[github/fretlink/hmacaroons.git] / src / Crypto / Macaroon / Internal.hs

{-# LANGUAGE OverloadedStrings #-}
{-|
Module      : Crypto.Macaroon.Internal
Copyright   : (c) 2015 Julien Tanguy
License     : BSD3

Maintainer  : julien.tanguy@jhome.fr
Stability   : experimental
Portability : portable


Internal representation of a macaroon
-}
module Crypto.Macaroon.Internal where


import           Control.DeepSeq
import           Crypto.Cipher.AES
import           Crypto.Hash
import           Data.Byteable
import qualified Data.ByteString        as BS
import qualified Data.ByteString.Base64 as B64
import qualified Data.ByteString.Char8  as B8
import           Data.Hex
import           Data.List

-- |Type alias for Macaroons and Caveat keys and identifiers
type Key = BS.ByteString

-- |Type alias for Macaroons and Caveat locations
type Location = BS.ByteString

-- |Type alias for Macaroons signatures
type Sig = BS.ByteString

-- | Main structure of a macaroon
data Macaroon = MkMacaroon { location   :: Location
                           -- ^ Target location
                           , identifier :: Key
                           -- ^ Macaroon Identifier
                           , caveats    :: [Caveat]
                           -- ^ List of caveats
                           , signature  :: Sig
                           -- ^ Macaroon HMAC signature
                           }

-- | Constant-time Eq instance
instance Eq Macaroon where
    (MkMacaroon l1 i1 c1 s1) == (MkMacaroon l2 i2 c2 s2) =
        (l1 `constEqBytes` l2) &&!
        (i1 `constEqBytes` i2) &&!
        (c1 == c2) &&!
        (s1 `constEqBytes` s2)


-- | show instance conforming to the @inspect@ "specification"
instance Show Macaroon where
    -- We use intercalate because unlines would add a trailing newline
    show (MkMacaroon l i c s) = intercalate "\n" [
                      "location " ++ B8.unpack l
                    , "identifier " ++ B8.unpack i
                    , concatMap show c
                    , "signature " ++ B8.unpack (hex s)
                    ]

-- | NFData instance for use in the benchmark
instance NFData Macaroon where
    rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig


-- | Caveat structure
data Caveat = MkCaveat { cid :: Key
                       -- ^ Caveat identifier
                       , vid :: Key
                       -- ^ Caveat verification key identifier
                       , cl  :: Location
                       -- ^ Caveat target location
                       }

-- | Constant-time Eq instance
instance Eq Caveat where
    (MkCaveat c1 v1 l1) == (MkCaveat c2 v2 l2) =
        (c1 `constEqBytes` c2) &&!
        (v1 `constEqBytes` v2) &&!
        (l1 `constEqBytes` l2)

-- | show instance conforming to the @inspect@ "specification"
instance Show Caveat where
    show (MkCaveat c v l) | v == BS.empty = "cid " ++ B8.unpack c
                          | otherwise = unlines [ "cid " ++ B8.unpack c
                                                , "vid " ++ B8.unpack v
                                                , "cl " ++ B8.unpack l
                                                ]


-- | NFData instance for use in the benchmark
instance NFData Caveat where
    rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl

-- | Primitive to add a First or Third party caveat to a macaroon
-- For internal use only
addCaveat :: Location
          -> Key
          -> Key
          -> Macaroon
          -> Macaroon
addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
  where
    cavs = caveats m
    cav' = MkCaveat cid vid loc
    sig = toBytes (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)

-- | Utility non-short circuiting '&&' function.
(&&!) :: Bool -> Bool -> Bool
True  &&! True  = True
True  &&! False = False
False &&! True  = False
False &&! False = False
Commit	Line	Data
f6781456 JT	1	{-# LANGUAGE OverloadedStrings #-}
	2	{-\|
	3	Module : Crypto.Macaroon.Internal
	4	Copyright : (c) 2015 Julien Tanguy
	5	License : BSD3
	6
	7	Maintainer : julien.tanguy@jhome.fr
	8	Stability : experimental
	9	Portability : portable
	10
	11
	12	Internal representation of a macaroon
	13	-}
	14	module Crypto.Macaroon.Internal where
	15
	16
	17	import Control.DeepSeq
	18	import Crypto.Cipher.AES
	19	import Crypto.Hash
	20	import Data.Byteable
	21	import qualified Data.ByteString as BS
	22	import qualified Data.ByteString.Base64 as B64
	23	import qualified Data.ByteString.Char8 as B8
f6781456	24	import Data.Hex
2aede11a	25	import Data.List
f6781456 JT	26
	27	-- \|Type alias for Macaroons and Caveat keys and identifiers
	28	type Key = BS.ByteString
	29
1971e224	30	-- \|Type alias for Macaroons and Caveat locations
f6781456 JT	31	type Location = BS.ByteString
f6781456 JT	32
1971e224	33	-- \|Type alias for Macaroons signatures
f6781456 JT	34	type Sig = BS.ByteString
	35
	36	-- \| Main structure of a macaroon
	37	data Macaroon = MkMacaroon { location :: Location
	38	-- ^ Target location
	39	, identifier :: Key
	40	-- ^ Macaroon Identifier
	41	, caveats :: [Caveat]
	42	-- ^ List of caveats
	43	, signature :: Sig
	44	-- ^ Macaroon HMAC signature
30c4b925 JT	45	}
30c4b925 JT	46
7986de7c	47	-- \| Constant-time Eq instance
30c4b925 JT	48	instance Eq Macaroon where
	49	(MkMacaroon l1 i1 c1 s1) == (MkMacaroon l2 i2 c2 s2) =
	50	(l1 `constEqBytes` l2) &&!
	51	(i1 `constEqBytes` i2) &&!
	52	(c1 == c2) &&!
	53	(s1 `constEqBytes` s2)
	54
f6781456	55
1971e224	56	-- \| show instance conforming to the @inspect@ "specification"
2aede11a JT	57	instance Show Macaroon where
	58	-- We use intercalate because unlines would add a trailing newline
	59	show (MkMacaroon l i c s) = intercalate "\n" [
	60	"location " ++ B8.unpack l
	61	, "identifier " ++ B8.unpack i
	62	, concatMap show c
	63	, "signature " ++ B8.unpack (hex s)
	64	]
f6781456	65
1971e224	66	-- \| NFData instance for use in the benchmark
f6781456 JT	67	instance NFData Macaroon where
	68	rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig
	69
	70
	71	-- \| Caveat structure
	72	data Caveat = MkCaveat { cid :: Key
	73	-- ^ Caveat identifier
	74	, vid :: Key
	75	-- ^ Caveat verification key identifier
	76	, cl :: Location
	77	-- ^ Caveat target location
30c4b925	78	}
f6781456	79
7986de7c	80	-- \| Constant-time Eq instance
30c4b925 JT	81	instance Eq Caveat where
	82	(MkCaveat c1 v1 l1) == (MkCaveat c2 v2 l2) =
	83	(c1 `constEqBytes` c2) &&!
	84	(v1 `constEqBytes` v2) &&!
	85	(l1 `constEqBytes` l2)
f6781456	86
1971e224	87	-- \| show instance conforming to the @inspect@ "specification"
2aede11a JT	88	instance Show Caveat where
	89	show (MkCaveat c v l) \| v == BS.empty = "cid " ++ B8.unpack c
	90	\| otherwise = unlines [ "cid " ++ B8.unpack c
	91	, "vid " ++ B8.unpack v
	92	, "cl " ++ B8.unpack l
	93	]
	94
	95
1971e224	96	-- \| NFData instance for use in the benchmark
f6781456 JT	97	instance NFData Caveat where
	98	rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl
	99
1971e224 JT	100	-- \| Primitive to add a First or Third party caveat to a macaroon
1971e224 JT	101	-- For internal use only
f6781456 JT	102	addCaveat :: Location
	103	-> Key
	104	-> Key
	105	-> Macaroon
	106	-> Macaroon
	107	addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
	108	where
	109	cavs = caveats m
	110	cav' = MkCaveat cid vid loc
2aede11a	111	sig = toBytes (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)
f6781456	112
30c4b925 JT	113	-- \| Utility non-short circuiting '&&' function.
	114	(&&!) :: Bool -> Bool -> Bool
	115	True &&! True = True
	116	True &&! False = False
	117	False &&! True = False
	118	False &&! False = False
	119