mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1491289 - re-vendor libprio to pick up fixes for using system NSS r=glandium 

Differential Revision: https://phabricator.services.mozilla.com/D6082

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Robert Helmer 2018-09-18 04:36:49 +00:00
Родитель 8d7a1df18a
Коммит 88ee2451ac
50 изменённых файлов: 9546 добавлений и 13050 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

373
third_party/prio/LICENSE поставляемый
Просмотреть файл

@ -1,373 +0,0 @@
Mozilla Public License Version 2.0
==================================
1. Definitions
--------------
1.1. "Contributor"
means each individual or legal entity that creates, contributes to
the creation of, or owns Covered Software.
1.2. "Contributor Version"
means the combination of the Contributions of others (if any) used
by a Contributor and that particular Contributor's Contribution.
1.3. "Contribution"
means Covered Software of a particular Contributor.
1.4. "Covered Software"
means Source Code Form to which the initial Contributor has attached
the notice in Exhibit A, the Executable Form of such Source Code
Form, and Modifications of such Source Code Form, in each case
including portions thereof.
1.5. "Incompatible With Secondary Licenses"
means
(a) that the initial Contributor has attached the notice described
in Exhibit B to the Covered Software; or
(b) that the Covered Software was made available under the terms of
version 1.1 or earlier of the License, but not also under the
terms of a Secondary License.
1.6. "Executable Form"
means any form of the work other than Source Code Form.
1.7. "Larger Work"
means a work that combines Covered Software with other material, in
a separate file or files, that is not Covered Software.
1.8. "License"
means this document.
1.9. "Licensable"
means having the right to grant, to the maximum extent possible,
whether at the time of the initial grant or subsequently, any and
all of the rights conveyed by this License.
1.10. "Modifications"
means any of the following:
(a) any file in Source Code Form that results from an addition to,
deletion from, or modification of the contents of Covered
Software; or
(b) any new file in Source Code Form that contains any Covered
Software.
1.11. "Patent Claims" of a Contributor
means any patent claim(s), including without limitation, method,
process, and apparatus claims, in any patent Licensable by such
Contributor that would be infringed, but for the grant of the
License, by the making, using, selling, offering for sale, having
made, import, or transfer of either its Contributions or its
Contributor Version.
1.12. "Secondary License"
means either the GNU General Public License, Version 2.0, the GNU
Lesser General Public License, Version 2.1, the GNU Affero General
Public License, Version 3.0, or any later versions of those
licenses.
1.13. "Source Code Form"
means the form of the work preferred for making modifications.
1.14. "You" (or "Your")
means an individual or a legal entity exercising rights under this
License. For legal entities, "You" includes any entity that
controls, is controlled by, or is under common control with You. For
purposes of this definition, "control" means (a) the power, direct
or indirect, to cause the direction or management of such entity,
whether by contract or otherwise, or (b) ownership of more than
fifty percent (50%) of the outstanding shares or beneficial
ownership of such entity.
2. License Grants and Conditions
--------------------------------
2.1. Grants
Each Contributor hereby grants You a world-wide, royalty-free,
non-exclusive license:
(a) under intellectual property rights (other than patent or trademark)
Licensable by such Contributor to use, reproduce, make available,
modify, display, perform, distribute, and otherwise exploit its
Contributions, either on an unmodified basis, with Modifications, or
as part of a Larger Work; and
(b) under Patent Claims of such Contributor to make, use, sell, offer
for sale, have made, import, and otherwise transfer either its
Contributions or its Contributor Version.
2.2. Effective Date
The licenses granted in Section 2.1 with respect to any Contribution
become effective for each Contribution on the date the Contributor first
distributes such Contribution.
2.3. Limitations on Grant Scope
The licenses granted in this Section 2 are the only rights granted under
this License. No additional rights or licenses will be implied from the
distribution or licensing of Covered Software under this License.
Notwithstanding Section 2.1(b) above, no patent license is granted by a
Contributor:
(a) for any code that a Contributor has removed from Covered Software;
or
(b) for infringements caused by: (i) Your and any other third party's
modifications of Covered Software, or (ii) the combination of its
Contributions with other software (except as part of its Contributor
Version); or
(c) under Patent Claims infringed by Covered Software in the absence of
its Contributions.
This License does not grant any rights in the trademarks, service marks,
or logos of any Contributor (except as may be necessary to comply with
the notice requirements in Section 3.4).
2.4. Subsequent Licenses
No Contributor makes additional grants as a result of Your choice to
distribute the Covered Software under a subsequent version of this
License (see Section 10.2) or under the terms of a Secondary License (if
permitted under the terms of Section 3.3).
2.5. Representation
Each Contributor represents that the Contributor believes its
Contributions are its original creation(s) or it has sufficient rights
to grant the rights to its Contributions conveyed by this License.
2.6. Fair Use
This License is not intended to limit any rights You have under
applicable copyright doctrines of fair use, fair dealing, or other
equivalents.
2.7. Conditions
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
in Section 2.1.
3. Responsibilities
-------------------
3.1. Distribution of Source Form
All distribution of Covered Software in Source Code Form, including any
Modifications that You create or to which You contribute, must be under
the terms of this License. You must inform recipients that the Source
Code Form of the Covered Software is governed by the terms of this
License, and how they can obtain a copy of this License. You may not
attempt to alter or restrict the recipients' rights in the Source Code
Form.
3.2. Distribution of Executable Form
If You distribute Covered Software in Executable Form then:
(a) such Covered Software must also be made available in Source Code
Form, as described in Section 3.1, and You must inform recipients of
the Executable Form how they can obtain a copy of such Source Code
Form by reasonable means in a timely manner, at a charge no more
than the cost of distribution to the recipient; and
(b) You may distribute such Executable Form under the terms of this
License, or sublicense it under different terms, provided that the
license for the Executable Form does not attempt to limit or alter
the recipients' rights in the Source Code Form under this License.
3.3. Distribution of a Larger Work
You may create and distribute a Larger Work under terms of Your choice,
provided that You also comply with the requirements of this License for
the Covered Software. If the Larger Work is a combination of Covered
Software with a work governed by one or more Secondary Licenses, and the
Covered Software is not Incompatible With Secondary Licenses, this
License permits You to additionally distribute such Covered Software
under the terms of such Secondary License(s), so that the recipient of
the Larger Work may, at their option, further distribute the Covered
Software under the terms of either this License or such Secondary
License(s).
3.4. Notices
You may not remove or alter the substance of any license notices
(including copyright notices, patent notices, disclaimers of warranty,
or limitations of liability) contained within the Source Code Form of
the Covered Software, except that You may alter any license notices to
the extent required to remedy known factual inaccuracies.
3.5. Application of Additional Terms
You may choose to offer, and to charge a fee for, warranty, support,
indemnity or liability obligations to one or more recipients of Covered
Software. However, You may do so only on Your own behalf, and not on
behalf of any Contributor. You must make it absolutely clear that any
such warranty, support, indemnity, or liability obligation is offered by
You alone, and You hereby agree to indemnify every Contributor for any
liability incurred by such Contributor as a result of warranty, support,
indemnity or liability terms You offer. You may include additional
disclaimers of warranty and limitations of liability specific to any
jurisdiction.
4. Inability to Comply Due to Statute or Regulation
---------------------------------------------------
If it is impossible for You to comply with any of the terms of this
License with respect to some or all of the Covered Software due to
statute, judicial order, or regulation then You must: (a) comply with
the terms of this License to the maximum extent possible; and (b)
describe the limitations and the code they affect. Such description must
be placed in a text file included with all distributions of the Covered
Software under this License. Except to the extent prohibited by statute
or regulation, such description must be sufficiently detailed for a
recipient of ordinary skill to be able to understand it.
5. Termination
--------------
5.1. The rights granted under this License will terminate automatically
if You fail to comply with any of its terms. However, if You become
compliant, then the rights granted under this License from a particular
Contributor are reinstated (a) provisionally, unless and until such
Contributor explicitly and finally terminates Your grants, and (b) on an
ongoing basis, if such Contributor fails to notify You of the
non-compliance by some reasonable means prior to 60 days after You have
come back into compliance. Moreover, Your grants from a particular
Contributor are reinstated on an ongoing basis if such Contributor
notifies You of the non-compliance by some reasonable means, this is the
first time You have received notice of non-compliance with this License
from such Contributor, and You become compliant prior to 30 days after
Your receipt of the notice.
5.2. If You initiate litigation against any entity by asserting a patent
infringement claim (excluding declaratory judgment actions,
counter-claims, and cross-claims) alleging that a Contributor Version
directly or indirectly infringes any patent, then the rights granted to
You by any and all Contributors for the Covered Software under Section
2.1 of this License shall terminate.
5.3. In the event of termination under Sections 5.1 or 5.2 above, all
end user license agreements (excluding distributors and resellers) which
have been validly granted by You or Your distributors under this License
prior to termination shall survive termination.
************************************************************************
* *
* 6. Disclaimer of Warranty *
* ------------------------- *
* *
* Covered Software is provided under this License on an "as is" *
* basis, without warranty of any kind, either expressed, implied, or *
* statutory, including, without limitation, warranties that the *
* Covered Software is free of defects, merchantable, fit for a *
* particular purpose or non-infringing. The entire risk as to the *
* quality and performance of the Covered Software is with You. *
* Should any Covered Software prove defective in any respect, You *
* (not any Contributor) assume the cost of any necessary servicing, *
* repair, or correction. This disclaimer of warranty constitutes an *
* essential part of this License. No use of any Covered Software is *
* authorized under this License except under this disclaimer. *
* *
************************************************************************
************************************************************************
* *
* 7. Limitation of Liability *
* -------------------------- *
* *
* Under no circumstances and under no legal theory, whether tort *
* (including negligence), contract, or otherwise, shall any *
* Contributor, or anyone who distributes Covered Software as *
* permitted above, be liable to You for any direct, indirect, *
* special, incidental, or consequential damages of any character *
* including, without limitation, damages for lost profits, loss of *
* goodwill, work stoppage, computer failure or malfunction, or any *
* and all other commercial damages or losses, even if such party *
* shall have been informed of the possibility of such damages. This *
* limitation of liability shall not apply to liability for death or *
* personal injury resulting from such party's negligence to the *
* extent applicable law prohibits such limitation. Some *
* jurisdictions do not allow the exclusion or limitation of *
* incidental or consequential damages, so this exclusion and *
* limitation may not apply to You. *
* *
************************************************************************
8. Litigation
-------------
Any litigation relating to this License may be brought only in the
courts of a jurisdiction where the defendant maintains its principal
place of business and such litigation shall be governed by laws of that
jurisdiction, without reference to its conflict-of-law provisions.
Nothing in this Section shall prevent a party's ability to bring
cross-claims or counter-claims.
9. Miscellaneous
----------------
This License represents the complete agreement concerning the subject
matter hereof. If any provision of this License is held to be
unenforceable, such provision shall be reformed only to the extent
necessary to make it enforceable. Any law or regulation which provides
that the language of a contract shall be construed against the drafter
shall not be used to construe this License against a Contributor.
10. Versions of the License
---------------------------
10.1. New Versions
Mozilla Foundation is the license steward. Except as provided in Section
10.3, no one other than the license steward has the right to modify or
publish new versions of this License. Each version will be given a
distinguishing version number.
10.2. Effect of New Versions
You may distribute the Covered Software under the terms of the version
of the License under which You originally received the Covered Software,
or under the terms of any subsequent version published by the license
steward.
10.3. Modified Versions
If you create software not governed by this License, and you want to
create a new license for such software, you may create and use a
modified version of this License if you rename the license and remove
any references to the name of the license steward (except to note that
such modified license differs from this License).
10.4. Distributing Source Code Form that is Incompatible With Secondary
Licenses
If You choose to distribute Source Code Form that is Incompatible With
Secondary Licenses under the terms of this version of the License, the
notice described in Exhibit B of this License must be attached.
Exhibit A - Source Code Form License Notice
-------------------------------------------
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
If it is not possible or desirable to put the notice in a particular
file, then You may include the notice in a location (such as a LICENSE
file in a relevant directory) where a recipient would be likely to look
for such a notice.
You may add additional accurate notices of copyright ownership.
Exhibit B - "Incompatible With Secondary Licenses" Notice
---------------------------------------------------------
This Source Code Form is "Incompatible With Secondary Licenses", as
defined by the Mozilla Public License, v. 2.0.

2
third_party/prio/README-mozilla поставляемый
Просмотреть файл

@ -1,7 +1,7 @@
This directory contains the Prio source from the upstream repo:
https://github.com/mozilla/libprio
Current version: 1.0 [commit bfbcf1f95001047c61f4a29c3e68499b2f0c9f3b]
Current version: 1.1 [commit 488da2d729d73f18ed45add59edd18b257e1ceaa]
UPDATING:

136
third_party/prio/README.md поставляемый
Просмотреть файл

@ -1,136 +0,0 @@
# libprio - A Prio library in C using NSS
**Warning:**
We do our best to write bug-free code, but I have no doubt
that there are scary bugs, side-channel attacks, and memory leaks
lurking herein.
**Important:**
We have not yet implemented the items
described in the "Security-Critical TODOs" section below.
Without these features, do not use the code in a production environment.
## Overview
This is an implementation of the core cryptographic routines
for the [Prio system](https://crypto.stanford.edu/prio/)
for the private computation of aggregate statistics:
> "Prio: Private, Robust, and Scalable Computation of Aggregate Statistics"<br>
> by Henry Corrigan-Gibbs and Dan Boneh<br>
> USENIX Symposium on Networked Systems Design and Implementation<br>
> March 2017
>
> Available online at:
> https://crypto.stanford.edu/prio/
**Usage scenario.**
The library implements the cryptographic routines necessary
for the following application scenario:
Each client holds a vector of boolean values.
Each client uses the library to encode her private vector into two
encoded packets&mdash;one for server A and one for server B.
After receiving shares from a client, the servers can use the routines
implemented here to check whether the client-provided packets are
well formed.
(Without this check, a single malicious client can corrupt the
output of the computation.)
After collecting data packets from many clients, the servers
can combine their state to learn how many clients had the
*i*th bit of their data vector set to `true` and how many
clients had the *i*th bit of their data vector set to `false`.
As long as at least one of the two servers is honest
(i.e., runs the correct code),
the servers learn *nothing else* about the clients' data,
under standard cryptographic assumptions.
For example, the *i*th bit of the data vector could indicate
whether the client ever visited the *i*th-ranked website
in the Alexa Top 500.
The servers would learn how many clients visited each of the
Top 500 websites *without learning* which clients visited
which websites.
**Efficiency considerations.**
The code makes no use of public-key crypto, so it should
be relatively fast.
When each a data packet is of length *N*,
all arithmetic is modulo a prime *p* (we use an 87-bit prime by default),
and "elements" are integers modulo *p*,
the dominant costs of the system are:
* **Client compute:** O(*N* log *N*) multiplications
* **Client-to-server communication:** 2*N* + O(1) elements<br>
* **Server compute:** O(*N* log *N*) multiplications to check each packet<br>
(NOTE: Using an optimization we haven't yet implemented, we can
drop this cost to O(*N*) multiplications per packet.)
* **Server-to-server communication:** O(1) elements
* **Server storage:** O(*N*) elements
## Running the code
You must first install
[NSS/NSPR](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS),
[scons](http://scons.org/), and
[msgpack-c](https://github.com/msgpack/msgpack-c) version 2.1.5 (or newer?).
On Ubuntu, you can instal NSS and scons with:
$ sudo apt install scons libnspr4-dev libnss3-dev
and you will have to download [msgpack-c 2.1.5 or newer here](https://github.com/msgpack/msgpack-c/releases),
since the Ubuntu packages for msgpack are far out of date.
For macOS using Homebrew:
$ brew install nss nspr scons msgpack
$ export LDFLAGS="-L/usr/local/opt/nss/lib"
$ export CPPFLAGS="-I/usr/local/opt/nss/include -I/usr/local/opt/nspr/include/nspr"
To compile the code, run:
$ scons
To run the test suite, execute:
$ build/ptest/ptest -v
To print debug messages while compiling:
$ scons VERBOSE=1
To compile with debug symbols, run:
$ scons BUILDTYPE=DEBUG
To clean up the object and binary files, run:
$ scons -c
The files in this directory are:
````
/build - Binaries, object files, etc.
/include - Exported header files
(Note: The public header is <mprio.h> since
NSPR already has a file called <prio.h>.)
/mpi - NSS MPI bignum library
/pclient - Example code that uses the Prio library
/prio - Prio library core code
/ptest - Tests and test runner
````
## Optimizations and features not yet implemented
* **Server compute.**
By using a fast polynomial interpolation-and-evaluation
routine, we can reduce the cost of checking a single client
request from O(*N* log *N*) multiplications down to O(*N*)
multiplications, for a data packet of *N* items.
* **Differential privacy.**
It would be very straightforward to add some small amount of
noise to the final statistics to provide differential privacy.
If this would be useful, I can add it.
* **Misc.**
There are TODO notes scattered throughout code indicating
places for potential performance optimizations.

41
third_party/prio/SConstruct поставляемый
Просмотреть файл

@ -1,41 +0,0 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
import os
import SCons
opts = Variables()
opts.AddVariables(
BoolVariable("DEBUG", "Make debug build", 1),
BoolVariable("VERBOSE", "Show full build information", 0))
env = Environment(options = opts,
ENV = os.environ)
if "CFLAGS" in os.environ:
env.Append(CFLAGS = SCons.Util.CLVar(os.getenv("CFLAGS")))
if "CPPFLAGS" in os.environ:
env.Append(CPPFLAGS = SCons.Util.CLVar(os.getenv("CPPFLAGS")))
if "CXXFLAGS" in os.environ:
env.Append(CXXFLAGS = SCons.Util.CLVar(os.getenv("CXXFLAGS")))
if "LDFLAGS" in os.environ:
env.Append(LINKFLAGS = SCons.Util.CLVar(os.getenv("LDFLAGS")))
if env["DEBUG"]:
print "DEBUG MODE!"
env.Append(CPPFLAGS = [ "-g", "-DDEBUG"])
env.Append(LIBS = ["mprio", "mpi", "nss3", "nspr4"], \
LIBPATH = ['#build/prio', "#build/mpi"],
CFLAGS = [ "-Wall", "-Werror", "-Wextra", "-O3", "-std=c99",
"-I/usr/include/nspr", "-Impi", "-DDO_PR_CLEANUP"])
env.Append(CPPPATH = ["#include", "#."])
Export('env')
SConscript('browser-test/SConscript', variant_dir='build/browser-test')
SConscript('mpi/SConscript', variant_dir='build/mpi')
SConscript('pclient/SConscript', variant_dir='build/pclient')
SConscript('prio/SConscript', variant_dir='build/prio')
SConscript('ptest/SConscript', variant_dir='build/ptest')

19
third_party/prio/browser-test/SConscript поставляемый
Просмотреть файл

@ -1,19 +0,0 @@
import sys
Import('env')
prio_env = env.Clone()
src = [
"main.c",
]
libs = [
"mprio",
"msgpackc",
]
prio_env.Append(LIBS = libs)
prio_env.Install("encode-once.js")
prio_env.Program("browser-test", src)

45
third_party/prio/browser-test/encode-once.js поставляемый
Просмотреть файл

@ -1,45 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
ChromeUtils.import('resource://gre/modules/Services.jsm');
let [publicKeyA, publicKeyB, batchID, param1, param2, param3] = arguments;
Services.prefs.setStringPref('prio.publicKeyA', publicKeyA);
Services.prefs.setStringPref('prio.publicKeyB', publicKeyB);
async function test() {
let params = {
'startupCrashDetected': Number(param1),
'safeModeUsage': Number(param2),
'browserIsUserDefault': Number(param3)
};
try {
let result = await PrioEncoder.encode(batchID, params);
const toTypedArray = byteString => {
let u8Array = new Uint8Array(byteString.length);
for (let i in byteString) {
u8Array[i] = byteString.charCodeAt(i);
}
return u8Array;
}
const toHexString = bytes =>
bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, '0') + ',', '');
console.log(toHexString(result.a) + '$' + toHexString(result.b));
console.log('');
} catch(e) {
console.log('Failure.', e);
console.log(v);
}
}
test().then();

320
third_party/prio/browser-test/main.c поставляемый
Просмотреть файл

@ -1,320 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#define _GNU_SOURCE
#include <mprio.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "prio/encrypt.h"
#include "prio/util.h"
static void
init_data (bool *data, int datalen)
{
// The client's data submission is an arbitrary boolean vector.
for (int i=0; i < datalen; i++) {
// Arbitrary data
data[i] = rand () % 2;
}
}
static SECStatus
read_string_from_hex (unsigned char **str_out, unsigned int *strLen,
const char *input, const char **new_input)
{
SECStatus rv = SECSuccess;
*strLen = 0;
int read = 0;
int outCount = 0;
const char *inp = input;
while (true) {
unsigned char byte = '\0';
const int retval = sscanf(inp, "%02hhx,%n", &byte, &read);
if (retval < 1 || read != 3) {
break;
}
inp += read;
(*str_out)[outCount] = byte;
outCount++;
*strLen = *strLen + 1;
}
if (new_input)
*new_input = inp + 1;
return rv;
}
static SECStatus
read_browser_reply (FILE *infile,
unsigned char **for_server_a, unsigned int *aLen,
unsigned char **for_server_b, unsigned int *bLen)
{
SECStatus rv = SECFailure;
char *raw_input = NULL;
size_t rawLen = 0;
puts ("Getting line of input.");
P_CHECKCB (getline (&raw_input, &rawLen, infile) > 0);
puts ("Got line of input.");
P_CHECKA (*for_server_a = malloc (rawLen * sizeof (unsigned char)));
P_CHECKA (*for_server_b = malloc (rawLen * sizeof (unsigned char)));
*aLen = 0;
*bLen = 0;
P_CHECKCB (rawLen > 14);
// Header is 14 chars long
const char *new_input;
puts ("Reading string A");
P_CHECKC (read_string_from_hex (for_server_a, aLen, raw_input + 14, &new_input));
puts ("Read string A");
// Skip over for_server_a string and one-char delimeter
puts ("Reading string B");
P_CHECKC (read_string_from_hex (for_server_b, bLen, new_input, NULL));
puts ("Read string B");
cleanup:
if (raw_input) free (raw_input);
return rv;
}
static int
verify_full (const char *path_to_xpcshell, int pathlen)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
PrioPacketVerify1 p1A = NULL;
PrioPacketVerify1 p1B = NULL;
PrioPacketVerify2 p2A = NULL;
PrioPacketVerify2 p2B = NULL;
PrioTotalShare tA = NULL;
PrioTotalShare tB = NULL;
FILE *shell = NULL;
int cmdlen = pathlen + 2*CURVE25519_KEY_LEN_HEX + 128;
char cmd[cmdlen];
memset (cmd, 0, cmdlen);
unsigned char *for_server_a = NULL;
unsigned char *for_server_b = NULL;
const int seed = time (NULL);
srand (seed);
printf ("Using srand seed %d\n", seed);
// Number of different boolean data fields we collect.
const int ndata = 3;
//unsigned char batch_id_str[] = "abcde";
unsigned char batch_id_str[32];
memset (batch_id_str, 0, sizeof batch_id_str);
snprintf ((char *)batch_id_str, sizeof batch_id_str, "%d", rand());
bool data_items[ndata];
unsigned long output[ndata];
init_data (data_items, ndata);
// Initialize NSS random number generator.
P_CHECKC (Prio_init ());
// Generate keypairs for servers
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
// Export public keys to hex and print to stdout
unsigned char pk_hexA[CURVE25519_KEY_LEN_HEX+1];
unsigned char pk_hexB[CURVE25519_KEY_LEN_HEX+1];
P_CHECKC (PublicKey_export_hex (pkA, pk_hexA));
P_CHECKC (PublicKey_export_hex (pkB, pk_hexB));
snprintf (cmd, cmdlen, "%s %s %s %s %s %d %d %d",
path_to_xpcshell, "encode-once.js",
pk_hexA, pk_hexB, batch_id_str,
data_items[0], data_items[1], data_items[2]);
printf ("> %s\n", cmd);
P_CHECKA (shell = popen(cmd, "r"));
puts("Ran command.");
// Use the default configuration parameters.
P_CHECKA (cfg = PrioConfig_new (ndata, pkA, pkB, batch_id_str,
strlen ((char *)batch_id_str)));
PrioPRGSeed server_secret;
P_CHECKC (PrioPRGSeed_randomize (&server_secret));
// Initialize two server objects. The role of the servers need not
// be symmetric. In a deployment, we envision that:
// * Server A is the main telemetry server that is always online.
// Clients send their encrypted data packets to Server A and
// Server A stores them.
// * Server B only comes online when the two servers want to compute
// the final aggregate statistics.
P_CHECKA (sA = PrioServer_new (cfg, PRIO_SERVER_A, skA, server_secret));
P_CHECKA (sB = PrioServer_new (cfg, PRIO_SERVER_B, skB, server_secret));
// Initialize empty verifier objects
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
// Initialize shares of final aggregate statistics
P_CHECKA (tA = PrioTotalShare_new ());
P_CHECKA (tB = PrioTotalShare_new ());
// Initialize shares of verification packets
P_CHECKA (p1A = PrioPacketVerify1_new ());
P_CHECKA (p1B = PrioPacketVerify1_new ());
P_CHECKA (p2A = PrioPacketVerify2_new ());
P_CHECKA (p2B = PrioPacketVerify2_new ());
// I. CLIENT DATA SUBMISSION.
//
// Read in the client data packets
unsigned int aLen = 0, bLen = 0;
puts ("Reading...");
P_CHECKC (read_browser_reply (shell, &for_server_a, &aLen, &for_server_b, &bLen));
printf ("Read reply from browser. LenA: %u, LenB: %u\n", aLen, bLen);
// II. VALIDATION PROTOCOL. (at servers)
//
// The servers now run a short 2-step protocol to check each
// client's packet:
// 1) Servers A and B broadcast one message (PrioPacketVerify1)
// to each other.
// 2) Servers A and B broadcast another message (PrioPacketVerify2)
// to each other.
// 3) Servers A and B can both determine whether the client's data
// submission is well-formed (in which case they add it to their
// running total of aggregate statistics) or ill-formed
// (in which case they ignore it).
// These messages must be sent over an authenticated channel, so
// that each server is assured that every received message came
// from its peer.
// Set up a Prio verifier object.
P_CHECKC (PrioVerifier_set_data (vA, for_server_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_server_b, bLen));
puts("Imported data.");
// Both servers produce a packet1. Server A sends p1A to Server B
// and vice versa.
P_CHECKC (PrioPacketVerify1_set_data (p1A, vA));
P_CHECKC (PrioPacketVerify1_set_data (p1B, vB));
puts("Set data.");
// Both servers produce a packet2. Server A sends p2A to Server B
// and vice versa.
P_CHECKC (PrioPacketVerify2_set_data(p2A, vA, p1A, p1B));
P_CHECKC (PrioPacketVerify2_set_data(p2B, vB, p1A, p1B));
// Using p2A and p2B, the servers can determine whether the request
// is valid. (In fact, only Server A needs to perform this
// check, since Server A can just tell Server B whether the check
// succeeded or failed.)
puts ("Checking validity.");
P_CHECKC (PrioVerifier_isValid (vA, p2A, p2B));
P_CHECKC (PrioVerifier_isValid (vB, p2A, p2B));
puts ("Are valid.");
// If we get here, the client packet is valid, so add it to the aggregate
// statistic counter for both servers.
P_CHECKC (PrioServer_aggregate (sA, vA));
P_CHECKC (PrioServer_aggregate (sB, vB));
// The servers repeat the steps above for each client submission.
// III. PRODUCTION OF AGGREGATE STATISTICS.
//
// After collecting aggregates from MANY clients, the servers can compute
// their shares of the aggregate statistics.
//
// Server B can send tB to Server A.
P_CHECKC (PrioTotalShare_set_data (tA, sA));
P_CHECKC (PrioTotalShare_set_data (tB, sB));
// Once Server A has tA and tB, it can learn the aggregate statistics
// in the clear.
P_CHECKC (PrioTotalShare_final (cfg, output, tA, tB));
for (int i=0; i < ndata; i++) {
//printf("output[%d] = %lu\n", i, output[i]);
//printf("data[%d] = %d\n", i, (int)data_items[i]);
P_CHECKCB (output[i] == data_items[i]);
}
puts ("Success!");
cleanup:
if (rv != SECSuccess) {
fprintf (stderr, "Warning: unexpected failure.\n");
}
if (for_server_a) free (for_server_a);
if (for_server_b) free (for_server_b);
PrioTotalShare_clear (tA);
PrioTotalShare_clear (tB);
PrioPacketVerify2_clear (p2A);
PrioPacketVerify2_clear (p2B);
PrioPacketVerify1_clear (p1A);
PrioPacketVerify1_clear (p1B);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
Prio_clear ();
return !(rv == SECSuccess);
}
int
main (int argc, char **argv)
{
puts("== Prio browser test utility. ==");
puts("(Note: Expects to be run in the same directory as encode-once.js.)");
if (argc != 2) {
fprintf (stderr, "Usage ./%s <path_to_xpcshell>\n", argv[0]);
return 1;
}
return verify_full (argv[1], strlen (argv[1]));
}

63
third_party/prio/include/mprio.h поставляемый
Просмотреть файл

@ -13,10 +13,10 @@
extern "C" {
#endif
#include <blapit.h>
#include <msgpack.h>
#include <nss/blapit.h>
#include <nss/pk11pub.h>
#include <nss/seccomon.h>
#include <pk11pub.h>
#include <seccomon.h>
#include <stdbool.h>
#include <stddef.h>
@ -33,10 +33,7 @@ typedef unsigned char PrioPRGSeed[PRG_SEED_LENGTH];
/*
* Type for each of the two servers.
*/
typedef enum {
PRIO_SERVER_A,
PRIO_SERVER_B
} PrioServerId;
typedef enum { PRIO_SERVER_A, PRIO_SERVER_B } PrioServerId;
/*
* Opaque types
@ -91,7 +88,8 @@ void Prio_clear();
* `PrioConfig_new` returns.
*/
PrioConfig PrioConfig_new(int n_fields, PublicKey server_a, PublicKey server_b,
const unsigned char *batch_id, unsigned int batch_id_len);
const unsigned char* batch_id,
unsigned int batch_id_len);
void PrioConfig_clear(PrioConfig cfg);
int PrioConfig_numDataFields(const_PrioConfig cfg);
@ -102,7 +100,6 @@ int PrioConfig_numDataFields (const_PrioConfig cfg);
*/
PrioConfig PrioConfig_newTest(int n_fields);
/*
* We use the PublicKey and PrivateKey objects for public-key encryption. Each
* Prio server has an associated public key, and the clients use these keys to
@ -111,11 +108,13 @@ PrioConfig PrioConfig_newTest (int n_fields);
SECStatus Keypair_new(PrivateKey* pvtkey, PublicKey* pubkey);
/*
* Import a new curve25519 public key from the raw bytes given. The key passed in
* Import a new curve25519 public key from the raw bytes given. The key passed
* in
* as `data` should be of length `CURVE25519_KEY_LEN`. This function allocates
* a new PublicKey object, which the caller must free using `PublicKey_clear`.
*/
SECStatus PublicKey_import (PublicKey *pk, const unsigned char *data, unsigned int dataLen);
SECStatus PublicKey_import(PublicKey* pk, const unsigned char* data,
unsigned int dataLen);
/*
* Import a new curve25519 public key from a hex string that contains only the
@ -129,7 +128,8 @@ SECStatus PublicKey_import_hex (PublicKey *pk, const unsigned char *hex_data,
/*
* Export a curve25519 public key as a raw byte-array.
*/
SECStatus PublicKey_export (const_PublicKey pk, unsigned char data[CURVE25519_KEY_LEN]);
SECStatus PublicKey_export(const_PublicKey pk,
unsigned char data[CURVE25519_KEY_LEN]);
/*
* Export a curve25519 public key as a NULL-terminated hex string.
@ -137,11 +137,9 @@ SECStatus PublicKey_export (const_PublicKey pk, unsigned char data[CURVE25519_KE
SECStatus PublicKey_export_hex(const_PublicKey pk,
unsigned char data[CURVE25519_KEY_LEN_HEX + 1]);
void PublicKey_clear(PublicKey pubkey);
void PrivateKey_clear(PrivateKey pvtkey);
/*
* PrioPacketClient_encode
*
@ -153,8 +151,7 @@ void PrivateKey_clear (PrivateKey pvtkey);
* NOTE: The caller must free() the strings `for_server_a` and
* `for_server_b` to avoid memory leaks.
*/
SECStatus
PrioClient_encode (const_PrioConfig cfg, const bool *data_in,
SECStatus PrioClient_encode(const_PrioConfig cfg, const bool* data_in,
unsigned char** for_server_a, unsigned int* aLen,
unsigned char** for_server_b, unsigned int* bLen);
@ -171,10 +168,10 @@ SECStatus PrioPRGSeed_randomize (PrioPRGSeed *seed);
* The PRGSeed must remain secret to the two servers.
*/
PrioServer PrioServer_new(const_PrioConfig cfg, PrioServerId server_idx,
PrivateKey server_priv, const PrioPRGSeed server_shared_secret);
PrivateKey server_priv,
const PrioPRGSeed server_shared_secret);
void PrioServer_clear(PrioServer s);
/*
* After receiving a client packet, each of the servers generate
* a PrioVerifier object that they use to check whether the client's
@ -187,8 +184,8 @@ void PrioVerifier_clear (PrioVerifier v);
* Read in encrypted data from the client, decrypt it, and prepare to check the
* request for validity.
*/
SECStatus PrioVerifier_set_data (PrioVerifier v,
unsigned char *data, unsigned int dataLen);
SECStatus PrioVerifier_set_data(PrioVerifier v, unsigned char* data,
unsigned int dataLen);
/*
* Generate the first packet that servers need to exchange to verify the
@ -203,8 +200,8 @@ SECStatus PrioPacketVerify1_set_data (PrioPacketVerify1 p1,
SECStatus PrioPacketVerify1_write(const_PrioPacketVerify1 p,
msgpack_packer* pk);
SECStatus PrioPacketVerify1_read (PrioPacketVerify1 p,
msgpack_unpacker *upk, const_PrioConfig cfg);
SECStatus PrioPacketVerify1_read(PrioPacketVerify1 p, msgpack_unpacker* upk,
const_PrioConfig cfg);
/*
* Generate the second packet that the servers need to exchange to verify the
@ -217,19 +214,20 @@ PrioPacketVerify2 PrioPacketVerify2_new (void);
void PrioPacketVerify2_clear(PrioPacketVerify2 p);
SECStatus PrioPacketVerify2_set_data(PrioPacketVerify2 p2, const_PrioVerifier v,
const_PrioPacketVerify1 p1A, const_PrioPacketVerify1 p1B);
const_PrioPacketVerify1 p1A,
const_PrioPacketVerify1 p1B);
SECStatus PrioPacketVerify2_write(const_PrioPacketVerify2 p,
msgpack_packer* pk);
SECStatus PrioPacketVerify2_read (PrioPacketVerify2 p,
msgpack_unpacker *upk, const_PrioConfig cfg);
SECStatus PrioPacketVerify2_read(PrioPacketVerify2 p, msgpack_unpacker* upk,
const_PrioConfig cfg);
/*
* Use the PrioPacketVerify2s from both servers to check whether
* the client's submission is well formed.
*/
SECStatus PrioVerifier_isValid (const_PrioVerifier v,
const_PrioPacketVerify2 pA, const_PrioPacketVerify2 pB);
SECStatus PrioVerifier_isValid(const_PrioVerifier v, const_PrioPacketVerify2 pA,
const_PrioPacketVerify2 pB);
/*
* Each of the two servers calls this routine to aggregate the data
@ -251,10 +249,9 @@ void PrioTotalShare_clear (PrioTotalShare t);
SECStatus PrioTotalShare_set_data(PrioTotalShare t, const_PrioServer s);
SECStatus PrioTotalShare_write (const_PrioTotalShare t,
msgpack_packer *pk);
SECStatus PrioTotalShare_read (PrioTotalShare t,
msgpack_unpacker *upk, const_PrioConfig cfg);
SECStatus PrioTotalShare_write(const_PrioTotalShare t, msgpack_packer* pk);
SECStatus PrioTotalShare_read(PrioTotalShare t, msgpack_unpacker* upk,
const_PrioConfig cfg);
/*
* Read the output data into an array of unsigned longs. You should
@ -263,8 +260,8 @@ SECStatus PrioTotalShare_read (PrioTotalShare t,
* one long per data field.
*/
SECStatus PrioTotalShare_final(const_PrioConfig cfg, unsigned long* output,
const_PrioTotalShare tA, const_PrioTotalShare tB);
const_PrioTotalShare tA,
const_PrioTotalShare tB);
#endif /* __PRIO_H__ */

18
third_party/prio/pclient/SConscript поставляемый
Просмотреть файл

@ -1,18 +0,0 @@
import sys
Import('env')
prio_env = env.Clone()
src = [
"main.c",
]
libs = [
"mprio",
"msgpackc",
]
prio_env.Append(LIBS = libs)
prio_env.Program("pclient", src)

229
third_party/prio/pclient/main.c поставляемый
Просмотреть файл

@ -1,229 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mprio.h>
#include <stdio.h>
#include <stdlib.h>
#include "prio/util.h"
int
verify_full (void)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
PrioPacketVerify1 p1A = NULL;
PrioPacketVerify1 p1B = NULL;
PrioPacketVerify2 p2A = NULL;
PrioPacketVerify2 p2B = NULL;
PrioTotalShare tA = NULL;
PrioTotalShare tB = NULL;
unsigned char *for_server_a = NULL;
unsigned char *for_server_b = NULL;
const unsigned char *batch_id = (unsigned char *)"prio_batch_2018-04-17";
const unsigned int batch_id_len = strlen ((char *)batch_id);
// Initialize NSS random number generator.
P_CHECKC (Prio_init ());
// Number of different boolean data fields we collect.
const int ndata = 100;
// Number of clients to simulate.
const int nclients = 10;
// New scope to avoid goto weirdness
{
bool data_items[ndata];
// Generate keypairs for servers
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
// Use the default configuration parameters.
P_CHECKA (cfg = PrioConfig_new (ndata, pkA, pkB, batch_id, batch_id_len));
PrioPRGSeed server_secret;
P_CHECKC (PrioPRGSeed_randomize (&server_secret));
// Initialize two server objects. The role of the servers need not
// be symmetric. In a deployment, we envision that:
// * Server A is the main telemetry server that is always online.
// Clients send their encrypted data packets to Server A and
// Server A stores them.
// * Server B only comes online when the two servers want to compute
// the final aggregate statistics.
P_CHECKA (sA = PrioServer_new (cfg, PRIO_SERVER_A, skA, server_secret));
P_CHECKA (sB = PrioServer_new (cfg, PRIO_SERVER_B, skB, server_secret));
// Initialize empty verifier objects
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
// Initialize shares of final aggregate statistics
P_CHECKA (tA = PrioTotalShare_new ());
P_CHECKA (tB = PrioTotalShare_new ());
// Initialize shares of verification packets
P_CHECKA (p1A = PrioPacketVerify1_new ());
P_CHECKA (p1B = PrioPacketVerify1_new ());
P_CHECKA (p2A = PrioPacketVerify2_new ());
P_CHECKA (p2B = PrioPacketVerify2_new ());
// Generate client data packets.
for (int c=0; c < nclients; c++) {
// The client's data submission is an arbitrary boolean vector.
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (c % 5 == 3);
}
// I. CLIENT DATA SUBMISSION.
//
// Construct the client data packets.
unsigned int aLen, bLen;
P_CHECKC (PrioClient_encode (cfg, data_items,
&for_server_a, &aLen, &for_server_b, &bLen));
// The Prio servers A and B can come online later (e.g., at the end of
// each day) to download the encrypted telemetry packets from the
// telemetry server and run the protocol that computes the aggregate
// statistics. In this way, the client only needs to send a
// single message (the pair of encrypted ClientPacketData packets)
// to a single server (the telemetry-data-collection server).
// THE CLIENT'S JOB IS DONE. The rest of the processing just takes place
// between the two servers A and B.
// II. VALIDATION PROTOCOL. (at servers)
//
// The servers now run a short 2-step protocol to check each
// client's packet:
// 1) Servers A and B broadcast one message (PrioPacketVerify1)
// to each other.
// 2) Servers A and B broadcast another message (PrioPacketVerify2)
// to each other.
// 3) Servers A and B can both determine whether the client's data
// submission is well-formed (in which case they add it to their
// running total of aggregate statistics) or ill-formed
// (in which case they ignore it).
// These messages must be sent over an authenticated channel, so
// that each server is assured that every received message came
// from its peer.
// Set up a Prio verifier object.
P_CHECKC (PrioVerifier_set_data (vA, for_server_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_server_b, bLen));
// Both servers produce a packet1. Server A sends p1A to Server B
// and vice versa.
P_CHECKC (PrioPacketVerify1_set_data (p1A, vA));
P_CHECKC (PrioPacketVerify1_set_data (p1B, vB));
// Both servers produce a packet2. Server A sends p2A to Server B
// and vice versa.
P_CHECKC (PrioPacketVerify2_set_data(p2A, vA, p1A, p1B));
P_CHECKC (PrioPacketVerify2_set_data(p2B, vB, p1A, p1B));
// Using p2A and p2B, the servers can determine whether the request
// is valid. (In fact, only Server A needs to perform this
// check, since Server A can just tell Server B whether the check
// succeeded or failed.)
P_CHECKC (PrioVerifier_isValid (vA, p2A, p2B));
P_CHECKC (PrioVerifier_isValid (vB, p2A, p2B));
// If we get here, the client packet is valid, so add it to the aggregate
// statistic counter for both servers.
P_CHECKC (PrioServer_aggregate (sA, vA));
P_CHECKC (PrioServer_aggregate (sB, vB));
free (for_server_a);
free (for_server_b);
for_server_a = NULL;
for_server_b = NULL;
}
// The servers repeat the steps above for each client submission.
// III. PRODUCTION OF AGGREGATE STATISTICS.
//
// After collecting aggregates from MANY clients, the servers can compute
// their shares of the aggregate statistics.
//
// Server B can send tB to Server A.
P_CHECKC (PrioTotalShare_set_data (tA, sA));
P_CHECKC (PrioTotalShare_set_data (tB, sB));
// Once Server A has tA and tB, it can learn the aggregate statistics
// in the clear.
unsigned long output[ndata];
P_CHECKC (PrioTotalShare_final (cfg, output, tA, tB));
// Now the output[i] contains a counter that indicates how many clients
// submitted TRUE for data value i. We print out this data.
for (int i=0; i < ndata; i++)
printf("output[%d] = %lu\n", i, output[i]);
}
cleanup:
if (rv != SECSuccess) {
fprintf (stderr, "Warning: unexpected failure.\n");
}
if (for_server_a) free (for_server_a);
if (for_server_b) free (for_server_b);
PrioTotalShare_clear (tA);
PrioTotalShare_clear (tB);
PrioPacketVerify2_clear (p2A);
PrioPacketVerify2_clear (p2B);
PrioPacketVerify1_clear (p1A);
PrioPacketVerify1_clear (p1B);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
Prio_clear ();
return !(rv == SECSuccess);
}
int
main (void)
{
puts ("This utility demonstrates how to invoke the Prio API.");
return verify_full ();
}

3
third_party/prio/prio/SConscript поставляемый
Просмотреть файл

@ -21,9 +21,6 @@ libs = [
"msgpackc"
]
# Enable mp_print()
penv.Append(CFLAGS = ['-DMP_IOFUNC'])
penv.Append(LIBS = libs)
penv.StaticLibrary("mprio", src)

57
third_party/prio/prio/client.c поставляемый
Просмотреть файл

@ -78,7 +78,6 @@ cleanup:
return rv;
}
static SECStatus
share_polynomials(const_PrioConfig cfg, const_MPArray data_in,
PrioPacketClient pA, PrioPacketClient pB, PRG prgB)
@ -156,7 +155,8 @@ PrioPacketClient_new (const_PrioConfig cfg, PrioServerId for_server)
const int data_len = cfg->num_data_fields;
PrioPacketClient p = NULL;
p = malloc(sizeof(*p));
if (!p) return NULL;
if (!p)
return NULL;
p->for_server = for_server;
p->triple = NULL;
@ -207,15 +207,15 @@ PrioPacketClient_set_data (const_PrioConfig cfg, const bool *data_in,
SECStatus rv = SECSuccess;
const int data_len = cfg->num_data_fields;
if (!data_in) return SECFailure;
if (!data_in)
return SECFailure;
P_CHECKC(PrioPRGSeed_randomize(&pB->shares.B.seed));
P_CHECKA(prgB = PRG_new(pB->shares.B.seed));
P_CHECKC(BeaverTriple_set_rand(cfg, pA->triple, pB->triple));
P_CHECKA(client_data = MPArray_new_bool(data_len, data_in));
P_CHECKC (PRG_share_array (prgB, pA->shares.A.data_shares,
client_data, cfg));
P_CHECKC(PRG_share_array(prgB, pA->shares.A.data_shares, client_data, cfg));
P_CHECKC(share_polynomials(cfg, client_data, pA, pB, prgB));
cleanup:
@ -228,7 +228,8 @@ cleanup:
void
PrioPacketClient_clear(PrioPacketClient p)
{
if (p == NULL) return;
if (p == NULL)
return;
if (p->for_server == PRIO_SERVER_A) {
MPArray_clear(p->shares.A.h_points);
@ -243,25 +244,29 @@ PrioPacketClient_clear (PrioPacketClient p)
}
bool
PrioPacketClient_areEqual (const_PrioPacketClient p1,
const_PrioPacketClient p2)
PrioPacketClient_areEqual(const_PrioPacketClient p1, const_PrioPacketClient p2)
{
if (!BeaverTriple_areEqual (p1->triple, p2->triple)) return false;
if (mp_cmp (&p1->f0_share, &p2->f0_share)) return false;
if (mp_cmp (&p1->g0_share, &p2->g0_share)) return false;
if (mp_cmp (&p1->h0_share, &p2->h0_share)) return false;
if (p1->for_server != p2->for_server) return false;
if (!BeaverTriple_areEqual(p1->triple, p2->triple))
return false;
if (mp_cmp(&p1->f0_share, &p2->f0_share))
return false;
if (mp_cmp(&p1->g0_share, &p2->g0_share))
return false;
if (mp_cmp(&p1->h0_share, &p2->h0_share))
return false;
if (p1->for_server != p2->for_server)
return false;
switch (p1->for_server) {
case PRIO_SERVER_A:
if (!MPArray_areEqual (p1->shares.A.data_shares,
p2->shares.A.data_shares)) return false;
if (!MPArray_areEqual (p1->shares.A.h_points,
p2->shares.A.h_points)) return false;
if (!MPArray_areEqual(p1->shares.A.data_shares, p2->shares.A.data_shares))
return false;
if (!MPArray_areEqual(p1->shares.A.h_points, p2->shares.A.h_points))
return false;
break;
case PRIO_SERVER_B:
if (memcmp (p1->shares.B.seed, p2->shares.B.seed,
PRG_SEED_LENGTH)) return false;
if (memcmp(p1->shares.B.seed, p2->shares.B.seed, PRG_SEED_LENGTH))
return false;
break;
default:
// Should never get here.
@ -315,8 +320,10 @@ PrioClient_encode (const_PrioConfig cfg, const bool *data_in,
cleanup:
if (rv != SECSuccess) {
if (*for_server_a) free (*for_server_a);
if (*for_server_b) free (*for_server_b);
if (*for_server_a)
free(*for_server_a);
if (*for_server_b)
free(*for_server_b);
*for_server_a = NULL;
*for_server_b = NULL;
}
@ -331,7 +338,8 @@ cleanup:
SECStatus
PrioPacketClient_decrypt(PrioPacketClient p, const_PrioConfig cfg,
PrivateKey server_priv, const unsigned char *data_in, unsigned int data_len)
PrivateKey server_priv, const unsigned char* data_in,
unsigned int data_len)
{
SECStatus rv = SECSuccess;
msgpack_unpacker upk;
@ -340,8 +348,8 @@ PrioPacketClient_decrypt (PrioPacketClient p, const_PrioConfig cfg,
// Decrypt the ciphertext into dec_buf
unsigned int bytes_decrypted;
P_CHECKC(PrivateKey_decrypt(server_priv,
(unsigned char *)msgpack_unpacker_buffer (&upk), &bytes_decrypted,
data_len, data_in, data_len));
(unsigned char*)msgpack_unpacker_buffer(&upk),
&bytes_decrypted, data_len, data_in, data_len));
msgpack_unpacker_buffer_consumed(&upk, bytes_decrypted);
P_CHECKC(serial_read_packet_client(&upk, p, cfg));
@ -350,4 +358,3 @@ cleanup:
msgpack_unpacker_destroy(&upk);
return rv;
}

29
third_party/prio/prio/client.h поставляемый
Просмотреть файл

@ -13,7 +13,6 @@
#include "prg.h"
#include "share.h"
/*
* The PrioPacketClient object holds the encoded client data.
* The client sends one packet to server A and one packet to
@ -23,13 +22,15 @@
typedef struct prio_packet_client* PrioPacketClient;
typedef const struct prio_packet_client* const_PrioPacketClient;
struct server_a_data {
struct server_a_data
{
// These values are only set for server A.
MPArray data_shares;
MPArray h_points;
};
struct server_b_data {
struct server_b_data
{
// This value is only used for server B.
//
// We use a pseudo-random generator to compress the secret-shared data
@ -41,7 +42,8 @@ struct server_b_data {
/*
* The data that a Prio client sends to each server.
*/
struct prio_packet_client {
struct prio_packet_client
{
// TODO: Can also use a PRG to avoid need for sending Beaver triple shares.
// Since this optimization only saves ~30 bytes of communication, we haven't
// bothered implementing it yet.
@ -50,25 +52,26 @@ struct prio_packet_client {
mp_int f0_share, g0_share, h0_share;
PrioServerId for_server;
union {
union
{
struct server_a_data A;
struct server_b_data B;
} shares;
};
PrioPacketClient PrioPacketClient_new (const_PrioConfig cfg, PrioServerId for_server);
PrioPacketClient PrioPacketClient_new(const_PrioConfig cfg,
PrioServerId for_server);
void PrioPacketClient_clear(PrioPacketClient p);
SECStatus PrioPacketClient_set_data(const_PrioConfig cfg, const bool* data_in,
PrioPacketClient for_server_a, PrioPacketClient for_server_b);
PrioPacketClient for_server_a,
PrioPacketClient for_server_b);
SECStatus PrioPacketClient_decrypt (PrioPacketClient p,
const_PrioConfig cfg, PrivateKey server_priv,
const unsigned char *data_in, unsigned int data_len);
SECStatus PrioPacketClient_decrypt(PrioPacketClient p, const_PrioConfig cfg,
PrivateKey server_priv,
const unsigned char* data_in,
unsigned int data_len);
bool PrioPacketClient_areEqual(const_PrioPacketClient p1,
const_PrioPacketClient p2);
#endif /* __CLIENT_H__ */

15
third_party/prio/prio/config.c поставляемый
Просмотреть файл

@ -10,8 +10,8 @@
#include <stdlib.h>
#include "config.h"
#include "params.h"
#include "mparray.h"
#include "params.h"
#include "rand.h"
#include "util.h"
@ -89,15 +89,16 @@ cleanup:
PrioConfig
PrioConfig_newTest(int nFields)
{
return PrioConfig_new (nFields, NULL, NULL,
(unsigned char *)"testBatch", 9);
return PrioConfig_new(nFields, NULL, NULL, (unsigned char*)"testBatch", 9);
}
void
PrioConfig_clear(PrioConfig cfg)
{
if (!cfg) return;
if (cfg->batch_id) free (cfg->batch_id);
if (!cfg)
return;
if (cfg->batch_id)
free(cfg->batch_id);
MPArray_clear(cfg->roots);
MPArray_clear(cfg->rootsInv);
mp_clear(&cfg->modulus);
@ -109,7 +110,6 @@ int
PrioConfig_numDataFields(const_PrioConfig cfg)
{
return cfg->num_data_fields;
}
SECStatus
@ -124,7 +124,8 @@ Prio_clear (void)
rand_clear();
}
int PrioConfig_hPoints (const_PrioConfig cfg)
int
PrioConfig_hPoints(const_PrioConfig cfg)
{
const int mul_gates = cfg->num_data_fields + 1;
const int N = next_power_of_two(mul_gates);

5
third_party/prio/prio/config.h поставляемый
Просмотреть файл

@ -13,12 +13,12 @@
#include "mparray.h"
struct prio_config {
struct prio_config
{
int num_data_fields;
unsigned char* batch_id;
unsigned int batch_id_len;
PublicKey server_a_pub;
PublicKey server_b_pub;
@ -33,4 +33,3 @@ struct prio_config {
int PrioConfig_hPoints(const_PrioConfig cfg);
#endif /* __CONFIG_H__ */

6
third_party/prio/prio/debug.h поставляемый
Просмотреть файл

@ -12,10 +12,12 @@
#include <stdio.h>
#ifdef DEBUG
#define PRIO_DEBUG(msg) do { fprintf(stderr, "Error: %s\n", msg); } while(false);
#define PRIO_DEBUG(msg) \
do { \
fprintf(stderr, "Error: %s\n", msg); \
} while (false);
#else
#define PRIO_DEBUG(msg) ;
#endif
#endif /* __DEBUG_H__ */

97
third_party/prio/prio/encrypt.c поставляемый
Просмотреть файл

@ -6,9 +6,9 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <nss/keyhi.h>
#include <nss/keythi.h>
#include <nss/pk11pub.h>
#include <keyhi.h>
#include <keythi.h>
#include <pk11pub.h>
#include <prerror.h>
#include "encrypt.h"
@ -28,17 +28,38 @@
// The all-zeros curve25519 public key, as DER-encoded SKPI blob.
static const uint8_t curve25519_spki_zeros[] = {
0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b,
0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, 0x03, 0x21,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00,
0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
// Note that we do not use isxdigit because it is locale-dependent
// See: https://github.com/mozilla/libprio/issues/20
static inline char
is_hex_digit(char c)
{
return ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') ||
('A' <= c && c <= 'F');
}
// Note that we do not use toupper because it is locale-dependent
// See: https://github.com/mozilla/libprio/issues/20
static inline char
to_upper(char c)
{
if (c >= 'a' && c <= 'z') {
return c - 0x20;
} else {
return c;
}
}
static inline uint8_t
hex_to_int(char h)
{
return (h > '9') ? toupper (h) - 'A' + 10 : (h - '0');
return (h > '9') ? to_upper(h) - 'A' + 10 : (h - '0');
}
static inline unsigned char
@ -47,21 +68,22 @@ int_to_hex (uint8_t i)
return (i > 0x09) ? ((i - 10) + 'A') : i + '0';
}
static SECStatus
derive_dh_secret(PK11SymKey** shared_secret, PrivateKey priv, PublicKey pub)
{
if (priv == NULL) return SECFailure;
if (pub == NULL) return SECFailure;
if (shared_secret == NULL) return SECFailure;
if (priv == NULL)
return SECFailure;
if (pub == NULL)
return SECFailure;
if (shared_secret == NULL)
return SECFailure;
SECStatus rv = SECSuccess;
*shared_secret = NULL;
P_CHECKA (*shared_secret = PK11_PubDeriveWithKDF (priv, pub, PR_FALSE,
NULL, NULL, CKM_ECDH1_DERIVE, CKM_AES_GCM,
CKA_ENCRYPT | CKA_DECRYPT, 16,
CKD_SHA256_KDF, NULL, NULL));
P_CHECKA(*shared_secret = PK11_PubDeriveWithKDF(
priv, pub, PR_FALSE, NULL, NULL, CKM_ECDH1_DERIVE, CKM_AES_GCM,
CKA_ENCRYPT | CKA_DECRYPT, 16, CKD_SHA256_KDF, NULL, NULL));
cleanup:
return rv;
@ -103,7 +125,8 @@ cleanup:
}
SECStatus
PublicKey_import_hex (PublicKey *pk, const unsigned char *hex_data, unsigned int dataLen)
PublicKey_import_hex(PublicKey* pk, const unsigned char* hex_data,
unsigned int dataLen)
{
unsigned char raw_bytes[CURVE25519_KEY_LEN];
@ -111,7 +134,7 @@ PublicKey_import_hex (PublicKey *pk, const unsigned char *hex_data, unsigned int
return SECFailure;
for (unsigned int i = 0; i < dataLen; i++) {
if (!isxdigit (hex_data[i]))
if (!is_hex_digit(hex_data[i]))
return SECFailure;
}
@ -129,7 +152,8 @@ PublicKey_import_hex (PublicKey *pk, const unsigned char *hex_data, unsigned int
SECStatus
PublicKey_export(const_PublicKey pk, unsigned char data[CURVE25519_KEY_LEN])
{
if (pk == NULL) return SECFailure;
if (pk == NULL)
return SECFailure;
memcpy(data, pk->u.ec.publicValue.data, CURVE25519_KEY_LEN);
@ -137,7 +161,8 @@ PublicKey_export (const_PublicKey pk, unsigned char data[CURVE25519_KEY_LEN])
}
SECStatus
PublicKey_export_hex (const_PublicKey pk, unsigned char data[(2*CURVE25519_KEY_LEN)+1])
PublicKey_export_hex(const_PublicKey pk,
unsigned char data[(2 * CURVE25519_KEY_LEN) + 1])
{
unsigned char raw_data[CURVE25519_KEY_LEN];
if (PublicKey_export(pk, raw_data) != SECSuccess)
@ -159,8 +184,10 @@ PublicKey_export_hex (const_PublicKey pk, unsigned char data[(2*CURVE25519_KEY_L
SECStatus
Keypair_new(PrivateKey* pvtkey, PublicKey* pubkey)
{
if (pvtkey == NULL) return SECFailure;
if (pubkey == NULL) return SECFailure;
if (pvtkey == NULL)
return SECFailure;
if (pubkey == NULL)
return SECFailure;
SECStatus rv = SECSuccess;
SECOidData* oid_data = NULL;
@ -185,7 +212,8 @@ Keypair_new (PrivateKey *pvtkey, PublicKey *pubkey)
P_CHECKA(slot = PK11_GetInternalSlot());
P_CHECKA(*pvtkey = PK11_GenerateKeyPair(slot, CKM_EC_KEY_PAIR_GEN, &ecp,
(SECKEYPublicKey **)pubkey, PR_FALSE, PR_FALSE, NULL));
(SECKEYPublicKey**)pubkey, PR_FALSE,
PR_FALSE, NULL));
PK11_FreeSlot(slot);
cleanup:
@ -225,7 +253,8 @@ PublicKey_encryptSize (unsigned int inputLen, unsigned int *outputLen)
return SECFailure;
// public key, IV, tag, and input
*outputLen = CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES + GCM_TAG_LEN_BYTES + inputLen;
*outputLen =
CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES + GCM_TAG_LEN_BYTES + inputLen;
return SECSuccess;
}
@ -249,14 +278,11 @@ set_gcm_params (SECItem *paramItem, CK_GCM_PARAMS *param, unsigned char *nonce,
paramItem->type = siBuffer;
paramItem->data = (void*)param;
paramItem->len = sizeof(*param);
}
SECStatus
PublicKey_encrypt (PublicKey pubkey,
unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
PublicKey_encrypt(PublicKey pubkey, unsigned char* output,
unsigned int* outputLen, unsigned int maxOutputLen,
const unsigned char* input, unsigned int inputLen)
{
if (pubkey == NULL)
@ -308,10 +334,8 @@ cleanup:
}
SECStatus
PrivateKey_decrypt (PrivateKey privkey,
unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
PrivateKey_decrypt(PrivateKey privkey, unsigned char* output,
unsigned int* outputLen, unsigned int maxOutputLen,
const unsigned char* input, unsigned int inputLen)
{
PK11SymKey* aes_key = NULL;
@ -344,8 +368,8 @@ PrivateKey_decrypt (PrivateKey privkey,
P_CHECKC(derive_dh_secret(&aes_key, privkey, eph_pub));
const int offset = CURVE25519_KEY_LEN + GCM_IV_LEN_BYTES;
P_CHECKC (PK11_Decrypt (aes_key, CKM_AES_GCM, &paramItem, output,
outputLen, maxOutputLen, input + offset, inputLen - offset));
P_CHECKC(PK11_Decrypt(aes_key, CKM_AES_GCM, &paramItem, output, outputLen,
maxOutputLen, input + offset, inputLen - offset));
cleanup:
PublicKey_clear(eph_pub);
@ -353,4 +377,3 @@ cleanup:
PK11_FreeSymKey(aes_key);
return rv;
}

14
third_party/prio/prio/encrypt.h поставляемый
Просмотреть файл

@ -6,7 +6,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#ifndef __ENCRYPT_H__
#define __ENCRYPT_H__
@ -53,10 +52,8 @@ SECStatus Keypair_new (PrivateKey *pvtkey, PublicKey *pubkey);
*
* The value `inputLen` must be smaller than `MAX_ENCRYPT_LEN`.
*/
SECStatus PublicKey_encrypt (PublicKey pubkey,
unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
SECStatus PublicKey_encrypt(PublicKey pubkey, unsigned char* output,
unsigned int* outputLen, unsigned int maxOutputLen,
const unsigned char* input, unsigned int inputLen);
/*
@ -64,11 +61,8 @@ SECStatus PublicKey_encrypt (PublicKey pubkey,
* buffer should be at least 16 bytes larger than the plaintext you expect. If
* `outputLen` >= `inputLen`, you should be safe.
*/
SECStatus PrivateKey_decrypt (PrivateKey privkey,
unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
SECStatus PrivateKey_decrypt(PrivateKey privkey, unsigned char* output,
unsigned int* outputLen, unsigned int maxOutputLen,
const unsigned char* input, unsigned int inputLen);
#endif /* __ENCRYPT_H__ */

18
third_party/prio/prio/mparray.c поставляемый
Просмотреть файл

@ -50,7 +50,8 @@ MPArray
MPArray_new_bool(int len, const bool* data_in)
{
MPArray arr = MPArray_new(len);
if (arr == NULL) return NULL;
if (arr == NULL)
return NULL;
for (int i = 0; i < len; i++) {
mp_set(&arr->data[i], data_in[i]);
@ -110,7 +111,8 @@ MPArray
MPArray_dup(const_MPArray src)
{
MPArray dst = MPArray_new(src->len);
if (!dst) return NULL;
if (!dst)
return NULL;
SECStatus rv = MPArray_copy(dst, src);
if (rv == SECSuccess) {
@ -136,10 +138,9 @@ MPArray_copy (MPArray dst, const_MPArray src)
return SECSuccess;
}
SECStatus
MPArray_set_share (MPArray arrA, MPArray arrB,
const_MPArray src, const_PrioConfig cfg)
MPArray_set_share(MPArray arrA, MPArray arrB, const_MPArray src,
const_PrioConfig cfg)
{
SECStatus rv = SECSuccess;
if (arrA->len != src->len || arrB->len != src->len)
@ -154,11 +155,11 @@ MPArray_set_share (MPArray arrA, MPArray arrB,
return rv;
}
void
MPArray_clear(MPArray arr)
{
if (arr == NULL) return;
if (arr == NULL)
return;
if (arr->data != NULL) {
for (int i = 0; i < arr->len; i++) {
@ -185,7 +186,8 @@ MPArray_addmod (MPArray dst, const_MPArray to_add, const mp_int *mod)
bool
MPArray_areEqual(const_MPArray arr1, const_MPArray arr2)
{
if (arr1->len != arr2->len) return false;
if (arr1->len != arr2->len)
return false;
for (int i = 0; i < arr1->len; i++) {
if (mp_cmp(&arr1->data[i], &arr2->data[i]))

11
third_party/prio/prio/mparray.h поставляемый
Просмотреть файл

@ -12,7 +12,8 @@
#include <mpi.h>
#include <mprio.h>
struct mparray {
struct mparray
{
int len;
mp_int* data;
};
@ -31,8 +32,8 @@ void MPArray_clear (MPArray arr);
* arrA and arrB. The lengths of the three input arrays
* must be identical.
*/
SECStatus MPArray_set_share (MPArray arrA, MPArray arrB,
const_MPArray src, const_PrioConfig cfg);
SECStatus MPArray_set_share(MPArray arrA, MPArray arrB, const_MPArray src,
const_PrioConfig cfg);
/*
* Initializes array with 0/1 values specified in boolean array `data_in`
@ -58,8 +59,7 @@ SECStatus MPArray_copy (MPArray dst, const_MPArray src);
/* For each index i into the array, set:
* dst[i] = dst[i] + to_add[i] (modulo mod)
*/
SECStatus MPArray_addmod (MPArray dst, const_MPArray to_add,
const mp_int *mod);
SECStatus MPArray_addmod(MPArray dst, const_MPArray to_add, const mp_int* mod);
/*
* Return true iff the two arrays are equal in length
@ -68,4 +68,3 @@ SECStatus MPArray_addmod (MPArray dst, const_MPArray to_add,
bool MPArray_areEqual(const_MPArray arr1, const_MPArray arr2);
#endif /* __MPARRAY_H__ */

13
third_party/prio/prio/params.h поставляемый
Просмотреть файл

@ -24,8 +24,7 @@ static const char *Modulus = "8000000000000000080001";
// order 2^Generator2Order in Z*_p.
static const int Generator2Order = 12;
static const char *Roots[] = {
"1",
static const char* Roots[] = { "1",
"5569560418e73ff9db709",
"5bf795c6d548a19b6ac340",
"760df490123f6613b0a970",
@ -4120,11 +4119,9 @@ static const char *Roots[] = {
"45440750f90776251263b4",
"3a8965cf80aa6c4410dfab",
"559bf101b9cff724b929cd",
"280f08134d28252bd0b713"
};
"280f08134d28252bd0b713" };
static const char *RootsInv[] = {
"1",
static const char* RootsInv[] = { "1",
"280f08134d28252bd0b713",
"559bf101b9cff724b929cd",
"3a8965cf80aa6c4410dfab",
@ -8219,8 +8216,6 @@ static const char *RootsInv[] = {
"7cec29d14a0eefb222bde7",
"760df490123f6613b0a970",
"5bf795c6d548a19b6ac340",
"5569560418e73ff9db709"
};
"5569560418e73ff9db709" };
#endif /* __PARAMS_H__ */

24
third_party/prio/prio/poly.c поставляемый
Просмотреть файл

@ -23,9 +23,8 @@
* They present this algorithm as Algorithm 8.14.
*/
static SECStatus
fft_recurse (mp_int *out, const mp_int *mod, int n,
const mp_int *roots, const mp_int *ys,
mp_int *tmp, mp_int *ySub, mp_int *rootsSub)
fft_recurse(mp_int* out, const mp_int* mod, int n, const mp_int* roots,
const mp_int* ys, mp_int* tmp, mp_int* ySub, mp_int* rootsSub)
{
if (n == 1) {
MP_CHECK(mp_copy(&ys[0], &out[0]));
@ -38,7 +37,8 @@ fft_recurse (mp_int *out, const mp_int *mod, int n,
MP_CHECK(mp_copy(&roots[2 * i], &rootsSub[i]));
}
MP_CHECK (fft_recurse (tmp, mod, n/2, rootsSub, ySub, &tmp[n/2], &ySub[n/2], &rootsSub[n/2]));
MP_CHECK(fft_recurse(tmp, mod, n / 2, rootsSub, ySub, &tmp[n / 2],
&ySub[n / 2], &rootsSub[n / 2]));
for (int i = 0; i < n / 2; i++) {
MP_CHECK(mp_copy(&tmp[i], &out[2 * i]));
}
@ -49,7 +49,8 @@ fft_recurse (mp_int *out, const mp_int *mod, int n,
MP_CHECK(mp_mulmod(&ySub[i], &roots[i], mod, &ySub[i]));
}
MP_CHECK (fft_recurse (tmp, mod, n/2, rootsSub, ySub, &tmp[n/2], &ySub[n/2], &rootsSub[n/2]));
MP_CHECK(fft_recurse(tmp, mod, n / 2, rootsSub, ySub, &tmp[n / 2],
&ySub[n / 2], &rootsSub[n / 2]));
for (int i = 0; i < n / 2; i++) {
MP_CHECK(mp_copy(&tmp[i], &out[2 * i + 1]));
}
@ -58,9 +59,8 @@ fft_recurse (mp_int *out, const mp_int *mod, int n,
}
static SECStatus
fft_interpolate_raw (mp_int *out,
const mp_int *ys, int nPoints, const mp_int *roots,
const mp_int *mod, bool invert)
fft_interpolate_raw(mp_int* out, const mp_int* ys, int nPoints,
const mp_int* roots, const mp_int* mod, bool invert)
{
SECStatus rv = SECSuccess;
mp_int tmp[nPoints];
@ -111,7 +111,8 @@ cleanup:
* of the n-th roots of unity.
*/
SECStatus
poly_fft_get_roots (mp_int *roots_out, int n_points, const_PrioConfig cfg, bool invert)
poly_fft_get_roots(mp_int* roots_out, int n_points, const_PrioConfig cfg,
bool invert)
{
if (n_points > cfg->n_roots)
return SECFailure;
@ -126,8 +127,8 @@ poly_fft_get_roots (mp_int *roots_out, int n_points, const_PrioConfig cfg, bool
}
SECStatus
poly_fft (MPArray points_out, const_MPArray points_in,
const_PrioConfig cfg, bool invert)
poly_fft(MPArray points_out, const_MPArray points_in, const_PrioConfig cfg,
bool invert)
{
SECStatus rv = SECSuccess;
const int n_points = points_in->len;
@ -147,7 +148,6 @@ poly_fft (MPArray points_out, const_MPArray points_in,
return SECSuccess;
}
SECStatus
poly_eval(mp_int* value, const_MPArray coeffs, const mp_int* eval_at,
const_PrioConfig cfg)

7
third_party/prio/prio/poly.h поставляемый
Просмотреть файл

@ -36,15 +36,12 @@ SECStatus poly_fft(MPArray points_out, const_MPArray points_in,
SECStatus poly_fft_get_roots(mp_int* roots_out, int n_points,
const_PrioConfig cfg, bool invert);
/*
* Evaluate the polynomial specified by the coefficients
* at the point `eval_at` and return the result as `value`.
*/
SECStatus poly_eval (mp_int *value, const_MPArray coeffs,
const mp_int *eval_at, const_PrioConfig cfg);
SECStatus poly_eval(mp_int* value, const_MPArray coeffs, const mp_int* eval_at,
const_PrioConfig cfg);
/*
* Interpolate the polynomial through the points

23
third_party/prio/prio/prg.c поставляемый
Просмотреть файл

@ -6,9 +6,9 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <blapit.h>
#include <mprio.h>
#include <nss/blapit.h>
#include <nss/pk11pub.h>
#include <pk11pub.h>
#include <string.h>
#include "prg.h"
@ -16,7 +16,8 @@
#include "share.h"
#include "util.h"
struct prg {
struct prg
{
PK11SlotInfo* slot;
PK11SymKey* key;
PK11Context* ctx;
@ -32,7 +33,8 @@ PRG
PRG_new(const PrioPRGSeed key_in)
{
PRG prg = malloc(sizeof(struct prg));
if (!prg) return NULL;
if (!prg)
return NULL;
prg->slot = NULL;
prg->key = NULL;
prg->ctx = NULL;
@ -56,8 +58,8 @@ PRG_new (const PrioPRGSeed key_in)
P_CHECKA(prg->key = PK11_ImportSymKey(prg->slot, cipher, PK11_OriginUnwrap,
CKA_ENCRYPT, &keyItem, NULL));
P_CHECKA (prg->ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT,
prg->key, &paramItem));
P_CHECKA(prg->ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, prg->key,
&paramItem));
cleanup:
if (rv != SECSuccess) {
@ -68,11 +70,11 @@ cleanup:
return prg;
}
void
PRG_clear(PRG prg)
{
if (!prg) return;
if (!prg)
return;
if (prg->key)
PK11_FreeSymKey(prg->key);
@ -136,10 +138,8 @@ cleanup:
return rv;
}
SECStatus
PRG_share_array (PRG prgB, MPArray arrA,
const_MPArray src, const_PrioConfig cfg)
PRG_share_array(PRG prgB, MPArray arrA, const_MPArray src, const_PrioConfig cfg)
{
SECStatus rv = SECSuccess;
if (arrA->len != src->len)
@ -152,5 +152,4 @@ PRG_share_array (PRG prgB, MPArray arrA,
}
return rv;
}

8
third_party/prio/prio/prg.h поставляемый
Просмотреть файл

@ -9,8 +9,8 @@
#ifndef __PRG_H__
#define __PRG_H__
#include <blapit.h>
#include <mpi.h>
#include <nss/blapit.h>
#include <stdlib.h>
#include "config.h"
@ -54,9 +54,7 @@ SECStatus PRG_get_array (PRG prg, MPArray arr, const mp_int *mod);
* provided by `prgB`. The arrays `src` and `arrA` must be the same
* length.
*/
SECStatus PRG_share_array (PRG prgB, MPArray arrA,
const_MPArray src, const_PrioConfig cfg);
SECStatus PRG_share_array(PRG prgB, MPArray arrA, const_MPArray src,
const_PrioConfig cfg);
#endif /* __PRG_H__ */

27
third_party/prio/prio/rand.c поставляемый
Просмотреть файл

@ -8,9 +8,9 @@
#include <limits.h>
#include <mprio.h>
#include <nss/nss.h>
#include <nss/pk11pub.h>
#include <nspr/prinit.h>
#include <nss.h>
#include <pk11pub.h>
#include <prinit.h>
#include "debug.h"
#include "rand.h"
@ -26,12 +26,10 @@ rand_init (void)
if (prioGlobalContext)
return SECSuccess;
prioGlobalContext = NSS_InitContext ("", "", "", "", NULL,
NSS_INIT_READONLY |
NSS_INIT_NOCERTDB |
NSS_INIT_NOMODDB |
NSS_INIT_FORCEOPEN |
NSS_INIT_NOROOTINIT);
prioGlobalContext =
NSS_InitContext("", "", "", "", NULL,
NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
return (prioGlobalContext != NULL) ? SECSuccess : SECFailure;
}
@ -53,8 +51,7 @@ rand_bytes_internal (void *user_data, unsigned char *out, size_t n_bytes)
unsigned char* cp = out;
while (to_go) {
int to_gen = MIN(CHUNK_SIZE, to_go);
if ((rv = PK11_GenerateRandom (cp, to_gen)) != SECSuccess)
{
if ((rv = PK11_GenerateRandom(cp, to_gen)) != SECSuccess) {
PRIO_DEBUG("Error calling PK11_GenerateRandom");
return SECFailure;
}
@ -79,8 +76,8 @@ rand_int (mp_int *out, const mp_int *max)
}
SECStatus
rand_int_rng (mp_int *out, const mp_int *max,
RandBytesFunc rng_func, void *user_data)
rand_int_rng(mp_int* out, const mp_int* max, RandBytesFunc rng_func,
void* user_data)
{
SECStatus rv = SECSuccess;
@ -109,7 +106,8 @@ rand_int_rng (mp_int *out, const mp_int *max,
// Mask off high-order bits that we will never need.
P_CHECK(rng_func(user_data, &buf[0], 1));
if (mask) buf[0] &= mask;
if (mask)
buf[0] &= mask;
MP_CHECK(mp_read_unsigned_octets(out, buf, nbytes));
} while (mp_cmp(out, max) != -1);
@ -129,4 +127,3 @@ rand_clear (void)
prioGlobalContext = NULL;
}

10
third_party/prio/prio/rand.h поставляемый
Просмотреть файл

@ -10,14 +10,15 @@
#define __RAND_H__
#include <mpi.h>
#include <nss/seccomon.h>
#include <seccomon.h>
#include <stdlib.h>
/*
* Typedef for function pointer. A function pointer of type RandBytesFunc
* points to a function that fills the buffer `out` of with `len` random bytes.
*/
typedef SECStatus (*RandBytesFunc) (void *user_data, unsigned char *out, size_t len);
typedef SECStatus (*RandBytesFunc)(void* user_data, unsigned char* out,
size_t len);
/*
* Initialize or cleanup the global random number generator
@ -47,8 +48,7 @@ SECStatus rand_int (mp_int *out, const mp_int *max);
* The pointer user_data is passed to RandBytesFung `rng` as a first
* argument.
*/
SECStatus rand_int_rng (mp_int *out, const mp_int *max,
RandBytesFunc rng, void *user_data);
SECStatus rand_int_rng(mp_int* out, const mp_int* max, RandBytesFunc rng,
void* user_data);
#endif /* __RAND_H__ */

10
third_party/prio/prio/serial.c поставляемый
Просмотреть файл

@ -110,8 +110,8 @@ cleanup:
}
static SECStatus
serial_read_mp_array (msgpack_unpacker *upk, MPArray arr, size_t len, const mp_int
*max)
serial_read_mp_array(msgpack_unpacker* upk, MPArray arr, size_t len,
const mp_int* max)
{
SECStatus rv = SECSuccess;
P_CHECKCB(upk != NULL);
@ -139,7 +139,6 @@ cleanup:
return rv;
}
static SECStatus
serial_write_beaver_triple(msgpack_packer* pk, const_BeaverTriple t)
{
@ -156,7 +155,8 @@ cleanup:
}
static SECStatus
serial_read_beaver_triple (msgpack_unpacker *pk, BeaverTriple t, const mp_int *max)
serial_read_beaver_triple(msgpack_unpacker* pk, BeaverTriple t,
const mp_int* max)
{
SECStatus rv = SECSuccess;
P_CHECKCB(pk != NULL);
@ -355,7 +355,6 @@ cleanup:
return rv;
}
SECStatus
PrioPacketVerify1_write(const_PrioPacketVerify1 p, msgpack_packer* pk)
{
@ -439,4 +438,3 @@ PrioTotalShare_read (PrioTotalShare t, msgpack_unpacker *upk,
cleanup:
return rv;
}

4
third_party/prio/prio/serial.h поставляемый
Просмотреть файл

@ -11,11 +11,11 @@
#include <mprio.h>
SECStatus serial_write_packet_client (msgpack_packer *pk, const_PrioPacketClient p,
SECStatus serial_write_packet_client(msgpack_packer* pk,
const_PrioPacketClient p,
const_PrioConfig cfg);
SECStatus serial_read_packet_client(msgpack_unpacker* upk, PrioPacketClient p,
const_PrioConfig cfg);
#endif /* __SERIAL_H__ */

81
third_party/prio/prio/server.c поставляемый
Просмотреть файл

@ -12,9 +12,9 @@
#include <stdlib.h>
#include "client.h"
#include "prg.h"
#include "poly.h"
#include "mparray.h"
#include "poly.h"
#include "prg.h"
#include "server.h"
#include "util.h"
@ -24,7 +24,8 @@ PrioServer_new (const_PrioConfig cfg, PrioServerId server_idx,
{
SECStatus rv = SECSuccess;
PrioServer s = malloc(sizeof(*s));
if (!s) return NULL;
if (!s)
return NULL;
s->cfg = cfg;
s->idx = server_idx;
s->priv_key = server_priv;
@ -46,7 +47,8 @@ cleanup:
void
PrioServer_clear(PrioServer s)
{
if (!s) return;
if (!s)
return;
PRG_clear(s->prg);
MPArray_clear(s->data_shares);
@ -76,7 +78,8 @@ PrioTotalShare
PrioTotalShare_new(void)
{
PrioTotalShare t = malloc(sizeof(*t));
if (!t) return NULL;
if (!t)
return NULL;
t->data_shares = MPArray_new(0);
if (!t->data_shares) {
@ -90,7 +93,8 @@ PrioTotalShare_new (void)
void
PrioTotalShare_clear(PrioTotalShare t)
{
if (!t) return;
if (!t)
return;
MPArray_clear(t->data_shares);
free(t);
}
@ -108,8 +112,7 @@ PrioTotalShare_set_data (PrioTotalShare t, const_PrioServer s)
}
SECStatus
PrioTotalShare_final (const_PrioConfig cfg,
unsigned long *output,
PrioTotalShare_final(const_PrioConfig cfg, unsigned long* output,
const_PrioTotalShare tA, const_PrioTotalShare tB)
{
if (tA->data_shares->len != cfg->num_data_fields)
@ -137,9 +140,9 @@ cleanup:
return rv;
}
inline static mp_int*
get_data_share (const_PrioVerifier v, int i) {
get_data_share(const_PrioVerifier v, int i)
{
switch (v->s->idx) {
case PRIO_SERVER_A:
return &v->clientp->shares.A.data_shares->data[i];
@ -151,7 +154,8 @@ get_data_share (const_PrioVerifier v, int i) {
}
inline static mp_int*
get_h_share (const_PrioVerifier v, int i) {
get_h_share(const_PrioVerifier v, int i)
{
switch (v->s->idx) {
case PRIO_SERVER_A:
return &v->clientp->shares.A.h_points->data[i];
@ -209,7 +213,8 @@ compute_shares (PrioVerifier v, const_PrioPacketClient p)
MP_CHECKC(mp_copy(&points_f->data[i], &points_g->data[i]));
if (!v->s->idx) {
MP_CHECKC(mp_sub_d(&points_g->data[i], 1, &points_g->data[i]));
MP_CHECKC (mp_mod(&points_g->data[i], &v->s->cfg->modulus, &points_g->data[i]));
MP_CHECKC(
mp_mod(&points_g->data[i], &v->s->cfg->modulus, &points_g->data[i]));
}
}
@ -231,11 +236,13 @@ cleanup:
return rv;
}
PrioVerifier PrioVerifier_new (PrioServer s)
PrioVerifier
PrioVerifier_new(PrioServer s)
{
SECStatus rv = SECSuccess;
PrioVerifier v = malloc(sizeof *v);
if (!v) return NULL;
if (!v)
return NULL;
v->s = s;
v->clientp = NULL;
@ -268,12 +275,13 @@ cleanup:
}
SECStatus
PrioVerifier_set_data (PrioVerifier v, unsigned char *data, unsigned int data_len)
PrioVerifier_set_data(PrioVerifier v, unsigned char* data,
unsigned int data_len)
{
SECStatus rv = SECSuccess;
PRG prgB = NULL;
P_CHECKC (PrioPacketClient_decrypt (v->clientp, v->s->cfg,
v->s->priv_key, data, data_len));
P_CHECKC(PrioPacketClient_decrypt(v->clientp, v->s->cfg, v->s->priv_key, data,
data_len));
PrioPacketClient p = v->clientp;
if (p->for_server != v->s->idx)
@ -307,10 +315,11 @@ cleanup:
return rv;
}
void PrioVerifier_clear (PrioVerifier v)
void
PrioVerifier_clear(PrioVerifier v)
{
if (v == NULL) return;
if (v == NULL)
return;
PrioPacketClient_clear(v->clientp);
MPArray_clear(v->data_sharesB);
MPArray_clear(v->h_pointsB);
@ -325,7 +334,8 @@ PrioPacketVerify1_new (void)
{
SECStatus rv = SECSuccess;
PrioPacketVerify1 p = malloc(sizeof *p);
if (!p) return NULL;
if (!p)
return NULL;
MP_DIGITS(&p->share_d) = NULL;
MP_DIGITS(&p->share_e) = NULL;
@ -345,7 +355,8 @@ cleanup:
void
PrioPacketVerify1_clear(PrioPacketVerify1 p)
{
if (!p) return;
if (!p)
return;
mp_clear(&p->share_d);
mp_clear(&p->share_e);
free(p);
@ -376,7 +387,8 @@ PrioPacketVerify2_new (void)
{
SECStatus rv = SECSuccess;
PrioPacketVerify2 p = malloc(sizeof *p);
if (!p) return NULL;
if (!p)
return NULL;
MP_DIGITS(&p->share_out) = NULL;
MP_CHECKC(mp_init(&p->share_out));
@ -392,14 +404,16 @@ cleanup:
void
PrioPacketVerify2_clear(PrioPacketVerify2 p)
{
if (!p) return;
if (!p)
return;
mp_clear(&p->share_out);
free(p);
}
SECStatus
PrioPacketVerify2_set_data(PrioPacketVerify2 p2, const_PrioVerifier v,
const_PrioPacketVerify1 p1A, const_PrioPacketVerify1 p1B)
const_PrioPacketVerify1 p1A,
const_PrioPacketVerify1 p1B)
{
SECStatus rv = SECSuccess;
@ -425,8 +439,7 @@ PrioPacketVerify2_set_data (PrioPacketVerify2 p2, const_PrioVerifier v,
// Compute d*e
MP_CHECKC(mp_mulmod(&d, &e, mod, &p2->share_out));
// out = d*e/2
MP_CHECKC (mp_mulmod (&p2->share_out, &v->s->cfg->inv2,
mod, &p2->share_out));
MP_CHECKC(mp_mulmod(&p2->share_out, &v->s->cfg->inv2, mod, &p2->share_out));
// Compute d[b]
MP_CHECKC(mp_mulmod(&d, &v->clientp->triple->b, mod, &tmp));
@ -439,7 +452,8 @@ PrioPacketVerify2_set_data (PrioPacketVerify2 p2, const_PrioVerifier v,
MP_CHECKC(mp_addmod(&p2->share_out, &tmp, mod, &p2->share_out));
// out = d*e/2 + d[b] + e[a] + [c]
MP_CHECKC (mp_addmod (&p2->share_out, &v->clientp->triple->c, mod, &p2->share_out));
MP_CHECKC(
mp_addmod(&p2->share_out, &v->clientp->triple->c, mod, &p2->share_out));
// We want to compute f(r)*g(r) - h(r),
// so subtract off [h(r)]:
@ -455,8 +469,8 @@ cleanup:
}
int
PrioVerifier_isValid (const_PrioVerifier v,
const_PrioPacketVerify2 pA, const_PrioPacketVerify2 pB)
PrioVerifier_isValid(const_PrioVerifier v, const_PrioPacketVerify2 pA,
const_PrioPacketVerify2 pB)
{
SECStatus rv = SECSuccess;
mp_int res;
@ -467,8 +481,8 @@ PrioVerifier_isValid (const_PrioVerifier v,
// ensure that the sum is equal to zero, which indicates
// that
// f(r) * g(r) == h(r).
MP_CHECKC (mp_addmod (&pA->share_out, &pB->share_out,
&v->s->cfg->modulus, &res));
MP_CHECKC(
mp_addmod(&pA->share_out, &pB->share_out, &v->s->cfg->modulus, &res));
rv = (mp_cmp_d(&res, 0) == 0) ? SECSuccess : SECFailure;
@ -476,6 +490,3 @@ cleanup:
mp_clear(&res);
return rv;
}

16
third_party/prio/prio/server.h поставляемый
Просмотреть файл

@ -13,12 +13,14 @@
#include "prg.h"
#include "share.h"
struct prio_total_share {
struct prio_total_share
{
PrioServerId idx;
MPArray data_shares;
};
struct prio_server {
struct prio_server
{
const_PrioConfig cfg;
PrioServerId idx;
@ -34,7 +36,8 @@ struct prio_server {
PRG prg;
};
struct prio_verifier {
struct prio_verifier
{
PrioServer s;
PrioPacketClient clientp;
@ -47,14 +50,15 @@ struct prio_verifier {
mp_int share_out;
};
struct prio_packet_verify1 {
struct prio_packet_verify1
{
mp_int share_d;
mp_int share_e;
};
struct prio_packet_verify2 {
struct prio_packet_verify2
{
mp_int share_out;
};
#endif /* __SERVER_H__ */

12
third_party/prio/prio/share.c поставляемый
Просмотреть файл

@ -12,10 +12,9 @@
#include "share.h"
#include "util.h"
SECStatus
share_int (const struct prio_config *cfg, const mp_int *src,
mp_int *shareA, mp_int *shareB)
share_int(const struct prio_config* cfg, const mp_int* src, mp_int* shareA,
mp_int* shareB)
{
SECStatus rv;
P_CHECK(rand_int(shareA, &cfg->modulus));
@ -48,11 +47,11 @@ cleanup:
return triple;
}
void
BeaverTriple_clear(BeaverTriple triple)
{
if (!triple) return;
if (!triple)
return;
mp_clear(&triple->a);
mp_clear(&triple->b);
mp_clear(&triple->c);
@ -102,7 +101,6 @@ BeaverTriple_set_rand (const struct prio_config *cfg,
bool
BeaverTriple_areEqual(const_BeaverTriple t1, const_BeaverTriple t2)
{
return (mp_cmp (&t1->a, &t2->a) == 0 &&
mp_cmp (&t1->b, &t2->b) == 0 &&
return (mp_cmp(&t1->a, &t2->a) == 0 && mp_cmp(&t1->b, &t2->b) == 0 &&
mp_cmp(&t1->c, &t2->c) == 0);
}

14
third_party/prio/prio/share.h поставляемый
Просмотреть файл

@ -6,7 +6,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#ifndef __SHARE_H__
#define __SHARE_H__
@ -14,7 +13,8 @@
#include "config.h"
struct beaver_triple {
struct beaver_triple
{
mp_int a;
mp_int b;
mp_int c;
@ -23,14 +23,12 @@ struct beaver_triple {
typedef struct beaver_triple* BeaverTriple;
typedef const struct beaver_triple* const_BeaverTriple;
/*
* Use secret sharing to split the int src into two shares.
* The mp_ints must be initialized.
*/
SECStatus share_int (const_PrioConfig cfg, const mp_int *src,
mp_int *shareA, mp_int *shareB);
SECStatus share_int(const_PrioConfig cfg, const mp_int* src, mp_int* shareA,
mp_int* shareB);
/*
* Prio uses Beaver triples to implement one step of the
@ -41,11 +39,9 @@ SECStatus share_int (const_PrioConfig cfg, const mp_int *src,
BeaverTriple BeaverTriple_new(void);
void BeaverTriple_clear(BeaverTriple t);
SECStatus BeaverTriple_set_rand (const_PrioConfig cfg,
BeaverTriple triple_a,
SECStatus BeaverTriple_set_rand(const_PrioConfig cfg, BeaverTriple triple_a,
BeaverTriple triple_b);
bool BeaverTriple_areEqual(const_BeaverTriple t1, const_BeaverTriple t2);
#endif /* __SHARE_H__ */

19
third_party/prio/prio/util.h поставляемый
Просмотреть файл

@ -52,12 +52,19 @@
} while (0);
// Check an MPI library call and return failure if it fails.
#define MP_CHECK(s) do { if((s) != MP_OKAY) return SECFailure; } while(0);
#define MP_CHECK(s) \
do { \
if ((s) != MP_OKAY) \
return SECFailure; \
} while (0);
// Check a msgpack object unpacked correctly
#define UP_CHECK(s) do { int r = (s); if(r != MSGPACK_UNPACK_SUCCESS &&\
r != MSGPACK_UNPACK_EXTRA_BYTES) \
return SECFailure; } while(0);
#define UP_CHECK(s) \
do { \
int r = (s); \
if (r != MSGPACK_UNPACK_SUCCESS && r != MSGPACK_UNPACK_EXTRA_BYTES) \
return SECFailure; \
} while (0);
// Check an MPI library call. If it fails, set the return code and jump
// to the cleanup label.
@ -89,7 +96,8 @@ static inline unsigned char
msb_mask(unsigned char val)
{
unsigned char mask;
for (mask = 0x00; (val & mask) != val; mask = (mask << 1) + 1);
for (mask = 0x00; (val & mask) != val; mask = (mask << 1) + 1)
;
return mask;
}
@ -99,4 +107,3 @@ msb_mask (unsigned char val)
#define UNUSED(x) (void)(x)
#endif /* __UTIL_H__ */

30
third_party/prio/ptest/MUTEST_LICENSE поставляемый
Просмотреть файл

@ -1,30 +0,0 @@
I don't like licenses, because I don't like having to worry about all this
legal stuff just for a simple piece of software I don't really mind anyone
using. But I also believe that it's important that people share and give back;
so I'm placing this work under the following license.
BOLA - Buena Onda License Agreement (v1.0)
------------------------------------------
This work is provided 'as-is', without any express or implied warranty. In no
event will the authors be held liable for any damages arising from the use of
this work.
To all effects and purposes, this work is to be considered Public Domain.
However, if you want to be "Buena onda", you should:
1. Not take credit for it, and give proper recognition to the authors.
2. Share your modifications, so everybody benefits from them.
4. Do something nice for the authors.
5. Help someone who needs it: sign up for some volunteer work or help your
neighbour paint the house.
6. Don't waste. Anything, but specially energy that comes from natural
non-renewable resources. Extra points if you discover or invent something
to replace them.
7. Be tolerant. Everything that's good in nature comes from cooperation.
The order is important, and the further you go the more "Buena onda" you are.
Make the world a better place: be "Buena onda".

44
third_party/prio/ptest/SConscript поставляемый
Просмотреть файл

@ -1,44 +0,0 @@
import sys
Import('env')
prio_env = env.Clone()
test_srcs = [
"mutest.c",
"client_test.c",
"example_test.c",
"encrypt_test.c",
"fft_test.c",
"mpi_test.c",
"prg_test.c",
"rand_test.c",
"serial_test.c",
"server_test.c",
"share_test.c",
]
libs = [
"nss3",
"mpi",
"mprio",
"msgpackc"
]
# Run the mutest script to generate the test harness code
bld = Builder(action = 'ptest/mkmutest ptest/mutest.h $SOURCES | $CC -c -xc -o $TARGET -')
prio_env.Append(BUILDERS = {'MkMutest' : bld})
prio_env.Append(LIBS = libs)
# Enable mpi print
prio_env.Append(CFLAGS = ['-DMP_IOFUNC'])
# Copy the mutest scripts to the build dir
prio_env.Install("mkmutest")
prio_env.Install("mutest.h")
test_objs = prio_env.Object(test_srcs)
test_main = prio_env.MkMutest(test_objs)
prio_env.Program("ptest", [test_main] + test_objs)

160
third_party/prio/ptest/client_test.c поставляемый
Просмотреть файл

@ -1,160 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mprio.h>
#include "prio/client.h"
#include "prio/server.h"
#include "prio/util.h"
#include "mutest.h"
void
mu_test_client__new (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
PrioPacketClient pA = NULL;
PrioPacketClient pB = NULL;
P_CHECKA (cfg = PrioConfig_newTest(23));
P_CHECKA (pA = PrioPacketClient_new (cfg, PRIO_SERVER_A));
P_CHECKA (pB = PrioPacketClient_new (cfg, PRIO_SERVER_B));
{
const int ndata = PrioConfig_numDataFields (cfg);
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
P_CHECKC (PrioPacketClient_set_data (cfg, data_items, pA, pB));
}
cleanup:
mu_check (rv == SECSuccess);
PrioPacketClient_clear (pA);
PrioPacketClient_clear (pB);
PrioConfig_clear (cfg);
}
void
test_client_agg (int nclients)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioTotalShare tA = NULL;
PrioTotalShare tB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
unsigned char *for_a = NULL;
unsigned char *for_b = NULL;
const unsigned char *batch_id = (unsigned char *)"test_batch";
unsigned int batch_id_len = strlen ((char *)batch_id);
PrioPRGSeed seed;
P_CHECKC (PrioPRGSeed_randomize (&seed));
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
P_CHECKA (cfg = PrioConfig_new (133, pkA, pkB, batch_id, batch_id_len));
P_CHECKA (sA = PrioServer_new (cfg, 0, skA, seed));
P_CHECKA (sB = PrioServer_new (cfg, 1, skB, seed));
P_CHECKA (tA = PrioTotalShare_new ());
P_CHECKA (tB = PrioTotalShare_new ());
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
const int ndata = PrioConfig_numDataFields (cfg);
{
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
for (int i=0; i < nclients; i++) {
unsigned int aLen, bLen;
P_CHECKC (PrioClient_encode (cfg, data_items, &for_a, &aLen,
&for_b, &bLen));
P_CHECKC (PrioVerifier_set_data (vA, for_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_b, bLen));
mu_check (PrioServer_aggregate (sA, vA) == SECSuccess);
mu_check (PrioServer_aggregate (sB, vB) == SECSuccess);
free (for_a);
free (for_b);
for_a = NULL;
for_b = NULL;
}
mu_check (PrioTotalShare_set_data (tA, sA) == SECSuccess);
mu_check (PrioTotalShare_set_data (tB, sB) == SECSuccess);
unsigned long output[ndata];
mu_check (PrioTotalShare_final (cfg, output, tA, tB) == SECSuccess);
for (int i=0; i < ndata; i++) {
unsigned long v = ((i % 3 == 1) || (i % 5 == 3));
mu_check (output[i] == v*nclients);
}
}
//rv = SECFailure;
//goto cleanup;
cleanup:
mu_check (rv == SECSuccess);
if (for_a) free (for_a);
if (for_b) free (for_b);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioTotalShare_clear (tA);
PrioTotalShare_clear (tB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
}
void
mu_test_client__agg_1 (void)
{
test_client_agg (1);
}
void
mu_test_client__agg_2 (void)
{
test_client_agg (2);
}
void
mu_test_client__agg_10 (void)
{
test_client_agg (10);
}

228
third_party/prio/ptest/encrypt_test.c поставляемый
Просмотреть файл

@ -1,228 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <nspr.h>
#include <nss/nss.h>
#include <nss/secoidt.h>
#include <nss/keyhi.h>
#include <nss/pk11pub.h>
#include <nss/cert.h>
#include "mutest.h"
#include "prio/encrypt.h"
#include "prio/rand.h"
#include "prio/util.h"
void
mu_test_keygen (void)
{
SECStatus rv = SECSuccess;
PublicKey pubkey = NULL;
PrivateKey pvtkey = NULL;
P_CHECKC (Keypair_new (&pvtkey, &pubkey));
mu_check (SECKEY_PublicKeyStrength (pubkey) == 32);
cleanup:
mu_check (rv == SECSuccess);
PublicKey_clear (pubkey);
PrivateKey_clear (pvtkey);
return;
}
void
test_encrypt_once (int bad, unsigned int inlen)
{
SECStatus rv = SECSuccess;
PublicKey pubkey = NULL;
PrivateKey pvtkey = NULL;
PublicKey pubkey2 = NULL;
PrivateKey pvtkey2 = NULL;
unsigned char *bytes_in = NULL;
unsigned char *bytes_enc = NULL;
unsigned char *bytes_dec = NULL;
unsigned int enclen;
P_CHECKC (PublicKey_encryptSize (inlen, &enclen));
unsigned int declen = enclen;
P_CHECKA (bytes_in = malloc (inlen));
P_CHECKA (bytes_enc = malloc (enclen));
P_CHECKA (bytes_dec= malloc (enclen));
P_CHECKC (rand_bytes (bytes_in, inlen));
memset (bytes_dec, 0, declen);
unsigned int encryptedBytes;
P_CHECKC (Keypair_new (&pvtkey, &pubkey));
P_CHECKC (Keypair_new (&pvtkey2, &pubkey2));
P_CHECKC (PublicKey_encrypt (pubkey, bytes_enc,
&encryptedBytes, enclen,
bytes_in, inlen));
mu_check (encryptedBytes == enclen);
if (bad == 1)
enclen = 30;
if (bad == 2) {
bytes_enc[4] = 6;
bytes_enc[5] = 0;
}
if (bad == 3) {
bytes_enc[40] = 6;
bytes_enc[41] = 0;
}
unsigned int decryptedBytes;
PrivateKey key_to_use = (bad == 4) ? pvtkey2 : pvtkey;
P_CHECKC (PrivateKey_decrypt (key_to_use, bytes_dec, &decryptedBytes, declen,
bytes_enc, enclen));
mu_check (decryptedBytes == inlen);
mu_check (!strncmp ((char *)bytes_in, (char *)bytes_dec, inlen));
cleanup:
mu_check (bad ? (rv == SECFailure) : (rv == SECSuccess));
if (bytes_in) free (bytes_in);
if (bytes_enc) free (bytes_enc);
if (bytes_dec) free (bytes_dec);
PublicKey_clear (pubkey);
PrivateKey_clear (pvtkey);
PublicKey_clear (pubkey2);
PrivateKey_clear (pvtkey2);
return;
}
void
mu_test_encrypt_good (void)
{
test_encrypt_once (0, 100);
}
void
mu_test_encrypt_good_long (void)
{
test_encrypt_once (0, 1000000);
}
void
mu_test_encrypt_too_short (void)
{
test_encrypt_once (1, 87);
}
void
mu_test_encrypt_garbage (void)
{
test_encrypt_once (2, 10023);
}
void
mu_test_encrypt_garbage2 (void)
{
test_encrypt_once (3, 8123);
}
void
mu_test_decrypt_wrong_key (void)
{
test_encrypt_once (4, 81230);
}
void
mu_test_export (void)
{
SECStatus rv = SECSuccess;
PublicKey pubkey = NULL;
unsigned char raw_bytes[CURVE25519_KEY_LEN];
unsigned char raw_bytes2[CURVE25519_KEY_LEN];
for (int i=0; i< CURVE25519_KEY_LEN; i++) {
raw_bytes[i] = (3*i+7) % 0xFF;
}
P_CHECKC (PublicKey_import (&pubkey, raw_bytes, CURVE25519_KEY_LEN));
P_CHECKC (PublicKey_export (pubkey, raw_bytes2));
for (int i=0; i< CURVE25519_KEY_LEN; i++) {
mu_check (raw_bytes[i] == raw_bytes2[i]);
}
cleanup:
mu_check (rv == SECSuccess);
PublicKey_clear (pubkey);
return;
}
void
mu_test_export_hex (void)
{
SECStatus rv = SECSuccess;
PublicKey pubkey = NULL;
const unsigned char hex_bytes[2*CURVE25519_KEY_LEN] = \
"102030405060708090A0B0C0D0E0F00000FFEEDDCCBBAA998877665544332211";
const unsigned char hex_bytesl[2*CURVE25519_KEY_LEN] = \
"102030405060708090a0B0C0D0E0F00000FfeEddcCbBaa998877665544332211";
const unsigned char raw_bytes_should[CURVE25519_KEY_LEN] = {
0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
0x90, 0xA0, 0xB0, 0xC0, 0xD0, 0xE0, 0xF0, 0x00,
0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99,
0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
unsigned char raw_bytes[CURVE25519_KEY_LEN];
unsigned char hex_bytes2[2*CURVE25519_KEY_LEN+1];
// Make sure that invalid lengths are rejected.
mu_check (PublicKey_import_hex (&pubkey, hex_bytes,
2*CURVE25519_KEY_LEN-1) == SECFailure);
mu_check (PublicKey_import_hex (&pubkey, hex_bytes,
2*CURVE25519_KEY_LEN+1) == SECFailure);
// Import a key in upper-case hex
P_CHECKC (PublicKey_import_hex (&pubkey, hex_bytes, 2*CURVE25519_KEY_LEN));
P_CHECKC (PublicKey_export (pubkey, raw_bytes));
PublicKey_clear (pubkey);
pubkey = NULL;
for (int i=0; i<CURVE25519_KEY_LEN; i++) {
mu_check (raw_bytes[i] == raw_bytes_should[i]);
}
// Import a key in mixed-case hex
P_CHECKC (PublicKey_import_hex (&pubkey, hex_bytesl, 2*CURVE25519_KEY_LEN));
P_CHECKC (PublicKey_export (pubkey, raw_bytes));
PublicKey_clear (pubkey);
pubkey = NULL;
for (int i=0; i<CURVE25519_KEY_LEN; i++) {
mu_check (raw_bytes[i] == raw_bytes_should[i]);
}
mu_check (PublicKey_import (&pubkey, raw_bytes_should,
CURVE25519_KEY_LEN-1) == SECFailure);
mu_check (PublicKey_import (&pubkey, raw_bytes_should,
CURVE25519_KEY_LEN+1) == SECFailure);
// Import a raw key and export as hex
P_CHECKC (PublicKey_import (&pubkey, raw_bytes_should, CURVE25519_KEY_LEN));
P_CHECKC (PublicKey_export_hex (pubkey, hex_bytes2));
for (int i=0; i<2*CURVE25519_KEY_LEN; i++) {
mu_check (hex_bytes[i] == hex_bytes2[i]);
}
mu_ensure (hex_bytes2[2*CURVE25519_KEY_LEN] == '\0');
cleanup:
mu_check (rv == SECSuccess);
PublicKey_clear (pubkey);
return;
}

21
third_party/prio/ptest/example_test.c поставляемый
Просмотреть файл

@ -1,21 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
//#include <stdio.h>
#include "mutest.h"
void
mu_test_example (void)
{
mu_check (1);
}

170
third_party/prio/ptest/fft_test.c поставляемый
Просмотреть файл

@ -1,170 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include <mprio.h>
#include <stdio.h>
#include "mutest.h"
#include "prio/config.h"
#include "prio/mparray.h"
#include "prio/poly.h"
#include "prio/util.h"
void
mu_test__fft_one (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
MPArray points_in = NULL;
MPArray points_out = NULL;
P_CHECKA (cfg = PrioConfig_newTest (123));
P_CHECKA (points_in = MPArray_new (1));
P_CHECKA (points_out = MPArray_new (1));
mp_set (&points_in->data[0], 3);
mu_check (poly_fft (points_out, points_in, cfg, false) == SECSuccess);
mu_check (mp_cmp_d(&points_in->data[0], 3) == 0);
mu_check (mp_cmp_d(&points_out->data[0], 3) == 0);
cleanup:
mu_check (rv == SECSuccess);
MPArray_clear (points_in);
MPArray_clear (points_out);
PrioConfig_clear (cfg);
}
void
mu_test__fft_roots (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
mp_int tmp;
MP_DIGITS (&tmp) = NULL;
P_CHECKA (cfg = PrioConfig_newTest (90));
MP_CHECKC (mp_init (&tmp));
mp_int roots[4];
poly_fft_get_roots (roots, 4, cfg, false);
for (int i=0; i<4; i++) {
mp_exptmod_d(&roots[i], 4, &cfg->modulus, &tmp);
mu_check (mp_cmp_d( &tmp, 1) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&tmp);
PrioConfig_clear (cfg);
}
void
mu_test__fft_simple (void)
{
SECStatus rv = SECSuccess;
const int nPoints = 4;
PrioConfig cfg = NULL;
MPArray points_in = NULL;
MPArray points_out = NULL;
mp_int should_be, tmp;
mp_int roots[nPoints];
MP_DIGITS (&should_be) = NULL;
MP_DIGITS (&tmp) = NULL;
for (int i=0; i<nPoints; i++) {
MP_DIGITS (&roots[i]) = NULL;
}
P_CHECKA (cfg = PrioConfig_newTest (140));
P_CHECKA (points_in = MPArray_new (nPoints));
P_CHECKA (points_out = MPArray_new (nPoints));
MP_CHECKC (mp_init (&should_be));
MP_CHECKC (mp_init (&tmp));
poly_fft_get_roots (roots, nPoints, cfg, false);
mp_set (&points_in->data[0], 3);
mp_set (&points_in->data[1], 8);
mp_set (&points_in->data[2], 7);
mp_set (&points_in->data[3], 9);
mu_check (poly_fft (points_out, points_in, cfg, false) == SECSuccess);
for (int i=0; i<nPoints; i++) {
mp_set (&should_be, 0);
for (int j=0; j<nPoints; j++) {
mu_check (mp_exptmod_d(&roots[i], j, &cfg->modulus, &tmp) == MP_OKAY);
mu_check (mp_mulmod(&tmp, &points_in->data[j], &cfg->modulus, &tmp) == MP_OKAY);
mu_check (mp_addmod(&should_be, &tmp, &cfg->modulus, &should_be) == MP_OKAY);
}
/*
puts("Should be:");
mp_print(&should_be, stdout);
puts("");
mp_print(&points_out[i], stdout);
puts("");
*/
mu_check (mp_cmp (&should_be, &points_out->data[i]) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&tmp);
mp_clear (&should_be);
MPArray_clear (points_in);
MPArray_clear (points_out);
PrioConfig_clear (cfg);
}
void
mu_test__fft_invert (void)
{
SECStatus rv = SECSuccess;
const int nPoints = 8;
PrioConfig cfg = NULL;
MPArray points_in = NULL;
MPArray points_out = NULL;
MPArray points_out2 = NULL;
mp_int roots[nPoints];
P_CHECKA (cfg = PrioConfig_newTest (91));
P_CHECKA (points_in = MPArray_new (nPoints));
P_CHECKA (points_out = MPArray_new (nPoints));
P_CHECKA (points_out2 = MPArray_new (nPoints));
poly_fft_get_roots (roots, nPoints, cfg, false);
mp_set (&points_in->data[0], 3);
mp_set (&points_in->data[1], 8);
mp_set (&points_in->data[2], 7);
mp_set (&points_in->data[3], 9);
mp_set (&points_in->data[4], 123);
mp_set (&points_in->data[5], 123123987);
mp_set (&points_in->data[6], 2);
mp_set (&points_in->data[7], 0);
mu_check (poly_fft(points_out, points_in, cfg, false) == SECSuccess);
mu_check (poly_fft(points_out2, points_out, cfg, true) == SECSuccess);
for (int i=0; i<nPoints; i++) {
mu_check (mp_cmp (&points_out2->data[i], &points_in->data[i]) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
MPArray_clear (points_in);
MPArray_clear (points_out);
MPArray_clear (points_out2);
PrioConfig_clear (cfg);
}

65
third_party/prio/ptest/mkmutest поставляемый
Просмотреть файл

@ -1,65 +0,0 @@
#!/usr/bin/env bash
#
# This file is part of mutest, a simple micro unit testing framework for C.
#
# mutest was written by Leandro Lucarella <llucax@gmail.com> and is released
# under the BOLA license, please see the LICENSE file or visit:
# http://blitiri.com.ar/p/bola/
#
# This is a simple script to generate a C file that runs all the test suites
# present in .o files passed as arguments.
#
# Please, read the README file for more details.
#
# the trick here is getting all the test cases present in an object file using
# nm. All the tests must take and return void, start with "mutest_" and, of
# course, should not be static, which leads to a small limitation: all test
# cases must have unique names, even across test suites.
# the first argument should be mutest.h
if [ -z "$1" ]
then
echo "Too few arguments" >&2
echo "Usage: $0 mutest_h_location [object files...]" >&2
exit 1
fi
mutest_h="$1"
shift
echo "#include \"$mutest_h\""
echo "void mu_run_suites() {"
echo
for file in "$@"
do
pr_file=`echo "$file" | sed 's/\"/\\\\\"/g'`
suite=`basename "$file" .o | sed 's/\"/\\\\\"/g'`
#symbols=`nm "$file" | egrep '^[[:xdigit:]]{8} T mu_\w+$' | cut -c12-`
symbols=`nm "$file" | egrep ' T _mu_\w+$' | cut -c21-`
symbols+=`nm "$file" | egrep ' T mu_\w+$' | cut -c20-`
tests=`echo "$symbols" | egrep '^mu_test'`
inits=`echo "$symbols" | egrep '^mu_init'`
terms=`echo "$symbols" | egrep '^mu_term'`
echo -e '\tdo {'
echo -e '\t\tmutest_suite_name = "'"$suite"'";'
echo -e '\t\tmu_print(MU_SUITE, "\\nRunning suite '"'$suite'"'\\n");'
for init in $inits
do
echo -e "\\t\\tmu_run_init($init);"
done
for testcase in $tests
do
echo -e "\t\tmu_run_case($testcase);"
done
for term in $terms
do
echo -e "\t\tmu_run_term($term);"
done
echo -e "\t\tif (mutest_suite_failed) ++mutest_failed_suites;"
echo -e "\t\telse ++mutest_passed_suites;"
echo -e "\t\tmutest_suite_failed = 0;"
echo -e '\t} while (0);'
echo
done
echo "}"

38
third_party/prio/ptest/mpi_test.c поставляемый
Просмотреть файл

@ -1,38 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include "mutest.h"
void
mu_test_mpi__add (void)
{
mp_int a;
mp_int b;
mp_int c;
mu_check (mp_init (&a) == MP_OKAY);
mu_check (mp_init (&b) == MP_OKAY);
mu_check (mp_init (&c) == MP_OKAY);
mp_set (&a, 10);
mp_set (&b, 7);
mp_add (&a, &b, &c);
mp_set (&a, 17);
mu_check (mp_cmp (&a, &c) == 0);
mp_clear (&a);
mp_clear (&b);
mp_clear (&c);
}

94
third_party/prio/ptest/mutest.c поставляемый
Просмотреть файл

@ -1,94 +0,0 @@
/*
* This file is part of mutest, a simple micro unit testing framework for C.
*
* mutest was written by Leandro Lucarella <llucax@gmail.com> and is released
* under the BOLA license, please see the LICENSE file or visit:
* http://blitiri.com.ar/p/bola/
*
* This is the main program, it runs all the test suites and shows the
* results. The main work (of running the test suite) is done by the (usually)
* synthesized mu_run_suites() function, which can be generated using the
* mkmutest script (or written manually).
*
* Please, read the README file for more details.
*/
#include <mprio.h>
#include <stdio.h> /* printf(), fprintf() */
#include <string.h> /* strncmp() */
#include "mutest.h" /* MU_* constants, mu_print() */
/*
* note that all global variables are public because they need to be accessed
* from other modules, like the test suites or the module implementing
* mu_run_suites()
*/
/* globals for managing test suites */
const char* mutest_suite_name;
int mutest_failed_suites;
int mutest_passed_suites;
int mutest_skipped_suites;
int mutest_suite_failed;
/* globals for managing test cases */
const char* mutest_case_name;
int mutest_failed_cases;
int mutest_passed_cases;
int mutest_case_failed;
/* globals for managing checks */
int mutest_failed_checks;
int mutest_passed_checks;
/* verbosity level, see mutest.h */
int mutest_verbose_level = 1; /* exported for use in test suites */
/*
* only -v is supported right now, both "-v -v" and "-vv" are accepted for
* increasing the verbosity by 2.
*/
void parse_args(__attribute__((unused)) int argc, char* argv[]) {
while (*++argv) {
if (strncmp(*argv, "-v", 2) == 0) {
++mutest_verbose_level;
char* c = (*argv) + 1;
while (*++c) {
if (*c != 'v')
break;
++mutest_verbose_level;
}
}
}
}
int main(int argc, char* argv[]) {
Prio_init ();
parse_args(argc, argv);
mu_run_suites();
Prio_clear ();
mu_print(MU_SUMMARY, "\n"
"Tests done:\n"
"\t%d test suite(s) passed, %d failed, %d skipped.\n"
"\t%d test case(s) passed, %d failed.\n"
"\t%d check(s) passed, %d failed.\n"
"\n",
mutest_passed_suites, mutest_failed_suites,
mutest_skipped_suites,
mutest_passed_cases, mutest_failed_cases,
mutest_passed_checks, mutest_failed_checks);
return (mutest_failed_suites + mutest_skipped_suites) ? 1 : 0;
}

248
third_party/prio/ptest/mutest.h поставляемый
Просмотреть файл

@ -1,248 +0,0 @@
/*
* This file is part of mutest, a simple micro unit testing framework for C.
*
* mutest was written by Leandro Lucarella <llucax@gmail.com> and is released
* under the BOLA license, please see the LICENSE file or visit:
* http://blitiri.com.ar/p/bola/
*
* This header file should be included in the source files that will make up
* a test suite. It's used for both C and Python implementation, but when
* using the Python implementation you should define the MUTEST_PY macro.
* If you implement your mu_run_suites() function yourself, you probably will
* need to include this header too (see mkmutest).
*
* Please, read the README file for more details.
*/
#include <stdio.h> /* fprintf() */
#ifdef __cplusplus
extern "C" {
#endif
/* verbosity level (each level shows all the previous levels too) */
enum {
MU_QUIET = 0, /* be completely quiet */
MU_ERROR, /* shows errors only */
MU_SUMMARY, /* shows a summary */
MU_SUITE, /* shows test suites progress */
MU_CASE, /* shows test cases progress */
MU_CHECK /* shows the current running check */
};
/* print a message according to the verbosity level */
#define mu_print(level, ...) \
do { \
if (mutest_verbose_level >= level) { \
if (mutest_verbose_level == MU_ERROR) \
fprintf(stderr, __VA_ARGS__); \
else \
fprintf(stdout, __VA_ARGS__); \
} \
} while (0)
/* print an error message */
#define mu_printerr(name, action) \
mu_print(MU_ERROR, __FILE__ ":%d: " name " failed, "\
action " test case\n", __LINE__);
/* modify the internal state so a failure gets counted */
#define mutest_count_err ++mutest_failed_checks; mutest_case_failed = 1;
/* modify the internal state so a success gets counted */
#define mutest_count_suc ++mutest_passed_checks;
#ifdef __cplusplus
#include <exception>
/* print an error message triggered by a C++ exception */
#define mu_printex(name, action, ex) \
mu_print(MU_ERROR, __FILE__ ":%d: " name " failed, " \
"exception thrown (%s), " action \
" test case\n", __LINE__, ex);
#define mutest_try try {
#define mutest_catch(name, action, final) \
} catch (const std::exception& e) { \
mutest_count_err \
mu_printex(name, action, e.what()); \
final; \
} catch (...) { \
mutest_count_err \
mu_printex(name, action, "[unknown]"); \
final; \
}
#else /* !__cplusplus */
#define mutest_try
#define mutest_catch(name, action, exp)
#endif /* __cplusplus */
/* check that an expression evaluates to true, continue if the check fails */
#define mu_check_base(exp, name, action, final) \
do { \
mu_print(MU_CHECK, "\t\t* Checking " name "(" #exp ")...\n"); \
mutest_try \
if (exp) mutest_count_suc \
else { \
mutest_count_err \
mu_printerr(name "(" #exp ")", action); \
final; \
} \
mutest_catch(name, action, final) \
} while (0)
/* check that an expression evaluates to true, continue if the check fails */
#define mu_check(exp) mu_check_base(exp, "mu_check", "resuming", continue)
/*
* ensure that an expression evaluates to true, abort the current test
* case if the check fails
*/
#define mu_ensure(exp) mu_check_base(exp, "mu_ensure", "aborting", return)
#ifdef __cplusplus
#define mu_echeck_base(ex, exp, name, action, final) \
do { \
mu_print(MU_CHECK, "\t\t* Checking " name "(" #ex ", " #exp \
")...\n"); \
try { \
exp; \
mutest_count_err \
mu_printerr(name "(" #ex ", " #exp ")", \
"no exception thrown, " action); \
final; \
} catch (const ex& e) { \
mutest_count_suc \
} catch (const std::exception& e) { \
mutest_count_err \
mu_printex(name "(" #ex ", " #exp ")", action, \
e.what()); \
final; \
} catch (...) { \
mutest_count_err \
mu_printex(name "(" #ex ", " #exp ")", action, \
"[unknown]"); \
final; \
} \
} while (0)
/*
* check that an expression throws a particular exception, continue if the
* check fails
*/
#define mu_echeck(ex, exp) \
mu_echeck_base(ex, exp, "mu_echeck", "resuming", continue)
/*
* ensure that an expression throws a particular exception, abort the current
* test case if the check fails
*/
#define mu_eensure(ex, exp) \
mu_echeck_base(ex, exp, "mu_eensure", "aborting", return)
#endif /* __cplusplus */
#ifndef MUTEST_PY /* we are using the C implementation */
/*
* this function implements the test suites execution, you should generate
* a module with this function using mkmutest, or take a look to that script
* if you want to implement your own customized version */
void mu_run_suites();
/* macro for running a single initialization function */
#ifndef mu_run_init
#define mu_run_init(name) \
{ \
int name(); \
int r; \
mu_print(MU_CASE, "\t+ Executing initialization function " \
"'" #name "'...\n"); \
if ((r = name())) { \
mu_print(MU_ERROR, "%s:" #name ": initialization " \
"function failed (returned %d), " \
"skipping test suite...\n", \
mutest_suite_name, r); \
++mutest_skipped_suites; \
break; \
} \
} do { } while (0)
#endif /* mu_run_init */
/* macro for running a single test case */
#ifndef mu_run_case
#define mu_run_case(name) \
do { \
mu_print(MU_CASE, "\t* Executing test case '" #name "'...\n");\
mutest_case_name = #name; \
void name(); \
name(); \
if (mutest_case_failed) { \
++mutest_failed_cases; \
mutest_suite_failed = 1; \
} else ++mutest_passed_cases; \
mutest_case_failed = 0; \
} while (0)
#endif /* mu_run_case */
/* macro for running a single termination function */
#ifndef mu_run_term
#define mu_run_term(name) \
do { \
mu_print(MU_CASE, "\t- Executing termination function '" \
#name "'...\n"); \
void name(); \
name(); \
} while (0)
#endif /* mu_run_term */
/*
* mutest exported variables for internal use, do not use directly unless you
* know what you're doing.
*/
extern const char* mutest_suite_name;
extern int mutest_failed_suites;
extern int mutest_passed_suites;
extern int mutest_skipped_suites;
extern int mutest_suite_failed;
/* test cases */
extern const char* mutest_case_name;
extern int mutest_failed_cases;
extern int mutest_passed_cases;
extern int mutest_case_failed;
/* checks */
extern int mutest_failed_checks;
extern int mutest_passed_checks;
/* verbosity */
extern int mutest_verbose_level;
#else /* MUTEST_PY is defined, using the Python implementation */
/* this increments when the "API" changes, it's just for sanity check */
int mutest_api_version = 1;
int mutest_case_failed; /* unused, for C implementation compatibility */
int mutest_passed_checks;
int mutest_failed_checks;
void mutest_reset_counters() {
mutest_passed_checks = 0;
mutest_failed_checks = 0;
}
int mutest_verbose_level = MU_ERROR;
void mutest_set_verbose_level(int val) {
mutest_verbose_level = val;
}
#endif /* MUTEST_PY */
#ifdef __cplusplus
}
#endif

345
third_party/prio/ptest/prg_test.c поставляемый
Просмотреть файл

@ -1,345 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include "mutest.h"
#include "prio/prg.h"
#include "prio/util.h"
void
mu_test__prg_simple (void)
{
SECStatus rv = SECSuccess;
PrioPRGSeed key;
PRG prg = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg = PRG_new (key));
cleanup:
mu_check (rv == SECSuccess);
PRG_clear (prg);
}
void
mu_test__prg_repeat (void)
{
SECStatus rv = SECSuccess;
const int buflen = 10000;
unsigned char buf1[buflen];
unsigned char buf2[buflen];
PrioPRGSeed key;
PRG prg1 = NULL;
PRG prg2 = NULL;
buf1[3] = 'a';
buf2[3] = 'b';
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg1 = PRG_new (key));
P_CHECKA (prg2 = PRG_new (key));
P_CHECKC (PRG_get_bytes (prg1, buf1, buflen));
P_CHECKC (PRG_get_bytes (prg2, buf2, buflen));
bool all_zero = true;
for (int i=0; i<buflen; i++) {
mu_check (buf1[i] == buf2[i]);
if (buf1[i]) all_zero = false;
}
mu_check (!all_zero);
cleanup:
mu_check (rv == SECSuccess);
PRG_clear (prg1);
PRG_clear (prg2);
}
void
mu_test__prg_repeat_int (void)
{
SECStatus rv = SECSuccess;
const int tries = 10000;
mp_int max;
mp_int out1;
mp_int out2;
MP_DIGITS (&max) = NULL;
MP_DIGITS (&out1) = NULL;
MP_DIGITS (&out2) = NULL;
PrioPRGSeed key;
PRG prg1 = NULL;
PRG prg2 = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg1 = PRG_new (key));
P_CHECKA (prg2 = PRG_new (key));
MP_CHECKC (mp_init (&max));
MP_CHECKC (mp_init (&out1));
MP_CHECKC (mp_init (&out2));
for (int i=0; i<tries; i++) {
mp_set (&max, i+1);
P_CHECKC (PRG_get_int (prg1, &out1, &max));
P_CHECKC (PRG_get_int (prg2, &out2, &max));
mu_check (mp_cmp (&out1, &out2) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
PRG_clear (prg1);
PRG_clear (prg2);
mp_clear (&max);
mp_clear (&out1);
mp_clear (&out2);
}
void
test_prg_once (int limit)
{
SECStatus rv = SECSuccess;
PrioPRGSeed key;
mp_int max;
mp_int out;
PRG prg = NULL;
MP_DIGITS (&max) = NULL;
MP_DIGITS (&out) = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg = PRG_new (key));
MP_CHECKC (mp_init (&max));
MP_CHECKC (mp_init (&out));
mp_set (&max, limit);
P_CHECKC (PRG_get_int (prg, &out, &max));
mu_check (mp_cmp_d (&out, limit) == -1);
mu_check (mp_cmp_z (&out) > -1);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
mp_clear (&out);
PRG_clear (prg);
}
void
mu_test_prg__multiple_of_8 (void)
{
test_prg_once (256);
test_prg_once (256*256);
}
void
mu_test_prg__near_multiple_of_8 (void)
{
test_prg_once (256+1);
test_prg_once (256*256+1);
}
void
mu_test_prg__odd (void)
{
test_prg_once (39);
test_prg_once (123);
test_prg_once (993123);
}
void
mu_test_prg__large (void)
{
test_prg_once (1231239933);
}
void
mu_test_prg__bit(void)
{
test_prg_once (1);
for (int i = 0; i < 100; i++)
test_prg_once (2);
}
void
test_prg_distribution (int limit)
{
int bins[limit];
SECStatus rv = SECSuccess;
PrioPRGSeed key;
mp_int max;
mp_int out;
PRG prg = NULL;
MP_DIGITS (&max) = NULL;
MP_DIGITS (&out) = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg = PRG_new (key));
MP_CHECKC (mp_init (&max));
MP_CHECKC (mp_init (&out));
mp_set (&max, limit);
for (int i = 0; i < limit; i++) {
bins[i] = 0;
}
for (int i = 0; i < limit*limit; i++) {
P_CHECKC (PRG_get_int (prg, &out, &max));
mu_check (mp_cmp_d (&out, limit) == -1);
mu_check (mp_cmp_z (&out) > -1);
unsigned char ival[2] = {0x00, 0x00};
MP_CHECKC (mp_to_fixlen_octets (&out, ival, 2));
if (ival[1] + 256*ival[0] < limit) {
bins[ival[1] + 256*ival[0]] += 1;
} else {
mu_check (false);
}
}
for (int i = 0; i < limit; i++) {
mu_check (bins[i] > limit/2);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
mp_clear (&out);
PRG_clear (prg);
}
void
mu_test__prg_distribution123 (void)
{
test_prg_distribution(123);
}
void
mu_test__prg_distribution257 (void)
{
test_prg_distribution(257);
}
void
mu_test__prg_distribution259 (void)
{
test_prg_distribution(259);
}
void
test_prg_distribution_large (mp_int *max)
{
const int limit = 16;
int bins[limit];
SECStatus rv = SECSuccess;
PrioPRGSeed key;
mp_int out;
PRG prg = NULL;
MP_DIGITS (&out) = NULL;
P_CHECKC (PrioPRGSeed_randomize (&key));
P_CHECKA (prg = PRG_new (key));
MP_CHECKC (mp_init (&out));
for (int i = 0; i < limit; i++) {
bins[i] = 0;
}
for (int i = 0; i < 100*limit*limit; i++) {
MP_CHECKC (PRG_get_int (prg, &out, max));
mu_check (mp_cmp (&out, max) == -1);
mu_check (mp_cmp_z (&out) > -1);
unsigned long res;
MP_CHECKC (mp_mod_d (&out, limit, &res));
bins[res] += 1;
}
for (int i = 0; i < limit; i++) {
mu_check (bins[i] > limit/2);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&out);
PRG_clear (prg);
}
void
mu_test__prg_distribution_large (void)
{
SECStatus rv = SECSuccess;
mp_int max;
MP_DIGITS (&max) = NULL;
MP_CHECKC (mp_init (&max));
char bytes[] = "FF1230985198451798EDC8123";
MP_CHECKC (mp_read_radix (&max, bytes, 16));
test_prg_distribution_large (&max);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
}
void
mu_test__prg_share_arr (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
MPArray arr = NULL;
MPArray arr_share = NULL;
PRG prg = NULL;
PrioPRGSeed seed;
P_CHECKA (cfg = PrioConfig_newTest (72));
P_CHECKC (PrioPRGSeed_randomize (&seed));
P_CHECKA (arr = MPArray_new (10));
P_CHECKA (arr_share = MPArray_new (10));
P_CHECKA (prg = PRG_new (seed));
for (int i=0; i<10; i++) {
mp_set (&arr->data[i], i);
}
P_CHECKC (PRG_share_array (prg, arr_share, arr, cfg));
// Reset PRG
PRG_clear (prg);
P_CHECKA (prg = PRG_new (seed));
// Read pseudorandom values into arr
P_CHECKC (PRG_get_array (prg, arr, &cfg->modulus));
for (int i=0; i<10; i++) {
MP_CHECKC (mp_addmod (&arr->data[i], &arr_share->data[i],
&cfg->modulus, &arr->data[i]));
mu_check (mp_cmp_d (&arr->data[i], i) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
PRG_clear (prg);
MPArray_clear (arr);
MPArray_clear (arr_share);
PrioConfig_clear (cfg);
}

194
third_party/prio/ptest/rand_test.c поставляемый
Просмотреть файл

@ -1,194 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include "mutest.h"
#include "prio/rand.h"
#include "prio/util.h"
void
mu_test__util_msb_mast (void)
{
mu_check (msb_mask (0x01) == 0x01);
mu_check (msb_mask (0x02) == 0x03);
mu_check (msb_mask (0x0C) == 0x0F);
mu_check (msb_mask (0x1C) == 0x1F);
mu_check (msb_mask (0xFF) == 0xFF);
}
void
test_rand_once (int limit)
{
mp_int max;
mp_int out;
mu_check (mp_init (&max) == MP_OKAY);
mu_check (mp_init (&out) == MP_OKAY);
mp_set (&max, limit);
mu_check (rand_int (&out, &max) == MP_OKAY);
mu_check (mp_cmp_d (&out, limit) == -1);
mu_check (mp_cmp_z (&out) > -1);
mp_clear (&max);
mp_clear (&out);
}
void
mu_test_rand__multiple_of_8 (void)
{
test_rand_once (256);
test_rand_once (256*256);
}
void
mu_test_rand__near_multiple_of_8 (void)
{
test_rand_once (256+1);
test_rand_once (256*256+1);
}
void
mu_test_rand__odd (void)
{
test_rand_once (39);
test_rand_once (123);
test_rand_once (993123);
}
void
mu_test_rand__large (void)
{
test_rand_once (1231239933);
}
void
mu_test_rand__bit(void)
{
test_rand_once (1);
for (int i = 0; i < 100; i++)
test_rand_once (2);
}
void
test_rand_distribution (int limit)
{
SECStatus rv = SECSuccess;
int bins[limit];
mp_int max;
mp_int out;
MP_DIGITS (&max) = NULL;
MP_DIGITS (&out) = NULL;
MP_CHECKC (mp_init (&max));
MP_CHECKC (mp_init (&out));
mp_set (&max, limit);
for (int i = 0; i < limit; i++) {
bins[i] = 0;
}
for (int i = 0; i < limit*limit; i++) {
mu_check (rand_int (&out, &max) == MP_OKAY);
mu_check (mp_cmp_d (&out, limit) == -1);
mu_check (mp_cmp_z (&out) > -1);
unsigned char ival[2] = {0x00, 0x00};
MP_CHECKC (mp_to_fixlen_octets (&out, ival, 2));
if (ival[1] + 256*ival[0] < limit) {
bins[ival[1] + 256*ival[0]] += 1;
} else {
mu_check (false);
}
}
for (int i = 0; i < limit; i++) {
mu_check (bins[i] > limit/2);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
mp_clear (&out);
}
void
mu_test__rand_distribution123 (void)
{
test_rand_distribution(123);
}
void
mu_test__rand_distribution257 (void)
{
test_rand_distribution(257);
}
void
mu_test__rand_distribution259 (void)
{
test_rand_distribution(259);
}
void
test_rand_distribution_large (mp_int *max)
{
SECStatus rv = SECSuccess;
int limit = 16;
int bins[limit];
mp_int out;
MP_DIGITS (&out) = NULL;
MP_CHECKC (mp_init (&out));
for (int i = 0; i < limit; i++) {
bins[i] = 0;
}
for (int i = 0; i < 100*limit*limit; i++) {
MP_CHECKC (rand_int (&out, max));
mu_check (mp_cmp (&out, max) == -1);
mu_check (mp_cmp_z (&out) > -1);
unsigned long res;
MP_CHECKC (mp_mod_d (&out, limit, &res));
bins[res] += 1;
}
for (int i = 0; i < limit; i++) {
mu_check (bins[i] > limit/2);
}
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&out);
}
void
mu_test__rand_distribution_large (void)
{
SECStatus rv = SECSuccess;
mp_int max;
MP_DIGITS (&max) = NULL;
MP_CHECKC (mp_init (&max));
char bytes[] = "FF1230985198451798EDC8123";
MP_CHECKC (mp_read_radix (&max, bytes, 16));
test_rand_distribution_large (&max);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&max);
}

319
third_party/prio/ptest/serial_test.c поставляемый
Просмотреть файл

@ -1,319 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mprio.h>
#include <msgpack.h>
#include <string.h>
#include "mutest.h"
#include "prio/client.h"
#include "prio/config.h"
#include "prio/serial.h"
#include "prio/server.h"
#include "prio/util.h"
SECStatus
gen_client_packets (const_PrioConfig cfg, PrioPacketClient pA, PrioPacketClient pB)
{
SECStatus rv = SECSuccess;
const int ndata = cfg->num_data_fields;
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
P_CHECKC (PrioPacketClient_set_data (cfg, data_items, pA, pB));
cleanup:
return rv;
}
void serial_client (int bad)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
PrioConfig cfg2 = NULL;
PrioPacketClient pA = NULL;
PrioPacketClient pB = NULL;
PrioPacketClient qA = NULL;
PrioPacketClient qB = NULL;
const unsigned char *batch_id1 = (unsigned char *)"my_test_prio_batch1";
const unsigned char *batch_id2 = (unsigned char *)"my_test_prio_batch2";
const unsigned int batch_id_len = strlen ((char *)batch_id1);
msgpack_sbuffer sbufA, sbufB;
msgpack_packer pkA, pkB;
msgpack_unpacker upkA, upkB;
msgpack_sbuffer_init (&sbufA);
msgpack_packer_init (&pkA, &sbufA, msgpack_sbuffer_write);
msgpack_sbuffer_init (&sbufB);
msgpack_packer_init (&pkB, &sbufB, msgpack_sbuffer_write);
P_CHECKA (cfg = PrioConfig_new (100, NULL, NULL, batch_id1, batch_id_len));
P_CHECKA (cfg2 = PrioConfig_new (100, NULL, NULL, batch_id2, batch_id_len));
P_CHECKA (pA = PrioPacketClient_new (cfg, PRIO_SERVER_A));
P_CHECKA (pB = PrioPacketClient_new (cfg, PRIO_SERVER_B));
P_CHECKA (qA = PrioPacketClient_new (cfg, PRIO_SERVER_A));
P_CHECKA (qB = PrioPacketClient_new (cfg, PRIO_SERVER_B));
P_CHECKC (gen_client_packets (cfg, pA, pB));
P_CHECKC (serial_write_packet_client (&pkA, pA, cfg));
P_CHECKC (serial_write_packet_client (&pkB, pB, cfg));
if (bad == 1) {
sbufA.size = 1;
}
if (bad == 2) {
memset (sbufA.data, 0, sbufA.size);
}
const int size_a = sbufA.size;
const int size_b = sbufB.size;
P_CHECKCB (msgpack_unpacker_init (&upkA, 0));
P_CHECKCB (msgpack_unpacker_init (&upkB, 0));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upkA, size_a));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upkB, size_b));
memcpy (msgpack_unpacker_buffer (&upkA), sbufA.data, size_a);
memcpy (msgpack_unpacker_buffer (&upkB), sbufB.data, size_b);
msgpack_unpacker_buffer_consumed (&upkA, size_a);
msgpack_unpacker_buffer_consumed (&upkB, size_b);
P_CHECKC (serial_read_packet_client (&upkA, qA, cfg));
P_CHECKC (serial_read_packet_client (&upkB, qB, (bad == 3) ? cfg2 : cfg));
if (!bad) {
mu_check (PrioPacketClient_areEqual (pA, qA));
mu_check (PrioPacketClient_areEqual (pB, qB));
mu_check (!PrioPacketClient_areEqual (pB, qA));
mu_check (!PrioPacketClient_areEqual (pA, qB));
}
cleanup:
PrioPacketClient_clear (pA);
PrioPacketClient_clear (pB);
PrioPacketClient_clear (qA);
PrioPacketClient_clear (qB);
PrioConfig_clear (cfg);
PrioConfig_clear (cfg2);
msgpack_sbuffer_destroy (&sbufA);
msgpack_sbuffer_destroy (&sbufB);
msgpack_unpacker_destroy (&upkA);
msgpack_unpacker_destroy (&upkB);
mu_check (bad ? rv == SECFailure : rv == SECSuccess);
}
void mu_test__serial_client (void)
{
serial_client (0);
}
void mu_test__serial_client_bad1 (void)
{
serial_client (1);
}
void mu_test__serial_client_bad2 (void)
{
serial_client (2);
}
void mu_test__serial_client_bad3 (void)
{
serial_client (3);
}
void test_verify1 (int bad)
{
SECStatus rv = SECSuccess;
PrioPacketVerify1 v1 = NULL;
PrioPacketVerify1 v2 = NULL;
PrioConfig cfg = NULL;
P_CHECKA (cfg = PrioConfig_newTest (1));
P_CHECKA (v1 = PrioPacketVerify1_new());
P_CHECKA (v2 = PrioPacketVerify1_new());
mp_set (&v1->share_d, 4);
mp_set (&v1->share_e, 10);
msgpack_sbuffer sbuf;
msgpack_packer pk;
msgpack_unpacker upk;
msgpack_sbuffer_init (&sbuf);
msgpack_packer_init (&pk, &sbuf, msgpack_sbuffer_write);
P_CHECKC (PrioPacketVerify1_write (v1, &pk));
if (bad == 1) {
mp_set (&cfg->modulus, 6);
}
P_CHECKCB (msgpack_unpacker_init (&upk, 0));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upk, sbuf.size));
memcpy (msgpack_unpacker_buffer (&upk), sbuf.data, sbuf.size);
msgpack_unpacker_buffer_consumed (&upk, sbuf.size);
P_CHECKC (PrioPacketVerify1_read (v2, &upk, cfg));
mu_check (!mp_cmp (&v1->share_d, &v2->share_d));
mu_check (!mp_cmp (&v1->share_e, &v2->share_e));
mu_check (!mp_cmp_d (&v2->share_d, 4));
mu_check (!mp_cmp_d (&v2->share_e, 10));
cleanup:
mu_check (bad ? rv == SECFailure : rv == SECSuccess);
PrioConfig_clear (cfg);
PrioPacketVerify1_clear (v1);
PrioPacketVerify1_clear (v2);
msgpack_unpacker_destroy (&upk);
msgpack_sbuffer_destroy (&sbuf);
}
void mu_test_verify1_good (void)
{
test_verify1 (0);
}
void mu_test_verify1_bad (void)
{
test_verify1 (1);
}
void test_verify2 (int bad)
{
SECStatus rv = SECSuccess;
PrioPacketVerify2 v1 = NULL;
PrioPacketVerify2 v2 = NULL;
PrioConfig cfg = NULL;
P_CHECKA (cfg = PrioConfig_newTest (1));
P_CHECKA (v1 = PrioPacketVerify2_new());
P_CHECKA (v2 = PrioPacketVerify2_new());
mp_set (&v1->share_out, 4);
msgpack_sbuffer sbuf;
msgpack_packer pk;
msgpack_unpacker upk;
msgpack_sbuffer_init (&sbuf);
msgpack_packer_init (&pk, &sbuf, msgpack_sbuffer_write);
P_CHECKC (PrioPacketVerify2_write (v1, &pk));
if (bad == 1) {
mp_set (&cfg->modulus, 4);
}
P_CHECKCB (msgpack_unpacker_init (&upk, 0));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upk, sbuf.size));
memcpy (msgpack_unpacker_buffer (&upk), sbuf.data, sbuf.size);
msgpack_unpacker_buffer_consumed (&upk, sbuf.size);
P_CHECKC (PrioPacketVerify2_read (v2, &upk, cfg));
mu_check (!mp_cmp (&v1->share_out, &v2->share_out));
mu_check (!mp_cmp_d (&v2->share_out, 4));
cleanup:
mu_check (bad ? rv == SECFailure : rv == SECSuccess);
PrioConfig_clear (cfg);
PrioPacketVerify2_clear (v1);
PrioPacketVerify2_clear (v2);
msgpack_unpacker_destroy (&upk);
msgpack_sbuffer_destroy (&sbuf);
}
void mu_test_verify2_good (void)
{
test_verify2 (0);
}
void mu_test_verify2_bad (void)
{
test_verify2 (1);
}
void test_total_share (int bad)
{
SECStatus rv = SECSuccess;
PrioTotalShare t1 = NULL;
PrioTotalShare t2 = NULL;
PrioConfig cfg = NULL;
P_CHECKA (cfg = PrioConfig_newTest ((bad == 2 ? 4 : 3)));
P_CHECKA (t1 = PrioTotalShare_new ());
P_CHECKA (t2 = PrioTotalShare_new ());
t1->idx = PRIO_SERVER_A;
P_CHECKC (MPArray_resize (t1->data_shares, 3));
mp_set (&t1->data_shares->data[0], 10);
mp_set (&t1->data_shares->data[1], 20);
mp_set (&t1->data_shares->data[2], 30);
msgpack_sbuffer sbuf;
msgpack_packer pk;
msgpack_unpacker upk;
msgpack_sbuffer_init (&sbuf);
msgpack_packer_init (&pk, &sbuf, msgpack_sbuffer_write);
P_CHECKC (PrioTotalShare_write (t1, &pk));
if (bad == 1) {
mp_set (&cfg->modulus, 4);
}
P_CHECKCB (msgpack_unpacker_init (&upk, 0));
P_CHECKCB (msgpack_unpacker_reserve_buffer (&upk, sbuf.size));
memcpy (msgpack_unpacker_buffer (&upk), sbuf.data, sbuf.size);
msgpack_unpacker_buffer_consumed (&upk, sbuf.size);
P_CHECKC (PrioTotalShare_read (t2, &upk, cfg));
mu_check (t1->idx == t2->idx);
mu_check (MPArray_areEqual (t1->data_shares, t2->data_shares));
cleanup:
mu_check (bad ? rv == SECFailure : rv == SECSuccess);
PrioConfig_clear (cfg);
PrioTotalShare_clear (t1);
PrioTotalShare_clear (t2);
msgpack_unpacker_destroy (&upk);
msgpack_sbuffer_destroy (&sbuf);
}
void mu_test_total_good (void)
{
test_total_share (0);
}
void mu_test_total_bad1 (void)
{
test_total_share (1);
}
void mu_test_total_bad2 (void)
{
test_total_share (2);
}

298
third_party/prio/ptest/server_test.c поставляемый
Просмотреть файл

@ -1,298 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include <mprio.h>
#include "mutest.h"
#include "prio/client.h"
#include "prio/server.h"
#include "prio/server.c"
void mu_test__eval_poly (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
MPArray coeffs = NULL;
mp_int eval_at, out;
MP_DIGITS (&eval_at) = NULL;
MP_DIGITS (&out) = NULL;
P_CHECKA (cfg = PrioConfig_newTest (54));
P_CHECKA (coeffs = MPArray_new (3));
mp_set (&coeffs->data[0], 2);
mp_set (&coeffs->data[1], 8);
mp_set (&coeffs->data[2], 3);
MP_CHECKC (mp_init (&eval_at));
MP_CHECKC (mp_init (&out));
mp_set (&eval_at, 7);
const int val = 3*7*7 + 8*7 + 2;
mu_check (poly_eval (&out, coeffs, &eval_at, cfg) == SECSuccess);
mu_check (mp_cmp_d (&out, val) == 0);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&out);
mp_clear (&eval_at);
MPArray_clear (coeffs);
PrioConfig_clear (cfg);
}
void
mu_test__verify_new (void)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
unsigned char *for_a = NULL;
unsigned char *for_b = NULL;
mp_int fR, gR, hR;
MP_DIGITS (&fR) = NULL;
MP_DIGITS (&gR) = NULL;
MP_DIGITS (&hR) = NULL;
PrioPRGSeed seed;
P_CHECKC (PrioPRGSeed_randomize (&seed));
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
P_CHECKA (cfg = PrioConfig_new (214, pkA, pkB,
(unsigned char *)"testbatch", 9));
const int ndata = PrioConfig_numDataFields (cfg);
{
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
P_CHECKA (sA = PrioServer_new (cfg, 0, skA, seed));
P_CHECKA (sB = PrioServer_new (cfg, 1, skB, seed));
unsigned int aLen, bLen;
P_CHECKC (PrioClient_encode (cfg, data_items, &for_a, &aLen, &for_b, &bLen));
MP_CHECKC (mp_init (&fR));
MP_CHECKC (mp_init (&gR));
MP_CHECKC (mp_init (&hR));
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
P_CHECKC (PrioVerifier_set_data (vA, for_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_b, bLen));
PrioPacketClient pA = vA->clientp;
PrioPacketClient pB = vB->clientp;
MP_CHECKC (mp_addmod (&pA->f0_share, &pB->f0_share, &cfg->modulus, &fR));
MP_CHECKC (mp_addmod (&pA->g0_share, &pB->g0_share, &cfg->modulus, &gR));
MP_CHECKC (mp_addmod (&pA->h0_share, &pB->h0_share, &cfg->modulus, &hR));
MP_CHECKC (mp_mulmod (&fR, &gR, &cfg->modulus, &fR));
mu_check (mp_cmp (&fR, &hR) == 0);
MP_CHECKC (mp_addmod (&vA->share_fR, &vB->share_fR, &cfg->modulus, &fR));
MP_CHECKC (mp_addmod (&vA->share_gR, &vB->share_gR, &cfg->modulus, &gR));
MP_CHECKC (mp_addmod (&vA->share_hR, &vB->share_hR, &cfg->modulus, &hR));
MP_CHECKC (mp_mulmod (&fR, &gR, &cfg->modulus, &fR));
//puts ("fR");
//mp_print (&fR, stdout);
//puts ("hR");
//mp_print (&hR, stdout);
mu_check (mp_cmp (&fR, &hR) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
if (for_a) free (for_a);
if (for_b) free (for_b);
mp_clear (&fR);
mp_clear (&gR);
mp_clear (&hR);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
}
void
verify_full (int tweak)
{
SECStatus rv = SECSuccess;
PublicKey pkA = NULL;
PublicKey pkB = NULL;
PrivateKey skA = NULL;
PrivateKey skB = NULL;
PrioConfig cfg = NULL;
PrioServer sA = NULL;
PrioServer sB = NULL;
PrioVerifier vA = NULL;
PrioVerifier vB = NULL;
PrioPacketVerify1 p1A = NULL;
PrioPacketVerify1 p1B = NULL;
PrioPacketVerify2 p2A = NULL;
PrioPacketVerify2 p2B = NULL;
unsigned char *for_a = NULL;
unsigned char *for_b = NULL;
mp_int fR, gR, hR;
MP_DIGITS (&fR) = NULL;
MP_DIGITS (&gR) = NULL;
MP_DIGITS (&hR) = NULL;
PrioPRGSeed seed;
P_CHECKC (PrioPRGSeed_randomize (&seed));
P_CHECKC (Keypair_new (&skA, &pkA));
P_CHECKC (Keypair_new (&skB, &pkB));
P_CHECKA (cfg = PrioConfig_new (47, pkA, pkB, (unsigned char *)"test4", 5));
const int ndata = PrioConfig_numDataFields (cfg);
{
bool data_items[ndata];
for (int i=0; i < ndata; i++) {
// Arbitrary data
data_items[i] = (i % 3 == 1) || (i % 5 == 3);
}
P_CHECKA (sA = PrioServer_new (cfg, 0, skA, seed));
P_CHECKA (sB = PrioServer_new (cfg, 1, skB, seed));
unsigned int aLen, bLen;
P_CHECKC (PrioClient_encode (cfg, data_items, &for_a, &aLen, &for_b, &bLen));
if (tweak == 5) {
for_a[3] = 3;
for_a[4] = 4;
}
P_CHECKA (vA = PrioVerifier_new (sA));
P_CHECKA (vB = PrioVerifier_new (sB));
P_CHECKC (PrioVerifier_set_data (vA, for_a, aLen));
P_CHECKC (PrioVerifier_set_data (vB, for_b, bLen));
if (tweak == 3) {
mp_add_d (&vA->share_fR, 1, &vA->share_fR);
}
if (tweak == 4) {
mp_add_d (&vB->share_gR, 1, &vB->share_gR);
}
P_CHECKA (p1A = PrioPacketVerify1_new ());
P_CHECKA (p1B = PrioPacketVerify1_new ());
P_CHECKC (PrioPacketVerify1_set_data (p1A, vA));
P_CHECKC (PrioPacketVerify1_set_data (p1B, vB));
if (tweak == 1) {
mp_add_d (&p1B->share_d, 1, &p1B->share_d);
}
P_CHECKA (p2A = PrioPacketVerify2_new ());
P_CHECKA (p2B = PrioPacketVerify2_new ());
P_CHECKC (PrioPacketVerify2_set_data (p2A, vA, p1A, p1B));
P_CHECKC (PrioPacketVerify2_set_data (p2B, vB, p1A, p1B));
if (tweak == 2) {
mp_add_d (&p2A->share_out, 1, &p2B->share_out);
}
int shouldBe = tweak ? SECFailure : SECSuccess;
mu_check (PrioVerifier_isValid (vA, p2A, p2B) == shouldBe);
mu_check (PrioVerifier_isValid (vB, p2A, p2B) == shouldBe);
}
cleanup:
if (!tweak) {
mu_check (rv == SECSuccess);
}
if (for_a) free (for_a);
if (for_b) free (for_b);
PrioPacketVerify2_clear (p2A);
PrioPacketVerify2_clear (p2B);
PrioPacketVerify1_clear (p1A);
PrioPacketVerify1_clear (p1B);
PrioVerifier_clear (vA);
PrioVerifier_clear (vB);
PrioServer_clear (sA);
PrioServer_clear (sB);
PrioConfig_clear (cfg);
PublicKey_clear (pkA);
PublicKey_clear (pkB);
PrivateKey_clear (skA);
PrivateKey_clear (skB);
}
void
mu_test__verify_full_good (void)
{
verify_full (0);
}
void
mu_test__verify_full_bad1 (void)
{
verify_full (1);
}
void
mu_test__verify_full_bad2 (void)
{
verify_full (2);
}
void
mu_test__verify_full_bad3 (void)
{
verify_full (3);
}
void
mu_test__verify_full_bad4 (void)
{
verify_full (4);
}
void
mu_test__verify_full_bad5 (void)
{
verify_full (5);
}

91
third_party/prio/ptest/share_test.c поставляемый
Просмотреть файл

@ -1,91 +0,0 @@
/*
* Copyright (c) 2018, Henry Corrigan-Gibbs
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <mpi.h>
#include <mprio.h>
#include "prio/client.h"
#include "prio/config.h"
#include "prio/mparray.h"
#include "prio/share.h"
#include "prio/util.h"
#include "mutest.h"
void
mu_test_share (void)
{
SECStatus rv = SECSuccess;
PrioConfig cfg = NULL;
mp_int a, b, c;
BeaverTriple t1 = NULL, t2 = NULL;
MP_DIGITS (&a) = NULL;
MP_DIGITS (&b) = NULL;
MP_DIGITS (&c) = NULL;
P_CHECKA (cfg = PrioConfig_newTest (93));
P_CHECKA (t1 = BeaverTriple_new ());
P_CHECKA (t2 = BeaverTriple_new ());
mu_check (BeaverTriple_set_rand (cfg, t1, t2) == SECSuccess);
MP_CHECKC (mp_init (&a));
MP_CHECKC (mp_init (&b));
MP_CHECKC (mp_init (&c));
mu_check (mp_addmod (&t1->a, &t2->a, &cfg->modulus, &a) == MP_OKAY);
mu_check (mp_addmod (&t1->b, &t2->b, &cfg->modulus, &b) == MP_OKAY);
mu_check (mp_addmod (&t1->c, &t2->c, &cfg->modulus, &c) == MP_OKAY);
mu_check (mp_mulmod (&a, &b, &cfg->modulus, &a) == MP_OKAY);
mu_check (mp_cmp (&a, &c) == 0);
cleanup:
mu_check (rv == SECSuccess);
mp_clear (&a);
mp_clear (&b);
mp_clear (&c);
PrioConfig_clear (cfg);
BeaverTriple_clear (t1);
BeaverTriple_clear (t2);
}
void
mu_test_arr (void)
{
SECStatus rv = SECSuccess;
MPArray arr = NULL;
MPArray arr2 = NULL;
P_CHECKA (arr = MPArray_new (10));
P_CHECKA (arr2 = MPArray_new (7));
for (int i=0; i<10; i++) {
mp_set (&arr->data[i], i);
}
P_CHECKC (MPArray_resize (arr, 15));
for (int i=10; i<15; i++) {
mu_check (mp_cmp_d (&arr->data[i], 0) == 0);
mp_set (&arr->data[i], i);
}
P_CHECKC (MPArray_resize (arr, 7));
for (int i=10; i<7; i++) {
mu_check (mp_cmp_d (&arr->data[i], i) == 0);
}
P_CHECKC (MPArray_copy (arr2, arr));
for (int i=10; i<7; i++) {
mu_check (mp_cmp (&arr->data[i], &arr2->data[i]) == 0);
}
cleanup:
mu_check (rv == SECSuccess);
MPArray_clear (arr);
MPArray_clear (arr2);
}

22
third_party/prio/update.sh поставляемый
Просмотреть файл

@ -1,20 +1,18 @@
#!/bin/sh
# Script to update the mozilla in-tree copy of the Prio library.
# Run this within the /third_party/prio directory of the source tree.
# Script to update the mozilla in-tree copy of the libprio library.
# Run this within the /third_party/libprio directory of the source tree.
MY_TEMP_DIR=`mktemp -d -t libprio_update.XXXXXX` || exit 1
VERSION=1.0
COMMIT="488da2d729d73f18ed45add59edd18b257e1ceaa"
git clone https://github.com/mozilla/libprio ${MY_TEMP_DIR}/libprio
git -C ${MY_TEMP_DIR}/libprio checkout ${VERSION}
git clone -n https://github.com/mozilla/libprio ${MY_TEMP_DIR}/libprio
git -C ${MY_TEMP_DIR}/libprio checkout ${COMMIT}
COMMIT=$(git -C ${MY_TEMP_DIR}/libprio rev-parse HEAD)
perl -p -i -e "s/(\d+\.)(\d+\.)(\d+)/${VERSION}/" README-mozilla;
perl -p -i -e "s/\[commit [0-9a-f]{40}\]/[commit ${COMMIT}]/" README-mozilla;
FILES="LICENSE README.md SConstruct browser-test include pclient prio ptest"
FILES="include prio"
VERSION=$(git -C ${MY_TEMP_DIR}/libprio describe --tags)
perl -p -i -e "s/Current version: \S+ \[commit [0-9a-f]{40}\]/Current version: ${VERSION} [commit ${COMMIT}]/" README-mozilla
for f in $FILES; do
rm -rf $f
@ -24,9 +22,9 @@ done
rm -rf ${MY_TEMP_DIR}
hg revert -r . moz.build
hg addremove
hg addremove .
echo "###"
echo "### Updated Prio to $COMMIT."
echo "### Updated libprio to $COMMIT."
echo "### Remember to verify and commit the changes to source control!"
echo "###"