diff options
author | guilhem <guilhem@fripost.org> | 2013-09-05 08:09:39 +0200 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2013-09-05 11:09:08 -0400 |
commit | 217b0d3794ea466c64654b3bd91bbfb55cc40248 (patch) | |
tree | 8194c96ab756248f8f8e4cfb47a4c4fcfb3d9afe /Remote | |
parent | ab2aacb24de0d411e96aee0fab056469b071c26c (diff) |
Leverage an ambiguities between Ciphers
Cipher is now a datatype
data Cipher = Cipher String | MacOnlyCipher String
which makes more precise its interpretation MAC-only vs. MAC + used to
derive a key for symmetric crypto.
Diffstat (limited to 'Remote')
-rw-r--r-- | Remote/Helper/Encryptable.hs | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/Remote/Helper/Encryptable.hs b/Remote/Helper/Encryptable.hs index 29e51c002..5c661eaa7 100644 --- a/Remote/Helper/Encryptable.hs +++ b/Remote/Helper/Encryptable.hs @@ -133,18 +133,11 @@ embedCreds c | isJust (M.lookup "cipherkeys" c) && isJust (M.lookup "cipher" c) = True | otherwise = False -{- Gets encryption Cipher, and encrypted version of Key. In case we want - - asymmetric encryption, leave the first empty, but encrypt the Key - - regardless. (Empty ciphers imply asymmetric encryption.) We could - - also check how long is the cipher (MAC'ing-only ciphers are shorter), - - but we don't want to rely on that only. -} +{- Gets encryption Cipher, and encrypted version of Key. -} cipherKey :: RemoteConfig -> Key -> Annex (Maybe (Cipher, Key)) cipherKey c k = fmap make <$> remoteCipher c where - make ciphertext = (cipContent ciphertext, encryptKey mac ciphertext k) - cipContent - | M.lookup "encryption" c /= Just "pubkey" = id - | otherwise = const $ Cipher "" + make ciphertext = (ciphertext, encryptKey mac ciphertext k) mac = fromMaybe defaultMac $ M.lookup "mac" c >>= readMac {- Stores an StorableCipher in a remote's configuration. -} |