]>
Commit | Line | Data |
---|---|---|
b92e3c15 JT |
1 | {-# LANGUAGE OverloadedStrings #-} |
2 | {-| | |
3 | Module : Crypto.Macaroon.Verifier | |
4 | Copyright : (c) 2015 Julien Tanguy | |
5 | License : BSD3 | |
6 | ||
7 | Maintainer : julien.tanguy@jhome.fr | |
8 | Stability : experimental | |
9 | Portability : portable | |
10 | ||
11 | ||
12 | ||
13 | -} | |
14 | module Crypto.Macaroon.Verifier where | |
15 | ||
16 | ||
17 | import Crypto.Hash | |
18 | import Data.Bool | |
19 | import qualified Data.ByteString as BS | |
20 | import Data.Byteable | |
21 | import Data.Foldable | |
22 | ||
23 | import Crypto.Macaroon.Internal | |
24 | ||
25 | ||
26 | -- | Opaque datatype for now. Might need more explicit errors | |
5d1b7d51 | 27 | data VResult = VSuccess | VFailure deriving (Show,Eq) |
b92e3c15 | 28 | |
5d1b7d51 JT |
29 | verifySig :: Key -> Macaroon -> VResult |
30 | verifySig k m = bool VFailure VSuccess $ | |
b92e3c15 JT |
31 | signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m) |
32 | where | |
33 | hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256) | |
34 | derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256) |