reorg

1 files changed, 10 insertions, 13 deletions

diff --git a/Encryption.hs b/Encryption.hs
index fbeb1c6..5e91ef5 100644
--- a/Encryption.hs
+++ b/Encryption.hs
@@ -43,21 +43,9 @@ encrypt tunables kek (SecretKey secret) =
 data DecryptResult 
 	= DecryptSuccess SecretKey
 	| DecryptIncomplete KeyEncryptionKey
+	-- ^ Returned when the EncryptedSecretKey is truncated.
 	| DecryptFailed
 
--- | Tries each candidate key in turn until one unlocks the encrypted data.
---
--- When the EncryptedSecretKey is truncated, returns IncompleteDecrypt.
--- This avoids needing to try the candidate keys again after retrieving
--- more chunks.
-tryDecrypt :: Candidates KeyEncryptionKey -> EncryptedSecretKey -> DecryptResult
-tryDecrypt (Candidates l _ _) esk = go l
-  where
-	go [] = DecryptFailed
-	go (kek:rest) = case decrypt kek esk of
-		DecryptFailed -> go rest
-		r -> r
-
 decrypt :: KeyEncryptionKey -> EncryptedSecretKey -> DecryptResult
 decrypt kek (EncryptedSecretKey cs _) = case decodeEncryptableBytes pbs of
 	Nothing -> DecryptFailed
@@ -68,6 +56,15 @@ decrypt kek (EncryptedSecretKey cs _) = case decodeEncryptableBytes pbs of
 		Raaz.unsafeDecrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) b
 	b = B.concat cs
 
+-- | Tries each candidate key in turn until one unlocks the encrypted data.
+tryDecrypt :: Candidates KeyEncryptionKey -> EncryptedSecretKey -> DecryptResult
+tryDecrypt (Candidates l _ _) esk = go l
+  where
+	go [] = DecryptFailed
+	go (kek:rest) = case decrypt kek esk of
+		DecryptFailed -> go rest
+		r -> r
+
 -- | An AES key, which is used to encrypt the secret key that is stored
 -- in keysafe.
 data KeyEncryptionKey = KeyEncryptionKey