diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-08-06 17:35:10 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-08-06 17:35:10 -0400 |
commit | 7192abc5d53aa5a6ee609ed30bd05f1575e67b65 (patch) | |
tree | 2f1d17f27b483a8deec001a12a55696b0eea5978 /Encryption.hs | |
parent | fbd0bb3a2b2541e897708fb441ab1c8a2b5ab78e (diff) | |
download | keysafe-7192abc5d53aa5a6ee609ed30bd05f1575e67b65.tar.gz |
some basic data types and expensive hashing
Diffstat (limited to 'Encryption.hs')
-rw-r--r-- | Encryption.hs | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/Encryption.hs b/Encryption.hs new file mode 100644 index 0000000..083aedd --- /dev/null +++ b/Encryption.hs @@ -0,0 +1,38 @@ +{-# LANGUAGE OverloadedStrings #-} + +module Encryption where + +import Types +import ExpensiveHash +import qualified Data.ByteString as B +import Raaz.Core.Encode +import qualified Raaz.Cipher.AES as AES +import Data.Word + +-- | An AES key, which is used to encrypt the key that is stored +-- in keysafe. +newtype KeyEncryptionKey = KeyEncryptionKey AES.KEY256 + +-- | An ExpensiveHash of the KeyIdent and a RandomObstacle are combined +-- to form the AES key. +-- +-- An attacker has to brute force both, while a legitimate user +-- only has to brute force the RandomObstacle. +genKeyEncryptionKey :: KeyIdent -> Password -> KeyEncryptionKey +genKeyEncryptionKey = undefined + +-- | A random value which adds difficulty to decrypting, since it's never +-- written down anywhere and must always be brute-forced. +-- +-- It's always 64 bits long, and is left padded with 0's, +-- which are followed by a series of random bits (which necessarily always +-- starts with 1). Eg: +-- +-- > 0000000000000000000000000000000000000000000000000000000100011100 +-- +-- The fewer leading 0's and thus longer the random bits, +-- the harder it is. +data RandomObstacle = RandomObstacle Word64 + +genRandomObstacle :: Int -> RandomObstacle +genRandomObstacle difficulty = undefined |