src/Crypto/Macaroon/Verifier.hs

   1 {-# LANGUAGE OverloadedStrings #-}
   2 {-|
   3 Module      : Crypto.Macaroon.Verifier
   4 Copyright   : (c) 2015 Julien Tanguy
   5 License     : BSD3
   6
   7 Maintainer  : julien.tanguy@jhome.fr
   8 Stability   : experimental
   9 Portability : portable
  10
  11
  12
  13 -}
  14 module Crypto.Macaroon.Verifier where
  15
  16
  17 import           Crypto.Hash
  18 import           Data.Bool
  19 import qualified Data.ByteString            as BS
  20 import           Data.Byteable
  21 import           Data.Foldable
  22
  23 import           Crypto.Macaroon.Internal
  24
  25
  26 -- | Opaque datatype for now. Might need more explicit errors
  27 data VResult = VSuccess | VFailure deriving (Show,Eq)
  28
  29 verifySig :: Key -> Macaroon -> VResult
  30 verifySig k m = bool VFailure VSuccess $
  31       signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m)
  32   where
  33     hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
  34     derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)