Merge 73efc2c into 6adaa7c

.travis.yml

@@ -1,14 +1,43 @@
 language: c
 compiler: gcc
-dist: bionic
+dist: trusty
+
 services:
   - docker
 
+addons:
+  sonarcloud:
+    organization: "apache"
+    token:
+      secure: "FjYjuVZ4OJXdktJJCjernblRou1AMnHmr1/wLpjQ/L2f+1mVHNwxJDg3hpeq9yD7GiL038x+KkQoOL+wazlZYEnhve1HOG6kmdgAwAsx+BysiDzIdEuz7fBKlaKXkK/nWh/TSo2+wSry35pYXf+wDJybyp0FiN643lL8A8ATC19MFRYfvgyrpPhk3mIYQBnpHwPLlBmFChlakHkhNJy+mfHJBdVxVQ4b7z7Kdm8OYYyXwwCxQKLNSnZ5UI6DfgCyGFBM2aFpjpK2Duok/YdtjvLdks52cG/52LVqOAKYSr80lEmpAyxKxvMbO6yYzrOvxh2uepk9nWHFVF1GeT9lgU4v6EyMVJ13zknbo0JhF2WwwKk4ws4k2D8yPkwC2HD/cPyANVqYGku+wTdEtgrwhvlAIVT9gCLp3sJDrjwE57xMkaLDHpcw9yd5OerJoMwJ0koPnBpx/KtforkeGbpNgXxYnWGA++rfHumVd4Vp2e9mzDoQF5XvuWNnfx+q8F516d96qeQtPV6pfx7t45lB6fQs6etGOqE60g3K2sWw872iosmjYzygnIYhMHPCWfiK+qKPwhddzuo+zldGd/CY+2+IjM1dlWCiMxjwEXdXjnNP+iJwXui35PqDG8eKiqcfL+Co0JiK/PrK4LDbuoQSjrjX78hsX6icdqulhQfQ+0Q="
+
 install:
   - gem install coveralls-lcov
 
 jobs:
   include:
+  - stage: sonar
+    script:
+    - echo "Run static code analysis"
+    - git clone https://github.com/apache/incubator-milagro-crypto-c.git 
+    - cd incubator-milagro-crypto-c
+    - mkdir build
+    - cd build
+    - cmake -D CMAKE_BUILD_TYPE=Release -D BUILD_SHARED_LIBS=ON -D AMCL_CHUNK=64 -D AMCL_CURVE="BLS381,SECP256K1" -D AMCL_RSA="" -D BUILD_PAILLIER=ON -D BUILD_PYTHON=OFF -D BUILD_BLS=ON -D BUILD_WCC=OFF -D BUILD_MPIN=OFF -D BUILD_X509=OFF -D CMAKE_INSTALL_PREFIX=/usr/local .. 
+    - make
+    - sudo make install
+    - cd ../..
+    - rm -rf python
+    - mkdir build
+    - cd build
+    - cmake -D BUILD_TESTS=OFF -D BUILD_EXAMPLES=OFF -D BUILD_BENCHMARK=OFF -D BUILD_PYTHON=OFF -D BUILD_DOXYGEN=OFF ..
+    - build-wrapper-linux-x86-64 --out-dir bw-output make
+    - mv bw-output ..
+    - cd ..
+    - rm -rf test
+    - rm -rf examples
+    - rm -rf benchmark    
+    - sonar-scanner -X  
   - stage: test
     script:
     - echo "Build docker image and run tests"

Dockerfile

@@ -39,20 +39,6 @@ RUN apt-get update && \
 
 RUN pip3 install cffi
 
-# install golang
-RUN cd /tmp && \
-    wget https://dl.google.com/go/go1.13.linux-amd64.tar.gz && \
-    tar -xzf go1.13.linux-amd64.tar.gz && \
-    cp -r go /usr/local && \
-    echo 'export PATH=$PATH:/usr/local/go/bin' >> /root/.bashrc
-
-# configure GO
-RUN mkdir -p /root/go/bin && \
-    mkdir -p /root/go/pkg && \
-    mkdir -p /root/go/src && \
-    echo 'export GOPATH=/root/go' >> /root/.bashrc && \
-    echo 'export PATH=$GOPATH/bin:$PATH' >> /root/.bashrc
-
 # install AMCL
 RUN git clone https://github.com/apache/incubator-milagro-crypto-c.git && \
     cd incubator-milagro-crypto-c && \

README.md

@@ -27,6 +27,8 @@
 [![Develop Build Status](https://travis-ci.org/apache/incubator-milagro-MPC.svg?branch=develop)](https://travis-ci.org/apache/incubator-milagro-MPC)
 [![Develop Coverage Status](https://coveralls.io/repos/github/apache/incubator-milagro-MPC/badge.svg?branch=develop)](https://coveralls.io/github/apache/incubator-milagro-MPC?branch=develop)
 
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=apache_incubator-milagro-MPC&metric=alert_status)](https://sonarcloud.io/dashboard?id=apache_incubator-milagro-MPC)
+
 * **category**:    Library
 * **copyright**:   2020 The Apache Software Foundation
 * **license**:     ASL 2.0 ([Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0))
@@ -107,20 +109,20 @@ via the file
 
 Build and run tests using docker
 
-```
+```sh
 docker build --no-cache -t libmpc .
 docker run --cap-add SYS_PTRACE --rm libmpc
 ```
 
 Generate coverage figures
 
-```
+```sh
 docker run --rm libmpc ./scripts/coverage.sh
 ```
 
 or copy to host
 
-```
+```sh
 CONTAINER_ID=$(docker run --cap-add SYS_PTRACE -d libmpc ./scripts/coverage.sh)
 docker logs $CONTAINER_ID
 docker cp ${CONTAINER_ID}:"/root/target/Coverage/coverage" ./

include/amcl/commitments.h

@@ -46,7 +46,7 @@ extern "C"
  * @param R     Decommitment value. If RNG is null then this value is read and must be 256 bit long
  * @param C     Commitment value
  */
-extern void COMMITMENTS_NM_commit(csprng *RNG, octet *X, octet *R, octet *C);
+extern void COMMITMENTS_NM_commit(csprng *RNG, const octet *X, octet *R, octet *C);
 
 /*! \brief Decommit the value X
  *
@@ -55,7 +55,7 @@ extern void COMMITMENTS_NM_commit(csprng *RNG, octet *X, octet *R, octet *C);
  * @param C     Commitment value
  * @return      Returns 1 for a valid decommitment, 0 otherwise
  */
-extern int COMMITMENTS_NM_decommit(octet* X, octet* R, octet* C);
+extern int COMMITMENTS_NM_decommit(const octet* X, const octet* R, octet* C);
 
 /* Bit Commitment Setup API */
 

include/amcl/mpc.h

@@ -56,7 +56,7 @@ extern "C" {
  *  @param R component of the signature
  *  @param S component of the signature
  */
-int MPC_ECDSA_SIGN(int sha, octet *K, octet *SK, octet *M, octet *R, octet *S);
+int MPC_ECDSA_SIGN(int sha, const octet *K, const octet *SK, octet *M, octet *R, octet *S);
 
 /** \brief ECDSA Verify signature
  *
@@ -68,7 +68,7 @@ int MPC_ECDSA_SIGN(int sha, octet *K, octet *SK, octet *M, octet *R, octet *S);
  *  @param  S                S component of signature
  *  @return                  Returns 0 or else error code
  */
-int MPC_ECDSA_VERIFY(octet *HM,octet *PK, octet *R,octet *S);
+int MPC_ECDSA_VERIFY(const octet *HM,octet *PK, octet *R,octet *S);
 
 /** \brief Calculate the inverse of the sum of kgamma values
  *
@@ -82,7 +82,7 @@ int MPC_ECDSA_VERIFY(octet *HM,octet *PK, octet *R,octet *S);
  *  @param KGAMMA2            Actor 2 additive share
  *  @param INVKGAMMA          Inverse of the sum of the additive shares
  */
-void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA);
+void MPC_INVKGAMMA(const octet *KGAMMA1, const octet *KGAMMA2, octet *INVKGAMMA);
 
 /** \brief R component
  *
@@ -101,7 +101,7 @@ void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA);
  *  @param  RP                ECP associated to the R component of the signature. Optional
  *  @return                   Returns 0 or else error code
  */
-int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
+int MPC_R(const octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
 
 /** \brief Hash the message value
  *
@@ -131,7 +131,7 @@ void MPC_HASH(int sha, octet *M, octet *HM);
  *  @param  S                 S component output
  *  @return                   Returns 0 or else error code
  */
-int MPC_S(octet *HM, octet *R, octet *K, octet *SIGMA, octet *S);
+int MPC_S(const octet *HM, const octet *R, const octet *K, const octet *SIGMA, octet *S);
 
 /** \brief Sum of ECDSA s components
  *
@@ -145,7 +145,7 @@ int MPC_S(octet *HM, octet *R, octet *K, octet *SIGMA, octet *S);
  *  @param  S2                Actor 2 ECDSA s component
  *  @param  S                 S component sum
  */
-void MPC_SUM_S(octet *S1, octet *S2, octet *S);
+void MPC_SUM_S(const octet *S1, const octet *S2, octet *S);
 
 /** \brief Sum of ECDSA public key shares
  *
@@ -184,7 +184,7 @@ int MPC_SUM_PK(octet *PK1, octet *PK2, octet *PK);
  *  @param A                  Second component of the player commitment. An ECP in compressed form
  *  @return                   Returns MPC_OK or an error code
  */
-extern int MPC_PHASE5_commit(csprng *RNG, octet *R, octet *S, octet *PHI, octet *RHO, octet *V, octet *A);
+extern int MPC_PHASE5_commit(csprng *RNG, octet *R, const octet *S, octet *PHI, octet *RHO, octet *V, octet *A);
 
 /** \brief Generate Proof for the MPC Phase 5
  *
@@ -209,7 +209,7 @@ extern int MPC_PHASE5_commit(csprng *RNG, octet *R, octet *S, octet *PHI, octet
  *  @param T                  Second component of the player proof. An ECP in compressed form
  *  @return                   Returns MPC_OK or an error code
  */
-extern int MPC_PHASE5_prove(octet *PHI, octet *RHO, octet *V[2], octet *A[2], octet *PK, octet *HM, octet *RX, octet *U, octet *T);
+extern int MPC_PHASE5_prove(const octet *PHI, const octet *RHO, octet *V[2], octet *A[2], octet *PK, const octet *HM, const octet *RX, octet *U, octet *T);
 
 /** \brief Verify Proof for the MPC Phase 5
  *

include/amcl/mta.h

@@ -105,7 +105,7 @@ void MPC_MTA_SERVER(csprng *RNG, PAILLIER_public_key *PUB, octet *B, octet *CA,
  *  @param BETA               Additive share of A2.B1
  *  @param SUM                The sum of all values
  */
-void MPC_SUM_MTA(octet *A, octet *B, octet *ALPHA, octet *BETA, octet *SUM);
+void MPC_SUM_MTA(const octet *A, const octet *B, const octet *ALPHA, const octet *BETA, octet *SUM);
 
 /* MTA Zero Knowledge Proofs API*/
 
@@ -191,7 +191,7 @@ extern void MTA_RP_commit(csprng *RNG, PAILLIER_private_key *key, COMMITMENTS_BC
  *  @param c           Commitment of the prover
  *  @param E           Destination challenge
  */
-extern void MTA_RP_challenge(PAILLIER_public_key *key, COMMITMENTS_BC_pub_modulus *mod, octet *CT, MTA_RP_commitment *c, octet *E);
+extern void MTA_RP_challenge(PAILLIER_public_key *key, COMMITMENTS_BC_pub_modulus *mod, const octet *CT, MTA_RP_commitment *c, octet *E);
 
 /** \brief Proof generation
  *
@@ -353,7 +353,7 @@ extern void MTA_ZK_commit(csprng *RNG, PAILLIER_public_key *key, COMMITMENTS_BC_
  *  @param c           Commitment of the prover
  *  @param E           Destination challenge
  */
-extern void MTA_ZK_challenge(PAILLIER_public_key *key, COMMITMENTS_BC_pub_modulus *mod, octet *C1, octet *C2, MTA_ZK_commitment *c, octet *E);
+extern void MTA_ZK_challenge(PAILLIER_public_key *key, COMMITMENTS_BC_pub_modulus *mod, const octet *C1, const octet *C2, MTA_ZK_commitment *c, octet *E);
 
 /** \brief Proof generation for Receiver ZKP
  *
@@ -510,7 +510,7 @@ extern void MTA_ZKWC_commit(csprng *RNG, PAILLIER_public_key *key, COMMITMENTS_B
  *  @param c           Commitment of the prover
  *  @param E           Destination challenge
  */
-extern void MTA_ZKWC_challenge(PAILLIER_public_key *key, COMMITMENTS_BC_pub_modulus *mod, octet *C1, octet *C2, octet *X, MTA_ZKWC_commitment *c, octet *E);
+extern void MTA_ZKWC_challenge(PAILLIER_public_key *key, COMMITMENTS_BC_pub_modulus *mod, const octet *C1, const octet *C2, const octet *X, MTA_ZKWC_commitment *c, octet *E);
 
 /** \brief Proof generation for Receiver ZKP with check
  *

include/amcl/schnorr.h

@@ -70,7 +70,7 @@ extern void SCHNORR_commit(csprng *RNG, octet *R, octet *C);
  * @param C     Public commitment value. Compressed form
  * @param E     Challenge generated
  */
-extern void SCHNORR_challenge(octet *V, octet *C, octet *E);
+extern void SCHNORR_challenge(const octet *V, const octet *C, octet *E);
 
 /*! \brief Generate the proof for the given commitment and challenge
  *
@@ -79,7 +79,7 @@ extern void SCHNORR_challenge(octet *V, octet *C, octet *E);
  * @param X     Secret exponent of the DLOG. V = x.G
  * @param P     Proof of knowldege of the DLOG
  */
-extern void SCHNORR_prove(octet *R, octet *E, octet *X, octet *P);
+extern void SCHNORR_prove(const octet *R, const octet *E, const octet *X, octet *P);
 
 /*! \brief Verify the proof of knowledge for the DLOG
  *
@@ -89,7 +89,7 @@ extern void SCHNORR_prove(octet *R, octet *E, octet *X, octet *P);
  * @param P     Proof received from the prover
  * @return      SCHNORR_OK if the prove is valid or an error code
  */
-extern int SCHNORR_verify(octet *V, octet *C, octet *E, octet *P);
+extern int SCHNORR_verify(octet *V, octet *C, const octet *E, const octet *P);
 
 /* Double Schnorr's proofs API */
 
@@ -118,7 +118,7 @@ extern int SCHNORR_D_commit(csprng *RNG, octet *R, octet *A, octet *B, octet *C)
  * @param C     Public commitment value. Compressed form
  * @param E     Challenge generated
  */
-extern void SCHNORR_D_challenge(octet *R, octet *V, octet *C, octet *E);
+extern void SCHNORR_D_challenge(const octet *R, const octet *V, const octet *C, octet *E);
 
 /*! \brief Generate the proof for the given commitment and challenge
  *
@@ -130,7 +130,7 @@ extern void SCHNORR_D_challenge(octet *R, octet *V, octet *C, octet *E);
  * @param T     First component of the proof of knowldege of the DLOG
  * @param U     Second component of the proof of knowldege of the DLOG
  */
-extern void SCHNORR_D_prove(octet *A, octet *B, octet *E, octet *S, octet *L, octet *T, octet *U);
+extern void SCHNORR_D_prove(const octet *A, const octet *B, const octet *E, const octet *S, const octet *L, octet *T, octet *U);
 
 /*! \brief Verify the proof of knowledge for the DLOG
  *
@@ -142,7 +142,7 @@ extern void SCHNORR_D_prove(octet *A, octet *B, octet *E, octet *S, octet *L, oc
  * @param U     Second component of the proof received
  * @return      SCHNORR_OK if the prove is valid or an error code
  */
-extern int SCHNORR_D_verify(octet *R, octet *V, octet *C, octet *E, octet *T, octet *U);
+extern int SCHNORR_D_verify(octet *R, octet *V, octet *C, const octet *E, const octet *T, const octet *U);
 
 #ifdef __cplusplus
 }

python/amcl/commitments.py

@@ -30,8 +30,8 @@
 
 _ffi = core_utils._ffi
 _ffi.cdef("""
-extern void COMMITMENTS_NM_commit(csprng *RNG, octet *X, octet *R, octet *C);
-extern int COMMITMENTS_NM_decommit(octet* X, octet* R, octet* C);
+extern void COMMITMENTS_NM_commit(csprng *RNG, const octet *X, octet *R, octet *C);
+extern int COMMITMENTS_NM_decommit(const octet* X, const octet* R, octet* C);
 """)
 
 if (platform.system() == 'Windows'):

python/amcl/mpc.py

@@ -57,16 +57,16 @@
 extern int  ECP_SECP256K1_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W);
 extern int  ECP_SECP256K1_PUBLIC_KEY_VALIDATE(octet *W);
 
-extern int MPC_ECDSA_VERIFY(octet *HM,octet *PK, octet *R,octet *S);
+extern int MPC_ECDSA_VERIFY(const octet *HM,octet *PK, octet *R,octet *S);
 extern void MPC_MTA_CLIENT1(csprng *RNG, PAILLIER_public_key* PUB, octet* A, octet* CA, octet* R);
 extern void MPC_MTA_CLIENT2(PAILLIER_private_key *PRIV, octet* CB, octet *ALPHA);
 extern void MPC_MTA_SERVER(csprng *RNG, PAILLIER_public_key *PUB, octet *B, octet *CA, octet *Z, octet *R, octet *CB, octet *BETA);
 extern void MPC_SUM_MTA(octet *A, octet *B, octet *ALPHA, octet *BETA, octet *SUM);
-extern void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA);
-extern extern int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
+extern void MPC_INVKGAMMA(const octet *KGAMMA1, const octet *KGAMMA2, octet *INVKGAMMA);
+extern int MPC_R(const octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
 extern void MPC_HASH(int sha, octet *M, octet *HM);
-extern int MPC_S(octet *HM, octet *R, octet *K, octet *SIGMA, octet *S);
-extern void MPC_SUM_S(octet *S1, octet *S2, octet *S);
+extern int MPC_S(const octet *HM, const octet *R, const octet *K, const octet *SIGMA, octet *S);
+extern void MPC_SUM_S(const octet *S1, const octet *S2, octet *S);
 extern int MPC_SUM_PK(octet *PK1, octet *PK2, octet *PK);
 extern void MPC_DUMP_PAILLIER_SK(PAILLIER_private_key *PRIV, octet *P, octet *Q);
 """)

python/amcl/schnorr.py

@@ -30,9 +30,9 @@
 _ffi.cdef("""
 extern void SCHNORR_random_challenge(csprng *RNG, octet *E);
 extern void SCHNORR_commit(csprng *RNG, octet *R, octet *C);
-extern void SCHNORR_challenge(octet *V, octet *C, octet *E);
-extern void SCHNORR_prove(octet *R, octet *E, octet *X, octet *P);
-extern int  SCHNORR_verify(octet *V, octet *C, octet *E, octet *P);
+extern void SCHNORR_challenge(const octet *V, const octet *C, octet *E);
+extern void SCHNORR_prove(const octet *R, const octet *E, const octet *X, octet *P);
+extern int SCHNORR_verify(octet *V, octet *C, const octet *E, const octet *P);
 """)
 
 if (platform.system() == 'Windows'):

sonar-project.properties

@@ -0,0 +1,24 @@
+sonar.projectKey=apache_incubator-milagro-MPC
+sonar.projectName=apache_incubator-milagro-MPC
+sonar.projectVersion=0.1.0
+
+# =====================================================
+#   Meta-data for the project
+# =====================================================
+
+sonar.links.homepage=https://github.com/apache/incubator-milagro-MPC
+sonar.links.ci=https://travis-ci.com/kealan/incubator-milagro-MPC
+sonar.links.scm=https://github.com/apache/incubator-milagro-MPC
+sonar.links.issue=https://github.com/apache/incubator-milagro-MPC/issues
+
+
+# =====================================================
+#   Properties that will be shared amongst all modules
+# =====================================================
+
+# SQ standard properties
+sonar.sources=.
+
+# Properties specific to the C/C++ analyzer:
+sonar.cfamily.build-wrapper-output=bw-output
+sonar.cfamily.gcov.reportsPath=.

src/commitments.c

@@ -22,7 +22,7 @@ under the License.
 /* NM Commitments Definitions */
 
 // Compute the hash of X || R
-void hash(octet *X, octet *R, octet *C)
+static void hash(const octet *X, const octet *R, octet *C)
 {
     int i;
     hash256 sha256;
@@ -47,7 +47,7 @@ void hash(octet *X, octet *R, octet *C)
 }
 
 // Compute a commitment for the value X
-void COMMITMENTS_NM_commit(csprng *RNG, octet *X, octet *R, octet *C)
+void COMMITMENTS_NM_commit(csprng *RNG, const octet *X, octet *R, octet *C)
 {
     if (RNG != NULL)
     {
@@ -58,7 +58,7 @@ void COMMITMENTS_NM_commit(csprng *RNG, octet *X, octet *R, octet *C)
 }
 
 // Verify the commitment for the value X
-int COMMITMENTS_NM_decommit(octet *X, octet *R, octet *C)
+int COMMITMENTS_NM_decommit(const octet *X, const octet *R, octet *C)
 {
     char d[SHA256];
     octet D = {0, sizeof(d), d};
@@ -86,12 +86,14 @@ int COMMITMENTS_NM_decommit(octet *X, octet *R, octet *C)
 /*
  * Check if a number is a safe prime
  */
-int is_safe_prime(BIG_1024_58 *p, BIG_1024_58 *P, csprng *RNG, int n)
+static int is_safe_prime(BIG_1024_58 *p, BIG_1024_58 *P, csprng *RNG, int n)
 {
 #ifndef C99
-    BIG_1024_58 Pm1[FFLEN_2048], f[FFLEN_2048];
+    BIG_1024_58 Pm1[FFLEN_2048];
+    BIG_1024_58 f[FFLEN_2048];
 #else
-    BIG_1024_58 Pm1[n], f[n];
+    BIG_1024_58 Pm1[n];
+    BIG_1024_58 f[n];
 #endif
 
     // Sieve small primes from P, p is already checked in Miller-Rabin