urbit/shrub
1
1
Fork 0
mirror of https://github.com/urbit/shrub.git synced 2025-01-03 10:02:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

restore jael and move new work to kale

Browse Source
This commit is contained in:
Philip Monk 2019-06-25 11:54:42 -07:00
parent ad4ce5622d
commit 23f77c609e
No known key found for this signature in database
GPG Key ID: B66E1F02604E44EC
3 changed files with 2220 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

825
sys/vane/jael.hoon
View File

File diff suppressed because it is too large Load Diff

1193
sys/vane/kale.hoon Normal file
View File

File diff suppressed because it is too large Load Diff

252
sys/zuse.hoon
View File

@ -1803,6 +1803,7 @@
:: ::::
++ able ^?
=, pki
=, rights
|%
:: %jael has two general kinds of task: changes
:: and change subscriptions.
@ -1826,6 +1827,15 @@
++ logs :: on-chain changes
%+ map event-id:ethereum-types :: per event log
diff-azimuth:azimuth-types :: the change
++ action :: balance change
%+ pair ship :: partner
%+ each bump :: &/liability change
bump :: |/asset change
:: ::
++ balance :: balance sheet
%+ pair ::
(map ship safe) :: liabilities
(map ship safe) :: assets
:: ::
++ vent-result :: %vent result
$% [%snap snap=snapshot:jael] :: restore snapshot
@ -1838,14 +1848,18 @@
++ change :: urbit change
$% [%ethe can=chain] :: on-chain change
[%meet who=ship =life =pass] :: meet in new era
[%priv =life =ring] :: update private key
== ::
$: %rite :: rights change
rex/ship :: issuer
pal/ship :: issued to
del/bump :: change
== == ::
++ gift :: out result <-$
$% [%init p=ship] :: report install unix
[%mass p=mass] :: memory usage report
[%mack p=(unit tang)] :: message n/ack
[%pubs public] :: public keys
[%turf turf=(list turf)] :: domains
[%vest p=tally] :: balance update
[%vein =life vein=(map life ring)] :: private keys
[%vine p=(list change)] :: all raw changes
[%vent p=vent-result] :: ethereum changes
@ -1855,13 +1869,22 @@
$: life=life :: current key number
pubs=(map life pass) :: pubkeys by number
== ::
++ remote :: remote notification
%+ each safe :: &/addition
safe :: |/replacement
:: +seed: private boot parameters
::
+$ seed [who=ship lyf=life key=ring sig=(unit oath:pki)]
::
++ tally :: balance update
%+ each balance :: complete
action :: change
::
+= task :: in request ->$
$~ [%vega ~] ::
$% $: %dawn :: boot from keys
$% [%burn p=ship q=safe] :: destroy rights
[%hail p=ship q=remote] :: remote update
$: %dawn :: boot from keys
=seed:able:jael :: identity params
spon=ship :: sponsor
czar=(map ship [=life =pass]) :: galaxy table
@ -1872,6 +1895,8 @@
== ::
[%fake =ship] :: fake boot
[%look src=(each ship purl:eyre)] :: set ethereum source
[%mint p=ship q=safe] :: create rights
[%move p=ship q=ship r=safe] :: transfer from=to
::TODO %next for generating/putting new private key
[%nuke ~] :: cancel tracker from
[%pubs =ship] :: view public keys
@ -1881,6 +1906,7 @@
$>(%vega vane-task) :: report upgrade
[%vein ~] :: view signing keys
[%vent ~] :: view ethereum events
[%vest ~] :: view public balance
[%vine ~] :: view secret history
$>(%wegh vane-task) :: memory usage request
$>(%west vane-task) :: remote request
@ -1940,7 +1966,214 @@
++ name (pair @ta @t) :: ascii / unicode
++ oath @ :: signature
-- :: pki
:: ::
:::: ++rights:jael :: (1h3) claims
:: ::::
++ rights ^?
=, pki
|%
:: %jael tracks promises (++rite) from ship to ship.
:: a rite may be any right, badge, asset, secret, etc.
:: un-shared secret or private asset is stored as a
:: rite from self to self.
::
:: each rite is really a class of rights, and often
:: has its own internal set or map structure.
::
:: present kinds of rite:
::
:: %apple: application secret for a web api.
:: %block: the promisee is banned.
:: %email: email tied to promissee's ship.
:: %final: ship/ticket pair, ready to launch.
:: %fungi: fungible, countable asset.
:: %guest: permission to adopt foreign child.
:: %hotel: block of unissued children.
:: %jewel: urbit private keys.
:: %login: user's login passcode.
:: %pword: password for a website/api.
:: %token: user access token for a web api.
:: %urban: symmetric key for urbit networking.
::
:: %fungi keys can be anything, but don't reuse
:: currency codes. codes for urbit invitations:
:: %ugl == galaxy, %usr == star, %upl == planet
::
:: you can think of [our her rite] as an rdf triple.
::
++ bill (pair @da @) :: expiring value
++ bump :: rights change
$: mor/safe :: add rights
les/safe :: lose rights
== ::
++ dorm (pair ship bloq) :: issuing group
++ pile (tree (pair @ @)) :: efficient ship set
++ rite :: urbit commitment
$% {$apple p/(map site @)} :: web api key
{$block ~} :: banned
{$email p/(set @t)} :: email addresses
{$final p/(map ship @pG)} :: ticketed ships
{$fungi p/(map term @ud)} :: fungibles
{$guest ~} :: refugee visa
{$hotel p/(map dorm pile)} :: reserved block
{$jewel p/(map life ring)} :: private keyring
{$login p/(set @pG)} :: login secret
{$pword p/(map site (map @t @t))} :: web passwd by user
{$token p/(map site (map @t @t))} :: app tokens by user
{$urban p/(map hand bill)} :: urbit symmetric keys
== ::
++ site (list @ta) :: [%com %yahoo %www ~]
++ safe (tree rite) :: rights set
-- :: rights
-- :: jael
:: ::::
:::: ++kale :: (1h) security
:: ::::
++ kale ^?
|%
:: ::
:::: ++able:kale :: (1h1) arvo moves
:: ::::
++ able ^?
=, pki
|%
:: %kale has two general kinds of task: changes
:: and change subscriptions.
::
:: change tasks are designed to match high-level
:: operations - for instance, we have %burn, %mint,
:: and %move, not just a single delta operation.
:: more of these operations will probably be added,
:: and invariants enforced at transaction end.
::
:: subscriptions are also user-focused - for instance,
:: %vein sends all the information needed to maintain
:: the secure channel, both rights and certificates.
:: the security-critical tasks (%veil, %vein, %vine)
:: should probably be bound to a whitelisted duct set.
:: (all secrets are redacted from %vest gifts.)
::
:: %kale only talks to %ames and %behn. we send messages
:: through %ames and use %behn timers.
::
++ logs :: on-chain changes
%+ map event-id:ethereum-types :: per event log
diff-azimuth:azimuth-types :: the change
:: ::
++ vent-result :: %vent result
$% [%snap snap=snapshot:kale] :: restore snapshot
[%chain can=chain] :: get new events
== ::
:: ::
++ chain :: batch of changes
%+ each logs :: & all events
logs :: | new events
++ change :: urbit change
$% [%ethe can=chain] :: on-chain change
[%meet who=ship =life =pass] :: meet in new era
[%priv =life =ring] :: update private key
== ::
++ gift :: out result <-$
$% [%init p=ship] :: report install unix
[%mass p=mass] :: memory usage report
[%mack p=(unit tang)] :: message n/ack
[%pubs public] :: public keys
[%turf turf=(list turf)] :: domains
[%vein =life vein=(map life ring)] :: private keys
[%vine p=(list change)] :: all raw changes
[%vent p=vent-result] :: ethereum changes
== ::
:: ::
++ public :: public key state
$: life=life :: current key number
pubs=(map life pass) :: pubkeys by number
== ::
:: +seed: private boot parameters
::
+$ seed [who=ship lyf=life key=ring sig=(unit oath:pki)]
::
+= task :: in request ->$
$~ [%vega ~] ::
$% $: %dawn :: boot from keys
=seed:able:kale :: identity params
spon=ship :: sponsor
czar=(map ship [=life =pass]) :: galaxy table
turf=(list turf) :: domains
bloq=@ud :: block number
node=(unit purl:eyre) :: gateway url
snap=(unit snapshot) :: head start
== ::
[%fake =ship] :: fake boot
[%look src=(each ship purl:eyre)] :: set ethereum source
::TODO %next for generating/putting new private key
[%nuke ~] :: cancel tracker from
[%pubs =ship] :: view public keys
[%meet =ship =life =pass] :: met after breach
[%snap snap=snapshot kick=?] :: load snapshot
[%turf ~] :: view domains
$>(%vega vane-task) :: report upgrade
[%vein ~] :: view signing keys
[%vent ~] :: view ethereum events
[%vine ~] :: view secret history
$>(%wegh vane-task) :: memory usage request
$>(%west vane-task) :: remote request
[%wind p=@ud] :: rewind before block
== ::
-- ::
:: ::
:::: ::
:: ::
++ node-src :: ethereum node comms
$: node=purl:eyre :: node url
filter-id=@ud :: current filter
poll-timer=@da :: next filter poll
== ::
++ snapshot :: rewind point
=, azimuth-types ::
$: kyz=(map ship public:able) :: public key state
$= eth ::
$: dns=dnses :: on-chain dns state
pos=(map ship point) :: on-chain ship state
== ::
eth-bookmark
==
:: +eth-bookmark: cursor into the ethereum chain
::
++ eth-bookmark
$: heard=(set event-id:ethereum-types)
latest-block=@ud
==
:: +state-eth-node: state of a connection to an ethereum node
::
++ state-eth-node :: node config + meta
$: source=(each ship node-src) :: learning from
foreign-block=@ud :: node's latest block
eth-bookmark
== ::
:: ::
:::: ++pki:kale :: (1h2) certificates
:: ::::
++ pki ^?
|%
::TODO update to fit azimuth-style keys
:: the urbit meta-certificate (++will) is a sequence
:: of certificates (++cert). each cert in a will
:: revokes and replaces the previous cert. the
:: version number of a ship is a ++life.
::
:: the deed contains an ++arms, a definition
:: of cosmetic identity; a semi-trusted parent,
:: which signs the initial certificate and provides
:: routing services; and a dirty bit. if the dirty
:: bit is set, the new life of this ship may have
:: lost information that the old life had.
::
++ hand @uvH :: 128-bit hash
++ mind {who/ship lyf/life} :: key identifier
++ name (pair @ta @t) :: ascii / unicode
++ oath @ :: signature
-- :: pki
-- :: kale
::
++ http-client ^?
|%
@ -7453,6 +7686,19 @@
==
--
::
++ kale-noun
|%
++ point
$: crypto-suite=@ud
key-revision=@ud
continuity-number=@ud
encryption-key=octs
authentication-key=octs
has-sponsor=?
sponsor=@ud
==
--
::
++ eth-noun
|%
++ point