frosix-httpd_common.c (8546B)
1 /* 2 This file is part of Frosix 3 Copyright (C) 2022, 2023 Joel Urech 4 5 Frosix is free software; you can redistribute it and/or modify it under the 6 terms of the GNU Affero General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 Frosix is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. 12 13 You should have received a copy of the GNU Affero General Public License along with 14 Frosix; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 /** 17 * @file backend/frosix-httpd_dkg-commitment_common.c 18 * @brief functions to handle incoming requests on /seed 19 * @author Joel Urech 20 */ 21 #include "frosix-httpd_dkg.h" 22 #include "frosix_service.h" 23 #include "keygen.h" 24 #include "frost_low.h" 25 #include <taler/taler_util.h> 26 #include <gnunet/gnunet_util_lib.h> 27 28 29 static enum GNUNET_GenericReturnValue 30 generate_commitment_and_shares ( 31 struct FROST_DkgCommitment *dkg_comm, 32 struct FROST_DkgShare dkg_shares[], 33 const struct FROST_DkgContextString *context_string, 34 const struct FROST_HashCode *additional_data, 35 uint8_t identifier, 36 uint8_t threshold, 37 uint8_t num_of_participants) 38 { 39 if (GNUNET_OK != FROST_initialize_dkg_commitment (dkg_comm, 40 identifier, 41 threshold)) 42 return GNUNET_NO; 43 44 return FROST_keygen_begin (dkg_comm, 45 dkg_shares, 46 context_string, 47 additional_data, 48 identifier, 49 num_of_participants, 50 threshold); 51 } 52 53 enum GNUNET_GenericReturnValue 54 FROSIX_dkg_commitment_generate_ ( 55 struct FROST_DkgCommitment *dkg_comm, 56 const struct FROST_DkgContextString *context_string, 57 const struct FROST_HashCode *additional_data, 58 uint8_t identifier, 59 uint8_t threshold, 60 uint8_t num_of_participants) 61 { 62 struct FROST_DkgShare dkg_shares[num_of_participants]; 63 64 enum GNUNET_GenericReturnValue ret = generate_commitment_and_shares (dkg_comm, 65 dkg_shares, 66 context_string, 67 additional_data, 68 identifier, 69 threshold, 70 num_of_participants); 71 72 return ret; 73 } 74 75 enum GNUNET_GenericReturnValue 76 FROSIX_dkg_shares_generate_ ( 77 struct FROST_DkgShare dkg_shares[], 78 const struct FROST_DkgContextString *context_string, 79 const struct FROST_HashCode *additional_data, 80 uint8_t identifier, 81 uint8_t threshold, 82 uint8_t num_of_participants) 83 { 84 struct FROST_DkgCommitment dkg_comm; 85 86 enum GNUNET_GenericReturnValue ret = 87 generate_commitment_and_shares (&dkg_comm, 88 dkg_shares, 89 context_string, 90 additional_data, 91 identifier, 92 threshold, 93 num_of_participants); 94 95 FROST_free_dkg_commitment (&dkg_comm, 96 1); 97 98 return ret; 99 } 100 101 enum GNUNET_GenericReturnValue 102 FROSIX_dkg_derive_context_string_ ( 103 struct FROST_DkgContextString *resulting_context_string, 104 uint8_t provider_index, 105 uint8_t threshold, 106 const struct FROSIX_DkgContextStringP *input_context_string, 107 const struct FROSIX_ChallengeHashP *challenge_hash, 108 const struct GNUNET_CRYPTO_EddsaPublicKey provider_public_keys[], 109 size_t length, 110 const struct FROSIX_SecretProviderSaltP *secret_provider_salt) 111 { 112 /* get hash of all public keys, concatenated with provider index and threshold 113 */ 114 struct GNUNET_HashContext *hash_context = GNUNET_CRYPTO_hash_context_start (); 115 116 for (unsigned int i = 0; i < length; i++) 117 { 118 GNUNET_CRYPTO_hash_context_read (hash_context, 119 &provider_public_keys[i], 120 sizeof (*provider_public_keys)); 121 } 122 GNUNET_CRYPTO_hash_context_read (hash_context, 123 &provider_index, 124 sizeof (provider_index)); 125 GNUNET_CRYPTO_hash_context_read (hash_context, 126 &threshold, 127 sizeof (threshold)); 128 129 struct GNUNET_HashCode pk_hash; 130 GNUNET_CRYPTO_hash_context_finish (hash_context, 131 &pk_hash); 132 133 /* derive entropy for our key generation */ 134 return GNUNET_CRYPTO_kdf (resulting_context_string, 135 sizeof (*resulting_context_string), 136 secret_provider_salt, 137 sizeof (*secret_provider_salt), 138 input_context_string, 139 sizeof (*input_context_string), 140 challenge_hash, 141 sizeof (*challenge_hash), 142 &pk_hash, 143 sizeof (pk_hash), 144 NULL); 145 } 146 147 enum GNUNET_GenericReturnValue 148 FROSIX_dkg_validate_request_id_ ( 149 const struct FROSIX_DkgRequestIdP *request_id, 150 const struct FROSIX_DkgContextStringP *context_string, 151 const struct FROSIX_ChallengeHashP *challenge_hash, 152 const struct FROSIX_ProviderSaltP *provider_salt, 153 uint8_t identifier, 154 uint8_t num_of_participants, 155 uint8_t threshold) 156 { 157 /* is request_id == H(context_string || 158 auth_data_hash_salted || 159 identifier || 160 num_of_participants || 161 threshold || 162 public_server_salt || 163 "FROSIX-DKG" )*/ 164 struct FROST_HashState check_id_state; 165 struct FROST_HashCode check_id; 166 167 FROST_hash_init (&check_id_state); 168 FROST_hash_hash_update (&check_id_state, 169 &context_string->hash); 170 FROST_hash_fixed_update (&check_id_state, 171 &challenge_hash->hash, 172 sizeof (*challenge_hash)); 173 FROST_hash_uint8_update (&check_id_state, 174 identifier); 175 FROST_hash_uint8_update (&check_id_state, 176 num_of_participants); 177 FROST_hash_uint8_update (&check_id_state, 178 threshold); 179 FROST_hash_fixed_update (&check_id_state, 180 provider_salt, 181 sizeof (*provider_salt)); 182 FROST_hash_fixed_update (&check_id_state, 183 "FROSIX-DKG-ID", 184 strlen ("FROSIX-DKG-ID")); 185 FROST_hash_final (&check_id_state, 186 &check_id); 187 188 return FROST_hash_cmp (&request_id->id, 189 &check_id); 190 } 191 192 void 193 FROSIX_raw_key_to_struct (struct FROST_KeyPair *key_pair, 194 const struct FROSIX_KeyDataRaw *decrypted) 195 { 196 memcpy (&key_pair->my_sk, 197 &decrypted->bytes[0], 198 sizeof (key_pair->my_sk)); 199 memcpy (&key_pair->group_pk, 200 &decrypted->bytes[sizeof (key_pair->my_sk)], 201 sizeof (key_pair->my_pk)); 202 FROST_base_mul_scalar (&key_pair->my_pk, 203 &key_pair->my_sk); 204 } 205 206 207 void 208 FROSIX_compute_db_commitment_id (struct GNUNET_HashCode *db_id, 209 const struct FROST_HashCode *enc_key_hash, 210 const struct FROST_Commitment *commitment) 211 { 212 struct GNUNET_HashContext *hc = GNUNET_CRYPTO_hash_context_start (); 213 GNUNET_CRYPTO_hash_context_read (hc, 214 enc_key_hash, 215 sizeof (*enc_key_hash)); 216 GNUNET_CRYPTO_hash_context_read (hc, 217 &commitment->hiding_commitment, 218 sizeof (commitment->hiding_commitment)); 219 GNUNET_CRYPTO_hash_context_read (hc, 220 &commitment->binding_commitment, 221 sizeof (commitment->binding_commitment)); 222 GNUNET_CRYPTO_hash_context_finish (hc, 223 db_id); 224 }