blob: 94a7b0978f41817535182a14523a70fabf50e397 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
{-# LANGUAGE OverloadedStrings #-}
{- Copyright 2016 Joey Hess <id@joeyh.name>
-
- Licensed under the GNU AGPL version 3 or higher.
-}
module Main where
import Types
import Tunables
import qualified CmdLine
import UI
import Encryption
import Cost
import Shard
import Storage
import Storage.LocalFiles
main :: IO ()
main = do
cmdline <- CmdLine.get
ui <- selectUI (CmdLine.gui cmdline)
let name = CmdLine.name cmdline
let keytype = CmdLine.keytype cmdline
-- TODO determine gpg key id by examining secret key,
-- or retrieving public key from keyserver and examining it.
let keyid = KeyId keytype "dummy key id"
case CmdLine.mode cmdline of
CmdLine.Backup -> storedemo name keyid $
if CmdLine.testMode cmdline
then testModeTunables
else defaultTunables
CmdLine.Restore -> retrievedemo name keyid
storedemo :: Name -> KeyId -> Tunables -> IO ()
storedemo name keyid tunables = do
kek <- genKeyEncryptionKey tunables name password
putStrLn "Very rough estimate of cost to brute-force the password:"
print $ estimateAttack spotAWS $ estimateBruteforceOf kek
(passwordEntropy password)
let esk = encrypt tunables kek secretkey
let sis = shardIdents tunables name keyid
shards <- genShards esk tunables
print =<< mapM (uncurry (storeShard localFiles)) (zip (getIdents sis) shards)
print =<< obscureShards localFiles
where
password = Password "correct horse battery staple"
secretkey = SecretKey "this is a gpg private key"
retrievedemo :: Name -> KeyId -> IO ()
retrievedemo name keyid = do
let sis = shardIdents tunables name keyid
-- we drop 1 to simulate not getting all shards from the servers
let l = drop 1 $ zip [1..] (getIdents sis)
shards <- map (\(RetrieveSuccess s) -> s)
<$> mapM (uncurry (retrieveShard localFiles)) l
_ <- obscureShards localFiles
let esk = combineShards tunables shards
basekek <- genKeyEncryptionKey tunables name password
go esk (candidateKeyEncryptionKeys tunables basekek)
where
go _ [] = error "decryption failed"
go esk (kek:rest) = case decrypt kek esk of
Just (SecretKey sk) -> print sk
Nothing -> go esk rest
password = Password "correct horse battery staple"
-- TODO: derive by probing to find objects
tunables = testModeTunables -- defaultTunables
|
