Stability	experimental
Safe Haskell	Safe-Inferred
Language	Haskell2010

Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet

Description

This module implements the Android SafetyNet Attestation Statement Format.

Synopsis

format :: SomeAttestationStatementFormat
data Format = Format {
}
data Integrity
- = NoIntegrity
- | BasicIntegrity
- | CTSProfileIntegrity
data VerificationError
- = NonceMismatch {
  - responseNonce :: Text
  - calculatedNonce :: Text
  }
- | ResponseTimeInvalid {
  - lowerBound :: DateTime
  - upperBound :: DateTime
  - generatedtime :: DateTime
  }
- | IntegrityCheckFailed Integrity

Documentation

format :: SomeAttestationStatementFormat Source #

The default SafetyNet format configuration. Requires full CTSProfileIntegrity and allows for the SafetyNet message to be at most 60 seconds old. Does not allow any timedrift into the future.

data Format Source #

The Android SafetyKey Format. Allows configuration of the required level of trust.

Constructors

Format
Fields requiredIntegrity :: Integrity What level the integrity check of the originating Android device must have passed. driftBackwardsTolerance :: Duration The maximum time the received message may be old for it to still be considered valid. driftForwardsTolerance :: Duration The maximum time difference the received message may report being from the future for it to still be considered valid.

Instances

Instances details

Show Format Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Methods showsPrec :: Int -> Format -> ShowS # show :: Format -> String # showList :: [Format] -> ShowS #
AttestationStatementFormat Format Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Associated Types type AttStmt Format Source # type AttStmtVerificationError Format Source # Methods asfIdentifier :: Format -> Text Source # asfVerify :: Format -> DateTime -> AttStmt Format -> AuthenticatorData 'Registration 'True -> ClientDataHash -> Validation (NonEmpty (AttStmtVerificationError Format)) SomeAttestationType Source # asfTrustAnchors :: Format -> VerifiableAttestationType -> CertificateStore Source # asfDecode :: Format -> HashMap Text Term -> Either Text (AttStmt Format) Source # asfEncode :: Format -> AttStmt Format -> Term Source #
type AttStmt Format Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet type AttStmt Format
type AttStmtVerificationError Format Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet type AttStmtVerificationError Format = VerificationError

data Integrity Source #

(spec) The integrity of an android device from which a SafetyNet message originated.

Constructors

NoIntegrity	The device has no integrity, which is the case for an emulator, or it could be the case for a compromised device
BasicIntegrity	The device must have passed the basic integrity check, which is e.g. the case for a device with a custom ROM but not rooted, or a certified device with an unlocked bootloader
CTSProfileIntegrity	The device passed the CTS, it is genuine and verified

Instances

Instances details

Bounded Integrity Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Methods minBound :: Integrity # maxBound :: Integrity #
Enum Integrity Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Methods succ :: Integrity -> Integrity # pred :: Integrity -> Integrity # toEnum :: Int -> Integrity # fromEnum :: Integrity -> Int # enumFrom :: Integrity -> [Integrity] # enumFromThen :: Integrity -> Integrity -> [Integrity] # enumFromTo :: Integrity -> Integrity -> [Integrity] # enumFromThenTo :: Integrity -> Integrity -> Integrity -> [Integrity] #
Show Integrity Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Methods showsPrec :: Int -> Integrity -> ShowS # show :: Integrity -> String # showList :: [Integrity] -> ShowS #
Eq Integrity Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Methods (==) :: Integrity -> Integrity -> Bool # (/=) :: Integrity -> Integrity -> Bool #
Ord Integrity Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Methods compare :: Integrity -> Integrity -> Ordering # (<) :: Integrity -> Integrity -> Bool # (<=) :: Integrity -> Integrity -> Bool # (>) :: Integrity -> Integrity -> Bool # (>=) :: Integrity -> Integrity -> Bool # max :: Integrity -> Integrity -> Integrity # min :: Integrity -> Integrity -> Integrity #

data VerificationError Source #

Verification errors specific to Android SafetyNet

Constructors

NonceMismatch	The receiced nonce was not set to the concatenation of the authenticator data and client data hash
Fields responseNonce :: Text Nonce from the AndroidSafetyNet response calculatedNonce :: Text Base64 encoding of the SHA-256 hash of the concatenation of authenticatorData and clientDataHash
ResponseTimeInvalid	The response was created to far in the past or future
Fields lowerBound :: DateTime The UTC time minus the allowed drift specified in the `Format`. upperBound :: DateTime The UTC time plus the allowed drift specified in the `Format`. generatedtime :: DateTime The UTC time when the Android SafetyNet response was generated
IntegrityCheckFailed Integrity	The integrity check failed based on the required integrity from the format

Instances

Instances details

Exception VerificationError Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Methods toException :: VerificationError -> SomeException # fromException :: SomeException -> Maybe VerificationError # displayException :: VerificationError -> String #
Show VerificationError Source #
Instance details Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidSafetyNet Methods showsPrec :: Int -> VerificationError -> ShowS # show :: VerificationError -> String # showList :: [VerificationError] -> ShowS #