summaryrefslogtreecommitdiff
path: root/Utility/Gpg.hs
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2013-03-03 20:39:01 -0400
committerGravatar Joey Hess <joey@kitenet.net>2013-03-03 20:39:01 -0400
commit450c5bce983fda68a2cc966da9158f96f6302364 (patch)
treed1a92e4f6dc55b1704513c2d71b85a6e7a0200b0 /Utility/Gpg.hs
parent2dc9a84e25f58a17fcd6b040cb51e58687b21ff4 (diff)
check that gpg generated as much data as we asked for
Diffstat (limited to 'Utility/Gpg.hs')
-rw-r--r--Utility/Gpg.hs26
1 files changed, 20 insertions, 6 deletions
diff --git a/Utility/Gpg.hs b/Utility/Gpg.hs
index f6a8b4575..c31755d62 100644
--- a/Utility/Gpg.hs
+++ b/Utility/Gpg.hs
@@ -96,20 +96,34 @@ findPubKeys for = KeyIds . parse <$> readStrict params
{- Creates a block of high-quality random data suitable to use as a cipher.
- It is armored, to avoid newlines, since gpg only reads ciphers up to the
- - first newline.
- -
- - The size is the number of bytes of entropy desired; the data is
- - base64 encoded, so will have a somewhat longer length. -}
+ - first newline. -}
genRandom :: Int -> IO String
-genRandom size = readStrict
- [ Params "--gen-random --armor"
+genRandom size = checksize <$> readStrict
+ [ Params params
, Param $ show randomquality
, Param $ show size
]
where
+ params = "--gen-random --armor"
+
-- 1 is /dev/urandom; 2 is /dev/random
randomquality = 1 :: Int
+ {- The size is the number of bytes of entropy desired; the data is
+ - base64 encoded, so needs 8 bits to represent every 6 bytes of
+ - entropy. -}
+ expectedlength = size * 8 `div` 6
+
+ checksize s = let len = length s in
+ if len >= expectedlength
+ then s
+ else shortread len
+
+ shortread got = error $ unwords
+ [ "Not enough bytes returned from gpg", params
+ , "(got", show got, "; expected", show expectedlength, ")"
+ ]
+
{- A test key. This is provided pre-generated since generating a new gpg
- key is too much work (requires too much entropy) for a test suite to
- do.