webauthn-0.1.1.0: Relying party (server) implementation of the WebAuthn 2 specification
Stabilityexperimental
Safe HaskellNone
LanguageHaskell2010

Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet

Description

Synopsis

Documentation

format :: SomeAttestationStatementFormat Source #

The default SafetyNet format configuration. Requires full CTSProfileIntegrity and allows for the SafetyNet message to be at most 60 seconds old. Does not allow any timedrift into the future.

data Format Source #

The Android SafetyKey Format. Allows configuration of the required level of trust.

Constructors

Format 

Fields

data Integrity Source #

(spec) The integrity of an android device from which a SafetyNet message originated.

Constructors

NoIntegrity

The device has no integrity, which is the case for an emulator, or it could be the case for a compromised device

BasicIntegrity

The device must have passed the basic integrity check, which is e.g. the case for a device with a custom ROM but not rooted, or a certified device with an unlocked bootloader

CTSProfileIntegrity

The device passed the CTS, it is genuine and verified

data VerificationError Source #

Verification errors specific to Android SafetyNet

Constructors

VerificationErrorInvalidNonce

The receiced nonce was not set to the concatenation of the authenticator data and client data hash

VerificationErrorResponseTooOld DateTime DateTime

The response was created to far in the past (first: now, second: generated time)

VerificationErrorResponseInFuture DateTime DateTime

The response was created to far in the future (first: now, second: generated time)

VerificationErrorFailedIntegrityCheck Integrity

The integrity check failed based on the required integrity from the format