The brand pattern divides the capability of establishing a secure communication channel into two facets, called a sealer and unsealer.
def [ana, cata] := makeBrandPair("finney") def box := ana.seal(42) cata.unseal(box)
The resulting channel has the following properties:
- Authentic and Unforgeable: Boxes created by the sealer cannot be unsealed by any object other than the unsealer; to the contrapositive, any object that the unsealer unseals must have been sealed with the corresponding sealer.
- Asynchronous: Boxes created by the sealer can be unwrapped on any subsequent turn.
- Untyped: Any object can be transmitted along the channel.
Up & Down¶
To create a new brand, call
makeBrandPair(nickname :Str). The nickname is
purely cosmetic, to aid readability and debugging; it does not have to be
# Make a sealer named `ana` and an unsealer named `cata`. def [ana, cata] := makeBrandPair("finney")
The brand itself is an opaque object which proves that a sealer and unsealer
are paired with each other. It is accessible via the
# Hey, these two are a pair! ana.getBrand() == cata.getBrand() # should be true
Brands are usable as map keys:
def brandMap := [ana.getBrand() => [ana, cata]] brandMap[cata.getBrand()] # should be `[ana, cata]`
The fundamental operation of a sealer is to
.seal/1 an object into a box:
def box := ana.seal(42) box # <box sealed by finney>
The unsealer, unsurprisingly, provides
.unseal/1, which opens a box and
returns its contents:
cata.unseal(box) # should be 42
The box is opaque and yields only one useful method,
can be useful for determining which unsealer might be the correct one to use
brandMap[box.getBrand()] # should be `[ana, cata]`
The implementation of
makeBrandPair in the Typhon prelude has other
methods defined on boxes, but they do not affect the security guarantees
of the implementation.