/**
* @param \ParagonIE\AsgardClient\Structures\MerkleTree $tree
* @param string $prevhash
* @param string $nexthash
*/
public function __construct(MerkleTree $tree, $prevhash = null, $nexthash = null)
{
$this->merkleTree = $tree;
$this->currentHash = $tree->getRoot();
$this->previousHash = $prevhash;
$this->nextHash = $nexthash;
if (empty($prevhash)) {
$this->tailHash = $this->currentHash;
} else {
$this->tailHash = \Sodium::crypto_generichash(\bin2hex($this->previousHash) . \bin2hex($this->currentHash));
}
}
public function testPersonalizedHash()
{
$treeA = new MerkleTree(new Node('a'), new Node('b'), new Node('c'), new Node('d'), new Node('e'));
$this->assertSame('6781891a87aa476454b74dc635c5cdebfc8f887438829ce2e81423f54906c058', $treeA->getRoot());
$treeA->setPersonalizationString('Halite unit test framework');
$this->assertSame('e912ee25c680b0e3ee30b52eec0f0d79b502e15c9091c19cec7afc3115260b78', $treeA->getRoot());
}
public function testCompat()
{
$treeA = new MerkleTree(new Node('a'), new Node('b'), new Node('c'), new Node('d'));
$treeB = new TrimmedMerkleTree(new Node('a'), new Node('b'), new Node('c'), new Node('d'));
$this->assertSame($treeA->getRoot(), $treeB->getRoot());
$personal = \random_bytes(32);
$treeA->setPersonalizationString($personal);
$treeB->setPersonalizationString($personal);
$this->assertSame($treeA->getRoot(), $treeB->getRoot());
}
public function testExpectedBehavior()
{
$treeA = new MerkleTree(new Node('a'), new Node('b'), new Node('c'), new Node('d'), new Node('e'));
$this->assertEquals('6781891a87aa476454b74dc635c5cdebfc8f887438829ce2e81423f54906c058', $treeA->getRoot());
$treeB = new MerkleTree(new Node('a'), new Node('b'), new Node('c'), new Node('d'), new Node('e'), new Node('e'), new Node('e'), new Node('e'));
$this->assertEquals($treeA->getRoot(), $treeB->getRoot());
return;
$treeC = $treeA->getExpandedTree(new Node('e'), new Node('e'), new Node('e'));
$this->assertEquals($treeA->getRoot(), $treeC->getRoot());
$treeD = $treeA->getExpandedTree(new Node('f'), new Node('e'), new Node('e'));
$this->assertNotEquals($treeA->getRoot(), $treeD->getRoot());
}
/**
* Get key updates from the channel
*
* @param MerkleTree $tree
* @return Node[]
*/
protected function getKeyUpdates(MerkleTree $tree) : array
{
$newNodes = [];
foreach ($this->getChannelUpdates($tree->getRoot()) as $new) {
$newNode = new Node($new['data']);
$tree = $tree->getExpandedTree($newNode);
// Verify that we've calculated the same Merkle root for each new leaf:
if (\hash_equals($new['root'], $tree->getRoot())) {
// Attempt to store the update (and create/revoke copies of the public keys):
if ($this->storeUpdate($new)) {
$newNodes[] = $newNode;
}
}
}
if (\count($newNodes) > 0) {
$this->notifyPeersOfNewUpdate();
}
return $newNodes;
}
/**
* Return true if the Merkle roots match.
*
* Dear future security auditors: This is important.
*
* This employs challenge-response authentication:
* @ref https://github.com/paragonie/airship/issues/13
*
* @param Channel $channel
* @param MerkleTree $originalTree
* @param TreeUpdate[] ...$updates
* @return bool
* @throws CouldNotUpdate
*/
protected function verifyResponseWithPeers(Channel $channel, MerkleTree $originalTree, TreeUpdate ...$updates) : bool
{
$state = State::instance();
$nodes = $this->updatesToNodes($updates);
$tree = $originalTree->getExpandedTree(...$nodes);
$maxUpdateIndex = \count($updates) - 1;
$expectedRoot = $updates[$maxUpdateIndex]->getRoot();
if (!\hash_equals($tree->getRoot(), $expectedRoot)) {
// Calculated root did not match.
self::$continuumLogger->store(LogLevel::EMERGENCY, 'Calculated Merkle root did not match the update.', [$tree->getRoot(), $expectedRoot]);
throw new CouldNotUpdate(\__('Calculated Merkle root did not match the update.'));
}
if ($state->universal['auto-update']['ignore-peer-verification']) {
// The user has expressed no interest in verification
return true;
}
$peers = $channel->getPeerList();
$numPeers = \count($peers);
/**
* These numbers are negotiable in future versions.
*
* If P is the set of trusted peer notaries (where ||P|| is the number
* of trusted peer notaries):
*
* 1. At least 1 must return 'success'.
* 2. At least ln(||P||) must return 'success'.
* 3. At most e * ln(||P||) can timeout.
* 4. If any peer disagrees with what we see, our
* result is discarded as invalid.
*
* The most harm a malicious peer can do is DoS if they
* are selected.
*/
$minSuccess = $channel->getAppropriatePeerSize();
$maxFailure = (int) \min(\floor($minSuccess * M_E), $numPeers - 1);
if ($maxFailure < 1) {
$maxFailure = 1;
}
\Airship\secure_shuffle($peers);
$success = $networkError = 0;
/**
* If any peers give a different answer, we're under attack.
* If too many peers don't respond, assume they're being DDoS'd.
* If enough peers respond in absolute agreement, we're good.
*/
for ($i = 0; $i < $numPeers; ++$i) {
try {
if (!$this->checkWithPeer($peers[$i], $tree->getRoot())) {
// Merkle root mismatch? Abort.
return false;
}
++$success;
} catch (TransferException $ex) {
self::$continuumLogger->store(LogLevel::EMERGENCY, 'A transfer exception occurred', \Airship\throwableToArray($ex));
++$networkError;
}
if ($success >= $minSuccess) {
// We have enough good responses.
return true;
} elseif ($networkError >= $maxFailure) {
// We can't give a confident response here.
return false;
}
}
self::$continuumLogger->store(LogLevel::EMERGENCY, 'We ran out of peers.', [$numPeers, $minSuccess, $maxFailure]);
// Fail closed:
return false;
}
