From e095416bc2e299afc1bde1f33382845b7baf4c01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= Date: Sun, 14 Jan 2024 21:42:10 +0100 Subject: [PATCH] lift code to recent GNUNET version; uncrustify --- INSTALL | 316 +++++----- bench.c | 685 +++++++++++---------- brandt.c | 760 +++++++++++------------ brandt.h | 62 +- crypto.c | 1639 +++++++++++++++++++++++++------------------------ crypto.h | 329 +++++----- fp_priv.c | 842 ++++++++++++------------- fp_pub.c | 616 ++++++++++--------- internals.h | 168 ++--- mp_priv.c | 316 +++++----- mp_pub.c | 785 +++++++++++------------ replay.c | 633 +++++++++---------- test.h | 11 +- test_brandt.c | 1241 ++++++++++++++++++------------------- test_crypto.c | 164 ++--- util.h | 12 +- 16 files changed, 4330 insertions(+), 4249 deletions(-) diff --git a/INSTALL b/INSTALL index 2099840..e82fd21 100644 --- a/INSTALL +++ b/INSTALL @@ -1,8 +1,8 @@ Installation Instructions ************************* -Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, -Inc. + Copyright (C) 1994-1996, 1999-2002, 2004-2017, 2020-2021 Free +Software Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright @@ -12,97 +12,96 @@ without warranty of any kind. Basic Installation ================== - Briefly, the shell command `./configure && make && make install' + Briefly, the shell command './configure && make && make install' should configure, build, and install this package. The following -more-detailed instructions are generic; see the `README' file for +more-detailed instructions are generic; see the 'README' file for instructions specific to this package. Some packages provide this -`INSTALL' file but do not implement all of the features documented +'INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. - The `configure' shell script attempts to guess correct values for + The 'configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that +those values to create a 'Makefile' in each directory of the package. +It may also create one or more '.h' files containing system-dependent +definitions. Finally, it creates a shell script 'config.status' that you can run in the future to recreate the current configuration, and a -file `config.log' containing compiler output (useful mainly for -debugging `configure'). +file 'config.log' containing compiler output (useful mainly for +debugging 'configure'). - It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. Caching is -disabled by default to prevent problems with accidental use of stale -cache files. + It can also use an optional file (typically called 'config.cache' and +enabled with '--cache-file=config.cache' or simply '-C') that saves the +results of its tests to speed up reconfiguring. Caching is disabled by +default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can +to figure out how 'configure' could check whether to do them, and mail +diffs or instructions to the address given in the 'README' so they can be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you +some point 'config.cache' contains results you don't want to keep, you may remove or edit it. - The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You need `configure.ac' if -you want to change it or regenerate `configure' using a newer version -of `autoconf'. + The file 'configure.ac' (or 'configure.in') is used to create +'configure' by a program called 'autoconf'. You need 'configure.ac' if +you want to change it or regenerate 'configure' using a newer version of +'autoconf'. The simplest way to compile this package is: - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. + 1. 'cd' to the directory containing the package's source code and type + './configure' to configure the package for your system. - Running `configure' might take a while. While running, it prints + Running 'configure' might take a while. While running, it prints some messages telling which features it is checking for. - 2. Type `make' to compile the package. + 2. Type 'make' to compile the package. - 3. Optionally, type `make check' to run any self-tests that come with + 3. Optionally, type 'make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. - 4. Type `make install' to install the programs and any data files and + 4. Type 'make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular - user, and only the `make install' phase executed with root + user, and only the 'make install' phase executed with root privileges. - 5. Optionally, type `make installcheck' to repeat any self-tests, but + 5. Optionally, type 'make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a - regular user, particularly if the prior `make install' required + regular user, particularly if the prior 'make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly + source code directory by typing 'make clean'. To also remove the + files that 'configure' created (so you can compile the package for + a different kind of computer), type 'make distclean'. There is + also a 'make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. - 7. Often, you can also type `make uninstall' to remove the installed + 7. Often, you can also type 'make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. - 8. Some packages, particularly those that use Automake, provide `make + 8. Some packages, particularly those that use Automake, provide 'make distcheck', which can by used by developers to test that all other - targets like `make install' and `make uninstall' work correctly. + targets like 'make install' and 'make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that -the `configure' script does not know about. Run `./configure --help' +the 'configure' script does not know about. Run './configure --help' for details on some of the pertinent environment variables. - You can give `configure' initial values for configuration parameters -by setting variables in the command line or in the environment. Here -is an example: + You can give 'configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here is +an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix @@ -113,21 +112,21 @@ Compiling For Multiple Architectures You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. To do this, you can use GNU `make'. `cd' to the +own directory. To do this, you can use GNU 'make'. 'cd' to the directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. This -is known as a "VPATH" build. +the 'configure' script. 'configure' automatically checks for the source +code in the directory that 'configure' is in and in '..'. This is known +as a "VPATH" build. - With a non-GNU `make', it is safer to compile the package for one + With a non-GNU 'make', it is safer to compile the package for one architecture at a time in the source code directory. After you have -installed the package for one architecture, use `make distclean' before +installed the package for one architecture, use 'make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or -"universal" binaries--by specifying multiple `-arch' options to the -compiler but only a single `-arch' option to the preprocessor. Like +"universal" binaries--by specifying multiple '-arch' options to the +compiler but only a single '-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ @@ -136,105 +135,104 @@ this: This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results -using the `lipo' tool if you have problems. +using the 'lipo' tool if you have problems. Installation Names ================== - By default, `make install' installs the package's commands under -`/usr/local/bin', include files under `/usr/local/include', etc. You -can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX', where PREFIX must be an + By default, 'make install' installs the package's commands under +'/usr/local/bin', include files under '/usr/local/include', etc. You +can specify an installation prefix other than '/usr/local' by giving +'configure' the option '--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -pass the option `--exec-prefix=PREFIX' to `configure', the package uses +pass the option '--exec-prefix=PREFIX' to 'configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=DIR' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. In general, the -default for these options is expressed in terms of `${prefix}', so that -specifying just `--prefix' will affect all of the other directory +options like '--bindir=DIR' to specify different values for particular +kinds of files. Run 'configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the default +for these options is expressed in terms of '${prefix}', so that +specifying just '--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the -correct locations to `configure'; however, many packages provide one or +correct locations to 'configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the -`make install' command line to change installation locations without +'make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each -affected directory. For example, `make install +affected directory. For example, 'make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of -`${prefix}'. Any directories that were specified during `configure', -but not in terms of `${prefix}', must each be overridden at install -time for the entire installation to be relocated. The approach of -makefile variable overrides for each directory variable is required by -the GNU Coding Standards, and ideally causes no recompilation. -However, some platforms have known limitations with the semantics of -shared libraries that end up requiring recompilation when using this -method, particularly noticeable in packages that use GNU Libtool. +'${prefix}'. Any directories that were specified during 'configure', +but not in terms of '${prefix}', must each be overridden at install time +for the entire installation to be relocated. The approach of makefile +variable overrides for each directory variable is required by the GNU +Coding Standards, and ideally causes no recompilation. However, some +platforms have known limitations with the semantics of shared libraries +that end up requiring recompilation when using this method, particularly +noticeable in packages that use GNU Libtool. - The second method involves providing the `DESTDIR' variable. For -example, `make install DESTDIR=/alternate/directory' will prepend -`/alternate/directory' before all installation names. The approach of -`DESTDIR' overrides is not required by the GNU Coding Standards, and + The second method involves providing the 'DESTDIR' variable. For +example, 'make install DESTDIR=/alternate/directory' will prepend +'/alternate/directory' before all installation names. The approach of +'DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even -when some directory options were not specified in terms of `${prefix}' -at `configure' time. +when some directory options were not specified in terms of '${prefix}' +at 'configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. +with an extra prefix or suffix on their names by giving 'configure' the +option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'. - Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the + Some packages pay attention to '--enable-FEATURE' options to +'configure', where FEATURE indicates an optional part of the package. +They may also pay attention to '--with-PACKAGE' options, where PACKAGE +is something like 'gnu-as' or 'x' (for the X Window System). The +'README' should mention any '--enable-' and '--with-' options that the package recognizes. - For packages that use the X Window System, `configure' can usually + For packages that use the X Window System, 'configure' can usually find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. +you can use the 'configure' options '--x-includes=DIR' and +'--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the -execution of `make' will be. For these packages, running `./configure +execution of 'make' will be. For these packages, running './configure --enable-silent-rules' sets the default to minimal output, which can be -overridden with `make V=1'; while running `./configure +overridden with 'make V=1'; while running './configure --disable-silent-rules' sets the default to verbose, which can be -overridden with `make V=0'. +overridden with 'make V=0'. Particular systems ================== - On HP-UX, the default C compiler is not ANSI C compatible. If GNU -CC is not installed, it is recommended to use the following options in + On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC +is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. - HP-UX `make' updates targets which have the same time stamps as -their prerequisites, which makes it generally unusable when shipped -generated files such as `configure' are involved. Use GNU `make' -instead. + HP-UX 'make' updates targets which have the same timestamps as their +prerequisites, which makes it generally unusable when shipped generated +files such as 'configure' are involved. Use GNU 'make' instead. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot -parse its `' header file. The option `-nodtk' can be used as -a workaround. If GNU CC is not installed, it is therefore recommended -to try +parse its '' header file. The option '-nodtk' can be used as a +workaround. If GNU CC is not installed, it is therefore recommended to +try ./configure CC="cc" @@ -242,26 +240,26 @@ and if that doesn't work, try ./configure CC="cc -nodtk" - On Solaris, don't put `/usr/ucb' early in your `PATH'. This + On Solaris, don't put '/usr/ucb' early in your 'PATH'. This directory contains several dysfunctional programs; working variants of -these programs are available in `/usr/bin'. So, if you need `/usr/ucb' -in your `PATH', put it _after_ `/usr/bin'. +these programs are available in '/usr/bin'. So, if you need '/usr/ucb' +in your 'PATH', put it _after_ '/usr/bin'. - On Haiku, software installed for all users goes in `/boot/common', -not `/usr/local'. It is recommended to use the following options: + On Haiku, software installed for all users goes in '/boot/common', +not '/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== - There may be some features `configure' cannot figure out + There may be some features 'configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the -_same_ architectures, `configure' can figure that out, but if it prints +_same_ architectures, 'configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the -`--build=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name which has the form: +'--build=TYPE' option. TYPE can either be a short name for the system +type, such as 'sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM @@ -270,101 +268,101 @@ where SYSTEM can have one of these forms: OS KERNEL-OS - See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't + See the file 'config.sub' for the possible values of each field. If +'config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should -use the option `--target=TYPE' to select the type of system they will +use the option '--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will -eventually be run) with `--host=TYPE'. +eventually be run) with '--host=TYPE'. Sharing Defaults ================ - If you want to set default values for `configure' scripts to share, -you can create a site shell script called `config.site' that gives -default values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. + If you want to set default values for 'configure' scripts to share, +you can create a site shell script called 'config.site' that gives +default values for variables like 'CC', 'cache_file', and 'prefix'. +'configure' looks for 'PREFIX/share/config.site' if it exists, then +'PREFIX/etc/config.site' if it exists. Or, you can set the +'CONFIG_SITE' environment variable to the location of the site script. +A warning: not all 'configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the -environment passed to `configure'. However, some packages may run +environment passed to 'configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set -them in the `configure' command line, using `VAR=value'. For example: +them in the 'configure' command line, using 'VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc -causes the specified `gcc' to be used as the C compiler (unless it is +causes the specified 'gcc' to be used as the C compiler (unless it is overridden in the site shell script). -Unfortunately, this technique does not work for `CONFIG_SHELL' due to -an Autoconf limitation. Until the limitation is lifted, you can use -this workaround: +Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an +Autoconf limitation. Until the limitation is lifted, you can use this +workaround: CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash -`configure' Invocation +'configure' Invocation ====================== - `configure' recognizes the following options to control how it + 'configure' recognizes the following options to control how it operates. -`--help' -`-h' - Print a summary of all of the options to `configure', and exit. +'--help' +'-h' + Print a summary of all of the options to 'configure', and exit. -`--help=short' -`--help=recursive' +'--help=short' +'--help=recursive' Print a summary of the options unique to this package's - `configure', and exit. The `short' variant lists options used - only in the top level, while the `recursive' variant lists options - also present in any nested packages. + 'configure', and exit. The 'short' variant lists options used only + in the top level, while the 'recursive' variant lists options also + present in any nested packages. -`--version' -`-V' - Print the version of Autoconf used to generate the `configure' +'--version' +'-V' + Print the version of Autoconf used to generate the 'configure' script, and exit. -`--cache-file=FILE' +'--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, - traditionally `config.cache'. FILE defaults to `/dev/null' to + traditionally 'config.cache'. FILE defaults to '/dev/null' to disable caching. -`--config-cache' -`-C' - Alias for `--cache-file=config.cache'. +'--config-cache' +'-C' + Alias for '--cache-file=config.cache'. -`--quiet' -`--silent' -`-q' +'--quiet' +'--silent' +'-q' Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error + suppress all normal output, redirect it to '/dev/null' (any error messages will still be shown). -`--srcdir=DIR' +'--srcdir=DIR' Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. + 'configure' can determine that directory automatically. -`--prefix=DIR' - Use DIR as the installation prefix. *note Installation Names:: - for more details, including other options available for fine-tuning - the installation locations. +'--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: for + more details, including other options available for fine-tuning the + installation locations. -`--no-create' -`-n' +'--no-create' +'-n' Run the configure checks, but stop before creating any output files. -`configure' also accepts some other, not widely useful, options. Run -`configure --help' for more details. +'configure' also accepts some other, not widely useful, options. Run +'configure --help' for more details. diff --git a/bench.c b/bench.c index 55a3095..b44c59d 100644 --- a/bench.c +++ b/bench.c @@ -30,348 +30,350 @@ #define MIN(A, B) ((A) < (B) ? (A) : (B)) -struct msg { - uint16_t sender; - uint16_t receiver; - void *buf; - size_t buf_len; +struct msg +{ + uint16_t sender; + uint16_t receiver; + void *buf; + size_t buf_len; }; -struct testcase { - uint16_t n; - uint16_t k; - uint16_t *bids; - uint16_t m; - uint16_t outcome_public; - uint16_t ret; - struct BRANDT_Auction **ad; - uint16_t *id; - uint16_t *result_called; +struct testcase +{ + uint16_t n; + uint16_t k; + uint16_t *bids; + uint16_t m; + uint16_t outcome_public; + uint16_t ret; + struct BRANDT_Auction **ad; + uint16_t *id; + uint16_t *result_called; }; -static struct testcase tcase; +static struct testcase tcase; static struct GNUNET_CRYPTO_EccDlogContext *edc; static struct BRANDT_Result * expected_outcome (uint16_t i, uint16_t *rlen) { - struct BRANDT_Result *ret = NULL; - int32_t highest_bidder = -1; - int32_t highest_bid = -1; - int32_t mpf_highest_bidder; - int32_t mpf_highest_bid = -1; - int32_t prev_mpf_highest_bidder = -1; - uint16_t winners = MIN (tcase.m, tcase.n); - uint16_t cur_winner = 0; + struct BRANDT_Result *ret = NULL; + int32_t highest_bidder = -1; + int32_t highest_bid = -1; + int32_t mpf_highest_bidder; + int32_t mpf_highest_bid = -1; + int32_t prev_mpf_highest_bidder = -1; + uint16_t winners = MIN (tcase.m, tcase.n); + uint16_t cur_winner = 0; - *rlen = 0; + *rlen = 0; - if (0 == tcase.n) - return NULL; + if (0 == tcase.n) + return NULL; - if (0 == tcase.m) - { - for (uint16_t h = 0; h < tcase.n; h++) - if (tcase.bids[h] > highest_bid) - highest_bid = tcase.bids[highest_bidder = h]; + if (0 == tcase.m) + { + for (uint16_t h = 0; h < tcase.n; h++) + if (tcase.bids[h] > highest_bid) + highest_bid = tcase.bids[highest_bidder = h]; - if (!tcase.outcome_public && !(i == highest_bidder || i == tcase.n)) - return NULL; + if (! tcase.outcome_public && ! (i == highest_bidder || i == tcase.n)) + return NULL; - ret = GNUNET_new (struct BRANDT_Result); - ret->bidder = highest_bidder; - ret->price = highest_bid; - ret->status = BRANDT_bidder_won; - *rlen = 1; - return ret; - } + ret = GNUNET_new (struct BRANDT_Result); + ret->bidder = highest_bidder; + ret->price = highest_bid; + ret->status = BRANDT_bidder_won; + *rlen = 1; + return ret; + } - /* fewer bidders than needed -> everyone wins with lowest price */ - if (tcase.n <= tcase.m) - { - if (tcase.outcome_public || i == tcase.n) - { - ret = GNUNET_new_array ((*rlen = tcase.n), struct BRANDT_Result); - for (uint16_t h = 0; h < tcase.n; h++) - { - ret[h].bidder = h; - ret[h].price = 0; - ret[h].status = BRANDT_bidder_won; - } - } - else - { - ret = GNUNET_new (struct BRANDT_Result); - ret->bidder = i; - ret->price = 0; - ret->status = BRANDT_bidder_won; - *rlen = 1; - } - return ret; - } + /* fewer bidders than needed -> everyone wins with lowest price */ + if (tcase.n <= tcase.m) + { + if (tcase.outcome_public || i == tcase.n) + { + ret = GNUNET_new_array ((*rlen = tcase.n), struct BRANDT_Result); + for (uint16_t h = 0; h < tcase.n; h++) + { + ret[h].bidder = h; + ret[h].price = 0; + ret[h].status = BRANDT_bidder_won; + } + } + else + { + ret = GNUNET_new (struct BRANDT_Result); + ret->bidder = i; + ret->price = 0; + ret->status = BRANDT_bidder_won; + *rlen = 1; + } + return ret; + } - /* find M+1st highest bidder to determine selling price */ - for (uint16_t h = 0; h < tcase.n; h++) - if (tcase.bids[h] > mpf_highest_bid) - mpf_highest_bid = tcase.bids[prev_mpf_highest_bidder = h]; - for (uint16_t m = 0; m < MIN (tcase.m, tcase.n - 1); m++) - { - mpf_highest_bidder = -1; - mpf_highest_bid = -1; - for (uint16_t h = 0; h < tcase.n; h++) - { - if (tcase.bids[h] > mpf_highest_bid && - (tcase.bids[h] < tcase.bids[prev_mpf_highest_bidder] || - (tcase.bids[h] == tcase.bids[prev_mpf_highest_bidder] && - h > prev_mpf_highest_bidder))) - { - mpf_highest_bid = tcase.bids[mpf_highest_bidder = h]; - } - } - prev_mpf_highest_bidder = mpf_highest_bidder; - } + /* find M+1st highest bidder to determine selling price */ + for (uint16_t h = 0; h < tcase.n; h++) + if (tcase.bids[h] > mpf_highest_bid) + mpf_highest_bid = tcase.bids[prev_mpf_highest_bidder = h]; + for (uint16_t m = 0; m < MIN (tcase.m, tcase.n - 1); m++) + { + mpf_highest_bidder = -1; + mpf_highest_bid = -1; + for (uint16_t h = 0; h < tcase.n; h++) + { + if (tcase.bids[h] > mpf_highest_bid && + (tcase.bids[h] < tcase.bids[prev_mpf_highest_bidder] || + (tcase.bids[h] == tcase.bids[prev_mpf_highest_bidder] && + h > prev_mpf_highest_bidder))) + { + mpf_highest_bid = tcase.bids[mpf_highest_bidder = h]; + } + } + prev_mpf_highest_bidder = mpf_highest_bidder; + } - /* for simplicity always locate the big block if we need to report at - * least one winner. with private outcome for losing bidders or winners - * only none or one element will be used respectively. */ - if (tcase.outcome_public || i == tcase.n || - tcase.bids[i] > mpf_highest_bid || - (tcase.bids[i] == mpf_highest_bid && i < mpf_highest_bidder)) - ret = GNUNET_new_array (winners, struct BRANDT_Result); + /* for simplicity always locate the big block if we need to report at + * least one winner. with private outcome for losing bidders or winners + * only none or one element will be used respectively. */ + if (tcase.outcome_public || i == tcase.n || + tcase.bids[i] > mpf_highest_bid || + (tcase.bids[i] == mpf_highest_bid && i < mpf_highest_bidder)) + ret = GNUNET_new_array (winners, struct BRANDT_Result); - /* report winners */ - for (uint16_t h = 0; h < tcase.n; h++) - { - if (((tcase.bids[h] == mpf_highest_bid && h < mpf_highest_bidder) || - tcase.bids[h] > mpf_highest_bid) && /* h is a winner */ - (tcase.outcome_public || i == h || i == tcase.n)) /* needs report */ - { - if (cur_winner >= winners) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "got too many winners\n"); - _exit (1); - } - ret[cur_winner].bidder = h; - ret[cur_winner].price = mpf_highest_bid; - ret[cur_winner].status = BRANDT_bidder_won; - cur_winner++; - } - } - *rlen = cur_winner; - return ret; + /* report winners */ + for (uint16_t h = 0; h < tcase.n; h++) + { + if (((tcase.bids[h] == mpf_highest_bid && h < mpf_highest_bidder) || + tcase.bids[h] > mpf_highest_bid) && /* h is a winner */ + (tcase.outcome_public || i == h || i == tcase.n)) /* needs report */ + { + if (cur_winner >= winners) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "got too many winners\n"); + _exit (1); + } + ret[cur_winner].bidder = h; + ret[cur_winner].price = mpf_highest_bid; + ret[cur_winner].status = BRANDT_bidder_won; + cur_winner++; + } + } + *rlen = cur_winner; + return ret; } static void bidder_start (void *arg) { - uint16_t i = *(uint16_t *)arg; + uint16_t i = *(uint16_t *) arg; - GNUNET_log (GNUNET_ERROR_TYPE_INFO, "starting bidder %d\n", i); - BRANDT_bidder_start (tcase.ad[i], i, tcase.n); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "starting bidder %d\n", i); + BRANDT_bidder_start (tcase.ad[i], i, tcase.n); } static void transfer_message (void *arg) { - struct msg *m = (struct msg *)arg; - struct msg_head *h = (struct msg_head *)m->buf; + struct msg *m = (struct msg *) arg; + struct msg_head *h = (struct msg_head *) m->buf; - GNUNET_log (GNUNET_ERROR_TYPE_INFO, "xfer msg %d %p from %d to %d\n", - ntohl (h->msg_type), arg, m->sender, m->receiver); - BRANDT_got_message (tcase.ad[m->receiver], m->sender, m->buf, m->buf_len); - GNUNET_free (m->buf); - GNUNET_free (m); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "xfer msg %d %p from %d to %d\n", + ntohl (h->msg_type), arg, m->sender, m->receiver); + BRANDT_got_message (tcase.ad[m->receiver], m->sender, m->buf, m->buf_len); + GNUNET_free (m->buf); + GNUNET_free (m); } static uint16_t cb_start (void *auction_closure) { - uint16_t *s = (uint16_t *)auction_closure; + uint16_t *s = (uint16_t *) auction_closure; - if (tcase.n != *s) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "start callback called from bidder\n"); - _exit (1); - } + if (tcase.n != *s) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "start callback called from bidder\n"); + _exit (1); + } - for (uint16_t i = 0; i < tcase.n; i++) - GNUNET_SCHEDULER_add_now (&bidder_start, &tcase.id[i]); + for (uint16_t i = 0; i < tcase.n; i++) + GNUNET_SCHEDULER_add_now (&bidder_start, &tcase.id[i]); - return tcase.n; + return tcase.n; } static int cb_broadcast (void *auction_closure, const void *msg, - size_t msg_len) + size_t msg_len) { - uint16_t *s = (uint16_t *)auction_closure; - struct msg *m; + uint16_t *s = (uint16_t *) auction_closure; + struct msg *m; - for (uint16_t i = 0; i <= tcase.n; i++) - { - if (i == *s) - continue; - m = GNUNET_new (struct msg); - m->sender = *s; - m->receiver = i; - m->buf = GNUNET_new_array (msg_len, unsigned char); - memcpy (m->buf, msg, msg_len); - m->buf_len = msg_len; - GNUNET_SCHEDULER_add_now (&transfer_message, m); - } - return 0; + for (uint16_t i = 0; i <= tcase.n; i++) + { + if (i == *s) + continue; + m = GNUNET_new (struct msg); + m->sender = *s; + m->receiver = i; + m->buf = GNUNET_new_array (msg_len, unsigned char); + memcpy (m->buf, msg, msg_len); + m->buf_len = msg_len; + GNUNET_SCHEDULER_add_now (&transfer_message, m); + } + return 0; } static int cb_unicast (void *auction_closure, const void *msg, - size_t msg_len) + size_t msg_len) { - uint16_t *s = (uint16_t *)auction_closure; - struct msg *m; + uint16_t *s = (uint16_t *) auction_closure; + struct msg *m; - m = GNUNET_new (struct msg); - m->sender = *s; - m->receiver = tcase.n; /* == seller */ - m->buf = GNUNET_new_array (msg_len, unsigned char); - memcpy (m->buf, msg, msg_len); - m->buf_len = msg_len; - GNUNET_SCHEDULER_add_now (&transfer_message, m); + m = GNUNET_new (struct msg); + m->sender = *s; + m->receiver = tcase.n; /* == seller */ + m->buf = GNUNET_new_array (msg_len, unsigned char); + memcpy (m->buf, msg, msg_len); + m->buf_len = msg_len; + GNUNET_SCHEDULER_add_now (&transfer_message, m); - return 0; + return 0; } static void cb_result (void *auction_closure, struct BRANDT_Result results[], - uint16_t results_len) + uint16_t results_len) { - uint16_t *s = (uint16_t *)auction_closure; - uint16_t mustlen = -1; - struct BRANDT_Result *must = expected_outcome (*s, &mustlen); + uint16_t *s = (uint16_t *) auction_closure; + uint16_t mustlen = -1; + struct BRANDT_Result *must = expected_outcome (*s, &mustlen); - if (mustlen != results_len) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "expected result len is: %d\n", - mustlen); - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "computed result len is: %d (by agent %d)\n", - results_len, - *s); - tcase.ret = 1; - goto quit; - } + if (mustlen != results_len) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "expected result len is: %d\n", + mustlen); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "computed result len is: %d (by agent %d)\n", + results_len, + *s); + tcase.ret = 1; + goto quit; + } - if (0 == results_len && NULL != must) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "expected result is: %p\n", - (void *)must); - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "computed result is: (nil) (by agent %d)\n", - *s); + if (0 == results_len && NULL != must) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "expected result is: %p\n", + (void *) must); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "computed result is: (nil) (by agent %d)\n", + *s); - tcase.ret = 1; - } + tcase.ret = 1; + } - for (uint16_t i = 0; i < results_len; i++) - { - GNUNET_log ( - GNUNET_ERROR_TYPE_INFO, - "expected result is: bidder %d got status %d with price %d\n", - must[i].bidder, - must[i].status, - must[i].price); - GNUNET_log ( - GNUNET_ERROR_TYPE_INFO, - "computed result is: bidder %d got status %d with price %d (by agent %d)\n", - results[i].bidder, - results[i].status, - results[i].price, - *s); + for (uint16_t i = 0; i < results_len; i++) + { + GNUNET_log ( + GNUNET_ERROR_TYPE_INFO, + "expected result is: bidder %d got status %d with price %d\n", + must[i].bidder, + must[i].status, + must[i].price); + GNUNET_log ( + GNUNET_ERROR_TYPE_INFO, + "computed result is: bidder %d got status %d with price %d (by agent %d)\n", + results[i].bidder, + results[i].status, + results[i].price, + *s); - if (NULL == must || - must[i].bidder != results[i].bidder || - must[i].status != results[i].status || - must[i].price != results[i].price) - tcase.ret = 1; - } + if (NULL == must || + must[i].bidder != results[i].bidder || + must[i].status != results[i].status || + must[i].price != results[i].price) + tcase.ret = 1; + } quit: - tcase.result_called[*s] = 1; - if (must) - GNUNET_free (must); + tcase.result_called[*s] = 1; + if (must) + GNUNET_free (must); } static void run_auction (void *arg) { - void *desc; - size_t desc_len; + void *desc; + size_t desc_len; - tcase.ad[tcase.n] = BRANDT_new (&cb_result, - &cb_broadcast, - &cb_start, - &tcase.id[tcase.n], - &desc, - &desc_len, - GNUNET_TIME_absolute_get (), - GNUNET_TIME_UNIT_MINUTES, - tcase.k, /* number of prizes */ - tcase.m, /* m */ - tcase.outcome_public, /* outcome public */ - tcase.outcome_public ? edc : NULL); - if (!tcase.ad[tcase.n]) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_new() failed.\n"); - _exit (1); - } + tcase.ad[tcase.n] = BRANDT_new (&cb_result, + &cb_broadcast, + &cb_start, + &tcase.id[tcase.n], + &desc, + &desc_len, + GNUNET_TIME_absolute_get (), + GNUNET_TIME_UNIT_MINUTES, + tcase.k, /* number of prizes */ + tcase.m, /* m */ + tcase.outcome_public, /* outcome public */ + tcase.outcome_public ? edc : NULL); + if (! tcase.ad[tcase.n]) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_new() failed.\n"); + _exit (1); + } - for (uint16_t i = 0; i < tcase.n; i++) - { - tcase.ad[i] = BRANDT_join (&cb_result, - &cb_broadcast, - &cb_unicast, - &tcase.id[i], - desc, - desc_len, - tcase.bids[i], /* bid */ - tcase.outcome_public ? edc : NULL); - if (!tcase.ad[i]) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_join() failed.\n"); - tcase.ret = 1; - return; - } + for (uint16_t i = 0; i < tcase.n; i++) + { + tcase.ad[i] = BRANDT_join (&cb_result, + &cb_broadcast, + &cb_unicast, + &tcase.id[i], + desc, + desc_len, + tcase.bids[i], /* bid */ + tcase.outcome_public ? edc : NULL); + if (! tcase.ad[i]) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_join() failed.\n"); + tcase.ret = 1; + return; + } - if (tcase.ad[tcase.n]->k != tcase.ad[i]->k || - tcase.ad[tcase.n]->m != tcase.ad[i]->m || - tcase.ad[tcase.n]->outcome_public != tcase.ad[i]->outcome_public || - tcase.ad[tcase.n]->time_start.abs_value_us - != tcase.ad[i]->time_start.abs_value_us || - tcase.ad[tcase.n]->time_round.rel_value_us - != tcase.ad[i]->time_round.rel_value_us || - !tcase.ad[tcase.n]->seller_mode || /* todo: split out */ - tcase.ad[i]->seller_mode) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "error/mismatch in basic auction data\n"); - tcase.ret = 1; - return; - } - } + if (tcase.ad[tcase.n]->k != tcase.ad[i]->k || + tcase.ad[tcase.n]->m != tcase.ad[i]->m || + tcase.ad[tcase.n]->outcome_public != tcase.ad[i]->outcome_public || + tcase.ad[tcase.n]->time_start.abs_value_us + != tcase.ad[i]->time_start.abs_value_us || + tcase.ad[tcase.n]->time_round.rel_value_us + != tcase.ad[i]->time_round.rel_value_us || + ! tcase.ad[tcase.n]->seller_mode || /* todo: split out */ + tcase.ad[i]->seller_mode) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "error/mismatch in basic auction data\n"); + tcase.ret = 1; + return; + } + } } @@ -394,102 +396,107 @@ test_auction (uint16_t n, uint16_t m, uint16_t outcome_public) { - tcase.n = n; - tcase.k = k; - tcase.bids = bids; - tcase.m = m; - tcase.outcome_public = outcome_public; - tcase.ret = 0; + tcase.n = n; + tcase.k = k; + tcase.bids = bids; + tcase.m = m; + tcase.outcome_public = outcome_public; + tcase.ret = 0; - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "######################################\n"); - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "testing %s auction with m = %d and %s outcome\n", - tcase.m > 0 ? "M+1ST PRICE" : "FIRST PRICE", - tcase.m, - tcase.outcome_public ? "PUBLIC" : "PRIVATE"); - /** \todo: output bids */ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "######################################\n"); - tcase.ad = GNUNET_new_array (tcase.n + 1, struct BRANDT_Auction *); - tcase.id = GNUNET_new_array (tcase.n + 1, uint16_t); - for (uint16_t i = 0; i <= tcase.n; i++) - tcase.id[i] = i; - tcase.result_called = GNUNET_new_array (tcase.n + 1, uint16_t); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "######################################\n"); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "testing %s auction with m = %d and %s outcome\n", + tcase.m > 0 ? "M+1ST PRICE" : "FIRST PRICE", + tcase.m, + tcase.outcome_public ? "PUBLIC" : "PRIVATE"); + /** \todo: output bids */ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "######################################\n"); + tcase.ad = GNUNET_new_array (tcase.n + 1, struct BRANDT_Auction *); + tcase.id = GNUNET_new_array (tcase.n + 1, uint16_t); + for (uint16_t i = 0; i <= tcase.n; i++) + tcase.id[i] = i; + tcase.result_called = GNUNET_new_array (tcase.n + 1, uint16_t); - GNUNET_SCHEDULER_run (&run_auction, NULL); + GNUNET_SCHEDULER_run (&run_auction, NULL); - for (uint16_t i = 0; i <= tcase.n; i++) - { - BRANDT_destroy (tcase.ad[i]); - if (!tcase.result_called[i]) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "result callback not called for bidder %d\n", - i); - tcase.ret = 1; - } - } + for (uint16_t i = 0; i <= tcase.n; i++) + { + BRANDT_destroy (tcase.ad[i]); + if (! tcase.result_called[i]) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "result callback not called for bidder %d\n", + i); + tcase.ret = 1; + } + } - GNUNET_free (tcase.ad); - GNUNET_free (tcase.id); - GNUNET_free (tcase.result_called); + GNUNET_free (tcase.ad); + GNUNET_free (tcase.id); + GNUNET_free (tcase.result_called); - return tcase.ret; + return tcase.ret; } int main (int argc, char *argv[]) { - int ret = 0; - uint16_t n; - uint16_t k; - uint16_t m; - uint16_t public; - uint16_t *bids = NULL; - struct GNUNET_GETOPT_CommandLineOption options[] = { - GNUNET_GETOPT_option_help ("benchmark a single libbrandt auction"), - {'k', "k", "NUMBER", - gettext_noop ("number of prices\n"), - 1, &GNUNET_GETOPT_option_uint, &k}, - {'n', "n", "NUMBER", - gettext_noop ("number of bidders\n"), - 1, &GNUNET_GETOPT_option_uint, &n}, - {'m', "m", "NUMBER", - gettext_noop ("number of items to sell\n" - "0 for first price auction\n" - ">0 for vickrey/M+1st price auction"), - 1, &GNUNET_GETOPT_option_uint, &m}, - {'p', "public", NULL, - gettext_noop ("public auction outcome"), - 0, &GNUNET_GETOPT_option_flag, &public}, - GNUNET_GETOPT_OPTION_END - }; + int ret = 0; + uint16_t n; + uint16_t k; + uint16_t m; + uint16_t public; + uint16_t *bids = NULL; + struct GNUNET_GETOPT_CommandLineOption options[] = { + GNUNET_GETOPT_option_help ("benchmark a single libbrandt auction"), + GNUNET_GETOPT_option_uint16 ( + 'k', "k", "NUMBER", + gettext_noop ("number of prices\n"), + &k), + GNUNET_GETOPT_option_uint16 ( + 'n', "n", "NUMBER", + gettext_noop ("number of bidders\n"), + &n), + GNUNET_GETOPT_option_uint16 ( + 'm', "m", "NUMBER", + gettext_noop ("number of items to sell\n" + "0 for first price auction\n" + ">0 for vickrey/M+1st price auction"), + &m), + GNUNET_GETOPT_option_uint16 ( + 'p', "public", NULL, + gettext_noop ("public auction outcome"), + &public), + GNUNET_GETOPT_OPTION_END + }; - if (GNUNET_OK != GNUNET_log_setup ("test_brandt", "WARNING", NULL)) - return 1; + if (GNUNET_OK != GNUNET_log_setup ("test_brandt", "WARNING", NULL)) + return 1; - ret = GNUNET_GETOPT_run ("bench", options, (unsigned int) argc, argv); - if ((GNUNET_OK > ret) || - (GNUNET_OK != GNUNET_log_setup ("bench", "WARNING", NULL))) - return 1; + ret = GNUNET_GETOPT_run ("bench", options, (unsigned int) argc, argv); + if ((GNUNET_OK > ret) || + (GNUNET_OK != GNUNET_log_setup ("bench", "WARNING", NULL))) + return 1; - if (n == 0) - n = 4; - if (k == 0) - k = 3; + if (n == 0) + n = 4; + if (k == 0) + k = 3; - if (!(bids = calloc(sizeof(uint16_t), n))) - return 1; - for (uint16_t i = 0; i < n; i++) - bids[i] = (uint16_t)GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, k); + if (! (bids = calloc (sizeof(uint16_t), n))) + return 1; + for (uint16_t i = 0; i < n; i++) + bids[i] = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, + k); - edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); - BRANDT_init (); + edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); + BRANDT_init (); - ret = test_auction (n, k, bids, m, public); + ret = test_auction (n, k, bids, m, public); - GNUNET_CRYPTO_ecc_dlog_release (edc); - return ret; + GNUNET_CRYPTO_ecc_dlog_release (edc); + return ret; } diff --git a/brandt.c b/brandt.c index bd6e01e..08f2f1a 100644 --- a/brandt.c +++ b/brandt.c @@ -30,499 +30,499 @@ void BRANDT_init () { - gcry_error_t err = 0; + gcry_error_t err = 0; - if (!gcry_check_version ("1.7.0")) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "libgcrypt version mismatch\n"); - GNUNET_abort_ (); - } + if (! gcry_check_version ("1.7.0")) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "libgcrypt version mismatch\n"); + GNUNET_abort_ (); + } - /* SECMEM cannot be resized dynamically. We do not know how much we need */ - if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0))) - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "failed to set libgcrypt option DISABLE_SECMEM: %s\n", - gcry_strerror (err)); + /* SECMEM cannot be resized dynamically. We do not know how much we need */ + if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0))) + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "failed to set libgcrypt option DISABLE_SECMEM: %s\n", + gcry_strerror (err)); - /* ecc is slow otherwise and we don't create long term keys anyway. */ - if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0))) - GNUNET_log_from ( - GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s\n", - gcry_strerror (err)); + /* ecc is slow otherwise and we don't create long term keys anyway. */ + if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0))) + GNUNET_log_from ( + GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s\n", + gcry_strerror (err)); - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); - brandt_crypto_init (); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + brandt_crypto_init (); } void BRANDT_bidder_start (struct BRANDT_Auction *auction, - uint16_t i, - uint16_t n) + uint16_t i, + uint16_t n) { - enum auction_type atype; - enum outcome_type outcome; - unsigned char *buf; - size_t buflen; + enum auction_type atype; + enum outcome_type outcome; + unsigned char *buf; + size_t buflen; - GNUNET_assert (auction && n > 0 && i < n); - auction->n = n; - auction->i = i; + GNUNET_assert (auction && n > 0 && i < n); + auction->n = n; + auction->i = i; - atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; - outcome = auction->outcome_public ? outcome_public : outcome_private; + atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; + outcome = auction->outcome_public ? outcome_public : outcome_private; - if (auction_mPlusFirstPrice == atype && n <= auction->m) - { /* fewer bidders than items to sell. every bidder won with lowest price */ - struct BRANDT_Result *res; - if (auction->outcome_public) - { - res = GNUNET_new_array (n, struct BRANDT_Result); - for (uint16_t h = 0; h < n; h++) - { - res[h].bidder = h; - res[h].price = 0; - res[h].status = BRANDT_bidder_won; - } - auction->result (auction->closure, res, n); - } - else - { - res = GNUNET_new (struct BRANDT_Result); - res->bidder = i; - res->price = 0; - res->status = BRANDT_bidder_won; - auction->result (auction->closure, res, 1); - } - return; - } + if (auction_mPlusFirstPrice == atype && n <= auction->m) + { /* fewer bidders than items to sell. every bidder won with lowest price */ + struct BRANDT_Result *res; + if (auction->outcome_public) + { + res = GNUNET_new_array (n, struct BRANDT_Result); + for (uint16_t h = 0; h < n; h++) + { + res[h].bidder = h; + res[h].price = 0; + res[h].status = BRANDT_bidder_won; + } + auction->result (auction->closure, res, n); + } + else + { + res = GNUNET_new (struct BRANDT_Result); + res->bidder = i; + res->price = 0; + res->status = BRANDT_bidder_won; + auction->result (auction->closure, res, 1); + } + return; + } - /* On M+1st price auctions we multiply the amount of prizes by the amount of - * bidders and resctrict each bidder to his own distinct subset of the - * prices. This is done for tie breaking. An additional proof is used in the - * encrypt_bid round to show that the bidder has chosen a valid bid and the - * outcome callback will remap the result to the original k price values. */ - if (auction_mPlusFirstPrice == atype) - { - auction->k *= n; - auction->b = auction->b * n + n - i - 1; - } + /* On M+1st price auctions we multiply the amount of prizes by the amount of + * bidders and resctrict each bidder to his own distinct subset of the + * prices. This is done for tie breaking. An additional proof is used in the + * encrypt_bid round to show that the bidder has chosen a valid bid and the + * outcome callback will remap the result to the original k price values. */ + if (auction_mPlusFirstPrice == atype) + { + auction->k *= n; + auction->b = auction->b * n + n - i - 1; + } - if (handler_prep[atype][outcome][msg_init]) - handler_prep[atype][outcome][msg_init] (auction); + if (handler_prep[atype][outcome][msg_init]) + handler_prep[atype][outcome][msg_init] (auction); - if (!handler_out[atype][outcome][msg_init] || - !(buf = handler_out[atype][outcome][msg_init](auction, &buflen))) - { - /** \todo */ - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "wow fail out\n"); - return; - } + if (! handler_out[atype][outcome][msg_init] || + ! (buf = handler_out[atype][outcome][msg_init](auction, &buflen))) + { + /** \todo */ + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "wow fail out\n"); + return; + } - auction->bcast (auction->closure, buf, buflen); - gcry_mpi_set_bit (auction->round_progress, auction->i); - free (buf); + auction->bcast (auction->closure, buf, buflen); + gcry_mpi_set_bit (auction->round_progress, auction->i); + free (buf); } static void seller_start (void *arg) { - struct BRANDT_Auction *ad = (struct BRANDT_Auction *)arg; - enum auction_type atype; - enum outcome_type outcome; + struct BRANDT_Auction *ad = (struct BRANDT_Auction *) arg; + enum auction_type atype; + enum outcome_type outcome; - ad->task = NULL; + ad->task = NULL; - ad->n = ad->start (ad->closure); - if (0 == ad->n) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_INFO, - "libbrandt", - "no bidders registered for auction\n"); - ad->result (ad->closure, NULL, 0); - return; - } - else if (ad->n <= ad->m) - { - struct BRANDT_Result *res = GNUNET_new_array (ad->n, - struct BRANDT_Result); + ad->n = ad->start (ad->closure); + if (0 == ad->n) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_INFO, + "libbrandt", + "no bidders registered for auction\n"); + ad->result (ad->closure, NULL, 0); + return; + } + else if (ad->n <= ad->m) + { + struct BRANDT_Result *res = GNUNET_new_array (ad->n, + struct BRANDT_Result); - GNUNET_log_from (GNUNET_ERROR_TYPE_INFO, - "libbrandt", - "less bidders than needed, selling for lowest price\n"); - for (uint16_t i = 0; i < ad->n; i++) - { - res[i].bidder = i; - res[i].price = 0; - res[i].status = BRANDT_bidder_won; - } - ad->result (ad->closure, res, ad->n); - } + GNUNET_log_from (GNUNET_ERROR_TYPE_INFO, + "libbrandt", + "less bidders than needed, selling for lowest price\n"); + for (uint16_t i = 0; i < ad->n; i++) + { + res[i].bidder = i; + res[i].price = 0; + res[i].status = BRANDT_bidder_won; + } + ad->result (ad->closure, res, ad->n); + } - atype = ad->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; - outcome = ad->outcome_public ? outcome_public : outcome_private; + atype = ad->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; + outcome = ad->outcome_public ? outcome_public : outcome_private; - /* On M+1st price auctions we multiply the amount of prizes by the amount of - * bidders and resctrict each bidder to his own distinct subset of the - * prices. This is done for tie breaking. An additional proof is used in the - * encrypt_bid round to show that the bidder has chosen a valid bid and the - * outcome callback will remap the result to the original k price values. */ - if (auction_mPlusFirstPrice == atype) - ad->k *= ad->n; + /* On M+1st price auctions we multiply the amount of prizes by the amount of + * bidders and resctrict each bidder to his own distinct subset of the + * prices. This is done for tie breaking. An additional proof is used in the + * encrypt_bid round to show that the bidder has chosen a valid bid and the + * outcome callback will remap the result to the original k price values. */ + if (auction_mPlusFirstPrice == atype) + ad->k *= ad->n; - if (handler_prep[atype][outcome][msg_init]) - handler_prep[atype][outcome][msg_init] (ad); + if (handler_prep[atype][outcome][msg_init]) + handler_prep[atype][outcome][msg_init] (ad); } struct BRANDT_Auction * -BRANDT_new (BRANDT_CbResult result, - BRANDT_CbDeliver broadcast, - BRANDT_CbStart start, +BRANDT_new (BRANDT_CbResult result, + BRANDT_CbDeliver broadcast, + BRANDT_CbStart start, void *auction_closure, void **auction_desc, size_t *auction_desc_len, - struct GNUNET_TIME_Absolute time_start, - struct GNUNET_TIME_Relative time_round, - uint16_t num_prices, - uint16_t m, - int outcome_public, + struct GNUNET_TIME_Absolute time_start, + struct GNUNET_TIME_Relative time_round, + uint16_t num_prices, + uint16_t m, + int outcome_public, struct GNUNET_CRYPTO_EccDlogContext *dlogctx) { - struct BRANDT_Auction *ret; - struct BRANDT_DescrP *desc; - struct GNUNET_TIME_Relative until_start; + struct BRANDT_Auction *ret; + struct BRANDT_DescrP *desc; + struct GNUNET_TIME_Relative until_start; - if (!(0 < num_prices)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "num_prices must be > 0\n"); - return NULL; - } + if (! (0 < num_prices)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "num_prices must be > 0\n"); + return NULL; + } - if (1 == outcome_public && NULL == dlogctx) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "need dlogctx for public outcome auctions\n"); - return NULL; - } + if (1 == outcome_public && NULL == dlogctx) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "need dlogctx for public outcome auctions\n"); + return NULL; + } - desc = GNUNET_new (struct BRANDT_DescrP); - desc->time_start = GNUNET_TIME_absolute_hton (time_start); - desc->time_round = GNUNET_TIME_relative_hton (time_round); - desc->k = htons (num_prices); - desc->m = htons (m); - desc->outcome_public = htons (outcome_public); + desc = GNUNET_new (struct BRANDT_DescrP); + desc->time_start = GNUNET_TIME_absolute_hton (time_start); + desc->time_round = GNUNET_TIME_relative_hton (time_round); + desc->k = htons (num_prices); + desc->m = htons (m); + desc->outcome_public = htons (outcome_public); - ret = GNUNET_new (struct BRANDT_Auction); - ret->time_start = time_start; - ret->time_round = time_round; - ret->k = num_prices; - ret->m = m; - ret->outcome_public = outcome_public; - ret->cur_round = msg_init; - ret->round_progress = gcry_mpi_new (256); - ret->dlogctx = dlogctx; + ret = GNUNET_new (struct BRANDT_Auction); + ret->time_start = time_start; + ret->time_round = time_round; + ret->k = num_prices; + ret->m = m; + ret->outcome_public = outcome_public; + ret->cur_round = msg_init; + ret->round_progress = gcry_mpi_new (256); + ret->dlogctx = dlogctx; - /* we are the seller */ - ret->seller_mode = 1; + /* we are the seller */ + ret->seller_mode = 1; - /* callback interface with application */ - ret->closure = auction_closure; - ret->bcast = broadcast; - ret->result = result; - ret->start = start; + /* callback interface with application */ + ret->closure = auction_closure; + ret->bcast = broadcast; + ret->result = result; + ret->start = start; - until_start = GNUNET_TIME_absolute_get_remaining (time_start); - ret->task = GNUNET_SCHEDULER_add_delayed (until_start, - &seller_start, - ret); + until_start = GNUNET_TIME_absolute_get_remaining (time_start); + ret->task = GNUNET_SCHEDULER_add_delayed (until_start, + &seller_start, + ret); - *auction_desc_len = sizeof (struct BRANDT_DescrP); - *auction_desc = desc; - return ret; + *auction_desc_len = sizeof (struct BRANDT_DescrP); + *auction_desc = desc; + return ret; } int BRANDT_parse_desc (const void *auction_desc, - size_t auction_desc_len, + size_t auction_desc_len, struct GNUNET_TIME_Absolute *time_start, struct GNUNET_TIME_Relative *time_round, uint16_t *num_prices, uint16_t *m, uint16_t *outcome_public) { - const struct BRANDT_DescrP *desc = auction_desc; - const uint32_t zero = 0; + const struct BRANDT_DescrP *desc = auction_desc; + const uint32_t zero = 0; - if (sizeof (struct BRANDT_DescrP) != auction_desc_len) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "auction desc struct size mismatch\n"); - return -1; - } + if (sizeof (struct BRANDT_DescrP) != auction_desc_len) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "auction desc struct size mismatch\n"); + return -1; + } - if (0 != memcmp (&desc->reserved, &zero, sizeof (desc->reserved))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "reserved field in auction description must be zero\n"); - return -1; - } + if (0 != memcmp (&desc->reserved, &zero, sizeof (desc->reserved))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "reserved field in auction description must be zero\n"); + return -1; + } - if (time_start) - *time_start = GNUNET_TIME_absolute_ntoh (desc->time_start); - if (time_round) - *time_round = GNUNET_TIME_relative_ntoh (desc->time_round); - if (num_prices) - *num_prices = ntohs (desc->k); - if (m) - *m = ntohs (desc->m); - if (outcome_public) - *outcome_public = ntohs (desc->outcome_public); + if (time_start) + *time_start = GNUNET_TIME_absolute_ntoh (desc->time_start); + if (time_round) + *time_round = GNUNET_TIME_relative_ntoh (desc->time_round); + if (num_prices) + *num_prices = ntohs (desc->k); + if (m) + *m = ntohs (desc->m); + if (outcome_public) + *outcome_public = ntohs (desc->outcome_public); - return 0; + return 0; } struct BRANDT_Auction * -BRANDT_join (BRANDT_CbResult result, - BRANDT_CbDeliver broadcast, - BRANDT_CbDeliver unicast, +BRANDT_join (BRANDT_CbResult result, + BRANDT_CbDeliver broadcast, + BRANDT_CbDeliver unicast, void *auction_closure, const void *auction_desc, - size_t auction_desc_len, - uint16_t bid, + size_t auction_desc_len, + uint16_t bid, struct GNUNET_CRYPTO_EccDlogContext *dlogctx) { - struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction); + struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction); - if (0 != BRANDT_parse_desc (auction_desc, - auction_desc_len, - &ret->time_start, - &ret->time_round, - &ret->k, - &ret->m, - &ret->outcome_public)) - { - GNUNET_free (ret); - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "failed to parse auction description blob\n"); - return NULL; - } + if (0 != BRANDT_parse_desc (auction_desc, + auction_desc_len, + &ret->time_start, + &ret->time_round, + &ret->k, + &ret->m, + &ret->outcome_public)) + { + GNUNET_free (ret); + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "failed to parse auction description blob\n"); + return NULL; + } - if (1 == ret->outcome_public && NULL == dlogctx) - { - GNUNET_free (ret); - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "need dlogctx for public outcome auctions\n"); - return NULL; - } + if (1 == ret->outcome_public && NULL == dlogctx) + { + GNUNET_free (ret); + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "need dlogctx for public outcome auctions\n"); + return NULL; + } - ret->cur_round = msg_init; - ret->round_progress = gcry_mpi_new (256); - ret->b = bid; - ret->dlogctx = dlogctx; + ret->cur_round = msg_init; + ret->round_progress = gcry_mpi_new (256); + ret->b = bid; + ret->dlogctx = dlogctx; - /* we are the seller */ - ret->seller_mode = 0; + /* we are the seller */ + ret->seller_mode = 0; - /* callback interface with application */ - ret->closure = auction_closure; - ret->bcast = broadcast; - ret->ucast = unicast; - ret->result = result; + /* callback interface with application */ + ret->closure = auction_closure; + ret->bcast = broadcast; + ret->ucast = unicast; + ret->result = result; - return ret; + return ret; } void BRANDT_destroy (struct BRANDT_Auction *auction) { - if (auction->task) - GNUNET_SCHEDULER_cancel (auction->task); - gcry_mpi_release (auction->round_progress); - gcry_mpi_release (auction->x); - smc_free1 (auction->y, auction->n); - gcry_mpi_point_release (auction->Y); - smc_free2 (auction->alpha, auction->n, auction->k); - smc_free2 (auction->beta, auction->n, auction->k); - smc_free2 (auction->gamma2, auction->n, auction->k); - smc_free2 (auction->delta2, auction->n, auction->k); - smc_free2 (auction->phi2, auction->n, auction->k); - free (auction->phiproofs3); - smc_free1 (auction->tmpa1, auction->k); - smc_free1 (auction->tmpb1, auction->k); - if (auction->m > 0 && auction->outcome_public) - { - smc_free3 (auction->gamma3, auction->n, 2, auction->k); - smc_free3 (auction->delta3, auction->n, 2, auction->k); - smc_free3 (auction->phi3, auction->n, 2, auction->k); - } - else - { - smc_free3 (auction->gamma3, auction->n, auction->n, auction->k); - smc_free3 (auction->delta3, auction->n, auction->n, auction->k); - smc_free3 (auction->phi3, auction->n, auction->n, auction->k); - } + if (auction->task) + GNUNET_SCHEDULER_cancel (auction->task); + gcry_mpi_release (auction->round_progress); + gcry_mpi_release (auction->x); + smc_free1 (auction->y, auction->n); + gcry_mpi_point_release (auction->Y); + smc_free2 (auction->alpha, auction->n, auction->k); + smc_free2 (auction->beta, auction->n, auction->k); + smc_free2 (auction->gamma2, auction->n, auction->k); + smc_free2 (auction->delta2, auction->n, auction->k); + smc_free2 (auction->phi2, auction->n, auction->k); + free (auction->phiproofs3); + smc_free1 (auction->tmpa1, auction->k); + smc_free1 (auction->tmpb1, auction->k); + if (auction->m > 0 && auction->outcome_public) + { + smc_free3 (auction->gamma3, auction->n, 2, auction->k); + smc_free3 (auction->delta3, auction->n, 2, auction->k); + smc_free3 (auction->phi3, auction->n, 2, auction->k); + } + else + { + smc_free3 (auction->gamma3, auction->n, auction->n, auction->k); + smc_free3 (auction->delta3, auction->n, auction->n, auction->k); + smc_free3 (auction->phi3, auction->n, auction->n, auction->k); + } } static void report_outcome (struct BRANDT_Auction *ad, - enum auction_type atype, - enum outcome_type outcome) + enum auction_type atype, + enum outcome_type outcome) { - struct BRANDT_Result *res; - uint16_t reslen = 0; + struct BRANDT_Result *res; + uint16_t reslen = 0; - if (!handler_res[atype][outcome] || - !(res = handler_res[atype][outcome] (ad, &reslen))) - ad->result (ad->closure, NULL, 0); - else - ad->result (ad->closure, res, reslen); + if (! handler_res[atype][outcome] || + ! (res = handler_res[atype][outcome] (ad, &reslen))) + ad->result (ad->closure, NULL, 0); + else + ad->result (ad->closure, res, reslen); } static void advance_round (struct BRANDT_Auction *ad, - enum auction_type atype, - enum outcome_type outcome) + enum auction_type atype, + enum outcome_type outcome) { - unsigned char *buf; - size_t buflen; + unsigned char *buf; + size_t buflen; - if (!ad->seller_mode && msg_decrypt == ad->cur_round && !outcome) - { - /* we are a bidder on a private outcome auction and - * successfully parsed the msg_decrypt from the seller - * => we can determine the auction result */ - report_outcome (ad, atype, outcome); - return; - } + if (! ad->seller_mode && msg_decrypt == ad->cur_round && ! outcome) + { + /* we are a bidder on a private outcome auction and + * successfully parsed the msg_decrypt from the seller + * => we can determine the auction result */ + report_outcome (ad, atype, outcome); + return; + } - /* only continue if the round is complete */ - for (uint16_t i = 0; i < ad->n; i++) - if (!gcry_mpi_test_bit (ad->round_progress, i)) - return; + /* only continue if the round is complete */ + for (uint16_t i = 0; i < ad->n; i++) + if (! gcry_mpi_test_bit (ad->round_progress, i)) + return; - if (ad->seller_mode && msg_decrypt == ad->cur_round && !ad->outcome_public) - { - /* all bidders msg_decrypt received, broadcast combined msg_decrypt */ - if (!handler_out[atype][outcome][ad->cur_round] || - !(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "failed to create msg %d buffer as seller\n", - ad->cur_round); - return; - } - ad->bcast (ad->closure, buf, buflen); - } + if (ad->seller_mode && msg_decrypt == ad->cur_round && ! ad->outcome_public) + { + /* all bidders msg_decrypt received, broadcast combined msg_decrypt */ + if (! handler_out[atype][outcome][ad->cur_round] || + ! (buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "failed to create msg %d buffer as seller\n", + ad->cur_round); + return; + } + ad->bcast (ad->closure, buf, buflen); + } - if (msg_decrypt == ad->cur_round) - { - report_outcome (ad, atype, outcome); - return; - } + if (msg_decrypt == ad->cur_round) + { + report_outcome (ad, atype, outcome); + return; + } - /* round complete, advance to next one */ - gcry_mpi_clear_highbit (ad->round_progress, 0); - ad->cur_round++; + /* round complete, advance to next one */ + gcry_mpi_clear_highbit (ad->round_progress, 0); + ad->cur_round++; - /* prepare next round. */ - if (handler_prep[atype][outcome][ad->cur_round]) - handler_prep[atype][outcome][ad->cur_round] (ad); + /* prepare next round. */ + if (handler_prep[atype][outcome][ad->cur_round]) + handler_prep[atype][outcome][ad->cur_round] (ad); - if (ad->seller_mode) - { - /** \todo: setup round timeout trigger */ - /* seller does not send regular messages */ - return; - } + if (ad->seller_mode) + { + /** \todo: setup round timeout trigger */ + /* seller does not send regular messages */ + return; + } - /* create next message buffer */ - if (!handler_out[atype][outcome][ad->cur_round] || - !(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "failed to create msg %d buffer as bidder\n", - ad->cur_round); - return; - } + /* create next message buffer */ + if (! handler_out[atype][outcome][ad->cur_round] || + ! (buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "failed to create msg %d buffer as bidder\n", + ad->cur_round); + return; + } - /* msg_decrypt unicast to seller if private outcome mode. - * All other messages are broadcasted */ - if (msg_decrypt == ad->cur_round && !outcome) - ad->ucast (ad->closure, buf, buflen); - else - ad->bcast (ad->closure, buf, buflen); - gcry_mpi_set_bit (ad->round_progress, ad->i); + /* msg_decrypt unicast to seller if private outcome mode. + * All other messages are broadcasted */ + if (msg_decrypt == ad->cur_round && ! outcome) + ad->ucast (ad->closure, buf, buflen); + else + ad->bcast (ad->closure, buf, buflen); + gcry_mpi_set_bit (ad->round_progress, ad->i); } void BRANDT_got_message (struct BRANDT_Auction *auction, - uint16_t sender, + uint16_t sender, const unsigned char *msg, - size_t msg_len) + size_t msg_len) { - struct msg_head *head = (struct msg_head *)msg; - enum auction_type atype; - enum outcome_type outcome; - enum rounds round = auction->cur_round; + struct msg_head *head = (struct msg_head *) msg; + enum auction_type atype; + enum outcome_type outcome; + enum rounds round = auction->cur_round; - atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; - outcome = auction->outcome_public ? outcome_public : outcome_private; + atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; + outcome = auction->outcome_public ? outcome_public : outcome_private; - /** \todo: cache out of order messages instead of discarding */ - if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "got unexpected message, ignoring...\n"); - return; - } + /** \todo: cache out of order messages instead of discarding */ + if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "got unexpected message, ignoring...\n"); + return; + } - /* check if we already got that round message from the same user */ - if (gcry_mpi_test_bit (auction->round_progress, sender)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "got a duplicate message from user %d\n", sender); - return; - } + /* check if we already got that round message from the same user */ + if (gcry_mpi_test_bit (auction->round_progress, sender)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "got a duplicate message from user %d\n", sender); + return; + } - if (!handler_in[atype][outcome][round] || - !handler_in[atype][outcome][round](auction, - msg + sizeof (*head), - msg_len - sizeof (*head), - sender)) - { - /** \todo */ - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "wow fail in\n"); - return; - } - gcry_mpi_set_bit (auction->round_progress, sender); + if (! handler_in[atype][outcome][round] || + ! handler_in[atype][outcome][round](auction, + msg + sizeof (*head), + msg_len - sizeof (*head), + sender)) + { + /** \todo */ + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "wow fail in\n"); + return; + } + gcry_mpi_set_bit (auction->round_progress, sender); - advance_round (auction, atype, outcome); + advance_round (auction, atype, outcome); } diff --git a/brandt.h b/brandt.h index b967656..b02220f 100644 --- a/brandt.h +++ b/brandt.h @@ -32,24 +32,26 @@ struct BRANDT_Auction; /** Enumeration of all possible status reports for a single bidder */ -enum BRANDT_BidderStatus { - BRANDT_bidder_won, +enum BRANDT_BidderStatus +{ + BRANDT_bidder_won, }; /** * An array of this struct is given to the application by the BRANDT_CbResult() * callback. One instance represents the status of a single bidder. */ -struct BRANDT_Result { - /** Id of the bidder this instance refers to */ - uint16_t bidder; +struct BRANDT_Result +{ + /** Id of the bidder this instance refers to */ + uint16_t bidder; - /** The price the bidder has to pay. This value is only set if the #status - * indicates the bidder has won. */ - uint16_t price; + /** The price the bidder has to pay. This value is only set if the #status + * indicates the bidder has won. */ + uint16_t price; - /** Status of the bidder */ - enum BRANDT_BidderStatus status; + /** Status of the bidder */ + enum BRANDT_BidderStatus status; }; /** @@ -85,7 +87,7 @@ typedef uint16_t typedef int (*BRANDT_CbDeliver)(void *auction_closure, const void *msg, - size_t msg_len); + size_t msg_len); /** @@ -104,7 +106,7 @@ typedef int typedef void (*BRANDT_CbResult)(void *auction_closure, struct BRANDT_Result results[], - uint16_t results_len); + uint16_t results_len); void @@ -126,7 +128,7 @@ BRANDT_init (); */ int BRANDT_parse_desc (const void *auction_desc, - size_t auction_desc_len, + size_t auction_desc_len, struct GNUNET_TIME_Absolute *time_start, struct GNUNET_TIME_Relative *time_round, uint16_t *num_prices, @@ -156,13 +158,13 @@ BRANDT_parse_desc (const void *auction_desc, * black-box pointer, do NOT dereference/change it or the data it points to! */ struct BRANDT_Auction * -BRANDT_join (BRANDT_CbResult result, - BRANDT_CbDeliver broadcast, - BRANDT_CbDeliver unicast, +BRANDT_join (BRANDT_CbResult result, + BRANDT_CbDeliver broadcast, + BRANDT_CbDeliver unicast, void *auction_closure, const void *auction_desc, - size_t auction_desc_len, - uint16_t bid, + size_t auction_desc_len, + uint16_t bid, struct GNUNET_CRYPTO_EccDlogContext *dlogctx); @@ -201,17 +203,17 @@ BRANDT_join (BRANDT_CbResult result, * black-box pointer, do NOT dereference/change it or the data it points to! */ struct BRANDT_Auction * -BRANDT_new (BRANDT_CbResult result, - BRANDT_CbDeliver broadcast, - BRANDT_CbStart start, +BRANDT_new (BRANDT_CbResult result, + BRANDT_CbDeliver broadcast, + BRANDT_CbStart start, void *auction_closure, void **auction_desc, size_t *auction_desc_len, - struct GNUNET_TIME_Absolute time_start, - struct GNUNET_TIME_Relative time_round, - uint16_t num_prices, - uint16_t m, - int outcome_public, + struct GNUNET_TIME_Absolute time_start, + struct GNUNET_TIME_Relative time_round, + uint16_t num_prices, + uint16_t m, + int outcome_public, struct GNUNET_CRYPTO_EccDlogContext *dlogctx); @@ -226,8 +228,8 @@ BRANDT_new (BRANDT_CbResult result, */ void BRANDT_bidder_start (struct BRANDT_Auction *auction, - uint16_t i, - uint16_t n); + uint16_t i, + uint16_t n); /** @@ -253,9 +255,9 @@ BRANDT_destroy (struct BRANDT_Auction *auction); */ void BRANDT_got_message (struct BRANDT_Auction *auction, - uint16_t sender, + uint16_t sender, const unsigned char *msg, - size_t msg_len); + size_t msg_len); /**\todo: Error handling functions? */ diff --git a/crypto.c b/crypto.c index ac45f8a..28bfa91 100644 --- a/crypto.c +++ b/crypto.c @@ -38,49 +38,52 @@ * programm. */ #define ASSERT_GCRY(cmd, rc) do { \ - if (0 != rc) { \ - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, \ - "libbrandt", \ - "`%s' failed at %s:%d with error: %s\n", \ - cmd, \ - __FILE__, \ - __LINE__, \ - gcry_strerror (rc)); \ - GNUNET_abort_ (); \ - } \ + if (0 != rc) { \ + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, \ + "libbrandt", \ + "`%s' failed at %s:%d with error: %s\n", \ + cmd, \ + __FILE__, \ + __LINE__, \ + gcry_strerror (rc)); \ + GNUNET_abort_ (); \ + } \ } while (0) -struct zkp_challenge_dl { - struct ec_mpi g; - struct ec_mpi v; - struct ec_mpi a; +struct zkp_challenge_dl +{ + struct ec_mpi g; + struct ec_mpi v; + struct ec_mpi a; }; -struct zkp_challenge_2dle { - struct ec_mpi g1; - struct ec_mpi g2; - struct ec_mpi v; - struct ec_mpi w; - struct ec_mpi a; - struct ec_mpi b; +struct zkp_challenge_2dle +{ + struct ec_mpi g1; + struct ec_mpi g2; + struct ec_mpi v; + struct ec_mpi w; + struct ec_mpi a; + struct ec_mpi b; }; -struct zkp_challenge_0og { - struct ec_mpi g; - struct ec_mpi alpha; - struct ec_mpi beta; - struct ec_mpi a1; - struct ec_mpi a2; - struct ec_mpi b1; - struct ec_mpi b2; +struct zkp_challenge_0og +{ + struct ec_mpi g; + struct ec_mpi alpha; + struct ec_mpi beta; + struct ec_mpi a1; + struct ec_mpi a2; + struct ec_mpi b1; + struct ec_mpi b2; }; -gcry_ctx_t ec_ctx = NULL; +gcry_ctx_t ec_ctx = NULL; gcry_mpi_point_t ec_gen = NULL; gcry_mpi_point_t ec_zero = NULL; -gcry_mpi_t ec_n = NULL; +gcry_mpi_t ec_n = NULL; /** @@ -92,20 +95,20 @@ gcry_mpi_t ec_n = NULL; void brandt_crypto_init () { - gcry_error_t rc; + gcry_error_t rc; - rc = gcry_mpi_ec_new (&ec_ctx, NULL, CURVE); - ASSERT_GCRY ("gcry_mpi_ec_new", rc); + rc = gcry_mpi_ec_new (&ec_ctx, NULL, CURVE); + ASSERT_GCRY ("gcry_mpi_ec_new", rc); - ec_gen = gcry_mpi_ec_get_point ("g", ec_ctx, 0); - brandt_assert (NULL != ec_gen); + ec_gen = gcry_mpi_ec_get_point ("g", ec_ctx, 0); + brandt_assert (NULL != ec_gen); - ec_zero = gcry_mpi_point_new (0); - brandt_assert (NULL != ec_zero); - gcry_mpi_ec_sub (ec_zero, ec_gen, ec_gen, ec_ctx); + ec_zero = gcry_mpi_point_new (0); + brandt_assert (NULL != ec_zero); + gcry_mpi_ec_sub (ec_zero, ec_gen, ec_gen, ec_ctx); - ec_n = gcry_mpi_ec_get_mpi ("n", ec_ctx, 1); - brandt_assert (NULL != ec_n); + ec_n = gcry_mpi_ec_get_mpi ("n", ec_ctx, 1); + brandt_assert (NULL != ec_n); } @@ -120,34 +123,34 @@ brandt_crypto_init () void ec_skey_create (gcry_mpi_t skey) { - gcry_mpi_t ret; - gcry_sexp_t s_keyparam; - gcry_sexp_t priv_sexp; - gcry_sexp_t priv_key; - gcry_sexp_t priv_key2; - gcry_error_t rc; + gcry_mpi_t ret; + gcry_sexp_t s_keyparam; + gcry_sexp_t priv_sexp; + gcry_sexp_t priv_key; + gcry_sexp_t priv_key2; + gcry_error_t rc; - rc = gcry_sexp_build (&s_keyparam, NULL, "(genkey(ecc(curve \"" CURVE "\")" - "(flags)))"); - ASSERT_GCRY ("gcry_sexp_build", rc); + rc = gcry_sexp_build (&s_keyparam, NULL, "(genkey(ecc(curve \"" CURVE "\")" + "(flags)))"); + ASSERT_GCRY ("gcry_sexp_build", rc); - rc = gcry_pk_genkey (&priv_sexp, s_keyparam); - ASSERT_GCRY ("gcry_pk_genkey", rc); - gcry_sexp_release (s_keyparam); + rc = gcry_pk_genkey (&priv_sexp, s_keyparam); + ASSERT_GCRY ("gcry_pk_genkey", rc); + gcry_sexp_release (s_keyparam); - priv_key = gcry_sexp_find_token (priv_sexp, "private-key", 11); - brandt_assert (NULL != priv_key); - gcry_sexp_release (priv_sexp); + priv_key = gcry_sexp_find_token (priv_sexp, "private-key", 11); + brandt_assert (NULL != priv_key); + gcry_sexp_release (priv_sexp); - priv_key2 = gcry_sexp_find_token (priv_key, "d", 1); - brandt_assert (NULL != priv_key2); - gcry_sexp_release (priv_key); + priv_key2 = gcry_sexp_find_token (priv_key, "d", 1); + brandt_assert (NULL != priv_key2); + gcry_sexp_release (priv_key); - ret = gcry_sexp_nth_mpi (priv_key2, 1, GCRYMPI_FMT_USG); - brandt_assert (NULL != ret); - gcry_sexp_release (priv_key2); + ret = gcry_sexp_nth_mpi (priv_key2, 1, GCRYMPI_FMT_USG); + brandt_assert (NULL != ret); + gcry_sexp_release (priv_key2); - gcry_mpi_snatch (skey, ret); + gcry_mpi_snatch (skey, ret); } @@ -162,20 +165,20 @@ ec_skey_create (gcry_mpi_t skey) void ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey) { - gcry_mpi_t sk; + gcry_mpi_t sk; - if (NULL == pkey) - { - GNUNET_break (NULL != pkey); - return; - } - sk = (NULL == skey) ? gcry_mpi_new (256) : skey; + if (NULL == pkey) + { + GNUNET_break (NULL != pkey); + return; + } + sk = (NULL == skey) ? gcry_mpi_new (256) : skey; - ec_skey_create (sk); - gcry_mpi_ec_mul (pkey, sk, ec_gen, ec_ctx); + ec_skey_create (sk); + gcry_mpi_ec_mul (pkey, sk, ec_gen, ec_ctx); - if (NULL == skey) - gcry_mpi_release (sk); + if (NULL == skey) + gcry_mpi_release (sk); } @@ -187,16 +190,16 @@ ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey) * @param[in] base which base point should be used to calculate the public key */ void -ec_keypair_create_base (gcry_mpi_point_t pkey, - gcry_mpi_t skey, +ec_keypair_create_base (gcry_mpi_point_t pkey, + gcry_mpi_t skey, const gcry_mpi_point_t base) { - brandt_assert (NULL != pkey); - brandt_assert (NULL != skey); - brandt_assert (NULL != base); + brandt_assert (NULL != pkey); + brandt_assert (NULL != skey); + brandt_assert (NULL != base); - ec_skey_create (skey); - gcry_mpi_ec_mul (pkey, skey, base, ec_ctx); + ec_skey_create (skey); + gcry_mpi_ec_mul (pkey, skey, base, ec_ctx); } @@ -209,13 +212,13 @@ ec_keypair_create_base (gcry_mpi_point_t pkey, void ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src) { - gcry_mpi_t x = gcry_mpi_new (256); - gcry_mpi_t y = gcry_mpi_new (256); - gcry_mpi_t z = gcry_mpi_new (256); + gcry_mpi_t x = gcry_mpi_new (256); + gcry_mpi_t y = gcry_mpi_new (256); + gcry_mpi_t z = gcry_mpi_new (256); - brandt_assert (dst && src); - gcry_mpi_point_get (x, y, z, src); - gcry_mpi_point_snatch_set (dst, x, y, z); + brandt_assert (dst && src); + gcry_mpi_point_get (x, y, z, src); + gcry_mpi_point_snatch_set (dst, x, y, z); } @@ -230,32 +233,32 @@ ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src) int ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b) { - int ret = 1; - gcry_mpi_t ax = gcry_mpi_new (256); - gcry_mpi_t bx = gcry_mpi_new (256); - gcry_mpi_t ay = gcry_mpi_new (256); - gcry_mpi_t by = gcry_mpi_new (256); + int ret = 1; + gcry_mpi_t ax = gcry_mpi_new (256); + gcry_mpi_t bx = gcry_mpi_new (256); + gcry_mpi_t ay = gcry_mpi_new (256); + gcry_mpi_t by = gcry_mpi_new (256); - brandt_assert (a && b); - if (!ax || !bx || !ay || !by) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "could not init point in point_cmp\n"); - return 1; - } + brandt_assert (a && b); + if (! ax || ! bx || ! ay || ! by) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "could not init point in point_cmp\n"); + return 1; + } - if (!gcry_mpi_ec_get_affine (ax, ay, a, ec_ctx) && - !gcry_mpi_ec_get_affine (bx, by, b, ec_ctx)) - { - ret = gcry_mpi_cmp (ax, bx) || gcry_mpi_cmp (ay, by); - } + if (! gcry_mpi_ec_get_affine (ax, ay, a, ec_ctx) && + ! gcry_mpi_ec_get_affine (bx, by, b, ec_ctx)) + { + ret = gcry_mpi_cmp (ax, bx) || gcry_mpi_cmp (ay, by); + } - gcry_mpi_release (ax); - gcry_mpi_release (bx); - gcry_mpi_release (ay); - gcry_mpi_release (by); - return ret; + gcry_mpi_release (ax); + gcry_mpi_release (bx); + gcry_mpi_release (ay); + gcry_mpi_release (by); + return ret; } @@ -269,37 +272,37 @@ ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b) void mpi_serialize (struct ec_mpi *dst, gcry_mpi_t src) { - size_t rsize = 0; + size_t rsize = 0; - if (gcry_mpi_get_flag (src, GCRYMPI_FLAG_OPAQUE)) - { /* Store opaque MPIs left aligned. Used by Ed25519 point compression */ - unsigned int nbits; - const void *vp = gcry_mpi_get_opaque (src, &nbits); + if (gcry_mpi_get_flag (src, GCRYMPI_FLAG_OPAQUE)) + { /* Store opaque MPIs left aligned. Used by Ed25519 point compression */ + unsigned int nbits; + const void *vp = gcry_mpi_get_opaque (src, &nbits); - brandt_assert (vp); - rsize = (nbits + 7) / 8; - if (rsize > sizeof (struct ec_mpi)) - rsize = sizeof (struct ec_mpi); - memcpy (dst, vp, rsize); - if (rsize < sizeof (struct ec_mpi)) - memset (((char *)dst) + rsize, 0, sizeof (struct ec_mpi) - rsize); - } - else - { /* Store regular MPIs as unsigned ints right aligned into the buffer. */ - char *cp = (char *)dst; - gcry_error_t rc; + brandt_assert (vp); + rsize = (nbits + 7) / 8; + if (rsize > sizeof (struct ec_mpi)) + rsize = sizeof (struct ec_mpi); + memcpy (dst, vp, rsize); + if (rsize < sizeof (struct ec_mpi)) + memset (((char *) dst) + rsize, 0, sizeof (struct ec_mpi) - rsize); + } + else + { /* Store regular MPIs as unsigned ints right aligned into the buffer. */ + char *cp = (char *) dst; + gcry_error_t rc; - rc = gcry_mpi_print (GCRYMPI_FMT_USG, (void *)dst, - sizeof (struct ec_mpi), &rsize, src); - ASSERT_GCRY ("gcry_mpi_print", rc); + rc = gcry_mpi_print (GCRYMPI_FMT_USG, (void *) dst, + sizeof (struct ec_mpi), &rsize, src); + ASSERT_GCRY ("gcry_mpi_print", rc); - /* Shift the output to the right, if shorter than available space */ - if (rsize && rsize < sizeof (struct ec_mpi)) - { - memmove (&cp[sizeof (struct ec_mpi) - rsize], dst, rsize); - memset (dst, 0, sizeof (struct ec_mpi) - rsize); - } - } + /* Shift the output to the right, if shorter than available space */ + if (rsize && rsize < sizeof (struct ec_mpi)) + { + memmove (&cp[sizeof (struct ec_mpi) - rsize], dst, rsize); + memset (dst, 0, sizeof (struct ec_mpi) - rsize); + } + } } @@ -313,17 +316,17 @@ mpi_serialize (struct ec_mpi *dst, gcry_mpi_t src) void mpi_parse (gcry_mpi_t dst, const struct ec_mpi *src) { - gcry_mpi_t ret; - gcry_error_t rc; + gcry_mpi_t ret; + gcry_error_t rc; - rc = gcry_mpi_scan (&ret, - GCRYMPI_FMT_USG, - src, - sizeof (struct ec_mpi), - NULL); - ASSERT_GCRY ("gcry_mpi_scan", rc); + rc = gcry_mpi_scan (&ret, + GCRYMPI_FMT_USG, + src, + sizeof (struct ec_mpi), + NULL); + ASSERT_GCRY ("gcry_mpi_scan", rc); - gcry_mpi_snatch (dst, ret); + gcry_mpi_snatch (dst, ret); } @@ -336,30 +339,30 @@ mpi_parse (gcry_mpi_t dst, const struct ec_mpi *src) void ec_point_serialize (struct ec_mpi *dst, const gcry_mpi_point_t src) { - gcry_sexp_t s; - gcry_ctx_t ctx; - gcry_error_t rc; - gcry_mpi_t q; + gcry_sexp_t s; + gcry_ctx_t ctx; + gcry_error_t rc; + gcry_mpi_t q; - brandt_assert (dst); + brandt_assert (dst); - rc = gcry_sexp_build (&s, NULL, "(public-key(ecc(curve " CURVE ")))"); - ASSERT_GCRY ("gcry_sexp_build", rc); - brandt_assert (NULL != s); + rc = gcry_sexp_build (&s, NULL, "(public-key(ecc(curve " CURVE ")))"); + ASSERT_GCRY ("gcry_sexp_build", rc); + brandt_assert (NULL != s); - rc = gcry_mpi_ec_new (&ctx, s, NULL); - ASSERT_GCRY ("gcry_mpi_ec_new", rc); - gcry_sexp_release (s); + rc = gcry_mpi_ec_new (&ctx, s, NULL); + ASSERT_GCRY ("gcry_mpi_ec_new", rc); + gcry_sexp_release (s); - rc = gcry_mpi_ec_set_point ("q", src, ctx); - ASSERT_GCRY ("gcry_mpi_ec_set_point", rc); + rc = gcry_mpi_ec_set_point ("q", src, ctx); + ASSERT_GCRY ("gcry_mpi_ec_set_point", rc); - q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); - brandt_assert (NULL != q); - gcry_ctx_release (ctx); + q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); + brandt_assert (NULL != q); + gcry_ctx_release (ctx); - mpi_serialize (dst, q); - gcry_mpi_release (q); + mpi_serialize (dst, q); + gcry_mpi_release (q); } @@ -372,24 +375,24 @@ ec_point_serialize (struct ec_mpi *dst, const gcry_mpi_point_t src) void ec_point_parse (gcry_mpi_point_t dst, const struct ec_mpi *src) { - gcry_sexp_t s; - gcry_ctx_t ctx; - gcry_mpi_point_t ret; - gcry_error_t rc; + gcry_sexp_t s; + gcry_ctx_t ctx; + gcry_mpi_point_t ret; + gcry_error_t rc; - rc = gcry_sexp_build (&s, NULL, "(public-key(ecc(curve " CURVE ")(q %b)))", - sizeof (struct ec_mpi), src); - ASSERT_GCRY ("gcry_sexp_build", rc); + rc = gcry_sexp_build (&s, NULL, "(public-key(ecc(curve " CURVE ")(q %b)))", + sizeof (struct ec_mpi), src); + ASSERT_GCRY ("gcry_sexp_build", rc); - rc = gcry_mpi_ec_new (&ctx, s, NULL); - ASSERT_GCRY ("gcry_mpi_ec_new", rc); - gcry_sexp_release (s); + rc = gcry_mpi_ec_new (&ctx, s, NULL); + ASSERT_GCRY ("gcry_mpi_ec_new", rc); + gcry_sexp_release (s); - ret = gcry_mpi_ec_get_point ("q", ctx, 0); - brandt_assert (ret); - gcry_ctx_release (ctx); - gcry_mpi_ec_mul (dst, GCRYMPI_CONST_ONE, ret, ec_ctx); - gcry_mpi_point_release (ret); + ret = gcry_mpi_ec_get_point ("q", ctx, 0); + brandt_assert (ret); + gcry_ctx_release (ctx); + gcry_mpi_ec_mul (dst, GCRYMPI_CONST_ONE, ret, ec_ctx); + gcry_mpi_point_release (ret); } @@ -402,13 +405,13 @@ ec_point_parse (gcry_mpi_point_t dst, const struct ec_mpi *src) void smc_free1 (gcry_mpi_point_t *dst, uint16_t size1) { - if (NULL == dst) - return; + if (NULL == dst) + return; - for (uint16_t i = 0; i < size1; i++) - if (NULL != dst[i]) - gcry_mpi_point_release (dst[i]); - free (dst); + for (uint16_t i = 0; i < size1; i++) + if (NULL != dst[i]) + gcry_mpi_point_release (dst[i]); + free (dst); } @@ -424,23 +427,23 @@ smc_free1 (gcry_mpi_point_t *dst, uint16_t size1) gcry_mpi_point_t * smc_init1 (uint16_t size1) { - gcry_mpi_point_t *ret; + gcry_mpi_point_t *ret; - ret = GNUNET_new_array (size1, gcry_mpi_point_t); + ret = GNUNET_new_array (size1, gcry_mpi_point_t); - for (uint16_t i = 0; i < size1; i++) - { - if (NULL == (ret[i] = gcry_mpi_point_new (0))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "could not init point in 1 dimensional array. " - "out of memory?\n"); - smc_free1 (ret, size1); - return NULL; - } - } - return ret; + for (uint16_t i = 0; i < size1; i++) + { + if (NULL == (ret[i] = gcry_mpi_point_new (0))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "could not init point in 1 dimensional array. " + "out of memory?\n"); + smc_free1 (ret, size1); + return NULL; + } + } + return ret; } @@ -454,14 +457,14 @@ smc_init1 (uint16_t size1) void smc_free2 (gcry_mpi_point_t **dst, uint16_t size1, uint16_t size2) { - if (NULL == dst) - return; + if (NULL == dst) + return; - for (uint16_t i = 0; i < size1; i++) - for (uint16_t j = 0; j < size2; j++) - if (NULL != dst[i][j]) - gcry_mpi_point_release (dst[i][j]); - free (dst); + for (uint16_t i = 0; i < size1; i++) + for (uint16_t j = 0; j < size2; j++) + if (NULL != dst[i][j]) + gcry_mpi_point_release (dst[i][j]); + free (dst); } @@ -478,27 +481,27 @@ smc_free2 (gcry_mpi_point_t **dst, uint16_t size1, uint16_t size2) gcry_mpi_point_t ** smc_init2 (uint16_t size1, uint16_t size2) { - gcry_mpi_point_t **ret; + gcry_mpi_point_t **ret; - ret = GNUNET_new_array_2d (size1, size2, gcry_mpi_point_t); + ret = GNUNET_new_array_2d (size1, size2, gcry_mpi_point_t); - for (uint16_t i = 0; i < size1; i++) - { - for (uint16_t j = 0; j < size2; j++) - { - if (NULL == (ret[i][j] = gcry_mpi_point_new (0))) - { - GNUNET_log_from ( - GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "could not init point in 2 dimensional array. " - "out of memory?\n"); - smc_free2 (ret, size1, size2); - GNUNET_assert (0); - } - } - } - return ret; + for (uint16_t i = 0; i < size1; i++) + { + for (uint16_t j = 0; j < size2; j++) + { + if (NULL == (ret[i][j] = gcry_mpi_point_new (0))) + { + GNUNET_log_from ( + GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "could not init point in 2 dimensional array. " + "out of memory?\n"); + smc_free2 (ret, size1, size2); + GNUNET_assert (0); + } + } + } + return ret; } @@ -512,19 +515,19 @@ smc_init2 (uint16_t size1, uint16_t size2) */ void smc_free3 (gcry_mpi_point_t ***dst, - uint16_t size1, - uint16_t size2, - uint16_t size3) + uint16_t size1, + uint16_t size2, + uint16_t size3) { - if (NULL == dst) - return; + if (NULL == dst) + return; - for (uint16_t i = 0; i < size1; i++) - for (uint16_t j = 0; j < size2; j++) - for (uint16_t k = 0; k < size3; k++) - if (NULL != dst[i][j][k]) - gcry_mpi_point_release (dst[i][j][k]); - free (dst); + for (uint16_t i = 0; i < size1; i++) + for (uint16_t j = 0; j < size2; j++) + for (uint16_t k = 0; k < size3; k++) + if (NULL != dst[i][j][k]) + gcry_mpi_point_release (dst[i][j][k]); + free (dst); } @@ -542,30 +545,30 @@ smc_free3 (gcry_mpi_point_t ***dst, gcry_mpi_point_t *** smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3) { - gcry_mpi_point_t ***ret; + gcry_mpi_point_t ***ret; - ret = GNUNET_new_array_3d (size1, size2, size3, gcry_mpi_point_t); + ret = GNUNET_new_array_3d (size1, size2, size3, gcry_mpi_point_t); - for (uint16_t i = 0; i < size1; i++) - { - for (uint16_t j = 0; j < size2; j++) - { - for (uint16_t k = 0; k < size3; k++) - { - if (NULL == (ret[i][j][k] = gcry_mpi_point_new (0))) - { - GNUNET_log_from ( - GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "could not init point in 2 dimensional array. " - "out of memory?\n"); - smc_free3 (ret, size1, size2, size3); - GNUNET_assert (0); - } - } - } - } - return ret; + for (uint16_t i = 0; i < size1; i++) + { + for (uint16_t j = 0; j < size2; j++) + { + for (uint16_t k = 0; k < size3; k++) + { + if (NULL == (ret[i][j][k] = gcry_mpi_point_new (0))) + { + GNUNET_log_from ( + GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "could not init point in 2 dimensional array. " + "out of memory?\n"); + smc_free3 (ret, size1, size2, size3); + GNUNET_assert (0); + } + } + } + } + return ret; } @@ -586,13 +589,13 @@ smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3) void smc_sums_partial (gcry_mpi_point_t out[], gcry_mpi_point_t in[], - uint16_t len, - uint16_t stepi, - uint16_t stepo) + uint16_t len, + uint16_t stepi, + uint16_t stepo) { - brandt_assert (NULL != out); - for (uint16_t i = 0, o = 0; o < len * stepo; i += stepi, o += stepo) - gcry_mpi_ec_add (out[o], (o ? out[o - stepo] : ec_zero), in[i], ec_ctx); + brandt_assert (NULL != out); + for (uint16_t i = 0, o = 0; o < len * stepo; i += stepi, o += stepo) + gcry_mpi_ec_add (out[o], (o ? out[o - stepo] : ec_zero), in[i], ec_ctx); } @@ -610,21 +613,21 @@ smc_sums_partial (gcry_mpi_point_t out[], void smc_sum (gcry_mpi_point_t out, gcry_mpi_point_t in[], - uint16_t len, - uint16_t step) + uint16_t len, + uint16_t step) { - brandt_assert (NULL != out); - ec_point_copy (out, ec_zero); - for (uint16_t i = 0; i < len * step; i += step) - gcry_mpi_ec_add (out, out, in[i], ec_ctx); + brandt_assert (NULL != out); + ec_point_copy (out, ec_zero); + for (uint16_t i = 0; i < len * step; i += step) + gcry_mpi_ec_add (out, out, in[i], ec_ctx); } void smc_prep_keyshare (struct BRANDT_Auction *ad) { - ad->y = smc_init1 (ad->n); - brandt_assert (ad->y); + ad->y = smc_init1 (ad->n); + brandt_assert (ad->y); } @@ -640,85 +643,85 @@ smc_prep_keyshare (struct BRANDT_Auction *ad) unsigned char * smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - struct msg_head *head; - struct ec_mpi *pubkey_share; - struct proof_dl *proof1; + unsigned char *ret; + struct msg_head *head; + struct ec_mpi *pubkey_share; + struct proof_dl *proof1; - brandt_assert (ad && buflen); - *buflen = (sizeof (*head) + - sizeof (*pubkey_share) + - sizeof (*proof1)); - ret = GNUNET_new_array (*buflen, unsigned char); + brandt_assert (ad && buflen); + *buflen = (sizeof (*head) + + sizeof (*pubkey_share) + + sizeof (*proof1)); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_init); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_init); - proof1 = (struct proof_dl *)(ret + sizeof (*head) + sizeof (*pubkey_share)); - ad->x = gcry_mpi_new (256); - ec_skey_create (ad->x); - smc_zkp_dl (ad->y[ad->i], ad->x, proof1); + proof1 = (struct proof_dl *) (ret + sizeof (*head) + sizeof (*pubkey_share)); + ad->x = gcry_mpi_new (256); + ec_skey_create (ad->x); + smc_zkp_dl (ad->y[ad->i], ad->x, proof1); - pubkey_share = (struct ec_mpi *)(ret + sizeof (*head)); - ec_point_serialize (pubkey_share, ad->y[ad->i]); + pubkey_share = (struct ec_mpi *) (ret + sizeof (*head)); + ec_point_serialize (pubkey_share, ad->y[ad->i]); - return ret; + return ret; } int smc_recv_keyshare (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - struct proof_dl *proof1; - gcry_mpi_point_t y = gcry_mpi_point_new (0); + int ret = 0; + struct proof_dl *proof1; + gcry_mpi_point_t y = gcry_mpi_point_new (0); - brandt_assert (ad && buf); + brandt_assert (ad && buf); - if (buflen != (sizeof (struct ec_mpi) + sizeof (*proof1))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong size of received key share\n"); - goto quit; - } + if (buflen != (sizeof (struct ec_mpi) + sizeof (*proof1))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong size of received key share\n"); + goto quit; + } - proof1 = (struct proof_dl *)(buf + sizeof (struct ec_mpi)); - ec_point_parse (y, (struct ec_mpi *)buf); - if (smc_zkp_dl_check (y, proof1)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp1 for public key share received\n"); - goto quit; - } + proof1 = (struct proof_dl *) (buf + sizeof (struct ec_mpi)); + ec_point_parse (y, (struct ec_mpi *) buf); + if (smc_zkp_dl_check (y, proof1)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp1 for public key share received\n"); + goto quit; + } - ec_point_copy (ad->y[sender], y); + ec_point_copy (ad->y[sender], y); - ret = 1; + ret = 1; quit: - gcry_mpi_point_release (y); - return ret; + gcry_mpi_point_release (y); + return ret; } void smc_prep_bid (struct BRANDT_Auction *ad) { - ad->alpha = smc_init2 (ad->n, ad->k); - brandt_assert (ad->alpha); + ad->alpha = smc_init2 (ad->n, ad->k); + brandt_assert (ad->alpha); - ad->beta = smc_init2 (ad->n, ad->k); - brandt_assert (ad->beta); + ad->beta = smc_init2 (ad->n, ad->k); + brandt_assert (ad->beta); - ad->Y = gcry_mpi_point_new (0); - brandt_assert (ad->Y); - smc_sum (ad->Y, ad->y, ad->n, 1); - brandt_assert (ad->Y); + ad->Y = gcry_mpi_point_new (0); + brandt_assert (ad->Y); + smc_sum (ad->Y, ad->y, ad->n, 1); + brandt_assert (ad->Y); } @@ -734,176 +737,176 @@ smc_prep_bid (struct BRANDT_Auction *ad) unsigned char * smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - unsigned char *cur; - struct msg_head *head; - struct proof_0og *proof3; - gcry_mpi_t r_sum; - gcry_mpi_t r_sum2; - gcry_mpi_t r_part; + unsigned char *ret; + unsigned char *cur; + struct msg_head *head; + struct proof_0og *proof3; + gcry_mpi_t r_sum; + gcry_mpi_t r_sum2; + gcry_mpi_t r_part; - brandt_assert (ad && buflen); - *buflen = (sizeof (*head) + /* msg header */ - ad->k * /* k * (alpha, beta, proof3) */ - (sizeof (struct ec_mpi) * 2 + - sizeof (*proof3)) + - sizeof (struct proof_2dle)); /* proof2 */ - if (0 < ad->m) - *buflen += sizeof (struct proof_2dle); - ret = GNUNET_new_array (*buflen, unsigned char); + brandt_assert (ad && buflen); + *buflen = (sizeof (*head) /* msg header */ + + ad->k /* k * (alpha, beta, proof3) */ + * (sizeof (struct ec_mpi) * 2 + + sizeof (*proof3)) + + sizeof (struct proof_2dle)); /* proof2 */ + if (0 < ad->m) + *buflen += sizeof (struct proof_2dle); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_bid); - cur = ret + sizeof (*head); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_bid); + cur = ret + sizeof (*head); - r_sum = gcry_mpi_new (256); - r_sum2 = gcry_mpi_new (256); - r_part = gcry_mpi_new (256); + r_sum = gcry_mpi_new (256); + r_sum2 = gcry_mpi_new (256); + r_part = gcry_mpi_new (256); - for (uint16_t j = 0; j < ad->k; j++) - { - proof3 = (struct proof_0og *)(cur + 2 * sizeof (struct ec_mpi)); - smc_zkp_0og (j == ad->b, - ad->Y, - r_part, - ad->alpha[ad->i][j], - ad->beta[ad->i][j], - proof3); - ec_point_serialize ((struct ec_mpi *)cur, ad->alpha[ad->i][j]); - ec_point_serialize (&((struct ec_mpi *)cur)[1], ad->beta[ad->i][j]); - gcry_mpi_addm (r_sum, r_sum, r_part, ec_n); + for (uint16_t j = 0; j < ad->k; j++) + { + proof3 = (struct proof_0og *) (cur + 2 * sizeof (struct ec_mpi)); + smc_zkp_0og (j == ad->b, + ad->Y, + r_part, + ad->alpha[ad->i][j], + ad->beta[ad->i][j], + proof3); + ec_point_serialize ((struct ec_mpi *) cur, ad->alpha[ad->i][j]); + ec_point_serialize (&((struct ec_mpi *) cur)[1], ad->beta[ad->i][j]); + gcry_mpi_addm (r_sum, r_sum, r_part, ec_n); - /* prepare sum for additional M+1st price auction proof (see below) */ - if (0 < ad->m && 1 == (ad->k - j - ad->i) % ad->n) - gcry_mpi_addm (r_sum2, r_sum2, r_part, ec_n); + /* prepare sum for additional M+1st price auction proof (see below) */ + if (0 < ad->m && 1 == (ad->k - j - ad->i) % ad->n) + gcry_mpi_addm (r_sum2, r_sum2, r_part, ec_n); - cur += 2 * sizeof (struct ec_mpi) + sizeof (struct proof_0og); - } - smc_zkp_2dle (NULL, NULL, ad->Y, ec_gen, r_sum, (struct proof_2dle *)cur); + cur += 2 * sizeof (struct ec_mpi) + sizeof (struct proof_0og); + } + smc_zkp_2dle (NULL, NULL, ad->Y, ec_gen, r_sum, (struct proof_2dle *) cur); - /* in M+1st price auctions we need to prove that our bid is from the valid - * subset of bids as well */ - if (0 < ad->m) - { - struct proof_2dle *proof2 = (struct proof_2dle *)(ret + *buflen) - 1; - smc_zkp_2dle (NULL, NULL, ad->Y, ec_gen, r_sum2, proof2); - } + /* in M+1st price auctions we need to prove that our bid is from the valid + * subset of bids as well */ + if (0 < ad->m) + { + struct proof_2dle *proof2 = (struct proof_2dle *) (ret + *buflen) - 1; + smc_zkp_2dle (NULL, NULL, ad->Y, ec_gen, r_sum2, proof2); + } - gcry_mpi_release (r_sum); - gcry_mpi_release (r_sum2); - gcry_mpi_release (r_part); + gcry_mpi_release (r_sum); + gcry_mpi_release (r_sum2); + gcry_mpi_release (r_part); - return ret; + return ret; } int smc_recv_encrypted_bid (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - const unsigned char *cur = buf; - struct proof_0og *proof3; - gcry_mpi_point_t **ct; /* ciphertexts */ - gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); - gcry_mpi_point_t beta_sum = gcry_mpi_point_new (0); - gcry_mpi_point_t alpha_sum2 = gcry_mpi_point_new (0); - gcry_mpi_point_t beta_sum2 = gcry_mpi_point_new (0); + int ret = 0; + const unsigned char *cur = buf; + struct proof_0og *proof3; + gcry_mpi_point_t **ct; /* ciphertexts */ + gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); + gcry_mpi_point_t beta_sum = gcry_mpi_point_new (0); + gcry_mpi_point_t alpha_sum2 = gcry_mpi_point_new (0); + gcry_mpi_point_t beta_sum2 = gcry_mpi_point_new (0); - brandt_assert (ad && buf); + brandt_assert (ad && buf); - if (buflen != (ad->k * (sizeof (struct ec_mpi) * 2 + sizeof (*proof3)) + - (0 < ad->m ? 2 : 1) * sizeof (struct proof_2dle)) || - NULL == (ct = smc_init2 (2, ad->k))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong size of received encrypted bid\n"); - goto quit; - } + if (buflen != (ad->k * (sizeof (struct ec_mpi) * 2 + sizeof (*proof3)) + + (0 < ad->m ? 2 : 1) * sizeof (struct proof_2dle)) || + NULL == (ct = smc_init2 (2, ad->k))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong size of received encrypted bid\n"); + goto quit; + } - ec_point_copy (alpha_sum, ec_zero); - ec_point_copy (beta_sum, ec_zero); - ec_point_copy (alpha_sum2, ec_zero); - ec_point_copy (beta_sum2, ec_zero); + ec_point_copy (alpha_sum, ec_zero); + ec_point_copy (beta_sum, ec_zero); + ec_point_copy (alpha_sum2, ec_zero); + ec_point_copy (beta_sum2, ec_zero); - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_parse (ct[0][j], (struct ec_mpi *)cur); - ec_point_parse (ct[1][j], &((struct ec_mpi *)cur)[1]); - proof3 = (struct proof_0og *)(cur + 2 * sizeof (struct ec_mpi)); - if (smc_zkp_0og_check (ad->Y, ct[0][j], ct[1][j], proof3)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp3 for alpha, beta received\n"); - goto quit; - } - gcry_mpi_ec_add (alpha_sum, alpha_sum, ct[0][j], ec_ctx); - gcry_mpi_ec_add (beta_sum, beta_sum, ct[1][j], ec_ctx); + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_parse (ct[0][j], (struct ec_mpi *) cur); + ec_point_parse (ct[1][j], &((struct ec_mpi *) cur)[1]); + proof3 = (struct proof_0og *) (cur + 2 * sizeof (struct ec_mpi)); + if (smc_zkp_0og_check (ad->Y, ct[0][j], ct[1][j], proof3)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp3 for alpha, beta received\n"); + goto quit; + } + gcry_mpi_ec_add (alpha_sum, alpha_sum, ct[0][j], ec_ctx); + gcry_mpi_ec_add (beta_sum, beta_sum, ct[1][j], ec_ctx); - /* precalculate ciphertext sums for second 2dle proof needed in M+1st - * price auctions */ - if (0 < ad->m && 1 == (ad->k - j - sender) % ad->n) - { - gcry_mpi_ec_add (alpha_sum2, alpha_sum2, ct[0][j], ec_ctx); - gcry_mpi_ec_add (beta_sum2, beta_sum2, ct[1][j], ec_ctx); - } + /* precalculate ciphertext sums for second 2dle proof needed in M+1st + * price auctions */ + if (0 < ad->m && 1 == (ad->k - j - sender) % ad->n) + { + gcry_mpi_ec_add (alpha_sum2, alpha_sum2, ct[0][j], ec_ctx); + gcry_mpi_ec_add (beta_sum2, beta_sum2, ct[1][j], ec_ctx); + } - cur += 2 * sizeof (struct ec_mpi) + sizeof (struct proof_0og); - } + cur += 2 * sizeof (struct ec_mpi) + sizeof (struct proof_0og); + } - gcry_mpi_ec_sub (alpha_sum, alpha_sum, ec_gen, ec_ctx); - if (smc_zkp_2dle_check (alpha_sum, - beta_sum, - ad->Y, - ec_gen, - (struct proof_2dle *)cur)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp2 for alpha, beta received\n"); - goto quit; - } + gcry_mpi_ec_sub (alpha_sum, alpha_sum, ec_gen, ec_ctx); + if (smc_zkp_2dle_check (alpha_sum, + beta_sum, + ad->Y, + ec_gen, + (struct proof_2dle *) cur)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp2 for alpha, beta received\n"); + goto quit; + } - /* On M+1st price auctions check with the second 2dle proof if the bidder - * only bid on one of his allowed indizes */ - if (0 < ad->m) - { - cur += sizeof (struct proof_2dle); - gcry_mpi_ec_sub (alpha_sum2, alpha_sum2, ec_gen, ec_ctx); - if (smc_zkp_2dle_check (alpha_sum2, - beta_sum2, - ad->Y, - ec_gen, - (struct proof_2dle *)cur)) - { - GNUNET_log_from ( - GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong second zkp2 for alpha, beta received. " - "bid not allowed for this user in M+1st price auctions.\n"); - goto quit; - } - } + /* On M+1st price auctions check with the second 2dle proof if the bidder + * only bid on one of his allowed indizes */ + if (0 < ad->m) + { + cur += sizeof (struct proof_2dle); + gcry_mpi_ec_sub (alpha_sum2, alpha_sum2, ec_gen, ec_ctx); + if (smc_zkp_2dle_check (alpha_sum2, + beta_sum2, + ad->Y, + ec_gen, + (struct proof_2dle *) cur)) + { + GNUNET_log_from ( + GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong second zkp2 for alpha, beta received. " + "bid not allowed for this user in M+1st price auctions.\n"); + goto quit; + } + } - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_copy (ad->alpha[sender][j], ct[0][j]); - ec_point_copy (ad->beta[sender][j], ct[1][j]); - } - smc_free2 (ct, 2, ad->k); + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_copy (ad->alpha[sender][j], ct[0][j]); + ec_point_copy (ad->beta[sender][j], ct[1][j]); + } + smc_free2 (ct, 2, ad->k); - ret = 1; /* finally success */ + ret = 1; /* finally success */ quit: - gcry_mpi_point_release (alpha_sum); - gcry_mpi_point_release (beta_sum); - gcry_mpi_point_release (alpha_sum2); - gcry_mpi_point_release (beta_sum2); - return ret; + gcry_mpi_point_release (alpha_sum); + gcry_mpi_point_release (beta_sum); + gcry_mpi_point_release (alpha_sum2); + gcry_mpi_point_release (beta_sum2); + return ret; } @@ -921,41 +924,41 @@ smc_zkp_dl (gcry_mpi_point_t v, const gcry_mpi_t x, struct proof_dl *proof) { - struct zkp_challenge_dl challenge; - gcry_mpi_point_t a = gcry_mpi_point_new (0); - gcry_mpi_t r = gcry_mpi_new (256); - gcry_mpi_t c; - gcry_mpi_t z = gcry_mpi_new (256); + struct zkp_challenge_dl challenge; + gcry_mpi_point_t a = gcry_mpi_point_new (0); + gcry_mpi_t r = gcry_mpi_new (256); + gcry_mpi_t c; + gcry_mpi_t z = gcry_mpi_new (256); - /* v = xg */ - gcry_mpi_ec_mul (v, x, ec_gen, ec_ctx); + /* v = xg */ + gcry_mpi_ec_mul (v, x, ec_gen, ec_ctx); - /* a = zg */ - ec_keypair_create (a, z); + /* a = zg */ + ec_keypair_create (a, z); - /* compute challenge c */ - ec_point_serialize (&challenge.g, ec_gen); - ec_point_serialize (&challenge.v, v); - ec_point_serialize (&challenge.a, a); - GNUNET_CRYPTO_kdf_mod_mpi (&c, - ec_n, - NULL, - 0, - &challenge, - sizeof (challenge), - "libbrandt zkp dl"); + /* compute challenge c */ + ec_point_serialize (&challenge.g, ec_gen); + ec_point_serialize (&challenge.v, v); + ec_point_serialize (&challenge.a, a); + GNUNET_CRYPTO_kdf_mod_mpi (&c, + ec_n, + NULL, + 0, + &challenge, + sizeof (challenge), + "libbrandt zkp dl"); - /* r = z + cx */ - gcry_mpi_mulm (r, c, x, ec_n); - gcry_mpi_addm (r, r, z, ec_n); + /* r = z + cx */ + gcry_mpi_mulm (r, c, x, ec_n); + gcry_mpi_addm (r, r, z, ec_n); - ec_point_serialize (&proof->a, a); - mpi_serialize (&proof->r, r); + ec_point_serialize (&proof->a, a); + mpi_serialize (&proof->r, r); - gcry_mpi_point_release (a); - gcry_mpi_release (r); - gcry_mpi_release (c); - gcry_mpi_release (z); + gcry_mpi_point_release (a); + gcry_mpi_release (r); + gcry_mpi_release (c); + gcry_mpi_release (z); } @@ -971,42 +974,42 @@ int smc_zkp_dl_check (const gcry_mpi_point_t v, const struct proof_dl *proof) { - int ret; - struct zkp_challenge_dl challenge; - gcry_mpi_point_t a = gcry_mpi_point_new (0); - gcry_mpi_t r = gcry_mpi_new (256); - gcry_mpi_t c; - gcry_mpi_point_t left = gcry_mpi_point_new (0); - gcry_mpi_point_t right = gcry_mpi_point_new (0); + int ret; + struct zkp_challenge_dl challenge; + gcry_mpi_point_t a = gcry_mpi_point_new (0); + gcry_mpi_t r = gcry_mpi_new (256); + gcry_mpi_t c; + gcry_mpi_point_t left = gcry_mpi_point_new (0); + gcry_mpi_point_t right = gcry_mpi_point_new (0); - ec_point_parse (a, &proof->a); - mpi_parse (r, &proof->r); + ec_point_parse (a, &proof->a); + mpi_parse (r, &proof->r); - /* compute challenge c */ - ec_point_serialize (&challenge.g, ec_gen); - ec_point_serialize (&challenge.v, v); - ec_point_serialize (&challenge.a, a); - GNUNET_CRYPTO_kdf_mod_mpi (&c, - ec_n, - NULL, - 0, - &challenge, - sizeof (challenge), - "libbrandt zkp dl"); + /* compute challenge c */ + ec_point_serialize (&challenge.g, ec_gen); + ec_point_serialize (&challenge.v, v); + ec_point_serialize (&challenge.a, a); + GNUNET_CRYPTO_kdf_mod_mpi (&c, + ec_n, + NULL, + 0, + &challenge, + sizeof (challenge), + "libbrandt zkp dl"); - /* rg =? a + cv */ - gcry_mpi_ec_mul (left, r, ec_gen, ec_ctx); - gcry_mpi_ec_mul (right, c, v, ec_ctx); - gcry_mpi_ec_add (right, a, right, ec_ctx); - ret = ec_point_cmp (left, right); + /* rg =? a + cv */ + gcry_mpi_ec_mul (left, r, ec_gen, ec_ctx); + gcry_mpi_ec_mul (right, c, v, ec_ctx); + gcry_mpi_ec_add (right, a, right, ec_ctx); + ret = ec_point_cmp (left, right); - gcry_mpi_point_release (a); - gcry_mpi_release (r); - gcry_mpi_release (c); - gcry_mpi_point_release (left); - gcry_mpi_point_release (right); + gcry_mpi_point_release (a); + gcry_mpi_release (r); + gcry_mpi_release (c); + gcry_mpi_point_release (left); + gcry_mpi_point_release (right); - return ret; + return ret; } @@ -1027,76 +1030,76 @@ smc_zkp_dl_check (const gcry_mpi_point_t v, * shared with the verifier. */ void -smc_zkp_2dle (gcry_mpi_point_t v, - gcry_mpi_point_t w, +smc_zkp_2dle (gcry_mpi_point_t v, + gcry_mpi_point_t w, const gcry_mpi_point_t g1, const gcry_mpi_point_t g2, - const gcry_mpi_t x, + const gcry_mpi_t x, struct proof_2dle *proof) { - struct zkp_challenge_2dle challenge; - gcry_mpi_point_t rv; - gcry_mpi_point_t rw; - gcry_mpi_t rx; - gcry_mpi_point_t a = gcry_mpi_point_new (0); - gcry_mpi_point_t b = gcry_mpi_point_new (0); - gcry_mpi_t r = gcry_mpi_new (256); - gcry_mpi_t c; - gcry_mpi_t z = gcry_mpi_new (256); + struct zkp_challenge_2dle challenge; + gcry_mpi_point_t rv; + gcry_mpi_point_t rw; + gcry_mpi_t rx; + gcry_mpi_point_t a = gcry_mpi_point_new (0); + gcry_mpi_point_t b = gcry_mpi_point_new (0); + gcry_mpi_t r = gcry_mpi_new (256); + gcry_mpi_t c; + gcry_mpi_t z = gcry_mpi_new (256); - rv = (NULL == v) ? gcry_mpi_point_new (0) : v; - rw = (NULL == w) ? gcry_mpi_point_new (0) : w; - rx = (NULL == x) ? gcry_mpi_new (256) : x; + rv = (NULL == v) ? gcry_mpi_point_new (0) : v; + rw = (NULL == w) ? gcry_mpi_point_new (0) : w; + rx = (NULL == x) ? gcry_mpi_new (256) : x; - if (NULL == x) - ec_skey_create (rx); + if (NULL == x) + ec_skey_create (rx); - /* v = x*g1 */ - gcry_mpi_ec_mul (rv, rx, g1, ec_ctx); + /* v = x*g1 */ + gcry_mpi_ec_mul (rv, rx, g1, ec_ctx); - /* w = x*g2 */ - gcry_mpi_ec_mul (rw, rx, g2, ec_ctx); + /* w = x*g2 */ + gcry_mpi_ec_mul (rw, rx, g2, ec_ctx); - /* a = z*g1 */ - ec_keypair_create_base (a, z, g1); + /* a = z*g1 */ + ec_keypair_create_base (a, z, g1); - /* b = z*g2 */ - gcry_mpi_ec_mul (b, z, g2, ec_ctx); + /* b = z*g2 */ + gcry_mpi_ec_mul (b, z, g2, ec_ctx); - /* compute challenge c */ - ec_point_serialize (&challenge.g1, g1); - ec_point_serialize (&challenge.g2, g2); - ec_point_serialize (&challenge.v, rv); - ec_point_serialize (&challenge.w, rw); - ec_point_serialize (&challenge.a, a); - ec_point_serialize (&challenge.b, b); - GNUNET_CRYPTO_kdf_mod_mpi (&c, - ec_n, - NULL, - 0, - &challenge, - sizeof (challenge), - "libbrandt zkp 2dle"); + /* compute challenge c */ + ec_point_serialize (&challenge.g1, g1); + ec_point_serialize (&challenge.g2, g2); + ec_point_serialize (&challenge.v, rv); + ec_point_serialize (&challenge.w, rw); + ec_point_serialize (&challenge.a, a); + ec_point_serialize (&challenge.b, b); + GNUNET_CRYPTO_kdf_mod_mpi (&c, + ec_n, + NULL, + 0, + &challenge, + sizeof (challenge), + "libbrandt zkp 2dle"); - /* r = z + cx */ - gcry_mpi_mulm (r, c, rx, ec_n); - gcry_mpi_addm (r, r, z, ec_n); + /* r = z + cx */ + gcry_mpi_mulm (r, c, rx, ec_n); + gcry_mpi_addm (r, r, z, ec_n); - mpi_serialize (&proof->r, r); - ec_point_serialize (&proof->a, a); - ec_point_serialize (&proof->b, b); + mpi_serialize (&proof->r, r); + ec_point_serialize (&proof->a, a); + ec_point_serialize (&proof->b, b); - if (NULL == v) - gcry_mpi_point_release (rv); - if (NULL == w) - gcry_mpi_point_release (rw); - if (NULL == x) - gcry_mpi_release (rx); - gcry_mpi_point_release (a); - gcry_mpi_point_release (b); - gcry_mpi_release (r); - gcry_mpi_release (c); - gcry_mpi_release (z); + if (NULL == v) + gcry_mpi_point_release (rv); + if (NULL == w) + gcry_mpi_point_release (rw); + if (NULL == x) + gcry_mpi_release (rx); + gcry_mpi_point_release (a); + gcry_mpi_point_release (b); + gcry_mpi_release (r); + gcry_mpi_release (c); + gcry_mpi_release (z); } @@ -1112,60 +1115,60 @@ smc_zkp_2dle (gcry_mpi_point_t v, * @return 0 if the proof is correct, something else otherwise */ int -smc_zkp_2dle_check (const gcry_mpi_point_t v, - const gcry_mpi_point_t w, - const gcry_mpi_point_t g1, - const gcry_mpi_point_t g2, +smc_zkp_2dle_check (const gcry_mpi_point_t v, + const gcry_mpi_point_t w, + const gcry_mpi_point_t g1, + const gcry_mpi_point_t g2, const struct proof_2dle *proof) { - int ret; - struct zkp_challenge_2dle challenge; - gcry_mpi_point_t a = gcry_mpi_point_new (0); - gcry_mpi_point_t b = gcry_mpi_point_new (0); - gcry_mpi_t r = gcry_mpi_new (256); - gcry_mpi_t c; - gcry_mpi_point_t left = gcry_mpi_point_new (0); - gcry_mpi_point_t right = gcry_mpi_point_new (0); + int ret; + struct zkp_challenge_2dle challenge; + gcry_mpi_point_t a = gcry_mpi_point_new (0); + gcry_mpi_point_t b = gcry_mpi_point_new (0); + gcry_mpi_t r = gcry_mpi_new (256); + gcry_mpi_t c; + gcry_mpi_point_t left = gcry_mpi_point_new (0); + gcry_mpi_point_t right = gcry_mpi_point_new (0); - mpi_parse (r, &proof->r); - ec_point_parse (a, &proof->a); - ec_point_parse (b, &proof->b); + mpi_parse (r, &proof->r); + ec_point_parse (a, &proof->a); + ec_point_parse (b, &proof->b); - /* compute challenge c */ - ec_point_serialize (&challenge.g1, g1); - ec_point_serialize (&challenge.g2, g2); - ec_point_serialize (&challenge.v, v); - ec_point_serialize (&challenge.w, w); - ec_point_serialize (&challenge.a, a); - ec_point_serialize (&challenge.b, b); - GNUNET_CRYPTO_kdf_mod_mpi (&c, - ec_n, - NULL, - 0, - &challenge, - sizeof (challenge), - "libbrandt zkp 2dle"); + /* compute challenge c */ + ec_point_serialize (&challenge.g1, g1); + ec_point_serialize (&challenge.g2, g2); + ec_point_serialize (&challenge.v, v); + ec_point_serialize (&challenge.w, w); + ec_point_serialize (&challenge.a, a); + ec_point_serialize (&challenge.b, b); + GNUNET_CRYPTO_kdf_mod_mpi (&c, + ec_n, + NULL, + 0, + &challenge, + sizeof (challenge), + "libbrandt zkp 2dle"); - /* r*g1 =? a + cv */ - gcry_mpi_ec_mul (left, r, g1, ec_ctx); - gcry_mpi_ec_mul (right, c, v, ec_ctx); - gcry_mpi_ec_add (right, a, right, ec_ctx); - ret = ec_point_cmp (left, right); + /* r*g1 =? a + cv */ + gcry_mpi_ec_mul (left, r, g1, ec_ctx); + gcry_mpi_ec_mul (right, c, v, ec_ctx); + gcry_mpi_ec_add (right, a, right, ec_ctx); + ret = ec_point_cmp (left, right); - /* r*g2 =? b + cw */ - gcry_mpi_ec_mul (left, r, g2, ec_ctx); - gcry_mpi_ec_mul (right, c, w, ec_ctx); - gcry_mpi_ec_add (right, b, right, ec_ctx); - ret |= ec_point_cmp (left, right); + /* r*g2 =? b + cw */ + gcry_mpi_ec_mul (left, r, g2, ec_ctx); + gcry_mpi_ec_mul (right, c, w, ec_ctx); + gcry_mpi_ec_add (right, b, right, ec_ctx); + ret |= ec_point_cmp (left, right); - gcry_mpi_point_release (a); - gcry_mpi_point_release (b); - gcry_mpi_release (r); - gcry_mpi_release (c); - gcry_mpi_point_release (left); - gcry_mpi_point_release (right); + gcry_mpi_point_release (a); + gcry_mpi_point_release (b); + gcry_mpi_release (r); + gcry_mpi_release (c); + gcry_mpi_point_release (left); + gcry_mpi_point_release (right); - return ret; + return ret; } @@ -1189,140 +1192,140 @@ smc_zkp_2dle_check (const gcry_mpi_point_t v, * shared with the verifier. */ void -smc_zkp_0og (int m_is_gen, +smc_zkp_0og (int m_is_gen, const gcry_mpi_point_t y, - gcry_mpi_t r, - gcry_mpi_point_t alpha, - gcry_mpi_point_t beta, + gcry_mpi_t r, + gcry_mpi_point_t alpha, + gcry_mpi_point_t beta, struct proof_0og *proof) { - struct zkp_challenge_0og challenge; - gcry_mpi_point_t a1 = gcry_mpi_point_new (0); - gcry_mpi_point_t a2 = gcry_mpi_point_new (0); - gcry_mpi_point_t b1 = gcry_mpi_point_new (0); - gcry_mpi_point_t b2 = gcry_mpi_point_new (0); - gcry_mpi_t d1 = gcry_mpi_new (256); - gcry_mpi_t d2 = gcry_mpi_new (256); - gcry_mpi_t r1 = gcry_mpi_new (256); - gcry_mpi_t r2 = gcry_mpi_new (256); - gcry_mpi_t c; - gcry_mpi_t rr; - gcry_mpi_t w = gcry_mpi_new (256); + struct zkp_challenge_0og challenge; + gcry_mpi_point_t a1 = gcry_mpi_point_new (0); + gcry_mpi_point_t a2 = gcry_mpi_point_new (0); + gcry_mpi_point_t b1 = gcry_mpi_point_new (0); + gcry_mpi_point_t b2 = gcry_mpi_point_new (0); + gcry_mpi_t d1 = gcry_mpi_new (256); + gcry_mpi_t d2 = gcry_mpi_new (256); + gcry_mpi_t r1 = gcry_mpi_new (256); + gcry_mpi_t r2 = gcry_mpi_new (256); + gcry_mpi_t c; + gcry_mpi_t rr; + gcry_mpi_t w = gcry_mpi_new (256); - rr = (NULL == r) ? gcry_mpi_new (256) : r; + rr = (NULL == r) ? gcry_mpi_new (256) : r; - /* beta = r*g */ - ec_keypair_create (beta, rr); - gcry_mpi_mod (rr, rr, ec_n); + /* beta = r*g */ + ec_keypair_create (beta, rr); + gcry_mpi_mod (rr, rr, ec_n); - /* alpha = m + r*y */ - gcry_mpi_ec_mul (alpha, rr, y, ec_ctx); - gcry_mpi_ec_add (alpha, m_is_gen ? ec_gen : ec_zero, alpha, ec_ctx); + /* alpha = m + r*y */ + gcry_mpi_ec_mul (alpha, rr, y, ec_ctx); + gcry_mpi_ec_add (alpha, m_is_gen ? ec_gen : ec_zero, alpha, ec_ctx); - if (!m_is_gen) - { /* m == 0 */ - ec_keypair_create_base (a1, d1, beta); - gcry_mpi_mod (d1, d1, ec_n); - ec_keypair_create_base (b1, r1, y); - gcry_mpi_mod (r1, r1, ec_n); + if (! m_is_gen) + { /* m == 0 */ + ec_keypair_create_base (a1, d1, beta); + gcry_mpi_mod (d1, d1, ec_n); + ec_keypair_create_base (b1, r1, y); + gcry_mpi_mod (r1, r1, ec_n); - /* a1 = r1*g + d1*beta */ - gcry_mpi_ec_mul (a2, r1, ec_gen, ec_ctx); - gcry_mpi_ec_add (a1, a2, a1, ec_ctx); + /* a1 = r1*g + d1*beta */ + gcry_mpi_ec_mul (a2, r1, ec_gen, ec_ctx); + gcry_mpi_ec_add (a1, a2, a1, ec_ctx); - /* b1 = r1*y + d1*(alpha-g) */ - gcry_mpi_ec_sub (b2, alpha, ec_gen, ec_ctx); - gcry_mpi_ec_mul (a2, d1, b2, ec_ctx); - gcry_mpi_ec_add (b1, b1, a2, ec_ctx); + /* b1 = r1*y + d1*(alpha-g) */ + gcry_mpi_ec_sub (b2, alpha, ec_gen, ec_ctx); + gcry_mpi_ec_mul (a2, d1, b2, ec_ctx); + gcry_mpi_ec_add (b1, b1, a2, ec_ctx); - /* a2 = w * g */ - ec_keypair_create_base (a2, w, ec_gen); - gcry_mpi_mod (w, w, ec_n); + /* a2 = w * g */ + ec_keypair_create_base (a2, w, ec_gen); + gcry_mpi_mod (w, w, ec_n); - /* b2 = w * y */ - gcry_mpi_ec_mul (b2, w, y, ec_ctx); - } - else - { /* m == g */ - ec_keypair_create_base (a2, d2, beta); - gcry_mpi_mod (d2, d2, ec_n); - ec_keypair_create_base (b2, r2, y); - gcry_mpi_mod (r2, r2, ec_n); + /* b2 = w * y */ + gcry_mpi_ec_mul (b2, w, y, ec_ctx); + } + else + { /* m == g */ + ec_keypair_create_base (a2, d2, beta); + gcry_mpi_mod (d2, d2, ec_n); + ec_keypair_create_base (b2, r2, y); + gcry_mpi_mod (r2, r2, ec_n); - /* a2 = r2*g + d2*beta */ - gcry_mpi_ec_mul (a1, r2, ec_gen, ec_ctx); - gcry_mpi_ec_add (a2, a1, a2, ec_ctx); + /* a2 = r2*g + d2*beta */ + gcry_mpi_ec_mul (a1, r2, ec_gen, ec_ctx); + gcry_mpi_ec_add (a2, a1, a2, ec_ctx); - /* b2 = r2*y + d2*(alpha-0) */ - /* useless subtraction to have same amount of operations as in m == 0 */ - gcry_mpi_ec_sub (b1, alpha, ec_zero, ec_ctx); - gcry_mpi_ec_mul (a1, d2, b1, ec_ctx); - gcry_mpi_ec_add (b2, b2, a1, ec_ctx); + /* b2 = r2*y + d2*(alpha-0) */ + /* useless subtraction to have same amount of operations as in m == 0 */ + gcry_mpi_ec_sub (b1, alpha, ec_zero, ec_ctx); + gcry_mpi_ec_mul (a1, d2, b1, ec_ctx); + gcry_mpi_ec_add (b2, b2, a1, ec_ctx); - /* a1 = w * g */ - ec_keypair_create_base (a1, w, ec_gen); - gcry_mpi_mod (w, w, ec_n); + /* a1 = w * g */ + ec_keypair_create_base (a1, w, ec_gen); + gcry_mpi_mod (w, w, ec_n); - /* b1 = w * y */ - gcry_mpi_ec_mul (b1, w, y, ec_ctx); - } + /* b1 = w * y */ + gcry_mpi_ec_mul (b1, w, y, ec_ctx); + } - /* compute challenge c */ - ec_point_serialize (&challenge.g, ec_gen); - ec_point_serialize (&challenge.alpha, alpha); - ec_point_serialize (&challenge.beta, beta); - ec_point_serialize (&challenge.a1, a1); - ec_point_serialize (&challenge.a2, a2); - ec_point_serialize (&challenge.b1, b1); - ec_point_serialize (&challenge.b2, b2); - GNUNET_CRYPTO_kdf_mod_mpi (&c, - ec_n, - NULL, - 0, - &challenge, - sizeof (challenge), - "libbrandt zkp 0og"); + /* compute challenge c */ + ec_point_serialize (&challenge.g, ec_gen); + ec_point_serialize (&challenge.alpha, alpha); + ec_point_serialize (&challenge.beta, beta); + ec_point_serialize (&challenge.a1, a1); + ec_point_serialize (&challenge.a2, a2); + ec_point_serialize (&challenge.b1, b1); + ec_point_serialize (&challenge.b2, b2); + GNUNET_CRYPTO_kdf_mod_mpi (&c, + ec_n, + NULL, + 0, + &challenge, + sizeof (challenge), + "libbrandt zkp 0og"); - if (!m_is_gen) - { /* m == 0 */ - /* d2 = c - d1 */ - gcry_mpi_subm (d2, c, d1, ec_n); + if (! m_is_gen) + { /* m == 0 */ + /* d2 = c - d1 */ + gcry_mpi_subm (d2, c, d1, ec_n); - /* r2 = w - r*d2 */ - gcry_mpi_mulm (r2, rr, d2, ec_n); - gcry_mpi_subm (r2, w, r2, ec_n); - } - else - { /* m == g */ - /* d1 = c - d2 */ - gcry_mpi_subm (d1, c, d2, ec_n); + /* r2 = w - r*d2 */ + gcry_mpi_mulm (r2, rr, d2, ec_n); + gcry_mpi_subm (r2, w, r2, ec_n); + } + else + { /* m == g */ + /* d1 = c - d2 */ + gcry_mpi_subm (d1, c, d2, ec_n); - /* r1 = w - r*d1 */ - gcry_mpi_mulm (r1, rr, d1, ec_n); - gcry_mpi_subm (r1, w, r1, ec_n); - } + /* r1 = w - r*d1 */ + gcry_mpi_mulm (r1, rr, d1, ec_n); + gcry_mpi_subm (r1, w, r1, ec_n); + } - ec_point_serialize (&proof->a1, a1); - ec_point_serialize (&proof->a2, a2); - ec_point_serialize (&proof->b1, b1); - ec_point_serialize (&proof->b2, b2); - mpi_serialize (&proof->d1, d1); - mpi_serialize (&proof->d2, d2); - mpi_serialize (&proof->r1, r1); - mpi_serialize (&proof->r2, r2); + ec_point_serialize (&proof->a1, a1); + ec_point_serialize (&proof->a2, a2); + ec_point_serialize (&proof->b1, b1); + ec_point_serialize (&proof->b2, b2); + mpi_serialize (&proof->d1, d1); + mpi_serialize (&proof->d2, d2); + mpi_serialize (&proof->r1, r1); + mpi_serialize (&proof->r2, r2); - gcry_mpi_point_release (a1); - gcry_mpi_point_release (a2); - gcry_mpi_point_release (b1); - gcry_mpi_point_release (b2); - gcry_mpi_release (d1); - gcry_mpi_release (d2); - gcry_mpi_release (r1); - gcry_mpi_release (r2); - gcry_mpi_release (c); - if (NULL == r) - gcry_mpi_release (rr); - gcry_mpi_release (w); + gcry_mpi_point_release (a1); + gcry_mpi_point_release (a2); + gcry_mpi_point_release (b1); + gcry_mpi_point_release (b2); + gcry_mpi_release (d1); + gcry_mpi_release (d2); + gcry_mpi_release (r1); + gcry_mpi_release (r2); + gcry_mpi_release (c); + if (NULL == r) + gcry_mpi_release (rr); + gcry_mpi_release (w); } @@ -1342,87 +1345,87 @@ smc_zkp_0og_check (const gcry_mpi_point_t y, const gcry_mpi_point_t beta, const struct proof_0og *proof) { - int ret; - struct zkp_challenge_0og challenge; - gcry_mpi_point_t a1 = gcry_mpi_point_new (0); - gcry_mpi_point_t a2 = gcry_mpi_point_new (0); - gcry_mpi_point_t b1 = gcry_mpi_point_new (0); - gcry_mpi_point_t b2 = gcry_mpi_point_new (0); - gcry_mpi_t d1 = gcry_mpi_new (256); - gcry_mpi_t d2 = gcry_mpi_new (256); - gcry_mpi_t r1 = gcry_mpi_new (256); - gcry_mpi_t r2 = gcry_mpi_new (256); - gcry_mpi_t c; - gcry_mpi_t sum = gcry_mpi_new (256); - gcry_mpi_point_t right = gcry_mpi_point_new (0); - gcry_mpi_point_t tmp = gcry_mpi_point_new (0); + int ret; + struct zkp_challenge_0og challenge; + gcry_mpi_point_t a1 = gcry_mpi_point_new (0); + gcry_mpi_point_t a2 = gcry_mpi_point_new (0); + gcry_mpi_point_t b1 = gcry_mpi_point_new (0); + gcry_mpi_point_t b2 = gcry_mpi_point_new (0); + gcry_mpi_t d1 = gcry_mpi_new (256); + gcry_mpi_t d2 = gcry_mpi_new (256); + gcry_mpi_t r1 = gcry_mpi_new (256); + gcry_mpi_t r2 = gcry_mpi_new (256); + gcry_mpi_t c; + gcry_mpi_t sum = gcry_mpi_new (256); + gcry_mpi_point_t right = gcry_mpi_point_new (0); + gcry_mpi_point_t tmp = gcry_mpi_point_new (0); - ec_point_parse (a1, &proof->a1); - ec_point_parse (a2, &proof->a2); - ec_point_parse (b1, &proof->b1); - ec_point_parse (b2, &proof->b2); - mpi_parse (d1, &proof->d1); - mpi_parse (d2, &proof->d2); - mpi_parse (r1, &proof->r1); - mpi_parse (r2, &proof->r2); + ec_point_parse (a1, &proof->a1); + ec_point_parse (a2, &proof->a2); + ec_point_parse (b1, &proof->b1); + ec_point_parse (b2, &proof->b2); + mpi_parse (d1, &proof->d1); + mpi_parse (d2, &proof->d2); + mpi_parse (r1, &proof->r1); + mpi_parse (r2, &proof->r2); - /* compute challenge c */ - ec_point_serialize (&challenge.g, ec_gen); - ec_point_serialize (&challenge.alpha, alpha); - ec_point_serialize (&challenge.beta, beta); - ec_point_serialize (&challenge.a1, a1); - ec_point_serialize (&challenge.a2, a2); - ec_point_serialize (&challenge.b1, b1); - ec_point_serialize (&challenge.b2, b2); - GNUNET_CRYPTO_kdf_mod_mpi (&c, - ec_n, - NULL, - 0, - &challenge, - sizeof (challenge), - "libbrandt zkp 0og"); + /* compute challenge c */ + ec_point_serialize (&challenge.g, ec_gen); + ec_point_serialize (&challenge.alpha, alpha); + ec_point_serialize (&challenge.beta, beta); + ec_point_serialize (&challenge.a1, a1); + ec_point_serialize (&challenge.a2, a2); + ec_point_serialize (&challenge.b1, b1); + ec_point_serialize (&challenge.b2, b2); + GNUNET_CRYPTO_kdf_mod_mpi (&c, + ec_n, + NULL, + 0, + &challenge, + sizeof (challenge), + "libbrandt zkp 0og"); - /* c == d1 + d2 */ - gcry_mpi_addm (sum, d1, d2, ec_n); - ret = gcry_mpi_cmp (c, sum); + /* c == d1 + d2 */ + gcry_mpi_addm (sum, d1, d2, ec_n); + ret = gcry_mpi_cmp (c, sum); - /* a1 == r1*g + d1*beta */ - gcry_mpi_ec_mul (tmp, r1, ec_gen, ec_ctx); - gcry_mpi_ec_mul (right, d1, beta, ec_ctx); - gcry_mpi_ec_add (right, tmp, right, ec_ctx); - ret |= ec_point_cmp (a1, right) << 1; + /* a1 == r1*g + d1*beta */ + gcry_mpi_ec_mul (tmp, r1, ec_gen, ec_ctx); + gcry_mpi_ec_mul (right, d1, beta, ec_ctx); + gcry_mpi_ec_add (right, tmp, right, ec_ctx); + ret |= ec_point_cmp (a1, right) << 1; - /* b1 == r1*y + d1*(alpha-g) */ - gcry_mpi_ec_sub (right, alpha, ec_gen, ec_ctx); - gcry_mpi_ec_mul (tmp, d1, right, ec_ctx); - gcry_mpi_ec_mul (right, r1, y, ec_ctx); - gcry_mpi_ec_add (right, right, tmp, ec_ctx); - ret |= ec_point_cmp (b1, right) << 2; + /* b1 == r1*y + d1*(alpha-g) */ + gcry_mpi_ec_sub (right, alpha, ec_gen, ec_ctx); + gcry_mpi_ec_mul (tmp, d1, right, ec_ctx); + gcry_mpi_ec_mul (right, r1, y, ec_ctx); + gcry_mpi_ec_add (right, right, tmp, ec_ctx); + ret |= ec_point_cmp (b1, right) << 2; - /* a2 == r2*g + d2*beta */ - gcry_mpi_ec_mul (tmp, d2, beta, ec_ctx); - gcry_mpi_ec_mul (right, r2, ec_gen, ec_ctx); - gcry_mpi_ec_add (right, right, tmp, ec_ctx); - ret |= ec_point_cmp (a2, right) << 3; + /* a2 == r2*g + d2*beta */ + gcry_mpi_ec_mul (tmp, d2, beta, ec_ctx); + gcry_mpi_ec_mul (right, r2, ec_gen, ec_ctx); + gcry_mpi_ec_add (right, right, tmp, ec_ctx); + ret |= ec_point_cmp (a2, right) << 3; - /* b2 == r2*y + d2*alpha */ - gcry_mpi_ec_mul (tmp, d2, alpha, ec_ctx); - gcry_mpi_ec_mul (right, r2, y, ec_ctx); - gcry_mpi_ec_add (right, right, tmp, ec_ctx); - ret |= ec_point_cmp (b2, right) << 4; + /* b2 == r2*y + d2*alpha */ + gcry_mpi_ec_mul (tmp, d2, alpha, ec_ctx); + gcry_mpi_ec_mul (right, r2, y, ec_ctx); + gcry_mpi_ec_add (right, right, tmp, ec_ctx); + ret |= ec_point_cmp (b2, right) << 4; - gcry_mpi_point_release (a1); - gcry_mpi_point_release (a2); - gcry_mpi_point_release (b1); - gcry_mpi_point_release (b2); - gcry_mpi_release (d1); - gcry_mpi_release (d2); - gcry_mpi_release (r1); - gcry_mpi_release (r2); - gcry_mpi_release (c); - gcry_mpi_release (sum); - gcry_mpi_point_release (right); - gcry_mpi_point_release (tmp); + gcry_mpi_point_release (a1); + gcry_mpi_point_release (a2); + gcry_mpi_point_release (b1); + gcry_mpi_point_release (b2); + gcry_mpi_release (d1); + gcry_mpi_release (d2); + gcry_mpi_release (r1); + gcry_mpi_release (r2); + gcry_mpi_release (c); + gcry_mpi_release (sum); + gcry_mpi_point_release (right); + gcry_mpi_point_release (tmp); - return ret; + return ret; } diff --git a/crypto.h b/crypto.h index 4ba850e..899ecdf 100644 --- a/crypto.h +++ b/crypto.h @@ -37,69 +37,85 @@ void brandt_crypto_init (); /* used for serialized mpis and serialized curve points (they are the same size * when compressed) */ -struct ec_mpi { - unsigned char data[256 / 8]; +struct ec_mpi +{ + unsigned char data[256 / 8]; }; void ec_point_serialize (struct ec_mpi *dst, const gcry_mpi_point_t src); + void ec_point_parse (gcry_mpi_point_t dst, const struct ec_mpi *src); gcry_mpi_point_t *smc_init1 (uint16_t size1); + gcry_mpi_point_t **smc_init2 (uint16_t size1, uint16_t size2); + gcry_mpi_point_t ***smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3); + void smc_free1 (gcry_mpi_point_t *dst, uint16_t size1); + void smc_free2 (gcry_mpi_point_t **dst, uint16_t size1, uint16_t size2); + void smc_free3 (gcry_mpi_point_t ***dst, - uint16_t size1, - uint16_t size2, - uint16_t size3); + uint16_t size1, + uint16_t size2, + uint16_t size3); void smc_sums_partial (gcry_mpi_point_t out[], gcry_mpi_point_t in[], - uint16_t len, - uint16_t stepi, - uint16_t stepo); + uint16_t len, + uint16_t stepi, + uint16_t stepo); + void smc_sum (gcry_mpi_point_t out, gcry_mpi_point_t in[], - uint16_t len, - uint16_t step); + uint16_t len, + uint16_t step); void ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src); + int ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b); + void ec_skey_create (gcry_mpi_t skey); + void ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey); -void ec_keypair_create_base (gcry_mpi_point_t pkey, - gcry_mpi_t skey, + +void ec_keypair_create_base (gcry_mpi_point_t pkey, + gcry_mpi_t skey, const gcry_mpi_point_t base); /* --- Zero knowledge proofs --- */ -struct proof_dl { - struct ec_mpi r; - struct ec_mpi a; +struct proof_dl +{ + struct ec_mpi r; + struct ec_mpi a; }; -struct proof_2dle { - struct ec_mpi r; - struct ec_mpi a; - struct ec_mpi b; +struct proof_2dle +{ + struct ec_mpi r; + struct ec_mpi a; + struct ec_mpi b; }; -struct proof_0og { - struct ec_mpi a1; - struct ec_mpi a2; - struct ec_mpi b1; - struct ec_mpi b2; - struct ec_mpi d1; - struct ec_mpi d2; - struct ec_mpi r1; - struct ec_mpi r2; +struct proof_0og +{ + struct ec_mpi a1; + struct ec_mpi a2; + struct ec_mpi b1; + struct ec_mpi b2; + struct ec_mpi d1; + struct ec_mpi d2; + struct ec_mpi r1; + struct ec_mpi r2; }; void smc_zkp_dl (gcry_mpi_point_t v, const gcry_mpi_t x, struct proof_dl *proof); + int smc_zkp_dl_check (const gcry_mpi_point_t v, const struct proof_dl *proof); @@ -107,20 +123,22 @@ void smc_zkp_2dle (const gcry_mpi_point_t v, const gcry_mpi_point_t w, const gcry_mpi_point_t g1, const gcry_mpi_point_t g2, - const gcry_mpi_t x, + const gcry_mpi_t x, struct proof_2dle *proof); -int smc_zkp_2dle_check (const gcry_mpi_point_t v, - const gcry_mpi_point_t w, - const gcry_mpi_point_t g1, - const gcry_mpi_point_t g2, + +int smc_zkp_2dle_check (const gcry_mpi_point_t v, + const gcry_mpi_point_t w, + const gcry_mpi_point_t g1, + const gcry_mpi_point_t g2, const struct proof_2dle *proof); -void smc_zkp_0og (int m_is_gen, +void smc_zkp_0og (int m_is_gen, const gcry_mpi_point_t y, - gcry_mpi_t r, - gcry_mpi_point_t alpha, - gcry_mpi_point_t beta, + gcry_mpi_t r, + gcry_mpi_point_t alpha, + gcry_mpi_point_t beta, struct proof_0og *proof); + int smc_zkp_0og_check (const gcry_mpi_point_t y, const gcry_mpi_point_t alpha, const gcry_mpi_point_t beta, @@ -130,53 +148,65 @@ int smc_zkp_0og_check (const gcry_mpi_point_t y, /* --- Protocol implementation --- */ void smc_prep_keyshare (struct BRANDT_Auction *ad); + unsigned char *smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen); + int smc_recv_keyshare (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender_index); + size_t buflen, + uint16_t sender_index); void smc_prep_bid (struct BRANDT_Auction *ad); + unsigned char *smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen); + int smc_recv_encrypted_bid (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender_index); + size_t buflen, + uint16_t sender_index); void fp_priv_prep_outcome (struct BRANDT_Auction *ad); + unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen); + int fp_priv_recv_outcome (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender); + size_t buflen, + uint16_t sender); void fp_priv_prep_decryption (struct BRANDT_Auction *ad); + unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen); + int fp_priv_recv_decryption (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender); + size_t buflen, + uint16_t sender); struct BRANDT_Result *fp_priv_determine_outcome (struct BRANDT_Auction *ad, uint16_t *len); void fp_pub_prep_outcome (struct BRANDT_Auction *ad); + unsigned char *fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen); + int fp_pub_recv_outcome (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender); + size_t buflen, + uint16_t sender); void fp_pub_prep_decryption (struct BRANDT_Auction *ad); + unsigned char *fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen); + int fp_pub_recv_decryption (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender); + size_t buflen, + uint16_t sender); struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *len); @@ -189,20 +219,24 @@ struct BRANDT_Result *mp_priv_determine_outcome (struct BRANDT_Auction *ad, void mp_pub_prep_outcome (struct BRANDT_Auction *ad); + unsigned char *mp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen); + int mp_pub_recv_outcome (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender); + size_t buflen, + uint16_t sender); void mp_pub_prep_decryption (struct BRANDT_Auction *ad); + unsigned char *mp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen); + int mp_pub_recv_decryption (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender); + size_t buflen, + uint16_t sender); struct BRANDT_Result *mp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *len); @@ -216,8 +250,8 @@ typedef void typedef int (*MsgIn)(struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender); + size_t buflen, + uint16_t sender); typedef unsigned char * @@ -241,34 +275,34 @@ typedef struct BRANDT_Result * static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = { - [auction_firstPrice] = { - [outcome_private] = { - [msg_init] = &smc_prep_keyshare, - [msg_bid] = &smc_prep_bid, - [msg_outcome] = &fp_priv_prep_outcome, - [msg_decrypt] = &fp_priv_prep_decryption, - }, - [outcome_public] = { - [msg_init] = &smc_prep_keyshare, - [msg_bid] = &smc_prep_bid, - [msg_outcome] = &fp_pub_prep_outcome, - [msg_decrypt] = &fp_pub_prep_decryption, - }, - }, - [auction_mPlusFirstPrice] = { - [outcome_private] = { - [msg_init] = &smc_prep_keyshare, - [msg_bid] = &smc_prep_bid, - [msg_outcome] = &mp_priv_prep_outcome, - [msg_decrypt] = &fp_priv_prep_decryption, - }, - [outcome_public] = { - [msg_init] = &smc_prep_keyshare, - [msg_bid] = &smc_prep_bid, - [msg_outcome] = &mp_pub_prep_outcome, - [msg_decrypt] = &mp_pub_prep_decryption, - }, - }, + [auction_firstPrice] = { + [outcome_private] = { + [msg_init] = &smc_prep_keyshare, + [msg_bid] = &smc_prep_bid, + [msg_outcome] = &fp_priv_prep_outcome, + [msg_decrypt] = &fp_priv_prep_decryption, + }, + [outcome_public] = { + [msg_init] = &smc_prep_keyshare, + [msg_bid] = &smc_prep_bid, + [msg_outcome] = &fp_pub_prep_outcome, + [msg_decrypt] = &fp_pub_prep_decryption, + }, + }, + [auction_mPlusFirstPrice] = { + [outcome_private] = { + [msg_init] = &smc_prep_keyshare, + [msg_bid] = &smc_prep_bid, + [msg_outcome] = &mp_priv_prep_outcome, + [msg_decrypt] = &fp_priv_prep_decryption, + }, + [outcome_public] = { + [msg_init] = &smc_prep_keyshare, + [msg_bid] = &smc_prep_bid, + [msg_outcome] = &mp_pub_prep_outcome, + [msg_decrypt] = &mp_pub_prep_decryption, + }, + }, }; @@ -283,34 +317,34 @@ static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = { * of 0 means a private outcome, while a value of 1 means public outcome. */ static const MsgIn handler_in[auction_last][outcome_last][msg_last] = { - [auction_firstPrice] = { - [outcome_private] = { - [msg_init] = &smc_recv_keyshare, - [msg_bid] = &smc_recv_encrypted_bid, - [msg_outcome] = &fp_priv_recv_outcome, - [msg_decrypt] = &fp_priv_recv_decryption, - }, - [outcome_public] = { - [msg_init] = &smc_recv_keyshare, - [msg_bid] = &smc_recv_encrypted_bid, - [msg_outcome] = &fp_pub_recv_outcome, - [msg_decrypt] = &fp_pub_recv_decryption, - }, - }, - [auction_mPlusFirstPrice] = { - [outcome_private] = { - [msg_init] = &smc_recv_keyshare, - [msg_bid] = &smc_recv_encrypted_bid, - [msg_outcome] = &fp_priv_recv_outcome, - [msg_decrypt] = &fp_priv_recv_decryption, - }, - [outcome_public] = { - [msg_init] = &smc_recv_keyshare, - [msg_bid] = &smc_recv_encrypted_bid, - [msg_outcome] = &mp_pub_recv_outcome, - [msg_decrypt] = &mp_pub_recv_decryption, - }, - }, + [auction_firstPrice] = { + [outcome_private] = { + [msg_init] = &smc_recv_keyshare, + [msg_bid] = &smc_recv_encrypted_bid, + [msg_outcome] = &fp_priv_recv_outcome, + [msg_decrypt] = &fp_priv_recv_decryption, + }, + [outcome_public] = { + [msg_init] = &smc_recv_keyshare, + [msg_bid] = &smc_recv_encrypted_bid, + [msg_outcome] = &fp_pub_recv_outcome, + [msg_decrypt] = &fp_pub_recv_decryption, + }, + }, + [auction_mPlusFirstPrice] = { + [outcome_private] = { + [msg_init] = &smc_recv_keyshare, + [msg_bid] = &smc_recv_encrypted_bid, + [msg_outcome] = &fp_priv_recv_outcome, + [msg_decrypt] = &fp_priv_recv_decryption, + }, + [outcome_public] = { + [msg_init] = &smc_recv_keyshare, + [msg_bid] = &smc_recv_encrypted_bid, + [msg_outcome] = &mp_pub_recv_outcome, + [msg_decrypt] = &mp_pub_recv_decryption, + }, + }, }; @@ -326,34 +360,34 @@ static const MsgIn handler_in[auction_last][outcome_last][msg_last] = { * of 0 means a private outcome, while a value of 1 means public outcome. */ static const MsgOut handler_out[auction_last][outcome_last][msg_last] = { - [auction_firstPrice] = { - [outcome_private] = { - [msg_init] = &smc_gen_keyshare, - [msg_bid] = &smc_encrypt_bid, - [msg_outcome] = &fp_priv_compute_outcome, - [msg_decrypt] = &fp_priv_decrypt_outcome, - }, - [outcome_public] = { - [msg_init] = &smc_gen_keyshare, - [msg_bid] = &smc_encrypt_bid, - [msg_outcome] = &fp_pub_compute_outcome, - [msg_decrypt] = &fp_pub_decrypt_outcome, - }, - }, - [auction_mPlusFirstPrice] = { - [outcome_private] = { - [msg_init] = &smc_gen_keyshare, - [msg_bid] = &smc_encrypt_bid, - [msg_outcome] = &fp_priv_compute_outcome, - [msg_decrypt] = &fp_priv_decrypt_outcome, - }, - [outcome_public] = { - [msg_init] = &smc_gen_keyshare, - [msg_bid] = &smc_encrypt_bid, - [msg_outcome] = &mp_pub_compute_outcome, - [msg_decrypt] = &mp_pub_decrypt_outcome, - }, - }, + [auction_firstPrice] = { + [outcome_private] = { + [msg_init] = &smc_gen_keyshare, + [msg_bid] = &smc_encrypt_bid, + [msg_outcome] = &fp_priv_compute_outcome, + [msg_decrypt] = &fp_priv_decrypt_outcome, + }, + [outcome_public] = { + [msg_init] = &smc_gen_keyshare, + [msg_bid] = &smc_encrypt_bid, + [msg_outcome] = &fp_pub_compute_outcome, + [msg_decrypt] = &fp_pub_decrypt_outcome, + }, + }, + [auction_mPlusFirstPrice] = { + [outcome_private] = { + [msg_init] = &smc_gen_keyshare, + [msg_bid] = &smc_encrypt_bid, + [msg_outcome] = &fp_priv_compute_outcome, + [msg_decrypt] = &fp_priv_decrypt_outcome, + }, + [outcome_public] = { + [msg_init] = &smc_gen_keyshare, + [msg_bid] = &smc_encrypt_bid, + [msg_outcome] = &mp_pub_compute_outcome, + [msg_decrypt] = &mp_pub_decrypt_outcome, + }, + }, }; /** @@ -368,16 +402,15 @@ static const MsgOut handler_out[auction_last][outcome_last][msg_last] = { * of 0 means a private outcome, while a value of 1 means public outcome. */ static const Result handler_res[auction_last][outcome_last] = { - [auction_firstPrice] = { - [outcome_private] = &fp_priv_determine_outcome, - [outcome_public] = &fp_pub_determine_outcome, - }, - [auction_mPlusFirstPrice] = { - [outcome_private] = &mp_priv_determine_outcome, - [outcome_public] = &mp_pub_determine_outcome, - }, + [auction_firstPrice] = { + [outcome_private] = &fp_priv_determine_outcome, + [outcome_public] = &fp_pub_determine_outcome, + }, + [auction_mPlusFirstPrice] = { + [outcome_private] = &mp_priv_determine_outcome, + [outcome_public] = &mp_pub_determine_outcome, + }, }; - #endif /* ifndef _BRANDT_CRYPTO_H */ diff --git a/fp_priv.c b/fp_priv.c index 0fdaa79..a32c5a5 100644 --- a/fp_priv.c +++ b/fp_priv.c @@ -32,115 +32,115 @@ void fp_priv_prep_outcome (struct BRANDT_Auction *ad) { - gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); - gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); - gcry_mpi_point_t *tlta1; - gcry_mpi_point_t *tltb1; - gcry_mpi_point_t **tlta2; - gcry_mpi_point_t **tltb2; - gcry_mpi_point_t **tlta3; - gcry_mpi_point_t **tltb3; + gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); + gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); + gcry_mpi_point_t *tlta1; + gcry_mpi_point_t *tltb1; + gcry_mpi_point_t **tlta2; + gcry_mpi_point_t **tltb2; + gcry_mpi_point_t **tlta3; + gcry_mpi_point_t **tltb3; - ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k); - brandt_assert (ad->gamma3); + ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k); + brandt_assert (ad->gamma3); - ad->delta3 = smc_init3 (ad->n, ad->n, ad->k); - brandt_assert (ad->delta3); + ad->delta3 = smc_init3 (ad->n, ad->n, ad->k); + brandt_assert (ad->delta3); - /* create temporary lookup tables with partial sums */ - tlta1 = smc_init1 (ad->k); - tltb1 = smc_init1 (ad->k); - tlta2 = smc_init2 (ad->n, ad->k); - tltb2 = smc_init2 (ad->n, ad->k); - tlta3 = smc_init2 (ad->n, ad->k); - tltb3 = smc_init2 (ad->n, ad->k); + /* create temporary lookup tables with partial sums */ + tlta1 = smc_init1 (ad->k); + tltb1 = smc_init1 (ad->k); + tlta2 = smc_init2 (ad->n, ad->k); + tltb2 = smc_init2 (ad->n, ad->k); + tlta3 = smc_init2 (ad->n, ad->k); + tltb3 = smc_init2 (ad->n, ad->k); - /* temporary lookup table for first summand (no one has a higher bid) */ - for (uint16_t i = 0; i < ad->n; i++) - { - smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1); - smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1); - for (uint16_t j = 0; j < ad->k; j++) - { - gcry_mpi_ec_sub (tlta3[i][j], - tlta2[i][ad->k - 1], - tlta2[i][j], - ec_ctx); - gcry_mpi_ec_sub (tltb3[i][j], - tltb2[i][ad->k - 1], - tltb2[i][j], - ec_ctx); - } - brandt_assert (!ec_point_cmp (ec_zero, tlta3[i][ad->k - 1])); - brandt_assert (!ec_point_cmp (ec_zero, tltb3[i][ad->k - 1])); - } - for (uint16_t j = 0; j < ad->k; j++) - { - smc_sum (tlta1[j], &tlta3[0][j], ad->n, ad->k); - smc_sum (tltb1[j], &tltb3[0][j], ad->n, ad->k); - } - brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1])); - brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1])); - /* \todo: merge into one nested i,j loop and one nested j,i loop? */ + /* temporary lookup table for first summand (no one has a higher bid) */ + for (uint16_t i = 0; i < ad->n; i++) + { + smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1); + smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1); + for (uint16_t j = 0; j < ad->k; j++) + { + gcry_mpi_ec_sub (tlta3[i][j], + tlta2[i][ad->k - 1], + tlta2[i][j], + ec_ctx); + gcry_mpi_ec_sub (tltb3[i][j], + tltb2[i][ad->k - 1], + tltb2[i][j], + ec_ctx); + } + brandt_assert (! ec_point_cmp (ec_zero, tlta3[i][ad->k - 1])); + brandt_assert (! ec_point_cmp (ec_zero, tltb3[i][ad->k - 1])); + } + for (uint16_t j = 0; j < ad->k; j++) + { + smc_sum (tlta1[j], &tlta3[0][j], ad->n, ad->k); + smc_sum (tltb1[j], &tltb3[0][j], ad->n, ad->k); + } + brandt_assert (! ec_point_cmp (ec_zero, tlta1[ad->k - 1])); + brandt_assert (! ec_point_cmp (ec_zero, tltb1[ad->k - 1])); + /* \todo: merge into one nested i,j loop and one nested j,i loop? */ - /* temporary lookup table for second summand (my bid is not lower) */ - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - gcry_mpi_ec_sub (tlta2[i][j], tlta2[i][j], ad->alpha[i][j], ec_ctx); - gcry_mpi_ec_sub (tltb2[i][j], tltb2[i][j], ad->beta[i][j], ec_ctx); - } - brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][0])); - brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][0])); - } + /* temporary lookup table for second summand (my bid is not lower) */ + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + gcry_mpi_ec_sub (tlta2[i][j], tlta2[i][j], ad->alpha[i][j], ec_ctx); + gcry_mpi_ec_sub (tltb2[i][j], tltb2[i][j], ad->beta[i][j], ec_ctx); + } + brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][0])); + brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][0])); + } - /* temporary lookup table for third summand (no one with a lower index has - * the same bid) */ - for (uint16_t j = 0; j < ad->k; j++) - { - smc_sums_partial (&tlta3[0][j], &ad->alpha[0][j], ad->n, ad->k, ad->k); - smc_sums_partial (&tltb3[0][j], &ad->beta[0][j], ad->n, ad->k, ad->k); - for (uint16_t i = 0; i < ad->n; i++) - { - gcry_mpi_ec_sub (tlta3[i][j], tlta3[i][j], ad->alpha[i][j], ec_ctx); - gcry_mpi_ec_sub (tltb3[i][j], tltb3[i][j], ad->beta[i][j], ec_ctx); - } - brandt_assert (!ec_point_cmp (ec_zero, tlta3[0][j])); - brandt_assert (!ec_point_cmp (ec_zero, tltb3[0][j])); - } + /* temporary lookup table for third summand (no one with a lower index has + * the same bid) */ + for (uint16_t j = 0; j < ad->k; j++) + { + smc_sums_partial (&tlta3[0][j], &ad->alpha[0][j], ad->n, ad->k, ad->k); + smc_sums_partial (&tltb3[0][j], &ad->beta[0][j], ad->n, ad->k, ad->k); + for (uint16_t i = 0; i < ad->n; i++) + { + gcry_mpi_ec_sub (tlta3[i][j], tlta3[i][j], ad->alpha[i][j], ec_ctx); + gcry_mpi_ec_sub (tltb3[i][j], tltb3[i][j], ad->beta[i][j], ec_ctx); + } + brandt_assert (! ec_point_cmp (ec_zero, tlta3[0][j])); + brandt_assert (! ec_point_cmp (ec_zero, tltb3[0][j])); + } - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - /* compute inner gamma */ - gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); - gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx); + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + /* compute inner gamma */ + gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); + gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx); - /* compute inner delta */ - gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx); - gcry_mpi_ec_add (tmpb, tmpb, tltb3[i][j], ec_ctx); + /* compute inner delta */ + gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx); + gcry_mpi_ec_add (tmpb, tmpb, tltb3[i][j], ec_ctx); - /* copy unmasked outcome to all other bidder layers so they don't - * have to be recomputed to check the ZK proof_2dle's from other - * bidders when receiving their outcome messages */ - for (uint16_t a = 0; a < ad->n; a++) - { - ec_point_copy (ad->gamma3[a][i][j], tmpa); - ec_point_copy (ad->delta3[a][i][j], tmpb); - } - } - } + /* copy unmasked outcome to all other bidder layers so they don't + * have to be recomputed to check the ZK proof_2dle's from other + * bidders when receiving their outcome messages */ + for (uint16_t a = 0; a < ad->n; a++) + { + ec_point_copy (ad->gamma3[a][i][j], tmpa); + ec_point_copy (ad->delta3[a][i][j], tmpb); + } + } + } - gcry_mpi_point_release (tmpa); - gcry_mpi_point_release (tmpb); - smc_free1 (tlta1, ad->k); - smc_free1 (tltb1, ad->k); - smc_free2 (tlta2, ad->n, ad->k); - smc_free2 (tltb2, ad->n, ad->k); - smc_free2 (tlta3, ad->n, ad->k); - smc_free2 (tltb3, ad->n, ad->k); + gcry_mpi_point_release (tmpa); + gcry_mpi_point_release (tmpb); + smc_free1 (tlta1, ad->k); + smc_free1 (tltb1, ad->k); + smc_free2 (tlta2, ad->n, ad->k); + smc_free2 (tltb2, ad->n, ad->k); + smc_free2 (tlta3, ad->n, ad->k); + smc_free2 (tltb3, ad->n, ad->k); } @@ -156,236 +156,236 @@ fp_priv_prep_outcome (struct BRANDT_Auction *ad) unsigned char * fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - unsigned char *cur; - struct msg_head *head; - gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); - gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); - struct ec_mpi *gamma; - struct ec_mpi *delta; - struct proof_2dle *proof2; + unsigned char *ret; + unsigned char *cur; + struct msg_head *head; + gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); + gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); + struct ec_mpi *gamma; + struct ec_mpi *delta; + struct proof_2dle *proof2; - brandt_assert (ad && buflen); + brandt_assert (ad && buflen); - *buflen = (sizeof (*head) + /* msg header */ - ad->n * ad->k * /* nk * (gamma, delta, proof2) */ - (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); - ret = GNUNET_new_array (*buflen, unsigned char); + *buflen = (sizeof (*head) /* msg header */ + + ad->n * ad->k /* nk * (gamma, delta, proof2) */ + * (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_outcome); - cur = ret + sizeof (*head); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_outcome); + cur = ret + sizeof (*head); - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - gamma = (struct ec_mpi *)cur; - delta = &((struct ec_mpi *)cur)[1]; - proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + gamma = (struct ec_mpi *) cur; + delta = &((struct ec_mpi *) cur)[1]; + proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi)); - ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]); - ec_point_copy (tmpb, ad->delta3[ad->i][i][j]); + ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]); + ec_point_copy (tmpb, ad->delta3[ad->i][i][j]); - /* apply random masking for losing bidders */ - smc_zkp_2dle (ad->gamma3[ad->i][i][j], - ad->delta3[ad->i][i][j], - tmpa, - tmpb, - NULL, - proof2); + /* apply random masking for losing bidders */ + smc_zkp_2dle (ad->gamma3[ad->i][i][j], + ad->delta3[ad->i][i][j], + tmpa, + tmpb, + NULL, + proof2); - ec_point_serialize (gamma, ad->gamma3[ad->i][i][j]); - ec_point_serialize (delta, ad->delta3[ad->i][i][j]); + ec_point_serialize (gamma, ad->gamma3[ad->i][i][j]); + ec_point_serialize (delta, ad->delta3[ad->i][i][j]); - cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); - } - } + cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); + } + } - gcry_mpi_point_release (tmpa); - gcry_mpi_point_release (tmpb); - return ret; + gcry_mpi_point_release (tmpa); + gcry_mpi_point_release (tmpb); + return ret; } int fp_priv_recv_outcome (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - const unsigned char *cur = buf; - struct proof_2dle *proof2; - gcry_mpi_point_t gamma = gcry_mpi_point_new (0); - gcry_mpi_point_t delta = gcry_mpi_point_new (0); + int ret = 0; + const unsigned char *cur = buf; + struct proof_2dle *proof2; + gcry_mpi_point_t gamma = gcry_mpi_point_new (0); + gcry_mpi_point_t delta = gcry_mpi_point_new (0); - brandt_assert (ad && buf); + brandt_assert (ad && buf); - if (buflen != (ad->n * ad->k * - (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong size of received outcome\n"); - goto quit; - } + if (buflen != (ad->n * ad->k + * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong size of received outcome\n"); + goto quit; + } - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_parse (gamma, (struct ec_mpi *)cur); - ec_point_parse (delta, &((struct ec_mpi *)cur)[1]); - proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); - if (smc_zkp_2dle_check (gamma, - delta, - ad->gamma3[sender][i][j], - ad->delta3[sender][i][j], - proof2)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp2 for gamma, delta received\n"); - goto quit; - } - ec_point_copy (ad->gamma3[sender][i][j], gamma); - ec_point_copy (ad->delta3[sender][i][j], delta); - cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); - } - } + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_parse (gamma, (struct ec_mpi *) cur); + ec_point_parse (delta, &((struct ec_mpi *) cur)[1]); + proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi)); + if (smc_zkp_2dle_check (gamma, + delta, + ad->gamma3[sender][i][j], + ad->delta3[sender][i][j], + proof2)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp2 for gamma, delta received\n"); + goto quit; + } + ec_point_copy (ad->gamma3[sender][i][j], gamma); + ec_point_copy (ad->delta3[sender][i][j], delta); + cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); + } + } - ret = 1; + ret = 1; quit: - gcry_mpi_point_release (gamma); - gcry_mpi_point_release (delta); - return ret; + gcry_mpi_point_release (gamma); + gcry_mpi_point_release (delta); + return ret; } void fp_priv_prep_decryption (struct BRANDT_Auction *ad) { - gcry_mpi_point_t tmp = gcry_mpi_point_new (0); + gcry_mpi_point_t tmp = gcry_mpi_point_new (0); - ad->phi3 = smc_init3 (ad->n, ad->n, ad->k); - brandt_assert (ad->phi3); + ad->phi3 = smc_init3 (ad->n, ad->n, ad->k); + brandt_assert (ad->phi3); - ad->phiproofs3 = GNUNET_new_array_3d (ad->n, - ad->n, - ad->k, - struct proof_2dle); - brandt_assert (ad->phiproofs3); + ad->phiproofs3 = GNUNET_new_array_3d (ad->n, + ad->n, + ad->k, + struct proof_2dle); + brandt_assert (ad->phiproofs3); - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); - /* copy still encrypted outcome to all other bidder layers so they - * don't have to be recomputed to check the ZK proof_2dle's from - * other bidders when receiving their outcome decryption messages */ - for (uint16_t a = 0; a < ad->n; a++) - ec_point_copy (ad->phi3[a][i][j], tmp); - } - } + /* copy still encrypted outcome to all other bidder layers so they + * don't have to be recomputed to check the ZK proof_2dle's from + * other bidders when receiving their outcome decryption messages */ + for (uint16_t a = 0; a < ad->n; a++) + ec_point_copy (ad->phi3[a][i][j], tmp); + } + } - gcry_mpi_point_release (tmp); + gcry_mpi_point_release (tmp); } static unsigned char * fp_priv_decrypt_outcome_seller (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - unsigned char *cur; - struct msg_head *head; - gcry_mpi_point_t tmp = gcry_mpi_point_new (0); - struct ec_mpi *phi; - struct proof_2dle *proof2; + unsigned char *ret; + unsigned char *cur; + struct msg_head *head; + gcry_mpi_point_t tmp = gcry_mpi_point_new (0); + struct ec_mpi *phi; + struct proof_2dle *proof2; - *buflen = (sizeof (*head) + - (ad->n - 1) * ad->n * ad->k * (sizeof (*phi) + - sizeof (*proof2))); - ret = GNUNET_new_array (*buflen, unsigned char); + *buflen = (sizeof (*head) + + (ad->n - 1) * ad->n * ad->k * (sizeof (*phi) + + sizeof (*proof2))); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_decrypt); - cur = ret + sizeof (*head); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_decrypt); + cur = ret + sizeof (*head); - for (uint16_t h = 0; h < ad->n; h++) - { - for (uint16_t i = 0; i < ad->n; i++) - { - /* don't reveal outcome to losing bidders */ - if (h == i) - continue; + for (uint16_t h = 0; h < ad->n; h++) + { + for (uint16_t i = 0; i < ad->n; i++) + { + /* don't reveal outcome to losing bidders */ + if (h == i) + continue; - for (uint16_t j = 0; j < ad->k; j++) - { - phi = (struct ec_mpi *)cur; - proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); + for (uint16_t j = 0; j < ad->k; j++) + { + phi = (struct ec_mpi *) cur; + proof2 = (struct proof_2dle *) (cur + sizeof (*phi)); - ec_point_serialize (phi, ad->phi3[h][i][j]); - memcpy (proof2, &ad->phiproofs3[h][i][j], sizeof (*proof2)); + ec_point_serialize (phi, ad->phi3[h][i][j]); + memcpy (proof2, &ad->phiproofs3[h][i][j], sizeof (*proof2)); - cur += sizeof (*phi) + sizeof (*proof2); - } - } - } + cur += sizeof (*phi) + sizeof (*proof2); + } + } + } - gcry_mpi_point_release (tmp); - return ret; + gcry_mpi_point_release (tmp); + return ret; } static unsigned char * fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - unsigned char *cur; - struct msg_head *head; - gcry_mpi_point_t tmp = gcry_mpi_point_new (0); - struct ec_mpi *phi; - struct proof_2dle *proof2; + unsigned char *ret; + unsigned char *cur; + struct msg_head *head; + gcry_mpi_point_t tmp = gcry_mpi_point_new (0); + struct ec_mpi *phi; + struct proof_2dle *proof2; - *buflen = (sizeof (*head) + - ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); - ret = GNUNET_new_array (*buflen, unsigned char); + *buflen = (sizeof (*head) + + ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_decrypt); - cur = ret + sizeof (*head); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_decrypt); + cur = ret + sizeof (*head); - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - phi = (struct ec_mpi *)cur; - proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + phi = (struct ec_mpi *) cur; + proof2 = (struct proof_2dle *) (cur + sizeof (*phi)); - ec_point_copy (tmp, ad->phi3[ad->i][i][j]); + ec_point_copy (tmp, ad->phi3[ad->i][i][j]); - /* decrypt outcome component and prove the correct key was used */ - smc_zkp_2dle (ad->phi3[ad->i][i][j], - NULL, - tmp, - ec_gen, - ad->x, - proof2); + /* decrypt outcome component and prove the correct key was used */ + smc_zkp_2dle (ad->phi3[ad->i][i][j], + NULL, + tmp, + ec_gen, + ad->x, + proof2); - ec_point_serialize (phi, ad->phi3[ad->i][i][j]); + ec_point_serialize (phi, ad->phi3[ad->i][i][j]); - cur += sizeof (*phi) + sizeof (*proof2); - } - } + cur += sizeof (*phi) + sizeof (*proof2); + } + } - gcry_mpi_point_release (tmp); - return ret; + gcry_mpi_point_release (tmp); + return ret; } @@ -403,143 +403,143 @@ fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen) unsigned char * fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) { - brandt_assert (ad && buflen); - if (ad->seller_mode) - return fp_priv_decrypt_outcome_seller (ad, buflen); - else - return fp_priv_decrypt_outcome_bidder (ad, buflen); + brandt_assert (ad && buflen); + if (ad->seller_mode) + return fp_priv_decrypt_outcome_seller (ad, buflen); + else + return fp_priv_decrypt_outcome_bidder (ad, buflen); } static int fp_priv_recv_decryption_seller (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - const unsigned char *cur = buf; - struct proof_2dle *proof2; - gcry_mpi_point_t phi = gcry_mpi_point_new (0); + int ret = 0; + const unsigned char *cur = buf; + struct proof_2dle *proof2; + gcry_mpi_point_t phi = gcry_mpi_point_new (0); - if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) - { - GNUNET_log_from ( - GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong size of received outcome decryption from bidder\n"); - goto quit; - } + if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) + { + GNUNET_log_from ( + GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong size of received outcome decryption from bidder\n"); + goto quit; + } - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_parse (phi, (struct ec_mpi *)cur); - proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); - if (smc_zkp_2dle_check (phi, - ad->y[sender], - ad->phi3[sender][i][j], - ec_gen, - proof2)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp2 for phi, y received from bidder\n"); - goto quit; - } + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_parse (phi, (struct ec_mpi *) cur); + proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi)); + if (smc_zkp_2dle_check (phi, + ad->y[sender], + ad->phi3[sender][i][j], + ec_gen, + proof2)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp2 for phi, y received from bidder\n"); + goto quit; + } - /* store proof. we need to rebroadcast it to the other bidders */ - memcpy (&ad->phiproofs3[sender][i][j], proof2, sizeof (*proof2)); + /* store proof. we need to rebroadcast it to the other bidders */ + memcpy (&ad->phiproofs3[sender][i][j], proof2, sizeof (*proof2)); - ec_point_copy (ad->phi3[sender][i][j], phi); - cur += sizeof (struct ec_mpi) + sizeof (*proof2); - } - } + ec_point_copy (ad->phi3[sender][i][j], phi); + cur += sizeof (struct ec_mpi) + sizeof (*proof2); + } + } - ret = 1; + ret = 1; quit: - gcry_mpi_point_release (phi); - return ret; + gcry_mpi_point_release (phi); + return ret; } static int fp_priv_recv_decryption_bidder (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - const unsigned char *cur = buf; - struct proof_2dle *proof2; - gcry_mpi_point_t phi = gcry_mpi_point_new (0); + int ret = 0; + const unsigned char *cur = buf; + struct proof_2dle *proof2; + gcry_mpi_point_t phi = gcry_mpi_point_new (0); - if (buflen != ((ad->n - 1) * ad->n * ad->k * (sizeof (struct ec_mpi) + - sizeof (*proof2)))) - { - GNUNET_log_from ( - GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong size of received outcome decryption from seller\n"); - goto quit; - } + if (buflen != ((ad->n - 1) * ad->n * ad->k * (sizeof (struct ec_mpi) + + sizeof (*proof2)))) + { + GNUNET_log_from ( + GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong size of received outcome decryption from seller\n"); + goto quit; + } - for (uint16_t h = 0; h < ad->n; h++) - { - for (uint16_t i = 0; i < ad->n; i++) - { - /* those combinations are not sent by the seller */ - if (h == i) - continue; + for (uint16_t h = 0; h < ad->n; h++) + { + for (uint16_t i = 0; i < ad->n; i++) + { + /* those combinations are not sent by the seller */ + if (h == i) + continue; - /* we already have our own phi values */ - if (h == ad->i) - { - cur += ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)); - continue; - } + /* we already have our own phi values */ + if (h == ad->i) + { + cur += ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)); + continue; + } - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_parse (phi, (struct ec_mpi *)cur); - proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); - if (smc_zkp_2dle_check (phi, - ad->y[h], - ad->phi3[h][i][j], - ec_gen, - proof2)) - { - GNUNET_log_from ( - GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp2 for phi, y received from seller\n"); - goto quit; - } - ec_point_copy (ad->phi3[h][i][j], phi); - cur += sizeof (struct ec_mpi) + sizeof (*proof2); - } - } - } + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_parse (phi, (struct ec_mpi *) cur); + proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi)); + if (smc_zkp_2dle_check (phi, + ad->y[h], + ad->phi3[h][i][j], + ec_gen, + proof2)) + { + GNUNET_log_from ( + GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp2 for phi, y received from seller\n"); + goto quit; + } + ec_point_copy (ad->phi3[h][i][j], phi); + cur += sizeof (struct ec_mpi) + sizeof (*proof2); + } + } + } - ret = 1; + ret = 1; quit: - gcry_mpi_point_release (phi); - return ret; + gcry_mpi_point_release (phi); + return ret; } int fp_priv_recv_decryption (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - brandt_assert (ad && buf); - if (ad->seller_mode) - return fp_priv_recv_decryption_seller (ad, buf, buflen, sender); - else - return fp_priv_recv_decryption_bidder (ad, buf, buflen, sender); + brandt_assert (ad && buf); + if (ad->seller_mode) + return fp_priv_recv_decryption_seller (ad, buf, buflen, sender); + else + return fp_priv_recv_decryption_bidder (ad, buf, buflen, sender); } @@ -547,57 +547,57 @@ struct BRANDT_Result * fp_priv_determine_outcome (struct BRANDT_Auction *ad, uint16_t *len) { - struct BRANDT_Result *ret; - int32_t price = -1; - int32_t winner = -1; - gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); - gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); + struct BRANDT_Result *ret; + int32_t price = -1; + int32_t winner = -1; + gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); + gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); - brandt_assert (ad); + brandt_assert (ad); - for (uint16_t i = 0; i < ad->n; i++) - { - if (!ad->seller_mode && i != ad->i) - continue; + for (uint16_t i = 0; i < ad->n; i++) + { + if (! ad->seller_mode && i != ad->i) + continue; - for (uint16_t j = 0; j < ad->k; j++) - { - smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k); - smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k); - gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); - if (!ec_point_cmp (sum_gamma, ec_zero)) - { - if (-1 != price) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "multiple winning prices detected\n"); - return NULL; - } - if (-1 != winner) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "multiple winners detected\n"); - return NULL; - } - price = j; - winner = i; - } - } - } + for (uint16_t j = 0; j < ad->k; j++) + { + smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k); + smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k); + gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); + if (! ec_point_cmp (sum_gamma, ec_zero)) + { + if (-1 != price) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "multiple winning prices detected\n"); + return NULL; + } + if (-1 != winner) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "multiple winners detected\n"); + return NULL; + } + price = j; + winner = i; + } + } + } - gcry_mpi_point_release (sum_gamma); - gcry_mpi_point_release (sum_phi); + gcry_mpi_point_release (sum_gamma); + gcry_mpi_point_release (sum_phi); - if (-1 == winner || -1 == price) - return NULL; + if (-1 == winner || -1 == price) + return NULL; - ret = GNUNET_new (struct BRANDT_Result); - ret->bidder = winner; - ret->price = price; - ret->status = BRANDT_bidder_won; - if (len) - *len = 1; - return ret; + ret = GNUNET_new (struct BRANDT_Result); + ret->bidder = winner; + ret->price = price; + ret->status = BRANDT_bidder_won; + if (len) + *len = 1; + return ret; } diff --git a/fp_pub.c b/fp_pub.c index c7308f6..0d5fdc9 100644 --- a/fp_pub.c +++ b/fp_pub.c @@ -32,97 +32,97 @@ void fp_pub_prep_outcome (struct BRANDT_Auction *ad) { - gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); - gcry_mpi_point_t tmp = gcry_mpi_point_new (0); - gcry_mpi_point_t *tlta1; - gcry_mpi_point_t *tltb1; - gcry_mpi_point_t **tlta2; - gcry_mpi_point_t **tltb2; + gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); + gcry_mpi_point_t tmp = gcry_mpi_point_new (0); + gcry_mpi_point_t *tlta1; + gcry_mpi_point_t *tltb1; + gcry_mpi_point_t **tlta2; + gcry_mpi_point_t **tltb2; - ad->gamma2 = smc_init2 (ad->n, ad->k); - brandt_assert (ad->gamma2); + ad->gamma2 = smc_init2 (ad->n, ad->k); + brandt_assert (ad->gamma2); - ad->delta2 = smc_init2 (ad->n, ad->k); - brandt_assert (ad->delta2); + ad->delta2 = smc_init2 (ad->n, ad->k); + brandt_assert (ad->delta2); - ad->tmpa1 = smc_init1 (ad->k); - brandt_assert (ad->tmpa1); + ad->tmpa1 = smc_init1 (ad->k); + brandt_assert (ad->tmpa1); - ad->tmpb1 = smc_init1 (ad->k); - brandt_assert (ad->tmpb1); + ad->tmpb1 = smc_init1 (ad->k); + brandt_assert (ad->tmpb1); - /* create temporary lookup tables with partial sums */ - tlta1 = smc_init1 (ad->k); - tltb1 = smc_init1 (ad->k); - tlta2 = smc_init2 (ad->n, ad->k); - tltb2 = smc_init2 (ad->n, ad->k); + /* create temporary lookup tables with partial sums */ + tlta1 = smc_init1 (ad->k); + tltb1 = smc_init1 (ad->k); + tlta2 = smc_init2 (ad->n, ad->k); + tltb2 = smc_init2 (ad->n, ad->k); - /* temporary lookup table for sum of bid vectors */ - for (uint16_t i = 0; i < ad->n; i++) - { - smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1); - smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1); - for (uint16_t j = 0; j < ad->k; j++) - { - gcry_mpi_ec_sub (tlta2[i][j], - tlta2[i][ad->k - 1], - tlta2[i][j], - ec_ctx); - gcry_mpi_ec_sub (tltb2[i][j], - tltb2[i][ad->k - 1], - tltb2[i][j], - ec_ctx); - } - brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); - brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); - } - for (uint16_t j = 0; j < ad->k; j++) - { - smc_sum (tlta1[j], &tlta2[0][j], ad->n, ad->k); - smc_sum (tltb1[j], &tltb2[0][j], ad->n, ad->k); - } - smc_free2 (tlta2, ad->n, ad->k); - smc_free2 (tltb2, ad->n, ad->k); - brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1])); - brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1])); + /* temporary lookup table for sum of bid vectors */ + for (uint16_t i = 0; i < ad->n; i++) + { + smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1); + smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1); + for (uint16_t j = 0; j < ad->k; j++) + { + gcry_mpi_ec_sub (tlta2[i][j], + tlta2[i][ad->k - 1], + tlta2[i][j], + ec_ctx); + gcry_mpi_ec_sub (tltb2[i][j], + tltb2[i][ad->k - 1], + tltb2[i][j], + ec_ctx); + } + brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); + brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); + } + for (uint16_t j = 0; j < ad->k; j++) + { + smc_sum (tlta1[j], &tlta2[0][j], ad->n, ad->k); + smc_sum (tltb1[j], &tltb2[0][j], ad->n, ad->k); + } + smc_free2 (tlta2, ad->n, ad->k); + smc_free2 (tltb2, ad->n, ad->k); + brandt_assert (! ec_point_cmp (ec_zero, tlta1[ad->k - 1])); + brandt_assert (! ec_point_cmp (ec_zero, tltb1[ad->k - 1])); - /* initialize tmp array with zeroes, since we are calculating a sum */ - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_copy (ad->tmpa1[j], ec_zero); - ec_point_copy (ad->tmpb1[j], ec_zero); - } - /* store the \sum_{i=1}^n2^{i-1}b_i in tmp1 until outcome determination, - * since it is needed each time a gamma,delta pair is received from another - * bidder */ - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - gcry_mpi_ec_mul (tmp, coeff, ad->alpha[i][j], ec_ctx); - gcry_mpi_ec_add (ad->tmpa1[j], ad->tmpa1[j], tmp, ec_ctx); - gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx); - gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx); - } - gcry_mpi_lshift (coeff, coeff, 1); - } + /* initialize tmp array with zeroes, since we are calculating a sum */ + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_copy (ad->tmpa1[j], ec_zero); + ec_point_copy (ad->tmpb1[j], ec_zero); + } + /* store the \sum_{i=1}^n2^{i-1}b_i in tmp1 until outcome determination, + * since it is needed each time a gamma,delta pair is received from another + * bidder */ + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + gcry_mpi_ec_mul (tmp, coeff, ad->alpha[i][j], ec_ctx); + gcry_mpi_ec_add (ad->tmpa1[j], ad->tmpa1[j], tmp, ec_ctx); + gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx); + gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx); + } + gcry_mpi_lshift (coeff, coeff, 1); + } - for (uint16_t j = 0; j < ad->k; j++) - { - /* copy unmasked outcome to all other bidder layers so they don't - * have to be recomputed to check the ZK proof_2dle's from other - * bidders when receiving their outcome messages */ - for (uint16_t a = 0; a < ad->n; a++) - { - ec_point_copy (ad->gamma2[a][j], tlta1[j]); - ec_point_copy (ad->delta2[a][j], tltb1[j]); - } - } + for (uint16_t j = 0; j < ad->k; j++) + { + /* copy unmasked outcome to all other bidder layers so they don't + * have to be recomputed to check the ZK proof_2dle's from other + * bidders when receiving their outcome messages */ + for (uint16_t a = 0; a < ad->n; a++) + { + ec_point_copy (ad->gamma2[a][j], tlta1[j]); + ec_point_copy (ad->delta2[a][j], tltb1[j]); + } + } - gcry_mpi_release (coeff); - gcry_mpi_point_release (tmp); - smc_free1 (tlta1, ad->k); - smc_free1 (tltb1, ad->k); + gcry_mpi_release (coeff); + gcry_mpi_point_release (tmp); + smc_free1 (tlta1, ad->k); + smc_free1 (tltb1, ad->k); } @@ -139,149 +139,149 @@ fp_pub_prep_outcome (struct BRANDT_Auction *ad) unsigned char * fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - unsigned char *cur; - gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); - gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); - struct msg_head *head; - struct ec_mpi *gamma; - struct ec_mpi *delta; - struct proof_2dle *proof2; + unsigned char *ret; + unsigned char *cur; + gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); + gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); + struct msg_head *head; + struct ec_mpi *gamma; + struct ec_mpi *delta; + struct proof_2dle *proof2; - brandt_assert (ad && buflen); + brandt_assert (ad && buflen); - *buflen = (sizeof (*head) + - ad->k * (sizeof (*gamma) + - sizeof (*delta) + - sizeof (*proof2))); - ret = GNUNET_new_array (*buflen, unsigned char); + *buflen = (sizeof (*head) + + ad->k * (sizeof (*gamma) + + sizeof (*delta) + + sizeof (*proof2))); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_outcome); - cur = ret + sizeof (*head); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_outcome); + cur = ret + sizeof (*head); - for (uint16_t j = 0; j < ad->k; j++) - { - gamma = (struct ec_mpi *)cur; - delta = &((struct ec_mpi *)cur)[1]; - proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); + for (uint16_t j = 0; j < ad->k; j++) + { + gamma = (struct ec_mpi *) cur; + delta = &((struct ec_mpi *) cur)[1]; + proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi)); - ec_point_copy (tmpa, ad->gamma2[ad->i][j]); - ec_point_copy (tmpb, ad->delta2[ad->i][j]); + ec_point_copy (tmpa, ad->gamma2[ad->i][j]); + ec_point_copy (tmpb, ad->delta2[ad->i][j]); - /* apply random masking to first summand */ - smc_zkp_2dle (ad->gamma2[ad->i][j], - ad->delta2[ad->i][j], - tmpa, - tmpb, - NULL, - proof2); + /* apply random masking to first summand */ + smc_zkp_2dle (ad->gamma2[ad->i][j], + ad->delta2[ad->i][j], + tmpa, + tmpb, + NULL, + proof2); - ec_point_serialize (gamma, ad->gamma2[ad->i][j]); - ec_point_serialize (delta, ad->delta2[ad->i][j]); + ec_point_serialize (gamma, ad->gamma2[ad->i][j]); + ec_point_serialize (delta, ad->delta2[ad->i][j]); - /* add winner determination for own gamma,delta */ - gcry_mpi_ec_add (ad->gamma2[ad->i][j], - ad->gamma2[ad->i][j], - ad->tmpa1[j], - ec_ctx); - gcry_mpi_ec_add (ad->delta2[ad->i][j], - ad->delta2[ad->i][j], - ad->tmpb1[j], - ec_ctx); + /* add winner determination for own gamma,delta */ + gcry_mpi_ec_add (ad->gamma2[ad->i][j], + ad->gamma2[ad->i][j], + ad->tmpa1[j], + ec_ctx); + gcry_mpi_ec_add (ad->delta2[ad->i][j], + ad->delta2[ad->i][j], + ad->tmpb1[j], + ec_ctx); - cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); - } + cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); + } - gcry_mpi_point_release (tmpa); - gcry_mpi_point_release (tmpb); - return ret; + gcry_mpi_point_release (tmpa); + gcry_mpi_point_release (tmpb); + return ret; } int fp_pub_recv_outcome (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - const unsigned char *cur = buf; - struct proof_2dle *proof2; - gcry_mpi_point_t gamma = gcry_mpi_point_new (0); - gcry_mpi_point_t delta = gcry_mpi_point_new (0); + int ret = 0; + const unsigned char *cur = buf; + struct proof_2dle *proof2; + gcry_mpi_point_t gamma = gcry_mpi_point_new (0); + gcry_mpi_point_t delta = gcry_mpi_point_new (0); - brandt_assert (ad && buf); + brandt_assert (ad && buf); - if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong size of received outcome\n"); - goto quit; - } + if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong size of received outcome\n"); + goto quit; + } - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_parse (gamma, (struct ec_mpi *)cur); - ec_point_parse (delta, &((struct ec_mpi *)cur)[1]); - proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); - if (smc_zkp_2dle_check (gamma, - delta, - ad->gamma2[sender][j], - ad->delta2[sender][j], - proof2)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp2 for gamma, delta received\n"); - goto quit; - } - ec_point_copy (ad->gamma2[sender][j], gamma); - ec_point_copy (ad->delta2[sender][j], delta); + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_parse (gamma, (struct ec_mpi *) cur); + ec_point_parse (delta, &((struct ec_mpi *) cur)[1]); + proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi)); + if (smc_zkp_2dle_check (gamma, + delta, + ad->gamma2[sender][j], + ad->delta2[sender][j], + proof2)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp2 for gamma, delta received\n"); + goto quit; + } + ec_point_copy (ad->gamma2[sender][j], gamma); + ec_point_copy (ad->delta2[sender][j], delta); - /* add winner determination summand */ - gcry_mpi_ec_add (ad->gamma2[sender][j], - ad->gamma2[sender][j], - ad->tmpa1[j], - ec_ctx); - gcry_mpi_ec_add (ad->delta2[sender][j], - ad->delta2[sender][j], - ad->tmpb1[j], - ec_ctx); + /* add winner determination summand */ + gcry_mpi_ec_add (ad->gamma2[sender][j], + ad->gamma2[sender][j], + ad->tmpa1[j], + ec_ctx); + gcry_mpi_ec_add (ad->delta2[sender][j], + ad->delta2[sender][j], + ad->tmpb1[j], + ec_ctx); - cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); - } + cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); + } - ret = 1; + ret = 1; quit: - gcry_mpi_point_release (gamma); - gcry_mpi_point_release (delta); - return ret; + gcry_mpi_point_release (gamma); + gcry_mpi_point_release (delta); + return ret; } void fp_pub_prep_decryption (struct BRANDT_Auction *ad) { - gcry_mpi_point_t tmp = gcry_mpi_point_new (0); + gcry_mpi_point_t tmp = gcry_mpi_point_new (0); - ad->phi2 = smc_init2 (ad->n, ad->k); - brandt_assert (ad->phi2); + ad->phi2 = smc_init2 (ad->n, ad->k); + brandt_assert (ad->phi2); - for (uint16_t j = 0; j < ad->k; j++) - { - smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k); + for (uint16_t j = 0; j < ad->k; j++) + { + smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k); - /* copy still encrypted outcome to all other bidder layers so they - * don't have to be recomputed to check the ZK proof_2dle's from - * other bidders when receiving their outcome decryption messages */ - for (uint16_t a = 0; a < ad->n; a++) - ec_point_copy (ad->phi2[a][j], tmp); - } + /* copy still encrypted outcome to all other bidder layers so they + * don't have to be recomputed to check the ZK proof_2dle's from + * other bidders when receiving their outcome decryption messages */ + for (uint16_t a = 0; a < ad->n; a++) + ec_point_copy (ad->phi2[a][j], tmp); + } - gcry_mpi_point_release (tmp); + gcry_mpi_point_release (tmp); } @@ -297,92 +297,92 @@ fp_pub_prep_decryption (struct BRANDT_Auction *ad) unsigned char * fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - unsigned char *cur; - gcry_mpi_point_t tmp = gcry_mpi_point_new (0); - struct msg_head *head; - struct ec_mpi *phi; - struct proof_2dle *proof2; + unsigned char *ret; + unsigned char *cur; + gcry_mpi_point_t tmp = gcry_mpi_point_new (0); + struct msg_head *head; + struct ec_mpi *phi; + struct proof_2dle *proof2; - brandt_assert (ad && buflen); + brandt_assert (ad && buflen); - *buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2))); - ret = GNUNET_new_array (*buflen, unsigned char); + *buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2))); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_decrypt); - cur = ret + sizeof (*head); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_decrypt); + cur = ret + sizeof (*head); - for (uint16_t j = 0; j < ad->k; j++) - { - phi = (struct ec_mpi *)cur; - proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); + for (uint16_t j = 0; j < ad->k; j++) + { + phi = (struct ec_mpi *) cur; + proof2 = (struct proof_2dle *) (cur + sizeof (*phi)); - ec_point_copy (tmp, ad->phi2[ad->i][j]); + ec_point_copy (tmp, ad->phi2[ad->i][j]); - /* decrypt outcome component and prove the correct key was used */ - smc_zkp_2dle (ad->phi2[ad->i][j], - NULL, - tmp, - ec_gen, - ad->x, - proof2); + /* decrypt outcome component and prove the correct key was used */ + smc_zkp_2dle (ad->phi2[ad->i][j], + NULL, + tmp, + ec_gen, + ad->x, + proof2); - ec_point_serialize (phi, ad->phi2[ad->i][j]); + ec_point_serialize (phi, ad->phi2[ad->i][j]); - cur += sizeof (*phi) + sizeof (*proof2); - } + cur += sizeof (*phi) + sizeof (*proof2); + } - gcry_mpi_point_release (tmp); - return ret; + gcry_mpi_point_release (tmp); + return ret; } int fp_pub_recv_decryption (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - const unsigned char *cur = buf; - struct proof_2dle *proof2; - gcry_mpi_point_t phi = gcry_mpi_point_new (0); + int ret = 0; + const unsigned char *cur = buf; + struct proof_2dle *proof2; + gcry_mpi_point_t phi = gcry_mpi_point_new (0); - brandt_assert (ad && buf); + brandt_assert (ad && buf); - if (buflen != (ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong size of received outcome decryption\n"); - goto quit; - } + if (buflen != (ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong size of received outcome decryption\n"); + goto quit; + } - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_parse (phi, (struct ec_mpi *)cur); - proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); - if (smc_zkp_2dle_check (phi, - ad->y[sender], - ad->phi2[sender][j], - ec_gen, - proof2)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp2 for phi, y received\n"); - goto quit; - } - ec_point_copy (ad->phi2[sender][j], phi); - cur += sizeof (struct ec_mpi) + sizeof (*proof2); - } + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_parse (phi, (struct ec_mpi *) cur); + proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi)); + if (smc_zkp_2dle_check (phi, + ad->y[sender], + ad->phi2[sender][j], + ec_gen, + proof2)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp2 for phi, y received\n"); + goto quit; + } + ec_point_copy (ad->phi2[sender][j], phi); + cur += sizeof (struct ec_mpi) + sizeof (*proof2); + } - ret = 1; + ret = 1; quit: - gcry_mpi_point_release (phi); - return ret; + gcry_mpi_point_release (phi); + return ret; } @@ -390,57 +390,71 @@ struct BRANDT_Result * fp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *len) { - struct BRANDT_Result *ret; - int32_t price = -1; - int32_t winner = -1; - int dlogi = -1; - gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); - gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); + struct BRANDT_Result *ret; + int32_t price = -1; + int32_t winner = -1; + int dlogi = -1; + gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); + gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); - brandt_assert (ad); + brandt_assert (ad); - for (uint16_t j = ad->k - 1; j >= 0; j--) - { - smc_sum (sum_gamma, &ad->gamma2[0][j], ad->n, ad->k); - smc_sum (sum_phi, &ad->phi2[0][j], ad->n, ad->k); - gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); - /* first non-zero component determines the price */ - if (ec_point_cmp (sum_gamma, ec_zero)) - { - price = j; - break; - } - } + for (uint16_t j = ad->k - 1; j >= 0; j--) + { + smc_sum (sum_gamma, &ad->gamma2[0][j], ad->n, ad->k); + smc_sum (sum_phi, &ad->phi2[0][j], ad->n, ad->k); + gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); + /* first non-zero component determines the price */ + if (ec_point_cmp (sum_gamma, ec_zero)) + { + price = j; + break; + } + } - dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx, sum_gamma); - brandt_assert (dlogi > 0); + { + struct GNUNET_CRYPTO_EccPoint ec_point = {0}; + gcry_mpi_t q_y; - /* all bidders participated with a multiplicative share */ - dlogi /= ad->n; + GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", sum_gamma, ec_ctx)); + q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ec_ctx, 0); + GNUNET_assert (q_y); + GNUNET_CRYPTO_mpi_print_unsigned (ec_point.v, + sizeof(ec_point.v), + q_y); + dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx, + &ec_point); + gcry_mpi_release (q_y); + } - /* can only support up to bits(dlogi) bidders */ - brandt_assert (sizeof (int) * 8 > ad->n); - for (uint16_t i = 0; i < ad->n; i++) - { - /* first set bit determines the winner */ - if (dlogi & (1 << i)) - { - winner = i; - break; - } - } + brandt_assert (dlogi > 0); - gcry_mpi_point_release (sum_gamma); - gcry_mpi_point_release (sum_phi); + /* all bidders participated with a multiplicative share */ + dlogi /= ad->n; - if (-1 == winner || -1 == price) - return NULL; + /* can only support up to bits(dlogi) bidders */ + brandt_assert (sizeof (int) * 8 > ad->n); + for (uint16_t i = 0; i < ad->n; i++) + { + /* first set bit determines the winner */ + if (dlogi & (1 << i)) + { + winner = i; + break; + } + } - ret = GNUNET_new (struct BRANDT_Result); - ret->bidder = winner; - ret->price = price; - ret->status = BRANDT_bidder_won; - if (len) - *len = 1; - return ret; + gcry_mpi_point_release (sum_gamma); + gcry_mpi_point_release (sum_phi); + + if (-1 == winner || -1 == price) + return NULL; + + ret = GNUNET_new (struct BRANDT_Result); + ret->bidder = winner; + ret->price = price; + ret->status = BRANDT_bidder_won; + if (len) + *len = 1; + return ret; } diff --git a/internals.h b/internals.h index f6b747d..c99c7a1 100644 --- a/internals.h +++ b/internals.h @@ -28,26 +28,29 @@ #include "brandt.h" -enum rounds { - msg_init = 0, - msg_bid = 1, - msg_outcome = 2, - msg_decrypt = 3, - msg_last = 4 +enum rounds +{ + msg_init = 0, + msg_bid = 1, + msg_outcome = 2, + msg_decrypt = 3, + msg_last = 4 }; -enum auction_type { - auction_firstPrice = 0, - auction_mPlusFirstPrice = 1, - auction_last = 2 +enum auction_type +{ + auction_firstPrice = 0, + auction_mPlusFirstPrice = 1, + auction_last = 2 }; -enum outcome_type { - outcome_private = 0, - outcome_public = 1, - outcome_last = 2 +enum outcome_type +{ + outcome_private = 0, + outcome_public = 1, + outcome_last = 2 }; @@ -55,15 +58,16 @@ GNUNET_NETWORK_STRUCT_BEGIN /** * Every message is prefixed with this header. - * + * * BEWARE: Introducing a 16bit length field will not work. M+1st price auctions * with private outcome send a n*n*(n-1)*k*128 = n²(n-1)*64 (for a reasonable * k-choice of 512 possible prices) byte message from the seller to all bidders * (decrypt-round). For just two bidders this is already 256k bytes, but 16bit * uint only can address 64k bytes. */ -struct msg_head { - uint32_t prot_version GNUNET_PACKED; - uint32_t msg_type GNUNET_PACKED; +struct msg_head +{ + uint32_t prot_version GNUNET_PACKED; + uint32_t msg_type GNUNET_PACKED; }; @@ -71,97 +75,99 @@ struct msg_head { * This struct describes the parameters of an auction. All fields are stored in * network byte order. */ -struct BRANDT_DescrP { - /** Starting time of the auction. Bidders have to join the auction via - * BRANDT_join until this time */ - struct GNUNET_TIME_AbsoluteNBO time_start; +struct BRANDT_DescrP +{ + /** Starting time of the auction. Bidders have to join the auction via + * BRANDT_join until this time */ + struct GNUNET_TIME_AbsoluteNBO time_start; - /** The maximum duration the participants have to complete each round. */ - struct GNUNET_TIME_RelativeNBO time_round; + /** The maximum duration the participants have to complete each round. */ + struct GNUNET_TIME_RelativeNBO time_round; - /** The amount of possible prices */ - uint16_t k GNUNET_PACKED; + /** The amount of possible prices */ + uint16_t k GNUNET_PACKED; - /** Auction type. 0 means first price Auction, >= 0 means M+1st price - * auction with an amount of m items being sold. */ - uint16_t m GNUNET_PACKED; + /** Auction type. 0 means first price Auction, >= 0 means M+1st price + * auction with an amount of m items being sold. */ + uint16_t m GNUNET_PACKED; - /** Outcome type. 0 means private outcome, everything else means public - * outcome. */ - uint16_t outcome_public GNUNET_PACKED; + /** Outcome type. 0 means private outcome, everything else means public + * outcome. */ + uint16_t outcome_public GNUNET_PACKED; - /** reserved for future use. Must be zeroed out. */ - uint16_t reserved GNUNET_PACKED; + /** reserved for future use. Must be zeroed out. */ + uint16_t reserved GNUNET_PACKED; }; GNUNET_NETWORK_STRUCT_END -struct BRANDT_Auction { - /** Starting time of the auction. Bidders have to join the auction via - * BRANDT_join until this time */ - struct GNUNET_TIME_Absolute time_start; +struct BRANDT_Auction +{ + /** Starting time of the auction. Bidders have to join the auction via + * BRANDT_join until this time */ + struct GNUNET_TIME_Absolute time_start; - /** The maximum duration the participants have to complete each round. */ - struct GNUNET_TIME_Relative time_round; + /** The maximum duration the participants have to complete each round. */ + struct GNUNET_TIME_Relative time_round; - /** Auction type. 0 means first price Auction, >= 0 means M+1st price - * auction with an amount of m items being sold. */ - uint16_t m; + /** Auction type. 0 means first price Auction, >= 0 means M+1st price + * auction with an amount of m items being sold. */ + uint16_t m; - /** Outcome type. 0 means private outcome, everything else means public - * outcome. */ - uint16_t outcome_public; + /** Outcome type. 0 means private outcome, everything else means public + * outcome. */ + uint16_t outcome_public; - /** Link to the next delayed task (auction start trigger, round trigger) */ - struct GNUNET_SCHEDULER_Task *task; + /** Link to the next delayed task (auction start trigger, round trigger) */ + struct GNUNET_SCHEDULER_Task *task; - void *closure; /** auction closure given by the user */ + void *closure; /** auction closure given by the user */ - BRANDT_CbResult result; /** result reporting callback */ - BRANDT_CbDeliver bcast; /** broadcast callback */ - BRANDT_CbDeliver ucast; /** unicast callback */ - BRANDT_CbStart start; /** start callback */ + BRANDT_CbResult result; /** result reporting callback */ + BRANDT_CbDeliver bcast; /** broadcast callback */ + BRANDT_CbDeliver ucast; /** unicast callback */ + BRANDT_CbStart start; /** start callback */ - int seller_mode; /** If 0 we are bidding, selling otherwise */ - enum rounds cur_round; /** The round we expect messages from */ - gcry_mpi_t round_progress; /** Stores which round messages were received */ + int seller_mode; /** If 0 we are bidding, selling otherwise */ + enum rounds cur_round; /** The round we expect messages from */ + gcry_mpi_t round_progress; /** Stores which round messages were received */ - uint16_t n; /** The amount of bidders/agents */ - uint16_t k; /** The amount of possible prices */ - uint16_t i; /** Own agents index, only used when bidding */ - uint16_t b; /** Own bid */ + uint16_t n; /** The amount of bidders/agents */ + uint16_t k; /** The amount of possible prices */ + uint16_t i; /** Own agents index, only used when bidding */ + uint16_t b; /** Own bid */ - gcry_mpi_t x; /** Own private additive key share */ - gcry_mpi_point_t *y; /** public multiplicative key shares, size: n */ - gcry_mpi_point_t Y; /** Shared public key */ + gcry_mpi_t x; /** Own private additive key share */ + gcry_mpi_point_t *y; /** public multiplicative key shares, size: n */ + gcry_mpi_point_t Y; /** Shared public key */ - gcry_mpi_point_t **alpha; /** alphas, size: n*k */ - gcry_mpi_point_t **beta; /** betas, size: n*k */ + gcry_mpi_point_t **alpha; /** alphas, size: n*k */ + gcry_mpi_point_t **beta; /** betas, size: n*k */ - gcry_mpi_point_t **gamma2; /** gamma2, for public outcome, size: n*k */ - gcry_mpi_point_t ***gamma3; /** gamma3, for private outcome, size: n*n*k */ - gcry_mpi_point_t **delta2; /** delta2, for public outcome, size: n*k */ - gcry_mpi_point_t ***delta3; /** delta3, for private outcome, size: n*n*k */ - gcry_mpi_point_t **phi2; /** phi2, for public outcome, size: n*k */ - gcry_mpi_point_t ***phi3; /** phi3, for private outcome, size: n*n*k */ + gcry_mpi_point_t **gamma2; /** gamma2, for public outcome, size: n*k */ + gcry_mpi_point_t ***gamma3; /** gamma3, for private outcome, size: n*n*k */ + gcry_mpi_point_t **delta2; /** delta2, for public outcome, size: n*k */ + gcry_mpi_point_t ***delta3; /** delta3, for private outcome, size: n*n*k */ + gcry_mpi_point_t **phi2; /** phi2, for public outcome, size: n*k */ + gcry_mpi_point_t ***phi3; /** phi3, for private outcome, size: n*n*k */ - /** proofs for the correctnes of the phi values, size: n*k */ - struct proof_2dle ***phiproofs2; + /** proofs for the correctnes of the phi values, size: n*k */ + struct proof_2dle ***phiproofs2; - /** proofs for the correctnes of the phi values, size: n*n*k */ - struct proof_2dle ***phiproofs3; + /** proofs for the correctnes of the phi values, size: n*n*k */ + struct proof_2dle ***phiproofs3; - gcry_mpi_point_t *tmpa1; /** used for temporary storage, size: k */ - gcry_mpi_point_t *tmpb1; /** used for temporary storage, size: k */ + gcry_mpi_point_t *tmpa1; /** used for temporary storage, size: k */ + gcry_mpi_point_t *tmpb1; /** used for temporary storage, size: k */ - /** only needed in M+1st price auctions to determine winners */ - struct GNUNET_CRYPTO_EccDlogContext *dlogctx; + /** only needed in M+1st price auctions to determine winners */ + struct GNUNET_CRYPTO_EccDlogContext *dlogctx; }; -extern gcry_ctx_t ec_ctx; +extern gcry_ctx_t ec_ctx; extern gcry_mpi_point_t ec_gen; extern gcry_mpi_point_t ec_zero; -extern gcry_mpi_t ec_n; +extern gcry_mpi_t ec_n; #endif /* ifndef _BRANDT_INTERNALS_H */ diff --git a/mp_priv.c b/mp_priv.c index 65b5cde..9c15299 100644 --- a/mp_priv.c +++ b/mp_priv.c @@ -32,121 +32,121 @@ void mp_priv_prep_outcome (struct BRANDT_Auction *ad) { - gcry_mpi_t factor = gcry_mpi_new (256); - gcry_mpi_point_t subtr = gcry_mpi_point_new (0); - gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); - gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); - gcry_mpi_point_t *tlta1; - gcry_mpi_point_t *tltb1; - gcry_mpi_point_t **tlta2; - gcry_mpi_point_t **tltb2; - gcry_mpi_point_t **tlta3; - gcry_mpi_point_t **tltb3; + gcry_mpi_t factor = gcry_mpi_new (256); + gcry_mpi_point_t subtr = gcry_mpi_point_new (0); + gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); + gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); + gcry_mpi_point_t *tlta1; + gcry_mpi_point_t *tltb1; + gcry_mpi_point_t **tlta2; + gcry_mpi_point_t **tltb2; + gcry_mpi_point_t **tlta3; + gcry_mpi_point_t **tltb3; - ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k); - brandt_assert (ad->gamma3); + ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k); + brandt_assert (ad->gamma3); - ad->delta3 = smc_init3 (ad->n, ad->n, ad->k); - brandt_assert (ad->delta3); + ad->delta3 = smc_init3 (ad->n, ad->n, ad->k); + brandt_assert (ad->delta3); - /* create temporary lookup tables with partial sums */ - tlta1 = smc_init1 (ad->k); - tltb1 = smc_init1 (ad->k); - tlta2 = smc_init2 (ad->n, ad->k); - tltb2 = smc_init2 (ad->n, ad->k); - tlta3 = smc_init2 (ad->n, ad->k); - tltb3 = smc_init2 (ad->n, ad->k); + /* create temporary lookup tables with partial sums */ + tlta1 = smc_init1 (ad->k); + tltb1 = smc_init1 (ad->k); + tlta2 = smc_init2 (ad->n, ad->k); + tltb2 = smc_init2 (ad->n, ad->k); + tlta3 = smc_init2 (ad->n, ad->k); + tltb3 = smc_init2 (ad->n, ad->k); - /* temporary lookup table for first summand (building ladder of bids) */ - for (uint16_t i = 0; i < ad->n; i++) - { - smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1); - smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1); - for (uint16_t j = 0; j < ad->k; j++) - { - gcry_mpi_ec_sub (tlta2[i][j], - tlta3[i][ad->k - 1], - tlta3[i][j], - ec_ctx); - gcry_mpi_ec_sub (tltb2[i][j], - tltb3[i][ad->k - 1], - tltb3[i][j], - ec_ctx); - } - brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); - brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); - } - for (uint16_t j = 0; j < ad->k; j++) - { - /* 2L - 2I */ - smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k); - smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k); - gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx); - gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx); + /* temporary lookup table for first summand (building ladder of bids) */ + for (uint16_t i = 0; i < ad->n; i++) + { + smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1); + smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1); + for (uint16_t j = 0; j < ad->k; j++) + { + gcry_mpi_ec_sub (tlta2[i][j], + tlta3[i][ad->k - 1], + tlta3[i][j], + ec_ctx); + gcry_mpi_ec_sub (tltb2[i][j], + tltb3[i][ad->k - 1], + tltb3[i][j], + ec_ctx); + } + brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); + brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); + } + for (uint16_t j = 0; j < ad->k; j++) + { + /* 2L - 2I */ + smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k); + smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k); + gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx); + gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx); - /* I */ - smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k); - smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k); + /* I */ + smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k); + smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k); - /* 2L - 2I + I = 2L - I */ - gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx); - gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx); - } - /* This check only works directly after the loop when tmpa/tmpb are still - * the sum of the last row */ - brandt_assert (!ec_point_cmp (tmpa, tlta1[ad->k - 1])); - brandt_assert (!ec_point_cmp (tmpb, tltb1[ad->k - 1])); + /* 2L - 2I + I = 2L - I */ + gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx); + gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx); + } + /* This check only works directly after the loop when tmpa/tmpb are still + * the sum of the last row */ + brandt_assert (! ec_point_cmp (tmpa, tlta1[ad->k - 1])); + brandt_assert (! ec_point_cmp (tmpb, tltb1[ad->k - 1])); - /* temporary lookup table for second summand (hide outcome from losers) */ - gcry_mpi_set_ui (factor, ad->m); - gcry_mpi_lshift (factor, factor, 1); - gcry_mpi_add_ui (factor, factor, 2); - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - gcry_mpi_ec_mul (tlta2[i][j], factor, tlta3[i][j], ec_ctx); - gcry_mpi_ec_mul (tltb2[i][j], factor, tltb3[i][j], ec_ctx); - } - } + /* temporary lookup table for second summand (hide outcome from losers) */ + gcry_mpi_set_ui (factor, ad->m); + gcry_mpi_lshift (factor, factor, 1); + gcry_mpi_add_ui (factor, factor, 2); + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + gcry_mpi_ec_mul (tlta2[i][j], factor, tlta3[i][j], ec_ctx); + gcry_mpi_ec_mul (tltb2[i][j], factor, tltb3[i][j], ec_ctx); + } + } - /* temporary lookup table for subtrahend (getting M+1st highest bid) */ - gcry_mpi_sub_ui (factor, factor, 1); - gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx); + /* temporary lookup table for subtrahend (getting M+1st highest bid) */ + gcry_mpi_sub_ui (factor, factor, 1); + gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx); - /* compute gamma and delta */ - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - /* compute inner gamma */ - gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); - gcry_mpi_ec_sub (tmpa, tmpa, subtr, ec_ctx); + /* compute gamma and delta */ + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + /* compute inner gamma */ + gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); + gcry_mpi_ec_sub (tmpa, tmpa, subtr, ec_ctx); - /* compute inner delta */ - gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx); + /* compute inner delta */ + gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx); - /* copy unmasked outcome to all other bidder layers so they don't - * have to be recomputed to check the ZK proof_2dle's from other - * bidders when receiving their outcome messages */ - for (uint16_t a = 0; a < ad->n; a++) - { - ec_point_copy (ad->gamma3[a][i][j], tmpa); - ec_point_copy (ad->delta3[a][i][j], tmpb); - } - } - } + /* copy unmasked outcome to all other bidder layers so they don't + * have to be recomputed to check the ZK proof_2dle's from other + * bidders when receiving their outcome messages */ + for (uint16_t a = 0; a < ad->n; a++) + { + ec_point_copy (ad->gamma3[a][i][j], tmpa); + ec_point_copy (ad->delta3[a][i][j], tmpb); + } + } + } - gcry_mpi_release (factor); - gcry_mpi_point_release (subtr); - gcry_mpi_point_release (tmpa); - gcry_mpi_point_release (tmpb); - smc_free1 (tlta1, ad->k); - smc_free1 (tltb1, ad->k); - smc_free2 (tlta2, ad->n, ad->k); - smc_free2 (tltb2, ad->n, ad->k); - smc_free2 (tlta3, ad->n, ad->k); - smc_free2 (tltb3, ad->n, ad->k); + gcry_mpi_release (factor); + gcry_mpi_point_release (subtr); + gcry_mpi_point_release (tmpa); + gcry_mpi_point_release (tmpb); + smc_free1 (tlta1, ad->k); + smc_free1 (tltb1, ad->k); + smc_free2 (tlta2, ad->n, ad->k); + smc_free2 (tltb2, ad->n, ad->k); + smc_free2 (tlta3, ad->n, ad->k); + smc_free2 (tltb3, ad->n, ad->k); } @@ -154,68 +154,68 @@ struct BRANDT_Result * mp_priv_determine_outcome (struct BRANDT_Auction *ad, uint16_t *len) { - struct BRANDT_Result *ret; - int32_t price = -1; - uint16_t winners = 0; - uint16_t max_winners; - gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); - gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); + struct BRANDT_Result *ret; + int32_t price = -1; + uint16_t winners = 0; + uint16_t max_winners; + gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); + gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); - brandt_assert (ad); + brandt_assert (ad); - max_winners = ad->seller_mode ? ad->m : 1; - ret = GNUNET_new_array (max_winners, struct BRANDT_Result); - for (uint16_t i = 0; i < ad->n; i++) - { - if (!ad->seller_mode && i != ad->i) - continue; + max_winners = ad->seller_mode ? ad->m : 1; + ret = GNUNET_new_array (max_winners, struct BRANDT_Result); + for (uint16_t i = 0; i < ad->n; i++) + { + if (! ad->seller_mode && i != ad->i) + continue; - for (uint16_t j = 0; j < ad->k; j++) - { - smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k); - smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k); - gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); - if (!ec_point_cmp (sum_gamma, ec_zero)) - { - if (winners >= max_winners) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "too many winners detected\n"); - goto fail; - } - if (-1 != price && j != price) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "multiple winning prices detected\n"); - goto fail; - } - price = j; + for (uint16_t j = 0; j < ad->k; j++) + { + smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k); + smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k); + gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); + if (! ec_point_cmp (sum_gamma, ec_zero)) + { + if (winners >= max_winners) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "too many winners detected\n"); + goto fail; + } + if (-1 != price && j != price) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "multiple winning prices detected\n"); + goto fail; + } + price = j; - ret[winners].bidder = i; - ret[winners].price = j / ad->n; - ret[winners].status = BRANDT_bidder_won; - winners++; - } - } - } + ret[winners].bidder = i; + ret[winners].price = j / ad->n; + ret[winners].status = BRANDT_bidder_won; + winners++; + } + } + } - gcry_mpi_point_release (sum_gamma); - gcry_mpi_point_release (sum_phi); + gcry_mpi_point_release (sum_gamma); + gcry_mpi_point_release (sum_phi); - if (ad->m <= ad->n && winners < max_winners && -1 != price) - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "too few winners detected\n"); - if (0 == winners) - goto fail; + if (ad->m <= ad->n && winners < max_winners && -1 != price) + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "too few winners detected\n"); + if (0 == winners) + goto fail; - if (len) - *len = winners; - return ret; + if (len) + *len = winners; + return ret; fail: - GNUNET_free (ret); - return NULL; + GNUNET_free (ret); + return NULL; } diff --git a/mp_pub.c b/mp_pub.c index 661a4de..1258374 100644 --- a/mp_pub.c +++ b/mp_pub.c @@ -32,148 +32,148 @@ void mp_pub_prep_outcome (struct BRANDT_Auction *ad) { - gcry_mpi_t factor = gcry_mpi_new (256); - gcry_mpi_point_t subtr = gcry_mpi_point_new (0); - gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); - gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); - gcry_mpi_point_t *tlta1; - gcry_mpi_point_t *tltb1; - gcry_mpi_point_t **tlta2; - gcry_mpi_point_t **tltb2; - gcry_mpi_point_t **tlta3; - gcry_mpi_point_t **tltb3; + gcry_mpi_t factor = gcry_mpi_new (256); + gcry_mpi_point_t subtr = gcry_mpi_point_new (0); + gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); + gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); + gcry_mpi_point_t *tlta1; + gcry_mpi_point_t *tltb1; + gcry_mpi_point_t **tlta2; + gcry_mpi_point_t **tltb2; + gcry_mpi_point_t **tlta3; + gcry_mpi_point_t **tltb3; - ad->gamma3 = smc_init3 (ad->n, 2, ad->k); - brandt_assert (ad->gamma3); + ad->gamma3 = smc_init3 (ad->n, 2, ad->k); + brandt_assert (ad->gamma3); - ad->delta3 = smc_init3 (ad->n, 2, ad->k); - brandt_assert (ad->delta3); + ad->delta3 = smc_init3 (ad->n, 2, ad->k); + brandt_assert (ad->delta3); - /* create temporary lookup tables with partial sums */ - tlta1 = smc_init1 (ad->k); - tltb1 = smc_init1 (ad->k); - tlta2 = smc_init2 (ad->n, ad->k); - tltb2 = smc_init2 (ad->n, ad->k); - tlta3 = smc_init2 (ad->n, ad->k); - tltb3 = smc_init2 (ad->n, ad->k); + /* create temporary lookup tables with partial sums */ + tlta1 = smc_init1 (ad->k); + tltb1 = smc_init1 (ad->k); + tlta2 = smc_init2 (ad->n, ad->k); + tltb2 = smc_init2 (ad->n, ad->k); + tlta3 = smc_init2 (ad->n, ad->k); + tltb3 = smc_init2 (ad->n, ad->k); - /* temporary lookup table for first summand (building ladder of bids) */ - for (uint16_t i = 0; i < ad->n; i++) - { - smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1); - smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1); - for (uint16_t j = 0; j < ad->k; j++) - { - gcry_mpi_ec_sub (tlta2[i][j], - tlta3[i][ad->k - 1], - tlta3[i][j], - ec_ctx); - gcry_mpi_ec_sub (tltb2[i][j], - tltb3[i][ad->k - 1], - tltb3[i][j], - ec_ctx); - } - brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); - brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); - } - for (uint16_t j = 0; j < ad->k; j++) - { - /* 2L - 2I */ - smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k); - smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k); - gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx); - gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx); + /* temporary lookup table for first summand (building ladder of bids) */ + for (uint16_t i = 0; i < ad->n; i++) + { + smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1); + smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1); + for (uint16_t j = 0; j < ad->k; j++) + { + gcry_mpi_ec_sub (tlta2[i][j], + tlta3[i][ad->k - 1], + tlta3[i][j], + ec_ctx); + gcry_mpi_ec_sub (tltb2[i][j], + tltb3[i][ad->k - 1], + tltb3[i][j], + ec_ctx); + } + brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); + brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); + } + for (uint16_t j = 0; j < ad->k; j++) + { + /* 2L - 2I */ + smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k); + smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k); + gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx); + gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx); - /* I */ - smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k); - smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k); + /* I */ + smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k); + smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k); - /* 2L - 2I + I = 2L - I */ - gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx); - gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx); - } - brandt_assert (!ec_point_cmp (tmpa, tlta1[ad->k - 1])); - brandt_assert (!ec_point_cmp (tmpb, tltb1[ad->k - 1])); + /* 2L - 2I + I = 2L - I */ + gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx); + gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx); + } + brandt_assert (! ec_point_cmp (tmpa, tlta1[ad->k - 1])); + brandt_assert (! ec_point_cmp (tmpb, tltb1[ad->k - 1])); - /* compute subtrahend: (2M+1)G */ - gcry_mpi_set_ui (factor, ad->m); - gcry_mpi_lshift (factor, factor, 1); - gcry_mpi_add_ui (factor, factor, 1); - gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx); + /* compute subtrahend: (2M+1)G */ + gcry_mpi_set_ui (factor, ad->m); + gcry_mpi_lshift (factor, factor, 1); + gcry_mpi_add_ui (factor, factor, 1); + gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx); - /* compute gamma and delta for price determination */ - for (uint16_t j = 0; j < ad->k; j++) - { - /* compute inner gamma */ - gcry_mpi_ec_sub (tmpa, tlta1[j], subtr, ec_ctx); + /* compute gamma and delta for price determination */ + for (uint16_t j = 0; j < ad->k; j++) + { + /* compute inner gamma */ + gcry_mpi_ec_sub (tmpa, tlta1[j], subtr, ec_ctx); - /* inner delta */ - ec_point_copy (tmpb, tltb1[j]); + /* inner delta */ + ec_point_copy (tmpb, tltb1[j]); - /* copy unmasked outcome to all other bidder layers so they don't - * have to be recomputed to check the ZK proof_2dle's from other - * bidders when receiving their outcome messages */ - for (uint16_t a = 0; a < ad->n; a++) - { - ec_point_copy (ad->gamma3[a][0][j], tmpa); - ec_point_copy (ad->delta3[a][0][j], tmpb); - } - } + /* copy unmasked outcome to all other bidder layers so they don't + * have to be recomputed to check the ZK proof_2dle's from other + * bidders when receiving their outcome messages */ + for (uint16_t a = 0; a < ad->n; a++) + { + ec_point_copy (ad->gamma3[a][0][j], tmpa); + ec_point_copy (ad->delta3[a][0][j], tmpb); + } + } - /* gamma and delta for winner determination: compute - * @f$\sum_{h=1}^n\sum_{d=j+1}^k2^{h-1}b_h@f and store it in every bidders gamma and - * delta, since it is needed each time a gamma,delta pair is received from - * another bidder. */ - for (uint16_t i = 0; i < ad->n; i++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - /* initialize with zeroes, since we are calculating a sum */ - ec_point_copy (ad->gamma3[i][1][j], ec_zero); - ec_point_copy (ad->delta3[i][1][j], ec_zero); - } - } - gcry_mpi_set_ui (factor, 1); - for (uint16_t h = 0; h < ad->n; h++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - for (uint16_t d = j + 1; d < ad->k; d++) - { - gcry_mpi_ec_mul (tmpa, factor, ad->alpha[h][d], ec_ctx); - gcry_mpi_ec_add (ad->gamma3[0][1][j], - ad->gamma3[0][1][j], - tmpa, - ec_ctx); - gcry_mpi_ec_mul (tmpb, factor, ad->beta[h][d], ec_ctx); - gcry_mpi_ec_add (ad->delta3[0][1][j], - ad->delta3[0][1][j], - tmpb, - ec_ctx); - } - } - gcry_mpi_lshift (factor, factor, 1); - } - /* copy component to all bidders so they don't have to be recomputed */ - for (uint16_t a = 1; a < ad->n; a++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_copy (ad->gamma3[a][1][j], ad->gamma3[0][1][j]); - ec_point_copy (ad->delta3[a][1][j], ad->delta3[0][1][j]); - } - } + /* gamma and delta for winner determination: compute + * @f$\sum_{h=1}^n\sum_{d=j+1}^k2^{h-1}b_h@f and store it in every bidders gamma and + * delta, since it is needed each time a gamma,delta pair is received from + * another bidder. */ + for (uint16_t i = 0; i < ad->n; i++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + /* initialize with zeroes, since we are calculating a sum */ + ec_point_copy (ad->gamma3[i][1][j], ec_zero); + ec_point_copy (ad->delta3[i][1][j], ec_zero); + } + } + gcry_mpi_set_ui (factor, 1); + for (uint16_t h = 0; h < ad->n; h++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + for (uint16_t d = j + 1; d < ad->k; d++) + { + gcry_mpi_ec_mul (tmpa, factor, ad->alpha[h][d], ec_ctx); + gcry_mpi_ec_add (ad->gamma3[0][1][j], + ad->gamma3[0][1][j], + tmpa, + ec_ctx); + gcry_mpi_ec_mul (tmpb, factor, ad->beta[h][d], ec_ctx); + gcry_mpi_ec_add (ad->delta3[0][1][j], + ad->delta3[0][1][j], + tmpb, + ec_ctx); + } + } + gcry_mpi_lshift (factor, factor, 1); + } + /* copy component to all bidders so they don't have to be recomputed */ + for (uint16_t a = 1; a < ad->n; a++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_copy (ad->gamma3[a][1][j], ad->gamma3[0][1][j]); + ec_point_copy (ad->delta3[a][1][j], ad->delta3[0][1][j]); + } + } - gcry_mpi_release (factor); - gcry_mpi_point_release (subtr); - gcry_mpi_point_release (tmpa); - gcry_mpi_point_release (tmpb); - smc_free1 (tlta1, ad->k); - smc_free1 (tltb1, ad->k); - smc_free2 (tlta2, ad->n, ad->k); - smc_free2 (tltb2, ad->n, ad->k); - smc_free2 (tlta3, ad->n, ad->k); - smc_free2 (tltb3, ad->n, ad->k); + gcry_mpi_release (factor); + gcry_mpi_point_release (subtr); + gcry_mpi_point_release (tmpa); + gcry_mpi_point_release (tmpb); + smc_free1 (tlta1, ad->k); + smc_free1 (tltb1, ad->k); + smc_free2 (tlta2, ad->n, ad->k); + smc_free2 (tltb2, ad->n, ad->k); + smc_free2 (tlta3, ad->n, ad->k); + smc_free2 (tltb3, ad->n, ad->k); } @@ -189,156 +189,156 @@ mp_pub_prep_outcome (struct BRANDT_Auction *ad) unsigned char * mp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - unsigned char *cur; - struct msg_head *head; - gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); - gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); - struct ec_mpi *gamma; - struct ec_mpi *delta; - struct proof_2dle *proof2; + unsigned char *ret; + unsigned char *cur; + struct msg_head *head; + gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); + gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); + struct ec_mpi *gamma; + struct ec_mpi *delta; + struct proof_2dle *proof2; - brandt_assert (ad && buflen); + brandt_assert (ad && buflen); - *buflen = (sizeof (*head) + /* msg header */ - ad->k * /* k * (gamma, delta, proof2) */ - (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); - ret = GNUNET_new_array (*buflen, unsigned char); + *buflen = (sizeof (*head) /* msg header */ + + ad->k /* k * (gamma, delta, proof2) */ + * (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_outcome); - cur = ret + sizeof (*head); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_outcome); + cur = ret + sizeof (*head); - for (uint16_t j = 0; j < ad->k; j++) - { - gamma = (struct ec_mpi *)cur; - delta = &((struct ec_mpi *)cur)[1]; - proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); + for (uint16_t j = 0; j < ad->k; j++) + { + gamma = (struct ec_mpi *) cur; + delta = &((struct ec_mpi *) cur)[1]; + proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi)); - /* only send the price determination gamma,delta pair, since the winner - * determination pair can and will be computed by the receiver */ - ec_point_copy (tmpa, ad->gamma3[ad->i][0][j]); - ec_point_copy (tmpb, ad->delta3[ad->i][0][j]); + /* only send the price determination gamma,delta pair, since the winner + * determination pair can and will be computed by the receiver */ + ec_point_copy (tmpa, ad->gamma3[ad->i][0][j]); + ec_point_copy (tmpb, ad->delta3[ad->i][0][j]); - /* apply random masking for losing bidders */ - smc_zkp_2dle (ad->gamma3[ad->i][0][j], - ad->delta3[ad->i][0][j], - tmpa, - tmpb, - NULL, - proof2); + /* apply random masking for losing bidders */ + smc_zkp_2dle (ad->gamma3[ad->i][0][j], + ad->delta3[ad->i][0][j], + tmpa, + tmpb, + NULL, + proof2); - ec_point_serialize (gamma, ad->gamma3[ad->i][0][j]); - ec_point_serialize (delta, ad->delta3[ad->i][0][j]); + ec_point_serialize (gamma, ad->gamma3[ad->i][0][j]); + ec_point_serialize (delta, ad->delta3[ad->i][0][j]); - /* compute own winner determination gamma,delta pair */ - gcry_mpi_ec_add (ad->gamma3[ad->i][1][j], - ad->gamma3[ad->i][0][j], - ad->gamma3[ad->i][1][j], - ec_ctx); - gcry_mpi_ec_add (ad->delta3[ad->i][1][j], - ad->delta3[ad->i][0][j], - ad->delta3[ad->i][1][j], - ec_ctx); + /* compute own winner determination gamma,delta pair */ + gcry_mpi_ec_add (ad->gamma3[ad->i][1][j], + ad->gamma3[ad->i][0][j], + ad->gamma3[ad->i][1][j], + ec_ctx); + gcry_mpi_ec_add (ad->delta3[ad->i][1][j], + ad->delta3[ad->i][0][j], + ad->delta3[ad->i][1][j], + ec_ctx); - cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); - } + cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); + } - gcry_mpi_point_release (tmpa); - gcry_mpi_point_release (tmpb); - return ret; + gcry_mpi_point_release (tmpa); + gcry_mpi_point_release (tmpb); + return ret; } int mp_pub_recv_outcome (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - const unsigned char *cur = buf; - struct proof_2dle *proof2; - gcry_mpi_point_t gamma = gcry_mpi_point_new (0); - gcry_mpi_point_t delta = gcry_mpi_point_new (0); + int ret = 0; + const unsigned char *cur = buf; + struct proof_2dle *proof2; + gcry_mpi_point_t gamma = gcry_mpi_point_new (0); + gcry_mpi_point_t delta = gcry_mpi_point_new (0); - brandt_assert (ad && buf); + brandt_assert (ad && buf); - if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "wrong size of received outcome\n"); - goto quit; - } + if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "wrong size of received outcome\n"); + goto quit; + } - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_parse (gamma, (struct ec_mpi *)cur); - ec_point_parse (delta, &((struct ec_mpi *)cur)[1]); - proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); - if (smc_zkp_2dle_check (gamma, - delta, - ad->gamma3[sender][0][j], - ad->delta3[sender][0][j], - proof2)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "wrong zkp2 for gamma, delta received\n"); - goto quit; - } - ec_point_copy (ad->gamma3[sender][0][j], gamma); - ec_point_copy (ad->delta3[sender][0][j], delta); + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_parse (gamma, (struct ec_mpi *) cur); + ec_point_parse (delta, &((struct ec_mpi *) cur)[1]); + proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi)); + if (smc_zkp_2dle_check (gamma, + delta, + ad->gamma3[sender][0][j], + ad->delta3[sender][0][j], + proof2)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "wrong zkp2 for gamma, delta received\n"); + goto quit; + } + ec_point_copy (ad->gamma3[sender][0][j], gamma); + ec_point_copy (ad->delta3[sender][0][j], delta); - /* compute winner determination gamma,delta pair */ - gcry_mpi_ec_add (ad->gamma3[sender][1][j], - ad->gamma3[sender][0][j], - ad->gamma3[sender][1][j], - ec_ctx); - gcry_mpi_ec_add (ad->delta3[sender][1][j], - ad->delta3[sender][0][j], - ad->delta3[sender][1][j], - ec_ctx); + /* compute winner determination gamma,delta pair */ + gcry_mpi_ec_add (ad->gamma3[sender][1][j], + ad->gamma3[sender][0][j], + ad->gamma3[sender][1][j], + ec_ctx); + gcry_mpi_ec_add (ad->delta3[sender][1][j], + ad->delta3[sender][0][j], + ad->delta3[sender][1][j], + ec_ctx); - cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); - } + cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); + } - ret = 1; + ret = 1; quit: - gcry_mpi_point_release (gamma); - gcry_mpi_point_release (delta); - return ret; + gcry_mpi_point_release (gamma); + gcry_mpi_point_release (delta); + return ret; } void mp_pub_prep_decryption (struct BRANDT_Auction *ad) { - gcry_mpi_point_t tmp_price = gcry_mpi_point_new (0); - gcry_mpi_point_t tmp_winner = gcry_mpi_point_new (0); + gcry_mpi_point_t tmp_price = gcry_mpi_point_new (0); + gcry_mpi_point_t tmp_winner = gcry_mpi_point_new (0); - ad->phi3 = smc_init3 (ad->n, 2, ad->k); - brandt_assert (ad->phi3); + ad->phi3 = smc_init3 (ad->n, 2, ad->k); + brandt_assert (ad->phi3); - for (uint16_t j = 0; j < ad->k; j++) - { - smc_sum (tmp_price, &ad->delta3[0][0][j], ad->n, 2 * ad->k); - smc_sum (tmp_winner, &ad->delta3[0][1][j], ad->n, 2 * ad->k); + for (uint16_t j = 0; j < ad->k; j++) + { + smc_sum (tmp_price, &ad->delta3[0][0][j], ad->n, 2 * ad->k); + smc_sum (tmp_winner, &ad->delta3[0][1][j], ad->n, 2 * ad->k); - /* copy still encrypted outcome to all other bidder layers so they - * don't have to be recomputed to check the ZK proof_2dle's from - * other bidders when receiving their outcome decryption messages */ - for (uint16_t a = 0; a < ad->n; a++) - { - ec_point_copy (ad->phi3[a][0][j], tmp_price); - ec_point_copy (ad->phi3[a][1][j], tmp_winner); - } - } + /* copy still encrypted outcome to all other bidder layers so they + * don't have to be recomputed to check the ZK proof_2dle's from + * other bidders when receiving their outcome decryption messages */ + for (uint16_t a = 0; a < ad->n; a++) + { + ec_point_copy (ad->phi3[a][0][j], tmp_price); + ec_point_copy (ad->phi3[a][1][j], tmp_winner); + } + } - gcry_mpi_point_release (tmp_price); - gcry_mpi_point_release (tmp_winner); + gcry_mpi_point_release (tmp_price); + gcry_mpi_point_release (tmp_winner); } @@ -354,101 +354,101 @@ mp_pub_prep_decryption (struct BRANDT_Auction *ad) unsigned char * mp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) { - unsigned char *ret; - unsigned char *cur; - gcry_mpi_point_t tmp = gcry_mpi_point_new (0); - struct msg_head *head; - struct ec_mpi *phi; - struct proof_2dle *proof2; + unsigned char *ret; + unsigned char *cur; + gcry_mpi_point_t tmp = gcry_mpi_point_new (0); + struct msg_head *head; + struct ec_mpi *phi; + struct proof_2dle *proof2; - brandt_assert (ad && buflen); + brandt_assert (ad && buflen); - *buflen = (sizeof (*head) + 2 * ad->k * (sizeof (*phi) + sizeof (*proof2))); - ret = GNUNET_new_array (*buflen, unsigned char); + *buflen = (sizeof (*head) + 2 * ad->k * (sizeof (*phi) + sizeof (*proof2))); + ret = GNUNET_new_array (*buflen, unsigned char); - head = (struct msg_head *)ret; - head->prot_version = htonl (0); - head->msg_type = htonl (msg_decrypt); - cur = ret + sizeof (*head); + head = (struct msg_head *) ret; + head->prot_version = htonl (0); + head->msg_type = htonl (msg_decrypt); + cur = ret + sizeof (*head); - /* decrypt price and winner components */ - for (uint16_t comp = 0; comp < 2; comp++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - phi = (struct ec_mpi *)cur; - proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); + /* decrypt price and winner components */ + for (uint16_t comp = 0; comp < 2; comp++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + phi = (struct ec_mpi *) cur; + proof2 = (struct proof_2dle *) (cur + sizeof (*phi)); - ec_point_copy (tmp, ad->phi3[ad->i][comp][j]); + ec_point_copy (tmp, ad->phi3[ad->i][comp][j]); - /* decrypt outcome component and prove the correct key was used */ - smc_zkp_2dle (ad->phi3[ad->i][comp][j], - NULL, - tmp, - ec_gen, - ad->x, - proof2); + /* decrypt outcome component and prove the correct key was used */ + smc_zkp_2dle (ad->phi3[ad->i][comp][j], + NULL, + tmp, + ec_gen, + ad->x, + proof2); - ec_point_serialize (phi, ad->phi3[ad->i][comp][j]); + ec_point_serialize (phi, ad->phi3[ad->i][comp][j]); - cur += sizeof (*phi) + sizeof (*proof2); - } - } + cur += sizeof (*phi) + sizeof (*proof2); + } + } - gcry_mpi_point_release (tmp); - return ret; + gcry_mpi_point_release (tmp); + return ret; } int mp_pub_recv_decryption (struct BRANDT_Auction *ad, const unsigned char *buf, - size_t buflen, - uint16_t sender) + size_t buflen, + uint16_t sender) { - int ret = 0; - const unsigned char *cur = buf; - struct proof_2dle *proof2; - gcry_mpi_point_t phi = gcry_mpi_point_new (0); + int ret = 0; + const unsigned char *cur = buf; + struct proof_2dle *proof2; + gcry_mpi_point_t phi = gcry_mpi_point_new (0); - brandt_assert (ad && buf); + brandt_assert (ad && buf); - if (buflen != (2 * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong size of received outcome decryption\n"); - goto quit; - } + if (buflen != (2 * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong size of received outcome decryption\n"); + goto quit; + } - /* handle received price and winner components */ - for (uint16_t comp = 0; comp < 2; comp++) - { - for (uint16_t j = 0; j < ad->k; j++) - { - ec_point_parse (phi, (struct ec_mpi *)cur); - proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); + /* handle received price and winner components */ + for (uint16_t comp = 0; comp < 2; comp++) + { + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_parse (phi, (struct ec_mpi *) cur); + proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi)); - if (smc_zkp_2dle_check (phi, - ad->y[sender], - ad->phi3[sender][comp][j], - ec_gen, - proof2)) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "libbrandt", - "wrong zkp2 for phi, y received\n"); - goto quit; - } - ec_point_copy (ad->phi3[sender][comp][j], phi); - cur += sizeof (struct ec_mpi) + sizeof (*proof2); - } - } + if (smc_zkp_2dle_check (phi, + ad->y[sender], + ad->phi3[sender][comp][j], + ec_gen, + proof2)) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "libbrandt", + "wrong zkp2 for phi, y received\n"); + goto quit; + } + ec_point_copy (ad->phi3[sender][comp][j], phi); + cur += sizeof (struct ec_mpi) + sizeof (*proof2); + } + } - ret = 1; + ret = 1; quit: - gcry_mpi_point_release (phi); - return ret; + gcry_mpi_point_release (phi); + return ret; } @@ -456,83 +456,96 @@ struct BRANDT_Result * mp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *len) { - struct BRANDT_Result *ret; - int32_t price = -1; - uint16_t cur_winner = 0; - int dlogi = -1; - gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); - gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); + struct BRANDT_Result *ret; + int32_t price = -1; + uint16_t cur_winner = 0; + int dlogi = -1; + gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); + gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); - brandt_assert (ad); + brandt_assert (ad); - for (uint16_t j = ad->k - 1; j >= 0; j--) - { - smc_sum (sum_gamma, &ad->gamma3[0][0][j], ad->n, 2 * ad->k); - smc_sum (sum_phi, &ad->phi3[0][0][j], ad->n, 2 * ad->k); - gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); - /* first zero component determines the price */ - if (!ec_point_cmp (sum_gamma, ec_zero)) - { - price = j; - break; - } - } + for (uint16_t j = ad->k - 1; j >= 0; j--) + { + smc_sum (sum_gamma, &ad->gamma3[0][0][j], ad->n, 2 * ad->k); + smc_sum (sum_phi, &ad->phi3[0][0][j], ad->n, 2 * ad->k); + gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); + /* first zero component determines the price */ + if (! ec_point_cmp (sum_gamma, ec_zero)) + { + price = j; + break; + } + } - if (-1 == price) - return NULL; + if (-1 == price) + return NULL; - /* extract winners point for the winning price */ - smc_sum (sum_gamma, &ad->gamma3[0][1][price], ad->n, 2 * ad->k); - smc_sum (sum_phi, &ad->phi3[0][1][price], ad->n, 2 * ad->k); - gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); + /* extract winners point for the winning price */ + smc_sum (sum_gamma, &ad->gamma3[0][1][price], ad->n, 2 * ad->k); + smc_sum (sum_phi, &ad->phi3[0][1][price], ad->n, 2 * ad->k); + gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); - dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx, sum_gamma); - brandt_assert (dlogi > 0); + { + struct GNUNET_CRYPTO_EccPoint ec_point = {0}; + gcry_mpi_t q_y; - /* all bidders participated with a multiplicative share */ - dlogi /= ad->n; + GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", sum_gamma, ec_ctx)); + q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ec_ctx, 0); + GNUNET_assert (q_y); + GNUNET_CRYPTO_mpi_print_unsigned (ec_point.v, + sizeof(ec_point.v), + q_y); + dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx, + &ec_point); + gcry_mpi_release (q_y); + } + brandt_assert (dlogi > 0); - price = price / ad->n; - ret = GNUNET_new_array (ad->m, struct BRANDT_Result); + /* all bidders participated with a multiplicative share */ + dlogi /= ad->n; - /* can only support up to bits(dlogi) bidders */ - brandt_assert (sizeof (int) * 8 > ad->n); - for (uint16_t i = 0; i < ad->n; i++) - { - /* a set bit determines a winner */ - if (dlogi & (1 << i)) - { - if (cur_winner >= ad->m) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "too many winners detected\n"); - GNUNET_free (ret); - ret = NULL; - goto quit; - } + price = price / ad->n; + ret = GNUNET_new_array (ad->m, struct BRANDT_Result); - ret[cur_winner].bidder = i; - ret[cur_winner].price = price; - ret[cur_winner].status = BRANDT_bidder_won; - cur_winner++; - } - } + /* can only support up to bits(dlogi) bidders */ + brandt_assert (sizeof (int) * 8 > ad->n); + for (uint16_t i = 0; i < ad->n; i++) + { + /* a set bit determines a winner */ + if (dlogi & (1 << i)) + { + if (cur_winner >= ad->m) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "too many winners detected\n"); + GNUNET_free (ret); + ret = NULL; + goto quit; + } - if (cur_winner != ad->m) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, - "libbrandt", - "too few winners detected\n"); - GNUNET_free (ret); - ret = NULL; - goto quit; - } + ret[cur_winner].bidder = i; + ret[cur_winner].price = price; + ret[cur_winner].status = BRANDT_bidder_won; + cur_winner++; + } + } - if (len) - *len = ad->m; + if (cur_winner != ad->m) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, + "libbrandt", + "too few winners detected\n"); + GNUNET_free (ret); + ret = NULL; + goto quit; + } + + if (len) + *len = ad->m; quit: - gcry_mpi_point_release (sum_gamma); - gcry_mpi_point_release (sum_phi); - return ret; + gcry_mpi_point_release (sum_gamma); + gcry_mpi_point_release (sum_phi); + return ret; } diff --git a/replay.c b/replay.c index 5a81526..04d1feb 100644 --- a/replay.c +++ b/replay.c @@ -24,7 +24,7 @@ #include #include -#include +#include #include #include "brandt.h" @@ -33,92 +33,93 @@ struct msg { - uint16_t sender; - void *buf; - size_t buf_len; + uint16_t sender; + void *buf; + size_t buf_len; }; /* This is basically BRANDT_Result with an extra string field */ struct result { - uint16_t bidder; - uint16_t price_idx; - const char *price; + uint16_t bidder; + uint16_t price_idx; + const char *price; }; struct transcript { - // All fields from json come here. - uint16_t n; // #bidders + 1 - uint16_t k; // #prices - uint16_t m; // type of auction - struct GNUNET_TIME_Absolute time_start; - struct GNUNET_TIME_Relative time_round; - bool public; - char **prices; // Must be of length k. We do not parse those - struct msg *msgs; // Array must be of length 4*n + // All fields from json come here. + uint16_t n; // #bidders + 1 + uint16_t k; // #prices + uint16_t m; // type of auction + struct GNUNET_TIME_Absolute time_start; + struct GNUNET_TIME_Relative time_round; + bool public; + char **prices; // Must be of length k. We do not parse those + struct msg *msgs; // Array must be of length 4*n - struct BRANDT_Auction *auction; + struct BRANDT_Auction *auction; - struct result *results; - size_t results_len; - struct result *expected; - size_t expected_len; - uint16_t id; - struct GNUNET_CRYPTO_EccDlogContext *edc; + struct result *results; + size_t results_len; + struct result *expected; + size_t expected_len; + uint16_t id; + struct GNUNET_CRYPTO_EccDlogContext *edc; }; -static struct transcript tr; +/* static struct transcript tr; */ static void print_result (struct transcript *tr, char *error) { - json_t *output; - json_t *results; + json_t *output; + json_t *results; - if (NULL != error) - { - output = json_pack ("{s:s}", "error", error); - GNUNET_assert (output); + if (NULL != error) + { + output = json_pack ("{s:s}", "error", error); + GNUNET_assert (output); - json_dumpfd (output, 1, JSON_INDENT (2)); - return; - } + json_dumpfd (output, 1, JSON_INDENT (2)); + return; + } - GNUNET_assert (NULL != tr); + GNUNET_assert (NULL != tr); - output = json_object (); - results = json_array (); - GNUNET_assert (output); - GNUNET_assert (results); + output = json_object (); + results = json_array (); + GNUNET_assert (output); + GNUNET_assert (results); - for (size_t i = 0; i < tr->results_len; i++) - { - json_t *result = json_pack ("{s:i, s:s}", - "bidder", tr->results[i].bidder, - "price", tr->results[i].price); - GNUNET_assert (result); + for (size_t i = 0; i < tr->results_len; i++) + { + json_t *result = json_pack ("{s:i, s:i, s:s}", + "bidder", tr->results[i].bidder, + "price_idx", tr->results[i].price_idx, + "price", tr->results[i].price); + GNUNET_assert (result); - GNUNET_assert (-1 != - json_array_append_new (results, result)); - } + GNUNET_assert (-1 != + json_array_append_new (results, result)); + } - GNUNET_assert (-1 != - json_object_set_new (output, - "winners", - results)); + GNUNET_assert (-1 != + json_object_set_new (output, + "winners", + results)); - { - FILE *f = fdopen (1, "w"); - GNUNET_assert(f); + { + FILE *f = fdopen (1, "w"); + GNUNET_assert (f); - json_dumpf (output, f, JSON_INDENT (2)); - fflush (f); - } + json_dumpf (output, f, JSON_INDENT (2)); + fflush (f); + } - json_decref (output); + json_decref (output); } @@ -127,336 +128,336 @@ cb_result (void *arg, struct BRANDT_Result results[], uint16_t results_len) { - struct transcript *tr = (struct transcript *) arg; - tr->results = GNUNET_new_array (results_len, struct result); - tr->results_len = results_len; + struct transcript *tr = (struct transcript *) arg; + tr->results = GNUNET_new_array (results_len, struct result); + tr->results_len = results_len; - for (uint16_t i = 0; i < results_len; i++) - { - GNUNET_log ( - GNUNET_ERROR_TYPE_INFO, - "REPLAY [seller] computed result is: bidder %d got status %d with price %d (%s)\n", - results[i].bidder, - results[i].status, - results[i].price, - tr->prices[results[i].price]); + for (uint16_t i = 0; i < results_len; i++) + { + GNUNET_log ( + GNUNET_ERROR_TYPE_INFO, + "REPLAY [seller] computed result is: bidder %d got status %d with price %d (%s)\n", + results[i].bidder, + results[i].status, + results[i].price, + tr->prices[results[i].price]); - tr->results[i].bidder = results[i].bidder; - tr->results[i].price_idx = results[i].price; - tr->results[i].price = tr->prices[results[i].price]; - } + tr->results[i].bidder = results[i].bidder; + tr->results[i].price_idx = results[i].price; + tr->results[i].price = tr->prices[results[i].price]; + } - for (uint16_t i = 0; i < tr->expected_len; i++) - { - GNUNET_log ( - GNUNET_ERROR_TYPE_INFO, - "REPLAY [seller] expected result is: bidder %d wins with price %d (%s)\n", - tr->expected[i].bidder, - tr->expected[i].price_idx, - tr->expected[i].price); - } + for (uint16_t i = 0; i < tr->expected_len; i++) + { + GNUNET_log ( + GNUNET_ERROR_TYPE_INFO, + "REPLAY [seller] expected result is: bidder %d wins with price %d (%s)\n", + tr->expected[i].bidder, + tr->expected[i].price_idx, + tr->expected[i].price); + } - print_result (tr, NULL); - // TODO: compare computed and expected results! + print_result (tr, NULL); + // TODO: compare computed and expected results! } static uint16_t cb_start (void *auction_closure) { - struct transcript *tr = (struct transcript *) auction_closure; - struct cls - { - size_t i; - struct transcript *tr; - }; + struct transcript *tr = (struct transcript *) auction_closure; + struct cls + { + size_t i; + struct transcript *tr; + }; - void - resend (void *x) - { - struct cls c = *(struct cls *) x; - struct msg m = c.tr->msgs[c.i]; - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "REPLAY sending msg no. %ld, length %ld\n", c.i, m.buf_len); - BRANDT_got_message (c.tr->auction, m.sender, m.buf, m.buf_len); - } + void + resend (void *x) + { + struct cls c = *(struct cls *) x; + struct msg m = c.tr->msgs[c.i]; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "REPLAY sending msg no. %ld, length %ld\n", c.i, m.buf_len); + BRANDT_got_message (c.tr->auction, m.sender, m.buf, m.buf_len); + } - GNUNET_log (GNUNET_ERROR_TYPE_INFO, "REPLAY start replay auction\n"); - for (size_t i = 0; i < 4 * tr->n; i++) - { - struct cls *c = GNUNET_new (struct cls); - c->i = i; - c->tr = tr; - GNUNET_SCHEDULER_add_now (&resend, (void *) c); - } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "REPLAY start replay auction\n"); + for (size_t i = 0; i < 4 * tr->n; i++) + { + struct cls *c = GNUNET_new (struct cls); + c->i = i; + c->tr = tr; + GNUNET_SCHEDULER_add_now (&resend, (void *) c); + } - return tr->n; + return tr->n; } static void replay_transcript (void *arg) { - struct transcript *tr = (struct transcript *) arg; - void *desc; - size_t desc_len; + struct transcript *tr = (struct transcript *) arg; + void *desc; + size_t desc_len; - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "REPLAY calling BRANDT_new with %s outcome.\n", - tr->public ? "public" : "private"); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "REPLAY calling BRANDT_new with %s outcome.\n", + tr->public ? "public" : "private"); - tr->auction = BRANDT_new (&cb_result, - NULL, - &cb_start, - tr, - &desc, - &desc_len, - GNUNET_TIME_absolute_get (), - tr->time_round, - tr->k, /* number of prizes */ - tr->m, /* m */ - tr->public, /* outcome public */ - tr->public ? tr->edc : NULL); - if (!tr->auction) - { - print_result (NULL, "REPLAY BRANDT_new() failed."); - _exit (1); - } + tr->auction = BRANDT_new (&cb_result, + NULL, + &cb_start, + tr, + &desc, + &desc_len, + GNUNET_TIME_absolute_get (), + tr->time_round, + tr->k, /* number of prizes */ + tr->m, /* m */ + tr->public, /* outcome public */ + tr->public ? tr->edc : NULL); + if (! tr->auction) + { + print_result (NULL, "REPLAY BRANDT_new() failed."); + _exit (1); + } } void parse_json_stdin (struct transcript *tr) { - json_error_t jerror; - json_t *jtr; - struct GNUNET_CRYPTO_EddsaSignature sig; + json_error_t jerror; + json_t *jtr; + /* struct GNUNET_CRYPTO_EddsaSignature sig; */ - jtr = json_loadfd (0, - JSON_REJECT_DUPLICATES, - &jerror); + jtr = json_loadfd (0, + JSON_REJECT_DUPLICATES, + &jerror); - if (!jtr) - { - char err[4096]; - snprintf (err, - sizeof(err), - "failed to parse json: %s in line %d, column %d (pos %d)", - jerror.text, jerror.line, jerror.column, jerror.position); - print_result (NULL, err); - _exit (1); - } + if (! jtr) + { + char err[4096]; + snprintf (err, + sizeof(err), + "failed to parse json: %s in line %d, column %d (pos %d)", + jerror.text, jerror.line, jerror.column, jerror.position); + print_result (NULL, err); + _exit (1); + } - { - json_t *auc; - char *perr; - unsigned int eline; - struct GNUNET_JSON_Specification au_spec[] = { - GNUNET_JSON_spec_bool ("public", &tr->public), - GNUNET_JSON_spec_uint16 ("type", &tr->m), - GNUNET_JSON_spec_end () - }; + { + json_t *auc; + char *perr; + unsigned int eline; + struct GNUNET_JSON_Specification au_spec[] = { + GNUNET_JSON_spec_bool ("outcome_public", &tr->public), + GNUNET_JSON_spec_uint16 ("auction_type", &tr->m), + GNUNET_JSON_spec_end () + }; - auc = json_object_get (jtr, "auction"); - if (NULL == auc) - { - print_result (NULL, - "no auction found in input"); - _exit (1); - } + auc = json_object_get (jtr, "auction"); + if (NULL == auc) + { + print_result (NULL, + "no auction found in input"); + _exit (1); + } - GNUNET_assert (GNUNET_OK == - GNUNET_JSON_parse (auc, - au_spec, - (const char **) &perr, - &eline)); + GNUNET_assert (GNUNET_OK == + GNUNET_JSON_parse (auc, + au_spec, + (const char **) &perr, + &eline)); - // Prices... - { - json_t *prices = json_object_get (auc, "prices"); - size_t idx; - json_t *val; + // Prices... + { + json_t *prices = json_object_get (auc, "prices"); + size_t idx; + json_t *val; - if (!json_is_array (prices)) - { - print_result (NULL, - "no prices found in input"); - _exit (1); - } + if (! json_is_array (prices)) + { + print_result (NULL, + "no prices found in input"); + _exit (1); + } - tr->k = json_array_size (prices); - tr->prices = GNUNET_new_array (tr->k, char *); - json_array_foreach (prices, idx, val) - { - if (!json_is_string (val)) - { - char err[256]; - snprintf (err, - sizeof(err), - "price %ld is not a string\n", idx); - print_result (NULL, - err); - _exit (1); - } - tr->prices[idx] = (char *) json_string_value (val); - } + tr->k = json_array_size (prices); + tr->prices = GNUNET_new_array (tr->k, char *); + json_array_foreach (prices, idx, val) + { + if (! json_is_string (val)) + { + char err[256]; + snprintf (err, + sizeof(err), + "price %ld is not a string\n", idx); + print_result (NULL, + err); + _exit (1); + } + tr->prices[idx] = (char *) json_string_value (val); + } - } + } - } + } - // Bidders - { - json_t *bidders; + // Bidders + { + json_t *bidders; - bidders = json_object_get (jtr, "bidders"); - if (!bidders || !json_is_array (bidders)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "bidders missing or not an array\n"); - print_result (NULL, "bidders missing or not an array"); - _exit (1); - } + bidders = json_object_get (jtr, "bidders"); + if (! bidders || ! json_is_array (bidders)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "bidders missing or not an array\n"); + print_result (NULL, "bidders missing or not an array"); + _exit (1); + } - tr->n = json_array_size (bidders); - } + tr->n = json_array_size (bidders); + } - // Messages - { - json_t *messages; - size_t nm; - size_t idx; - json_t *val; + // Messages + { + json_t *messages; + size_t nm; + size_t idx; + json_t *val; - messages = json_object_get (jtr, "transcript"); - if (!json_is_array (messages)) - { - print_result (NULL, "transcript missing or not an array"); - _exit (1); - } + messages = json_object_get (jtr, "transcript"); + if (! json_is_array (messages)) + { + print_result (NULL, "transcript missing or not an array"); + _exit (1); + } - nm = json_array_size (messages); + nm = json_array_size (messages); - if (nm != (4 * tr->n)) - { - print_result (NULL, "wrong number of messages in transript"); - _exit (1); - } + if (nm != (4 * tr->n)) + { + print_result (NULL, "wrong number of messages in transript"); + _exit (1); + } - tr->msgs = GNUNET_new_array (nm, struct msg); + tr->msgs = GNUNET_new_array (nm, struct msg); - json_array_foreach (messages, idx, val) { - char *error; - uint16_t sender; - void *msg; - size_t size; - struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_uint16 ("bidder", - &sender), - GNUNET_JSON_spec_varsize ("msg", - &msg, - &size), - GNUNET_JSON_spec_end () - }; + json_array_foreach (messages, idx, val) { + char *error; + uint16_t sender; + void *msg; + size_t size; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_uint16 ("bidder", + &sender), + GNUNET_JSON_spec_varsize ("msg", + &msg, + &size), + GNUNET_JSON_spec_end () + }; - if (GNUNET_OK != - GNUNET_JSON_parse (val, - spec, - (const char**) &error, - NULL)) - { - char err[4096]; - snprintf (err, - sizeof(err), - "error parsing message[%ld] in transcript: %s", - idx, - error); - print_result (NULL, err); - _exit (1); - } + if (GNUNET_OK != + GNUNET_JSON_parse (val, + spec, + (const char**) &error, + NULL)) + { + char err[4096]; + snprintf (err, + sizeof(err), + "error parsing message[%ld] in transcript: %s", + idx, + error); + print_result (NULL, err); + _exit (1); + } - tr->msgs[idx].sender = sender; - tr->msgs[idx].buf = msg; - tr->msgs[idx].buf_len = size; - } + tr->msgs[idx].sender = sender; + tr->msgs[idx].buf = msg; + tr->msgs[idx].buf_len = size; + } - } + } - // Winners - { - json_t *winners; - size_t idx; - json_t *val; + // Winners + { + json_t *winners; + size_t idx; + json_t *val; - winners = json_object_get (jtr, "winners"); + winners = json_object_get (jtr, "winners"); - if (!json_is_array (winners)) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "winners not provided, continuing without\n"); - goto CONT; - } + if (! json_is_array (winners)) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "winners not provided, continuing without\n"); + goto CONT; + } - tr->expected_len = json_array_size (winners); - tr->expected = GNUNET_new_array (tr->expected_len, - struct result); + tr->expected_len = json_array_size (winners); + tr->expected = GNUNET_new_array (tr->expected_len, + struct result); - json_array_foreach (winners, idx, val) { - char *error; + json_array_foreach (winners, idx, val) { + char *error; - struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_uint16 ("bidder", - &(tr->expected[idx].bidder)), - GNUNET_JSON_spec_uint16 ("price_idx", - &(tr->expected[idx].price_idx)), - GNUNET_JSON_spec_string ("price", - &(tr->expected[idx].price)), - GNUNET_JSON_spec_end () - }; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_uint16 ("bidder", + &(tr->expected[idx].bidder)), + GNUNET_JSON_spec_uint16 ("price_idx", + &(tr->expected[idx].price_idx)), + GNUNET_JSON_spec_string ("price", + &(tr->expected[idx].price)), + GNUNET_JSON_spec_end () + }; - if (GNUNET_OK != - GNUNET_JSON_parse (val, - spec, - (const char**) &error, - NULL)) - { - char err[4096]; - snprintf (err, - sizeof(err), - "error parsing winners[%ld] in transcript: %s", - idx, - error); + if (GNUNET_OK != + GNUNET_JSON_parse (val, + spec, + (const char**) &error, + NULL)) + { + char err[4096]; + snprintf (err, + sizeof(err), + "error parsing winners[%ld] in transcript: %s", + idx, + error); - _exit (1); - } + _exit (1); + } - } + } CONT: - } + } } int main (int argc, char *argv[]) { - int ret = 0; - struct transcript tr = {0}; + int ret = 0; + struct transcript tr = {0}; - if (GNUNET_OK != GNUNET_log_setup ("replay", "INFO", NULL)) - return 1; + if (GNUNET_OK != GNUNET_log_setup ("replay", "INFO", NULL)) + return 1; - BRANDT_init (); + BRANDT_init (); - parse_json_stdin (&tr); - tr.edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024 * 1024 * 40, 1024); - GNUNET_SCHEDULER_run (&replay_transcript, &tr); - GNUNET_CRYPTO_ecc_dlog_release (tr.edc); - GNUNET_free (tr.msgs); + parse_json_stdin (&tr); + tr.edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024 * 1024 * 40, 1024); + GNUNET_SCHEDULER_run (&replay_transcript, &tr); + GNUNET_CRYPTO_ecc_dlog_release (tr.edc); + GNUNET_free (tr.msgs); - return ret; + return ret; } diff --git a/test.h b/test.h index 369b302..03c7977 100644 --- a/test.h +++ b/test.h @@ -27,10 +27,11 @@ int tests_run = 0; int ret = 0; -#define CHECK(cond, message) do { if (!(cond)) { fputs (message, stderr); fputc ( \ - '\n', \ - stderr); return 0; \ - } } while (0) -#define RUN(test) do { if (!test ()) { ret = 1; } } while (0) +#define CHECK(cond, message) do { if (! (cond)) { fputs (message, stderr); \ + fputc ( \ + '\n', \ + stderr); return 0; \ + } } while (0) +#define RUN(test) do { if (! test ()) { ret = 1; } } while (0) #endif // ifndef _BRANDT_TEST_H diff --git a/test_brandt.c b/test_brandt.c index af725df..1f41ef9 100644 --- a/test_brandt.c +++ b/test_brandt.c @@ -1,5 +1,5 @@ /* This file is part of libbrandt. - * Copyright (C) 2016 GNUnet e.V. + * Copyright (C) 2016,2023-2024 GNUnet e.V. * * libbrandt is free software: you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software @@ -18,6 +18,7 @@ * @file test_brandt.c * @brief testing API functions. * @author Markus Teich + * @author Özgür Kesim */ #include "platform.h" @@ -34,33 +35,33 @@ struct msg { - uint16_t sender; - uint16_t receiver; - void *buf; - size_t buf_len; + uint16_t sender; + uint16_t receiver; + void *buf; + size_t buf_len; }; struct testcase { - uint16_t n; - uint16_t k; - uint16_t *bids; - uint16_t m; - uint16_t outcome_public; - uint16_t ret; - struct BRANDT_Auction **ad; - uint16_t *id; - uint16_t *result_called; + uint16_t n; + uint16_t k; + uint16_t *bids; + uint16_t m; + uint16_t outcome_public; + uint16_t ret; + struct BRANDT_Auction **ad; + uint16_t *id; + uint16_t *result_called; - /* key material for signatures */ - struct GNUNET_CRYPTO_EddsaPrivateKey *prv; - struct GNUNET_CRYPTO_EddsaPublicKey *pub; + /* key material for signatures */ + struct GNUNET_CRYPTO_EddsaPrivateKey *prv; + struct GNUNET_CRYPTO_EddsaPublicKey *pub; - struct msg **tr; /* transcript of the messages */ - size_t tr_idx; - struct BRANDT_Auction *rad; /* auction for replay */ - struct BRANDT_Result *res; /* result for transcript */ - size_t res_len; + struct msg **tr; /* transcript of the messages */ + size_t tr_idx; + struct BRANDT_Auction *rad; /* auction for replay */ + struct BRANDT_Result *res; /* result for transcript */ + size_t res_len; }; @@ -70,167 +71,167 @@ static struct GNUNET_CRYPTO_EccDlogContext *edc; static struct BRANDT_Result * expected_outcome (uint16_t i, uint16_t *rlen) { - struct BRANDT_Result *ret = NULL; - int32_t highest_bidder = -1; - int32_t highest_bid = -1; - int32_t mpf_highest_bidder; - int32_t mpf_highest_bid = -1; - int32_t prev_mpf_highest_bidder = -1; - uint16_t winners = MIN (tcase.m, tcase.n); - uint16_t cur_winner = 0; + struct BRANDT_Result *ret = NULL; + int32_t highest_bidder = -1; + int32_t highest_bid = -1; + int32_t mpf_highest_bidder; + int32_t mpf_highest_bid = -1; + int32_t prev_mpf_highest_bidder = -1; + uint16_t winners = MIN (tcase.m, tcase.n); + uint16_t cur_winner = 0; - *rlen = 0; + *rlen = 0; - if (0 == tcase.n) - return NULL; + if (0 == tcase.n) + return NULL; - if (0 == tcase.m) - { - for (uint16_t h = 0; h < tcase.n; h++) - if (tcase.bids[h] > highest_bid) - highest_bid = tcase.bids[highest_bidder = h]; + if (0 == tcase.m) + { + for (uint16_t h = 0; h < tcase.n; h++) + if (tcase.bids[h] > highest_bid) + highest_bid = tcase.bids[highest_bidder = h]; - if (!tcase.outcome_public && !(i == highest_bidder || i == tcase.n)) - return NULL; + if (! tcase.outcome_public && ! (i == highest_bidder || i == tcase.n)) + return NULL; - ret = GNUNET_new (struct BRANDT_Result); - ret->bidder = highest_bidder; - ret->price = highest_bid; - ret->status = BRANDT_bidder_won; - *rlen = 1; - return ret; - } + ret = GNUNET_new (struct BRANDT_Result); + ret->bidder = highest_bidder; + ret->price = highest_bid; + ret->status = BRANDT_bidder_won; + *rlen = 1; + return ret; + } - /* fewer bidders than needed -> everyone wins with lowest price */ - if (tcase.n <= tcase.m) - { - if (tcase.outcome_public || i == tcase.n) - { - ret = GNUNET_new_array ((*rlen = tcase.n), struct BRANDT_Result); - for (uint16_t h = 0; h < tcase.n; h++) - { - ret[h].bidder = h; - ret[h].price = 0; - ret[h].status = BRANDT_bidder_won; - } - } - else - { - ret = GNUNET_new (struct BRANDT_Result); - ret->bidder = i; - ret->price = 0; - ret->status = BRANDT_bidder_won; - *rlen = 1; - } - return ret; - } + /* fewer bidders than needed -> everyone wins with lowest price */ + if (tcase.n <= tcase.m) + { + if (tcase.outcome_public || i == tcase.n) + { + ret = GNUNET_new_array ((*rlen = tcase.n), struct BRANDT_Result); + for (uint16_t h = 0; h < tcase.n; h++) + { + ret[h].bidder = h; + ret[h].price = 0; + ret[h].status = BRANDT_bidder_won; + } + } + else + { + ret = GNUNET_new (struct BRANDT_Result); + ret->bidder = i; + ret->price = 0; + ret->status = BRANDT_bidder_won; + *rlen = 1; + } + return ret; + } - /* find M+1st highest bidder to determine selling price */ - for (uint16_t h = 0; h < tcase.n; h++) - if (tcase.bids[h] > mpf_highest_bid) - mpf_highest_bid = tcase.bids[prev_mpf_highest_bidder = h]; - for (uint16_t m = 0; m < MIN (tcase.m, tcase.n - 1); m++) - { - mpf_highest_bidder = -1; - mpf_highest_bid = -1; - for (uint16_t h = 0; h < tcase.n; h++) - { - if (tcase.bids[h] > mpf_highest_bid && - (tcase.bids[h] < tcase.bids[prev_mpf_highest_bidder] || - (tcase.bids[h] == tcase.bids[prev_mpf_highest_bidder] && - h > prev_mpf_highest_bidder))) - { - mpf_highest_bid = tcase.bids[mpf_highest_bidder = h]; - } - } - prev_mpf_highest_bidder = mpf_highest_bidder; - } + /* find M+1st highest bidder to determine selling price */ + for (uint16_t h = 0; h < tcase.n; h++) + if (tcase.bids[h] > mpf_highest_bid) + mpf_highest_bid = tcase.bids[prev_mpf_highest_bidder = h]; + for (uint16_t m = 0; m < MIN (tcase.m, tcase.n - 1); m++) + { + mpf_highest_bidder = -1; + mpf_highest_bid = -1; + for (uint16_t h = 0; h < tcase.n; h++) + { + if (tcase.bids[h] > mpf_highest_bid && + (tcase.bids[h] < tcase.bids[prev_mpf_highest_bidder] || + (tcase.bids[h] == tcase.bids[prev_mpf_highest_bidder] && + h > prev_mpf_highest_bidder))) + { + mpf_highest_bid = tcase.bids[mpf_highest_bidder = h]; + } + } + prev_mpf_highest_bidder = mpf_highest_bidder; + } - /* for simplicity always locate the big block if we need to report at - * least one winner. with private outcome for losing bidders or winners - * only none or one element will be used respectively. */ - if (tcase.outcome_public || i == tcase.n || - tcase.bids[i] > mpf_highest_bid || - (tcase.bids[i] == mpf_highest_bid && i < mpf_highest_bidder)) - ret = GNUNET_new_array (winners, struct BRANDT_Result); + /* for simplicity always locate the big block if we need to report at + * least one winner. with private outcome for losing bidders or winners + * only none or one element will be used respectively. */ + if (tcase.outcome_public || i == tcase.n || + tcase.bids[i] > mpf_highest_bid || + (tcase.bids[i] == mpf_highest_bid && i < mpf_highest_bidder)) + ret = GNUNET_new_array (winners, struct BRANDT_Result); - /* report winners */ - for (uint16_t h = 0; h < tcase.n; h++) - { - if (((tcase.bids[h] == mpf_highest_bid && h < mpf_highest_bidder) || - tcase.bids[h] > mpf_highest_bid) && /* h is a winner */ - (tcase.outcome_public || i == h || i == tcase.n)) /* needs report */ - { - if (cur_winner >= winners) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "got too many winners\n"); - _exit (1); - } - ret[cur_winner].bidder = h; - ret[cur_winner].price = mpf_highest_bid; - ret[cur_winner].status = BRANDT_bidder_won; - cur_winner++; - } - } - *rlen = cur_winner; - return ret; + /* report winners */ + for (uint16_t h = 0; h < tcase.n; h++) + { + if (((tcase.bids[h] == mpf_highest_bid && h < mpf_highest_bidder) || + tcase.bids[h] > mpf_highest_bid) && /* h is a winner */ + (tcase.outcome_public || i == h || i == tcase.n)) /* needs report */ + { + if (cur_winner >= winners) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "got too many winners\n"); + _exit (1); + } + ret[cur_winner].bidder = h; + ret[cur_winner].price = mpf_highest_bid; + ret[cur_winner].status = BRANDT_bidder_won; + cur_winner++; + } + } + *rlen = cur_winner; + return ret; } static void bidder_start (void *arg) { - uint16_t i = *(uint16_t *) arg; + uint16_t i = *(uint16_t *) arg; - GNUNET_log (GNUNET_ERROR_TYPE_INFO, "starting bidder %d\n", i); - BRANDT_bidder_start (tcase.ad[i], i, tcase.n); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "starting bidder %d\n", i); + BRANDT_bidder_start (tcase.ad[i], i, tcase.n); } static void transfer_message (void *arg) { - struct msg *m = (struct msg *) arg; - struct msg_head *h = (struct msg_head *) m->buf; + struct msg *m = (struct msg *) arg; + struct msg_head *h = (struct msg_head *) m->buf; - GNUNET_log (GNUNET_ERROR_TYPE_INFO, "xfer msg %d %p from %d to %d\n", - ntohl (h->msg_type), arg, m->sender, m->receiver); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "xfer msg %d %p from %d to %d\n", + ntohl (h->msg_type), arg, m->sender, m->receiver); - /** keep a transcript as the seller **/ - if (tcase.n == m->receiver) - { - struct msg *m2 = GNUNET_new (struct msg); + /** keep a transcript as the seller **/ + if (tcase.n == m->receiver) + { + struct msg *m2 = GNUNET_new (struct msg); - m2->sender = m->sender; - m2->buf_len = m->buf_len; - m2->buf = GNUNET_malloc (m->buf_len); - GNUNET_memcpy (m2->buf, m->buf, m->buf_len); - tcase.tr[tcase.tr_idx++] = m2; - } + m2->sender = m->sender; + m2->buf_len = m->buf_len; + m2->buf = GNUNET_malloc (m->buf_len); + GNUNET_memcpy (m2->buf, m->buf, m->buf_len); + tcase.tr[tcase.tr_idx++] = m2; + } - BRANDT_got_message (tcase.ad[m->receiver], m->sender, m->buf, m->buf_len); + BRANDT_got_message (tcase.ad[m->receiver], m->sender, m->buf, m->buf_len); - GNUNET_free (m->buf); - GNUNET_free (m); + GNUNET_free (m->buf); + GNUNET_free (m); } static uint16_t cb_start (void *auction_closure) { - uint16_t *s = (uint16_t *) auction_closure; + uint16_t *s = (uint16_t *) auction_closure; - if (tcase.n != *s) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "start callback called from bidder\n"); - _exit (1); - } + if (tcase.n != *s) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "start callback called from bidder\n"); + _exit (1); + } - for (uint16_t i = 0; i < tcase.n; i++) - GNUNET_SCHEDULER_add_now (&bidder_start, &tcase.id[i]); + for (uint16_t i = 0; i < tcase.n; i++) + GNUNET_SCHEDULER_add_now (&bidder_start, &tcase.id[i]); - return tcase.n; + return tcase.n; } @@ -239,22 +240,22 @@ cb_broadcast (void *auction_closure, const void *msg, size_t msg_len) { - uint16_t *s = (uint16_t *) auction_closure; - struct msg *m; + uint16_t *s = (uint16_t *) auction_closure; + struct msg *m; - for (uint16_t i = 0; i <= tcase.n; i++) - { - if (i == *s) - continue; - m = GNUNET_new (struct msg); - m->sender = *s; - m->receiver = i; - m->buf = GNUNET_new_array (msg_len, unsigned char); - memcpy (m->buf, msg, msg_len); - m->buf_len = msg_len; - GNUNET_SCHEDULER_add_now (&transfer_message, m); - } - return 0; + for (uint16_t i = 0; i <= tcase.n; i++) + { + if (i == *s) + continue; + m = GNUNET_new (struct msg); + m->sender = *s; + m->receiver = i; + m->buf = GNUNET_new_array (msg_len, unsigned char); + memcpy (m->buf, msg, msg_len); + m->buf_len = msg_len; + GNUNET_SCHEDULER_add_now (&transfer_message, m); + } + return 0; } @@ -263,155 +264,155 @@ cb_unicast (void *auction_closure, const void *msg, size_t msg_len) { - uint16_t *s = (uint16_t *) auction_closure; - struct msg *m; + uint16_t *s = (uint16_t *) auction_closure; + struct msg *m; - m = GNUNET_new (struct msg); - m->sender = *s; - m->receiver = tcase.n; /* == seller */ - m->buf = GNUNET_new_array (msg_len, unsigned char); - memcpy (m->buf, msg, msg_len); - m->buf_len = msg_len; - GNUNET_SCHEDULER_add_now (&transfer_message, m); + m = GNUNET_new (struct msg); + m->sender = *s; + m->receiver = tcase.n; /* == seller */ + m->buf = GNUNET_new_array (msg_len, unsigned char); + memcpy (m->buf, msg, msg_len); + m->buf_len = msg_len; + GNUNET_SCHEDULER_add_now (&transfer_message, m); - return 0; + return 0; } static void -cb_result (void *auction_closure, +cb_result (void *auction_closure, struct BRANDT_Result results[], uint16_t results_len) { - uint16_t *s = (uint16_t *) auction_closure; - uint16_t mustlen = -1; - struct BRANDT_Result *must = expected_outcome (*s, &mustlen); + uint16_t *s = (uint16_t *) auction_closure; + uint16_t mustlen = -1; + struct BRANDT_Result *must = expected_outcome (*s, &mustlen); - if (mustlen != results_len) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "expected result len is: %d\n", - mustlen); - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "computed result len is: %d (by agent %d)\n", - results_len, - *s); - tcase.ret = 1; - goto quit; - } + if (mustlen != results_len) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "expected result len is: %d\n", + mustlen); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "computed result len is: %d (by agent %d)\n", + results_len, + *s); + tcase.ret = 1; + goto quit; + } - if (0 == results_len && NULL != must) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "expected result is: %p\n", - (void *) must); - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "computed result is: (nil) (by agent %d)\n", - *s); + if (0 == results_len && NULL != must) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "expected result is: %p\n", + (void *) must); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "computed result is: (nil) (by agent %d)\n", + *s); - tcase.ret = 1; - } + tcase.ret = 1; + } - for (uint16_t i = 0; i < results_len; i++) - { - GNUNET_log ( - GNUNET_ERROR_TYPE_INFO, - "[%s] expected result is: bidder %d got status %d with price %d\n", - tcase.n == *s ? "seller" : "bidder", - must[i].bidder, - must[i].status, - must[i].price); - GNUNET_log ( - GNUNET_ERROR_TYPE_INFO, - "[%s] computed result is: bidder %d got status %d with price %d (by agent %d)\n", - tcase.n == *s ? "seller" : "bidder", - results[i].bidder, - results[i].status, - results[i].price, - *s); + for (uint16_t i = 0; i < results_len; i++) + { + GNUNET_log ( + GNUNET_ERROR_TYPE_INFO, + "[%s] expected result is: bidder %d got status %d with price %d\n", + tcase.n == *s ? "seller" : "bidder", + must[i].bidder, + must[i].status, + must[i].price); + GNUNET_log ( + GNUNET_ERROR_TYPE_INFO, + "[%s] computed result is: bidder %d got status %d with price %d (by agent %d)\n", + tcase.n == *s ? "seller" : "bidder", + results[i].bidder, + results[i].status, + results[i].price, + *s); - if (NULL == must || - must[i].bidder != results[i].bidder || - must[i].status != results[i].status || - must[i].price != results[i].price) - tcase.ret = 1; - } + if (NULL == must || + must[i].bidder != results[i].bidder || + must[i].status != results[i].status || + must[i].price != results[i].price) + tcase.ret = 1; + } - if (*s == tcase.n) - { - /* save the results of the seller */ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Saving results, len %d\n", - results_len); - tcase.res = results; - tcase.res_len = results_len; - } + if (*s == tcase.n) + { + /* save the results of the seller */ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Saving results, len %d\n", + results_len); + tcase.res = results; + tcase.res_len = results_len; + } quit: - tcase.result_called[*s] = 1; - if (must) - GNUNET_free (must); + tcase.result_called[*s] = 1; + if (must) + GNUNET_free (must); } static void run_auction (void *arg) { - void *desc; - size_t desc_len; + void *desc; + size_t desc_len; - tcase.ad[tcase.n] = BRANDT_new (&cb_result, - &cb_broadcast, - &cb_start, - &tcase.id[tcase.n], - &desc, - &desc_len, - GNUNET_TIME_absolute_get (), - GNUNET_TIME_UNIT_MINUTES, - tcase.k, /* number of prizes */ - tcase.m, /* m */ - tcase.outcome_public, /* outcome public */ - tcase.outcome_public ? edc : NULL); - if (!tcase.ad[tcase.n]) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_new() failed.\n"); - _exit (1); - } + tcase.ad[tcase.n] = BRANDT_new (&cb_result, + &cb_broadcast, + &cb_start, + &tcase.id[tcase.n], + &desc, + &desc_len, + GNUNET_TIME_absolute_get (), + GNUNET_TIME_UNIT_MINUTES, + tcase.k, /* number of prizes */ + tcase.m, /* m */ + tcase.outcome_public, /* outcome public */ + tcase.outcome_public ? edc : NULL); + if (! tcase.ad[tcase.n]) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_new() failed.\n"); + _exit (1); + } - for (uint16_t i = 0; i < tcase.n; i++) - { - tcase.ad[i] = BRANDT_join (&cb_result, - &cb_broadcast, - &cb_unicast, - &tcase.id[i], - desc, - desc_len, - tcase.bids[i], /* bid */ - tcase.outcome_public ? edc : NULL); - if (!tcase.ad[i]) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_join() failed.\n"); - tcase.ret = 1; - return; - } + for (uint16_t i = 0; i < tcase.n; i++) + { + tcase.ad[i] = BRANDT_join (&cb_result, + &cb_broadcast, + &cb_unicast, + &tcase.id[i], + desc, + desc_len, + tcase.bids[i], /* bid */ + tcase.outcome_public ? edc : NULL); + if (! tcase.ad[i]) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_join() failed.\n"); + tcase.ret = 1; + return; + } - if (tcase.ad[tcase.n]->k != tcase.ad[i]->k || - tcase.ad[tcase.n]->m != tcase.ad[i]->m || - tcase.ad[tcase.n]->outcome_public != tcase.ad[i]->outcome_public || - tcase.ad[tcase.n]->time_start.abs_value_us - != tcase.ad[i]->time_start.abs_value_us || - tcase.ad[tcase.n]->time_round.rel_value_us - != tcase.ad[i]->time_round.rel_value_us || - !tcase.ad[tcase.n]->seller_mode || /* todo: split out */ - tcase.ad[i]->seller_mode) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "error/mismatch in basic auction data\n"); - tcase.ret = 1; - return; - } - } + if (tcase.ad[tcase.n]->k != tcase.ad[i]->k || + tcase.ad[tcase.n]->m != tcase.ad[i]->m || + tcase.ad[tcase.n]->outcome_public != tcase.ad[i]->outcome_public || + tcase.ad[tcase.n]->time_start.abs_value_us + != tcase.ad[i]->time_start.abs_value_us || + tcase.ad[tcase.n]->time_round.rel_value_us + != tcase.ad[i]->time_round.rel_value_us || + ! tcase.ad[tcase.n]->seller_mode || /* todo: split out */ + tcase.ad[i]->seller_mode) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "error/mismatch in basic auction data\n"); + tcase.ret = 1; + return; + } + } } @@ -420,288 +421,290 @@ tr_result (void *auction_closure, struct BRANDT_Result results[], uint16_t results_len) { - uint16_t *s = (uint16_t *) auction_closure; - uint16_t mustlen = -1; - struct BRANDT_Result *must = expected_outcome (*s, &mustlen); + uint16_t *s = (uint16_t *) auction_closure; + uint16_t mustlen = -1; + struct BRANDT_Result *must = expected_outcome (*s, &mustlen); - if (mustlen != results_len) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "expected result len is: %d\n", - mustlen); - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "computed result len is: %d (by seller)\n", - results_len); - tcase.ret = 1; - goto quit; - } + if (mustlen != results_len) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "expected result len is: %d\n", + mustlen); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "computed result len is: %d (by seller)\n", + results_len); + tcase.ret = 1; + goto quit; + } - if (0 == results_len && NULL != must) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "expected result is: %p\n", - (void *) must); - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "computed result is: (nil) (by seller)\n"); + if (0 == results_len && NULL != must) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "expected result is: %p\n", + (void *) must); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "computed result is: (nil) (by seller)\n"); - tcase.ret = 1; - } + tcase.ret = 1; + } - for (uint16_t i = 0; i < results_len; i++) - { - GNUNET_log ( - GNUNET_ERROR_TYPE_INFO, - "REPLAY [seller] expected result is: bidder %d got status %d with price %d\n", - must[i].bidder, - must[i].status, - must[i].price); - GNUNET_log ( - GNUNET_ERROR_TYPE_INFO, - "REPLAY [seller] computed result is: bidder %d got status %d with price %d\n", - results[i].bidder, - results[i].status, - results[i].price); + for (uint16_t i = 0; i < results_len; i++) + { + GNUNET_log ( + GNUNET_ERROR_TYPE_INFO, + "REPLAY [seller] expected result is: bidder %d got status %d with price %d\n", + must[i].bidder, + must[i].status, + must[i].price); + GNUNET_log ( + GNUNET_ERROR_TYPE_INFO, + "REPLAY [seller] computed result is: bidder %d got status %d with price %d\n", + results[i].bidder, + results[i].status, + results[i].price); - if (NULL == must || - must[i].bidder != results[i].bidder || - must[i].status != results[i].status || - must[i].price != results[i].price) - tcase.ret = 1; - } + if (NULL == must || + must[i].bidder != results[i].bidder || + must[i].status != results[i].status || + must[i].price != results[i].price) + tcase.ret = 1; + } quit: - tcase.result_called[*s] = 1; - if (must) - GNUNET_free (must); + tcase.result_called[*s] = 1; + if (must) + GNUNET_free (must); +} + + +static void +resend (void *x) +{ + size_t i = (size_t) x; + struct msg *m = tcase.tr[i]; + if (NULL == m) + { + dprintf (2, "REPLAY skipping empty msg no. %ld\n", i); + return; + } + dprintf (2, "REPLAY sent msg no. %ld\n", i); + BRANDT_got_message (tcase.rad, m->sender, m->buf, m->buf_len); } static uint16_t tr_start (void *auction_closure) { - void - resend (void *x) - { - size_t i = (size_t) x; - struct msg *m = tcase.tr[i]; - if (NULL == m) - { - dprintf (2, "REPLAY skipping empty msg no. %ld\n", i); - return; - } - dprintf (2, "REPLAY sent msg no. %ld\n", i); - BRANDT_got_message (tcase.rad, m->sender, m->buf, m->buf_len); - } + dprintf (2, "REPLAY start resend auction\n"); + for (size_t i = 0; i < 4 * tcase.n; i++) + GNUNET_SCHEDULER_add_now (&resend, (void *) i); - dprintf (2, "REPLAY start replay auction\n"); - for (size_t i = 0; i < 4 * tcase.n; i++) - GNUNET_SCHEDULER_add_now (&resend, (void *) i); - - return tcase.n; + return tcase.n; } struct some_sig { - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - struct GNUNET_HashCode hc GNUNET_PACKED; + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_HashCode hc GNUNET_PACKED; }; static void print_transcript (uint32_t highestprice) { - struct BRANDT_Auction *ad = tcase.ad[tcase.n]; - json_t *root; - json_t *auction; - json_t *prices; - json_t *bidders; - json_t *sigs; - json_t *transcript; - json_t *winners; - struct GNUNET_HashCode hc; - struct some_sig p = { .purpose.size = htonl (sizeof(struct some_sig)) }; - char price[256]; + struct BRANDT_Auction *ad = tcase.ad[tcase.n]; + json_t *root; + json_t *auction; + json_t *prices; + json_t *bidders; + json_t *sigs; + json_t *transcript; + json_t *winners; + struct GNUNET_HashCode hc; + struct some_sig p = { .purpose.size = htonl (sizeof(struct some_sig)) }; + char price[256]; - prices = json_array (); - GNUNET_assert (prices); + prices = json_array (); + GNUNET_assert (prices); - for (size_t p = 0; p < tcase.k; p++) - { - sprintf (price, "EUR:%d", highestprice--); - GNUNET_assert ( - -1 != json_array_append_new ( - prices, - json_string (price))); - } + for (size_t p = 0; p < tcase.k; p++) + { + sprintf (price, "EUR:%d", highestprice--); + GNUNET_assert ( + -1 != json_array_append_new ( + prices, + json_string (price))); + } - auction = json_pack ("{s:{s:o}, s:{s:o}, s:i, s:b, s:o, s:s, s:s}", - "time_start", "t_s", json_integer ( - ad->time_start.abs_value_us / 1000LL), - "time_round", "d_us", json_integer ( - ad->time_round.rel_value_us), - "type", ad->m, - "is_public", ad->outcome_public == 0 ? json_false () : json_true (), - "prices", prices, - "payto_uri", "payto://some/iban", - "pubkey", GNUNET_CRYPTO_eddsa_public_key_to_string ( - &tcase.pub[tcase.n])); - GNUNET_assert (auction); + auction = json_pack ("{s:{s:o}, s:{s:o}, s:i, s:b, s:o, s:s, s:s}", + "time_start", "t_s", json_integer ( + ad->time_start.abs_value_us / 1000LL), + "time_round", "d_us", json_integer ( + ad->time_round.rel_value_us), + "auction_type", ad->m, + "outcome_public", ad->outcome_public == 0 ? + json_false () : json_true (), + "prices", prices, + "payto_uri", "payto://some/iban", + "pubkey", GNUNET_CRYPTO_eddsa_public_key_to_string ( + &tcase.pub[tcase.n])); + GNUNET_assert (auction); - bidders = json_array (); - GNUNET_assert (bidders); + bidders = json_array (); + GNUNET_assert (bidders); - for (size_t b = 0; b < tcase.n; b++) - { - char *ps = GNUNET_CRYPTO_eddsa_public_key_to_string (&tcase.pub[b]); - GNUNET_assert (-1 != - json_array_append_new (bidders, - json_string (ps))); - } + for (size_t b = 0; b < tcase.n; b++) + { + char *ps = GNUNET_CRYPTO_eddsa_public_key_to_string (&tcase.pub[b]); + GNUNET_assert (-1 != + json_array_append_new (bidders, + json_string (ps))); + } - // Add signatures form each bidder for the auction. - sigs = json_array (); - GNUNET_assert (sigs); - { - char *auc_js = json_dumps (auction, JSON_COMPACT); - GNUNET_CRYPTO_hash (auc_js, - strlen (auc_js), - &hc); + // Add signatures form each bidder for the auction. + sigs = json_array (); + GNUNET_assert (sigs); + { + char *auc_js = json_dumps (auction, JSON_COMPACT); + GNUNET_CRYPTO_hash (auc_js, + strlen (auc_js), + &hc); - p.purpose.purpose = htonl (23); - p.hc = hc; + p.purpose.purpose = htonl (23); + p.hc = hc; - for (size_t b = 0; b < tcase.n; b++) - { - struct GNUNET_CRYPTO_EddsaSignature sig; - GNUNET_CRYPTO_eddsa_sign (&tcase.prv[b], - &p, - &sig); - GNUNET_assert (-1 != - json_array_append_new ( - sigs, - GNUNET_JSON_from_data_auto (&sig))); - } - } + for (size_t b = 0; b < tcase.n; b++) + { + struct GNUNET_CRYPTO_EddsaSignature sig; + GNUNET_CRYPTO_eddsa_sign (&tcase.prv[b], + &p, + &sig); + GNUNET_assert (-1 != + json_array_append_new ( + sigs, + GNUNET_JSON_from_data_auto (&sig))); + } + } - transcript = json_array (); - GNUNET_assert (transcript); + transcript = json_array (); + GNUNET_assert (transcript); - for (size_t i = 0; i < 4 * tcase.n; i++) - { - json_t *entry; - struct msg *msg = tcase.tr[i]; - struct GNUNET_CRYPTO_EddsaSignature sig; + for (size_t i = 0; i < 4 * tcase.n; i++) + { + json_t *entry; + struct msg *msg = tcase.tr[i]; + struct GNUNET_CRYPTO_EddsaSignature sig; - if (NULL == msg) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "skipping NULL msg[%ld]\n", i); - continue; - } + if (NULL == msg) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "skipping NULL msg[%ld]\n", i); + continue; + } - GNUNET_assert (msg); + GNUNET_assert (msg); - GNUNET_CRYPTO_hash (msg->buf, msg->buf_len, &hc); + GNUNET_CRYPTO_hash (msg->buf, msg->buf_len, &hc); - p.purpose.purpose = htonl (42); - p.hc = hc; + p.purpose.purpose = htonl (42); + p.hc = hc; - GNUNET_CRYPTO_eddsa_sign ( - &tcase.prv[msg->sender], - &p, - &sig); + GNUNET_CRYPTO_eddsa_sign ( + &tcase.prv[msg->sender], + &p, + &sig); - entry = json_pack ("{s:i, s:o, s:o}", - "bidder", msg->sender, - "msg", GNUNET_JSON_from_data (msg->buf, msg->buf_len), - "sig", GNUNET_JSON_from_data_auto (&sig)); + entry = json_pack ("{s:i, s:o, s:o}", + "bidder", msg->sender, + "msg", GNUNET_JSON_from_data (msg->buf, msg->buf_len), + "sig", GNUNET_JSON_from_data_auto (&sig)); - GNUNET_assert (entry); - GNUNET_assert (-1 != - json_array_append_new (transcript, - entry)); + GNUNET_assert (entry); + GNUNET_assert (-1 != + json_array_append_new (transcript, + entry)); - } + } - winners = json_array (); - GNUNET_assert (winners); + winners = json_array (); + GNUNET_assert (winners); - // add the winner(s) - { - for (uint16_t i = 0; i < tcase.res_len; i++) - { - json_t *res = json_pack ("{s:i, s:i, s:o*}", - "bidder", - tcase.res[i].bidder, - "price_idx", - tcase.res[i].price, - "price", - json_array_get (prices, tcase.res[i].price)); - GNUNET_assert (res); - GNUNET_assert (-1 != - json_array_append_new (winners, res)); + // add the winner(s) + { + for (uint16_t i = 0; i < tcase.res_len; i++) + { + json_t *res = json_pack ("{s:i, s:i, s:o*}", + "bidder", + tcase.res[i].bidder, + "price_idx", + tcase.res[i].price, + "price", + json_array_get (prices, tcase.res[i].price)); + GNUNET_assert (res); + GNUNET_assert (-1 != + json_array_append_new (winners, res)); - } - } + } + } - root = json_pack ("{s:o, s:o, s:o, s:o, s:o}", - "auction", auction, - "bidders", bidders, - "signatures", sigs, - "transcript", transcript, - "winners", winners); + root = json_pack ("{s:o, s:o, s:o, s:o, s:o}", + "auction", auction, + "bidders", bidders, + "signatures", sigs, + "transcript", transcript, + "winners", winners); - GNUNET_assert (root); + GNUNET_assert (root); - // Add signature of seller to H(auction, bidders, signatures, transcript, result) - { - struct GNUNET_CRYPTO_EddsaSignature sig; - char *root_js = json_dumps (root, JSON_COMPACT | JSON_SORT_KEYS); + // Add signature of seller to H(auction, bidders, signatures, transcript, result) + { + struct GNUNET_CRYPTO_EddsaSignature sig; + char *root_js = json_dumps (root, JSON_COMPACT | JSON_SORT_KEYS); - GNUNET_CRYPTO_hash (root_js, - strlen (root_js), - &hc); + GNUNET_CRYPTO_hash (root_js, + strlen (root_js), + &hc); - p.purpose.purpose = htonl (815); - p.hc = hc; + p.purpose.purpose = htonl (815); + p.hc = hc; - GNUNET_CRYPTO_eddsa_sign (&tcase.prv[tcase.n], - &p, - &sig); - GNUNET_assert (-1 != - json_object_set_new ( - root, - "sig", - GNUNET_JSON_from_data_auto (&sig))); + GNUNET_CRYPTO_eddsa_sign (&tcase.prv[tcase.n], + &p, + &sig); + GNUNET_assert (-1 != + json_object_set_new ( + root, + "sig", + GNUNET_JSON_from_data_auto (&sig))); - free (root_js); - } + free (root_js); + } - // After signing the transcript, add private key material, too, so it - // can be used in integration tests. - { - json_t *keys = json_array (); - GNUNET_assert (keys); + // After signing the transcript, add private key material, too, so it + // can be used in integration tests. + { + json_t *keys = json_array (); + GNUNET_assert (keys); - for (size_t b = 0; b <= /* = is important */ tcase.n; b++) - { - char *ps = GNUNET_CRYPTO_eddsa_private_key_to_string (&tcase.prv[b]); - GNUNET_assert (-1 != - json_array_append_new (keys, - json_string (ps))); - } + for (size_t b = 0; b <= /* = is important */ tcase.n; b++) + { + char *ps = GNUNET_CRYPTO_eddsa_private_key_to_string (&tcase.prv[b]); + GNUNET_assert (-1 != + json_array_append_new (keys, + json_string (ps))); + } - json_object_set_new ( - root, - "NOTSIGNED_keys", - keys); - } + json_object_set_new ( + root, + "NOTSIGNED_keys", + keys); + } - printf ("\n%s\n", json_dumps (root, JSON_INDENT (2))); - json_decref (root); + printf ("\n%s\n", json_dumps (root, JSON_INDENT (2))); + json_decref (root); } @@ -709,31 +712,31 @@ print_transcript (uint32_t highestprice) static void replay_transcript (void *arg) { - void *desc; - size_t desc_len; - static struct GNUNET_CRYPTO_EccDlogContext *redc; + void *desc; + size_t desc_len; + static struct GNUNET_CRYPTO_EccDlogContext *redc; - print_transcript (96); - redc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); + print_transcript (96); + redc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); - dprintf (2,"REPLAY, calling BRANDT_new...\n"); - tcase.rad = BRANDT_new (&tr_result, - NULL, - &tr_start, - &tcase.id[tcase.n], - &desc, - &desc_len, - tcase.ad[tcase.n]->time_start, - tcase.ad[tcase.n]->time_round, - tcase.k, /* number of prizes */ - tcase.m, /* m */ - tcase.outcome_public, /* outcome public */ - tcase.outcome_public ? redc : NULL); - if (!tcase.rad) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "REPLAY BRANDT_new() failed.\n"); - _exit (1); - } + dprintf (2,"REPLAY, calling BRANDT_new...\n"); + tcase.rad = BRANDT_new (&tr_result, + NULL, + &tr_start, + &tcase.id[tcase.n], + &desc, + &desc_len, + tcase.ad[tcase.n]->time_start, + tcase.ad[tcase.n]->time_round, + tcase.k, /* number of prizes */ + tcase.m, /* m */ + tcase.outcome_public, /* outcome public */ + tcase.outcome_public ? redc : NULL); + if (! tcase.rad) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "REPLAY BRANDT_new() failed.\n"); + _exit (1); + } } @@ -756,113 +759,113 @@ test_auction (uint16_t n, uint16_t m, uint16_t outcome_public) { - tcase.n = n; - tcase.k = k; - tcase.bids = bids; - tcase.m = m; - tcase.outcome_public = outcome_public; - tcase.ret = 0; - tcase.res = NULL; - tcase.res_len = 0; + tcase.n = n; + tcase.k = k; + tcase.bids = bids; + tcase.m = m; + tcase.outcome_public = outcome_public; + tcase.ret = 0; + tcase.res = NULL; + tcase.res_len = 0; - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "######################################\n"); - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "testing %s auction with m = %d and %s outcome\n", - tcase.m > 0 ? "M+1ST PRICE" : "FIRST PRICE", - tcase.m, - tcase.outcome_public ? "PUBLIC" : "PRIVATE"); - /** \todo: output bids */ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "######################################\n"); - tcase.ad = GNUNET_new_array (tcase.n + 1, struct BRANDT_Auction *); - tcase.id = GNUNET_new_array (tcase.n + 1, uint16_t); - tcase.prv = GNUNET_new_array (tcase.n + 1, struct - GNUNET_CRYPTO_EddsaPrivateKey); - tcase.pub = GNUNET_new_array (tcase.n + 1, struct - GNUNET_CRYPTO_EddsaPublicKey); - for (uint16_t i = 0; i <= tcase.n; i++) - { - tcase.id[i] = i; - GNUNET_CRYPTO_eddsa_key_create (&tcase.prv[i]); - GNUNET_CRYPTO_eddsa_key_get_public (&tcase.prv[i], &tcase.pub[i]); - } - tcase.result_called = GNUNET_new_array (tcase.n + 1, uint16_t); - tcase.tr = GNUNET_new_array (4 * tcase.n, struct msg *); /* transcript, one message per bidder per round */ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "######################################\n"); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "testing %s auction with m = %d and %s outcome\n", + tcase.m > 0 ? "M+1ST PRICE" : "FIRST PRICE", + tcase.m, + tcase.outcome_public ? "PUBLIC" : "PRIVATE"); + /** \todo: output bids */ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "######################################\n"); + tcase.ad = GNUNET_new_array (tcase.n + 1, struct BRANDT_Auction *); + tcase.id = GNUNET_new_array (tcase.n + 1, uint16_t); + tcase.prv = GNUNET_new_array (tcase.n + 1, struct + GNUNET_CRYPTO_EddsaPrivateKey); + tcase.pub = GNUNET_new_array (tcase.n + 1, struct + GNUNET_CRYPTO_EddsaPublicKey); + for (uint16_t i = 0; i <= tcase.n; i++) + { + tcase.id[i] = i; + GNUNET_CRYPTO_eddsa_key_create (&tcase.prv[i]); + GNUNET_CRYPTO_eddsa_key_get_public (&tcase.prv[i], &tcase.pub[i]); + } + tcase.result_called = GNUNET_new_array (tcase.n + 1, uint16_t); + tcase.tr = GNUNET_new_array (4 * tcase.n, struct msg *); /* transcript, one message per bidder per round */ - GNUNET_SCHEDULER_run (&run_auction, NULL); + GNUNET_SCHEDULER_run (&run_auction, NULL); - for (uint16_t i = 0; i <= tcase.n; i++) - { - BRANDT_destroy (tcase.ad[i]); - if (!tcase.result_called[i]) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "result callback not called for bidder %d\n", - i); - tcase.ret = 1; - } - } + for (uint16_t i = 0; i <= tcase.n; i++) + { + BRANDT_destroy (tcase.ad[i]); + if (! tcase.result_called[i]) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "result callback not called for bidder %d\n", + i); + tcase.ret = 1; + } + } - GNUNET_SCHEDULER_run (&replay_transcript, NULL); + GNUNET_SCHEDULER_run (&replay_transcript, NULL); - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "DONE testing auction\n"); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "DONE testing auction\n"); - tcase.tr_idx = 0; - GNUNET_free (tcase.tr); - GNUNET_free (tcase.ad); - GNUNET_free (tcase.id); - GNUNET_free (tcase.result_called); - GNUNET_free (tcase.prv); - GNUNET_free (tcase.pub); + tcase.tr_idx = 0; + GNUNET_free (tcase.tr); + GNUNET_free (tcase.ad); + GNUNET_free (tcase.id); + GNUNET_free (tcase.result_called); + GNUNET_free (tcase.prv); + GNUNET_free (tcase.pub); - return tcase.ret; + return tcase.ret; } int -main (int argc, char *argv[]) +main () { - int ret = 0; + int ret = 0; - if (GNUNET_OK != GNUNET_log_setup ("test_brandt", "INFO", NULL)) - return 1; + if (GNUNET_OK != GNUNET_log_setup ("test_brandt", "INFO", NULL)) + return 1; - edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); - BRANDT_init (); + edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); + BRANDT_init (); - ret |= 0 || - /* - // zero bidders - test_auction (0, 2, NULL, 0, 0) || - test_auction (0, 2, NULL, 0, 1) || - test_auction (0, 2, NULL, 1, 0) || - test_auction (0, 2, NULL, 2, 0) || + ret |= 0 || + /* + // zero bidders + test_auction (0, 2, NULL, 0, 0) || + test_auction (0, 2, NULL, 0, 1) || + test_auction (0, 2, NULL, 1, 0) || + test_auction (0, 2, NULL, 2, 0) || - // too few bidders => outcome is lowest possible price - test_auction (1, 2, (uint16_t[]) { 1 }, 1, 0) || - test_auction (1, 2, (uint16_t[]) { 0 }, 2, 0) || - test_auction (2, 2, (uint16_t[]) { 1, 0 }, 2, 0) || - test_auction (2, 2, (uint16_t[]) { 1, 0 }, 1, 0) || - test_auction (3, 2, (uint16_t[]) { 0, 0, 1 }, 2, 0) || + // too few bidders => outcome is lowest possible price + test_auction (1, 2, (uint16_t[]) { 1 }, 1, 0) || + test_auction (1, 2, (uint16_t[]) { 0 }, 2, 0) || + test_auction (2, 2, (uint16_t[]) { 1, 0 }, 2, 0) || + test_auction (2, 2, (uint16_t[]) { 1, 0 }, 1, 0) || + test_auction (3, 2, (uint16_t[]) { 0, 0, 1 }, 2, 0) || - // general checks of all four algorithms - test_auction (3, 2, (uint16_t[]) { 0, 1, 1 }, 0, 0) || - test_auction (3, 2, (uint16_t[]) { 0, 1, 1 }, 0, 1) || - */ - // test_auction (3, 5, (uint16_t[]) { 4, 3, 1 }, 0, 1) || - // test_auction (3, 5, (uint16_t[]) { 1, 2, 3 }, 0, 1) || - test_auction (3, 5, (uint16_t[]) { 1, 2, 3 }, 0, 1) || - test_auction (5, 6, (uint16_t[]) {5,4,2,1,0,3}, 1, 1) || - // test_auction (5, 6, (uint16_t[]) {5,4,2,1,0,3}, 1, 0) || - test_auction (10, 3, (uint16_t[]) {1,2,0,1,1,0,1,0,1,0}, 0, 1) || - test_auction (10, 6, (uint16_t[]) {3,4,5,2,1,0,1,2,3,4}, 2, 1) || - // test_auction (10, 3, (uint16_t[]) {1,2,0,1,1,0,1,0,1,0}, 1, 0) || - 0; + // general checks of all four algorithms + test_auction (3, 2, (uint16_t[]) { 0, 1, 1 }, 0, 0) || + test_auction (3, 2, (uint16_t[]) { 0, 1, 1 }, 0, 1) || + */ + // test_auction (3, 5, (uint16_t[]) { 4, 3, 1 }, 0, 1) || + // test_auction (3, 5, (uint16_t[]) { 1, 2, 3 }, 0, 1) || + test_auction (3, 5, (uint16_t[]) { 1, 2, 3 }, 0, 1) || + test_auction (5, 6, (uint16_t[]) {5,4,2,1,0,3}, 1, 1) || + // test_auction (5, 6, (uint16_t[]) {5,4,2,1,0,3}, 1, 0) || + test_auction (10, 3, (uint16_t[]) {1,2,0,1,1,0,1,0,1,0}, 0, 1) || + test_auction (10, 6, (uint16_t[]) {3,4,5,2,1,0,1,2,3,4}, 2, 1) || + // test_auction (10, 3, (uint16_t[]) {1,2,0,1,1,0,1,0,1,0}, 1, 0) || + 0; - GNUNET_CRYPTO_ecc_dlog_release (edc); - return ret; + GNUNET_CRYPTO_ecc_dlog_release (edc); + return ret; } diff --git a/test_crypto.c b/test_crypto.c index 0517e52..9e84fee 100644 --- a/test_crypto.c +++ b/test_crypto.c @@ -31,130 +31,130 @@ static int test_serialization () { - gcry_mpi_point_t oldp = gcry_mpi_point_new (0); - gcry_mpi_point_t newp = gcry_mpi_point_new (0); - gcry_mpi_t oldi = gcry_mpi_new (256); - gcry_mpi_t newi = gcry_mpi_new (256); - struct ec_mpi serp; - struct ec_mpi seri; + gcry_mpi_point_t oldp = gcry_mpi_point_new (0); + gcry_mpi_point_t newp = gcry_mpi_point_new (0); + gcry_mpi_t oldi = gcry_mpi_new (256); + gcry_mpi_t newi = gcry_mpi_new (256); + struct ec_mpi serp; + struct ec_mpi seri; - ec_keypair_create (oldp, oldi); + ec_keypair_create (oldp, oldi); - ec_point_serialize (&serp, oldp); - mpi_serialize (&seri, oldi); + ec_point_serialize (&serp, oldp); + mpi_serialize (&seri, oldi); - ec_point_parse (newp, &serp); - mpi_parse (newi, &seri); + ec_point_parse (newp, &serp); + mpi_parse (newi, &seri); - CHECK (!ec_point_cmp (oldp, newp), "serialization changed point"); - CHECK (!gcry_mpi_cmp (oldi, newi), "serialization changed mpi"); + CHECK (! ec_point_cmp (oldp, newp), "serialization changed point"); + CHECK (! gcry_mpi_cmp (oldi, newi), "serialization changed mpi"); - mpi_serialize (&seri, GCRYMPI_CONST_ONE); - mpi_parse (newi, &seri); - CHECK (!gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail"); + mpi_serialize (&seri, GCRYMPI_CONST_ONE); + mpi_parse (newi, &seri); + CHECK (! gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail"); - gcry_mpi_point_release (oldp); - gcry_mpi_point_release (newp); - gcry_mpi_release (oldi); - gcry_mpi_release (newi); - return 1; + gcry_mpi_point_release (oldp); + gcry_mpi_point_release (newp); + gcry_mpi_release (oldi); + gcry_mpi_release (newi); + return 1; } static int test_smc_zkp_dl () { - struct proof_dl proof; - gcry_mpi_t x = gcry_mpi_new (256); - gcry_mpi_point_t v = gcry_mpi_point_new (0); + struct proof_dl proof; + gcry_mpi_t x = gcry_mpi_new (256); + gcry_mpi_point_t v = gcry_mpi_point_new (0); - ec_skey_create (x); + ec_skey_create (x); - smc_zkp_dl (v, x, &proof); - CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve"); - CHECK (!smc_zkp_dl_check (v, &proof), "zkp dl wrong"); + smc_zkp_dl (v, x, &proof); + CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve"); + CHECK (! smc_zkp_dl_check (v, &proof), "zkp dl wrong"); - gcry_mpi_release (x); - gcry_mpi_point_release (v); - return 1; + gcry_mpi_release (x); + gcry_mpi_point_release (v); + return 1; } static int test_smc_zkp_2dle () { - struct proof_2dle proof; - gcry_mpi_t x = gcry_mpi_new (256); - gcry_mpi_point_t g1 = gcry_mpi_point_new (0); - gcry_mpi_point_t g2 = gcry_mpi_point_new (0); - gcry_mpi_point_t v = gcry_mpi_point_new (0); - gcry_mpi_point_t w = gcry_mpi_point_new (0); + struct proof_2dle proof; + gcry_mpi_t x = gcry_mpi_new (256); + gcry_mpi_point_t g1 = gcry_mpi_point_new (0); + gcry_mpi_point_t g2 = gcry_mpi_point_new (0); + gcry_mpi_point_t v = gcry_mpi_point_new (0); + gcry_mpi_point_t w = gcry_mpi_point_new (0); - ec_keypair_create (g1, x); - ec_keypair_create (g2, x); + ec_keypair_create (g1, x); + ec_keypair_create (g2, x); - smc_zkp_2dle (v, w, g1, g2, x, &proof); - CHECK (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve"); - CHECK (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve"); - CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve"); - CHECK (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve"); - CHECK (!smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong"); + smc_zkp_2dle (v, w, g1, g2, x, &proof); + CHECK (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve"); + CHECK (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve"); + CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve"); + CHECK (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve"); + CHECK (! smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong"); - gcry_mpi_release (x); - gcry_mpi_point_release (g1); - gcry_mpi_point_release (g2); - gcry_mpi_point_release (v); - gcry_mpi_point_release (w); - return 1; + gcry_mpi_release (x); + gcry_mpi_point_release (g1); + gcry_mpi_point_release (g2); + gcry_mpi_point_release (v); + gcry_mpi_point_release (w); + return 1; } static int test_smc_zkp_0og () { - struct proof_0og proof; - gcry_mpi_point_t y = gcry_mpi_point_new (0); - gcry_mpi_point_t alpha = gcry_mpi_point_new (0); - gcry_mpi_point_t beta = gcry_mpi_point_new (0); + struct proof_0og proof; + gcry_mpi_point_t y = gcry_mpi_point_new (0); + gcry_mpi_point_t alpha = gcry_mpi_point_new (0); + gcry_mpi_point_t beta = gcry_mpi_point_new (0); - /* get random public key point. We don't need the secret key to check the - * proof here */ - ec_keypair_create (y, NULL); + /* get random public key point. We don't need the secret key to check the + * proof here */ + ec_keypair_create (y, NULL); - smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof); - CHECK (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve"); - CHECK (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve"); - CHECK (!smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong"); + smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof); + CHECK (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve"); + CHECK (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve"); + CHECK (! smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong"); - gcry_mpi_point_release (y); - gcry_mpi_point_release (alpha); - gcry_mpi_point_release (beta); - return 1; + gcry_mpi_point_release (y); + gcry_mpi_point_release (alpha); + gcry_mpi_point_release (beta); + return 1; } int main (int argc, char *argv[]) { - int repeat = 1; - struct GNUNET_CRYPTO_EccDlogContext *edc; + int repeat = 1; + struct GNUNET_CRYPTO_EccDlogContext *edc; - if (GNUNET_OK != GNUNET_log_setup ("test_crypto", "WARNING", NULL)) - return 1; + if (GNUNET_OK != GNUNET_log_setup ("test_crypto", "WARNING", NULL)) + return 1; - edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); - BRANDT_init (edc); + edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); + BRANDT_init (edc); - /* tests that need to run only once */ - RUN (test_serialization); + /* tests that need to run only once */ + RUN (test_serialization); - for (tests_run = 0; tests_run < repeat; tests_run++) - { - RUN (test_smc_zkp_dl); - RUN (test_smc_zkp_2dle); - RUN (test_smc_zkp_0og); - } + for (tests_run = 0; tests_run < repeat; tests_run++) + { + RUN (test_smc_zkp_dl); + RUN (test_smc_zkp_2dle); + RUN (test_smc_zkp_0og); + } - GNUNET_CRYPTO_ecc_dlog_release (edc); - return ret; + GNUNET_CRYPTO_ecc_dlog_release (edc); + return ret; } diff --git a/util.h b/util.h index def9512..80e51bb 100644 --- a/util.h +++ b/util.h @@ -29,15 +29,15 @@ #ifdef NDEBUG -#define DP(point) ((void)(gcry_log_debugpnt (# point, point, ec_ctx))) -#define DM(mpi) ((void)(gcry_log_debugmpi (# mpi, mpi))) -#define DS(sexp) ((void)(gcry_log_debugsxp (# sexp, sexp))) +#define DP(point) ((void) (gcry_log_debugpnt (# point, point, ec_ctx))) +#define DM(mpi) ((void) (gcry_log_debugmpi (# mpi, mpi))) +#define DS(sexp) ((void) (gcry_log_debugsxp (# sexp, sexp))) #else /* ifdef NDEBUG */ -#define DP(point) ((void)(0)) -#define DM(mpi) ((void)(0)) -#define DS(sexp) ((void)(0)) +#define DP(point) ((void) (0)) +#define DM(mpi) ((void) (0)) +#define DS(sexp) ((void) (0)) #endif /* ifdef NDEBUG */