From b92e3c159fad49b86fe4bd115f487057c04e3c18 Mon Sep 17 00:00:00 2001
From: Julien Tanguy <julien.tanguy@jhome.fr>
Date: Thu, 14 May 2015 19:00:50 +0200
Subject: Basic verification of macaroons

- Only signatures are checked
---
 src/Crypto/Macaroon/Verifier.hs | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 src/Crypto/Macaroon/Verifier.hs

(limited to 'src/Crypto/Macaroon')

diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs
new file mode 100644
index 0000000..0d1636c
--- /dev/null
+++ b/src/Crypto/Macaroon/Verifier.hs
@@ -0,0 +1,34 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-|
+Module      : Crypto.Macaroon.Verifier
+Copyright   : (c) 2015 Julien Tanguy
+License     : BSD3
+
+Maintainer  : julien.tanguy@jhome.fr
+Stability   : experimental
+Portability : portable
+
+
+
+-}
+module Crypto.Macaroon.Verifier where
+
+
+import           Crypto.Hash
+import           Data.Bool
+import qualified Data.ByteString            as BS
+import           Data.Byteable
+import           Data.Foldable
+
+import           Crypto.Macaroon.Internal
+
+
+-- | Opaque datatype for now. Might need more explicit errors
+data Result = Success | Failure deriving (Show,Eq)
+
+verifySig :: Key -> Macaroon -> Result
+verifySig k m = bool Failure Success $
+      signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m)
+  where
+    hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
+    derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)
-- 
cgit v1.2.3