PHP Class Airship\Engine\Keyggdrasil

(Yggdrasil = "world tree") This synchronizes our public keys for each channel with the rest of the network, taking care to verify that a random subset of trusted peers sees the same keys. We also keep the checksums and version identifiers of all extensions in the Merkle tree.

Inheritance: use trait SupplierBolt, use trait LogBolt

Show file Open project: paragonie/airship

Protected Properties

Property	Type	Description
$channelCache	Channel[]
$continuumLogger	Log
$db	Database
$hail	Hail
$supplierCache	Supplier[]

Public Methods

Method	Description
__construct ( Hail $hail = null, DBInterface $db = null, array $channels = [] )	Keyggdrasil constructor.
doUpdate ( )	Launch the update process.

Protected Methods

Method	Description
checkWithPeer ( Peer $peer, string $expectedRoot ) : boolean	Does this peer notary see the same Merkle root?
fetchTreeUpdates ( Channel $chan, string $url, string $root ) : array	Fetch all of the updates from the remote server.
getLogData ( TreeUpdate $up ) : array	Given a TreeUpdate, return an array formatted for logging.
getMerkleTree ( Channel $chan ) : MerkleTree	Get the tree of existing Merkle roots.
insertKey ( Channel $chan, TreeUpdate $update )	We're storing a new public key for this supplier.
parseTreeUpdateResponse ( Channel $chan, array $response ) : array	Interpret the TreeUpdate objects from the API response. OR verify the signature of the "no updates" message to prevent a DoS.
processTreeUpdates ( Channel $chan, variadic $updates ) : boolean	Insert/delete entries in supplier_keys, while updating the database.
revokeKey ( Channel $chan, TreeUpdate $update ) : void	We're storing a new public key for this supplier.
updateChannel ( Channel $chan )	Update a particular channel.
updatePackageQueue ( TreeUpdate $update, integer $treeUpdateID )	We're storing metadata about a package in the database.
updatesToNodes ( array $updates ) : array	Get a bunch of nodes for inclusion in the Merkle tree.
verifyResponseWithPeers ( Channel $channel, MerkleTree $originalTree, variadic $updates ) : boolean	Return true if the Merkle roots match.

Method Details

__construct() public method

Keyggdrasil constructor.

public __construct ( Hail $hail = null, DBInterface $db = null, array $channels = [] )
$hail	Hail
$db	DBInterface
$channels	array

checkWithPeer() protected method

Does this peer notary see the same Merkle root?

protected checkWithPeer ( Peer $peer, string $expectedRoot ) : boolean
$peer	Peer
$expectedRoot	string
return	boolean

doUpdate() public method

This updates our keys for each channel.

public doUpdate ( )

fetchTreeUpdates() protected method

Fetch all of the updates from the remote server.

protected fetchTreeUpdates ( Channel $chan, string $url, string $root ) : array
$chan	Channel
$url	string
$root	string	Which Merkle root are we starting at?
return	array

getLogData() protected method

Given a TreeUpdate, return an array formatted for logging.

protected getLogData ( TreeUpdate $up ) : array
$up	TreeUpdate
return	array

getMerkleTree() protected method

Get the tree of existing Merkle roots.

protected getMerkleTree ( Channel $chan ) : MerkleTree
$chan	Channel
return	MerkleTree

insertKey() protected method

We're storing a new public key for this supplier.

protected insertKey ( Channel $chan, TreeUpdate $update )
$chan	Channel
$update	TreeUpdate

parseTreeUpdateResponse() protected method

Dear future security auditors: This is important.

protected parseTreeUpdateResponse ( Channel $chan, array $response ) : array
$chan	Channel
$response	array
return	array

processTreeUpdates() protected method

Dear future security auditors: This is important.

protected processTreeUpdates ( Channel $chan, variadic $updates ) : boolean
$chan	Channel
$updates	variadic
return	boolean

revokeKey() protected method

We're storing a new public key for this supplier.

protected revokeKey ( Channel $chan, TreeUpdate $update ) : void
$chan	Channel
$update	TreeUpdate
return	void

updateChannel() protected method

1. Identify a working URL for the channel. 2. Query server for updates. 3. For each update: 1. Verify that our trusted notaries see the same update. (Ed25519 signature of challenge nonce || Merkle root) 2. Add/remove the supplier's key.

protected updateChannel ( Channel $chan )
$chan	Channel

updatePackageQueue() protected method

We're storing metadata about a package in the database.

protected updatePackageQueue ( TreeUpdate $update, integer $treeUpdateID )
$update	TreeUpdate
$treeUpdateID	integer

updatesToNodes() protected method

Get a bunch of nodes for inclusion in the Merkle tree.

protected updatesToNodes ( array $updates ) : array
$updates	array
return	array

verifyResponseWithPeers() protected method

Dear future security auditors: This is important. This employs challenge-response authentication:

protected verifyResponseWithPeers ( Channel $channel, MerkleTree $originalTree, variadic $updates ) : boolean
$channel	Channel
$originalTree	MerkleTree
$updates	variadic
return	boolean

Property Details

$channelCache protected property

protected Channel[] $channelCache
return	Channel[]

$continuumLogger protected static property

protected static Log $continuumLogger
return	Log

$db protected property

protected Database,Airship\Engine $db
return	Database

$hail protected property

protected Hail,Airship\Engine $hail
return	Hail

$supplierCache protected property

protected Supplier[] $supplierCache
return	Supplier[]