1 {-# LANGUAGE OverloadedStrings #-}
3 Module : Crypto.Macaroon
4 Copyright : (c) 2015 Julien Tanguy
7 Maintainer : julien.tanguy@jhome.fr
8 Stability : experimental
11 Pure haskell implementations of macaroons.
13 Warning: this implementation has not been audited by security experts.
14 Do not use in production
19 - Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud <http://research.google.com/pubs/pub41892.html>
20 - Time for better security in NoSQL <http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex>
22 module Crypto.Macaroon (
30 -- * Accessing functions
45 -- , addThirdPartyCaveat
48 -- import Crypto.Cipher.AES
51 import qualified Data.ByteString as BS
52 import qualified Data.ByteString.Base64.URL as B64
53 import qualified Data.ByteString.Char8 as B8
55 import Crypto.Macaroon.Internal
57 -- | Create a Macaroon from its key, identifier and location
58 create :: Secret -> Key -> Location -> Macaroon
59 create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256))
61 derivedKey = toBytes (hmac "macaroons-key-generator" secret :: HMAC SHA256)
63 -- | Inspect a macaroon's contents. For debugging purposes.
64 inspect :: Macaroon -> String
67 -- | Add a first party Caveat to a Macaroon, with its identifier
68 addFirstPartyCaveat :: Key -> Macaroon -> Macaroon
69 addFirstPartyCaveat ident m = addCaveat (location m) ident BS.empty m
71 -- |Add a third party Caveat to a Macaroon, using its location, identifier and
73 -- addThirdPartyCaveat :: Key
78 -- addThirdPartyCaveat key cid loc m = addCaveat loc cid vid m
80 -- vid = encryptECB (initAES (signature m)) key