From d44e7eb9caa809c314db8d04854c4a673d46252d Mon Sep 17 00:00:00 2001 From: Logan Allen Date: Tue, 9 Jun 2020 14:48:05 -0400 Subject: [PATCH] graph-store: first pass at signing, hashing, and verifying nodes --- pkg/arvo/app/graph-store.hoon | 55 ++++++++++++++++++++++++++--------- pkg/arvo/lib/signatures.hoon | 17 +++++++---- pkg/arvo/sur/post.hoon | 16 +++++++--- 3 files changed, 65 insertions(+), 23 deletions(-) diff --git a/pkg/arvo/app/graph-store.hoon b/pkg/arvo/app/graph-store.hoon index f054a830eb..117ebec82d 100644 --- a/pkg/arvo/app/graph-store.hoon +++ b/pkg/arvo/app/graph-store.hoon @@ -58,7 +58,7 @@ ^- (quip card _state) ?< (~(has by graphs) resource) :- (give [/all /keys ~] [%add-graph resource graph]) - %= state + %_ state graphs (~(put by graphs) resource graph) action-logs (~(put by action-logs) resource (gas:orm-log ~ ~)) == @@ -68,7 +68,7 @@ ^- (quip card _state) ?> (~(has by graphs) resource) :- (give [/all /keys ~] [%remove-graph resource]) - %= state + %_ state graphs (~(del by graphs) resource) action-logs (~(del by action-logs) resource) == @@ -102,19 +102,47 @@ =* node +.i.node-list %_ $ node-list t.node-list - graph (add-node-at-index graph index node) + graph (add-node-at-index graph index node ~) == :: ++ add-node-at-index - |= [=graph:store =index:store =node:store] + |= $: =graph:store + =index:store + =node:store + parent-hash=(unit hash:store) + == ^- graph:store ?~ index graph =* atom i.index :: last index in list :: ?~ t.index - :: TODO: validate that hash of node matches - (put:orm graph atom node) + :: verify hash if it exists, otherwise calculate + :: + =* p post.node + =/ =validated-portion:store + [parent-hash author.p index.p time-sent.p contents.p] + =/ calculated-hash (mug validated-portion) + ?^ hash.p + :: hash is present, validate it + ~| "hash of post does not match calculated hash" + ?> =(calculated-hash u.hash.p) + (put:orm graph atom node) + :: no hash present + :: + %^ put:orm + graph + atom + %= node + hash.post `calculated-hash + signatures.post + ?. =(our.bowl author.post.node) ~ + %- ~(gas in *signatures:store) + :_ ~ + :+ `@ux`(sign:as:crub:crypto calculated-hash) + our.bowl + .^(=life %j /=life/(scot %p our.bowl)) + == :: multiple indices left in list :: =/ parent=(unit node:store) (get:orm graph atom) @@ -124,23 +152,27 @@ ?+ -.children.u.parent :: replace empty graph with graph containing one child :: + =* p-hash hash.post.u.parent %^ put:orm graph atom %= u.parent children ^- internal-graph:store - [%graph $(graph (gas:orm ~ ~), index t.index)] + :- %graph + $(graph (gas:orm ~ ~), index t.index, parent-hash p-hash) == :: %graph :: recurse into children :: + =* p-hash hash.post.u.parent %^ put:orm graph atom %_ u.parent - p.children $(graph p.children.u.parent, index t.index) + p.children + $(graph p.children.u.parent, index t.index, parent-hash p-hash) == == -- @@ -234,14 +266,11 @@ :: TODO: finish this ?. (are-signatures-valid:sigs signatures *hash:store now.bowl) ~|("signatures did not match public keys!" !!) - =/ new-signatures (~(uni in signatures) p.signatures.post.u.node) + =/ new-signatures (~(uni in signatures) signatures.post.u.node) %^ put:orm graph atom - %_ u.node - p.signatures.post new-signatures - q.signatures.post (sha256-mug:sigs new-signatures) - == + u.node(signatures.post new-signatures) :: multiple indices left in list :: ?+ -.children.u.node diff --git a/pkg/arvo/lib/signatures.hoon b/pkg/arvo/lib/signatures.hoon index fc0a944ebf..060f207ab8 100644 --- a/pkg/arvo/lib/signatures.hoon +++ b/pkg/arvo/lib/signatures.hoon @@ -15,15 +15,20 @@ ++ is-signature-valid |= [=signature =hash now=time] ^- ? - =/ =pass - .^ pass + =/ deed=(unit [a=life b=pass c=(unit @ux)]) + .^ (unit [life pass (unit @ux)]) %j /=deed/(scot %da now)/(scot %p q.signature)/(scot %ud p.signature) == - :: verify signature against hash of post - ?: %.y - %.n - %.y + :: we do not have a public key from ship + :: + ?~ deed %.y + :: we do not have a public key from ship at this life + :: + ?. =(a.u.deed r.signature) %.y + :: verify signature from ship at life + :: + ?=(^ (tear:as:crub:crypto b.u.deed p.signature)) :: ++ are-signatures-valid |= [=signatures =hash now=time] diff --git a/pkg/arvo/sur/post.hoon b/pkg/arvo/sur/post.hoon index 120360675d..20b0bd6d67 100644 --- a/pkg/arvo/sur/post.hoon +++ b/pkg/arvo/sur/post.hoon @@ -4,18 +4,26 @@ +$ index (list atom) +$ uid [=resource =index] :: -:: must be sha256 hash +:: mug hash of +validated-portion +$ hash @ux :: +$ signature [p=@ux q=ship r=life] +$ signatures (set signature) +$ post $: author=ship - =hash =index - contents=(list content) - signatures=[p=signatures q=hash] time-sent=time + contents=(list content) + hash=(unit hash) + =signatures + == +:: ++$ validated-portion + $: parent-hash=(unit hash) + author=ship + =index + time-sent=time + contents=(list content) == :: +$ content