aboutsummaryrefslogtreecommitdiff
path: root/src/scalarproduct
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-09-05 11:19:19 +0000
committerChristian Grothoff <christian@grothoff.org>2015-09-05 11:19:19 +0000
commit110973ebdd4f267cbaca4f793dae6c2ff325eeb9 (patch)
treee19a5c5ec2508528fac75b3a55b2a15c457f436b /src/scalarproduct
parentb82bbde943667a432ede3d2407763a342dfb32a3 (diff)
downloadgnunet-110973ebdd4f267cbaca4f793dae6c2ff325eeb9.tar.gz
gnunet-110973ebdd4f267cbaca4f793dae6c2ff325eeb9.zip
starting ECC-variant, but for now just a straight copy
Diffstat (limited to 'src/scalarproduct')
-rw-r--r--src/scalarproduct/Makefile.am26
-rw-r--r--src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c1448
-rw-r--r--src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c1592
3 files changed, 3065 insertions, 1 deletions
diff --git a/src/scalarproduct/Makefile.am b/src/scalarproduct/Makefile.am
index 15e4373f0..13e1a00d2 100644
--- a/src/scalarproduct/Makefile.am
+++ b/src/scalarproduct/Makefile.am
@@ -21,7 +21,9 @@ bin_PROGRAMS = \
21 21
22libexec_PROGRAMS = \ 22libexec_PROGRAMS = \
23 gnunet-service-scalarproduct-alice \ 23 gnunet-service-scalarproduct-alice \
24 gnunet-service-scalarproduct-bob 24 gnunet-service-scalarproduct-bob \
25 gnunet-service-scalarproduct-ecc-alice \
26 gnunet-service-scalarproduct-ecc-bob
25 27
26lib_LTLIBRARIES = \ 28lib_LTLIBRARIES = \
27 libgnunetscalarproduct.la 29 libgnunetscalarproduct.la
@@ -57,6 +59,28 @@ gnunet_service_scalarproduct_bob_LDADD = \
57 -lgcrypt \ 59 -lgcrypt \
58 $(GN_LIBINTL) 60 $(GN_LIBINTL)
59 61
62gnunet_service_scalarproduct_ecc_alice_SOURCES = \
63 gnunet-service-scalarproduct.h \
64 gnunet-service-scalarproduct-ecc_alice.c
65gnunet_service_scalarproduct_ecc_alice_LDADD = \
66 $(top_builddir)/src/util/libgnunetutil.la \
67 $(top_builddir)/src/cadet/libgnunetcadet.la \
68 $(top_builddir)/src/set/libgnunetset.la \
69 $(LIBGCRYPT_LIBS) \
70 -lgcrypt \
71 $(GN_LIBINTL)
72
73gnunet_service_scalarproduct_ecc_bob_SOURCES = \
74 gnunet-service-scalarproduct.h \
75 gnunet-service-scalarproduct-ecc_bob.c
76gnunet_service_scalarproduct_ecc_bob_LDADD = \
77 $(top_builddir)/src/util/libgnunetutil.la \
78 $(top_builddir)/src/cadet/libgnunetcadet.la \
79 $(top_builddir)/src/set/libgnunetset.la \
80 $(LIBGCRYPT_LIBS) \
81 -lgcrypt \
82 $(GN_LIBINTL)
83
60libgnunetscalarproduct_la_SOURCES = \ 84libgnunetscalarproduct_la_SOURCES = \
61 scalarproduct_api.c \ 85 scalarproduct_api.c \
62 scalarproduct.h 86 scalarproduct.h
diff --git a/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
new file mode 100644
index 000000000..565cc3104
--- /dev/null
+++ b/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
@@ -0,0 +1,1448 @@
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2013, 2014 Christian Grothoff (and other contributing authors)
4
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
19 */
20/**
21 * @file scalarproduct/gnunet-service-scalarproduct_alice.c
22 * @brief scalarproduct service implementation
23 * @author Christian M. Fuchs
24 * @author Christian Grothoff
25 */
26#include "platform.h"
27#include <limits.h>
28#include <gcrypt.h>
29#include "gnunet_util_lib.h"
30#include "gnunet_core_service.h"
31#include "gnunet_cadet_service.h"
32#include "gnunet_applications.h"
33#include "gnunet_protocols.h"
34#include "gnunet_scalarproduct_service.h"
35#include "gnunet_set_service.h"
36#include "scalarproduct.h"
37#include "gnunet-service-scalarproduct.h"
38
39#define LOG(kind,...) GNUNET_log_from (kind, "scalarproduct-alice", __VA_ARGS__)
40
41/**
42 * An encrypted element key-value pair.
43 */
44struct MpiElement
45{
46 /**
47 * Key used to identify matching pairs of values to multiply.
48 * Points into an existing data structure, to avoid copying
49 * and doubling memory use.
50 */
51 const struct GNUNET_HashCode *key;
52
53 /**
54 * Value represented (a).
55 */
56 gcry_mpi_t value;
57};
58
59
60/**
61 * A scalarproduct session which tracks
62 * a request form the client to our final response.
63 */
64struct AliceServiceSession
65{
66
67 /**
68 * (hopefully) unique transaction ID
69 */
70 struct GNUNET_HashCode session_id;
71
72 /**
73 * Alice or Bob's peerID
74 */
75 struct GNUNET_PeerIdentity peer;
76
77 /**
78 * The client this request is related to.
79 */
80 struct GNUNET_SERVER_Client *client;
81
82 /**
83 * The message queue for the client.
84 */
85 struct GNUNET_MQ_Handle *client_mq;
86
87 /**
88 * The message queue for CADET.
89 */
90 struct GNUNET_MQ_Handle *cadet_mq;
91
92 /**
93 * all non-0-value'd elements transmitted to us.
94 * Values are of type `struct GNUNET_SCALARPRODUCT_Element *`
95 */
96 struct GNUNET_CONTAINER_MultiHashMap *intersected_elements;
97
98 /**
99 * Set of elements for which will conduction an intersection.
100 * the resulting elements are then used for computing the scalar product.
101 */
102 struct GNUNET_SET_Handle *intersection_set;
103
104 /**
105 * Set of elements for which will conduction an intersection.
106 * the resulting elements are then used for computing the scalar product.
107 */
108 struct GNUNET_SET_OperationHandle *intersection_op;
109
110 /**
111 * Handle to Alice's Intersection operation listening for Bob
112 */
113 struct GNUNET_SET_ListenHandle *intersection_listen;
114
115 /**
116 * channel-handle associated with our cadet handle
117 */
118 struct GNUNET_CADET_Channel *channel;
119
120 /**
121 * a(Alice), sorted array by key of length @e used_element_count.
122 */
123 struct MpiElement *sorted_elements;
124
125 /**
126 * Bob's permutation p of R
127 */
128 struct GNUNET_CRYPTO_PaillierCiphertext *r;
129
130 /**
131 * Bob's permutation q of R
132 */
133 struct GNUNET_CRYPTO_PaillierCiphertext *r_prime;
134
135 /**
136 * Bob's "s"
137 */
138 struct GNUNET_CRYPTO_PaillierCiphertext s;
139
140 /**
141 * Bob's "s'"
142 */
143 struct GNUNET_CRYPTO_PaillierCiphertext s_prime;
144
145 /**
146 * The computed scalar
147 */
148 gcry_mpi_t product;
149
150 /**
151 * How many elements we were supplied with from the client (total
152 * count before intersection).
153 */
154 uint32_t total;
155
156 /**
157 * How many elements actually are used for the scalar product.
158 * Size of the arrays in @e r and @e r_prime. Sometimes also
159 * reset to 0 and used as a counter!
160 */
161 uint32_t used_element_count;
162
163 /**
164 * Already transferred elements from client to us.
165 * Less or equal than @e total.
166 */
167 uint32_t client_received_element_count;
168
169 /**
170 * Already transferred elements from Bob to us.
171 * Less or equal than @e total.
172 */
173 uint32_t cadet_received_element_count;
174
175 /**
176 * State of this session. In
177 * #GNUNET_SCALARPRODUCT_STATUS_ACTIVE while operation is
178 * ongoing, afterwards in #GNUNET_SCALARPRODUCT_STATUS_SUCCESS or
179 * #GNUNET_SCALARPRODUCT_STATUS_FAILURE.
180 */
181 enum GNUNET_SCALARPRODUCT_ResponseStatus status;
182
183 /**
184 * Flag to prevent recursive calls to #destroy_service_session() from
185 * doing harm.
186 */
187 int in_destroy;
188
189};
190
191
192/**
193 * GNUnet configuration handle
194 */
195static const struct GNUNET_CONFIGURATION_Handle *cfg;
196
197/**
198 * Service's own public key
199 */
200static struct GNUNET_CRYPTO_PaillierPublicKey my_pubkey;
201
202/**
203 * Service's own private key
204 */
205static struct GNUNET_CRYPTO_PaillierPrivateKey my_privkey;
206
207/**
208 * Service's offset for values that could possibly be negative but are plaintext for encryption.
209 */
210static gcry_mpi_t my_offset;
211
212/**
213 * Handle to the CADET service.
214 */
215static struct GNUNET_CADET_Handle *my_cadet;
216
217
218/**
219 * Iterator called to free elements.
220 *
221 * @param cls the `struct AliceServiceSession *` (unused)
222 * @param key the key (unused)
223 * @param value value to free
224 * @return #GNUNET_OK (continue to iterate)
225 */
226static int
227free_element_cb (void *cls,
228 const struct GNUNET_HashCode *key,
229 void *value)
230{
231 struct GNUNET_SCALARPRODUCT_Element *e = value;
232
233 GNUNET_free (e);
234 return GNUNET_OK;
235}
236
237
238/**
239 * Destroy session state, we are done with it.
240 *
241 * @param s the session to free elements from
242 */
243static void
244destroy_service_session (struct AliceServiceSession *s)
245{
246 unsigned int i;
247
248 if (GNUNET_YES == s->in_destroy)
249 return;
250 s->in_destroy = GNUNET_YES;
251 if (NULL != s->client_mq)
252 {
253 GNUNET_MQ_destroy (s->client_mq);
254 s->client_mq = NULL;
255 }
256 if (NULL != s->cadet_mq)
257 {
258 GNUNET_MQ_destroy (s->cadet_mq);
259 s->cadet_mq = NULL;
260 }
261 if (NULL != s->client)
262 {
263 GNUNET_SERVER_client_set_user_context (s->client,
264 NULL);
265 GNUNET_SERVER_client_disconnect (s->client);
266 s->client = NULL;
267 }
268 if (NULL != s->channel)
269 {
270 GNUNET_CADET_channel_destroy (s->channel);
271 s->channel = NULL;
272 }
273 if (NULL != s->intersected_elements)
274 {
275 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
276 &free_element_cb,
277 s);
278 GNUNET_CONTAINER_multihashmap_destroy (s->intersected_elements);
279 s->intersected_elements = NULL;
280 }
281 if (NULL != s->intersection_listen)
282 {
283 GNUNET_SET_listen_cancel (s->intersection_listen);
284 s->intersection_listen = NULL;
285 }
286 if (NULL != s->intersection_op)
287 {
288 GNUNET_SET_operation_cancel (s->intersection_op);
289 s->intersection_op = NULL;
290 }
291 if (NULL != s->intersection_set)
292 {
293 GNUNET_SET_destroy (s->intersection_set);
294 s->intersection_set = NULL;
295 }
296 if (NULL != s->sorted_elements)
297 {
298 for (i=0;i<s->used_element_count;i++)
299 gcry_mpi_release (s->sorted_elements[i].value);
300 GNUNET_free (s->sorted_elements);
301 s->sorted_elements = NULL;
302 }
303 if (NULL != s->r)
304 {
305 GNUNET_free (s->r);
306 s->r = NULL;
307 }
308 if (NULL != s->r_prime)
309 {
310 GNUNET_free (s->r_prime);
311 s->r_prime = NULL;
312 }
313 if (NULL != s->product)
314 {
315 gcry_mpi_release (s->product);
316 s->product = NULL;
317 }
318 GNUNET_free (s);
319}
320
321
322/**
323 * Notify the client that the session has failed. A message gets sent
324 * to Alice's client if we encountered any error.
325 *
326 * @param session the associated client session to fail or succeed
327 */
328static void
329prepare_client_end_notification (struct AliceServiceSession *session)
330{
331 struct ClientResponseMessage *msg;
332 struct GNUNET_MQ_Envelope *e;
333
334 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
335 "Sending session-end notification with status %d to client for session %s\n",
336 session->status,
337 GNUNET_h2s (&session->session_id));
338 e = GNUNET_MQ_msg (msg,
339 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_RESULT);
340 msg->product_length = htonl (0);
341 msg->status = htonl (session->status);
342 GNUNET_MQ_send (session->client_mq,
343 e);
344}
345
346
347/**
348 * Prepare the final (positive) response we will send to Alice's
349 * client.
350 *
351 * @param s the session associated with our client.
352 */
353static void
354transmit_client_response (struct AliceServiceSession *s)
355{
356 struct ClientResponseMessage *msg;
357 struct GNUNET_MQ_Envelope *e;
358 unsigned char *product_exported = NULL;
359 size_t product_length = 0;
360 int32_t range;
361 gcry_error_t rc;
362 int sign;
363 gcry_mpi_t value;
364
365 if (NULL == s->product)
366 {
367 GNUNET_break (0);
368 prepare_client_end_notification (s);
369 return;
370 }
371 value = gcry_mpi_new (0);
372 sign = gcry_mpi_cmp_ui (s->product, 0);
373 if (0 > sign)
374 {
375 range = -1;
376 gcry_mpi_sub (value,
377 value,
378 s->product);
379 }
380 else if (0 < sign)
381 {
382 range = 1;
383 gcry_mpi_add (value, value, s->product);
384 }
385 else
386 {
387 /* result is exactly zero */
388 range = 0;
389 }
390 gcry_mpi_release (s->product);
391 s->product = NULL;
392
393 if ( (0 != range) &&
394 (0 != (rc = gcry_mpi_aprint (GCRYMPI_FMT_STD,
395 &product_exported,
396 &product_length,
397 value))))
398 {
399 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
400 "gcry_mpi_scan",
401 rc);
402 prepare_client_end_notification (s);
403 return;
404 }
405 gcry_mpi_release (value);
406 e = GNUNET_MQ_msg_extra (msg,
407 product_length,
408 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_RESULT);
409 msg->status = htonl (GNUNET_SCALARPRODUCT_STATUS_SUCCESS);
410 msg->range = htonl (range);
411 msg->product_length = htonl (product_length);
412 if (NULL != product_exported)
413 {
414 memcpy (&msg[1],
415 product_exported,
416 product_length);
417 GNUNET_free (product_exported);
418 }
419 GNUNET_MQ_send (s->client_mq,
420 e);
421 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
422 "Sent result to client, session %s has ended!\n",
423 GNUNET_h2s (&s->session_id));
424}
425
426
427
428/**
429 * Function called whenever a channel is destroyed. Should clean up
430 * any associated state.
431 *
432 * It must NOT call #GNUNET_CADET_channel_destroy() on the channel.
433 *
434 * @param cls closure (set from #GNUNET_CADET_connect())
435 * @param channel connection to the other end (henceforth invalid)
436 * @param channel_ctx place where local state associated
437 * with the channel is stored
438 */
439static void
440cb_channel_destruction (void *cls,
441 const struct GNUNET_CADET_Channel *channel,
442 void *channel_ctx)
443{
444 struct AliceServiceSession *s = channel_ctx;
445
446 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
447 "Peer disconnected, terminating session %s with peer %s\n",
448 GNUNET_h2s (&s->session_id),
449 GNUNET_i2s (&s->peer));
450 if (NULL != s->cadet_mq)
451 {
452 GNUNET_MQ_destroy (s->cadet_mq);
453 s->cadet_mq = NULL;
454 }
455 s->channel = NULL;
456 if (GNUNET_SCALARPRODUCT_STATUS_ACTIVE == s->status)
457 {
458 /* We didn't get an answer yet, fail with error */
459 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
460 prepare_client_end_notification (s);
461 }
462}
463
464
465/**
466 * Computes the square sum over a vector of a given length.
467 *
468 * @param vector the vector to compute over
469 * @param length the length of the vector
470 * @return an MPI value containing the calculated sum, never NULL
471 */
472static gcry_mpi_t
473compute_square_sum_mpi_elements (const struct MpiElement *vector,
474 uint32_t length)
475{
476 gcry_mpi_t elem;
477 gcry_mpi_t sum;
478 uint32_t i;
479
480 GNUNET_assert (NULL != (sum = gcry_mpi_new (0)));
481 GNUNET_assert (NULL != (elem = gcry_mpi_new (0)));
482 for (i = 0; i < length; i++)
483 {
484 gcry_mpi_mul (elem, vector[i].value, vector[i].value);
485 gcry_mpi_add (sum, sum, elem);
486 }
487 gcry_mpi_release (elem);
488 return sum;
489}
490
491
492/**
493 * Computes the square sum over a vector of a given length.
494 *
495 * @param vector the vector to compute over
496 * @param length the length of the vector
497 * @return an MPI value containing the calculated sum, never NULL
498 */
499static gcry_mpi_t
500compute_square_sum (const gcry_mpi_t *vector,
501 uint32_t length)
502{
503 gcry_mpi_t elem;
504 gcry_mpi_t sum;
505 uint32_t i;
506
507 GNUNET_assert (NULL != (sum = gcry_mpi_new (0)));
508 GNUNET_assert (NULL != (elem = gcry_mpi_new (0)));
509 for (i = 0; i < length; i++)
510 {
511 gcry_mpi_mul (elem, vector[i], vector[i]);
512 gcry_mpi_add (sum, sum, elem);
513 }
514 gcry_mpi_release (elem);
515 return sum;
516}
517
518
519/**
520 * Compute our scalar product, done by Alice
521 *
522 * @param session the session associated with this computation
523 * @return product as MPI, never NULL
524 */
525static gcry_mpi_t
526compute_scalar_product (struct AliceServiceSession *session)
527{
528 uint32_t count;
529 gcry_mpi_t t;
530 gcry_mpi_t u;
531 gcry_mpi_t u_prime;
532 gcry_mpi_t p;
533 gcry_mpi_t p_prime;
534 gcry_mpi_t tmp;
535 gcry_mpi_t r[session->used_element_count];
536 gcry_mpi_t r_prime[session->used_element_count];
537 gcry_mpi_t s;
538 gcry_mpi_t s_prime;
539 unsigned int i;
540
541 count = session->used_element_count;
542 // due to the introduced static offset S, we now also have to remove this
543 // from the E(a_pi)(+)E(-b_pi-r_pi) and E(a_qi)(+)E(-r_qi) twice each,
544 // the result is E((S + a_pi) + (S -b_pi-r_pi)) and E(S + a_qi + S - r_qi)
545 for (i = 0; i < count; i++)
546 {
547 r[i] = gcry_mpi_new (0);
548 GNUNET_CRYPTO_paillier_decrypt (&my_privkey,
549 &my_pubkey,
550 &session->r[i],
551 r[i]);
552 gcry_mpi_sub (r[i],
553 r[i],
554 my_offset);
555 gcry_mpi_sub (r[i],
556 r[i],
557 my_offset);
558 r_prime[i] = gcry_mpi_new (0);
559 GNUNET_CRYPTO_paillier_decrypt (&my_privkey,
560 &my_pubkey,
561 &session->r_prime[i],
562 r_prime[i]);
563 gcry_mpi_sub (r_prime[i],
564 r_prime[i],
565 my_offset);
566 gcry_mpi_sub (r_prime[i],
567 r_prime[i],
568 my_offset);
569 }
570
571 // calculate t = sum(ai)
572 t = compute_square_sum_mpi_elements (session->sorted_elements,
573 count);
574 // calculate U
575 u = gcry_mpi_new (0);
576 tmp = compute_square_sum (r, count);
577 gcry_mpi_sub (u, u, tmp);
578 gcry_mpi_release (tmp);
579
580 //calculate U'
581 u_prime = gcry_mpi_new (0);
582 tmp = compute_square_sum (r_prime, count);
583 gcry_mpi_sub (u_prime, u_prime, tmp);
584
585 GNUNET_assert (p = gcry_mpi_new (0));
586 GNUNET_assert (p_prime = gcry_mpi_new (0));
587 GNUNET_assert (s = gcry_mpi_new (0));
588 GNUNET_assert (s_prime = gcry_mpi_new (0));
589
590 // compute P
591 GNUNET_CRYPTO_paillier_decrypt (&my_privkey,
592 &my_pubkey,
593 &session->s,
594 s);
595 GNUNET_CRYPTO_paillier_decrypt (&my_privkey,
596 &my_pubkey,
597 &session->s_prime,
598 s_prime);
599
600 // compute P
601 gcry_mpi_add (p, s, t);
602 gcry_mpi_add (p, p, u);
603
604 // compute P'
605 gcry_mpi_add (p_prime, s_prime, t);
606 gcry_mpi_add (p_prime, p_prime, u_prime);
607
608 gcry_mpi_release (t);
609 gcry_mpi_release (u);
610 gcry_mpi_release (u_prime);
611 gcry_mpi_release (s);
612 gcry_mpi_release (s_prime);
613
614 // compute product
615 gcry_mpi_sub (p, p, p_prime);
616 gcry_mpi_release (p_prime);
617 tmp = gcry_mpi_set_ui (tmp, 2);
618 gcry_mpi_div (p, NULL, p, tmp, 0);
619
620 gcry_mpi_release (tmp);
621 for (i = 0; i < count; i++)
622 {
623 gcry_mpi_release (session->sorted_elements[i].value);
624 gcry_mpi_release (r[i]);
625 gcry_mpi_release (r_prime[i]);
626 }
627 GNUNET_free (session->sorted_elements);
628 session->sorted_elements = NULL;
629 GNUNET_free (session->r);
630 session->r = NULL;
631 GNUNET_free (session->r_prime);
632 session->r_prime = NULL;
633
634 return p;
635}
636
637
638/**
639 * Handle a multipart chunk of a response we got from another service
640 * we wanted to calculate a scalarproduct with.
641 *
642 * @param cls closure (set from #GNUNET_CADET_connect)
643 * @param channel connection to the other end
644 * @param channel_ctx place to store local state associated with the @a channel
645 * @param message the actual message
646 * @return #GNUNET_OK to keep the connection open,
647 * #GNUNET_SYSERR to close it (signal serious error)
648 */
649static int
650handle_bobs_cryptodata_multipart (void *cls,
651 struct GNUNET_CADET_Channel *channel,
652 void **channel_ctx,
653 const struct GNUNET_MessageHeader *message)
654{
655 struct AliceServiceSession *s = *channel_ctx;
656 const struct BobCryptodataMultipartMessage *msg;
657 const struct GNUNET_CRYPTO_PaillierCiphertext *payload;
658 size_t i;
659 uint32_t contained;
660 size_t msg_size;
661 size_t required_size;
662
663 if (NULL == s)
664 {
665 GNUNET_break_op (0);
666 return GNUNET_SYSERR;
667 }
668 msg_size = ntohs (message->size);
669 if (sizeof (struct BobCryptodataMultipartMessage) > msg_size)
670 {
671 GNUNET_break_op (0);
672 return GNUNET_SYSERR;
673 }
674 msg = (const struct BobCryptodataMultipartMessage *) message;
675 contained = ntohl (msg->contained_element_count);
676 required_size = sizeof (struct BobCryptodataMultipartMessage)
677 + 2 * contained * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext);
678 if ( (required_size != msg_size) ||
679 (s->cadet_received_element_count + contained > s->used_element_count) )
680 {
681 GNUNET_break (0);
682 return GNUNET_SYSERR;
683 }
684
685 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
686 "Received %u additional crypto values from Bob\n",
687 (unsigned int) contained);
688
689 payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
690 /* Convert each k[][perm] to its MPI_value */
691 for (i = 0; i < contained; i++)
692 {
693 memcpy (&s->r[s->cadet_received_element_count + i],
694 &payload[2 * i],
695 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
696 memcpy (&s->r_prime[s->cadet_received_element_count + i],
697 &payload[2 * i],
698 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
699 }
700 s->cadet_received_element_count += contained;
701 GNUNET_CADET_receive_done (s->channel);
702 if (s->cadet_received_element_count != s->used_element_count)
703 return GNUNET_OK;
704
705 s->product = compute_scalar_product (s);
706 transmit_client_response (s);
707 return GNUNET_OK;
708}
709
710
711/**
712 * Handle a response we got from another service we wanted to
713 * calculate a scalarproduct with.
714 *
715 * @param cls closure (set from #GNUNET_CADET_connect)
716 * @param channel connection to the other end
717 * @param channel_ctx place to store local state associated with the channel
718 * @param message the actual message
719 * @return #GNUNET_OK to keep the connection open,
720 * #GNUNET_SYSERR to close it (we are done)
721 */
722static int
723handle_bobs_cryptodata_message (void *cls,
724 struct GNUNET_CADET_Channel *channel,
725 void **channel_ctx,
726 const struct GNUNET_MessageHeader *message)
727{
728 struct AliceServiceSession *s = *channel_ctx;
729 const struct BobCryptodataMessage *msg;
730 const struct GNUNET_CRYPTO_PaillierCiphertext *payload;
731 uint32_t i;
732 uint32_t contained;
733 uint16_t msg_size;
734 size_t required_size;
735
736 if (NULL == s)
737 {
738 GNUNET_break_op (0);
739 return GNUNET_SYSERR;
740 }
741 msg_size = ntohs (message->size);
742 if (sizeof (struct BobCryptodataMessage) > msg_size)
743 {
744 GNUNET_break_op (0);
745 return GNUNET_SYSERR;
746 }
747 msg = (const struct BobCryptodataMessage *) message;
748 contained = ntohl (msg->contained_element_count);
749 required_size = sizeof (struct BobCryptodataMessage)
750 + 2 * contained * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)
751 + 2 * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext);
752 if ( (msg_size != required_size) ||
753 (contained > UINT16_MAX) ||
754 (s->used_element_count < contained) )
755 {
756 GNUNET_break_op (0);
757 return GNUNET_SYSERR;
758 }
759 if (NULL == s->sorted_elements)
760 {
761 /* we're not ready yet, how can Bob be? */
762 GNUNET_break_op (0);
763 return GNUNET_SYSERR;
764 }
765 if (s->total != s->client_received_element_count)
766 {
767 /* we're not ready yet, how can Bob be? */
768 GNUNET_break_op (0);
769 return GNUNET_SYSERR;
770 }
771 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
772 "Received %u crypto values from Bob\n",
773 (unsigned int) contained);
774
775 payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
776 memcpy (&s->s,
777 &payload[0],
778 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
779 memcpy (&s->s_prime,
780 &payload[1],
781 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
782 payload = &payload[2];
783
784 s->r = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * s->used_element_count);
785 s->r_prime = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * s->used_element_count);
786 for (i = 0; i < contained; i++)
787 {
788 memcpy (&s->r[i],
789 &payload[2 * i],
790 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
791 memcpy (&s->r_prime[i],
792 &payload[2 * i + 1],
793 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
794 }
795 s->cadet_received_element_count = contained;
796 GNUNET_CADET_receive_done (s->channel);
797
798 if (s->cadet_received_element_count != s->used_element_count)
799 {
800 /* More to come */
801 return GNUNET_OK;
802 }
803
804 s->product = compute_scalar_product (s);
805 transmit_client_response (s);
806 return GNUNET_OK;
807}
808
809
810/**
811 * Iterator to copy over messages from the hash map
812 * into an array for sorting.
813 *
814 * @param cls the `struct AliceServiceSession *`
815 * @param key the key (unused)
816 * @param value the `struct GNUNET_SCALARPRODUCT_Element *`
817 */
818static int
819copy_element_cb (void *cls,
820 const struct GNUNET_HashCode *key,
821 void *value)
822{
823 struct AliceServiceSession *s = cls;
824 struct GNUNET_SCALARPRODUCT_Element *e = value;
825 gcry_mpi_t mval;
826 int64_t val;
827
828 mval = gcry_mpi_new (0);
829 val = (int64_t) GNUNET_ntohll (e->value);
830 if (0 > val)
831 gcry_mpi_sub_ui (mval, mval, -val);
832 else
833 gcry_mpi_add_ui (mval, mval, val);
834 s->sorted_elements [s->used_element_count].value = mval;
835 s->sorted_elements [s->used_element_count].key = &e->key;
836 s->used_element_count++;
837 return GNUNET_OK;
838}
839
840
841/**
842 * Compare two `struct MpiValue`s by key for sorting.
843 *
844 * @param a pointer to first `struct MpiValue *`
845 * @param b pointer to first `struct MpiValue *`
846 * @return -1 for a < b, 0 for a=b, 1 for a > b.
847 */
848static int
849element_cmp (const void *a,
850 const void *b)
851{
852 const struct MpiElement *ma = a;
853 const struct MpiElement *mb = b;
854
855 return GNUNET_CRYPTO_hash_cmp (ma->key,
856 mb->key);
857}
858
859
860/**
861 * Maximum number of elements we can put into a single cryptodata
862 * message
863 */
864#define ELEMENT_CAPACITY ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct AliceCryptodataMessage)) / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext))
865
866
867/**
868 * Send the cryptographic data from Alice to Bob.
869 * Does nothing if we already transferred all elements.
870 *
871 * @param s the associated service session
872 */
873static void
874send_alices_cryptodata_message (struct AliceServiceSession *s)
875{
876 struct AliceCryptodataMessage *msg;
877 struct GNUNET_MQ_Envelope *e;
878 struct GNUNET_CRYPTO_PaillierCiphertext *payload;
879 unsigned int i;
880 uint32_t todo_count;
881 gcry_mpi_t a;
882 uint32_t off;
883
884 s->sorted_elements
885 = GNUNET_malloc (GNUNET_CONTAINER_multihashmap_size (s->intersected_elements) *
886 sizeof (struct MpiElement));
887 s->used_element_count = 0;
888 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
889 &copy_element_cb,
890 s);
891 LOG (GNUNET_ERROR_TYPE_DEBUG,
892 "Finished intersection, %d items remain\n",
893 s->used_element_count);
894 qsort (s->sorted_elements,
895 s->used_element_count,
896 sizeof (struct MpiElement),
897 &element_cmp);
898 off = 0;
899 while (off < s->used_element_count)
900 {
901 todo_count = s->used_element_count - off;
902 if (todo_count > ELEMENT_CAPACITY)
903 todo_count = ELEMENT_CAPACITY;
904 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
905 "Sending %u/%u crypto values to Bob\n",
906 (unsigned int) todo_count,
907 (unsigned int) s->used_element_count);
908
909 e = GNUNET_MQ_msg_extra (msg,
910 todo_count * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext),
911 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_CRYPTODATA);
912 msg->contained_element_count = htonl (todo_count);
913 payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
914 a = gcry_mpi_new (0);
915 for (i = off; i < off + todo_count; i++)
916 {
917 gcry_mpi_add (a,
918 s->sorted_elements[i].value,
919 my_offset);
920 GNUNET_assert (3 ==
921 GNUNET_CRYPTO_paillier_encrypt (&my_pubkey,
922 a,
923 3,
924 &payload[i - off]));
925 }
926 gcry_mpi_release (a);
927 off += todo_count;
928 GNUNET_MQ_send (s->cadet_mq,
929 e);
930 }
931}
932
933
934/**
935 * Callback for set operation results. Called for each element
936 * that should be removed from the result set, and then once
937 * to indicate that the set intersection operation is done.
938 *
939 * @param cls closure with the `struct AliceServiceSession`
940 * @param element a result element, only valid if status is #GNUNET_SET_STATUS_OK
941 * @param status what has happened with the set intersection?
942 */
943static void
944cb_intersection_element_removed (void *cls,
945 const struct GNUNET_SET_Element *element,
946 enum GNUNET_SET_Status status)
947{
948 struct AliceServiceSession *s = cls;
949 struct GNUNET_SCALARPRODUCT_Element *se;
950
951 switch (status)
952 {
953 case GNUNET_SET_STATUS_OK:
954 /* this element has been removed from the set */
955 se = GNUNET_CONTAINER_multihashmap_get (s->intersected_elements,
956 element->data);
957 GNUNET_assert (NULL != se);
958 LOG (GNUNET_ERROR_TYPE_DEBUG,
959 "Intersection removed element with key %s and value %lld\n",
960 GNUNET_h2s (&se->key),
961 (long long) GNUNET_ntohll (se->value));
962 GNUNET_assert (GNUNET_YES ==
963 GNUNET_CONTAINER_multihashmap_remove (s->intersected_elements,
964 element->data,
965 se));
966 GNUNET_free (se);
967 return;
968 case GNUNET_SET_STATUS_DONE:
969 s->intersection_op = NULL;
970 if (NULL != s->intersection_set)
971 {
972 GNUNET_SET_destroy (s->intersection_set);
973 s->intersection_set = NULL;
974 }
975 send_alices_cryptodata_message (s);
976 return;
977 case GNUNET_SET_STATUS_HALF_DONE:
978 /* unexpected for intersection */
979 GNUNET_break (0);
980 return;
981 case GNUNET_SET_STATUS_FAILURE:
982 /* unhandled status code */
983 LOG (GNUNET_ERROR_TYPE_DEBUG,
984 "Set intersection failed!\n");
985 if (NULL != s->intersection_listen)
986 {
987 GNUNET_SET_listen_cancel (s->intersection_listen);
988 s->intersection_listen = NULL;
989 }
990 s->intersection_op = NULL;
991 if (NULL != s->intersection_set)
992 {
993 GNUNET_SET_destroy (s->intersection_set);
994 s->intersection_set = NULL;
995 }
996 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
997 prepare_client_end_notification (s);
998 return;
999 default:
1000 GNUNET_break (0);
1001 return;
1002 }
1003}
1004
1005
1006/**
1007 * Called when another peer wants to do a set operation with the
1008 * local peer. If a listen error occurs, the @a request is NULL.
1009 *
1010 * @param cls closure with the `struct AliceServiceSession *`
1011 * @param other_peer the other peer
1012 * @param context_msg message with application specific information from
1013 * the other peer
1014 * @param request request from the other peer (never NULL), use GNUNET_SET_accept()
1015 * to accept it, otherwise the request will be refused
1016 * Note that we can't just return value from the listen callback,
1017 * as it is also necessary to specify the set we want to do the
1018 * operation with, whith sometimes can be derived from the context
1019 * message. It's necessary to specify the timeout.
1020 */
1021static void
1022cb_intersection_request_alice (void *cls,
1023 const struct GNUNET_PeerIdentity *other_peer,
1024 const struct GNUNET_MessageHeader *context_msg,
1025 struct GNUNET_SET_Request *request)
1026{
1027 struct AliceServiceSession *s = cls;
1028
1029 if (0 != memcmp (other_peer,
1030 &s->peer,
1031 sizeof (struct GNUNET_PeerIdentity)))
1032 {
1033 GNUNET_break_op (0);
1034 return;
1035 }
1036 s->intersection_op
1037 = GNUNET_SET_accept (request,
1038 GNUNET_SET_RESULT_REMOVED,
1039 &cb_intersection_element_removed,
1040 s);
1041 if (NULL == s->intersection_op)
1042 {
1043 GNUNET_break (0);
1044 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1045 prepare_client_end_notification (s);
1046 return;
1047 }
1048 if (GNUNET_OK !=
1049 GNUNET_SET_commit (s->intersection_op,
1050 s->intersection_set))
1051 {
1052 GNUNET_break (0);
1053 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1054 prepare_client_end_notification (s);
1055 return;
1056 }
1057 GNUNET_SET_destroy (s->intersection_set);
1058 s->intersection_set = NULL;
1059 GNUNET_SET_listen_cancel (s->intersection_listen);
1060 s->intersection_listen = NULL;
1061}
1062
1063
1064/**
1065 * Our client has finished sending us its multipart message.
1066 *
1067 * @param session the service session context
1068 */
1069static void
1070client_request_complete_alice (struct AliceServiceSession *s)
1071{
1072 struct ServiceRequestMessage *msg;
1073 struct GNUNET_MQ_Envelope *e;
1074
1075 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1076 "Creating new channel for session with key %s.\n",
1077 GNUNET_h2s (&s->session_id));
1078 s->channel
1079 = GNUNET_CADET_channel_create (my_cadet,
1080 s,
1081 &s->peer,
1082 GNUNET_APPLICATION_TYPE_SCALARPRODUCT,
1083 GNUNET_CADET_OPTION_RELIABLE);
1084 if (NULL == s->channel)
1085 {
1086 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1087 prepare_client_end_notification (s);
1088 return;
1089 }
1090 s->cadet_mq = GNUNET_CADET_mq_create (s->channel);
1091 s->intersection_listen
1092 = GNUNET_SET_listen (cfg,
1093 GNUNET_SET_OPERATION_INTERSECTION,
1094 &s->session_id,
1095 &cb_intersection_request_alice,
1096 s);
1097 if (NULL == s->intersection_listen)
1098 {
1099 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1100 GNUNET_CADET_channel_destroy (s->channel);
1101 s->channel = NULL;
1102 prepare_client_end_notification (s);
1103 return;
1104 }
1105
1106 e = GNUNET_MQ_msg (msg,
1107 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SESSION_INITIALIZATION);
1108 msg->session_id = s->session_id;
1109 msg->public_key = my_pubkey;
1110 GNUNET_MQ_send (s->cadet_mq,
1111 e);
1112}
1113
1114
1115/**
1116 * We're receiving additional set data. Add it to our
1117 * set and if we are done, initiate the transaction.
1118 *
1119 * @param cls closure
1120 * @param client identification of the client
1121 * @param message the actual message
1122 */
1123static void
1124GSS_handle_alice_client_message_multipart (void *cls,
1125 struct GNUNET_SERVER_Client *client,
1126 const struct GNUNET_MessageHeader *message)
1127{
1128 const struct ComputationBobCryptodataMultipartMessage * msg;
1129 struct AliceServiceSession *s;
1130 uint32_t contained_count;
1131 const struct GNUNET_SCALARPRODUCT_Element *elements;
1132 uint32_t i;
1133 uint16_t msize;
1134 struct GNUNET_SET_Element set_elem;
1135 struct GNUNET_SCALARPRODUCT_Element *elem;
1136
1137 s = GNUNET_SERVER_client_get_user_context (client,
1138 struct AliceServiceSession);
1139 if (NULL == s)
1140 {
1141 /* session needs to already exist */
1142 GNUNET_break (0);
1143 GNUNET_SERVER_receive_done (client,
1144 GNUNET_SYSERR);
1145 return;
1146 }
1147 msize = ntohs (message->size);
1148 if (msize < sizeof (struct ComputationBobCryptodataMultipartMessage))
1149 {
1150 GNUNET_break (0);
1151 GNUNET_SERVER_receive_done (client,
1152 GNUNET_SYSERR);
1153 return;
1154 }
1155 msg = (const struct ComputationBobCryptodataMultipartMessage *) message;
1156 contained_count = ntohl (msg->element_count_contained);
1157
1158 if ( (msize != (sizeof (struct ComputationBobCryptodataMultipartMessage) +
1159 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) ||
1160 (0 == contained_count) ||
1161 (s->total == s->client_received_element_count) ||
1162 (s->total < s->client_received_element_count + contained_count) )
1163 {
1164 GNUNET_break_op (0);
1165 GNUNET_SERVER_receive_done (client,
1166 GNUNET_SYSERR);
1167 return;
1168 }
1169 s->client_received_element_count += contained_count;
1170 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1171 for (i = 0; i < contained_count; i++)
1172 {
1173 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1174 memcpy (elem,
1175 &elements[i],
1176 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1177 if (GNUNET_SYSERR ==
1178 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1179 &elem->key,
1180 elem,
1181 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1182 {
1183 GNUNET_break (0);
1184 GNUNET_free (elem);
1185 continue;
1186 }
1187 set_elem.data = &elem->key;
1188 set_elem.size = sizeof (elem->key);
1189 set_elem.element_type = 0;
1190 GNUNET_SET_add_element (s->intersection_set,
1191 &set_elem,
1192 NULL, NULL);
1193 s->used_element_count++;
1194 }
1195 GNUNET_SERVER_receive_done (client,
1196 GNUNET_OK);
1197 if (s->total != s->client_received_element_count)
1198 {
1199 /* more to come */
1200 return;
1201 }
1202 client_request_complete_alice (s);
1203}
1204
1205
1206/**
1207 * Handler for Alice's client request message.
1208 * We are doing request-initiation to compute a scalar product with a peer.
1209 *
1210 * @param cls closure
1211 * @param client identification of the client
1212 * @param message the actual message
1213 */
1214static void
1215GSS_handle_alice_client_message (void *cls,
1216 struct GNUNET_SERVER_Client *client,
1217 const struct GNUNET_MessageHeader *message)
1218{
1219 const struct AliceComputationMessage *msg;
1220 struct AliceServiceSession *s;
1221 uint32_t contained_count;
1222 uint32_t total_count;
1223 const struct GNUNET_SCALARPRODUCT_Element *elements;
1224 uint32_t i;
1225 uint16_t msize;
1226 struct GNUNET_SET_Element set_elem;
1227 struct GNUNET_SCALARPRODUCT_Element *elem;
1228
1229 s = GNUNET_SERVER_client_get_user_context (client,
1230 struct AliceServiceSession);
1231 if (NULL != s)
1232 {
1233 /* only one concurrent session per client connection allowed,
1234 simplifies logic a lot... */
1235 GNUNET_break (0);
1236 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1237 return;
1238 }
1239 msize = ntohs (message->size);
1240 if (msize < sizeof (struct AliceComputationMessage))
1241 {
1242 GNUNET_break (0);
1243 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1244 return;
1245 }
1246 msg = (const struct AliceComputationMessage *) message;
1247 total_count = ntohl (msg->element_count_total);
1248 contained_count = ntohl (msg->element_count_contained);
1249 if ( (0 == total_count) ||
1250 (0 == contained_count) ||
1251 (msize != (sizeof (struct AliceComputationMessage) +
1252 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) )
1253 {
1254 GNUNET_break_op (0);
1255 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1256 return;
1257 }
1258
1259 s = GNUNET_new (struct AliceServiceSession);
1260 s->peer = msg->peer;
1261 s->status = GNUNET_SCALARPRODUCT_STATUS_ACTIVE;
1262 s->client = client;
1263 s->client_mq = GNUNET_MQ_queue_for_server_client (client);
1264 s->total = total_count;
1265 s->client_received_element_count = contained_count;
1266 s->session_id = msg->session_key;
1267 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1268 s->intersected_elements = GNUNET_CONTAINER_multihashmap_create (s->total,
1269 GNUNET_YES);
1270 s->intersection_set = GNUNET_SET_create (cfg,
1271 GNUNET_SET_OPERATION_INTERSECTION);
1272 for (i = 0; i < contained_count; i++)
1273 {
1274 if (0 == GNUNET_ntohll (elements[i].value))
1275 continue;
1276 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1277 memcpy (elem,
1278 &elements[i],
1279 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1280 if (GNUNET_SYSERR ==
1281 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1282 &elem->key,
1283 elem,
1284 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1285 {
1286 /* element with same key encountered twice! */
1287 GNUNET_break (0);
1288 GNUNET_free (elem);
1289 continue;
1290 }
1291 set_elem.data = &elem->key;
1292 set_elem.size = sizeof (elem->key);
1293 set_elem.element_type = 0;
1294 GNUNET_SET_add_element (s->intersection_set,
1295 &set_elem,
1296 NULL, NULL);
1297 s->used_element_count++;
1298 }
1299 GNUNET_SERVER_client_set_user_context (client,
1300 s);
1301 GNUNET_SERVER_receive_done (client,
1302 GNUNET_OK);
1303 if (s->total != s->client_received_element_count)
1304 {
1305 /* wait for multipart msg */
1306 return;
1307 }
1308 client_request_complete_alice (s);
1309}
1310
1311
1312/**
1313 * Task run during shutdown.
1314 *
1315 * @param cls unused
1316 * @param tc unused
1317 */
1318static void
1319shutdown_task (void *cls,
1320 const struct GNUNET_SCHEDULER_TaskContext *tc)
1321{
1322 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1323 "Shutting down, initiating cleanup.\n");
1324 // FIXME: we have to cut our connections to CADET first!
1325 if (NULL != my_cadet)
1326 {
1327 GNUNET_CADET_disconnect (my_cadet);
1328 my_cadet = NULL;
1329 }
1330}
1331
1332
1333/**
1334 * A client disconnected.
1335 *
1336 * Remove the associated session(s), release data structures
1337 * and cancel pending outgoing transmissions to the client.
1338 *
1339 * @param cls closure, NULL
1340 * @param client identification of the client
1341 */
1342static void
1343handle_client_disconnect (void *cls,
1344 struct GNUNET_SERVER_Client *client)
1345{
1346 struct AliceServiceSession *s;
1347
1348 if (NULL == client)
1349 return;
1350 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1351 "Client %p disconnected from us.\n",
1352 client);
1353 s = GNUNET_SERVER_client_get_user_context (client,
1354 struct AliceServiceSession);
1355 if (NULL == s)
1356 return;
1357 s->client = NULL;
1358 GNUNET_SERVER_client_set_user_context (client,
1359 NULL);
1360 destroy_service_session (s);
1361}
1362
1363
1364/**
1365 * Initialization of the program and message handlers
1366 *
1367 * @param cls closure
1368 * @param server the initialized server
1369 * @param c configuration to use
1370 */
1371static void
1372run (void *cls,
1373 struct GNUNET_SERVER_Handle *server,
1374 const struct GNUNET_CONFIGURATION_Handle *c)
1375{
1376 static const struct GNUNET_CADET_MessageHandler cadet_handlers[] = {
1377 { &handle_bobs_cryptodata_message,
1378 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA,
1379 0},
1380 { &handle_bobs_cryptodata_multipart,
1381 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA_MULTIPART,
1382 0},
1383 { NULL, 0, 0}
1384 };
1385 static const struct GNUNET_SERVER_MessageHandler server_handlers[] = {
1386 { &GSS_handle_alice_client_message, NULL,
1387 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_ALICE,
1388 0},
1389 { &GSS_handle_alice_client_message_multipart, NULL,
1390 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_MUTLIPART_ALICE,
1391 0},
1392 { NULL, NULL, 0, 0}
1393 };
1394
1395 cfg = c;
1396 /*
1397 offset has to be sufficiently small to allow computation of:
1398 m1+m2 mod n == (S + a) + (S + b) mod n,
1399 if we have more complex operations, this factor needs to be lowered */
1400 my_offset = gcry_mpi_new (GNUNET_CRYPTO_PAILLIER_BITS / 3);
1401 gcry_mpi_set_bit (my_offset,
1402 GNUNET_CRYPTO_PAILLIER_BITS / 3);
1403
1404 GNUNET_CRYPTO_paillier_create (&my_pubkey,
1405 &my_privkey);
1406 GNUNET_SERVER_add_handlers (server,
1407 server_handlers);
1408 GNUNET_SERVER_disconnect_notify (server,
1409 &handle_client_disconnect,
1410 NULL);
1411 my_cadet = GNUNET_CADET_connect (cfg, NULL,
1412 NULL /* no incoming supported */,
1413 &cb_channel_destruction,
1414 cadet_handlers,
1415 NULL);
1416 if (NULL == my_cadet)
1417 {
1418 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1419 _("Connect to CADET failed\n"));
1420 GNUNET_SCHEDULER_shutdown ();
1421 return;
1422 }
1423 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
1424 &shutdown_task,
1425 NULL);
1426
1427}
1428
1429
1430/**
1431 * The main function for the scalarproduct service.
1432 *
1433 * @param argc number of arguments from the command line
1434 * @param argv command line arguments
1435 * @return 0 ok, 1 on error
1436 */
1437int
1438main (int argc,
1439 char *const *argv)
1440{
1441 return (GNUNET_OK ==
1442 GNUNET_SERVICE_run (argc, argv,
1443 "scalarproduct-alice",
1444 GNUNET_SERVICE_OPTION_NONE,
1445 &run, NULL)) ? 0 : 1;
1446}
1447
1448/* end of gnunet-service-scalarproduct_alice.c */
diff --git a/src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c b/src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
new file mode 100644
index 000000000..d08f5b858
--- /dev/null
+++ b/src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
@@ -0,0 +1,1592 @@
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2013, 2014 Christian Grothoff (and other contributing authors)
4
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
19 */
20/**
21 * @file scalarproduct/gnunet-service-scalarproduct_bob.c
22 * @brief scalarproduct service implementation
23 * @author Christian M. Fuchs
24 * @author Christian Grothoff
25 */
26#include "platform.h"
27#include <limits.h>
28#include <gcrypt.h>
29#include "gnunet_util_lib.h"
30#include "gnunet_core_service.h"
31#include "gnunet_cadet_service.h"
32#include "gnunet_applications.h"
33#include "gnunet_protocols.h"
34#include "gnunet_scalarproduct_service.h"
35#include "gnunet_set_service.h"
36#include "scalarproduct.h"
37#include "gnunet-service-scalarproduct.h"
38
39#define LOG(kind,...) GNUNET_log_from (kind, "scalarproduct-bob", __VA_ARGS__)
40
41
42/**
43 * An encrypted element key-value pair.
44 */
45struct MpiElement
46{
47 /**
48 * Key used to identify matching pairs of values to multiply.
49 * Points into an existing data structure, to avoid copying
50 * and doubling memory use.
51 */
52 const struct GNUNET_HashCode *key;
53
54 /**
55 * Value represented (a).
56 */
57 gcry_mpi_t value;
58};
59
60
61/**
62 * An incoming session from CADET.
63 */
64struct CadetIncomingSession;
65
66
67/**
68 * A scalarproduct session which tracks an offer for a
69 * multiplication service by a local client.
70 */
71struct BobServiceSession
72{
73
74 /**
75 * (hopefully) unique transaction ID
76 */
77 struct GNUNET_HashCode session_id;
78
79 /**
80 * The client this request is related to.
81 */
82 struct GNUNET_SERVER_Client *client;
83
84 /**
85 * Client message queue.
86 */
87 struct GNUNET_MQ_Handle *client_mq;
88
89 /**
90 * All non-0-value'd elements transmitted to us.
91 */
92 struct GNUNET_CONTAINER_MultiHashMap *intersected_elements;
93
94 /**
95 * Set of elements for which we will be conducting an intersection.
96 * The resulting elements are then used for computing the scalar product.
97 */
98 struct GNUNET_SET_Handle *intersection_set;
99
100 /**
101 * Set of elements for which will conduction an intersection.
102 * the resulting elements are then used for computing the scalar product.
103 */
104 struct GNUNET_SET_OperationHandle *intersection_op;
105
106 /**
107 * a(Alice)
108 */
109 struct MpiElement *sorted_elements;
110
111 /**
112 * E(ai)(Bob) after applying the mask
113 */
114 struct GNUNET_CRYPTO_PaillierCiphertext *e_a;
115
116 /**
117 * Bob's permutation p of R
118 */
119 struct GNUNET_CRYPTO_PaillierCiphertext *r;
120
121 /**
122 * Bob's permutation q of R
123 */
124 struct GNUNET_CRYPTO_PaillierCiphertext *r_prime;
125
126 /**
127 * Bob's "s"
128 */
129 struct GNUNET_CRYPTO_PaillierCiphertext s;
130
131 /**
132 * Bob's "s'"
133 */
134 struct GNUNET_CRYPTO_PaillierCiphertext s_prime;
135
136 /**
137 * Handle for our associated incoming CADET session, or NULL
138 * if we have not gotten one yet.
139 */
140 struct CadetIncomingSession *cadet;
141
142 /**
143 * The computed scalar
144 */
145 gcry_mpi_t product;
146
147 /**
148 * How many elements will be supplied in total from the client.
149 */
150 uint32_t total;
151
152 /**
153 * Already transferred elements (received) for multipart
154 * messages from client. Always less than @e total.
155 */
156 uint32_t client_received_element_count;
157
158 /**
159 * How many elements actually are used for the scalar product.
160 * Size of the arrays in @e r and @e r_prime. Also sometimes
161 * used as an index into the arrays during construction.
162 */
163 uint32_t used_element_count;
164
165 /**
166 * Counts the number of values received from Alice by us.
167 * Always less than @e used_element_count.
168 */
169 uint32_t cadet_received_element_count;
170
171 /**
172 * Counts the number of values transmitted from us to Alice.
173 * Always less than @e used_element_count.
174 */
175 uint32_t cadet_transmitted_element_count;
176
177 /**
178 * State of this session. In
179 * #GNUNET_SCALARPRODUCT_STATUS_ACTIVE while operation is
180 * ongoing, afterwards in #GNUNET_SCALARPRODUCT_STATUS_SUCCESS or
181 * #GNUNET_SCALARPRODUCT_STATUS_FAILURE.
182 */
183 enum GNUNET_SCALARPRODUCT_ResponseStatus status;
184
185 /**
186 * Are we already in #destroy_service_session()?
187 */
188 int in_destroy;
189
190};
191
192
193/**
194 * An incoming session from CADET.
195 */
196struct CadetIncomingSession
197{
198
199 /**
200 * Associated client session, or NULL.
201 */
202 struct BobServiceSession *s;
203
204 /**
205 * The CADET channel.
206 */
207 struct GNUNET_CADET_Channel *channel;
208
209 /**
210 * Originator's peer identity. (Only for diagnostics.)
211 */
212 struct GNUNET_PeerIdentity peer;
213
214 /**
215 * (hopefully) unique transaction ID
216 */
217 struct GNUNET_HashCode session_id;
218
219 /**
220 * Public key of the remote service.
221 */
222 struct GNUNET_CRYPTO_PaillierPublicKey remote_pubkey;
223
224 /**
225 * The message queue for this channel.
226 */
227 struct GNUNET_MQ_Handle *cadet_mq;
228
229 /**
230 * Has this CADET session been added to the map yet?
231 * #GNUNET_YES if so, in which case @e session_id is
232 * the key.
233 */
234 int in_map;
235
236 /**
237 * Are we already in #destroy_cadet_session()?
238 */
239 int in_destroy;
240
241};
242
243
244/**
245 * GNUnet configuration handle
246 */
247static const struct GNUNET_CONFIGURATION_Handle *cfg;
248
249/**
250 * Service's own public key
251 */
252static struct GNUNET_CRYPTO_PaillierPublicKey my_pubkey;
253
254/**
255 * Service's own private key
256 */
257static struct GNUNET_CRYPTO_PaillierPrivateKey my_privkey;
258
259/**
260 * Service's offset for values that could possibly be negative but are plaintext for encryption.
261 */
262static gcry_mpi_t my_offset;
263
264/**
265 * Map of `struct BobServiceSession`, by session keys.
266 */
267static struct GNUNET_CONTAINER_MultiHashMap *client_sessions;
268
269/**
270 * Map of `struct CadetIncomingSession`, by session keys.
271 */
272static struct GNUNET_CONTAINER_MultiHashMap *cadet_sessions;
273
274/**
275 * Handle to the CADET service.
276 */
277static struct GNUNET_CADET_Handle *my_cadet;
278
279
280
281/**
282 * Finds a not terminated client session in the respective map based on
283 * session key.
284 *
285 * @param key the session key we want to search for
286 * @return the matching session, or NULL for none
287 */
288static struct BobServiceSession *
289find_matching_client_session (const struct GNUNET_HashCode *key)
290{
291 return GNUNET_CONTAINER_multihashmap_get (client_sessions,
292 key);
293}
294
295
296/**
297 * Finds a CADET session in the respective map based on session key.
298 *
299 * @param key the session key we want to search for
300 * @return the matching session, or NULL for none
301 */
302static struct CadetIncomingSession *
303find_matching_cadet_session (const struct GNUNET_HashCode *key)
304{
305 return GNUNET_CONTAINER_multihashmap_get (cadet_sessions,
306 key);
307}
308
309
310/**
311 * Callback used to free the elements in the map.
312 *
313 * @param cls NULL
314 * @param key key of the element
315 * @param value the value to free
316 */
317static int
318free_element_cb (void *cls,
319 const struct GNUNET_HashCode *key,
320 void *value)
321{
322 struct GNUNET_SCALARPRODUCT_Element *element = value;
323
324 GNUNET_free (element);
325 return GNUNET_OK;
326}
327
328
329/**
330 * Destroy session state, we are done with it.
331 *
332 * @param session the session to free elements from
333 */
334static void
335destroy_cadet_session (struct CadetIncomingSession *s);
336
337
338/**
339 * Destroy session state, we are done with it.
340 *
341 * @param session the session to free elements from
342 */
343static void
344destroy_service_session (struct BobServiceSession *s)
345{
346 struct CadetIncomingSession *in;
347 unsigned int i;
348
349 if (GNUNET_YES == s->in_destroy)
350 return;
351 s->in_destroy = GNUNET_YES;
352 if (NULL != (in = s->cadet))
353 {
354 s->cadet = NULL;
355 destroy_cadet_session (in);
356 }
357 if (NULL != s->client_mq)
358 {
359 GNUNET_MQ_destroy (s->client_mq);
360 s->client_mq = NULL;
361 }
362 if (NULL != s->client)
363 {
364 GNUNET_SERVER_client_disconnect (s->client);
365 s->client = NULL;
366 }
367 GNUNET_assert (GNUNET_YES ==
368 GNUNET_CONTAINER_multihashmap_remove (client_sessions,
369 &s->session_id,
370 s));
371 if (NULL != s->intersected_elements)
372 {
373 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
374 &free_element_cb,
375 NULL);
376 GNUNET_CONTAINER_multihashmap_destroy (s->intersected_elements);
377 s->intersected_elements = NULL;
378 }
379 if (NULL != s->intersection_op)
380 {
381 GNUNET_SET_operation_cancel (s->intersection_op);
382 s->intersection_op = NULL;
383 }
384 if (NULL != s->intersection_set)
385 {
386 GNUNET_SET_destroy (s->intersection_set);
387 s->intersection_set = NULL;
388 }
389 if (NULL != s->e_a)
390 {
391 GNUNET_free (s->e_a);
392 s->e_a = NULL;
393 }
394 if (NULL != s->sorted_elements)
395 {
396 for (i=0;i<s->used_element_count;i++)
397 gcry_mpi_release (s->sorted_elements[i].value);
398 GNUNET_free (s->sorted_elements);
399 s->sorted_elements = NULL;
400 }
401 if (NULL != s->r)
402 {
403 GNUNET_free (s->r);
404 s->r = NULL;
405 }
406 if (NULL != s->r_prime)
407 {
408 GNUNET_free (s->r_prime);
409 s->r_prime = NULL;
410 }
411 if (NULL != s->product)
412 {
413 gcry_mpi_release (s->product);
414 s->product = NULL;
415 }
416 GNUNET_free (s);
417}
418
419
420/**
421 * Destroy incoming CADET session state, we are done with it.
422 *
423 * @param in the session to free elements from
424 */
425static void
426destroy_cadet_session (struct CadetIncomingSession *in)
427{
428 struct BobServiceSession *s;
429
430 if (GNUNET_YES == in->in_destroy)
431 return;
432 in->in_destroy = GNUNET_YES;
433 if (NULL != (s = in->s))
434 {
435 in->s = NULL;
436 destroy_service_session (s);
437 }
438 if (GNUNET_YES == in->in_map)
439 {
440 GNUNET_assert (GNUNET_YES ==
441 GNUNET_CONTAINER_multihashmap_remove (cadet_sessions,
442 &in->session_id,
443 in));
444 in->in_map = GNUNET_NO;
445 }
446 if (NULL != in->cadet_mq)
447 {
448 GNUNET_MQ_destroy (in->cadet_mq);
449 in->cadet_mq = NULL;
450 }
451 if (NULL != in->channel)
452 {
453 GNUNET_CADET_channel_destroy (in->channel);
454 in->channel = NULL;
455 }
456 GNUNET_free (in);
457}
458
459
460/**
461 * Notify the client that the session has succeeded or failed. This
462 * message gets sent to Bob's client if the operation completed or
463 * Alice disconnected.
464 *
465 * @param session the associated client session to fail or succeed
466 */
467static void
468prepare_client_end_notification (struct BobServiceSession *session)
469{
470 struct ClientResponseMessage *msg;
471 struct GNUNET_MQ_Envelope *e;
472
473 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
474 "Sending session-end notification with status %d to client for session %s\n",
475 session->status,
476 GNUNET_h2s (&session->session_id));
477 e = GNUNET_MQ_msg (msg,
478 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_RESULT);
479 msg->range = 0;
480 msg->product_length = htonl (0);
481 msg->status = htonl (session->status);
482 GNUNET_MQ_send (session->client_mq,
483 e);
484}
485
486
487/**
488 * Function called whenever a channel is destroyed. Should clean up
489 * any associated state.
490 *
491 * It must NOT call #GNUNET_CADET_channel_destroy() on the channel.
492 *
493 * @param cls closure (set from #GNUNET_CADET_connect())
494 * @param channel connection to the other end (henceforth invalid)
495 * @param channel_ctx place where local state associated
496 * with the channel is stored
497 */
498static void
499cb_channel_destruction (void *cls,
500 const struct GNUNET_CADET_Channel *channel,
501 void *channel_ctx)
502{
503 struct CadetIncomingSession *in = channel_ctx;
504 struct BobServiceSession *s;
505
506 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
507 "Peer disconnected, terminating session %s with peer %s\n",
508 GNUNET_h2s (&in->session_id),
509 GNUNET_i2s (&in->peer));
510 if (NULL != in->cadet_mq)
511 {
512 GNUNET_MQ_destroy (in->cadet_mq);
513 in->cadet_mq = NULL;
514 }
515 in->channel = NULL;
516 if (NULL != (s = in->s))
517 {
518 if (GNUNET_SCALARPRODUCT_STATUS_ACTIVE == s->status)
519 {
520 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
521 prepare_client_end_notification (s);
522 }
523 }
524 destroy_cadet_session (in);
525}
526
527
528/**
529 * MQ finished giving our last message to CADET, now notify
530 * the client that we are finished.
531 */
532static void
533bob_cadet_done_cb (void *cls)
534{
535 struct BobServiceSession *session = cls;
536
537 session->status = GNUNET_SCALARPRODUCT_STATUS_SUCCESS;
538 prepare_client_end_notification (session);
539}
540
541
542/**
543 * Maximum count of elements we can put into a multipart message
544 */
545#define ELEMENT_CAPACITY ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct BobCryptodataMultipartMessage)) / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext))
546
547
548/**
549 * Send a multipart chunk of a service response from Bob to Alice.
550 * This element only contains the two permutations of R, R'.
551 *
552 * @param s the associated service session
553 */
554static void
555transmit_bobs_cryptodata_message_multipart (struct BobServiceSession *s)
556{
557 struct GNUNET_CRYPTO_PaillierCiphertext *payload;
558 struct BobCryptodataMultipartMessage *msg;
559 struct GNUNET_MQ_Envelope *e;
560 unsigned int i;
561 unsigned int j;
562 uint32_t todo_count;
563
564 while (s->cadet_transmitted_element_count != s->used_element_count)
565 {
566 todo_count = s->used_element_count - s->cadet_transmitted_element_count;
567 if (todo_count > ELEMENT_CAPACITY / 2)
568 todo_count = ELEMENT_CAPACITY / 2;
569
570 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
571 "Sending %u additional crypto values to Alice\n",
572 (unsigned int) todo_count);
573 e = GNUNET_MQ_msg_extra (msg,
574 todo_count * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * 2,
575 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA_MULTIPART);
576 msg->contained_element_count = htonl (todo_count);
577 payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
578 for (i = s->cadet_transmitted_element_count, j = 0; i < s->cadet_transmitted_element_count + todo_count; i++)
579 {
580 //r[i][p] and r[i][q]
581 memcpy (&payload[j++],
582 &s->r[i],
583 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
584 memcpy (&payload[j++],
585 &s->r_prime[i],
586 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
587 }
588 s->cadet_transmitted_element_count += todo_count;
589 if (s->cadet_transmitted_element_count == s->used_element_count)
590 GNUNET_MQ_notify_sent (e,
591 &bob_cadet_done_cb,
592 s);
593 GNUNET_MQ_send (s->cadet->cadet_mq,
594 e);
595 }
596 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
597 "All values queued for Alice, Bob is done\n");
598}
599
600
601/**
602 * Bob generates the response message to be sent to Alice after
603 * computing the values (1), (2), S and S'.
604 *
605 * (1)[]: $E_A(a_{pi(i)}) times E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$
606 * (2)[]: $E_A(a_{pi'(i)}) times E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$
607 * S: $S := E_A(sum (r_i + b_i)^2)$
608 * S': $S' := E_A(sum r_i^2)$
609 *
610 * @param s the associated requesting session with Alice
611 */
612static void
613transmit_bobs_cryptodata_message (struct BobServiceSession *s)
614{
615 struct BobCryptodataMessage *msg;
616 struct GNUNET_MQ_Envelope *e;
617 struct GNUNET_CRYPTO_PaillierCiphertext *payload;
618 unsigned int i;
619
620 s->cadet_transmitted_element_count
621 = ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct BobCryptodataMessage))
622 / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) / 2) - 1;
623 if (s->cadet_transmitted_element_count > s->used_element_count)
624 s->cadet_transmitted_element_count = s->used_element_count;
625
626 e = GNUNET_MQ_msg_extra (msg,
627 (2 + s->cadet_transmitted_element_count * 2)
628 * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext),
629 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA);
630 msg->contained_element_count = htonl (s->cadet_transmitted_element_count);
631
632 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
633 "Sending %u/%u crypto values to Alice\n",
634 (unsigned int) s->cadet_transmitted_element_count,
635 (unsigned int) s->used_element_count);
636
637 payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
638 memcpy (&payload[0],
639 &s->s,
640 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
641 memcpy (&payload[1],
642 &s->s_prime,
643 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
644
645 payload = &payload[2];
646 // convert k[][]
647 for (i = 0; i < s->cadet_transmitted_element_count; i++)
648 {
649 //k[i][p] and k[i][q]
650 memcpy (&payload[i * 2],
651 &s->r[i],
652 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
653 memcpy (&payload[i * 2 + 1],
654 &s->r_prime[i],
655 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
656 }
657 if (s->cadet_transmitted_element_count == s->used_element_count)
658 GNUNET_MQ_notify_sent (e,
659 &bob_cadet_done_cb,
660 s);
661 GNUNET_MQ_send (s->cadet->cadet_mq,
662 e);
663 transmit_bobs_cryptodata_message_multipart (s);
664}
665#undef ELEMENT_CAPACITY
666
667
668/**
669 * Computes the square sum over a vector of a given length.
670 *
671 * @param vector the vector to compute over
672 * @param length the length of the vector
673 * @return an MPI value containing the calculated sum, never NULL
674 * TODO: code duplication with Alice!
675 */
676static gcry_mpi_t
677compute_square_sum (const gcry_mpi_t *vector,
678 uint32_t length)
679{
680 gcry_mpi_t elem;
681 gcry_mpi_t sum;
682 uint32_t i;
683
684 GNUNET_assert (NULL != (sum = gcry_mpi_new (0)));
685 GNUNET_assert (NULL != (elem = gcry_mpi_new (0)));
686 for (i = 0; i < length; i++)
687 {
688 gcry_mpi_mul (elem, vector[i], vector[i]);
689 gcry_mpi_add (sum, sum, elem);
690 }
691 gcry_mpi_release (elem);
692 return sum;
693}
694
695
696/**
697 * Compute the values
698 * (1)[]: $E_A(a_{pi(i)}) otimes E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$
699 * (2)[]: $E_A(a_{pi'(i)}) otimes E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$
700 * S: $S := E_A(sum (r_i + b_i)^2)$
701 * S': $S' := E_A(sum r_i^2)$
702 *
703 * @param request the requesting session + bob's requesting peer
704 * @return #GNUNET_OK on success
705 */
706static int
707compute_service_response (struct BobServiceSession *session)
708{
709 uint32_t i;
710 unsigned int *p;
711 unsigned int *q;
712 uint32_t count;
713 gcry_mpi_t *rand;
714 gcry_mpi_t tmp;
715 const struct MpiElement *b;
716 struct GNUNET_CRYPTO_PaillierCiphertext *a;
717 struct GNUNET_CRYPTO_PaillierCiphertext *r;
718 struct GNUNET_CRYPTO_PaillierCiphertext *r_prime;
719
720 count = session->used_element_count;
721 a = session->e_a;
722 b = session->sorted_elements;
723 q = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK,
724 count);
725 p = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK,
726 count);
727 rand = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
728 for (i = 0; i < count; i++)
729 GNUNET_assert (NULL != (rand[i] = gcry_mpi_new (0)));
730 r = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * count);
731 r_prime = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * count);
732
733 for (i = 0; i < count; i++)
734 {
735 int32_t svalue;
736
737 svalue = (int32_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
738 UINT32_MAX);
739 // long to gcry_mpi_t
740 if (svalue < 0)
741 gcry_mpi_sub_ui (rand[i],
742 rand[i],
743 - svalue);
744 else
745 rand[i] = gcry_mpi_set_ui (rand[i], svalue);
746 }
747
748 tmp = gcry_mpi_new (0);
749 // encrypt the element
750 // for the sake of readability I decided to have dedicated permutation
751 // vectors, which get rid of all the lookups in p/q.
752 // however, ap/aq are not absolutely necessary but are just abstraction
753 // Calculate Kp = E(S + a_pi) (+) E(S - r_pi - b_pi)
754 for (i = 0; i < count; i++)
755 {
756 // E(S - r_pi - b_pi)
757 gcry_mpi_sub (tmp, my_offset, rand[p[i]]);
758 gcry_mpi_sub (tmp, tmp, b[p[i]].value);
759 GNUNET_assert (2 ==
760 GNUNET_CRYPTO_paillier_encrypt (&session->cadet->remote_pubkey,
761 tmp,
762 2,
763 &r[i]));
764
765 // E(S - r_pi - b_pi) * E(S + a_pi) == E(2*S + a - r - b)
766 if (GNUNET_OK !=
767 GNUNET_CRYPTO_paillier_hom_add (&session->cadet->remote_pubkey,
768 &r[i],
769 &a[p[i]],
770 &r[i]))
771 {
772 GNUNET_break_op (0);
773 goto error_cleanup;
774 }
775 }
776
777 // Calculate Kq = E(S + a_qi) (+) E(S - r_qi)
778 for (i = 0; i < count; i++)
779 {
780 // E(S - r_qi)
781 gcry_mpi_sub (tmp, my_offset, rand[q[i]]);
782 GNUNET_assert (2 ==
783 GNUNET_CRYPTO_paillier_encrypt (&session->cadet->remote_pubkey,
784 tmp,
785 2,
786 &r_prime[i]));
787
788 // E(S - r_qi) * E(S + a_qi) == E(2*S + a_qi - r_qi)
789 if (GNUNET_OK !=
790 GNUNET_CRYPTO_paillier_hom_add (&session->cadet->remote_pubkey,
791 &r_prime[i],
792 &a[q[i]],
793 &r_prime[i]))
794 {
795 GNUNET_break_op (0);
796 goto error_cleanup;
797 }
798 }
799 gcry_mpi_release (tmp);
800
801 // Calculate S' = E(SUM( r_i^2 ))
802 tmp = compute_square_sum (rand, count);
803 GNUNET_assert (1 ==
804 GNUNET_CRYPTO_paillier_encrypt (&session->cadet->remote_pubkey,
805 tmp,
806 1,
807 &session->s_prime));
808 gcry_mpi_release (tmp);
809
810 // Calculate S = E(SUM( (r_i + b_i)^2 ))
811 for (i = 0; i < count; i++)
812 gcry_mpi_add (rand[i], rand[i], b[i].value);
813 tmp = compute_square_sum (rand, count);
814 GNUNET_assert (1 ==
815 GNUNET_CRYPTO_paillier_encrypt (&session->cadet->remote_pubkey,
816 tmp,
817 1,
818 &session->s));
819 gcry_mpi_release (tmp);
820
821 session->r = r;
822 session->r_prime = r_prime;
823
824 for (i = 0; i < count; i++)
825 gcry_mpi_release (rand[i]);
826 GNUNET_free (session->e_a);
827 session->e_a = NULL;
828 GNUNET_free (p);
829 GNUNET_free (q);
830 GNUNET_free (rand);
831 return GNUNET_OK;
832
833 error_cleanup:
834 GNUNET_free (r);
835 GNUNET_free (r_prime);
836 gcry_mpi_release (tmp);
837 GNUNET_free (p);
838 GNUNET_free (q);
839 for (i = 0; i < count; i++)
840 gcry_mpi_release (rand[i]);
841 GNUNET_free (rand);
842 return GNUNET_SYSERR;
843}
844
845
846/**
847 * Iterator to copy over messages from the hash map
848 * into an array for sorting.
849 *
850 * @param cls the `struct BobServiceSession *`
851 * @param key the key (unused)
852 * @param value the `struct GNUNET_SCALARPRODUCT_Element *`
853 * TODO: code duplication with Alice!
854 */
855static int
856copy_element_cb (void *cls,
857 const struct GNUNET_HashCode *key,
858 void *value)
859{
860 struct BobServiceSession *s = cls;
861 struct GNUNET_SCALARPRODUCT_Element *e = value;
862 gcry_mpi_t mval;
863 int64_t val;
864
865 mval = gcry_mpi_new (0);
866 val = (int64_t) GNUNET_ntohll (e->value);
867 if (0 > val)
868 gcry_mpi_sub_ui (mval, mval, -val);
869 else
870 gcry_mpi_add_ui (mval, mval, val);
871 s->sorted_elements [s->used_element_count].value = mval;
872 s->sorted_elements [s->used_element_count].key = &e->key;
873 s->used_element_count++;
874 return GNUNET_OK;
875}
876
877
878/**
879 * Compare two `struct MpiValue`s by key for sorting.
880 *
881 * @param a pointer to first `struct MpiValue *`
882 * @param b pointer to first `struct MpiValue *`
883 * @return -1 for a < b, 0 for a=b, 1 for a > b.
884 * TODO: code duplication with Alice!
885 */
886static int
887element_cmp (const void *a,
888 const void *b)
889{
890 const struct MpiElement *ma = a;
891 const struct MpiElement *mb = b;
892
893 return GNUNET_CRYPTO_hash_cmp (ma->key,
894 mb->key);
895}
896
897
898/**
899 * Intersection operation and receiving data via CADET from
900 * Alice are both done, compute and transmit our reply via
901 * CADET.
902 *
903 * @param s session to transmit reply for.
904 */
905static void
906transmit_cryptographic_reply (struct BobServiceSession *s)
907{
908 struct GNUNET_CADET_Channel *channel;
909
910 /* TODO: code duplication with Alice! */
911 LOG (GNUNET_ERROR_TYPE_DEBUG,
912 "Received everything, building reply for Alice\n");
913 s->sorted_elements
914 = GNUNET_malloc (GNUNET_CONTAINER_multihashmap_size (s->intersected_elements) *
915 sizeof (struct MpiElement));
916 s->used_element_count = 0;
917 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
918 &copy_element_cb,
919 s);
920 qsort (s->sorted_elements,
921 s->used_element_count,
922 sizeof (struct MpiElement),
923 &element_cmp);
924 if (GNUNET_OK !=
925 compute_service_response (s))
926 {
927 channel = s->cadet->channel;
928 s->cadet->channel = NULL;
929 GNUNET_CADET_channel_destroy (channel);
930 return;
931 }
932 transmit_bobs_cryptodata_message (s);
933}
934
935
936/**
937 * Handle a multipart-chunk of a request from another service to
938 * calculate a scalarproduct with us.
939 *
940 * @param cls closure (set from #GNUNET_CADET_connect)
941 * @param channel connection to the other end
942 * @param channel_ctx place to store local state associated with the @a channel
943 * @param message the actual message
944 * @return #GNUNET_OK to keep the connection open,
945 * #GNUNET_SYSERR to close it (signal serious error)
946 */
947static int
948handle_alices_cryptodata_message (void *cls,
949 struct GNUNET_CADET_Channel *channel,
950 void **channel_ctx,
951 const struct GNUNET_MessageHeader *message)
952{
953 struct CadetIncomingSession *in = *channel_ctx;
954 struct BobServiceSession *s;
955 const struct AliceCryptodataMessage *msg;
956 const struct GNUNET_CRYPTO_PaillierCiphertext *payload;
957 uint32_t contained_elements;
958 size_t msg_length;
959 uint16_t msize;
960 unsigned int max;
961
962 if (NULL == in)
963 {
964 GNUNET_break_op (0);
965 return GNUNET_SYSERR;
966 }
967 s = in->s;
968 if (NULL == s)
969 {
970 GNUNET_break_op (0);
971 return GNUNET_SYSERR;
972 }
973 msize = ntohs (message->size);
974 if (msize <= sizeof (struct AliceCryptodataMessage))
975 {
976 GNUNET_break_op (0);
977 return GNUNET_SYSERR;
978 }
979 msg = (const struct AliceCryptodataMessage *) message;
980 contained_elements = ntohl (msg->contained_element_count);
981 /* Our intersection may still be ongoing, but this is nevertheless
982 an upper bound on the required array size */
983 max = GNUNET_CONTAINER_multihashmap_size (s->intersected_elements);
984 msg_length = sizeof (struct AliceCryptodataMessage)
985 + contained_elements * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext);
986 if ( (msize != msg_length) ||
987 (0 == contained_elements) ||
988 (contained_elements > UINT16_MAX) ||
989 (max < contained_elements + s->cadet_received_element_count) )
990 {
991 GNUNET_break_op (0);
992 return GNUNET_SYSERR;
993 }
994 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
995 "Received %u crypto values from Alice\n",
996 (unsigned int) contained_elements);
997
998 payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
999 if (NULL == s->e_a)
1000 s->e_a = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) *
1001 max);
1002 memcpy (&s->e_a[s->cadet_received_element_count],
1003 payload,
1004 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * contained_elements);
1005 s->cadet_received_element_count += contained_elements;
1006
1007 if ( (s->cadet_received_element_count == max) &&
1008 (NULL == s->intersection_op) )
1009 {
1010 /* intersection has finished also on our side, and
1011 we got the full set, so we can proceed with the
1012 CADET response(s) */
1013 transmit_cryptographic_reply (s);
1014 }
1015 GNUNET_CADET_receive_done (s->cadet->channel);
1016 return GNUNET_OK;
1017}
1018
1019
1020/**
1021 * Callback for set operation results. Called for each element
1022 * that needs to be removed from the result set.
1023 *
1024 * @param cls closure with the `struct BobServiceSession`
1025 * @param element a result element, only valid if status is #GNUNET_SET_STATUS_OK
1026 * @param status what has happened with the set intersection?
1027 */
1028static void
1029cb_intersection_element_removed (void *cls,
1030 const struct GNUNET_SET_Element *element,
1031 enum GNUNET_SET_Status status)
1032{
1033 struct BobServiceSession *s = cls;
1034 struct GNUNET_SCALARPRODUCT_Element *se;
1035
1036 switch (status)
1037 {
1038 case GNUNET_SET_STATUS_OK:
1039 /* this element has been removed from the set */
1040 se = GNUNET_CONTAINER_multihashmap_get (s->intersected_elements,
1041 element->data);
1042 GNUNET_assert (NULL != se);
1043 LOG (GNUNET_ERROR_TYPE_DEBUG,
1044 "Removed element with key %s and value %lld\n",
1045 GNUNET_h2s (&se->key),
1046 (long long) GNUNET_ntohll (se->value));
1047 GNUNET_assert (GNUNET_YES ==
1048 GNUNET_CONTAINER_multihashmap_remove (s->intersected_elements,
1049 element->data,
1050 se));
1051 GNUNET_free (se);
1052 return;
1053 case GNUNET_SET_STATUS_DONE:
1054 s->intersection_op = NULL;
1055 GNUNET_break (NULL == s->intersection_set);
1056 GNUNET_CADET_receive_done (s->cadet->channel);
1057 LOG (GNUNET_ERROR_TYPE_DEBUG,
1058 "Finished intersection, %d items remain\n",
1059 GNUNET_CONTAINER_multihashmap_size (s->intersected_elements));
1060 if (s->client_received_element_count ==
1061 GNUNET_CONTAINER_multihashmap_size (s->intersected_elements))
1062 {
1063 /* CADET transmission from Alice is also already done,
1064 start with our own reply */
1065 transmit_cryptographic_reply (s);
1066 }
1067 return;
1068 case GNUNET_SET_STATUS_HALF_DONE:
1069 /* unexpected for intersection */
1070 GNUNET_break (0);
1071 return;
1072 case GNUNET_SET_STATUS_FAILURE:
1073 /* unhandled status code */
1074 LOG (GNUNET_ERROR_TYPE_DEBUG,
1075 "Set intersection failed!\n");
1076 s->intersection_op = NULL;
1077 if (NULL != s->intersection_set)
1078 {
1079 GNUNET_SET_destroy (s->intersection_set);
1080 s->intersection_set = NULL;
1081 }
1082 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1083 prepare_client_end_notification (s);
1084 return;
1085 default:
1086 GNUNET_break (0);
1087 return;
1088 }
1089}
1090
1091
1092/**
1093 * We've paired up a client session with an incoming CADET request.
1094 * Initiate set intersection work.
1095 *
1096 * @param s client session to start intersection for
1097 */
1098static void
1099start_intersection (struct BobServiceSession *s)
1100{
1101 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1102 "Got session with key %s and %u elements, starting intersection.\n",
1103 GNUNET_h2s (&s->session_id),
1104 (unsigned int) s->total);
1105
1106 s->intersection_op
1107 = GNUNET_SET_prepare (&s->cadet->peer,
1108 &s->session_id,
1109 NULL,
1110 GNUNET_SET_RESULT_REMOVED,
1111 &cb_intersection_element_removed,
1112 s);
1113 if (GNUNET_OK !=
1114 GNUNET_SET_commit (s->intersection_op,
1115 s->intersection_set))
1116 {
1117 GNUNET_break (0);
1118 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1119 prepare_client_end_notification (s);
1120 return;
1121 }
1122 GNUNET_SET_destroy (s->intersection_set);
1123 s->intersection_set = NULL;
1124}
1125
1126
1127/**
1128 * Handle a request from Alice to calculate a scalarproduct with us (Bob).
1129 *
1130 * @param cls closure (set from #GNUNET_CADET_connect)
1131 * @param channel connection to the other end
1132 * @param channel_ctx place to store the `struct CadetIncomingSession *`
1133 * @param message the actual message
1134 * @return #GNUNET_OK to keep the connection open,
1135 * #GNUNET_SYSERR to close it (signal serious error)
1136 */
1137static int
1138handle_alices_computation_request (void *cls,
1139 struct GNUNET_CADET_Channel *channel,
1140 void **channel_ctx,
1141 const struct GNUNET_MessageHeader *message)
1142{
1143 struct CadetIncomingSession *in = *channel_ctx;
1144 struct BobServiceSession *s;
1145 const struct ServiceRequestMessage *msg;
1146
1147 if (ntohs (message->size) != sizeof (struct ServiceRequestMessage))
1148 {
1149 GNUNET_break_op (0);
1150 return GNUNET_SYSERR;
1151 }
1152 msg = (const struct ServiceRequestMessage *) message;
1153 if (GNUNET_YES == in->in_map)
1154 {
1155 GNUNET_break_op (0);
1156 return GNUNET_SYSERR;
1157 }
1158 if (NULL != find_matching_cadet_session (&msg->session_id))
1159 {
1160 /* not unique, got one like this already */
1161 GNUNET_break_op (0);
1162 return GNUNET_SYSERR;
1163 }
1164 in->session_id = msg->session_id;
1165 in->remote_pubkey = msg->public_key;
1166 GNUNET_assert (GNUNET_YES ==
1167 GNUNET_CONTAINER_multihashmap_put (cadet_sessions,
1168 &in->session_id,
1169 in,
1170 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1171 s = find_matching_client_session (&in->session_id);
1172 if (NULL == s)
1173 {
1174 /* no client waiting for this request, wait for client */
1175 return GNUNET_OK;
1176 }
1177 GNUNET_assert (NULL == s->cadet);
1178 /* pair them up */
1179 in->s = s;
1180 s->cadet = in;
1181 if (s->client_received_element_count == s->total)
1182 start_intersection (s);
1183 return GNUNET_OK;
1184}
1185
1186
1187/**
1188 * Function called for inbound channels on Bob's end. Does some
1189 * preliminary initialization, more happens after we get Alice's first
1190 * message.
1191 *
1192 * @param cls closure
1193 * @param channel new handle to the channel
1194 * @param initiator peer that started the channel
1195 * @param port unused
1196 * @param options unused
1197 * @return session associated with the channel
1198 */
1199static void *
1200cb_channel_incoming (void *cls,
1201 struct GNUNET_CADET_Channel *channel,
1202 const struct GNUNET_PeerIdentity *initiator,
1203 uint32_t port,
1204 enum GNUNET_CADET_ChannelOption options)
1205{
1206 struct CadetIncomingSession *in;
1207
1208 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1209 "New incoming channel from peer %s.\n",
1210 GNUNET_i2s (initiator));
1211 in = GNUNET_new (struct CadetIncomingSession);
1212 in->peer = *initiator;
1213 in->channel = channel;
1214 in->cadet_mq = GNUNET_CADET_mq_create (in->channel);
1215 return in;
1216}
1217
1218
1219/**
1220 * We're receiving additional set data. Add it to our
1221 * set and if we are done, initiate the transaction.
1222 *
1223 * @param cls closure
1224 * @param client identification of the client
1225 * @param message the actual message
1226 */
1227static void
1228GSS_handle_bob_client_message_multipart (void *cls,
1229 struct GNUNET_SERVER_Client *client,
1230 const struct GNUNET_MessageHeader *message)
1231{
1232 const struct ComputationBobCryptodataMultipartMessage * msg;
1233 struct BobServiceSession *s;
1234 uint32_t contained_count;
1235 const struct GNUNET_SCALARPRODUCT_Element *elements;
1236 uint32_t i;
1237 uint16_t msize;
1238 struct GNUNET_SET_Element set_elem;
1239 struct GNUNET_SCALARPRODUCT_Element *elem;
1240
1241 s = GNUNET_SERVER_client_get_user_context (client,
1242 struct BobServiceSession);
1243 if (NULL == s)
1244 {
1245 /* session needs to already exist */
1246 GNUNET_break (0);
1247 GNUNET_SERVER_receive_done (client,
1248 GNUNET_SYSERR);
1249 return;
1250 }
1251 msize = ntohs (message->size);
1252 if (msize < sizeof (struct ComputationBobCryptodataMultipartMessage))
1253 {
1254 GNUNET_break (0);
1255 GNUNET_SERVER_receive_done (client,
1256 GNUNET_SYSERR);
1257 return;
1258 }
1259 msg = (const struct ComputationBobCryptodataMultipartMessage *) message;
1260 contained_count = ntohl (msg->element_count_contained);
1261
1262 if ( (msize != (sizeof (struct ComputationBobCryptodataMultipartMessage) +
1263 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) ||
1264 (0 == contained_count) ||
1265 (UINT16_MAX < contained_count) ||
1266 (s->total == s->client_received_element_count) ||
1267 (s->total < s->client_received_element_count + contained_count) )
1268 {
1269 GNUNET_break_op (0);
1270 GNUNET_SERVER_receive_done (client,
1271 GNUNET_SYSERR);
1272 return;
1273 }
1274 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1275 for (i = 0; i < contained_count; i++)
1276 {
1277 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1278 memcpy (elem,
1279 &elements[i],
1280 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1281 if (GNUNET_SYSERR ==
1282 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1283 &elem->key,
1284 elem,
1285 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1286 {
1287 GNUNET_break (0);
1288 GNUNET_free (elem);
1289 continue;
1290 }
1291 set_elem.data = &elem->key;
1292 set_elem.size = sizeof (elem->key);
1293 set_elem.element_type = 0;
1294 GNUNET_SET_add_element (s->intersection_set,
1295 &set_elem,
1296 NULL, NULL);
1297 }
1298 s->client_received_element_count += contained_count;
1299 GNUNET_SERVER_receive_done (client,
1300 GNUNET_OK);
1301 if (s->total != s->client_received_element_count)
1302 {
1303 /* more to come */
1304 return;
1305 }
1306 if (NULL == s->cadet)
1307 {
1308 /* no Alice waiting for this request, wait for Alice */
1309 return;
1310 }
1311 start_intersection (s);
1312}
1313
1314
1315/**
1316 * Handler for Bob's a client request message. Bob is in the response
1317 * role, keep the values + session and waiting for a matching session
1318 * or process a waiting request from Alice.
1319 *
1320 * @param cls closure
1321 * @param client identification of the client
1322 * @param message the actual message
1323 */
1324static void
1325GSS_handle_bob_client_message (void *cls,
1326 struct GNUNET_SERVER_Client *client,
1327 const struct GNUNET_MessageHeader *message)
1328{
1329 const struct BobComputationMessage *msg;
1330 struct BobServiceSession *s;
1331 struct CadetIncomingSession *in;
1332 uint32_t contained_count;
1333 uint32_t total_count;
1334 const struct GNUNET_SCALARPRODUCT_Element *elements;
1335 uint32_t i;
1336 struct GNUNET_SET_Element set_elem;
1337 struct GNUNET_SCALARPRODUCT_Element *elem;
1338 uint16_t msize;
1339
1340 s = GNUNET_SERVER_client_get_user_context (client,
1341 struct BobServiceSession);
1342 if (NULL != s)
1343 {
1344 /* only one concurrent session per client connection allowed,
1345 simplifies logic a lot... */
1346 GNUNET_break (0);
1347 GNUNET_SERVER_receive_done (client,
1348 GNUNET_SYSERR);
1349 return;
1350 }
1351 msize = ntohs (message->size);
1352 if (msize < sizeof (struct BobComputationMessage))
1353 {
1354 GNUNET_break (0);
1355 GNUNET_SERVER_receive_done (client,
1356 GNUNET_SYSERR);
1357 return;
1358 }
1359 msg = (const struct BobComputationMessage *) message;
1360 total_count = ntohl (msg->element_count_total);
1361 contained_count = ntohl (msg->element_count_contained);
1362 if ( (0 == total_count) ||
1363 (0 == contained_count) ||
1364 (UINT16_MAX < contained_count) ||
1365 (msize != (sizeof (struct BobComputationMessage) +
1366 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) )
1367 {
1368 GNUNET_break_op (0);
1369 GNUNET_SERVER_receive_done (client,
1370 GNUNET_SYSERR);
1371 return;
1372 }
1373 if (NULL != find_matching_client_session (&msg->session_key))
1374 {
1375 GNUNET_break (0);
1376 GNUNET_SERVER_receive_done (client,
1377 GNUNET_SYSERR);
1378 return;
1379 }
1380
1381 s = GNUNET_new (struct BobServiceSession);
1382 s->status = GNUNET_SCALARPRODUCT_STATUS_ACTIVE;
1383 s->client = client;
1384 s->client_mq = GNUNET_MQ_queue_for_server_client (client);
1385 s->total = total_count;
1386 s->client_received_element_count = contained_count;
1387 s->session_id = msg->session_key;
1388 GNUNET_break (GNUNET_YES ==
1389 GNUNET_CONTAINER_multihashmap_put (client_sessions,
1390 &s->session_id,
1391 s,
1392 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1393 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1394 s->intersected_elements = GNUNET_CONTAINER_multihashmap_create (s->total,
1395 GNUNET_YES);
1396 s->intersection_set = GNUNET_SET_create (cfg,
1397 GNUNET_SET_OPERATION_INTERSECTION);
1398 for (i = 0; i < contained_count; i++)
1399 {
1400 if (0 == GNUNET_ntohll (elements[i].value))
1401 continue;
1402 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1403 memcpy (elem,
1404 &elements[i],
1405 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1406 if (GNUNET_SYSERR ==
1407 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1408 &elem->key,
1409 elem,
1410 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1411 {
1412 GNUNET_break (0);
1413 GNUNET_free (elem);
1414 continue;
1415 }
1416 set_elem.data = &elem->key;
1417 set_elem.size = sizeof (elem->key);
1418 set_elem.element_type = 0;
1419 GNUNET_SET_add_element (s->intersection_set,
1420 &set_elem,
1421 NULL, NULL);
1422 s->used_element_count++;
1423 }
1424 GNUNET_SERVER_client_set_user_context (client,
1425 s);
1426 GNUNET_SERVER_receive_done (client,
1427 GNUNET_YES);
1428 if (s->total != s->client_received_element_count)
1429 {
1430 /* multipart msg */
1431 return;
1432 }
1433 in = find_matching_cadet_session (&s->session_id);
1434 if (NULL == in)
1435 {
1436 /* nothing yet, wait for Alice */
1437 return;
1438 }
1439 GNUNET_assert (NULL == in->s);
1440 /* pair them up */
1441 in->s = s;
1442 s->cadet = in;
1443 start_intersection (s);
1444}
1445
1446
1447/**
1448 * Task run during shutdown.
1449 *
1450 * @param cls unused
1451 * @param tc unused
1452 */
1453static void
1454shutdown_task (void *cls,
1455 const struct GNUNET_SCHEDULER_TaskContext *tc)
1456{
1457 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1458 "Shutting down, initiating cleanup.\n");
1459 // FIXME: we have to cut our connections to CADET first!
1460 if (NULL != my_cadet)
1461 {
1462 GNUNET_CADET_disconnect (my_cadet);
1463 my_cadet = NULL;
1464 }
1465 GNUNET_CONTAINER_multihashmap_destroy (client_sessions);
1466 client_sessions = NULL;
1467 GNUNET_CONTAINER_multihashmap_destroy (cadet_sessions);
1468 cadet_sessions = NULL;
1469}
1470
1471
1472/**
1473 * A client disconnected.
1474 *
1475 * Remove the associated session(s), release data structures
1476 * and cancel pending outgoing transmissions to the client.
1477 *
1478 * @param cls closure, NULL
1479 * @param client identification of the client
1480 */
1481static void
1482handle_client_disconnect (void *cls,
1483 struct GNUNET_SERVER_Client *client)
1484{
1485 struct BobServiceSession *s;
1486
1487 if (NULL == client)
1488 return;
1489 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1490 "Client disconnected from us.\n",
1491 client);
1492 s = GNUNET_SERVER_client_get_user_context (client,
1493 struct BobServiceSession);
1494 if (NULL == s)
1495 return;
1496 s->client = NULL;
1497 destroy_service_session (s);
1498}
1499
1500
1501/**
1502 * Initialization of the program and message handlers
1503 *
1504 * @param cls closure
1505 * @param server the initialized server
1506 * @param c configuration to use
1507 */
1508static void
1509run (void *cls,
1510 struct GNUNET_SERVER_Handle *server,
1511 const struct GNUNET_CONFIGURATION_Handle *c)
1512{
1513 static const struct GNUNET_SERVER_MessageHandler server_handlers[] = {
1514 { &GSS_handle_bob_client_message, NULL,
1515 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_BOB,
1516 0},
1517 { &GSS_handle_bob_client_message_multipart, NULL,
1518 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_MUTLIPART_BOB,
1519 0},
1520 { NULL, NULL, 0, 0}
1521 };
1522 static const struct GNUNET_CADET_MessageHandler cadet_handlers[] = {
1523 { &handle_alices_computation_request,
1524 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SESSION_INITIALIZATION,
1525 sizeof (struct ServiceRequestMessage) },
1526 { &handle_alices_cryptodata_message,
1527 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_CRYPTODATA,
1528 0},
1529 { NULL, 0, 0}
1530 };
1531 static const uint32_t ports[] = {
1532 GNUNET_APPLICATION_TYPE_SCALARPRODUCT,
1533 0
1534 };
1535
1536 cfg = c;
1537 /*
1538 offset has to be sufficiently small to allow computation of:
1539 m1+m2 mod n == (S + a) + (S + b) mod n,
1540 if we have more complex operations, this factor needs to be lowered */
1541 my_offset = gcry_mpi_new (GNUNET_CRYPTO_PAILLIER_BITS / 3);
1542 gcry_mpi_set_bit (my_offset,
1543 GNUNET_CRYPTO_PAILLIER_BITS / 3);
1544
1545 GNUNET_CRYPTO_paillier_create (&my_pubkey,
1546 &my_privkey);
1547 GNUNET_SERVER_add_handlers (server,
1548 server_handlers);
1549 GNUNET_SERVER_disconnect_notify (server,
1550 &handle_client_disconnect,
1551 NULL);
1552 client_sessions = GNUNET_CONTAINER_multihashmap_create (128,
1553 GNUNET_YES);
1554 cadet_sessions = GNUNET_CONTAINER_multihashmap_create (128,
1555 GNUNET_YES);
1556 my_cadet = GNUNET_CADET_connect (cfg, NULL,
1557 &cb_channel_incoming,
1558 &cb_channel_destruction,
1559 cadet_handlers,
1560 ports);
1561 if (NULL == my_cadet)
1562 {
1563 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1564 _("Connect to CADET failed\n"));
1565 GNUNET_SCHEDULER_shutdown ();
1566 return;
1567 }
1568 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
1569 &shutdown_task,
1570 NULL);
1571}
1572
1573
1574/**
1575 * The main function for the scalarproduct service.
1576 *
1577 * @param argc number of arguments from the command line
1578 * @param argv command line arguments
1579 * @return 0 ok, 1 on error
1580 */
1581int
1582main (int argc,
1583 char *const *argv)
1584{
1585 return (GNUNET_OK ==
1586 GNUNET_SERVICE_run (argc, argv,
1587 "scalarproduct-bob",
1588 GNUNET_SERVICE_OPTION_NONE,
1589 &run, NULL)) ? 0 : 1;
1590}
1591
1592/* end of gnunet-service-scalarproduct_bob.c */
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-27 22:25:23 +0000