crypto-api-0.1.0.0: A generic interface for cryptographic operations

Crypto.Padding

Contents

Synopsis

PKCS5 (RFC 1423) based [un]padding routines

padPKCS5 :: ByteLength -> ByteString -> ByteStringSource

PKCS5 (aka RFC1423) padding method This method will not work properly for pad modulos > 256

padBlockSize :: BlockCipher k => k -> ByteString -> ByteStringSource

PKCS5 (aka RFC1423) padding method

putPaddedPKCS5 :: ByteLength -> ByteString -> PutSource

putPaddedPKCS5 m bs will pad out bs to a byte multiple of m and put both the bytestring and it's padding via Put (this saving on copying if you are already using Cereal).

unpadPKCS5safe :: ByteString -> Maybe ByteStringSource

unpad a strict bytestring padded in the typical PKCS5 manner. This routine verifies all pad bytes and pad length match correctly.

ESP (RFC 4303) [un]padding routines

padESP :: Int -> ByteString -> ByteStringSource

Pad a bytestring to the IPSEC esp specification padESP m payload is equivilent to:

     --        (msg)       (padding)       (length field)
     B.concat [payload, B.pack [1,2,3,4..], B.pack [padLen]]

Where: the msg is any payload, including TFC. the padding is <= 255 the length field is one byte

Notice the result bytesting length remainder r equals zero. The lack of 'next header' field means this function is not directly useable for an IPSec implementation (copy/paste the 4 line function and add in a next header field if you are making IPSec ESP).

unpadESP :: ByteString -> Maybe ByteStringSource

A static espPad allows reuse of a single B.pack'ed pad for all calls to padESP

unpad and return the padded message (Nothing is returned if the padding is invalid)

padESPBlockSize :: BlockCipher k => k -> ByteString -> ByteStringSource

Like padESP but use the BlockCipher instance to determine padding size

putPadESPBlockSize :: BlockCipher k => k -> ByteString -> PutSource

Like putPadESP but using the BlockCipher instance to determine padding size

putPadESP :: Int -> ByteString -> PutSource

Pad a bytestring to the IPSEC ESP specification using Put. This can reduce copying if you are already using Put.