2011-04-15 22:18:39 +00:00
|
|
|
{- git-annex crypto
|
2011-04-16 17:25:27 +00:00
|
|
|
-
|
|
|
|
- Currently using gpg; could later be modified to support different
|
|
|
|
- crypto backends if neccessary.
|
2011-04-15 22:18:39 +00:00
|
|
|
-
|
2012-04-29 18:02:18 +00:00
|
|
|
- Copyright 2011-2012 Joey Hess <joey@kitenet.net>
|
2011-04-15 22:18:39 +00:00
|
|
|
-
|
|
|
|
- Licensed under the GNU GPL version 3 or higher.
|
|
|
|
-}
|
|
|
|
|
|
|
|
module Crypto (
|
2011-04-16 22:22:52 +00:00
|
|
|
Cipher,
|
2012-04-29 18:31:34 +00:00
|
|
|
KeyIds(..),
|
2012-04-29 18:02:18 +00:00
|
|
|
StorableCipher(..),
|
|
|
|
genEncryptedCipher,
|
|
|
|
genSharedCipher,
|
|
|
|
updateEncryptedCipher,
|
2011-04-17 22:18:27 +00:00
|
|
|
describeCipher,
|
2011-04-15 22:18:39 +00:00
|
|
|
decryptCipher,
|
|
|
|
encryptKey,
|
2012-11-18 19:27:44 +00:00
|
|
|
feedFile,
|
|
|
|
feedBytes,
|
|
|
|
readBytes,
|
|
|
|
encrypt,
|
|
|
|
decrypt,
|
2011-04-21 20:56:24 +00:00
|
|
|
|
|
|
|
prop_hmacWithCipher_sane
|
2011-04-15 22:18:39 +00:00
|
|
|
) where
|
|
|
|
|
2012-06-20 17:13:40 +00:00
|
|
|
import qualified Data.ByteString.Lazy as L
|
2011-04-26 15:24:23 +00:00
|
|
|
import Data.ByteString.Lazy.UTF8 (fromString)
|
|
|
|
import Data.Digest.Pure.SHA
|
2011-08-25 04:28:55 +00:00
|
|
|
import Control.Applicative
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-10-05 20:02:51 +00:00
|
|
|
import Common.Annex
|
2011-12-21 01:47:56 +00:00
|
|
|
import qualified Utility.Gpg as Gpg
|
2011-06-02 01:56:04 +00:00
|
|
|
import Types.Key
|
|
|
|
import Types.Crypto
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-04-17 05:34:28 +00:00
|
|
|
{- The first half of a Cipher is used for HMAC; the remainder
|
|
|
|
- is used as the GPG symmetric encryption passphrase.
|
|
|
|
-
|
2011-04-17 15:13:54 +00:00
|
|
|
- HMAC SHA1 needs only 64 bytes. The remainder is for expansion,
|
|
|
|
- perhaps to HMAC SHA512, which needs 128 bytes (ideally).
|
|
|
|
-
|
2011-04-17 05:34:28 +00:00
|
|
|
- 256 is enough for gpg's symetric cipher; unlike weaker public key
|
|
|
|
- crypto, the key does not need to be too large.
|
|
|
|
-}
|
|
|
|
cipherHalf :: Int
|
|
|
|
cipherHalf = 256
|
|
|
|
|
|
|
|
cipherSize :: Int
|
|
|
|
cipherSize = cipherHalf * 2
|
|
|
|
|
|
|
|
cipherPassphrase :: Cipher -> String
|
|
|
|
cipherPassphrase (Cipher c) = drop cipherHalf c
|
|
|
|
|
|
|
|
cipherHmac :: Cipher -> String
|
|
|
|
cipherHmac (Cipher c) = take cipherHalf c
|
|
|
|
|
2012-04-29 18:02:18 +00:00
|
|
|
{- Creates a new Cipher, encrypted to the specificed key id. -}
|
|
|
|
genEncryptedCipher :: String -> IO StorableCipher
|
|
|
|
genEncryptedCipher keyid = do
|
|
|
|
ks <- Gpg.findPubKeys keyid
|
|
|
|
random <- Gpg.genRandom cipherSize
|
2011-04-16 17:25:27 +00:00
|
|
|
encryptCipher (Cipher random) ks
|
2012-04-29 18:02:18 +00:00
|
|
|
|
|
|
|
{- Creates a new, shared Cipher. -}
|
|
|
|
genSharedCipher :: IO StorableCipher
|
|
|
|
genSharedCipher = SharedCipher <$> Gpg.genRandom cipherSize
|
|
|
|
|
|
|
|
{- Updates an existing Cipher, re-encrypting it to add a keyid. -}
|
|
|
|
updateEncryptedCipher :: String -> StorableCipher -> IO StorableCipher
|
|
|
|
updateEncryptedCipher _ (SharedCipher _) = undefined
|
|
|
|
updateEncryptedCipher keyid encipher@(EncryptedCipher _ ks) = do
|
|
|
|
ks' <- Gpg.findPubKeys keyid
|
|
|
|
cipher <- decryptCipher encipher
|
2011-10-04 02:24:57 +00:00
|
|
|
encryptCipher cipher (merge ks ks')
|
2012-10-29 01:27:15 +00:00
|
|
|
where
|
|
|
|
merge (KeyIds a) (KeyIds b) = KeyIds $ a ++ b
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2012-04-29 18:02:18 +00:00
|
|
|
describeCipher :: StorableCipher -> String
|
|
|
|
describeCipher (SharedCipher _) = "shared cipher"
|
2011-04-17 22:18:27 +00:00
|
|
|
describeCipher (EncryptedCipher _ (KeyIds ks)) =
|
|
|
|
"with gpg " ++ keys ks ++ " " ++ unwords ks
|
2012-10-29 01:27:15 +00:00
|
|
|
where
|
|
|
|
keys [_] = "key"
|
|
|
|
keys _ = "keys"
|
2011-04-17 22:18:27 +00:00
|
|
|
|
2011-04-16 17:25:27 +00:00
|
|
|
{- Encrypts a Cipher to the specified KeyIds. -}
|
2012-04-29 18:02:18 +00:00
|
|
|
encryptCipher :: Cipher -> KeyIds -> IO StorableCipher
|
2011-04-16 17:25:27 +00:00
|
|
|
encryptCipher (Cipher c) (KeyIds ks) = do
|
|
|
|
let ks' = nub $ sort ks -- gpg complains about duplicate recipient keyids
|
2012-11-18 19:27:44 +00:00
|
|
|
encipher <- Gpg.pipeStrict ([ Params "--encrypt" ] ++ recipients ks') c
|
2011-04-16 17:25:27 +00:00
|
|
|
return $ EncryptedCipher encipher (KeyIds ks')
|
2012-10-29 01:27:15 +00:00
|
|
|
where
|
|
|
|
recipients l = force_recipients :
|
|
|
|
concatMap (\k -> [Param "--recipient", Param k]) l
|
|
|
|
-- Force gpg to only encrypt to the specified
|
|
|
|
-- recipients, not configured defaults.
|
|
|
|
force_recipients = Params "--no-encrypt-to --no-default-recipient"
|
2011-04-15 22:18:39 +00:00
|
|
|
|
|
|
|
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
|
2012-04-29 18:02:18 +00:00
|
|
|
decryptCipher :: StorableCipher -> IO Cipher
|
|
|
|
decryptCipher (SharedCipher t) = return $ Cipher t
|
2012-11-18 19:27:44 +00:00
|
|
|
decryptCipher (EncryptedCipher t _) = Cipher <$> Gpg.pipeStrict [ Param "--decrypt" ] t
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-04-16 20:26:47 +00:00
|
|
|
{- Generates an encrypted form of a Key. The encryption does not need to be
|
2011-04-15 22:18:39 +00:00
|
|
|
- reversable, nor does it need to be the same type of encryption used
|
2011-04-16 20:26:47 +00:00
|
|
|
- on content. It does need to be repeatable. -}
|
2011-10-11 18:43:45 +00:00
|
|
|
encryptKey :: Cipher -> Key -> Key
|
|
|
|
encryptKey c k = Key
|
2012-08-08 20:06:01 +00:00
|
|
|
{ keyName = hmacWithCipher c (key2file k)
|
2011-10-11 18:43:45 +00:00
|
|
|
, keyBackendName = "GPGHMACSHA1"
|
|
|
|
, keySize = Nothing -- size and mtime omitted
|
|
|
|
, keyMtime = Nothing -- to avoid leaking data
|
2011-04-16 20:26:47 +00:00
|
|
|
}
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2012-11-18 19:27:44 +00:00
|
|
|
type Feeder = Handle -> IO ()
|
|
|
|
type Reader a = Handle -> IO a
|
|
|
|
|
|
|
|
feedFile :: FilePath -> Feeder
|
|
|
|
feedFile f h = L.hPut h =<< L.readFile f
|
|
|
|
|
|
|
|
feedBytes :: L.ByteString -> Feeder
|
|
|
|
feedBytes = flip L.hPut
|
|
|
|
|
|
|
|
readBytes :: (L.ByteString -> IO a) -> Reader a
|
|
|
|
readBytes a h = L.hGetContents h >>= a
|
|
|
|
|
|
|
|
{- Runs a Feeder action, that generates content that is encrypted with the
|
|
|
|
- Cipher, and read by the Reader action. -}
|
|
|
|
encrypt :: Cipher -> Feeder -> Reader a -> IO a
|
|
|
|
encrypt = Gpg.feedRead [Params "--symmetric --force-mdc"] . cipherPassphrase
|
|
|
|
|
|
|
|
{- Runs a Feeder action, that generates content that is decrypted with the
|
|
|
|
- Cipher, and read by the Reader action. -}
|
|
|
|
decrypt :: Cipher -> Feeder -> Reader a -> IO a
|
|
|
|
decrypt = Gpg.feedRead [Param "--decrypt"] . cipherPassphrase
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-04-21 20:56:24 +00:00
|
|
|
hmacWithCipher :: Cipher -> String -> String
|
|
|
|
hmacWithCipher c = hmacWithCipher' (cipherHmac c)
|
|
|
|
hmacWithCipher' :: String -> String -> String
|
2011-04-26 15:24:23 +00:00
|
|
|
hmacWithCipher' c s = showDigest $ hmacSha1 (fromString c) (fromString s)
|
2011-04-21 20:56:24 +00:00
|
|
|
|
|
|
|
{- Ensure that hmacWithCipher' returns the same thing forevermore. -}
|
|
|
|
prop_hmacWithCipher_sane :: Bool
|
|
|
|
prop_hmacWithCipher_sane = known_good == hmacWithCipher' "foo" "bar"
|
2012-10-29 01:27:15 +00:00
|
|
|
where
|
|
|
|
known_good = "46b4ec586117154dacd49d664e5d63fdc88efb51"
|