Merge BeamSEL transport capabilities

CMakeLists.txt

@@ -22,7 +22,7 @@ set(${P}_EXTRA_WARNING_FLAGS
 
 # Custom compiler and linker flags
 add_compile_options("-pipe"
-  "$<$<CONFIG:RELEASE>:-O2;-march=native>"
+  "$<$<CONFIG:RELEASE>:-O2>"
   "$<$<CONFIG:DEBUG>:-O0;-g3;-ggdb>"
   ${CMAKE_FLAGS_EXTRA})
 list(APPEND CMAKE_EXE_LINKER_FLAGS ${CMAKE_EXE_LINKER_FLAGS_EXTRA})

Dockerfile.distroless

@@ -19,6 +19,9 @@ RUN apt-get update && \
   libboost-thread-dev \
   libgmp-dev \
   libcurl4-openssl-dev \
+  libpython3-dev \
+  python3 \
+  # python-is-python3 \
   && rm -rf /var/lib/apt/lists/*
 
 
@@ -32,6 +35,7 @@ COPY cmake cmake
 COPY include include
 COPY test test
 COPY scripts scripts
+COPY pysel pysel
 COPY CMakeLists.txt sepilinker.cpp ./
 
 # build!

Dockerfile.ubuntu

@@ -1,40 +1,42 @@
-FROM ubuntu:rolling as build
+FROM ubuntu:22.04 AS build
 
 # Backup libs so we know what to copy later to runtime image
 RUN find /lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/ -name '*.so*' > /shared-libs.list
 
-RUN apt-get update && \
-  apt-get install -y --no-install-recommends \
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
+  DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
   dpkg-dev \
-  g++-8 \
-  libc6-dev \
+  g++-10 \
   libssl-dev \
   openssl \
   cmake \
-  libboost-dev \
-  libboost-system-dev \
-  libboost-thread-dev \
+  libboost-all-dev \
   libgmp-dev \
+  python3 \
+  libpython3-dev \
   libcurl4-openssl-dev \
+  python3-distutils \
   && rm -rf /var/lib/apt/lists/*
 
-# We only installed gcc-8 -> make default
-RUN ln -s /usr/bin/gcc-8 /usr/bin/gcc \
-  && ln -s /usr/bin/g++-8 /usr/bin/g++ \
-  && ln -s /usr/bin/gcov-8 /usr/bin/gcov
+# We only installed gcc-10 -> make default
+RUN ln -s /usr/bin/gcc-10 /usr/bin/gcc \
+  && ln -s /usr/bin/g++-10 /usr/bin/g++ \
+  && ln -s /usr/bin/gcov-10 /usr/bin/gcov
 
 WORKDIR /app
 COPY extern extern
 COPY cmake cmake
 COPY include include
 COPY test test
 COPY scripts scripts
+COPY pysel pysel
 COPY CMakeLists.txt sepilinker.cpp ./
 
 # build!
 WORKDIR /app/build
 RUN cmake \
   -DCMAKE_FLAGS_EXTRA=-w \
+  -DCMAKE_BUILD_TYPE=Release \
   .. \
   && make sel -j $(nproc)
 
@@ -54,7 +56,7 @@ WORKDIR /app/data
 RUN ../scripts/genkeys.sh .
 
 # copy everything into minimal image
-FROM ubuntu:rolling
+FROM ubuntu:22.04
 
 RUN groupadd -r sel && useradd --no-log-init -r -g sel sel
 
@@ -73,8 +75,8 @@ RUN mkdir /log && chown sel:sel /log
 # find libraries in the correct order
 ENV LD_LIBRARY_PATH=/lib/x86_64-linux-gnu/:/deps/
 
-EXPOSE 8161
-EXPOSE 1337-1344
+# EXPOSE 8161
+# EXPOSE 1337-1344
 
 USER sel:sel
 ENTRYPOINT ["/app/sel"]

include/authenticator.cpp

@@ -75,8 +75,12 @@ SessionResponse Authenticator::check_authentication_header(
   auto logger = get_logger();
   try {
     string auth_info;
-    if (auto it = header.find("Authorization"); it != header.end()) {
+    if (auto it = header.find("Authorization"), it2 = header.find("authorization"); it != header.end() || it2 != header.end()) {
+      if (it != header.end()) {
       auth_info = it->second;
+      } else {
+      auth_info = it2->second;
+      }
       return check_authentication(auth_info);
     } else {  // No auth header
       auto type{print_auth_type()};

include/headerhandlerfunctions.cpp

@@ -47,16 +47,16 @@ SessionResponse init_mpc(const shared_ptr<restbed::Session>&,
       auth_result.return_code != 200){ // auth not ok
     return auth_result;
   }
-  if(header.find("Record-Number") == header.end()) {
+  if(header.find("record-number") == header.end()) {
     logger->error("No client record number from {}", remote_id);
     return responses::status_error(400, "No client record number transmitted");
   }
-  if(header.find("Counting-Mode") == header.end()) {
+  if(header.find("counting-mode") == header.end()) {
     counting_mode = false;
   }
   aby_server_port = ServerHandler::cget().get_server_port(remote_id);
-  size_t num_records = stoull(header.find("Record-Number")->second);
-  counting_mode = header.find("Counting-Mode")->second == "true" ? true : false;
+  size_t num_records = stoull(header.find("record-number")->second);
+  counting_mode = header.find("counting-mode")->second == "true" ? true : false;
   size_t server_record_number;
   shared_ptr<const ServerData> data;
   try {

include/jsonhandlerfunctions.cpp

@@ -126,6 +126,7 @@ SessionResponse create_job(
 #ifdef SEL_MATCHING_MODE
         if(counting_mode){
           job->set_counting_job();
+          logger->debug("Set job to counting job");
         }
 #endif
         server_handler.add_linkage_job(remote_id, job);

include/linkagejob.cpp

@@ -177,6 +177,7 @@ size_t LinkageJob::get_server_nvals(size_t num_records) {
       "Authorization: "s+m_remote_config->get_remote_authenticator().sign_transaction(""),
       "Record-Number: "s + to_string(num_records),
       "Counting-Mode: "s + (m_counting_job ? "true" : "false"),
+      "beam-remote: "s + m_remote_config->get_id(),
       "Content-Type: application/json"};
   string url{assemble_remote_url(m_remote_config) + "/initMPC/"+m_local_config->get_local_id()};
   logger->debug("Sending {} request to {}\n",(m_counting_job ? "matching" : "linkage"), url);
@@ -186,7 +187,7 @@ size_t LinkageJob::get_server_nvals(size_t num_records) {
     logger->debug("Response stream:\n{} - {}\n",response.return_code, response.body);
     // get nvals from response header
     if (response.return_code == 200) {
-      return stoull(get_headers(response.body, "Record-Number").front());
+      return stoull(get_headers(response.body, "record-number").front());
     } else {
       logger->error("Error communicating with remote epilinker: {} - {}", response.return_code, response.body);
     }

include/remoteconfiguration.cpp

@@ -93,7 +93,8 @@ void RemoteConfiguration::test_configuration(
   auto logger{get_logger()};
   auto data = client_config.dump();
   list<string> headers{"Authorization: "s + m_connection_profile.authenticator.sign_transaction(""),
-                       "Content-Type: application/json" };
+                       "Content-Type: application/json",
+                       "beam-remote: "s + m_remote_id};
   string url{assemble_remote_url(this) + "/testConfig/" + client_id};
 
   logger->debug("Sending config test to: {}\n", url);
@@ -108,13 +109,16 @@ void RemoteConfiguration::test_configuration(
     logger->error("Configuration is not compatible to remote config");
     return;
   }
-  const auto aby_server_port{get_headers(response.body, "SEL-Port")};
+  const auto aby_server_port{get_headers(response.body, "sel-port")};
+  logger->debug("Response.body: {}", response.body);
+  logger->debug("ABY Port: {}", aby_server_port);
   if (!aby_server_port.empty()) {
     logger->info("Client registered aby Port {}", aby_server_port.front());
     set_aby_port(stoul(aby_server_port.front()));
     mark_mutually_initialized();
     std::thread client_creator([this](){ServerHandler::get().insert_client(m_remote_id);});
     client_creator.detach();
+    logger->info("Creating client {}", m_remote_id);
   }
 }
 

include/secure_epilinker.cpp

@@ -52,7 +52,7 @@ SecureEpilinker::SecureEpilinker(ABYConfig config, CircuitConfig circuit_config)
       ->GetCircuitBuildRoutine())},
   acirc{dynamic_cast<ArithmeticCircuit*>(party->GetSharings()[S_ARITH]->GetCircuitBuildRoutine())},
   cfg{circuit_config}, selc{make_unique_circuit_builder(cfg, bcirc, ccirc, acirc)} {
-    get_logger()->debug("SecureEpilinker created.");
+    get_logger()->debug("SecureEpilinker created:\nRole:{},host:{},port:{}",(int)config.role, config.host, config.port);
   }
 // TODO when ABY can separate circuit building/setup/online phases, we create
 // different SELCircuits per build_circuit()...

include/serverhandler.cpp

@@ -112,6 +112,7 @@ void ServerHandler::insert_server(RemoteId id, RemoteAddress remote_address) {
 void ServerHandler::add_linkage_job(const RemoteId& remote_id, const std::shared_ptr<LinkageJob>& job){
   const auto& config_handler = ConfigurationHandler::cget();
   const auto job_id = job->get_id();
+  m_logger->debug("Adding job {} with remote {}", job_id, remote_id);
   if(config_handler.get_remote_config(remote_id)->get_mutual_initialization_status()) {
     m_client_jobs.emplace(job_id, job);
     m_worker_threads.at(remote_id).push(job);