How to use an crypto with hackage cereal?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

How to use an crypto with hackage cereal?

Magicloud Magiclouds
Hi,

I am trying to work with some binary data that encrypted by field instead of the result of serialization. I'd like to use Data.Serialize to wrap the data structure. But I could not figure out how to apply an runtime specified cipher method to the bytestring.

Any idea? Or I should use totally other solution?

Thanks.

--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Yitzchak Gale
Magicloud Magiclouds wrote:
> I am trying to work with some binary data that encrypted by field instead of
> the result of serialization. I'd like to use Data.Serialize to wrap the data
> structure. But I could not figure out how to apply an runtime specified
> cipher method to the bytestring.

Are you using the set of crypto libraries written by
Victor Hanquez, such as cryptocipher-types,
crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson,
such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries.
Encoding would be similar using Put instead of Get.
Thomas' libraries would be similar using the other
API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad
expression something like this (assuming you have
written all of the functions called parseSomething):

getStuff = do
  cipher <- parseCipher :: Get MyCipher
  clearText <- case cipher of
    MyAES -> do
      keyBS <- parseAESKey :: Get ByteString
      let key = either (error "bad AES key") id $ makeKey keyBS
          cipher = cipherInit key
      cipherText <- parseAESCipherText :: Get ByteString
      return $ ecbDecrypt cipher cipherText
    MyBlowfish -> do ...

etc.

Hope this helps,
Yitz
_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Yitzchak Gale
Sorry, you need to specify which cipher type you
are using of course. So:

      let key :: Key AES
          key = either (error "bad AES key") id $ makeKey keyBS
          cipher = cipherInit key

etc.
_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
In reply to this post by Yitzchak Gale
Thank you. But how if the cipher was specified outside the binary data? I mean I need to pass the decrypt/encrypt function to get/put while they do not accept parameters. Should I use Reader here?

On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
Magicloud Magiclouds wrote:
> I am trying to work with some binary data that encrypted by field instead of
> the result of serialization. I'd like to use Data.Serialize to wrap the data
> structure. But I could not figure out how to apply an runtime specified
> cipher method to the bytestring.

Are you using the set of crypto libraries written by
Victor Hanquez, such as cryptocipher-types,
crypto-pubkey-types, and cryptohash?

Or the set of libraries written by Thomas DuBuisson,
such as crypto-api, cipher-aes128, etc.?

Here is an example of decoding for Victor's libraries.
Encoding would be similar using Put instead of Get.
Thomas' libraries would be similar using the other
API.

Let's say you have a type like this:

data MyCipher = MyAES | MyBlowfish | ...

Then in your cereal code you would have a Get monad
expression something like this (assuming you have
written all of the functions called parseSomething):

getStuff = do
  cipher <- parseCipher :: Get MyCipher
  clearText <- case cipher of
    MyAES -> do
      keyBS <- parseAESKey :: Get ByteString
      let key = either (error "bad AES key") id $ makeKey keyBS
          cipher = cipherInit key
      cipherText <- parseAESCipherText :: Get ByteString
      return $ ecbDecrypt cipher cipherText
    MyBlowfish -> do ...

etc.

Hope this helps,
Yitz



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Ivan Lazar Miljenovic
On 21 April 2015 at 23:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then
encrypt/decrypt and then put it back (though if you're dealing with
Bytestrings, unless you're wanting to compose them with others there's
no real need to use Get and Put as you'll have the resulting
Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme?
 In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the
Builder module in bytestring); this is probably going to suit you
better.

>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com
_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Erik Hesselink
In reply to this post by Magicloud Magiclouds
One thing I've done in the past is, instead of giving an 'instance
Serialize YourType', give an 'instance Serialize (Input -> YourType)'.
This way you can get access to the input in the instance, but you have
to provide the input when you can the deserialization function.

Regards,

Erik

On Tue, Apr 21, 2015 at 3:58 PM, Magicloud Magiclouds
<[hidden email]> wrote:

> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?
>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>
_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
This seems like what I need. Thanks.

On Tue, Apr 21, 2015 at 10:13 PM, Erik Hesselink <[hidden email]> wrote:
One thing I've done in the past is, instead of giving an 'instance
Serialize YourType', give an 'instance Serialize (Input -> YourType)'.
This way you can get access to the input in the instance, but you have
to provide the input when you can the deserialization function.

Regards,

Erik

On Tue, Apr 21, 2015 at 3:58 PM, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?
>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
In reply to this post by Ivan Lazar Miljenovic
Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 21 April 2015 at 23:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then
encrypt/decrypt and then put it back (though if you're dealing with
Bytestrings, unless you're wanting to compose them with others there's
no real need to use Get and Put as you'll have the resulting
Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme?
 In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the
Builder module in bytestring); this is probably going to suit you
better.

>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
In reply to this post by Magicloud Magiclouds
Apparently I did not think this through. For "instance (BlockCipher k, Byteable iv) => Serialize ((k, iv), Destination)", how should I code get function? I mean in get, I should give out (k, iv), instead of using them.

On Wed, Apr 22, 2015 at 9:52 AM, Magicloud Magiclouds <[hidden email]> wrote:
This seems like what I need. Thanks.

On Tue, Apr 21, 2015 at 10:13 PM, Erik Hesselink <[hidden email]> wrote:
One thing I've done in the past is, instead of giving an 'instance
Serialize YourType', give an 'instance Serialize (Input -> YourType)'.
This way you can get access to the input in the instance, but you have
to provide the input when you can the deserialization function.

Regards,

Erik

On Tue, Apr 21, 2015 at 3:58 PM, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?
>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Andrey Sverdlichenko
In reply to this post by Magicloud Magiclouds
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.



On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds <[hidden email]> wrote:

Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 21 April 2015 at 23:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then
encrypt/decrypt and then put it back (though if you're dealing with
Bytestrings, unless you're wanting to compose them with others there's
no real need to use Get and Put as you'll have the resulting
Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme?
 In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the
Builder module in bytestring); this is probably going to suit you
better.

>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <[hidden email]> wrote:
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.



On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds <[hidden email]> wrote:

Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 21 April 2015 at 23:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then
encrypt/decrypt and then put it back (though if you're dealing with
Bytestrings, unless you're wanting to compose them with others there's
no real need to use Get and Put as you'll have the resulting
Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme?
 In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the
Builder module in bytestring); this is probably going to suit you
better.

>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Andrey Sverdlichenko
You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.



On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds <[hidden email]> wrote:

How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <[hidden email]> wrote:
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.



On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds <[hidden email]> wrote:

Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 21 April 2015 at 23:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then
encrypt/decrypt and then put it back (though if you're dealing with
Bytestrings, unless you're wanting to compose them with others there's
no real need to use Get and Put as you'll have the resulting
Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme?
 In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the
Builder module in bytestring); this is probably going to suit you
better.

>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.

I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.

On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko <[hidden email]> wrote:
You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.



On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds <[hidden email]> wrote:

How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <[hidden email]> wrote:
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.



On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds <[hidden email]> wrote:

Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 21 April 2015 at 23:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then
encrypt/decrypt and then put it back (though if you're dealing with
Bytestrings, unless you're wanting to compose them with others there's
no real need to use Get and Put as you'll have the resulting
Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme?
 In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the
Builder module in bytestring); this is probably going to suit you
better.

>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Andrey Sverdlichenko
Could you describe encrypted data format? I can't understand problem with decryption.



On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds <[hidden email]> wrote:

That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.

I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.

On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko <[hidden email]> wrote:
You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.



On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds <[hidden email]> wrote:

How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <[hidden email]> wrote:
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.



On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds <[hidden email]> wrote:

Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 21 April 2015 at 23:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then
encrypt/decrypt and then put it back (though if you're dealing with
Bytestrings, unless you're wanting to compose them with others there's
no real need to use Get and Put as you'll have the resulting
Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme?
 In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the
Builder module in bytestring); this is probably going to suit you
better.

>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
Say the data structure is:

data Person = Person { name :: String
                       , gender :: Gender
                       , age :: Int }

Then the process to generate the binary is:

msum $ map (encrypt . encode) [ length $ name person, name person, gender person, age person ]

Above process is just persudo in Haskell, the actual is not coded in Haskell.

On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko <[hidden email]> wrote:
Could you describe encrypted data format? I can't understand problem with decryption.



On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds <[hidden email]> wrote:

That is the ugliness of the original binary data. The encryption is not by fixed block size. So decrypt cannot be run before the get* helpers. So decrypt-runGetPartial-decrypt-runGetPartial loop would not work.

I need a "post process" in Get. For example, "portNumber <- liftM decrypt getWord16be; return $ MyDataType portNumber". But currently I could not pass decrypt into get function.

On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko <[hidden email]> wrote:
You can't really modify source bytestring inside Get monad, and this is what decryption effectively do. The only option I know about is to run another parser inside Get monad. I'd rather write decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on decryption error.



On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds <[hidden email]> wrote:

How about fail in Get monad if decrypt failed? So decrypt failure would lead to a result of "Left String" on decode.

On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <[hidden email]> wrote:
You probably should not merge decrypt and decode operations, it is bad crypto habit. Until you decrypted and verified integrity of data, parsing is dangerous and opening your service to attacks. Correct way of implementing this would be to pass ciphertext to decryption function and run parser only if decryption is successful. If bytestring is too big to be decrypted in one piece, consider encrypting it in blocks and feeding decrypted parts to parser.



On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds <[hidden email]> wrote:

Similar as you envisaged. I would receive a bytestring data and a config point out what cipher to use. Then I deserialize the data to a data type with some fields. The serialize process is something like:

msum $ map (encrypt . encode) [field1, field2, field3]

I could parse the bytestring outside Get/Put monads. But I think that looks ugly. I really want to embed the decrypt process into Get/Put monads.

On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 21 April 2015 at 23:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Thank you. But how if the cipher was specified outside the binary data? I
> mean I need to pass the decrypt/encrypt function to get/put while they do
> not accept parameters. Should I use Reader here?

Maybe you could explain what you're doing better.

I would envisage that you would get a Bytestring/Text value, then
encrypt/decrypt and then put it back (though if you're dealing with
Bytestrings, unless you're wanting to compose them with others there's
no real need to use Get and Put as you'll have the resulting
Bytestring already...).

Or are you wanting to implement your own encryption/decryption scheme?
 In which case, you might want to either:

a) write custom functions in the Get and Put monads OR

b) write custom parsers (e.g. attoparsec) and builders (using the
Builder module in bytestring); this is probably going to suit you
better.

>
> On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]> wrote:
>>
>> Magicloud Magiclouds wrote:
>> > I am trying to work with some binary data that encrypted by field
>> > instead of
>> > the result of serialization. I'd like to use Data.Serialize to wrap the
>> > data
>> > structure. But I could not figure out how to apply an runtime specified
>> > cipher method to the bytestring.
>>
>> Are you using the set of crypto libraries written by
>> Victor Hanquez, such as cryptocipher-types,
>> crypto-pubkey-types, and cryptohash?
>>
>> Or the set of libraries written by Thomas DuBuisson,
>> such as crypto-api, cipher-aes128, etc.?
>>
>> Here is an example of decoding for Victor's libraries.
>> Encoding would be similar using Put instead of Get.
>> Thomas' libraries would be similar using the other
>> API.
>>
>> Let's say you have a type like this:
>>
>> data MyCipher = MyAES | MyBlowfish | ...
>>
>> Then in your cereal code you would have a Get monad
>> expression something like this (assuming you have
>> written all of the functions called parseSomething):
>>
>> getStuff = do
>>   cipher <- parseCipher :: Get MyCipher
>>   clearText <- case cipher of
>>     MyAES -> do
>>       keyBS <- parseAESKey :: Get ByteString
>>       let key = either (error "bad AES key") id $ makeKey keyBS
>>           cipher = cipherInit key
>>       cipherText <- parseAESCipherText :: Get ByteString
>>       return $ ecbDecrypt cipher cipherText
>>     MyBlowfish -> do ...
>>
>> etc.
>>
>> Hope this helps,
>> Yitz
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.




--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Ivan Lazar Miljenovic
On 22 April 2015 at 13:52, Magicloud Magiclouds
<[hidden email]> wrote:

> Say the data structure is:
>
> data Person = Person { name :: String
>                        , gender :: Gender
>                        , age :: Int }
>
> Then the process to generate the binary is:
>
> msum $ map (encrypt . encode) [ length $ name person, name person, gender
> person, age person ]
>
> Above process is just persudo in Haskell, the actual is not coded in
> Haskell.

Except that binary and cereal are for serializing Haskell values
directly; you seem to be wanting to parse and generate a particular
encoding for a value.  In which case, I don't think binary or cereal
is really appropriate.

>
> On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko <[hidden email]>
> wrote:
>>
>> Could you describe encrypted data format? I can't understand problem with
>> decryption.
>>
>>
>>
>> On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds
>> <[hidden email]> wrote:
>>>
>>> That is the ugliness of the original binary data. The encryption is not
>>> by fixed block size. So decrypt cannot be run before the get* helpers. So
>>> decrypt-runGetPartial-decrypt-runGetPartial loop would not work.
>>>
>>> I need a "post process" in Get. For example, "portNumber <- liftM decrypt
>>> getWord16be; return $ MyDataType portNumber". But currently I could not pass
>>> decrypt into get function.
>>>
>>> On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko <[hidden email]>
>>> wrote:
>>>>
>>>> You can't really modify source bytestring inside Get monad, and this is
>>>> what decryption effectively do. The only option I know about is to run
>>>> another parser inside Get monad. I'd rather write
>>>> decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on
>>>> decryption error.
>>>>
>>>>
>>>>
>>>> On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds
>>>> <[hidden email]> wrote:
>>>>>
>>>>> How about fail in Get monad if decrypt failed? So decrypt failure would
>>>>> lead to a result of "Left String" on decode.
>>>>>
>>>>> On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <[hidden email]>
>>>>> wrote:
>>>>>>
>>>>>> You probably should not merge decrypt and decode operations, it is bad
>>>>>> crypto habit. Until you decrypted and verified integrity of data, parsing is
>>>>>> dangerous and opening your service to attacks. Correct way of implementing
>>>>>> this would be to pass ciphertext to decryption function and run parser only
>>>>>> if decryption is successful. If bytestring is too big to be decrypted in one
>>>>>> piece, consider encrypting it in blocks and feeding decrypted parts to
>>>>>> parser.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds
>>>>>> <[hidden email]> wrote:
>>>>>>>
>>>>>>> Similar as you envisaged. I would receive a bytestring data and a
>>>>>>> config point out what cipher to use. Then I deserialize the data to a data
>>>>>>> type with some fields. The serialize process is something like:
>>>>>>>
>>>>>>> msum $ map (encrypt . encode) [field1, field2, field3]
>>>>>>>
>>>>>>> I could parse the bytestring outside Get/Put monads. But I think that
>>>>>>> looks ugly. I really want to embed the decrypt process into Get/Put monads.
>>>>>>>
>>>>>>> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic
>>>>>>> <[hidden email]> wrote:
>>>>>>>>
>>>>>>>> On 21 April 2015 at 23:58, Magicloud Magiclouds
>>>>>>>> <[hidden email]> wrote:
>>>>>>>> > Thank you. But how if the cipher was specified outside the binary
>>>>>>>> > data? I
>>>>>>>> > mean I need to pass the decrypt/encrypt function to get/put while
>>>>>>>> > they do
>>>>>>>> > not accept parameters. Should I use Reader here?
>>>>>>>>
>>>>>>>> Maybe you could explain what you're doing better.
>>>>>>>>
>>>>>>>> I would envisage that you would get a Bytestring/Text value, then
>>>>>>>> encrypt/decrypt and then put it back (though if you're dealing with
>>>>>>>> Bytestrings, unless you're wanting to compose them with others
>>>>>>>> there's
>>>>>>>> no real need to use Get and Put as you'll have the resulting
>>>>>>>> Bytestring already...).
>>>>>>>>
>>>>>>>> Or are you wanting to implement your own encryption/decryption
>>>>>>>> scheme?
>>>>>>>>  In which case, you might want to either:
>>>>>>>>
>>>>>>>> a) write custom functions in the Get and Put monads OR
>>>>>>>>
>>>>>>>> b) write custom parsers (e.g. attoparsec) and builders (using the
>>>>>>>> Builder module in bytestring); this is probably going to suit you
>>>>>>>> better.
>>>>>>>>
>>>>>>>> >
>>>>>>>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]>
>>>>>>>> > wrote:
>>>>>>>> >>
>>>>>>>> >> Magicloud Magiclouds wrote:
>>>>>>>> >> > I am trying to work with some binary data that encrypted by
>>>>>>>> >> > field
>>>>>>>> >> > instead of
>>>>>>>> >> > the result of serialization. I'd like to use Data.Serialize to
>>>>>>>> >> > wrap the
>>>>>>>> >> > data
>>>>>>>> >> > structure. But I could not figure out how to apply an runtime
>>>>>>>> >> > specified
>>>>>>>> >> > cipher method to the bytestring.
>>>>>>>> >>
>>>>>>>> >> Are you using the set of crypto libraries written by
>>>>>>>> >> Victor Hanquez, such as cryptocipher-types,
>>>>>>>> >> crypto-pubkey-types, and cryptohash?
>>>>>>>> >>
>>>>>>>> >> Or the set of libraries written by Thomas DuBuisson,
>>>>>>>> >> such as crypto-api, cipher-aes128, etc.?
>>>>>>>> >>
>>>>>>>> >> Here is an example of decoding for Victor's libraries.
>>>>>>>> >> Encoding would be similar using Put instead of Get.
>>>>>>>> >> Thomas' libraries would be similar using the other
>>>>>>>> >> API.
>>>>>>>> >>
>>>>>>>> >> Let's say you have a type like this:
>>>>>>>> >>
>>>>>>>> >> data MyCipher = MyAES | MyBlowfish | ...
>>>>>>>> >>
>>>>>>>> >> Then in your cereal code you would have a Get monad
>>>>>>>> >> expression something like this (assuming you have
>>>>>>>> >> written all of the functions called parseSomething):
>>>>>>>> >>
>>>>>>>> >> getStuff = do
>>>>>>>> >>   cipher <- parseCipher :: Get MyCipher
>>>>>>>> >>   clearText <- case cipher of
>>>>>>>> >>     MyAES -> do
>>>>>>>> >>       keyBS <- parseAESKey :: Get ByteString
>>>>>>>> >>       let key = either (error "bad AES key") id $ makeKey keyBS
>>>>>>>> >>           cipher = cipherInit key
>>>>>>>> >>       cipherText <- parseAESCipherText :: Get ByteString
>>>>>>>> >>       return $ ecbDecrypt cipher cipherText
>>>>>>>> >>     MyBlowfish -> do ...
>>>>>>>> >>
>>>>>>>> >> etc.
>>>>>>>> >>
>>>>>>>> >> Hope this helps,
>>>>>>>> >> Yitz
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > --
>>>>>>>> > 竹密岂妨流水过
>>>>>>>> > 山高哪阻野云飞
>>>>>>>> >
>>>>>>>> > And for G+, please use magiclouds#gmail.com.
>>>>>>>> >
>>>>>>>> > _______________________________________________
>>>>>>>> > Haskell-Cafe mailing list
>>>>>>>> > [hidden email]
>>>>>>>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>>>>>>>> >
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Ivan Lazar Miljenovic
>>>>>>>> [hidden email]
>>>>>>>> http://IvanMiljenovic.wordpress.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> 竹密岂妨流水过
>>>>>>> 山高哪阻野云飞
>>>>>>>
>>>>>>> And for G+, please use magiclouds#gmail.com.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> 竹密岂妨流水过
>>>>> 山高哪阻野云飞
>>>>>
>>>>> And for G+, please use magiclouds#gmail.com.
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> 竹密岂妨流水过
>>> 山高哪阻野云飞
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>
>>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com
_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
Ah, sorry, the "encode" function is the one from cereal, not to "generate a particular encoding for a value".

On Wed, Apr 22, 2015 at 11:56 AM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 22 April 2015 at 13:52, Magicloud Magiclouds
<[hidden email]> wrote:
> Say the data structure is:
>
> data Person = Person { name :: String
>                        , gender :: Gender
>                        , age :: Int }
>
> Then the process to generate the binary is:
>
> msum $ map (encrypt . encode) [ length $ name person, name person, gender
> person, age person ]
>
> Above process is just persudo in Haskell, the actual is not coded in
> Haskell.

Except that binary and cereal are for serializing Haskell values
directly; you seem to be wanting to parse and generate a particular
encoding for a value.  In which case, I don't think binary or cereal
is really appropriate.

>
> On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko <[hidden email]>
> wrote:
>>
>> Could you describe encrypted data format? I can't understand problem with
>> decryption.
>>
>>
>>
>> On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds
>> <[hidden email]> wrote:
>>>
>>> That is the ugliness of the original binary data. The encryption is not
>>> by fixed block size. So decrypt cannot be run before the get* helpers. So
>>> decrypt-runGetPartial-decrypt-runGetPartial loop would not work.
>>>
>>> I need a "post process" in Get. For example, "portNumber <- liftM decrypt
>>> getWord16be; return $ MyDataType portNumber". But currently I could not pass
>>> decrypt into get function.
>>>
>>> On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko <[hidden email]>
>>> wrote:
>>>>
>>>> You can't really modify source bytestring inside Get monad, and this is
>>>> what decryption effectively do. The only option I know about is to run
>>>> another parser inside Get monad. I'd rather write
>>>> decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from it on
>>>> decryption error.
>>>>
>>>>
>>>>
>>>> On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds
>>>> <[hidden email]> wrote:
>>>>>
>>>>> How about fail in Get monad if decrypt failed? So decrypt failure would
>>>>> lead to a result of "Left String" on decode.
>>>>>
>>>>> On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko <[hidden email]>
>>>>> wrote:
>>>>>>
>>>>>> You probably should not merge decrypt and decode operations, it is bad
>>>>>> crypto habit. Until you decrypted and verified integrity of data, parsing is
>>>>>> dangerous and opening your service to attacks. Correct way of implementing
>>>>>> this would be to pass ciphertext to decryption function and run parser only
>>>>>> if decryption is successful. If bytestring is too big to be decrypted in one
>>>>>> piece, consider encrypting it in blocks and feeding decrypted parts to
>>>>>> parser.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds
>>>>>> <[hidden email]> wrote:
>>>>>>>
>>>>>>> Similar as you envisaged. I would receive a bytestring data and a
>>>>>>> config point out what cipher to use. Then I deserialize the data to a data
>>>>>>> type with some fields. The serialize process is something like:
>>>>>>>
>>>>>>> msum $ map (encrypt . encode) [field1, field2, field3]
>>>>>>>
>>>>>>> I could parse the bytestring outside Get/Put monads. But I think that
>>>>>>> looks ugly. I really want to embed the decrypt process into Get/Put monads.
>>>>>>>
>>>>>>> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic
>>>>>>> <[hidden email]> wrote:
>>>>>>>>
>>>>>>>> On 21 April 2015 at 23:58, Magicloud Magiclouds
>>>>>>>> <[hidden email]> wrote:
>>>>>>>> > Thank you. But how if the cipher was specified outside the binary
>>>>>>>> > data? I
>>>>>>>> > mean I need to pass the decrypt/encrypt function to get/put while
>>>>>>>> > they do
>>>>>>>> > not accept parameters. Should I use Reader here?
>>>>>>>>
>>>>>>>> Maybe you could explain what you're doing better.
>>>>>>>>
>>>>>>>> I would envisage that you would get a Bytestring/Text value, then
>>>>>>>> encrypt/decrypt and then put it back (though if you're dealing with
>>>>>>>> Bytestrings, unless you're wanting to compose them with others
>>>>>>>> there's
>>>>>>>> no real need to use Get and Put as you'll have the resulting
>>>>>>>> Bytestring already...).
>>>>>>>>
>>>>>>>> Or are you wanting to implement your own encryption/decryption
>>>>>>>> scheme?
>>>>>>>>  In which case, you might want to either:
>>>>>>>>
>>>>>>>> a) write custom functions in the Get and Put monads OR
>>>>>>>>
>>>>>>>> b) write custom parsers (e.g. attoparsec) and builders (using the
>>>>>>>> Builder module in bytestring); this is probably going to suit you
>>>>>>>> better.
>>>>>>>>
>>>>>>>> >
>>>>>>>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]>
>>>>>>>> > wrote:
>>>>>>>> >>
>>>>>>>> >> Magicloud Magiclouds wrote:
>>>>>>>> >> > I am trying to work with some binary data that encrypted by
>>>>>>>> >> > field
>>>>>>>> >> > instead of
>>>>>>>> >> > the result of serialization. I'd like to use Data.Serialize to
>>>>>>>> >> > wrap the
>>>>>>>> >> > data
>>>>>>>> >> > structure. But I could not figure out how to apply an runtime
>>>>>>>> >> > specified
>>>>>>>> >> > cipher method to the bytestring.
>>>>>>>> >>
>>>>>>>> >> Are you using the set of crypto libraries written by
>>>>>>>> >> Victor Hanquez, such as cryptocipher-types,
>>>>>>>> >> crypto-pubkey-types, and cryptohash?
>>>>>>>> >>
>>>>>>>> >> Or the set of libraries written by Thomas DuBuisson,
>>>>>>>> >> such as crypto-api, cipher-aes128, etc.?
>>>>>>>> >>
>>>>>>>> >> Here is an example of decoding for Victor's libraries.
>>>>>>>> >> Encoding would be similar using Put instead of Get.
>>>>>>>> >> Thomas' libraries would be similar using the other
>>>>>>>> >> API.
>>>>>>>> >>
>>>>>>>> >> Let's say you have a type like this:
>>>>>>>> >>
>>>>>>>> >> data MyCipher = MyAES | MyBlowfish | ...
>>>>>>>> >>
>>>>>>>> >> Then in your cereal code you would have a Get monad
>>>>>>>> >> expression something like this (assuming you have
>>>>>>>> >> written all of the functions called parseSomething):
>>>>>>>> >>
>>>>>>>> >> getStuff = do
>>>>>>>> >>   cipher <- parseCipher :: Get MyCipher
>>>>>>>> >>   clearText <- case cipher of
>>>>>>>> >>     MyAES -> do
>>>>>>>> >>       keyBS <- parseAESKey :: Get ByteString
>>>>>>>> >>       let key = either (error "bad AES key") id $ makeKey keyBS
>>>>>>>> >>           cipher = cipherInit key
>>>>>>>> >>       cipherText <- parseAESCipherText :: Get ByteString
>>>>>>>> >>       return $ ecbDecrypt cipher cipherText
>>>>>>>> >>     MyBlowfish -> do ...
>>>>>>>> >>
>>>>>>>> >> etc.
>>>>>>>> >>
>>>>>>>> >> Hope this helps,
>>>>>>>> >> Yitz
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > --
>>>>>>>> > 竹密岂妨流水过
>>>>>>>> > 山高哪阻野云飞
>>>>>>>> >
>>>>>>>> > And for G+, please use magiclouds#gmail.com.
>>>>>>>> >
>>>>>>>> > _______________________________________________
>>>>>>>> > Haskell-Cafe mailing list
>>>>>>>> > [hidden email]
>>>>>>>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>>>>>>>> >
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Ivan Lazar Miljenovic
>>>>>>>> [hidden email]
>>>>>>>> http://IvanMiljenovic.wordpress.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> 竹密岂妨流水过
>>>>>>> 山高哪阻野云飞
>>>>>>>
>>>>>>> And for G+, please use magiclouds#gmail.com.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> 竹密岂妨流水过
>>>>> 山高哪阻野云飞
>>>>>
>>>>> And for G+, please use magiclouds#gmail.com.
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> 竹密岂妨流水过
>>> 山高哪阻野云飞
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>
>>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Ivan Lazar Miljenovic
On 22 April 2015 at 13:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Ah, sorry, the "encode" function is the one from cereal, not to "generate a
> particular encoding for a value".

I meant "encode" as in "use a specific representation rather than
directly converting it on a constructor-by-constructor basis as is the
default for Get/Put".

>
> On Wed, Apr 22, 2015 at 11:56 AM, Ivan Lazar Miljenovic
> <[hidden email]> wrote:
>>
>> On 22 April 2015 at 13:52, Magicloud Magiclouds
>> <[hidden email]> wrote:
>> > Say the data structure is:
>> >
>> > data Person = Person { name :: String
>> >                        , gender :: Gender
>> >                        , age :: Int }
>> >
>> > Then the process to generate the binary is:
>> >
>> > msum $ map (encrypt . encode) [ length $ name person, name person,
>> > gender
>> > person, age person ]
>> >
>> > Above process is just persudo in Haskell, the actual is not coded in
>> > Haskell.
>>
>> Except that binary and cereal are for serializing Haskell values
>> directly; you seem to be wanting to parse and generate a particular
>> encoding for a value.  In which case, I don't think binary or cereal
>> is really appropriate.
>>
>> >
>> > On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko <[hidden email]>
>> > wrote:
>> >>
>> >> Could you describe encrypted data format? I can't understand problem
>> >> with
>> >> decryption.
>> >>
>> >>
>> >>
>> >> On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds
>> >> <[hidden email]> wrote:
>> >>>
>> >>> That is the ugliness of the original binary data. The encryption is
>> >>> not
>> >>> by fixed block size. So decrypt cannot be run before the get* helpers.
>> >>> So
>> >>> decrypt-runGetPartial-decrypt-runGetPartial loop would not work.
>> >>>
>> >>> I need a "post process" in Get. For example, "portNumber <- liftM
>> >>> decrypt
>> >>> getWord16be; return $ MyDataType portNumber". But currently I could
>> >>> not pass
>> >>> decrypt into get function.
>> >>>
>> >>> On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko
>> >>> <[hidden email]>
>> >>> wrote:
>> >>>>
>> >>>> You can't really modify source bytestring inside Get monad, and this
>> >>>> is
>> >>>> what decryption effectively do. The only option I know about is to
>> >>>> run
>> >>>> another parser inside Get monad. I'd rather write
>> >>>> decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from
>> >>>> it on
>> >>>> decryption error.
>> >>>>
>> >>>>
>> >>>>
>> >>>> On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds
>> >>>> <[hidden email]> wrote:
>> >>>>>
>> >>>>> How about fail in Get monad if decrypt failed? So decrypt failure
>> >>>>> would
>> >>>>> lead to a result of "Left String" on decode.
>> >>>>>
>> >>>>> On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko
>> >>>>> <[hidden email]>
>> >>>>> wrote:
>> >>>>>>
>> >>>>>> You probably should not merge decrypt and decode operations, it is
>> >>>>>> bad
>> >>>>>> crypto habit. Until you decrypted and verified integrity of data,
>> >>>>>> parsing is
>> >>>>>> dangerous and opening your service to attacks. Correct way of
>> >>>>>> implementing
>> >>>>>> this would be to pass ciphertext to decryption function and run
>> >>>>>> parser only
>> >>>>>> if decryption is successful. If bytestring is too big to be
>> >>>>>> decrypted in one
>> >>>>>> piece, consider encrypting it in blocks and feeding decrypted parts
>> >>>>>> to
>> >>>>>> parser.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds
>> >>>>>> <[hidden email]> wrote:
>> >>>>>>>
>> >>>>>>> Similar as you envisaged. I would receive a bytestring data and a
>> >>>>>>> config point out what cipher to use. Then I deserialize the data
>> >>>>>>> to a data
>> >>>>>>> type with some fields. The serialize process is something like:
>> >>>>>>>
>> >>>>>>> msum $ map (encrypt . encode) [field1, field2, field3]
>> >>>>>>>
>> >>>>>>> I could parse the bytestring outside Get/Put monads. But I think
>> >>>>>>> that
>> >>>>>>> looks ugly. I really want to embed the decrypt process into
>> >>>>>>> Get/Put monads.
>> >>>>>>>
>> >>>>>>> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic
>> >>>>>>> <[hidden email]> wrote:
>> >>>>>>>>
>> >>>>>>>> On 21 April 2015 at 23:58, Magicloud Magiclouds
>> >>>>>>>> <[hidden email]> wrote:
>> >>>>>>>> > Thank you. But how if the cipher was specified outside the
>> >>>>>>>> > binary
>> >>>>>>>> > data? I
>> >>>>>>>> > mean I need to pass the decrypt/encrypt function to get/put
>> >>>>>>>> > while
>> >>>>>>>> > they do
>> >>>>>>>> > not accept parameters. Should I use Reader here?
>> >>>>>>>>
>> >>>>>>>> Maybe you could explain what you're doing better.
>> >>>>>>>>
>> >>>>>>>> I would envisage that you would get a Bytestring/Text value, then
>> >>>>>>>> encrypt/decrypt and then put it back (though if you're dealing
>> >>>>>>>> with
>> >>>>>>>> Bytestrings, unless you're wanting to compose them with others
>> >>>>>>>> there's
>> >>>>>>>> no real need to use Get and Put as you'll have the resulting
>> >>>>>>>> Bytestring already...).
>> >>>>>>>>
>> >>>>>>>> Or are you wanting to implement your own encryption/decryption
>> >>>>>>>> scheme?
>> >>>>>>>>  In which case, you might want to either:
>> >>>>>>>>
>> >>>>>>>> a) write custom functions in the Get and Put monads OR
>> >>>>>>>>
>> >>>>>>>> b) write custom parsers (e.g. attoparsec) and builders (using the
>> >>>>>>>> Builder module in bytestring); this is probably going to suit you
>> >>>>>>>> better.
>> >>>>>>>>
>> >>>>>>>> >
>> >>>>>>>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]>
>> >>>>>>>> > wrote:
>> >>>>>>>> >>
>> >>>>>>>> >> Magicloud Magiclouds wrote:
>> >>>>>>>> >> > I am trying to work with some binary data that encrypted by
>> >>>>>>>> >> > field
>> >>>>>>>> >> > instead of
>> >>>>>>>> >> > the result of serialization. I'd like to use Data.Serialize
>> >>>>>>>> >> > to
>> >>>>>>>> >> > wrap the
>> >>>>>>>> >> > data
>> >>>>>>>> >> > structure. But I could not figure out how to apply an
>> >>>>>>>> >> > runtime
>> >>>>>>>> >> > specified
>> >>>>>>>> >> > cipher method to the bytestring.
>> >>>>>>>> >>
>> >>>>>>>> >> Are you using the set of crypto libraries written by
>> >>>>>>>> >> Victor Hanquez, such as cryptocipher-types,
>> >>>>>>>> >> crypto-pubkey-types, and cryptohash?
>> >>>>>>>> >>
>> >>>>>>>> >> Or the set of libraries written by Thomas DuBuisson,
>> >>>>>>>> >> such as crypto-api, cipher-aes128, etc.?
>> >>>>>>>> >>
>> >>>>>>>> >> Here is an example of decoding for Victor's libraries.
>> >>>>>>>> >> Encoding would be similar using Put instead of Get.
>> >>>>>>>> >> Thomas' libraries would be similar using the other
>> >>>>>>>> >> API.
>> >>>>>>>> >>
>> >>>>>>>> >> Let's say you have a type like this:
>> >>>>>>>> >>
>> >>>>>>>> >> data MyCipher = MyAES | MyBlowfish | ...
>> >>>>>>>> >>
>> >>>>>>>> >> Then in your cereal code you would have a Get monad
>> >>>>>>>> >> expression something like this (assuming you have
>> >>>>>>>> >> written all of the functions called parseSomething):
>> >>>>>>>> >>
>> >>>>>>>> >> getStuff = do
>> >>>>>>>> >>   cipher <- parseCipher :: Get MyCipher
>> >>>>>>>> >>   clearText <- case cipher of
>> >>>>>>>> >>     MyAES -> do
>> >>>>>>>> >>       keyBS <- parseAESKey :: Get ByteString
>> >>>>>>>> >>       let key = either (error "bad AES key") id $ makeKey
>> >>>>>>>> >> keyBS
>> >>>>>>>> >>           cipher = cipherInit key
>> >>>>>>>> >>       cipherText <- parseAESCipherText :: Get ByteString
>> >>>>>>>> >>       return $ ecbDecrypt cipher cipherText
>> >>>>>>>> >>     MyBlowfish -> do ...
>> >>>>>>>> >>
>> >>>>>>>> >> etc.
>> >>>>>>>> >>
>> >>>>>>>> >> Hope this helps,
>> >>>>>>>> >> Yitz
>> >>>>>>>> >
>> >>>>>>>> >
>> >>>>>>>> >
>> >>>>>>>> >
>> >>>>>>>> > --
>> >>>>>>>> > 竹密岂妨流水过
>> >>>>>>>> > 山高哪阻野云飞
>> >>>>>>>> >
>> >>>>>>>> > And for G+, please use magiclouds#gmail.com.
>> >>>>>>>> >
>> >>>>>>>> > _______________________________________________
>> >>>>>>>> > Haskell-Cafe mailing list
>> >>>>>>>> > [hidden email]
>> >>>>>>>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> >>>>>>>> >
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> --
>> >>>>>>>> Ivan Lazar Miljenovic
>> >>>>>>>> [hidden email]
>> >>>>>>>> http://IvanMiljenovic.wordpress.com
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> --
>> >>>>>>> 竹密岂妨流水过
>> >>>>>>> 山高哪阻野云飞
>> >>>>>>>
>> >>>>>>> And for G+, please use magiclouds#gmail.com.
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> --
>> >>>>> 竹密岂妨流水过
>> >>>>> 山高哪阻野云飞
>> >>>>>
>> >>>>> And for G+, please use magiclouds#gmail.com.
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> 竹密岂妨流水过
>> >>> 山高哪阻野云飞
>> >>>
>> >>> And for G+, please use magiclouds#gmail.com.
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > 竹密岂妨流水过
>> > 山高哪阻野云飞
>> >
>> > And for G+, please use magiclouds#gmail.com.
>> >
>> > _______________________________________________
>> > Haskell-Cafe mailing list
>> > [hidden email]
>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> >
>>
>>
>>
>> --
>> Ivan Lazar Miljenovic
>> [hidden email]
>> http://IvanMiljenovic.wordpress.com
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com
_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Magicloud Magiclouds
I see. Thank you. So I will find other solutions.

On Wed, Apr 22, 2015 at 12:01 PM, Ivan Lazar Miljenovic <[hidden email]> wrote:
On 22 April 2015 at 13:58, Magicloud Magiclouds
<[hidden email]> wrote:
> Ah, sorry, the "encode" function is the one from cereal, not to "generate a
> particular encoding for a value".

I meant "encode" as in "use a specific representation rather than
directly converting it on a constructor-by-constructor basis as is the
default for Get/Put".

>
> On Wed, Apr 22, 2015 at 11:56 AM, Ivan Lazar Miljenovic
> <[hidden email]> wrote:
>>
>> On 22 April 2015 at 13:52, Magicloud Magiclouds
>> <[hidden email]> wrote:
>> > Say the data structure is:
>> >
>> > data Person = Person { name :: String
>> >                        , gender :: Gender
>> >                        , age :: Int }
>> >
>> > Then the process to generate the binary is:
>> >
>> > msum $ map (encrypt . encode) [ length $ name person, name person,
>> > gender
>> > person, age person ]
>> >
>> > Above process is just persudo in Haskell, the actual is not coded in
>> > Haskell.
>>
>> Except that binary and cereal are for serializing Haskell values
>> directly; you seem to be wanting to parse and generate a particular
>> encoding for a value.  In which case, I don't think binary or cereal
>> is really appropriate.
>>
>> >
>> > On Wed, Apr 22, 2015 at 11:44 AM, Andrey Sverdlichenko <[hidden email]>
>> > wrote:
>> >>
>> >> Could you describe encrypted data format? I can't understand problem
>> >> with
>> >> decryption.
>> >>
>> >>
>> >>
>> >> On Tue, Apr 21, 2015 at 8:41 PM, Magicloud Magiclouds
>> >> <[hidden email]> wrote:
>> >>>
>> >>> That is the ugliness of the original binary data. The encryption is
>> >>> not
>> >>> by fixed block size. So decrypt cannot be run before the get* helpers.
>> >>> So
>> >>> decrypt-runGetPartial-decrypt-runGetPartial loop would not work.
>> >>>
>> >>> I need a "post process" in Get. For example, "portNumber <- liftM
>> >>> decrypt
>> >>> getWord16be; return $ MyDataType portNumber". But currently I could
>> >>> not pass
>> >>> decrypt into get function.
>> >>>
>> >>> On Wed, Apr 22, 2015 at 11:26 AM, Andrey Sverdlichenko
>> >>> <[hidden email]>
>> >>> wrote:
>> >>>>
>> >>>> You can't really modify source bytestring inside Get monad, and this
>> >>>> is
>> >>>> what decryption effectively do. The only option I know about is to
>> >>>> run
>> >>>> another parser inside Get monad. I'd rather write
>> >>>> decrypt-runGetPartial-decrypt-runGetPartial loop and return Fail from
>> >>>> it on
>> >>>> decryption error.
>> >>>>
>> >>>>
>> >>>>
>> >>>> On Tue, Apr 21, 2015 at 8:12 PM, Magicloud Magiclouds
>> >>>> <[hidden email]> wrote:
>> >>>>>
>> >>>>> How about fail in Get monad if decrypt failed? So decrypt failure
>> >>>>> would
>> >>>>> lead to a result of "Left String" on decode.
>> >>>>>
>> >>>>> On Wed, Apr 22, 2015 at 11:05 AM, Andrey Sverdlichenko
>> >>>>> <[hidden email]>
>> >>>>> wrote:
>> >>>>>>
>> >>>>>> You probably should not merge decrypt and decode operations, it is
>> >>>>>> bad
>> >>>>>> crypto habit. Until you decrypted and verified integrity of data,
>> >>>>>> parsing is
>> >>>>>> dangerous and opening your service to attacks. Correct way of
>> >>>>>> implementing
>> >>>>>> this would be to pass ciphertext to decryption function and run
>> >>>>>> parser only
>> >>>>>> if decryption is successful. If bytestring is too big to be
>> >>>>>> decrypted in one
>> >>>>>> piece, consider encrypting it in blocks and feeding decrypted parts
>> >>>>>> to
>> >>>>>> parser.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> On Tue, Apr 21, 2015 at 7:49 PM, Magicloud Magiclouds
>> >>>>>> <[hidden email]> wrote:
>> >>>>>>>
>> >>>>>>> Similar as you envisaged. I would receive a bytestring data and a
>> >>>>>>> config point out what cipher to use. Then I deserialize the data
>> >>>>>>> to a data
>> >>>>>>> type with some fields. The serialize process is something like:
>> >>>>>>>
>> >>>>>>> msum $ map (encrypt . encode) [field1, field2, field3]
>> >>>>>>>
>> >>>>>>> I could parse the bytestring outside Get/Put monads. But I think
>> >>>>>>> that
>> >>>>>>> looks ugly. I really want to embed the decrypt process into
>> >>>>>>> Get/Put monads.
>> >>>>>>>
>> >>>>>>> On Tue, Apr 21, 2015 at 10:08 PM, Ivan Lazar Miljenovic
>> >>>>>>> <[hidden email]> wrote:
>> >>>>>>>>
>> >>>>>>>> On 21 April 2015 at 23:58, Magicloud Magiclouds
>> >>>>>>>> <[hidden email]> wrote:
>> >>>>>>>> > Thank you. But how if the cipher was specified outside the
>> >>>>>>>> > binary
>> >>>>>>>> > data? I
>> >>>>>>>> > mean I need to pass the decrypt/encrypt function to get/put
>> >>>>>>>> > while
>> >>>>>>>> > they do
>> >>>>>>>> > not accept parameters. Should I use Reader here?
>> >>>>>>>>
>> >>>>>>>> Maybe you could explain what you're doing better.
>> >>>>>>>>
>> >>>>>>>> I would envisage that you would get a Bytestring/Text value, then
>> >>>>>>>> encrypt/decrypt and then put it back (though if you're dealing
>> >>>>>>>> with
>> >>>>>>>> Bytestrings, unless you're wanting to compose them with others
>> >>>>>>>> there's
>> >>>>>>>> no real need to use Get and Put as you'll have the resulting
>> >>>>>>>> Bytestring already...).
>> >>>>>>>>
>> >>>>>>>> Or are you wanting to implement your own encryption/decryption
>> >>>>>>>> scheme?
>> >>>>>>>>  In which case, you might want to either:
>> >>>>>>>>
>> >>>>>>>> a) write custom functions in the Get and Put monads OR
>> >>>>>>>>
>> >>>>>>>> b) write custom parsers (e.g. attoparsec) and builders (using the
>> >>>>>>>> Builder module in bytestring); this is probably going to suit you
>> >>>>>>>> better.
>> >>>>>>>>
>> >>>>>>>> >
>> >>>>>>>> > On Tue, Apr 21, 2015 at 6:43 PM, Yitzchak Gale <[hidden email]>
>> >>>>>>>> > wrote:
>> >>>>>>>> >>
>> >>>>>>>> >> Magicloud Magiclouds wrote:
>> >>>>>>>> >> > I am trying to work with some binary data that encrypted by
>> >>>>>>>> >> > field
>> >>>>>>>> >> > instead of
>> >>>>>>>> >> > the result of serialization. I'd like to use Data.Serialize
>> >>>>>>>> >> > to
>> >>>>>>>> >> > wrap the
>> >>>>>>>> >> > data
>> >>>>>>>> >> > structure. But I could not figure out how to apply an
>> >>>>>>>> >> > runtime
>> >>>>>>>> >> > specified
>> >>>>>>>> >> > cipher method to the bytestring.
>> >>>>>>>> >>
>> >>>>>>>> >> Are you using the set of crypto libraries written by
>> >>>>>>>> >> Victor Hanquez, such as cryptocipher-types,
>> >>>>>>>> >> crypto-pubkey-types, and cryptohash?
>> >>>>>>>> >>
>> >>>>>>>> >> Or the set of libraries written by Thomas DuBuisson,
>> >>>>>>>> >> such as crypto-api, cipher-aes128, etc.?
>> >>>>>>>> >>
>> >>>>>>>> >> Here is an example of decoding for Victor's libraries.
>> >>>>>>>> >> Encoding would be similar using Put instead of Get.
>> >>>>>>>> >> Thomas' libraries would be similar using the other
>> >>>>>>>> >> API.
>> >>>>>>>> >>
>> >>>>>>>> >> Let's say you have a type like this:
>> >>>>>>>> >>
>> >>>>>>>> >> data MyCipher = MyAES | MyBlowfish | ...
>> >>>>>>>> >>
>> >>>>>>>> >> Then in your cereal code you would have a Get monad
>> >>>>>>>> >> expression something like this (assuming you have
>> >>>>>>>> >> written all of the functions called parseSomething):
>> >>>>>>>> >>
>> >>>>>>>> >> getStuff = do
>> >>>>>>>> >>   cipher <- parseCipher :: Get MyCipher
>> >>>>>>>> >>   clearText <- case cipher of
>> >>>>>>>> >>     MyAES -> do
>> >>>>>>>> >>       keyBS <- parseAESKey :: Get ByteString
>> >>>>>>>> >>       let key = either (error "bad AES key") id $ makeKey
>> >>>>>>>> >> keyBS
>> >>>>>>>> >>           cipher = cipherInit key
>> >>>>>>>> >>       cipherText <- parseAESCipherText :: Get ByteString
>> >>>>>>>> >>       return $ ecbDecrypt cipher cipherText
>> >>>>>>>> >>     MyBlowfish -> do ...
>> >>>>>>>> >>
>> >>>>>>>> >> etc.
>> >>>>>>>> >>
>> >>>>>>>> >> Hope this helps,
>> >>>>>>>> >> Yitz
>> >>>>>>>> >
>> >>>>>>>> >
>> >>>>>>>> >
>> >>>>>>>> >
>> >>>>>>>> > --
>> >>>>>>>> > 竹密岂妨流水过
>> >>>>>>>> > 山高哪阻野云飞
>> >>>>>>>> >
>> >>>>>>>> > And for G+, please use magiclouds#gmail.com.
>> >>>>>>>> >
>> >>>>>>>> > _______________________________________________
>> >>>>>>>> > Haskell-Cafe mailing list
>> >>>>>>>> > [hidden email]
>> >>>>>>>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> >>>>>>>> >
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> --
>> >>>>>>>> Ivan Lazar Miljenovic
>> >>>>>>>> [hidden email]
>> >>>>>>>> http://IvanMiljenovic.wordpress.com
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> --
>> >>>>>>> 竹密岂妨流水过
>> >>>>>>> 山高哪阻野云飞
>> >>>>>>>
>> >>>>>>> And for G+, please use magiclouds#gmail.com.
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> --
>> >>>>> 竹密岂妨流水过
>> >>>>> 山高哪阻野云飞
>> >>>>>
>> >>>>> And for G+, please use magiclouds#gmail.com.
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> 竹密岂妨流水过
>> >>> 山高哪阻野云飞
>> >>>
>> >>> And for G+, please use magiclouds#gmail.com.
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > 竹密岂妨流水过
>> > 山高哪阻野云飞
>> >
>> > And for G+, please use magiclouds#gmail.com.
>> >
>> > _______________________________________________
>> > Haskell-Cafe mailing list
>> > [hidden email]
>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> >
>>
>>
>>
>> --
>> Ivan Lazar Miljenovic
>> [hidden email]
>> http://IvanMiljenovic.wordpress.com
>
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.



--
Ivan Lazar Miljenovic
[hidden email]
http://IvanMiljenovic.wordpress.com



--
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: How to use an crypto with hackage cereal?

Yitzchak Gale
In reply to this post by Ivan Lazar Miljenovic
Ivan Lazar Miljenovic wrote:
>>> Except that binary and cereal are for serializing Haskell values
>>> directly; you seem to be wanting to parse and generate a particular
>>> encoding for a value.  In which case, I don't think binary or cereal
>>> is really appropriate.

> I meant "encode" as in "use a specific representation rather than
> directly converting it on a constructor-by-constructor basis as is the
> default for Get/Put".

I must still not be understanding what you meant in your
original comment. Because in my view, cereal and binary are
*exactly* designed for that use, and do it extremely well.

The only place where a particular "constructor-by-constructor"
approach is built in is in the facilities for automated generation
of parsers using generic techniques. But when writing parsers
directly, you have full flexibility, and a powerful set of
built-in tools to back you up.
_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
12