diff options
author | joe <joe@jerkface.net> | 2016-08-25 20:58:38 -0400 |
---|---|---|
committer | joe <joe@jerkface.net> | 2016-08-25 20:58:38 -0400 |
commit | 067c3647ed02c24c08b17803e28679e69d2e6dd9 (patch) | |
tree | a3dd2af1cdd9ddd4562ad1a8b4cb10caaea07e6e /lib/Kiki.hs | |
parent | a956054ce82e2b0ca9f46b6d34288c73c25df0c9 (diff) |
Implemented key encryption.
Diffstat (limited to 'lib/Kiki.hs')
-rw-r--r-- | lib/Kiki.hs | 56 |
1 files changed, 44 insertions, 12 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs index f1bb27d..ef7b913 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs | |||
@@ -126,7 +126,13 @@ importAndRefresh root cmn = do | |||
126 | old_umask <- setFileCreationMask(0o077); | 126 | old_umask <- setFileCreationMask(0o077); |
127 | -- Generate secring.gpg if it does not exist... | 127 | -- Generate secring.gpg if it does not exist... |
128 | gotsec <- doesFileExist secring | 128 | gotsec <- doesFileExist secring |
129 | when (not gotsec) $ do | 129 | |
130 | let passfd = cap_passfd cmn | ||
131 | |||
132 | pwds <- | ||
133 | if gotsec | ||
134 | then return [] | ||
135 | else do | ||
130 | {- ssh-keygen to create master key... | 136 | {- ssh-keygen to create master key... |
131 | let mkpath = home ++ "/master-key" | 137 | let mkpath = home ++ "/master-key" |
132 | mkdirFor mkpath | 138 | mkdirFor mkpath |
@@ -139,12 +145,35 @@ importAndRefresh root cmn = do | |||
139 | HomeSec | 145 | HomeSec |
140 | ( encode $ Message [mk { is_subkey = False }] ) | 146 | ( encode $ Message [mk { is_subkey = False }] ) |
141 | -} | 147 | -} |
142 | master <- (\k -> k { is_subkey = False }) <$> generateKey (GenRSA $ 4096 `div` 8 ) | 148 | master_un <- (\k -> k { is_subkey = False }) <$> generateKey (GenRSA $ 4096 `div` 8 ) |
143 | mkdirFor secring | 149 | let default_cipher = (CAST5, IteratedSaltedS2K SHA1 4073382889203176146 7864320) |
144 | writeInputFileL (InputFileContext secring pubring) | 150 | ctx = InputFileContext secring pubring |
145 | HomeSec | 151 | passwordop = KeyRingOperation |
146 | $ encode $ Message [master { is_subkey = False}] | 152 | { opFiles = Map.empty |
147 | 153 | , opPassphrases = do pfd <- maybeToList passfd | |
154 | return $ PassphraseSpec Nothing Nothing pfd | ||
155 | , opHome = homespec | ||
156 | , opTransforms = [] | ||
157 | } | ||
158 | transcoder <- makeMemoizingDecrypter passwordop ctx Map.empty | ||
159 | master0 <- transcoder default_cipher $ MappedPacket master_un Map.empty | ||
160 | case master0 of | ||
161 | KikiSuccess master -> do | ||
162 | mkdirFor secring | ||
163 | writeInputFileL ctx | ||
164 | HomeSec | ||
165 | $ encode $ Message [master { is_subkey = False}] | ||
166 | putStrLn "Wrote master key" | ||
167 | return [PassphraseMemoizer transcoder] | ||
168 | er -> do | ||
169 | hPutStrLn stderr ("warning: " ++ errorString er) | ||
170 | hPutStrLn stderr "warning: keys will not be encrypted."; | ||
171 | mkdirFor secring | ||
172 | writeInputFileL ctx | ||
173 | HomeSec | ||
174 | $ encode $ Message [master_un { is_subkey = False}] | ||
175 | putStrLn "Wrote master key" | ||
176 | return [] | ||
148 | gotpub <- doesFileExist pubring | 177 | gotpub <- doesFileExist pubring |
149 | when (not gotpub) $ do | 178 | when (not gotpub) $ do |
150 | mkdirFor pubring | 179 | mkdirFor pubring |
@@ -168,8 +197,7 @@ importAndRefresh root cmn = do | |||
168 | 197 | ||
169 | -- First, we ensure that the tor key exists and is imported | 198 | -- First, we ensure that the tor key exists and is imported |
170 | -- so that we know where to put the strongswan key. | 199 | -- so that we know where to put the strongswan key. |
171 | let passfd = cap_passfd cmn | 200 | let strm = StreamInfo { typ = KeyRingFile |
172 | strm = StreamInfo { typ = KeyRingFile | ||
173 | , fill = KF_None | 201 | , fill = KF_None |
174 | , spill = KF_All | 202 | , spill = KF_All |
175 | , access = AutoAccess | 203 | , access = AutoAccess |
@@ -200,8 +228,8 @@ importAndRefresh root cmn = do | |||
200 | , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") ) | 228 | , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") ) |
201 | , ( ArgFile sshspath, (peminfo 2048 "ssh-server") ) | 229 | , ( ArgFile sshspath, (peminfo 2048 "ssh-server") ) |
202 | ] | 230 | ] |
203 | , opPassphrases = do pfd <- maybeToList passfd | 231 | , opPassphrases = pwds ++ do pfd <- maybeToList passfd |
204 | return $ PassphraseSpec Nothing Nothing pfd | 232 | return $ PassphraseSpec Nothing Nothing pfd |
205 | , opHome = homespec | 233 | , opHome = homespec |
206 | , opTransforms = [] | 234 | , opTransforms = [] |
207 | } | 235 | } |
@@ -304,7 +332,11 @@ refreshCache rt rootdir = do | |||
304 | let my_ks :: [Packet] | 332 | let my_ks :: [Packet] |
305 | my_ks = getSecret "ipsec" | 333 | my_ks = getSecret "ipsec" |
306 | case my_ks of | 334 | case my_ks of |
307 | sec:_ -> do report <- writeKeyToFile streaminfo { typ = PEMFile | 335 | se0:_ -> do sc1 <- rtPassphrases rt (Unencrypted,S2K 100 "") $ MappedPacket se0 Map.empty |
336 | let sec = case sc1 of | ||
337 | KikiSuccess s -> s | ||
338 | _ -> se0 | ||
339 | report <- writeKeyToFile streaminfo { typ = PEMFile | ||
308 | , access = Sec | 340 | , access = Sec |
309 | , spill = KF_All | 341 | , spill = KF_All |
310 | } | 342 | } |