diff options
author | Joey Hess <joey@kitenet.net> | 2013-03-03 20:39:01 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2013-03-03 20:39:01 -0400 |
commit | 450c5bce983fda68a2cc966da9158f96f6302364 (patch) | |
tree | d1a92e4f6dc55b1704513c2d71b85a6e7a0200b0 /Utility | |
parent | 2dc9a84e25f58a17fcd6b040cb51e58687b21ff4 (diff) |
check that gpg generated as much data as we asked for
Diffstat (limited to 'Utility')
-rw-r--r-- | Utility/Gpg.hs | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/Utility/Gpg.hs b/Utility/Gpg.hs index f6a8b4575..c31755d62 100644 --- a/Utility/Gpg.hs +++ b/Utility/Gpg.hs @@ -96,20 +96,34 @@ findPubKeys for = KeyIds . parse <$> readStrict params {- Creates a block of high-quality random data suitable to use as a cipher. - It is armored, to avoid newlines, since gpg only reads ciphers up to the - - first newline. - - - - The size is the number of bytes of entropy desired; the data is - - base64 encoded, so will have a somewhat longer length. -} + - first newline. -} genRandom :: Int -> IO String -genRandom size = readStrict - [ Params "--gen-random --armor" +genRandom size = checksize <$> readStrict + [ Params params , Param $ show randomquality , Param $ show size ] where + params = "--gen-random --armor" + -- 1 is /dev/urandom; 2 is /dev/random randomquality = 1 :: Int + {- The size is the number of bytes of entropy desired; the data is + - base64 encoded, so needs 8 bits to represent every 6 bytes of + - entropy. -} + expectedlength = size * 8 `div` 6 + + checksize s = let len = length s in + if len >= expectedlength + then s + else shortread len + + shortread got = error $ unwords + [ "Not enough bytes returned from gpg", params + , "(got", show got, "; expected", show expectedlength, ")" + ] + {- A test key. This is provided pre-generated since generating a new gpg - key is too much work (requires too much entropy) for a test suite to - do. |