Better use of Crypto.Random

rvl · Mar 20, 2017 · e5dcf60 · e5dcf60
1 parent b46bf88
commit e5dcf60
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 18 deletions.
diff --git a/fernet.cabal b/fernet.cabal
@@ -25,7 +25,6 @@ library
                      , Network.Fernet.Crypto
                      , Network.Fernet.Key
                      , Network.Fernet.Token
-                     , Network.Fernet.Util
   build-depends:       base >=4.9 && <4.10
                      , binary               >= 0.8.3.0 && < 0.10
                      , byteable             >= 0.1.1  && < 0.2

diff --git a/src/Network/Fernet/Crypto.hs b/src/Network/Fernet/Crypto.hs
@@ -15,9 +15,9 @@ import           Crypto.Cipher.AES      (AES128)
 import           Crypto.MAC.HMAC        (HMAC(..), hmac, hmacGetDigest)
 import           Crypto.Cipher.Types
 import           Crypto.Error
+import           Crypto.Random          (getRandomBytes)
 
 import Network.Fernet.Token (Signature)
-import Network.Fernet.Util (randomBytes)
 
 sign :: ByteArrayAccess a => a -> ByteString -> Signature
 sign key t = convert $ hmacGetDigest (hmac key t :: HMAC SHA256)
@@ -49,7 +49,7 @@ cipherBlockSize :: Int
 cipherBlockSize = 16
 
 genIV :: IO ByteString
-genIV = randomBytes cipherBlockSize
+genIV = getRandomBytes cipherBlockSize
 
 aesSetup :: ByteArray a => a -> ByteString -> Maybe (AES128, IV AES128, Format)
 aesSetup key iv = (,,) <$> ctx <*> iv' <*> p

diff --git a/src/Network/Fernet/Key.hs b/src/Network/Fernet/Key.hs
@@ -15,9 +15,9 @@ import           Data.ByteArray         (ScrubbedBytes, ByteArrayAccess(..))
 import qualified Data.ByteArray         as BA
 import qualified Crypto.KDF.PBKDF2      as PBKDF2
 import           Crypto.Hash.Algorithms (SHA256(..))
+import           Crypto.Random          (getRandomBytes)
 
 import Network.Fernet.Base64
-import Network.Fernet.Util
 
 -- | Contains the signing key and encryption key. Create a 'Key' with 'key'.
 data Key = Key
@@ -50,10 +50,10 @@ generateKey :: IO ByteString
 generateKey = b64url <$> generateKeyBytes
 
 generateKeyBytes :: IO ByteString
-generateKeyBytes = randomBytes cipherKeyLength
+generateKeyBytes = getRandomBytes cipherKeyLength
 
 genSalt :: IO ByteString
-genSalt = randomBytes 16
+genSalt = getRandomBytes 16
 
 keyToBase64 :: Key -> ByteString
 keyToBase64 (Key s e) = b64url $ s <> e

diff --git a/src/Network/Fernet/Util.hs b/src/Network/Fernet/Util.hs