packages feed

crypto-token 0.0.0.0 → 0.0.1

raw patch · 2 files changed

+32/−20 lines, 2 filesdep ~cryptonitePVP ok

version bump matches the API change (PVP)

Dependency ranges changed: cryptonite

API changes (from Hackage documentation)

Files

Crypto/Token.hs view
@@ -3,6 +3,8 @@ {-# LANGUAGE ScopedTypeVariables #-}  -- | Encrypted tokens/tickets to keep state in the client side.+--   For security reasons, 'Storable' data types MUST be fixed-size+--   when stored (i.e. serialized into the memory). module Crypto.Token (   -- * Configuration     Config(..)@@ -174,14 +176,18 @@     hdrbin <- BA.create (sizeOf mskhdr) $ \ptr -> poke ptr mskhdr     return (hdrbin `BA.append` cipher) -delHeader :: ByteArray ba => TokenManager -> ba -> IO (Int, Int64, ba)-delHeader TokenManager{..} token = do-    let (hdrbin, cipher) = BA.splitAt (indexLength + counterLength) token-    mskhdr <- BA.withByteArray hdrbin peek-    let hdr = headerMask `xorHeader` mskhdr-        idx = fromIntegral $ headerIndex hdr-        counter = fromIntegral $ headerCounter hdr-    return (idx, counter, cipher)+delHeader :: ByteArray ba => TokenManager -> ba -> IO (Maybe (Int, Int64, ba))+delHeader TokenManager{..} token+  | BA.length token < minlen = return Nothing+  | otherwise = do+        let (hdrbin, cipher) = BA.splitAt minlen token+        mskhdr <- BA.withByteArray hdrbin peek+        let hdr = headerMask `xorHeader` mskhdr+            idx = fromIntegral $ headerIndex hdr+            counter = fromIntegral $ headerCounter hdr+        return $ Just (idx, counter, cipher)+  where+    minlen = indexLength + counterLength  -- | Encrypting a target value to get a token. encryptToken :: (Storable a, ByteArray ba)@@ -197,7 +203,7 @@ encrypt secret x = do     counter <- I.atomicModifyIORef' (secretCounter secret) (\i -> (i+1, i))     plain <- BA.create (sizeOf x) $ \ptr -> poke ptr x-    nonce <- makeNounce counter $ secretIV secret+    nonce <- makeNonce counter $ secretIV secret     let cipher = aes256gcmEncrypt plain (secretKey secret) nonce     return (counter, cipher) @@ -205,22 +211,28 @@ decryptToken :: (Storable a, ByteArray ba)              => TokenManager -> ba -> IO (Maybe a) decryptToken mgr token = do-    (idx, counter, cipher) <- delHeader mgr token-    secret <- getSecret mgr idx-    decrypt secret counter cipher+    mx <- delHeader mgr token+    case mx of+      Nothing -> return Nothing+      Just (idx, counter, cipher) -> do+          secret <- getSecret mgr idx+          decrypt secret counter cipher -decrypt :: (Storable a, ByteArray ba)+decrypt :: forall a ba . (Storable a, ByteArray ba)         => Secret -> Int64 -> ba -> IO (Maybe a) decrypt secret counter cipher = do-    nonce <- makeNounce counter $ secretIV secret+    nonce <- makeNonce counter $ secretIV secret     let mplain = aes256gcmDecrypt cipher (secretKey secret) nonce+        expect = sizeOf (undefined :: a)     case mplain of-      Nothing    -> return Nothing-      Just plain -> Just <$> BA.withByteArray plain peek+      Just plain+        | BA.length plain == expect -> Just <$> BA.withByteArray plain peek+      _                             -> return Nothing -makeNounce :: forall ba . ByteArray ba => Int64 -> ba -> IO ba-makeNounce counter iv = do-    cv <- BA.create 8 $ \ptr -> poke ptr counter++makeNonce :: forall ba . ByteArray ba => Int64 -> ba -> IO ba+makeNonce counter iv = do+    cv <- BA.create ivLength $ \ptr -> poke ptr counter     return $ iv `BA.xor` (cv :: ba)  ----------------------------------------------------------------
crypto-token.cabal view
@@ -1,5 +1,5 @@ name:                crypto-token-version:             0.0.0.0+version:             0.0.1 synopsis:            crypto tokens description:         Encrypted tokens/tickets to keep state in the client side. license:             BSD3