{-# LANGUAGE OverloadedStrings #-}

module Encryption where

import Types
import ExpensiveHash
import qualified Data.ByteString as B
import Raaz.Core.Encode
import qualified Raaz.Cipher.AES as AES
import Data.Word

-- | An AES key, which is used to encrypt the key that is stored
-- in keysafe.
newtype KeyEncryptionKey = KeyEncryptionKey AES.KEY256

-- | An ExpensiveHash of the KeyIdent and a RandomObstacle are combined
-- to form the AES key.
--
-- An attacker has to brute force both, while a legitimate user
-- only has to brute force the RandomObstacle.
genKeyEncryptionKey :: KeyIdent -> Password -> KeyEncryptionKey
genKeyEncryptionKey = undefined

-- | A random value which adds difficulty to decrypting, since it's never
-- written down anywhere and must always be brute-forced.
--
-- It's always 64 bits long, and is left padded with 0's,
-- which are followed by a series of random bits (which necessarily always
-- starts with 1). Eg:
--
-- > 0000000000000000000000000000000000000000000000000000000100011100
--
-- The fewer leading 0's and thus longer the random bits,
-- the harder it is.
data RandomObstacle = RandomObstacle Word64

genRandomObstacle :: Int -> RandomObstacle
genRandomObstacle difficulty = undefined