[github/fretlink/hmacaroons.git] / src / Crypto / Macaroon / Verifier.hs

{-# LANGUAGE OverloadedStrings #-}
{-|
Module      : Crypto.Macaroon.Verifier
Copyright   : (c) 2015 Julien Tanguy
License     : BSD3

Maintainer  : julien.tanguy@jhome.fr
Stability   : experimental
Portability : portable


-}
module Crypto.Macaroon.Verifier where


import           Crypto.Hash
import           Data.Bool
import qualified Data.ByteString            as BS
import           Data.Byteable
import           Data.Foldable

import           Crypto.Macaroon.Internal


-- | Opaque datatype for now. Might need more explicit errors
data VResult = VSuccess | VFailure deriving (Show,Eq)

verifySig :: Key -> Macaroon -> VResult
verifySig k m = bool VFailure VSuccess $
      signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m)
  where
    hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
    derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)
Commit	Line	Data
b92e3c15 JT	1	{-# LANGUAGE OverloadedStrings #-}
	2	{-\|
	3	Module : Crypto.Macaroon.Verifier
	4	Copyright : (c) 2015 Julien Tanguy
	5	License : BSD3
	6
	7	Maintainer : julien.tanguy@jhome.fr
	8	Stability : experimental
	9	Portability : portable
	10
	11
	12
	13	-}
	14	module Crypto.Macaroon.Verifier where
	15
	16
	17	import Crypto.Hash
	18	import Data.Bool
	19	import qualified Data.ByteString as BS
	20	import Data.Byteable
	21	import Data.Foldable
	22
	23	import Crypto.Macaroon.Internal
	24
	25
	26	-- \| Opaque datatype for now. Might need more explicit errors
5d1b7d51	27	data VResult = VSuccess \| VFailure deriving (Show,Eq)
b92e3c15	28
5d1b7d51 JT	29	verifySig :: Key -> Macaroon -> VResult
5d1b7d51 JT	30	verifySig k m = bool VFailure VSuccess $
b92e3c15 JT	31	signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m)
	32	where
	33	hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
	34	derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)