Add exportSalt, and fix type signature comments in export list.

The exportSalt function, suggested by Francesco Mazzoli, converts a Salt to a ByteString, and may be useful if you want to use the salt values for other things. It's not intended for typical users, but may be handy to have.
PeterScott · Feb 21, 2011 · 8ed8452 · 8ed8452
1 parent 03dbccf
commit 8ed8452
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/Crypto/PasswordStore.hs b/Crypto/PasswordStore.hs
@@ -80,9 +80,10 @@ module Crypto.PasswordStore (
         -- * Utilities
         Salt,
         isPasswordFormatValid,  -- :: ByteString -> Bool
-        genSaltIO,              -- :: IO ByteString
-        genSaltRandom,          -- :: (RandomGen b) => b -> (ByteString, b)
-        makeSalt                -- :: ByteString -> Salt
+        genSaltIO,              -- :: IO Salt
+        genSaltRandom,          -- :: (RandomGen b) => b -> (Salt, b)
+        makeSalt,               -- :: ByteString -> Salt
+        exportSalt              -- :: Salt -> ByteString
   ) where
 
 import qualified Crypto.Hash.SHA256 as H
@@ -164,8 +165,8 @@ writePwHash (strength, SaltBS salt, hash) =
 -- | Hash a password with a given strength (12 is a good default). The output of
 -- this function can be written directly to a password file or
 -- database. Generates a salt using high-quality randomness from
--- @\/dev\/urandom@ or (if that is not available) 'System.Random', which is
--- included in the hashed output.
+-- @\/dev\/urandom@ or (if that is not available, for example on Windows)
+-- 'System.Random', which is included in the hashed output.
 makePassword :: ByteString -> Int -> IO ByteString
 makePassword password strength = do
   salt <- genSaltIO
@@ -240,6 +241,11 @@ makeSalt = SaltBS . encode . check_length
                                 error "Salt too short. Minimum length is 8 characters."
                             | otherwise = salt
 
+-- | Convert a 'Salt' into a 'ByteString'. The resulting 'ByteString' will be
+-- base64-encoded. Most users will not need to use this function.
+exportSalt :: Salt -> ByteString
+exportSalt (SaltBS bs) = bs
+
 -- | Is the format of a password hash valid? Attempts to parse a given password
 -- hash. Returns 'True' if it parses correctly, and 'False' otherwise.
 isPasswordFormatValid :: ByteString -> Bool

diff --git a/Tests.hs b/Tests.hs
@@ -60,8 +60,8 @@ test_passwordStrength = TestList [ "test password strength 12" ~: test_passwordS
                                  ]
 
 test_genSaltRandom = "test genSaltRandom" ~: testIt
-    where testIt = TestList [show salt1 ~?= "SaltBS \"z0+F+uw3fh8SsyUTFAa4YQ==\"",
-                             show salt2 ~?= "SaltBS \"tyeByF5Y9NY0ugrCR+6Ymw==\""]
+    where testIt = TestList [exportSalt salt1 ~?= "z0+F+uw3fh8SsyUTFAa4YQ==",
+                             exportSalt salt2 ~?= "tyeByF5Y9NY0ugrCR+6Ymw=="]
           (salt1, g) = genSaltRandom (mkStdGen 42)
           (salt2, _) = genSaltRandom g