GNUnet  0.11.x
Data Structures | Macros | Functions | Variables
gnunet-service-secretsharing.c File Reference

secret sharing service More...

#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_time_lib.h"
#include "gnunet_signatures.h"
#include "gnunet_consensus_service.h"
#include "secretsharing.h"
#include "secretsharing_protocol.h"
#include <gcrypt.h>
Include dependency graph for gnunet-service-secretsharing.c:

Go to the source code of this file.

Data Structures

struct  KeygenPeerInfo
 Info about a peer in a key generation session. More...
 
struct  DecryptPeerInfo
 Information about a peer in a decrypt session. More...
 
struct  KeygenSession
 Session to establish a threshold-shared secret. More...
 
struct  DecryptSession
 Session to cooperatively decrypt a value. More...
 
struct  ClientState
 State we keep per client. More...
 

Macros

#define EXTRA_CHECKS   1
 

Functions

static struct KeygenPeerInfoget_keygen_peer_info (const struct KeygenSession *ks, const struct GNUNET_PeerIdentity *peer)
 Get the peer info belonging to a peer identity in a keygen session. More...
 
static struct DecryptPeerInfoget_decrypt_peer_info (const struct DecryptSession *ds, const struct GNUNET_PeerIdentity *peer)
 Get the peer info belonging to a peer identity in a decrypt session. More...
 
static struct GNUNET_TIME_Absolute time_between (struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end, int num, int denum)
 Interpolate between two points in time. More...
 
static int peer_id_cmp (const void *p1, const void *p2)
 Compare two peer identities. More...
 
static int peer_find (const struct GNUNET_PeerIdentity *haystack, unsigned int n, const struct GNUNET_PeerIdentity *needle)
 Get the index of a peer in an array of peers. More...
 
static struct GNUNET_PeerIdentitynormalize_peers (struct GNUNET_PeerIdentity *listed, unsigned int num_listed, unsigned int *num_normalized, unsigned int *my_peer_idx)
 Normalize the given list of peers, by including the local peer (if it is missing) and sorting the peers by their identity. More...
 
static void compute_lagrange_coefficient (gcry_mpi_t coeff, unsigned int j, unsigned int *indices, unsigned int num)
 Get a the j-th lagrange coefficient for a set of indices. More...
 
static void decrypt_session_destroy (struct DecryptSession *ds)
 Destroy a decrypt session, removing it from the linked list of decrypt sessions. More...
 
static void keygen_info_destroy (struct KeygenPeerInfo *info)
 
static void keygen_session_destroy (struct KeygenSession *ks)
 
static void cleanup_task (void *cls)
 Task run during shutdown. More...
 
static void generate_presecret_polynomial (struct KeygenSession *ks)
 Generate the random coefficients of our pre-secret polynomial. More...
 
static void keygen_round1_new_element (void *cls, const struct GNUNET_SET_Element *element)
 Consensus element handler for round one. More...
 
static void horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m)
 Evaluate the polynomial with coefficients coeff at x. More...
 
static void keygen_round2_conclude (void *cls)
 
static void restore_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t x, gcry_mpi_t xres)
 
static void get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t *e)
 
static int verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe)
 
static void encrypt_fair (gcry_mpi_t v, const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, struct GNUNET_SECRETSHARING_FairEncryption *fe)
 Create a fair Paillier encryption of then given ciphertext. More...
 
static void insert_round2_element (struct KeygenSession *ks)
 Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coefficients A_{i,l}=g^{a_{i,l}} (2) The exponentiated pre-shares y_{i,j}=g^{s_{i,j}} (3) The encrypted pre-shares Y_{i,j} (4) The zero knowledge proof for fairness of the encryption. More...
 
static gcry_mpi_t keygen_reveal_get_exp_coeff (struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
 
static struct GNUNET_SECRETSHARING_FairEncryptionkeygen_reveal_get_enc_preshare (struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
 
static gcry_mpi_t keygen_reveal_get_exp_preshare (struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
 
static void keygen_round2_new_element (void *cls, const struct GNUNET_SET_Element *element)
 
static void keygen_round1_conclude (void *cls)
 Called when the first consensus round has concluded. More...
 
static void insert_round1_element (struct KeygenSession *ks)
 Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given session. More...
 
static int check_client_keygen (void *cls, const struct GNUNET_SECRETSHARING_CreateMessage *msg)
 Check that msg is well-formed. More...
 
static void handle_client_keygen (void *cls, const struct GNUNET_SECRETSHARING_CreateMessage *msg)
 Functions with this signature are called whenever a message is received. More...
 
static void decrypt_conclude (void *cls)
 Called when the partial decryption consensus concludes. More...
 
static char * mpi_to_str (gcry_mpi_t mpi)
 Get a string representation of an MPI. More...
 
static void decrypt_new_element (void *cls, const struct GNUNET_SET_Element *element)
 Called when a new partial decryption arrives. More...
 
static void insert_decrypt_element (struct DecryptSession *ds)
 
static int check_client_decrypt (void *cls, const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
 Check that msg is well-formed. More...
 
static void handle_client_decrypt (void *cls, const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
 Functions with this signature are called whenever a message is received. More...
 
static void init_crypto_constants (void)
 
static void run (void *cls, const struct GNUNET_CONFIGURATION_Handle *c, struct GNUNET_SERVICE_Handle *service)
 Initialize secretsharing service. More...
 
static void * client_connect_cb (void *cls, struct GNUNET_SERVICE_Client *c, struct GNUNET_MQ_Handle *mq)
 Callback called when a client connects to the service. More...
 
static void client_disconnect_cb (void *cls, struct GNUNET_SERVICE_Client *c, void *internal_cls)
 Callback called when a client disconnected from the service. More...
 
 GNUNET_SERVICE_MAIN ("secretsharing", GNUNET_SERVICE_OPTION_NONE, &run, &client_connect_cb, &client_disconnect_cb, NULL, GNUNET_MQ_hd_var_size(client_keygen, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, struct GNUNET_SECRETSHARING_CreateMessage, NULL), GNUNET_MQ_hd_var_size(client_decrypt, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, struct GNUNET_SECRETSHARING_DecryptRequestMessage, NULL), GNUNET_MQ_handler_end())
 Define "main" method using service macro. More...
 

Variables

static gcry_mpi_t elgamal_q
 The ElGamal prime field order as libgcrypt mpi. More...
 
static gcry_mpi_t elgamal_p
 Modulus of the prime field used for ElGamal. More...
 
static gcry_mpi_t elgamal_g
 Generator for prime field of order 'elgamal_q'. More...
 
static struct GNUNET_PeerIdentity my_peer
 Peer that runs this service. More...
 
static struct GNUNET_CRYPTO_EddsaPrivateKeymy_peer_private_key
 Peer that runs this service. More...
 
static const struct GNUNET_CONFIGURATION_Handlecfg
 Configuration of this service. More...
 

Detailed Description

secret sharing service

Author
Florian Dold

Definition in file gnunet-service-secretsharing.c.

Macro Definition Documentation

◆ EXTRA_CHECKS

#define EXTRA_CHECKS   1

Definition at line 36 of file gnunet-service-secretsharing.c.

Function Documentation

◆ get_keygen_peer_info()

static struct KeygenPeerInfo* get_keygen_peer_info ( const struct KeygenSession ks,
const struct GNUNET_PeerIdentity peer 
)
static

Get the peer info belonging to a peer identity in a keygen session.

Parameters
ksThe keygen session.
peerThe peer identity.
Returns
The Keygen peer info, or NULL if the peer could not be found.

Definition at line 325 of file gnunet-service-secretsharing.c.

References GNUNET_memcmp, KeygenSession::info, KeygenSession::num_peers, and KeygenPeerInfo::peer.

Referenced by keygen_round1_new_element(), and keygen_round2_new_element().

327 {
328  unsigned int i;
329 
330  for (i = 0; i < ks->num_peers; i++)
331  if (0 == GNUNET_memcmp (peer, &ks->info[i].peer))
332  return &ks->info[i];
333  return NULL;
334 }
unsigned int num_peers
Total number of peers.
struct KeygenPeerInfo * info
Information about all participating peers.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
struct GNUNET_PeerIdentity peer
Peer identity of the peer.
Here is the caller graph for this function:

◆ get_decrypt_peer_info()

static struct DecryptPeerInfo* get_decrypt_peer_info ( const struct DecryptSession ds,
const struct GNUNET_PeerIdentity peer 
)
static

Get the peer info belonging to a peer identity in a decrypt session.

Parameters
dsThe decrypt session.
peerThe peer identity.
Returns
The decrypt peer info, or NULL if the peer could not be found.

Definition at line 345 of file gnunet-service-secretsharing.c.

References GNUNET_memcmp, DecryptSession::info, GNUNET_SECRETSHARING_Share::num_peers, DecryptPeerInfo::peer, and DecryptSession::share.

Referenced by decrypt_new_element().

347 {
348  unsigned int i;
349 
350  for (i = 0; i < ds->share->num_peers; i++)
351  if (0 == GNUNET_memcmp (peer, &ds->info[i].peer))
352  return &ds->info[i];
353  return NULL;
354 }
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
struct GNUNET_PeerIdentity peer
Identity of the peer.
struct DecryptPeerInfo * info
State information about other peers.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
uint16_t num_peers
Peers that have the share.
Here is the caller graph for this function:

◆ time_between()

static struct GNUNET_TIME_Absolute time_between ( struct GNUNET_TIME_Absolute  start,
struct GNUNET_TIME_Absolute  end,
int  num,
int  denum 
)
static

Interpolate between two points in time.

Parameters
startstart time
endend time
numnumerator of the scale factor
denumdenumerator of the scale factor

Definition at line 366 of file gnunet-service-secretsharing.c.

References GNUNET_TIME_Absolute::abs_value_us, end, GNUNET_assert, result, and start.

Referenced by keygen_round1_conclude().

369 {
371  uint64_t diff;
372 
373  GNUNET_assert (start.abs_value_us <= end.abs_value_us);
374  diff = end.abs_value_us - start.abs_value_us;
375  result.abs_value_us = start.abs_value_us + ((diff * num) / denum);
376 
377  return result;
378 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
uint64_t abs_value_us
The actual value.
static int result
Global testing status.
Time for absolute times used by GNUnet, in microseconds.
Here is the caller graph for this function:

◆ peer_id_cmp()

static int peer_id_cmp ( const void *  p1,
const void *  p2 
)
static

Compare two peer identities.

Indended to be used with qsort or bsearch.

Parameters
p1Some peer identity.
p2Some peer identity.
Returns
1 if p1 > p2, -1 if p1 < p2 and 0 if p1 == p2.

Definition at line 389 of file gnunet-service-secretsharing.c.

Referenced by normalize_peers().

390 {
391  return memcmp (p1,
392  p2,
393  sizeof(struct GNUNET_PeerIdentity));
394 }
The identity of the host (wraps the signing key of the peer).
Here is the caller graph for this function:

◆ peer_find()

static int peer_find ( const struct GNUNET_PeerIdentity haystack,
unsigned int  n,
const struct GNUNET_PeerIdentity needle 
)
static

Get the index of a peer in an array of peers.

Parameters
haystackArray of peers.
nSize of haystack.
needlePeer to find
Returns
Index of needle in haystack, or -1 if peer is not in the list.

Definition at line 407 of file gnunet-service-secretsharing.c.

References GNUNET_memcmp.

Referenced by normalize_peers().

409 {
410  unsigned int i;
411 
412  for (i = 0; i < n; i++)
413  if (0 == GNUNET_memcmp (&haystack[i],
414  needle))
415  return i;
416  return -1;
417 }
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
Here is the caller graph for this function:

◆ normalize_peers()

static struct GNUNET_PeerIdentity* normalize_peers ( struct GNUNET_PeerIdentity listed,
unsigned int  num_listed,
unsigned int *  num_normalized,
unsigned int *  my_peer_idx 
)
static

Normalize the given list of peers, by including the local peer (if it is missing) and sorting the peers by their identity.

Parameters
listedPeers in the unnormalized list.
num_listedPeers in the un-normalized list.
[out]num_normalizedNumber of peers in the normalized list.
[out]my_peer_idxIndex of the local peer in the normalized list.
Returns
Normalized list, must be free'd by the caller.

Definition at line 431 of file gnunet-service-secretsharing.c.

References GNUNET_memcpy, GNUNET_new_array, GNUNET_NO, GNUNET_YES, my_peer, peer_find(), and peer_id_cmp().

Referenced by handle_client_keygen().

435 {
436  unsigned int local_peer_in_list;
437  /* number of peers in the normalized list */
438  unsigned int n;
439  struct GNUNET_PeerIdentity *normalized;
440 
441  local_peer_in_list = GNUNET_YES;
442  n = num_listed;
443  if (peer_find (listed, num_listed, &my_peer) < 0)
444  {
445  local_peer_in_list = GNUNET_NO;
446  n += 1;
447  }
448 
449  normalized = GNUNET_new_array (n,
450  struct GNUNET_PeerIdentity);
451 
452  if (GNUNET_NO == local_peer_in_list)
453  normalized[n - 1] = my_peer;
454 
455  GNUNET_memcpy (normalized,
456  listed,
457  num_listed * sizeof(struct GNUNET_PeerIdentity));
458  qsort (normalized,
459  n,
460  sizeof(struct GNUNET_PeerIdentity),
461  &peer_id_cmp);
462 
463  if (NULL != my_peer_idx)
464  *my_peer_idx = peer_find (normalized, n, &my_peer);
465  if (NULL != num_normalized)
466  *num_normalized = n;
467 
468  return normalized;
469 }
static int peer_id_cmp(const void *p1, const void *p2)
Compare two peer identities.
static int peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n, const struct GNUNET_PeerIdentity *needle)
Get the index of a peer in an array of peers.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_NO
Definition: gnunet_common.h:78
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
The identity of the host (wraps the signing key of the peer).
#define GNUNET_YES
Definition: gnunet_common.h:77
Here is the call graph for this function:
Here is the caller graph for this function:

◆ compute_lagrange_coefficient()

static void compute_lagrange_coefficient ( gcry_mpi_t  coeff,
unsigned int  j,
unsigned int *  indices,
unsigned int  num 
)
static

Get a the j-th lagrange coefficient for a set of indices.

Parameters
[out]coeffthe lagrange coefficient
jlagrange coefficient we want to compute
indicesindices
numnumber of indices in indices

Definition at line 481 of file gnunet-service-secretsharing.c.

References elgamal_q, GNUNET_assert, and l.

Referenced by decrypt_conclude().

484 {
485  unsigned int i;
486  /* numerator */
487  gcry_mpi_t n;
488  /* denominator */
489  gcry_mpi_t d;
490  /* temp value for l-j */
491  gcry_mpi_t tmp;
492 
493  GNUNET_assert (0 != coeff);
494 
495  GNUNET_assert (0 != (n = gcry_mpi_new (0)));
496  GNUNET_assert (0 != (d = gcry_mpi_new (0)));
497  GNUNET_assert (0 != (tmp = gcry_mpi_new (0)));
498 
499  gcry_mpi_set_ui (n, 1);
500  gcry_mpi_set_ui (d, 1);
501 
502  for (i = 0; i < num; i++)
503  {
504  unsigned int l = indices[i];
505  if (l == j)
506  continue;
507  gcry_mpi_mul_ui (n, n, l + 1);
508  // d <- d * (l-j)
509  gcry_mpi_set_ui (tmp, l + 1);
510  gcry_mpi_sub_ui (tmp, tmp, j + 1);
511  gcry_mpi_mul (d, d, tmp);
512  }
513 
514  // gcry_mpi_invm does not like negative numbers ...
515  gcry_mpi_mod (d, d, elgamal_q);
516 
517  GNUNET_assert (gcry_mpi_cmp_ui (d, 0) > 0);
518 
519  // now we do the actual division, with everything mod q, as we
520  // are not operating on elements from <g>, but on exponents
521  GNUNET_assert (0 != gcry_mpi_invm (d, d, elgamal_q));
522 
523  gcry_mpi_mulm (coeff, n, d, elgamal_q);
524 
525  gcry_mpi_release (n);
526  gcry_mpi_release (d);
527  gcry_mpi_release (tmp);
528 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct LoggingHandle * l
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
Here is the caller graph for this function:

◆ decrypt_session_destroy()

static void decrypt_session_destroy ( struct DecryptSession ds)
static

Destroy a decrypt session, removing it from the linked list of decrypt sessions.

Parameters
dsdecrypt session to destroy

Definition at line 538 of file gnunet-service-secretsharing.c.

References DecryptSession::consensus, DecryptSession::cs, ClientState::decrypt_session, GNUNET_CONSENSUS_destroy(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_SECRETSHARING_share_destroy(), DecryptSession::info, GNUNET_SECRETSHARING_Share::num_peers, DecryptPeerInfo::partial_decryption, and DecryptSession::share.

Referenced by client_disconnect_cb().

539 {
541  "destroying decrypt session\n");
542  if (NULL != ds->cs)
543  {
544  ds->cs->decrypt_session = NULL;
545  ds->cs = NULL;
546  }
547  if (NULL != ds->consensus)
548  {
550  ds->consensus = NULL;
551  }
552 
553  if (NULL != ds->info)
554  {
555  for (unsigned int i = 0; i < ds->share->num_peers; i++)
556  {
557  if (NULL != ds->info[i].partial_decryption)
558  {
559  gcry_mpi_release (ds->info[i].partial_decryption);
560  ds->info[i].partial_decryption = NULL;
561  }
562  }
563  GNUNET_free (ds->info);
564  ds->info = NULL;
565  }
566  if (NULL != ds->share)
567  {
569  ds->share = NULL;
570  }
571 
572  GNUNET_free (ds);
573 }
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
void GNUNET_SECRETSHARING_share_destroy(struct GNUNET_SECRETSHARING_Share *share)
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
gcry_mpi_t partial_decryption
Set to the partial decryption of this peer, or NULL if we did not receive a partial decryption from t...
struct DecryptSession * decrypt_session
Decrypt session of the client, if any.
struct DecryptPeerInfo * info
State information about other peers.
struct ClientState * cs
Which client is this for?
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
#define GNUNET_log(kind,...)
uint16_t num_peers
Peers that have the share.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_info_destroy()

static void keygen_info_destroy ( struct KeygenPeerInfo info)
static

Definition at line 577 of file gnunet-service-secretsharing.c.

References KeygenPeerInfo::presecret_commitment, KeygenPeerInfo::preshare_commitment, and KeygenPeerInfo::sigma.

Referenced by keygen_session_destroy().

578 {
579  if (NULL != info->sigma)
580  {
581  gcry_mpi_release (info->sigma);
582  info->sigma = NULL;
583  }
584  if (NULL != info->presecret_commitment)
585  {
586  gcry_mpi_release (info->presecret_commitment);
587  info->presecret_commitment = NULL;
588  }
589  if (NULL != info->preshare_commitment)
590  {
591  gcry_mpi_release (info->preshare_commitment);
592  info->preshare_commitment = NULL;
593  }
594 }
gcry_mpi_t preshare_commitment
Commitment to the preshare that is intended for our peer.
gcry_mpi_t presecret_commitment
The peer&#39;s commitment to its presecret.
gcry_mpi_t sigma
Sigma (exponentiated share) for this peer.
Here is the caller graph for this function:

◆ keygen_session_destroy()

static void keygen_session_destroy ( struct KeygenSession ks)
static

Definition at line 598 of file gnunet-service-secretsharing.c.

References KeygenSession::consensus, KeygenSession::cs, GNUNET_assert, GNUNET_CONSENSUS_destroy(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, KeygenSession::info, keygen_info_destroy(), ClientState::keygen_session, KeygenSession::my_share, KeygenSession::num_peers, KeygenSession::peers, KeygenSession::presecret_polynomial, KeygenSession::public_key, and KeygenSession::threshold.

Referenced by client_disconnect_cb().

599 {
601  "destroying keygen session\n");
602 
603  if (NULL != ks->cs)
604  {
605  ks->cs->keygen_session = NULL;
606  ks->cs = NULL;
607  }
608  if (NULL != ks->info)
609  {
610  for (unsigned int i = 0; i < ks->num_peers; i++)
611  keygen_info_destroy (&ks->info[i]);
612  GNUNET_free (ks->info);
613  ks->info = NULL;
614  }
615 
616  if (NULL != ks->consensus)
617  {
619  ks->consensus = NULL;
620  }
621 
622  if (NULL != ks->presecret_polynomial)
623  {
624  for (unsigned int i = 0; i < ks->threshold; i++)
625  {
626  GNUNET_assert (NULL != ks->presecret_polynomial[i]);
627  gcry_mpi_release (ks->presecret_polynomial[i]);
628  ks->presecret_polynomial[i] = NULL;
629  }
631  ks->presecret_polynomial = NULL;
632  }
633  if (NULL != ks->my_share)
634  {
635  gcry_mpi_release (ks->my_share);
636  ks->my_share = NULL;
637  }
638  if (NULL != ks->public_key)
639  {
640  gcry_mpi_release (ks->public_key);
641  ks->public_key = NULL;
642  }
643  if (NULL != ks->peers)
644  {
645  GNUNET_free (ks->peers);
646  ks->peers = NULL;
647  }
648  GNUNET_free (ks);
649 }
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
static void keygen_info_destroy(struct KeygenPeerInfo *info)
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t my_share
Share of our peer.
unsigned int threshold
Minimum number of shares required to restore the secret.
gcry_mpi_t public_key
Public key, will be updated when a round2 element arrives.
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
unsigned int num_peers
Total number of peers.
struct KeygenSession * keygen_session
Keygen session of the client, if any.
struct KeygenPeerInfo * info
Information about all participating peers.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where &#39;preshares[0]&#39; is...
struct GNUNET_PeerIdentity * peers
List of all peers involved in the secret sharing session.
#define GNUNET_log(kind,...)
struct ClientState * cs
Which client is this for?
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cleanup_task()

static void cleanup_task ( void *  cls)
static

Task run during shutdown.

Parameters
clsunused
tcunused

Definition at line 659 of file gnunet-service-secretsharing.c.

Referenced by run().

660 {
661  /* Nothing to do! */
662 }
Here is the caller graph for this function:

◆ generate_presecret_polynomial()

static void generate_presecret_polynomial ( struct KeygenSession ks)
static

Generate the random coefficients of our pre-secret polynomial.

Parameters
ksthe session

Definition at line 671 of file gnunet-service-secretsharing.c.

References elgamal_q, GNUNET_assert, GNUNET_new_array, GNUNET_SECRETSHARING_ELGAMAL_BITS, KeygenSession::presecret_polynomial, and KeygenSession::threshold.

Referenced by handle_client_keygen().

672 {
673  int i;
674  gcry_mpi_t v;
675 
676  GNUNET_assert (NULL == ks->presecret_polynomial);
678  gcry_mpi_t);
679  for (i = 0; i < ks->threshold; i++)
680  {
681  v = ks->presecret_polynomial[i] = gcry_mpi_new (
683  GNUNET_assert (NULL != v);
684  // Randomize v such that 0 < v < elgamal_q.
685  // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
686  do
687  {
688  gcry_mpi_randomize (v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1,
689  GCRY_WEAK_RANDOM);
690  }
691  while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v, elgamal_q) >= 0));
692  }
693 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned int threshold
Minimum number of shares required to restore the secret.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where &#39;preshares[0]&#39; is...
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the caller graph for this function:

◆ keygen_round1_new_element()

static void keygen_round1_new_element ( void *  cls,
const struct GNUNET_SET_Element element 
)
static

Consensus element handler for round one.

We should get one ephemeral key for each peer.

Parameters
clsClosure (keygen session).
elementThe element from consensus, or NULL if consensus failed.

Definition at line 705 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_KeygenCommitData::commitment, GNUNET_SET_Element::data, get_keygen_peer_info(), GNUNET_CRYPTO_eddsa_verify(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_log, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, GNUNET_YES, KeygenPeerInfo::paillier_public_key, GNUNET_SECRETSHARING_KeygenCommitData::peer, KeygenPeerInfo::presecret_commitment, GNUNET_SECRETSHARING_KeygenCommitData::pubkey, GNUNET_PeerIdentity::public_key, GNUNET_SECRETSHARING_KeygenCommitData::purpose, KeygenPeerInfo::round1_valid, GNUNET_SECRETSHARING_KeygenCommitData::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, and GNUNET_SET_Element::size.

Referenced by handle_client_keygen().

707 {
709  struct KeygenSession *ks = cls;
710  struct KeygenPeerInfo *info;
711 
712  if (NULL == element)
713  {
714  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round1 consensus failed\n");
715  return;
716  }
717 
718  /* elements have fixed size */
719  if (element->size != sizeof(struct GNUNET_SECRETSHARING_KeygenCommitData))
720  {
722  "keygen commit data with wrong size (%u) in consensus, %u expected\n",
723  (unsigned int) element->size,
724  (unsigned int) sizeof(struct
726  return;
727  }
728 
729  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round1 element\n");
730 
731  d = element->data;
732  info = get_keygen_peer_info (ks, &d->peer);
733 
734  if (NULL == info)
735  {
737  "keygen commit data with wrong peer identity (%s) in consensus\n",
738  GNUNET_i2s (&d->peer));
739  return;
740  }
741 
742  /* Check that the right amount of data has been signed. */
743  if (d->purpose.size !=
744  htonl (element->size - offsetof (struct
746  purpose)))
747  {
749  "keygen commit data with wrong signature purpose size in consensus\n");
750  return;
751  }
752 
755  &d->purpose, &d->signature,
756  &d->peer.public_key))
757  {
759  "keygen commit data with invalid signature in consensus\n");
760  return;
761  }
762  info->paillier_public_key = d->pubkey;
764  512 / 8);
765  info->round1_valid = GNUNET_YES;
766 }
struct GNUNET_CRYPTO_EddsaSignature signature
Signature over the rest of the message.
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1
Signature for the first round of distributed key generation.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
int round1_valid
Did we successfully receive the round1 element of the peer?
static struct KeygenPeerInfo * get_keygen_peer_info(const struct KeygenSession *ks, const struct GNUNET_PeerIdentity *peer)
Get the peer info belonging to a peer identity in a keygen session.
struct GNUNET_CRYPTO_PaillierPublicKey pubkey
Ephemeral paillier public key used by &#39;peer&#39; for this session.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
const void * data
Actual data of the element.
int GNUNET_CRYPTO_eddsa_verify(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:1113
Session to establish a threshold-shared secret.
gcry_mpi_t presecret_commitment
The peer&#39;s commitment to its presecret.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
struct GNUNET_HashCode commitment
Commitment of &#39;peer&#39; to its presecret.
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Signature purpose for signing the keygen commit data.
Info about a peer in a key generation session.
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:77
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
Consensus element data used in the first round of key generation.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ horner_eval()

static void horner_eval ( gcry_mpi_t  z,
gcry_mpi_t *  coeff,
unsigned int  num_coeff,
gcry_mpi_t  x,
gcry_mpi_t  m 
)
static

Evaluate the polynomial with coefficients coeff at x.

The i-th element in coeff corresponds to the coefficient of x^i.

Parameters
[out]zresult of the evaluation
coeffarray of coefficients
num_coeffnumber of coefficients
xwhere to evaluate the polynomial
mwhat group are we operating in?

Definition at line 780 of file gnunet-service-secretsharing.c.

Referenced by insert_round2_element().

782 {
783  unsigned int i;
784 
785  gcry_mpi_set_ui (z, 0);
786  for (i = 0; i < num_coeff; i++)
787  {
788  // z <- zx + c
789  gcry_mpi_mul (z, z, x);
790  gcry_mpi_addm (z, z, coeff[num_coeff - i - 1], m);
791  }
792 }
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
Here is the caller graph for this function:

◆ keygen_round2_conclude()

static void keygen_round2_conclude ( void *  cls)
static

Definition at line 796 of file gnunet-service-secretsharing.c.

References KeygenSession::consensus, KeygenSession::cs, GNUNET_assert, GNUNET_CONSENSUS_destroy(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_memcmp, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_new, GNUNET_new_array, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SECRETSHARING_share_destroy(), GNUNET_SECRETSHARING_share_write(), GNUNET_YES, KeygenSession::info, KeygenSession::local_peer_idx, m, ClientState::mq, GNUNET_SECRETSHARING_Share::my_peer, my_peer, GNUNET_SECRETSHARING_Share::my_share, KeygenSession::my_share, KeygenSession::num_peers, GNUNET_SECRETSHARING_Share::num_peers, GNUNET_SECRETSHARING_Share::original_indices, KeygenPeerInfo::peer, GNUNET_SECRETSHARING_Share::peers, GNUNET_SECRETSHARING_Share::public_key, KeygenSession::public_key, KeygenPeerInfo::round2_valid, KeygenPeerInfo::sigma, and GNUNET_SECRETSHARING_Share::sigmas.

Referenced by keygen_round1_conclude().

797 {
798  struct KeygenSession *ks = cls;
800  struct GNUNET_MQ_Envelope *ev;
801  size_t share_size;
802  unsigned int i;
803  unsigned int j;
804  struct GNUNET_SECRETSHARING_Share *share;
805 
806  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "round2 conclude\n");
807 
809  ks->consensus = NULL;
810 
811  share = GNUNET_new (struct GNUNET_SECRETSHARING_Share);
812 
813  share->num_peers = 0;
814 
815  for (i = 0; i < ks->num_peers; i++)
816  if (GNUNET_YES == ks->info[i].round2_valid)
817  share->num_peers++;
818 
819  share->peers = GNUNET_new_array (share->num_peers,
820  struct GNUNET_PeerIdentity);
821  share->sigmas =
822  GNUNET_new_array (share->num_peers,
825  uint16_t);
826 
827  /* maybe we're not even in the list of peers? */
828  share->my_peer = share->num_peers;
829 
830  j = 0; /* running index of valid peers */
831  for (i = 0; i < ks->num_peers; i++)
832  {
833  if (GNUNET_YES == ks->info[i].round2_valid)
834  {
835  share->peers[j] = ks->info[i].peer;
838  ks->info[i].sigma);
839  share->original_indices[i] = j;
840  if (0 == GNUNET_memcmp (&share->peers[i], &my_peer))
841  share->my_peer = j;
842  j += 1;
843  }
844  }
845 
846  if (share->my_peer == share->num_peers)
847  {
848  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: peer identity not in share\n",
849  ks->local_peer_idx);
850  }
851 
854  ks->my_share);
857  ks->public_key);
858 
859  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "keygen completed with %u peers\n",
860  share->num_peers);
861 
862  /* Write the share. If 0 peers completed the dkg, an empty
863  * share will be sent. */
864 
866  &share_size));
867 
868  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "writing share of size %u\n",
869  (unsigned int) share_size);
870 
871  ev = GNUNET_MQ_msg_extra (m, share_size,
873 
875  share_size,
876  NULL));
877 
879  share = NULL;
880 
881  GNUNET_MQ_send (ks->cs->mq,
882  ev);
883 }
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
struct GNUNET_SECRETSHARING_FieldElement my_share
Share of &#39;my_peer&#39;.
struct GNUNET_MQ_Handle * mq
MQ to talk to client.
void GNUNET_SECRETSHARING_share_destroy(struct GNUNET_SECRETSHARING_Share *share)
struct GNUNET_PeerIdentity * peers
Peer identities (includes &#39;my_peer&#39;)
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
A share, with all values in in host byte order.
gcry_mpi_t my_share
Share of our peer.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_new(type)
Allocate a struct or union of the given type.
int round2_valid
Did we successfully receive the round2 element of the peer?
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
gcry_mpi_t public_key
Public key, will be updated when a round2 element arrives.
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct...
Definition: gnunet_mq_lib.h:52
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
Session to establish a threshold-shared secret.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
int GNUNET_SECRETSHARING_share_write(const struct GNUNET_SECRETSHARING_Share *share, void *buf, size_t buflen, size_t *writelen)
Convert a share to its binary representation.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
unsigned int num_peers
Total number of peers.
struct KeygenPeerInfo * info
Information about all participating peers.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
The identity of the host (wraps the signing key of the peer).
struct GNUNET_SECRETSHARING_FieldElement * sigmas
uint16_t my_peer
Index of our peer in the list.
#define GNUNET_log(kind,...)
struct GNUNET_PeerIdentity peer
Peer identity of the peer.
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY
The cryptosystem has been established.
#define GNUNET_YES
Definition: gnunet_common.h:77
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:353
gcry_mpi_t sigma
Sigma (exponentiated share) for this peer.
uint16_t num_peers
Peers that have the share.
struct GNUNET_SECRETSHARING_PublicKey public_key
Public key.
struct ClientState * cs
Which client is this for?
Notify the client that then threshold secret has been established.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ restore_fair()

static void restore_fair ( const struct GNUNET_CRYPTO_PaillierPublicKey ppub,
const struct GNUNET_SECRETSHARING_FairEncryption fe,
gcry_mpi_t  x,
gcry_mpi_t  xres 
)
static

Definition at line 887 of file gnunet-service-secretsharing.c.

References elgamal_q, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), and t.

Referenced by keygen_round2_new_element().

890 {
891  gcry_mpi_t a_1;
892  gcry_mpi_t a_2;
893  gcry_mpi_t b_1;
894  gcry_mpi_t b_2;
895  gcry_mpi_t big_a;
896  gcry_mpi_t big_b;
897  gcry_mpi_t big_t;
898  gcry_mpi_t n;
899  gcry_mpi_t t_1;
900  gcry_mpi_t t_2;
901  gcry_mpi_t t;
902  gcry_mpi_t r;
903  gcry_mpi_t v;
904 
905 
906  GNUNET_assert (NULL != (n = gcry_mpi_new (0)));
907  GNUNET_assert (NULL != (t = gcry_mpi_new (0)));
908  GNUNET_assert (NULL != (t_1 = gcry_mpi_new (0)));
909  GNUNET_assert (NULL != (t_2 = gcry_mpi_new (0)));
910  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
911  GNUNET_assert (NULL != (big_t = gcry_mpi_new (0)));
912  GNUNET_assert (NULL != (v = gcry_mpi_new (0)));
913  GNUNET_assert (NULL != (big_a = gcry_mpi_new (0)));
914  GNUNET_assert (NULL != (big_b = gcry_mpi_new (0)));
915 
916  // a = (N,0)^T
918  ppub,
919  sizeof(struct
921  GNUNET_assert (NULL != (a_2 = gcry_mpi_new (0)));
922  gcry_mpi_set_ui (a_2, 0);
923  // b = (x,1)^T
924  GNUNET_assert (NULL != (b_1 = gcry_mpi_new (0)));
925  gcry_mpi_set (b_1, x);
926  GNUNET_assert (NULL != (b_2 = gcry_mpi_new (0)));
927  gcry_mpi_set_ui (b_2, 1);
928 
929  // A = a DOT a
930  gcry_mpi_mul (t, a_1, a_1);
931  gcry_mpi_mul (big_a, a_2, a_2);
932  gcry_mpi_add (big_a, big_a, t);
933 
934  // B = b DOT b
935  gcry_mpi_mul (t, b_1, b_1);
936  gcry_mpi_mul (big_b, b_2, b_2);
937  gcry_mpi_add (big_b, big_b, t);
938 
939  while (1)
940  {
941  // n = a DOT b
942  gcry_mpi_mul (t, a_1, b_1);
943  gcry_mpi_mul (n, a_2, b_2);
944  gcry_mpi_add (n, n, t);
945 
946  // r = nearest(n/B)
947  gcry_mpi_div (r, NULL, n, big_b, 0);
948 
949  // T := A - 2rn + rrB
950  gcry_mpi_mul (v, r, n);
951  gcry_mpi_mul_ui (v, v, 2);
952  gcry_mpi_sub (big_t, big_a, v);
953  gcry_mpi_mul (v, r, r);
954  gcry_mpi_mul (v, v, big_b);
955  gcry_mpi_add (big_t, big_t, v);
956 
957  if (gcry_mpi_cmp (big_t, big_b) >= 0)
958  {
959  break;
960  }
961 
962  // t = a - rb
963  gcry_mpi_mul (v, r, b_1);
964  gcry_mpi_sub (t_1, a_1, v);
965  gcry_mpi_mul (v, r, b_2);
966  gcry_mpi_sub (t_2, a_2, v);
967 
968  // a = b
969  gcry_mpi_set (a_1, b_1);
970  gcry_mpi_set (a_2, b_2);
971  // b = t
972  gcry_mpi_set (b_1, t_1);
973  gcry_mpi_set (b_2, t_2);
974 
975  gcry_mpi_set (big_a, big_b);
976  gcry_mpi_set (big_b, big_t);
977  }
978 
979  gcry_mpi_set (xres, b_2);
980  gcry_mpi_invm (xres, xres, elgamal_q);
981  gcry_mpi_mulm (xres, xres, b_1, elgamal_q);
982 
983  gcry_mpi_release (a_1);
984  gcry_mpi_release (a_2);
985  gcry_mpi_release (b_1);
986  gcry_mpi_release (b_2);
987  gcry_mpi_release (big_a);
988  gcry_mpi_release (big_b);
989  gcry_mpi_release (big_t);
990  gcry_mpi_release (n);
991  gcry_mpi_release (t_1);
992  gcry_mpi_release (t_2);
993  gcry_mpi_release (t);
994  gcry_mpi_release (r);
995  gcry_mpi_release (v);
996 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_SCHEDULER_Task * t
Main task.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_fair_encryption_challenge()

static void get_fair_encryption_challenge ( const struct GNUNET_SECRETSHARING_FairEncryption fe,
gcry_mpi_t *  e 
)
static

Definition at line 1000 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_FairEncryption::c, elgamal_q, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_memcpy, GNUNET_SECRETSHARING_ELGAMAL_BITS, h, GNUNET_SECRETSHARING_FairEncryption::h, GNUNET_SECRETSHARING_FairEncryption::t1, and GNUNET_SECRETSHARING_FairEncryption::t2.

Referenced by encrypt_fair(), and verify_fair().

1003 {
1004  struct
1005  {
1008  char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
1009  char t2[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
1010  } hash_data;
1011  struct GNUNET_HashCode e_hash;
1012 
1013  memset (&hash_data,
1014  0,
1015  sizeof(hash_data));
1016  GNUNET_memcpy (&hash_data.c, &fe->c, sizeof(struct
1018  GNUNET_memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1019  GNUNET_memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
1020  GNUNET_memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
1021  GNUNET_CRYPTO_hash (&hash_data,
1022  sizeof(hash_data),
1023  &e_hash);
1024  /* This allocates "e" */
1026  &e_hash,
1027  sizeof(struct GNUNET_HashCode));
1028  gcry_mpi_mod (*e, *e, elgamal_q);
1029 }
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypte secret.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
static struct Experiment * e
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
A 512-bit hashcode.
char t2[GNUNET_CRYPTO_PAILLIER_BITS *2/8]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
struct GNUNET_CRYPTO_PaillierCiphertext c
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ verify_fair()

static int verify_fair ( const struct GNUNET_CRYPTO_PaillierPublicKey ppub,
const struct GNUNET_SECRETSHARING_FairEncryption fe 
)
static

Definition at line 1033 of file gnunet-service-secretsharing.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_SECRETSHARING_FairEncryption::c, cleanup(), e, elgamal_g, elgamal_p, get_fair_encryption_challenge(), GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_NO, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_YES, GNUNET_SECRETSHARING_FairEncryption::h, res, GNUNET_SECRETSHARING_FairEncryption::t1, GNUNET_SECRETSHARING_FairEncryption::t2, GNUNET_SECRETSHARING_FairEncryption::w, and GNUNET_SECRETSHARING_FairEncryption::z.

Referenced by keygen_round2_new_element().

1035 {
1036  gcry_mpi_t n;
1037  gcry_mpi_t n_sq;
1038  gcry_mpi_t z;
1039  gcry_mpi_t t1;
1040  gcry_mpi_t t2;
1041  gcry_mpi_t e;
1042  gcry_mpi_t w;
1043  gcry_mpi_t tmp1;
1044  gcry_mpi_t tmp2;
1045  gcry_mpi_t y;
1046  gcry_mpi_t big_y;
1047  int res;
1048 
1049  GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
1050  GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
1051  GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
1052 
1054  &e /* this allocates e */);
1055 
1057  ppub,
1058  sizeof(struct
1061  / 8);
1067  GNUNET_CRYPTO_mpi_scan_unsigned (&big_y, fe->c.bits,
1068  GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
1070  * 2 / 8);
1071  gcry_mpi_mul (n_sq, n, n);
1072 
1073  // tmp1 = g^z
1074  gcry_mpi_powm (tmp1, elgamal_g, z, elgamal_p);
1075  // tmp2 = y^{-e}
1076  gcry_mpi_powm (tmp1, y, e, elgamal_p);
1077  gcry_mpi_invm (tmp1, tmp1, elgamal_p);
1078  // tmp1 = tmp1 * tmp2
1079  gcry_mpi_mulm (tmp1, tmp1, tmp2, elgamal_p);
1080 
1081  if (0 == gcry_mpi_cmp (t1, tmp1))
1082  {
1083  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n");
1084  res = GNUNET_NO;
1085  goto cleanup;
1086  }
1087 
1088  gcry_mpi_powm (big_y, big_y, e, n_sq);
1089  gcry_mpi_invm (big_y, big_y, n_sq);
1090 
1091  gcry_mpi_add_ui (tmp1, n, 1);
1092  gcry_mpi_powm (tmp1, tmp1, z, n_sq);
1093 
1094  gcry_mpi_powm (tmp2, w, n, n_sq);
1095 
1096  gcry_mpi_mulm (tmp1, tmp1, tmp2, n_sq);
1097  gcry_mpi_mulm (tmp1, tmp1, big_y, n_sq);
1098 
1099 
1100  if (0 == gcry_mpi_cmp (t2, tmp1))
1101  {
1102  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n");
1103  res = GNUNET_NO;
1104  goto cleanup;
1105  }
1106 
1107  res = GNUNET_YES;
1108 
1109 cleanup:
1110 
1111  gcry_mpi_release (n);
1112  gcry_mpi_release (n_sq);
1113  gcry_mpi_release (z);
1114  gcry_mpi_release (t1);
1115  gcry_mpi_release (t2);
1116  gcry_mpi_release (e);
1117  gcry_mpi_release (w);
1118  gcry_mpi_release (tmp1);
1119  gcry_mpi_release (tmp2);
1120  gcry_mpi_release (y);
1121  gcry_mpi_release (big_y);
1122  return res;
1123 }
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypte secret.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct Experiment * e
#define GNUNET_NO
Definition: gnunet_common.h:78
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
static void get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t *e)
unsigned char bits[2048 *2/8]
The bits of the ciphertext.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static void cleanup(void *cls)
Function scheduled as very last function, cleans up after us.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
char t2[GNUNET_CRYPTO_PAILLIER_BITS *2/8]
static int res
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
char z[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:77
char w[GNUNET_CRYPTO_PAILLIER_BITS/8]
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
struct GNUNET_CRYPTO_PaillierCiphertext c
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ encrypt_fair()

static void encrypt_fair ( gcry_mpi_t  v,
const struct GNUNET_CRYPTO_PaillierPublicKey ppub,
struct GNUNET_SECRETSHARING_FairEncryption fe 
)
static

Create a fair Paillier encryption of then given ciphertext.

Parameters
vthe ciphertext
[out]fethe fair encryption

Definition at line 1133 of file gnunet-service-secretsharing.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_SECRETSHARING_FairEncryption::c, e, elgamal_g, elgamal_p, elgamal_q, get_fair_encryption_challenge(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_SECRETSHARING_ELGAMAL_BITS, h, GNUNET_SECRETSHARING_FairEncryption::h, GNUNET_SECRETSHARING_FairEncryption::t1, GNUNET_SECRETSHARING_FairEncryption::t2, GNUNET_SECRETSHARING_FairEncryption::w, and GNUNET_SECRETSHARING_FairEncryption::z.

Referenced by insert_round2_element().

1136 {
1137  gcry_mpi_t r;
1138  gcry_mpi_t s;
1139  gcry_mpi_t t1;
1140  gcry_mpi_t t2;
1141  gcry_mpi_t z;
1142  gcry_mpi_t w;
1143  gcry_mpi_t n;
1144  gcry_mpi_t e;
1145  gcry_mpi_t n_sq;
1146  gcry_mpi_t u;
1147  gcry_mpi_t Y;
1148  gcry_mpi_t G;
1149  gcry_mpi_t h;
1150 
1151  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
1152  GNUNET_assert (NULL != (s = gcry_mpi_new (0)));
1153  GNUNET_assert (NULL != (t1 = gcry_mpi_new (0)));
1154  GNUNET_assert (NULL != (t2 = gcry_mpi_new (0)));
1155  GNUNET_assert (NULL != (z = gcry_mpi_new (0)));
1156  GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
1157  GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
1158  GNUNET_assert (NULL != (u = gcry_mpi_new (0)));
1159  GNUNET_assert (NULL != (Y = gcry_mpi_new (0)));
1160  GNUNET_assert (NULL != (G = gcry_mpi_new (0)));
1161  GNUNET_assert (NULL != (h = gcry_mpi_new (0)));
1162 
1164  ppub,
1165  sizeof(struct
1167  gcry_mpi_mul (n_sq, n, n);
1168  gcry_mpi_add_ui (G, n, 1);
1169 
1170  do
1171  {
1172  gcry_mpi_randomize (u, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1173  }
1174  while (gcry_mpi_cmp (u, n) >= 0);
1175 
1176  gcry_mpi_powm (t1, G, v, n_sq);
1177  gcry_mpi_powm (t2, u, n, n_sq);
1178  gcry_mpi_mulm (Y, t1, t2, n_sq);
1179 
1181  sizeof fe->c.bits,
1182  Y);
1183 
1184 
1185  gcry_mpi_randomize (r, 2048, GCRY_WEAK_RANDOM);
1186  do
1187  {
1188  gcry_mpi_randomize (s, GNUNET_CRYPTO_PAILLIER_BITS, GCRY_WEAK_RANDOM);
1189  }
1190  while (gcry_mpi_cmp (s, n) >= 0);
1191 
1192  // compute t1
1193  gcry_mpi_mulm (t1, elgamal_g, r, elgamal_p);
1194  // compute t2 (use z and w as temp)
1195  gcry_mpi_powm (z, G, r, n_sq);
1196  gcry_mpi_powm (w, s, n, n_sq);
1197  gcry_mpi_mulm (t2, z, w, n_sq);
1198 
1199 
1200  gcry_mpi_powm (h, elgamal_g, v, elgamal_p);
1201 
1204  h);
1205 
1208  t1);
1209 
1212  t2);
1213 
1215  &e /* This allocates "e" */);
1216 
1217  // compute z
1218  gcry_mpi_mul (z, e, v);
1219  gcry_mpi_addm (z, z, r, elgamal_q);
1220  // compute w
1221  gcry_mpi_powm (w, u, e, n);
1222  gcry_mpi_mulm (w, w, s, n);
1223 
1226  z);
1227 
1230  w);
1231 
1232  gcry_mpi_release (n);
1233  gcry_mpi_release (r);
1234  gcry_mpi_release (s);
1235  gcry_mpi_release (t1);
1236  gcry_mpi_release (t2);
1237  gcry_mpi_release (z);
1238  gcry_mpi_release (w);
1239  gcry_mpi_release (e);
1240  gcry_mpi_release (n_sq);
1241  gcry_mpi_release (u);
1242  gcry_mpi_release (Y);
1243  gcry_mpi_release (G);
1244  gcry_mpi_release (h);
1245 }
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypte secret.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct Experiment * e
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static void get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t *e)
unsigned char bits[2048 *2/8]
The bits of the ciphertext.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
char t2[GNUNET_CRYPTO_PAILLIER_BITS *2/8]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
char z[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
char w[GNUNET_CRYPTO_PAILLIER_BITS/8]
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
struct GNUNET_CRYPTO_PaillierCiphertext c
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ insert_round2_element()

static void insert_round2_element ( struct KeygenSession ks)
static

Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coefficients A_{i,l}=g^{a_{i,l}} (2) The exponentiated pre-shares y_{i,j}=g^{s_{i,j}} (3) The encrypted pre-shares Y_{i,j} (4) The zero knowledge proof for fairness of the encryption.

Parameters
kssession to use

Definition at line 1259 of file gnunet-service-secretsharing.c.

References KeygenSession::consensus, GNUNET_SET_Element::data, element_size, elgamal_g, elgamal_p, elgamal_q, encrypt_fair(), GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, GNUNET_YES, horner_eval(), KeygenSession::info, KeygenSession::local_peer_idx, my_peer, KeygenSession::num_peers, KeygenPeerInfo::paillier_public_key, GNUNET_SECRETSHARING_KeygenRevealData::peer, KeygenSession::presecret_polynomial, GNUNET_SECRETSHARING_KeygenRevealData::purpose, GNUNET_CRYPTO_EccSignaturePurpose::purpose, KeygenPeerInfo::round1_valid, GNUNET_SECRETSHARING_KeygenRevealData::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, GNUNET_SET_Element::size, and KeygenSession::threshold.

Referenced by keygen_round1_conclude().

1260 {
1261  struct GNUNET_SET_Element *element;
1263  unsigned char *pos;
1264  unsigned char *last_pos;
1265  size_t element_size;
1266  unsigned int i;
1267  gcry_mpi_t idx;
1268  gcry_mpi_t v;
1269 
1270  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting round2 element\n",
1271  ks->local_peer_idx);
1272 
1273  GNUNET_assert (NULL != (v = gcry_mpi_new (
1275  GNUNET_assert (NULL != (idx = gcry_mpi_new (
1277 
1278  element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData)
1279  + sizeof(struct GNUNET_SECRETSHARING_FairEncryption)
1280  * ks->num_peers
1282 
1283  element = GNUNET_malloc (sizeof(struct GNUNET_SET_Element) + element_size);
1284  element->size = element_size;
1285  element->data = (void *) &element[1];
1286 
1287  d = (void *) element->data;
1288  d->peer = my_peer;
1289 
1290  // start inserting vector elements
1291  // after the fixed part of the element's data
1292  pos = (void *) &d[1];
1293  last_pos = pos + element_size;
1294 
1295  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp preshares\n",
1296  ks->local_peer_idx);
1297 
1298  // encrypted pre-shares
1299  // and fair encryption proof
1300  {
1301  for (i = 0; i < ks->num_peers; i++)
1302  {
1303  ptrdiff_t remaining = last_pos - pos;
1304  struct GNUNET_SECRETSHARING_FairEncryption *fe = (void *) pos;
1305 
1306  GNUNET_assert (remaining > 0);
1307  memset (fe, 0, sizeof *fe);
1308  if (GNUNET_YES == ks->info[i].round1_valid)
1309  {
1310  gcry_mpi_set_ui (idx, i + 1);
1311  // evaluate the polynomial
1312  horner_eval (v, ks->presecret_polynomial, ks->threshold, idx,
1313  elgamal_q);
1314  // encrypt the result
1315  encrypt_fair (v, &ks->info[i].paillier_public_key, fe);
1316  }
1317  pos += sizeof *fe;
1318  }
1319  }
1320 
1321  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed enc preshares\n",
1322  ks->local_peer_idx);
1323 
1324  // exponentiated coefficients
1325  for (i = 0; i < ks->threshold; i++)
1326  {
1327  ptrdiff_t remaining = last_pos - pos;
1328  GNUNET_assert (remaining > 0);
1329  gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[i], elgamal_p);
1331  / 8, v);
1333  }
1334 
1335  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: computed exp coefficients\n",
1336  ks->local_peer_idx);
1337 
1338 
1339  d->purpose.size = htonl (element_size - offsetof (struct
1341  purpose));
1345  &d->purpose,
1346  &d->signature));
1347 
1348  GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
1349  GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */
1350 
1351  gcry_mpi_release (v);
1352  gcry_mpi_release (idx);
1353 }
static unsigned int element_size
int round1_valid
Did we successfully receive the round1 element of the peer?
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Element stored in a set.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CRYPTO_EddsaSignature signature
Signature over rest of the message.
int GNUNET_CRYPTO_eddsa_sign(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:986
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
unsigned int threshold
Minimum number of shares required to restore the secret.
void GNUNET_CONSENSUS_insert(struct GNUNET_CONSENSUS_Handle *consensus, const struct GNUNET_SET_Element *element, GNUNET_CONSENSUS_InsertDoneCallback idc, void *idc_cls)
Insert an element in the set being reconsiled.
const void * data
Actual data of the element.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
unsigned int num_peers
Total number of peers.
static void encrypt_fair(gcry_mpi_t v, const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, struct GNUNET_SECRETSHARING_FairEncryption *fe)
Create a fair Paillier encryption of then given ciphertext.
struct KeygenPeerInfo * info
Information about all participating peers.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where &#39;preshares[0]&#39; is...
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:77
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2
Signature for the second round of distributed key generation.
static void horner_eval(gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m)
Evaluate the polynomial with coefficients coeff at x.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_reveal_get_exp_coeff()

static gcry_mpi_t keygen_reveal_get_exp_coeff ( struct KeygenSession ks,
const struct GNUNET_SECRETSHARING_KeygenRevealData d,
unsigned int  idx 
)
static

Definition at line 1357 of file gnunet-service-secretsharing.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SECRETSHARING_ELGAMAL_BITS, KeygenSession::num_peers, and threshold.

Referenced by keygen_round2_new_element().

1361 {
1362  unsigned char *pos;
1363  gcry_mpi_t exp_coeff;
1364 
1365  GNUNET_assert (idx < ks->threshold);
1366 
1367  pos = (void *) &d[1];
1368  // skip encrypted pre-shares
1369  pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * ks->num_peers;
1370  // skip exp. coeffs we are not interested in
1371  pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx;
1372  // the first exponentiated coefficient is the public key share
1373  GNUNET_CRYPTO_mpi_scan_unsigned (&exp_coeff, pos,
1375  return exp_coeff;
1376 }
static unsigned int threshold
What should the threshold for then key be?
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
unsigned int num_peers
Total number of peers.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_reveal_get_enc_preshare()

static struct GNUNET_SECRETSHARING_FairEncryption* keygen_reveal_get_enc_preshare ( struct KeygenSession ks,
const struct GNUNET_SECRETSHARING_KeygenRevealData d,
unsigned int  idx 
)
static

Definition at line 1380 of file gnunet-service-secretsharing.c.

References GNUNET_assert, and num_peers.

Referenced by keygen_reveal_get_exp_preshare(), and keygen_round2_new_element().

1384 {
1385  unsigned char *pos;
1386 
1387  GNUNET_assert (idx < ks->num_peers);
1388 
1389  pos = (void *) &d[1];
1390  // skip encrypted pre-shares we're not interested in
1391  pos += sizeof(struct GNUNET_SECRETSHARING_FairEncryption) * idx;
1392  return (struct GNUNET_SECRETSHARING_FairEncryption *) pos;
1393 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static unsigned int num_peers
Here is the caller graph for this function:

◆ keygen_reveal_get_exp_preshare()

static gcry_mpi_t keygen_reveal_get_exp_preshare ( struct KeygenSession ks,
const struct GNUNET_SECRETSHARING_KeygenRevealData d,
unsigned int  idx 
)
static

Definition at line 1397 of file gnunet-service-secretsharing.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SECRETSHARING_FairEncryption::h, keygen_reveal_get_enc_preshare(), and num_peers.

Referenced by keygen_round2_new_element().

1401 {
1402  gcry_mpi_t exp_preshare;
1404 
1405  GNUNET_assert (idx < ks->num_peers);
1406  fe = keygen_reveal_get_enc_preshare (ks, d, idx);
1407  GNUNET_CRYPTO_mpi_scan_unsigned (&exp_preshare, fe->h,
1409  return exp_preshare;
1410 }
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypte secret.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
static struct GNUNET_SECRETSHARING_FairEncryption * keygen_reveal_get_enc_preshare(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
static unsigned int num_peers
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_round2_new_element()

static void keygen_round2_new_element ( void *  cls,
const struct GNUNET_SET_Element element 
)
static

Definition at line 1414 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_FairEncryption::c, GNUNET_SET_Element::data, elgamal_g, elgamal_p, elgamal_q, get_keygen_peer_info(), GNUNET_assert, GNUNET_CRYPTO_eddsa_verify(), GNUNET_CRYPTO_paillier_decrypt(), GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, GNUNET_YES, KeygenSession::info, keygen_reveal_get_enc_preshare(), keygen_reveal_get_exp_coeff(), keygen_reveal_get_exp_preshare(), KeygenSession::local_peer_idx, KeygenSession::my_share, KeygenSession::num_peers, KeygenSession::paillier_private_key, KeygenPeerInfo::paillier_public_key, GNUNET_SECRETSHARING_KeygenRevealData::peer, KeygenPeerInfo::preshare_commitment, KeygenSession::public_key, GNUNET_PeerIdentity::public_key, GNUNET_SECRETSHARING_KeygenRevealData::purpose, restore_fair(), KeygenPeerInfo::round1_valid, KeygenPeerInfo::round2_valid, KeygenPeerInfo::sigma, GNUNET_SECRETSHARING_KeygenRevealData::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, GNUNET_SET_Element::size, KeygenSession::threshold, and verify_fair().

Referenced by keygen_round1_conclude().

1416 {
1417  struct KeygenSession *ks = cls;
1418  const struct GNUNET_SECRETSHARING_KeygenRevealData *d;
1419  struct KeygenPeerInfo *info;
1420  size_t expected_element_size;
1421  unsigned int j;
1422  int cmp_result;
1423  gcry_mpi_t tmp;
1424  gcry_mpi_t public_key_share;
1425  gcry_mpi_t preshare;
1426 
1427  if (NULL == element)
1428  {
1429  GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "round2 consensus failed\n");
1430  return;
1431  }
1432 
1433  expected_element_size = (sizeof(struct GNUNET_SECRETSHARING_KeygenRevealData)
1434  + sizeof(struct
1436  * ks->num_peers
1438  * ks->threshold);
1439 
1440  if (element->size != expected_element_size)
1441  {
1443  "keygen round2 data with wrong size (%u) in consensus, %u expected\n",
1444  (unsigned int) element->size,
1445  (unsigned int) expected_element_size);
1446  return;
1447  }
1448 
1449  d = (const void *) element->data;
1450 
1451  info = get_keygen_peer_info (ks, &d->peer);
1452 
1453  if (NULL == info)
1454  {
1456  "keygen commit data with wrong peer identity (%s) in consensus\n",
1457  GNUNET_i2s (&d->peer));
1458  return;
1459  }
1460 
1461  if (GNUNET_NO == info->round1_valid)
1462  {
1464  "ignoring round2 element from peer with invalid round1 element (%s)\n",
1465  GNUNET_i2s (&d->peer));
1466  return;
1467  }
1468 
1469  if (GNUNET_YES == info->round2_valid)
1470  {
1472  "ignoring duplicate round2 element (%s)\n",
1473  GNUNET_i2s (&d->peer));
1474  return;
1475  }
1476 
1477  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "got round2 element\n");
1478 
1479  if (ntohl (d->purpose.size) !=
1480  element->size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData,
1481  purpose))
1482  {
1484  "keygen reveal data with wrong signature purpose size in consensus\n");
1485  return;
1486  }
1487 
1490  &d->purpose, &d->signature,
1491  &d->peer.public_key))
1492  {
1494  "keygen reveal data with invalid signature in consensus\n");
1495  return;
1496  }
1497 
1498  public_key_share = keygen_reveal_get_exp_coeff (ks, d, 0);
1500  ks->local_peer_idx);
1501 
1502  if (NULL == ks->public_key)
1503  {
1504  GNUNET_assert (NULL != (ks->public_key = gcry_mpi_new (0)));
1505  gcry_mpi_set_ui (ks->public_key, 1);
1506  }
1507  gcry_mpi_mulm (ks->public_key, ks->public_key, public_key_share, elgamal_p);
1508 
1509  gcry_mpi_release (public_key_share);
1510  public_key_share = NULL;
1511 
1512  {
1515  GNUNET_assert (NULL != (preshare = gcry_mpi_new (0)));
1517  &ks->info[ks->local_peer_idx].
1518  paillier_public_key,
1519  &fe->c,
1520  preshare);
1521 
1522  // FIXME: not doing the restoration is less expensive
1524  fe,
1525  preshare,
1526  preshare);
1527  }
1528 
1529  GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
1530  gcry_mpi_powm (tmp, elgamal_g, preshare, elgamal_p);
1531 
1532  cmp_result = gcry_mpi_cmp (tmp, info->preshare_commitment);
1533  gcry_mpi_release (tmp);
1534  tmp = NULL;
1535  if (0 != cmp_result)
1536  {
1538  "P%u: Got invalid presecret from P%u\n",
1539  (unsigned int) ks->local_peer_idx, (unsigned int) (info
1540  - ks->info));
1541  return;
1542  }
1543 
1544  if (NULL == ks->my_share)
1545  {
1546  GNUNET_assert (NULL != (ks->my_share = gcry_mpi_new (0)));
1547  }
1548  gcry_mpi_addm (ks->my_share, ks->my_share, preshare, elgamal_q);
1549 
1550  for (j = 0; j < ks->num_peers; j++)
1551  {
1552  gcry_mpi_t presigma;
1553  if (NULL == ks->info[j].sigma)
1554  {
1555  GNUNET_assert (NULL != (ks->info[j].sigma = gcry_mpi_new (0)));
1556  gcry_mpi_set_ui (ks->info[j].sigma, 1);
1557  }
1558  presigma = keygen_reveal_get_exp_preshare (ks, d, j);
1559  gcry_mpi_mulm (ks->info[j].sigma, ks->info[j].sigma, presigma, elgamal_p);
1560  gcry_mpi_release (presigma);
1561  }
1562 
1563  gcry_mpi_t prod;
1564  GNUNET_assert (NULL != (prod = gcry_mpi_new (0)));
1565  gcry_mpi_t j_to_k;
1566  GNUNET_assert (NULL != (j_to_k = gcry_mpi_new (0)));
1567  // validate that the polynomial sharing matches the additive sharing
1568  for (j = 0; j < ks->num_peers; j++)
1569  {
1570  unsigned int k;
1571  int cmp_result;
1572  gcry_mpi_t exp_preshare;
1573  gcry_mpi_set_ui (prod, 1);
1574  for (k = 0; k < ks->threshold; k++)
1575  {
1576  // Using pow(double,double) is a bit sketchy.
1577  // We count players from 1, but shares from 0.
1578  gcry_mpi_t tmp;
1579  gcry_mpi_set_ui (j_to_k, (unsigned int) pow (j + 1, k));
1580  tmp = keygen_reveal_get_exp_coeff (ks, d, k);
1581  gcry_mpi_powm (tmp, tmp, j_to_k, elgamal_p);
1582  gcry_mpi_mulm (prod, prod, tmp, elgamal_p);
1583  gcry_mpi_release (tmp);
1584  }
1585  exp_preshare = keygen_reveal_get_exp_preshare (ks, d, j);
1586  gcry_mpi_mod (exp_preshare, exp_preshare, elgamal_p);
1587  cmp_result = gcry_mpi_cmp (prod, exp_preshare);
1588  gcry_mpi_release (exp_preshare);
1589  exp_preshare = NULL;
1590  if (0 != cmp_result)
1591  {
1593  "P%u: reveal data from P%u incorrect\n",
1594  ks->local_peer_idx, j);
1595  /* no need for further verification, round2 stays invalid ... */
1596  return;
1597  }
1598  }
1599 
1600  // TODO: verify proof of fair encryption (once implemented)
1601  for (j = 0; j < ks->num_peers; j++)
1602  {
1604  keygen_reveal_get_enc_preshare (ks, d, j);
1605  if (GNUNET_YES != verify_fair (&ks->info[j].paillier_public_key, fe))
1606  {
1608  "P%u: reveal data from P%u incorrect (fair encryption)\n",
1609  ks->local_peer_idx, j);
1610  return;
1611  }
1612  }
1613 
1614  info->round2_valid = GNUNET_YES;
1615 
1616  gcry_mpi_release (preshare);
1617  gcry_mpi_release (prod);
1618  gcry_mpi_release (j_to_k);
1619 }
static gcry_mpi_t keygen_reveal_get_exp_preshare(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
gcry_mpi_t preshare_commitment
Commitment to the preshare that is intended for our peer.
int round1_valid
Did we successfully receive the round1 element of the peer?
static struct KeygenPeerInfo * get_keygen_peer_info(const struct KeygenSession *ks, const struct GNUNET_PeerIdentity *peer)
Get the peer info belonging to a peer identity in a keygen session.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CRYPTO_EddsaSignature signature
Signature over rest of the message.
static gcry_mpi_t keygen_reveal_get_exp_coeff(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
gcry_mpi_t my_share
Share of our peer.
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
unsigned int threshold
Minimum number of shares required to restore the secret.
const void * data
Actual data of the element.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
int round2_valid
Did we successfully receive the round2 element of the peer?
gcry_mpi_t public_key
Public key, will be updated when a round2 element arrives.
int GNUNET_CRYPTO_eddsa_verify(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:1113
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static int verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe)
Session to establish a threshold-shared secret.
void GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, gcry_mpi_t m)
Decrypt a paillier ciphertext with a private key.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
static void restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t x, gcry_mpi_t xres)
unsigned int num_peers
Total number of peers.
struct GNUNET_CRYPTO_PaillierPrivateKey paillier_private_key
Paillier private key of our peer.
static struct GNUNET_SECRETSHARING_FairEncryption * keygen_reveal_get_enc_preshare(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
struct KeygenPeerInfo * info
Information about all participating peers.
Info about a peer in a key generation session.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_log(kind,...)
#define GNUNET_YES
Definition: gnunet_common.h:77
gcry_mpi_t sigma
Sigma (exponentiated share) for this peer.
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2
Signature for the second round of distributed key generation.
struct GNUNET_CRYPTO_PaillierCiphertext c
struct GNUNET_CRYPTO_EddsaPublicKey public_key
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ keygen_round1_conclude()

static void keygen_round1_conclude ( void *  cls)
static

Called when the first consensus round has concluded.

Will initiate the second round.

Parameters
clsclosure

Definition at line 1629 of file gnunet-service-secretsharing.c.

References KeygenSession::consensus, KeygenSession::deadline, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CONSENSUS_destroy(), insert_round2_element(), keygen_round2_conclude(), keygen_round2_new_element(), KeygenSession::num_peers, KeygenSession::peers, KeygenSession::session_id, KeygenSession::start_time, and time_between().

Referenced by handle_client_keygen().

1630 {
1631  struct KeygenSession *ks = cls;
1632 
1634 
1636  &ks->session_id,
1637  time_between (ks->start_time,
1638  ks->deadline, 1, 2),
1639  ks->deadline,
1641 
1642  insert_round2_element (ks);
1643 
1646  ks);
1647 }
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
static void insert_round2_element(struct KeygenSession *ks)
Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coe...
static void keygen_round2_conclude(void *cls)
struct GNUNET_TIME_Absolute start_time
When does the DKG start? Necessary to compute fractions of the operation&#39;s desired time interval...
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
Session to establish a threshold-shared secret.
struct GNUNET_HashCode session_id
Identifier for this session.
unsigned int num_peers
Total number of peers.
static void keygen_round2_new_element(void *cls, const struct GNUNET_SET_Element *element)
static struct GNUNET_TIME_Absolute time_between(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end, int num, int denum)
Interpolate between two points in time.
struct GNUNET_TIME_Absolute deadline
When would we like the key to be established?
struct GNUNET_PeerIdentity * peers
List of all peers involved in the secret sharing session.
void GNUNET_CONSENSUS_conclude(struct GNUNET_CONSENSUS_Handle *consensus, GNUNET_CONSENSUS_ConcludeCallback conclude, void *conclude_cls)
We are done with inserting new elements into the consensus; try to conclude the consensus within a gi...
struct GNUNET_CONSENSUS_Handle * GNUNET_CONSENSUS_create(const struct GNUNET_CONFIGURATION_Handle *cfg, unsigned int num_peers, const struct GNUNET_PeerIdentity *peers, const struct GNUNET_HashCode *session_id, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, GNUNET_CONSENSUS_ElementCallback new_element_cb, void *new_element_cls)
Create a consensus session.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ insert_round1_element()

static void insert_round1_element ( struct KeygenSession ks)
static

Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given session.

Parameters
kssession to use

Definition at line 1657 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_KeygenCommitData::commitment, KeygenSession::consensus, GNUNET_SET_Element::data, elgamal_g, elgamal_p, GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_free, GNUNET_malloc, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, KeygenSession::info, KeygenSession::local_peer_idx, my_peer, KeygenPeerInfo::paillier_public_key, GNUNET_SECRETSHARING_KeygenCommitData::peer, KeygenSession::presecret_polynomial, GNUNET_SECRETSHARING_KeygenCommitData::pubkey, GNUNET_SECRETSHARING_KeygenCommitData::purpose, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_SECRETSHARING_KeygenCommitData::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, and GNUNET_SET_Element::size.

Referenced by handle_client_keygen().

1658 {
1659  struct GNUNET_SET_Element *element;
1661  // g^a_{i,0}
1662  gcry_mpi_t v;
1663  // big-endian representation of 'v'
1664  unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
1665 
1666  element = GNUNET_malloc (sizeof *element + sizeof *d);
1667  d = (void *) &element[1];
1668  element->data = d;
1669  element->size = sizeof *d;
1670 
1671  d->peer = my_peer;
1672 
1673  GNUNET_assert (0 != (v = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS)));
1674 
1675  gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p);
1676 
1678  / 8, v);
1679 
1681  &d->commitment);
1682 
1684 
1685  d->purpose.size = htonl ((sizeof *d) - offsetof (struct
1687  purpose));
1691  &d->purpose,
1692  &d->signature));
1693 
1694  GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
1695 
1696  gcry_mpi_release (v);
1697  GNUNET_free (element);
1698 }
struct GNUNET_CRYPTO_EddsaSignature signature
Signature over the rest of the message.
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1
Signature for the first round of distributed key generation.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Element stored in a set.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
int GNUNET_CRYPTO_eddsa_sign(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:986
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
struct GNUNET_CRYPTO_PaillierPublicKey pubkey
Ephemeral paillier public key used by &#39;peer&#39; for this session.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
void GNUNET_CONSENSUS_insert(struct GNUNET_CONSENSUS_Handle *consensus, const struct GNUNET_SET_Element *element, GNUNET_CONSENSUS_InsertDoneCallback idc, void *idc_cls)
Insert an element in the set being reconsiled.
const void * data
Actual data of the element.
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
struct GNUNET_HashCode commitment
Commitment of &#39;peer&#39; to its presecret.
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Signature purpose for signing the keygen commit data.
struct KeygenPeerInfo * info
Information about all participating peers.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where &#39;preshares[0]&#39; is...
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
Consensus element data used in the first round of key generation.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_client_keygen()

static int check_client_keygen ( void *  cls,
const struct GNUNET_SECRETSHARING_CreateMessage msg 
)
static

Check that msg is well-formed.

Parameters
clsidentification of the client
msgthe actual message
Returns
GNUNET_OK if msg is well-formed

Definition at line 1709 of file gnunet-service-secretsharing.c.

References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, GNUNET_SECRETSHARING_CreateMessage::header, num_peers, GNUNET_SECRETSHARING_CreateMessage::num_peers, and GNUNET_MessageHeader::size.

1711 {
1712  unsigned int num_peers = ntohs (msg->num_peers);
1713 
1714  if (ntohs (msg->header.size) - sizeof(*msg) !=
1715  num_peers * sizeof(struct GNUNET_PeerIdentity))
1716  {
1717  GNUNET_break (0);
1718  return GNUNET_SYSERR;
1719  }
1720  return GNUNET_OK;
1721 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE.
Definition: secretsharing.h:52
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
static unsigned int num_peers
The identity of the host (wraps the signing key of the peer).
uint16_t num_peers
Number of peers at the end of this message.
Definition: secretsharing.h:78

◆ handle_client_keygen()

static void handle_client_keygen ( void *  cls,
const struct GNUNET_SECRETSHARING_CreateMessage msg 
)
static

Functions with this signature are called whenever a message is received.

Parameters
clsidentification of the client
msgthe actual message

Definition at line 1732 of file gnunet-service-secretsharing.c.

References ClientState::client, KeygenSession::consensus, KeygenSession::cs, GNUNET_SECRETSHARING_CreateMessage::deadline, KeygenSession::deadline, generate_presecret_polynomial(), GNUNET_break, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CRYPTO_paillier_create(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_new, GNUNET_new_array, GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_TIME_absolute_ntoh(), KeygenSession::info, insert_round1_element(), keygen_round1_conclude(), keygen_round1_new_element(), ClientState::keygen_session, KeygenSession::local_peer_idx, normalize_peers(), GNUNET_SECRETSHARING_CreateMessage::num_peers, KeygenSession::num_peers, KeygenSession::paillier_private_key, KeygenPeerInfo::paillier_public_key, KeygenPeerInfo::peer, KeygenSession::peers, GNUNET_SECRETSHARING_CreateMessage::threshold, and KeygenSession::threshold.

1734 {
1735  struct ClientState *cs = cls;
1736  struct KeygenSession *ks;
1737 
1739  "client requested key generation\n");
1740  if (NULL != cs->keygen_session)
1741  {
1742  GNUNET_break (0);
1744  return;
1745  }
1746  ks = GNUNET_new (struct KeygenSession);
1747  ks->cs = cs;
1748  cs->keygen_session = ks;
1750  ks->threshold = ntohs (msg->threshold);
1751  ks->num_peers = ntohs (msg->num_peers);
1752 
1753  ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1],
1754  ks->num_peers,
1755  &ks->num_peers,
1756  &ks->local_peer_idx);
1757 
1758 
1760  "first round of consensus with %u peers\n",
1761  ks->num_peers);
1763  ks->num_peers,
1764  ks->peers,
1765  &msg->session_id,
1767  msg->start),
1769  msg->deadline),
1771  ks);
1772 
1773  ks->info = GNUNET_new_array (ks->num_peers,
1774  struct KeygenPeerInfo);
1775 
1776  for (unsigned int i = 0; i < ks->num_peers; i++)
1777  ks->info[i].peer = ks->peers[i];
1778 
1781  &ks->paillier_private_key);
1782 
1784  "P%u: Generated paillier key pair\n",
1785  ks->local_peer_idx);
1788  "P%u: Generated presecret polynomial\n",
1789  ks->local_peer_idx);
1790  insert_round1_element (ks);
1792  "P%u: Concluding for round 1\n",
1793  ks->local_peer_idx);
1796  ks);
1799  "P%u: Waiting for round 1 elements ...\n",
1800  ks->local_peer_idx);
1801 }
struct GNUNET_TIME_AbsoluteNBO start
Start time for communication with the other peers.
Definition: secretsharing.h:62
static void insert_round1_element(struct KeygenSession *ks)
Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given sess...
static void keygen_round1_conclude(void *cls)
Called when the first consensus round has concluded.
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
State we keep per client.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh(struct GNUNET_TIME_AbsoluteNBO a)
Convert absolute time from network byte order.
Definition: time.c:673
static void generate_presecret_polynomial(struct KeygenSession *ks)
Generate the random coefficients of our pre-secret polynomial.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
unsigned int threshold
Minimum number of shares required to restore the secret.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
void GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key, struct GNUNET_CRYPTO_PaillierPrivateKey *private_key)
Create a freshly generated paillier public key.
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
struct GNUNET_TIME_AbsoluteNBO deadline
Deadline for the establishment of the crypto system.
Definition: secretsharing.h:67
Session to establish a threshold-shared secret.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
static struct GNUNET_PeerIdentity * normalize_peers(struct GNUNET_PeerIdentity *listed, unsigned int num_listed, unsigned int *num_normalized, unsigned int *my_peer_idx)
Normalize the given list of peers, by including the local peer (if it is missing) and sorting the pee...
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
void GNUNET_SERVICE_client_drop(struct GNUNET_SERVICE_Client *c)
Ask the server to disconnect from the given client.
Definition: service.c:2324
uint16_t threshold
Mininum number of cooperating peers to decrypt a value.
Definition: secretsharing.h:73
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer&#39;s paillier public key.
unsigned int num_peers
Total number of peers.
struct KeygenSession * keygen_session
Keygen session of the client, if any.
struct GNUNET_CRYPTO_PaillierPrivateKey paillier_private_key
Paillier private key of our peer.
struct KeygenPeerInfo * info
Information about all participating peers.
Info about a peer in a key generation session.
struct GNUNET_TIME_Absolute deadline
When would we like the key to be established?
The identity of the host (wraps the signing key of the peer).
static void keygen_round1_new_element(void *cls, const struct GNUNET_SET_Element *element)
Consensus element handler for round one.
struct GNUNET_SERVICE_Client * client
Client this is about.
struct GNUNET_PeerIdentity * peers
List of all peers involved in the secret sharing session.
#define GNUNET_log(kind,...)
void GNUNET_CONSENSUS_conclude(struct GNUNET_CONSENSUS_Handle *consensus, GNUNET_CONSENSUS_ConcludeCallback conclude, void *conclude_cls)
We are done with inserting new elements into the consensus; try to conclude the consensus within a gi...
struct GNUNET_PeerIdentity peer
Peer identity of the peer.
uint16_t num_peers
Number of peers at the end of this message.
Definition: secretsharing.h:78
struct GNUNET_CONSENSUS_Handle * GNUNET_CONSENSUS_create(const struct GNUNET_CONFIGURATION_Handle *cfg, unsigned int num_peers, const struct GNUNET_PeerIdentity *peers, const struct GNUNET_HashCode *session_id, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, GNUNET_CONSENSUS_ElementCallback new_element_cb, void *new_element_cls)
Create a consensus session.
struct GNUNET_HashCode session_id
Session ID, will be used for consensus.
Definition: secretsharing.h:57
void GNUNET_SERVICE_client_continue(struct GNUNET_SERVICE_Client *c)
Continue receiving further messages from the given client.
Definition: service.c:2243
struct ClientState * cs
Which client is this for?
Here is the call graph for this function:

◆ decrypt_conclude()

static void decrypt_conclude ( void *  cls)
static

Called when the partial decryption consensus concludes.

Definition at line 1808 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_Ciphertext::c2_bits, DecryptSession::ciphertext, compute_lagrange_coefficient(), DecryptSession::consensus, DecryptSession::cs, ds, elgamal_p, GNUNET_assert, GNUNET_CONSENSUS_destroy(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_INFO, GNUNET_free, GNUNET_log, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_new_array, GNUNET_SECRETSHARING_ELGAMAL_BITS, DecryptSession::info, m, ClientState::mq, msg, GNUNET_SECRETSHARING_Share::my_peer, GNUNET_SECRETSHARING_Share::num_peers, DecryptPeerInfo::original_index, DecryptPeerInfo::partial_decryption, GNUNET_SECRETSHARING_DecryptResponseMessage::plaintext, DecryptSession::share, and GNUNET_SECRETSHARING_DecryptResponseMessage::success.

Referenced by handle_client_decrypt().

1809 {
1810  struct DecryptSession *ds = cls;
1812  struct GNUNET_MQ_Envelope *ev;
1813  gcry_mpi_t lagrange;
1814  gcry_mpi_t m;
1815  gcry_mpi_t tmp;
1816  gcry_mpi_t c_2;
1817  gcry_mpi_t prod;
1818  unsigned int *indices;
1819  unsigned int num;
1820  unsigned int i;
1821  unsigned int j;
1822 
1824  ds->consensus = NULL;
1825 
1826  GNUNET_assert (0 != (lagrange = gcry_mpi_new (0)));
1827  GNUNET_assert (0 != (m = gcry_mpi_new (0)));
1828  GNUNET_assert (0 != (tmp = gcry_mpi_new (0)));
1829  GNUNET_assert (0 != (prod = gcry_mpi_new (0)));
1830 
1831  num = 0;
1832  for (i = 0; i < ds->share->num_peers; i++)
1833  if (NULL != ds->info[i].partial_decryption)
1834  num++;
1835 
1836  indices = GNUNET_new_array (num,
1837  unsigned int);
1838  j = 0;
1839  for (i = 0; i < ds->share->num_peers; i++)
1840  if (NULL != ds->info[i].partial_decryption)
1841  indices[j++] = ds->info[i].original_index;
1842 
1844  "P%u: decrypt conclude, with %u peers\n",
1845  ds->share->my_peer,
1846  num);
1847 
1848  gcry_mpi_set_ui (prod, 1);
1849  for (i = 0; i < num; i++)
1850  {
1852  "P%u: index of %u: %u\n",
1853  ds->share->my_peer, i, indices[i]);
1854  compute_lagrange_coefficient (lagrange, indices[i], indices, num);
1855  // w_i^{\lambda_i}
1856  gcry_mpi_powm (tmp, ds->info[indices[i]].partial_decryption, lagrange,
1857  elgamal_p);
1858 
1859  // product of all exponentiated partiel decryptions ...
1860  gcry_mpi_mulm (prod, prod, tmp, elgamal_p);
1861  }
1862 
1865 
1866  GNUNET_assert (0 != gcry_mpi_invm (prod, prod, elgamal_p));
1867  gcry_mpi_mulm (m, c_2, prod, elgamal_p);
1868  ev = GNUNET_MQ_msg (msg,
1872  msg->success = htonl (1);
1873  GNUNET_MQ_send (ds->cs->mq,
1874  ev);
1875 
1876  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n");
1877 
1878  GNUNET_free (indices);
1879 
1880  gcry_mpi_release (lagrange);
1881  gcry_mpi_release (m);
1882  gcry_mpi_release (tmp);
1883  gcry_mpi_release (prod);
1884  gcry_mpi_release (c_2);
1885 
1886  // FIXME: what if not enough peers participated?
1887 }
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks)...
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
struct GNUNET_SECRETSHARING_FieldElement plaintext
Decrypted plaintext.
struct GNUNET_MQ_Handle * mq
MQ to talk to client.
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:67
gcry_mpi_t partial_decryption
Set to the partial decryption of this peer, or NULL if we did not receive a partial decryption from t...
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE
The service succeeded in decrypting a ciphertext.
static void compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j, unsigned int *indices, unsigned int num)
Get a the j-th lagrange coefficient for a set of indices.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
struct DecryptPeerInfo * info
State information about other peers.
struct ClientState * cs
Which client is this for?
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
unsigned int original_index
Original index in the key generation round.
uint32_t success
Zero if decryption failed, non-zero if decryption succeeded.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
uint16_t my_peer
Index of our peer in the list.
#define GNUNET_log(kind,...)
static struct GNUNET_FS_DirScanner * ds
Handle to the directory scanner (for recursive insertions).
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:353
uint16_t num_peers
Peers that have the share.
uint32_t c2_bits[1024/8/sizeof(uint32_t)]
Session to cooperatively decrypt a value.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mpi_to_str()

static char* mpi_to_str ( gcry_mpi_t  mpi)
static

Get a string representation of an MPI.

The caller must free the returned string.

Parameters
mpimpi to convert to a string
Returns
string representation of mpi, must be free'd by the caller

Definition at line 1898 of file gnunet-service-secretsharing.c.

References buf, and GNUNET_assert.

Referenced by decrypt_new_element(), and insert_decrypt_element().

1899 {
1900  unsigned char *buf;
1901 
1902  GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, mpi));
1903  return (char *) buf;
1904 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static char buf[2048]
Here is the caller graph for this function:

◆ decrypt_new_element()

static void decrypt_new_element ( void *  cls,
const struct GNUNET_SET_Element element 
)
static

Called when a new partial decryption arrives.

Definition at line 1911 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_Ciphertext::c1_bits, ciphertext, GNUNET_SECRETSHARING_DecryptData::ciphertext, DecryptSession::ciphertext, cleanup(), GNUNET_SET_Element::data, elgamal_g, elgamal_p, get_decrypt_peer_info(), GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_memcmp, GNUNET_SECRETSHARING_ELGAMAL_BITS, DecryptSession::info, mpi_to_str(), GNUNET_SECRETSHARING_Share::my_peer, DecryptPeerInfo::partial_decryption, GNUNET_SECRETSHARING_DecryptData::peer, DecryptSession::share, KeygenPeerInfo::sigma, GNUNET_SECRETSHARING_Share::sigmas, and GNUNET_SET_Element::size.

Referenced by handle_client_decrypt().

1913 {
1914  struct DecryptSession *session = cls;
1915  const struct GNUNET_SECRETSHARING_DecryptData *d;
1916  struct DecryptPeerInfo *info;
1917  struct GNUNET_HashCode challenge_hash;
1918 
1919  /* nizk response */
1920  gcry_mpi_t r;
1921  /* nizk challenge */
1922  gcry_mpi_t challenge;
1923  /* nizk commit1, g^\beta */
1924  gcry_mpi_t commit1;
1925  /* nizk commit2, c_1^\beta */
1926  gcry_mpi_t commit2;
1927  /* homomorphic commitment to the peer's share,
1928  * public key share */
1929  gcry_mpi_t sigma;
1930  /* partial decryption we received */
1931  gcry_mpi_t w;
1932  /* ciphertext component #1 */
1933  gcry_mpi_t c1;
1934  /* temporary variable (for comparision) #1 */
1935  gcry_mpi_t tmp1;
1936  /* temporary variable (for comparision) #2 */
1937  gcry_mpi_t tmp2;
1938 
1939  if (NULL == element)
1940  {
1941  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n");
1942  /* FIXME: destroy */
1943  return;
1944  }
1945 
1946  if (element->size != sizeof *d)
1947  {
1949  "element of wrong size in decrypt consensus\n");
1950  return;
1951  }
1952 
1953  d = element->data;
1954 
1955  info = get_decrypt_peer_info (session, &d->peer);
1956 
1957  if (NULL == info)
1958  {
1960  "decrypt element from invalid peer (%s)\n",
1961  GNUNET_i2s (&d->peer));
1962  return;
1963  }
1964 
1965  if (NULL != info->partial_decryption)
1966  {
1967  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n");
1968  return;
1969  }
1970 
1971  if (0 != GNUNET_memcmp (&d->ciphertext, &session->ciphertext))
1972  {
1974  "P%u: got decrypt element with non-matching ciphertext from P%u\n",
1975  (unsigned int) session->share->my_peer, (unsigned int) (info
1976  -
1977  session
1978  ->info));
1979 
1980  return;
1981  }
1982 
1983 
1985  ciphertext) + (char *) d,
1986  offsetof (struct GNUNET_SECRETSHARING_DecryptData,
1987  nizk_response)
1988  - offsetof (struct GNUNET_SECRETSHARING_DecryptData,
1989  ciphertext),
1990  &challenge_hash);
1991 
1992  GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash,
1993  sizeof(struct GNUNET_HashCode));
1994 
1995  GNUNET_CRYPTO_mpi_scan_unsigned (&sigma, &session->share->sigmas[info
1996  - session->
1997  info],
1998  sizeof(struct
2000 
2002  sizeof(struct
2004 
2005  GNUNET_CRYPTO_mpi_scan_unsigned (&commit1, &d->nizk_commit1,
2006  sizeof(struct
2008 
2009  GNUNET_CRYPTO_mpi_scan_unsigned (&commit2, &d->nizk_commit2,
2010  sizeof(struct
2012 
2013  GNUNET_CRYPTO_mpi_scan_unsigned (&r, &d->nizk_response,
2014  sizeof(struct
2016 
2017  GNUNET_CRYPTO_mpi_scan_unsigned (&w, &d->partial_decryption,
2018  sizeof(struct
2020 
2021  GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
2022  GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
2023 
2024  // tmp1 = g^r
2025  gcry_mpi_powm (tmp1, elgamal_g, r, elgamal_p);
2026 
2027  // tmp2 = g^\beta * \sigma^challenge
2028  gcry_mpi_powm (tmp2, sigma, challenge, elgamal_p);
2029  gcry_mpi_mulm (tmp2, tmp2, commit1, elgamal_p);
2030 
2031  if (0 != gcry_mpi_cmp (tmp1, tmp2))
2032  {
2033  char *tmp1_str;
2034  char *tmp2_str;
2035 
2036  tmp1_str = mpi_to_str (tmp1);
2037  tmp2_str = mpi_to_str (tmp2);
2039  "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n",
2040  session->share->my_peer,
2041  (unsigned int) (info - session->info),
2042  tmp1_str,
2043  tmp2_str);
2044  GNUNET_free (tmp1_str);
2045  GNUNET_free (tmp2_str);
2046  goto cleanup;
2047  }
2048 
2049 
2050  gcry_mpi_powm (tmp1, c1, r, elgamal_p);
2051 
2052  gcry_mpi_powm (tmp2, w, challenge, elgamal_p);
2053  gcry_mpi_mulm (tmp2, tmp2, commit2, elgamal_p);
2054 
2055 
2056  if (0 != gcry_mpi_cmp (tmp1, tmp2))
2057  {
2059  "P%u: Received invalid partial decryption from P%u (eqn 2)\n",
2060  session->share->my_peer,
2061  (unsigned int) (info - session->info));
2062  goto cleanup;
2063  }
2064 
2065 
2067  &d->partial_decryption,
2069 cleanup:
2070  gcry_mpi_release (tmp1);
2071  gcry_mpi_release (tmp2);
2072  gcry_mpi_release (sigma);
2073  gcry_mpi_release (commit1);
2074  gcry_mpi_release (commit2);
2075  gcry_mpi_release (r);
2076  gcry_mpi_release (w);
2077  gcry_mpi_release (challenge);
2078  gcry_mpi_release (c1);
2079 }
static char * mpi_to_str(gcry_mpi_t mpi)
Get a string representation of an MPI.
Information about a peer in a decrypt session.
struct GNUNET_PeerIdentity peer
Peer that inserts this element.
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
static struct DecryptPeerInfo * get_decrypt_peer_info(const struct DecryptSession *ds, const struct GNUNET_PeerIdentity *peer)
Get the peer info belonging to a peer identity in a decrypt session.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
Data of then element put in consensus for decrypting a value.
gcry_mpi_t partial_decryption
Set to the partial decryption of this peer, or NULL if we did not receive a partial decryption from t...
const void * data
Actual data of the element.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static void cleanup(void *cls)
Function scheduled as very last function, cleans up after us.
static struct GNUNET_SECRETSHARING_Ciphertext ciphertext
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
A 512-bit hashcode.
uint32_t c1_bits[1024/8/sizeof(uint32_t)]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
struct DecryptPeerInfo * info
State information about other peers.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
struct GNUNET_SECRETSHARING_FieldElement * sigmas
uint16_t my_peer
Index of our peer in the list.
uint16_t size
Number of bytes in the buffer pointed to by data.
#define GNUNET_log(kind,...)
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
Session to cooperatively decrypt a value.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ insert_decrypt_element()

static void insert_decrypt_element ( struct DecryptSession ds)
static

Definition at line 2083 of file gnunet-service-secretsharing.c.

References beta, GNUNET_SECRETSHARING_Ciphertext::c1_bits, ciphertext, GNUNET_SECRETSHARING_DecryptData::ciphertext, DecryptSession::ciphertext, DecryptSession::consensus, GNUNET_SET_Element::data, GNUNET_SET_Element::element_type, elgamal_g, elgamal_p, elgamal_q, GNUNET_assert, GNUNET_CONSENSUS_insert(), GNUNET_CRYPTO_eddsa_sign(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SECRETSHARING_ELGAMAL_BITS, GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION, mpi_to_str(), GNUNET_SECRETSHARING_Share::my_peer, my_peer, GNUNET_SECRETSHARING_Share::my_share, GNUNET_SECRETSHARING_DecryptData::nizk_commit1, GNUNET_SECRETSHARING_DecryptData::nizk_commit2, GNUNET_SECRETSHARING_DecryptData::nizk_response, GNUNET_SECRETSHARING_Share::num_peers, GNUNET_SECRETSHARING_DecryptData::partial_decryption, GNUNET_SECRETSHARING_DecryptData::peer, GNUNET_SECRETSHARING_DecryptData::purpose, DecryptSession::share, KeygenPeerInfo::sigma, GNUNET_SECRETSHARING_Share::sigmas, and GNUNET_SET_Element::size.

Referenced by handle_client_decrypt().

2084 {
2086  struct GNUNET_SET_Element element;
2087  /* our share */
2088  gcry_mpi_t s;
2089  /* partial decryption with our share */
2090  gcry_mpi_t w;
2091  /* first component of the elgamal ciphertext */
2092  gcry_mpi_t c1;
2093  /* nonce for dlog zkp */
2094  gcry_mpi_t beta;
2095  gcry_mpi_t tmp;
2096  gcry_mpi_t challenge;
2097  gcry_mpi_t sigma;
2098  struct GNUNET_HashCode challenge_hash;
2099 
2100  /* make vagrind happy until we implement the real deal ... */
2101  memset (&d, 0, sizeof d);
2102 
2103  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element\n",
2104  ds->share->my_peer);
2105 
2106  GNUNET_assert (ds->share->my_peer < ds->share->num_peers);
2107 
2113  &ds->share->sigmas[ds->share->my_peer],
2115 
2116  GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
2117  GNUNET_assert (NULL != (beta = gcry_mpi_new (0)));
2118  GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
2119 
2120  // FIXME: unnecessary, remove once crypto works
2121  gcry_mpi_powm (tmp, elgamal_g, s, elgamal_p);
2122  if (0 != gcry_mpi_cmp (tmp, sigma))
2123  {
2124  char *sigma_str = mpi_to_str (sigma);
2125  char *tmp_str = mpi_to_str (tmp);
2126  char *s_str = mpi_to_str (s);
2128  "Share of P%u is invalid, ref sigma %s, "
2129  "computed sigma %s, s %s\n",
2130  ds->share->my_peer,
2131  sigma_str, tmp_str, s_str);
2132  GNUNET_free (sigma_str);
2133  GNUNET_free (tmp_str);
2134  GNUNET_free (s_str);
2135  }
2136 
2137  gcry_mpi_powm (w, c1, s, elgamal_p);
2138 
2139  element.data = (void *) &d;
2140  element.size = sizeof(struct GNUNET_SECRETSHARING_DecryptData);
2141  element.element_type = 0;
2142 
2143  d.ciphertext = ds->ciphertext;
2144  d.peer = my_peer;
2145  GNUNET_CRYPTO_mpi_print_unsigned (&d.partial_decryption,
2147 
2148  // create the zero knowledge proof
2149  // randomly choose beta such that 0 < beta < q
2150  do
2151  {
2152  gcry_mpi_randomize (beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1,
2153  GCRY_WEAK_RANDOM);
2154  }
2155  while ((gcry_mpi_cmp_ui (beta, 0) == 0) || (gcry_mpi_cmp (beta, elgamal_q) >=
2156  0));
2157  // tmp = g^beta
2158  gcry_mpi_powm (tmp, elgamal_g, beta, elgamal_p);
2159  GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit1,
2161  // tmp = (c_1)^beta
2162  gcry_mpi_powm (tmp, c1, beta, elgamal_p);
2163  GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_commit2,
2165 
2166  // the challenge is the hash of everything up to the response
2168  ciphertext) + (char *) &d,
2169  offsetof (struct GNUNET_SECRETSHARING_DecryptData,
2170  nizk_response)
2171  - offsetof (struct GNUNET_SECRETSHARING_DecryptData,
2172  ciphertext),
2173  &challenge_hash);
2174 
2175  GNUNET_CRYPTO_mpi_scan_unsigned (&challenge, &challenge_hash,
2176  sizeof(struct GNUNET_HashCode));
2177 
2178  // compute the response in tmp,
2179  // tmp = (c * s + beta) mod q
2180  gcry_mpi_mulm (tmp, challenge, s, elgamal_q);
2181  gcry_mpi_addm (tmp, tmp, beta, elgamal_q);
2182 
2183  GNUNET_CRYPTO_mpi_print_unsigned (&d.nizk_response,
2185 
2186  d.purpose.size = htonl (element.size - offsetof (struct
2188  purpose));
2189  d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION);
2190 
2193  &d.purpose,
2194  &d.signature));
2195 
2196  GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL);
2198  "P%u: Inserting decrypt element done!\n",
2199  ds->share->my_peer);
2200 
2201  gcry_mpi_release (s);
2202  gcry_mpi_release (w);
2203  gcry_mpi_release (c1);
2204  gcry_mpi_release (beta);
2205  gcry_mpi_release (tmp);
2206  gcry_mpi_release (challenge);
2207  gcry_mpi_release (sigma);
2208 }
static char * mpi_to_str(gcry_mpi_t mpi)
Get a string representation of an MPI.
struct GNUNET_SECRETSHARING_FieldElement my_share
Share of &#39;my_peer&#39;.
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
Element stored in a set.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
int GNUNET_CRYPTO_eddsa_sign(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:986
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
Data of then element put in consensus for decrypting a value.
void GNUNET_CONSENSUS_insert(struct GNUNET_CONSENSUS_Handle *consensus, const struct GNUNET_SET_Element *element, GNUNET_CONSENSUS_InsertDoneCallback idc, void *idc_cls)
Insert an element in the set being reconsiled.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
static struct GNUNET_SECRETSHARING_Ciphertext ciphertext
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
A 512-bit hashcode.
uint32_t c1_bits[1024/8/sizeof(uint32_t)]
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
struct GNUNET_SECRETSHARING_FieldElement nizk_response
Reponse to the challenge computed from the protocol transcript.
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
struct GNUNET_SECRETSHARING_FieldElement * sigmas
uint16_t my_peer
Index of our peer in the list.
#define GNUNET_log(kind,...)
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION
Signature for cooperatice decryption.
static float beta
Percentage of total peer number in the view to send random PULLs to.
uint16_t num_peers
Peers that have the share.
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_client_decrypt()

static int check_client_decrypt ( void *  cls,
const struct GNUNET_SECRETSHARING_DecryptRequestMessage msg 
)
static

Check that msg is well-formed.

Parameters
clsidentification of the client
msgthe actual message
Returns
GNUNET_OK (check deferred a bit)

Definition at line 2219 of file gnunet-service-secretsharing.c.

References GNUNET_OK.

2222 {
2223  /* we check later, it's complicated */
2224  return GNUNET_OK;
2225 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75

◆ handle_client_decrypt()

static void handle_client_decrypt ( void *  cls,
const struct GNUNET_SECRETSHARING_DecryptRequestMessage msg 
)
static

Functions with this signature are called whenever a message is received.

Parameters
clsidentification of the client
msgthe actual message

Definition at line 2236 of file gnunet-service-secretsharing.c.

References GNUNET_SECRETSHARING_DecryptRequestMessage::ciphertext, DecryptSession::ciphertext, ClientState::client, DecryptSession::consensus, DecryptSession::cs, GNUNET_SECRETSHARING_DecryptRequestMessage::deadline, DecryptSession::deadline, decrypt_conclude(), decrypt_new_element(), ClientState::decrypt_session, ds, GNUNET_break, GNUNET_CONSENSUS_conclude(), GNUNET_CONSENSUS_create(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_new, GNUNET_new_array, GNUNET_SECRETSHARING_share_read(), GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_TIME_absolute_ntoh(), GNUNET_SECRETSHARING_DecryptRequestMessage::header, DecryptSession::info, insert_decrypt_element(), GNUNET_SECRETSHARING_Share::num_peers, DecryptPeerInfo::original_index, GNUNET_SECRETSHARING_Share::original_indices, DecryptPeerInfo::peer, GNUNET_SECRETSHARING_Share::peers, DecryptSession::share, GNUNET_MessageHeader::size, GNUNET_SECRETSHARING_DecryptRequestMessage::start, and DecryptSession::start.

2239 {
2240  struct ClientState *cs = cls;
2241  struct DecryptSession *ds;
2242  struct GNUNET_HashCode session_id;
2243 
2244  if (NULL != cs->decrypt_session)
2245  {
2246  GNUNET_break (0);
2248  return;
2249  }
2250  ds = GNUNET_new (struct DecryptSession);
2251  cs->decrypt_session = ds;
2252  ds->cs = cs;
2253  ds->start = GNUNET_TIME_absolute_ntoh (msg->start);
2255  ds->ciphertext = msg->ciphertext;
2256 
2257  ds->share = GNUNET_SECRETSHARING_share_read (&msg[1],
2258  ntohs (msg->header.size)
2259  - sizeof(*msg),
2260  NULL);
2261  if (NULL == ds->share)
2262  {
2263  GNUNET_break (0);
2265  return;
2266  }
2267 
2268  /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */
2270  sizeof(struct GNUNET_SECRETSHARING_Ciphertext),
2271  &session_id);
2273  ds->share->num_peers,
2274  ds->share->peers,
2275  &session_id,
2276  ds->start,
2277  ds->deadline,
2279  ds);
2280 
2281 
2282  ds->info = GNUNET_new_array (ds->share->num_peers,
2283  struct DecryptPeerInfo);
2284  for (unsigned int i = 0; i < ds->share->num_peers; i++)
2285  {
2286  ds->info[i].peer = ds->share->peers[i];
2287  ds->info[i].original_index = ds->share->original_indices[i];
2288  }
2292  ds);
2295  "decrypting with %u peers\n",
2296  ds->share->num_peers);
2297 }
Information about a peer in a decrypt session.
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
struct GNUNET_SECRETSHARING_Share * GNUNET_SECRETSHARING_share_read(const void *data, size_t len, size_t *readlen)
Read a share from its binary representation.
State we keep per client.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh(struct GNUNET_TIME_AbsoluteNBO a)
Convert absolute time from network byte order.
Definition: time.c:673
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
static void decrypt_conclude(void *cls)
Called when the partial decryption consensus concludes.
struct GNUNET_PeerIdentity * peers
Peer identities (includes &#39;my_peer&#39;)
struct GNUNET_PeerIdentity peer
Identity of the peer.
static struct GNUNET_HashCode session_id
static void decrypt_new_element(void *cls, const struct GNUNET_SET_Element *element)
Called when a new partial decryption arrives.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_REQUEST.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
static void insert_decrypt_element(struct DecryptSession *ds)
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct DecryptSession * decrypt_session
Decrypt session of the client, if any.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
A 512-bit hashcode.
void GNUNET_SERVICE_client_drop(struct GNUNET_SERVICE_Client *c)
Ask the server to disconnect from the given client.
Definition: service.c:2324
struct GNUNET_TIME_AbsoluteNBO deadline
Until when should the decryption be finished?
struct DecryptPeerInfo * info
State information about other peers.
struct ClientState * cs
Which client is this for?
struct GNUNET_TIME_AbsoluteNBO start
Until when should the decryption start?
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
unsigned int original_index
Original index in the key generation round.
struct GNUNET_TIME_Absolute deadline
When would we like the ciphertext to be decrypted?
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
struct GNUNET_SERVICE_Client * client
Client this is about.
#define GNUNET_log(kind,...)
void GNUNET_CONSENSUS_conclude(struct GNUNET_CONSENSUS_Handle *consensus, GNUNET_CONSENSUS_ConcludeCallback conclude, void *conclude_cls)
We are done with inserting new elements into the consensus; try to conclude the consensus within a gi...
static struct GNUNET_FS_DirScanner * ds
Handle to the directory scanner (for recursive insertions).
struct GNUNET_CONSENSUS_Handle * GNUNET_CONSENSUS_create(const struct GNUNET_CONFIGURATION_Handle *cfg, unsigned int num_peers, const struct GNUNET_PeerIdentity *peers, const struct GNUNET_HashCode *session_id, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, GNUNET_CONSENSUS_ElementCallback new_element_cb, void *new_element_cls)
Create a consensus session.
struct GNUNET_TIME_Absolute start
When should we start communicating for decryption?
uint16_t num_peers
Peers that have the share.
void GNUNET_SERVICE_client_continue(struct GNUNET_SERVICE_Client *c)
Continue receiving further messages from the given client.
Definition: service.c:2243
Session to cooperatively decrypt a value.
Here is the call graph for this function:

◆ init_crypto_constants()

static void init_crypto_constants ( void  )
static

Definition at line 2301 of file gnunet-service-secretsharing.c.

References elgamal_g, elgamal_p, elgamal_q, GNUNET_assert, GNUNET_SECRETSHARING_ELGAMAL_G_HEX, GNUNET_SECRETSHARING_ELGAMAL_P_HEX, and GNUNET_SECRETSHARING_ELGAMAL_Q_HEX.

Referenced by run().

2302 {
2303  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_q, GCRYMPI_FMT_HEX,
2305  NULL));
2306  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_p, GCRYMPI_FMT_HEX,
2308  NULL));
2309  GNUNET_assert (0 == gcry_mpi_scan (&elgamal_g, GCRYMPI_FMT_HEX,
2311  NULL));
2312 }
#define GNUNET_SECRETSHARING_ELGAMAL_G_HEX
The g-parameter for ElGamal encryption, a generator of the unique size q subgroup of Z_p^*...
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_SECRETSHARING_ELGAMAL_Q_HEX
The q-parameter for ElGamal encryption, a 1023-bit Sophie Germain prime, q = (p-1)/2.
#define GNUNET_SECRETSHARING_ELGAMAL_P_HEX
The q-parameter for ElGamal encryption, a 1024-bit safe prime.
static gcry_mpi_t elgamal_g
Generator for prime field of order &#39;elgamal_q&#39;.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
Here is the caller graph for this function:

◆ run()

static void run ( void *  cls,
const struct GNUNET_CONFIGURATION_Handle c,
struct GNUNET_SERVICE_Handle service 
)
static

Initialize secretsharing service.

Parameters
clsclosure
cconfiguration to use
servicethe initialized service

Definition at line 2323 of file gnunet-service-secretsharing.c.

References cleanup_task(), GNUNET_break, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SCHEDULER_add_shutdown(), GNUNET_SCHEDULER_shutdown(), init_crypto_constants(), and my_peer.

Referenced by client_disconnect_cb().

2326 {
2327  cfg = c;
2329  if (NULL == my_peer_private_key)
2330  {
2332  "could not access host private key\n");
2333  GNUNET_break (0);
2335  return;
2336  }
2338  if (GNUNET_OK !=
2340  &my_peer))
2341  {
2343  "could not retrieve host identity\n");
2344  GNUNET_break (0);
2346  return;
2347  }
2349  NULL);
2350 }
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_shutdown(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run on shutdown, that is when a CTRL-C signal is received, or when GNUNET_SCHEDULER_shutdown() is being invoked.
Definition: scheduler.c:1300
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
static void init_crypto_constants(void)
void GNUNET_SCHEDULER_shutdown(void)
Request the shutdown of a scheduler.
Definition: scheduler.c:526
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
#define GNUNET_log(kind,...)
int GNUNET_CRYPTO_get_peer_identity(const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
Retrieve the identity of the host&#39;s peer.
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer&#39;s key from the file specified in the configuration...
static void cleanup_task(void *cls)
Task run during shutdown.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ client_connect_cb()

static void* client_connect_cb ( void *  cls,
struct GNUNET_SERVICE_Client c,
struct GNUNET_MQ_Handle mq 
)
static

Callback called when a client connects to the service.

Parameters
clsclosure for the service
cthe new client that connected to the service
mqthe message queue used to send messages to the client
Returns
c

Definition at line 2362 of file gnunet-service-secretsharing.c.

References ClientState::client, GNUNET_new, mq, and ClientState::mq.

Referenced by client_disconnect_cb().

2365 {
2366  struct ClientState *cs = GNUNET_new (struct ClientState);;
2367 
2368  cs->client = c;
2369  cs->mq = mq;
2370  return cs;
2371 }
State we keep per client.
struct GNUNET_MQ_Handle * mq
MQ to talk to client.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_SERVICE_Client * client
Client this is about.
struct GNUNET_MQ_Handle * mq
Definition: 003.c:5
Here is the caller graph for this function:

◆ client_disconnect_cb()

static void client_disconnect_cb ( void *  cls,
struct GNUNET_SERVICE_Client c,
void *  internal_cls 
)
static

Callback called when a client disconnected from the service.

Parameters
clsclosure for the service
cthe client that disconnected
internal_clsshould be equal to c

Definition at line 2382 of file gnunet-service-secretsharing.c.

References client_connect_cb(), ClientState::decrypt_session, decrypt_session_destroy(), GNUNET_free, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, GNUNET_MQ_handler_end, GNUNET_MQ_hd_var_size, GNUNET_SERVICE_MAIN(), GNUNET_SERVICE_OPTION_NONE, ClientState::keygen_session, keygen_session_destroy(), and run().

2385 {
2386  struct ClientState *cs = internal_cls;
2387 
2388  if (NULL != cs->keygen_session)
2390 
2391  if (NULL != cs->decrypt_session)
2393  GNUNET_free (cs);
2394 }
State we keep per client.
static void decrypt_session_destroy(struct DecryptSession *ds)
Destroy a decrypt session, removing it from the linked list of decrypt sessions.
struct DecryptSession * decrypt_session
Decrypt session of the client, if any.
static void keygen_session_destroy(struct KeygenSession *ks)
struct KeygenSession * keygen_session
Keygen session of the client, if any.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_SERVICE_MAIN()

GNUNET_SERVICE_MAIN ( "secretsharing"  ,
GNUNET_SERVICE_OPTION_NONE  ,
run,
client_connect_cb,
client_disconnect_cb,
NULL  ,
GNUNET_MQ_hd_var_size(client_keygen, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, struct GNUNET_SECRETSHARING_CreateMessage, NULL)  ,
GNUNET_MQ_hd_var_size(client_decrypt, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, struct GNUNET_SECRETSHARING_DecryptRequestMessage, NULL)  ,
GNUNET_MQ_handler_end()   
)

Define "main" method using service macro.

Referenced by client_disconnect_cb().

Here is the caller graph for this function:

Variable Documentation

◆ elgamal_q

gcry_mpi_t elgamal_q
static

◆ elgamal_p

gcry_mpi_t elgamal_p
static

◆ elgamal_g

gcry_mpi_t elgamal_g
static

◆ my_peer

struct GNUNET_PeerIdentity my_peer
static

◆ my_peer_private_key

struct GNUNET_CRYPTO_EddsaPrivateKey* my_peer_private_key
static

Peer that runs this service.

Definition at line 309 of file gnunet-service-secretsharing.c.

◆ cfg

const struct GNUNET_CONFIGURATION_Handle* cfg
static

Configuration of this service.

Definition at line 314 of file gnunet-service-secretsharing.c.