Meadowcap

Cargo.toml

@@ -1,7 +1,7 @@
 [workspace]
 
-members = ["data-model", "earthstar", "fuzz"]
+members = ["data-model", "earthstar", "fuzz", "meadowcap"]
 resolver = "2"
 
 [workspace.lints.clippy]
-type_complexity = "allow"
+type_complexity = "allow"

data-model/src/encoding/bytes.rs

@@ -1,7 +1,7 @@
 use syncify::syncify;
 
 #[syncify(encoding_sync)]
-pub(super) mod encoding {
+pub mod encoding {
 
     use crate::encoding::error::DecodeError;
 

data-model/src/encoding/compact_width.rs

@@ -109,7 +109,7 @@ use syncify::syncify;
 use syncify::syncify_replace;
 
 #[syncify(encoding_sync)]
-pub(super) mod encoding {
+pub mod encoding {
     use super::*;
 
     #[syncify_replace(use ufotofu::sync::{BulkConsumer, BulkProducer};)]

data-model/src/encoding/mod.rs

@@ -10,7 +10,6 @@ pub mod unsigned_int;
 pub mod max_power;
 pub mod max_power_sync {
     use super::max_power;
-
     pub use max_power::encoding_sync::*;
     pub use max_power::max_power;
-}
+}

data-model/src/grouping/area.rs

@@ -63,7 +63,7 @@ where
 
 /// A grouping of entries.
 /// [Definition](https://willowprotocol.org/specs/grouping-entries/index.html#areas).
-#[derive(Debug, PartialEq, Eq, PartialOrd, Ord)]
+#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Clone)]
 pub struct Area<const MCL: usize, const MCC: usize, const MPL: usize, S: SubspaceId> {
     /// To be included in this [`Area`], an [`Entry`]’s `subspace_id` must be equal to the subspace_id, unless it is any.
     subspace: AreaSubspace<S>,

data-model/src/grouping/range.rs

@@ -118,6 +118,18 @@ impl<const MCL: usize, const MCC: usize, const MPL: usize> PartialOrd<RangeEnd<P
     }
 }
 
+impl<T> Clone for RangeEnd<T>
+where
+    T: Ord + Clone,
+{
+    fn clone(&self) -> Self {
+        match self {
+            RangeEnd::Closed(val) => RangeEnd::Closed(val.clone()),
+            RangeEnd::Open => RangeEnd::Open,
+        }
+    }
+}
+
 #[cfg(feature = "dev")]
 impl<'a, T> Arbitrary<'a> for RangeEnd<T>
 where
@@ -235,6 +247,18 @@ impl<T: Ord> PartialOrd for Range<T> {
     }
 }
 
+impl<T> Clone for Range<T>
+where
+    T: Ord + Clone,
+{
+    fn clone(&self) -> Self {
+        Self {
+            start: self.start.clone(),
+            end: self.end.clone(),
+        }
+    }
+}
+
 #[cfg(feature = "dev")]
 impl<'a, T> Arbitrary<'a> for Range<T>
 where

data-model/src/parameters.rs

@@ -37,5 +37,6 @@ pub trait IsAuthorisedWrite<
     PD: PayloadDigest,
 >
 {
+    /// Determine whether this type (nominally a [`AuthorisationToken`](https://willowprotocol.org/specs/data-model/index.html#AuthorisationToken)) is able to prove write permission for a given [`Entry`].
     fn is_authorised_write(&self, entry: &Entry<MCL, MCC, MPL, N, S, PD>) -> bool;
 }

fuzz/Cargo.toml

@@ -15,12 +15,18 @@ ufotofu = { version = "0.3.0", features=["dev"]}
 smol = "2.0.0"
 arbitrary = { version = "1.0.2", features = ["derive"] }
 libfuzzer-sys = { version = "0.4", features = ["arbitrary-derive"] }
+signature = "2.2.0"
+syncify = "0.1.0"
 
 
 [dependencies.willow-data-model]
 path = "../data-model"
 features = ["dev"]
 
+[dependencies.meadowcap]
+path = "../meadowcap"
+features = ["dev"]
+
 [dependencies.earthstar]
 path = "../earthstar"
 
@@ -318,3 +324,66 @@ path = "fuzz_targets/range3d_rel_rang3d_encoding_random.rs"
 test = false
 doc = false
 bench = false
+
+[[bin]]
+name = "mc_capability_delegation"
+path = "fuzz_targets/mc_capability_delegation.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mc_capability_append_delegation"
+path = "fuzz_targets/mc_capability_append_delegation.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mc_is_authorised_write"
+path = "fuzz_targets/mc_is_authorised_write.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mc_capability_rel_area_encoding"
+path = "fuzz_targets/mc_capability_rel_area_encoding.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mc_capability_rel_area_encoding_random"
+path = "fuzz_targets/mc_capability_rel_area_encoding_random.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mc_subspace_capability_delegation"
+path = "fuzz_targets/mc_subspace_capability_delegation.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mc_subspace_capability_append_delegation"
+path = "fuzz_targets/mc_subspace_capability_append_delegation.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mc_subspace_capability_encoding"
+path = "fuzz_targets/mc_subspace_capability_encoding.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mc_subspace_capability_encoding_random"
+path = "fuzz_targets/mc_subspace_capability_encoding_random.rs"
+test = false
+doc = false
+bench = false

fuzz/fuzz_targets/mc_capability_append_delegation.rs

@@ -0,0 +1,90 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use meadowcap::{mc_capability::McCapability, Delegation, InvalidDelegationError};
+use willow_data_model_fuzz::silly_sigs::{SillyPublicKey, SillySig};
+
+fuzz_target!(|data: (
+    Delegation<16, 16, 16, SillyPublicKey, SillySig>,
+    McCapability<16, 16, 16, SillyPublicKey, SillySig, SillyPublicKey, SillySig>,
+    Vec<SillyPublicKey>
+)| {
+    let (delegation, mc_cap, delegees) = data;
+
+    let mut mut_cap = mc_cap.clone();
+
+    let mut last_receiver = mut_cap.receiver().clone();
+    let granted_area = mut_cap.granted_area();
+
+    for delegee in delegees {
+        mut_cap = mut_cap
+            .delegate(
+                &last_receiver.corresponding_secret_key(),
+                &delegee,
+                &granted_area,
+            )
+            .unwrap();
+        last_receiver = delegee;
+    }
+
+    let claimed_area = delegation.area().clone();
+    let delegation_user = delegation.user().clone();
+    let delegation_sig = delegation.signature().clone();
+
+    let granted_area_includes_delegation = mut_cap.granted_area().includes_area(delegation.area());
+
+    let actual_receiver_secret = mut_cap.receiver().corresponding_secret_key();
+
+    let cap_before_delegation = mut_cap.clone();
+
+    match mut_cap.append_existing_delegation(delegation) {
+        Ok(_) => {
+            assert!(granted_area_includes_delegation);
+
+            // Because there is only one user who can delegate a given capability, we know what it should look like given the same new_area and new_user.
+            let expected_cap = cap_before_delegation.delegate(
+                &actual_receiver_secret,
+                &delegation_user,
+                &claimed_area,
+            );
+
+            match expected_cap {
+                Ok(cap) => {
+                    assert_eq!(cap, mut_cap);
+                }
+                Err(_) => {
+                    panic!("The delegation should not have been possible")
+                }
+            }
+        }
+        Err(err) => match err {
+            InvalidDelegationError::AreaNotIncluded {
+                excluded_area,
+                claimed_receiver: _,
+            } => {
+                assert!(!granted_area_includes_delegation);
+                assert_eq!(excluded_area, claimed_area);
+            }
+            InvalidDelegationError::InvalidSignature {
+                expected_signatory,
+                claimed_receiver,
+                signature: _,
+            } => {
+                assert_eq!(&expected_signatory, mut_cap.receiver());
+                assert_eq!(delegation_user, claimed_receiver);
+
+                // Because there is only one user who can delegate a given capability, we know what it should look like given the same new_area and new_user.
+                let expected_cap =
+                    mut_cap.delegate(&actual_receiver_secret, &delegation_user, &claimed_area);
+
+                match expected_cap {
+                    Ok(cap) => {
+                        let valid_delegation = cap.delegations().last().unwrap();
+                        assert!(valid_delegation.signature() != &delegation_sig);
+                    }
+                    Err(_) => panic!("The expected cap should have been fine..."),
+                }
+            }
+        },
+    }
+});

fuzz/fuzz_targets/mc_capability_delegation.rs

@@ -0,0 +1,57 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use meadowcap::{mc_capability::McCapability, FailedDelegationError};
+use willow_data_model::grouping::area::Area;
+use willow_data_model_fuzz::silly_sigs::{SillyPublicKey, SillySecret, SillySig};
+
+fuzz_target!(|data: (
+    SillySecret,
+    SillyPublicKey,
+    Area<16, 16, 16, SillyPublicKey>,
+    McCapability<16, 16, 16, SillyPublicKey, SillySig, SillyPublicKey, SillySig>,
+    Vec<SillyPublicKey>
+)| {
+    let (secret, new_user, area, mc_cap, delegees) = data;
+
+    let mut cap_with_delegees = mc_cap.clone();
+    let mut last_receiver = mc_cap.receiver().clone();
+    let granted_area = mc_cap.granted_area();
+
+    for delegee in delegees {
+        cap_with_delegees = cap_with_delegees
+            .delegate(
+                &last_receiver.corresponding_secret_key(),
+                &delegee,
+                &granted_area,
+            )
+            .unwrap();
+        last_receiver = delegee;
+    }
+
+    let area_is_included = cap_with_delegees.granted_area().includes_area(&area);
+    let is_correct_secret = cap_with_delegees.receiver() == &secret.corresponding_public_key();
+
+    match cap_with_delegees.delegate(&secret, &new_user, &area) {
+        Ok(delegated_cap) => {
+            assert!(area_is_included);
+            assert!(is_correct_secret);
+
+            assert_eq!(delegated_cap.granted_area(), area);
+            assert_eq!(delegated_cap.receiver(), &new_user);
+        }
+        Err(err) => match err {
+            FailedDelegationError::AreaNotIncluded {
+                excluded_area,
+                claimed_receiver: _,
+            } => {
+                assert!(!area_is_included);
+                assert_eq!(excluded_area, area);
+            }
+            FailedDelegationError::WrongSecretForUser(pub_key) => {
+                assert_eq!(&pub_key, cap_with_delegees.receiver());
+                assert!(secret.corresponding_public_key() != pub_key)
+            }
+        },
+    }
+});