From 0fda7c08d04d6ce83a4562bbb8b1caf89082f4a3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 27 Feb 2017 12:54:06 -0400 Subject: [PATCH] add cryptographicallySecure Note that GPGHMAC keys are not cryptographically secure, because their content has no relation to the name of the key. So, things that use this function to avoid sending keys to a remote will need to special case in support for those keys. If GPGHMAC keys were accepted as cryptographically secure, symlinks using them could be committed to a git repo, and their content would be accepted into the repo, with no guarantee that two repos got the same content, which is what we're aiming to prevent. --- Types/Key.hs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Types/Key.hs b/Types/Key.hs index 27d56dfd97..59667ae6d5 100644 --- a/Types/Key.hs +++ b/Types/Key.hs @@ -65,6 +65,14 @@ sameExceptExt (SHA1Key _) (SHA1Key _) = True sameExceptExt (MD5Key _) (MD5Key _) = True sameExceptExt _ _ = False +{- Is the Key variety cryptographically secure, such that no two differing + - file contents can be mapped to the same Key? -} +cryptographicallySecure :: KeyVariety -> Bool +cryptographicallySecure (SHA2Key _ _) = True +cryptographicallySecure (SHA3Key _ _) = True +cryptographicallySecure (SKEINKey _ _) = True +cryptographicallySecure _ = False + formatKeyVariety :: KeyVariety -> String formatKeyVariety v = case v of SHA2Key sz e -> adde e (addsz sz "SHA")