summaryrefslogtreecommitdiff
path: root/Crypto.hs
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2013-09-04 22:18:33 -0400
committerGravatar Joey Hess <joey@kitenet.net>2013-09-04 22:18:33 -0400
commit4c96f460a7ad615f344d1b2e88d037d7a0259776 (patch)
tree1c24b37d33946d6d5079156271c8ef8b5a3eb712 /Crypto.hs
parent17a5f70ed26b14a15a50d237f47eb68eb9c2753d (diff)
replace an over-explained Bool with a data type
This also highlights several places where a Read/Show or similar for the new data type could avoid redundant strings.
Diffstat (limited to 'Crypto.hs')
-rw-r--r--Crypto.hs41
1 files changed, 19 insertions, 22 deletions
diff --git a/Crypto.hs b/Crypto.hs
index f8628abb1..7f65a9c0a 100644
--- a/Crypto.hs
+++ b/Crypto.hs
@@ -38,9 +38,9 @@ import Types.Key
import Types.Crypto
{- The beginning of a Cipher is used for MAC'ing; the remainder is used
- - as the GPG symmetric encryption passphrase. Note that the cipher
- - itself is base-64 encoded, hence the string is longer than
- - 'cipherSize': 683 characters, padded to 684.
+ - as the GPG symmetric encryption passphrase when using the hybrid
+ - scheme. Note that the cipher itself is base-64 encoded, hence the
+ - string is longer than 'cipherSize': 683 characters, padded to 684.
-
- The 256 first characters that feed the MAC represent at best 192
- bytes of entropy. However that's more than enough for both the
@@ -64,17 +64,16 @@ cipherPassphrase (Cipher c) = drop cipherBeginning c
cipherMac :: Cipher -> String
cipherMac (Cipher c) = take cipherBeginning c
-{- Creates a new Cipher, encrypted to the specified key id. If the
- - boolean 'symmetric' is true, use that cipher not only for MAC'ing,
- - but also to symmetrically encrypt annexed file contents. Otherwise,
- - we don't bother to generate so much random data. -}
-genEncryptedCipher :: String -> Bool -> Bool -> IO StorableCipher
-genEncryptedCipher keyid symmetric highQuality = do
+{- Creates a new Cipher, encrypted to the specified key id. -}
+genEncryptedCipher :: String -> EncryptedCipherVariant -> Bool -> IO StorableCipher
+genEncryptedCipher keyid variant highQuality = do
ks <- Gpg.findPubKeys keyid
random <- Gpg.genRandom highQuality size
- encryptCipher (Cipher random) symmetric ks
+ encryptCipher (Cipher random) variant ks
where
- size = if symmetric then cipherSize else cipherBeginning
+ size = case variant of
+ HybridCipher -> cipherSize -- used for MAC + symmetric
+ PubKeyCipher -> cipherBeginning -- only used for MAC
{- Creates a new, shared Cipher. -}
genSharedCipher :: Bool -> IO StorableCipher
@@ -100,27 +99,25 @@ updateEncryptedCipher newkeys encipher@(EncryptedCipher _ symmetric (KeyIds ks))
listKeyIds = mapM (Gpg.findPubKeys >=*> keyIds) >=*> concat
describeCipher :: StorableCipher -> String
-describeCipher SharedCipher{} = "shared cipher"
-describeCipher (EncryptedCipher _ symmetric (KeyIds ks)) =
+describeCipher (SharedCipher _) = "shared cipher"
+describeCipher (EncryptedCipher _ variant (KeyIds ks)) =
scheme ++ " with gpg " ++ keys ks ++ " " ++ unwords ks
where
- scheme = if symmetric then "hybrid cipher" else "pubkey crypto"
+ scheme = case variant of
+ HybridCipher -> "hybrid cipher"
+ PubKeyCipher -> "pubkey crypto"
keys [_] = "key"
keys _ = "keys"
-{- Encrypts a Cipher to the specified KeyIds. The boolean indicates
- - whether to encrypt a hybrid cipher (True), which is going to be used
- - both for MAC'ing and symmetric encryption of file contents, or for
- - MAC'ing only (False), while pubkey crypto is used for file contents.
- - -}
-encryptCipher :: Cipher -> Bool -> KeyIds -> IO StorableCipher
-encryptCipher (Cipher c) symmetric (KeyIds ks) = do
+{- Encrypts a Cipher to the specified KeyIds. -}
+encryptCipher :: Cipher -> EncryptedCipherVariant -> KeyIds -> IO StorableCipher
+encryptCipher (Cipher c) variant (KeyIds ks) = do
-- gpg complains about duplicate recipient keyids
let ks' = nub $ sort ks
-- The cipher itself is always encrypted to the given public keys
let params = Gpg.pkEncTo ks' ++ Gpg.stdEncryptionParams False
encipher <- Gpg.pipeStrict params c
- return $ EncryptedCipher encipher symmetric (KeyIds ks')
+ return $ EncryptedCipher encipher variant (KeyIds ks')
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
decryptCipher :: StorableCipher -> IO Cipher