syndicate-nim/src/syndicate/capabilities.nim

# SPDX-FileCopyrightText: ☭ Emery Hemingway
# SPDX-License-Identifier: Unlicense

runnableExamples:
  from std/unittest import check
  let sturdy = mint()
  check $sturdy == """<ref {oid: "syndicate" sig: #x"69ca300c1dbfa08fba692102dd82311a"}>"""

import std/[options, tables]
from std/sequtils import toSeq
import hashlib/misc/blake2

import preserves
import ./protocols/sturdy

export `$`

proc hmac(key, data: openarray[byte]): seq[byte] =
  count[Hmac[BLAKE2S_256]](key, data).data[0..15].toSeq

proc mint*(key: openarray[byte]; oid: Value): SturdyRef =
  SturdyRef(parameters: {
        Symbol"oid": oid,
        Symbol"sig": hmac(key, encode(oid)).toPreserves,
      }.toTable,
    )

proc mint*(): SturdyRef =
  var key: array[16, byte]
  mint(key, "syndicate".toPreserves)

proc attenuate*(r: SturdyRef; caveats: seq[Caveat]): SturdyRef =
  var sig = hmac(r.parameters[Symbol"sig"].bytes, caveats.toPreserves.encode)
  result = SturdyRef(parameters: {
      Symbol"oid": r.parameters[Symbol"oid"],
      Symbol"caveats": r.parameters[Symbol"caveats"] & caveats.toPreserves,
      Symbol"sig": sig.toPreserves,
    }.toTable)

proc validate*(key: openarray[byte]; sturdy: SturdyRef): bool =
  let oid = sturdy.parameters[Symbol"oid"]
  let ctrl = sturdy.parameters[Symbol"sig"]
  var sig = hmac(key, oid.encode)
  let caveats = sturdy.parameters[Symbol"caveats"]
  for cav in caveats.sequence:
    sig = hmac(sig, encode cav)
  result = (sig == ctrl.bytes)

# mint utility moved to syndicate_utils/src/mintsturdyref.nim
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`# SPDX-FileCopyrightText: ☭ Emery Hemingway`
Update Preserves submodule 2021-09-21 14:39:15 +00:00			`# SPDX-License-Identifier: Unlicense`

Adjust to new syndicate-protocols 2023-05-18 10:20:44 +00:00			`runnableExamples:`
			`from std/unittest import check`
			`let sturdy = mint()`
			`check $sturdy == """<ref {oid: "syndicate" sig: #x"69ca300c1dbfa08fba692102dd82311a"}>"""`

Protocol changes 2024-01-01 18:29:54 +00:00			`import std/[options, tables]`
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`from std/sequtils import toSeq`
			`import hashlib/misc/blake2`

Update Preserves submodule 2021-09-21 14:39:15 +00:00			`import preserves`
Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`import ./protocols/sturdy`
WiP! SturdyRef 2021-09-07 10:01:42 +00:00
Put a sturdyref generator in capabilities module 2022-12-08 04:51:26 +00:00			export `$`

Switch HMAC to BLAKE2s-256 2023-05-03 17:10:33 +00:00			`proc hmac(key, data: openarray[byte]): seq[byte] =`
			`count[Hmac[BLAKE2S_256]](key, data).data[0..15].toSeq`

Migrate to non-generic Preserves 2023-12-31 17:15:06 +00:00			`proc mint*(key: openarray[byte]; oid: Value): SturdyRef =`
Protocol changes 2024-01-01 18:29:54 +00:00			`SturdyRef(parameters: {`
			`Symbol"oid": oid,`
			`Symbol"sig": hmac(key, encode(oid)).toPreserves,`
			`}.toTable,`
Adjust to new syndicate-protocols 2023-05-18 10:20:44 +00:00			`)`
Rename sturdy module to capabilities 2021-10-27 16:54:20 +00:00
Migrate to non-generic Preserves 2023-12-31 17:15:06 +00:00			`proc mint*(): SturdyRef =`
Export a default capability generator 2023-04-10 21:56:51 +00:00			`var key: array[16, byte]`
Migrate to non-generic Preserves 2023-12-31 17:15:06 +00:00			`mint(key, "syndicate".toPreserves)`
Export a default capability generator 2023-04-10 21:56:51 +00:00
Protocol changes 2024-01-01 18:29:54 +00:00			`proc attenuate*(r: SturdyRef; caveats: seq[Caveat]): SturdyRef =`
			`var sig = hmac(r.parameters[Symbol"sig"].bytes, caveats.toPreserves.encode)`
			`result = SturdyRef(parameters: {`
			`Symbol"oid": r.parameters[Symbol"oid"],`
			`Symbol"caveats": r.parameters[Symbol"caveats"] & caveats.toPreserves,`
			`Symbol"sig": sig.toPreserves,`
			`}.toTable)`

			`proc validate*(key: openarray[byte]; sturdy: SturdyRef): bool =`
			`let oid = sturdy.parameters[Symbol"oid"]`
			`let ctrl = sturdy.parameters[Symbol"sig"]`
			`var sig = hmac(key, oid.encode)`
			`let caveats = sturdy.parameters[Symbol"caveats"]`
			`for cav in caveats.sequence:`
			`sig = hmac(sig, encode cav)`
			`result = (sig == ctrl.bytes)`
Put a sturdyref generator in capabilities module 2022-12-08 04:51:26 +00:00
Move mint utility to syndicate_utils 2023-08-25 17:31:32 +00:00			`# mint utility moved to syndicate_utils/src/mintsturdyref.nim`