2 This file is part of GNUnet.
3 (C) 2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file scalarproduct/gnunet-service-scalarproduct.c
23 * @brief scalarproduct service implementation
24 * @author Christian M. Fuchs
28 #include "gnunet_util_lib.h"
29 #include "gnunet_core_service.h"
30 #include "gnunet_mesh_service.h"
31 #include "gnunet_applications.h"
32 #include "gnunet_protocols.h"
33 #include "gnunet_scalarproduct_service.h"
34 #include "scalarproduct.h"
36 #define LOG(kind,...) GNUNET_log_from (kind, "scalarproduct", __VA_ARGS__)
38 ///////////////////////////////////////////////////////////////////////////////
39 // Service Structure Definitions
40 ///////////////////////////////////////////////////////////////////////////////
43 * state a session can be in
47 CLIENT_REQUEST_RECEIVED,
48 WAITING_FOR_BOBS_CONNECT,
49 CLIENT_RESPONSE_RECEIVED,
50 WAITING_FOR_SERVICE_REQUEST,
51 WAITING_FOR_MULTIPART_TRANSMISSION,
52 WAITING_FOR_SERVICE_RESPONSE,
53 SERVICE_REQUEST_RECEIVED,
54 SERVICE_RESPONSE_RECEIVED,
59 * role a peer in a session can assume
68 * A scalarproduct session which tracks:
70 * a request form the client to our final response.
72 * a request from a service to us(service).
77 * the role this peer has
82 * session information is kept in a DLL
84 struct ServiceSession *next;
87 * session information is kept in a DLL
89 struct ServiceSession *prev;
92 * (hopefully) unique transaction ID
94 struct GNUNET_HashCode key;
97 * state of the session
99 enum SessionState state;
102 * Alice or Bob's peerID
104 struct GNUNET_PeerIdentity peer;
107 * the client this request is related to
109 struct GNUNET_SERVER_Client * client;
112 * The message to send
114 struct GNUNET_MessageHeader * msg;
117 * how many elements we were supplied with from the client
119 uint32_t element_count;
122 * how many elements actually are used after applying the mask
124 uint32_t used_element_count;
127 * already transferred elements (sent/received) for multipart messages, less or equal than used_element_count for
129 uint32_t transferred_element_count;
132 * index of the last transferred element for multipart messages
134 uint32_t last_processed_element;
137 * how many bytes the mask is long.
138 * just for convenience so we don't have to re-re-re calculate it each time
140 uint32_t mask_length;
143 * all the vector elements we received
148 * mask of which elements to check
150 unsigned char * mask;
153 * Public key of the remote service, only used by bob
155 gcry_sexp_t remote_pubkey;
158 * E(ai)(Bob) or ai(Alice) after applying the mask
163 * Bob's permutation p of R
168 * Bob's permutation q of R
170 gcry_mpi_t * r_prime;
173 * The computed scalar
178 * My transmit handle for the current message to a alice/bob
180 struct GNUNET_MESH_TransmitHandle * service_transmit_handle;
183 * My transmit handle for the current message to the client
185 struct GNUNET_SERVER_TransmitHandle * client_transmit_handle;
188 * tunnel-handle associated with our mesh handle
190 struct GNUNET_MESH_Tunnel * tunnel;
192 GNUNET_SCHEDULER_TaskIdentifier client_notification_task;
194 GNUNET_SCHEDULER_TaskIdentifier service_request_task;
197 ///////////////////////////////////////////////////////////////////////////////
199 ///////////////////////////////////////////////////////////////////////////////
203 * Handle to the core service (NULL until we've connected to it).
205 static struct GNUNET_MESH_Handle *my_mesh;
208 * The identity of this host.
210 static struct GNUNET_PeerIdentity me;
213 * Service's own public key represented as string
215 static unsigned char * my_pubkey_external;
218 * Service's own public key represented as string
220 static uint32_t my_pubkey_external_length = 0;
225 static gcry_mpi_t my_n;
228 * Service's own n^2 (kept for performance)
230 static gcry_mpi_t my_nsquare;
233 * Service's own public exponent
235 static gcry_mpi_t my_g;
238 * Service's own private multiplier
240 static gcry_mpi_t my_mu;
243 * Service's own private exponent
245 static gcry_mpi_t my_lambda;
248 * Service's offset for values that could possibly be negative but are plaintext for encryption.
250 static gcry_mpi_t my_offset;
253 * Head of our double linked list for client-requests sent to us.
254 * for all of these elements we calculate a scalar product with a remote peer
255 * split between service->service and client->service for simplicity
257 static struct ServiceSession * from_client_head;
259 * Tail of our double linked list for client-requests sent to us.
260 * for all of these elements we calculate a scalar product with a remote peer
261 * split between service->service and client->service for simplicity
263 static struct ServiceSession * from_client_tail;
266 * Head of our double linked list for service-requests sent to us.
267 * for all of these elements we help the requesting service in calculating a scalar product
268 * split between service->service and client->service for simplicity
270 static struct ServiceSession * from_service_head;
273 * Tail of our double linked list for service-requests sent to us.
274 * for all of these elements we help the requesting service in calculating a scalar product
275 * split between service->service and client->service for simplicity
277 static struct ServiceSession * from_service_tail;
280 * Certain events (callbacks for server & mesh operations) must not be queued after shutdown.
282 static int do_shutdown;
284 ///////////////////////////////////////////////////////////////////////////////
286 ///////////////////////////////////////////////////////////////////////////////
290 * Generates an Paillier private/public keyset and extracts the values using libgrcypt only
295 gcry_sexp_t gen_params;
297 gcry_sexp_t tmp_sexp;
306 // we can still use the RSA keygen for generating p,q,n, but using e is pointless.
307 GNUNET_assert (0 == gcry_sexp_build (&gen_params, &erroff,
308 "(genkey(rsa(nbits %d)(rsa-use-e 3:257)))",
311 GNUNET_assert (0 == gcry_pk_genkey (&key, gen_params));
312 gcry_sexp_release (gen_params);
314 // get n and d of our publickey as MPI
315 tmp_sexp = gcry_sexp_find_token (key, "n", 0);
316 GNUNET_assert (tmp_sexp);
317 my_n = gcry_sexp_nth_mpi (tmp_sexp, 1, GCRYMPI_FMT_USG);
318 gcry_sexp_release (tmp_sexp);
319 tmp_sexp = gcry_sexp_find_token (key, "p", 0);
320 GNUNET_assert (tmp_sexp);
321 p = gcry_sexp_nth_mpi (tmp_sexp, 1, GCRYMPI_FMT_USG);
322 gcry_sexp_release (tmp_sexp);
323 tmp_sexp = gcry_sexp_find_token (key, "q", 0);
324 GNUNET_assert (tmp_sexp);
325 q = gcry_sexp_nth_mpi (tmp_sexp, 1, GCRYMPI_FMT_USG);
326 gcry_sexp_release (key);
328 tmp1 = gcry_mpi_new (0);
329 tmp2 = gcry_mpi_new (0);
330 gcd = gcry_mpi_new (0);
331 my_g = gcry_mpi_new (0);
332 my_mu = gcry_mpi_new (0);
333 my_nsquare = gcry_mpi_new (0);
334 my_lambda = gcry_mpi_new (0);
337 // lambda = \frac{(p-1)*(q-1)}{gcd(p-1,q-1)}
338 gcry_mpi_sub_ui (tmp1, p, 1);
339 gcry_mpi_sub_ui (tmp2, q, 1);
340 gcry_mpi_gcd (gcd, tmp1, tmp2);
341 gcry_mpi_set (my_lambda, tmp1);
342 gcry_mpi_mul (my_lambda, my_lambda, tmp2);
343 gcry_mpi_div (my_lambda, NULL, my_lambda, gcd, 0);
346 gcry_mpi_mul (my_nsquare, my_n, my_n);
352 gcry_mpi_randomize (my_g, KEYBITS * 2, GCRY_WEAK_RANDOM);
353 // g must be smaller than n^2
354 if (0 >= gcry_mpi_cmp (my_g, my_nsquare))
357 // g must have gcd == 1 with n^2
358 gcry_mpi_gcd (gcd, my_g, my_nsquare);
360 while (gcry_mpi_cmp_ui (gcd, 1));
362 // is this a valid g?
363 // if so, gcd(((g^lambda mod n^2)-1 )/n, n) = 1
364 gcry_mpi_powm (tmp1, my_g, my_lambda, my_nsquare);
365 gcry_mpi_sub_ui (tmp1, tmp1, 1);
366 gcry_mpi_div (tmp1, NULL, tmp1, my_n, 0);
367 gcry_mpi_gcd (gcd, tmp1, my_n);
369 while (gcry_mpi_cmp_ui (gcd, 1));
371 // calculate our mu based on g and n.
372 // mu = (((g^lambda mod n^2)-1 )/n)^-1 mod n
373 gcry_mpi_invm (my_mu, tmp1, my_n);
375 GNUNET_assert (0 == gcry_sexp_build (&key, &erroff,
376 "(public-key (paillier (n %M)(g %M)))",
379 // get the length of this sexpression
380 my_pubkey_external_length = gcry_sexp_sprint (key,
385 GNUNET_assert (my_pubkey_external_length > 0);
386 my_pubkey_external = GNUNET_malloc (my_pubkey_external_length);
388 // convert the sexpression to canonical format
389 gcry_sexp_sprint (key,
392 my_pubkey_external_length);
394 gcry_sexp_release (key);
396 // offset has to be sufficiently small to allow computation of:
397 // m1+m2 mod n == (S + a) + (S + b) mod n,
398 // if we have more complex operations, this factor needs to be lowered
399 my_offset = gcry_mpi_new (KEYBITS / 3);
400 gcry_mpi_set_bit (my_offset, KEYBITS / 3);
402 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, _ ("Generated key set with key length %d bits.\n"), KEYBITS);
407 * If target != size, move target bytes to the
408 * end of the size-sized buffer and zero out the
409 * first target-size bytes.
411 * @param buf original buffer
412 * @param size number of bytes in the buffer
413 * @param target target size of the buffer
416 adjust (unsigned char *buf, size_t size, size_t target)
420 memmove (&buf[target - size], buf, size);
421 memset (buf, 0, target - size);
427 * encrypts an element using the paillier crypto system
429 * @param c ciphertext (output)
431 * @param g the public base
432 * @param n the module from which which r is chosen (Z*_n)
433 * @param n_square the module for encryption, for performance reasons.
436 encrypt_element (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t n_square)
440 GNUNET_assert (tmp = gcry_mpi_new (0));
442 while (0 >= gcry_mpi_cmp_ui (tmp, 1))
444 gcry_mpi_randomize (tmp, KEYBITS / 3, GCRY_WEAK_RANDOM);
445 // r must be 1 < r < n
448 gcry_mpi_powm (c, g, m, n_square);
449 gcry_mpi_powm (tmp, tmp, n, n_square);
450 gcry_mpi_mulm (c, tmp, c, n_square);
452 gcry_mpi_release (tmp);
457 * decrypts an element using the paillier crypto system
459 * @param m plaintext (output)
460 * @param c the ciphertext
461 * @param mu the modifier to correct encryption
462 * @param lambda the private exponent
463 * @param n the outer module for decryption
464 * @param n_square the inner module for decryption
467 decrypt_element (gcry_mpi_t m, gcry_mpi_t c, gcry_mpi_t mu, gcry_mpi_t lambda, gcry_mpi_t n, gcry_mpi_t n_square)
469 gcry_mpi_powm (m, c, lambda, n_square);
470 gcry_mpi_sub_ui (m, m, 1);
471 gcry_mpi_div (m, NULL, m, n, 0);
472 gcry_mpi_mulm (m, m, mu, n);
477 * computes the square sum over a vector of a given length.
479 * @param vector the vector to encrypt
480 * @param length the length of the vector
481 * @return an MPI value containing the calculated sum, never NULL
484 compute_square_sum (gcry_mpi_t * vector, uint32_t length)
490 GNUNET_assert (sum = gcry_mpi_new (0));
491 GNUNET_assert (elem = gcry_mpi_new (0));
493 // calculare E(sum (ai ^ 2), publickey)
494 for (i = 0; i < length; i++)
496 gcry_mpi_mul (elem, vector[i], vector[i]);
497 gcry_mpi_add (sum, sum, elem);
499 gcry_mpi_release (elem);
506 prepare_service_request_multipart (void *cls,
507 const struct GNUNET_SCHEDULER_TaskContext *tc);
509 prepare_service_response_multipart (void *cls,
510 const struct GNUNET_SCHEDULER_TaskContext *tc);
513 * Primitive callback for copying over a message, as they
514 * usually are too complex to be handled in the callback itself.
515 * clears a session-callback, if a session was handed over and the transmit handle was stored
517 * @param cls the message object
518 * @param size the size of the buffer we got
519 * @param buf the buffer to copy the message to
520 * @return 0 if we couldn't copy, else the size copied over
523 do_send_message (void *cls, size_t size, void *buf)
525 struct ServiceSession * session = cls;
530 if (ntohs (session->msg->size) == size)
532 memcpy (buf, session->msg, size);
536 switch (ntohs (session->msg->type))
538 case GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SERVICE_TO_CLIENT:
539 session->state = FINALIZED;
540 session->client_transmit_handle = NULL;
542 case GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_TO_BOB:
543 case GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_TO_BOB_MULTIPART:
545 session->service_transmit_handle = NULL;
546 // reset flags for sending
547 if ((session->state != WAITING_FOR_MULTIPART_TRANSMISSION) && (session->used_element_count != session->transferred_element_count))
548 prepare_service_request_multipart(session, NULL);
549 //TODO we have sent a message and now need to trigger trigger the next multipart message sending
551 case GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_TO_ALICE:
552 case GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_TO_ALICE_MULTIPART:
554 session->service_transmit_handle = NULL;
555 if ((session->state != WAITING_FOR_MULTIPART_TRANSMISSION) && (session->used_element_count != session->transferred_element_count))
556 prepare_service_response_multipart(session, NULL);
559 session->service_transmit_handle = NULL;
562 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
563 "Sent a message of type %hu.\n",
564 ntohs (session->msg->type));
565 GNUNET_free (session->msg);
573 * initializes a new vector with fresh MPI values (=0) of a given length
575 * @param length of the vector to create
576 * @return the initialized vector, never NULL
579 initialize_mpi_vector (uint32_t length)
582 gcry_mpi_t * output = GNUNET_malloc (sizeof (gcry_mpi_t) * length);
584 for (i = 0; i < length; i++)
585 GNUNET_assert (NULL != (output[i] = gcry_mpi_new (0)));
591 * permutes an MPI vector according to the given permutation vector
593 * @param vector the vector to permuted
594 * @param perm the permutation to use
595 * @param length the length of the vectors
596 * @return the permuted vector (same as input), never NULL
599 permute_vector (gcry_mpi_t * vector,
603 gcry_mpi_t tmp[length];
606 GNUNET_assert (length > 0);
609 memcpy (tmp, vector, length * sizeof (gcry_mpi_t));
611 // permute vector according to given
612 for (i = 0; i < length; i++)
613 vector[i] = tmp[perm[i]];
620 * Populate a vector with random integer values and convert them to
622 * @param length the length of the vector we must generate
623 * @return an array of MPI values with random values
626 generate_random_vector (uint32_t length)
628 gcry_mpi_t * random_vector;
632 random_vector = initialize_mpi_vector (length);
633 for (i = 0; i < length; i++)
635 value = (int32_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, UINT32_MAX);
637 // long to gcry_mpi_t
639 gcry_mpi_sub_ui (random_vector[i],
643 random_vector[i] = gcry_mpi_set_ui (random_vector[i], value);
646 return random_vector;
651 * Finds a not terminated client/service session in the
652 * given DLL based on session key, element count and state.
654 * @param tail - the tail of the DLL
655 * @param my - the session to compare it to
656 * @return a pointer to a matching session,
659 static struct ServiceSession *
660 find_matching_session (struct ServiceSession * tail,
661 const struct GNUNET_HashCode * key,
662 uint32_t element_count,
663 enum SessionState * state,
664 const struct GNUNET_PeerIdentity * peerid)
666 struct ServiceSession * curr;
668 for (curr = tail; NULL != curr; curr = curr->prev)
670 // if the key matches, and the element_count is same
671 if ((!memcmp (&curr->key, key, sizeof (struct GNUNET_HashCode)))
672 && (curr->element_count == element_count))
674 // if incoming state is NULL OR is same as state of the queued request
675 if ((NULL == state) || (curr->state == *state))
677 // if peerid is NULL OR same as the peer Id in the queued request
679 || (!memcmp (&curr->peer, peerid, sizeof (struct GNUNET_PeerIdentity))))
680 // matches and is not an already terminated session
691 free_session (struct ServiceSession * session)
697 for (i = 0; i < session->used_element_count; i++)
698 gcry_mpi_release (session->a[i]);
700 GNUNET_free (session->a);
702 if (session->product)
703 gcry_mpi_release (session->product);
705 if (session->remote_pubkey)
706 gcry_sexp_release (session->remote_pubkey);
708 GNUNET_free_non_null (session->vector);
709 GNUNET_free (session);
711 ///////////////////////////////////////////////////////////////////////////////
712 // Event and Message Handlers
713 ///////////////////////////////////////////////////////////////////////////////
717 * A client disconnected.
719 * Remove the associated session(s), release datastructures
720 * and cancel pending outgoing transmissions to the client.
721 * if the session has not yet completed, we also cancel Alice's request to Bob.
723 * @param cls closure, NULL
724 * @param client identification of the client
727 handle_client_disconnect (void *cls,
728 struct GNUNET_SERVER_Client *client)
730 struct ServiceSession *session;
734 session = GNUNET_SERVER_client_get_user_context (client, struct ServiceSession);
737 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
738 _ ("Client (%p) disconnected from us.\n"), client);
739 GNUNET_CONTAINER_DLL_remove (from_client_head, from_client_tail, session);
741 if (!(session->role == BOB && session->state == FINALIZED))
743 //we MUST terminate any client message underway
744 if (session->service_transmit_handle && session->tunnel)
745 GNUNET_MESH_notify_transmit_ready_cancel (session->service_transmit_handle);
746 if (session->tunnel && session->state == WAITING_FOR_SERVICE_RESPONSE)
747 GNUNET_MESH_tunnel_destroy (session->tunnel);
749 if (GNUNET_SCHEDULER_NO_TASK != session->client_notification_task)
751 GNUNET_SCHEDULER_cancel (session->client_notification_task);
752 session->client_notification_task = GNUNET_SCHEDULER_NO_TASK;
754 if (GNUNET_SCHEDULER_NO_TASK != session->service_request_task)
756 GNUNET_SCHEDULER_cancel (session->service_request_task);
757 session->service_request_task = GNUNET_SCHEDULER_NO_TASK;
759 if (NULL != session->client_transmit_handle)
761 GNUNET_SERVER_notify_transmit_ready_cancel (session->client_transmit_handle);
762 session->client_transmit_handle = NULL;
764 free_session (session);
769 * Notify the client that the session has succeeded or failed completely.
770 * This message gets sent to
771 * * alice's client if bob disconnected or to
772 * * bob's client if the operation completed or alice disconnected
774 * @param client_session the associated client session
775 * @return GNUNET_NO, if we could not notify the client
776 * GNUNET_YES if we notified it.
779 prepare_client_end_notification (void * cls,
780 const struct GNUNET_SCHEDULER_TaskContext * tc)
782 struct ServiceSession * session = cls;
783 struct GNUNET_SCALARPRODUCT_client_response * msg;
785 session->client_notification_task = GNUNET_SCHEDULER_NO_TASK;
787 msg = GNUNET_new (struct GNUNET_SCALARPRODUCT_client_response);
788 msg->header.type = htons (GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SERVICE_TO_CLIENT);
789 memcpy (&msg->key, &session->key, sizeof (struct GNUNET_HashCode));
790 memcpy (&msg->peer, &session->peer, sizeof ( struct GNUNET_PeerIdentity));
791 msg->header.size = htons (sizeof (struct GNUNET_SCALARPRODUCT_client_response));
792 // signal error if not signalized, positive result-range field but zero length.
793 msg->product_length = htonl (0);
794 msg->range = (session->state == FINALIZED) ? 0 : -1;
796 session->msg = &msg->header;
798 //transmit this message to our client
799 session->client_transmit_handle =
800 GNUNET_SERVER_notify_transmit_ready (session->client,
801 sizeof (struct GNUNET_SCALARPRODUCT_client_response),
802 GNUNET_TIME_UNIT_FOREVER_REL,
806 // if we could not even queue our request, something is wrong
807 if (NULL == session->client_transmit_handle)
809 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _ ("Could not send message to client (%p)!\n"), session->client);
810 // usually gets freed by do_send_message
815 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Sending session-end notification to client (%p) for session %s\n"), &session->client, GNUNET_h2s (&session->key));
822 * generates the response message to be sent to alice after computing
823 * the values (1), (2), S and S'
824 * (1)[]: $E_A(a_{pi(i)}) times E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$
825 * (2)[]: $E_A(a_{pi'(i)}) times E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$
826 * S: $S := E_A(sum (r_i + b_i)^2)$
827 * S': $S' := E_A(sum r_i^2)$
829 * @param r (1)[]: $E_A(a_{pi(i)}) times E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$
830 * @param r_prime (2)[]: $E_A(a_{pi'(i)}) times E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$
831 * @param s S: $S := E_A(sum (r_i + b_i)^2)$
832 * @param s_prime S': $S' := E_A(sum r_i^2)$
833 * @param request the associated requesting session with alice
834 * @param response the associated responder session with bob's client
835 * @return GNUNET_SYSERR if the function was called with NULL parameters or if there was an error
836 * GNUNET_NO if we could not send our message
837 * GNUNET_OK if the operation succeeded
840 prepare_service_response (gcry_mpi_t s,
842 struct ServiceSession * request,
843 struct ServiceSession * response)
845 struct GNUNET_SCALARPRODUCT_service_response * msg;
846 uint32_t msg_length = 0;
847 unsigned char * current = NULL;
848 unsigned char * element_exported = NULL;
849 size_t element_length = 0;
852 msg_length = sizeof (struct GNUNET_SCALARPRODUCT_service_response)
853 + 2 * PAILLIER_ELEMENT_LENGTH; // s, stick
855 if (GNUNET_SERVER_MAX_MESSAGE_SIZE > msg_length + 2 * request->used_element_count * PAILLIER_ELEMENT_LENGTH){ //kp, kq
856 msg_length += + 2 * request->used_element_count * PAILLIER_ELEMENT_LENGTH;
857 request->transferred_element_count = request->used_element_count;
860 request->transferred_element_count = (GNUNET_SERVER_MAX_MESSAGE_SIZE - 1 - msg_length) / (PAILLIER_ELEMENT_LENGTH * 2);
863 msg = GNUNET_malloc (msg_length);
865 msg->header.type = htons (GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_TO_ALICE);
866 msg->header.size = htons (msg_length);
867 msg->total_element_count = htonl (request->element_count);
868 msg->contained_element_count = htonl (request->used_element_count);
869 msg->contained_element_count = htonl (request->transferred_element_count);
870 memcpy (&msg->key, &request->key, sizeof (struct GNUNET_HashCode));
871 current = (unsigned char *) &msg[1];
873 element_exported = GNUNET_malloc (PAILLIER_ELEMENT_LENGTH);
874 // 4 times the same logics with slight variations.
875 // doesn't really justify having 2 functions for that
876 // so i put it into blocks to enhance readability
878 memset (element_exported, 0, PAILLIER_ELEMENT_LENGTH);
879 GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG,
880 element_exported, PAILLIER_ELEMENT_LENGTH,
883 adjust (element_exported, element_length, PAILLIER_ELEMENT_LENGTH);
884 memcpy (current, element_exported, PAILLIER_ELEMENT_LENGTH);
885 current += PAILLIER_ELEMENT_LENGTH;
888 memset (element_exported, 0, PAILLIER_ELEMENT_LENGTH);
889 GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG,
890 element_exported, PAILLIER_ELEMENT_LENGTH,
893 adjust (element_exported, element_length, PAILLIER_ELEMENT_LENGTH);
894 memcpy (current, element_exported, PAILLIER_ELEMENT_LENGTH);
895 current += PAILLIER_ELEMENT_LENGTH;
898 for (i = 0; i < request->used_element_count; i++)
900 if (request->transferred_element_count <= i)
901 break; //reached end of this message, can't include more
904 memset (element_exported, 0, PAILLIER_ELEMENT_LENGTH);
905 GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG,
906 element_exported, PAILLIER_ELEMENT_LENGTH,
909 adjust (element_exported, element_length, PAILLIER_ELEMENT_LENGTH);
910 memcpy (current, element_exported, PAILLIER_ELEMENT_LENGTH);
911 current += PAILLIER_ELEMENT_LENGTH;
913 memset (element_exported, 0, PAILLIER_ELEMENT_LENGTH);
914 GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG,
915 element_exported, PAILLIER_ELEMENT_LENGTH,
917 request->r_prime[i]));
918 adjust (element_exported, element_length, PAILLIER_ELEMENT_LENGTH);
919 memcpy (current, element_exported, PAILLIER_ELEMENT_LENGTH);
920 current += PAILLIER_ELEMENT_LENGTH;
923 GNUNET_free (element_exported);
924 for (i = 0; i < request->transferred_element_count; i++)
926 gcry_mpi_release (request->r_prime[i]);
927 gcry_mpi_release (request->r[i]);
929 gcry_mpi_release (s);
930 gcry_mpi_release (s_prime);
932 request->msg = (struct GNUNET_MessageHeader *) msg;
933 request->service_transmit_handle =
934 GNUNET_MESH_notify_transmit_ready (request->tunnel,
936 GNUNET_TIME_UNIT_FOREVER_REL,
940 //disconnect our client
941 if (NULL == request->service_transmit_handle)
943 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _ ("Could not send service-response message via mesh!)\n"));
944 request->state = FINALIZED;
946 response->client_notification_task =
947 GNUNET_SCHEDULER_add_now (&prepare_client_end_notification,
951 if (request->transferred_element_count != request->used_element_count)
953 request->state = WAITING_FOR_MULTIPART_TRANSMISSION;
956 request->state = FINALIZED;
965 * (1)[]: $E_A(a_{\pi(i)}) \otimes E_A(- r_{\pi(i)} - b_{\pi(i)}) &= E_A(a_{\pi(i)} - r_{\pi(i)} - b_{\pi(i)})$
966 * (2)[]: $E_A(a_{\pi'(i)}) \otimes E_A(- r_{\pi'(i)}) &= E_A(a_{\pi'(i)} - r_{\pi'(i)})$
967 * S: $S := E_A(\sum (r_i + b_i)^2)$
968 * S': $S' := E_A(\sum r_i^2)$
970 * @param request the requesting session + bob's requesting peer
971 * @param response the responding session + bob's client handle
972 * @return GNUNET_SYSERR if the computation failed
973 * GNUNET_OK if everything went well.
976 compute_service_response (struct ServiceSession * request,
977 struct ServiceSession * response)
981 int ret = GNUNET_SYSERR;
985 gcry_mpi_t * rand = NULL;
986 gcry_mpi_t * r = NULL;
987 gcry_mpi_t * r_prime = NULL;
990 gcry_mpi_t * a_pi_prime;
992 gcry_mpi_t * rand_pi;
993 gcry_mpi_t * rand_pi_prime;
995 gcry_mpi_t s_prime = NULL;
996 gcry_mpi_t remote_n = NULL;
997 gcry_mpi_t remote_nsquare;
998 gcry_mpi_t remote_g = NULL;
1002 count = request->used_element_count;
1004 b = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
1005 a_pi = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
1006 b_pi = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
1007 a_pi_prime = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
1008 rand_pi = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
1009 rand_pi_prime = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
1011 // convert responder session to from long to mpi
1012 for (i = 0, j = 0; i < response->element_count && j < count; i++)
1014 if (request->mask[i / 8] & (1 << (i % 8)))
1016 value = response->vector[i] >= 0 ? response->vector[i] : -response->vector[i];
1017 // long to gcry_mpi_t
1018 if (0 > response->vector[i])
1020 b[j] = gcry_mpi_new (0);
1021 gcry_mpi_sub_ui (b[j], b[j], value);
1025 b[j] = gcry_mpi_set_ui (NULL, value);
1030 GNUNET_free (response->vector);
1031 response->vector = NULL;
1033 tmp_exp = gcry_sexp_find_token (request->remote_pubkey, "n", 0);
1036 GNUNET_break_op (0);
1037 gcry_sexp_release (request->remote_pubkey);
1038 request->remote_pubkey = NULL;
1041 remote_n = gcry_sexp_nth_mpi (tmp_exp, 1, GCRYMPI_FMT_USG);
1045 gcry_sexp_release (tmp_exp);
1048 remote_nsquare = gcry_mpi_new (KEYBITS + 1);
1049 gcry_mpi_mul (remote_nsquare, remote_n, remote_n);
1050 gcry_sexp_release (tmp_exp);
1051 tmp_exp = gcry_sexp_find_token (request->remote_pubkey, "g", 0);
1052 gcry_sexp_release (request->remote_pubkey);
1053 request->remote_pubkey = NULL;
1056 GNUNET_break_op (0);
1057 gcry_mpi_release (remote_n);
1060 remote_g = gcry_sexp_nth_mpi (tmp_exp, 1, GCRYMPI_FMT_USG);
1064 gcry_mpi_release (remote_n);
1065 gcry_sexp_release (tmp_exp);
1068 gcry_sexp_release (tmp_exp);
1070 // generate r, p and q
1071 rand = generate_random_vector (count);
1072 p = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK, count);
1073 q = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK, count);
1074 //initialize the result vectors
1075 r = initialize_mpi_vector (count);
1076 r_prime = initialize_mpi_vector (count);
1078 // copy the REFERNCES of a, b and r into aq and bq. we will not change
1079 // those values, thus we can work with the references
1080 memcpy (a_pi, request->a, sizeof (gcry_mpi_t) * count);
1081 memcpy (a_pi_prime, request->a, sizeof (gcry_mpi_t) * count);
1082 memcpy (b_pi, b, sizeof (gcry_mpi_t) * count);
1083 memcpy (rand_pi, rand, sizeof (gcry_mpi_t) * count);
1084 memcpy (rand_pi_prime, rand, sizeof (gcry_mpi_t) * count);
1086 // generate p and q permutations for a, b and r
1087 GNUNET_assert (permute_vector (a_pi, p, count));
1088 GNUNET_assert (permute_vector (b_pi, p, count));
1089 GNUNET_assert (permute_vector (rand_pi, p, count));
1090 GNUNET_assert (permute_vector (a_pi_prime, q, count));
1091 GNUNET_assert (permute_vector (rand_pi_prime, q, count));
1093 // encrypt the element
1094 // for the sake of readability I decided to have dedicated permutation
1095 // vectors, which get rid of all the lookups in p/q.
1096 // however, ap/aq are not absolutely necessary but are just abstraction
1097 // Calculate Kp = E(S + a_pi) (+) E(S - r_pi - b_pi)
1098 for (i = 0; i < count; i++)
1100 // E(S - r_pi - b_pi)
1101 gcry_mpi_sub (r[i], my_offset, rand_pi[i]);
1102 gcry_mpi_sub (r[i], r[i], b_pi[i]);
1103 encrypt_element (r[i], r[i], remote_g, remote_n, remote_nsquare);
1105 // E(S - r_pi - b_pi) * E(S + a_pi) == E(2*S + a - r - b)
1106 gcry_mpi_mulm (r[i], r[i], a_pi[i], remote_nsquare);
1110 GNUNET_free (rand_pi);
1112 // Calculate Kq = E(S + a_qi) (+) E(S - r_qi)
1113 for (i = 0; i < count; i++)
1116 gcry_mpi_sub (r_prime[i], my_offset, rand_pi_prime[i]);
1117 encrypt_element (r_prime[i], r_prime[i], remote_g, remote_n, remote_nsquare);
1119 // E(S - r_qi) * E(S + a_qi) == E(2*S + a_qi - r_qi)
1120 gcry_mpi_mulm (r_prime[i], r_prime[i], a_pi_prime[i], remote_nsquare);
1122 GNUNET_free (a_pi_prime);
1123 GNUNET_free (rand_pi_prime);
1126 request->r_prime = r_prime;
1128 // Calculate S' = E(SUM( r_i^2 ))
1129 s_prime = compute_square_sum (rand, count);
1130 encrypt_element (s_prime, s_prime, remote_g, remote_n, remote_nsquare);
1132 // Calculate S = E(SUM( (r_i + b_i)^2 ))
1133 for (i = 0; i < count; i++)
1135 gcry_mpi_add (rand[i], rand[i], b[i]);
1137 s = compute_square_sum (rand, count);
1138 encrypt_element (s, s, remote_g, remote_n, remote_nsquare);
1139 gcry_mpi_release (remote_n);
1140 gcry_mpi_release (remote_g);
1141 gcry_mpi_release (remote_nsquare);
1143 // release r and tmp
1144 for (i = 0; i < count; i++)
1145 // rp, rq, aq, ap, bp, bq are released along with a, r, b respectively, (a and b are handled at except:)
1146 gcry_mpi_release (rand[i]);
1148 // copy the r[], r_prime[], S and Stick into a new message, prepare_service_response frees these
1149 if (GNUNET_YES != prepare_service_response (s, s_prime, request, response))
1150 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Failed to communicate with `%s', scalar product calculation aborted.\n"),
1151 GNUNET_i2s (&request->peer));
1156 for (i = 0; i < count; i++)
1158 gcry_mpi_release (b[i]);
1159 gcry_mpi_release (request->a[i]);
1163 GNUNET_free (request->a);
1170 prepare_service_request_multipart (void *cls,
1171 const struct GNUNET_SCHEDULER_TaskContext *tc)
1173 struct ServiceSession * session = cls;
1174 unsigned char * current;
1175 unsigned char * element_exported;
1176 struct GNUNET_SCALARPRODUCT_multipart_message * msg;
1179 uint32_t msg_length;
1180 uint32_t todo_count;
1181 size_t element_length = 0; // initialized by gcry_mpi_print, but the compiler doesn't know that
1185 msg_length = sizeof (struct GNUNET_SCALARPRODUCT_multipart_message);
1186 todo_count = session->used_element_count - session->transferred_element_count;
1188 if (todo_count > MULTIPART_ELEMENT_CAPACITY)
1189 // send the currently possible maximum chunk
1190 todo_count = MULTIPART_ELEMENT_CAPACITY;
1192 msg_length += todo_count * PAILLIER_ELEMENT_LENGTH;
1193 msg = GNUNET_malloc (msg_length);
1194 msg->header.type = htons (GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_TO_BOB_MULTIPART);
1195 msg->header.size = htons (msg_length);
1196 msg->multipart_element_count = htonl (todo_count);
1198 element_exported = GNUNET_malloc (PAILLIER_ELEMENT_LENGTH);
1199 a = gcry_mpi_new (KEYBITS * 2);
1200 current = (unsigned char *) &msg[1];
1201 // encrypt our vector and generate string representations
1202 for (i = session->last_processed_element, j = 0; i < session->element_count; i++)
1204 // is this a used element?
1205 if (session->mask[i / 8] & 1 << (i % 8))
1207 if (todo_count <= j)
1208 break; //reached end of this message, can't include more
1210 memset(element_exported, 0, PAILLIER_ELEMENT_LENGTH);
1211 value = session->vector[i] >= 0 ? session->vector[i] : -session->vector[i];
1213 a = gcry_mpi_set_ui (a, 0);
1214 // long to gcry_mpi_t
1215 if (session->vector[i] < 0)
1216 gcry_mpi_sub_ui (a, a, value);
1218 gcry_mpi_add_ui (a, a, value);
1220 session->a[session->transferred_element_count + j++] = gcry_mpi_set (NULL, a);
1221 gcry_mpi_add (a, a, my_offset);
1222 encrypt_element (a, a, my_g, my_n, my_nsquare);
1224 // get representation as string
1225 // we always supply some value, so gcry_mpi_print fails only if it can't reserve memory
1226 GNUNET_assert (!gcry_mpi_print (GCRYMPI_FMT_USG,
1227 element_exported, PAILLIER_ELEMENT_LENGTH,
1231 // move buffer content to the end of the buffer so it can easily be read by libgcrypt. also this now has fixed size
1232 adjust (element_exported, element_length, PAILLIER_ELEMENT_LENGTH);
1234 // copy over to the message
1235 memcpy (current, element_exported, PAILLIER_ELEMENT_LENGTH);
1236 current += PAILLIER_ELEMENT_LENGTH;
1239 gcry_mpi_release (a);
1240 GNUNET_free(element_exported);
1241 session->transferred_element_count+=todo_count;
1243 session->msg = (struct GNUNET_MessageHeader *) msg;
1244 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Transmitting service request.\n"));
1246 //transmit via mesh messaging
1247 session->service_transmit_handle = GNUNET_MESH_notify_transmit_ready (session->tunnel, GNUNET_YES,
1248 GNUNET_TIME_UNIT_FOREVER_REL,
1252 if (!session->service_transmit_handle)
1254 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _ ("Could not send service-request multipart message to tunnel!\n"));
1256 session->msg = NULL;
1257 session->client_notification_task =
1258 GNUNET_SCHEDULER_add_now (&prepare_client_end_notification,
1262 if (session->transferred_element_count != session->used_element_count){
1263 session->last_processed_element = i;
1267 session->state = WAITING_FOR_SERVICE_RESPONSE;
1270 * Executed by Alice, fills in a service-request message and sends it to the given peer
1272 * @param session the session associated with this request, then also holds the CORE-handle
1273 * @return #GNUNET_SYSERR if we could not send the message
1274 * #GNUNET_NO if the message was too large
1275 * #GNUNET_OK if we sent it
1278 prepare_service_request (void *cls,
1279 const struct GNUNET_SCHEDULER_TaskContext *tc)
1281 struct ServiceSession * session = cls;
1282 unsigned char * current;
1283 unsigned char * element_exported;
1284 struct GNUNET_SCALARPRODUCT_service_request * msg;
1287 uint32_t msg_length;
1288 size_t element_length = 0; // initialized by gcry_mpi_print, but the compiler doesn't know that
1292 session->service_request_task = GNUNET_SCHEDULER_NO_TASK;
1294 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, _ ("Successfully created new tunnel to peer (%s)!\n"), GNUNET_i2s (&session->peer));
1296 msg_length = sizeof (struct GNUNET_SCALARPRODUCT_service_request)
1297 + session->mask_length
1298 + my_pubkey_external_length;
1300 if (GNUNET_SERVER_MAX_MESSAGE_SIZE > msg_length + session->used_element_count * PAILLIER_ELEMENT_LENGTH){
1301 msg_length += session->used_element_count * PAILLIER_ELEMENT_LENGTH;
1302 session->transferred_element_count = session->used_element_count;
1305 //create a multipart msg, first we calculate a new msg size for the head msg
1306 session->transferred_element_count = (GNUNET_SERVER_MAX_MESSAGE_SIZE - 1 - msg_length) / PAILLIER_ELEMENT_LENGTH;
1309 msg = GNUNET_malloc (msg_length);
1310 msg->header.type = htons (GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_TO_BOB);
1311 msg->total_element_count = htonl(session->used_element_count);
1312 msg->contained_element_count = htonl (session->transferred_element_count);
1313 memcpy (&msg->key, &session->key, sizeof (struct GNUNET_HashCode));
1314 msg->mask_length = htonl (session->mask_length);
1315 msg->pk_length = htonl (my_pubkey_external_length);
1316 msg->element_count = htonl (session->element_count);
1317 msg->header.size = htons (msg_length);
1319 // fill in the payload
1320 current = (unsigned char *) &msg[1];
1321 // copy over the mask
1322 memcpy (current, session->mask, session->mask_length);
1323 // copy over our public key
1324 current += session->mask_length;
1325 memcpy (current, my_pubkey_external, my_pubkey_external_length);
1326 current += my_pubkey_external_length;
1328 // now copy over the element vector
1329 element_exported = GNUNET_malloc (PAILLIER_ELEMENT_LENGTH);
1330 session->a = GNUNET_malloc (sizeof (gcry_mpi_t) * session->used_element_count);
1331 a = gcry_mpi_new (KEYBITS * 2);
1332 // encrypt our vector and generate string representations
1333 for (i = 0, j = 0; i < session->element_count; i++)
1335 // if this is a used element...
1336 if (session->mask[i / 8] & 1 << (i % 8))
1338 if (session->transferred_element_count <= j)
1339 break; //reached end of this message, can't include more
1341 memset(element_exported, 0, PAILLIER_ELEMENT_LENGTH);
1342 value = session->vector[i] >= 0 ? session->vector[i] : -session->vector[i];
1344 a = gcry_mpi_set_ui (a, 0);
1345 // long to gcry_mpi_t
1346 if (session->vector[i] < 0)
1347 gcry_mpi_sub_ui (a, a, value);
1349 gcry_mpi_add_ui (a, a, value);
1351 session->a[j++] = gcry_mpi_set (NULL, a);
1352 gcry_mpi_add (a, a, my_offset);
1353 encrypt_element (a, a, my_g, my_n, my_nsquare);
1355 // get representation as string
1356 // we always supply some value, so gcry_mpi_print fails only if it can't reserve memory
1357 GNUNET_assert (!gcry_mpi_print (GCRYMPI_FMT_USG,
1358 element_exported, PAILLIER_ELEMENT_LENGTH,
1362 // move buffer content to the end of the buffer so it can easily be read by libgcrypt. also this now has fixed size
1363 adjust (element_exported, element_length, PAILLIER_ELEMENT_LENGTH);
1365 // copy over to the message
1366 memcpy (current, element_exported, PAILLIER_ELEMENT_LENGTH);
1367 current += PAILLIER_ELEMENT_LENGTH;
1370 gcry_mpi_release (a);
1371 GNUNET_free(element_exported);
1373 session->msg = (struct GNUNET_MessageHeader *) msg;
1374 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Transmitting service request.\n"));
1376 //transmit via mesh messaging
1377 session->service_transmit_handle = GNUNET_MESH_notify_transmit_ready (session->tunnel, GNUNET_YES,
1378 GNUNET_TIME_UNIT_FOREVER_REL,
1382 if (!session->service_transmit_handle)
1384 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _ ("Could not send message to tunnel!\n"));
1386 session->msg = NULL;
1387 session->client_notification_task =
1388 GNUNET_SCHEDULER_add_now (&prepare_client_end_notification,
1392 if (session->transferred_element_count != session->used_element_count){
1393 session->state = WAITING_FOR_MULTIPART_TRANSMISSION;
1394 session->last_processed_element = i;
1397 //singlepart message
1398 session->state = WAITING_FOR_SERVICE_RESPONSE;
1403 * Handler for a client request message.
1404 * Can either be type A or B
1405 * A: request-initiation to compute a scalar product with a peer
1406 * B: response role, keep the values + session and wait for a matching session or process a waiting request
1408 * @param cls closure
1409 * @param client identification of the client
1410 * @param message the actual message
1413 handle_client_request (void *cls,
1414 struct GNUNET_SERVER_Client *client,
1415 const struct GNUNET_MessageHeader *message)
1417 const struct GNUNET_SCALARPRODUCT_client_request * msg = (const struct GNUNET_SCALARPRODUCT_client_request *) message;
1418 struct ServiceSession * session;
1419 uint32_t element_count;
1420 uint32_t mask_length;
1425 // only one concurrent session per client connection allowed, simplifies logics a lot...
1426 session = GNUNET_SERVER_client_get_user_context (client, struct ServiceSession);
1427 if ((NULL != session) && (session->state != FINALIZED))
1429 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1432 else if (NULL != session)
1434 // old session is already completed, clean it up
1435 GNUNET_CONTAINER_DLL_remove (from_client_head, from_client_tail, session);
1436 free_session (session);
1439 //we need at least a peer and one message id to compare
1440 if (sizeof (struct GNUNET_SCALARPRODUCT_client_request) > ntohs (msg->header.size))
1442 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1443 _ ("Too short message received from client!\n"));
1444 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1448 msg_type = ntohs (msg->header.type);
1449 element_count = ntohl (msg->element_count);
1450 mask_length = ntohl (msg->mask_length);
1452 //sanity check: is the message as long as the message_count fields suggests?
1453 if ((ntohs (msg->header.size) != (sizeof (struct GNUNET_SCALARPRODUCT_client_request) +element_count * sizeof (int32_t) + mask_length))
1454 || (0 == element_count))
1456 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1457 _ ("Invalid message received from client, session information incorrect!\n"));
1458 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1462 // do we have a duplicate session here already?
1463 if (NULL != find_matching_session (from_client_tail,
1468 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1469 _ ("Duplicate session information received, cannot create new session with key `%s'\n"),
1470 GNUNET_h2s (&msg->key));
1471 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1475 session = GNUNET_new (struct ServiceSession);
1476 session->service_request_task = GNUNET_SCHEDULER_NO_TASK;
1477 session->client_notification_task = GNUNET_SCHEDULER_NO_TASK;
1478 session->client = client;
1479 session->element_count = element_count;
1480 session->mask_length = mask_length;
1481 // get our transaction key
1482 memcpy (&session->key, &msg->key, sizeof (struct GNUNET_HashCode));
1483 //allocate memory for vector and encrypted vector
1484 session->vector = GNUNET_malloc (sizeof (int32_t) * element_count);
1485 vector = (int32_t *) & msg[1];
1487 if (GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_ALICE == msg_type)
1489 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1490 _ ("Got client-request-session with key %s, preparing tunnel to remote service.\n"),
1491 GNUNET_h2s (&session->key));
1493 session->role = ALICE;
1495 session->mask = GNUNET_malloc (mask_length);
1496 memcpy (session->mask, &vector[element_count], mask_length);
1498 // copy over the elements
1499 session->used_element_count = 0;
1500 for (i = 0; i < element_count; i++)
1502 session->vector[i] = ntohl (vector[i]);
1503 if (session->vector[i] == 0)
1504 session->mask[i / 8] &= ~(1 << (i % 8));
1505 if (session->mask[i / 8] & (1 << (i % 8)))
1506 session->used_element_count++;
1509 if (0 == session->used_element_count)
1511 GNUNET_break_op (0);
1512 GNUNET_free (session->vector);
1513 GNUNET_free (session);
1514 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1517 //session with ourself makes no sense!
1518 if (!memcmp (&msg->peer, &me, sizeof (struct GNUNET_PeerIdentity)))
1521 GNUNET_free (session->vector);
1522 GNUNET_free (session);
1523 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1527 memcpy (&session->peer, &msg->peer, sizeof (struct GNUNET_PeerIdentity));
1528 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1529 _ ("Creating new tunnel to for session with key %s.\n"),
1530 GNUNET_h2s (&session->key));
1531 session->tunnel = GNUNET_MESH_tunnel_create (my_mesh, session,
1533 GNUNET_APPLICATION_TYPE_SCALARPRODUCT,
1536 //prepare_service_request, tunnel_peer_disconnect_handler,
1537 if (!session->tunnel)
1540 GNUNET_free (session->vector);
1541 GNUNET_free (session);
1542 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1545 GNUNET_SERVER_client_set_user_context (client, session);
1546 GNUNET_CONTAINER_DLL_insert (from_client_head, from_client_tail, session);
1548 session->state = CLIENT_REQUEST_RECEIVED;
1549 session->service_request_task =
1550 GNUNET_SCHEDULER_add_now (&prepare_service_request,
1556 struct ServiceSession * requesting_session;
1557 enum SessionState needed_state = SERVICE_REQUEST_RECEIVED;
1559 session->role = BOB;
1560 session->mask = NULL;
1561 // copy over the elements
1562 session->used_element_count = element_count;
1563 for (i = 0; i < element_count; i++)
1564 session->vector[i] = ntohl (vector[i]);
1565 session->state = CLIENT_RESPONSE_RECEIVED;
1567 GNUNET_SERVER_client_set_user_context (client, session);
1568 GNUNET_CONTAINER_DLL_insert (from_client_head, from_client_tail, session);
1570 //check if service queue contains a matching request
1571 requesting_session = find_matching_session (from_service_tail,
1573 session->element_count,
1574 &needed_state, NULL);
1575 if (NULL != requesting_session)
1577 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Got client-responder-session with key %s and a matching service-request-session set, processing.\n"), GNUNET_h2s (&session->key));
1578 if (GNUNET_OK != compute_service_response (requesting_session, session))
1579 session->client_notification_task =
1580 GNUNET_SCHEDULER_add_now (&prepare_client_end_notification,
1586 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Got client-responder-session with key %s but NO matching service-request-session set, queuing element for later use.\n"), GNUNET_h2s (&session->key));
1587 // no matching session exists yet, store the response
1588 // for later processing by handle_service_request()
1591 GNUNET_SERVER_receive_done (client, GNUNET_YES);
1596 * Function called for inbound tunnels.
1598 * @param cls closure
1599 * @param tunnel new handle to the tunnel
1600 * @param initiator peer that started the tunnel
1601 * @param atsi performance information for the tunnel
1602 * @return initial tunnel context for the tunnel
1603 * (can be NULL -- that's not an error)
1606 tunnel_incoming_handler (void *cls,
1607 struct GNUNET_MESH_Tunnel *tunnel,
1608 const struct GNUNET_PeerIdentity *initiator,
1611 struct ServiceSession * c = GNUNET_new (struct ServiceSession);
1613 c->peer = *initiator;
1616 c->state = WAITING_FOR_SERVICE_REQUEST;
1622 * Function called whenever a tunnel is destroyed. Should clean up
1623 * any associated state.
1625 * It must NOT call GNUNET_MESH_tunnel_destroy on the tunnel.
1627 * @param cls closure (set from GNUNET_MESH_connect)
1628 * @param tunnel connection to the other end (henceforth invalid)
1629 * @param tunnel_ctx place where local state associated
1630 * with the tunnel is stored
1633 tunnel_destruction_handler (void *cls,
1634 const struct GNUNET_MESH_Tunnel *tunnel,
1637 struct ServiceSession * session = tunnel_ctx;
1638 struct ServiceSession * client_session;
1639 struct ServiceSession * curr;
1641 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1642 _ ("Peer disconnected, terminating session %s with peer (%s)\n"),
1643 GNUNET_h2s (&session->key),
1644 GNUNET_i2s (&session->peer));
1645 if (ALICE == session->role)
1647 // as we have only one peer connected in each session, just remove the session
1649 if ((SERVICE_RESPONSE_RECEIVED > session->state) && (!do_shutdown))
1651 session->tunnel = NULL;
1652 // if this happened before we received the answer, we must terminate the session
1653 session->client_notification_task =
1654 GNUNET_SCHEDULER_add_now (&prepare_client_end_notification,
1659 { //(BOB == session->role) service session
1660 // remove the session, unless it has already been dequeued, but somehow still active
1661 // this could bug without the IF in case the queue is empty and the service session was the only one know to the service
1662 // scenario: disconnect before alice can send her message to bob.
1663 for (curr = from_service_head; NULL != curr; curr = curr->next)
1664 if (curr == session)
1666 GNUNET_CONTAINER_DLL_remove (from_service_head, from_service_tail, curr);
1669 // there is a client waiting for this service session, terminate it, too!
1670 // i assume the tupel of key and element count is unique. if it was not the rest of the code would not work either.
1671 client_session = find_matching_session (from_client_tail,
1673 session->element_count,
1675 free_session (session);
1677 // the client has to check if it was waiting for a result
1678 // or if it was a responder, no point in adding more statefulness
1679 if (client_session && (!do_shutdown))
1681 client_session->state = FINALIZED;
1682 client_session->client_notification_task =
1683 GNUNET_SCHEDULER_add_now (&prepare_client_end_notification,
1691 * Compute our scalar product, done by Alice
1693 * @param session - the session associated with this computation
1694 * @param kp - (1) from the protocol definition:
1695 * $E_A(a_{\pi(i)}) \otimes E_A(- r_{\pi(i)} - b_{\pi(i)}) &= E_A(a_{\pi(i)} - r_{\pi(i)} - b_{\pi(i)})$
1696 * @param kq - (2) from the protocol definition:
1697 * $E_A(a_{\pi'(i)}) \otimes E_A(- r_{\pi'(i)}) &= E_A(a_{\pi'(i)} - r_{\pi'(i)})$
1698 * @param s - S from the protocol definition:
1699 * $S := E_A(\sum (r_i + b_i)^2)$
1700 * @param stick - S' from the protocol definition:
1701 * $S' := E_A(\sum r_i^2)$
1702 * @return product as MPI, never NULL
1705 compute_scalar_product (struct ServiceSession * session,
1706 gcry_mpi_t * r, gcry_mpi_t * r_prime, gcry_mpi_t s, gcry_mpi_t s_prime)
1717 count = session->used_element_count;
1718 tmp = gcry_mpi_new (KEYBITS);
1719 // due to the introduced static offset S, we now also have to remove this
1720 // from the E(a_pi)(+)E(-b_pi-r_pi) and E(a_qi)(+)E(-r_qi) twice each,
1721 // the result is E((S + a_pi) + (S -b_pi-r_pi)) and E(S + a_qi + S - r_qi)
1722 for (i = 0; i < count; i++)
1724 decrypt_element (r[i], r[i], my_mu, my_lambda, my_n, my_nsquare);
1725 gcry_mpi_sub (r[i], r[i], my_offset);
1726 gcry_mpi_sub (r[i], r[i], my_offset);
1727 decrypt_element (r_prime[i], r_prime[i], my_mu, my_lambda, my_n, my_nsquare);
1728 gcry_mpi_sub (r_prime[i], r_prime[i], my_offset);
1729 gcry_mpi_sub (r_prime[i], r_prime[i], my_offset);
1732 // calculate t = sum(ai)
1733 t = compute_square_sum (session->a, count);
1736 u = gcry_mpi_new (0);
1737 tmp = compute_square_sum (r, count);
1738 gcry_mpi_sub (u, u, tmp);
1739 gcry_mpi_release (tmp);
1742 utick = gcry_mpi_new (0);
1743 tmp = compute_square_sum (r_prime, count);
1744 gcry_mpi_sub (utick, utick, tmp);
1746 GNUNET_assert (p = gcry_mpi_new (0));
1747 GNUNET_assert (ptick = gcry_mpi_new (0));
1750 decrypt_element (s, s, my_mu, my_lambda, my_n, my_nsquare);
1751 decrypt_element (s_prime, s_prime, my_mu, my_lambda, my_n, my_nsquare);
1754 gcry_mpi_add (p, s, t);
1755 gcry_mpi_add (p, p, u);
1758 gcry_mpi_add (ptick, s_prime, t);
1759 gcry_mpi_add (ptick, ptick, utick);
1761 gcry_mpi_release (t);
1762 gcry_mpi_release (u);
1763 gcry_mpi_release (utick);
1766 gcry_mpi_sub (p, p, ptick);
1767 gcry_mpi_release (ptick);
1768 tmp = gcry_mpi_set_ui (tmp, 2);
1769 gcry_mpi_div (p, NULL, p, tmp, 0);
1771 gcry_mpi_release (tmp);
1772 for (i = 0; i < count; i++)
1773 gcry_mpi_release (session->a[i]);
1774 GNUNET_free (session->a);
1782 * prepare the response we will send to alice or bobs' clients.
1783 * in Bobs case the product will be NULL.
1785 * @param session the session associated with our client.
1788 prepare_client_response (void *cls,
1789 const struct GNUNET_SCHEDULER_TaskContext *tc)
1791 struct ServiceSession * session = cls;
1792 struct GNUNET_SCALARPRODUCT_client_response * msg;
1793 unsigned char * product_exported = NULL;
1794 size_t product_length = 0;
1795 uint32_t msg_length = 0;
1800 session->client_notification_task = GNUNET_SCHEDULER_NO_TASK;
1802 if (session->product)
1804 gcry_mpi_t value = gcry_mpi_new (0);
1806 sign = gcry_mpi_cmp_ui (session->product, 0);
1807 // libgcrypt can not handle a print of a negative number
1808 // if (a->sign) return gcry_error (GPG_ERR_INTERNAL); /* Can't handle it yet. */
1811 gcry_mpi_sub (value, value, session->product);
1816 gcry_mpi_add (value, value, session->product);
1821 gcry_mpi_release (session->product);
1822 session->product = NULL;
1824 // get representation as string
1826 && (0 != (rc = gcry_mpi_aprint (GCRYMPI_FMT_STD,
1831 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
1833 range = -1; // signal error with product-length = 0 and range = -1
1835 gcry_mpi_release (value);
1838 msg_length = sizeof (struct GNUNET_SCALARPRODUCT_client_response) +product_length;
1839 msg = GNUNET_malloc (msg_length);
1840 memcpy (&msg->key, &session->key, sizeof (struct GNUNET_HashCode));
1841 memcpy (&msg->peer, &session->peer, sizeof ( struct GNUNET_PeerIdentity));
1842 if (product_exported != NULL)
1844 memcpy (&msg[1], product_exported, product_length);
1845 GNUNET_free (product_exported);
1847 msg->header.type = htons (GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SERVICE_TO_CLIENT);
1848 msg->header.size = htons (msg_length);
1850 msg->product_length = htonl (product_length);
1852 session->msg = (struct GNUNET_MessageHeader *) msg;
1853 //transmit this message to our client
1854 session->client_transmit_handle =
1855 GNUNET_SERVER_notify_transmit_ready (session->client,
1857 GNUNET_TIME_UNIT_FOREVER_REL,
1860 if (NULL == session->client_transmit_handle)
1862 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1863 _ ("Could not send message to client (%p)!\n"),
1865 session->client = NULL;
1866 // callback was not called!
1868 session->msg = NULL;
1871 // gracefully sent message, just terminate session structure
1872 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1873 _ ("Sent result to client (%p), this session (%s) has ended!\n"),
1875 GNUNET_h2s (&session->key));
1880 * Handle a request from another service to calculate a scalarproduct with us.
1882 * @param cls closure (set from #GNUNET_MESH_connect)
1883 * @param tunnel connection to the other end
1884 * @param tunnel_ctx place to store local state associated with the tunnel
1885 * @param sender who sent the message
1886 * @param message the actual message
1887 * @param atsi performance data for the connection
1888 * @return #GNUNET_OK to keep the connection open,
1889 * #GNUNET_SYSERR to close it (signal serious error)
1892 handle_service_request (void *cls,
1893 struct GNUNET_MESH_Tunnel * tunnel,
1895 const struct GNUNET_MessageHeader * message)
1897 struct ServiceSession * session;
1898 const struct GNUNET_SCALARPRODUCT_service_request * msg = (const struct GNUNET_SCALARPRODUCT_service_request *) message;
1899 uint32_t mask_length;
1901 uint32_t used_elements;
1902 uint32_t element_count;
1903 uint32_t msg_length;
1904 unsigned char * current;
1905 struct ServiceSession * responder_session;
1907 enum SessionState needed_state;
1909 session = (struct ServiceSession *) * tunnel_ctx;
1910 if (BOB != session->role)
1912 GNUNET_break_op (0);
1913 return GNUNET_SYSERR;
1915 // is this tunnel already in use?
1916 if ((session->next) || (from_service_head == session))
1918 GNUNET_break_op (0);
1919 return GNUNET_SYSERR;
1921 // Check if message was sent by me, which would be bad!
1922 if (!memcmp (&session->peer, &me, sizeof (struct GNUNET_PeerIdentity)))
1924 GNUNET_free (session);
1926 return GNUNET_SYSERR;
1929 //we need at least a peer and one message id to compare
1930 if (ntohs (msg->header.size) < sizeof (struct GNUNET_SCALARPRODUCT_service_request))
1932 GNUNET_free (session);
1933 GNUNET_break_op (0);
1934 return GNUNET_SYSERR;
1936 mask_length = ntohl (msg->mask_length);
1937 pk_length = ntohl (msg->pk_length);
1938 used_elements = ntohl (msg->contained_element_count);
1939 element_count = ntohl (msg->element_count);
1940 msg_length = sizeof (struct GNUNET_SCALARPRODUCT_service_request)
1941 +mask_length + pk_length + used_elements * PAILLIER_ELEMENT_LENGTH;
1943 //sanity check: is the message as long as the message_count fields suggests?
1944 if ((ntohs (msg->header.size) != msg_length) || (element_count < used_elements)
1945 || (used_elements == 0) || (mask_length != (element_count / 8 + (element_count % 8 ? 1 : 0)))
1948 GNUNET_free (session);
1949 GNUNET_break_op (0);
1950 return GNUNET_SYSERR;
1952 if (find_matching_session (from_service_tail,
1958 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _ ("Got message with duplicate session key (`%s'), ignoring service request.\n"), (const char *) &(msg->key));
1959 GNUNET_free (session);
1960 return GNUNET_SYSERR;
1963 memcpy (&session->peer, &session->peer, sizeof (struct GNUNET_PeerIdentity));
1964 session->state = SERVICE_REQUEST_RECEIVED;
1965 session->element_count = ntohl (msg->element_count);
1966 session->used_element_count = used_elements;
1967 session->tunnel = tunnel;
1970 memcpy (&session->key, &msg->key, sizeof (struct GNUNET_HashCode));
1971 current = (unsigned char *) &msg[1];
1972 //preserve the mask, we will need that later on
1973 session->mask = GNUNET_malloc (mask_length);
1974 memcpy (session->mask, current, mask_length);
1976 current += mask_length;
1978 //convert the publickey to sexp
1979 if (gcry_sexp_new (&session->remote_pubkey, current, pk_length, 1))
1981 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _ ("Could not translate remote public key to sexpression!\n"));
1982 GNUNET_free (session->mask);
1983 GNUNET_free (session);
1984 return GNUNET_SYSERR;
1987 current += pk_length;
1989 //check if service queue contains a matching request
1990 needed_state = CLIENT_RESPONSE_RECEIVED;
1991 responder_session = find_matching_session (from_client_tail,
1993 session->element_count,
1994 &needed_state, NULL);
1996 session->a = GNUNET_malloc (sizeof (gcry_mpi_t) * used_elements);
1998 if (GNUNET_SERVER_MAX_MESSAGE_SIZE >= sizeof (struct GNUNET_SCALARPRODUCT_service_request)
2001 + used_elements * PAILLIER_ELEMENT_LENGTH)
2003 gcry_error_t ret = 0;
2004 session->a = GNUNET_malloc (sizeof (gcry_mpi_t) * used_elements);
2005 // Convert each vector element to MPI_value
2006 for (i = 0; i < used_elements; i++)
2010 ret = gcry_mpi_scan (&session->a[i],
2012 ¤t[i * PAILLIER_ELEMENT_LENGTH],
2013 PAILLIER_ELEMENT_LENGTH,
2017 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _ ("Could not translate E[a%d] to MPI!\n%s/%s\n"),
2018 i, gcry_strsource (ret), gcry_strerror (ret));
2022 GNUNET_CONTAINER_DLL_insert (from_service_head, from_service_tail, session);
2023 if (responder_session)
2025 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Got session with key %s and a matching element set, processing.\n"), GNUNET_h2s (&session->key));
2026 if (GNUNET_OK != compute_service_response (session, responder_session))
2028 //something went wrong, remove it again...
2029 GNUNET_CONTAINER_DLL_remove (from_service_head, from_service_tail, session);
2034 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Got session with key %s without a matching element set, queueing.\n"), GNUNET_h2s (&session->key));
2040 // TODO FEATURE: fallback to fragmentation, in case the message is too long
2041 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _ ("Message too large, fragmentation is currently not supported!\n"));
2045 for (i = 0; i < used_elements; i++)
2047 gcry_mpi_release (session->a[i]);
2048 gcry_sexp_release (session->remote_pubkey);
2049 session->remote_pubkey = NULL;
2050 GNUNET_free_non_null (session->a);
2052 free_session (session);
2053 // and notify our client-session that we could not complete the session
2054 if (responder_session)
2055 // we just found the responder session in this queue
2056 responder_session->client_notification_task =
2057 GNUNET_SCHEDULER_add_now (&prepare_client_end_notification,
2059 return GNUNET_SYSERR;
2064 * Handle a response we got from another service we wanted to calculate a scalarproduct with.
2066 * @param cls closure (set from #GNUNET_MESH_connect)
2067 * @param tunnel connection to the other end
2068 * @param tunnel_ctx place to store local state associated with the tunnel
2069 * @param sender who sent the message
2070 * @param message the actual message
2071 * @param atsi performance data for the connection
2072 * @return #GNUNET_OK to keep the connection open,
2073 * #GNUNET_SYSERR to close it (we are done)
2076 handle_service_response (void *cls,
2077 struct GNUNET_MESH_Tunnel * tunnel,
2079 const struct GNUNET_MessageHeader * message)
2081 struct ServiceSession * session;
2082 const struct GNUNET_SCALARPRODUCT_service_response * msg = (const struct GNUNET_SCALARPRODUCT_service_response *) message;
2083 unsigned char * current;
2085 gcry_mpi_t s = NULL;
2086 gcry_mpi_t s_prime = NULL;
2089 uint32_t contained_element_count;
2091 gcry_mpi_t * r = NULL;
2092 gcry_mpi_t * r_prime = NULL;
2095 GNUNET_assert (NULL != message);
2096 session = (struct ServiceSession *) * tunnel_ctx;
2097 if (ALICE != session->role)
2099 GNUNET_break_op (0);
2100 return GNUNET_SYSERR;
2103 count = session->used_element_count;
2104 session->product = NULL;
2105 session->state = SERVICE_RESPONSE_RECEIVED;
2107 //we need at least a peer and one message id to compare
2108 if (sizeof (struct GNUNET_SCALARPRODUCT_service_response) > ntohs (msg->header.size))
2110 GNUNET_break_op (0);
2113 contained_element_count = ntohl (msg->contained_element_count);
2114 msg_size = sizeof (struct GNUNET_SCALARPRODUCT_service_response)
2115 + 2 * contained_element_count * PAILLIER_ELEMENT_LENGTH
2116 + 2 * PAILLIER_ELEMENT_LENGTH;
2117 //sanity check: is the message as long as the message_count fields suggests?
2118 if ((ntohs (msg->header.size) != msg_size) || (count != contained_element_count))
2120 GNUNET_break_op (0);
2125 current = (unsigned char *) &msg[1];
2126 if (0 != (rc = gcry_mpi_scan (&s, GCRYMPI_FMT_USG, current,
2127 PAILLIER_ELEMENT_LENGTH, &read)))
2129 LOG_GCRY (GNUNET_ERROR_TYPE_DEBUG, "gcry_mpi_scan", rc);
2130 GNUNET_break_op (0);
2133 current += PAILLIER_ELEMENT_LENGTH;
2135 if (0 != (rc = gcry_mpi_scan (&s_prime, GCRYMPI_FMT_USG, current,
2136 PAILLIER_ELEMENT_LENGTH, &read)))
2138 LOG_GCRY (GNUNET_ERROR_TYPE_DEBUG, "gcry_mpi_scan", rc);
2139 GNUNET_break_op (0);
2142 current += PAILLIER_ELEMENT_LENGTH;
2144 r = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
2145 // Convert each kp[] to its MPI_value
2146 for (i = 0; i < count; i++)
2148 if (0 != (rc = gcry_mpi_scan (&r[i], GCRYMPI_FMT_USG, current,
2149 PAILLIER_ELEMENT_LENGTH, &read)))
2151 LOG_GCRY (GNUNET_ERROR_TYPE_DEBUG, "gcry_mpi_scan", rc);
2152 GNUNET_break_op (0);
2155 current += PAILLIER_ELEMENT_LENGTH;
2159 r_prime = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
2160 // Convert each kq[] to its MPI_value
2161 for (i = 0; i < count; i++)
2163 if (0 != (rc = gcry_mpi_scan (&r_prime[i], GCRYMPI_FMT_USG, current,
2164 PAILLIER_ELEMENT_LENGTH, &read)))
2166 LOG_GCRY (GNUNET_ERROR_TYPE_DEBUG, "gcry_mpi_scan", rc);
2167 GNUNET_break_op (0);
2170 current += PAILLIER_ELEMENT_LENGTH;
2172 session->product = compute_scalar_product (session, r, r_prime, s, s_prime);
2176 gcry_mpi_release (s);
2178 gcry_mpi_release (s_prime);
2179 for (i = 0; r && i < count; i++)
2180 if (r[i]) gcry_mpi_release (r[i]);
2181 for (i = 0; r_prime && i < count; i++)
2182 if (r_prime[i]) gcry_mpi_release (r_prime[i]);
2183 GNUNET_free_non_null (r);
2184 GNUNET_free_non_null (r_prime);
2186 session->tunnel = NULL;
2187 // send message with product to client
2188 session->client_notification_task =
2189 GNUNET_SCHEDULER_add_now (&prepare_client_response,
2191 // the tunnel has done its job, terminate our connection and the tunnel
2192 // the peer will be notified that the tunnel was destroyed via tunnel_destruction_handler
2193 // just close the connection, as recommended by Christian
2194 return GNUNET_SYSERR;
2199 * Task run during shutdown.
2205 shutdown_task (void *cls,
2206 const struct GNUNET_SCHEDULER_TaskContext *tc)
2208 struct ServiceSession * session;
2209 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Shutting down, initiating cleanup.\n"));
2211 do_shutdown = GNUNET_YES;
2213 // terminate all owned open tunnels.
2214 for (session = from_client_head; NULL != session; session = session->next)
2216 if ((FINALIZED != session->state) && (NULL != session->tunnel)){
2217 GNUNET_MESH_tunnel_destroy (session->tunnel);
2218 session->tunnel = NULL;
2220 if (GNUNET_SCHEDULER_NO_TASK != session->client_notification_task)
2222 GNUNET_SCHEDULER_cancel (session->client_notification_task);
2223 session->client_notification_task = GNUNET_SCHEDULER_NO_TASK;
2225 if (GNUNET_SCHEDULER_NO_TASK != session->service_request_task)
2227 GNUNET_SCHEDULER_cancel (session->service_request_task);
2228 session->service_request_task = GNUNET_SCHEDULER_NO_TASK;
2230 if (NULL != session->client)
2232 GNUNET_SERVER_client_disconnect (session->client);
2233 session->client = NULL;
2236 for (session = from_service_head; NULL != session; session = session->next)
2237 if (NULL != session->tunnel){
2238 GNUNET_MESH_tunnel_destroy (session->tunnel);
2239 session->tunnel = NULL;
2244 GNUNET_MESH_disconnect (my_mesh);
2251 * Initialization of the program and message handlers
2253 * @param cls closure
2254 * @param server the initialized server
2255 * @param c configuration to use
2259 struct GNUNET_SERVER_Handle *server,
2260 const struct GNUNET_CONFIGURATION_Handle *c)
2262 static const struct GNUNET_SERVER_MessageHandler server_handlers[] = {
2263 {&handle_client_request, NULL, GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_ALICE, 0},
2264 {&handle_client_request, NULL, GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_BOB, 0},
2267 static const struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
2268 { &handle_service_request, GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_TO_BOB, 0},
2269 { &handle_service_request_multipart, GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_TO_BOB_MULTIPART, 0},
2270 { &handle_service_response, GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_TO_ALICE, 0},
2271 { &handle_service_response_multipart, GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_TO_ALICE_MULTIPART, 0},
2274 static const uint32_t ports[] = {
2275 GNUNET_APPLICATION_TYPE_SCALARPRODUCT,
2278 //generate private/public key set
2279 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Generating Paillier-Keyset.\n"));
2281 // register server callbacks and disconnect handler
2282 GNUNET_SERVER_add_handlers (server, server_handlers);
2283 GNUNET_SERVER_disconnect_notify (server,
2284 &handle_client_disconnect,
2286 GNUNET_break (GNUNET_OK ==
2287 GNUNET_CRYPTO_get_peer_identity (c,
2289 my_mesh = GNUNET_MESH_connect (c, NULL,
2290 &tunnel_incoming_handler,
2291 &tunnel_destruction_handler,
2292 mesh_handlers, ports);
2295 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _ ("Connect to MESH failed\n"));
2296 GNUNET_SCHEDULER_shutdown ();
2299 GNUNET_log (GNUNET_ERROR_TYPE_INFO, _ ("Mesh initialized\n"));
2300 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
2307 * The main function for the scalarproduct service.
2309 * @param argc number of arguments from the command line
2310 * @param argv command line arguments
2311 * @return 0 ok, 1 on error
2314 main (int argc, char *const *argv)
2316 return (GNUNET_OK ==
2317 GNUNET_SERVICE_run (argc, argv,
2319 GNUNET_SERVICE_OPTION_NONE,
2320 &run, NULL)) ? 0 : 1;
2323 /* end of gnunet-service-ext.c */