diff options
Diffstat (limited to 'Encryption.hs')
| -rw-r--r-- | Encryption.hs | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/Encryption.hs b/Encryption.hs index 880095d..3e085a0 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -32,10 +32,9 @@ encrypt :: Tunables -> KeyEncryptionKey -> SecretKey -> EncryptedSecretKey encrypt tunables kek (SecretKey secret) = EncryptedSecretKey (chunkByteString (objectSize tunables) b) (keyBruteForceCalc kek) where - -- Raaz does not seem to provide a high-level interface - -- for AES encryption, so use unsafeEncrypt. The use of - -- EncryptableBytes makes sure it's provided with a - -- multiple of the AES block size. + -- Raaz does not provide a high-level interface for AES encryption, + -- so we use unsafeEncrypt. The use of EncryptableBytes makes + -- sure it's provided with a multiple of the AES block size. b = Raaz.unsafeEncrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) $ getEncryptableBytes $ encodeEncryptableBytes tunables secret @@ -104,8 +103,7 @@ instance HasDecryptionCost (Candidates a) where -- run the hash repeatedly. genKeyEncryptionKey :: Tunables -> Name -> Password -> IO KeyEncryptionKey genKeyEncryptionKey tunables name password = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - saltprefix <- genRandomSaltPrefix prg tunables + saltprefix <- genRandomSaltPrefix tunables return $ head $ genKeyEncryptionKeys [saltprefix] tunables name password @@ -144,12 +142,12 @@ genIV (Name name) = Raaz.fromByteString $ B.take ivlen $ Raaz.toByteString $ Raaz.sha256 name where - ivlen = fromIntegral $ Raaz.byteSize (undefined :: Raaz.IV) + ivlen = fromIntegral $ Raaz.sizeOf (undefined :: Raaz.IV) type SaltPrefix = B.ByteString -genRandomSaltPrefix :: Raaz.SystemPRG -> Tunables -> IO SaltPrefix -genRandomSaltPrefix prg tunables = randomByteStringOfLength n prg +genRandomSaltPrefix :: Tunables -> IO SaltPrefix +genRandomSaltPrefix tunables = randomByteStringOfLength n where n = randomSaltBytes $ keyEncryptionKeyTunable tunables @@ -164,7 +162,7 @@ hashToAESKey (ExpensiveHash _ t) = fromMaybe (error "hashToAESKey fromByteString failed") $ Raaz.fromByteString b where - b = B.take (fromIntegral $ Raaz.byteSize (undefined :: AesKey)) $ + b = B.take (fromIntegral $ Raaz.sizeOf (undefined :: AesKey)) $ Raaz.toByteString $ Raaz.sha256 (E.encodeUtf8 t) -- | A bytestring that can be AES encrypted. |