From ff5c89ee76c707228afc66afac573c6fd0efffa3 Mon Sep 17 00:00:00 2001 From: Joe Crayne Date: Sat, 16 May 2020 08:32:17 -0400 Subject: Refactor toward draft-ietf-openpgp-rfc4880bis-09. --- Data/OpenPGP/Util/DecryptSecretKey.hs | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) (limited to 'Data/OpenPGP/Util/DecryptSecretKey.hs') diff --git a/Data/OpenPGP/Util/DecryptSecretKey.hs b/Data/OpenPGP/Util/DecryptSecretKey.hs index 57dd8c3..9f9e42a 100644 --- a/Data/OpenPGP/Util/DecryptSecretKey.hs +++ b/Data/OpenPGP/Util/DecryptSecretKey.hs @@ -4,10 +4,11 @@ module Data.OpenPGP.Util.DecryptSecretKey where import qualified Data.OpenPGP as OpenPGP -import Data.OpenPGP.Internal (decode_s2k_count) +import Data.OpenPGP.Internal (decode_s2k_count,checksumForKey) import qualified Data.ByteString as BS import qualified Data.ByteString.Lazy as LZ -import Data.Word (Word16) +import Data.Word +import Data.Int import Data.Maybe import Control.Monad (foldM) import Data.Binary (get,Binary,Get,encode,put) @@ -53,7 +54,7 @@ data Enciphered = withIV :: forall k. (Vincent.BlockCipher k) => (Vincent.IV k -> LZ.ByteString -> LZ.ByteString) -> Enciphered -> LZ.ByteString withIV f (EncipheredWithIV s) = f iv bs where - Just iv = Vincent.makeIV (toStrictBS ivbs) + Just iv = Vincent.makeIV (LZ.toStrict ivbs) (ivbs,bs) = LZ.splitAt (fromIntegral ivlen) s #if defined(VERSION_cryptonite) ivlen = Bytes.length (Vincent.nullIV :: Vincent.IV k) @@ -64,6 +65,7 @@ withIV f (EncipheredWithIV s) = f iv bs #endif withIV f (EncipheredZeroIV s) = f Vincent.nullIV s + decryptSecretKey :: BS.ByteString -- ^ Passphrase -> OpenPGP.Packet -- ^ Encrypted SecretKeyPacket @@ -74,7 +76,7 @@ decryptSecretKey pass k@(OpenPGP.SecretKeyPacket { OpenPGP.version = 4, OpenPGP.key_algorithm = kalgo, OpenPGP.s2k = s2k, OpenPGP.symmetric_algorithm = salgo, OpenPGP.key = existing, OpenPGP.encrypted_data = encd - }) | chkF material == toStrictBS chk = + }) | chkF material == LZ.toStrict chk = fmap (\m -> k { OpenPGP.s2k_useage = 0, OpenPGP.symmetric_algorithm = OpenPGP.Unencrypted, @@ -87,18 +89,9 @@ decryptSecretKey pass k@(OpenPGP.SecretKeyPacket { (foldM (\m f -> do {mpi <- get; return $ (f,mpi):m}) existing (OpenPGP.secret_key_fields kalgo)) material (material, chk) = LZ.splitAt (LZ.length decd - chkSize) decd - (chkSize, chkF) - | OpenPGP.s2k_useage k == 254 = (20, sha1 . toStrictBS) - | otherwise = (2, toStrictBS . encode . checksum . toStrictBS) - -- Words16s are written as 2 bytes in big-endian (network) order + (chkSize, chkF) = checksumForKey (OpenPGP.s2k_useage k) decd = withS2K simpleUnCFB salgo (Just s2k) (toLazyBS pass) (EncipheredWithIV encd) -#if defined(VERSION_cryptonite) - sha1 x = Bytes.convert (hash x :: Digest SHA1) -#else - sha1 = SHA1.hash -#endif - decryptSecretKey _ _ = Nothing checksum :: BS.ByteString -> Word16 @@ -133,7 +126,7 @@ withS2K codec OpenPGP.CAST5 s2k s = withIV $ codec (string2key s2k s :: Thoma withS2K codec algo _ _ = error $ "Unsupported symmetric algorithm : " ++ show algo ++ " in Data.OpenPGP.CryptoAPI.withS2K" simpleCFB :: forall k g. (Vincent.BlockCipher k, RG g) => g -> k -> LZ.ByteString -> (LZ.ByteString, g) -simpleCFB g k bs = ( padThenUnpad k (LZ.fromChunks . (ivbs:) . (:[]) . Vincent.cfbEncrypt k iv . toStrictBS) bs +simpleCFB g k bs = ( padThenUnpad k (LZ.fromChunks . (ivbs:) . (:[]) . Vincent.cfbEncrypt k iv . LZ.toStrict) bs , g' ) where Just iv = Vincent.makeIV ivbs @@ -180,7 +173,7 @@ encryptSecretKey passphrase s2k salgo plain = do -- two-octet checksum is required. s2k_usage_octet = 255 -- chkSize = 2 - chkF = toStrictBS . encode . checksum . toStrictBS + chkF = LZ.toStrict . encode . checksum . LZ.toStrict -- k = string2key s2k passphrase -- OpenPGP.string2key hashBySymbol s2k passphrase -- cgit v1.2.3