From fd2cb3cd3608401f42d3d0d06b7f961bb0b1ebb4 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Thu, 27 Apr 2017 15:55:46 -0400
Subject: put the hash of the publickey in the clearsigned gpg message

This way changes to JSON won't risk breaking that.
---
 Crypto.hs | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'Crypto.hs')

diff --git a/Crypto.hs b/Crypto.hs
index 1c898e7..800b0d2 100644
--- a/Crypto.hs
+++ b/Crypto.hs
@@ -5,14 +5,12 @@ module Crypto where
 import Val
 import Hash
 import Types
-import JSON
 
 import qualified Crypto.PubKey.Ed25519 as Ed25519
 import Crypto.Error
 import Crypto.Random.Entropy
 import Data.ByteArray (convert)
 import qualified Data.ByteString as B
-import qualified Data.ByteString.Lazy as L
 import System.IO
 import System.Process
 import System.Exit
@@ -104,7 +102,7 @@ gpgSign pk = do
 			{ std_in = CreatePipe
 			, std_out = CreatePipe
 			}
-	L.hPut hin $ encode pk
+	B.hPut hin $ val $ hashValue $ hash pk
 	hClose hin
 	hSetBinaryMode hout True
 	sig <- GpgSig . Val <$> B.hGetContents hout
@@ -131,11 +129,11 @@ gpgVerify gpgopts (GpgSigned pk (GpgSig (Val sig))) = do
 	B.hPut hin sig
 	hClose hin
 	hSetBinaryMode hout True
-	out <- L.hGetContents hout
+	signeddata <- B.hGetContents hout
 	st <- waitForProcess pid
 	return $ case st of
 		ExitFailure _ -> False
-		ExitSuccess -> Just pk == decode out
+		ExitSuccess -> val (hashValue (hash pk)) == signeddata
   where
 	extraopts = if any ("--keyserver" `isPrefixOf`) gpgopts
 		then gpgopts
-- 
cgit v1.2.3