2 This file is part of GNUnet.
3 Copyright (C) 2013, 2014 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
21 * @file scalarproduct/gnunet-service-scalarproduct_alice.c
22 * @brief scalarproduct service implementation
23 * @author Christian M. Fuchs
24 * @author Christian Grothoff
29 #include "gnunet_util_lib.h"
30 #include "gnunet_core_service.h"
31 #include "gnunet_cadet_service.h"
32 #include "gnunet_applications.h"
33 #include "gnunet_protocols.h"
34 #include "gnunet_scalarproduct_service.h"
35 #include "gnunet_set_service.h"
36 #include "scalarproduct.h"
37 #include "gnunet-service-scalarproduct.h"
39 #define LOG(kind,...) GNUNET_log_from (kind, "scalarproduct-alice", __VA_ARGS__)
42 * An encrypted element key-value pair.
47 * Key used to identify matching pairs of values to multiply.
48 * Points into an existing data structure, to avoid copying
49 * and doubling memory use.
51 const struct GNUNET_HashCode *key;
54 * Value represented (a).
61 * A scalarproduct session which tracks
62 * a request form the client to our final response.
64 struct AliceServiceSession
68 * (hopefully) unique transaction ID
70 struct GNUNET_HashCode session_id;
73 * Alice or Bob's peerID
75 struct GNUNET_PeerIdentity peer;
78 * The client this request is related to.
80 struct GNUNET_SERVER_Client *client;
83 * The message queue for the client.
85 struct GNUNET_MQ_Handle *client_mq;
88 * The message queue for CADET.
90 struct GNUNET_MQ_Handle *cadet_mq;
93 * all non-0-value'd elements transmitted to us.
94 * Values are of type `struct GNUNET_SCALARPRODUCT_Element *`
96 struct GNUNET_CONTAINER_MultiHashMap *intersected_elements;
99 * Set of elements for which will conduction an intersection.
100 * the resulting elements are then used for computing the scalar product.
102 struct GNUNET_SET_Handle *intersection_set;
105 * Set of elements for which will conduction an intersection.
106 * the resulting elements are then used for computing the scalar product.
108 struct GNUNET_SET_OperationHandle *intersection_op;
111 * Handle to Alice's Intersection operation listening for Bob
113 struct GNUNET_SET_ListenHandle *intersection_listen;
116 * channel-handle associated with our cadet handle
118 struct GNUNET_CADET_Channel *channel;
121 * a(Alice), sorted array by key of length @e used_element_count.
123 struct MpiElement *sorted_elements;
126 * Bob's permutation p of R
128 struct GNUNET_CRYPTO_PaillierCiphertext *r;
131 * Bob's permutation q of R
133 struct GNUNET_CRYPTO_PaillierCiphertext *r_prime;
138 struct GNUNET_CRYPTO_PaillierCiphertext s;
143 struct GNUNET_CRYPTO_PaillierCiphertext s_prime;
146 * The computed scalar
151 * How many elements we were supplied with from the client (total
152 * count before intersection).
157 * How many elements actually are used for the scalar product.
158 * Size of the arrays in @e r and @e r_prime. Sometimes also
159 * reset to 0 and used as a counter!
161 uint32_t used_element_count;
164 * Already transferred elements from client to us.
165 * Less or equal than @e total.
167 uint32_t client_received_element_count;
170 * Already transferred elements from Bob to us.
171 * Less or equal than @e total.
173 uint32_t cadet_received_element_count;
176 * State of this session. In
177 * #GNUNET_SCALARPRODUCT_STATUS_ACTIVE while operation is
178 * ongoing, afterwards in #GNUNET_SCALARPRODUCT_STATUS_SUCCESS or
179 * #GNUNET_SCALARPRODUCT_STATUS_FAILURE.
181 enum GNUNET_SCALARPRODUCT_ResponseStatus status;
184 * Flag to prevent recursive calls to #destroy_service_session() from
193 * GNUnet configuration handle
195 static const struct GNUNET_CONFIGURATION_Handle *cfg;
198 * Service's own public key
200 static struct GNUNET_CRYPTO_PaillierPublicKey my_pubkey;
203 * Service's own private key
205 static struct GNUNET_CRYPTO_PaillierPrivateKey my_privkey;
208 * Service's offset for values that could possibly be negative but are plaintext for encryption.
210 static gcry_mpi_t my_offset;
213 * Handle to the CADET service.
215 static struct GNUNET_CADET_Handle *my_cadet;
219 * Iterator called to free elements.
221 * @param cls the `struct AliceServiceSession *` (unused)
222 * @param key the key (unused)
223 * @param value value to free
224 * @return #GNUNET_OK (continue to iterate)
227 free_element_cb (void *cls,
228 const struct GNUNET_HashCode *key,
231 struct GNUNET_SCALARPRODUCT_Element *e = value;
239 * Destroy session state, we are done with it.
241 * @param s the session to free elements from
244 destroy_service_session (struct AliceServiceSession *s)
248 if (GNUNET_YES == s->in_destroy)
250 s->in_destroy = GNUNET_YES;
251 if (NULL != s->client_mq)
253 GNUNET_MQ_destroy (s->client_mq);
256 if (NULL != s->cadet_mq)
258 GNUNET_MQ_destroy (s->cadet_mq);
261 if (NULL != s->client)
263 GNUNET_SERVER_client_set_user_context (s->client,
265 GNUNET_SERVER_client_disconnect (s->client);
268 if (NULL != s->channel)
270 GNUNET_CADET_channel_destroy (s->channel);
273 if (NULL != s->intersected_elements)
275 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
278 GNUNET_CONTAINER_multihashmap_destroy (s->intersected_elements);
279 s->intersected_elements = NULL;
281 if (NULL != s->intersection_listen)
283 GNUNET_SET_listen_cancel (s->intersection_listen);
284 s->intersection_listen = NULL;
286 if (NULL != s->intersection_op)
288 GNUNET_SET_operation_cancel (s->intersection_op);
289 s->intersection_op = NULL;
291 if (NULL != s->intersection_set)
293 GNUNET_SET_destroy (s->intersection_set);
294 s->intersection_set = NULL;
296 if (NULL != s->sorted_elements)
298 for (i=0;i<s->used_element_count;i++)
299 gcry_mpi_release (s->sorted_elements[i].value);
300 GNUNET_free (s->sorted_elements);
301 s->sorted_elements = NULL;
308 if (NULL != s->r_prime)
310 GNUNET_free (s->r_prime);
313 if (NULL != s->product)
315 gcry_mpi_release (s->product);
323 * Notify the client that the session has failed. A message gets sent
324 * to Alice's client if we encountered any error.
326 * @param session the associated client session to fail or succeed
329 prepare_client_end_notification (struct AliceServiceSession *session)
331 struct ClientResponseMessage *msg;
332 struct GNUNET_MQ_Envelope *e;
334 if (NULL == session->client_mq)
335 return; /* no client left to be notified */
336 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
337 "Sending session-end notification with status %d to client for session %s\n",
339 GNUNET_h2s (&session->session_id));
340 e = GNUNET_MQ_msg (msg,
341 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_RESULT);
342 msg->product_length = htonl (0);
343 msg->status = htonl (session->status);
344 GNUNET_MQ_send (session->client_mq,
350 * Prepare the final (positive) response we will send to Alice's
353 * @param s the session associated with our client.
356 transmit_client_response (struct AliceServiceSession *s)
358 struct ClientResponseMessage *msg;
359 struct GNUNET_MQ_Envelope *e;
360 unsigned char *product_exported = NULL;
361 size_t product_length = 0;
367 if (NULL == s->product)
370 prepare_client_end_notification (s);
373 value = gcry_mpi_new (0);
374 sign = gcry_mpi_cmp_ui (s->product, 0);
385 gcry_mpi_add (value, value, s->product);
389 /* result is exactly zero */
392 gcry_mpi_release (s->product);
396 (0 != (rc = gcry_mpi_aprint (GCRYMPI_FMT_STD,
401 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
404 prepare_client_end_notification (s);
407 gcry_mpi_release (value);
408 e = GNUNET_MQ_msg_extra (msg,
410 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_RESULT);
411 msg->status = htonl (GNUNET_SCALARPRODUCT_STATUS_SUCCESS);
412 msg->range = htonl (range);
413 msg->product_length = htonl (product_length);
414 if (NULL != product_exported)
416 GNUNET_memcpy (&msg[1],
419 GNUNET_free (product_exported);
421 GNUNET_MQ_send (s->client_mq,
423 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
424 "Sent result to client, session %s has ended!\n",
425 GNUNET_h2s (&s->session_id));
431 * Function called whenever a channel is destroyed. Should clean up
432 * any associated state.
434 * It must NOT call #GNUNET_CADET_channel_destroy() on the channel.
436 * @param cls closure (set from #GNUNET_CADET_connect())
437 * @param channel connection to the other end (henceforth invalid)
438 * @param channel_ctx place where local state associated
439 * with the channel is stored
442 cb_channel_destruction (void *cls,
443 const struct GNUNET_CADET_Channel *channel,
446 struct AliceServiceSession *s = channel_ctx;
448 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
449 "Peer disconnected, terminating session %s with peer %s\n",
450 GNUNET_h2s (&s->session_id),
451 GNUNET_i2s (&s->peer));
452 if (GNUNET_SCALARPRODUCT_STATUS_ACTIVE == s->status)
454 /* We didn't get an answer yet, fail with error */
455 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
456 prepare_client_end_notification (s);
458 if (NULL != s->cadet_mq)
460 GNUNET_MQ_destroy (s->cadet_mq);
468 * Computes the square sum over a vector of a given length.
470 * @param vector the vector to compute over
471 * @param length the length of the vector
472 * @return an MPI value containing the calculated sum, never NULL
475 compute_square_sum_mpi_elements (const struct MpiElement *vector,
482 GNUNET_assert (NULL != (sum = gcry_mpi_new (0)));
483 GNUNET_assert (NULL != (elem = gcry_mpi_new (0)));
484 for (i = 0; i < length; i++)
486 gcry_mpi_mul (elem, vector[i].value, vector[i].value);
487 gcry_mpi_add (sum, sum, elem);
489 gcry_mpi_release (elem);
495 * Computes the square sum over a vector of a given length.
497 * @param vector the vector to compute over
498 * @param length the length of the vector
499 * @return an MPI value containing the calculated sum, never NULL
502 compute_square_sum (const gcry_mpi_t *vector,
509 GNUNET_assert (NULL != (sum = gcry_mpi_new (0)));
510 GNUNET_assert (NULL != (elem = gcry_mpi_new (0)));
511 for (i = 0; i < length; i++)
513 gcry_mpi_mul (elem, vector[i], vector[i]);
514 gcry_mpi_add (sum, sum, elem);
516 gcry_mpi_release (elem);
522 * Compute our scalar product, done by Alice
524 * @param session the session associated with this computation
525 * @return product as MPI, never NULL
528 compute_scalar_product (struct AliceServiceSession *session)
537 gcry_mpi_t r[session->used_element_count];
538 gcry_mpi_t r_prime[session->used_element_count];
543 count = session->used_element_count;
544 // due to the introduced static offset S, we now also have to remove this
545 // from the E(a_pi)(+)E(-b_pi-r_pi) and E(a_qi)(+)E(-r_qi) twice each,
546 // the result is E((S + a_pi) + (S -b_pi-r_pi)) and E(S + a_qi + S - r_qi)
547 for (i = 0; i < count; i++)
549 r[i] = gcry_mpi_new (0);
550 GNUNET_CRYPTO_paillier_decrypt (&my_privkey,
560 r_prime[i] = gcry_mpi_new (0);
561 GNUNET_CRYPTO_paillier_decrypt (&my_privkey,
563 &session->r_prime[i],
565 gcry_mpi_sub (r_prime[i],
568 gcry_mpi_sub (r_prime[i],
573 // calculate t = sum(ai)
574 t = compute_square_sum_mpi_elements (session->sorted_elements,
577 u = gcry_mpi_new (0);
578 tmp = compute_square_sum (r, count);
579 gcry_mpi_sub (u, u, tmp);
580 gcry_mpi_release (tmp);
583 u_prime = gcry_mpi_new (0);
584 tmp = compute_square_sum (r_prime, count);
585 gcry_mpi_sub (u_prime, u_prime, tmp);
587 GNUNET_assert (p = gcry_mpi_new (0));
588 GNUNET_assert (p_prime = gcry_mpi_new (0));
589 GNUNET_assert (s = gcry_mpi_new (0));
590 GNUNET_assert (s_prime = gcry_mpi_new (0));
593 GNUNET_CRYPTO_paillier_decrypt (&my_privkey,
597 GNUNET_CRYPTO_paillier_decrypt (&my_privkey,
603 gcry_mpi_add (p, s, t);
604 gcry_mpi_add (p, p, u);
607 gcry_mpi_add (p_prime, s_prime, t);
608 gcry_mpi_add (p_prime, p_prime, u_prime);
610 gcry_mpi_release (t);
611 gcry_mpi_release (u);
612 gcry_mpi_release (u_prime);
613 gcry_mpi_release (s);
614 gcry_mpi_release (s_prime);
617 gcry_mpi_sub (p, p, p_prime);
618 gcry_mpi_release (p_prime);
619 tmp = gcry_mpi_set_ui (tmp, 2);
620 gcry_mpi_div (p, NULL, p, tmp, 0);
622 gcry_mpi_release (tmp);
623 for (i = 0; i < count; i++)
625 gcry_mpi_release (session->sorted_elements[i].value);
626 gcry_mpi_release (r[i]);
627 gcry_mpi_release (r_prime[i]);
629 GNUNET_free (session->sorted_elements);
630 session->sorted_elements = NULL;
631 GNUNET_free (session->r);
633 GNUNET_free (session->r_prime);
634 session->r_prime = NULL;
641 * Handle a multipart chunk of a response we got from another service
642 * we wanted to calculate a scalarproduct with.
644 * @param cls closure (set from #GNUNET_CADET_connect)
645 * @param channel connection to the other end
646 * @param channel_ctx place to store local state associated with the @a channel
647 * @param message the actual message
648 * @return #GNUNET_OK to keep the connection open,
649 * #GNUNET_SYSERR to close it (signal serious error)
652 handle_bobs_cryptodata_multipart (void *cls,
653 struct GNUNET_CADET_Channel *channel,
655 const struct GNUNET_MessageHeader *message)
657 struct AliceServiceSession *s = *channel_ctx;
658 const struct BobCryptodataMultipartMessage *msg;
659 const struct GNUNET_CRYPTO_PaillierCiphertext *payload;
663 size_t required_size;
668 return GNUNET_SYSERR;
670 msg_size = ntohs (message->size);
671 if (sizeof (struct BobCryptodataMultipartMessage) > msg_size)
674 return GNUNET_SYSERR;
676 msg = (const struct BobCryptodataMultipartMessage *) message;
677 contained = ntohl (msg->contained_element_count);
678 required_size = sizeof (struct BobCryptodataMultipartMessage)
679 + 2 * contained * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext);
680 if ( (required_size != msg_size) ||
681 (s->cadet_received_element_count + contained > s->used_element_count) )
684 return GNUNET_SYSERR;
687 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
688 "Received %u additional crypto values from Bob\n",
689 (unsigned int) contained);
691 payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
692 /* Convert each k[][perm] to its MPI_value */
693 for (i = 0; i < contained; i++)
695 GNUNET_memcpy (&s->r[s->cadet_received_element_count + i],
697 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
698 GNUNET_memcpy (&s->r_prime[s->cadet_received_element_count + i],
700 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
702 s->cadet_received_element_count += contained;
703 GNUNET_CADET_receive_done (s->channel);
704 if (s->cadet_received_element_count != s->used_element_count)
707 s->product = compute_scalar_product (s);
708 transmit_client_response (s);
714 * Handle a response we got from another service we wanted to
715 * calculate a scalarproduct with.
717 * @param cls closure (set from #GNUNET_CADET_connect)
718 * @param channel connection to the other end
719 * @param channel_ctx place to store local state associated with the channel
720 * @param message the actual message
721 * @return #GNUNET_OK to keep the connection open,
722 * #GNUNET_SYSERR to close it (we are done)
725 handle_bobs_cryptodata_message (void *cls,
726 struct GNUNET_CADET_Channel *channel,
728 const struct GNUNET_MessageHeader *message)
730 struct AliceServiceSession *s = *channel_ctx;
731 const struct BobCryptodataMessage *msg;
732 const struct GNUNET_CRYPTO_PaillierCiphertext *payload;
736 size_t required_size;
741 return GNUNET_SYSERR;
743 msg_size = ntohs (message->size);
744 if (sizeof (struct BobCryptodataMessage) > msg_size)
747 return GNUNET_SYSERR;
749 msg = (const struct BobCryptodataMessage *) message;
750 contained = ntohl (msg->contained_element_count);
751 required_size = sizeof (struct BobCryptodataMessage)
752 + 2 * contained * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext)
753 + 2 * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext);
754 if ( (msg_size != required_size) ||
755 (contained > UINT16_MAX) ||
756 (s->used_element_count < contained) )
759 return GNUNET_SYSERR;
761 if (NULL == s->sorted_elements)
763 /* we're not ready yet, how can Bob be? */
765 return GNUNET_SYSERR;
767 if (s->total != s->client_received_element_count)
769 /* we're not ready yet, how can Bob be? */
771 return GNUNET_SYSERR;
773 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
774 "Received %u crypto values from Bob\n",
775 (unsigned int) contained);
777 payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
778 GNUNET_memcpy (&s->s,
780 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
781 GNUNET_memcpy (&s->s_prime,
783 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
784 payload = &payload[2];
786 s->r = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * s->used_element_count);
787 s->r_prime = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * s->used_element_count);
788 for (i = 0; i < contained; i++)
790 GNUNET_memcpy (&s->r[i],
792 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
793 GNUNET_memcpy (&s->r_prime[i],
795 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
797 s->cadet_received_element_count = contained;
798 GNUNET_CADET_receive_done (s->channel);
800 if (s->cadet_received_element_count != s->used_element_count)
806 s->product = compute_scalar_product (s);
807 transmit_client_response (s);
813 * Iterator to copy over messages from the hash map
814 * into an array for sorting.
816 * @param cls the `struct AliceServiceSession *`
817 * @param key the key (unused)
818 * @param value the `struct GNUNET_SCALARPRODUCT_Element *`
821 copy_element_cb (void *cls,
822 const struct GNUNET_HashCode *key,
825 struct AliceServiceSession *s = cls;
826 struct GNUNET_SCALARPRODUCT_Element *e = value;
830 mval = gcry_mpi_new (0);
831 val = (int64_t) GNUNET_ntohll (e->value);
833 gcry_mpi_sub_ui (mval, mval, -val);
835 gcry_mpi_add_ui (mval, mval, val);
836 s->sorted_elements [s->used_element_count].value = mval;
837 s->sorted_elements [s->used_element_count].key = &e->key;
838 s->used_element_count++;
844 * Compare two `struct MpiValue`s by key for sorting.
846 * @param a pointer to first `struct MpiValue *`
847 * @param b pointer to first `struct MpiValue *`
848 * @return -1 for a < b, 0 for a=b, 1 for a > b.
851 element_cmp (const void *a,
854 const struct MpiElement *ma = a;
855 const struct MpiElement *mb = b;
857 return GNUNET_CRYPTO_hash_cmp (ma->key,
863 * Maximum number of elements we can put into a single cryptodata
866 #define ELEMENT_CAPACITY ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct AliceCryptodataMessage)) / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext))
870 * Send the cryptographic data from Alice to Bob.
871 * Does nothing if we already transferred all elements.
873 * @param s the associated service session
876 send_alices_cryptodata_message (struct AliceServiceSession *s)
878 struct AliceCryptodataMessage *msg;
879 struct GNUNET_MQ_Envelope *e;
880 struct GNUNET_CRYPTO_PaillierCiphertext *payload;
887 = GNUNET_malloc (GNUNET_CONTAINER_multihashmap_size (s->intersected_elements) *
888 sizeof (struct MpiElement));
889 s->used_element_count = 0;
890 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
893 LOG (GNUNET_ERROR_TYPE_DEBUG,
894 "Finished intersection, %d items remain\n",
895 s->used_element_count);
896 qsort (s->sorted_elements,
897 s->used_element_count,
898 sizeof (struct MpiElement),
901 while (off < s->used_element_count)
903 todo_count = s->used_element_count - off;
904 if (todo_count > ELEMENT_CAPACITY)
905 todo_count = ELEMENT_CAPACITY;
906 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
907 "Sending %u/%u crypto values to Bob\n",
908 (unsigned int) todo_count,
909 (unsigned int) s->used_element_count);
911 e = GNUNET_MQ_msg_extra (msg,
912 todo_count * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext),
913 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_CRYPTODATA);
914 msg->contained_element_count = htonl (todo_count);
915 payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
916 a = gcry_mpi_new (0);
917 for (i = off; i < off + todo_count; i++)
920 s->sorted_elements[i].value,
923 GNUNET_CRYPTO_paillier_encrypt (&my_pubkey,
928 gcry_mpi_release (a);
930 GNUNET_MQ_send (s->cadet_mq,
937 * Callback for set operation results. Called for each element
938 * that should be removed from the result set, and then once
939 * to indicate that the set intersection operation is done.
941 * @param cls closure with the `struct AliceServiceSession`
942 * @param element a result element, only valid if status is #GNUNET_SET_STATUS_OK
943 * @param status what has happened with the set intersection?
946 cb_intersection_element_removed (void *cls,
947 const struct GNUNET_SET_Element *element,
948 enum GNUNET_SET_Status status)
950 struct AliceServiceSession *s = cls;
951 struct GNUNET_SCALARPRODUCT_Element *se;
955 case GNUNET_SET_STATUS_OK:
956 /* this element has been removed from the set */
957 se = GNUNET_CONTAINER_multihashmap_get (s->intersected_elements,
959 GNUNET_assert (NULL != se);
960 LOG (GNUNET_ERROR_TYPE_DEBUG,
961 "Intersection removed element with key %s and value %lld\n",
962 GNUNET_h2s (&se->key),
963 (long long) GNUNET_ntohll (se->value));
964 GNUNET_assert (GNUNET_YES ==
965 GNUNET_CONTAINER_multihashmap_remove (s->intersected_elements,
970 case GNUNET_SET_STATUS_DONE:
971 s->intersection_op = NULL;
972 if (NULL != s->intersection_set)
974 GNUNET_SET_destroy (s->intersection_set);
975 s->intersection_set = NULL;
977 send_alices_cryptodata_message (s);
979 case GNUNET_SET_STATUS_HALF_DONE:
980 /* unexpected for intersection */
983 case GNUNET_SET_STATUS_FAILURE:
984 /* unhandled status code */
985 LOG (GNUNET_ERROR_TYPE_DEBUG,
986 "Set intersection failed!\n");
987 if (NULL != s->intersection_listen)
989 GNUNET_SET_listen_cancel (s->intersection_listen);
990 s->intersection_listen = NULL;
992 s->intersection_op = NULL;
993 if (NULL != s->intersection_set)
995 GNUNET_SET_destroy (s->intersection_set);
996 s->intersection_set = NULL;
998 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
999 prepare_client_end_notification (s);
1009 * Called when another peer wants to do a set operation with the
1010 * local peer. If a listen error occurs, the @a request is NULL.
1012 * @param cls closure with the `struct AliceServiceSession *`
1013 * @param other_peer the other peer
1014 * @param context_msg message with application specific information from
1016 * @param request request from the other peer (never NULL), use GNUNET_SET_accept()
1017 * to accept it, otherwise the request will be refused
1018 * Note that we can't just return value from the listen callback,
1019 * as it is also necessary to specify the set we want to do the
1020 * operation with, whith sometimes can be derived from the context
1021 * message. It's necessary to specify the timeout.
1024 cb_intersection_request_alice (void *cls,
1025 const struct GNUNET_PeerIdentity *other_peer,
1026 const struct GNUNET_MessageHeader *context_msg,
1027 struct GNUNET_SET_Request *request)
1029 struct AliceServiceSession *s = cls;
1031 if (0 != memcmp (other_peer,
1033 sizeof (struct GNUNET_PeerIdentity)))
1035 GNUNET_break_op (0);
1039 = GNUNET_SET_accept (request,
1040 GNUNET_SET_RESULT_REMOVED,
1041 &cb_intersection_element_removed,
1043 if (NULL == s->intersection_op)
1046 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1047 prepare_client_end_notification (s);
1051 GNUNET_SET_commit (s->intersection_op,
1052 s->intersection_set))
1055 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1056 prepare_client_end_notification (s);
1059 GNUNET_SET_destroy (s->intersection_set);
1060 s->intersection_set = NULL;
1061 GNUNET_SET_listen_cancel (s->intersection_listen);
1062 s->intersection_listen = NULL;
1067 * Our client has finished sending us its multipart message.
1069 * @param session the service session context
1072 client_request_complete_alice (struct AliceServiceSession *s)
1074 struct ServiceRequestMessage *msg;
1075 struct GNUNET_MQ_Envelope *e;
1077 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1078 "Creating new channel for session with key %s.\n",
1079 GNUNET_h2s (&s->session_id));
1081 = GNUNET_CADET_channel_create (my_cadet,
1085 GNUNET_CADET_OPTION_RELIABLE);
1086 if (NULL == s->channel)
1088 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1089 prepare_client_end_notification (s);
1092 s->cadet_mq = GNUNET_CADET_mq_create (s->channel);
1093 s->intersection_listen
1094 = GNUNET_SET_listen (cfg,
1095 GNUNET_SET_OPERATION_INTERSECTION,
1097 &cb_intersection_request_alice,
1099 if (NULL == s->intersection_listen)
1101 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
1102 GNUNET_CADET_channel_destroy (s->channel);
1104 prepare_client_end_notification (s);
1108 e = GNUNET_MQ_msg (msg,
1109 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SESSION_INITIALIZATION);
1110 msg->session_id = s->session_id;
1111 msg->public_key = my_pubkey;
1112 GNUNET_MQ_send (s->cadet_mq,
1118 * We're receiving additional set data. Add it to our
1119 * set and if we are done, initiate the transaction.
1121 * @param cls closure
1122 * @param client identification of the client
1123 * @param message the actual message
1126 GSS_handle_alice_client_message_multipart (void *cls,
1127 struct GNUNET_SERVER_Client *client,
1128 const struct GNUNET_MessageHeader *message)
1130 const struct ComputationBobCryptodataMultipartMessage * msg;
1131 struct AliceServiceSession *s;
1132 uint32_t contained_count;
1133 const struct GNUNET_SCALARPRODUCT_Element *elements;
1136 struct GNUNET_SET_Element set_elem;
1137 struct GNUNET_SCALARPRODUCT_Element *elem;
1139 s = GNUNET_SERVER_client_get_user_context (client,
1140 struct AliceServiceSession);
1143 /* session needs to already exist */
1145 GNUNET_SERVER_receive_done (client,
1149 msize = ntohs (message->size);
1150 if (msize < sizeof (struct ComputationBobCryptodataMultipartMessage))
1153 GNUNET_SERVER_receive_done (client,
1157 msg = (const struct ComputationBobCryptodataMultipartMessage *) message;
1158 contained_count = ntohl (msg->element_count_contained);
1160 if ( (msize != (sizeof (struct ComputationBobCryptodataMultipartMessage) +
1161 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) ||
1162 (0 == contained_count) ||
1163 (s->total == s->client_received_element_count) ||
1164 (s->total < s->client_received_element_count + contained_count) )
1166 GNUNET_break_op (0);
1167 GNUNET_SERVER_receive_done (client,
1171 s->client_received_element_count += contained_count;
1172 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1173 for (i = 0; i < contained_count; i++)
1175 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1176 GNUNET_memcpy (elem,
1178 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1179 if (GNUNET_SYSERR ==
1180 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1183 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1189 set_elem.data = &elem->key;
1190 set_elem.size = sizeof (elem->key);
1191 set_elem.element_type = 0;
1192 GNUNET_SET_add_element (s->intersection_set,
1195 s->used_element_count++;
1197 GNUNET_SERVER_receive_done (client,
1199 if (s->total != s->client_received_element_count)
1204 client_request_complete_alice (s);
1209 * Handler for Alice's client request message.
1210 * We are doing request-initiation to compute a scalar product with a peer.
1212 * @param cls closure
1213 * @param client identification of the client
1214 * @param message the actual message
1217 GSS_handle_alice_client_message (void *cls,
1218 struct GNUNET_SERVER_Client *client,
1219 const struct GNUNET_MessageHeader *message)
1221 const struct AliceComputationMessage *msg;
1222 struct AliceServiceSession *s;
1223 uint32_t contained_count;
1224 uint32_t total_count;
1225 const struct GNUNET_SCALARPRODUCT_Element *elements;
1228 struct GNUNET_SET_Element set_elem;
1229 struct GNUNET_SCALARPRODUCT_Element *elem;
1231 s = GNUNET_SERVER_client_get_user_context (client,
1232 struct AliceServiceSession);
1235 /* only one concurrent session per client connection allowed,
1236 simplifies logic a lot... */
1238 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1241 msize = ntohs (message->size);
1242 if (msize < sizeof (struct AliceComputationMessage))
1245 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1248 msg = (const struct AliceComputationMessage *) message;
1249 total_count = ntohl (msg->element_count_total);
1250 contained_count = ntohl (msg->element_count_contained);
1251 if ( (0 == total_count) ||
1252 (0 == contained_count) ||
1253 (msize != (sizeof (struct AliceComputationMessage) +
1254 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) )
1256 GNUNET_break_op (0);
1257 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1261 s = GNUNET_new (struct AliceServiceSession);
1262 s->peer = msg->peer;
1263 s->status = GNUNET_SCALARPRODUCT_STATUS_ACTIVE;
1265 s->client_mq = GNUNET_MQ_queue_for_server_client (client);
1266 s->total = total_count;
1267 s->client_received_element_count = contained_count;
1268 s->session_id = msg->session_key;
1269 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1270 s->intersected_elements = GNUNET_CONTAINER_multihashmap_create (s->total,
1272 s->intersection_set = GNUNET_SET_create (cfg,
1273 GNUNET_SET_OPERATION_INTERSECTION);
1274 for (i = 0; i < contained_count; i++)
1276 if (0 == GNUNET_ntohll (elements[i].value))
1278 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1279 GNUNET_memcpy (elem,
1281 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1282 if (GNUNET_SYSERR ==
1283 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1286 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1288 /* element with same key encountered twice! */
1293 set_elem.data = &elem->key;
1294 set_elem.size = sizeof (elem->key);
1295 set_elem.element_type = 0;
1296 GNUNET_SET_add_element (s->intersection_set,
1299 s->used_element_count++;
1301 GNUNET_SERVER_client_set_user_context (client,
1303 GNUNET_SERVER_receive_done (client,
1305 if (s->total != s->client_received_element_count)
1307 /* wait for multipart msg */
1310 client_request_complete_alice (s);
1315 * Task run during shutdown.
1320 shutdown_task (void *cls)
1322 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1323 "Shutting down, initiating cleanup.\n");
1324 // FIXME: we have to cut our connections to CADET first!
1325 if (NULL != my_cadet)
1327 GNUNET_CADET_disconnect (my_cadet);
1334 * A client disconnected.
1336 * Remove the associated session(s), release data structures
1337 * and cancel pending outgoing transmissions to the client.
1339 * @param cls closure, NULL
1340 * @param client identification of the client
1343 handle_client_disconnect (void *cls,
1344 struct GNUNET_SERVER_Client *client)
1346 struct AliceServiceSession *s;
1350 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1351 "Client %p disconnected from us.\n",
1353 s = GNUNET_SERVER_client_get_user_context (client,
1354 struct AliceServiceSession);
1358 GNUNET_SERVER_client_set_user_context (client,
1360 destroy_service_session (s);
1365 * Initialization of the program and message handlers
1367 * @param cls closure
1368 * @param server the initialized server
1369 * @param c configuration to use
1373 struct GNUNET_SERVER_Handle *server,
1374 const struct GNUNET_CONFIGURATION_Handle *c)
1376 static const struct GNUNET_CADET_MessageHandler cadet_handlers[] = {
1377 { &handle_bobs_cryptodata_message,
1378 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA,
1380 { &handle_bobs_cryptodata_multipart,
1381 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA_MULTIPART,
1385 static const struct GNUNET_SERVER_MessageHandler server_handlers[] = {
1386 { &GSS_handle_alice_client_message, NULL,
1387 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_ALICE,
1389 { &GSS_handle_alice_client_message_multipart, NULL,
1390 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_MUTLIPART_ALICE,
1397 offset has to be sufficiently small to allow computation of:
1398 m1+m2 mod n == (S + a) + (S + b) mod n,
1399 if we have more complex operations, this factor needs to be lowered */
1400 my_offset = gcry_mpi_new (GNUNET_CRYPTO_PAILLIER_BITS / 3);
1401 gcry_mpi_set_bit (my_offset,
1402 GNUNET_CRYPTO_PAILLIER_BITS / 3);
1404 GNUNET_CRYPTO_paillier_create (&my_pubkey,
1406 GNUNET_SERVER_add_handlers (server,
1408 GNUNET_SERVER_disconnect_notify (server,
1409 &handle_client_disconnect,
1411 my_cadet = GNUNET_CADET_connect (cfg, NULL,
1412 &cb_channel_destruction,
1414 if (NULL == my_cadet)
1416 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1417 _("Connect to CADET failed\n"));
1418 GNUNET_SCHEDULER_shutdown ();
1421 GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
1428 * The main function for the scalarproduct service.
1430 * @param argc number of arguments from the command line
1431 * @param argv command line arguments
1432 * @return 0 ok, 1 on error
1438 return (GNUNET_OK ==
1439 GNUNET_SERVICE_run (argc, argv,
1440 "scalarproduct-alice",
1441 GNUNET_SERVICE_OPTION_NONE,
1442 &run, NULL)) ? 0 : 1;
1445 /* end of gnunet-service-scalarproduct_alice.c */