Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

biscuit v2 #19

Merged
merged 39 commits into from
Oct 6, 2021
Merged
Changes from 1 commit
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
08771b4
v2: add support for new crypto
divarvel Aug 30, 2021
afa8009
make running ghcid easier through the Makefile
divarvel Sep 1, 2021
b2bbf55
v2: introduce a scoped executor for Datalog
divarvel Sep 1, 2021
a21a344
v2: support provisional v2 pb encoding
divarvel Sep 2, 2021
755c8e7
v2: remove v1 support and expose v2 primitives
divarvel Sep 4, 2021
908f81c
biscuit(parser): allow empty blocks & verifiers
divarvel Sep 7, 2021
690172c
v2(biscuit): remove support for symbols and update tests accordingly
divarvel Sep 7, 2021
9ce5541
v2(biscuit): add compliance checks based on the published samples
divarvel Sep 7, 2021
f08c514
v2(servant): update library and examples for biscuit v2
divarvel Sep 7, 2021
594ff8a
v2(biscuit): cleanup modules and export lists
divarvel Sep 7, 2021
2b68fe5
biscuit(v2): make biscuit functions polymorphic on proof type
divarvel Sep 7, 2021
54008b0
v2(biscuit): expose polymorphic biscuit types and use them in servant
divarvel Sep 7, 2021
a8e107d
biscuit: update bench for v2
divarvel Sep 8, 2021
bb5deea
Bump libs version to 0.2.0.0
divarvel Sep 8, 2021
0473d0f
v2: rename Biscuit types and remove superfluous aliases
divarvel Sep 8, 2021
7eb9165
biscuit: rename `ID` to `Term`
divarvel Sep 19, 2021
ac86bf4
chore: add stylish-haskell to shell.nix
divarvel Sep 19, 2021
1fb512a
biscuit: remove now-unused samples
divarvel Sep 19, 2021
6dc1e8b
biscuit: store the public key when successfully checking a biscuit
divarvel Sep 19, 2021
4dd27f7
[WIP] biscuit: return all the generated facts when verifying a biscuit
divarvel Sep 19, 2021
b6891c2
doc: improve hackage docs
divarvel Sep 23, 2021
c49c907
remove unused deps and relax cryptonite and memory bounds
divarvel Sep 24, 2021
ca21ad6
bench: follow breaking changes from biscuit-haskell
divarvel Sep 24, 2021
a39b562
fix: properly seal tokens and verify sealed tokens
divarvel Sep 25, 2021
6277ff9
biscuit: carry the algorithm along public keys
divarvel Sep 25, 2021
66cd595
biscuit: remove high-level helpers for biscuit hex encoding
divarvel Sep 25, 2021
f94b957
biscuit: check revocation ids when parsing
divarvel Sep 25, 2021
4f2efef
servant: add ghcid make targets
divarvel Sep 25, 2021
bc5d168
biscuit: relax `getRevocationIds` constraints
divarvel Sep 25, 2021
e3f83e3
biscuit: describe parsing combinations with a record
divarvel Sep 27, 2021
24f6c63
biscuit: reorder exports in `Auth.Biscuit`
divarvel Oct 1, 2021
5bea736
biscuit: expose helpers to specialize a biscuit
divarvel Oct 1, 2021
dcc0ea4
biscuit: expose helpers for sealing biscuits
divarvel Oct 1, 2021
5cc9e34
biscuit: expose more functions from the top-level module
divarvel Oct 1, 2021
4d4018e
biscuit: make `verifyBlocks` take a forward list of blocks
divarvel Oct 1, 2021
49262b5
rename 'Verifier' into 'Authorizer'
divarvel Oct 1, 2021
cefa885
Checked biscuits are now Verified biscuits
divarvel Oct 1, 2021
65fcd31
biscuit: `verifyBiscuit` is now `authorizeBiscuit`
divarvel Oct 2, 2021
9e965c3
biscuit: update samples following the s/verifier/authorizer/ change
divarvel Oct 6, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
v2: support provisional v2 pb encoding
  • Loading branch information
divarvel committed Sep 2, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit a21a344808a755bb761dd9a7019e72801fa837d1
1 change: 1 addition & 0 deletions biscuit/biscuit-haskell.cabal
Original file line number Diff line number Diff line change
@@ -32,6 +32,7 @@ library
Auth.Biscuit.Datalog.ScopedExecutor
Auth.Biscuit.Example
Auth.Biscuit.Proto
Auth.Biscuit.Proto2
Auth.Biscuit.ProtoBufAdapter
Auth.Biscuit.Sel
Auth.Biscuit.Timer
259 changes: 259 additions & 0 deletions biscuit/src/Auth/Biscuit/Proto2.hs
Original file line number Diff line number Diff line change
@@ -0,0 +1,259 @@
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DerivingStrategies #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-|
Module : Auth.Biscuit.Proto
Copyright : © Clément Delafargue, 2021
License : MIT
Maintainer : clement@delafargue.name
Haskell data structures mapping the biscuit protobuf definitions
-}

module Auth.Biscuit.Proto2
( Biscuit (..)
, Block (..)
, FactV2 (..)
, RuleV2 (..)
, CheckV2 (..)
, PredicateV2 (..)
, IDV2 (..)
, ExpressionV2 (..)
, IDSet (..)
, Op (..)
, OpUnary (..)
, UnaryKind (..)
, OpBinary (..)
, BinaryKind (..)
, OpTernary (..)
, TernaryKind (..)
, getField
, putField
, decodeBlockList
, decodeBlock
, encodeBlockList
, encodeBlock
) where

import Data.ByteString (ByteString)
import Data.Int
import Data.ProtocolBuffers
import Data.Serialize
import Data.Text
import GHC.Generics (Generic)

data Biscuit = Biscuit
{ rootKeyId :: Optional 1 (Value Int32)
, authority :: Required 2 (Value ByteString)
, blocks :: Repeated 3 (Message SignedBlock)
, proof :: Required 4 (Message Proof)
} deriving (Generic, Show)
deriving anyclass (Decode, Encode)

data Proof =
ProofSecret (Required 1 (Value ByteString))
| ProofSignature (Required 2 (Value ByteString))
deriving (Generic, Show)
deriving anyclass (Decode, Encode)

data SignedBlock = SignedBlock
{ block :: Required 1 (Value ByteString)
, nextKey :: Required 2 (Value ByteString)
, signature :: Required 3 (Value ByteString)
}
deriving (Generic, Show)
deriving anyclass (Decode, Encode)

data Block = Block {
index :: Required 1 (Value Int32)
, symbols :: Repeated 2 (Value Text)
, context :: Optional 6 (Value Text)
, version :: Optional 7 (Value Int32)
, facts_v2 :: Repeated 8 (Message FactV2)
, rules_v2 :: Repeated 9 (Message RuleV2)
, checks_v2 :: Repeated 10 (Message CheckV2)
} deriving (Generic, Show)
deriving anyclass (Decode, Encode)

newtype FactV2 = FactV2
{ predicate :: Required 1 (Message PredicateV2)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data RuleV2 = RuleV2
{ head :: Required 1 (Message PredicateV2)
, body :: Repeated 2 (Message PredicateV2)
, expressions :: Repeated 3 (Message ExpressionV2)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

newtype CheckV2 = CheckV2
{ queries :: Repeated 1 (Message RuleV2)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data PredicateV2 = PredicateV2
{ name :: Required 1 (Value Int64)
, ids :: Repeated 2 (Message IDV2)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data IDV2 =
IDSymbol (Required 1 (Value Int64))
| IDVariable (Required 2 (Value Int32))
| IDInteger (Required 3 (Value Int64))
| IDString (Required 4 (Value Text))
| IDDate (Required 5 (Value Int64))
| IDBytes (Required 6 (Value ByteString))
| IDBool (Required 7 (Value Bool))
| IDIDSet (Required 8 (Message IDSet))
deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)


newtype IDSet = IDSet
{ set :: Repeated 1 (Message IDV2)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

type CV2Id = Required 1 (Value Int32)
data ConstraintV2 =
CV2Int CV2Id (Required 2 (Message IntConstraintV2))
| CV2String CV2Id (Required 3 (Message StringConstraintV2))
| CV2Date CV2Id (Required 4 (Message DateConstraintV2))
| CV2Symbol CV2Id (Required 5 (Message SymbolConstraintV2))
| CV2Bytes CV2Id (Required 6 (Message BytesConstraintV2))
deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data IntConstraintV2 =
ICV2LessThan (Required 1 (Value Int64))
| ICV2GreaterThan (Required 2 (Value Int64))
| ICV2LessOrEqual (Required 3 (Value Int64))
| ICV2GreaterOrEqual (Required 4 (Value Int64))
| ICV2Equal (Required 5 (Value Int64))
| ICV2InSet (Required 6 (Message IntSet))
| ICV2NotInSet (Required 7 (Message IntSet))
deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

newtype IntSet = IntSet
{ set :: Packed 7 (Value Int64)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data StringConstraintV2 =
SCV2Prefix (Required 1 (Value Text))
| SCV2Suffix (Required 2 (Value Text))
| SCV2Equal (Required 3 (Value Text))
| SCV2InSet (Required 4 (Message StringSet))
| SCV2NotInSet (Required 5 (Message StringSet))
| SCV2Regex (Required 6 (Value Text))
deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

newtype StringSet = StringSet
{ set :: Repeated 1 (Value Text)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data DateConstraintV2 =
DCV2Before (Required 1 (Value Int64))
| DCV2After (Required 2 (Value Int64))
deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data SymbolConstraintV2 =
SyCV2InSet (Required 1 (Message SymbolSet))
| SyCV2NotInSet (Required 2 (Message SymbolSet))
deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

newtype SymbolSet = SymbolSet
{ set :: Packed 1 (Value Int64)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)


data BytesConstraintV2 =
BCV2Equal (Required 1 (Value ByteString))
| BCV2InSet (Required 2 (Message BytesSet))
| BCV2NotInSet (Required 3 (Message BytesSet))
deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

newtype BytesSet = BytesSet
{ set :: Repeated 1 (Value ByteString)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

newtype ExpressionV2 = ExpressionV2
{ ops :: Repeated 1 (Message Op)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data Op =
OpVValue (Required 1 (Message IDV2))
| OpVUnary (Required 2 (Message OpUnary))
| OpVBinary (Required 3 (Message OpBinary))
| OpVTernary (Required 4 (Message OpTernary))
deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data UnaryKind = Negate | Parens | Length
deriving stock (Show, Enum, Bounded)

newtype OpUnary = OpUnary
{ kind :: Required 1 (Enumeration UnaryKind)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data BinaryKind =
LessThan
| GreaterThan
| LessOrEqual
| GreaterOrEqual
| Equal
| Contains
| Prefix
| Suffix
| Regex
| Add
| Sub
| Mul
| Div
| And
| Or
| Intersection
| Union
| SignEd25519
deriving stock (Show, Enum, Bounded)

newtype OpBinary = OpBinary
{ kind :: Required 1 (Enumeration BinaryKind)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

data TernaryKind =
VerifyEd25519Signature
deriving stock (Show, Enum, Bounded)

newtype OpTernary = OpTernary
{ kind :: Required 1 (Enumeration TernaryKind)
} deriving stock (Generic, Show)
deriving anyclass (Decode, Encode)

decodeBlockList :: ByteString
-> Either String Biscuit
decodeBlockList = runGet decodeMessage

decodeBlock :: ByteString
-> Either String Block
decodeBlock = runGet decodeMessage

encodeBlockList :: Biscuit -> ByteString
encodeBlockList = runPut . encodeMessage

encodeBlock :: Block -> ByteString
encodeBlock = runPut . encodeMessage