[Haskell-cafe] How to use an crypto with hackage cereal?

Andrey Sverdlichenko blaze at ruddy.ru
Wed Apr 22 03:44:44 UTC 2015


Could you describe encrypted data format? I can't understand problem with decryption.

On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds
<magicloud.magiclouds at gmail.com> wrote:

> That is the ugliness of the original binary data. The encryption is not by
> fixed block size. So decrypt cannot be run before the get* helpers.
> So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.
> I need a "post process" in Get. For example, "portNumber <- liftM decrypt
> getWord16be; return $ MyDataType portNumber". But currently I could not
> pass decrypt into get function.
> On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko <blaze at ruddy.ru>
> wrote:
>> You can't really modify source bytestring inside Get monad, and this is
>> what decryption effectively do. The only option I know about is to run
>> another parser inside Get monad. I'd rather write
>> decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on
>> decryption error.
>>
>>
>>
>> On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds <
>> magicloud.magiclouds at gmail.com> wrote:
>>
>>> How about fail in Get monad if decrypt failed? So decrypt failure would
>>> lead to a result of "Left String" on decode.
>>>
>>> On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <blaze at ruddy.ru>
>>> wrote:
>>>
>>>> You probably should not merge decrypt and decode operations, it is bad
>>>> crypto habit. Until you decrypted and verified integrity of data, parsing
>>>> is dangerous and opening your service to attacks. Correct way of
>>>> implementing this would be to pass ciphertext to decryption function and
>>>> run parser only if decryption is successful. If bytestring is too big to be
>>>> decrypted in one piece, consider encrypting it in blocks and feeding
>>>> decrypted parts to parser.
>>>>
>>>>
>>>>
>>>> On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds <
>>>> magicloud.magiclouds at gmail.com> wrote:
>>>>
>>>>> Similar as you envisaged. I would receive a bytestring data and a
>>>>> config point out what cipher to use. Then I deserialize the data to a data
>>>>> type with some fields. The serialize process is something like:
>>>>>
>>>>> msum $ map (encrypt . encode) [field1, field2, field3]
>>>>>
>>>>> I could parse the bytestring outside Get/Put monads. But I think that
>>>>> looks ugly. I really want to embed the decrypt process into Get/Put monads.
>>>>>
>>>>> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <
>>>>> ivan.miljenovic at gmail.com> wrote:
>>>>>
>>>>>> On 21 April 2015 at 23:58, Magicloud Magiclouds
>>>>>> <magicloud.magiclouds at gmail.com> wrote:
>>>>>> > Thank you. But how if the cipher was specified outside the binary
>>>>>> data? I
>>>>>> > mean I need to pass the decrypt/encrypt function to get/put while
>>>>>> they do
>>>>>> > not accept parameters. Should I use Reader here?
>>>>>>
>>>>>> Maybe you could explain what you're doing better.
>>>>>>
>>>>>> I would envisage that you would get a Bytestring/Text value, then
>>>>>> encrypt/decrypt and then put it back (though if you're dealing with
>>>>>> Bytestrings, unless you're wanting to compose them with others there's
>>>>>> no real need to use Get and Put as you'll have the resulting
>>>>>> Bytestring already...).
>>>>>>
>>>>>> Or are you wanting to implement your own encryption/decryption scheme?
>>>>>>  In which case, you might want to either:
>>>>>>
>>>>>> a) write custom functions in the Get and Put monads OR
>>>>>>
>>>>>> b) write custom parsers (e.g. attoparsec) and builders (using the
>>>>>> Builder module in bytestring); this is probably going to suit you
>>>>>> better.
>>>>>>
>>>>>> >
>>>>>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <gale at sefer.org>
>>>>>> wrote:
>>>>>> >>
>>>>>> >> Magicloud Magiclouds wrote:
>>>>>> >> > I am trying to work with some binary data that encrypted by field
>>>>>> >> > instead of
>>>>>> >> > the result of serialization. I'd like to use Data.Serialize to
>>>>>> wrap the
>>>>>> >> > data
>>>>>> >> > structure. But I could not figure out how to apply an runtime
>>>>>> specified
>>>>>> >> > cipher method to the bytestring.
>>>>>> >>
>>>>>> >> Are you using the set of crypto libraries written by
>>>>>> >> Victor Hanquez, such as cryptocipher-types,
>>>>>> >> crypto-pubkey-types, and cryptohash?
>>>>>> >>
>>>>>> >> Or the set of libraries written by Thomas DuBuisson,
>>>>>> >> such as crypto-api, cipher-aes128, etc.?
>>>>>> >>
>>>>>> >> Here is an example of decoding for Victor's libraries.
>>>>>> >> Encoding would be similar using Put instead of Get.
>>>>>> >> Thomas' libraries would be similar using the other
>>>>>> >> API.
>>>>>> >>
>>>>>> >> Let's say you have a type like this:
>>>>>> >>
>>>>>> >> data MyCipher = MyAES | MyBlowfish | ...
>>>>>> >>
>>>>>> >> Then in your cereal code you would have a Get monad
>>>>>> >> expression something like this (assuming you have
>>>>>> >> written all of the functions called parseSomething):
>>>>>> >>
>>>>>> >> getStuff = do
>>>>>> >>   cipher <- parseCipher :: Get MyCipher
>>>>>> >>   clearText <- case cipher of
>>>>>> >>     MyAES -> do
>>>>>> >>       keyBS <- parseAESKey :: Get ByteString
>>>>>> >>       let key = either (error "bad AES key") id $ makeKey keyBS
>>>>>> >>           cipher = cipherInit key
>>>>>> >>       cipherText <- parseAESCipherText :: Get ByteString
>>>>>> >>       return $ ecbDecrypt cipher cipherText
>>>>>> >>     MyBlowfish -> do ...
>>>>>> >>
>>>>>> >> etc.
>>>>>> >>
>>>>>> >> Hope this helps,
>>>>>> >> Yitz
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > --
>>>>>> > 竹密岂妨流水过
>>>>>> > 山高哪阻野云飞
>>>>>> >
>>>>>> > And for G+, please use magiclouds#gmail.com.
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > Haskell-Cafe mailing list
>>>>>> > Haskell-Cafe at haskell.org
>>>>>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Ivan Lazar Miljenovic
>>>>>> Ivan.Miljenovic at gmail.com
>>>>>> http://IvanMiljenovic.wordpress.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> 竹密岂妨流水过
>>>>> 山高哪阻野云飞
>>>>>
>>>>> And for G+, please use magiclouds#gmail.com.
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> 竹密岂妨流水过
>>> 山高哪阻野云飞
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>>
>>
>>
> -- 
> 竹密岂妨流水过
> 山高哪阻野云飞
> And for G+, please use magiclouds#gmail.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20150421/d85c34e5/attachment.html>


More information about the Haskell-Cafe mailing list