diff options
Diffstat (limited to 'HTTP/ProofOfWork.hs')
-rw-r--r-- | HTTP/ProofOfWork.hs | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/HTTP/ProofOfWork.hs b/HTTP/ProofOfWork.hs index a94b19b..61fea20 100644 --- a/HTTP/ProofOfWork.hs +++ b/HTTP/ProofOfWork.hs @@ -95,10 +95,13 @@ mkProofOfWorkRequirement (Seconds n) newtype RequestIDSecret = RequestIDSecret (Raaz.Key (Raaz.HMAC Raaz.SHA256)) +-- | Random data is generated insecurely, eg not locked in memory because +-- this is a transient secret. newRequestIDSecret :: IO RequestIDSecret -newRequestIDSecret = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - RequestIDSecret <$> Raaz.random prg +newRequestIDSecret = RequestIDSecret <$> Raaz.insecurely gen + where + gen :: Raaz.RandM (Raaz.Key (Raaz.HMAC Raaz.SHA256)) + gen = Raaz.random mkRequestID :: RequestIDSecret -> IO RequestID mkRequestID secret = mkRequeestID' secret <$> mkRandomSalt @@ -113,11 +116,15 @@ validRequestID secret rid = let rid' = mkRequeestID' secret (randomSalt rid) in requestHMAC rid == requestHMAC rid' +-- | Random data is generated insecurely, eg not locked in memory because +-- this is a transient secret. mkRandomSalt :: IO RandomSalt mkRandomSalt = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - rs <- replicateM 16 (Raaz.random prg :: IO Word8) + rs <- Raaz.insecurely $ replicateM 16 gen return $ RandomSalt $ T.pack $ concatMap show rs + where + gen :: Raaz.RandM Word8 + gen = Raaz.random class POWIdent p where getPOWIdent :: p -> B.ByteString |