clientsession 0.9 → 0.9.0.1
raw patch · 2 files changed
+26/−18 lines, 2 filesdep ~cipher-aesPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: cipher-aes
API changes (from Hackage documentation)
Files
- clientsession.cabal +1/−1
- src/Web/ClientSession.hs +25/−17
clientsession.cabal view
@@ -1,5 +1,5 @@ name: clientsession-version: 0.9+version: 0.9.0.1 license: BSD3 license-file: LICENSE author: Michael Snoyman <michael@snoyman.com>, Felipe Lessa <felipe.lessa@gmail.com>
src/Web/ClientSession.hs view
@@ -100,7 +100,12 @@ -- should have 64 bytes (512 bits). -- -- See also 'getDefaultKey' and 'initKey'.-data Key = Key { aesKey :: !A.Key+data Key = Key { aesKey ::+#if MIN_VERSION_cipher_aes(0, 2, 0)+ !A.AES+#else+ !A.Key+#endif -- ^ AES key with 32 bytes. , macKey :: !(S.ByteString -> Skein_512_256) -- ^ Skein-MAC key. Instead of storing the key@@ -122,13 +127,21 @@ -- | The initialization vector used by AES. Should be exactly 16 -- bytes long.-newtype IV = IV A.IV+newtype IV = IV S.ByteString unsafeMkIV :: S.ByteString -> IV+#if MIN_VERSION_cipher_aes(0, 2, 0)+unsafeMkIV bs = (IV bs)+#else unsafeMkIV bs = (IV (A.IV bs))+#endif unIV :: IV -> S.ByteString+#if MIN_VERSION_cipher_aes(0, 2, 0)+unIV (IV bs) = bs+#else unIV (IV (A.IV bs)) = bs+#endif instance Eq IV where (==) = (==) `on` unIV@@ -222,9 +235,9 @@ -> S.ByteString -- ^ Serialized cookie data. -> S.ByteString -- ^ Encoded cookie data to be given to -- the client browser.-encrypt key (IV (A.IV iv)) x = B.encode final+encrypt key (IV iv) x = B.encode final where- encrypted = A.encryptCTR (aesKey key) (A.IV iv) x+ encrypted = A.encryptCTR (aesKey key) iv x toBeAuthed = iv `S.append` encrypted auth = macKey key toBeAuthed final = encode auth `S.append` toBeAuthed@@ -243,7 +256,12 @@ auth' = macKey key toBeAuthed guard (encode auth' `constTimeEq` auth) let (iv, encrypted) = S.splitAt 16 toBeAuthed- return $! A.decryptCTR (aesKey key) (A.IV iv) encrypted+#if MIN_VERSION_cipher_aes(0, 2, 0)+ let iv' = iv+#else+ let iv' = A.IV iv+#endif+ return $! A.decryptCTR (aesKey key) iv' encrypted -- Significantly more efficient random IV generation. Initial@@ -265,18 +283,8 @@ -- | Reseed the CPRNG with new entropy from the system pool. aesReseed :: IO () aesReseed = do- let len :: Tagged AESRNG ByteLength- len = genSeedLength- ent <- getEntropy (untag len)- I.atomicModifyIORef aesRef $- \(ASt rng _) ->- case reseed ent rng of- Right rng' -> (ASt rng' 0, ())- Left _ -> (ASt rng 0, ())- -- Use the old RNG, but force a reseed- -- after another 'threshold' uses of it.- -- In theory, we will never reach this- -- branch, but if we do, we're safe.+ rng' <- makeSystem+ I.writeIORef aesRef $ ASt rng' 0 -- | 'IORef' that keeps the current state of the CPRNG. Yep, -- global state. Used in thread-safe was only, though.