GNUnet  0.10.x
Data Structures | Macros | Functions | Variables
gnunet-service-secretsharing.c File Reference

secret sharing service More...

#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_time_lib.h"
#include "gnunet_signatures.h"
#include "gnunet_consensus_service.h"
#include "secretsharing.h"
#include "secretsharing_protocol.h"
#include <gcrypt.h>
Include dependency graph for gnunet-service-secretsharing.c:

Go to the source code of this file.

Data Structures

struct  KeygenPeerInfo
 Info about a peer in a key generation session. More...
 
struct  DecryptPeerInfo
 Information about a peer in a decrypt session. More...
 
struct  KeygenSession
 Session to establish a threshold-shared secret. More...
 
struct  DecryptSession
 Session to cooperatively decrypt a value. More...
 
struct  ClientState
 State we keep per client. More...
 

Macros

#define EXTRA_CHECKS   1
 

Functions

static struct KeygenPeerInfoget_keygen_peer_info (const struct KeygenSession *ks, const struct GNUNET_PeerIdentity *peer)
 Get the peer info belonging to a peer identity in a keygen session. More...
 
static struct DecryptPeerInfoget_decrypt_peer_info (const struct DecryptSession *ds, const struct GNUNET_PeerIdentity *peer)
 Get the peer info belonging to a peer identity in a decrypt session. More...
 
static struct GNUNET_TIME_Absolute time_between (struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end, int num, int denum)
 Interpolate between two points in time. More...
 
static int peer_id_cmp (const void *p1, const void *p2)
 Compare two peer identities. More...
 
static int peer_find (const struct GNUNET_PeerIdentity *haystack, unsigned int n, const struct GNUNET_PeerIdentity *needle)
 Get the index of a peer in an array of peers. More...
 
static struct GNUNET_PeerIdentitynormalize_peers (struct GNUNET_PeerIdentity *listed, unsigned int num_listed, unsigned int *num_normalized, unsigned int *my_peer_idx)
 Normalize the given list of peers, by including the local peer (if it is missing) and sorting the peers by their identity. More...
 
static void compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, unsigned int *indices, unsigned int num)
 Get a the j-th lagrange coefficient for a set of indices. More...
 
static void decrypt_session_destroy (struct DecryptSession *ds)
 Destroy a decrypt session, removing it from the linked list of decrypt sessions. More...
 
static void keygen_info_destroy (struct KeygenPeerInfo *info)
 
static void keygen_session_destroy (struct KeygenSession *ks)
 
static void cleanup_task (void *cls)
 Task run during shutdown. More...
 
static void generate_presecret_polynomial (struct KeygenSession *ks)
 Generate the random coefficients of our pre-secret polynomial. More...
 
static void keygen_round1_new_element (void *cls, const struct GNUNET_SET_Element *element)
 Consensus element handler for round one. More...
 
static void horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m)
 Evaluate the polynomial with coefficients coeff at x. More...
 
static void keygen_round2_conclude (void *cls)
 
static void restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t x, gcry_mpi_t xres)
 
static void get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t *e)
 
static int verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe)
 
static void encrypt_fair (gcry_mpi_t v, const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, struct GNUNET_SECRETSHARING_FairEncryption *fe)
 Create a fair Paillier encryption of then given ciphertext. More...
 
static void insert_round2_element (struct KeygenSession *ks)
 Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coefficients A_{i,l}=g^{a_{i,l}} (2) The exponentiated pre-shares y_{i,j}=g^{s_{i,j}} (3) The encrypted pre-shares Y_{i,j} (4) The zero knowledge proof for fairness of the encryption. More...
 
static gcry_mpi_t keygen_reveal_get_exp_coeff (struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
 
static struct GNUNET_SECRETSHARING_FairEncryptionkeygen_reveal_get_enc_preshare (struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
 
static gcry_mpi_t keygen_reveal_get_exp_preshare (struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
 
static void keygen_round2_new_element (void *cls, const struct GNUNET_SET_Element *element)
 
static void keygen_round1_conclude (void *cls)
 Called when the first consensus round has concluded. More...
 
static void insert_round1_element (struct KeygenSession *ks)
 Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given session. More...
 
static int check_client_keygen (void *cls, const struct GNUNET_SECRETSHARING_CreateMessage *msg)
 Check that msg is well-formed. More...
 
static void handle_client_keygen (void *cls, const struct GNUNET_SECRETSHARING_CreateMessage *msg)
 Functions with this signature are called whenever a message is received. More...
 
static void decrypt_conclude (void *cls)
 Called when the partial decryption consensus concludes. More...
 
static char * mpi_to_str (gcry_mpi_t mpi)
 Get a string representation of an MPI. More...
 
static void decrypt_new_element (void *cls, const struct GNUNET_SET_Element *element)
 Called when a new partial decryption arrives. More...
 
static void insert_decrypt_element (struct DecryptSession *ds)
 
static int check_client_decrypt (void *cls, const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
 Check that msg is well-formed. More...
 
static void handle_client_decrypt (void *cls, const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
 Functions with this signature are called whenever a message is received. More...
 
static void init_crypto_constants (void)
 
static void run (void *cls, const struct GNUNET_CONFIGURATION_Handle *c, struct GNUNET_SERVICE_Handle *service)
 Initialize secretsharing service. More...
 
static void * client_connect_cb (void *cls, struct GNUNET_SERVICE_Client *c, struct GNUNET_MQ_Handle *mq)
 Callback called when a client connects to the service. More...
 
static void client_disconnect_cb (void *cls, struct GNUNET_SERVICE_Client *c, void *internal_cls)
 Callback called when a client disconnected from the service. More...
 
 GNUNET_SERVICE_MAIN ("secretsharing", GNUNET_SERVICE_OPTION_NONE, &run, &client_connect_cb, &client_disconnect_cb, NULL, GNUNET_MQ_hd_var_size(client_keygen, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, struct GNUNET_SECRETSHARING_CreateMessage, NULL), GNUNET_MQ_hd_var_size(client_decrypt, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, struct GNUNET_SECRETSHARING_DecryptRequestMessage, NULL), GNUNET_MQ_handler_end())
 Define "main" method using service macro. More...
 

Variables

static gcry_mpi_t elgamal_q
 The ElGamal prime field order as libgcrypt mpi. More...
 
static gcry_mpi_t elgamal_p
 Modulus of the prime field used for ElGamal. More...
 
static gcry_mpi_t elgamal_g
 Generator for prime field of order 'elgamal_q'. More...
 
static struct GNUNET_PeerIdentity my_peer
 Peer that runs this service. More...
 
static struct GNUNET_CRYPTO_EddsaPrivateKeymy_peer_private_key
 Peer that runs this service. More...
 
static const struct GNUNET_CONFIGURATION_Handlecfg
 Configuration of this service. More...
 

Detailed Description

secret sharing service

Author
Florian Dold

Definition in file gnunet-service-secretsharing.c.

Macro Definition Documentation

◆ EXTRA_CHECKS

#define EXTRA_CHECKS   1

Definition at line 36 of file gnunet-service-secretsharing.c.

Function Documentation

◆ get_keygen_peer_info()

static struct KeygenPeerInfo* get_keygen_peer_info ( const struct KeygenSession ks,
const struct GNUNET_PeerIdentity peer 
)
static

Get the peer info belonging to a peer identity in a keygen session.

Parameters
ksThe keygen session.
peerThe peer identity.
Returns
The Keygen peer info, or NULL if the peer could not be found.

Definition at line 328 of file gnunet-service-secretsharing.c.

References GNUNET_memcmp, KeygenSession::info, KeygenSession::num_peers, and KeygenPeerInfo::peer.

Referenced by keygen_round1_new_element(), and keygen_round2_new_element().

330 {
331  unsigned int i;
332  for (i = 0; i < ks->num_peers; i++)
333  if (0 == GNUNET_memcmp (peer, &ks->info[i].peer))
334  return &ks->info[i];
335  return NULL;
336 }
unsigned int num_peers
Total number of peers.
struct KeygenPeerInfo * info
Information about all participating peers.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
struct GNUNET_PeerIdentity peer
Peer identity of the peer.
Here is the caller graph for this function:

◆ get_decrypt_peer_info()

static struct DecryptPeerInfo* get_decrypt_peer_info ( const struct DecryptSession ds,
const struct GNUNET_PeerIdentity peer 
)
static

Get the peer info belonging to a peer identity in a decrypt session.

Parameters
dsThe decrypt session.
peerThe peer identity.
Returns
The decrypt peer info, or NULL if the peer could not be found.

Definition at line 347 of file gnunet-service-secretsharing.c.

References GNUNET_memcmp, DecryptSession::info, GNUNET_SECRETSHARING_Share::num_peers, DecryptPeerInfo::peer, and DecryptSession::share.

Referenced by decrypt_new_element().

349 {
350  unsigned int i;
351  for (i = 0; i < ds->share->num_peers; i++)
352  if (0 == GNUNET_memcmp (peer, &ds->info[i].peer))
353  return &ds->info[i];
354  return NULL;
355 }
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
struct GNUNET_PeerIdentity peer
Identity of the peer.
struct DecryptPeerInfo * info
State information about other peers.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
uint16_t num_peers
Peers that have the share.
Here is the caller graph for this function:

◆ time_between()

static struct GNUNET_TIME_Absolute time_between ( struct GNUNET_TIME_Absolute  start,
struct GNUNET_TIME_Absolute  end,
int  num,
int  denum 
)
static

Interpolate between two points in time.

Parameters
startstart time
endend time
numnumerator of the scale factor
denumdenumerator of the scale factor

Definition at line 367 of file gnunet-service-secretsharing.c.

References GNUNET_TIME_Absolute::abs_value_us, end, GNUNET_assert, result, and start.

Referenced by keygen_round1_conclude().

370 {
372  uint64_t diff;
373 
374  GNUNET_assert (start.abs_value_us <= end.abs_value_us);
375  diff = end.abs_value_us - start.abs_value_us;
376  result.abs_value_us = start.abs_value_us + ((diff * num) / denum);
377 
378  return result;
379 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
uint64_t abs_value_us
The actual value.
static int result
Global testing status.
Time for absolute times used by GNUnet, in microseconds.
Here is the caller graph for this function:

◆ peer_id_cmp()

static int peer_id_cmp ( const void *  p1,
const void *  p2 
)
static

Compare two peer identities.

Indended to be used with qsort or bsearch.

Parameters
p1Some peer identity.
p2Some peer identity.
Returns
1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2.

Definition at line 390 of file gnunet-service-secretsharing.c.

Referenced by normalize_peers().

391 {
392  return memcmp (p1,
393  p2,
394  sizeof (struct GNUNET_PeerIdentity));
395 }
The identity of the host (wraps the signing key of the peer).
Here is the caller graph for this function:

◆ peer_find()

static int peer_find ( const struct GNUNET_PeerIdentity haystack,
unsigned int  n,
const struct GNUNET_PeerIdentity needle 
)
static

Get the index of a peer in an array of peers.

Parameters
haystackArray of peers.
nSize of haystack.
needlePeer to find
Returns
Index of needle in haystack, or -1 if peer is not in the list.

Definition at line 408 of file gnunet-service-secretsharing.c.

References GNUNET_memcmp.

Referenced by normalize_peers().

410 {
411  unsigned int i;
412 
413  for (i = 0; i < n; i++)
414  if (0 == GNUNET_memcmp (&haystack[i],
415  needle))
416  return i;
417  return -1;
418 }
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
Here is the caller graph for this function:

◆ normalize_peers()

static struct GNUNET_PeerIdentity* normalize_peers ( struct GNUNET_PeerIdentity listed,
unsigned int  num_listed,
unsigned int *  num_normalized,
unsigned int *  my_peer_idx 
)
static

Normalize the given list of peers, by including the local peer (if it is missing) and sorting the peers by their identity.

Parameters
listedPeers in the unnormalized list.
num_listedPeers in the un-normalized list.
[out]num_normalizedNumber of peers in the normalized list.
[out]my_peer_idxIndex of the local peer in the normalized list.
Returns
Normalized list, must be free'd by the caller.

Definition at line 432 of file gnunet-service-secretsharing.c.

References GNUNET_memcpy, GNUNET_new_array, GNUNET_NO, GNUNET_YES, my_peer, peer_find(), and peer_id_cmp().

Referenced by handle_client_keygen().

436 {
437  unsigned int local_peer_in_list;
438  /* number of peers in the normalized list */
439  unsigned int n;
440  struct GNUNET_PeerIdentity *normalized;
441 
442  local_peer_in_list = GNUNET_YES;
443  n = num_listed;
444  if (peer_find (listed, num_listed, &my_peer) < 0)
445  {
446  local_peer_in_list = GNUNET_NO;
447  n += 1;
448  }
449 
450  normalized = GNUNET_new_array (n,
451  struct GNUNET_PeerIdentity);
452 
453  if (GNUNET_NO == local_peer_in_list)
454  normalized[n - 1] = my_peer;
455 
456  GNUNET_memcpy (normalized,
457  listed,
458  num_listed * sizeof (struct GNUNET_PeerIdentity));
459  qsort (normalized,
460  n,
461  sizeof (struct GNUNET_PeerIdentity),
462  &peer_id_cmp);
463 
464  if (NULL != my_peer_idx)
465  *my_peer_idx = peer_find (normalized, n, &my_peer);
466  if (NULL != num_normalized)
467  *num_normalized = n;
468 
469  return normalized;
470 }
static int peer_id_cmp(const void *p1, const void *p2)
Compare two peer identities.
static int peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n, const struct GNUNET_PeerIdentity *needle)
Get the index of a peer in an array of peers.
#define GNUNET_NO
Definition: gnunet_common.h:81
#define GNUNET_memcpy(dst, src, n)
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
The identity of the host (wraps the signing key of the peer).
#define GNUNET_YES
Definition: gnunet_common.h:80
Here is the call graph for this function:
Here is the caller graph for this function:

◆ compute_lagrange_coefficient()

static void compute_lagrange_coefficient ( gcry_mpi_t  coeff,
unsigned int  j,
unsigned int *  indices,
unsigned int  num 
)
static

Get a the j-th lagrange coefficient for a set of indices.

Parameters
[out]coeffthe lagrange coefficient
jlagrange coefficient we want to compute
indicesindices
numnumber of indices in indices

Definition at line 482 of file gnunet-service-secretsharing.c.

References elgamal_q, GNUNET_assert, and l.

Referenced by decrypt_conclude().

485 {
486  unsigned int i;
487  /* numerator */
488  gcry_mpi_t n;
489  /* denominator */
490  gcry_mpi_t d;
491  /* temp value for l-j */
492  gcry_mpi_t tmp;
493 
494  GNUNET_assert (0 != coeff);
495 
496  GNUNET_assert (0 != (n = gcry_mpi_new (0)));
497  GNUNET_assert (0 != (d = gcry_mpi_new (0)));
498  GNUNET_assert (0 != (tmp = gcry_mpi_new (0)));
499 
500  gcry_mpi_set_ui (n, 1);
501  gcry_mpi_set_ui (d, 1);
502 
503  for (i = 0; i < num; i++)
504  {
505  unsigned int l = indices[i];
506  if (l == j)
507  continue;
508  gcry_mpi_mul_ui (n, n, l + 1);
509  // d <- d * (l-j)
510  gcry_mpi_set_ui (tmp, l + 1);
511  gcry_mpi_sub_ui (tmp, tmp, j + 1);
512  gcry_mpi_mul (d, d, tmp);
513  }
514 
515  // gcry_mpi_invm does not like negative numbers ...
516  gcry_mpi_mod (d, d, elgamal_q);
517 
518  GNUNET_assert (gcry_mpi_cmp_ui (d, 0) > 0);
519 
520  // now we do the actual division, with everything mod q, as we
521  // are not operating on elements from <g>, but on exponents
522  GNUNET_assert (0 != gcry_mpi_invm (d, d, elgamal_q));
523 
524  gcry_mpi_mulm (coeff, n, d, elgamal_q);
525 
526  gcry_mpi_release (n);
527  gcry_mpi_release (d);
528  gcry_mpi_release (tmp);
529 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct LoggingHandle * l
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
Here is the caller graph for this function:

◆ decrypt_session_destroy()

static void decrypt_session_destroy ( struct DecryptSession ds)
static

Destroy a decrypt session, removing it from the linked list of decrypt sessions.

Parameters
dsdecrypt session to destroy

Definition at line 539 of file gnunet-service-secretsharing.c.

References DecryptSession::consensus, DecryptSession::cs, ClientState::decrypt_session, GNUNET_CONSENSUS_destroy(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_SECRETSHARING_share_destroy(), DecryptSession::info, GNUNET_SECRETSHARING_Share::num_peers, DecryptPeerInfo::partial_decryption, and DecryptSession::share.

Referenced by client_disconnect_cb().

540 {
542  "destroying decrypt session\n");
543  if (NULL != ds->cs)
544  {
545  ds->cs->decrypt_session = NULL;
546  ds->cs = NULL;
547  }
548  if (NULL != ds->consensus)
549  {
551  ds->consensus = NULL;
552  }
553 
554  if (NULL != ds->info)
555  {
556  for (unsigned int i = 0; i < ds->share->num_peers; i++)
557  {
558  if (NULL != ds->info[i].partial_decryption)
559  {
560  gcry_mpi_release (ds->info[i].partial_decryption);
561  ds->info[i].partial_decryption = NULL;
562  }
563  }
564  GNUNET_free (ds->info);
565  ds->info = NULL;
566  }
567  if (NULL != ds->share)
568  {
570  ds->share = NULL;
571  }
572 
573  GNUNET_free (ds);
574 }
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
void GNUNET_SECRETSHARING_share_destroy(struct GNUNET_SECRETSHARING_Share *share)
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
gcry_mpi_t partial_decryption
Set to the partial decryption of this peer, or NULL if we did not receive a partial decryption from t...
struct DecryptSession * decrypt_session
Decrypt session of the client, if any.
struct DecryptPeerInfo * info
State information about other peers.
struct ClientState * cs
Which client is this for?
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
#define GNUNET_log(kind,...)
uint16_t num_peers
Peers that have the share.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_info_destroy()

static void keygen_info_destroy ( struct KeygenPeerInfo info)
static

Definition at line 578 of file gnunet-service-secretsharing.c.

References KeygenPeerInfo::presecret_commitment, KeygenPeerInfo::preshare_commitment, and KeygenPeerInfo::sigma.

Referenced by keygen_session_destroy().

579 {
580  if (NULL != info->sigma)
581  {
582  gcry_mpi_release (info->sigma);
583  info->sigma = NULL;
584  }
585  if (NULL != info->presecret_commitment)
586  {
587  gcry_mpi_release (info->presecret_commitment);
588  info->presecret_commitment = NULL;
589  }
590  if (NULL != info->preshare_commitment)
591  {
592  gcry_mpi_release (info->preshare_commitment);
593  info->preshare_commitment = NULL;
594  }
595 }
gcry_mpi_t preshare_commitment
Commitment to the preshare that is intended for our peer.
gcry_mpi_t presecret_commitment
The peer&#39;s commitment to its presecret.
gcry_mpi_t sigma
Sigma (exponentiated share) for this peer.
Here is the caller graph for this function:

◆ keygen_session_destroy()

static void keygen_session_destroy ( struct KeygenSession ks)
static

Definition at line 599 of file gnunet-service-secretsharing.c.

References KeygenSession::consensus, KeygenSession::cs, GNUNET_assert, GNUNET_CONSENSUS_destroy(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, KeygenSession::info, keygen_info_destroy(), ClientState::keygen_session, KeygenSession::my_share, KeygenSession::num_peers, KeygenSession::peers, KeygenSession::presecret_polynomial, KeygenSession::public_key, and KeygenSession::threshold.

Referenced by client_disconnect_cb().

600 {
602  "destroying keygen session\n");
603 
604  if (NULL != ks->cs)
605  {
606  ks->cs->keygen_session = NULL;
607  ks->cs = NULL;
608  }
609  if (NULL != ks->info)
610  {
611  for (unsigned int i = 0; i < ks->num_peers; i++)
612  keygen_info_destroy (&ks->info[i]);
613  GNUNET_free (ks->info);
614  ks->info = NULL;
615  }
616 
617  if (NULL != ks->consensus)
618  {
620  ks->consensus = NULL;
621  }
622 
623  if (NULL != ks->presecret_polynomial)
624  {
625  for (unsigned int i = 0; i < ks->threshold; i++)
626  {
627  GNUNET_assert (NULL != ks->presecret_polynomial[i]);
628  gcry_mpi_release (ks->presecret_polynomial[i]);
629  ks->presecret_polynomial[i] = NULL;
630  }
632  ks->presecret_polynomial = NULL;
633  }
634  if (NULL != ks->my_share)
635  {
636  gcry_mpi_release (ks->my_share);
637  ks->my_share = NULL;
638  }
639  if (NULL != ks->public_key)
640  {
641  gcry_mpi_release (ks->public_key);
642  ks->public_key = NULL;
643  }
644  if (NULL != ks->peers)
645  {
646  GNUNET_free (ks->peers);
647  ks->peers = NULL;
648  }
649  GNUNET_free (ks);
650 }
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
static void keygen_info_destroy(struct KeygenPeerInfo *info)
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t my_share
Share of our peer.
unsigned int threshold
Minimum number of shares required to restore the secret.
gcry_mpi_t public_key
Public key, will be updated when a round2 element arrives.
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
unsigned int num_peers
Total number of peers.
struct KeygenSession * keygen_session
Keygen session of the client, if any.
struct KeygenPeerInfo * info
Information about all participating peers.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where &#39;preshares[0]&#39; is...
struct GNUNET_PeerIdentity * peers
List of all peers involved in the secret sharing session.
#define GNUNET_log(kind,...)
struct ClientState * cs
Which client is this for?
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cleanup_task()

static void cleanup_task ( void *  cls)
static

Task run during shutdown.

Parameters
clsunused
tcunused

Definition at line 660 of file gnunet-service-secretsharing.c.

Referenced by run().

661 {
662  /* Nothing to do! */
663 }
Here is the caller graph for this function:

◆ generate_presecret_polynomial()

static void generate_presecret_polynomial ( struct KeygenSession ks)
static

Generate the random coefficients of our pre-secret polynomial.

Parameters
ksthe session

Definition at line 673 of file gnunet-service-secretsharing.c.

References elgamal_q, GNUNET_assert, GNUNET_new_array, GNUNET_SECRETSHARING_ELGAMAL_BITS, KeygenSession::presecret_polynomial, and KeygenSession::threshold.

Referenced by handle_client_keygen().

674 {
675  int i;
676  gcry_mpi_t v;
677 
678  GNUNET_assert (NULL == ks->presecret_polynomial);
680  gcry_mpi_t);
681  for (i = 0; i < ks->threshold; i++)
682  {
683  v = ks->presecret_polynomial[i] = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS);
684  GNUNET_assert (NULL != v);
685  // Randomize v such that 0 < v < elgamal_q.
686  // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
687  do
688  {
689  gcry_mpi_randomize (v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
690  } while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v, elgamal_q) >= 0));
691  }
692 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned int threshold
Minimum number of shares required to restore the secret.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where &#39;preshares[0]&#39; is...
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the caller graph for this function:

◆ keygen_round1_new_element()

static void keygen_round1_new_element ( void *  cls,
const struct GNUNET_SET_Element element 
)
static

Consensus element handler for round one.

We should get one ephemeral key for each peer.

Parameters
clsClosure (keygen session).
elementThe element from consensus, or NULL if consensus failed.

Definition at line 704 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_KeygenCommitData::commitment, GNUNET_SET_Element::data, get_keygen_peer_info(), GNUNET_CRYPTO_eddsa_verify(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_log, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, GNUNET_YES, KeygenPeerInfo::paillier_public_key, GNUNET_SECRETSHARING_KeygenCommitData::peer, KeygenPeerInfo::presecret_commitment, GNUNET_SECRETSHARING_KeygenCommitData::pubkey, GNUNET_PeerIdentity::public_key, GNUNET_SECRETSHARING_KeygenCommitData::purpose, KeygenPeerInfo::round1_valid, GNUNET_SECRETSHARING_KeygenCommitData::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, and GNUNET_SET_Element::size.

Referenced by handle_client_keygen().

706 {
708  struct KeygenSession *ks = cls;
709  struct KeygenPeerInfo *info;
710 
711  if (NULL == element)
712  {
713  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n");
714  return;
715  }
716 
717  /* elements have fixed size */
718  if (element->size != sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData))
719  {
721  "keygen commit data with wrong size (%u) in consensus, %u expected\n",
722  (unsigned int) element->size,
723  (unsigned int) sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData));
724  return;
725  }
726 
727  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round1 element\n");
728 
729  d = element->data;
730  info = get_keygen_peer_info (ks, &d->peer);
731 
732  if (NULL == info)
733  {
734  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n",
735  GNUNET_i2s (&d->peer));
736  return;
737  }
738 
739  /* Check that the right amount of data has been signed. */
740  if (d->purpose.size !=
741  htonl (element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose)))
742  {
743  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong signature purpose size in consensus\n");
744  return;
745  }
746 
748  &d->purpose, &d->signature, &d->peer.public_key))
749  {
750  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with invalid signature in consensus\n");
751  return;
752  }
753  info->paillier_public_key = d->pubkey;
755  info->round1_valid = GNUNET_YES;
756 }
struct GNUNET_CRYPTO_EddsaSignature signature
Signature over the rest of the message.
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1
Signature for the first round of distributed key generation.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
int round1_valid
Did we successfully receive the round1 element of the peer?
static struct KeygenPeerInfo * get_keygen_peer_info(const struct KeygenSession *ks, const struct GNUNET_PeerIdentity *peer)
Get the peer info belonging to a peer identity in a keygen session.
struct GNUNET_CRYPTO_PaillierPublicKey pubkey
Ephemeral paillier public key used by &#39;peer&#39; for this session.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
const void * data
Actual data of the element.
int GNUNET_CRYPTO_eddsa_verify(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:1116
Session to establish a threshold-shared secret.
gcry_mpi_t presecret_commitment
The peer&#39;s commitment to its presecret.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
struct GNUNET_HashCode commitment
Commitment of &#39;peer&#39; to its presecret.
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Signature purpose for signing the keygen commit data.
Info about a peer in a key generation session.
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:80
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
Consensus element data used in the first round of key generation.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ horner_eval()

static void horner_eval ( gcry_mpi_t  z,
gcry_mpi_t *  coeff,
unsigned int  num_coeff,
gcry_mpi_t  x,
gcry_mpi_t  m 
)
static

Evaluate the polynomial with coefficients coeff at x.

The i-th element in coeff corresponds to the coefficient of x^i.

Parameters
[out]zresult of the evaluation
coeffarray of coefficients
num_coeffnumber of coefficients
xwhere to evaluate the polynomial
mwhat group are we operating in?

Definition at line 770 of file gnunet-service-secretsharing.c.

Referenced by insert_round2_element().

771 {
772  unsigned int i;
773 
774  gcry_mpi_set_ui (z, 0);
775  for (i = 0; i < num_coeff; i++)
776  {
777  // z <- zx + c
778  gcry_mpi_mul (z, z, x);
779  gcry_mpi_addm (z, z, coeff[num_coeff - i - 1], m);
780  }
781 }
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:99
Here is the caller graph for this function:

◆ keygen_round2_conclude()

static void keygen_round2_conclude ( void *  cls)
static

Definition at line 785 of file gnunet-service-secretsharing.c.

References KeygenSession::consensus, KeygenSession::cs, GNUNET_assert, GNUNET_CONSENSUS_destroy(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_memcmp, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_new, GNUNET_new_array, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SECRETSHARING_share_destroy(), GNUNET_SECRETSHARING_share_write(), GNUNET_YES, KeygenSession::info, KeygenSession::local_peer_idx, m, ClientState::mq, GNUNET_SECRETSHARING_Share::my_peer, my_peer, GNUNET_SECRETSHARING_Share::my_share, KeygenSession::my_share, KeygenSession::num_peers, GNUNET_SECRETSHARING_Share::num_peers, GNUNET_SECRETSHARING_Share::original_indices, KeygenPeerInfo::peer, GNUNET_SECRETSHARING_Share::peers, GNUNET_SECRETSHARING_Share::public_key, KeygenSession::public_key, KeygenPeerInfo::round2_valid, KeygenPeerInfo::sigma, and GNUNET_SECRETSHARING_Share::sigmas.

Referenced by keygen_round1_conclude().

786 {
787  struct KeygenSession *ks = cls;
789  struct GNUNET_MQ_Envelope *ev;
790  size_t share_size;
791  unsigned int i;
792  unsigned int j;
793  struct GNUNET_SECRETSHARING_Share *share;
794 
795  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n");
796 
798  ks->consensus = NULL;
799 
800  share = GNUNET_new (struct GNUNET_SECRETSHARING_Share);
801 
802  share->num_peers = 0;
803 
804  for (i = 0; i < ks->num_peers; i++)
805  if (GNUNET_YES == ks->info[i].round2_valid)
806  share->num_peers++;
807 
808  share->peers = GNUNET_new_array (share->num_peers,
809  struct GNUNET_PeerIdentity);
810  share->sigmas =
811  GNUNET_new_array (share->num_peers,
814  uint16_t);
815 
816  /* maybe we're not even in the list of peers? */
817  share->my_peer = share->num_peers;
818 
819  j = 0; /* running index of valid peers */
820  for (i = 0; i < ks->num_peers; i++)
821  {
822  if (GNUNET_YES == ks->info[i].round2_valid)
823  {
824  share->peers[j] = ks->info[i].peer;
827  ks->info[i].sigma);
828  share->original_indices[i] = j;
829  if (0 == GNUNET_memcmp (&share->peers[i], &my_peer))
830  share->my_peer = j;
831  j += 1;
832  }
833  }
834 
835  if (share->my_peer == share->num_peers)
836  {
837  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n", ks->local_peer_idx);
838  }
839 
841  ks->my_share);
843  ks->public_key);
844 
845  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n", share->num_peers);
846 
847  /* Write the share. If 0 peers completed the dkg, an empty
848  * share will be sent. */
849 
850  GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, NULL, 0, &share_size));
851 
852  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n",
853  (unsigned int) share_size);
854 
855  ev = GNUNET_MQ_msg_extra (m, share_size,
857 
858  GNUNET_assert (GNUNET_OK == GNUNET_SECRETSHARING_share_write (share, &m[1], share_size, NULL));
859 
861  share = NULL;
862 
863  GNUNET_MQ_send (ks->cs->mq,
864  ev);
865 }
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
struct GNUNET_SECRETSHARING_FieldElement my_share
Share of &#39;my_peer&#39;.
struct GNUNET_MQ_Handle * mq
MQ to talk to client.
void GNUNET_SECRETSHARING_share_destroy(struct GNUNET_SECRETSHARING_Share *share)
struct GNUNET_PeerIdentity * peers
Peer identities (includes &#39;my_peer&#39;)
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
A share, with all values in in host byte order.
gcry_mpi_t my_share
Share of our peer.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_new(type)
Allocate a struct or union of the given type.
int round2_valid
Did we successfully receive the round2 element of the peer?
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:99
gcry_mpi_t public_key
Public key, will be updated when a round2 element arrives.
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct...
Definition: gnunet_mq_lib.h:52
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
Session to establish a threshold-shared secret.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
int GNUNET_SECRETSHARING_share_write(const struct GNUNET_SECRETSHARING_Share *share, void *buf, size_t buflen, size_t *writelen)
Convert a share to its binary representation.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
unsigned int num_peers
Total number of peers.
struct KeygenPeerInfo * info
Information about all participating peers.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
The identity of the host (wraps the signing key of the peer).
struct GNUNET_SECRETSHARING_FieldElement * sigmas
uint16_t my_peer
Index of our peer in the list.
#define GNUNET_log(kind,...)
struct GNUNET_PeerIdentity peer
Peer identity of the peer.
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY
The cryptosystem has been established.
#define GNUNET_YES
Definition: gnunet_common.h:80
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:353
gcry_mpi_t sigma
Sigma (exponentiated share) for this peer.
uint16_t num_peers
Peers that have the share.
struct GNUNET_SECRETSHARING_PublicKey public_key
Public key.
struct ClientState * cs
Which client is this for?
Notify the client that then threshold secret has been established.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ restore_fair()

static void restore_fair ( const struct GNUNET_CRYPTO_PaillierPublicKey ppub,
const struct GNUNET_SECRETSHARING_FairEncryption fe,
gcry_mpi_t  x,
gcry_mpi_t  xres 
)
static

Definition at line 870 of file gnunet-service-secretsharing.c.

References elgamal_q, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), and t.

Referenced by keygen_round2_new_element().

873 {
874  gcry_mpi_t a_1;
875  gcry_mpi_t a_2;
876  gcry_mpi_t b_1;
877  gcry_mpi_t b_2;
878  gcry_mpi_t big_a;
879  gcry_mpi_t big_b;
880  gcry_mpi_t big_t;
881  gcry_mpi_t n;
882  gcry_mpi_t t_1;
883  gcry_mpi_t t_2;
884  gcry_mpi_t t;
885  gcry_mpi_t r;
886  gcry_mpi_t v;
887 
888 
889  GNUNET_assert (NULL != (n = gcry_mpi_new (0)));
890  GNUNET_assert (NULL != (t = gcry_mpi_new (0)));
891  GNUNET_assert (NULL != (t_1 = gcry_mpi_new (0)));
892  GNUNET_assert (NULL != (t_2 = gcry_mpi_new (0)));
893  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
894  GNUNET_assert (NULL != (big_t = gcry_mpi_new (0)));
895  GNUNET_assert (NULL != (v = gcry_mpi_new (0)));
896  GNUNET_assert (NULL != (big_a = gcry_mpi_new (0)));
897  GNUNET_assert (NULL != (big_b = gcry_mpi_new (0)));
898 
899  // a = (N,0)^T
901  ppub,
902  sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
903  GNUNET_assert (NULL != (a_2 = gcry_mpi_new (0)));
904  gcry_mpi_set_ui (a_2, 0);
905  // b = (x,1)^T
906  GNUNET_assert (NULL != (b_1 = gcry_mpi_new (0)));
907  gcry_mpi_set (b_1, x);
908  GNUNET_assert (NULL != (b_2 = gcry_mpi_new (0)));
909  gcry_mpi_set_ui (b_2, 1);
910 
911  // A = a DOT a
912  gcry_mpi_mul (t, a_1, a_1);
913  gcry_mpi_mul (big_a, a_2, a_2);
914  gcry_mpi_add (big_a, big_a, t);
915 
916  // B = b DOT b
917  gcry_mpi_mul (t, b_1, b_1);
918  gcry_mpi_mul (big_b, b_2, b_2);
919  gcry_mpi_add (big_b, big_b, t);
920 
921  while (1)
922  {
923  // n = a DOT b
924  gcry_mpi_mul (t, a_1, b_1);
925  gcry_mpi_mul (n, a_2, b_2);
926  gcry_mpi_add (n, n, t);
927 
928  // r = nearest(n/B)
929  gcry_mpi_div (r, NULL, n, big_b, 0);
930 
931  // T := A - 2rn + rrB
932  gcry_mpi_mul (v, r, n);
933  gcry_mpi_mul_ui (v, v, 2);
934  gcry_mpi_sub (big_t, big_a, v);
935  gcry_mpi_mul (v, r, r);
936  gcry_mpi_mul (v, v, big_b);
937  gcry_mpi_add (big_t, big_t, v);
938 
939  if (gcry_mpi_cmp (big_t, big_b) >= 0)
940  {
941  break;
942  }
943 
944  // t = a - rb
945  gcry_mpi_mul (v, r, b_1);
946  gcry_mpi_sub (t_1, a_1, v);
947  gcry_mpi_mul (v, r, b_2);
948  gcry_mpi_sub (t_2, a_2, v);
949 
950  // a = b
951  gcry_mpi_set (a_1, b_1);
952  gcry_mpi_set (a_2, b_2);
953  // b = t
954  gcry_mpi_set (b_1, t_1);
955  gcry_mpi_set (b_2, t_2);
956 
957  gcry_mpi_set (big_a, big_b);
958  gcry_mpi_set (big_b, big_t);
959  }
960 
961  gcry_mpi_set (xres, b_2);
962  gcry_mpi_invm (xres, xres, elgamal_q);
963  gcry_mpi_mulm (xres, xres, b_1, elgamal_q);
964 
965  gcry_mpi_release (a_1);
966  gcry_mpi_release (a_2);
967  gcry_mpi_release (b_1);
968  gcry_mpi_release (b_2);
969  gcry_mpi_release (big_a);
970  gcry_mpi_release (big_b);
971  gcry_mpi_release (big_t);
972  gcry_mpi_release (n);
973  gcry_mpi_release (t_1);
974  gcry_mpi_release (t_2);
975  gcry_mpi_release (t);
976  gcry_mpi_release (r);
977  gcry_mpi_release (v);
978 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_SCHEDULER_Task * t
Main task.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_fair_encryption_challenge()

static void get_fair_encryption_challenge ( const struct GNUNET_SECRETSHARING_FairEncryption fe,
gcry_mpi_t *  e 
)
static

Definition at line 982 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_FairEncryption::c, elgamal_q, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_memcpy, GNUNET_SECRETSHARING_ELGAMAL_BITS, h, GNUNET_SECRETSHARING_FairEncryption::h, GNUNET_SECRETSHARING_FairEncryption::t1, and GNUNET_SECRETSHARING_FairEncryption::t2.

Referenced by encrypt_fair(), and verify_fair().

984 {
985  struct {
989  char t2[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
990  } hash_data;
991  struct GNUNET_HashCode e_hash;
992 
993  memset (&hash_data,
994  0,
995  sizeof (hash_data));
996  GNUNET_memcpy (&hash_data.c, &fe->c, sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
997  GNUNET_memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
998  GNUNET_memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
999  GNUNET_memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
1000  GNUNET_CRYPTO_hash (&hash_data,
1001  sizeof (hash_data),
1002  &e_hash);
1003  /* This allocates "e" */
1005  &e_hash,
1006  sizeof (struct GNUNET_HashCode));
1007  gcry_mpi_mod (*e, *e, elgamal_q);
1008 }
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypte secret.
static struct Experiment * e
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:94
#define GNUNET_memcpy(dst, src, n)
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
A 512-bit hashcode.
char t2[GNUNET_CRYPTO_PAILLIER_BITS *2/8]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
struct GNUNET_CRYPTO_PaillierCiphertext c
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ verify_fair()

static int verify_fair ( const struct GNUNET_CRYPTO_PaillierPublicKey ppub,
const struct GNUNET_SECRETSHARING_FairEncryption fe 
)
static

Definition at line 1012 of file gnunet-service-secretsharing.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_SECRETSHARING_FairEncryption::c, cleanup(), e, elgamal_g, elgamal_p, get_fair_encryption_challenge(), GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_NO, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_YES, GNUNET_SECRETSHARING_FairEncryption::h, res, GNUNET_SECRETSHARING_FairEncryption::t1, GNUNET_SECRETSHARING_FairEncryption::t2, GNUNET_SECRETSHARING_FairEncryption::w, and GNUNET_SECRETSHARING_FairEncryption::z.

Referenced by keygen_round2_new_element().

1014 {
1015  gcry_mpi_t n;
1016  gcry_mpi_t n_sq;
1017  gcry_mpi_t z;
1018  gcry_mpi_t t1;
1019  gcry_mpi_t t2;
1020  gcry_mpi_t e;
1021  gcry_mpi_t w;
1022  gcry_mpi_t tmp1;
1023  gcry_mpi_t tmp2;
1024  gcry_mpi_t y;
1025  gcry_mpi_t big_y;
1026  int res;
1027 
1028  GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
1029  GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
1030  GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
1031 
1033  &e /* this allocates e */);
1034 
1036  ppub,
1037  sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
1044  gcry_mpi_mul (n_sq, n, n);
1045 
1046  // tmp1 = g^z
1047  gcry_mpi_powm (tmp1, elgamal_g, z, elgamal_p);
1048  // tmp2 = y^{-e}
1049  gcry_mpi_powm (tmp1, y, e, elgamal_p);
1050  gcry_mpi_invm (tmp1, tmp1, elgamal_p);
1051  // tmp1 = tmp1 * tmp2
1052  gcry_mpi_mulm (tmp1, tmp1, tmp2, elgamal_p);
1053 
1054  if (0 == gcry_mpi_cmp (t1, tmp1))
1055  {
1056  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n");
1057  res = GNUNET_NO;
1058  goto cleanup;
1059  }
1060 
1061  gcry_mpi_powm (big_y, big_y, e, n_sq);
1062  gcry_mpi_invm (big_y, big_y, n_sq);
1063 
1064  gcry_mpi_add_ui (tmp1, n, 1);
1065  gcry_mpi_powm (tmp1, tmp1, z, n_sq);
1066 
1067  gcry_mpi_powm (tmp2, w, n, n_sq);
1068 
1069  gcry_mpi_mulm (tmp1, tmp1, tmp2, n_sq);
1070  gcry_mpi_mulm (tmp1, tmp1, big_y, n_sq);
1071 
1072 
1073  if (0 == gcry_mpi_cmp (t2, tmp1))
1074  {
1075  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n");
1076  res = GNUNET_NO;
1077  goto cleanup;
1078  }
1079 
1080  res = GNUNET_YES;
1081 
1082 cleanup:
1083 
1084  gcry_mpi_release (n);
1085  gcry_mpi_release (n_sq);
1086  gcry_mpi_release (z);
1087  gcry_mpi_release (t1);
1088  gcry_mpi_release (t2);
1089  gcry_mpi_release (e);
1090  gcry_mpi_release (w);
1091  gcry_mpi_release (tmp1);
1092  gcry_mpi_release (tmp2);
1093  gcry_mpi_release (y);
1094  gcry_mpi_release (big_y);
1095  return res;
1096 }
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypte secret.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct Experiment * e
#define GNUNET_NO
Definition: gnunet_common.h:81
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
static void get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t *e)
unsigned char bits[2048 *2/8]
The bits of the ciphertext.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static void cleanup(void *cls)
Function scheduled as very last function, cleans up after us.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
char t2[GNUNET_CRYPTO_PAILLIER_BITS *2/8]
static int res
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
char z[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:80
char w[GNUNET_CRYPTO_PAILLIER_BITS/8]
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
struct GNUNET_CRYPTO_PaillierCiphertext c
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ encrypt_fair()

static void encrypt_fair ( gcry_mpi_t  v,
const struct GNUNET_CRYPTO_PaillierPublicKey ppub,
struct GNUNET_SECRETSHARING_FairEncryption fe 
)
static

Create a fair Paillier encryption of then given ciphertext.

Parameters
vthe ciphertext
[out]fethe fair encryption

Definition at line 1106 of file gnunet-service-secretsharing.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_SECRETSHARING_FairEncryption::c, e, elgamal_g, elgamal_p, elgamal_q, get_fair_encryption_challenge(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_SECRETSHARING_ELGAMAL_BITS, h, GNUNET_SECRETSHARING_FairEncryption::h, GNUNET_SECRETSHARING_FairEncryption::t1, GNUNET_SECRETSHARING_FairEncryption::t2, GNUNET_SECRETSHARING_FairEncryption::w, and GNUNET_SECRETSHARING_FairEncryption::z.

Referenced by insert_round2_element().

1109 {
1110  gcry_mpi_t r;
1111  gcry_mpi_t s;
1112  gcry_mpi_t t1;
1113  gcry_mpi_t t2;
1114  gcry_mpi_t z;
1115  gcry_mpi_t w;
1116  gcry_mpi_t n;
1117  gcry_mpi_t e;
1118  gcry_mpi_t n_sq;
1119  gcry_mpi_t u;
1120  gcry_mpi_t Y;
1121  gcry_mpi_t G;
1122  gcry_mpi_t h;
1123 
1124  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
1125  GNUNET_assert (NULL != (s = gcry_mpi_new (0)));
1126  GNUNET_assert (NULL != (t1 = gcry_mpi_new (0)));
1127  GNUNET_assert (NULL != (t2 = gcry_mpi_new (0)));
1128  GNUNET_assert (NULL != (z = gcry_mpi_new (0)));
1129  GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
1130  GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
1131  GNUNET_assert (NULL != (u = gcry_mpi_new (0)));
1132  GNUNET_assert (NULL != (Y = gcry_mpi_new (0)));
1133  GNUNET_assert (NULL != (G = gcry_mpi_new (0)));
1134  GNUNET_assert (NULL != (h = gcry_mpi_new (0)));
1135 
1137  ppub,
1138  sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
1139  gcry_mpi_mul (n_sq, n, n);
1140  gcry_mpi_add_ui (G, n, 1);
1141 
1142  do {
1143  gcry_mpi_randomize (u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1144  }
1145  while (gcry_mpi_cmp (u, n) >= 0);
1146 
1147  gcry_mpi_powm (t1, G, v, n_sq);
1148  gcry_mpi_powm (t2, u, n, n_sq);
1149  gcry_mpi_mulm (Y, t1, t2, n_sq);
1150 
1152  sizeof fe->c.bits,
1153  Y);
1154 
1155 
1156  gcry_mpi_randomize (r, 2048, GCRY_WEAK_RANDOM);
1157  do {
1158  gcry_mpi_randomize (s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1159  }
1160  while (gcry_mpi_cmp (s, n) >= 0);
1161 
1162  // compute t1
1163  gcry_mpi_mulm (t1, elgamal_g, r, elgamal_p);
1164  // compute t2 (use z and w as temp)
1165  gcry_mpi_powm (z, G, r, n_sq);
1166  gcry_mpi_powm (w, s, n, n_sq);
1167  gcry_mpi_mulm (t2, z, w, n_sq);
1168 
1169 
1170  gcry_mpi_powm (h, elgamal_g, v, elgamal_p);
1171 
1174  h);
1175 
1178  t1);
1179 
1182  t2);
1183 
1185  &e /* This allocates "e" */);
1186 
1187  // compute z
1188  gcry_mpi_mul (z, e, v);
1189  gcry_mpi_addm (z, z, r, elgamal_q);
1190  // compute w
1191  gcry_mpi_powm (w, u, e, n);
1192  gcry_mpi_mulm (w, w, s, n);
1193 
1196  z);
1197 
1200  w);
1201 
1202  gcry_mpi_release (n);
1203  gcry_mpi_release (r);
1204  gcry_mpi_release (s);
1205  gcry_mpi_release (t1);
1206  gcry_mpi_release (t2);
1207  gcry_mpi_release (z);
1208  gcry_mpi_release (w);
1209  gcry_mpi_release (e);
1210  gcry_mpi_release (n_sq);
1211  gcry_mpi_release (u);
1212  gcry_mpi_release (Y);
1213  gcry_mpi_release (G);
1214  gcry_mpi_release (h);
1215 }
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypte secret.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
static struct Experiment * e
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:94
static void get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t *e)
unsigned char bits[2048 *2/8]
The bits of the ciphertext.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
char t2[GNUNET_CRYPTO_PAILLIER_BITS *2/8]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
char z[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
char w[GNUNET_CRYPTO_PAILLIER_BITS/8]
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
struct GNUNET_CRYPTO_PaillierCiphertext c
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ insert_round2_element()

static void insert_round2_element ( struct KeygenSession ks)
static

Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coefficients A_{i,l}=g^{a_{i,l}} (2) The exponentiated pre-shares y_{i,j}=g^{s_{i,j}} (3) The encrypted pre-shares Y_{i,j} (4) The zero knowledge proof for fairness of the encryption.

Parameters
kssession to use

Definition at line 1229 of file gnunet-service-secretsharing.c.

References KeygenSession::consensus, GNUNET_SET_Element::data, element_size, elgamal_g, elgamal_p, elgamal_q, encrypt_fair(), GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, GNUNET_YES, horner_eval(), KeygenSession::info, KeygenSession::local_peer_idx, my_peer, KeygenSession::num_peers, KeygenPeerInfo::paillier_public_key, GNUNET_SECRETSHARING_KeygenRevealData::peer, KeygenSession::presecret_polynomial, GNUNET_SECRETSHARING_KeygenRevealData::purpose, GNUNET_CRYPTO_EccSignaturePurpose::purpose, KeygenPeerInfo::round1_valid, GNUNET_SECRETSHARING_KeygenRevealData::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, GNUNET_SET_Element::size, and KeygenSession::threshold.

Referenced by keygen_round1_conclude().

1230 {
1231  struct GNUNET_SET_Element *element;
1233  unsigned char *pos;
1234  unsigned char *last_pos;
1235  size_t element_size;
1236  unsigned int i;
1237  gcry_mpi_t idx;
1238  gcry_mpi_t v;
1239 
1240  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n",
1241  ks->local_peer_idx);
1242 
1243  GNUNET_assert (NULL != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1244  GNUNET_assert (NULL != (idx = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1245 
1246  element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) +
1247  sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers +
1249 
1250  element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size);
1251  element->size = element_size;
1252  element->data = (void *) &element[1];
1253 
1254  d = (void *) element->data;
1255  d->peer = my_peer;
1256 
1257  // start inserting vector elements
1258  // after the fixed part of the element's data
1259  pos = (void *) &d[1];
1260  last_pos = pos + element_size;
1261 
1262  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n",
1263  ks->local_peer_idx);
1264 
1265  // encrypted pre-shares
1266  // and fair encryption proof
1267  {
1268  for (i = 0; i < ks->num_peers; i++)
1269  {
1270  ptrdiff_t remaining = last_pos - pos;
1271  struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *) pos;
1272 
1273  GNUNET_assert (remaining > 0);
1274  memset (fe, 0, sizeof *fe);
1275  if (GNUNET_YES == ks->info[i].round1_valid)
1276  {
1277  gcry_mpi_set_ui (idx, i + 1);
1278  // evaluate the polynomial
1280  // encrypt the result
1281  encrypt_fair (v, &ks->info[i].paillier_public_key, fe);
1282  }
1283  pos += sizeof *fe;
1284  }
1285  }
1286 
1287  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n",
1288  ks->local_peer_idx);
1289 
1290  // exponentiated coefficients
1291  for (i = 0; i < ks->threshold; i++)
1292  {
1293  ptrdiff_t remaining = last_pos - pos;
1294  GNUNET_assert (remaining > 0);
1295  gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p);
1298  }
1299 
1300  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n",
1301  ks->local_peer_idx);
1302 
1303 
1304  d->purpose.size = htonl (element_size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose));
1308  &d->purpose,
1309  &d->signature));
1310 
1311  GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
1312  GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */
1313 
1314  gcry_mpi_release (v);
1315  gcry_mpi_release (idx);
1316 }
static unsigned int element_size
int round1_valid
Did we successfully receive the round1 element of the peer?
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Element stored in a set.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CRYPTO_EddsaSignature signature
Signature over rest of the message.
int GNUNET_CRYPTO_eddsa_sign(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:989
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
unsigned int threshold
Minimum number of shares required to restore the secret.
void GNUNET_CONSENSUS_insert(struct GNUNET_CONSENSUS_Handle *consensus, const struct GNUNET_SET_Element *element, GNUNET_CONSENSUS_InsertDoneCallback idc, void *idc_cls)
Insert an element in the set being reconsiled.
const void * data
Actual data of the element.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
unsigned int num_peers
Total number of peers.
static void encrypt_fair(gcry_mpi_t v, const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, struct GNUNET_SECRETSHARING_FairEncryption *fe)
Create a fair Paillier encryption of then given ciphertext.
struct KeygenPeerInfo * info
Information about all participating peers.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where &#39;preshares[0]&#39; is...
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:80
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2
Signature for the second round of distributed key generation.
static void horner_eval(gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m)
Evaluate the polynomial with coefficients coeff at x.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_reveal_get_exp_coeff()

static gcry_mpi_t keygen_reveal_get_exp_coeff ( struct KeygenSession ks,
const struct GNUNET_SECRETSHARING_KeygenRevealData d,
unsigned int  idx 
)
static

Definition at line 1320 of file gnunet-service-secretsharing.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SECRETSHARING_ELGAMAL_BITS, KeygenSession::num_peers, and threshold.

Referenced by keygen_round2_new_element().

1323 {
1324  unsigned char *pos;
1325  gcry_mpi_t exp_coeff;
1326 
1327  GNUNET_assert (idx < ks->threshold);
1328 
1329  pos = (void *) &d[1];
1330  // skip encrypted pre-shares
1331  pos += sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers;
1332  // skip exp. coeffs we are not interested in
1333  pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx;
1334  // the first exponentiated coefficient is the public key share
1336  return exp_coeff;
1337 }
static unsigned int threshold
What should the threshold for then key be?
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
unsigned int num_peers
Total number of peers.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_reveal_get_enc_preshare()

static struct GNUNET_SECRETSHARING_FairEncryption* keygen_reveal_get_enc_preshare ( struct KeygenSession ks,
const struct GNUNET_SECRETSHARING_KeygenRevealData d,
unsigned int  idx 
)
static

Definition at line 1341 of file gnunet-service-secretsharing.c.

References GNUNET_assert, and num_peers.

Referenced by keygen_reveal_get_exp_preshare(), and keygen_round2_new_element().

1344 {
1345  unsigned char *pos;
1346 
1347  GNUNET_assert (idx < ks->num_peers);
1348 
1349  pos = (void *) &d[1];
1350  // skip encrypted pre-shares we're not interested in
1351  pos += sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * idx;
1352  return (struct GNUNET_SECRETSHARING_FairEncryption *) pos;
1353 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static unsigned int num_peers
Here is the caller graph for this function:

◆ keygen_reveal_get_exp_preshare()

static gcry_mpi_t keygen_reveal_get_exp_preshare ( struct KeygenSession ks,
const struct GNUNET_SECRETSHARING_KeygenRevealData d,
unsigned int  idx 
)
static

Definition at line 1357 of file gnunet-service-secretsharing.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SECRETSHARING_FairEncryption::h, keygen_reveal_get_enc_preshare(), and num_peers.

Referenced by keygen_round2_new_element().

1360 {
1361  gcry_mpi_t exp_preshare;
1363 
1364  GNUNET_assert (idx < ks->num_peers);
1365  fe = keygen_reveal_get_enc_preshare (ks, d, idx);
1367  return exp_preshare;
1368 }
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypte secret.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
static struct GNUNET_SECRETSHARING_FairEncryption * keygen_reveal_get_enc_preshare(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
static unsigned int num_peers
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_round2_new_element()

static void keygen_round2_new_element ( void *  cls,
const struct GNUNET_SET_Element element 
)
static

Definition at line 1372 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_FairEncryption::c, GNUNET_SET_Element::data, elgamal_g, elgamal_p, elgamal_q, get_keygen_peer_info(), GNUNET_assert, GNUNET_CRYPTO_eddsa_verify(), GNUNET_CRYPTO_paillier_decrypt(), GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, GNUNET_YES, KeygenSession::info, keygen_reveal_get_enc_preshare(), keygen_reveal_get_exp_coeff(), keygen_reveal_get_exp_preshare(), KeygenSession::local_peer_idx, KeygenSession::my_share, KeygenSession::num_peers, KeygenSession::paillier_private_key, KeygenPeerInfo::paillier_public_key, GNUNET_SECRETSHARING_KeygenRevealData::peer, KeygenPeerInfo::preshare_commitment, KeygenSession::public_key, GNUNET_PeerIdentity::public_key, GNUNET_SECRETSHARING_KeygenRevealData::purpose, restore_fair(), KeygenPeerInfo::round1_valid, KeygenPeerInfo::round2_valid, KeygenPeerInfo::sigma, GNUNET_SECRETSHARING_KeygenRevealData::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, GNUNET_SET_Element::size, KeygenSession::threshold, and verify_fair().

Referenced by keygen_round1_conclude().

1374 {
1375  struct KeygenSession *ks = cls;
1376  const struct GNUNET_SECRETSHARING_KeygenRevealData *d;
1377  struct KeygenPeerInfo *info;
1378  size_t expected_element_size;
1379  unsigned int j;
1380  int cmp_result;
1381  gcry_mpi_t tmp;
1382  gcry_mpi_t public_key_share;
1383  gcry_mpi_t preshare;
1384 
1385  if (NULL == element)
1386  {
1387  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n");
1388  return;
1389  }
1390 
1391  expected_element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) +
1392  sizeof (struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers +
1394 
1395  if (element->size != expected_element_size)
1396  {
1398  "keygen round2 data with wrong size (%u) in consensus, %u expected\n",
1399  (unsigned int) element->size,
1400  (unsigned int) expected_element_size);
1401  return;
1402  }
1403 
1404  d = (const void *) element->data;
1405 
1406  info = get_keygen_peer_info (ks, &d->peer);
1407 
1408  if (NULL == info)
1409  {
1410  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity (%s) in consensus\n",
1411  GNUNET_i2s (&d->peer));
1412  return;
1413  }
1414 
1415  if (GNUNET_NO == info->round1_valid)
1416  {
1418  "ignoring round2 element from peer with invalid round1 element (%s)\n",
1419  GNUNET_i2s (&d->peer));
1420  return;
1421  }
1422 
1423  if (GNUNET_YES == info->round2_valid)
1424  {
1426  "ignoring duplicate round2 element (%s)\n",
1427  GNUNET_i2s (&d->peer));
1428  return;
1429  }
1430 
1431  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round2 element\n");
1432 
1433  if (ntohl (d->purpose.size) !=
1434  element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose))
1435  {
1436  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with wrong signature purpose size in consensus\n");
1437  return;
1438  }
1439 
1441  &d->purpose, &d->signature, &d->peer.public_key))
1442  {
1443  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen reveal data with invalid signature in consensus\n");
1444  return;
1445  }
1446 
1447  public_key_share = keygen_reveal_get_exp_coeff (ks, d, 0);
1449 
1450  if (NULL == ks->public_key)
1451  {
1452  GNUNET_assert (NULL != (ks->public_key = gcry_mpi_new (0)));
1453  gcry_mpi_set_ui (ks->public_key, 1);
1454  }
1455  gcry_mpi_mulm (ks->public_key, ks->public_key, public_key_share, elgamal_p);
1456 
1457  gcry_mpi_release (public_key_share);
1458  public_key_share = NULL;
1459 
1460  {
1462  GNUNET_assert (NULL != (preshare = gcry_mpi_new (0)));
1465  &fe->c,
1466  preshare);
1467 
1468  // FIXME: not doing the restoration is less expensive
1470  fe,
1471  preshare,
1472  preshare);
1473  }
1474 
1475  GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
1476  gcry_mpi_powm (tmp, elgamal_g, preshare, elgamal_p);
1477 
1478  cmp_result = gcry_mpi_cmp (tmp, info->preshare_commitment);
1479  gcry_mpi_release (tmp);
1480  tmp = NULL;
1481  if (0 != cmp_result)
1482  {
1483  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: Got invalid presecret from P%u\n",
1484  (unsigned int) ks->local_peer_idx, (unsigned int) (info - ks->info));
1485  return;
1486  }
1487 
1488  if (NULL == ks->my_share)
1489  {
1490  GNUNET_assert (NULL != (ks->my_share = gcry_mpi_new (0)));
1491  }
1492  gcry_mpi_addm (ks->my_share, ks->my_share, preshare, elgamal_q);
1493 
1494  for (j = 0; j < ks->num_peers; j++)
1495  {
1496  gcry_mpi_t presigma;
1497  if (NULL == ks->info[j].sigma)
1498  {
1499  GNUNET_assert (NULL != (ks->info[j].sigma = gcry_mpi_new (0)));
1500  gcry_mpi_set_ui (ks->info[j].sigma, 1);
1501  }
1502  presigma = keygen_reveal_get_exp_preshare (ks, d, j);
1503  gcry_mpi_mulm (ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p);
1504  gcry_mpi_release (presigma);
1505  }
1506 
1507  gcry_mpi_t prod;
1508  GNUNET_assert (NULL != (prod = gcry_mpi_new (0)));
1509  gcry_mpi_t j_to_k;
1510  GNUNET_assert (NULL != (j_to_k = gcry_mpi_new (0)));
1511  // validate that the polynomial sharing matches the additive sharing
1512  for (j = 0; j < ks->num_peers; j++)
1513  {
1514  unsigned int k;
1515  int cmp_result;
1516  gcry_mpi_t exp_preshare;
1517  gcry_mpi_set_ui (prod, 1);
1518  for (k = 0; k < ks->threshold; k++)
1519  {
1520  // Using pow(double,double) is a bit sketchy.
1521  // We count players from 1, but shares from 0.
1522  gcry_mpi_t tmp;
1523  gcry_mpi_set_ui (j_to_k, (unsigned int) pow(j+1, k));
1524  tmp = keygen_reveal_get_exp_coeff (ks, d, k);
1525  gcry_mpi_powm (tmp, tmp, j_to_k, elgamal_p);
1526  gcry_mpi_mulm (prod, prod, tmp, elgamal_p);
1527  gcry_mpi_release (tmp);
1528  }
1529  exp_preshare = keygen_reveal_get_exp_preshare (ks, d, j);
1530  gcry_mpi_mod (exp_preshare, exp_preshare, elgamal_p);
1531  cmp_result = gcry_mpi_cmp (prod, exp_preshare);
1532  gcry_mpi_release (exp_preshare);
1533  exp_preshare = NULL;
1534  if (0 != cmp_result)
1535  {
1536  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect\n",
1537  ks->local_peer_idx, j);
1538  /* no need for further verification, round2 stays invalid ... */
1539  return;
1540  }
1541  }
1542 
1543  // TODO: verify proof of fair encryption (once implemented)
1544  for (j = 0; j < ks->num_peers; j++)
1545  {
1547  if (GNUNET_YES != verify_fair (&ks->info[j].paillier_public_key, fe))
1548  {
1549  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: reveal data from P%u incorrect (fair encryption)\n",
1550  ks->local_peer_idx, j);
1551  return;
1552  }
1553 
1554  }
1555 
1556  info->round2_valid = GNUNET_YES;
1557 
1558  gcry_mpi_release (preshare);
1559  gcry_mpi_release (prod);
1560  gcry_mpi_release (j_to_k);
1561 }
static gcry_mpi_t keygen_reveal_get_exp_preshare(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
gcry_mpi_t preshare_commitment
Commitment to the preshare that is intended for our peer.
int round1_valid
Did we successfully receive the round1 element of the peer?
static struct KeygenPeerInfo * get_keygen_peer_info(const struct KeygenSession *ks, const struct GNUNET_PeerIdentity *peer)
Get the peer info belonging to a peer identity in a keygen session.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CRYPTO_EddsaSignature signature
Signature over rest of the message.
static gcry_mpi_t keygen_reveal_get_exp_coeff(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
gcry_mpi_t my_share
Share of our peer.
#define GNUNET_NO
Definition: gnunet_common.h:81
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
unsigned int threshold
Minimum number of shares required to restore the secret.
const void * data
Actual data of the element.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
int round2_valid
Did we successfully receive the round2 element of the peer?
gcry_mpi_t public_key
Public key, will be updated when a round2 element arrives.
int GNUNET_CRYPTO_eddsa_verify(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:1116
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static int verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe)
Session to establish a threshold-shared secret.
void GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, gcry_mpi_t m)
Decrypt a paillier ciphertext with a private key.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
static void restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t x, gcry_mpi_t xres)
unsigned int num_peers
Total number of peers.
struct GNUNET_CRYPTO_PaillierPrivateKey paillier_private_key
Paillier private key of our peer.
static struct GNUNET_SECRETSHARING_FairEncryption * keygen_reveal_get_enc_preshare(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
struct KeygenPeerInfo * info
Information about all participating peers.
Info about a peer in a key generation session.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:80
gcry_mpi_t sigma
Sigma (exponentiated share) for this peer.
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2
Signature for the second round of distributed key generation.
struct GNUNET_CRYPTO_PaillierCiphertext c
struct GNUNET_CRYPTO_EddsaPublicKey public_key
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_round1_conclude()

static void keygen_round1_conclude ( void *  cls)
static

Called when the first consensus round has concluded.

Will initiate the second round.

Parameters
clsclosure

Definition at line 1571 of file gnunet-service-secretsharing.c.

References KeygenSession::consensus, KeygenSession::deadline, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CONSENSUS_destroy(), insert_round2_element(), keygen_round2_conclude(), keygen_round2_new_element(), KeygenSession::num_peers, KeygenSession::peers, KeygenSession::session_id, KeygenSession::start_time, and time_between().

Referenced by handle_client_keygen().

1572 {
1573  struct KeygenSession *ks = cls;
1574 
1576 
1578  time_between (ks->start_time, ks->deadline, 1, 2),
1579  ks->deadline,
1581 
1582  insert_round2_element (ks);
1583 
1586  ks);
1587 }
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
static void insert_round2_element(struct KeygenSession *ks)
Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coe...
static void keygen_round2_conclude(void *cls)
struct GNUNET_TIME_Absolute start_time
When does the DKG start? Necessary to compute fractions of the operation&#39;s desired time interval...
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
Session to establish a threshold-shared secret.
struct GNUNET_HashCode session_id
Identifier for this session.
unsigned int num_peers
Total number of peers.
static void keygen_round2_new_element(void *cls, const struct GNUNET_SET_Element *element)
static struct GNUNET_TIME_Absolute time_between(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end, int num, int denum)
Interpolate between two points in time.
struct GNUNET_TIME_Absolute deadline
When would we like the key to be established?
struct GNUNET_PeerIdentity * peers
List of all peers involved in the secret sharing session.
void GNUNET_CONSENSUS_conclude(struct GNUNET_CONSENSUS_Handle *consensus, GNUNET_CONSENSUS_ConcludeCallback conclude, void *conclude_cls)
We are done with inserting new elements into the consensus; try to conclude the consensus within a gi...
struct GNUNET_CONSENSUS_Handle * GNUNET_CONSENSUS_create(const struct GNUNET_CONFIGURATION_Handle *cfg, unsigned int num_peers, const struct GNUNET_PeerIdentity *peers, const struct GNUNET_HashCode *session_id, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, GNUNET_CONSENSUS_ElementCallback new_element_cb, void *new_element_cls)
Create a consensus session.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ insert_round1_element()

static void insert_round1_element ( struct KeygenSession ks)
static

Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given session.

Parameters
kssession to use

Definition at line 1597 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_KeygenCommitData::commitment, KeygenSession::consensus, GNUNET_SET_Element::data, elgamal_g, elgamal_p, GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_free, GNUNET_malloc, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, KeygenSession::info, KeygenSession::local_peer_idx, my_peer, KeygenPeerInfo::paillier_public_key, GNUNET_SECRETSHARING_KeygenCommitData::peer, KeygenSession::presecret_polynomial, GNUNET_SECRETSHARING_KeygenCommitData::pubkey, GNUNET_SECRETSHARING_KeygenCommitData::purpose, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_SECRETSHARING_KeygenCommitData::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, and GNUNET_SET_Element::size.

Referenced by handle_client_keygen().

1598 {
1599  struct GNUNET_SET_Element *element;
1601  // g^a_{i,0}
1602  gcry_mpi_t v;
1603  // big-endian representation of 'v'
1604  unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
1605 
1606  element = GNUNET_malloc (sizeof *element + sizeof *d);
1607  d = (void *) &element[1];
1608  element->data = d;
1609  element->size = sizeof *d;
1610 
1611  d->peer = my_peer;
1612 
1613  GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1614 
1615  gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p);
1616 
1618 
1620 
1622 
1623  d->purpose.size = htonl ((sizeof *d) - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose));
1627  &d->purpose,
1628  &d->signature));
1629 
1630  GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
1631 
1632  gcry_mpi_release (v);
1633  GNUNET_free (element);
1634 }
struct GNUNET_CRYPTO_EddsaSignature signature
Signature over the rest of the message.
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1
Signature for the first round of distributed key generation.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Element stored in a set.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
int GNUNET_CRYPTO_eddsa_sign(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:989
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
struct GNUNET_CRYPTO_PaillierPublicKey pubkey
Ephemeral paillier public key used by &#39;peer&#39; for this session.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
void GNUNET_CONSENSUS_insert(struct GNUNET_CONSENSUS_Handle *consensus, const struct GNUNET_SET_Element *element, GNUNET_CONSENSUS_InsertDoneCallback idc, void *idc_cls)
Insert an element in the set being reconsiled.
const void * data
Actual data of the element.
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
struct GNUNET_HashCode commitment
Commitment of &#39;peer&#39; to its presecret.
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Signature purpose for signing the keygen commit data.
struct KeygenPeerInfo * info
Information about all participating peers.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where &#39;preshares[0]&#39; is...
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
Consensus element data used in the first round of key generation.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_client_keygen()

static int check_client_keygen ( void *  cls,
const struct GNUNET_SECRETSHARING_CreateMessage msg 
)
static

Check that msg is well-formed.

Parameters
clsidentification of the client
msgthe actual message
Returns
GNUNET_OK if msg is well-formed

Definition at line 1645 of file gnunet-service-secretsharing.c.

References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, GNUNET_SECRETSHARING_CreateMessage::header, num_peers, GNUNET_SECRETSHARING_CreateMessage::num_peers, and GNUNET_MessageHeader::size.

1647 {
1648  unsigned int num_peers = ntohs (msg->num_peers);
1649 
1650  if (ntohs (msg->header.size) - sizeof (*msg) !=
1651  num_peers * sizeof (struct GNUNET_PeerIdentity))
1652  {
1653  GNUNET_break (0);
1654  return GNUNET_SYSERR;
1655  }
1656  return GNUNET_OK;
1657 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE.
Definition: secretsharing.h:52
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
static unsigned int num_peers
The identity of the host (wraps the signing key of the peer).
uint16_t num_peers
Number of peers at the end of this message.
Definition: secretsharing.h:78

◆ handle_client_keygen()

static void handle_client_keygen ( void *  cls,
const struct GNUNET_SECRETSHARING_CreateMessage msg 
)
static

Functions with this signature are called whenever a message is received.

Parameters
clsidentification of the client
msgthe actual message

Definition at line 1668 of file gnunet-service-secretsharing.c.

References ClientState::client, KeygenSession::consensus, KeygenSession::cs, GNUNET_SECRETSHARING_CreateMessage::deadline, KeygenSession::deadline, generate_presecret_polynomial(), GNUNET_break, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CRYPTO_paillier_create(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_new, GNUNET_new_array, GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_TIME_absolute_ntoh(), KeygenSession::info, insert_round1_element(), keygen_round1_conclude(), keygen_round1_new_element(), ClientState::keygen_session, KeygenSession::local_peer_idx, normalize_peers(), GNUNET_SECRETSHARING_CreateMessage::num_peers, KeygenSession::num_peers, KeygenSession::paillier_private_key, KeygenPeerInfo::paillier_public_key, KeygenPeerInfo::peer, KeygenSession::peers, GNUNET_SECRETSHARING_CreateMessage::threshold, and KeygenSession::threshold.

1670 {
1671  struct ClientState *cs = cls;
1672  struct KeygenSession *ks;
1673 
1675  "client requested key generation\n");
1676  if (NULL != cs->keygen_session)
1677  {
1678  GNUNET_break (0);
1680  return;
1681  }
1682  ks = GNUNET_new (struct KeygenSession);
1683  ks->cs = cs;
1684  cs->keygen_session = ks;
1686  ks->threshold = ntohs (msg->threshold);
1687  ks->num_peers = ntohs (msg->num_peers);
1688 
1689  ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1],
1690  ks->num_peers,
1691  &ks->num_peers,
1692  &ks->local_peer_idx);
1693 
1694 
1696  "first round of consensus with %u peers\n",
1697  ks->num_peers);
1699  ks->num_peers,
1700  ks->peers,
1701  &msg->session_id,
1705  ks);
1706 
1707  ks->info = GNUNET_new_array (ks->num_peers,
1708  struct KeygenPeerInfo);
1709 
1710  for (unsigned int i = 0; i < ks->num_peers; i++)
1711  ks->info[i].peer = ks->peers[i];
1712 
1714  &ks->paillier_private_key);
1715 
1717  "P%u: Generated paillier key pair\n",
1718  ks->local_peer_idx);
1721  "P%u: Generated presecret polynomial\n",
1722  ks->local_peer_idx);
1723  insert_round1_element (ks);
1725  "P%u: Concluding for round 1\n",
1726  ks->local_peer_idx);
1729  ks);
1732  "P%u: Waiting for round 1 elements ...\n",
1733  ks->local_peer_idx);
1734 }
struct GNUNET_TIME_AbsoluteNBO start
Start time for communication with the other peers.
Definition: secretsharing.h:62
static void insert_round1_element(struct KeygenSession *ks)
Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given sess...
static void keygen_round1_conclude(void *cls)
Called when the first consensus round has concluded.
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
State we keep per client.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh(struct GNUNET_TIME_AbsoluteNBO a)
Convert absolute time from network byte order.
Definition: time.c:670
static void generate_presecret_polynomial(struct KeygenSession *ks)
Generate the random coefficients of our pre-secret polynomial.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
unsigned int threshold
Minimum number of shares required to restore the secret.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
void GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key, struct GNUNET_CRYPTO_PaillierPrivateKey *private_key)
Create a freshly generated paillier public key.
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
struct GNUNET_TIME_AbsoluteNBO deadline
Deadline for the establishment of the crypto system.
Definition: secretsharing.h:67
Session to establish a threshold-shared secret.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
static struct GNUNET_PeerIdentity * normalize_peers(struct GNUNET_PeerIdentity *listed, unsigned int num_listed, unsigned int *num_normalized, unsigned int *my_peer_idx)
Normalize the given list of peers, by including the local peer (if it is missing) and sorting the pee...
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
void GNUNET_SERVICE_client_drop(struct GNUNET_SERVICE_Client *c)
Ask the server to disconnect from the given client.
Definition: service.c:2618
uint16_t threshold
Mininum number of cooperating peers to decrypt a value.
Definition: secretsharing.h:73
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
unsigned int num_peers
Total number of peers.
struct KeygenSession * keygen_session
Keygen session of the client, if any.
struct GNUNET_CRYPTO_PaillierPrivateKey paillier_private_key
Paillier private key of our peer.
struct KeygenPeerInfo * info
Information about all participating peers.
Info about a peer in a key generation session.
struct GNUNET_TIME_Absolute deadline
When would we like the key to be established?
The identity of the host (wraps the signing key of the peer).
static void keygen_round1_new_element(void *cls, const struct GNUNET_SET_Element *element)
Consensus element handler for round one.
struct GNUNET_SERVICE_Client * client
Client this is about.
struct GNUNET_PeerIdentity * peers
List of all peers involved in the secret sharing session.
#define GNUNET_log(kind,...)
void GNUNET_CONSENSUS_conclude(struct GNUNET_CONSENSUS_Handle *consensus, GNUNET_CONSENSUS_ConcludeCallback conclude, void *conclude_cls)
We are done with inserting new elements into the consensus; try to conclude the consensus within a gi...
struct GNUNET_PeerIdentity peer
Peer identity of the peer.
uint16_t num_peers
Number of peers at the end of this message.
Definition: secretsharing.h:78
struct GNUNET_CONSENSUS_Handle * GNUNET_CONSENSUS_create(const struct GNUNET_CONFIGURATION_Handle *cfg, unsigned int num_peers, const struct GNUNET_PeerIdentity *peers, const struct GNUNET_HashCode *session_id, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, GNUNET_CONSENSUS_ElementCallback new_element_cb, void *new_element_cls)
Create a consensus session.
struct GNUNET_HashCode session_id
Session ID, will be used for consensus.
Definition: secretsharing.h:57
void GNUNET_SERVICE_client_continue(struct GNUNET_SERVICE_Client *c)
Continue receiving further messages from the given client.
Definition: service.c:2533
struct ClientState * cs
Which client is this for?
Here is the call graph for this function:

◆ decrypt_conclude()

static void decrypt_conclude ( void *  cls)
static

Called when the partial decryption consensus concludes.

Definition at line 1741 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_Ciphertext::c2_bits, DecryptSession::ciphertext, compute_lagrange_coefficient(), DecryptSession::consensus, DecryptSession::cs, ds, elgamal_p, GNUNET_assert, GNUNET_CONSENSUS_destroy(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_INFO, GNUNET_free, GNUNET_log, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_new_array, GNUNET_SECRETSHARING_ELGAMAL_BITS, DecryptSession::info, m, ClientState::mq, msg, GNUNET_SECRETSHARING_Share::my_peer, GNUNET_SECRETSHARING_Share::num_peers, DecryptPeerInfo::original_index, DecryptPeerInfo::partial_decryption, GNUNET_SECRETSHARING_DecryptResponseMessage::plaintext, DecryptSession::share, and GNUNET_SECRETSHARING_DecryptResponseMessage::success.

Referenced by handle_client_decrypt().

1742 {
1743  struct DecryptSession *ds = cls;
1745  struct GNUNET_MQ_Envelope *ev;
1746  gcry_mpi_t lagrange;
1747  gcry_mpi_t m;
1748  gcry_mpi_t tmp;
1749  gcry_mpi_t c_2;
1750  gcry_mpi_t prod;
1751  unsigned int *indices;
1752  unsigned int num;
1753  unsigned int i;
1754  unsigned int j;
1755 
1757  ds->consensus = NULL;
1758 
1759  GNUNET_assert (0 != (lagrange = gcry_mpi_new (0)));
1760  GNUNET_assert (0 != (m = gcry_mpi_new (0)));
1761  GNUNET_assert (0 != (tmp = gcry_mpi_new (0)));
1762  GNUNET_assert (0 != (prod = gcry_mpi_new (0)));
1763 
1764  num = 0;
1765  for (i = 0; i < ds->share->num_peers; i++)
1766  if (NULL != ds->info[i].partial_decryption)
1767  num++;
1768 
1769  indices = GNUNET_new_array (num,
1770  unsigned int);
1771  j = 0;
1772  for (i = 0; i < ds->share->num_peers; i++)
1773  if (NULL != ds->info[i].partial_decryption)
1774  indices[j++] = ds->info[i].original_index;
1775 
1777  "P%u: decrypt conclude, with %u peers\n",
1778  ds->share->my_peer,
1779  num);
1780 
1781  gcry_mpi_set_ui (prod, 1);
1782  for (i = 0; i < num; i++)
1783  {
1784 
1786  "P%u: index of %u: %u\n",
1787  ds->share->my_peer, i, indices[i]);
1788  compute_lagrange_coefficient (lagrange, indices[i], indices, num);
1789  // w_i^{\lambda_i}
1790  gcry_mpi_powm (tmp, ds->info[indices[i]].partial_decryption, lagrange, elgamal_p);
1791 
1792  // product of all exponentiated partiel decryptions ...
1793  gcry_mpi_mulm (prod, prod, tmp, elgamal_p);
1794  }
1795 
1797 
1798  GNUNET_assert (0 != gcry_mpi_invm (prod, prod, elgamal_p));
1799  gcry_mpi_mulm (m, c_2, prod, elgamal_p);
1802  msg->success = htonl (1);
1803  GNUNET_MQ_send (ds->cs->mq,
1804  ev);
1805 
1806  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n");
1807 
1808  GNUNET_free (indices);
1809 
1810  gcry_mpi_release(lagrange);
1811  gcry_mpi_release(m);
1812  gcry_mpi_release(tmp);
1813  gcry_mpi_release(prod);
1814  gcry_mpi_release(c_2);
1815 
1816  // FIXME: what if not enough peers participated?
1817 }
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
struct GNUNET_SECRETSHARING_FieldElement plaintext
Decrypted plaintext.
struct GNUNET_MQ_Handle * mq
MQ to talk to client.
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:67
gcry_mpi_t partial_decryption
Set to the partial decryption of this peer, or NULL if we did not receive a partial decryption from t...
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:99
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE
The service succeeded in decrypting a ciphertext.
static void compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j, unsigned int *indices, unsigned int num)
Get a the j-th lagrange coefficient for a set of indices.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
struct DecryptPeerInfo * info
State information about other peers.
struct ClientState * cs
Which client is this for?
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
unsigned int original_index
Original index in the key generation round.
uint32_t success
Zero if decryption failed, non-zero if decryption succeeded.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
uint16_t my_peer
Index of our peer in the list.
#define GNUNET_log(kind,...)
static struct GNUNET_FS_DirScanner * ds
Handle to the directory scanner (for recursive insertions).
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:353
uint16_t num_peers
Peers that have the share.
uint32_t c2_bits[1024/8/sizeof(uint32_t)]
Session to cooperatively decrypt a value.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mpi_to_str()

static char* mpi_to_str ( gcry_mpi_t  mpi)
static

Get a string representation of an MPI.

The caller must free the returned string.

Parameters
mpimpi to convert to a string
Returns
string representation of mpi, must be free'd by the caller

Definition at line 1828 of file gnunet-service-secretsharing.c.

References buf, and GNUNET_assert.

Referenced by decrypt_new_element(), and insert_decrypt_element().

1829 {
1830  unsigned char *buf;
1831 
1832  GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, mpi));
1833  return (char *) buf;
1834 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static char buf[2048]
Here is the caller graph for this function:

◆ decrypt_new_element()

static void decrypt_new_element ( void *  cls,
const struct GNUNET_SET_Element element 
)
static

Called when a new partial decryption arrives.

Definition at line 1841 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_Ciphertext::c1_bits, ciphertext, GNUNET_SECRETSHARING_DecryptData::ciphertext, DecryptSession::ciphertext, cleanup(), GNUNET_SET_Element::data, elgamal_g, elgamal_p, get_decrypt_peer_info(), GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_memcmp, GNUNET_SECRETSHARING_ELGAMAL_BITS, DecryptSession::info, mpi_to_str(), GNUNET_SECRETSHARING_Share::my_peer, DecryptPeerInfo::partial_decryption, GNUNET_SECRETSHARING_DecryptData::peer, DecryptSession::share, KeygenPeerInfo::sigma, GNUNET_SECRETSHARING_Share::sigmas, and GNUNET_SET_Element::size.

Referenced by handle_client_decrypt().

1843 {
1844  struct DecryptSession *session = cls;
1845  const struct GNUNET_SECRETSHARING_DecryptData *d;
1846  struct DecryptPeerInfo *info;
1847  struct GNUNET_HashCode challenge_hash;
1848 
1849  /* nizk response */
1850  gcry_mpi_t r;
1851  /* nizk challenge */
1852  gcry_mpi_t challenge;
1853  /* nizk commit1, g^\beta */
1854  gcry_mpi_t commit1;
1855  /* nizk commit2, c_1^\beta */
1856  gcry_mpi_t commit2;
1857  /* homomorphic commitment to the peer's share,
1858  * public key share */
1859  gcry_mpi_t sigma;
1860  /* partial decryption we received */
1861  gcry_mpi_t w;
1862  /* ciphertext component #1 */
1863  gcry_mpi_t c1;
1864  /* temporary variable (for comparision) #1 */
1865  gcry_mpi_t tmp1;
1866  /* temporary variable (for comparision) #2 */
1867  gcry_mpi_t tmp2;
1868 
1869  if (NULL == element)
1870  {
1871  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n");
1872  /* FIXME: destroy */
1873  return;
1874  }
1875 
1876  if (element->size != sizeof *d)
1877  {
1878  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "element of wrong size in decrypt consensus\n");
1879  return;
1880  }
1881 
1882  d = element->data;
1883 
1884  info = get_decrypt_peer_info (session, &d->peer);
1885 
1886  if (NULL == info)
1887  {
1888  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element from invalid peer (%s)\n",
1889  GNUNET_i2s (&d->peer));
1890  return;
1891  }
1892 
1893  if (NULL != info->partial_decryption)
1894  {
1895  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n");
1896  return;
1897  }
1898 
1899  if (0 != GNUNET_memcmp (&d->ciphertext, &session->ciphertext))
1900  {
1901  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: got decrypt element with non-matching ciphertext from P%u\n",
1902  (unsigned int) session->share->my_peer, (unsigned int) (info - session->info));
1903 
1904  return;
1905  }
1906 
1907 
1908  GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *) d,
1909  offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) -
1910  offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext),
1911  &challenge_hash);
1912 
1913  GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash,
1914  sizeof (struct GNUNET_HashCode));
1915 
1916  GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &session->share->sigmas[info - session->info],
1917  sizeof (struct GNUNET_SECRETSHARING_FieldElement));
1918 
1920  sizeof (struct GNUNET_SECRETSHARING_FieldElement));
1921 
1922  GNUNET_CRYPTO_mpi_scan_unsigned (&commit1, &d->nizk_commit1,
1923  sizeof (struct GNUNET_SECRETSHARING_FieldElement));
1924 
1925  GNUNET_CRYPTO_mpi_scan_unsigned (&commit2, &d->nizk_commit2,
1926  sizeof (struct GNUNET_SECRETSHARING_FieldElement));
1927 
1928  GNUNET_CRYPTO_mpi_scan_unsigned (&r, &d->nizk_response,
1929  sizeof (struct GNUNET_SECRETSHARING_FieldElement));
1930 
1931  GNUNET_CRYPTO_mpi_scan_unsigned (&w, &d->partial_decryption,
1932  sizeof (struct GNUNET_SECRETSHARING_FieldElement));
1933 
1934  GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
1935  GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
1936 
1937  // tmp1 = g^r
1938  gcry_mpi_powm (tmp1, elgamal_g, r, elgamal_p);
1939 
1940  // tmp2 = g^\beta * \sigma^challenge
1941  gcry_mpi_powm (tmp2, sigma, challenge, elgamal_p);
1942  gcry_mpi_mulm (tmp2, tmp2, commit1, elgamal_p);
1943 
1944  if (0 != gcry_mpi_cmp (tmp1, tmp2))
1945  {
1946  char *tmp1_str;
1947  char *tmp2_str;
1948 
1949  tmp1_str = mpi_to_str (tmp1);
1950  tmp2_str = mpi_to_str (tmp2);
1952  "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n",
1953  session->share->my_peer,
1954  (unsigned int) (info - session->info),
1955  tmp1_str,
1956  tmp2_str);
1957  GNUNET_free (tmp1_str);
1958  GNUNET_free (tmp2_str);
1959  goto cleanup;
1960  }
1961 
1962 
1963  gcry_mpi_powm (tmp1, c1, r, elgamal_p);
1964 
1965  gcry_mpi_powm (tmp2, w, challenge, elgamal_p);
1966  gcry_mpi_mulm (tmp2, tmp2, commit2, elgamal_p);
1967 
1968 
1969  if (0 != gcry_mpi_cmp (tmp1, tmp2))
1970  {
1972  "P%u: Received invalid partial decryption from P%u (eqn 2)\n",
1973  session->share->my_peer,
1974  (unsigned int) (info - session->info));
1975  goto cleanup;
1976  }
1977 
1978 
1979  GNUNET_CRYPTO_mpi_scan_unsigned (&info->partial_decryption, &d->partial_decryption,
1981 cleanup:
1982  gcry_mpi_release (tmp1);
1983  gcry_mpi_release (tmp2);
1984  gcry_mpi_release (sigma);
1985  gcry_mpi_release (commit1);
1986  gcry_mpi_release (commit2);
1987  gcry_mpi_release (r);
1988  gcry_mpi_release (w);
1989  gcry_mpi_release (challenge);
1990  gcry_mpi_release (c1);
1991 }
static char * mpi_to_str(gcry_mpi_t mpi)
Get a string representation of an MPI.
Information about a peer in a decrypt session.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
static struct DecryptPeerInfo * get_decrypt_peer_info(const struct DecryptSession *ds, const struct GNUNET_PeerIdentity *peer)
Get the peer info belonging to a peer identity in a decrypt session.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
Data of then element put in consensus for decrypting a value.
gcry_mpi_t partial_decryption
Set to the partial decryption of this peer, or NULL if we did not receive a partial decryption from t...
const void * data
Actual data of the element.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static void cleanup(void *cls)
Function scheduled as very last function, cleans up after us.
static struct GNUNET_SECRETSHARING_Ciphertext ciphertext
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
A 512-bit hashcode.
uint32_t c1_bits[1024/8/sizeof(uint32_t)]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
struct DecryptPeerInfo * info
State information about other peers.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
struct GNUNET_SECRETSHARING_FieldElement * sigmas
uint16_t my_peer
Index of our peer in the list.
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_log(kind,...)
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
Session to cooperatively decrypt a value.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ insert_decrypt_element()

static void insert_decrypt_element ( struct DecryptSession ds)
static

Definition at line 1995 of file gnunet-service-secretsharing.c.

References beta, GNUNET_SECRETSHARING_Ciphertext::c1_bits, ciphertext, GNUNET_SECRETSHARING_DecryptData::ciphertext, DecryptSession::ciphertext, DecryptSession::consensus, GNUNET_SET_Element::data, GNUNET_SET_Element::element_type, elgamal_g, elgamal_p, elgamal_q, GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION, mpi_to_str(), GNUNET_SECRETSHARING_Share::my_peer, my_peer, GNUNET_SECRETSHARING_Share::my_share, GNUNET_SECRETSHARING_DecryptData::nizk_commit1, GNUNET_SECRETSHARING_DecryptData::nizk_commit2, GNUNET_SECRETSHARING_DecryptData::nizk_response, GNUNET_SECRETSHARING_Share::num_peers, GNUNET_SECRETSHARING_DecryptData::partial_decryption, GNUNET_SECRETSHARING_DecryptData::peer, GNUNET_SECRETSHARING_DecryptData::purpose, DecryptSession::share, KeygenPeerInfo::sigma, GNUNET_SECRETSHARING_Share::sigmas, and GNUNET_SET_Element::size.

Referenced by handle_client_decrypt().

1996 {
1998  struct GNUNET_SET_Element element;
1999  /* our share */
2000  gcry_mpi_t s;
2001  /* partial decryption with our share */
2002  gcry_mpi_t w;
2003  /* first component of the elgamal ciphertext */
2004  gcry_mpi_t c1;
2005  /* nonce for dlog zkp */
2006  gcry_mpi_t beta;
2007  gcry_mpi_t tmp;
2008  gcry_mpi_t challenge;
2009  gcry_mpi_t sigma;
2010  struct GNUNET_HashCode challenge_hash;
2011 
2012  /* make vagrind happy until we implement the real deal ... */
2013  memset (&d, 0, sizeof d);
2014 
2015  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n",
2016  ds->share->my_peer);
2017 
2018  GNUNET_assert (ds->share->my_peer < ds->share->num_peers);
2019 
2026 
2027  GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
2028  GNUNET_assert (NULL != (beta = gcry_mpi_new (0)));
2029  GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
2030 
2031  // FIXME: unnecessary, remove once crypto works
2032  gcry_mpi_powm (tmp, elgamal_g, s, elgamal_p);
2033  if (0 != gcry_mpi_cmp (tmp, sigma))
2034  {
2035  char *sigma_str = mpi_to_str (sigma);
2036  char *tmp_str = mpi_to_str (tmp);
2037  char *s_str = mpi_to_str (s);
2038  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Share of P%u is invalid, ref sigma %s, "
2039  "computed sigma %s, s %s\n",
2040  ds->share->my_peer,
2041  sigma_str, tmp_str, s_str);
2042  GNUNET_free (sigma_str);
2043  GNUNET_free (tmp_str);
2044  GNUNET_free (s_str);
2045  }
2046 
2047  gcry_mpi_powm (w, c1, s, elgamal_p);
2048 
2049  element.data = (void *) &d;
2050  element.size = sizeof (struct GNUNET_SECRETSHARING_DecryptData);
2051  element.element_type = 0;
2052 
2053  d.ciphertext = ds->ciphertext;
2054  d.peer = my_peer;
2056 
2057  // create the zero knowledge proof
2058  // randomly choose beta such that 0 < beta < q
2059  do
2060  {
2061  gcry_mpi_randomize (beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
2062  } while ((gcry_mpi_cmp_ui (beta, 0) == 0) || (gcry_mpi_cmp (beta, elgamal_q) >= 0));
2063  // tmp = g^beta
2064  gcry_mpi_powm (tmp, elgamal_g, beta, elgamal_p);
2066  // tmp = (c_1)^beta
2067  gcry_mpi_powm (tmp, c1, beta, elgamal_p);
2069 
2070  // the challenge is the hash of everything up to the response
2071  GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *) &d,
2072  offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) -
2073  offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext),
2074  &challenge_hash);
2075 
2076  GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash,
2077  sizeof (struct GNUNET_HashCode));
2078 
2079  // compute the response in tmp,
2080  // tmp = (c * s + beta) mod q
2081  gcry_mpi_mulm (tmp, challenge, s, elgamal_q);
2082  gcry_mpi_addm (tmp, tmp, beta, elgamal_q);
2083 
2085 
2086  d.purpose.size = htonl (element.size - offsetof (struct GNUNET_SECRETSHARING_DecryptData, purpose));
2087  d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION);
2088 
2091  &d.purpose,
2092  &d.signature));
2093 
2094  GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL);
2096  "P%u: Inserting decrypt element done!\n",
2097  ds->share->my_peer);
2098 
2099  gcry_mpi_release (s);
2100  gcry_mpi_release (w);
2101  gcry_mpi_release (c1);
2102  gcry_mpi_release (beta);
2103  gcry_mpi_release (tmp);
2104  gcry_mpi_release (challenge);
2105  gcry_mpi_release (sigma);
2106 }
static char * mpi_to_str(gcry_mpi_t mpi)
Get a string representation of an MPI.
struct GNUNET_SECRETSHARING_FieldElement my_share
Share of &#39;my_peer&#39;.
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
Element stored in a set.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
int GNUNET_CRYPTO_eddsa_sign(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:989
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
Data of then element put in consensus for decrypting a value.
void GNUNET_CONSENSUS_insert(struct GNUNET_CONSENSUS_Handle *consensus, const struct GNUNET_SET_Element *element, GNUNET_CONSENSUS_InsertDoneCallback idc, void *idc_cls)
Insert an element in the set being reconsiled.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
static struct GNUNET_SECRETSHARING_Ciphertext ciphertext
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
A 512-bit hashcode.
uint32_t c1_bits[1024/8/sizeof(uint32_t)]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
struct GNUNET_SECRETSHARING_FieldElement nizk_response
Reponse to the challenge computed from the protocol transcript.
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
struct GNUNET_SECRETSHARING_FieldElement * sigmas
uint16_t my_peer
Index of our peer in the list.
#define GNUNET_log(kind,...)
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION
Signature for cooperatice decryption.
static float beta
Percentage of total peer number in the view to send random PULLs to.
uint16_t num_peers
Peers that have the share.
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_client_decrypt()

static int check_client_decrypt ( void *  cls,
const struct GNUNET_SECRETSHARING_DecryptRequestMessage msg 
)
static

Check that msg is well-formed.

Parameters
clsidentification of the client
msgthe actual message
Returns
GNUNET_OK (check deferred a bit)

Definition at line 2117 of file gnunet-service-secretsharing.c.

References GNUNET_OK.

2119 {
2120  /* we check later, it's complicated */
2121  return GNUNET_OK;
2122 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78

◆ handle_client_decrypt()

static void handle_client_decrypt ( void *  cls,
const struct GNUNET_SECRETSHARING_DecryptRequestMessage msg 
)
static

Functions with this signature are called whenever a message is received.

Parameters
clsidentification of the client
msgthe actual message

Definition at line 2133 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_DecryptRequestMessage::ciphertext, DecryptSession::ciphertext, ClientState::client, DecryptSession::consensus, DecryptSession::cs, GNUNET_SECRETSHARING_DecryptRequestMessage::deadline, DecryptSession::deadline, decrypt_conclude(), decrypt_new_element(), ClientState::decrypt_session, ds, GNUNET_break, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_new, GNUNET_new_array, GNUNET_SECRETSHARING_share_read(), GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_TIME_absolute_ntoh(), GNUNET_SECRETSHARING_DecryptRequestMessage::header, DecryptSession::info, insert_decrypt_element(), GNUNET_SECRETSHARING_Share::num_peers, DecryptPeerInfo::original_index, GNUNET_SECRETSHARING_Share::original_indices, DecryptPeerInfo::peer, GNUNET_SECRETSHARING_Share::peers, DecryptSession::share, GNUNET_MessageHeader::size, GNUNET_SECRETSHARING_DecryptRequestMessage::start, and DecryptSession::start.

2135 {
2136  struct ClientState *cs = cls;
2137  struct DecryptSession *ds;
2138  struct GNUNET_HashCode session_id;
2139 
2140  if (NULL != cs->decrypt_session)
2141  {
2142  GNUNET_break (0);
2144  return;
2145  }
2146  ds = GNUNET_new (struct DecryptSession);
2147  cs->decrypt_session = ds;
2148  ds->cs = cs;
2149  ds->start = GNUNET_TIME_absolute_ntoh (msg->start);
2151  ds->ciphertext = msg->ciphertext;
2152 
2153  ds->share = GNUNET_SECRETSHARING_share_read (&msg[1],
2154  ntohs (msg->header.size) - sizeof (*msg),
2155  NULL);
2156  if (NULL == ds->share)
2157  {
2158  GNUNET_break (0);
2160  return;
2161  }
2162 
2163  /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */
2165  sizeof (struct GNUNET_SECRETSHARING_Ciphertext),
2166  &session_id);
2168  ds->share->num_peers,
2169  ds->share->peers,
2170  &session_id,
2171  ds->start,
2172  ds->deadline,
2174  ds);
2175 
2176 
2177  ds->info = GNUNET_new_array (ds->share->num_peers,
2178  struct DecryptPeerInfo);
2179  for (unsigned int i = 0; i < ds->share->num_peers; i++)
2180  {
2181  ds->info[i].peer = ds->share->peers[i];
2182  ds->info[i].original_index = ds->share->original_indices[i];
2183  }
2187  ds);
2190  "decrypting with %u peers\n",
2191  ds->share->num_peers);
2192 }
Information about a peer in a decrypt session.
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
struct GNUNET_SECRETSHARING_Share * GNUNET_SECRETSHARING_share_read(const void *data, size_t len, size_t *readlen)
Read a share from its binary representation.
State we keep per client.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh(struct GNUNET_TIME_AbsoluteNBO a)
Convert absolute time from network byte order.
Definition: time.c:670
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
static void decrypt_conclude(void *cls)
Called when the partial decryption consensus concludes.
struct GNUNET_PeerIdentity * peers
Peer identities (includes &#39;my_peer&#39;)
struct GNUNET_PeerIdentity peer
Identity of the peer.
static struct GNUNET_HashCode session_id
static void decrypt_new_element(void *cls, const struct GNUNET_SET_Element *element)
Called when a new partial decryption arrives.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_REQUEST.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
static void insert_decrypt_element(struct DecryptSession *ds)
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
struct DecryptSession * decrypt_session
Decrypt session of the client, if any.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
A 512-bit hashcode.
void GNUNET_SERVICE_client_drop(struct GNUNET_SERVICE_Client *c)
Ask the server to disconnect from the given client.
Definition: service.c:2618
struct GNUNET_TIME_AbsoluteNBO deadline
Until when should the decryption be finished?
struct DecryptPeerInfo * info
State information about other peers.
struct ClientState * cs
Which client is this for?
struct GNUNET_TIME_AbsoluteNBO start
Until when should the decryption start?
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
unsigned int original_index
Original index in the key generation round.
struct GNUNET_TIME_Absolute deadline
When would we like the ciphertext to be decrypted?
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
struct GNUNET_SERVICE_Client * client
Client this is about.
#define GNUNET_log(kind,...)
void GNUNET_CONSENSUS_conclude(struct GNUNET_CONSENSUS_Handle *consensus, GNUNET_CONSENSUS_ConcludeCallback conclude, void *conclude_cls)
We are done with inserting new elements into the consensus; try to conclude the consensus within a gi...
static struct GNUNET_FS_DirScanner * ds
Handle to the directory scanner (for recursive insertions).
struct GNUNET_CONSENSUS_Handle * GNUNET_CONSENSUS_create(const struct GNUNET_CONFIGURATION_Handle *cfg, unsigned int num_peers, const struct GNUNET_PeerIdentity *peers, const struct GNUNET_HashCode *session_id, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, GNUNET_CONSENSUS_ElementCallback new_element_cb, void *new_element_cls)
Create a consensus session.
struct GNUNET_TIME_Absolute start
When should we start communicating for decryption?
uint16_t num_peers
Peers that have the share.
void GNUNET_SERVICE_client_continue(struct GNUNET_SERVICE_Client *c)
Continue receiving further messages from the given client.
Definition: service.c:2533
Session to cooperatively decrypt a value.
Here is the call graph for this function:

◆ init_crypto_constants()

static void init_crypto_constants ( void  )
static

Definition at line 2196 of file gnunet-service-secretsharing.c.

References elgamal_g, elgamal_p, elgamal_q, GNUNET_assert, GNUNET_SECRETSHARING_ELGAMAL_G_HEX, GNUNET_SECRETSHARING_ELGAMAL_P_HEX, and GNUNET_SECRETSHARING_ELGAMAL_Q_HEX.

Referenced by run().

2197 {
2198  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX,
2200  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX,
2202  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX,
2204 }
#define GNUNET_SECRETSHARING_ELGAMAL_G_HEX
The g-parameter for ElGamal encryption, a generator of the unique size q subgroup of Z_p^*...
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_SECRETSHARING_ELGAMAL_Q_HEX
The q-parameter for ElGamal encryption, a 1023-bit Sophie Germain prime, q = (p-1)/2.
#define GNUNET_SECRETSHARING_ELGAMAL_P_HEX
The q-parameter for ElGamal encryption, a 1024-bit safe prime.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
Here is the caller graph for this function:

◆ run()

static void run ( void *  cls,
const struct GNUNET_CONFIGURATION_Handle c,
struct GNUNET_SERVICE_Handle service 
)
static

Initialize secretsharing service.

Parameters
clsclosure
cconfiguration to use
servicethe initialized service

Definition at line 2215 of file gnunet-service-secretsharing.c.

References cleanup_task(), GNUNET_break, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SCHEDULER_add_shutdown(), GNUNET_SCHEDULER_shutdown(), init_crypto_constants(), and my_peer.

Referenced by client_disconnect_cb().

2218 {
2219  cfg = c;
2221  if (NULL == my_peer_private_key)
2222  {
2224  "could not access host private key\n");
2225  GNUNET_break (0);
2227  return;
2228  }
2230  if (GNUNET_OK !=
2232  &my_peer))
2233  {
2235  "could not retrieve host identity\n");
2236  GNUNET_break (0);
2238  return;
2239  }
2241  NULL);
2242 }
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_shutdown(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run on shutdown, that is when a CTRL-C signal is received, or when GNUNET_SCHEDULER_shutdown() is being invoked.
Definition: scheduler.c:1293
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
static void init_crypto_constants(void)
void GNUNET_SCHEDULER_shutdown(void)
Request the shutdown of a scheduler.
Definition: scheduler.c:524
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
#define GNUNET_log(kind,...)
int GNUNET_CRYPTO_get_peer_identity(const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
Retrieve the identity of the host&#39;s peer.
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer&#39;s key from the file specified in the configuration...
static void cleanup_task(void *cls)
Task run during shutdown.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ client_connect_cb()

static void* client_connect_cb ( void *  cls,
struct GNUNET_SERVICE_Client c,
struct GNUNET_MQ_Handle mq 
)
static

Callback called when a client connects to the service.

Parameters
clsclosure for the service
cthe new client that connected to the service
mqthe message queue used to send messages to the client
Returns
c

Definition at line 2254 of file gnunet-service-secretsharing.c.

References ClientState::client, GNUNET_new, mq, and ClientState::mq.

Referenced by client_disconnect_cb().

2257 {
2258  struct ClientState *cs = GNUNET_new (struct ClientState);;
2259 
2260  cs->client = c;
2261  cs->mq = mq;
2262  return cs;
2263 }
State we keep per client.
struct GNUNET_MQ_Handle * mq
MQ to talk to client.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_SERVICE_Client * client
Client this is about.
struct GNUNET_MQ_Handle * mq
Definition: 003.c:5
Here is the caller graph for this function:

◆ client_disconnect_cb()

static void client_disconnect_cb ( void *  cls,
struct GNUNET_SERVICE_Client c,
void *  internal_cls 
)
static

Callback called when a client disconnected from the service.

Parameters
clsclosure for the service
cthe client that disconnected
internal_clsshould be equal to c

Definition at line 2274 of file gnunet-service-secretsharing.c.

References client_connect_cb(), ClientState::decrypt_session, decrypt_session_destroy(), GNUNET_free, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, GNUNET_MQ_handler_end, GNUNET_MQ_hd_var_size, GNUNET_SERVICE_MAIN(), GNUNET_SERVICE_OPTION_NONE, ClientState::keygen_session, keygen_session_destroy(), and run().

2277 {
2278  struct ClientState *cs = internal_cls;
2279 
2280  if (NULL != cs->keygen_session)
2282 
2283  if (NULL != cs->decrypt_session)
2285  GNUNET_free (cs);
2286 }
State we keep per client.
static void decrypt_session_destroy(struct DecryptSession *ds)
Destroy a decrypt session, removing it from the linked list of decrypt sessions.
struct DecryptSession * decrypt_session
Decrypt session of the client, if any.
static void keygen_session_destroy(struct KeygenSession *ks)
struct KeygenSession * keygen_session
Keygen session of the client, if any.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_SERVICE_MAIN()

GNUNET_SERVICE_MAIN ( "secretsharing"  ,
GNUNET_SERVICE_OPTION_NONE  ,
run,
client_connect_cb,
client_disconnect_cb,
NULL  ,
GNUNET_MQ_hd_var_size(client_keygen, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, struct GNUNET_SECRETSHARING_CreateMessage, NULL)  ,
GNUNET_MQ_hd_var_size(client_decrypt, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, struct GNUNET_SECRETSHARING_DecryptRequestMessage, NULL)  ,
GNUNET_MQ_handler_end()   
)

Define "main" method using service macro.

Referenced by client_disconnect_cb().

Here is the caller graph for this function:

Variable Documentation

◆ elgamal_q

gcry_mpi_t elgamal_q
static

◆ elgamal_p

gcry_mpi_t elgamal_p
static

◆ elgamal_g

gcry_mpi_t elgamal_g
static

◆ my_peer

struct GNUNET_PeerIdentity my_peer
static

◆ my_peer_private_key

struct GNUNET_CRYPTO_EddsaPrivateKey* my_peer_private_key
static

Peer that runs this service.

Definition at line 312 of file gnunet-service-secretsharing.c.

◆ cfg

const struct GNUNET_CONFIGURATION_Handle* cfg
static

Configuration of this service.

Definition at line 317 of file gnunet-service-secretsharing.c.