Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

biscuit v2 #19

Merged
merged 39 commits into from
Oct 6, 2021
Merged
Changes from 1 commit
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
08771b4
v2: add support for new crypto
divarvel Aug 30, 2021
afa8009
make running ghcid easier through the Makefile
divarvel Sep 1, 2021
b2bbf55
v2: introduce a scoped executor for Datalog
divarvel Sep 1, 2021
a21a344
v2: support provisional v2 pb encoding
divarvel Sep 2, 2021
755c8e7
v2: remove v1 support and expose v2 primitives
divarvel Sep 4, 2021
908f81c
biscuit(parser): allow empty blocks & verifiers
divarvel Sep 7, 2021
690172c
v2(biscuit): remove support for symbols and update tests accordingly
divarvel Sep 7, 2021
9ce5541
v2(biscuit): add compliance checks based on the published samples
divarvel Sep 7, 2021
f08c514
v2(servant): update library and examples for biscuit v2
divarvel Sep 7, 2021
594ff8a
v2(biscuit): cleanup modules and export lists
divarvel Sep 7, 2021
2b68fe5
biscuit(v2): make biscuit functions polymorphic on proof type
divarvel Sep 7, 2021
54008b0
v2(biscuit): expose polymorphic biscuit types and use them in servant
divarvel Sep 7, 2021
a8e107d
biscuit: update bench for v2
divarvel Sep 8, 2021
bb5deea
Bump libs version to 0.2.0.0
divarvel Sep 8, 2021
0473d0f
v2: rename Biscuit types and remove superfluous aliases
divarvel Sep 8, 2021
7eb9165
biscuit: rename `ID` to `Term`
divarvel Sep 19, 2021
ac86bf4
chore: add stylish-haskell to shell.nix
divarvel Sep 19, 2021
1fb512a
biscuit: remove now-unused samples
divarvel Sep 19, 2021
6dc1e8b
biscuit: store the public key when successfully checking a biscuit
divarvel Sep 19, 2021
4dd27f7
[WIP] biscuit: return all the generated facts when verifying a biscuit
divarvel Sep 19, 2021
b6891c2
doc: improve hackage docs
divarvel Sep 23, 2021
c49c907
remove unused deps and relax cryptonite and memory bounds
divarvel Sep 24, 2021
ca21ad6
bench: follow breaking changes from biscuit-haskell
divarvel Sep 24, 2021
a39b562
fix: properly seal tokens and verify sealed tokens
divarvel Sep 25, 2021
6277ff9
biscuit: carry the algorithm along public keys
divarvel Sep 25, 2021
66cd595
biscuit: remove high-level helpers for biscuit hex encoding
divarvel Sep 25, 2021
f94b957
biscuit: check revocation ids when parsing
divarvel Sep 25, 2021
4f2efef
servant: add ghcid make targets
divarvel Sep 25, 2021
bc5d168
biscuit: relax `getRevocationIds` constraints
divarvel Sep 25, 2021
e3f83e3
biscuit: describe parsing combinations with a record
divarvel Sep 27, 2021
24f6c63
biscuit: reorder exports in `Auth.Biscuit`
divarvel Oct 1, 2021
5bea736
biscuit: expose helpers to specialize a biscuit
divarvel Oct 1, 2021
dcc0ea4
biscuit: expose helpers for sealing biscuits
divarvel Oct 1, 2021
5cc9e34
biscuit: expose more functions from the top-level module
divarvel Oct 1, 2021
4d4018e
biscuit: make `verifyBlocks` take a forward list of blocks
divarvel Oct 1, 2021
49262b5
rename 'Verifier' into 'Authorizer'
divarvel Oct 1, 2021
cefa885
Checked biscuits are now Verified biscuits
divarvel Oct 1, 2021
65fcd31
biscuit: `verifyBiscuit` is now `authorizeBiscuit`
divarvel Oct 2, 2021
9e965c3
biscuit: update samples following the s/verifier/authorizer/ change
divarvel Oct 6, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix: properly seal tokens and verify sealed tokens
The haskell lib was not computing the signature the way the spec
and the rust impl did.
  • Loading branch information
divarvel committed Sep 25, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit a39b562f6d9082475b458748221fdc007a3bd419
4 changes: 2 additions & 2 deletions biscuit/src/Auth/Biscuit/Crypto.hs
Original file line number Diff line number Diff line change
@@ -82,7 +82,7 @@ getSignatureProof :: SignedBlock -> SecretKey -> Signature
getSignatureProof (lastPayload, lastSig, lastPk) nextSecret =
let sk = nextSecret
pk = toPublic nextSecret
toSign = lastPayload <> convert lastSig <> convert lastPk
toSign = lastPayload <> convert lastPk <> convert lastSig
in sign sk pk toSign

seal :: Token -> SealedToken
@@ -140,7 +140,7 @@ verifySignatureProof :: Signature
-> SignedBlock
-> Bool
verifySignatureProof extraSig (lastPayload, lastSig, lastPk) =
let toSign = lastPayload <> convert lastSig <> convert lastPk
let toSign = lastPayload <> convert lastPk <> convert lastSig
in verify lastPk toSign extraSig

verifySealedToken :: SealedToken
46 changes: 46 additions & 0 deletions biscuit/test/samples/v2/samples.json
Original file line number Diff line number Diff line change
@@ -829,6 +829,52 @@
"verifier_code": "operation(\"write\");\n"
}
}
},
{
"title": "sealed token",
"filename": "test20_sealed.bc",
"token": [
{
"symbols": [
"file1",
"read",
"file2",
"write"
],
"code": "right(\"file1\", \"read\");\nright(\"file2\", \"read\");\nright(\"file1\", \"write\");\n"
},
{
"symbols": [
"check1",
"0"
],
"code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n"
}
],
"validations": {
"": {
"world": {
"facts": [
"operation(\"read\")",
"resource(\"file1\")",
"revocation_id(0, hex:b0eb17f363e71adaac3a571d2b813321414dd9dc8714a767185a862575bd16a6b73b19655ffe1c6dcbb75c35715b3298ae29595287cbc8fafeb4d676292d3b02)",
"revocation_id(1, hex:7e57a5130b5ccf8383cb74e60ebb240ac5339433fd6cc4b904c7583bd522a404fd391fc09138b3a8fa73a58d4facd05577f4e72acb7ef36be7e0dc885272ad00)",
"right(\"file1\", \"read\")",
"right(\"file1\", \"write\")",
"right(\"file2\", \"read\")"
],
"rules": [],
"checks": [],
"policies": [
"allow if true"
]
},
"result": {
"Ok": 0
},
"verifier_code": "resource(\"file1\");\noperation(\"read\");\n"
}
}
}
]
}
Binary file added biscuit/test/samples/v2/test20_sealed.bc
Binary file not shown.