[github/fretlink/hmacaroons.git] / src / Crypto / Macaroon / Internal.hs

{-# LANGUAGE OverloadedStrings #-}
{-|
Module      : Crypto.Macaroon.Internal
Copyright   : (c) 2015 Julien Tanguy
License     : BSD3

Maintainer  : julien.tanguy@jhome.fr
Stability   : experimental
Portability : portable


Internal representation of a macaroon
-}
module Crypto.Macaroon.Internal where


import           Control.DeepSeq
import           Crypto.Hash
import           Data.Byteable
import qualified Data.ByteString        as BS
import qualified Data.ByteString.Base64 as B64
import qualified Data.ByteString.Char8  as B8
import           Data.Hex
import           Data.List


-- |Type alias for Macaroons secret keys
type Secret = BS.ByteString

-- |Type alias for Macaroons and Caveat and identifiers
type Key = BS.ByteString

-- |Type alias for Macaroons and Caveat locations
type Location = BS.ByteString

-- |Type alias for Macaroons signatures
type Sig = BS.ByteString

-- | Main structure of a macaroon
data Macaroon = MkMacaroon { location   :: Location
                           -- ^ Target location
                           , identifier :: Key
                           -- ^ Macaroon Identifier
                           , caveats    :: [Caveat]
                           -- ^ List of caveats
                           , signature  :: Sig
                           -- ^ Macaroon HMAC signature
                           }

-- | Constant-time Eq instance
instance Eq Macaroon where
    (MkMacaroon l1 i1 c1 s1) == (MkMacaroon l2 i2 c2 s2) =
        (l1 `constEqBytes` l2) &&!
        (i1 `constEqBytes` i2) &&!
        (c1 == c2) &&!
        (s1 `constEqBytes` s2)


-- | show instance conforming to the @inspect@ "specification"
instance Show Macaroon where
    -- We use intercalate because unlines would add a trailing newline
    show (MkMacaroon l i c s) = intercalate "\n" [
                      "location " ++ B8.unpack l
                    , "identifier " ++ B8.unpack i
                    , intercalate "\n" (map show c)
                    , "signature " ++ B8.unpack (hex s)
                    ]

-- | NFData instance for use in the benchmark
instance NFData Macaroon where
    rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig


-- | Caveat structure
data Caveat = MkCaveat { cid :: Key
                       -- ^ Caveat identifier
                       , vid :: Key
                       -- ^ Caveat verification key identifier
                       , cl  :: Location
                       -- ^ Caveat target location
                       }

-- | Constant-time Eq instance
instance Eq Caveat where
    (MkCaveat c1 v1 l1) == (MkCaveat c2 v2 l2) =
        (c1 `constEqBytes` c2) &&!
        (v1 `constEqBytes` v2) &&!
        (l1 `constEqBytes` l2)

-- | show instance conforming to the @inspect@ "specification"
instance Show Caveat where
    show (MkCaveat c v l) | v == BS.empty = "cid " ++ B8.unpack c
                          | otherwise = unlines [ "cid " ++ B8.unpack c
                                                , "vid " ++ B8.unpack v
                                                , "cl " ++ B8.unpack l
                                                ]


-- | NFData instance for use in the benchmark
instance NFData Caveat where
    rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl

-- | Primitive to add a First or Third party caveat to a macaroon
-- For internal use only
addCaveat :: Location
          -> Key
          -> Key
          -> Macaroon
          -> Macaroon
addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
  where
    cavs = caveats m
    cav' = MkCaveat cid vid loc
    sig = toBytes (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)

-- | Utility non-short circuiting '&&' function.
(&&!) :: Bool -> Bool -> Bool
True  &&! True  = True
True  &&! False = False
False &&! True  = False
False &&! False = False
Commit	Line	Data
f6781456 JT	1	{-# LANGUAGE OverloadedStrings #-}
	2	{-\|
	3	Module : Crypto.Macaroon.Internal
	4	Copyright : (c) 2015 Julien Tanguy
	5	License : BSD3
	6
	7	Maintainer : julien.tanguy@jhome.fr
	8	Stability : experimental
	9	Portability : portable
	10
	11
	12	Internal representation of a macaroon
	13	-}
	14	module Crypto.Macaroon.Internal where
	15
	16
	17	import Control.DeepSeq
f6781456 JT	18	import Crypto.Hash
	19	import Data.Byteable
	20	import qualified Data.ByteString as BS
	21	import qualified Data.ByteString.Base64 as B64
	22	import qualified Data.ByteString.Char8 as B8
f6781456	23	import Data.Hex
2aede11a	24	import Data.List
f6781456	25
86f38823 JT	26
	27	-- \|Type alias for Macaroons secret keys
	28	type Secret = BS.ByteString
	29
	30	-- \|Type alias for Macaroons and Caveat and identifiers
f6781456 JT	31	type Key = BS.ByteString
f6781456 JT	32
1971e224	33	-- \|Type alias for Macaroons and Caveat locations
f6781456 JT	34	type Location = BS.ByteString
f6781456 JT	35
1971e224	36	-- \|Type alias for Macaroons signatures
f6781456 JT	37	type Sig = BS.ByteString
	38
	39	-- \| Main structure of a macaroon
	40	data Macaroon = MkMacaroon { location :: Location
	41	-- ^ Target location
	42	, identifier :: Key
	43	-- ^ Macaroon Identifier
	44	, caveats :: [Caveat]
	45	-- ^ List of caveats
	46	, signature :: Sig
	47	-- ^ Macaroon HMAC signature
30c4b925 JT	48	}
30c4b925 JT	49
7986de7c	50	-- \| Constant-time Eq instance
30c4b925 JT	51	instance Eq Macaroon where
	52	(MkMacaroon l1 i1 c1 s1) == (MkMacaroon l2 i2 c2 s2) =
	53	(l1 `constEqBytes` l2) &&!
	54	(i1 `constEqBytes` i2) &&!
	55	(c1 == c2) &&!
	56	(s1 `constEqBytes` s2)
	57
f6781456	58
1971e224	59	-- \| show instance conforming to the @inspect@ "specification"
2aede11a JT	60	instance Show Macaroon where
	61	-- We use intercalate because unlines would add a trailing newline
	62	show (MkMacaroon l i c s) = intercalate "\n" [
	63	"location " ++ B8.unpack l
	64	, "identifier " ++ B8.unpack i
b7889567	65	, intercalate "\n" (map show c)
2aede11a JT	66	, "signature " ++ B8.unpack (hex s)
2aede11a JT	67	]
f6781456	68
1971e224	69	-- \| NFData instance for use in the benchmark
f6781456 JT	70	instance NFData Macaroon where
	71	rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig
	72
	73
	74	-- \| Caveat structure
	75	data Caveat = MkCaveat { cid :: Key
	76	-- ^ Caveat identifier
	77	, vid :: Key
	78	-- ^ Caveat verification key identifier
	79	, cl :: Location
	80	-- ^ Caveat target location
30c4b925	81	}
f6781456	82
7986de7c	83	-- \| Constant-time Eq instance
30c4b925 JT	84	instance Eq Caveat where
	85	(MkCaveat c1 v1 l1) == (MkCaveat c2 v2 l2) =
	86	(c1 `constEqBytes` c2) &&!
	87	(v1 `constEqBytes` v2) &&!
	88	(l1 `constEqBytes` l2)
f6781456	89
1971e224	90	-- \| show instance conforming to the @inspect@ "specification"
2aede11a JT	91	instance Show Caveat where
	92	show (MkCaveat c v l) \| v == BS.empty = "cid " ++ B8.unpack c
	93	\| otherwise = unlines [ "cid " ++ B8.unpack c
	94	, "vid " ++ B8.unpack v
	95	, "cl " ++ B8.unpack l
	96	]
	97
	98
1971e224	99	-- \| NFData instance for use in the benchmark
f6781456 JT	100	instance NFData Caveat where
	101	rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl
	102
1971e224 JT	103	-- \| Primitive to add a First or Third party caveat to a macaroon
1971e224 JT	104	-- For internal use only
f6781456 JT	105	addCaveat :: Location
	106	-> Key
	107	-> Key
	108	-> Macaroon
	109	-> Macaroon
	110	addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
	111	where
	112	cavs = caveats m
	113	cav' = MkCaveat cid vid loc
2aede11a	114	sig = toBytes (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)
f6781456	115
30c4b925 JT	116	-- \| Utility non-short circuiting '&&' function.
	117	(&&!) :: Bool -> Bool -> Bool
	118	True &&! True = True
	119	True &&! False = False
	120	False &&! True = False
	121	False &&! False = False
	122