<div dir="ltr"><font face="monospace, monospace">Say the data structure is:</font><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">data Person = Person { name :: String</font></div><div><font face="monospace, monospace"> , gender :: Gender</font></div><div><font face="monospace, monospace"> , age :: Int }</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">Then the process to generate the binary is:</font></div><div><br></div><div>msum $ map (encrypt . encode) [ length $ name person, name person, gender person, age person ]</div><div><br></div><div>Above process is just persudo in Haskell, the actual is not coded in Haskell.</div><div class="gmail_extra"><font face="monospace, monospace"><br></font><div class="gmail_quote"><font face="monospace, monospace">On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko <span dir="ltr"><<a href="mailto:blaze@ruddy.ru" target="_blank">blaze@ruddy.ru</a>></span> wrote:<br></font><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><font face="monospace, monospace">Could you describe encrypted data format? I can't understand problem with decryption.</font></div><div class="HOEnZb"><div class="h5">
<div><font face="monospace, monospace"><br></font></div>
<font face="monospace, monospace"><br><br></font><div class="gmail_quote"><p><font face="monospace, monospace">On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds <span dir="ltr"><<a href="mailto:magicloud.magiclouds@gmail.com" target="_blank">magicloud.magiclouds@gmail.com</a>></span> wrote:<br></font></p><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="ltr"><font face="monospace, monospace">That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.</font><div><font face="monospace, monospace"><br></font></div>
<div><font face="monospace, monospace">I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.</font></div>
<div class="gmail_extra">
<font face="monospace, monospace"><br></font><div class="gmail_quote"><font face="monospace, monospace">On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko <span dir="ltr"><<a href="mailto:blaze@ruddy.ru" target="_blank">blaze@ruddy.ru</a>></span> wrote:<br></font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><font face="monospace, monospace">You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.</font></div>
<div><div>
<div><font face="monospace, monospace"><br></font></div>
<font face="monospace, monospace"><br><br></font><div class="gmail_quote">
<p><font face="monospace, monospace">On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds <span dir="ltr"><<a href="mailto:magicloud.magiclouds@gmail.com" target="_blank">magicloud.magiclouds@gmail.com</a>></span> wrote:<br></font></p>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div>
<div dir="ltr"><font face="monospace, monospace">How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.</font></div>
<div class="gmail_extra">
<font face="monospace, monospace"><br></font><div class="gmail_quote"><font face="monospace, monospace">On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <span dir="ltr"><<a href="mailto:blaze@ruddy.ru" target="_blank">blaze@ruddy.ru</a>></span> wrote:<br></font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><font face="monospace, monospace">You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.</font></div>
<div><div>
<div><font face="monospace, monospace"><br></font></div>
<font face="monospace, monospace"><br><br></font><div class="gmail_quote">
<p><font face="monospace, monospace">On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds <span dir="ltr"><<a href="mailto:magicloud.magiclouds@gmail.com" target="_blank">magicloud.magiclouds@gmail.com</a>></span> wrote:<br></font></p>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div>
<div dir="ltr"><font face="monospace, monospace">Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:</font><div><font face="monospace, monospace"><br></font></div>
<div><font face="monospace, monospace">msum $ map (encrypt . encode) [field1, field2, field3]</font></div>
<div><font face="monospace, monospace"><br></font></div>
<div><font face="monospace, monospace">I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.</font></div>
</div>
<div class="gmail_extra">
<font face="monospace, monospace"><br></font><div class="gmail_quote"><font face="monospace, monospace">On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <span dir="ltr"><<a href="mailto:ivan.miljenovic@gmail.com" target="_blank">ivan.miljenovic@gmail.com</a>></span> wrote:<br></font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="monospace, monospace">On 21 April 2015 at 23:58, Magicloud Magiclouds<br><span><<a href="mailto:magicloud.magiclouds@gmail.com" target="_blank">magicloud.magiclouds@gmail.com</a>> wrote:<br>
> Thank you. But how if the cipher was specified outside the binary data? I<br>
> mean I need to pass the decrypt/encrypt function to get/put while they do<br>
> not accept parameters. Should I use Reader here?<br><br></span>Maybe you could explain what you're doing better.<br><br>
I would envisage that you would get a Bytestring/Text value, then<br>
encrypt/decrypt and then put it back (though if you're dealing with<br>
Bytestrings, unless you're wanting to compose them with others there's<br>
no real need to use Get and Put as you'll have the resulting<br>
Bytestring already...).<br><br>
Or are you wanting to implement your own encryption/decryption scheme?<br>
In which case, you might want to either:<br><br>
a) write custom functions in the Get and Put monads OR<br><br>
b) write custom parsers (e.g. attoparsec) and builders (using the<br>
Builder module in bytestring); this is probably going to suit you<br>
better.<br></font><div><div>
<font face="monospace, monospace"><br>
><br>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <<a href="mailto:gale@sefer.org" target="_blank">gale@sefer.org</a>> wrote:<br>
>><br>
>> Magicloud Magiclouds wrote:<br>
>> > I am trying to work with some binary data that encrypted by field<br>
>> > instead of<br>
>> > the result of serialization. I'd like to use Data.Serialize to wrap the<br>
>> > data<br>
>> > structure. But I could not figure out how to apply an runtime specified<br>
>> > cipher method to the bytestring.<br>
>><br>
>> Are you using the set of crypto libraries written by<br>
>> Victor Hanquez, such as cryptocipher-types,<br>
>> crypto-pubkey-types, and cryptohash?<br>
>><br>
>> Or the set of libraries written by Thomas DuBuisson,<br>
>> such as crypto-api, cipher-aes128, etc.?<br>
>><br>
>> Here is an example of decoding for Victor's libraries.<br>
>> Encoding would be similar using Put instead of Get.<br>
>> Thomas' libraries would be similar using the other<br>
>> API.<br>
>><br>
>> Let's say you have a type like this:<br>
>><br>
>> data MyCipher = MyAES | MyBlowfish | ...<br>
>><br>
>> Then in your cereal code you would have a Get monad<br>
>> expression something like this (assuming you have<br>
>> written all of the functions called parseSomething):<br>
>><br>
>> getStuff = do<br>
>> cipher <- parseCipher :: Get MyCipher<br>
>> clearText <- case cipher of<br>
>> MyAES -> do<br>
>> keyBS <- parseAESKey :: Get ByteString<br>
>> let key = either (error "bad AES key") id $ makeKey keyBS<br>
>> cipher = cipherInit key<br>
>> cipherText <- parseAESCipherText :: Get ByteString<br>
>> return $ ecbDecrypt cipher cipherText<br>
>> MyBlowfish -> do ...<br>
>><br>
>> etc.<br>
>><br>
>> Hope this helps,<br>
>> Yitz<br>
><br>
><br>
><br>
><br>
> --<br>
> 竹密岂妨流水过<br>
> 山高哪阻野云飞<br>
><br>
> And for G+, please use magiclouds#<a href="http://gmail.com" target="_blank">gmail.com</a>.<br>
><br></font></div></div><font face="monospace, monospace">> _______________________________________________<br>
> Haskell-Cafe mailing list<br>
> <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a><br>
> <a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe</a><br>
><br><span><font color="#888888"><br><br><br>
--<br>
Ivan Lazar Miljenovic<br><a href="mailto:Ivan.Miljenovic@gmail.com" target="_blank">Ivan.Miljenovic@gmail.com</a><br><a href="http://IvanMiljenovic.wordpress.com" target="_blank">http://IvanMiljenovic.wordpress.com</a><br></font></span>
</font></blockquote>
</div>
<font face="monospace, monospace"><br><br clear="all"></font><div><font face="monospace, monospace"><br></font></div><font face="monospace, monospace">-- <br></font><div><font face="monospace, monospace">竹密岂妨流水过<br>山高哪阻野云飞<br><br>And for G+, please use magiclouds#<a href="http://gmail.com" target="_blank">gmail.com</a>.</font></div>
</div>
</div></blockquote>
</div>
<font face="monospace, monospace"><br></font></div></div>
</blockquote>
</div>
<font face="monospace, monospace"><br><br clear="all"></font><div><font face="monospace, monospace"><br></font></div><font face="monospace, monospace">-- <br></font><div><font face="monospace, monospace">竹密岂妨流水过<br>山高哪阻野云飞<br><br>And for G+, please use magiclouds#<a href="http://gmail.com" target="_blank">gmail.com</a>.</font></div>
</div>
</div></blockquote>
</div>
<font face="monospace, monospace"><br></font></div></div>
</blockquote>
</div>
<font face="monospace, monospace"><br><br clear="all"></font><div><font face="monospace, monospace"><br></font></div><font face="monospace, monospace">-- <br></font><div><font face="monospace, monospace">竹密岂妨流水过<br>山高哪阻野云飞<br><br>And for G+, please use magiclouds#<a href="http://gmail.com" target="_blank">gmail.com</a>.</font></div>
</div>
</div></div></blockquote></div><font face="monospace, monospace"><br></font></div></div></blockquote></div><font face="monospace, monospace"><br><br clear="all"></font><div><font face="monospace, monospace"><br></font></div><font face="monospace, monospace">-- <br></font><div class="gmail_signature"><font face="monospace, monospace">竹密岂妨流水过<br>山高哪阻野云飞<br><br>And for G+, please use magiclouds#<a href="http://gmail.com" target="_blank">gmail.com</a>.</font></div>
</div></div>