From 7192abc5d53aa5a6ee609ed30bd05f1575e67b65 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sat, 6 Aug 2016 17:35:10 -0400
Subject: some basic data types and expensive hashing

---
 Encryption.hs | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 Encryption.hs

(limited to 'Encryption.hs')

diff --git a/Encryption.hs b/Encryption.hs
new file mode 100644
index 0000000..083aedd
--- /dev/null
+++ b/Encryption.hs
@@ -0,0 +1,38 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+module Encryption where
+
+import Types
+import ExpensiveHash
+import qualified Data.ByteString as B
+import Raaz.Core.Encode
+import qualified Raaz.Cipher.AES as AES
+import Data.Word
+
+-- | An AES key, which is used to encrypt the key that is stored
+-- in keysafe.
+newtype KeyEncryptionKey = KeyEncryptionKey AES.KEY256
+
+-- | An ExpensiveHash of the KeyIdent and a RandomObstacle are combined
+-- to form the AES key.
+--
+-- An attacker has to brute force both, while a legitimate user
+-- only has to brute force the RandomObstacle.
+genKeyEncryptionKey :: KeyIdent -> Password -> KeyEncryptionKey
+genKeyEncryptionKey = undefined
+
+-- | A random value which adds difficulty to decrypting, since it's never
+-- written down anywhere and must always be brute-forced.
+--
+-- It's always 64 bits long, and is left padded with 0's,
+-- which are followed by a series of random bits (which necessarily always
+-- starts with 1). Eg:
+--
+-- > 0000000000000000000000000000000000000000000000000000000100011100
+--
+-- The fewer leading 0's and thus longer the random bits,
+-- the harder it is.
+data RandomObstacle = RandomObstacle Word64
+
+genRandomObstacle :: Int -> RandomObstacle
+genRandomObstacle difficulty = undefined
-- 
cgit v1.2.3