Implemented key encryption.

author: joe <joe@jerkface.net> 2016-08-25 20:58:38 -0400
committer: joe <joe@jerkface.net> 2016-08-25 20:58:38 -0400
commit: 067c3647ed02c24c08b17803e28679e69d2e6dd9 (patch)
tree: a3dd2af1cdd9ddd4562ad1a8b4cb10caaea07e6e /lib/Kiki.hs
parent: a956054ce82e2b0ca9f46b6d34288c73c25df0c9 (diff)
1 files changed, 44 insertions, 12 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs
index f1bb27d..ef7b913 100644
--- a/lib/Kiki.hs
+++ b/lib/Kiki.hs
@@ -126,7 +126,13 @@ importAndRefresh root cmn = do
    old_umask <- setFileCreationMask(0o077);
    -- Generate secring.gpg if it does not exist...
    gotsec <- doesFileExist secring
-    when (not gotsec) $ do
+    let passfd = cap_passfd cmn
+    pwds <-
+     if gotsec
+      then return []
+      else do
        {-  ssh-keygen to create master key...
        let mkpath = home ++ "/master-key"
        mkdirFor mkpath
@@ -139,12 +145,35 @@ importAndRefresh root cmn = do
                        HomeSec
                        ( encode $ Message [mk { is_subkey = False }] )
        -}
-        master <- (\k -> k { is_subkey = False }) <$> generateKey (GenRSA $ 4096 `div` 8 )
+        master_un <- (\k -> k { is_subkey = False }) <$> generateKey (GenRSA $ 4096 `div` 8 )
-        mkdirFor secring
+        let default_cipher = (CAST5, IteratedSaltedS2K SHA1 4073382889203176146 7864320)
-        writeInputFileL (InputFileContext secring pubring)
+            ctx = InputFileContext secring pubring
-                        HomeSec
+            passwordop = KeyRingOperation
-                        $ encode $ Message [master { is_subkey = False}]
+                            { opFiles = Map.empty
+                            , opPassphrases = do pfd <- maybeToList passfd
+                                                 return $ PassphraseSpec Nothing Nothing pfd
+                            , opHome = homespec
+                            , opTransforms = []
+                            }
+        transcoder <- makeMemoizingDecrypter passwordop ctx Map.empty
+        master0 <- transcoder default_cipher $ MappedPacket master_un Map.empty
+        case master0 of
+            KikiSuccess master -> do
+                mkdirFor secring
+                writeInputFileL ctx
+                                HomeSec
+                                $ encode $ Message [master { is_subkey = False}]
+                putStrLn "Wrote master key"
+                return [PassphraseMemoizer transcoder]
+            er -> do
+                hPutStrLn stderr ("warning: " ++ errorString er)
+                hPutStrLn stderr "warning: keys will not be encrypted.";
+                mkdirFor secring
+                writeInputFileL ctx
+                                HomeSec
+                                $ encode $ Message [master_un { is_subkey = False}]
+                putStrLn "Wrote master key"
+                return []
    gotpub <- doesFileExist pubring
    when (not gotpub) $ do
        mkdirFor pubring
@@ -168,8 +197,7 @@ importAndRefresh root cmn = do
    -- First, we ensure that the tor key exists and is imported
    -- so that we know where to put the strongswan key.
-    let passfd = cap_passfd cmn
+    let strm = StreamInfo { typ = KeyRingFile
-        strm = StreamInfo { typ = KeyRingFile
                          , fill = KF_None
                          , spill = KF_All
                          , access = AutoAccess
@@ -200,8 +228,8 @@ importAndRefresh root cmn = do
                , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") )
                , ( ArgFile sshspath, (peminfo 2048 "ssh-server") )
                ]
-             , opPassphrases = do pfd <- maybeToList passfd
+             , opPassphrases = pwds ++ do pfd <- maybeToList passfd
-                                  return $ PassphraseSpec Nothing Nothing pfd
+                                          return $ PassphraseSpec Nothing Nothing pfd
             , opHome = homespec
             , opTransforms = []
             }
@@ -304,7 +332,11 @@ refreshCache rt rootdir = do
        let my_ks :: [Packet]
            my_ks = getSecret "ipsec"
        case my_ks of
-            sec:_ -> do report <- writeKeyToFile streaminfo { typ = PEMFile
+            se0:_ -> do sc1 <- rtPassphrases rt (Unencrypted,S2K 100 "") $ MappedPacket se0 Map.empty
+                        let sec = case sc1 of
+                                    KikiSuccess s -> s
+                                    _             -> se0
+                        report <- writeKeyToFile streaminfo { typ = PEMFile
                                                            , access = Sec
                                                            , spill = KF_All
                                                            }
author	joe <joe@jerkface.net>	2016-08-25 20:58:38 -0400
committer	joe <joe@jerkface.net>	2016-08-25 20:58:38 -0400
commit	067c3647ed02c24c08b17803e28679e69d2e6dd9 (patch)
tree	a3dd2af1cdd9ddd4562ad1a8b4cb10caaea07e6e /lib/Kiki.hs
parent	a956054ce82e2b0ca9f46b6d34288c73c25df0c9 (diff)

diff --git a/lib/Kiki.hs b/lib/Kiki.hs index f1bb27d..ef7b913 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs
@@ -126,7 +126,13 @@ importAndRefresh root cmn = do
126	old_umask <- setFileCreationMask(0o077);	126	old_umask <- setFileCreationMask(0o077);
127	-- Generate secring.gpg if it does not exist...	127	-- Generate secring.gpg if it does not exist...
128	gotsec <- doesFileExist secring	128	gotsec <- doesFileExist secring
129	when (not gotsec) $ do	129
		130	let passfd = cap_passfd cmn
		131
		132	pwds <-
		133	if gotsec
		134	then return []
		135	else do
130	{- ssh-keygen to create master key...	136	{- ssh-keygen to create master key...
131	let mkpath = home ++ "/master-key"	137	let mkpath = home ++ "/master-key"
132	mkdirFor mkpath	138	mkdirFor mkpath
@@ -139,12 +145,35 @@ importAndRefresh root cmn = do
139	HomeSec	145	HomeSec
140	( encode $ Message [mk { is_subkey = False }] )	146	( encode $ Message [mk { is_subkey = False }] )
141	-}	147	-}
142	master <- (\k -> k { is_subkey = False }) <$> generateKey (GenRSA $ 4096 `div` 8 )	148	master_un <- (\k -> k { is_subkey = False }) <$> generateKey (GenRSA $ 4096 `div` 8 )
143	mkdirFor secring	149	let default_cipher = (CAST5, IteratedSaltedS2K SHA1 4073382889203176146 7864320)
144	writeInputFileL (InputFileContext secring pubring)	150	ctx = InputFileContext secring pubring
145	HomeSec	151	passwordop = KeyRingOperation
146	$ encode $ Message [master { is_subkey = False}]	152	{ opFiles = Map.empty
147		153	, opPassphrases = do pfd <- maybeToList passfd
		154	return $ PassphraseSpec Nothing Nothing pfd
		155	, opHome = homespec
		156	, opTransforms = []
		157	}
		158	transcoder <- makeMemoizingDecrypter passwordop ctx Map.empty
		159	master0 <- transcoder default_cipher $ MappedPacket master_un Map.empty
		160	case master0 of
		161	KikiSuccess master -> do
		162	mkdirFor secring
		163	writeInputFileL ctx
		164	HomeSec
		165	$ encode $ Message [master { is_subkey = False}]
		166	putStrLn "Wrote master key"
		167	return [PassphraseMemoizer transcoder]
		168	er -> do
		169	hPutStrLn stderr ("warning: " ++ errorString er)
		170	hPutStrLn stderr "warning: keys will not be encrypted.";
		171	mkdirFor secring
		172	writeInputFileL ctx
		173	HomeSec
		174	$ encode $ Message [master_un { is_subkey = False}]
		175	putStrLn "Wrote master key"
		176	return []
148	gotpub <- doesFileExist pubring	177	gotpub <- doesFileExist pubring
149	when (not gotpub) $ do	178	when (not gotpub) $ do
150	mkdirFor pubring	179	mkdirFor pubring
@@ -168,8 +197,7 @@ importAndRefresh root cmn = do
168		197
169	-- First, we ensure that the tor key exists and is imported	198	-- First, we ensure that the tor key exists and is imported
170	-- so that we know where to put the strongswan key.	199	-- so that we know where to put the strongswan key.
171	let passfd = cap_passfd cmn	200	let strm = StreamInfo { typ = KeyRingFile
172	strm = StreamInfo { typ = KeyRingFile
173	, fill = KF_None	201	, fill = KF_None
174	, spill = KF_All	202	, spill = KF_All
175	, access = AutoAccess	203	, access = AutoAccess
@@ -200,8 +228,8 @@ importAndRefresh root cmn = do
200	, ( ArgFile sshcpath, (peminfo 2048 "ssh-client") )	228	, ( ArgFile sshcpath, (peminfo 2048 "ssh-client") )
201	, ( ArgFile sshspath, (peminfo 2048 "ssh-server") )	229	, ( ArgFile sshspath, (peminfo 2048 "ssh-server") )
202	]	230	]
203	, opPassphrases = do pfd <- maybeToList passfd	231	, opPassphrases = pwds ++ do pfd <- maybeToList passfd
204	return $ PassphraseSpec Nothing Nothing pfd	232	return $ PassphraseSpec Nothing Nothing pfd
205	, opHome = homespec	233	, opHome = homespec
206	, opTransforms = []	234	, opTransforms = []
207	}	235	}
@@ -304,7 +332,11 @@ refreshCache rt rootdir = do
304	let my_ks :: [Packet]	332	let my_ks :: [Packet]
305	my_ks = getSecret "ipsec"	333	my_ks = getSecret "ipsec"
306	case my_ks of	334	case my_ks of
307	sec:_ -> do report <- writeKeyToFile streaminfo { typ = PEMFile	335	se0:_ -> do sc1 <- rtPassphrases rt (Unencrypted,S2K 100 "") $ MappedPacket se0 Map.empty
		336	let sec = case sc1 of
		337	KikiSuccess s -> s
		338	_ -> se0
		339	report <- writeKeyToFile streaminfo { typ = PEMFile
308	, access = Sec	340	, access = Sec
309	, spill = KF_All	341	, spill = KF_All
310	}	342	}