From e5dcf601fa470044c5f6c4a27b6138665ce4979d Mon Sep 17 00:00:00 2001
From: Rodney Lorrimar <dev@rodney.id.au>
Date: Mon, 20 Mar 2017 23:35:04 +0000
Subject: [PATCH] Better use of Crypto.Random

---
 fernet.cabal                 |  1 -
 src/Network/Fernet/Crypto.hs |  4 ++--
 src/Network/Fernet/Key.hs    |  6 +++---
 src/Network/Fernet/Util.hs   | 12 ------------
 4 files changed, 5 insertions(+), 18 deletions(-)
 delete mode 100644 src/Network/Fernet/Util.hs

diff --git a/fernet.cabal b/fernet.cabal
index e394fc6..7982d7c 100644
--- a/fernet.cabal
+++ b/fernet.cabal
@@ -25,7 +25,6 @@ library
                      , Network.Fernet.Crypto
                      , Network.Fernet.Key
                      , Network.Fernet.Token
-                     , Network.Fernet.Util
   build-depends:       base >=4.9 && <4.10
                      , binary               >= 0.8.3.0 && < 0.10
                      , byteable             >= 0.1.1  && < 0.2
diff --git a/src/Network/Fernet/Crypto.hs b/src/Network/Fernet/Crypto.hs
index f1d3245..cab68c8 100644
--- a/src/Network/Fernet/Crypto.hs
+++ b/src/Network/Fernet/Crypto.hs
@@ -15,9 +15,9 @@ import           Crypto.Cipher.AES      (AES128)
 import           Crypto.MAC.HMAC        (HMAC(..), hmac, hmacGetDigest)
 import           Crypto.Cipher.Types
 import           Crypto.Error
+import           Crypto.Random          (getRandomBytes)
 
 import Network.Fernet.Token (Signature)
-import Network.Fernet.Util (randomBytes)
 
 sign :: ByteArrayAccess a => a -> ByteString -> Signature
 sign key t = convert $ hmacGetDigest (hmac key t :: HMAC SHA256)
@@ -49,7 +49,7 @@ cipherBlockSize :: Int
 cipherBlockSize = 16
 
 genIV :: IO ByteString
-genIV = randomBytes cipherBlockSize
+genIV = getRandomBytes cipherBlockSize
 
 aesSetup :: ByteArray a => a -> ByteString -> Maybe (AES128, IV AES128, Format)
 aesSetup key iv = (,,) <$> ctx <*> iv' <*> p
diff --git a/src/Network/Fernet/Key.hs b/src/Network/Fernet/Key.hs
index 58a4d43..5f489e9 100644
--- a/src/Network/Fernet/Key.hs
+++ b/src/Network/Fernet/Key.hs
@@ -15,9 +15,9 @@ import           Data.ByteArray         (ScrubbedBytes, ByteArrayAccess(..))
 import qualified Data.ByteArray         as BA
 import qualified Crypto.KDF.PBKDF2      as PBKDF2
 import           Crypto.Hash.Algorithms (SHA256(..))
+import           Crypto.Random          (getRandomBytes)
 
 import Network.Fernet.Base64
-import Network.Fernet.Util
 
 -- | Contains the signing key and encryption key. Create a 'Key' with 'key'.
 data Key = Key
@@ -50,10 +50,10 @@ generateKey :: IO ByteString
 generateKey = b64url <$> generateKeyBytes
 
 generateKeyBytes :: IO ByteString
-generateKeyBytes = randomBytes cipherKeyLength
+generateKeyBytes = getRandomBytes cipherKeyLength
 
 genSalt :: IO ByteString
-genSalt = randomBytes 16
+genSalt = getRandomBytes 16
 
 keyToBase64 :: Key -> ByteString
 keyToBase64 (Key s e) = b64url $ s <> e
diff --git a/src/Network/Fernet/Util.hs b/src/Network/Fernet/Util.hs
deleted file mode 100644
index 7510fe2..0000000
--- a/src/Network/Fernet/Util.hs
+++ /dev/null
@@ -1,12 +0,0 @@
-module Network.Fernet.Util
-  ( randomBytes
-  ) where
-
-import           Data.ByteString        (ByteString)
-import Crypto.Random (DRG, getSystemDRG, withRandomBytes)
-
-randomBytesGen :: DRG gen => Int -> gen -> (ByteString, gen)
-randomBytesGen n gen = withRandomBytes gen n id
-
-randomBytes :: Int -> IO ByteString
-randomBytes n = fst . randomBytesGen n <$> getSystemDRG