webauthn-0.7.0.0: Relying party (server) implementation of the WebAuthn 2 specification
Stabilityexperimental
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.WebAuthn.AttestationStatementFormat.AndroidKey

Description

This module implements the Android Key Attestation Statement Format.

Synopsis

Documentation

format :: SomeAttestationStatementFormat Source #

The default Android Key format configuration. Requires the attestation to be backed by a Trusted Executing Environment (TEE).

newtype Format Source #

The Android Key Format. Allow configuration of the required level of trust.

Constructors

Format 

Fields

Instances

Instances details
Show Format Source # 
Instance details

Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidKey

Methods

showsPrec :: Int -> Format -> ShowS #

show :: Format -> String #

showList :: [Format] -> ShowS #

AttestationStatementFormat Format Source # 
Instance details

Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidKey

Associated Types

type AttStmt Format Source #

type AttStmtVerificationError Format Source #

Methods

asfIdentifier :: Format -> Text Source #

asfVerify :: Format -> DateTime -> AttStmt Format -> AuthenticatorData 'Registration 'True -> ClientDataHash -> Validation (NonEmpty (AttStmtVerificationError Format)) SomeAttestationType Source #

asfTrustAnchors :: Format -> VerifiableAttestationType -> CertificateStore Source #

asfDecode :: Format -> HashMap Text Term -> Either Text (AttStmt Format) Source #

asfEncode :: Format -> AttStmt Format -> Term Source #

type AttStmt Format Source # 
Instance details

Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidKey

type AttStmt Format
type AttStmtVerificationError Format Source # 
Instance details

Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidKey

type AttStmtVerificationError Format = VerificationError

data TrustLevel Source #

The required Trust level for Android Key attestation.

Constructors

SoftwareEnforced

Trust has to be ensured on the software level. This is weaker than TEE enforced trust.

TeeEnforced

Hardware backed attestation, this requires that the Trusted Executing Environment enforced the attestation.

data VerificationError Source #

Verification errors specific to Android Key attestation

Constructors

PublicKeyMismatch

The public key in the certificate is different from the on in the attested credential data

Fields

HashMismatch

The challenge field of the certificate extension does not match the clientDataHash (first: challenge from certificate extension, second: clientDataHash)

Fields

AndroidKeyAllApplicationsFieldFound

The "attestation" extension is scoped to all applications instead of just the RpId

AndroidKeyOriginFieldInvalid

The origin field(s) were not equal to KM_ORIGIN_GENERATED (0) (first: tee-enforced origin, second: software-enforced origin (if allowed by the specified Format))

Fields

AndroidKeyPurposeFieldInvalid

The purpose field(s) were not equal to the singleton set containing KM_PURPOSE_SIGN (2) (first: tee-enforced purpose, second: software-enforced purpose (if allowed by the specified Format))

Fields

VerificationFailure Text

The Public key cannot verify the signature over the authenticatorData and the clientDataHash.

Instances

Instances details
Exception VerificationError Source # 
Instance details

Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidKey

Methods

toException :: VerificationError -> SomeException #

fromException :: SomeException -> Maybe VerificationError #

displayException :: VerificationError -> String #

Show VerificationError Source # 
Instance details

Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidKey

Methods

showsPrec :: Int -> VerificationError -> ShowS #

show :: VerificationError -> String #

showList :: [VerificationError] -> ShowS #