[Haskell-cafe] How to use an crypto with hackage cereal?

Magicloud Magiclouds magicloud.magiclouds at gmail.com
Wed Apr 22 03:58:18 UTC 2015


Ah, sorry, the "encode" function is the one from cereal, not to "generate a
particular encoding for a value".

On Wed, Apr 22, 2015 at 11:56 AM, Ivan Lazar Miljenovic <
ivan.miljenovic at gmail.com> wrote:

> On 22 April 2015 at 13:52, Magicloud Magiclouds
> <magicloud.magiclouds at gmail.com> wrote:
> > Say the data structure is:
> >
> > data Person = Person { name :: String
> >                        , gender :: Gender
> >                        , age :: Int }
> >
> > Then the process to generate the binary is:
> >
> > msum $ map (encrypt . encode) [ length $ name person, name person, gender
> > person, age person ]
> >
> > Above process is just persudo in Haskell, the actual is not coded in
> > Haskell.
>
> Except that binary and cereal are for serializing Haskell values
> directly; you seem to be wanting to parse and generate a particular
> encoding for a value.  In which case, I don't think binary or cereal
> is really appropriate.
>
> >
> > On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko <blaze at ruddy.ru>
> > wrote:
> >>
> >> Could you describe encrypted data format? I can't understand problem
> with
> >> decryption.
> >>
> >>
> >>
> >> On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds
> >> <magicloud.magiclouds at gmail.com> wrote:
> >>>
> >>> That is the ugliness of the original binary data. The encryption is not
> >>> by fixed block size. So decrypt cannot be run before the get* helpers.
> So
> >>> decrypt-runGetPartial-decrypt-runGetPartial loop would not work.
> >>>
> >>> I need a "post process" in Get. For example, "portNumber <- liftM
> decrypt
> >>> getWord16be; return $ MyDataType portNumber". But currently I could
> not pass
> >>> decrypt into get function.
> >>>
> >>> On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko <blaze at ruddy.ru
> >
> >>> wrote:
> >>>>
> >>>> You can't really modify source bytestring inside Get monad, and this
> is
> >>>> what decryption effectively do. The only option I know about is to run
> >>>> another parser inside Get monad. I'd rather write
> >>>> decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from
> it on
> >>>> decryption error.
> >>>>
> >>>>
> >>>>
> >>>> On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds
> >>>> <magicloud.magiclouds at gmail.com> wrote:
> >>>>>
> >>>>> How about fail in Get monad if decrypt failed? So decrypt failure
> would
> >>>>> lead to a result of "Left String" on decode.
> >>>>>
> >>>>> On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <
> blaze at ruddy.ru>
> >>>>> wrote:
> >>>>>>
> >>>>>> You probably should not merge decrypt and decode operations, it is
> bad
> >>>>>> crypto habit. Until you decrypted and verified integrity of data,
> parsing is
> >>>>>> dangerous and opening your service to attacks. Correct way of
> implementing
> >>>>>> this would be to pass ciphertext to decryption function and run
> parser only
> >>>>>> if decryption is successful. If bytestring is too big to be
> decrypted in one
> >>>>>> piece, consider encrypting it in blocks and feeding decrypted parts
> to
> >>>>>> parser.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds
> >>>>>> <magicloud.magiclouds at gmail.com> wrote:
> >>>>>>>
> >>>>>>> Similar as you envisaged. I would receive a bytestring data and a
> >>>>>>> config point out what cipher to use. Then I deserialize the data
> to a data
> >>>>>>> type with some fields. The serialize process is something like:
> >>>>>>>
> >>>>>>> msum $ map (encrypt . encode) [field1, field2, field3]
> >>>>>>>
> >>>>>>> I could parse the bytestring outside Get/Put monads. But I think
> that
> >>>>>>> looks ugly. I really want to embed the decrypt process into
> Get/Put monads.
> >>>>>>>
> >>>>>>> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic
> >>>>>>> <ivan.miljenovic at gmail.com> wrote:
> >>>>>>>>
> >>>>>>>> On 21 April 2015 at 23:58, Magicloud Magiclouds
> >>>>>>>> <magicloud.magiclouds at gmail.com> wrote:
> >>>>>>>> > Thank you. But how if the cipher was specified outside the
> binary
> >>>>>>>> > data? I
> >>>>>>>> > mean I need to pass the decrypt/encrypt function to get/put
> while
> >>>>>>>> > they do
> >>>>>>>> > not accept parameters. Should I use Reader here?
> >>>>>>>>
> >>>>>>>> Maybe you could explain what you're doing better.
> >>>>>>>>
> >>>>>>>> I would envisage that you would get a Bytestring/Text value, then
> >>>>>>>> encrypt/decrypt and then put it back (though if you're dealing
> with
> >>>>>>>> Bytestrings, unless you're wanting to compose them with others
> >>>>>>>> there's
> >>>>>>>> no real need to use Get and Put as you'll have the resulting
> >>>>>>>> Bytestring already...).
> >>>>>>>>
> >>>>>>>> Or are you wanting to implement your own encryption/decryption
> >>>>>>>> scheme?
> >>>>>>>>  In which case, you might want to either:
> >>>>>>>>
> >>>>>>>> a) write custom functions in the Get and Put monads OR
> >>>>>>>>
> >>>>>>>> b) write custom parsers (e.g. attoparsec) and builders (using the
> >>>>>>>> Builder module in bytestring); this is probably going to suit you
> >>>>>>>> better.
> >>>>>>>>
> >>>>>>>> >
> >>>>>>>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <gale at sefer.org>
> >>>>>>>> > wrote:
> >>>>>>>> >>
> >>>>>>>> >> Magicloud Magiclouds wrote:
> >>>>>>>> >> > I am trying to work with some binary data that encrypted by
> >>>>>>>> >> > field
> >>>>>>>> >> > instead of
> >>>>>>>> >> > the result of serialization. I'd like to use Data.Serialize
> to
> >>>>>>>> >> > wrap the
> >>>>>>>> >> > data
> >>>>>>>> >> > structure. But I could not figure out how to apply an runtime
> >>>>>>>> >> > specified
> >>>>>>>> >> > cipher method to the bytestring.
> >>>>>>>> >>
> >>>>>>>> >> Are you using the set of crypto libraries written by
> >>>>>>>> >> Victor Hanquez, such as cryptocipher-types,
> >>>>>>>> >> crypto-pubkey-types, and cryptohash?
> >>>>>>>> >>
> >>>>>>>> >> Or the set of libraries written by Thomas DuBuisson,
> >>>>>>>> >> such as crypto-api, cipher-aes128, etc.?
> >>>>>>>> >>
> >>>>>>>> >> Here is an example of decoding for Victor's libraries.
> >>>>>>>> >> Encoding would be similar using Put instead of Get.
> >>>>>>>> >> Thomas' libraries would be similar using the other
> >>>>>>>> >> API.
> >>>>>>>> >>
> >>>>>>>> >> Let's say you have a type like this:
> >>>>>>>> >>
> >>>>>>>> >> data MyCipher = MyAES | MyBlowfish | ...
> >>>>>>>> >>
> >>>>>>>> >> Then in your cereal code you would have a Get monad
> >>>>>>>> >> expression something like this (assuming you have
> >>>>>>>> >> written all of the functions called parseSomething):
> >>>>>>>> >>
> >>>>>>>> >> getStuff = do
> >>>>>>>> >>   cipher <- parseCipher :: Get MyCipher
> >>>>>>>> >>   clearText <- case cipher of
> >>>>>>>> >>     MyAES -> do
> >>>>>>>> >>       keyBS <- parseAESKey :: Get ByteString
> >>>>>>>> >>       let key = either (error "bad AES key") id $ makeKey keyBS
> >>>>>>>> >>           cipher = cipherInit key
> >>>>>>>> >>       cipherText <- parseAESCipherText :: Get ByteString
> >>>>>>>> >>       return $ ecbDecrypt cipher cipherText
> >>>>>>>> >>     MyBlowfish -> do ...
> >>>>>>>> >>
> >>>>>>>> >> etc.
> >>>>>>>> >>
> >>>>>>>> >> Hope this helps,
> >>>>>>>> >> Yitz
> >>>>>>>> >
> >>>>>>>> >
> >>>>>>>> >
> >>>>>>>> >
> >>>>>>>> > --
> >>>>>>>> > 竹密岂妨流水过
> >>>>>>>> > 山高哪阻野云飞
> >>>>>>>> >
> >>>>>>>> > And for G+, please use magiclouds#gmail.com.
> >>>>>>>> >
> >>>>>>>> > _______________________________________________
> >>>>>>>> > Haskell-Cafe mailing list
> >>>>>>>> > Haskell-Cafe at haskell.org
> >>>>>>>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
> >>>>>>>> >
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Ivan Lazar Miljenovic
> >>>>>>>> Ivan.Miljenovic at gmail.com
> >>>>>>>> http://IvanMiljenovic.wordpress.com
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> 竹密岂妨流水过
> >>>>>>> 山高哪阻野云飞
> >>>>>>>
> >>>>>>> And for G+, please use magiclouds#gmail.com.
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> 竹密岂妨流水过
> >>>>> 山高哪阻野云飞
> >>>>>
> >>>>> And for G+, please use magiclouds#gmail.com.
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> 竹密岂妨流水过
> >>> 山高哪阻野云飞
> >>>
> >>> And for G+, please use magiclouds#gmail.com.
> >>
> >>
> >
> >
> >
> > --
> > 竹密岂妨流水过
> > 山高哪阻野云飞
> >
> > And for G+, please use magiclouds#gmail.com.
> >
> > _______________________________________________
> > Haskell-Cafe mailing list
> > Haskell-Cafe at haskell.org
> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
> >
>
>
>
> --
> Ivan Lazar Miljenovic
> Ivan.Miljenovic at gmail.com
> http://IvanMiljenovic.wordpress.com
>



-- 
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20150422/ecb222b7/attachment.html>


More information about the Haskell-Cafe mailing list