2011-04-15 22:18:39 +00:00
|
|
|
{- git-annex crypto
|
2011-04-16 17:25:27 +00:00
|
|
|
-
|
|
|
|
- Currently using gpg; could later be modified to support different
|
|
|
|
- crypto backends if neccessary.
|
2011-04-15 22:18:39 +00:00
|
|
|
-
|
2014-07-29 20:22:19 +00:00
|
|
|
- Copyright 2011-2014 Joey Hess <joey@kitenet.net>
|
2011-04-15 22:18:39 +00:00
|
|
|
-
|
|
|
|
- Licensed under the GNU GPL version 3 or higher.
|
|
|
|
-}
|
|
|
|
|
2013-09-05 03:16:33 +00:00
|
|
|
{-# LANGUAGE FlexibleInstances #-}
|
2014-07-29 20:22:19 +00:00
|
|
|
{-# LANGUAGE Rank2Types #-}
|
2013-09-05 03:16:33 +00:00
|
|
|
|
2011-04-15 22:18:39 +00:00
|
|
|
module Crypto (
|
2011-04-16 22:22:52 +00:00
|
|
|
Cipher,
|
2012-04-29 18:31:34 +00:00
|
|
|
KeyIds(..),
|
2014-07-27 00:14:09 +00:00
|
|
|
EncKey,
|
2012-04-29 18:02:18 +00:00
|
|
|
StorableCipher(..),
|
|
|
|
genEncryptedCipher,
|
|
|
|
genSharedCipher,
|
|
|
|
updateEncryptedCipher,
|
2011-04-17 22:18:27 +00:00
|
|
|
describeCipher,
|
2011-04-15 22:18:39 +00:00
|
|
|
decryptCipher,
|
|
|
|
encryptKey,
|
2014-08-03 20:54:57 +00:00
|
|
|
isEncKey,
|
2012-11-18 19:27:44 +00:00
|
|
|
feedFile,
|
|
|
|
feedBytes,
|
|
|
|
readBytes,
|
|
|
|
encrypt,
|
2013-09-05 03:16:33 +00:00
|
|
|
decrypt,
|
|
|
|
getGpgEncParams,
|
2011-04-21 20:56:24 +00:00
|
|
|
|
2013-03-29 16:06:02 +00:00
|
|
|
prop_HmacSha1WithCipher_sane
|
2011-04-15 22:18:39 +00:00
|
|
|
) where
|
|
|
|
|
2012-06-20 17:13:40 +00:00
|
|
|
import qualified Data.ByteString.Lazy as L
|
2011-04-26 15:24:23 +00:00
|
|
|
import Data.ByteString.Lazy.UTF8 (fromString)
|
2011-08-25 04:28:55 +00:00
|
|
|
import Control.Applicative
|
2013-09-05 03:16:33 +00:00
|
|
|
import qualified Data.Map as M
|
2014-07-29 20:22:19 +00:00
|
|
|
import Control.Monad.IO.Class
|
|
|
|
import Control.Monad.Catch (MonadMask)
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2011-10-05 20:02:51 +00:00
|
|
|
import Common.Annex
|
2011-12-21 01:47:56 +00:00
|
|
|
import qualified Utility.Gpg as Gpg
|
2011-06-02 01:56:04 +00:00
|
|
|
import Types.Key
|
|
|
|
import Types.Crypto
|
2013-09-05 03:16:33 +00:00
|
|
|
import Types.Remote
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2013-03-29 16:06:02 +00:00
|
|
|
{- The beginning of a Cipher is used for MAC'ing; the remainder is used
|
2013-09-05 02:18:33 +00:00
|
|
|
- as the GPG symmetric encryption passphrase when using the hybrid
|
|
|
|
- scheme. Note that the cipher itself is base-64 encoded, hence the
|
|
|
|
- string is longer than 'cipherSize': 683 characters, padded to 684.
|
2011-04-17 05:34:28 +00:00
|
|
|
-
|
2013-03-29 16:06:02 +00:00
|
|
|
- The 256 first characters that feed the MAC represent at best 192
|
|
|
|
- bytes of entropy. However that's more than enough for both the
|
|
|
|
- default MAC algorithm, namely HMAC-SHA1, and the "strongest"
|
2013-03-29 22:06:14 +00:00
|
|
|
- currently supported, namely HMAC-SHA512, which respectively need
|
2013-03-29 16:06:02 +00:00
|
|
|
- (ideally) 64 and 128 bytes of entropy.
|
2011-04-17 15:13:54 +00:00
|
|
|
-
|
2013-03-29 22:06:14 +00:00
|
|
|
- The remaining characters (320 bytes of entropy) is enough for GnuPG's
|
2013-03-29 16:06:02 +00:00
|
|
|
- symetric cipher; unlike weaker public key crypto, the key does not
|
|
|
|
- need to be too large.
|
2011-04-17 05:34:28 +00:00
|
|
|
-}
|
2013-03-03 23:44:48 +00:00
|
|
|
cipherBeginning :: Int
|
|
|
|
cipherBeginning = 256
|
2011-04-17 05:34:28 +00:00
|
|
|
|
|
|
|
cipherSize :: Int
|
2013-03-03 23:44:48 +00:00
|
|
|
cipherSize = 512
|
2011-04-17 05:34:28 +00:00
|
|
|
|
|
|
|
cipherPassphrase :: Cipher -> String
|
2013-03-03 23:44:48 +00:00
|
|
|
cipherPassphrase (Cipher c) = drop cipherBeginning c
|
2013-09-05 06:09:39 +00:00
|
|
|
cipherPassphrase (MacOnlyCipher _) = error "MAC-only cipher"
|
2011-04-17 05:34:28 +00:00
|
|
|
|
2013-03-29 16:06:02 +00:00
|
|
|
cipherMac :: Cipher -> String
|
|
|
|
cipherMac (Cipher c) = take cipherBeginning c
|
2013-09-05 06:09:39 +00:00
|
|
|
cipherMac (MacOnlyCipher c) = c
|
2011-04-17 05:34:28 +00:00
|
|
|
|
2013-09-05 02:18:33 +00:00
|
|
|
{- Creates a new Cipher, encrypted to the specified key id. -}
|
|
|
|
genEncryptedCipher :: String -> EncryptedCipherVariant -> Bool -> IO StorableCipher
|
|
|
|
genEncryptedCipher keyid variant highQuality = do
|
2012-04-29 18:02:18 +00:00
|
|
|
ks <- Gpg.findPubKeys keyid
|
2013-09-01 18:12:00 +00:00
|
|
|
random <- Gpg.genRandom highQuality size
|
2013-09-05 06:09:39 +00:00
|
|
|
encryptCipher (mkCipher random) variant ks
|
2013-09-01 18:12:00 +00:00
|
|
|
where
|
2013-09-05 06:09:39 +00:00
|
|
|
(mkCipher, size) = case variant of
|
2013-09-05 15:12:01 +00:00
|
|
|
Hybrid -> (Cipher, cipherSize) -- used for MAC + symmetric
|
|
|
|
PubKey -> (MacOnlyCipher, cipherBeginning) -- only used for MAC
|
2012-04-29 18:02:18 +00:00
|
|
|
|
|
|
|
{- Creates a new, shared Cipher. -}
|
2013-04-05 19:06:16 +00:00
|
|
|
genSharedCipher :: Bool -> IO StorableCipher
|
|
|
|
genSharedCipher highQuality =
|
|
|
|
SharedCipher <$> Gpg.genRandom highQuality cipherSize
|
2012-04-29 18:02:18 +00:00
|
|
|
|
2013-08-28 02:24:14 +00:00
|
|
|
{- Updates an existing Cipher, re-encrypting it to add or remove keyids,
|
|
|
|
- depending on whether the first component is True or False. -}
|
|
|
|
updateEncryptedCipher :: [(Bool, String)] -> StorableCipher -> IO StorableCipher
|
|
|
|
updateEncryptedCipher _ SharedCipher{} = undefined
|
|
|
|
updateEncryptedCipher [] encipher = return encipher
|
2013-09-05 06:09:39 +00:00
|
|
|
updateEncryptedCipher newkeys encipher@(EncryptedCipher _ variant (KeyIds ks)) = do
|
2013-08-28 02:24:14 +00:00
|
|
|
dropKeys <- listKeyIds [ k | (False, k) <- newkeys ]
|
|
|
|
forM_ dropKeys $ \k -> unless (k `elem` ks) $
|
2013-09-05 01:54:10 +00:00
|
|
|
error $ "Key " ++ k ++ " was not present; cannot remove."
|
2013-08-28 02:24:14 +00:00
|
|
|
addKeys <- listKeyIds [ k | (True, k) <- newkeys ]
|
|
|
|
let ks' = (addKeys ++ ks) \\ dropKeys
|
2013-09-05 01:54:10 +00:00
|
|
|
when (null ks') $
|
|
|
|
error "Cannot remove the last key."
|
2012-04-29 18:02:18 +00:00
|
|
|
cipher <- decryptCipher encipher
|
2013-09-05 06:09:39 +00:00
|
|
|
encryptCipher cipher variant $ KeyIds ks'
|
2012-10-29 01:27:15 +00:00
|
|
|
where
|
2013-09-27 23:58:48 +00:00
|
|
|
listKeyIds = concat <$$> mapM (keyIds <$$> Gpg.findPubKeys)
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2012-04-29 18:02:18 +00:00
|
|
|
describeCipher :: StorableCipher -> String
|
2013-09-05 02:18:33 +00:00
|
|
|
describeCipher (SharedCipher _) = "shared cipher"
|
|
|
|
describeCipher (EncryptedCipher _ variant (KeyIds ks)) =
|
2013-09-01 18:12:00 +00:00
|
|
|
scheme ++ " with gpg " ++ keys ks ++ " " ++ unwords ks
|
2012-10-29 01:27:15 +00:00
|
|
|
where
|
2013-09-05 02:18:33 +00:00
|
|
|
scheme = case variant of
|
2013-09-05 15:12:01 +00:00
|
|
|
Hybrid -> "hybrid cipher"
|
|
|
|
PubKey -> "pubkey crypto"
|
2012-10-29 01:27:15 +00:00
|
|
|
keys [_] = "key"
|
|
|
|
keys _ = "keys"
|
2011-04-17 22:18:27 +00:00
|
|
|
|
2013-09-05 02:18:33 +00:00
|
|
|
{- Encrypts a Cipher to the specified KeyIds. -}
|
|
|
|
encryptCipher :: Cipher -> EncryptedCipherVariant -> KeyIds -> IO StorableCipher
|
2013-09-05 06:09:39 +00:00
|
|
|
encryptCipher c variant (KeyIds ks) = do
|
2013-03-12 09:05:33 +00:00
|
|
|
-- gpg complains about duplicate recipient keyids
|
|
|
|
let ks' = nub $ sort ks
|
2013-09-01 18:12:00 +00:00
|
|
|
let params = Gpg.pkEncTo ks' ++ Gpg.stdEncryptionParams False
|
2013-09-05 06:09:39 +00:00
|
|
|
encipher <- Gpg.pipeStrict params cipher
|
2013-09-05 02:18:33 +00:00
|
|
|
return $ EncryptedCipher encipher variant (KeyIds ks')
|
2013-09-05 06:09:39 +00:00
|
|
|
where
|
|
|
|
cipher = case c of
|
|
|
|
Cipher x -> x
|
|
|
|
MacOnlyCipher x -> x
|
2011-04-15 22:18:39 +00:00
|
|
|
|
|
|
|
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
|
2012-04-29 18:02:18 +00:00
|
|
|
decryptCipher :: StorableCipher -> IO Cipher
|
|
|
|
decryptCipher (SharedCipher t) = return $ Cipher t
|
2013-09-05 06:09:39 +00:00
|
|
|
decryptCipher (EncryptedCipher t variant _) =
|
|
|
|
mkCipher <$> Gpg.pipeStrict [ Param "--decrypt" ] t
|
|
|
|
where
|
|
|
|
mkCipher = case variant of
|
2013-09-05 15:12:01 +00:00
|
|
|
Hybrid -> Cipher
|
|
|
|
PubKey -> MacOnlyCipher
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2014-07-27 00:14:09 +00:00
|
|
|
type EncKey = Key -> Key
|
|
|
|
|
2011-04-16 20:26:47 +00:00
|
|
|
{- Generates an encrypted form of a Key. The encryption does not need to be
|
2011-04-15 22:18:39 +00:00
|
|
|
- reversable, nor does it need to be the same type of encryption used
|
2011-04-16 20:26:47 +00:00
|
|
|
- on content. It does need to be repeatable. -}
|
2014-07-27 00:14:09 +00:00
|
|
|
encryptKey :: Mac -> Cipher -> EncKey
|
2014-07-24 17:36:23 +00:00
|
|
|
encryptKey mac c k = stubKey
|
2013-03-29 16:06:02 +00:00
|
|
|
{ keyName = macWithCipher mac c (key2file k)
|
2014-08-03 20:54:57 +00:00
|
|
|
, keyBackendName = encryptedBackendNamePrefix ++ showMac mac
|
2011-04-16 20:26:47 +00:00
|
|
|
}
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2014-08-03 20:54:57 +00:00
|
|
|
encryptedBackendNamePrefix :: String
|
|
|
|
encryptedBackendNamePrefix = "GPG"
|
|
|
|
|
|
|
|
isEncKey :: Key -> Bool
|
|
|
|
isEncKey k = encryptedBackendNamePrefix `isPrefixOf` keyBackendName k
|
|
|
|
|
2012-11-18 19:27:44 +00:00
|
|
|
type Feeder = Handle -> IO ()
|
2014-07-29 20:22:19 +00:00
|
|
|
type Reader m a = Handle -> m a
|
2012-11-18 19:27:44 +00:00
|
|
|
|
|
|
|
feedFile :: FilePath -> Feeder
|
|
|
|
feedFile f h = L.hPut h =<< L.readFile f
|
|
|
|
|
|
|
|
feedBytes :: L.ByteString -> Feeder
|
|
|
|
feedBytes = flip L.hPut
|
|
|
|
|
2014-07-29 20:22:19 +00:00
|
|
|
readBytes :: (MonadIO m) => (L.ByteString -> m a) -> Reader m a
|
|
|
|
readBytes a h = liftIO (L.hGetContents h) >>= a
|
2012-11-18 19:27:44 +00:00
|
|
|
|
2013-09-01 18:12:00 +00:00
|
|
|
{- Runs a Feeder action, that generates content that is symmetrically
|
|
|
|
- encrypted with the Cipher (unless it is empty, in which case
|
|
|
|
- public-key encryption is used) using the given gpg options, and then
|
|
|
|
- read by the Reader action. Note: For public-key encryption,
|
|
|
|
- recipients MUST be included in 'params' (for instance using
|
2013-09-04 22:00:02 +00:00
|
|
|
- 'getGpgEncParams'). -}
|
2014-07-29 20:22:19 +00:00
|
|
|
encrypt :: (MonadIO m, MonadMask m) => [CommandParam] -> Cipher -> Feeder -> Reader m a -> m a
|
2013-09-05 06:09:39 +00:00
|
|
|
encrypt params cipher = case cipher of
|
|
|
|
Cipher{} -> Gpg.feedRead (params ++ Gpg.stdEncryptionParams True) $
|
|
|
|
cipherPassphrase cipher
|
|
|
|
MacOnlyCipher{} -> Gpg.pipeLazy $ params ++ Gpg.stdEncryptionParams False
|
2012-11-18 19:27:44 +00:00
|
|
|
|
|
|
|
{- Runs a Feeder action, that generates content that is decrypted with the
|
2013-09-01 18:12:00 +00:00
|
|
|
- Cipher (or using a private key if the Cipher is empty), and read by the
|
|
|
|
- Reader action. -}
|
2014-07-29 20:22:19 +00:00
|
|
|
decrypt :: (MonadIO m, MonadMask m) => Cipher -> Feeder -> Reader m a -> m a
|
2013-09-05 06:09:39 +00:00
|
|
|
decrypt cipher = case cipher of
|
|
|
|
Cipher{} -> Gpg.feedRead [Param "--decrypt"] $ cipherPassphrase cipher
|
|
|
|
MacOnlyCipher{} -> Gpg.pipeLazy [Param "--decrypt"]
|
2011-04-15 22:18:39 +00:00
|
|
|
|
2013-03-29 16:06:02 +00:00
|
|
|
macWithCipher :: Mac -> Cipher -> String -> String
|
|
|
|
macWithCipher mac c = macWithCipher' mac (cipherMac c)
|
|
|
|
macWithCipher' :: Mac -> String -> String -> String
|
|
|
|
macWithCipher' mac c s = calcMac mac (fromString c) (fromString s)
|
2011-04-21 20:56:24 +00:00
|
|
|
|
2013-03-29 16:06:02 +00:00
|
|
|
{- Ensure that macWithCipher' returns the same thing forevermore. -}
|
|
|
|
prop_HmacSha1WithCipher_sane :: Bool
|
|
|
|
prop_HmacSha1WithCipher_sane = known_good == macWithCipher' HmacSha1 "foo" "bar"
|
2012-10-29 01:27:15 +00:00
|
|
|
where
|
|
|
|
known_good = "46b4ec586117154dacd49d664e5d63fdc88efb51"
|
2013-09-05 03:16:33 +00:00
|
|
|
|
|
|
|
{- Return some options suitable for GnuPG encryption, symmetric or not. -}
|
|
|
|
class LensGpgEncParams a where getGpgEncParams :: a -> [CommandParam]
|
|
|
|
|
|
|
|
{- Extract the GnuPG options from a pair of a Remote Config and a Remote
|
2014-02-06 22:25:31 +00:00
|
|
|
- Git Config. -}
|
2013-09-05 03:16:33 +00:00
|
|
|
instance LensGpgEncParams (RemoteConfig, RemoteGitConfig) where
|
2014-02-06 22:25:31 +00:00
|
|
|
getGpgEncParams (c,gc) = map Param (remoteAnnexGnupgOptions gc) ++ getGpgEncParams c
|
2013-09-05 03:16:33 +00:00
|
|
|
where
|
2014-02-06 22:25:31 +00:00
|
|
|
|
|
|
|
{- Extract the GnuPG options from a Remote Config, ignoring any
|
|
|
|
- git config settings. (Which is ok if the remote is just being set up
|
|
|
|
- and so doesn't have any.)
|
|
|
|
-
|
|
|
|
- If the remote is configured to use public-key encryption,
|
|
|
|
- look up the recipient keys and add them to the option list.-}
|
|
|
|
instance LensGpgEncParams RemoteConfig where
|
|
|
|
getGpgEncParams c = case M.lookup "encryption" c of
|
|
|
|
Just "pubkey" -> Gpg.pkEncTo $ maybe [] (split ",") $ M.lookup "cipherkeys" c
|
|
|
|
_ -> []
|
2013-09-05 03:16:33 +00:00
|
|
|
|
|
|
|
{- Extract the GnuPG options from a Remote. -}
|
|
|
|
instance LensGpgEncParams (RemoteA a) where
|
|
|
|
getGpgEncParams r = getGpgEncParams (config r, gitconfig r)
|