Commit Graph

32822 Commits

Author SHA1 Message Date
Liam Fitzgerald
23e09ed5a0 ames: add foreign fine key state & add pending chums to $alien-agenda 2023-09-26 13:04:34 +01:00
Liam Fitzgerald
f382624c35 ames: make encrypted scry namespace properly recursive 2023-09-26 11:42:05 +01:00
Liam Fitzgerald
ab3a4b05f8 Merge remote-tracking branch 'origin/jb/chum' into lf/back-to-school-arc 2023-09-26 10:10:31 +01:00
Liam Fitzgerald
9a3daeb646 ames, gall: strip sigpams, re-enable key checking 2023-09-26 09:50:53 +01:00
Joe Bryan
949ac9d006 chum: refactors, corrects interface for blocking 2023-09-25 18:31:27 -04:00
Liam Fitzgerald
754215f9ae ames, gall: encrypted remote scry works end to end 2023-09-25 18:39:39 +01:00
Joe Bryan
6baed5cfcb chum: initial (two-party encrypted remote scry) 2023-09-22 14:19:15 -04:00
Liam Fitzgerald
39105cfeed ames: make key acquisition asynchronous 2023-09-21 16:24:23 +01:00
Pyry Kovanen
33bb61c323
Merge pull request #6799 from urbit/pkova/http2-cookie
eyre: allow header-list to contain multiple cookies
2023-09-21 16:21:51 +03:00
Pyry Kovanen
5fe2d6ea98 eyre: allow header-list to contain multiple cookies 2023-09-21 14:00:53 +03:00
Liam Fitzgerald
13964e27e9 ames: add encrypted remote scry support 2023-09-20 16:30:28 +01:00
Liam Fitzgerald
3e0e45e775 ames: add symmetric keychain functionality 2023-09-19 17:48:15 +01:00
Pyry Kovanen
5ff4e88890
Merge pull request #6789 from urbit/m/lighter-channel-creation
eyre: more permissive channel creation
2023-09-19 19:26:46 +03:00
fang
34148f9f44 eyre: allow PUTting empty channel-request list
Previously, we would reject this with a 400 error. Considering the
request body is expected to contain "array of requests" and that arrays
may be empty, we really should not be rejecting the requests.

Prior to 156ca21472, sending the empty array would have been convenient
for channel creation. Empty arrays getting rejected forced clients to
inject a faux poke (commonly hi-ing oneself). With that recent change,
the most common case for wanting to PUT the empty list of requests is
largely obsolete, but one can still imagine it being useful for clients
that want to keep their channel alive without necessarily being
connected to it. This also implements sloppier clients from running into
400 responses when they submit an empty "command queue" for whatever.

Regardless, there seems to be no clear reason why the empty request list
_shouldn't_ be accepted and processed as normal.

We add a small test to ensure eyre accepts this.
2023-09-19 19:12:25 +03:00
fang
4affae8181 eyre: GETting non-existent channels creates them
Previously, a channel could only be created by sending a PUT request,
and a GET request to receive the channel's stream would only succeed
after channel creation had happened that way. This forces client
libraries, that generally have an explicit "set up" step before allowing
normal operation, to do strange things, like sending faux pokes
(commonly hi-ing oneself) before connecting to the channel's stream as
normal.

Here, we update the GET request handling for channels to allow requests
for non-existent channels. When this happens, the channel will be
created, and eyre tracks the request as normal.

We do some... gentle restructuring... of +on-get-request:by-channel to
let the new creation case share code with the "already exists" codepath.
In the process, we find that duct-to-key was never getting updated in
the case where we replace the original channel request/connection with
the new incoming one. We fix this, it's trivial. We also identify two
other areas with vaguely-incorrect behavior, but consider them less
important and out of scope.

We also add a test case for "create channel through GET".
2023-09-19 19:12:25 +03:00
Liam Fitzgerald
df68e62917 gall: wip coop 2023-09-19 15:09:54 +01:00
Pyry Kovanen
e355b5090e
Merge pull request #6783 from urbit/pkova/dear
lull, ames: add %dear task to receive lane from unix
2023-09-19 15:56:43 +03:00
Pyry Kovanen
30dcd3808e
Merge pull request #6745 from urbit/m/dead-agent-503
eyre: serve 503 if bound agent is not running
2023-09-18 16:04:56 +03:00
fang
b427c9e800 eyre: serve 503 if bound agent is not running
Previously, for endpoints bound to agents, we would pass the request
onto the agent even if the agents wasn't currently running.

Here, we make eyre check to see if the agent is actually running, before
passing the request on. If the bound agent is not running, eyre serves a
503 synchronously instead.

This way, we avoid cluttering up the gall queue for the bound agent.
2023-09-18 15:52:28 +03:00
Liam Fitzgerald
12c9e64297 temp commit 2023-09-17 15:54:43 +01:00
Pyry Kovanen
3c3ade381b
Merge pull request #6792 from urbit/pkova/toggle-dead-flow
ames: make dead flow consolidation toggleable, default off
2023-09-15 18:15:47 +03:00
pkova
9929fcc6fb tests: revert test now that dead flow consolidation is default off 2023-09-14 23:13:24 +03:00
pkova
58698a428c ames: cancel pump timers when toggling to dead flow consolidation 2023-09-14 22:48:58 +03:00
pkova
bf4d7c92e1 ames: make dead flow consolidation toggleable, default off 2023-09-14 18:35:26 +03:00
Pyry Kovanen
b724304d5a
Merge pull request #6788 from urbit/pkova/roller-rpc-fix
roller-rpc: do not assert team:title for http-requests
2023-09-14 14:00:18 +03:00
Liam Fitzgerald
58f2d427ce gall: security primitives for encrypted scry
This commit adds `%tend` `%germ` and `%snip` to the notes that gall can
pass. `%tend` is analogous to `%grow`, except with a security group defined
by .coop.

 ### The coop system
A `$coop` is a path, which defines a security context for the portion of
the namespace that it prefixes. Each `$coop` receives a symmetric key,
which is used to encrypt requests and responses for any key-value pair
belonging to a coop.

 ### Network overview
This design requires a single handshake over ames to inform clients what
key is to be used. However, this handshake can be made less frequent by
including all paths underneath the `%coop` in the response, such that if
the user is requesting sibling paths under the same `%coop`, only one
handshake is required.

 ### Naming
I am utterly detached to all new names introduced, just trying to get
something down

 ### API Design
The most contentious part of this proposal will likely be the split
between `%grow` and `%tend`. I assert (rather weakly mind you) that this
is more ergonomic for the end user, although there's a strong argument
to be made that `%grow` should just take a `(unit coop)`. If this were
the case, however, it would muddy the semantics. If the value is
encrypted, then the ship,desk,case will be in the coop, else it will be
specified in the path.  Worth noting that specifying the
`%coop` and the rest of the path seperately seems like it could be
unintuitive because the path that it will be bound to is actually
`(welp coop path)`

The lifecycles for coops seem straightforward, although worth revisiting
the invariants it maintains, and how it handles those invariants. A list of such:
- No nesting (obviously good)
- Crashing on binding publically into a private coop (crashing is bad,
do we want to deliver a notification? (See footnote 1))
- Crashing on binding into a coop that doesn't exist (same notes as above)

 ### Key generation
Current implementation is obviously stupid, how should i do it?

 ### Footnotes
 1. Why are the remote scry datastructures notes and not gifts? Forgive
 me being out of the loop, but we don't actually use the wire for
 anything anywhere, and remote scry is giving gift anyway.
 2. It's so good to be back
2023-09-14 04:53:11 +01:00
Pyry Kovanen
babfd75daf
roller-rpc: do not assert team:title for http-requests 2023-09-13 14:57:28 +03:00
Pyry Kovanen
7a205c4b76
Merge pull request #6784 from urbit/pkova/lick-duct
lick: initialize unix-duct before %born
2023-09-05 19:07:31 +03:00
Pyry Kovanen
328e085e41
lick: initialize unix-duct before %born 2023-09-05 16:17:06 +03:00
pkova
6a6e07d49f lull, ames: add %dear task to receive lane from unix 2023-09-04 22:09:52 +03:00
Pyry Kovanen
e21f346ca8
Merge pull request #6551 from urbit/next/kelvin/412
zuse: kelvin 412
2023-08-29 13:11:24 +03:00
Pyry Kovanen
7faaefefb0
Merge branch 'develop' into next/kelvin/412 2023-08-29 13:02:49 +03:00
Pyry Kovanen
ae384dc08e
Merge pull request #6774 from urbit/pkova/arvo-provenance
arvo: add provenance when casting forward move
2023-08-23 20:08:06 +03:00
Pyry Kovanen
4bb9bae2d2
arvo: add provenance when casting forward move 2023-08-23 19:06:14 +03:00
Pyry Kovanen
036ee7019f
Merge pull request #6767 from urbit/pkova/gall-response-old-wire
eyre: handle old wires correctly in +on-gall-response
2023-08-23 17:54:54 +03:00
Pyry Kovanen
3260e4fe05 eyre: handle old wires correctly in +on-gall-response 2023-08-22 21:37:15 +03:00
Pyry Kovanen
a1f9374145
Merge pull request #6756 from urbit/pkova/dead-flow-fix
ames: fix bug in dead flow consolidation
2023-08-21 18:29:39 +03:00
Pyry Kovanen
39a8aeb6e1
Merge pull request #6764 from urbit/yu/fix-recork-timer
ames: reinitialize recork timer
2023-08-21 14:25:18 +03:00
yosoyubik
8320e7dbf2 ames: update dead flow timers in state 2023-08-21 14:03:38 +03:00
yosoyubik
4da54b9e4d ames: reinitialize recork timer 2023-08-21 14:03:38 +03:00
Pyry Kovanen
37bb2674b5
Merge pull request #6763 from urbit/yu/fix-state-migrations
ames:  fix state migration in 412 after merging #6762
2023-08-21 13:59:50 +03:00
yosoyubik
be0bbc78c5 Merge branch 'yu/decongest-ames-in-develop' into yu/fix-state-migrations 2023-08-18 08:16:26 +02:00
Pyry Kovanen
95d754a943
Merge pull request #6762 from urbit/yu/decongest-ames-in-develop
ames: reinitialize congestion control values (bis)
2023-08-17 17:23:18 +03:00
yosoyubik
19f5946e72 ames: only reinitialize congestion if bunted 2023-08-17 15:22:09 +02:00
yosoyubik
def2591812 ames: reinitialize congestion control values 2023-08-17 15:22:03 +02:00
Pyry Kovanen
8d820713a9
Merge pull request #6758 from urbit/roller/fix-migration
roller: fix state migration
2023-08-16 13:45:18 +03:00
yosoyubik
58b678505f roller: fix state migration 2023-08-16 10:23:52 +02:00
Pyry Kovanen
c276ddd476
ames: fix bug in dead flow consolidation 2023-08-15 16:15:55 +03:00
Pyry Kovanen
c7173781f0
Merge pull request #6749 from urbit/m/avoid-mideyre-crash
eyre: avoid +got'ing a channel that doesn't exist
2023-08-14 18:11:52 +03:00
fang
f87871f0c1
tests: update eyre tests with new wire format
See also a9e3ebb
2023-08-11 11:48:23 +02:00