Stability | experimental |
---|---|
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
This module implements the TPM Attestation Statement Format.
Synopsis
- format :: SomeAttestationStatementFormat
- data Format = Format
- data VerificationError
- = PublicKeyMismatch { }
- | MagicNumberInvalid Word32
- | TypeInvalid Word16
- | NameAlgorithmInvalid TPMAlgId
- | NameMismatch { }
- | PublicKeyInvalid Text
- | CertificateVersionInvalid Int
- | VerificationFailure Text
- | SubjectFieldNotEmpty [(OID, ASN1CharacterString)]
- | VendorUnknown Text
- | ExtKeyOIDMissing
- | BasicConstraintsTrue
- | CertificateAAGUIDMismatch { }
- | ASN1Error ASN1Error
- | CredentialAAGUIDMissing
- | HashFunctionUnknown
- | HashMismatch { }
- data TPMAlgId
Documentation
format :: SomeAttestationStatementFormat Source #
Helper function that wraps the TPM format into the general SomeAttestationStatementFormat type.
The TPM format. The sole purpose of this type is to instantiate the AttestationStatementFormat typeclass below.
Instances
Show Format Source # | |
AttestationStatementFormat Format Source # | |
Defined in Crypto.WebAuthn.AttestationStatementFormat.TPM asfIdentifier :: Format -> Text Source # asfVerify :: Format -> DateTime -> AttStmt Format -> AuthenticatorData 'Registration 'True -> ClientDataHash -> Validation (NonEmpty (AttStmtVerificationError Format)) SomeAttestationType Source # asfTrustAnchors :: Format -> VerifiableAttestationType -> CertificateStore Source # asfDecode :: Format -> HashMap Text Term -> Either Text (AttStmt Format) Source # | |
type AttStmt Format Source # | |
type AttStmtVerificationError Format Source # | |
data VerificationError Source #
Verification errors specific to TPM attestation
PublicKeyMismatch | The public key in the certificate is different from the on in the attested credential data |
| |
MagicNumberInvalid Word32 | The magic number in certInfo was not set to TPM_GENERATED_VALUE (0xff544347) |
TypeInvalid Word16 | The type in certInfo was not set to TPM_ST_ATTEST_CERTIFY (0x8017) |
NameAlgorithmInvalid TPMAlgId | The algorithm specified in the nameAlg field is unsupported or is not a valid name algorithm |
NameMismatch | The calulated name does not match the provided name. |
| |
PublicKeyInvalid Text | The public key in the certificate was invalid, either because the it had an unexpected algorithm, or because it was otherwise malformed |
CertificateVersionInvalid Int | The certificate didn't have the expected version-value (2) |
VerificationFailure Text | The Public key cannot verify the signature over the authenticatorData and the clientDataHash. |
SubjectFieldNotEmpty [(OID, ASN1CharacterString)] | The subject field was not empty |
VendorUnknown Text | The vendor was unknown |
ExtKeyOIDMissing | The Extended Key Usage did not contain the 2.23.133.8.3 OID |
BasicConstraintsTrue | The CA component of the basic constraints extension was set to True |
CertificateAAGUIDMismatch | The AAGUID in the attested credential data does not match the AAGUID in the fido certificate extension |
| |
ASN1Error ASN1Error | The (supposedly) ASN1 encoded certificate extension could not be decoded |
CredentialAAGUIDMissing | The certificate extension does not contain a AAGUID |
HashFunctionUnknown | The desired algorithm does not have a known associated hash function |
HashMismatch | The calculated hash over the attToBeSigned does not match the received hash |
|
Instances
Exception VerificationError Source # | |
Show VerificationError Source # | |
Defined in Crypto.WebAuthn.AttestationStatementFormat.TPM showsPrec :: Int -> VerificationError -> ShowS # show :: VerificationError -> String # showList :: [VerificationError] -> ShowS # |
Instances
ToJSON TPMAlgId Source # | |
Generic TPMAlgId Source # | |
Show TPMAlgId Source # | |
Eq TPMAlgId Source # | |
type Rep TPMAlgId Source # | |
Defined in Crypto.WebAuthn.AttestationStatementFormat.TPM type Rep TPMAlgId = D1 ('MetaData "TPMAlgId" "Crypto.WebAuthn.AttestationStatementFormat.TPM" "webauthn-0.9.0.0-inplace" 'False) ((C1 ('MetaCons "TPMAlgRSA" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "TPMAlgSHA1" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "TPMAlgSHA256" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "TPMAlgECC" 'PrefixI 'False) (U1 :: Type -> Type))) |