Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

biscuit v2 #19

Merged
merged 39 commits into from
Oct 6, 2021
Merged

biscuit v2 #19

merged 39 commits into from
Oct 6, 2021

Conversation

divarvel
Copy link
Collaborator

@divarvel divarvel commented Sep 1, 2021
edited
Loading

biscuit-auth/biscuit#72

ToDo

  • serialization
  • new crypto
  • scoped evaluation
  • symbols removal
  • post-update cleanup

@divarvel
v2: add support for new crypto
08771b4
@divarvel
make running ghcid easier through the Makefile
afa8009
@divarvel
v2: introduce a scoped executor for Datalog
b2bbf55 
According to the biscuit v2 _feuille de route_, the datalog is now
evaluated in a staged process: each block is ran in sequence, with
its checks. This way, a new block cannot generate new facts that
could interfere with previous blocks rules and checks.

In effects, this makes `#authority` and `#ambient` flagging
automatic, and generalized to every block, not just the authority.
@divarvel
v2: support provisional v2 pb encoding
a21a344
@divarvel
biscuit(v2): make biscuit functions polymorphic on proof type
2b68fe5 
`validateBiscuit` and friends don't care at all about the proof type
since it has already been validated.

`serializeBiscuit` and friends already know how to handle both open
and sealed tokens, it was just a matter of automatically projecting
Open and Sealed tokens to the main case, with a little typeclass.

This allows to remove most of the `fromOpen` / `fromSealed` uses.
@divarvel
v2(biscuit): expose polymorphic biscuit types and use them in servant
54008b0 
`Biscuit'` and `BiscuitProof` where not exposed and prevented external
libs from exposing polymorphic helpers.
@divarvel
biscuit: update bench for v2
a8e107d
@divarvel
Bump libs version to 0.2.0.0
bb5deea
@divarvel
v2: rename Biscuit types and remove superfluous aliases
0473d0f 
The three layers of type aliases were hard to follow and did a
poor job of hiding the doubly-primed base types.
@divarvel
biscuit: rename ID to Term
7eb9165
@divarvel
chore: add stylish-haskell to shell.nix
ac86bf4
@divarvel
biscuit: remove now-unused samples
1fb512a
@divarvel
biscuit: store the public key when successfully checking a biscuit
6dc1e8b 
The benefits are two fold:

- when multiple public keys are available (and chosen through `rootKeyId`),
  it allows keeping track of which one was used
- the `check` type param in `Biscuit` is no longer a phantom type, and proper
  types are used, instead of promoted constructors. This removes the need for
  `DataKinds` and ticked types in user code.
@divarvel
[WIP] biscuit: return all the generated facts when verifying a biscuit
4dd27f7 
This will allow lib users to query a verified biscuit to extract
information

Todo: add tests to make sure relevant facts are there
@divarvel
doc: improve hackage docs
b6891c2 
- improved wording
- additional explanation paragraphs
- fixed code examples
- reordered exports
@divarvel
remove unused deps and relax cryptonite and memory bounds
c49c907
@divarvel
bench: follow breaking changes from biscuit-haskell
ca21ad6
@divarvel
fix: properly seal tokens and verify sealed tokens
a39b562 
The haskell lib was not computing the signature the way the spec
and the rust impl did.
@divarvel
biscuit: carry the algorithm along public keys
6277ff9 
this will pave the way for accepting different signature algorithms
@divarvel
biscuit: remove high-level helpers for biscuit hex encoding
66cd595 
The spec mandates url-compatible b64, hex was only there for internal
debugging purposes
@divarvel
biscuit: check revocation ids when parsing
f94b957 
Revocation ids are block signatures, which are available in the
outermost protobuf encoding. This allows to skip the whole parsing
altogether for already revoked biscuits
@divarvel
biscuit: relax getRevocationIds constraints
bc5d168 
It can work on any biscuit, regardless of its proof type or
verification status
@divarvel
biscuit: describe parsing combinations with a record
e3f83e3
@divarvel
biscuit: reorder exports in Auth.Biscuit
24f6c63
@divarvel
biscuit: expose helpers to specialize a biscuit
5bea736 
There were already `fromSealed` and `toSealed` to generalize
biscuits to `OpenOrSealed`. The new helpers do the opposite operation:
from an `OpenOrSealed` biscuit, they try to specialize it to
`Open` or `Sealed`.
@divarvel
biscuit: expose helpers for sealing biscuits
dcc0ea4 
The computation itself does not care about whether the biscuit
was checked or not, but the exposed helpers are monomorphic, to
avoid unknowingly consume an unchecked biscuit.
@divarvel
biscuit: expose more functions from the top-level module
5cc9e34 
Namely:

 - `seal`
 - `sealUnchecked`
 - `addBlockUnchecked`

This required removing the open import for the `Crypto` module
@divarvel
biscuit: make verifyBlocks take a forward list of blocks
4d4018e 
It used to take a backwards list (authority at the end) to make
test code easier to implement. The test code `Token` (and friends)
was moved to a test module, and `verifyBlocks` now has a more
predictable behaviour.
@divarvel
rename 'Verifier' into 'Authorizer'
49262b5
@divarvel
Checked biscuits are now Verified biscuits
cefa885 
This is more in line with the vocabulary around signature verification
@divarvel
biscuit: verifyBiscuit is now authorizeBiscuit
65fcd31
@divarvel divarvel merged commit b5d25f4 into main Oct 6, 2021
@divarvel divarvel deleted the secret-project branch October 6, 2021 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@divarvel