[Haskell-cafe] [PREANNOUNCE] Crypto-API Major Version Bump (

Thomas DuBuisson thomas.dubuisson at gmail.com
Wed Sep 15 20:54:59 EDT 2010

Ironing out crypto-api, I have commited the below changes mostly
intended to streamline crypto-api and focus it on the main purpose of
connecting algorithm developers with slightly higher-level (and
generic) function needed by crypto-users.  Feel free to object,
comment, or recommend additional alterations before 0.1 is released.
Padding, NIST KATs for TwoFish, and a generalized/testable CFB mode
might appear before release, but no promises.

Homepage: http://trac.haskell.org/crypto-api/wiki
Bug trac: http://trac.haskell.org/crypto-api/report/1
Repo: http://code.haskell.org/crypto-api/

* instance Monad (Either GenError) where ...
* cereal >= 0.2 && < 0.3 (was == 0.2.*)
* Test.{HMAC,SHA,AES} now exist / are split from Test.Crypto
 ** SHA and HMAC tests are new and from NIST CAVP KAT collection - no
more rolling your own testing!
* Test.ParseNistKATs doesn't use Parsec and has a barebones interface.
* Crypto.Random does not export "AsRG" or "Splittable" (see change
log, 'random' build dep removed)

While I've never had objections to dependencies (this is what cabal is
for and removing unused code is what GHC+linkers are for), I feel this
is a good minimum and hope others agree.  Some potential users made
noise about having both Binary and Cereal and just the number of deps
in general.

* deps removed: binary, parsec, random (and indirectly: time, old-locale)
* deps remaining: base, tagged, bytestring, cereal, filepath, directory
* indirect deps remaining: data-default, containers, arrays

* Bump 'cereal' version bound to include 0.3
* instance Monad (Either GenError)  -- that was an obvious oversight
* Remove the 'binary' dep. (cereal makes more sense and can be
leveraged in Binary.{Get,Put} routines).
* Removed the 'parsec' dep, which was only needed for Test.* but not
even that now.
* Updated the CPP tests for Windows in System.Random.Crypto (still
need a tester)
* Fixed up the testing infrastructure.  Algorithms now use separate
modules (Test.SHA, Test.HMAC, Test.AES).  more NIST KATs included:
~1000 SHA tests, hundreds of SHA HMAC tests.
* Fixed ugly bug for HMACs using keys > blockSize (eep! Obvious
interop problem, but there was no-less security in the hmac result)
* Removes the 'random' dep and by extension removes indirect deps on
time and old-locale.  Random was only used to provide trivial lifting
of a newtype wrapped CryptoRandomGen instances into the RandomGen
class, which was of questionable sense in the first place.

I've been using the HEAD crypto-api, specifically Test.{HMAC,SHA,AES},
Crypto.{Classes,HMAC} and Benchmark.{BlockCipher,Hash}, with instances
for SimpleAES, cryptohash, pureMD5, and SHA packages with good
success.  My HEAD DRBG (NIST SP 800-90) code uses Crypto.Random and
Crypto.Classes libraries to good effect, thus far things seem to flow


More information about the Haskell-Cafe mailing list