From 192f8cca5252410c2e2e00278378a4f59744992e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 22 Jan 2017 09:45:36 -0400 Subject: add news item for keysafe 0.20170122 --- doc/news/version_0.20160927.mdwn | 20 -------------------- doc/news/version_0.20170122.mdwn | 8 ++++++++ 2 files changed, 8 insertions(+), 20 deletions(-) delete mode 100644 doc/news/version_0.20160927.mdwn create mode 100644 doc/news/version_0.20170122.mdwn diff --git a/doc/news/version_0.20160927.mdwn b/doc/news/version_0.20160927.mdwn deleted file mode 100644 index 1787aa5..0000000 --- a/doc/news/version_0.20160927.mdwn +++ /dev/null @@ -1,20 +0,0 @@ -keysafe 0.20160927 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Makefile: Avoid rebuilding on make install, so that sudo make install works. - * Added --chaff-max-delay option for slower chaffing. - * Fix embedded copy of Argon2 to not use Word64, fixing build on 32 bit - systems. - * Randomize the server list. - * Don't upload more than neededshares-1 shares to Alternate servers - without asking the user if they want to do this potentially dangerous - action. - * Added a second keysafe server to the server list. It's provided - by Marek Isalski at Faelix. Currently located in UK, but planned move - to CH. Currently at Alternate level until verification is complete. - * Server: --motd can be used to provide a Message Of The Day. - * Added --check-servers mode, which is useful both at the command line - to see what servers keysafe knows about, and as a cron job. - * Server: Round number of objects down to the nearest thousand, to avoid - leaking too much data about when objects are uploaded to servers. - * Filter out escape sequences and any other unusual characters when - writing all messages to the console."""]] \ No newline at end of file diff --git a/doc/news/version_0.20170122.mdwn b/doc/news/version_0.20170122.mdwn new file mode 100644 index 0000000..de03c93 --- /dev/null +++ b/doc/news/version_0.20170122.mdwn @@ -0,0 +1,8 @@ +keysafe 0.20170122 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Adjust cabal bounds to allow building with ghc 8.0. + However, the stack.yaml is still using an old LTS version + to avoid polynomial's failure to build with ghc 8.0 + (https://github.com/mokus0/polynomial/issues/8) + * Clarify that dollars in cost estimates are USD. + * Keysafe has a new website, https://keysafe.branchable.com/"""]] \ No newline at end of file -- cgit v1.2.3 From 54147d3b7d40c115c8b0df3ee02f8c03f1ad31df Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 22 Jan 2017 09:48:15 -0400 Subject: fix news feed --- doc/index.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/index.mdwn b/doc/index.mdwn index e0cda48..1aab4d5 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -42,7 +42,7 @@ Also, there's a [[FAQ]]. ## News -[[!inline pages="code/keysafe/news/* and !*/Discussion" show="3"]] +[[!inline pages="news/* and !*/Discussion" show="3"]] ## Installation -- cgit v1.2.3 From 6dacb83d99f7c255839c3f763e3f4abb5fa98f56 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 22 Jan 2017 09:48:47 -0400 Subject: remove --- doc/news/version_0.20161006.mdwn | 10 ---------- doc/news/version_0.20161007.mdwn | 9 --------- doc/news/version_0.20161022.mdwn | 12 ------------ doc/news/version_0.20161107.mdwn | 14 -------------- 4 files changed, 45 deletions(-) delete mode 100644 doc/news/version_0.20161006.mdwn delete mode 100644 doc/news/version_0.20161007.mdwn delete mode 100644 doc/news/version_0.20161022.mdwn delete mode 100644 doc/news/version_0.20161107.mdwn diff --git a/doc/news/version_0.20161006.mdwn b/doc/news/version_0.20161006.mdwn deleted file mode 100644 index 2758b34..0000000 --- a/doc/news/version_0.20161006.mdwn +++ /dev/null @@ -1,10 +0,0 @@ -keysafe 0.20161006 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * New --add-storage-directory and --add-server options, which can be used - to make keysafe backup/restore using additional locations. - * Removed --store-local option; use --add-storage-directory instead. - * Fix bugs with entry of gpg keyid in the keysafe.log. - * Fix bug in --autostart that caused the full gpg keyid to be - used to generate object names, which made restores would only work - when --gpgkeyid was specifid. - * Remove embedded copy of argon2 binding, depend on fixed version of package."""]] \ No newline at end of file diff --git a/doc/news/version_0.20161007.mdwn b/doc/news/version_0.20161007.mdwn deleted file mode 100644 index a7e8468..0000000 --- a/doc/news/version_0.20161007.mdwn +++ /dev/null @@ -1,9 +0,0 @@ -keysafe 0.20161007 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Check if --store-local directory is writable. - * Removed dependency on crypto-random. - * Added a LSB init script, for non-systemd systems. - (It currently uses Debian's start-stop-daemon, so would need porting - for other distributions.) - * /etc/default/keysafe is read by both the systemd service file and the - init script, and contains configuration for the keysafe server."""]] \ No newline at end of file diff --git a/doc/news/version_0.20161022.mdwn b/doc/news/version_0.20161022.mdwn deleted file mode 100644 index e54f26e..0000000 --- a/doc/news/version_0.20161022.mdwn +++ /dev/null @@ -1,12 +0,0 @@ -keysafe 0.20161022 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Add keywords to desktop file. - Thanks, Sean Whitton - * Fix use of .IP macro in manpage. - Thanks, Sean Whitton - * Fix some mispellings. - Thanks, Sean Whitton - * Makefile: Propagate LDFLAGS, CFLAGS, and CPPFLAGS through ghc. - * Makefile: Allow setting BUILDER=./Setup to build w/o cabal or stack. - * Makefile: Allow setting BUILDEROPTIONS=-j1 to avoid concurrent - build, which should make build reproducible."""]] \ No newline at end of file diff --git a/doc/news/version_0.20161107.mdwn b/doc/news/version_0.20161107.mdwn deleted file mode 100644 index d98987e..0000000 --- a/doc/news/version_0.20161107.mdwn +++ /dev/null @@ -1,14 +0,0 @@ -keysafe 0.20161107 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * The third keysafe server is now available, provided by Purism. - * Purism's keysafe server has been vetted to Recommended level! - * Change default for --port to 4242. - * Fix --check-server to not fail when the server has not had anything - stored on it yet. - * --upload-queued: Exit nonzero if unable to upload all queued objects. - * --autostart: If unable to upload all queued objects initially, - delay between 1 and 2 hours and try again. - * Better suggestion when user is having difficulty thinking of a strong - enough password. - * Defer requesting secret key from gpg until just before backup, so the - user knows why gpg is asking for this secret key to be backed up."""]] \ No newline at end of file -- cgit v1.2.3 From 9211f8aed5805437c5c9d120e265f24c9bbebe07 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 22 Jan 2017 09:52:14 -0400 Subject: add LCA talk --- doc/index.mdwn | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/index.mdwn b/doc/index.mdwn index 1aab4d5..8f8275a 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -40,6 +40,12 @@ For a more in-depth explanation, and some analysis of different attack vectors (and how keysafe thwarts them), see [[details]]. Also, there's a [[FAQ]]. +Here's a video explaining keysafe: + + + + + ## News [[!inline pages="news/* and !*/Discussion" show="3"]] -- cgit v1.2.3 From eac76566af2ecdb836a0c0e4274fdbbe2bd261cd Mon Sep 17 00:00:00 2001 From: spwhitton Date: Wed, 25 Jan 2017 14:52:54 +0000 Subject: link to instructions: how to use debian experimental --- doc/index.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/index.mdwn b/doc/index.mdwn index 8f8275a..407cb41 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -52,8 +52,8 @@ Here's a video explaining keysafe: ## Installation -Keysafe is now available in Debian experimental. Install it from there, or -from source. +Keysafe is now available in [Debian experimental](https://wiki.debian.org/DebianExperimental). +Install it from there, or from source. ## Git repository -- cgit v1.2.3 From 6da465ce37d737951fe61e32327002e0bf1a1aa1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 25 Jan 2017 15:21:19 -0400 Subject: todo --- TODO | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/TODO b/TODO index 18426bf..c018dc8 100644 --- a/TODO +++ b/TODO @@ -2,6 +2,20 @@ Soon: * Finish vetting 2 servers to Recommended. * Set up --check-servers in a cron job, so I know when servers are down. +* Remove gpg key passohrase from gpg keys that keysafe backs up. + The reason for this is that the user may well forget their gpg key + passphrase, and it's *weird* to restore a key with keysafe's password + and then have it passphrase protected. + The gpg key passphrase is intended only to keep a key from being used + for a short period of time (a week or so) when the device holding it + is known to have been compromised, so the key can be revoked. + This doesn't really apply to keys backed up with keysafe -- if they get + compromised somehow, the user won't know, and cracking the gpg passphrase + should be almost trivial to an attacker who was able to break keysafe's + password. + paperkey can remove gpg key passphrases. Is there any better way? + It might make sense for keysafe to prompt for a new gpg passphrase + when restoring. Later: -- cgit v1.2.3 From d471029790667c3630078f7054fa86dc41ffadc4 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 25 Jan 2017 15:32:31 -0400 Subject: add better object-id derivation idea --- TODO | 22 +++++++++++++++++----- doc/details.mdwn | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/TODO b/TODO index c018dc8..7b56c90 100644 --- a/TODO +++ b/TODO @@ -39,11 +39,6 @@ Later: * Add some random padding to http requests and responses, to make it harder for traffic analysis to tell that given TOR traffic is keysafe traffic. -* Argon2d is more resistent to GPU/ASIC attack optimisation. - Switching from Argon2i would require new tunables, and delay restores - (of keys backed up using the old tunables, and when the user provides the - wrong name) by ~10 minutes, so deferred for now - until there's some other reason to change the tunables. Wishlist: @@ -86,3 +81,20 @@ Wishlist: restore from working. (It also makes a malicious data attack (as described in https://keysafe.branchable.com/details/) possible by attackers who do not control the servers. + +Encryption tunables changes: + +* Argon2d is more resistent to GPU/ASIC attack optimisation. + Switching from Argon2i would require new tunables, and delay restores + (of keys backed up using the old tunables, and when the user provides the + wrong name) by ~10 minutes, so deferred for now + until there's some other reason to change the tunables. +* The ShareIdents derivation currently appends a number and sha256 hashes + to generate a stream of values. Ben M points out that HMAC is a more + typical way to do such a thing. Even better, a HKDF-Expand + (RFC5869) can generate a stream which can then be chunked up into values. + Either of these would avoid a full pre-image attack on SHA-2 breaking + keysafe. Of course, such an SHA-2 attack would be a general security + disaster. HKDF may prove more robust in the face of partial SHA-2 breaks. + Deferred for now until tthere's some other reason to change keysafe's + tunables. diff --git a/doc/details.mdwn b/doc/details.mdwn index e0f85e5..b014b2b 100644 --- a/doc/details.mdwn +++ b/doc/details.mdwn @@ -363,3 +363,37 @@ This could be used in several ways: objects for both. If the user is being forced to give up their keysafe name and password, they could provide the fake name, and if it were used, their data would get deleted from the keysafe servers. + +### Better object-id derivation + +An idea from Ben M: + +> I was the fellow who mentioned using an HMAC instead of +> append-index-and-hash to generate the object-ids in keysafe. +> +> That's probably an okay approach if you need to bind the output to a +> particular input string, but on reflection (unless I missed something) +> it would be equivalent for keysafe to take a stream and chop it up, then +> just "number" the chunks sequentially. +> +> In that case, the "most correct" choice would probably be HKDF (RFC5869 +> [1]). Specifically, the second part of HKDF -- "HKDF-Expand". +> +> (The first part, HKDF-Extract, is appropriate to apply /before/ key +> stretching, but stretching itself serves much the same purpose -- +> removing "structure" from the input key. Especially given that Argon2 +> is designed specifically to handle user passwords, I expect that +> HKDF-Extract is entirely unnecessary here.) +> +> HKDF is what TLS 1.3 will use to expand its per-session master keys into +> individual keys for encryption and MACing [2], and AFAIK is generally +> considered The Right Way to generate a stream of distinct keys from a +> master key, where the compromise of any key should not permit derivation +> of the others. +> +> So, um. Pretend I never mentioned HMAC, but spruiked HKDF instead :) +> +> (Of course, this is pretty much bikeshedding. A first pre-image attack +> on SHA-2 in the near term would be a rude shock, and a full break would +> break HKDF too. But HKDF may prove more robust in the face of partial +> breaks, giving more time to move everyone to a new hash or scheme.) -- cgit v1.2.3 From d07c8fd267843b3cac57f65080984e265ba1beda Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 25 Jan 2017 15:51:46 -0400 Subject: avoid stack install keysafe stack does not look at stack.yaml when run that way. So annoying.. --- doc/index.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/index.mdwn b/doc/index.mdwn index 407cb41..873eb35 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -69,9 +69,9 @@ libraries, and zenity. For example, on a Debian system: sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity -Then to build and install keysafe: +Then to build and install keysafe, cd into its source tree and run: - stack install keysafe + stack install Note that there is a manpage, but stack doesn't install it yet. -- cgit v1.2.3 From 0e5dac41b5d08d72c3799d9cc52de0ed95c2e870 Mon Sep 17 00:00:00 2001 From: "ppk@9db2302f91bf3f0afd3efde3c940c994fe8250ad" Date: Thu, 2 Mar 2017 03:51:54 +0000 Subject: --- doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn new file mode 100644 index 0000000..4bc825a --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn @@ -0,0 +1,8 @@ +New version of raaz is released and will hopefully end up in debian expt. soon. +It would be good if we can get keysafe to use the new interface as there is some breakage +but hope fully good ones. + + +Ref. + +https://github.com/raaz-crypto/raaz/issues/278 -- cgit v1.2.3 From fc39ddb96af70c14c5de739408b03a14ef2053bf Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 3 Mar 2017 15:44:01 -0400 Subject: Updated to use raaz-0.1.1. This commit was sponsored by John Peloquin on Patreon. --- ByteStrings.hs | 13 ++++--------- CHANGELOG | 6 ++++++ Encryption.hs | 18 ++++++++---------- HTTP/ProofOfWork.hs | 17 ++++++++++++----- HTTP/Server.hs | 1 - Storage.hs | 12 +++++------- ...comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment | 17 +++++++++++++++++ keysafe.cabal | 2 +- stack.yaml | 2 +- 9 files changed, 54 insertions(+), 34 deletions(-) create mode 100644 doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment diff --git a/ByteStrings.hs b/ByteStrings.hs index cecf617..90b42f0 100644 --- a/ByteStrings.hs +++ b/ByteStrings.hs @@ -1,5 +1,3 @@ -{-# OPTIONS_GHC -fno-warn-orphans #-} - {- Copyright 2016 Joey Hess - - Licensed under the GNU AGPL version 3 or higher. @@ -9,8 +7,6 @@ module ByteStrings where import qualified Data.ByteString as B import qualified Raaz -import Control.Monad -import Data.Word allByteStringsOfLength :: Int -> [B.ByteString] allByteStringsOfLength = go [] @@ -34,9 +30,8 @@ chunkByteString n = go [] let (h, t) = B.splitAt n b in go (h:cs) t -instance Raaz.Random Word8 - -randomByteStringOfLength :: Int -> Raaz.SystemPRG -> IO B.ByteString -randomByteStringOfLength n prg = B.pack <$> replicateM n randbyte +randomByteStringOfLength :: Int -> IO B.ByteString +randomByteStringOfLength n = Raaz.securely gen where - randbyte = Raaz.random prg :: IO Word8 + gen :: Raaz.RandM B.ByteString + gen = Raaz.randomByteString (Raaz.BYTES n) diff --git a/CHANGELOG b/CHANGELOG index 8d8036b..786943d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +keysafe (0.20170123) UNRELEASED; urgency=medium + + * Updated to use raaz-0.1.1. + + -- Joey Hess Fri, 03 Mar 2017 15:41:36 -0400 + keysafe (0.20170122) unstable; urgency=medium * Adjust cabal bounds to allow building with ghc 8.0. diff --git a/Encryption.hs b/Encryption.hs index 880095d..3e085a0 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -32,10 +32,9 @@ encrypt :: Tunables -> KeyEncryptionKey -> SecretKey -> EncryptedSecretKey encrypt tunables kek (SecretKey secret) = EncryptedSecretKey (chunkByteString (objectSize tunables) b) (keyBruteForceCalc kek) where - -- Raaz does not seem to provide a high-level interface - -- for AES encryption, so use unsafeEncrypt. The use of - -- EncryptableBytes makes sure it's provided with a - -- multiple of the AES block size. + -- Raaz does not provide a high-level interface for AES encryption, + -- so we use unsafeEncrypt. The use of EncryptableBytes makes + -- sure it's provided with a multiple of the AES block size. b = Raaz.unsafeEncrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) $ getEncryptableBytes $ encodeEncryptableBytes tunables secret @@ -104,8 +103,7 @@ instance HasDecryptionCost (Candidates a) where -- run the hash repeatedly. genKeyEncryptionKey :: Tunables -> Name -> Password -> IO KeyEncryptionKey genKeyEncryptionKey tunables name password = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - saltprefix <- genRandomSaltPrefix prg tunables + saltprefix <- genRandomSaltPrefix tunables return $ head $ genKeyEncryptionKeys [saltprefix] tunables name password @@ -144,12 +142,12 @@ genIV (Name name) = Raaz.fromByteString $ B.take ivlen $ Raaz.toByteString $ Raaz.sha256 name where - ivlen = fromIntegral $ Raaz.byteSize (undefined :: Raaz.IV) + ivlen = fromIntegral $ Raaz.sizeOf (undefined :: Raaz.IV) type SaltPrefix = B.ByteString -genRandomSaltPrefix :: Raaz.SystemPRG -> Tunables -> IO SaltPrefix -genRandomSaltPrefix prg tunables = randomByteStringOfLength n prg +genRandomSaltPrefix :: Tunables -> IO SaltPrefix +genRandomSaltPrefix tunables = randomByteStringOfLength n where n = randomSaltBytes $ keyEncryptionKeyTunable tunables @@ -164,7 +162,7 @@ hashToAESKey (ExpensiveHash _ t) = fromMaybe (error "hashToAESKey fromByteString failed") $ Raaz.fromByteString b where - b = B.take (fromIntegral $ Raaz.byteSize (undefined :: AesKey)) $ + b = B.take (fromIntegral $ Raaz.sizeOf (undefined :: AesKey)) $ Raaz.toByteString $ Raaz.sha256 (E.encodeUtf8 t) -- | A bytestring that can be AES encrypted. diff --git a/HTTP/ProofOfWork.hs b/HTTP/ProofOfWork.hs index a94b19b..61fea20 100644 --- a/HTTP/ProofOfWork.hs +++ b/HTTP/ProofOfWork.hs @@ -95,10 +95,13 @@ mkProofOfWorkRequirement (Seconds n) newtype RequestIDSecret = RequestIDSecret (Raaz.Key (Raaz.HMAC Raaz.SHA256)) +-- | Random data is generated insecurely, eg not locked in memory because +-- this is a transient secret. newRequestIDSecret :: IO RequestIDSecret -newRequestIDSecret = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - RequestIDSecret <$> Raaz.random prg +newRequestIDSecret = RequestIDSecret <$> Raaz.insecurely gen + where + gen :: Raaz.RandM (Raaz.Key (Raaz.HMAC Raaz.SHA256)) + gen = Raaz.random mkRequestID :: RequestIDSecret -> IO RequestID mkRequestID secret = mkRequeestID' secret <$> mkRandomSalt @@ -113,11 +116,15 @@ validRequestID secret rid = let rid' = mkRequeestID' secret (randomSalt rid) in requestHMAC rid == requestHMAC rid' +-- | Random data is generated insecurely, eg not locked in memory because +-- this is a transient secret. mkRandomSalt :: IO RandomSalt mkRandomSalt = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - rs <- replicateM 16 (Raaz.random prg :: IO Word8) + rs <- Raaz.insecurely $ replicateM 16 gen return $ RandomSalt $ T.pack $ concatMap show rs + where + gen :: Raaz.RandM Word8 + gen = Raaz.random class POWIdent p where getPOWIdent :: p -> B.ByteString diff --git a/HTTP/Server.hs b/HTTP/Server.hs index 6fd570d..61bdbfd 100644 --- a/HTTP/Server.hs +++ b/HTTP/Server.hs @@ -18,7 +18,6 @@ import CmdLine (ServerConfig(..)) import Storage.Local import Serialization () import Servant -import Network.Wai import Network.Wai.Handler.Warp import Control.Monad.IO.Class import Control.Concurrent diff --git a/Storage.hs b/Storage.hs index c481d77..feb5791 100644 --- a/Storage.hs +++ b/Storage.hs @@ -26,7 +26,6 @@ import Control.Concurrent.Async import qualified Data.Set as S import System.Random import System.Random.Shuffle -import qualified Raaz networkStorageLocations :: Maybe LocalStorageDirectory -> StorageLocations networkStorageLocations = StorageLocations . serverList @@ -171,25 +170,24 @@ storeChaff :: HostName -> Port -> Maybe Seconds -> IO () storeChaff hn port delayseconds = forever $ do say $ "Sending chaff to " ++ hn ++ " (press ctrl-c to stop)" say "Legend: + = successful upload, ! = upload failure" - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - randomname <- randomByteStringOfLength 128 prg + randomname <- randomByteStringOfLength 128 -- It's ok the use the testModeTunables here because -- the randomname is not something that can be feasibly guessed. -- Prefix "random chaff" to the name to avoid ever using a name -- that a real user might want to use. let sis = shareIdents testModeTunables (Name $ "random chaff:" <> randomname) AnyGpgKey - mapConcurrently (go sis prg) + mapConcurrently (go sis) [1..totalObjects (shareParams testModeTunables)] where server = networkStorage Untrusted Nothing $ Server (ServerName hn) [ServerAddress hn port] "chaff server" objsize = objectSize defaultTunables * shareOverhead defaultTunables maxmsdelay = ceiling $ 1000000 * fromMaybe 0 delayseconds - go sis prg n = do + go sis n = do msdelay <- getStdRandom (randomR (0, maxmsdelay)) delay msdelay - b <- randomByteStringOfLength objsize prg + b <- randomByteStringOfLength objsize let share = Share 0 (StorableObject b) let (is, sis') = nextShareIdents sis let i = S.toList is !! (n - 1) @@ -197,7 +195,7 @@ storeChaff hn port delayseconds = forever $ do case r of StoreSuccess -> progress "+" _ -> progress "!" - go sis' prg n + go sis' n -- | Shuffles the list, keeping Recommended first, then -- Alternate, and finally Untrusted. diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment new file mode 100644 index 0000000..0c9734e --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2017-03-03T19:30:06Z" + content=""" +Got it to compile without a great deal of difficulty. Only needed changes +around random data generation, and that is done with secure memory now +(in cases where it matters), which is nice! (Although I still need to do +further work to make keysafe use exclusively secure memory for gpg key +related material.) + +Keysafe's test suite passes, so this *probably* avoids breaking restore of +keys backed up before. + +I've committed this to master but want to test it some more before +releasing. +"""]] diff --git a/keysafe.cabal b/keysafe.cabal index 064a0e8..ebac775 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -38,7 +38,7 @@ Executable keysafe -- the version ranges, it's important to run keysafe --test secret-sharing == 1.0.* , argon2 == 1.2.* - , raaz == 0.0.2 + , raaz == 0.1.1 , base (>= 4.5 && < 5.0) , bytestring == 0.10.* , text == 1.2.* diff --git a/stack.yaml b/stack.yaml index 2658ab6..0deb662 100644 --- a/stack.yaml +++ b/stack.yaml @@ -6,7 +6,7 @@ extra-deps: - dice-entropy-conduit-1.0.0.1 - polynomial-0.7.2 - finite-field-0.8.0 - - raaz-0.0.2 + - raaz-0.1.1 - zxcvbn-c-1.0.0 - servant-0.7.1 - servant-server-0.7.1 -- cgit v1.2.3 From f569d149c4aabc6dc1ff0741de638a6adbd0328a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 3 Mar 2017 16:16:36 -0400 Subject: when we did not get enough shares, show how many we got --- Share.hs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Share.hs b/Share.hs index 2d848b9..6d39f99 100644 --- a/Share.hs +++ b/Share.hs @@ -94,7 +94,8 @@ genShares (EncryptedSecretKey cs _) tunables = do combineShares :: Tunables -> [S.Set Share] -> Either String EncryptedSecretKey combineShares tunables shares | null shares || any null shares || any (\l -> length l < sharesneeded) shares = - Left "Not enough shares are currently available to reconstruct your data." + Left $ "Not enough shares are currently available to reconstruct your data. " ++ + concatMap (\l -> "(Got " ++ show (length l) ++ "/" ++ show sharesneeded ++ ") ") shares | otherwise = Right $ mk $ map (BL.toStrict . SS.decode . map decodeshare . S.toList) shares where -- cgit v1.2.3 From 6e99f0da1d1107e293b160d07e78b8947ad1dc59 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 3 Mar 2017 16:17:06 -0400 Subject: releasing package keysafe version 0.20170303 --- CHANGELOG | 4 ++-- doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn | 2 ++ .../comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment | 8 ++++++++ keysafe.cabal | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment diff --git a/CHANGELOG b/CHANGELOG index 786943d..60167a0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,8 +1,8 @@ -keysafe (0.20170123) UNRELEASED; urgency=medium +keysafe (0.20170303) unstable; urgency=medium * Updated to use raaz-0.1.1. - -- Joey Hess Fri, 03 Mar 2017 15:41:36 -0400 + -- Joey Hess Fri, 03 Mar 2017 16:15:47 -0400 keysafe (0.20170122) unstable; urgency=medium diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn index 4bc825a..c05748c 100644 --- a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn @@ -6,3 +6,5 @@ but hope fully good ones. Ref. https://github.com/raaz-crypto/raaz/issues/278 + +> [[done]] --[[Joey]] diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment new file mode 100644 index 0000000..eb8a106 --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 2""" + date="2017-03-03T20:15:04Z" + content=""" +Tested restore of key backed up with a previous keysafe release; still +works after this conversion. +"""]] diff --git a/keysafe.cabal b/keysafe.cabal index ebac775..42e95fd 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -1,5 +1,5 @@ Name: keysafe -Version: 0.20170122 +Version: 0.20170303 Cabal-Version: >= 1.8 Maintainer: Joey Hess Author: Joey Hess -- cgit v1.2.3