diff --git a/biscuit-auth/Cargo.toml b/biscuit-auth/Cargo.toml index 7fde0bd8..a4c24611 100644 --- a/biscuit-auth/Cargo.toml +++ b/biscuit-auth/Cargo.toml @@ -24,7 +24,7 @@ docsrs = [] uuid = ["dep:uuid"] [dependencies] -rand_core = "^0.5" +rand_core = "^0.6" sha2 = "^0.9" prost = "0.10" prost-types = "0.10" @@ -33,11 +33,11 @@ nom = {version = "7", default-features = false, features = ["std"] } hex = "0.4" zeroize = { version = "1", default-features = false } thiserror = "1" -rand = { version = "0.7" } +rand = { version = "0.8" } inline-c = { version = "0.1", optional = true } wasm-bindgen = { version = "0.2", optional = true } base64 = "0.13.0" -ed25519-dalek = "1.0.1" +ed25519-dalek = { version = "2.0.0", features = ["rand_core", "zeroize"] } serde = { version = "1.0.132", optional = true, features = ["derive"] } getrandom = { version = "0.1.16" } time = { version = "0.3.7", features = ["formatting", "parsing"] } @@ -48,7 +48,7 @@ biscuit-quote = { version = "0.2.1", optional = true, path = "../biscuit-quote" [dev-dependencies] bencher = "0.1.5" -rand = "0.7" +rand = "0.8" colored-diff = "0.2.3" prost-build = "0.10" serde = { version = "1.0.130", features = ["derive"] } diff --git a/biscuit-auth/samples/README.md b/biscuit-auth/samples/README.md index 6fbc3a73..0f915a7b 100644 --- a/biscuit-auth/samples/README.md +++ b/biscuit-auth/samples/README.md @@ -1,7 +1,7 @@ # Biscuit samples and expected results -root secret key: 12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a -root public key: acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189 +root secret key: 99e87b0e9158531eeeb503ff15266e2b23c2a2507b138c9d1b1f2ab458df2d61 +root public key: 1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284 ------------------------------ @@ -38,8 +38,8 @@ allow if true; ``` revocation ids: -- `36d2d7cf28796c69a0ed6dfa0fde5b3ffb2f637f0ba19aa1da858353e88678ad945ebaaa566a050b8abe8adb5b873855900b157e1e5f1cc11047a14385e5a203` -- `b694af382e2115df7d02bb88a75b9c0cdcb9e51c23dea082c306b1b7a26dfe9a3ca7ba7ca3a8089e7b88bb3718ff0294c2a0dc6b5b810f64462e89393ff35e05` +- `7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03` +- `45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d` authorizer world: ``` @@ -291,9 +291,9 @@ allow if true; ``` revocation ids: -- `9ff0d3b8dcd5235b5d88e17a21d5c789953e3bf4769ee40f34d4bc276b8672858504f6ae8098c43328a1e60589d7efc0e5fd2ec70a229904a1c493262d498c09` -- `9e82a5f203e17d0515af7486599c1608d82a41c8e8cfe4457cb30c0eb62273d89970a2316223ccfdb64a49214762e80e82938531a2e0dc462f14ff52205e9107` -- `c24b1da5ece026338fd3175648e443b97dce52659efe47881583cd35574670b21abdb345ebd0adf095620d8d7b805028fdcb480c24170d34e023e3a8df29fb04` +- `4d86c9af808dc2e0583f47282e6f5df3e09dc264d5231ec360b4519e15ddaeec60b25a9bbcb22e8d192f4d36a0da3f9243711e30535b00ee55c53cb1395f230a` +- `63208c668c66f3ba6927140ba37533593b25e03459447805d4b2a8b75adeef45794c3d7249afe506ed77ccee276160bb4052a4009302bd34871a440f070b4509` +- `d8da982888eae8c038e4894a8c06fc57d8e5f06ad2e972b9cf4bde49ad60804558a0d1938192596c702d8e4f7f12ec19201d7c33d0cd77774a0d879a33880d02` authorizer world: ``` @@ -399,9 +399,9 @@ allow if true; ``` revocation ids: -- `ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603` -- `3a69659a56d933ea7bf2dc4ccab997ed0bec6ce26b178ec24a9ec0d2fc006bcf31eae762f17cb5862457459b3d5ae9c17845dcf45f8cf0acd774e06f6b7d620d` -- `c0f06ebdf58b5e17b150e7306a9361667a6a6d9945c1d478b4e8d9fac1869bd7726ef57e5cb9de95fe48718984e7dce617d5394caf25822cd646310affb2a202` +- `a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00` +- `77df45442be86a416aa02fd9d98d6d4703c634a9e3b1d293b41f5dc97849afbe7faeec8c22a210574888acc008fb64fe691ec9e8d2655586f970d9a6b6577000` +- `b31398aefe97d3db41ebc445760f216fb3aa7bf7439adcfc3a07489bfcc163970af3f4e20f5460aa24cf841101a5ab114d21acc0ee8d442bae7793b121284900` authorizer world: ``` @@ -484,8 +484,8 @@ allow if true; ``` revocation ids: -- `ceb1a909c91d558a962c23d9d1c60aa06279f9dff1cc546ca6b2b6bf17db6fe4a03a04e9c1ed9131b7c6f3e609d5f17abab289909ae46f5e66f8876a5946a20c` -- `8419da0abe321d3a830ffc93aa159140138a2c4b61dfd4b05328b69567aae23d357764672d114940cabb9bd465c4d2d4766e52c8805b0acdccc22b60e00c860c` +- `c248907bb6e5f433bbb5edf6367b399ebefca0d321d0b2ea9fc67f66dc1064ce926adb0c05d90c3e8a2833328b3578f79c4e1bca43583d9bcfb2ba6c37303d00` +- `a4edf7aaea8658bb9ae19b3ffe2adcc77cc9f16c249aeb0a85a584b5362f89f27f7c67ac0af16d7170673d6d1fb1563d1934b25ec5a461f6c01fa49805cd5e07` authorizer world: ``` @@ -560,8 +560,8 @@ allow if true; ``` revocation ids: -- `ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603` -- `d1d56ea3c9469186fe32f56a2c488b31b2dead6701ce833d521d2b1f223355edb058839c68ea6b50af02e2ffa4b92d80116b25f1cb0623b6685cb3415677970a` +- `a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00` +- `966eceb2aa937c41b25368808bab6e0698c02a4038de669d007c9c3d43602638a640083558d1576ac80cf3eb2ac6a7585527e0f6c1a65402f0935cf7f4df8005` authorizer world: ``` @@ -636,7 +636,7 @@ allow if true; ``` revocation ids: -- `ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603` +- `a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00` authorizer world: ``` @@ -701,7 +701,7 @@ allow if true; ``` revocation ids: -- `bc15caa9476568fef796c13385d0cf455df66a0b1aa2be7980549f69aa5a4a7864555d94ddd64c652c7c24c191298dd5c0ca1aadb638ffd91971d15edee0aa07` +- `6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a` authorizer world: ``` @@ -742,7 +742,7 @@ allow if true; ``` revocation ids: -- `bc15caa9476568fef796c13385d0cf455df66a0b1aa2be7980549f69aa5a4a7864555d94ddd64c652c7c24c191298dd5c0ca1aadb638ffd91971d15edee0aa07` +- `6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a` authorizer world: ``` @@ -811,8 +811,8 @@ allow if true; ``` revocation ids: -- `58a9aead6684468383ba121d1d1ba6a2dd087f41240ecb3b8229587b7717630d5db86e230c4aa3a6da802f04483da06ae4cb71c7c35f30207550be4450787601` -- `745941a089e3e4efc479ac8d934fc0f95d9add8dca119c68e2ef34dfb285385396ad9b2d2cf6633894c234b1b9c854978be6788ca05262e3d2362e82f984b605` +- `c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006` +- `a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00` authorizer world: ``` @@ -891,8 +891,8 @@ allow if true; ``` revocation ids: -- `58a9aead6684468383ba121d1d1ba6a2dd087f41240ecb3b8229587b7717630d5db86e230c4aa3a6da802f04483da06ae4cb71c7c35f30207550be4450787601` -- `745941a089e3e4efc479ac8d934fc0f95d9add8dca119c68e2ef34dfb285385396ad9b2d2cf6633894c234b1b9c854978be6788ca05262e3d2362e82f984b605` +- `c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006` +- `a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00` authorizer world: ``` @@ -977,7 +977,7 @@ allow if true; ``` revocation ids: -- `7d2e7c6bc4878efcdb7f704948e668fcf5338cb1e4eeb5f0434944ace98597652f062d67e2ebdb47fe2c7b17d40f0d8a2386cb2d753fb430168be5e0b5fd410b` +- `da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07` authorizer world: ``` @@ -1011,7 +1011,7 @@ allow if true; ``` revocation ids: -- `7d2e7c6bc4878efcdb7f704948e668fcf5338cb1e4eeb5f0434944ace98597652f062d67e2ebdb47fe2c7b17d40f0d8a2386cb2d753fb430168be5e0b5fd410b` +- `da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07` authorizer world: ``` @@ -1061,7 +1061,7 @@ allow if true; ``` revocation ids: -- `e2c762315434ccc9194e012e47e75afb3329a46488a468d75d776b5a502ee5930d04750ae7b1836617fe07051bd92d4ce8336d662da4ca9ce9e9d4f4af5be70d` +- `b0d466d31e015fa85a075fa875f7e1c9017edd503fee9f62a5f033e1fcfa811074b6e39dfe5af2f452043db97a3f98650592a370f5685b62c5d6abf9dd10b603` authorizer world: ``` @@ -1120,8 +1120,8 @@ allow if true; ``` revocation ids: -- `812958ef3b43273b2c8e88bb13d0f91f0a8f5bf95544f79dafdaff07d89bd551baca72f83589b9e89120b0dc41c0f4b10678f03dd1b3ac0422e16074ff396b08` -- `51c0e278bed1085afe45519aa60d5b4b9e13f1819dadb38fb5854ed3a599bfe18485d8f396219540bd17bfb9f46ab3c407a4ac51ebf88734b4f2fb56b24a6e01` +- `ce6f804f4390e693a8853d9a4a10bd4f3c94b86b7c6d671993a6e19346bc4d20bbb52cc945e5d0d02e4e75fa5da2caa99764050190353564a0a0b4b276809402` +- `916d566cc724e0773046fc5266e9d0d804311435b8d6955b332f823ab296be9a78dfea190447732ac9f6217234cf5726becf88f65169c6de56a766af55451b0f` authorizer world: ``` @@ -1209,7 +1209,7 @@ allow if true; ``` revocation ids: -- `a0fdd27c0d21292a4d944a86a9e97cfee7513969a209729ebcff2dec50b8725816dad3b9d7fc004d3f6dc705399c303c1a76a8b955a5f23d2045132b68b4d50b` +- `f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e` authorizer world: ``` @@ -1326,8 +1326,8 @@ allow if true; ``` revocation ids: -- `6d79797e655457166810826d7c398bc75ac4896d8de80650298796faf0aaf67f2abb80c46efdd915a210c9401bc41c75f3a7c19bebe4c02be9c991fae62b8808` -- `f7d3f3eadd83cc30aa3c0a9b8288d44b9107b5a099e52da6447fdb7aca5d00cd58add7b7b12b3fb73bd9b664f33ed207d91efcda2d05523cb9b8db0e9bca0502` +- `a44210c6a01e55eadefc7d8540c2e6eff80ab6eeedde4751de734f9d780435780680d3f42d826b7e0f0dcf4a5ba303fd4c116984bb30978813d46ed867924307` +- `d3f8822a9b9bc0ee3933283c493ca9e711be5dd8339b5fe2eba1de3805aad4e84d3e2fb4affb4a743f1289915c167582b9425343635e45b70573ea1ee7a1ea03` authorizer world: ``` @@ -1405,8 +1405,8 @@ allow if true; ``` revocation ids: -- `36d2d7cf28796c69a0ed6dfa0fde5b3ffb2f637f0ba19aa1da858353e88678ad945ebaaa566a050b8abe8adb5b873855900b157e1e5f1cc11047a14385e5a203` -- `b694af382e2115df7d02bb88a75b9c0cdcb9e51c23dea082c306b1b7a26dfe9a3ca7ba7ca3a8089e7b88bb3718ff0294c2a0dc6b5b810f64462e89393ff35e05` +- `7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03` +- `45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d` authorizer world: ``` @@ -1486,7 +1486,7 @@ allow if true; ``` revocation ids: -- `6a945aca807c25971cc4b711cd6364141fdaf4cee013022416f22986240238cc029b5ae41eb5c5b8a461b0d6063329132b5bac91ca8b51e82829a2b6a273150d` +- `d4b2f417b6e906434fdf5058afcabfcb98d3628f814f1c9dd7e64250d9beec4465aff51bd0cb2e85d0e67dc9f613c2a42af6158c678bc6f8b4684cd3a2d0d302` authorizer world: ``` @@ -1565,7 +1565,7 @@ allow if true; ``` revocation ids: -- `23183284bdad88fbf5b4cbaed2218cf0a38d7e360f3ac401d6337eecf36e8da1ce15eda6d11fe94c20c344f687327d9338a0e863f98c9a14576739533d2fb804` +- `75ce48d496fd28f99905901783a1ba46d7ff8d69f9d364d1546fd73006026eae51849ad1190a4ae521a0a1269f9c6951e226afba8fcd24fa50f679162439ae09` authorizer world: ``` @@ -1850,9 +1850,9 @@ allow if true; ``` revocation ids: -- `8c94b6f3a2cbe086a7df1135f04c7b88b4a8d6b4f595cd963e8f2a36b9c1edb551f1b0360f7995eec8ea8c846847fba53932f5e70aaee7783a852c83c08dd80b` -- `ce286369809e4f4a6e2d6b95ba6c19af28c3694ffd408d09ee292c0233a3d73e3257151d6099177ae61aa71cfb91f85b3ccac80952bf5d34c9e807c5e4cf2c04` -- `9bc1209ffa1e11d5fd3fe3811e55893e6c5a94d56e5835e83f7a84142db50642899b92705a32ab64a375e36e665564607cbf50d6366682b5381849f8e8b3340a` +- `f9b49866caef5ece7be14ec5a9b36d98ca81d06b306eb0b4c57cd7436af176f40ee972f40903f87ec4460ab8b1adfcbfa9b19b20a6955a1e8dae7d88b2076005` +- `889054b9119e4440e54da1b63266a98d0f6646cde195fef206efd8b133cfb2ee7be49b32a9a5925ece452e64f9e6f6d80dab422e916c599675dd68cdea053802` +- `0a85ffbf27e08aa23665ba0d96a985b274d747556c9f016fd7f590c641ed0e4133291521aa442b320ee9ce80f5ad701b914a0c87b3dfa0cc92629dce94201806` authorizer world: ``` @@ -1924,8 +1924,8 @@ allow if true; ``` revocation ids: -- `f5e36f36c18a9a7d3660366a9dccf1eeefbb2a639571e5aba63714cf02e412d222f7aadec14aef59cb5cf104e0d3bdba439c4147249e2d703498b2f0610e1008` -- `79217fcc94823ccbfc1cdbd6aaf770890659bb94d48ca14dddff70e9d0d386a4755e452e732a071c8e9884ca280ead059c473b3bd4ea5f82e99ee3c484518004` +- `470e4bf7aa2a01ab39c98150bd06aa15b4aa5d86509044a8809a8634cd8cf2b42269a51a774b65d10bac9369d013070b00187925196a8e680108473f11cf8f03` +- `93a7315ab1272da9eeef015f6fecbc9ac96fe4660e6204bf64ea2105ebe309e9c9cadc0a26c5604f13910fae3f2cd0800756afb6b6b208bf77adeb1ab2f42405` authorizer world: ``` @@ -1988,7 +1988,7 @@ allow if true; ``` revocation ids: -- `96f15d9598d682d387d9f01b4df28f6f29e6e2a0d2cdd699266a685e983f64c8349054a77ca7e940d6775da79ed53d41373863e3a35b86181d132148a8d5980a` +- `c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d` authorizer world: ``` @@ -2037,7 +2037,7 @@ allow if true; ``` revocation ids: -- `96f15d9598d682d387d9f01b4df28f6f29e6e2a0d2cdd699266a685e983f64c8349054a77ca7e940d6775da79ed53d41373863e3a35b86181d132148a8d5980a` +- `c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d` authorizer world: ``` @@ -2156,11 +2156,11 @@ allow if true; ``` revocation ids: -- `0e823acf10d97afef5d327d08ecde17fad1808388dedf678770b60521170180f4ad3b4dc81494d92122658f3bbfe2567ad5493b2bf0fc6570f2be52566320d03` -- `35bacaf3a817a26ffcb6a2b5658ef60665b63696c00061f5cef75fe3dac315595f0e24c20533916d90077b708e62396bf4b50dcd774092b43100f9271cd9830a` -- `3198c7f606e1611e6a6df503b74a9ac5769dd11b3a1c6c4d5f0e3dbf92671d009e0ec648fadc49442e9c94455258c8502ed2d5031a57436f2521520a0b9ac009` -- `16f8e0231f514816282621730510e41e0ba1a41d1944634f13fe4aaf28d0565e658fa624186fafc0bd996af39b638a31904b637e24ecc791f3d7210f9b83d90e` -- `68db0a0319dd91ee6638fe5fe380f9037c63b37fd0674b9df01cae5e40fcfe37a04498cba34a92433c6f9d3c423be5a5fbee49136b734f9d98d1b7962c1e730b` +- `3771cefe71beb21ead35a59c8116ee82627a5717c0295f35980662abccb159fe1b37848cb1818e548656bd4fd882d0094a2daab631c76b2b72e3a093914bfe04` +- `45133b90f228a81fe4d3042a79f6c6b7608e656e903d6b1f4db32cd774b09b8315af360879a5f210ad7be37ff55e3eb34f237bcc9711407b6329ac6018bfb400` +- `179f054f3c572646aba5013159ae192ac42f5666dbdd984129955f4652b6829e59f54aa251e451f96329d42a2524ce569c3e1ec52e708b642dd8994af51dd703` +- `edab54789d6656936fcd28200b9c61643434842d531f09f209fad555e11ff53174db174dafba126e6de448983a56f78d2042bc5782d71a45799c022fe69fb30d` +- `6a62306831e9dbe83e7b33db96b758c77dd690930f2d2d87e239b210b1944c5582bf6d7e1bfea8e7f928c27f2fff0e2ee2e0adc41e11e0c3abe8d7b96b9ede07` authorizer world: ``` @@ -2270,7 +2270,7 @@ allow if true; ``` revocation ids: -- `c554195c11cd462ca550f833833fad64213bdbef31d5e4b48ae6c2dc072d5218792bbf0da612f7ec9d20dc04c505d8c6ebdeee96ae95307546227efca713c70b` +- `3346a22aae0abfc1ffa526f02f7650e90af909e5e519989026441e78cdc245b7fd126503cfdc8831325fc04307edc65238db319724477915f7040a2f6a719a05` authorizer world: ``` @@ -2318,7 +2318,7 @@ allow if true; ``` revocation ids: -- `56ff3e571202e641dfb84955adb6700b61e42e1100412b3e0e957f1693875fbb8fdeaeb008092b2f42c5c7ded97cde638eeaf3ab73df678273f6ba970916ad00` +- `117fa653744c859561555e6a6f5990e3a8e7817f91b87aa6991b6d64297158b4e884c92d10f49f74c96069df722aa676839b72751ca9d1fe83a7025b591de00b` authorizer world: ``` diff --git a/biscuit-auth/samples/samples.json b/biscuit-auth/samples/samples.json index 7ce26704..6e9a4bb8 100644 --- a/biscuit-auth/samples/samples.json +++ b/biscuit-auth/samples/samples.json @@ -1,6 +1,6 @@ { - "root_private_key": "12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a", - "root_public_key": "acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "root_private_key": "99e87b0e9158531eeeb503ff15266e2b23c2a2507b138c9d1b1f2ab458df2d61", + "root_public_key": "1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", "testcases": [ { "title": "basic token", @@ -83,8 +83,8 @@ }, "authorizer_code": "resource(\"file1\");\n\nallow if true;\n", "revocation_ids": [ - "36d2d7cf28796c69a0ed6dfa0fde5b3ffb2f637f0ba19aa1da858353e88678ad945ebaaa566a050b8abe8adb5b873855900b157e1e5f1cc11047a14385e5a203", - "b694af382e2115df7d02bb88a75b9c0cdcb9e51c23dea082c306b1b7a26dfe9a3ca7ba7ca3a8089e7b88bb3718ff0294c2a0dc6b5b810f64462e89393ff35e05" + "7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03", + "45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d" ] } } @@ -389,9 +389,9 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "9ff0d3b8dcd5235b5d88e17a21d5c789953e3bf4769ee40f34d4bc276b8672858504f6ae8098c43328a1e60589d7efc0e5fd2ec70a229904a1c493262d498c09", - "9e82a5f203e17d0515af7486599c1608d82a41c8e8cfe4457cb30c0eb62273d89970a2316223ccfdb64a49214762e80e82938531a2e0dc462f14ff52205e9107", - "c24b1da5ece026338fd3175648e443b97dce52659efe47881583cd35574670b21abdb345ebd0adf095620d8d7b805028fdcb480c24170d34e023e3a8df29fb04" + "4d86c9af808dc2e0583f47282e6f5df3e09dc264d5231ec360b4519e15ddaeec60b25a9bbcb22e8d192f4d36a0da3f9243711e30535b00ee55c53cb1395f230a", + "63208c668c66f3ba6927140ba37533593b25e03459447805d4b2a8b75adeef45794c3d7249afe506ed77ccee276160bb4052a4009302bd34871a440f070b4509", + "d8da982888eae8c038e4894a8c06fc57d8e5f06ad2e972b9cf4bde49ad60804558a0d1938192596c702d8e4f7f12ec19201d7c33d0cd77774a0d879a33880d02" ] } } @@ -484,9 +484,9 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603", - "3a69659a56d933ea7bf2dc4ccab997ed0bec6ce26b178ec24a9ec0d2fc006bcf31eae762f17cb5862457459b3d5ae9c17845dcf45f8cf0acd774e06f6b7d620d", - "c0f06ebdf58b5e17b150e7306a9361667a6a6d9945c1d478b4e8d9fac1869bd7726ef57e5cb9de95fe48718984e7dce617d5394caf25822cd646310affb2a202" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00", + "77df45442be86a416aa02fd9d98d6d4703c634a9e3b1d293b41f5dc97849afbe7faeec8c22a210574888acc008fb64fe691ec9e8d2655586f970d9a6b6577000", + "b31398aefe97d3db41ebc445760f216fb3aa7bf7439adcfc3a07489bfcc163970af3f4e20f5460aa24cf841101a5ab114d21acc0ee8d442bae7793b121284900" ] } } @@ -564,8 +564,8 @@ }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "ceb1a909c91d558a962c23d9d1c60aa06279f9dff1cc546ca6b2b6bf17db6fe4a03a04e9c1ed9131b7c6f3e609d5f17abab289909ae46f5e66f8876a5946a20c", - "8419da0abe321d3a830ffc93aa159140138a2c4b61dfd4b05328b69567aae23d357764672d114940cabb9bd465c4d2d4766e52c8805b0acdccc22b60e00c860c" + "c248907bb6e5f433bbb5edf6367b399ebefca0d321d0b2ea9fc67f66dc1064ce926adb0c05d90c3e8a2833328b3578f79c4e1bca43583d9bcfb2ba6c37303d00", + "a4edf7aaea8658bb9ae19b3ffe2adcc77cc9f16c249aeb0a85a584b5362f89f27f7c67ac0af16d7170673d6d1fb1563d1934b25ec5a461f6c01fa49805cd5e07" ] } } @@ -649,8 +649,8 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\ncheck if right($0, $1), resource($0), operation($1);\n\nallow if true;\n", "revocation_ids": [ - "ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603", - "d1d56ea3c9469186fe32f56a2c488b31b2dead6701ce833d521d2b1f223355edb058839c68ea6b50af02e2ffa4b92d80116b25f1cb0623b6685cb3415677970a" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00", + "966eceb2aa937c41b25368808bab6e0698c02a4038de669d007c9c3d43602638a640083558d1576ac80cf3eb2ac6a7585527e0f6c1a65402f0935cf7f4df8005" ] } } @@ -720,7 +720,7 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\ncheck if right($0, $1), resource($0), operation($1);\n\nallow if true;\n", "revocation_ids": [ - "ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00" ] } } @@ -768,7 +768,7 @@ }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "bc15caa9476568fef796c13385d0cf455df66a0b1aa2be7980549f69aa5a4a7864555d94ddd64c652c7c24c191298dd5c0ca1aadb638ffd91971d15edee0aa07" + "6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a" ] }, "file2": { @@ -817,7 +817,7 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "bc15caa9476568fef796c13385d0cf455df66a0b1aa2be7980549f69aa5a4a7864555d94ddd64c652c7c24c191298dd5c0ca1aadb638ffd91971d15edee0aa07" + "6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a" ] } } @@ -904,8 +904,8 @@ }, "authorizer_code": "resource(\"file1\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "58a9aead6684468383ba121d1d1ba6a2dd087f41240ecb3b8229587b7717630d5db86e230c4aa3a6da802f04483da06ae4cb71c7c35f30207550be4450787601", - "745941a089e3e4efc479ac8d934fc0f95d9add8dca119c68e2ef34dfb285385396ad9b2d2cf6633894c234b1b9c854978be6788ca05262e3d2362e82f984b605" + "c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006", + "a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00" ] }, "file2": { @@ -975,8 +975,8 @@ }, "authorizer_code": "resource(\"file2\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "58a9aead6684468383ba121d1d1ba6a2dd087f41240ecb3b8229587b7717630d5db86e230c4aa3a6da802f04483da06ae4cb71c7c35f30207550be4450787601", - "745941a089e3e4efc479ac8d934fc0f95d9add8dca119c68e2ef34dfb285385396ad9b2d2cf6633894c234b1b9c854978be6788ca05262e3d2362e82f984b605" + "c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006", + "a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00" ] } } @@ -1036,7 +1036,7 @@ }, "authorizer_code": "resource(\"file1\");\n\nallow if true;\n", "revocation_ids": [ - "7d2e7c6bc4878efcdb7f704948e668fcf5338cb1e4eeb5f0434944ace98597652f062d67e2ebdb47fe2c7b17d40f0d8a2386cb2d753fb430168be5e0b5fd410b" + "da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07" ] }, "file123": { @@ -1062,7 +1062,7 @@ }, "authorizer_code": "resource(\"file123.txt\");\n\nallow if true;\n", "revocation_ids": [ - "7d2e7c6bc4878efcdb7f704948e668fcf5338cb1e4eeb5f0434944ace98597652f062d67e2ebdb47fe2c7b17d40f0d8a2386cb2d753fb430168be5e0b5fd410b" + "da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07" ] } } @@ -1105,7 +1105,7 @@ }, "authorizer_code": "check if must_be_present($0) or must_be_present($0);\n\nallow if true;\n", "revocation_ids": [ - "e2c762315434ccc9194e012e47e75afb3329a46488a468d75d776b5a502ee5930d04750ae7b1836617fe07051bd92d4ce8336d662da4ca9ce9e9d4f4af5be70d" + "b0d466d31e015fa85a075fa875f7e1c9017edd503fee9f62a5f033e1fcfa811074b6e39dfe5af2f452043db97a3f98650592a370f5685b62c5d6abf9dd10b603" ] } } @@ -1172,8 +1172,8 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "812958ef3b43273b2c8e88bb13d0f91f0a8f5bf95544f79dafdaff07d89bd551baca72f83589b9e89120b0dc41c0f4b10678f03dd1b3ac0422e16074ff396b08", - "51c0e278bed1085afe45519aa60d5b4b9e13f1819dadb38fb5854ed3a599bfe18485d8f396219540bd17bfb9f46ab3c407a4ac51ebf88734b4f2fb56b24a6e01" + "ce6f804f4390e693a8853d9a4a10bd4f3c94b86b7c6d671993a6e19346bc4d20bbb52cc945e5d0d02e4e75fa5da2caa99764050190353564a0a0b4b276809402", + "916d566cc724e0773046fc5266e9d0d804311435b8d6955b332f823ab296be9a78dfea190447732ac9f6217234cf5726becf88f65169c6de56a766af55451b0f" ] } } @@ -1256,7 +1256,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "a0fdd27c0d21292a4d944a86a9e97cfee7513969a209729ebcff2dec50b8725816dad3b9d7fc004d3f6dc705399c303c1a76a8b955a5f23d2045132b68b4d50b" + "f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e" ] } } @@ -1297,8 +1297,8 @@ }, "authorizer_code": "", "revocation_ids": [ - "6d79797e655457166810826d7c398bc75ac4896d8de80650298796faf0aaf67f2abb80c46efdd915a210c9401bc41c75f3a7c19bebe4c02be9c991fae62b8808", - "b25cea85ce06b97df471896c7c709b3962dd6e97074a66a2da2fe6721c250c418b4c55455f7209362752343873bb4105d18ef6a880ecb9c0b41d98f0b7d31505" + "a44210c6a01e55eadefc7d8540c2e6eff80ab6eeedde4751de734f9d780435780680d3f42d826b7e0f0dcf4a5ba303fd4c116984bb30978813d46ed867924307", + "b0a33e3f4cd0994c0766c196c4d11c15e5a0f9bfba79a3a2b35ddd04ddb890282a7c63336ada5c680b9f9c940c1fa7127d2699754cbc77c21e1a2d85c5ef700c" ] } } @@ -1375,8 +1375,8 @@ }, "authorizer_code": "operation(\"write\");\n\nallow if true;\n", "revocation_ids": [ - "6d79797e655457166810826d7c398bc75ac4896d8de80650298796faf0aaf67f2abb80c46efdd915a210c9401bc41c75f3a7c19bebe4c02be9c991fae62b8808", - "f7d3f3eadd83cc30aa3c0a9b8288d44b9107b5a099e52da6447fdb7aca5d00cd58add7b7b12b3fb73bd9b664f33ed207d91efcda2d05523cb9b8db0e9bca0502" + "a44210c6a01e55eadefc7d8540c2e6eff80ab6eeedde4751de734f9d780435780680d3f42d826b7e0f0dcf4a5ba303fd4c116984bb30978813d46ed867924307", + "d3f8822a9b9bc0ee3933283c493ca9e711be5dd8339b5fe2eba1de3805aad4e84d3e2fb4affb4a743f1289915c167582b9425343635e45b70573ea1ee7a1ea03" ] } } @@ -1451,8 +1451,8 @@ }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "36d2d7cf28796c69a0ed6dfa0fde5b3ffb2f637f0ba19aa1da858353e88678ad945ebaaa566a050b8abe8adb5b873855900b157e1e5f1cc11047a14385e5a203", - "b694af382e2115df7d02bb88a75b9c0cdcb9e51c23dea082c306b1b7a26dfe9a3ca7ba7ca3a8089e7b88bb3718ff0294c2a0dc6b5b810f64462e89393ff35e05" + "7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03", + "45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d" ] } } @@ -1495,7 +1495,7 @@ }, "authorizer_code": "check if ns::fact_123(\"hello é\t😁\");\n\nallow if true;\n", "revocation_ids": [ - "6a945aca807c25971cc4b711cd6364141fdaf4cee013022416f22986240238cc029b5ae41eb5c5b8a461b0d6063329132b5bac91ca8b51e82829a2b6a273150d" + "d4b2f417b6e906434fdf5058afcabfcb98d3628f814f1c9dd7e64250d9beec4465aff51bd0cb2e85d0e67dc9f613c2a42af6158c678bc6f8b4684cd3a2d0d302" ] } } @@ -1697,7 +1697,7 @@ }, "authorizer_code": "check if read(0), write(1), resource(2), operation(3), right(4), time(5), role(6), owner(7), tenant(8), namespace(9), user(10), team(11), service(12), admin(13), email(14), group(15), member(16), ip_address(17), client(18), client_ip(19), domain(20), path(21), version(22), cluster(23), node(24), hostname(25), nonce(26), query(27);\n\nallow if true;\n", "revocation_ids": [ - "23183284bdad88fbf5b4cbaed2218cf0a38d7e360f3ac401d6337eecf36e8da1ce15eda6d11fe94c20c344f687327d9338a0e863f98c9a14576739533d2fb804" + "75ce48d496fd28f99905901783a1ba46d7ff8d69f9d364d1546fd73006026eae51849ad1190a4ae521a0a1269f9c6951e226afba8fcd24fa50f679162439ae09" ] } } @@ -1779,9 +1779,9 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "8c94b6f3a2cbe086a7df1135f04c7b88b4a8d6b4f595cd963e8f2a36b9c1edb551f1b0360f7995eec8ea8c846847fba53932f5e70aaee7783a852c83c08dd80b", - "ce286369809e4f4a6e2d6b95ba6c19af28c3694ffd408d09ee292c0233a3d73e3257151d6099177ae61aa71cfb91f85b3ccac80952bf5d34c9e807c5e4cf2c04", - "9bc1209ffa1e11d5fd3fe3811e55893e6c5a94d56e5835e83f7a84142db50642899b92705a32ab64a375e36e665564607cbf50d6366682b5381849f8e8b3340a" + "f9b49866caef5ece7be14ec5a9b36d98ca81d06b306eb0b4c57cd7436af176f40ee972f40903f87ec4460ab8b1adfcbfa9b19b20a6955a1e8dae7d88b2076005", + "889054b9119e4440e54da1b63266a98d0f6646cde195fef206efd8b133cfb2ee7be49b32a9a5925ece452e64f9e6f6d80dab422e916c599675dd68cdea053802", + "0a85ffbf27e08aa23665ba0d96a985b274d747556c9f016fd7f590c641ed0e4133291521aa442b320ee9ce80f5ad701b914a0c87b3dfa0cc92629dce94201806" ] } } @@ -1836,8 +1836,8 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "f5e36f36c18a9a7d3660366a9dccf1eeefbb2a639571e5aba63714cf02e412d222f7aadec14aef59cb5cf104e0d3bdba439c4147249e2d703498b2f0610e1008", - "79217fcc94823ccbfc1cdbd6aaf770890659bb94d48ca14dddff70e9d0d386a4755e452e732a071c8e9884ca280ead059c473b3bd4ea5f82e99ee3c484518004" + "470e4bf7aa2a01ab39c98150bd06aa15b4aa5d86509044a8809a8634cd8cf2b42269a51a774b65d10bac9369d013070b00187925196a8e680108473f11cf8f03", + "93a7315ab1272da9eeef015f6fecbc9ac96fe4660e6204bf64ea2105ebe309e9c9cadc0a26c5604f13910fae3f2cd0800756afb6b6b208bf77adeb1ab2f42405" ] } } @@ -1895,7 +1895,7 @@ }, "authorizer_code": "operation(\"A\");\noperation(\"B\");\n\nallow if true;\n", "revocation_ids": [ - "96f15d9598d682d387d9f01b4df28f6f29e6e2a0d2cdd699266a685e983f64c8349054a77ca7e940d6775da79ed53d41373863e3a35b86181d132148a8d5980a" + "c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d" ] }, "A, invalid": { @@ -1950,7 +1950,7 @@ }, "authorizer_code": "operation(\"A\");\noperation(\"invalid\");\n\nallow if true;\n", "revocation_ids": [ - "96f15d9598d682d387d9f01b4df28f6f29e6e2a0d2cdd699266a685e983f64c8349054a77ca7e940d6775da79ed53d41373863e3a35b86181d132148a8d5980a" + "c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d" ] } } @@ -2064,11 +2064,11 @@ }, "authorizer_code": "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\n\ndeny if query(3);\ndeny if query(1, 2);\ndeny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\nallow if true;\n", "revocation_ids": [ - "0e823acf10d97afef5d327d08ecde17fad1808388dedf678770b60521170180f4ad3b4dc81494d92122658f3bbfe2567ad5493b2bf0fc6570f2be52566320d03", - "35bacaf3a817a26ffcb6a2b5658ef60665b63696c00061f5cef75fe3dac315595f0e24c20533916d90077b708e62396bf4b50dcd774092b43100f9271cd9830a", - "3198c7f606e1611e6a6df503b74a9ac5769dd11b3a1c6c4d5f0e3dbf92671d009e0ec648fadc49442e9c94455258c8502ed2d5031a57436f2521520a0b9ac009", - "16f8e0231f514816282621730510e41e0ba1a41d1944634f13fe4aaf28d0565e658fa624186fafc0bd996af39b638a31904b637e24ecc791f3d7210f9b83d90e", - "68db0a0319dd91ee6638fe5fe380f9037c63b37fd0674b9df01cae5e40fcfe37a04498cba34a92433c6f9d3c423be5a5fbee49136b734f9d98d1b7962c1e730b" + "3771cefe71beb21ead35a59c8116ee82627a5717c0295f35980662abccb159fe1b37848cb1818e548656bd4fd882d0094a2daab631c76b2b72e3a093914bfe04", + "45133b90f228a81fe4d3042a79f6c6b7608e656e903d6b1f4db32cd774b09b8315af360879a5f210ad7be37ff55e3eb34f237bcc9711407b6329ac6018bfb400", + "179f054f3c572646aba5013159ae192ac42f5666dbdd984129955f4652b6829e59f54aa251e451f96329d42a2524ce569c3e1ec52e708b642dd8994af51dd703", + "edab54789d6656936fcd28200b9c61643434842d531f09f209fad555e11ff53174db174dafba126e6de448983a56f78d2042bc5782d71a45799c022fe69fb30d", + "6a62306831e9dbe83e7b33db96b758c77dd690930f2d2d87e239b210b1944c5582bf6d7e1bfea8e7f928c27f2fff0e2ee2e0adc41e11e0c3abe8d7b96b9ede07" ] } } @@ -2105,7 +2105,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "c554195c11cd462ca550f833833fad64213bdbef31d5e4b48ae6c2dc072d5218792bbf0da612f7ec9d20dc04c505d8c6ebdeee96ae95307546227efca713c70b" + "3346a22aae0abfc1ffa526f02f7650e90af909e5e519989026441e78cdc245b7fd126503cfdc8831325fc04307edc65238db319724477915f7040a2f6a719a05" ] } } @@ -2146,7 +2146,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "56ff3e571202e641dfb84955adb6700b61e42e1100412b3e0e957f1693875fbb8fdeaeb008092b2f42c5c7ded97cde638eeaf3ab73df678273f6ba970916ad00" + "117fa653744c859561555e6a6f5990e3a8e7817f91b87aa6991b6d64297158b4e884c92d10f49f74c96069df722aa676839b72751ca9d1fe83a7025b591de00b" ] } } diff --git a/biscuit-auth/samples/test001_basic.bc b/biscuit-auth/samples/test001_basic.bc index e9a777a8..f45e91bb 100644 Binary files a/biscuit-auth/samples/test001_basic.bc and b/biscuit-auth/samples/test001_basic.bc differ diff --git a/biscuit-auth/samples/test002_different_root_key.bc b/biscuit-auth/samples/test002_different_root_key.bc index 0d75d0ad..edf2dd78 100644 Binary files a/biscuit-auth/samples/test002_different_root_key.bc and b/biscuit-auth/samples/test002_different_root_key.bc differ diff --git a/biscuit-auth/samples/test003_invalid_signature_format.bc b/biscuit-auth/samples/test003_invalid_signature_format.bc index 1144f09b..8c683a62 100644 Binary files a/biscuit-auth/samples/test003_invalid_signature_format.bc and b/biscuit-auth/samples/test003_invalid_signature_format.bc differ diff --git a/biscuit-auth/samples/test004_random_block.bc b/biscuit-auth/samples/test004_random_block.bc index 1b2611fe..e8882d3e 100644 Binary files a/biscuit-auth/samples/test004_random_block.bc and b/biscuit-auth/samples/test004_random_block.bc differ diff --git a/biscuit-auth/samples/test005_invalid_signature.bc b/biscuit-auth/samples/test005_invalid_signature.bc index d7620dc2..b33c6abd 100644 Binary files a/biscuit-auth/samples/test005_invalid_signature.bc and b/biscuit-auth/samples/test005_invalid_signature.bc differ diff --git a/biscuit-auth/samples/test006_reordered_blocks.bc b/biscuit-auth/samples/test006_reordered_blocks.bc index 338c73d9..486981c5 100644 Binary files a/biscuit-auth/samples/test006_reordered_blocks.bc and b/biscuit-auth/samples/test006_reordered_blocks.bc differ diff --git a/biscuit-auth/samples/test007_scoped_rules.bc b/biscuit-auth/samples/test007_scoped_rules.bc index 91e24ea8..905f9351 100644 Binary files a/biscuit-auth/samples/test007_scoped_rules.bc and b/biscuit-auth/samples/test007_scoped_rules.bc differ diff --git a/biscuit-auth/samples/test008_scoped_checks.bc b/biscuit-auth/samples/test008_scoped_checks.bc index 9c54ad1f..82e4527c 100644 Binary files a/biscuit-auth/samples/test008_scoped_checks.bc and b/biscuit-auth/samples/test008_scoped_checks.bc differ diff --git a/biscuit-auth/samples/test009_expired_token.bc b/biscuit-auth/samples/test009_expired_token.bc index 19e2520e..1ae9e59f 100644 Binary files a/biscuit-auth/samples/test009_expired_token.bc and b/biscuit-auth/samples/test009_expired_token.bc differ diff --git a/biscuit-auth/samples/test010_authorizer_scope.bc b/biscuit-auth/samples/test010_authorizer_scope.bc index 975adeba..b0188a76 100644 Binary files a/biscuit-auth/samples/test010_authorizer_scope.bc and b/biscuit-auth/samples/test010_authorizer_scope.bc differ diff --git a/biscuit-auth/samples/test011_authorizer_authority_caveats.bc b/biscuit-auth/samples/test011_authorizer_authority_caveats.bc index 971d0d0f..a368cf3c 100644 Binary files a/biscuit-auth/samples/test011_authorizer_authority_caveats.bc and b/biscuit-auth/samples/test011_authorizer_authority_caveats.bc differ diff --git a/biscuit-auth/samples/test012_authority_caveats.bc b/biscuit-auth/samples/test012_authority_caveats.bc index f4352a67..6d852ec7 100644 Binary files a/biscuit-auth/samples/test012_authority_caveats.bc and b/biscuit-auth/samples/test012_authority_caveats.bc differ diff --git a/biscuit-auth/samples/test013_block_rules.bc b/biscuit-auth/samples/test013_block_rules.bc index 4ee974eb..149b4ee8 100644 Binary files a/biscuit-auth/samples/test013_block_rules.bc and b/biscuit-auth/samples/test013_block_rules.bc differ diff --git a/biscuit-auth/samples/test014_regex_constraint.bc b/biscuit-auth/samples/test014_regex_constraint.bc index f35237c1..6c3c87e8 100644 Binary files a/biscuit-auth/samples/test014_regex_constraint.bc and b/biscuit-auth/samples/test014_regex_constraint.bc differ diff --git a/biscuit-auth/samples/test015_multi_queries_caveats.bc b/biscuit-auth/samples/test015_multi_queries_caveats.bc index 85fff417..7c775b72 100644 Binary files a/biscuit-auth/samples/test015_multi_queries_caveats.bc and b/biscuit-auth/samples/test015_multi_queries_caveats.bc differ diff --git a/biscuit-auth/samples/test016_caveat_head_name.bc b/biscuit-auth/samples/test016_caveat_head_name.bc index 1a56d12f..c5066415 100644 Binary files a/biscuit-auth/samples/test016_caveat_head_name.bc and b/biscuit-auth/samples/test016_caveat_head_name.bc differ diff --git a/biscuit-auth/samples/test017_expressions.bc b/biscuit-auth/samples/test017_expressions.bc index c41083b5..10f50241 100644 Binary files a/biscuit-auth/samples/test017_expressions.bc and b/biscuit-auth/samples/test017_expressions.bc differ diff --git a/biscuit-auth/samples/test018_unbound_variables_in_rule.bc b/biscuit-auth/samples/test018_unbound_variables_in_rule.bc index 718e0b58..36799591 100644 Binary files a/biscuit-auth/samples/test018_unbound_variables_in_rule.bc and b/biscuit-auth/samples/test018_unbound_variables_in_rule.bc differ diff --git a/biscuit-auth/samples/test019_generating_ambient_from_variables.bc b/biscuit-auth/samples/test019_generating_ambient_from_variables.bc index 7a90e327..f486a3c7 100644 Binary files a/biscuit-auth/samples/test019_generating_ambient_from_variables.bc and b/biscuit-auth/samples/test019_generating_ambient_from_variables.bc differ diff --git a/biscuit-auth/samples/test020_sealed.bc b/biscuit-auth/samples/test020_sealed.bc index 82a3b5e6..6ce22072 100644 Binary files a/biscuit-auth/samples/test020_sealed.bc and b/biscuit-auth/samples/test020_sealed.bc differ diff --git a/biscuit-auth/samples/test021_parsing.bc b/biscuit-auth/samples/test021_parsing.bc index 371e06e6..3f926365 100644 Binary files a/biscuit-auth/samples/test021_parsing.bc and b/biscuit-auth/samples/test021_parsing.bc differ diff --git a/biscuit-auth/samples/test022_default_symbols.bc b/biscuit-auth/samples/test022_default_symbols.bc index 8744c10c..c12449df 100644 Binary files a/biscuit-auth/samples/test022_default_symbols.bc and b/biscuit-auth/samples/test022_default_symbols.bc differ diff --git a/biscuit-auth/samples/test023_execution_scope.bc b/biscuit-auth/samples/test023_execution_scope.bc index 464ffe62..b10a6861 100644 Binary files a/biscuit-auth/samples/test023_execution_scope.bc and b/biscuit-auth/samples/test023_execution_scope.bc differ diff --git a/biscuit-auth/samples/test024_third_party.bc b/biscuit-auth/samples/test024_third_party.bc index 9428ff06..7bca415c 100644 Binary files a/biscuit-auth/samples/test024_third_party.bc and b/biscuit-auth/samples/test024_third_party.bc differ diff --git a/biscuit-auth/samples/test025_check_all.bc b/biscuit-auth/samples/test025_check_all.bc index 19398396..221df2ca 100644 Binary files a/biscuit-auth/samples/test025_check_all.bc and b/biscuit-auth/samples/test025_check_all.bc differ diff --git a/biscuit-auth/samples/test026_public_keys_interning.bc b/biscuit-auth/samples/test026_public_keys_interning.bc index 1b56f896..49e417b2 100644 Binary files a/biscuit-auth/samples/test026_public_keys_interning.bc and b/biscuit-auth/samples/test026_public_keys_interning.bc differ diff --git a/biscuit-auth/samples/test027_integer_wraparound.bc b/biscuit-auth/samples/test027_integer_wraparound.bc index 6b5a5a5c..50aa63b9 100644 Binary files a/biscuit-auth/samples/test027_integer_wraparound.bc and b/biscuit-auth/samples/test027_integer_wraparound.bc differ diff --git a/biscuit-auth/samples/test028_expressions_v4.bc b/biscuit-auth/samples/test028_expressions_v4.bc index 63f8f788..c34d7a10 100644 Binary files a/biscuit-auth/samples/test028_expressions_v4.bc and b/biscuit-auth/samples/test028_expressions_v4.bc differ diff --git a/biscuit-auth/src/crypto/mod.rs b/biscuit-auth/src/crypto/mod.rs index 4b7589bd..9cfa0fff 100644 --- a/biscuit-auth/src/crypto/mod.rs +++ b/biscuit-auth/src/crypto/mod.rs @@ -19,7 +19,7 @@ use zeroize::Zeroize; /// pair of cryptographic keys used to sign a token's block #[derive(Debug)] pub struct KeyPair { - pub kp: ed25519_dalek::Keypair, + pub(crate) kp: ed25519_dalek::SigningKey, } impl KeyPair { @@ -28,28 +28,24 @@ impl KeyPair { } pub fn new_with_rng(rng: &mut T) -> Self { - let kp = ed25519_dalek::Keypair::generate(rng); + let kp = ed25519_dalek::SigningKey::generate(rng); KeyPair { kp } } pub fn from(key: &PrivateKey) -> Self { - let secret = SecretKey::from_bytes(&key.0.to_bytes()).unwrap(); - - let public = (&key.0).into(); - KeyPair { - kp: ed25519_dalek::Keypair { secret, public }, + kp: ed25519_dalek::SigningKey::from_bytes(&key.0), } } pub fn private(&self) -> PrivateKey { - let secret = SecretKey::from_bytes(&self.kp.secret.to_bytes()).unwrap(); + let secret = self.kp.to_bytes(); PrivateKey(secret) } pub fn public(&self) -> PublicKey { - PublicKey(self.kp.public) + PublicKey(self.kp.verifying_key()) } } @@ -59,12 +55,6 @@ impl std::default::Default for KeyPair { } } -impl Drop for KeyPair { - fn drop(&mut self) { - self.kp.secret.zeroize(); - } -} - /// the private part of a [KeyPair] #[derive(Debug)] pub struct PrivateKey(pub(crate) ed25519_dalek::SecretKey); @@ -72,7 +62,7 @@ pub struct PrivateKey(pub(crate) ed25519_dalek::SecretKey); impl PrivateKey { /// serializes to a byte array pub fn to_bytes(&self) -> [u8; 32] { - self.0.to_bytes() + self.0 } /// serializes to an hex-encoded string @@ -85,10 +75,7 @@ impl PrivateKey { let bytes: [u8; 32] = bytes .try_into() .map_err(|_| Format::InvalidKeySize(bytes.len()))?; - SecretKey::from_bytes(&bytes) - .map(PrivateKey) - .map_err(|s| s.to_string()) - .map_err(Format::InvalidKey) + Ok(PrivateKey(bytes)) } /// deserializes from an hex-encoded string @@ -99,7 +86,7 @@ impl PrivateKey { /// returns the matching public key pub fn public(&self) -> PublicKey { - PublicKey((&self.0).into()) + PublicKey(SigningKey::from_bytes(&self.0).verifying_key()) } } @@ -117,7 +104,7 @@ impl Drop for PrivateKey { /// the public part of a [KeyPair] #[derive(Debug, Clone, Copy, Eq)] -pub struct PublicKey(pub(crate) ed25519_dalek::PublicKey); +pub struct PublicKey(pub(crate) ed25519_dalek::VerifyingKey); impl PublicKey { /// serializes to a byte array @@ -132,7 +119,11 @@ impl PublicKey { /// deserializes from a byte array pub fn from_bytes(bytes: &[u8]) -> Result { - ed25519_dalek::PublicKey::from_bytes(bytes) + let bytes: [u8; 32] = bytes + .try_into() + .map_err(|_| Format::InvalidKeySize(bytes.len()))?; + + ed25519_dalek::VerifyingKey::from_bytes(&bytes) .map(PublicKey) .map_err(|s| s.to_string()) .map_err(Format::InvalidKey) @@ -245,13 +236,11 @@ pub fn sign( } pub fn verify_block_signature(block: &Block, public_key: &PublicKey) -> Result<(), error::Format> { - use ed25519_dalek::ed25519::signature::Signature; - //FIXME: replace with SHA512 hashing let mut to_verify = block.data.to_vec(); if let Some(signature) = block.external_signature.as_ref() { - to_verify.extend_from_slice(signature.signature.as_bytes()); + to_verify.extend_from_slice(&signature.signature.to_bytes()); } to_verify.extend(&(crate::format::schema::public_key::Algorithm::Ed25519 as i32).to_le_bytes()); to_verify.extend(&block.next_key.to_bytes()); diff --git a/biscuit-auth/src/format/mod.rs b/biscuit-auth/src/format/mod.rs index 8d80eb0c..89562ec9 100644 --- a/biscuit-auth/src/format/mod.rs +++ b/biscuit-auth/src/format/mod.rs @@ -6,7 +6,7 @@ //! - serialization of a wrapper structure containing serialized blocks and the signature use super::crypto::{self, KeyPair, PrivateKey, PublicKey, TokenNext}; -use ed25519_dalek::ed25519::signature::Signature; +use ed25519_dalek::Signer; use prost::Message; use super::error; @@ -14,7 +14,6 @@ use super::token::Block; use crate::crypto::ExternalSignature; use crate::datalog::SymbolTable; use crate::token::RootKeyProvider; -use ed25519_dalek::Signer; use std::collections::HashMap; use std::convert::TryInto; @@ -63,12 +62,7 @@ impl SerializedBiscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(data.authority.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::SignatureDeserializationError(format!( - "signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); if data.authority.external_signature.is_some() { return Err(error::Format::DeserializationError( @@ -91,12 +85,7 @@ impl SerializedBiscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(block.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::BlockSignatureDeserializationError(format!( - "block signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); let external_signature = if let Some(ex) = block.external_signature.as_ref() { let public_key = PublicKey::from_proto(&ex.public_key)?; @@ -105,12 +94,7 @@ impl SerializedBiscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(ex.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::BlockSignatureDeserializationError(format!( - "block external signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); Some(ExternalSignature { public_key, @@ -141,12 +125,7 @@ impl SerializedBiscuit { let bytes: [u8; 64] = (&v[..]) .try_into() .map_err(|_| error::Format::InvalidSignatureSize(v.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::SignatureDeserializationError(format!( - "final signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); TokenNext::Seal(signature) } }; @@ -336,7 +315,7 @@ impl SerializedBiscuit { error::Format::SerializationError(format!("serialization error: {:?}", e)) })?; if let Some(signature) = &external_signature { - v.extend_from_slice(signature.signature.as_bytes()); + v.extend_from_slice(&signature.signature.to_bytes()); } let signature = crypto::sign(&keypair, next_keypair, &v)?; @@ -369,7 +348,7 @@ impl SerializedBiscuit { let mut v = block.clone(); if let Some(signature) = &external_signature { - v.extend_from_slice(signature.signature.as_bytes()); + v.extend_from_slice(&signature.signature.to_bytes()); } let signature = crypto::sign(&keypair, next_keypair, &v)?; diff --git a/biscuit-auth/src/token/mod.rs b/biscuit-auth/src/token/mod.rs index 87d020b1..8140997f 100644 --- a/biscuit-auth/src/token/mod.rs +++ b/biscuit-auth/src/token/mod.rs @@ -412,12 +412,7 @@ impl Biscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(external_signature.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::BlockSignatureDeserializationError(format!( - "block external signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); let previous_key = self .container .blocks diff --git a/biscuit-auth/src/token/unverified.rs b/biscuit-auth/src/token/unverified.rs index 2073b7b9..75f3edfc 100644 --- a/biscuit-auth/src/token/unverified.rs +++ b/biscuit-auth/src/token/unverified.rs @@ -306,12 +306,7 @@ impl UnverifiedBiscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(external_signature.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::BlockSignatureDeserializationError(format!( - "block external signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); let previous_key = self .container .blocks