some basic data types and expensive hashing

1 files changed, 38 insertions, 0 deletions

diff --git a/Encryption.hs b/Encryption.hs
new file mode 100644
index 0000000..083aedd
--- /dev/null
+++ b/Encryption.hs
@@ -0,0 +1,38 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+module Encryption where
+
+import Types
+import ExpensiveHash
+import qualified Data.ByteString as B
+import Raaz.Core.Encode
+import qualified Raaz.Cipher.AES as AES
+import Data.Word
+
+-- | An AES key, which is used to encrypt the key that is stored
+-- in keysafe.
+newtype KeyEncryptionKey = KeyEncryptionKey AES.KEY256
+
+-- | An ExpensiveHash of the KeyIdent and a RandomObstacle are combined
+-- to form the AES key.
+--
+-- An attacker has to brute force both, while a legitimate user
+-- only has to brute force the RandomObstacle.
+genKeyEncryptionKey :: KeyIdent -> Password -> KeyEncryptionKey
+genKeyEncryptionKey = undefined
+
+-- | A random value which adds difficulty to decrypting, since it's never
+-- written down anywhere and must always be brute-forced.
+--
+-- It's always 64 bits long, and is left padded with 0's,
+-- which are followed by a series of random bits (which necessarily always
+-- starts with 1). Eg:
+--
+-- > 0000000000000000000000000000000000000000000000000000000100011100
+--
+-- The fewer leading 0's and thus longer the random bits,
+-- the harder it is.
+data RandomObstacle = RandomObstacle Word64
+
+genRandomObstacle :: Int -> RandomObstacle
+genRandomObstacle difficulty = undefined