aboutsummaryrefslogtreecommitdiff
path: root/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto.c')
-rw-r--r--crypto.c203
1 files changed, 161 insertions, 42 deletions
diff --git a/crypto.c b/crypto.c
index edd51ad..eb7e944 100644
--- a/crypto.c
+++ b/crypto.c
@@ -455,18 +455,11 @@ gcry_mpi_point_t **
smc_init2 (uint16_t size1, uint16_t size2)
{
gcry_mpi_point_t **ret;
- gcry_mpi_point_t *data;
- if (NULL == (ret = calloc (size1, sizeof (*ret) + size2 * sizeof (**ret))))
- {
- weprintf ("could not alloc memory for 2 dimensional point array");
- return NULL;
- }
+ ret = GNUNET_new_array_2d (size1, size2, gcry_mpi_point_t);
- data = (gcry_mpi_point_t *)&ret[size1];
for (uint16_t i = 0; i < size1; i++)
{
- ret[i] = &data[i * size2];
for (uint16_t j = 0; j < size2; j++)
{
if (NULL == (ret[i][j] = gcry_mpi_point_new (0)))
@@ -523,25 +516,13 @@ gcry_mpi_point_t ***
smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3)
{
gcry_mpi_point_t ***ret;
- gcry_mpi_point_t **layer1;
- gcry_mpi_point_t *layer2;
- if (NULL == (ret = calloc (size1, sizeof (*ret) +
- size2 * sizeof (**ret) +
- size2 * size3 * sizeof (***ret))))
- {
- weprintf ("could not alloc memory for 3 dimensional point array");
- return NULL;
- }
+ ret = GNUNET_new_array_3d (size1, size2, size3, gcry_mpi_point_t);
- layer1 = (gcry_mpi_point_t **)&ret[size1];
- layer2 = (gcry_mpi_point_t *)&layer1[size1 * size2];
for (uint16_t i = 0; i < size1; i++)
{
- ret[i] = &layer1[i * size2];
for (uint16_t j = 0; j < size2; j++)
{
- layer1[i * size2 + j] = &layer2[(i * size2 + j) * size3];
for (uint16_t k = 0; k < size3; k++)
{
if (NULL == (ret[i][j][k] = gcry_mpi_point_new (0)))
@@ -1476,6 +1457,12 @@ fp_priv_prep_decryption (struct BRANDT_Auction *ad)
ad->phi3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->phi3);
+ ad->phiproofs3 = GNUNET_new_array_3d (ad->n,
+ ad->n,
+ ad->k,
+ struct proof_2dle);
+ brandt_assert (ad->phiproofs3);
+
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
@@ -1494,17 +1481,8 @@ fp_priv_prep_decryption (struct BRANDT_Auction *ad)
}
-/**
- * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them
- * into a message buffer together with proofs of correctnes.
- *
- * @param[in] ad Pointer to the BRANDT_Auction struct to operate on
- * @param[out] buflen Size of the returned message buffer in bytes
- * @return A buffer containing the own share of the decrypted outcome
- * which needs to be broadcast
- */
-unsigned char *
-fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
+static unsigned char *
+fp_priv_decrypt_outcome_seller (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
@@ -1513,7 +1491,51 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
struct ec_mpi *phi;
struct proof_2dle *proof2;
- brandt_assert (ad && buflen);
+ *buflen = (sizeof (*head) +
+ (ad->n - 1) * ad->n * ad->k * (sizeof (*phi) +
+ sizeof (*proof2)));
+ ret = GNUNET_new_array (*buflen, unsigned char);
+
+ head = (struct msg_head *)ret;
+ head->prot_version = htonl (0);
+ head->msg_type = htonl (msg_decrypt);
+ cur = ret + sizeof (*head);
+
+ for (uint16_t h = 0; h < ad->n; h++)
+ {
+ for (uint16_t i = 0; i < ad->n; i++)
+ {
+ /* don't reveal outcome to losing bidders */
+ if (h == i)
+ continue;
+
+ for (uint16_t j = 0; j < ad->k; j++)
+ {
+ phi = (struct ec_mpi *)cur;
+ proof2 = (struct proof_2dle *)(cur + sizeof (*phi));
+
+ ec_point_serialize (phi, ad->phi3[h][i][j]);
+ memcpy (proof2, &ad->phiproofs3[h][i][j], sizeof (*proof2));
+
+ cur += sizeof (*phi) + sizeof (*proof2);
+ }
+ }
+ }
+
+ gcry_mpi_point_release (tmp);
+ return ret;
+}
+
+
+static unsigned char *
+fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen)
+{
+ unsigned char *ret;
+ unsigned char *cur;
+ struct msg_head *head;
+ gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
+ struct ec_mpi *phi;
+ struct proof_2dle *proof2;
*buflen = (sizeof (*head) +
ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2)));
@@ -1552,22 +1574,42 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
}
-int
-fp_priv_recv_decryption (struct BRANDT_Auction *ad,
- const unsigned char *buf,
- size_t buflen,
- uint16_t sender)
+/**
+ * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them
+ * into a message buffer together with proofs of correctnes. When this is called
+ * as the seller it will not decrypt anything, but just create the message
+ * buffer from all received decryption shares to broadcast back to all bidders.
+ *
+ * @param[in] ad Pointer to the BRANDT_Auction struct to operate on
+ * @param[out] buflen Size of the returned message buffer in bytes
+ * @return A buffer containing the share of the decrypted outcome
+ * which needs to be broadcast
+ */
+unsigned char *
+fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
+{
+ brandt_assert (ad && buflen);
+ if (ad->seller_mode)
+ return fp_priv_decrypt_outcome_seller (ad, buflen);
+ else
+ return fp_priv_decrypt_outcome_bidder (ad, buflen);
+}
+
+
+static int
+fp_priv_recv_decryption_seller (struct BRANDT_Auction *ad,
+ const unsigned char *buf,
+ size_t buflen,
+ uint16_t sender)
{
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
- brandt_assert (ad && buf);
-
if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{
- weprintf ("wrong size of received outcome decryption");
+ weprintf ("wrong size of received outcome decryption from bidder");
goto quit;
}
@@ -1583,9 +1625,13 @@ fp_priv_recv_decryption (struct BRANDT_Auction *ad,
ec_gen,
proof2))
{
- weprintf ("wrong zkp2 for phi, y received");
+ weprintf ("wrong zkp2 for phi, y received from bidder");
goto quit;
}
+
+ /* store proof. we need to rebroadcast it to the other bidders */
+ memcpy (&ad->phiproofs3[sender][i][j], proof2, sizeof (*proof2));
+
ec_point_copy (ad->phi3[sender][i][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
@@ -1598,6 +1644,79 @@ quit:
}
+static int
+fp_priv_recv_decryption_bidder (struct BRANDT_Auction *ad,
+ const unsigned char *buf,
+ size_t buflen,
+ uint16_t sender)
+{
+ int ret = 0;
+ const unsigned char *cur = buf;
+ struct proof_2dle *proof2;
+ gcry_mpi_point_t phi = gcry_mpi_point_new (0);
+
+ if (buflen != ((ad->n - 1) * ad->n * ad->k * (sizeof (struct ec_mpi) +
+ sizeof (*proof2))))
+ {
+ weprintf ("wrong size of received outcome decryption from seller");
+ goto quit;
+ }
+
+ for (uint16_t h = 0; h < ad->n; h++)
+ {
+ for (uint16_t i = 0; i < ad->n; i++)
+ {
+ /* those combinations are not sent by the seller */
+ if (h == i)
+ continue;
+
+ /* we already have our own phi values */
+ if (h == ad->i)
+ {
+ cur += ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2));
+ continue;
+ }
+
+ for (uint16_t j = 0; j < ad->k; j++)
+ {
+ ec_point_parse (phi, (struct ec_mpi *)cur);
+ proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi));
+ if (smc_zkp_2dle_check (phi,
+ ad->y[h],
+ ad->phi3[h][i][j],
+ ec_gen,
+ proof2))
+ {
+ weprintf ("wrong zkp2 for phi, y received from seller");
+ goto quit;
+ }
+ ec_point_copy (ad->phi3[h][i][j], phi);
+ cur += sizeof (struct ec_mpi) + sizeof (*proof2);
+ }
+ }
+ }
+
+ ret = 1;
+quit:
+ gcry_mpi_point_release (phi);
+ return ret;
+}
+
+
+int
+fp_priv_recv_decryption (struct BRANDT_Auction *ad,
+ const unsigned char *buf,
+ size_t buflen,
+ uint16_t sender)
+{
+ brandt_assert (ad && buf);
+ if (ad->seller_mode)
+ return fp_priv_recv_decryption_seller (ad, buf, buflen, sender);
+ else
+ return fp_priv_recv_decryption_bidder (ad, buf, buflen, sender);
+}
+
+
struct BRANDT_Result *fp_priv_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len)
{
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-11 21:17:27 +0000