ccan: upgrade to get ccan/runes.

Signed-off-by: Rusty Russell <[email protected]>
dcorral · Jul 16, 2022 · f65d3bb · f65d3bb
1 parent 3e672b7
commit f65d3bb
Show file tree

Hide file tree

Showing 12 changed files with 1,755 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -92,6 +92,7 @@ FEATURES :=
 
 CCAN_OBJS :=					\
 	ccan-asort.o				\
+	ccan-base64.o				\
 	ccan-bitmap.o				\
 	ccan-bitops.o				\
 	ccan-breakpoint.o			\
@@ -127,6 +128,8 @@ CCAN_OBJS :=					\
 	ccan-ptr_valid.o			\
 	ccan-rbuf.o				\
 	ccan-read_write_all.o			\
+	ccan-rune-coding.o			\
+	ccan-rune-rune.o			\
 	ccan-str-base32.o			\
 	ccan-str-hex.o				\
 	ccan-str.o				\
@@ -195,6 +198,8 @@ CCAN_HEADERS :=						\
 	$(CCANDIR)/ccan/ptrint/ptrint.h			\
 	$(CCANDIR)/ccan/rbuf/rbuf.h			\
 	$(CCANDIR)/ccan/read_write_all/read_write_all.h	\
+	$(CCANDIR)/ccan/rune/internal.h			\
+	$(CCANDIR)/ccan/rune/rune.h			\
 	$(CCANDIR)/ccan/short_types/short_types.h	\
 	$(CCANDIR)/ccan/str/base32/base32.h		\
 	$(CCANDIR)/ccan/str/hex/hex.h			\
@@ -840,6 +845,8 @@ endif
 
 ccan-breakpoint.o: $(CCANDIR)/ccan/breakpoint/breakpoint.c
 	@$(call VERBOSE, "cc $<", $(CC) $(CFLAGS) -c -o $@ $<)
+ccan-base64.o: $(CCANDIR)/ccan/base64/base64.c
+	@$(call VERBOSE, "cc $<", $(CC) $(CFLAGS) -c -o $@ $<)
 ccan-tal.o: $(CCANDIR)/ccan/tal/tal.c
 	@$(call VERBOSE, "cc $<", $(CC) $(CFLAGS) -c -o $@ $<)
 ccan-tal-str.o: $(CCANDIR)/ccan/tal/str/str.c
@@ -940,3 +947,7 @@ ccan-json_out.o: $(CCANDIR)/ccan/json_out/json_out.c
 	@$(call VERBOSE, "cc $<", $(CC) $(CFLAGS) -c -o $@ $<)
 ccan-closefrom.o: $(CCANDIR)/ccan/closefrom/closefrom.c
 	@$(call VERBOSE, "cc $<", $(CC) $(CFLAGS) -c -o $@ $<)
+ccan-rune-rune.o: $(CCANDIR)/ccan/rune/rune.c
+	@$(call VERBOSE, "cc $<", $(CC) $(CFLAGS) -c -o $@ $<)
+ccan-rune-coding.o: $(CCANDIR)/ccan/rune/coding.c
+	@$(call VERBOSE, "cc $<", $(CC) $(CFLAGS) -c -o $@ $<)
diff --git a/ccan/README b/ccan/README
@@ -1,3 +1,3 @@
 CCAN imported from http://ccodearchive.net.
 
-CCAN version: init-2540-g8448fd28
+CCAN version: init-2541-g52b86922
diff --git a/ccan/ccan/base64/base64.h b/ccan/ccan/base64/base64.h
@@ -116,7 +116,7 @@ ssize_t base64_decode_quartet_using_maps(const base64_maps_t *maps,
  * @note sets errno = EDOM if src contains invalid characters
  * @note sets errno = EINVAL if src is an invalid base64 tail
  */
-ssize_t base64_decode_tail_using_maps(const base64_maps_t *maps, char *dest,
+ssize_t base64_decode_tail_using_maps(const base64_maps_t *maps, char dest[3],
 				      const char *src, size_t srclen);
 
 

diff --git a/ccan/ccan/rune/LICENSE b/ccan/ccan/rune/LICENSE
@@ -0,0 +1 @@
+../../licenses/BSD-MIT
diff --git a/ccan/ccan/rune/_info b/ccan/ccan/rune/_info
@@ -0,0 +1,130 @@
+#include "config.h"
+#include <stdio.h>
+#include <string.h>
+
+/**
+ * rune - Simple cookies you can extend (a-la Python runes class).
+ *
+ * This code is a form of cookies, but they are user-extensible, and
+ * contain a simple language to define what the cookie allows.
+ *
+ * A "rune" contains the hash of a secret (so the server can
+ * validate), such that you can add, but not subtract, conditions.
+ * This is a simplified form of Macaroons, See
+ * https://research.google/pubs/pub41892/ "Macaroons: Cookies with
+ * Contextual Caveats for Decentralized Authorization in the Cloud".
+ * It has one good idea, some extended ideas nobody implements, and
+ * lots and lots of words.
+ *
+ * License: BSD-MIT
+ * Author: Rusty Russell <[email protected]>
+ * Example:
+ * // Given "generate secret 1" outputs kr7AW-eJ2Munhv5ftu4rHqAnhxUpPQM8aOyWOmqiytk9MQ==
+ * // Given "add kr7AW-eJ2Munhv5ftu4rHqAnhxUpPQM8aOyWOmqiytk9MQ== uid=rusty" outputs Xyt5S6FKUnA2ppGB62c6HTPGojt2S7k2n7Cf7Tjj6zM9MSZ1aWQ9cnVzdHk=
+ * // Given "test secret Xyt5S6FKUnA2ppGB62c6HTPGojt2S7k2n7Cf7Tjj6zM9MSZ1aWQ9cnVzdHk= rusty" outputs PASSED
+ * // Given "test secret Xyt5S6FKUnA2ppGB62c6HTPGojt2S7k2n7Cf7Tjj6zM9MSZ1aWQ9cnVzdHk= notrusty" outputs FAILED: uid is not equal to rusty
+ * // Given "add Xyt5S6FKUnA2ppGB62c6HTPGojt2S7k2n7Cf7Tjj6zM9MSZ1aWQ9cnVzdHk= t\<1655958616" outputs _YBFmeAedqlLigWHAmvyyGGHRrnI40BRQGh2hWdSZ9E9MSZ1aWQ9cnVzdHkmdDwxNjU1OTU4NjE2
+ * // Given "test secret _YBFmeAedqlLigWHAmvyyGGHRrnI40BRQGh2hWdSZ9E9MSZ1aWQ9cnVzdHkmdDwxNjU1OTU4NjE2 rusty" outputs FAILED: t is greater or equal to 1655958616
+ * #include <ccan/err/err.h>
+ * #include <ccan/rune/rune.h>
+ * #include <ccan/str/str.h>
+ * #include <stdio.h>
+ * #include <sys/time.h>
+ * 
+ * // We support two values: current time (t), and user id (uid).
+ * static const char *check(const tal_t *ctx,
+ * 			    const struct rune *rune,
+ * 			    const struct rune_altern *alt,
+ * 			    char *uid)
+ * {
+ * 	// t= means current time, in seconds, as integer
+ * 	if (streq(alt->fieldname, "t")) {
+ * 		struct timeval now;
+ * 		gettimeofday(&now, NULL);
+ * 		return rune_alt_single_int(ctx, alt, now.tv_sec);
+ * 	}
+ * 	if (streq(alt->fieldname, "uid")) {
+ * 		return rune_alt_single_str(ctx, alt, uid, strlen(uid));
+ * 	}
+ * 	// Otherwise, field is missing
+ * 	return rune_alt_single_missing(ctx, alt);
+ * }
+ * 
+ * int main(int argc, char *argv[])
+ * {
+ * 	struct rune *master, *rune;
+ * 
+ * 	if (argc < 3)
+ * 		goto usage;
+ * 
+ * 	if (streq(argv[1], "generate")) {
+ * 		// Make master, derive a unique_id'd rune.
+ * 		if (argc != 3 && argc != 4)
+ * 			goto usage;
+ * 		master = rune_new(NULL, (u8 *)argv[2], strlen(argv[2]), NULL);
+ * 		rune = rune_derive_start(NULL, master, argv[3]);
+ * 	} else if (streq(argv[1], "add")) {
+ * 		// Add a restriction
+ * 		struct rune_restr *restr;
+ * 		if (argc != 4)
+ * 			goto usage;
+ * 		rune = rune_from_base64(NULL, argv[2]);
+ * 		if (!rune)
+ * 			errx(1, "Bad rune");
+ * 		restr = rune_restr_from_string(NULL, argv[3], strlen(argv[3]));
+ * 		if (!restr)
+ * 			errx(1, "Bad restriction string");
+ * 		rune_add_restr(rune, restr);
+ * 	} else if (streq(argv[1], "test")) {
+ * 		const char *err;
+ * 		if (argc != 5)
+ * 			goto usage;
+ * 		master = rune_new(NULL, (u8 *)argv[2], strlen(argv[2]), NULL);
+ * 		if (!master)
+ * 			errx(1, "Bad master rune");
+ * 		rune = rune_from_base64(NULL, argv[3]);
+ * 		if (!rune)
+ * 			errx(1, "Bad rune");
+ * 		err = rune_test(NULL, master, rune, check, argv[4]);
+ * 		if (err)
+ * 			printf("FAILED: %s\n", err);
+ * 		else
+ * 			printf("PASSED\n");
+ * 		return 0;
+ * 	} else
+ * 		goto usage;
+ * 
+ * 	printf("%s\n", rune_to_base64(NULL, rune));
+ * 	return 0;
+ * 
+ * usage:
+ * 	errx(1, "Usage: %s generate <secret> <uniqueid> OR\n"
+ * 	     "%s add <rune> <restriction> OR\n"
+ * 	     "%s test <secret> <rune> <uid>", argv[0], argv[0], argv[0]);
+ * }
+ */
+int main(int argc, char *argv[])
+{
+	/* Expect exactly one argument */
+	if (argc != 2)
+		return 1;
+
+	if (strcmp(argv[1], "depends") == 0) {
+		printf("ccan/base64\n");
+		printf("ccan/crypto/sha256\n");
+		printf("ccan/endian\n");
+		printf("ccan/mem\n");
+		printf("ccan/short_types\n");
+		printf("ccan/str/hex\n");
+		printf("ccan/tal/str\n");
+		printf("ccan/tal\n");
+		printf("ccan/typesafe_cb\n");
+		return 0;
+	}
+	if (strcmp(argv[1], "testdepends") == 0) {
+		printf("ccan/tal/grab_file\n");
+		return 0;
+	}
+
+	return 1;
+}