From f60ac335e4e827fd242ab22539adb49f26e2c319 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Wed, 17 Aug 2016 14:28:33 -0400
Subject: add progress bars to restore

also, restore actually works!
---
 Encryption.hs | 34 +++++++++++++++++++++++++++++-----
 1 file changed, 29 insertions(+), 5 deletions(-)

(limited to 'Encryption.hs')

diff --git a/Encryption.hs b/Encryption.hs
index 8d508d8..d5a9879 100644
--- a/Encryption.hs
+++ b/Encryption.hs
@@ -38,8 +38,16 @@ encrypt tunables kek (SecretKey secret) = EncryptedSecretKey b (keyBruteForceCal
 	b = Raaz.unsafeEncrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) $
 		getEncryptableBytes $ toEncryptableBytes tunables secret
 
-decrypt :: KeyEncryptionKey -> EncryptedSecretKey -> Maybe SecretKey
-decrypt kek (EncryptedSecretKey b _) = SecretKey <$> fromEncryptableBytes pbs
+decrypt :: Candidates KeyEncryptionKey -> EncryptedSecretKey -> Maybe SecretKey
+decrypt (Candidates l _ _) esk = go l
+  where
+	go [] = Nothing
+	go (kek:rest) = case decrypt' kek esk of
+		Just sk -> Just sk
+		Nothing -> go rest
+
+decrypt' :: KeyEncryptionKey -> EncryptedSecretKey -> Maybe SecretKey
+decrypt' kek (EncryptedSecretKey b _) = SecretKey <$> fromEncryptableBytes pbs
   where
 	pbs = EncryptableBytes $ Raaz.unsafeDecrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) b
 
@@ -48,13 +56,28 @@ decrypt kek (EncryptedSecretKey b _) = SecretKey <$> fromEncryptableBytes pbs
 data KeyEncryptionKey = KeyEncryptionKey
 	{ keyEncryptionKey :: AesKey
 	, keyEncryptionIV :: Raaz.IV
+	, keyCreationCost :: Cost CreationOp
 	, keyDecryptionCost :: Cost DecryptionOp
 	, keyBruteForceCalc :: CostCalc BruteForceOp UnknownPassword
 	}
 
+instance HasCreationCost KeyEncryptionKey where
+	getCreationCost = keyCreationCost
+
+instance HasDecryptionCost KeyEncryptionKey where
+	getDecryptionCost = keyDecryptionCost
+
 instance Bruteforceable KeyEncryptionKey UnknownPassword where
 	getBruteCostCalc = keyBruteForceCalc
 
+data Candidates a = Candidates [a] (Cost CreationOp) (Cost DecryptionOp)
+
+instance HasCreationCost (Candidates a) where
+	getCreationCost (Candidates _ c _) = c
+
+instance HasDecryptionCost (Candidates a) where
+	getDecryptionCost (Candidates _ _ c) = c
+
 -- | The ExpensiveHash of the Password used as the KeyEncryptionKey
 --
 -- Name is used as a salt, to prevent rainbow table attacks.
@@ -81,16 +104,17 @@ genKeyEncryptionKeys saltprefixes tunables (Name name) (Password password) =
 	decryptcost = castCost $ randomSaltBytesBruteForceCost kektunables
 	kektunables = keyEncryptionKeyTunable tunables
 
-	mk saltprefix = KeyEncryptionKey (hashToAESKey hash) iv decryptcost bruteforcecalc
+	mk saltprefix = KeyEncryptionKey (hashToAESKey hash) iv (getCreationCost hash) decryptcost bruteforcecalc
 	  where
 		salt = Salt (saltprefix <> name)
 		hash = expensiveHash (keyEncryptionKeyHash kektunables) salt password
 
 -- | A stream of all the key encryption keys that need to be tried to 
 -- decrypt.
-candidateKeyEncryptionKeys :: Tunables -> Name -> Password -> [KeyEncryptionKey]
+candidateKeyEncryptionKeys :: Tunables -> Name -> Password -> Candidates KeyEncryptionKey
 candidateKeyEncryptionKeys tunables name password =
-	genKeyEncryptionKeys saltprefixes tunables name password
+	let ks@(k:_) = genKeyEncryptionKeys saltprefixes tunables name password
+	in Candidates ks (getCreationCost k) (getDecryptionCost k)
   where
 	saltprefixes = allByteStringsOfLength $ 
 		randomSaltBytes $ keyEncryptionKeyTunable tunables
-- 
cgit v1.2.3