aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJulien Tanguy <julien.tanguy@jhome.fr>2015-05-14 19:00:50 +0200
committerJulien Tanguy <julien.tanguy@jhome.fr>2015-05-14 19:00:50 +0200
commitb92e3c159fad49b86fe4bd115f487057c04e3c18 (patch)
treef8a01bd7345d09b01fa6282adb310ffdfa9b1882
parente0ceb8d38cf44ea2a9e0d6564fe64a25fd3039b4 (diff)
downloadhmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.tar.gz
hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.tar.zst
hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.zip
Basic verification of macaroons
- Only signatures are checked
-rw-r--r--hmacaroons.cabal3
-rw-r--r--src/Crypto/Macaroon/Verifier.hs34
-rw-r--r--test/Crypto/Macaroon/Verifier/Tests.hs59
-rw-r--r--test/main.hs2
4 files changed, 97 insertions, 1 deletions
diff --git a/hmacaroons.cabal b/hmacaroons.cabal
index e80cfa4..48e2cfe 100644
--- a/hmacaroons.cabal
+++ b/hmacaroons.cabal
@@ -53,9 +53,10 @@ source-repository head
53 location: https://github.com/jtanguy/hmacaroons 53 location: https://github.com/jtanguy/hmacaroons
54 54
55library 55library
56 exposed-modules: Crypto.Macaroon, 56 exposed-modules: Crypto.Macaroon
57 Crypto.Macaroon.Binder 57 Crypto.Macaroon.Binder
58 Crypto.Macaroon.Serializer.Base64 58 Crypto.Macaroon.Serializer.Base64
59 Crypto.Macaroon.Verifier
59 other-modules: Crypto.Macaroon.Internal 60 other-modules: Crypto.Macaroon.Internal
60 build-depends: base >=4 && < 5, 61 build-depends: base >=4 && < 5,
61 attoparsec >=0.12, 62 attoparsec >=0.12,
diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs
new file mode 100644
index 0000000..0d1636c
--- /dev/null
+++ b/src/Crypto/Macaroon/Verifier.hs
@@ -0,0 +1,34 @@
1{-# LANGUAGE OverloadedStrings #-}
2{-|
3Module : Crypto.Macaroon.Verifier
4Copyright : (c) 2015 Julien Tanguy
5License : BSD3
6
7Maintainer : julien.tanguy@jhome.fr
8Stability : experimental
9Portability : portable
10
11
12
13-}
14module Crypto.Macaroon.Verifier where
15
16
17import Crypto.Hash
18import Data.Bool
19import qualified Data.ByteString as BS
20import Data.Byteable
21import Data.Foldable
22
23import Crypto.Macaroon.Internal
24
25
26-- | Opaque datatype for now. Might need more explicit errors
27data Result = Success | Failure deriving (Show,Eq)
28
29verifySig :: Key -> Macaroon -> Result
30verifySig k m = bool Failure Success $
31 signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m)
32 where
33 hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
34 derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)
diff --git a/test/Crypto/Macaroon/Verifier/Tests.hs b/test/Crypto/Macaroon/Verifier/Tests.hs
new file mode 100644
index 0000000..92a8a21
--- /dev/null
+++ b/test/Crypto/Macaroon/Verifier/Tests.hs
@@ -0,0 +1,59 @@
1{-# LANGUAGE OverloadedStrings #-}
2{-|
3Copyright : (c) 2015 Julien Tanguy
4License : BSD3
5
6Maintainer : julien.tanguy@jhome.fr
7
8
9This test suite is based on the pymacaroons test suite:
10<https://github.com/ecordell/pymacaroons>
11-}
12module Crypto.Macaroon.Verifier.Tests where
13
14
15import qualified Data.ByteString.Char8 as B8
16import Test.Tasty
17import Test.Tasty.HUnit
18
19import Crypto.Macaroon
20import Crypto.Macaroon.Verifier
21
22import Crypto.Macaroon.Instances
23
24tests :: TestTree
25tests = testGroup "Crypto.Macaroon.Verifier" [ sigs
26 ]
27
28sec = B8.pack "this is our super secret key; only we should know it"
29
30m :: Macaroon
31m = create sec key loc
32 where
33 key = B8.pack "we used our sec key"
34 loc = B8.pack "http://mybank/"
35
36m2 :: Macaroon
37m2 = addFirstPartyCaveat "test = caveat" m
38
39m3 :: Macaroon
40m3 = addFirstPartyCaveat "test = acaveat" m
41
42sigs = testGroup "Signatures" [ basic
43 , minted
44 ]
45
46basic = testCase "Basic Macaroon Signature" $
47 Success @=? verifySig sec m
48
49
50minted :: TestTree
51minted = testGroup "Macaroon with first party caveats" [ one
52 , two
53 ]
54one = testCase "One caveat" $
55 Success @=? verifySig sec m2
56
57two = testCase "Two caveats" $
58 Success @=? verifySig sec m3
59
diff --git a/test/main.hs b/test/main.hs
index 48519b9..3edbe54 100644
--- a/test/main.hs
+++ b/test/main.hs
@@ -6,6 +6,7 @@ import Test.Tasty.HUnit
6import qualified Sanity 6import qualified Sanity
7import qualified Crypto.Macaroon.Tests 7import qualified Crypto.Macaroon.Tests
8import qualified Crypto.Macaroon.Serializer.Base64.Tests 8import qualified Crypto.Macaroon.Serializer.Base64.Tests
9import qualified Crypto.Macaroon.Verifier.Tests
9 10
10main = defaultMain tests 11main = defaultMain tests
11 12
@@ -13,5 +14,6 @@ tests :: TestTree
13tests = testGroup "Tests" [ Sanity.tests 14tests = testGroup "Tests" [ Sanity.tests
14 , Crypto.Macaroon.Tests.tests 15 , Crypto.Macaroon.Tests.tests
15 , Crypto.Macaroon.Serializer.Base64.Tests.tests 16 , Crypto.Macaroon.Serializer.Base64.Tests.tests
17 , Crypto.Macaroon.Verifier.Tests.tests
16 ] 18 ]
17 19