Giter VIP home page Giter VIP logo

medco-unlynx's Introduction

Build Status Go Report Card Coverage Status

Documentation

MedCo documentation is centralized on the following website: MedCo Unlynx.

License

medco-unlynx is licensed under a End User Software License Agreement ('EULA') for non-commercial use. If you need more information, please contact us.

medco-unlynx's People

Stargazers

avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

nfreundl isabella232

medco-unlynx's Issues

Allow for timeouts when expecting values from channels

In many places (e.g. here, here, here, here, here, here), the code waits for information on a channel, but does not allow for a timeout. As this information is provided by other nodes over the network, the information will never come in case of crashes, and the goroutine will be stuck forever.
Allowing for a timeout in a select statement will make the code more fault-tolerant.

Memory leak in concurrent maps

The concurrent maps are used to store per-request information. The information is, however, never removed from the maps once the requests are finished, resulting in a memory leak as the maps contents will grow without bound.

Frequent timeouts during request processing

After submitting a request, it happens regularly that the response never comes back, while the frontend still thinks it is processing (the animated spinning icons are still active).
This has been verified both on the public demo (https://medco-demo.epfl.ch/) and a local installation ("test-local"). With a local installation, this event is usually associated with "Unlynx timeout" errors in the logs.

Incomplete README

The project README file should contain a short description and a basic explanation on how to use the project (for an example, this provides some good ideas).

Also, the link to MedCo documentation currently points to "coming soon" page.

Non-standard file organization for main applications

The main project applications currently reside in app/, which is non-standard (see e.g. Go project layout). Furthermore, there are scripts to build for Linux and Mac, which should no longer be needed.

Main applications are usually organized as follows, after which a simple go build should do:

  • Rename app to cmd.
  • Add a subdirectory for each main app (medco-unlynx in this case).
  • Move all the *.go files pertaining to an app to its directory.
  • Rename the main Go file for each app (the one containing func main()) to main.go (here medco.go).

Last key attack is possible upon setup

Security Code Review finding:

From both the code and the Medco paper, it is not 100% clear to us, but we believe that the system initialization is vulnerable to a "last player" attack on the key generation:

It seems the keys are generated in medco-unlynx using keyGenerationFromApp, but then it is handled by Onet (which is out of the scope of this audit) and its "GroupDescToml" file, but a cursory look at Onet's source shows that Onet's NewRoster func is simply summing the keys together without any checks, which means that "the last player" attack would work:

  1. Eve generates her private key sk_n and public point Pk
  2. Then she needs to know the other players' public keys Pk_i before advertising her own key.
  3. She can then "cancel" the contribution of the other players' sk_i by advertising
    the public key Pk_n = Pk - Sum_0^n-1(Pk_i) instead of her actual key Pk.
  4. Then the aggregate key will be :
    AP = Sum(Pk_i) = Sum_0^n-1(Pk_i) + Pk - Sum_0^n-1(Pk_i) = Pk
  5. This means that Eve can decrypt everything on her own since the group public key
    corresponds to her secret key.

To avoid this attack there should be a "commitment" phase prior to the public key broadcast by the nodes.
We couldn't determine how that broadcast is currently done (we guess it's done out of bound?)
But it doesn't seem to generate any commitment so we assume this step is currently missing.

Code review

  • Documentation page link in README.md is "coming soon" [documentation]
  • Some files have very long lines of code (>160 characters) [clarity]
  • The automated CI (.travis.yml) appears to only perform formatting, linting and coverage checks, but does not execute tests [robustness]

- app:

  • there are scripts to build for Linux and Mac, which should no longer be needed; also, it seems more common for Go projects to organize this as follows, after which a simple go build should do: [best practice]
  • rename app to
  • add a medco-unlynx directory inside
  • move all the *.go files in that directory
  • rename medco.go (the file containing func main()) to main.go
  • app: required arguments or options should be marked as Required to provide more friendly error messages to the user (e.g. --key in decrypt) [usability]

- services/service.go:

  • Could Go's standard sync.Map be used instead of the concurrent.ConcurrentMap? [maintainability]
  • Functions are generally very long, they should be split into smaller parts, e.g. handle original vs intra messages, etc. [clarity]
  • The naming of some variables is not very clear (e.g. TypeQ?) [clarity]
  • The code logic is not easy to follow, it could probably be simplified [clarity]
  • For the various phases, the wait on FeedbackChannel does not seem to allow for a timeout, it could be stuck forever(L863/876/894/907) [robustness]
  • In the handling functions, elements put in concurrent maps (e.g. surveyTag, surveyKS, etc.) are retrieved from the map later on for information that should not have been changed; why not use a local variable? [clarity]
  • Errors are sometimes logged but not propagated (e.g. L385) [robustness]
  • It looks like the entries in the concurrent maps are never removed once they are no longer needed [memory leak]
  • L183-188: can be simplified by using the boolean condition itself, i.e. root = (s.ServerIdentity().String() == ssr.Roster.List[0].String()) [clarity]
  • There are magic values in the code (e.g. 10 min timeout, channel sizes, etc.) [maintainability]
  • The code seems to contain functionality needed for testing (e.g. L493-500); this should be contained in test code (with the service code possibly modified to allow for testing).

Bug, medco-unlynx server crash

It happens randomly that a medco-unlynx server crashes while processing a DDT during a medco query.

Logs in crashing medco-unlynx (medco-unlynx-srv2):

medco-unlynx-srv2_1     | 1 : deterministic_tagging_protocol.go:139 (protocols.(*DeterministicTaggingProtocol).Start) - [tls://172.31.0.121:2004]  starts a Deterministic Tagging Protocol on  1  element(s)
medco-unlynx-srv2_1     | 3 : router.go:233 (network.(*Router).connect) - tls://[::]:2004 Connecting to tls://172.31.0.101:2000
medco-unlynx-srv2_1     | 2 : tls.go:428 (network.NewTLSConn)          - NewTLSConn to: tls://172.31.0.101:2000
medco-unlynx-srv2_1     | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.121:2004 (939a500c-375c-523d-9c61-5045b94e2972): DeterministicTagging
medco-unlynx-srv2_1     | 2 : tls.go:261 (network.NewTLSListenerWithListenAddr.func1) - Got new connection request from: 172.31.0.111:57172
medco-unlynx-srv2_1     | 2 : tls.go:261 (network.NewTLSListenerWithListenAddr.func1) - Got new connection request from: 172.31.0.111:57176
medco-unlynx-srv2_1     | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Ze65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd
medco-unlynx-srv2_1     | 3 : router.go:239 (network.(*Router).connect) - tls://[::]:2004 Connected to tls://172.31.0.101:2000
medco-unlynx-srv2_1     | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2004 Handling new connection from tls://172.31.0.101:2000
medco-unlynx-srv2_1     | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837
medco-unlynx-srv2_1     | 3 : router.go:496 (network.(*Router).receiveServerIdentity) - tls://[::]:2004: Identity received si=504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837 from tls://172.31.0.111:2002
medco-unlynx-srv2_1     | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2004 Handling new connection from tls://172.31.0.111:2002
medco-unlynx-srv2_1     | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.121:2004 (ebaee563-a1d8-5ffa-af09-5fd3edba3289): DeterministicTagging
medco-unlynx-srv2_1     | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.121:2004  preparation round for deterministic tagging
medco-unlynx-srv2_1     | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837
medco-unlynx-srv2_1     | 3 : router.go:496 (network.(*Router).receiveServerIdentity) - tls://[::]:2004: Identity received si=504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837 from tls://172.31.0.111:2002
medco-unlynx-srv2_1     | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2004 Handling new connection from tls://172.31.0.111:2002
medco-unlynx-srv2_1     | F : service.go:451 (services.(*Service).NewProtocol) - buffer read: EOF

Logs in other medco-unlynx, not crashing (medco-unlynx-srv1):

medco-unlynx-srv1_1     | 1 : deterministic_tagging_protocol.go:139 (protocols.(*DeterministicTaggingProtocol).Start) - [tls://172.31.0.111:2002]  starts a Deterministic Tagging Protocol on  1  element(s)
medco-unlynx-srv1_1     | 3 : router.go:233 (network.(*Router).connect) - tls://[::]:2002 Connecting to tls://172.31.0.121:2004
medco-unlynx-srv1_1     | 2 : tls.go:428 (network.NewTLSConn)          - NewTLSConn to: tls://172.31.0.121:2004
medco-unlynx-srv1_1     | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.111:2002 (f50ba839-30bf-5806-9452-80870ff0d80f): DeterministicTagging
medco-unlynx-srv1_1     | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Ze65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd
medco-unlynx-srv1_1     | 3 : router.go:496 (network.(*Router).receiveServerIdentity) - tls://[::]:2002: Identity received si=e65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd from tls://172.31.0.101:2000
medco-unlynx-srv1_1     | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2002 Handling new connection from tls://172.31.0.101:2000
medco-unlynx-srv1_1     | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.111:2002 (80c03081-09af-5420-b50c-a89d662828f0): DeterministicTagging
medco-unlynx-srv1_1     | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.111:2002  preparation round for deterministic tagging
medco-unlynx-srv1_1     | 3 : router.go:233 (network.(*Router).connect) - tls://[::]:2002 Connecting to tls://172.31.0.121:2004
medco-unlynx-srv1_1     | 2 : tls.go:428 (network.NewTLSConn)          - NewTLSConn to: tls://172.31.0.121:2004
medco-unlynx-srv1_1     | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z2c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c5
medco-unlynx-srv1_1     | 3 : router.go:239 (network.(*Router).connect) - tls://[::]:2002 Connected to tls://172.31.0.121:2004
medco-unlynx-srv1_1     | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2002 Handling new connection from tls://172.31.0.121:2004
medco-unlynx-srv1_1     | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z2c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c5
medco-unlynx-srv1_1     | 3 : router.go:239 (network.(*Router).connect) - tls://[::]:2002 Connected to tls://172.31.0.121:2004
medco-unlynx-srv1_1     | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.111:2002 (0ff301f5-0677-5924-9f28-b915cf4a28ad): DeterministicTagging
medco-unlynx-srv1_1     | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2002 Handling new connection from tls://172.31.0.121:2004
medco-unlynx-srv1_1     | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.111:2002  preparation round for deterministic tagging
medco-unlynx-srv1_1     | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.111:2002  preparation round for deterministic tagging
medco-unlynx-srv1_1     | E : tcp.go:287 (network.handleError)         - Unknown error caught: read tcp 172.31.0.111:57172->172.31.0.121:2004: read: connection reset by peer

(medco-unlynx-srv0):

medco-unlynx-srv0_1     | 1 : deterministic_tagging_protocol.go:139 (protocols.(*DeterministicTaggingProtocol).Start) - [tls://172.31.0.101:2000]  starts a Deterministic Tagging Protocol on  1  element(s)
medco-unlynx-srv0_1     | 3 : router.go:233 (network.(*Router).connect) - tls://[::]:2000 Connecting to tls://172.31.0.111:2002
medco-unlynx-srv0_1     | 2 : tls.go:428 (network.NewTLSConn)          - NewTLSConn to: tls://172.31.0.111:2002
medco-unlynx-srv0_1     | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837
medco-unlynx-srv0_1     | 3 : router.go:239 (network.(*Router).connect) - tls://[::]:2000 Connected to tls://172.31.0.111:2002
medco-unlynx-srv0_1     | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2000 Handling new connection from tls://172.31.0.111:2002
medco-unlynx-srv0_1     | 2 : tls.go:261 (network.NewTLSListenerWithListenAddr.func1) - Got new connection request from: 172.31.0.121:57862
medco-unlynx-srv0_1     | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z2c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c5
medco-unlynx-srv0_1     | 3 : router.go:496 (network.(*Router).receiveServerIdentity) - tls://[::]:2000: Identity received si=2c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c5 from tls://172.31.0.121:2004
medco-unlynx-srv0_1     | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2000 Handling new connection from tls://172.31.0.121:2004
medco-unlynx-srv0_1     | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.101:2000 (8422a675-e70d-5a30-9b1f-e75cd6f17eaf): DeterministicTagging
medco-unlynx-srv0_1     | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.101:2000  preparation round for deterministic tagging
medco-unlynx-srv0_1     | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.101:2000 (730e262a-9c4b-5d57-9cd7-4fc143ccd999): DeterministicTagging
medco-unlynx-srv0_1     | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.101:2000  preparation round for deterministic tagging

Client side of crashing server (medco-connector-srv2):

medco-connector-srv2_1  | 2 : api.go:41 (services.(*API).SendSurveyDDTRequestTerms) - Client 2 is creating a DDT survey with ID: MedCo_Explore_Query_2020031121148216_DDT
medco-connector-srv2_1  | DEBU[51997] User has 10 authorizations                   
medco-connector-srv2_1  | INFO[51997] user is authorized to request the endpoint with authorization medco-explore 
medco-connector-srv2_1  | INFO[51997] user is authorized to execute the query type count_per_site 
medco-connector-srv2_1  | 4 : websocket.go:513 (v3.(*Client).Send)     - Sending 0a284d6564436f5f4578706c6f72655f51756572795f323032303033313132313134383231365f44445412fa020a10982992005bd858859ac51884c2d46d0f12680a2865642e706f696e74e65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd1a10e62d9bcb4294500d8ddfe5f2e48cdf702217746c733a2f2f3137322e33312e302e3130313a323030302a0f556e6c796e782053657276657220303a0012680a2865642e706f696e74504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e8371a10b4e5fdd871d25a9696e32e28977e38652217746c733a2f2f3137322e33312e302e3131313a323030322a0f556e6c796e782053657276657220313a0012680a2865642e706f696e742c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c51a105500fb842698598b84dfb682c593c92a2217746c733a2f2f3137322e33312e302e3132313a323030342a0f556e6c796e782053657276657220323a001a2865642e706f696e7418aaee7e4e9bb2e3307a0c5c3eaafb07568558a8add6ccc996e819d351e448f0180020002a540a2865642e706f696e74be8f936da1b7c2df19e779f6fd68e80d674f3d213f35099339f0a48c8eb60969122865642e706f696e74a1b2e25707718f159d0bdb584edcbbdbeb3880a8b1298fc1a9a732a974e83ce3 to medco/SurveyDDTRequest
medco-connector-srv2_1  | ERRO[51997] unlynx error executing DDT: sending: connection read: websocket: close 1006 (abnormal closure): unexpected EOF

Client side of not crashing servers, having a timeout (medco-connector-srv1):

medco-connector-srv1_1  | 2 : api.go:41 (services.(*API).SendSurveyDDTRequestTerms) - Client 1 is creating a DDT survey with ID: MedCo_Explore_Query_2020031121148216_DDT
medco-connector-srv1_1  | DEBU[51997] User has 10 authorizations                   
medco-connector-srv1_1  | INFO[51997] user is authorized to request the endpoint with authorization medco-explore 
medco-connector-srv1_1  | INFO[51997] user is authorized to execute the query type count_per_site 
medco-connector-srv1_1  | 4 : websocket.go:513 (v3.(*Client).Send)     - Sending 0a284d6564436f5f4578706c6f72655f51756572795f323032303033313132313134383231365f44445412fa020a10982992005bd858859ac51884c2d46d0f12680a2865642e706f696e74e65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd1a10e62d9bcb4294500d8ddfe5f2e48cdf702217746c733a2f2f3137322e33312e302e3130313a323030302a0f556e6c796e782053657276657220303a0012680a2865642e706f696e74504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e8371a10b4e5fdd871d25a9696e32e28977e38652217746c733a2f2f3137322e33312e302e3131313a323030322a0f556e6c796e782053657276657220313a0012680a2865642e706f696e742c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c51a105500fb842698598b84dfb682c593c92a2217746c733a2f2f3137322e33312e302e3132313a323030342a0f556e6c796e782053657276657220323a001a2865642e706f696e7418aaee7e4e9bb2e3307a0c5c3eaafb07568558a8add6ccc996e819d351e448f0180020002a540a2865642e706f696e74be8f936da1b7c2df19e779f6fd68e80d674f3d213f35099339f0a48c8eb60969122865642e706f696e74a1b2e25707718f159d0bdb584edcbbdbeb3880a8b1298fc1a9a732a974e83ce3 to medco/SurveyDDTRequest
medco-connector-srv1_1  | ERRO[52147] unlynx timeout

(medco-connector-srv0):

medco-connector-srv0_1  | 2 : api.go:41 (services.(*API).SendSurveyDDTRequestTerms) - Client 0 is creating a DDT survey with ID: MedCo_Explore_Query_2020031121148216_DDT
medco-connector-srv0_1  | 4 : websocket.go:513 (v3.(*Client).Send)     - Sending 0a284d6564436f5f4578706c6f72655f51756572795f323032303033313132313134383231365f44445412fa020a10982992005bd858859ac51884c2d46d0f12680a2865642e706f696e74e65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd1a10e62d9bcb4294500d8ddfe5f2e48cdf702217746c733a2f2f3137322e33312e302e3130313a323030302a0f556e6c796e782053657276657220303a0012680a2865642e706f696e74504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e8371a10b4e5fdd871d25a9696e32e28977e38652217746c733a2f2f3137322e33312e302e3131313a323030322a0f556e6c796e782053657276657220313a0012680a2865642e706f696e742c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c51a105500fb842698598b84dfb682c593c92a2217746c733a2f2f3137322e33312e302e3132313a323030342a0f556e6c796e782053657276657220323a001a2865642e706f696e7418aaee7e4e9bb2e3307a0c5c3eaafb07568558a8add6ccc996e819d351e448f0180020002a540a2865642e706f696e74be8f936da1b7c2df19e779f6fd68e80d674f3d213f35099339f0a48c8eb60969122865642e706f696e74a1b2e25707718f159d0bdb584edcbbdbeb3880a8b1298fc1a9a732a974e83ce3 to medco/SurveyDDTRequest
medco-connector-srv0_1  | ERRO[52148] unlynx timeout

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.