packages feed

clientsession 0.9.0.3 → 0.9.0.4

raw patch · 2 files changed

+18/−6 lines, 2 filesPVP ok

version bump matches the API change (PVP)

API changes (from Hackage documentation)

Files

clientsession.cabal view
@@ -1,5 +1,5 @@ name:            clientsession-version:         0.9.0.3+version:         0.9.0.4 license:         BSD3 license-file:    LICENSE author:          Michael Snoyman <michael@snoyman.com>, Felipe Lessa <felipe.lessa@gmail.com>
src/Web/ClientSession.hs view
@@ -101,9 +101,9 @@  -- | The keys used to store the cookies.  We have an AES key used -- to encrypt the cookie and a Skein-MAC-512-256 key used verify--- the authencity and integrity of the cookie.  The AES key needs--- to have exactly 32 bytes (256 bits) while Skein-MAC-512-256--- should have 64 bytes (512 bits).+-- the authencity and integrity of the cookie.  The AES key must+-- have exactly 32 bytes (256 bits) while Skein-MAC-512-256 must+-- have 64 bytes (512 bits). -- -- See also 'getDefaultKey' and 'initKey'. data Key = Key { aesKey ::@@ -131,7 +131,7 @@ instance Show Key where     show _ = "<Web.ClientSession.Key>" --- | The initialization vector used by AES.  Should be exactly 16+-- | The initialization vector used by AES.  Must be exactly 16 -- bytes long. newtype IV = IV S.ByteString @@ -166,7 +166,7 @@         | otherwise         = Nothing  -- | Randomly construct a fresh initialization vector.  You--- /should not/ reuse initialization vectors.+-- /MUST NOT/ reuse initialization vectors. randomIV :: IO IV randomIV = aesRNG @@ -208,6 +208,18 @@ -- | Initializes a 'Key' from a random 'S.ByteString'.  Fails if -- there isn't exactly 96 bytes (256 bits for AES and 512 bits -- for Skein-MAC-512-512).+--+-- Note that the input string is assumed be uniformly chosen from+-- the set of all 96-byte strings.  In order words, each byte+-- should be chosen from the set of all byte values (0-255) with+-- the same probability.+--+-- In particular, this function does not do any kind of key+-- stretching.  You should never feed it a password, for example.+--+-- It's /highly/ recommended to feed @initKey@ only with values+-- generated by 'randomKey', unless you really know what you're+-- doing. initKey :: S.ByteString -> Either String Key initKey bs | S.length bs /= 96 = Left $ "Web.ClientSession.initKey: length of " ++                                          show (S.length bs) ++ " /= 96."