/* This file is part of libbrandt. * Copyright (C) 2016 GNUnet e.V. * * libbrandt is free software: you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation, either version 3 of the License, or (at your option) any later * version. * * libbrandt is distributed in the hope that it will be useful, but WITHOUT ANY * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR * A PARTICULAR PURPOSE. See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along with * libbrandt. If not, see . */ /** * @file brandt.c * @brief Implementation of the high level libbrandt interface. * @author Markus Teich */ #include "platform.h" #include "crypto.h" #include "internals.h" #include "util.h" void BRANDT_init (struct GNUNET_CRYPTO_EccDlogContext *dlogctx) { gcry_error_t err = 0; if (!gcry_check_version ("1.7.0")) eprintf ("libgcrypt version mismatch"); /* SECMEM cannot be resized dynamically. We do not know how much we need */ if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0))) weprintf ("failed to set libgcrypt option DISABLE_SECMEM: %s", gcry_strerror (err)); /* ecc is slow otherwise and we don't create long term keys anyway. */ if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0))) weprintf ("failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s", gcry_strerror (err)); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); brandt_crypto_init (dlogctx); } void BRANDT_bidder_start (struct BRANDT_Auction *auction, uint16_t n) { GNUNET_assert (n > 0); auction->n = n; /** \todo: send first message */ } static void seller_start (void *arg) { struct BRANDT_Auction *ad = (struct BRANDT_Auction *)arg; if (0 == (ad->n = ad->start (ad->closure))) { weprintf ("no bidders registered for auction"); ad->result (ad->closure, -1, result_no_bidders, 0); return; } } struct BRANDT_Auction * BRANDT_new (BRANDT_CbResult result, BRANDT_CbBroadcast broadcast, BRANDT_CbStart start, void *auction_closure, void **auction_desc, size_t *auction_desc_len, const void *description, uint32_t description_len, struct GNUNET_TIME_Absolute time_start, struct GNUNET_TIME_Relative time_round, uint16_t num_prices, uint16_t m, int outcome_public) { struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction); struct BRANDT_DescrP *desc = GNUNET_new (struct BRANDT_DescrP); struct GNUNET_HashContext *hc = GNUNET_CRYPTO_hash_context_start (); struct GNUNET_TIME_Relative until_start; desc->time_start = GNUNET_TIME_absolute_hton (time_start); desc->time_round = GNUNET_TIME_relative_hton (time_round); desc->description_len = htonl (description_len); desc->k = htons (num_prices); desc->m = htons (m); desc->outcome_public = htons (outcome_public); GNUNET_CRYPTO_hash_context_read (hc, &desc->time_start, sizeof (*desc) - sizeof (desc->hash)); GNUNET_CRYPTO_hash_context_read (hc, description, description_len); GNUNET_CRYPTO_hash_context_finish (hc, &desc->hash); ret->time_start = time_start; ret->time_round = time_round; ret->k = num_prices; ret->m = m; ret->outcome_public = outcome_public; ret->cur_round = msg_init; ret->round_progress = gcry_mpi_new (256); /* we are the seller */ ret->seller_mode = 1; /* callback interface with application */ ret->closure = auction_closure; ret->bcast = broadcast; ret->result = result; ret->start = start; until_start = GNUNET_TIME_absolute_get_remaining (time_start); ret->task = GNUNET_SCHEDULER_add_delayed (until_start, &seller_start, ret); *auction_desc_len = sizeof (struct BRANDT_DescrP); *auction_desc = desc; return ret; } int BRANDT_verify_desc (const void *auction_desc, size_t auction_desc_len, const void *description, uint32_t description_len, struct GNUNET_TIME_Absolute *time_start, struct GNUNET_TIME_Relative *time_round, uint16_t *num_prices, uint16_t *m, uint16_t *outcome_public) { const struct BRANDT_DescrP *desc = auction_desc; const uint32_t zero = 0; struct GNUNET_HashContext *hc = GNUNET_CRYPTO_hash_context_start (); struct GNUNET_HashCode computed_hash; if (sizeof (struct BRANDT_DescrP) != auction_desc_len) { weprintf ("auction desc struct size mismatch"); return -1; } GNUNET_CRYPTO_hash_context_read (hc, &desc->time_start, sizeof (*desc) - sizeof (desc->hash)); GNUNET_CRYPTO_hash_context_read (hc, description, description_len); GNUNET_CRYPTO_hash_context_finish (hc, &computed_hash); if (0 != memcmp (&desc->hash, &computed_hash, sizeof (computed_hash))) { weprintf ("auction description hash does not match"); return -1; } if (0 != memcmp (&desc->reserved1, &zero, sizeof (desc->reserved1)) || 0 != memcmp (&desc->reserved2, &zero, sizeof (desc->reserved2))) { weprintf ("unknown auction description format"); return -1; } if (time_start) *time_start = GNUNET_TIME_absolute_ntoh (desc->time_start); if (time_round) *time_round = GNUNET_TIME_relative_ntoh (desc->time_round); if (num_prices) *num_prices = ntohs (desc->k); if (m) *m = ntohs (desc->m); if (outcome_public) *outcome_public = ntohs (desc->outcome_public); return 0; } struct BRANDT_Auction * BRANDT_join (BRANDT_CbResult result, BRANDT_CbBroadcast broadcast, BRANDT_CbUnicast unicast, void *auction_closure, const void *auction_desc, size_t auction_desc_len, const void *description, uint32_t description_len) { struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction); if (0 != BRANDT_verify_desc (auction_desc, auction_desc_len, description, description_len, &ret->time_start, &ret->time_round, &ret->k, &ret->m, &ret->outcome_public)) { weprintf ("failed to parse auction description blob"); return NULL; } ret->cur_round = msg_init; ret->round_progress = gcry_mpi_new (256); /* we are the seller */ ret->seller_mode = 0; /* callback interface with application */ ret->closure = auction_closure; ret->bcast = broadcast; ret->ucast = unicast; ret->result = result; return ret; } void BRANDT_destroy (struct BRANDT_Auction *auction) { if (auction->task) GNUNET_SCHEDULER_cancel (auction->task); gcry_mpi_release (auction->round_progress); gcry_mpi_release (auction->x); smc_free1 (auction->y, auction->n); gcry_mpi_point_release (auction->Y); smc_free2 (auction->alpha, auction->n, auction->k); smc_free2 (auction->beta, auction->n, auction->k); smc_free2 (auction->gamma2, auction->n, auction->k); smc_free3 (auction->gamma3, auction->n, auction->n, auction->k); smc_free2 (auction->delta2, auction->n, auction->k); smc_free3 (auction->delta3, auction->n, auction->n, auction->k); smc_free2 (auction->phi2, auction->n, auction->k); smc_free3 (auction->phi3, auction->n, auction->n, auction->k); smc_free1 (auction->tmpa1, auction->k); smc_free1 (auction->tmpb1, auction->k); } static void advance_round (struct BRANDT_Auction *ad, enum auction_type atype, enum outcome_type outcome) { uint32_t price; uint16_t winner = -1; unsigned char *buf; size_t buflen; /* if we did not got the current round message from all participants, don't * advance to the next round yet. Early return, since we have to wait for * the other participants messages. */ for (uint16_t i = 0; i < ad->n; i++) if (!gcry_mpi_test_bit (ad->round_progress, i)) return; /* current round finished, clear round progress and advance to next one */ gcry_mpi_clear_highbit (ad->round_progress, 0); if (msg_last == ++(ad->cur_round)) { /* done with all rounds, determine outcome here */ /** \todo: unify …_determine_outcome function signature? */ if (auction_firstPrice == atype && outcome_private == outcome) { if (-1 == (price = fp_priv_determine_outcome (ad))) ad->result (ad->closure, ad->i, 0, 0); else ad->result (ad->closure, ad->i, 1, price); } else if (auction_firstPrice == atype && outcome_public == outcome) { if (-1 == (price = fp_pub_determine_outcome (ad, &winner))) ad->result (ad->closure, ad->i, 0, 0); else ad->result (ad->closure, winner, 1, price); } return; } if (!handler_out[atype][outcome][ad->cur_round] || !(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen))) { /** \todo */ weprintf ("wow fail out"); return; } /* last message only sent to seller, others are broadcasted */ if (msg_decrypt == ad->cur_round) ad->ucast (ad->closure, buf, buflen); else ad->bcast (ad->closure, buf, buflen); } void BRANDT_got_message (struct BRANDT_Auction *auction, uint16_t sender, const unsigned char *msg, size_t msg_len) { struct msg_head *head = (struct msg_head *)msg; enum auction_type atype; enum outcome_type outcome; enum rounds round = auction->cur_round; atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; outcome = auction->outcome_public ? outcome_public : outcome_private; /** \todo: cache out of order messages instead of discarding */ if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0) { weprintf ("got unexpected message, ignoring..."); return; } /* check if we already got that round message from the same user */ if (gcry_mpi_test_bit (auction->round_progress, sender)) { weprintf ("got a duplicate message from user %d", sender); return; } if (!handler_in[atype][outcome][round] || !handler_in[atype][outcome][round](auction, msg + sizeof (*head), msg_len - sizeof (*head), sender)) { /** \todo */ weprintf ("wow fail in"); return; } gcry_mpi_set_bit (auction->round_progress, sender); /** \todo: seller_mode and new task for round timing */ advance_round (auction, atype, outcome); }