How to use an crypto with hackage cereal?

newer
CFP: FHPC 2015: Workshop on...

Magicloud Magiclouds

21 Apr 2015 21 Apr '15

9:22 a.m.

Hi, I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap the data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring. Any idea? Or I should use totally other solution? Thanks. -- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Attachments:

attachment.html (text/html — 657 bytes)

Show replies by date

Yitzchak Gale

21 Apr 21 Apr

10:43 a.m.

Magicloud Magiclouds wrote:

...

I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap the data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash? Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.? Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API. Let's say you have a type like this: data MyCipher = MyAES | MyBlowfish | ... Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething): getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ... etc. Hope this helps, Yitz

Yitzchak Gale

10:50 a.m.

Sorry, you need to specify which cipher type you are using of course. So: let key :: Key AES key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key etc.

Magicloud Magiclouds

1:58 p.m.

Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here? On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...

Magicloud Magiclouds wrote:

...
I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap the data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Ivan Lazar Miljenovic

2:08 p.m.

On 21 April 2015 at 23:58, Magicloud Magiclouds wrote:

...

Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better. I would envisage that you would get a Bytestring/Text value, then encrypt/decrypt and then put it back (though if you're dealing with Bytestrings, unless you're wanting to compose them with others there's no real need to use Get and Put as you'll have the resulting Bytestring already...). Or are you wanting to implement your own encryption/decryption scheme? In which case, you might want to either: a) write custom functions in the Get and Put monads OR b) write custom parsers (e.g. attoparsec) and builders (using the Builder module in bytestring); this is probably going to suit you better.

...

On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...
Magicloud Magiclouds wrote:

...
I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap the data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

Magicloud Magiclouds

22 Apr 22 Apr

2:49 a.m.

Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like: msum $ map (encrypt . encode) [field1, field2, field3] I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads. On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

...

On 21 April 2015 at 23:58, Magicloud Magiclouds wrote:

...
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then encrypt/decrypt and then put it back (though if you're dealing with Bytestrings, unless you're wanting to compose them with others there's no real need to use Get and Put as you'll have the resulting Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme? In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the Builder module in bytestring); this is probably going to suit you better.

...
On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...
Magicloud Magiclouds wrote:

...
I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap

the

...
...
...
data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Andrey Sverdlichenko

3:05 a.m.

You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser. On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds wrote:

...

Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like: msum $ map (encrypt . encode) [field1, field2, field3] I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads. On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

...
On 21 April 2015 at 23:58, Magicloud Magiclouds wrote:

...
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then encrypt/decrypt and then put it back (though if you're dealing with Bytestrings, unless you're wanting to compose them with others there's no real need to use Get and Put as you'll have the resulting Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme? In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the Builder module in bytestring); this is probably going to suit you better.

...
On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...
Magicloud Magiclouds wrote:

...
I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap

the

...
...
...
data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Magicloud Magiclouds

3:12 a.m.

How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode. On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko wrote:

...

You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.

On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

...
On 21 April 2015 at 23:58, Magicloud Magiclouds wrote:

...
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then encrypt/decrypt and then put it back (though if you're dealing with Bytestrings, unless you're wanting to compose them with others there's no real need to use Get and Put as you'll have the resulting Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme? In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the Builder module in bytestring); this is probably going to suit you better.

...
On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...
Magicloud Magiclouds wrote:

...
I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap

the

...
...
...
data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Andrey Sverdlichenko

3:26 a.m.

You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error. On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds wrote:

...

How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode. On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko wrote:

...
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.

On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

...
On 21 April 2015 at 23:58, Magicloud Magiclouds wrote:

...
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then encrypt/decrypt and then put it back (though if you're dealing with Bytestrings, unless you're wanting to compose them with others there's no real need to use Get and Put as you'll have the resulting Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme? In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the Builder module in bytestring); this is probably going to suit you better.

...
On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...
Magicloud Magiclouds wrote: > I am trying to work with some binary data that encrypted by field > instead of > the result of serialization. I'd like to use Data.Serialize to wrap

the

...
...
> data > structure. But I could not figure out how to apply an runtime specified > cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Magicloud Magiclouds

3:41 a.m.

That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work. I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function. On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko wrote:

...

You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.

On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko wrote:

...
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.

On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

...
...
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while

On 21 April 2015 at 23:58, Magicloud Magiclouds wrote: they do

...
not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then encrypt/decrypt and then put it back (though if you're dealing with Bytestrings, unless you're wanting to compose them with others there's no real need to use Get and Put as you'll have the resulting Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme? In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the Builder module in bytestring); this is probably going to suit you better.

...
On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale

wrote:

...
> > Magicloud Magiclouds wrote: > > I am trying to work with some binary data that encrypted by field > > instead of > > the result of serialization. I'd like to use Data.Serialize to wrap the > > data > > structure. But I could not figure out how to apply an runtime specified > > cipher method to the bytestring. > > Are you using the set of crypto libraries written by > Victor Hanquez, such as cryptocipher-types, > crypto-pubkey-types, and cryptohash? > > Or the set of libraries written by Thomas DuBuisson, > such as crypto-api, cipher-aes128, etc.? > > Here is an example of decoding for Victor's libraries. > Encoding would be similar using Put instead of Get. > Thomas' libraries would be similar using the other > API. > > Let's say you have a type like this: > > data MyCipher = MyAES | MyBlowfish | ... > > Then in your cereal code you would have a Get monad > expression something like this (assuming you have > written all of the functions called parseSomething): > > getStuff = do > cipher <- parseCipher :: Get MyCipher > clearText <- case cipher of > MyAES -> do > keyBS <- parseAESKey :: Get ByteString > let key = either (error "bad AES key") id $ makeKey keyBS > cipher = cipherInit key > cipherText <- parseAESCipherText :: Get ByteString > return $ ecbDecrypt cipher cipherText > MyBlowfish -> do ... > > etc. > > Hope this helps, > Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Andrey Sverdlichenko

3:44 a.m.

Could you describe encrypted data format? I can't understand problem with decryption. On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds wrote:

...

That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work. I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function. On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko wrote:

...
You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.

On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko wrote:

...
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.

On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

...
On 21 April 2015 at 23:58, Magicloud Magiclouds wrote: > Thank you. But how if the cipher was specified outside the binary data? I > mean I need to pass the decrypt/encrypt function to get/put while they do > not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then encrypt/decrypt and then put it back (though if you're dealing with Bytestrings, unless you're wanting to compose them with others there's no real need to use Get and Put as you'll have the resulting Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme? In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the Builder module in bytestring); this is probably going to suit you better.

> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote: >> >> Magicloud Magiclouds wrote: >> > I am trying to work with some binary data that encrypted by field >> > instead of >> > the result of serialization. I'd like to use Data.Serialize to wrap the >> > data >> > structure. But I could not figure out how to apply an runtime specified >> > cipher method to the bytestring. >> >> Are you using the set of crypto libraries written by >> Victor Hanquez, such as cryptocipher-types, >> crypto-pubkey-types, and cryptohash? >> >> Or the set of libraries written by Thomas DuBuisson, >> such as crypto-api, cipher-aes128, etc.? >> >> Here is an example of decoding for Victor's libraries. >> Encoding would be similar using Put instead of Get. >> Thomas' libraries would be similar using the other >> API. >> >> Let's say you have a type like this: >> >> data MyCipher = MyAES | MyBlowfish | ... >> >> Then in your cereal code you would have a Get monad >> expression something like this (assuming you have >> written all of the functions called parseSomething): >> >> getStuff = do >> cipher <- parseCipher :: Get MyCipher >> clearText <- case cipher of >> MyAES -> do >> keyBS <- parseAESKey :: Get ByteString >> let key = either (error "bad AES key") id $ makeKey keyBS >> cipher = cipherInit key >> cipherText <- parseAESCipherText :: Get ByteString >> return $ ecbDecrypt cipher cipherText >> MyBlowfish -> do ... >> >> etc. >> >> Hope this helps, >> Yitz > > > > > -- > 竹密岂妨流水过 > 山高哪阻野云飞 > > And for G+, please use magiclouds#gmail.com. > > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe >

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Magicloud Magiclouds

3:52 a.m.

Say the data structure is: data Person = Person { name :: String , gender :: Gender , age :: Int } Then the process to generate the binary is: msum $ map (encrypt . encode) [ length $ name person, name person, gender person, age person ] Above process is just persudo in Haskell, the actual is not coded in Haskell. On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko wrote:

...

Could you describe encrypted data format? I can't understand problem with decryption.

On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.

I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.

On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko wrote:

...
You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.

On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko wrote:

...
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.

On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...
Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

> On 21 April 2015 at 23:58, Magicloud Magiclouds > wrote: > > Thank you. But how if the cipher was specified outside the binary > data? I > > mean I need to pass the decrypt/encrypt function to get/put while > they do > > not accept parameters. Should I use Reader here? > > Maybe you could explain what you're doing better. > > I would envisage that you would get a Bytestring/Text value, then > encrypt/decrypt and then put it back (though if you're dealing with > Bytestrings, unless you're wanting to compose them with others > there's > no real need to use Get and Put as you'll have the resulting > Bytestring already...). > > Or are you wanting to implement your own encryption/decryption > scheme? > In which case, you might want to either: > > a) write custom functions in the Get and Put monads OR > > b) write custom parsers (e.g. attoparsec) and builders (using the > Builder module in bytestring); this is probably going to suit you > better. > > > > > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale > wrote: > >> > >> Magicloud Magiclouds wrote: > >> > I am trying to work with some binary data that encrypted by > field > >> > instead of > >> > the result of serialization. I'd like to use Data.Serialize to > wrap the > >> > data > >> > structure. But I could not figure out how to apply an runtime > specified > >> > cipher method to the bytestring. > >> > >> Are you using the set of crypto libraries written by > >> Victor Hanquez, such as cryptocipher-types, > >> crypto-pubkey-types, and cryptohash? > >> > >> Or the set of libraries written by Thomas DuBuisson, > >> such as crypto-api, cipher-aes128, etc.? > >> > >> Here is an example of decoding for Victor's libraries. > >> Encoding would be similar using Put instead of Get. > >> Thomas' libraries would be similar using the other > >> API. > >> > >> Let's say you have a type like this: > >> > >> data MyCipher = MyAES | MyBlowfish | ... > >> > >> Then in your cereal code you would have a Get monad > >> expression something like this (assuming you have > >> written all of the functions called parseSomething): > >> > >> getStuff = do > >> cipher <- parseCipher :: Get MyCipher > >> clearText <- case cipher of > >> MyAES -> do > >> keyBS <- parseAESKey :: Get ByteString > >> let key = either (error "bad AES key") id $ makeKey keyBS > >> cipher = cipherInit key > >> cipherText <- parseAESCipherText :: Get ByteString > >> return $ ecbDecrypt cipher cipherText > >> MyBlowfish -> do ... > >> > >> etc. > >> > >> Hope this helps, > >> Yitz > > > > > > > > > > -- > > 竹密岂妨流水过 > > 山高哪阻野云飞 > > > > And for G+, please use magiclouds#gmail.com. > > > > _______________________________________________ > > Haskell-Cafe mailing list > > Haskell-Cafe@haskell.org > > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe > > > > > > -- > Ivan Lazar Miljenovic > Ivan.Miljenovic@gmail.com > http://IvanMiljenovic.wordpress.com >

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Ivan Lazar Miljenovic

3:56 a.m.

On 22 April 2015 at 13:52, Magicloud Magiclouds wrote:

...

Say the data structure is:

data Person = Person { name :: String , gender :: Gender , age :: Int }

Then the process to generate the binary is:

msum $ map (encrypt . encode) [ length $ name person, name person, gender person, age person ]

Above process is just persudo in Haskell, the actual is not coded in Haskell.

Except that binary and cereal are for serializing Haskell values directly; you seem to be wanting to parse and generate a particular encoding for a value. In which case, I don't think binary or cereal is really appropriate.

...

On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko wrote:

...
Could you describe encrypted data format? I can't understand problem with decryption.

On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds wrote:

...
That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.

I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.

On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko wrote:

...
You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.

On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds wrote:

...
How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko wrote:

...
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.

On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds wrote: > > Similar as you envisaged. I would receive a bytestring data and a > config point out what cipher to use. Then I deserialize the data to a data > type with some fields. The serialize process is something like: > > msum $ map (encrypt . encode) [field1, field2, field3] > > I could parse the bytestring outside Get/Put monads. But I think that > looks ugly. I really want to embed the decrypt process into Get/Put monads. > > On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic > wrote: >> >> On 21 April 2015 at 23:58, Magicloud Magiclouds >> wrote: >> > Thank you. But how if the cipher was specified outside the binary >> > data? I >> > mean I need to pass the decrypt/encrypt function to get/put while >> > they do >> > not accept parameters. Should I use Reader here? >> >> Maybe you could explain what you're doing better. >> >> I would envisage that you would get a Bytestring/Text value, then >> encrypt/decrypt and then put it back (though if you're dealing with >> Bytestrings, unless you're wanting to compose them with others >> there's >> no real need to use Get and Put as you'll have the resulting >> Bytestring already...). >> >> Or are you wanting to implement your own encryption/decryption >> scheme? >> In which case, you might want to either: >> >> a) write custom functions in the Get and Put monads OR >> >> b) write custom parsers (e.g. attoparsec) and builders (using the >> Builder module in bytestring); this is probably going to suit you >> better. >> >> > >> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale >> > wrote: >> >> >> >> Magicloud Magiclouds wrote: >> >> > I am trying to work with some binary data that encrypted by >> >> > field >> >> > instead of >> >> > the result of serialization. I'd like to use Data.Serialize to >> >> > wrap the >> >> > data >> >> > structure. But I could not figure out how to apply an runtime >> >> > specified >> >> > cipher method to the bytestring. >> >> >> >> Are you using the set of crypto libraries written by >> >> Victor Hanquez, such as cryptocipher-types, >> >> crypto-pubkey-types, and cryptohash? >> >> >> >> Or the set of libraries written by Thomas DuBuisson, >> >> such as crypto-api, cipher-aes128, etc.? >> >> >> >> Here is an example of decoding for Victor's libraries. >> >> Encoding would be similar using Put instead of Get. >> >> Thomas' libraries would be similar using the other >> >> API. >> >> >> >> Let's say you have a type like this: >> >> >> >> data MyCipher = MyAES | MyBlowfish | ... >> >> >> >> Then in your cereal code you would have a Get monad >> >> expression something like this (assuming you have >> >> written all of the functions called parseSomething): >> >> >> >> getStuff = do >> >> cipher <- parseCipher :: Get MyCipher >> >> clearText <- case cipher of >> >> MyAES -> do >> >> keyBS <- parseAESKey :: Get ByteString >> >> let key = either (error "bad AES key") id $ makeKey keyBS >> >> cipher = cipherInit key >> >> cipherText <- parseAESCipherText :: Get ByteString >> >> return $ ecbDecrypt cipher cipherText >> >> MyBlowfish -> do ... >> >> >> >> etc. >> >> >> >> Hope this helps, >> >> Yitz >> > >> > >> > >> > >> > -- >> > 竹密岂妨流水过 >> > 山高哪阻野云飞 >> > >> > And for G+, please use magiclouds#gmail.com. >> > >> > _______________________________________________ >> > Haskell-Cafe mailing list >> > Haskell-Cafe@haskell.org >> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe >> > >> >> >> >> -- >> Ivan Lazar Miljenovic >> Ivan.Miljenovic@gmail.com >> http://IvanMiljenovic.wordpress.com > > > > > -- > 竹密岂妨流水过 > 山高哪阻野云飞 > > And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

Magicloud Magiclouds

3:58 a.m.

Ah, sorry, the "encode" function is the one from cereal, not to "generate a particular encoding for a value". On Wed, Apr 22, 2015 at 11:56 AM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

...

On 22 April 2015 at 13:52, Magicloud Magiclouds wrote:

...
Say the data structure is:

data Person = Person { name :: String , gender :: Gender , age :: Int }

Then the process to generate the binary is:

msum $ map (encrypt . encode) [ length $ name person, name person, gender person, age person ]

Above process is just persudo in Haskell, the actual is not coded in Haskell.

Except that binary and cereal are for serializing Haskell values directly; you seem to be wanting to parse and generate a particular encoding for a value. In which case, I don't think binary or cereal is really appropriate.

...
On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko wrote:

...
Could you describe encrypted data format? I can't understand problem

...
...
decryption.

On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds wrote:

...
That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers.

So

...
decrypt-runGetPartial-decrypt-runGetPartial loop would not work.

I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.

On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko
...
...
wrote:

...
You can't really modify source bytestring inside Get monad, and this

is

...
what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.

On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds wrote:

...
How about fail in Get monad if decrypt failed? So decrypt failure

would

...
lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko < blaze@ruddy.ru> wrote: > > You probably should not merge decrypt and decode operations, it is bad > crypto habit. Until you decrypted and verified integrity of data,

...
...
...
...
...
> dangerous and opening your service to attacks. Correct way of implementing > this would be to pass ciphertext to decryption function and run

...
...
...
...
...
> if decryption is successful. If bytestring is too big to be decrypted in one > piece, consider encrypting it in blocks and feeding decrypted parts to > parser. > > > > On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds > wrote: >> >> Similar as you envisaged. I would receive a bytestring data and a >> config point out what cipher to use. Then I deserialize the data to a data >> type with some fields. The serialize process is something like: >> >> msum $ map (encrypt . encode) [field1, field2, field3] >> >> I could parse the bytestring outside Get/Put monads. But I think

with parsing is parser only that

...
...
...
...
...
>> looks ugly. I really want to embed the decrypt process into Get/Put monads. >> >> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic >> wrote: >>> >>> On 21 April 2015 at 23:58, Magicloud Magiclouds >>> wrote: >>> > Thank you. But how if the cipher was specified outside the binary >>> > data? I >>> > mean I need to pass the decrypt/encrypt function to get/put while >>> > they do >>> > not accept parameters. Should I use Reader here? >>> >>> Maybe you could explain what you're doing better. >>> >>> I would envisage that you would get a Bytestring/Text value, then >>> encrypt/decrypt and then put it back (though if you're dealing with >>> Bytestrings, unless you're wanting to compose them with others >>> there's >>> no real need to use Get and Put as you'll have the resulting >>> Bytestring already...). >>> >>> Or are you wanting to implement your own encryption/decryption >>> scheme? >>> In which case, you might want to either: >>> >>> a) write custom functions in the Get and Put monads OR >>> >>> b) write custom parsers (e.g. attoparsec) and builders (using the >>> Builder module in bytestring); this is probably going to suit you >>> better. >>> >>> > >>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale >>> > wrote: >>> >> >>> >> Magicloud Magiclouds wrote: >>> >> > I am trying to work with some binary data that encrypted by >>> >> > field >>> >> > instead of >>> >> > the result of serialization. I'd like to use Data.Serialize to >>> >> > wrap the >>> >> > data >>> >> > structure. But I could not figure out how to apply an runtime >>> >> > specified >>> >> > cipher method to the bytestring. >>> >> >>> >> Are you using the set of crypto libraries written by >>> >> Victor Hanquez, such as cryptocipher-types, >>> >> crypto-pubkey-types, and cryptohash? >>> >> >>> >> Or the set of libraries written by Thomas DuBuisson, >>> >> such as crypto-api, cipher-aes128, etc.? >>> >> >>> >> Here is an example of decoding for Victor's libraries. >>> >> Encoding would be similar using Put instead of Get. >>> >> Thomas' libraries would be similar using the other >>> >> API. >>> >> >>> >> Let's say you have a type like this: >>> >> >>> >> data MyCipher = MyAES | MyBlowfish | ... >>> >> >>> >> Then in your cereal code you would have a Get monad >>> >> expression something like this (assuming you have >>> >> written all of the functions called parseSomething): >>> >> >>> >> getStuff = do >>> >> cipher <- parseCipher :: Get MyCipher >>> >> clearText <- case cipher of >>> >> MyAES -> do >>> >> keyBS <- parseAESKey :: Get ByteString >>> >> let key = either (error "bad AES key") id $ makeKey keyBS >>> >> cipher = cipherInit key >>> >> cipherText <- parseAESCipherText :: Get ByteString >>> >> return $ ecbDecrypt cipher cipherText >>> >> MyBlowfish -> do ... >>> >> >>> >> etc. >>> >> >>> >> Hope this helps, >>> >> Yitz >>> > >>> > >>> > >>> > >>> > -- >>> > 竹密岂妨流水过 >>> > 山高哪阻野云飞 >>> > >>> > And for G+, please use magiclouds#gmail.com. >>> > >>> > _______________________________________________ >>> > Haskell-Cafe mailing list >>> > Haskell-Cafe@haskell.org >>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe >>> > >>> >>> >>> >>> -- >>> Ivan Lazar Miljenovic >>> Ivan.Miljenovic@gmail.com >>> http://IvanMiljenovic.wordpress.com >> >> >> >> >> -- >> 竹密岂妨流水过 >> 山高哪阻野云飞 >> >> And for G+, please use magiclouds#gmail.com. > >

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Ivan Lazar Miljenovic

4:01 a.m.

On 22 April 2015 at 13:58, Magicloud Magiclouds wrote:

...

Ah, sorry, the "encode" function is the one from cereal, not to "generate a particular encoding for a value".

I meant "encode" as in "use a specific representation rather than directly converting it on a constructor-by-constructor basis as is the default for Get/Put".

...

On Wed, Apr 22, 2015 at 11:56 AM, Ivan Lazar Miljenovic wrote:

...
On 22 April 2015 at 13:52, Magicloud Magiclouds wrote:

...
Say the data structure is:

data Person = Person { name :: String , gender :: Gender , age :: Int }

Then the process to generate the binary is:

msum $ map (encrypt . encode) [ length $ name person, name person, gender person, age person ]

Above process is just persudo in Haskell, the actual is not coded in Haskell.

Except that binary and cereal are for serializing Haskell values directly; you seem to be wanting to parse and generate a particular encoding for a value. In which case, I don't think binary or cereal is really appropriate.

...
On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko wrote:

...
Could you describe encrypted data format? I can't understand problem with decryption.

On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds wrote:

...
That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.

I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.

On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko wrote:

...
You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.

On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds wrote: > > How about fail in Get monad if decrypt failed? So decrypt failure > would > lead to a result of "Left String" on decode. > > On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko > > wrote: >> >> You probably should not merge decrypt and decode operations, it is >> bad >> crypto habit. Until you decrypted and verified integrity of data, >> parsing is >> dangerous and opening your service to attacks. Correct way of >> implementing >> this would be to pass ciphertext to decryption function and run >> parser only >> if decryption is successful. If bytestring is too big to be >> decrypted in one >> piece, consider encrypting it in blocks and feeding decrypted parts >> to >> parser. >> >> >> >> On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds >> wrote: >>> >>> Similar as you envisaged. I would receive a bytestring data and a >>> config point out what cipher to use. Then I deserialize the data >>> to a data >>> type with some fields. The serialize process is something like: >>> >>> msum $ map (encrypt . encode) [field1, field2, field3] >>> >>> I could parse the bytestring outside Get/Put monads. But I think >>> that >>> looks ugly. I really want to embed the decrypt process into >>> Get/Put monads. >>> >>> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic >>> wrote: >>>> >>>> On 21 April 2015 at 23:58, Magicloud Magiclouds >>>> wrote: >>>> > Thank you. But how if the cipher was specified outside the >>>> > binary >>>> > data? I >>>> > mean I need to pass the decrypt/encrypt function to get/put >>>> > while >>>> > they do >>>> > not accept parameters. Should I use Reader here? >>>> >>>> Maybe you could explain what you're doing better. >>>> >>>> I would envisage that you would get a Bytestring/Text value, then >>>> encrypt/decrypt and then put it back (though if you're dealing >>>> with >>>> Bytestrings, unless you're wanting to compose them with others >>>> there's >>>> no real need to use Get and Put as you'll have the resulting >>>> Bytestring already...). >>>> >>>> Or are you wanting to implement your own encryption/decryption >>>> scheme? >>>> In which case, you might want to either: >>>> >>>> a) write custom functions in the Get and Put monads OR >>>> >>>> b) write custom parsers (e.g. attoparsec) and builders (using the >>>> Builder module in bytestring); this is probably going to suit you >>>> better. >>>> >>>> > >>>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale >>>> > wrote: >>>> >> >>>> >> Magicloud Magiclouds wrote: >>>> >> > I am trying to work with some binary data that encrypted by >>>> >> > field >>>> >> > instead of >>>> >> > the result of serialization. I'd like to use Data.Serialize >>>> >> > to >>>> >> > wrap the >>>> >> > data >>>> >> > structure. But I could not figure out how to apply an >>>> >> > runtime >>>> >> > specified >>>> >> > cipher method to the bytestring. >>>> >> >>>> >> Are you using the set of crypto libraries written by >>>> >> Victor Hanquez, such as cryptocipher-types, >>>> >> crypto-pubkey-types, and cryptohash? >>>> >> >>>> >> Or the set of libraries written by Thomas DuBuisson, >>>> >> such as crypto-api, cipher-aes128, etc.? >>>> >> >>>> >> Here is an example of decoding for Victor's libraries. >>>> >> Encoding would be similar using Put instead of Get. >>>> >> Thomas' libraries would be similar using the other >>>> >> API. >>>> >> >>>> >> Let's say you have a type like this: >>>> >> >>>> >> data MyCipher = MyAES | MyBlowfish | ... >>>> >> >>>> >> Then in your cereal code you would have a Get monad >>>> >> expression something like this (assuming you have >>>> >> written all of the functions called parseSomething): >>>> >> >>>> >> getStuff = do >>>> >> cipher <- parseCipher :: Get MyCipher >>>> >> clearText <- case cipher of >>>> >> MyAES -> do >>>> >> keyBS <- parseAESKey :: Get ByteString >>>> >> let key = either (error "bad AES key") id $ makeKey >>>> >> keyBS >>>> >> cipher = cipherInit key >>>> >> cipherText <- parseAESCipherText :: Get ByteString >>>> >> return $ ecbDecrypt cipher cipherText >>>> >> MyBlowfish -> do ... >>>> >> >>>> >> etc. >>>> >> >>>> >> Hope this helps, >>>> >> Yitz >>>> > >>>> > >>>> > >>>> > >>>> > -- >>>> > 竹密岂妨流水过 >>>> > 山高哪阻野云飞 >>>> > >>>> > And for G+, please use magiclouds#gmail.com. >>>> > >>>> > _______________________________________________ >>>> > Haskell-Cafe mailing list >>>> > Haskell-Cafe@haskell.org >>>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe >>>> > >>>> >>>> >>>> >>>> -- >>>> Ivan Lazar Miljenovic >>>> Ivan.Miljenovic@gmail.com >>>> http://IvanMiljenovic.wordpress.com >>> >>> >>> >>> >>> -- >>> 竹密岂妨流水过 >>> 山高哪阻野云飞 >>> >>> And for G+, please use magiclouds#gmail.com. >> >> > > > > -- > 竹密岂妨流水过 > 山高哪阻野云飞 > > And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

Magicloud Magiclouds

4:02 a.m.

I see. Thank you. So I will find other solutions. On Wed, Apr 22, 2015 at 12:01 PM, Ivan Lazar Miljenovic < ivan.miljenovic@gmail.com> wrote:

...

On 22 April 2015 at 13:58, Magicloud Magiclouds wrote:

...
Ah, sorry, the "encode" function is the one from cereal, not to "generate a particular encoding for a value".

I meant "encode" as in "use a specific representation rather than directly converting it on a constructor-by-constructor basis as is the default for Get/Put".

...
On Wed, Apr 22, 2015 at 11:56 AM, Ivan Lazar Miljenovic wrote:

...
On 22 April 2015 at 13:52, Magicloud Magiclouds wrote:

...
Say the data structure is:

data Person = Person { name :: String , gender :: Gender , age :: Int }

Then the process to generate the binary is:

msum $ map (encrypt . encode) [ length $ name person, name person, gender person, age person ]

Above process is just persudo in Haskell, the actual is not coded in Haskell.

Except that binary and cereal are for serializing Haskell values directly; you seem to be wanting to parse and generate a particular encoding for a value. In which case, I don't think binary or cereal is really appropriate.

...
On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko <

...
...
...
wrote:

...
Could you describe encrypted data format? I can't understand problem with decryption.

On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds wrote:

...
That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get*

helpers.

...
...
So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.

I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.

On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko wrote: > > You can't really modify source bytestring inside Get monad, and

...
...
...
...
...
> is > what decryption effectively do. The only option I know about is to > run > another parser inside Get monad. I'd rather write > decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from > it on > decryption error. > > > > On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds > wrote: >> >> How about fail in Get monad if decrypt failed? So decrypt failure >> would >> lead to a result of "Left String" on decode. >> >> On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko >> >> wrote: >>> >>> You probably should not merge decrypt and decode operations, it is >>> bad >>> crypto habit. Until you decrypted and verified integrity of data, >>> parsing is >>> dangerous and opening your service to attacks. Correct way of >>> implementing >>> this would be to pass ciphertext to decryption function and run >>> parser only >>> if decryption is successful. If bytestring is too big to be >>> decrypted in one >>> piece, consider encrypting it in blocks and feeding decrypted

...
...
...
...
...
>>> to >>> parser. >>> >>> >>> >>> On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds >>> wrote: >>>> >>>> Similar as you envisaged. I would receive a bytestring data and a >>>> config point out what cipher to use. Then I deserialize the data >>>> to a data >>>> type with some fields. The serialize process is something like: >>>> >>>> msum $ map (encrypt . encode) [field1, field2, field3] >>>> >>>> I could parse the bytestring outside Get/Put monads. But I think >>>> that >>>> looks ugly. I really want to embed the decrypt process into >>>> Get/Put monads. >>>> >>>> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic >>>> wrote: >>>>> >>>>> On 21 April 2015 at 23:58, Magicloud Magiclouds >>>>> wrote: >>>>> > Thank you. But how if the cipher was specified outside the >>>>> > binary >>>>> > data? I >>>>> > mean I need to pass the decrypt/encrypt function to get/put >>>>> > while >>>>> > they do >>>>> > not accept parameters. Should I use Reader here? >>>>> >>>>> Maybe you could explain what you're doing better. >>>>> >>>>> I would envisage that you would get a Bytestring/Text value,

...
...
...
...
...
>>>>> encrypt/decrypt and then put it back (though if you're dealing >>>>> with >>>>> Bytestrings, unless you're wanting to compose them with others >>>>> there's >>>>> no real need to use Get and Put as you'll have the resulting >>>>> Bytestring already...). >>>>> >>>>> Or are you wanting to implement your own encryption/decryption >>>>> scheme? >>>>> In which case, you might want to either: >>>>> >>>>> a) write custom functions in the Get and Put monads OR >>>>> >>>>> b) write custom parsers (e.g. attoparsec) and builders (using

blaze@ruddy.ru> this parts then the

...
...
...
...
...
>>>>> Builder module in bytestring); this is probably going to suit you >>>>> better. >>>>> >>>>> > >>>>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale < gale@sefer.org> >>>>> > wrote: >>>>> >> >>>>> >> Magicloud Magiclouds wrote: >>>>> >> > I am trying to work with some binary data that encrypted by >>>>> >> > field >>>>> >> > instead of >>>>> >> > the result of serialization. I'd like to use Data.Serialize >>>>> >> > to >>>>> >> > wrap the >>>>> >> > data >>>>> >> > structure. But I could not figure out how to apply an >>>>> >> > runtime >>>>> >> > specified >>>>> >> > cipher method to the bytestring. >>>>> >> >>>>> >> Are you using the set of crypto libraries written by >>>>> >> Victor Hanquez, such as cryptocipher-types, >>>>> >> crypto-pubkey-types, and cryptohash? >>>>> >> >>>>> >> Or the set of libraries written by Thomas DuBuisson, >>>>> >> such as crypto-api, cipher-aes128, etc.? >>>>> >> >>>>> >> Here is an example of decoding for Victor's libraries. >>>>> >> Encoding would be similar using Put instead of Get. >>>>> >> Thomas' libraries would be similar using the other >>>>> >> API. >>>>> >> >>>>> >> Let's say you have a type like this: >>>>> >> >>>>> >> data MyCipher = MyAES | MyBlowfish | ... >>>>> >> >>>>> >> Then in your cereal code you would have a Get monad >>>>> >> expression something like this (assuming you have >>>>> >> written all of the functions called parseSomething): >>>>> >> >>>>> >> getStuff = do >>>>> >> cipher <- parseCipher :: Get MyCipher >>>>> >> clearText <- case cipher of >>>>> >> MyAES -> do >>>>> >> keyBS <- parseAESKey :: Get ByteString >>>>> >> let key = either (error "bad AES key") id $ makeKey >>>>> >> keyBS >>>>> >> cipher = cipherInit key >>>>> >> cipherText <- parseAESCipherText :: Get ByteString >>>>> >> return $ ecbDecrypt cipher cipherText >>>>> >> MyBlowfish -> do ... >>>>> >> >>>>> >> etc. >>>>> >> >>>>> >> Hope this helps, >>>>> >> Yitz >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > -- >>>>> > 竹密岂妨流水过 >>>>> > 山高哪阻野云飞 >>>>> > >>>>> > And for G+, please use magiclouds#gmail.com. >>>>> > >>>>> > _______________________________________________ >>>>> > Haskell-Cafe mailing list >>>>> > Haskell-Cafe@haskell.org >>>>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe >>>>> > >>>>> >>>>> >>>>> >>>>> -- >>>>> Ivan Lazar Miljenovic >>>>> Ivan.Miljenovic@gmail.com >>>>> http://IvanMiljenovic.wordpress.com >>>> >>>> >>>> >>>> >>>> -- >>>> 竹密岂妨流水过 >>>> 山高哪阻野云飞 >>>> >>>> And for G+, please use magiclouds#gmail.com. >>> >>> >> >> >> >> -- >> 竹密岂妨流水过 >> 山高哪阻野云飞 >> >> And for G+, please use magiclouds#gmail.com. > >

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com http://IvanMiljenovic.wordpress.com

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Yitzchak Gale

23 Apr 23 Apr

8:46 a.m.

Ivan Lazar Miljenovic wrote:

...

...
...
Except that binary and cereal are for serializing Haskell values directly; you seem to be wanting to parse and generate a particular encoding for a value. In which case, I don't think binary or cereal is really appropriate.

...

I meant "encode" as in "use a specific representation rather than directly converting it on a constructor-by-constructor basis as is the default for Get/Put".

I must still not be understanding what you meant in your original comment. Because in my view, cereal and binary are *exactly* designed for that use, and do it extremely well. The only place where a particular "constructor-by-constructor" approach is built in is in the facilities for automated generation of parsers using generic techniques. But when writing parsers directly, you have full flexibility, and a powerful set of built-in tools to back you up.

Erik Hesselink

21 Apr 21 Apr

2:13 p.m.

One thing I've done in the past is, instead of giving an 'instance Serialize YourType', give an 'instance Serialize (Input -> YourType)'. This way you can get access to the input in the instance, but you have to provide the input when you can the deserialization function. Regards, Erik On Tue, Apr 21, 2015 at 3:58 PM, Magicloud Magiclouds wrote:

...

Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...
Magicloud Magiclouds wrote:

...
I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap the data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

Magicloud Magiclouds

22 Apr 22 Apr

1:52 a.m.

This seems like what I need. Thanks. On Tue, Apr 21, 2015 at 10:13 PM, Erik Hesselink wrote:

...

One thing I've done in the past is, instead of giving an 'instance Serialize YourType', give an 'instance Serialize (Input -> YourType)'. This way you can get access to the input in the instance, but you have to provide the input when you can the deserialization function.

Regards,

Erik

...
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...
Magicloud Magiclouds wrote:

...
I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap

On Tue, Apr 21, 2015 at 3:58 PM, Magicloud Magiclouds wrote: the

...
...
...
data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Magicloud Magiclouds

2:52 a.m.

Apparently I did not think this through. For "instance (BlockCipher k, Byteable iv) => Serialize ((k, iv), Destination)", how should I code get function? I mean in get, I should give out (k, iv), instead of using them. On Wed, Apr 22, 2015 at 9:52 AM, Magicloud Magiclouds < magicloud.magiclouds@gmail.com> wrote:

...

This seems like what I need. Thanks.

On Tue, Apr 21, 2015 at 10:13 PM, Erik Hesselink wrote:

...
One thing I've done in the past is, instead of giving an 'instance Serialize YourType', give an 'instance Serialize (Input -> YourType)'. This way you can get access to the input in the instance, but you have to provide the input when you can the deserialization function.

Regards,

Erik

...
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale wrote:

...
Magicloud Magiclouds wrote:

...
I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap

On Tue, Apr 21, 2015 at 3:58 PM, Magicloud Magiclouds wrote: the

...
...
...
data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Are you using the set of crypto libraries written by Victor Hanquez, such as cryptocipher-types, crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson, such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries. Encoding would be similar using Put instead of Get. Thomas' libraries would be similar using the other API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad expression something like this (assuming you have written all of the functions called parseSomething):

getStuff = do cipher <- parseCipher :: Get MyCipher clearText <- case cipher of MyAES -> do keyBS <- parseAESKey :: Get ByteString let key = either (error "bad AES key") id $ makeKey keyBS cipher = cipherInit key cipherText <- parseAESCipherText :: Get ByteString return $ ecbDecrypt cipher cipherText MyBlowfish -> do ...

etc.

Hope this helps, Yitz

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- 竹密岂妨流水过山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

Tom Ellis

23 Apr 23 Apr

8:58 a.m.

On Tue, Apr 21, 2015 at 09:58:42PM +0800, Magicloud Magiclouds wrote:

...

Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

I think the crux of the problem is that you are trying to use the Serialize typeclass. Don't. Just write functions. Tom

Magicloud Magiclouds

9:17 a.m.

Yes, I ended up writing my own FieldCryptoSerialize class. On Thu, Apr 23, 2015 at 4:58 PM, Tom Ellis < tom-lists-haskell-cafe-2013@jaguarpaw.co.uk> wrote:

...

On Tue, Apr 21, 2015 at 09:58:42PM +0800, Magicloud Magiclouds wrote:

...
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

I think the crux of the problem is that you are trying to use the Serialize typeclass. Don't. Just write functions.

Tom

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

-- 竹密岂妨流水过山高哪阻野云飞 And for G+, please use magiclouds#gmail.com.

3728

Age (days ago)

3730

Last active (days ago)

List overview

Download

21 comments

6 participants

participants (6)

Andrey Sverdlichenko
Erik Hesselink
Ivan Lazar Miljenovic
Magicloud Magiclouds
Tom Ellis
Yitzchak Gale