/README.md

http://github.com/vincenthz/hs-cryptocipher · Markdown · 76 lines · 50 code · 26 blank · 0 comment · 0 complexity · 796c2444887fdd87031277428dd3490c MD5 · raw file 

    

  1. crypto-cipher suite
    2. 

  2. ===================
    3. 

  3. 

  4. Documentation: [crypto-cipher-types on hackage](http://hackage.haskell.org/package/crypto-cipher-types)
    5. 

  5. 

  6. Using ciphers
    7. 

  7. --------------
    8. 

  8. 

  9. Here a simple example on how to encrypt using ECB, with the AES256 cipher:
    10. 

  10. 

  11.     import Crypto.Cipher.Types
    12. 

  12.     import Crypto.Cipher
    13. 

  13. 

  14.     -- the bytestring need to have a length of 32 bytes
    15. 

  15.     -- otherwise the simplified error handling will raise an exception.
    16. 

  16.     initAES256 :: ByteString -> AES256
    17. 

  17.     initAES256 = either (error . show) cipherInit . makeKey
    18. 

  18. 

  19.     -- real code would not create a new context every time, but
    20. 

  20.     -- initialize once, and reuse the context.
    21. 

  21.     cryptKey key msg = encryptECB ctx msg
    22. 

  22.       where ctx = initAES256 key
    23. 

  23. 

  24. And another using CBC mode with Blowfish cipher:
    25. 

  25. 

  26.     import Crypto.Cipher.Types
    27. 

  27.     import Crypto.Cipher
    28. 

  28. 

  29.     initBlowfish :: ByteString -> Blowfish
    30. 

  30.     initBlowfish = either (error . show) cipherInit . makeKey
    31. 

  31. 

  32.     cryptKey key iv msg = encryptCBC ctx (makeIV iv) msg
    33. 

  33.       where ctx = initBlowfish key
    34. 

  34. 

  35. 

  36. Phantom types
    37. 

  37. -------------
    38. 

  38. 

  39. [crypto-cipher-types](http://hackage.haskell.org/package/crypto-cipher-types) use
    40. 

  40. Phantom types for Keys and IVs, which are all the same underlaying types but allow
    41. 

  41. to differentiate between valid keys of differents ciphers.
    42. 

  42. 

  43. For example a "Key Blowfish" is different than a "Key AES256". This is similar for IV.
    44. 

  44. 

  45. One must use makeIV and makeKey to create those types.
    46. 

  46. 

  47.     makeKey "\x00\x11\x22\x33\x44\x55\x66" :: Either KeyError (Key MyCipher)
    48. 

  48. 

  49. and:
    50. 

  50. 

  51.     makeIV "\x00\x11\x22\x33\x44" :: Maybe (IV MyCipher)
    52. 

  52. 

  53. In simple context, the haskell compiler cannot infer the cipher that need to be
    54. 

  54. use, and the user need to add annotation in signatures as to which cipher need
    55. 

  55. to be chosen.
    56. 

  56. 

  57. This only need to be done, either on the initialized Cipher (cipherInit),
    58. 

  58. the Key or the IV.
    59. 

  59. 

  60. Writing tests
    61. 

  61. -------------
    62. 

  62. 

  63. Tests for blockciphers are already all included in crypto-cipher-tests.
    64. 

  64. 

  65.     import Crypto.Cipher.Tests
    66. 

  66.     main = defaultMain
    67. 

  67.         [ testBlockCipher defaultKATs (undefined :: BlockCipherType)
    68. 

  68.         ]
    69. 

  69. 

  70. 

  71. TODO
    72. 

  72. ----
    73. 

  73. 

  74. * cipher-des: slow
    75. 

  75. * cipher-blowfish: slow
    76. 

  76. * cipher-camellia: slow, endianness problem
    77.