2 This file is part of GNUnet.
3 Copyright (C) 2013, 2014, 2016 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
21 * @file scalarproduct/gnunet-service-scalarproduct_bob.c
22 * @brief scalarproduct service implementation
23 * @author Christian M. Fuchs
24 * @author Christian Grothoff
29 #include "gnunet_util_lib.h"
30 #include "gnunet_core_service.h"
31 #include "gnunet_cadet_service.h"
32 #include "gnunet_applications.h"
33 #include "gnunet_protocols.h"
34 #include "gnunet_scalarproduct_service.h"
35 #include "gnunet_set_service.h"
36 #include "scalarproduct.h"
37 #include "gnunet-service-scalarproduct.h"
39 #define LOG(kind,...) GNUNET_log_from (kind, "scalarproduct-bob", __VA_ARGS__)
43 * An encrypted element key-value pair.
48 * Key used to identify matching pairs of values to multiply.
49 * Points into an existing data structure, to avoid copying
50 * and doubling memory use.
52 const struct GNUNET_HashCode *key;
55 * Value represented (a).
62 * A scalarproduct session which tracks an offer for a
63 * multiplication service by a local client.
65 struct BobServiceSession
69 * (hopefully) unique transaction ID
71 struct GNUNET_HashCode session_id;
74 * The client this request is related to.
76 struct GNUNET_SERVICE_Client *client;
79 * Client message queue.
81 struct GNUNET_MQ_Handle *client_mq;
84 * All non-0-value'd elements transmitted to us.
86 struct GNUNET_CONTAINER_MultiHashMap *intersected_elements;
89 * Set of elements for which we will be conducting an intersection.
90 * The resulting elements are then used for computing the scalar product.
92 struct GNUNET_SET_Handle *intersection_set;
95 * Set of elements for which will conduction an intersection.
96 * the resulting elements are then used for computing the scalar product.
98 struct GNUNET_SET_OperationHandle *intersection_op;
101 * CADET port we are listening on.
103 struct GNUNET_CADET_Port *port;
108 struct MpiElement *sorted_elements;
111 * E(ai)(Bob) after applying the mask
113 struct GNUNET_CRYPTO_PaillierCiphertext *e_a;
116 * Bob's permutation p of R
118 struct GNUNET_CRYPTO_PaillierCiphertext *r;
121 * Bob's permutation q of R
123 struct GNUNET_CRYPTO_PaillierCiphertext *r_prime;
128 struct GNUNET_CRYPTO_PaillierCiphertext s;
133 struct GNUNET_CRYPTO_PaillierCiphertext s_prime;
136 * Handle for our associated incoming CADET session, or NULL
137 * if we have not gotten one yet.
139 struct CadetIncomingSession *cadet;
142 * How many elements will be supplied in total from the client.
147 * Already transferred elements (received) for multipart
148 * messages from client. Always less than @e total.
150 uint32_t client_received_element_count;
153 * How many elements actually are used for the scalar product.
154 * Size of the arrays in @e r and @e r_prime. Also sometimes
155 * used as an index into the arrays during construction.
157 uint32_t used_element_count;
160 * Counts the number of values received from Alice by us.
161 * Always less than @e used_element_count.
163 uint32_t cadet_received_element_count;
166 * Counts the number of values transmitted from us to Alice.
167 * Always less than @e used_element_count.
169 uint32_t cadet_transmitted_element_count;
172 * State of this session. In
173 * #GNUNET_SCALARPRODUCT_STATUS_ACTIVE while operation is
174 * ongoing, afterwards in #GNUNET_SCALARPRODUCT_STATUS_SUCCESS or
175 * #GNUNET_SCALARPRODUCT_STATUS_FAILURE.
177 enum GNUNET_SCALARPRODUCT_ResponseStatus status;
180 * Are we already in #destroy_service_session()?
187 struct GNUNET_CADET_Channel *channel;
190 * Originator's peer identity. (Only for diagnostics.)
192 struct GNUNET_PeerIdentity peer;
195 * Public key of the remote service.
197 struct GNUNET_CRYPTO_PaillierPublicKey remote_pubkey;
200 * The message queue for this channel.
202 struct GNUNET_MQ_Handle *cadet_mq;
209 * GNUnet configuration handle
211 static const struct GNUNET_CONFIGURATION_Handle *cfg;
214 * Service's own public key
216 static struct GNUNET_CRYPTO_PaillierPublicKey my_pubkey;
219 * Service's own private key
221 static struct GNUNET_CRYPTO_PaillierPrivateKey my_privkey;
224 * Service's offset for values that could possibly be negative but are plaintext for encryption.
226 static gcry_mpi_t my_offset;
229 * Handle to the CADET service.
231 static struct GNUNET_CADET_Handle *my_cadet;
235 * Callback used to free the elements in the map.
238 * @param key key of the element
239 * @param value the value to free
242 free_element_cb (void *cls,
243 const struct GNUNET_HashCode *key,
246 struct GNUNET_SCALARPRODUCT_Element *element = value;
248 GNUNET_free (element);
254 * Destroy session state, we are done with it.
256 * @param session the session to free elements from
259 destroy_service_session (struct BobServiceSession *s)
263 if (GNUNET_YES == s->in_destroy)
265 s->in_destroy = GNUNET_YES;
266 if (NULL != s->client)
268 struct GNUNET_SERVICE_Client *c = s->client;
271 GNUNET_SERVICE_client_drop (c);
273 if (NULL != s->intersected_elements)
275 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
278 GNUNET_CONTAINER_multihashmap_destroy (s->intersected_elements);
279 s->intersected_elements = NULL;
281 if (NULL != s->intersection_op)
283 GNUNET_SET_operation_cancel (s->intersection_op);
284 s->intersection_op = NULL;
286 if (NULL != s->intersection_set)
288 GNUNET_SET_destroy (s->intersection_set);
289 s->intersection_set = NULL;
293 GNUNET_free (s->e_a);
296 if (NULL != s->sorted_elements)
298 for (i=0;i<s->used_element_count;i++)
299 gcry_mpi_release (s->sorted_elements[i].value);
300 GNUNET_free (s->sorted_elements);
301 s->sorted_elements = NULL;
308 if (NULL != s->r_prime)
310 GNUNET_free (s->r_prime);
315 GNUNET_CADET_close_port (s->port);
318 if (NULL != s->channel)
320 GNUNET_CADET_channel_destroy (s->channel);
328 * Notify the client that the session has succeeded or failed. This
329 * message gets sent to Bob's client if the operation completed or
330 * Alice disconnected.
332 * @param session the associated client session to fail or succeed
335 prepare_client_end_notification (struct BobServiceSession *session)
337 struct ClientResponseMessage *msg;
338 struct GNUNET_MQ_Envelope *e;
340 if (NULL == session->client_mq)
341 return; /* no client left to be notified */
342 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
343 "Sending session-end notification with status %d to client for session %s\n",
345 GNUNET_h2s (&session->session_id));
346 e = GNUNET_MQ_msg (msg,
347 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_RESULT);
349 msg->product_length = htonl (0);
350 msg->status = htonl (session->status);
351 GNUNET_MQ_send (session->client_mq,
357 * Function called whenever a channel is destroyed. Should clean up
358 * any associated state.
360 * It must NOT call #GNUNET_CADET_channel_destroy() on the channel.
362 * @param cls the `struct BobServiceSession`
363 * @param channel connection to the other end (henceforth invalid)
366 cb_channel_destruction (void *cls,
367 const struct GNUNET_CADET_Channel *channel)
369 struct BobServiceSession *s = cls;
371 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
372 "Peer disconnected, terminating session %s with peer %s\n",
373 GNUNET_h2s (&s->session_id),
374 GNUNET_i2s (&s->peer));
375 if (GNUNET_SCALARPRODUCT_STATUS_ACTIVE == s->status)
377 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
378 prepare_client_end_notification (s);
381 destroy_service_session (s);
386 * MQ finished giving our last message to CADET, now notify
387 * the client that we are finished.
390 bob_cadet_done_cb (void *cls)
392 struct BobServiceSession *session = cls;
394 session->status = GNUNET_SCALARPRODUCT_STATUS_SUCCESS;
395 prepare_client_end_notification (session);
400 * Maximum count of elements we can put into a multipart message
402 #define ELEMENT_CAPACITY ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct BobCryptodataMultipartMessage)) / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext))
406 * Send a multipart chunk of a service response from Bob to Alice.
407 * This element only contains the two permutations of R, R'.
409 * @param s the associated service session
412 transmit_bobs_cryptodata_message_multipart (struct BobServiceSession *s)
414 struct GNUNET_CRYPTO_PaillierCiphertext *payload;
415 struct BobCryptodataMultipartMessage *msg;
416 struct GNUNET_MQ_Envelope *e;
421 while (s->cadet_transmitted_element_count != s->used_element_count)
423 todo_count = s->used_element_count - s->cadet_transmitted_element_count;
424 if (todo_count > ELEMENT_CAPACITY / 2)
425 todo_count = ELEMENT_CAPACITY / 2;
427 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
428 "Sending %u additional crypto values to Alice\n",
429 (unsigned int) todo_count);
430 e = GNUNET_MQ_msg_extra (msg,
431 todo_count * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * 2,
432 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA_MULTIPART);
433 msg->contained_element_count = htonl (todo_count);
434 payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
435 for (i = s->cadet_transmitted_element_count, j = 0; i < s->cadet_transmitted_element_count + todo_count; i++)
437 //r[i][p] and r[i][q]
438 GNUNET_memcpy (&payload[j++],
440 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
441 GNUNET_memcpy (&payload[j++],
443 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
445 s->cadet_transmitted_element_count += todo_count;
446 if (s->cadet_transmitted_element_count == s->used_element_count)
447 GNUNET_MQ_notify_sent (e,
450 GNUNET_MQ_send (s->cadet_mq,
453 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
454 "All values queued for Alice, Bob is done\n");
459 * Bob generates the response message to be sent to Alice after
460 * computing the values (1), (2), S and S'.
462 * (1)[]: $E_A(a_{pi(i)}) times E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$
463 * (2)[]: $E_A(a_{pi'(i)}) times E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$
464 * S: $S := E_A(sum (r_i + b_i)^2)$
465 * S': $S' := E_A(sum r_i^2)$
467 * @param s the associated requesting session with Alice
470 transmit_bobs_cryptodata_message (struct BobServiceSession *s)
472 struct BobCryptodataMessage *msg;
473 struct GNUNET_MQ_Envelope *e;
474 struct GNUNET_CRYPTO_PaillierCiphertext *payload;
477 s->cadet_transmitted_element_count
478 = ((GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE - 1 - sizeof (struct BobCryptodataMessage))
479 / sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) / 2) - 1;
480 if (s->cadet_transmitted_element_count > s->used_element_count)
481 s->cadet_transmitted_element_count = s->used_element_count;
483 e = GNUNET_MQ_msg_extra (msg,
484 (2 + s->cadet_transmitted_element_count * 2)
485 * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext),
486 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_CRYPTODATA);
487 msg->contained_element_count = htonl (s->cadet_transmitted_element_count);
489 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
490 "Sending %u/%u crypto values to Alice\n",
491 (unsigned int) s->cadet_transmitted_element_count,
492 (unsigned int) s->used_element_count);
494 payload = (struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
495 GNUNET_memcpy (&payload[0],
497 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
498 GNUNET_memcpy (&payload[1],
500 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
502 payload = &payload[2];
504 for (i = 0; i < s->cadet_transmitted_element_count; i++)
506 //k[i][p] and k[i][q]
507 GNUNET_memcpy (&payload[i * 2],
509 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
510 GNUNET_memcpy (&payload[i * 2 + 1],
512 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext));
514 if (s->cadet_transmitted_element_count == s->used_element_count)
515 GNUNET_MQ_notify_sent (e,
518 GNUNET_MQ_send (s->cadet_mq,
520 transmit_bobs_cryptodata_message_multipart (s);
522 #undef ELEMENT_CAPACITY
526 * Computes the square sum over a vector of a given length.
528 * @param vector the vector to compute over
529 * @param length the length of the vector
530 * @return an MPI value containing the calculated sum, never NULL
531 * TODO: code duplication with Alice!
534 compute_square_sum (const gcry_mpi_t *vector,
541 GNUNET_assert (NULL != (sum = gcry_mpi_new (0)));
542 GNUNET_assert (NULL != (elem = gcry_mpi_new (0)));
543 for (i = 0; i < length; i++)
545 gcry_mpi_mul (elem, vector[i], vector[i]);
546 gcry_mpi_add (sum, sum, elem);
548 gcry_mpi_release (elem);
555 * (1)[]: $E_A(a_{pi(i)}) otimes E_A(- r_{pi(i)} - b_{pi(i)}) &= E_A(a_{pi(i)} - r_{pi(i)} - b_{pi(i)})$
556 * (2)[]: $E_A(a_{pi'(i)}) otimes E_A(- r_{pi'(i)}) &= E_A(a_{pi'(i)} - r_{pi'(i)})$
557 * S: $S := E_A(sum (r_i + b_i)^2)$
558 * S': $S' := E_A(sum r_i^2)$
560 * @param request the requesting session + bob's requesting peer
561 * @return #GNUNET_OK on success
564 compute_service_response (struct BobServiceSession *session)
572 const struct MpiElement *b;
573 struct GNUNET_CRYPTO_PaillierCiphertext *a;
574 struct GNUNET_CRYPTO_PaillierCiphertext *r;
575 struct GNUNET_CRYPTO_PaillierCiphertext *r_prime;
577 count = session->used_element_count;
579 b = session->sorted_elements;
580 q = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK,
582 p = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK,
584 rand = GNUNET_malloc (sizeof (gcry_mpi_t) * count);
585 for (i = 0; i < count; i++)
586 GNUNET_assert (NULL != (rand[i] = gcry_mpi_new (0)));
587 r = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * count);
588 r_prime = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * count);
590 for (i = 0; i < count; i++)
594 svalue = (int32_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
596 // long to gcry_mpi_t
598 gcry_mpi_sub_ui (rand[i],
602 rand[i] = gcry_mpi_set_ui (rand[i], svalue);
605 tmp = gcry_mpi_new (0);
606 // encrypt the element
607 // for the sake of readability I decided to have dedicated permutation
608 // vectors, which get rid of all the lookups in p/q.
609 // however, ap/aq are not absolutely necessary but are just abstraction
610 // Calculate Kp = E(S + a_pi) (+) E(S - r_pi - b_pi)
611 for (i = 0; i < count; i++)
613 // E(S - r_pi - b_pi)
614 gcry_mpi_sub (tmp, my_offset, rand[p[i]]);
615 gcry_mpi_sub (tmp, tmp, b[p[i]].value);
617 GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey,
622 // E(S - r_pi - b_pi) * E(S + a_pi) == E(2*S + a - r - b)
624 GNUNET_CRYPTO_paillier_hom_add (&session->remote_pubkey,
634 // Calculate Kq = E(S + a_qi) (+) E(S - r_qi)
635 for (i = 0; i < count; i++)
638 gcry_mpi_sub (tmp, my_offset, rand[q[i]]);
640 GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey,
645 // E(S - r_qi) * E(S + a_qi) == E(2*S + a_qi - r_qi)
647 GNUNET_CRYPTO_paillier_hom_add (&session->remote_pubkey,
656 gcry_mpi_release (tmp);
658 // Calculate S' = E(SUM( r_i^2 ))
659 tmp = compute_square_sum (rand, count);
661 GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey,
665 gcry_mpi_release (tmp);
667 // Calculate S = E(SUM( (r_i + b_i)^2 ))
668 for (i = 0; i < count; i++)
669 gcry_mpi_add (rand[i], rand[i], b[i].value);
670 tmp = compute_square_sum (rand, count);
672 GNUNET_CRYPTO_paillier_encrypt (&session->remote_pubkey,
676 gcry_mpi_release (tmp);
679 session->r_prime = r_prime;
681 for (i = 0; i < count; i++)
682 gcry_mpi_release (rand[i]);
683 GNUNET_free (session->e_a);
692 GNUNET_free (r_prime);
693 gcry_mpi_release (tmp);
696 for (i = 0; i < count; i++)
697 gcry_mpi_release (rand[i]);
699 return GNUNET_SYSERR;
704 * Iterator to copy over messages from the hash map
705 * into an array for sorting.
707 * @param cls the `struct BobServiceSession *`
708 * @param key the key (unused)
709 * @param value the `struct GNUNET_SCALARPRODUCT_Element *`
710 * TODO: code duplication with Alice!
713 copy_element_cb (void *cls,
714 const struct GNUNET_HashCode *key,
717 struct BobServiceSession *s = cls;
718 struct GNUNET_SCALARPRODUCT_Element *e = value;
722 mval = gcry_mpi_new (0);
723 val = (int64_t) GNUNET_ntohll (e->value);
725 gcry_mpi_sub_ui (mval, mval, -val);
727 gcry_mpi_add_ui (mval, mval, val);
728 s->sorted_elements [s->used_element_count].value = mval;
729 s->sorted_elements [s->used_element_count].key = &e->key;
730 s->used_element_count++;
736 * Compare two `struct MpiValue`s by key for sorting.
738 * @param a pointer to first `struct MpiValue *`
739 * @param b pointer to first `struct MpiValue *`
740 * @return -1 for a < b, 0 for a=b, 1 for a > b.
741 * TODO: code duplication with Alice!
744 element_cmp (const void *a,
747 const struct MpiElement *ma = a;
748 const struct MpiElement *mb = b;
750 return GNUNET_CRYPTO_hash_cmp (ma->key,
756 * Intersection operation and receiving data via CADET from
757 * Alice are both done, compute and transmit our reply via
760 * @param s session to transmit reply for.
763 transmit_cryptographic_reply (struct BobServiceSession *s)
765 struct GNUNET_CADET_Channel *channel;
767 /* TODO: code duplication with Alice! */
768 LOG (GNUNET_ERROR_TYPE_DEBUG,
769 "Received everything, building reply for Alice\n");
771 = GNUNET_malloc (GNUNET_CONTAINER_multihashmap_size (s->intersected_elements) *
772 sizeof (struct MpiElement));
773 s->used_element_count = 0;
774 GNUNET_CONTAINER_multihashmap_iterate (s->intersected_elements,
777 qsort (s->sorted_elements,
778 s->used_element_count,
779 sizeof (struct MpiElement),
782 compute_service_response (s))
784 channel = s->channel;
786 GNUNET_CADET_channel_destroy (channel);
789 transmit_bobs_cryptodata_message (s);
794 * Check a multipart-chunk of a request from another service to
795 * calculate a scalarproduct with us.
797 * @param cls the `struct BobServiceSession *`
798 * @param msg the actual message
799 * @return #GNUNET_OK to keep the connection open,
800 * #GNUNET_SYSERR to close it (signal serious error)
803 check_alices_cryptodata_message (void *cls,
804 const struct AliceCryptodataMessage *msg)
806 struct BobServiceSession *s = cls;
807 uint32_t contained_elements;
812 msize = ntohs (msg->header.size);
813 contained_elements = ntohl (msg->contained_element_count);
814 /* Our intersection may still be ongoing, but this is nevertheless
815 an upper bound on the required array size */
816 max = GNUNET_CONTAINER_multihashmap_size (s->intersected_elements);
817 msg_length = sizeof (struct AliceCryptodataMessage)
818 + contained_elements * sizeof (struct GNUNET_CRYPTO_PaillierCiphertext);
819 if ( (msize != msg_length) ||
820 (0 == contained_elements) ||
821 (contained_elements > UINT16_MAX) ||
822 (max < contained_elements + s->cadet_received_element_count) )
825 return GNUNET_SYSERR;
832 * Handle a multipart-chunk of a request from another service to
833 * calculate a scalarproduct with us.
835 * @param cls the `struct BobServiceSession *`
836 * @param msg the actual message
839 handle_alices_cryptodata_message (void *cls,
840 const struct AliceCryptodataMessage *msg)
842 struct BobServiceSession *s = cls;
843 const struct GNUNET_CRYPTO_PaillierCiphertext *payload;
844 uint32_t contained_elements;
847 contained_elements = ntohl (msg->contained_element_count);
848 /* Our intersection may still be ongoing, but this is nevertheless
849 an upper bound on the required array size */
850 max = GNUNET_CONTAINER_multihashmap_size (s->intersected_elements);
851 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
852 "Received %u crypto values from Alice\n",
853 (unsigned int) contained_elements);
855 payload = (const struct GNUNET_CRYPTO_PaillierCiphertext *) &msg[1];
857 s->e_a = GNUNET_new_array (max,
858 struct GNUNET_CRYPTO_PaillierCiphertext);
859 GNUNET_memcpy (&s->e_a[s->cadet_received_element_count],
861 sizeof (struct GNUNET_CRYPTO_PaillierCiphertext) * contained_elements);
862 s->cadet_received_element_count += contained_elements;
864 if ( (s->cadet_received_element_count == max) &&
865 (NULL == s->intersection_op) )
867 /* intersection has finished also on our side, and
868 we got the full set, so we can proceed with the
870 transmit_cryptographic_reply (s);
872 GNUNET_CADET_receive_done (s->channel);
877 * Callback for set operation results. Called for each element
878 * that needs to be removed from the result set.
880 * @param cls closure with the `struct BobServiceSession`
881 * @param element a result element, only valid if status is #GNUNET_SET_STATUS_OK
882 * @param current_size current set size
883 * @param status what has happened with the set intersection?
886 cb_intersection_element_removed (void *cls,
887 const struct GNUNET_SET_Element *element,
888 uint64_t current_size,
889 enum GNUNET_SET_Status status)
891 struct BobServiceSession *s = cls;
892 struct GNUNET_SCALARPRODUCT_Element *se;
896 case GNUNET_SET_STATUS_OK:
897 /* this element has been removed from the set */
898 se = GNUNET_CONTAINER_multihashmap_get (s->intersected_elements,
900 GNUNET_assert (NULL != se);
901 LOG (GNUNET_ERROR_TYPE_DEBUG,
902 "Removed element with key %s and value %lld\n",
903 GNUNET_h2s (&se->key),
904 (long long) GNUNET_ntohll (se->value));
905 GNUNET_assert (GNUNET_YES ==
906 GNUNET_CONTAINER_multihashmap_remove (s->intersected_elements,
911 case GNUNET_SET_STATUS_DONE:
912 s->intersection_op = NULL;
913 GNUNET_break (NULL == s->intersection_set);
914 GNUNET_CADET_receive_done (s->channel);
915 LOG (GNUNET_ERROR_TYPE_DEBUG,
916 "Finished intersection, %d items remain\n",
917 GNUNET_CONTAINER_multihashmap_size (s->intersected_elements));
918 if (s->client_received_element_count ==
919 GNUNET_CONTAINER_multihashmap_size (s->intersected_elements))
921 /* CADET transmission from Alice is also already done,
922 start with our own reply */
923 transmit_cryptographic_reply (s);
926 case GNUNET_SET_STATUS_HALF_DONE:
927 /* unexpected for intersection */
930 case GNUNET_SET_STATUS_FAILURE:
931 /* unhandled status code */
932 LOG (GNUNET_ERROR_TYPE_DEBUG,
933 "Set intersection failed!\n");
934 s->intersection_op = NULL;
935 if (NULL != s->intersection_set)
937 GNUNET_SET_destroy (s->intersection_set);
938 s->intersection_set = NULL;
940 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
941 prepare_client_end_notification (s);
951 * We've paired up a client session with an incoming CADET request.
952 * Initiate set intersection work.
954 * @param s client session to start intersection for
957 start_intersection (struct BobServiceSession *s)
959 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
960 "Got session with key %s and %u elements, starting intersection.\n",
961 GNUNET_h2s (&s->session_id),
962 (unsigned int) s->total);
965 = GNUNET_SET_prepare (&s->peer,
968 GNUNET_SET_RESULT_REMOVED,
969 (struct GNUNET_SET_Option[]) {{ 0 }},
970 &cb_intersection_element_removed,
973 GNUNET_SET_commit (s->intersection_op,
974 s->intersection_set))
977 s->status = GNUNET_SCALARPRODUCT_STATUS_FAILURE;
978 prepare_client_end_notification (s);
981 GNUNET_SET_destroy (s->intersection_set);
982 s->intersection_set = NULL;
987 * Handle a request from Alice to calculate a scalarproduct with us (Bob).
989 * @param cls the `struct BobServiceSession *`
990 * @param msg the actual message
993 handle_alices_computation_request (void *cls,
994 const struct ServiceRequestMessage *msg)
996 struct BobServiceSession *s = cls;
998 s->session_id = msg->session_id; // ??
999 s->remote_pubkey = msg->public_key;
1000 if (s->client_received_element_count == s->total)
1001 start_intersection (s);
1006 * Function called for inbound channels on Bob's end. Does some
1007 * preliminary initialization, more happens after we get Alice's first
1010 * @param cls closure with the `struct BobServiceSession`
1011 * @param channel new handle to the channel
1012 * @param initiator peer that started the channel
1013 * @return session associated with the channel
1016 cb_channel_incoming (void *cls,
1017 struct GNUNET_CADET_Channel *channel,
1018 const struct GNUNET_PeerIdentity *initiator)
1020 struct BobServiceSession *s = cls;
1022 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1023 "New incoming channel from peer %s.\n",
1024 GNUNET_i2s (initiator));
1025 GNUNET_CADET_close_port (s->port);
1027 s->channel = channel;
1028 s->peer = *initiator;
1029 s->cadet_mq = GNUNET_CADET_get_mq (s->channel);
1035 * We're receiving additional set data. Check it is well-formed.
1037 * @param cls identification of the client
1038 * @param msg the actual message
1039 * @return #GNUNET_OK if @a msg is well-formed
1042 check_bob_client_message_multipart (void *cls,
1043 const struct ComputationBobCryptodataMultipartMessage *msg)
1045 struct BobServiceSession *s = cls;
1046 uint32_t contained_count;
1049 msize = ntohs (msg->header.size);
1050 contained_count = ntohl (msg->element_count_contained);
1051 if ( (msize != (sizeof (struct ComputationBobCryptodataMultipartMessage) +
1052 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) ||
1053 (0 == contained_count) ||
1054 (UINT16_MAX < contained_count) ||
1055 (s->total == s->client_received_element_count) ||
1056 (s->total < s->client_received_element_count + contained_count) )
1059 return GNUNET_SYSERR;
1066 * We're receiving additional set data. Add it to our
1067 * set and if we are done, initiate the transaction.
1069 * @param cls identification of the client
1070 * @param msg the actual message
1073 handle_bob_client_message_multipart (void *cls,
1074 const struct ComputationBobCryptodataMultipartMessage *msg)
1076 struct BobServiceSession *s = cls;
1077 uint32_t contained_count;
1078 const struct GNUNET_SCALARPRODUCT_Element *elements;
1079 struct GNUNET_SET_Element set_elem;
1080 struct GNUNET_SCALARPRODUCT_Element *elem;
1082 contained_count = ntohl (msg->element_count_contained);
1083 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1084 for (uint32_t i = 0; i < contained_count; i++)
1086 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1087 GNUNET_memcpy (elem,
1089 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1090 if (GNUNET_SYSERR ==
1091 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1094 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1100 set_elem.data = &elem->key;
1101 set_elem.size = sizeof (elem->key);
1102 set_elem.element_type = 0;
1103 GNUNET_SET_add_element (s->intersection_set,
1107 s->client_received_element_count += contained_count;
1108 GNUNET_SERVICE_client_continue (s->client);
1109 if (s->total != s->client_received_element_count)
1114 if (NULL == s->channel)
1116 /* no Alice waiting for this request, wait for Alice */
1119 start_intersection (s);
1124 * Handler for Bob's a client request message. Check @a msg is
1127 * @param cls identification of the client
1128 * @param msg the actual message
1129 * @return #GNUNET_OK if @a msg is well-formed
1132 check_bob_client_message (void *cls,
1133 const struct BobComputationMessage *msg)
1135 struct BobServiceSession *s = cls;
1136 uint32_t contained_count;
1137 uint32_t total_count;
1140 if (GNUNET_SCALARPRODUCT_STATUS_INIT != s->status)
1143 return GNUNET_SYSERR;
1145 msize = ntohs (msg->header.size);
1146 total_count = ntohl (msg->element_count_total);
1147 contained_count = ntohl (msg->element_count_contained);
1148 if ( (0 == total_count) ||
1149 (0 == contained_count) ||
1150 (UINT16_MAX < contained_count) ||
1151 (msize != (sizeof (struct BobComputationMessage) +
1152 contained_count * sizeof (struct GNUNET_SCALARPRODUCT_Element))) )
1154 GNUNET_break_op (0);
1155 return GNUNET_SYSERR;
1162 * Handler for Bob's a client request message. Bob is in the response
1163 * role, keep the values + session and waiting for a matching session
1164 * or process a waiting request from Alice.
1166 * @param cls identification of the client
1167 * @param msg the actual message
1170 handle_bob_client_message (void *cls,
1171 const struct BobComputationMessage *msg)
1173 struct BobServiceSession *s = cls;
1174 struct GNUNET_MQ_MessageHandler cadet_handlers[] = {
1175 GNUNET_MQ_hd_fixed_size (alices_computation_request,
1176 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_SESSION_INITIALIZATION,
1177 struct ServiceRequestMessage,
1179 GNUNET_MQ_hd_var_size (alices_cryptodata_message,
1180 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_ALICE_CRYPTODATA,
1181 struct AliceCryptodataMessage,
1183 GNUNET_MQ_handler_end ()
1185 uint32_t contained_count;
1186 uint32_t total_count;
1187 const struct GNUNET_SCALARPRODUCT_Element *elements;
1188 struct GNUNET_SET_Element set_elem;
1189 struct GNUNET_SCALARPRODUCT_Element *elem;
1191 total_count = ntohl (msg->element_count_total);
1192 contained_count = ntohl (msg->element_count_contained);
1194 s->status = GNUNET_SCALARPRODUCT_STATUS_ACTIVE;
1195 s->total = total_count;
1196 s->client_received_element_count = contained_count;
1197 s->session_id = msg->session_key;
1198 elements = (const struct GNUNET_SCALARPRODUCT_Element *) &msg[1];
1199 s->intersected_elements
1200 = GNUNET_CONTAINER_multihashmap_create (s->total,
1203 = GNUNET_SET_create (cfg,
1204 GNUNET_SET_OPERATION_INTERSECTION);
1205 for (uint32_t i = 0; i < contained_count; i++)
1207 if (0 == GNUNET_ntohll (elements[i].value))
1209 elem = GNUNET_new (struct GNUNET_SCALARPRODUCT_Element);
1210 GNUNET_memcpy (elem,
1212 sizeof (struct GNUNET_SCALARPRODUCT_Element));
1213 if (GNUNET_SYSERR ==
1214 GNUNET_CONTAINER_multihashmap_put (s->intersected_elements,
1217 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
1223 set_elem.data = &elem->key;
1224 set_elem.size = sizeof (elem->key);
1225 set_elem.element_type = 0;
1226 GNUNET_SET_add_element (s->intersection_set,
1229 s->used_element_count++;
1231 GNUNET_SERVICE_client_continue (s->client);
1232 /* We're ready, open the port */
1233 s->port = GNUNET_CADET_open_port (my_cadet,
1235 &cb_channel_incoming,
1238 &cb_channel_destruction,
1240 if (NULL == s->port)
1243 GNUNET_SERVICE_client_drop (s->client);
1250 * Task run during shutdown.
1255 shutdown_task (void *cls)
1257 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1258 "Shutting down, initiating cleanup.\n");
1259 // FIXME: we have to cut our connections to CADET first!
1260 if (NULL != my_cadet)
1262 GNUNET_CADET_disconnect (my_cadet);
1269 * A client connected.
1271 * Setup the associated data structure.
1273 * @param cls closure, NULL
1274 * @param client identification of the client
1275 * @param mq message queue to communicate with @a client
1276 * @return our `struct BobServiceSession`
1279 client_connect_cb (void *cls,
1280 struct GNUNET_SERVICE_Client *client,
1281 struct GNUNET_MQ_Handle *mq)
1283 struct BobServiceSession *s;
1285 s = GNUNET_new (struct BobServiceSession);
1293 * A client disconnected.
1295 * Remove the associated session(s), release data structures
1296 * and cancel pending outgoing transmissions to the client.
1298 * @param cls closure, NULL
1299 * @param client identification of the client
1300 * @param app_cls our `struct BobServiceSession`
1303 client_disconnect_cb (void *cls,
1304 struct GNUNET_SERVICE_Client *client,
1307 struct BobServiceSession *s = app_cls;
1309 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1310 "Client disconnected from us.\n");
1312 destroy_service_session (s);
1317 * Initialization of the program and message handlers
1319 * @param cls closure
1320 * @param c configuration to use
1321 * @param service the initialized service
1325 const struct GNUNET_CONFIGURATION_Handle *c,
1326 struct GNUNET_SERVICE_Handle *service)
1330 offset has to be sufficiently small to allow computation of:
1331 m1+m2 mod n == (S + a) + (S + b) mod n,
1332 if we have more complex operations, this factor needs to be lowered */
1333 my_offset = gcry_mpi_new (GNUNET_CRYPTO_PAILLIER_BITS / 3);
1334 gcry_mpi_set_bit (my_offset,
1335 GNUNET_CRYPTO_PAILLIER_BITS / 3);
1337 GNUNET_CRYPTO_paillier_create (&my_pubkey,
1339 my_cadet = GNUNET_CADET_connect (cfg);
1340 GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
1342 if (NULL == my_cadet)
1344 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1345 _("Connect to CADET failed\n"));
1346 GNUNET_SCHEDULER_shutdown ();
1353 * Define "main" method using service macro.
1356 ("scalarproduct-bob",
1357 GNUNET_SERVICE_OPTION_NONE,
1360 &client_disconnect_cb,
1362 GNUNET_MQ_hd_var_size (bob_client_message,
1363 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_TO_BOB,
1364 struct BobComputationMessage,
1366 GNUNET_MQ_hd_var_size (bob_client_message_multipart,
1367 GNUNET_MESSAGE_TYPE_SCALARPRODUCT_CLIENT_MULTIPART_BOB,
1368 struct ComputationBobCryptodataMultipartMessage,
1370 GNUNET_MQ_handler_end ());
1373 /* end of gnunet-service-scalarproduct_bob.c */