[Haskell-cafe] [ANN] Crypto-API

Thomas DuBuisson thomas.dubuisson at gmail.com
Mon Sep 20 21:40:03 EDT 2010

Crypto-API is a project aimed at unifying algorithm developers and
users by presenting a uniform typeclass interface to low level
algorithms and providing generalized helper functions for the
(slightly) higher-level interactions needed by crypto-users.  The main
features are typeclasses (hash, cipher, signing and RNG), block cipher
modes, platform independent entropy/seed acquisition, padding, testing
and benchmarking.

This release represents a fleshing out of the testing infrastructure,
addition of padding mechanisms, and a reduction in build dependencies.
 In particular, I want to encourage package maintainers of TwoFish,
AES, and SHA* algorithms to use the included test infrastructure -
examples can be found on the homepage.

== Project Management ==
Homepage: http://trac.haskell.org/crypto-api/wiki
Bug trac: http://trac.haskell.org/crypto-api/report/1
Repo: http://code.haskell.org/crypto-api/

== API Removals ==
* Test.ParseNistKATs doesn't use Parsec and has a barebones interface.
* Crypto.Random does not export "AsRG" or "Splittable" (see change
log, 'random' build dep removed)

== API Additions ==
* class Signing p v | p -> v, v -> p where ...
* instance Monad (Either GenError) where ...
* cereal >= 0.2 && < 0.4 (was == 0.2.*)
* Testing
 ** Tests are split from Test.Crypto
 ** SHA, HMAC tests are new and from NIST CAVP KATs
 ** AES CFB128 mode KATs
 ** TwoFish NIST KATs
 ** Cipher property tests included (enc . dec ~ id, and many mode
specific tests)
* Crypto.Padding is included with PKCS5 and ESP padding methods.
* "blockSizeBytes" helper function is now included

== Build Dependencies ==
While I've never had objections to dependencies (this is what cabal is
for and removing unused code is what GHC+linkers are for), I feel this
is a good minimum and hope others agree.  Some potential users made
noise about having both Binary and Cereal and just the number of deps
in general.

* deps removed: binary, parsec, random (and indirectly: time, old-locale)
* deps remaining: base, tagged, bytestring, cereal, filepath, directory
* indirect deps remaining: data-default, containers, arrays

To reiterate, the only deps above a normal GHC baseline are tagged,
cereal, and data-default.

* Add 'Signing' class.
* Tests showing the strict and lazy Crypto.Modes functions are eq
* Basic BlockCipher property tests (enc . dec ~ id)
* Enable tests for CFB128
* Added ESP and PCKS5 padding
* add a 'blockSizeBytes' helper
* TwoFish KATs
* Bump 'cereal' version bound to include 0.3
* instance Monad (Either GenError)  -- that was an obvious oversight
* Remove the 'binary' dep. (cereal makes more sense and can be
leveraged in Binary.{Get,Put} routines).
* Removed the 'parsec' dep, which was only needed for Test.* but not
even that now.
* Updated the CPP tests for Windows in System.Random.Crypto (still
need a tester)
* Fixed up the testing infrastructure.  Algorithms now use separate
modules (Test.SHA, Test.HMAC, Test.AES).  more NIST KATs included:
~1000 SHA tests, hundreds of SHA HMAC tests.
* Fixed ugly bug for HMACs using keys > blockSize (eep! Obvious
interop problem, but there was no-less security in the hmac result)
* Removes the 'random' dep and by extension removes indirect deps on
time and old-locale.  Random was only used to provide trivial lifting
of a newtype wrapped CryptoRandomGen instances into the RandomGen
class, which was of questionable sense in the first place.

== TODO ==
* Improve benchmarking infrastructure
** Improved reporting
** Benchmark modes and other higher-level functions, but in a generic way
** Benchmark asymmetric algorithms
* Optimize block cipher modes
* Statistical RNG tests
* Portability testing (Mac, Windows testing needed)


More information about the Haskell-Cafe mailing list