git-annex/Crypto.hs

255 lines
8.1 KiB
Haskell
Raw Normal View History

2011-04-15 22:18:39 +00:00
{- git-annex crypto
-
- Currently using gpg; could later be modified to support different
- crypto backends if neccessary.
2011-04-15 22:18:39 +00:00
-
- Copyright 2011 Joey Hess <joey@kitenet.net>
-
- Licensed under the GNU GPL version 3 or higher.
-}
module Crypto (
Cipher,
EncryptedCipher,
2011-04-15 22:18:39 +00:00
genCipher,
updateCipher,
2011-04-17 22:18:27 +00:00
describeCipher,
2011-04-15 22:18:39 +00:00
storeCipher,
extractCipher,
decryptCipher,
encryptKey,
2011-04-17 17:11:38 +00:00
withEncryptedHandle,
withDecryptedHandle,
withEncryptedContent,
withDecryptedContent,
2011-04-21 20:56:24 +00:00
prop_hmacWithCipher_sane
2011-04-15 22:18:39 +00:00
) where
import qualified Data.ByteString.Lazy.Char8 as L
import qualified Data.Map as M
import Data.ByteString.Lazy.UTF8 (fromString)
import Data.Digest.Pure.SHA
import System.Cmd.Utils
import Data.String.Utils
import Data.List
import Data.Maybe
import System.IO
import System.Posix.IO
import System.Posix.Types
import System.Posix.Process
import Control.Concurrent
import Control.Exception (finally)
import System.Exit
import System.Environment
2011-04-15 22:18:39 +00:00
import Types
import Types.Key
import Types.Remote
2011-04-15 22:18:39 +00:00
import Utility
2011-07-06 00:24:10 +00:00
import Utility.Base64
import Types.Crypto
2011-04-15 22:18:39 +00:00
{- The first half of a Cipher is used for HMAC; the remainder
- is used as the GPG symmetric encryption passphrase.
-
2011-04-17 15:13:54 +00:00
- HMAC SHA1 needs only 64 bytes. The remainder is for expansion,
- perhaps to HMAC SHA512, which needs 128 bytes (ideally).
-
- 256 is enough for gpg's symetric cipher; unlike weaker public key
- crypto, the key does not need to be too large.
-}
cipherHalf :: Int
cipherHalf = 256
cipherSize :: Int
cipherSize = cipherHalf * 2
cipherPassphrase :: Cipher -> String
cipherPassphrase (Cipher c) = drop cipherHalf c
cipherHmac :: Cipher -> String
cipherHmac (Cipher c) = take cipherHalf c
2011-04-15 22:18:39 +00:00
{- Creates a new Cipher, encrypted as specified in the remote's configuration -}
genCipher :: RemoteConfig -> IO EncryptedCipher
genCipher c = do
ks <- configKeyIds c
2011-04-15 22:18:39 +00:00
random <- genrandom
encryptCipher (Cipher random) ks
2011-04-15 22:18:39 +00:00
where
genrandom = gpgRead
-- Armor the random data, to avoid newlines,
-- since gpg only reads ciphers up to the first
-- newline.
[ Params "--gen-random --armor"
2011-04-15 22:18:39 +00:00
, Param $ show randomquality
, Param $ show cipherSize
2011-04-15 22:18:39 +00:00
]
-- 1 is /dev/urandom; 2 is /dev/random
randomquality = 1 :: Int
2011-04-15 22:18:39 +00:00
{- Updates an existing Cipher, re-encrypting it to add KeyIds specified in
- the remote's configuration. -}
2011-04-15 22:18:39 +00:00
updateCipher :: RemoteConfig -> EncryptedCipher -> IO EncryptedCipher
updateCipher c encipher@(EncryptedCipher _ ks) = do
ks' <- configKeyIds c
cipher <- decryptCipher c encipher
encryptCipher cipher (combine ks ks')
where
combine (KeyIds a) (KeyIds b) = KeyIds $ a ++ b
2011-04-15 22:18:39 +00:00
2011-04-17 22:18:27 +00:00
describeCipher :: EncryptedCipher -> String
describeCipher (EncryptedCipher _ (KeyIds ks)) =
"with gpg " ++ keys ks ++ " " ++ unwords ks
where
keys [_] = "key"
keys _ = "keys"
2011-04-15 22:18:39 +00:00
{- Stores an EncryptedCipher in a remote's configuration. -}
storeCipher :: RemoteConfig -> EncryptedCipher -> RemoteConfig
storeCipher c (EncryptedCipher t ks) =
M.insert "cipher" (toB64 t) $ M.insert "cipherkeys" (show ks) c
2011-04-15 22:18:39 +00:00
{- Extracts an EncryptedCipher from a remote's configuration. -}
extractCipher :: RemoteConfig -> Maybe EncryptedCipher
extractCipher c =
case (M.lookup "cipher" c, M.lookup "cipherkeys" c) of
(Just t, Just ks) -> Just $ EncryptedCipher (fromB64 t) (read ks)
_ -> Nothing
{- Encrypts a Cipher to the specified KeyIds. -}
encryptCipher :: Cipher -> KeyIds -> IO EncryptedCipher
encryptCipher (Cipher c) (KeyIds ks) = do
let ks' = nub $ sort ks -- gpg complains about duplicate recipient keyids
encipher <- gpgPipeStrict (encrypt++recipients ks') c
return $ EncryptedCipher encipher (KeyIds ks')
where
encrypt = [ Params "--encrypt" ]
recipients l = force_recipients :
concatMap (\k -> [Param "--recipient", Param k]) l
-- Force gpg to only encrypt to the specified
-- recipients, not configured defaults.
force_recipients = Params "--no-encrypt-to --no-default-recipient"
2011-04-15 22:18:39 +00:00
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
decryptCipher :: RemoteConfig -> EncryptedCipher -> IO Cipher
decryptCipher _ (EncryptedCipher encipher _) =
return . Cipher =<< gpgPipeStrict decrypt encipher
where
decrypt = [ Param "--decrypt" ]
2011-04-15 22:18:39 +00:00
{- Generates an encrypted form of a Key. The encryption does not need to be
2011-04-15 22:18:39 +00:00
- reversable, nor does it need to be the same type of encryption used
- on content. It does need to be repeatable. -}
2011-04-15 22:18:39 +00:00
encryptKey :: Cipher -> Key -> IO Key
encryptKey c k =
return Key {
2011-04-21 20:56:24 +00:00
keyName = hmacWithCipher c (show k),
keyBackendName = "GPGHMACSHA1",
keySize = Nothing, -- size and mtime omitted
keyMtime = Nothing -- to avoid leaking data
}
2011-04-15 22:18:39 +00:00
2011-04-17 17:11:38 +00:00
{- Runs an action, passing it a handle from which it can
- stream encrypted content. -}
withEncryptedHandle :: Cipher -> IO L.ByteString -> (Handle -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
withEncryptedHandle = gpgCipherHandle [Params "--symmetric --force-mdc"]
{- Runs an action, passing it a handle from which it can
- stream decrypted content. -}
withDecryptedHandle :: Cipher -> IO L.ByteString -> (Handle -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
withDecryptedHandle = gpgCipherHandle [Param "--decrypt"]
{- Streams encrypted content to an action. -}
withEncryptedContent :: Cipher -> IO L.ByteString -> (L.ByteString -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
withEncryptedContent = pass withEncryptedHandle
2011-04-15 22:18:39 +00:00
{- Streams decrypted content to an action. -}
withDecryptedContent :: Cipher -> IO L.ByteString -> (L.ByteString -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
withDecryptedContent = pass withDecryptedHandle
2011-04-15 22:18:39 +00:00
pass :: (Cipher -> IO L.ByteString -> (Handle -> IO a) -> IO a)
-> Cipher -> IO L.ByteString -> (L.ByteString -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
pass to c i a = to c i $ \h -> a =<< L.hGetContents h
2011-04-15 22:18:39 +00:00
gpgParams :: [CommandParam] -> IO [String]
gpgParams params = do
-- Enable batch mode if GPG_AGENT_INFO is set, to avoid extraneous
-- gpg output about password prompts.
e <- catch (getEnv "GPG_AGENT_INFO") (const $ return "")
let batch = if null e then [] else ["--batch"]
return $ batch ++ defaults ++ toCommand params
where
-- be quiet, even about checking the trustdb
defaults = ["--quiet", "--trust-model", "always"]
2011-04-15 22:18:39 +00:00
gpgRead :: [CommandParam] -> IO String
gpgRead params = do
params' <- gpgParams params
pOpen ReadFromPipe "gpg" params' hGetContentsStrict
gpgPipeStrict :: [CommandParam] -> String -> IO String
gpgPipeStrict params input = do
params' <- gpgParams params
(pid, fromh, toh) <- hPipeBoth "gpg" params'
_ <- forkIO $ finally (hPutStr toh input) (hClose toh)
output <- hGetContentsStrict fromh
forceSuccess pid
return output
{- Runs gpg with a cipher and some parameters, feeding it an input,
- and passing a handle to its output to an action.
-
- Note that to avoid deadlock with the cleanup stage,
- the action must fully consume gpg's input before returning. -}
gpgCipherHandle :: [CommandParam] -> Cipher -> IO L.ByteString -> (Handle -> IO a) -> IO a
gpgCipherHandle params c a b = do
-- pipe the passphrase into gpg on a fd
(frompipe, topipe) <- createPipe
_ <- forkIO $ do
toh <- fdToHandle topipe
hPutStrLn toh $ cipherPassphrase c
hClose toh
let Fd passphrasefd = frompipe
let passphrase = [Param "--passphrase-fd", Param $ show passphrasefd]
params' <- gpgParams $ passphrase ++ params
(pid, fromh, toh) <- hPipeBoth "gpg" params'
_ <- forkProcess $ do
L.hPut toh =<< a
hClose toh
exitSuccess
hClose toh
ret <- b fromh
-- cleanup
forceSuccess pid
closeFd frompipe
return ret
configKeyIds :: RemoteConfig -> IO KeyIds
configKeyIds c = do
let k = configGet c "encryption"
s <- gpgRead [Params "--with-colons --list-public-keys", Param k]
return $ KeyIds $ parseWithColons s
where
parseWithColons s = map keyIdField $ filter pubKey $ lines s
pubKey = isPrefixOf "pub:"
keyIdField s = split ":" s !! 4
configGet :: RemoteConfig -> String -> String
configGet c key = fromMaybe missing $ M.lookup key c
2011-05-15 06:49:43 +00:00
where missing = error $ "missing " ++ key ++ " in remote config"
2011-04-21 20:56:24 +00:00
hmacWithCipher :: Cipher -> String -> String
hmacWithCipher c = hmacWithCipher' (cipherHmac c)
hmacWithCipher' :: String -> String -> String
hmacWithCipher' c s = showDigest $ hmacSha1 (fromString c) (fromString s)
2011-04-21 20:56:24 +00:00
{- Ensure that hmacWithCipher' returns the same thing forevermore. -}
prop_hmacWithCipher_sane :: Bool
prop_hmacWithCipher_sane = known_good == hmacWithCipher' "foo" "bar"
where
known_good = "46b4ec586117154dacd49d664e5d63fdc88efb51"