packages feed

tahoe-ssk 0.2.1.0 → 0.3.0.0

raw patch · 8 files changed

+43/−27 lines, 8 filesdep ~tahoe-chkPVP ok

version bump matches the API change (PVP)

Dependency ranges changed: tahoe-chk

API changes (from Hackage documentation)

- Tahoe.SDMF: Share :: Word64 -> ByteString -> SDMF_IV -> Word8 -> Word8 -> Word64 -> Word64 -> Verification -> ByteString -> HashChain -> MerkleTree -> ByteString -> ByteString -> Share
+ Tahoe.SDMF: Share :: Word64 -> ByteString -> SDMF_IV -> Word8 -> Word8 -> Word64 -> Word64 -> Verification -> ByteString -> HashChain -> MerkleTree ByteString SHA256d -> ByteString -> ByteString -> Share
- Tahoe.SDMF: Verifier :: StorageIndex -> Digest SHA256 -> Verifier
+ Tahoe.SDMF: Verifier :: StorageIndex -> Digest' SHA256d -> Verifier
- Tahoe.SDMF: [shareBlockHashTree] :: Share -> MerkleTree
+ Tahoe.SDMF: [shareBlockHashTree] :: Share -> MerkleTree ByteString SHA256d
- Tahoe.SDMF: [verifierVerificationKeyHash] :: Verifier -> Digest SHA256
+ Tahoe.SDMF: [verifierVerificationKeyHash] :: Verifier -> Digest' SHA256d
- Tahoe.SDMF.Internal.Capability: Verifier :: StorageIndex -> Digest SHA256 -> Verifier
+ Tahoe.SDMF.Internal.Capability: Verifier :: StorageIndex -> Digest' SHA256d -> Verifier
- Tahoe.SDMF.Internal.Capability: [verifierVerificationKeyHash] :: Verifier -> Digest SHA256
+ Tahoe.SDMF.Internal.Capability: [verifierVerificationKeyHash] :: Verifier -> Digest' SHA256d
- Tahoe.SDMF.Internal.Capability: deriveReader :: Write -> Digest SHA256 -> Maybe Reader
+ Tahoe.SDMF.Internal.Capability: deriveReader :: Write -> Digest' SHA256d -> Maybe Reader
- Tahoe.SDMF.Internal.Capability: deriveVerifier :: Read -> Digest SHA256 -> Verifier
+ Tahoe.SDMF.Internal.Capability: deriveVerifier :: Read -> Digest' SHA256d -> Verifier
- Tahoe.SDMF.Internal.Capability: pPieces :: Text -> (ByteString -> a) -> Parser (a, Digest SHA256)
+ Tahoe.SDMF.Internal.Capability: pPieces :: Text -> (ByteString -> a) -> Parser (a, Digest' SHA256d)
- Tahoe.SDMF.Internal.Share: Share :: Word64 -> ByteString -> SDMF_IV -> Word8 -> Word8 -> Word64 -> Word64 -> Verification -> ByteString -> HashChain -> MerkleTree -> ByteString -> ByteString -> Share
+ Tahoe.SDMF.Internal.Share: Share :: Word64 -> ByteString -> SDMF_IV -> Word8 -> Word8 -> Word64 -> Word64 -> Verification -> ByteString -> HashChain -> MerkleTree ByteString SHA256d -> ByteString -> ByteString -> Share
- Tahoe.SDMF.Internal.Share: [shareBlockHashTree] :: Share -> MerkleTree
+ Tahoe.SDMF.Internal.Share: [shareBlockHashTree] :: Share -> MerkleTree ByteString SHA256d

Files

CHANGELOG.md view
@@ -1,5 +1,9 @@ # Changelog for tahoe-ssk +## 0.3.0.0 (Unreleased)++* Updated the tahoe-chk dependency to 0.2.0.0.+ ## 0.2.1.0  * Add Ord instances for StorageIndex, Verifier, Reader, and Writer.
README.md view
@@ -13,7 +13,12 @@  * SDMF write, read, and verify capabilities can be parsed and serialized. * SDMF shares can be deserialized, decoded, and decrypted.-  * The cryptographic integrity and authenticity is not verified.+  * The cryptographic integrity is not verified:+    * a share's block hashes are not checked against the share's block hash tree+    * the root of the computed share hash tree is not checked against share's pre-computed share hash tree root+  * The cryptographic authenticity is not verified:+    * signatures on the data are not checked+ * Plaintext can be encrypted, encoded into shares, and the shares serialized to bytes.   * Not all fields of the shares contain correctly initialized values.   * Enough fields are correctly populated to recover the original plaintext.@@ -65,7 +70,7 @@   * is well-maintained     * developers are responsive to security reports     * has a channel for security-related disclosures-	* has sound documentation for proper, safe usage+    * has sound documentation for proper, safe usage  And, of course,
src/Tahoe/SDMF/Internal/Capability.hs view
@@ -5,7 +5,7 @@  import Control.Applicative ((<|>)) import Control.Monad (void)-import Crypto.Hash (Digest, SHA256, digestFromByteString)+import Crypto.Hash (digestFromByteString) import Data.Binary (decode) import qualified Data.ByteArray as ByteArray import qualified Data.ByteString as B@@ -16,6 +16,7 @@ import qualified Data.Text.Encoding as T import Data.Void (Void) import Data.Word (Word16)+import Tahoe.CHK.SHA256d (Digest' (Digest'), SHA256d) import Tahoe.Capability (ConfidentialShowable (..)) import Tahoe.SDMF.Internal.Keys (     Read (readKeyBytes),@@ -49,7 +50,7 @@ -- | A verify capability for an SDMF object. data Verifier = Verifier     { verifierStorageIndex :: StorageIndex-    , verifierVerificationKeyHash :: Digest SHA256+    , verifierVerificationKeyHash :: Digest' SHA256d     }     deriving (Eq, Show) @@ -86,14 +87,14 @@     confidentiallyShow = dangerRealShow . SDMFWriter  -- | Diminish a write key to a read key and wrap it in a reader capability.-deriveReader :: Write -> Digest SHA256 -> Maybe Reader+deriveReader :: Write -> Digest' SHA256d -> Maybe Reader deriveReader w fingerprint = Reader <$> readKey <*> verifier   where     readKey = deriveReadKey w     verifier = flip deriveVerifier fingerprint <$> readKey  -- | Diminish a read key to a verify key and wrap it in a verifier capability.-deriveVerifier :: Read -> Digest SHA256 -> Verifier+deriveVerifier :: Read -> Digest' SHA256d -> Verifier deriveVerifier readKey = Verifier storageIndex   where     storageIndex = deriveStorageIndex readKey@@ -133,7 +134,7 @@     -- | A function to convert the first bytestring to a result value.     (B.ByteString -> a) ->     -- | A parser for the two pieces of the SDMF capability.-    Parser (a, Digest SHA256)+    Parser (a, Digest' SHA256d) pPieces prefix convertSecret = do     void $ string prefix     secret <- convertSecret <$> pBase32 rfc3548Alphabet 128@@ -142,7 +143,7 @@     case digestFromByteString digestBytes of         Nothing -> failure Nothing mempty         Just verificationKeyHash ->-            pure (secret, verificationKeyHash)+            pure (secret, Digest' verificationKeyHash)  {- | A parser combinator for an arbitrary byte string of a fixed length,  encoded using base32.
src/Tahoe/SDMF/Internal/Encoding.hs view
@@ -5,8 +5,8 @@ -} module Tahoe.SDMF.Internal.Encoding where -import Control.Monad.Fail (MonadFail) import Control.Monad (when)+import Control.Monad.Fail (MonadFail) import Control.Monad.IO.Class (MonadIO (liftIO)) import Crypto.Hash (digestFromByteString) import Crypto.Random (MonadRandom)@@ -18,6 +18,7 @@ import Data.Word (Word16, Word64, Word8) import Tahoe.CHK (padCiphertext, zfec, zunfec) import Tahoe.CHK.Merkle (MerkleTree (MerkleLeaf))+import Tahoe.CHK.SHA256d (Digest' (Digest'), zero) import Tahoe.SDMF.Internal.Capability (Reader (..), Writer (..), deriveReader) import Tahoe.SDMF.Internal.Converting (from, tryInto) import qualified Tahoe.SDMF.Internal.Keys as Keys@@ -91,7 +92,7 @@     shareRootHash = B.replicate 32 0     shareSignature = B.replicate 32 0 -- XXX Actually compute sig, and is it 32 bytes?     shareHashChain = HashChain []-    shareBlockHashTree = MerkleLeaf (B.replicate 32 0) -- XXX Real hash here, plus length check+    shareBlockHashTree = MerkleLeaf zero -- XXX Real hash here, plus length check  {- | Decode some SDMF shares to recover the original ciphertext. @@ -124,7 +125,7 @@     Writer <$> writerWriteKey <*> maybeToEither' "Failed to derive read capability" writerReader   where     writerWriteKey = maybeToEither "Failed to derive write key" . Keys.deriveWriteKey . Keys.toSignatureKey $ keypair-    verificationKeyHash = digestFromByteString . Keys.deriveVerificationHash . Keys.toVerificationKey $ keypair+    verificationKeyHash = fmap Digest' . digestFromByteString . Keys.deriveVerificationHash . Keys.toVerificationKey $ keypair     writerReader = deriveReader <$> writerWriteKey <*> maybeToEither "Failed to interpret verification hash" verificationKeyHash  maybeToEither :: a -> Maybe b -> Either a b
src/Tahoe/SDMF/Internal/Share.hs view
@@ -17,6 +17,7 @@ import Data.Word (Word16, Word32, Word64, Word8) import Data.X509 (PrivKey (PrivKeyRSA), PubKey (PubKeyRSA)) import Tahoe.CHK.Merkle (MerkleTree, leafHashes)+import Tahoe.CHK.SHA256d (Digest' (Digest'), SHA256d, toBytes) import Tahoe.SDMF.Internal.Converting (From (from), into, tryInto) import qualified Tahoe.SDMF.Internal.Keys as Keys @@ -81,7 +82,7 @@       -- ... something about verification I dunno. XXX       shareHashChain :: HashChain     , -- | A merkle tree where leaves are the hashes of the blocks in this share.-      shareBlockHashTree :: MerkleTree+      shareBlockHashTree :: MerkleTree B.ByteString SHA256d     , -- | The share data (erasure encoded ciphertext).       shareData :: LB.ByteString     , -- | The encrypted 2048 bit "signature" RSA key.@@ -113,7 +114,7 @@         putByteString shareEncryptedPrivateKey       where         verificationKeyBytes = Keys.verificationKeyToBytes shareVerificationKey-        blockHashTreeBytes = B.concat . leafHashes $ shareBlockHashTree+        blockHashTreeBytes = B.concat . fmap toBytes . leafHashes $ shareBlockHashTree          -- Some conversions could fail because we can't be completely sure of         -- the size of the data we're working with.  Put has no good failure
tahoe-ssk.cabal view
@@ -21,7 +21,7 @@ -- PVP summary:     +-+------- breaking API changes --                  | | +----- non-breaking API additions --                  | | | +--- code changes with no API change-version:            0.2.1.0+version:            0.3.0.0  -- A short (one-line) description of the package. synopsis:@@ -132,7 +132,7 @@    -- This dependency isn't ideal.  Move common bits out to   -- another library.-  build-depends:   tahoe-chk >=0.1 && <0.2+  build-depends:   tahoe-chk >=0.2 && <0.3  test-suite tahoe-ssk-test   import:@@ -167,7 +167,7 @@     , megaparsec          >=8.0      && <9.3     , memory              >=0.15     && <0.17     , tahoe-capabilities  >=0.1      && <0.2-    , tahoe-chk           >=0.1      && <0.2+    , tahoe-chk           >=0.2      && <0.3     , tahoe-ssk     , tasty               >=1.2.3    && <1.5     , tasty-hedgehog      >=1.0.0.2  && <1.2
test/Generators.hs view
@@ -1,3 +1,5 @@+{-# LANGUAGE ScopedTypeVariables #-}+ module Generators where  import Crypto.Cipher.Types (makeIV)@@ -10,7 +12,7 @@ import qualified Data.Binary as Binary import qualified Data.ByteString as B import qualified Data.ByteString.Lazy as LB-import Data.Maybe (fromJust)+import Data.Maybe (fromJust, fromMaybe) import Data.Word (Word16) import Data.X509 (PrivKey (PrivKeyRSA)) import GHC.IO.Unsafe (unsafePerformIO)@@ -18,6 +20,7 @@ import qualified Hedgehog.Gen as Gen import qualified Hedgehog.Range as Range import Tahoe.CHK.Merkle (MerkleTree (..), makeTreePartial)+import Tahoe.CHK.SHA256d (Digest' (Digest'), SHA256d) import Tahoe.SDMF (Reader (..), SDMF (..), Share (..), Verifier (..), Writer (..)) import Tahoe.SDMF.Internal.Capability (deriveReader) import Tahoe.SDMF.Internal.Keys (keyLength)@@ -87,12 +90,16 @@                 _ -> error "Expected RSA Private Key"     kp -merkleTrees :: MonadGen m => Range.Range Int -> m MerkleTree-merkleTrees r = makeTreePartial <$> Gen.list r genHash+merkleTrees :: MonadGen m => Range.Range Int -> m (MerkleTree B.ByteString SHA256d)+merkleTrees r = makeTreePartial <$> Gen.list r digests --- | Generate ByteStrings which could be sha256d digests.-genHash :: MonadGen m => m B.ByteString-genHash = Gen.bytes . Range.singleton . hashDigestSize $ SHA256+-- | Generate Digest' values for some hash algorithm.  Shrinks toward "aaa..."+digests :: forall m hash. (MonadGen m, HashAlgorithm hash) => m (Digest' hash)+digests =+    Digest'+        . fromMaybe (error "Failed to interpret bytes as digest")+        . digestFromByteString+        <$> Gen.bytes (Range.singleton (hashDigestSize (undefined :: hash)))  -- | Generate lists of two-tuples of share identifier and share root hash. shareHashChains :: MonadGen m => m HashChain@@ -142,7 +149,3 @@ -- | Build SDMF storage indexes. storageIndexes :: MonadGen m => m Keys.StorageIndex storageIndexes = Keys.StorageIndex <$> Gen.bytes (Range.singleton keyLength)---- | Build SHA256 digests.-digests :: MonadGen m => m (Digest SHA256)-digests = fromJust . digestFromByteString <$> Gen.bytes (Range.singleton 32)
test/Spec.hs view
@@ -27,6 +27,7 @@ import qualified Hedgehog.Gen as Gen import qualified Hedgehog.Range as Range import System.IO (hSetEncoding, stderr, stdout, utf8)+import Tahoe.CHK.SHA256d (Digest' (Digest')) import Tahoe.Capability (confidentiallyShow) import qualified Tahoe.SDMF import Tahoe.SDMF.Internal.Capability (deriveVerifier)@@ -206,7 +207,7 @@              let (Right writeKey) = Binary.decode . LB.fromStrict <$> decodeBase32Unpadded "vdv6pcqkblsguvkagrblr3gopu"                 (Just readerReadKey) = Keys.deriveReadKey writeKey-                (Just readerVerifier) = deriveVerifier readerReadKey <$> digestFromByteString ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" :: B.ByteString)+                (Just readerVerifier) = deriveVerifier readerReadKey . Digest' <$> digestFromByteString ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" :: B.ByteString)                 reader = Tahoe.SDMF.Reader{..}             ciphertext <- Tahoe.SDMF.decode reader [(0, s0), (6, s6), (9, s9)]             let (Right expectedCiphertext) = LB.fromStrict <$> decodeBase32Unpadded "6gutkha6qd4g3lxahth2dw2wjekadwoxvmazrnfq5u5j6a7quu5qy6nz3dvosx2gisdjshdtd5xphqvqjco5pq73qi"