From 53d9809ad524bf9c2b4962649588afeb7e3e0c86 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Thu, 11 Aug 2016 23:59:38 -0400
Subject: zero-pad size of padded bytes

---
 Encryption.hs | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

(limited to 'Encryption.hs')

diff --git a/Encryption.hs b/Encryption.hs
index 19cb650..385f36a 100644
--- a/Encryption.hs
+++ b/Encryption.hs
@@ -73,15 +73,15 @@ cipher = Raaz.aes256cbc
 blocksize :: Int	
 blocksize = fromIntegral $ Raaz.blockSize cipher
 
-encrypt :: KeyEncryptionKey -> SecretKey -> EncryptedSecretKey
-encrypt kek (SecretKey secret) = EncryptedSecretKey b (keyBruteForceCalc kek)
+encrypt :: Tunables -> KeyEncryptionKey -> SecretKey -> EncryptedSecretKey
+encrypt tunables kek (SecretKey secret) = EncryptedSecretKey b (keyBruteForceCalc kek)
   where
 	-- Raaz does not seem to provide a high-level interface
 	-- for AES encryption, so use unsafeEncrypt, doing our own padding
 	-- of the secret key, so that it is a multiple of
 	-- the block size.
 	b = Raaz.unsafeEncrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) $
-		getPaddedBytes $ toPaddedBytes blocksize secret
+		getPaddedBytes $ toPaddedBytes tunables blocksize secret
 
 decrypt :: KeyEncryptionKey -> EncryptedSecretKey -> Maybe SecretKey
 decrypt kek (EncryptedSecretKey b _) = SecretKey <$> fromPaddedBytes pbs
@@ -195,16 +195,20 @@ newtype PaddedBytes = PaddedBytes { getPaddedBytes :: B.ByteString }
 	deriving (Show)
 
 -- Pad with NULs. Since the bytestring can itself include NULs, prefix
--- with the length.
-toPaddedBytes :: Int -> B.ByteString -> PaddedBytes
-toPaddedBytes n b = PaddedBytes $
-	B8.pack (show len) <> B.singleton 0 <> b <> padding
+-- with the length. Length is itself padded with 0's.
+toPaddedBytes :: Tunables -> Int -> B.ByteString -> PaddedBytes
+toPaddedBytes tunables n b = PaddedBytes $
+	B8.pack paddedlen <> B.singleton 0 <> b <> padding
   where
 	len = B.length b
 	r = len `rem` n
 	padding
 		| r == 0 = B.empty
 		| otherwise = B.replicate (n - r) 0
+	paddedlen = 
+		let s = show len
+		in replicate (lensz - length s) '0' ++ s
+	lensz = length $ show $ objectSize tunables
 
 fromPaddedBytes :: PaddedBytes -> Maybe B.ByteString
 fromPaddedBytes (PaddedBytes b) = case B.break (== 0) b of
-- 
cgit v1.2.3