_set_ui (d, 1);
 
  for (i = 0; i < num; i++)
  {
    unsigned int l = indices[i];
    if (l == j)
      continue;
    gcry_mpi_mul_ui (n, n, l + 1);
    // d <- d * (l-j)
    gcry_mpi_set_ui (tmp, l + 1);
    gcry_mpi_sub_ui (tmp, tmp, j + 1);
    gcry_mpi_mul (d, d, tmp);
  }
 
  // gcry_mpi_invm does not like negative numbers ...
  gcry_mpi_mod (d, d, elgamal_q);
 
  GNUNET_assert (gcry_mpi_cmp_ui (d, 0) > 0);
 
  // now we do the actual division, with everything mod q, as we
  // are not operating on elements from <g>, but on exponents
  GNUNET_assert (0 != gcry_mpi_invm (d, d, elgamal_q));
 
  gcry_mpi_mulm (coeff, n, d, elgamal_q);
 
  gcry_mpi_release (n);
  gcry_mpi_release (d);
  gcry_mpi_release (tmp);
}

References d, elgamal_q, and GNUNET_assert.

Referenced by decrypt_conclude().

Here is the caller graph for this function:

◆ decrypt_session_destroy()

static void decrypt_session_destroy ( struct DecryptSession * ds )

static

Destroy a decrypt session, removing it from the linked list of decrypt sessions.

Parameters

ds	decrypt session to destroy

Definition at line 538 of file gnunet-service-secretsharing.c.

{
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "destroying decrypt session\n");
  if (NULL != ds->cs)
  {
    ds->cs->decrypt_session = NULL;
    ds->cs = NULL;
  }
  if (NULL != ds->consensus)
  {
    GNUNET_CONSENSUS_destroy (ds->consensus);
    ds->consensus = NULL;
  }
 
  if (NULL != ds->info)
  {
    for (unsigned int i = 0; i < ds->share->num_peers; i++)
    {
      if (NULL != ds->info[i].partial_decryption)
      {
        gcry_mpi_release (ds->info[i].partial_decryption);
        ds->info[i].partial_decryption = NULL;
      }
    }
    GNUNET_free (ds->info);
    ds->info = NULL;
  }
  if (NULL != ds->share)
  {
    GNUNET_SECRETSHARING_share_destroy (ds->share);
    ds->share = NULL;
  }
 
  GNUNET_free (ds);
}

References ds, GNUNET_CONSENSUS_destroy(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, and GNUNET_SECRETSHARING_share_destroy().

Referenced by client_disconnect_cb().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ keygen_info_destroy()

static void keygen_info_destroy ( struct KeygenPeerInfo * info )

static

Definition at line 577 of file gnunet-service-secretsharing.c.

{
  if (NULL != info->sigma)
  {
    gcry_mpi_release (info->sigma);
    info->sigma = NULL;
  }
  if (NULL != info->presecret_commitment)
  {
    gcry_mpi_release (info->presecret_commitment);
    info->presecret_commitment = NULL;
  }
  if (NULL != info->preshare_commitment)
  {
    gcry_mpi_release (info->preshare_commitment);
    info->preshare_commitment = NULL;
  }
}

References info.

Referenced by keygen_session_destroy().

Here is the caller graph for this function:

◆ keygen_session_destroy()

static void keygen_session_destroy ( struct KeygenSession * ks )

static

Definition at line 598 of file gnunet-service-secretsharing.c.

{
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "destroying keygen session\n");
 
  if (NULL != ks->cs)
  {
    ks->cs->keygen_session = NULL;
    ks->cs = NULL;
  }
  if (NULL != ks->info)
  {
    for (unsigned int i = 0; i < ks->num_peers; i++)
      keygen_info_destroy (&ks->info[i]);
    GNUNET_free (ks->info);
    ks->info = NULL;
  }
 
  if (NULL != ks->consensus)
  {
    GNUNET_CONSENSUS_destroy (ks->consensus);
    ks->consensus = NULL;
  }
 
  if (NULL != ks->presecret_polynomial)
  {
    for (unsigned int i = 0; i < ks->threshold; i++)
    {
      GNUNET_assert (NULL != ks->presecret_polynomial[i]);
      gcry_mpi_release (ks->presecret_polynomial[i]);
      ks->presecret_polynomial[i] = NULL;
    }
    GNUNET_free (ks->presecret_polynomial);
    ks->presecret_polynomial = NULL;
  }
  if (NULL != ks->my_share)
  {
    gcry_mpi_release (ks->my_share);
    ks->my_share = NULL;
  }
  if (NULL != ks->public_key)
  {
    gcry_mpi_release (ks->public_key);
    ks->public_key = NULL;
  }
  if (NULL != ks->peers)
  {
    GNUNET_free (ks->peers);
    ks->peers = NULL;
  }
  GNUNET_free (ks);
}

References KeygenSession::consensus, KeygenSession::cs, GNUNET_assert, GNUNET_CONSENSUS_destroy(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, KeygenSession::info, keygen_info_destroy(), ClientState::keygen_session, KeygenSession::my_share, KeygenSession::num_peers, KeygenSession::peers, KeygenSession::presecret_polynomial, KeygenSession::public_key, and KeygenSession::threshold.

Referenced by client_disconnect_cb().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ cleanup_task()

static void cleanup_task ( void * cls )

static

Task run during shutdown.

Parameters

cls unused

Definition at line 658 of file gnunet-service-secretsharing.c.

{
  /* Nothing to do! */
}

Referenced by run().

Here is the caller graph for this function:

◆ generate_presecret_polynomial()

static void generate_presecret_polynomial ( struct KeygenSession * ks )

static

Generate the random coefficients of our pre-secret polynomial.

Parameters

ks	the session

Definition at line 670 of file gnunet-service-secretsharing.c.

{
  int i;
  gcry_mpi_t v;
 
  GNUNET_assert (NULL == ks->presecret_polynomial);
  ks->presecret_polynomial = GNUNET_new_array (ks->threshold,
                                               gcry_mpi_t);
  for (i = 0; i < ks->threshold; i++)
  {
    v = ks->presecret_polynomial[i] = gcry_mpi_new (
      GNUNET_SECRETSHARING_ELGAMAL_BITS);
    GNUNET_assert (NULL != v);
    // Randomize v such that 0 < v < elgamal_q.
    // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
    do
    {
      gcry_mpi_randomize (v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1,
                          GCRY_WEAK_RANDOM);
    }
    while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v, elgamal_q) >= 0));
  }
}

References elgamal_q, GNUNET_assert, GNUNET_new_array, GNUNET_SECRETSHARING_ELGAMAL_BITS, KeygenSession::presecret_polynomial, and KeygenSession::threshold.

Referenced by handle_client_keygen().

Here is the caller graph for this function:

◆ keygen_round1_new_element()

static void keygen_round1_new_element	(	void *	cls,
		const struct GNUNET_SET_Element *	element
	)

static

Consensus element handler for round one.

We should get one ephemeral key for each peer.

Parameters

cls	Closure (keygen session).
element	The element from consensus, or NULL if consensus failed.

Definition at line 704 of file gnunet-service-secretsharing.c.

{
  const struct GNUNET_SECRETSHARING_KeygenCommitData *d;
  struct KeygenSession *ks = cls;
  struct KeygenPeerInfo *info;
 
  if (NULL == element)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n");
    return;
  }
 
  /* elements have fixed size */
  if (element->size != sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "keygen commit data with wrong size (%u) in consensus, %u expected\n",
                (unsigned int) element->size,
                (unsigned int) sizeof(struct
                                      GNUNET_SECRETSHARING_KeygenCommitData));
    return;
  }
 
  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round1 element\n");
 
  d = element->data;
  info = get_keygen_peer_info (ks, &d->peer);
 
  if (NULL == info)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "keygen commit data with wrong peer identity (%s) in consensus\n",
                GNUNET_i2s (&d->peer));
    return;
  }
 
  /* Check that the right amount of data has been signed. */
  if (d->purpose.size !=
      htonl (element->size - offsetof (struct
                                       GNUNET_SECRETSHARING_KeygenCommitData,
                                       purpose)))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "keygen commit data with wrong signature purpose size in consensus\n");
    return;
  }
 
  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify_ (
        GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1,
        &d->purpose, &d->signature,
        &d->peer.public_key))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "keygen commit data with invalid signature in consensus\n");
    return;
  }
  info->paillier_public_key = d->pubkey;
  GNUNET_CRYPTO_mpi_scan_unsigned (&info->presecret_commitment, &d->commitment,
                                   512 / 8);
  info->round1_valid = GNUNET_YES;
}

References d, GNUNET_SET_Element::data, get_keygen_peer_info(), GNUNET_CRYPTO_eddsa_verify_(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_log, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, GNUNET_YES, info, and GNUNET_SET_Element::size.

Referenced by handle_client_keygen().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ horner_eval()

static void horner_eval	(	gcry_mpi_t	z,
		gcry_mpi_t *	coeff,
		unsigned int	num_coeff,
		gcry_mpi_t	x,
		gcry_mpi_t	m
	)

static

Evaluate the polynomial with coefficients coeff at x.

The i-th element in coeff corresponds to the coefficient of x^i.

Parameters

[out]	z	result of the evaluation
	coeff	array of coefficients
	num_coeff	number of coefficients
	x	where to evaluate the polynomial
	m	what group are we operating in?

Definition at line 779 of file gnunet-service-secretsharing.c.

{
  unsigned int i;
 
  gcry_mpi_set_ui (z, 0);
  for (i = 0; i < num_coeff; i++)
  {
    // z <- zx + c
    gcry_mpi_mul (z, z, x);
    gcry_mpi_addm (z, z, coeff[num_coeff - i - 1], m);
  }
}

References m.

Referenced by insert_round2_element().

Here is the caller graph for this function:

◆ keygen_round2_conclude()

static void keygen_round2_conclude ( void * cls )

static

Definition at line 795 of file gnunet-service-secretsharing.c.

{
  struct KeygenSession *ks = cls;
  struct GNUNET_SECRETSHARING_SecretReadyMessage *m;
  struct GNUNET_MQ_Envelope *ev;
  size_t share_size;
  unsigned int i;
  unsigned int j;
  struct GNUNET_SECRETSHARING_Share *share;
 
  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n");
 
  GNUNET_CONSENSUS_destroy (ks->consensus);
  ks->consensus = NULL;
 
  share = GNUNET_new (struct GNUNET_SECRETSHARING_Share);
 
  share->num_peers = 0;
 
  for (i = 0; i < ks->num_peers; i++)
    if (GNUNET_YES == ks->info[i].round2_valid)
      share->num_peers++;
 
  share->peers = GNUNET_new_array (share->num_peers,
                                   struct GNUNET_PeerIdentity);
  share->sigmas =
    GNUNET_new_array (share->num_peers,
                      struct GNUNET_SECRETSHARING_FieldElement);
  share->original_indices = GNUNET_new_array (share->num_peers,
                                              uint16_t);
 
  /* maybe we're not even in the list of peers? */
  share->my_peer = share->num_peers;
 
  j = 0; /* running index of valid peers */
  for (i = 0; i < ks->num_peers; i++)
  {
    if (GNUNET_YES == ks->info[i].round2_valid)
    {
      share->peers[j] = ks->info[i].peer;
      GNUNET_CRYPTO_mpi_print_unsigned (&share->sigmas[j],
                                        GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
                                        ks->info[i].sigma);
      share->original_indices[i] = j;
      if (0 == GNUNET_memcmp (&share->peers[i], &my_peer))
        share->my_peer = j;
      j += 1;
    }
  }
 
  if (share->my_peer == share->num_peers)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n",
                ks->local_peer_idx);
  }
 
  GNUNET_CRYPTO_mpi_print_unsigned (&share->my_share,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
                                    ks->my_share);
  GNUNET_CRYPTO_mpi_print_unsigned (&share->public_key,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
                                    ks->public_key);
 
  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n",
              share->num_peers);
 
  /* Write the share. If 0 peers completed the dkg, an empty
   * share will be sent. */
 
  GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, NULL, 0,
                                                                &share_size));
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n",
              (unsigned int) share_size);
 
  ev = GNUNET_MQ_msg_extra (m, share_size,
                            GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY);
 
  GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, &m[1],
                                                                share_size,
                                                                NULL));
 
  GNUNET_SECRETSHARING_share_destroy (share);
  share = NULL;
 
  GNUNET_MQ_send (ks->cs->mq,
                  ev);
}

Referenced by keygen_round1_conclude().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ restore_fair()

static void restore_fair	(	const struct GNUNET_CRYPTO_PaillierPublicKey *	ppub,
		const struct GNUNET_SECRETSHARING_FairEncryption *	fe,
		gcry_mpi_t	x,
		gcry_mpi_t	xres
	)

static

Definition at line 886 of file gnunet-service-secretsharing.c.

{
  gcry_mpi_t a_1;
  gcry_mpi_t a_2;
  gcry_mpi_t b_1;
  gcry_mpi_t b_2;
  gcry_mpi_t big_a;
  gcry_mpi_t big_b;
  gcry_mpi_t big_t;
  gcry_mpi_t n;
  gcry_mpi_t t_1;
  gcry_mpi_t t_2;
  gcry_mpi_t t;
  gcry_mpi_t r;
  gcry_mpi_t v;
 
 
  GNUNET_assert (NULL != (n = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (t = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (t_1 = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (t_2 = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (big_t = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (v = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (big_a = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (big_b = gcry_mpi_new (0)));
 
  // a = (N,0)^T
  GNUNET_CRYPTO_mpi_scan_unsigned (&a_1,
                                   ppub,
                                   sizeof(struct
                                          GNUNET_CRYPTO_PaillierPublicKey));
  GNUNET_assert (NULL != (a_2 = gcry_mpi_new (0)));
  gcry_mpi_set_ui (a_2, 0);
  // b = (x,1)^T
  GNUNET_assert (NULL != (b_1 = gcry_mpi_new (0)));
  gcry_mpi_set (b_1, x);
  GNUNET_assert (NULL != (b_2 = gcry_mpi_new (0)));
  gcry_mpi_set_ui (b_2, 1);
 
  // A = a DOT a
  gcry_mpi_mul (t, a_1, a_1);
  gcry_mpi_mul (big_a, a_2, a_2);
  gcry_mpi_add (big_a, big_a, t);
 
  // B = b DOT b
  gcry_mpi_mul (t, b_1, b_1);
  gcry_mpi_mul (big_b, b_2, b_2);
  gcry_mpi_add (big_b, big_b, t);
 
  while (1)
  {
    // n = a DOT b
    gcry_mpi_mul (t, a_1, b_1);
    gcry_mpi_mul (n, a_2, b_2);
    gcry_mpi_add (n, n, t);
 
    // r = nearest(n/B)
    gcry_mpi_div (r, NULL, n, big_b, 0);
 
    // T := A - 2rn + rrB
    gcry_mpi_mul (v, r, n);
    gcry_mpi_mul_ui (v, v, 2);
    gcry_mpi_sub (big_t, big_a, v);
    gcry_mpi_mul (v, r, r);
    gcry_mpi_mul (v, v, big_b);
    gcry_mpi_add (big_t, big_t, v);
 
    if (gcry_mpi_cmp (big_t, big_b) >= 0)
    {
      break;
    }
 
    // t = a - rb
    gcry_mpi_mul (v, r, b_1);
    gcry_mpi_sub (t_1, a_1, v);
    gcry_mpi_mul (v, r, b_2);
    gcry_mpi_sub (t_2, a_2, v);
 
    // a = b
    gcry_mpi_set (a_1, b_1);
    gcry_mpi_set (a_2, b_2);
    // b = t
    gcry_mpi_set (b_1, t_1);
    gcry_mpi_set (b_2, t_2);
 
    gcry_mpi_set (big_a, big_b);
    gcry_mpi_set (big_b, big_t);
  }
 
  gcry_mpi_set (xres, b_2);
  gcry_mpi_invm (xres, xres, elgamal_q);
  gcry_mpi_mulm (xres, xres, b_1, elgamal_q);
 
  gcry_mpi_release (a_1);
  gcry_mpi_release (a_2);
  gcry_mpi_release (b_1);
  gcry_mpi_release (b_2);
  gcry_mpi_release (big_a);
  gcry_mpi_release (big_b);
  gcry_mpi_release (big_t);
  gcry_mpi_release (n);
  gcry_mpi_release (t_1);
  gcry_mpi_release (t_2);
  gcry_mpi_release (t);
  gcry_mpi_release (r);
  gcry_mpi_release (v);
}

References elgamal_q, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), and t.

Referenced by keygen_round2_new_element().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ get_fair_encryption_challenge()

static void get_fair_encryption_challenge	(	const struct GNUNET_SECRETSHARING_FairEncryption *	fe,
		gcry_mpi_t *	e
	)

static

Definition at line 999 of file gnunet-service-secretsharing.c.

{
  struct
  {
    struct GNUNET_CRYPTO_PaillierCiphertext c;
    char h[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
    char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
    char t2[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
  } hash_data;
  struct GNUNET_HashCode e_hash;
 
  memset (&hash_data,
          0,
          sizeof(hash_data));
  GNUNET_memcpy (&hash_data.c, &fe->c, sizeof(struct
                                              GNUNET_CRYPTO_PaillierCiphertext));
  GNUNET_memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
  GNUNET_memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
  GNUNET_memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
  GNUNET_CRYPTO_hash (&hash_data,
                      sizeof(hash_data),
                      &e_hash);
  /* This allocates "e" */
  GNUNET_CRYPTO_mpi_scan_unsigned (e,
                                   &e_hash,
                                   sizeof(struct GNUNET_HashCode));
  gcry_mpi_mod (*e, *e, elgamal_q);
}

References GNUNET_SECRETSHARING_FairEncryption::c, elgamal_q, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_memcpy, GNUNET_SECRETSHARING_ELGAMAL_BITS, h, GNUNET_SECRETSHARING_FairEncryption::h, GNUNET_SECRETSHARING_FairEncryption::t1, and GNUNET_SECRETSHARING_FairEncryption::t2.

Referenced by encrypt_fair(), and verify_fair().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ verify_fair()

static int verify_fair	(	const struct GNUNET_CRYPTO_PaillierPublicKey *	ppub,
		const struct GNUNET_SECRETSHARING_FairEncryption *	fe
	)

static

Definition at line 1032 of file gnunet-service-secretsharing.c.

{
  gcry_mpi_t n;
  gcry_mpi_t n_sq;
  gcry_mpi_t z;
  gcry_mpi_t t1;
  gcry_mpi_t t2;
  gcry_mpi_t e;
  gcry_mpi_t w;
  gcry_mpi_t tmp1;
  gcry_mpi_t tmp2;
  gcry_mpi_t y;
  gcry_mpi_t big_y;
  int res;
 
  GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
 
  get_fair_encryption_challenge (fe,
                                 &e /* this allocates e */);
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&n,
                                   ppub,
                                   sizeof(struct
                                          GNUNET_CRYPTO_PaillierPublicKey));
  GNUNET_CRYPTO_mpi_scan_unsigned (&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS
                                   / 8);
  GNUNET_CRYPTO_mpi_scan_unsigned (&z, fe->z,
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
  GNUNET_CRYPTO_mpi_scan_unsigned (&y, fe->h,
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
  GNUNET_CRYPTO_mpi_scan_unsigned (&w, fe->w, GNUNET_CRYPTO_PAILLIER_BITS / 8);
  GNUNET_CRYPTO_mpi_scan_unsigned (&big_y, fe->c.bits,
                                   GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
  GNUNET_CRYPTO_mpi_scan_unsigned (&t2, fe->t2, GNUNET_CRYPTO_PAILLIER_BITS
                                   * 2 / 8);
  gcry_mpi_mul (n_sq, n, n);
 
  // tmp1 = g^z
  gcry_mpi_powm (tmp1, elgamal_g, z, elgamal_p);
  // tmp2 = y^{-e}
  gcry_mpi_powm (tmp1, y, e, elgamal_p);
  gcry_mpi_invm (tmp1, tmp1, elgamal_p);
  // tmp1 = tmp1 * tmp2
  gcry_mpi_mulm (tmp1, tmp1, tmp2, elgamal_p);
 
  if (0 == gcry_mpi_cmp (t1, tmp1))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n");
    res = GNUNET_NO;
    goto cleanup;
  }
 
  gcry_mpi_powm (big_y, big_y, e, n_sq);
  gcry_mpi_invm (big_y, big_y, n_sq);
 
  gcry_mpi_add_ui (tmp1, n, 1);
  gcry_mpi_powm (tmp1, tmp1, z, n_sq);
 
  gcry_mpi_powm (tmp2, w, n, n_sq);
 
  gcry_mpi_mulm (tmp1, tmp1, tmp2, n_sq);
  gcry_mpi_mulm (tmp1, tmp1, big_y, n_sq);
 
 
  if (0 == gcry_mpi_cmp (t2, tmp1))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n");
    res = GNUNET_NO;
    goto cleanup;
  }
 
  res = GNUNET_YES;
 
cleanup:
 
  gcry_mpi_release (n);
  gcry_mpi_release (n_sq);
  gcry_mpi_release (z);
  gcry_mpi_release (t1);
  gcry_mpi_release (t2);
  gcry_mpi_release (e);
  gcry_mpi_release (w);
  gcry_mpi_release (tmp1);
  gcry_mpi_release (tmp2);
  gcry_mpi_release (y);
  gcry_mpi_release (big_y);
  return res;
}

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_SECRETSHARING_FairEncryption::c, cleanup(), elgamal_g, elgamal_p, get_fair_encryption_challenge(), GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_NO, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_YES, GNUNET_SECRETSHARING_FairEncryption::h, res, GNUNET_SECRETSHARING_FairEncryption::t1, GNUNET_SECRETSHARING_FairEncryption::t2, GNUNET_SECRETSHARING_FairEncryption::w, and GNUNET_SECRETSHARING_FairEncryption::z.

Referenced by keygen_round2_new_element().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ encrypt_fair()

static void encrypt_fair	(	gcry_mpi_t	v,
		const struct GNUNET_CRYPTO_PaillierPublicKey *	ppub,
		struct GNUNET_SECRETSHARING_FairEncryption *	fe
	)

static

Create a fair Paillier encryption of then given ciphertext.

Parameters

	v	the ciphertext
[out]	fe	the fair encryption

Definition at line 1132 of file gnunet-service-secretsharing.c.

{
  gcry_mpi_t r;
  gcry_mpi_t s;
  gcry_mpi_t t1;
  gcry_mpi_t t2;
  gcry_mpi_t z;
  gcry_mpi_t w;
  gcry_mpi_t n;
  gcry_mpi_t e;
  gcry_mpi_t n_sq;
  gcry_mpi_t u;
  gcry_mpi_t Y;
  gcry_mpi_t G;
  gcry_mpi_t h;
 
  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (s = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (t1 = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (t2 = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (z = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (u = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (Y = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (G = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (h = gcry_mpi_new (0)));
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&n,
                                   ppub,
                                   sizeof(struct
                                          GNUNET_CRYPTO_PaillierPublicKey));
  gcry_mpi_mul (n_sq, n, n);
  gcry_mpi_add_ui (G, n, 1);
 
  do
  {
    gcry_mpi_randomize (u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
  }
  while (gcry_mpi_cmp (u, n) >= 0);
 
  gcry_mpi_powm (t1, G, v, n_sq);
  gcry_mpi_powm (t2, u, n, n_sq);
  gcry_mpi_mulm (Y, t1, t2, n_sq);
 
  GNUNET_CRYPTO_mpi_print_unsigned (fe->c.bits,
                                    sizeof fe->c.bits,
                                    Y);
 
 
  gcry_mpi_randomize (r, 2048, GCRY_WEAK_RANDOM);
  do
  {
    gcry_mpi_randomize (s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
  }
  while (gcry_mpi_cmp (s, n) >= 0);
 
  // compute t1
  gcry_mpi_mulm (t1, elgamal_g, r, elgamal_p);
  // compute t2 (use z and w as temp)
  gcry_mpi_powm (z, G, r, n_sq);
  gcry_mpi_powm (w, s, n, n_sq);
  gcry_mpi_mulm (t2, z, w, n_sq);
 
 
  gcry_mpi_powm (h, elgamal_g, v, elgamal_p);
 
  GNUNET_CRYPTO_mpi_print_unsigned (fe->h,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
                                    h);
 
  GNUNET_CRYPTO_mpi_print_unsigned (fe->t1,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
                                    t1);
 
  GNUNET_CRYPTO_mpi_print_unsigned (fe->t2,
                                    GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8,
                                    t2);
 
  get_fair_encryption_challenge (fe,
                                 &e /* This allocates "e" */);
 
  // compute z
  gcry_mpi_mul (z, e, v);
  gcry_mpi_addm (z, z, r, elgamal_q);
  // compute w
  gcry_mpi_powm (w, u, e, n);
  gcry_mpi_mulm (w, w, s, n);
 
  GNUNET_CRYPTO_mpi_print_unsigned (fe->z,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
                                    z);
 
  GNUNET_CRYPTO_mpi_print_unsigned (fe->w,
                                    GNUNET_CRYPTO_PAILLIER_BITS / 8,
                                    w);
 
  gcry_mpi_release (n);
  gcry_mpi_release (r);
  gcry_mpi_release (s);
  gcry_mpi_release (t1);
  gcry_mpi_release (t2);
  gcry_mpi_release (z);
  gcry_mpi_release (w);
  gcry_mpi_release (e);
  gcry_mpi_release (n_sq);
  gcry_mpi_release (u);
  gcry_mpi_release (Y);
  gcry_mpi_release (G);
  gcry_mpi_release (h);
}

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_SECRETSHARING_FairEncryption::c, elgamal_g, elgamal_p, elgamal_q, get_fair_encryption_challenge(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_SECRETSHARING_ELGAMAL_BITS, h, GNUNET_SECRETSHARING_FairEncryption::h, GNUNET_SECRETSHARING_FairEncryption::t1, GNUNET_SECRETSHARING_FairEncryption::t2, u, GNUNET_SECRETSHARING_FairEncryption::w, and GNUNET_SECRETSHARING_FairEncryption::z.

Referenced by insert_round2_element().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ insert_round2_element()

static void insert_round2_element ( struct KeygenSession * ks )

static

Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coefficients A_{i,l}=g^{a_{i,l}} (2) The exponentiated pre-shares y_{i,j}=g^{s_{i,j}} (3) The encrypted pre-shares Y_{i,j} (4) The zero knowledge proof for fairness of the encryption.

Parameters

ks	session to use

Definition at line 1258 of file gnunet-service-secretsharing.c.

{
  struct GNUNET_SET_Element *element;
  struct GNUNET_SECRETSHARING_KeygenRevealData *d;
  unsigned char *pos;
  unsigned char *last_pos;
  size_t element_size;
  unsigned int i;
  gcry_mpi_t idx;
  gcry_mpi_t v;
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n",
              ks->local_peer_idx);
 
  GNUNET_assert (NULL != (v = gcry_mpi_new (
                            GNUNET_SECRETSHARING_ELGAMAL_BITS)));
  GNUNET_assert (NULL != (idx = gcry_mpi_new (
                            GNUNET_SECRETSHARING_ELGAMAL_BITS)));
 
  element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData)
                  + sizeof(struct GNUNET_SECRETSHARING_FairEncryption)
                  * ks->num_peers
                  + GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * ks->threshold);
 
  element = GNUNET_malloc (sizeof(struct GNUNET_SET_Element) + element_size);
  element->size = element_size;
  element->data = (void *) &element[1];
 
  d = (void *) element->data;
  d->peer = my_peer;
 
  // start inserting vector elements
  // after the fixed part of the element's data
  pos = (void *) &d[1];
  last_pos = pos + element_size;
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n",
              ks->local_peer_idx);
 
  // encrypted pre-shares
  // and fair encryption proof
  {
    for (i = 0; i < ks->num_peers; i++)
    {
      ptrdiff_t remaining = last_pos - pos;
      struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *) pos;
 
      GNUNET_assert (remaining > 0);
      memset (fe, 0, sizeof *fe);
      if (GNUNET_YES == ks->info[i].round1_valid)
      {
        gcry_mpi_set_ui (idx, i + 1);
        // evaluate the polynomial
        horner_eval (v, ks->presecret_polynomial, ks->threshold, idx,
                     elgamal_q);
        // encrypt the result
        encrypt_fair (v, &ks->info[i].paillier_public_key, fe);
      }
      pos += sizeof *fe;
    }
  }
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n",
              ks->local_peer_idx);
 
  // exponentiated coefficients
  for (i = 0; i < ks->threshold; i++)
  {
    ptrdiff_t remaining = last_pos - pos;
    GNUNET_assert (remaining > 0);
    gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p);
    GNUNET_CRYPTO_mpi_print_unsigned (pos, GNUNET_SECRETSHARING_ELGAMAL_BITS
                                      / 8, v);
    pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8;
  }
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n",
              ks->local_peer_idx);
 
 
  d->purpose.size = htonl (element_size - offsetof (struct
                                                    GNUNET_SECRETSHARING_KeygenRevealData,
                                                    purpose));
  d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2);
  GNUNET_assert (GNUNET_OK ==
                 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
                                            &d->purpose,
                                            &d->signature));
 
  GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
  GNUNET_free (element);  /* FIXME: maybe stack-allocate instead? */
 
  gcry_mpi_release (v);
  gcry_mpi_release (idx);
}

References KeygenSession::consensus, d, GNUNET_SET_Element::data, elgamal_g, elgamal_p, elgamal_q, encrypt_fair(), GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign_(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, GNUNET_YES, horner_eval(), KeygenSession::info, KeygenSession::local_peer_idx, my_peer, my_peer_private_key, KeygenSession::num_peers, KeygenPeerInfo::paillier_public_key, KeygenSession::presecret_polynomial, KeygenPeerInfo::round1_valid, GNUNET_SET_Element::size, and KeygenSession::threshold.

Referenced by keygen_round1_conclude().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ keygen_reveal_get_exp_coeff()

static gcry_mpi_t keygen_reveal_get_exp_coeff	(	struct KeygenSession *	ks,
		const struct GNUNET_SECRETSHARING_KeygenRevealData *	d,
		unsigned int	idx
	)

static

Definition at line 1356 of file gnunet-service-secretsharing.c.

{
  unsigned char *pos;
  gcry_mpi_t exp_coeff;
 
  GNUNET_assert (idx < ks->threshold);
 
  pos = (void *) &d[1];
  // skip encrypted pre-shares
  pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers;
  // skip exp. coeffs we are not interested in
  pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx;
  // the first exponentiated coefficient is the public key share
  GNUNET_CRYPTO_mpi_scan_unsigned (&exp_coeff, pos,
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
  return exp_coeff;
}

References d, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SECRETSHARING_ELGAMAL_BITS, and KeygenSession::num_peers.

Referenced by keygen_round2_new_element().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ keygen_reveal_get_enc_preshare()

static struct GNUNET_SECRETSHARING_FairEncryption * keygen_reveal_get_enc_preshare	(	struct KeygenSession *	ks,
		const struct GNUNET_SECRETSHARING_KeygenRevealData *	d,
		unsigned int	idx
	)

static

Definition at line 1379 of file gnunet-service-secretsharing.c.

{
  unsigned char *pos;
 
  GNUNET_assert (idx < ks->num_peers);
 
  pos = (void *) &d[1];
  // skip encrypted pre-shares we're not interested in
  pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * idx;
  return (struct GNUNET_SECRETSHARING_FairEncryption *) pos;
}

References d, GNUNET_assert, and num_peers.

Referenced by keygen_reveal_get_exp_preshare(), and keygen_round2_new_element().

Here is the caller graph for this function:

◆ keygen_reveal_get_exp_preshare()

static gcry_mpi_t keygen_reveal_get_exp_preshare	(	struct KeygenSession *	ks,
		const struct GNUNET_SECRETSHARING_KeygenRevealData *	d,
		unsigned int	idx
	)

static

Definition at line 1396 of file gnunet-service-secretsharing.c.

{
  gcry_mpi_t exp_preshare;
  struct GNUNET_SECRETSHARING_FairEncryption *fe;
 
  GNUNET_assert (idx < ks->num_peers);
  fe = keygen_reveal_get_enc_preshare (ks, d, idx);
  GNUNET_CRYPTO_mpi_scan_unsigned (&exp_preshare, fe->h,
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
  return exp_preshare;
}

References d, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SECRETSHARING_FairEncryption::h, keygen_reveal_get_enc_preshare(), and num_peers.

Referenced by keygen_round2_new_element().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ keygen_round2_new_element()

static void keygen_round2_new_element	(	void *	cls,
		const struct GNUNET_SET_Element *	element
	)

static

Definition at line 1413 of file gnunet-service-secretsharing.c.

{
  struct KeygenSession *ks = cls;
  const struct GNUNET_SECRETSHARING_KeygenRevealData *d;
  struct KeygenPeerInfo *info;
  size_t expected_element_size;
  unsigned int j;
  int cmp_result;
  gcry_mpi_t tmp;
  gcry_mpi_t public_key_share;
  gcry_mpi_t preshare;
  gcry_mpi_t prod;
  gcry_mpi_t j_to_k;
 
  if (NULL == element)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n");
    return;
  }
 
  expected_element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData)
                           + sizeof(struct
                                    GNUNET_SECRETSHARING_FairEncryption)
                           * ks->num_peers
                           + GNUNET_SECRETSHARING_ELGAMAL_BITS / 8
                           * ks->threshold);
 
  if (element->size != expected_element_size)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "keygen round2 data with wrong size (%u) in consensus, %u expected\n",
                (unsigned int) element->size,
                (unsigned int) expected_element_size);
    return;
  }
 
  d = (const void *) element->data;
 
  info = get_keygen_peer_info (ks, &d->peer);
 
  if (NULL == info)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "keygen commit data with wrong peer identity (%s) in consensus\n",
                GNUNET_i2s (&d->peer));
    return;
  }
 
  if (GNUNET_NO == info->round1_valid)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "ignoring round2 element from peer with invalid round1 element (%s)\n",
                GNUNET_i2s (&d->peer));
    return;
  }
 
  if (GNUNET_YES == info->round2_valid)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "ignoring duplicate round2 element (%s)\n",
                GNUNET_i2s (&d->peer));
    return;
  }
 
  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round2 element\n");
 
  if (ntohl (d->purpose.size) !=
      element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData,
                                purpose))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "keygen reveal data with wrong signature purpose size in consensus\n");
    return;
  }
 
  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify_ (
        GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2,
        &d->purpose, &d->signature,
        &d->peer.public_key))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "keygen reveal data with invalid signature in consensus\n");
    return;
  }
 
  public_key_share = keygen_reveal_get_exp_coeff (ks, d, 0);
  info->preshare_commitment = keygen_reveal_get_exp_preshare (ks, d,
                                                              ks->local_peer_idx);
 
  if (NULL == ks->public_key)
  {
    GNUNET_assert (NULL != (ks->public_key = gcry_mpi_new (0)));
    gcry_mpi_set_ui (ks->public_key, 1);
  }
  gcry_mpi_mulm (ks->public_key, ks->public_key, public_key_share, elgamal_p);
 
  gcry_mpi_release (public_key_share);
  public_key_share = NULL;
 
  {
    struct GNUNET_SECRETSHARING_FairEncryption *fe =
      keygen_reveal_get_enc_preshare (ks, d, ks->local_peer_idx);
    GNUNET_assert (NULL != (preshare = gcry_mpi_new (0)));
    GNUNET_CRYPTO_paillier_decrypt (&ks->paillier_private_key,
                                    &ks->info[ks->local_peer_idx].
                                    paillier_public_key,
                                    &fe->c,
                                    preshare);
 
    // FIXME: not doing the restoration is less expensive
    restore_fair (&ks->info[ks->local_peer_idx].paillier_public_key,
                  fe,
                  preshare,
                  preshare);
  }
 
  GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
  gcry_mpi_powm (tmp, elgamal_g, preshare, elgamal_p);
 
  cmp_result = gcry_mpi_cmp (tmp, info->preshare_commitment);
  gcry_mpi_release (tmp);
  tmp = NULL;
  if (0 != cmp_result)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "P%u: Got invalid presecret from P%u\n",
                (unsigned int) ks->local_peer_idx, (unsigned int) (info
                                                                   - ks->info));
    return;
  }
 
  if (NULL == ks->my_share)
  {
    GNUNET_assert (NULL != (ks->my_share = gcry_mpi_new (0)));
  }
  gcry_mpi_addm (ks->my_share, ks->my_share, preshare, elgamal_q);
 
  for (j = 0; j < ks->num_peers; j++)
  {
    gcry_mpi_t presigma;
    if (NULL == ks->info[j].sigma)
    {
      GNUNET_assert (NULL != (ks->info[j].sigma = gcry_mpi_new (0)));
      gcry_mpi_set_ui (ks->info[j].sigma, 1);
    }
    presigma = keygen_reveal_get_exp_preshare (ks, d, j);
    gcry_mpi_mulm (ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p);
    gcry_mpi_release (presigma);
  }
 
  GNUNET_assert (NULL != (prod = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (j_to_k = gcry_mpi_new (0)));
  // validate that the polynomial sharing matches the additive sharing
  for (j = 0; j < ks->num_peers; j++)
  {
    unsigned int k;
    int cmp_result_tmp;
    gcry_mpi_t exp_preshare;
    gcry_mpi_set_ui (prod, 1);
    for (k = 0; k < ks->threshold; k++)
    {
      // Using pow(double,double) is a bit sketchy.
      // We count players from 1, but shares from 0.
      gcry_mpi_t tmp_exp;
      gcry_mpi_set_ui (j_to_k, (unsigned int) pow (j + 1, k));
      tmp_exp = keygen_reveal_get_exp_coeff (ks, d, k);
      gcry_mpi_powm (tmp_exp, tmp_exp, j_to_k, elgamal_p);
      gcry_mpi_mulm (prod, prod, tmp_exp, elgamal_p);
      gcry_mpi_release (tmp_exp);
    }
    exp_preshare = keygen_reveal_get_exp_preshare (ks, d, j);
    gcry_mpi_mod (exp_preshare, exp_preshare, elgamal_p);
    cmp_result_tmp = gcry_mpi_cmp (prod, exp_preshare);
    gcry_mpi_release (exp_preshare);
    exp_preshare = NULL;
    if (0 != cmp_result_tmp)
    {
      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                  "P%u: reveal data from P%u incorrect\n",
                  ks->local_peer_idx, j);
      /* no need for further verification, round2 stays invalid ... */
      return;
    }
  }
 
  // TODO: verify proof of fair encryption (once implemented)
  for (j = 0; j < ks->num_peers; j++)
  {
    struct GNUNET_SECRETSHARING_FairEncryption *fe =
      keygen_reveal_get_enc_preshare (ks, d, j);
    if (GNUNET_YES != verify_fair (&ks->info[j].paillier_public_key, fe))
    {
      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                  "P%u: reveal data from P%u incorrect (fair encryption)\n",
                  ks->local_peer_idx, j);
      return;
    }
  }
 
  info->round2_valid = GNUNET_YES;
 
  gcry_mpi_release (preshare);
  gcry_mpi_release (prod);
  gcry_mpi_release (j_to_k);
}

References GNUNET_SECRETSHARING_FairEncryption::c, d, GNUNET_SET_Element::data, elgamal_g, elgamal_p, elgamal_q, get_keygen_peer_info(), GNUNET_assert, GNUNET_CRYPTO_eddsa_verify_(), GNUNET_CRYPTO_paillier_decrypt(), GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, GNUNET_YES, info, KeygenSession::info, keygen_reveal_get_enc_preshare(), keygen_reveal_get_exp_coeff(), keygen_reveal_get_exp_preshare(), KeygenSession::local_peer_idx, KeygenSession::my_share, KeygenSession::num_peers, KeygenSession::paillier_private_key, KeygenPeerInfo::paillier_public_key, KeygenSession::public_key, GNUNET_SECRETSHARING_KeygenRevealData::purpose, restore_fair(), KeygenPeerInfo::sigma, GNUNET_SET_Element::size, KeygenSession::threshold, and verify_fair().

Referenced by keygen_round1_conclude().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ keygen_round1_conclude()

static void keygen_round1_conclude ( void * cls )

static

Called when the first consensus round has concluded.

Will initiate the second round.

Parameters

cls closure

Definition at line 1628 of file gnunet-service-secretsharing.c.

{
  struct KeygenSession *ks = cls;
 
  GNUNET_CONSENSUS_destroy (ks->consensus);
 
  ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers,
                                           &ks->session_id,
                                           time_between (ks->start_time,
                                                         ks->deadline, 1, 2),
                                           ks->deadline,
                                           keygen_round2_new_element, ks);
 
  insert_round2_element (ks);
 
  GNUNET_CONSENSUS_conclude (ks->consensus,
                             keygen_round2_conclude,
                             ks);
}

References cfg, KeygenSession::consensus, KeygenSession::deadline, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CONSENSUS_destroy(), insert_round2_element(), keygen_round2_conclude(), keygen_round2_new_element(), KeygenSession::num_peers, KeygenSession::peers, KeygenSession::session_id, KeygenSession::start_time, and time_between().

Referenced by handle_client_keygen().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ insert_round1_element()

static void insert_round1_element ( struct KeygenSession * ks )

static

Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given session.

Parameters

ks	session to use

Definition at line 1656 of file gnunet-service-secretsharing.c.

{
  struct GNUNET_SET_Element *element;
  struct GNUNET_SECRETSHARING_KeygenCommitData *d;
  // g^a_{i,0}
  gcry_mpi_t v;
  // big-endian representation of 'v'
  unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
 
  element = GNUNET_malloc (sizeof *element + sizeof *d);
  d = (void *) &element[1];
  element->data = d;
  element->size = sizeof *d;
 
  d->peer = my_peer;
 
  GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS)));
 
  gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p);
 
  GNUNET_CRYPTO_mpi_print_unsigned (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS
                                    / 8, v);
 
  GNUNET_CRYPTO_hash (v_data, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
                      &d->commitment);
 
  d->pubkey = ks->info[ks->local_peer_idx].paillier_public_key;
 
  d->purpose.size = htonl ((sizeof *d) - offsetof (struct
                                                   GNUNET_SECRETSHARING_KeygenCommitData,
                                                   purpose));
  d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1);
  GNUNET_assert (GNUNET_OK ==
                 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
                                            &d->purpose,
                                            &d->signature));
 
  GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
 
  gcry_mpi_release (v);
  GNUNET_free (element);
}

References KeygenSession::consensus, d, GNUNET_SET_Element::data, elgamal_g, elgamal_p, GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign_(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_free, GNUNET_malloc, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, KeygenSession::info, KeygenSession::local_peer_idx, my_peer, my_peer_private_key, KeygenPeerInfo::paillier_public_key, KeygenSession::presecret_polynomial, GNUNET_SECRETSHARING_KeygenCommitData::purpose, and GNUNET_SET_Element::size.

Referenced by handle_client_keygen().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ check_client_keygen()

static int check_client_keygen	(	void *	cls,
		const struct GNUNET_SECRETSHARING_CreateMessage *	msg
	)

static

Check that msg is well-formed.

Parameters

cls	identification of the client
msg	the actual message

Returns: GNUNET_OK if msg is well-formed

Definition at line 1708 of file gnunet-service-secretsharing.c.

{
  unsigned int num_peers = ntohs (msg->num_peers);
 
  if (ntohs (msg->header.size) - sizeof(*msg) !=
      num_peers * sizeof(struct GNUNET_PeerIdentity))
  {
    GNUNET_break (0);
    return GNUNET_SYSERR;
  }
  return GNUNET_OK;
}

References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, msg, num_peers, and GNUNET_MessageHeader::size.

◆ handle_client_keygen()

static void handle_client_keygen	(	void *	cls,
		const struct GNUNET_SECRETSHARING_CreateMessage *	msg
	)

static

Functions with this signature are called whenever a message is received.

Parameters

cls	identification of the client
msg	the actual message

Definition at line 1731 of file gnunet-service-secretsharing.c.

{
  struct ClientState *cs = cls;
  struct KeygenSession *ks;
 
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
              "client requested key generation\n");
  if (NULL != cs->keygen_session)
  {
    GNUNET_break (0);
    GNUNET_SERVICE_client_drop (cs->client);
    return;
  }
  ks = GNUNET_new (struct KeygenSession);
  ks->cs = cs;
  cs->keygen_session = ks;
  ks->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline);
  ks->threshold = ntohs (msg->threshold);
  ks->num_peers = ntohs (msg->num_peers);
 
  ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1],
                               ks->num_peers,
                               &ks->num_peers,
                               &ks->local_peer_idx);
 
 
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
              "first round of consensus with %u peers\n",
              ks->num_peers);
  ks->consensus = GNUNET_CONSENSUS_create (cfg,
                                           ks->num_peers,
                                           ks->peers,
                                           &msg->session_id,
                                           GNUNET_TIME_absolute_ntoh (
                                             msg->start),
                                           GNUNET_TIME_absolute_ntoh (
                                             msg->deadline),
                                           keygen_round1_new_element,
                                           ks);
 
  ks->info = GNUNET_new_array (ks->num_peers,
                               struct KeygenPeerInfo);
 
  for (unsigned int i = 0; i < ks->num_peers; i++)
    ks->info[i].peer = ks->peers[i];
 
  GNUNET_CRYPTO_paillier_create (
    &ks->info[ks->local_peer_idx].paillier_public_key,
    &ks->paillier_private_key);
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "P%u: Generated paillier key pair\n",
              ks->local_peer_idx);
  generate_presecret_polynomial (ks);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "P%u: Generated presecret polynomial\n",
              ks->local_peer_idx);
  insert_round1_element (ks);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "P%u: Concluding for round 1\n",
              ks->local_peer_idx);
  GNUNET_CONSENSUS_conclude (ks->consensus,
                             keygen_round1_conclude,
                             ks);
  GNUNET_SERVICE_client_continue (cs->client);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "P%u: Waiting for round 1 elements ...\n",
              ks->local_peer_idx);
}

References cfg, ClientState::client, KeygenSession::consensus, KeygenSession::cs, KeygenSession::deadline, generate_presecret_polynomial(), GNUNET_break, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CRYPTO_paillier_create(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_new, GNUNET_new_array, GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_TIME_absolute_ntoh(), KeygenSession::info, insert_round1_element(), keygen_round1_conclude(), keygen_round1_new_element(), ClientState::keygen_session, KeygenSession::local_peer_idx, msg, normalize_peers(), KeygenSession::num_peers, KeygenSession::paillier_private_key, KeygenPeerInfo::paillier_public_key, KeygenPeerInfo::peer, KeygenSession::peers, and KeygenSession::threshold.

Here is the call graph for this function:

◆ decrypt_conclude()

static void decrypt_conclude ( void * cls )

static

Called when the partial decryption consensus concludes.

Definition at line 1807 of file gnunet-service-secretsharing.c.

{
  struct DecryptSession *ds = cls;
  struct GNUNET_SECRETSHARING_DecryptResponseMessage *msg;
  struct GNUNET_MQ_Envelope *ev;
  gcry_mpi_t lagrange;
  gcry_mpi_t m;
  gcry_mpi_t tmp;
  gcry_mpi_t c_2;
  gcry_mpi_t prod;
  unsigned int *indices;
  unsigned int num;
  unsigned int i;
  unsigned int j;
 
  GNUNET_CONSENSUS_destroy (ds->consensus);
  ds->consensus = NULL;
 
  GNUNET_assert (0 != (lagrange = gcry_mpi_new (0)));
  GNUNET_assert (0 != (m = gcry_mpi_new (0)));
  GNUNET_assert (0 != (tmp = gcry_mpi_new (0)));
  GNUNET_assert (0 != (prod = gcry_mpi_new (0)));
 
  num = 0;
  for (i = 0; i < ds->share->num_peers; i++)
    if (NULL != ds->info[i].partial_decryption)
      num++;
 
  indices = GNUNET_new_array (num,
                              unsigned int);
  j = 0;
  for (i = 0; i < ds->share->num_peers; i++)
    if (NULL != ds->info[i].partial_decryption)
      indices[j++] = ds->info[i].original_index;
 
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
              "P%u: decrypt conclude, with %u peers\n",
              ds->share->my_peer,
              num);
 
  gcry_mpi_set_ui (prod, 1);
  for (i = 0; i < num; i++)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                "P%u: index of %u: %u\n",
                ds->share->my_peer, i, indices[i]);
    compute_lagrange_coefficient (lagrange, indices[i], indices, num);
    // w_i^{\lambda_i}
    gcry_mpi_powm (tmp, ds->info[indices[i]].partial_decryption, lagrange,
                   elgamal_p);
 
    // product of all exponentiated partiel decryptions ...
    gcry_mpi_mulm (prod, prod, tmp, elgamal_p);
  }
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&c_2, ds->ciphertext.c2_bits,
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
 
  GNUNET_assert (0 != gcry_mpi_invm (prod, prod, elgamal_p));
  gcry_mpi_mulm (m, c_2, prod, elgamal_p);
  ev = GNUNET_MQ_msg (msg,
                      GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE);
  GNUNET_CRYPTO_mpi_print_unsigned (&msg->plaintext,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m);
  msg->success = htonl (1);
  GNUNET_MQ_send (ds->cs->mq,
                  ev);
 
  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n");
 
  GNUNET_free (indices);
 
  gcry_mpi_release (lagrange);
  gcry_mpi_release (m);
  gcry_mpi_release (tmp);
  gcry_mpi_release (prod);
  gcry_mpi_release (c_2);
 
  // FIXME: what if not enough peers participated?
}

References compute_lagrange_coefficient(), ds, elgamal_p, GNUNET_assert, GNUNET_CONSENSUS_destroy(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_INFO, GNUNET_free, GNUNET_log, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_new_array, GNUNET_SECRETSHARING_ELGAMAL_BITS, m, and msg.

Referenced by handle_client_decrypt().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mpi_to_str()

static char * mpi_to_str ( gcry_mpi_t mpi )

static

Get a string representation of an MPI.

The caller must free the returned string.

Parameters

mpi	mpi to convert to a string

Returns: string representation of mpi, must be free'd by the caller

Definition at line 1897 of file gnunet-service-secretsharing.c.

{
  unsigned char *buf;
 
  GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, mpi));
  return (char *) buf;
}

References GNUNET_assert.

Referenced by decrypt_new_element(), and insert_decrypt_element().

Here is the caller graph for this function:

◆ decrypt_new_element()

static void decrypt_new_element	(	void *	cls,
		const struct GNUNET_SET_Element *	element
	)

static

Called when a new partial decryption arrives.

Definition at line 1910 of file gnunet-service-secretsharing.c.

{
  struct DecryptSession *session = cls;
  const struct GNUNET_SECRETSHARING_DecryptData *d;
  struct DecryptPeerInfo *info;
  struct GNUNET_HashCode challenge_hash;
 
  /* nizk response */
  gcry_mpi_t r;
  /* nizk challenge */
  gcry_mpi_t challenge;
  /* nizk commit1, g^\beta */
  gcry_mpi_t commit1;
  /* nizk commit2, c_1^\beta */
  gcry_mpi_t commit2;
  /* homomorphic commitment to the peer's share,
   * public key share */
  gcry_mpi_t sigma;
  /* partial decryption we received */
  gcry_mpi_t w;
  /* ciphertext component #1 */
  gcry_mpi_t c1;
  /* temporary variable (for comparison) #1 */
  gcry_mpi_t tmp1;
  /* temporary variable (for comparison) #2 */
  gcry_mpi_t tmp2;
 
  if (NULL == element)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n");
    /* FIXME: destroy */
    return;
  }
 
  if (element->size != sizeof *d)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "element of wrong size in decrypt consensus\n");
    return;
  }
 
  d = element->data;
 
  info = get_decrypt_peer_info (session, &d->peer);
 
  if (NULL == info)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "decrypt element from invalid peer (%s)\n",
                GNUNET_i2s (&d->peer));
    return;
  }
 
  if (NULL != info->partial_decryption)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n");
    return;
  }
 
  if (0 != GNUNET_memcmp (&d->ciphertext, &session->ciphertext))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "P%u: got decrypt element with non-matching ciphertext from P%u\n",
                (unsigned int) session->share->my_peer, (unsigned int) (info
                                                                        -
                                                                        session
                                                                        ->info));
 
    return;
  }
 
 
  GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData,
                                ciphertext) + (char *) d,
                      offsetof (struct GNUNET_SECRETSHARING_DecryptData,
                                nizk_response)
                      - offsetof (struct GNUNET_SECRETSHARING_DecryptData,
                                  ciphertext),
                      &challenge_hash);
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash,
                                   sizeof(struct GNUNET_HashCode));
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &session->share->sigmas[info
                                                                   - session->
                                                                   info],
                                   sizeof(struct
                                          GNUNET_SECRETSHARING_FieldElement));
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&c1, session->ciphertext.c1_bits,
                                   sizeof(struct
                                          GNUNET_SECRETSHARING_FieldElement));
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&commit1, &d->nizk_commit1,
                                   sizeof(struct
                                          GNUNET_SECRETSHARING_FieldElement));
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&commit2, &d->nizk_commit2,
                                   sizeof(struct
                                          GNUNET_SECRETSHARING_FieldElement));
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&r, &d->nizk_response,
                                   sizeof(struct
                                          GNUNET_SECRETSHARING_FieldElement));
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&w, &d->partial_decryption,
                                   sizeof(struct
                                          GNUNET_SECRETSHARING_FieldElement));
 
  GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
 
  // tmp1 = g^r
  gcry_mpi_powm (tmp1, elgamal_g, r, elgamal_p);
 
  // tmp2 = g^\beta * \sigma^challenge
  gcry_mpi_powm (tmp2, sigma, challenge, elgamal_p);
  gcry_mpi_mulm (tmp2, tmp2, commit1, elgamal_p);
 
  if (0 != gcry_mpi_cmp (tmp1, tmp2))
  {
    char *tmp1_str;
    char *tmp2_str;
 
    tmp1_str = mpi_to_str (tmp1);
    tmp2_str = mpi_to_str (tmp2);
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n",
                session->share->my_peer,
                (unsigned int) (info - session->info),
                tmp1_str,
                tmp2_str);
    GNUNET_free (tmp1_str);
    GNUNET_free (tmp2_str);
    goto cleanup;
  }
 
 
  gcry_mpi_powm (tmp1, c1, r, elgamal_p);
 
  gcry_mpi_powm (tmp2, w, challenge, elgamal_p);
  gcry_mpi_mulm (tmp2, tmp2, commit2, elgamal_p);
 
 
  if (0 != gcry_mpi_cmp (tmp1, tmp2))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "P%u: Received invalid partial decryption from P%u (eqn 2)\n",
                session->share->my_peer,
                (unsigned int) (info - session->info));
    goto cleanup;
  }
 
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&info->partial_decryption,
                                   &d->partial_decryption,
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
cleanup:
  gcry_mpi_release (tmp1);
  gcry_mpi_release (tmp2);
  gcry_mpi_release (sigma);
  gcry_mpi_release (commit1);
  gcry_mpi_release (commit2);
  gcry_mpi_release (r);
  gcry_mpi_release (w);
  gcry_mpi_release (challenge);
  gcry_mpi_release (c1);
}

References GNUNET_SECRETSHARING_Ciphertext::c1_bits, DecryptSession::ciphertext, cleanup(), d, GNUNET_SET_Element::data, elgamal_g, elgamal_p, get_decrypt_peer_info(), GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_memcmp, GNUNET_SECRETSHARING_ELGAMAL_BITS, info, DecryptSession::info, mpi_to_str(), GNUNET_SECRETSHARING_Share::my_peer, DecryptSession::share, GNUNET_SECRETSHARING_Share::sigmas, and GNUNET_SET_Element::size.

Referenced by handle_client_decrypt().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ insert_decrypt_element()

static void insert_decrypt_element ( struct DecryptSession * ds )

static

Definition at line 2082 of file gnunet-service-secretsharing.c.

{
  struct GNUNET_SECRETSHARING_DecryptData d;
  struct GNUNET_SET_Element element;
  /* our share */
  gcry_mpi_t s;
  /* partial decryption with our share */
  gcry_mpi_t w;
  /* first component of the elgamal ciphertext */
  gcry_mpi_t c1;
  /* nonce for dlog zkp */
  gcry_mpi_t beta;
  gcry_mpi_t tmp;
  gcry_mpi_t challenge;
  gcry_mpi_t sigma;
  struct GNUNET_HashCode challenge_hash;
 
  /* make vagrind happy until we implement the real deal ... */
  memset (&d, 0, sizeof d);
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n",
              ds->share->my_peer);
 
  GNUNET_assert (ds->share->my_peer < ds->share->num_peers);
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&c1, &ds->ciphertext.c1_bits,
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
  GNUNET_CRYPTO_mpi_scan_unsigned (&s, &ds->share->my_share,
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
  GNUNET_CRYPTO_mpi_scan_unsigned (&sigma,
                                   &ds->share->sigmas[ds->share->my_peer],
                                   GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
 
  GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (beta = gcry_mpi_new (0)));
  GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
 
  // FIXME: unnecessary, remove once crypto works
  gcry_mpi_powm (tmp, elgamal_g, s, elgamal_p);
  if (0 != gcry_mpi_cmp (tmp, sigma))
  {
    char *sigma_str = mpi_to_str (sigma);
    char *tmp_str = mpi_to_str (tmp);
    char *s_str = mpi_to_str (s);
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "Share of P%u is invalid, ref sigma %s, "
                "computed sigma %s, s %s\n",
                ds->share->my_peer,
                sigma_str, tmp_str, s_str);
    GNUNET_free (sigma_str);
    GNUNET_free (tmp_str);
    GNUNET_free (s_str);
  }
 
  gcry_mpi_powm (w, c1, s, elgamal_p);
 
  element.data = (void *) &d;
  element.size = sizeof(struct GNUNET_SECRETSHARING_DecryptData);
  element.element_type = 0;
 
  d.ciphertext = ds->ciphertext;
  d.peer = my_peer;
  GNUNET_CRYPTO_mpi_print_unsigned (&d.partial_decryption,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, w);
 
  // create the zero knowledge proof
  // randomly choose beta such that 0 < beta < q
  do
  {
    gcry_mpi_randomize (beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1,
                        GCRY_WEAK_RANDOM);
  }
  while ((gcry_mpi_cmp_ui (beta, 0) == 0) || (gcry_mpi_cmp (beta, elgamal_q) >=
                                              0));
  // tmp = g^beta
  gcry_mpi_powm (tmp, elgamal_g, beta, elgamal_p);
  GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit1,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
  // tmp = (c_1)^beta
  gcry_mpi_powm (tmp, c1, beta, elgamal_p);
  GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit2,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
 
  // the challenge is the hash of everything up to the response
  GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData,
                                ciphertext) + (char *) &d,
                      offsetof (struct GNUNET_SECRETSHARING_DecryptData,
                                nizk_response)
                      - offsetof (struct GNUNET_SECRETSHARING_DecryptData,
                                  ciphertext),
                      &challenge_hash);
 
  GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash,
                                   sizeof(struct GNUNET_HashCode));
 
  // compute the response in tmp,
  // tmp = (c * s + beta) mod q
  gcry_mpi_mulm (tmp, challenge, s, elgamal_q);
  gcry_mpi_addm (tmp, tmp, beta, elgamal_q);
 
  GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_response,
                                    GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, tmp);
 
  d.purpose.size = htonl (element.size - offsetof (struct
                                                   GNUNET_SECRETSHARING_DecryptData,
                                                   purpose));
  d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION);
 
  GNUNET_assert (GNUNET_OK ==
                 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
                                            &d.purpose,
                                            &d.signature));
 
  GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "P%u: Inserting decrypt element done!\n",
              ds->share->my_peer);
 
  gcry_mpi_release (s);
  gcry_mpi_release (w);
  gcry_mpi_release (c1);
  gcry_mpi_release (beta);
  gcry_mpi_release (tmp);
  gcry_mpi_release (challenge);
  gcry_mpi_release (sigma);
}

References beta, GNUNET_SECRETSHARING_DecryptData::ciphertext, d, GNUNET_SET_Element::data, ds, GNUNET_SET_Element::element_type, elgamal_g, elgamal_p, elgamal_q, GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign_(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION, mpi_to_str(), my_peer, my_peer_private_key, GNUNET_SECRETSHARING_DecryptData::nizk_response, GNUNET_SECRETSHARING_DecryptData::purpose, and GNUNET_SET_Element::size.

Referenced by handle_client_decrypt().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ check_client_decrypt()

static int check_client_decrypt	(	void *	cls,
		const struct GNUNET_SECRETSHARING_DecryptRequestMessage *	msg
	)

static

Check that msg is well-formed.

Parameters

cls	identification of the client
msg	the actual message

Returns: GNUNET_OK (check deferred a bit)

Definition at line 2218 of file gnunet-service-secretsharing.c.

{
  /* we check later, it's complicated */
  return GNUNET_OK;
}

References GNUNET_OK.

◆ handle_client_decrypt()

static void handle_client_decrypt	(	void *	cls,
		const struct GNUNET_SECRETSHARING_DecryptRequestMessage *	msg
	)

static

Functions with this signature are called whenever a message is received.

Parameters

cls	identification of the client
msg	the actual message

Definition at line 2235 of file gnunet-service-secretsharing.c.

{
  struct ClientState *cs = cls;
  struct DecryptSession *ds;
  struct GNUNET_HashCode session_id;
 
  if (NULL != cs->decrypt_session)
  {
    GNUNET_break (0);
    GNUNET_SERVICE_client_drop (cs->client);
    return;
  }
  ds = GNUNET_new (struct DecryptSession);
  cs->decrypt_session = ds;
  ds->cs = cs;
  ds->start = GNUNET_TIME_absolute_ntoh (msg->start);
  ds->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline);
  ds->ciphertext = msg->ciphertext;
 
  ds->share = GNUNET_SECRETSHARING_share_read (&msg[1],
                                               ntohs (msg->header.size)
                                               - sizeof(*msg),
                                               NULL);
  if (NULL == ds->share)
  {
    GNUNET_break (0);
    GNUNET_SERVICE_client_drop (cs->client);
    return;
  }
 
  /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */
  GNUNET_CRYPTO_hash (&msg->ciphertext,
                      sizeof(struct GNUNET_SECRETSHARING_Ciphertext),
                      &session_id);
  ds->consensus = GNUNET_CONSENSUS_create (cfg,
                                           ds->share->num_peers,
                                           ds->share->peers,
                                           &session_id,
                                           ds->start,
                                           ds->deadline,
                                           &decrypt_new_element,
                                           ds);
 
 
  ds->info = GNUNET_new_array (ds->share->num_peers,
                               struct DecryptPeerInfo);
  for (unsigned int i = 0; i < ds->share->num_peers; i++)
  {
    ds->info[i].peer = ds->share->peers[i];
    ds->info[i].original_index = ds->share->original_indices[i];
  }
  insert_decrypt_element (ds);
  GNUNET_CONSENSUS_conclude (ds->consensus,
                             decrypt_conclude,
                             ds);
  GNUNET_SERVICE_client_continue (cs->client);
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
              "decrypting with %u peers\n",
              ds->share->num_peers);
}

References cfg, ClientState::client, decrypt_conclude(), decrypt_new_element(), ClientState::decrypt_session, ds, GNUNET_break, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_new, GNUNET_new_array, GNUNET_SECRETSHARING_share_read(), GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_TIME_absolute_ntoh(), insert_decrypt_element(), msg, and GNUNET_MessageHeader::size.

Here is the call graph for this function:

◆ init_crypto_constants()

static void init_crypto_constants ( void )

static

Definition at line 2300 of file gnunet-service-secretsharing.c.

{
  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX,
                                     GNUNET_SECRETSHARING_ELGAMAL_Q_HEX, 0,
                                     NULL));
  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX,
                                     GNUNET_SECRETSHARING_ELGAMAL_P_HEX, 0,
                                     NULL));
  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX,
                                     GNUNET_SECRETSHARING_ELGAMAL_G_HEX, 0,
                                     NULL));
}

References elgamal_g, elgamal_p, elgamal_q, GNUNET_assert, GNUNET_SECRETSHARING_ELGAMAL_G_HEX, GNUNET_SECRETSHARING_ELGAMAL_P_HEX, and GNUNET_SECRETSHARING_ELGAMAL_Q_HEX.

Referenced by run().

Here is the caller graph for this function:

◆ run()

static void run	(	void *	cls,
		const struct GNUNET_CONFIGURATION_Handle *	c,
		struct GNUNET_SERVICE_Handle *	service
	)

static

Initialize secretsharing service.

Parameters

cls	closure
c	configuration to use
service	the initialized service

Definition at line 2322 of file gnunet-service-secretsharing.c.

{
  cfg = c;
  my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (c);
  if (NULL == my_peer_private_key)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "could not access host private key\n");
    GNUNET_break (0);
    GNUNET_SCHEDULER_shutdown ();
    return;
  }
  init_crypto_constants ();
  if (GNUNET_OK !=
      GNUNET_CRYPTO_get_peer_identity (cfg,
                                       &my_peer))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "could not retrieve host identity\n");
    GNUNET_break (0);
    GNUNET_SCHEDULER_shutdown ();
    return;
  }
  GNUNET_SCHEDULER_add_shutdown (&cleanup_task,
                                 NULL);
}

References cfg, cleanup_task(), GNUNET_break, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SCHEDULER_add_shutdown(), GNUNET_SCHEDULER_shutdown(), init_crypto_constants(), my_peer, and my_peer_private_key.

Here is the call graph for this function:

◆ client_connect_cb()

static void * client_connect_cb	(	void *	cls,
		struct GNUNET_SERVICE_Client *	c,
		struct GNUNET_MQ_Handle *	mq
	)

static

Callback called when a client connects to the service.

Parameters

cls	closure for the service
c	the new client that connected to the service
mq	the message queue used to send messages to the client

Returns: c

Definition at line 2361 of file gnunet-service-secretsharing.c.

{
  struct ClientState *cs = GNUNET_new (struct ClientState);;
 
  cs->client = c;
  cs->mq = mq;
  return cs;
}

References ClientState::client, GNUNET_new, mq, and ClientState::mq.

◆ client_disconnect_cb()

static void client_disconnect_cb	(	void *	cls,
		struct GNUNET_SERVICE_Client *	c,
		void *	internal_cls
	)

static

Callback called when a client disconnected from the service.

Parameters

cls	closure for the service
c	the client that disconnected
internal_cls	should be equal to c

Definition at line 2381 of file gnunet-service-secretsharing.c.

{
  struct ClientState *cs = internal_cls;
 
  if (NULL != cs->keygen_session)
    keygen_session_destroy (cs->keygen_session);
 
  if (NULL != cs->decrypt_session)
    decrypt_session_destroy (cs->decrypt_session);
  GNUNET_free (cs);
}

References ClientState::decrypt_session, decrypt_session_destroy(), GNUNET_free, ClientState::keygen_session, and keygen_session_destroy().

Here is the call graph for this function:

◆ GNUNET_SERVICE_MAIN()

GNUNET_SERVICE_MAIN	(	GNUNET_OS_project_data_gnunet()	,
		"secretsharing"	,
		GNUNET_SERVICE_OPTION_NONE	,
		&	run,
		&	client_connect_cb,
		&	client_disconnect_cb,
		NULL	,
		GNUNET_MQ_hd_var_size(client_keygen, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, struct GNUNET_SECRETSHARING_CreateMessage, NULL)	,
		GNUNET_MQ_hd_var_size(client_decrypt, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, struct GNUNET_SECRETSHARING_DecryptRequestMessage, NULL)	,
		GNUNET_MQ_handler_end()
	)