// PointDecodeFrom provides a generic implementation of Point.DecodeFrom,
// based on Point.Decode, or Point.Pick if r is a Cipher or cipher.Stream.
// The returned byte-count is valid only when decoding from a normal Reader,
// not when picking from a pseudorandom source.
func PointUnmarshalFrom(p abstract.Point, r io.Reader) (int, error) {
if strm, ok := r.(cipher.Stream); ok {
p.Pick(nil, strm)
return -1, nil // no byte-count when picking randomly
}
buf := make([]byte, p.MarshalSize())
n, err := io.ReadFull(r, buf)
if err != nil {
return n, err
}
return n, p.UnmarshalBinary(buf)
}
// ConstructTree does a depth-first construction of the tree specified in the
// config file. ConstructTree must be called AFTER populating the HostConfig with
// ALL the possible hosts.
func ConstructTree(
n *Node,
hc *HostConfig,
parent string,
suite abstract.Suite,
rand cipher.Stream,
hosts map[string]coconet.Host,
nameToAddr map[string]string,
opts ConfigOptions) (int, error) {
// passes up its X_hat, and/or an error
// get the name associated with this address
name, ok := nameToAddr[n.Name]
if !ok {
fmt.Println("unknown name in address book:", n.Name)
return 0, errors.New("unknown name in address book")
}
// generate indicates whether we should generate the signing
// node for this hostname
generate := opts.Host == "" || opts.Host == name
// check to make sure the this hostname is in the tree
// it can be backed by a nil pointer
h, ok := hosts[name]
if !ok {
fmt.Println("unknown host in tree:", name)
return 0, errors.New("unknown host in tree")
}
var prikey abstract.Secret
var pubkey abstract.Point
var sn *sign.Node
// if the JSON holds the fields field is set load from there
if len(n.PubKey) != 0 {
// log.Println("decoding point")
encoded, err := hex.DecodeString(string(n.PubKey))
if err != nil {
log.Print("failed to decode hex from encoded")
return 0, err
}
pubkey = suite.Point()
err = pubkey.UnmarshalBinary(encoded)
if err != nil {
log.Print("failed to decode point from hex")
return 0, err
}
// log.Println("decoding point")
encoded, err = hex.DecodeString(string(n.PriKey))
if err != nil {
log.Print("failed to decode hex from encoded")
return 0, err
}
prikey = suite.Secret()
err = prikey.UnmarshalBinary(encoded)
if err != nil {
log.Print("failed to decode point from hex")
return 0, err
}
}
if generate {
if prikey != nil {
// if we have been given a private key load that
aux := sign.NewKeyedNode(h, suite, prikey)
aux.GenSetPool()
hc.SNodes = append(hc.SNodes, aux)
h.SetPubKey(pubkey)
} else {
// otherwise generate a random new one
sn := sign.NewNode(h, suite, rand)
sn.GenSetPool()
hc.SNodes = append(hc.SNodes, sn)
h.SetPubKey(sn.PubKey)
}
sn = hc.SNodes[len(hc.SNodes)-1]
hc.Hosts[name] = sn
if prikey == nil {
prikey = sn.PrivKey
pubkey = sn.PubKey
}
// log.Println("pubkey:", sn.PubKey)
// log.Println("given: ", pubkey)
}
// if the parent of this call is empty then this must be the root node
if parent != "" && generate {
h.AddParent(0, parent)
}
// log.Println("name: ", n.Name)
// log.Println("prikey: ", prikey)
// log.Println("pubkey: ", pubkey)
height := 0
for _, c := range n.Children {
// connect this node to its children
cname, ok := nameToAddr[c.Name]
if !ok {
fmt.Println("unknown name in address book:", n.Name)
return 0, errors.New("unknown name in address book")
}
if generate {
h.AddChildren(0, cname)
}
// recursively construct the children
// log.Print("ConstructTree:", h, suite, rand, hosts, nameToAddr, opts)
h, err := ConstructTree(c, hc, name, suite, rand, hosts, nameToAddr, opts)
if err != nil {
return 0, err
}
height = max(h+1, height)
// if generating all csn will be availible
}
if generate {
sn.Height = height
}
// log.Println("name: ", n.Name)
// log.Println("final x_hat: ", x_hat)
// log.Println("final pubkey: ", pubkey)
return height, nil
}
func handleAnnouncement(params map[string]interface{}) {
var g abstract.Point = nil
keyList := util.ProtobufDecodePointList(params["keys"].([]byte))
valList := params["vals"].([]util.ByteArray)
size := len(keyList)
if val, ok := params["g"]; ok {
// contains g
byteG := val.([]byte)
g = anonServer.Suite.Point()
g.UnmarshalBinary(byteG)
g = anonServer.Suite.Point().Mul(g, anonServer.Roundkey)
// verify the previous shuffle
verifyNeffShuffle(params)
} else {
g = anonServer.Suite.Point().Mul(nil, anonServer.Roundkey)
}
X1 := make([]abstract.Point, 1)
X1[0] = anonServer.PublicKey
newKeys := make([]abstract.Point, size)
newVals := make([][]byte, size)
for i := 0; i < len(keyList); i++ {
// encrypt the public key using modPow
newKeys[i] = anonServer.Suite.Point().Mul(keyList[i], anonServer.Roundkey)
// decrypt the reputation using ElGamal algorithm
MM, err := anon.Decrypt(anonServer.Suite, valList[i].Arr, anon.Set(X1), 0, anonServer.PrivateKey, false)
util.CheckErr(err)
newVals[i] = MM
// update key map
anonServer.KeyMap[newKeys[i].String()] = keyList[i]
}
byteNewKeys := util.ProtobufEncodePointList(newKeys)
byteNewVals := util.SerializeTwoDimensionArray(newVals)
byteG, err := g.MarshalBinary()
util.CheckErr(err)
if size <= 1 {
// no need to shuffle, just send the package to next server
pm := map[string]interface{}{
"keys": byteNewKeys,
"vals": byteNewVals,
"g": byteG,
}
event := &proto.Event{proto.ANNOUNCEMENT, pm}
util.Send(anonServer.Socket, anonServer.NextHop, util.Encode(event))
return
}
Xori := make([]abstract.Point, len(newVals))
for i := 0; i < size; i++ {
Xori[i] = anonServer.Suite.Point().Mul(nil, anonServer.PrivateKey)
}
byteOri := util.ProtobufEncodePointList(Xori)
rand := anonServer.Suite.Cipher(abstract.RandomKey)
// *** perform neff shuffle here ***
Xbar, Ybar, _, Ytmp, prover := neffShuffle(Xori, newKeys, rand)
prf, err := proof.HashProve(anonServer.Suite, "PairShuffle", rand, prover)
util.CheckErr(err)
// this is the shuffled key
finalKeys := convertToOrigin(Ybar, Ytmp)
finalVals := rebindReputation(newKeys, newVals, finalKeys)
// send data to the next server
byteXbar := util.ProtobufEncodePointList(Xbar)
byteYbar := util.ProtobufEncodePointList(Ybar)
byteFinalKeys := util.ProtobufEncodePointList(finalKeys)
byteFinalVals := util.SerializeTwoDimensionArray(finalVals)
bytePublicKey, _ := anonServer.PublicKey.MarshalBinary()
// prev keys means the key before shuffle
pm := map[string]interface{}{
"xbar": byteXbar,
"ybar": byteYbar,
"keys": byteFinalKeys,
"vals": byteFinalVals,
"proof": prf,
"prev_keys": byteOri,
"prev_vals": byteNewKeys,
"shuffled": true,
"public_key": bytePublicKey,
"g": byteG,
}
event := &proto.Event{proto.ANNOUNCEMENT, pm}
util.Send(anonServer.Socket, anonServer.NextHop, util.Encode(event))
}
