oec/libbrandt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5706e91058
libbrandt/brandt.c
Markus Teich 5706e91058 add m+1st price auctions with public outcome
2016-11-22 03:17:01 +01:00

502 lines
15 KiB
C
Raw Blame History

/* This file is part of libbrandt.
* Copyright (C) 2016 GNUnet e.V.
*
* libbrandt is free software: you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later
* version.
*
* libbrandt is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* libbrandt. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @file brandt.c
* @brief Implementation of the high level libbrandt interface.
* @author Markus Teich
*/
#include "platform.h"
#include "crypto.h"
#include "internals.h"
#include "util.h"
void
BRANDT_init (struct GNUNET_CRYPTO_EccDlogContext *dlogctx)
{
gcry_error_t err = 0;
if (!gcry_check_version ("1.7.0"))
eprintf ("libgcrypt version mismatch");
/* SECMEM cannot be resized dynamically. We do not know how much we need */
if ((err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
weprintf ("failed to set libgcrypt option DISABLE_SECMEM: %s",
gcry_strerror (err));
/* ecc is slow otherwise and we don't create long term keys anyway. */
if ((err = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
weprintf ("failed to set libgcrypt option ENABLE_QUICK_RANDOM: %s",
gcry_strerror (err));
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
brandt_crypto_init (dlogctx);
}
void
BRANDT_bidder_start (struct BRANDT_Auction *auction,
uint16_t i,
uint16_t n)
{
enum auction_type atype;
enum outcome_type outcome;
unsigned char *buf;
size_t buflen;
GNUNET_assert (auction && n > 0 && i < n);
auction->n = n;
auction->i = i;
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = auction->outcome_public ? outcome_public : outcome_private;
if (auction_mPlusFirstPrice == atype && n <= auction->m)
{ /* fewer bidders than items to sell. every bidder won with lowest price */
struct BRANDT_Result *res;
if (auction->outcome_public)
{
res = GNUNET_new_array (n, struct BRANDT_Result);
for (uint16_t h = 0; h < n; h++)
{
res[h].bidder = h;
res[h].price = 0;
res[h].status = BRANDT_bidder_won;
}
auction->result (auction->closure, res, n);
}
else
{
res = GNUNET_new (struct BRANDT_Result);
res->bidder = i;
res->price = 0;
res->status = BRANDT_bidder_won;
auction->result (auction->closure, res, 1);
}
return;
}
/* On M+1st price auctions we multiply the amount of prizes by the amount of
* bidders and resctrict each bidder to his own distinct subset of the
* prices. This is done for tie breaking. An additional proof is used in the
* encrypt_bid round to show that the bidder has chosen a valid bid and the
* outcome callback will remap the result to the original k price values. */
if (auction_mPlusFirstPrice == atype)
{
auction->k *= n;
auction->b = auction->b * n + n - i - 1;
}
if (handler_prep[atype][outcome][msg_init])
handler_prep[atype][outcome][msg_init] (auction);
if (!handler_out[atype][outcome][msg_init] ||
!(buf = handler_out[atype][outcome][msg_init](auction, &buflen)))
{
/** \todo */
weprintf ("wow fail out");
return;
}
auction->bcast (auction->closure, buf, buflen);
gcry_mpi_set_bit (auction->round_progress, auction->i);
free (buf);
}
static void
seller_start (void *arg)
{
struct BRANDT_Auction *ad = (struct BRANDT_Auction *)arg;
enum auction_type atype;
enum outcome_type outcome;
ad->task = NULL;
ad->n = ad->start (ad->closure);
if (0 == ad->n)
{
weprintf ("no bidders registered for auction");
ad->result (ad->closure, NULL, 0);
return;
}
else if (ad->n <= ad->m)
{
struct BRANDT_Result *res = GNUNET_new_array (ad->n,
struct BRANDT_Result);
weprintf ("less bidders than needed, selling for lowest price");
for (uint16_t i = 0; i < ad->n; i++)
{
res[i].bidder = i;
res[i].price = 0;
res[i].status = BRANDT_bidder_won;
}
ad->result (ad->closure, res, ad->n);
}
atype = ad->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = ad->outcome_public ? outcome_public : outcome_private;
/* On M+1st price auctions we multiply the amount of prizes by the amount of
* bidders and resctrict each bidder to his own distinct subset of the
* prices. This is done for tie breaking. An additional proof is used in the
* encrypt_bid round to show that the bidder has chosen a valid bid and the
* outcome callback will remap the result to the original k price values. */
if (auction_mPlusFirstPrice == atype)
ad->k *= ad->n;
if (handler_prep[atype][outcome][msg_init])
handler_prep[atype][outcome][msg_init] (ad);
}
struct BRANDT_Auction *
BRANDT_new (BRANDT_CbResult result,
BRANDT_CbBroadcast broadcast,
BRANDT_CbStart start,
void *auction_closure,
void **auction_desc,
size_t *auction_desc_len,
const void *description,
uint32_t description_len,
struct GNUNET_TIME_Absolute time_start,
struct GNUNET_TIME_Relative time_round,
uint16_t num_prices,
uint16_t m,
int outcome_public)
{
struct BRANDT_Auction *ret;
struct BRANDT_DescrP *desc;
struct GNUNET_HashContext *hc;
struct GNUNET_TIME_Relative until_start;
if (0 == num_prices)
return NULL;
desc = GNUNET_new (struct BRANDT_DescrP);
desc->time_start = GNUNET_TIME_absolute_hton (time_start);
desc->time_round = GNUNET_TIME_relative_hton (time_round);
desc->description_len = htonl (description_len);
desc->k = htons (num_prices);
desc->m = htons (m);
desc->outcome_public = htons (outcome_public);
hc = GNUNET_CRYPTO_hash_context_start ();
GNUNET_CRYPTO_hash_context_read (hc,
&desc->time_start,
sizeof (*desc) - sizeof (desc->hash));
GNUNET_CRYPTO_hash_context_read (hc,
description,
description_len);
GNUNET_CRYPTO_hash_context_finish (hc, &desc->hash);
ret = GNUNET_new (struct BRANDT_Auction);
ret->time_start = time_start;
ret->time_round = time_round;
ret->k = num_prices;
ret->m = m;
ret->outcome_public = outcome_public;
ret->cur_round = msg_init;
ret->round_progress = gcry_mpi_new (256);
/* we are the seller */
ret->seller_mode = 1;
/* callback interface with application */
ret->closure = auction_closure;
ret->bcast = broadcast;
ret->result = result;
ret->start = start;
until_start = GNUNET_TIME_absolute_get_remaining (time_start);
ret->task = GNUNET_SCHEDULER_add_delayed (until_start,
&seller_start,
ret);
*auction_desc_len = sizeof (struct BRANDT_DescrP);
*auction_desc = desc;
return ret;
}
int
BRANDT_verify_desc (const void *auction_desc,
size_t auction_desc_len,
const void *description,
uint32_t description_len,
struct GNUNET_TIME_Absolute *time_start,
struct GNUNET_TIME_Relative *time_round,
uint16_t *num_prices,
uint16_t *m,
uint16_t *outcome_public)
{
const struct BRANDT_DescrP *desc = auction_desc;
const uint32_t zero = 0;
struct GNUNET_HashContext *hc = GNUNET_CRYPTO_hash_context_start ();
struct GNUNET_HashCode computed_hash;
if (sizeof (struct BRANDT_DescrP) != auction_desc_len)
{
weprintf ("auction desc struct size mismatch");
return -1;
}
GNUNET_CRYPTO_hash_context_read (hc,
&desc->time_start,
sizeof (*desc) - sizeof (desc->hash));
GNUNET_CRYPTO_hash_context_read (hc,
description,
description_len);
GNUNET_CRYPTO_hash_context_finish (hc, &computed_hash);
if (0 != memcmp (&desc->hash, &computed_hash, sizeof (computed_hash)))
{
weprintf ("auction description hash does not match");
return -1;
}
if (0 != memcmp (&desc->reserved1, &zero, sizeof (desc->reserved1)) ||
0 != memcmp (&desc->reserved2, &zero, sizeof (desc->reserved2)))
{
weprintf ("unknown auction description format");
return -1;
}
if (time_start)
*time_start = GNUNET_TIME_absolute_ntoh (desc->time_start);
if (time_round)
*time_round = GNUNET_TIME_relative_ntoh (desc->time_round);
if (num_prices)
*num_prices = ntohs (desc->k);
if (m)
*m = ntohs (desc->m);
if (outcome_public)
*outcome_public = ntohs (desc->outcome_public);
return 0;
}
struct BRANDT_Auction *
BRANDT_join (BRANDT_CbResult result,
BRANDT_CbBroadcast broadcast,
BRANDT_CbUnicast unicast,
void *auction_closure,
const void *auction_desc,
size_t auction_desc_len,
const void *description,
uint32_t description_len,
uint16_t bid)
{
struct BRANDT_Auction *ret = GNUNET_new (struct BRANDT_Auction);
if (0 != BRANDT_verify_desc (auction_desc,
auction_desc_len,
description,
description_len,
&ret->time_start,
&ret->time_round,
&ret->k,
&ret->m,
&ret->outcome_public))
{
weprintf ("failed to parse auction description blob");
return NULL;
}
ret->cur_round = msg_init;
ret->round_progress = gcry_mpi_new (256);
ret->b = bid;
/* we are the seller */
ret->seller_mode = 0;
/* callback interface with application */
ret->closure = auction_closure;
ret->bcast = broadcast;
ret->ucast = unicast;
ret->result = result;
return ret;
}
void
BRANDT_destroy (struct BRANDT_Auction *auction)
{
if (auction->task)
GNUNET_SCHEDULER_cancel (auction->task);
gcry_mpi_release (auction->round_progress);
gcry_mpi_release (auction->x);
smc_free1 (auction->y, auction->n);
gcry_mpi_point_release (auction->Y);
smc_free2 (auction->alpha, auction->n, auction->k);
smc_free2 (auction->beta, auction->n, auction->k);
smc_free2 (auction->gamma2, auction->n, auction->k);
smc_free2 (auction->delta2, auction->n, auction->k);
smc_free2 (auction->phi2, auction->n, auction->k);
free (auction->phiproofs3);
smc_free1 (auction->tmpa1, auction->k);
smc_free1 (auction->tmpb1, auction->k);
if (auction->m > 0 && auction->outcome_public)
{
smc_free3 (auction->gamma3, auction->n, 2, auction->k);
smc_free3 (auction->delta3, auction->n, 2, auction->k);
smc_free3 (auction->phi3, auction->n, 2, auction->k);
}
else
{
smc_free3 (auction->gamma3, auction->n, auction->n, auction->k);
smc_free3 (auction->delta3, auction->n, auction->n, auction->k);
smc_free3 (auction->phi3, auction->n, auction->n, auction->k);
}
}
static void
report_outcome (struct BRANDT_Auction *ad,
enum auction_type atype,
enum outcome_type outcome)
{
struct BRANDT_Result *res;
uint16_t reslen = 0;
if (!handler_res[atype][outcome] ||
!(res = handler_res[atype][outcome] (ad, &reslen)))
ad->result (ad->closure, NULL, 0);
else
ad->result (ad->closure, res, reslen);
}
static void
advance_round (struct BRANDT_Auction *ad,
enum auction_type atype,
enum outcome_type outcome)
{
unsigned char *buf;
size_t buflen;
if (!ad->seller_mode && msg_decrypt == ad->cur_round && !outcome)
{
/* we are a bidder on a private outcome auction and
* successfully parsed the msg_decrypt from the seller
* => we can determine the auction result */
report_outcome (ad, atype, outcome);
return;
}
/* only continue if the round is complete */
for (uint16_t i = 0; i < ad->n; i++)
if (!gcry_mpi_test_bit (ad->round_progress, i))
return;
if (ad->seller_mode && msg_decrypt == ad->cur_round && !ad->outcome_public)
{
/* all bidders msg_decrypt received, broadcast combined msg_decrypt */
if (!handler_out[atype][outcome][ad->cur_round] ||
!(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
{
weprintf ("failed to create msg %d buffer as seller",
ad->cur_round);
return;
}
ad->bcast (ad->closure, buf, buflen);
}
if (msg_decrypt == ad->cur_round)
{
report_outcome (ad, atype, outcome);
return;
}
/* round complete, advance to next one */
gcry_mpi_clear_highbit (ad->round_progress, 0);
ad->cur_round++;
/* prepare next round. */
if (handler_prep[atype][outcome][ad->cur_round])
handler_prep[atype][outcome][ad->cur_round] (ad);
if (ad->seller_mode)
{
/** \todo: setup round timeout trigger */
/* seller does not send regular messages */
return;
}
/* create next message buffer */
if (!handler_out[atype][outcome][ad->cur_round] ||
!(buf = handler_out[atype][outcome][ad->cur_round](ad, &buflen)))
{
weprintf ("failed to create msg %d buffer as bidder", ad->cur_round);
return;
}
/* msg_decrypt unicast to seller if private outcome mode.
* All other messages are broadcasted */
if (msg_decrypt == ad->cur_round && !outcome)
ad->ucast (ad->closure, buf, buflen);
else
ad->bcast (ad->closure, buf, buflen);
gcry_mpi_set_bit (ad->round_progress, ad->i);
}
void
BRANDT_got_message (struct BRANDT_Auction *auction,
uint16_t sender,
const unsigned char *msg,
size_t msg_len)
{
struct msg_head *head = (struct msg_head *)msg;
enum auction_type atype;
enum outcome_type outcome;
enum rounds round = auction->cur_round;
atype = auction->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice;
outcome = auction->outcome_public ? outcome_public : outcome_private;
/** \todo: cache out of order messages instead of discarding */
if (ntohl (head->msg_type) != round || ntohl (head->prot_version) != 0)
{
weprintf ("got unexpected message, ignoring...");
return;
}
/* check if we already got that round message from the same user */
if (gcry_mpi_test_bit (auction->round_progress, sender))
{
weprintf ("got a duplicate message from user %d", sender);
return;
}
if (!handler_in[atype][outcome][round] ||
!handler_in[atype][outcome][round](auction,
msg + sizeof (*head),
msg_len - sizeof (*head),
sender))
{
/** \todo */
weprintf ("wow fail in");
return;
}
gcry_mpi_set_bit (auction->round_progress, sender);
advance_round (auction, atype, outcome);
}
Reference in New Issue View Git Blame Copy Permalink