diff options
| author | Joe Crayne <joe@jerkface.net> | 2019-11-15 18:38:32 -0500 |
|---|---|---|
| committer | Joe Crayne <joe@jerkface.net> | 2019-11-15 18:38:32 -0500 |
| commit | 2ee8f6b4aa5b773f8f2d9756965e7c9246b72292 (patch) | |
| tree | 3b19eb782f91f8445839f364aee07b4e717ff26f | |
| parent | 1d0e9091bc132237d46ff130a29c7c71d9a3f284 (diff) | |
Cv25519 (tox-id) key support.
| -rw-r--r-- | lib/Kiki.hs | 25 | ||||
| -rw-r--r-- | stack.yaml | 5 |
2 files changed, 19 insertions, 11 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs index 258892f..e36e41a 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs | |||
| @@ -279,13 +279,7 @@ importAndRefresh root cmn cipher = do | |||
| 279 | 279 | ||
| 280 | let sshcpath = fromMaybe "" rootdir ++ osHomeDir ++ ".ssh/id_rsa" | 280 | let sshcpath = fromMaybe "" rootdir ++ osHomeDir ++ ".ssh/id_rsa" |
| 281 | sshspath = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key" | 281 | sshspath = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key" |
| 282 | op = | 282 | mktorkey = ( torgen , case torgen of |
| 283 | KeyRingOperation | ||
| 284 | { opFiles = | ||
| 285 | Map.fromList $ | ||
| 286 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) | ||
| 287 | , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) | ||
| 288 | , ( torgen , case torgen of | ||
| 289 | FileDesc _ -> StreamInfo { typ = PEMFile | 283 | FileDesc _ -> StreamInfo { typ = PEMFile |
| 290 | , fill = KF_Match "tor" | 284 | , fill = KF_Match "tor" |
| 291 | , spill = KF_Match "tor" | 285 | , spill = KF_Match "tor" |
| @@ -293,11 +287,19 @@ importAndRefresh root cmn cipher = do | |||
| 293 | , initializer = NoCreate | 287 | , initializer = NoCreate |
| 294 | , transforms = [] } | 288 | , transforms = [] } |
| 295 | _ -> strm { spill = KF_Match "tor" }) | 289 | _ -> strm { spill = KF_Match "tor" }) |
| 290 | op = | ||
| 291 | KeyRingOperation | ||
| 292 | { opFiles = | ||
| 293 | Map.fromList $ | ||
| 294 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) | ||
| 295 | , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) | ||
| 296 | , mktorkey | ||
| 296 | , ( Generate 1 (GenRSA (2048 `div` 8)), strm { spill = KF_Match "ipsec" }) | 297 | , ( Generate 1 (GenRSA (2048 `div` 8)), strm { spill = KF_Match "ipsec" }) |
| 297 | , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") ) | 298 | , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") ) |
| 298 | , ( ArgFile sshspath, (peminfo 2048 "ssh-server") ) | 299 | , ( ArgFile sshspath, (peminfo 2048 "ssh-server") ) |
| 299 | , ( Generate 2 (GenRSA (4096 `div` 8)), strm { spill = KF_Match "encrypt" }) | 300 | , ( Generate 2 (GenRSA (4096 `div` 8)), strm { spill = KF_Match "encrypt" }) |
| 300 | , ( Generate 3 (GenRSA (4096 `div` 8)), strm { spill = KF_Match "sign" }) | 301 | , ( Generate 3 GenEd25519, strm { spill = KF_Match "sign" }) |
| 302 | , ( Generate 4 GenCv25519, strm { spill = KF_Match "tox-id" }) | ||
| 301 | ] | 303 | ] |
| 302 | , opPassphrases = withAgent $ pwds ++ do pfd <- maybeToList passfd | 304 | , opPassphrases = withAgent $ pwds ++ do pfd <- maybeToList passfd |
| 303 | return $ PassphraseSpec Nothing Nothing pfd | 305 | return $ PassphraseSpec Nothing Nothing pfd |
| @@ -310,11 +312,16 @@ importAndRefresh root cmn cipher = do | |||
| 310 | -- so we'll sync the keyrings at least. | 312 | -- so we'll sync the keyrings at least. |
| 311 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) | 313 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) |
| 312 | , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) | 314 | , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) |
| 315 | , mktorkey -- We'll also add the torkey and UID since | ||
| 316 | -- otherwise this will be a strange keyring. | ||
| 313 | ] | 317 | ] |
| 314 | , opPassphrases = withAgent $ do pfd <- maybeToList passfd | 318 | , opPassphrases = withAgent $ do pfd <- maybeToList passfd |
| 315 | return $ PassphraseSpec Nothing Nothing pfd | 319 | return $ PassphraseSpec Nothing Nothing pfd |
| 316 | , opHome=homespec, opTransforms = [] | 320 | , opHome=homespec |
| 321 | , opTransforms = [] | ||
| 317 | } | 322 | } |
| 323 | when (not bUnprivileged) $ do | ||
| 324 | hPutStrLn stderr "Insufficient privilege generating system service keys." | ||
| 318 | -- Run the all-in-one operation that generates or imports all subkeys. | 325 | -- Run the all-in-one operation that generates or imports all subkeys. |
| 319 | KikiResult rt report <- runKeyRing (if bUnprivileged then nop else op) | 326 | KikiResult rt report <- runKeyRing (if bUnprivileged then nop else op) |
| 320 | outputReport report | 327 | outputReport report |
| @@ -3,7 +3,8 @@ packages: | |||
| 3 | - '.' | 3 | - '.' |
| 4 | extra-deps: | 4 | extra-deps: |
| 5 | # - ../openpgp-util | 5 | # - ../openpgp-util |
| 6 | - git: d@cryptonomic.net:public_git/openpgp-util.git | 6 | - git: d@cryptonomic.net:git_namespace/2d3c6f46d185bcac5a8bedd73102aa11cf797489/public_git/openpgp-util.git |
| 7 | commit: bb3a9e181638fa881e2bcd8425f10cfb365533f5 | 7 | commit: 02680b1ed3b37c0cc16e04e51e613d53ff9dbab8 |
| 8 | - git: d@cryptonomic.net:public_git/openpgp-asciiarmor.git | 8 | - git: d@cryptonomic.net:public_git/openpgp-asciiarmor.git |
| 9 | commit: 9694b1b6ae3763c44d3b1361b5faa0a7b27e77a9 | 9 | commit: 9694b1b6ae3763c44d3b1361b5faa0a7b27e77a9 |
| 10 | - modular-arithmetic-1.2.1.5 | ||