/*
This file is part of GNUnet.
- (C) 2013 Christian Grothoff (and other contributing authors)
+ Copyright (C) 2013 GNUnet e.V.
- GNUnet is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 3, or (at your
- option) any later version.
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
GNUnet is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Affero General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with GNUnet; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ SPDX-License-Identifier: AGPL3.0-or-later
*/
/**
struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key;
/**
- * The peer's commitment to his presecret.
+ * The peer's commitment to its presecret.
*/
gcry_mpi_t presecret_commitment;
};
+/**
+ * State we keep per client.
+ */
+struct ClientState;
+
+
/**
* Session to establish a threshold-shared secret.
*/
struct KeygenSession
{
- /**
- * Keygen sessions are held in a linked list.
- */
- struct KeygenSession *next;
-
- /**
- * Keygen sessions are held in a linked list.
- */
- struct KeygenSession *prev;
/**
* Current consensus, used for both DKG rounds.
struct GNUNET_CONSENSUS_Handle *consensus;
/**
- * Client that is interested in the result
- * of this key generation session.
+ * Which client is this for?
*/
- struct GNUNET_SERVER_Client *client;
-
- /**
- * Message queue for 'client'
- */
- struct GNUNET_MQ_Handle *client_mq;
+ struct ClientState *cs;
/**
* Randomly generated coefficients of the polynomial for sharing our
*/
struct DecryptSession
{
- /**
- * Decrypt sessions are stored in a linked list.
- */
- struct DecryptSession *next;
-
- /**
- * Decrypt sessions are stored in a linked list.
- */
- struct DecryptSession *prev;
/**
* Handle to the consensus over partial decryptions.
struct GNUNET_CONSENSUS_Handle *consensus;
/**
- * Client connected to us.
- */
- struct GNUNET_SERVER_Client *client;
-
- /**
- * Message queue for 'client'.
+ * Which client is this for?
*/
- struct GNUNET_MQ_Handle *client_mq;
+ struct ClientState *cs;
/**
* When should we start communicating for decryption?
/**
- * Decrypt sessions are held in a linked list.
+ * State we keep per client.
*/
-static struct DecryptSession *decrypt_sessions_head;
+struct ClientState
+{
+ /**
+ * Decrypt session of the client, if any.
+ */
+ struct DecryptSession *decrypt_session;
-/**
- * Decrypt sessions are held in a linked list.
- */
-static struct DecryptSession *decrypt_sessions_tail;
+ /**
+ * Keygen session of the client, if any.
+ */
+ struct KeygenSession *keygen_session;
-/**
- * Decrypt sessions are held in a linked list.
- */
-static struct KeygenSession *keygen_sessions_head;
+ /**
+ * Client this is about.
+ */
+ struct GNUNET_SERVICE_Client *client;
+
+ /**
+ * MQ to talk to @a client.
+ */
+ struct GNUNET_MQ_Handle *mq;
+
+};
-/**
- * Decrypt sessions are held in a linked list.
- */
-static struct KeygenSession *keygen_sessions_tail;
/**
* The ElGamal prime field order as libgcrypt mpi.
*/
static const struct GNUNET_CONFIGURATION_Handle *cfg;
-/**
- * Server for this service.
- */
-static struct GNUNET_SERVER_Handle *srv;
-
/**
* Get the peer info belonging to a peer identity in a keygen session.
{
unsigned int i;
for (i = 0; i < ks->num_peers; i++)
- if (0 == memcmp (peer, &ks->info[i].peer, sizeof (struct GNUNET_PeerIdentity)))
+ if (0 == GNUNET_memcmp (peer, &ks->info[i].peer))
return &ks->info[i];
return NULL;
}
{
unsigned int i;
for (i = 0; i < ds->share->num_peers; i++)
- if (0 == memcmp (peer, &ds->info[i].peer, sizeof (struct GNUNET_PeerIdentity)))
+ if (0 == GNUNET_memcmp (peer, &ds->info[i].peer))
return &ds->info[i];
return NULL;
}
static int
peer_id_cmp (const void *p1, const void *p2)
{
- return memcmp (p1, p2, sizeof (struct GNUNET_PeerIdentity));
+ return memcmp (p1,
+ p2,
+ sizeof (struct GNUNET_PeerIdentity));
}
const struct GNUNET_PeerIdentity *needle)
{
unsigned int i;
+
for (i = 0; i < n; i++)
- if (0 == memcmp (&haystack[i], needle, sizeof (struct GNUNET_PeerIdentity)))
+ if (0 == GNUNET_memcmp (&haystack[i],
+ needle))
return i;
return -1;
}
n += 1;
}
- normalized = GNUNET_new_array (n, struct GNUNET_PeerIdentity);
+ normalized = GNUNET_new_array (n,
+ struct GNUNET_PeerIdentity);
if (GNUNET_NO == local_peer_in_list)
normalized[n - 1] = my_peer;
- memcpy (normalized, listed, num_listed * sizeof (struct GNUNET_PeerIdentity));
- qsort (normalized, n, sizeof (struct GNUNET_PeerIdentity), &peer_id_cmp);
+ GNUNET_memcpy (normalized,
+ listed,
+ num_listed * sizeof (struct GNUNET_PeerIdentity));
+ qsort (normalized,
+ n,
+ sizeof (struct GNUNET_PeerIdentity),
+ &peer_id_cmp);
if (NULL != my_peer_idx)
*my_peer_idx = peer_find (normalized, n, &my_peer);
static void
decrypt_session_destroy (struct DecryptSession *ds)
{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "destroying decrypt session\n");
-
- GNUNET_CONTAINER_DLL_remove (decrypt_sessions_head, decrypt_sessions_tail, ds);
-
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "destroying decrypt session\n");
+ if (NULL != ds->cs)
+ {
+ ds->cs->decrypt_session = NULL;
+ ds->cs = NULL;
+ }
if (NULL != ds->consensus)
{
GNUNET_CONSENSUS_destroy (ds->consensus);
if (NULL != ds->info)
{
- unsigned int i;
- for (i = 0; i < ds->share->num_peers; i++)
+ for (unsigned int i = 0; i < ds->share->num_peers; i++)
{
if (NULL != ds->info[i].partial_decryption)
{
GNUNET_free (ds->info);
ds->info = NULL;
}
-
if (NULL != ds->share)
{
GNUNET_SECRETSHARING_share_destroy (ds->share);
ds->share = NULL;
}
- if (NULL != ds->client_mq)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "destroying decrypt MQ\n");
- GNUNET_MQ_destroy (ds->client_mq);
- ds->client_mq = NULL;
- }
-
- if (NULL != ds->client)
- {
- GNUNET_SERVER_client_disconnect (ds->client);
- ds->client = NULL;
- }
-
GNUNET_free (ds);
}
+
static void
keygen_info_destroy (struct KeygenPeerInfo *info)
{
if (NULL != info->preshare_commitment)
{
gcry_mpi_release (info->preshare_commitment);
- info->presecret_commitment = NULL;
+ info->preshare_commitment = NULL;
}
}
static void
keygen_session_destroy (struct KeygenSession *ks)
{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "destroying keygen session\n");
-
- GNUNET_CONTAINER_DLL_remove (keygen_sessions_head, keygen_sessions_tail, ks);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "destroying keygen session\n");
+ if (NULL != ks->cs)
+ {
+ ks->cs->keygen_session = NULL;
+ ks->cs = NULL;
+ }
if (NULL != ks->info)
{
- unsigned int i;
- for (i = 0; i < ks->num_peers; i++)
+ for (unsigned int i = 0; i < ks->num_peers; i++)
keygen_info_destroy (&ks->info[i]);
GNUNET_free (ks->info);
ks->info = NULL;
if (NULL != ks->presecret_polynomial)
{
- unsigned int i;
- for (i = 0; i < ks->threshold; i++)
+ for (unsigned int i = 0; i < ks->threshold; i++)
{
GNUNET_assert (NULL != ks->presecret_polynomial[i]);
gcry_mpi_release (ks->presecret_polynomial[i]);
GNUNET_free (ks->presecret_polynomial);
ks->presecret_polynomial = NULL;
}
-
- if (NULL != ks->client_mq)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "destroying keygen MQ\n");
- GNUNET_MQ_destroy (ks->client_mq);
- ks->client_mq = NULL;
- }
-
if (NULL != ks->my_share)
{
gcry_mpi_release (ks->my_share);
ks->my_share = NULL;
}
-
if (NULL != ks->public_key)
{
gcry_mpi_release (ks->public_key);
ks->public_key = NULL;
}
-
if (NULL != ks->peers)
{
GNUNET_free (ks->peers);
ks->peers = NULL;
}
-
- if (NULL != ks->client)
- {
- GNUNET_SERVER_client_disconnect (ks->client);
- ks->client = NULL;
- }
-
GNUNET_free (ks);
}
* @param tc unused
*/
static void
-cleanup_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
+cleanup_task (void *cls)
{
- while (NULL != decrypt_sessions_head)
- decrypt_session_destroy (decrypt_sessions_head);
-
- while (NULL != keygen_sessions_head)
- keygen_session_destroy (keygen_sessions_head);
+ /* Nothing to do! */
}
gcry_mpi_t v;
GNUNET_assert (NULL == ks->presecret_polynomial);
- ks->presecret_polynomial = GNUNET_new_array (ks->threshold, gcry_mpi_t);
+ ks->presecret_polynomial = GNUNET_new_array (ks->threshold,
+ gcry_mpi_t);
for (i = 0; i < ks->threshold; i++)
{
v = ks->presecret_polynomial[i] = gcry_mpi_new (GNUNET_SECRETSHARING_ELGAMAL_BITS);
GNUNET_assert (NULL != v);
// Randomize v such that 0 < v < elgamal_q.
// The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
- do
+ do
{
gcry_mpi_randomize (v, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
} while ((gcry_mpi_cmp_ui (v, 0) == 0) || (gcry_mpi_cmp (v, elgamal_q) >= 0));
if (element->size != sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "keygen commit data with wrong size (%u) in consensus, "
- " %u expected\n",
- element->size, sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData));
+ "keygen commit data with wrong size (%u) in consensus, %u expected\n",
+ (unsigned int) element->size,
+ (unsigned int) sizeof (struct GNUNET_SECRETSHARING_KeygenCommitData));
return;
}
if (GNUNET_YES == ks->info[i].round2_valid)
share->num_peers++;
- share->peers = GNUNET_new_array (share->num_peers, struct GNUNET_PeerIdentity);
+ share->peers = GNUNET_new_array (share->num_peers,
+ struct GNUNET_PeerIdentity);
share->sigmas =
- GNUNET_new_array (share->num_peers, struct GNUNET_SECRETSHARING_FieldElement);
- share->original_indices = GNUNET_new_array (share->num_peers, uint16_t);
+ GNUNET_new_array (share->num_peers,
+ struct GNUNET_SECRETSHARING_FieldElement);
+ share->original_indices = GNUNET_new_array (share->num_peers,
+ uint16_t);
/* maybe we're not even in the list of peers? */
share->my_peer = share->num_peers;
GNUNET_SECRETSHARING_ELGAMAL_BITS / 8,
ks->info[i].sigma);
share->original_indices[i] = j;
- if (0 == memcmp (&share->peers[i], &my_peer, sizeof (struct GNUNET_PeerIdentity)))
+ if (0 == GNUNET_memcmp (&share->peers[i], &my_peer))
share->my_peer = j;
j += 1;
}
GNUNET_SECRETSHARING_share_destroy (share);
share = NULL;
- GNUNET_MQ_send (ks->client_mq, ev);
+ GNUNET_MQ_send (ks->cs->mq,
+ ev);
}
GNUNET_assert (NULL != (big_b = gcry_mpi_new (0)));
// a = (N,0)^T
- GNUNET_CRYPTO_mpi_scan_unsigned (&a_1, ppub, sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
+ GNUNET_CRYPTO_mpi_scan_unsigned (&a_1,
+ ppub,
+ sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
GNUNET_assert (NULL != (a_2 = gcry_mpi_new (0)));
gcry_mpi_set_ui (a_2, 0);
// b = (x,1)^T
gcry_mpi_set (big_b, big_t);
}
- {
- gcry_mpi_t paillier_n;
-
- GNUNET_CRYPTO_mpi_scan_unsigned (&paillier_n, ppub, sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
-
- gcry_mpi_set (xres, b_2);
- gcry_mpi_invm (xres, xres, elgamal_q);
- gcry_mpi_mulm (xres, xres, b_1, elgamal_q);
- }
-
- // FIXME: cleanup!
+ gcry_mpi_set (xres, b_2);
+ gcry_mpi_invm (xres, xres, elgamal_q);
+ gcry_mpi_mulm (xres, xres, b_1, elgamal_q);
+
+ gcry_mpi_release (a_1);
+ gcry_mpi_release (a_2);
+ gcry_mpi_release (b_1);
+ gcry_mpi_release (b_2);
+ gcry_mpi_release (big_a);
+ gcry_mpi_release (big_b);
+ gcry_mpi_release (big_t);
+ gcry_mpi_release (n);
+ gcry_mpi_release (t_1);
+ gcry_mpi_release (t_2);
+ gcry_mpi_release (t);
+ gcry_mpi_release (r);
+ gcry_mpi_release (v);
}
static void
-get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption *fe, gcry_mpi_t e)
+get_fair_encryption_challenge (const struct GNUNET_SECRETSHARING_FairEncryption *fe,
+ gcry_mpi_t *e)
{
struct {
struct GNUNET_CRYPTO_PaillierCiphertext c;
} hash_data;
struct GNUNET_HashCode e_hash;
- memcpy (&hash_data.c, &fe->c, sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
- memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
- memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
- memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
-
- GNUNET_CRYPTO_mpi_scan_unsigned (&e, &e_hash, sizeof (struct GNUNET_HashCode));
- gcry_mpi_mod (e, e, elgamal_q);
+ memset (&hash_data,
+ 0,
+ sizeof (hash_data));
+ GNUNET_memcpy (&hash_data.c, &fe->c, sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
+ GNUNET_memcpy (&hash_data.h, &fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
+ GNUNET_memcpy (&hash_data.t1, &fe->t1, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
+ GNUNET_memcpy (&hash_data.t2, &fe->t2, GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8);
+ GNUNET_CRYPTO_hash (&hash_data,
+ sizeof (hash_data),
+ &e_hash);
+ /* This allocates "e" */
+ GNUNET_CRYPTO_mpi_scan_unsigned (e,
+ &e_hash,
+ sizeof (struct GNUNET_HashCode));
+ gcry_mpi_mod (*e, *e, elgamal_q);
}
static int
-verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, const struct GNUNET_SECRETSHARING_FairEncryption *fe)
+verify_fair (const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
+ const struct GNUNET_SECRETSHARING_FairEncryption *fe)
{
gcry_mpi_t n;
gcry_mpi_t n_sq;
gcry_mpi_t tmp2;
gcry_mpi_t y;
gcry_mpi_t big_y;
+ int res;
GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
GNUNET_assert (NULL != (tmp1 = gcry_mpi_new (0)));
GNUNET_assert (NULL != (tmp2 = gcry_mpi_new (0)));
- GNUNET_assert (NULL != (e = gcry_mpi_new (0)));
- get_fair_encryption_challenge (fe, e);
+ get_fair_encryption_challenge (fe,
+ &e /* this allocates e */);
- GNUNET_CRYPTO_mpi_scan_unsigned (&n, ppub, sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
+ GNUNET_CRYPTO_mpi_scan_unsigned (&n,
+ ppub,
+ sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
GNUNET_CRYPTO_mpi_scan_unsigned (&t1, fe->t1, GNUNET_CRYPTO_PAILLIER_BITS / 8);
GNUNET_CRYPTO_mpi_scan_unsigned (&z, fe->z, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
GNUNET_CRYPTO_mpi_scan_unsigned (&y, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
if (0 == gcry_mpi_cmp (t1, tmp1))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t1)\n");
- return GNUNET_NO;
+ res = GNUNET_NO;
+ goto cleanup;
}
gcry_mpi_powm (big_y, big_y, e, n_sq);
if (0 == gcry_mpi_cmp (t2, tmp1))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "fair encryption invalid (t2)\n");
- return GNUNET_NO;
+ res = GNUNET_NO;
+ goto cleanup;
}
- return GNUNET_YES;
+ res = GNUNET_YES;
+
+cleanup:
+
+ gcry_mpi_release (n);
+ gcry_mpi_release (n_sq);
+ gcry_mpi_release (z);
+ gcry_mpi_release (t1);
+ gcry_mpi_release (t2);
+ gcry_mpi_release (e);
+ gcry_mpi_release (w);
+ gcry_mpi_release (tmp1);
+ gcry_mpi_release (tmp2);
+ gcry_mpi_release (y);
+ gcry_mpi_release (big_y);
+ return res;
}
* @param[out] fe the fair encryption
*/
static void
-encrypt_fair (gcry_mpi_t v, const struct GNUNET_CRYPTO_PaillierPublicKey *ppub, struct GNUNET_SECRETSHARING_FairEncryption *fe)
+encrypt_fair (gcry_mpi_t v,
+ const struct GNUNET_CRYPTO_PaillierPublicKey *ppub,
+ struct GNUNET_SECRETSHARING_FairEncryption *fe)
{
gcry_mpi_t r;
gcry_mpi_t s;
gcry_mpi_t Y;
gcry_mpi_t G;
gcry_mpi_t h;
+
GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
GNUNET_assert (NULL != (s = gcry_mpi_new (0)));
GNUNET_assert (NULL != (t1 = gcry_mpi_new (0)));
GNUNET_assert (NULL != (z = gcry_mpi_new (0)));
GNUNET_assert (NULL != (w = gcry_mpi_new (0)));
GNUNET_assert (NULL != (n_sq = gcry_mpi_new (0)));
- GNUNET_assert (NULL != (e = gcry_mpi_new (0)));
GNUNET_assert (NULL != (u = gcry_mpi_new (0)));
GNUNET_assert (NULL != (Y = gcry_mpi_new (0)));
GNUNET_assert (NULL != (G = gcry_mpi_new (0)));
GNUNET_assert (NULL != (h = gcry_mpi_new (0)));
- GNUNET_CRYPTO_mpi_scan_unsigned (&n, ppub, sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
+ GNUNET_CRYPTO_mpi_scan_unsigned (&n,
+ ppub,
+ sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
gcry_mpi_mul (n_sq, n, n);
gcry_mpi_add_ui (G, n, 1);
GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8,
t2);
-
- get_fair_encryption_challenge (fe, e);
+ get_fair_encryption_challenge (fe,
+ &e /* This allocates "e" */);
// compute z
gcry_mpi_mul (z, e, v);
d->purpose.size = htonl (element_size - offsetof (struct GNUNET_SECRETSHARING_KeygenRevealData, purpose));
d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2);
- GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, &d->purpose, &d->signature);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
+ &d->purpose,
+ &d->signature));
GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */
const struct GNUNET_SECRETSHARING_KeygenRevealData *d,
unsigned int idx)
{
- unsigned char *pos;
gcry_mpi_t exp_preshare;
struct GNUNET_SECRETSHARING_FairEncryption *fe;
GNUNET_assert (idx < ks->num_peers);
-
fe = keygen_reveal_get_enc_preshare (ks, d, idx);
- pos += GNUNET_SECRETSHARING_ELGAMAL_BITS / 8 * idx;
GNUNET_CRYPTO_mpi_scan_unsigned (&exp_preshare, fe->h, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8);
return exp_preshare;
}
-
static void
keygen_round2_new_element (void *cls,
const struct GNUNET_SET_Element *element)
if (element->size != expected_element_size)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "keygen round2 data with wrong size (%u) in consensus, "
- " %u expected\n",
- element->size, expected_element_size);
+ "keygen round2 data with wrong size (%u) in consensus, %u expected\n",
+ (unsigned int) element->size,
+ (unsigned int) expected_element_size);
return;
}
gcry_mpi_set_ui (ks->public_key, 1);
}
gcry_mpi_mulm (ks->public_key, ks->public_key, public_key_share, elgamal_p);
-
+
gcry_mpi_release (public_key_share);
public_key_share = NULL;
{
struct GNUNET_SECRETSHARING_FairEncryption *fe = keygen_reveal_get_enc_preshare (ks, d, ks->local_peer_idx);
- gcry_mpi_t resx;
GNUNET_assert (NULL != (preshare = gcry_mpi_new (0)));
GNUNET_CRYPTO_paillier_decrypt (&ks->paillier_private_key,
&ks->info[ks->local_peer_idx].paillier_public_key,
&fe->c,
preshare);
- GNUNET_assert (NULL != (resx = gcry_mpi_new (0)));
-
// FIXME: not doing the restoration is less expensive
-
- restore_fair (&ks->info[ks->local_peer_idx].paillier_public_key, fe, preshare, preshare);
-
- //if (gcry_mpi_cmp (resx, preshare) != 0)
- //{
- // GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "fair encryption restore failed\n");
- // return;
- //}
+ restore_fair (&ks->info[ks->local_peer_idx].paillier_public_key,
+ fe,
+ preshare,
+ preshare);
}
GNUNET_assert (NULL != (tmp = gcry_mpi_new (0)));
// Using pow(double,double) is a bit sketchy.
// We count players from 1, but shares from 0.
gcry_mpi_t tmp;
- gcry_mpi_set_ui (j_to_k, (unsigned int) pow(j+1, k));
+ gcry_mpi_set_ui (j_to_k, (unsigned int) pow(j+1, k));
tmp = keygen_reveal_get_exp_coeff (ks, d, k);
gcry_mpi_powm (tmp, tmp, j_to_k, elgamal_p);
gcry_mpi_mulm (prod, prod, tmp, elgamal_p);
}
}
-
+
info->round2_valid = GNUNET_YES;
gcry_mpi_release (preshare);
d->purpose.size = htonl ((sizeof *d) - offsetof (struct GNUNET_SECRETSHARING_KeygenCommitData, purpose));
d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1);
- GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, &d->purpose, &d->signature));
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
+ &d->purpose,
+ &d->signature));
GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
}
+/**
+ * Check that @a msg is well-formed.
+ *
+ * @param cls identification of the client
+ * @param msg the actual message
+ * @return #GNUNET_OK if @a msg is well-formed
+ */
+static int
+check_client_keygen (void *cls,
+ const struct GNUNET_SECRETSHARING_CreateMessage *msg)
+{
+ unsigned int num_peers = ntohs (msg->num_peers);
+
+ if (ntohs (msg->header.size) - sizeof (*msg) !=
+ num_peers * sizeof (struct GNUNET_PeerIdentity))
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+
/**
* Functions with this signature are called whenever a message is
* received.
*
- * @param cls closure
- * @param client identification of the client
- * @param message the actual message
+ * @param cls identification of the client
+ * @param msg the actual message
*/
-static void handle_client_keygen (void *cls,
- struct GNUNET_SERVER_Client *client,
- const struct GNUNET_MessageHeader
- *message)
+static void
+handle_client_keygen (void *cls,
+ const struct GNUNET_SECRETSHARING_CreateMessage *msg)
{
- const struct GNUNET_SECRETSHARING_CreateMessage *msg =
- (const struct GNUNET_SECRETSHARING_CreateMessage *) message;
+ struct ClientState *cs = cls;
struct KeygenSession *ks;
- unsigned int i;
-
- GNUNET_log (GNUNET_ERROR_TYPE_INFO, "client requested key generation\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "client requested key generation\n");
+ if (NULL != cs->keygen_session)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (cs->client);
+ return;
+ }
ks = GNUNET_new (struct KeygenSession);
-
- /* FIXME: check if client already has some session */
-
- GNUNET_CONTAINER_DLL_insert (keygen_sessions_head, keygen_sessions_tail, ks);
-
- ks->client = client;
- ks->client_mq = GNUNET_MQ_queue_for_server_client (client);
-
+ ks->cs = cs;
+ cs->keygen_session = ks;
ks->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline);
ks->threshold = ntohs (msg->threshold);
ks->num_peers = ntohs (msg->num_peers);
- ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1], ks->num_peers,
- &ks->num_peers, &ks->local_peer_idx);
+ ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1],
+ ks->num_peers,
+ &ks->num_peers,
+ &ks->local_peer_idx);
- GNUNET_log (GNUNET_ERROR_TYPE_INFO, "first round of consensus with %u peers\n", ks->num_peers);
- ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &msg->session_id,
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "first round of consensus with %u peers\n",
+ ks->num_peers);
+ ks->consensus = GNUNET_CONSENSUS_create (cfg,
+ ks->num_peers,
+ ks->peers,
+ &msg->session_id,
GNUNET_TIME_absolute_ntoh (msg->start),
GNUNET_TIME_absolute_ntoh (msg->deadline),
- keygen_round1_new_element, ks);
+ keygen_round1_new_element,
+ ks);
- ks->info = GNUNET_new_array (ks->num_peers, struct KeygenPeerInfo);
+ ks->info = GNUNET_new_array (ks->num_peers,
+ struct KeygenPeerInfo);
- for (i = 0; i < ks->num_peers; i++)
+ for (unsigned int i = 0; i < ks->num_peers; i++)
ks->info[i].peer = ks->peers[i];
GNUNET_CRYPTO_paillier_create (&ks->info[ks->local_peer_idx].paillier_public_key,
&ks->paillier_private_key);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Generated paillier key pair\n", ks->local_peer_idx);
-
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "P%u: Generated paillier key pair\n",
+ ks->local_peer_idx);
generate_presecret_polynomial (ks);
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Generated presecret polynomial\n", ks->local_peer_idx);
-
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "P%u: Generated presecret polynomial\n",
+ ks->local_peer_idx);
insert_round1_element (ks);
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Concluding for round 1\n", ks->local_peer_idx);
-
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "P%u: Concluding for round 1\n",
+ ks->local_peer_idx);
GNUNET_CONSENSUS_conclude (ks->consensus,
keygen_round1_conclude,
ks);
-
- GNUNET_SERVER_receive_done (client, GNUNET_OK);
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Waiting for round 1 elements ...\n", ks->local_peer_idx);
+ GNUNET_SERVICE_client_continue (cs->client);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "P%u: Waiting for round 1 elements ...\n",
+ ks->local_peer_idx);
}
if (NULL != ds->info[i].partial_decryption)
num++;
- indices = GNUNET_malloc (num * sizeof (unsigned int));
+ indices = GNUNET_new_array (num,
+ unsigned int);
j = 0;
for (i = 0; i < ds->share->num_peers; i++)
if (NULL != ds->info[i].partial_decryption)
indices[j++] = ds->info[i].original_index;
- GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: decrypt conclude, with %u peers\n",
- ds->share->my_peer, num);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "P%u: decrypt conclude, with %u peers\n",
+ ds->share->my_peer,
+ num);
gcry_mpi_set_ui (prod, 1);
for (i = 0; i < num; i++)
{
- GNUNET_log (GNUNET_ERROR_TYPE_INFO, "P%u: index of %u: %u\n",
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "P%u: index of %u: %u\n",
ds->share->my_peer, i, indices[i]);
compute_lagrange_coefficient (lagrange, indices[i], indices, num);
// w_i^{\lambda_i}
ev = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE);
GNUNET_CRYPTO_mpi_print_unsigned (&msg->plaintext, GNUNET_SECRETSHARING_ELGAMAL_BITS / 8, m);
msg->success = htonl (1);
- GNUNET_MQ_send (ds->client_mq, ev);
+ GNUNET_MQ_send (ds->cs->mq,
+ ev);
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "sent decrypt done to client\n");
d = element->data;
info = get_decrypt_peer_info (session, &d->peer);
-
+
if (NULL == info)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element from invalid peer (%s)\n",
if (NULL != info->partial_decryption)
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n",
- GNUNET_i2s (&d->peer));
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decrypt element duplicate\n");
return;
}
- if (0 != memcmp (&d->ciphertext, &session->ciphertext, sizeof (struct GNUNET_SECRETSHARING_Ciphertext)))
+ if (0 != GNUNET_memcmp (&d->ciphertext, &session->ciphertext))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: got decrypt element with non-matching ciphertext from P%u\n",
(unsigned int) session->share->my_peer, (unsigned int) (info - session->info));
GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *) d,
- offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) -
+ offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) -
offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext),
&challenge_hash);
{
char *tmp1_str;
char *tmp2_str;
+
tmp1_str = mpi_to_str (tmp1);
tmp2_str = mpi_to_str (tmp2);
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n",
- session->share->my_peer, info - session->info, tmp1_str, tmp2_str);
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "P%u: Received invalid partial decryption from P%u (eqn 1), expected %s got %s\n",
+ session->share->my_peer,
+ (unsigned int) (info - session->info),
+ tmp1_str,
+ tmp2_str);
GNUNET_free (tmp1_str);
GNUNET_free (tmp2_str);
goto cleanup;
if (0 != gcry_mpi_cmp (tmp1, tmp2))
{
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "P%u: Received invalid partial decryption from P%u (eqn 2)\n",
- session->share->my_peer, info - session->info);
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "P%u: Received invalid partial decryption from P%u (eqn 2)\n",
+ session->share->my_peer,
+ (unsigned int) (info - session->info));
goto cleanup;
}
element.data = (void *) &d;
element.size = sizeof (struct GNUNET_SECRETSHARING_DecryptData);
- element.type = 0;
+ element.element_type = 0;
d.ciphertext = ds->ciphertext;
d.peer = my_peer;
// create the zero knowledge proof
// randomly choose beta such that 0 < beta < q
- do
+ do
{
gcry_mpi_randomize (beta, GNUNET_SECRETSHARING_ELGAMAL_BITS - 1, GCRY_WEAK_RANDOM);
} while ((gcry_mpi_cmp_ui (beta, 0) == 0) || (gcry_mpi_cmp (beta, elgamal_q) >= 0));
// the challenge is the hash of everything up to the response
GNUNET_CRYPTO_hash (offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext) + (char *) &d,
- offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) -
+ offsetof (struct GNUNET_SECRETSHARING_DecryptData, nizk_response) -
offsetof (struct GNUNET_SECRETSHARING_DecryptData, ciphertext),
&challenge_hash);
d.purpose.size = htonl (element.size - offsetof (struct GNUNET_SECRETSHARING_DecryptData, purpose));
d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION);
-
- GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, &d.purpose, &d.signature);
+
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
+ &d.purpose,
+ &d.signature));
GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "P%u: Inserting decrypt element done!\n",
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "P%u: Inserting decrypt element done!\n",
ds->share->my_peer);
gcry_mpi_release (s);
}
+/**
+ * Check that @a msg is well-formed.
+ *
+ * @param cls identification of the client
+ * @param msg the actual message
+ * @return #GNUNET_OK (check deferred a bit)
+ */
+static int
+check_client_decrypt (void *cls,
+ const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
+{
+ /* we check later, it's complicated */
+ return GNUNET_OK;
+}
+
+
/**
* Functions with this signature are called whenever a message is
* received.
*
- * @param cls closure
- * @param client identification of the client
- * @param message the actual message
+ * @param cls identification of the client
+ * @param msg the actual message
*/
-static void handle_client_decrypt (void *cls,
- struct GNUNET_SERVER_Client *client,
- const struct GNUNET_MessageHeader
- *message)
+static void
+handle_client_decrypt (void *cls,
+ const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg)
{
- const struct GNUNET_SECRETSHARING_DecryptRequestMessage *msg =
- (const void *) message;
+ struct ClientState *cs = cls;
struct DecryptSession *ds;
struct GNUNET_HashCode session_id;
- unsigned int i;
+ if (NULL != cs->decrypt_session)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (cs->client);
+ return;
+ }
ds = GNUNET_new (struct DecryptSession);
- // FIXME: check if session already exists
- GNUNET_CONTAINER_DLL_insert (decrypt_sessions_head, decrypt_sessions_tail, ds);
- ds->client = client;
- ds->client_mq = GNUNET_MQ_queue_for_server_client (client);
+ cs->decrypt_session = ds;
+ ds->cs = cs;
ds->start = GNUNET_TIME_absolute_ntoh (msg->start);
ds->deadline = GNUNET_TIME_absolute_ntoh (msg->deadline);
ds->ciphertext = msg->ciphertext;
- ds->share = GNUNET_SECRETSHARING_share_read (&msg[1], ntohs (msg->header.size) - sizeof *msg, NULL);
- // FIXME: probably should be break rather than assert
- GNUNET_assert (NULL != ds->share);
-
- // FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ...
- GNUNET_CRYPTO_hash (&msg->ciphertext, sizeof (struct GNUNET_SECRETSHARING_Ciphertext), &session_id);
+ ds->share = GNUNET_SECRETSHARING_share_read (&msg[1],
+ ntohs (msg->header.size) - sizeof (*msg),
+ NULL);
+ if (NULL == ds->share)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (cs->client);
+ return;
+ }
+ /* FIXME: this is probably sufficient, but kdf/hash with all values would be nicer ... */
+ GNUNET_CRYPTO_hash (&msg->ciphertext,
+ sizeof (struct GNUNET_SECRETSHARING_Ciphertext),
+ &session_id);
ds->consensus = GNUNET_CONSENSUS_create (cfg,
ds->share->num_peers,
ds->share->peers,
ds);
- ds->info = GNUNET_new_array (ds->share->num_peers, struct DecryptPeerInfo);
- for (i = 0; i < ds->share->num_peers; i++)
+ ds->info = GNUNET_new_array (ds->share->num_peers,
+ struct DecryptPeerInfo);
+ for (unsigned int i = 0; i < ds->share->num_peers; i++)
{
ds->info[i].peer = ds->share->peers[i];
ds->info[i].original_index = ds->share->original_indices[i];
}
-
insert_decrypt_element (ds);
-
- GNUNET_CONSENSUS_conclude (ds->consensus, decrypt_conclude, ds);
-
- GNUNET_SERVER_receive_done (client, GNUNET_OK);
-
- GNUNET_log (GNUNET_ERROR_TYPE_INFO, "decrypting with %u peers\n",
+ GNUNET_CONSENSUS_conclude (ds->consensus,
+ decrypt_conclude,
+ ds);
+ GNUNET_SERVICE_client_continue (cs->client);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "decrypting with %u peers\n",
ds->share->num_peers);
}
}
-static struct KeygenSession *
-keygen_session_get (struct GNUNET_SERVER_Client *client)
-{
- struct KeygenSession *ks;
- for (ks = keygen_sessions_head; NULL != ks; ks = ks->next)
- if (ks->client == client)
- return ks;
- return NULL;
-}
-
-static struct DecryptSession *
-decrypt_session_get (struct GNUNET_SERVER_Client *client)
-{
- struct DecryptSession *ds;
- for (ds = decrypt_sessions_head; NULL != ds; ds = ds->next)
- if (ds->client == client)
- return ds;
- return NULL;
-}
-
-
-/**
- * Clean up after a client has disconnected
- *
- * @param cls closure, unused
- * @param client the client to clean up after
- */
-static void
-handle_client_disconnect (void *cls, struct GNUNET_SERVER_Client *client)
-{
- struct KeygenSession *ks;
- struct DecryptSession *ds;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "handling client disconnect\n");
-
- ks = keygen_session_get (client);
- if (NULL != ks)
- keygen_session_destroy (ks);
-
- ds = decrypt_session_get (client);
- if (NULL != ds)
- decrypt_session_destroy (ds);
-}
-
-
/**
- * Process template requests.
+ * Initialize secretsharing service.
*
* @param cls closure
- * @param server the initialized server
* @param c configuration to use
+ * @param service the initialized service
*/
static void
-run (void *cls, struct GNUNET_SERVER_Handle *server,
- const struct GNUNET_CONFIGURATION_Handle *c)
+run (void *cls,
+ const struct GNUNET_CONFIGURATION_Handle *c,
+ struct GNUNET_SERVICE_Handle *service)
{
- static const struct GNUNET_SERVER_MessageHandler handlers[] = {
- {handle_client_keygen, NULL, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE, 0},
- {handle_client_decrypt, NULL, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT, 0},
- {NULL, NULL, 0, 0}
- };
cfg = c;
- srv = server;
my_peer_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (c);
if (NULL == my_peer_private_key)
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "could not access host private key\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "could not access host private key\n");
GNUNET_break (0);
GNUNET_SCHEDULER_shutdown ();
return;
}
init_crypto_constants ();
- if (GNUNET_OK != GNUNET_CRYPTO_get_peer_identity (cfg, &my_peer))
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_get_peer_identity (cfg,
+ &my_peer))
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "could not retrieve host identity\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "could not retrieve host identity\n");
GNUNET_break (0);
GNUNET_SCHEDULER_shutdown ();
return;
}
- GNUNET_SERVER_add_handlers (server, handlers);
- GNUNET_SERVER_disconnect_notify (server, &handle_client_disconnect, NULL);
- GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup_task,
- NULL);
+ GNUNET_SCHEDULER_add_shutdown (&cleanup_task,
+ NULL);
+}
+
+
+/**
+ * Callback called when a client connects to the service.
+ *
+ * @param cls closure for the service
+ * @param c the new client that connected to the service
+ * @param mq the message queue used to send messages to the client
+ * @return @a c
+ */
+static void *
+client_connect_cb (void *cls,
+ struct GNUNET_SERVICE_Client *c,
+ struct GNUNET_MQ_Handle *mq)
+{
+ struct ClientState *cs = GNUNET_new (struct ClientState);;
+
+ cs->client = c;
+ cs->mq = mq;
+ return cs;
}
/**
- * The main function for the template service.
+ * Callback called when a client disconnected from the service
*
- * @param argc number of arguments from the command line
- * @param argv command line arguments
- * @return 0 ok, 1 on error
+ * @param cls closure for the service
+ * @param c the client that disconnected
+ * @param internal_cls should be equal to @a c
*/
-int
-main (int argc, char *const *argv)
+static void
+client_disconnect_cb (void *cls,
+ struct GNUNET_SERVICE_Client *c,
+ void *internal_cls)
{
- return (GNUNET_OK ==
- GNUNET_SERVICE_run (argc, argv, "secretsharing",
- GNUNET_SERVICE_OPTION_NONE, &run, NULL)) ? 0 : 1;
+ struct ClientState *cs = internal_cls;
+
+ if (NULL != cs->keygen_session)
+ keygen_session_destroy (cs->keygen_session);
+
+ if (NULL != cs->decrypt_session)
+ decrypt_session_destroy (cs->decrypt_session);
+ GNUNET_free (cs);
}
+
+/**
+ * Define "main" method using service macro.
+ */
+GNUNET_SERVICE_MAIN
+("secretsharing",
+ GNUNET_SERVICE_OPTION_NONE,
+ &run,
+ &client_connect_cb,
+ &client_disconnect_cb,
+ NULL,
+ GNUNET_MQ_hd_var_size (client_keygen,
+ GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE,
+ struct GNUNET_SECRETSHARING_CreateMessage,
+ NULL),
+ GNUNET_MQ_hd_var_size (client_decrypt,
+ GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT,
+ struct GNUNET_SECRETSHARING_DecryptRequestMessage,
+ NULL),
+ GNUNET_MQ_handler_end ());
projects / oweals / gnunet.git / blobdiff