29#include "gnunet_signatures.h"
350 for (i = 0; i <
ds->share->num_peers; i++)
374 diff =
end.abs_value_us -
start.abs_value_us;
375 result.abs_value_us =
start.abs_value_us + ((diff * num) / denum);
412 for (i = 0; i < n; i++)
432 unsigned int num_listed,
433 unsigned int *num_normalized,
434 unsigned int *my_peer_idx)
436 unsigned int local_peer_in_list;
463 if (NULL != my_peer_idx)
465 if (NULL != num_normalized)
482 unsigned int *indices,
499 gcry_mpi_set_ui (n, 1);
500 gcry_mpi_set_ui (
d, 1);
502 for (i = 0; i < num; i++)
504 unsigned int l = indices[i];
507 gcry_mpi_mul_ui (n, n, l + 1);
509 gcry_mpi_set_ui (tmp, l + 1);
510 gcry_mpi_sub_ui (tmp, tmp, j + 1);
511 gcry_mpi_mul (
d,
d, tmp);
525 gcry_mpi_release (n);
526 gcry_mpi_release (
d);
527 gcry_mpi_release (tmp);
541 "destroying decrypt session\n");
544 ds->cs->decrypt_session = NULL;
547 if (NULL !=
ds->consensus)
550 ds->consensus = NULL;
553 if (NULL !=
ds->info)
555 for (
unsigned int i = 0; i <
ds->share->num_peers; i++)
557 if (NULL !=
ds->info[i].partial_decryption)
559 gcry_mpi_release (
ds->info[i].partial_decryption);
560 ds->info[i].partial_decryption = NULL;
566 if (NULL !=
ds->share)
579 if (NULL !=
info->sigma)
581 gcry_mpi_release (
info->sigma);
584 if (NULL !=
info->presecret_commitment)
586 gcry_mpi_release (
info->presecret_commitment);
587 info->presecret_commitment = NULL;
589 if (NULL !=
info->preshare_commitment)
591 gcry_mpi_release (
info->preshare_commitment);
592 info->preshare_commitment = NULL;
601 "destroying keygen session\n");
608 if (NULL != ks->
info)
610 for (
unsigned int i = 0; i < ks->
num_peers; i++)
624 for (
unsigned int i = 0; i < ks->
threshold; i++)
643 if (NULL != ks->
peers)
690 while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v,
elgamal_q) >= 0));
721 "keygen commit data with wrong size (%u) in consensus, %u expected\n",
722 (
unsigned int) element->
size,
723 (
unsigned int)
sizeof(
struct
736 "keygen commit data with wrong peer identity (%s) in consensus\n",
742 if (
d->purpose.size !=
743 htonl (element->
size - offsetof (
struct
748 "keygen commit data with wrong signature purpose size in consensus\n");
754 &
d->purpose, &
d->signature,
755 &
d->peer.public_key))
758 "keygen commit data with invalid signature in consensus\n");
761 info->paillier_public_key =
d->pubkey;
779horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff,
unsigned int num_coeff, gcry_mpi_t
784 gcry_mpi_set_ui (z, 0);
785 for (i = 0; i < num_coeff; i++)
788 gcry_mpi_mul (z, z, x);
789 gcry_mpi_addm (z, z, coeff[num_coeff - i - 1],
m);
868 (
unsigned int) share_size);
888 gcry_mpi_t x, gcry_mpi_t xres)
921 gcry_mpi_set_ui (a_2, 0);
924 gcry_mpi_set (b_1, x);
926 gcry_mpi_set_ui (b_2, 1);
929 gcry_mpi_mul (
t, a_1, a_1);
930 gcry_mpi_mul (big_a, a_2, a_2);
931 gcry_mpi_add (big_a, big_a,
t);
934 gcry_mpi_mul (
t, b_1, b_1);
935 gcry_mpi_mul (big_b, b_2, b_2);
936 gcry_mpi_add (big_b, big_b,
t);
941 gcry_mpi_mul (
t, a_1, b_1);
942 gcry_mpi_mul (n, a_2, b_2);
943 gcry_mpi_add (n, n,
t);
946 gcry_mpi_div (r, NULL, n, big_b, 0);
949 gcry_mpi_mul (v, r, n);
950 gcry_mpi_mul_ui (v, v, 2);
951 gcry_mpi_sub (big_t, big_a, v);
952 gcry_mpi_mul (v, r, r);
953 gcry_mpi_mul (v, v, big_b);
954 gcry_mpi_add (big_t, big_t, v);
956 if (gcry_mpi_cmp (big_t, big_b) >= 0)
962 gcry_mpi_mul (v, r, b_1);
963 gcry_mpi_sub (t_1, a_1, v);
964 gcry_mpi_mul (v, r, b_2);
965 gcry_mpi_sub (t_2, a_2, v);
968 gcry_mpi_set (a_1, b_1);
969 gcry_mpi_set (a_2, b_2);
971 gcry_mpi_set (b_1, t_1);
972 gcry_mpi_set (b_2, t_2);
974 gcry_mpi_set (big_a, big_b);
975 gcry_mpi_set (big_b, big_t);
978 gcry_mpi_set (xres, b_2);
980 gcry_mpi_mulm (xres, xres, b_1,
elgamal_q);
982 gcry_mpi_release (a_1);
983 gcry_mpi_release (a_2);
984 gcry_mpi_release (b_1);
985 gcry_mpi_release (b_2);
986 gcry_mpi_release (big_a);
987 gcry_mpi_release (big_b);
988 gcry_mpi_release (big_t);
989 gcry_mpi_release (n);
990 gcry_mpi_release (t_1);
991 gcry_mpi_release (t_2);
992 gcry_mpi_release (
t);
993 gcry_mpi_release (r);
994 gcry_mpi_release (v);
1070 gcry_mpi_mul (n_sq, n, n);
1078 gcry_mpi_mulm (tmp1, tmp1, tmp2,
elgamal_p);
1080 if (0 == gcry_mpi_cmp (t1, tmp1))
1087 gcry_mpi_powm (big_y, big_y, e, n_sq);
1088 gcry_mpi_invm (big_y, big_y, n_sq);
1090 gcry_mpi_add_ui (tmp1, n, 1);
1091 gcry_mpi_powm (tmp1, tmp1, z, n_sq);
1093 gcry_mpi_powm (tmp2, w, n, n_sq);
1095 gcry_mpi_mulm (tmp1, tmp1, tmp2, n_sq);
1096 gcry_mpi_mulm (tmp1, tmp1, big_y, n_sq);
1099 if (0 == gcry_mpi_cmp (t2, tmp1))
1110 gcry_mpi_release (n);
1111 gcry_mpi_release (n_sq);
1112 gcry_mpi_release (z);
1113 gcry_mpi_release (t1);
1114 gcry_mpi_release (t2);
1115 gcry_mpi_release (e);
1116 gcry_mpi_release (w);
1117 gcry_mpi_release (tmp1);
1118 gcry_mpi_release (tmp2);
1119 gcry_mpi_release (y);
1120 gcry_mpi_release (big_y);
1166 gcry_mpi_mul (n_sq, n, n);
1167 gcry_mpi_add_ui (G, n, 1);
1173 while (gcry_mpi_cmp (
u, n) >= 0);
1175 gcry_mpi_powm (t1, G, v, n_sq);
1176 gcry_mpi_powm (t2,
u, n, n_sq);
1177 gcry_mpi_mulm (Y, t1, t2, n_sq);
1184 gcry_mpi_randomize (r, 2048, GCRY_WEAK_RANDOM);
1189 while (gcry_mpi_cmp (s, n) >= 0);
1194 gcry_mpi_powm (z, G, r, n_sq);
1195 gcry_mpi_powm (w, s, n, n_sq);
1196 gcry_mpi_mulm (t2, z, w, n_sq);
1217 gcry_mpi_mul (z, e, v);
1220 gcry_mpi_powm (w,
u, e, n);
1221 gcry_mpi_mulm (w, w, s, n);
1231 gcry_mpi_release (n);
1232 gcry_mpi_release (r);
1233 gcry_mpi_release (s);
1234 gcry_mpi_release (t1);
1235 gcry_mpi_release (t2);
1236 gcry_mpi_release (z);
1237 gcry_mpi_release (w);
1238 gcry_mpi_release (e);
1239 gcry_mpi_release (n_sq);
1240 gcry_mpi_release (
u);
1241 gcry_mpi_release (Y);
1242 gcry_mpi_release (G);
1243 gcry_mpi_release (
h);
1263 unsigned char *last_pos;
1264 size_t element_size;
1283 element->
size = element_size;
1284 element->
data = (
void *) &element[1];
1286 d = (
void *) element->
data;
1291 pos = (
void *) &
d[1];
1292 last_pos = pos + element_size;
1302 ptrdiff_t remaining = last_pos - pos;
1306 memset (fe, 0,
sizeof *fe);
1309 gcry_mpi_set_ui (idx, i + 1);
1326 ptrdiff_t remaining = last_pos - pos;
1338 d->purpose.size = htonl (element_size - offsetof (
struct
1350 gcry_mpi_release (v);
1351 gcry_mpi_release (idx);
1362 gcry_mpi_t exp_coeff;
1366 pos = (
void *) &
d[1];
1388 pos = (
void *) &
d[1];
1401 gcry_mpi_t exp_preshare;
1408 return exp_preshare;
1419 size_t expected_element_size;
1423 gcry_mpi_t public_key_share;
1424 gcry_mpi_t preshare;
1428 if (NULL == element)
1441 if (element->
size != expected_element_size)
1444 "keygen round2 data with wrong size (%u) in consensus, %u expected\n",
1445 (
unsigned int) element->
size,
1446 (
unsigned int) expected_element_size);
1450 d = (
const void *) element->
data;
1457 "keygen commit data with wrong peer identity (%s) in consensus\n",
1465 "ignoring round2 element from peer with invalid round1 element (%s)\n",
1473 "ignoring duplicate round2 element (%s)\n",
1480 if (ntohl (
d->purpose.size) !=
1485 "keygen reveal data with wrong signature purpose size in consensus\n");
1491 &
d->purpose, &
d->signature,
1492 &
d->peer.public_key))
1495 "keygen reveal data with invalid signature in consensus\n");
1510 gcry_mpi_release (public_key_share);
1511 public_key_share = NULL;
1519 paillier_public_key,
1533 cmp_result = gcry_mpi_cmp (tmp,
info->preshare_commitment);
1534 gcry_mpi_release (tmp);
1536 if (0 != cmp_result)
1539 "P%u: Got invalid presecret from P%u\n",
1553 gcry_mpi_t presigma;
1561 gcry_mpi_release (presigma);
1571 gcry_mpi_t exp_preshare;
1572 gcry_mpi_set_ui (prod, 1);
1578 gcry_mpi_set_ui (j_to_k, (
unsigned int) pow (j + 1, k));
1580 gcry_mpi_powm (tmp_exp, tmp_exp, j_to_k,
elgamal_p);
1581 gcry_mpi_mulm (prod, prod, tmp_exp,
elgamal_p);
1582 gcry_mpi_release (tmp_exp);
1585 gcry_mpi_mod (exp_preshare, exp_preshare,
elgamal_p);
1586 cmp_result_tmp = gcry_mpi_cmp (prod, exp_preshare);
1587 gcry_mpi_release (exp_preshare);
1588 exp_preshare = NULL;
1589 if (0 != cmp_result_tmp)
1592 "P%u: reveal data from P%u incorrect\n",
1607 "P%u: reveal data from P%u incorrect (fair encryption)\n",
1615 gcry_mpi_release (preshare);
1616 gcry_mpi_release (prod);
1617 gcry_mpi_release (j_to_k);
1666 d = (
void *) &element[1];
1668 element->
size =
sizeof *
d;
1684 d->purpose.size = htonl ((
sizeof *
d) - offsetof (
struct
1695 gcry_mpi_release (v);
1713 if (ntohs (
msg->header.
size) -
sizeof(*
msg) !=
1738 "client requested key generation\n");
1759 "first round of consensus with %u peers\n",
1775 for (
unsigned int i = 0; i < ks->
num_peers; i++)
1783 "P%u: Generated paillier key pair\n",
1787 "P%u: Generated presecret polynomial\n",
1791 "P%u: Concluding for round 1\n",
1798 "P%u: Waiting for round 1 elements ...\n",
1812 gcry_mpi_t lagrange;
1817 unsigned int *indices;
1823 ds->consensus = NULL;
1831 for (i = 0; i <
ds->share->num_peers; i++)
1832 if (NULL !=
ds->info[i].partial_decryption)
1838 for (i = 0; i <
ds->share->num_peers; i++)
1839 if (NULL !=
ds->info[i].partial_decryption)
1840 indices[j++] =
ds->info[i].original_index;
1843 "P%u: decrypt conclude, with %u peers\n",
1847 gcry_mpi_set_ui (prod, 1);
1848 for (i = 0; i < num; i++)
1851 "P%u: index of %u: %u\n",
1852 ds->share->my_peer, i, indices[i]);
1855 gcry_mpi_powm (tmp,
ds->info[indices[i]].partial_decryption, lagrange,
1859 gcry_mpi_mulm (prod, prod, tmp,
elgamal_p);
1871 msg->success = htonl (1);
1879 gcry_mpi_release (lagrange);
1880 gcry_mpi_release (
m);
1881 gcry_mpi_release (tmp);
1882 gcry_mpi_release (prod);
1883 gcry_mpi_release (c_2);
1901 GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, mpi));
1902 return (
char *) buf;
1921 gcry_mpi_t challenge;
1938 if (NULL == element)
1945 if (element->
size !=
sizeof *
d)
1948 "element of wrong size in decrypt consensus\n");
1959 "decrypt element from invalid peer (%s)\n",
1964 if (NULL !=
info->partial_decryption)
1973 "P%u: got decrypt element with non-matching ciphertext from P%u\n",
1984 ciphertext) + (
char *)
d,
2027 gcry_mpi_powm (tmp2, sigma, challenge,
elgamal_p);
2028 gcry_mpi_mulm (tmp2, tmp2, commit1,
elgamal_p);
2030 if (0 != gcry_mpi_cmp (tmp1, tmp2))
2038 "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n",
2040 (
unsigned int) (
info - session->
info),
2051 gcry_mpi_powm (tmp2, w, challenge,
elgamal_p);
2052 gcry_mpi_mulm (tmp2, tmp2, commit2,
elgamal_p);
2055 if (0 != gcry_mpi_cmp (tmp1, tmp2))
2058 "P%u: Received invalid partial decryption from P%u (eqn 2)\n",
2060 (
unsigned int) (
info - session->
info));
2066 &
d->partial_decryption,
2069 gcry_mpi_release (tmp1);
2070 gcry_mpi_release (tmp2);
2071 gcry_mpi_release (sigma);
2072 gcry_mpi_release (commit1);
2073 gcry_mpi_release (commit2);
2074 gcry_mpi_release (r);
2075 gcry_mpi_release (w);
2076 gcry_mpi_release (challenge);
2077 gcry_mpi_release (c1);
2095 gcry_mpi_t challenge;
2100 memset (&
d, 0,
sizeof d);
2103 ds->share->my_peer);
2112 &
ds->share->sigmas[
ds->share->my_peer],
2121 if (0 != gcry_mpi_cmp (tmp, sigma))
2127 "Share of P%u is invalid, ref sigma %s, "
2128 "computed sigma %s, s %s\n",
2130 sigma_str, tmp_str, s_str);
2138 element.
data = (
void *) &
d;
2142 d.ciphertext =
ds->ciphertext;
2179 gcry_mpi_mulm (tmp, challenge, s,
elgamal_q);
2185 d.purpose.size = htonl (element.
size - offsetof (
struct
2197 "P%u: Inserting decrypt element done!\n",
2198 ds->share->my_peer);
2200 gcry_mpi_release (s);
2201 gcry_mpi_release (w);
2202 gcry_mpi_release (c1);
2203 gcry_mpi_release (
beta);
2204 gcry_mpi_release (tmp);
2205 gcry_mpi_release (challenge);
2206 gcry_mpi_release (sigma);
2254 ds->ciphertext =
msg->ciphertext;
2260 if (NULL ==
ds->share)
2272 ds->share->num_peers,
2283 for (
unsigned int i = 0; i <
ds->share->num_peers; i++)
2285 ds->info[i].peer =
ds->share->peers[i];
2286 ds->info[i].original_index =
ds->share->original_indices[i];
2294 "decrypting with %u peers\n",
2295 ds->share->num_peers);
2331 "could not access host private key\n");
2342 "could not retrieve host identity\n");
struct GNUNET_MQ_Handle * mq
struct GNUNET_MessageHeader * msg
static mp_limb_t d[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static mp_limb_t u[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
static int start
Set if we are to start default services (including ARM).
static int end
Set if we are to shutdown all services (including ARM).
static void cleanup(void *cls)
Disconnect and shutdown.
static char * res
Currently read line or NULL on EOF.
static struct GNUNET_FS_DirScanner * ds
Handle to the directory scanner (for recursive insertions).
static int result
Global testing status.
static struct GNUNET_SERVICE_Handle * service
Handle to our service instance.
static float beta
Percentage of total peer number in the view to send random PULLs to.
static int check_client_decrypt(void *cls, const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
Check that msg is well-formed.
static void keygen_round2_new_element(void *cls, const struct GNUNET_SET_Element *element)
static void keygen_session_destroy(struct KeygenSession *ks)
static void restore_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t x, gcry_mpi_t xres)
static void horner_eval(gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t x, gcry_mpi_t m)
Evaluate the polynomial with coefficients coeff at x.
static struct DecryptPeerInfo * get_decrypt_peer_info(const struct DecryptSession *ds, const struct GNUNET_PeerIdentity *peer)
Get the peer info belonging to a peer identity in a decrypt session.
static void insert_decrypt_element(struct DecryptSession *ds)
static void keygen_round1_conclude(void *cls)
Called when the first consensus round has concluded.
static void decrypt_conclude(void *cls)
Called when the partial decryption consensus concludes.
static void handle_client_keygen(void *cls, const struct GNUNET_SECRETSHARING_CreateMessage *msg)
Functions with this signature are called whenever a message is received.
static int check_client_keygen(void *cls, const struct GNUNET_SECRETSHARING_CreateMessage *msg)
Check that msg is well-formed.
static void insert_round2_element(struct KeygenSession *ks)
Insert round 2 element in the consensus, consisting of (1) The exponentiated pre-share polynomial coe...
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_peer_private_key
Peer that runs this service.
static gcry_mpi_t elgamal_q
The ElGamal prime field order as libgcrypt mpi.
GNUNET_SERVICE_MAIN("secretsharing", GNUNET_SERVICE_OPTION_NONE, &run, &client_connect_cb, &client_disconnect_cb, NULL, GNUNET_MQ_hd_var_size(client_keygen, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, struct GNUNET_SECRETSHARING_CreateMessage, NULL), GNUNET_MQ_hd_var_size(client_decrypt, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, struct GNUNET_SECRETSHARING_DecryptRequestMessage, NULL), GNUNET_MQ_handler_end())
Define "main" method using service macro.
static void handle_client_decrypt(void *cls, const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
Functions with this signature are called whenever a message is received.
static void keygen_info_destroy(struct KeygenPeerInfo *info)
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration of this service.
static int peer_id_cmp(const void *p1, const void *p2)
Compare two peer identities.
static struct GNUNET_PeerIdentity * normalize_peers(struct GNUNET_PeerIdentity *listed, unsigned int num_listed, unsigned int *num_normalized, unsigned int *my_peer_idx)
Normalize the given list of peers, by including the local peer (if it is missing) and sorting the pee...
static struct GNUNET_TIME_Absolute time_between(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end, int num, int denum)
Interpolate between two points in time.
static void cleanup_task(void *cls)
Task run during shutdown.
static int peer_find(const struct GNUNET_PeerIdentity *haystack, unsigned int n, const struct GNUNET_PeerIdentity *needle)
Get the index of a peer in an array of peers.
static void generate_presecret_polynomial(struct KeygenSession *ks)
Generate the random coefficients of our pre-secret polynomial.
static gcry_mpi_t keygen_reveal_get_exp_coeff(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
static struct KeygenPeerInfo * get_keygen_peer_info(const struct KeygenSession *ks, const struct GNUNET_PeerIdentity *peer)
Get the peer info belonging to a peer identity in a keygen session.
static void decrypt_new_element(void *cls, const struct GNUNET_SET_Element *element)
Called when a new partial decryption arrives.
static void run(void *cls, const struct GNUNET_CONFIGURATION_Handle *c, struct GNUNET_SERVICE_Handle *service)
Initialize secretsharing service.
static gcry_mpi_t elgamal_g
Generator for prime field of order 'elgamal_q'.
static gcry_mpi_t elgamal_p
Modulus of the prime field used for ElGamal.
static void insert_round1_element(struct KeygenSession *ks)
Insert the ephemeral key and the presecret commitment of this peer in the consensus of the given sess...
static gcry_mpi_t keygen_reveal_get_exp_preshare(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
static void compute_lagrange_coefficient(gcry_mpi_t coeff, unsigned int j, unsigned int *indices, unsigned int num)
Get a the j-th lagrange coefficient for a set of indices.
static void decrypt_session_destroy(struct DecryptSession *ds)
Destroy a decrypt session, removing it from the linked list of decrypt sessions.
static void * client_connect_cb(void *cls, struct GNUNET_SERVICE_Client *c, struct GNUNET_MQ_Handle *mq)
Callback called when a client connects to the service.
static void client_disconnect_cb(void *cls, struct GNUNET_SERVICE_Client *c, void *internal_cls)
Callback called when a client disconnected from the service.
static void init_crypto_constants(void)
static void keygen_round1_new_element(void *cls, const struct GNUNET_SET_Element *element)
Consensus element handler for round one.
static char * mpi_to_str(gcry_mpi_t mpi)
Get a string representation of an MPI.
static struct GNUNET_SECRETSHARING_FairEncryption * keygen_reveal_get_enc_preshare(struct KeygenSession *ks, const struct GNUNET_SECRETSHARING_KeygenRevealData *d, unsigned int idx)
static void encrypt_fair(gcry_mpi_t v, const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, struct GNUNET_SECRETSHARING_FairEncryption *fe)
Create a fair Paillier encryption of then given ciphertext.
static void keygen_round2_conclude(void *cls)
static struct GNUNET_PeerIdentity my_peer
Peer that runs this service.
static int verify_fair(const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe)
static void get_fair_encryption_challenge(const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t *e)
static struct GNUNET_SCHEDULER_Task * t
Main task.
Multi-peer set reconciliation.
static unsigned int num_peers
Number of peers.
Functions related to time.
void GNUNET_CONSENSUS_destroy(struct GNUNET_CONSENSUS_Handle *consensus)
Destroy a consensus handle (free all state associated with it, no longer call any of the callbacks).
void GNUNET_CONSENSUS_insert(struct GNUNET_CONSENSUS_Handle *consensus, const struct GNUNET_SET_Element *element, GNUNET_CONSENSUS_InsertDoneCallback idc, void *idc_cls)
Insert an element in the set being reconsiled.
struct GNUNET_CONSENSUS_Handle * GNUNET_CONSENSUS_create(const struct GNUNET_CONFIGURATION_Handle *cfg, unsigned int num_peers, const struct GNUNET_PeerIdentity *peers, const struct GNUNET_HashCode *session_id, struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute deadline, GNUNET_CONSENSUS_ElementCallback new_element_cb, void *new_element_cls)
Create a consensus session.
void GNUNET_CONSENSUS_conclude(struct GNUNET_CONSENSUS_Handle *consensus, GNUNET_CONSENSUS_ConcludeCallback conclude, void *conclude_cls)
We are done with inserting new elements into the consensus; try to conclude the consensus within a gi...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity(const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
Retrieve the identity of the host's peer.
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer's key from the file specified in the configuration.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
#define GNUNET_log(kind,...)
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
void GNUNET_CRYPTO_paillier_create(struct GNUNET_CRYPTO_PaillierPublicKey *public_key, struct GNUNET_CRYPTO_PaillierPrivateKey *private_key)
Create a freshly generated paillier public key.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
void GNUNET_CRYPTO_paillier_decrypt(const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, gcry_mpi_t m)
Decrypt a paillier ciphertext with a private key.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format.
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_DEBUG
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_new_array(n, type)
Allocate a size n array with structs or unions of the given type.
#define GNUNET_free(ptr)
Wrapper around free.
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct.
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY
The cryptosystem has been established.
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT
Request the decryption of a ciphertext.
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE
The service succeeded in decrypting a ciphertext.
#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE
Establish a new session.
void GNUNET_SCHEDULER_shutdown(void)
Request the shutdown of a scheduler.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_shutdown(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run on shutdown, that is when a CTRL-C signal is received,...
#define GNUNET_SECRETSHARING_ELGAMAL_BITS
Number of bits for secretsharing elements.
void GNUNET_SECRETSHARING_share_destroy(struct GNUNET_SECRETSHARING_Share *share)
struct GNUNET_SECRETSHARING_Share * GNUNET_SECRETSHARING_share_read(const void *data, size_t len, size_t *readlen)
Read a share from its binary representation.
#define GNUNET_SECRETSHARING_ELGAMAL_P_HEX
The q-parameter for ElGamal encryption, a 1024-bit safe prime.
#define GNUNET_SECRETSHARING_ELGAMAL_Q_HEX
The q-parameter for ElGamal encryption, a 1023-bit Sophie Germain prime, q = (p-1)/2.
#define GNUNET_SECRETSHARING_ELGAMAL_G_HEX
The g-parameter for ElGamal encryption, a generator of the unique size q subgroup of Z_p^*.
int GNUNET_SECRETSHARING_share_write(const struct GNUNET_SECRETSHARING_Share *share, void *buf, size_t buflen, size_t *writelen)
Convert a share to its binary representation.
void GNUNET_SERVICE_client_drop(struct GNUNET_SERVICE_Client *c)
Ask the server to disconnect from the given client.
void GNUNET_SERVICE_client_continue(struct GNUNET_SERVICE_Client *c)
Continue receiving further messages from the given client.
@ GNUNET_SERVICE_OPTION_NONE
Use defaults.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh(struct GNUNET_TIME_AbsoluteNBO a)
Convert absolute time from network byte order.
messages used for the secretsharing api
p2p message definitions for secretsharing
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2
Signature for the second round of distributed key generation.
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1
Signature for the first round of distributed key generation.
#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION
Signature for the cooperative decryption.
State we keep per client.
struct GNUNET_MQ_Handle * mq
MQ to talk to client.
struct KeygenSession * keygen_session
Keygen session of the client, if any.
struct GNUNET_SERVICE_Client * client
Client this is about.
struct DecryptSession * decrypt_session
Decrypt session of the client, if any.
Information about a peer in a decrypt session.
unsigned int original_index
Original index in the key generation round.
struct GNUNET_PeerIdentity peer
Identity of the peer.
gcry_mpi_t partial_decryption
Set to the partial decryption of this peer, or NULL if we did not receive a partial decryption from t...
Session to cooperatively decrypt a value.
struct GNUNET_TIME_Absolute start
When should we start communicating for decryption?
struct DecryptPeerInfo * info
State information about other peers.
struct GNUNET_SECRETSHARING_Share * share
Share of the local peer.
struct ClientState * cs
Which client is this for?
struct GNUNET_TIME_Absolute deadline
When would we like the ciphertext to be decrypted?
struct GNUNET_CONSENSUS_Handle * consensus
Handle to the consensus over partial decryptions.
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
Private ECC key encoded for transmission.
unsigned char bits[2048 *2/8]
The bits of the ciphertext.
Handle to a message queue.
The identity of the host (wraps the signing key of the peer).
uint32_t c1_bits[1024/8/sizeof(uint32_t)]
Data of then element put in consensus for decrypting a value.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
struct GNUNET_SECRETSHARING_Ciphertext ciphertext
Ciphertext we want to decrypt.
struct GNUNET_SECRETSHARING_FieldElement nizk_response
Response to the challenge computed from the protocol transcript.
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
char z[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
char w[GNUNET_CRYPTO_PAILLIER_BITS/8]
struct GNUNET_CRYPTO_PaillierCiphertext c
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS/8]
h = g^x, where x is the fairly encrypted secret.
char t2[GNUNET_CRYPTO_PAILLIER_BITS *2/8]
Consensus element data used in the first round of key generation.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Signature purpose for signing the keygen commit data.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Notify the client that then threshold secret has been established.
A share, with all values in in host byte order.
uint16_t num_peers
Peers that have the share.
struct GNUNET_SECRETSHARING_FieldElement my_share
Share of 'my_peer'.
struct GNUNET_SECRETSHARING_PublicKey public_key
Public key.
struct GNUNET_PeerIdentity * peers
Peer identities (includes 'my_peer')
uint16_t my_peer
Index of our peer in the list.
struct GNUNET_SECRETSHARING_FieldElement * sigmas
uint16_t * original_indices
Handle to a client that is connected to a service.
uint16_t size
Number of bytes in the buffer pointed to by data.
const void * data
Actual data of the element.
uint16_t element_type
Application-specific element type.
Time for absolute times used by GNUnet, in microseconds.
Info about a peer in a key generation session.
int round1_valid
Did we successfully receive the round1 element of the peer?
int round2_valid
Did we successfully receive the round2 element of the peer?
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key
The peer's paillier public key.
gcry_mpi_t sigma
Sigma (exponentiated share) for this peer.
gcry_mpi_t preshare_commitment
Commitment to the preshare that is intended for our peer.
gcry_mpi_t presecret_commitment
The peer's commitment to its presecret.
struct GNUNET_PeerIdentity peer
Peer identity of the peer.
Session to establish a threshold-shared secret.
struct GNUNET_TIME_Absolute deadline
When would we like the key to be established?
struct ClientState * cs
Which client is this for?
gcry_mpi_t my_share
Share of our peer.
gcry_mpi_t public_key
Public key, will be updated when a round2 element arrives.
unsigned int local_peer
Index of the local peer.
struct GNUNET_TIME_Absolute start_time
When does the DKG start? Necessary to compute fractions of the operation's desired time interval.
struct GNUNET_CONSENSUS_Handle * consensus
Current consensus, used for both DKG rounds.
gcry_mpi_t * presecret_polynomial
Randomly generated coefficients of the polynomial for sharing our pre-secret, where 'preshares[0]' is...
struct GNUNET_PeerIdentity * peers
List of all peers involved in the secret sharing session.
struct GNUNET_CRYPTO_PaillierPrivateKey paillier_private_key
Paillier private key of our peer.
unsigned int num_peers
Total number of peers.
struct KeygenPeerInfo * info
Information about all participating peers.
unsigned int local_peer_idx
Index of the local peer in the ordered list of peers in the session.
unsigned int threshold
Minimum number of shares required to restore the secret.
struct GNUNET_HashCode session_id
Identifier for this session.