Basic verification of macaroons

- Only signatures are checked
author: Julien Tanguy <julien.tanguy@jhome.fr> 2015-05-14 19:00:50 +0200
committer: Julien Tanguy <julien.tanguy@jhome.fr> 2015-05-14 19:00:50 +0200
commit: b92e3c159fad49b86fe4bd115f487057c04e3c18 (patch)
tree: f8a01bd7345d09b01fa6282adb310ffdfa9b1882
parent: e0ceb8d38cf44ea2a9e0d6564fe64a25fd3039b4 (diff)
download: hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.tar.gz
hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.tar.zst
hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.zip
4 files changed, 97 insertions, 1 deletions
diff --git a/hmacaroons.cabal b/hmacaroons.cabal
index e80cfa4..48e2cfe 100644
--- a/hmacaroons.cabal
+++ b/hmacaroons.cabal
@@ -53,9 +53,10 @@ source-repository head
    location:   https://github.com/jtanguy/hmacaroons
 library
-  exposed-modules:     Crypto.Macaroon,
+  exposed-modules:     Crypto.Macaroon
                       Crypto.Macaroon.Binder
                       Crypto.Macaroon.Serializer.Base64
+                       Crypto.Macaroon.Verifier
  other-modules:       Crypto.Macaroon.Internal
  build-depends:  base >=4 && < 5,
                  attoparsec >=0.12,
diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs
new file mode 100644
index 0000000..0d1636c
--- /dev/null
+++ b/src/Crypto/Macaroon/Verifier.hs
@@ -0,0 +1,34 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-|
+Module      : Crypto.Macaroon.Verifier
+Copyright   : (c) 2015 Julien Tanguy
+License     : BSD3
+Maintainer  : julien.tanguy@jhome.fr
+Stability   : experimental
+Portability : portable
+-}
+module Crypto.Macaroon.Verifier where
+import           Crypto.Hash
+import           Data.Bool
+import qualified Data.ByteString            as BS
+import           Data.Byteable
+import           Data.Foldable
+import           Crypto.Macaroon.Internal
+-- | Opaque datatype for now. Might need more explicit errors
+data Result = Success | Failure deriving (Show,Eq)
+verifySig :: Key -> Macaroon -> Result
+verifySig k m = bool Failure Success $
+      signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m)
+  where
+    hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
+    derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)
diff --git a/test/Crypto/Macaroon/Verifier/Tests.hs b/test/Crypto/Macaroon/Verifier/Tests.hs
new file mode 100644
index 0000000..92a8a21
--- /dev/null
+++ b/test/Crypto/Macaroon/Verifier/Tests.hs
@@ -0,0 +1,59 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-|
+Copyright   : (c) 2015 Julien Tanguy
+License     : BSD3
+Maintainer  : julien.tanguy@jhome.fr
+This test suite is based on the pymacaroons test suite:
+<https://github.com/ecordell/pymacaroons>
+-}
+module Crypto.Macaroon.Verifier.Tests where
+import qualified Data.ByteString.Char8 as B8
+import Test.Tasty
+import Test.Tasty.HUnit
+import           Crypto.Macaroon
+import           Crypto.Macaroon.Verifier
+import Crypto.Macaroon.Instances
+tests :: TestTree
+tests = testGroup "Crypto.Macaroon.Verifier" [ sigs
+                                             ]
+sec = B8.pack "this is our super secret key; only we should know it"
+m :: Macaroon
+m = create sec key loc
+  where
+    key = B8.pack "we used our sec key"
+    loc = B8.pack "http://mybank/"
+m2 :: Macaroon
+m2 = addFirstPartyCaveat "test = caveat" m
+m3 :: Macaroon
+m3 = addFirstPartyCaveat "test = acaveat" m
+sigs = testGroup "Signatures" [ basic
+                              , minted
+                              ]
+basic = testCase "Basic Macaroon Signature" $
+    Success @=? verifySig sec m
+minted :: TestTree
+minted = testGroup "Macaroon with first party caveats" [ one
+                                                       , two
+                                                       ]
+one = testCase "One caveat" $
+    Success @=? verifySig sec m2
+two = testCase "Two caveats" $
+    Success @=? verifySig sec m3
diff --git a/test/main.hs b/test/main.hs
index 48519b9..3edbe54 100644
--- a/test/main.hs
+++ b/test/main.hs
@@ -6,6 +6,7 @@ import Test.Tasty.HUnit
 import qualified Sanity
 import qualified Crypto.Macaroon.Tests
 import qualified Crypto.Macaroon.Serializer.Base64.Tests
+import qualified Crypto.Macaroon.Verifier.Tests
 main = defaultMain tests
@@ -13,5 +14,6 @@ tests :: TestTree
 tests = testGroup "Tests" [ Sanity.tests
                          , Crypto.Macaroon.Tests.tests
                          , Crypto.Macaroon.Serializer.Base64.Tests.tests
+                          , Crypto.Macaroon.Verifier.Tests.tests
                          ]
author	Julien Tanguy <julien.tanguy@jhome.fr>	2015-05-14 19:00:50 +0200
committer	Julien Tanguy <julien.tanguy@jhome.fr>	2015-05-14 19:00:50 +0200
commit	b92e3c159fad49b86fe4bd115f487057c04e3c18 (patch)
tree	f8a01bd7345d09b01fa6282adb310ffdfa9b1882
parent	e0ceb8d38cf44ea2a9e0d6564fe64a25fd3039b4 (diff)
download	hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.tar.gz hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.tar.zst hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.zip

diff --git a/hmacaroons.cabal b/hmacaroons.cabal index e80cfa4..48e2cfe 100644 --- a/hmacaroons.cabal +++ b/hmacaroons.cabal
@@ -53,9 +53,10 @@ source-repository head
53	location: https://github.com/jtanguy/hmacaroons	53	location: https://github.com/jtanguy/hmacaroons
54		54
55	library	55	library
56	exposed-modules: Crypto.Macaroon,	56	exposed-modules: Crypto.Macaroon
57	Crypto.Macaroon.Binder	57	Crypto.Macaroon.Binder
58	Crypto.Macaroon.Serializer.Base64	58	Crypto.Macaroon.Serializer.Base64
		59	Crypto.Macaroon.Verifier
59	other-modules: Crypto.Macaroon.Internal	60	other-modules: Crypto.Macaroon.Internal
60	build-depends: base >=4 && < 5,	61	build-depends: base >=4 && < 5,
61	attoparsec >=0.12,	62	attoparsec >=0.12,


diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs new file mode 100644 index 0000000..0d1636c --- /dev/null +++ b/src/Crypto/Macaroon/Verifier.hs
@@ -0,0 +1,34 @@
		1	{-# LANGUAGE OverloadedStrings #-}
		2	{-\|
		3	Module : Crypto.Macaroon.Verifier
		4	Copyright : (c) 2015 Julien Tanguy
		5	License : BSD3
		6
		7	Maintainer : julien.tanguy@jhome.fr
		8	Stability : experimental
		9	Portability : portable
		10
		11
		12
		13	-}
		14	module Crypto.Macaroon.Verifier where
		15
		16
		17	import Crypto.Hash
		18	import Data.Bool
		19	import qualified Data.ByteString as BS
		20	import Data.Byteable
		21	import Data.Foldable
		22
		23	import Crypto.Macaroon.Internal
		24
		25
		26	-- \| Opaque datatype for now. Might need more explicit errors
		27	data Result = Success \| Failure deriving (Show,Eq)
		28
		29	verifySig :: Key -> Macaroon -> Result
		30	verifySig k m = bool Failure Success $
		31	signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m)
		32	where
		33	hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
		34	derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)


diff --git a/test/Crypto/Macaroon/Verifier/Tests.hs b/test/Crypto/Macaroon/Verifier/Tests.hs new file mode 100644 index 0000000..92a8a21 --- /dev/null +++ b/test/Crypto/Macaroon/Verifier/Tests.hs
@@ -0,0 +1,59 @@
		1	{-# LANGUAGE OverloadedStrings #-}
		2	{-\|
		3	Copyright : (c) 2015 Julien Tanguy
		4	License : BSD3
		5
		6	Maintainer : julien.tanguy@jhome.fr
		7
		8
		9	This test suite is based on the pymacaroons test suite:
		10	<https://github.com/ecordell/pymacaroons>
		11	-}
		12	module Crypto.Macaroon.Verifier.Tests where
		13
		14
		15	import qualified Data.ByteString.Char8 as B8
		16	import Test.Tasty
		17	import Test.Tasty.HUnit
		18
		19	import Crypto.Macaroon
		20	import Crypto.Macaroon.Verifier
		21
		22	import Crypto.Macaroon.Instances
		23
		24	tests :: TestTree
		25	tests = testGroup "Crypto.Macaroon.Verifier" [ sigs
		26	]
		27
		28	sec = B8.pack "this is our super secret key; only we should know it"
		29
		30	m :: Macaroon
		31	m = create sec key loc
		32	where
		33	key = B8.pack "we used our sec key"
		34	loc = B8.pack "http://mybank/"
		35
		36	m2 :: Macaroon
		37	m2 = addFirstPartyCaveat "test = caveat" m
		38
		39	m3 :: Macaroon
		40	m3 = addFirstPartyCaveat "test = acaveat" m
		41
		42	sigs = testGroup "Signatures" [ basic
		43	, minted
		44	]
		45
		46	basic = testCase "Basic Macaroon Signature" $
		47	Success @=? verifySig sec m
		48
		49
		50	minted :: TestTree
		51	minted = testGroup "Macaroon with first party caveats" [ one
		52	, two
		53	]
		54	one = testCase "One caveat" $
		55	Success @=? verifySig sec m2
		56
		57	two = testCase "Two caveats" $
		58	Success @=? verifySig sec m3
		59


diff --git a/test/main.hs b/test/main.hs index 48519b9..3edbe54 100644 --- a/test/main.hs +++ b/test/main.hs
@@ -6,6 +6,7 @@ import Test.Tasty.HUnit
6	import qualified Sanity	6	import qualified Sanity
7	import qualified Crypto.Macaroon.Tests	7	import qualified Crypto.Macaroon.Tests
8	import qualified Crypto.Macaroon.Serializer.Base64.Tests	8	import qualified Crypto.Macaroon.Serializer.Base64.Tests
		9	import qualified Crypto.Macaroon.Verifier.Tests
9		10
10	main = defaultMain tests	11	main = defaultMain tests
11		12
@@ -13,5 +14,6 @@ tests :: TestTree
13	tests = testGroup "Tests" [ Sanity.tests	14	tests = testGroup "Tests" [ Sanity.tests
14	, Crypto.Macaroon.Tests.tests	15	, Crypto.Macaroon.Tests.tests
15	, Crypto.Macaroon.Serializer.Base64.Tests.tests	16	, Crypto.Macaroon.Serializer.Base64.Tests.tests
		17	, Crypto.Macaroon.Verifier.Tests.tests
16	]	18	]
17		19