From 07bd29a80ed36c63296214af34689d0cce14751f Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sun, 7 Aug 2016 18:49:15 -0400
Subject: reorg, and working on serialization

---
 Encryption.hs | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

(limited to 'Encryption.hs')

diff --git a/Encryption.hs b/Encryption.hs
index 50fa0fb..be0a234 100644
--- a/Encryption.hs
+++ b/Encryption.hs
@@ -4,9 +4,7 @@ module Encryption where
 
 import Types
 import Cost
-import Tunables
 import ExpensiveHash
-import Data.Word
 import Data.Bits
 import Data.Monoid
 import Data.Maybe
@@ -28,22 +26,23 @@ instance Bruteforceable KeyEncryptionKey UnknownPassword where
 -- | The ExpensiveHash of the Password is combined with a 
 -- RandomObstacle to form the AES key. Combination method is logical OR.
 genKeyEncryptionKey :: Tunables -> KeyIdent -> Password -> IO KeyEncryptionKey
-genKeyEncryptionKey tunables keyident password = do
-	ob@(RandomObstacle ok) <- genRandomObstacle tunables
-	-- Truncate the hash to the AES key length.
-	let truncatedhashb = B.take (B.length (toByteString ok)) hashb
-	let k = fromMaybe (error "genKeyEncryptionKey fromByteString failed") $
-		fromByteString truncatedhashb
-	let strongk = mixinRandomObstacle ob k
-	return $ KeyEncryptionKey strongk decryptcost bruteforcecalc
+genKeyEncryptionKey tunables keyident password = case decryptionPuzzleTunable tunables of
+	KeyBlindingLeftSide puzzlecost -> do
+		ob@(RandomObstacle ok) <- genRandomObstacle tunables
+		-- Truncate the hash to the AES key length.
+		let truncatedhashb = B.take (B.length (toByteString ok)) hashb
+		let k = fromMaybe (error "genKeyEncryptionKey fromByteString failed") $
+			fromByteString truncatedhashb
+		let strongk = mixinRandomObstacle ob k
+		let decryptcost = CombinedCost puzzlecost (castCost hashcost)
+		-- To brute force data encrypted with this key,
+		-- an attacker needs to pay the decryptcost for
+		-- each password checked.
+		let bruteforcecalc = bruteForceLinearSearch decryptcost
+		return $ KeyEncryptionKey strongk decryptcost bruteforcecalc
   where
 	(ExpensiveHash hashcost hashb) = expensiveHash tunables salt password
 	salt = Salt keyident
-	decryptcost = CombinedCost (decryptionPuzzleCost tunables) (castCost hashcost)
-	-- To brute force data encrypted with this key,
-	-- an attacker needs to pay the decryptcost for each password
-	-- checked.
-	bruteforcecalc = bruteForceLinearSearch decryptcost
 
 -- | A random value which can be mixed into an AES key to 
 -- require decrypting it to perform some brute-force work.
@@ -67,11 +66,13 @@ sizeRandomObstacle tunables = ceiling $ nbits / 8
 	-- in 2016, a GPU can run AES at 10 GB/s.
 	bytespersecond = 10*1024*1024*1024
 	triespersecond = bytespersecond `div` fromIntegral (objectSize tunables)
-	targetseconds = case decryptionPuzzleCost tunables of
-		GPUCost (Seconds n) -> n
-		_ -> error "decryptionPuzzleCost must be a GPUCost"
+	targetseconds = case decryptionPuzzleTunable tunables of
+		KeyBlindingLeftSide cost -> case cost of
+			GPUCost (Seconds n) -> n
+			_ -> error "decryptionPuzzleCost must be a GPUCost"
 	-- Add one bit of entropy, because a brute-force attack will
 	-- on average succeed half-way through the search space.
+	nbits :: Double
 	nbits = logBase 2 (fromIntegral $ targetseconds * triespersecond) + 1
 
 mkRandomObstacle :: AES.KEY256 -> Int -> AES.KEY256
-- 
cgit v1.2.3