Safe Haskell | None |
---|
CommSec is a package that provides communication security for use with Haskell sockets. Using an ephemeral shared secret you can build contexts for sending or receiving data between one or more peers.
Do not reuse the shared secret! Key agreement mechanisms that leverage PKI might be added later.
- data OutContext = Out {}
- data InContext
- data CommSecError
- = OldContext
- | DuplicateSeq
- | InvalidICV
- | BadPadding
- data SequenceMode
- newInContext :: ByteString -> SequenceMode -> InContext
- newOutContext :: ByteString -> OutContext
- decode :: InContext -> ByteString -> Either CommSecError (ByteString, InContext)
- encode :: OutContext -> ByteString -> (ByteString, OutContext)
- decodePtr :: InContext -> Ptr Word8 -> Ptr Word8 -> Int -> IO (Either CommSecError (Int, InContext))
- encodePtr :: OutContext -> Ptr Word8 -> Ptr Word8 -> Int -> IO OutContext
- encBytes :: Int -> Int
- decBytes :: Int -> Int
- peekBE32 :: Ptr Word8 -> IO Word32
- pokeBE32 :: Ptr Word8 -> Word32 -> IO ()
- peekBE :: Ptr Word8 -> IO Word64
- pokeBE :: Ptr Word8 -> Word64 -> IO ()
Types
data OutContext Source
A context useful for sending data.
A context useful for receiving data.
data CommSecError Source
Errors that can be returned by the decoding/receicing operations.
data SequenceMode Source
Policy for misordered packets. Notice StrictOrdering does not mean every sequence numbered packet will be received, only that the sequence number will always increase.
Build contexts for use sending and receiving
newInContext :: ByteString -> SequenceMode -> InContextSource
Given at least 20 bytes of entropy, produce an in context that can communicate with an identically initialized out context.
newOutContext :: ByteString -> OutContextSource
Given at least 24 bytes of entropy, produce an out context that can communicate with an identically initialized in context.
Pure / ByteString based encryption and decryption routines
decode :: InContext -> ByteString -> Either CommSecError (ByteString, InContext)Source
encode :: OutContext -> ByteString -> (ByteString, OutContext)Source
Use an OutContext
to protect a message for transport.
Message format: [ctr, ct, padding, tag].
This routine can throw an exception of OldContext
if the context being
used has expired.
IO / Pointer based encryption and decryption routines
decodePtr :: InContext -> Ptr Word8 -> Ptr Word8 -> Int -> IO (Either CommSecError (Int, InContext))Source
decodePtr inCtx pkg msg pkgLen
decrypts and verifies a package at
location pkg
of size pkgLen
. The resulting message is placed at
location msg
and its size is returned along with a new context (or
error).
encodePtr :: OutContext -> Ptr Word8 -> Ptr Word8 -> Int -> IO OutContextSource
encodePtr outCtx msg result msgLen
will encode msgLen
bytes at
location msg
, placing the result at location result
. The buffer
pointed to by result
must be at least encBytes msgLen
bytes large,
the actual package will be exactly encBytes msgLen
in size.
Utility functions
Given a message length, returns the number of bytes an encoded message will consume.
Given a package length, returns the maximum number of bytes the underlying message could be (including padding).