11 files changed, 528 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..05d4d64
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.cabal-sandbox/
+cabal.sandbox.config
+dist/
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..787874f
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,30 @@
+Copyright (c) 2015, Julien Tanguy
+All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+    * Neither the name of Julien Tanguy nor the names of other
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f3fd91a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+Macaroons: Pure haskell implementation of macaroons
+===================================================
+Macaroons is a pure haskell implementation of macaroons. It aims to provide
+compatibility at a serialized level with the [reference implementation](https://github.com/rescrv/libmacaroons)
+and the [python implementation](https://github.com/ecordell/pymacaroons)
+[Google paper on macaroons](http://research.google.com/pubs/pub41892.html)
+[Macaroons at Mozilla](https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/)
+[Time for better security in NoSQL](http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex/)
+[Pure java implementation](https://github.com/nitram509/jmacaroons)
+TODO
+====
+- Verifiy Macaroons
+- Discharge Macaroons
diff --git a/Setup.hs b/Setup.hs
new file mode 100644
index 0000000..9a994af
--- /dev/null
+++ b/Setup.hs
@@ -0,0 +1,2 @@
+import Distribution.Simple
+main = defaultMain
diff --git a/bench/bench.hs b/bench/bench.hs
new file mode 100644
index 0000000..e66dadd
--- /dev/null
+++ b/bench/bench.hs
@@ -0,0 +1,35 @@
+{-#LANGUAGE OverloadedStrings #-}
+import Data.ByteString (ByteString)
+import Criterion.Main
+import Crypto.Macaroon
+import Crypto.Macaroon.Internal
+loc :: ByteString
+loc = "http://mybank/"
+ident :: ByteString
+ident = "we used our secret key"
+key :: ByteString
+key = "this is our super secret key; only we should know it"
+cav :: ByteString
+cav = "test = caveat"
+{-#INLINE benchCreate#-}
+benchCreate :: (Key, Key, Location) -> Macaroon
+benchCreate (secret, ident, loc) = create secret ident loc
+{-#INLINE benchMint #-}
+benchMint :: ((Key, Key, Location), ByteString) -> Macaroon
+benchMint (ms,c) = addFirstPartyCaveat c (benchCreate ms)
+main = defaultMain [
+    bgroup "Crypto.Macaroon" [ bench "create"  $ nf benchCreate (key,ident,loc)
+                             , bench "mint"  $ nf benchMint ((key,ident,loc),cav)
+                             ]
+    ]
diff --git a/hmacaroons.cabal b/hmacaroons.cabal
new file mode 100644
index 0000000..a9f6ea5
--- /dev/null
+++ b/hmacaroons.cabal
@@ -0,0 +1,63 @@
+name:                hmacaroons
+version:             0.1.0.0
+synopsis:            Haskell implementation of macaroons
+-- description:         
+license:             BSD3
+license-file:        LICENSE
+author:              Julien Tanguy
+maintainer:          julien.tanguy@jhome.fr
+-- copyright:           
+category:            Data
+build-type:          Simple
+extra-source-files:  README.md
+cabal-version:       >=1.10
+library
+  exposed-modules:     Crypto.Macaroon,
+                       Crypto.Macaroon.Binder
+  other-modules:       Crypto.Macaroon.Internal
+  -- other-extensions:    
+  build-depends:  base >=4 && < 5,
+                  bytestring >=0.10,
+                  base64-bytestring >= 1.0,
+                  byteable >= 0.1 && <0.2,
+                  cereal >= 0.4,
+                  cryptohash >=0.11 && <0.12,
+                  cipher-aes >=0.2 && <0.3,
+                  deepseq >= 1.1,
+                  hex >= 0.1
+  hs-source-dirs:      src
+  default-language:    Haskell2010
+ 
+benchmark bench
+  default-language: Haskell2010
+  type:             exitcode-stdio-1.0
+  hs-source-dirs:   src, bench
+  main-is:          bench.hs
+  ghc-options:      -O2
+  build-depends:  base >= 4 && <5,
+                  bytestring >=0.10,
+                  base64-bytestring >= 1.0,
+                  cereal >= 0.4,
+                  cryptohash >=0.11 && <0.12,
+                  cipher-aes >=0.2 && <0.3,
+                  byteable >= 0.1 && <0.2,
+                  hex >= 0.1,
+                  deepseq >= 1.1,
+                  criterion >= 1.1
+ 
+test-suite test
+  default-language: Haskell2010
+  type: exitcode-stdio-1.0
+  hs-source-dirs: test
+  main-is: tests.hs
+  build-depends:  base >= 4 && <5,
+                  bytestring >=0.10,
+                  base64-bytestring >= 1.0,
+                  byteable >= 0.1 && <0.2,
+                  cereal >= 0.4,
+                  cryptohash >=0.11 && <0.12,
+                  hex >= 0.1,
+                  tasty >= 0.10,
+                  tasty-hunit >= 0.9,
+                  hmacaroons
diff --git a/src/Crypto/Macaroon.hs b/src/Crypto/Macaroon.hs
new file mode 100644
index 0000000..819a9eb
--- /dev/null
+++ b/src/Crypto/Macaroon.hs
@@ -0,0 +1,121 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-|
+Module      : Crypto.Macaroon
+Copyright   : (c) 2015 Julien Tanguy
+License     : BSD3
+Maintainer  : julien.tanguy@jhome.fr
+Stability   : experimental
+Portability : portable
+Pure haskell implementations of macaroons.
+Warning: this implementation has not been audited by security experts.
+Use it with caution.
+References:
+- Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud <http://research.google.com/pubs/pub41892.html>
+- Time for better security in NoSQL <http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex>
+-}
+module Crypto.Macaroon (
+    -- * Types
+      Macaroon
+    , Caveat
+    , Key
+    , Location
+    -- * Accessing functions
+    -- ** Macaroons
+    , location
+    , identifier
+    , caveats
+    , signature
+    -- ** Caveats
+    , caveatLoc
+    , caveatId
+    , caveatVId
+    -- * Create Macaroons
+    , create
+    , inspect
+    , addFirstPartyCaveat
+    , addThirdPartyCaveat
+    -- * Prepare Macaroons for transfer
+    , serialize
+    ) where
+import           Crypto.Cipher.AES
+import           Crypto.Hash
+import           Data.Byteable
+import qualified Data.ByteString            as BS
+import qualified Data.ByteString.Base64.URL as B64
+import qualified Data.ByteString.Char8      as B8
+import           Data.Hex
+import           Crypto.Macaroon.Internal
+-- | Create a Macaroon from its key, identifier and location
+create :: Key -> Key -> Location -> Macaroon
+create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256))
+  where
+    derivedKey = toBytes $ (hmac "macaroons-key-generator" secret :: HMAC SHA256)
+caveatLoc :: Caveat -> Location
+caveatLoc = cl
+caveatId :: Caveat -> Key
+caveatId = cid
+caveatVId :: Caveat -> Key
+caveatVId = vid
+inspect :: Macaroon -> String
+inspect m = unlines [ "location " ++ show (location m)
+                    , "identifier " ++ show (identifier m)
+                    , (concatMap (showCav (location m)) (caveats m))
+                    , "signature " ++ show (hex $ signature m)
+                    ]
+  where
+    showCav loc c | cl c == loc && vid c == BS.empty = "cid " ++ show (cid c)
+                  | otherwise = unlines [ "cid " ++ show (cid c)
+                                        , "vid " ++ show (vid c)
+                                        , "cl " ++ show (cl c)
+                                        ]
+serialize :: Macaroon -> BS.ByteString
+serialize m = B8.filter (/= '=') . B64.encode $ packets
+  where
+    packets = BS.concat [ putPacket "location" (location m)
+                        , putPacket "identifier" (identifier m)
+                        , caveatPackets
+                        , putPacket "signature" (signature m)
+                        ]
+    caveatPackets = BS.concat $ map (cavPacket (location m)) (caveats m)
+    cavPacket loc c | cl c == loc && vid c == BS.empty = putPacket "cid" (cid c)
+                    | otherwise = BS.concat [ putPacket "cid" (cid c)
+                                            , putPacket "vid" (vid c)
+                                            , putPacket "cl" (cl c)
+                                            ]
+-- | Add a first party Caveat to a Macaroon, with its identifier
+addFirstPartyCaveat :: Key -> Macaroon -> Macaroon
+addFirstPartyCaveat ident m = addCaveat (location m) ident BS.empty m
+-- |Add a third party Caveat to a Macaroon, using its location, identifier and
+-- verification key
+addThirdPartyCaveat :: Key
+                    -> Key
+                    -> Location
+                    -> Macaroon
+                    -> Macaroon
+addThirdPartyCaveat key cid loc m = addCaveat loc cid vid m
+  where
+    vid = encryptECB (initAES (signature m)) key
diff --git a/src/Crypto/Macaroon/Binder.hs b/src/Crypto/Macaroon/Binder.hs
new file mode 100644
index 0000000..3ec3d67
--- /dev/null
+++ b/src/Crypto/Macaroon/Binder.hs
@@ -0,0 +1,28 @@
+{-|
+Module      : Crypto.Macaroon.Binder
+Copyright   : (c) 2015 Julien Tanguy
+License     : BSD3
+Maintainer  : julien.tanguy@jhome.fr
+Stability   : experimental
+Portability : portable
+-}
+module Crypto.Macaroon.Binder where
+import           Crypto.Hash
+import           Data.Byteable
+import qualified Data.ByteString          as BS
+import           Crypto.Macaroon.Internal
+-- | Datatype for binding discharging and authorizing macaroons together
+newtype Binder = Binder { bind :: Macaroon -> Macaroon -> BS.ByteString }
+-- | Binder which concatenates the two signatures and hashes them
+hashSigs :: Binder
+hashSigs = Binder $ \m m' -> toBytes $ (HMAC . hash $ BS.append (toBytes $ signature m') (toBytes $ signature m) :: HMAC SHA256)
diff --git a/src/Crypto/Macaroon/Internal.hs b/src/Crypto/Macaroon/Internal.hs
new file mode 100644
index 0000000..fc50486
--- /dev/null
+++ b/src/Crypto/Macaroon/Internal.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-|
+Module      : Crypto.Macaroon.Internal
+Copyright   : (c) 2015 Julien Tanguy
+License     : BSD3
+Maintainer  : julien.tanguy@jhome.fr
+Stability   : experimental
+Portability : portable
+Internal representation of a macaroon
+-}
+module Crypto.Macaroon.Internal where
+import           Control.DeepSeq
+import           Crypto.Cipher.AES
+import           Crypto.Hash
+import           Data.Byteable
+import qualified Data.ByteString        as BS
+import qualified Data.ByteString.Base64 as B64
+import qualified Data.ByteString.Char8  as B8
+import           Data.Char
+import           Data.Hex
+import           Data.Serialize
+import           Data.Word
+-- |Type alias for Macaroons and Caveat keys and identifiers
+type Key = BS.ByteString
+-- |Type alias For Macaroons and Caveat locations
+type Location = BS.ByteString
+type Sig = BS.ByteString
+-- | Main structure of a macaroon
+data Macaroon = MkMacaroon { location   :: Location
+                           -- ^ Target location
+                           , identifier :: Key
+                           -- ^ Macaroon Identifier
+                           , caveats    :: [Caveat]
+                           -- ^ List of caveats
+                           , signature  :: Sig
+                           -- ^ Macaroon HMAC signature
+                           } deriving (Eq)
+instance NFData Macaroon where
+    rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig
+-- | Caveat structure
+data Caveat = MkCaveat { cid :: Key
+                       -- ^ Caveat identifier
+                       , vid :: Key
+                       -- ^ Caveat verification key identifier
+                       , cl  :: Location
+                       -- ^ Caveat target location
+                       } deriving (Eq)
+instance NFData Caveat where
+    rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl
+putPacket :: BS.ByteString -> BS.ByteString -> BS.ByteString
+putPacket key dat = BS.concat [
+    B8.map toLower . hex . encode $ (fromIntegral size :: Word16)
+    , key
+    , " "
+    , dat
+    , "\n"
+    ]
+  where
+    size = 4 + 2 + BS.length key + BS.length dat
+addCaveat :: Location
+          -> Key
+          -> Key
+          -> Macaroon
+          -> Macaroon
+addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
+  where
+    cavs = caveats m
+    cav' = MkCaveat cid vid loc
+    sig = toBytes $ (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)
diff --git a/test/Crypto/Macaroon/Tests.hs b/test/Crypto/Macaroon/Tests.hs
new file mode 100644
index 0000000..cdfb620
--- /dev/null
+++ b/test/Crypto/Macaroon/Tests.hs
@@ -0,0 +1,74 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-|
+Copyright   : (c) 2015 Julien Tanguy
+License     : BSD3
+Maintainer  : julien.tanguy@jhome.fr
+This test suite is based on the pymacaroons test suite:
+<https://github.com/ecordell/pymacaroons>
+-}
+module Crypto.Macaroon.Tests where
+import           Data.Byteable
+import qualified Data.ByteString.Char8 as B8
+import           Data.Hex
+import           Test.Tasty
+import           Test.Tasty.HUnit
+import           Crypto.Macaroon
+tests :: TestTree
+tests = testGroup "Crypto.Macaroon" [ basicSignature
+                                    , basicSerialize
+                                    , basicMint
+                                    , basicMintTrimmed
+                                    ]
+m :: Macaroon
+m = create secret key loc
+  where
+    secret = B8.pack "this is our super secret key; only we should know it"
+    key = B8.pack "we used our secret key"
+    loc = B8.pack "http://mybank/"
+m2 :: Macaroon
+m2 = addFirstPartyCaveat "test = caveat" m
+m3 :: Macaroon
+m3 = addFirstPartyCaveat "test = acaveat" m
+m4 :: Macaroon
+m4 = addThirdPartyCaveat caveat_key caveat_id caveat_loc n
+  where
+    n = addFirstPartyCaveat "account = 3735928559" $ create sec key loc
+    key = B8.pack "we used our other secret key"
+    loc = B8.pack "http://mybank/"
+    sec = B8.pack "this is a different super-secret key; never use the same secret twice"
+    caveat_key = B8.pack "4; guaranteed random by a fair toss of the dice"
+    caveat_id = B8.pack "this was how we remind auth of key/pred"
+    caveat_loc = B8.pack "http://auth.mybank/"
+basicSignature = testCase "Basic signature" $
+    "E3D9E02908526C4C0039AE15114115D97FDD68BF2BA379B342AAF0F617D0552F" @=? (hex . signature) m
+basicSerialize = testCase "Serialization" $
+    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudG\
+    \lmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25h\
+    \dHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo" @=? serialize m
+basicMint = testCase "First Party Caveat" $
+    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZ\
+    \WQgb3VyIHNlY3JldCBrZXkKMDAxNmNpZCB0ZXN0ID0gY2F2ZWF0CjAwMmZzaWduYXR1cmUgGXusegR\
+    \K8zMyhluSZuJtSTvdZopmDkTYjOGpmMI9vWcK" @=? serialize m2
+basicMintTrimmed = testCase "Trimmed base64" $ 
+    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVz\
+    \ZWQgb3VyIHNlY3JldCBrZXkKMDAxN2NpZCB0ZXN0ID0gYWNhdmVhdAowMDJmc2ln\
+    \bmF0dXJlIJRJ_V3WNJQnqlVq5eez7spnltwU_AXs8NIRY739sHooCg" @=? serialize m3
+basicThirdParty = testCase "Third Party Caveat" $ 
+    "6B99EDB2EC6D7A4382071D7D41A0BF7DFA27D87D2F9FEA86E330D7850FFDA2B2" @=? (hex . signature) m4
diff --git a/test/tests.hs b/test/tests.hs
new file mode 100644
index 0000000..ba5dafd
--- /dev/null
+++ b/test/tests.hs
@@ -0,0 +1,66 @@
+{-#LANGUAGE OverloadedStrings#-}
+import           Crypto.Hash
+import Data.ByteString (ByteString)
+import qualified Data.ByteString as B
+import Data.Hex
+import Data.Byteable
+import Test.Tasty
+import Test.Tasty.HUnit
+import qualified Crypto.Macaroon.Tests
+main = defaultMain tests
+tests :: TestTree
+tests = testGroup "Tests" [ sanityCheck
+                          , Crypto.Macaroon.Tests.tests
+                          ]
+sanityCheck :: TestTree
+sanityCheck = testGroup "Python HMAC Sanity check" [ checkKey
+    , checkMac1
+    , checkMac2
+    , checkMac3
+    , checkMac4
+    ]
+secret :: ByteString
+secret = "this is our super secret key; only we should know it"
+public :: ByteString
+public = "we used our secret key"
+key :: ByteString
+key = B.take 32 secret
+mac1 :: ByteString
+mac1 = toBytes $ (hmac key public :: HMAC SHA256)
+mac2 :: ByteString
+mac2 = toBytes $ (hmac mac1 "account = 3735928559" :: HMAC SHA256)
+mac3 :: ByteString
+mac3 = toBytes $ (hmac mac2 "time < 2015-01-01T00:00" :: HMAC SHA256)
+mac4 :: ByteString
+mac4 = toBytes $ (hmac mac3 "email = alice@example.org" :: HMAC SHA256)
+checkKey = testCase "Truncated key" $ 
+    key @?= "this is our super secret key; on"
+checkMac1 = testCase "HMAC key" $ 
+    "C60B4B3540BB1B2F2EF28D1C895691CC4A5E07A38A9D3B1C3379FB485293372F" @=? hex mac1
+checkMac2 = testCase "HMAC key account" $ 
+    "5C933DC9A7D036DFCD1740B4F26D737397A1FF635EAC900F3226973503CAAAA5" @=? hex mac2
+checkMac3 = testCase "HMAC key account time" $ 
+    "7A559B20C8B607009EBCE138C200585E9D0DECA6D23B3EAD6C5E0BA6861D3858" @=? hex mac3
+checkMac4 = testCase "HMAC key account time email" $ 
+    "E42BBB02A9A5A303483CB6295C497AE51AD1D5CB10003CBE548D907E7E62F5E4" @=? hex mac4

diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..05d4d64 --- /dev/null +++ b/.gitignore
@@ -0,0 +1,3 @@
	1	.cabal-sandbox/
	2	cabal.sandbox.config
	3	dist/


diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..787874f --- /dev/null +++ b/LICENSE
@@ -0,0 +1,30 @@
	1	Copyright (c) 2015, Julien Tanguy
	2
	3	All rights reserved.
	4
	5	Redistribution and use in source and binary forms, with or without
	6	modification, are permitted provided that the following conditions are met:
	7
	8	* Redistributions of source code must retain the above copyright
	9	notice, this list of conditions and the following disclaimer.
	10
	11	* Redistributions in binary form must reproduce the above
	12	copyright notice, this list of conditions and the following
	13	disclaimer in the documentation and/or other materials provided
	14	with the distribution.
	15
	16	* Neither the name of Julien Tanguy nor the names of other
	17	contributors may be used to endorse or promote products derived
	18	from this software without specific prior written permission.
	19
	20	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	21	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	22	LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	23	A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	24	OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	25	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	26	LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	27	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	28	THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	29	(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	30	OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


diff --git a/README.md b/README.md new file mode 100644 index 0000000..f3fd91a --- /dev/null +++ b/README.md
@@ -0,0 +1,18 @@
	1	Macaroons: Pure haskell implementation of macaroons
	2	===================================================
	3
	4	Macaroons is a pure haskell implementation of macaroons. It aims to provide
	5	compatibility at a serialized level with the [reference implementation](https://github.com/rescrv/libmacaroons)
	6	and the [python implementation](https://github.com/ecordell/pymacaroons)
	7
	8	[Google paper on macaroons](http://research.google.com/pubs/pub41892.html)
	9	[Macaroons at Mozilla](https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/)
	10	[Time for better security in NoSQL](http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex/)
	11	[Pure java implementation](https://github.com/nitram509/jmacaroons)
	12
	13	TODO
	14	====
	15
	16	- Verifiy Macaroons
	17	- Discharge Macaroons
	18


diff --git a/Setup.hs b/Setup.hs new file mode 100644 index 0000000..9a994af --- /dev/null +++ b/Setup.hs
@@ -0,0 +1,2 @@
	1	import Distribution.Simple
	2	main = defaultMain


diff --git a/bench/bench.hs b/bench/bench.hs new file mode 100644 index 0000000..e66dadd --- /dev/null +++ b/bench/bench.hs
@@ -0,0 +1,35 @@
	1	{-#LANGUAGE OverloadedStrings #-}
	2
	3	import Data.ByteString (ByteString)
	4	import Criterion.Main
	5
	6	import Crypto.Macaroon
	7	import Crypto.Macaroon.Internal
	8
	9
	10	loc :: ByteString
	11	loc = "http://mybank/"
	12
	13	ident :: ByteString
	14	ident = "we used our secret key"
	15
	16	key :: ByteString
	17	key = "this is our super secret key; only we should know it"
	18
	19	cav :: ByteString
	20	cav = "test = caveat"
	21
	22
	23	{-#INLINE benchCreate#-}
	24	benchCreate :: (Key, Key, Location) -> Macaroon
	25	benchCreate (secret, ident, loc) = create secret ident loc
	26
	27	{-#INLINE benchMint #-}
	28	benchMint :: ((Key, Key, Location), ByteString) -> Macaroon
	29	benchMint (ms,c) = addFirstPartyCaveat c (benchCreate ms)
	30
	31	main = defaultMain [
	32	bgroup "Crypto.Macaroon" [ bench "create" $ nf benchCreate (key,ident,loc)
	33	, bench "mint" $ nf benchMint ((key,ident,loc),cav)
	34	]
	35	]


diff --git a/hmacaroons.cabal b/hmacaroons.cabal new file mode 100644 index 0000000..a9f6ea5 --- /dev/null +++ b/hmacaroons.cabal
@@ -0,0 +1,63 @@
	1	name: hmacaroons
	2	version: 0.1.0.0
	3	synopsis: Haskell implementation of macaroons
	4	-- description:
	5	license: BSD3
	6	license-file: LICENSE
	7	author: Julien Tanguy
	8	maintainer: julien.tanguy@jhome.fr
	9	-- copyright:
	10	category: Data
	11	build-type: Simple
	12	extra-source-files: README.md
	13	cabal-version: >=1.10
	14
	15	library
	16	exposed-modules: Crypto.Macaroon,
	17	Crypto.Macaroon.Binder
	18	other-modules: Crypto.Macaroon.Internal
	19	-- other-extensions:
	20	build-depends: base >=4 && < 5,
	21	bytestring >=0.10,
	22	base64-bytestring >= 1.0,
	23	byteable >= 0.1 && <0.2,
	24	cereal >= 0.4,
	25	cryptohash >=0.11 && <0.12,
	26	cipher-aes >=0.2 && <0.3,
	27	deepseq >= 1.1,
	28	hex >= 0.1
	29	hs-source-dirs: src
	30	default-language: Haskell2010
	31
	32	benchmark bench
	33	default-language: Haskell2010
	34	type: exitcode-stdio-1.0
	35	hs-source-dirs: src, bench
	36	main-is: bench.hs
	37	ghc-options: -O2
	38	build-depends: base >= 4 && <5,
	39	bytestring >=0.10,
	40	base64-bytestring >= 1.0,
	41	cereal >= 0.4,
	42	cryptohash >=0.11 && <0.12,
	43	cipher-aes >=0.2 && <0.3,
	44	byteable >= 0.1 && <0.2,
	45	hex >= 0.1,
	46	deepseq >= 1.1,
	47	criterion >= 1.1
	48
	49	test-suite test
	50	default-language: Haskell2010
	51	type: exitcode-stdio-1.0
	52	hs-source-dirs: test
	53	main-is: tests.hs
	54	build-depends: base >= 4 && <5,
	55	bytestring >=0.10,
	56	base64-bytestring >= 1.0,
	57	byteable >= 0.1 && <0.2,
	58	cereal >= 0.4,
	59	cryptohash >=0.11 && <0.12,
	60	hex >= 0.1,
	61	tasty >= 0.10,
	62	tasty-hunit >= 0.9,
	63	hmacaroons


diff --git a/src/Crypto/Macaroon.hs b/src/Crypto/Macaroon.hs new file mode 100644 index 0000000..819a9eb --- /dev/null +++ b/src/Crypto/Macaroon.hs
@@ -0,0 +1,121 @@
	1	{-# LANGUAGE OverloadedStrings #-}
	2	{-\|
	3	Module : Crypto.Macaroon
	4	Copyright : (c) 2015 Julien Tanguy
	5	License : BSD3
	6
	7	Maintainer : julien.tanguy@jhome.fr
	8	Stability : experimental
	9	Portability : portable
	10
	11
	12	Pure haskell implementations of macaroons.
	13
	14	Warning: this implementation has not been audited by security experts.
	15	Use it with caution.
	16
	17
	18	References:
	19
	20	- Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud <http://research.google.com/pubs/pub41892.html>
	21	- Time for better security in NoSQL <http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex>
	22
	23	-}
	24	module Crypto.Macaroon (
	25	-- * Types
	26	Macaroon
	27	, Caveat
	28	, Key
	29	, Location
	30	-- * Accessing functions
	31	-- ** Macaroons
	32	, location
	33	, identifier
	34	, caveats
	35	, signature
	36	-- ** Caveats
	37	, caveatLoc
	38	, caveatId
	39	, caveatVId
	40
	41	-- * Create Macaroons
	42	, create
	43	, inspect
	44	, addFirstPartyCaveat
	45	, addThirdPartyCaveat
	46
	47	-- * Prepare Macaroons for transfer
	48	, serialize
	49	) where
	50
	51	import Crypto.Cipher.AES
	52	import Crypto.Hash
	53	import Data.Byteable
	54	import qualified Data.ByteString as BS
	55	import qualified Data.ByteString.Base64.URL as B64
	56	import qualified Data.ByteString.Char8 as B8
	57	import Data.Hex
	58
	59	import Crypto.Macaroon.Internal
	60
	61	-- \| Create a Macaroon from its key, identifier and location
	62	create :: Key -> Key -> Location -> Macaroon
	63	create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256))
	64	where
	65	derivedKey = toBytes $ (hmac "macaroons-key-generator" secret :: HMAC SHA256)
	66
	67	caveatLoc :: Caveat -> Location
	68	caveatLoc = cl
	69
	70	caveatId :: Caveat -> Key
	71	caveatId = cid
	72
	73	caveatVId :: Caveat -> Key
	74	caveatVId = vid
	75
	76	inspect :: Macaroon -> String
	77	inspect m = unlines [ "location " ++ show (location m)
	78	, "identifier " ++ show (identifier m)
	79	, (concatMap (showCav (location m)) (caveats m))
	80	, "signature " ++ show (hex $ signature m)
	81	]
	82	where
	83	showCav loc c \| cl c == loc && vid c == BS.empty = "cid " ++ show (cid c)
	84	\| otherwise = unlines [ "cid " ++ show (cid c)
	85	, "vid " ++ show (vid c)
	86	, "cl " ++ show (cl c)
	87	]
	88
	89	serialize :: Macaroon -> BS.ByteString
	90	serialize m = B8.filter (/= '=') . B64.encode $ packets
	91	where
	92	packets = BS.concat [ putPacket "location" (location m)
	93	, putPacket "identifier" (identifier m)
	94	, caveatPackets
	95	, putPacket "signature" (signature m)
	96	]
	97	caveatPackets = BS.concat $ map (cavPacket (location m)) (caveats m)
	98	cavPacket loc c \| cl c == loc && vid c == BS.empty = putPacket "cid" (cid c)
	99	\| otherwise = BS.concat [ putPacket "cid" (cid c)
	100	, putPacket "vid" (vid c)
	101	, putPacket "cl" (cl c)
	102	]
	103
	104
	105
	106	-- \| Add a first party Caveat to a Macaroon, with its identifier
	107	addFirstPartyCaveat :: Key -> Macaroon -> Macaroon
	108	addFirstPartyCaveat ident m = addCaveat (location m) ident BS.empty m
	109
	110	-- \|Add a third party Caveat to a Macaroon, using its location, identifier and
	111	-- verification key
	112	addThirdPartyCaveat :: Key
	113	-> Key
	114	-> Location
	115	-> Macaroon
	116	-> Macaroon
	117	addThirdPartyCaveat key cid loc m = addCaveat loc cid vid m
	118	where
	119	vid = encryptECB (initAES (signature m)) key
	120
	121


diff --git a/src/Crypto/Macaroon/Binder.hs b/src/Crypto/Macaroon/Binder.hs new file mode 100644 index 0000000..3ec3d67 --- /dev/null +++ b/src/Crypto/Macaroon/Binder.hs
@@ -0,0 +1,28 @@
	1	{-\|
	2	Module : Crypto.Macaroon.Binder
	3	Copyright : (c) 2015 Julien Tanguy
	4	License : BSD3
	5
	6	Maintainer : julien.tanguy@jhome.fr
	7	Stability : experimental
	8	Portability : portable
	9
	10
	11
	12	-}
	13	module Crypto.Macaroon.Binder where
	14
	15	import Crypto.Hash
	16	import Data.Byteable
	17	import qualified Data.ByteString as BS
	18
	19	import Crypto.Macaroon.Internal
	20
	21	-- \| Datatype for binding discharging and authorizing macaroons together
	22	newtype Binder = Binder { bind :: Macaroon -> Macaroon -> BS.ByteString }
	23
	24
	25	-- \| Binder which concatenates the two signatures and hashes them
	26	hashSigs :: Binder
	27	hashSigs = Binder $ \m m' -> toBytes $ (HMAC . hash $ BS.append (toBytes $ signature m') (toBytes $ signature m) :: HMAC SHA256)
	28


diff --git a/src/Crypto/Macaroon/Internal.hs b/src/Crypto/Macaroon/Internal.hs new file mode 100644 index 0000000..fc50486 --- /dev/null +++ b/src/Crypto/Macaroon/Internal.hs
@@ -0,0 +1,88 @@
	1	{-# LANGUAGE OverloadedStrings #-}
	2	{-\|
	3	Module : Crypto.Macaroon.Internal
	4	Copyright : (c) 2015 Julien Tanguy
	5	License : BSD3
	6
	7	Maintainer : julien.tanguy@jhome.fr
	8	Stability : experimental
	9	Portability : portable
	10
	11
	12	Internal representation of a macaroon
	13	-}
	14	module Crypto.Macaroon.Internal where
	15
	16
	17	import Control.DeepSeq
	18	import Crypto.Cipher.AES
	19	import Crypto.Hash
	20	import Data.Byteable
	21	import qualified Data.ByteString as BS
	22	import qualified Data.ByteString.Base64 as B64
	23	import qualified Data.ByteString.Char8 as B8
	24	import Data.Char
	25	import Data.Hex
	26	import Data.Serialize
	27	import Data.Word
	28
	29	-- \|Type alias for Macaroons and Caveat keys and identifiers
	30	type Key = BS.ByteString
	31
	32	-- \|Type alias For Macaroons and Caveat locations
	33	type Location = BS.ByteString
	34
	35	type Sig = BS.ByteString
	36
	37	-- \| Main structure of a macaroon
	38	data Macaroon = MkMacaroon { location :: Location
	39	-- ^ Target location
	40	, identifier :: Key
	41	-- ^ Macaroon Identifier
	42	, caveats :: [Caveat]
	43	-- ^ List of caveats
	44	, signature :: Sig
	45	-- ^ Macaroon HMAC signature
	46	} deriving (Eq)
	47
	48
	49	instance NFData Macaroon where
	50	rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig
	51
	52
	53	-- \| Caveat structure
	54	data Caveat = MkCaveat { cid :: Key
	55	-- ^ Caveat identifier
	56	, vid :: Key
	57	-- ^ Caveat verification key identifier
	58	, cl :: Location
	59	-- ^ Caveat target location
	60
	61	} deriving (Eq)
	62
	63	instance NFData Caveat where
	64	rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl
	65
	66
	67	putPacket :: BS.ByteString -> BS.ByteString -> BS.ByteString
	68	putPacket key dat = BS.concat [
	69	B8.map toLower . hex . encode $ (fromIntegral size :: Word16)
	70	, key
	71	, " "
	72	, dat
	73	, "\n"
	74	]
	75	where
	76	size = 4 + 2 + BS.length key + BS.length dat
	77
	78	addCaveat :: Location
	79	-> Key
	80	-> Key
	81	-> Macaroon
	82	-> Macaroon
	83	addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
	84	where
	85	cavs = caveats m
	86	cav' = MkCaveat cid vid loc
	87	sig = toBytes $ (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)
	88


diff --git a/test/Crypto/Macaroon/Tests.hs b/test/Crypto/Macaroon/Tests.hs new file mode 100644 index 0000000..cdfb620 --- /dev/null +++ b/test/Crypto/Macaroon/Tests.hs
@@ -0,0 +1,74 @@
	1	{-# LANGUAGE OverloadedStrings #-}
	2	{-\|
	3	Copyright : (c) 2015 Julien Tanguy
	4	License : BSD3
	5
	6	Maintainer : julien.tanguy@jhome.fr
	7
	8
	9	This test suite is based on the pymacaroons test suite:
	10	<https://github.com/ecordell/pymacaroons>
	11	-}
	12	module Crypto.Macaroon.Tests where
	13
	14	import Data.Byteable
	15	import qualified Data.ByteString.Char8 as B8
	16	import Data.Hex
	17	import Test.Tasty
	18	import Test.Tasty.HUnit
	19
	20	import Crypto.Macaroon
	21
	22	tests :: TestTree
	23	tests = testGroup "Crypto.Macaroon" [ basicSignature
	24	, basicSerialize
	25	, basicMint
	26	, basicMintTrimmed
	27	]
	28
	29
	30	m :: Macaroon
	31	m = create secret key loc
	32	where
	33	secret = B8.pack "this is our super secret key; only we should know it"
	34	key = B8.pack "we used our secret key"
	35	loc = B8.pack "http://mybank/"
	36
	37	m2 :: Macaroon
	38	m2 = addFirstPartyCaveat "test = caveat" m
	39
	40	m3 :: Macaroon
	41	m3 = addFirstPartyCaveat "test = acaveat" m
	42
	43	m4 :: Macaroon
	44	m4 = addThirdPartyCaveat caveat_key caveat_id caveat_loc n
	45	where
	46	n = addFirstPartyCaveat "account = 3735928559" $ create sec key loc
	47	key = B8.pack "we used our other secret key"
	48	loc = B8.pack "http://mybank/"
	49	sec = B8.pack "this is a different super-secret key; never use the same secret twice"
	50	caveat_key = B8.pack "4; guaranteed random by a fair toss of the dice"
	51	caveat_id = B8.pack "this was how we remind auth of key/pred"
	52	caveat_loc = B8.pack "http://auth.mybank/"
	53
	54
	55	basicSignature = testCase "Basic signature" $
	56	"E3D9E02908526C4C0039AE15114115D97FDD68BF2BA379B342AAF0F617D0552F" @=? (hex . signature) m
	57
	58	basicSerialize = testCase "Serialization" $
	59	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudG\
	60	\lmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25h\
	61	\dHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo" @=? serialize m
	62
	63	basicMint = testCase "First Party Caveat" $
	64	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZ\
	65	\WQgb3VyIHNlY3JldCBrZXkKMDAxNmNpZCB0ZXN0ID0gY2F2ZWF0CjAwMmZzaWduYXR1cmUgGXusegR\
	66	\K8zMyhluSZuJtSTvdZopmDkTYjOGpmMI9vWcK" @=? serialize m2
	67
	68	basicMintTrimmed = testCase "Trimmed base64" $
	69	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVz\
	70	\ZWQgb3VyIHNlY3JldCBrZXkKMDAxN2NpZCB0ZXN0ID0gYWNhdmVhdAowMDJmc2ln\
	71	\bmF0dXJlIJRJ_V3WNJQnqlVq5eez7spnltwU_AXs8NIRY739sHooCg" @=? serialize m3
	72
	73	basicThirdParty = testCase "Third Party Caveat" $
	74	"6B99EDB2EC6D7A4382071D7D41A0BF7DFA27D87D2F9FEA86E330D7850FFDA2B2" @=? (hex . signature) m4


diff --git a/test/tests.hs b/test/tests.hs new file mode 100644 index 0000000..ba5dafd --- /dev/null +++ b/test/tests.hs
@@ -0,0 +1,66 @@
	1	{-#LANGUAGE OverloadedStrings#-}
	2
	3	import Crypto.Hash
	4	import Data.ByteString (ByteString)
	5	import qualified Data.ByteString as B
	6	import Data.Hex
	7	import Data.Byteable
	8
	9	import Test.Tasty
	10	import Test.Tasty.HUnit
	11
	12	import qualified Crypto.Macaroon.Tests
	13
	14	main = defaultMain tests
	15
	16	tests :: TestTree
	17	tests = testGroup "Tests" [ sanityCheck
	18	, Crypto.Macaroon.Tests.tests
	19	]
	20
	21	sanityCheck :: TestTree
	22	sanityCheck = testGroup "Python HMAC Sanity check" [ checkKey
	23	, checkMac1
	24	, checkMac2
	25	, checkMac3
	26	, checkMac4
	27	]
	28
	29
	30	secret :: ByteString
	31	secret = "this is our super secret key; only we should know it"
	32
	33	public :: ByteString
	34	public = "we used our secret key"
	35
	36	key :: ByteString
	37	key = B.take 32 secret
	38
	39	mac1 :: ByteString
	40	mac1 = toBytes $ (hmac key public :: HMAC SHA256)
	41
	42	mac2 :: ByteString
	43	mac2 = toBytes $ (hmac mac1 "account = 3735928559" :: HMAC SHA256)
	44
	45	mac3 :: ByteString
	46	mac3 = toBytes $ (hmac mac2 "time < 2015-01-01T00:00" :: HMAC SHA256)
	47
	48	mac4 :: ByteString
	49	mac4 = toBytes $ (hmac mac3 "email = alice@example.org" :: HMAC SHA256)
	50
	51
	52	checkKey = testCase "Truncated key" $
	53	key @?= "this is our super secret key; on"
	54
	55	checkMac1 = testCase "HMAC key" $
	56	"C60B4B3540BB1B2F2EF28D1C895691CC4A5E07A38A9D3B1C3379FB485293372F" @=? hex mac1
	57
	58	checkMac2 = testCase "HMAC key account" $
	59	"5C933DC9A7D036DFCD1740B4F26D737397A1FF635EAC900F3226973503CAAAA5" @=? hex mac2
	60
	61	checkMac3 = testCase "HMAC key account time" $
	62	"7A559B20C8B607009EBCE138C200585E9D0DECA6D23B3EAD6C5E0BA6861D3858" @=? hex mac3
	63
	64	checkMac4 = testCase "HMAC key account time email" $
	65	"E42BBB02A9A5A303483CB6295C497AE51AD1D5CB10003CBE548D907E7E62F5E4" @=? hex mac4
	66