u2f- Haskell Universal Two Factor helper toolbox library thing

Safe HaskellNone




To Register

  • Generate yourself a Request, consisting of your site/service uri, u2f version number, etc, send it to the client.
  • Assuming the client returned a registration response (Registration), parse it with parseRegistration.
  • Use verifyRegistration Request Registration to verify that the Registration is valid. (Challenge bytes match, were signed by key described in cert)
  • Stash the publicKey and keyHandle somewhere, so you can use them for signin. verifyRegistration returns a Request, with added keyHandle, for convenience.

To Signin

  • Make a Request.
  • Parse whatever signin json you have with parseSignin.
  • Dig out the publicKey for the relevant keyHandle.
  • Verify signin with verifySignin publicKey Request Signin


parseRequest :: String -> Either U2FError Request Source #

Parses Registration or Signin Request JSON

parseRegistration :: String -> Either U2FError Registration Source #

Parses Registration response JSON

parseRegistrationData :: ByteString -> Either U2FError RegistrationData Source #

Parses base64-encoded bytestring in Registration response

verifyRegistration :: Request -> Registration -> Either U2FError Request Source #

Verifies that Registration is a valid response to the Request

parseSignin :: String -> Either U2FError Signin Source #

Parses Signin response JSON

parseClientData :: ByteString -> Either U2FError ClientData Source #

Parses base64-encoded client data bytestring inside Signin response

verifySignin :: ByteString -> Request -> Signin -> Either U2FError Bool Source #

Verifies that Signin response is valid given saved pubkey bytestring, request. Warning!: Expects uncompressed public key.

formatOutputBase64 :: ByteString -> Text Source #

URL-friendly base64 encoding may or may not contain padding. (https:/tools.ietf.orghtml/rfc4648#section-3.2). We remove it here.