git-annex/Crypto.hs

252 lines
8.1 KiB
Haskell
Raw Normal View History

2011-04-15 22:18:39 +00:00
{- git-annex crypto
-
- Currently using gpg; could later be modified to support different
- crypto backends if neccessary.
2011-04-15 22:18:39 +00:00
-
- Copyright 2011 Joey Hess <joey@kitenet.net>
-
- Licensed under the GNU GPL version 3 or higher.
-}
module Crypto (
Cipher,
EncryptedCipher,
2011-04-15 22:18:39 +00:00
genCipher,
updateCipher,
2011-04-17 22:18:27 +00:00
describeCipher,
2011-04-15 22:18:39 +00:00
storeCipher,
extractCipher,
decryptCipher,
encryptKey,
2011-04-17 17:11:38 +00:00
withEncryptedHandle,
withDecryptedHandle,
withEncryptedContent,
withDecryptedContent,
2011-04-21 20:56:24 +00:00
prop_hmacWithCipher_sane
2011-04-15 22:18:39 +00:00
) where
import qualified Data.ByteString.Lazy.Char8 as L
import qualified Data.Map as M
import Data.ByteString.Lazy.UTF8 (fromString)
import Data.Digest.Pure.SHA
import System.Posix.Types
import Control.Applicative
import Control.Concurrent
import Control.Exception (finally)
import System.Exit
import System.Environment
2011-04-15 22:18:39 +00:00
2011-10-05 20:02:51 +00:00
import Common.Annex
import Types.Key
import Types.Remote
2011-07-06 00:24:10 +00:00
import Utility.Base64
import Types.Crypto
2011-04-15 22:18:39 +00:00
{- The first half of a Cipher is used for HMAC; the remainder
- is used as the GPG symmetric encryption passphrase.
-
2011-04-17 15:13:54 +00:00
- HMAC SHA1 needs only 64 bytes. The remainder is for expansion,
- perhaps to HMAC SHA512, which needs 128 bytes (ideally).
-
- 256 is enough for gpg's symetric cipher; unlike weaker public key
- crypto, the key does not need to be too large.
-}
cipherHalf :: Int
cipherHalf = 256
cipherSize :: Int
cipherSize = cipherHalf * 2
cipherPassphrase :: Cipher -> String
cipherPassphrase (Cipher c) = drop cipherHalf c
cipherHmac :: Cipher -> String
cipherHmac (Cipher c) = take cipherHalf c
2011-04-15 22:18:39 +00:00
{- Creates a new Cipher, encrypted as specified in the remote's configuration -}
genCipher :: RemoteConfig -> IO EncryptedCipher
genCipher c = do
ks <- configKeyIds c
2011-04-15 22:18:39 +00:00
random <- genrandom
encryptCipher (Cipher random) ks
2011-04-15 22:18:39 +00:00
where
genrandom = gpgRead
-- Armor the random data, to avoid newlines,
-- since gpg only reads ciphers up to the first
-- newline.
[ Params "--gen-random --armor"
2011-04-15 22:18:39 +00:00
, Param $ show randomquality
, Param $ show cipherSize
2011-04-15 22:18:39 +00:00
]
-- 1 is /dev/urandom; 2 is /dev/random
randomquality = 1 :: Int
2011-04-15 22:18:39 +00:00
{- Updates an existing Cipher, re-encrypting it to add KeyIds specified in
- the remote's configuration. -}
2011-04-15 22:18:39 +00:00
updateCipher :: RemoteConfig -> EncryptedCipher -> IO EncryptedCipher
updateCipher c encipher@(EncryptedCipher _ ks) = do
ks' <- configKeyIds c
cipher <- decryptCipher c encipher
encryptCipher cipher (merge ks ks')
where
merge (KeyIds a) (KeyIds b) = KeyIds $ a ++ b
2011-04-15 22:18:39 +00:00
2011-04-17 22:18:27 +00:00
describeCipher :: EncryptedCipher -> String
describeCipher (EncryptedCipher _ (KeyIds ks)) =
"with gpg " ++ keys ks ++ " " ++ unwords ks
where
keys [_] = "key"
keys _ = "keys"
2011-04-15 22:18:39 +00:00
{- Stores an EncryptedCipher in a remote's configuration. -}
storeCipher :: RemoteConfig -> EncryptedCipher -> RemoteConfig
storeCipher c (EncryptedCipher t ks) =
M.insert "cipher" (toB64 t) $ M.insert "cipherkeys" (showkeys ks) c
where
showkeys (KeyIds l) = join "," l
2011-04-15 22:18:39 +00:00
{- Extracts an EncryptedCipher from a remote's configuration. -}
extractCipher :: RemoteConfig -> Maybe EncryptedCipher
extractCipher c =
case (M.lookup "cipher" c, M.lookup "cipherkeys" c) of
(Just t, Just ks) -> Just $ EncryptedCipher (fromB64 t) (readkeys ks)
_ -> Nothing
where
readkeys = KeyIds . split ","
{- Encrypts a Cipher to the specified KeyIds. -}
encryptCipher :: Cipher -> KeyIds -> IO EncryptedCipher
encryptCipher (Cipher c) (KeyIds ks) = do
let ks' = nub $ sort ks -- gpg complains about duplicate recipient keyids
encipher <- gpgPipeStrict (encrypt++recipients ks') c
return $ EncryptedCipher encipher (KeyIds ks')
where
encrypt = [ Params "--encrypt" ]
recipients l = force_recipients :
concatMap (\k -> [Param "--recipient", Param k]) l
-- Force gpg to only encrypt to the specified
-- recipients, not configured defaults.
force_recipients = Params "--no-encrypt-to --no-default-recipient"
2011-04-15 22:18:39 +00:00
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
decryptCipher :: RemoteConfig -> EncryptedCipher -> IO Cipher
decryptCipher _ (EncryptedCipher encipher _) =
Cipher <$> gpgPipeStrict decrypt encipher
where
decrypt = [ Param "--decrypt" ]
2011-04-15 22:18:39 +00:00
{- Generates an encrypted form of a Key. The encryption does not need to be
2011-04-15 22:18:39 +00:00
- reversable, nor does it need to be the same type of encryption used
- on content. It does need to be repeatable. -}
2011-10-11 18:43:45 +00:00
encryptKey :: Cipher -> Key -> Key
encryptKey c k = Key
{ keyName = hmacWithCipher c (show k)
, keyBackendName = "GPGHMACSHA1"
, keySize = Nothing -- size and mtime omitted
, keyMtime = Nothing -- to avoid leaking data
}
2011-04-15 22:18:39 +00:00
2011-04-17 17:11:38 +00:00
{- Runs an action, passing it a handle from which it can
- stream encrypted content. -}
withEncryptedHandle :: Cipher -> IO L.ByteString -> (Handle -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
withEncryptedHandle = gpgCipherHandle [Params "--symmetric --force-mdc"]
{- Runs an action, passing it a handle from which it can
- stream decrypted content. -}
withDecryptedHandle :: Cipher -> IO L.ByteString -> (Handle -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
withDecryptedHandle = gpgCipherHandle [Param "--decrypt"]
{- Streams encrypted content to an action. -}
withEncryptedContent :: Cipher -> IO L.ByteString -> (L.ByteString -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
withEncryptedContent = pass withEncryptedHandle
2011-04-15 22:18:39 +00:00
{- Streams decrypted content to an action. -}
withDecryptedContent :: Cipher -> IO L.ByteString -> (L.ByteString -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
withDecryptedContent = pass withDecryptedHandle
2011-04-15 22:18:39 +00:00
pass :: (Cipher -> IO L.ByteString -> (Handle -> IO a) -> IO a)
-> Cipher -> IO L.ByteString -> (L.ByteString -> IO a) -> IO a
2011-04-17 17:11:38 +00:00
pass to c i a = to c i $ \h -> a =<< L.hGetContents h
2011-04-15 22:18:39 +00:00
gpgParams :: [CommandParam] -> IO [String]
gpgParams params = do
-- Enable batch mode if GPG_AGENT_INFO is set, to avoid extraneous
-- gpg output about password prompts.
e <- catchDefaultIO (getEnv "GPG_AGENT_INFO") ""
let batch = if null e then [] else ["--batch"]
return $ batch ++ defaults ++ toCommand params
where
-- be quiet, even about checking the trustdb
defaults = ["--quiet", "--trust-model", "always"]
2011-04-15 22:18:39 +00:00
gpgRead :: [CommandParam] -> IO String
gpgRead params = do
params' <- gpgParams params
pOpen ReadFromPipe "gpg" params' hGetContentsStrict
gpgPipeStrict :: [CommandParam] -> String -> IO String
gpgPipeStrict params input = do
params' <- gpgParams params
(pid, fromh, toh) <- hPipeBoth "gpg" params'
_ <- forkIO $ finally (hPutStr toh input) (hClose toh)
output <- hGetContentsStrict fromh
forceSuccess pid
return output
{- Runs gpg with a cipher and some parameters, feeding it an input,
- and passing a handle to its output to an action.
-
- Note that to avoid deadlock with the cleanup stage,
- the action must fully consume gpg's input before returning. -}
gpgCipherHandle :: [CommandParam] -> Cipher -> IO L.ByteString -> (Handle -> IO a) -> IO a
gpgCipherHandle params c a b = do
-- pipe the passphrase into gpg on a fd
(frompipe, topipe) <- createPipe
_ <- forkIO $ do
toh <- fdToHandle topipe
hPutStrLn toh $ cipherPassphrase c
hClose toh
let Fd passphrasefd = frompipe
let passphrase = [Param "--passphrase-fd", Param $ show passphrasefd]
params' <- gpgParams $ passphrase ++ params
(pid, fromh, toh) <- hPipeBoth "gpg" params'
pid2 <- forkProcess $ do
L.hPut toh =<< a
hClose toh
exitSuccess
hClose toh
ret <- b fromh
-- cleanup
forceSuccess pid
_ <- getProcessStatus True False pid2
closeFd frompipe
return ret
configKeyIds :: RemoteConfig -> IO KeyIds
2011-10-11 18:43:45 +00:00
configKeyIds c = parse <$> gpgRead params
where
2011-10-11 18:43:45 +00:00
params = [Params "--with-colons --list-public-keys",
Param $ configGet c "encryption"]
parse = KeyIds . map keyIdField . filter pubKey . lines
pubKey = isPrefixOf "pub:"
keyIdField s = split ":" s !! 4
configGet :: RemoteConfig -> String -> String
configGet c key = fromMaybe missing $ M.lookup key c
2011-10-11 18:43:45 +00:00
where
missing = error $ "missing " ++ key ++ " in remote config"
2011-04-21 20:56:24 +00:00
hmacWithCipher :: Cipher -> String -> String
hmacWithCipher c = hmacWithCipher' (cipherHmac c)
hmacWithCipher' :: String -> String -> String
hmacWithCipher' c s = showDigest $ hmacSha1 (fromString c) (fromString s)
2011-04-21 20:56:24 +00:00
{- Ensure that hmacWithCipher' returns the same thing forevermore. -}
prop_hmacWithCipher_sane :: Bool
prop_hmacWithCipher_sane = known_good == hmacWithCipher' "foo" "bar"
where
known_good = "46b4ec586117154dacd49d664e5d63fdc88efb51"