syndicate-nim/src/syndicate/sturdy.nim

import preserves, preserves/parse
import ../syndicate/protocols/schemas/sturdy, ./private/hmacs

proc mint*(key: openarray[byte]; oid: Value): SturdyRef =
  SturdyRef(oid: oid, sig: hmacSha256(key, encode(oid), key.len))

proc attenuate*(r: SturdyRef; caveats: Attenuation): SturdyRef =
  result = SturdyRef(
    oid: r.oid,
    caveatChain: r.caveatChain,
    sig: hmacSha256(r.sig, caveats.encode))
  result.caveatChain.add caveats

proc validate*(key: openarray[byte]; r: SturdyRef): bool =
  var sig = hmacSha256(key, r.oid.encode, key.len)
  for a in r.caveatChain:
    sig = hmacSha256(sig, a.encode)
  r.sig == sig

when isMainModule:
  import unittest
  test "mint":
    var
      key: array[16, byte]
      oid = "syndicate".toPreserve(EmbeddedType)
      sRef = mint(key, oid)
      control = parsePreserves"""<ref "syndicate" [] #[pkgN9TBmEd3Q04grVG4Zdw]>"""
    check(sRef.toPreserve == control)
    let aRef = attenuate(sRef, newSeq[Caveat]())
    check validate(key, aRef)