Stability | experimental |
---|---|
Safe Haskell | None |
Language | Haskell2010 |
This module implements the Android Key Attestation Statement Format.
Synopsis
- format :: SomeAttestationStatementFormat
- newtype Format = Format {}
- data TrustLevel
- data VerificationError
Documentation
format :: SomeAttestationStatementFormat Source #
The default Android Key format configuration. Requires the attestation to be backed by a Trusted Executing Environment (TEE).
The Android Key Format. Allow configuration of the required level of trust.
Instances
Show Format Source # | |
AttestationStatementFormat Format Source # | |
Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidKey asfIdentifier :: Format -> Text Source # asfVerify :: Format -> DateTime -> AttStmt Format -> AuthenticatorData 'Registration 'True -> ClientDataHash -> Validation (NonEmpty (AttStmtVerificationError Format)) SomeAttestationType Source # asfTrustAnchors :: Format -> VerifiableAttestationType -> CertificateStore Source # asfDecode :: Format -> HashMap Text Term -> Either Text (AttStmt Format) Source # | |
type AttStmt Format Source # | |
type AttStmtVerificationError Format Source # | |
data TrustLevel Source #
The required Trust level for Android Key attestation.
SoftwareEnforced | Trust has to be ensured on the software level. This is weaker than TEE enforced trust. |
TeeEnforced | Hardware backed attestation, this requires that the Trusted Executing Environment enforced the attestation. |
data VerificationError Source #
Verification errors specific to Android Key attestation
PublicKeyMismatch | The public key in the certificate is different from the on in the attested credential data |
| |
HashMismatch | The challenge field of the certificate extension does not match the clientDataHash (first: challenge from certificate extension, second: clientDataHash) |
| |
AndroidKeyAllApplicationsFieldFound | The "attestation" extension is scoped to all applications instead of just the RpId |
AndroidKeyOriginFieldInvalid | The origin field(s) were not equal to KM_ORIGIN_GENERATED (0) (first: tee-enforced origin, second: software-enforced origin (if allowed by the specified Format)) |
| |
AndroidKeyPurposeFieldInvalid | The purpose field(s) were not equal to the singleton set containing KM_PURPOSE_SIGN (2) (first: tee-enforced purpose, second: software-enforced purpose (if allowed by the specified Format)) |
| |
VerificationFailure Text | The Public key cannot verify the signature over the authenticatorData and the clientDataHash. |
Instances
Show VerificationError Source # | |
Defined in Crypto.WebAuthn.AttestationStatementFormat.AndroidKey showsPrec :: Int -> VerificationError -> ShowS # show :: VerificationError -> String # showList :: [VerificationError] -> ShowS # | |
Exception VerificationError Source # | |