[e-lang] Re: E sealer revisited: no EQ

Dean Tribble e-lang@mail.eros-os.org
Wed, 07 May 2003 21:06:10 -0700 

Here is code for Brands that does not use EQ.  I basically used the 
previous implementation but replaced the simple nonce with my own nonce 
implementation.  The nonce implementation uses the same kind of synergy 
trick, but because it is in complete control of the values to be stored in 
the private cell (it does not allow external values to be put there), it 
can have assurance that the storage is bounded.  In this case, nonces are 
created with sequential integers.  Note that these integers are never 
exposed outside of nonces, so only uniqueness is important.  When using the 
nonces, additional try/catch clauses were required because the nonces use 
non-standard messages.  With alleged-type testing, the actual runtime 
overhead of the exceptions would go away, but that wasn't really the point :-)

Note that some clever soul may think to create a nonce with an extremely 
large internal ID number, thus causing a storage issue.  Since this 
requires counting up to that number, it's easy to set an ID size bound that 
is computationally infeasible to reach (let's say 100 bits).  Thus, worst 
case with deliberate malice and an enormous number of CPU cycles, the 
private cell might hold onto one extra 96-bit Integer for the whole 
system.  I consider that a non-issue :-)

The code (BTW I hereby place the code below and the previous sealer 
implementation in the public domain):


def Exception := <unsafe:java.lang.Exception>

var nonceCount := 0
var privateCell := 0
def makeNonce() : any {
     nonceCount := nonceCount + 1
     def myID := nonceCount
     def nonce {
         to isSame(other) : boolean {
             privateCell := 0
             # we don't care whether it fails
             try { other.assertID() } catch ex {}
             privateCell == myID  # the one integer compare
         }
         to assertID() {
             privateCell := myID
         }
     }
}

def makeBrand(name) : any {
     var privateCell := null
     def unsealer  {
         to unseal(box) : any {
             def nonce := makeNonce()
             privateCell := nonce
             box.privOpen(nonce)
             def content := privateCell
             privateCell := null
             if (nonce.isSame(content)) {
                 throw(Exception(`$unsealer cannot unseal: $box`))
             } else {
                 content
             }
         }
         to __printOn(out) {out.print("<unsealer " + name + ">")}
     }
     def makeBox(content) : any {
         def box {
             to privOpen(nonce) {
                 try {
                     if (privateCell.isSame(nonce)) {
                         privateCell := content
                     }
                 } catch ex {}
             }
             to __printOn(out) {out.print("<sealed by " + name + ">")}
         }
     }
     def sealer {
         to seal(content) : any { makeBox(content) }
         to __printOn(out) {out.print("<sealer " + name + ">")}
     }
     [sealer,unsealer]
}

def [sealer1,unsealer1] := makeBrand("dean")
def [sealer2,unsealer2] := makeBrand("BATF")
def envelope := sealer1.seal("sealed message")

println(`sealer: $sealer1`)
println(`unsealer: $unsealer1`)
println(`envelope: $envelope`)

println(`opening: $unsealer1.unseal(envelope)`)

try{
     unsealer2.unseal(envelope)
} catch ex {
     println(`cracking: $ex`)
}