1 /*
2 * Copyright 2018 Google LLC
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "fcp/secagg/client/secagg_client_r1_share_keys_input_not_set_state.h"
18
19 #include <cstdint>
20 #include <memory>
21 #include <string>
22 #include <utility>
23 #include <vector>
24
25 #include "fcp/base/monitoring.h"
26 #include "fcp/secagg/client/other_client_state.h"
27 #include "fcp/secagg/client/secagg_client_aborted_state.h"
28 #include "fcp/secagg/client/secagg_client_completed_state.h"
29 #include "fcp/secagg/client/secagg_client_r1_share_keys_input_set_state.h"
30 #include "fcp/secagg/client/secagg_client_r2_masked_input_coll_input_not_set_state.h"
31 #include "fcp/secagg/client/secagg_client_state.h"
32 #include "fcp/secagg/client/send_to_server_interface.h"
33 #include "fcp/secagg/client/state_transition_listener_interface.h"
34 #include "fcp/secagg/shared/aes_prng_factory.h"
35 #include "fcp/secagg/shared/ecdh_key_agreement.h"
36 #include "fcp/secagg/shared/input_vector_specification.h"
37 #include "fcp/secagg/shared/secagg_messages.pb.h"
38 #include "fcp/secagg/shared/secagg_vector.h"
39 #include "fcp/secagg/shared/shamir_secret_sharing.h"
40
41 namespace fcp {
42 namespace secagg {
43 SecAggClientR1ShareKeysInputNotSetState::
SecAggClientR1ShareKeysInputNotSetState(uint32_t max_neighbors_expected,uint32_t minimum_surviving_neighbors_for_reconstruction,std::unique_ptr<EcdhKeyAgreement> enc_key_agreement,std::unique_ptr<std::vector<InputVectorSpecification>> input_vector_specs,std::unique_ptr<SecurePrng> prng,std::unique_ptr<EcdhKeyAgreement> prng_key_agreement,std::unique_ptr<SendToServerInterface> sender,std::unique_ptr<StateTransitionListenerInterface> transition_listener,std::unique_ptr<AesPrngFactory> prng_factory,AsyncAbort * async_abort)44 SecAggClientR1ShareKeysInputNotSetState(
45 uint32_t max_neighbors_expected,
46 uint32_t minimum_surviving_neighbors_for_reconstruction,
47 std::unique_ptr<EcdhKeyAgreement> enc_key_agreement,
48 std::unique_ptr<std::vector<InputVectorSpecification> >
49 input_vector_specs,
50 std::unique_ptr<SecurePrng> prng,
51 std::unique_ptr<EcdhKeyAgreement> prng_key_agreement,
52 std::unique_ptr<SendToServerInterface> sender,
53 std::unique_ptr<StateTransitionListenerInterface> transition_listener,
54
55 std::unique_ptr<AesPrngFactory> prng_factory, AsyncAbort* async_abort)
56 : SecAggClientR1ShareKeysBaseState(
57 std::move(sender), std::move(transition_listener), async_abort),
58 max_neighbors_expected_(max_neighbors_expected),
59 minimum_surviving_neighbors_for_reconstruction_(
60 minimum_surviving_neighbors_for_reconstruction),
61 enc_key_agreement_(std::move(enc_key_agreement)),
62 input_vector_specs_(std::move(input_vector_specs)),
63 prng_(std::move(prng)),
64 prng_key_agreement_(std::move(prng_key_agreement)),
65 prng_factory_(std::move(prng_factory)) {}
66
67 SecAggClientR1ShareKeysInputNotSetState::
68 ~SecAggClientR1ShareKeysInputNotSetState() = default;
69
70 StatusOr<std::unique_ptr<SecAggClientState> >
HandleMessage(const ServerToClientWrapperMessage & message)71 SecAggClientR1ShareKeysInputNotSetState::HandleMessage(
72 const ServerToClientWrapperMessage& message) {
73 // Handle abort messages or share keys requests only.
74 if (message.has_abort()) {
75 if (message.abort().early_success()) {
76 return {std::make_unique<SecAggClientCompletedState>(
77 std::move(sender_), std::move(transition_listener_))};
78 } else {
79 return {std::make_unique<SecAggClientAbortedState>(
80 "Aborting because of abort message from the server.",
81 std::move(sender_), std::move(transition_listener_))};
82 }
83 } else if (!message.has_share_keys_request()) {
84 // Returns an error indicating that the message is of invalid type.
85 return SecAggClientState::HandleMessage(message);
86 }
87 uint32_t client_id;
88 uint32_t number_of_alive_clients;
89 uint32_t number_of_clients;
90 std::string error_message;
91 auto other_client_enc_keys = std::make_unique<std::vector<AesKey> >();
92 auto other_client_prng_keys = std::make_unique<std::vector<AesKey> >();
93 auto other_client_states = std::make_unique<std::vector<OtherClientState> >();
94 auto own_self_key_share = std::make_unique<ShamirShare>();
95 auto session_id = std::make_unique<SessionId>();
96
97 uint8_t self_prng_key_buffer[AesKey::kSize];
98 for (int i = 0; i < AesKey::kSize; ++i) {
99 self_prng_key_buffer[i] = prng_->Rand8();
100 }
101 auto self_prng_key = std::make_unique<AesKey>(self_prng_key_buffer);
102
103 bool success = HandleShareKeysRequest(
104 message.share_keys_request(), *enc_key_agreement_,
105 max_neighbors_expected_, minimum_surviving_neighbors_for_reconstruction_,
106 *prng_key_agreement_, *self_prng_key, prng_.get(), &client_id,
107 &error_message, &number_of_alive_clients, &number_of_clients,
108 other_client_enc_keys.get(), other_client_prng_keys.get(),
109 other_client_states.get(), &self_prng_key_shares_,
110 &pairwise_prng_key_shares_, session_id.get());
111
112 if (!success) {
113 return AbortAndNotifyServer(error_message);
114 }
115
116 if (!EncryptAndSendResponse(*other_client_enc_keys, pairwise_prng_key_shares_,
117 self_prng_key_shares_, sender_.get())) {
118 return AbortAndNotifyServer(async_abort_->Message());
119 }
120
121 *own_self_key_share = self_prng_key_shares_[client_id];
122 return {std::make_unique<SecAggClientR2MaskedInputCollInputNotSetState>(
123 client_id, minimum_surviving_neighbors_for_reconstruction_,
124 number_of_alive_clients, number_of_clients,
125 std::move(input_vector_specs_), std::move(other_client_states),
126 std::move(other_client_enc_keys), std::move(other_client_prng_keys),
127 std::move(own_self_key_share), std::move(self_prng_key),
128 std::move(sender_), std::move(transition_listener_),
129 std::move(session_id), std::move(prng_factory_), async_abort_)};
130 }
131
132 StatusOr<std::unique_ptr<SecAggClientState> >
SetInput(std::unique_ptr<SecAggVectorMap> input_map)133 SecAggClientR1ShareKeysInputNotSetState::SetInput(
134 std::unique_ptr<SecAggVectorMap> input_map) {
135 if (!ValidateInput(*input_map, *input_vector_specs_)) {
136 return FCP_STATUS(INVALID_ARGUMENT)
137 << "The input to SetInput does not match the "
138 "InputVectorSpecification.";
139 }
140
141 return {std::make_unique<SecAggClientR1ShareKeysInputSetState>(
142 max_neighbors_expected_, minimum_surviving_neighbors_for_reconstruction_,
143 std::move(enc_key_agreement_), std::move(input_map),
144 std::move(input_vector_specs_), std::move(prng_),
145 std::move(prng_key_agreement_), std::move(sender_),
146 std::move(transition_listener_), std::move(prng_factory_), async_abort_)};
147 }
148
StateName() const149 std::string SecAggClientR1ShareKeysInputNotSetState::StateName() const {
150 return "R1_SHARE_KEYS_INPUT_NOT_SET";
151 }
152
153 } // namespace secagg
154 } // namespace fcp
155