Minor cleanup
This commit is contained in:
Gregor Kleen
parent
0cdc29fbf4
commit
03d67910e2
@ -1,14 +1,14 @@
|
|||||||
{-# LANGUAGE ScopedTypeVariables #-}
|
{-# LANGUAGE ScopedTypeVariables #-}
|
||||||
|
|
||||||
{-|
|
{-|
|
||||||
Description: Reversably generate variable length bytestrings from arbitrary serializable types in a secure fashion
|
Description: Encryption of bytestrings using a type level nonce for determinism
|
||||||
License: BSD3
|
License: BSD3
|
||||||
|
|
||||||
Given a value of a serializable type (like 'Int') we perform serialization and
|
Given a value of a serializable type (like 'Int') we perform serialization and
|
||||||
compute a cryptographic hash of the associated namespace (carried as a phantom
|
compute a cryptographic hash of the associated namespace (carried as a phantom
|
||||||
type of kind 'Symbol').
|
type of kind 'Symbol').
|
||||||
The serialized payload is then encrypted using the a symmetric cipher in CBC
|
The serialized payload is then encrypted using the symmetric cipher in CBC mode
|
||||||
mode using the hashed namespace as an initialization vector (IV).
|
using the hashed namespace as an initialization vector (IV).
|
||||||
|
|
||||||
The probability of detecting a namespace mismatch is thus \(1 - 2^{128-l}\)
|
The probability of detecting a namespace mismatch is thus \(1 - 2^{128-l}\)
|
||||||
where \(l\) is the length of the serialized payload.
|
where \(l\) is the length of the serialized payload.
|
||||||
|
|||||||
@ -47,8 +47,8 @@ import GHC.TypeLits
|
|||||||
type CryptoUUID (namespace :: Symbol) = CryptoID namespace UUID
|
type CryptoUUID (namespace :: Symbol) = CryptoID namespace UUID
|
||||||
|
|
||||||
|
|
||||||
mapCiphertext :: Functor m => (a -> m b) -> CryptoID n a -> m (CryptoID n b)
|
_ciphertext :: Functor m => (a -> m b) -> CryptoID n a -> m (CryptoID n b)
|
||||||
mapCiphertext f (CryptoID x) = CryptoID <$> f x
|
_ciphertext f (CryptoID x) = CryptoID <$> f x
|
||||||
|
|
||||||
|
|
||||||
-- | @pad err size src@ appends null bytes to @src@ until it has length @size@.
|
-- | @pad err size src@ appends null bytes to @src@ until it has length @size@.
|
||||||
@ -76,7 +76,7 @@ encrypt :: forall a m namespace.
|
|||||||
encrypt key val = do
|
encrypt key val = do
|
||||||
plaintext <- pad 16 . Lazy.ByteString.toStrict $ encode val
|
plaintext <- pad 16 . Lazy.ByteString.toStrict $ encode val
|
||||||
|
|
||||||
mapCiphertext uuidConversion =<< Poly.encrypt key plaintext
|
_ciphertext uuidConversion =<< Poly.encrypt key plaintext
|
||||||
where
|
where
|
||||||
uuidConversion = maybe (throwError CiphertextConversionFailed) return . fromByteString . Lazy.ByteString.fromStrict
|
uuidConversion = maybe (throwError CiphertextConversionFailed) return . fromByteString . Lazy.ByteString.fromStrict
|
||||||
|
|
||||||
@ -91,9 +91,9 @@ decrypt :: forall a m namespace.
|
|||||||
, Binary a
|
, Binary a
|
||||||
, MonadError CryptoIDError m
|
, MonadError CryptoIDError m
|
||||||
) => CryptoIDKey -> CryptoUUID namespace -> m a
|
) => CryptoIDKey -> CryptoUUID namespace -> m a
|
||||||
decrypt key id = do
|
decrypt key cId = do
|
||||||
id' <- (return . Lazy.ByteString.toStrict . toByteString) `mapCiphertext` id
|
cId' <- _ciphertext (return . Lazy.ByteString.toStrict . toByteString) cId
|
||||||
plaintext <- Lazy.ByteString.fromStrict <$> Poly.decrypt key id'
|
plaintext <- Lazy.ByteString.fromStrict <$> Poly.decrypt key cId'
|
||||||
|
|
||||||
case decodeOrFail plaintext of
|
case decodeOrFail plaintext of
|
||||||
Left err -> throwError $ DeserializationError err
|
Left err -> throwError $ DeserializationError err
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user