2016-06-16 00:09:29 +02:00
|
|
|
/* This file is part of libbrandt.
|
|
|
|
* Copyright (C) 2016 GNUnet e.V.
|
|
|
|
*
|
|
|
|
* libbrandt is free software: you can redistribute it and/or modify it under
|
|
|
|
* the terms of the GNU General Public License as published by the Free Software
|
|
|
|
* Foundation, either version 3 of the License, or (at your option) any later
|
|
|
|
* version.
|
|
|
|
*
|
|
|
|
* libbrandt is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
|
|
* A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License along with
|
|
|
|
* libbrandt. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
2016-06-12 20:52:22 +02:00
|
|
|
|
2016-06-16 00:09:29 +02:00
|
|
|
/**
|
|
|
|
* @file brandt.c
|
2016-07-13 14:01:24 +02:00
|
|
|
* @brief Implementation of the high level libbrandt interface.
|
2016-06-22 23:18:46 +02:00
|
|
|
* @author Markus Teich
|
2016-06-16 00:09:29 +02:00
|
|
|
*/
|
2016-07-13 14:01:24 +02:00
|
|
|
|
2016-08-16 20:58:20 +02:00
|
|
|
#include "platform.h"
|
|
|
|
|
2016-06-12 20:52:22 +02:00
|
|
|
#include "crypto.h"
|
2016-07-06 14:56:14 +02:00
|
|
|
#include "internals.h"
|
2016-06-12 20:52:22 +02:00
|
|
|
#include "util.h"
|
|
|
|
|
2016-07-06 14:56:14 +02:00
|
|
|
|
2016-06-16 00:09:29 +02:00
|
|
|
void
|
2016-07-13 14:01:24 +02:00
|
|
|
BRANDT_init (struct GNUNET_CRYPTO_EccDlogContext *dlogctx)
|
2016-06-12 20:52:22 +02:00
|
|
|
{
|
|
|
|
gcry_error_t err = 0;
|
2016-06-16 00:09:29 +02:00
|
|
|
|
|
|
|
if (!gcry_check_version ("1.7.0"))
|
|
|
|
eprintf ("libgcrypt version mismatch");
|
2016-06-12 20:52:22 +02:00
|
|
|
|
|
|
|
/* SECMEM cannot be resized dynamically. We do not know how much we need */
|
2016-06-16 00:09:29 +02:00
|
|
|
if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
|
|
|
|
weprintf ("failed to set libgcrypt option DISABLE_SECMEM: %s",
|
|
|
|
gcry_strerror (err));
|
2016-06-12 20:52:22 +02:00
|
|
|
|
2016-07-06 14:56:14 +02:00
|
|
|
/* ecc is slow otherwise and we don't create long term keys anyway. */
|
2016-06-16 00:09:29 +02:00
|
|
|
if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
|
|
|
|
weprintf ("failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s",
|
|
|
|
gcry_strerror (err));
|
2016-06-12 20:52:22 +02:00
|
|
|
|
2016-06-16 00:09:29 +02:00
|
|
|
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
2016-07-13 14:01:24 +02:00
|
|
|
brandt_crypto_init (dlogctx);
|
2016-06-12 20:52:22 +02:00
|
|
|
}
|
2016-07-06 14:56:14 +02:00
|
|
|
|
|
|
|
|
2016-08-19 22:24:49 +02:00
|
|
|
void
|
2016-08-19 22:55:42 +02:00
|
|
|
BRANDT_bidder_start (struct BRANDT_Auction *auction,
|
|
|
|
uint16_t n)
|
2016-08-19 22:24:49 +02:00
|
|
|
{
|
2016-08-17 23:53:49 +02:00
|
|
|
GNUNET_assert (n > 0);
|
|
|
|
auction->n = n;
|
|
|
|
/** \todo: send first message */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-08-10 14:53:31 +02:00
|
|
|
static void
|
2016-08-19 22:55:42 +02:00
|
|
|
seller_start (void *arg)
|
2016-08-10 14:53:31 +02:00
|
|
|
{
|
2016-08-17 23:53:49 +02:00
|
|
|
struct BRANDT_Auction *ad = (struct BRANDT_Auction *)arg;
|
2016-08-10 14:53:31 +02:00
|
|
|
|
2016-08-17 23:53:49 +02:00
|
|
|
if (0 == (ad->n = ad->start (ad->closure)))
|
|
|
|
{
|
|
|
|
weprintf ("no bidders registered for auction");
|
|
|
|
ad->result (ad->closure, -1, result_no_bidders, 0);
|
|
|
|
return;
|
|
|
|
}
|
2016-08-10 14:53:31 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct BRANDT_Auction *
|
2016-08-17 17:37:56 +02:00
|
|
|
BRANDT_new (BRANDT_CbResult result,
|
|
|
|
BRANDT_CbBroadcast broadcast,
|
|
|
|
BRANDT_CbStart start,
|
2016-08-12 14:38:10 +02:00
|
|
|
void *auction_closure,
|
2016-08-16 13:25:03 +02:00
|
|
|
void **auction_desc,
|
|
|
|
size_t *auction_desc_len,
|
2016-08-16 20:58:20 +02:00
|
|
|
const void *description,
|
|
|
|
uint32_t description_len,
|
2016-08-10 14:53:31 +02:00
|
|
|
struct GNUNET_TIME_Absolute time_start,
|
|
|
|
struct GNUNET_TIME_Relative time_round,
|
2016-08-12 14:38:10 +02:00
|
|
|
uint16_t num_prices,
|
|
|
|
uint16_t m,
|
|
|
|
int outcome_public)
|
2016-08-10 14:53:31 +02:00
|
|
|
{
|
2016-08-12 14:38:10 +02:00
|
|
|
struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction);
|
|
|
|
struct BRANDT_DescrP *desc = GNUNET_new (struct BRANDT_DescrP);
|
|
|
|
struct GNUNET_HashContext *hc = GNUNET_CRYPTO_hash_context_start ();
|
2016-08-16 20:58:20 +02:00
|
|
|
struct GNUNET_TIME_Relative until_start;
|
2016-08-12 14:38:10 +02:00
|
|
|
|
|
|
|
desc->time_start = GNUNET_TIME_absolute_hton (time_start);
|
|
|
|
desc->time_round = GNUNET_TIME_relative_hton (time_round);
|
|
|
|
desc->description_len = htonl (description_len);
|
|
|
|
desc->k = htons (num_prices);
|
|
|
|
desc->m = htons (m);
|
|
|
|
desc->outcome_public = htons (outcome_public);
|
|
|
|
GNUNET_CRYPTO_hash_context_read (hc,
|
|
|
|
&desc->time_start,
|
|
|
|
sizeof (*desc) - sizeof (desc->hash));
|
|
|
|
GNUNET_CRYPTO_hash_context_read (hc,
|
|
|
|
description,
|
|
|
|
description_len);
|
|
|
|
GNUNET_CRYPTO_hash_context_finish (hc, &desc->hash);
|
2016-08-10 14:53:31 +02:00
|
|
|
|
|
|
|
ret->time_start = time_start;
|
|
|
|
ret->time_round = time_round;
|
|
|
|
ret->k = num_prices;
|
|
|
|
ret->m = m;
|
|
|
|
ret->outcome_public = outcome_public;
|
2016-08-17 17:37:56 +02:00
|
|
|
ret->cur_round = msg_init;
|
2016-08-12 14:38:10 +02:00
|
|
|
ret->round_progress = gcry_mpi_new (256);
|
2016-08-10 14:53:31 +02:00
|
|
|
|
|
|
|
/* we are the seller */
|
|
|
|
ret->seller_mode = 1;
|
|
|
|
|
2016-08-12 14:38:10 +02:00
|
|
|
/* callback interface with application */
|
2016-08-10 14:53:31 +02:00
|
|
|
ret->closure = auction_closure;
|
|
|
|
ret->bcast = broadcast;
|
|
|
|
ret->result = result;
|
2016-08-17 17:37:56 +02:00
|
|
|
ret->start = start;
|
2016-08-10 14:53:31 +02:00
|
|
|
|
2016-08-12 14:38:10 +02:00
|
|
|
until_start = GNUNET_TIME_absolute_get_remaining (time_start);
|
|
|
|
ret->task = GNUNET_SCHEDULER_add_delayed (until_start,
|
2016-08-19 22:55:42 +02:00
|
|
|
&seller_start,
|
2016-08-12 14:38:10 +02:00
|
|
|
ret);
|
2016-08-10 14:53:31 +02:00
|
|
|
|
2016-08-16 13:25:03 +02:00
|
|
|
*auction_desc_len = sizeof (struct BRANDT_DescrP);
|
|
|
|
*auction_desc = desc;
|
2016-08-10 14:53:31 +02:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-08-16 13:25:03 +02:00
|
|
|
int
|
|
|
|
BRANDT_verify_desc (const void *auction_desc,
|
|
|
|
size_t auction_desc_len,
|
|
|
|
const void *description,
|
|
|
|
uint32_t description_len,
|
|
|
|
struct GNUNET_TIME_Absolute *time_start,
|
|
|
|
struct GNUNET_TIME_Relative *time_round,
|
|
|
|
uint16_t *num_prices,
|
|
|
|
uint16_t *m,
|
|
|
|
uint16_t *outcome_public)
|
|
|
|
{
|
|
|
|
const struct BRANDT_DescrP *desc = auction_desc;
|
|
|
|
const uint32_t zero = 0;
|
|
|
|
struct GNUNET_HashContext *hc = GNUNET_CRYPTO_hash_context_start ();
|
|
|
|
struct GNUNET_HashCode computed_hash;
|
|
|
|
|
|
|
|
if (sizeof (struct BRANDT_DescrP) != auction_desc_len)
|
|
|
|
{
|
|
|
|
weprintf ("auction desc struct size mismatch");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
GNUNET_CRYPTO_hash_context_read (hc,
|
|
|
|
&desc->time_start,
|
|
|
|
sizeof (*desc) - sizeof (desc->hash));
|
|
|
|
GNUNET_CRYPTO_hash_context_read (hc,
|
|
|
|
description,
|
|
|
|
description_len);
|
|
|
|
GNUNET_CRYPTO_hash_context_finish (hc, &computed_hash);
|
|
|
|
if (0 != memcmp (&desc->hash, &computed_hash, sizeof (computed_hash)))
|
|
|
|
{
|
|
|
|
weprintf ("auction description hash does not match");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (0 != memcmp (&desc->reserved1, &zero, sizeof (desc->reserved1)) ||
|
|
|
|
0 != memcmp (&desc->reserved2, &zero, sizeof (desc->reserved2)))
|
|
|
|
{
|
|
|
|
weprintf ("unknown auction description format");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (time_start)
|
|
|
|
*time_start = GNUNET_TIME_absolute_ntoh (desc->time_start);
|
|
|
|
if (time_round)
|
|
|
|
*time_round = GNUNET_TIME_relative_ntoh (desc->time_round);
|
|
|
|
if (num_prices)
|
|
|
|
*num_prices = ntohs (desc->k);
|
|
|
|
if (m)
|
|
|
|
*m = ntohs (desc->m);
|
|
|
|
if (outcome_public)
|
|
|
|
*outcome_public = ntohs (desc->outcome_public);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-08-10 14:53:31 +02:00
|
|
|
struct BRANDT_Auction *
|
2016-08-17 17:37:56 +02:00
|
|
|
BRANDT_join (BRANDT_CbResult result,
|
|
|
|
BRANDT_CbBroadcast broadcast,
|
2016-08-10 14:53:31 +02:00
|
|
|
BRANDT_CbUnicast unicast,
|
|
|
|
void *auction_closure,
|
2016-08-16 13:25:03 +02:00
|
|
|
const void *auction_desc,
|
|
|
|
size_t auction_desc_len,
|
|
|
|
const void *description,
|
|
|
|
uint32_t description_len)
|
2016-08-10 14:53:31 +02:00
|
|
|
{
|
2016-08-12 14:38:10 +02:00
|
|
|
struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction);
|
|
|
|
|
2016-08-16 13:25:03 +02:00
|
|
|
if (0 != BRANDT_verify_desc (auction_desc,
|
|
|
|
auction_desc_len,
|
|
|
|
description,
|
|
|
|
description_len,
|
|
|
|
&ret->time_start,
|
|
|
|
&ret->time_round,
|
|
|
|
&ret->k,
|
|
|
|
&ret->m,
|
|
|
|
&ret->outcome_public))
|
|
|
|
{
|
|
|
|
weprintf ("failed to parse auction description blob");
|
|
|
|
return NULL;
|
|
|
|
}
|
2016-08-17 17:37:56 +02:00
|
|
|
ret->cur_round = msg_init;
|
2016-08-12 14:38:10 +02:00
|
|
|
ret->round_progress = gcry_mpi_new (256);
|
2016-08-10 14:53:31 +02:00
|
|
|
|
|
|
|
/* we are the seller */
|
|
|
|
ret->seller_mode = 0;
|
|
|
|
|
2016-08-12 14:38:10 +02:00
|
|
|
/* callback interface with application */
|
2016-08-10 14:53:31 +02:00
|
|
|
ret->closure = auction_closure;
|
|
|
|
ret->bcast = broadcast;
|
|
|
|
ret->ucast = unicast;
|
|
|
|
ret->result = result;
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-08-12 14:38:10 +02:00
|
|
|
void
|
|
|
|
BRANDT_destroy (struct BRANDT_Auction *auction)
|
|
|
|
{
|
2016-08-16 20:58:20 +02:00
|
|
|
if (auction->task)
|
|
|
|
GNUNET_SCHEDULER_cancel (auction->task);
|
|
|
|
gcry_mpi_release (auction->round_progress);
|
|
|
|
gcry_mpi_release (auction->x);
|
|
|
|
smc_free1 (auction->y, auction->n);
|
|
|
|
gcry_mpi_point_release (auction->Y);
|
|
|
|
smc_free2 (auction->alpha, auction->n, auction->k);
|
|
|
|
smc_free2 (auction->beta, auction->n, auction->k);
|
|
|
|
smc_free2 (auction->gamma2, auction->n, auction->k);
|
|
|
|
smc_free3 (auction->gamma3, auction->n, auction->n, auction->k);
|
|
|
|
smc_free2 (auction->delta2, auction->n, auction->k);
|
|
|
|
smc_free3 (auction->delta3, auction->n, auction->n, auction->k);
|
|
|
|
smc_free2 (auction->phi2, auction->n, auction->k);
|
|
|
|
smc_free3 (auction->phi3, auction->n, auction->n, auction->k);
|
|
|
|
smc_free1 (auction->tmpa1, auction->k);
|
|
|
|
smc_free1 (auction->tmpb1, auction->k);
|
2016-08-12 14:38:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-08-03 14:07:21 +02:00
|
|
|
static void
|
2016-08-12 14:38:10 +02:00
|
|
|
advance_round (struct BRANDT_Auction *ad,
|
|
|
|
enum auction_type atype,
|
|
|
|
enum outcome_type outcome)
|
2016-08-03 14:07:21 +02:00
|
|
|
{
|
2016-08-23 13:33:08 +02:00
|
|
|
uint32_t price;
|
|
|
|
uint16_t winner = -1;
|
2016-08-03 14:07:21 +02:00
|
|
|
unsigned char *buf;
|
2016-08-12 14:38:10 +02:00
|
|
|
size_t buflen;
|
2016-08-03 14:07:21 +02:00
|
|
|
|
2016-08-23 13:33:08 +02:00
|
|
|
/* if we did not got the current round message from all participants, don't
|
|
|
|
* advance to the next round yet. Early return, since we have to wait for
|
|
|
|
* the other participants messages. */
|
2016-08-12 14:38:10 +02:00
|
|
|
for (uint16_t i = 0; i < ad->n; i++)
|
|
|
|
if (!gcry_mpi_test_bit (ad->round_progress, i))
|
2016-08-03 14:07:21 +02:00
|
|
|
return;
|
|
|
|
|
2016-08-23 13:33:08 +02:00
|
|
|
/* current round finished, clear round progress and advance to next one */
|
2016-08-12 14:38:10 +02:00
|
|
|
gcry_mpi_clear_highbit (ad->round_progress, 0);
|
|
|
|
if (msg_last == ++(ad->cur_round))
|
2016-08-03 14:07:21 +02:00
|
|
|
{
|
2016-08-23 13:33:08 +02:00
|
|
|
/* done with all rounds, determine outcome here */
|
|
|
|
/** \todo: unify …_determine_outcome function signature? */
|
|
|
|
if (auction_firstPrice == atype && outcome_private == outcome)
|
|
|
|
{
|
|
|
|
if (-1 == (price = fp_priv_determine_outcome (ad)))
|
|
|
|
ad->result (ad->closure, ad->i, 0, 0);
|
|
|
|
else
|
|
|
|
ad->result (ad->closure, ad->i, 1, price);
|
|
|
|
}
|
|
|
|
else if (auction_firstPrice == atype && outcome_public == outcome)
|
|
|
|
{
|
|
|
|
if (-1 == (price = fp_pub_determine_outcome (ad, &winner)))
|
|
|
|
ad->result (ad->closure, ad->i, 0, 0);
|
|
|
|
else
|
|
|
|
ad->result (ad->closure, winner, 1, price);
|
|
|
|
}
|
|
|
|
return;
|
2016-08-03 14:07:21 +02:00
|
|
|
}
|
|
|
|
|
2016-08-12 14:38:10 +02:00
|
|
|
if (!handler_out[atype][outcome][ad->cur_round] ||
|
|
|
|
!(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
|
2016-08-03 14:07:21 +02:00
|
|
|
{
|
|
|
|
/** \todo */
|
|
|
|
weprintf ("wow fail out");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* last message only sent to seller, others are broadcasted */
|
2016-08-12 14:38:10 +02:00
|
|
|
if (msg_decrypt == ad->cur_round)
|
|
|
|
ad->ucast (ad->closure, buf, buflen);
|
2016-08-03 14:07:21 +02:00
|
|
|
else
|
2016-08-12 14:38:10 +02:00
|
|
|
ad->bcast (ad->closure, buf, buflen);
|
2016-08-03 14:07:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-07-06 14:56:14 +02:00
|
|
|
void
|
|
|
|
BRANDT_got_message (struct BRANDT_Auction *auction,
|
|
|
|
uint16_t sender,
|
|
|
|
const unsigned char *msg,
|
|
|
|
size_t msg_len)
|
|
|
|
{
|
2016-08-23 13:33:08 +02:00
|
|
|
struct msg_head *head = (struct msg_head *)msg;
|
2016-08-12 14:38:10 +02:00
|
|
|
enum auction_type atype;
|
|
|
|
enum outcome_type outcome;
|
|
|
|
enum rounds round = auction->cur_round;
|
2016-07-06 14:56:14 +02:00
|
|
|
|
2016-08-10 14:53:31 +02:00
|
|
|
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
|
|
|
|
outcome = auction->outcome_public ? outcome_public : outcome_private;
|
2016-07-13 14:01:24 +02:00
|
|
|
|
2016-08-23 13:33:08 +02:00
|
|
|
/** \todo: cache out of order messages instead of discarding */
|
|
|
|
if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0)
|
|
|
|
{
|
|
|
|
weprintf ("got unexpected message, ignoring...");
|
|
|
|
return;
|
|
|
|
}
|
2016-07-06 14:56:14 +02:00
|
|
|
|
2016-08-03 14:07:21 +02:00
|
|
|
/* check if we already got that round message from the same user */
|
|
|
|
if (gcry_mpi_test_bit (auction->round_progress, sender))
|
|
|
|
{
|
|
|
|
weprintf ("got a duplicate message from user %d", sender);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-07-13 14:01:24 +02:00
|
|
|
if (!handler_in[atype][outcome][round] ||
|
|
|
|
!handler_in[atype][outcome][round](auction,
|
2016-08-23 13:33:08 +02:00
|
|
|
msg + sizeof (*head),
|
|
|
|
msg_len - sizeof (*head),
|
2016-07-13 14:01:24 +02:00
|
|
|
sender))
|
2016-07-06 14:56:14 +02:00
|
|
|
{
|
|
|
|
/** \todo */
|
2016-08-03 14:07:21 +02:00
|
|
|
weprintf ("wow fail in");
|
|
|
|
return;
|
2016-07-06 14:56:14 +02:00
|
|
|
}
|
2016-08-03 14:07:21 +02:00
|
|
|
gcry_mpi_set_bit (auction->round_progress, sender);
|
|
|
|
|
2016-08-12 14:38:10 +02:00
|
|
|
/** \todo: seller_mode and new task for round timing */
|
2016-08-03 14:07:21 +02:00
|
|
|
advance_round (auction, atype, outcome);
|
2016-07-06 14:56:14 +02:00
|
|
|
}
|