oec/libbrandt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add prologue and round1 including tests

Browse Source
This commit is contained in:
Markus Teich 2016-06-22 14:22:52 +02:00
parent 2c63da0ed1
commit a49b2facee
4 changed files with 359 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

329
crypto.c
View File

@ -372,35 +372,6 @@ ec_point_parse (gcry_mpi_point_t dst, const struct ec_mpi *src)
} }
/**
* smc_init2 creates a 2 dimensional array of curve points
*
* @param[in] size1 size of the first dimension
* @param[in] size2 size of the second dimension
* @return a pointer to the array. If not used anymore use smc_free2 to reclaim
* the memory.
*/
static gcry_mpi_point_t **
smc_init2 (uint16_t size1, uint16_t size2)
{
uint16_t i, j;
gcry_mpi_point_t **ret;
gcry_mpi_point_t *data;
ret = calloc (size1, sizeof (*ret) + size2 * sizeof (**ret));
brandt_assert (NULL != ret);
data = (gcry_mpi_point_t *)&ret[size1];
for (i = 0; i < size1; i++)
{
ret[i] = &data[i * size2];
for (j = 0; j < size2; j++)
ret[i][j] = gcry_mpi_point_new (0);
}
return ret;
}
/** /**
* smc_free2 releases all points in @a dst and frees the memory * smc_free2 releases all points in @a dst and frees the memory
* *
@ -413,45 +384,51 @@ smc_free2 (gcry_mpi_point_t **dst, uint16_t size1, uint16_t size2)
{ {
uint16_t i, j; uint16_t i, j;
if (NULL == dst)
return;
for (i = 0; i < size1; i++) for (i = 0; i < size1; i++)
for (j = 0; j < size2; j++) for (j = 0; j < size2; j++)
if (NULL != dst[i][j])
gcry_mpi_point_release (dst[i][j]); gcry_mpi_point_release (dst[i][j]);
free (dst); free (dst);
} }
/** /**
* smc_init3 creates a 3 dimensional array of curve points * smc_init2 creates a 2 dimensional array of curve points
* *
* @param[in] size1 size of the first dimension * @param[in] size1 size of the first dimension
* @param[in] size2 size of the second dimension * @param[in] size2 size of the second dimension
* @param[in] size3 size of the third dimension * @return a pointer to the array or NULL on error.
* @return a pointer to the array. If not used anymore use smc_free3 to reclaim * If not used anymore use smc_free2 to reclaim the memory.
* the memory.
*/ */
static gcry_mpi_point_t *** static gcry_mpi_point_t **
smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3) smc_init2 (uint16_t size1, uint16_t size2)
{ {
uint16_t i, j, k; uint16_t i, j;
gcry_mpi_point_t ***ret; gcry_mpi_point_t **ret;
gcry_mpi_point_t **layer1; gcry_mpi_point_t *data;
gcry_mpi_point_t *layer2;
ret = calloc (size1, sizeof (*ret) + if (NULL == (ret = calloc (size1, sizeof (*ret) + size2 * sizeof (**ret))))
size2 * sizeof (**ret) + {
size2 * size3 * sizeof (***ret)); weprintf ("could not alloc memory for 2 dimensional point array");
brandt_assert (NULL != ret); return NULL;
}
layer1 = (gcry_mpi_point_t **)&ret[size1]; data = (gcry_mpi_point_t *)&ret[size1];
layer2 = (gcry_mpi_point_t *)&layer1[size1 * size2];
for (i = 0; i < size1; i++) for (i = 0; i < size1; i++)
{ {
ret[i] = &layer1[i * size2]; ret[i] = &data[i * size2];
for (j = 0; j < size2; j++) for (j = 0; j < size2; j++)
{ {
layer1[i * size2 + j] = &layer2[(i * size2 + j) * size3]; if (NULL == (ret[i][j] = gcry_mpi_point_new (0)))
for (k = 0; k < size3; k++) {
ret[i][j][k] = gcry_mpi_point_new (0); weprintf ("could not init point in 2 dimensional array. "
"out of memory?");
smc_free2 (ret, size1, size2);
return NULL;
}
} }
} }
return ret; return ret;
@ -474,14 +451,67 @@ smc_free3 (gcry_mpi_point_t ***dst,
{ {
uint16_t i, j, k; uint16_t i, j, k;
if (NULL == dst)
return;
for (i = 0; i < size1; i++) for (i = 0; i < size1; i++)
for (j = 0; j < size2; j++) for (j = 0; j < size2; j++)
for (k = 0; k < size3; k++) for (k = 0; k < size3; k++)
if (NULL != dst[i][j][k])
gcry_mpi_point_release (dst[i][j][k]); gcry_mpi_point_release (dst[i][j][k]);
free (dst); free (dst);
} }
/**
* smc_init3 creates a 3 dimensional array of curve points
*
* @param[in] size1 size of the first dimension
* @param[in] size2 size of the second dimension
* @param[in] size3 size of the third dimension
* @return a pointer to the array or NULL on error.
* If not used anymore use smc_free3 to reclaim the memory.
*/
static gcry_mpi_point_t ***
smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3)
{
uint16_t i, j, k;
gcry_mpi_point_t ***ret;
gcry_mpi_point_t **layer1;
gcry_mpi_point_t *layer2;
if (NULL == (ret = calloc (size1, sizeof (*ret) +
size2 * sizeof (**ret) +
size2 * size3 * sizeof (***ret))))
{
weprintf ("could not alloc memory for 3 dimensional point array");
return NULL;
}
layer1 = (gcry_mpi_point_t **)&ret[size1];
layer2 = (gcry_mpi_point_t *)&layer1[size1 * size2];
for (i = 0; i < size1; i++)
{
ret[i] = &layer1[i * size2];
for (j = 0; j < size2; j++)
{
layer1[i * size2 + j] = &layer2[(i * size2 + j) * size3];
for (k = 0; k < size3; k++)
{
if (NULL == (ret[i][j][k] = gcry_mpi_point_new (0)))
{
weprintf ("could not init point in 2 dimensional array. "
"out of memory?");
smc_free3 (ret, size1, size2, size3);
return NULL;
}
}
}
}
return ret;
}
/** /**
* smc_sums_partial calculates sums up until the current index and stores them * smc_sums_partial calculates sums up until the current index and stores them
* in @a out. \f$\forall i \leq len: out_i=\sum_{h=1}^iin_h\f$ * in @a out. \f$\forall i \leq len: out_i=\sum_{h=1}^iin_h\f$
@ -532,34 +562,70 @@ smc_sum (gcry_mpi_point_t out, gcry_mpi_point_t in[], uint16_t len)
* public multiplicative key share * public multiplicative key share
* *
* @param[in,out] ad Pointer to the AuctionData struct to operate on * @param[in,out] ad Pointer to the AuctionData struct to operate on
* @param[out] proof Pointer to where the proof of knowledge should be saved. * @param[out] buflen \todo
* Must be allocated memory with apropriate size for one proof struct. * @return \todo
*/ */
void unsigned char *
smc_gen_keyshare (struct AuctionData *ad, struct proof_dl *proof) smc_gen_keyshare (struct AuctionData *ad, size_t *buflen)
{ {
uint16_t i; uint16_t i;
unsigned char *ret;
struct proof_dl *proof1;
ad->y = calloc (ad->n, sizeof (*ad->y)); brandt_assert (ad && buflen);
*buflen = (sizeof (struct ec_mpi) + sizeof (*proof1));
if (NULL == (ret = calloc (1, *buflen)) ||
NULL == (ad->y = calloc (ad->n, sizeof (*ad->y))))
{
weprintf ("unable to alloc memory for key shares");
return NULL;
}
proof1 = (struct proof_dl *)(ret + sizeof (struct ec_mpi));
for (i = 0; i < ad->n; i++) for (i = 0; i < ad->n; i++)
ad->y[0] = gcry_mpi_point_new (0); ad->y[i] = gcry_mpi_point_new (0);
ad->x = gcry_mpi_new (0); ad->x = gcry_mpi_new (0);
ec_skey_create (ad->x); ec_skey_create (ad->x);
smc_zkp_dl (ad->y[ad->i], ad->x, proof); smc_zkp_dl (ad->y[ad->i], ad->x, proof1);
ec_point_serialize ((struct ec_mpi *)ret, ad->y[ad->i]);
return ret;
} }
/** int
* smc_compute_pkey calculates the shared public key smc_recv_keyshare (struct AuctionData *ad,
* unsigned char *buf,
* @param[in,out] ad The struct AuctionData used size_t buflen,
*/ uint16_t sender_index)
void
smc_compute_pkey (struct AuctionData *ad)
{ {
ad->Y = gcry_mpi_point_new (0); int ret = 0;
smc_sum (ad->Y, ad->y, ad->n); struct proof_dl *proof1;
gcry_mpi_point_t y = gcry_mpi_point_new (0);
brandt_assert (ad && buf);
if (buflen != (sizeof (struct ec_mpi) + sizeof (*proof1)))
{
weprintf ("wrong size of received key share");
goto quit;
}
proof1 = (struct proof_dl *)(buf + sizeof (struct ec_mpi));
ec_point_parse (y, (struct ec_mpi *)buf);
if (smc_zkp_dl_check (y, proof1))
{
weprintf ("wrong zkp1 for public key share received");
goto quit;
}
/**\todo: how to copy a point more efficiently? */
gcry_mpi_ec_add (ad->y[sender_index], ec_zero, y, ec_ctx);
ret = 1;
quit:
gcry_mpi_point_release (y);
return ret;
} }
@ -567,30 +633,119 @@ smc_compute_pkey (struct AuctionData *ad)
* smc_encrypt_bid \todo * smc_encrypt_bid \todo
* *
* @param ad TODO * @param ad TODO
* @param j TODO * @param buflen TODO
* @param a1 TODO
* @param a2 TODO
* @param b1 TODO
* @param b2 TODO
* @param d1 TODO
* @param d2 TODO
* @param r1 TODO
* @param r2 TODO
*/ */
void unsigned char *
smc_encrypt_bid (struct AuctionData *ad, smc_encrypt_bid (struct AuctionData *ad, size_t *buflen)
uint16_t j,
gcry_mpi_point_t a1,
gcry_mpi_point_t a2,
gcry_mpi_point_t b1,
gcry_mpi_point_t b2,
gcry_mpi_t d1,
gcry_mpi_t d2,
gcry_mpi_t r1,
gcry_mpi_t r2)
{ {
// smc_zkp_0og (ad->alpha[ad->i][j], j == ad->b, ad->Y, uint16_t j;
// ad->beta[ad->i][j], a1, a2, b1, b2, d1, d2, r1, r2); unsigned char *ret;
unsigned char *cur;
struct proof_0og *proof3;
gcry_mpi_t r_sum;
gcry_mpi_t r_part;
brandt_assert (ad && buflen);
*buflen = (ad->k * /* k * (alpha, beta, proof3) */
(sizeof (struct ec_mpi) * 2 + /* alpha, beta */
sizeof (*proof3)) +
sizeof (struct proof_2dle));
if (NULL == (cur = (ret = calloc (1, *buflen))) ||
NULL == (ad->alpha = smc_init2 (ad->n, ad->k)) ||
NULL == (ad->beta = smc_init2 (ad->n, ad->k)))
{
weprintf ("unable to alloc memory for encrypted bids");
return NULL;
}
ad->Y = gcry_mpi_point_new (0);
smc_sum (ad->Y, ad->y, ad->n);
r_sum = gcry_mpi_new (0);
r_part = gcry_mpi_new (0);
for (j = 0; j < ad->k; j++)
{
proof3 = (struct proof_0og *)(cur + 2 * sizeof (struct ec_mpi));
smc_zkp_0og (j == ad->b, ad->Y, r_part,
ad->alpha[ad->i][j], ad->beta[ad->i][j], proof3);
ec_point_serialize ((struct ec_mpi *)cur, ad->alpha[ad->i][j]);
ec_point_serialize (&((struct ec_mpi *)cur)[1], ad->beta[ad->i][j]);
gcry_mpi_addm (r_sum, r_sum, r_part, ec_n);
cur += 2 * sizeof (struct ec_mpi) + sizeof (struct proof_0og);
}
smc_zkp_2dle (NULL, NULL, ad->Y, ec_gen, r_sum, (struct proof_2dle *)cur);
gcry_mpi_release (r_sum);
gcry_mpi_release (r_part);
return ret;
}
int
smc_recv_encrypted_bid (struct AuctionData *ad,
unsigned char *buf,
size_t buflen,
uint16_t sender_index)
{
int ret = 0;
uint16_t j;
unsigned char *cur = buf;
struct proof_0og *proof3;
gcry_mpi_point_t **ct; /* ciphertexts */
gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0);
gcry_mpi_point_t beta_sum = gcry_mpi_point_new (0);
brandt_assert (ad && buf);
if (buflen != (ad->k * (sizeof (struct ec_mpi) * 2 + sizeof (*proof3)) +
sizeof (struct proof_2dle)) ||
NULL == (ct = smc_init2 (2, ad->k)))
{
weprintf ("wrong size of received encrypted bid");
goto quit;
}
gcry_mpi_ec_mul (alpha_sum, GCRYMPI_CONST_ONE, ec_zero, ec_ctx);
gcry_mpi_ec_mul (beta_sum, GCRYMPI_CONST_ONE, ec_zero, ec_ctx);
for (j = 0; j < ad->k; j++)
{
ec_point_parse (ct[0][j], (struct ec_mpi *)cur);
ec_point_parse (ct[1][j], &((struct ec_mpi *)cur)[1]);
proof3 = (struct proof_0og *)(cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_0og_check (ad->Y, ct[0][j], ct[1][j], proof3))
{
weprintf ("wrong zkp3 for alpha, beta received");
goto quit;
}
gcry_mpi_ec_add (alpha_sum, alpha_sum, ct[0][j], ec_ctx);
gcry_mpi_ec_add (beta_sum, beta_sum, ct[1][j], ec_ctx);
cur += 2 * sizeof (struct ec_mpi) + sizeof (struct proof_0og);
}
gcry_mpi_ec_sub (alpha_sum, alpha_sum, ec_gen, ec_ctx);
if (smc_zkp_2dle_check (alpha_sum, beta_sum, ad->Y, ec_gen,
(struct proof_2dle *)cur))
{
weprintf ("wrong zkp2 for alpha, beta received");
goto quit;
}
for (j = 0; j < ad->k; j++)
{
/**\todo: how to copy a point more efficiently? */
gcry_mpi_ec_add (ad->alpha[sender_index][j], ec_zero, ct[0][j], ec_ctx);
gcry_mpi_ec_add (ad->beta[sender_index][j], ec_zero, ct[1][j], ec_ctx);
}
smc_free2 (ct, 2, ad->k);
ret = 1; /* finally success */
quit:
gcry_mpi_point_release (alpha_sum);
gcry_mpi_point_release (beta_sum);
return ret;
} }

3
crypto.h
View File

@ -115,7 +115,6 @@ int smc_zkp_0og_check (const gcry_mpi_point_t y,
/* --- Protocol implementation --- */ /* --- Protocol implementation --- */
void smc_gen_keyshare (struct AuctionData *ad, struct proof_dl *proof); unsigned char *smc_gen_keyshare (struct AuctionData *ad, size_t *buflen);
void smc_compute_pkey (struct AuctionData *ad);
#endif /* ifndef _BRANDT_CRYPTO_H */ #endif /* ifndef _BRANDT_CRYPTO_H */

113
test_crypto.c
View File

@ -27,6 +27,10 @@
#include "test.h" #include "test.h"
static uint16_t bidders;
static uint16_t prizes;
static struct AuctionData *ad;
int int
test_smc_2d_array () test_smc_2d_array ()
{ {
@ -43,6 +47,7 @@ test_smc_2d_array ()
check (array[i][j], "point has not been initialized"); check (array[i][j], "point has not been initialized");
smc_free2 (array, size1, size2); smc_free2 (array, size1, size2);
return 1;
} }
@ -64,6 +69,7 @@ test_smc_3d_array ()
check (array[i][j][k], "point has not been initialized"); check (array[i][j][k], "point has not been initialized");
smc_free3 (array, size1, size2, size3); smc_free3 (array, size1, size2, size3);
return 1;
} }
@ -96,6 +102,7 @@ test_serialization ()
gcry_mpi_point_release (newp); gcry_mpi_point_release (newp);
gcry_mpi_release (oldi); gcry_mpi_release (oldi);
gcry_mpi_release (newi); gcry_mpi_release (newi);
return 1;
} }
@ -114,6 +121,7 @@ test_smc_zkp_dl ()
gcry_mpi_release (x); gcry_mpi_release (x);
gcry_mpi_point_release (v); gcry_mpi_point_release (v);
return 1;
} }
@ -142,6 +150,7 @@ test_smc_zkp_2dle ()
gcry_mpi_point_release (g2); gcry_mpi_point_release (g2);
gcry_mpi_point_release (v); gcry_mpi_point_release (v);
gcry_mpi_point_release (w); gcry_mpi_point_release (w);
return 1;
} }
@ -165,13 +174,110 @@ test_smc_zkp_0og ()
gcry_mpi_point_release (y); gcry_mpi_point_release (y);
gcry_mpi_point_release (alpha); gcry_mpi_point_release (alpha);
gcry_mpi_point_release (beta); gcry_mpi_point_release (beta);
return 1;
}
int
test_setup_auction_data ()
{
uint16_t i;
ad = calloc (bidders, sizeof (struct AuctionData));
for (i = 0; i < bidders; i++)
{
ad[i].n = bidders;
ad[i].i = i;
ad[i].k = prizes;
ad[i].b = 2 * i;
}
return 1;
}
int
test_prologue ()
{
uint16_t i, s;
unsigned char *bufs[bidders];
size_t lens[bidders];
for (i = 0; i < bidders; i++)
{
bufs[i] = smc_gen_keyshare (&ad[i], &lens[i]);
check (bufs[i], "failed to gen keyshare");
}
for (i = 0; i < bidders; i++)
{
for (s = 0; s < bidders; s++)
{
if (s == i)
continue;
check (smc_recv_keyshare (&ad[i], bufs[s], lens[s], s),
"failed checking keyshare");
}
}
for (i = 0; i < bidders; i++)
free (bufs[i]);
return 1;
}
int
test_round1 ()
{
uint16_t i, s;
unsigned char *bufs[bidders];
size_t lens[bidders];
for (i = 0; i < bidders; i++)
{
bufs[i] = smc_encrypt_bid (&ad[i], &lens[i]);
check (bufs[i], "failed to encrypt bid");
}
for (i = 0; i < bidders; i++)
{
for (s = 0; s < bidders; s++)
{
if (s == i)
continue;
check (smc_recv_encrypted_bid (&ad[i], bufs[s], lens[s], s),
"failed checking encrypted bid");
}
}
for (i = 0; i < bidders; i++)
free (bufs[i]);
return 1;
}
void
cleanup_auction_data ()
{
uint16_t i;
for (i = 0; i < bidders; i++)
{
free (ad[i].y);
smc_free2 (ad[i].alpha, ad[i].n, ad[i].k);
smc_free2 (ad[i].beta, ad[i].n, ad[i].k);
}
free (ad);
} }
int int
main (int argc, char *argv[]) main (int argc, char *argv[])
{ {
int repeat = 16; int repeat = 8;
bidders = 2;
prizes = 2 * bidders;
BRANDT_init (); BRANDT_init ();
@ -185,6 +291,11 @@ main (int argc, char *argv[])
run (test_smc_zkp_dl); run (test_smc_zkp_dl);
run (test_smc_zkp_2dle); run (test_smc_zkp_2dle);
run (test_smc_zkp_0og); run (test_smc_zkp_0og);
run (test_setup_auction_data);
run (test_prologue);
run (test_round1);
cleanup_auction_data ();
} }
return ret; return ret;

2
uncrustify/conf
View File

@ -276,7 +276,7 @@ sp_after_ptr_star = remove # ignore/add/remove/force
sp_after_ptr_star_func = remove # ignore/add/remove/force sp_after_ptr_star_func = remove # ignore/add/remove/force
# Add or remove space before a pointer star '*', if followed by a func proto/def. # Add or remove space before a pointer star '*', if followed by a func proto/def.
sp_before_ptr_star_func = remove # ignore/add/remove/force sp_before_ptr_star_func = force # ignore/add/remove/force
# Add or remove space before a reference sign '&' # Add or remove space before a reference sign '&'
sp_before_byref = ignore # ignore/add/remove/force sp_before_byref = ignore # ignore/add/remove/force