X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=inline;f=src%2FCrypto%2FMacaroon%2FInternal.hs;h=d6e80d3700d4e416858021b987b4bf72c00c1be4;hb=86f3882318d323d1920ca1c7da6e816f0ed376da;hp=810591cc627aacdd7335bf62b5e5856d9ee9a4df;hpb=1971e224efa6a5940fb8b15c718f2b59c2d0f014;p=github%2Ffretlink%2Fhmacaroons.git

diff --git a/src/Crypto/Macaroon/Internal.hs b/src/Crypto/Macaroon/Internal.hs
index 810591c..d6e80d3 100644
--- a/src/Crypto/Macaroon/Internal.hs
+++ b/src/Crypto/Macaroon/Internal.hs
@@ -15,7 +15,6 @@ module Crypto.Macaroon.Internal where
 
 
 import           Control.DeepSeq
-import           Crypto.Cipher.AES
 import           Crypto.Hash
 import           Data.Byteable
 import qualified Data.ByteString        as BS
@@ -24,7 +23,11 @@ import qualified Data.ByteString.Char8  as B8
 import           Data.Hex
 import           Data.List
 
--- |Type alias for Macaroons and Caveat keys and identifiers
+
+-- |Type alias for Macaroons secret keys
+type Secret = BS.ByteString
+
+-- |Type alias for Macaroons and Caveat and identifiers
 type Key = BS.ByteString
 
 -- |Type alias for Macaroons and Caveat locations
@@ -42,7 +45,16 @@ data Macaroon = MkMacaroon { location   :: Location
                            -- ^ List of caveats
                            , signature  :: Sig
                            -- ^ Macaroon HMAC signature
-                           } deriving (Eq)
+                           }
+
+-- | Constant-time Eq instance
+instance Eq Macaroon where
+    (MkMacaroon l1 i1 c1 s1) == (MkMacaroon l2 i2 c2 s2) =
+        (l1 `constEqBytes` l2) &&!
+        (i1 `constEqBytes` i2) &&!
+        (c1 == c2) &&!
+        (s1 `constEqBytes` s2)
+
 
 -- | show instance conforming to the @inspect@ "specification"
 instance Show Macaroon where
@@ -50,7 +62,7 @@ instance Show Macaroon where
     show (MkMacaroon l i c s) = intercalate "\n" [
                       "location " ++ B8.unpack l
                     , "identifier " ++ B8.unpack i
-                    , concatMap show c
+                    , intercalate "\n" (map show c)
                     , "signature " ++ B8.unpack (hex s)
                     ]
 
@@ -66,8 +78,14 @@ data Caveat = MkCaveat { cid :: Key
                        -- ^ Caveat verification key identifier
                        , cl  :: Location
                        -- ^ Caveat target location
+                       }
 
-                       } deriving (Eq)
+-- | Constant-time Eq instance
+instance Eq Caveat where
+    (MkCaveat c1 v1 l1) == (MkCaveat c2 v2 l2) =
+        (c1 `constEqBytes` c2) &&!
+        (v1 `constEqBytes` v2) &&!
+        (l1 `constEqBytes` l2)
 
 -- | show instance conforming to the @inspect@ "specification"
 instance Show Caveat where
@@ -95,3 +113,10 @@ addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
     cav' = MkCaveat cid vid loc
     sig = toBytes (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)
 
+-- | Utility non-short circuiting '&&' function.
+(&&!) :: Bool -> Bool -> Bool
+True  &&! True  = True
+True  &&! False = False
+False &&! True  = False
+False &&! False = False
+