FStar/doc/old/tutorial/code/solutions/Ex12a2.Cap.fst at 6dd87f05a2e41f90421a04506653bf00cc507d09 · FStarLang/FStar · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
(*
   Copyright 2008-2018 Microsoft Research

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*)
(* to be used with Ex12.MAC.fst and Ex12a.ACLs.fst *)

module Ex12a2.Cap (* capabilities *)
open FStar.ST
open FStar.All
open Platform.Bytes


module ACLs = Ex12a.ACLs
module MAC = Ex12.MAC

// In Platform.Bytes: val utf8: s:string  -> Tot bytes

assume UTF8_inj:
  forall s0 s1.{:pattern (utf8 s0); (utf8 s1)}
     b2t (equalBytes (utf8 s0) (utf8 s1)) ==> s0==s1

type capRead (msg:bytes) = (forall f. msg = utf8 f ==> ACLs.canRead f)

#push-options "--warn_error -272" //Warning_TopLevelEffect
let k_read = MAC.keygen capRead
#pop-options

val issue_read: f:string{ ACLs.canRead f } -> ML MAC.tag
val redeem_read: f:string -> m:MAC.tag -> ML (u:unit{ ACLs.canRead f })

let issue_read f =
  assert(ACLs.canRead f);
  let bs = (utf8 f) in
  assert(capRead bs);
  MAC.mac k_read bs

let redeem_read f t =
  let bs = (utf8 f) in
  if MAC.verify k_read bs t then
    (MAC.from_key_prop k_read bs ;
    assert (ACLs.canRead f))
  else
    failwith "bad capability"

// Begin: CapImplementation2
type capWrite (msg:bytes) = (forall f. msg = utf8 f ==> ACLs.canWrite f)

#push-options "--warn_error -272" //Warning_TopLevelEffect
let k_write = MAC.keygen capWrite
#pop-options

val issue_write: f:string{ ACLs.canWrite f } -> ML MAC.tag
val redeem_write: f:string -> m:MAC.tag -> ML(u:unit{ ACLs.canWrite f })

let issue_write f =
  assert(ACLs.canWrite f);
  let bs = (utf8 f) in
  assert(capWrite bs);
  MAC.mac k_write bs


let redeem_write f t =
  let bs = (utf8 f) in
  if MAC.verify k_write bs t then
    (MAC.from_key_prop k_write bs ;
    assert(ACLs.canWrite f))
  else
    failwith "bad capability"
// END: CapImplementation2