mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
git-annex/Crypto.hs

254 lines
8.1 KiB
Haskell
Raw Normal View History

add
2011-04-15 22:18:39 +00:00
{- git-annex crypto
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
-
- Currently using gpg; could later be modified to support different
- crypto backends if neccessary.
add
2011-04-15 22:18:39 +00:00
-
- Copyright 2011 Joey Hess <joey@kitenet.net>
-
- Licensed under the GNU GPL version 3 or higher.
-}
module Crypto (
full encryption support for directory special remotes
2011-04-16 22:22:52 +00:00
Cipher,
EncryptedCipher,
add
2011-04-15 22:18:39 +00:00
genCipher,
updateCipher,
initremote: show gpg keys
2011-04-17 22:18:27 +00:00
describeCipher,
add
2011-04-15 22:18:39 +00:00
storeCipher,
extractCipher,
decryptCipher,
encryptKey,
cleanup
2011-04-17 17:11:38 +00:00
withEncryptedHandle,
withDecryptedHandle,
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
withEncryptedContent,
withDecryptedContent,
add test to ensure hmac remains stable
2011-04-21 20:56:24 +00:00
prop_hmacWithCipher_sane
add
2011-04-15 22:18:39 +00:00
) where
import qualified Data.ByteString.Lazy.Char8 as L
import qualified Data.Map as M
Revert "Use haskell Crypto library instead of haskell SHA library.a" This reverts commit 892593c5efacbc084d19af4b5d7164ededaea7ff. Conflicts: Crypto.hs debian/control
2011-04-26 15:24:23 +00:00
import Data.ByteString.Lazy.UTF8 (fromString)
import Data.Digest.Pure.SHA
import System.Cmd.Utils
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
import Data.String.Utils
import Data.List
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
import System.IO
import System.Posix.IO
import System.Posix.Types
fix stall while storing encrypted data in bup Forking a new process rather than relying on a thread to feed gpg. The feeder thread was stalling, probably when the main thread got to the point it was wait()ing on the gpg to exit.
2011-04-17 04:34:38 +00:00
import System.Posix.Process
Use haskell Crypto library instead of haskell SHA library.a Since hS3 needs Crypto anyway, this actually reduces dependencies.
2011-04-21 20:37:14 +00:00
import Control.Concurrent
import Control.Exception (finally)
Revert "Use haskell Crypto library instead of haskell SHA library.a" This reverts commit 892593c5efacbc084d19af4b5d7164ededaea7ff. Conflicts: Crypto.hs debian/control
2011-04-26 15:24:23 +00:00
import System.Exit
import System.Environment
add
2011-04-15 22:18:39 +00:00
import Types
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
import Key
add
2011-04-15 22:18:39 +00:00
import RemoteClass
import Utility
factor out base64 code
2011-05-01 18:27:40 +00:00
import Base64
add cipher field to AnnexState
2011-04-16 20:41:46 +00:00
import CryptoTypes
add
2011-04-15 22:18:39 +00:00
use different parts of cipher for hmac and gpg Per bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing It may be paranoid to worry about the cipher being recovered from hmac keys, but yes.. let's be paranoid.
2011-04-17 05:34:28 +00:00
{- The first half of a Cipher is used for HMAC; the remainder
- is used as the GPG symmetric encryption passphrase.
-
looked up HMAC block size details
2011-04-17 15:13:54 +00:00
- HMAC SHA1 needs only 64 bytes. The remainder is for expansion,
- perhaps to HMAC SHA512, which needs 128 bytes (ideally).
-
use different parts of cipher for hmac and gpg Per bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing It may be paranoid to worry about the cipher being recovered from hmac keys, but yes.. let's be paranoid.
2011-04-17 05:34:28 +00:00
- 256 is enough for gpg's symetric cipher; unlike weaker public key
- crypto, the key does not need to be too large.
-}
cipherHalf :: Int
cipherHalf = 256
cipherSize :: Int
cipherSize = cipherHalf * 2
cipherPassphrase :: Cipher -> String
cipherPassphrase (Cipher c) = drop cipherHalf c
cipherHmac :: Cipher -> String
cipherHmac (Cipher c) = take cipherHalf c
add
2011-04-15 22:18:39 +00:00
{- Creates a new Cipher, encrypted as specified in the remote's configuration -}
genCipher :: RemoteConfig -> IO EncryptedCipher
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
genCipher c = do
ks <- configKeyIds c
add
2011-04-15 22:18:39 +00:00
random <- genrandom
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
encryptCipher (Cipher random) ks
add
2011-04-15 22:18:39 +00:00
where
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
genrandom = gpgRead
-- Armor the random data, to avoid newlines,
-- since gpg only reads ciphers up to the first
-- newline.
[ Params "--gen-random --armor"
add
2011-04-15 22:18:39 +00:00
, Param $ show randomquality
use different parts of cipher for hmac and gpg Per bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing It may be paranoid to worry about the cipher being recovered from hmac keys, but yes.. let's be paranoid.
2011-04-17 05:34:28 +00:00
, Param $ show cipherSize
add
2011-04-15 22:18:39 +00:00
]
use different parts of cipher for hmac and gpg Per bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing It may be paranoid to worry about the cipher being recovered from hmac keys, but yes.. let's be paranoid.
2011-04-17 05:34:28 +00:00
-- 1 is /dev/urandom; 2 is /dev/random
randomquality = 1 :: Int
add
2011-04-15 22:18:39 +00:00
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
{- Updates an existing Cipher, re-encrypting it to add KeyIds specified in
- the remote's configuration. -}
add
2011-04-15 22:18:39 +00:00
updateCipher :: RemoteConfig -> EncryptedCipher -> IO EncryptedCipher
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
updateCipher c encipher@(EncryptedCipher _ ks) = do
ks' <- configKeyIds c
cipher <- decryptCipher c encipher
encryptCipher cipher (combine ks ks')
where
combine (KeyIds a) (KeyIds b) = KeyIds $ a ++ b
add
2011-04-15 22:18:39 +00:00
initremote: show gpg keys
2011-04-17 22:18:27 +00:00
describeCipher :: EncryptedCipher -> String
describeCipher (EncryptedCipher _ (KeyIds ks)) =
"with gpg " ++ keys ks ++ " " ++ unwords ks
where
keys [_] = "key"
keys _ = "keys"
add
2011-04-15 22:18:39 +00:00
{- Stores an EncryptedCipher in a remote's configuration. -}
storeCipher :: RemoteConfig -> EncryptedCipher -> RemoteConfig
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
storeCipher c (EncryptedCipher t ks) =
M.insert "cipher" (toB64 t) $ M.insert "cipherkeys" (show ks) c
add
2011-04-15 22:18:39 +00:00
{- Extracts an EncryptedCipher from a remote's configuration. -}
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
extractCipher :: RemoteConfig -> Maybe EncryptedCipher
extractCipher c =
case (M.lookup "cipher" c, M.lookup "cipherkeys" c) of
(Just t, Just ks) -> Just $ EncryptedCipher (fromB64 t) (read ks)
_ -> Nothing
{- Encrypts a Cipher to the specified KeyIds. -}
encryptCipher :: Cipher -> KeyIds -> IO EncryptedCipher
encryptCipher (Cipher c) (KeyIds ks) = do
let ks' = nub $ sort ks -- gpg complains about duplicate recipient keyids
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
encipher <- gpgPipeStrict (encrypt++recipients ks') c
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
return $ EncryptedCipher encipher (KeyIds ks')
where
encrypt = [ Params "--encrypt" ]
recipients l =
-- Force gpg to only encrypt to the specified
-- recipients, not configured defaults.
[ Params "--no-encrypt-to --no-default-recipient"] ++
(concat $ map (\k -> [Param "--recipient", Param k]) l)
add
2011-04-15 22:18:39 +00:00
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
decryptCipher :: RemoteConfig -> EncryptedCipher -> IO Cipher
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
decryptCipher _ (EncryptedCipher encipher _) =
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
return . Cipher =<< gpgPipeStrict decrypt encipher
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
where
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
decrypt = [ Param "--decrypt" ]
add
2011-04-15 22:18:39 +00:00
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
{- Generates an encrypted form of a Key. The encryption does not need to be
add
2011-04-15 22:18:39 +00:00
- reversable, nor does it need to be the same type of encryption used
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
- on content. It does need to be repeatable. -}
add
2011-04-15 22:18:39 +00:00
encryptKey :: Cipher -> Key -> IO Key
use different parts of cipher for hmac and gpg Per bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing It may be paranoid to worry about the cipher being recovered from hmac keys, but yes.. let's be paranoid.
2011-04-17 05:34:28 +00:00
encryptKey c k =
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
return Key {
add test to ensure hmac remains stable
2011-04-21 20:56:24 +00:00
keyName = hmacWithCipher c (show k),
proper encrypted keys For HMAC, using the Data.Digest.Pure.SHA library. I have been avoiding this library for checksumming generally, since it's (probably) not as fast as external utilities, but it's fine to use it for HMAC.
2011-04-17 03:02:09 +00:00
keyBackendName = "GPGHMACSHA1",
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
keySize = Nothing, -- size and mtime omitted
keyMtime = Nothing -- to avoid leaking data
}
add
2011-04-15 22:18:39 +00:00
cleanup
2011-04-17 17:11:38 +00:00
{- Runs an action, passing it a handle from which it can
fix stall while storing encrypted data in bup Forking a new process rather than relying on a thread to feed gpg. The feeder thread was stalling, probably when the main thread got to the point it was wait()ing on the gpg to exit.
2011-04-17 04:34:38 +00:00
- stream encrypted content. -}
bup: Avoid memory leak when transferring encrypted data. This was a most surprising leak. It occurred in the process that is forked off to feed data to gpg. That process was passed a lazy ByteString of input, and ghc seemed to not GC the ByteString as it was lazily read and consumed, so memory slowly leaked as the file was read and passed through gpg to bup. To fix it, I simply changed the feeder to take an IO action that returns the lazy bytestring, and fed the result directly to hPut. AFAICS, this should change nothing WRT buffering. But somehow it makes ghc's GC do the right thing. Probably I triggered some weakness in ghc's GC (version 6.12.1). (Note that S3 still has this leak, and others too. Fixing it will involve another dance with the type system.) Update: One theory I have is that this has something to do with the forking of the feeder process. Perhaps, when the ByteString is produced before the fork, ghc decides it need to hold a pointer to the start of it, for some reason -- maybe it doesn't realize that it is only used in the forked process.
2011-04-19 19:26:50 +00:00
withEncryptedHandle :: Cipher -> (IO L.ByteString) -> (Handle -> IO a) -> IO a
cleanup
2011-04-17 17:11:38 +00:00
withEncryptedHandle = gpgCipherHandle [Params "--symmetric --force-mdc"]
{- Runs an action, passing it a handle from which it can
- stream decrypted content. -}
bup: Avoid memory leak when transferring encrypted data. This was a most surprising leak. It occurred in the process that is forked off to feed data to gpg. That process was passed a lazy ByteString of input, and ghc seemed to not GC the ByteString as it was lazily read and consumed, so memory slowly leaked as the file was read and passed through gpg to bup. To fix it, I simply changed the feeder to take an IO action that returns the lazy bytestring, and fed the result directly to hPut. AFAICS, this should change nothing WRT buffering. But somehow it makes ghc's GC do the right thing. Probably I triggered some weakness in ghc's GC (version 6.12.1). (Note that S3 still has this leak, and others too. Fixing it will involve another dance with the type system.) Update: One theory I have is that this has something to do with the forking of the feeder process. Perhaps, when the ByteString is produced before the fork, ghc decides it need to hold a pointer to the start of it, for some reason -- maybe it doesn't realize that it is only used in the forked process.
2011-04-19 19:26:50 +00:00
withDecryptedHandle :: Cipher -> (IO L.ByteString) -> (Handle -> IO a) -> IO a
cleanup
2011-04-17 17:11:38 +00:00
withDecryptedHandle = gpgCipherHandle [Param "--decrypt"]
fix stall while storing encrypted data in bup Forking a new process rather than relying on a thread to feed gpg. The feeder thread was stalling, probably when the main thread got to the point it was wait()ing on the gpg to exit.
2011-04-17 04:34:38 +00:00
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
{- Streams encrypted content to an action. -}
bup: Avoid memory leak when transferring encrypted data. This was a most surprising leak. It occurred in the process that is forked off to feed data to gpg. That process was passed a lazy ByteString of input, and ghc seemed to not GC the ByteString as it was lazily read and consumed, so memory slowly leaked as the file was read and passed through gpg to bup. To fix it, I simply changed the feeder to take an IO action that returns the lazy bytestring, and fed the result directly to hPut. AFAICS, this should change nothing WRT buffering. But somehow it makes ghc's GC do the right thing. Probably I triggered some weakness in ghc's GC (version 6.12.1). (Note that S3 still has this leak, and others too. Fixing it will involve another dance with the type system.) Update: One theory I have is that this has something to do with the forking of the feeder process. Perhaps, when the ByteString is produced before the fork, ghc decides it need to hold a pointer to the start of it, for some reason -- maybe it doesn't realize that it is only used in the forked process.
2011-04-19 19:26:50 +00:00
withEncryptedContent :: Cipher -> (IO L.ByteString) -> (L.ByteString -> IO a) -> IO a
cleanup
2011-04-17 17:11:38 +00:00
withEncryptedContent = pass withEncryptedHandle
add
2011-04-15 22:18:39 +00:00
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
{- Streams decrypted content to an action. -}
bup: Avoid memory leak when transferring encrypted data. This was a most surprising leak. It occurred in the process that is forked off to feed data to gpg. That process was passed a lazy ByteString of input, and ghc seemed to not GC the ByteString as it was lazily read and consumed, so memory slowly leaked as the file was read and passed through gpg to bup. To fix it, I simply changed the feeder to take an IO action that returns the lazy bytestring, and fed the result directly to hPut. AFAICS, this should change nothing WRT buffering. But somehow it makes ghc's GC do the right thing. Probably I triggered some weakness in ghc's GC (version 6.12.1). (Note that S3 still has this leak, and others too. Fixing it will involve another dance with the type system.) Update: One theory I have is that this has something to do with the forking of the feeder process. Perhaps, when the ByteString is produced before the fork, ghc decides it need to hold a pointer to the start of it, for some reason -- maybe it doesn't realize that it is only used in the forked process.
2011-04-19 19:26:50 +00:00
withDecryptedContent :: Cipher -> (IO L.ByteString) -> (L.ByteString -> IO a) -> IO a
cleanup
2011-04-17 17:11:38 +00:00
withDecryptedContent = pass withDecryptedHandle
add
2011-04-15 22:18:39 +00:00
bup: Avoid memory leak when transferring encrypted data. This was a most surprising leak. It occurred in the process that is forked off to feed data to gpg. That process was passed a lazy ByteString of input, and ghc seemed to not GC the ByteString as it was lazily read and consumed, so memory slowly leaked as the file was read and passed through gpg to bup. To fix it, I simply changed the feeder to take an IO action that returns the lazy bytestring, and fed the result directly to hPut. AFAICS, this should change nothing WRT buffering. But somehow it makes ghc's GC do the right thing. Probably I triggered some weakness in ghc's GC (version 6.12.1). (Note that S3 still has this leak, and others too. Fixing it will involve another dance with the type system.) Update: One theory I have is that this has something to do with the forking of the feeder process. Perhaps, when the ByteString is produced before the fork, ghc decides it need to hold a pointer to the start of it, for some reason -- maybe it doesn't realize that it is only used in the forked process.
2011-04-19 19:26:50 +00:00
pass :: (Cipher -> (IO L.ByteString) -> (Handle -> IO a) -> IO a)
-> Cipher -> (IO L.ByteString) -> (L.ByteString -> IO a) -> IO a
cleanup
2011-04-17 17:11:38 +00:00
pass to c i a = to c i $ \h -> a =<< L.hGetContents h
add
2011-04-15 22:18:39 +00:00
enable gpg batch mode when GPG_AGENT_INFO is set
2011-04-19 17:40:02 +00:00
gpgParams :: [CommandParam] -> IO [String]
gpgParams params = do
-- Enable batch mode if GPG_AGENT_INFO is set, to avoid extraneous
-- gpg output about password prompts.
e <- catch (getEnv "GPG_AGENT_INFO") (const $ return "")
let batch = if null e then [] else ["--batch"]
return $ batch ++ defaults ++ toCommand params
where
-- be quiet, even about checking the trustdb
defaults = ["--quiet", "--trust-model", "always"]
add
2011-04-15 22:18:39 +00:00
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
gpgRead :: [CommandParam] -> IO String
enable gpg batch mode when GPG_AGENT_INFO is set
2011-04-19 17:40:02 +00:00
gpgRead params = do
params' <- gpgParams params
pOpen ReadFromPipe "gpg" params' hGetContentsStrict
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
gpgPipeStrict :: [CommandParam] -> String -> IO String
gpgPipeStrict params input = do
enable gpg batch mode when GPG_AGENT_INFO is set
2011-04-19 17:40:02 +00:00
params' <- gpgParams params
(pid, fromh, toh) <- hPipeBoth "gpg" params'
full encryption support for directory special remotes
2011-04-16 22:22:52 +00:00
_ <- forkIO $ finally (hPutStr toh input) (hClose toh)
output <- hGetContentsStrict fromh
forceSuccess pid
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
return output
{- Runs gpg with a cipher and some parameters, feeding it an input,
Fix stalls in S3 when transferring encrypted data. Stalls were caused by code that did approximatly: content' <- liftIO $ withEncryptedContent cipher content return store content' The return evaluated without actually reading content from S3, and so the cleanup code began waiting on gpg to exit before gpg could send all its data. Fixing it involved moving the `store` type action into the IO monad: liftIO $ withEncryptedContent cipher content store Which was a bit of a pain to do, thank you type system, but avoids the problem as now the whole content is consumed, and stored, before cleanup.
2011-04-19 18:45:19 +00:00
- and passing a handle to its output to an action.
-
- Note that to avoid deadlock with the cleanup stage,
- the action must fully consume gpg's input before returning. -}
bup: Avoid memory leak when transferring encrypted data. This was a most surprising leak. It occurred in the process that is forked off to feed data to gpg. That process was passed a lazy ByteString of input, and ghc seemed to not GC the ByteString as it was lazily read and consumed, so memory slowly leaked as the file was read and passed through gpg to bup. To fix it, I simply changed the feeder to take an IO action that returns the lazy bytestring, and fed the result directly to hPut. AFAICS, this should change nothing WRT buffering. But somehow it makes ghc's GC do the right thing. Probably I triggered some weakness in ghc's GC (version 6.12.1). (Note that S3 still has this leak, and others too. Fixing it will involve another dance with the type system.) Update: One theory I have is that this has something to do with the forking of the feeder process. Perhaps, when the ByteString is produced before the fork, ghc decides it need to hold a pointer to the start of it, for some reason -- maybe it doesn't realize that it is only used in the forked process.
2011-04-19 19:26:50 +00:00
gpgCipherHandle :: [CommandParam] -> Cipher -> (IO L.ByteString) -> (Handle -> IO a) -> IO a
gpgCipherHandle params c a b = do
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
-- pipe the passphrase into gpg on a fd
(frompipe, topipe) <- createPipe
_ <- forkIO $ do
proper encrypted keys For HMAC, using the Data.Digest.Pure.SHA library. I have been avoiding this library for checksumming generally, since it's (probably) not as fast as external utilities, but it's fine to use it for HMAC.
2011-04-17 03:02:09 +00:00
toh <- fdToHandle topipe
use different parts of cipher for hmac and gpg Per bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing It may be paranoid to worry about the cipher being recovered from hmac keys, but yes.. let's be paranoid.
2011-04-17 05:34:28 +00:00
hPutStrLn toh $ cipherPassphrase c
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
hClose toh
proper encrypted keys For HMAC, using the Data.Digest.Pure.SHA library. I have been avoiding this library for checksumming generally, since it's (probably) not as fast as external utilities, but it's fine to use it for HMAC.
2011-04-17 03:02:09 +00:00
let Fd passphrasefd = frompipe
let passphrase = [Param "--passphrase-fd", Param $ show passphrasefd]
fix stall while storing encrypted data in bup Forking a new process rather than relying on a thread to feed gpg. The feeder thread was stalling, probably when the main thread got to the point it was wait()ing on the gpg to exit.
2011-04-17 04:34:38 +00:00
enable gpg batch mode when GPG_AGENT_INFO is set
2011-04-19 17:40:02 +00:00
params' <- gpgParams $ passphrase ++ params
(pid, fromh, toh) <- hPipeBoth "gpg" params'
fix stall while storing encrypted data in bup Forking a new process rather than relying on a thread to feed gpg. The feeder thread was stalling, probably when the main thread got to the point it was wait()ing on the gpg to exit.
2011-04-17 04:34:38 +00:00
_ <- forkProcess $ do
bup: Avoid memory leak when transferring encrypted data. This was a most surprising leak. It occurred in the process that is forked off to feed data to gpg. That process was passed a lazy ByteString of input, and ghc seemed to not GC the ByteString as it was lazily read and consumed, so memory slowly leaked as the file was read and passed through gpg to bup. To fix it, I simply changed the feeder to take an IO action that returns the lazy bytestring, and fed the result directly to hPut. AFAICS, this should change nothing WRT buffering. But somehow it makes ghc's GC do the right thing. Probably I triggered some weakness in ghc's GC (version 6.12.1). (Note that S3 still has this leak, and others too. Fixing it will involve another dance with the type system.) Update: One theory I have is that this has something to do with the forking of the feeder process. Perhaps, when the ByteString is produced before the fork, ghc decides it need to hold a pointer to the start of it, for some reason -- maybe it doesn't realize that it is only used in the forked process.
2011-04-19 19:26:50 +00:00
L.hPut toh =<< a
fix stall while storing encrypted data in bup Forking a new process rather than relying on a thread to feed gpg. The feeder thread was stalling, probably when the main thread got to the point it was wait()ing on the gpg to exit.
2011-04-17 04:34:38 +00:00
hClose toh
exitSuccess
hClose toh
bup: Avoid memory leak when transferring encrypted data. This was a most surprising leak. It occurred in the process that is forked off to feed data to gpg. That process was passed a lazy ByteString of input, and ghc seemed to not GC the ByteString as it was lazily read and consumed, so memory slowly leaked as the file was read and passed through gpg to bup. To fix it, I simply changed the feeder to take an IO action that returns the lazy bytestring, and fed the result directly to hPut. AFAICS, this should change nothing WRT buffering. But somehow it makes ghc's GC do the right thing. Probably I triggered some weakness in ghc's GC (version 6.12.1). (Note that S3 still has this leak, and others too. Fixing it will involve another dance with the type system.) Update: One theory I have is that this has something to do with the forking of the feeder process. Perhaps, when the ByteString is produced before the fork, ghc decides it need to hold a pointer to the start of it, for some reason -- maybe it doesn't realize that it is only used in the forked process.
2011-04-19 19:26:50 +00:00
ret <- b fromh
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
-- cleanup
forceSuccess pid
closeFd frompipe
return ret
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
configKeyIds :: RemoteConfig -> IO KeyIds
configKeyIds c = do
let k = configGet c "encryption"
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
s <- gpgRead [Params "--with-colons --list-public-keys", Param k]
encryption key management working Encrypted remotes don't yet encrypt data, but git annex initremote can be used to generate a cipher and add additional gpg keys that can use it.
2011-04-16 17:25:27 +00:00
return $ KeyIds $ parseWithColons s
where
parseWithColons s = map keyIdField $ filter pubKey $ lines s
pubKey = isPrefixOf "pub:"
keyIdField s = (split ":" s) !! 4
configGet :: RemoteConfig -> String -> String
simplified a bunch of Maybe handling
2011-05-15 06:49:43 +00:00
configGet c key = maybe missing id $ M.lookup key c
where missing = error $ "missing " ++ key ++ " in remote config"
crypto library almost complete Piping data through gpg with symmetric cipher is working. Only Key encryption is not done.
2011-04-16 20:26:47 +00:00
add test to ensure hmac remains stable
2011-04-21 20:56:24 +00:00
hmacWithCipher :: Cipher -> String -> String
hmacWithCipher c = hmacWithCipher' (cipherHmac c)
hmacWithCipher' :: String -> String -> String
Revert "Use haskell Crypto library instead of haskell SHA library.a" This reverts commit 892593c5efacbc084d19af4b5d7164ededaea7ff. Conflicts: Crypto.hs debian/control
2011-04-26 15:24:23 +00:00
hmacWithCipher' c s = showDigest $ hmacSha1 (fromString c) (fromString s)
add test to ensure hmac remains stable
2011-04-21 20:56:24 +00:00
{- Ensure that hmacWithCipher' returns the same thing forevermore. -}
prop_hmacWithCipher_sane :: Bool
prop_hmacWithCipher_sane = known_good == hmacWithCipher' "foo" "bar"
where
known_good = "46b4ec586117154dacd49d664e5d63fdc88efb51"
Reference in a new issue Copy permalink