diff options
Diffstat (limited to 'src/scalarproduct/gnunet-service-scalarproduct_bob.c')
-rw-r--r-- | src/scalarproduct/gnunet-service-scalarproduct_bob.c | 1383 |
1 files changed, 0 insertions, 1383 deletions
diff --git a/src/scalarproduct/gnunet-service-scalarproduct_bob.c b/src/scalarproduct/gnunet-service-scalarproduct_bob.c deleted file mode 100644 index b0299779d..000000000 --- a/src/scalarproduct/gnunet-service-scalarproduct_bob.c +++ /dev/null | |||
@@ -1,1383 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @file scalarproduct/gnunet-service-scalarproduct_bob.c | ||
22 | * @brief scalarproduct service implementation | ||
23 | * @author Christian M. Fuchs | ||
24 | * @author Christian Grothoff | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include <limits.h> | ||
28 | #include <gcrypt.h> | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_core_service.h" | ||
31 | #include "gnunet_cadet_service.h" | ||
32 | #include "gnunet_applications.h" | ||
33 | #include "gnunet_protocols.h" | ||
34 | #include "gnunet_scalarproduct_service.h" | ||
35 | #include "gnunet_seti_service.h" | ||
36 | #include "scalarproduct.h" | ||
37 | #include "gnunet-service-scalarproduct.h" | ||
38 | |||
39 | #define LOG(kind, ...) GNUNET_log_from (kind, "scalarproduct-bob", __VA_ARGS__) | ||
40 | |||
41 | |||
42 | /** | ||
43 | * An encrypted element key-value pair. | ||
44 | */ | ||
45 | struct MpiElement | ||
46 | { | ||
47 | /** | ||
48 | * Key used to identify matching pairs of values to multiply. | ||
49 | * Points into an existing data structure, to avoid copying | ||
50 | * and doubling memory use. | ||
51 | */ | ||
52 | const struct GNUNET_HashCode *key; | ||
53 | |||
54 | /** | ||
55 | * Value represented (a). | ||
56 | */ | ||
57 | gcry_mpi_t value; | ||
58 | }; | ||
59 | |||
60 | |||
61 | /** | ||
62 | * A scalarproduct session which tracks an offer for a | ||
63 | * multiplication service by a local client. | ||
64 | */ | ||
65 | struct BobServiceSession | ||
66 | { | ||
67 | /** | ||
68 | * (hopefully) unique transaction ID | ||
69 | */ | ||
70 | struct GNUNET_HashCode session_id; | ||
71 | |||
72 | /** | ||
73 | * The client this request is related to. | ||
74 | */ | ||
75 | struct GNUNET_SERVICE_Client *client; | ||
76 | |||
77 | /** | ||
78 | * Client message queue. | ||
79 | */ | ||
80 | struct GNUNET_MQ_Handle *client_mq; | ||
81 | |||
82 | /** | ||
83 | * All non-0-value'd elements transmitted to us. | ||
84 | */ | ||
85 | struct GNUNET_CONTAINER_MultiHashMap *intersected_elements; | ||
86 | |||
87 | /** | ||
88 | * Set of elements for which we will be conducting an intersection. | ||
89 | * The resulting elements are then used for computing the scalar product. | ||
90 | */ | ||
91 | struct GNUNET_SETI_Handle *intersection_set; | ||
92 | |||
93 | /** | ||
94 | * Set of elements for which will conduction an intersection. | ||
95 | * the resulting elements are then used for computing the scalar product. | ||
96 | */ | ||
97 | struct GNUNET_SETI_OperationHandle *intersection_op; | ||
98 | |||
99 | /** | ||
100 | * CADET port we are listening on. | ||
101 | */ | ||
102 | struct GNUNET_CADET_Port *port; | ||
103 | |||
104 | /** | ||
105 | * a(Alice) | ||
106 | */ | ||
107 | struct MpiElement *sorted_elements; | ||
108 | |||
109 | /** | ||
110 | * E(ai)(Bob) after applying the mask | ||
111 | */ | ||
112 | struct GNUNET_CRYPTO_PaillierCiphertext *e_a; | ||
113 | |||
114 | /** | ||
115 | * Bob's permutation p of R | ||
116 | */ | ||
117 | struct GNUNET_CRYPTO_PaillierCiphertext *r; | ||
118 | |||
119 | /** | ||
120 | * Bob's permutation q of R | ||
121 | */ | ||
122 | struct GNUNET_CRYPTO_PaillierCiphertext *r_prime; | ||
123 | |||
124 | /** | ||
125 | * Bob's "s" | ||
126 | */ | ||
127 | struct GNUNET_CRYPTO_PaillierCiphertext s; | ||
128 | |||
129 | /** | ||
130 | * Bob's "s'" | ||
131 | */ | ||
132 | struct GNUNET_CRYPTO_PaillierCiphertext s_prime; | ||
133 | |||
134 | /** | ||
135 | * Handle for our associated incoming CADET session, or NULL | ||
136 | * if we have not gotten one yet. | ||
137 | */ | ||
138 | struct CadetIncomingSession *cadet; | ||
139 | |||
140 | /** | ||
141 | * How many elements will be supplied in total from the client. | ||
142 | */ | ||
143 | uint32_t total; | ||
144 | |||
145 | /** | ||
146 | * Already transferred elements (received) for multipart | ||
147 | * messages from client. Always less than @e total. | ||
148 | */ | ||
149 | uint32_t client_received_element_count; | ||
150 | |||
151 | /** | ||
152 | * How many elements actually are used for the scalar product. | ||
153 | * Size of the arrays in @e r and @e r_prime. Also sometimes | ||
154 | * used as an index into the arrays during construction. | ||
155 | */ | ||
156 | uint32_t used_element_count; | ||
157 | |||
158 | /** | ||
159 | * Counts the number of values received from Alice by us. | ||
160 | * Always less than @e used_element_count. | ||
161 | */ | ||
162 | uint32_t cadet_received_element_count; | ||
163 | |||
164 | /** | ||
165 | * Counts the number of values transmitted from us to Alice. | ||
166 | * Always less than @e used_element_count. | ||
167 | */ | ||
168 | uint32_t cadet_transmitted_element_count; | ||
169 | |||
170 | /** | ||
171 | * State of this session. In | ||
172 | * #GNUNET_SCALARPRODUCT_STATUS_ACTIVE while operation is | ||
173 | * ongoing, afterwards in #GNUNET_SCALARPRODUCT_STATUS_SUCCESS or | ||
174 | * #GNUNET_SCALARPRODUCT_STATUS_FAILURE. | ||
175 | */ | ||
176 | enum GNUNET_SCALARPRODUCT_ResponseStatus status; | ||
177 | |||
178 | /** | ||
179 | * Are we already in #destroy_service_session()? | ||
180 | */ | ||
181 | int in_destroy; | ||
182 | |||
183 | /** | ||
184 | * The CADET channel. | ||
185 | */ | ||
186 | struct GNUNET_CADET_Channel *channel; | ||
187 | |||
188 | /** | ||
189 | * Originator's peer identity. (Only for diagnostics.) | ||
190 | */ | ||
191 | struct GNUNET_PeerIdentity peer; | ||
192 | |||
193 | /** | ||
194 | * Public key of the remote service. | ||
195 | */ | ||
196 | struct GNUNET_CRYPTO_PaillierPublicKey remote_pubkey; | ||
197 | |||
198 | /** | ||
199 | * The message queue for this channel. | ||
200 | */ | ||
201 | struct GNUNET_MQ_Handle *cadet_mq; | ||
202 | }; | ||
203 | |||
204 | |||
205 | /** | ||
206 | * GNUnet configuration handle | ||
207 | */ | ||
208 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
209 | |||
210 | /** | ||
211 | * Service's own public key | ||
212 | */ | ||
213 | static struct GNUNET_CRYPTO_PaillierPublicKey my_pubkey; | ||
214 | |||
215 | /** | ||
216 | * Service's own private key | ||
217 | */ | ||
218 | static struct GNUNET_CRYPTO_PaillierPrivateKey my_privkey; | ||
219 | |||
220 | /** | ||
221 | * Service's offset for values that could possibly be negative but are plaintext for encryption. | ||
222 | */ | ||
223 | static gcry_mpi_t my_offset; | ||
224 | |||
225 | /** | ||
226 | * Handle to the CADET service. | ||
227 | */ | ||
228 | static struct GNUNET_CADET_Handle *my_cadet; | ||
229 | |||
230 | |||
231 | /** | ||
232 | * Callback used to free the elements in the map. | ||
233 | * | ||
234 | * @param cls NULL | ||
235 | * @param key key of the element | ||
236 | * @param value the value to free | ||
237 | */ | ||
238 | static int | ||
239 | free_element_cb (void *cls, | ||
240 | const struct GNUNET_HashCode *key, | ||
241 | void *value) | ||
242 | { | ||
243 | struct GNUNET_SCALARPRODUCT_Element *element = value; | ||
244 | |||
245 | GNUNET_free (element); | ||
246 | return GNUNET_OK; | ||
247 | } | ||
248 | |||
249 | |||
250 | /** | ||
251 | * Destroy session state, we are done with it. | ||
252 | * | ||
253 | * @param session the session to free elements from | ||
254 | */ | ||
255 | static void | ||
256 | destroy_service_session (struct BobServiceSession *s) | ||
257 | { | ||
258 | unsigned int i; | ||
259 | |||
260 | if (GNUNET_YES == s->in_destroy) | ||
261 | return; | ||
262 | s->in_destroy = GNUNET_YES; | ||
263 | if (NULL != s->client) | ||
264 | { | ||
265 | struct GNUNET_SERVICE_Client *c = s->client; | ||
266 | |||
267 | s->client = NULL; | ||
268 | GNUNET_SERVICE_client_drop (c); | ||
269 | } | ||
270 | if (NULL != s->intersected_elements) | ||
271 | { | ||
272 | GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements, | ||
273 | &free_element_cb, | ||
274 | NULL); | ||
275 | GNUNET_CONTAINER_multihashmap_destroy (s->intersected_elements); | ||
276 | s->intersected_elements = NULL; | ||
277 | } | ||
278 | if (NULL != s->intersection_op) | ||
279 | { | ||
280 | GNUNET_SETI_operation_cancel (s->intersection_op); | ||
281 | s->intersection_op = NULL; | ||
282 | } | ||
283 | if (NULL != s->intersection_set) | ||
284 | { | ||
285 | GNUNET_SETI_destroy (s->intersection_set); | ||
286 | s->intersection_set = NULL; | ||
287 | } | ||
288 | if (NULL != s->e_a) | ||
289 | { | ||
290 | GNUNET_free (s->e_a); | ||
291 | s->e_a = NULL; | ||
292 | } | ||
293 | if (NULL != s->sorted_elements) | ||
294 | { | ||
295 | for (i = 0; i < s->used_element_count; i++) | ||
296 | gcry_mpi_release (s->sorted_elements[i].value); | ||
297 | GNUNET_free (s->sorted_elements); | ||
298 | s->sorted_elements = NULL; | ||
299 | } | ||
300 | if (NULL != s->r) | ||
301 | { | ||
302 | GNUNET_free (s->r); | ||
303 | s->r = NULL; | ||
304 | } | ||
305 | if (NULL != s->r_prime) | ||
306 | { | ||
307 | GNUNET_free (s->r_prime); | ||
308 | s->r_prime = NULL; | ||
309 | } | ||
310 | if (NULL != s->port) | ||
311 | { | ||
312 | GNUNET_CADET_close_port (s->port); | ||
313 | s->port = NULL; | ||
314 | } | ||
315 | if (NULL != s->channel) | ||
316 | { | ||
317 | GNUNET_CADET_channel_destroy (s->channel); | ||
318 | s->channel = NULL; | ||
319 | } | ||
320 | GNUNET_free (s); | ||
321 | } | ||
322 | |||
323 | |||
324 | /** | ||
325 | * Notify the client that the session has succeeded or failed. This | ||
326 | * message gets sent to Bob's client if the operation completed or | ||
327 | * Alice disconnected. | ||
328 | * | ||
329 | * @param session the associated client session to fail or succeed | ||
330 | */ | ||
331 | static void | ||
332 | prepare_client_end_notification (struct BobServiceSession *session) | ||
333 | { | ||
334 | struct ClientResponseMessage *msg; | ||
335 | struct GNUNET_MQ_Envelope *e; | ||
336 | |||
337 | if (NULL == session->client_mq) | ||
338 | return; /* no client left to be notified */ | ||
339 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
340 | "Sending session-end notification with status %d to client for session %s\n", | ||
341 | session->status, | ||
342 | GNUNET_h2s (&session->session_id)); | ||
343 | e = GNUNET_MQ_msg (msg, | ||
344 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_RESULT); | ||
345 | msg->range = 0; | ||
346 | msg->product_length = htonl (0); | ||
347 | msg->status = htonl (session->status); | ||
348 | GNUNET_MQ_send (session->client_mq, | ||
349 | e); | ||
350 | } | ||
351 | |||
352 | |||
353 | /** | ||
354 | * Function called whenever a channel is destroyed. Should clean up | ||
355 | * any associated state. | ||
356 | * | ||
357 | * It must NOT call #GNUNET_CADET_channel_destroy() on the channel. | ||
358 | * | ||
359 | * @param cls the `struct BobServiceSession` | ||
360 | * @param channel connection to the other end (henceforth invalid) | ||
361 | */ | ||
362 | static void | ||
363 | cb_channel_destruction (void *cls, | ||
364 | const struct GNUNET_CADET_Channel *channel) | ||
365 | { | ||
366 | struct BobServiceSession *s = cls; | ||
367 | |||
368 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
369 | "Peer disconnected, terminating session %s with peer %s\n", | ||
370 | GNUNET_h2s (&s->session_id), | ||
371 | GNUNET_i2s (&s->peer)); | ||
372 | if (GNUNET_SCALARPRODUCT_STATUS_ACTIVE == s->status) | ||
373 | { | ||
374 | s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE; | ||
375 | prepare_client_end_notification (s); | ||
376 | } | ||
377 | s->channel = NULL; | ||
378 | destroy_service_session (s); | ||
379 | } | ||
380 | |||
381 | |||
382 | /** | ||
383 | * MQ finished giving our last message to CADET, now notify | ||
384 | * the client that we are finished. | ||
385 | */ | ||
386 | static void | ||
387 | bob_cadet_done_cb (void *cls) | ||
388 | { | ||
389 | struct BobServiceSession *session = cls; | ||
390 | |||
391 | session->status = GNUNET_SCALARPRODUCT_STATUS_SUCCESS; | ||
392 | prepare_client_end_notification (session); | ||
393 | } | ||
394 | |||
395 | |||
396 | /** | ||
397 | * Maximum count of elements we can put into a multipart message | ||
398 | */ | ||
399 | #define ELEMENT_CAPACITY ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 \ | ||
400 | - sizeof(struct BobCryptodataMultipartMessage)) \ | ||
401 | / sizeof(struct \ | ||
402 | GNUNET_CRYPTO_PaillierCiphertext)) | ||
403 | |||
404 | |||
405 | /** | ||
406 | * Send a multipart chunk of a service response from Bob to Alice. | ||
407 | * This element only contains the two permutations of R, R'. | ||
408 | * | ||
409 | * @param s the associated service session | ||
410 | */ | ||
411 | static void | ||
412 | transmit_bobs_cryptodata_message_multipart (struct BobServiceSession *s) | ||
413 | { | ||
414 | struct GNUNET_CRYPTO_PaillierCiphertext *payload; | ||
415 | struct BobCryptodataMultipartMessage *msg; | ||
416 | struct GNUNET_MQ_Envelope *e; | ||
417 | unsigned int i; | ||
418 | unsigned int j; | ||
419 | uint32_t todo_count; | ||
420 | |||
421 | while (s->cadet_transmitted_element_count != s->used_element_count) | ||
422 | { | ||
423 | todo_count = s->used_element_count - s->cadet_transmitted_element_count; | ||
424 | if (todo_count > ELEMENT_CAPACITY / 2) | ||
425 | todo_count = ELEMENT_CAPACITY / 2; | ||
426 | |||
427 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
428 | "Sending %u additional crypto values to Alice\n", | ||
429 | (unsigned int) todo_count); | ||
430 | e = GNUNET_MQ_msg_extra (msg, | ||
431 | todo_count * sizeof(struct | ||
432 | GNUNET_CRYPTO_PaillierCiphertext) | ||
433 | * 2, | ||
434 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA_MULTIPART); | ||
435 | msg->contained_element_count = htonl (todo_count); | ||
436 | payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1]; | ||
437 | for (i = s->cadet_transmitted_element_count, j = 0; i < | ||
438 | s->cadet_transmitted_element_count + todo_count; i++) | ||
439 | { | ||
440 | // r[i][p] and r[i][q] | ||
441 | GNUNET_memcpy (&payload[j++], | ||
442 | &s->r[i], | ||
443 | sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
444 | GNUNET_memcpy (&payload[j++], | ||
445 | &s->r_prime[i], | ||
446 | sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
447 | } | ||
448 | s->cadet_transmitted_element_count += todo_count; | ||
449 | if (s->cadet_transmitted_element_count == s->used_element_count) | ||
450 | GNUNET_MQ_notify_sent (e, | ||
451 | &bob_cadet_done_cb, | ||
452 | s); | ||
453 | GNUNET_MQ_send (s->cadet_mq, | ||
454 | e); | ||
455 | } | ||
456 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
457 | "All values queued for Alice, Bob is done\n"); | ||
458 | } | ||
459 | |||
460 | |||
461 | /** | ||
462 | * Bob generates the response message to be sent to Alice after | ||
463 | * computing the values (1), (2), S and S'. | ||
464 | * | ||
465 | * (1)[]: $E_A(a_{pi(i)}) times E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$ | ||
466 | * (2)[]: $E_A(a_{pi'(i)}) times E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$ | ||
467 | * S: $S := E_A(sum (r_i + b_i)^2)$ | ||
468 | * S': $S' := E_A(sum r_i^2)$ | ||
469 | * | ||
470 | * @param s the associated requesting session with Alice | ||
471 | */ | ||
472 | static void | ||
473 | transmit_bobs_cryptodata_message (struct BobServiceSession *s) | ||
474 | { | ||
475 | struct BobCryptodataMessage *msg; | ||
476 | struct GNUNET_MQ_Envelope *e; | ||
477 | struct GNUNET_CRYPTO_PaillierCiphertext *payload; | ||
478 | unsigned int i; | ||
479 | |||
480 | s->cadet_transmitted_element_count | ||
481 | = ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof(struct | ||
482 | BobCryptodataMessage)) | ||
483 | / sizeof(struct GNUNET_CRYPTO_PaillierCiphertext) / 2) - 1; | ||
484 | if (s->cadet_transmitted_element_count > s->used_element_count) | ||
485 | s->cadet_transmitted_element_count = s->used_element_count; | ||
486 | |||
487 | e = GNUNET_MQ_msg_extra (msg, | ||
488 | (2 + s->cadet_transmitted_element_count * 2) | ||
489 | * sizeof(struct GNUNET_CRYPTO_PaillierCiphertext), | ||
490 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA); | ||
491 | msg->contained_element_count = htonl (s->cadet_transmitted_element_count); | ||
492 | |||
493 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
494 | "Sending %u/%u crypto values to Alice\n", | ||
495 | (unsigned int) s->cadet_transmitted_element_count, | ||
496 | (unsigned int) s->used_element_count); | ||
497 | |||
498 | payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1]; | ||
499 | GNUNET_memcpy (&payload[0], | ||
500 | &s->s, | ||
501 | sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
502 | GNUNET_memcpy (&payload[1], | ||
503 | &s->s_prime, | ||
504 | sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
505 | |||
506 | payload = &payload[2]; | ||
507 | // convert k[][] | ||
508 | for (i = 0; i < s->cadet_transmitted_element_count; i++) | ||
509 | { | ||
510 | // k[i][p] and k[i][q] | ||
511 | GNUNET_memcpy (&payload[i * 2], | ||
512 | &s->r[i], | ||
513 | sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
514 | GNUNET_memcpy (&payload[i * 2 + 1], | ||
515 | &s->r_prime[i], | ||
516 | sizeof(struct GNUNET_CRYPTO_PaillierCiphertext)); | ||
517 | } | ||
518 | if (s->cadet_transmitted_element_count == s->used_element_count) | ||
519 | GNUNET_MQ_notify_sent (e, | ||
520 | &bob_cadet_done_cb, | ||
521 | s); | ||
522 | GNUNET_MQ_send (s->cadet_mq, | ||
523 | e); | ||
524 | transmit_bobs_cryptodata_message_multipart (s); | ||
525 | } | ||
526 | |||
527 | |||
528 | #undef ELEMENT_CAPACITY | ||
529 | |||
530 | |||
531 | /** | ||
532 | * Computes the square sum over a vector of a given length. | ||
533 | * | ||
534 | * @param vector the vector to compute over | ||
535 | * @param length the length of the vector | ||
536 | * @return an MPI value containing the calculated sum, never NULL | ||
537 | * TODO: code duplication with Alice! | ||
538 | */ | ||
539 | static gcry_mpi_t | ||
540 | compute_square_sum (const gcry_mpi_t *vector, | ||
541 | uint32_t length) | ||
542 | { | ||
543 | gcry_mpi_t elem; | ||
544 | gcry_mpi_t sum; | ||
545 | uint32_t i; | ||
546 | |||
547 | GNUNET_assert (NULL != (sum = gcry_mpi_new (0))); | ||
548 | GNUNET_assert (NULL != (elem = gcry_mpi_new (0))); | ||
549 | for (i = 0; i < length; i++) | ||
550 | { | ||
551 | gcry_mpi_mul (elem, vector[i], vector[i]); | ||
552 | gcry_mpi_add (sum, sum, elem); | ||
553 | } | ||
554 | gcry_mpi_release (elem); | ||
555 | return sum; | ||
556 | } | ||
557 | |||
558 | |||
559 | /** | ||
560 | * Compute the values | ||
561 | * (1)[]: $E_A(a_{pi(i)}) otimes E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$ | ||
562 | * (2)[]: $E_A(a_{pi'(i)}) otimes E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$ | ||
563 | * S: $S := E_A(sum (r_i + b_i)^2)$ | ||
564 | * S': $S' := E_A(sum r_i^2)$ | ||
565 | * | ||
566 | * @param request the requesting session + bob's requesting peer | ||
567 | * @return #GNUNET_OK on success | ||
568 | */ | ||
569 | static int | ||
570 | compute_service_response (struct BobServiceSession *session) | ||
571 | { | ||
572 | uint32_t i; | ||
573 | unsigned int *p; | ||
574 | unsigned int *q; | ||
575 | uint32_t count; | ||
576 | gcry_mpi_t *rand; | ||
577 | gcry_mpi_t tmp; | ||
578 | const struct MpiElement *b; | ||
579 | struct GNUNET_CRYPTO_PaillierCiphertext *a; | ||
580 | struct GNUNET_CRYPTO_PaillierCiphertext *r; | ||
581 | struct GNUNET_CRYPTO_PaillierCiphertext *r_prime; | ||
582 | |||
583 | count = session->used_element_count; | ||
584 | a = session->e_a; | ||
585 | b = session->sorted_elements; | ||
586 | q = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK, | ||
587 | count); | ||
588 | p = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK, | ||
589 | count); | ||
590 | rand = GNUNET_malloc (sizeof(gcry_mpi_t) * count); | ||
591 | for (i = 0; i < count; i++) | ||
592 | GNUNET_assert (NULL != (rand[i] = gcry_mpi_new (0))); | ||
593 | r = GNUNET_malloc (sizeof(struct GNUNET_CRYPTO_PaillierCiphertext) * count); | ||
594 | r_prime = GNUNET_malloc (sizeof(struct GNUNET_CRYPTO_PaillierCiphertext) | ||
595 | * count); | ||
596 | |||
597 | for (i = 0; i < count; i++) | ||
598 | { | ||
599 | int32_t svalue; | ||
600 | |||
601 | svalue = (int32_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | ||
602 | UINT32_MAX); | ||
603 | // long to gcry_mpi_t | ||
604 | if (svalue < 0) | ||
605 | gcry_mpi_sub_ui (rand[i], | ||
606 | rand[i], | ||
607 | -svalue); | ||
608 | else | ||
609 | rand[i] = gcry_mpi_set_ui (rand[i], svalue); | ||
610 | } | ||
611 | |||
612 | tmp = gcry_mpi_new (0); | ||
613 | // encrypt the element | ||
614 | // for the sake of readability I decided to have dedicated permutation | ||
615 | // vectors, which get rid of all the lookups in p/q. | ||
616 | // however, ap/aq are not absolutely necessary but are just abstraction | ||
617 | // Calculate Kp = E(S + a_pi) (+) E(S - r_pi - b_pi) | ||
618 | for (i = 0; i < count; i++) | ||
619 | { | ||
620 | // E(S - r_pi - b_pi) | ||
621 | gcry_mpi_sub (tmp, my_offset, rand[p[i]]); | ||
622 | gcry_mpi_sub (tmp, tmp, b[p[i]].value); | ||
623 | GNUNET_assert (2 == | ||
624 | GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey, | ||
625 | tmp, | ||
626 | 2, | ||
627 | &r[i])); | ||
628 | |||
629 | // E(S - r_pi - b_pi) * E(S + a_pi) == E(2*S + a - r - b) | ||
630 | if (GNUNET_OK != | ||
631 | GNUNET_CRYPTO_paillier_hom_add (&session->remote_pubkey, | ||
632 | &r[i], | ||
633 | &a[p[i]], | ||
634 | &r[i])) | ||
635 | { | ||
636 | GNUNET_break_op (0); | ||
637 | goto error_cleanup; | ||
638 | } | ||
639 | } | ||
640 | |||
641 | // Calculate Kq = E(S + a_qi) (+) E(S - r_qi) | ||
642 | for (i = 0; i < count; i++) | ||
643 | { | ||
644 | // E(S - r_qi) | ||
645 | gcry_mpi_sub (tmp, my_offset, rand[q[i]]); | ||
646 | GNUNET_assert (2 == | ||
647 | GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey, | ||
648 | tmp, | ||
649 | 2, | ||
650 | &r_prime[i])); | ||
651 | |||
652 | // E(S - r_qi) * E(S + a_qi) == E(2*S + a_qi - r_qi) | ||
653 | if (GNUNET_OK != | ||
654 | GNUNET_CRYPTO_paillier_hom_add (&session->remote_pubkey, | ||
655 | &r_prime[i], | ||
656 | &a[q[i]], | ||
657 | &r_prime[i])) | ||
658 | { | ||
659 | GNUNET_break_op (0); | ||
660 | goto error_cleanup; | ||
661 | } | ||
662 | } | ||
663 | gcry_mpi_release (tmp); | ||
664 | |||
665 | // Calculate S' = E(SUM( r_i^2 )) | ||
666 | tmp = compute_square_sum (rand, count); | ||
667 | GNUNET_assert (1 == | ||
668 | GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey, | ||
669 | tmp, | ||
670 | 1, | ||
671 | &session->s_prime)); | ||
672 | gcry_mpi_release (tmp); | ||
673 | |||
674 | // Calculate S = E(SUM( (r_i + b_i)^2 )) | ||
675 | for (i = 0; i < count; i++) | ||
676 | gcry_mpi_add (rand[i], rand[i], b[i].value); | ||
677 | tmp = compute_square_sum (rand, count); | ||
678 | GNUNET_assert (1 == | ||
679 | GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey, | ||
680 | tmp, | ||
681 | 1, | ||
682 | &session->s)); | ||
683 | gcry_mpi_release (tmp); | ||
684 | |||
685 | session->r = r; | ||
686 | session->r_prime = r_prime; | ||
687 | |||
688 | for (i = 0; i < count; i++) | ||
689 | gcry_mpi_release (rand[i]); | ||
690 | GNUNET_free (session->e_a); | ||
691 | session->e_a = NULL; | ||
692 | GNUNET_free (p); | ||
693 | GNUNET_free (q); | ||
694 | GNUNET_free (rand); | ||
695 | return GNUNET_OK; | ||
696 | |||
697 | error_cleanup: | ||
698 | GNUNET_free (r); | ||
699 | GNUNET_free (r_prime); | ||
700 | gcry_mpi_release (tmp); | ||
701 | GNUNET_free (p); | ||
702 | GNUNET_free (q); | ||
703 | for (i = 0; i < count; i++) | ||
704 | gcry_mpi_release (rand[i]); | ||
705 | GNUNET_free (rand); | ||
706 | return GNUNET_SYSERR; | ||
707 | } | ||
708 | |||
709 | |||
710 | /** | ||
711 | * Iterator to copy over messages from the hash map | ||
712 | * into an array for sorting. | ||
713 | * | ||
714 | * @param cls the `struct BobServiceSession *` | ||
715 | * @param key the key (unused) | ||
716 | * @param value the `struct GNUNET_SCALARPRODUCT_Element *` | ||
717 | * TODO: code duplication with Alice! | ||
718 | */ | ||
719 | static int | ||
720 | copy_element_cb (void *cls, | ||
721 | const struct GNUNET_HashCode *key, | ||
722 | void *value) | ||
723 | { | ||
724 | struct BobServiceSession *s = cls; | ||
725 | struct GNUNET_SCALARPRODUCT_Element *e = value; | ||
726 | gcry_mpi_t mval; | ||
727 | int64_t val; | ||
728 | |||
729 | mval = gcry_mpi_new (0); | ||
730 | val = (int64_t) GNUNET_ntohll (e->value); | ||
731 | if (0 > val) | ||
732 | gcry_mpi_sub_ui (mval, mval, -val); | ||
733 | else | ||
734 | gcry_mpi_add_ui (mval, mval, val); | ||
735 | s->sorted_elements [s->used_element_count].value = mval; | ||
736 | s->sorted_elements [s->used_element_count].key = &e->key; | ||
737 | s->used_element_count++; | ||
738 | return GNUNET_OK; | ||
739 | } | ||
740 | |||
741 | |||
742 | /** | ||
743 | * Compare two `struct MpiValue`s by key for sorting. | ||
744 | * | ||
745 | * @param a pointer to first `struct MpiValue *` | ||
746 | * @param b pointer to first `struct MpiValue *` | ||
747 | * @return -1 for a < b, 0 for a=b, 1 for a > b. | ||
748 | * TODO: code duplication with Alice! | ||
749 | */ | ||
750 | static int | ||
751 | element_cmp (const void *a, | ||
752 | const void *b) | ||
753 | { | ||
754 | const struct MpiElement *ma = a; | ||
755 | const struct MpiElement *mb = b; | ||
756 | |||
757 | return GNUNET_CRYPTO_hash_cmp (ma->key, | ||
758 | mb->key); | ||
759 | } | ||
760 | |||
761 | |||
762 | /** | ||
763 | * Intersection operation and receiving data via CADET from | ||
764 | * Alice are both done, compute and transmit our reply via | ||
765 | * CADET. | ||
766 | * | ||
767 | * @param s session to transmit reply for. | ||
768 | */ | ||
769 | static void | ||
770 | transmit_cryptographic_reply (struct BobServiceSession *s) | ||
771 | { | ||
772 | struct GNUNET_CADET_Channel *channel; | ||
773 | |||
774 | /* TODO: code duplication with Alice! */ | ||
775 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
776 | "Received everything, building reply for Alice\n"); | ||
777 | s->sorted_elements | ||
778 | = GNUNET_malloc (GNUNET_CONTAINER_multihashmap_size ( | ||
779 | s->intersected_elements) | ||
780 | * sizeof(struct MpiElement)); | ||
781 | s->used_element_count = 0; | ||
782 | GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements, | ||
783 | ©_element_cb, | ||
784 | s); | ||
785 | qsort (s->sorted_elements, | ||
786 | s->used_element_count, | ||
787 | sizeof(struct MpiElement), | ||
788 | &element_cmp); | ||
789 | if (GNUNET_OK != | ||
790 | compute_service_response (s)) | ||
791 | { | ||
792 | channel = s->channel; | ||
793 | s->channel = NULL; | ||
794 | GNUNET_CADET_channel_destroy (channel); | ||
795 | return; | ||
796 | } | ||
797 | transmit_bobs_cryptodata_message (s); | ||
798 | } | ||
799 | |||
800 | |||
801 | /** | ||
802 | * Check a multipart-chunk of a request from another service to | ||
803 | * calculate a scalarproduct with us. | ||
804 | * | ||
805 | * @param cls the `struct BobServiceSession *` | ||
806 | * @param msg the actual message | ||
807 | * @return #GNUNET_OK to keep the connection open, | ||
808 | * #GNUNET_SYSERR to close it (signal serious error) | ||
809 | */ | ||
810 | static int | ||
811 | check_alices_cryptodata_message (void *cls, | ||
812 | const struct AliceCryptodataMessage *msg) | ||
813 | { | ||
814 | struct BobServiceSession *s = cls; | ||
815 | uint32_t contained_elements; | ||
816 | size_t msg_length; | ||
817 | uint16_t msize; | ||
818 | unsigned int max; | ||
819 | |||
820 | msize = ntohs (msg->header.size); | ||
821 | contained_elements = ntohl (msg->contained_element_count); | ||
822 | /* Our intersection may still be ongoing, but this is nevertheless | ||
823 | an upper bound on the required array size */ | ||
824 | max = GNUNET_CONTAINER_multihashmap_size (s->intersected_elements); | ||
825 | msg_length = sizeof(struct AliceCryptodataMessage) | ||
826 | + contained_elements * sizeof(struct | ||
827 | GNUNET_CRYPTO_PaillierCiphertext); | ||
828 | if ((msize != msg_length) || | ||
829 | (0 == contained_elements) || | ||
830 | (contained_elements > UINT16_MAX) || | ||
831 | (max < contained_elements + s->cadet_received_element_count)) | ||
832 | { | ||
833 | GNUNET_break_op (0); | ||
834 | return GNUNET_SYSERR; | ||
835 | } | ||
836 | return GNUNET_OK; | ||
837 | } | ||
838 | |||
839 | |||
840 | /** | ||
841 | * Handle a multipart-chunk of a request from another service to | ||
842 | * calculate a scalarproduct with us. | ||
843 | * | ||
844 | * @param cls the `struct BobServiceSession *` | ||
845 | * @param msg the actual message | ||
846 | */ | ||
847 | static void | ||
848 | handle_alices_cryptodata_message (void *cls, | ||
849 | const struct AliceCryptodataMessage *msg) | ||
850 | { | ||
851 | struct BobServiceSession *s = cls; | ||
852 | const struct GNUNET_CRYPTO_PaillierCiphertext *payload; | ||
853 | uint32_t contained_elements; | ||
854 | unsigned int max; | ||
855 | |||
856 | contained_elements = ntohl (msg->contained_element_count); | ||
857 | /* Our intersection may still be ongoing, but this is nevertheless | ||
858 | an upper bound on the required array size */ | ||
859 | max = GNUNET_CONTAINER_multihashmap_size (s->intersected_elements); | ||
860 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
861 | "Received %u crypto values from Alice\n", | ||
862 | (unsigned int) contained_elements); | ||
863 | |||
864 | payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1]; | ||
865 | if (NULL == s->e_a) | ||
866 | s->e_a = GNUNET_new_array (max, | ||
867 | struct GNUNET_CRYPTO_PaillierCiphertext); | ||
868 | GNUNET_memcpy (&s->e_a[s->cadet_received_element_count], | ||
869 | payload, | ||
870 | sizeof(struct GNUNET_CRYPTO_PaillierCiphertext) | ||
871 | * contained_elements); | ||
872 | s->cadet_received_element_count += contained_elements; | ||
873 | |||
874 | if ((s->cadet_received_element_count == max) && | ||
875 | (NULL == s->intersection_op)) | ||
876 | { | ||
877 | /* intersection has finished also on our side, and | ||
878 | we got the full set, so we can proceed with the | ||
879 | CADET response(s) */ | ||
880 | transmit_cryptographic_reply (s); | ||
881 | } | ||
882 | GNUNET_CADET_receive_done (s->channel); | ||
883 | } | ||
884 | |||
885 | |||
886 | /** | ||
887 | * Callback for set operation results. Called for each element | ||
888 | * that needs to be removed from the result set. | ||
889 | * | ||
890 | * @param cls closure with the `struct BobServiceSession` | ||
891 | * @param element a result element, only valid if status is #GNUNET_SETI_STATUS_OK | ||
892 | * @param current_size current set size | ||
893 | * @param status what has happened with the set intersection? | ||
894 | */ | ||
895 | static void | ||
896 | cb_intersection_element_removed (void *cls, | ||
897 | const struct GNUNET_SETI_Element *element, | ||
898 | uint64_t current_size, | ||
899 | enum GNUNET_SETI_Status status) | ||
900 | { | ||
901 | struct BobServiceSession *s = cls; | ||
902 | struct GNUNET_SCALARPRODUCT_Element *se; | ||
903 | |||
904 | switch (status) | ||
905 | { | ||
906 | case GNUNET_SETI_STATUS_DEL_LOCAL: | ||
907 | /* this element has been removed from the set */ | ||
908 | se = GNUNET_CONTAINER_multihashmap_get (s->intersected_elements, | ||
909 | element->data); | ||
910 | GNUNET_assert (NULL != se); | ||
911 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
912 | "Removed element with key %s and value %lld\n", | ||
913 | GNUNET_h2s (&se->key), | ||
914 | (long long) GNUNET_ntohll (se->value)); | ||
915 | GNUNET_assert (GNUNET_YES == | ||
916 | GNUNET_CONTAINER_multihashmap_remove ( | ||
917 | s->intersected_elements, | ||
918 | element->data, | ||
919 | se)); | ||
920 | GNUNET_free (se); | ||
921 | return; | ||
922 | case GNUNET_SETI_STATUS_DONE: | ||
923 | s->intersection_op = NULL; | ||
924 | GNUNET_break (NULL == s->intersection_set); | ||
925 | GNUNET_CADET_receive_done (s->channel); | ||
926 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
927 | "Finished intersection, %d items remain\n", | ||
928 | GNUNET_CONTAINER_multihashmap_size (s->intersected_elements)); | ||
929 | if (s->client_received_element_count == | ||
930 | GNUNET_CONTAINER_multihashmap_size (s->intersected_elements)) | ||
931 | { | ||
932 | /* CADET transmission from Alice is also already done, | ||
933 | start with our own reply */ | ||
934 | transmit_cryptographic_reply (s); | ||
935 | } | ||
936 | return; | ||
937 | case GNUNET_SETI_STATUS_FAILURE: | ||
938 | /* unhandled status code */ | ||
939 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
940 | "Set intersection failed!\n"); | ||
941 | s->intersection_op = NULL; | ||
942 | if (NULL != s->intersection_set) | ||
943 | { | ||
944 | GNUNET_SETI_destroy (s->intersection_set); | ||
945 | s->intersection_set = NULL; | ||
946 | } | ||
947 | s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE; | ||
948 | prepare_client_end_notification (s); | ||
949 | return; | ||
950 | default: | ||
951 | GNUNET_break (0); | ||
952 | return; | ||
953 | } | ||
954 | } | ||
955 | |||
956 | |||
957 | /** | ||
958 | * We've paired up a client session with an incoming CADET request. | ||
959 | * Initiate set intersection work. | ||
960 | * | ||
961 | * @param s client session to start intersection for | ||
962 | */ | ||
963 | static void | ||
964 | start_intersection (struct BobServiceSession *s) | ||
965 | { | ||
966 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
967 | "Got session with key %s and %u elements, starting intersection.\n", | ||
968 | GNUNET_h2s (&s->session_id), | ||
969 | (unsigned int) s->total); | ||
970 | |||
971 | s->intersection_op | ||
972 | = GNUNET_SETI_prepare (&s->peer, | ||
973 | &s->session_id, | ||
974 | NULL, | ||
975 | (struct GNUNET_SETI_Option[]) { { 0 } }, | ||
976 | &cb_intersection_element_removed, | ||
977 | s); | ||
978 | if (GNUNET_OK != | ||
979 | GNUNET_SETI_commit (s->intersection_op, | ||
980 | s->intersection_set)) | ||
981 | { | ||
982 | GNUNET_break (0); | ||
983 | s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE; | ||
984 | prepare_client_end_notification (s); | ||
985 | return; | ||
986 | } | ||
987 | GNUNET_SETI_destroy (s->intersection_set); | ||
988 | s->intersection_set = NULL; | ||
989 | } | ||
990 | |||
991 | |||
992 | /** | ||
993 | * Handle a request from Alice to calculate a scalarproduct with us (Bob). | ||
994 | * | ||
995 | * @param cls the `struct BobServiceSession *` | ||
996 | * @param msg the actual message | ||
997 | */ | ||
998 | static void | ||
999 | handle_alices_computation_request (void *cls, | ||
1000 | const struct ServiceRequestMessage *msg) | ||
1001 | { | ||
1002 | struct BobServiceSession *s = cls; | ||
1003 | |||
1004 | s->session_id = msg->session_id; // ?? | ||
1005 | s->remote_pubkey = msg->public_key; | ||
1006 | if (s->client_received_element_count == s->total) | ||
1007 | start_intersection (s); | ||
1008 | } | ||
1009 | |||
1010 | |||
1011 | /** | ||
1012 | * Function called for inbound channels on Bob's end. Does some | ||
1013 | * preliminary initialization, more happens after we get Alice's first | ||
1014 | * message. | ||
1015 | * | ||
1016 | * @param cls closure with the `struct BobServiceSession` | ||
1017 | * @param channel new handle to the channel | ||
1018 | * @param initiator peer that started the channel | ||
1019 | * @return session associated with the channel | ||
1020 | */ | ||
1021 | static void * | ||
1022 | cb_channel_incoming (void *cls, | ||
1023 | struct GNUNET_CADET_Channel *channel, | ||
1024 | const struct GNUNET_PeerIdentity *initiator) | ||
1025 | { | ||
1026 | struct BobServiceSession *s = cls; | ||
1027 | |||
1028 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1029 | "New incoming channel from peer %s.\n", | ||
1030 | GNUNET_i2s (initiator)); | ||
1031 | GNUNET_CADET_close_port (s->port); | ||
1032 | s->port = NULL; | ||
1033 | s->channel = channel; | ||
1034 | s->peer = *initiator; | ||
1035 | s->cadet_mq = GNUNET_CADET_get_mq (s->channel); | ||
1036 | return s; | ||
1037 | } | ||
1038 | |||
1039 | |||
1040 | /** | ||
1041 | * We're receiving additional set data. Check it is well-formed. | ||
1042 | * | ||
1043 | * @param cls identification of the client | ||
1044 | * @param msg the actual message | ||
1045 | * @return #GNUNET_OK if @a msg is well-formed | ||
1046 | */ | ||
1047 | static int | ||
1048 | check_bob_client_message_multipart (void *cls, | ||
1049 | const struct | ||
1050 | ComputationBobCryptodataMultipartMessage * | ||
1051 | msg) | ||
1052 | { | ||
1053 | struct BobServiceSession *s = cls; | ||
1054 | uint32_t contained_count; | ||
1055 | uint16_t msize; | ||
1056 | |||
1057 | msize = ntohs (msg->header.size); | ||
1058 | contained_count = ntohl (msg->element_count_contained); | ||
1059 | if ((msize != (sizeof(struct ComputationBobCryptodataMultipartMessage) | ||
1060 | + contained_count * sizeof(struct | ||
1061 | GNUNET_SCALARPRODUCT_Element))) || | ||
1062 | (0 == contained_count) || | ||
1063 | (UINT16_MAX < contained_count) || | ||
1064 | (s->total == s->client_received_element_count) || | ||
1065 | (s->total < s->client_received_element_count + contained_count)) | ||
1066 | { | ||
1067 | GNUNET_break (0); | ||
1068 | return GNUNET_SYSERR; | ||
1069 | } | ||
1070 | return GNUNET_OK; | ||
1071 | } | ||
1072 | |||
1073 | |||
1074 | /** | ||
1075 | * We're receiving additional set data. Add it to our | ||
1076 | * set and if we are done, initiate the transaction. | ||
1077 | * | ||
1078 | * @param cls identification of the client | ||
1079 | * @param msg the actual message | ||
1080 | */ | ||
1081 | static void | ||
1082 | handle_bob_client_message_multipart (void *cls, | ||
1083 | const struct | ||
1084 | ComputationBobCryptodataMultipartMessage * | ||
1085 | msg) | ||
1086 | { | ||
1087 | struct BobServiceSession *s = cls; | ||
1088 | uint32_t contained_count; | ||
1089 | const struct GNUNET_SCALARPRODUCT_Element *elements; | ||
1090 | struct GNUNET_SETI_Element set_elem; | ||
1091 | struct GNUNET_SCALARPRODUCT_Element *elem; | ||
1092 | |||
1093 | contained_count = ntohl (msg->element_count_contained); | ||
1094 | elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1]; | ||
1095 | for (uint32_t i = 0; i < contained_count; i++) | ||
1096 | { | ||
1097 | elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element); | ||
1098 | GNUNET_memcpy (elem, | ||
1099 | &elements[i], | ||
1100 | sizeof(struct GNUNET_SCALARPRODUCT_Element)); | ||
1101 | if (GNUNET_SYSERR == | ||
1102 | GNUNET_CONTAINER_multihashmap_put (s->intersected_elements, | ||
1103 | &elem->key, | ||
1104 | elem, | ||
1105 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) | ||
1106 | { | ||
1107 | GNUNET_break (0); | ||
1108 | GNUNET_free (elem); | ||
1109 | continue; | ||
1110 | } | ||
1111 | set_elem.data = &elem->key; | ||
1112 | set_elem.size = sizeof(elem->key); | ||
1113 | set_elem.element_type = 0; | ||
1114 | GNUNET_SETI_add_element (s->intersection_set, | ||
1115 | &set_elem, | ||
1116 | NULL, NULL); | ||
1117 | } | ||
1118 | s->client_received_element_count += contained_count; | ||
1119 | GNUNET_SERVICE_client_continue (s->client); | ||
1120 | if (s->total != s->client_received_element_count) | ||
1121 | { | ||
1122 | /* more to come */ | ||
1123 | return; | ||
1124 | } | ||
1125 | if (NULL == s->channel) | ||
1126 | { | ||
1127 | /* no Alice waiting for this request, wait for Alice */ | ||
1128 | return; | ||
1129 | } | ||
1130 | start_intersection (s); | ||
1131 | } | ||
1132 | |||
1133 | |||
1134 | /** | ||
1135 | * Handler for Bob's a client request message. Check @a msg is | ||
1136 | * well-formed. | ||
1137 | * | ||
1138 | * @param cls identification of the client | ||
1139 | * @param msg the actual message | ||
1140 | * @return #GNUNET_OK if @a msg is well-formed | ||
1141 | */ | ||
1142 | static int | ||
1143 | check_bob_client_message (void *cls, | ||
1144 | const struct BobComputationMessage *msg) | ||
1145 | { | ||
1146 | struct BobServiceSession *s = cls; | ||
1147 | uint32_t contained_count; | ||
1148 | uint32_t total_count; | ||
1149 | uint16_t msize; | ||
1150 | |||
1151 | if (GNUNET_SCALARPRODUCT_STATUS_INIT != s->status) | ||
1152 | { | ||
1153 | GNUNET_break (0); | ||
1154 | return GNUNET_SYSERR; | ||
1155 | } | ||
1156 | msize = ntohs (msg->header.size); | ||
1157 | total_count = ntohl (msg->element_count_total); | ||
1158 | contained_count = ntohl (msg->element_count_contained); | ||
1159 | if ((0 == total_count) || | ||
1160 | (0 == contained_count) || | ||
1161 | (UINT16_MAX < contained_count) || | ||
1162 | (msize != (sizeof(struct BobComputationMessage) | ||
1163 | + contained_count * sizeof(struct | ||
1164 | GNUNET_SCALARPRODUCT_Element)))) | ||
1165 | { | ||
1166 | GNUNET_break_op (0); | ||
1167 | return GNUNET_SYSERR; | ||
1168 | } | ||
1169 | return GNUNET_OK; | ||
1170 | } | ||
1171 | |||
1172 | |||
1173 | /** | ||
1174 | * Handler for Bob's a client request message. Bob is in the response | ||
1175 | * role, keep the values + session and waiting for a matching session | ||
1176 | * or process a waiting request from Alice. | ||
1177 | * | ||
1178 | * @param cls identification of the client | ||
1179 | * @param msg the actual message | ||
1180 | */ | ||
1181 | static void | ||
1182 | handle_bob_client_message (void *cls, | ||
1183 | const struct BobComputationMessage *msg) | ||
1184 | { | ||
1185 | struct BobServiceSession *s = cls; | ||
1186 | struct GNUNET_MQ_MessageHandler cadet_handlers[] = { | ||
1187 | GNUNET_MQ_hd_fixed_size (alices_computation_request, | ||
1188 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SESSION_INITIALIZATION, | ||
1189 | struct ServiceRequestMessage, | ||
1190 | NULL), | ||
1191 | GNUNET_MQ_hd_var_size (alices_cryptodata_message, | ||
1192 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_CRYPTODATA, | ||
1193 | struct AliceCryptodataMessage, | ||
1194 | NULL), | ||
1195 | GNUNET_MQ_handler_end () | ||
1196 | }; | ||
1197 | uint32_t contained_count; | ||
1198 | uint32_t total_count; | ||
1199 | const struct GNUNET_SCALARPRODUCT_Element *elements; | ||
1200 | struct GNUNET_SETI_Element set_elem; | ||
1201 | struct GNUNET_SCALARPRODUCT_Element *elem; | ||
1202 | |||
1203 | total_count = ntohl (msg->element_count_total); | ||
1204 | contained_count = ntohl (msg->element_count_contained); | ||
1205 | |||
1206 | s->status = GNUNET_SCALARPRODUCT_STATUS_ACTIVE; | ||
1207 | s->total = total_count; | ||
1208 | s->client_received_element_count = contained_count; | ||
1209 | s->session_id = msg->session_key; | ||
1210 | elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1]; | ||
1211 | s->intersected_elements | ||
1212 | = GNUNET_CONTAINER_multihashmap_create (s->total, | ||
1213 | GNUNET_YES); | ||
1214 | s->intersection_set = GNUNET_SETI_create (cfg); | ||
1215 | for (uint32_t i = 0; i < contained_count; i++) | ||
1216 | { | ||
1217 | if (0 == GNUNET_ntohll (elements[i].value)) | ||
1218 | continue; | ||
1219 | elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element); | ||
1220 | GNUNET_memcpy (elem, | ||
1221 | &elements[i], | ||
1222 | sizeof(struct GNUNET_SCALARPRODUCT_Element)); | ||
1223 | if (GNUNET_SYSERR == | ||
1224 | GNUNET_CONTAINER_multihashmap_put (s->intersected_elements, | ||
1225 | &elem->key, | ||
1226 | elem, | ||
1227 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) | ||
1228 | { | ||
1229 | GNUNET_break (0); | ||
1230 | GNUNET_free (elem); | ||
1231 | continue; | ||
1232 | } | ||
1233 | set_elem.data = &elem->key; | ||
1234 | set_elem.size = sizeof(elem->key); | ||
1235 | set_elem.element_type = 0; | ||
1236 | GNUNET_SETI_add_element (s->intersection_set, | ||
1237 | &set_elem, | ||
1238 | NULL, NULL); | ||
1239 | s->used_element_count++; | ||
1240 | } | ||
1241 | GNUNET_SERVICE_client_continue (s->client); | ||
1242 | /* We're ready, open the port */ | ||
1243 | s->port = GNUNET_CADET_open_port (my_cadet, | ||
1244 | &msg->session_key, | ||
1245 | &cb_channel_incoming, | ||
1246 | s, | ||
1247 | NULL, | ||
1248 | &cb_channel_destruction, | ||
1249 | cadet_handlers); | ||
1250 | if (NULL == s->port) | ||
1251 | { | ||
1252 | GNUNET_break (0); | ||
1253 | GNUNET_SERVICE_client_drop (s->client); | ||
1254 | return; | ||
1255 | } | ||
1256 | } | ||
1257 | |||
1258 | |||
1259 | /** | ||
1260 | * Task run during shutdown. | ||
1261 | * | ||
1262 | * @param cls unused | ||
1263 | */ | ||
1264 | static void | ||
1265 | shutdown_task (void *cls) | ||
1266 | { | ||
1267 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1268 | "Shutting down, initiating cleanup.\n"); | ||
1269 | // FIXME: we have to cut our connections to CADET first! | ||
1270 | if (NULL != my_cadet) | ||
1271 | { | ||
1272 | GNUNET_CADET_disconnect (my_cadet); | ||
1273 | my_cadet = NULL; | ||
1274 | } | ||
1275 | } | ||
1276 | |||
1277 | |||
1278 | /** | ||
1279 | * A client connected. | ||
1280 | * | ||
1281 | * Setup the associated data structure. | ||
1282 | * | ||
1283 | * @param cls closure, NULL | ||
1284 | * @param client identification of the client | ||
1285 | * @param mq message queue to communicate with @a client | ||
1286 | * @return our `struct BobServiceSession` | ||
1287 | */ | ||
1288 | static void * | ||
1289 | client_connect_cb (void *cls, | ||
1290 | struct GNUNET_SERVICE_Client *client, | ||
1291 | struct GNUNET_MQ_Handle *mq) | ||
1292 | { | ||
1293 | struct BobServiceSession *s; | ||
1294 | |||
1295 | s = GNUNET_new (struct BobServiceSession); | ||
1296 | s->client = client; | ||
1297 | s->client_mq = mq; | ||
1298 | return s; | ||
1299 | } | ||
1300 | |||
1301 | |||
1302 | /** | ||
1303 | * A client disconnected. | ||
1304 | * | ||
1305 | * Remove the associated session(s), release data structures | ||
1306 | * and cancel pending outgoing transmissions to the client. | ||
1307 | * | ||
1308 | * @param cls closure, NULL | ||
1309 | * @param client identification of the client | ||
1310 | * @param app_cls our `struct BobServiceSession` | ||
1311 | */ | ||
1312 | static void | ||
1313 | client_disconnect_cb (void *cls, | ||
1314 | struct GNUNET_SERVICE_Client *client, | ||
1315 | void *app_cls) | ||
1316 | { | ||
1317 | struct BobServiceSession *s = app_cls; | ||
1318 | |||
1319 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1320 | "Client disconnected from us.\n"); | ||
1321 | s->client = NULL; | ||
1322 | destroy_service_session (s); | ||
1323 | } | ||
1324 | |||
1325 | |||
1326 | /** | ||
1327 | * Initialization of the program and message handlers | ||
1328 | * | ||
1329 | * @param cls closure | ||
1330 | * @param c configuration to use | ||
1331 | * @param service the initialized service | ||
1332 | */ | ||
1333 | static void | ||
1334 | run (void *cls, | ||
1335 | const struct GNUNET_CONFIGURATION_Handle *c, | ||
1336 | struct GNUNET_SERVICE_Handle *service) | ||
1337 | { | ||
1338 | cfg = c; | ||
1339 | /* | ||
1340 | offset has to be sufficiently small to allow computation of: | ||
1341 | m1+m2 mod n == (S + a) + (S + b) mod n, | ||
1342 | if we have more complex operations, this factor needs to be lowered */ | ||
1343 | my_offset = gcry_mpi_new (GNUNET_CRYPTO_PAILLIER_BITS / 3); | ||
1344 | gcry_mpi_set_bit (my_offset, | ||
1345 | GNUNET_CRYPTO_PAILLIER_BITS / 3); | ||
1346 | |||
1347 | GNUNET_CRYPTO_paillier_create (&my_pubkey, | ||
1348 | &my_privkey); | ||
1349 | my_cadet = GNUNET_CADET_connect (cfg); | ||
1350 | GNUNET_SCHEDULER_add_shutdown (&shutdown_task, | ||
1351 | NULL); | ||
1352 | if (NULL == my_cadet) | ||
1353 | { | ||
1354 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1355 | _ ("Connect to CADET failed\n")); | ||
1356 | GNUNET_SCHEDULER_shutdown (); | ||
1357 | return; | ||
1358 | } | ||
1359 | } | ||
1360 | |||
1361 | |||
1362 | /** | ||
1363 | * Define "main" method using service macro. | ||
1364 | */ | ||
1365 | GNUNET_SERVICE_MAIN | ||
1366 | ("scalarproduct-bob", | ||
1367 | GNUNET_SERVICE_OPTION_NONE, | ||
1368 | &run, | ||
1369 | &client_connect_cb, | ||
1370 | &client_disconnect_cb, | ||
1371 | NULL, | ||
1372 | GNUNET_MQ_hd_var_size (bob_client_message, | ||
1373 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_BOB, | ||
1374 | struct BobComputationMessage, | ||
1375 | NULL), | ||
1376 | GNUNET_MQ_hd_var_size (bob_client_message_multipart, | ||
1377 | GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_MULTIPART_BOB, | ||
1378 | struct ComputationBobCryptodataMultipartMessage, | ||
1379 | NULL), | ||
1380 | GNUNET_MQ_handler_end ()); | ||
1381 | |||
1382 | |||
1383 | /* end of gnunet-service-scalarproduct_bob.c */ | ||