diff options
-rw-r--r-- | kiki.hs | 18 | ||||
-rw-r--r-- | lib/KeyRing.hs | 37 |
2 files changed, 36 insertions, 19 deletions
@@ -1496,7 +1496,7 @@ kiki "init" args = do | |||
1496 | HomeSec | 1496 | HomeSec |
1497 | ( encode $ Message [mk { is_subkey = False }] ) | 1497 | ( encode $ Message [mk { is_subkey = False }] ) |
1498 | -} | 1498 | -} |
1499 | master <- generateKey (GenRSA $ 4096 `div` 8 ) | 1499 | master <- (\k -> k { is_subkey = False }) <$> generateKey (GenRSA $ 4096 `div` 8 ) |
1500 | writeInputFileL (InputFileContext secring pubring) | 1500 | writeInputFileL (InputFileContext secring pubring) |
1501 | HomeSec | 1501 | HomeSec |
1502 | $ encode $ Message [master { is_subkey = False}] | 1502 | $ encode $ Message [master { is_subkey = False}] |
@@ -1523,6 +1523,12 @@ kiki "init" args = do | |||
1523 | -- First, we ensure that the tor key exists and is imported | 1523 | -- First, we ensure that the tor key exists and is imported |
1524 | -- so that we know where to put the strongswan key. | 1524 | -- so that we know where to put the strongswan key. |
1525 | let passfd = fmap (FileDesc . read) $ lookup "passphrase-fd" args | 1525 | let passfd = fmap (FileDesc . read) $ lookup "passphrase-fd" args |
1526 | strm = StreamInfo { typ = KeyRingFile | ||
1527 | , fill = KF_None | ||
1528 | , spill = KF_All | ||
1529 | , access = AutoAccess | ||
1530 | , initializer = NoCreate | ||
1531 | , transforms = [] } | ||
1526 | buildStreamInfo rtyp ftyp = StreamInfo { typ = ftyp | 1532 | buildStreamInfo rtyp ftyp = StreamInfo { typ = ftyp |
1527 | , fill = rtyp | 1533 | , fill = rtyp |
1528 | , spill = KF_All | 1534 | , spill = KF_All |
@@ -1531,7 +1537,7 @@ kiki "init" args = do | |||
1531 | , transforms = [] } | 1537 | , transforms = [] } |
1532 | peminfo bits usage = | 1538 | peminfo bits usage = |
1533 | StreamInfo { typ = PEMFile | 1539 | StreamInfo { typ = PEMFile |
1534 | , fill = KF_Match usage | 1540 | , fill = KF_None -- KF_Match usage |
1535 | , spill = KF_Match usage | 1541 | , spill = KF_Match usage |
1536 | , access = Sec | 1542 | , access = Sec |
1537 | , initializer = Internal (GenRSA $ bits `div` 8) | 1543 | , initializer = Internal (GenRSA $ bits `div` 8) |
@@ -1543,10 +1549,10 @@ kiki "init" args = do | |||
1543 | { opFiles = Map.fromList $ | 1549 | { opFiles = Map.fromList $ |
1544 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) | 1550 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) |
1545 | , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) | 1551 | , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) |
1546 | , ( Generate (GenRSA (1024 `div` 8)), peminfo 1024 "tor" ) | 1552 | , ( Generate 0 (GenRSA (1024 `div` 8)), strm { spill = KF_Match "tor" }) |
1547 | , ( Generate (GenRSA (1024 `div` 8)), peminfo 1024 "ipsec" ) | 1553 | , ( Generate 1 (GenRSA (1024 `div` 8)), strm { spill = KF_Match "ipsec" }) |
1548 | , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") { fill = KF_None } ) | 1554 | , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") ) |
1549 | , ( ArgFile sshspath, (peminfo 2048 "ssh-server") { fill = KF_None } ) | 1555 | , ( ArgFile sshspath, (peminfo 2048 "ssh-server") ) |
1550 | ] | 1556 | ] |
1551 | , opPassphrases = do pfd <- maybeToList passfd | 1557 | , opPassphrases = do pfd <- maybeToList passfd |
1552 | return $ PassphraseSpec Nothing Nothing pfd | 1558 | return $ PassphraseSpec Nothing Nothing pfd |
diff --git a/lib/KeyRing.hs b/lib/KeyRing.hs index b59fb9e..1c6dea8 100644 --- a/lib/KeyRing.hs +++ b/lib/KeyRing.hs | |||
@@ -243,9 +243,11 @@ data InputFile = HomeSec | |||
243 | -- ^ Contents will be read from the first descriptor and updated | 243 | -- ^ Contents will be read from the first descriptor and updated |
244 | -- content will be writen to the second. Note: Don't use Pipe | 244 | -- content will be writen to the second. Note: Don't use Pipe |
245 | -- for 'Wallet' files. (TODO: Wallet support) | 245 | -- for 'Wallet' files. (TODO: Wallet support) |
246 | | Generate GenerateKeyParams | 246 | | Generate Int GenerateKeyParams |
247 | -- ^ New key packets will be generated if there is no | 247 | -- ^ New key packets will be generated if there is no |
248 | -- matching content already in the key pool. | 248 | -- matching content already in the key pool. The integer is |
249 | -- a unique id number so that multiple generations can be | ||
250 | -- inserted into 'opFiles' | ||
249 | deriving (Eq,Ord,Show) | 251 | deriving (Eq,Ord,Show) |
250 | 252 | ||
251 | -- type UsageTag = String | 253 | -- type UsageTag = String |
@@ -1307,7 +1309,9 @@ generateSubkey doDecrypt kd' (genparam,StreamInfo { spill = KF_Match tag }) = do | |||
1307 | kdr <- insertSubkey doDecrypt (keykey (keyPacket kd)) kd [mkUsage tag] "" newkey | 1309 | kdr <- insertSubkey doDecrypt (keykey (keyPacket kd)) kd [mkUsage tag] "" newkey |
1308 | try kdr $ \(newkd,report) -> do | 1310 | try kdr $ \(newkd,report) -> do |
1309 | return $ KikiSuccess (newkd, report ++ [("", NewPacket $ showPacket newkey)]) | 1311 | return $ KikiSuccess (newkd, report ++ [("", NewPacket $ showPacket newkey)]) |
1310 | else return $ KikiSuccess (kd,report0) | 1312 | else do |
1313 | return $ KikiSuccess (kd,report0) | ||
1314 | generateSubkey _ kd _ = return kd | ||
1311 | 1315 | ||
1312 | importSecretKey :: | 1316 | importSecretKey :: |
1313 | (MappedPacket -> IO (KikiCondition Packet)) | 1317 | (MappedPacket -> IO (KikiCondition Packet)) |
@@ -1447,8 +1451,8 @@ buildKeyDB ctx grip0 keyring = do | |||
1447 | ringMap0 = Map.filter (isring . typ) $ opFiles keyring | 1451 | ringMap0 = Map.filter (isring . typ) $ opFiles keyring |
1448 | (genMap,ringMap) = Map.partitionWithKey isgen ringMap0 | 1452 | (genMap,ringMap) = Map.partitionWithKey isgen ringMap0 |
1449 | where | 1453 | where |
1450 | isgen (Generate _) _ = True | 1454 | isgen (Generate _ _) _ = True |
1451 | isgen _ _ = False | 1455 | isgen _ _ = False |
1452 | 1456 | ||
1453 | readp f stream = fmap readp0 $ readPacketsFromFile ctx f | 1457 | readp f stream = fmap readp0 $ readPacketsFromFile ctx f |
1454 | where | 1458 | where |
@@ -1568,8 +1572,8 @@ buildKeyDB ctx grip0 keyring = do | |||
1568 | 1572 | ||
1569 | -- generate keys | 1573 | -- generate keys |
1570 | let gens = mapMaybe g $ Map.toList genMap | 1574 | let gens = mapMaybe g $ Map.toList genMap |
1571 | where g (Generate params,v) = Just (params,v) | 1575 | where g (Generate _ params,v) = Just (params,v) |
1572 | g _ = Nothing | 1576 | g _ = Nothing |
1573 | 1577 | ||
1574 | db <- generateInternals doDecrypt mwk db gens | 1578 | db <- generateInternals doDecrypt mwk db gens |
1575 | try db $ \(db,reportGens) -> do | 1579 | try db $ \(db,reportGens) -> do |
@@ -2474,9 +2478,15 @@ initializeMissingPEMFiles operation ctx grip mwk decrypt db = do | |||
2474 | 2478 | ||
2475 | let (missing,notmissing) = partition (\(_,_,ns,_)->null (ns >>= snd)) $ do | 2479 | let (missing,notmissing) = partition (\(_,_,ns,_)->null (ns >>= snd)) $ do |
2476 | (fname,stream) <- nonexistents | 2480 | (fname,stream) <- nonexistents |
2477 | guard $ isMutable stream | 2481 | let internalInitializer StreamInfo |
2478 | guard $ isSecretKeyFile (typ stream) | 2482 | { initializer = Internal _ |
2479 | usage <- usageFromFilter (fill stream) -- TODO: Error if no result? | 2483 | , spill = KF_Match tag } = Just tag |
2484 | internalInitializer _ = Nothing | ||
2485 | mutableTag | ||
2486 | | isMutable stream = usageFromFilter (fill stream) | ||
2487 | | otherwise = Nothing | ||
2488 | usage <- maybeToList $ internalInitializer stream `mplus` mutableTag | ||
2489 | -- TODO: Report error if generating without specifying usage tag. | ||
2480 | let (topspec,subspec) = parseSpec (fromMaybe "" grip) usage | 2490 | let (topspec,subspec) = parseSpec (fromMaybe "" grip) usage |
2481 | -- ms will contain duplicates if a top key has multiple matching | 2491 | -- ms will contain duplicates if a top key has multiple matching |
2482 | -- subkeys. This is intentional. | 2492 | -- subkeys. This is intentional. |
@@ -2530,7 +2540,7 @@ initializeMissingPEMFiles operation ctx grip mwk decrypt db = do | |||
2530 | where | 2540 | where |
2531 | getParams (fname,subspec,ms,stream) = | 2541 | getParams (fname,subspec,ms,stream) = |
2532 | case initializer stream of | 2542 | case initializer stream of |
2533 | Internal p -> Just (p, stream)[ | 2543 | Internal p -> Just (p, stream) |
2534 | _ -> Nothing | 2544 | _ -> Nothing |
2535 | v <- generateInternals decrypt mwk db internals | 2545 | v <- generateInternals decrypt mwk db internals |
2536 | 2546 | ||
@@ -3568,5 +3578,6 @@ foreign import ccall unsafe "futimens" | |||
3568 | onionNameForContact :: KeyKey -> KeyDB -> Maybe String | 3578 | onionNameForContact :: KeyKey -> KeyDB -> Maybe String |
3569 | onionNameForContact kk db = do | 3579 | onionNameForContact kk db = do |
3570 | contact <- Map.lookup kk db | 3580 | contact <- Map.lookup kk db |
3571 | let (_,(name:_,_)) = getHostnames contact | 3581 | case getHostnames contact of |
3572 | return $ Char8.unpack name | 3582 | (_,(name:_,_)) -> Just $ Char8.unpack name |
3583 | _ -> Nothing | ||