2 This file is part of GNUnet.
3 Copyright (C) 2013, 2014, 2016 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * @file scalarproduct/gnunet-service-scalarproduct_bob.c
20 * @brief scalarproduct service implementation
21 * @author Christian M. Fuchs
22 * @author Christian Grothoff
27 #include "gnunet_util_lib.h"
28 #include "gnunet_core_service.h"
29 #include "gnunet_cadet_service.h"
30 #include "gnunet_applications.h"
31 #include "gnunet_protocols.h"
32 #include "gnunet_scalarproduct_service.h"
33 #include "gnunet_set_service.h"
34 #include "scalarproduct.h"
35 #include "gnunet-service-scalarproduct.h"
37 #define LOG(kind,...) GNUNET_log_from (kind, "scalarproduct-bob", __VA_ARGS__)
41 * An encrypted element key-value pair.
46 * Key used to identify matching pairs of values to multiply.
47 * Points into an existing data structure, to avoid copying
48 * and doubling memory use.
50 const struct GNUNET_HashCode *key;
53 * Value represented (a).
60 * A scalarproduct session which tracks an offer for a
61 * multiplication service by a local client.
63 struct BobServiceSession
67 * (hopefully) unique transaction ID
69 struct GNUNET_HashCode session_id;
72 * The client this request is related to.
74 struct GNUNET_SERVICE_Client *client;
77 * Client message queue.
79 struct GNUNET_MQ_Handle *client_mq;
82 * All non-0-value'd elements transmitted to us.
84 struct GNUNET_CONTAINER_MultiHashMap *intersected_elements;
87 * Set of elements for which we will be conducting an intersection.
88 * The resulting elements are then used for computing the scalar product.
90 struct GNUNET_SET_Handle *intersection_set;
93 * Set of elements for which will conduction an intersection.
94 * the resulting elements are then used for computing the scalar product.
96 struct GNUNET_SET_OperationHandle *intersection_op;
99 * CADET port we are listening on.
101 struct GNUNET_CADET_Port *port;
106 struct MpiElement *sorted_elements;
109 * E(ai)(Bob) after applying the mask
111 struct GNUNET_CRYPTO_PaillierCiphertext *e_a;
114 * Bob's permutation p of R
116 struct GNUNET_CRYPTO_PaillierCiphertext *r;
119 * Bob's permutation q of R
121 struct GNUNET_CRYPTO_PaillierCiphertext *r_prime;
126 struct GNUNET_CRYPTO_PaillierCiphertext s;
131 struct GNUNET_CRYPTO_PaillierCiphertext s_prime;
134 * Handle for our associated incoming CADET session, or NULL
135 * if we have not gotten one yet.
137 struct CadetIncomingSession *cadet;
140 * How many elements will be supplied in total from the client.
145 * Already transferred elements (received) for multipart
146 * messages from client. Always less than @e total.
148 uint32_t client_received_element_count;
151 * How many elements actually are used for the scalar product.
152 * Size of the arrays in @e r and @e r_prime. Also sometimes
153 * used as an index into the arrays during construction.
155 uint32_t used_element_count;
158 * Counts the number of values received from Alice by us.
159 * Always less than @e used_element_count.
161 uint32_t cadet_received_element_count;
164 * Counts the number of values transmitted from us to Alice.
165 * Always less than @e used_element_count.
167 uint32_t cadet_transmitted_element_count;
170 * State of this session. In
171 * #GNUNET_SCALARPRODUCT_STATUS_ACTIVE while operation is
172 * ongoing, afterwards in #GNUNET_SCALARPRODUCT_STATUS_SUCCESS or
173 * #GNUNET_SCALARPRODUCT_STATUS_FAILURE.
175 enum GNUNET_SCALARPRODUCT_ResponseStatus status;
178 * Are we already in #destroy_service_session()?
185 struct GNUNET_CADET_Channel *channel;
188 * Originator's peer identity. (Only for diagnostics.)
190 struct GNUNET_PeerIdentity peer;
193 * Public key of the remote service.
195 struct GNUNET_CRYPTO_PaillierPublicKey remote_pubkey;
198 * The message queue for this channel.
200 struct GNUNET_MQ_Handle *cadet_mq;
207 * GNUnet configuration handle
209 static const struct GNUNET_CONFIGURATION_Handle *cfg;
212 * Service's own public key
214 static struct GNUNET_CRYPTO_PaillierPublicKey my_pubkey;
217 * Service's own private key
219 static struct GNUNET_CRYPTO_PaillierPrivateKey my_privkey;
222 * Service's offset for values that could possibly be negative but are plaintext for encryption.
224 static gcry_mpi_t my_offset;
227 * Handle to the CADET service.
229 static struct GNUNET_CADET_Handle *my_cadet;
233 * Callback used to free the elements in the map.
236 * @param key key of the element
237 * @param value the value to free
240 free_element_cb (void *cls,
241 const struct GNUNET_HashCode *key,
244 struct GNUNET_SCALARPRODUCT_Element *element = value;
246 GNUNET_free (element);
252 * Destroy session state, we are done with it.
254 * @param session the session to free elements from
257 destroy_service_session (struct BobServiceSession *s)
261 if (GNUNET_YES == s->in_destroy)
263 s->in_destroy = GNUNET_YES;
264 if (NULL != s->client)
266 struct GNUNET_SERVICE_Client *c = s->client;
269 GNUNET_SERVICE_client_drop (c);
271 if (NULL != s->intersected_elements)
273 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
276 GNUNET_CONTAINER_multihashmap_destroy (s->intersected_elements);
277 s->intersected_elements = NULL;
279 if (NULL != s->intersection_op)
281 GNUNET_SET_operation_cancel (s->intersection_op);
282 s->intersection_op = NULL;
284 if (NULL != s->intersection_set)
286 GNUNET_SET_destroy (s->intersection_set);
287 s->intersection_set = NULL;
291 GNUNET_free (s->e_a);
294 if (NULL != s->sorted_elements)
296 for (i=0;i<s->used_element_count;i++)
297 gcry_mpi_release (s->sorted_elements[i].value);
298 GNUNET_free (s->sorted_elements);
299 s->sorted_elements = NULL;
306 if (NULL != s->r_prime)
308 GNUNET_free (s->r_prime);
313 GNUNET_CADET_close_port (s->port);
316 if (NULL != s->channel)
318 GNUNET_CADET_channel_destroy (s->channel);
326 * Notify the client that the session has succeeded or failed. This
327 * message gets sent to Bob's client if the operation completed or
328 * Alice disconnected.
330 * @param session the associated client session to fail or succeed
333 prepare_client_end_notification (struct BobServiceSession *session)
335 struct ClientResponseMessage *msg;
336 struct GNUNET_MQ_Envelope *e;
338 if (NULL == session->client_mq)
339 return; /* no client left to be notified */
340 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
341 "Sending session-end notification with status %d to client for session %s\n",
343 GNUNET_h2s (&session->session_id));
344 e = GNUNET_MQ_msg (msg,
345 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_RESULT);
347 msg->product_length = htonl (0);
348 msg->status = htonl (session->status);
349 GNUNET_MQ_send (session->client_mq,
355 * Function called whenever a channel is destroyed. Should clean up
356 * any associated state.
358 * It must NOT call #GNUNET_CADET_channel_destroy() on the channel.
360 * @param cls the `struct BobServiceSession`
361 * @param channel connection to the other end (henceforth invalid)
364 cb_channel_destruction (void *cls,
365 const struct GNUNET_CADET_Channel *channel)
367 struct BobServiceSession *s = cls;
369 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
370 "Peer disconnected, terminating session %s with peer %s\n",
371 GNUNET_h2s (&s->session_id),
372 GNUNET_i2s (&s->peer));
373 if (GNUNET_SCALARPRODUCT_STATUS_ACTIVE == s->status)
375 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
376 prepare_client_end_notification (s);
379 destroy_service_session (s);
384 * MQ finished giving our last message to CADET, now notify
385 * the client that we are finished.
388 bob_cadet_done_cb (void *cls)
390 struct BobServiceSession *session = cls;
392 session->status = GNUNET_SCALARPRODUCT_STATUS_SUCCESS;
393 prepare_client_end_notification (session);
398 * Maximum count of elements we can put into a multipart message
400 #define ELEMENT_CAPACITY ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct BobCryptodataMultipartMessage)) / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext))
404 * Send a multipart chunk of a service response from Bob to Alice.
405 * This element only contains the two permutations of R, R'.
407 * @param s the associated service session
410 transmit_bobs_cryptodata_message_multipart (struct BobServiceSession *s)
412 struct GNUNET_CRYPTO_PaillierCiphertext *payload;
413 struct BobCryptodataMultipartMessage *msg;
414 struct GNUNET_MQ_Envelope *e;
419 while (s->cadet_transmitted_element_count != s->used_element_count)
421 todo_count = s->used_element_count - s->cadet_transmitted_element_count;
422 if (todo_count > ELEMENT_CAPACITY / 2)
423 todo_count = ELEMENT_CAPACITY / 2;
425 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
426 "Sending %u additional crypto values to Alice\n",
427 (unsigned int) todo_count);
428 e = GNUNET_MQ_msg_extra (msg,
429 todo_count * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * 2,
430 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA_MULTIPART);
431 msg->contained_element_count = htonl (todo_count);
432 payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
433 for (i = s->cadet_transmitted_element_count, j = 0; i < s->cadet_transmitted_element_count + todo_count; i++)
435 //r[i][p] and r[i][q]
436 GNUNET_memcpy (&payload[j++],
438 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
439 GNUNET_memcpy (&payload[j++],
441 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
443 s->cadet_transmitted_element_count += todo_count;
444 if (s->cadet_transmitted_element_count == s->used_element_count)
445 GNUNET_MQ_notify_sent (e,
448 GNUNET_MQ_send (s->cadet_mq,
451 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
452 "All values queued for Alice, Bob is done\n");
457 * Bob generates the response message to be sent to Alice after
458 * computing the values (1), (2), S and S'.
460 * (1)[]: $E_A(a_{pi(i)}) times E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$
461 * (2)[]: $E_A(a_{pi'(i)}) times E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$
462 * S: $S := E_A(sum (r_i + b_i)^2)$
463 * S': $S' := E_A(sum r_i^2)$
465 * @param s the associated requesting session with Alice
468 transmit_bobs_cryptodata_message (struct BobServiceSession *s)
470 struct BobCryptodataMessage *msg;
471 struct GNUNET_MQ_Envelope *e;
472 struct GNUNET_CRYPTO_PaillierCiphertext *payload;
475 s->cadet_transmitted_element_count
476 = ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct BobCryptodataMessage))
477 / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) / 2) - 1;
478 if (s->cadet_transmitted_element_count > s->used_element_count)
479 s->cadet_transmitted_element_count = s->used_element_count;
481 e = GNUNET_MQ_msg_extra (msg,
482 (2 + s->cadet_transmitted_element_count * 2)
483 * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext),
484 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA);
485 msg->contained_element_count = htonl (s->cadet_transmitted_element_count);
487 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
488 "Sending %u/%u crypto values to Alice\n",
489 (unsigned int) s->cadet_transmitted_element_count,
490 (unsigned int) s->used_element_count);
492 payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
493 GNUNET_memcpy (&payload[0],
495 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
496 GNUNET_memcpy (&payload[1],
498 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
500 payload = &payload[2];
502 for (i = 0; i < s->cadet_transmitted_element_count; i++)
504 //k[i][p] and k[i][q]
505 GNUNET_memcpy (&payload[i * 2],
507 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
508 GNUNET_memcpy (&payload[i * 2 + 1],
510 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
512 if (s->cadet_transmitted_element_count == s->used_element_count)
513 GNUNET_MQ_notify_sent (e,
516 GNUNET_MQ_send (s->cadet_mq,
518 transmit_bobs_cryptodata_message_multipart (s);
520 #undef ELEMENT_CAPACITY
524 * Computes the square sum over a vector of a given length.
526 * @param vector the vector to compute over
527 * @param length the length of the vector
528 * @return an MPI value containing the calculated sum, never NULL
529 * TODO: code duplication with Alice!
532 compute_square_sum (const gcry_mpi_t *vector,
539 GNUNET_assert (NULL != (sum = gcry_mpi_new (0)));
540 GNUNET_assert (NULL != (elem = gcry_mpi_new (0)));
541 for (i = 0; i < length; i++)
543 gcry_mpi_mul (elem, vector[i], vector[i]);
544 gcry_mpi_add (sum, sum, elem);
546 gcry_mpi_release (elem);
553 * (1)[]: $E_A(a_{pi(i)}) otimes E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$
554 * (2)[]: $E_A(a_{pi'(i)}) otimes E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$
555 * S: $S := E_A(sum (r_i + b_i)^2)$
556 * S': $S' := E_A(sum r_i^2)$
558 * @param request the requesting session + bob's requesting peer
559 * @return #GNUNET_OK on success
562 compute_service_response (struct BobServiceSession *session)
570 const struct MpiElement *b;
571 struct GNUNET_CRYPTO_PaillierCiphertext *a;
572 struct GNUNET_CRYPTO_PaillierCiphertext *r;
573 struct GNUNET_CRYPTO_PaillierCiphertext *r_prime;
575 count = session->used_element_count;
577 b = session->sorted_elements;
578 q = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK,
580 p = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK,
582 rand = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
583 for (i = 0; i < count; i++)
584 GNUNET_assert (NULL != (rand[i] = gcry_mpi_new (0)));
585 r = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * count);
586 r_prime = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * count);
588 for (i = 0; i < count; i++)
592 svalue = (int32_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
594 // long to gcry_mpi_t
596 gcry_mpi_sub_ui (rand[i],
600 rand[i] = gcry_mpi_set_ui (rand[i], svalue);
603 tmp = gcry_mpi_new (0);
604 // encrypt the element
605 // for the sake of readability I decided to have dedicated permutation
606 // vectors, which get rid of all the lookups in p/q.
607 // however, ap/aq are not absolutely necessary but are just abstraction
608 // Calculate Kp = E(S + a_pi) (+) E(S - r_pi - b_pi)
609 for (i = 0; i < count; i++)
611 // E(S - r_pi - b_pi)
612 gcry_mpi_sub (tmp, my_offset, rand[p[i]]);
613 gcry_mpi_sub (tmp, tmp, b[p[i]].value);
615 GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey,
620 // E(S - r_pi - b_pi) * E(S + a_pi) == E(2*S + a - r - b)
622 GNUNET_CRYPTO_paillier_hom_add (&session->remote_pubkey,
632 // Calculate Kq = E(S + a_qi) (+) E(S - r_qi)
633 for (i = 0; i < count; i++)
636 gcry_mpi_sub (tmp, my_offset, rand[q[i]]);
638 GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey,
643 // E(S - r_qi) * E(S + a_qi) == E(2*S + a_qi - r_qi)
645 GNUNET_CRYPTO_paillier_hom_add (&session->remote_pubkey,
654 gcry_mpi_release (tmp);
656 // Calculate S' = E(SUM( r_i^2 ))
657 tmp = compute_square_sum (rand, count);
659 GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey,
663 gcry_mpi_release (tmp);
665 // Calculate S = E(SUM( (r_i + b_i)^2 ))
666 for (i = 0; i < count; i++)
667 gcry_mpi_add (rand[i], rand[i], b[i].value);
668 tmp = compute_square_sum (rand, count);
670 GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey,
674 gcry_mpi_release (tmp);
677 session->r_prime = r_prime;
679 for (i = 0; i < count; i++)
680 gcry_mpi_release (rand[i]);
681 GNUNET_free (session->e_a);
690 GNUNET_free (r_prime);
691 gcry_mpi_release (tmp);
694 for (i = 0; i < count; i++)
695 gcry_mpi_release (rand[i]);
697 return GNUNET_SYSERR;
702 * Iterator to copy over messages from the hash map
703 * into an array for sorting.
705 * @param cls the `struct BobServiceSession *`
706 * @param key the key (unused)
707 * @param value the `struct GNUNET_SCALARPRODUCT_Element *`
708 * TODO: code duplication with Alice!
711 copy_element_cb (void *cls,
712 const struct GNUNET_HashCode *key,
715 struct BobServiceSession *s = cls;
716 struct GNUNET_SCALARPRODUCT_Element *e = value;
720 mval = gcry_mpi_new (0);
721 val = (int64_t) GNUNET_ntohll (e->value);
723 gcry_mpi_sub_ui (mval, mval, -val);
725 gcry_mpi_add_ui (mval, mval, val);
726 s->sorted_elements [s->used_element_count].value = mval;
727 s->sorted_elements [s->used_element_count].key = &e->key;
728 s->used_element_count++;
734 * Compare two `struct MpiValue`s by key for sorting.
736 * @param a pointer to first `struct MpiValue *`
737 * @param b pointer to first `struct MpiValue *`
738 * @return -1 for a < b, 0 for a=b, 1 for a > b.
739 * TODO: code duplication with Alice!
742 element_cmp (const void *a,
745 const struct MpiElement *ma = a;
746 const struct MpiElement *mb = b;
748 return GNUNET_CRYPTO_hash_cmp (ma->key,
754 * Intersection operation and receiving data via CADET from
755 * Alice are both done, compute and transmit our reply via
758 * @param s session to transmit reply for.
761 transmit_cryptographic_reply (struct BobServiceSession *s)
763 struct GNUNET_CADET_Channel *channel;
765 /* TODO: code duplication with Alice! */
766 LOG (GNUNET_ERROR_TYPE_DEBUG,
767 "Received everything, building reply for Alice\n");
769 = GNUNET_malloc (GNUNET_CONTAINER_multihashmap_size (s->intersected_elements) *
770 sizeof (struct MpiElement));
771 s->used_element_count = 0;
772 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
775 qsort (s->sorted_elements,
776 s->used_element_count,
777 sizeof (struct MpiElement),
780 compute_service_response (s))
782 channel = s->channel;
784 GNUNET_CADET_channel_destroy (channel);
787 transmit_bobs_cryptodata_message (s);
792 * Check a multipart-chunk of a request from another service to
793 * calculate a scalarproduct with us.
795 * @param cls the `struct BobServiceSession *`
796 * @param msg the actual message
797 * @return #GNUNET_OK to keep the connection open,
798 * #GNUNET_SYSERR to close it (signal serious error)
801 check_alices_cryptodata_message (void *cls,
802 const struct AliceCryptodataMessage *msg)
804 struct BobServiceSession *s = cls;
805 uint32_t contained_elements;
810 msize = ntohs (msg->header.size);
811 contained_elements = ntohl (msg->contained_element_count);
812 /* Our intersection may still be ongoing, but this is nevertheless
813 an upper bound on the required array size */
814 max = GNUNET_CONTAINER_multihashmap_size (s->intersected_elements);
815 msg_length = sizeof (struct AliceCryptodataMessage)
816 + contained_elements * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext);
817 if ( (msize != msg_length) ||
818 (0 == contained_elements) ||
819 (contained_elements > UINT16_MAX) ||
820 (max < contained_elements + s->cadet_received_element_count) )
823 return GNUNET_SYSERR;
830 * Handle a multipart-chunk of a request from another service to
831 * calculate a scalarproduct with us.
833 * @param cls the `struct BobServiceSession *`
834 * @param msg the actual message
837 handle_alices_cryptodata_message (void *cls,
838 const struct AliceCryptodataMessage *msg)
840 struct BobServiceSession *s = cls;
841 const struct GNUNET_CRYPTO_PaillierCiphertext *payload;
842 uint32_t contained_elements;
845 contained_elements = ntohl (msg->contained_element_count);
846 /* Our intersection may still be ongoing, but this is nevertheless
847 an upper bound on the required array size */
848 max = GNUNET_CONTAINER_multihashmap_size (s->intersected_elements);
849 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
850 "Received %u crypto values from Alice\n",
851 (unsigned int) contained_elements);
853 payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
855 s->e_a = GNUNET_new_array (max,
856 struct GNUNET_CRYPTO_PaillierCiphertext);
857 GNUNET_memcpy (&s->e_a[s->cadet_received_element_count],
859 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * contained_elements);
860 s->cadet_received_element_count += contained_elements;
862 if ( (s->cadet_received_element_count == max) &&
863 (NULL == s->intersection_op) )
865 /* intersection has finished also on our side, and
866 we got the full set, so we can proceed with the
868 transmit_cryptographic_reply (s);
870 GNUNET_CADET_receive_done (s->channel);
875 * Callback for set operation results. Called for each element
876 * that needs to be removed from the result set.
878 * @param cls closure with the `struct BobServiceSession`
879 * @param element a result element, only valid if status is #GNUNET_SET_STATUS_OK
880 * @param current_size current set size
881 * @param status what has happened with the set intersection?
884 cb_intersection_element_removed (void *cls,
885 const struct GNUNET_SET_Element *element,
886 uint64_t current_size,
887 enum GNUNET_SET_Status status)
889 struct BobServiceSession *s = cls;
890 struct GNUNET_SCALARPRODUCT_Element *se;
894 case GNUNET_SET_STATUS_OK:
895 /* this element has been removed from the set */
896 se = GNUNET_CONTAINER_multihashmap_get (s->intersected_elements,
898 GNUNET_assert (NULL != se);
899 LOG (GNUNET_ERROR_TYPE_DEBUG,
900 "Removed element with key %s and value %lld\n",
901 GNUNET_h2s (&se->key),
902 (long long) GNUNET_ntohll (se->value));
903 GNUNET_assert (GNUNET_YES ==
904 GNUNET_CONTAINER_multihashmap_remove (s->intersected_elements,
909 case GNUNET_SET_STATUS_DONE:
910 s->intersection_op = NULL;
911 GNUNET_break (NULL == s->intersection_set);
912 GNUNET_CADET_receive_done (s->channel);
913 LOG (GNUNET_ERROR_TYPE_DEBUG,
914 "Finished intersection, %d items remain\n",
915 GNUNET_CONTAINER_multihashmap_size (s->intersected_elements));
916 if (s->client_received_element_count ==
917 GNUNET_CONTAINER_multihashmap_size (s->intersected_elements))
919 /* CADET transmission from Alice is also already done,
920 start with our own reply */
921 transmit_cryptographic_reply (s);
924 case GNUNET_SET_STATUS_HALF_DONE:
925 /* unexpected for intersection */
928 case GNUNET_SET_STATUS_FAILURE:
929 /* unhandled status code */
930 LOG (GNUNET_ERROR_TYPE_DEBUG,
931 "Set intersection failed!\n");
932 s->intersection_op = NULL;
933 if (NULL != s->intersection_set)
935 GNUNET_SET_destroy (s->intersection_set);
936 s->intersection_set = NULL;
938 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
939 prepare_client_end_notification (s);
949 * We've paired up a client session with an incoming CADET request.
950 * Initiate set intersection work.
952 * @param s client session to start intersection for
955 start_intersection (struct BobServiceSession *s)
957 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
958 "Got session with key %s and %u elements, starting intersection.\n",
959 GNUNET_h2s (&s->session_id),
960 (unsigned int) s->total);
963 = GNUNET_SET_prepare (&s->peer,
966 GNUNET_SET_RESULT_REMOVED,
967 (struct GNUNET_SET_Option[]) {{ 0 }},
968 &cb_intersection_element_removed,
971 GNUNET_SET_commit (s->intersection_op,
972 s->intersection_set))
975 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
976 prepare_client_end_notification (s);
979 GNUNET_SET_destroy (s->intersection_set);
980 s->intersection_set = NULL;
985 * Handle a request from Alice to calculate a scalarproduct with us (Bob).
987 * @param cls the `struct BobServiceSession *`
988 * @param msg the actual message
991 handle_alices_computation_request (void *cls,
992 const struct ServiceRequestMessage *msg)
994 struct BobServiceSession *s = cls;
996 s->session_id = msg->session_id; // ??
997 s->remote_pubkey = msg->public_key;
998 if (s->client_received_element_count == s->total)
999 start_intersection (s);
1004 * Function called for inbound channels on Bob's end. Does some
1005 * preliminary initialization, more happens after we get Alice's first
1008 * @param cls closure with the `struct BobServiceSession`
1009 * @param channel new handle to the channel
1010 * @param initiator peer that started the channel
1011 * @return session associated with the channel
1014 cb_channel_incoming (void *cls,
1015 struct GNUNET_CADET_Channel *channel,
1016 const struct GNUNET_PeerIdentity *initiator)
1018 struct BobServiceSession *s = cls;
1020 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1021 "New incoming channel from peer %s.\n",
1022 GNUNET_i2s (initiator));
1023 GNUNET_CADET_close_port (s->port);
1025 s->channel = channel;
1026 s->peer = *initiator;
1027 s->cadet_mq = GNUNET_CADET_get_mq (s->channel);
1033 * We're receiving additional set data. Check it is well-formed.
1035 * @param cls identification of the client
1036 * @param msg the actual message
1037 * @return #GNUNET_OK if @a msg is well-formed
1040 check_bob_client_message_multipart (void *cls,
1041 const struct ComputationBobCryptodataMultipartMessage *msg)
1043 struct BobServiceSession *s = cls;
1044 uint32_t contained_count;
1047 msize = ntohs (msg->header.size);
1048 contained_count = ntohl (msg->element_count_contained);
1049 if ( (msize != (sizeof (struct ComputationBobCryptodataMultipartMessage) +
1050 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) ||
1051 (0 == contained_count) ||
1052 (UINT16_MAX < contained_count) ||
1053 (s->total == s->client_received_element_count) ||
1054 (s->total < s->client_received_element_count + contained_count) )
1057 return GNUNET_SYSERR;
1064 * We're receiving additional set data. Add it to our
1065 * set and if we are done, initiate the transaction.
1067 * @param cls identification of the client
1068 * @param msg the actual message
1071 handle_bob_client_message_multipart (void *cls,
1072 const struct ComputationBobCryptodataMultipartMessage *msg)
1074 struct BobServiceSession *s = cls;
1075 uint32_t contained_count;
1076 const struct GNUNET_SCALARPRODUCT_Element *elements;
1077 struct GNUNET_SET_Element set_elem;
1078 struct GNUNET_SCALARPRODUCT_Element *elem;
1080 contained_count = ntohl (msg->element_count_contained);
1081 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1082 for (uint32_t i = 0; i < contained_count; i++)
1084 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1085 GNUNET_memcpy (elem,
1087 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1088 if (GNUNET_SYSERR ==
1089 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1092 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1098 set_elem.data = &elem->key;
1099 set_elem.size = sizeof (elem->key);
1100 set_elem.element_type = 0;
1101 GNUNET_SET_add_element (s->intersection_set,
1105 s->client_received_element_count += contained_count;
1106 GNUNET_SERVICE_client_continue (s->client);
1107 if (s->total != s->client_received_element_count)
1112 if (NULL == s->channel)
1114 /* no Alice waiting for this request, wait for Alice */
1117 start_intersection (s);
1122 * Handler for Bob's a client request message. Check @a msg is
1125 * @param cls identification of the client
1126 * @param msg the actual message
1127 * @return #GNUNET_OK if @a msg is well-formed
1130 check_bob_client_message (void *cls,
1131 const struct BobComputationMessage *msg)
1133 struct BobServiceSession *s = cls;
1134 uint32_t contained_count;
1135 uint32_t total_count;
1138 if (GNUNET_SCALARPRODUCT_STATUS_INIT != s->status)
1141 return GNUNET_SYSERR;
1143 msize = ntohs (msg->header.size);
1144 total_count = ntohl (msg->element_count_total);
1145 contained_count = ntohl (msg->element_count_contained);
1146 if ( (0 == total_count) ||
1147 (0 == contained_count) ||
1148 (UINT16_MAX < contained_count) ||
1149 (msize != (sizeof (struct BobComputationMessage) +
1150 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) )
1152 GNUNET_break_op (0);
1153 return GNUNET_SYSERR;
1160 * Handler for Bob's a client request message. Bob is in the response
1161 * role, keep the values + session and waiting for a matching session
1162 * or process a waiting request from Alice.
1164 * @param cls identification of the client
1165 * @param msg the actual message
1168 handle_bob_client_message (void *cls,
1169 const struct BobComputationMessage *msg)
1171 struct BobServiceSession *s = cls;
1172 struct GNUNET_MQ_MessageHandler cadet_handlers[] = {
1173 GNUNET_MQ_hd_fixed_size (alices_computation_request,
1174 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SESSION_INITIALIZATION,
1175 struct ServiceRequestMessage,
1177 GNUNET_MQ_hd_var_size (alices_cryptodata_message,
1178 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_CRYPTODATA,
1179 struct AliceCryptodataMessage,
1181 GNUNET_MQ_handler_end ()
1183 uint32_t contained_count;
1184 uint32_t total_count;
1185 const struct GNUNET_SCALARPRODUCT_Element *elements;
1186 struct GNUNET_SET_Element set_elem;
1187 struct GNUNET_SCALARPRODUCT_Element *elem;
1189 total_count = ntohl (msg->element_count_total);
1190 contained_count = ntohl (msg->element_count_contained);
1192 s->status = GNUNET_SCALARPRODUCT_STATUS_ACTIVE;
1193 s->total = total_count;
1194 s->client_received_element_count = contained_count;
1195 s->session_id = msg->session_key;
1196 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1197 s->intersected_elements
1198 = GNUNET_CONTAINER_multihashmap_create (s->total,
1201 = GNUNET_SET_create (cfg,
1202 GNUNET_SET_OPERATION_INTERSECTION);
1203 for (uint32_t i = 0; i < contained_count; i++)
1205 if (0 == GNUNET_ntohll (elements[i].value))
1207 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1208 GNUNET_memcpy (elem,
1210 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1211 if (GNUNET_SYSERR ==
1212 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1215 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1221 set_elem.data = &elem->key;
1222 set_elem.size = sizeof (elem->key);
1223 set_elem.element_type = 0;
1224 GNUNET_SET_add_element (s->intersection_set,
1227 s->used_element_count++;
1229 GNUNET_SERVICE_client_continue (s->client);
1230 /* We're ready, open the port */
1231 s->port = GNUNET_CADET_open_port (my_cadet,
1233 &cb_channel_incoming,
1236 &cb_channel_destruction,
1238 if (NULL == s->port)
1241 GNUNET_SERVICE_client_drop (s->client);
1248 * Task run during shutdown.
1253 shutdown_task (void *cls)
1255 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1256 "Shutting down, initiating cleanup.\n");
1257 // FIXME: we have to cut our connections to CADET first!
1258 if (NULL != my_cadet)
1260 GNUNET_CADET_disconnect (my_cadet);
1267 * A client connected.
1269 * Setup the associated data structure.
1271 * @param cls closure, NULL
1272 * @param client identification of the client
1273 * @param mq message queue to communicate with @a client
1274 * @return our `struct BobServiceSession`
1277 client_connect_cb (void *cls,
1278 struct GNUNET_SERVICE_Client *client,
1279 struct GNUNET_MQ_Handle *mq)
1281 struct BobServiceSession *s;
1283 s = GNUNET_new (struct BobServiceSession);
1291 * A client disconnected.
1293 * Remove the associated session(s), release data structures
1294 * and cancel pending outgoing transmissions to the client.
1296 * @param cls closure, NULL
1297 * @param client identification of the client
1298 * @param app_cls our `struct BobServiceSession`
1301 client_disconnect_cb (void *cls,
1302 struct GNUNET_SERVICE_Client *client,
1305 struct BobServiceSession *s = app_cls;
1307 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1308 "Client disconnected from us.\n");
1310 destroy_service_session (s);
1315 * Initialization of the program and message handlers
1317 * @param cls closure
1318 * @param c configuration to use
1319 * @param service the initialized service
1323 const struct GNUNET_CONFIGURATION_Handle *c,
1324 struct GNUNET_SERVICE_Handle *service)
1328 offset has to be sufficiently small to allow computation of:
1329 m1+m2 mod n == (S + a) + (S + b) mod n,
1330 if we have more complex operations, this factor needs to be lowered */
1331 my_offset = gcry_mpi_new (GNUNET_CRYPTO_PAILLIER_BITS / 3);
1332 gcry_mpi_set_bit (my_offset,
1333 GNUNET_CRYPTO_PAILLIER_BITS / 3);
1335 GNUNET_CRYPTO_paillier_create (&my_pubkey,
1337 my_cadet = GNUNET_CADET_connect (cfg);
1338 GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
1340 if (NULL == my_cadet)
1342 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1343 _("Connect to CADET failed\n"));
1344 GNUNET_SCHEDULER_shutdown ();
1351 * Define "main" method using service macro.
1354 ("scalarproduct-bob",
1355 GNUNET_SERVICE_OPTION_NONE,
1358 &client_disconnect_cb,
1360 GNUNET_MQ_hd_var_size (bob_client_message,
1361 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_BOB,
1362 struct BobComputationMessage,
1364 GNUNET_MQ_hd_var_size (bob_client_message_multipart,
1365 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_MULTIPART_BOB,
1366 struct ComputationBobCryptodataMultipartMessage,
1368 GNUNET_MQ_handler_end ());
1371 /* end of gnunet-service-scalarproduct_bob.c */