mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1491289 - re-vendor libprio to pick up fixes for using system NSS r=glandium 

Differential Revision: https://phabricator.services.mozilla.com/D6082

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Robert Helmer 2018-09-18 04:36:49 +00:00
Родитель 8d7a1df18a
Коммит 88ee2451ac
50 изменённых файлов: 9546 добавлений и 13050 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

373
third_party/prio/LICENSE поставляемый
Просмотреть файл

@ -1,373 +0,0 @@
Mozilla Public License Version 2.0
==================================
1. Definitions
--------------
1.1. "Contributor"
means each individual or legal entity that creates, contributes to
the creation of, or owns Covered Software.
1.2. "Contributor Version"
means the combination of the Contributions of others (if any) used
by a Contributor and that particular Contributor's Contribution.
1.3. "Contribution"
means Covered Software of a particular Contributor.
1.4. "Covered Software"
means Source Code Form to which the initial Contributor has attached
the notice in Exhibit A, the Executable Form of such Source Code
Form, and Modifications of such Source Code Form, in each case
including portions thereof.
1.5. "Incompatible With Secondary Licenses"
means
(a) that the initial Contributor has attached the notice described
in Exhibit B to the Covered Software; or
(b) that the Covered Software was made available under the terms of
version 1.1 or earlier of the License, but not also under the
terms of a Secondary License.
1.6. "Executable Form"
means any form of the work other than Source Code Form.
1.7. "Larger Work"
means a work that combines Covered Software with other material, in
a separate file or files, that is not Covered Software.
1.8. "License"
means this document.
1.9. "Licensable"
means having the right to grant, to the maximum extent possible,
whether at the time of the initial grant or subsequently, any and
all of the rights conveyed by this License.
1.10. "Modifications"
means any of the following:
(a) any file in Source Code Form that results from an addition to,
deletion from, or modification of the contents of Covered
Software; or
(b) any new file in Source Code Form that contains any Covered
Software.
1.11. "Patent Claims" of a Contributor
means any patent claim(s), including without limitation, method,
process, and apparatus claims, in any patent Licensable by such
Contributor that would be infringed, but for the grant of the
License, by the making, using, selling, offering for sale, having
made, import, or transfer of either its Contributions or its
Contributor Version.
1.12. "Secondary License"
means either the GNU General Public License, Version 2.0, the GNU
Lesser General Public License, Version 2.1, the GNU Affero General
Public License, Version 3.0, or any later versions of those
licenses.
1.13. "Source Code Form"
means the form of the work preferred for making modifications.
1.14. "You" (or "Your")
means an individual or a legal entity exercising rights under this
License. For legal entities, "You" includes any entity that
controls, is controlled by, or is under common control with You. For
purposes of this definition, "control" means (a) the power, direct
or indirect, to cause the direction or management of such entity,
whether by contract or otherwise, or (b) ownership of more than
fifty percent (50%) of the outstanding shares or beneficial
ownership of such entity.
2. License Grants and Conditions
--------------------------------
2.1. Grants
Each Contributor hereby grants You a world-wide, royalty-free,
non-exclusive license:
(a) under intellectual property rights (other than patent or trademark)
Licensable by such Contributor to use, reproduce, make available,
modify, display, perform, distribute, and otherwise exploit its
Contributions, either on an unmodified basis, with Modifications, or
as part of a Larger Work; and
(b) under Patent Claims of such Contributor to make, use, sell, offer
for sale, have made, import, and otherwise transfer either its
Contributions or its Contributor Version.
2.2. Effective Date
The licenses granted in Section 2.1 with respect to any Contribution
become effective for each Contribution on the date the Contributor first
distributes such Contribution.
2.3. Limitations on Grant Scope
The licenses granted in this Section 2 are the only rights granted under
this License. No additional rights or licenses will be implied from the
distribution or licensing of Covered Software under this License.
Notwithstanding Section 2.1(b) above, no patent license is granted by a
Contributor:
(a) for any code that a Contributor has removed from Covered Software;
or
(b) for infringements caused by: (i) Your and any other third party's
modifications of Covered Software, or (ii) the combination of its
Contributions with other software (except as part of its Contributor
Version); or
(c) under Patent Claims infringed by Covered Software in the absence of
its Contributions.
This License does not grant any rights in the trademarks, service marks,
or logos of any Contributor (except as may be necessary to comply with
the notice requirements in Section 3.4).
2.4. Subsequent Licenses
No Contributor makes additional grants as a result of Your choice to
distribute the Covered Software under a subsequent version of this
License (see Section 10.2) or under the terms of a Secondary License (if
permitted under the terms of Section 3.3).
2.5. Representation
Each Contributor represents that the Contributor believes its
Contributions are its original creation(s) or it has sufficient rights
to grant the rights to its Contributions conveyed by this License.
2.6. Fair Use
This License is not intended to limit any rights You have under
applicable copyright doctrines of fair use, fair dealing, or other
equivalents.
2.7. Conditions
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
in Section 2.1.
3. Responsibilities
-------------------
3.1. Distribution of Source Form
All distribution of Covered Software in Source Code Form, including any
Modifications that You create or to which You contribute, must be under
the terms of this License. You must inform recipients that the Source
Code Form of the Covered Software is governed by the terms of this
License, and how they can obtain a copy of this License. You may not
attempt to alter or restrict the recipients' rights in the Source Code
Form.
3.2. Distribution of Executable Form
If You distribute Covered Software in Executable Form then:
(a) such Covered Software must also be made available in Source Code
Form, as described in Section 3.1, and You must inform recipients of
the Executable Form how they can obtain a copy of such Source Code
Form by reasonable means in a timely manner, at a charge no more
than the cost of distribution to the recipient; and
(b) You may distribute such Executable Form under the terms of this
License, or sublicense it under different terms, provided that the
license for the Executable Form does not attempt to limit or alter
the recipients' rights in the Source Code Form under this License.
3.3. Distribution of a Larger Work
You may create and distribute a Larger Work under terms of Your choice,
provided that You also comply with the requirements of this License for
the Covered Software. If the Larger Work is a combination of Covered
Software with a work governed by one or more Secondary Licenses, and the
Covered Software is not Incompatible With Secondary Licenses, this
License permits You to additionally distribute such Covered Software
under the terms of such Secondary License(s), so that the recipient of
the Larger Work may, at their option, further distribute the Covered
Software under the terms of either this License or such Secondary
License(s).
3.4. Notices
You may not remove or alter the substance of any license notices
(including copyright notices, patent notices, disclaimers of warranty,
or limitations of liability) contained within the Source Code Form of
the Covered Software, except that You may alter any license notices to
the extent required to remedy known factual inaccuracies.
3.5. Application of Additional Terms
You may choose to offer, and to charge a fee for, warranty, support,
indemnity or liability obligations to one or more recipients of Covered
Software. However, You may do so only on Your own behalf, and not on
behalf of any Contributor. You must make it absolutely clear that any
such warranty, support, indemnity, or liability obligation is offered by
You alone, and You hereby agree to indemnify every Contributor for any
liability incurred by such Contributor as a result of warranty, support,
indemnity or liability terms You offer. You may include additional
disclaimers of warranty and limitations of liability specific to any
jurisdiction.
4. Inability to Comply Due to Statute or Regulation
---------------------------------------------------
If it is impossible for You to comply with any of the terms of this
License with respect to some or all of the Covered Software due to
statute, judicial order, or regulation then You must: (a) comply with
the terms of this License to the maximum extent possible; and (b)
describe the limitations and the code they affect. Such description must
be placed in a text file included with all distributions of the Covered
Software under this License. Except to the extent prohibited by statute
or regulation, such description must be sufficiently detailed for a
recipient of ordinary skill to be able to understand it.
5. Termination
--------------
5.1. The rights granted under this License will terminate automatically
if You fail to comply with any of its terms. However, if You become
compliant, then the rights granted under this License from a particular
Contributor are reinstated (a) provisionally, unless and until such
Contributor explicitly and finally terminates Your grants, and (b) on an
ongoing basis, if such Contributor fails to notify You of the
non-compliance by some reasonable means prior to 60 days after You have
come back into compliance. Moreover, Your grants from a particular
Contributor are reinstated on an ongoing basis if such Contributor
notifies You of the non-compliance by some reasonable means, this is the
first time You have received notice of non-compliance with this License
from such Contributor, and You become compliant prior to 30 days after
Your receipt of the notice.
5.2. If You initiate litigation against any entity by asserting a patent
infringement claim (excluding declaratory judgment actions,
counter-claims, and cross-claims) alleging that a Contributor Version
directly or indirectly infringes any patent, then the rights granted to
You by any and all Contributors for the Covered Software under Section
2.1 of this License shall terminate.
5.3. In the event of termination under Sections 5.1 or 5.2 above, all
end user license agreements (excluding distributors and resellers) which
have been validly granted by You or Your distributors under this License
prior to termination shall survive termination.
************************************************************************
* *
* 6. Disclaimer of Warranty *
* ------------------------- *
* *
* Covered Software is provided under this License on an "as is" *
* basis, without warranty of any kind, either expressed, implied, or *
* statutory, including, without limitation, warranties that the *
* Covered Software is free of defects, merchantable, fit for a *
* particular purpose or non-infringing. The entire risk as to the *
* quality and performance of the Covered Software is with You. *
* Should any Covered Software prove defective in any respect, You *
* (not any Contributor) assume the cost of any necessary servicing, *
* repair, or correction. This disclaimer of warranty constitutes an *
* essential part of this License. No use of any Covered Software is *
* authorized under this License except under this disclaimer. *
* *
************************************************************************
************************************************************************
* *
* 7. Limitation of Liability *
* -------------------------- *
* *
* Under no circumstances and under no legal theory, whether tort *
* (including negligence), contract, or otherwise, shall any *
* Contributor, or anyone who distributes Covered Software as *
* permitted above, be liable to You for any direct, indirect, *
* special, incidental, or consequential damages of any character *
* including, without limitation, damages for lost profits, loss of *
* goodwill, work stoppage, computer failure or malfunction, or any *
* and all other commercial damages or losses, even if such party *
* shall have been informed of the possibility of such damages. This *
* limitation of liability shall not apply to liability for death or *
* personal injury resulting from such party's negligence to the *
* extent applicable law prohibits such limitation. Some *
* jurisdictions do not allow the exclusion or limitation of *
* incidental or consequential damages, so this exclusion and *
* limitation may not apply to You. *
* *
************************************************************************
8. Litigation
-------------
Any litigation relating to this License may be brought only in the
courts of a jurisdiction where the defendant maintains its principal
place of business and such litigation shall be governed by laws of that
jurisdiction, without reference to its conflict-of-law provisions.
Nothing in this Section shall prevent a party's ability to bring
cross-claims or counter-claims.
9. Miscellaneous
----------------
This License represents the complete agreement concerning the subject
matter hereof. If any provision of this License is held to be
unenforceable, such provision shall be reformed only to the extent
necessary to make it enforceable. Any law or regulation which provides
that the language of a contract shall be construed against the drafter
shall not be used to construe this License against a Contributor.
10. Versions of the License
---------------------------
10.1. New Versions
Mozilla Foundation is the license steward. Except as provided in Section
10.3, no one other than the license steward has the right to modify or
publish new versions of this License. Each version will be given a
distinguishing version number.
10.2. Effect of New Versions
You may distribute the Covered Software under the terms of the version
of the License under which You originally received the Covered Software,
or under the terms of any subsequent version published by the license
steward.
10.3. Modified Versions
If you create software not governed by this License, and you want to
create a new license for such software, you may create and use a
modified version of this License if you rename the license and remove
any references to the name of the license steward (except to note that
such modified license differs from this License).
10.4. Distributing Source Code Form that is Incompatible With Secondary
Licenses
If You choose to distribute Source Code Form that is Incompatible With
Secondary Licenses under the terms of this version of the License, the
notice described in Exhibit B of this License must be attached.
Exhibit A - Source Code Form License Notice
-------------------------------------------
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
If it is not possible or desirable to put the notice in a particular
file, then You may include the notice in a location (such as a LICENSE
file in a relevant directory) where a recipient would be likely to look
for such a notice.
You may add additional accurate notices of copyright ownership.
Exhibit B - "Incompatible With Secondary Licenses" Notice
---------------------------------------------------------
This Source Code Form is "Incompatible With Secondary Licenses", as
defined by the Mozilla Public License, v. 2.0.

2
third_party/prio/README-mozilla поставляемый
Просмотреть файл

@ -1,7 +1,7 @@
This directory contains the Prio source from the upstream repo: This directory contains the Prio source from the upstream repo:
https://github.com/mozilla/libprio https://github.com/mozilla/libprio
Current version: 1.0 [commit bfbcf1f95001047c61f4a29c3e68499b2f0c9f3b] Current version: 1.1 [commit 488da2d729d73f18ed45add59edd18b257e1ceaa]
UPDATING: UPDATING:

136
third_party/prio/README.md поставляемый
Просмотреть файл

@ -1,136 +0,0 @@
# libprio - A Prio library in C using NSS
**Warning:**
We do our best to write bug-free code, but I have no doubt
that there are scary bugs, side-channel attacks, and memory leaks
lurking herein.
**Important:**
We have not yet implemented the items
described in the "Security-Critical TODOs" section below.
Without these features, do not use the code in a production environment.
## Overview
This is an implementation of the core cryptographic routines
for the [Prio system](https://crypto.stanford.edu/prio/)
for the private computation of aggregate statistics:
> "Prio: Private, Robust, and Scalable Computation of Aggregate Statistics"<br>
> by Henry Corrigan-Gibbs and Dan Boneh<br>
> USENIX Symposium on Networked Systems Design and Implementation<br>
> March 2017
>
> Available online at:
> https://crypto.stanford.edu/prio/
**Usage scenario.**
The library implements the cryptographic routines necessary
for the following application scenario:
Each client holds a vector of boolean values.
Each client uses the library to encode her private vector into two
encoded packets&mdash;one for server A and one for server B.
After receiving shares from a client, the servers can use the routines
implemented here to check whether the client-provided packets are
well formed.
(Without this check, a single malicious client can corrupt the
output of the computation.)
After collecting data packets from many clients, the servers
can combine their state to learn how many clients had the
*i*th bit of their data vector set to `true` and how many
clients had the *i*th bit of their data vector set to `false`.
As long as at least one of the two servers is honest
(i.e., runs the correct code),
the servers learn *nothing else* about the clients' data,
under standard cryptographic assumptions.
For example, the *i*th bit of the data vector could indicate
whether the client ever visited the *i*th-ranked website
in the Alexa Top 500.
The servers would learn how many clients visited each of the
Top 500 websites *without learning* which clients visited
which websites.
**Efficiency considerations.**
The code makes no use of public-key crypto, so it should
be relatively fast.
When each a data packet is of length *N*,
all arithmetic is modulo a prime *p* (we use an 87-bit prime by default),
and "elements" are integers modulo *p*,
the dominant costs of the system are:
* **Client compute:** O(*N* log *N*) multiplications
* **Client-to-server communication:** 2*N* + O(1) elements<br>
* **Server compute:** O(*N* log *N*) multiplications to check each packet<br>
(NOTE: Using an optimization we haven't yet implemented, we can
drop this cost to O(*N*) multiplications per packet.)
* **Server-to-server communication:** O(1) elements
* **Server storage:** O(*N*) elements
## Running the code
You must first install
[NSS/NSPR](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS),
[scons](http://scons.org/), and
[msgpack-c](https://github.com/msgpack/msgpack-c) version 2.1.5 (or newer?).
On Ubuntu, you can instal NSS and scons with:
$ sudo apt install scons libnspr4-dev libnss3-dev
and you will have to download [msgpack-c 2.1.5 or newer here](https://github.com/msgpack/msgpack-c/releases),
since the Ubuntu packages for msgpack are far out of date.
For macOS using Homebrew:
$ brew install nss nspr scons msgpack
$ export LDFLAGS="-L/usr/local/opt/nss/lib"
$ export CPPFLAGS="-I/usr/local/opt/nss/include -I/usr/local/opt/nspr/include/nspr"
To compile the code, run:
$ scons
To run the test suite, execute:
$ build/ptest/ptest -v
To print debug messages while compiling:
$ scons VERBOSE=1
To compile with debug symbols, run:
$ scons BUILDTYPE=DEBUG
To clean up the object and binary files, run:
$ scons -c
The files in this directory are:
````
/build - Binaries, object files, etc.
/include - Exported header files
(Note: The public header is <mprio.h> since
NSPR already has a file called <prio.h>.)
/mpi - NSS MPI bignum library
/pclient - Example code that uses the Prio library
/prio - Prio library core code
/ptest - Tests and test runner
````
## Optimizations and features not yet implemented
* **Server compute.**
By using a fast polynomial interpolation-and-evaluation
routine, we can reduce the cost of checking a single client
request from O(*N* log *N*) multiplications down to O(*N*)
multiplications, for a data packet of *N* items.
* **Differential privacy.**
It would be very straightforward to add some small amount of
noise to the final statistics to provide differential privacy.
If this would be useful, I can add it.
* **Misc.**
There are TODO notes scattered throughout code indicating
places for potential performance optimizations.

41
third_party/prio/SConstruct поставляемый
Просмотреть файл

@ -1,41 +0,0 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
import os
import SCons
opts = Variables()
opts.AddVariables(
BoolVariable("DEBUG", "Make debug build", 1),
BoolVariable("VERBOSE", "Show full build information", 0))
env = Environment(options = opts,
ENV = os.environ)
if "CFLAGS" in os.environ:
env.Append(CFLAGS = SCons.Util.CLVar(os.getenv("CFLAGS")))
if "CPPFLAGS" in os.environ:
env.Append(CPPFLAGS = SCons.Util.CLVar(os.getenv("CPPFLAGS")))
if "CXXFLAGS" in os.environ:
env.Append(CXXFLAGS = SCons.Util.CLVar(os.getenv("CXXFLAGS")))
if "LDFLAGS" in os.environ:
env.Append(LINKFLAGS = SCons.Util.CLVar(os.getenv("LDFLAGS")))
if env["DEBUG"]:
print "DEBUG MODE!"
env.Append(CPPFLAGS = [ "-g", "-DDEBUG"])
env.Append(LIBS = ["mprio", "mpi", "nss3", "nspr4"], \
LIBPATH = ['#build/prio', "#build/mpi"],
CFLAGS = [ "-Wall", "-Werror", "-Wextra", "-O3", "-std=c99",
"-I/usr/include/nspr", "-Impi", "-DDO_PR_CLEANUP"])
env.Append(CPPPATH = ["#include", "#."])
Export('env')
SConscript('browser-test/SConscript', variant_dir='build/browser-test')
SConscript('mpi/SConscript', variant_dir='build/mpi')
SConscript('pclient/SConscript', variant_dir='build/pclient')
SConscript('prio/SConscript', variant_dir='build/prio')
SConscript('ptest/SConscript', variant_dir='build/ptest')

19
third_party/prio/browser-test/SConscript поставляемый
Просмотреть файл

@ -1,19 +0,0 @@
import sys
Import('env')
prio_env = env.Clone()
src = [
"main.c",
]
libs = [
"mprio",
"msgpackc",
]
prio_env.Append(LIBS = libs)
prio_env.Install("encode-once.js")
prio_env.Program("browser-test", src)

45
third_party/prio/browser-test/encode-once.js поставляемый
Просмотреть файл

@ -1,45 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
ChromeUtils.import('resource://gre/modules/Services.jsm');
let [publicKeyA, publicKeyB, batchID, param1, param2, param3] = arguments;
Services.prefs.setStringPref('prio.publicKeyA', publicKeyA);
Services.prefs.setStringPref('prio.publicKeyB', publicKeyB);
async function test() {
let params = {
'startupCrashDetected': Number(param1),
'safeModeUsage': Number(param2),
'browserIsUserDefault': Number(param3)
};
try {
let result = await PrioEncoder.encode(batchID, params);
const toTypedArray = byteString => {
let u8Array = new Uint8Array(byteString.length);
for (let i in byteString) {
u8Array[i] = byteString.charCodeAt(i);
}
return u8Array;
}
const toHexString = bytes =>
bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, '0') + ',', '');
console.log(toHexString(result.a) + '$' + toHexString(result.b));
console.log('');
} catch(e) {
console.log('Failure.', e);
console.log(v);
}
}
test().then();

320
third_party/prio/browser-test/main.c поставляемый
Просмотреть файл

@ -1,320 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#define _GNU_SOURCE
#include <mprio.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "prio/encrypt.h"
#include "prio/util.h"
static void
init_data (bool *data, int datalen)
{
// The client's data submission is an arbitrary boolean vector.
for (int i=0; i < datalen; i++) {
// Arbitrary data
data[i] = rand () % 2;
}
}
static SECStatus
read_string_from_hex (unsigned char **str_out, unsigned int *strLen,
const char *input, const char **new_input)
{
SECStatus rv = SECSuccess;
*strLen = 0;
int read = 0;
int outCount = 0;
const char *inp = input;
while (true) {
unsigned char byte = '\0';
const int retval = sscanf(inp, "%02hhx,%n", &byte, &read);
if (retval < 1 || read != 3) {
break;
}
inp += read;
(*str_out)[outCount] = byte;
outCount++;
*strLen = *strLen + 1;
}
if (new_input)
*new_input = inp + 1;
return rv;
}
static SECStatus
read_browser_reply (FILE *infile,
unsigned char **for_server_a, unsigned int *aLen,
unsigned char **for_server_b, unsigned int *bLen)
{
SECStatus rv = SECFailure;
char *raw_input = NULL;
size_t rawLen = 0;
puts ("Getting line of input.");
P_CHECKCB (getline (&raw_input, &rawLen, infile) > 0);
puts ("Got line of input.");
P_CHECKA (*for_server_a = malloc (rawLen * sizeof (unsigned char)));
P_CHECKA (*for_server_b = malloc (rawLen * sizeof (unsigned char)));
*aLen = 0;
*bLen = 0;
P_CHECKCB (rawLen > 14);
// Header is 14 chars long
const char *new_input;
puts ("Reading string A");
P_CHECKC (read_string_from_hex (for_server_a, aLen, raw_input + 14, &new_input));
puts ("Read string A");
// Skip over for_server_a string and one-char delimeter
puts ("Reading string B");
P_CHECKC (read_string_from_hex (for_server_b, bLen, new_input, NULL));
puts ("Read string B");
cleanup:
if (raw_input) free (raw_input);
return rv;
}
static int
verify_full (const char *path_to_xpcshell, int pathlen)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
PrioPacketVerify1 p1A = NULL;
PrioPacketVerify1 p1B = NULL;
PrioPacketVerify2 p2A = NULL;
PrioPacketVerify2 p2B = NULL;
PrioTotalShare tA = NULL;
PrioTotalShare tB = NULL;
FILE *shell = NULL;
int cmdlen = pathlen + 2*CURVE25519_KEY_LEN_HEX + 128;
char cmd[cmdlen];
memset (cmd, 0, cmdlen);
unsigned char *for_server_a = NULL;
unsigned char *for_server_b = NULL;
const int seed = time (NULL);
srand (seed);
printf ("Using srand seed %d\n", seed);
// Number of different boolean data fields we collect.
const int ndata = 3;
//unsigned char batch_id_str[] = "abcde";
unsigned char batch_id_str[32];
memset (batch_id_str, 0, sizeof batch_id_str);
snprintf ((char *)batch_id_str, sizeof batch_id_str, "%d", rand());
bool data_items[ndata];
unsigned long output[ndata];
init_data (data_items, ndata);
// Initialize NSS random number generator.
P_CHECKC (Prio_init ());
// Generate keypairs for servers
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
// Export public keys to hex and print to stdout
unsigned char pk_hexA[CURVE25519_KEY_LEN_HEX+1];
unsigned char pk_hexB[CURVE25519_KEY_LEN_HEX+1];
P_CHECKC (PublicKey_export_hex (pkA, pk_hexA));
P_CHECKC (PublicKey_export_hex (pkB, pk_hexB));
snprintf (cmd, cmdlen, "%s %s %s %s %s %d %d %d",
path_to_xpcshell, "encode-once.js",
pk_hexA, pk_hexB, batch_id_str,
data_items[0], data_items[1], data_items[2]);
printf ("> %s\n", cmd);
P_CHECKA (shell = popen(cmd, "r"));
puts("Ran command.");
// Use the default configuration parameters.
P_CHECKA (cfg = PrioConfig_new (ndata, pkA, pkB, batch_id_str,
strlen ((char *)batch_id_str)));
PrioPRGSeed server_secret;
P_CHECKC (PrioPRGSeed_randomize (&server_secret));
// Initialize two server objects. The role of the servers need not
// be symmetric. In a deployment, we envision that:
// * Server A is the main telemetry server that is always online.
// Clients send their encrypted data packets to Server A and
// Server A stores them.
// * Server B only comes online when the two servers want to compute
// the final aggregate statistics.
P_CHECKA (sA = PrioServer_new (cfg, PRIO_SERVER_A, skA, server_secret));
P_CHECKA (sB = PrioServer_new (cfg, PRIO_SERVER_B, skB, server_secret));
// Initialize empty verifier objects
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
// Initialize shares of final aggregate statistics
P_CHECKA (tA = PrioTotalShare_new ());
P_CHECKA (tB = PrioTotalShare_new ());
// Initialize shares of verification packets
P_CHECKA (p1A = PrioPacketVerify1_new ());
P_CHECKA (p1B = PrioPacketVerify1_new ());
P_CHECKA (p2A = PrioPacketVerify2_new ());
P_CHECKA (p2B = PrioPacketVerify2_new ());
// I. CLIENT DATA SUBMISSION.
//
// Read in the client data packets
unsigned int aLen = 0, bLen = 0;
puts ("Reading...");
P_CHECKC (read_browser_reply (shell, &for_server_a, &aLen, &for_server_b, &bLen));
printf ("Read reply from browser. LenA: %u, LenB: %u\n", aLen, bLen);
// II. VALIDATION PROTOCOL. (at servers)
//
// The servers now run a short 2-step protocol to check each
// client's packet:
// 1) Servers A and B broadcast one message (PrioPacketVerify1)
// to each other.
// 2) Servers A and B broadcast another message (PrioPacketVerify2)
// to each other.
// 3) Servers A and B can both determine whether the client's data
// submission is well-formed (in which case they add it to their
// running total of aggregate statistics) or ill-formed
// (in which case they ignore it).
// These messages must be sent over an authenticated channel, so
// that each server is assured that every received message came
// from its peer.
// Set up a Prio verifier object.
P_CHECKC (PrioVerifier_set_data (vA, for_server_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_server_b, bLen));
puts("Imported data.");
// Both servers produce a packet1. Server A sends p1A to Server B
// and vice versa.
P_CHECKC (PrioPacketVerify1_set_data (p1A, vA));
P_CHECKC (PrioPacketVerify1_set_data (p1B, vB));
puts("Set data.");
// Both servers produce a packet2. Server A sends p2A to Server B
// and vice versa.
P_CHECKC (PrioPacketVerify2_set_data(p2A, vA, p1A, p1B));
P_CHECKC (PrioPacketVerify2_set_data(p2B, vB, p1A, p1B));
// Using p2A and p2B, the servers can determine whether the request
// is valid. (In fact, only Server A needs to perform this
// check, since Server A can just tell Server B whether the check
// succeeded or failed.)
puts ("Checking validity.");
P_CHECKC (PrioVerifier_isValid (vA, p2A, p2B));
P_CHECKC (PrioVerifier_isValid (vB, p2A, p2B));
puts ("Are valid.");
// If we get here, the client packet is valid, so add it to the aggregate
// statistic counter for both servers.
P_CHECKC (PrioServer_aggregate (sA, vA));
P_CHECKC (PrioServer_aggregate (sB, vB));
// The servers repeat the steps above for each client submission.
// III. PRODUCTION OF AGGREGATE STATISTICS.
//
// After collecting aggregates from MANY clients, the servers can compute
// their shares of the aggregate statistics.
//
// Server B can send tB to Server A.
P_CHECKC (PrioTotalShare_set_data (tA, sA));
P_CHECKC (PrioTotalShare_set_data (tB, sB));
// Once Server A has tA and tB, it can learn the aggregate statistics
// in the clear.
P_CHECKC (PrioTotalShare_final (cfg, output, tA, tB));
for (int i=0; i < ndata; i++) {
//printf("output[%d] = %lu\n", i, output[i]);
//printf("data[%d] = %d\n", i, (int)data_items[i]);
P_CHECKCB (output[i] == data_items[i]);
}
puts ("Success!");
cleanup:
if (rv != SECSuccess) {
fprintf (stderr, "Warning: unexpected failure.\n");
}
if (for_server_a) free (for_server_a);
if (for_server_b) free (for_server_b);
PrioTotalShare_clear (tA);
PrioTotalShare_clear (tB);
PrioPacketVerify2_clear (p2A);
PrioPacketVerify2_clear (p2B);
PrioPacketVerify1_clear (p1A);
PrioPacketVerify1_clear (p1B);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
Prio_clear ();
return !(rv == SECSuccess);
}
int
main (int argc, char **argv)
{
puts("== Prio browser test utility. ==");
puts("(Note: Expects to be run in the same directory as encode-once.js.)");
if (argc != 2) {
fprintf (stderr, "Usage ./%s <path_to_xpcshell>\n", argv[0]);
return 1;
}
return verify_full (argv[1], strlen (argv[1]));
}

165
third_party/prio/include/mprio.h поставляемый
Просмотреть файл

@ -13,10 +13,10 @@
extern "C" { extern "C" {
#endif #endif
#include <blapit.h>
#include <msgpack.h> #include <msgpack.h>
#include <nss/blapit.h> #include <pk11pub.h>
#include <nss/pk11pub.h> #include <seccomon.h>
#include <nss/seccomon.h>
#include <stdbool.h> #include <stdbool.h>
#include <stddef.h> #include <stddef.h>
@ -33,44 +33,41 @@ typedef unsigned char PrioPRGSeed[PRG_SEED_LENGTH];
/* /*
* Type for each of the two servers. * Type for each of the two servers.
*/ */
typedef enum { typedef enum { PRIO_SERVER_A, PRIO_SERVER_B } PrioServerId;
PRIO_SERVER_A,
PRIO_SERVER_B
} PrioServerId;
/* /*
* Opaque types * Opaque types
*/ */
typedef struct prio_config *PrioConfig; typedef struct prio_config* PrioConfig;
typedef const struct prio_config *const_PrioConfig; typedef const struct prio_config* const_PrioConfig;
typedef struct prio_server *PrioServer; typedef struct prio_server* PrioServer;
typedef const struct prio_server *const_PrioServer; typedef const struct prio_server* const_PrioServer;
typedef struct prio_verifier *PrioVerifier; typedef struct prio_verifier* PrioVerifier;
typedef const struct prio_verifier *const_PrioVerifier; typedef const struct prio_verifier* const_PrioVerifier;
typedef struct prio_packet_verify1 *PrioPacketVerify1; typedef struct prio_packet_verify1* PrioPacketVerify1;
typedef const struct prio_packet_verify1 *const_PrioPacketVerify1; typedef const struct prio_packet_verify1* const_PrioPacketVerify1;
typedef struct prio_packet_verify2 *PrioPacketVerify2; typedef struct prio_packet_verify2* PrioPacketVerify2;
typedef const struct prio_packet_verify2 *const_PrioPacketVerify2; typedef const struct prio_packet_verify2* const_PrioPacketVerify2;
typedef struct prio_total_share *PrioTotalShare; typedef struct prio_total_share* PrioTotalShare;
typedef const struct prio_total_share *const_PrioTotalShare; typedef const struct prio_total_share* const_PrioTotalShare;
typedef SECKEYPublicKey *PublicKey; typedef SECKEYPublicKey* PublicKey;
typedef const SECKEYPublicKey *const_PublicKey; typedef const SECKEYPublicKey* const_PublicKey;
typedef SECKEYPrivateKey *PrivateKey; typedef SECKEYPrivateKey* PrivateKey;
typedef const SECKEYPrivateKey *const_PrivateKey; typedef const SECKEYPrivateKey* const_PrivateKey;
/* /*
* Initialize and clear random number generator state. * Initialize and clear random number generator state.
* You must call Prio_init() before using the library. * You must call Prio_init() before using the library.
* To avoid memory leaks, call Prio_clear() afterwards. * To avoid memory leaks, call Prio_clear() afterwards.
*/ */
SECStatus Prio_init (); SECStatus Prio_init();
void Prio_clear(); void Prio_clear();
/* /*
@ -90,32 +87,34 @@ void Prio_clear();
* caller passes in, so you may free the `batch_id` string as soon as * caller passes in, so you may free the `batch_id` string as soon as
* `PrioConfig_new` returns. * `PrioConfig_new` returns.
*/ */
PrioConfig PrioConfig_new (int n_fields, PublicKey server_a, PublicKey server_b, PrioConfig PrioConfig_new(int n_fields, PublicKey server_a, PublicKey server_b,
const unsigned char *batch_id, unsigned int batch_id_len); const unsigned char* batch_id,
void PrioConfig_clear (PrioConfig cfg); unsigned int batch_id_len);
int PrioConfig_numDataFields (const_PrioConfig cfg); void PrioConfig_clear(PrioConfig cfg);
int PrioConfig_numDataFields(const_PrioConfig cfg);
/* /*
* Create a PrioConfig object with no encryption keys. This routine is * Create a PrioConfig object with no encryption keys. This routine is
* useful for testing, but PrioClient_encode() will always fail when used with * useful for testing, but PrioClient_encode() will always fail when used with
* this config. * this config.
*/ */
PrioConfig PrioConfig_newTest (int n_fields); PrioConfig PrioConfig_newTest(int n_fields);
/* /*
* We use the PublicKey and PrivateKey objects for public-key encryption. Each * We use the PublicKey and PrivateKey objects for public-key encryption. Each
* Prio server has an associated public key, and the clients use these keys to * Prio server has an associated public key, and the clients use these keys to
* encrypt messages to the servers. * encrypt messages to the servers.
*/ */
SECStatus Keypair_new (PrivateKey *pvtkey, PublicKey *pubkey); SECStatus Keypair_new(PrivateKey* pvtkey, PublicKey* pubkey);
/* /*
* Import a new curve25519 public key from the raw bytes given. The key passed in * Import a new curve25519 public key from the raw bytes given. The key passed
* in
* as `data` should be of length `CURVE25519_KEY_LEN`. This function allocates * as `data` should be of length `CURVE25519_KEY_LEN`. This function allocates
* a new PublicKey object, which the caller must free using `PublicKey_clear`. * a new PublicKey object, which the caller must free using `PublicKey_clear`.
*/ */
SECStatus PublicKey_import (PublicKey *pk, const unsigned char *data, unsigned int dataLen); SECStatus PublicKey_import(PublicKey* pk, const unsigned char* data,
unsigned int dataLen);
/* /*
* Import a new curve25519 public key from a hex string that contains only the * Import a new curve25519 public key from a hex string that contains only the
@ -123,24 +122,23 @@ SECStatus PublicKey_import (PublicKey *pk, const unsigned char *data, unsigned i
* length `CURVE25519_KEY_LEN_HEX`. This function allocates a new PublicKey * length `CURVE25519_KEY_LEN_HEX`. This function allocates a new PublicKey
* object, which the caller must free using `PublicKey_clear`. * object, which the caller must free using `PublicKey_clear`.
*/ */
SECStatus PublicKey_import_hex (PublicKey *pk, const unsigned char *hex_data, SECStatus PublicKey_import_hex(PublicKey* pk, const unsigned char* hex_data,
unsigned int dataLen); unsigned int dataLen);
/* /*
* Export a curve25519 public key as a raw byte-array. * Export a curve25519 public key as a raw byte-array.
*/ */
SECStatus PublicKey_export (const_PublicKey pk, unsigned char data[CURVE25519_KEY_LEN]); SECStatus PublicKey_export(const_PublicKey pk,
unsigned char data[CURVE25519_KEY_LEN]);
/* /*
* Export a curve25519 public key as a NULL-terminated hex string. * Export a curve25519 public key as a NULL-terminated hex string.
*/ */
SECStatus PublicKey_export_hex (const_PublicKey pk, SECStatus PublicKey_export_hex(const_PublicKey pk,
unsigned char data[CURVE25519_KEY_LEN_HEX+1]); unsigned char data[CURVE25519_KEY_LEN_HEX + 1]);
void PublicKey_clear (PublicKey pubkey);
void PrivateKey_clear (PrivateKey pvtkey);
void PublicKey_clear(PublicKey pubkey);
void PrivateKey_clear(PrivateKey pvtkey);
/* /*
* PrioPacketClient_encode * PrioPacketClient_encode
@ -153,58 +151,57 @@ void PrivateKey_clear (PrivateKey pvtkey);
* NOTE: The caller must free() the strings `for_server_a` and * NOTE: The caller must free() the strings `for_server_a` and
* `for_server_b` to avoid memory leaks. * `for_server_b` to avoid memory leaks.
*/ */
SECStatus SECStatus PrioClient_encode(const_PrioConfig cfg, const bool* data_in,
PrioClient_encode (const_PrioConfig cfg, const bool *data_in, unsigned char** for_server_a, unsigned int* aLen,
unsigned char **for_server_a, unsigned int *aLen, unsigned char** for_server_b, unsigned int* bLen);
unsigned char **for_server_b, unsigned int *bLen);
/* /*
* Generate a new PRG seed using the NSS global randomness source. * Generate a new PRG seed using the NSS global randomness source.
* Use this routine to initialize the secret that the two Prio servers * Use this routine to initialize the secret that the two Prio servers
* share. * share.
*/ */
SECStatus PrioPRGSeed_randomize (PrioPRGSeed *seed); SECStatus PrioPRGSeed_randomize(PrioPRGSeed* seed);
/* /*
* The PrioServer object holds the state of the Prio servers. * The PrioServer object holds the state of the Prio servers.
* Pass in the _same_ secret PRGSeed when initializing the two servers. * Pass in the _same_ secret PRGSeed when initializing the two servers.
* The PRGSeed must remain secret to the two servers. * The PRGSeed must remain secret to the two servers.
*/ */
PrioServer PrioServer_new (const_PrioConfig cfg, PrioServerId server_idx, PrioServer PrioServer_new(const_PrioConfig cfg, PrioServerId server_idx,
PrivateKey server_priv, const PrioPRGSeed server_shared_secret); PrivateKey server_priv,
void PrioServer_clear (PrioServer s); const PrioPRGSeed server_shared_secret);
void PrioServer_clear(PrioServer s);
/* /*
* After receiving a client packet, each of the servers generate * After receiving a client packet, each of the servers generate
* a PrioVerifier object that they use to check whether the client's * a PrioVerifier object that they use to check whether the client's
* encoded packet is well formed. * encoded packet is well formed.
*/ */
PrioVerifier PrioVerifier_new (PrioServer s); PrioVerifier PrioVerifier_new(PrioServer s);
void PrioVerifier_clear (PrioVerifier v); void PrioVerifier_clear(PrioVerifier v);
/* /*
* Read in encrypted data from the client, decrypt it, and prepare to check the * Read in encrypted data from the client, decrypt it, and prepare to check the
* request for validity. * request for validity.
*/ */
SECStatus PrioVerifier_set_data (PrioVerifier v, SECStatus PrioVerifier_set_data(PrioVerifier v, unsigned char* data,
unsigned char *data, unsigned int dataLen); unsigned int dataLen);
/* /*
* Generate the first packet that servers need to exchange to verify the * Generate the first packet that servers need to exchange to verify the
* client's submission. This should be sent over a TLS connection between the * client's submission. This should be sent over a TLS connection between the
* servers. * servers.
*/ */
PrioPacketVerify1 PrioPacketVerify1_new (void); PrioPacketVerify1 PrioPacketVerify1_new(void);
void PrioPacketVerify1_clear (PrioPacketVerify1 p1); void PrioPacketVerify1_clear(PrioPacketVerify1 p1);
SECStatus PrioPacketVerify1_set_data (PrioPacketVerify1 p1, SECStatus PrioPacketVerify1_set_data(PrioPacketVerify1 p1,
const_PrioVerifier v); const_PrioVerifier v);
SECStatus PrioPacketVerify1_write (const_PrioPacketVerify1 p, SECStatus PrioPacketVerify1_write(const_PrioPacketVerify1 p,
msgpack_packer *pk); msgpack_packer* pk);
SECStatus PrioPacketVerify1_read (PrioPacketVerify1 p, SECStatus PrioPacketVerify1_read(PrioPacketVerify1 p, msgpack_unpacker* upk,
msgpack_unpacker *upk, const_PrioConfig cfg); const_PrioConfig cfg);
/* /*
* Generate the second packet that the servers need to exchange to verify the * Generate the second packet that the servers need to exchange to verify the
@ -213,23 +210,24 @@ SECStatus PrioPacketVerify1_read (PrioPacketVerify1 p,
* *
* This should be sent over a TLS connection between the servers. * This should be sent over a TLS connection between the servers.
*/ */
PrioPacketVerify2 PrioPacketVerify2_new (void); PrioPacketVerify2 PrioPacketVerify2_new(void);
void PrioPacketVerify2_clear (PrioPacketVerify2 p); void PrioPacketVerify2_clear(PrioPacketVerify2 p);
SECStatus PrioPacketVerify2_set_data (PrioPacketVerify2 p2, const_PrioVerifier v, SECStatus PrioPacketVerify2_set_data(PrioPacketVerify2 p2, const_PrioVerifier v,
const_PrioPacketVerify1 p1A, const_PrioPacketVerify1 p1B); const_PrioPacketVerify1 p1A,
const_PrioPacketVerify1 p1B);
SECStatus PrioPacketVerify2_write (const_PrioPacketVerify2 p, SECStatus PrioPacketVerify2_write(const_PrioPacketVerify2 p,
msgpack_packer *pk); msgpack_packer* pk);
SECStatus PrioPacketVerify2_read (PrioPacketVerify2 p, SECStatus PrioPacketVerify2_read(PrioPacketVerify2 p, msgpack_unpacker* upk,
msgpack_unpacker *upk, const_PrioConfig cfg); const_PrioConfig cfg);
/* /*
* Use the PrioPacketVerify2s from both servers to check whether * Use the PrioPacketVerify2s from both servers to check whether
* the client's submission is well formed. * the client's submission is well formed.
*/ */
SECStatus PrioVerifier_isValid (const_PrioVerifier v, SECStatus PrioVerifier_isValid(const_PrioVerifier v, const_PrioPacketVerify2 pA,
const_PrioPacketVerify2 pA, const_PrioPacketVerify2 pB); const_PrioPacketVerify2 pB);
/* /*
* Each of the two servers calls this routine to aggregate the data * Each of the two servers calls this routine to aggregate the data
@ -239,22 +237,21 @@ SECStatus PrioVerifier_isValid (const_PrioVerifier v,
* data packet. The servers must execute the verification checks * data packet. The servers must execute the verification checks
* above before aggregating any client data. * above before aggregating any client data.
*/ */
SECStatus PrioServer_aggregate (PrioServer s, PrioVerifier v); SECStatus PrioServer_aggregate(PrioServer s, PrioVerifier v);
/* /*
* After the servers have aggregated data packets from "enough" clients * After the servers have aggregated data packets from "enough" clients
* (this determines the anonymity set size), each server runs this routine * (this determines the anonymity set size), each server runs this routine
* to get a share of the aggregate statistics. * to get a share of the aggregate statistics.
*/ */
PrioTotalShare PrioTotalShare_new (void); PrioTotalShare PrioTotalShare_new(void);
void PrioTotalShare_clear (PrioTotalShare t); void PrioTotalShare_clear(PrioTotalShare t);
SECStatus PrioTotalShare_set_data (PrioTotalShare t, const_PrioServer s); SECStatus PrioTotalShare_set_data(PrioTotalShare t, const_PrioServer s);
SECStatus PrioTotalShare_write (const_PrioTotalShare t, SECStatus PrioTotalShare_write(const_PrioTotalShare t, msgpack_packer* pk);
msgpack_packer *pk); SECStatus PrioTotalShare_read(PrioTotalShare t, msgpack_unpacker* upk,
SECStatus PrioTotalShare_read (PrioTotalShare t, const_PrioConfig cfg);
msgpack_unpacker *upk, const_PrioConfig cfg);
/* /*
* Read the output data into an array of unsigned longs. You should * Read the output data into an array of unsigned longs. You should
@ -262,9 +259,9 @@ SECStatus PrioTotalShare_read (PrioTotalShare t,
* the pointer `output` points to a buffer large enough to store * the pointer `output` points to a buffer large enough to store
* one long per data field. * one long per data field.
*/ */
SECStatus PrioTotalShare_final (const_PrioConfig cfg, unsigned long *output, SECStatus PrioTotalShare_final(const_PrioConfig cfg, unsigned long* output,
const_PrioTotalShare tA, const_PrioTotalShare tB); const_PrioTotalShare tA,
const_PrioTotalShare tB);
#endif /* __PRIO_H__ */ #endif /* __PRIO_H__ */

18
third_party/prio/pclient/SConscript поставляемый
Просмотреть файл

@ -1,18 +0,0 @@
import sys
Import('env')
prio_env = env.Clone()
src = [
"main.c",
]
libs = [
"mprio",
"msgpackc",
]
prio_env.Append(LIBS = libs)
prio_env.Program("pclient", src)

229
third_party/prio/pclient/main.c поставляемый
Просмотреть файл

@ -1,229 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mprio.h>
#include <stdio.h>
#include <stdlib.h>
#include "prio/util.h"
int
verify_full (void)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
PrioPacketVerify1 p1A = NULL;
PrioPacketVerify1 p1B = NULL;
PrioPacketVerify2 p2A = NULL;
PrioPacketVerify2 p2B = NULL;
PrioTotalShare tA = NULL;
PrioTotalShare tB = NULL;
unsigned char *for_server_a = NULL;
unsigned char *for_server_b = NULL;
const unsigned char *batch_id = (unsigned char *)"prio_batch_2018-04-17";
const unsigned int batch_id_len = strlen ((char *)batch_id);
// Initialize NSS random number generator.
P_CHECKC (Prio_init ());
// Number of different boolean data fields we collect.
const int ndata = 100;
// Number of clients to simulate.
const int nclients = 10;
// New scope to avoid goto weirdness
{
bool data_items[ndata];
// Generate keypairs for servers
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
// Use the default configuration parameters.
P_CHECKA (cfg = PrioConfig_new (ndata, pkA, pkB, batch_id, batch_id_len));
PrioPRGSeed server_secret;
P_CHECKC (PrioPRGSeed_randomize (&server_secret));
// Initialize two server objects. The role of the servers need not
// be symmetric. In a deployment, we envision that:
// * Server A is the main telemetry server that is always online.
// Clients send their encrypted data packets to Server A and
// Server A stores them.
// * Server B only comes online when the two servers want to compute
// the final aggregate statistics.
P_CHECKA (sA = PrioServer_new (cfg, PRIO_SERVER_A, skA, server_secret));
P_CHECKA (sB = PrioServer_new (cfg, PRIO_SERVER_B, skB, server_secret));
// Initialize empty verifier objects
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
// Initialize shares of final aggregate statistics
P_CHECKA (tA = PrioTotalShare_new ());
P_CHECKA (tB = PrioTotalShare_new ());
// Initialize shares of verification packets
P_CHECKA (p1A = PrioPacketVerify1_new ());
P_CHECKA (p1B = PrioPacketVerify1_new ());
P_CHECKA (p2A = PrioPacketVerify2_new ());
P_CHECKA (p2B = PrioPacketVerify2_new ());
// Generate client data packets.
for (int c=0; c < nclients; c++) {
// The client's data submission is an arbitrary boolean vector.
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (c % 5 == 3);
}
// I. CLIENT DATA SUBMISSION.
//
// Construct the client data packets.
unsigned int aLen, bLen;
P_CHECKC (PrioClient_encode (cfg, data_items,
&for_server_a, &aLen, &for_server_b, &bLen));
// The Prio servers A and B can come online later (e.g., at the end of
// each day) to download the encrypted telemetry packets from the
// telemetry server and run the protocol that computes the aggregate
// statistics. In this way, the client only needs to send a
// single message (the pair of encrypted ClientPacketData packets)
// to a single server (the telemetry-data-collection server).
// THE CLIENT'S JOB IS DONE. The rest of the processing just takes place
// between the two servers A and B.
// II. VALIDATION PROTOCOL. (at servers)
//
// The servers now run a short 2-step protocol to check each
// client's packet:
// 1) Servers A and B broadcast one message (PrioPacketVerify1)
// to each other.
// 2) Servers A and B broadcast another message (PrioPacketVerify2)
// to each other.
// 3) Servers A and B can both determine whether the client's data
// submission is well-formed (in which case they add it to their
// running total of aggregate statistics) or ill-formed
// (in which case they ignore it).
// These messages must be sent over an authenticated channel, so
// that each server is assured that every received message came
// from its peer.
// Set up a Prio verifier object.
P_CHECKC (PrioVerifier_set_data (vA, for_server_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_server_b, bLen));
// Both servers produce a packet1. Server A sends p1A to Server B
// and vice versa.
P_CHECKC (PrioPacketVerify1_set_data (p1A, vA));
P_CHECKC (PrioPacketVerify1_set_data (p1B, vB));
// Both servers produce a packet2. Server A sends p2A to Server B
// and vice versa.
P_CHECKC (PrioPacketVerify2_set_data(p2A, vA, p1A, p1B));
P_CHECKC (PrioPacketVerify2_set_data(p2B, vB, p1A, p1B));
// Using p2A and p2B, the servers can determine whether the request
// is valid. (In fact, only Server A needs to perform this
// check, since Server A can just tell Server B whether the check
// succeeded or failed.)
P_CHECKC (PrioVerifier_isValid (vA, p2A, p2B));
P_CHECKC (PrioVerifier_isValid (vB, p2A, p2B));
// If we get here, the client packet is valid, so add it to the aggregate
// statistic counter for both servers.
P_CHECKC (PrioServer_aggregate (sA, vA));
P_CHECKC (PrioServer_aggregate (sB, vB));
free (for_server_a);
free (for_server_b);
for_server_a = NULL;
for_server_b = NULL;
}
// The servers repeat the steps above for each client submission.
// III. PRODUCTION OF AGGREGATE STATISTICS.
//
// After collecting aggregates from MANY clients, the servers can compute
// their shares of the aggregate statistics.
//
// Server B can send tB to Server A.
P_CHECKC (PrioTotalShare_set_data (tA, sA));
P_CHECKC (PrioTotalShare_set_data (tB, sB));
// Once Server A has tA and tB, it can learn the aggregate statistics
// in the clear.
unsigned long output[ndata];
P_CHECKC (PrioTotalShare_final (cfg, output, tA, tB));
// Now the output[i] contains a counter that indicates how many clients
// submitted TRUE for data value i. We print out this data.
for (int i=0; i < ndata; i++)
printf("output[%d] = %lu\n", i, output[i]);
}
cleanup:
if (rv != SECSuccess) {
fprintf (stderr, "Warning: unexpected failure.\n");
}
if (for_server_a) free (for_server_a);
if (for_server_b) free (for_server_b);
PrioTotalShare_clear (tA);
PrioTotalShare_clear (tB);
PrioPacketVerify2_clear (p2A);
PrioPacketVerify2_clear (p2B);
PrioPacketVerify1_clear (p1A);
PrioPacketVerify1_clear (p1B);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
Prio_clear ();
return !(rv == SECSuccess);
}
int
main (void)
{
puts ("This utility demonstrates how to invoke the Prio API.");
return verify_full ();
}

3
third_party/prio/prio/SConscript поставляемый
Просмотреть файл

@ -21,9 +21,6 @@ libs = [
"msgpackc" "msgpackc"
] ]
# Enable mp_print()
penv.Append(CFLAGS = ['-DMP_IOFUNC'])
penv.Append(LIBS = libs) penv.Append(LIBS = libs)
penv.StaticLibrary("mprio", src) penv.StaticLibrary("mprio", src)

269
third_party/prio/prio/client.c поставляемый
Просмотреть файл

@ -30,10 +30,10 @@
// and we return f(0) as `const_term`. // and we return f(0) as `const_term`.
static SECStatus static SECStatus
data_polynomial_evals(const_PrioConfig cfg, const_MPArray data_in, data_polynomial_evals(const_PrioConfig cfg, const_MPArray data_in,
MPArray evals_out, mp_int *const_term) MPArray evals_out, mp_int* const_term)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
const mp_int *mod = &cfg->modulus; const mp_int* mod = &cfg->modulus;
MPArray points_f = NULL; MPArray points_f = NULL;
MPArray poly_f = NULL; MPArray poly_f = NULL;
@ -45,86 +45,85 @@ data_polynomial_evals(const_PrioConfig cfg, const_MPArray data_in,
const int n = mul_gates + 1; const int n = mul_gates + 1;
// Big N is n rounded up to a power of two. // Big N is n rounded up to a power of two.
const int N = next_power_of_two (n); const int N = next_power_of_two(n);
P_CHECKA (points_f = MPArray_new (N)); P_CHECKA(points_f = MPArray_new(N));
P_CHECKA (poly_f = MPArray_new (N)); P_CHECKA(poly_f = MPArray_new(N));
// Set constant term f(0) to random // Set constant term f(0) to random
P_CHECKC (rand_int (&points_f->data[0], mod)); P_CHECKC(rand_int(&points_f->data[0], mod));
MP_CHECKC (mp_copy (&points_f->data[0], const_term)); MP_CHECKC(mp_copy(&points_f->data[0], const_term));
// Set other values of f(x) // Set other values of f(x)
for (int i=1; i<n; i++) { for (int i = 1; i < n; i++) {
MP_CHECKC (mp_copy (&data_in->data[i-1], &points_f->data[i])); MP_CHECKC(mp_copy(&data_in->data[i - 1], &points_f->data[i]));
} }
// Interpolate through the Nth roots of unity // Interpolate through the Nth roots of unity
P_CHECKC (poly_fft(poly_f, points_f, cfg, true)); P_CHECKC(poly_fft(poly_f, points_f, cfg, true));
// Evaluate at all 2N-th roots of unity. // Evaluate at all 2N-th roots of unity.
// To do so, first resize the eval arrays and fill upper // To do so, first resize the eval arrays and fill upper
// values with zeros. // values with zeros.
P_CHECKC (MPArray_resize (poly_f, 2*N)); P_CHECKC(MPArray_resize(poly_f, 2 * N));
P_CHECKC (MPArray_resize (evals_out, 2*N)); P_CHECKC(MPArray_resize(evals_out, 2 * N));
// Evaluate at the 2N-th roots of unity // Evaluate at the 2N-th roots of unity
P_CHECKC (poly_fft(evals_out, poly_f, cfg, false)); P_CHECKC(poly_fft(evals_out, poly_f, cfg, false));
cleanup: cleanup:
MPArray_clear (points_f); MPArray_clear(points_f);
MPArray_clear (poly_f); MPArray_clear(poly_f);
return rv; return rv;
} }
static SECStatus static SECStatus
share_polynomials (const_PrioConfig cfg, const_MPArray data_in, share_polynomials(const_PrioConfig cfg, const_MPArray data_in,
PrioPacketClient pA, PrioPacketClient pB, PRG prgB) PrioPacketClient pA, PrioPacketClient pB, PRG prgB)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
const mp_int *mod = &cfg->modulus; const mp_int* mod = &cfg->modulus;
const_MPArray points_f = data_in; const_MPArray points_f = data_in;
mp_int f0, g0; mp_int f0, g0;
MP_DIGITS (&f0) = NULL; MP_DIGITS(&f0) = NULL;
MP_DIGITS (&g0) = NULL; MP_DIGITS(&g0) = NULL;
MPArray points_g = NULL; MPArray points_g = NULL;
MPArray evals_f_2N = NULL; MPArray evals_f_2N = NULL;
MPArray evals_g_2N = NULL; MPArray evals_g_2N = NULL;
P_CHECKA (points_g = MPArray_dup (points_f)); P_CHECKA(points_g = MPArray_dup(points_f));
P_CHECKA (evals_f_2N = MPArray_new (0)); P_CHECKA(evals_f_2N = MPArray_new(0));
P_CHECKA (evals_g_2N = MPArray_new (0)); P_CHECKA(evals_g_2N = MPArray_new(0));
MP_CHECKC (mp_init (&f0)); MP_CHECKC(mp_init(&f0));
MP_CHECKC (mp_init (&g0)); MP_CHECKC(mp_init(&g0));
for (int i=0; i<points_f->len; i++) { for (int i = 0; i < points_f->len; i++) {
// For each input value x_i, we compute x_i * (x_i-1). // For each input value x_i, we compute x_i * (x_i-1).
// f(i) = x_i // f(i) = x_i
// g(i) = x_i - 1 // g(i) = x_i - 1
MP_CHECKC (mp_sub_d (&points_g->data[i], 1, &points_g->data[i])); MP_CHECKC(mp_sub_d(&points_g->data[i], 1, &points_g->data[i]));
MP_CHECKC (mp_mod (&points_g->data[i], mod, &points_g->data[i])); MP_CHECKC(mp_mod(&points_g->data[i], mod, &points_g->data[i]));
} }
P_CHECKC (data_polynomial_evals(cfg, points_f, evals_f_2N, &f0)); P_CHECKC(data_polynomial_evals(cfg, points_f, evals_f_2N, &f0));
P_CHECKC (data_polynomial_evals(cfg, points_g, evals_g_2N, &g0)); P_CHECKC(data_polynomial_evals(cfg, points_g, evals_g_2N, &g0));
// The values f(0) and g(0) are set to random values. // The values f(0) and g(0) are set to random values.
// We must send to each server a share of the points // We must send to each server a share of the points
// f(0), g(0), and h(0) = f(0)*g(0) // f(0), g(0), and h(0) = f(0)*g(0)
P_CHECKC (share_int (cfg, &f0, &pA->f0_share, &pB->f0_share)); P_CHECKC(share_int(cfg, &f0, &pA->f0_share, &pB->f0_share));
P_CHECKC (share_int (cfg, &g0, &pA->g0_share, &pB->g0_share)); P_CHECKC(share_int(cfg, &g0, &pA->g0_share, &pB->g0_share));
// Compute h(0) = f(0)*g(0). // Compute h(0) = f(0)*g(0).
MP_CHECKC (mp_mulmod (&f0, &g0, mod, &f0)); MP_CHECKC(mp_mulmod(&f0, &g0, mod, &f0));
// Give one share of h(0) to each server. // Give one share of h(0) to each server.
P_CHECKC (share_int (cfg, &f0, &pA->h0_share, &pB->h0_share)); P_CHECKC(share_int(cfg, &f0, &pA->h0_share, &pB->h0_share));
//const int lenN = (evals_f_2N->len/2); // const int lenN = (evals_f_2N->len/2);
//P_CHECKC (MPArray_resize (pA->shares.A.h_points, lenN)); // P_CHECKC (MPArray_resize (pA->shares.A.h_points, lenN));
// We need to send to the servers the evaluations of // We need to send to the servers the evaluations of
// f(r) * g(r) // f(r) * g(r)
@ -135,34 +134,35 @@ share_polynomials (const_PrioConfig cfg, const_MPArray data_in,
// send a share of this value to each server. // send a share of this value to each server.
int j = 0; int j = 0;
for (int i = 1; i < evals_f_2N->len; i += 2) { for (int i = 1; i < evals_f_2N->len; i += 2) {
MP_CHECKC (mp_mulmod (&evals_f_2N->data[i], &evals_g_2N->data[i], mod, &f0)); MP_CHECKC(mp_mulmod(&evals_f_2N->data[i], &evals_g_2N->data[i], mod, &f0));
P_CHECKC (PRG_share_int (prgB, &pA->shares.A.h_points->data[j], &f0, cfg)); P_CHECKC(PRG_share_int(prgB, &pA->shares.A.h_points->data[j], &f0, cfg));
j++; j++;
} }
cleanup: cleanup:
MPArray_clear (evals_f_2N); MPArray_clear(evals_f_2N);
MPArray_clear (evals_g_2N); MPArray_clear(evals_g_2N);
MPArray_clear (points_g); MPArray_clear(points_g);
mp_clear (&f0); mp_clear(&f0);
mp_clear (&g0); mp_clear(&g0);
return rv; return rv;
} }
PrioPacketClient PrioPacketClient
PrioPacketClient_new (const_PrioConfig cfg, PrioServerId for_server) PrioPacketClient_new(const_PrioConfig cfg, PrioServerId for_server)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
const int data_len = cfg->num_data_fields; const int data_len = cfg->num_data_fields;
PrioPacketClient p = NULL; PrioPacketClient p = NULL;
p = malloc (sizeof (*p)); p = malloc(sizeof(*p));
if (!p) return NULL; if (!p)
return NULL;
p->for_server = for_server; p->for_server = for_server;
p->triple = NULL; p->triple = NULL;
MP_DIGITS (&p->f0_share) = NULL; MP_DIGITS(&p->f0_share) = NULL;
MP_DIGITS (&p->g0_share) = NULL; MP_DIGITS(&p->g0_share) = NULL;
MP_DIGITS (&p->h0_share) = NULL; MP_DIGITS(&p->h0_share) = NULL;
switch (p->for_server) { switch (p->for_server) {
case PRIO_SERVER_A: case PRIO_SERVER_A:
@ -170,7 +170,7 @@ PrioPacketClient_new (const_PrioConfig cfg, PrioServerId for_server)
p->shares.A.h_points = NULL; p->shares.A.h_points = NULL;
break; break;
case PRIO_SERVER_B: case PRIO_SERVER_B:
memset (p->shares.B.seed, 0, PRG_SEED_LENGTH); memset(p->shares.B.seed, 0, PRG_SEED_LENGTH);
break; break;
default: default:
// Should never get here // Should never get here
@ -178,20 +178,20 @@ PrioPacketClient_new (const_PrioConfig cfg, PrioServerId for_server)
goto cleanup; goto cleanup;
} }
MP_CHECKC (mp_init (&p->f0_share)); MP_CHECKC(mp_init(&p->f0_share));
MP_CHECKC (mp_init (&p->g0_share)); MP_CHECKC(mp_init(&p->g0_share));
MP_CHECKC (mp_init (&p->h0_share)); MP_CHECKC(mp_init(&p->h0_share));
P_CHECKA (p->triple = BeaverTriple_new ()); P_CHECKA(p->triple = BeaverTriple_new());
if (p->for_server == PRIO_SERVER_A) { if (p->for_server == PRIO_SERVER_A) {
const int num_h_points = PrioConfig_hPoints (cfg); const int num_h_points = PrioConfig_hPoints(cfg);
P_CHECKA (p->shares.A.data_shares = MPArray_new (data_len)); P_CHECKA(p->shares.A.data_shares = MPArray_new(data_len));
P_CHECKA (p->shares.A.h_points = MPArray_new (num_h_points)); P_CHECKA(p->shares.A.h_points = MPArray_new(num_h_points));
} }
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
PrioPacketClient_clear (p); PrioPacketClient_clear(p);
return NULL; return NULL;
} }
@ -199,69 +199,74 @@ cleanup:
} }
SECStatus SECStatus
PrioPacketClient_set_data (const_PrioConfig cfg, const bool *data_in, PrioPacketClient_set_data(const_PrioConfig cfg, const bool* data_in,
PrioPacketClient pA, PrioPacketClient pB) PrioPacketClient pA, PrioPacketClient pB)
{ {
MPArray client_data = NULL; MPArray client_data = NULL;
PRG prgB = NULL; PRG prgB = NULL;
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
const int data_len = cfg->num_data_fields; const int data_len = cfg->num_data_fields;
if (!data_in) return SECFailure; if (!data_in)
return SECFailure;
P_CHECKC (PrioPRGSeed_randomize (&pB->shares.B.seed)); P_CHECKC(PrioPRGSeed_randomize(&pB->shares.B.seed));
P_CHECKA (prgB = PRG_new (pB->shares.B.seed)); P_CHECKA(prgB = PRG_new(pB->shares.B.seed));
P_CHECKC (BeaverTriple_set_rand (cfg, pA->triple, pB->triple)); P_CHECKC(BeaverTriple_set_rand(cfg, pA->triple, pB->triple));
P_CHECKA (client_data = MPArray_new_bool (data_len, data_in)); P_CHECKA(client_data = MPArray_new_bool(data_len, data_in));
P_CHECKC (PRG_share_array (prgB, pA->shares.A.data_shares, P_CHECKC(PRG_share_array(prgB, pA->shares.A.data_shares, client_data, cfg));
client_data, cfg)); P_CHECKC(share_polynomials(cfg, client_data, pA, pB, prgB));
P_CHECKC (share_polynomials (cfg, client_data, pA, pB, prgB));
cleanup: cleanup:
MPArray_clear (client_data); MPArray_clear(client_data);
PRG_clear (prgB); PRG_clear(prgB);
return rv; return rv;
} }
void void
PrioPacketClient_clear (PrioPacketClient p) PrioPacketClient_clear(PrioPacketClient p)
{ {
if (p == NULL) return; if (p == NULL)
return;
if (p->for_server == PRIO_SERVER_A) { if (p->for_server == PRIO_SERVER_A) {
MPArray_clear (p->shares.A.h_points); MPArray_clear(p->shares.A.h_points);
MPArray_clear (p->shares.A.data_shares); MPArray_clear(p->shares.A.data_shares);
} }
BeaverTriple_clear (p->triple); BeaverTriple_clear(p->triple);
mp_clear (&p->f0_share); mp_clear(&p->f0_share);
mp_clear (&p->g0_share); mp_clear(&p->g0_share);
mp_clear (&p->h0_share); mp_clear(&p->h0_share);
free (p); free(p);
} }
bool bool
PrioPacketClient_areEqual (const_PrioPacketClient p1, PrioPacketClient_areEqual(const_PrioPacketClient p1, const_PrioPacketClient p2)
const_PrioPacketClient p2)
{ {
if (!BeaverTriple_areEqual (p1->triple, p2->triple)) return false; if (!BeaverTriple_areEqual(p1->triple, p2->triple))
if (mp_cmp (&p1->f0_share, &p2->f0_share)) return false; return false;
if (mp_cmp (&p1->g0_share, &p2->g0_share)) return false; if (mp_cmp(&p1->f0_share, &p2->f0_share))
if (mp_cmp (&p1->h0_share, &p2->h0_share)) return false; return false;
if (p1->for_server != p2->for_server) return false; if (mp_cmp(&p1->g0_share, &p2->g0_share))
return false;
if (mp_cmp(&p1->h0_share, &p2->h0_share))
return false;
if (p1->for_server != p2->for_server)
return false;
switch (p1->for_server) { switch (p1->for_server) {
case PRIO_SERVER_A: case PRIO_SERVER_A:
if (!MPArray_areEqual (p1->shares.A.data_shares, if (!MPArray_areEqual(p1->shares.A.data_shares, p2->shares.A.data_shares))
p2->shares.A.data_shares)) return false; return false;
if (!MPArray_areEqual (p1->shares.A.h_points, if (!MPArray_areEqual(p1->shares.A.h_points, p2->shares.A.h_points))
p2->shares.A.h_points)) return false; return false;
break; break;
case PRIO_SERVER_B: case PRIO_SERVER_B:
if (memcmp (p1->shares.B.seed, p2->shares.B.seed, if (memcmp(p1->shares.B.seed, p2->shares.B.seed, PRG_SEED_LENGTH))
PRG_SEED_LENGTH)) return false; return false;
break; break;
default: default:
// Should never get here. // Should never get here.
@ -272,9 +277,9 @@ PrioPacketClient_areEqual (const_PrioPacketClient p1,
} }
SECStatus SECStatus
PrioClient_encode (const_PrioConfig cfg, const bool *data_in, PrioClient_encode(const_PrioConfig cfg, const bool* data_in,
unsigned char **for_server_a, unsigned int *aLen, unsigned char** for_server_a, unsigned int* aLen,
unsigned char **for_server_b, unsigned int *bLen) unsigned char** for_server_b, unsigned int* bLen)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PrioPacketClient pA = NULL; PrioPacketClient pA = NULL;
@ -282,72 +287,74 @@ PrioClient_encode (const_PrioConfig cfg, const bool *data_in,
*for_server_a = NULL; *for_server_a = NULL;
*for_server_b = NULL; *for_server_b = NULL;
P_CHECKA (pA = PrioPacketClient_new (cfg, PRIO_SERVER_A)); P_CHECKA(pA = PrioPacketClient_new(cfg, PRIO_SERVER_A));
P_CHECKA (pB = PrioPacketClient_new (cfg, PRIO_SERVER_B)); P_CHECKA(pB = PrioPacketClient_new(cfg, PRIO_SERVER_B));
msgpack_sbuffer sbufA, sbufB; msgpack_sbuffer sbufA, sbufB;
msgpack_packer packerA, packerB; msgpack_packer packerA, packerB;
msgpack_sbuffer_init (&sbufA); msgpack_sbuffer_init(&sbufA);
msgpack_sbuffer_init (&sbufB); msgpack_sbuffer_init(&sbufB);
msgpack_packer_init (&packerA, &sbufA, msgpack_sbuffer_write); msgpack_packer_init(&packerA, &sbufA, msgpack_sbuffer_write);
msgpack_packer_init (&packerB, &sbufB, msgpack_sbuffer_write); msgpack_packer_init(&packerB, &sbufB, msgpack_sbuffer_write);
P_CHECKC (PrioPacketClient_set_data (cfg, data_in, pA, pB)); P_CHECKC(PrioPacketClient_set_data(cfg, data_in, pA, pB));
P_CHECKC (serial_write_packet_client (&packerA, pA, cfg)); P_CHECKC(serial_write_packet_client(&packerA, pA, cfg));
P_CHECKC (serial_write_packet_client (&packerB, pB, cfg)); P_CHECKC(serial_write_packet_client(&packerB, pB, cfg));
P_CHECKC (PublicKey_encryptSize (sbufA.size, aLen)); P_CHECKC(PublicKey_encryptSize(sbufA.size, aLen));
P_CHECKC (PublicKey_encryptSize (sbufB.size, bLen)); P_CHECKC(PublicKey_encryptSize(sbufB.size, bLen));
P_CHECKA (*for_server_a = malloc (*aLen)); P_CHECKA(*for_server_a = malloc(*aLen));
P_CHECKA (*for_server_b = malloc (*bLen)); P_CHECKA(*for_server_b = malloc(*bLen));
unsigned int writtenA; unsigned int writtenA;
unsigned int writtenB; unsigned int writtenB;
P_CHECKC (PublicKey_encrypt (cfg->server_a_pub, *for_server_a, &writtenA, *aLen, P_CHECKC(PublicKey_encrypt(cfg->server_a_pub, *for_server_a, &writtenA, *aLen,
(unsigned char *)sbufA.data, sbufA.size)); (unsigned char*)sbufA.data, sbufA.size));
P_CHECKC (PublicKey_encrypt (cfg->server_b_pub, *for_server_b, &writtenB, *bLen, P_CHECKC(PublicKey_encrypt(cfg->server_b_pub, *for_server_b, &writtenB, *bLen,
(unsigned char *)sbufB.data, sbufB.size)); (unsigned char*)sbufB.data, sbufB.size));
P_CHECKCB (writtenA == *aLen); P_CHECKCB(writtenA == *aLen);
P_CHECKCB (writtenB == *bLen); P_CHECKCB(writtenB == *bLen);
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
if (*for_server_a) free (*for_server_a); if (*for_server_a)
if (*for_server_b) free (*for_server_b); free(*for_server_a);
if (*for_server_b)
free(*for_server_b);
*for_server_a = NULL; *for_server_a = NULL;
*for_server_b = NULL; *for_server_b = NULL;
} }
PrioPacketClient_clear (pA); PrioPacketClient_clear(pA);
PrioPacketClient_clear (pB); PrioPacketClient_clear(pB);
msgpack_sbuffer_destroy (&sbufA); msgpack_sbuffer_destroy(&sbufA);
msgpack_sbuffer_destroy (&sbufB); msgpack_sbuffer_destroy(&sbufB);
return rv; return rv;
} }
SECStatus SECStatus
PrioPacketClient_decrypt (PrioPacketClient p, const_PrioConfig cfg, PrioPacketClient_decrypt(PrioPacketClient p, const_PrioConfig cfg,
PrivateKey server_priv, const unsigned char *data_in, unsigned int data_len) PrivateKey server_priv, const unsigned char* data_in,
unsigned int data_len)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
msgpack_unpacker upk; msgpack_unpacker upk;
P_CHECKCB (msgpack_unpacker_init (&upk, data_len)); P_CHECKCB(msgpack_unpacker_init(&upk, data_len));
// Decrypt the ciphertext into dec_buf // Decrypt the ciphertext into dec_buf
unsigned int bytes_decrypted; unsigned int bytes_decrypted;
P_CHECKC (PrivateKey_decrypt (server_priv, P_CHECKC(PrivateKey_decrypt(server_priv,
(unsigned char *)msgpack_unpacker_buffer (&upk), &bytes_decrypted, (unsigned char*)msgpack_unpacker_buffer(&upk),
data_len, data_in, data_len)); &bytes_decrypted, data_len, data_in, data_len));
msgpack_unpacker_buffer_consumed (&upk, bytes_decrypted); msgpack_unpacker_buffer_consumed(&upk, bytes_decrypted);
P_CHECKC (serial_read_packet_client (&upk, p, cfg)); P_CHECKC(serial_read_packet_client(&upk, p, cfg));
cleanup: cleanup:
msgpack_unpacker_destroy (&upk); msgpack_unpacker_destroy(&upk);
return rv; return rv;
} }

41
third_party/prio/prio/client.h поставляемый
Просмотреть файл

@ -13,23 +13,24 @@
#include "prg.h" #include "prg.h"
#include "share.h" #include "share.h"
/* /*
* The PrioPacketClient object holds the encoded client data. * The PrioPacketClient object holds the encoded client data.
* The client sends one packet to server A and one packet to * The client sends one packet to server A and one packet to
* server B. The `for_server` parameter determines which server * server B. The `for_server` parameter determines which server
* the packet is for. * the packet is for.
*/ */
typedef struct prio_packet_client *PrioPacketClient; typedef struct prio_packet_client* PrioPacketClient;
typedef const struct prio_packet_client *const_PrioPacketClient; typedef const struct prio_packet_client* const_PrioPacketClient;
struct server_a_data { struct server_a_data
{
// These values are only set for server A. // These values are only set for server A.
MPArray data_shares; MPArray data_shares;
MPArray h_points; MPArray h_points;
}; };
struct server_b_data { struct server_b_data
{
// This value is only used for server B. // This value is only used for server B.
// //
// We use a pseudo-random generator to compress the secret-shared data // We use a pseudo-random generator to compress the secret-shared data
@ -41,7 +42,8 @@ struct server_b_data {
/* /*
* The data that a Prio client sends to each server. * The data that a Prio client sends to each server.
*/ */
struct prio_packet_client { struct prio_packet_client
{
// TODO: Can also use a PRG to avoid need for sending Beaver triple shares. // TODO: Can also use a PRG to avoid need for sending Beaver triple shares.
// Since this optimization only saves ~30 bytes of communication, we haven't // Since this optimization only saves ~30 bytes of communication, we haven't
// bothered implementing it yet. // bothered implementing it yet.
@ -50,25 +52,26 @@ struct prio_packet_client {
mp_int f0_share, g0_share, h0_share; mp_int f0_share, g0_share, h0_share;
PrioServerId for_server; PrioServerId for_server;
union { union
{
struct server_a_data A; struct server_a_data A;
struct server_b_data B; struct server_b_data B;
} shares; } shares;
}; };
PrioPacketClient PrioPacketClient_new(const_PrioConfig cfg,
PrioServerId for_server);
void PrioPacketClient_clear(PrioPacketClient p);
SECStatus PrioPacketClient_set_data(const_PrioConfig cfg, const bool* data_in,
PrioPacketClient for_server_a,
PrioPacketClient for_server_b);
PrioPacketClient PrioPacketClient_new (const_PrioConfig cfg, PrioServerId for_server); SECStatus PrioPacketClient_decrypt(PrioPacketClient p, const_PrioConfig cfg,
void PrioPacketClient_clear (PrioPacketClient p); PrivateKey server_priv,
SECStatus PrioPacketClient_set_data (const_PrioConfig cfg, const bool *data_in, const unsigned char* data_in,
PrioPacketClient for_server_a, PrioPacketClient for_server_b); unsigned int data_len);
SECStatus PrioPacketClient_decrypt (PrioPacketClient p,
const_PrioConfig cfg, PrivateKey server_priv,
const unsigned char *data_in, unsigned int data_len);
bool PrioPacketClient_areEqual (const_PrioPacketClient p1,
const_PrioPacketClient p2);
bool PrioPacketClient_areEqual(const_PrioPacketClient p1,
const_PrioPacketClient p2);
#endif /* __CLIENT_H__ */ #endif /* __CLIENT_H__ */

77
third_party/prio/prio/config.c поставляемый
Просмотреть файл

@ -10,8 +10,8 @@
#include <stdlib.h> #include <stdlib.h>
#include "config.h" #include "config.h"
#include "params.h"
#include "mparray.h" #include "mparray.h"
#include "params.h"
#include "rand.h" #include "rand.h"
#include "util.h" #include "util.h"
@ -24,24 +24,24 @@
// p = (2^k)q + 1. // p = (2^k)q + 1.
// The roots are integers such that r^{2^k} = 1 mod p. // The roots are integers such that r^{2^k} = 1 mod p.
static SECStatus static SECStatus
initialize_roots (MPArray arr, const char *values[]) initialize_roots(MPArray arr, const char* values[])
{ {
// TODO: Read in only the number of roots of unity we need. // TODO: Read in only the number of roots of unity we need.
// Right now we read in all 4096 roots whether or not we use // Right now we read in all 4096 roots whether or not we use
// them all. // them all.
for (int i=0; i < arr->len; i++) { for (int i = 0; i < arr->len; i++) {
MP_CHECK (mp_read_radix (&arr->data[i], values[i], 16)); MP_CHECK(mp_read_radix(&arr->data[i], values[i], 16));
} }
return SECSuccess; return SECSuccess;
} }
PrioConfig PrioConfig
PrioConfig_new (int n_fields, PublicKey server_a, PublicKey server_b, PrioConfig_new(int n_fields, PublicKey server_a, PublicKey server_b,
const unsigned char *batch_id, unsigned int batch_id_len) const unsigned char* batch_id, unsigned int batch_id_len)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PrioConfig cfg = malloc (sizeof (*cfg)); PrioConfig cfg = malloc(sizeof(*cfg));
if (!cfg) if (!cfg)
return NULL; return NULL;
@ -61,25 +61,25 @@ PrioConfig_new (int n_fields, PublicKey server_a, PublicKey server_b,
goto cleanup; goto cleanup;
} }
P_CHECKA (cfg->batch_id = malloc (batch_id_len)); P_CHECKA(cfg->batch_id = malloc(batch_id_len));
strncpy ((char *)cfg->batch_id, (char *)batch_id, batch_id_len); strncpy((char*)cfg->batch_id, (char*)batch_id, batch_id_len);
MP_CHECKC (mp_init (&cfg->modulus)); MP_CHECKC(mp_init(&cfg->modulus));
MP_CHECKC (mp_read_radix (&cfg->modulus, Modulus, 16)); MP_CHECKC(mp_read_radix(&cfg->modulus, Modulus, 16));
// Compute 2^{-1} modulo M // Compute 2^{-1} modulo M
MP_CHECKC (mp_init (&cfg->inv2)); MP_CHECKC(mp_init(&cfg->inv2));
mp_set (&cfg->inv2, 2); mp_set(&cfg->inv2, 2);
MP_CHECKC (mp_invmod (&cfg->inv2, &cfg->modulus, &cfg->inv2)); MP_CHECKC(mp_invmod(&cfg->inv2, &cfg->modulus, &cfg->inv2));
P_CHECKA (cfg->roots = MPArray_new (cfg->n_roots)); P_CHECKA(cfg->roots = MPArray_new(cfg->n_roots));
P_CHECKA (cfg->rootsInv = MPArray_new (cfg->n_roots)); P_CHECKA(cfg->rootsInv = MPArray_new(cfg->n_roots));
MP_CHECKC (initialize_roots (cfg->roots, Roots)); MP_CHECKC(initialize_roots(cfg->roots, Roots));
MP_CHECKC (initialize_roots (cfg->rootsInv, RootsInv)); MP_CHECKC(initialize_roots(cfg->rootsInv, RootsInv));
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
PrioConfig_clear (cfg); PrioConfig_clear(cfg);
return NULL; return NULL;
} }
@ -87,46 +87,47 @@ cleanup:
} }
PrioConfig PrioConfig
PrioConfig_newTest (int nFields) PrioConfig_newTest(int nFields)
{ {
return PrioConfig_new (nFields, NULL, NULL, return PrioConfig_new(nFields, NULL, NULL, (unsigned char*)"testBatch", 9);
(unsigned char *)"testBatch", 9);
} }
void void
PrioConfig_clear (PrioConfig cfg) PrioConfig_clear(PrioConfig cfg)
{ {
if (!cfg) return; if (!cfg)
if (cfg->batch_id) free (cfg->batch_id); return;
MPArray_clear (cfg->roots); if (cfg->batch_id)
MPArray_clear (cfg->rootsInv); free(cfg->batch_id);
mp_clear (&cfg->modulus); MPArray_clear(cfg->roots);
mp_clear (&cfg->inv2); MPArray_clear(cfg->rootsInv);
free (cfg); mp_clear(&cfg->modulus);
mp_clear(&cfg->inv2);
free(cfg);
} }
int int
PrioConfig_numDataFields (const_PrioConfig cfg) PrioConfig_numDataFields(const_PrioConfig cfg)
{ {
return cfg->num_data_fields; return cfg->num_data_fields;
} }
SECStatus SECStatus
Prio_init (void) Prio_init(void)
{ {
return rand_init (); return rand_init();
} }
void void
Prio_clear (void) Prio_clear(void)
{ {
rand_clear (); rand_clear();
} }
int PrioConfig_hPoints (const_PrioConfig cfg) int
PrioConfig_hPoints(const_PrioConfig cfg)
{ {
const int mul_gates = cfg->num_data_fields + 1; const int mul_gates = cfg->num_data_fields + 1;
const int N = next_power_of_two (mul_gates); const int N = next_power_of_two(mul_gates);
return N; return N;
} }

9
third_party/prio/prio/config.h поставляемый
Просмотреть файл

@ -13,12 +13,12 @@
#include "mparray.h" #include "mparray.h"
struct prio_config { struct prio_config
{
int num_data_fields; int num_data_fields;
unsigned char *batch_id; unsigned char* batch_id;
unsigned int batch_id_len; unsigned int batch_id_len;
PublicKey server_a_pub; PublicKey server_a_pub;
PublicKey server_b_pub; PublicKey server_b_pub;
@ -30,7 +30,6 @@ struct prio_config {
MPArray rootsInv; MPArray rootsInv;
}; };
int PrioConfig_hPoints (const_PrioConfig cfg); int PrioConfig_hPoints(const_PrioConfig cfg);
#endif /* __CONFIG_H__ */ #endif /* __CONFIG_H__ */

6
third_party/prio/prio/debug.h поставляемый
Просмотреть файл

@ -12,10 +12,12 @@
#include <stdio.h> #include <stdio.h>
#ifdef DEBUG #ifdef DEBUG
#define PRIO_DEBUG(msg) do { fprintf(stderr, "Error: %s\n", msg); } while(false); #define PRIO_DEBUG(msg) \
do { \
fprintf(stderr, "Error: %s\n", msg); \
} while (false);
#else #else
#define PRIO_DEBUG(msg) ; #define PRIO_DEBUG(msg) ;
#endif #endif
#endif /* __DEBUG_H__ */ #endif /* __DEBUG_H__ */

255
third_party/prio/prio/encrypt.c поставляемый
Просмотреть файл

@ -6,9 +6,9 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
#include <nss/keyhi.h> #include <keyhi.h>
#include <nss/keythi.h> #include <keythi.h>
#include <nss/pk11pub.h> #include <pk11pub.h>
#include <prerror.h> #include <prerror.h>
#include "encrypt.h" #include "encrypt.h"
@ -24,221 +24,250 @@
#define GCM_TAG_LEN_BYTES 16 #define GCM_TAG_LEN_BYTES 16
#define PRIO_TAG "PrioPacket" #define PRIO_TAG "PrioPacket"
#define AAD_LEN (strlen (PRIO_TAG) + CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES) #define AAD_LEN (strlen(PRIO_TAG) + CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES)
// The all-zeros curve25519 public key, as DER-encoded SKPI blob. // The all-zeros curve25519 public key, as DER-encoded SKPI blob.
static const uint8_t curve25519_spki_zeros[] = { static const uint8_t curve25519_spki_zeros[] = {
0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, 0x03, 0x21, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
}; };
static inline uint8_t // Note that we do not use isxdigit because it is locale-dependent
hex_to_int (char h) // See: https://github.com/mozilla/libprio/issues/20
static inline char
is_hex_digit(char c)
{ {
return (h > '9') ? toupper (h) - 'A' + 10 : (h - '0'); return ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') ||
('A' <= c && c <= 'F');
}
// Note that we do not use toupper because it is locale-dependent
// See: https://github.com/mozilla/libprio/issues/20
static inline char
to_upper(char c)
{
if (c >= 'a' && c <= 'z') {
return c - 0x20;
} else {
return c;
}
}
static inline uint8_t
hex_to_int(char h)
{
return (h > '9') ? to_upper(h) - 'A' + 10 : (h - '0');
} }
static inline unsigned char static inline unsigned char
int_to_hex (uint8_t i) int_to_hex(uint8_t i)
{ {
return (i > 0x09) ? ((i - 10) + 'A') : i + '0'; return (i > 0x09) ? ((i - 10) + 'A') : i + '0';
} }
static SECStatus static SECStatus
derive_dh_secret (PK11SymKey **shared_secret, PrivateKey priv, PublicKey pub) derive_dh_secret(PK11SymKey** shared_secret, PrivateKey priv, PublicKey pub)
{ {
if (priv == NULL) return SECFailure; if (priv == NULL)
if (pub == NULL) return SECFailure; return SECFailure;
if (shared_secret == NULL) return SECFailure; if (pub == NULL)
return SECFailure;
if (shared_secret == NULL)
return SECFailure;
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
*shared_secret = NULL; *shared_secret = NULL;
P_CHECKA (*shared_secret = PK11_PubDeriveWithKDF (priv, pub, PR_FALSE, P_CHECKA(*shared_secret = PK11_PubDeriveWithKDF(
NULL, NULL, CKM_ECDH1_DERIVE, CKM_AES_GCM, priv, pub, PR_FALSE, NULL, NULL, CKM_ECDH1_DERIVE, CKM_AES_GCM,
CKA_ENCRYPT | CKA_DECRYPT, 16, CKA_ENCRYPT | CKA_DECRYPT, 16, CKD_SHA256_KDF, NULL, NULL));
CKD_SHA256_KDF, NULL, NULL));
cleanup: cleanup:
return rv; return rv;
} }
SECStatus SECStatus
PublicKey_import (PublicKey *pk, const unsigned char *data, unsigned int dataLen) PublicKey_import(PublicKey* pk, const unsigned char* data, unsigned int dataLen)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
CERTSubjectPublicKeyInfo *pkinfo = NULL; CERTSubjectPublicKeyInfo* pkinfo = NULL;
*pk = NULL; *pk = NULL;
if (dataLen != CURVE25519_KEY_LEN) if (dataLen != CURVE25519_KEY_LEN)
return SECFailure; return SECFailure;
unsigned char key_bytes[dataLen]; unsigned char key_bytes[dataLen];
memcpy (key_bytes, data, dataLen); memcpy(key_bytes, data, dataLen);
const int spki_len = sizeof (curve25519_spki_zeros); const int spki_len = sizeof(curve25519_spki_zeros);
uint8_t spki_data[spki_len]; uint8_t spki_data[spki_len];
memcpy (spki_data, curve25519_spki_zeros, spki_len); memcpy(spki_data, curve25519_spki_zeros, spki_len);
SECItem spki_item = { siBuffer, spki_data, spki_len }; SECItem spki_item = { siBuffer, spki_data, spki_len };
// Import the all-zeros curve25519 public key. // Import the all-zeros curve25519 public key.
P_CHECKA (pkinfo = SECKEY_DecodeDERSubjectPublicKeyInfo (&spki_item)); P_CHECKA(pkinfo = SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
P_CHECKA (*pk = SECKEY_ExtractPublicKey (pkinfo)); P_CHECKA(*pk = SECKEY_ExtractPublicKey(pkinfo));
// Overwrite the all-zeros public key with the 32-byte curve25519 public key // Overwrite the all-zeros public key with the 32-byte curve25519 public key
// given as input. // given as input.
memcpy ((*pk)->u.ec.publicValue.data, data, CURVE25519_KEY_LEN); memcpy((*pk)->u.ec.publicValue.data, data, CURVE25519_KEY_LEN);
cleanup: cleanup:
if (pkinfo) if (pkinfo)
SECKEY_DestroySubjectPublicKeyInfo (pkinfo); SECKEY_DestroySubjectPublicKeyInfo(pkinfo);
if (rv != SECSuccess) if (rv != SECSuccess)
PublicKey_clear (*pk); PublicKey_clear(*pk);
return rv; return rv;
} }
SECStatus SECStatus
PublicKey_import_hex (PublicKey *pk, const unsigned char *hex_data, unsigned int dataLen) PublicKey_import_hex(PublicKey* pk, const unsigned char* hex_data,
unsigned int dataLen)
{ {
unsigned char raw_bytes[CURVE25519_KEY_LEN]; unsigned char raw_bytes[CURVE25519_KEY_LEN];
if (dataLen != CURVE25519_KEY_LEN_HEX) if (dataLen != CURVE25519_KEY_LEN_HEX)
return SECFailure; return SECFailure;
for (unsigned int i=0; i<dataLen; i++) { for (unsigned int i = 0; i < dataLen; i++) {
if (!isxdigit (hex_data[i])) if (!is_hex_digit(hex_data[i]))
return SECFailure; return SECFailure;
} }
const unsigned char *p = hex_data; const unsigned char* p = hex_data;
for (unsigned int i=0; i<CURVE25519_KEY_LEN; i++) { for (unsigned int i = 0; i < CURVE25519_KEY_LEN; i++) {
uint8_t d0 = hex_to_int (p[0]); uint8_t d0 = hex_to_int(p[0]);
uint8_t d1 = hex_to_int (p[1]); uint8_t d1 = hex_to_int(p[1]);
raw_bytes[i] = (d0 << 4) | d1; raw_bytes[i] = (d0 << 4) | d1;
p += 2; p += 2;
} }
return PublicKey_import (pk, raw_bytes, CURVE25519_KEY_LEN); return PublicKey_import(pk, raw_bytes, CURVE25519_KEY_LEN);
} }
SECStatus SECStatus
PublicKey_export (const_PublicKey pk, unsigned char data[CURVE25519_KEY_LEN]) PublicKey_export(const_PublicKey pk, unsigned char data[CURVE25519_KEY_LEN])
{ {
if (pk == NULL) return SECFailure; if (pk == NULL)
return SECFailure;
memcpy (data, pk->u.ec.publicValue.data, CURVE25519_KEY_LEN); memcpy(data, pk->u.ec.publicValue.data, CURVE25519_KEY_LEN);
return SECSuccess; return SECSuccess;
} }
SECStatus SECStatus
PublicKey_export_hex (const_PublicKey pk, unsigned char data[(2*CURVE25519_KEY_LEN)+1]) PublicKey_export_hex(const_PublicKey pk,
unsigned char data[(2 * CURVE25519_KEY_LEN) + 1])
{ {
unsigned char raw_data[CURVE25519_KEY_LEN]; unsigned char raw_data[CURVE25519_KEY_LEN];
if (PublicKey_export (pk, raw_data) != SECSuccess) if (PublicKey_export(pk, raw_data) != SECSuccess)
return SECFailure; return SECFailure;
const unsigned char *p = raw_data; const unsigned char* p = raw_data;
for (unsigned int i=0; i<CURVE25519_KEY_LEN; i++) { for (unsigned int i = 0; i < CURVE25519_KEY_LEN; i++) {
unsigned char bytel = p[0] & 0x0f; unsigned char bytel = p[0] & 0x0f;
unsigned char byteu = (p[0] & 0xf0) >> 4; unsigned char byteu = (p[0] & 0xf0) >> 4;
data[2*i] = int_to_hex (byteu); data[2 * i] = int_to_hex(byteu);
data[2*i + 1] = int_to_hex (bytel); data[2 * i + 1] = int_to_hex(bytel);
p++; p++;
} }
data[2*CURVE25519_KEY_LEN] = '\0'; data[2 * CURVE25519_KEY_LEN] = '\0';
return SECSuccess; return SECSuccess;
} }
SECStatus SECStatus
Keypair_new (PrivateKey *pvtkey, PublicKey *pubkey) Keypair_new(PrivateKey* pvtkey, PublicKey* pubkey)
{ {
if (pvtkey == NULL) return SECFailure; if (pvtkey == NULL)
if (pubkey == NULL) return SECFailure; return SECFailure;
if (pubkey == NULL)
return SECFailure;
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
SECOidData *oid_data = NULL; SECOidData* oid_data = NULL;
*pubkey = NULL; *pubkey = NULL;
*pvtkey = NULL; *pvtkey = NULL;
SECKEYECParams ecp; SECKEYECParams ecp;
ecp.data = NULL; ecp.data = NULL;
PK11SlotInfo *slot = NULL; PK11SlotInfo* slot = NULL;
P_CHECKA (oid_data = SECOID_FindOIDByTag (CURVE_OID_TAG)); P_CHECKA(oid_data = SECOID_FindOIDByTag(CURVE_OID_TAG));
const int oid_struct_len = 2 + oid_data->oid.len; const int oid_struct_len = 2 + oid_data->oid.len;
P_CHECKA (ecp.data = malloc (oid_struct_len)); P_CHECKA(ecp.data = malloc(oid_struct_len));
ecp.len = oid_struct_len; ecp.len = oid_struct_len;
ecp.type = siDEROID; ecp.type = siDEROID;
ecp.data[0] = SEC_ASN1_OBJECT_ID; ecp.data[0] = SEC_ASN1_OBJECT_ID;
ecp.data[1] = oid_data->oid.len; ecp.data[1] = oid_data->oid.len;
memcpy (&ecp.data[2], oid_data->oid.data, oid_data->oid.len); memcpy(&ecp.data[2], oid_data->oid.data, oid_data->oid.len);
P_CHECKA (slot = PK11_GetInternalSlot ()); P_CHECKA(slot = PK11_GetInternalSlot());
P_CHECKA (*pvtkey = PK11_GenerateKeyPair(slot, CKM_EC_KEY_PAIR_GEN, &ecp, P_CHECKA(*pvtkey = PK11_GenerateKeyPair(slot, CKM_EC_KEY_PAIR_GEN, &ecp,
(SECKEYPublicKey **)pubkey, PR_FALSE, PR_FALSE, NULL)); (SECKEYPublicKey**)pubkey, PR_FALSE,
PK11_FreeSlot (slot); PR_FALSE, NULL));
PK11_FreeSlot(slot);
cleanup: cleanup:
if (ecp.data) if (ecp.data)
free (ecp.data); free(ecp.data);
if (rv != SECSuccess) { if (rv != SECSuccess) {
PublicKey_clear (*pubkey); PublicKey_clear(*pubkey);
PrivateKey_clear (*pvtkey); PrivateKey_clear(*pvtkey);
} }
return rv; return rv;
} }
void void
PublicKey_clear (PublicKey pubkey) PublicKey_clear(PublicKey pubkey)
{ {
if (pubkey) if (pubkey)
SECKEY_DestroyPublicKey(pubkey); SECKEY_DestroyPublicKey(pubkey);
} }
void void
PrivateKey_clear (PrivateKey pvtkey) PrivateKey_clear(PrivateKey pvtkey)
{ {
if (pvtkey) if (pvtkey)
SECKEY_DestroyPrivateKey(pvtkey); SECKEY_DestroyPrivateKey(pvtkey);
} }
const SECItem * const SECItem*
PublicKey_toBytes (const_PublicKey pubkey) PublicKey_toBytes(const_PublicKey pubkey)
{ {
return &pubkey->u.ec.publicValue; return &pubkey->u.ec.publicValue;
} }
SECStatus SECStatus
PublicKey_encryptSize (unsigned int inputLen, unsigned int *outputLen) PublicKey_encryptSize(unsigned int inputLen, unsigned int* outputLen)
{ {
if (outputLen == NULL || inputLen >= MAX_ENCRYPT_LEN) if (outputLen == NULL || inputLen >= MAX_ENCRYPT_LEN)
return SECFailure; return SECFailure;
// public key, IV, tag, and input // public key, IV, tag, and input
*outputLen = CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES + GCM_TAG_LEN_BYTES + inputLen; *outputLen =
CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES + GCM_TAG_LEN_BYTES + inputLen;
return SECSuccess; return SECSuccess;
} }
static void static void
set_gcm_params (SECItem *paramItem, CK_GCM_PARAMS *param, unsigned char *nonce, set_gcm_params(SECItem* paramItem, CK_GCM_PARAMS* param, unsigned char* nonce,
const_PublicKey pubkey, unsigned char *aadBuf) const_PublicKey pubkey, unsigned char* aadBuf)
{ {
int offset = 0; int offset = 0;
memcpy (aadBuf, PRIO_TAG, strlen (PRIO_TAG)); memcpy(aadBuf, PRIO_TAG, strlen(PRIO_TAG));
offset += strlen (PRIO_TAG); offset += strlen(PRIO_TAG);
memcpy (aadBuf + offset, PublicKey_toBytes (pubkey)->data, CURVE25519_KEY_LEN); memcpy(aadBuf + offset, PublicKey_toBytes(pubkey)->data, CURVE25519_KEY_LEN);
offset += CURVE25519_KEY_LEN; offset += CURVE25519_KEY_LEN;
memcpy (aadBuf + offset, nonce, GCM_IV_LEN_BYTES); memcpy(aadBuf + offset, nonce, GCM_IV_LEN_BYTES);
param->pIv = nonce; param->pIv = nonce;
param->ulIvLen = GCM_IV_LEN_BYTES; param->ulIvLen = GCM_IV_LEN_BYTES;
@ -247,17 +276,14 @@ set_gcm_params (SECItem *paramItem, CK_GCM_PARAMS *param, unsigned char *nonce,
param->ulTagBits = GCM_TAG_LEN_BYTES * 8; param->ulTagBits = GCM_TAG_LEN_BYTES * 8;
paramItem->type = siBuffer; paramItem->type = siBuffer;
paramItem->data = (void *)param; paramItem->data = (void*)param;
paramItem->len = sizeof (*param); paramItem->len = sizeof(*param);
} }
SECStatus SECStatus
PublicKey_encrypt (PublicKey pubkey, PublicKey_encrypt(PublicKey pubkey, unsigned char* output,
unsigned char *output, unsigned int* outputLen, unsigned int maxOutputLen,
unsigned int *outputLen, const unsigned char* input, unsigned int inputLen)
unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{ {
if (pubkey == NULL) if (pubkey == NULL)
return SECFailure; return SECFailure;
@ -266,7 +292,7 @@ PublicKey_encrypt (PublicKey pubkey,
return SECFailure; return SECFailure;
unsigned int needLen; unsigned int needLen;
if (PublicKey_encryptSize (inputLen, &needLen) != SECSuccess) if (PublicKey_encryptSize(inputLen, &needLen) != SECSuccess)
return SECFailure; return SECFailure;
if (maxOutputLen < needLen) if (maxOutputLen < needLen)
@ -275,46 +301,44 @@ PublicKey_encrypt (PublicKey pubkey,
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PublicKey eph_pub = NULL; PublicKey eph_pub = NULL;
PrivateKey eph_priv = NULL; PrivateKey eph_priv = NULL;
PK11SymKey *aes_key = NULL; PK11SymKey* aes_key = NULL;
unsigned char nonce[GCM_IV_LEN_BYTES]; unsigned char nonce[GCM_IV_LEN_BYTES];
unsigned char aadBuf[AAD_LEN]; unsigned char aadBuf[AAD_LEN];
P_CHECKC (rand_bytes (nonce, GCM_IV_LEN_BYTES)); P_CHECKC(rand_bytes(nonce, GCM_IV_LEN_BYTES));
P_CHECKC (Keypair_new (&eph_priv, &eph_pub)); P_CHECKC(Keypair_new(&eph_priv, &eph_pub));
P_CHECKC (derive_dh_secret (&aes_key, eph_priv, pubkey)); P_CHECKC(derive_dh_secret(&aes_key, eph_priv, pubkey));
CK_GCM_PARAMS param; CK_GCM_PARAMS param;
SECItem paramItem; SECItem paramItem;
set_gcm_params (&paramItem, &param, nonce, eph_pub, aadBuf); set_gcm_params(&paramItem, &param, nonce, eph_pub, aadBuf);
const SECItem *pk = PublicKey_toBytes (eph_pub); const SECItem* pk = PublicKey_toBytes(eph_pub);
P_CHECKCB (pk->len == CURVE25519_KEY_LEN); P_CHECKCB(pk->len == CURVE25519_KEY_LEN);
memcpy (output, pk->data, pk->len); memcpy(output, pk->data, pk->len);
memcpy (output + CURVE25519_KEY_LEN, param.pIv, param.ulIvLen); memcpy(output + CURVE25519_KEY_LEN, param.pIv, param.ulIvLen);
const int offset = CURVE25519_KEY_LEN + param.ulIvLen; const int offset = CURVE25519_KEY_LEN + param.ulIvLen;
P_CHECKC (PK11_Encrypt (aes_key, CKM_AES_GCM, &paramItem, output + offset, P_CHECKC(PK11_Encrypt(aes_key, CKM_AES_GCM, &paramItem, output + offset,
outputLen, maxOutputLen - offset, input, inputLen)); outputLen, maxOutputLen - offset, input, inputLen));
*outputLen = *outputLen + CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES; *outputLen = *outputLen + CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES;
cleanup: cleanup:
PublicKey_clear (eph_pub); PublicKey_clear(eph_pub);
PrivateKey_clear (eph_priv); PrivateKey_clear(eph_priv);
if (aes_key) if (aes_key)
PK11_FreeSymKey (aes_key); PK11_FreeSymKey(aes_key);
return rv; return rv;
} }
SECStatus SECStatus
PrivateKey_decrypt (PrivateKey privkey, PrivateKey_decrypt(PrivateKey privkey, unsigned char* output,
unsigned char *output, unsigned int* outputLen, unsigned int maxOutputLen,
unsigned int *outputLen, const unsigned char* input, unsigned int inputLen)
unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{ {
PK11SymKey *aes_key = NULL; PK11SymKey* aes_key = NULL;
PublicKey eph_pub = NULL; PublicKey eph_pub = NULL;
unsigned char aad_buf[AAD_LEN]; unsigned char aad_buf[AAD_LEN];
@ -323,7 +347,7 @@ PrivateKey_decrypt (PrivateKey privkey,
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
unsigned int headerLen; unsigned int headerLen;
if (PublicKey_encryptSize (0, &headerLen) != SECSuccess) if (PublicKey_encryptSize(0, &headerLen) != SECSuccess)
return SECFailure; return SECFailure;
if (inputLen < headerLen) if (inputLen < headerLen)
@ -333,24 +357,23 @@ PrivateKey_decrypt (PrivateKey privkey,
if (maxOutputLen < msglen || msglen >= MAX_ENCRYPT_LEN) if (maxOutputLen < msglen || msglen >= MAX_ENCRYPT_LEN)
return SECFailure; return SECFailure;
P_CHECKC (PublicKey_import (&eph_pub, input, CURVE25519_KEY_LEN)); P_CHECKC(PublicKey_import(&eph_pub, input, CURVE25519_KEY_LEN));
unsigned char nonce[GCM_IV_LEN_BYTES]; unsigned char nonce[GCM_IV_LEN_BYTES];
memcpy (nonce, input + CURVE25519_KEY_LEN, GCM_IV_LEN_BYTES); memcpy(nonce, input + CURVE25519_KEY_LEN, GCM_IV_LEN_BYTES);
SECItem paramItem; SECItem paramItem;
CK_GCM_PARAMS param; CK_GCM_PARAMS param;
set_gcm_params (&paramItem, &param, nonce, eph_pub, aad_buf); set_gcm_params(&paramItem, &param, nonce, eph_pub, aad_buf);
P_CHECKC (derive_dh_secret (&aes_key, privkey, eph_pub)); P_CHECKC(derive_dh_secret(&aes_key, privkey, eph_pub));
const int offset = CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES; const int offset = CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES;
P_CHECKC (PK11_Decrypt (aes_key, CKM_AES_GCM, &paramItem, output, P_CHECKC(PK11_Decrypt(aes_key, CKM_AES_GCM, &paramItem, output, outputLen,
outputLen, maxOutputLen, input + offset, inputLen - offset)); maxOutputLen, input + offset, inputLen - offset));
cleanup: cleanup:
PublicKey_clear (eph_pub); PublicKey_clear(eph_pub);
if (aes_key) if (aes_key)
PK11_FreeSymKey (aes_key); PK11_FreeSymKey(aes_key);
return rv; return rv;
} }

22
third_party/prio/prio/encrypt.h поставляемый
Просмотреть файл

@ -6,7 +6,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
#ifndef __ENCRYPT_H__ #ifndef __ENCRYPT_H__
#define __ENCRYPT_H__ #define __ENCRYPT_H__
@ -38,12 +37,12 @@
* is too large (larger than `MAX_ENCRYPT_LEN`), this function returns * is too large (larger than `MAX_ENCRYPT_LEN`), this function returns
* an error. * an error.
*/ */
SECStatus PublicKey_encryptSize (unsigned int inputLen, unsigned int *outputLen); SECStatus PublicKey_encryptSize(unsigned int inputLen, unsigned int* outputLen);
/* /*
* Generate a new keypair for public-key encryption. * Generate a new keypair for public-key encryption.
*/ */
SECStatus Keypair_new (PrivateKey *pvtkey, PublicKey *pubkey); SECStatus Keypair_new(PrivateKey* pvtkey, PublicKey* pubkey);
/* /*
* Encrypt an arbitrary bitstring to the specified public key. The buffer * Encrypt an arbitrary bitstring to the specified public key. The buffer
@ -53,22 +52,17 @@ SECStatus Keypair_new (PrivateKey *pvtkey, PublicKey *pubkey);
* *
* The value `inputLen` must be smaller than `MAX_ENCRYPT_LEN`. * The value `inputLen` must be smaller than `MAX_ENCRYPT_LEN`.
*/ */
SECStatus PublicKey_encrypt (PublicKey pubkey, SECStatus PublicKey_encrypt(PublicKey pubkey, unsigned char* output,
unsigned char *output, unsigned int* outputLen, unsigned int maxOutputLen,
unsigned int *outputLen, const unsigned char* input, unsigned int inputLen);
unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/* /*
* Decrypt an arbitrary bitstring using the specified private key. The output * Decrypt an arbitrary bitstring using the specified private key. The output
* buffer should be at least 16 bytes larger than the plaintext you expect. If * buffer should be at least 16 bytes larger than the plaintext you expect. If
* `outputLen` >= `inputLen`, you should be safe. * `outputLen` >= `inputLen`, you should be safe.
*/ */
SECStatus PrivateKey_decrypt (PrivateKey privkey, SECStatus PrivateKey_decrypt(PrivateKey privkey, unsigned char* output,
unsigned char *output, unsigned int* outputLen, unsigned int maxOutputLen,
unsigned int *outputLen, const unsigned char* input, unsigned int inputLen);
unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
#endif /* __ENCRYPT_H__ */ #endif /* __ENCRYPT_H__ */

98
third_party/prio/prio/mparray.c поставляемый
Просмотреть файл

@ -15,31 +15,31 @@
#include "util.h" #include "util.h"
MPArray MPArray
MPArray_new (int len) MPArray_new(int len)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
MPArray arr = malloc (sizeof *arr); MPArray arr = malloc(sizeof *arr);
if (!arr) if (!arr)
return NULL; return NULL;
arr->data = NULL; arr->data = NULL;
arr->len = len; arr->len = len;
P_CHECKA(arr->data = calloc (len, sizeof (mp_int))); P_CHECKA(arr->data = calloc(len, sizeof(mp_int)));
// Initialize these to NULL so that we can figure // Initialize these to NULL so that we can figure
// out which allocations failed (if any) // out which allocations failed (if any)
for (int i=0; i<len; i++) { for (int i = 0; i < len; i++) {
MP_DIGITS (&arr->data[i]) = NULL; MP_DIGITS(&arr->data[i]) = NULL;
} }
for (int i=0; i<len; i++) { for (int i = 0; i < len; i++) {
MP_CHECKC (mp_init(&arr->data[i])); MP_CHECKC(mp_init(&arr->data[i]));
} }
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
MPArray_clear (arr); MPArray_clear(arr);
return NULL; return NULL;
} }
@ -47,20 +47,21 @@ cleanup:
} }
MPArray MPArray
MPArray_new_bool (int len, const bool *data_in) MPArray_new_bool(int len, const bool* data_in)
{ {
MPArray arr = MPArray_new (len); MPArray arr = MPArray_new(len);
if (arr == NULL) return NULL; if (arr == NULL)
return NULL;
for (int i=0; i<len; i++) { for (int i = 0; i < len; i++) {
mp_set (&arr->data[i], data_in[i]); mp_set(&arr->data[i], data_in[i]);
} }
return arr; return arr;
} }
SECStatus SECStatus
MPArray_resize (MPArray arr, int newlen) MPArray_resize(MPArray arr, int newlen)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
const int oldlen = arr->len; const int oldlen = arr->len;
@ -69,65 +70,66 @@ MPArray_resize (MPArray arr, int newlen)
return rv; return rv;
// TODO: Use realloc for this? // TODO: Use realloc for this?
mp_int *newdata = calloc (newlen, sizeof (mp_int)); mp_int* newdata = calloc(newlen, sizeof(mp_int));
if (newdata == NULL) if (newdata == NULL)
return SECFailure; return SECFailure;
for (int i = 0; i < newlen; i++) { for (int i = 0; i < newlen; i++) {
MP_DIGITS (&newdata[i]) = NULL; MP_DIGITS(&newdata[i]) = NULL;
} }
// Initialize new array // Initialize new array
for (int i = 0; i < newlen; i++) { for (int i = 0; i < newlen; i++) {
MP_CHECKC (mp_init (&newdata[i])); MP_CHECKC(mp_init(&newdata[i]));
} }
// Copy old data into new array // Copy old data into new array
for (int i = 0; i < newlen && i < oldlen; i++) { for (int i = 0; i < newlen && i < oldlen; i++) {
MP_CHECKC (mp_copy (&arr->data[i], &newdata[i])); MP_CHECKC(mp_copy(&arr->data[i], &newdata[i]));
} }
// Free old data // Free old data
for (int i = 0; i < oldlen; i++) { for (int i = 0; i < oldlen; i++) {
mp_clear (&arr->data[i]); mp_clear(&arr->data[i]);
} }
free (arr->data); free(arr->data);
arr->data = newdata; arr->data = newdata;
arr->len = newlen; arr->len = newlen;
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
for (int i=0; i < newlen; i++) { for (int i = 0; i < newlen; i++) {
mp_clear (&newdata[i]); mp_clear(&newdata[i]);
} }
free (newdata); free(newdata);
} }
return rv; return rv;
} }
MPArray MPArray
MPArray_dup (const_MPArray src) MPArray_dup(const_MPArray src)
{ {
MPArray dst = MPArray_new (src->len); MPArray dst = MPArray_new(src->len);
if (!dst) return NULL; if (!dst)
return NULL;
SECStatus rv = MPArray_copy (dst, src); SECStatus rv = MPArray_copy(dst, src);
if (rv == SECSuccess) { if (rv == SECSuccess) {
return dst; return dst;
} else { } else {
MPArray_clear (dst); MPArray_clear(dst);
return NULL; return NULL;
} }
} }
SECStatus SECStatus
MPArray_copy (MPArray dst, const_MPArray src) MPArray_copy(MPArray dst, const_MPArray src)
{ {
if (dst->len != src->len) if (dst->len != src->len)
return SECFailure; return SECFailure;
for (int i=0; i<src->len; i++) { for (int i = 0; i < src->len; i++) {
if (mp_copy(&src->data[i], &dst->data[i]) != MP_OKAY) { if (mp_copy(&src->data[i], &dst->data[i]) != MP_OKAY) {
return SECFailure; return SECFailure;
} }
@ -136,10 +138,9 @@ MPArray_copy (MPArray dst, const_MPArray src)
return SECSuccess; return SECSuccess;
} }
SECStatus SECStatus
MPArray_set_share (MPArray arrA, MPArray arrB, MPArray_set_share(MPArray arrA, MPArray arrB, const_MPArray src,
const_MPArray src, const_PrioConfig cfg) const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
if (arrA->len != src->len || arrB->len != src->len) if (arrA->len != src->len || arrB->len != src->len)
@ -147,48 +148,49 @@ MPArray_set_share (MPArray arrA, MPArray arrB,
const int len = src->len; const int len = src->len;
for (int i=0; i < len; i++) { for (int i = 0; i < len; i++) {
P_CHECK(share_int (cfg, &src->data[i], &arrA->data[i], &arrB->data[i])); P_CHECK(share_int(cfg, &src->data[i], &arrA->data[i], &arrB->data[i]));
} }
return rv; return rv;
} }
void void
MPArray_clear (MPArray arr) MPArray_clear(MPArray arr)
{ {
if (arr == NULL) return; if (arr == NULL)
return;
if (arr->data != NULL) { if (arr->data != NULL) {
for (int i=0; i<arr->len; i++) { for (int i = 0; i < arr->len; i++) {
mp_clear(&arr->data[i]); mp_clear(&arr->data[i]);
} }
free (arr->data); free(arr->data);
} }
free (arr); free(arr);
} }
SECStatus SECStatus
MPArray_addmod (MPArray dst, const_MPArray to_add, const mp_int *mod) MPArray_addmod(MPArray dst, const_MPArray to_add, const mp_int* mod)
{ {
if (dst->len != to_add->len) if (dst->len != to_add->len)
return SECFailure; return SECFailure;
for (int i=0; i<dst->len; i++) { for (int i = 0; i < dst->len; i++) {
MP_CHECK (mp_addmod (&dst->data[i], &to_add->data[i], mod, &dst->data[i])); MP_CHECK(mp_addmod(&dst->data[i], &to_add->data[i], mod, &dst->data[i]));
} }
return SECSuccess; return SECSuccess;
} }
bool bool
MPArray_areEqual (const_MPArray arr1, const_MPArray arr2) MPArray_areEqual(const_MPArray arr1, const_MPArray arr2)
{ {
if (arr1->len != arr2->len) return false; if (arr1->len != arr2->len)
return false;
for (int i=0; i<arr1->len; i++) { for (int i = 0; i < arr1->len; i++) {
if (mp_cmp (&arr1->data[i], &arr2->data[i])) if (mp_cmp(&arr1->data[i], &arr2->data[i]))
return false; return false;
} }

31
third_party/prio/prio/mparray.h поставляемый
Просмотреть файл

@ -12,60 +12,59 @@
#include <mpi.h> #include <mpi.h>
#include <mprio.h> #include <mprio.h>
struct mparray { struct mparray
{
int len; int len;
mp_int *data; mp_int* data;
}; };
typedef struct mparray *MPArray; typedef struct mparray* MPArray;
typedef const struct mparray *const_MPArray; typedef const struct mparray* const_MPArray;
/* /*
* Initialize an array of `mp_int`s of the given length. * Initialize an array of `mp_int`s of the given length.
*/ */
MPArray MPArray_new (int len); MPArray MPArray_new(int len);
void MPArray_clear (MPArray arr); void MPArray_clear(MPArray arr);
/* /*
* Copies secret sharing of data from src into arrays * Copies secret sharing of data from src into arrays
* arrA and arrB. The lengths of the three input arrays * arrA and arrB. The lengths of the three input arrays
* must be identical. * must be identical.
*/ */
SECStatus MPArray_set_share (MPArray arrA, MPArray arrB, SECStatus MPArray_set_share(MPArray arrA, MPArray arrB, const_MPArray src,
const_MPArray src, const_PrioConfig cfg); const_PrioConfig cfg);
/* /*
* Initializes array with 0/1 values specified in boolean array `data_in` * Initializes array with 0/1 values specified in boolean array `data_in`
*/ */
MPArray MPArray_new_bool (int len, const bool *data_in); MPArray MPArray_new_bool(int len, const bool* data_in);
/* /*
* Expands or shrinks the MPArray to the desired size. If shrinking, * Expands or shrinks the MPArray to the desired size. If shrinking,
* will clear the values on the end of array. * will clear the values on the end of array.
*/ */
SECStatus MPArray_resize (MPArray arr, int newlen); SECStatus MPArray_resize(MPArray arr, int newlen);
/* /*
* Initializes dst and creates a duplicate of the array in src. * Initializes dst and creates a duplicate of the array in src.
*/ */
MPArray MPArray_dup (const_MPArray src); MPArray MPArray_dup(const_MPArray src);
/* /*
* Copies array from src to dst. Arrays must have the same length. * Copies array from src to dst. Arrays must have the same length.
*/ */
SECStatus MPArray_copy (MPArray dst, const_MPArray src); SECStatus MPArray_copy(MPArray dst, const_MPArray src);
/* For each index i into the array, set: /* For each index i into the array, set:
* dst[i] = dst[i] + to_add[i] (modulo mod) * dst[i] = dst[i] + to_add[i] (modulo mod)
*/ */
SECStatus MPArray_addmod (MPArray dst, const_MPArray to_add, SECStatus MPArray_addmod(MPArray dst, const_MPArray to_add, const mp_int* mod);
const mp_int *mod);
/* /*
* Return true iff the two arrays are equal in length * Return true iff the two arrays are equal in length
* and contents. This comparison is NOT constant time. * and contents. This comparison is NOT constant time.
*/ */
bool MPArray_areEqual (const_MPArray arr1, const_MPArray arr2); bool MPArray_areEqual(const_MPArray arr1, const_MPArray arr2);
#endif /* __MPARRAY_H__ */ #endif /* __MPARRAY_H__ */

16391
third_party/prio/prio/params.h поставляемый
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

116
third_party/prio/prio/poly.c поставляемый
Просмотреть файл

@ -23,79 +23,79 @@
* They present this algorithm as Algorithm 8.14. * They present this algorithm as Algorithm 8.14.
*/ */
static SECStatus static SECStatus
fft_recurse (mp_int *out, const mp_int *mod, int n, fft_recurse(mp_int* out, const mp_int* mod, int n, const mp_int* roots,
const mp_int *roots, const mp_int *ys, const mp_int* ys, mp_int* tmp, mp_int* ySub, mp_int* rootsSub)
mp_int *tmp, mp_int *ySub, mp_int *rootsSub)
{ {
if (n == 1) { if (n == 1) {
MP_CHECK (mp_copy (&ys[0], &out[0])); MP_CHECK(mp_copy(&ys[0], &out[0]));
return SECSuccess; return SECSuccess;
} }
// Recurse on the first half // Recurse on the first half
for (int i=0; i<n/2; i++) { for (int i = 0; i < n / 2; i++) {
MP_CHECK (mp_addmod (&ys[i], &ys[i+(n/2)], mod, &ySub[i])); MP_CHECK(mp_addmod(&ys[i], &ys[i + (n / 2)], mod, &ySub[i]));
MP_CHECK (mp_copy (&roots[2*i], &rootsSub[i])); MP_CHECK(mp_copy(&roots[2 * i], &rootsSub[i]));
} }
MP_CHECK (fft_recurse (tmp, mod, n/2, rootsSub, ySub, &tmp[n/2], &ySub[n/2], &rootsSub[n/2])); MP_CHECK(fft_recurse(tmp, mod, n / 2, rootsSub, ySub, &tmp[n / 2],
for (int i=0; i<n/2; i++) { &ySub[n / 2], &rootsSub[n / 2]));
MP_CHECK (mp_copy (&tmp[i], &out[2*i])); for (int i = 0; i < n / 2; i++) {
MP_CHECK(mp_copy(&tmp[i], &out[2 * i]));
} }
// Recurse on the second half // Recurse on the second half
for (int i=0; i<n/2; i++) { for (int i = 0; i < n / 2; i++) {
MP_CHECK (mp_submod (&ys[i], &ys[i+(n/2)], mod, &ySub[i])); MP_CHECK(mp_submod(&ys[i], &ys[i + (n / 2)], mod, &ySub[i]));
MP_CHECK (mp_mulmod (&ySub[i], &roots[i], mod, &ySub[i])); MP_CHECK(mp_mulmod(&ySub[i], &roots[i], mod, &ySub[i]));
} }
MP_CHECK (fft_recurse (tmp, mod, n/2, rootsSub, ySub, &tmp[n/2], &ySub[n/2], &rootsSub[n/2])); MP_CHECK(fft_recurse(tmp, mod, n / 2, rootsSub, ySub, &tmp[n / 2],
for (int i=0; i<n/2; i++) { &ySub[n / 2], &rootsSub[n / 2]));
MP_CHECK (mp_copy (&tmp[i], &out[2*i + 1])); for (int i = 0; i < n / 2; i++) {
MP_CHECK(mp_copy(&tmp[i], &out[2 * i + 1]));
} }
return SECSuccess; return SECSuccess;
} }
static SECStatus static SECStatus
fft_interpolate_raw (mp_int *out, fft_interpolate_raw(mp_int* out, const mp_int* ys, int nPoints,
const mp_int *ys, int nPoints, const mp_int *roots, const mp_int* roots, const mp_int* mod, bool invert)
const mp_int *mod, bool invert)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
mp_int tmp[nPoints]; mp_int tmp[nPoints];
mp_int ySub[nPoints]; mp_int ySub[nPoints];
mp_int rootsSub[nPoints]; mp_int rootsSub[nPoints];
for (int i=0; i<nPoints;i++) { for (int i = 0; i < nPoints; i++) {
MP_DIGITS (&tmp[i]) = NULL; MP_DIGITS(&tmp[i]) = NULL;
MP_DIGITS (&ySub[i]) = NULL; MP_DIGITS(&ySub[i]) = NULL;
MP_DIGITS (&rootsSub[i]) = NULL; MP_DIGITS(&rootsSub[i]) = NULL;
} }
mp_int n_inverse; mp_int n_inverse;
MP_DIGITS (&n_inverse) = NULL; MP_DIGITS(&n_inverse) = NULL;
for (int i=0; i<nPoints;i++) { for (int i = 0; i < nPoints; i++) {
MP_CHECKC (mp_init (&tmp[i])); MP_CHECKC(mp_init(&tmp[i]));
MP_CHECKC (mp_init (&ySub[i])); MP_CHECKC(mp_init(&ySub[i]));
MP_CHECKC (mp_init (&rootsSub[i])); MP_CHECKC(mp_init(&rootsSub[i]));
} }
MP_CHECK (fft_recurse(out, mod, nPoints, roots, ys, tmp, ySub, rootsSub)); MP_CHECK(fft_recurse(out, mod, nPoints, roots, ys, tmp, ySub, rootsSub));
if (invert) { if (invert) {
MP_CHECKC (mp_init (&n_inverse)); MP_CHECKC(mp_init(&n_inverse));
mp_set (&n_inverse, nPoints); mp_set(&n_inverse, nPoints);
MP_CHECKC (mp_invmod (&n_inverse, mod, &n_inverse)); MP_CHECKC(mp_invmod(&n_inverse, mod, &n_inverse));
for (int i=0; i<nPoints;i++) { for (int i = 0; i < nPoints; i++) {
MP_CHECKC (mp_mulmod(&out[i], &n_inverse, mod, &out[i])); MP_CHECKC(mp_mulmod(&out[i], &n_inverse, mod, &out[i]));
} }
} }
cleanup: cleanup:
mp_clear (&n_inverse); mp_clear(&n_inverse);
for (int i=0; i<nPoints;i++) { for (int i = 0; i < nPoints; i++) {
mp_clear(&tmp[i]); mp_clear(&tmp[i]);
mp_clear(&ySub[i]); mp_clear(&ySub[i]);
mp_clear(&rootsSub[i]); mp_clear(&rootsSub[i]);
@ -111,14 +111,15 @@ cleanup:
* of the n-th roots of unity. * of the n-th roots of unity.
*/ */
SECStatus SECStatus
poly_fft_get_roots (mp_int *roots_out, int n_points, const_PrioConfig cfg, bool invert) poly_fft_get_roots(mp_int* roots_out, int n_points, const_PrioConfig cfg,
bool invert)
{ {
if (n_points > cfg->n_roots) if (n_points > cfg->n_roots)
return SECFailure; return SECFailure;
const mp_int *roots_in = invert ? cfg->rootsInv->data : cfg->roots->data; const mp_int* roots_in = invert ? cfg->rootsInv->data : cfg->roots->data;
const int step_size = cfg->n_roots / n_points; const int step_size = cfg->n_roots / n_points;
for (int i=0; i < n_points; i++) { for (int i = 0; i < n_points; i++) {
roots_out[i] = roots_in[i * step_size]; roots_out[i] = roots_in[i * step_size];
} }
@ -126,8 +127,8 @@ poly_fft_get_roots (mp_int *roots_out, int n_points, const_PrioConfig cfg, bool
} }
SECStatus SECStatus
poly_fft (MPArray points_out, const_MPArray points_in, poly_fft(MPArray points_out, const_MPArray points_in, const_PrioConfig cfg,
const_PrioConfig cfg, bool invert) bool invert)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
const int n_points = points_in->len; const int n_points = points_in->len;
@ -139,50 +140,49 @@ poly_fft (MPArray points_out, const_MPArray points_in,
return SECFailure; return SECFailure;
mp_int scaled_roots[n_points]; mp_int scaled_roots[n_points];
P_CHECK (poly_fft_get_roots (scaled_roots, n_points, cfg, invert)); P_CHECK(poly_fft_get_roots(scaled_roots, n_points, cfg, invert));
MP_CHECK (fft_interpolate_raw (points_out->data, points_in->data, n_points, MP_CHECK(fft_interpolate_raw(points_out->data, points_in->data, n_points,
scaled_roots, &cfg->modulus, invert)); scaled_roots, &cfg->modulus, invert));
return SECSuccess; return SECSuccess;
} }
SECStatus SECStatus
poly_eval (mp_int *value, const_MPArray coeffs, const mp_int *eval_at, poly_eval(mp_int* value, const_MPArray coeffs, const mp_int* eval_at,
const_PrioConfig cfg) const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
const int n = coeffs->len; const int n = coeffs->len;
// Use Horner's method to evaluate the polynomial at the point // Use Horner's method to evaluate the polynomial at the point
// `eval_at` // `eval_at`
mp_copy (&coeffs->data[n-1], value); mp_copy(&coeffs->data[n - 1], value);
for (int i=n-2; i >= 0; i--) { for (int i = n - 2; i >= 0; i--) {
MP_CHECK (mp_mulmod (value, eval_at, &cfg->modulus, value)); MP_CHECK(mp_mulmod(value, eval_at, &cfg->modulus, value));
MP_CHECK (mp_addmod (value, &coeffs->data[i], &cfg->modulus, value)); MP_CHECK(mp_addmod(value, &coeffs->data[i], &cfg->modulus, value));
} }
return rv; return rv;
} }
SECStatus SECStatus
poly_interp_evaluate (mp_int *value, const_MPArray poly_points, poly_interp_evaluate(mp_int* value, const_MPArray poly_points,
const mp_int *eval_at, const_PrioConfig cfg) const mp_int* eval_at, const_PrioConfig cfg)
{ {
SECStatus rv; SECStatus rv;
MPArray coeffs = NULL; MPArray coeffs = NULL;
const int N = poly_points->len; const int N = poly_points->len;
mp_int roots[N]; mp_int roots[N];
P_CHECKA (coeffs = MPArray_new (N)); P_CHECKA(coeffs = MPArray_new(N));
P_CHECKC (poly_fft_get_roots (roots, N, cfg, false)); P_CHECKC(poly_fft_get_roots(roots, N, cfg, false));
// Interpolate polynomial through roots of unity // Interpolate polynomial through roots of unity
P_CHECKC (poly_fft (coeffs, poly_points, cfg, true)) P_CHECKC(poly_fft(coeffs, poly_points, cfg, true))
P_CHECKC (poly_eval (value, coeffs, eval_at, cfg)); P_CHECKC(poly_eval(value, coeffs, eval_at, cfg));
cleanup: cleanup:
MPArray_clear (coeffs); MPArray_clear(coeffs);
return rv; return rv;
} }

17
third_party/prio/prio/poly.h поставляемый
Просмотреть файл

@ -22,7 +22,7 @@
* roots in the PrioConfig object passed in. * roots in the PrioConfig object passed in.
*/ */
SECStatus poly_fft(MPArray points_out, const_MPArray points_in, SECStatus poly_fft(MPArray points_out, const_MPArray points_in,
const_PrioConfig cfg, bool invert); const_PrioConfig cfg, bool invert);
/* /*
* Get an array * Get an array
@ -33,18 +33,15 @@ SECStatus poly_fft(MPArray points_out, const_MPArray points_in,
* Do NOT mp_clear() the mp_ints stored in roots_out. * Do NOT mp_clear() the mp_ints stored in roots_out.
* These are owned by the PrioConfig object. * These are owned by the PrioConfig object.
*/ */
SECStatus poly_fft_get_roots (mp_int *roots_out, int n_points, SECStatus poly_fft_get_roots(mp_int* roots_out, int n_points,
const_PrioConfig cfg, bool invert); const_PrioConfig cfg, bool invert);
/* /*
* Evaluate the polynomial specified by the coefficients * Evaluate the polynomial specified by the coefficients
* at the point `eval_at` and return the result as `value`. * at the point `eval_at` and return the result as `value`.
*/ */
SECStatus poly_eval (mp_int *value, const_MPArray coeffs, SECStatus poly_eval(mp_int* value, const_MPArray coeffs, const mp_int* eval_at,
const mp_int *eval_at, const_PrioConfig cfg); const_PrioConfig cfg);
/* /*
* Interpolate the polynomial through the points * Interpolate the polynomial through the points
@ -53,7 +50,7 @@ SECStatus poly_eval (mp_int *value, const_MPArray coeffs,
* specified by `poly_points`. Evaluate the resulting polynomial * specified by `poly_points`. Evaluate the resulting polynomial
* at the point `eval_at`. Return the result as `value`. * at the point `eval_at`. Return the result as `value`.
*/ */
SECStatus poly_interp_evaluate (mp_int *value, const_MPArray poly_points, SECStatus poly_interp_evaluate(mp_int* value, const_MPArray poly_points,
const mp_int *eval_at, const_PrioConfig cfg); const mp_int* eval_at, const_PrioConfig cfg);
#endif #endif

101
third_party/prio/prio/prg.c поставляемый
Просмотреть файл

@ -6,9 +6,9 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
#include <blapit.h>
#include <mprio.h> #include <mprio.h>
#include <nss/blapit.h> #include <pk11pub.h>
#include <nss/pk11pub.h>
#include <string.h> #include <string.h>
#include "prg.h" #include "prg.h"
@ -16,23 +16,25 @@
#include "share.h" #include "share.h"
#include "util.h" #include "util.h"
struct prg { struct prg
PK11SlotInfo *slot; {
PK11SymKey *key; PK11SlotInfo* slot;
PK11Context *ctx; PK11SymKey* key;
PK11Context* ctx;
}; };
SECStatus SECStatus
PrioPRGSeed_randomize (PrioPRGSeed *key) PrioPRGSeed_randomize(PrioPRGSeed* key)
{ {
return rand_bytes ((unsigned char *)key, PRG_SEED_LENGTH); return rand_bytes((unsigned char*)key, PRG_SEED_LENGTH);
} }
PRG PRG
PRG_new (const PrioPRGSeed key_in) PRG_new(const PrioPRGSeed key_in)
{ {
PRG prg = malloc (sizeof (struct prg)); PRG prg = malloc(sizeof(struct prg));
if (!prg) return NULL; if (!prg)
return NULL;
prg->slot = NULL; prg->slot = NULL;
prg->key = NULL; prg->key = NULL;
prg->ctx = NULL; prg->ctx = NULL;
@ -40,106 +42,104 @@ PRG_new (const PrioPRGSeed key_in)
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
const CK_MECHANISM_TYPE cipher = CKM_AES_CTR; const CK_MECHANISM_TYPE cipher = CKM_AES_CTR;
P_CHECKA (prg->slot = PK11_GetInternalSlot ()); P_CHECKA(prg->slot = PK11_GetInternalSlot());
// Create a mutable copy of the key. // Create a mutable copy of the key.
PrioPRGSeed key_mut; PrioPRGSeed key_mut;
memcpy (key_mut, key_in, PRG_SEED_LENGTH); memcpy(key_mut, key_in, PRG_SEED_LENGTH);
SECItem keyItem = {siBuffer, key_mut, PRG_SEED_LENGTH}; SECItem keyItem = { siBuffer, key_mut, PRG_SEED_LENGTH };
// The IV can be all zeros since we only encrypt once with // The IV can be all zeros since we only encrypt once with
// each AES key. // each AES key.
CK_AES_CTR_PARAMS param = {128, {}}; CK_AES_CTR_PARAMS param = { 128, {} };
SECItem paramItem = {siBuffer, (void *)&param, sizeof(CK_AES_CTR_PARAMS)}; SECItem paramItem = { siBuffer, (void*)&param, sizeof(CK_AES_CTR_PARAMS) };
P_CHECKA (prg->key = PK11_ImportSymKey (prg->slot, cipher, PK11_OriginUnwrap, P_CHECKA(prg->key = PK11_ImportSymKey(prg->slot, cipher, PK11_OriginUnwrap,
CKA_ENCRYPT, &keyItem, NULL)); CKA_ENCRYPT, &keyItem, NULL));
P_CHECKA (prg->ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, P_CHECKA(prg->ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, prg->key,
prg->key, &paramItem)); &paramItem));
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
PRG_clear (prg); PRG_clear(prg);
prg = NULL; prg = NULL;
} }
return prg; return prg;
} }
void void
PRG_clear (PRG prg) PRG_clear(PRG prg)
{ {
if (!prg) return; if (!prg)
return;
if (prg->key) if (prg->key)
PK11_FreeSymKey (prg->key); PK11_FreeSymKey(prg->key);
if (prg->slot) if (prg->slot)
PK11_FreeSlot (prg->slot); PK11_FreeSlot(prg->slot);
if (prg->ctx) if (prg->ctx)
PK11_DestroyContext (prg->ctx, PR_TRUE); PK11_DestroyContext(prg->ctx, PR_TRUE);
free (prg); free(prg);
} }
static SECStatus static SECStatus
PRG_get_bytes_internal (void *prg_vp, unsigned char *bytes, size_t len) PRG_get_bytes_internal(void* prg_vp, unsigned char* bytes, size_t len)
{ {
PRG prg = (PRG)prg_vp; PRG prg = (PRG)prg_vp;
unsigned char in[len]; unsigned char in[len];
memset (in, 0, len); memset(in, 0, len);
int outlen; int outlen;
SECStatus rv = PK11_CipherOp (prg->ctx, bytes, &outlen, len, in, len); SECStatus rv = PK11_CipherOp(prg->ctx, bytes, &outlen, len, in, len);
return (rv != SECSuccess || (size_t)outlen != len) ? SECFailure: SECSuccess; return (rv != SECSuccess || (size_t)outlen != len) ? SECFailure : SECSuccess;
} }
SECStatus SECStatus
PRG_get_bytes (PRG prg, unsigned char *bytes, size_t len) PRG_get_bytes(PRG prg, unsigned char* bytes, size_t len)
{ {
return PRG_get_bytes_internal ((void *)prg, bytes, len); return PRG_get_bytes_internal((void*)prg, bytes, len);
} }
SECStatus SECStatus
PRG_get_int (PRG prg, mp_int *out, const mp_int *max) PRG_get_int(PRG prg, mp_int* out, const mp_int* max)
{ {
return rand_int_rng (out, max, &PRG_get_bytes_internal, (void *)prg); return rand_int_rng(out, max, &PRG_get_bytes_internal, (void*)prg);
} }
SECStatus SECStatus
PRG_get_array (PRG prg, MPArray dst, const mp_int *mod) PRG_get_array(PRG prg, MPArray dst, const mp_int* mod)
{ {
SECStatus rv; SECStatus rv;
for (int i=0; i<dst->len; i++) { for (int i = 0; i < dst->len; i++) {
P_CHECK (PRG_get_int (prg, &dst->data[i], mod)); P_CHECK(PRG_get_int(prg, &dst->data[i], mod));
} }
return SECSuccess; return SECSuccess;
} }
SECStatus SECStatus
PRG_share_int (PRG prgB, mp_int *shareA, const mp_int *src, const_PrioConfig cfg) PRG_share_int(PRG prgB, mp_int* shareA, const mp_int* src, const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
mp_int tmp; mp_int tmp;
MP_DIGITS (&tmp) = NULL; MP_DIGITS(&tmp) = NULL;
MP_CHECKC (mp_init (&tmp)); MP_CHECKC(mp_init(&tmp));
P_CHECKC (PRG_get_int (prgB, &tmp, &cfg->modulus)); P_CHECKC(PRG_get_int(prgB, &tmp, &cfg->modulus));
MP_CHECKC (mp_submod (src, &tmp, &cfg->modulus, shareA)); MP_CHECKC(mp_submod(src, &tmp, &cfg->modulus, shareA));
cleanup: cleanup:
mp_clear (&tmp); mp_clear(&tmp);
return rv; return rv;
} }
SECStatus SECStatus
PRG_share_array (PRG prgB, MPArray arrA, PRG_share_array(PRG prgB, MPArray arrA, const_MPArray src, const_PrioConfig cfg)
const_MPArray src, const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
if (arrA->len != src->len) if (arrA->len != src->len)
@ -147,10 +147,9 @@ PRG_share_array (PRG prgB, MPArray arrA,
const int len = src->len; const int len = src->len;
for (int i=0; i < len; i++) { for (int i = 0; i < len; i++) {
P_CHECK(PRG_share_int (prgB, &arrA->data[i], &src->data[i], cfg)); P_CHECK(PRG_share_int(prgB, &arrA->data[i], &src->data[i], cfg));
} }
return rv; return rv;
} }

26
third_party/prio/prio/prg.h поставляемый
Просмотреть файл

@ -9,54 +9,52 @@
#ifndef __PRG_H__ #ifndef __PRG_H__
#define __PRG_H__ #define __PRG_H__
#include <blapit.h>
#include <mpi.h> #include <mpi.h>
#include <nss/blapit.h>
#include <stdlib.h> #include <stdlib.h>
#include "config.h" #include "config.h"
typedef struct prg *PRG; typedef struct prg* PRG;
typedef const struct prg *const_PRG; typedef const struct prg* const_PRG;
/* /*
* Initialize or destroy a pseudo-random generator. * Initialize or destroy a pseudo-random generator.
*/ */
PRG PRG_new (const PrioPRGSeed key); PRG PRG_new(const PrioPRGSeed key);
void PRG_clear (PRG prg); void PRG_clear(PRG prg);
/* /*
* Produce the next bytes of output from the PRG. * Produce the next bytes of output from the PRG.
*/ */
SECStatus PRG_get_bytes (PRG prg, unsigned char *bytes, size_t len); SECStatus PRG_get_bytes(PRG prg, unsigned char* bytes, size_t len);
/* /*
* Use the PRG output to sample a big integer x in the range * Use the PRG output to sample a big integer x in the range
* 0 <= x < max. * 0 <= x < max.
*/ */
SECStatus PRG_get_int (PRG prg, mp_int *out, const mp_int *max); SECStatus PRG_get_int(PRG prg, mp_int* out, const mp_int* max);
/* /*
* Use secret sharing to split the int src into two shares. * Use secret sharing to split the int src into two shares.
* Use PRG to generate the value `shareB`. * Use PRG to generate the value `shareB`.
* The mp_ints must be initialized. * The mp_ints must be initialized.
*/ */
SECStatus PRG_share_int (PRG prg, mp_int *shareA, const mp_int *src, SECStatus PRG_share_int(PRG prg, mp_int* shareA, const mp_int* src,
const_PrioConfig cfg); const_PrioConfig cfg);
/* /*
* Set each item in the array to a pseudorandom value in the range * Set each item in the array to a pseudorandom value in the range
* [0, mod), where the values are generated using the PRG. * [0, mod), where the values are generated using the PRG.
*/ */
SECStatus PRG_get_array (PRG prg, MPArray arr, const mp_int *mod); SECStatus PRG_get_array(PRG prg, MPArray arr, const mp_int* mod);
/* /*
* Secret shares the array in `src` into `arrA` using randomness * Secret shares the array in `src` into `arrA` using randomness
* provided by `prgB`. The arrays `src` and `arrA` must be the same * provided by `prgB`. The arrays `src` and `arrA` must be the same
* length. * length.
*/ */
SECStatus PRG_share_array (PRG prgB, MPArray arrA, SECStatus PRG_share_array(PRG prgB, MPArray arrA, const_MPArray src,
const_MPArray src, const_PrioConfig cfg); const_PrioConfig cfg);
#endif /* __PRG_H__ */ #endif /* __PRG_H__ */

75
third_party/prio/prio/rand.c поставляемый
Просмотреть файл

@ -8,9 +8,9 @@
#include <limits.h> #include <limits.h>
#include <mprio.h> #include <mprio.h>
#include <nss/nss.h> #include <nss.h>
#include <nss/pk11pub.h> #include <pk11pub.h>
#include <nspr/prinit.h> #include <prinit.h>
#include "debug.h" #include "debug.h"
#include "rand.h" #include "rand.h"
@ -18,44 +18,41 @@
#define CHUNK_SIZE 8192 #define CHUNK_SIZE 8192
static NSSInitContext *prioGlobalContext = NULL; static NSSInitContext* prioGlobalContext = NULL;
SECStatus SECStatus
rand_init (void) rand_init(void)
{ {
if (prioGlobalContext) if (prioGlobalContext)
return SECSuccess; return SECSuccess;
prioGlobalContext = NSS_InitContext ("", "", "", "", NULL, prioGlobalContext =
NSS_INIT_READONLY | NSS_InitContext("", "", "", "", NULL,
NSS_INIT_NOCERTDB | NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
NSS_INIT_FORCEOPEN |
NSS_INIT_NOROOTINIT);
return (prioGlobalContext != NULL) ? SECSuccess : SECFailure; return (prioGlobalContext != NULL) ? SECSuccess : SECFailure;
} }
static SECStatus static SECStatus
rand_bytes_internal (void *user_data, unsigned char *out, size_t n_bytes) rand_bytes_internal(void* user_data, unsigned char* out, size_t n_bytes)
{ {
// No pointer should ever be passed in. // No pointer should ever be passed in.
if (user_data != NULL) if (user_data != NULL)
return SECFailure; return SECFailure;
if (!NSS_IsInitialized ()) { if (!NSS_IsInitialized()) {
PRIO_DEBUG ("NSS not initialized. Call rand_init() first."); PRIO_DEBUG("NSS not initialized. Call rand_init() first.");
return SECFailure; return SECFailure;
} }
SECStatus rv = SECFailure; SECStatus rv = SECFailure;
int to_go = n_bytes; int to_go = n_bytes;
unsigned char *cp = out; unsigned char* cp = out;
while (to_go) { while (to_go) {
int to_gen = MIN (CHUNK_SIZE, to_go); int to_gen = MIN(CHUNK_SIZE, to_go);
if ((rv = PK11_GenerateRandom (cp, to_gen)) != SECSuccess) if ((rv = PK11_GenerateRandom(cp, to_gen)) != SECSuccess) {
{ PRIO_DEBUG("Error calling PK11_GenerateRandom");
PRIO_DEBUG ("Error calling PK11_GenerateRandom");
return SECFailure; return SECFailure;
} }
@ -67,66 +64,66 @@ rand_bytes_internal (void *user_data, unsigned char *out, size_t n_bytes)
} }
SECStatus SECStatus
rand_bytes (unsigned char *out, size_t n_bytes) rand_bytes(unsigned char* out, size_t n_bytes)
{ {
return rand_bytes_internal (NULL, out, n_bytes); return rand_bytes_internal(NULL, out, n_bytes);
} }
SECStatus SECStatus
rand_int (mp_int *out, const mp_int *max) rand_int(mp_int* out, const mp_int* max)
{ {
return rand_int_rng (out, max, &rand_bytes_internal, NULL); return rand_int_rng(out, max, &rand_bytes_internal, NULL);
} }
SECStatus SECStatus
rand_int_rng (mp_int *out, const mp_int *max, rand_int_rng(mp_int* out, const mp_int* max, RandBytesFunc rng_func,
RandBytesFunc rng_func, void *user_data) void* user_data)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
// Ensure max value is > 0 // Ensure max value is > 0
if (mp_cmp_z (max) == 0) if (mp_cmp_z(max) == 0)
return SECFailure; return SECFailure;
// Compute max-1, which tells us the largest // Compute max-1, which tells us the largest
// value we will ever need to generate. // value we will ever need to generate.
MP_CHECK (mp_sub_d (max, 1, out)); MP_CHECK(mp_sub_d(max, 1, out));
const int nbytes = mp_unsigned_octet_size (out); const int nbytes = mp_unsigned_octet_size(out);
// Figure out how many MSBs we need to get in the // Figure out how many MSBs we need to get in the
// most-significant byte. // most-significant byte.
unsigned char max_bytes[nbytes]; unsigned char max_bytes[nbytes];
MP_CHECK (mp_to_fixlen_octets (out, max_bytes, nbytes)); MP_CHECK(mp_to_fixlen_octets(out, max_bytes, nbytes));
const unsigned char mask = msb_mask (max_bytes[0]); const unsigned char mask = msb_mask(max_bytes[0]);
// Buffer to store the pseudo-random bytes // Buffer to store the pseudo-random bytes
unsigned char buf[nbytes]; unsigned char buf[nbytes];
do { do {
// Use rejection sampling to find a value strictly less than max. // Use rejection sampling to find a value strictly less than max.
P_CHECK (rng_func (user_data, buf, nbytes)); P_CHECK(rng_func(user_data, buf, nbytes));
// Mask off high-order bits that we will never need. // Mask off high-order bits that we will never need.
P_CHECK (rng_func (user_data, &buf[0], 1)); P_CHECK(rng_func(user_data, &buf[0], 1));
if (mask) buf[0] &= mask; if (mask)
buf[0] &= mask;
MP_CHECK (mp_read_unsigned_octets (out, buf, nbytes)); MP_CHECK(mp_read_unsigned_octets(out, buf, nbytes));
} while (mp_cmp (out, max) != -1); } while (mp_cmp(out, max) != -1);
return 0; return 0;
} }
void void
rand_clear (void) rand_clear(void)
{ {
if (prioGlobalContext) { if (prioGlobalContext) {
NSS_ShutdownContext (prioGlobalContext); NSS_ShutdownContext(prioGlobalContext);
#ifdef DO_PR_CLEANUP #ifdef DO_PR_CLEANUP
PR_Cleanup (); PR_Cleanup();
#endif #endif
} }
prioGlobalContext = NULL; prioGlobalContext = NULL;
} }

18
third_party/prio/prio/rand.h поставляемый
Просмотреть файл

@ -10,34 +10,35 @@
#define __RAND_H__ #define __RAND_H__
#include <mpi.h> #include <mpi.h>
#include <nss/seccomon.h> #include <seccomon.h>
#include <stdlib.h> #include <stdlib.h>
/* /*
* Typedef for function pointer. A function pointer of type RandBytesFunc * Typedef for function pointer. A function pointer of type RandBytesFunc
* points to a function that fills the buffer `out` of with `len` random bytes. * points to a function that fills the buffer `out` of with `len` random bytes.
*/ */
typedef SECStatus (*RandBytesFunc) (void *user_data, unsigned char *out, size_t len); typedef SECStatus (*RandBytesFunc)(void* user_data, unsigned char* out,
size_t len);
/* /*
* Initialize or cleanup the global random number generator * Initialize or cleanup the global random number generator
* state that NSS uses. * state that NSS uses.
*/ */
SECStatus rand_init (void); SECStatus rand_init(void);
void rand_clear (void); void rand_clear(void);
/* /*
* Generate the specified number of random bytes using the * Generate the specified number of random bytes using the
* NSS random number generator. * NSS random number generator.
*/ */
SECStatus rand_bytes (unsigned char *out, size_t n_bytes); SECStatus rand_bytes(unsigned char* out, size_t n_bytes);
/* /*
* Generate a random number x such that * Generate a random number x such that
* 0 <= x < max * 0 <= x < max
* using the NSS random number generator. * using the NSS random number generator.
*/ */
SECStatus rand_int (mp_int *out, const mp_int *max); SECStatus rand_int(mp_int* out, const mp_int* max);
/* /*
* Generate a random number x such that * Generate a random number x such that
@ -47,8 +48,7 @@ SECStatus rand_int (mp_int *out, const mp_int *max);
* The pointer user_data is passed to RandBytesFung `rng` as a first * The pointer user_data is passed to RandBytesFung `rng` as a first
* argument. * argument.
*/ */
SECStatus rand_int_rng (mp_int *out, const mp_int *max, SECStatus rand_int_rng(mp_int* out, const mp_int* max, RandBytesFunc rng,
RandBytesFunc rng, void *user_data); void* user_data);
#endif /* __RAND_H__ */ #endif /* __RAND_H__ */

326
third_party/prio/prio/serial.c поставляемый
Просмотреть файл

@ -18,91 +18,91 @@
#define MSGPACK_OK 0 #define MSGPACK_OK 0
static SECStatus static SECStatus
serial_write_mp_int (msgpack_packer *pk, const mp_int *n) serial_write_mp_int(msgpack_packer* pk, const mp_int* n)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
unsigned int n_size = mp_unsigned_octet_size (n); unsigned int n_size = mp_unsigned_octet_size(n);
unsigned char data[n_size]; unsigned char data[n_size];
MP_CHECK (mp_to_fixlen_octets (n, data, n_size)); MP_CHECK(mp_to_fixlen_octets(n, data, n_size));
P_CHECK (msgpack_pack_str (pk, n_size)); P_CHECK(msgpack_pack_str(pk, n_size));
P_CHECK (msgpack_pack_str_body (pk, data, n_size)); P_CHECK(msgpack_pack_str_body(pk, data, n_size));
return rv; return rv;
} }
static SECStatus static SECStatus
object_to_mp_int (msgpack_object *obj, mp_int *n, const mp_int *max) object_to_mp_int(msgpack_object* obj, mp_int* n, const mp_int* max)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (obj != NULL); P_CHECKCB(obj != NULL);
P_CHECKCB (obj->type == MSGPACK_OBJECT_STR); P_CHECKCB(obj->type == MSGPACK_OBJECT_STR);
P_CHECKCB (n != NULL); P_CHECKCB(n != NULL);
msgpack_object_str s = obj->via.str; msgpack_object_str s = obj->via.str;
P_CHECKCB (s.ptr != NULL); P_CHECKCB(s.ptr != NULL);
MP_CHECKC (mp_read_unsigned_octets (n, (unsigned char *)s.ptr, s.size)); MP_CHECKC(mp_read_unsigned_octets(n, (unsigned char*)s.ptr, s.size));
P_CHECKCB (mp_cmp_z (n) >= 0); P_CHECKCB(mp_cmp_z(n) >= 0);
P_CHECKCB (mp_cmp (n, max) < 0); P_CHECKCB(mp_cmp(n, max) < 0);
cleanup: cleanup:
return rv; return rv;
} }
static SECStatus static SECStatus
serial_read_mp_int (msgpack_unpacker *upk, mp_int *n, const mp_int *max) serial_read_mp_int(msgpack_unpacker* upk, mp_int* n, const mp_int* max)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (n != NULL); P_CHECKCB(n != NULL);
P_CHECKCB (max != NULL); P_CHECKCB(max != NULL);
msgpack_unpacked res; msgpack_unpacked res;
msgpack_unpacked_init (&res); msgpack_unpacked_init(&res);
UP_CHECK (msgpack_unpacker_next (upk, &res)) UP_CHECK(msgpack_unpacker_next(upk, &res))
msgpack_object obj = res.data; msgpack_object obj = res.data;
P_CHECKC (object_to_mp_int (&obj, n, max)); P_CHECKC(object_to_mp_int(&obj, n, max));
cleanup: cleanup:
msgpack_unpacked_destroy (&res); msgpack_unpacked_destroy(&res);
return rv; return rv;
} }
static SECStatus static SECStatus
serial_read_int (msgpack_unpacker *upk, int *n) serial_read_int(msgpack_unpacker* upk, int* n)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (n != NULL); P_CHECKCB(n != NULL);
msgpack_unpacked res; msgpack_unpacked res;
msgpack_unpacked_init (&res); msgpack_unpacked_init(&res);
UP_CHECK (msgpack_unpacker_next (upk, &res)) UP_CHECK(msgpack_unpacker_next(upk, &res))
msgpack_object obj = res.data; msgpack_object obj = res.data;
P_CHECKCB (obj.type == MSGPACK_OBJECT_POSITIVE_INTEGER); P_CHECKCB(obj.type == MSGPACK_OBJECT_POSITIVE_INTEGER);
*n = obj.via.i64; *n = obj.via.i64;
cleanup: cleanup:
msgpack_unpacked_destroy (&res); msgpack_unpacked_destroy(&res);
return rv; return rv;
} }
static SECStatus static SECStatus
serial_write_mp_array (msgpack_packer *pk, const_MPArray arr) serial_write_mp_array(msgpack_packer* pk, const_MPArray arr)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (arr != NULL); P_CHECKCB(arr != NULL);
P_CHECK (msgpack_pack_array (pk, arr->len)); P_CHECK(msgpack_pack_array(pk, arr->len));
for (int i = 0; i < arr->len; i++) { for (int i = 0; i < arr->len; i++) {
P_CHECK (serial_write_mp_int (pk, &arr->data[i])); P_CHECK(serial_write_mp_int(pk, &arr->data[i]));
} }
cleanup: cleanup:
@ -110,184 +110,184 @@ cleanup:
} }
static SECStatus static SECStatus
serial_read_mp_array (msgpack_unpacker *upk, MPArray arr, size_t len, const mp_int serial_read_mp_array(msgpack_unpacker* upk, MPArray arr, size_t len,
*max) const mp_int* max)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (arr != NULL); P_CHECKCB(arr != NULL);
P_CHECKCB (max != NULL); P_CHECKCB(max != NULL);
msgpack_unpacked res; msgpack_unpacked res;
msgpack_unpacked_init (&res); msgpack_unpacked_init(&res);
UP_CHECK (msgpack_unpacker_next (upk, &res)) UP_CHECK(msgpack_unpacker_next(upk, &res))
msgpack_object obj = res.data; msgpack_object obj = res.data;
P_CHECKCB (obj.type == MSGPACK_OBJECT_ARRAY); P_CHECKCB(obj.type == MSGPACK_OBJECT_ARRAY);
msgpack_object_array objarr = obj.via.array; msgpack_object_array objarr = obj.via.array;
P_CHECKCB (objarr.size == len); P_CHECKCB(objarr.size == len);
P_CHECKC (MPArray_resize (arr, len)); P_CHECKC(MPArray_resize(arr, len));
for (unsigned int i=0; i<len; i++) { for (unsigned int i = 0; i < len; i++) {
P_CHECKC (object_to_mp_int (&objarr.ptr[i], &arr->data[i], max)); P_CHECKC(object_to_mp_int(&objarr.ptr[i], &arr->data[i], max));
} }
cleanup: cleanup:
msgpack_unpacked_destroy (&res); msgpack_unpacked_destroy(&res);
return rv; return rv;
} }
static SECStatus static SECStatus
serial_write_beaver_triple (msgpack_packer *pk, const_BeaverTriple t) serial_write_beaver_triple(msgpack_packer* pk, const_BeaverTriple t)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (t != NULL); P_CHECKCB(t != NULL);
P_CHECK (serial_write_mp_int (pk, &t->a)); P_CHECK(serial_write_mp_int(pk, &t->a));
P_CHECK (serial_write_mp_int (pk, &t->b)); P_CHECK(serial_write_mp_int(pk, &t->b));
P_CHECK (serial_write_mp_int (pk, &t->c)); P_CHECK(serial_write_mp_int(pk, &t->c));
cleanup: cleanup:
return rv; return rv;
} }
static SECStatus static SECStatus
serial_read_beaver_triple (msgpack_unpacker *pk, BeaverTriple t, const mp_int *max) serial_read_beaver_triple(msgpack_unpacker* pk, BeaverTriple t,
const mp_int* max)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (t != NULL); P_CHECKCB(t != NULL);
P_CHECKCB (max != NULL); P_CHECKCB(max != NULL);
P_CHECK (serial_read_mp_int (pk, &t->a, max)); P_CHECK(serial_read_mp_int(pk, &t->a, max));
P_CHECK (serial_read_mp_int (pk, &t->b, max)); P_CHECK(serial_read_mp_int(pk, &t->b, max));
P_CHECK (serial_read_mp_int (pk, &t->c, max)); P_CHECK(serial_read_mp_int(pk, &t->c, max));
cleanup: cleanup:
return rv; return rv;
} }
static SECStatus static SECStatus
serial_write_server_a_data (msgpack_packer *pk, const struct server_a_data *A) serial_write_server_a_data(msgpack_packer* pk, const struct server_a_data* A)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (A != NULL); P_CHECKCB(A != NULL);
P_CHECK (serial_write_mp_array (pk, A->data_shares)); P_CHECK(serial_write_mp_array(pk, A->data_shares));
P_CHECK (serial_write_mp_array (pk, A->h_points)); P_CHECK(serial_write_mp_array(pk, A->h_points));
cleanup: cleanup:
return rv; return rv;
} }
static SECStatus static SECStatus
serial_read_server_a_data (msgpack_unpacker *upk, struct server_a_data *A, serial_read_server_a_data(msgpack_unpacker* upk, struct server_a_data* A,
const_PrioConfig cfg) const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (A != NULL); P_CHECKCB(A != NULL);
P_CHECK (serial_read_mp_array (upk, A->data_shares, cfg->num_data_fields, P_CHECK(serial_read_mp_array(upk, A->data_shares, cfg->num_data_fields,
&cfg->modulus)); &cfg->modulus));
P_CHECK (serial_read_mp_array (upk, A->h_points, PrioConfig_hPoints (cfg), P_CHECK(serial_read_mp_array(upk, A->h_points, PrioConfig_hPoints(cfg),
&cfg->modulus)); &cfg->modulus));
cleanup: cleanup:
return rv; return rv;
} }
static SECStatus static SECStatus
serial_write_prg_seed (msgpack_packer *pk, const PrioPRGSeed *seed) serial_write_prg_seed(msgpack_packer* pk, const PrioPRGSeed* seed)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (seed != NULL); P_CHECKCB(seed != NULL);
P_CHECK (msgpack_pack_str (pk, PRG_SEED_LENGTH)); P_CHECK(msgpack_pack_str(pk, PRG_SEED_LENGTH));
P_CHECK (msgpack_pack_str_body (pk, seed, PRG_SEED_LENGTH)); P_CHECK(msgpack_pack_str_body(pk, seed, PRG_SEED_LENGTH));
cleanup: cleanup:
return rv; return rv;
} }
static SECStatus static SECStatus
serial_read_prg_seed (msgpack_unpacker *upk, PrioPRGSeed *seed) serial_read_prg_seed(msgpack_unpacker* upk, PrioPRGSeed* seed)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (seed != NULL); P_CHECKCB(seed != NULL);
msgpack_unpacked res; msgpack_unpacked res;
msgpack_unpacked_init (&res); msgpack_unpacked_init(&res);
UP_CHECK (msgpack_unpacker_next (upk, &res)) UP_CHECK(msgpack_unpacker_next(upk, &res))
msgpack_object obj = res.data; msgpack_object obj = res.data;
P_CHECKCB (obj.type == MSGPACK_OBJECT_STR); P_CHECKCB(obj.type == MSGPACK_OBJECT_STR);
msgpack_object_str s = obj.via.str; msgpack_object_str s = obj.via.str;
P_CHECKCB (s.size == PRG_SEED_LENGTH); P_CHECKCB(s.size == PRG_SEED_LENGTH);
memcpy (seed, s.ptr, PRG_SEED_LENGTH); memcpy(seed, s.ptr, PRG_SEED_LENGTH);
cleanup: cleanup:
msgpack_unpacked_destroy (&res); msgpack_unpacked_destroy(&res);
return rv; return rv;
} }
static SECStatus static SECStatus
serial_write_server_b_data (msgpack_packer *pk, const struct server_b_data *B) serial_write_server_b_data(msgpack_packer* pk, const struct server_b_data* B)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (B != NULL); P_CHECKCB(B != NULL);
rv = serial_write_prg_seed (pk, &B->seed); rv = serial_write_prg_seed(pk, &B->seed);
cleanup: cleanup:
return rv; return rv;
} }
static SECStatus static SECStatus
serial_read_server_b_data (msgpack_unpacker *upk, struct server_b_data *B) serial_read_server_b_data(msgpack_unpacker* upk, struct server_b_data* B)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (B != NULL); P_CHECKCB(B != NULL);
rv =serial_read_prg_seed (upk, &B->seed); rv = serial_read_prg_seed(upk, &B->seed);
cleanup: cleanup:
return rv; return rv;
} }
SECStatus SECStatus
serial_write_packet_client (msgpack_packer *pk, const_PrioPacketClient p, serial_write_packet_client(msgpack_packer* pk, const_PrioPacketClient p,
const_PrioConfig cfg) const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (p != NULL); P_CHECKCB(p != NULL);
P_CHECK (msgpack_pack_str (pk, cfg->batch_id_len)); P_CHECK(msgpack_pack_str(pk, cfg->batch_id_len));
P_CHECK (msgpack_pack_str_body (pk, cfg->batch_id, cfg->batch_id_len)); P_CHECK(msgpack_pack_str_body(pk, cfg->batch_id, cfg->batch_id_len));
P_CHECK (serial_write_beaver_triple (pk, p->triple)); P_CHECK(serial_write_beaver_triple(pk, p->triple));
P_CHECK (serial_write_mp_int (pk, &p->f0_share)); P_CHECK(serial_write_mp_int(pk, &p->f0_share));
P_CHECK (serial_write_mp_int (pk, &p->g0_share)); P_CHECK(serial_write_mp_int(pk, &p->g0_share));
P_CHECK (serial_write_mp_int (pk, &p->h0_share)); P_CHECK(serial_write_mp_int(pk, &p->h0_share));
P_CHECK (msgpack_pack_int (pk, p->for_server)); P_CHECK(msgpack_pack_int(pk, p->for_server));
switch (p->for_server) { switch (p->for_server) {
case PRIO_SERVER_A: case PRIO_SERVER_A:
P_CHECK (serial_write_server_a_data (pk, &p->shares.A)); P_CHECK(serial_write_server_a_data(pk, &p->shares.A));
break; break;
case PRIO_SERVER_B: case PRIO_SERVER_B:
P_CHECK (serial_write_server_b_data (pk, &p->shares.B)); P_CHECK(serial_write_server_b_data(pk, &p->shares.B));
break; break;
default: default:
return SECFailure; return SECFailure;
@ -298,15 +298,15 @@ cleanup:
} }
SECStatus SECStatus
serial_read_server_id (msgpack_unpacker *upk, PrioServerId *s) serial_read_server_id(msgpack_unpacker* upk, PrioServerId* s)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (s != NULL); P_CHECKCB(s != NULL);
int serv; int serv;
P_CHECK (serial_read_int (upk, &serv)); P_CHECK(serial_read_int(upk, &serv));
P_CHECKCB (serv == PRIO_SERVER_A || serv == PRIO_SERVER_B); P_CHECKCB(serv == PRIO_SERVER_A || serv == PRIO_SERVER_B);
*s = serv; *s = serv;
cleanup: cleanup:
@ -314,129 +314,127 @@ cleanup:
} }
SECStatus SECStatus
serial_read_packet_client (msgpack_unpacker *upk, PrioPacketClient p, serial_read_packet_client(msgpack_unpacker* upk, PrioPacketClient p,
const_PrioConfig cfg) const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (p != NULL); P_CHECKCB(p != NULL);
msgpack_unpacked res; msgpack_unpacked res;
msgpack_unpacked_init (&res); msgpack_unpacked_init(&res);
UP_CHECK (msgpack_unpacker_next (upk, &res)) UP_CHECK(msgpack_unpacker_next(upk, &res))
msgpack_object obj = res.data; msgpack_object obj = res.data;
P_CHECKCB (obj.type == MSGPACK_OBJECT_STR); P_CHECKCB(obj.type == MSGPACK_OBJECT_STR);
msgpack_object_str s = obj.via.str; msgpack_object_str s = obj.via.str;
P_CHECKCB (s.size == cfg->batch_id_len); P_CHECKCB(s.size == cfg->batch_id_len);
P_CHECKCB (!memcmp (s.ptr, (char *)cfg->batch_id, cfg->batch_id_len)); P_CHECKCB(!memcmp(s.ptr, (char*)cfg->batch_id, cfg->batch_id_len));
P_CHECK (serial_read_beaver_triple (upk, p->triple, &cfg->modulus)); P_CHECK(serial_read_beaver_triple(upk, p->triple, &cfg->modulus));
P_CHECK (serial_read_mp_int (upk, &p->f0_share, &cfg->modulus)); P_CHECK(serial_read_mp_int(upk, &p->f0_share, &cfg->modulus));
P_CHECK (serial_read_mp_int (upk, &p->g0_share, &cfg->modulus)); P_CHECK(serial_read_mp_int(upk, &p->g0_share, &cfg->modulus));
P_CHECK (serial_read_mp_int (upk, &p->h0_share, &cfg->modulus)); P_CHECK(serial_read_mp_int(upk, &p->h0_share, &cfg->modulus));
P_CHECK (serial_read_server_id (upk, &p->for_server)); P_CHECK(serial_read_server_id(upk, &p->for_server));
switch (p->for_server) { switch (p->for_server) {
case PRIO_SERVER_A: case PRIO_SERVER_A:
P_CHECK (serial_read_server_a_data (upk, &p->shares.A, cfg)); P_CHECK(serial_read_server_a_data(upk, &p->shares.A, cfg));
break; break;
case PRIO_SERVER_B: case PRIO_SERVER_B:
P_CHECK (serial_read_server_b_data (upk, &p->shares.B)); P_CHECK(serial_read_server_b_data(upk, &p->shares.B));
break; break;
default: default:
return SECFailure; return SECFailure;
} }
cleanup: cleanup:
msgpack_unpacked_destroy (&res); msgpack_unpacked_destroy(&res);
return rv; return rv;
} }
SECStatus SECStatus
PrioPacketVerify1_write (const_PrioPacketVerify1 p, msgpack_packer *pk) PrioPacketVerify1_write(const_PrioPacketVerify1 p, msgpack_packer* pk)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (p != NULL); P_CHECKCB(p != NULL);
P_CHECK (serial_write_mp_int (pk, &p->share_d)); P_CHECK(serial_write_mp_int(pk, &p->share_d));
P_CHECK (serial_write_mp_int (pk, &p->share_e)); P_CHECK(serial_write_mp_int(pk, &p->share_e));
cleanup: cleanup:
return rv; return rv;
} }
SECStatus SECStatus
PrioPacketVerify1_read (PrioPacketVerify1 p, msgpack_unpacker *upk, PrioPacketVerify1_read(PrioPacketVerify1 p, msgpack_unpacker* upk,
const_PrioConfig cfg) const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (p != NULL); P_CHECKCB(p != NULL);
P_CHECK (serial_read_mp_int (upk, &p->share_d, &cfg->modulus)); P_CHECK(serial_read_mp_int(upk, &p->share_d, &cfg->modulus));
P_CHECK (serial_read_mp_int (upk, &p->share_e, &cfg->modulus)); P_CHECK(serial_read_mp_int(upk, &p->share_e, &cfg->modulus));
cleanup: cleanup:
return rv; return rv;
} }
SECStatus SECStatus
PrioPacketVerify2_write (const_PrioPacketVerify2 p, msgpack_packer *pk) PrioPacketVerify2_write(const_PrioPacketVerify2 p, msgpack_packer* pk)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECKCB (p != NULL); P_CHECKCB(p != NULL);
P_CHECK (serial_write_mp_int (pk, &p->share_out)); P_CHECK(serial_write_mp_int(pk, &p->share_out));
cleanup: cleanup:
return rv; return rv;
} }
SECStatus SECStatus
PrioPacketVerify2_read (PrioPacketVerify2 p, msgpack_unpacker *upk, PrioPacketVerify2_read(PrioPacketVerify2 p, msgpack_unpacker* upk,
const_PrioConfig cfg) const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECKCB (p != NULL); P_CHECKCB(p != NULL);
P_CHECK (serial_read_mp_int (upk, &p->share_out, &cfg->modulus)); P_CHECK(serial_read_mp_int(upk, &p->share_out, &cfg->modulus));
cleanup: cleanup:
return rv; return rv;
} }
SECStatus SECStatus
PrioTotalShare_write (const_PrioTotalShare t, msgpack_packer *pk) PrioTotalShare_write(const_PrioTotalShare t, msgpack_packer* pk)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (t != NULL); P_CHECKCB(t != NULL);
P_CHECKCB (pk != NULL); P_CHECKCB(pk != NULL);
P_CHECK (msgpack_pack_int (pk, t->idx)); P_CHECK(msgpack_pack_int(pk, t->idx));
P_CHECK (serial_write_mp_array (pk, t->data_shares)); P_CHECK(serial_write_mp_array(pk, t->data_shares));
cleanup: cleanup:
return rv; return rv;
} }
SECStatus SECStatus
PrioTotalShare_read (PrioTotalShare t, msgpack_unpacker *upk, PrioTotalShare_read(PrioTotalShare t, msgpack_unpacker* upk,
const_PrioConfig cfg) const_PrioConfig cfg)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECKCB (t != NULL); P_CHECKCB(t != NULL);
P_CHECKCB (upk != NULL); P_CHECKCB(upk != NULL);
P_CHECK (serial_read_server_id (upk, &t->idx)); P_CHECK(serial_read_server_id(upk, &t->idx));
P_CHECK (serial_read_mp_array (upk, t->data_shares, cfg->num_data_fields, P_CHECK(serial_read_mp_array(upk, t->data_shares, cfg->num_data_fields,
&cfg->modulus)); &cfg->modulus));
cleanup: cleanup:
return rv; return rv;
} }

10
third_party/prio/prio/serial.h поставляемый
Просмотреть файл

@ -11,11 +11,11 @@
#include <mprio.h> #include <mprio.h>
SECStatus serial_write_packet_client (msgpack_packer *pk, const_PrioPacketClient p, SECStatus serial_write_packet_client(msgpack_packer* pk,
const_PrioConfig cfg); const_PrioPacketClient p,
const_PrioConfig cfg);
SECStatus serial_read_packet_client (msgpack_unpacker *upk, PrioPacketClient p, SECStatus serial_read_packet_client(msgpack_unpacker* upk, PrioPacketClient p,
const_PrioConfig cfg); const_PrioConfig cfg);
#endif /* __SERIAL_H__ */ #endif /* __SERIAL_H__ */

343
third_party/prio/prio/server.c поставляемый
Просмотреть файл

@ -12,31 +12,32 @@
#include <stdlib.h> #include <stdlib.h>
#include "client.h" #include "client.h"
#include "prg.h"
#include "poly.h"
#include "mparray.h" #include "mparray.h"
#include "poly.h"
#include "prg.h"
#include "server.h" #include "server.h"
#include "util.h" #include "util.h"
PrioServer PrioServer
PrioServer_new (const_PrioConfig cfg, PrioServerId server_idx, PrioServer_new(const_PrioConfig cfg, PrioServerId server_idx,
PrivateKey server_priv, const PrioPRGSeed seed) PrivateKey server_priv, const PrioPRGSeed seed)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PrioServer s = malloc (sizeof (*s)); PrioServer s = malloc(sizeof(*s));
if (!s) return NULL; if (!s)
return NULL;
s->cfg = cfg; s->cfg = cfg;
s->idx = server_idx; s->idx = server_idx;
s->priv_key = server_priv; s->priv_key = server_priv;
s->data_shares = NULL; s->data_shares = NULL;
s->prg = NULL; s->prg = NULL;
P_CHECKA (s->data_shares = MPArray_new (s->cfg->num_data_fields)); P_CHECKA(s->data_shares = MPArray_new(s->cfg->num_data_fields));
P_CHECKA (s->prg = PRG_new (seed)); P_CHECKA(s->prg = PRG_new(seed));
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
PrioServer_clear (s); PrioServer_clear(s);
return NULL; return NULL;
} }
@ -44,17 +45,18 @@ cleanup:
} }
void void
PrioServer_clear (PrioServer s) PrioServer_clear(PrioServer s)
{ {
if (!s) return; if (!s)
return;
PRG_clear (s->prg); PRG_clear(s->prg);
MPArray_clear (s->data_shares); MPArray_clear(s->data_shares);
free(s); free(s);
} }
SECStatus SECStatus
PrioServer_aggregate (PrioServer s, PrioVerifier v) PrioServer_aggregate(PrioServer s, PrioVerifier v)
{ {
MPArray arr = NULL; MPArray arr = NULL;
switch (s->idx) { switch (s->idx) {
@ -69,18 +71,19 @@ PrioServer_aggregate (PrioServer s, PrioVerifier v)
return SECFailure; return SECFailure;
} }
return MPArray_addmod (s->data_shares, arr, &s->cfg->modulus); return MPArray_addmod(s->data_shares, arr, &s->cfg->modulus);
} }
PrioTotalShare PrioTotalShare
PrioTotalShare_new (void) PrioTotalShare_new(void)
{ {
PrioTotalShare t = malloc (sizeof (*t)); PrioTotalShare t = malloc(sizeof(*t));
if (!t) return NULL; if (!t)
return NULL;
t->data_shares = MPArray_new (0); t->data_shares = MPArray_new(0);
if (!t->data_shares) { if (!t->data_shares) {
free (t); free(t);
return NULL; return NULL;
} }
@ -88,29 +91,29 @@ PrioTotalShare_new (void)
} }
void void
PrioTotalShare_clear (PrioTotalShare t) PrioTotalShare_clear(PrioTotalShare t)
{ {
if (!t) return; if (!t)
MPArray_clear (t->data_shares); return;
free (t); MPArray_clear(t->data_shares);
free(t);
} }
SECStatus SECStatus
PrioTotalShare_set_data (PrioTotalShare t, const_PrioServer s) PrioTotalShare_set_data(PrioTotalShare t, const_PrioServer s)
{ {
t->idx = s->idx; t->idx = s->idx;
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
P_CHECK (MPArray_resize (t->data_shares, s->data_shares->len)); P_CHECK(MPArray_resize(t->data_shares, s->data_shares->len));
P_CHECK (MPArray_copy (t->data_shares, s->data_shares)); P_CHECK(MPArray_copy(t->data_shares, s->data_shares));
return rv; return rv;
} }
SECStatus SECStatus
PrioTotalShare_final (const_PrioConfig cfg, PrioTotalShare_final(const_PrioConfig cfg, unsigned long* output,
unsigned long *output, const_PrioTotalShare tA, const_PrioTotalShare tB)
const_PrioTotalShare tA, const_PrioTotalShare tB)
{ {
if (tA->data_shares->len != cfg->num_data_fields) if (tA->data_shares->len != cfg->num_data_fields)
return SECFailure; return SECFailure;
@ -122,24 +125,24 @@ PrioTotalShare_final (const_PrioConfig cfg,
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
mp_int tmp; mp_int tmp;
MP_DIGITS (&tmp) = NULL; MP_DIGITS(&tmp) = NULL;
MP_CHECKC (mp_init (&tmp)); MP_CHECKC(mp_init(&tmp));
for (int i=0; i<cfg->num_data_fields; i++) { for (int i = 0; i < cfg->num_data_fields; i++) {
MP_CHECKC (mp_addmod(&tA->data_shares->data[i], &tB->data_shares->data[i], MP_CHECKC(mp_addmod(&tA->data_shares->data[i], &tB->data_shares->data[i],
&cfg->modulus, &tmp)); &cfg->modulus, &tmp));
output[i] = tmp.dp[0]; output[i] = tmp.dp[0];
} }
cleanup: cleanup:
mp_clear (&tmp); mp_clear(&tmp);
return rv; return rv;
} }
inline static mp_int*
inline static mp_int * get_data_share(const_PrioVerifier v, int i)
get_data_share (const_PrioVerifier v, int i) { {
switch (v->s->idx) { switch (v->s->idx) {
case PRIO_SERVER_A: case PRIO_SERVER_A:
return &v->clientp->shares.A.data_shares->data[i]; return &v->clientp->shares.A.data_shares->data[i];
@ -150,8 +153,9 @@ get_data_share (const_PrioVerifier v, int i) {
return NULL; return NULL;
} }
inline static mp_int * inline static mp_int*
get_h_share (const_PrioVerifier v, int i) { get_h_share(const_PrioVerifier v, int i)
{
switch (v->s->idx) { switch (v->s->idx) {
case PRIO_SERVER_A: case PRIO_SERVER_A:
return &v->clientp->shares.A.h_points->data[i]; return &v->clientp->shares.A.h_points->data[i];
@ -168,99 +172,102 @@ get_h_share (const_PrioVerifier v, int i) {
* by the shared secret. Store the evaluations in the verifier object. * by the shared secret. Store the evaluations in the verifier object.
*/ */
static SECStatus static SECStatus
compute_shares (PrioVerifier v, const_PrioPacketClient p) compute_shares(PrioVerifier v, const_PrioPacketClient p)
{ {
SECStatus rv; SECStatus rv;
const int n = v->s->cfg->num_data_fields + 1; const int n = v->s->cfg->num_data_fields + 1;
const int N = next_power_of_two (n); const int N = next_power_of_two(n);
mp_int eval_at; mp_int eval_at;
MP_DIGITS (&eval_at) = NULL; MP_DIGITS(&eval_at) = NULL;
MPArray points_f = NULL; MPArray points_f = NULL;
MPArray points_g = NULL; MPArray points_g = NULL;
MPArray points_h = NULL; MPArray points_h = NULL;
MP_CHECKC (mp_init (&eval_at)); MP_CHECKC(mp_init(&eval_at));
P_CHECKA (points_f = MPArray_new (N)); P_CHECKA(points_f = MPArray_new(N));
P_CHECKA (points_g = MPArray_new (N)); P_CHECKA(points_g = MPArray_new(N));
P_CHECKA (points_h = MPArray_new (2*N)); P_CHECKA(points_h = MPArray_new(2 * N));
// Use PRG to generate random point // Use PRG to generate random point
MP_CHECKC (PRG_get_int (v->s->prg, &eval_at, &v->s->cfg->modulus)); MP_CHECKC(PRG_get_int(v->s->prg, &eval_at, &v->s->cfg->modulus));
// Reduce value into the field we're using. This // Reduce value into the field we're using. This
// doesn't yield exactly a uniformly random point, // doesn't yield exactly a uniformly random point,
// but for values this large, it will be close // but for values this large, it will be close
// enough. // enough.
MP_CHECKC (mp_mod (&eval_at, &v->s->cfg->modulus, &eval_at)); MP_CHECKC(mp_mod(&eval_at, &v->s->cfg->modulus, &eval_at));
// Client sends us the values of f(0) and g(0) // Client sends us the values of f(0) and g(0)
MP_CHECKC (mp_copy(&p->f0_share, &points_f->data[0])); MP_CHECKC(mp_copy(&p->f0_share, &points_f->data[0]));
MP_CHECKC (mp_copy(&p->g0_share, &points_g->data[0])); MP_CHECKC(mp_copy(&p->g0_share, &points_g->data[0]));
MP_CHECKC (mp_copy(&p->h0_share, &points_h->data[0])); MP_CHECKC(mp_copy(&p->h0_share, &points_h->data[0]));
for (int i=1; i<n; i++) { for (int i = 1; i < n; i++) {
// [f](i) = i-th data share // [f](i) = i-th data share
const mp_int *data_i_minus_1 = get_data_share(v, i-1); const mp_int* data_i_minus_1 = get_data_share(v, i - 1);
MP_CHECKC (mp_copy(data_i_minus_1, &points_f->data[i])); MP_CHECKC(mp_copy(data_i_minus_1, &points_f->data[i]));
// [g](i) = i-th data share minus 1 // [g](i) = i-th data share minus 1
// Only need to shift the share for 0-th server // Only need to shift the share for 0-th server
MP_CHECKC (mp_copy(&points_f->data[i], &points_g->data[i])); MP_CHECKC(mp_copy(&points_f->data[i], &points_g->data[i]));
if (!v->s->idx) { if (!v->s->idx) {
MP_CHECKC (mp_sub_d(&points_g->data[i], 1, &points_g->data[i])); MP_CHECKC(mp_sub_d(&points_g->data[i], 1, &points_g->data[i]));
MP_CHECKC (mp_mod(&points_g->data[i], &v->s->cfg->modulus, &points_g->data[i])); MP_CHECKC(
mp_mod(&points_g->data[i], &v->s->cfg->modulus, &points_g->data[i]));
} }
} }
int j = 0; int j = 0;
for (int i=1; i<2*N; i+=2) { for (int i = 1; i < 2 * N; i += 2) {
const mp_int *h_point_j = get_h_share (v, j++); const mp_int* h_point_j = get_h_share(v, j++);
MP_CHECKC (mp_copy(h_point_j, &points_h->data[i])); MP_CHECKC(mp_copy(h_point_j, &points_h->data[i]));
} }
P_CHECKC (poly_interp_evaluate (&v->share_fR, points_f, &eval_at, v->s->cfg)); P_CHECKC(poly_interp_evaluate(&v->share_fR, points_f, &eval_at, v->s->cfg));
P_CHECKC (poly_interp_evaluate (&v->share_gR, points_g, &eval_at, v->s->cfg)); P_CHECKC(poly_interp_evaluate(&v->share_gR, points_g, &eval_at, v->s->cfg));
P_CHECKC (poly_interp_evaluate (&v->share_hR, points_h, &eval_at, v->s->cfg)); P_CHECKC(poly_interp_evaluate(&v->share_hR, points_h, &eval_at, v->s->cfg));
cleanup: cleanup:
MPArray_clear (points_f); MPArray_clear(points_f);
MPArray_clear (points_g); MPArray_clear(points_g);
MPArray_clear (points_h); MPArray_clear(points_h);
mp_clear (&eval_at); mp_clear(&eval_at);
return rv; return rv;
} }
PrioVerifier PrioVerifier_new (PrioServer s) PrioVerifier
PrioVerifier_new(PrioServer s)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PrioVerifier v = malloc (sizeof *v); PrioVerifier v = malloc(sizeof *v);
if (!v) return NULL; if (!v)
return NULL;
v->s = s; v->s = s;
v->clientp = NULL; v->clientp = NULL;
v->data_sharesB = NULL; v->data_sharesB = NULL;
v->h_pointsB = NULL; v->h_pointsB = NULL;
MP_DIGITS (&v->share_fR) = NULL; MP_DIGITS(&v->share_fR) = NULL;
MP_DIGITS (&v->share_gR) = NULL; MP_DIGITS(&v->share_gR) = NULL;
MP_DIGITS (&v->share_hR) = NULL; MP_DIGITS(&v->share_hR) = NULL;
MP_CHECKC (mp_init (&v->share_fR)); MP_CHECKC(mp_init(&v->share_fR));
MP_CHECKC (mp_init (&v->share_gR)); MP_CHECKC(mp_init(&v->share_gR));
MP_CHECKC (mp_init (&v->share_hR)); MP_CHECKC(mp_init(&v->share_hR));
P_CHECKA (v->clientp = PrioPacketClient_new (s->cfg, s->idx)); P_CHECKA(v->clientp = PrioPacketClient_new(s->cfg, s->idx));
const int N = next_power_of_two (s->cfg->num_data_fields + 1); const int N = next_power_of_two(s->cfg->num_data_fields + 1);
if (v->s->idx == PRIO_SERVER_B) { if (v->s->idx == PRIO_SERVER_B) {
P_CHECKA (v->data_sharesB = MPArray_new (v->s->cfg->num_data_fields)); P_CHECKA(v->data_sharesB = MPArray_new(v->s->cfg->num_data_fields));
P_CHECKA (v->h_pointsB = MPArray_new (N)); P_CHECKA(v->h_pointsB = MPArray_new(N));
} }
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
PrioVerifier_clear (v); PrioVerifier_clear(v);
return NULL; return NULL;
} }
@ -268,18 +275,19 @@ cleanup:
} }
SECStatus SECStatus
PrioVerifier_set_data (PrioVerifier v, unsigned char *data, unsigned int data_len) PrioVerifier_set_data(PrioVerifier v, unsigned char* data,
unsigned int data_len)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PRG prgB = NULL; PRG prgB = NULL;
P_CHECKC (PrioPacketClient_decrypt (v->clientp, v->s->cfg, P_CHECKC(PrioPacketClient_decrypt(v->clientp, v->s->cfg, v->s->priv_key, data,
v->s->priv_key, data, data_len)); data_len));
PrioPacketClient p = v->clientp; PrioPacketClient p = v->clientp;
if (p->for_server != v->s->idx) if (p->for_server != v->s->idx)
return SECFailure; return SECFailure;
const int N = next_power_of_two (v->s->cfg->num_data_fields + 1); const int N = next_power_of_two(v->s->cfg->num_data_fields + 1);
if (v->s->idx == PRIO_SERVER_A) { if (v->s->idx == PRIO_SERVER_A) {
// Check that packet has the correct number of data fields // Check that packet has the correct number of data fields
if (p->shares.A.data_shares->len != v->s->cfg->num_data_fields) if (p->shares.A.data_shares->len != v->s->cfg->num_data_fields)
@ -289,9 +297,9 @@ PrioVerifier_set_data (PrioVerifier v, unsigned char *data, unsigned int data_le
} }
if (v->s->idx == PRIO_SERVER_B) { if (v->s->idx == PRIO_SERVER_B) {
P_CHECKA (prgB = PRG_new (v->clientp->shares.B.seed)); P_CHECKA(prgB = PRG_new(v->clientp->shares.B.seed));
P_CHECKC (PRG_get_array (prgB, v->data_sharesB, &v->s->cfg->modulus)); P_CHECKC(PRG_get_array(prgB, v->data_sharesB, &v->s->cfg->modulus));
P_CHECKC (PRG_get_array (prgB, v->h_pointsB, &v->s->cfg->modulus)); P_CHECKC(PRG_get_array(prgB, v->h_pointsB, &v->s->cfg->modulus));
} }
// TODO: This can be done much faster by using the combined // TODO: This can be done much faster by using the combined
@ -299,43 +307,45 @@ PrioVerifier_set_data (PrioVerifier v, unsigned char *data, unsigned int data_le
// Prio paper. // Prio paper.
// //
// Compute share of f(r), g(r), h(r) // Compute share of f(r), g(r), h(r)
P_CHECKC (compute_shares (v, p)); P_CHECKC(compute_shares(v, p));
cleanup: cleanup:
PRG_clear (prgB); PRG_clear(prgB);
return rv; return rv;
} }
void
void PrioVerifier_clear (PrioVerifier v) PrioVerifier_clear(PrioVerifier v)
{ {
if (v == NULL) return; if (v == NULL)
PrioPacketClient_clear (v->clientp); return;
MPArray_clear (v->data_sharesB); PrioPacketClient_clear(v->clientp);
MPArray_clear (v->h_pointsB); MPArray_clear(v->data_sharesB);
mp_clear (&v->share_fR); MPArray_clear(v->h_pointsB);
mp_clear (&v->share_gR); mp_clear(&v->share_fR);
mp_clear (&v->share_hR); mp_clear(&v->share_gR);
free (v); mp_clear(&v->share_hR);
free(v);
} }
PrioPacketVerify1 PrioPacketVerify1
PrioPacketVerify1_new (void) PrioPacketVerify1_new(void)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PrioPacketVerify1 p = malloc (sizeof *p); PrioPacketVerify1 p = malloc(sizeof *p);
if (!p) return NULL; if (!p)
return NULL;
MP_DIGITS (&p->share_d) = NULL; MP_DIGITS(&p->share_d) = NULL;
MP_DIGITS (&p->share_e) = NULL; MP_DIGITS(&p->share_e) = NULL;
MP_CHECKC (mp_init (&p->share_d)); MP_CHECKC(mp_init(&p->share_d));
MP_CHECKC (mp_init (&p->share_e)); MP_CHECKC(mp_init(&p->share_e));
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
PrioPacketVerify1_clear (p); PrioPacketVerify1_clear(p);
return NULL; return NULL;
} }
@ -343,16 +353,17 @@ cleanup:
} }
void void
PrioPacketVerify1_clear (PrioPacketVerify1 p) PrioPacketVerify1_clear(PrioPacketVerify1 p)
{ {
if (!p) return; if (!p)
mp_clear (&p->share_d); return;
mp_clear (&p->share_e); mp_clear(&p->share_d);
free (p); mp_clear(&p->share_e);
free(p);
} }
SECStatus SECStatus
PrioPacketVerify1_set_data (PrioPacketVerify1 p1, const_PrioVerifier v) PrioPacketVerify1_set_data(PrioPacketVerify1 p1, const_PrioVerifier v)
{ {
// See the Prio paper for details on how this works. // See the Prio paper for details on how this works.
// Appendix C descrives the MPC protocol used here. // Appendix C descrives the MPC protocol used here.
@ -361,121 +372,121 @@ PrioPacketVerify1_set_data (PrioPacketVerify1 p1, const_PrioVerifier v)
// Compute corrections. // Compute corrections.
// [d] = [f(r)] - [a] // [d] = [f(r)] - [a]
MP_CHECK (mp_sub (&v->share_fR, &v->clientp->triple->a, &p1->share_d)); MP_CHECK(mp_sub(&v->share_fR, &v->clientp->triple->a, &p1->share_d));
MP_CHECK (mp_mod (&p1->share_d, &v->s->cfg->modulus, &p1->share_d)); MP_CHECK(mp_mod(&p1->share_d, &v->s->cfg->modulus, &p1->share_d));
// [e] = [g(r)] - [b] // [e] = [g(r)] - [b]
MP_CHECK (mp_sub (&v->share_gR, &v->clientp->triple->b, &p1->share_e)); MP_CHECK(mp_sub(&v->share_gR, &v->clientp->triple->b, &p1->share_e));
MP_CHECK (mp_mod (&p1->share_e, &v->s->cfg->modulus, &p1->share_e)); MP_CHECK(mp_mod(&p1->share_e, &v->s->cfg->modulus, &p1->share_e));
return rv; return rv;
} }
PrioPacketVerify2 PrioPacketVerify2
PrioPacketVerify2_new (void) PrioPacketVerify2_new(void)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PrioPacketVerify2 p = malloc (sizeof *p); PrioPacketVerify2 p = malloc(sizeof *p);
if (!p) return NULL; if (!p)
return NULL;
MP_DIGITS (&p->share_out) = NULL; MP_DIGITS(&p->share_out) = NULL;
MP_CHECKC (mp_init (&p->share_out)); MP_CHECKC(mp_init(&p->share_out));
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
PrioPacketVerify2_clear (p); PrioPacketVerify2_clear(p);
return NULL; return NULL;
} }
return p; return p;
} }
void void
PrioPacketVerify2_clear (PrioPacketVerify2 p) PrioPacketVerify2_clear(PrioPacketVerify2 p)
{ {
if (!p) return; if (!p)
mp_clear (&p->share_out); return;
free (p); mp_clear(&p->share_out);
free(p);
} }
SECStatus SECStatus
PrioPacketVerify2_set_data (PrioPacketVerify2 p2, const_PrioVerifier v, PrioPacketVerify2_set_data(PrioPacketVerify2 p2, const_PrioVerifier v,
const_PrioPacketVerify1 p1A, const_PrioPacketVerify1 p1B) const_PrioPacketVerify1 p1A,
const_PrioPacketVerify1 p1B)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
mp_int d, e, tmp; mp_int d, e, tmp;
MP_DIGITS (&d) = NULL; MP_DIGITS(&d) = NULL;
MP_DIGITS (&e) = NULL; MP_DIGITS(&e) = NULL;
MP_DIGITS (&tmp) = NULL; MP_DIGITS(&tmp) = NULL;
MP_CHECKC (mp_init (&d)); MP_CHECKC(mp_init(&d));
MP_CHECKC (mp_init (&e)); MP_CHECKC(mp_init(&e));
MP_CHECKC (mp_init (&tmp)); MP_CHECKC(mp_init(&tmp));
const mp_int *mod = &v->s->cfg->modulus; const mp_int* mod = &v->s->cfg->modulus;
// Compute share of f(r)*g(r) // Compute share of f(r)*g(r)
// [f(r)*g(r)] = [d*e/2] + d[b] + e[a] + [c] // [f(r)*g(r)] = [d*e/2] + d[b] + e[a] + [c]
// Compute d // Compute d
MP_CHECKC (mp_addmod (&p1A->share_d, &p1B->share_d, mod, &d)); MP_CHECKC(mp_addmod(&p1A->share_d, &p1B->share_d, mod, &d));
// Compute e // Compute e
MP_CHECKC (mp_addmod (&p1A->share_e, &p1B->share_e, mod, &e)); MP_CHECKC(mp_addmod(&p1A->share_e, &p1B->share_e, mod, &e));
// Compute d*e // Compute d*e
MP_CHECKC (mp_mulmod (&d, &e, mod, &p2->share_out)); MP_CHECKC(mp_mulmod(&d, &e, mod, &p2->share_out));
// out = d*e/2 // out = d*e/2
MP_CHECKC (mp_mulmod (&p2->share_out, &v->s->cfg->inv2, MP_CHECKC(mp_mulmod(&p2->share_out, &v->s->cfg->inv2, mod, &p2->share_out));
mod, &p2->share_out));
// Compute d[b] // Compute d[b]
MP_CHECKC (mp_mulmod (&d, &v->clientp->triple->b, mod, &tmp)); MP_CHECKC(mp_mulmod(&d, &v->clientp->triple->b, mod, &tmp));
// out = d*e/2 + d[b] // out = d*e/2 + d[b]
MP_CHECKC (mp_addmod (&p2->share_out, &tmp, mod, &p2->share_out)); MP_CHECKC(mp_addmod(&p2->share_out, &tmp, mod, &p2->share_out));
// Compute e[a] // Compute e[a]
MP_CHECKC (mp_mulmod (&e, &v->clientp->triple->a, mod, &tmp)); MP_CHECKC(mp_mulmod(&e, &v->clientp->triple->a, mod, &tmp));
// out = d*e/2 + d[b] + e[a] // out = d*e/2 + d[b] + e[a]
MP_CHECKC (mp_addmod (&p2->share_out, &tmp, mod, &p2->share_out)); MP_CHECKC(mp_addmod(&p2->share_out, &tmp, mod, &p2->share_out));
// out = d*e/2 + d[b] + e[a] + [c] // out = d*e/2 + d[b] + e[a] + [c]
MP_CHECKC (mp_addmod (&p2->share_out, &v->clientp->triple->c, mod, &p2->share_out)); MP_CHECKC(
mp_addmod(&p2->share_out, &v->clientp->triple->c, mod, &p2->share_out));
// We want to compute f(r)*g(r) - h(r), // We want to compute f(r)*g(r) - h(r),
// so subtract off [h(r)]: // so subtract off [h(r)]:
// out = d*e/2 + d[b] + e[a] + [c] - [h(r)] // out = d*e/2 + d[b] + e[a] + [c] - [h(r)]
MP_CHECKC (mp_sub (&p2->share_out, &v->share_hR, &p2->share_out)); MP_CHECKC(mp_sub(&p2->share_out, &v->share_hR, &p2->share_out));
MP_CHECKC (mp_mod (&p2->share_out, mod, &p2->share_out)); MP_CHECKC(mp_mod(&p2->share_out, mod, &p2->share_out));
cleanup: cleanup:
mp_clear (&d); mp_clear(&d);
mp_clear (&e); mp_clear(&e);
mp_clear (&tmp); mp_clear(&tmp);
return rv; return rv;
} }
int int
PrioVerifier_isValid (const_PrioVerifier v, PrioVerifier_isValid(const_PrioVerifier v, const_PrioPacketVerify2 pA,
const_PrioPacketVerify2 pA, const_PrioPacketVerify2 pB) const_PrioPacketVerify2 pB)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
mp_int res; mp_int res;
MP_DIGITS (&res) = NULL; MP_DIGITS(&res) = NULL;
MP_CHECKC (mp_init (&res)); MP_CHECKC(mp_init(&res));
// Add up the shares of the output wire value and // Add up the shares of the output wire value and
// ensure that the sum is equal to zero, which indicates // ensure that the sum is equal to zero, which indicates
// that // that
// f(r) * g(r) == h(r). // f(r) * g(r) == h(r).
MP_CHECKC (mp_addmod (&pA->share_out, &pB->share_out, MP_CHECKC(
&v->s->cfg->modulus, &res)); mp_addmod(&pA->share_out, &pB->share_out, &v->s->cfg->modulus, &res));
rv = (mp_cmp_d (&res, 0) == 0) ? SECSuccess : SECFailure; rv = (mp_cmp_d(&res, 0) == 0) ? SECSuccess : SECFailure;
cleanup: cleanup:
mp_clear (&res); mp_clear(&res);
return rv; return rv;
} }

16
third_party/prio/prio/server.h поставляемый
Просмотреть файл

@ -13,12 +13,14 @@
#include "prg.h" #include "prg.h"
#include "share.h" #include "share.h"
struct prio_total_share { struct prio_total_share
{
PrioServerId idx; PrioServerId idx;
MPArray data_shares; MPArray data_shares;
}; };
struct prio_server { struct prio_server
{
const_PrioConfig cfg; const_PrioConfig cfg;
PrioServerId idx; PrioServerId idx;
@ -34,7 +36,8 @@ struct prio_server {
PRG prg; PRG prg;
}; };
struct prio_verifier { struct prio_verifier
{
PrioServer s; PrioServer s;
PrioPacketClient clientp; PrioPacketClient clientp;
@ -47,14 +50,15 @@ struct prio_verifier {
mp_int share_out; mp_int share_out;
}; };
struct prio_packet_verify1 { struct prio_packet_verify1
{
mp_int share_d; mp_int share_d;
mp_int share_e; mp_int share_e;
}; };
struct prio_packet_verify2 { struct prio_packet_verify2
{
mp_int share_out; mp_int share_out;
}; };
#endif /* __SERVER_H__ */ #endif /* __SERVER_H__ */

72
third_party/prio/prio/share.c поставляемый
Просмотреть файл

@ -12,57 +12,56 @@
#include "share.h" #include "share.h"
#include "util.h" #include "util.h"
SECStatus SECStatus
share_int (const struct prio_config *cfg, const mp_int *src, share_int(const struct prio_config* cfg, const mp_int* src, mp_int* shareA,
mp_int *shareA, mp_int *shareB) mp_int* shareB)
{ {
SECStatus rv; SECStatus rv;
P_CHECK (rand_int (shareA, &cfg->modulus)); P_CHECK(rand_int(shareA, &cfg->modulus));
MP_CHECK (mp_submod (src, shareA, &cfg->modulus, shareB)); MP_CHECK(mp_submod(src, shareA, &cfg->modulus, shareB));
return rv; return rv;
} }
BeaverTriple BeaverTriple
BeaverTriple_new (void) BeaverTriple_new(void)
{ {
BeaverTriple triple = malloc (sizeof *triple); BeaverTriple triple = malloc(sizeof *triple);
if (!triple) if (!triple)
return NULL; return NULL;
MP_DIGITS (&triple->a) = NULL; MP_DIGITS(&triple->a) = NULL;
MP_DIGITS (&triple->b) = NULL; MP_DIGITS(&triple->b) = NULL;
MP_DIGITS (&triple->c) = NULL; MP_DIGITS(&triple->c) = NULL;
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
MP_CHECKC (mp_init (&triple->a)); MP_CHECKC(mp_init(&triple->a));
MP_CHECKC (mp_init (&triple->b)); MP_CHECKC(mp_init(&triple->b));
MP_CHECKC (mp_init (&triple->c)); MP_CHECKC(mp_init(&triple->c));
cleanup: cleanup:
if (rv != SECSuccess) { if (rv != SECSuccess) {
BeaverTriple_clear (triple); BeaverTriple_clear(triple);
return NULL; return NULL;
} }
return triple; return triple;
} }
void void
BeaverTriple_clear (BeaverTriple triple) BeaverTriple_clear(BeaverTriple triple)
{ {
if (!triple) return; if (!triple)
mp_clear (&triple->a); return;
mp_clear (&triple->b); mp_clear(&triple->a);
mp_clear (&triple->c); mp_clear(&triple->b);
free (triple); mp_clear(&triple->c);
free(triple);
} }
SECStatus SECStatus
BeaverTriple_set_rand (const struct prio_config *cfg, BeaverTriple_set_rand(const struct prio_config* cfg,
struct beaver_triple *triple_1, struct beaver_triple* triple_1,
struct beaver_triple *triple_2) struct beaver_triple* triple_2)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
@ -70,28 +69,28 @@ BeaverTriple_set_rand (const struct prio_config *cfg,
// We need that // We need that
// (a1 + a2)(b1 + b2) = c1 + c2 (mod p) // (a1 + a2)(b1 + b2) = c1 + c2 (mod p)
P_CHECK (rand_int (&triple_1->a, &cfg->modulus)); P_CHECK(rand_int(&triple_1->a, &cfg->modulus));
P_CHECK (rand_int (&triple_1->b, &cfg->modulus)); P_CHECK(rand_int(&triple_1->b, &cfg->modulus));
P_CHECK (rand_int (&triple_2->a, &cfg->modulus)); P_CHECK(rand_int(&triple_2->a, &cfg->modulus));
P_CHECK (rand_int (&triple_2->b, &cfg->modulus)); P_CHECK(rand_int(&triple_2->b, &cfg->modulus));
// We are trying to be a little clever here to avoid the use of temp // We are trying to be a little clever here to avoid the use of temp
// variables. // variables.
// c1 = a1 + a2 // c1 = a1 + a2
MP_CHECK (mp_addmod (&triple_1->a, &triple_2->a, &cfg->modulus, &triple_1->c)); MP_CHECK(mp_addmod(&triple_1->a, &triple_2->a, &cfg->modulus, &triple_1->c));
// c2 = b1 + b2 // c2 = b1 + b2
MP_CHECK (mp_addmod (&triple_1->b, &triple_2->b, &cfg->modulus, &triple_2->c)); MP_CHECK(mp_addmod(&triple_1->b, &triple_2->b, &cfg->modulus, &triple_2->c));
// c1 = c1 * c2 = (a1 + a2) (b1 + b2) // c1 = c1 * c2 = (a1 + a2) (b1 + b2)
MP_CHECK (mp_mulmod (&triple_1->c, &triple_2->c, &cfg->modulus, &triple_1->c)); MP_CHECK(mp_mulmod(&triple_1->c, &triple_2->c, &cfg->modulus, &triple_1->c));
// Set c2 to random blinding value // Set c2 to random blinding value
MP_CHECK (rand_int (&triple_2->c, &cfg->modulus)); MP_CHECK(rand_int(&triple_2->c, &cfg->modulus));
// c1 = c1 - c2 // c1 = c1 - c2
MP_CHECK (mp_submod (&triple_1->c, &triple_2->c, &cfg->modulus, &triple_1->c)); MP_CHECK(mp_submod(&triple_1->c, &triple_2->c, &cfg->modulus, &triple_1->c));
// Now we should have random tuples satisfying: // Now we should have random tuples satisfying:
// (a1 + a2) (b1 + b2) = c1 + c2 // (a1 + a2) (b1 + b2) = c1 + c2
@ -100,9 +99,8 @@ BeaverTriple_set_rand (const struct prio_config *cfg,
} }
bool bool
BeaverTriple_areEqual (const_BeaverTriple t1, const_BeaverTriple t2) BeaverTriple_areEqual(const_BeaverTriple t1, const_BeaverTriple t2)
{ {
return (mp_cmp (&t1->a, &t2->a) == 0 && return (mp_cmp(&t1->a, &t2->a) == 0 && mp_cmp(&t1->b, &t2->b) == 0 &&
mp_cmp (&t1->b, &t2->b) == 0 && mp_cmp(&t1->c, &t2->c) == 0);
mp_cmp (&t1->c, &t2->c) == 0);
} }

26
third_party/prio/prio/share.h поставляемый
Просмотреть файл

@ -6,7 +6,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
#ifndef __SHARE_H__ #ifndef __SHARE_H__
#define __SHARE_H__ #define __SHARE_H__
@ -14,23 +13,22 @@
#include "config.h" #include "config.h"
struct beaver_triple { struct beaver_triple
{
mp_int a; mp_int a;
mp_int b; mp_int b;
mp_int c; mp_int c;
}; };
typedef struct beaver_triple *BeaverTriple; typedef struct beaver_triple* BeaverTriple;
typedef const struct beaver_triple *const_BeaverTriple; typedef const struct beaver_triple* const_BeaverTriple;
/* /*
* Use secret sharing to split the int src into two shares. * Use secret sharing to split the int src into two shares.
* The mp_ints must be initialized. * The mp_ints must be initialized.
*/ */
SECStatus share_int (const_PrioConfig cfg, const mp_int *src, SECStatus share_int(const_PrioConfig cfg, const mp_int* src, mp_int* shareA,
mp_int *shareA, mp_int *shareB); mp_int* shareB);
/* /*
* Prio uses Beaver triples to implement one step of the * Prio uses Beaver triples to implement one step of the
@ -38,14 +36,12 @@ SECStatus share_int (const_PrioConfig cfg, const mp_int *src,
* a sharing of random values a, b, c such that * a sharing of random values a, b, c such that
* a * b = c * a * b = c
*/ */
BeaverTriple BeaverTriple_new (void); BeaverTriple BeaverTriple_new(void);
void BeaverTriple_clear (BeaverTriple t); void BeaverTriple_clear(BeaverTriple t);
SECStatus BeaverTriple_set_rand (const_PrioConfig cfg, SECStatus BeaverTriple_set_rand(const_PrioConfig cfg, BeaverTriple triple_a,
BeaverTriple triple_a, BeaverTriple triple_b);
BeaverTriple triple_b);
bool BeaverTriple_areEqual (const_BeaverTriple t1, const_BeaverTriple t2); bool BeaverTriple_areEqual(const_BeaverTriple t1, const_BeaverTriple t2);
#endif /* __SHARE_H__ */ #endif /* __SHARE_H__ */

91
third_party/prio/prio/util.h поставляемый
Просмотреть файл

@ -16,80 +16,88 @@
#define MIN(a, b) ((a) < (b) ? (a) : (b)) #define MIN(a, b) ((a) < (b) ? (a) : (b))
// Check a Prio error code and return failure if the call fails. // Check a Prio error code and return failure if the call fails.
#define P_CHECK(s) \ #define P_CHECK(s) \
do { \ do { \
if((rv = (s)) != SECSuccess) \ if ((rv = (s)) != SECSuccess) \
return rv; \ return rv; \
} while(0); } while (0);
// Check an allocation that should not return NULL. If the allocation returns // Check an allocation that should not return NULL. If the allocation returns
// NULL, set the return value and jump to the cleanup label to free memory. // NULL, set the return value and jump to the cleanup label to free memory.
#define P_CHECKA(s) \ #define P_CHECKA(s) \
do { \ do { \
if((s) == NULL) {\ if ((s) == NULL) { \
rv = SECFailure;\ rv = SECFailure; \
goto cleanup;\ goto cleanup; \
}\ } \
} while(0); } while (0);
// Check a Prio library call that should return SECSuccess. If it doesn't, // Check a Prio library call that should return SECSuccess. If it doesn't,
// jump to the cleanup label. // jump to the cleanup label.
#define P_CHECKC(s) \ #define P_CHECKC(s) \
do { \ do { \
if((rv = (s)) != SECSuccess) { \ if ((rv = (s)) != SECSuccess) { \
goto cleanup; \ goto cleanup; \
}\ } \
} while(0); } while (0);
// Check a boolean that should be true. If it not, // Check a boolean that should be true. If it not,
// jump to the cleanup label. // jump to the cleanup label.
#define P_CHECKCB(s) \ #define P_CHECKCB(s) \
do { \ do { \
if(!(s)) { \ if (!(s)) { \
rv = SECFailure; \ rv = SECFailure; \
goto cleanup; \ goto cleanup; \
}\ } \
} while(0); } while (0);
// Check an MPI library call and return failure if it fails. // Check an MPI library call and return failure if it fails.
#define MP_CHECK(s) do { if((s) != MP_OKAY) return SECFailure; } while(0); #define MP_CHECK(s) \
do { \
if ((s) != MP_OKAY) \
return SECFailure; \
} while (0);
// Check a msgpack object unpacked correctly // Check a msgpack object unpacked correctly
#define UP_CHECK(s) do { int r = (s); if(r != MSGPACK_UNPACK_SUCCESS &&\ #define UP_CHECK(s) \
r != MSGPACK_UNPACK_EXTRA_BYTES) \ do { \
return SECFailure; } while(0); int r = (s); \
if (r != MSGPACK_UNPACK_SUCCESS && r != MSGPACK_UNPACK_EXTRA_BYTES) \
return SECFailure; \
} while (0);
// Check an MPI library call. If it fails, set the return code and jump // Check an MPI library call. If it fails, set the return code and jump
// to the cleanup label. // to the cleanup label.
#define MP_CHECKC(s) \ #define MP_CHECKC(s) \
do { \ do { \
if((s) != MP_OKAY) { \ if ((s) != MP_OKAY) { \
rv = SECFailure; \ rv = SECFailure; \
goto cleanup; \ goto cleanup; \
}\ } \
} while(0); } while (0);
static inline int static inline int
next_power_of_two (int val) next_power_of_two(int val)
{ {
int i = val; int i = val;
int out = 0; int out = 0;
for ( ; i > 0; i >>= 1) { for (; i > 0; i >>= 1) {
out++; out++;
} }
int pow = 1 << out; int pow = 1 << out;
return (pow > 1 && pow/2 == val) ? val : pow; return (pow > 1 && pow / 2 == val) ? val : pow;
} }
/* /*
* Return a mask that masks out all of the zero bits * Return a mask that masks out all of the zero bits
*/ */
static inline unsigned char static inline unsigned char
msb_mask (unsigned char val) msb_mask(unsigned char val)
{ {
unsigned char mask; unsigned char mask;
for (mask = 0x00; (val & mask) != val; mask = (mask << 1) + 1); for (mask = 0x00; (val & mask) != val; mask = (mask << 1) + 1)
;
return mask; return mask;
} }
@ -99,4 +107,3 @@ msb_mask (unsigned char val)
#define UNUSED(x) (void)(x) #define UNUSED(x) (void)(x)
#endif /* __UTIL_H__ */ #endif /* __UTIL_H__ */

30
third_party/prio/ptest/MUTEST_LICENSE поставляемый
Просмотреть файл

@ -1,30 +0,0 @@
I don't like licenses, because I don't like having to worry about all this
legal stuff just for a simple piece of software I don't really mind anyone
using. But I also believe that it's important that people share and give back;
so I'm placing this work under the following license.
BOLA - Buena Onda License Agreement (v1.0)
------------------------------------------
This work is provided 'as-is', without any express or implied warranty. In no
event will the authors be held liable for any damages arising from the use of
this work.
To all effects and purposes, this work is to be considered Public Domain.
However, if you want to be "Buena onda", you should:
1. Not take credit for it, and give proper recognition to the authors.
2. Share your modifications, so everybody benefits from them.
4. Do something nice for the authors.
5. Help someone who needs it: sign up for some volunteer work or help your
neighbour paint the house.
6. Don't waste. Anything, but specially energy that comes from natural
non-renewable resources. Extra points if you discover or invent something
to replace them.
7. Be tolerant. Everything that's good in nature comes from cooperation.
The order is important, and the further you go the more "Buena onda" you are.
Make the world a better place: be "Buena onda".

44
third_party/prio/ptest/SConscript поставляемый
Просмотреть файл

@ -1,44 +0,0 @@
import sys
Import('env')
prio_env = env.Clone()
test_srcs = [
"mutest.c",
"client_test.c",
"example_test.c",
"encrypt_test.c",
"fft_test.c",
"mpi_test.c",
"prg_test.c",
"rand_test.c",
"serial_test.c",
"server_test.c",
"share_test.c",
]
libs = [
"nss3",
"mpi",
"mprio",
"msgpackc"
]
# Run the mutest script to generate the test harness code
bld = Builder(action = 'ptest/mkmutest ptest/mutest.h $SOURCES | $CC -c -xc -o $TARGET -')
prio_env.Append(BUILDERS = {'MkMutest' : bld})
prio_env.Append(LIBS = libs)
# Enable mpi print
prio_env.Append(CFLAGS = ['-DMP_IOFUNC'])
# Copy the mutest scripts to the build dir
prio_env.Install("mkmutest")
prio_env.Install("mutest.h")
test_objs = prio_env.Object(test_srcs)
test_main = prio_env.MkMutest(test_objs)
prio_env.Program("ptest", [test_main] + test_objs)

160
third_party/prio/ptest/client_test.c поставляемый
Просмотреть файл

@ -1,160 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mprio.h>
#include "prio/client.h"
#include "prio/server.h"
#include "prio/util.h"
#include "mutest.h"
void
mu_test_client__new (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
PrioPacketClient pA = NULL;
PrioPacketClient pB = NULL;
P_CHECKA (cfg = PrioConfig_newTest(23));
P_CHECKA (pA = PrioPacketClient_new (cfg, PRIO_SERVER_A));
P_CHECKA (pB = PrioPacketClient_new (cfg, PRIO_SERVER_B));
{
const int ndata = PrioConfig_numDataFields (cfg);
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
P_CHECKC (PrioPacketClient_set_data (cfg, data_items, pA, pB));
}
cleanup:
mu_check (rv == SECSuccess);
PrioPacketClient_clear (pA);
PrioPacketClient_clear (pB);
PrioConfig_clear (cfg);
}
void
test_client_agg (int nclients)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioTotalShare tA = NULL;
PrioTotalShare tB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
unsigned char *for_a = NULL;
unsigned char *for_b = NULL;
const unsigned char *batch_id = (unsigned char *)"test_batch";
unsigned int batch_id_len = strlen ((char *)batch_id);
PrioPRGSeed seed;
P_CHECKC (PrioPRGSeed_randomize (&seed));
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
P_CHECKA (cfg = PrioConfig_new (133, pkA, pkB, batch_id, batch_id_len));
P_CHECKA (sA = PrioServer_new (cfg, 0, skA, seed));
P_CHECKA (sB = PrioServer_new (cfg, 1, skB, seed));
P_CHECKA (tA = PrioTotalShare_new ());
P_CHECKA (tB = PrioTotalShare_new ());
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
const int ndata = PrioConfig_numDataFields (cfg);
{
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
for (int i=0; i < nclients; i++) {
unsigned int aLen, bLen;
P_CHECKC (PrioClient_encode (cfg, data_items, &for_a, &aLen,
&for_b, &bLen));
P_CHECKC (PrioVerifier_set_data (vA, for_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_b, bLen));
mu_check (PrioServer_aggregate (sA, vA) == SECSuccess);
mu_check (PrioServer_aggregate (sB, vB) == SECSuccess);
free (for_a);
free (for_b);
for_a = NULL;
for_b = NULL;
}
mu_check (PrioTotalShare_set_data (tA, sA) == SECSuccess);
mu_check (PrioTotalShare_set_data (tB, sB) == SECSuccess);
unsigned long output[ndata];
mu_check (PrioTotalShare_final (cfg, output, tA, tB) == SECSuccess);
for (int i=0; i < ndata; i++) {
unsigned long v = ((i % 3 == 1) || (i % 5 == 3));
mu_check (output[i] == v*nclients);
}
}
//rv = SECFailure;
//goto cleanup;
cleanup:
mu_check (rv == SECSuccess);
if (for_a) free (for_a);
if (for_b) free (for_b);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioTotalShare_clear (tA);
PrioTotalShare_clear (tB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
}
void
mu_test_client__agg_1 (void)
{
test_client_agg (1);
}
void
mu_test_client__agg_2 (void)
{
test_client_agg (2);
}
void
mu_test_client__agg_10 (void)
{
test_client_agg (10);
}

228
third_party/prio/ptest/encrypt_test.c поставляемый
Просмотреть файл

@ -1,228 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <nspr.h>
#include <nss/nss.h>
#include <nss/secoidt.h>
#include <nss/keyhi.h>
#include <nss/pk11pub.h>
#include <nss/cert.h>
#include "mutest.h"
#include "prio/encrypt.h"
#include "prio/rand.h"
#include "prio/util.h"
void
mu_test_keygen (void)
{
SECStatus rv = SECSuccess;
PublicKey pubkey = NULL;
PrivateKey pvtkey = NULL;
P_CHECKC (Keypair_new (&pvtkey, &pubkey));
mu_check (SECKEY_PublicKeyStrength (pubkey) == 32);
cleanup:
mu_check (rv == SECSuccess);
PublicKey_clear (pubkey);
PrivateKey_clear (pvtkey);
return;
}
void
test_encrypt_once (int bad, unsigned int inlen)
{
SECStatus rv = SECSuccess;
PublicKey pubkey = NULL;
PrivateKey pvtkey = NULL;
PublicKey pubkey2 = NULL;
PrivateKey pvtkey2 = NULL;
unsigned char *bytes_in = NULL;
unsigned char *bytes_enc = NULL;
unsigned char *bytes_dec = NULL;
unsigned int enclen;
P_CHECKC (PublicKey_encryptSize (inlen, &enclen));
unsigned int declen = enclen;
P_CHECKA (bytes_in = malloc (inlen));
P_CHECKA (bytes_enc = malloc (enclen));
P_CHECKA (bytes_dec= malloc (enclen));
P_CHECKC (rand_bytes (bytes_in, inlen));
memset (bytes_dec, 0, declen);
unsigned int encryptedBytes;
P_CHECKC (Keypair_new (&pvtkey, &pubkey));
P_CHECKC (Keypair_new (&pvtkey2, &pubkey2));
P_CHECKC (PublicKey_encrypt (pubkey, bytes_enc,
&encryptedBytes, enclen,
bytes_in, inlen));
mu_check (encryptedBytes == enclen);
if (bad == 1)
enclen = 30;
if (bad == 2) {
bytes_enc[4] = 6;
bytes_enc[5] = 0;
}
if (bad == 3) {
bytes_enc[40] = 6;
bytes_enc[41] = 0;
}
unsigned int decryptedBytes;
PrivateKey key_to_use = (bad == 4) ? pvtkey2 : pvtkey;
P_CHECKC (PrivateKey_decrypt (key_to_use, bytes_dec, &decryptedBytes, declen,
bytes_enc, enclen));
mu_check (decryptedBytes == inlen);
mu_check (!strncmp ((char *)bytes_in, (char *)bytes_dec, inlen));
cleanup:
mu_check (bad ? (rv == SECFailure) : (rv == SECSuccess));
if (bytes_in) free (bytes_in);
if (bytes_enc) free (bytes_enc);
if (bytes_dec) free (bytes_dec);
PublicKey_clear (pubkey);
PrivateKey_clear (pvtkey);
PublicKey_clear (pubkey2);
PrivateKey_clear (pvtkey2);
return;
}
void
mu_test_encrypt_good (void)
{
test_encrypt_once (0, 100);
}
void
mu_test_encrypt_good_long (void)
{
test_encrypt_once (0, 1000000);
}
void
mu_test_encrypt_too_short (void)
{
test_encrypt_once (1, 87);
}
void
mu_test_encrypt_garbage (void)
{
test_encrypt_once (2, 10023);
}
void
mu_test_encrypt_garbage2 (void)
{
test_encrypt_once (3, 8123);
}
void
mu_test_decrypt_wrong_key (void)
{
test_encrypt_once (4, 81230);
}
void
mu_test_export (void)
{
SECStatus rv = SECSuccess;
PublicKey pubkey = NULL;
unsigned char raw_bytes[CURVE25519_KEY_LEN];
unsigned char raw_bytes2[CURVE25519_KEY_LEN];
for (int i=0; i< CURVE25519_KEY_LEN; i++) {
raw_bytes[i] = (3*i+7) % 0xFF;
}
P_CHECKC (PublicKey_import (&pubkey, raw_bytes, CURVE25519_KEY_LEN));
P_CHECKC (PublicKey_export (pubkey, raw_bytes2));
for (int i=0; i< CURVE25519_KEY_LEN; i++) {
mu_check (raw_bytes[i] == raw_bytes2[i]);
}
cleanup:
mu_check (rv == SECSuccess);
PublicKey_clear (pubkey);
return;
}
void
mu_test_export_hex (void)
{
SECStatus rv = SECSuccess;
PublicKey pubkey = NULL;
const unsigned char hex_bytes[2*CURVE25519_KEY_LEN] = \
"102030405060708090A0B0C0D0E0F00000FFEEDDCCBBAA998877665544332211";
const unsigned char hex_bytesl[2*CURVE25519_KEY_LEN] = \
"102030405060708090a0B0C0D0E0F00000FfeEddcCbBaa998877665544332211";
const unsigned char raw_bytes_should[CURVE25519_KEY_LEN] = {
0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
0x90, 0xA0, 0xB0, 0xC0, 0xD0, 0xE0, 0xF0, 0x00,
0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99,
0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
unsigned char raw_bytes[CURVE25519_KEY_LEN];
unsigned char hex_bytes2[2*CURVE25519_KEY_LEN+1];
// Make sure that invalid lengths are rejected.
mu_check (PublicKey_import_hex (&pubkey, hex_bytes,
2*CURVE25519_KEY_LEN-1) == SECFailure);
mu_check (PublicKey_import_hex (&pubkey, hex_bytes,
2*CURVE25519_KEY_LEN+1) == SECFailure);
// Import a key in upper-case hex
P_CHECKC (PublicKey_import_hex (&pubkey, hex_bytes, 2*CURVE25519_KEY_LEN));
P_CHECKC (PublicKey_export (pubkey, raw_bytes));
PublicKey_clear (pubkey);
pubkey = NULL;
for (int i=0; i<CURVE25519_KEY_LEN; i++) {
mu_check (raw_bytes[i] == raw_bytes_should[i]);
}
// Import a key in mixed-case hex
P_CHECKC (PublicKey_import_hex (&pubkey, hex_bytesl, 2*CURVE25519_KEY_LEN));
P_CHECKC (PublicKey_export (pubkey, raw_bytes));
PublicKey_clear (pubkey);
pubkey = NULL;
for (int i=0; i<CURVE25519_KEY_LEN; i++) {
mu_check (raw_bytes[i] == raw_bytes_should[i]);
}
mu_check (PublicKey_import (&pubkey, raw_bytes_should,
CURVE25519_KEY_LEN-1) == SECFailure);
mu_check (PublicKey_import (&pubkey, raw_bytes_should,
CURVE25519_KEY_LEN+1) == SECFailure);
// Import a raw key and export as hex
P_CHECKC (PublicKey_import (&pubkey, raw_bytes_should, CURVE25519_KEY_LEN));
P_CHECKC (PublicKey_export_hex (pubkey, hex_bytes2));
for (int i=0; i<2*CURVE25519_KEY_LEN; i++) {
mu_check (hex_bytes[i] == hex_bytes2[i]);
}
mu_ensure (hex_bytes2[2*CURVE25519_KEY_LEN] == '\0');
cleanup:
mu_check (rv == SECSuccess);
PublicKey_clear (pubkey);
return;
}

21
third_party/prio/ptest/example_test.c поставляемый
Просмотреть файл

@ -1,21 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
//#include <stdio.h>
#include "mutest.h"
void
mu_test_example (void)
{
mu_check (1);
}

170
third_party/prio/ptest/fft_test.c поставляемый
Просмотреть файл

@ -1,170 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include <mprio.h>
#include <stdio.h>
#include "mutest.h"
#include "prio/config.h"
#include "prio/mparray.h"
#include "prio/poly.h"
#include "prio/util.h"
void
mu_test__fft_one (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
MPArray points_in = NULL;
MPArray points_out = NULL;
P_CHECKA (cfg = PrioConfig_newTest (123));
P_CHECKA (points_in = MPArray_new (1));
P_CHECKA (points_out = MPArray_new (1));
mp_set (&points_in->data[0], 3);
mu_check (poly_fft (points_out, points_in, cfg, false) == SECSuccess);
mu_check (mp_cmp_d(&points_in->data[0], 3) == 0);
mu_check (mp_cmp_d(&points_out->data[0], 3) == 0);
cleanup:
mu_check (rv == SECSuccess);
MPArray_clear (points_in);
MPArray_clear (points_out);
PrioConfig_clear (cfg);
}
void
mu_test__fft_roots (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
mp_int tmp;
MP_DIGITS (&tmp) = NULL;
P_CHECKA (cfg = PrioConfig_newTest (90));
MP_CHECKC (mp_init (&tmp));
mp_int roots[4];
poly_fft_get_roots (roots, 4, cfg, false);
for (int i=0; i<4; i++) {
mp_exptmod_d(&roots[i], 4, &cfg->modulus, &tmp);
mu_check (mp_cmp_d( &tmp, 1) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&tmp);
PrioConfig_clear (cfg);
}
void
mu_test__fft_simple (void)
{
SECStatus rv = SECSuccess;
const int nPoints = 4;
PrioConfig cfg = NULL;
MPArray points_in = NULL;
MPArray points_out = NULL;
mp_int should_be, tmp;
mp_int roots[nPoints];
MP_DIGITS (&should_be) = NULL;
MP_DIGITS (&tmp) = NULL;
for (int i=0; i<nPoints; i++) {
MP_DIGITS (&roots[i]) = NULL;
}
P_CHECKA (cfg = PrioConfig_newTest (140));
P_CHECKA (points_in = MPArray_new (nPoints));
P_CHECKA (points_out = MPArray_new (nPoints));
MP_CHECKC (mp_init (&should_be));
MP_CHECKC (mp_init (&tmp));
poly_fft_get_roots (roots, nPoints, cfg, false);
mp_set (&points_in->data[0], 3);
mp_set (&points_in->data[1], 8);
mp_set (&points_in->data[2], 7);
mp_set (&points_in->data[3], 9);
mu_check (poly_fft (points_out, points_in, cfg, false) == SECSuccess);
for (int i=0; i<nPoints; i++) {
mp_set (&should_be, 0);
for (int j=0; j<nPoints; j++) {
mu_check (mp_exptmod_d(&roots[i], j, &cfg->modulus, &tmp) == MP_OKAY);
mu_check (mp_mulmod(&tmp, &points_in->data[j], &cfg->modulus, &tmp) == MP_OKAY);
mu_check (mp_addmod(&should_be, &tmp, &cfg->modulus, &should_be) == MP_OKAY);
}
/*
puts("Should be:");
mp_print(&should_be, stdout);
puts("");
mp_print(&points_out[i], stdout);
puts("");
*/
mu_check (mp_cmp (&should_be, &points_out->data[i]) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&tmp);
mp_clear (&should_be);
MPArray_clear (points_in);
MPArray_clear (points_out);
PrioConfig_clear (cfg);
}
void
mu_test__fft_invert (void)
{
SECStatus rv = SECSuccess;
const int nPoints = 8;
PrioConfig cfg = NULL;
MPArray points_in = NULL;
MPArray points_out = NULL;
MPArray points_out2 = NULL;
mp_int roots[nPoints];
P_CHECKA (cfg = PrioConfig_newTest (91));
P_CHECKA (points_in = MPArray_new (nPoints));
P_CHECKA (points_out = MPArray_new (nPoints));
P_CHECKA (points_out2 = MPArray_new (nPoints));
poly_fft_get_roots (roots, nPoints, cfg, false);
mp_set (&points_in->data[0], 3);
mp_set (&points_in->data[1], 8);
mp_set (&points_in->data[2], 7);
mp_set (&points_in->data[3], 9);
mp_set (&points_in->data[4], 123);
mp_set (&points_in->data[5], 123123987);
mp_set (&points_in->data[6], 2);
mp_set (&points_in->data[7], 0);
mu_check (poly_fft(points_out, points_in, cfg, false) == SECSuccess);
mu_check (poly_fft(points_out2, points_out, cfg, true) == SECSuccess);
for (int i=0; i<nPoints; i++) {
mu_check (mp_cmp (&points_out2->data[i], &points_in->data[i]) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
MPArray_clear (points_in);
MPArray_clear (points_out);
MPArray_clear (points_out2);
PrioConfig_clear (cfg);
}

65
third_party/prio/ptest/mkmutest поставляемый
Просмотреть файл

@ -1,65 +0,0 @@
#!/usr/bin/env bash
#
# This file is part of mutest, a simple micro unit testing framework for C.
#
# mutest was written by Leandro Lucarella <llucax@gmail.com> and is released
# under the BOLA license, please see the LICENSE file or visit:
# http://blitiri.com.ar/p/bola/
#
# This is a simple script to generate a C file that runs all the test suites
# present in .o files passed as arguments.
#
# Please, read the README file for more details.
#
# the trick here is getting all the test cases present in an object file using
# nm. All the tests must take and return void, start with "mutest_" and, of
# course, should not be static, which leads to a small limitation: all test
# cases must have unique names, even across test suites.
# the first argument should be mutest.h
if [ -z "$1" ]
then
echo "Too few arguments" >&2
echo "Usage: $0 mutest_h_location [object files...]" >&2
exit 1
fi
mutest_h="$1"
shift
echo "#include \"$mutest_h\""
echo "void mu_run_suites() {"
echo
for file in "$@"
do
pr_file=`echo "$file" | sed 's/\"/\\\\\"/g'`
suite=`basename "$file" .o | sed 's/\"/\\\\\"/g'`
#symbols=`nm "$file" | egrep '^[[:xdigit:]]{8} T mu_\w+$' | cut -c12-`
symbols=`nm "$file" | egrep ' T _mu_\w+$' | cut -c21-`
symbols+=`nm "$file" | egrep ' T mu_\w+$' | cut -c20-`
tests=`echo "$symbols" | egrep '^mu_test'`
inits=`echo "$symbols" | egrep '^mu_init'`
terms=`echo "$symbols" | egrep '^mu_term'`
echo -e '\tdo {'
echo -e '\t\tmutest_suite_name = "'"$suite"'";'
echo -e '\t\tmu_print(MU_SUITE, "\\nRunning suite '"'$suite'"'\\n");'
for init in $inits
do
echo -e "\\t\\tmu_run_init($init);"
done
for testcase in $tests
do
echo -e "\t\tmu_run_case($testcase);"
done
for term in $terms
do
echo -e "\t\tmu_run_term($term);"
done
echo -e "\t\tif (mutest_suite_failed) ++mutest_failed_suites;"
echo -e "\t\telse ++mutest_passed_suites;"
echo -e "\t\tmutest_suite_failed = 0;"
echo -e '\t} while (0);'
echo
done
echo "}"

38
third_party/prio/ptest/mpi_test.c поставляемый
Просмотреть файл

@ -1,38 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include "mutest.h"
void
mu_test_mpi__add (void)
{
mp_int a;
mp_int b;
mp_int c;
mu_check (mp_init (&a) == MP_OKAY);
mu_check (mp_init (&b) == MP_OKAY);
mu_check (mp_init (&c) == MP_OKAY);
mp_set (&a, 10);
mp_set (&b, 7);
mp_add (&a, &b, &c);
mp_set (&a, 17);
mu_check (mp_cmp (&a, &c) == 0);
mp_clear (&a);
mp_clear (&b);
mp_clear (&c);
}

94
third_party/prio/ptest/mutest.c поставляемый
Просмотреть файл

@ -1,94 +0,0 @@
/*
* This file is part of mutest, a simple micro unit testing framework for C.
*
* mutest was written by Leandro Lucarella <llucax@gmail.com> and is released
* under the BOLA license, please see the LICENSE file or visit:
* http://blitiri.com.ar/p/bola/
*
* This is the main program, it runs all the test suites and shows the
* results. The main work (of running the test suite) is done by the (usually)
* synthesized mu_run_suites() function, which can be generated using the
* mkmutest script (or written manually).
*
* Please, read the README file for more details.
*/
#include <mprio.h>
#include <stdio.h> /* printf(), fprintf() */
#include <string.h> /* strncmp() */
#include "mutest.h" /* MU_* constants, mu_print() */
/*
* note that all global variables are public because they need to be accessed
* from other modules, like the test suites or the module implementing
* mu_run_suites()
*/
/* globals for managing test suites */
const char* mutest_suite_name;
int mutest_failed_suites;
int mutest_passed_suites;
int mutest_skipped_suites;
int mutest_suite_failed;
/* globals for managing test cases */
const char* mutest_case_name;
int mutest_failed_cases;
int mutest_passed_cases;
int mutest_case_failed;
/* globals for managing checks */
int mutest_failed_checks;
int mutest_passed_checks;
/* verbosity level, see mutest.h */
int mutest_verbose_level = 1; /* exported for use in test suites */
/*
* only -v is supported right now, both "-v -v" and "-vv" are accepted for
* increasing the verbosity by 2.
*/
void parse_args(__attribute__((unused)) int argc, char* argv[]) {
while (*++argv) {
if (strncmp(*argv, "-v", 2) == 0) {
++mutest_verbose_level;
char* c = (*argv) + 1;
while (*++c) {
if (*c != 'v')
break;
++mutest_verbose_level;
}
}
}
}
int main(int argc, char* argv[]) {
Prio_init ();
parse_args(argc, argv);
mu_run_suites();
Prio_clear ();
mu_print(MU_SUMMARY, "\n"
"Tests done:\n"
"\t%d test suite(s) passed, %d failed, %d skipped.\n"
"\t%d test case(s) passed, %d failed.\n"
"\t%d check(s) passed, %d failed.\n"
"\n",
mutest_passed_suites, mutest_failed_suites,
mutest_skipped_suites,
mutest_passed_cases, mutest_failed_cases,
mutest_passed_checks, mutest_failed_checks);
return (mutest_failed_suites + mutest_skipped_suites) ? 1 : 0;
}

248
third_party/prio/ptest/mutest.h поставляемый
Просмотреть файл

@ -1,248 +0,0 @@
/*
* This file is part of mutest, a simple micro unit testing framework for C.
*
* mutest was written by Leandro Lucarella <llucax@gmail.com> and is released
* under the BOLA license, please see the LICENSE file or visit:
* http://blitiri.com.ar/p/bola/
*
* This header file should be included in the source files that will make up
* a test suite. It's used for both C and Python implementation, but when
* using the Python implementation you should define the MUTEST_PY macro.
* If you implement your mu_run_suites() function yourself, you probably will
* need to include this header too (see mkmutest).
*
* Please, read the README file for more details.
*/
#include <stdio.h> /* fprintf() */
#ifdef __cplusplus
extern "C" {
#endif
/* verbosity level (each level shows all the previous levels too) */
enum {
MU_QUIET = 0, /* be completely quiet */
MU_ERROR, /* shows errors only */
MU_SUMMARY, /* shows a summary */
MU_SUITE, /* shows test suites progress */
MU_CASE, /* shows test cases progress */
MU_CHECK /* shows the current running check */
};
/* print a message according to the verbosity level */
#define mu_print(level, ...) \
do { \
if (mutest_verbose_level >= level) { \
if (mutest_verbose_level == MU_ERROR) \
fprintf(stderr, __VA_ARGS__); \
else \
fprintf(stdout, __VA_ARGS__); \
} \
} while (0)
/* print an error message */
#define mu_printerr(name, action) \
mu_print(MU_ERROR, __FILE__ ":%d: " name " failed, "\
action " test case\n", __LINE__);
/* modify the internal state so a failure gets counted */
#define mutest_count_err ++mutest_failed_checks; mutest_case_failed = 1;
/* modify the internal state so a success gets counted */
#define mutest_count_suc ++mutest_passed_checks;
#ifdef __cplusplus
#include <exception>
/* print an error message triggered by a C++ exception */
#define mu_printex(name, action, ex) \
mu_print(MU_ERROR, __FILE__ ":%d: " name " failed, " \
"exception thrown (%s), " action \
" test case\n", __LINE__, ex);
#define mutest_try try {
#define mutest_catch(name, action, final) \
} catch (const std::exception& e) { \
mutest_count_err \
mu_printex(name, action, e.what()); \
final; \
} catch (...) { \
mutest_count_err \
mu_printex(name, action, "[unknown]"); \
final; \
}
#else /* !__cplusplus */
#define mutest_try
#define mutest_catch(name, action, exp)
#endif /* __cplusplus */
/* check that an expression evaluates to true, continue if the check fails */
#define mu_check_base(exp, name, action, final) \
do { \
mu_print(MU_CHECK, "\t\t* Checking " name "(" #exp ")...\n"); \
mutest_try \
if (exp) mutest_count_suc \
else { \
mutest_count_err \
mu_printerr(name "(" #exp ")", action); \
final; \
} \
mutest_catch(name, action, final) \
} while (0)
/* check that an expression evaluates to true, continue if the check fails */
#define mu_check(exp) mu_check_base(exp, "mu_check", "resuming", continue)
/*
* ensure that an expression evaluates to true, abort the current test
* case if the check fails
*/
#define mu_ensure(exp) mu_check_base(exp, "mu_ensure", "aborting", return)
#ifdef __cplusplus
#define mu_echeck_base(ex, exp, name, action, final) \
do { \
mu_print(MU_CHECK, "\t\t* Checking " name "(" #ex ", " #exp \
")...\n"); \
try { \
exp; \
mutest_count_err \
mu_printerr(name "(" #ex ", " #exp ")", \
"no exception thrown, " action); \
final; \
} catch (const ex& e) { \
mutest_count_suc \
} catch (const std::exception& e) { \
mutest_count_err \
mu_printex(name "(" #ex ", " #exp ")", action, \
e.what()); \
final; \
} catch (...) { \
mutest_count_err \
mu_printex(name "(" #ex ", " #exp ")", action, \
"[unknown]"); \
final; \
} \
} while (0)
/*
* check that an expression throws a particular exception, continue if the
* check fails
*/
#define mu_echeck(ex, exp) \
mu_echeck_base(ex, exp, "mu_echeck", "resuming", continue)
/*
* ensure that an expression throws a particular exception, abort the current
* test case if the check fails
*/
#define mu_eensure(ex, exp) \
mu_echeck_base(ex, exp, "mu_eensure", "aborting", return)
#endif /* __cplusplus */
#ifndef MUTEST_PY /* we are using the C implementation */
/*
* this function implements the test suites execution, you should generate
* a module with this function using mkmutest, or take a look to that script
* if you want to implement your own customized version */
void mu_run_suites();
/* macro for running a single initialization function */
#ifndef mu_run_init
#define mu_run_init(name) \
{ \
int name(); \
int r; \
mu_print(MU_CASE, "\t+ Executing initialization function " \
"'" #name "'...\n"); \
if ((r = name())) { \
mu_print(MU_ERROR, "%s:" #name ": initialization " \
"function failed (returned %d), " \
"skipping test suite...\n", \
mutest_suite_name, r); \
++mutest_skipped_suites; \
break; \
} \
} do { } while (0)
#endif /* mu_run_init */
/* macro for running a single test case */
#ifndef mu_run_case
#define mu_run_case(name) \
do { \
mu_print(MU_CASE, "\t* Executing test case '" #name "'...\n");\
mutest_case_name = #name; \
void name(); \
name(); \
if (mutest_case_failed) { \
++mutest_failed_cases; \
mutest_suite_failed = 1; \
} else ++mutest_passed_cases; \
mutest_case_failed = 0; \
} while (0)
#endif /* mu_run_case */
/* macro for running a single termination function */
#ifndef mu_run_term
#define mu_run_term(name) \
do { \
mu_print(MU_CASE, "\t- Executing termination function '" \
#name "'...\n"); \
void name(); \
name(); \
} while (0)
#endif /* mu_run_term */
/*
* mutest exported variables for internal use, do not use directly unless you
* know what you're doing.
*/
extern const char* mutest_suite_name;
extern int mutest_failed_suites;
extern int mutest_passed_suites;
extern int mutest_skipped_suites;
extern int mutest_suite_failed;
/* test cases */
extern const char* mutest_case_name;
extern int mutest_failed_cases;
extern int mutest_passed_cases;
extern int mutest_case_failed;
/* checks */
extern int mutest_failed_checks;
extern int mutest_passed_checks;
/* verbosity */
extern int mutest_verbose_level;
#else /* MUTEST_PY is defined, using the Python implementation */
/* this increments when the "API" changes, it's just for sanity check */
int mutest_api_version = 1;
int mutest_case_failed; /* unused, for C implementation compatibility */
int mutest_passed_checks;
int mutest_failed_checks;
void mutest_reset_counters() {
mutest_passed_checks = 0;
mutest_failed_checks = 0;
}
int mutest_verbose_level = MU_ERROR;
void mutest_set_verbose_level(int val) {
mutest_verbose_level = val;
}
#endif /* MUTEST_PY */
#ifdef __cplusplus
}
#endif

345
third_party/prio/ptest/prg_test.c поставляемый
Просмотреть файл

@ -1,345 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include "mutest.h"
#include "prio/prg.h"
#include "prio/util.h"
void
mu_test__prg_simple (void)
{
SECStatus rv = SECSuccess;
PrioPRGSeed key;
PRG prg = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg = PRG_new (key));
cleanup:
mu_check (rv == SECSuccess);
PRG_clear (prg);
}
void
mu_test__prg_repeat (void)
{
SECStatus rv = SECSuccess;
const int buflen = 10000;
unsigned char buf1[buflen];
unsigned char buf2[buflen];
PrioPRGSeed key;
PRG prg1 = NULL;
PRG prg2 = NULL;
buf1[3] = 'a';
buf2[3] = 'b';
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg1 = PRG_new (key));
P_CHECKA (prg2 = PRG_new (key));
P_CHECKC (PRG_get_bytes (prg1, buf1, buflen));
P_CHECKC (PRG_get_bytes (prg2, buf2, buflen));
bool all_zero = true;
for (int i=0; i<buflen; i++) {
mu_check (buf1[i] == buf2[i]);
if (buf1[i]) all_zero = false;
}
mu_check (!all_zero);
cleanup:
mu_check (rv == SECSuccess);
PRG_clear (prg1);
PRG_clear (prg2);
}
void
mu_test__prg_repeat_int (void)
{
SECStatus rv = SECSuccess;
const int tries = 10000;
mp_int max;
mp_int out1;
mp_int out2;
MP_DIGITS (&max) = NULL;
MP_DIGITS (&out1) = NULL;
MP_DIGITS (&out2) = NULL;
PrioPRGSeed key;
PRG prg1 = NULL;
PRG prg2 = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg1 = PRG_new (key));
P_CHECKA (prg2 = PRG_new (key));
MP_CHECKC (mp_init (&max));
MP_CHECKC (mp_init (&out1));
MP_CHECKC (mp_init (&out2));
for (int i=0; i<tries; i++) {
mp_set (&max, i+1);
P_CHECKC (PRG_get_int (prg1, &out1, &max));
P_CHECKC (PRG_get_int (prg2, &out2, &max));
mu_check (mp_cmp (&out1, &out2) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
PRG_clear (prg1);
PRG_clear (prg2);
mp_clear (&max);
mp_clear (&out1);
mp_clear (&out2);
}
void
test_prg_once (int limit)
{
SECStatus rv = SECSuccess;
PrioPRGSeed key;
mp_int max;
mp_int out;
PRG prg = NULL;
MP_DIGITS (&max) = NULL;
MP_DIGITS (&out) = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg = PRG_new (key));
MP_CHECKC (mp_init (&max));
MP_CHECKC (mp_init (&out));
mp_set (&max, limit);
P_CHECKC (PRG_get_int (prg, &out, &max));
mu_check (mp_cmp_d (&out, limit) == -1);
mu_check (mp_cmp_z (&out) > -1);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
mp_clear (&out);
PRG_clear (prg);
}
void
mu_test_prg__multiple_of_8 (void)
{
test_prg_once (256);
test_prg_once (256*256);
}
void
mu_test_prg__near_multiple_of_8 (void)
{
test_prg_once (256+1);
test_prg_once (256*256+1);
}
void
mu_test_prg__odd (void)
{
test_prg_once (39);
test_prg_once (123);
test_prg_once (993123);
}
void
mu_test_prg__large (void)
{
test_prg_once (1231239933);
}
void
mu_test_prg__bit(void)
{
test_prg_once (1);
for (int i = 0; i < 100; i++)
test_prg_once (2);
}
void
test_prg_distribution (int limit)
{
int bins[limit];
SECStatus rv = SECSuccess;
PrioPRGSeed key;
mp_int max;
mp_int out;
PRG prg = NULL;
MP_DIGITS (&max) = NULL;
MP_DIGITS (&out) = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg = PRG_new (key));
MP_CHECKC (mp_init (&max));
MP_CHECKC (mp_init (&out));
mp_set (&max, limit);
for (int i = 0; i < limit; i++) {
bins[i] = 0;
}
for (int i = 0; i < limit*limit; i++) {
P_CHECKC (PRG_get_int (prg, &out, &max));
mu_check (mp_cmp_d (&out, limit) == -1);
mu_check (mp_cmp_z (&out) > -1);
unsigned char ival[2] = {0x00, 0x00};
MP_CHECKC (mp_to_fixlen_octets (&out, ival, 2));
if (ival[1] + 256*ival[0] < limit) {
bins[ival[1] + 256*ival[0]] += 1;
} else {
mu_check (false);
}
}
for (int i = 0; i < limit; i++) {
mu_check (bins[i] > limit/2);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
mp_clear (&out);
PRG_clear (prg);
}
void
mu_test__prg_distribution123 (void)
{
test_prg_distribution(123);
}
void
mu_test__prg_distribution257 (void)
{
test_prg_distribution(257);
}
void
mu_test__prg_distribution259 (void)
{
test_prg_distribution(259);
}
void
test_prg_distribution_large (mp_int *max)
{
const int limit = 16;
int bins[limit];
SECStatus rv = SECSuccess;
PrioPRGSeed key;
mp_int out;
PRG prg = NULL;
MP_DIGITS (&out) = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg = PRG_new (key));
MP_CHECKC (mp_init (&out));
for (int i = 0; i < limit; i++) {
bins[i] = 0;
}
for (int i = 0; i < 100*limit*limit; i++) {
MP_CHECKC (PRG_get_int (prg, &out, max));
mu_check (mp_cmp (&out, max) == -1);
mu_check (mp_cmp_z (&out) > -1);
unsigned long res;
MP_CHECKC (mp_mod_d (&out, limit, &res));
bins[res] += 1;
}
for (int i = 0; i < limit; i++) {
mu_check (bins[i] > limit/2);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&out);
PRG_clear (prg);
}
void
mu_test__prg_distribution_large (void)
{
SECStatus rv = SECSuccess;
mp_int max;
MP_DIGITS (&max) = NULL;
MP_CHECKC (mp_init (&max));
char bytes[] = "FF1230985198451798EDC8123";
MP_CHECKC (mp_read_radix (&max, bytes, 16));
test_prg_distribution_large (&max);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
}
void
mu_test__prg_share_arr (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
MPArray arr = NULL;
MPArray arr_share = NULL;
PRG prg = NULL;
PrioPRGSeed seed;
P_CHECKA (cfg = PrioConfig_newTest (72));
P_CHECKC (PrioPRGSeed_randomize (&seed));
P_CHECKA (arr = MPArray_new (10));
P_CHECKA (arr_share = MPArray_new (10));
P_CHECKA (prg = PRG_new (seed));
for (int i=0; i<10; i++) {
mp_set (&arr->data[i], i);
}
P_CHECKC (PRG_share_array (prg, arr_share, arr, cfg));
// Reset PRG
PRG_clear (prg);
P_CHECKA (prg = PRG_new (seed));
// Read pseudorandom values into arr
P_CHECKC (PRG_get_array (prg, arr, &cfg->modulus));
for (int i=0; i<10; i++) {
MP_CHECKC (mp_addmod (&arr->data[i], &arr_share->data[i],
&cfg->modulus, &arr->data[i]));
mu_check (mp_cmp_d (&arr->data[i], i) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
PRG_clear (prg);
MPArray_clear (arr);
MPArray_clear (arr_share);
PrioConfig_clear (cfg);
}

194
third_party/prio/ptest/rand_test.c поставляемый
Просмотреть файл

@ -1,194 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include "mutest.h"
#include "prio/rand.h"
#include "prio/util.h"
void
mu_test__util_msb_mast (void)
{
mu_check (msb_mask (0x01) == 0x01);
mu_check (msb_mask (0x02) == 0x03);
mu_check (msb_mask (0x0C) == 0x0F);
mu_check (msb_mask (0x1C) == 0x1F);
mu_check (msb_mask (0xFF) == 0xFF);
}
void
test_rand_once (int limit)
{
mp_int max;
mp_int out;
mu_check (mp_init (&max) == MP_OKAY);
mu_check (mp_init (&out) == MP_OKAY);
mp_set (&max, limit);
mu_check (rand_int (&out, &max) == MP_OKAY);
mu_check (mp_cmp_d (&out, limit) == -1);
mu_check (mp_cmp_z (&out) > -1);
mp_clear (&max);
mp_clear (&out);
}
void
mu_test_rand__multiple_of_8 (void)
{
test_rand_once (256);
test_rand_once (256*256);
}
void
mu_test_rand__near_multiple_of_8 (void)
{
test_rand_once (256+1);
test_rand_once (256*256+1);
}
void
mu_test_rand__odd (void)
{
test_rand_once (39);
test_rand_once (123);
test_rand_once (993123);
}
void
mu_test_rand__large (void)
{
test_rand_once (1231239933);
}
void
mu_test_rand__bit(void)
{
test_rand_once (1);
for (int i = 0; i < 100; i++)
test_rand_once (2);
}
void
test_rand_distribution (int limit)
{
SECStatus rv = SECSuccess;
int bins[limit];
mp_int max;
mp_int out;
MP_DIGITS (&max) = NULL;
MP_DIGITS (&out) = NULL;
MP_CHECKC (mp_init (&max));
MP_CHECKC (mp_init (&out));
mp_set (&max, limit);
for (int i = 0; i < limit; i++) {
bins[i] = 0;
}
for (int i = 0; i < limit*limit; i++) {
mu_check (rand_int (&out, &max) == MP_OKAY);
mu_check (mp_cmp_d (&out, limit) == -1);
mu_check (mp_cmp_z (&out) > -1);
unsigned char ival[2] = {0x00, 0x00};
MP_CHECKC (mp_to_fixlen_octets (&out, ival, 2));
if (ival[1] + 256*ival[0] < limit) {
bins[ival[1] + 256*ival[0]] += 1;
} else {
mu_check (false);
}
}
for (int i = 0; i < limit; i++) {
mu_check (bins[i] > limit/2);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
mp_clear (&out);
}
void
mu_test__rand_distribution123 (void)
{
test_rand_distribution(123);
}
void
mu_test__rand_distribution257 (void)
{
test_rand_distribution(257);
}
void
mu_test__rand_distribution259 (void)
{
test_rand_distribution(259);
}
void
test_rand_distribution_large (mp_int *max)
{
SECStatus rv = SECSuccess;
int limit = 16;
int bins[limit];
mp_int out;
MP_DIGITS (&out) = NULL;
MP_CHECKC (mp_init (&out));
for (int i = 0; i < limit; i++) {
bins[i] = 0;
}
for (int i = 0; i < 100*limit*limit; i++) {
MP_CHECKC (rand_int (&out, max));
mu_check (mp_cmp (&out, max) == -1);
mu_check (mp_cmp_z (&out) > -1);
unsigned long res;
MP_CHECKC (mp_mod_d (&out, limit, &res));
bins[res] += 1;
}
for (int i = 0; i < limit; i++) {
mu_check (bins[i] > limit/2);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&out);
}
void
mu_test__rand_distribution_large (void)
{
SECStatus rv = SECSuccess;
mp_int max;
MP_DIGITS (&max) = NULL;
MP_CHECKC (mp_init (&max));
char bytes[] = "FF1230985198451798EDC8123";
MP_CHECKC (mp_read_radix (&max, bytes, 16));
test_rand_distribution_large (&max);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
}

319
third_party/prio/ptest/serial_test.c поставляемый
Просмотреть файл

@ -1,319 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mprio.h>
#include <msgpack.h>
#include <string.h>
#include "mutest.h"
#include "prio/client.h"
#include "prio/config.h"
#include "prio/serial.h"
#include "prio/server.h"
#include "prio/util.h"
SECStatus
gen_client_packets (const_PrioConfig cfg, PrioPacketClient pA, PrioPacketClient pB)
{
SECStatus rv = SECSuccess;
const int ndata = cfg->num_data_fields;
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
P_CHECKC (PrioPacketClient_set_data (cfg, data_items, pA, pB));
cleanup:
return rv;
}
void serial_client (int bad)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
PrioConfig cfg2 = NULL;
PrioPacketClient pA = NULL;
PrioPacketClient pB = NULL;
PrioPacketClient qA = NULL;
PrioPacketClient qB = NULL;
const unsigned char *batch_id1 = (unsigned char *)"my_test_prio_batch1";
const unsigned char *batch_id2 = (unsigned char *)"my_test_prio_batch2";
const unsigned int batch_id_len = strlen ((char *)batch_id1);
msgpack_sbuffer sbufA, sbufB;
msgpack_packer pkA, pkB;
msgpack_unpacker upkA, upkB;
msgpack_sbuffer_init (&sbufA);
msgpack_packer_init (&pkA, &sbufA, msgpack_sbuffer_write);
msgpack_sbuffer_init (&sbufB);
msgpack_packer_init (&pkB, &sbufB, msgpack_sbuffer_write);
P_CHECKA (cfg = PrioConfig_new (100, NULL, NULL, batch_id1, batch_id_len));
P_CHECKA (cfg2 = PrioConfig_new (100, NULL, NULL, batch_id2, batch_id_len));
P_CHECKA (pA = PrioPacketClient_new (cfg, PRIO_SERVER_A));
P_CHECKA (pB = PrioPacketClient_new (cfg, PRIO_SERVER_B));
P_CHECKA (qA = PrioPacketClient_new (cfg, PRIO_SERVER_A));
P_CHECKA (qB = PrioPacketClient_new (cfg, PRIO_SERVER_B));
P_CHECKC (gen_client_packets (cfg, pA, pB));
P_CHECKC (serial_write_packet_client (&pkA, pA, cfg));
P_CHECKC (serial_write_packet_client (&pkB, pB, cfg));
if (bad == 1) {
sbufA.size = 1;
}
if (bad == 2) {
memset (sbufA.data, 0, sbufA.size);
}
const int size_a = sbufA.size;
const int size_b = sbufB.size;
P_CHECKCB (msgpack_unpacker_init (&upkA, 0));
P_CHECKCB (msgpack_unpacker_init (&upkB, 0));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upkA, size_a));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upkB, size_b));
memcpy (msgpack_unpacker_buffer (&upkA), sbufA.data, size_a);
memcpy (msgpack_unpacker_buffer (&upkB), sbufB.data, size_b);
msgpack_unpacker_buffer_consumed (&upkA, size_a);
msgpack_unpacker_buffer_consumed (&upkB, size_b);
P_CHECKC (serial_read_packet_client (&upkA, qA, cfg));
P_CHECKC (serial_read_packet_client (&upkB, qB, (bad == 3) ? cfg2 : cfg));
if (!bad) {
mu_check (PrioPacketClient_areEqual (pA, qA));
mu_check (PrioPacketClient_areEqual (pB, qB));
mu_check (!PrioPacketClient_areEqual (pB, qA));
mu_check (!PrioPacketClient_areEqual (pA, qB));
}
cleanup:
PrioPacketClient_clear (pA);
PrioPacketClient_clear (pB);
PrioPacketClient_clear (qA);
PrioPacketClient_clear (qB);
PrioConfig_clear (cfg);
PrioConfig_clear (cfg2);
msgpack_sbuffer_destroy (&sbufA);
msgpack_sbuffer_destroy (&sbufB);
msgpack_unpacker_destroy (&upkA);
msgpack_unpacker_destroy (&upkB);
mu_check (bad ? rv == SECFailure : rv == SECSuccess);
}
void mu_test__serial_client (void)
{
serial_client (0);
}
void mu_test__serial_client_bad1 (void)
{
serial_client (1);
}
void mu_test__serial_client_bad2 (void)
{
serial_client (2);
}
void mu_test__serial_client_bad3 (void)
{
serial_client (3);
}
void test_verify1 (int bad)
{
SECStatus rv = SECSuccess;
PrioPacketVerify1 v1 = NULL;
PrioPacketVerify1 v2 = NULL;
PrioConfig cfg = NULL;
P_CHECKA (cfg = PrioConfig_newTest (1));
P_CHECKA (v1 = PrioPacketVerify1_new());
P_CHECKA (v2 = PrioPacketVerify1_new());
mp_set (&v1->share_d, 4);
mp_set (&v1->share_e, 10);
msgpack_sbuffer sbuf;
msgpack_packer pk;
msgpack_unpacker upk;
msgpack_sbuffer_init (&sbuf);
msgpack_packer_init (&pk, &sbuf, msgpack_sbuffer_write);
P_CHECKC (PrioPacketVerify1_write (v1, &pk));
if (bad == 1) {
mp_set (&cfg->modulus, 6);
}
P_CHECKCB (msgpack_unpacker_init (&upk, 0));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upk, sbuf.size));
memcpy (msgpack_unpacker_buffer (&upk), sbuf.data, sbuf.size);
msgpack_unpacker_buffer_consumed (&upk, sbuf.size);
P_CHECKC (PrioPacketVerify1_read (v2, &upk, cfg));
mu_check (!mp_cmp (&v1->share_d, &v2->share_d));
mu_check (!mp_cmp (&v1->share_e, &v2->share_e));
mu_check (!mp_cmp_d (&v2->share_d, 4));
mu_check (!mp_cmp_d (&v2->share_e, 10));
cleanup:
mu_check (bad ? rv == SECFailure : rv == SECSuccess);
PrioConfig_clear (cfg);
PrioPacketVerify1_clear (v1);
PrioPacketVerify1_clear (v2);
msgpack_unpacker_destroy (&upk);
msgpack_sbuffer_destroy (&sbuf);
}
void mu_test_verify1_good (void)
{
test_verify1 (0);
}
void mu_test_verify1_bad (void)
{
test_verify1 (1);
}
void test_verify2 (int bad)
{
SECStatus rv = SECSuccess;
PrioPacketVerify2 v1 = NULL;
PrioPacketVerify2 v2 = NULL;
PrioConfig cfg = NULL;
P_CHECKA (cfg = PrioConfig_newTest (1));
P_CHECKA (v1 = PrioPacketVerify2_new());
P_CHECKA (v2 = PrioPacketVerify2_new());
mp_set (&v1->share_out, 4);
msgpack_sbuffer sbuf;
msgpack_packer pk;
msgpack_unpacker upk;
msgpack_sbuffer_init (&sbuf);
msgpack_packer_init (&pk, &sbuf, msgpack_sbuffer_write);
P_CHECKC (PrioPacketVerify2_write (v1, &pk));
if (bad == 1) {
mp_set (&cfg->modulus, 4);
}
P_CHECKCB (msgpack_unpacker_init (&upk, 0));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upk, sbuf.size));
memcpy (msgpack_unpacker_buffer (&upk), sbuf.data, sbuf.size);
msgpack_unpacker_buffer_consumed (&upk, sbuf.size);
P_CHECKC (PrioPacketVerify2_read (v2, &upk, cfg));
mu_check (!mp_cmp (&v1->share_out, &v2->share_out));
mu_check (!mp_cmp_d (&v2->share_out, 4));
cleanup:
mu_check (bad ? rv == SECFailure : rv == SECSuccess);
PrioConfig_clear (cfg);
PrioPacketVerify2_clear (v1);
PrioPacketVerify2_clear (v2);
msgpack_unpacker_destroy (&upk);
msgpack_sbuffer_destroy (&sbuf);
}
void mu_test_verify2_good (void)
{
test_verify2 (0);
}
void mu_test_verify2_bad (void)
{
test_verify2 (1);
}
void test_total_share (int bad)
{
SECStatus rv = SECSuccess;
PrioTotalShare t1 = NULL;
PrioTotalShare t2 = NULL;
PrioConfig cfg = NULL;
P_CHECKA (cfg = PrioConfig_newTest ((bad == 2 ? 4 : 3)));
P_CHECKA (t1 = PrioTotalShare_new ());
P_CHECKA (t2 = PrioTotalShare_new ());
t1->idx = PRIO_SERVER_A;
P_CHECKC (MPArray_resize (t1->data_shares, 3));
mp_set (&t1->data_shares->data[0], 10);
mp_set (&t1->data_shares->data[1], 20);
mp_set (&t1->data_shares->data[2], 30);
msgpack_sbuffer sbuf;
msgpack_packer pk;
msgpack_unpacker upk;
msgpack_sbuffer_init (&sbuf);
msgpack_packer_init (&pk, &sbuf, msgpack_sbuffer_write);
P_CHECKC (PrioTotalShare_write (t1, &pk));
if (bad == 1) {
mp_set (&cfg->modulus, 4);
}
P_CHECKCB (msgpack_unpacker_init (&upk, 0));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upk, sbuf.size));
memcpy (msgpack_unpacker_buffer (&upk), sbuf.data, sbuf.size);
msgpack_unpacker_buffer_consumed (&upk, sbuf.size);
P_CHECKC (PrioTotalShare_read (t2, &upk, cfg));
mu_check (t1->idx == t2->idx);
mu_check (MPArray_areEqual (t1->data_shares, t2->data_shares));
cleanup:
mu_check (bad ? rv == SECFailure : rv == SECSuccess);
PrioConfig_clear (cfg);
PrioTotalShare_clear (t1);
PrioTotalShare_clear (t2);
msgpack_unpacker_destroy (&upk);
msgpack_sbuffer_destroy (&sbuf);
}
void mu_test_total_good (void)
{
test_total_share (0);
}
void mu_test_total_bad1 (void)
{
test_total_share (1);
}
void mu_test_total_bad2 (void)
{
test_total_share (2);
}

298
third_party/prio/ptest/server_test.c поставляемый
Просмотреть файл

@ -1,298 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include <mprio.h>
#include "mutest.h"
#include "prio/client.h"
#include "prio/server.h"
#include "prio/server.c"
void mu_test__eval_poly (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
MPArray coeffs = NULL;
mp_int eval_at, out;
MP_DIGITS (&eval_at) = NULL;
MP_DIGITS (&out) = NULL;
P_CHECKA (cfg = PrioConfig_newTest (54));
P_CHECKA (coeffs = MPArray_new (3));
mp_set (&coeffs->data[0], 2);
mp_set (&coeffs->data[1], 8);
mp_set (&coeffs->data[2], 3);
MP_CHECKC (mp_init (&eval_at));
MP_CHECKC (mp_init (&out));
mp_set (&eval_at, 7);
const int val = 3*7*7 + 8*7 + 2;
mu_check (poly_eval (&out, coeffs, &eval_at, cfg) == SECSuccess);
mu_check (mp_cmp_d (&out, val) == 0);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&out);
mp_clear (&eval_at);
MPArray_clear (coeffs);
PrioConfig_clear (cfg);
}
void
mu_test__verify_new (void)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
unsigned char *for_a = NULL;
unsigned char *for_b = NULL;
mp_int fR, gR, hR;
MP_DIGITS (&fR) = NULL;
MP_DIGITS (&gR) = NULL;
MP_DIGITS (&hR) = NULL;
PrioPRGSeed seed;
P_CHECKC (PrioPRGSeed_randomize (&seed));
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
P_CHECKA (cfg = PrioConfig_new (214, pkA, pkB,
(unsigned char *)"testbatch", 9));
const int ndata = PrioConfig_numDataFields (cfg);
{
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
P_CHECKA (sA = PrioServer_new (cfg, 0, skA, seed));
P_CHECKA (sB = PrioServer_new (cfg, 1, skB, seed));
unsigned int aLen, bLen;
P_CHECKC (PrioClient_encode (cfg, data_items, &for_a, &aLen, &for_b, &bLen));
MP_CHECKC (mp_init (&fR));
MP_CHECKC (mp_init (&gR));
MP_CHECKC (mp_init (&hR));
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
P_CHECKC (PrioVerifier_set_data (vA, for_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_b, bLen));
PrioPacketClient pA = vA->clientp;
PrioPacketClient pB = vB->clientp;
MP_CHECKC (mp_addmod (&pA->f0_share, &pB->f0_share, &cfg->modulus, &fR));
MP_CHECKC (mp_addmod (&pA->g0_share, &pB->g0_share, &cfg->modulus, &gR));
MP_CHECKC (mp_addmod (&pA->h0_share, &pB->h0_share, &cfg->modulus, &hR));
MP_CHECKC (mp_mulmod (&fR, &gR, &cfg->modulus, &fR));
mu_check (mp_cmp (&fR, &hR) == 0);
MP_CHECKC (mp_addmod (&vA->share_fR, &vB->share_fR, &cfg->modulus, &fR));
MP_CHECKC (mp_addmod (&vA->share_gR, &vB->share_gR, &cfg->modulus, &gR));
MP_CHECKC (mp_addmod (&vA->share_hR, &vB->share_hR, &cfg->modulus, &hR));
MP_CHECKC (mp_mulmod (&fR, &gR, &cfg->modulus, &fR));
//puts ("fR");
//mp_print (&fR, stdout);
//puts ("hR");
//mp_print (&hR, stdout);
mu_check (mp_cmp (&fR, &hR) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
if (for_a) free (for_a);
if (for_b) free (for_b);
mp_clear (&fR);
mp_clear (&gR);
mp_clear (&hR);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
}
void
verify_full (int tweak)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
PrioPacketVerify1 p1A = NULL;
PrioPacketVerify1 p1B = NULL;
PrioPacketVerify2 p2A = NULL;
PrioPacketVerify2 p2B = NULL;
unsigned char *for_a = NULL;
unsigned char *for_b = NULL;
mp_int fR, gR, hR;
MP_DIGITS (&fR) = NULL;
MP_DIGITS (&gR) = NULL;
MP_DIGITS (&hR) = NULL;
PrioPRGSeed seed;
P_CHECKC (PrioPRGSeed_randomize (&seed));
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
P_CHECKA (cfg = PrioConfig_new (47, pkA, pkB, (unsigned char *)"test4", 5));
const int ndata = PrioConfig_numDataFields (cfg);
{
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
P_CHECKA (sA = PrioServer_new (cfg, 0, skA, seed));
P_CHECKA (sB = PrioServer_new (cfg, 1, skB, seed));
unsigned int aLen, bLen;
P_CHECKC (PrioClient_encode (cfg, data_items, &for_a, &aLen, &for_b, &bLen));
if (tweak == 5) {
for_a[3] = 3;
for_a[4] = 4;
}
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
P_CHECKC (PrioVerifier_set_data (vA, for_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_b, bLen));
if (tweak == 3) {
mp_add_d (&vA->share_fR, 1, &vA->share_fR);
}
if (tweak == 4) {
mp_add_d (&vB->share_gR, 1, &vB->share_gR);
}
P_CHECKA (p1A = PrioPacketVerify1_new ());
P_CHECKA (p1B = PrioPacketVerify1_new ());
P_CHECKC (PrioPacketVerify1_set_data (p1A, vA));
P_CHECKC (PrioPacketVerify1_set_data (p1B, vB));
if (tweak == 1) {
mp_add_d (&p1B->share_d, 1, &p1B->share_d);
}
P_CHECKA (p2A = PrioPacketVerify2_new ());
P_CHECKA (p2B = PrioPacketVerify2_new ());
P_CHECKC (PrioPacketVerify2_set_data (p2A, vA, p1A, p1B));
P_CHECKC (PrioPacketVerify2_set_data (p2B, vB, p1A, p1B));
if (tweak == 2) {
mp_add_d (&p2A->share_out, 1, &p2B->share_out);
}
int shouldBe = tweak ? SECFailure : SECSuccess;
mu_check (PrioVerifier_isValid (vA, p2A, p2B) == shouldBe);
mu_check (PrioVerifier_isValid (vB, p2A, p2B) == shouldBe);
}
cleanup:
if (!tweak) {
mu_check (rv == SECSuccess);
}
if (for_a) free (for_a);
if (for_b) free (for_b);
PrioPacketVerify2_clear (p2A);
PrioPacketVerify2_clear (p2B);
PrioPacketVerify1_clear (p1A);
PrioPacketVerify1_clear (p1B);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
}
void
mu_test__verify_full_good (void)
{
verify_full (0);
}
void
mu_test__verify_full_bad1 (void)
{
verify_full (1);
}
void
mu_test__verify_full_bad2 (void)
{
verify_full (2);
}
void
mu_test__verify_full_bad3 (void)
{
verify_full (3);
}
void
mu_test__verify_full_bad4 (void)
{
verify_full (4);
}
void
mu_test__verify_full_bad5 (void)
{
verify_full (5);
}

91
third_party/prio/ptest/share_test.c поставляемый
Просмотреть файл

@ -1,91 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include <mprio.h>
#include "prio/client.h"
#include "prio/config.h"
#include "prio/mparray.h"
#include "prio/share.h"
#include "prio/util.h"
#include "mutest.h"
void
mu_test_share (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
mp_int a, b, c;
BeaverTriple t1 = NULL, t2 = NULL;
MP_DIGITS (&a) = NULL;
MP_DIGITS (&b) = NULL;
MP_DIGITS (&c) = NULL;
P_CHECKA (cfg = PrioConfig_newTest (93));
P_CHECKA (t1 = BeaverTriple_new ());
P_CHECKA (t2 = BeaverTriple_new ());
mu_check (BeaverTriple_set_rand (cfg, t1, t2) == SECSuccess);
MP_CHECKC (mp_init (&a));
MP_CHECKC (mp_init (&b));
MP_CHECKC (mp_init (&c));
mu_check (mp_addmod (&t1->a, &t2->a, &cfg->modulus, &a) == MP_OKAY);
mu_check (mp_addmod (&t1->b, &t2->b, &cfg->modulus, &b) == MP_OKAY);
mu_check (mp_addmod (&t1->c, &t2->c, &cfg->modulus, &c) == MP_OKAY);
mu_check (mp_mulmod (&a, &b, &cfg->modulus, &a) == MP_OKAY);
mu_check (mp_cmp (&a, &c) == 0);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&a);
mp_clear (&b);
mp_clear (&c);
PrioConfig_clear (cfg);
BeaverTriple_clear (t1);
BeaverTriple_clear (t2);
}
void
mu_test_arr (void)
{
SECStatus rv = SECSuccess;
MPArray arr = NULL;
MPArray arr2 = NULL;
P_CHECKA (arr = MPArray_new (10));
P_CHECKA (arr2 = MPArray_new (7));
for (int i=0; i<10; i++) {
mp_set (&arr->data[i], i);
}
P_CHECKC (MPArray_resize (arr, 15));
for (int i=10; i<15; i++) {
mu_check (mp_cmp_d (&arr->data[i], 0) == 0);
mp_set (&arr->data[i], i);
}
P_CHECKC (MPArray_resize (arr, 7));
for (int i=10; i<7; i++) {
mu_check (mp_cmp_d (&arr->data[i], i) == 0);
}
P_CHECKC (MPArray_copy (arr2, arr));
for (int i=10; i<7; i++) {
mu_check (mp_cmp (&arr->data[i], &arr2->data[i]) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
MPArray_clear (arr);
MPArray_clear (arr2);
}

22
third_party/prio/update.sh поставляемый
Просмотреть файл

@ -1,20 +1,18 @@
#!/bin/sh #!/bin/sh
# Script to update the mozilla in-tree copy of the Prio library. # Script to update the mozilla in-tree copy of the libprio library.
# Run this within the /third_party/prio directory of the source tree. # Run this within the /third_party/libprio directory of the source tree.
MY_TEMP_DIR=`mktemp -d -t libprio_update.XXXXXX` || exit 1 MY_TEMP_DIR=`mktemp -d -t libprio_update.XXXXXX` || exit 1
VERSION=1.0 COMMIT="488da2d729d73f18ed45add59edd18b257e1ceaa"
git clone https://github.com/mozilla/libprio ${MY_TEMP_DIR}/libprio git clone -n https://github.com/mozilla/libprio ${MY_TEMP_DIR}/libprio
git -C ${MY_TEMP_DIR}/libprio checkout ${VERSION} git -C ${MY_TEMP_DIR}/libprio checkout ${COMMIT}
COMMIT=$(git -C ${MY_TEMP_DIR}/libprio rev-parse HEAD) FILES="include prio"
perl -p -i -e "s/(\d+\.)(\d+\.)(\d+)/${VERSION}/" README-mozilla; VERSION=$(git -C ${MY_TEMP_DIR}/libprio describe --tags)
perl -p -i -e "s/\[commit [0-9a-f]{40}\]/[commit ${COMMIT}]/" README-mozilla; perl -p -i -e "s/Current version: \S+ \[commit [0-9a-f]{40}\]/Current version: ${VERSION} [commit ${COMMIT}]/" README-mozilla
FILES="LICENSE README.md SConstruct browser-test include pclient prio ptest"
for f in $FILES; do for f in $FILES; do
rm -rf $f rm -rf $f
@ -24,9 +22,9 @@ done
rm -rf ${MY_TEMP_DIR} rm -rf ${MY_TEMP_DIR}
hg revert -r . moz.build hg revert -r . moz.build
hg addremove hg addremove .
echo "###" echo "###"
echo "### Updated Prio to $COMMIT." echo "### Updated libprio to $COMMIT."
echo "### Remember to verify and commit the changes to source control!" echo "### Remember to verify and commit the changes to source control!"
echo "###" echo "###"