From 94d351004688992f8aeac7d03da55d179ef50e8c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 6 Aug 2016 21:39:38 -0400 Subject: more cost calculation and refactored Tunables --- Encryption.hs | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) (limited to 'Encryption.hs') diff --git a/Encryption.hs b/Encryption.hs index 083aedd..98afdfd 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -3,23 +3,37 @@ module Encryption where import Types +import Cost +import Tunables import ExpensiveHash import qualified Data.ByteString as B import Raaz.Core.Encode import qualified Raaz.Cipher.AES as AES import Data.Word +import Data.Monoid -- | An AES key, which is used to encrypt the key that is stored -- in keysafe. -newtype KeyEncryptionKey = KeyEncryptionKey AES.KEY256 +data KeyEncryptionKey = KeyEncryptionKey + AES.KEY256 + (Cost DecryptionOp) + (CostCalc BruteForceOp UnknownPassword) --- | An ExpensiveHash of the KeyIdent and a RandomObstacle are combined --- to form the AES key. --- --- An attacker has to brute force both, while a legitimate user --- only has to brute force the RandomObstacle. -genKeyEncryptionKey :: KeyIdent -> Password -> KeyEncryptionKey -genKeyEncryptionKey = undefined +-- | The ExpensiveHash of the Password is combined with a +-- RandomObstacle to form the AES key. Combination method is logical OR. +genKeyEncryptionKey :: Tunables -> KeyIdent -> Password -> KeyEncryptionKey +genKeyEncryptionKey tunables keyident password = + KeyEncryptionKey k decryptcost bruteforcecalc + where + k = undefined -- hashb <> ob -- TODO use logical OR + (ExpensiveHash hashcost hashb) = expensiveHash tunables salt password + salt = Salt keyident + (RandomObstacle ob) = genRandomObstacle decryptcost + decryptcost = CombinedCost (decryptionCost tunables) (castCost hashcost) + -- To brute force data encrypted with this key, + -- an attacker needs to pay the decryptcost for each password + -- checked. + bruteforcecalc = bruteForceLinearSearch decryptcost -- | A random value which adds difficulty to decrypting, since it's never -- written down anywhere and must always be brute-forced. @@ -32,7 +46,13 @@ genKeyEncryptionKey = undefined -- -- The fewer leading 0's and thus longer the random bits, -- the harder it is. -data RandomObstacle = RandomObstacle Word64 +data RandomObstacle = RandomObstacle B.ByteString -genRandomObstacle :: Int -> RandomObstacle -genRandomObstacle difficulty = undefined +-- | Generate a random obstacle that will add the specified cost to AES +-- decryption. +-- +-- AES can be calculated more efficiently by a GPU, so the cost must be +-- a GPU cost. +genRandomObstacle :: Cost DecryptionOp -> RandomObstacle +genRandomObstacle (GPUCost c) = undefined +genRandomObstacle _ = error "decryptionCost must be a GPUCost" -- cgit v1.2.3