summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Crypto.hs23
-rw-r--r--Logs/Unused.hs5
-rw-r--r--Utility/Gpg.hs5
3 files changed, 20 insertions, 13 deletions
diff --git a/Crypto.hs b/Crypto.hs
index bee793de2..ed489cdbc 100644
--- a/Crypto.hs
+++ b/Crypto.hs
@@ -37,28 +37,30 @@ import qualified Utility.Gpg as Gpg
import Types.Key
import Types.Crypto
-{- The first half of a Cipher is used for HMAC; the remainder
+{- The beginning of a Cipher is used for HMAC; the remainder
- is used as the GPG symmetric encryption passphrase.
-
- - HMAC SHA1 needs only 64 bytes. The remainder is for expansion,
+ - HMAC SHA1 needs only 64 bytes. The rest of the HMAC key is for expansion,
- perhaps to HMAC SHA512, which needs 128 bytes (ideally).
+ - It also provides room the Cipher to contain data in a form like base64,
+ - which does not pack a full byte of entropy into a byte of data.
-
- - 256 is enough for gpg's symetric cipher; unlike weaker public key
+ - 256 bytes is enough for gpg's symetric cipher; unlike weaker public key
- crypto, the key does not need to be too large.
-}
-cipherHalf :: Int
-cipherHalf = 256
+cipherBeginning :: Int
+cipherBeginning = 256
cipherSize :: Int
-cipherSize = cipherHalf * 2
+cipherSize = 512
cipherPassphrase :: Cipher -> String
-cipherPassphrase (Cipher c) = drop cipherHalf c
+cipherPassphrase (Cipher c) = drop cipherBeginning c
cipherHmac :: Cipher -> String
-cipherHmac (Cipher c) = take cipherHalf c
+cipherHmac (Cipher c) = take cipherBeginning c
-{- Creates a new Cipher, encrypted to the specificed key id. -}
+{- Creates a new Cipher, encrypted to the specified key id. -}
genEncryptedCipher :: String -> IO StorableCipher
genEncryptedCipher keyid = do
ks <- Gpg.findPubKeys keyid
@@ -103,7 +105,8 @@ encryptCipher (Cipher c) (KeyIds ks) = do
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
decryptCipher :: StorableCipher -> IO Cipher
decryptCipher (SharedCipher t) = return $ Cipher t
-decryptCipher (EncryptedCipher t _) = Cipher <$> Gpg.pipeStrict [ Param "--decrypt" ] t
+decryptCipher (EncryptedCipher t _) =
+ Cipher <$> Gpg.pipeStrict [ Param "--decrypt" ] t
{- Generates an encrypted form of a Key. The encryption does not need to be
- reversable, nor does it need to be the same type of encryption used
diff --git a/Logs/Unused.hs b/Logs/Unused.hs
index 9f1278dd0..bef78a992 100644
--- a/Logs/Unused.hs
+++ b/Logs/Unused.hs
@@ -62,11 +62,12 @@ withUnusedMaps a params = do
unusedSpec :: String -> [Int]
unusedSpec spec
| "-" `isInfixOf` spec = range $ separate (== '-') spec
- | otherwise = catMaybes [readish spec]
+ | otherwise = maybe badspec (: []) (readish spec)
where
range (a, b) = case (readish a, readish b) of
(Just x, Just y) -> [x..y]
- _ -> []
+ _ -> badspec
+ badspec = error $ "Expected number or range, not \"" ++ spec ++ "\""
{- Start action for unused content. Finds the number in the maps, and
- calls either of 3 actions, depending on the type of unused file. -}
diff --git a/Utility/Gpg.hs b/Utility/Gpg.hs
index 0c80ecdf3..f6a8b4575 100644
--- a/Utility/Gpg.hs
+++ b/Utility/Gpg.hs
@@ -96,7 +96,10 @@ findPubKeys for = KeyIds . parse <$> readStrict params
{- Creates a block of high-quality random data suitable to use as a cipher.
- It is armored, to avoid newlines, since gpg only reads ciphers up to the
- - first newline. -}
+ - first newline.
+ -
+ - The size is the number of bytes of entropy desired; the data is
+ - base64 encoded, so will have a somewhat longer length. -}
genRandom :: Int -> IO String
genRandom size = readStrict
[ Params "--gen-random --armor"