summaryrefslogtreecommitdiffhomepage
path: root/HTTP/ProofOfWork.hs
diff options
context:
space:
mode:
Diffstat (limited to 'HTTP/ProofOfWork.hs')
-rw-r--r--HTTP/ProofOfWork.hs17
1 files changed, 12 insertions, 5 deletions
diff --git a/HTTP/ProofOfWork.hs b/HTTP/ProofOfWork.hs
index a94b19b..61fea20 100644
--- a/HTTP/ProofOfWork.hs
+++ b/HTTP/ProofOfWork.hs
@@ -95,10 +95,13 @@ mkProofOfWorkRequirement (Seconds n)
newtype RequestIDSecret = RequestIDSecret (Raaz.Key (Raaz.HMAC Raaz.SHA256))
+-- | Random data is generated insecurely, eg not locked in memory because
+-- this is a transient secret.
newRequestIDSecret :: IO RequestIDSecret
-newRequestIDSecret = do
- prg <- Raaz.newPRG () :: IO Raaz.SystemPRG
- RequestIDSecret <$> Raaz.random prg
+newRequestIDSecret = RequestIDSecret <$> Raaz.insecurely gen
+ where
+ gen :: Raaz.RandM (Raaz.Key (Raaz.HMAC Raaz.SHA256))
+ gen = Raaz.random
mkRequestID :: RequestIDSecret -> IO RequestID
mkRequestID secret = mkRequeestID' secret <$> mkRandomSalt
@@ -113,11 +116,15 @@ validRequestID secret rid =
let rid' = mkRequeestID' secret (randomSalt rid)
in requestHMAC rid == requestHMAC rid'
+-- | Random data is generated insecurely, eg not locked in memory because
+-- this is a transient secret.
mkRandomSalt :: IO RandomSalt
mkRandomSalt = do
- prg <- Raaz.newPRG () :: IO Raaz.SystemPRG
- rs <- replicateM 16 (Raaz.random prg :: IO Word8)
+ rs <- Raaz.insecurely $ replicateM 16 gen
return $ RandomSalt $ T.pack $ concatMap show rs
+ where
+ gen :: Raaz.RandM Word8
+ gen = Raaz.random
class POWIdent p where
getPOWIdent :: p -> B.ByteString
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-15 18:55:55 +0000