Stability | experimental |
---|---|
Safe Haskell | None |
Language | Haskell2010 |
This module implements the Android SafetyNet Attestation Statement Format.
Synopsis
- format :: SomeAttestationStatementFormat
- data Format = Format {}
- data Integrity
- data VerificationError
Documentation
format :: SomeAttestationStatementFormat Source #
The default SafetyNet format configuration. Requires full CTSProfileIntegrity and allows for the SafetyNet message to be at most 60 seconds old. Does not allow any timedrift into the future.
The Android SafetyKey Format. Allows configuration of the required level of trust.
Format | |
|
Instances
Show Format Source # | |
AttestationStatementFormat Format Source # | |
Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet asfIdentifier :: Format -> Text Source # asfVerify :: Format -> DateTime -> AttStmt Format -> AuthenticatorData 'Registration 'True -> ClientDataHash -> Validation (NonEmpty (AttStmtVerificationError Format)) SomeAttestationType Source # asfTrustAnchors :: Format -> VerifiableAttestationType -> CertificateStore Source # asfDecode :: Format -> HashMap Text Term -> Either Text (AttStmt Format) Source # | |
type AttStmt Format Source # | |
type AttStmtVerificationError Format Source # | |
(spec) The integrity of an android device from which a SafetyNet message originated.
NoIntegrity | The device has no integrity, which is the case for an emulator, or it could be the case for a compromised device |
BasicIntegrity | The device must have passed the basic integrity check, which is e.g. the case for a device with a custom ROM but not rooted, or a certified device with an unlocked bootloader |
CTSProfileIntegrity | The device passed the CTS, it is genuine and verified |
Instances
Bounded Integrity Source # | |
Enum Integrity Source # | |
Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet succ :: Integrity -> Integrity # pred :: Integrity -> Integrity # fromEnum :: Integrity -> Int # enumFrom :: Integrity -> [Integrity] # enumFromThen :: Integrity -> Integrity -> [Integrity] # enumFromTo :: Integrity -> Integrity -> [Integrity] # enumFromThenTo :: Integrity -> Integrity -> Integrity -> [Integrity] # | |
Eq Integrity Source # | |
Ord Integrity Source # | |
Show Integrity Source # | |
data VerificationError Source #
Verification errors specific to Android SafetyNet
VerificationErrorInvalidNonce | The receiced nonce was not set to the concatenation of the authenticator data and client data hash |
VerificationErrorResponseTooOld DateTime DateTime | The response was created to far in the past (first: now, second: generated time) |
VerificationErrorResponseInFuture DateTime DateTime | The response was created to far in the future (first: now, second: generated time) |
VerificationErrorFailedIntegrityCheck Integrity | The integrity check failed based on the required integrity from the format |