| Safe Haskell | None | 
|---|
Network.CommSec.Package
Contents
Description
CommSec is a package that provides communication security for use with Haskell sockets. Using an ephemeral shared secret you can build contexts for sending or receiving data between one or more peers.
Do not reuse the shared secret! Key agreement mechanisms that leverage PKI might be added later.
- data OutContext = Out {}
- data InContext
- data  CommSecError - = OldContext
- | DuplicateSeq
- | InvalidICV
- | BadPadding
 
- data SequenceMode
- newInContext :: ByteString -> SequenceMode -> InContext
- newOutContext :: ByteString -> OutContext
- decode :: InContext -> ByteString -> Either CommSecError (ByteString, InContext)
- encode :: OutContext -> ByteString -> (ByteString, OutContext)
- decodePtr :: InContext -> Ptr Word8 -> Ptr Word8 -> Int -> IO (Either CommSecError (Int, InContext))
- encodePtr :: OutContext -> Ptr Word8 -> Ptr Word8 -> Int -> IO OutContext
- encBytes :: Int -> Int
- decBytes :: Int -> Int
- peekBE32 :: Ptr Word8 -> IO Word32
- pokeBE32 :: Ptr Word8 -> Word32 -> IO ()
- peekBE :: Ptr Word8 -> IO Word64
- pokeBE :: Ptr Word8 -> Word64 -> IO ()
Types
data OutContext Source
A context useful for sending data.
A context useful for receiving data.
data CommSecError Source
Errors that can be returned by the decoding/receicing operations.
Constructors
| OldContext | |
| DuplicateSeq | |
| InvalidICV | |
| BadPadding | 
data SequenceMode Source
Policy for misordered packets. Notice StrictOrdering does not mean every sequence numbered packet will be received, only that the sequence number will always increase.
Constructors
| AllowOutOfOrder | |
| StrictOrdering | |
| Sequential | 
Build contexts for use sending and receiving
newInContext :: ByteString -> SequenceMode -> InContextSource
Given at least 20 bytes of entropy, produce an in context that can communicate with an identically initialized out context.
newOutContext :: ByteString -> OutContextSource
Given at least 24 bytes of entropy, produce an out context that can communicate with an identically initialized in context.
Pure / ByteString based encryption and decryption routines
decode :: InContext -> ByteString -> Either CommSecError (ByteString, InContext)Source
encode :: OutContext -> ByteString -> (ByteString, OutContext)Source
Use an OutContext to protect a message for transport.
 Message format: [ctr, ct, padding, tag].
This routine can throw an exception of OldContext if the context being
 used has expired.
IO / Pointer based encryption and decryption routines
decodePtr :: InContext -> Ptr Word8 -> Ptr Word8 -> Int -> IO (Either CommSecError (Int, InContext))Source
decodePtr inCtx pkg msg pkgLen decrypts and verifies a package at
 location pkg of size pkgLen.  The resulting message is placed at
 location msg and its size is returned along with a new context (or
 error).
encodePtr :: OutContext -> Ptr Word8 -> Ptr Word8 -> Int -> IO OutContextSource
encodePtr outCtx msg result msgLen will encode msgLen bytes at
 location msg, placing the result at location result.  The buffer
 pointed to by result must be at least encBytes msgLen bytes large,
 the actual package will be exactly encBytes msgLen in size.
Utility functions
Given a message length, returns the number of bytes an encoded message will consume.
Given a package length, returns the maximum number of bytes the underlying message could be (including padding).