immesys / wave Goto Github PK
View Code? Open in Web Editor NEWWide Area Verified Exchange - version 3
License: MIT License
wave's People
Contributors
Stargazers
Watchers
Forkers
ddreyer samkumar gtfierro appcoreopc aaronguan yijiull graydon sfstoneforest sagilio ski drag0nf1y okatzzwave's Issues
Any client libraries?
Hi again. Are there any other client libraries available? Should I just wrap wv with other languages?
automatic subject comparison when verifying proofs doesn't seem to work
Probably because the latest release binary doesn't include automatic subject comparison. I'll close this once a new release is made.
Proof failing to build for multiple permissions
Per the terminal session below, it seems that trying to build a proof on more than 2 permissions causes proof building to fail. Seems like this should be a valid action, however.
sgx@ante:~/wv_test$ wv mke -o src.ent
enter a passphrase for your entity:
wrote entity: src.ent
sgx@ante:~/wv_test$ wv mke -o dst.ent
enter a passphrase for your entity:
wrote entity: dst.ent
sgx@ante:~/wv_test$ wv inspect src.ent
= Entity
Hash: GyCR5aP98Rd9vTGyhrmsxe8hoCrT9mSbiQmXtreVfAa5RA==
Created: 2019-01-16 14:43:44 -0800 PST
Expires: 2019-02-15 14:43:44 -0800 PST
Validity:
- Valid: true
- Expired: false
- Malformed: false
- Revoked: false
- Message:
sgx@ante:~/wv_test$ export S=GyCR5aP98Rd9vTGyhrmsxe8hoCrT9mSbiQmXtreVfAa5RA==
sgx@ante:~/wv_test$ wv inspect dst.ent
= Entity
Hash: GyAHtvUoeWIWjwfZ6Egy3pghQ1vzpUDaH6CdJWW-Ipy_YA==
Created: 2019-01-16 14:43:50 -0800 PST
Expires: 2019-02-15 14:43:50 -0800 PST
Validity:
- Valid: true
- Expired: false
- Malformed: false
- Revoked: false
- Message:
sgx@ante:~/wv_test$ export D=GyAHtvUoeWIWjwfZ6Egy3pghQ1vzpUDaH6CdJWW-Ipy_YA==
sgx@ante:~/wv_test$ echo $D
GyAHtvUoeWIWjwfZ6Egy3pghQ1vzpUDaH6CdJWW-Ipy_YA==
sgx@ante:~/wv_test$ wv publish *.ent
sgx@ante:~/wv_test$ wv rtgrant --indirections 5 --attester src.ent --subject $D $S:default@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 1/2 entities
Synchronized 2/2 entities
Perspective graph sync complete
wrote attestation: att_GyDWr5kSZ272yj9eOHSqbGhbx9MvEjgDIy-Ur8fx38KQBg==.pem
published attestation
sgx@ante:~/wv_test$ wv rtgrant --indirections 5 --attester src.ent --subject $D $S:default2@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 3/4 entities
Synchronized 4/4 entities
Perspective graph sync complete
wrote attestation: att_GyCoDjTRfo33skkJDmeMBVld6uW7QXCTsEI2PTAi0wk5pA==.pem
published attestation
sgx@ante:~/wv_test$ wv rtgrant --indirections 5 --attester src.ent --subject $D $S:default3@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 4/6 entities
Synchronized 6/6 entities
Perspective graph sync complete
wrote attestation: att_GyCipk-UwcgOfGEGd0wNjoa3kW4xR59MZgvfGlE1U1Nlcg==.pem
published attestation
sgx@ante:~/wv_test$ wv rtprove --subject dst.ent $S:default,default2,default3@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 1/2 entities
inserting active attestation
inserting active attestation
Synchronized 1/3 entities
inserting active attestation
Synchronized 5/5 entities
Perspective graph sync complete
error: (911: couldn't find a proof)
sgx@ante:~/wv_test$ wv rtprove --subject dst.ent $S:default,default2@$S/default
passphrase for entity secret:
XX RESYNC
Synchronized 5/8 entities
Synchronized 8/8 entities
Perspective graph sync complete
wrote proof: proof_2019-01-16T14:48:06-08:00.pem
Mixup between generalized and UTC time in entities when using wv command line tool
When trying to unmarshal an entity that has an expiry using the generated C++ asn1 decoder, this error pops up:
D0033E: Tag mismatch or tag not expected: [UNIVERSAL 24] (expected tag [UNIVERSAL 23]); check field 'notAfter' (type: UTCTime) of field 'validity' (type: SEQUENCE) of field 'tbs' (type: SEQUENCE) of PDU #4 (type: WaveEntity) of field 'value' (type: OpenType) of PDU #1 'WaveWireObject'.
*SKIPPED*: tag = [UNIVERSAL 24] primitive; length = 19
<skipped>
D0049E: Field omitted: "notAfter"; check field 'validity' (type: SEQUENCE) of field 'tbs' (type: SEQUENCE) of PDU #4 (type: WaveEntity) of field 'value' (type: OpenType) of PDU #1 'WaveWireObject'.
Seems like there is a discrepancy between using generalized time when creating an entity in eapi.go + iapi/entity.go and in the definition of the entity serdes object
How to run it?
I didn't find the program wv in your code package
Storage testbench setup
What's the setup to run storage/testbench?
I ran the following:
- trillian/cmd/trillian_log_server, trillian/cmd/trillian_map_server, trillian/cmd/trillian_log_signer
- trillian/scripts/reset_db.sh
- init/init
- mysql -u root -p < tables.sql
- export VLDM_TREE_OPERATIONS=.... ../server
But got error at SetLeaves:
panic: rpc error: code = FailedPrecondition desc = revision must be > 0
Some Base64 hashes rejected by HTTP API
I haven't figured out where it's coming from yet, but when I use a base64 encoded hash that contains - or _ (looks to me like difference between StdEncoding and URLEncoding from encoding/base64), I get an "invalid hash" response:
import requests
import json
requests.post('http://localhost:778/v1/ResolveHash',\
data=json.dumps({"hash":"GyDIW560udmk4zVGfeJH-FJxcC8W5BVGPyWLU1-mWpAHpw=="})).json()
# {u'code': 3, u'error': u'illegal base64 data at input byte 20'}It does work from the command line though
$ ./cli resolve GyDIW560udmk4zVGfeJH-FJxcC8W5BVGPyWLU1-mWpAHpw==
= Entity
Location: default
Hash: GyDIW560udmk4zVGfeJH-FJxcC8W5BVGPyWLU1-mWpAHpw==
Created: 2018-04-25 00:23:41 -0700 PDT
Expires: 2018-05-25 00:23:41 -0700 PDT
Validity:
- Valid: true
- Expired: false
- Malformed: false
- Revoked: false
- Message:
error in creating e2ee attestation in v0.4.0
Running the script below causes the following error when creating an attestation for e2ee permissions in v0.4.0, but works fine in v0.3.0:
Traceback (most recent call last):
File "example.py", line 32, in <module>
raise Exception(att.error.message)
Exception: (203: could not encrypt (asn1: structure error: invalid object identifier))
import grpc
import wave3 as wv
channel = grpc.insecure_channel("localhost:410")
agent = wv.WAVEStub(channel)
ent = agent.CreateEntity(wv.CreateEntityParams())
ent2 = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
agent.PublishEntity(wv.PublishEntityParams(DER=ent2.PublicDER))
perspective = wv.Perspective(
entitySecret=wv.EntitySecret(DER=ent.SecretDER)
)
perspective2 = wv.Perspective(
entitySecret=wv.EntitySecret(DER=ent2.SecretDER)
)
att = agent.CreateAttestation(wv.CreateAttestationParams(
perspective=perspective,
subjectHash=ent2.hash,
publish=True,
policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=wv.WaveBuiltinPSET,
permissions=[wv.WaveBuiltinE2EE],
resource="bar",
)]
))))
if att.error.code != 0:
raise Exception(att.error.message)
Development server domain down
Hello, it seems that the development server domain at "http://standalone.storage.bwave.io/v1" is down. Will this be reinstated?
Basic Tutorial not working
Hi,
I am trying to learn WAVE for my projects. I just downloaded the release version 0.4.0, and ran ./waved to follow the instruction in README.md. However, it showed "Illegal instruction". I tried both with/without sudo. My OS is Ubuntu 18.04. I'd appreciate if you have any clue about this.
Thanks in advance.
Giving permissions to entity to publish returns error
Following command gives the error,
wv rtgrant --attester $WAVE_DEFAULT_ENTITY --subject site.ent --expiry 3y --indirections 0 "wavemq:publish@GyARFMRl6uG1jClJUrDlGFydj_8RqCCqmjN96TsOgHaYHg==/test_resource/*"
passphrase for entity secret:
Synchronized 5/6 entities
Synchronized 6/6 entities
Perspective graph sync complete
wrote attestation: att_GyC57_KDoKFAjuKGdWO-fX41C2grfMvZYENcMmsYEir3-Q==.pem
error: (204: could not put attestation (Post https://standalone.storage.bwave.io/v1/obj: x509: certificate has expired or is not yet valid))
Corresponding wave logfile,
Sep 13 16:47:37 pranavhgupta waved[5577]: se Err 1
Sep 13 16:47:37 pranavhgupta waved[5577]: Failed to synchronize entity: Get https://standalone.storage.bwave.io/v1/queue/GyARFMRl6uG1jClJUrDlGFydj_8RqCCqmjN96TsOgHaYHg==?token=2&trusted=0: x509: certificate has expired or is not yet valid
Proof of multiple permissions not verifiable with multiple attestations
Running the below script that creates 2 attestations with different permissions results in a proof that is not able to be verified, but from my understanding this should be possible? The result of running this is:
panic: (912: proof is well formed but grants insufficient permissions)
goroutine 1 [running]:
main.main()
/home/sgx/wave-verify-sgx2/enclave_plus_app_src/test_verify.go:1289 +0x1b6b
exit status 2
conn, err := grpc.Dial("127.0.0.1:410", grpc.WithInsecure(), grpc.FailOnNonTempDialError(true), grpc.WithBlock())
if err != nil {
fmt.Printf("failed to connect to agent: %v\n", err)
os.Exit(1)
}
waveconn = pb.NewWAVEClient(conn)
Src, err = waveconn.CreateEntity(context.Background(), &pb.CreateEntityParams{})
if err != nil {
panic(err)
}
if Src.Error != nil {
panic(Src.Error.Message)
}
Dst, err = waveconn.CreateEntity(context.Background(), &pb.CreateEntityParams{})
if err != nil {
panic(err)
}
if Dst.Error != nil {
panic(Dst.Error.Message)
}
srcresp, err := waveconn.PublishEntity(context.Background(), &pb.PublishEntityParams{
DER: Src.PublicDER,
Location: &pb.Location{
AgentLocation: "default",
},
})
if err != nil {
panic(err)
}
if srcresp.Error != nil {
panic(srcresp.Error.Message)
}
dstresp, err := waveconn.PublishEntity(context.Background(), &pb.PublishEntityParams{
DER: Dst.PublicDER,
Location: &pb.Location{
AgentLocation: "default",
},
})
if err != nil {
panic(err)
}
if dstresp.Error != nil {
panic(dstresp.Error.Message)
}
attresp, err := waveconn.CreateAttestation(context.Background(), &pb.CreateAttestationParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Src.SecretDER,
},
Location: &pb.Location{
AgentLocation: "default",
},
},
BodyScheme: eapi.BodySchemeWaveRef1,
SubjectHash: Dst.Hash,
SubjectLocation: &pb.Location{
AgentLocation: "default",
},
Policy: &pb.Policy{
RTreePolicy: &pb.RTreePolicy{
Namespace: Src.Hash,
Indirections: 4,
Statements: []*pb.RTreePolicyStatement{
&pb.RTreePolicyStatement{
PermissionSet: Src.Hash,
Permissions: []string{"default"},
Resource: "default",
},
},
},
},
})
if err != nil {
panic(err)
}
if attresp.Error != nil {
panic(attresp.Error.Message)
}
attpub, err := waveconn.PublishAttestation(context.Background(), &pb.PublishAttestationParams{
DER: attresp.DER,
})
if err != nil {
panic(err)
}
if attpub.Error != nil {
panic(attpub.Error.Message)
}
attresp, err = waveconn.CreateAttestation(context.Background(), &pb.CreateAttestationParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Src.SecretDER,
},
Location: &pb.Location{
AgentLocation: "default",
},
},
BodyScheme: eapi.BodySchemeWaveRef1,
SubjectHash: Dst.Hash,
SubjectLocation: &pb.Location{
AgentLocation: "default",
},
Policy: &pb.Policy{
RTreePolicy: &pb.RTreePolicy{
Namespace: Src.Hash,
Indirections: 4,
Statements: []*pb.RTreePolicyStatement{
&pb.RTreePolicyStatement{
PermissionSet: Src.Hash,
Permissions: []string{"default2"},
Resource: "default",
},
},
},
},
})
if err != nil {
panic(err)
}
if attresp.Error != nil {
panic(attresp.Error.Message)
}
attpub, err = waveconn.PublishAttestation(context.Background(), &pb.PublishAttestationParams{
DER: attresp.DER,
})
if err != nil {
panic(err)
}
if attpub.Error != nil {
panic(attpub.Error.Message)
}
waveconn.ResyncPerspectiveGraph(context.Background(), &pb.ResyncPerspectiveGraphParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Dst.SecretDER,
},
},
})
cl, err := waveconn.WaitForSyncComplete(context.Background(), &pb.SyncParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Dst.SecretDER,
},
},
})
if err != nil {
panic(err)
}
for {
_, err := cl.Recv()
if err == io.EOF {
break
}
}
proofresp, err := waveconn.BuildRTreeProof(context.Background(), &pb.BuildRTreeProofParams{
Perspective: &pb.Perspective{
EntitySecret: &pb.EntitySecret{
DER: Dst.SecretDER,
},
Location: &pb.Location{
AgentLocation: "default",
},
},
SubjectHash: Dst.Hash,
Namespace: Src.Hash,
Statements: []*pb.RTreePolicyStatement{
&pb.RTreePolicyStatement{
PermissionSet: Src.Hash,
Permissions: []string{"default", "default2"},
Resource: "default",
},
},
})
if err != nil {
panic(err)
}
if proofresp.Error != nil {
panic(proofresp.Error.Message)
}
verifyresp, err := waveconn.VerifyProof(context.Background(), &pb.VerifyProofParams{
ProofDER: proofresp.ProofDER,
Subject: Dst.Hash,
RequiredRTreePolicy: &pb.RTreePolicy{
Namespace: Src.Hash,
Statements: []*pb.RTreePolicyStatement{
&pb.RTreePolicyStatement{
PermissionSet: Src.Hash,
Permissions: []string{"default", "default2"},
Resource: "default",
},
},
},
})
if err != nil {
panic(err)
}
if verifyresp.Error != nil {
panic(verifyresp.Error.Message)
}
removed go-ethereum sha3 package
Are there plans to move to another sha3 package such as "golang.org/x/crypto/sha3"? Just wondering because go get fails due to go-ethereum having removed their sha3 package.
unexpected e2ee encryption behavior
The script below runs without any errors, which baffles me. My understanding is that special wave e2ee permissions need to be granted before a message can be decrypted on a namespace/resource. Not sure why creating an arbitrary attestation is creating e2ee keys for a different resource. Let me know if this is indeed a bug or a misunderstanding on my end. This was run using v0.3.0.
import grpc
import wave3 as wv
channel = grpc.insecure_channel("localhost:410")
agent = wv.WAVEStub(channel)
ent = agent.CreateEntity(wv.CreateEntityParams())
ent2 = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
agent.PublishEntity(wv.PublishEntityParams(DER=ent2.PublicDER))
perspective = wv.Perspective(
entitySecret=wv.EntitySecret(DER=ent.SecretDER)
)
perspective2 = wv.Perspective(
entitySecret=wv.EntitySecret(DER=ent2.SecretDER)
)
att = agent.CreateAttestation(wv.CreateAttestationParams(
perspective=perspective,
subjectHash=ent2.hash,
publish=True,
policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=ent.hash,
permissions=["foo"],
resource="bar",
)]
))))
if att.error.code != 0:
raise Exception(att.error.message)
encrypted = agent.EncryptMessage(
wv.EncryptMessageParams(
namespace=ent.hash,
resource="garbage",
content=b"hello world"))
if encrypted.error.code != 0:
raise Exception(encrypted.error.message)
resp = agent.DecryptMessage(wv.DecryptMessageParams(
perspective= perspective2,
ciphertext= encrypted.ciphertext,
resyncFirst=True))
if resp.error.code != 0:
raise Exception(resp.error.message)
print(resp.content)
panic when using an invalid namespace in EncryptMessageParams
Seems like trying to encrypt a message with a garbage namespace value causes waved to panic and quit. I ran this:
import grpc
import wave3 as wv
channel = grpc.insecure_channel("localhost:410")
agent = wv.WAVEStub(channel)
encrypted = agent.EncryptMessage(
wv.EncryptMessageParams(
namespace=b"garbage",
resource="obj1",
content=b"hello"))
if encrypted.error.code != 0:
raise Exception(encrypted.error.message)
and got
panic: Value() on unsupported hash scheme instance
goroutine 148 [running]:
github.com/immesys/wave/iapi.(*UnsupportedHashSchemeInstance).Value(0x11c6b90, 0x9ae644, 0xabe860, 0xc42027a500)
/home/immesys/w/go/src/github.com/immesys/wave/iapi/hashschemes.go:125 +0x39
github.com/immesys/wave/engine.getCachedEntity(0xc013c0, 0x11c6b90, 0x9b3348)
/home/immesys/w/go/src/github.com/immesys/wave/engine/cache.go:38 +0x56
github.com/immesys/wave/engine.(*Engine).LookupEntity(0xc42017a000, 0xbff060, 0xc420381b60, 0xc013c0, 0x11c6b90, 0xbff260, 0xc42027a500, 0x0, 0x0, 0x0, ...)
/home/immesys/w/go/src/github.com/immesys/wave/engine/external.go:453 +0x3f
github.com/immesys/wave/eapi.(*EAPI).EncryptMessage(0xc4200b4100, 0xbff060, 0xc420381b60, 0xc420708be0, 0xc4200b4100, 0xc420381ad0, 0xa8e820)
/home/immesys/w/go/src/github.com/immesys/wave/eapi/eapi.go:1016 +0x3a9
github.com/immesys/wave/eapi/pb._WAVE_EncryptMessage_Handler(0xb5d020, 0xc4200b4100, 0xbff060, 0xc420381b60, 0xc420790930, 0x0, 0x0, 0x0, 0x0, 0x0)
/home/immesys/w/go/src/github.com/immesys/wave/eapi/pb/eapi.pb.go:4346 +0x241
github.com/immesys/wave/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc42008d500, 0xc02bc0, 0xc420666180, 0xc420bd2a00, 0xc42019e990, 0x115bb98, 0x0, 0x0, 0x0)
/home/immesys/w/go/src/github.com/immesys/wave/vendor/google.golang.org/grpc/server.go:982 +0x4f9
github.com/immesys/wave/vendor/google.golang.org/grpc.(*Server).handleStream(0xc42008d500, 0xc02bc0, 0xc420666180, 0xc420bd2a00, 0x0)
/home/immesys/w/go/src/github.com/immesys/wave/vendor/google.golang.org/grpc/server.go:1208 +0x1318
github.com/immesys/wave/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc4202c6a90, 0xc42008d500, 0xc02bc0, 0xc420666180, 0xc420bd2a00)
/home/immesys/w/go/src/github.com/immesys/wave/vendor/google.golang.org/grpc/server.go:686 +0x9f
created by github.com/immesys/wave/vendor/google.golang.org/grpc.(*Server).serveStreams.func1
/home/immesys/w/go/src/github.com/immesys/wave/vendor/google.golang.org/grpc/server.go:684 +0xa1
Traceback (most recent call last):
File "example.py", line 58, in <module>
content=b"hello"))
File "/home/sgx/.local/lib/python3.6/site-packages/grpc/_channel.py", line 533, in __call__
return _end_unary_response_blocking(state, call, False, None)
File "/home/sgx/.local/lib/python3.6/site-packages/grpc/_channel.py", line 467, in _end_unary_response_blocking
raise _Rendezvous(state, None, None, deadline)
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "Socket closed"
debug_error_string = "{"created":"@1542327954.004754854","description":"Error received from peer","file":"src/core/lib/surface/call.cc","file_line":1017,"grpc_message":"Socket closed","grpc_status":14}"
>
[1]+ Exit 2 sudo waved
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.