From 54f286f2ee14459b64c848bca3358f9607ab1668 Mon Sep 17 00:00:00 2001 From: Johannes Graf Date: Tue, 15 Mar 2022 11:23:50 +0100 Subject: [PATCH 01/17] adapt helm chart to have more than 2 players Co-authored-by: Petra Scherer Co-authored-by: Timo Klenk Signed-off-by: Johannes Graf Signed-off-by: Petra Scherer Signed-off-by: Timo Klenk --- charts/ephemeral/templates/ephemeral.yaml | 7 +++++++ charts/ephemeral/values.yaml | 1 + 2 files changed, 8 insertions(+) diff --git a/charts/ephemeral/templates/ephemeral.yaml b/charts/ephemeral/templates/ephemeral.yaml index 8ff91fb4..a4bb39b3 100644 --- a/charts/ephemeral/templates/ephemeral.yaml +++ b/charts/ephemeral/templates/ephemeral.yaml @@ -29,6 +29,13 @@ spec: - name: "{{ .Chart.Name }}-ephemeral" image: "{{ .Values.ephemeral.image.registry }}/{{ .Values.ephemeral.image.repository }}:{{ .Values.ephemeral.image.tag }}" imagePullPolicy: {{ .Values.ephemeral.image.pullPolicy }} + {{- if .Values.ephemeral.env }} + env: + {{- range .Values.ephemeral.env }} + - name: {{ .name }} + value: {{ .value | quote}} + {{- end }} + {{- end }} ports: - name: http1 containerPort: 8080 diff --git a/charts/ephemeral/values.yaml b/charts/ephemeral/values.yaml index 0fa5b99d..434efd6d 100644 --- a/charts/ephemeral/values.yaml +++ b/charts/ephemeral/values.yaml @@ -49,6 +49,7 @@ ephemeral: spdz: prime: rInv: + env: [] networkController: image: From b67b8939bb9ca80055ec1582eb63b2fcd7d07393 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Wed, 15 Dec 2021 15:15:51 +0100 Subject: [PATCH 02/17] update to current MP-SPDZ version Co-authored-by: Petra Scherer Co-authored-by: Timo Klenk Signed-off-by: Johannes Graf Signed-off-by: Petra Scherer Signed-off-by: Timo Klenk --- cmd/discovery/main_test.go | 5 +- cmd/ephemeral/main_test.go | 3 +- pkg/ephemeral/fake_spdz_test.go | 5 +- pkg/ephemeral/io/carrier.go | 72 +++++- pkg/ephemeral/io/carrier_test.go | 130 ++++++++--- pkg/ephemeral/io/feeder.go | 3 +- pkg/ephemeral/io/feeder_test.go | 6 +- pkg/ephemeral/network/tls_connector.go | 46 ++++ pkg/ephemeral/network/tls_connector_test.go | 232 ++++++++++++++++++++ pkg/ephemeral/player.go | 3 +- pkg/ephemeral/server.go | 2 +- pkg/ephemeral/spdz.go | 8 +- pkg/ephemeral/spdz_test.go | 4 +- pkg/utils/os.go | 30 ++- pkg/utils/os_test.go | 3 +- 15 files changed, 491 insertions(+), 61 deletions(-) create mode 100644 pkg/ephemeral/network/tls_connector.go create mode 100644 pkg/ephemeral/network/tls_connector_test.go diff --git a/cmd/discovery/main_test.go b/cmd/discovery/main_test.go index 598ffdbf..2148bba8 100644 --- a/cmd/discovery/main_test.go +++ b/cmd/discovery/main_test.go @@ -7,6 +7,7 @@ package main import ( + "context" "errors" "fmt" "io/ioutil" @@ -57,7 +58,7 @@ var _ = Describe("Main", func() { }) Context("all required parameters are specified", func() { AfterEach(func() { - _, _, err := cmder.CallCMD([]string{fmt.Sprintf("rm %s", path)}, "./") + _, _, err := cmder.CallCMD(context.TODO(), []string{fmt.Sprintf("rm %s", path)}, "./") Expect(err).NotTo(HaveOccurred()) }) Context("parameters are plausible", func() { @@ -100,7 +101,7 @@ var _ = Describe("Main", func() { Context("one of the required parameters is missing", func() { Context("when no frontendURL is defined", func() { AfterEach(func() { - _, _, err := cmder.CallCMD([]string{fmt.Sprintf("rm %s", path)}, "./") + _, _, err := cmder.CallCMD(context.TODO(), []string{fmt.Sprintf("rm %s", path)}, "./") Expect(err).NotTo(HaveOccurred()) }) It("returns an error", func() { diff --git a/cmd/ephemeral/main_test.go b/cmd/ephemeral/main_test.go index 6030723b..402473b1 100644 --- a/cmd/ephemeral/main_test.go +++ b/cmd/ephemeral/main_test.go @@ -7,6 +7,7 @@ package main_test import ( + "context" "fmt" "io/ioutil" "math/rand" @@ -43,7 +44,7 @@ var _ = Describe("Main", func() { path = fmt.Sprintf("/tmp/test-%d", random) }) AfterEach(func() { - _, _, err := cmder.CallCMD([]string{fmt.Sprintf("rm %s", path)}, "./") + _, _, err := cmder.CallCMD(context.TODO(), []string{fmt.Sprintf("rm %s", path)}, "./") Expect(err).NotTo(HaveOccurred()) }) Context("when it succeeds", func() { diff --git a/pkg/ephemeral/fake_spdz_test.go b/pkg/ephemeral/fake_spdz_test.go index 83144640..6763ae4c 100644 --- a/pkg/ephemeral/fake_spdz_test.go +++ b/pkg/ephemeral/fake_spdz_test.go @@ -7,6 +7,7 @@ package ephemeral import ( + "context" "errors" "github.com/carbynestack/ephemeral/pkg/discovery/fsm" pb "github.com/carbynestack/ephemeral/pkg/discovery/transport/proto" @@ -93,14 +94,14 @@ func (f *FakePlayer) PublishEvent(name, topic string, event *pb.Event) { type FakeExecutor struct { } -func (f *FakeExecutor) CallCMD(cmd []string, dir string) ([]byte, []byte, error) { +func (f *FakeExecutor) CallCMD(theContext context.Context, cmd []string, dir string) ([]byte, []byte, error) { return []byte{}, []byte{}, nil } type BrokenFakeExecutor struct { } -func (f *BrokenFakeExecutor) CallCMD(cmd []string, dir string) ([]byte, []byte, error) { +func (f *BrokenFakeExecutor) CallCMD(theContext context.Context, cmd []string, dir string) ([]byte, []byte, error) { return []byte{}, []byte{}, errors.New("some error") } diff --git a/pkg/ephemeral/io/carrier.go b/pkg/ephemeral/io/carrier.go index 7c8ef18d..d6ea0bdd 100644 --- a/pkg/ephemeral/io/carrier.go +++ b/pkg/ephemeral/io/carrier.go @@ -8,8 +8,11 @@ package io import ( "context" + "encoding/binary" "errors" + "fmt" "github.com/carbynestack/ephemeral/pkg/amphora" + "io" "io/ioutil" "net" ) @@ -21,7 +24,7 @@ type Result struct { // AbstractCarrier is the carriers interface. type AbstractCarrier interface { - Connect(context.Context, string, string) error + Connect(int32, context.Context, string, string) error Close() error Send([]amphora.SecretShare) error Read(ResponseConverter, bool) (*Result, error) @@ -29,10 +32,11 @@ type AbstractCarrier interface { // Carrier is a TCP client for TCP sockets. type Carrier struct { - Dialer func(ctx context.Context, addr, port string) (net.Conn, error) - Conn net.Conn - Packer Packer - connected bool + Dialer func(ctx context.Context, addr, port string) (net.Conn, error) + TlsConnector func(conn net.Conn, playerID int32) (net.Conn, error) + Conn net.Conn + Packer Packer + connected bool } // Config contains TCP connection properties of Carrier. @@ -42,16 +46,55 @@ type Config struct { } // Connect establishes a TCP connection to a socket on a given host and port. -func (c *Carrier) Connect(ctx context.Context, host, port string) error { +func (c *Carrier) Connect(playerID int32, ctx context.Context, host string, port string) error { conn, err := c.Dialer(ctx, host, port) if err != nil { return err } - c.Conn = conn + + _, err = conn.Write(c.buildHeader(playerID)) + if err != nil { + return err + } + + c.Conn, err = c.TlsConnector(conn, playerID) + if err != nil { + return err + } + + if playerID == 0 { + err = c.readSpec() + if err != nil { + return err + } + } + c.connected = true return nil } +func (c Carrier) readSpec() error { + const size = 4 + + readBytes := make([]byte, size) + _, err := io.LimitReader(c.Conn, size).Read(readBytes) + if err != nil { + return err + } + + sizeOfHeader := binary.LittleEndian.Uint32(readBytes) + + readBytes = make([]byte, sizeOfHeader) + _, err = io.LimitReader(c.Conn, int64(sizeOfHeader)).Read(readBytes) + if err != nil { + return err + } + + //ToDo, compare read PRIME with prime number from config? + + return nil +} + // Close closes the underlying TCP connection. func (c *Carrier) Close() error { if c.connected { @@ -68,16 +111,31 @@ func (c *Carrier) Send(secret []amphora.SecretShare) error { shares = append(shares, secret[i].Data) } err := c.Packer.Marshal(shares, &input) + if err != nil { return err } _, err = c.Conn.Write(input) + if err != nil { return err } return nil } +// Returns a new Slice with the header appended +// The header consists of the clientId as string: +// - 1 Long (4 Byte) that contains the length of the string in bytes +// - Then come X Bytes for the String +func (c *Carrier) buildHeader(playerId int32) []byte { + playerIdString := []byte(fmt.Sprintf("%d", playerId)) + + lengthOfString := make([]byte, 4) + binary.LittleEndian.PutUint32(lengthOfString, uint32(len(playerIdString))) + + return append(lengthOfString, playerIdString...) +} + // Read reads the response from the TCP connection and unmarshals it. func (c *Carrier) Read(conv ResponseConverter, bulkObjects bool) (*Result, error) { resp := []byte{} diff --git a/pkg/ephemeral/io/carrier_test.go b/pkg/ephemeral/io/carrier_test.go index 5ed31b52..53f26aff 100644 --- a/pkg/ephemeral/io/carrier_test.go +++ b/pkg/ephemeral/io/carrier_test.go @@ -9,17 +9,18 @@ package io_test import ( "context" "fmt" - "net" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "github.com/carbynestack/ephemeral/pkg/amphora" . "github.com/carbynestack/ephemeral/pkg/ephemeral/io" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "net" + "sync" ) var _ = Describe("Carrier", func() { var ctx = context.TODO() + var playerId = int32(1) // PlayerID 1, since PlayerID==0 contains another check when connecting + It("connects to a socket", func() { var connected bool conn := FakeNetConnection{} @@ -27,10 +28,14 @@ var _ = Describe("Carrier", func() { connected = true return &conn, nil } + fakeTlsConnector := func(connection net.Conn, playerID int32) (net.Conn, error) { + return connection, nil + } carrier := Carrier{ - Dialer: fakeDialer, + Dialer: fakeDialer, + TlsConnector: fakeTlsConnector, } - err := carrier.Connect(context.TODO(), "", "") + err := carrier.Connect(playerId, context.TODO(), "", "") Expect(connected).To(BeTrue()) Expect(err).NotTo(HaveOccurred()) }) @@ -39,10 +44,14 @@ var _ = Describe("Carrier", func() { fakeDialer := func(ctx context.Context, addr, port string) (net.Conn, error) { return &conn, nil } + fakeTlsConnector := func(connection net.Conn, playerID int32) (net.Conn, error) { + return connection, nil + } carrier := Carrier{ - Dialer: fakeDialer, + Dialer: fakeDialer, + TlsConnector: fakeTlsConnector, } - err := carrier.Connect(context.TODO(), "", "") + err := carrier.Connect(playerId, context.TODO(), "", "") Expect(err).NotTo(HaveOccurred()) err = carrier.Close() Expect(err).NotTo(HaveOccurred()) @@ -50,20 +59,26 @@ var _ = Describe("Carrier", func() { }) var ( - secret []amphora.SecretShare - output []byte - client, server net.Conn - dialer func(ctx context.Context, addr, port string) (net.Conn, error) + secret []amphora.SecretShare + output []byte + connectionOutput []byte //Will contain (length 4 byte, playerId 1 byte) + client, server net.Conn + dialer func(ctx context.Context, addr, port string) (net.Conn, error) + fakeTlsConnector func(conn net.Conn, playerID int32) (net.Conn, error) ) BeforeEach(func() { secret = []amphora.SecretShare{ amphora.SecretShare{}, } output = make([]byte, 1) + connectionOutput = make([]byte, 5) client, server = net.Pipe() dialer = func(ctx context.Context, addr, port string) (net.Conn, error) { return client, nil } + fakeTlsConnector = func(connection net.Conn, playerID int32) (net.Conn, error) { + return connection, nil + } }) Context("when sending secret shares through the carrier", func() { It("sends an amphora secret to the socket", func() { @@ -72,23 +87,28 @@ var _ = Describe("Carrier", func() { MarshalResponse: serverResponse, } carrier := Carrier{ - Dialer: dialer, - Packer: packer, + Dialer: dialer, + Packer: packer, + TlsConnector: fakeTlsConnector, } - carrier.Connect(ctx, "", "") + go server.Read(connectionOutput) + carrier.Connect(playerId, ctx, "", "") go server.Read(output) err := carrier.Send(secret) carrier.Close() Expect(err).NotTo(HaveOccurred()) Expect(output[0]).To(Equal(byte(1))) + Expect(connectionOutput).To(Equal([]byte{1, 0, 0, 0, fmt.Sprintf("%d", playerId)[0]})) }) It("returns an error when it fails to marshal the object", func() { packer := &FakeBrokenPacker{} carrier := Carrier{ - Dialer: dialer, - Packer: packer, + Dialer: dialer, + Packer: packer, + TlsConnector: fakeTlsConnector, } - carrier.Connect(ctx, "", "") + go server.Read(connectionOutput) + carrier.Connect(playerId, ctx, "", "") go server.Read(output) err := carrier.Send(secret) carrier.Close() @@ -100,10 +120,12 @@ var _ = Describe("Carrier", func() { MarshalResponse: serverResponse, } carrier := Carrier{ - Dialer: dialer, - Packer: packer, + Dialer: dialer, + Packer: packer, + TlsConnector: fakeTlsConnector, } - carrier.Connect(ctx, "", "") + go server.Read(connectionOutput) + carrier.Connect(playerId, ctx, "", "") // Closing the connection to trigger a failure due to writing into the closed socket. server.Close() err := carrier.Send(secret) @@ -120,10 +142,12 @@ var _ = Describe("Carrier", func() { UnmarshalResponse: []string{packerResponse}, } carrier := Carrier{ - Dialer: dialer, - Packer: &packer, + Dialer: dialer, + Packer: &packer, + TlsConnector: fakeTlsConnector, } - carrier.Connect(ctx, "", "") + go server.Read(connectionOutput) + carrier.Connect(playerId, ctx, "", "") go func() { server.Write(serverResponse) server.Close() @@ -140,10 +164,12 @@ var _ = Describe("Carrier", func() { UnmarshalResponse: []string{packerResponse}, } carrier := Carrier{ - Dialer: dialer, - Packer: &packer, + Dialer: dialer, + Packer: &packer, + TlsConnector: fakeTlsConnector, } - carrier.Connect(ctx, "", "") + go server.Read(connectionOutput) + carrier.Connect(playerId, ctx, "", "") server.Close() anyConverter := &PlaintextConverter{} _, err := carrier.Read(anyConverter, false) @@ -153,10 +179,12 @@ var _ = Describe("Carrier", func() { serverResponse := []byte{byte(1)} packer := &FakeBrokenPacker{} carrier := Carrier{ - Dialer: dialer, - Packer: packer, + Dialer: dialer, + Packer: packer, + TlsConnector: fakeTlsConnector, } - carrier.Connect(ctx, "", "") + go server.Read(connectionOutput) + carrier.Connect(playerId, ctx, "", "") go func() { server.Write(serverResponse) server.Close() @@ -166,4 +194,44 @@ var _ = Describe("Carrier", func() { Expect(err).To(HaveOccurred()) }) }) + + Context("when connecting as Player0", func() { + playerId := int32(0) + It("will receive and handle the server's fileHeader", func() { + // Arrange + // ToDo: Better Response for real-life scenario? + serverResponse := []byte{1, 0, 0, 0, 1} // 4 byte length + header, in this case "1". In real case Descriptor + Prime + packer := &FakeBrokenPacker{} + carrier := Carrier{ + Dialer: dialer, + Packer: packer, + TlsConnector: fakeTlsConnector, + } + + waitGroup := sync.WaitGroup{} + waitGroup.Add(1) + + go server.Read(connectionOutput) + + // Act + var errConnecting error + go func() { + errConnecting = carrier.Connect(playerId, ctx, "", "") + waitGroup.Done() + }() + + numberOfBytesWritten, errWrite := server.Write(serverResponse) + errClose := server.Close() + + // Make sure we wait until the Connect and Write are done + waitGroup.Wait() + + // Assert + Expect(connectionOutput).To(Equal([]byte{1, 0, 0, 0, fmt.Sprintf("%d", playerId)[0]})) + Expect(errConnecting).NotTo(HaveOccurred()) + Expect(errWrite).NotTo(HaveOccurred()) + Expect(numberOfBytesWritten).To(Equal(len(serverResponse))) + Expect(errClose).NotTo(HaveOccurred()) + }) + }) }) diff --git a/pkg/ephemeral/io/feeder.go b/pkg/ephemeral/io/feeder.go index d9082416..a3a2efbc 100644 --- a/pkg/ephemeral/io/feeder.go +++ b/pkg/ephemeral/io/feeder.go @@ -35,6 +35,7 @@ func NewAmphoraFeeder(l *zap.SugaredLogger, conf *SPDZEngineTypedConfig) *Amphor Packer: &SPDZPacker{ MaxBulkSize: conf.MaxBulkSize, }, + TlsConnector: network.NewTlsConnector(), } return &AmphoraFeeder{ logger: l, @@ -118,7 +119,7 @@ func (f *AmphoraFeeder) feedAndRead(params []string, port string, ctx *CtxConfig default: return nil, fmt.Errorf("no output config is given, either %s, %s or %s must be defined", PlainText, SecretShare, AmphoraSecret) } - err := f.carrier.Connect(ctx.Context, "localhost", port) + err := f.carrier.Connect(ctx.Spdz.PlayerID, ctx.Context, "localhost", port) defer f.carrier.Close() if err != nil { return nil, err diff --git a/pkg/ephemeral/io/feeder_test.go b/pkg/ephemeral/io/feeder_test.go index e40e7865..83325b6e 100644 --- a/pkg/ephemeral/io/feeder_test.go +++ b/pkg/ephemeral/io/feeder_test.go @@ -211,7 +211,7 @@ type FakeCarrier struct { isBulk bool } -func (f *FakeCarrier) Connect(context.Context, string, string) error { +func (f *FakeCarrier) Connect(int32, context.Context, string, string) error { return nil } @@ -232,7 +232,7 @@ type BrokenConnectFakeCarrier struct { isBulk bool } -func (f *BrokenConnectFakeCarrier) Connect(context.Context, string, string) error { +func (f *BrokenConnectFakeCarrier) Connect(int32, context.Context, string, string) error { return errors.New("carrier connect error") } @@ -253,7 +253,7 @@ type BrokenSendFakeCarrier struct { isBulk bool } -func (f *BrokenSendFakeCarrier) Connect(context.Context, string, string) error { +func (f *BrokenSendFakeCarrier) Connect(int32, context.Context, string, string) error { return nil } diff --git a/pkg/ephemeral/network/tls_connector.go b/pkg/ephemeral/network/tls_connector.go new file mode 100644 index 00000000..7c8cd7a8 --- /dev/null +++ b/pkg/ephemeral/network/tls_connector.go @@ -0,0 +1,46 @@ +package network + +import ( + "crypto/tls" + "fmt" + "net" +) + +func NewTlsConnector() func(conn net.Conn, playerID int32) (net.Conn, error) { + return NewTlsConnectorWithPath("Player-Data") +} + +func NewTlsConnectorWithPath(folderPath string) func(conn net.Conn, playerID int32) (net.Conn, error) { + + return func(conn net.Conn, playerID int32) (net.Conn, error) { + tlsConfig, err := getTlsConfig(playerID, folderPath) + if err != nil { + return nil, err + } + + tlsClient := tls.Client(conn, tlsConfig) + err = tlsClient.Handshake() + if err != nil { + return nil, err + } + + return net.Conn(tlsClient), nil + } +} + +func getTlsConfig(playerID int32, folder string) (*tls.Config, error) { + + certFile := fmt.Sprintf("%s/C%d.pem", folder, playerID) + keyFile := fmt.Sprintf("%s/C%d.key", folder, playerID) + cert, err := tls.LoadX509KeyPair(certFile, keyFile) + if err != nil { + return nil, err + } + + tlsConfig := &tls.Config{ + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: true, + } + + return tlsConfig, nil +} diff --git a/pkg/ephemeral/network/tls_connector_test.go b/pkg/ephemeral/network/tls_connector_test.go new file mode 100644 index 00000000..bddc0cc0 --- /dev/null +++ b/pkg/ephemeral/network/tls_connector_test.go @@ -0,0 +1,232 @@ +package network + +import ( + "crypto/tls" + "fmt" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "io/ioutil" + "net" + "os" +) + +const ( + keyFileClient = `-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCvx2eeVDXG5R+l +GlslnYNHlJgmmkLeXn5MT18qTbq3MCpB6o4rd8I2a1D/uFUht13Ourj7zilKz/5W +jcTnoVG7fiCLcBj3tXvCL5ymOGxxmQeN5siJcefpB8kcSB4RkrON9y6HCpZSIOMv +vfSVMrVMrQj/rjqsO2/Vv1A+4nETJm3GqKfwSikhgNsVcqiHYGkg0d1/3zP8CTAQ ++lp92LijeJAMCyNyHm/A+Wya3g8heRbm6lPtZWUcPOfyn3FGQ+Pu9MbBrQcPbXPW +0sjtGoBweNLYYyns3yViSp7gyOnZWaAwnQtA1T7PPNGkOYp5ehI3gA4bhhCWxbkN +ZVy0qajhAgMBAAECggEAJdsJ4706/6SklggBDS7I8Qd9ZQLf18f95y1Iz3GB/qWu +1BdRmublupaOESR/oQ0+dKEd6YzSs7vriHRrrX6+fWSCWcVAe0hoaL+cOuf34tcU +G2lSUtdnHHaCx0Z4w0wWw0IykP6ktPdENinwnJkZFnRFddrt493BDgVvoLtfosHO +Q+CcX6SmjfS3i0GSsDbI1sBAtH9vP+cCJeXWYtVcPRX9zoX3oYY9zBxuuiarcZku +3mcx22WFi4t30o2jCFwshhjY3W5mxZ3icCZ/mO/BS8FOYk4+BJUQtlxhDvJSjg/u +jCmmFi6WwtceKEhSL6IyiRFLzec60ITlR9U9YB/UqQKBgQDl6sMr/++hzQvOv58c +zoOfBKejHao7Bx9MkFLtQ4KXf4Ypc2uZh/XenziBb+tKRJ5mSXV8NLHs/zrdxPeY +ps0AYkWl9xVR1hKYlnQ75DCbs6zkIEKbKZ1xq5X1TfAmIyHmUcttD5BvQLAeQyG3 ++iNo2yFUgg6BywS4E6biL40zkwKBgQDDuF3FW2K5Ms5ntw/o/d55scinx05C74D6 +Oy+HesRs6bg77R07fr9Xqgnawqpn2Jk9TRFL5yVJTEHcXH9xMzHgNQ128SGNnDtC +T5/jfalj92hjdmt/gwdGK6PN+IDgb3h3vMnQZszK4zhXP78nte1QGUx2W7TZ7ZrP +C+iulm3iOwKBgQDbkkQqNRYpM6VfIWlXHXJd3xgpkx8LmFWvzPUlWh/RhxwdYfkU +et+4Z96S3suZ9cZAcU8d+0UgzO7u9DhxNHr7Lt7NDRbzPLottyHyQI6bZBBtHNH/ +VNLjx7ZCutfp1At/5gWcdgy98s0/WWVOSjie3wcJqdso4TX0hfAOetMiuQKBgDri +C+wla1U2kNypObMqNbW9JBY+IzCGJ/KgvdLvv4rY4iG9W68bmeuA78gOCwCFLM1B +k3OXjiM4OxRWC819zoKa03s2XpbhKv7vP7ZMhxrZQ2GxLfRF8nlNBdIg8n0TbFXx +yXHWi8R6iefN+O+0jzoq8lMlkgqCrrGd7pogDd0jAoGBALK43xm6ZIx5f6Ko94Vk +quXurZhmfbwiU52hBOdej6T+w2axs+mne83/HpcnWNtsmQDPN7vsfnKH/Ny4dG87 +G0iQcIEfW6OCGn1N6mr9ch7+2ihszOlKomOBxLurzw3Y7b3z0k9i1+NXeVY9agwF +U5QapxH75EeTq2YKGRjcN100 +-----END PRIVATE KEY----- +` + pemFileClient = `-----BEGIN CERTIFICATE----- +MIIC+zCCAeOgAwIBAgIUWOrYZliAZd4NDKJBNkYsOqSCj5owDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCQzAwHhcNMjIwMTI2MTI0NjQ5WhcNMjIwMjI1MTI0NjQ5 +WjANMQswCQYDVQQDDAJDMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AK/HZ55UNcblH6UaWyWdg0eUmCaaQt5efkxPXypNurcwKkHqjit3wjZrUP+4VSG3 +Xc66uPvOKUrP/laNxOehUbt+IItwGPe1e8IvnKY4bHGZB43myIlx5+kHyRxIHhGS +s433LocKllIg4y+99JUytUytCP+uOqw7b9W/UD7icRMmbcaop/BKKSGA2xVyqIdg +aSDR3X/fM/wJMBD6Wn3YuKN4kAwLI3Ieb8D5bJreDyF5FubqU+1lZRw85/KfcUZD +4+70xsGtBw9tc9bSyO0agHB40thjKezfJWJKnuDI6dlZoDCdC0DVPs880aQ5inl6 +EjeADhuGEJbFuQ1lXLSpqOECAwEAAaNTMFEwHQYDVR0OBBYEFCXac7qi2TG+j/CQ +fVyvM6W3JfONMB8GA1UdIwQYMBaAFCXac7qi2TG+j/CQfVyvM6W3JfONMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE0xk3rMO3xmpq1mwWGGQ/B2 +J9Xlqf5qwr63MNz6aIcKrlyk2+OLLaDm8RrF7wFNQ+uvMKKg6bLF7jW7MAX9WMO7 +giiT5ySjxddDT0cbSA3HcG3Ria9P6c02VZVt057M1FzXweR/FiJA1Tocn43lXrBT +n2sAiRtO4sxbfhUdIJI1Vh7UUhyAJLe3lVcG/AMMmPG/IedguhMbdalm5/gEaIIc +LjHyQLPWzHQTiUvj+AjpTmCN+3ZbBS/8r4g7XJ7/zvawXxi1Lk9fvSGWGkQLwHJ0 +DupEw8GWmc9H0cyY93qtEqKLQPvEDDdvhPoENcf/P6/BD1Z8lMmSMvZ+s6M7VfQ= +-----END CERTIFICATE----- +` + + keyFileServer = `-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwdCqmEjiMVBPK +m31IG+I+xwgX+EnEpnrBnlOa0WhFzaMrwqXpijgMA+dLNR8a1zpyhglWBsqm8dpN +7tEV19piizOmxZtZee7h1Hdso/+4U106NqzX5HKwuqZVSOjVN29SFKq0sNricIX1 +HabE5LYyBQJtzMzxAZwclb+e7uGBfHJDsOk3hOhs3bkJyV3eRa0uHH2Bu4CPH6L9 +bcisFCmHiykZeZaY+BpRkS0c5+h7umLrKSGUe37/vf9UY9niLDUNolHePS/iQnmb +Hv1l/mDl2LvNy5OSCSvOE6L0GMCUDnYmYf6F999LLdQgC7gcZCp3rujZ4MYUsqR2 +Nqp46LdbAgMBAAECggEBAJ6ViM8AiTn1RmRNImdwSAHLtwZz6ziFtsXUmacGlQRH +MGLf6WTfCEgkKfd5op7o2Gqc9D8Qk4k+y8hG3jsXZ/owyRcVee0MnRjxbvOA4Q60 +PZFYGjdd5YXX+i2j/T3DOJU4ZcNHPzFLl9kX8Q37z5Nc1TYBXh8sJzW5kCIy5xEL +XAKNcwGTZF1ml3jkWkFl3LukS3DP8fF1qDvD987YGuc9oVliYW1F0oKL9VGyS7nB +BtQWslFdP8MbPXG1hjkFydCBiE4teqrFen6hvLdIQk7XJ88Q9UmBoOPJr6+gHuDf +vk33nVGpBVQ1UHFPnDzZyQKtlDBVEUJ8XhqzEkm4asECgYEA5sTgxJt/nJCL9Lh1 +61jFbVD21SVFEv7IWIV6YjBxzJhzGVJa6ZhrOnRTrkTAkraJ1wUd9FyIdEsL/Nvy +/z8hOAXbty1zXdpOo/BV0J6zRwJ0Cj8WVTeCUr5KGgw/pzbQdltJ+1J8jnAGbZjN +Ri/QUdryqZTQz3rD8sDVDFvLojMCgYEAw78HQ+y/gL5Z/IJww0lUYHjqcm1G5taY +3Ht6qRvkqdCmW8qC2wpKFKl9lCJfo+H1jidjhM5RTPFSlCxiWtxLAamMvfv0f3d6 +q5gPjcjak275bnmU1e0blkLEdeXQljRXH+oDmur95udzh0DrdTDJ/lqbf3uui8Uc +VApAcSbR/jkCgYAWUT/zg55Jw+jlF9m/kuw08DmOz3Xoql8xwGbfjBPVV4D6F+7W +3HiyRIG7Psbo6WJXOxV0hmZj6MYWBCdx6+cIhfiDtI+Nqgkk7Z8+97oaye/y9brx +LtcZrXF5J2oYf8KVT6rN9WI6XDci7j4b5Y/d+rCxGcU/6317wo5YDaCZ5QKBgET3 +4qRxHwxKhUQt5XM5PAx9rgVBMXEV/Wf57b71v/yBMow27yIkHvPmwANYlSAV9kHu +6OabFxQoFvN0K/ddlOPyDE/IHV5oB4W8HwbS1QiLWkEtf15cm5K21afAoFy79lKd +TkXgNDOOKytlmVCCLzl6TT1+o4JFofSOZCQ6DFUpAoGAAQdaCjX5UCeWb5e/Vbiu +SQL1RKIHkgm6gj1UjlQ981r6y+hVkBygtIr/eW0wSkFAkUrOdefHNVOQW18ESF06 +YqBL4gD7aEij9kGd0PrievimgcYYaBHOcO1RouQOURTMmWqjIPu1fyWDv+rFk+S5 +2uCuYndpzOgCiEhjDGCuSug= +-----END PRIVATE KEY-----` + + pemFileServer = `-----BEGIN CERTIFICATE----- +MIIC+zCCAeOgAwIBAgIUNI9WRun2Y+ICmpzjYRpVcJ/BBE4wDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCUDAwHhcNMjIwMTI2MTI0NjQ5WhcNMjIwMjI1MTI0NjQ5 +WjANMQswCQYDVQQDDAJQMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALB0KqYSOIxUE8qbfUgb4j7HCBf4ScSmesGeU5rRaEXNoyvCpemKOAwD50s1HxrX +OnKGCVYGyqbx2k3u0RXX2mKLM6bFm1l57uHUd2yj/7hTXTo2rNfkcrC6plVI6NU3 +b1IUqrSw2uJwhfUdpsTktjIFAm3MzPEBnByVv57u4YF8ckOw6TeE6GzduQnJXd5F +rS4cfYG7gI8fov1tyKwUKYeLKRl5lpj4GlGRLRzn6Hu6YuspIZR7fv+9/1Rj2eIs +NQ2iUd49L+JCeZse/WX+YOXYu83Lk5IJK84TovQYwJQOdiZh/oX330st1CALuBxk +Kneu6NngxhSypHY2qnjot1sCAwEAAaNTMFEwHQYDVR0OBBYEFDjtm5a7RbAFeYuQ +QfFYci+eTOeXMB8GA1UdIwQYMBaAFDjtm5a7RbAFeYuQQfFYci+eTOeXMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGo1n03gEYMsBLLaOcY7dDwn +behhLE7UP3eWRw2gpmbKfilk+dljYWsOdiQeXktE/LxyFiuBNwefI7JrypFifzio +udqYyQAJ2pvMogij+TPajaDhJxmMWqRizcAo/6cXekSCufnRbbTBENUG2ZNHRuyn +zsYFZtpxDO9LF0uutE2P6NJQpKKrCo/NGMV4AF0vy1tKp6h2fBU3K9Yn+1RihIyS +Y+sLoNiorJloqZ8qn2cULbax/xi/IcccdRJfoIjmIuSl9wUwl+lkeGB9Rlwm5iFJ +LO+mQ15hUEpbjrXF3IdY+4MjDqFOETC0KuI72yjUGPZqWe+WAhBcni3VNzs2Ik4= +-----END CERTIFICATE-----` +) + +var _ = Describe("TlsConnector", func() { + var testDataFolder string + var certificateFolder string + var playerID = int32(0) + + BeforeEach(func() { + var err error + testDataFolder, err = ioutil.TempDir("", "testData") + certificateFolder = testDataFolder + "Player-Data" + err = os.Mkdir(certificateFolder, os.ModeDir) + if err != nil { + panic(err) + } + + err = ioutil.WriteFile(fmt.Sprintf("%s/C%d.pem", certificateFolder, playerID), []byte(pemFileClient), os.ModePerm) + if err != nil { + panic(err) + } + + err = ioutil.WriteFile(fmt.Sprintf("%s/C%d.key", certificateFolder, playerID), []byte(keyFileClient), os.ModePerm) + if err != nil { + panic(err) + } + + err = ioutil.WriteFile(fmt.Sprintf("%s/P%d.pem", certificateFolder, playerID), []byte(pemFileServer), os.ModePerm) + if err != nil { + panic(err) + } + + err = ioutil.WriteFile(fmt.Sprintf("%s/P%d.key", certificateFolder, playerID), []byte(keyFileServer), os.ModePerm) + if err != nil { + panic(err) + } + }) + + AfterEach(func() { + err := os.RemoveAll(testDataFolder) + if err != nil { + panic(err) + } + }) + + Context("when trying to upgrade to a TLS connection", func() { + + var ( + tlsConnector func(conn net.Conn, playerID int32) (net.Conn, error) + client, server net.Conn + ) + + BeforeEach(func() { + tlsConnector = NewTlsConnectorWithPath(certificateFolder) + client, server = net.Pipe() + }) + + It("establishes a TLS Connection and allows to send something over the connection", func() { + // Arrange + serverPemFileLocation := fmt.Sprintf("%s/P%d.pem", certificateFolder, playerID) + serverKeyFileLocation := fmt.Sprintf("%s/P%d.key", certificateFolder, playerID) + serverCertificate, err := tls.LoadX509KeyPair(serverPemFileLocation, serverKeyFileLocation) + + if err != nil { + panic(err) + } + + serverConfig := &tls.Config{ + Certificates: []tls.Certificate{serverCertificate}, + } + + serverTlsConnection := tls.Server(server, serverConfig) + go serverTlsConnection.Handshake() + + // Act + tlsConnection, err := tlsConnector(client, playerID) + + contentToSend := []byte{byte(1)} + go tlsConnection.Write(contentToSend) + + contentToReceive := make([]byte, 1) + serverTlsConnection.Read(contentToReceive) + + // Assert + Expect(err).NotTo(HaveOccurred()) + Expect(tlsConnection).ToNot(BeNil()) + Expect(contentToReceive).To(Equal(contentToSend)) + }) + + Context("and no certificate files for the playerID exist", func() { + playerID := int32(1) + + It("errors when trying to load the certificate key pair", func() { + // Act + tlsConnection, err := tlsConnector(client, playerID) + + Expect(err).To(HaveOccurred()) + Expect(err.Error()).To(ContainSubstring("C1.pem")) + Expect(tlsConnection).To(BeNil()) + }) + }) + + Context("and the server does not have the matching certificate", func() { + playerID := int32(0) + It("will throw a TLS Error", func() { + // Arrange + serverConfig := &tls.Config{ + //No Server Certificates -> Client certificate won't match + Certificates: []tls.Certificate{}, + } + + serverTlsConnection := tls.Server(server, serverConfig) + go serverTlsConnection.Handshake() + + // Act + tlsConnection, err := tlsConnector(client, playerID) + + Expect(err).To(HaveOccurred()) + Expect(err.Error()).To(ContainSubstring("remote error: tls: unrecognized name")) + Expect(tlsConnection).To(BeNil()) + }) + }) + }) +}) diff --git a/pkg/ephemeral/player.go b/pkg/ephemeral/player.go index 07cde86a..2f755522 100644 --- a/pkg/ephemeral/player.go +++ b/pkg/ephemeral/player.go @@ -223,5 +223,6 @@ func (c *Callbacker) sendEvent(name, topic string, e interface{}) { }, } c.pb.PublishWithBody(name, topic, event, c.playerParams.GameID) - c.logger.Debugf("Sending event %v to topic %s\n", event.Name, topic) + c.logger.Debugw("Sending event", "event", event, "topic", topic) + c.logger.Debugf("Sending event.name %v to topic %s\n", event.Name, topic) } diff --git a/pkg/ephemeral/server.go b/pkg/ephemeral/server.go index 3ca8896e..5ab7ee9c 100644 --- a/pkg/ephemeral/server.go +++ b/pkg/ephemeral/server.go @@ -340,7 +340,7 @@ func (s *Server) getPodName() (string, error) { // TODO: this is brittle, read the pod name from more reliable place. // use something like os.Getenv("HOST_NAME")? cmder := s.executor - name, _, err := cmder.CallCMD([]string{"hostname"}, "/") + name, _, err := cmder.CallCMD(context.TODO(), []string{"hostname"}, "/") if err != nil { return "", err } diff --git a/pkg/ephemeral/spdz.go b/pkg/ephemeral/spdz.go index 2ae7f2d9..4704c486 100644 --- a/pkg/ephemeral/spdz.go +++ b/pkg/ephemeral/spdz.go @@ -7,6 +7,7 @@ package ephemeral import ( + "context" d "github.com/carbynestack/ephemeral/pkg/discovery" pb "github.com/carbynestack/ephemeral/pkg/discovery/transport/proto" . "github.com/carbynestack/ephemeral/pkg/ephemeral/io" @@ -209,8 +210,9 @@ func (s *SPDZEngine) Compile(ctx *CtxConfig) error { } var stdoutSlice []byte var stderrSlice []byte - command := fmt.Sprintf("./compile.py %s", appName) - stdoutSlice, stderrSlice, err = s.cmder.CallCMD([]string{command}, s.baseDir) + command := fmt.Sprintf("./compile.py -M %s", appName) + // TODO: ctx.context is nil at this time. + stdoutSlice, stderrSlice, err = s.cmder.CallCMD(context.TODO(), []string{command}, s.baseDir) stdOut := string(stdoutSlice) stdErr := string(stderrSlice) s.logger.Debugw("Compiled Successfully", "Command", command, "StdOut", stdOut, "StdErr", stdErr) @@ -228,7 +230,7 @@ func (s *SPDZEngine) getFeedPort() string { func (s *SPDZEngine) startMPC(ctx *CtxConfig) { command := []string{fmt.Sprintf("./Player-Online.x %s %s -N %s --ip-file-name %s", fmt.Sprint(s.config.PlayerID), appName, fmt.Sprint(ctx.Spdz.PlayerCount), ipFile)} s.logger.Infow("Starting Player-Online.x", GameID, ctx.Act.GameID, "command", command) - stdout, stderr, err := s.cmder.CallCMD(command, s.baseDir) + stdout, stderr, err := s.cmder.CallCMD(ctx.Context, command, s.baseDir) if err != nil { err := fmt.Errorf("error while executing the user code: %v", err) ctx.ErrCh <- err diff --git a/pkg/ephemeral/spdz_test.go b/pkg/ephemeral/spdz_test.go index 373104d9..0277d1b5 100644 --- a/pkg/ephemeral/spdz_test.go +++ b/pkg/ephemeral/spdz_test.go @@ -47,7 +47,7 @@ var _ = Describe("Spdz", func() { fileName = fmt.Sprintf("/tmp/program-%d.mpc", random) }) AfterEach(func() { - cmder.CallCMD([]string{fmt.Sprintf("rm %s", fileName)}, "./") + cmder.CallCMD(context.TODO(), []string{fmt.Sprintf("rm %s", fileName)}, "./") }) Context("writing succeeds", func() { It("writes the source code on the disk and runs the compiler", func() { @@ -63,7 +63,7 @@ var _ = Describe("Spdz", func() { } err := s.Compile(conf) Expect(err).NotTo(HaveOccurred()) - out, _, err := cmder.CallCMD([]string{fmt.Sprintf("cat %s", s.sourceCodePath)}, "./") + out, _, err := cmder.CallCMD(context.TODO(), []string{fmt.Sprintf("cat %s", s.sourceCodePath)}, "./") Expect(err).NotTo(HaveOccurred()) Expect(string(out)).To(Equal("a")) }) diff --git a/pkg/utils/os.go b/pkg/utils/os.go index f44f4d58..58478b51 100644 --- a/pkg/utils/os.go +++ b/pkg/utils/os.go @@ -8,17 +8,20 @@ package utils import ( "bytes" + "context" "errors" + "fmt" "io/ioutil" "os" "os/exec" "path/filepath" + "sync" ) // Executor is an interface for calling a command and process its output. type Executor interface { // CallCMD executes the command and returns the output's STDOUT, STDERR streams as well as any errors - CallCMD(cmd []string, dir string) ([]byte, []byte, error) + CallCMD(theContext context.Context, cmd []string, dir string) ([]byte, []byte, error) } var ( @@ -45,7 +48,7 @@ type Commander struct { // Run is a facade command that runs a single command from the current directory. func (c *Commander) Run(cmd string) ([]byte, []byte, error) { - return c.CallCMD([]string{cmd}, "./") + return c.CallCMD(context.TODO(), []string{cmd}, "./") } // CallCMD calls a specified command in sh and returns its stdout and stderr as a byte slice and potentially an error. @@ -53,10 +56,10 @@ func (c *Commander) Run(cmd string) ([]byte, []byte, error) { // ``` // If the command fails to run or doesn't complete successfully, the error is of type *ExitError. Other error types may be returned for I/O problems. // ``` -func (c *Commander) CallCMD(cmd []string, dir string) ([]byte, []byte, error) { +func (c *Commander) CallCMD(theContext context.Context, cmd []string, dir string) ([]byte, []byte, error) { baseCmd := c.Options baseCmd = append(baseCmd, cmd...) - command := exec.Command(c.Command, baseCmd...) + command := exec.CommandContext(theContext, c.Command, baseCmd...) stderrBuffer := bytes.NewBuffer([]byte{}) stdoutBuffer := bytes.NewBuffer([]byte{}) @@ -68,8 +71,23 @@ func (c *Commander) CallCMD(cmd []string, dir string) ([]byte, []byte, error) { if err != nil { return nil, nil, err } - // Check if the command finished successfully. - err = command.Wait() + + var waitGroup sync.WaitGroup + waitGroup.Add(1) + go func() { + // Check if the command finished successfully. + err = command.Wait() + defer waitGroup.Done() + + if err != nil { + println(fmt.Sprintf("Error occured!")) + println(fmt.Sprintf("StdOut: %s", stdoutBuffer.Bytes())) + println(fmt.Sprintf("StdErr: %s", stderrBuffer.Bytes())) + } + }() + + waitGroup.Wait() + if err != nil { switch err.(type) { case *exec.ExitError: diff --git a/pkg/utils/os_test.go b/pkg/utils/os_test.go index c292d0df..e137dbe7 100644 --- a/pkg/utils/os_test.go +++ b/pkg/utils/os_test.go @@ -7,6 +7,7 @@ package utils_test import ( + "context" "fmt" "io/ioutil" "math/rand" @@ -82,7 +83,7 @@ var _ = Describe("OS utils", func() { } }) AfterEach(func() { - cmder.CallCMD([]string{fmt.Sprintf("rm %s", fileName)}, "./") + cmder.CallCMD(context.TODO(), []string{fmt.Sprintf("rm %s", fileName)}, "./") }) It("reads file content", func() { data := []byte(`a`) From 772b774881e9acb5176bbf13105ee330ffbda133 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Wed, 6 Apr 2022 15:01:12 +0200 Subject: [PATCH 03/17] Fix tests Signed-off-by: Timo Klenk --- pkg/ephemeral/io/feeder_test.go | 1 + pkg/ephemeral/network/tls_connector_test.go | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/ephemeral/io/feeder_test.go b/pkg/ephemeral/io/feeder_test.go index 83325b6e..afc12132 100644 --- a/pkg/ephemeral/io/feeder_test.go +++ b/pkg/ephemeral/io/feeder_test.go @@ -44,6 +44,7 @@ var _ = Describe("Feeder", func() { conf = &CtxConfig{ Act: act, Context: context.TODO(), + Spdz: &SPDZEngineTypedConfig{PlayerCount: 2}, } }) diff --git a/pkg/ephemeral/network/tls_connector_test.go b/pkg/ephemeral/network/tls_connector_test.go index bddc0cc0..f5e7cd94 100644 --- a/pkg/ephemeral/network/tls_connector_test.go +++ b/pkg/ephemeral/network/tls_connector_test.go @@ -117,8 +117,8 @@ var _ = Describe("TlsConnector", func() { BeforeEach(func() { var err error testDataFolder, err = ioutil.TempDir("", "testData") - certificateFolder = testDataFolder + "Player-Data" - err = os.Mkdir(certificateFolder, os.ModeDir) + certificateFolder = testDataFolder + "/Player-Data" + err = os.Mkdir(certificateFolder, os.ModeDir|os.ModePerm) if err != nil { panic(err) } From 7230f33bc33af9d9fcf6b3eaab4040fb71e821d7 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Wed, 6 Apr 2022 17:29:39 +0200 Subject: [PATCH 04/17] Remove Env from chart again Signed-off-by: Timo Klenk --- charts/ephemeral/templates/ephemeral.yaml | 7 ------- charts/ephemeral/values.yaml | 1 - 2 files changed, 8 deletions(-) diff --git a/charts/ephemeral/templates/ephemeral.yaml b/charts/ephemeral/templates/ephemeral.yaml index a4bb39b3..8ff91fb4 100644 --- a/charts/ephemeral/templates/ephemeral.yaml +++ b/charts/ephemeral/templates/ephemeral.yaml @@ -29,13 +29,6 @@ spec: - name: "{{ .Chart.Name }}-ephemeral" image: "{{ .Values.ephemeral.image.registry }}/{{ .Values.ephemeral.image.repository }}:{{ .Values.ephemeral.image.tag }}" imagePullPolicy: {{ .Values.ephemeral.image.pullPolicy }} - {{- if .Values.ephemeral.env }} - env: - {{- range .Values.ephemeral.env }} - - name: {{ .name }} - value: {{ .value | quote}} - {{- end }} - {{- end }} ports: - name: http1 containerPort: 8080 diff --git a/charts/ephemeral/values.yaml b/charts/ephemeral/values.yaml index 434efd6d..0fa5b99d 100644 --- a/charts/ephemeral/values.yaml +++ b/charts/ephemeral/values.yaml @@ -49,7 +49,6 @@ ephemeral: spdz: prime: rInv: - env: [] networkController: image: From 2aafa78a52f7661f2e8b884a35ebb0b929c93b0b Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Wed, 6 Apr 2022 17:44:55 +0200 Subject: [PATCH 05/17] Removed empty lines Signed-off-by: Timo Klenk --- pkg/ephemeral/io/carrier.go | 12 ------------ pkg/ephemeral/io/carrier_test.go | 2 -- pkg/ephemeral/network/tls_connector.go | 3 --- pkg/ephemeral/network/tls_connector_test.go | 8 ++------ pkg/utils/os.go | 4 ---- 5 files changed, 2 insertions(+), 27 deletions(-) diff --git a/pkg/ephemeral/io/carrier.go b/pkg/ephemeral/io/carrier.go index d6ea0bdd..6a122da3 100644 --- a/pkg/ephemeral/io/carrier.go +++ b/pkg/ephemeral/io/carrier.go @@ -51,31 +51,26 @@ func (c *Carrier) Connect(playerID int32, ctx context.Context, host string, port if err != nil { return err } - _, err = conn.Write(c.buildHeader(playerID)) if err != nil { return err } - c.Conn, err = c.TlsConnector(conn, playerID) if err != nil { return err } - if playerID == 0 { err = c.readSpec() if err != nil { return err } } - c.connected = true return nil } func (c Carrier) readSpec() error { const size = 4 - readBytes := make([]byte, size) _, err := io.LimitReader(c.Conn, size).Read(readBytes) if err != nil { @@ -83,15 +78,12 @@ func (c Carrier) readSpec() error { } sizeOfHeader := binary.LittleEndian.Uint32(readBytes) - readBytes = make([]byte, sizeOfHeader) _, err = io.LimitReader(c.Conn, int64(sizeOfHeader)).Read(readBytes) if err != nil { return err } - //ToDo, compare read PRIME with prime number from config? - return nil } @@ -111,12 +103,10 @@ func (c *Carrier) Send(secret []amphora.SecretShare) error { shares = append(shares, secret[i].Data) } err := c.Packer.Marshal(shares, &input) - if err != nil { return err } _, err = c.Conn.Write(input) - if err != nil { return err } @@ -129,10 +119,8 @@ func (c *Carrier) Send(secret []amphora.SecretShare) error { // - Then come X Bytes for the String func (c *Carrier) buildHeader(playerId int32) []byte { playerIdString := []byte(fmt.Sprintf("%d", playerId)) - lengthOfString := make([]byte, 4) binary.LittleEndian.PutUint32(lengthOfString, uint32(len(playerIdString))) - return append(lengthOfString, playerIdString...) } diff --git a/pkg/ephemeral/io/carrier_test.go b/pkg/ephemeral/io/carrier_test.go index 53f26aff..74d9d83a 100644 --- a/pkg/ephemeral/io/carrier_test.go +++ b/pkg/ephemeral/io/carrier_test.go @@ -207,10 +207,8 @@ var _ = Describe("Carrier", func() { Packer: packer, TlsConnector: fakeTlsConnector, } - waitGroup := sync.WaitGroup{} waitGroup.Add(1) - go server.Read(connectionOutput) // Act diff --git a/pkg/ephemeral/network/tls_connector.go b/pkg/ephemeral/network/tls_connector.go index 7c8cd7a8..656edd02 100644 --- a/pkg/ephemeral/network/tls_connector.go +++ b/pkg/ephemeral/network/tls_connector.go @@ -11,7 +11,6 @@ func NewTlsConnector() func(conn net.Conn, playerID int32) (net.Conn, error) { } func NewTlsConnectorWithPath(folderPath string) func(conn net.Conn, playerID int32) (net.Conn, error) { - return func(conn net.Conn, playerID int32) (net.Conn, error) { tlsConfig, err := getTlsConfig(playerID, folderPath) if err != nil { @@ -29,7 +28,6 @@ func NewTlsConnectorWithPath(folderPath string) func(conn net.Conn, playerID int } func getTlsConfig(playerID int32, folder string) (*tls.Config, error) { - certFile := fmt.Sprintf("%s/C%d.pem", folder, playerID) keyFile := fmt.Sprintf("%s/C%d.key", folder, playerID) cert, err := tls.LoadX509KeyPair(certFile, keyFile) @@ -41,6 +39,5 @@ func getTlsConfig(playerID int32, folder string) (*tls.Config, error) { Certificates: []tls.Certificate{cert}, InsecureSkipVerify: true, } - return tlsConfig, nil } diff --git a/pkg/ephemeral/network/tls_connector_test.go b/pkg/ephemeral/network/tls_connector_test.go index f5e7cd94..5e0532d3 100644 --- a/pkg/ephemeral/network/tls_connector_test.go +++ b/pkg/ephemeral/network/tls_connector_test.go @@ -152,7 +152,6 @@ var _ = Describe("TlsConnector", func() { }) Context("when trying to upgrade to a TLS connection", func() { - var ( tlsConnector func(conn net.Conn, playerID int32) (net.Conn, error) client, server net.Conn @@ -168,21 +167,17 @@ var _ = Describe("TlsConnector", func() { serverPemFileLocation := fmt.Sprintf("%s/P%d.pem", certificateFolder, playerID) serverKeyFileLocation := fmt.Sprintf("%s/P%d.key", certificateFolder, playerID) serverCertificate, err := tls.LoadX509KeyPair(serverPemFileLocation, serverKeyFileLocation) - if err != nil { panic(err) } - serverConfig := &tls.Config{ Certificates: []tls.Certificate{serverCertificate}, } - serverTlsConnection := tls.Server(server, serverConfig) go serverTlsConnection.Handshake() // Act tlsConnection, err := tlsConnector(client, playerID) - contentToSend := []byte{byte(1)} go tlsConnection.Write(contentToSend) @@ -202,6 +197,7 @@ var _ = Describe("TlsConnector", func() { // Act tlsConnection, err := tlsConnector(client, playerID) + // Assert Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("C1.pem")) Expect(tlsConnection).To(BeNil()) @@ -216,13 +212,13 @@ var _ = Describe("TlsConnector", func() { //No Server Certificates -> Client certificate won't match Certificates: []tls.Certificate{}, } - serverTlsConnection := tls.Server(server, serverConfig) go serverTlsConnection.Handshake() // Act tlsConnection, err := tlsConnector(client, playerID) + // Assert Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("remote error: tls: unrecognized name")) Expect(tlsConnection).To(BeNil()) diff --git a/pkg/utils/os.go b/pkg/utils/os.go index 58478b51..d2d5109d 100644 --- a/pkg/utils/os.go +++ b/pkg/utils/os.go @@ -60,12 +60,10 @@ func (c *Commander) CallCMD(theContext context.Context, cmd []string, dir string baseCmd := c.Options baseCmd = append(baseCmd, cmd...) command := exec.CommandContext(theContext, c.Command, baseCmd...) - stderrBuffer := bytes.NewBuffer([]byte{}) stdoutBuffer := bytes.NewBuffer([]byte{}) command.Stderr = stderrBuffer command.Stdout = stdoutBuffer - command.Dir = dir err := command.Start() if err != nil { @@ -78,14 +76,12 @@ func (c *Commander) CallCMD(theContext context.Context, cmd []string, dir string // Check if the command finished successfully. err = command.Wait() defer waitGroup.Done() - if err != nil { println(fmt.Sprintf("Error occured!")) println(fmt.Sprintf("StdOut: %s", stdoutBuffer.Bytes())) println(fmt.Sprintf("StdErr: %s", stderrBuffer.Bytes())) } }() - waitGroup.Wait() if err != nil { From 5793780c55c84699c73c19b31f001d502a128f42 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Thu, 7 Apr 2022 10:33:38 +0200 Subject: [PATCH 06/17] Codacy comments Signed-off-by: Timo Klenk --- pkg/ephemeral/io/carrier.go | 16 +++---- pkg/ephemeral/io/carrier_test.go | 50 ++++++++++----------- pkg/ephemeral/io/feeder.go | 4 +- pkg/ephemeral/io/feeder_test.go | 6 +-- pkg/ephemeral/network/tls_connector.go | 18 +++++--- pkg/ephemeral/network/tls_connector_test.go | 10 ++--- 6 files changed, 56 insertions(+), 48 deletions(-) diff --git a/pkg/ephemeral/io/carrier.go b/pkg/ephemeral/io/carrier.go index 6a122da3..7dda3c42 100644 --- a/pkg/ephemeral/io/carrier.go +++ b/pkg/ephemeral/io/carrier.go @@ -24,7 +24,7 @@ type Result struct { // AbstractCarrier is the carriers interface. type AbstractCarrier interface { - Connect(int32, context.Context, string, string) error + Connect(context.Context, int32, string, string) error Close() error Send([]amphora.SecretShare) error Read(ResponseConverter, bool) (*Result, error) @@ -33,7 +33,7 @@ type AbstractCarrier interface { // Carrier is a TCP client for TCP sockets. type Carrier struct { Dialer func(ctx context.Context, addr, port string) (net.Conn, error) - TlsConnector func(conn net.Conn, playerID int32) (net.Conn, error) + TLSConnector func(conn net.Conn, playerID int32) (net.Conn, error) Conn net.Conn Packer Packer connected bool @@ -46,7 +46,7 @@ type Config struct { } // Connect establishes a TCP connection to a socket on a given host and port. -func (c *Carrier) Connect(playerID int32, ctx context.Context, host string, port string) error { +func (c *Carrier) Connect(ctx context.Context, playerID int32, host string, port string) error { conn, err := c.Dialer(ctx, host, port) if err != nil { return err @@ -55,7 +55,7 @@ func (c *Carrier) Connect(playerID int32, ctx context.Context, host string, port if err != nil { return err } - c.Conn, err = c.TlsConnector(conn, playerID) + c.Conn, err = c.TLSConnector(conn, playerID) if err != nil { return err } @@ -117,11 +117,11 @@ func (c *Carrier) Send(secret []amphora.SecretShare) error { // The header consists of the clientId as string: // - 1 Long (4 Byte) that contains the length of the string in bytes // - Then come X Bytes for the String -func (c *Carrier) buildHeader(playerId int32) []byte { - playerIdString := []byte(fmt.Sprintf("%d", playerId)) +func (c *Carrier) buildHeader(playerID int32) []byte { + playerIDString := []byte(fmt.Sprintf("%d", playerID)) lengthOfString := make([]byte, 4) - binary.LittleEndian.PutUint32(lengthOfString, uint32(len(playerIdString))) - return append(lengthOfString, playerIdString...) + binary.LittleEndian.PutUint32(lengthOfString, uint32(len(playerIDString))) + return append(lengthOfString, playerIDString...) } // Read reads the response from the TCP connection and unmarshals it. diff --git a/pkg/ephemeral/io/carrier_test.go b/pkg/ephemeral/io/carrier_test.go index 74d9d83a..b38ce256 100644 --- a/pkg/ephemeral/io/carrier_test.go +++ b/pkg/ephemeral/io/carrier_test.go @@ -19,7 +19,7 @@ import ( var _ = Describe("Carrier", func() { var ctx = context.TODO() - var playerId = int32(1) // PlayerID 1, since PlayerID==0 contains another check when connecting + var playerID = int32(1) // PlayerID 1, since PlayerID==0 contains another check when connecting It("connects to a socket", func() { var connected bool @@ -28,14 +28,14 @@ var _ = Describe("Carrier", func() { connected = true return &conn, nil } - fakeTlsConnector := func(connection net.Conn, playerID int32) (net.Conn, error) { + fakeTLSConnector := func(connection net.Conn, playerID int32) (net.Conn, error) { return connection, nil } carrier := Carrier{ Dialer: fakeDialer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } - err := carrier.Connect(playerId, context.TODO(), "", "") + err := carrier.Connect(context.TODO(), playerID, "", "") Expect(connected).To(BeTrue()) Expect(err).NotTo(HaveOccurred()) }) @@ -44,14 +44,14 @@ var _ = Describe("Carrier", func() { fakeDialer := func(ctx context.Context, addr, port string) (net.Conn, error) { return &conn, nil } - fakeTlsConnector := func(connection net.Conn, playerID int32) (net.Conn, error) { + fakeTLSConnector := func(connection net.Conn, playerID int32) (net.Conn, error) { return connection, nil } carrier := Carrier{ Dialer: fakeDialer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } - err := carrier.Connect(playerId, context.TODO(), "", "") + err := carrier.Connect(context.TODO(), playerID, "", "") Expect(err).NotTo(HaveOccurred()) err = carrier.Close() Expect(err).NotTo(HaveOccurred()) @@ -61,7 +61,7 @@ var _ = Describe("Carrier", func() { var ( secret []amphora.SecretShare output []byte - connectionOutput []byte //Will contain (length 4 byte, playerId 1 byte) + connectionOutput []byte //Will contain (length 4 byte, playerID 1 byte) client, server net.Conn dialer func(ctx context.Context, addr, port string) (net.Conn, error) fakeTlsConnector func(conn net.Conn, playerID int32) (net.Conn, error) @@ -89,26 +89,26 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTlsConnector, } go server.Read(connectionOutput) - carrier.Connect(playerId, ctx, "", "") + carrier.Connect(ctx, playerID, "", "") go server.Read(output) err := carrier.Send(secret) carrier.Close() Expect(err).NotTo(HaveOccurred()) Expect(output[0]).To(Equal(byte(1))) - Expect(connectionOutput).To(Equal([]byte{1, 0, 0, 0, fmt.Sprintf("%d", playerId)[0]})) + Expect(connectionOutput).To(Equal([]byte{1, 0, 0, 0, fmt.Sprintf("%d", playerID)[0]})) }) It("returns an error when it fails to marshal the object", func() { packer := &FakeBrokenPacker{} carrier := Carrier{ Dialer: dialer, Packer: packer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTlsConnector, } go server.Read(connectionOutput) - carrier.Connect(playerId, ctx, "", "") + carrier.Connect(ctx, playerID, "", "") go server.Read(output) err := carrier.Send(secret) carrier.Close() @@ -122,10 +122,10 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTlsConnector, } go server.Read(connectionOutput) - carrier.Connect(playerId, ctx, "", "") + carrier.Connect(ctx, playerID, "", "") // Closing the connection to trigger a failure due to writing into the closed socket. server.Close() err := carrier.Send(secret) @@ -144,10 +144,10 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: &packer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTlsConnector, } go server.Read(connectionOutput) - carrier.Connect(playerId, ctx, "", "") + carrier.Connect(ctx, playerID, "", "") go func() { server.Write(serverResponse) server.Close() @@ -166,10 +166,10 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: &packer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTlsConnector, } go server.Read(connectionOutput) - carrier.Connect(playerId, ctx, "", "") + carrier.Connect(ctx, playerID, "", "") server.Close() anyConverter := &PlaintextConverter{} _, err := carrier.Read(anyConverter, false) @@ -181,10 +181,10 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTlsConnector, } go server.Read(connectionOutput) - carrier.Connect(playerId, ctx, "", "") + carrier.Connect(ctx, playerID, "", "") go func() { server.Write(serverResponse) server.Close() @@ -196,7 +196,7 @@ var _ = Describe("Carrier", func() { }) Context("when connecting as Player0", func() { - playerId := int32(0) + playerID := int32(0) It("will receive and handle the server's fileHeader", func() { // Arrange // ToDo: Better Response for real-life scenario? @@ -205,7 +205,7 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TlsConnector: fakeTlsConnector, + TLSConnector: fakeTlsConnector, } waitGroup := sync.WaitGroup{} waitGroup.Add(1) @@ -214,7 +214,7 @@ var _ = Describe("Carrier", func() { // Act var errConnecting error go func() { - errConnecting = carrier.Connect(playerId, ctx, "", "") + errConnecting = carrier.Connect(ctx, playerID, "", "") waitGroup.Done() }() @@ -225,7 +225,7 @@ var _ = Describe("Carrier", func() { waitGroup.Wait() // Assert - Expect(connectionOutput).To(Equal([]byte{1, 0, 0, 0, fmt.Sprintf("%d", playerId)[0]})) + Expect(connectionOutput).To(Equal([]byte{1, 0, 0, 0, fmt.Sprintf("%d", playerID)[0]})) Expect(errConnecting).NotTo(HaveOccurred()) Expect(errWrite).NotTo(HaveOccurred()) Expect(numberOfBytesWritten).To(Equal(len(serverResponse))) diff --git a/pkg/ephemeral/io/feeder.go b/pkg/ephemeral/io/feeder.go index a3a2efbc..23a4671e 100644 --- a/pkg/ephemeral/io/feeder.go +++ b/pkg/ephemeral/io/feeder.go @@ -35,7 +35,7 @@ func NewAmphoraFeeder(l *zap.SugaredLogger, conf *SPDZEngineTypedConfig) *Amphor Packer: &SPDZPacker{ MaxBulkSize: conf.MaxBulkSize, }, - TlsConnector: network.NewTlsConnector(), + TLSConnector: network.NewTLSConnector(), } return &AmphoraFeeder{ logger: l, @@ -119,7 +119,7 @@ func (f *AmphoraFeeder) feedAndRead(params []string, port string, ctx *CtxConfig default: return nil, fmt.Errorf("no output config is given, either %s, %s or %s must be defined", PlainText, SecretShare, AmphoraSecret) } - err := f.carrier.Connect(ctx.Spdz.PlayerID, ctx.Context, "localhost", port) + err := f.carrier.Connect(ctx.Context, ctx.Spdz.PlayerID, "localhost", port) defer f.carrier.Close() if err != nil { return nil, err diff --git a/pkg/ephemeral/io/feeder_test.go b/pkg/ephemeral/io/feeder_test.go index afc12132..77d703c3 100644 --- a/pkg/ephemeral/io/feeder_test.go +++ b/pkg/ephemeral/io/feeder_test.go @@ -212,7 +212,7 @@ type FakeCarrier struct { isBulk bool } -func (f *FakeCarrier) Connect(int32, context.Context, string, string) error { +func (f *FakeCarrier) Connect(context.Context, int32, string, string) error { return nil } @@ -233,7 +233,7 @@ type BrokenConnectFakeCarrier struct { isBulk bool } -func (f *BrokenConnectFakeCarrier) Connect(int32, context.Context, string, string) error { +func (f *BrokenConnectFakeCarrier) Connect(context.Context, int32, string, string) error { return errors.New("carrier connect error") } @@ -254,7 +254,7 @@ type BrokenSendFakeCarrier struct { isBulk bool } -func (f *BrokenSendFakeCarrier) Connect(int32, context.Context, string, string) error { +func (f *BrokenSendFakeCarrier) Connect(context.Context, int32, string, string) error { return nil } diff --git a/pkg/ephemeral/network/tls_connector.go b/pkg/ephemeral/network/tls_connector.go index 656edd02..a3621125 100644 --- a/pkg/ephemeral/network/tls_connector.go +++ b/pkg/ephemeral/network/tls_connector.go @@ -6,13 +6,19 @@ import ( "net" ) -func NewTlsConnector() func(conn net.Conn, playerID int32) (net.Conn, error) { - return NewTlsConnectorWithPath("Player-Data") +// NewTLSConnector creates a TLS connector Function in the default Path "Player-Data" +// Simply delegates to NewTLSConnectorWithPath +func NewTLSConnector() func(conn net.Conn, playerID int32) (net.Conn, error) { + return NewTLSConnectorWithPath("Player-Data") } -func NewTlsConnectorWithPath(folderPath string) func(conn net.Conn, playerID int32) (net.Conn, error) { +// NewTLSConnectorWithPath creates a new TLS connector Function. +// The function will accept the Socket Connection and the PlayerID and upgrade it to a TLS encrypted one. +// Will search for Certificates in the provided folder Path. +// Certificates must be named in the format that MP-SPDZ uses (/C.pem and .key) +func NewTLSConnectorWithPath(folderPath string) func(conn net.Conn, playerID int32) (net.Conn, error) { return func(conn net.Conn, playerID int32) (net.Conn, error) { - tlsConfig, err := getTlsConfig(playerID, folderPath) + tlsConfig, err := getTLSConfig(playerID, folderPath) if err != nil { return nil, err } @@ -27,7 +33,9 @@ func NewTlsConnectorWithPath(folderPath string) func(conn net.Conn, playerID int } } -func getTlsConfig(playerID int32, folder string) (*tls.Config, error) { +// getTLSConfig Loads the TLS Config for the provided PlayerId located in the given folder +// Certificates must be named in the format that MP-SPDZ uses (/C.pem and .key) +func getTLSConfig(playerID int32, folder string) (*tls.Config, error) { certFile := fmt.Sprintf("%s/C%d.pem", folder, playerID) keyFile := fmt.Sprintf("%s/C%d.key", folder, playerID) cert, err := tls.LoadX509KeyPair(certFile, keyFile) diff --git a/pkg/ephemeral/network/tls_connector_test.go b/pkg/ephemeral/network/tls_connector_test.go index 5e0532d3..06198f13 100644 --- a/pkg/ephemeral/network/tls_connector_test.go +++ b/pkg/ephemeral/network/tls_connector_test.go @@ -109,7 +109,7 @@ LO+mQ15hUEpbjrXF3IdY+4MjDqFOETC0KuI72yjUGPZqWe+WAhBcni3VNzs2Ik4= -----END CERTIFICATE-----` ) -var _ = Describe("TlsConnector", func() { +var _ = Describe("TLSConnector", func() { var testDataFolder string var certificateFolder string var playerID = int32(0) @@ -158,7 +158,7 @@ var _ = Describe("TlsConnector", func() { ) BeforeEach(func() { - tlsConnector = NewTlsConnectorWithPath(certificateFolder) + tlsConnector = NewTLSConnectorWithPath(certificateFolder) client, server = net.Pipe() }) @@ -173,8 +173,8 @@ var _ = Describe("TlsConnector", func() { serverConfig := &tls.Config{ Certificates: []tls.Certificate{serverCertificate}, } - serverTlsConnection := tls.Server(server, serverConfig) - go serverTlsConnection.Handshake() + serverTLSConnection := tls.Server(server, serverConfig) + go serverTLSConnection.Handshake() // Act tlsConnection, err := tlsConnector(client, playerID) @@ -182,7 +182,7 @@ var _ = Describe("TlsConnector", func() { go tlsConnection.Write(contentToSend) contentToReceive := make([]byte, 1) - serverTlsConnection.Read(contentToReceive) + serverTLSConnection.Read(contentToReceive) // Assert Expect(err).NotTo(HaveOccurred()) From 05488462790d7aba6939e187434a1fec6e61e1e3 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Thu, 7 Apr 2022 11:02:33 +0200 Subject: [PATCH 07/17] Rename ctx argument Signed-off-by: Timo Klenk --- pkg/ephemeral/fake_spdz_test.go | 4 ++-- pkg/utils/os.go | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/ephemeral/fake_spdz_test.go b/pkg/ephemeral/fake_spdz_test.go index 6763ae4c..678075c9 100644 --- a/pkg/ephemeral/fake_spdz_test.go +++ b/pkg/ephemeral/fake_spdz_test.go @@ -94,14 +94,14 @@ func (f *FakePlayer) PublishEvent(name, topic string, event *pb.Event) { type FakeExecutor struct { } -func (f *FakeExecutor) CallCMD(theContext context.Context, cmd []string, dir string) ([]byte, []byte, error) { +func (f *FakeExecutor) CallCMD(ctx context.Context, cmd []string, dir string) ([]byte, []byte, error) { return []byte{}, []byte{}, nil } type BrokenFakeExecutor struct { } -func (f *BrokenFakeExecutor) CallCMD(theContext context.Context, cmd []string, dir string) ([]byte, []byte, error) { +func (f *BrokenFakeExecutor) CallCMD(ctx context.Context, cmd []string, dir string) ([]byte, []byte, error) { return []byte{}, []byte{}, errors.New("some error") } diff --git a/pkg/utils/os.go b/pkg/utils/os.go index d2d5109d..cf09d7ec 100644 --- a/pkg/utils/os.go +++ b/pkg/utils/os.go @@ -21,7 +21,7 @@ import ( // Executor is an interface for calling a command and process its output. type Executor interface { // CallCMD executes the command and returns the output's STDOUT, STDERR streams as well as any errors - CallCMD(theContext context.Context, cmd []string, dir string) ([]byte, []byte, error) + CallCMD(ctx context.Context, cmd []string, dir string) ([]byte, []byte, error) } var ( @@ -56,10 +56,10 @@ func (c *Commander) Run(cmd string) ([]byte, []byte, error) { // ``` // If the command fails to run or doesn't complete successfully, the error is of type *ExitError. Other error types may be returned for I/O problems. // ``` -func (c *Commander) CallCMD(theContext context.Context, cmd []string, dir string) ([]byte, []byte, error) { +func (c *Commander) CallCMD(ctx context.Context, cmd []string, dir string) ([]byte, []byte, error) { baseCmd := c.Options baseCmd = append(baseCmd, cmd...) - command := exec.CommandContext(theContext, c.Command, baseCmd...) + command := exec.CommandContext(ctx, c.Command, baseCmd...) stderrBuffer := bytes.NewBuffer([]byte{}) stdoutBuffer := bytes.NewBuffer([]byte{}) command.Stderr = stderrBuffer From 13cea49ea431f801cb13dc340247e8cc34fe5c89 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Mon, 11 Apr 2022 13:06:06 +0200 Subject: [PATCH 08/17] Address Code-Review comments Co-authored-by: Joo Co-authored-by: Lila Signed-off-by: Timo Klenk --- pkg/ephemeral/io/carrier.go | 14 ++++++++++++-- pkg/ephemeral/io/carrier_test.go | 18 +++++++++--------- pkg/ephemeral/network/tls_connector.go | 21 +++++++++++---------- pkg/ephemeral/player.go | 1 - pkg/ephemeral/spdz.go | 1 - 5 files changed, 32 insertions(+), 23 deletions(-) diff --git a/pkg/ephemeral/io/carrier.go b/pkg/ephemeral/io/carrier.go index 7dda3c42..9a2492c6 100644 --- a/pkg/ephemeral/io/carrier.go +++ b/pkg/ephemeral/io/carrier.go @@ -60,7 +60,7 @@ func (c *Carrier) Connect(ctx context.Context, playerID int32, host string, port return err } if playerID == 0 { - err = c.readSpec() + err = c.readPrime() if err != nil { return err } @@ -69,7 +69,17 @@ func (c *Carrier) Connect(ctx context.Context, playerID int32, host string, port return nil } -func (c Carrier) readSpec() error { +// readPrime reads the file header from the MP-SPDZ connection +// In MP-SPDZ connection, this will only be used when player0 connects as client to MP-SPDZ +// +// For the header composition, check: +// https://github.com/data61/MP-SPDZ/issues/418#issuecomment-975424591 +// +// It is made up as follows: +// - Careful: The other header parts are not part of this communication, they are only used when reading tuple files +// - length of the prime as 4-byte number little-endian (e.g. 16), +// - prime in big-endian (e.g. 170141183460469231731687303715885907969) +func (c Carrier) readPrime() error { const size = 4 readBytes := make([]byte, size) _, err := io.LimitReader(c.Conn, size).Read(readBytes) diff --git a/pkg/ephemeral/io/carrier_test.go b/pkg/ephemeral/io/carrier_test.go index b38ce256..76ec3333 100644 --- a/pkg/ephemeral/io/carrier_test.go +++ b/pkg/ephemeral/io/carrier_test.go @@ -64,7 +64,7 @@ var _ = Describe("Carrier", func() { connectionOutput []byte //Will contain (length 4 byte, playerID 1 byte) client, server net.Conn dialer func(ctx context.Context, addr, port string) (net.Conn, error) - fakeTlsConnector func(conn net.Conn, playerID int32) (net.Conn, error) + fakeTLSConnector func(conn net.Conn, playerID int32) (net.Conn, error) ) BeforeEach(func() { secret = []amphora.SecretShare{ @@ -76,7 +76,7 @@ var _ = Describe("Carrier", func() { dialer = func(ctx context.Context, addr, port string) (net.Conn, error) { return client, nil } - fakeTlsConnector = func(connection net.Conn, playerID int32) (net.Conn, error) { + fakeTLSConnector = func(connection net.Conn, playerID int32) (net.Conn, error) { return connection, nil } }) @@ -89,7 +89,7 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TLSConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -105,7 +105,7 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TLSConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -122,7 +122,7 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TLSConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -144,7 +144,7 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: &packer, - TLSConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -166,7 +166,7 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: &packer, - TLSConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -181,7 +181,7 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TLSConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -205,7 +205,7 @@ var _ = Describe("Carrier", func() { carrier := Carrier{ Dialer: dialer, Packer: packer, - TLSConnector: fakeTlsConnector, + TLSConnector: fakeTLSConnector, } waitGroup := sync.WaitGroup{} waitGroup.Add(1) diff --git a/pkg/ephemeral/network/tls_connector.go b/pkg/ephemeral/network/tls_connector.go index a3621125..ecf927ef 100644 --- a/pkg/ephemeral/network/tls_connector.go +++ b/pkg/ephemeral/network/tls_connector.go @@ -6,19 +6,19 @@ import ( "net" ) -// NewTLSConnector creates a TLS connector Function in the default Path "Player-Data" +// NewTLSConnector creates a TLS connector function in the default path "Player-Data". // Simply delegates to NewTLSConnectorWithPath func NewTLSConnector() func(conn net.Conn, playerID int32) (net.Conn, error) { return NewTLSConnectorWithPath("Player-Data") } -// NewTLSConnectorWithPath creates a new TLS connector Function. -// The function will accept the Socket Connection and the PlayerID and upgrade it to a TLS encrypted one. -// Will search for Certificates in the provided folder Path. -// Certificates must be named in the format that MP-SPDZ uses (/C.pem and .key) -func NewTLSConnectorWithPath(folderPath string) func(conn net.Conn, playerID int32) (net.Conn, error) { +// NewTLSConnectorWithPath creates a new TLS connector function. +// The function will accept the socket connection and the playerID and upgrade it to a TLS encrypted one. +// Will search for certificates in the provided folder path. +// Certificates must be named in the format that MP-SPDZ uses (/C.pem and .key). +func NewTLSConnectorWithPath(folder string) func(conn net.Conn, playerID int32) (net.Conn, error) { return func(conn net.Conn, playerID int32) (net.Conn, error) { - tlsConfig, err := getTLSConfig(playerID, folderPath) + tlsConfig, err := getTLSConfig(playerID, folder) if err != nil { return nil, err } @@ -33,8 +33,8 @@ func NewTLSConnectorWithPath(folderPath string) func(conn net.Conn, playerID int } } -// getTLSConfig Loads the TLS Config for the provided PlayerId located in the given folder -// Certificates must be named in the format that MP-SPDZ uses (/C.pem and .key) +// getTLSConfig Loads the TLS config for the provided playerID located in the given folder. +// Certificates must be named in the format that MP-SPDZ uses (/C.pem and .key) func getTLSConfig(playerID int32, folder string) (*tls.Config, error) { certFile := fmt.Sprintf("%s/C%d.pem", folder, playerID) keyFile := fmt.Sprintf("%s/C%d.key", folder, playerID) @@ -44,7 +44,8 @@ func getTLSConfig(playerID int32, folder string) (*tls.Config, error) { } tlsConfig := &tls.Config{ - Certificates: []tls.Certificate{cert}, + Certificates: []tls.Certificate{cert}, + // For future improvement, see https://github.com/carbynestack/ephemeral/issues/22 InsecureSkipVerify: true, } return tlsConfig, nil diff --git a/pkg/ephemeral/player.go b/pkg/ephemeral/player.go index 2f755522..d638b9e0 100644 --- a/pkg/ephemeral/player.go +++ b/pkg/ephemeral/player.go @@ -224,5 +224,4 @@ func (c *Callbacker) sendEvent(name, topic string, e interface{}) { } c.pb.PublishWithBody(name, topic, event, c.playerParams.GameID) c.logger.Debugw("Sending event", "event", event, "topic", topic) - c.logger.Debugf("Sending event.name %v to topic %s\n", event.Name, topic) } diff --git a/pkg/ephemeral/spdz.go b/pkg/ephemeral/spdz.go index 4704c486..09b08995 100644 --- a/pkg/ephemeral/spdz.go +++ b/pkg/ephemeral/spdz.go @@ -211,7 +211,6 @@ func (s *SPDZEngine) Compile(ctx *CtxConfig) error { var stdoutSlice []byte var stderrSlice []byte command := fmt.Sprintf("./compile.py -M %s", appName) - // TODO: ctx.context is nil at this time. stdoutSlice, stderrSlice, err = s.cmder.CallCMD(context.TODO(), []string{command}, s.baseDir) stdOut := string(stdoutSlice) stdErr := string(stderrSlice) From b575b1aaee75ee4f3cfafb39703e29b23530d41f Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Mon, 11 Apr 2022 13:11:14 +0200 Subject: [PATCH 09/17] Add license headers to newly created files Co-authored-by: Joo Signed-off-by: Timo Klenk --- pkg/ephemeral/network/tls_connector.go | 6 ++++++ pkg/ephemeral/network/tls_connector_test.go | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/pkg/ephemeral/network/tls_connector.go b/pkg/ephemeral/network/tls_connector.go index ecf927ef..7e48788f 100644 --- a/pkg/ephemeral/network/tls_connector.go +++ b/pkg/ephemeral/network/tls_connector.go @@ -1,3 +1,9 @@ +// +// Copyright (c) 2021 - for information on the respective copyright owner +// see the NOTICE file and/or the repository https://github.com/carbynestack/ephemeral. +// +// SPDX-License-Identifier: Apache-2.0 +// package network import ( diff --git a/pkg/ephemeral/network/tls_connector_test.go b/pkg/ephemeral/network/tls_connector_test.go index 06198f13..b612dba0 100644 --- a/pkg/ephemeral/network/tls_connector_test.go +++ b/pkg/ephemeral/network/tls_connector_test.go @@ -1,3 +1,9 @@ +// +// Copyright (c) 2021 - for information on the respective copyright owner +// see the NOTICE file and/or the repository https://github.com/carbynestack/ephemeral. +// +// SPDX-License-Identifier: Apache-2.0 +// package network import ( From f9340d25b5bb97389acf27b75d23e2fd19ae69cc Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Mon, 11 Apr 2022 14:33:15 +0200 Subject: [PATCH 10/17] Static Code analysis finding tls -> TLS Signed-off-by: Timo Klenk --- pkg/ephemeral/network/tls_connector_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/ephemeral/network/tls_connector_test.go b/pkg/ephemeral/network/tls_connector_test.go index b612dba0..0561dd05 100644 --- a/pkg/ephemeral/network/tls_connector_test.go +++ b/pkg/ephemeral/network/tls_connector_test.go @@ -218,8 +218,8 @@ var _ = Describe("TLSConnector", func() { //No Server Certificates -> Client certificate won't match Certificates: []tls.Certificate{}, } - serverTlsConnection := tls.Server(server, serverConfig) - go serverTlsConnection.Handshake() + serverTLSConnection := tls.Server(server, serverConfig) + go serverTLSConnection.Handshake() // Act tlsConnection, err := tlsConnector(client, playerID) From 2e96ded7baeea0713d61b18c684b335242ce77ad Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Wed, 13 Apr 2022 14:02:34 +0200 Subject: [PATCH 11/17] Replace Test-Certificates with ones that expire on April 10, 2032 Co-authored-by: Lila Signed-off-by: Timo Klenk --- pkg/ephemeral/network/tls_connector_test.go | 171 ++++++++++---------- 1 file changed, 87 insertions(+), 84 deletions(-) diff --git a/pkg/ephemeral/network/tls_connector_test.go b/pkg/ephemeral/network/tls_connector_test.go index 0561dd05..b792a8e0 100644 --- a/pkg/ephemeral/network/tls_connector_test.go +++ b/pkg/ephemeral/network/tls_connector_test.go @@ -18,101 +18,104 @@ import ( const ( keyFileClient = `-----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCvx2eeVDXG5R+l -GlslnYNHlJgmmkLeXn5MT18qTbq3MCpB6o4rd8I2a1D/uFUht13Ourj7zilKz/5W -jcTnoVG7fiCLcBj3tXvCL5ymOGxxmQeN5siJcefpB8kcSB4RkrON9y6HCpZSIOMv -vfSVMrVMrQj/rjqsO2/Vv1A+4nETJm3GqKfwSikhgNsVcqiHYGkg0d1/3zP8CTAQ -+lp92LijeJAMCyNyHm/A+Wya3g8heRbm6lPtZWUcPOfyn3FGQ+Pu9MbBrQcPbXPW -0sjtGoBweNLYYyns3yViSp7gyOnZWaAwnQtA1T7PPNGkOYp5ehI3gA4bhhCWxbkN -ZVy0qajhAgMBAAECggEAJdsJ4706/6SklggBDS7I8Qd9ZQLf18f95y1Iz3GB/qWu -1BdRmublupaOESR/oQ0+dKEd6YzSs7vriHRrrX6+fWSCWcVAe0hoaL+cOuf34tcU -G2lSUtdnHHaCx0Z4w0wWw0IykP6ktPdENinwnJkZFnRFddrt493BDgVvoLtfosHO -Q+CcX6SmjfS3i0GSsDbI1sBAtH9vP+cCJeXWYtVcPRX9zoX3oYY9zBxuuiarcZku -3mcx22WFi4t30o2jCFwshhjY3W5mxZ3icCZ/mO/BS8FOYk4+BJUQtlxhDvJSjg/u -jCmmFi6WwtceKEhSL6IyiRFLzec60ITlR9U9YB/UqQKBgQDl6sMr/++hzQvOv58c -zoOfBKejHao7Bx9MkFLtQ4KXf4Ypc2uZh/XenziBb+tKRJ5mSXV8NLHs/zrdxPeY -ps0AYkWl9xVR1hKYlnQ75DCbs6zkIEKbKZ1xq5X1TfAmIyHmUcttD5BvQLAeQyG3 -+iNo2yFUgg6BywS4E6biL40zkwKBgQDDuF3FW2K5Ms5ntw/o/d55scinx05C74D6 -Oy+HesRs6bg77R07fr9Xqgnawqpn2Jk9TRFL5yVJTEHcXH9xMzHgNQ128SGNnDtC -T5/jfalj92hjdmt/gwdGK6PN+IDgb3h3vMnQZszK4zhXP78nte1QGUx2W7TZ7ZrP -C+iulm3iOwKBgQDbkkQqNRYpM6VfIWlXHXJd3xgpkx8LmFWvzPUlWh/RhxwdYfkU -et+4Z96S3suZ9cZAcU8d+0UgzO7u9DhxNHr7Lt7NDRbzPLottyHyQI6bZBBtHNH/ -VNLjx7ZCutfp1At/5gWcdgy98s0/WWVOSjie3wcJqdso4TX0hfAOetMiuQKBgDri -C+wla1U2kNypObMqNbW9JBY+IzCGJ/KgvdLvv4rY4iG9W68bmeuA78gOCwCFLM1B -k3OXjiM4OxRWC819zoKa03s2XpbhKv7vP7ZMhxrZQ2GxLfRF8nlNBdIg8n0TbFXx -yXHWi8R6iefN+O+0jzoq8lMlkgqCrrGd7pogDd0jAoGBALK43xm6ZIx5f6Ko94Vk -quXurZhmfbwiU52hBOdej6T+w2axs+mne83/HpcnWNtsmQDPN7vsfnKH/Ny4dG87 -G0iQcIEfW6OCGn1N6mr9ch7+2ihszOlKomOBxLurzw3Y7b3z0k9i1+NXeVY9agwF -U5QapxH75EeTq2YKGRjcN100 +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3zPV+S49jvQql +z2PIgJLL1iP9E7VuhA8W6RnFD4DivTBgE71JwktQ2Fm+zSaYnvctNEl5NWYSTktw +Ymx/C2FtPVLU3RWLRvCjut/AXZUJ9J2X7oH8M+LVrkkTI0vHqHqmpQpGk1czuQn3 +7qR73w9/+pc0492saClJMBo0jYvGWhbaH4+YuzwYqz0j5A+RFgkVwsxcsVuHBjEJ +f7k+PZ0t6fOC6cgAvo0BedZzGYBusnxwU9xaN+NkofmFBEU5+X4Y0ZSMRZvi8bzs +YbPJjSLu+S/PRDZvvth/KJqsEBpwbMOBIHGy3ilHNq1HDmxAyrszWLVExWD6uPPv +fbQKx6QxAgMBAAECggEAIUowFKXe3LO6n/mGGySecejhL89IBzJIAWBK2JRMRcT6 +ZAxvNlLIjWYCKzrBCNeR8VANFrUDPcGMjFhnSkNna/+1ZvR8GHPK1fzc1dydR+ZU +PNZoGKPVK9qbRaoY6ZqsTE6MI+g/3RBgq9U/WWg3SHi8tkmnNrjO8YCS3n3cmRod +enw0KfHb8GaOAhXY3mLF7R9Wfqtl84SaqF5YIElvKSHkNUSKM8qSUrJMhMVe61Ih +o9mBNPCqwks8uwr7sYW9oE7Vj62reAzxKb0qnaIOnow9QKyeIXzLnBhYeKnKkfw/ +sn2b02KptYxJ6Do1Ca85JjCWxJaKB/rc9uLIfYEtOQKBgQDe2fzfnuRyEqyB7ShQ +Vwei3GPYuceQ6cjR4QuDLW4Vjorkt/RFLJ8iwFZjZOgw/8QGJ/W/9dyA897IF2ex +G67HGlgrPQIdLsPWZznoSYtkyl1BQHji+To3g34oqso7ihNkXUs2D1TZcuKeYi6F +0fzHtzHfOT3b8VQgu+x4EAtxZwKBgQDTI/GLOPyTtlDkhbb7Tq6XklQ4OB2rEEQY +yRs3Flde2UcL4Lm9I3j1a5ysOl06Mk496DKF2E3CvOTbzR3KwhVrbBxfzyEXqbBa +wF8Kt5eKoMXy2frBid2BFn7/Sj/6VnrOqx2w8RSnbg7L+25jLbWxHU5IdDr8l8J9 +2EIY0a3GpwKBgQDA19JDkLQPIqm1JQyluSoafKzKdrmDZUsqk5vqv/1rGhaHJchz +s9FhuR8Ik+F5xVpUGXBH1PIjhOVcMSTB1jrAgMObZwfVSQqfFmS95iaB6bwZIzl4 +8EK4l0ks195491sglrrm5Q1/vjLs6/lmQ/iCuryldltZYNR0HyraGshMMQKBgBoV +NqGcSJd2zkdsvU4OSkMvMHhBdmjLeZ4WOeZ0PBbbgItXF5rl5utqf9BG5X1q+X9s +T9F5ByInc54zmJqTn1HF6TtsuwnRTJfpa9RHGdFmSw3VH8UI4vQvc0DWS1EBneop ++WECZyrHzcwlI13dJ7TZifIpaaAKn1wsev3V6UHBAoGAcqkpuxh3Wc8NMVVpSwi1 +UYUrhvw5SwbQBW4zuJ1TCmdBTInWIzs6g8OLivKsb7//mnREnzXbMU77dGVAPvtD +7LVVf8g2pQo9Mc6pQ+jSe8XP4myxZs6zyYv/GKSufhVj1HHVEsmTR5z7h4uxJQ43 +BCdfT4PYg8e49YT++3T+2bk= -----END PRIVATE KEY----- ` + pemFileClient = `-----BEGIN CERTIFICATE----- -MIIC+zCCAeOgAwIBAgIUWOrYZliAZd4NDKJBNkYsOqSCj5owDQYJKoZIhvcNAQEL -BQAwDTELMAkGA1UEAwwCQzAwHhcNMjIwMTI2MTI0NjQ5WhcNMjIwMjI1MTI0NjQ5 +MIIC+zCCAeOgAwIBAgIUdBsxMVKucoi0AcgnSQ6NfJ6Rak4wDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCQzAwHhcNMjIwNDEzMTE1OTAzWhcNMzIwNDEwMTE1OTAz WjANMQswCQYDVQQDDAJDMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AK/HZ55UNcblH6UaWyWdg0eUmCaaQt5efkxPXypNurcwKkHqjit3wjZrUP+4VSG3 -Xc66uPvOKUrP/laNxOehUbt+IItwGPe1e8IvnKY4bHGZB43myIlx5+kHyRxIHhGS -s433LocKllIg4y+99JUytUytCP+uOqw7b9W/UD7icRMmbcaop/BKKSGA2xVyqIdg -aSDR3X/fM/wJMBD6Wn3YuKN4kAwLI3Ieb8D5bJreDyF5FubqU+1lZRw85/KfcUZD -4+70xsGtBw9tc9bSyO0agHB40thjKezfJWJKnuDI6dlZoDCdC0DVPs880aQ5inl6 -EjeADhuGEJbFuQ1lXLSpqOECAwEAAaNTMFEwHQYDVR0OBBYEFCXac7qi2TG+j/CQ -fVyvM6W3JfONMB8GA1UdIwQYMBaAFCXac7qi2TG+j/CQfVyvM6W3JfONMA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE0xk3rMO3xmpq1mwWGGQ/B2 -J9Xlqf5qwr63MNz6aIcKrlyk2+OLLaDm8RrF7wFNQ+uvMKKg6bLF7jW7MAX9WMO7 -giiT5ySjxddDT0cbSA3HcG3Ria9P6c02VZVt057M1FzXweR/FiJA1Tocn43lXrBT -n2sAiRtO4sxbfhUdIJI1Vh7UUhyAJLe3lVcG/AMMmPG/IedguhMbdalm5/gEaIIc -LjHyQLPWzHQTiUvj+AjpTmCN+3ZbBS/8r4g7XJ7/zvawXxi1Lk9fvSGWGkQLwHJ0 -DupEw8GWmc9H0cyY93qtEqKLQPvEDDdvhPoENcf/P6/BD1Z8lMmSMvZ+s6M7VfQ= +ALfM9X5Lj2O9CqXPY8iAksvWI/0TtW6EDxbpGcUPgOK9MGATvUnCS1DYWb7NJpie +9y00SXk1ZhJOS3BibH8LYW09UtTdFYtG8KO638BdlQn0nZfugfwz4tWuSRMjS8eo +eqalCkaTVzO5CffupHvfD3/6lzTj3axoKUkwGjSNi8ZaFtofj5i7PBirPSPkD5EW +CRXCzFyxW4cGMQl/uT49nS3p84LpyAC+jQF51nMZgG6yfHBT3Fo342Sh+YUERTn5 +fhjRlIxFm+LxvOxhs8mNIu75L89ENm++2H8omqwQGnBsw4EgcbLeKUc2rUcObEDK +uzNYtUTFYPq48+99tArHpDECAwEAAaNTMFEwHQYDVR0OBBYEFDy1mR2JzTRo+F5u +DYYw4cNPpEIPMB8GA1UdIwQYMBaAFDy1mR2JzTRo+F5uDYYw4cNPpEIPMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFN1k5YdRHIFbHJSXy+deFxb +chW72ncyv/04YLMwL8oF/YWjxTzp2/g5rFxxM0hD5Z3oP6eQ2XS2FLVxbjXXBrlu +WcLfQZek1Z5QA0KIFPuI7fk30dxfP0BhdeuYue5WIPw16UWv94cSMdMOpz/fs/lD +5wtSAo1OVjSUJCuOXj4k92hJd2tbsxoK1wQgGggBmN3dHqoi86BBtXITIPwUuow/ +jcrFmLQ3fEvorWsv2idztv7vXvnmRZSxN+tMsB662gvbgXutkj7pXGGpwQJnS/zn +XredMwJy4AeFFPw0A2nkntEw5Y6FXd1LYNmHUfJ9nyrXe4mjOuLKKf1Kh1Iydxg= -----END CERTIFICATE----- ` keyFileServer = `-----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwdCqmEjiMVBPK -m31IG+I+xwgX+EnEpnrBnlOa0WhFzaMrwqXpijgMA+dLNR8a1zpyhglWBsqm8dpN -7tEV19piizOmxZtZee7h1Hdso/+4U106NqzX5HKwuqZVSOjVN29SFKq0sNricIX1 -HabE5LYyBQJtzMzxAZwclb+e7uGBfHJDsOk3hOhs3bkJyV3eRa0uHH2Bu4CPH6L9 -bcisFCmHiykZeZaY+BpRkS0c5+h7umLrKSGUe37/vf9UY9niLDUNolHePS/iQnmb -Hv1l/mDl2LvNy5OSCSvOE6L0GMCUDnYmYf6F999LLdQgC7gcZCp3rujZ4MYUsqR2 -Nqp46LdbAgMBAAECggEBAJ6ViM8AiTn1RmRNImdwSAHLtwZz6ziFtsXUmacGlQRH -MGLf6WTfCEgkKfd5op7o2Gqc9D8Qk4k+y8hG3jsXZ/owyRcVee0MnRjxbvOA4Q60 -PZFYGjdd5YXX+i2j/T3DOJU4ZcNHPzFLl9kX8Q37z5Nc1TYBXh8sJzW5kCIy5xEL -XAKNcwGTZF1ml3jkWkFl3LukS3DP8fF1qDvD987YGuc9oVliYW1F0oKL9VGyS7nB -BtQWslFdP8MbPXG1hjkFydCBiE4teqrFen6hvLdIQk7XJ88Q9UmBoOPJr6+gHuDf -vk33nVGpBVQ1UHFPnDzZyQKtlDBVEUJ8XhqzEkm4asECgYEA5sTgxJt/nJCL9Lh1 -61jFbVD21SVFEv7IWIV6YjBxzJhzGVJa6ZhrOnRTrkTAkraJ1wUd9FyIdEsL/Nvy -/z8hOAXbty1zXdpOo/BV0J6zRwJ0Cj8WVTeCUr5KGgw/pzbQdltJ+1J8jnAGbZjN -Ri/QUdryqZTQz3rD8sDVDFvLojMCgYEAw78HQ+y/gL5Z/IJww0lUYHjqcm1G5taY -3Ht6qRvkqdCmW8qC2wpKFKl9lCJfo+H1jidjhM5RTPFSlCxiWtxLAamMvfv0f3d6 -q5gPjcjak275bnmU1e0blkLEdeXQljRXH+oDmur95udzh0DrdTDJ/lqbf3uui8Uc -VApAcSbR/jkCgYAWUT/zg55Jw+jlF9m/kuw08DmOz3Xoql8xwGbfjBPVV4D6F+7W -3HiyRIG7Psbo6WJXOxV0hmZj6MYWBCdx6+cIhfiDtI+Nqgkk7Z8+97oaye/y9brx -LtcZrXF5J2oYf8KVT6rN9WI6XDci7j4b5Y/d+rCxGcU/6317wo5YDaCZ5QKBgET3 -4qRxHwxKhUQt5XM5PAx9rgVBMXEV/Wf57b71v/yBMow27yIkHvPmwANYlSAV9kHu -6OabFxQoFvN0K/ddlOPyDE/IHV5oB4W8HwbS1QiLWkEtf15cm5K21afAoFy79lKd -TkXgNDOOKytlmVCCLzl6TT1+o4JFofSOZCQ6DFUpAoGAAQdaCjX5UCeWb5e/Vbiu -SQL1RKIHkgm6gj1UjlQ981r6y+hVkBygtIr/eW0wSkFAkUrOdefHNVOQW18ESF06 -YqBL4gD7aEij9kGd0PrievimgcYYaBHOcO1RouQOURTMmWqjIPu1fyWDv+rFk+S5 -2uCuYndpzOgCiEhjDGCuSug= ------END PRIVATE KEY-----` +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDIQG38Cnp2zMkS +mnUbQiXxRCl0QGbFU76k2dVS00QS/MSAQchnleZoISD2NoxnXQa2zgqY9FprYM2R +pSMI2pAicSyH661cXpGL29j2oU0Ue3zWtPYxf8CXhhOvHd7cOBFInGZcMhv2W7ZU +EhlwHw8Znvg1KSKyQ85IgtOjbAP40HrACJskAd6kGAHZJUVqqPn38qpi1bO7l2fr +W2h9AAsh8A3lLdn1Mod2yCTvN3GJUjROWCnGYrEs//o+j0Ia0KzMtWb9kxLylMgk +HxLUr50Vs5fQ8PO83waTHljqI3ItlecX7W2fLQHwTkhRMmSVw5SyDOJHFpmtWD8p +J/SR+vK7AgMBAAECggEBAJPLQaFgVmwxzkElsEKS+o/rn7DGC1Od8DmY8CG1/SsK +VTjX1EHnV2sI8FvnfI6ZEOiAfz/OMKHJi07wE0BolzJkVtpmLcfboA4aDzJPcCUq +0sNgQcfcotbyRLrdD+t2kgMGM2HeNdcIbzPzO8UNl0Zwln4dwxbQhoHr1Klrgi7y +2TNnecPg6xnIkXjvXZIiUErr0Bo9amqnmzl57oDu4Zs8xNqcwd8PwX62JsVl3Ar9 +eML3PSgUuY6BuMCv9PKVLDRSrAKSI2jAb5YT1tw6NrOQfNrL5TSbYV52aCBjsDF+ +V7Hcv2c3fmsW28gRVNij+DdNoW3tR6/DSWkpZ8ypNqkCgYEA5iW8rKjehvlaUGlO +SUYmVDI0kLze/LQnEMR4E02hkSKX0keEgw8EcMsOzCZXchU6vZKAdw6zZ+kO9/jc +mOMwcKLShH5FiU3SzUpYr/SX+Ru95+ZB8ACqIrzgMyJUIEf93ezCA/akf3vjQbnz +zajxqcXY9yPDz9GWtjpSYsF99tcCgYEA3r7+AyhSBhEHRoHC9HMjdQE3Kf87Z5zO +ydEPx87/nm/KTKwLLT85uWFRCsYAxzbxZ9vuj8uBnNG1cwkDklWWQm7KuNkg/q+M +3cvwDjlz90CH5kwTMEEXXMkHOQElZCEJvfWEA/iNpTgUl5wU1L5LFpicj5J/OOnu +CjK6svOJOr0CgYEA1uR7lFglV7AyZQy+vWpT1Z//Nvoz1487PsvENnnxFzxOuFhw +4ZK/GbZwPay7T9mEvIezjfdbCvYxNNbY26SekT1nBbGFqhvRbkAyKTFgSYhevM5h +2QA13DOxv+0Y0f+GipZL3jmJBUQfQTqo6+oIo/YJjVGGv2A6sjIoxO9Yd4cCgYA1 +uX1Mx6nY+rx1fhDGowq3St7CS2RJnmGl/b2/pKa00SPLEGf1tt02YEmKvq0rX44k +TcChgCU37MDGCTOKVQhT56MPqJcztqXUTT8OPz9AMJlWq5ypM9ntsDMExcj9+JX/ +8jqwNn/7jKYy1xuTIH696XtBicUTtiCK5yduyByeRQKBgQCGxnyeMQVraJrj1MMe +px2HHPnZ3intEjCbFXRRSNLbnUH2BkN0iBqAlg17ODwZKRe3RzIt33ily0XLX9eO +nMTahi3D1qvE4mA0fCUIZ1MeCErfVfpkpw6WAGbW/k9dSSPUXvw/8y/k1n+LG4NH +ATB42I5DxjquYktYfgOqMrfe9A== +-----END PRIVATE KEY----- +` pemFileServer = `-----BEGIN CERTIFICATE----- -MIIC+zCCAeOgAwIBAgIUNI9WRun2Y+ICmpzjYRpVcJ/BBE4wDQYJKoZIhvcNAQEL -BQAwDTELMAkGA1UEAwwCUDAwHhcNMjIwMTI2MTI0NjQ5WhcNMjIwMjI1MTI0NjQ5 +MIIC+zCCAeOgAwIBAgIUZnenCFm9buzi9J+xE0Z/8hAP6j0wDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCUDAwHhcNMjIwNDEzMTE1NzI2WhcNMzIwNDEwMTE1NzI2 WjANMQswCQYDVQQDDAJQMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALB0KqYSOIxUE8qbfUgb4j7HCBf4ScSmesGeU5rRaEXNoyvCpemKOAwD50s1HxrX -OnKGCVYGyqbx2k3u0RXX2mKLM6bFm1l57uHUd2yj/7hTXTo2rNfkcrC6plVI6NU3 -b1IUqrSw2uJwhfUdpsTktjIFAm3MzPEBnByVv57u4YF8ckOw6TeE6GzduQnJXd5F -rS4cfYG7gI8fov1tyKwUKYeLKRl5lpj4GlGRLRzn6Hu6YuspIZR7fv+9/1Rj2eIs -NQ2iUd49L+JCeZse/WX+YOXYu83Lk5IJK84TovQYwJQOdiZh/oX330st1CALuBxk -Kneu6NngxhSypHY2qnjot1sCAwEAAaNTMFEwHQYDVR0OBBYEFDjtm5a7RbAFeYuQ -QfFYci+eTOeXMB8GA1UdIwQYMBaAFDjtm5a7RbAFeYuQQfFYci+eTOeXMA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGo1n03gEYMsBLLaOcY7dDwn -behhLE7UP3eWRw2gpmbKfilk+dljYWsOdiQeXktE/LxyFiuBNwefI7JrypFifzio -udqYyQAJ2pvMogij+TPajaDhJxmMWqRizcAo/6cXekSCufnRbbTBENUG2ZNHRuyn -zsYFZtpxDO9LF0uutE2P6NJQpKKrCo/NGMV4AF0vy1tKp6h2fBU3K9Yn+1RihIyS -Y+sLoNiorJloqZ8qn2cULbax/xi/IcccdRJfoIjmIuSl9wUwl+lkeGB9Rlwm5iFJ -LO+mQ15hUEpbjrXF3IdY+4MjDqFOETC0KuI72yjUGPZqWe+WAhBcni3VNzs2Ik4= ------END CERTIFICATE-----` +AMhAbfwKenbMyRKadRtCJfFEKXRAZsVTvqTZ1VLTRBL8xIBByGeV5mghIPY2jGdd +BrbOCpj0WmtgzZGlIwjakCJxLIfrrVxekYvb2PahTRR7fNa09jF/wJeGE68d3tw4 +EUicZlwyG/ZbtlQSGXAfDxme+DUpIrJDzkiC06NsA/jQesAImyQB3qQYAdklRWqo ++ffyqmLVs7uXZ+tbaH0ACyHwDeUt2fUyh3bIJO83cYlSNE5YKcZisSz/+j6PQhrQ +rMy1Zv2TEvKUyCQfEtSvnRWzl9Dw87zfBpMeWOojci2V5xftbZ8tAfBOSFEyZJXD +lLIM4kcWma1YPykn9JH68rsCAwEAAaNTMFEwHQYDVR0OBBYEFFjYZyR+nDmEaUIC +wqZRo2M+/aO4MB8GA1UdIwQYMBaAFFjYZyR+nDmEaUICwqZRo2M+/aO4MA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHXEnPbWUxzGSJfCC5R2Sjgd +wOB8op5RKqJcarpgg7dfipcwihLPcBitSuVMUKIzsCGlPJk3wRMPz6N0WCEgBFKS +FyPUh+I0ptkXbilmpfTsmbnkb5YbG8BrNLiyWwRKltQbYPQlCdEU50FUigMJy/6T +BWdj1UqyuxVLMcsPQVf8J2/BSmd7I1Xn4+rNGlw3Wg+F5sZ/ETVWNxbU3t9C0M7V +yZchSo1aNHWYFkxsKJVIhSTWwdIzRoaMmdIq0TJ3NCz/pu42tBPqv1DVN9dQkvUP +guY82ncsl79+Nh3HqoE6Tr6tIpuwpuFIjAlsGJrOFQJrx6JrzgQHf+Fcxe3VBEQ= +-----END CERTIFICATE----- +` ) var _ = Describe("TLSConnector", func() { From 98dae410f2e2de76b3e93b28adb6208418734bb5 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Wed, 4 May 2022 15:30:01 +0200 Subject: [PATCH 12/17] Update base-image to use new MP-SPDZ version Signed-off-by: Timo Klenk --- .ko.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ko.yaml b/.ko.yaml index 6ca5987e..442cd749 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -9,4 +9,4 @@ # github.com/carbynestack/ephemeral/cmd/ephemeral: ghcr.io/carbynestack/ephemeral-spdz-base-image:cleared-20210827 defaultBaseImage: ghcr.io/carbynestack/ubuntu:20.04-20210827-nonroot baseImageOverrides: - github.com/carbynestack/ephemeral/cmd/ephemeral: ghcr.io/carbynestack/spdz:20210827 + github.com/carbynestack/ephemeral/cmd/ephemeral: ghcr.io/carbynestack/spdz:v0.2.8 From a99419f7ecdc3a31157ad7dfa4d8b79cfc5f1e62 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Thu, 5 May 2022 11:02:34 +0200 Subject: [PATCH 13/17] Remove TLS Upgrade for Connection to MP-SPDZ Careful: Requires an MP-SPDZ image that was built with `NO_CLIENT_TLS` Signed-off-by: Timo Klenk --- pkg/ephemeral/io/carrier.go | 14 +- pkg/ephemeral/io/feeder.go | 1 - pkg/ephemeral/network/tls_connector.go | 58 ----- pkg/ephemeral/network/tls_connector_test.go | 237 -------------------- 4 files changed, 5 insertions(+), 305 deletions(-) delete mode 100644 pkg/ephemeral/network/tls_connector.go delete mode 100644 pkg/ephemeral/network/tls_connector_test.go diff --git a/pkg/ephemeral/io/carrier.go b/pkg/ephemeral/io/carrier.go index 9a2492c6..e7a880d5 100644 --- a/pkg/ephemeral/io/carrier.go +++ b/pkg/ephemeral/io/carrier.go @@ -32,11 +32,10 @@ type AbstractCarrier interface { // Carrier is a TCP client for TCP sockets. type Carrier struct { - Dialer func(ctx context.Context, addr, port string) (net.Conn, error) - TLSConnector func(conn net.Conn, playerID int32) (net.Conn, error) - Conn net.Conn - Packer Packer - connected bool + Dialer func(ctx context.Context, addr, port string) (net.Conn, error) + Conn net.Conn + Packer Packer + connected bool } // Config contains TCP connection properties of Carrier. @@ -48,6 +47,7 @@ type Config struct { // Connect establishes a TCP connection to a socket on a given host and port. func (c *Carrier) Connect(ctx context.Context, playerID int32, host string, port string) error { conn, err := c.Dialer(ctx, host, port) + c.Conn = conn if err != nil { return err } @@ -55,10 +55,6 @@ func (c *Carrier) Connect(ctx context.Context, playerID int32, host string, port if err != nil { return err } - c.Conn, err = c.TLSConnector(conn, playerID) - if err != nil { - return err - } if playerID == 0 { err = c.readPrime() if err != nil { diff --git a/pkg/ephemeral/io/feeder.go b/pkg/ephemeral/io/feeder.go index 23a4671e..45c90f18 100644 --- a/pkg/ephemeral/io/feeder.go +++ b/pkg/ephemeral/io/feeder.go @@ -35,7 +35,6 @@ func NewAmphoraFeeder(l *zap.SugaredLogger, conf *SPDZEngineTypedConfig) *Amphor Packer: &SPDZPacker{ MaxBulkSize: conf.MaxBulkSize, }, - TLSConnector: network.NewTLSConnector(), } return &AmphoraFeeder{ logger: l, diff --git a/pkg/ephemeral/network/tls_connector.go b/pkg/ephemeral/network/tls_connector.go deleted file mode 100644 index 7e48788f..00000000 --- a/pkg/ephemeral/network/tls_connector.go +++ /dev/null @@ -1,58 +0,0 @@ -// -// Copyright (c) 2021 - for information on the respective copyright owner -// see the NOTICE file and/or the repository https://github.com/carbynestack/ephemeral. -// -// SPDX-License-Identifier: Apache-2.0 -// -package network - -import ( - "crypto/tls" - "fmt" - "net" -) - -// NewTLSConnector creates a TLS connector function in the default path "Player-Data". -// Simply delegates to NewTLSConnectorWithPath -func NewTLSConnector() func(conn net.Conn, playerID int32) (net.Conn, error) { - return NewTLSConnectorWithPath("Player-Data") -} - -// NewTLSConnectorWithPath creates a new TLS connector function. -// The function will accept the socket connection and the playerID and upgrade it to a TLS encrypted one. -// Will search for certificates in the provided folder path. -// Certificates must be named in the format that MP-SPDZ uses (/C.pem and .key). -func NewTLSConnectorWithPath(folder string) func(conn net.Conn, playerID int32) (net.Conn, error) { - return func(conn net.Conn, playerID int32) (net.Conn, error) { - tlsConfig, err := getTLSConfig(playerID, folder) - if err != nil { - return nil, err - } - - tlsClient := tls.Client(conn, tlsConfig) - err = tlsClient.Handshake() - if err != nil { - return nil, err - } - - return net.Conn(tlsClient), nil - } -} - -// getTLSConfig Loads the TLS config for the provided playerID located in the given folder. -// Certificates must be named in the format that MP-SPDZ uses (/C.pem and .key) -func getTLSConfig(playerID int32, folder string) (*tls.Config, error) { - certFile := fmt.Sprintf("%s/C%d.pem", folder, playerID) - keyFile := fmt.Sprintf("%s/C%d.key", folder, playerID) - cert, err := tls.LoadX509KeyPair(certFile, keyFile) - if err != nil { - return nil, err - } - - tlsConfig := &tls.Config{ - Certificates: []tls.Certificate{cert}, - // For future improvement, see https://github.com/carbynestack/ephemeral/issues/22 - InsecureSkipVerify: true, - } - return tlsConfig, nil -} diff --git a/pkg/ephemeral/network/tls_connector_test.go b/pkg/ephemeral/network/tls_connector_test.go deleted file mode 100644 index b792a8e0..00000000 --- a/pkg/ephemeral/network/tls_connector_test.go +++ /dev/null @@ -1,237 +0,0 @@ -// -// Copyright (c) 2021 - for information on the respective copyright owner -// see the NOTICE file and/or the repository https://github.com/carbynestack/ephemeral. -// -// SPDX-License-Identifier: Apache-2.0 -// -package network - -import ( - "crypto/tls" - "fmt" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "io/ioutil" - "net" - "os" -) - -const ( - keyFileClient = `-----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3zPV+S49jvQql -z2PIgJLL1iP9E7VuhA8W6RnFD4DivTBgE71JwktQ2Fm+zSaYnvctNEl5NWYSTktw -Ymx/C2FtPVLU3RWLRvCjut/AXZUJ9J2X7oH8M+LVrkkTI0vHqHqmpQpGk1czuQn3 -7qR73w9/+pc0492saClJMBo0jYvGWhbaH4+YuzwYqz0j5A+RFgkVwsxcsVuHBjEJ -f7k+PZ0t6fOC6cgAvo0BedZzGYBusnxwU9xaN+NkofmFBEU5+X4Y0ZSMRZvi8bzs -YbPJjSLu+S/PRDZvvth/KJqsEBpwbMOBIHGy3ilHNq1HDmxAyrszWLVExWD6uPPv -fbQKx6QxAgMBAAECggEAIUowFKXe3LO6n/mGGySecejhL89IBzJIAWBK2JRMRcT6 -ZAxvNlLIjWYCKzrBCNeR8VANFrUDPcGMjFhnSkNna/+1ZvR8GHPK1fzc1dydR+ZU -PNZoGKPVK9qbRaoY6ZqsTE6MI+g/3RBgq9U/WWg3SHi8tkmnNrjO8YCS3n3cmRod -enw0KfHb8GaOAhXY3mLF7R9Wfqtl84SaqF5YIElvKSHkNUSKM8qSUrJMhMVe61Ih -o9mBNPCqwks8uwr7sYW9oE7Vj62reAzxKb0qnaIOnow9QKyeIXzLnBhYeKnKkfw/ -sn2b02KptYxJ6Do1Ca85JjCWxJaKB/rc9uLIfYEtOQKBgQDe2fzfnuRyEqyB7ShQ -Vwei3GPYuceQ6cjR4QuDLW4Vjorkt/RFLJ8iwFZjZOgw/8QGJ/W/9dyA897IF2ex -G67HGlgrPQIdLsPWZznoSYtkyl1BQHji+To3g34oqso7ihNkXUs2D1TZcuKeYi6F -0fzHtzHfOT3b8VQgu+x4EAtxZwKBgQDTI/GLOPyTtlDkhbb7Tq6XklQ4OB2rEEQY -yRs3Flde2UcL4Lm9I3j1a5ysOl06Mk496DKF2E3CvOTbzR3KwhVrbBxfzyEXqbBa -wF8Kt5eKoMXy2frBid2BFn7/Sj/6VnrOqx2w8RSnbg7L+25jLbWxHU5IdDr8l8J9 -2EIY0a3GpwKBgQDA19JDkLQPIqm1JQyluSoafKzKdrmDZUsqk5vqv/1rGhaHJchz -s9FhuR8Ik+F5xVpUGXBH1PIjhOVcMSTB1jrAgMObZwfVSQqfFmS95iaB6bwZIzl4 -8EK4l0ks195491sglrrm5Q1/vjLs6/lmQ/iCuryldltZYNR0HyraGshMMQKBgBoV -NqGcSJd2zkdsvU4OSkMvMHhBdmjLeZ4WOeZ0PBbbgItXF5rl5utqf9BG5X1q+X9s -T9F5ByInc54zmJqTn1HF6TtsuwnRTJfpa9RHGdFmSw3VH8UI4vQvc0DWS1EBneop -+WECZyrHzcwlI13dJ7TZifIpaaAKn1wsev3V6UHBAoGAcqkpuxh3Wc8NMVVpSwi1 -UYUrhvw5SwbQBW4zuJ1TCmdBTInWIzs6g8OLivKsb7//mnREnzXbMU77dGVAPvtD -7LVVf8g2pQo9Mc6pQ+jSe8XP4myxZs6zyYv/GKSufhVj1HHVEsmTR5z7h4uxJQ43 -BCdfT4PYg8e49YT++3T+2bk= ------END PRIVATE KEY----- -` - - pemFileClient = `-----BEGIN CERTIFICATE----- -MIIC+zCCAeOgAwIBAgIUdBsxMVKucoi0AcgnSQ6NfJ6Rak4wDQYJKoZIhvcNAQEL -BQAwDTELMAkGA1UEAwwCQzAwHhcNMjIwNDEzMTE1OTAzWhcNMzIwNDEwMTE1OTAz -WjANMQswCQYDVQQDDAJDMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALfM9X5Lj2O9CqXPY8iAksvWI/0TtW6EDxbpGcUPgOK9MGATvUnCS1DYWb7NJpie -9y00SXk1ZhJOS3BibH8LYW09UtTdFYtG8KO638BdlQn0nZfugfwz4tWuSRMjS8eo -eqalCkaTVzO5CffupHvfD3/6lzTj3axoKUkwGjSNi8ZaFtofj5i7PBirPSPkD5EW -CRXCzFyxW4cGMQl/uT49nS3p84LpyAC+jQF51nMZgG6yfHBT3Fo342Sh+YUERTn5 -fhjRlIxFm+LxvOxhs8mNIu75L89ENm++2H8omqwQGnBsw4EgcbLeKUc2rUcObEDK -uzNYtUTFYPq48+99tArHpDECAwEAAaNTMFEwHQYDVR0OBBYEFDy1mR2JzTRo+F5u -DYYw4cNPpEIPMB8GA1UdIwQYMBaAFDy1mR2JzTRo+F5uDYYw4cNPpEIPMA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFN1k5YdRHIFbHJSXy+deFxb -chW72ncyv/04YLMwL8oF/YWjxTzp2/g5rFxxM0hD5Z3oP6eQ2XS2FLVxbjXXBrlu -WcLfQZek1Z5QA0KIFPuI7fk30dxfP0BhdeuYue5WIPw16UWv94cSMdMOpz/fs/lD -5wtSAo1OVjSUJCuOXj4k92hJd2tbsxoK1wQgGggBmN3dHqoi86BBtXITIPwUuow/ -jcrFmLQ3fEvorWsv2idztv7vXvnmRZSxN+tMsB662gvbgXutkj7pXGGpwQJnS/zn -XredMwJy4AeFFPw0A2nkntEw5Y6FXd1LYNmHUfJ9nyrXe4mjOuLKKf1Kh1Iydxg= ------END CERTIFICATE----- -` - - keyFileServer = `-----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDIQG38Cnp2zMkS -mnUbQiXxRCl0QGbFU76k2dVS00QS/MSAQchnleZoISD2NoxnXQa2zgqY9FprYM2R -pSMI2pAicSyH661cXpGL29j2oU0Ue3zWtPYxf8CXhhOvHd7cOBFInGZcMhv2W7ZU -EhlwHw8Znvg1KSKyQ85IgtOjbAP40HrACJskAd6kGAHZJUVqqPn38qpi1bO7l2fr -W2h9AAsh8A3lLdn1Mod2yCTvN3GJUjROWCnGYrEs//o+j0Ia0KzMtWb9kxLylMgk -HxLUr50Vs5fQ8PO83waTHljqI3ItlecX7W2fLQHwTkhRMmSVw5SyDOJHFpmtWD8p -J/SR+vK7AgMBAAECggEBAJPLQaFgVmwxzkElsEKS+o/rn7DGC1Od8DmY8CG1/SsK -VTjX1EHnV2sI8FvnfI6ZEOiAfz/OMKHJi07wE0BolzJkVtpmLcfboA4aDzJPcCUq -0sNgQcfcotbyRLrdD+t2kgMGM2HeNdcIbzPzO8UNl0Zwln4dwxbQhoHr1Klrgi7y -2TNnecPg6xnIkXjvXZIiUErr0Bo9amqnmzl57oDu4Zs8xNqcwd8PwX62JsVl3Ar9 -eML3PSgUuY6BuMCv9PKVLDRSrAKSI2jAb5YT1tw6NrOQfNrL5TSbYV52aCBjsDF+ -V7Hcv2c3fmsW28gRVNij+DdNoW3tR6/DSWkpZ8ypNqkCgYEA5iW8rKjehvlaUGlO -SUYmVDI0kLze/LQnEMR4E02hkSKX0keEgw8EcMsOzCZXchU6vZKAdw6zZ+kO9/jc -mOMwcKLShH5FiU3SzUpYr/SX+Ru95+ZB8ACqIrzgMyJUIEf93ezCA/akf3vjQbnz -zajxqcXY9yPDz9GWtjpSYsF99tcCgYEA3r7+AyhSBhEHRoHC9HMjdQE3Kf87Z5zO -ydEPx87/nm/KTKwLLT85uWFRCsYAxzbxZ9vuj8uBnNG1cwkDklWWQm7KuNkg/q+M -3cvwDjlz90CH5kwTMEEXXMkHOQElZCEJvfWEA/iNpTgUl5wU1L5LFpicj5J/OOnu -CjK6svOJOr0CgYEA1uR7lFglV7AyZQy+vWpT1Z//Nvoz1487PsvENnnxFzxOuFhw -4ZK/GbZwPay7T9mEvIezjfdbCvYxNNbY26SekT1nBbGFqhvRbkAyKTFgSYhevM5h -2QA13DOxv+0Y0f+GipZL3jmJBUQfQTqo6+oIo/YJjVGGv2A6sjIoxO9Yd4cCgYA1 -uX1Mx6nY+rx1fhDGowq3St7CS2RJnmGl/b2/pKa00SPLEGf1tt02YEmKvq0rX44k -TcChgCU37MDGCTOKVQhT56MPqJcztqXUTT8OPz9AMJlWq5ypM9ntsDMExcj9+JX/ -8jqwNn/7jKYy1xuTIH696XtBicUTtiCK5yduyByeRQKBgQCGxnyeMQVraJrj1MMe -px2HHPnZ3intEjCbFXRRSNLbnUH2BkN0iBqAlg17ODwZKRe3RzIt33ily0XLX9eO -nMTahi3D1qvE4mA0fCUIZ1MeCErfVfpkpw6WAGbW/k9dSSPUXvw/8y/k1n+LG4NH -ATB42I5DxjquYktYfgOqMrfe9A== ------END PRIVATE KEY----- -` - - pemFileServer = `-----BEGIN CERTIFICATE----- -MIIC+zCCAeOgAwIBAgIUZnenCFm9buzi9J+xE0Z/8hAP6j0wDQYJKoZIhvcNAQEL -BQAwDTELMAkGA1UEAwwCUDAwHhcNMjIwNDEzMTE1NzI2WhcNMzIwNDEwMTE1NzI2 -WjANMQswCQYDVQQDDAJQMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMhAbfwKenbMyRKadRtCJfFEKXRAZsVTvqTZ1VLTRBL8xIBByGeV5mghIPY2jGdd -BrbOCpj0WmtgzZGlIwjakCJxLIfrrVxekYvb2PahTRR7fNa09jF/wJeGE68d3tw4 -EUicZlwyG/ZbtlQSGXAfDxme+DUpIrJDzkiC06NsA/jQesAImyQB3qQYAdklRWqo -+ffyqmLVs7uXZ+tbaH0ACyHwDeUt2fUyh3bIJO83cYlSNE5YKcZisSz/+j6PQhrQ -rMy1Zv2TEvKUyCQfEtSvnRWzl9Dw87zfBpMeWOojci2V5xftbZ8tAfBOSFEyZJXD -lLIM4kcWma1YPykn9JH68rsCAwEAAaNTMFEwHQYDVR0OBBYEFFjYZyR+nDmEaUIC -wqZRo2M+/aO4MB8GA1UdIwQYMBaAFFjYZyR+nDmEaUICwqZRo2M+/aO4MA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHXEnPbWUxzGSJfCC5R2Sjgd -wOB8op5RKqJcarpgg7dfipcwihLPcBitSuVMUKIzsCGlPJk3wRMPz6N0WCEgBFKS -FyPUh+I0ptkXbilmpfTsmbnkb5YbG8BrNLiyWwRKltQbYPQlCdEU50FUigMJy/6T -BWdj1UqyuxVLMcsPQVf8J2/BSmd7I1Xn4+rNGlw3Wg+F5sZ/ETVWNxbU3t9C0M7V -yZchSo1aNHWYFkxsKJVIhSTWwdIzRoaMmdIq0TJ3NCz/pu42tBPqv1DVN9dQkvUP -guY82ncsl79+Nh3HqoE6Tr6tIpuwpuFIjAlsGJrOFQJrx6JrzgQHf+Fcxe3VBEQ= ------END CERTIFICATE----- -` -) - -var _ = Describe("TLSConnector", func() { - var testDataFolder string - var certificateFolder string - var playerID = int32(0) - - BeforeEach(func() { - var err error - testDataFolder, err = ioutil.TempDir("", "testData") - certificateFolder = testDataFolder + "/Player-Data" - err = os.Mkdir(certificateFolder, os.ModeDir|os.ModePerm) - if err != nil { - panic(err) - } - - err = ioutil.WriteFile(fmt.Sprintf("%s/C%d.pem", certificateFolder, playerID), []byte(pemFileClient), os.ModePerm) - if err != nil { - panic(err) - } - - err = ioutil.WriteFile(fmt.Sprintf("%s/C%d.key", certificateFolder, playerID), []byte(keyFileClient), os.ModePerm) - if err != nil { - panic(err) - } - - err = ioutil.WriteFile(fmt.Sprintf("%s/P%d.pem", certificateFolder, playerID), []byte(pemFileServer), os.ModePerm) - if err != nil { - panic(err) - } - - err = ioutil.WriteFile(fmt.Sprintf("%s/P%d.key", certificateFolder, playerID), []byte(keyFileServer), os.ModePerm) - if err != nil { - panic(err) - } - }) - - AfterEach(func() { - err := os.RemoveAll(testDataFolder) - if err != nil { - panic(err) - } - }) - - Context("when trying to upgrade to a TLS connection", func() { - var ( - tlsConnector func(conn net.Conn, playerID int32) (net.Conn, error) - client, server net.Conn - ) - - BeforeEach(func() { - tlsConnector = NewTLSConnectorWithPath(certificateFolder) - client, server = net.Pipe() - }) - - It("establishes a TLS Connection and allows to send something over the connection", func() { - // Arrange - serverPemFileLocation := fmt.Sprintf("%s/P%d.pem", certificateFolder, playerID) - serverKeyFileLocation := fmt.Sprintf("%s/P%d.key", certificateFolder, playerID) - serverCertificate, err := tls.LoadX509KeyPair(serverPemFileLocation, serverKeyFileLocation) - if err != nil { - panic(err) - } - serverConfig := &tls.Config{ - Certificates: []tls.Certificate{serverCertificate}, - } - serverTLSConnection := tls.Server(server, serverConfig) - go serverTLSConnection.Handshake() - - // Act - tlsConnection, err := tlsConnector(client, playerID) - contentToSend := []byte{byte(1)} - go tlsConnection.Write(contentToSend) - - contentToReceive := make([]byte, 1) - serverTLSConnection.Read(contentToReceive) - - // Assert - Expect(err).NotTo(HaveOccurred()) - Expect(tlsConnection).ToNot(BeNil()) - Expect(contentToReceive).To(Equal(contentToSend)) - }) - - Context("and no certificate files for the playerID exist", func() { - playerID := int32(1) - - It("errors when trying to load the certificate key pair", func() { - // Act - tlsConnection, err := tlsConnector(client, playerID) - - // Assert - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("C1.pem")) - Expect(tlsConnection).To(BeNil()) - }) - }) - - Context("and the server does not have the matching certificate", func() { - playerID := int32(0) - It("will throw a TLS Error", func() { - // Arrange - serverConfig := &tls.Config{ - //No Server Certificates -> Client certificate won't match - Certificates: []tls.Certificate{}, - } - serverTLSConnection := tls.Server(server, serverConfig) - go serverTLSConnection.Handshake() - - // Act - tlsConnection, err := tlsConnector(client, playerID) - - // Assert - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("remote error: tls: unrecognized name")) - Expect(tlsConnection).To(BeNil()) - }) - }) - }) -}) From ab86b9b3efdf2f206eddea4b777cd8b7c05a8b08 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Thu, 5 May 2022 11:17:46 +0200 Subject: [PATCH 14/17] FIXME: added placeholder for base-image Signed-off-by: Timo Klenk --- .ko.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ko.yaml b/.ko.yaml index 442cd749..caccb3fb 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -9,4 +9,4 @@ # github.com/carbynestack/ephemeral/cmd/ephemeral: ghcr.io/carbynestack/ephemeral-spdz-base-image:cleared-20210827 defaultBaseImage: ghcr.io/carbynestack/ubuntu:20.04-20210827-nonroot baseImageOverrides: - github.com/carbynestack/ephemeral/cmd/ephemeral: ghcr.io/carbynestack/spdz:v0.2.8 + github.com/carbynestack/ephemeral/cmd/ephemeral: TODO Update me with an image that has NO_CLIENT_TLS set From 0cab0b40beff689eaf0a83eb7f10c3b13180ee78 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Thu, 5 May 2022 11:36:48 +0200 Subject: [PATCH 15/17] Remove TLS related stuff from tests Signed-off-by: Timo Klenk --- pkg/ephemeral/io/carrier_test.go | 51 ++++++++++---------------------- 1 file changed, 16 insertions(+), 35 deletions(-) diff --git a/pkg/ephemeral/io/carrier_test.go b/pkg/ephemeral/io/carrier_test.go index 76ec3333..00cca319 100644 --- a/pkg/ephemeral/io/carrier_test.go +++ b/pkg/ephemeral/io/carrier_test.go @@ -28,12 +28,8 @@ var _ = Describe("Carrier", func() { connected = true return &conn, nil } - fakeTLSConnector := func(connection net.Conn, playerID int32) (net.Conn, error) { - return connection, nil - } carrier := Carrier{ - Dialer: fakeDialer, - TLSConnector: fakeTLSConnector, + Dialer: fakeDialer, } err := carrier.Connect(context.TODO(), playerID, "", "") Expect(connected).To(BeTrue()) @@ -44,12 +40,8 @@ var _ = Describe("Carrier", func() { fakeDialer := func(ctx context.Context, addr, port string) (net.Conn, error) { return &conn, nil } - fakeTLSConnector := func(connection net.Conn, playerID int32) (net.Conn, error) { - return connection, nil - } carrier := Carrier{ - Dialer: fakeDialer, - TLSConnector: fakeTLSConnector, + Dialer: fakeDialer, } err := carrier.Connect(context.TODO(), playerID, "", "") Expect(err).NotTo(HaveOccurred()) @@ -64,7 +56,6 @@ var _ = Describe("Carrier", func() { connectionOutput []byte //Will contain (length 4 byte, playerID 1 byte) client, server net.Conn dialer func(ctx context.Context, addr, port string) (net.Conn, error) - fakeTLSConnector func(conn net.Conn, playerID int32) (net.Conn, error) ) BeforeEach(func() { secret = []amphora.SecretShare{ @@ -76,9 +67,6 @@ var _ = Describe("Carrier", func() { dialer = func(ctx context.Context, addr, port string) (net.Conn, error) { return client, nil } - fakeTLSConnector = func(connection net.Conn, playerID int32) (net.Conn, error) { - return connection, nil - } }) Context("when sending secret shares through the carrier", func() { It("sends an amphora secret to the socket", func() { @@ -87,9 +75,8 @@ var _ = Describe("Carrier", func() { MarshalResponse: serverResponse, } carrier := Carrier{ - Dialer: dialer, - Packer: packer, - TLSConnector: fakeTLSConnector, + Dialer: dialer, + Packer: packer, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -103,9 +90,8 @@ var _ = Describe("Carrier", func() { It("returns an error when it fails to marshal the object", func() { packer := &FakeBrokenPacker{} carrier := Carrier{ - Dialer: dialer, - Packer: packer, - TLSConnector: fakeTLSConnector, + Dialer: dialer, + Packer: packer, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -120,9 +106,8 @@ var _ = Describe("Carrier", func() { MarshalResponse: serverResponse, } carrier := Carrier{ - Dialer: dialer, - Packer: packer, - TLSConnector: fakeTLSConnector, + Dialer: dialer, + Packer: packer, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -142,9 +127,8 @@ var _ = Describe("Carrier", func() { UnmarshalResponse: []string{packerResponse}, } carrier := Carrier{ - Dialer: dialer, - Packer: &packer, - TLSConnector: fakeTLSConnector, + Dialer: dialer, + Packer: &packer, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -164,9 +148,8 @@ var _ = Describe("Carrier", func() { UnmarshalResponse: []string{packerResponse}, } carrier := Carrier{ - Dialer: dialer, - Packer: &packer, - TLSConnector: fakeTLSConnector, + Dialer: dialer, + Packer: &packer, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -179,9 +162,8 @@ var _ = Describe("Carrier", func() { serverResponse := []byte{byte(1)} packer := &FakeBrokenPacker{} carrier := Carrier{ - Dialer: dialer, - Packer: packer, - TLSConnector: fakeTLSConnector, + Dialer: dialer, + Packer: packer, } go server.Read(connectionOutput) carrier.Connect(ctx, playerID, "", "") @@ -203,9 +185,8 @@ var _ = Describe("Carrier", func() { serverResponse := []byte{1, 0, 0, 0, 1} // 4 byte length + header, in this case "1". In real case Descriptor + Prime packer := &FakeBrokenPacker{} carrier := Carrier{ - Dialer: dialer, - Packer: packer, - TLSConnector: fakeTLSConnector, + Dialer: dialer, + Packer: packer, } waitGroup := sync.WaitGroup{} waitGroup.Add(1) From 4dda56a792f9795409f43c970e9c175881f53597 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Thu, 5 May 2022 14:26:49 +0200 Subject: [PATCH 16/17] Remove Printlns from CallCMD We don't need it if we properly handle the result on the caller-side Signed-off-by: Timo Klenk --- pkg/ephemeral/spdz.go | 12 ++++++------ pkg/utils/os.go | 18 +----------------- 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/pkg/ephemeral/spdz.go b/pkg/ephemeral/spdz.go index 09b08995..d511b60f 100644 --- a/pkg/ephemeral/spdz.go +++ b/pkg/ephemeral/spdz.go @@ -8,17 +8,16 @@ package ephemeral import ( "context" + "errors" + "fmt" d "github.com/carbynestack/ephemeral/pkg/discovery" pb "github.com/carbynestack/ephemeral/pkg/discovery/transport/proto" . "github.com/carbynestack/ephemeral/pkg/ephemeral/io" "github.com/carbynestack/ephemeral/pkg/ephemeral/network" . "github.com/carbynestack/ephemeral/pkg/types" . "github.com/carbynestack/ephemeral/pkg/utils" - "sort" - - "errors" - "fmt" "io/ioutil" + "sort" "strconv" "time" @@ -231,11 +230,12 @@ func (s *SPDZEngine) startMPC(ctx *CtxConfig) { s.logger.Infow("Starting Player-Online.x", GameID, ctx.Act.GameID, "command", command) stdout, stderr, err := s.cmder.CallCMD(ctx.Context, command, s.baseDir) if err != nil { + s.logger.Errorw("Error while executing the user code", GameID, ctx.Act.GameID, "StdErr", string(stderr), "StdOut", string(stdout), "error", err) err := fmt.Errorf("error while executing the user code: %v", err) ctx.ErrCh <- err - s.logger.Errorw(err.Error(), GameID, ctx.Act.GameID) + } else { + s.logger.Debugw("Computation finished", GameID, ctx.Act.GameID, "StdErr", string(stderr), "StdOut", string(stdout)) } - s.logger.Debugw("Computation finished", GameID, ctx.Act.GameID, "StdErr", string(stderr), "StdOut", string(stdout), "error", err) } func (s *SPDZEngine) writeIPFile(path string, addr string, parties int32) error { diff --git a/pkg/utils/os.go b/pkg/utils/os.go index cf09d7ec..e44e87cc 100644 --- a/pkg/utils/os.go +++ b/pkg/utils/os.go @@ -10,12 +10,10 @@ import ( "bytes" "context" "errors" - "fmt" "io/ioutil" "os" "os/exec" "path/filepath" - "sync" ) // Executor is an interface for calling a command and process its output. @@ -69,21 +67,7 @@ func (c *Commander) CallCMD(ctx context.Context, cmd []string, dir string) ([]by if err != nil { return nil, nil, err } - - var waitGroup sync.WaitGroup - waitGroup.Add(1) - go func() { - // Check if the command finished successfully. - err = command.Wait() - defer waitGroup.Done() - if err != nil { - println(fmt.Sprintf("Error occured!")) - println(fmt.Sprintf("StdOut: %s", stdoutBuffer.Bytes())) - println(fmt.Sprintf("StdErr: %s", stderrBuffer.Bytes())) - } - }() - waitGroup.Wait() - + err = command.Wait() if err != nil { switch err.(type) { case *exec.ExitError: From f29277c9fad94acc3e31cfd15e5764c45d81d3e4 Mon Sep 17 00:00:00 2001 From: Timo Klenk Date: Thu, 5 May 2022 14:47:06 +0200 Subject: [PATCH 17/17] Update base-image for ephemeral-ephemeral Signed-off-by: Timo Klenk --- .ko.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ko.yaml b/.ko.yaml index caccb3fb..4bd31c2d 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -9,4 +9,4 @@ # github.com/carbynestack/ephemeral/cmd/ephemeral: ghcr.io/carbynestack/ephemeral-spdz-base-image:cleared-20210827 defaultBaseImage: ghcr.io/carbynestack/ubuntu:20.04-20210827-nonroot baseImageOverrides: - github.com/carbynestack/ephemeral/cmd/ephemeral: TODO Update me with an image that has NO_CLIENT_TLS set + github.com/carbynestack/ephemeral/cmd/ephemeral: ghcr.io/carbynestack/spdz:642d11f