proper encrypted keys

For HMAC, using the Data.Digest.Pure.SHA library. I have been avoiding
this library for checksumming generally, since it's (probably) not
as fast as external utilities, but it's fine to use it for HMAC.

2 files changed, 10 insertions, 8 deletions

diff --git a/Crypto.hs b/Crypto.hs
index 9f404c1b1..25d9a1157 100644
--- a/Crypto.hs
+++ b/Crypto.hs
@@ -24,6 +24,8 @@ module Crypto (
 import qualified Data.ByteString.Lazy.Char8 as L
 import qualified Data.Map as M
 import qualified Codec.Binary.Base64 as B64
+import Data.ByteString.Lazy.UTF8 (fromString)
+import Data.Digest.Pure.SHA
 import System.Cmd.Utils
 import Data.String.Utils
 import Data.List
@@ -105,12 +107,11 @@ decryptCipher _ (EncryptedCipher encipher _) =
  - reversable, nor does it need to be the same type of encryption used
  - on content. It does need to be repeatable. -}
 encryptKey :: Cipher -> Key -> IO Key
-encryptKey c k =
+encryptKey (Cipher c) k =
 	return Key {
-		-- FIXME: should use HMAC with the cipher; I don't
-		-- have Data.Crypto in Debian yet though.
-		keyName = show k,
-		keyBackendName = "INSECURE",
+		keyName = showDigest $
+			hmacSha1 (fromString $ show k) (fromString c),
+		keyBackendName = "GPGHMACSHA1",
 		keySize = Nothing, -- size and mtime omitted
 		keyMtime = Nothing -- to avoid leaking data
 	}
@@ -154,12 +155,12 @@ gpgCipher :: [CommandParam] -> Cipher -> L.ByteString -> (L.ByteString -> IO a)
 gpgCipher params (Cipher c) input a = do
 	-- pipe the passphrase into gpg on a fd
 	(frompipe, topipe) <- createPipe
-	toh <- fdToHandle topipe
-	let Fd fromno = frompipe
 	_ <- forkIO $ do
+		toh <- fdToHandle topipe
 		hPutStrLn toh c
 		hClose toh
-	let passphrase = [Param "--passphrase-fd", Param $ show fromno]
+	let Fd passphrasefd = frompipe
+	let passphrase = [Param "--passphrase-fd", Param $ show passphrasefd]
 	(pid, output) <- gpgPipeBytes (passphrase ++ params) input
 	
 	ret <- a output
diff --git a/doc/install.mdwn b/doc/install.mdwn
index 746352cb8..7a0c6020b 100644
--- a/doc/install.mdwn
+++ b/doc/install.mdwn
@@ -13,6 +13,7 @@ To build and use git-annex, you will need:
 * MissingH: <http://github.com/jgoerzen/missingh/wiki>
 * pcre-light: <http://hackage.haskell.org/package/pcre-light>
 * utf8-string: <http://hackage.haskell.org/package/utf8-string>
+* SHA: <http://hackage.haskell.org/package/SHA>
 * TestPack <http://hackage.haskell.org/cgi-bin/hackage-scripts/package/testpack>
 * QuickCheck 2 <http://hackage.haskell.org/package/QuickCheck>
 * hS3 <http://hackage.haskell.org/package/hS3> (optional, but recommended)