oec/libbrandt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

lift code to recent GNUNET version; uncrustify

Browse Source
This commit is contained in:
Özgür Kesim 2024-01-14 21:42:10 +01:00
parent 09af66c165
commit e095416bc2
Signed by: oec
GPG Key ID: 3D76A56D79EDD9D7
16 changed files with 4330 additions and 4249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

316
INSTALL
View File

@ -1,8 +1,8 @@
Installation Instructions
*************************
Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
Inc.
Copyright (C) 1994-1996, 1999-2002, 2004-2017, 2020-2021 Free
Software Foundation, Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
@ -12,97 +12,96 @@ without warranty of any kind.
Basic Installation
==================
Briefly, the shell command `./configure && make && make install'
Briefly, the shell command './configure && make && make install'
should configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
more-detailed instructions are generic; see the 'README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
'INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
The 'configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
those values to create a 'Makefile' in each directory of the package.
It may also create one or more '.h' files containing system-dependent
definitions. Finally, it creates a shell script 'config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
file 'config.log' containing compiler output (useful mainly for
debugging 'configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
It can also use an optional file (typically called 'config.cache' and
enabled with '--cache-file=config.cache' or simply '-C') that saves the
results of its tests to speed up reconfiguring. Caching is disabled by
default to prevent problems with accidental use of stale cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
to figure out how 'configure' could check whether to do them, and mail
diffs or instructions to the address given in the 'README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
some point 'config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The file 'configure.ac' (or 'configure.in') is used to create
'configure' by a program called 'autoconf'. You need 'configure.ac' if
you want to change it or regenerate 'configure' using a newer version of
'autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
1. 'cd' to the directory containing the package's source code and type
'./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
Running 'configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
2. Type 'make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
3. Optionally, type 'make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
4. Type 'make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
user, and only the 'make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
5. Optionally, type 'make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
regular user, particularly if the prior 'make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
source code directory by typing 'make clean'. To also remove the
files that 'configure' created (so you can compile the package for
a different kind of computer), type 'make distclean'. There is
also a 'make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
7. Often, you can also type 'make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
8. Some packages, particularly those that use Automake, provide 'make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
targets like 'make install' and 'make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
the 'configure' script does not know about. Run './configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
You can give 'configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here is
an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
@ -113,21 +112,21 @@ Compiling For Multiple Architectures
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
own directory. To do this, you can use GNU 'make'. 'cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
the 'configure' script. 'configure' automatically checks for the source
code in the directory that 'configure' is in and in '..'. This is known
as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
With a non-GNU 'make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
installed the package for one architecture, use 'make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
"universal" binaries--by specifying multiple '-arch' options to the
compiler but only a single '-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
@ -136,105 +135,104 @@ this:
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
using the 'lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
By default, 'make install' installs the package's commands under
'/usr/local/bin', include files under '/usr/local/include', etc. You
can specify an installation prefix other than '/usr/local' by giving
'configure' the option '--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
pass the option '--exec-prefix=PREFIX' to 'configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
options like '--bindir=DIR' to specify different values for particular
kinds of files. Run 'configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the default
for these options is expressed in terms of '${prefix}', so that
specifying just '--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
correct locations to 'configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
'make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
affected directory. For example, 'make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
'${prefix}'. Any directories that were specified during 'configure',
but not in terms of '${prefix}', must each be overridden at install time
for the entire installation to be relocated. The approach of makefile
variable overrides for each directory variable is required by the GNU
Coding Standards, and ideally causes no recompilation. However, some
platforms have known limitations with the semantics of shared libraries
that end up requiring recompilation when using this method, particularly
noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
The second method involves providing the 'DESTDIR' variable. For
example, 'make install DESTDIR=/alternate/directory' will prepend
'/alternate/directory' before all installation names. The approach of
'DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
when some directory options were not specified in terms of '${prefix}'
at 'configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
with an extra prefix or suffix on their names by giving 'configure' the
option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
Some packages pay attention to '--enable-FEATURE' options to
'configure', where FEATURE indicates an optional part of the package.
They may also pay attention to '--with-PACKAGE' options, where PACKAGE
is something like 'gnu-as' or 'x' (for the X Window System). The
'README' should mention any '--enable-' and '--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
For packages that use the X Window System, 'configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
you can use the 'configure' options '--x-includes=DIR' and
'--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
execution of 'make' will be. For these packages, running './configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
overridden with 'make V=1'; while running './configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
overridden with 'make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC
is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
HP-UX `make' updates targets which have the same time stamps as
their prerequisites, which makes it generally unusable when shipped
generated files such as `configure' are involved. Use GNU `make'
instead.
HP-UX 'make' updates targets which have the same timestamps as their
prerequisites, which makes it generally unusable when shipped generated
files such as 'configure' are involved. Use GNU 'make' instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
parse its '<wchar.h>' header file. The option '-nodtk' can be used as a
workaround. If GNU CC is not installed, it is therefore recommended to
try
./configure CC="cc"
@ -242,26 +240,26 @@ and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
On Solaris, don't put '/usr/ucb' early in your 'PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
these programs are available in '/usr/bin'. So, if you need '/usr/ucb'
in your 'PATH', put it _after_ '/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
On Haiku, software installed for all users goes in '/boot/common',
not '/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
There may be some features 'configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
_same_ architectures, 'configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
'--build=TYPE' option. TYPE can either be a short name for the system
type, such as 'sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
@ -270,101 +268,101 @@ where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
See the file 'config.sub' for the possible values of each field. If
'config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
use the option '--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
eventually be run) with '--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
If you want to set default values for 'configure' scripts to share,
you can create a site shell script called 'config.site' that gives
default values for variables like 'CC', 'cache_file', and 'prefix'.
'configure' looks for 'PREFIX/share/config.site' if it exists, then
'PREFIX/etc/config.site' if it exists. Or, you can set the
'CONFIG_SITE' environment variable to the location of the site script.
A warning: not all 'configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
environment passed to 'configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
them in the 'configure' command line, using 'VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
causes the specified 'gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf limitation. Until the limitation is lifted, you can use
this workaround:
Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an
Autoconf limitation. Until the limitation is lifted, you can use this
workaround:
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
'configure' Invocation
======================
`configure' recognizes the following options to control how it
'configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
'--help'
'-h'
Print a summary of all of the options to 'configure', and exit.
`--help=short'
`--help=recursive'
'--help=short'
'--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
'configure', and exit. The 'short' variant lists options used only
in the top level, while the 'recursive' variant lists options also
present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
'--version'
'-V'
Print the version of Autoconf used to generate the 'configure'
script, and exit.
`--cache-file=FILE'
'--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
traditionally 'config.cache'. FILE defaults to '/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
'--config-cache'
'-C'
Alias for '--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
'--quiet'
'--silent'
'-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
suppress all normal output, redirect it to '/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
'--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
'configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
'--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names:: for
more details, including other options available for fine-tuning the
installation locations.
`--no-create'
`-n'
'--no-create'
'-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
'configure' also accepts some other, not widely useful, options. Run
'configure --help' for more details.

685
bench.c
View File

@ -30,348 +30,350 @@
#define MIN(A, B) ((A) < (B) ? (A) : (B))
struct msg {
uint16_t sender;
uint16_t receiver;
void *buf;
size_t buf_len;
struct msg
{
uint16_t sender;
uint16_t receiver;
void *buf;
size_t buf_len;
};
struct testcase {
uint16_t n;
uint16_t k;
uint16_t *bids;
uint16_t m;
uint16_t outcome_public;
uint16_t ret;
struct BRANDT_Auction **ad;
uint16_t *id;
uint16_t *result_called;
struct testcase
{
uint16_t n;
uint16_t k;
uint16_t *bids;
uint16_t m;
uint16_t outcome_public;
uint16_t ret;
struct BRANDT_Auction **ad;
uint16_t *id;
uint16_t *result_called;
};
static struct testcase tcase;
static struct testcase tcase;
static struct GNUNET_CRYPTO_EccDlogContext *edc;
static struct BRANDT_Result *
expected_outcome (uint16_t i, uint16_t *rlen)
{
struct BRANDT_Result *ret = NULL;
int32_t highest_bidder = -1;
int32_t highest_bid = -1;
int32_t mpf_highest_bidder;
int32_t mpf_highest_bid = -1;
int32_t prev_mpf_highest_bidder = -1;
uint16_t winners = MIN (tcase.m, tcase.n);
uint16_t cur_winner = 0;
struct BRANDT_Result *ret = NULL;
int32_t highest_bidder = -1;
int32_t highest_bid = -1;
int32_t mpf_highest_bidder;
int32_t mpf_highest_bid = -1;
int32_t prev_mpf_highest_bidder = -1;
uint16_t winners = MIN (tcase.m, tcase.n);
uint16_t cur_winner = 0;
*rlen = 0;
*rlen = 0;
if (0 == tcase.n)
return NULL;
if (0 == tcase.n)
return NULL;
if (0 == tcase.m)
{
for (uint16_t h = 0; h < tcase.n; h++)
if (tcase.bids[h] > highest_bid)
highest_bid = tcase.bids[highest_bidder = h];
if (0 == tcase.m)
{
for (uint16_t h = 0; h < tcase.n; h++)
if (tcase.bids[h] > highest_bid)
highest_bid = tcase.bids[highest_bidder = h];
if (!tcase.outcome_public && !(i == highest_bidder || i == tcase.n))
return NULL;
if (! tcase.outcome_public && ! (i == highest_bidder || i == tcase.n))
return NULL;
ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = highest_bidder;
ret->price = highest_bid;
ret->status = BRANDT_bidder_won;
*rlen = 1;
return ret;
}
ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = highest_bidder;
ret->price = highest_bid;
ret->status = BRANDT_bidder_won;
*rlen = 1;
return ret;
}
/* fewer bidders than needed -> everyone wins with lowest price */
if (tcase.n <= tcase.m)
{
if (tcase.outcome_public || i == tcase.n)
{
ret = GNUNET_new_array ((*rlen = tcase.n), struct BRANDT_Result);
for (uint16_t h = 0; h < tcase.n; h++)
{
ret[h].bidder = h;
ret[h].price = 0;
ret[h].status = BRANDT_bidder_won;
}
}
else
{
ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = i;
ret->price = 0;
ret->status = BRANDT_bidder_won;
*rlen = 1;
}
return ret;
}
/* fewer bidders than needed -> everyone wins with lowest price */
if (tcase.n <= tcase.m)
{
if (tcase.outcome_public || i == tcase.n)
{
ret = GNUNET_new_array ((*rlen = tcase.n), struct BRANDT_Result);
for (uint16_t h = 0; h < tcase.n; h++)
{
ret[h].bidder = h;
ret[h].price = 0;
ret[h].status = BRANDT_bidder_won;
}
}
else
{
ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = i;
ret->price = 0;
ret->status = BRANDT_bidder_won;
*rlen = 1;
}
return ret;
}
/* find M+1st highest bidder to determine selling price */
for (uint16_t h = 0; h < tcase.n; h++)
if (tcase.bids[h] > mpf_highest_bid)
mpf_highest_bid = tcase.bids[prev_mpf_highest_bidder = h];
for (uint16_t m = 0; m < MIN (tcase.m, tcase.n - 1); m++)
{
mpf_highest_bidder = -1;
mpf_highest_bid = -1;
for (uint16_t h = 0; h < tcase.n; h++)
{
if (tcase.bids[h] > mpf_highest_bid &&
(tcase.bids[h] < tcase.bids[prev_mpf_highest_bidder] ||
(tcase.bids[h] == tcase.bids[prev_mpf_highest_bidder] &&
h > prev_mpf_highest_bidder)))
{
mpf_highest_bid = tcase.bids[mpf_highest_bidder = h];
}
}
prev_mpf_highest_bidder = mpf_highest_bidder;
}
/* find M+1st highest bidder to determine selling price */
for (uint16_t h = 0; h < tcase.n; h++)
if (tcase.bids[h] > mpf_highest_bid)
mpf_highest_bid = tcase.bids[prev_mpf_highest_bidder = h];
for (uint16_t m = 0; m < MIN (tcase.m, tcase.n - 1); m++)
{
mpf_highest_bidder = -1;
mpf_highest_bid = -1;
for (uint16_t h = 0; h < tcase.n; h++)
{
if (tcase.bids[h] > mpf_highest_bid &&
(tcase.bids[h] < tcase.bids[prev_mpf_highest_bidder] ||
(tcase.bids[h] == tcase.bids[prev_mpf_highest_bidder] &&
h > prev_mpf_highest_bidder)))
{
mpf_highest_bid = tcase.bids[mpf_highest_bidder = h];
}
}
prev_mpf_highest_bidder = mpf_highest_bidder;
}
/* for simplicity always locate the big block if we need to report at
* least one winner. with private outcome for losing bidders or winners
* only none or one element will be used respectively. */
if (tcase.outcome_public || i == tcase.n ||
tcase.bids[i] > mpf_highest_bid ||
(tcase.bids[i] == mpf_highest_bid && i < mpf_highest_bidder))
ret = GNUNET_new_array (winners, struct BRANDT_Result);
/* for simplicity always locate the big block if we need to report at
* least one winner. with private outcome for losing bidders or winners
* only none or one element will be used respectively. */
if (tcase.outcome_public || i == tcase.n ||
tcase.bids[i] > mpf_highest_bid ||
(tcase.bids[i] == mpf_highest_bid && i < mpf_highest_bidder))
ret = GNUNET_new_array (winners, struct BRANDT_Result);
/* report winners */
for (uint16_t h = 0; h < tcase.n; h++)
{
if (((tcase.bids[h] == mpf_highest_bid && h < mpf_highest_bidder) ||
tcase.bids[h] > mpf_highest_bid) && /* h is a winner */
(tcase.outcome_public || i == h || i == tcase.n)) /* needs report */
{
if (cur_winner >= winners)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "got too many winners\n");
_exit (1);
}
ret[cur_winner].bidder = h;
ret[cur_winner].price = mpf_highest_bid;
ret[cur_winner].status = BRANDT_bidder_won;
cur_winner++;
}
}
*rlen = cur_winner;
return ret;
/* report winners */
for (uint16_t h = 0; h < tcase.n; h++)
{
if (((tcase.bids[h] == mpf_highest_bid && h < mpf_highest_bidder) ||
tcase.bids[h] > mpf_highest_bid) && /* h is a winner */
(tcase.outcome_public || i == h || i == tcase.n)) /* needs report */
{
if (cur_winner >= winners)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "got too many winners\n");
_exit (1);
}
ret[cur_winner].bidder = h;
ret[cur_winner].price = mpf_highest_bid;
ret[cur_winner].status = BRANDT_bidder_won;
cur_winner++;
}
}
*rlen = cur_winner;
return ret;
}
static void
bidder_start (void *arg)
{
uint16_t i = *(uint16_t *)arg;
uint16_t i = *(uint16_t *) arg;
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "starting bidder %d\n", i);
BRANDT_bidder_start (tcase.ad[i], i, tcase.n);
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "starting bidder %d\n", i);
BRANDT_bidder_start (tcase.ad[i], i, tcase.n);
}
static void
transfer_message (void *arg)
{
struct msg *m = (struct msg *)arg;
struct msg_head *h = (struct msg_head *)m->buf;
struct msg *m = (struct msg *) arg;
struct msg_head *h = (struct msg_head *) m->buf;
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "xfer msg %d %p from %d to %d\n",
ntohl (h->msg_type), arg, m->sender, m->receiver);
BRANDT_got_message (tcase.ad[m->receiver], m->sender, m->buf, m->buf_len);
GNUNET_free (m->buf);
GNUNET_free (m);
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "xfer msg %d %p from %d to %d\n",
ntohl (h->msg_type), arg, m->sender, m->receiver);
BRANDT_got_message (tcase.ad[m->receiver], m->sender, m->buf, m->buf_len);
GNUNET_free (m->buf);
GNUNET_free (m);
}
static uint16_t
cb_start (void *auction_closure)
{
uint16_t *s = (uint16_t *)auction_closure;
uint16_t *s = (uint16_t *) auction_closure;
if (tcase.n != *s)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"start callback called from bidder\n");
_exit (1);
}
if (tcase.n != *s)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"start callback called from bidder\n");
_exit (1);
}
for (uint16_t i = 0; i < tcase.n; i++)
GNUNET_SCHEDULER_add_now (&bidder_start, &tcase.id[i]);
for (uint16_t i = 0; i < tcase.n; i++)
GNUNET_SCHEDULER_add_now (&bidder_start, &tcase.id[i]);
return tcase.n;
return tcase.n;
}
static int
cb_broadcast (void *auction_closure,
const void *msg,
size_t msg_len)
size_t msg_len)
{
uint16_t *s = (uint16_t *)auction_closure;
struct msg *m;
uint16_t *s = (uint16_t *) auction_closure;
struct msg *m;
for (uint16_t i = 0; i <= tcase.n; i++)
{
if (i == *s)
continue;
m = GNUNET_new (struct msg);
m->sender = *s;
m->receiver = i;
m->buf = GNUNET_new_array (msg_len, unsigned char);
memcpy (m->buf, msg, msg_len);
m->buf_len = msg_len;
GNUNET_SCHEDULER_add_now (&transfer_message, m);
}
return 0;
for (uint16_t i = 0; i <= tcase.n; i++)
{
if (i == *s)
continue;
m = GNUNET_new (struct msg);
m->sender = *s;
m->receiver = i;
m->buf = GNUNET_new_array (msg_len, unsigned char);
memcpy (m->buf, msg, msg_len);
m->buf_len = msg_len;
GNUNET_SCHEDULER_add_now (&transfer_message, m);
}
return 0;
}
static int
cb_unicast (void *auction_closure,
const void *msg,
size_t msg_len)
size_t msg_len)
{
uint16_t *s = (uint16_t *)auction_closure;
struct msg *m;
uint16_t *s = (uint16_t *) auction_closure;
struct msg *m;
m = GNUNET_new (struct msg);
m->sender = *s;
m->receiver = tcase.n; /* == seller */
m->buf = GNUNET_new_array (msg_len, unsigned char);
memcpy (m->buf, msg, msg_len);
m->buf_len = msg_len;
GNUNET_SCHEDULER_add_now (&transfer_message, m);
m = GNUNET_new (struct msg);
m->sender = *s;
m->receiver = tcase.n; /* == seller */
m->buf = GNUNET_new_array (msg_len, unsigned char);
memcpy (m->buf, msg, msg_len);
m->buf_len = msg_len;
GNUNET_SCHEDULER_add_now (&transfer_message, m);
return 0;
return 0;
}
static void
cb_result (void *auction_closure,
struct BRANDT_Result results[],
uint16_t results_len)
uint16_t results_len)
{
uint16_t *s = (uint16_t *)auction_closure;
uint16_t mustlen = -1;
struct BRANDT_Result *must = expected_outcome (*s, &mustlen);
uint16_t *s = (uint16_t *) auction_closure;
uint16_t mustlen = -1;
struct BRANDT_Result *must = expected_outcome (*s, &mustlen);
if (mustlen != results_len)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"expected result len is: %d\n",
mustlen);
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"computed result len is: %d (by agent %d)\n",
results_len,
*s);
tcase.ret = 1;
goto quit;
}
if (mustlen != results_len)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"expected result len is: %d\n",
mustlen);
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"computed result len is: %d (by agent %d)\n",
results_len,
*s);
tcase.ret = 1;
goto quit;
}
if (0 == results_len && NULL != must)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"expected result is: %p\n",
(void *)must);
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"computed result is: (nil) (by agent %d)\n",
*s);
if (0 == results_len && NULL != must)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"expected result is: %p\n",
(void *) must);
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"computed result is: (nil) (by agent %d)\n",
*s);
tcase.ret = 1;
}
tcase.ret = 1;
}
for (uint16_t i = 0; i < results_len; i++)
{
GNUNET_log (
GNUNET_ERROR_TYPE_INFO,
"expected result is: bidder %d got status %d with price %d\n",
must[i].bidder,
must[i].status,
must[i].price);
GNUNET_log (
GNUNET_ERROR_TYPE_INFO,
"computed result is: bidder %d got status %d with price %d (by agent %d)\n",
results[i].bidder,
results[i].status,
results[i].price,
*s);
for (uint16_t i = 0; i < results_len; i++)
{
GNUNET_log (
GNUNET_ERROR_TYPE_INFO,
"expected result is: bidder %d got status %d with price %d\n",
must[i].bidder,
must[i].status,
must[i].price);
GNUNET_log (
GNUNET_ERROR_TYPE_INFO,
"computed result is: bidder %d got status %d with price %d (by agent %d)\n",
results[i].bidder,
results[i].status,
results[i].price,
*s);
if (NULL == must ||
must[i].bidder != results[i].bidder ||
must[i].status != results[i].status ||
must[i].price != results[i].price)
tcase.ret = 1;
}
if (NULL == must ||
must[i].bidder != results[i].bidder ||
must[i].status != results[i].status ||
must[i].price != results[i].price)
tcase.ret = 1;
}
quit:
tcase.result_called[*s] = 1;
if (must)
GNUNET_free (must);
tcase.result_called[*s] = 1;
if (must)
GNUNET_free (must);
}
static void
run_auction (void *arg)
{
void *desc;
size_t desc_len;
void *desc;
size_t desc_len;
tcase.ad[tcase.n] = BRANDT_new (&cb_result,
&cb_broadcast,
&cb_start,
&tcase.id[tcase.n],
&desc,
&desc_len,
GNUNET_TIME_absolute_get (),
GNUNET_TIME_UNIT_MINUTES,
tcase.k, /* number of prizes */
tcase.m, /* m */
tcase.outcome_public, /* outcome public */
tcase.outcome_public ? edc : NULL);
if (!tcase.ad[tcase.n])
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_new() failed.\n");
_exit (1);
}
tcase.ad[tcase.n] = BRANDT_new (&cb_result,
&cb_broadcast,
&cb_start,
&tcase.id[tcase.n],
&desc,
&desc_len,
GNUNET_TIME_absolute_get (),
GNUNET_TIME_UNIT_MINUTES,
tcase.k, /* number of prizes */
tcase.m, /* m */
tcase.outcome_public, /* outcome public */
tcase.outcome_public ? edc : NULL);
if (! tcase.ad[tcase.n])
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_new() failed.\n");
_exit (1);
}
for (uint16_t i = 0; i < tcase.n; i++)
{
tcase.ad[i] = BRANDT_join (&cb_result,
&cb_broadcast,
&cb_unicast,
&tcase.id[i],
desc,
desc_len,
tcase.bids[i], /* bid */
tcase.outcome_public ? edc : NULL);
if (!tcase.ad[i])
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_join() failed.\n");
tcase.ret = 1;
return;
}
for (uint16_t i = 0; i < tcase.n; i++)
{
tcase.ad[i] = BRANDT_join (&cb_result,
&cb_broadcast,
&cb_unicast,
&tcase.id[i],
desc,
desc_len,
tcase.bids[i], /* bid */
tcase.outcome_public ? edc : NULL);
if (! tcase.ad[i])
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_join() failed.\n");
tcase.ret = 1;
return;
}
if (tcase.ad[tcase.n]->k != tcase.ad[i]->k ||
tcase.ad[tcase.n]->m != tcase.ad[i]->m ||
tcase.ad[tcase.n]->outcome_public != tcase.ad[i]->outcome_public ||
tcase.ad[tcase.n]->time_start.abs_value_us
!= tcase.ad[i]->time_start.abs_value_us ||
tcase.ad[tcase.n]->time_round.rel_value_us
!= tcase.ad[i]->time_round.rel_value_us ||
!tcase.ad[tcase.n]->seller_mode || /* todo: split out */
tcase.ad[i]->seller_mode)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"error/mismatch in basic auction data\n");
tcase.ret = 1;
return;
}
}
if (tcase.ad[tcase.n]->k != tcase.ad[i]->k ||
tcase.ad[tcase.n]->m != tcase.ad[i]->m ||
tcase.ad[tcase.n]->outcome_public != tcase.ad[i]->outcome_public ||
tcase.ad[tcase.n]->time_start.abs_value_us
!= tcase.ad[i]->time_start.abs_value_us ||
tcase.ad[tcase.n]->time_round.rel_value_us
!= tcase.ad[i]->time_round.rel_value_us ||
! tcase.ad[tcase.n]->seller_mode || /* todo: split out */
tcase.ad[i]->seller_mode)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"error/mismatch in basic auction data\n");
tcase.ret = 1;
return;
}
}
}
@ -394,102 +396,107 @@ test_auction (uint16_t n,
uint16_t m,
uint16_t outcome_public)
{
tcase.n = n;
tcase.k = k;
tcase.bids = bids;
tcase.m = m;
tcase.outcome_public = outcome_public;
tcase.ret = 0;
tcase.n = n;
tcase.k = k;
tcase.bids = bids;
tcase.m = m;
tcase.outcome_public = outcome_public;
tcase.ret = 0;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"######################################\n");
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"testing %s auction with m = %d and %s outcome\n",
tcase.m > 0 ? "M+1ST PRICE" : "FIRST PRICE",
tcase.m,
tcase.outcome_public ? "PUBLIC" : "PRIVATE");
/** \todo: output bids */
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"######################################\n");
tcase.ad = GNUNET_new_array (tcase.n + 1, struct BRANDT_Auction *);
tcase.id = GNUNET_new_array (tcase.n + 1, uint16_t);
for (uint16_t i = 0; i <= tcase.n; i++)
tcase.id[i] = i;
tcase.result_called = GNUNET_new_array (tcase.n + 1, uint16_t);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"######################################\n");
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"testing %s auction with m = %d and %s outcome\n",
tcase.m > 0 ? "M+1ST PRICE" : "FIRST PRICE",
tcase.m,
tcase.outcome_public ? "PUBLIC" : "PRIVATE");
/** \todo: output bids */
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"######################################\n");
tcase.ad = GNUNET_new_array (tcase.n + 1, struct BRANDT_Auction *);
tcase.id = GNUNET_new_array (tcase.n + 1, uint16_t);
for (uint16_t i = 0; i <= tcase.n; i++)
tcase.id[i] = i;
tcase.result_called = GNUNET_new_array (tcase.n + 1, uint16_t);
GNUNET_SCHEDULER_run (&run_auction, NULL);
GNUNET_SCHEDULER_run (&run_auction, NULL);
for (uint16_t i = 0; i <= tcase.n; i++)
{
BRANDT_destroy (tcase.ad[i]);
if (!tcase.result_called[i])
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"result callback not called for bidder %d\n",
i);
tcase.ret = 1;
}
}
for (uint16_t i = 0; i <= tcase.n; i++)
{
BRANDT_destroy (tcase.ad[i]);
if (! tcase.result_called[i])
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"result callback not called for bidder %d\n",
i);
tcase.ret = 1;
}
}
GNUNET_free (tcase.ad);
GNUNET_free (tcase.id);
GNUNET_free (tcase.result_called);
GNUNET_free (tcase.ad);
GNUNET_free (tcase.id);
GNUNET_free (tcase.result_called);
return tcase.ret;
return tcase.ret;
}
int
main (int argc, char *argv[])
{
int ret = 0;
uint16_t n;
uint16_t k;
uint16_t m;
uint16_t public;
uint16_t *bids = NULL;
struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_option_help ("benchmark a single libbrandt auction"),
{'k', "k", "NUMBER",
gettext_noop ("number of prices\n"),
1, &GNUNET_GETOPT_option_uint, &k},
{'n', "n", "NUMBER",
gettext_noop ("number of bidders\n"),
1, &GNUNET_GETOPT_option_uint, &n},
{'m', "m", "NUMBER",
gettext_noop ("number of items to sell\n"
"0 for first price auction\n"
">0 for vickrey/M+1st price auction"),
1, &GNUNET_GETOPT_option_uint, &m},
{'p', "public", NULL,
gettext_noop ("public auction outcome"),
0, &GNUNET_GETOPT_option_flag, &public},
GNUNET_GETOPT_OPTION_END
};
int ret = 0;
uint16_t n;
uint16_t k;
uint16_t m;
uint16_t public;
uint16_t *bids = NULL;
struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_option_help ("benchmark a single libbrandt auction"),
GNUNET_GETOPT_option_uint16 (
'k', "k", "NUMBER",
gettext_noop ("number of prices\n"),
&k),
GNUNET_GETOPT_option_uint16 (
'n', "n", "NUMBER",
gettext_noop ("number of bidders\n"),
&n),
GNUNET_GETOPT_option_uint16 (
'm', "m", "NUMBER",
gettext_noop ("number of items to sell\n"
"0 for first price auction\n"
">0 for vickrey/M+1st price auction"),
&m),
GNUNET_GETOPT_option_uint16 (
'p', "public", NULL,
gettext_noop ("public auction outcome"),
&public),
GNUNET_GETOPT_OPTION_END
};
if (GNUNET_OK != GNUNET_log_setup ("test_brandt", "WARNING", NULL))
return 1;
if (GNUNET_OK != GNUNET_log_setup ("test_brandt", "WARNING", NULL))
return 1;
ret = GNUNET_GETOPT_run ("bench", options, (unsigned int) argc, argv);
if ((GNUNET_OK > ret) ||
(GNUNET_OK != GNUNET_log_setup ("bench", "WARNING", NULL)))
return 1;
ret = GNUNET_GETOPT_run ("bench", options, (unsigned int) argc, argv);
if ((GNUNET_OK > ret) ||
(GNUNET_OK != GNUNET_log_setup ("bench", "WARNING", NULL)))
return 1;
if (n == 0)
n = 4;
if (k == 0)
k = 3;
if (n == 0)
n = 4;
if (k == 0)
k = 3;
if (!(bids = calloc(sizeof(uint16_t), n)))
return 1;
for (uint16_t i = 0; i < n; i++)
bids[i] = (uint16_t)GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, k);
if (! (bids = calloc (sizeof(uint16_t), n)))
return 1;
for (uint16_t i = 0; i < n; i++)
bids[i] = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
k);
edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16);
BRANDT_init ();
edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16);
BRANDT_init ();
ret = test_auction (n, k, bids, m, public);
ret = test_auction (n, k, bids, m, public);
GNUNET_CRYPTO_ecc_dlog_release (edc);
return ret;
GNUNET_CRYPTO_ecc_dlog_release (edc);
return ret;
}

760
brandt.c
View File

@ -30,499 +30,499 @@
void
BRANDT_init ()
{
gcry_error_t err = 0;
gcry_error_t err = 0;
if (!gcry_check_version ("1.7.0"))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"libgcrypt version mismatch\n");
GNUNET_abort_ ();
}
if (! gcry_check_version ("1.7.0"))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"libgcrypt version mismatch\n");
GNUNET_abort_ ();
}
/* SECMEM cannot be resized dynamically. We do not know how much we need */
if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"failed to set libgcrypt option DISABLE_SECMEM: %s\n",
gcry_strerror (err));
/* SECMEM cannot be resized dynamically. We do not know how much we need */
if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"failed to set libgcrypt option DISABLE_SECMEM: %s\n",
gcry_strerror (err));
/* ecc is slow otherwise and we don't create long term keys anyway. */
if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s\n",
gcry_strerror (err));
/* ecc is slow otherwise and we don't create long term keys anyway. */
if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s\n",
gcry_strerror (err));
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
brandt_crypto_init ();
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
brandt_crypto_init ();
}
void
BRANDT_bidder_start (struct BRANDT_Auction *auction,
uint16_t i,
uint16_t n)
uint16_t i,
uint16_t n)
{
enum auction_type atype;
enum outcome_type outcome;
unsigned char *buf;
size_t buflen;
enum auction_type atype;
enum outcome_type outcome;
unsigned char *buf;
size_t buflen;
GNUNET_assert (auction && n > 0 && i < n);
auction->n = n;
auction->i = i;
GNUNET_assert (auction && n > 0 && i < n);
auction->n = n;
auction->i = i;
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = auction->outcome_public ? outcome_public : outcome_private;
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = auction->outcome_public ? outcome_public : outcome_private;
if (auction_mPlusFirstPrice == atype && n <= auction->m)
{ /* fewer bidders than items to sell. every bidder won with lowest price */
struct BRANDT_Result *res;
if (auction->outcome_public)
{
res = GNUNET_new_array (n, struct BRANDT_Result);
for (uint16_t h = 0; h < n; h++)
{
res[h].bidder = h;
res[h].price = 0;
res[h].status = BRANDT_bidder_won;
}
auction->result (auction->closure, res, n);
}
else
{
res = GNUNET_new (struct BRANDT_Result);
res->bidder = i;
res->price = 0;
res->status = BRANDT_bidder_won;
auction->result (auction->closure, res, 1);
}
return;
}
if (auction_mPlusFirstPrice == atype && n <= auction->m)
{ /* fewer bidders than items to sell. every bidder won with lowest price */
struct BRANDT_Result *res;
if (auction->outcome_public)
{
res = GNUNET_new_array (n, struct BRANDT_Result);
for (uint16_t h = 0; h < n; h++)
{
res[h].bidder = h;
res[h].price = 0;
res[h].status = BRANDT_bidder_won;
}
auction->result (auction->closure, res, n);
}
else
{
res = GNUNET_new (struct BRANDT_Result);
res->bidder = i;
res->price = 0;
res->status = BRANDT_bidder_won;
auction->result (auction->closure, res, 1);
}
return;
}
/* On M+1st price auctions we multiply the amount of prizes by the amount of
* bidders and resctrict each bidder to his own distinct subset of the
* prices. This is done for tie breaking. An additional proof is used in the
* encrypt_bid round to show that the bidder has chosen a valid bid and the
* outcome callback will remap the result to the original k price values. */
if (auction_mPlusFirstPrice == atype)
{
auction->k *= n;
auction->b = auction->b * n + n - i - 1;
}
/* On M+1st price auctions we multiply the amount of prizes by the amount of
* bidders and resctrict each bidder to his own distinct subset of the
* prices. This is done for tie breaking. An additional proof is used in the
* encrypt_bid round to show that the bidder has chosen a valid bid and the
* outcome callback will remap the result to the original k price values. */
if (auction_mPlusFirstPrice == atype)
{
auction->k *= n;
auction->b = auction->b * n + n - i - 1;
}
if (handler_prep[atype][outcome][msg_init])
handler_prep[atype][outcome][msg_init] (auction);
if (handler_prep[atype][outcome][msg_init])
handler_prep[atype][outcome][msg_init] (auction);
if (!handler_out[atype][outcome][msg_init] ||
!(buf = handler_out[atype][outcome][msg_init](auction, &buflen)))
{
/** \todo */
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"wow fail out\n");
return;
}
if (! handler_out[atype][outcome][msg_init] ||
! (buf = handler_out[atype][outcome][msg_init](auction, &buflen)))
{
/** \todo */
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"wow fail out\n");
return;
}
auction->bcast (auction->closure, buf, buflen);
gcry_mpi_set_bit (auction->round_progress, auction->i);
free (buf);
auction->bcast (auction->closure, buf, buflen);
gcry_mpi_set_bit (auction->round_progress, auction->i);
free (buf);
}
static void
seller_start (void *arg)
{
struct BRANDT_Auction *ad = (struct BRANDT_Auction *)arg;
enum auction_type atype;
enum outcome_type outcome;
struct BRANDT_Auction *ad = (struct BRANDT_Auction *) arg;
enum auction_type atype;
enum outcome_type outcome;
ad->task = NULL;
ad->task = NULL;
ad->n = ad->start (ad->closure);
if (0 == ad->n)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_INFO,
"libbrandt",
"no bidders registered for auction\n");
ad->result (ad->closure, NULL, 0);
return;
}
else if (ad->n <= ad->m)
{
struct BRANDT_Result *res = GNUNET_new_array (ad->n,
struct BRANDT_Result);
ad->n = ad->start (ad->closure);
if (0 == ad->n)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_INFO,
"libbrandt",
"no bidders registered for auction\n");
ad->result (ad->closure, NULL, 0);
return;
}
else if (ad->n <= ad->m)
{
struct BRANDT_Result *res = GNUNET_new_array (ad->n,
struct BRANDT_Result);
GNUNET_log_from (GNUNET_ERROR_TYPE_INFO,
"libbrandt",
"less bidders than needed, selling for lowest price\n");
for (uint16_t i = 0; i < ad->n; i++)
{
res[i].bidder = i;
res[i].price = 0;
res[i].status = BRANDT_bidder_won;
}
ad->result (ad->closure, res, ad->n);
}
GNUNET_log_from (GNUNET_ERROR_TYPE_INFO,
"libbrandt",
"less bidders than needed, selling for lowest price\n");
for (uint16_t i = 0; i < ad->n; i++)
{
res[i].bidder = i;
res[i].price = 0;
res[i].status = BRANDT_bidder_won;
}
ad->result (ad->closure, res, ad->n);
}
atype = ad->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = ad->outcome_public ? outcome_public : outcome_private;
atype = ad->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = ad->outcome_public ? outcome_public : outcome_private;
/* On M+1st price auctions we multiply the amount of prizes by the amount of
* bidders and resctrict each bidder to his own distinct subset of the
* prices. This is done for tie breaking. An additional proof is used in the
* encrypt_bid round to show that the bidder has chosen a valid bid and the
* outcome callback will remap the result to the original k price values. */
if (auction_mPlusFirstPrice == atype)
ad->k *= ad->n;
/* On M+1st price auctions we multiply the amount of prizes by the amount of
* bidders and resctrict each bidder to his own distinct subset of the
* prices. This is done for tie breaking. An additional proof is used in the
* encrypt_bid round to show that the bidder has chosen a valid bid and the
* outcome callback will remap the result to the original k price values. */
if (auction_mPlusFirstPrice == atype)
ad->k *= ad->n;
if (handler_prep[atype][outcome][msg_init])
handler_prep[atype][outcome][msg_init] (ad);
if (handler_prep[atype][outcome][msg_init])
handler_prep[atype][outcome][msg_init] (ad);
}
struct BRANDT_Auction *
BRANDT_new (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast,
BRANDT_CbStart start,
BRANDT_new (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast,
BRANDT_CbStart start,
void *auction_closure,
void **auction_desc,
size_t *auction_desc_len,
struct GNUNET_TIME_Absolute time_start,
struct GNUNET_TIME_Relative time_round,
uint16_t num_prices,
uint16_t m,
int outcome_public,
struct GNUNET_TIME_Absolute time_start,
struct GNUNET_TIME_Relative time_round,
uint16_t num_prices,
uint16_t m,
int outcome_public,
struct GNUNET_CRYPTO_EccDlogContext *dlogctx)
{
struct BRANDT_Auction *ret;
struct BRANDT_DescrP *desc;
struct GNUNET_TIME_Relative until_start;
struct BRANDT_Auction *ret;
struct BRANDT_DescrP *desc;
struct GNUNET_TIME_Relative until_start;
if (!(0 < num_prices))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"num_prices must be > 0\n");
return NULL;
}
if (! (0 < num_prices))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"num_prices must be > 0\n");
return NULL;
}
if (1 == outcome_public && NULL == dlogctx)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"need dlogctx for public outcome auctions\n");
return NULL;
}
if (1 == outcome_public && NULL == dlogctx)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"need dlogctx for public outcome auctions\n");
return NULL;
}
desc = GNUNET_new (struct BRANDT_DescrP);
desc->time_start = GNUNET_TIME_absolute_hton (time_start);
desc->time_round = GNUNET_TIME_relative_hton (time_round);
desc->k = htons (num_prices);
desc->m = htons (m);
desc->outcome_public = htons (outcome_public);
desc = GNUNET_new (struct BRANDT_DescrP);
desc->time_start = GNUNET_TIME_absolute_hton (time_start);
desc->time_round = GNUNET_TIME_relative_hton (time_round);
desc->k = htons (num_prices);
desc->m = htons (m);
desc->outcome_public = htons (outcome_public);
ret = GNUNET_new (struct BRANDT_Auction);
ret->time_start = time_start;
ret->time_round = time_round;
ret->k = num_prices;
ret->m = m;
ret->outcome_public = outcome_public;
ret->cur_round = msg_init;
ret->round_progress = gcry_mpi_new (256);
ret->dlogctx = dlogctx;
ret = GNUNET_new (struct BRANDT_Auction);
ret->time_start = time_start;
ret->time_round = time_round;
ret->k = num_prices;
ret->m = m;
ret->outcome_public = outcome_public;
ret->cur_round = msg_init;
ret->round_progress = gcry_mpi_new (256);
ret->dlogctx = dlogctx;
/* we are the seller */
ret->seller_mode = 1;
/* we are the seller */
ret->seller_mode = 1;
/* callback interface with application */
ret->closure = auction_closure;
ret->bcast = broadcast;
ret->result = result;
ret->start = start;
/* callback interface with application */
ret->closure = auction_closure;
ret->bcast = broadcast;
ret->result = result;
ret->start = start;
until_start = GNUNET_TIME_absolute_get_remaining (time_start);
ret->task = GNUNET_SCHEDULER_add_delayed (until_start,
&seller_start,
ret);
until_start = GNUNET_TIME_absolute_get_remaining (time_start);
ret->task = GNUNET_SCHEDULER_add_delayed (until_start,
&seller_start,
ret);
*auction_desc_len = sizeof (struct BRANDT_DescrP);
*auction_desc = desc;
return ret;
*auction_desc_len = sizeof (struct BRANDT_DescrP);
*auction_desc = desc;
return ret;
}
int
BRANDT_parse_desc (const void *auction_desc,
size_t auction_desc_len,
size_t auction_desc_len,
struct GNUNET_TIME_Absolute *time_start,
struct GNUNET_TIME_Relative *time_round,
uint16_t *num_prices,
uint16_t *m,
uint16_t *outcome_public)
{
const struct BRANDT_DescrP *desc = auction_desc;
const uint32_t zero = 0;
const struct BRANDT_DescrP *desc = auction_desc;
const uint32_t zero = 0;
if (sizeof (struct BRANDT_DescrP) != auction_desc_len)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"auction desc struct size mismatch\n");
return -1;
}
if (sizeof (struct BRANDT_DescrP) != auction_desc_len)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"auction desc struct size mismatch\n");
return -1;
}
if (0 != memcmp (&desc->reserved, &zero, sizeof (desc->reserved)))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"reserved field in auction description must be zero\n");
return -1;
}
if (0 != memcmp (&desc->reserved, &zero, sizeof (desc->reserved)))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"reserved field in auction description must be zero\n");
return -1;
}
if (time_start)
*time_start = GNUNET_TIME_absolute_ntoh (desc->time_start);
if (time_round)
*time_round = GNUNET_TIME_relative_ntoh (desc->time_round);
if (num_prices)
*num_prices = ntohs (desc->k);
if (m)
*m = ntohs (desc->m);
if (outcome_public)
*outcome_public = ntohs (desc->outcome_public);
if (time_start)
*time_start = GNUNET_TIME_absolute_ntoh (desc->time_start);
if (time_round)
*time_round = GNUNET_TIME_relative_ntoh (desc->time_round);
if (num_prices)
*num_prices = ntohs (desc->k);
if (m)
*m = ntohs (desc->m);
if (outcome_public)
*outcome_public = ntohs (desc->outcome_public);
return 0;
return 0;
}
struct BRANDT_Auction *
BRANDT_join (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast,
BRANDT_CbDeliver unicast,
BRANDT_join (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast,
BRANDT_CbDeliver unicast,
void *auction_closure,
const void *auction_desc,
size_t auction_desc_len,
uint16_t bid,
size_t auction_desc_len,
uint16_t bid,
struct GNUNET_CRYPTO_EccDlogContext *dlogctx)
{
struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction);
struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction);
if (0 != BRANDT_parse_desc (auction_desc,
auction_desc_len,
&ret->time_start,
&ret->time_round,
&ret->k,
&ret->m,
&ret->outcome_public))
{
GNUNET_free (ret);
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"failed to parse auction description blob\n");
return NULL;
}
if (0 != BRANDT_parse_desc (auction_desc,
auction_desc_len,
&ret->time_start,
&ret->time_round,
&ret->k,
&ret->m,
&ret->outcome_public))
{
GNUNET_free (ret);
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"failed to parse auction description blob\n");
return NULL;
}
if (1 == ret->outcome_public && NULL == dlogctx)
{
GNUNET_free (ret);
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"need dlogctx for public outcome auctions\n");
return NULL;
}
if (1 == ret->outcome_public && NULL == dlogctx)
{
GNUNET_free (ret);
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"need dlogctx for public outcome auctions\n");
return NULL;
}
ret->cur_round = msg_init;
ret->round_progress = gcry_mpi_new (256);
ret->b = bid;
ret->dlogctx = dlogctx;
ret->cur_round = msg_init;
ret->round_progress = gcry_mpi_new (256);
ret->b = bid;
ret->dlogctx = dlogctx;
/* we are the seller */
ret->seller_mode = 0;
/* we are the seller */
ret->seller_mode = 0;
/* callback interface with application */
ret->closure = auction_closure;
ret->bcast = broadcast;
ret->ucast = unicast;
ret->result = result;
/* callback interface with application */
ret->closure = auction_closure;
ret->bcast = broadcast;
ret->ucast = unicast;
ret->result = result;
return ret;
return ret;
}
void
BRANDT_destroy (struct BRANDT_Auction *auction)
{
if (auction->task)
GNUNET_SCHEDULER_cancel (auction->task);
gcry_mpi_release (auction->round_progress);
gcry_mpi_release (auction->x);
smc_free1 (auction->y, auction->n);
gcry_mpi_point_release (auction->Y);
smc_free2 (auction->alpha, auction->n, auction->k);
smc_free2 (auction->beta, auction->n, auction->k);
smc_free2 (auction->gamma2, auction->n, auction->k);
smc_free2 (auction->delta2, auction->n, auction->k);
smc_free2 (auction->phi2, auction->n, auction->k);
free (auction->phiproofs3);
smc_free1 (auction->tmpa1, auction->k);
smc_free1 (auction->tmpb1, auction->k);
if (auction->m > 0 && auction->outcome_public)
{
smc_free3 (auction->gamma3, auction->n, 2, auction->k);
smc_free3 (auction->delta3, auction->n, 2, auction->k);
smc_free3 (auction->phi3, auction->n, 2, auction->k);
}
else
{
smc_free3 (auction->gamma3, auction->n, auction->n, auction->k);
smc_free3 (auction->delta3, auction->n, auction->n, auction->k);
smc_free3 (auction->phi3, auction->n, auction->n, auction->k);
}
if (auction->task)
GNUNET_SCHEDULER_cancel (auction->task);
gcry_mpi_release (auction->round_progress);
gcry_mpi_release (auction->x);
smc_free1 (auction->y, auction->n);
gcry_mpi_point_release (auction->Y);
smc_free2 (auction->alpha, auction->n, auction->k);
smc_free2 (auction->beta, auction->n, auction->k);
smc_free2 (auction->gamma2, auction->n, auction->k);
smc_free2 (auction->delta2, auction->n, auction->k);
smc_free2 (auction->phi2, auction->n, auction->k);
free (auction->phiproofs3);
smc_free1 (auction->tmpa1, auction->k);
smc_free1 (auction->tmpb1, auction->k);
if (auction->m > 0 && auction->outcome_public)
{
smc_free3 (auction->gamma3, auction->n, 2, auction->k);
smc_free3 (auction->delta3, auction->n, 2, auction->k);
smc_free3 (auction->phi3, auction->n, 2, auction->k);
}
else
{
smc_free3 (auction->gamma3, auction->n, auction->n, auction->k);
smc_free3 (auction->delta3, auction->n, auction->n, auction->k);
smc_free3 (auction->phi3, auction->n, auction->n, auction->k);
}
}
static void
report_outcome (struct BRANDT_Auction *ad,
enum auction_type atype,
enum outcome_type outcome)
enum auction_type atype,
enum outcome_type outcome)
{
struct BRANDT_Result *res;
uint16_t reslen = 0;
struct BRANDT_Result *res;
uint16_t reslen = 0;
if (!handler_res[atype][outcome] ||
!(res = handler_res[atype][outcome] (ad, &reslen)))
ad->result (ad->closure, NULL, 0);
else
ad->result (ad->closure, res, reslen);
if (! handler_res[atype][outcome] ||
! (res = handler_res[atype][outcome] (ad, &reslen)))
ad->result (ad->closure, NULL, 0);
else
ad->result (ad->closure, res, reslen);
}
static void
advance_round (struct BRANDT_Auction *ad,
enum auction_type atype,
enum outcome_type outcome)
enum auction_type atype,
enum outcome_type outcome)
{
unsigned char *buf;
size_t buflen;
unsigned char *buf;
size_t buflen;
if (!ad->seller_mode && msg_decrypt == ad->cur_round && !outcome)
{
/* we are a bidder on a private outcome auction and
* successfully parsed the msg_decrypt from the seller
* => we can determine the auction result */
report_outcome (ad, atype, outcome);
return;
}
if (! ad->seller_mode && msg_decrypt == ad->cur_round && ! outcome)
{
/* we are a bidder on a private outcome auction and
* successfully parsed the msg_decrypt from the seller
* => we can determine the auction result */
report_outcome (ad, atype, outcome);
return;
}
/* only continue if the round is complete */
for (uint16_t i = 0; i < ad->n; i++)
if (!gcry_mpi_test_bit (ad->round_progress, i))
return;
/* only continue if the round is complete */
for (uint16_t i = 0; i < ad->n; i++)
if (! gcry_mpi_test_bit (ad->round_progress, i))
return;
if (ad->seller_mode && msg_decrypt == ad->cur_round && !ad->outcome_public)
{
/* all bidders msg_decrypt received, broadcast combined msg_decrypt */
if (!handler_out[atype][outcome][ad->cur_round] ||
!(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"failed to create msg %d buffer as seller\n",
ad->cur_round);
return;
}
ad->bcast (ad->closure, buf, buflen);
}
if (ad->seller_mode && msg_decrypt == ad->cur_round && ! ad->outcome_public)
{
/* all bidders msg_decrypt received, broadcast combined msg_decrypt */
if (! handler_out[atype][outcome][ad->cur_round] ||
! (buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"failed to create msg %d buffer as seller\n",
ad->cur_round);
return;
}
ad->bcast (ad->closure, buf, buflen);
}
if (msg_decrypt == ad->cur_round)
{
report_outcome (ad, atype, outcome);
return;
}
if (msg_decrypt == ad->cur_round)
{
report_outcome (ad, atype, outcome);
return;
}
/* round complete, advance to next one */
gcry_mpi_clear_highbit (ad->round_progress, 0);
ad->cur_round++;
/* round complete, advance to next one */
gcry_mpi_clear_highbit (ad->round_progress, 0);
ad->cur_round++;
/* prepare next round. */
if (handler_prep[atype][outcome][ad->cur_round])
handler_prep[atype][outcome][ad->cur_round] (ad);
/* prepare next round. */
if (handler_prep[atype][outcome][ad->cur_round])
handler_prep[atype][outcome][ad->cur_round] (ad);
if (ad->seller_mode)
{
/** \todo: setup round timeout trigger */
/* seller does not send regular messages */
return;
}
if (ad->seller_mode)
{
/** \todo: setup round timeout trigger */
/* seller does not send regular messages */
return;
}
/* create next message buffer */
if (!handler_out[atype][outcome][ad->cur_round] ||
!(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"failed to create msg %d buffer as bidder\n",
ad->cur_round);
return;
}
/* create next message buffer */
if (! handler_out[atype][outcome][ad->cur_round] ||
! (buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"failed to create msg %d buffer as bidder\n",
ad->cur_round);
return;
}
/* msg_decrypt unicast to seller if private outcome mode.
* All other messages are broadcasted */
if (msg_decrypt == ad->cur_round && !outcome)
ad->ucast (ad->closure, buf, buflen);
else
ad->bcast (ad->closure, buf, buflen);
gcry_mpi_set_bit (ad->round_progress, ad->i);
/* msg_decrypt unicast to seller if private outcome mode.
* All other messages are broadcasted */
if (msg_decrypt == ad->cur_round && ! outcome)
ad->ucast (ad->closure, buf, buflen);
else
ad->bcast (ad->closure, buf, buflen);
gcry_mpi_set_bit (ad->round_progress, ad->i);
}
void
BRANDT_got_message (struct BRANDT_Auction *auction,
uint16_t sender,
uint16_t sender,
const unsigned char *msg,
size_t msg_len)
size_t msg_len)
{
struct msg_head *head = (struct msg_head *)msg;
enum auction_type atype;
enum outcome_type outcome;
enum rounds round = auction->cur_round;
struct msg_head *head = (struct msg_head *) msg;
enum auction_type atype;
enum outcome_type outcome;
enum rounds round = auction->cur_round;
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = auction->outcome_public ? outcome_public : outcome_private;
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = auction->outcome_public ? outcome_public : outcome_private;
/** \todo: cache out of order messages instead of discarding */
if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"got unexpected message, ignoring...\n");
return;
}
/** \todo: cache out of order messages instead of discarding */
if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"got unexpected message, ignoring...\n");
return;
}
/* check if we already got that round message from the same user */
if (gcry_mpi_test_bit (auction->round_progress, sender))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"got a duplicate message from user %d\n", sender);
return;
}
/* check if we already got that round message from the same user */
if (gcry_mpi_test_bit (auction->round_progress, sender))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"got a duplicate message from user %d\n", sender);
return;
}
if (!handler_in[atype][outcome][round] ||
!handler_in[atype][outcome][round](auction,
msg + sizeof (*head),
msg_len - sizeof (*head),
sender))
{
/** \todo */
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"wow fail in\n");
return;
}
gcry_mpi_set_bit (auction->round_progress, sender);
if (! handler_in[atype][outcome][round] ||
! handler_in[atype][outcome][round](auction,
msg + sizeof (*head),
msg_len - sizeof (*head),
sender))
{
/** \todo */
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"wow fail in\n");
return;
}
gcry_mpi_set_bit (auction->round_progress, sender);
advance_round (auction, atype, outcome);
advance_round (auction, atype, outcome);
}

62
brandt.h
View File

@ -32,24 +32,26 @@
struct BRANDT_Auction;
/** Enumeration of all possible status reports for a single bidder */
enum BRANDT_BidderStatus {
BRANDT_bidder_won,
enum BRANDT_BidderStatus
{
BRANDT_bidder_won,
};
/**
* An array of this struct is given to the application by the BRANDT_CbResult()
* callback. One instance represents the status of a single bidder.
*/
struct BRANDT_Result {
/** Id of the bidder this instance refers to */
uint16_t bidder;
struct BRANDT_Result
{
/** Id of the bidder this instance refers to */
uint16_t bidder;
/** The price the bidder has to pay. This value is only set if the #status
* indicates the bidder has won. */
uint16_t price;
/** The price the bidder has to pay. This value is only set if the #status
* indicates the bidder has won. */
uint16_t price;
/** Status of the bidder */
enum BRANDT_BidderStatus status;
/** Status of the bidder */
enum BRANDT_BidderStatus status;
};
/**
@ -85,7 +87,7 @@ typedef uint16_t
typedef int
(*BRANDT_CbDeliver)(void *auction_closure,
const void *msg,
size_t msg_len);
size_t msg_len);
/**
@ -104,7 +106,7 @@ typedef int
typedef void
(*BRANDT_CbResult)(void *auction_closure,
struct BRANDT_Result results[],
uint16_t results_len);
uint16_t results_len);
void
@ -126,7 +128,7 @@ BRANDT_init ();
*/
int
BRANDT_parse_desc (const void *auction_desc,
size_t auction_desc_len,
size_t auction_desc_len,
struct GNUNET_TIME_Absolute *time_start,
struct GNUNET_TIME_Relative *time_round,
uint16_t *num_prices,
@ -156,13 +158,13 @@ BRANDT_parse_desc (const void *auction_desc,
* black-box pointer, do NOT dereference/change it or the data it points to!
*/
struct BRANDT_Auction *
BRANDT_join (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast,
BRANDT_CbDeliver unicast,
BRANDT_join (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast,
BRANDT_CbDeliver unicast,
void *auction_closure,
const void *auction_desc,
size_t auction_desc_len,
uint16_t bid,
size_t auction_desc_len,
uint16_t bid,
struct GNUNET_CRYPTO_EccDlogContext *dlogctx);
@ -201,17 +203,17 @@ BRANDT_join (BRANDT_CbResult result,
* black-box pointer, do NOT dereference/change it or the data it points to!
*/
struct BRANDT_Auction *
BRANDT_new (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast,
BRANDT_CbStart start,
BRANDT_new (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast,
BRANDT_CbStart start,
void *auction_closure,
void **auction_desc,
size_t *auction_desc_len,
struct GNUNET_TIME_Absolute time_start,
struct GNUNET_TIME_Relative time_round,
uint16_t num_prices,
uint16_t m,
int outcome_public,
struct GNUNET_TIME_Absolute time_start,
struct GNUNET_TIME_Relative time_round,
uint16_t num_prices,
uint16_t m,
int outcome_public,
struct GNUNET_CRYPTO_EccDlogContext *dlogctx);
@ -226,8 +228,8 @@ BRANDT_new (BRANDT_CbResult result,
*/
void
BRANDT_bidder_start (struct BRANDT_Auction *auction,
uint16_t i,
uint16_t n);
uint16_t i,
uint16_t n);
/**
@ -253,9 +255,9 @@ BRANDT_destroy (struct BRANDT_Auction *auction);
*/
void
BRANDT_got_message (struct BRANDT_Auction *auction,
uint16_t sender,
uint16_t sender,
const unsigned char *msg,
size_t msg_len);
size_t msg_len);
/**\todo: Error handling functions? */

1639
crypto.c
View File

File diff suppressed because it is too large Load Diff

329
crypto.h
View File

@ -37,69 +37,85 @@ void brandt_crypto_init ();
/* used for serialized mpis and serialized curve points (they are the same size
* when compressed) */
struct ec_mpi {
unsigned char data[256 / 8];
struct ec_mpi
{
unsigned char data[256 / 8];
};
void ec_point_serialize (struct ec_mpi *dst, const gcry_mpi_point_t src);
void ec_point_parse (gcry_mpi_point_t dst, const struct ec_mpi *src);
gcry_mpi_point_t *smc_init1 (uint16_t size1);
gcry_mpi_point_t **smc_init2 (uint16_t size1, uint16_t size2);
gcry_mpi_point_t ***smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3);
void smc_free1 (gcry_mpi_point_t *dst, uint16_t size1);
void smc_free2 (gcry_mpi_point_t **dst, uint16_t size1, uint16_t size2);
void smc_free3 (gcry_mpi_point_t ***dst,
uint16_t size1,
uint16_t size2,
uint16_t size3);
uint16_t size1,
uint16_t size2,
uint16_t size3);
void smc_sums_partial (gcry_mpi_point_t out[],
gcry_mpi_point_t in[],
uint16_t len,
uint16_t stepi,
uint16_t stepo);
uint16_t len,
uint16_t stepi,
uint16_t stepo);
void smc_sum (gcry_mpi_point_t out,
gcry_mpi_point_t in[],
uint16_t len,
uint16_t step);
uint16_t len,
uint16_t step);
void ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src);
int ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b);
void ec_skey_create (gcry_mpi_t skey);
void ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey);
void ec_keypair_create_base (gcry_mpi_point_t pkey,
gcry_mpi_t skey,
void ec_keypair_create_base (gcry_mpi_point_t pkey,
gcry_mpi_t skey,
const gcry_mpi_point_t base);
/* --- Zero knowledge proofs --- */
struct proof_dl {
struct ec_mpi r;
struct ec_mpi a;
struct proof_dl
{
struct ec_mpi r;
struct ec_mpi a;
};
struct proof_2dle {
struct ec_mpi r;
struct ec_mpi a;
struct ec_mpi b;
struct proof_2dle
{
struct ec_mpi r;
struct ec_mpi a;
struct ec_mpi b;
};
struct proof_0og {
struct ec_mpi a1;
struct ec_mpi a2;
struct ec_mpi b1;
struct ec_mpi b2;
struct ec_mpi d1;
struct ec_mpi d2;
struct ec_mpi r1;
struct ec_mpi r2;
struct proof_0og
{
struct ec_mpi a1;
struct ec_mpi a2;
struct ec_mpi b1;
struct ec_mpi b2;
struct ec_mpi d1;
struct ec_mpi d2;
struct ec_mpi r1;
struct ec_mpi r2;
};
void smc_zkp_dl (gcry_mpi_point_t v,
const gcry_mpi_t x,
struct proof_dl *proof);
int smc_zkp_dl_check (const gcry_mpi_point_t v,
const struct proof_dl *proof);
@ -107,20 +123,22 @@ void smc_zkp_2dle (const gcry_mpi_point_t v,
const gcry_mpi_point_t w,
const gcry_mpi_point_t g1,
const gcry_mpi_point_t g2,
const gcry_mpi_t x,
const gcry_mpi_t x,
struct proof_2dle *proof);
int smc_zkp_2dle_check (const gcry_mpi_point_t v,
const gcry_mpi_point_t w,
const gcry_mpi_point_t g1,
const gcry_mpi_point_t g2,
int smc_zkp_2dle_check (const gcry_mpi_point_t v,
const gcry_mpi_point_t w,
const gcry_mpi_point_t g1,
const gcry_mpi_point_t g2,
const struct proof_2dle *proof);
void smc_zkp_0og (int m_is_gen,
void smc_zkp_0og (int m_is_gen,
const gcry_mpi_point_t y,
gcry_mpi_t r,
gcry_mpi_point_t alpha,
gcry_mpi_point_t beta,
gcry_mpi_t r,
gcry_mpi_point_t alpha,
gcry_mpi_point_t beta,
struct proof_0og *proof);
int smc_zkp_0og_check (const gcry_mpi_point_t y,
const gcry_mpi_point_t alpha,
const gcry_mpi_point_t beta,
@ -130,53 +148,65 @@ int smc_zkp_0og_check (const gcry_mpi_point_t y,
/* --- Protocol implementation --- */
void smc_prep_keyshare (struct BRANDT_Auction *ad);
unsigned char *smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen);
int smc_recv_keyshare (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender_index);
size_t buflen,
uint16_t sender_index);
void smc_prep_bid (struct BRANDT_Auction *ad);
unsigned char *smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen);
int smc_recv_encrypted_bid (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender_index);
size_t buflen,
uint16_t sender_index);
void fp_priv_prep_outcome (struct BRANDT_Auction *ad);
unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad,
size_t *buflen);
int fp_priv_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender);
size_t buflen,
uint16_t sender);
void fp_priv_prep_decryption (struct BRANDT_Auction *ad);
unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad,
size_t *buflen);
int fp_priv_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender);
size_t buflen,
uint16_t sender);
struct BRANDT_Result *fp_priv_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len);
void fp_pub_prep_outcome (struct BRANDT_Auction *ad);
unsigned char *fp_pub_compute_outcome (struct BRANDT_Auction *ad,
size_t *buflen);
int fp_pub_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender);
size_t buflen,
uint16_t sender);
void fp_pub_prep_decryption (struct BRANDT_Auction *ad);
unsigned char *fp_pub_decrypt_outcome (struct BRANDT_Auction *ad,
size_t *buflen);
int fp_pub_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender);
size_t buflen,
uint16_t sender);
struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len);
@ -189,20 +219,24 @@ struct BRANDT_Result *mp_priv_determine_outcome (struct BRANDT_Auction *ad,
void mp_pub_prep_outcome (struct BRANDT_Auction *ad);
unsigned char *mp_pub_compute_outcome (struct BRANDT_Auction *ad,
size_t *buflen);
int mp_pub_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender);
size_t buflen,
uint16_t sender);
void mp_pub_prep_decryption (struct BRANDT_Auction *ad);
unsigned char *mp_pub_decrypt_outcome (struct BRANDT_Auction *ad,
size_t *buflen);
int mp_pub_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender);
size_t buflen,
uint16_t sender);
struct BRANDT_Result *mp_pub_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len);
@ -216,8 +250,8 @@ typedef void
typedef int
(*MsgIn)(struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender);
size_t buflen,
uint16_t sender);
typedef unsigned char *
@ -241,34 +275,34 @@ typedef struct BRANDT_Result *
static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = {
[auction_firstPrice] = {
[outcome_private] = {
[msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid,
[msg_outcome] = &fp_priv_prep_outcome,
[msg_decrypt] = &fp_priv_prep_decryption,
},
[outcome_public] = {
[msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid,
[msg_outcome] = &fp_pub_prep_outcome,
[msg_decrypt] = &fp_pub_prep_decryption,
},
},
[auction_mPlusFirstPrice] = {
[outcome_private] = {
[msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid,
[msg_outcome] = &mp_priv_prep_outcome,
[msg_decrypt] = &fp_priv_prep_decryption,
},
[outcome_public] = {
[msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid,
[msg_outcome] = &mp_pub_prep_outcome,
[msg_decrypt] = &mp_pub_prep_decryption,
},
},
[auction_firstPrice] = {
[outcome_private] = {
[msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid,
[msg_outcome] = &fp_priv_prep_outcome,
[msg_decrypt] = &fp_priv_prep_decryption,
},
[outcome_public] = {
[msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid,
[msg_outcome] = &fp_pub_prep_outcome,
[msg_decrypt] = &fp_pub_prep_decryption,
},
},
[auction_mPlusFirstPrice] = {
[outcome_private] = {
[msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid,
[msg_outcome] = &mp_priv_prep_outcome,
[msg_decrypt] = &fp_priv_prep_decryption,
},
[outcome_public] = {
[msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid,
[msg_outcome] = &mp_pub_prep_outcome,
[msg_decrypt] = &mp_pub_prep_decryption,
},
},
};
@ -283,34 +317,34 @@ static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = {
* of 0 means a private outcome, while a value of 1 means public outcome.
*/
static const MsgIn handler_in[auction_last][outcome_last][msg_last] = {
[auction_firstPrice] = {
[outcome_private] = {
[msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_priv_recv_outcome,
[msg_decrypt] = &fp_priv_recv_decryption,
},
[outcome_public] = {
[msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_pub_recv_outcome,
[msg_decrypt] = &fp_pub_recv_decryption,
},
},
[auction_mPlusFirstPrice] = {
[outcome_private] = {
[msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_priv_recv_outcome,
[msg_decrypt] = &fp_priv_recv_decryption,
},
[outcome_public] = {
[msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &mp_pub_recv_outcome,
[msg_decrypt] = &mp_pub_recv_decryption,
},
},
[auction_firstPrice] = {
[outcome_private] = {
[msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_priv_recv_outcome,
[msg_decrypt] = &fp_priv_recv_decryption,
},
[outcome_public] = {
[msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_pub_recv_outcome,
[msg_decrypt] = &fp_pub_recv_decryption,
},
},
[auction_mPlusFirstPrice] = {
[outcome_private] = {
[msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_priv_recv_outcome,
[msg_decrypt] = &fp_priv_recv_decryption,
},
[outcome_public] = {
[msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &mp_pub_recv_outcome,
[msg_decrypt] = &mp_pub_recv_decryption,
},
},
};
@ -326,34 +360,34 @@ static const MsgIn handler_in[auction_last][outcome_last][msg_last] = {
* of 0 means a private outcome, while a value of 1 means public outcome.
*/
static const MsgOut handler_out[auction_last][outcome_last][msg_last] = {
[auction_firstPrice] = {
[outcome_private] = {
[msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_priv_compute_outcome,
[msg_decrypt] = &fp_priv_decrypt_outcome,
},
[outcome_public] = {
[msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_pub_compute_outcome,
[msg_decrypt] = &fp_pub_decrypt_outcome,
},
},
[auction_mPlusFirstPrice] = {
[outcome_private] = {
[msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_priv_compute_outcome,
[msg_decrypt] = &fp_priv_decrypt_outcome,
},
[outcome_public] = {
[msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &mp_pub_compute_outcome,
[msg_decrypt] = &mp_pub_decrypt_outcome,
},
},
[auction_firstPrice] = {
[outcome_private] = {
[msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_priv_compute_outcome,
[msg_decrypt] = &fp_priv_decrypt_outcome,
},
[outcome_public] = {
[msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_pub_compute_outcome,
[msg_decrypt] = &fp_pub_decrypt_outcome,
},
},
[auction_mPlusFirstPrice] = {
[outcome_private] = {
[msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_priv_compute_outcome,
[msg_decrypt] = &fp_priv_decrypt_outcome,
},
[outcome_public] = {
[msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &mp_pub_compute_outcome,
[msg_decrypt] = &mp_pub_decrypt_outcome,
},
},
};
/**
@ -368,16 +402,15 @@ static const MsgOut handler_out[auction_last][outcome_last][msg_last] = {
* of 0 means a private outcome, while a value of 1 means public outcome.
*/
static const Result handler_res[auction_last][outcome_last] = {
[auction_firstPrice] = {
[outcome_private] = &fp_priv_determine_outcome,
[outcome_public] = &fp_pub_determine_outcome,
},
[auction_mPlusFirstPrice] = {
[outcome_private] = &mp_priv_determine_outcome,
[outcome_public] = &mp_pub_determine_outcome,
},
[auction_firstPrice] = {
[outcome_private] = &fp_priv_determine_outcome,
[outcome_public] = &fp_pub_determine_outcome,
},
[auction_mPlusFirstPrice] = {
[outcome_private] = &mp_priv_determine_outcome,
[outcome_public] = &mp_pub_determine_outcome,
},
};
#endif /* ifndef _BRANDT_CRYPTO_H */

842
fp_priv.c
View File

@ -32,115 +32,115 @@
void
fp_priv_prep_outcome (struct BRANDT_Auction *ad)
{
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3;
ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->gamma3);
ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->gamma3);
ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->delta3);
ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->delta3);
/* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k);
/* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k);
/* temporary lookup table for first summand (no one has a higher bid) */
for (uint16_t i = 0; i < ad->n; i++)
{
smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta3[i][j],
tlta2[i][ad->k - 1],
tlta2[i][j],
ec_ctx);
gcry_mpi_ec_sub (tltb3[i][j],
tltb2[i][ad->k - 1],
tltb2[i][j],
ec_ctx);
}
brandt_assert (!ec_point_cmp (ec_zero, tlta3[i][ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb3[i][ad->k - 1]));
}
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tlta1[j], &tlta3[0][j], ad->n, ad->k);
smc_sum (tltb1[j], &tltb3[0][j], ad->n, ad->k);
}
brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1]));
/* \todo: merge into one nested i,j loop and one nested j,i loop? */
/* temporary lookup table for first summand (no one has a higher bid) */
for (uint16_t i = 0; i < ad->n; i++)
{
smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta3[i][j],
tlta2[i][ad->k - 1],
tlta2[i][j],
ec_ctx);
gcry_mpi_ec_sub (tltb3[i][j],
tltb2[i][ad->k - 1],
tltb2[i][j],
ec_ctx);
}
brandt_assert (! ec_point_cmp (ec_zero, tlta3[i][ad->k - 1]));
brandt_assert (! ec_point_cmp (ec_zero, tltb3[i][ad->k - 1]));
}
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tlta1[j], &tlta3[0][j], ad->n, ad->k);
smc_sum (tltb1[j], &tltb3[0][j], ad->n, ad->k);
}
brandt_assert (! ec_point_cmp (ec_zero, tlta1[ad->k - 1]));
brandt_assert (! ec_point_cmp (ec_zero, tltb1[ad->k - 1]));
/* \todo: merge into one nested i,j loop and one nested j,i loop? */
/* temporary lookup table for second summand (my bid is not lower) */
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta2[i][j], tlta2[i][j], ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j], tltb2[i][j], ad->beta[i][j], ec_ctx);
}
brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][0]));
brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][0]));
}
/* temporary lookup table for second summand (my bid is not lower) */
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta2[i][j], tlta2[i][j], ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j], tltb2[i][j], ad->beta[i][j], ec_ctx);
}
brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][0]));
brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][0]));
}
/* temporary lookup table for third summand (no one with a lower index has
* the same bid) */
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sums_partial (&tlta3[0][j], &ad->alpha[0][j], ad->n, ad->k, ad->k);
smc_sums_partial (&tltb3[0][j], &ad->beta[0][j], ad->n, ad->k, ad->k);
for (uint16_t i = 0; i < ad->n; i++)
{
gcry_mpi_ec_sub (tlta3[i][j], tlta3[i][j], ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_sub (tltb3[i][j], tltb3[i][j], ad->beta[i][j], ec_ctx);
}
brandt_assert (!ec_point_cmp (ec_zero, tlta3[0][j]));
brandt_assert (!ec_point_cmp (ec_zero, tltb3[0][j]));
}
/* temporary lookup table for third summand (no one with a lower index has
* the same bid) */
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sums_partial (&tlta3[0][j], &ad->alpha[0][j], ad->n, ad->k, ad->k);
smc_sums_partial (&tltb3[0][j], &ad->beta[0][j], ad->n, ad->k, ad->k);
for (uint16_t i = 0; i < ad->n; i++)
{
gcry_mpi_ec_sub (tlta3[i][j], tlta3[i][j], ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_sub (tltb3[i][j], tltb3[i][j], ad->beta[i][j], ec_ctx);
}
brandt_assert (! ec_point_cmp (ec_zero, tlta3[0][j]));
brandt_assert (! ec_point_cmp (ec_zero, tltb3[0][j]));
}
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
/* compute inner gamma */
gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
/* compute inner gamma */
gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx);
/* compute inner delta */
gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx);
gcry_mpi_ec_add (tmpb, tmpb, tltb3[i][j], ec_ctx);
/* compute inner delta */
gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx);
gcry_mpi_ec_add (tmpb, tmpb, tltb3[i][j], ec_ctx);
/* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->gamma3[a][i][j], tmpa);
ec_point_copy (ad->delta3[a][i][j], tmpb);
}
}
}
/* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->gamma3[a][i][j], tmpa);
ec_point_copy (ad->delta3[a][i][j], tmpb);
}
}
}
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k);
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k);
}
@ -156,236 +156,236 @@ fp_priv_prep_outcome (struct BRANDT_Auction *ad)
unsigned char *
fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct ec_mpi *gamma;
struct ec_mpi *delta;
struct proof_2dle *proof2;
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct ec_mpi *gamma;
struct ec_mpi *delta;
struct proof_2dle *proof2;
brandt_assert (ad && buflen);
brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + /* msg header */
ad->n * ad->k * /* nk * (gamma, delta, proof2) */
(sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
*buflen = (sizeof (*head) /* msg header */
+ ad->n * ad->k /* nk * (gamma, delta, proof2) */
* (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head);
head = (struct msg_head *) ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gamma = (struct ec_mpi *)cur;
delta = &((struct ec_mpi *)cur)[1];
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gamma = (struct ec_mpi *) cur;
delta = &((struct ec_mpi *) cur)[1];
proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]);
ec_point_copy (tmpb, ad->delta3[ad->i][i][j]);
ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]);
ec_point_copy (tmpb, ad->delta3[ad->i][i][j]);
/* apply random masking for losing bidders */
smc_zkp_2dle (ad->gamma3[ad->i][i][j],
ad->delta3[ad->i][i][j],
tmpa,
tmpb,
NULL,
proof2);
/* apply random masking for losing bidders */
smc_zkp_2dle (ad->gamma3[ad->i][i][j],
ad->delta3[ad->i][i][j],
tmpa,
tmpb,
NULL,
proof2);
ec_point_serialize (gamma, ad->gamma3[ad->i][i][j]);
ec_point_serialize (delta, ad->delta3[ad->i][i][j]);
ec_point_serialize (gamma, ad->gamma3[ad->i][i][j]);
ec_point_serialize (delta, ad->delta3[ad->i][i][j]);
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
}
}
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
}
}
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
return ret;
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
return ret;
}
int
fp_priv_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender)
size_t buflen,
uint16_t sender)
{
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0);
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0);
brandt_assert (ad && buf);
brandt_assert (ad && buf);
if (buflen != (ad->n * ad->k *
(2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome\n");
goto quit;
}
if (buflen != (ad->n * ad->k
* (2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome\n");
goto quit;
}
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (gamma, (struct ec_mpi *)cur);
ec_point_parse (delta, &((struct ec_mpi *)cur)[1]);
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma,
delta,
ad->gamma3[sender][i][j],
ad->delta3[sender][i][j],
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for gamma, delta received\n");
goto quit;
}
ec_point_copy (ad->gamma3[sender][i][j], gamma);
ec_point_copy (ad->delta3[sender][i][j], delta);
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
}
}
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (gamma, (struct ec_mpi *) cur);
ec_point_parse (delta, &((struct ec_mpi *) cur)[1]);
proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma,
delta,
ad->gamma3[sender][i][j],
ad->delta3[sender][i][j],
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for gamma, delta received\n");
goto quit;
}
ec_point_copy (ad->gamma3[sender][i][j], gamma);
ec_point_copy (ad->delta3[sender][i][j], delta);
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
}
}
ret = 1;
ret = 1;
quit:
gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta);
return ret;
gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta);
return ret;
}
void
fp_priv_prep_decryption (struct BRANDT_Auction *ad)
{
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
ad->phi3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->phi3);
ad->phi3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->phi3);
ad->phiproofs3 = GNUNET_new_array_3d (ad->n,
ad->n,
ad->k,
struct proof_2dle);
brandt_assert (ad->phiproofs3);
ad->phiproofs3 = GNUNET_new_array_3d (ad->n,
ad->n,
ad->k,
struct proof_2dle);
brandt_assert (ad->phiproofs3);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k);
/* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++)
ec_point_copy (ad->phi3[a][i][j], tmp);
}
}
/* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++)
ec_point_copy (ad->phi3[a][i][j], tmp);
}
}
gcry_mpi_point_release (tmp);
gcry_mpi_point_release (tmp);
}
static unsigned char *
fp_priv_decrypt_outcome_seller (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct ec_mpi *phi;
struct proof_2dle *proof2;
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct ec_mpi *phi;
struct proof_2dle *proof2;
*buflen = (sizeof (*head) +
(ad->n - 1) * ad->n * ad->k * (sizeof (*phi) +
sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
*buflen = (sizeof (*head)
+ (ad->n - 1) * ad->n * ad->k * (sizeof (*phi)
+ sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head);
head = (struct msg_head *) ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head);
for (uint16_t h = 0; h < ad->n; h++)
{
for (uint16_t i = 0; i < ad->n; i++)
{
/* don't reveal outcome to losing bidders */
if (h == i)
continue;
for (uint16_t h = 0; h < ad->n; h++)
{
for (uint16_t i = 0; i < ad->n; i++)
{
/* don't reveal outcome to losing bidders */
if (h == i)
continue;
for (uint16_t j = 0; j < ad->k; j++)
{
phi = (struct ec_mpi *)cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi));
for (uint16_t j = 0; j < ad->k; j++)
{
phi = (struct ec_mpi *) cur;
proof2 = (struct proof_2dle *) (cur + sizeof (*phi));
ec_point_serialize (phi, ad->phi3[h][i][j]);
memcpy (proof2, &ad->phiproofs3[h][i][j], sizeof (*proof2));
ec_point_serialize (phi, ad->phi3[h][i][j]);
memcpy (proof2, &ad->phiproofs3[h][i][j], sizeof (*proof2));
cur += sizeof (*phi) + sizeof (*proof2);
}
}
}
cur += sizeof (*phi) + sizeof (*proof2);
}
}
}
gcry_mpi_point_release (tmp);
return ret;
gcry_mpi_point_release (tmp);
return ret;
}
static unsigned char *
fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct ec_mpi *phi;
struct proof_2dle *proof2;
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct ec_mpi *phi;
struct proof_2dle *proof2;
*buflen = (sizeof (*head) +
ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
*buflen = (sizeof (*head)
+ ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head);
head = (struct msg_head *) ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
phi = (struct ec_mpi *)cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi));
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
phi = (struct ec_mpi *) cur;
proof2 = (struct proof_2dle *) (cur + sizeof (*phi));
ec_point_copy (tmp, ad->phi3[ad->i][i][j]);
ec_point_copy (tmp, ad->phi3[ad->i][i][j]);
/* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi3[ad->i][i][j],
NULL,
tmp,
ec_gen,
ad->x,
proof2);
/* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi3[ad->i][i][j],
NULL,
tmp,
ec_gen,
ad->x,
proof2);
ec_point_serialize (phi, ad->phi3[ad->i][i][j]);
ec_point_serialize (phi, ad->phi3[ad->i][i][j]);
cur += sizeof (*phi) + sizeof (*proof2);
}
}
cur += sizeof (*phi) + sizeof (*proof2);
}
}
gcry_mpi_point_release (tmp);
return ret;
gcry_mpi_point_release (tmp);
return ret;
}
@ -403,143 +403,143 @@ fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen)
unsigned char *
fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{
brandt_assert (ad && buflen);
if (ad->seller_mode)
return fp_priv_decrypt_outcome_seller (ad, buflen);
else
return fp_priv_decrypt_outcome_bidder (ad, buflen);
brandt_assert (ad && buflen);
if (ad->seller_mode)
return fp_priv_decrypt_outcome_seller (ad, buflen);
else
return fp_priv_decrypt_outcome_bidder (ad, buflen);
}
static int
fp_priv_recv_decryption_seller (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender)
size_t buflen,
uint16_t sender)
{
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome decryption from bidder\n");
goto quit;
}
if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome decryption from bidder\n");
goto quit;
}
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (phi, (struct ec_mpi *)cur);
proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi,
ad->y[sender],
ad->phi3[sender][i][j],
ec_gen,
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for phi, y received from bidder\n");
goto quit;
}
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (phi, (struct ec_mpi *) cur);
proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi,
ad->y[sender],
ad->phi3[sender][i][j],
ec_gen,
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for phi, y received from bidder\n");
goto quit;
}
/* store proof. we need to rebroadcast it to the other bidders */
memcpy (&ad->phiproofs3[sender][i][j], proof2, sizeof (*proof2));
/* store proof. we need to rebroadcast it to the other bidders */
memcpy (&ad->phiproofs3[sender][i][j], proof2, sizeof (*proof2));
ec_point_copy (ad->phi3[sender][i][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
}
ec_point_copy (ad->phi3[sender][i][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
}
ret = 1;
ret = 1;
quit:
gcry_mpi_point_release (phi);
return ret;
gcry_mpi_point_release (phi);
return ret;
}
static int
fp_priv_recv_decryption_bidder (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender)
size_t buflen,
uint16_t sender)
{
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
if (buflen != ((ad->n - 1) * ad->n * ad->k * (sizeof (struct ec_mpi) +
sizeof (*proof2))))
{
GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome decryption from seller\n");
goto quit;
}
if (buflen != ((ad->n - 1) * ad->n * ad->k * (sizeof (struct ec_mpi)
+ sizeof (*proof2))))
{
GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome decryption from seller\n");
goto quit;
}
for (uint16_t h = 0; h < ad->n; h++)
{
for (uint16_t i = 0; i < ad->n; i++)
{
/* those combinations are not sent by the seller */
if (h == i)
continue;
for (uint16_t h = 0; h < ad->n; h++)
{
for (uint16_t i = 0; i < ad->n; i++)
{
/* those combinations are not sent by the seller */
if (h == i)
continue;
/* we already have our own phi values */
if (h == ad->i)
{
cur += ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2));
continue;
}
/* we already have our own phi values */
if (h == ad->i)
{
cur += ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2));
continue;
}
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (phi, (struct ec_mpi *)cur);
proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi,
ad->y[h],
ad->phi3[h][i][j],
ec_gen,
proof2))
{
GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for phi, y received from seller\n");
goto quit;
}
ec_point_copy (ad->phi3[h][i][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
}
}
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (phi, (struct ec_mpi *) cur);
proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi,
ad->y[h],
ad->phi3[h][i][j],
ec_gen,
proof2))
{
GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for phi, y received from seller\n");
goto quit;
}
ec_point_copy (ad->phi3[h][i][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
}
}
ret = 1;
ret = 1;
quit:
gcry_mpi_point_release (phi);
return ret;
gcry_mpi_point_release (phi);
return ret;
}
int
fp_priv_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender)
size_t buflen,
uint16_t sender)
{
brandt_assert (ad && buf);
if (ad->seller_mode)
return fp_priv_recv_decryption_seller (ad, buf, buflen, sender);
else
return fp_priv_recv_decryption_bidder (ad, buf, buflen, sender);
brandt_assert (ad && buf);
if (ad->seller_mode)
return fp_priv_recv_decryption_seller (ad, buf, buflen, sender);
else
return fp_priv_recv_decryption_bidder (ad, buf, buflen, sender);
}
@ -547,57 +547,57 @@ struct BRANDT_Result *
fp_priv_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len)
{
struct BRANDT_Result *ret;
int32_t price = -1;
int32_t winner = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
struct BRANDT_Result *ret;
int32_t price = -1;
int32_t winner = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
brandt_assert (ad);
brandt_assert (ad);
for (uint16_t i = 0; i < ad->n; i++)
{
if (!ad->seller_mode && i != ad->i)
continue;
for (uint16_t i = 0; i < ad->n; i++)
{
if (! ad->seller_mode && i != ad->i)
continue;
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k);
smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
if (!ec_point_cmp (sum_gamma, ec_zero))
{
if (-1 != price)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"multiple winning prices detected\n");
return NULL;
}
if (-1 != winner)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"multiple winners detected\n");
return NULL;
}
price = j;
winner = i;
}
}
}
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k);
smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
if (! ec_point_cmp (sum_gamma, ec_zero))
{
if (-1 != price)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"multiple winning prices detected\n");
return NULL;
}
if (-1 != winner)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"multiple winners detected\n");
return NULL;
}
price = j;
winner = i;
}
}
}
gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi);
gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi);
if (-1 == winner || -1 == price)
return NULL;
if (-1 == winner || -1 == price)
return NULL;
ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = winner;
ret->price = price;
ret->status = BRANDT_bidder_won;
if (len)
*len = 1;
return ret;
ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = winner;
ret->price = price;
ret->status = BRANDT_bidder_won;
if (len)
*len = 1;
return ret;
}

616
fp_pub.c
View File

@ -32,97 +32,97 @@
void
fp_pub_prep_outcome (struct BRANDT_Auction *ad)
{
gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE);
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2;
gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE);
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2;
ad->gamma2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->gamma2);
ad->gamma2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->gamma2);
ad->delta2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->delta2);
ad->delta2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->delta2);
ad->tmpa1 = smc_init1 (ad->k);
brandt_assert (ad->tmpa1);
ad->tmpa1 = smc_init1 (ad->k);
brandt_assert (ad->tmpa1);
ad->tmpb1 = smc_init1 (ad->k);
brandt_assert (ad->tmpb1);
ad->tmpb1 = smc_init1 (ad->k);
brandt_assert (ad->tmpb1);
/* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k);
/* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k);
/* temporary lookup table for sum of bid vectors */
for (uint16_t i = 0; i < ad->n; i++)
{
smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta2[i][j],
tlta2[i][ad->k - 1],
tlta2[i][j],
ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j],
tltb2[i][ad->k - 1],
tltb2[i][j],
ec_ctx);
}
brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
}
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tlta1[j], &tlta2[0][j], ad->n, ad->k);
smc_sum (tltb1[j], &tltb2[0][j], ad->n, ad->k);
}
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1]));
/* temporary lookup table for sum of bid vectors */
for (uint16_t i = 0; i < ad->n; i++)
{
smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta2[i][j],
tlta2[i][ad->k - 1],
tlta2[i][j],
ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j],
tltb2[i][ad->k - 1],
tltb2[i][j],
ec_ctx);
}
brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
}
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tlta1[j], &tlta2[0][j], ad->n, ad->k);
smc_sum (tltb1[j], &tltb2[0][j], ad->n, ad->k);
}
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
brandt_assert (! ec_point_cmp (ec_zero, tlta1[ad->k - 1]));
brandt_assert (! ec_point_cmp (ec_zero, tltb1[ad->k - 1]));
/* initialize tmp array with zeroes, since we are calculating a sum */
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_copy (ad->tmpa1[j], ec_zero);
ec_point_copy (ad->tmpb1[j], ec_zero);
}
/* store the \sum_{i=1}^n2^{i-1}b_i in tmp1 until outcome determination,
* since it is needed each time a gamma,delta pair is received from another
* bidder */
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_mul (tmp, coeff, ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_add (ad->tmpa1[j], ad->tmpa1[j], tmp, ec_ctx);
gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx);
gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx);
}
gcry_mpi_lshift (coeff, coeff, 1);
}
/* initialize tmp array with zeroes, since we are calculating a sum */
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_copy (ad->tmpa1[j], ec_zero);
ec_point_copy (ad->tmpb1[j], ec_zero);
}
/* store the \sum_{i=1}^n2^{i-1}b_i in tmp1 until outcome determination,
* since it is needed each time a gamma,delta pair is received from another
* bidder */
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_mul (tmp, coeff, ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_add (ad->tmpa1[j], ad->tmpa1[j], tmp, ec_ctx);
gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx);
gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx);
}
gcry_mpi_lshift (coeff, coeff, 1);
}
for (uint16_t j = 0; j < ad->k; j++)
{
/* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->gamma2[a][j], tlta1[j]);
ec_point_copy (ad->delta2[a][j], tltb1[j]);
}
}
for (uint16_t j = 0; j < ad->k; j++)
{
/* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->gamma2[a][j], tlta1[j]);
ec_point_copy (ad->delta2[a][j], tltb1[j]);
}
}
gcry_mpi_release (coeff);
gcry_mpi_point_release (tmp);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
gcry_mpi_release (coeff);
gcry_mpi_point_release (tmp);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
}
@ -139,149 +139,149 @@ fp_pub_prep_outcome (struct BRANDT_Auction *ad)
unsigned char *
fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct msg_head *head;
struct ec_mpi *gamma;
struct ec_mpi *delta;
struct proof_2dle *proof2;
unsigned char *ret;
unsigned char *cur;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct msg_head *head;
struct ec_mpi *gamma;
struct ec_mpi *delta;
struct proof_2dle *proof2;
brandt_assert (ad && buflen);
brandt_assert (ad && buflen);
*buflen = (sizeof (*head) +
ad->k * (sizeof (*gamma) +
sizeof (*delta) +
sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
*buflen = (sizeof (*head)
+ ad->k * (sizeof (*gamma)
+ sizeof (*delta)
+ sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head);
head = (struct msg_head *) ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head);
for (uint16_t j = 0; j < ad->k; j++)
{
gamma = (struct ec_mpi *)cur;
delta = &((struct ec_mpi *)cur)[1];
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
for (uint16_t j = 0; j < ad->k; j++)
{
gamma = (struct ec_mpi *) cur;
delta = &((struct ec_mpi *) cur)[1];
proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
ec_point_copy (tmpa, ad->gamma2[ad->i][j]);
ec_point_copy (tmpb, ad->delta2[ad->i][j]);
ec_point_copy (tmpa, ad->gamma2[ad->i][j]);
ec_point_copy (tmpb, ad->delta2[ad->i][j]);
/* apply random masking to first summand */
smc_zkp_2dle (ad->gamma2[ad->i][j],
ad->delta2[ad->i][j],
tmpa,
tmpb,
NULL,
proof2);
/* apply random masking to first summand */
smc_zkp_2dle (ad->gamma2[ad->i][j],
ad->delta2[ad->i][j],
tmpa,
tmpb,
NULL,
proof2);
ec_point_serialize (gamma, ad->gamma2[ad->i][j]);
ec_point_serialize (delta, ad->delta2[ad->i][j]);
ec_point_serialize (gamma, ad->gamma2[ad->i][j]);
ec_point_serialize (delta, ad->delta2[ad->i][j]);
/* add winner determination for own gamma,delta */
gcry_mpi_ec_add (ad->gamma2[ad->i][j],
ad->gamma2[ad->i][j],
ad->tmpa1[j],
ec_ctx);
gcry_mpi_ec_add (ad->delta2[ad->i][j],
ad->delta2[ad->i][j],
ad->tmpb1[j],
ec_ctx);
/* add winner determination for own gamma,delta */
gcry_mpi_ec_add (ad->gamma2[ad->i][j],
ad->gamma2[ad->i][j],
ad->tmpa1[j],
ec_ctx);
gcry_mpi_ec_add (ad->delta2[ad->i][j],
ad->delta2[ad->i][j],
ad->tmpb1[j],
ec_ctx);
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
}
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
}
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
return ret;
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
return ret;
}
int
fp_pub_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender)
size_t buflen,
uint16_t sender)
{
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0);
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0);
brandt_assert (ad && buf);
brandt_assert (ad && buf);
if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome\n");
goto quit;
}
if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome\n");
goto quit;
}
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (gamma, (struct ec_mpi *)cur);
ec_point_parse (delta, &((struct ec_mpi *)cur)[1]);
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma,
delta,
ad->gamma2[sender][j],
ad->delta2[sender][j],
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for gamma, delta received\n");
goto quit;
}
ec_point_copy (ad->gamma2[sender][j], gamma);
ec_point_copy (ad->delta2[sender][j], delta);
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (gamma, (struct ec_mpi *) cur);
ec_point_parse (delta, &((struct ec_mpi *) cur)[1]);
proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma,
delta,
ad->gamma2[sender][j],
ad->delta2[sender][j],
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for gamma, delta received\n");
goto quit;
}
ec_point_copy (ad->gamma2[sender][j], gamma);
ec_point_copy (ad->delta2[sender][j], delta);
/* add winner determination summand */
gcry_mpi_ec_add (ad->gamma2[sender][j],
ad->gamma2[sender][j],
ad->tmpa1[j],
ec_ctx);
gcry_mpi_ec_add (ad->delta2[sender][j],
ad->delta2[sender][j],
ad->tmpb1[j],
ec_ctx);
/* add winner determination summand */
gcry_mpi_ec_add (ad->gamma2[sender][j],
ad->gamma2[sender][j],
ad->tmpa1[j],
ec_ctx);
gcry_mpi_ec_add (ad->delta2[sender][j],
ad->delta2[sender][j],
ad->tmpb1[j],
ec_ctx);
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
}
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
}
ret = 1;
ret = 1;
quit:
gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta);
return ret;
gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta);
return ret;
}
void
fp_pub_prep_decryption (struct BRANDT_Auction *ad)
{
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
ad->phi2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->phi2);
ad->phi2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->phi2);
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k);
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k);
/* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++)
ec_point_copy (ad->phi2[a][j], tmp);
}
/* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++)
ec_point_copy (ad->phi2[a][j], tmp);
}
gcry_mpi_point_release (tmp);
gcry_mpi_point_release (tmp);
}
@ -297,92 +297,92 @@ fp_pub_prep_decryption (struct BRANDT_Auction *ad)
unsigned char *
fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct msg_head *head;
struct ec_mpi *phi;
struct proof_2dle *proof2;
unsigned char *ret;
unsigned char *cur;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct msg_head *head;
struct ec_mpi *phi;
struct proof_2dle *proof2;
brandt_assert (ad && buflen);
brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
*buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head);
head = (struct msg_head *) ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head);
for (uint16_t j = 0; j < ad->k; j++)
{
phi = (struct ec_mpi *)cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi));
for (uint16_t j = 0; j < ad->k; j++)
{
phi = (struct ec_mpi *) cur;
proof2 = (struct proof_2dle *) (cur + sizeof (*phi));
ec_point_copy (tmp, ad->phi2[ad->i][j]);
ec_point_copy (tmp, ad->phi2[ad->i][j]);
/* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi2[ad->i][j],
NULL,
tmp,
ec_gen,
ad->x,
proof2);
/* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi2[ad->i][j],
NULL,
tmp,
ec_gen,
ad->x,
proof2);
ec_point_serialize (phi, ad->phi2[ad->i][j]);
ec_point_serialize (phi, ad->phi2[ad->i][j]);
cur += sizeof (*phi) + sizeof (*proof2);
}
cur += sizeof (*phi) + sizeof (*proof2);
}
gcry_mpi_point_release (tmp);
return ret;
gcry_mpi_point_release (tmp);
return ret;
}
int
fp_pub_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender)
size_t buflen,
uint16_t sender)
{
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
brandt_assert (ad && buf);
brandt_assert (ad && buf);
if (buflen != (ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome decryption\n");
goto quit;
}
if (buflen != (ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome decryption\n");
goto quit;
}
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (phi, (struct ec_mpi *)cur);
proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi,
ad->y[sender],
ad->phi2[sender][j],
ec_gen,
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for phi, y received\n");
goto quit;
}
ec_point_copy (ad->phi2[sender][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (phi, (struct ec_mpi *) cur);
proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi,
ad->y[sender],
ad->phi2[sender][j],
ec_gen,
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for phi, y received\n");
goto quit;
}
ec_point_copy (ad->phi2[sender][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
ret = 1;
ret = 1;
quit:
gcry_mpi_point_release (phi);
return ret;
gcry_mpi_point_release (phi);
return ret;
}
@ -390,57 +390,71 @@ struct BRANDT_Result *
fp_pub_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len)
{
struct BRANDT_Result *ret;
int32_t price = -1;
int32_t winner = -1;
int dlogi = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
struct BRANDT_Result *ret;
int32_t price = -1;
int32_t winner = -1;
int dlogi = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
brandt_assert (ad);
brandt_assert (ad);
for (uint16_t j = ad->k - 1; j >= 0; j--)
{
smc_sum (sum_gamma, &ad->gamma2[0][j], ad->n, ad->k);
smc_sum (sum_phi, &ad->phi2[0][j], ad->n, ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
/* first non-zero component determines the price */
if (ec_point_cmp (sum_gamma, ec_zero))
{
price = j;
break;
}
}
for (uint16_t j = ad->k - 1; j >= 0; j--)
{
smc_sum (sum_gamma, &ad->gamma2[0][j], ad->n, ad->k);
smc_sum (sum_phi, &ad->phi2[0][j], ad->n, ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
/* first non-zero component determines the price */
if (ec_point_cmp (sum_gamma, ec_zero))
{
price = j;
break;
}
}
dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx, sum_gamma);
brandt_assert (dlogi > 0);
{
struct GNUNET_CRYPTO_EccPoint ec_point = {0};
gcry_mpi_t q_y;
/* all bidders participated with a multiplicative share */
dlogi /= ad->n;
GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", sum_gamma, ec_ctx));
q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ec_ctx, 0);
GNUNET_assert (q_y);
GNUNET_CRYPTO_mpi_print_unsigned (ec_point.v,
sizeof(ec_point.v),
q_y);
dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx,
&ec_point);
gcry_mpi_release (q_y);
}
/* can only support up to bits(dlogi) bidders */
brandt_assert (sizeof (int) * 8 > ad->n);
for (uint16_t i = 0; i < ad->n; i++)
{
/* first set bit determines the winner */
if (dlogi & (1 << i))
{
winner = i;
break;
}
}
brandt_assert (dlogi > 0);
gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi);
/* all bidders participated with a multiplicative share */
dlogi /= ad->n;
if (-1 == winner || -1 == price)
return NULL;
/* can only support up to bits(dlogi) bidders */
brandt_assert (sizeof (int) * 8 > ad->n);
for (uint16_t i = 0; i < ad->n; i++)
{
/* first set bit determines the winner */
if (dlogi & (1 << i))
{
winner = i;
break;
}
}
ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = winner;
ret->price = price;
ret->status = BRANDT_bidder_won;
if (len)
*len = 1;
return ret;
gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi);
if (-1 == winner || -1 == price)
return NULL;
ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = winner;
ret->price = price;
ret->status = BRANDT_bidder_won;
if (len)
*len = 1;
return ret;
}

168
internals.h
View File

@ -28,26 +28,29 @@
#include "brandt.h"
enum rounds {
msg_init = 0,
msg_bid = 1,
msg_outcome = 2,
msg_decrypt = 3,
msg_last = 4
enum rounds
{
msg_init = 0,
msg_bid = 1,
msg_outcome = 2,
msg_decrypt = 3,
msg_last = 4
};
enum auction_type {
auction_firstPrice = 0,
auction_mPlusFirstPrice = 1,
auction_last = 2
enum auction_type
{
auction_firstPrice = 0,
auction_mPlusFirstPrice = 1,
auction_last = 2
};
enum outcome_type {
outcome_private = 0,
outcome_public = 1,
outcome_last = 2
enum outcome_type
{
outcome_private = 0,
outcome_public = 1,
outcome_last = 2
};
@ -55,15 +58,16 @@ GNUNET_NETWORK_STRUCT_BEGIN
/**
* Every message is prefixed with this header.
*
*
* BEWARE: Introducing a 16bit length field will not work. M+1st price auctions
* with private outcome send a n*n*(n-1)*k*128 = n²(n-1)*64 (for a reasonable
* k-choice of 512 possible prices) byte message from the seller to all bidders
* (decrypt-round). For just two bidders this is already 256k bytes, but 16bit
* uint only can address 64k bytes. */
struct msg_head {
uint32_t prot_version GNUNET_PACKED;
uint32_t msg_type GNUNET_PACKED;
struct msg_head
{
uint32_t prot_version GNUNET_PACKED;
uint32_t msg_type GNUNET_PACKED;
};
@ -71,97 +75,99 @@ struct msg_head {
* This struct describes the parameters of an auction. All fields are stored in
* network byte order.
*/
struct BRANDT_DescrP {
/** Starting time of the auction. Bidders have to join the auction via
* BRANDT_join until this time */
struct GNUNET_TIME_AbsoluteNBO time_start;
struct BRANDT_DescrP
{
/** Starting time of the auction. Bidders have to join the auction via
* BRANDT_join until this time */
struct GNUNET_TIME_AbsoluteNBO time_start;
/** The maximum duration the participants have to complete each round. */
struct GNUNET_TIME_RelativeNBO time_round;
/** The maximum duration the participants have to complete each round. */
struct GNUNET_TIME_RelativeNBO time_round;
/** The amount of possible prices */
uint16_t k GNUNET_PACKED;
/** The amount of possible prices */
uint16_t k GNUNET_PACKED;
/** Auction type. 0 means first price Auction, >= 0 means M+1st price
* auction with an amount of m items being sold. */
uint16_t m GNUNET_PACKED;
/** Auction type. 0 means first price Auction, >= 0 means M+1st price
* auction with an amount of m items being sold. */
uint16_t m GNUNET_PACKED;
/** Outcome type. 0 means private outcome, everything else means public
* outcome. */
uint16_t outcome_public GNUNET_PACKED;
/** Outcome type. 0 means private outcome, everything else means public
* outcome. */
uint16_t outcome_public GNUNET_PACKED;
/** reserved for future use. Must be zeroed out. */
uint16_t reserved GNUNET_PACKED;
/** reserved for future use. Must be zeroed out. */
uint16_t reserved GNUNET_PACKED;
};
GNUNET_NETWORK_STRUCT_END
struct BRANDT_Auction {
/** Starting time of the auction. Bidders have to join the auction via
* BRANDT_join until this time */
struct GNUNET_TIME_Absolute time_start;
struct BRANDT_Auction
{
/** Starting time of the auction. Bidders have to join the auction via
* BRANDT_join until this time */
struct GNUNET_TIME_Absolute time_start;
/** The maximum duration the participants have to complete each round. */
struct GNUNET_TIME_Relative time_round;
/** The maximum duration the participants have to complete each round. */
struct GNUNET_TIME_Relative time_round;
/** Auction type. 0 means first price Auction, >= 0 means M+1st price
* auction with an amount of m items being sold. */
uint16_t m;
/** Auction type. 0 means first price Auction, >= 0 means M+1st price
* auction with an amount of m items being sold. */
uint16_t m;
/** Outcome type. 0 means private outcome, everything else means public
* outcome. */
uint16_t outcome_public;
/** Outcome type. 0 means private outcome, everything else means public
* outcome. */
uint16_t outcome_public;
/** Link to the next delayed task (auction start trigger, round trigger) */
struct GNUNET_SCHEDULER_Task *task;
/** Link to the next delayed task (auction start trigger, round trigger) */
struct GNUNET_SCHEDULER_Task *task;
void *closure; /** auction closure given by the user */
void *closure; /** auction closure given by the user */
BRANDT_CbResult result; /** result reporting callback */
BRANDT_CbDeliver bcast; /** broadcast callback */
BRANDT_CbDeliver ucast; /** unicast callback */
BRANDT_CbStart start; /** start callback */
BRANDT_CbResult result; /** result reporting callback */
BRANDT_CbDeliver bcast; /** broadcast callback */
BRANDT_CbDeliver ucast; /** unicast callback */
BRANDT_CbStart start; /** start callback */
int seller_mode; /** If 0 we are bidding, selling otherwise */
enum rounds cur_round; /** The round we expect messages from */
gcry_mpi_t round_progress; /** Stores which round messages were received */
int seller_mode; /** If 0 we are bidding, selling otherwise */
enum rounds cur_round; /** The round we expect messages from */
gcry_mpi_t round_progress; /** Stores which round messages were received */
uint16_t n; /** The amount of bidders/agents */
uint16_t k; /** The amount of possible prices */
uint16_t i; /** Own agents index, only used when bidding */
uint16_t b; /** Own bid */
uint16_t n; /** The amount of bidders/agents */
uint16_t k; /** The amount of possible prices */
uint16_t i; /** Own agents index, only used when bidding */
uint16_t b; /** Own bid */
gcry_mpi_t x; /** Own private additive key share */
gcry_mpi_point_t *y; /** public multiplicative key shares, size: n */
gcry_mpi_point_t Y; /** Shared public key */
gcry_mpi_t x; /** Own private additive key share */
gcry_mpi_point_t *y; /** public multiplicative key shares, size: n */
gcry_mpi_point_t Y; /** Shared public key */
gcry_mpi_point_t **alpha; /** alphas, size: n*k */
gcry_mpi_point_t **beta; /** betas, size: n*k */
gcry_mpi_point_t **alpha; /** alphas, size: n*k */
gcry_mpi_point_t **beta; /** betas, size: n*k */
gcry_mpi_point_t **gamma2; /** gamma2, for public outcome, size: n*k */
gcry_mpi_point_t ***gamma3; /** gamma3, for private outcome, size: n*n*k */
gcry_mpi_point_t **delta2; /** delta2, for public outcome, size: n*k */
gcry_mpi_point_t ***delta3; /** delta3, for private outcome, size: n*n*k */
gcry_mpi_point_t **phi2; /** phi2, for public outcome, size: n*k */
gcry_mpi_point_t ***phi3; /** phi3, for private outcome, size: n*n*k */
gcry_mpi_point_t **gamma2; /** gamma2, for public outcome, size: n*k */
gcry_mpi_point_t ***gamma3; /** gamma3, for private outcome, size: n*n*k */
gcry_mpi_point_t **delta2; /** delta2, for public outcome, size: n*k */
gcry_mpi_point_t ***delta3; /** delta3, for private outcome, size: n*n*k */
gcry_mpi_point_t **phi2; /** phi2, for public outcome, size: n*k */
gcry_mpi_point_t ***phi3; /** phi3, for private outcome, size: n*n*k */
/** proofs for the correctnes of the phi values, size: n*k */
struct proof_2dle ***phiproofs2;
/** proofs for the correctnes of the phi values, size: n*k */
struct proof_2dle ***phiproofs2;
/** proofs for the correctnes of the phi values, size: n*n*k */
struct proof_2dle ***phiproofs3;
/** proofs for the correctnes of the phi values, size: n*n*k */
struct proof_2dle ***phiproofs3;
gcry_mpi_point_t *tmpa1; /** used for temporary storage, size: k */
gcry_mpi_point_t *tmpb1; /** used for temporary storage, size: k */
gcry_mpi_point_t *tmpa1; /** used for temporary storage, size: k */
gcry_mpi_point_t *tmpb1; /** used for temporary storage, size: k */
/** only needed in M+1st price auctions to determine winners */
struct GNUNET_CRYPTO_EccDlogContext *dlogctx;
/** only needed in M+1st price auctions to determine winners */
struct GNUNET_CRYPTO_EccDlogContext *dlogctx;
};
extern gcry_ctx_t ec_ctx;
extern gcry_ctx_t ec_ctx;
extern gcry_mpi_point_t ec_gen;
extern gcry_mpi_point_t ec_zero;
extern gcry_mpi_t ec_n;
extern gcry_mpi_t ec_n;
#endif /* ifndef _BRANDT_INTERNALS_H */

316
mp_priv.c
View File

@ -32,121 +32,121 @@
void
mp_priv_prep_outcome (struct BRANDT_Auction *ad)
{
gcry_mpi_t factor = gcry_mpi_new (256);
gcry_mpi_point_t subtr = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3;
gcry_mpi_t factor = gcry_mpi_new (256);
gcry_mpi_point_t subtr = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3;
ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->gamma3);
ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->gamma3);
ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->delta3);
ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->delta3);
/* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k);
/* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k);
/* temporary lookup table for first summand (building ladder of bids) */
for (uint16_t i = 0; i < ad->n; i++)
{
smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta2[i][j],
tlta3[i][ad->k - 1],
tlta3[i][j],
ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j],
tltb3[i][ad->k - 1],
tltb3[i][j],
ec_ctx);
}
brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
}
for (uint16_t j = 0; j < ad->k; j++)
{
/* 2L - 2I */
smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k);
smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k);
gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx);
gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx);
/* temporary lookup table for first summand (building ladder of bids) */
for (uint16_t i = 0; i < ad->n; i++)
{
smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta2[i][j],
tlta3[i][ad->k - 1],
tlta3[i][j],
ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j],
tltb3[i][ad->k - 1],
tltb3[i][j],
ec_ctx);
}
brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
}
for (uint16_t j = 0; j < ad->k; j++)
{
/* 2L - 2I */
smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k);
smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k);
gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx);
gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx);
/* I */
smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k);
smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k);
/* I */
smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k);
smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k);
/* 2L - 2I + I = 2L - I */
gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx);
gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx);
}
/* This check only works directly after the loop when tmpa/tmpb are still
* the sum of the last row */
brandt_assert (!ec_point_cmp (tmpa, tlta1[ad->k - 1]));
brandt_assert (!ec_point_cmp (tmpb, tltb1[ad->k - 1]));
/* 2L - 2I + I = 2L - I */
gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx);
gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx);
}
/* This check only works directly after the loop when tmpa/tmpb are still
* the sum of the last row */
brandt_assert (! ec_point_cmp (tmpa, tlta1[ad->k - 1]));
brandt_assert (! ec_point_cmp (tmpb, tltb1[ad->k - 1]));
/* temporary lookup table for second summand (hide outcome from losers) */
gcry_mpi_set_ui (factor, ad->m);
gcry_mpi_lshift (factor, factor, 1);
gcry_mpi_add_ui (factor, factor, 2);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_mul (tlta2[i][j], factor, tlta3[i][j], ec_ctx);
gcry_mpi_ec_mul (tltb2[i][j], factor, tltb3[i][j], ec_ctx);
}
}
/* temporary lookup table for second summand (hide outcome from losers) */
gcry_mpi_set_ui (factor, ad->m);
gcry_mpi_lshift (factor, factor, 1);
gcry_mpi_add_ui (factor, factor, 2);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_mul (tlta2[i][j], factor, tlta3[i][j], ec_ctx);
gcry_mpi_ec_mul (tltb2[i][j], factor, tltb3[i][j], ec_ctx);
}
}
/* temporary lookup table for subtrahend (getting M+1st highest bid) */
gcry_mpi_sub_ui (factor, factor, 1);
gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx);
/* temporary lookup table for subtrahend (getting M+1st highest bid) */
gcry_mpi_sub_ui (factor, factor, 1);
gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx);
/* compute gamma and delta */
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
/* compute inner gamma */
gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
gcry_mpi_ec_sub (tmpa, tmpa, subtr, ec_ctx);
/* compute gamma and delta */
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
/* compute inner gamma */
gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
gcry_mpi_ec_sub (tmpa, tmpa, subtr, ec_ctx);
/* compute inner delta */
gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx);
/* compute inner delta */
gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx);
/* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->gamma3[a][i][j], tmpa);
ec_point_copy (ad->delta3[a][i][j], tmpb);
}
}
}
/* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->gamma3[a][i][j], tmpa);
ec_point_copy (ad->delta3[a][i][j], tmpb);
}
}
}
gcry_mpi_release (factor);
gcry_mpi_point_release (subtr);
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k);
gcry_mpi_release (factor);
gcry_mpi_point_release (subtr);
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k);
}
@ -154,68 +154,68 @@ struct BRANDT_Result *
mp_priv_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len)
{
struct BRANDT_Result *ret;
int32_t price = -1;
uint16_t winners = 0;
uint16_t max_winners;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
struct BRANDT_Result *ret;
int32_t price = -1;
uint16_t winners = 0;
uint16_t max_winners;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
brandt_assert (ad);
brandt_assert (ad);
max_winners = ad->seller_mode ? ad->m : 1;
ret = GNUNET_new_array (max_winners, struct BRANDT_Result);
for (uint16_t i = 0; i < ad->n; i++)
{
if (!ad->seller_mode && i != ad->i)
continue;
max_winners = ad->seller_mode ? ad->m : 1;
ret = GNUNET_new_array (max_winners, struct BRANDT_Result);
for (uint16_t i = 0; i < ad->n; i++)
{
if (! ad->seller_mode && i != ad->i)
continue;
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k);
smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
if (!ec_point_cmp (sum_gamma, ec_zero))
{
if (winners >= max_winners)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too many winners detected\n");
goto fail;
}
if (-1 != price && j != price)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"multiple winning prices detected\n");
goto fail;
}
price = j;
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k);
smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
if (! ec_point_cmp (sum_gamma, ec_zero))
{
if (winners >= max_winners)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too many winners detected\n");
goto fail;
}
if (-1 != price && j != price)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"multiple winning prices detected\n");
goto fail;
}
price = j;
ret[winners].bidder = i;
ret[winners].price = j / ad->n;
ret[winners].status = BRANDT_bidder_won;
winners++;
}
}
}
ret[winners].bidder = i;
ret[winners].price = j / ad->n;
ret[winners].status = BRANDT_bidder_won;
winners++;
}
}
}
gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi);
gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi);
if (ad->m <= ad->n && winners < max_winners && -1 != price)
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too few winners detected\n");
if (0 == winners)
goto fail;
if (ad->m <= ad->n && winners < max_winners && -1 != price)
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too few winners detected\n");
if (0 == winners)
goto fail;
if (len)
*len = winners;
return ret;
if (len)
*len = winners;
return ret;
fail:
GNUNET_free (ret);
return NULL;
GNUNET_free (ret);
return NULL;
}

785
mp_pub.c
View File

@ -32,148 +32,148 @@
void
mp_pub_prep_outcome (struct BRANDT_Auction *ad)
{
gcry_mpi_t factor = gcry_mpi_new (256);
gcry_mpi_point_t subtr = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3;
gcry_mpi_t factor = gcry_mpi_new (256);
gcry_mpi_point_t subtr = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3;
ad->gamma3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->gamma3);
ad->gamma3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->gamma3);
ad->delta3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->delta3);
ad->delta3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->delta3);
/* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k);
/* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k);
/* temporary lookup table for first summand (building ladder of bids) */
for (uint16_t i = 0; i < ad->n; i++)
{
smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta2[i][j],
tlta3[i][ad->k - 1],
tlta3[i][j],
ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j],
tltb3[i][ad->k - 1],
tltb3[i][j],
ec_ctx);
}
brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
}
for (uint16_t j = 0; j < ad->k; j++)
{
/* 2L - 2I */
smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k);
smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k);
gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx);
gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx);
/* temporary lookup table for first summand (building ladder of bids) */
for (uint16_t i = 0; i < ad->n; i++)
{
smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++)
{
gcry_mpi_ec_sub (tlta2[i][j],
tlta3[i][ad->k - 1],
tlta3[i][j],
ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j],
tltb3[i][ad->k - 1],
tltb3[i][j],
ec_ctx);
}
brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
}
for (uint16_t j = 0; j < ad->k; j++)
{
/* 2L - 2I */
smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k);
smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k);
gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx);
gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx);
/* I */
smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k);
smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k);
/* I */
smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k);
smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k);
/* 2L - 2I + I = 2L - I */
gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx);
gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx);
}
brandt_assert (!ec_point_cmp (tmpa, tlta1[ad->k - 1]));
brandt_assert (!ec_point_cmp (tmpb, tltb1[ad->k - 1]));
/* 2L - 2I + I = 2L - I */
gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx);
gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx);
}
brandt_assert (! ec_point_cmp (tmpa, tlta1[ad->k - 1]));
brandt_assert (! ec_point_cmp (tmpb, tltb1[ad->k - 1]));
/* compute subtrahend: (2M+1)G */
gcry_mpi_set_ui (factor, ad->m);
gcry_mpi_lshift (factor, factor, 1);
gcry_mpi_add_ui (factor, factor, 1);
gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx);
/* compute subtrahend: (2M+1)G */
gcry_mpi_set_ui (factor, ad->m);
gcry_mpi_lshift (factor, factor, 1);
gcry_mpi_add_ui (factor, factor, 1);
gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx);
/* compute gamma and delta for price determination */
for (uint16_t j = 0; j < ad->k; j++)
{
/* compute inner gamma */
gcry_mpi_ec_sub (tmpa, tlta1[j], subtr, ec_ctx);
/* compute gamma and delta for price determination */
for (uint16_t j = 0; j < ad->k; j++)
{
/* compute inner gamma */
gcry_mpi_ec_sub (tmpa, tlta1[j], subtr, ec_ctx);
/* inner delta */
ec_point_copy (tmpb, tltb1[j]);
/* inner delta */
ec_point_copy (tmpb, tltb1[j]);
/* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->gamma3[a][0][j], tmpa);
ec_point_copy (ad->delta3[a][0][j], tmpb);
}
}
/* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->gamma3[a][0][j], tmpa);
ec_point_copy (ad->delta3[a][0][j], tmpb);
}
}
/* gamma and delta for winner determination: compute
* @f$\sum_{h=1}^n\sum_{d=j+1}^k2^{h-1}b_h@f and store it in every bidders gamma and
* delta, since it is needed each time a gamma,delta pair is received from
* another bidder. */
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
/* initialize with zeroes, since we are calculating a sum */
ec_point_copy (ad->gamma3[i][1][j], ec_zero);
ec_point_copy (ad->delta3[i][1][j], ec_zero);
}
}
gcry_mpi_set_ui (factor, 1);
for (uint16_t h = 0; h < ad->n; h++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
for (uint16_t d = j + 1; d < ad->k; d++)
{
gcry_mpi_ec_mul (tmpa, factor, ad->alpha[h][d], ec_ctx);
gcry_mpi_ec_add (ad->gamma3[0][1][j],
ad->gamma3[0][1][j],
tmpa,
ec_ctx);
gcry_mpi_ec_mul (tmpb, factor, ad->beta[h][d], ec_ctx);
gcry_mpi_ec_add (ad->delta3[0][1][j],
ad->delta3[0][1][j],
tmpb,
ec_ctx);
}
}
gcry_mpi_lshift (factor, factor, 1);
}
/* copy component to all bidders so they don't have to be recomputed */
for (uint16_t a = 1; a < ad->n; a++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_copy (ad->gamma3[a][1][j], ad->gamma3[0][1][j]);
ec_point_copy (ad->delta3[a][1][j], ad->delta3[0][1][j]);
}
}
/* gamma and delta for winner determination: compute
* @f$\sum_{h=1}^n\sum_{d=j+1}^k2^{h-1}b_h@f and store it in every bidders gamma and
* delta, since it is needed each time a gamma,delta pair is received from
* another bidder. */
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
/* initialize with zeroes, since we are calculating a sum */
ec_point_copy (ad->gamma3[i][1][j], ec_zero);
ec_point_copy (ad->delta3[i][1][j], ec_zero);
}
}
gcry_mpi_set_ui (factor, 1);
for (uint16_t h = 0; h < ad->n; h++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
for (uint16_t d = j + 1; d < ad->k; d++)
{
gcry_mpi_ec_mul (tmpa, factor, ad->alpha[h][d], ec_ctx);
gcry_mpi_ec_add (ad->gamma3[0][1][j],
ad->gamma3[0][1][j],
tmpa,
ec_ctx);
gcry_mpi_ec_mul (tmpb, factor, ad->beta[h][d], ec_ctx);
gcry_mpi_ec_add (ad->delta3[0][1][j],
ad->delta3[0][1][j],
tmpb,
ec_ctx);
}
}
gcry_mpi_lshift (factor, factor, 1);
}
/* copy component to all bidders so they don't have to be recomputed */
for (uint16_t a = 1; a < ad->n; a++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_copy (ad->gamma3[a][1][j], ad->gamma3[0][1][j]);
ec_point_copy (ad->delta3[a][1][j], ad->delta3[0][1][j]);
}
}
gcry_mpi_release (factor);
gcry_mpi_point_release (subtr);
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k);
gcry_mpi_release (factor);
gcry_mpi_point_release (subtr);
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k);
}
@ -189,156 +189,156 @@ mp_pub_prep_outcome (struct BRANDT_Auction *ad)
unsigned char *
mp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct ec_mpi *gamma;
struct ec_mpi *delta;
struct proof_2dle *proof2;
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct ec_mpi *gamma;
struct ec_mpi *delta;
struct proof_2dle *proof2;
brandt_assert (ad && buflen);
brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + /* msg header */
ad->k * /* k * (gamma, delta, proof2) */
(sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
*buflen = (sizeof (*head) /* msg header */
+ ad->k /* k * (gamma, delta, proof2) */
* (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head);
head = (struct msg_head *) ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head);
for (uint16_t j = 0; j < ad->k; j++)
{
gamma = (struct ec_mpi *)cur;
delta = &((struct ec_mpi *)cur)[1];
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
for (uint16_t j = 0; j < ad->k; j++)
{
gamma = (struct ec_mpi *) cur;
delta = &((struct ec_mpi *) cur)[1];
proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
/* only send the price determination gamma,delta pair, since the winner
* determination pair can and will be computed by the receiver */
ec_point_copy (tmpa, ad->gamma3[ad->i][0][j]);
ec_point_copy (tmpb, ad->delta3[ad->i][0][j]);
/* only send the price determination gamma,delta pair, since the winner
* determination pair can and will be computed by the receiver */
ec_point_copy (tmpa, ad->gamma3[ad->i][0][j]);
ec_point_copy (tmpb, ad->delta3[ad->i][0][j]);
/* apply random masking for losing bidders */
smc_zkp_2dle (ad->gamma3[ad->i][0][j],
ad->delta3[ad->i][0][j],
tmpa,
tmpb,
NULL,
proof2);
/* apply random masking for losing bidders */
smc_zkp_2dle (ad->gamma3[ad->i][0][j],
ad->delta3[ad->i][0][j],
tmpa,
tmpb,
NULL,
proof2);
ec_point_serialize (gamma, ad->gamma3[ad->i][0][j]);
ec_point_serialize (delta, ad->delta3[ad->i][0][j]);
ec_point_serialize (gamma, ad->gamma3[ad->i][0][j]);
ec_point_serialize (delta, ad->delta3[ad->i][0][j]);
/* compute own winner determination gamma,delta pair */
gcry_mpi_ec_add (ad->gamma3[ad->i][1][j],
ad->gamma3[ad->i][0][j],
ad->gamma3[ad->i][1][j],
ec_ctx);
gcry_mpi_ec_add (ad->delta3[ad->i][1][j],
ad->delta3[ad->i][0][j],
ad->delta3[ad->i][1][j],
ec_ctx);
/* compute own winner determination gamma,delta pair */
gcry_mpi_ec_add (ad->gamma3[ad->i][1][j],
ad->gamma3[ad->i][0][j],
ad->gamma3[ad->i][1][j],
ec_ctx);
gcry_mpi_ec_add (ad->delta3[ad->i][1][j],
ad->delta3[ad->i][0][j],
ad->delta3[ad->i][1][j],
ec_ctx);
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
}
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
}
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
return ret;
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
return ret;
}
int
mp_pub_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender)
size_t buflen,
uint16_t sender)
{
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0);
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0);
brandt_assert (ad && buf);
brandt_assert (ad && buf);
if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"wrong size of received outcome\n");
goto quit;
}
if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"wrong size of received outcome\n");
goto quit;
}
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (gamma, (struct ec_mpi *)cur);
ec_point_parse (delta, &((struct ec_mpi *)cur)[1]);
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma,
delta,
ad->gamma3[sender][0][j],
ad->delta3[sender][0][j],
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"wrong zkp2 for gamma, delta received\n");
goto quit;
}
ec_point_copy (ad->gamma3[sender][0][j], gamma);
ec_point_copy (ad->delta3[sender][0][j], delta);
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (gamma, (struct ec_mpi *) cur);
ec_point_parse (delta, &((struct ec_mpi *) cur)[1]);
proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma,
delta,
ad->gamma3[sender][0][j],
ad->delta3[sender][0][j],
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"wrong zkp2 for gamma, delta received\n");
goto quit;
}
ec_point_copy (ad->gamma3[sender][0][j], gamma);
ec_point_copy (ad->delta3[sender][0][j], delta);
/* compute winner determination gamma,delta pair */
gcry_mpi_ec_add (ad->gamma3[sender][1][j],
ad->gamma3[sender][0][j],
ad->gamma3[sender][1][j],
ec_ctx);
gcry_mpi_ec_add (ad->delta3[sender][1][j],
ad->delta3[sender][0][j],
ad->delta3[sender][1][j],
ec_ctx);
/* compute winner determination gamma,delta pair */
gcry_mpi_ec_add (ad->gamma3[sender][1][j],
ad->gamma3[sender][0][j],
ad->gamma3[sender][1][j],
ec_ctx);
gcry_mpi_ec_add (ad->delta3[sender][1][j],
ad->delta3[sender][0][j],
ad->delta3[sender][1][j],
ec_ctx);
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
}
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
}
ret = 1;
ret = 1;
quit:
gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta);
return ret;
gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta);
return ret;
}
void
mp_pub_prep_decryption (struct BRANDT_Auction *ad)
{
gcry_mpi_point_t tmp_price = gcry_mpi_point_new (0);
gcry_mpi_point_t tmp_winner = gcry_mpi_point_new (0);
gcry_mpi_point_t tmp_price = gcry_mpi_point_new (0);
gcry_mpi_point_t tmp_winner = gcry_mpi_point_new (0);
ad->phi3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->phi3);
ad->phi3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->phi3);
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tmp_price, &ad->delta3[0][0][j], ad->n, 2 * ad->k);
smc_sum (tmp_winner, &ad->delta3[0][1][j], ad->n, 2 * ad->k);
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tmp_price, &ad->delta3[0][0][j], ad->n, 2 * ad->k);
smc_sum (tmp_winner, &ad->delta3[0][1][j], ad->n, 2 * ad->k);
/* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->phi3[a][0][j], tmp_price);
ec_point_copy (ad->phi3[a][1][j], tmp_winner);
}
}
/* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++)
{
ec_point_copy (ad->phi3[a][0][j], tmp_price);
ec_point_copy (ad->phi3[a][1][j], tmp_winner);
}
}
gcry_mpi_point_release (tmp_price);
gcry_mpi_point_release (tmp_winner);
gcry_mpi_point_release (tmp_price);
gcry_mpi_point_release (tmp_winner);
}
@ -354,101 +354,101 @@ mp_pub_prep_decryption (struct BRANDT_Auction *ad)
unsigned char *
mp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct msg_head *head;
struct ec_mpi *phi;
struct proof_2dle *proof2;
unsigned char *ret;
unsigned char *cur;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct msg_head *head;
struct ec_mpi *phi;
struct proof_2dle *proof2;
brandt_assert (ad && buflen);
brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + 2 * ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
*buflen = (sizeof (*head) + 2 * ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head);
head = (struct msg_head *) ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head);
/* decrypt price and winner components */
for (uint16_t comp = 0; comp < 2; comp++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
phi = (struct ec_mpi *)cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi));
/* decrypt price and winner components */
for (uint16_t comp = 0; comp < 2; comp++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
phi = (struct ec_mpi *) cur;
proof2 = (struct proof_2dle *) (cur + sizeof (*phi));
ec_point_copy (tmp, ad->phi3[ad->i][comp][j]);
ec_point_copy (tmp, ad->phi3[ad->i][comp][j]);
/* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi3[ad->i][comp][j],
NULL,
tmp,
ec_gen,
ad->x,
proof2);
/* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi3[ad->i][comp][j],
NULL,
tmp,
ec_gen,
ad->x,
proof2);
ec_point_serialize (phi, ad->phi3[ad->i][comp][j]);
ec_point_serialize (phi, ad->phi3[ad->i][comp][j]);
cur += sizeof (*phi) + sizeof (*proof2);
}
}
cur += sizeof (*phi) + sizeof (*proof2);
}
}
gcry_mpi_point_release (tmp);
return ret;
gcry_mpi_point_release (tmp);
return ret;
}
int
mp_pub_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf,
size_t buflen,
uint16_t sender)
size_t buflen,
uint16_t sender)
{
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
int ret = 0;
const unsigned char *cur = buf;
struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0);
brandt_assert (ad && buf);
brandt_assert (ad && buf);
if (buflen != (2 * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome decryption\n");
goto quit;
}
if (buflen != (2 * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong size of received outcome decryption\n");
goto quit;
}
/* handle received price and winner components */
for (uint16_t comp = 0; comp < 2; comp++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (phi, (struct ec_mpi *)cur);
proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi));
/* handle received price and winner components */
for (uint16_t comp = 0; comp < 2; comp++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
ec_point_parse (phi, (struct ec_mpi *) cur);
proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi,
ad->y[sender],
ad->phi3[sender][comp][j],
ec_gen,
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for phi, y received\n");
goto quit;
}
ec_point_copy (ad->phi3[sender][comp][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
}
if (smc_zkp_2dle_check (phi,
ad->y[sender],
ad->phi3[sender][comp][j],
ec_gen,
proof2))
{
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt",
"wrong zkp2 for phi, y received\n");
goto quit;
}
ec_point_copy (ad->phi3[sender][comp][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2);
}
}
ret = 1;
ret = 1;
quit:
gcry_mpi_point_release (phi);
return ret;
gcry_mpi_point_release (phi);
return ret;
}
@ -456,83 +456,96 @@ struct BRANDT_Result *
mp_pub_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len)
{
struct BRANDT_Result *ret;
int32_t price = -1;
uint16_t cur_winner = 0;
int dlogi = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
struct BRANDT_Result *ret;
int32_t price = -1;
uint16_t cur_winner = 0;
int dlogi = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
brandt_assert (ad);
brandt_assert (ad);
for (uint16_t j = ad->k - 1; j >= 0; j--)
{
smc_sum (sum_gamma, &ad->gamma3[0][0][j], ad->n, 2 * ad->k);
smc_sum (sum_phi, &ad->phi3[0][0][j], ad->n, 2 * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
/* first zero component determines the price */
if (!ec_point_cmp (sum_gamma, ec_zero))
{
price = j;
break;
}
}
for (uint16_t j = ad->k - 1; j >= 0; j--)
{
smc_sum (sum_gamma, &ad->gamma3[0][0][j], ad->n, 2 * ad->k);
smc_sum (sum_phi, &ad->phi3[0][0][j], ad->n, 2 * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
/* first zero component determines the price */
if (! ec_point_cmp (sum_gamma, ec_zero))
{
price = j;
break;
}
}
if (-1 == price)
return NULL;
if (-1 == price)
return NULL;
/* extract winners point for the winning price */
smc_sum (sum_gamma, &ad->gamma3[0][1][price], ad->n, 2 * ad->k);
smc_sum (sum_phi, &ad->phi3[0][1][price], ad->n, 2 * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
/* extract winners point for the winning price */
smc_sum (sum_gamma, &ad->gamma3[0][1][price], ad->n, 2 * ad->k);
smc_sum (sum_phi, &ad->phi3[0][1][price], ad->n, 2 * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx, sum_gamma);
brandt_assert (dlogi > 0);
{
struct GNUNET_CRYPTO_EccPoint ec_point = {0};
gcry_mpi_t q_y;
/* all bidders participated with a multiplicative share */
dlogi /= ad->n;
GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", sum_gamma, ec_ctx));
q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ec_ctx, 0);
GNUNET_assert (q_y);
GNUNET_CRYPTO_mpi_print_unsigned (ec_point.v,
sizeof(ec_point.v),
q_y);
dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx,
&ec_point);
gcry_mpi_release (q_y);
}
brandt_assert (dlogi > 0);
price = price / ad->n;
ret = GNUNET_new_array (ad->m, struct BRANDT_Result);
/* all bidders participated with a multiplicative share */
dlogi /= ad->n;
/* can only support up to bits(dlogi) bidders */
brandt_assert (sizeof (int) * 8 > ad->n);
for (uint16_t i = 0; i < ad->n; i++)
{
/* a set bit determines a winner */
if (dlogi & (1 << i))
{
if (cur_winner >= ad->m)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too many winners detected\n");
GNUNET_free (ret);
ret = NULL;
goto quit;
}
price = price / ad->n;
ret = GNUNET_new_array (ad->m, struct BRANDT_Result);
ret[cur_winner].bidder = i;
ret[cur_winner].price = price;
ret[cur_winner].status = BRANDT_bidder_won;
cur_winner++;
}
}
/* can only support up to bits(dlogi) bidders */
brandt_assert (sizeof (int) * 8 > ad->n);
for (uint16_t i = 0; i < ad->n; i++)
{
/* a set bit determines a winner */
if (dlogi & (1 << i))
{
if (cur_winner >= ad->m)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too many winners detected\n");
GNUNET_free (ret);
ret = NULL;
goto quit;
}
if (cur_winner != ad->m)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too few winners detected\n");
GNUNET_free (ret);
ret = NULL;
goto quit;
}
ret[cur_winner].bidder = i;
ret[cur_winner].price = price;
ret[cur_winner].status = BRANDT_bidder_won;
cur_winner++;
}
}
if (len)
*len = ad->m;
if (cur_winner != ad->m)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too few winners detected\n");
GNUNET_free (ret);
ret = NULL;
goto quit;
}
if (len)
*len = ad->m;
quit:
gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi);
return ret;
gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi);
return ret;
}

633
replay.c
View File

@ -24,7 +24,7 @@
#include <gnunet/gnunet_util_lib.h>
#include <gnunet/gnunet_json_lib.h>
#include <taler/taler_amount_lib.h>
#include <taler/taler_util.h>
#include <jansson.h>
#include "brandt.h"
@ -33,92 +33,93 @@
struct msg
{
uint16_t sender;
void *buf;
size_t buf_len;
uint16_t sender;
void *buf;
size_t buf_len;
};
/* This is basically BRANDT_Result with an extra string field */
struct result
{
uint16_t bidder;
uint16_t price_idx;
const char *price;
uint16_t bidder;
uint16_t price_idx;
const char *price;
};
struct transcript
{
// All fields from json come here.
uint16_t n; // #bidders + 1
uint16_t k; // #prices
uint16_t m; // type of auction
struct GNUNET_TIME_Absolute time_start;
struct GNUNET_TIME_Relative time_round;
bool public;
char **prices; // Must be of length k. We do not parse those
struct msg *msgs; // Array must be of length 4*n
// All fields from json come here.
uint16_t n; // #bidders + 1
uint16_t k; // #prices
uint16_t m; // type of auction
struct GNUNET_TIME_Absolute time_start;
struct GNUNET_TIME_Relative time_round;
bool public;
char **prices; // Must be of length k. We do not parse those
struct msg *msgs; // Array must be of length 4*n
struct BRANDT_Auction *auction;
struct BRANDT_Auction *auction;
struct result *results;
size_t results_len;
struct result *expected;
size_t expected_len;
uint16_t id;
struct GNUNET_CRYPTO_EccDlogContext *edc;
struct result *results;
size_t results_len;
struct result *expected;
size_t expected_len;
uint16_t id;
struct GNUNET_CRYPTO_EccDlogContext *edc;
};
static struct transcript tr;
/* static struct transcript tr; */
static void
print_result (struct transcript *tr,
char *error)
{
json_t *output;
json_t *results;
json_t *output;
json_t *results;
if (NULL != error)
{
output = json_pack ("{s:s}", "error", error);
GNUNET_assert (output);
if (NULL != error)
{
output = json_pack ("{s:s}", "error", error);
GNUNET_assert (output);
json_dumpfd (output, 1, JSON_INDENT (2));
return;
}
json_dumpfd (output, 1, JSON_INDENT (2));
return;
}
GNUNET_assert (NULL != tr);
GNUNET_assert (NULL != tr);
output = json_object ();
results = json_array ();
GNUNET_assert (output);
GNUNET_assert (results);
output = json_object ();
results = json_array ();
GNUNET_assert (output);
GNUNET_assert (results);
for (size_t i = 0; i < tr->results_len; i++)
{
json_t *result = json_pack ("{s:i, s:s}",
"bidder", tr->results[i].bidder,
"price", tr->results[i].price);
GNUNET_assert (result);
for (size_t i = 0; i < tr->results_len; i++)
{
json_t *result = json_pack ("{s:i, s:i, s:s}",
"bidder", tr->results[i].bidder,
"price_idx", tr->results[i].price_idx,
"price", tr->results[i].price);
GNUNET_assert (result);
GNUNET_assert (-1 !=
json_array_append_new (results, result));
}
GNUNET_assert (-1 !=
json_array_append_new (results, result));
}
GNUNET_assert (-1 !=
json_object_set_new (output,
"winners",
results));
GNUNET_assert (-1 !=
json_object_set_new (output,
"winners",
results));
{
FILE *f = fdopen (1, "w");
GNUNET_assert(f);
{
FILE *f = fdopen (1, "w");
GNUNET_assert (f);
json_dumpf (output, f, JSON_INDENT (2));
fflush (f);
}
json_dumpf (output, f, JSON_INDENT (2));
fflush (f);
}
json_decref (output);
json_decref (output);
}
@ -127,336 +128,336 @@ cb_result (void *arg,
struct BRANDT_Result results[],
uint16_t results_len)
{
struct transcript *tr = (struct transcript *) arg;
tr->results = GNUNET_new_array (results_len, struct result);
tr->results_len = results_len;
struct transcript *tr = (struct transcript *) arg;
tr->results = GNUNET_new_array (results_len, struct result);
tr->results_len = results_len;
for (uint16_t i = 0; i < results_len; i++)
{
GNUNET_log (
GNUNET_ERROR_TYPE_INFO,
"REPLAY [seller] computed result is: bidder %d got status %d with price %d (%s)\n",
results[i].bidder,
results[i].status,
results[i].price,
tr->prices[results[i].price]);
for (uint16_t i = 0; i < results_len; i++)
{
GNUNET_log (
GNUNET_ERROR_TYPE_INFO,
"REPLAY [seller] computed result is: bidder %d got status %d with price %d (%s)\n",
results[i].bidder,
results[i].status,
results[i].price,
tr->prices[results[i].price]);
tr->results[i].bidder = results[i].bidder;
tr->results[i].price_idx = results[i].price;
tr->results[i].price = tr->prices[results[i].price];
}
tr->results[i].bidder = results[i].bidder;
tr->results[i].price_idx = results[i].price;
tr->results[i].price = tr->prices[results[i].price];
}
for (uint16_t i = 0; i < tr->expected_len; i++)
{
GNUNET_log (
GNUNET_ERROR_TYPE_INFO,
"REPLAY [seller] expected result is: bidder %d wins with price %d (%s)\n",
tr->expected[i].bidder,
tr->expected[i].price_idx,
tr->expected[i].price);
}
for (uint16_t i = 0; i < tr->expected_len; i++)
{
GNUNET_log (
GNUNET_ERROR_TYPE_INFO,
"REPLAY [seller] expected result is: bidder %d wins with price %d (%s)\n",
tr->expected[i].bidder,
tr->expected[i].price_idx,
tr->expected[i].price);
}
print_result (tr, NULL);
// TODO: compare computed and expected results!
print_result (tr, NULL);
// TODO: compare computed and expected results!
}
static uint16_t
cb_start (void *auction_closure)
{
struct transcript *tr = (struct transcript *) auction_closure;
struct cls
{
size_t i;
struct transcript *tr;
};
struct transcript *tr = (struct transcript *) auction_closure;
struct cls
{
size_t i;
struct transcript *tr;
};
void
resend (void *x)
{
struct cls c = *(struct cls *) x;
struct msg m = c.tr->msgs[c.i];
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"REPLAY sending msg no. %ld, length %ld\n", c.i, m.buf_len);
BRANDT_got_message (c.tr->auction, m.sender, m.buf, m.buf_len);
}
void
resend (void *x)
{
struct cls c = *(struct cls *) x;
struct msg m = c.tr->msgs[c.i];
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"REPLAY sending msg no. %ld, length %ld\n", c.i, m.buf_len);
BRANDT_got_message (c.tr->auction, m.sender, m.buf, m.buf_len);
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "REPLAY start replay auction\n");
for (size_t i = 0; i < 4 * tr->n; i++)
{
struct cls *c = GNUNET_new (struct cls);
c->i = i;
c->tr = tr;
GNUNET_SCHEDULER_add_now (&resend, (void *) c);
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "REPLAY start replay auction\n");
for (size_t i = 0; i < 4 * tr->n; i++)
{
struct cls *c = GNUNET_new (struct cls);
c->i = i;
c->tr = tr;
GNUNET_SCHEDULER_add_now (&resend, (void *) c);
}
return tr->n;
return tr->n;
}
static void
replay_transcript (void *arg)
{
struct transcript *tr = (struct transcript *) arg;
void *desc;
size_t desc_len;
struct transcript *tr = (struct transcript *) arg;
void *desc;
size_t desc_len;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"REPLAY calling BRANDT_new with %s outcome.\n",
tr->public ? "public" : "private");
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"REPLAY calling BRANDT_new with %s outcome.\n",
tr->public ? "public" : "private");
tr->auction = BRANDT_new (&cb_result,
NULL,
&cb_start,
tr,
&desc,
&desc_len,
GNUNET_TIME_absolute_get (),
tr->time_round,
tr->k, /* number of prizes */
tr->m, /* m */
tr->public, /* outcome public */
tr->public ? tr->edc : NULL);
if (!tr->auction)
{
print_result (NULL, "REPLAY BRANDT_new() failed.");
_exit (1);
}
tr->auction = BRANDT_new (&cb_result,
NULL,
&cb_start,
tr,
&desc,
&desc_len,
GNUNET_TIME_absolute_get (),
tr->time_round,
tr->k, /* number of prizes */
tr->m, /* m */
tr->public, /* outcome public */
tr->public ? tr->edc : NULL);
if (! tr->auction)
{
print_result (NULL, "REPLAY BRANDT_new() failed.");
_exit (1);
}
}
void
parse_json_stdin (struct transcript *tr)
{
json_error_t jerror;
json_t *jtr;
struct GNUNET_CRYPTO_EddsaSignature sig;
json_error_t jerror;
json_t *jtr;
/* struct GNUNET_CRYPTO_EddsaSignature sig; */
jtr = json_loadfd (0,
JSON_REJECT_DUPLICATES,
&jerror);
jtr = json_loadfd (0,
JSON_REJECT_DUPLICATES,
&jerror);
if (!jtr)
{
char err[4096];
snprintf (err,
sizeof(err),
"failed to parse json: %s in line %d, column %d (pos %d)",
jerror.text, jerror.line, jerror.column, jerror.position);
print_result (NULL, err);
_exit (1);
}
if (! jtr)
{
char err[4096];
snprintf (err,
sizeof(err),
"failed to parse json: %s in line %d, column %d (pos %d)",
jerror.text, jerror.line, jerror.column, jerror.position);
print_result (NULL, err);
_exit (1);
}
{
json_t *auc;
char *perr;
unsigned int eline;
struct GNUNET_JSON_Specification au_spec[] = {
GNUNET_JSON_spec_bool ("public", &tr->public),
GNUNET_JSON_spec_uint16 ("type", &tr->m),
GNUNET_JSON_spec_end ()
};
{
json_t *auc;
char *perr;
unsigned int eline;
struct GNUNET_JSON_Specification au_spec[] = {
GNUNET_JSON_spec_bool ("outcome_public", &tr->public),
GNUNET_JSON_spec_uint16 ("auction_type", &tr->m),
GNUNET_JSON_spec_end ()
};
auc = json_object_get (jtr, "auction");
if (NULL == auc)
{
print_result (NULL,
"no auction found in input");
_exit (1);
}
auc = json_object_get (jtr, "auction");
if (NULL == auc)
{
print_result (NULL,
"no auction found in input");
_exit (1);
}
GNUNET_assert (GNUNET_OK ==
GNUNET_JSON_parse (auc,
au_spec,
(const char **) &perr,
&eline));
GNUNET_assert (GNUNET_OK ==
GNUNET_JSON_parse (auc,
au_spec,
(const char **) &perr,
&eline));
// Prices...
{
json_t *prices = json_object_get (auc, "prices");
size_t idx;
json_t *val;
// Prices...
{
json_t *prices = json_object_get (auc, "prices");
size_t idx;
json_t *val;
if (!json_is_array (prices))
{
print_result (NULL,
"no prices found in input");
_exit (1);
}
if (! json_is_array (prices))
{
print_result (NULL,
"no prices found in input");
_exit (1);
}
tr->k = json_array_size (prices);
tr->prices = GNUNET_new_array (tr->k, char *);
json_array_foreach (prices, idx, val)
{
if (!json_is_string (val))
{
char err[256];
snprintf (err,
sizeof(err),
"price %ld is not a string\n", idx);
print_result (NULL,
err);
_exit (1);
}
tr->prices[idx] = (char *) json_string_value (val);
}
tr->k = json_array_size (prices);
tr->prices = GNUNET_new_array (tr->k, char *);
json_array_foreach (prices, idx, val)
{
if (! json_is_string (val))
{
char err[256];
snprintf (err,
sizeof(err),
"price %ld is not a string\n", idx);
print_result (NULL,
err);
_exit (1);
}
tr->prices[idx] = (char *) json_string_value (val);
}
}
}
}
}
// Bidders
{
json_t *bidders;
// Bidders
{
json_t *bidders;
bidders = json_object_get (jtr, "bidders");
if (!bidders || !json_is_array (bidders))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"bidders missing or not an array\n");
print_result (NULL, "bidders missing or not an array");
_exit (1);
}
bidders = json_object_get (jtr, "bidders");
if (! bidders || ! json_is_array (bidders))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"bidders missing or not an array\n");
print_result (NULL, "bidders missing or not an array");
_exit (1);
}
tr->n = json_array_size (bidders);
}
tr->n = json_array_size (bidders);
}
// Messages
{
json_t *messages;
size_t nm;
size_t idx;
json_t *val;
// Messages
{
json_t *messages;
size_t nm;
size_t idx;
json_t *val;
messages = json_object_get (jtr, "transcript");
if (!json_is_array (messages))
{
print_result (NULL, "transcript missing or not an array");
_exit (1);
}
messages = json_object_get (jtr, "transcript");
if (! json_is_array (messages))
{
print_result (NULL, "transcript missing or not an array");
_exit (1);
}
nm = json_array_size (messages);
nm = json_array_size (messages);
if (nm != (4 * tr->n))
{
print_result (NULL, "wrong number of messages in transript");
_exit (1);
}
if (nm != (4 * tr->n))
{
print_result (NULL, "wrong number of messages in transript");
_exit (1);
}
tr->msgs = GNUNET_new_array (nm, struct msg);
tr->msgs = GNUNET_new_array (nm, struct msg);
json_array_foreach (messages, idx, val) {
char *error;
uint16_t sender;
void *msg;
size_t size;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_uint16 ("bidder",
&sender),
GNUNET_JSON_spec_varsize ("msg",
&msg,
&size),
GNUNET_JSON_spec_end ()
};
json_array_foreach (messages, idx, val) {
char *error;
uint16_t sender;
void *msg;
size_t size;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_uint16 ("bidder",
&sender),
GNUNET_JSON_spec_varsize ("msg",
&msg,
&size),
GNUNET_JSON_spec_end ()
};
if (GNUNET_OK !=
GNUNET_JSON_parse (val,
spec,
(const char**) &error,
NULL))
{
char err[4096];
snprintf (err,
sizeof(err),
"error parsing message[%ld] in transcript: %s",
idx,
error);
print_result (NULL, err);
_exit (1);
}
if (GNUNET_OK !=
GNUNET_JSON_parse (val,
spec,
(const char**) &error,
NULL))
{
char err[4096];
snprintf (err,
sizeof(err),
"error parsing message[%ld] in transcript: %s",
idx,
error);
print_result (NULL, err);
_exit (1);
}
tr->msgs[idx].sender = sender;
tr->msgs[idx].buf = msg;
tr->msgs[idx].buf_len = size;
}
tr->msgs[idx].sender = sender;
tr->msgs[idx].buf = msg;
tr->msgs[idx].buf_len = size;
}
}
}
// Winners
{
json_t *winners;
size_t idx;
json_t *val;
// Winners
{
json_t *winners;
size_t idx;
json_t *val;
winners = json_object_get (jtr, "winners");
winners = json_object_get (jtr, "winners");
if (!json_is_array (winners))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"winners not provided, continuing without\n");
goto CONT;
}
if (! json_is_array (winners))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"winners not provided, continuing without\n");
goto CONT;
}
tr->expected_len = json_array_size (winners);
tr->expected = GNUNET_new_array (tr->expected_len,
struct result);
tr->expected_len = json_array_size (winners);
tr->expected = GNUNET_new_array (tr->expected_len,
struct result);
json_array_foreach (winners, idx, val) {
char *error;
json_array_foreach (winners, idx, val) {
char *error;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_uint16 ("bidder",
&(tr->expected[idx].bidder)),
GNUNET_JSON_spec_uint16 ("price_idx",
&(tr->expected[idx].price_idx)),
GNUNET_JSON_spec_string ("price",
&(tr->expected[idx].price)),
GNUNET_JSON_spec_end ()
};
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_uint16 ("bidder",
&(tr->expected[idx].bidder)),
GNUNET_JSON_spec_uint16 ("price_idx",
&(tr->expected[idx].price_idx)),
GNUNET_JSON_spec_string ("price",
&(tr->expected[idx].price)),
GNUNET_JSON_spec_end ()
};
if (GNUNET_OK !=
GNUNET_JSON_parse (val,
spec,
(const char**) &error,
NULL))
{
char err[4096];
snprintf (err,
sizeof(err),
"error parsing winners[%ld] in transcript: %s",
idx,
error);
if (GNUNET_OK !=
GNUNET_JSON_parse (val,
spec,
(const char**) &error,
NULL))
{
char err[4096];
snprintf (err,
sizeof(err),
"error parsing winners[%ld] in transcript: %s",
idx,
error);
_exit (1);
}
_exit (1);
}
}
}
CONT:
}
}
}
int
main (int argc, char *argv[])
{
int ret = 0;
struct transcript tr = {0};
int ret = 0;
struct transcript tr = {0};
if (GNUNET_OK != GNUNET_log_setup ("replay", "INFO", NULL))
return 1;
if (GNUNET_OK != GNUNET_log_setup ("replay", "INFO", NULL))
return 1;
BRANDT_init ();
BRANDT_init ();
parse_json_stdin (&tr);
tr.edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024 * 1024 * 40, 1024);
GNUNET_SCHEDULER_run (&replay_transcript, &tr);
GNUNET_CRYPTO_ecc_dlog_release (tr.edc);
GNUNET_free (tr.msgs);
parse_json_stdin (&tr);
tr.edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024 * 1024 * 40, 1024);
GNUNET_SCHEDULER_run (&replay_transcript, &tr);
GNUNET_CRYPTO_ecc_dlog_release (tr.edc);
GNUNET_free (tr.msgs);
return ret;
return ret;
}

11
test.h
View File

@ -27,10 +27,11 @@
int tests_run = 0;
int ret = 0;
#define CHECK(cond, message) do { if (!(cond)) { fputs (message, stderr); fputc ( \
'\n', \
stderr); return 0; \
} } while (0)
#define RUN(test) do { if (!test ()) { ret = 1; } } while (0)
#define CHECK(cond, message) do { if (! (cond)) { fputs (message, stderr); \
fputc ( \
'\n', \
stderr); return 0; \
} } while (0)
#define RUN(test) do { if (! test ()) { ret = 1; } } while (0)
#endif // ifndef _BRANDT_TEST_H

1241
test_brandt.c
View File

File diff suppressed because it is too large Load Diff

164
test_crypto.c
View File

@ -31,130 +31,130 @@
static int
test_serialization ()
{
gcry_mpi_point_t oldp = gcry_mpi_point_new (0);
gcry_mpi_point_t newp = gcry_mpi_point_new (0);
gcry_mpi_t oldi = gcry_mpi_new (256);
gcry_mpi_t newi = gcry_mpi_new (256);
struct ec_mpi serp;
struct ec_mpi seri;
gcry_mpi_point_t oldp = gcry_mpi_point_new (0);
gcry_mpi_point_t newp = gcry_mpi_point_new (0);
gcry_mpi_t oldi = gcry_mpi_new (256);
gcry_mpi_t newi = gcry_mpi_new (256);
struct ec_mpi serp;
struct ec_mpi seri;
ec_keypair_create (oldp, oldi);
ec_keypair_create (oldp, oldi);
ec_point_serialize (&serp, oldp);
mpi_serialize (&seri, oldi);
ec_point_serialize (&serp, oldp);
mpi_serialize (&seri, oldi);
ec_point_parse (newp, &serp);
mpi_parse (newi, &seri);
ec_point_parse (newp, &serp);
mpi_parse (newi, &seri);
CHECK (!ec_point_cmp (oldp, newp), "serialization changed point");
CHECK (!gcry_mpi_cmp (oldi, newi), "serialization changed mpi");
CHECK (! ec_point_cmp (oldp, newp), "serialization changed point");
CHECK (! gcry_mpi_cmp (oldi, newi), "serialization changed mpi");
mpi_serialize (&seri, GCRYMPI_CONST_ONE);
mpi_parse (newi, &seri);
CHECK (!gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail");
mpi_serialize (&seri, GCRYMPI_CONST_ONE);
mpi_parse (newi, &seri);
CHECK (! gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail");
gcry_mpi_point_release (oldp);
gcry_mpi_point_release (newp);
gcry_mpi_release (oldi);
gcry_mpi_release (newi);
return 1;
gcry_mpi_point_release (oldp);
gcry_mpi_point_release (newp);
gcry_mpi_release (oldi);
gcry_mpi_release (newi);
return 1;
}
static int
test_smc_zkp_dl ()
{
struct proof_dl proof;
gcry_mpi_t x = gcry_mpi_new (256);
gcry_mpi_point_t v = gcry_mpi_point_new (0);
struct proof_dl proof;
gcry_mpi_t x = gcry_mpi_new (256);
gcry_mpi_point_t v = gcry_mpi_point_new (0);
ec_skey_create (x);
ec_skey_create (x);
smc_zkp_dl (v, x, &proof);
CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
CHECK (!smc_zkp_dl_check (v, &proof), "zkp dl wrong");
smc_zkp_dl (v, x, &proof);
CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
CHECK (! smc_zkp_dl_check (v, &proof), "zkp dl wrong");
gcry_mpi_release (x);
gcry_mpi_point_release (v);
return 1;
gcry_mpi_release (x);
gcry_mpi_point_release (v);
return 1;
}
static int
test_smc_zkp_2dle ()
{
struct proof_2dle proof;
gcry_mpi_t x = gcry_mpi_new (256);
gcry_mpi_point_t g1 = gcry_mpi_point_new (0);
gcry_mpi_point_t g2 = gcry_mpi_point_new (0);
gcry_mpi_point_t v = gcry_mpi_point_new (0);
gcry_mpi_point_t w = gcry_mpi_point_new (0);
struct proof_2dle proof;
gcry_mpi_t x = gcry_mpi_new (256);
gcry_mpi_point_t g1 = gcry_mpi_point_new (0);
gcry_mpi_point_t g2 = gcry_mpi_point_new (0);
gcry_mpi_point_t v = gcry_mpi_point_new (0);
gcry_mpi_point_t w = gcry_mpi_point_new (0);
ec_keypair_create (g1, x);
ec_keypair_create (g2, x);
ec_keypair_create (g1, x);
ec_keypair_create (g2, x);
smc_zkp_2dle (v, w, g1, g2, x, &proof);
CHECK (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve");
CHECK (!smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong");
smc_zkp_2dle (v, w, g1, g2, x, &proof);
CHECK (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve");
CHECK (! smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong");
gcry_mpi_release (x);
gcry_mpi_point_release (g1);
gcry_mpi_point_release (g2);
gcry_mpi_point_release (v);
gcry_mpi_point_release (w);
return 1;
gcry_mpi_release (x);
gcry_mpi_point_release (g1);
gcry_mpi_point_release (g2);
gcry_mpi_point_release (v);
gcry_mpi_point_release (w);
return 1;
}
static int
test_smc_zkp_0og ()
{
struct proof_0og proof;
gcry_mpi_point_t y = gcry_mpi_point_new (0);
gcry_mpi_point_t alpha = gcry_mpi_point_new (0);
gcry_mpi_point_t beta = gcry_mpi_point_new (0);
struct proof_0og proof;
gcry_mpi_point_t y = gcry_mpi_point_new (0);
gcry_mpi_point_t alpha = gcry_mpi_point_new (0);
gcry_mpi_point_t beta = gcry_mpi_point_new (0);
/* get random public key point. We don't need the secret key to check the
* proof here */
ec_keypair_create (y, NULL);
/* get random public key point. We don't need the secret key to check the
* proof here */
ec_keypair_create (y, NULL);
smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof);
CHECK (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve");
CHECK (!smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong");
smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof);
CHECK (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve");
CHECK (! smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong");
gcry_mpi_point_release (y);
gcry_mpi_point_release (alpha);
gcry_mpi_point_release (beta);
return 1;
gcry_mpi_point_release (y);
gcry_mpi_point_release (alpha);
gcry_mpi_point_release (beta);
return 1;
}
int
main (int argc, char *argv[])
{
int repeat = 1;
struct GNUNET_CRYPTO_EccDlogContext *edc;
int repeat = 1;
struct GNUNET_CRYPTO_EccDlogContext *edc;
if (GNUNET_OK != GNUNET_log_setup ("test_crypto", "WARNING", NULL))
return 1;
if (GNUNET_OK != GNUNET_log_setup ("test_crypto", "WARNING", NULL))
return 1;
edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16);
BRANDT_init (edc);
edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16);
BRANDT_init (edc);
/* tests that need to run only once */
RUN (test_serialization);
/* tests that need to run only once */
RUN (test_serialization);
for (tests_run = 0; tests_run < repeat; tests_run++)
{
RUN (test_smc_zkp_dl);
RUN (test_smc_zkp_2dle);
RUN (test_smc_zkp_0og);
}
for (tests_run = 0; tests_run < repeat; tests_run++)
{
RUN (test_smc_zkp_dl);
RUN (test_smc_zkp_2dle);
RUN (test_smc_zkp_0og);
}
GNUNET_CRYPTO_ecc_dlog_release (edc);
return ret;
GNUNET_CRYPTO_ecc_dlog_release (edc);
return ret;
}

12
util.h
View File

@ -29,15 +29,15 @@
#ifdef NDEBUG
#define DP(point) ((void)(gcry_log_debugpnt (# point, point, ec_ctx)))
#define DM(mpi) ((void)(gcry_log_debugmpi (# mpi, mpi)))
#define DS(sexp) ((void)(gcry_log_debugsxp (# sexp, sexp)))
#define DP(point) ((void) (gcry_log_debugpnt (# point, point, ec_ctx)))
#define DM(mpi) ((void) (gcry_log_debugmpi (# mpi, mpi)))
#define DS(sexp) ((void) (gcry_log_debugsxp (# sexp, sexp)))
#else /* ifdef NDEBUG */
#define DP(point) ((void)(0))
#define DM(mpi) ((void)(0))
#define DS(sexp) ((void)(0))
#define DP(point) ((void) (0))
#define DM(mpi) ((void) (0))
#define DS(sexp) ((void) (0))
#endif /* ifdef NDEBUG */