Permalink
Browse files

Add exportSalt, and fix type signature comments in export list.

The exportSalt function, suggested by Francesco Mazzoli, converts a Salt to a
ByteString, and may be useful if you want to use the salt values for other
things. It's not intended for typical users, but may be handy to have.
  • Loading branch information...
Peter Scott
Peter Scott committed Feb 21, 2011
1 parent 03dbccf commit 8ed8452f581b22955d2704749ad74bf8767609ae
Showing with 13 additions and 7 deletions.
  1. +11 −5 Crypto/PasswordStore.hs
  2. +2 −2 Tests.hs
View
@@ -80,9 +80,10 @@ module Crypto.PasswordStore (
-- * Utilities
Salt,
isPasswordFormatValid, -- :: ByteString -> Bool
- genSaltIO, -- :: IO ByteString
- genSaltRandom, -- :: (RandomGen b) => b -> (ByteString, b)
- makeSalt -- :: ByteString -> Salt
+ genSaltIO, -- :: IO Salt
+ genSaltRandom, -- :: (RandomGen b) => b -> (Salt, b)
+ makeSalt, -- :: ByteString -> Salt
+ exportSalt -- :: Salt -> ByteString
) where
import qualified Crypto.Hash.SHA256 as H
@@ -164,8 +165,8 @@ writePwHash (strength, SaltBS salt, hash) =
-- | Hash a password with a given strength (12 is a good default). The output of
-- this function can be written directly to a password file or
-- database. Generates a salt using high-quality randomness from
--- @\/dev\/urandom@ or (if that is not available) 'System.Random', which is
--- included in the hashed output.
+-- @\/dev\/urandom@ or (if that is not available, for example on Windows)
+-- 'System.Random', which is included in the hashed output.
makePassword :: ByteString -> Int -> IO ByteString
makePassword password strength = do
salt <- genSaltIO
@@ -240,6 +241,11 @@ makeSalt = SaltBS . encode . check_length
error "Salt too short. Minimum length is 8 characters."
| otherwise = salt
+-- | Convert a 'Salt' into a 'ByteString'. The resulting 'ByteString' will be
+-- base64-encoded. Most users will not need to use this function.
+exportSalt :: Salt -> ByteString
+exportSalt (SaltBS bs) = bs
+
-- | Is the format of a password hash valid? Attempts to parse a given password
-- hash. Returns 'True' if it parses correctly, and 'False' otherwise.
isPasswordFormatValid :: ByteString -> Bool
View
@@ -60,8 +60,8 @@ test_passwordStrength = TestList [ "test password strength 12" ~: test_passwordS
]
test_genSaltRandom = "test genSaltRandom" ~: testIt
- where testIt = TestList [show salt1 ~?= "SaltBS \"z0+F+uw3fh8SsyUTFAa4YQ==\"",
- show salt2 ~?= "SaltBS \"tyeByF5Y9NY0ugrCR+6Ymw==\""]
+ where testIt = TestList [exportSalt salt1 ~?= "z0+F+uw3fh8SsyUTFAa4YQ==",
+ exportSalt salt2 ~?= "tyeByF5Y9NY0ugrCR+6Ymw=="]
(salt1, g) = genSaltRandom (mkStdGen 42)
(salt2, _) = genSaltRandom g

0 comments on commit 8ed8452

Please sign in to comment.