2011-04-15 22:18:39 +00:00
|
|
|
{- git-annex crypto
|
2011-04-16 17:25:27 +00:00
|
|
|
-
|
|
|
|
|
- Currently using gpg; could later be modified to support different
|
|
|
|
|
- crypto backends if neccessary.
|
2011-04-15 22:18:39 +00:00
|
|
|
-
|
|
|
|
|
- Copyright 2011 Joey Hess <joey@kitenet.net>
|
|
|
|
|
-
|
|
|
|
|
- Licensed under the GNU GPL version 3 or higher.
|
|
|
|
|
-}
|
|
|
|
|
|
|
|
|
|
module Crypto (
|
|
|
|
|
genCipher,
|
|
|
|
|
updateCipher,
|
|
|
|
|
storeCipher,
|
|
|
|
|
extractCipher,
|
|
|
|
|
decryptCipher,
|
|
|
|
|
encryptKey,
|
2011-04-16 20:26:47 +00:00
|
|
|
withEncryptedContent,
|
|
|
|
|
withDecryptedContent,
|
2011-04-15 22:18:39 +00:00
|
|
|
) where
|
|
|
|
|
|
|
|
|
|
import qualified Data.ByteString.Lazy.Char8 as L
|
|
|
|
|
import qualified Data.Map as M
|
2011-04-16 17:25:27 +00:00
|
|
|
import qualified Codec.Binary.Base64 as B64
|
2011-04-15 22:18:39 +00:00
|
|
|
import System.Cmd.Utils
|
2011-04-16 17:25:27 +00:00
|
|
|
import Data.String.Utils
|
|
|
|
|
import Data.List
|
|
|
|
|
import Data.Bits.Utils
|
2011-04-16 20:26:47 +00:00
|
|
|
import System.IO
|
|
|
|
|
import System.Posix.IO
|
|
|
|
|
import System.Posix.Types
|
|
|
|
|
import Control.Concurrent
|
|
|
|
|
import Control.Exception
|
2011-04-15 22:18:39 +00:00
|
|
|
|
|
|
|
|
import Types
|
2011-04-16 20:26:47 +00:00
|
|
|
import Key
|
2011-04-15 22:18:39 +00:00
|
|
|
import RemoteClass
|
|
|
|
|
import Utility
|
|
|
|
|
|
|
|
|
|
data Cipher = Cipher String -- XXX ideally, this would be a locked memory region
|
2011-04-16 17:25:27 +00:00
|
|
|
|
|
|
|
|
data EncryptedCipher = EncryptedCipher String KeyIds
|
|
|
|
|
|
|
|
|
|
data KeyIds = KeyIds [String]
|
|
|
|
|
|
|
|
|
|
instance Show KeyIds where
|
|
|
|
|
show (KeyIds ks) = join "," ks
|
|
|
|
|
|
|
|
|
|
instance Read KeyIds where
|
|
|
|
|
readsPrec _ s = [(KeyIds (split "," s), "")]
|
2011-04-15 22:18:39 +00:00
|
|
|
|
|
|
|
|
{- Creates a new Cipher, encrypted as specified in the remote's configuration -}
|
|
|
|
|
genCipher :: RemoteConfig -> IO EncryptedCipher
|
2011-04-16 17:25:27 +00:00
|
|
|
genCipher c = do
|
|
|
|
|
ks <- configKeyIds c
|
2011-04-15 22:18:39 +00:00
|
|
|
random <- genrandom
|
2011-04-16 17:25:27 +00:00
|
|
|
encryptCipher (Cipher random) ks
|
2011-04-15 22:18:39 +00:00
|
|
|
where
|
2011-04-16 20:26:47 +00:00
|
|
|
genrandom = gpgRead
|
|
|
|
|
-- Armor the random data, to avoid newlines,
|
|
|
|
|
-- since gpg only reads ciphers up to the first
|
|
|
|
|
-- newline.
|
|
|
|
|
[ Params "--gen-random --armor"
|
2011-04-15 22:18:39 +00:00
|
|
|
, Param $ show randomquality
|
|
|
|
|
, Param $ show ciphersize
|
|
|
|
|
]
|
2011-04-16 17:25:27 +00:00
|
|
|
randomquality = 1 :: Int -- 1 is /dev/urandom; 2 is /dev/random
|
2011-04-16 20:26:47 +00:00
|
|
|
ciphersize = 256 :: Int
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-04-16 17:25:27 +00:00
|
|
|
{- Updates an existing Cipher, re-encrypting it to add KeyIds specified in
|
|
|
|
|
- the remote's configuration. -}
|
2011-04-15 22:18:39 +00:00
|
|
|
updateCipher :: RemoteConfig -> EncryptedCipher -> IO EncryptedCipher
|
2011-04-16 17:25:27 +00:00
|
|
|
updateCipher c encipher@(EncryptedCipher _ ks) = do
|
|
|
|
|
ks' <- configKeyIds c
|
|
|
|
|
cipher <- decryptCipher c encipher
|
|
|
|
|
encryptCipher cipher (combine ks ks')
|
|
|
|
|
where
|
|
|
|
|
combine (KeyIds a) (KeyIds b) = KeyIds $ a ++ b
|
2011-04-15 22:18:39 +00:00
|
|
|
|
|
|
|
|
{- Stores an EncryptedCipher in a remote's configuration. -}
|
|
|
|
|
storeCipher :: RemoteConfig -> EncryptedCipher -> RemoteConfig
|
2011-04-16 17:25:27 +00:00
|
|
|
storeCipher c (EncryptedCipher t ks) =
|
|
|
|
|
M.insert "cipher" (toB64 t) $ M.insert "cipherkeys" (show ks) c
|
2011-04-15 22:18:39 +00:00
|
|
|
|
|
|
|
|
{- Extracts an EncryptedCipher from a remote's configuration. -}
|
2011-04-16 17:25:27 +00:00
|
|
|
extractCipher :: RemoteConfig -> Maybe EncryptedCipher
|
|
|
|
|
extractCipher c =
|
|
|
|
|
case (M.lookup "cipher" c, M.lookup "cipherkeys" c) of
|
|
|
|
|
(Just t, Just ks) -> Just $ EncryptedCipher (fromB64 t) (read ks)
|
|
|
|
|
_ -> Nothing
|
|
|
|
|
|
|
|
|
|
{- Encrypts a Cipher to the specified KeyIds. -}
|
|
|
|
|
encryptCipher :: Cipher -> KeyIds -> IO EncryptedCipher
|
|
|
|
|
encryptCipher (Cipher c) (KeyIds ks) = do
|
|
|
|
|
let ks' = nub $ sort ks -- gpg complains about duplicate recipient keyids
|
2011-04-16 20:26:47 +00:00
|
|
|
encipher <- gpgPipeStrict (encrypt++recipients ks') c
|
2011-04-16 17:25:27 +00:00
|
|
|
return $ EncryptedCipher encipher (KeyIds ks')
|
|
|
|
|
where
|
|
|
|
|
encrypt = [ Params "--encrypt" ]
|
|
|
|
|
recipients l =
|
|
|
|
|
-- Force gpg to only encrypt to the specified
|
|
|
|
|
-- recipients, not configured defaults.
|
|
|
|
|
[ Params "--no-encrypt-to --no-default-recipient"] ++
|
|
|
|
|
(concat $ map (\k -> [Param "--recipient", Param k]) l)
|
2011-04-15 22:18:39 +00:00
|
|
|
|
|
|
|
|
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
|
|
|
|
|
decryptCipher :: RemoteConfig -> EncryptedCipher -> IO Cipher
|
2011-04-16 17:25:27 +00:00
|
|
|
decryptCipher _ (EncryptedCipher encipher _) =
|
2011-04-16 20:26:47 +00:00
|
|
|
return . Cipher =<< gpgPipeStrict decrypt encipher
|
2011-04-16 17:25:27 +00:00
|
|
|
where
|
2011-04-16 20:26:47 +00:00
|
|
|
decrypt = [ Param "--decrypt" ]
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-04-16 20:26:47 +00:00
|
|
|
{- Generates an encrypted form of a Key. The encryption does not need to be
|
2011-04-15 22:18:39 +00:00
|
|
|
- reversable, nor does it need to be the same type of encryption used
|
2011-04-16 20:26:47 +00:00
|
|
|
- on content. It does need to be repeatable. -}
|
2011-04-15 22:18:39 +00:00
|
|
|
encryptKey :: Cipher -> Key -> IO Key
|
2011-04-16 20:26:47 +00:00
|
|
|
encryptKey c k =
|
|
|
|
|
return Key {
|
|
|
|
|
-- FIXME: should use HMAC with the cipher; I don't
|
|
|
|
|
-- have Data.Crypto in Debian yet though.
|
|
|
|
|
keyName = show k,
|
|
|
|
|
keyBackendName = "INSECURE",
|
|
|
|
|
keySize = Nothing, -- size and mtime omitted
|
|
|
|
|
keyMtime = Nothing -- to avoid leaking data
|
|
|
|
|
}
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-04-16 20:26:47 +00:00
|
|
|
{- Streams encrypted content to an action. -}
|
|
|
|
|
withEncryptedContent :: Cipher -> L.ByteString -> (L.ByteString -> IO a) -> IO a
|
|
|
|
|
withEncryptedContent = gpgCipher [Params "--symmetric --force-mdc"]
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-04-16 20:26:47 +00:00
|
|
|
{- Streams decrypted content to an action. -}
|
|
|
|
|
withDecryptedContent :: Cipher -> L.ByteString -> (L.ByteString -> IO a) -> IO a
|
|
|
|
|
withDecryptedContent = gpgCipher [Param "--decrypt"]
|
2011-04-15 22:18:39 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
gpgParams :: [CommandParam] -> [String]
|
2011-04-16 17:25:27 +00:00
|
|
|
gpgParams params =
|
2011-04-16 20:26:47 +00:00
|
|
|
-- avoid prompting, and be quiet, even about checking the trustdb
|
2011-04-16 17:25:27 +00:00
|
|
|
["--batch", "--quiet", "--trust-model", "always"] ++
|
|
|
|
|
toCommand params
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-04-16 20:26:47 +00:00
|
|
|
gpgRead :: [CommandParam] -> IO String
|
|
|
|
|
gpgRead params = pOpen ReadFromPipe "gpg" (gpgParams params) hGetContentsStrict
|
|
|
|
|
|
|
|
|
|
gpgPipeStrict :: [CommandParam] -> String -> IO String
|
|
|
|
|
gpgPipeStrict params input = do
|
|
|
|
|
(_, output) <- pipeBoth "gpg" (gpgParams params) input
|
|
|
|
|
return output
|
|
|
|
|
|
|
|
|
|
gpgPipeBytes :: [CommandParam] -> L.ByteString -> IO (PipeHandle, L.ByteString)
|
|
|
|
|
gpgPipeBytes params input = do
|
|
|
|
|
(pid, fromh, toh) <- hPipeBoth "gpg" (gpgParams params)
|
|
|
|
|
_ <- forkIO $ finally (L.hPut toh input) (hClose toh)
|
|
|
|
|
output <- L.hGetContents fromh
|
|
|
|
|
return (pid, output)
|
|
|
|
|
|
|
|
|
|
{- Runs gpg with a cipher and some parameters, feeding it an input,
|
|
|
|
|
- and piping its output lazily to an action. -}
|
|
|
|
|
gpgCipher :: [CommandParam] -> Cipher -> L.ByteString -> (L.ByteString -> IO a) -> IO a
|
|
|
|
|
gpgCipher params (Cipher c) input a = do
|
|
|
|
|
-- pipe the passphrase into gpg on a fd
|
|
|
|
|
(frompipe, topipe) <- createPipe
|
|
|
|
|
toh <- fdToHandle topipe
|
|
|
|
|
let Fd fromno = frompipe
|
|
|
|
|
_ <- forkIO $ do
|
|
|
|
|
hPutStrLn toh c
|
|
|
|
|
hClose toh
|
|
|
|
|
let passphrase = [Param "--passphrase-fd", Param $ show fromno]
|
|
|
|
|
(pid, output) <- gpgPipeBytes (passphrase ++ params) input
|
|
|
|
|
|
|
|
|
|
ret <- a output
|
|
|
|
|
|
|
|
|
|
-- cleanup
|
|
|
|
|
forceSuccess pid
|
|
|
|
|
closeFd frompipe
|
|
|
|
|
|
|
|
|
|
return ret
|
2011-04-16 17:25:27 +00:00
|
|
|
|
|
|
|
|
configKeyIds :: RemoteConfig -> IO KeyIds
|
|
|
|
|
configKeyIds c = do
|
|
|
|
|
let k = configGet c "encryption"
|
2011-04-16 20:26:47 +00:00
|
|
|
s <- gpgRead [Params "--with-colons --list-public-keys", Param k]
|
2011-04-16 17:25:27 +00:00
|
|
|
return $ KeyIds $ parseWithColons s
|
|
|
|
|
where
|
|
|
|
|
parseWithColons s = map keyIdField $ filter pubKey $ lines s
|
|
|
|
|
pubKey = isPrefixOf "pub:"
|
|
|
|
|
keyIdField s = (split ":" s) !! 4
|
|
|
|
|
|
|
|
|
|
configGet :: RemoteConfig -> String -> String
|
|
|
|
|
configGet c key =
|
|
|
|
|
case M.lookup key c of
|
|
|
|
|
Just v -> v
|
|
|
|
|
Nothing -> error $ "missing " ++ key ++ " in remote config"
|
2011-04-16 20:26:47 +00:00
|
|
|
|
|
|
|
|
toB64 :: String -> String
|
|
|
|
|
toB64 = B64.encode . s2w8
|
|
|
|
|
|
|
|
|
|
fromB64 :: String -> String
|
|
|
|
|
fromB64 s =
|
|
|
|
|
case B64.decode s of
|
|
|
|
|
Nothing -> error "bad base64 encoded data"
|
|
|
|
|
Just ws -> w82s ws
|
