From b92e3c159fad49b86fe4bd115f487057c04e3c18 Mon Sep 17 00:00:00 2001 From: Julien Tanguy Date: Thu, 14 May 2015 19:00:50 +0200 Subject: Basic verification of macaroons - Only signatures are checked --- src/Crypto/Macaroon/Verifier.hs | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 src/Crypto/Macaroon/Verifier.hs (limited to 'src') diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs new file mode 100644 index 0000000..0d1636c --- /dev/null +++ b/src/Crypto/Macaroon/Verifier.hs @@ -0,0 +1,34 @@ +{-# LANGUAGE OverloadedStrings #-} +{-| +Module : Crypto.Macaroon.Verifier +Copyright : (c) 2015 Julien Tanguy +License : BSD3 + +Maintainer : julien.tanguy@jhome.fr +Stability : experimental +Portability : portable + + + +-} +module Crypto.Macaroon.Verifier where + + +import Crypto.Hash +import Data.Bool +import qualified Data.ByteString as BS +import Data.Byteable +import Data.Foldable + +import Crypto.Macaroon.Internal + + +-- | Opaque datatype for now. Might need more explicit errors +data Result = Success | Failure deriving (Show,Eq) + +verifySig :: Key -> Macaroon -> Result +verifySig k m = bool Failure Success $ + signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m) + where + hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256) + derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256) -- cgit v1.2.3