openpgp-Crypto 0.3 → 0.5
raw patch · 3 files changed
+20/−29 lines, 3 filesdep −containersdep ~basedep ~openpgp
Dependencies removed: containers
Dependency ranges changed: base, openpgp
Files
- Data/OpenPGP/Crypto.hs +15/−22
- README +1/−1
- openpgp-Crypto.cabal +4/−6
Data/OpenPGP/Crypto.hs view
@@ -8,9 +8,9 @@ import Numeric import Data.Word+import Data.Bits import Data.Char-import Data.List (find)-import Data.Map ((!))+import Data.List (find,foldl') import qualified Data.ByteString.Lazy as LZ import qualified Data.ByteString.Lazy.UTF8 as LZ (fromString) @@ -42,26 +42,19 @@ | otherwise = s find_key :: OpenPGP.Message -> String -> Maybe OpenPGP.Packet-find_key (OpenPGP.Message (x@(OpenPGP.PublicKeyPacket {}):xs)) keyid =- find_key_ x xs keyid-find_key (OpenPGP.Message (x@(OpenPGP.SecretKeyPacket {}):xs)) keyid =- find_key_ x xs keyid-find_key (OpenPGP.Message (_:xs)) keyid =- find_key (OpenPGP.Message xs) keyid-find_key _ _ = Nothing--find_key_ :: OpenPGP.Packet -> [OpenPGP.Packet] -> String -> Maybe OpenPGP.Packet-find_key_ x xs keyid- | thisid == keyid = Just x- | otherwise = find_key (OpenPGP.Message xs) keyid- where- thisid = reverse $ take (length keyid) (reverse (fingerprint x))+find_key = OpenPGP.find_key fingerprint keyfield_as_octets :: OpenPGP.Packet -> Char -> [Word8] keyfield_as_octets k f =- LZ.unpack $ LZ.drop 2 (encode (k' ! f))- where k' = OpenPGP.key k+ LZ.unpack $ LZ.drop 2 (encode fld)+ where+ Just fld = lookup f (OpenPGP.key k) +constTimeEq :: [Word8] -> [Word8] -> Bool+constTimeEq xs ys+ | length xs /= length ys = False+ | otherwise = 0 == foldl' (\r (x,y) -> r .|. (x `xor` y)) 0 (zip xs ys)+ -- http://tools.ietf.org/html/rfc3447#page-43 emsa_pkcs1_v1_5_hash_padding :: OpenPGP.HashAlgorithm -> [Word8] emsa_pkcs1_v1_5_hash_padding OpenPGP.MD5 = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10]@@ -91,9 +84,9 @@ -> Int -- ^ Index of signature to verify (0th, 1st, etc) -> Bool verify keys message sigidx =- encoded == RSA.encrypt (n, e) raw_sig+ encoded `constTimeEq` RSA.encrypt (n, e) raw_sig where- raw_sig = LZ.unpack $ LZ.drop 2 $ encode (OpenPGP.signature sig)+ raw_sig = LZ.unpack $ LZ.drop 2 $ encode (head $ OpenPGP.signature sig) encoded = emsa_pkcs1_v1_5_encode signature_over (length n) (OpenPGP.hash_algorithm sig) signature_over = LZ.unpack $ dta `LZ.append` OpenPGP.trailer sig@@ -115,8 +108,8 @@ -- WARNING: this style of update is unsafe on most fields -- it is safe on signature and hash_head, though sig {- OpenPGP.signature = OpenPGP.MPI $ toNum final,- OpenPGP.hash_head = toNum $ take 2 final+ OpenPGP.signature = [OpenPGP.MPI $ toNum final],+ OpenPGP.hash_head = toNum $ take 2 encoded } where -- toNum has explicit param so that it can remain polymorphic
README view
@@ -2,7 +2,7 @@ that currently does fingerprint generation, signature generation, and signature verification (for RSA keys only). -It is indended to be used with <http://hackage.haskell.org/openpgp>+It is indended to be used with <http://hackage.haskell.org/package/openpgp> It is intended that you use qualified imports with this library.
openpgp-Crypto.cabal view
@@ -1,5 +1,5 @@ name: openpgp-Crypto-version: 0.3+version: 0.5 cabal-version: >= 1.8 license: OtherLicense license-file: COPYING@@ -18,7 +18,7 @@ that currently does fingerprint generation, signature generation, and signature verification (for RSA keys only). .- It is indended to be used with <http://hackage.haskell.org/openpgp>+ It is indended to be used with <http://hackage.haskell.org/package/openpgp> . It is intended that you use qualified imports with this library. .@@ -44,11 +44,10 @@ build-depends: base == 4.*,- containers, bytestring, utf8-string, binary,- openpgp,+ openpgp <= 0.5, Crypto test-suite tests@@ -57,11 +56,10 @@ build-depends: base == 4.*,- containers, bytestring, utf8-string, binary,- openpgp,+ openpgp <= 0.5, Crypto, HUnit, QuickCheck >= 2.4.1.1,