lift code to recent GNUNET version; uncrustify

This commit is contained in:
Özgür Kesim 2024-01-14 21:42:10 +01:00
parent 09af66c165
commit e095416bc2
Signed by: oec
GPG Key ID: 3D76A56D79EDD9D7
16 changed files with 4330 additions and 4249 deletions

316
INSTALL
View File

@ -1,8 +1,8 @@
Installation Instructions Installation Instructions
************************* *************************
Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, Copyright (C) 1994-1996, 1999-2002, 2004-2017, 2020-2021 Free
Inc. Software Foundation, Inc.
Copying and distribution of this file, with or without modification, Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright are permitted in any medium without royalty provided the copyright
@ -12,97 +12,96 @@ without warranty of any kind.
Basic Installation Basic Installation
================== ==================
Briefly, the shell command `./configure && make && make install' Briefly, the shell command './configure && make && make install'
should configure, build, and install this package. The following should configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for more-detailed instructions are generic; see the 'README' file for
instructions specific to this package. Some packages provide this instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented 'INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions. in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for The 'configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package. those values to create a 'Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent It may also create one or more '.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that definitions. Finally, it creates a shell script 'config.status' that
you can run in the future to recreate the current configuration, and a you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for file 'config.log' containing compiler output (useful mainly for
debugging `configure'). debugging 'configure').
It can also use an optional file (typically called `config.cache' It can also use an optional file (typically called 'config.cache' and
and enabled with `--cache-file=config.cache' or simply `-C') that saves enabled with '--cache-file=config.cache' or simply '-C') that saves the
the results of its tests to speed up reconfiguring. Caching is results of its tests to speed up reconfiguring. Caching is disabled by
disabled by default to prevent problems with accidental use of stale default to prevent problems with accidental use of stale cache files.
cache files.
If you need to do unusual things to compile the package, please try If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail to figure out how 'configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can diffs or instructions to the address given in the 'README' so they can
be considered for the next release. If you are using the cache, and at be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you some point 'config.cache' contains results you don't want to keep, you
may remove or edit it. may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create The file 'configure.ac' (or 'configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if 'configure' by a program called 'autoconf'. You need 'configure.ac' if
you want to change it or regenerate `configure' using a newer version you want to change it or regenerate 'configure' using a newer version of
of `autoconf'. 'autoconf'.
The simplest way to compile this package is: The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type 1. 'cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. './configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints Running 'configure' might take a while. While running, it prints
some messages telling which features it is checking for. some messages telling which features it is checking for.
2. Type `make' to compile the package. 2. Type 'make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with 3. Optionally, type 'make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries. the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and 4. Type 'make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root user, and only the 'make install' phase executed with root
privileges. privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but 5. Optionally, type 'make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location. this time using the binaries in their final installed location.
This target does not install anything. Running this target as a This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required regular user, particularly if the prior 'make install' required
root privileges, verifies that the installation completed root privileges, verifies that the installation completed
correctly. correctly.
6. You can remove the program binaries and object files from the 6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the source code directory by typing 'make clean'. To also remove the
files that `configure' created (so you can compile the package for files that 'configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is a different kind of computer), type 'make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly also a 'make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came all sorts of other programs in order to regenerate files that came
with the distribution. with the distribution.
7. Often, you can also type `make uninstall' to remove the installed 7. Often, you can also type 'make uninstall' to remove the installed
files again. In practice, not all packages have tested that files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the uninstallation works correctly, even though it is required by the
GNU Coding Standards. GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make 8. Some packages, particularly those that use Automake, provide 'make
distcheck', which can by used by developers to test that all other distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly. targets like 'make install' and 'make uninstall' work correctly.
This target is generally not run by end users. This target is generally not run by end users.
Compilers and Options Compilers and Options
===================== =====================
Some systems require unusual options for compilation or linking that Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help' the 'configure' script does not know about. Run './configure --help'
for details on some of the pertinent environment variables. for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters You can give 'configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here by setting variables in the command line or in the environment. Here is
is an example: an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix ./configure CC=c99 CFLAGS=-g LIBS=-lposix
@ -113,21 +112,21 @@ Compiling For Multiple Architectures
You can compile the package for more than one kind of computer at the You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the own directory. To do this, you can use GNU 'make'. 'cd' to the
directory where you want the object files and executables to go and run directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the the 'configure' script. 'configure' automatically checks for the source
source code in the directory that `configure' is in and in `..'. This code in the directory that 'configure' is in and in '..'. This is known
is known as a "VPATH" build. as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one With a non-GNU 'make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before installed the package for one architecture, use 'make distclean' before
reconfiguring for another architecture. reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the "universal" binaries--by specifying multiple '-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like compiler but only a single '-arch' option to the preprocessor. Like
this: this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
@ -136,105 +135,104 @@ this:
This is not guaranteed to produce working output in all cases, you This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems. using the 'lipo' tool if you have problems.
Installation Names Installation Names
================== ==================
By default, `make install' installs the package's commands under By default, 'make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You '/usr/local/bin', include files under '/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving can specify an installation prefix other than '/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an 'configure' the option '--prefix=PREFIX', where PREFIX must be an
absolute file name. absolute file name.
You can specify separate installation prefixes for You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses pass the option '--exec-prefix=PREFIX' to 'configure', the package uses
PREFIX as the prefix for installing programs and libraries. PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix. Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular options like '--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories kinds of files. Run 'configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the you can set and what kinds of files go in them. In general, the default
default for these options is expressed in terms of `${prefix}', so that for these options is expressed in terms of '${prefix}', so that
specifying just `--prefix' will affect all of the other directory specifying just '--prefix' will affect all of the other directory
specifications that were not explicitly provided. specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or correct locations to 'configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without 'make install' command line to change installation locations without
having to reconfigure or recompile. having to reconfigure or recompile.
The first method involves providing an override variable for each The first method involves providing an override variable for each
affected directory. For example, `make install affected directory. For example, 'make install
prefix=/alternate/directory' will choose an alternate location for all prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure', '${prefix}'. Any directories that were specified during 'configure',
but not in terms of `${prefix}', must each be overridden at install but not in terms of '${prefix}', must each be overridden at install time
time for the entire installation to be relocated. The approach of for the entire installation to be relocated. The approach of makefile
makefile variable overrides for each directory variable is required by variable overrides for each directory variable is required by the GNU
the GNU Coding Standards, and ideally causes no recompilation. Coding Standards, and ideally causes no recompilation. However, some
However, some platforms have known limitations with the semantics of platforms have known limitations with the semantics of shared libraries
shared libraries that end up requiring recompilation when using this that end up requiring recompilation when using this method, particularly
method, particularly noticeable in packages that use GNU Libtool. noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For The second method involves providing the 'DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend example, 'make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of '/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and 'DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand, does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}' when some directory options were not specified in terms of '${prefix}'
at `configure' time. at 'configure' time.
Optional Features Optional Features
================= =================
If the package supports it, you can cause programs to be installed If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the with an extra prefix or suffix on their names by giving 'configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to Some packages pay attention to '--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package. 'configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE They may also pay attention to '--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The is something like 'gnu-as' or 'x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the 'README' should mention any '--enable-' and '--with-' options that the
package recognizes. package recognizes.
For packages that use the X Window System, `configure' can usually For packages that use the X Window System, 'configure' can usually
find the X include and library files automatically, but if it doesn't, find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and you can use the 'configure' options '--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations. '--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure execution of 'make' will be. For these packages, running './configure
--enable-silent-rules' sets the default to minimal output, which can be --enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure overridden with 'make V=1'; while running './configure
--disable-silent-rules' sets the default to verbose, which can be --disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'. overridden with 'make V=0'.
Particular systems Particular systems
================== ==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC
CC is not installed, it is recommended to use the following options in is not installed, it is recommended to use the following options in
order to use an ANSI C compiler: order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500" ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX. and if that doesn't work, install pre-built binaries of GCC for HP-UX.
HP-UX `make' updates targets which have the same time stamps as HP-UX 'make' updates targets which have the same timestamps as their
their prerequisites, which makes it generally unusable when shipped prerequisites, which makes it generally unusable when shipped generated
generated files such as `configure' are involved. Use GNU `make' files such as 'configure' are involved. Use GNU 'make' instead.
instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as parse its '<wchar.h>' header file. The option '-nodtk' can be used as a
a workaround. If GNU CC is not installed, it is therefore recommended workaround. If GNU CC is not installed, it is therefore recommended to
to try try
./configure CC="cc" ./configure CC="cc"
@ -242,26 +240,26 @@ and if that doesn't work, try
./configure CC="cc -nodtk" ./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This On Solaris, don't put '/usr/ucb' early in your 'PATH'. This
directory contains several dysfunctional programs; working variants of directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb' these programs are available in '/usr/bin'. So, if you need '/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'. in your 'PATH', put it _after_ '/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common', On Haiku, software installed for all users goes in '/boot/common',
not `/usr/local'. It is recommended to use the following options: not '/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common ./configure --prefix=/boot/common
Specifying the System Type Specifying the System Type
========================== ==========================
There may be some features `configure' cannot figure out There may be some features 'configure' cannot figure out
automatically, but needs to determine by the type of machine the package automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints _same_ architectures, 'configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system '--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form: type, such as 'sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM CPU-COMPANY-SYSTEM
@ -270,101 +268,101 @@ where SYSTEM can have one of these forms:
OS OS
KERNEL-OS KERNEL-OS
See the file `config.sub' for the possible values of each field. If See the file 'config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't 'config.sub' isn't included in this package, then this package doesn't
need to know the machine type. need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will use the option '--target=TYPE' to select the type of system they will
produce code for. produce code for.
If you want to _use_ a cross compiler, that generates code for a If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will "host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'. eventually be run) with '--host=TYPE'.
Sharing Defaults Sharing Defaults
================ ================
If you want to set default values for `configure' scripts to share, If you want to set default values for 'configure' scripts to share,
you can create a site shell script called `config.site' that gives you can create a site shell script called 'config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'. default values for variables like 'CC', 'cache_file', and 'prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then 'configure' looks for 'PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the 'PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script. 'CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script. A warning: not all 'configure' scripts look for a site script.
Defining Variables Defining Variables
================== ==================
Variables not defined in a site shell script can be set in the Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run environment passed to 'configure'. However, some packages may run
configure again during the build, and the customized values of these configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example: them in the 'configure' command line, using 'VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc ./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is causes the specified 'gcc' to be used as the C compiler (unless it is
overridden in the site shell script). overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an
an Autoconf limitation. Until the limitation is lifted, you can use Autoconf limitation. Until the limitation is lifted, you can use this
this workaround: workaround:
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation 'configure' Invocation
====================== ======================
`configure' recognizes the following options to control how it 'configure' recognizes the following options to control how it
operates. operates.
`--help' '--help'
`-h' '-h'
Print a summary of all of the options to `configure', and exit. Print a summary of all of the options to 'configure', and exit.
`--help=short' '--help=short'
`--help=recursive' '--help=recursive'
Print a summary of the options unique to this package's Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used 'configure', and exit. The 'short' variant lists options used only
only in the top level, while the `recursive' variant lists options in the top level, while the 'recursive' variant lists options also
also present in any nested packages. present in any nested packages.
`--version' '--version'
`-V' '-V'
Print the version of Autoconf used to generate the `configure' Print the version of Autoconf used to generate the 'configure'
script, and exit. script, and exit.
`--cache-file=FILE' '--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE, Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to traditionally 'config.cache'. FILE defaults to '/dev/null' to
disable caching. disable caching.
`--config-cache' '--config-cache'
`-C' '-C'
Alias for `--cache-file=config.cache'. Alias for '--cache-file=config.cache'.
`--quiet' '--quiet'
`--silent' '--silent'
`-q' '-q'
Do not print messages saying which checks are being made. To Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error suppress all normal output, redirect it to '/dev/null' (any error
messages will still be shown). messages will still be shown).
`--srcdir=DIR' '--srcdir=DIR'
Look for the package's source code in directory DIR. Usually Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically. 'configure' can determine that directory automatically.
`--prefix=DIR' '--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names:: Use DIR as the installation prefix. *note Installation Names:: for
for more details, including other options available for fine-tuning more details, including other options available for fine-tuning the
the installation locations. installation locations.
`--no-create' '--no-create'
`-n' '-n'
Run the configure checks, but stop before creating any output Run the configure checks, but stop before creating any output
files. files.
`configure' also accepts some other, not widely useful, options. Run 'configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details. 'configure --help' for more details.

685
bench.c
View File

@ -30,348 +30,350 @@
#define MIN(A, B) ((A) < (B) ? (A) : (B)) #define MIN(A, B) ((A) < (B) ? (A) : (B))
struct msg { struct msg
uint16_t sender; {
uint16_t receiver; uint16_t sender;
void *buf; uint16_t receiver;
size_t buf_len; void *buf;
size_t buf_len;
}; };
struct testcase { struct testcase
uint16_t n; {
uint16_t k; uint16_t n;
uint16_t *bids; uint16_t k;
uint16_t m; uint16_t *bids;
uint16_t outcome_public; uint16_t m;
uint16_t ret; uint16_t outcome_public;
struct BRANDT_Auction **ad; uint16_t ret;
uint16_t *id; struct BRANDT_Auction **ad;
uint16_t *result_called; uint16_t *id;
uint16_t *result_called;
}; };
static struct testcase tcase; static struct testcase tcase;
static struct GNUNET_CRYPTO_EccDlogContext *edc; static struct GNUNET_CRYPTO_EccDlogContext *edc;
static struct BRANDT_Result * static struct BRANDT_Result *
expected_outcome (uint16_t i, uint16_t *rlen) expected_outcome (uint16_t i, uint16_t *rlen)
{ {
struct BRANDT_Result *ret = NULL; struct BRANDT_Result *ret = NULL;
int32_t highest_bidder = -1; int32_t highest_bidder = -1;
int32_t highest_bid = -1; int32_t highest_bid = -1;
int32_t mpf_highest_bidder; int32_t mpf_highest_bidder;
int32_t mpf_highest_bid = -1; int32_t mpf_highest_bid = -1;
int32_t prev_mpf_highest_bidder = -1; int32_t prev_mpf_highest_bidder = -1;
uint16_t winners = MIN (tcase.m, tcase.n); uint16_t winners = MIN (tcase.m, tcase.n);
uint16_t cur_winner = 0; uint16_t cur_winner = 0;
*rlen = 0; *rlen = 0;
if (0 == tcase.n) if (0 == tcase.n)
return NULL; return NULL;
if (0 == tcase.m) if (0 == tcase.m)
{ {
for (uint16_t h = 0; h < tcase.n; h++) for (uint16_t h = 0; h < tcase.n; h++)
if (tcase.bids[h] > highest_bid) if (tcase.bids[h] > highest_bid)
highest_bid = tcase.bids[highest_bidder = h]; highest_bid = tcase.bids[highest_bidder = h];
if (!tcase.outcome_public && !(i == highest_bidder || i == tcase.n)) if (! tcase.outcome_public && ! (i == highest_bidder || i == tcase.n))
return NULL; return NULL;
ret = GNUNET_new (struct BRANDT_Result); ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = highest_bidder; ret->bidder = highest_bidder;
ret->price = highest_bid; ret->price = highest_bid;
ret->status = BRANDT_bidder_won; ret->status = BRANDT_bidder_won;
*rlen = 1; *rlen = 1;
return ret; return ret;
} }
/* fewer bidders than needed -> everyone wins with lowest price */ /* fewer bidders than needed -> everyone wins with lowest price */
if (tcase.n <= tcase.m) if (tcase.n <= tcase.m)
{ {
if (tcase.outcome_public || i == tcase.n) if (tcase.outcome_public || i == tcase.n)
{ {
ret = GNUNET_new_array ((*rlen = tcase.n), struct BRANDT_Result); ret = GNUNET_new_array ((*rlen = tcase.n), struct BRANDT_Result);
for (uint16_t h = 0; h < tcase.n; h++) for (uint16_t h = 0; h < tcase.n; h++)
{ {
ret[h].bidder = h; ret[h].bidder = h;
ret[h].price = 0; ret[h].price = 0;
ret[h].status = BRANDT_bidder_won; ret[h].status = BRANDT_bidder_won;
} }
} }
else else
{ {
ret = GNUNET_new (struct BRANDT_Result); ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = i; ret->bidder = i;
ret->price = 0; ret->price = 0;
ret->status = BRANDT_bidder_won; ret->status = BRANDT_bidder_won;
*rlen = 1; *rlen = 1;
} }
return ret; return ret;
} }
/* find M+1st highest bidder to determine selling price */ /* find M+1st highest bidder to determine selling price */
for (uint16_t h = 0; h < tcase.n; h++) for (uint16_t h = 0; h < tcase.n; h++)
if (tcase.bids[h] > mpf_highest_bid) if (tcase.bids[h] > mpf_highest_bid)
mpf_highest_bid = tcase.bids[prev_mpf_highest_bidder = h]; mpf_highest_bid = tcase.bids[prev_mpf_highest_bidder = h];
for (uint16_t m = 0; m < MIN (tcase.m, tcase.n - 1); m++) for (uint16_t m = 0; m < MIN (tcase.m, tcase.n - 1); m++)
{ {
mpf_highest_bidder = -1; mpf_highest_bidder = -1;
mpf_highest_bid = -1; mpf_highest_bid = -1;
for (uint16_t h = 0; h < tcase.n; h++) for (uint16_t h = 0; h < tcase.n; h++)
{ {
if (tcase.bids[h] > mpf_highest_bid && if (tcase.bids[h] > mpf_highest_bid &&
(tcase.bids[h] < tcase.bids[prev_mpf_highest_bidder] || (tcase.bids[h] < tcase.bids[prev_mpf_highest_bidder] ||
(tcase.bids[h] == tcase.bids[prev_mpf_highest_bidder] && (tcase.bids[h] == tcase.bids[prev_mpf_highest_bidder] &&
h > prev_mpf_highest_bidder))) h > prev_mpf_highest_bidder)))
{ {
mpf_highest_bid = tcase.bids[mpf_highest_bidder = h]; mpf_highest_bid = tcase.bids[mpf_highest_bidder = h];
} }
} }
prev_mpf_highest_bidder = mpf_highest_bidder; prev_mpf_highest_bidder = mpf_highest_bidder;
} }
/* for simplicity always locate the big block if we need to report at /* for simplicity always locate the big block if we need to report at
* least one winner. with private outcome for losing bidders or winners * least one winner. with private outcome for losing bidders or winners
* only none or one element will be used respectively. */ * only none or one element will be used respectively. */
if (tcase.outcome_public || i == tcase.n || if (tcase.outcome_public || i == tcase.n ||
tcase.bids[i] > mpf_highest_bid || tcase.bids[i] > mpf_highest_bid ||
(tcase.bids[i] == mpf_highest_bid && i < mpf_highest_bidder)) (tcase.bids[i] == mpf_highest_bid && i < mpf_highest_bidder))
ret = GNUNET_new_array (winners, struct BRANDT_Result); ret = GNUNET_new_array (winners, struct BRANDT_Result);
/* report winners */ /* report winners */
for (uint16_t h = 0; h < tcase.n; h++) for (uint16_t h = 0; h < tcase.n; h++)
{ {
if (((tcase.bids[h] == mpf_highest_bid && h < mpf_highest_bidder) || if (((tcase.bids[h] == mpf_highest_bid && h < mpf_highest_bidder) ||
tcase.bids[h] > mpf_highest_bid) && /* h is a winner */ tcase.bids[h] > mpf_highest_bid) && /* h is a winner */
(tcase.outcome_public || i == h || i == tcase.n)) /* needs report */ (tcase.outcome_public || i == h || i == tcase.n)) /* needs report */
{ {
if (cur_winner >= winners) if (cur_winner >= winners)
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "got too many winners\n"); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "got too many winners\n");
_exit (1); _exit (1);
} }
ret[cur_winner].bidder = h; ret[cur_winner].bidder = h;
ret[cur_winner].price = mpf_highest_bid; ret[cur_winner].price = mpf_highest_bid;
ret[cur_winner].status = BRANDT_bidder_won; ret[cur_winner].status = BRANDT_bidder_won;
cur_winner++; cur_winner++;
} }
} }
*rlen = cur_winner; *rlen = cur_winner;
return ret; return ret;
} }
static void static void
bidder_start (void *arg) bidder_start (void *arg)
{ {
uint16_t i = *(uint16_t *)arg; uint16_t i = *(uint16_t *) arg;
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "starting bidder %d\n", i); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "starting bidder %d\n", i);
BRANDT_bidder_start (tcase.ad[i], i, tcase.n); BRANDT_bidder_start (tcase.ad[i], i, tcase.n);
} }
static void static void
transfer_message (void *arg) transfer_message (void *arg)
{ {
struct msg *m = (struct msg *)arg; struct msg *m = (struct msg *) arg;
struct msg_head *h = (struct msg_head *)m->buf; struct msg_head *h = (struct msg_head *) m->buf;
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "xfer msg %d %p from %d to %d\n", GNUNET_log (GNUNET_ERROR_TYPE_INFO, "xfer msg %d %p from %d to %d\n",
ntohl (h->msg_type), arg, m->sender, m->receiver); ntohl (h->msg_type), arg, m->sender, m->receiver);
BRANDT_got_message (tcase.ad[m->receiver], m->sender, m->buf, m->buf_len); BRANDT_got_message (tcase.ad[m->receiver], m->sender, m->buf, m->buf_len);
GNUNET_free (m->buf); GNUNET_free (m->buf);
GNUNET_free (m); GNUNET_free (m);
} }
static uint16_t static uint16_t
cb_start (void *auction_closure) cb_start (void *auction_closure)
{ {
uint16_t *s = (uint16_t *)auction_closure; uint16_t *s = (uint16_t *) auction_closure;
if (tcase.n != *s) if (tcase.n != *s)
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"start callback called from bidder\n"); "start callback called from bidder\n");
_exit (1); _exit (1);
} }
for (uint16_t i = 0; i < tcase.n; i++) for (uint16_t i = 0; i < tcase.n; i++)
GNUNET_SCHEDULER_add_now (&bidder_start, &tcase.id[i]); GNUNET_SCHEDULER_add_now (&bidder_start, &tcase.id[i]);
return tcase.n; return tcase.n;
} }
static int static int
cb_broadcast (void *auction_closure, cb_broadcast (void *auction_closure,
const void *msg, const void *msg,
size_t msg_len) size_t msg_len)
{ {
uint16_t *s = (uint16_t *)auction_closure; uint16_t *s = (uint16_t *) auction_closure;
struct msg *m; struct msg *m;
for (uint16_t i = 0; i <= tcase.n; i++) for (uint16_t i = 0; i <= tcase.n; i++)
{ {
if (i == *s) if (i == *s)
continue; continue;
m = GNUNET_new (struct msg); m = GNUNET_new (struct msg);
m->sender = *s; m->sender = *s;
m->receiver = i; m->receiver = i;
m->buf = GNUNET_new_array (msg_len, unsigned char); m->buf = GNUNET_new_array (msg_len, unsigned char);
memcpy (m->buf, msg, msg_len); memcpy (m->buf, msg, msg_len);
m->buf_len = msg_len; m->buf_len = msg_len;
GNUNET_SCHEDULER_add_now (&transfer_message, m); GNUNET_SCHEDULER_add_now (&transfer_message, m);
} }
return 0; return 0;
} }
static int static int
cb_unicast (void *auction_closure, cb_unicast (void *auction_closure,
const void *msg, const void *msg,
size_t msg_len) size_t msg_len)
{ {
uint16_t *s = (uint16_t *)auction_closure; uint16_t *s = (uint16_t *) auction_closure;
struct msg *m; struct msg *m;
m = GNUNET_new (struct msg); m = GNUNET_new (struct msg);
m->sender = *s; m->sender = *s;
m->receiver = tcase.n; /* == seller */ m->receiver = tcase.n; /* == seller */
m->buf = GNUNET_new_array (msg_len, unsigned char); m->buf = GNUNET_new_array (msg_len, unsigned char);
memcpy (m->buf, msg, msg_len); memcpy (m->buf, msg, msg_len);
m->buf_len = msg_len; m->buf_len = msg_len;
GNUNET_SCHEDULER_add_now (&transfer_message, m); GNUNET_SCHEDULER_add_now (&transfer_message, m);
return 0; return 0;
} }
static void static void
cb_result (void *auction_closure, cb_result (void *auction_closure,
struct BRANDT_Result results[], struct BRANDT_Result results[],
uint16_t results_len) uint16_t results_len)
{ {
uint16_t *s = (uint16_t *)auction_closure; uint16_t *s = (uint16_t *) auction_closure;
uint16_t mustlen = -1; uint16_t mustlen = -1;
struct BRANDT_Result *must = expected_outcome (*s, &mustlen); struct BRANDT_Result *must = expected_outcome (*s, &mustlen);
if (mustlen != results_len) if (mustlen != results_len)
{ {
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"expected result len is: %d\n", "expected result len is: %d\n",
mustlen); mustlen);
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"computed result len is: %d (by agent %d)\n", "computed result len is: %d (by agent %d)\n",
results_len, results_len,
*s); *s);
tcase.ret = 1; tcase.ret = 1;
goto quit; goto quit;
} }
if (0 == results_len && NULL != must) if (0 == results_len && NULL != must)
{ {
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"expected result is: %p\n", "expected result is: %p\n",
(void *)must); (void *) must);
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"computed result is: (nil) (by agent %d)\n", "computed result is: (nil) (by agent %d)\n",
*s); *s);
tcase.ret = 1; tcase.ret = 1;
} }
for (uint16_t i = 0; i < results_len; i++) for (uint16_t i = 0; i < results_len; i++)
{ {
GNUNET_log ( GNUNET_log (
GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_INFO,
"expected result is: bidder %d got status %d with price %d\n", "expected result is: bidder %d got status %d with price %d\n",
must[i].bidder, must[i].bidder,
must[i].status, must[i].status,
must[i].price); must[i].price);
GNUNET_log ( GNUNET_log (
GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_INFO,
"computed result is: bidder %d got status %d with price %d (by agent %d)\n", "computed result is: bidder %d got status %d with price %d (by agent %d)\n",
results[i].bidder, results[i].bidder,
results[i].status, results[i].status,
results[i].price, results[i].price,
*s); *s);
if (NULL == must || if (NULL == must ||
must[i].bidder != results[i].bidder || must[i].bidder != results[i].bidder ||
must[i].status != results[i].status || must[i].status != results[i].status ||
must[i].price != results[i].price) must[i].price != results[i].price)
tcase.ret = 1; tcase.ret = 1;
} }
quit: quit:
tcase.result_called[*s] = 1; tcase.result_called[*s] = 1;
if (must) if (must)
GNUNET_free (must); GNUNET_free (must);
} }
static void static void
run_auction (void *arg) run_auction (void *arg)
{ {
void *desc; void *desc;
size_t desc_len; size_t desc_len;
tcase.ad[tcase.n] = BRANDT_new (&cb_result, tcase.ad[tcase.n] = BRANDT_new (&cb_result,
&cb_broadcast, &cb_broadcast,
&cb_start, &cb_start,
&tcase.id[tcase.n], &tcase.id[tcase.n],
&desc, &desc,
&desc_len, &desc_len,
GNUNET_TIME_absolute_get (), GNUNET_TIME_absolute_get (),
GNUNET_TIME_UNIT_MINUTES, GNUNET_TIME_UNIT_MINUTES,
tcase.k, /* number of prizes */ tcase.k, /* number of prizes */
tcase.m, /* m */ tcase.m, /* m */
tcase.outcome_public, /* outcome public */ tcase.outcome_public, /* outcome public */
tcase.outcome_public ? edc : NULL); tcase.outcome_public ? edc : NULL);
if (!tcase.ad[tcase.n]) if (! tcase.ad[tcase.n])
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_new() failed.\n"); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_new() failed.\n");
_exit (1); _exit (1);
} }
for (uint16_t i = 0; i < tcase.n; i++) for (uint16_t i = 0; i < tcase.n; i++)
{ {
tcase.ad[i] = BRANDT_join (&cb_result, tcase.ad[i] = BRANDT_join (&cb_result,
&cb_broadcast, &cb_broadcast,
&cb_unicast, &cb_unicast,
&tcase.id[i], &tcase.id[i],
desc, desc,
desc_len, desc_len,
tcase.bids[i], /* bid */ tcase.bids[i], /* bid */
tcase.outcome_public ? edc : NULL); tcase.outcome_public ? edc : NULL);
if (!tcase.ad[i]) if (! tcase.ad[i])
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_join() failed.\n"); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "BRANDT_join() failed.\n");
tcase.ret = 1; tcase.ret = 1;
return; return;
} }
if (tcase.ad[tcase.n]->k != tcase.ad[i]->k || if (tcase.ad[tcase.n]->k != tcase.ad[i]->k ||
tcase.ad[tcase.n]->m != tcase.ad[i]->m || tcase.ad[tcase.n]->m != tcase.ad[i]->m ||
tcase.ad[tcase.n]->outcome_public != tcase.ad[i]->outcome_public || tcase.ad[tcase.n]->outcome_public != tcase.ad[i]->outcome_public ||
tcase.ad[tcase.n]->time_start.abs_value_us tcase.ad[tcase.n]->time_start.abs_value_us
!= tcase.ad[i]->time_start.abs_value_us || != tcase.ad[i]->time_start.abs_value_us ||
tcase.ad[tcase.n]->time_round.rel_value_us tcase.ad[tcase.n]->time_round.rel_value_us
!= tcase.ad[i]->time_round.rel_value_us || != tcase.ad[i]->time_round.rel_value_us ||
!tcase.ad[tcase.n]->seller_mode || /* todo: split out */ ! tcase.ad[tcase.n]->seller_mode || /* todo: split out */
tcase.ad[i]->seller_mode) tcase.ad[i]->seller_mode)
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"error/mismatch in basic auction data\n"); "error/mismatch in basic auction data\n");
tcase.ret = 1; tcase.ret = 1;
return; return;
} }
} }
} }
@ -394,102 +396,107 @@ test_auction (uint16_t n,
uint16_t m, uint16_t m,
uint16_t outcome_public) uint16_t outcome_public)
{ {
tcase.n = n; tcase.n = n;
tcase.k = k; tcase.k = k;
tcase.bids = bids; tcase.bids = bids;
tcase.m = m; tcase.m = m;
tcase.outcome_public = outcome_public; tcase.outcome_public = outcome_public;
tcase.ret = 0; tcase.ret = 0;
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"######################################\n"); "######################################\n");
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"testing %s auction with m = %d and %s outcome\n", "testing %s auction with m = %d and %s outcome\n",
tcase.m > 0 ? "M+1ST PRICE" : "FIRST PRICE", tcase.m > 0 ? "M+1ST PRICE" : "FIRST PRICE",
tcase.m, tcase.m,
tcase.outcome_public ? "PUBLIC" : "PRIVATE"); tcase.outcome_public ? "PUBLIC" : "PRIVATE");
/** \todo: output bids */ /** \todo: output bids */
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"######################################\n"); "######################################\n");
tcase.ad = GNUNET_new_array (tcase.n + 1, struct BRANDT_Auction *); tcase.ad = GNUNET_new_array (tcase.n + 1, struct BRANDT_Auction *);
tcase.id = GNUNET_new_array (tcase.n + 1, uint16_t); tcase.id = GNUNET_new_array (tcase.n + 1, uint16_t);
for (uint16_t i = 0; i <= tcase.n; i++) for (uint16_t i = 0; i <= tcase.n; i++)
tcase.id[i] = i; tcase.id[i] = i;
tcase.result_called = GNUNET_new_array (tcase.n + 1, uint16_t); tcase.result_called = GNUNET_new_array (tcase.n + 1, uint16_t);
GNUNET_SCHEDULER_run (&run_auction, NULL); GNUNET_SCHEDULER_run (&run_auction, NULL);
for (uint16_t i = 0; i <= tcase.n; i++) for (uint16_t i = 0; i <= tcase.n; i++)
{ {
BRANDT_destroy (tcase.ad[i]); BRANDT_destroy (tcase.ad[i]);
if (!tcase.result_called[i]) if (! tcase.result_called[i])
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"result callback not called for bidder %d\n", "result callback not called for bidder %d\n",
i); i);
tcase.ret = 1; tcase.ret = 1;
} }
} }
GNUNET_free (tcase.ad); GNUNET_free (tcase.ad);
GNUNET_free (tcase.id); GNUNET_free (tcase.id);
GNUNET_free (tcase.result_called); GNUNET_free (tcase.result_called);
return tcase.ret; return tcase.ret;
} }
int int
main (int argc, char *argv[]) main (int argc, char *argv[])
{ {
int ret = 0; int ret = 0;
uint16_t n; uint16_t n;
uint16_t k; uint16_t k;
uint16_t m; uint16_t m;
uint16_t public; uint16_t public;
uint16_t *bids = NULL; uint16_t *bids = NULL;
struct GNUNET_GETOPT_CommandLineOption options[] = { struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_option_help ("benchmark a single libbrandt auction"), GNUNET_GETOPT_option_help ("benchmark a single libbrandt auction"),
{'k', "k", "NUMBER", GNUNET_GETOPT_option_uint16 (
gettext_noop ("number of prices\n"), 'k', "k", "NUMBER",
1, &GNUNET_GETOPT_option_uint, &k}, gettext_noop ("number of prices\n"),
{'n', "n", "NUMBER", &k),
gettext_noop ("number of bidders\n"), GNUNET_GETOPT_option_uint16 (
1, &GNUNET_GETOPT_option_uint, &n}, 'n', "n", "NUMBER",
{'m', "m", "NUMBER", gettext_noop ("number of bidders\n"),
gettext_noop ("number of items to sell\n" &n),
"0 for first price auction\n" GNUNET_GETOPT_option_uint16 (
">0 for vickrey/M+1st price auction"), 'm', "m", "NUMBER",
1, &GNUNET_GETOPT_option_uint, &m}, gettext_noop ("number of items to sell\n"
{'p', "public", NULL, "0 for first price auction\n"
gettext_noop ("public auction outcome"), ">0 for vickrey/M+1st price auction"),
0, &GNUNET_GETOPT_option_flag, &public}, &m),
GNUNET_GETOPT_OPTION_END GNUNET_GETOPT_option_uint16 (
}; 'p', "public", NULL,
gettext_noop ("public auction outcome"),
&public),
GNUNET_GETOPT_OPTION_END
};
if (GNUNET_OK != GNUNET_log_setup ("test_brandt", "WARNING", NULL)) if (GNUNET_OK != GNUNET_log_setup ("test_brandt", "WARNING", NULL))
return 1; return 1;
ret = GNUNET_GETOPT_run ("bench", options, (unsigned int) argc, argv); ret = GNUNET_GETOPT_run ("bench", options, (unsigned int) argc, argv);
if ((GNUNET_OK > ret) || if ((GNUNET_OK > ret) ||
(GNUNET_OK != GNUNET_log_setup ("bench", "WARNING", NULL))) (GNUNET_OK != GNUNET_log_setup ("bench", "WARNING", NULL)))
return 1; return 1;
if (n == 0) if (n == 0)
n = 4; n = 4;
if (k == 0) if (k == 0)
k = 3; k = 3;
if (!(bids = calloc(sizeof(uint16_t), n))) if (! (bids = calloc (sizeof(uint16_t), n)))
return 1; return 1;
for (uint16_t i = 0; i < n; i++) for (uint16_t i = 0; i < n; i++)
bids[i] = (uint16_t)GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, k); bids[i] = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
k);
edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16);
BRANDT_init (); BRANDT_init ();
ret = test_auction (n, k, bids, m, public); ret = test_auction (n, k, bids, m, public);
GNUNET_CRYPTO_ecc_dlog_release (edc); GNUNET_CRYPTO_ecc_dlog_release (edc);
return ret; return ret;
} }

760
brandt.c
View File

@ -30,499 +30,499 @@
void void
BRANDT_init () BRANDT_init ()
{ {
gcry_error_t err = 0; gcry_error_t err = 0;
if (!gcry_check_version ("1.7.0")) if (! gcry_check_version ("1.7.0"))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"libgcrypt version mismatch\n"); "libgcrypt version mismatch\n");
GNUNET_abort_ (); GNUNET_abort_ ();
} }
/* SECMEM cannot be resized dynamically. We do not know how much we need */ /* SECMEM cannot be resized dynamically. We do not know how much we need */
if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0))) if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"failed to set libgcrypt option DISABLE_SECMEM: %s\n", "failed to set libgcrypt option DISABLE_SECMEM: %s\n",
gcry_strerror (err)); gcry_strerror (err));
/* ecc is slow otherwise and we don't create long term keys anyway. */ /* ecc is slow otherwise and we don't create long term keys anyway. */
if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0))) if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
GNUNET_log_from ( GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING, GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s\n", "failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s\n",
gcry_strerror (err)); gcry_strerror (err));
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
brandt_crypto_init (); brandt_crypto_init ();
} }
void void
BRANDT_bidder_start (struct BRANDT_Auction *auction, BRANDT_bidder_start (struct BRANDT_Auction *auction,
uint16_t i, uint16_t i,
uint16_t n) uint16_t n)
{ {
enum auction_type atype; enum auction_type atype;
enum outcome_type outcome; enum outcome_type outcome;
unsigned char *buf; unsigned char *buf;
size_t buflen; size_t buflen;
GNUNET_assert (auction && n > 0 && i < n); GNUNET_assert (auction && n > 0 && i < n);
auction->n = n; auction->n = n;
auction->i = i; auction->i = i;
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = auction->outcome_public ? outcome_public : outcome_private; outcome = auction->outcome_public ? outcome_public : outcome_private;
if (auction_mPlusFirstPrice == atype && n <= auction->m) if (auction_mPlusFirstPrice == atype && n <= auction->m)
{ /* fewer bidders than items to sell. every bidder won with lowest price */ { /* fewer bidders than items to sell. every bidder won with lowest price */
struct BRANDT_Result *res; struct BRANDT_Result *res;
if (auction->outcome_public) if (auction->outcome_public)
{ {
res = GNUNET_new_array (n, struct BRANDT_Result); res = GNUNET_new_array (n, struct BRANDT_Result);
for (uint16_t h = 0; h < n; h++) for (uint16_t h = 0; h < n; h++)
{ {
res[h].bidder = h; res[h].bidder = h;
res[h].price = 0; res[h].price = 0;
res[h].status = BRANDT_bidder_won; res[h].status = BRANDT_bidder_won;
} }
auction->result (auction->closure, res, n); auction->result (auction->closure, res, n);
} }
else else
{ {
res = GNUNET_new (struct BRANDT_Result); res = GNUNET_new (struct BRANDT_Result);
res->bidder = i; res->bidder = i;
res->price = 0; res->price = 0;
res->status = BRANDT_bidder_won; res->status = BRANDT_bidder_won;
auction->result (auction->closure, res, 1); auction->result (auction->closure, res, 1);
} }
return; return;
} }
/* On M+1st price auctions we multiply the amount of prizes by the amount of /* On M+1st price auctions we multiply the amount of prizes by the amount of
* bidders and resctrict each bidder to his own distinct subset of the * bidders and resctrict each bidder to his own distinct subset of the
* prices. This is done for tie breaking. An additional proof is used in the * prices. This is done for tie breaking. An additional proof is used in the
* encrypt_bid round to show that the bidder has chosen a valid bid and the * encrypt_bid round to show that the bidder has chosen a valid bid and the
* outcome callback will remap the result to the original k price values. */ * outcome callback will remap the result to the original k price values. */
if (auction_mPlusFirstPrice == atype) if (auction_mPlusFirstPrice == atype)
{ {
auction->k *= n; auction->k *= n;
auction->b = auction->b * n + n - i - 1; auction->b = auction->b * n + n - i - 1;
} }
if (handler_prep[atype][outcome][msg_init]) if (handler_prep[atype][outcome][msg_init])
handler_prep[atype][outcome][msg_init] (auction); handler_prep[atype][outcome][msg_init] (auction);
if (!handler_out[atype][outcome][msg_init] || if (! handler_out[atype][outcome][msg_init] ||
!(buf = handler_out[atype][outcome][msg_init](auction, &buflen))) ! (buf = handler_out[atype][outcome][msg_init](auction, &buflen)))
{ {
/** \todo */ /** \todo */
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"wow fail out\n"); "wow fail out\n");
return; return;
} }
auction->bcast (auction->closure, buf, buflen); auction->bcast (auction->closure, buf, buflen);
gcry_mpi_set_bit (auction->round_progress, auction->i); gcry_mpi_set_bit (auction->round_progress, auction->i);
free (buf); free (buf);
} }
static void static void
seller_start (void *arg) seller_start (void *arg)
{ {
struct BRANDT_Auction *ad = (struct BRANDT_Auction *)arg; struct BRANDT_Auction *ad = (struct BRANDT_Auction *) arg;
enum auction_type atype; enum auction_type atype;
enum outcome_type outcome; enum outcome_type outcome;
ad->task = NULL; ad->task = NULL;
ad->n = ad->start (ad->closure); ad->n = ad->start (ad->closure);
if (0 == ad->n) if (0 == ad->n)
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_INFO, GNUNET_log_from (GNUNET_ERROR_TYPE_INFO,
"libbrandt", "libbrandt",
"no bidders registered for auction\n"); "no bidders registered for auction\n");
ad->result (ad->closure, NULL, 0); ad->result (ad->closure, NULL, 0);
return; return;
} }
else if (ad->n <= ad->m) else if (ad->n <= ad->m)
{ {
struct BRANDT_Result *res = GNUNET_new_array (ad->n, struct BRANDT_Result *res = GNUNET_new_array (ad->n,
struct BRANDT_Result); struct BRANDT_Result);
GNUNET_log_from (GNUNET_ERROR_TYPE_INFO, GNUNET_log_from (GNUNET_ERROR_TYPE_INFO,
"libbrandt", "libbrandt",
"less bidders than needed, selling for lowest price\n"); "less bidders than needed, selling for lowest price\n");
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
res[i].bidder = i; res[i].bidder = i;
res[i].price = 0; res[i].price = 0;
res[i].status = BRANDT_bidder_won; res[i].status = BRANDT_bidder_won;
} }
ad->result (ad->closure, res, ad->n); ad->result (ad->closure, res, ad->n);
} }
atype = ad->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; atype = ad->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = ad->outcome_public ? outcome_public : outcome_private; outcome = ad->outcome_public ? outcome_public : outcome_private;
/* On M+1st price auctions we multiply the amount of prizes by the amount of /* On M+1st price auctions we multiply the amount of prizes by the amount of
* bidders and resctrict each bidder to his own distinct subset of the * bidders and resctrict each bidder to his own distinct subset of the
* prices. This is done for tie breaking. An additional proof is used in the * prices. This is done for tie breaking. An additional proof is used in the
* encrypt_bid round to show that the bidder has chosen a valid bid and the * encrypt_bid round to show that the bidder has chosen a valid bid and the
* outcome callback will remap the result to the original k price values. */ * outcome callback will remap the result to the original k price values. */
if (auction_mPlusFirstPrice == atype) if (auction_mPlusFirstPrice == atype)
ad->k *= ad->n; ad->k *= ad->n;
if (handler_prep[atype][outcome][msg_init]) if (handler_prep[atype][outcome][msg_init])
handler_prep[atype][outcome][msg_init] (ad); handler_prep[atype][outcome][msg_init] (ad);
} }
struct BRANDT_Auction * struct BRANDT_Auction *
BRANDT_new (BRANDT_CbResult result, BRANDT_new (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast, BRANDT_CbDeliver broadcast,
BRANDT_CbStart start, BRANDT_CbStart start,
void *auction_closure, void *auction_closure,
void **auction_desc, void **auction_desc,
size_t *auction_desc_len, size_t *auction_desc_len,
struct GNUNET_TIME_Absolute time_start, struct GNUNET_TIME_Absolute time_start,
struct GNUNET_TIME_Relative time_round, struct GNUNET_TIME_Relative time_round,
uint16_t num_prices, uint16_t num_prices,
uint16_t m, uint16_t m,
int outcome_public, int outcome_public,
struct GNUNET_CRYPTO_EccDlogContext *dlogctx) struct GNUNET_CRYPTO_EccDlogContext *dlogctx)
{ {
struct BRANDT_Auction *ret; struct BRANDT_Auction *ret;
struct BRANDT_DescrP *desc; struct BRANDT_DescrP *desc;
struct GNUNET_TIME_Relative until_start; struct GNUNET_TIME_Relative until_start;
if (!(0 < num_prices)) if (! (0 < num_prices))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"num_prices must be > 0\n"); "num_prices must be > 0\n");
return NULL; return NULL;
} }
if (1 == outcome_public && NULL == dlogctx) if (1 == outcome_public && NULL == dlogctx)
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"need dlogctx for public outcome auctions\n"); "need dlogctx for public outcome auctions\n");
return NULL; return NULL;
} }
desc = GNUNET_new (struct BRANDT_DescrP); desc = GNUNET_new (struct BRANDT_DescrP);
desc->time_start = GNUNET_TIME_absolute_hton (time_start); desc->time_start = GNUNET_TIME_absolute_hton (time_start);
desc->time_round = GNUNET_TIME_relative_hton (time_round); desc->time_round = GNUNET_TIME_relative_hton (time_round);
desc->k = htons (num_prices); desc->k = htons (num_prices);
desc->m = htons (m); desc->m = htons (m);
desc->outcome_public = htons (outcome_public); desc->outcome_public = htons (outcome_public);
ret = GNUNET_new (struct BRANDT_Auction); ret = GNUNET_new (struct BRANDT_Auction);
ret->time_start = time_start; ret->time_start = time_start;
ret->time_round = time_round; ret->time_round = time_round;
ret->k = num_prices; ret->k = num_prices;
ret->m = m; ret->m = m;
ret->outcome_public = outcome_public; ret->outcome_public = outcome_public;
ret->cur_round = msg_init; ret->cur_round = msg_init;
ret->round_progress = gcry_mpi_new (256); ret->round_progress = gcry_mpi_new (256);
ret->dlogctx = dlogctx; ret->dlogctx = dlogctx;
/* we are the seller */ /* we are the seller */
ret->seller_mode = 1; ret->seller_mode = 1;
/* callback interface with application */ /* callback interface with application */
ret->closure = auction_closure; ret->closure = auction_closure;
ret->bcast = broadcast; ret->bcast = broadcast;
ret->result = result; ret->result = result;
ret->start = start; ret->start = start;
until_start = GNUNET_TIME_absolute_get_remaining (time_start); until_start = GNUNET_TIME_absolute_get_remaining (time_start);
ret->task = GNUNET_SCHEDULER_add_delayed (until_start, ret->task = GNUNET_SCHEDULER_add_delayed (until_start,
&seller_start, &seller_start,
ret); ret);
*auction_desc_len = sizeof (struct BRANDT_DescrP); *auction_desc_len = sizeof (struct BRANDT_DescrP);
*auction_desc = desc; *auction_desc = desc;
return ret; return ret;
} }
int int
BRANDT_parse_desc (const void *auction_desc, BRANDT_parse_desc (const void *auction_desc,
size_t auction_desc_len, size_t auction_desc_len,
struct GNUNET_TIME_Absolute *time_start, struct GNUNET_TIME_Absolute *time_start,
struct GNUNET_TIME_Relative *time_round, struct GNUNET_TIME_Relative *time_round,
uint16_t *num_prices, uint16_t *num_prices,
uint16_t *m, uint16_t *m,
uint16_t *outcome_public) uint16_t *outcome_public)
{ {
const struct BRANDT_DescrP *desc = auction_desc; const struct BRANDT_DescrP *desc = auction_desc;
const uint32_t zero = 0; const uint32_t zero = 0;
if (sizeof (struct BRANDT_DescrP) != auction_desc_len) if (sizeof (struct BRANDT_DescrP) != auction_desc_len)
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"auction desc struct size mismatch\n"); "auction desc struct size mismatch\n");
return -1; return -1;
} }
if (0 != memcmp (&desc->reserved, &zero, sizeof (desc->reserved))) if (0 != memcmp (&desc->reserved, &zero, sizeof (desc->reserved)))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"reserved field in auction description must be zero\n"); "reserved field in auction description must be zero\n");
return -1; return -1;
} }
if (time_start) if (time_start)
*time_start = GNUNET_TIME_absolute_ntoh (desc->time_start); *time_start = GNUNET_TIME_absolute_ntoh (desc->time_start);
if (time_round) if (time_round)
*time_round = GNUNET_TIME_relative_ntoh (desc->time_round); *time_round = GNUNET_TIME_relative_ntoh (desc->time_round);
if (num_prices) if (num_prices)
*num_prices = ntohs (desc->k); *num_prices = ntohs (desc->k);
if (m) if (m)
*m = ntohs (desc->m); *m = ntohs (desc->m);
if (outcome_public) if (outcome_public)
*outcome_public = ntohs (desc->outcome_public); *outcome_public = ntohs (desc->outcome_public);
return 0; return 0;
} }
struct BRANDT_Auction * struct BRANDT_Auction *
BRANDT_join (BRANDT_CbResult result, BRANDT_join (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast, BRANDT_CbDeliver broadcast,
BRANDT_CbDeliver unicast, BRANDT_CbDeliver unicast,
void *auction_closure, void *auction_closure,
const void *auction_desc, const void *auction_desc,
size_t auction_desc_len, size_t auction_desc_len,
uint16_t bid, uint16_t bid,
struct GNUNET_CRYPTO_EccDlogContext *dlogctx) struct GNUNET_CRYPTO_EccDlogContext *dlogctx)
{ {
struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction); struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction);
if (0 != BRANDT_parse_desc (auction_desc, if (0 != BRANDT_parse_desc (auction_desc,
auction_desc_len, auction_desc_len,
&ret->time_start, &ret->time_start,
&ret->time_round, &ret->time_round,
&ret->k, &ret->k,
&ret->m, &ret->m,
&ret->outcome_public)) &ret->outcome_public))
{ {
GNUNET_free (ret); GNUNET_free (ret);
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"failed to parse auction description blob\n"); "failed to parse auction description blob\n");
return NULL; return NULL;
} }
if (1 == ret->outcome_public && NULL == dlogctx) if (1 == ret->outcome_public && NULL == dlogctx)
{ {
GNUNET_free (ret); GNUNET_free (ret);
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"need dlogctx for public outcome auctions\n"); "need dlogctx for public outcome auctions\n");
return NULL; return NULL;
} }
ret->cur_round = msg_init; ret->cur_round = msg_init;
ret->round_progress = gcry_mpi_new (256); ret->round_progress = gcry_mpi_new (256);
ret->b = bid; ret->b = bid;
ret->dlogctx = dlogctx; ret->dlogctx = dlogctx;
/* we are the seller */ /* we are the seller */
ret->seller_mode = 0; ret->seller_mode = 0;
/* callback interface with application */ /* callback interface with application */
ret->closure = auction_closure; ret->closure = auction_closure;
ret->bcast = broadcast; ret->bcast = broadcast;
ret->ucast = unicast; ret->ucast = unicast;
ret->result = result; ret->result = result;
return ret; return ret;
} }
void void
BRANDT_destroy (struct BRANDT_Auction *auction) BRANDT_destroy (struct BRANDT_Auction *auction)
{ {
if (auction->task) if (auction->task)
GNUNET_SCHEDULER_cancel (auction->task); GNUNET_SCHEDULER_cancel (auction->task);
gcry_mpi_release (auction->round_progress); gcry_mpi_release (auction->round_progress);
gcry_mpi_release (auction->x); gcry_mpi_release (auction->x);
smc_free1 (auction->y, auction->n); smc_free1 (auction->y, auction->n);
gcry_mpi_point_release (auction->Y); gcry_mpi_point_release (auction->Y);
smc_free2 (auction->alpha, auction->n, auction->k); smc_free2 (auction->alpha, auction->n, auction->k);
smc_free2 (auction->beta, auction->n, auction->k); smc_free2 (auction->beta, auction->n, auction->k);
smc_free2 (auction->gamma2, auction->n, auction->k); smc_free2 (auction->gamma2, auction->n, auction->k);
smc_free2 (auction->delta2, auction->n, auction->k); smc_free2 (auction->delta2, auction->n, auction->k);
smc_free2 (auction->phi2, auction->n, auction->k); smc_free2 (auction->phi2, auction->n, auction->k);
free (auction->phiproofs3); free (auction->phiproofs3);
smc_free1 (auction->tmpa1, auction->k); smc_free1 (auction->tmpa1, auction->k);
smc_free1 (auction->tmpb1, auction->k); smc_free1 (auction->tmpb1, auction->k);
if (auction->m > 0 && auction->outcome_public) if (auction->m > 0 && auction->outcome_public)
{ {
smc_free3 (auction->gamma3, auction->n, 2, auction->k); smc_free3 (auction->gamma3, auction->n, 2, auction->k);
smc_free3 (auction->delta3, auction->n, 2, auction->k); smc_free3 (auction->delta3, auction->n, 2, auction->k);
smc_free3 (auction->phi3, auction->n, 2, auction->k); smc_free3 (auction->phi3, auction->n, 2, auction->k);
} }
else else
{ {
smc_free3 (auction->gamma3, auction->n, auction->n, auction->k); smc_free3 (auction->gamma3, auction->n, auction->n, auction->k);
smc_free3 (auction->delta3, auction->n, auction->n, auction->k); smc_free3 (auction->delta3, auction->n, auction->n, auction->k);
smc_free3 (auction->phi3, auction->n, auction->n, auction->k); smc_free3 (auction->phi3, auction->n, auction->n, auction->k);
} }
} }
static void static void
report_outcome (struct BRANDT_Auction *ad, report_outcome (struct BRANDT_Auction *ad,
enum auction_type atype, enum auction_type atype,
enum outcome_type outcome) enum outcome_type outcome)
{ {
struct BRANDT_Result *res; struct BRANDT_Result *res;
uint16_t reslen = 0; uint16_t reslen = 0;
if (!handler_res[atype][outcome] || if (! handler_res[atype][outcome] ||
!(res = handler_res[atype][outcome] (ad, &reslen))) ! (res = handler_res[atype][outcome] (ad, &reslen)))
ad->result (ad->closure, NULL, 0); ad->result (ad->closure, NULL, 0);
else else
ad->result (ad->closure, res, reslen); ad->result (ad->closure, res, reslen);
} }
static void static void
advance_round (struct BRANDT_Auction *ad, advance_round (struct BRANDT_Auction *ad,
enum auction_type atype, enum auction_type atype,
enum outcome_type outcome) enum outcome_type outcome)
{ {
unsigned char *buf; unsigned char *buf;
size_t buflen; size_t buflen;
if (!ad->seller_mode && msg_decrypt == ad->cur_round && !outcome) if (! ad->seller_mode && msg_decrypt == ad->cur_round && ! outcome)
{ {
/* we are a bidder on a private outcome auction and /* we are a bidder on a private outcome auction and
* successfully parsed the msg_decrypt from the seller * successfully parsed the msg_decrypt from the seller
* => we can determine the auction result */ * => we can determine the auction result */
report_outcome (ad, atype, outcome); report_outcome (ad, atype, outcome);
return; return;
} }
/* only continue if the round is complete */ /* only continue if the round is complete */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
if (!gcry_mpi_test_bit (ad->round_progress, i)) if (! gcry_mpi_test_bit (ad->round_progress, i))
return; return;
if (ad->seller_mode && msg_decrypt == ad->cur_round && !ad->outcome_public) if (ad->seller_mode && msg_decrypt == ad->cur_round && ! ad->outcome_public)
{ {
/* all bidders msg_decrypt received, broadcast combined msg_decrypt */ /* all bidders msg_decrypt received, broadcast combined msg_decrypt */
if (!handler_out[atype][outcome][ad->cur_round] || if (! handler_out[atype][outcome][ad->cur_round] ||
!(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen))) ! (buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"failed to create msg %d buffer as seller\n", "failed to create msg %d buffer as seller\n",
ad->cur_round); ad->cur_round);
return; return;
} }
ad->bcast (ad->closure, buf, buflen); ad->bcast (ad->closure, buf, buflen);
} }
if (msg_decrypt == ad->cur_round) if (msg_decrypt == ad->cur_round)
{ {
report_outcome (ad, atype, outcome); report_outcome (ad, atype, outcome);
return; return;
} }
/* round complete, advance to next one */ /* round complete, advance to next one */
gcry_mpi_clear_highbit (ad->round_progress, 0); gcry_mpi_clear_highbit (ad->round_progress, 0);
ad->cur_round++; ad->cur_round++;
/* prepare next round. */ /* prepare next round. */
if (handler_prep[atype][outcome][ad->cur_round]) if (handler_prep[atype][outcome][ad->cur_round])
handler_prep[atype][outcome][ad->cur_round] (ad); handler_prep[atype][outcome][ad->cur_round] (ad);
if (ad->seller_mode) if (ad->seller_mode)
{ {
/** \todo: setup round timeout trigger */ /** \todo: setup round timeout trigger */
/* seller does not send regular messages */ /* seller does not send regular messages */
return; return;
} }
/* create next message buffer */ /* create next message buffer */
if (!handler_out[atype][outcome][ad->cur_round] || if (! handler_out[atype][outcome][ad->cur_round] ||
!(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen))) ! (buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"failed to create msg %d buffer as bidder\n", "failed to create msg %d buffer as bidder\n",
ad->cur_round); ad->cur_round);
return; return;
} }
/* msg_decrypt unicast to seller if private outcome mode. /* msg_decrypt unicast to seller if private outcome mode.
* All other messages are broadcasted */ * All other messages are broadcasted */
if (msg_decrypt == ad->cur_round && !outcome) if (msg_decrypt == ad->cur_round && ! outcome)
ad->ucast (ad->closure, buf, buflen); ad->ucast (ad->closure, buf, buflen);
else else
ad->bcast (ad->closure, buf, buflen); ad->bcast (ad->closure, buf, buflen);
gcry_mpi_set_bit (ad->round_progress, ad->i); gcry_mpi_set_bit (ad->round_progress, ad->i);
} }
void void
BRANDT_got_message (struct BRANDT_Auction *auction, BRANDT_got_message (struct BRANDT_Auction *auction,
uint16_t sender, uint16_t sender,
const unsigned char *msg, const unsigned char *msg,
size_t msg_len) size_t msg_len)
{ {
struct msg_head *head = (struct msg_head *)msg; struct msg_head *head = (struct msg_head *) msg;
enum auction_type atype; enum auction_type atype;
enum outcome_type outcome; enum outcome_type outcome;
enum rounds round = auction->cur_round; enum rounds round = auction->cur_round;
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = auction->outcome_public ? outcome_public : outcome_private; outcome = auction->outcome_public ? outcome_public : outcome_private;
/** \todo: cache out of order messages instead of discarding */ /** \todo: cache out of order messages instead of discarding */
if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0) if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0)
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"got unexpected message, ignoring...\n"); "got unexpected message, ignoring...\n");
return; return;
} }
/* check if we already got that round message from the same user */ /* check if we already got that round message from the same user */
if (gcry_mpi_test_bit (auction->round_progress, sender)) if (gcry_mpi_test_bit (auction->round_progress, sender))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"got a duplicate message from user %d\n", sender); "got a duplicate message from user %d\n", sender);
return; return;
} }
if (!handler_in[atype][outcome][round] || if (! handler_in[atype][outcome][round] ||
!handler_in[atype][outcome][round](auction, ! handler_in[atype][outcome][round](auction,
msg + sizeof (*head), msg + sizeof (*head),
msg_len - sizeof (*head), msg_len - sizeof (*head),
sender)) sender))
{ {
/** \todo */ /** \todo */
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"wow fail in\n"); "wow fail in\n");
return; return;
} }
gcry_mpi_set_bit (auction->round_progress, sender); gcry_mpi_set_bit (auction->round_progress, sender);
advance_round (auction, atype, outcome); advance_round (auction, atype, outcome);
} }

View File

@ -32,24 +32,26 @@
struct BRANDT_Auction; struct BRANDT_Auction;
/** Enumeration of all possible status reports for a single bidder */ /** Enumeration of all possible status reports for a single bidder */
enum BRANDT_BidderStatus { enum BRANDT_BidderStatus
BRANDT_bidder_won, {
BRANDT_bidder_won,
}; };
/** /**
* An array of this struct is given to the application by the BRANDT_CbResult() * An array of this struct is given to the application by the BRANDT_CbResult()
* callback. One instance represents the status of a single bidder. * callback. One instance represents the status of a single bidder.
*/ */
struct BRANDT_Result { struct BRANDT_Result
/** Id of the bidder this instance refers to */ {
uint16_t bidder; /** Id of the bidder this instance refers to */
uint16_t bidder;
/** The price the bidder has to pay. This value is only set if the #status /** The price the bidder has to pay. This value is only set if the #status
* indicates the bidder has won. */ * indicates the bidder has won. */
uint16_t price; uint16_t price;
/** Status of the bidder */ /** Status of the bidder */
enum BRANDT_BidderStatus status; enum BRANDT_BidderStatus status;
}; };
/** /**
@ -85,7 +87,7 @@ typedef uint16_t
typedef int typedef int
(*BRANDT_CbDeliver)(void *auction_closure, (*BRANDT_CbDeliver)(void *auction_closure,
const void *msg, const void *msg,
size_t msg_len); size_t msg_len);
/** /**
@ -104,7 +106,7 @@ typedef int
typedef void typedef void
(*BRANDT_CbResult)(void *auction_closure, (*BRANDT_CbResult)(void *auction_closure,
struct BRANDT_Result results[], struct BRANDT_Result results[],
uint16_t results_len); uint16_t results_len);
void void
@ -126,7 +128,7 @@ BRANDT_init ();
*/ */
int int
BRANDT_parse_desc (const void *auction_desc, BRANDT_parse_desc (const void *auction_desc,
size_t auction_desc_len, size_t auction_desc_len,
struct GNUNET_TIME_Absolute *time_start, struct GNUNET_TIME_Absolute *time_start,
struct GNUNET_TIME_Relative *time_round, struct GNUNET_TIME_Relative *time_round,
uint16_t *num_prices, uint16_t *num_prices,
@ -156,13 +158,13 @@ BRANDT_parse_desc (const void *auction_desc,
* black-box pointer, do NOT dereference/change it or the data it points to! * black-box pointer, do NOT dereference/change it or the data it points to!
*/ */
struct BRANDT_Auction * struct BRANDT_Auction *
BRANDT_join (BRANDT_CbResult result, BRANDT_join (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast, BRANDT_CbDeliver broadcast,
BRANDT_CbDeliver unicast, BRANDT_CbDeliver unicast,
void *auction_closure, void *auction_closure,
const void *auction_desc, const void *auction_desc,
size_t auction_desc_len, size_t auction_desc_len,
uint16_t bid, uint16_t bid,
struct GNUNET_CRYPTO_EccDlogContext *dlogctx); struct GNUNET_CRYPTO_EccDlogContext *dlogctx);
@ -201,17 +203,17 @@ BRANDT_join (BRANDT_CbResult result,
* black-box pointer, do NOT dereference/change it or the data it points to! * black-box pointer, do NOT dereference/change it or the data it points to!
*/ */
struct BRANDT_Auction * struct BRANDT_Auction *
BRANDT_new (BRANDT_CbResult result, BRANDT_new (BRANDT_CbResult result,
BRANDT_CbDeliver broadcast, BRANDT_CbDeliver broadcast,
BRANDT_CbStart start, BRANDT_CbStart start,
void *auction_closure, void *auction_closure,
void **auction_desc, void **auction_desc,
size_t *auction_desc_len, size_t *auction_desc_len,
struct GNUNET_TIME_Absolute time_start, struct GNUNET_TIME_Absolute time_start,
struct GNUNET_TIME_Relative time_round, struct GNUNET_TIME_Relative time_round,
uint16_t num_prices, uint16_t num_prices,
uint16_t m, uint16_t m,
int outcome_public, int outcome_public,
struct GNUNET_CRYPTO_EccDlogContext *dlogctx); struct GNUNET_CRYPTO_EccDlogContext *dlogctx);
@ -226,8 +228,8 @@ BRANDT_new (BRANDT_CbResult result,
*/ */
void void
BRANDT_bidder_start (struct BRANDT_Auction *auction, BRANDT_bidder_start (struct BRANDT_Auction *auction,
uint16_t i, uint16_t i,
uint16_t n); uint16_t n);
/** /**
@ -253,9 +255,9 @@ BRANDT_destroy (struct BRANDT_Auction *auction);
*/ */
void void
BRANDT_got_message (struct BRANDT_Auction *auction, BRANDT_got_message (struct BRANDT_Auction *auction,
uint16_t sender, uint16_t sender,
const unsigned char *msg, const unsigned char *msg,
size_t msg_len); size_t msg_len);
/**\todo: Error handling functions? */ /**\todo: Error handling functions? */

1639
crypto.c

File diff suppressed because it is too large Load Diff

329
crypto.h
View File

@ -37,69 +37,85 @@ void brandt_crypto_init ();
/* used for serialized mpis and serialized curve points (they are the same size /* used for serialized mpis and serialized curve points (they are the same size
* when compressed) */ * when compressed) */
struct ec_mpi { struct ec_mpi
unsigned char data[256 / 8]; {
unsigned char data[256 / 8];
}; };
void ec_point_serialize (struct ec_mpi *dst, const gcry_mpi_point_t src); void ec_point_serialize (struct ec_mpi *dst, const gcry_mpi_point_t src);
void ec_point_parse (gcry_mpi_point_t dst, const struct ec_mpi *src); void ec_point_parse (gcry_mpi_point_t dst, const struct ec_mpi *src);
gcry_mpi_point_t *smc_init1 (uint16_t size1); gcry_mpi_point_t *smc_init1 (uint16_t size1);
gcry_mpi_point_t **smc_init2 (uint16_t size1, uint16_t size2); gcry_mpi_point_t **smc_init2 (uint16_t size1, uint16_t size2);
gcry_mpi_point_t ***smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3); gcry_mpi_point_t ***smc_init3 (uint16_t size1, uint16_t size2, uint16_t size3);
void smc_free1 (gcry_mpi_point_t *dst, uint16_t size1); void smc_free1 (gcry_mpi_point_t *dst, uint16_t size1);
void smc_free2 (gcry_mpi_point_t **dst, uint16_t size1, uint16_t size2); void smc_free2 (gcry_mpi_point_t **dst, uint16_t size1, uint16_t size2);
void smc_free3 (gcry_mpi_point_t ***dst, void smc_free3 (gcry_mpi_point_t ***dst,
uint16_t size1, uint16_t size1,
uint16_t size2, uint16_t size2,
uint16_t size3); uint16_t size3);
void smc_sums_partial (gcry_mpi_point_t out[], void smc_sums_partial (gcry_mpi_point_t out[],
gcry_mpi_point_t in[], gcry_mpi_point_t in[],
uint16_t len, uint16_t len,
uint16_t stepi, uint16_t stepi,
uint16_t stepo); uint16_t stepo);
void smc_sum (gcry_mpi_point_t out, void smc_sum (gcry_mpi_point_t out,
gcry_mpi_point_t in[], gcry_mpi_point_t in[],
uint16_t len, uint16_t len,
uint16_t step); uint16_t step);
void ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src); void ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src);
int ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b); int ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b);
void ec_skey_create (gcry_mpi_t skey); void ec_skey_create (gcry_mpi_t skey);
void ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey); void ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey);
void ec_keypair_create_base (gcry_mpi_point_t pkey,
gcry_mpi_t skey, void ec_keypair_create_base (gcry_mpi_point_t pkey,
gcry_mpi_t skey,
const gcry_mpi_point_t base); const gcry_mpi_point_t base);
/* --- Zero knowledge proofs --- */ /* --- Zero knowledge proofs --- */
struct proof_dl { struct proof_dl
struct ec_mpi r; {
struct ec_mpi a; struct ec_mpi r;
struct ec_mpi a;
}; };
struct proof_2dle { struct proof_2dle
struct ec_mpi r; {
struct ec_mpi a; struct ec_mpi r;
struct ec_mpi b; struct ec_mpi a;
struct ec_mpi b;
}; };
struct proof_0og { struct proof_0og
struct ec_mpi a1; {
struct ec_mpi a2; struct ec_mpi a1;
struct ec_mpi b1; struct ec_mpi a2;
struct ec_mpi b2; struct ec_mpi b1;
struct ec_mpi d1; struct ec_mpi b2;
struct ec_mpi d2; struct ec_mpi d1;
struct ec_mpi r1; struct ec_mpi d2;
struct ec_mpi r2; struct ec_mpi r1;
struct ec_mpi r2;
}; };
void smc_zkp_dl (gcry_mpi_point_t v, void smc_zkp_dl (gcry_mpi_point_t v,
const gcry_mpi_t x, const gcry_mpi_t x,
struct proof_dl *proof); struct proof_dl *proof);
int smc_zkp_dl_check (const gcry_mpi_point_t v, int smc_zkp_dl_check (const gcry_mpi_point_t v,
const struct proof_dl *proof); const struct proof_dl *proof);
@ -107,20 +123,22 @@ void smc_zkp_2dle (const gcry_mpi_point_t v,
const gcry_mpi_point_t w, const gcry_mpi_point_t w,
const gcry_mpi_point_t g1, const gcry_mpi_point_t g1,
const gcry_mpi_point_t g2, const gcry_mpi_point_t g2,
const gcry_mpi_t x, const gcry_mpi_t x,
struct proof_2dle *proof); struct proof_2dle *proof);
int smc_zkp_2dle_check (const gcry_mpi_point_t v,
const gcry_mpi_point_t w, int smc_zkp_2dle_check (const gcry_mpi_point_t v,
const gcry_mpi_point_t g1, const gcry_mpi_point_t w,
const gcry_mpi_point_t g2, const gcry_mpi_point_t g1,
const gcry_mpi_point_t g2,
const struct proof_2dle *proof); const struct proof_2dle *proof);
void smc_zkp_0og (int m_is_gen, void smc_zkp_0og (int m_is_gen,
const gcry_mpi_point_t y, const gcry_mpi_point_t y,
gcry_mpi_t r, gcry_mpi_t r,
gcry_mpi_point_t alpha, gcry_mpi_point_t alpha,
gcry_mpi_point_t beta, gcry_mpi_point_t beta,
struct proof_0og *proof); struct proof_0og *proof);
int smc_zkp_0og_check (const gcry_mpi_point_t y, int smc_zkp_0og_check (const gcry_mpi_point_t y,
const gcry_mpi_point_t alpha, const gcry_mpi_point_t alpha,
const gcry_mpi_point_t beta, const gcry_mpi_point_t beta,
@ -130,53 +148,65 @@ int smc_zkp_0og_check (const gcry_mpi_point_t y,
/* --- Protocol implementation --- */ /* --- Protocol implementation --- */
void smc_prep_keyshare (struct BRANDT_Auction *ad); void smc_prep_keyshare (struct BRANDT_Auction *ad);
unsigned char *smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen); unsigned char *smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen);
int smc_recv_keyshare (struct BRANDT_Auction *ad, int smc_recv_keyshare (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender_index); uint16_t sender_index);
void smc_prep_bid (struct BRANDT_Auction *ad); void smc_prep_bid (struct BRANDT_Auction *ad);
unsigned char *smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen); unsigned char *smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen);
int smc_recv_encrypted_bid (struct BRANDT_Auction *ad, int smc_recv_encrypted_bid (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender_index); uint16_t sender_index);
void fp_priv_prep_outcome (struct BRANDT_Auction *ad); void fp_priv_prep_outcome (struct BRANDT_Auction *ad);
unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad, unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad,
size_t *buflen); size_t *buflen);
int fp_priv_recv_outcome (struct BRANDT_Auction *ad, int fp_priv_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender); uint16_t sender);
void fp_priv_prep_decryption (struct BRANDT_Auction *ad); void fp_priv_prep_decryption (struct BRANDT_Auction *ad);
unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad,
size_t *buflen); size_t *buflen);
int fp_priv_recv_decryption (struct BRANDT_Auction *ad, int fp_priv_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender); uint16_t sender);
struct BRANDT_Result *fp_priv_determine_outcome (struct BRANDT_Auction *ad, struct BRANDT_Result *fp_priv_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len); uint16_t *len);
void fp_pub_prep_outcome (struct BRANDT_Auction *ad); void fp_pub_prep_outcome (struct BRANDT_Auction *ad);
unsigned char *fp_pub_compute_outcome (struct BRANDT_Auction *ad, unsigned char *fp_pub_compute_outcome (struct BRANDT_Auction *ad,
size_t *buflen); size_t *buflen);
int fp_pub_recv_outcome (struct BRANDT_Auction *ad, int fp_pub_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender); uint16_t sender);
void fp_pub_prep_decryption (struct BRANDT_Auction *ad); void fp_pub_prep_decryption (struct BRANDT_Auction *ad);
unsigned char *fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, unsigned char *fp_pub_decrypt_outcome (struct BRANDT_Auction *ad,
size_t *buflen); size_t *buflen);
int fp_pub_recv_decryption (struct BRANDT_Auction *ad, int fp_pub_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender); uint16_t sender);
struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad, struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len); uint16_t *len);
@ -189,20 +219,24 @@ struct BRANDT_Result *mp_priv_determine_outcome (struct BRANDT_Auction *ad,
void mp_pub_prep_outcome (struct BRANDT_Auction *ad); void mp_pub_prep_outcome (struct BRANDT_Auction *ad);
unsigned char *mp_pub_compute_outcome (struct BRANDT_Auction *ad, unsigned char *mp_pub_compute_outcome (struct BRANDT_Auction *ad,
size_t *buflen); size_t *buflen);
int mp_pub_recv_outcome (struct BRANDT_Auction *ad, int mp_pub_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender); uint16_t sender);
void mp_pub_prep_decryption (struct BRANDT_Auction *ad); void mp_pub_prep_decryption (struct BRANDT_Auction *ad);
unsigned char *mp_pub_decrypt_outcome (struct BRANDT_Auction *ad, unsigned char *mp_pub_decrypt_outcome (struct BRANDT_Auction *ad,
size_t *buflen); size_t *buflen);
int mp_pub_recv_decryption (struct BRANDT_Auction *ad, int mp_pub_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender); uint16_t sender);
struct BRANDT_Result *mp_pub_determine_outcome (struct BRANDT_Auction *ad, struct BRANDT_Result *mp_pub_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len); uint16_t *len);
@ -216,8 +250,8 @@ typedef void
typedef int typedef int
(*MsgIn)(struct BRANDT_Auction *ad, (*MsgIn)(struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender); uint16_t sender);
typedef unsigned char * typedef unsigned char *
@ -241,34 +275,34 @@ typedef struct BRANDT_Result *
static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = { static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = {
[auction_firstPrice] = { [auction_firstPrice] = {
[outcome_private] = { [outcome_private] = {
[msg_init] = &smc_prep_keyshare, [msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid, [msg_bid] = &smc_prep_bid,
[msg_outcome] = &fp_priv_prep_outcome, [msg_outcome] = &fp_priv_prep_outcome,
[msg_decrypt] = &fp_priv_prep_decryption, [msg_decrypt] = &fp_priv_prep_decryption,
}, },
[outcome_public] = { [outcome_public] = {
[msg_init] = &smc_prep_keyshare, [msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid, [msg_bid] = &smc_prep_bid,
[msg_outcome] = &fp_pub_prep_outcome, [msg_outcome] = &fp_pub_prep_outcome,
[msg_decrypt] = &fp_pub_prep_decryption, [msg_decrypt] = &fp_pub_prep_decryption,
}, },
}, },
[auction_mPlusFirstPrice] = { [auction_mPlusFirstPrice] = {
[outcome_private] = { [outcome_private] = {
[msg_init] = &smc_prep_keyshare, [msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid, [msg_bid] = &smc_prep_bid,
[msg_outcome] = &mp_priv_prep_outcome, [msg_outcome] = &mp_priv_prep_outcome,
[msg_decrypt] = &fp_priv_prep_decryption, [msg_decrypt] = &fp_priv_prep_decryption,
}, },
[outcome_public] = { [outcome_public] = {
[msg_init] = &smc_prep_keyshare, [msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid, [msg_bid] = &smc_prep_bid,
[msg_outcome] = &mp_pub_prep_outcome, [msg_outcome] = &mp_pub_prep_outcome,
[msg_decrypt] = &mp_pub_prep_decryption, [msg_decrypt] = &mp_pub_prep_decryption,
}, },
}, },
}; };
@ -283,34 +317,34 @@ static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = {
* of 0 means a private outcome, while a value of 1 means public outcome. * of 0 means a private outcome, while a value of 1 means public outcome.
*/ */
static const MsgIn handler_in[auction_last][outcome_last][msg_last] = { static const MsgIn handler_in[auction_last][outcome_last][msg_last] = {
[auction_firstPrice] = { [auction_firstPrice] = {
[outcome_private] = { [outcome_private] = {
[msg_init] = &smc_recv_keyshare, [msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid, [msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_priv_recv_outcome, [msg_outcome] = &fp_priv_recv_outcome,
[msg_decrypt] = &fp_priv_recv_decryption, [msg_decrypt] = &fp_priv_recv_decryption,
}, },
[outcome_public] = { [outcome_public] = {
[msg_init] = &smc_recv_keyshare, [msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid, [msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_pub_recv_outcome, [msg_outcome] = &fp_pub_recv_outcome,
[msg_decrypt] = &fp_pub_recv_decryption, [msg_decrypt] = &fp_pub_recv_decryption,
}, },
}, },
[auction_mPlusFirstPrice] = { [auction_mPlusFirstPrice] = {
[outcome_private] = { [outcome_private] = {
[msg_init] = &smc_recv_keyshare, [msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid, [msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &fp_priv_recv_outcome, [msg_outcome] = &fp_priv_recv_outcome,
[msg_decrypt] = &fp_priv_recv_decryption, [msg_decrypt] = &fp_priv_recv_decryption,
}, },
[outcome_public] = { [outcome_public] = {
[msg_init] = &smc_recv_keyshare, [msg_init] = &smc_recv_keyshare,
[msg_bid] = &smc_recv_encrypted_bid, [msg_bid] = &smc_recv_encrypted_bid,
[msg_outcome] = &mp_pub_recv_outcome, [msg_outcome] = &mp_pub_recv_outcome,
[msg_decrypt] = &mp_pub_recv_decryption, [msg_decrypt] = &mp_pub_recv_decryption,
}, },
}, },
}; };
@ -326,34 +360,34 @@ static const MsgIn handler_in[auction_last][outcome_last][msg_last] = {
* of 0 means a private outcome, while a value of 1 means public outcome. * of 0 means a private outcome, while a value of 1 means public outcome.
*/ */
static const MsgOut handler_out[auction_last][outcome_last][msg_last] = { static const MsgOut handler_out[auction_last][outcome_last][msg_last] = {
[auction_firstPrice] = { [auction_firstPrice] = {
[outcome_private] = { [outcome_private] = {
[msg_init] = &smc_gen_keyshare, [msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid, [msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_priv_compute_outcome, [msg_outcome] = &fp_priv_compute_outcome,
[msg_decrypt] = &fp_priv_decrypt_outcome, [msg_decrypt] = &fp_priv_decrypt_outcome,
}, },
[outcome_public] = { [outcome_public] = {
[msg_init] = &smc_gen_keyshare, [msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid, [msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_pub_compute_outcome, [msg_outcome] = &fp_pub_compute_outcome,
[msg_decrypt] = &fp_pub_decrypt_outcome, [msg_decrypt] = &fp_pub_decrypt_outcome,
}, },
}, },
[auction_mPlusFirstPrice] = { [auction_mPlusFirstPrice] = {
[outcome_private] = { [outcome_private] = {
[msg_init] = &smc_gen_keyshare, [msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid, [msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &fp_priv_compute_outcome, [msg_outcome] = &fp_priv_compute_outcome,
[msg_decrypt] = &fp_priv_decrypt_outcome, [msg_decrypt] = &fp_priv_decrypt_outcome,
}, },
[outcome_public] = { [outcome_public] = {
[msg_init] = &smc_gen_keyshare, [msg_init] = &smc_gen_keyshare,
[msg_bid] = &smc_encrypt_bid, [msg_bid] = &smc_encrypt_bid,
[msg_outcome] = &mp_pub_compute_outcome, [msg_outcome] = &mp_pub_compute_outcome,
[msg_decrypt] = &mp_pub_decrypt_outcome, [msg_decrypt] = &mp_pub_decrypt_outcome,
}, },
}, },
}; };
/** /**
@ -368,16 +402,15 @@ static const MsgOut handler_out[auction_last][outcome_last][msg_last] = {
* of 0 means a private outcome, while a value of 1 means public outcome. * of 0 means a private outcome, while a value of 1 means public outcome.
*/ */
static const Result handler_res[auction_last][outcome_last] = { static const Result handler_res[auction_last][outcome_last] = {
[auction_firstPrice] = { [auction_firstPrice] = {
[outcome_private] = &fp_priv_determine_outcome, [outcome_private] = &fp_priv_determine_outcome,
[outcome_public] = &fp_pub_determine_outcome, [outcome_public] = &fp_pub_determine_outcome,
}, },
[auction_mPlusFirstPrice] = { [auction_mPlusFirstPrice] = {
[outcome_private] = &mp_priv_determine_outcome, [outcome_private] = &mp_priv_determine_outcome,
[outcome_public] = &mp_pub_determine_outcome, [outcome_public] = &mp_pub_determine_outcome,
}, },
}; };
#endif /* ifndef _BRANDT_CRYPTO_H */ #endif /* ifndef _BRANDT_CRYPTO_H */

842
fp_priv.c
View File

@ -32,115 +32,115 @@
void void
fp_priv_prep_outcome (struct BRANDT_Auction *ad) fp_priv_prep_outcome (struct BRANDT_Auction *ad)
{ {
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1; gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1; gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2; gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2; gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3; gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3; gcry_mpi_point_t **tltb3;
ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k); ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->gamma3); brandt_assert (ad->gamma3);
ad->delta3 = smc_init3 (ad->n, ad->n, ad->k); ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->delta3); brandt_assert (ad->delta3);
/* create temporary lookup tables with partial sums */ /* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k); tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k); tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k); tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k); tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k); tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k); tltb3 = smc_init2 (ad->n, ad->k);
/* temporary lookup table for first summand (no one has a higher bid) */ /* temporary lookup table for first summand (no one has a higher bid) */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1); smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1); smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gcry_mpi_ec_sub (tlta3[i][j], gcry_mpi_ec_sub (tlta3[i][j],
tlta2[i][ad->k - 1], tlta2[i][ad->k - 1],
tlta2[i][j], tlta2[i][j],
ec_ctx); ec_ctx);
gcry_mpi_ec_sub (tltb3[i][j], gcry_mpi_ec_sub (tltb3[i][j],
tltb2[i][ad->k - 1], tltb2[i][ad->k - 1],
tltb2[i][j], tltb2[i][j],
ec_ctx); ec_ctx);
} }
brandt_assert (!ec_point_cmp (ec_zero, tlta3[i][ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tlta3[i][ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb3[i][ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tltb3[i][ad->k - 1]));
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
smc_sum (tlta1[j], &tlta3[0][j], ad->n, ad->k); smc_sum (tlta1[j], &tlta3[0][j], ad->n, ad->k);
smc_sum (tltb1[j], &tltb3[0][j], ad->n, ad->k); smc_sum (tltb1[j], &tltb3[0][j], ad->n, ad->k);
} }
brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tlta1[ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tltb1[ad->k - 1]));
/* \todo: merge into one nested i,j loop and one nested j,i loop? */ /* \todo: merge into one nested i,j loop and one nested j,i loop? */
/* temporary lookup table for second summand (my bid is not lower) */ /* temporary lookup table for second summand (my bid is not lower) */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gcry_mpi_ec_sub (tlta2[i][j], tlta2[i][j], ad->alpha[i][j], ec_ctx); gcry_mpi_ec_sub (tlta2[i][j], tlta2[i][j], ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j], tltb2[i][j], ad->beta[i][j], ec_ctx); gcry_mpi_ec_sub (tltb2[i][j], tltb2[i][j], ad->beta[i][j], ec_ctx);
} }
brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][0])); brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][0]));
brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][0])); brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][0]));
} }
/* temporary lookup table for third summand (no one with a lower index has /* temporary lookup table for third summand (no one with a lower index has
* the same bid) */ * the same bid) */
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
smc_sums_partial (&tlta3[0][j], &ad->alpha[0][j], ad->n, ad->k, ad->k); smc_sums_partial (&tlta3[0][j], &ad->alpha[0][j], ad->n, ad->k, ad->k);
smc_sums_partial (&tltb3[0][j], &ad->beta[0][j], ad->n, ad->k, ad->k); smc_sums_partial (&tltb3[0][j], &ad->beta[0][j], ad->n, ad->k, ad->k);
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
gcry_mpi_ec_sub (tlta3[i][j], tlta3[i][j], ad->alpha[i][j], ec_ctx); gcry_mpi_ec_sub (tlta3[i][j], tlta3[i][j], ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_sub (tltb3[i][j], tltb3[i][j], ad->beta[i][j], ec_ctx); gcry_mpi_ec_sub (tltb3[i][j], tltb3[i][j], ad->beta[i][j], ec_ctx);
} }
brandt_assert (!ec_point_cmp (ec_zero, tlta3[0][j])); brandt_assert (! ec_point_cmp (ec_zero, tlta3[0][j]));
brandt_assert (!ec_point_cmp (ec_zero, tltb3[0][j])); brandt_assert (! ec_point_cmp (ec_zero, tltb3[0][j]));
} }
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
/* compute inner gamma */ /* compute inner gamma */
gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx); gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx);
/* compute inner delta */ /* compute inner delta */
gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx); gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx);
gcry_mpi_ec_add (tmpb, tmpb, tltb3[i][j], ec_ctx); gcry_mpi_ec_add (tmpb, tmpb, tltb3[i][j], ec_ctx);
/* copy unmasked outcome to all other bidder layers so they don't /* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other * have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */ * bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++) for (uint16_t a = 0; a < ad->n; a++)
{ {
ec_point_copy (ad->gamma3[a][i][j], tmpa); ec_point_copy (ad->gamma3[a][i][j], tmpa);
ec_point_copy (ad->delta3[a][i][j], tmpb); ec_point_copy (ad->delta3[a][i][j], tmpb);
} }
} }
} }
gcry_mpi_point_release (tmpa); gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb); gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k); smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k); smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k); smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k); smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k); smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k); smc_free2 (tltb3, ad->n, ad->k);
} }
@ -156,236 +156,236 @@ fp_priv_prep_outcome (struct BRANDT_Auction *ad)
unsigned char * unsigned char *
fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{ {
unsigned char *ret; unsigned char *ret;
unsigned char *cur; unsigned char *cur;
struct msg_head *head; struct msg_head *head;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct ec_mpi *gamma; struct ec_mpi *gamma;
struct ec_mpi *delta; struct ec_mpi *delta;
struct proof_2dle *proof2; struct proof_2dle *proof2;
brandt_assert (ad && buflen); brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + /* msg header */ *buflen = (sizeof (*head) /* msg header */
ad->n * ad->k * /* nk * (gamma, delta, proof2) */ + ad->n * ad->k /* nk * (gamma, delta, proof2) */
(sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); * (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char); ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret; head = (struct msg_head *) ret;
head->prot_version = htonl (0); head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome); head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head); cur = ret + sizeof (*head);
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gamma = (struct ec_mpi *)cur; gamma = (struct ec_mpi *) cur;
delta = &((struct ec_mpi *)cur)[1]; delta = &((struct ec_mpi *) cur)[1];
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]); ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]);
ec_point_copy (tmpb, ad->delta3[ad->i][i][j]); ec_point_copy (tmpb, ad->delta3[ad->i][i][j]);
/* apply random masking for losing bidders */ /* apply random masking for losing bidders */
smc_zkp_2dle (ad->gamma3[ad->i][i][j], smc_zkp_2dle (ad->gamma3[ad->i][i][j],
ad->delta3[ad->i][i][j], ad->delta3[ad->i][i][j],
tmpa, tmpa,
tmpb, tmpb,
NULL, NULL,
proof2); proof2);
ec_point_serialize (gamma, ad->gamma3[ad->i][i][j]); ec_point_serialize (gamma, ad->gamma3[ad->i][i][j]);
ec_point_serialize (delta, ad->delta3[ad->i][i][j]); ec_point_serialize (delta, ad->delta3[ad->i][i][j]);
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
} }
} }
gcry_mpi_point_release (tmpa); gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb); gcry_mpi_point_release (tmpb);
return ret; return ret;
} }
int int
fp_priv_recv_outcome (struct BRANDT_Auction *ad, fp_priv_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender) uint16_t sender)
{ {
int ret = 0; int ret = 0;
const unsigned char *cur = buf; const unsigned char *cur = buf;
struct proof_2dle *proof2; struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0); gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0); gcry_mpi_point_t delta = gcry_mpi_point_new (0);
brandt_assert (ad && buf); brandt_assert (ad && buf);
if (buflen != (ad->n * ad->k * if (buflen != (ad->n * ad->k
(2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) * (2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong size of received outcome\n"); "wrong size of received outcome\n");
goto quit; goto quit;
} }
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_parse (gamma, (struct ec_mpi *)cur); ec_point_parse (gamma, (struct ec_mpi *) cur);
ec_point_parse (delta, &((struct ec_mpi *)cur)[1]); ec_point_parse (delta, &((struct ec_mpi *) cur)[1]);
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma, if (smc_zkp_2dle_check (gamma,
delta, delta,
ad->gamma3[sender][i][j], ad->gamma3[sender][i][j],
ad->delta3[sender][i][j], ad->delta3[sender][i][j],
proof2)) proof2))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong zkp2 for gamma, delta received\n"); "wrong zkp2 for gamma, delta received\n");
goto quit; goto quit;
} }
ec_point_copy (ad->gamma3[sender][i][j], gamma); ec_point_copy (ad->gamma3[sender][i][j], gamma);
ec_point_copy (ad->delta3[sender][i][j], delta); ec_point_copy (ad->delta3[sender][i][j], delta);
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
} }
} }
ret = 1; ret = 1;
quit: quit:
gcry_mpi_point_release (gamma); gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta); gcry_mpi_point_release (delta);
return ret; return ret;
} }
void void
fp_priv_prep_decryption (struct BRANDT_Auction *ad) fp_priv_prep_decryption (struct BRANDT_Auction *ad)
{ {
gcry_mpi_point_t tmp = gcry_mpi_point_new (0); gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
ad->phi3 = smc_init3 (ad->n, ad->n, ad->k); ad->phi3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->phi3); brandt_assert (ad->phi3);
ad->phiproofs3 = GNUNET_new_array_3d (ad->n, ad->phiproofs3 = GNUNET_new_array_3d (ad->n,
ad->n, ad->n,
ad->k, ad->k,
struct proof_2dle); struct proof_2dle);
brandt_assert (ad->phiproofs3); brandt_assert (ad->phiproofs3);
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k);
/* copy still encrypted outcome to all other bidder layers so they /* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from * don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */ * other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++) for (uint16_t a = 0; a < ad->n; a++)
ec_point_copy (ad->phi3[a][i][j], tmp); ec_point_copy (ad->phi3[a][i][j], tmp);
} }
} }
gcry_mpi_point_release (tmp); gcry_mpi_point_release (tmp);
} }
static unsigned char * static unsigned char *
fp_priv_decrypt_outcome_seller (struct BRANDT_Auction *ad, size_t *buflen) fp_priv_decrypt_outcome_seller (struct BRANDT_Auction *ad, size_t *buflen)
{ {
unsigned char *ret; unsigned char *ret;
unsigned char *cur; unsigned char *cur;
struct msg_head *head; struct msg_head *head;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0); gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct ec_mpi *phi; struct ec_mpi *phi;
struct proof_2dle *proof2; struct proof_2dle *proof2;
*buflen = (sizeof (*head) + *buflen = (sizeof (*head)
(ad->n - 1) * ad->n * ad->k * (sizeof (*phi) + + (ad->n - 1) * ad->n * ad->k * (sizeof (*phi)
sizeof (*proof2))); + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char); ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret; head = (struct msg_head *) ret;
head->prot_version = htonl (0); head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt); head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head); cur = ret + sizeof (*head);
for (uint16_t h = 0; h < ad->n; h++) for (uint16_t h = 0; h < ad->n; h++)
{ {
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
/* don't reveal outcome to losing bidders */ /* don't reveal outcome to losing bidders */
if (h == i) if (h == i)
continue; continue;
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
phi = (struct ec_mpi *)cur; phi = (struct ec_mpi *) cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); proof2 = (struct proof_2dle *) (cur + sizeof (*phi));
ec_point_serialize (phi, ad->phi3[h][i][j]); ec_point_serialize (phi, ad->phi3[h][i][j]);
memcpy (proof2, &ad->phiproofs3[h][i][j], sizeof (*proof2)); memcpy (proof2, &ad->phiproofs3[h][i][j], sizeof (*proof2));
cur += sizeof (*phi) + sizeof (*proof2); cur += sizeof (*phi) + sizeof (*proof2);
} }
} }
} }
gcry_mpi_point_release (tmp); gcry_mpi_point_release (tmp);
return ret; return ret;
} }
static unsigned char * static unsigned char *
fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen) fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen)
{ {
unsigned char *ret; unsigned char *ret;
unsigned char *cur; unsigned char *cur;
struct msg_head *head; struct msg_head *head;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0); gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct ec_mpi *phi; struct ec_mpi *phi;
struct proof_2dle *proof2; struct proof_2dle *proof2;
*buflen = (sizeof (*head) + *buflen = (sizeof (*head)
ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); + ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char); ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret; head = (struct msg_head *) ret;
head->prot_version = htonl (0); head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt); head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head); cur = ret + sizeof (*head);
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
phi = (struct ec_mpi *)cur; phi = (struct ec_mpi *) cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); proof2 = (struct proof_2dle *) (cur + sizeof (*phi));
ec_point_copy (tmp, ad->phi3[ad->i][i][j]); ec_point_copy (tmp, ad->phi3[ad->i][i][j]);
/* decrypt outcome component and prove the correct key was used */ /* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi3[ad->i][i][j], smc_zkp_2dle (ad->phi3[ad->i][i][j],
NULL, NULL,
tmp, tmp,
ec_gen, ec_gen,
ad->x, ad->x,
proof2); proof2);
ec_point_serialize (phi, ad->phi3[ad->i][i][j]); ec_point_serialize (phi, ad->phi3[ad->i][i][j]);
cur += sizeof (*phi) + sizeof (*proof2); cur += sizeof (*phi) + sizeof (*proof2);
} }
} }
gcry_mpi_point_release (tmp); gcry_mpi_point_release (tmp);
return ret; return ret;
} }
@ -403,143 +403,143 @@ fp_priv_decrypt_outcome_bidder (struct BRANDT_Auction *ad, size_t *buflen)
unsigned char * unsigned char *
fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{ {
brandt_assert (ad && buflen); brandt_assert (ad && buflen);
if (ad->seller_mode) if (ad->seller_mode)
return fp_priv_decrypt_outcome_seller (ad, buflen); return fp_priv_decrypt_outcome_seller (ad, buflen);
else else
return fp_priv_decrypt_outcome_bidder (ad, buflen); return fp_priv_decrypt_outcome_bidder (ad, buflen);
} }
static int static int
fp_priv_recv_decryption_seller (struct BRANDT_Auction *ad, fp_priv_recv_decryption_seller (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender) uint16_t sender)
{ {
int ret = 0; int ret = 0;
const unsigned char *cur = buf; const unsigned char *cur = buf;
struct proof_2dle *proof2; struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0); gcry_mpi_point_t phi = gcry_mpi_point_new (0);
if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{ {
GNUNET_log_from ( GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING, GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong size of received outcome decryption from bidder\n"); "wrong size of received outcome decryption from bidder\n");
goto quit; goto quit;
} }
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_parse (phi, (struct ec_mpi *)cur); ec_point_parse (phi, (struct ec_mpi *) cur);
proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi, if (smc_zkp_2dle_check (phi,
ad->y[sender], ad->y[sender],
ad->phi3[sender][i][j], ad->phi3[sender][i][j],
ec_gen, ec_gen,
proof2)) proof2))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong zkp2 for phi, y received from bidder\n"); "wrong zkp2 for phi, y received from bidder\n");
goto quit; goto quit;
} }
/* store proof. we need to rebroadcast it to the other bidders */ /* store proof. we need to rebroadcast it to the other bidders */
memcpy (&ad->phiproofs3[sender][i][j], proof2, sizeof (*proof2)); memcpy (&ad->phiproofs3[sender][i][j], proof2, sizeof (*proof2));
ec_point_copy (ad->phi3[sender][i][j], phi); ec_point_copy (ad->phi3[sender][i][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2); cur += sizeof (struct ec_mpi) + sizeof (*proof2);
} }
} }
ret = 1; ret = 1;
quit: quit:
gcry_mpi_point_release (phi); gcry_mpi_point_release (phi);
return ret; return ret;
} }
static int static int
fp_priv_recv_decryption_bidder (struct BRANDT_Auction *ad, fp_priv_recv_decryption_bidder (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender) uint16_t sender)
{ {
int ret = 0; int ret = 0;
const unsigned char *cur = buf; const unsigned char *cur = buf;
struct proof_2dle *proof2; struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0); gcry_mpi_point_t phi = gcry_mpi_point_new (0);
if (buflen != ((ad->n - 1) * ad->n * ad->k * (sizeof (struct ec_mpi) + if (buflen != ((ad->n - 1) * ad->n * ad->k * (sizeof (struct ec_mpi)
sizeof (*proof2)))) + sizeof (*proof2))))
{ {
GNUNET_log_from ( GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING, GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong size of received outcome decryption from seller\n"); "wrong size of received outcome decryption from seller\n");
goto quit; goto quit;
} }
for (uint16_t h = 0; h < ad->n; h++) for (uint16_t h = 0; h < ad->n; h++)
{ {
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
/* those combinations are not sent by the seller */ /* those combinations are not sent by the seller */
if (h == i) if (h == i)
continue; continue;
/* we already have our own phi values */ /* we already have our own phi values */
if (h == ad->i) if (h == ad->i)
{ {
cur += ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)); cur += ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2));
continue; continue;
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_parse (phi, (struct ec_mpi *)cur); ec_point_parse (phi, (struct ec_mpi *) cur);
proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi, if (smc_zkp_2dle_check (phi,
ad->y[h], ad->y[h],
ad->phi3[h][i][j], ad->phi3[h][i][j],
ec_gen, ec_gen,
proof2)) proof2))
{ {
GNUNET_log_from ( GNUNET_log_from (
GNUNET_ERROR_TYPE_WARNING, GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong zkp2 for phi, y received from seller\n"); "wrong zkp2 for phi, y received from seller\n");
goto quit; goto quit;
} }
ec_point_copy (ad->phi3[h][i][j], phi); ec_point_copy (ad->phi3[h][i][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2); cur += sizeof (struct ec_mpi) + sizeof (*proof2);
} }
} }
} }
ret = 1; ret = 1;
quit: quit:
gcry_mpi_point_release (phi); gcry_mpi_point_release (phi);
return ret; return ret;
} }
int int
fp_priv_recv_decryption (struct BRANDT_Auction *ad, fp_priv_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender) uint16_t sender)
{ {
brandt_assert (ad && buf); brandt_assert (ad && buf);
if (ad->seller_mode) if (ad->seller_mode)
return fp_priv_recv_decryption_seller (ad, buf, buflen, sender); return fp_priv_recv_decryption_seller (ad, buf, buflen, sender);
else else
return fp_priv_recv_decryption_bidder (ad, buf, buflen, sender); return fp_priv_recv_decryption_bidder (ad, buf, buflen, sender);
} }
@ -547,57 +547,57 @@ struct BRANDT_Result *
fp_priv_determine_outcome (struct BRANDT_Auction *ad, fp_priv_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len) uint16_t *len)
{ {
struct BRANDT_Result *ret; struct BRANDT_Result *ret;
int32_t price = -1; int32_t price = -1;
int32_t winner = -1; int32_t winner = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
brandt_assert (ad); brandt_assert (ad);
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
if (!ad->seller_mode && i != ad->i) if (! ad->seller_mode && i != ad->i)
continue; continue;
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k); smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k);
smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k); smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
if (!ec_point_cmp (sum_gamma, ec_zero)) if (! ec_point_cmp (sum_gamma, ec_zero))
{ {
if (-1 != price) if (-1 != price)
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"multiple winning prices detected\n"); "multiple winning prices detected\n");
return NULL; return NULL;
} }
if (-1 != winner) if (-1 != winner)
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"multiple winners detected\n"); "multiple winners detected\n");
return NULL; return NULL;
} }
price = j; price = j;
winner = i; winner = i;
} }
} }
} }
gcry_mpi_point_release (sum_gamma); gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi); gcry_mpi_point_release (sum_phi);
if (-1 == winner || -1 == price) if (-1 == winner || -1 == price)
return NULL; return NULL;
ret = GNUNET_new (struct BRANDT_Result); ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = winner; ret->bidder = winner;
ret->price = price; ret->price = price;
ret->status = BRANDT_bidder_won; ret->status = BRANDT_bidder_won;
if (len) if (len)
*len = 1; *len = 1;
return ret; return ret;
} }

616
fp_pub.c
View File

@ -32,97 +32,97 @@
void void
fp_pub_prep_outcome (struct BRANDT_Auction *ad) fp_pub_prep_outcome (struct BRANDT_Auction *ad)
{ {
gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE);
gcry_mpi_point_t tmp = gcry_mpi_point_new (0); gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1; gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1; gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2; gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2; gcry_mpi_point_t **tltb2;
ad->gamma2 = smc_init2 (ad->n, ad->k); ad->gamma2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->gamma2); brandt_assert (ad->gamma2);
ad->delta2 = smc_init2 (ad->n, ad->k); ad->delta2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->delta2); brandt_assert (ad->delta2);
ad->tmpa1 = smc_init1 (ad->k); ad->tmpa1 = smc_init1 (ad->k);
brandt_assert (ad->tmpa1); brandt_assert (ad->tmpa1);
ad->tmpb1 = smc_init1 (ad->k); ad->tmpb1 = smc_init1 (ad->k);
brandt_assert (ad->tmpb1); brandt_assert (ad->tmpb1);
/* create temporary lookup tables with partial sums */ /* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k); tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k); tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k); tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k); tltb2 = smc_init2 (ad->n, ad->k);
/* temporary lookup table for sum of bid vectors */ /* temporary lookup table for sum of bid vectors */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1); smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1); smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gcry_mpi_ec_sub (tlta2[i][j], gcry_mpi_ec_sub (tlta2[i][j],
tlta2[i][ad->k - 1], tlta2[i][ad->k - 1],
tlta2[i][j], tlta2[i][j],
ec_ctx); ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j], gcry_mpi_ec_sub (tltb2[i][j],
tltb2[i][ad->k - 1], tltb2[i][ad->k - 1],
tltb2[i][j], tltb2[i][j],
ec_ctx); ec_ctx);
} }
brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
smc_sum (tlta1[j], &tlta2[0][j], ad->n, ad->k); smc_sum (tlta1[j], &tlta2[0][j], ad->n, ad->k);
smc_sum (tltb1[j], &tltb2[0][j], ad->n, ad->k); smc_sum (tltb1[j], &tltb2[0][j], ad->n, ad->k);
} }
smc_free2 (tlta2, ad->n, ad->k); smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k); smc_free2 (tltb2, ad->n, ad->k);
brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tlta1[ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tltb1[ad->k - 1]));
/* initialize tmp array with zeroes, since we are calculating a sum */ /* initialize tmp array with zeroes, since we are calculating a sum */
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_copy (ad->tmpa1[j], ec_zero); ec_point_copy (ad->tmpa1[j], ec_zero);
ec_point_copy (ad->tmpb1[j], ec_zero); ec_point_copy (ad->tmpb1[j], ec_zero);
} }
/* store the \sum_{i=1}^n2^{i-1}b_i in tmp1 until outcome determination, /* store the \sum_{i=1}^n2^{i-1}b_i in tmp1 until outcome determination,
* since it is needed each time a gamma,delta pair is received from another * since it is needed each time a gamma,delta pair is received from another
* bidder */ * bidder */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gcry_mpi_ec_mul (tmp, coeff, ad->alpha[i][j], ec_ctx); gcry_mpi_ec_mul (tmp, coeff, ad->alpha[i][j], ec_ctx);
gcry_mpi_ec_add (ad->tmpa1[j], ad->tmpa1[j], tmp, ec_ctx); gcry_mpi_ec_add (ad->tmpa1[j], ad->tmpa1[j], tmp, ec_ctx);
gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx); gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx);
gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx); gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx);
} }
gcry_mpi_lshift (coeff, coeff, 1); gcry_mpi_lshift (coeff, coeff, 1);
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
/* copy unmasked outcome to all other bidder layers so they don't /* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other * have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */ * bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++) for (uint16_t a = 0; a < ad->n; a++)
{ {
ec_point_copy (ad->gamma2[a][j], tlta1[j]); ec_point_copy (ad->gamma2[a][j], tlta1[j]);
ec_point_copy (ad->delta2[a][j], tltb1[j]); ec_point_copy (ad->delta2[a][j], tltb1[j]);
} }
} }
gcry_mpi_release (coeff); gcry_mpi_release (coeff);
gcry_mpi_point_release (tmp); gcry_mpi_point_release (tmp);
smc_free1 (tlta1, ad->k); smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k); smc_free1 (tltb1, ad->k);
} }
@ -139,149 +139,149 @@ fp_pub_prep_outcome (struct BRANDT_Auction *ad)
unsigned char * unsigned char *
fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{ {
unsigned char *ret; unsigned char *ret;
unsigned char *cur; unsigned char *cur;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct msg_head *head; struct msg_head *head;
struct ec_mpi *gamma; struct ec_mpi *gamma;
struct ec_mpi *delta; struct ec_mpi *delta;
struct proof_2dle *proof2; struct proof_2dle *proof2;
brandt_assert (ad && buflen); brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + *buflen = (sizeof (*head)
ad->k * (sizeof (*gamma) + + ad->k * (sizeof (*gamma)
sizeof (*delta) + + sizeof (*delta)
sizeof (*proof2))); + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char); ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret; head = (struct msg_head *) ret;
head->prot_version = htonl (0); head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome); head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head); cur = ret + sizeof (*head);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gamma = (struct ec_mpi *)cur; gamma = (struct ec_mpi *) cur;
delta = &((struct ec_mpi *)cur)[1]; delta = &((struct ec_mpi *) cur)[1];
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
ec_point_copy (tmpa, ad->gamma2[ad->i][j]); ec_point_copy (tmpa, ad->gamma2[ad->i][j]);
ec_point_copy (tmpb, ad->delta2[ad->i][j]); ec_point_copy (tmpb, ad->delta2[ad->i][j]);
/* apply random masking to first summand */ /* apply random masking to first summand */
smc_zkp_2dle (ad->gamma2[ad->i][j], smc_zkp_2dle (ad->gamma2[ad->i][j],
ad->delta2[ad->i][j], ad->delta2[ad->i][j],
tmpa, tmpa,
tmpb, tmpb,
NULL, NULL,
proof2); proof2);
ec_point_serialize (gamma, ad->gamma2[ad->i][j]); ec_point_serialize (gamma, ad->gamma2[ad->i][j]);
ec_point_serialize (delta, ad->delta2[ad->i][j]); ec_point_serialize (delta, ad->delta2[ad->i][j]);
/* add winner determination for own gamma,delta */ /* add winner determination for own gamma,delta */
gcry_mpi_ec_add (ad->gamma2[ad->i][j], gcry_mpi_ec_add (ad->gamma2[ad->i][j],
ad->gamma2[ad->i][j], ad->gamma2[ad->i][j],
ad->tmpa1[j], ad->tmpa1[j],
ec_ctx); ec_ctx);
gcry_mpi_ec_add (ad->delta2[ad->i][j], gcry_mpi_ec_add (ad->delta2[ad->i][j],
ad->delta2[ad->i][j], ad->delta2[ad->i][j],
ad->tmpb1[j], ad->tmpb1[j],
ec_ctx); ec_ctx);
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
} }
gcry_mpi_point_release (tmpa); gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb); gcry_mpi_point_release (tmpb);
return ret; return ret;
} }
int int
fp_pub_recv_outcome (struct BRANDT_Auction *ad, fp_pub_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender) uint16_t sender)
{ {
int ret = 0; int ret = 0;
const unsigned char *cur = buf; const unsigned char *cur = buf;
struct proof_2dle *proof2; struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0); gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0); gcry_mpi_point_t delta = gcry_mpi_point_new (0);
brandt_assert (ad && buf); brandt_assert (ad && buf);
if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong size of received outcome\n"); "wrong size of received outcome\n");
goto quit; goto quit;
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_parse (gamma, (struct ec_mpi *)cur); ec_point_parse (gamma, (struct ec_mpi *) cur);
ec_point_parse (delta, &((struct ec_mpi *)cur)[1]); ec_point_parse (delta, &((struct ec_mpi *) cur)[1]);
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma, if (smc_zkp_2dle_check (gamma,
delta, delta,
ad->gamma2[sender][j], ad->gamma2[sender][j],
ad->delta2[sender][j], ad->delta2[sender][j],
proof2)) proof2))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong zkp2 for gamma, delta received\n"); "wrong zkp2 for gamma, delta received\n");
goto quit; goto quit;
} }
ec_point_copy (ad->gamma2[sender][j], gamma); ec_point_copy (ad->gamma2[sender][j], gamma);
ec_point_copy (ad->delta2[sender][j], delta); ec_point_copy (ad->delta2[sender][j], delta);
/* add winner determination summand */ /* add winner determination summand */
gcry_mpi_ec_add (ad->gamma2[sender][j], gcry_mpi_ec_add (ad->gamma2[sender][j],
ad->gamma2[sender][j], ad->gamma2[sender][j],
ad->tmpa1[j], ad->tmpa1[j],
ec_ctx); ec_ctx);
gcry_mpi_ec_add (ad->delta2[sender][j], gcry_mpi_ec_add (ad->delta2[sender][j],
ad->delta2[sender][j], ad->delta2[sender][j],
ad->tmpb1[j], ad->tmpb1[j],
ec_ctx); ec_ctx);
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
} }
ret = 1; ret = 1;
quit: quit:
gcry_mpi_point_release (gamma); gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta); gcry_mpi_point_release (delta);
return ret; return ret;
} }
void void
fp_pub_prep_decryption (struct BRANDT_Auction *ad) fp_pub_prep_decryption (struct BRANDT_Auction *ad)
{ {
gcry_mpi_point_t tmp = gcry_mpi_point_new (0); gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
ad->phi2 = smc_init2 (ad->n, ad->k); ad->phi2 = smc_init2 (ad->n, ad->k);
brandt_assert (ad->phi2); brandt_assert (ad->phi2);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k); smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k);
/* copy still encrypted outcome to all other bidder layers so they /* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from * don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */ * other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++) for (uint16_t a = 0; a < ad->n; a++)
ec_point_copy (ad->phi2[a][j], tmp); ec_point_copy (ad->phi2[a][j], tmp);
} }
gcry_mpi_point_release (tmp); gcry_mpi_point_release (tmp);
} }
@ -297,92 +297,92 @@ fp_pub_prep_decryption (struct BRANDT_Auction *ad)
unsigned char * unsigned char *
fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{ {
unsigned char *ret; unsigned char *ret;
unsigned char *cur; unsigned char *cur;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0); gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct msg_head *head; struct msg_head *head;
struct ec_mpi *phi; struct ec_mpi *phi;
struct proof_2dle *proof2; struct proof_2dle *proof2;
brandt_assert (ad && buflen); brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2))); *buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char); ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret; head = (struct msg_head *) ret;
head->prot_version = htonl (0); head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt); head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head); cur = ret + sizeof (*head);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
phi = (struct ec_mpi *)cur; phi = (struct ec_mpi *) cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); proof2 = (struct proof_2dle *) (cur + sizeof (*phi));
ec_point_copy (tmp, ad->phi2[ad->i][j]); ec_point_copy (tmp, ad->phi2[ad->i][j]);
/* decrypt outcome component and prove the correct key was used */ /* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi2[ad->i][j], smc_zkp_2dle (ad->phi2[ad->i][j],
NULL, NULL,
tmp, tmp,
ec_gen, ec_gen,
ad->x, ad->x,
proof2); proof2);
ec_point_serialize (phi, ad->phi2[ad->i][j]); ec_point_serialize (phi, ad->phi2[ad->i][j]);
cur += sizeof (*phi) + sizeof (*proof2); cur += sizeof (*phi) + sizeof (*proof2);
} }
gcry_mpi_point_release (tmp); gcry_mpi_point_release (tmp);
return ret; return ret;
} }
int int
fp_pub_recv_decryption (struct BRANDT_Auction *ad, fp_pub_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender) uint16_t sender)
{ {
int ret = 0; int ret = 0;
const unsigned char *cur = buf; const unsigned char *cur = buf;
struct proof_2dle *proof2; struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0); gcry_mpi_point_t phi = gcry_mpi_point_new (0);
brandt_assert (ad && buf); brandt_assert (ad && buf);
if (buflen != (ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) if (buflen != (ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong size of received outcome decryption\n"); "wrong size of received outcome decryption\n");
goto quit; goto quit;
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_parse (phi, (struct ec_mpi *)cur); ec_point_parse (phi, (struct ec_mpi *) cur);
proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi, if (smc_zkp_2dle_check (phi,
ad->y[sender], ad->y[sender],
ad->phi2[sender][j], ad->phi2[sender][j],
ec_gen, ec_gen,
proof2)) proof2))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong zkp2 for phi, y received\n"); "wrong zkp2 for phi, y received\n");
goto quit; goto quit;
} }
ec_point_copy (ad->phi2[sender][j], phi); ec_point_copy (ad->phi2[sender][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2); cur += sizeof (struct ec_mpi) + sizeof (*proof2);
} }
ret = 1; ret = 1;
quit: quit:
gcry_mpi_point_release (phi); gcry_mpi_point_release (phi);
return ret; return ret;
} }
@ -390,57 +390,71 @@ struct BRANDT_Result *
fp_pub_determine_outcome (struct BRANDT_Auction *ad, fp_pub_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len) uint16_t *len)
{ {
struct BRANDT_Result *ret; struct BRANDT_Result *ret;
int32_t price = -1; int32_t price = -1;
int32_t winner = -1; int32_t winner = -1;
int dlogi = -1; int dlogi = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
brandt_assert (ad); brandt_assert (ad);
for (uint16_t j = ad->k - 1; j >= 0; j--) for (uint16_t j = ad->k - 1; j >= 0; j--)
{ {
smc_sum (sum_gamma, &ad->gamma2[0][j], ad->n, ad->k); smc_sum (sum_gamma, &ad->gamma2[0][j], ad->n, ad->k);
smc_sum (sum_phi, &ad->phi2[0][j], ad->n, ad->k); smc_sum (sum_phi, &ad->phi2[0][j], ad->n, ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
/* first non-zero component determines the price */ /* first non-zero component determines the price */
if (ec_point_cmp (sum_gamma, ec_zero)) if (ec_point_cmp (sum_gamma, ec_zero))
{ {
price = j; price = j;
break; break;
} }
} }
dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx, sum_gamma); {
brandt_assert (dlogi > 0); struct GNUNET_CRYPTO_EccPoint ec_point = {0};
gcry_mpi_t q_y;
/* all bidders participated with a multiplicative share */ GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", sum_gamma, ec_ctx));
dlogi /= ad->n; q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ec_ctx, 0);
GNUNET_assert (q_y);
GNUNET_CRYPTO_mpi_print_unsigned (ec_point.v,
sizeof(ec_point.v),
q_y);
dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx,
&ec_point);
gcry_mpi_release (q_y);
}
/* can only support up to bits(dlogi) bidders */ brandt_assert (dlogi > 0);
brandt_assert (sizeof (int) * 8 > ad->n);
for (uint16_t i = 0; i < ad->n; i++)
{
/* first set bit determines the winner */
if (dlogi & (1 << i))
{
winner = i;
break;
}
}
gcry_mpi_point_release (sum_gamma); /* all bidders participated with a multiplicative share */
gcry_mpi_point_release (sum_phi); dlogi /= ad->n;
if (-1 == winner || -1 == price) /* can only support up to bits(dlogi) bidders */
return NULL; brandt_assert (sizeof (int) * 8 > ad->n);
for (uint16_t i = 0; i < ad->n; i++)
{
/* first set bit determines the winner */
if (dlogi & (1 << i))
{
winner = i;
break;
}
}
ret = GNUNET_new (struct BRANDT_Result); gcry_mpi_point_release (sum_gamma);
ret->bidder = winner; gcry_mpi_point_release (sum_phi);
ret->price = price;
ret->status = BRANDT_bidder_won; if (-1 == winner || -1 == price)
if (len) return NULL;
*len = 1;
return ret; ret = GNUNET_new (struct BRANDT_Result);
ret->bidder = winner;
ret->price = price;
ret->status = BRANDT_bidder_won;
if (len)
*len = 1;
return ret;
} }

View File

@ -28,26 +28,29 @@
#include "brandt.h" #include "brandt.h"
enum rounds { enum rounds
msg_init = 0, {
msg_bid = 1, msg_init = 0,
msg_outcome = 2, msg_bid = 1,
msg_decrypt = 3, msg_outcome = 2,
msg_last = 4 msg_decrypt = 3,
msg_last = 4
}; };
enum auction_type { enum auction_type
auction_firstPrice = 0, {
auction_mPlusFirstPrice = 1, auction_firstPrice = 0,
auction_last = 2 auction_mPlusFirstPrice = 1,
auction_last = 2
}; };
enum outcome_type { enum outcome_type
outcome_private = 0, {
outcome_public = 1, outcome_private = 0,
outcome_last = 2 outcome_public = 1,
outcome_last = 2
}; };
@ -55,15 +58,16 @@ GNUNET_NETWORK_STRUCT_BEGIN
/** /**
* Every message is prefixed with this header. * Every message is prefixed with this header.
* *
* BEWARE: Introducing a 16bit length field will not work. M+1st price auctions * BEWARE: Introducing a 16bit length field will not work. M+1st price auctions
* with private outcome send a n*n*(n-1)*k*128 = n²(n-1)*64 (for a reasonable * with private outcome send a n*n*(n-1)*k*128 = n²(n-1)*64 (for a reasonable
* k-choice of 512 possible prices) byte message from the seller to all bidders * k-choice of 512 possible prices) byte message from the seller to all bidders
* (decrypt-round). For just two bidders this is already 256k bytes, but 16bit * (decrypt-round). For just two bidders this is already 256k bytes, but 16bit
* uint only can address 64k bytes. */ * uint only can address 64k bytes. */
struct msg_head { struct msg_head
uint32_t prot_version GNUNET_PACKED; {
uint32_t msg_type GNUNET_PACKED; uint32_t prot_version GNUNET_PACKED;
uint32_t msg_type GNUNET_PACKED;
}; };
@ -71,97 +75,99 @@ struct msg_head {
* This struct describes the parameters of an auction. All fields are stored in * This struct describes the parameters of an auction. All fields are stored in
* network byte order. * network byte order.
*/ */
struct BRANDT_DescrP { struct BRANDT_DescrP
/** Starting time of the auction. Bidders have to join the auction via {
* BRANDT_join until this time */ /** Starting time of the auction. Bidders have to join the auction via
struct GNUNET_TIME_AbsoluteNBO time_start; * BRANDT_join until this time */
struct GNUNET_TIME_AbsoluteNBO time_start;
/** The maximum duration the participants have to complete each round. */ /** The maximum duration the participants have to complete each round. */
struct GNUNET_TIME_RelativeNBO time_round; struct GNUNET_TIME_RelativeNBO time_round;
/** The amount of possible prices */ /** The amount of possible prices */
uint16_t k GNUNET_PACKED; uint16_t k GNUNET_PACKED;
/** Auction type. 0 means first price Auction, >= 0 means M+1st price /** Auction type. 0 means first price Auction, >= 0 means M+1st price
* auction with an amount of m items being sold. */ * auction with an amount of m items being sold. */
uint16_t m GNUNET_PACKED; uint16_t m GNUNET_PACKED;
/** Outcome type. 0 means private outcome, everything else means public /** Outcome type. 0 means private outcome, everything else means public
* outcome. */ * outcome. */
uint16_t outcome_public GNUNET_PACKED; uint16_t outcome_public GNUNET_PACKED;
/** reserved for future use. Must be zeroed out. */ /** reserved for future use. Must be zeroed out. */
uint16_t reserved GNUNET_PACKED; uint16_t reserved GNUNET_PACKED;
}; };
GNUNET_NETWORK_STRUCT_END GNUNET_NETWORK_STRUCT_END
struct BRANDT_Auction { struct BRANDT_Auction
/** Starting time of the auction. Bidders have to join the auction via {
* BRANDT_join until this time */ /** Starting time of the auction. Bidders have to join the auction via
struct GNUNET_TIME_Absolute time_start; * BRANDT_join until this time */
struct GNUNET_TIME_Absolute time_start;
/** The maximum duration the participants have to complete each round. */ /** The maximum duration the participants have to complete each round. */
struct GNUNET_TIME_Relative time_round; struct GNUNET_TIME_Relative time_round;
/** Auction type. 0 means first price Auction, >= 0 means M+1st price /** Auction type. 0 means first price Auction, >= 0 means M+1st price
* auction with an amount of m items being sold. */ * auction with an amount of m items being sold. */
uint16_t m; uint16_t m;
/** Outcome type. 0 means private outcome, everything else means public /** Outcome type. 0 means private outcome, everything else means public
* outcome. */ * outcome. */
uint16_t outcome_public; uint16_t outcome_public;
/** Link to the next delayed task (auction start trigger, round trigger) */ /** Link to the next delayed task (auction start trigger, round trigger) */
struct GNUNET_SCHEDULER_Task *task; struct GNUNET_SCHEDULER_Task *task;
void *closure; /** auction closure given by the user */ void *closure; /** auction closure given by the user */
BRANDT_CbResult result; /** result reporting callback */ BRANDT_CbResult result; /** result reporting callback */
BRANDT_CbDeliver bcast; /** broadcast callback */ BRANDT_CbDeliver bcast; /** broadcast callback */
BRANDT_CbDeliver ucast; /** unicast callback */ BRANDT_CbDeliver ucast; /** unicast callback */
BRANDT_CbStart start; /** start callback */ BRANDT_CbStart start; /** start callback */
int seller_mode; /** If 0 we are bidding, selling otherwise */ int seller_mode; /** If 0 we are bidding, selling otherwise */
enum rounds cur_round; /** The round we expect messages from */ enum rounds cur_round; /** The round we expect messages from */
gcry_mpi_t round_progress; /** Stores which round messages were received */ gcry_mpi_t round_progress; /** Stores which round messages were received */
uint16_t n; /** The amount of bidders/agents */ uint16_t n; /** The amount of bidders/agents */
uint16_t k; /** The amount of possible prices */ uint16_t k; /** The amount of possible prices */
uint16_t i; /** Own agents index, only used when bidding */ uint16_t i; /** Own agents index, only used when bidding */
uint16_t b; /** Own bid */ uint16_t b; /** Own bid */
gcry_mpi_t x; /** Own private additive key share */ gcry_mpi_t x; /** Own private additive key share */
gcry_mpi_point_t *y; /** public multiplicative key shares, size: n */ gcry_mpi_point_t *y; /** public multiplicative key shares, size: n */
gcry_mpi_point_t Y; /** Shared public key */ gcry_mpi_point_t Y; /** Shared public key */
gcry_mpi_point_t **alpha; /** alphas, size: n*k */ gcry_mpi_point_t **alpha; /** alphas, size: n*k */
gcry_mpi_point_t **beta; /** betas, size: n*k */ gcry_mpi_point_t **beta; /** betas, size: n*k */
gcry_mpi_point_t **gamma2; /** gamma2, for public outcome, size: n*k */ gcry_mpi_point_t **gamma2; /** gamma2, for public outcome, size: n*k */
gcry_mpi_point_t ***gamma3; /** gamma3, for private outcome, size: n*n*k */ gcry_mpi_point_t ***gamma3; /** gamma3, for private outcome, size: n*n*k */
gcry_mpi_point_t **delta2; /** delta2, for public outcome, size: n*k */ gcry_mpi_point_t **delta2; /** delta2, for public outcome, size: n*k */
gcry_mpi_point_t ***delta3; /** delta3, for private outcome, size: n*n*k */ gcry_mpi_point_t ***delta3; /** delta3, for private outcome, size: n*n*k */
gcry_mpi_point_t **phi2; /** phi2, for public outcome, size: n*k */ gcry_mpi_point_t **phi2; /** phi2, for public outcome, size: n*k */
gcry_mpi_point_t ***phi3; /** phi3, for private outcome, size: n*n*k */ gcry_mpi_point_t ***phi3; /** phi3, for private outcome, size: n*n*k */
/** proofs for the correctnes of the phi values, size: n*k */ /** proofs for the correctnes of the phi values, size: n*k */
struct proof_2dle ***phiproofs2; struct proof_2dle ***phiproofs2;
/** proofs for the correctnes of the phi values, size: n*n*k */ /** proofs for the correctnes of the phi values, size: n*n*k */
struct proof_2dle ***phiproofs3; struct proof_2dle ***phiproofs3;
gcry_mpi_point_t *tmpa1; /** used for temporary storage, size: k */ gcry_mpi_point_t *tmpa1; /** used for temporary storage, size: k */
gcry_mpi_point_t *tmpb1; /** used for temporary storage, size: k */ gcry_mpi_point_t *tmpb1; /** used for temporary storage, size: k */
/** only needed in M+1st price auctions to determine winners */ /** only needed in M+1st price auctions to determine winners */
struct GNUNET_CRYPTO_EccDlogContext *dlogctx; struct GNUNET_CRYPTO_EccDlogContext *dlogctx;
}; };
extern gcry_ctx_t ec_ctx; extern gcry_ctx_t ec_ctx;
extern gcry_mpi_point_t ec_gen; extern gcry_mpi_point_t ec_gen;
extern gcry_mpi_point_t ec_zero; extern gcry_mpi_point_t ec_zero;
extern gcry_mpi_t ec_n; extern gcry_mpi_t ec_n;
#endif /* ifndef _BRANDT_INTERNALS_H */ #endif /* ifndef _BRANDT_INTERNALS_H */

316
mp_priv.c
View File

@ -32,121 +32,121 @@
void void
mp_priv_prep_outcome (struct BRANDT_Auction *ad) mp_priv_prep_outcome (struct BRANDT_Auction *ad)
{ {
gcry_mpi_t factor = gcry_mpi_new (256); gcry_mpi_t factor = gcry_mpi_new (256);
gcry_mpi_point_t subtr = gcry_mpi_point_new (0); gcry_mpi_point_t subtr = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1; gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1; gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2; gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2; gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3; gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3; gcry_mpi_point_t **tltb3;
ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k); ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->gamma3); brandt_assert (ad->gamma3);
ad->delta3 = smc_init3 (ad->n, ad->n, ad->k); ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->delta3); brandt_assert (ad->delta3);
/* create temporary lookup tables with partial sums */ /* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k); tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k); tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k); tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k); tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k); tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k); tltb3 = smc_init2 (ad->n, ad->k);
/* temporary lookup table for first summand (building ladder of bids) */ /* temporary lookup table for first summand (building ladder of bids) */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1); smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1); smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gcry_mpi_ec_sub (tlta2[i][j], gcry_mpi_ec_sub (tlta2[i][j],
tlta3[i][ad->k - 1], tlta3[i][ad->k - 1],
tlta3[i][j], tlta3[i][j],
ec_ctx); ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j], gcry_mpi_ec_sub (tltb2[i][j],
tltb3[i][ad->k - 1], tltb3[i][ad->k - 1],
tltb3[i][j], tltb3[i][j],
ec_ctx); ec_ctx);
} }
brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
/* 2L - 2I */ /* 2L - 2I */
smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k); smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k);
smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k); smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k);
gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx); gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx);
gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx); gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx);
/* I */ /* I */
smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k); smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k);
smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k); smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k);
/* 2L - 2I + I = 2L - I */ /* 2L - 2I + I = 2L - I */
gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx); gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx);
gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx); gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx);
} }
/* This check only works directly after the loop when tmpa/tmpb are still /* This check only works directly after the loop when tmpa/tmpb are still
* the sum of the last row */ * the sum of the last row */
brandt_assert (!ec_point_cmp (tmpa, tlta1[ad->k - 1])); brandt_assert (! ec_point_cmp (tmpa, tlta1[ad->k - 1]));
brandt_assert (!ec_point_cmp (tmpb, tltb1[ad->k - 1])); brandt_assert (! ec_point_cmp (tmpb, tltb1[ad->k - 1]));
/* temporary lookup table for second summand (hide outcome from losers) */ /* temporary lookup table for second summand (hide outcome from losers) */
gcry_mpi_set_ui (factor, ad->m); gcry_mpi_set_ui (factor, ad->m);
gcry_mpi_lshift (factor, factor, 1); gcry_mpi_lshift (factor, factor, 1);
gcry_mpi_add_ui (factor, factor, 2); gcry_mpi_add_ui (factor, factor, 2);
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gcry_mpi_ec_mul (tlta2[i][j], factor, tlta3[i][j], ec_ctx); gcry_mpi_ec_mul (tlta2[i][j], factor, tlta3[i][j], ec_ctx);
gcry_mpi_ec_mul (tltb2[i][j], factor, tltb3[i][j], ec_ctx); gcry_mpi_ec_mul (tltb2[i][j], factor, tltb3[i][j], ec_ctx);
} }
} }
/* temporary lookup table for subtrahend (getting M+1st highest bid) */ /* temporary lookup table for subtrahend (getting M+1st highest bid) */
gcry_mpi_sub_ui (factor, factor, 1); gcry_mpi_sub_ui (factor, factor, 1);
gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx); gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx);
/* compute gamma and delta */ /* compute gamma and delta */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
/* compute inner gamma */ /* compute inner gamma */
gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
gcry_mpi_ec_sub (tmpa, tmpa, subtr, ec_ctx); gcry_mpi_ec_sub (tmpa, tmpa, subtr, ec_ctx);
/* compute inner delta */ /* compute inner delta */
gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx); gcry_mpi_ec_add (tmpb, tltb1[j], tltb2[i][j], ec_ctx);
/* copy unmasked outcome to all other bidder layers so they don't /* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other * have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */ * bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++) for (uint16_t a = 0; a < ad->n; a++)
{ {
ec_point_copy (ad->gamma3[a][i][j], tmpa); ec_point_copy (ad->gamma3[a][i][j], tmpa);
ec_point_copy (ad->delta3[a][i][j], tmpb); ec_point_copy (ad->delta3[a][i][j], tmpb);
} }
} }
} }
gcry_mpi_release (factor); gcry_mpi_release (factor);
gcry_mpi_point_release (subtr); gcry_mpi_point_release (subtr);
gcry_mpi_point_release (tmpa); gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb); gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k); smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k); smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k); smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k); smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k); smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k); smc_free2 (tltb3, ad->n, ad->k);
} }
@ -154,68 +154,68 @@ struct BRANDT_Result *
mp_priv_determine_outcome (struct BRANDT_Auction *ad, mp_priv_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len) uint16_t *len)
{ {
struct BRANDT_Result *ret; struct BRANDT_Result *ret;
int32_t price = -1; int32_t price = -1;
uint16_t winners = 0; uint16_t winners = 0;
uint16_t max_winners; uint16_t max_winners;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
brandt_assert (ad); brandt_assert (ad);
max_winners = ad->seller_mode ? ad->m : 1; max_winners = ad->seller_mode ? ad->m : 1;
ret = GNUNET_new_array (max_winners, struct BRANDT_Result); ret = GNUNET_new_array (max_winners, struct BRANDT_Result);
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
if (!ad->seller_mode && i != ad->i) if (! ad->seller_mode && i != ad->i)
continue; continue;
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k); smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k);
smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k); smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
if (!ec_point_cmp (sum_gamma, ec_zero)) if (! ec_point_cmp (sum_gamma, ec_zero))
{ {
if (winners >= max_winners) if (winners >= max_winners)
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"too many winners detected\n"); "too many winners detected\n");
goto fail; goto fail;
} }
if (-1 != price && j != price) if (-1 != price && j != price)
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"multiple winning prices detected\n"); "multiple winning prices detected\n");
goto fail; goto fail;
} }
price = j; price = j;
ret[winners].bidder = i; ret[winners].bidder = i;
ret[winners].price = j / ad->n; ret[winners].price = j / ad->n;
ret[winners].status = BRANDT_bidder_won; ret[winners].status = BRANDT_bidder_won;
winners++; winners++;
} }
} }
} }
gcry_mpi_point_release (sum_gamma); gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi); gcry_mpi_point_release (sum_phi);
if (ad->m <= ad->n && winners < max_winners && -1 != price) if (ad->m <= ad->n && winners < max_winners && -1 != price)
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"too few winners detected\n"); "too few winners detected\n");
if (0 == winners) if (0 == winners)
goto fail; goto fail;
if (len) if (len)
*len = winners; *len = winners;
return ret; return ret;
fail: fail:
GNUNET_free (ret); GNUNET_free (ret);
return NULL; return NULL;
} }

785
mp_pub.c
View File

@ -32,148 +32,148 @@
void void
mp_pub_prep_outcome (struct BRANDT_Auction *ad) mp_pub_prep_outcome (struct BRANDT_Auction *ad)
{ {
gcry_mpi_t factor = gcry_mpi_new (256); gcry_mpi_t factor = gcry_mpi_new (256);
gcry_mpi_point_t subtr = gcry_mpi_point_new (0); gcry_mpi_point_t subtr = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1; gcry_mpi_point_t *tlta1;
gcry_mpi_point_t *tltb1; gcry_mpi_point_t *tltb1;
gcry_mpi_point_t **tlta2; gcry_mpi_point_t **tlta2;
gcry_mpi_point_t **tltb2; gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3; gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3; gcry_mpi_point_t **tltb3;
ad->gamma3 = smc_init3 (ad->n, 2, ad->k); ad->gamma3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->gamma3); brandt_assert (ad->gamma3);
ad->delta3 = smc_init3 (ad->n, 2, ad->k); ad->delta3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->delta3); brandt_assert (ad->delta3);
/* create temporary lookup tables with partial sums */ /* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k); tlta1 = smc_init1 (ad->k);
tltb1 = smc_init1 (ad->k); tltb1 = smc_init1 (ad->k);
tlta2 = smc_init2 (ad->n, ad->k); tlta2 = smc_init2 (ad->n, ad->k);
tltb2 = smc_init2 (ad->n, ad->k); tltb2 = smc_init2 (ad->n, ad->k);
tlta3 = smc_init2 (ad->n, ad->k); tlta3 = smc_init2 (ad->n, ad->k);
tltb3 = smc_init2 (ad->n, ad->k); tltb3 = smc_init2 (ad->n, ad->k);
/* temporary lookup table for first summand (building ladder of bids) */ /* temporary lookup table for first summand (building ladder of bids) */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1); smc_sums_partial (tlta3[i], ad->alpha[i], ad->k, 1, 1);
smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1); smc_sums_partial (tltb3[i], ad->beta[i], ad->k, 1, 1);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gcry_mpi_ec_sub (tlta2[i][j], gcry_mpi_ec_sub (tlta2[i][j],
tlta3[i][ad->k - 1], tlta3[i][ad->k - 1],
tlta3[i][j], tlta3[i][j],
ec_ctx); ec_ctx);
gcry_mpi_ec_sub (tltb2[i][j], gcry_mpi_ec_sub (tltb2[i][j],
tltb3[i][ad->k - 1], tltb3[i][ad->k - 1],
tltb3[i][j], tltb3[i][j],
ec_ctx); ec_ctx);
} }
brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tlta2[i][ad->k - 1]));
brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); brandt_assert (! ec_point_cmp (ec_zero, tltb2[i][ad->k - 1]));
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
/* 2L - 2I */ /* 2L - 2I */
smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k); smc_sum (tmpa, &tlta2[0][j], ad->n, ad->k);
smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k); smc_sum (tmpb, &tltb2[0][j], ad->n, ad->k);
gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx); gcry_mpi_ec_mul (tlta1[j], GCRYMPI_CONST_TWO, tmpa, ec_ctx);
gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx); gcry_mpi_ec_mul (tltb1[j], GCRYMPI_CONST_TWO, tmpb, ec_ctx);
/* I */ /* I */
smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k); smc_sum (tmpa, &ad->alpha[0][j], ad->n, ad->k);
smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k); smc_sum (tmpb, &ad->beta[0][j], ad->n, ad->k);
/* 2L - 2I + I = 2L - I */ /* 2L - 2I + I = 2L - I */
gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx); gcry_mpi_ec_add (tlta1[j], tlta1[j], tmpa, ec_ctx);
gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx); gcry_mpi_ec_add (tltb1[j], tltb1[j], tmpb, ec_ctx);
} }
brandt_assert (!ec_point_cmp (tmpa, tlta1[ad->k - 1])); brandt_assert (! ec_point_cmp (tmpa, tlta1[ad->k - 1]));
brandt_assert (!ec_point_cmp (tmpb, tltb1[ad->k - 1])); brandt_assert (! ec_point_cmp (tmpb, tltb1[ad->k - 1]));
/* compute subtrahend: (2M+1)G */ /* compute subtrahend: (2M+1)G */
gcry_mpi_set_ui (factor, ad->m); gcry_mpi_set_ui (factor, ad->m);
gcry_mpi_lshift (factor, factor, 1); gcry_mpi_lshift (factor, factor, 1);
gcry_mpi_add_ui (factor, factor, 1); gcry_mpi_add_ui (factor, factor, 1);
gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx); gcry_mpi_ec_mul (subtr, factor, ec_gen, ec_ctx);
/* compute gamma and delta for price determination */ /* compute gamma and delta for price determination */
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
/* compute inner gamma */ /* compute inner gamma */
gcry_mpi_ec_sub (tmpa, tlta1[j], subtr, ec_ctx); gcry_mpi_ec_sub (tmpa, tlta1[j], subtr, ec_ctx);
/* inner delta */ /* inner delta */
ec_point_copy (tmpb, tltb1[j]); ec_point_copy (tmpb, tltb1[j]);
/* copy unmasked outcome to all other bidder layers so they don't /* copy unmasked outcome to all other bidder layers so they don't
* have to be recomputed to check the ZK proof_2dle's from other * have to be recomputed to check the ZK proof_2dle's from other
* bidders when receiving their outcome messages */ * bidders when receiving their outcome messages */
for (uint16_t a = 0; a < ad->n; a++) for (uint16_t a = 0; a < ad->n; a++)
{ {
ec_point_copy (ad->gamma3[a][0][j], tmpa); ec_point_copy (ad->gamma3[a][0][j], tmpa);
ec_point_copy (ad->delta3[a][0][j], tmpb); ec_point_copy (ad->delta3[a][0][j], tmpb);
} }
} }
/* gamma and delta for winner determination: compute /* gamma and delta for winner determination: compute
* @f$\sum_{h=1}^n\sum_{d=j+1}^k2^{h-1}b_h@f and store it in every bidders gamma and * @f$\sum_{h=1}^n\sum_{d=j+1}^k2^{h-1}b_h@f and store it in every bidders gamma and
* delta, since it is needed each time a gamma,delta pair is received from * delta, since it is needed each time a gamma,delta pair is received from
* another bidder. */ * another bidder. */
for (uint16_t i = 0; i < ad->n; i++) for (uint16_t i = 0; i < ad->n; i++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
/* initialize with zeroes, since we are calculating a sum */ /* initialize with zeroes, since we are calculating a sum */
ec_point_copy (ad->gamma3[i][1][j], ec_zero); ec_point_copy (ad->gamma3[i][1][j], ec_zero);
ec_point_copy (ad->delta3[i][1][j], ec_zero); ec_point_copy (ad->delta3[i][1][j], ec_zero);
} }
} }
gcry_mpi_set_ui (factor, 1); gcry_mpi_set_ui (factor, 1);
for (uint16_t h = 0; h < ad->n; h++) for (uint16_t h = 0; h < ad->n; h++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
for (uint16_t d = j + 1; d < ad->k; d++) for (uint16_t d = j + 1; d < ad->k; d++)
{ {
gcry_mpi_ec_mul (tmpa, factor, ad->alpha[h][d], ec_ctx); gcry_mpi_ec_mul (tmpa, factor, ad->alpha[h][d], ec_ctx);
gcry_mpi_ec_add (ad->gamma3[0][1][j], gcry_mpi_ec_add (ad->gamma3[0][1][j],
ad->gamma3[0][1][j], ad->gamma3[0][1][j],
tmpa, tmpa,
ec_ctx); ec_ctx);
gcry_mpi_ec_mul (tmpb, factor, ad->beta[h][d], ec_ctx); gcry_mpi_ec_mul (tmpb, factor, ad->beta[h][d], ec_ctx);
gcry_mpi_ec_add (ad->delta3[0][1][j], gcry_mpi_ec_add (ad->delta3[0][1][j],
ad->delta3[0][1][j], ad->delta3[0][1][j],
tmpb, tmpb,
ec_ctx); ec_ctx);
} }
} }
gcry_mpi_lshift (factor, factor, 1); gcry_mpi_lshift (factor, factor, 1);
} }
/* copy component to all bidders so they don't have to be recomputed */ /* copy component to all bidders so they don't have to be recomputed */
for (uint16_t a = 1; a < ad->n; a++) for (uint16_t a = 1; a < ad->n; a++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_copy (ad->gamma3[a][1][j], ad->gamma3[0][1][j]); ec_point_copy (ad->gamma3[a][1][j], ad->gamma3[0][1][j]);
ec_point_copy (ad->delta3[a][1][j], ad->delta3[0][1][j]); ec_point_copy (ad->delta3[a][1][j], ad->delta3[0][1][j]);
} }
} }
gcry_mpi_release (factor); gcry_mpi_release (factor);
gcry_mpi_point_release (subtr); gcry_mpi_point_release (subtr);
gcry_mpi_point_release (tmpa); gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb); gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k); smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k); smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k); smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k); smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k); smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k); smc_free2 (tltb3, ad->n, ad->k);
} }
@ -189,156 +189,156 @@ mp_pub_prep_outcome (struct BRANDT_Auction *ad)
unsigned char * unsigned char *
mp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) mp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{ {
unsigned char *ret; unsigned char *ret;
unsigned char *cur; unsigned char *cur;
struct msg_head *head; struct msg_head *head;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct ec_mpi *gamma; struct ec_mpi *gamma;
struct ec_mpi *delta; struct ec_mpi *delta;
struct proof_2dle *proof2; struct proof_2dle *proof2;
brandt_assert (ad && buflen); brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + /* msg header */ *buflen = (sizeof (*head) /* msg header */
ad->k * /* k * (gamma, delta, proof2) */ + ad->k /* k * (gamma, delta, proof2) */
(sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); * (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char); ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret; head = (struct msg_head *) ret;
head->prot_version = htonl (0); head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome); head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head); cur = ret + sizeof (*head);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gamma = (struct ec_mpi *)cur; gamma = (struct ec_mpi *) cur;
delta = &((struct ec_mpi *)cur)[1]; delta = &((struct ec_mpi *) cur)[1];
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
/* only send the price determination gamma,delta pair, since the winner /* only send the price determination gamma,delta pair, since the winner
* determination pair can and will be computed by the receiver */ * determination pair can and will be computed by the receiver */
ec_point_copy (tmpa, ad->gamma3[ad->i][0][j]); ec_point_copy (tmpa, ad->gamma3[ad->i][0][j]);
ec_point_copy (tmpb, ad->delta3[ad->i][0][j]); ec_point_copy (tmpb, ad->delta3[ad->i][0][j]);
/* apply random masking for losing bidders */ /* apply random masking for losing bidders */
smc_zkp_2dle (ad->gamma3[ad->i][0][j], smc_zkp_2dle (ad->gamma3[ad->i][0][j],
ad->delta3[ad->i][0][j], ad->delta3[ad->i][0][j],
tmpa, tmpa,
tmpb, tmpb,
NULL, NULL,
proof2); proof2);
ec_point_serialize (gamma, ad->gamma3[ad->i][0][j]); ec_point_serialize (gamma, ad->gamma3[ad->i][0][j]);
ec_point_serialize (delta, ad->delta3[ad->i][0][j]); ec_point_serialize (delta, ad->delta3[ad->i][0][j]);
/* compute own winner determination gamma,delta pair */ /* compute own winner determination gamma,delta pair */
gcry_mpi_ec_add (ad->gamma3[ad->i][1][j], gcry_mpi_ec_add (ad->gamma3[ad->i][1][j],
ad->gamma3[ad->i][0][j], ad->gamma3[ad->i][0][j],
ad->gamma3[ad->i][1][j], ad->gamma3[ad->i][1][j],
ec_ctx); ec_ctx);
gcry_mpi_ec_add (ad->delta3[ad->i][1][j], gcry_mpi_ec_add (ad->delta3[ad->i][1][j],
ad->delta3[ad->i][0][j], ad->delta3[ad->i][0][j],
ad->delta3[ad->i][1][j], ad->delta3[ad->i][1][j],
ec_ctx); ec_ctx);
cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2);
} }
gcry_mpi_point_release (tmpa); gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb); gcry_mpi_point_release (tmpb);
return ret; return ret;
} }
int int
mp_pub_recv_outcome (struct BRANDT_Auction *ad, mp_pub_recv_outcome (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender) uint16_t sender)
{ {
int ret = 0; int ret = 0;
const unsigned char *cur = buf; const unsigned char *cur = buf;
struct proof_2dle *proof2; struct proof_2dle *proof2;
gcry_mpi_point_t gamma = gcry_mpi_point_new (0); gcry_mpi_point_t gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t delta = gcry_mpi_point_new (0); gcry_mpi_point_t delta = gcry_mpi_point_new (0);
brandt_assert (ad && buf); brandt_assert (ad && buf);
if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2))))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"wrong size of received outcome\n"); "wrong size of received outcome\n");
goto quit; goto quit;
} }
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_parse (gamma, (struct ec_mpi *)cur); ec_point_parse (gamma, (struct ec_mpi *) cur);
ec_point_parse (delta, &((struct ec_mpi *)cur)[1]); ec_point_parse (delta, &((struct ec_mpi *) cur)[1]);
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + 2 * sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (gamma, if (smc_zkp_2dle_check (gamma,
delta, delta,
ad->gamma3[sender][0][j], ad->gamma3[sender][0][j],
ad->delta3[sender][0][j], ad->delta3[sender][0][j],
proof2)) proof2))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt", "libbrandt",
"wrong zkp2 for gamma, delta received\n"); "wrong zkp2 for gamma, delta received\n");
goto quit; goto quit;
} }
ec_point_copy (ad->gamma3[sender][0][j], gamma); ec_point_copy (ad->gamma3[sender][0][j], gamma);
ec_point_copy (ad->delta3[sender][0][j], delta); ec_point_copy (ad->delta3[sender][0][j], delta);
/* compute winner determination gamma,delta pair */ /* compute winner determination gamma,delta pair */
gcry_mpi_ec_add (ad->gamma3[sender][1][j], gcry_mpi_ec_add (ad->gamma3[sender][1][j],
ad->gamma3[sender][0][j], ad->gamma3[sender][0][j],
ad->gamma3[sender][1][j], ad->gamma3[sender][1][j],
ec_ctx); ec_ctx);
gcry_mpi_ec_add (ad->delta3[sender][1][j], gcry_mpi_ec_add (ad->delta3[sender][1][j],
ad->delta3[sender][0][j], ad->delta3[sender][0][j],
ad->delta3[sender][1][j], ad->delta3[sender][1][j],
ec_ctx); ec_ctx);
cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2);
} }
ret = 1; ret = 1;
quit: quit:
gcry_mpi_point_release (gamma); gcry_mpi_point_release (gamma);
gcry_mpi_point_release (delta); gcry_mpi_point_release (delta);
return ret; return ret;
} }
void void
mp_pub_prep_decryption (struct BRANDT_Auction *ad) mp_pub_prep_decryption (struct BRANDT_Auction *ad)
{ {
gcry_mpi_point_t tmp_price = gcry_mpi_point_new (0); gcry_mpi_point_t tmp_price = gcry_mpi_point_new (0);
gcry_mpi_point_t tmp_winner = gcry_mpi_point_new (0); gcry_mpi_point_t tmp_winner = gcry_mpi_point_new (0);
ad->phi3 = smc_init3 (ad->n, 2, ad->k); ad->phi3 = smc_init3 (ad->n, 2, ad->k);
brandt_assert (ad->phi3); brandt_assert (ad->phi3);
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
smc_sum (tmp_price, &ad->delta3[0][0][j], ad->n, 2 * ad->k); smc_sum (tmp_price, &ad->delta3[0][0][j], ad->n, 2 * ad->k);
smc_sum (tmp_winner, &ad->delta3[0][1][j], ad->n, 2 * ad->k); smc_sum (tmp_winner, &ad->delta3[0][1][j], ad->n, 2 * ad->k);
/* copy still encrypted outcome to all other bidder layers so they /* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from * don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */ * other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++) for (uint16_t a = 0; a < ad->n; a++)
{ {
ec_point_copy (ad->phi3[a][0][j], tmp_price); ec_point_copy (ad->phi3[a][0][j], tmp_price);
ec_point_copy (ad->phi3[a][1][j], tmp_winner); ec_point_copy (ad->phi3[a][1][j], tmp_winner);
} }
} }
gcry_mpi_point_release (tmp_price); gcry_mpi_point_release (tmp_price);
gcry_mpi_point_release (tmp_winner); gcry_mpi_point_release (tmp_winner);
} }
@ -354,101 +354,101 @@ mp_pub_prep_decryption (struct BRANDT_Auction *ad)
unsigned char * unsigned char *
mp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) mp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{ {
unsigned char *ret; unsigned char *ret;
unsigned char *cur; unsigned char *cur;
gcry_mpi_point_t tmp = gcry_mpi_point_new (0); gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
struct msg_head *head; struct msg_head *head;
struct ec_mpi *phi; struct ec_mpi *phi;
struct proof_2dle *proof2; struct proof_2dle *proof2;
brandt_assert (ad && buflen); brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + 2 * ad->k * (sizeof (*phi) + sizeof (*proof2))); *buflen = (sizeof (*head) + 2 * ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char); ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret; head = (struct msg_head *) ret;
head->prot_version = htonl (0); head->prot_version = htonl (0);
head->msg_type = htonl (msg_decrypt); head->msg_type = htonl (msg_decrypt);
cur = ret + sizeof (*head); cur = ret + sizeof (*head);
/* decrypt price and winner components */ /* decrypt price and winner components */
for (uint16_t comp = 0; comp < 2; comp++) for (uint16_t comp = 0; comp < 2; comp++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
phi = (struct ec_mpi *)cur; phi = (struct ec_mpi *) cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); proof2 = (struct proof_2dle *) (cur + sizeof (*phi));
ec_point_copy (tmp, ad->phi3[ad->i][comp][j]); ec_point_copy (tmp, ad->phi3[ad->i][comp][j]);
/* decrypt outcome component and prove the correct key was used */ /* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi3[ad->i][comp][j], smc_zkp_2dle (ad->phi3[ad->i][comp][j],
NULL, NULL,
tmp, tmp,
ec_gen, ec_gen,
ad->x, ad->x,
proof2); proof2);
ec_point_serialize (phi, ad->phi3[ad->i][comp][j]); ec_point_serialize (phi, ad->phi3[ad->i][comp][j]);
cur += sizeof (*phi) + sizeof (*proof2); cur += sizeof (*phi) + sizeof (*proof2);
} }
} }
gcry_mpi_point_release (tmp); gcry_mpi_point_release (tmp);
return ret; return ret;
} }
int int
mp_pub_recv_decryption (struct BRANDT_Auction *ad, mp_pub_recv_decryption (struct BRANDT_Auction *ad,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
uint16_t sender) uint16_t sender)
{ {
int ret = 0; int ret = 0;
const unsigned char *cur = buf; const unsigned char *cur = buf;
struct proof_2dle *proof2; struct proof_2dle *proof2;
gcry_mpi_point_t phi = gcry_mpi_point_new (0); gcry_mpi_point_t phi = gcry_mpi_point_new (0);
brandt_assert (ad && buf); brandt_assert (ad && buf);
if (buflen != (2 * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) if (buflen != (2 * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2))))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong size of received outcome decryption\n"); "wrong size of received outcome decryption\n");
goto quit; goto quit;
} }
/* handle received price and winner components */ /* handle received price and winner components */
for (uint16_t comp = 0; comp < 2; comp++) for (uint16_t comp = 0; comp < 2; comp++)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
ec_point_parse (phi, (struct ec_mpi *)cur); ec_point_parse (phi, (struct ec_mpi *) cur);
proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); proof2 = (struct proof_2dle *) (cur + sizeof (struct ec_mpi));
if (smc_zkp_2dle_check (phi, if (smc_zkp_2dle_check (phi,
ad->y[sender], ad->y[sender],
ad->phi3[sender][comp][j], ad->phi3[sender][comp][j],
ec_gen, ec_gen,
proof2)) proof2))
{ {
GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
"libbrandt", "libbrandt",
"wrong zkp2 for phi, y received\n"); "wrong zkp2 for phi, y received\n");
goto quit; goto quit;
} }
ec_point_copy (ad->phi3[sender][comp][j], phi); ec_point_copy (ad->phi3[sender][comp][j], phi);
cur += sizeof (struct ec_mpi) + sizeof (*proof2); cur += sizeof (struct ec_mpi) + sizeof (*proof2);
} }
} }
ret = 1; ret = 1;
quit: quit:
gcry_mpi_point_release (phi); gcry_mpi_point_release (phi);
return ret; return ret;
} }
@ -456,83 +456,96 @@ struct BRANDT_Result *
mp_pub_determine_outcome (struct BRANDT_Auction *ad, mp_pub_determine_outcome (struct BRANDT_Auction *ad,
uint16_t *len) uint16_t *len)
{ {
struct BRANDT_Result *ret; struct BRANDT_Result *ret;
int32_t price = -1; int32_t price = -1;
uint16_t cur_winner = 0; uint16_t cur_winner = 0;
int dlogi = -1; int dlogi = -1;
gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0);
gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0);
brandt_assert (ad); brandt_assert (ad);
for (uint16_t j = ad->k - 1; j >= 0; j--) for (uint16_t j = ad->k - 1; j >= 0; j--)
{ {
smc_sum (sum_gamma, &ad->gamma3[0][0][j], ad->n, 2 * ad->k); smc_sum (sum_gamma, &ad->gamma3[0][0][j], ad->n, 2 * ad->k);
smc_sum (sum_phi, &ad->phi3[0][0][j], ad->n, 2 * ad->k); smc_sum (sum_phi, &ad->phi3[0][0][j], ad->n, 2 * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
/* first zero component determines the price */ /* first zero component determines the price */
if (!ec_point_cmp (sum_gamma, ec_zero)) if (! ec_point_cmp (sum_gamma, ec_zero))
{ {
price = j; price = j;
break; break;
} }
} }
if (-1 == price) if (-1 == price)
return NULL; return NULL;
/* extract winners point for the winning price */ /* extract winners point for the winning price */
smc_sum (sum_gamma, &ad->gamma3[0][1][price], ad->n, 2 * ad->k); smc_sum (sum_gamma, &ad->gamma3[0][1][price], ad->n, 2 * ad->k);
smc_sum (sum_phi, &ad->phi3[0][1][price], ad->n, 2 * ad->k); smc_sum (sum_phi, &ad->phi3[0][1][price], ad->n, 2 * ad->k);
gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx);
dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx, sum_gamma); {
brandt_assert (dlogi > 0); struct GNUNET_CRYPTO_EccPoint ec_point = {0};
gcry_mpi_t q_y;
/* all bidders participated with a multiplicative share */ GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", sum_gamma, ec_ctx));
dlogi /= ad->n; q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ec_ctx, 0);
GNUNET_assert (q_y);
GNUNET_CRYPTO_mpi_print_unsigned (ec_point.v,
sizeof(ec_point.v),
q_y);
dlogi = GNUNET_CRYPTO_ecc_dlog (ad->dlogctx,
&ec_point);
gcry_mpi_release (q_y);
}
brandt_assert (dlogi > 0);
price = price / ad->n; /* all bidders participated with a multiplicative share */
ret = GNUNET_new_array (ad->m, struct BRANDT_Result); dlogi /= ad->n;
/* can only support up to bits(dlogi) bidders */ price = price / ad->n;
brandt_assert (sizeof (int) * 8 > ad->n); ret = GNUNET_new_array (ad->m, struct BRANDT_Result);
for (uint16_t i = 0; i < ad->n; i++)
{
/* a set bit determines a winner */
if (dlogi & (1 << i))
{
if (cur_winner >= ad->m)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too many winners detected\n");
GNUNET_free (ret);
ret = NULL;
goto quit;
}
ret[cur_winner].bidder = i; /* can only support up to bits(dlogi) bidders */
ret[cur_winner].price = price; brandt_assert (sizeof (int) * 8 > ad->n);
ret[cur_winner].status = BRANDT_bidder_won; for (uint16_t i = 0; i < ad->n; i++)
cur_winner++; {
} /* a set bit determines a winner */
} if (dlogi & (1 << i))
{
if (cur_winner >= ad->m)
{
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too many winners detected\n");
GNUNET_free (ret);
ret = NULL;
goto quit;
}
if (cur_winner != ad->m) ret[cur_winner].bidder = i;
{ ret[cur_winner].price = price;
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR, ret[cur_winner].status = BRANDT_bidder_won;
"libbrandt", cur_winner++;
"too few winners detected\n"); }
GNUNET_free (ret); }
ret = NULL;
goto quit;
}
if (len) if (cur_winner != ad->m)
*len = ad->m; {
GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
"libbrandt",
"too few winners detected\n");
GNUNET_free (ret);
ret = NULL;
goto quit;
}
if (len)
*len = ad->m;
quit: quit:
gcry_mpi_point_release (sum_gamma); gcry_mpi_point_release (sum_gamma);
gcry_mpi_point_release (sum_phi); gcry_mpi_point_release (sum_phi);
return ret; return ret;
} }

633
replay.c
View File

@ -24,7 +24,7 @@
#include <gnunet/gnunet_util_lib.h> #include <gnunet/gnunet_util_lib.h>
#include <gnunet/gnunet_json_lib.h> #include <gnunet/gnunet_json_lib.h>
#include <taler/taler_amount_lib.h> #include <taler/taler_util.h>
#include <jansson.h> #include <jansson.h>
#include "brandt.h" #include "brandt.h"
@ -33,92 +33,93 @@
struct msg struct msg
{ {
uint16_t sender; uint16_t sender;
void *buf; void *buf;
size_t buf_len; size_t buf_len;
}; };
/* This is basically BRANDT_Result with an extra string field */ /* This is basically BRANDT_Result with an extra string field */
struct result struct result
{ {
uint16_t bidder; uint16_t bidder;
uint16_t price_idx; uint16_t price_idx;
const char *price; const char *price;
}; };
struct transcript struct transcript
{ {
// All fields from json come here. // All fields from json come here.
uint16_t n; // #bidders + 1 uint16_t n; // #bidders + 1
uint16_t k; // #prices uint16_t k; // #prices
uint16_t m; // type of auction uint16_t m; // type of auction
struct GNUNET_TIME_Absolute time_start; struct GNUNET_TIME_Absolute time_start;
struct GNUNET_TIME_Relative time_round; struct GNUNET_TIME_Relative time_round;
bool public; bool public;
char **prices; // Must be of length k. We do not parse those char **prices; // Must be of length k. We do not parse those
struct msg *msgs; // Array must be of length 4*n struct msg *msgs; // Array must be of length 4*n
struct BRANDT_Auction *auction; struct BRANDT_Auction *auction;
struct result *results; struct result *results;
size_t results_len; size_t results_len;
struct result *expected; struct result *expected;
size_t expected_len; size_t expected_len;
uint16_t id; uint16_t id;
struct GNUNET_CRYPTO_EccDlogContext *edc; struct GNUNET_CRYPTO_EccDlogContext *edc;
}; };
static struct transcript tr; /* static struct transcript tr; */
static void static void
print_result (struct transcript *tr, print_result (struct transcript *tr,
char *error) char *error)
{ {
json_t *output; json_t *output;
json_t *results; json_t *results;
if (NULL != error) if (NULL != error)
{ {
output = json_pack ("{s:s}", "error", error); output = json_pack ("{s:s}", "error", error);
GNUNET_assert (output); GNUNET_assert (output);
json_dumpfd (output, 1, JSON_INDENT (2)); json_dumpfd (output, 1, JSON_INDENT (2));
return; return;
} }
GNUNET_assert (NULL != tr); GNUNET_assert (NULL != tr);
output = json_object (); output = json_object ();
results = json_array (); results = json_array ();
GNUNET_assert (output); GNUNET_assert (output);
GNUNET_assert (results); GNUNET_assert (results);
for (size_t i = 0; i < tr->results_len; i++) for (size_t i = 0; i < tr->results_len; i++)
{ {
json_t *result = json_pack ("{s:i, s:s}", json_t *result = json_pack ("{s:i, s:i, s:s}",
"bidder", tr->results[i].bidder, "bidder", tr->results[i].bidder,
"price", tr->results[i].price); "price_idx", tr->results[i].price_idx,
GNUNET_assert (result); "price", tr->results[i].price);
GNUNET_assert (result);
GNUNET_assert (-1 != GNUNET_assert (-1 !=
json_array_append_new (results, result)); json_array_append_new (results, result));
} }
GNUNET_assert (-1 != GNUNET_assert (-1 !=
json_object_set_new (output, json_object_set_new (output,
"winners", "winners",
results)); results));
{ {
FILE *f = fdopen (1, "w"); FILE *f = fdopen (1, "w");
GNUNET_assert(f); GNUNET_assert (f);
json_dumpf (output, f, JSON_INDENT (2)); json_dumpf (output, f, JSON_INDENT (2));
fflush (f); fflush (f);
} }
json_decref (output); json_decref (output);
} }
@ -127,336 +128,336 @@ cb_result (void *arg,
struct BRANDT_Result results[], struct BRANDT_Result results[],
uint16_t results_len) uint16_t results_len)
{ {
struct transcript *tr = (struct transcript *) arg; struct transcript *tr = (struct transcript *) arg;
tr->results = GNUNET_new_array (results_len, struct result); tr->results = GNUNET_new_array (results_len, struct result);
tr->results_len = results_len; tr->results_len = results_len;
for (uint16_t i = 0; i < results_len; i++) for (uint16_t i = 0; i < results_len; i++)
{ {
GNUNET_log ( GNUNET_log (
GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_INFO,
"REPLAY [seller] computed result is: bidder %d got status %d with price %d (%s)\n", "REPLAY [seller] computed result is: bidder %d got status %d with price %d (%s)\n",
results[i].bidder, results[i].bidder,
results[i].status, results[i].status,
results[i].price, results[i].price,
tr->prices[results[i].price]); tr->prices[results[i].price]);
tr->results[i].bidder = results[i].bidder; tr->results[i].bidder = results[i].bidder;
tr->results[i].price_idx = results[i].price; tr->results[i].price_idx = results[i].price;
tr->results[i].price = tr->prices[results[i].price]; tr->results[i].price = tr->prices[results[i].price];
} }
for (uint16_t i = 0; i < tr->expected_len; i++) for (uint16_t i = 0; i < tr->expected_len; i++)
{ {
GNUNET_log ( GNUNET_log (
GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_INFO,
"REPLAY [seller] expected result is: bidder %d wins with price %d (%s)\n", "REPLAY [seller] expected result is: bidder %d wins with price %d (%s)\n",
tr->expected[i].bidder, tr->expected[i].bidder,
tr->expected[i].price_idx, tr->expected[i].price_idx,
tr->expected[i].price); tr->expected[i].price);
} }
print_result (tr, NULL); print_result (tr, NULL);
// TODO: compare computed and expected results! // TODO: compare computed and expected results!
} }
static uint16_t static uint16_t
cb_start (void *auction_closure) cb_start (void *auction_closure)
{ {
struct transcript *tr = (struct transcript *) auction_closure; struct transcript *tr = (struct transcript *) auction_closure;
struct cls struct cls
{ {
size_t i; size_t i;
struct transcript *tr; struct transcript *tr;
}; };
void void
resend (void *x) resend (void *x)
{ {
struct cls c = *(struct cls *) x; struct cls c = *(struct cls *) x;
struct msg m = c.tr->msgs[c.i]; struct msg m = c.tr->msgs[c.i];
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"REPLAY sending msg no. %ld, length %ld\n", c.i, m.buf_len); "REPLAY sending msg no. %ld, length %ld\n", c.i, m.buf_len);
BRANDT_got_message (c.tr->auction, m.sender, m.buf, m.buf_len); BRANDT_got_message (c.tr->auction, m.sender, m.buf, m.buf_len);
} }
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "REPLAY start replay auction\n"); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "REPLAY start replay auction\n");
for (size_t i = 0; i < 4 * tr->n; i++) for (size_t i = 0; i < 4 * tr->n; i++)
{ {
struct cls *c = GNUNET_new (struct cls); struct cls *c = GNUNET_new (struct cls);
c->i = i; c->i = i;
c->tr = tr; c->tr = tr;
GNUNET_SCHEDULER_add_now (&resend, (void *) c); GNUNET_SCHEDULER_add_now (&resend, (void *) c);
} }
return tr->n; return tr->n;
} }
static void static void
replay_transcript (void *arg) replay_transcript (void *arg)
{ {
struct transcript *tr = (struct transcript *) arg; struct transcript *tr = (struct transcript *) arg;
void *desc; void *desc;
size_t desc_len; size_t desc_len;
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"REPLAY calling BRANDT_new with %s outcome.\n", "REPLAY calling BRANDT_new with %s outcome.\n",
tr->public ? "public" : "private"); tr->public ? "public" : "private");
tr->auction = BRANDT_new (&cb_result, tr->auction = BRANDT_new (&cb_result,
NULL, NULL,
&cb_start, &cb_start,
tr, tr,
&desc, &desc,
&desc_len, &desc_len,
GNUNET_TIME_absolute_get (), GNUNET_TIME_absolute_get (),
tr->time_round, tr->time_round,
tr->k, /* number of prizes */ tr->k, /* number of prizes */
tr->m, /* m */ tr->m, /* m */
tr->public, /* outcome public */ tr->public, /* outcome public */
tr->public ? tr->edc : NULL); tr->public ? tr->edc : NULL);
if (!tr->auction) if (! tr->auction)
{ {
print_result (NULL, "REPLAY BRANDT_new() failed."); print_result (NULL, "REPLAY BRANDT_new() failed.");
_exit (1); _exit (1);
} }
} }
void void
parse_json_stdin (struct transcript *tr) parse_json_stdin (struct transcript *tr)
{ {
json_error_t jerror; json_error_t jerror;
json_t *jtr; json_t *jtr;
struct GNUNET_CRYPTO_EddsaSignature sig; /* struct GNUNET_CRYPTO_EddsaSignature sig; */
jtr = json_loadfd (0, jtr = json_loadfd (0,
JSON_REJECT_DUPLICATES, JSON_REJECT_DUPLICATES,
&jerror); &jerror);
if (!jtr) if (! jtr)
{ {
char err[4096]; char err[4096];
snprintf (err, snprintf (err,
sizeof(err), sizeof(err),
"failed to parse json: %s in line %d, column %d (pos %d)", "failed to parse json: %s in line %d, column %d (pos %d)",
jerror.text, jerror.line, jerror.column, jerror.position); jerror.text, jerror.line, jerror.column, jerror.position);
print_result (NULL, err); print_result (NULL, err);
_exit (1); _exit (1);
} }
{ {
json_t *auc; json_t *auc;
char *perr; char *perr;
unsigned int eline; unsigned int eline;
struct GNUNET_JSON_Specification au_spec[] = { struct GNUNET_JSON_Specification au_spec[] = {
GNUNET_JSON_spec_bool ("public", &tr->public), GNUNET_JSON_spec_bool ("outcome_public", &tr->public),
GNUNET_JSON_spec_uint16 ("type", &tr->m), GNUNET_JSON_spec_uint16 ("auction_type", &tr->m),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
auc = json_object_get (jtr, "auction"); auc = json_object_get (jtr, "auction");
if (NULL == auc) if (NULL == auc)
{ {
print_result (NULL, print_result (NULL,
"no auction found in input"); "no auction found in input");
_exit (1); _exit (1);
} }
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
GNUNET_JSON_parse (auc, GNUNET_JSON_parse (auc,
au_spec, au_spec,
(const char **) &perr, (const char **) &perr,
&eline)); &eline));
// Prices... // Prices...
{ {
json_t *prices = json_object_get (auc, "prices"); json_t *prices = json_object_get (auc, "prices");
size_t idx; size_t idx;
json_t *val; json_t *val;
if (!json_is_array (prices)) if (! json_is_array (prices))
{ {
print_result (NULL, print_result (NULL,
"no prices found in input"); "no prices found in input");
_exit (1); _exit (1);
} }
tr->k = json_array_size (prices); tr->k = json_array_size (prices);
tr->prices = GNUNET_new_array (tr->k, char *); tr->prices = GNUNET_new_array (tr->k, char *);
json_array_foreach (prices, idx, val) json_array_foreach (prices, idx, val)
{ {
if (!json_is_string (val)) if (! json_is_string (val))
{ {
char err[256]; char err[256];
snprintf (err, snprintf (err,
sizeof(err), sizeof(err),
"price %ld is not a string\n", idx); "price %ld is not a string\n", idx);
print_result (NULL, print_result (NULL,
err); err);
_exit (1); _exit (1);
} }
tr->prices[idx] = (char *) json_string_value (val); tr->prices[idx] = (char *) json_string_value (val);
} }
} }
} }
// Bidders // Bidders
{ {
json_t *bidders; json_t *bidders;
bidders = json_object_get (jtr, "bidders"); bidders = json_object_get (jtr, "bidders");
if (!bidders || !json_is_array (bidders)) if (! bidders || ! json_is_array (bidders))
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"bidders missing or not an array\n"); "bidders missing or not an array\n");
print_result (NULL, "bidders missing or not an array"); print_result (NULL, "bidders missing or not an array");
_exit (1); _exit (1);
} }
tr->n = json_array_size (bidders); tr->n = json_array_size (bidders);
} }
// Messages // Messages
{ {
json_t *messages; json_t *messages;
size_t nm; size_t nm;
size_t idx; size_t idx;
json_t *val; json_t *val;
messages = json_object_get (jtr, "transcript"); messages = json_object_get (jtr, "transcript");
if (!json_is_array (messages)) if (! json_is_array (messages))
{ {
print_result (NULL, "transcript missing or not an array"); print_result (NULL, "transcript missing or not an array");
_exit (1); _exit (1);
} }
nm = json_array_size (messages); nm = json_array_size (messages);
if (nm != (4 * tr->n)) if (nm != (4 * tr->n))
{ {
print_result (NULL, "wrong number of messages in transript"); print_result (NULL, "wrong number of messages in transript");
_exit (1); _exit (1);
} }
tr->msgs = GNUNET_new_array (nm, struct msg); tr->msgs = GNUNET_new_array (nm, struct msg);
json_array_foreach (messages, idx, val) { json_array_foreach (messages, idx, val) {
char *error; char *error;
uint16_t sender; uint16_t sender;
void *msg; void *msg;
size_t size; size_t size;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_uint16 ("bidder", GNUNET_JSON_spec_uint16 ("bidder",
&sender), &sender),
GNUNET_JSON_spec_varsize ("msg", GNUNET_JSON_spec_varsize ("msg",
&msg, &msg,
&size), &size),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_JSON_parse (val, GNUNET_JSON_parse (val,
spec, spec,
(const char**) &error, (const char**) &error,
NULL)) NULL))
{ {
char err[4096]; char err[4096];
snprintf (err, snprintf (err,
sizeof(err), sizeof(err),
"error parsing message[%ld] in transcript: %s", "error parsing message[%ld] in transcript: %s",
idx, idx,
error); error);
print_result (NULL, err); print_result (NULL, err);
_exit (1); _exit (1);
} }
tr->msgs[idx].sender = sender; tr->msgs[idx].sender = sender;
tr->msgs[idx].buf = msg; tr->msgs[idx].buf = msg;
tr->msgs[idx].buf_len = size; tr->msgs[idx].buf_len = size;
} }
} }
// Winners // Winners
{ {
json_t *winners; json_t *winners;
size_t idx; size_t idx;
json_t *val; json_t *val;
winners = json_object_get (jtr, "winners"); winners = json_object_get (jtr, "winners");
if (!json_is_array (winners)) if (! json_is_array (winners))
{ {
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"winners not provided, continuing without\n"); "winners not provided, continuing without\n");
goto CONT; goto CONT;
} }
tr->expected_len = json_array_size (winners); tr->expected_len = json_array_size (winners);
tr->expected = GNUNET_new_array (tr->expected_len, tr->expected = GNUNET_new_array (tr->expected_len,
struct result); struct result);
json_array_foreach (winners, idx, val) { json_array_foreach (winners, idx, val) {
char *error; char *error;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_uint16 ("bidder", GNUNET_JSON_spec_uint16 ("bidder",
&(tr->expected[idx].bidder)), &(tr->expected[idx].bidder)),
GNUNET_JSON_spec_uint16 ("price_idx", GNUNET_JSON_spec_uint16 ("price_idx",
&(tr->expected[idx].price_idx)), &(tr->expected[idx].price_idx)),
GNUNET_JSON_spec_string ("price", GNUNET_JSON_spec_string ("price",
&(tr->expected[idx].price)), &(tr->expected[idx].price)),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_JSON_parse (val, GNUNET_JSON_parse (val,
spec, spec,
(const char**) &error, (const char**) &error,
NULL)) NULL))
{ {
char err[4096]; char err[4096];
snprintf (err, snprintf (err,
sizeof(err), sizeof(err),
"error parsing winners[%ld] in transcript: %s", "error parsing winners[%ld] in transcript: %s",
idx, idx,
error); error);
_exit (1); _exit (1);
} }
} }
CONT: CONT:
} }
} }
int int
main (int argc, char *argv[]) main (int argc, char *argv[])
{ {
int ret = 0; int ret = 0;
struct transcript tr = {0}; struct transcript tr = {0};
if (GNUNET_OK != GNUNET_log_setup ("replay", "INFO", NULL)) if (GNUNET_OK != GNUNET_log_setup ("replay", "INFO", NULL))
return 1; return 1;
BRANDT_init (); BRANDT_init ();
parse_json_stdin (&tr); parse_json_stdin (&tr);
tr.edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024 * 1024 * 40, 1024); tr.edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024 * 1024 * 40, 1024);
GNUNET_SCHEDULER_run (&replay_transcript, &tr); GNUNET_SCHEDULER_run (&replay_transcript, &tr);
GNUNET_CRYPTO_ecc_dlog_release (tr.edc); GNUNET_CRYPTO_ecc_dlog_release (tr.edc);
GNUNET_free (tr.msgs); GNUNET_free (tr.msgs);
return ret; return ret;
} }

11
test.h
View File

@ -27,10 +27,11 @@
int tests_run = 0; int tests_run = 0;
int ret = 0; int ret = 0;
#define CHECK(cond, message) do { if (!(cond)) { fputs (message, stderr); fputc ( \ #define CHECK(cond, message) do { if (! (cond)) { fputs (message, stderr); \
'\n', \ fputc ( \
stderr); return 0; \ '\n', \
} } while (0) stderr); return 0; \
#define RUN(test) do { if (!test ()) { ret = 1; } } while (0) } } while (0)
#define RUN(test) do { if (! test ()) { ret = 1; } } while (0)
#endif // ifndef _BRANDT_TEST_H #endif // ifndef _BRANDT_TEST_H

File diff suppressed because it is too large Load Diff

View File

@ -31,130 +31,130 @@
static int static int
test_serialization () test_serialization ()
{ {
gcry_mpi_point_t oldp = gcry_mpi_point_new (0); gcry_mpi_point_t oldp = gcry_mpi_point_new (0);
gcry_mpi_point_t newp = gcry_mpi_point_new (0); gcry_mpi_point_t newp = gcry_mpi_point_new (0);
gcry_mpi_t oldi = gcry_mpi_new (256); gcry_mpi_t oldi = gcry_mpi_new (256);
gcry_mpi_t newi = gcry_mpi_new (256); gcry_mpi_t newi = gcry_mpi_new (256);
struct ec_mpi serp; struct ec_mpi serp;
struct ec_mpi seri; struct ec_mpi seri;
ec_keypair_create (oldp, oldi); ec_keypair_create (oldp, oldi);
ec_point_serialize (&serp, oldp); ec_point_serialize (&serp, oldp);
mpi_serialize (&seri, oldi); mpi_serialize (&seri, oldi);
ec_point_parse (newp, &serp); ec_point_parse (newp, &serp);
mpi_parse (newi, &seri); mpi_parse (newi, &seri);
CHECK (!ec_point_cmp (oldp, newp), "serialization changed point"); CHECK (! ec_point_cmp (oldp, newp), "serialization changed point");
CHECK (!gcry_mpi_cmp (oldi, newi), "serialization changed mpi"); CHECK (! gcry_mpi_cmp (oldi, newi), "serialization changed mpi");
mpi_serialize (&seri, GCRYMPI_CONST_ONE); mpi_serialize (&seri, GCRYMPI_CONST_ONE);
mpi_parse (newi, &seri); mpi_parse (newi, &seri);
CHECK (!gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail"); CHECK (! gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail");
gcry_mpi_point_release (oldp); gcry_mpi_point_release (oldp);
gcry_mpi_point_release (newp); gcry_mpi_point_release (newp);
gcry_mpi_release (oldi); gcry_mpi_release (oldi);
gcry_mpi_release (newi); gcry_mpi_release (newi);
return 1; return 1;
} }
static int static int
test_smc_zkp_dl () test_smc_zkp_dl ()
{ {
struct proof_dl proof; struct proof_dl proof;
gcry_mpi_t x = gcry_mpi_new (256); gcry_mpi_t x = gcry_mpi_new (256);
gcry_mpi_point_t v = gcry_mpi_point_new (0); gcry_mpi_point_t v = gcry_mpi_point_new (0);
ec_skey_create (x); ec_skey_create (x);
smc_zkp_dl (v, x, &proof); smc_zkp_dl (v, x, &proof);
CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve"); CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
CHECK (!smc_zkp_dl_check (v, &proof), "zkp dl wrong"); CHECK (! smc_zkp_dl_check (v, &proof), "zkp dl wrong");
gcry_mpi_release (x); gcry_mpi_release (x);
gcry_mpi_point_release (v); gcry_mpi_point_release (v);
return 1; return 1;
} }
static int static int
test_smc_zkp_2dle () test_smc_zkp_2dle ()
{ {
struct proof_2dle proof; struct proof_2dle proof;
gcry_mpi_t x = gcry_mpi_new (256); gcry_mpi_t x = gcry_mpi_new (256);
gcry_mpi_point_t g1 = gcry_mpi_point_new (0); gcry_mpi_point_t g1 = gcry_mpi_point_new (0);
gcry_mpi_point_t g2 = gcry_mpi_point_new (0); gcry_mpi_point_t g2 = gcry_mpi_point_new (0);
gcry_mpi_point_t v = gcry_mpi_point_new (0); gcry_mpi_point_t v = gcry_mpi_point_new (0);
gcry_mpi_point_t w = gcry_mpi_point_new (0); gcry_mpi_point_t w = gcry_mpi_point_new (0);
ec_keypair_create (g1, x); ec_keypair_create (g1, x);
ec_keypair_create (g2, x); ec_keypair_create (g2, x);
smc_zkp_2dle (v, w, g1, g2, x, &proof); smc_zkp_2dle (v, w, g1, g2, x, &proof);
CHECK (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve"); CHECK (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve"); CHECK (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve"); CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve"); CHECK (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve");
CHECK (!smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong"); CHECK (! smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong");
gcry_mpi_release (x); gcry_mpi_release (x);
gcry_mpi_point_release (g1); gcry_mpi_point_release (g1);
gcry_mpi_point_release (g2); gcry_mpi_point_release (g2);
gcry_mpi_point_release (v); gcry_mpi_point_release (v);
gcry_mpi_point_release (w); gcry_mpi_point_release (w);
return 1; return 1;
} }
static int static int
test_smc_zkp_0og () test_smc_zkp_0og ()
{ {
struct proof_0og proof; struct proof_0og proof;
gcry_mpi_point_t y = gcry_mpi_point_new (0); gcry_mpi_point_t y = gcry_mpi_point_new (0);
gcry_mpi_point_t alpha = gcry_mpi_point_new (0); gcry_mpi_point_t alpha = gcry_mpi_point_new (0);
gcry_mpi_point_t beta = gcry_mpi_point_new (0); gcry_mpi_point_t beta = gcry_mpi_point_new (0);
/* get random public key point. We don't need the secret key to check the /* get random public key point. We don't need the secret key to check the
* proof here */ * proof here */
ec_keypair_create (y, NULL); ec_keypair_create (y, NULL);
smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof); smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof);
CHECK (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve"); CHECK (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve");
CHECK (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve"); CHECK (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve");
CHECK (!smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong"); CHECK (! smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong");
gcry_mpi_point_release (y); gcry_mpi_point_release (y);
gcry_mpi_point_release (alpha); gcry_mpi_point_release (alpha);
gcry_mpi_point_release (beta); gcry_mpi_point_release (beta);
return 1; return 1;
} }
int int
main (int argc, char *argv[]) main (int argc, char *argv[])
{ {
int repeat = 1; int repeat = 1;
struct GNUNET_CRYPTO_EccDlogContext *edc; struct GNUNET_CRYPTO_EccDlogContext *edc;
if (GNUNET_OK != GNUNET_log_setup ("test_crypto", "WARNING", NULL)) if (GNUNET_OK != GNUNET_log_setup ("test_crypto", "WARNING", NULL))
return 1; return 1;
edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16);
BRANDT_init (edc); BRANDT_init (edc);
/* tests that need to run only once */ /* tests that need to run only once */
RUN (test_serialization); RUN (test_serialization);
for (tests_run = 0; tests_run < repeat; tests_run++) for (tests_run = 0; tests_run < repeat; tests_run++)
{ {
RUN (test_smc_zkp_dl); RUN (test_smc_zkp_dl);
RUN (test_smc_zkp_2dle); RUN (test_smc_zkp_2dle);
RUN (test_smc_zkp_0og); RUN (test_smc_zkp_0og);
} }
GNUNET_CRYPTO_ecc_dlog_release (edc); GNUNET_CRYPTO_ecc_dlog_release (edc);
return ret; return ret;
} }

12
util.h
View File

@ -29,15 +29,15 @@
#ifdef NDEBUG #ifdef NDEBUG
#define DP(point) ((void)(gcry_log_debugpnt (# point, point, ec_ctx))) #define DP(point) ((void) (gcry_log_debugpnt (# point, point, ec_ctx)))
#define DM(mpi) ((void)(gcry_log_debugmpi (# mpi, mpi))) #define DM(mpi) ((void) (gcry_log_debugmpi (# mpi, mpi)))
#define DS(sexp) ((void)(gcry_log_debugsxp (# sexp, sexp))) #define DS(sexp) ((void) (gcry_log_debugsxp (# sexp, sexp)))
#else /* ifdef NDEBUG */ #else /* ifdef NDEBUG */
#define DP(point) ((void)(0)) #define DP(point) ((void) (0))
#define DM(mpi) ((void)(0)) #define DM(mpi) ((void) (0))
#define DS(sexp) ((void)(0)) #define DS(sexp) ((void) (0))
#endif /* ifdef NDEBUG */ #endif /* ifdef NDEBUG */