immesys / wave Goto Github PK
View Code? Open in Web Editor NEWWide Area Verified Exchange - version 3
License: MIT License
Wide Area Verified Exchange - version 3
License: MIT License
Hi again. Are there any other client libraries available? Should I just wrap wv
with other languages?
Probably because the latest release binary doesn't include automatic subject comparison. I'll close this once a new release is made.
Per the terminal session below, it seems that trying to build a proof on more than 2 permissions causes proof building to fail. Seems like this should be a valid action, however.
sgx@ante:~/wv_test$ wv mke -o src.ent
enter a passphrase for your entity:
wrote entity: src.ent
sgx@ante:~/wv_test$ wv mke -o dst.ent
enter a passphrase for your entity:
wrote entity: dst.ent
sgx@ante:~/wv_test$ wv inspect src.ent
= Entity
Hash: GyCR5aP98Rd9vTGyhrmsxe8hoCrT9mSbiQmXtreVfAa5RA==
Created: 2019-01-16 14:43:44 -0800 PST
Expires: 2019-02-15 14:43:44 -0800 PST
Validity:
- Valid: true
- Expired: false
- Malformed: false
- Revoked: false
- Message:
sgx@ante:~/wv_test$ export S=GyCR5aP98Rd9vTGyhrmsxe8hoCrT9mSbiQmXtreVfAa5RA==
sgx@ante:~/wv_test$ wv inspect dst.ent
= Entity
Hash: GyAHtvUoeWIWjwfZ6Egy3pghQ1vzpUDaH6CdJWW-Ipy_YA==
Created: 2019-01-16 14:43:50 -0800 PST
Expires: 2019-02-15 14:43:50 -0800 PST
Validity:
- Valid: true
- Expired: false
- Malformed: false
- Revoked: false
- Message:
sgx@ante:~/wv_test$ export D=GyAHtvUoeWIWjwfZ6Egy3pghQ1vzpUDaH6CdJWW-Ipy_YA==
sgx@ante:~/wv_test$ echo $D
GyAHtvUoeWIWjwfZ6Egy3pghQ1vzpUDaH6CdJWW-Ipy_YA==
sgx@ante:~/wv_test$ wv publish *.ent
sgx@ante:~/wv_test$ wv rtgrant --indirections 5 --attester src.ent --subject $D $S:default@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 1/2 entities
Synchronized 2/2 entities
Perspective graph sync complete
wrote attestation: att_GyDWr5kSZ272yj9eOHSqbGhbx9MvEjgDIy-Ur8fx38KQBg==.pem
published attestation
sgx@ante:~/wv_test$ wv rtgrant --indirections 5 --attester src.ent --subject $D $S:default2@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 3/4 entities
Synchronized 4/4 entities
Perspective graph sync complete
wrote attestation: att_GyCoDjTRfo33skkJDmeMBVld6uW7QXCTsEI2PTAi0wk5pA==.pem
published attestation
sgx@ante:~/wv_test$ wv rtgrant --indirections 5 --attester src.ent --subject $D $S:default3@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 4/6 entities
Synchronized 6/6 entities
Perspective graph sync complete
wrote attestation: att_GyCipk-UwcgOfGEGd0wNjoa3kW4xR59MZgvfGlE1U1Nlcg==.pem
published attestation
sgx@ante:~/wv_test$ wv rtprove --subject dst.ent $S:default,default2,default3@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 1/2 entities
inserting active attestation
inserting active attestation
Synchronized 1/3 entities
inserting active attestation
Synchronized 5/5 entities
Perspective graph sync complete
error: (911: couldn't find a proof)
sgx@ante:~/wv_test$ wv rtprove --subject dst.ent $S:default,default2@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 5/8 entities
Synchronized 8/8 entities
Perspective graph sync complete
wrote proof: proof_2019-01-16T14:48:06-08:00.pem
When trying to unmarshal an entity that has an expiry using the generated C++ asn1 decoder, this error pops up:
D0033E: Tag mismatch or tag not expected: [UNIVERSAL 24] (expected tag [UNIVERSAL 23]); check field 'notAfter' (type: UTCTime) of field 'validity' (type: SEQUENCE) of field 'tbs' (type: SEQUENCE) of PDU #4 (type: WaveEntity) of field 'value' (type: OpenType) of PDU #1 'WaveWireObject'.
*SKIPPED*: tag = [UNIVERSAL 24] primitive; length = 19
<skipped>
D0049E: Field omitted: "notAfter"; check field 'validity' (type: SEQUENCE) of field 'tbs' (type: SEQUENCE) of PDU #4 (type: WaveEntity) of field 'value' (type: OpenType) of PDU #1 'WaveWireObject'.
Seems like there is a discrepancy between using generalized time when creating an entity in eapi.go + iapi/entity.go and in the definition of the entity serdes object
I didn't find the program wv in your code package
What's the setup to run storage/testbench?
I ran the following:
But got error at SetLeaves:
panic: rpc error: code = FailedPrecondition desc = revision must be > 0
I haven't figured out where it's coming from yet, but when I use a base64 encoded hash that contains -
or _
(looks to me like difference between StdEncoding and URLEncoding from encoding/base64
), I get an "invalid hash"
response:
import requests
import json
requests.post('http://localhost:778/v1/ResolveHash',\
data=json.dumps({"hash":"GyDIW560udmk4zVGfeJH-FJxcC8W5BVGPyWLU1-mWpAHpw=="})).json()
# {u'code': 3, u'error': u'illegal base64 data at input byte 20'}
It does work from the command line though
$ ./cli resolve GyDIW560udmk4zVGfeJH-FJxcC8W5BVGPyWLU1-mWpAHpw==
= Entity
Location: default
Hash: GyDIW560udmk4zVGfeJH-FJxcC8W5BVGPyWLU1-mWpAHpw==
Created: 2018-04-25 00:23:41 -0700 PDT
Expires: 2018-05-25 00:23:41 -0700 PDT
Validity:
- Valid: true
- Expired: false
- Malformed: false
- Revoked: false
- Message:
Running the script below causes the following error when creating an attestation for e2ee permissions in v0.4.0, but works fine in v0.3.0:
Traceback (most recent call last):
File "example.py", line 32, in <module>
raise Exception(att.error.message)
Exception: (203: could not encrypt (asn1: structure error: invalid object identifier))
import grpc
import wave3 as wv
channel = grpc.insecure_channel("localhost:410")
agent = wv.WAVEStub(channel)
ent = agent.CreateEntity(wv.CreateEntityParams())
ent2 = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
agent.PublishEntity(wv.PublishEntityParams(DER=ent2.PublicDER))
perspective = wv.Perspective(
entitySecret=wv.EntitySecret(DER=ent.SecretDER)
)
perspective2 = wv.Perspective(
entitySecret=wv.EntitySecret(DER=ent2.SecretDER)
)
att = agent.CreateAttestation(wv.CreateAttestationParams(
perspective=perspective,
subjectHash=ent2.hash,
publish=True,
policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=wv.WaveBuiltinPSET,
permissions=[wv.WaveBuiltinE2EE],
resource="bar",
)]
))))
if att.error.code != 0:
raise Exception(att.error.message)
Hello, it seems that the development server domain at "http://standalone.storage.bwave.io/v1" is down. Will this be reinstated?
Hi,
I am trying to learn WAVE for my projects. I just downloaded the release version 0.4.0, and ran ./waved
to follow the instruction in README.md. However, it showed "Illegal instruction". I tried both with/without sudo. My OS is Ubuntu 18.04. I'd appreciate if you have any clue about this.
Thanks in advance.
Following command gives the error,
wv rtgrant --attester $WAVE_DEFAULT_ENTITY --subject site.ent --expiry 3y --indirections 0 "wavemq:publish@GyARFMRl6uG1jClJUrDlGFydj_8RqCCqmjN96TsOgHaYHg==/test_resource/*"
passphrase for entity secret:
Synchronized 5/6 entities
Synchronized 6/6 entities
Perspective graph sync complete
wrote attestation: att_GyC57_KDoKFAjuKGdWO-fX41C2grfMvZYENcMmsYEir3-Q==.pem
error: (204: could not put attestation (Post https://standalone.storage.bwave.io/v1/obj: x509: certificate has expired or is not yet valid))
Corresponding wave logfile,
Sep 13 16:47:37 pranavhgupta waved[5577]: se Err 1
Sep 13 16:47:37 pranavhgupta waved[5577]: Failed to synchronize entity: Get https://standalone.storage.bwave.io/v1/queue/GyARFMRl6uG1jClJUrDlGFydj_8RqCCqmjN96TsOgHaYHg==?token=2&trusted=0: x509: certificate has expired or is not yet valid
Running the below script that creates 2 attestations with different permissions results in a proof that is not able to be verified, but from my understanding this should be possible? The result of running this is:
panic: (912: proof is well formed but grants insufficient permissions)
goroutine 1 [running]:
main.main()
/home/sgx/wave-verify-sgx2/enclave_plus_app_src/test_verify.go:1289 +0x1b6b
exit status 2
conn, err := grpc.Dial("127.0.0.1:410", grpc.WithInsecure(), grpc.FailOnNonTempDialError(true), grpc.WithBlock())
if err != nil {
fmt.Printf("failed to connect to agent: %v\n", err)
os.Exit(1)
}
waveconn = pb.NewWAVEClient(conn)
Src, err = waveconn.CreateEntity(context.Background(), &pb.CreateEntityParams{})
if err != nil {
panic(err)
}
if Src.Error != nil {
panic(Src.Error.Message)
}
Dst, err = waveconn.CreateEntity(context.Background(), &pb.CreateEntityParams{})
if err != nil {
panic(err)
}
if Dst.Error != nil {
panic(Dst.Error.Message)
}
srcresp, err := waveconn.PublishEntity(context.Background(), &pb.PublishEntityParams{
DER: Src.PublicDER,
Location: &pb.Location{
AgentLocation: "default",
},
})
if err != nil {
panic(err)
}
if srcresp.Error != nil {
panic(srcresp.Error.Message)
}
dstresp, err := waveconn.PublishEntity(context.Background(), &pb.PublishEntityParams{
DER: Dst.PublicDER,
Location: &pb.Location{
AgentLocation: "default",
},
})
if err != nil {
panic(err)
}
if dstresp.Error != nil {
panic(dstresp.Error.Message)
}
attresp, err := waveconn.CreateAttestation(context.Background(), &pb.CreateAttestationParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Src.SecretDER,
},
Location: &pb.Location{
AgentLocation: "default",
},
},
BodyScheme: eapi.BodySchemeWaveRef1,
SubjectHash: Dst.Hash,
SubjectLocation: &pb.Location{
AgentLocation: "default",
},
Policy: &pb.Policy{
RTreePolicy: &pb.RTreePolicy{
Namespace: Src.Hash,
Indirections: 4,
Statements: []*pb.RTreePolicyStatement{
&pb.RTreePolicyStatement{
PermissionSet: Src.Hash,
Permissions: []string{"default"},
Resource: "default",
},
},
},
},
})
if err != nil {
panic(err)
}
if attresp.Error != nil {
panic(attresp.Error.Message)
}
attpub, err := waveconn.PublishAttestation(context.Background(), &pb.PublishAttestationParams{
DER: attresp.DER,
})
if err != nil {
panic(err)
}
if attpub.Error != nil {
panic(attpub.Error.Message)
}
attresp, err = waveconn.CreateAttestation(context.Background(), &pb.CreateAttestationParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Src.SecretDER,
},
Location: &pb.Location{
AgentLocation: "default",
},
},
BodyScheme: eapi.BodySchemeWaveRef1,
SubjectHash: Dst.Hash,
SubjectLocation: &pb.Location{
AgentLocation: "default",
},
Policy: &pb.Policy{
RTreePolicy: &pb.RTreePolicy{
Namespace: Src.Hash,
Indirections: 4,
Statements: []*pb.RTreePolicyStatement{
&pb.RTreePolicyStatement{
PermissionSet: Src.Hash,
Permissions: []string{"default2"},
Resource: "default",
},
},
},
},
})
if err != nil {
panic(err)
}
if attresp.Error != nil {
panic(attresp.Error.Message)
}
attpub, err = waveconn.PublishAttestation(context.Background(), &pb.PublishAttestationParams{
DER: attresp.DER,
})
if err != nil {
panic(err)
}
if attpub.Error != nil {
panic(attpub.Error.Message)
}
waveconn.ResyncPerspectiveGraph(context.Background(), &pb.ResyncPerspectiveGraphParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Dst.SecretDER,
},
},
})
cl, err := waveconn.WaitForSyncComplete(context.Background(), &pb.SyncParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Dst.SecretDER,
},
},
})
if err != nil {
panic(err)
}
for {
_, err := cl.Recv()
if err == io.EOF {
break
}
}
proofresp, err := waveconn.BuildRTreeProof(context.Background(), &pb.BuildRTreeProofParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Dst.SecretDER,
},
Location: &pb.Location{
AgentLocation: "default",
},
},
SubjectHash: Dst.Hash,
Namespace: Src.Hash,
Statements: []*pb.RTreePolicyStatement{
&pb.RTreePolicyStatement{
PermissionSet: Src.Hash,
Permissions: []string{"default", "default2"},
Resource: "default",
},
},
})
if err != nil {
panic(err)
}
if proofresp.Error != nil {
panic(proofresp.Error.Message)
}
verifyresp, err := waveconn.VerifyProof(context.Background(), &pb.VerifyProofParams{
ProofDER: proofresp.ProofDER,
Subject: Dst.Hash,
RequiredRTreePolicy: &pb.RTreePolicy{
Namespace: Src.Hash,
Statements: []*pb.RTreePolicyStatement{
&pb.RTreePolicyStatement{
PermissionSet: Src.Hash,
Permissions: []string{"default", "default2"},
Resource: "default",
},
},
},
})
if err != nil {
panic(err)
}
if verifyresp.Error != nil {
panic(verifyresp.Error.Message)
}
Are there plans to move to another sha3 package such as "golang.org/x/crypto/sha3"? Just wondering because go get fails due to go-ethereum having removed their sha3 package.
The script below runs without any errors, which baffles me. My understanding is that special wave e2ee permissions need to be granted before a message can be decrypted on a namespace/resource. Not sure why creating an arbitrary attestation is creating e2ee keys for a different resource. Let me know if this is indeed a bug or a misunderstanding on my end. This was run using v0.3.0.
import grpc
import wave3 as wv
channel = grpc.insecure_channel("localhost:410")
agent = wv.WAVEStub(channel)
ent = agent.CreateEntity(wv.CreateEntityParams())
ent2 = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
agent.PublishEntity(wv.PublishEntityParams(DER=ent2.PublicDER))
perspective = wv.Perspective(
entitySecret=wv.EntitySecret(DER=ent.SecretDER)
)
perspective2 = wv.Perspective(
entitySecret=wv.EntitySecret(DER=ent2.SecretDER)
)
att = agent.CreateAttestation(wv.CreateAttestationParams(
perspective=perspective,
subjectHash=ent2.hash,
publish=True,
policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=ent.hash,
permissions=["foo"],
resource="bar",
)]
))))
if att.error.code != 0:
raise Exception(att.error.message)
encrypted = agent.EncryptMessage(
wv.EncryptMessageParams(
namespace=ent.hash,
resource="garbage",
content=b"hello world"))
if encrypted.error.code != 0:
raise Exception(encrypted.error.message)
resp = agent.DecryptMessage(wv.DecryptMessageParams(
perspective= perspective2,
ciphertext= encrypted.ciphertext,
resyncFirst=True))
if resp.error.code != 0:
raise Exception(resp.error.message)
print(resp.content)
Seems like trying to encrypt a message with a garbage namespace value causes waved to panic and quit. I ran this:
import grpc
import wave3 as wv
channel = grpc.insecure_channel("localhost:410")
agent = wv.WAVEStub(channel)
encrypted = agent.EncryptMessage(
wv.EncryptMessageParams(
namespace=b"garbage",
resource="obj1",
content=b"hello"))
if encrypted.error.code != 0:
raise Exception(encrypted.error.message)
and got
panic: Value() on unsupported hash scheme instance
goroutine 148 [running]:
github.com/immesys/wave/iapi.(*UnsupportedHashSchemeInstance).Value(0x11c6b90, 0x9ae644, 0xabe860, 0xc42027a500)
/home/immesys/w/go/src/github.com/immesys/wave/iapi/hashschemes.go:125 +0x39
github.com/immesys/wave/engine.getCachedEntity(0xc013c0, 0x11c6b90, 0x9b3348)
/home/immesys/w/go/src/github.com/immesys/wave/engine/cache.go:38 +0x56
github.com/immesys/wave/engine.(*Engine).LookupEntity(0xc42017a000, 0xbff060, 0xc420381b60, 0xc013c0, 0x11c6b90, 0xbff260, 0xc42027a500, 0x0, 0x0, 0x0, ...)
/home/immesys/w/go/src/github.com/immesys/wave/engine/external.go:453 +0x3f
github.com/immesys/wave/eapi.(*EAPI).EncryptMessage(0xc4200b4100, 0xbff060, 0xc420381b60, 0xc420708be0, 0xc4200b4100, 0xc420381ad0, 0xa8e820)
/home/immesys/w/go/src/github.com/immesys/wave/eapi/eapi.go:1016 +0x3a9
github.com/immesys/wave/eapi/pb._WAVE_EncryptMessage_Handler(0xb5d020, 0xc4200b4100, 0xbff060, 0xc420381b60, 0xc420790930, 0x0, 0x0, 0x0, 0x0, 0x0)
/home/immesys/w/go/src/github.com/immesys/wave/eapi/pb/eapi.pb.go:4346 +0x241
github.com/immesys/wave/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc42008d500, 0xc02bc0, 0xc420666180, 0xc420bd2a00, 0xc42019e990, 0x115bb98, 0x0, 0x0, 0x0)
/home/immesys/w/go/src/github.com/immesys/wave/vendor/google.golang.org/grpc/server.go:982 +0x4f9
github.com/immesys/wave/vendor/google.golang.org/grpc.(*Server).handleStream(0xc42008d500, 0xc02bc0, 0xc420666180, 0xc420bd2a00, 0x0)
/home/immesys/w/go/src/github.com/immesys/wave/vendor/google.golang.org/grpc/server.go:1208 +0x1318
github.com/immesys/wave/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc4202c6a90, 0xc42008d500, 0xc02bc0, 0xc420666180, 0xc420bd2a00)
/home/immesys/w/go/src/github.com/immesys/wave/vendor/google.golang.org/grpc/server.go:686 +0x9f
created by github.com/immesys/wave/vendor/google.golang.org/grpc.(*Server).serveStreams.func1
/home/immesys/w/go/src/github.com/immesys/wave/vendor/google.golang.org/grpc/server.go:684 +0xa1
Traceback (most recent call last):
File "example.py", line 58, in <module>
content=b"hello"))
File "/home/sgx/.local/lib/python3.6/site-packages/grpc/_channel.py", line 533, in __call__
return _end_unary_response_blocking(state, call, False, None)
File "/home/sgx/.local/lib/python3.6/site-packages/grpc/_channel.py", line 467, in _end_unary_response_blocking
raise _Rendezvous(state, None, None, deadline)
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "Socket closed"
debug_error_string = "{"created":"@1542327954.004754854","description":"Error received from peer","file":"src/core/lib/surface/call.cc","file_line":1017,"grpc_message":"Socket closed","grpc_status":14}"
>
[1]+ Exit 2 sudo waved
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.