diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-08-11 23:59:38 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-08-11 23:59:38 -0400 |
| commit | 53d9809ad524bf9c2b4962649588afeb7e3e0c86 (patch) | |
| tree | 2a7bb356b5cf768b60996246bca83feac0a73abb /Encryption.hs | |
| parent | 785a4c17686b2248a4c27e61564604a3999e9c22 (diff) | |
| download | keysafe-53d9809ad524bf9c2b4962649588afeb7e3e0c86.tar.gz | |
zero-pad size of padded bytes
Diffstat (limited to 'Encryption.hs')
| -rw-r--r-- | Encryption.hs | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/Encryption.hs b/Encryption.hs index 19cb650..385f36a 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -73,15 +73,15 @@ cipher = Raaz.aes256cbc blocksize :: Int blocksize = fromIntegral $ Raaz.blockSize cipher -encrypt :: KeyEncryptionKey -> SecretKey -> EncryptedSecretKey -encrypt kek (SecretKey secret) = EncryptedSecretKey b (keyBruteForceCalc kek) +encrypt :: Tunables -> KeyEncryptionKey -> SecretKey -> EncryptedSecretKey +encrypt tunables kek (SecretKey secret) = EncryptedSecretKey b (keyBruteForceCalc kek) where -- Raaz does not seem to provide a high-level interface -- for AES encryption, so use unsafeEncrypt, doing our own padding -- of the secret key, so that it is a multiple of -- the block size. b = Raaz.unsafeEncrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) $ - getPaddedBytes $ toPaddedBytes blocksize secret + getPaddedBytes $ toPaddedBytes tunables blocksize secret decrypt :: KeyEncryptionKey -> EncryptedSecretKey -> Maybe SecretKey decrypt kek (EncryptedSecretKey b _) = SecretKey <$> fromPaddedBytes pbs @@ -195,16 +195,20 @@ newtype PaddedBytes = PaddedBytes { getPaddedBytes :: B.ByteString } deriving (Show) -- Pad with NULs. Since the bytestring can itself include NULs, prefix --- with the length. -toPaddedBytes :: Int -> B.ByteString -> PaddedBytes -toPaddedBytes n b = PaddedBytes $ - B8.pack (show len) <> B.singleton 0 <> b <> padding +-- with the length. Length is itself padded with 0's. +toPaddedBytes :: Tunables -> Int -> B.ByteString -> PaddedBytes +toPaddedBytes tunables n b = PaddedBytes $ + B8.pack paddedlen <> B.singleton 0 <> b <> padding where len = B.length b r = len `rem` n padding | r == 0 = B.empty | otherwise = B.replicate (n - r) 0 + paddedlen = + let s = show len + in replicate (lensz - length s) '0' ++ s + lensz = length $ show $ objectSize tunables fromPaddedBytes :: PaddedBytes -> Maybe B.ByteString fromPaddedBytes (PaddedBytes b) = case B.break (== 0) b of |