crypto-token 0.0.0.0 → 0.0.1
raw patch · 2 files changed
+32/−20 lines, 2 filesdep ~cryptonitePVP ok
version bump matches the API change (PVP)
Dependency ranges changed: cryptonite
API changes (from Hackage documentation)
Files
- Crypto/Token.hs +31/−19
- crypto-token.cabal +1/−1
Crypto/Token.hs view
@@ -3,6 +3,8 @@ {-# LANGUAGE ScopedTypeVariables #-} -- | Encrypted tokens/tickets to keep state in the client side.+-- For security reasons, 'Storable' data types MUST be fixed-size+-- when stored (i.e. serialized into the memory). module Crypto.Token ( -- * Configuration Config(..)@@ -174,14 +176,18 @@ hdrbin <- BA.create (sizeOf mskhdr) $ \ptr -> poke ptr mskhdr return (hdrbin `BA.append` cipher) -delHeader :: ByteArray ba => TokenManager -> ba -> IO (Int, Int64, ba)-delHeader TokenManager{..} token = do- let (hdrbin, cipher) = BA.splitAt (indexLength + counterLength) token- mskhdr <- BA.withByteArray hdrbin peek- let hdr = headerMask `xorHeader` mskhdr- idx = fromIntegral $ headerIndex hdr- counter = fromIntegral $ headerCounter hdr- return (idx, counter, cipher)+delHeader :: ByteArray ba => TokenManager -> ba -> IO (Maybe (Int, Int64, ba))+delHeader TokenManager{..} token+ | BA.length token < minlen = return Nothing+ | otherwise = do+ let (hdrbin, cipher) = BA.splitAt minlen token+ mskhdr <- BA.withByteArray hdrbin peek+ let hdr = headerMask `xorHeader` mskhdr+ idx = fromIntegral $ headerIndex hdr+ counter = fromIntegral $ headerCounter hdr+ return $ Just (idx, counter, cipher)+ where+ minlen = indexLength + counterLength -- | Encrypting a target value to get a token. encryptToken :: (Storable a, ByteArray ba)@@ -197,7 +203,7 @@ encrypt secret x = do counter <- I.atomicModifyIORef' (secretCounter secret) (\i -> (i+1, i)) plain <- BA.create (sizeOf x) $ \ptr -> poke ptr x- nonce <- makeNounce counter $ secretIV secret+ nonce <- makeNonce counter $ secretIV secret let cipher = aes256gcmEncrypt plain (secretKey secret) nonce return (counter, cipher) @@ -205,22 +211,28 @@ decryptToken :: (Storable a, ByteArray ba) => TokenManager -> ba -> IO (Maybe a) decryptToken mgr token = do- (idx, counter, cipher) <- delHeader mgr token- secret <- getSecret mgr idx- decrypt secret counter cipher+ mx <- delHeader mgr token+ case mx of+ Nothing -> return Nothing+ Just (idx, counter, cipher) -> do+ secret <- getSecret mgr idx+ decrypt secret counter cipher -decrypt :: (Storable a, ByteArray ba)+decrypt :: forall a ba . (Storable a, ByteArray ba) => Secret -> Int64 -> ba -> IO (Maybe a) decrypt secret counter cipher = do- nonce <- makeNounce counter $ secretIV secret+ nonce <- makeNonce counter $ secretIV secret let mplain = aes256gcmDecrypt cipher (secretKey secret) nonce+ expect = sizeOf (undefined :: a) case mplain of- Nothing -> return Nothing- Just plain -> Just <$> BA.withByteArray plain peek+ Just plain+ | BA.length plain == expect -> Just <$> BA.withByteArray plain peek+ _ -> return Nothing -makeNounce :: forall ba . ByteArray ba => Int64 -> ba -> IO ba-makeNounce counter iv = do- cv <- BA.create 8 $ \ptr -> poke ptr counter++makeNonce :: forall ba . ByteArray ba => Int64 -> ba -> IO ba+makeNonce counter iv = do+ cv <- BA.create ivLength $ \ptr -> poke ptr counter return $ iv `BA.xor` (cv :: ba) ----------------------------------------------------------------
crypto-token.cabal view
@@ -1,5 +1,5 @@ name: crypto-token-version: 0.0.0.0+version: 0.0.1 synopsis: crypto tokens description: Encrypted tokens/tickets to keep state in the client side. license: BSD3