syndicate-nim/src/syndicate/capabilities.nim

# SPDX-FileCopyrightText: ☭ Emery Hemingway
# SPDX-License-Identifier: Unlicense

from std/sequtils import toSeq
import hashlib/misc/blake2

import preserves
import ./protocols/sturdy
from ./actors import Ref

export `$`

proc hmac(key, data: openarray[byte]): seq[byte] =
  count[Hmac[BLAKE2S_256]](key, data).data[0..15].toSeq

proc mint*[T](key: openarray[byte]; oid: Preserve[T]): SturdyRef[T] =
  SturdyRef[T](oid: oid, sig: hmac(key, encode oid))

proc mint*[T](key: openarray[byte]; oid: T; E = void): SturdyRef[E] =
  var oidPr = toPreserve(oid, E)
  SturdyRef[E](oid: oidPr, sig: hmac(key, encode oidPr))

proc mint*(): SturdyRef[Ref] =
  var key: array[16, byte]
  cast[SturdyRef[Ref]](mint(key, "syndicate", Ref))

proc attenuate*[T](r: SturdyRef[T]; caveats: Attenuation): SturdyRef[T] =
  result = SturdyRef[T](
    oid: r.oid,
    caveatChain: r.caveatChain,
    sig: hmac(r.sig, encode caveats))
  result.caveatChain.add caveats

proc validate*[T](key: openarray[byte]; r: SturdyRef[T]): bool =
  var sig = hmac(key, encode r.oid)
  for a in r.caveatChain:
    sig = hmac(sig, encode a)
  r.sig == sig

when isMainModule:
  from os import commandLineParams

  var key: array[16, byte]
  case readBytes(stdin, key, 0, 16)
  of 16: discard
  of 0: stderr.writeLine "using null key"
  else: quit "expected sixteen bytes of key from stdin"

  var oids: seq[Preserve[void]]
  for p in commandLineParams():
    add(oids, parsePreserves p)
  if oids.len == 0: oids.add(toPreserve "syndicate")

  for oid in oids:
    let sturdy = mint(key, oid)
    doAssert validate(key, sturdy)
    stdout.writeLine(sturdy)
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`# SPDX-FileCopyrightText: ☭ Emery Hemingway`
Update Preserves submodule 2021-09-21 14:39:15 +00:00			`# SPDX-License-Identifier: Unlicense`

Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`from std/sequtils import toSeq`
			`import hashlib/misc/blake2`

Update Preserves submodule 2021-09-21 14:39:15 +00:00			`import preserves`
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`import ./protocols/sturdy`
Export a default capability generator 2023-04-10 21:56:51 +00:00			`from ./actors import Ref`
WiP! SturdyRef 2021-09-07 10:01:42 +00:00
Put a sturdyref generator in capabilities module 2022-12-08 04:51:26 +00:00			export `$`

Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`proc hmac(key, data: openarray[byte]): seq[byte] =`
			`count[Hmac[BLAKE2S_256]](key, data).data[0..15].toSeq`

Regenerate protocol modules 2022-12-08 08:15:01 +00:00			`proc mint*[T](key: openarray[byte]; oid: Preserve[T]): SturdyRef[T] =`
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`SturdyRef[T](oid: oid, sig: hmac(key, encode oid))`
Rename sturdy module to capabilities 2021-10-27 16:54:20 +00:00
Regenerate protocol modules 2022-12-08 08:15:01 +00:00			`proc mint*[T](key: openarray[byte]; oid: T; E = void): SturdyRef[E] =`
			`var oidPr = toPreserve(oid, E)`
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`SturdyRef[E](oid: oidPr, sig: hmac(key, encode oidPr))`
Rename sturdy module to capabilities 2021-10-27 16:54:20 +00:00
Export a default capability generator 2023-04-10 21:56:51 +00:00			`proc mint*(): SturdyRef[Ref] =`
			`var key: array[16, byte]`
			`cast[SturdyRef[Ref]](mint(key, "syndicate", Ref))`

Regenerate protocol modules 2022-12-08 08:15:01 +00:00			`proc attenuate*[T](r: SturdyRef[T]; caveats: Attenuation): SturdyRef[T] =`
			`result = SturdyRef[T](`
WiP! SturdyRef 2021-09-07 10:01:42 +00:00			`oid: r.oid,`
			`caveatChain: r.caveatChain,`
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`sig: hmac(r.sig, encode caveats))`
WiP! SturdyRef 2021-09-07 10:01:42 +00:00			`result.caveatChain.add caveats`

Regenerate protocol modules 2022-12-08 08:15:01 +00:00			`proc validate*[T](key: openarray[byte]; r: SturdyRef[T]): bool =`
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`var sig = hmac(key, encode r.oid)`
WiP! SturdyRef 2021-09-07 10:01:42 +00:00			`for a in r.caveatChain:`
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`sig = hmac(sig, encode a)`
WiP! SturdyRef 2021-09-07 10:01:42 +00:00			`r.sig == sig`
Put a sturdyref generator in capabilities module 2022-12-08 04:51:26 +00:00
			`when isMainModule:`
			`from os import commandLineParams`

			`var key: array[16, byte]`
			`case readBytes(stdin, key, 0, 16)`
			`of 16: discard`
			`of 0: stderr.writeLine "using null key"`
			`else: quit "expected sixteen bytes of key from stdin"`

			`var oids: seq[Preserve[void]]`
			`for p in commandLineParams():`
			`add(oids, parsePreserves p)`
			`if oids.len == 0: oids.add(toPreserve "syndicate")`

			`for oid in oids:`
			`let sturdy = mint(key, oid)`
			`doAssert validate(key, sturdy)`
			`stdout.writeLine(sturdy)`