1 files changed, 23 insertions, 8 deletions
diff --git a/Data/OpenPGP/Util/Sign.hs b/Data/OpenPGP/Util/Sign.hs
index 466f05c..8663a0d 100644
--- a/Data/OpenPGP/Util/Sign.hs
+++ b/Data/OpenPGP/Util/Sign.hs
@@ -1,4 +1,5 @@
 {-# LANGUAGE ScopedTypeVariables #-}
+{-# LANGUAGE CPP #-}
 module Data.OpenPGP.Util.Sign where
 import qualified Data.OpenPGP as OpenPGP
@@ -8,10 +9,16 @@ import qualified Data.ByteString as BS
 import qualified Data.ByteString.Lazy as LZ
 import Data.Bits ( (.|.), shiftL )
 import Control.Applicative ( (<$>) )
+#if defined(VERSION_cryptonite)
+import Data.Hourglass
+import System.Hourglass
+#else
 import Data.Time.Clock.POSIX
+#endif
 import Control.Exception as Exception (IOException(..),catch)
 import Data.OpenPGP.Util.Fingerprint (fingerprint)
+import Data.OpenPGP.Util.Gen
 import qualified Crypto.Random as Vincent
 import qualified Crypto.PubKey.DSA as Vincent.DSA
@@ -44,14 +51,12 @@ privateRSAkey k =
    q = keyParam 'q' k
    pubkey = rsaKey k
 -- | Make a signature
 --
 -- In order to set more options on a signature, pass in a signature packet.
 -- Operation is unsafe in that it silently re-uses "random" bytes when
 -- entropy runs out.  Use pgpSign for a safer interface.
-unsafeSign :: (Vincent.CPRG g) => -- CryptoRandomGen g) =>
+unsafeSign :: (RG g) => -- CryptoRandomGen g) =>
    OpenPGP.Message          -- ^ SecretKeys, one of which will be used
    -> OpenPGP.SignatureOver -- ^ Data to sign, and optional signature packet
    -> OpenPGP.HashAlgorithm -- ^ HashAlgorithm to use in signature
@@ -67,11 +72,22 @@ unsafeSign keys over hsh keyid timestamp g = (over {OpenPGP.signatures_over = [s
        kalgo | kalgo `elem` [OpenPGP.RSA,OpenPGP.RSA_S] -> ([toNum rsaFinal], g)
              | otherwise ->
            error ("Unsupported key algorithm " ++ show kalgo ++ " in sign")
+#if defined(VERSION_cryptonite)
+    (Vincent.DSA.Signature dsaR dsaS,dsaG) = let k' = privateDSAkey k in
+        case desc of
+            HashDescr h -> Vincent.withDRG g $ Vincent.DSA.sign k' h dta -- XXX: What happend to dsaTruncate ?
+    (Vincent.ECDSA.Signature ecdsaR ecdsaS,ecdsaG) = let k' = privateECDSAkey k in
+        case desc of
+            HashDescr h -> Vincent.withDRG g $ Vincent.ECDSA.sign k' h dta
+    (Right rsaFinal,_) = case desc of
+                          HashDescr h -> Vincent.withDRG g $ Vincent.RSA.signSafer (Just h) (privateRSAkey k) dta
+#else
    (Vincent.DSA.Signature dsaR dsaS,dsaG) = let k' = privateDSAkey k in
        Vincent.DSA.sign g k' (dsaTruncate k' . bhash) dta
    (Vincent.ECDSA.Signature ecdsaR ecdsaS,ecdsaG) = let k' = privateECDSAkey k in
        Vincent.ECDSA.sign g k' bhash dta
    (Right rsaFinal,_) = Vincent.RSA.signSafer g desc (privateRSAkey k) dta
+#endif
    dsaTruncate (Vincent.DSA.PrivateKey (Vincent.DSA.Params _ _ q) _) = BS.take (integerBytesize q)
    dta     = toStrictBS $ encode over `LZ.append` OpenPGP.trailer sig
    sig     = findSigOrDefault (listToMaybe $ OpenPGP.signatures_over over)
@@ -126,8 +142,6 @@ unsafeSign keys over hsh keyid timestamp g = (over {OpenPGP.signatures_over = [s
-now = floor <$> Data.Time.Clock.POSIX.getPOSIXTime
 stampit timestamp sig = sig { OpenPGP.hashed_subpackets = hashed' }
 where
    hashed_stamps   = filter isStamp (OpenPGP.hashed_subpackets sig)
@@ -150,10 +164,11 @@ pgpSign ::
    -> IO (Maybe OpenPGP.SignatureOver)
 pgpSign seckeys dta hash_algo keyid =
    handleIO_ (return Nothing) $ do
-    timestamp <- now
+    timestamp <- currentTime
    -- g <- Thomas.newGenIO :: IO Thomas.SystemRandom
-    g <- fmap Vincent.cprgCreate $ Vincent.createEntropyPool
+    -- g <- fmap Vincent.cprgCreate $ Vincent.createEntropyPool
-    let _ = g :: Vincent.SystemRNG
+    g <- makeGen Nothing
+    let _ = g :: RNG
    let sigs = map (stampit timestamp) $ OpenPGP.signatures_over dta
        dta' = dta { OpenPGP.signatures_over = sigs }
    let (r,g') = unsafeSign seckeys dta' hash_algo keyid timestamp g