7c1a9cdeb9
This is a git-remote-gcrypt encrypted special remote. Only sending files in to the remote works, and only for local repositories. Most of the work so far has involved making initremote work. A particular problem is that remote setup in this case needs to generate its own uuid, derivied from the gcrypt-id. That required some larger changes in the code to support. For ssh remotes, this will probably just reuse Remote.Rsync's code, so should be easy enough. And for downloading from a web remote, I will need to factor out the part of Remote.Git that does that. One particular thing that will need work is supporting hot-swapping a local gcrypt remote. I think it needs to store the gcrypt-id in the git config of the local remote, so that it can check it every time, and compare with the cached annex-uuid for the remote. If there is a mismatch, it can change both the cached annex-uuid and the gcrypt-id. That should work, and I laid some groundwork for it by already reading the remote's config when it's local. (Also needed for other reasons.) This commit was sponsored by Daniel Callahan.
73 lines
1.9 KiB
Haskell
73 lines
1.9 KiB
Haskell
{- git-annex crypto types
|
|
-
|
|
- Copyright 2011-2012 Joey Hess <joey@kitenet.net>
|
|
-
|
|
- Licensed under the GNU GPL version 3 or higher.
|
|
-}
|
|
|
|
module Types.Crypto (
|
|
Cipher(..),
|
|
StorableCipher(..),
|
|
EncryptedCipherVariant(..),
|
|
KeyIds(..),
|
|
Mac(..),
|
|
readMac,
|
|
showMac,
|
|
defaultMac,
|
|
calcMac,
|
|
) where
|
|
|
|
import qualified Data.ByteString.Lazy as L
|
|
import Data.Digest.Pure.SHA
|
|
|
|
import Utility.Gpg (KeyIds(..))
|
|
|
|
-- XXX ideally, this would be a locked memory region
|
|
data Cipher = Cipher String | MacOnlyCipher String
|
|
|
|
data StorableCipher = EncryptedCipher String EncryptedCipherVariant KeyIds
|
|
| SharedCipher String
|
|
deriving (Ord, Eq)
|
|
data EncryptedCipherVariant = Hybrid | PubKey
|
|
deriving (Ord, Eq)
|
|
|
|
{- File names are (client-side) MAC'ed on special remotes.
|
|
- The chosen MAC algorithm needs to be same for all files stored on the
|
|
- remote.
|
|
-}
|
|
data Mac = HmacSha1 | HmacSha224 | HmacSha256 | HmacSha384 | HmacSha512
|
|
deriving (Eq)
|
|
|
|
defaultMac :: Mac
|
|
defaultMac = HmacSha1
|
|
|
|
-- MAC algorithms are shown as follows in the file names.
|
|
showMac :: Mac -> String
|
|
showMac HmacSha1 = "HMACSHA1"
|
|
showMac HmacSha224 = "HMACSHA224"
|
|
showMac HmacSha256 = "HMACSHA256"
|
|
showMac HmacSha384 = "HMACSHA384"
|
|
showMac HmacSha512 = "HMACSHA512"
|
|
|
|
-- Read the MAC algorithm from the remote config.
|
|
readMac :: String -> Maybe Mac
|
|
readMac "HMACSHA1" = Just HmacSha1
|
|
readMac "HMACSHA224" = Just HmacSha224
|
|
readMac "HMACSHA256" = Just HmacSha256
|
|
readMac "HMACSHA384" = Just HmacSha384
|
|
readMac "HMACSHA512" = Just HmacSha512
|
|
readMac _ = Nothing
|
|
|
|
calcMac
|
|
:: Mac -- ^ MAC
|
|
-> L.ByteString -- ^ secret key
|
|
-> L.ByteString -- ^ message
|
|
-> String -- ^ MAC'ed message, in hexadecimals
|
|
calcMac mac = case mac of
|
|
HmacSha1 -> showDigest $* hmacSha1
|
|
HmacSha224 -> showDigest $* hmacSha224
|
|
HmacSha256 -> showDigest $* hmacSha256
|
|
HmacSha384 -> showDigest $* hmacSha384
|
|
HmacSha512 -> showDigest $* hmacSha512
|
|
where
|
|
($*) g f x y = g $ f x y
|