go/ucan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: go:v1.0.0-preview
Branches Tags
go:main go:attestation go:selfsigned go:gh-pages go:fork/alanshaw/ash/feat/invocation-test-vectors go:cont-naming go:proof-check go:v1 go:flacky-test go:match-tracing go:fix/meta-optional-in-delegation go:v1-policy-utf8-tokenizer go:v1-fix-policy-match-any go:policy-filtering go:feat/delegation/examples go:v1-policy-subset-selection go:feat/reorganize-packages go:feat/calculate-cid go:envelope go:v1-fix-policy-examples-test go:invocation go:v1.0.0-rc.1 go:b5/make-apache-mit-license
go:v1.1.0 go:v1.0.1 go:v1.0.0 go:v1.0.0-preview go:v0.7.0
..
compare: go:proof-check
Branches Tags
go:main go:attestation go:selfsigned go:gh-pages go:fork/alanshaw/ash/feat/invocation-test-vectors go:cont-naming go:proof-check go:v1 go:flacky-test go:match-tracing go:fix/meta-optional-in-delegation go:v1-policy-utf8-tokenizer go:v1-fix-policy-match-any go:policy-filtering go:feat/delegation/examples go:v1-policy-subset-selection go:feat/reorganize-packages go:feat/calculate-cid go:envelope go:v1-fix-policy-examples-test go:invocation go:v1.0.0-rc.1 go:b5/make-apache-mit-license
go:v1.1.0 go:v1.0.1 go:v1.0.0 go:v1.0.0-preview go:v0.7.0

5 Commits
v1.0.0-pre ... proof-chec

Author SHA1 Message Date
Michael Muré
fb97653529 WIP 2025-01-06 14:24:56 +01:00
Michael Muré
95bdbc4fc5 Merge pull request #95 from ucan-wg/minor-impro 
Minor impro
 2024-12-12 16:36:17 +01:00
Michael Muré
416345dba9 args,meta: add a Len() 2024-12-12 16:06:01 +01:00
Michael Muré
042d6dc52f didtest: complete the set of function, finish removing the dependency on testing.T 2024-12-12 16:05:13 +01:00
Michael Muré
8bb3a4f4d0 expose secretbox, notably for the GenerateKey() function that should be public 2024-12-12 16:04:31 +01:00
9 changed files with 60 additions and 16 deletions
Expand all files Collapse all files

17
did/didtest/crypto.go
View File

@@ -5,10 +5,8 @@ package didtest
import (
"fmt"
"testing"
"github.com/libp2p/go-libp2p/core/crypto"
"github.com/stretchr/testify/require"
"github.com/ucan-wg/go-ucan/did"
)
@@ -92,6 +90,14 @@ func (p Persona) PrivKey() crypto.PrivKey {
return res
}
func (p Persona) PrivKeyConfig() string {
res, ok := privKeyB64()[p]
if !ok {
panic(fmt.Sprintf("Unknown persona: %v", p))
}
return res
}
// PubKey returns the Ed25519 public key for the Persona.
func (p Persona) PubKey() crypto.PubKey {
return p.PrivKey().GetPublic()
@@ -99,10 +105,11 @@ func (p Persona) PubKey() crypto.PubKey {
// PubKeyConfig returns the marshaled and encoded Ed25519 public key
// for the Persona.
func (p Persona) PubKeyConfig(t *testing.T) string {
func (p Persona) PubKeyConfig() string {
pubKeyMar, err := crypto.MarshalPublicKey(p.PrivKey().GetPublic())
require.NoError(t, err)
if err != nil {
panic(err)
}
return crypto.ConfigEncodeKey(pubKeyMar)
}

5
pkg/args/args.go
View File

@@ -92,6 +92,11 @@ func (a *Args) Include(other Iterator) {
}
}
// Len return the number of arguments.
func (a *Args) Len() int {
return len(a.Keys)
}
// Iter iterates over the args key/values
func (a *Args) Iter() iter.Seq2[string, ipld.Node] {
return func(yield func(string, ipld.Node) bool) {

4
pkg/args/readonly.go
View File

@@ -14,6 +14,10 @@ func (r ReadOnly) GetNode(key string) (ipld.Node, error) {
return r.args.GetNode(key)
}
func (r ReadOnly) Len() int {
return r.args.Len()
}
func (r ReadOnly) Iter() iter.Seq2[string, ipld.Node] {
return r.args.Iter()
}

15
pkg/meta/meta.go
View File

@@ -10,8 +10,8 @@ import (
"github.com/ipld/go-ipld-prime"
"github.com/ipld/go-ipld-prime/printer"
"github.com/ucan-wg/go-ucan/pkg/meta/internal/crypto"
"github.com/ucan-wg/go-ucan/pkg/policy/literal"
"github.com/ucan-wg/go-ucan/pkg/secretbox"
)
var ErrNotFound = errors.New("key not found in meta")
@@ -63,7 +63,7 @@ func (m *Meta) GetEncryptedString(key string, encryptionKey []byte) (string, err
return "", err
}
decrypted, err := crypto.DecryptStringWithKey(v, encryptionKey)
decrypted, err := secretbox.DecryptStringWithKey(v, encryptionKey)
if err != nil {
return "", err
}
@@ -111,7 +111,7 @@ func (m *Meta) GetEncryptedBytes(key string, encryptionKey []byte) ([]byte, erro
return nil, err
}
decrypted, err := crypto.DecryptStringWithKey(v, encryptionKey)
decrypted, err := secretbox.DecryptStringWithKey(v, encryptionKey)
if err != nil {
return nil, err
}
@@ -157,12 +157,12 @@ func (m *Meta) AddEncrypted(key string, val any, encryptionKey []byte) error {
switch val := val.(type) {
case string:
encrypted, err = crypto.EncryptWithKey([]byte(val), encryptionKey)
encrypted, err = secretbox.EncryptWithKey([]byte(val), encryptionKey)
if err != nil {
return err
}
case []byte:
encrypted, err = crypto.EncryptWithKey(val, encryptionKey)
encrypted, err = secretbox.EncryptWithKey(val, encryptionKey)
if err != nil {
return err
}
@@ -192,6 +192,11 @@ func (m *Meta) Include(other Iterator) {
}
}
// Len returns the number of key/values.
func (m *Meta) Len() int {
return len(m.Values)
}
// Iter iterates over the meta key/values
func (m *Meta) Iter() iter.Seq2[string, ipld.Node] {
return func(yield func(string, ipld.Node) bool) {

4
pkg/meta/readonly.go
View File

@@ -43,6 +43,10 @@ func (r ReadOnly) GetNode(key string) (ipld.Node, error) {
return r.meta.GetNode(key)
}
func (r ReadOnly) Len() int {
return r.meta.Len()
}
func (r ReadOnly) Iter() iter.Seq2[string, ipld.Node] {
return r.meta.Iter()
}

2
pkg/meta/internal/crypto/secretbox.go → pkg/secretbox/secretbox.go
View File

@@ -1,4 +1,4 @@
package crypto
package secretbox
import (
"crypto/rand"

2
pkg/meta/internal/crypto/secretbox_test.go → pkg/secretbox/secretbox_test.go
View File

@@ -1,4 +1,4 @@
package crypto
package secretbox
import (
"bytes"

19
token/delegation/delegation.go
View File

@@ -172,6 +172,25 @@ func (t *Token) IsValidAt(ti time.Time) bool {
return true
}
// Covers indicate if this token has the power to allow the given sub-delegation.
// This function only verifies the principals alignment
func (t *Token) Covers(subDelegation *Token) bool {
// The Subject of each delegation must equal the invocation's Subject (or Audience if defined). - 4f
if t.Subject() != sub {
return fmt.Errorf("%w: delegation %s, expected %s, got %s", ErrWrongSub, dlgCid, sub, dlg.Subject())
}
// The Issuer of each delegation must be the Audience in the next one. - 4d
if t.Audience() != subDelegation.Issuer() {
return fmt.Errorf("%w: delegation %s, expected %s, got %s", ErrBrokenChain, dlgCid, iss, dlg.Audience())
}
// The command of each delegation must "allow" the one before it. - 4g
if !dlg.Command().Covers(cmd) {
return fmt.Errorf("%w: delegation %s, %s doesn't cover %s", ErrCommandNotCovered, dlgCid, dlg.Command(), cmd)
}
}
func (t *Token) String() string {
var res strings.Builder

8
token/invocation/proof.go
View File

@@ -37,9 +37,9 @@ import (
// 4. When the proof chain is being validated (verifyProofs below):
// a. There must be at least one delegation in the proof chain.
// b. All referenced delegations must be available.
// c. The first proof must be issued to the Invoker (audience DID).
// d. The Issuer of each delegation must be the Audience in the next one.
// e. The last token must be a root delegation.
// c. The first proof must be issued to the Invoker.
// d. The Issuer of each delegation must be the Audience in the parent delegation.
// e. The chain must terminate with a root delegation.
// f. The Subject of each delegation must equal the invocation's Subject (or Audience if defined)
// g. The command of each delegation must "allow" the one before it.
//
@@ -72,7 +72,7 @@ func (t *Token) verifyProofs(delegations []*delegation.Token) error {
return fmt.Errorf("%w: delegation %s, expected %s, got %s", ErrWrongSub, dlgCid, sub, dlg.Subject())
}
// The first proof must be issued to the Invoker (audience DID). - 4c
// The first proof must be issued to the Invoker. - 4c
// The Issuer of each delegation must be the Audience in the next one. - 4d
if dlg.Audience() != iss {
return fmt.Errorf("%w: delegation %s, expected %s, got %s", ErrBrokenChain, dlgCid, iss, dlg.Audience())