From 4e06e3e0687cde8da7bf29681390916ed631df19 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Tue, 9 May 2023 09:17:11 -0400
Subject: [PATCH] Comment each field of Share and change some representations.
* We can always interpret the IV so represent it using the IV type instead of
as bytes.
* We cannot interpret the private key without its decryption key so represent
its encrypted form as bytes.
---
src/Tahoe/SDMF/Internal/Share.hs | 59 +++++++++++++++++++++-----------
tahoe-ssk.cabal | 2 ++
2 files changed, 41 insertions(+), 20 deletions(-)
diff --git a/src/Tahoe/SDMF/Internal/Share.hs b/src/Tahoe/SDMF/Internal/Share.hs
index c31124d..9f2dba0 100644
--- a/src/Tahoe/SDMF/Internal/Share.hs
+++ b/src/Tahoe/SDMF/Internal/Share.hs
@@ -1,34 +1,53 @@
-- | Deal with details related to the structural layout of an SDMF share.
module Tahoe.SDMF.Internal.Share where
+import Crypto.Cipher.AES (AES128)
+import Crypto.Types (IV)
import qualified Crypto.Types.PubKey.RSA as RSA
import qualified Data.ByteString as B
import qualified Data.ByteString.Lazy as LB
-import Data.Word (Word32, Word64, Word8)
+import Data.Word (Word64, Word8)
import Tahoe.CHK.Merkle (MerkleTree)
-{- | Structured representation of a single version 0 SDMF share.
+{- | Structured representation of a single version SDMF share.
See Tahoe-LAFS "mutable" specification document, section title "SDMF Slot
Format".
+
+ Since the only version of SDMF that is specified uses version 0, this
+ implicitly represents a version 0 SDMF. If new versions of SDMF are
+ specified then new constructors may be added.
-}
data Share = Share
- { shareSequenceNumber :: Word64
- , shareRootHash :: B.ByteString
- , shareIV :: B.ByteString
- , shareTotalShares :: Word8
- , shareRequiredShares :: Word8
- , shareSegmentSize :: Word64
- , shareDataLength :: Word8
- , shareOffsetSignature :: Word32
- , shareOffsetShareHashChain :: Word32
- , shareOffsetData :: Word32
- , shareOffsetEncryptedPrivateKey :: Word64
- , shareOffsetEOF :: Word64
- , shareVerificationKey :: RSA.PublicKey
- , shareSignature :: B.ByteString
- , shareHashChain :: [(Word8, B.ByteString)]
- , shareBlockHashTree :: MerkleTree
- , shareData :: LB.ByteString
- , sharePrivateKey :: RSA.PrivateKey
+ { -- | sequence number. 2^64-1 must be handled specially, TBD
+ shareSequenceNumber :: Word64
+ , -- | "R" (root of share hash merkle tree)
+ shareRootHash :: B.ByteString
+ , -- | The IV for encryption of share data.
+ shareIV :: IV AES128
+ , -- | The total number of encoded shares (k).
+ shareTotalShares :: Word8
+ , -- | The number of shares required for decoding (N).
+ shareRequiredShares :: Word8
+ , -- | The size of a single ciphertext segment.
+ shareSegmentSize :: Word64
+ , -- | The length of the original plaintext.
+ shareDataLength :: Word8
+ , -- | The 2048 bit "verification" RSA key.
+ shareVerificationKey :: RSA.PublicKey
+ , -- | The RSA signature of
+ -- H('\x00'+shareSequenceNumber+shareRootHash+shareIV+encoding
+ -- parameters) where '\x00' gives the version of this share format (0)
+ -- and the encoding parameters are a certain serialization of
+ -- shareRequiredShares and shareTotalShares.
+ shareSignature :: B.ByteString
+ , -- | The share numbers and shareRootHash values which are required to
+ -- ... something about verification I dunno. XXX
+ shareHashChain :: [(Word8, B.ByteString)]
+ , -- | A merkle tree where leaves are the hashes of the blocks in this share.
+ shareBlockHashTree :: MerkleTree
+ , -- | The share data (erasure encoded ciphertext).
+ shareData :: LB.ByteString
+ , -- | The encrypted 2048 bit "signature" RSA key.
+ shareEncryptedPrivateKey :: B.ByteString
}
diff --git a/tahoe-ssk.cabal b/tahoe-ssk.cabal
index de3a3f9..742d149 100644
--- a/tahoe-ssk.cabal
+++ b/tahoe-ssk.cabal
@@ -68,7 +68,9 @@ library
build-depends:
, base
, bytestring
+ , crypto-api
, crypto-pubkey-types
+ , cryptonite
-- This dependency isn't ideal. Move common bits out to
-- another library.
--
GitLab