diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-08-17 14:28:33 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-08-17 14:28:33 -0400 |
| commit | f60ac335e4e827fd242ab22539adb49f26e2c319 (patch) | |
| tree | 255e16e03210b9ccb6faf72b4afd29b7262f42d9 /Encryption.hs | |
| parent | b474ab87ae45ed77f42eb41f658a55262bd92217 (diff) | |
| download | keysafe-f60ac335e4e827fd242ab22539adb49f26e2c319.tar.gz | |
add progress bars to restore
also, restore actually works!
Diffstat (limited to 'Encryption.hs')
| -rw-r--r-- | Encryption.hs | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/Encryption.hs b/Encryption.hs index 8d508d8..d5a9879 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -38,8 +38,16 @@ encrypt tunables kek (SecretKey secret) = EncryptedSecretKey b (keyBruteForceCal b = Raaz.unsafeEncrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) $ getEncryptableBytes $ toEncryptableBytes tunables secret -decrypt :: KeyEncryptionKey -> EncryptedSecretKey -> Maybe SecretKey -decrypt kek (EncryptedSecretKey b _) = SecretKey <$> fromEncryptableBytes pbs +decrypt :: Candidates KeyEncryptionKey -> EncryptedSecretKey -> Maybe SecretKey +decrypt (Candidates l _ _) esk = go l + where + go [] = Nothing + go (kek:rest) = case decrypt' kek esk of + Just sk -> Just sk + Nothing -> go rest + +decrypt' :: KeyEncryptionKey -> EncryptedSecretKey -> Maybe SecretKey +decrypt' kek (EncryptedSecretKey b _) = SecretKey <$> fromEncryptableBytes pbs where pbs = EncryptableBytes $ Raaz.unsafeDecrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) b @@ -48,13 +56,28 @@ decrypt kek (EncryptedSecretKey b _) = SecretKey <$> fromEncryptableBytes pbs data KeyEncryptionKey = KeyEncryptionKey { keyEncryptionKey :: AesKey , keyEncryptionIV :: Raaz.IV + , keyCreationCost :: Cost CreationOp , keyDecryptionCost :: Cost DecryptionOp , keyBruteForceCalc :: CostCalc BruteForceOp UnknownPassword } +instance HasCreationCost KeyEncryptionKey where + getCreationCost = keyCreationCost + +instance HasDecryptionCost KeyEncryptionKey where + getDecryptionCost = keyDecryptionCost + instance Bruteforceable KeyEncryptionKey UnknownPassword where getBruteCostCalc = keyBruteForceCalc +data Candidates a = Candidates [a] (Cost CreationOp) (Cost DecryptionOp) + +instance HasCreationCost (Candidates a) where + getCreationCost (Candidates _ c _) = c + +instance HasDecryptionCost (Candidates a) where + getDecryptionCost (Candidates _ _ c) = c + -- | The ExpensiveHash of the Password used as the KeyEncryptionKey -- -- Name is used as a salt, to prevent rainbow table attacks. @@ -81,16 +104,17 @@ genKeyEncryptionKeys saltprefixes tunables (Name name) (Password password) = decryptcost = castCost $ randomSaltBytesBruteForceCost kektunables kektunables = keyEncryptionKeyTunable tunables - mk saltprefix = KeyEncryptionKey (hashToAESKey hash) iv decryptcost bruteforcecalc + mk saltprefix = KeyEncryptionKey (hashToAESKey hash) iv (getCreationCost hash) decryptcost bruteforcecalc where salt = Salt (saltprefix <> name) hash = expensiveHash (keyEncryptionKeyHash kektunables) salt password -- | A stream of all the key encryption keys that need to be tried to -- decrypt. -candidateKeyEncryptionKeys :: Tunables -> Name -> Password -> [KeyEncryptionKey] +candidateKeyEncryptionKeys :: Tunables -> Name -> Password -> Candidates KeyEncryptionKey candidateKeyEncryptionKeys tunables name password = - genKeyEncryptionKeys saltprefixes tunables name password + let ks@(k:_) = genKeyEncryptionKeys saltprefixes tunables name password + in Candidates ks (getCreationCost k) (getDecryptionCost k) where saltprefixes = allByteStringsOfLength $ randomSaltBytes $ keyEncryptionKeyTunable tunables |