Crypto-API, MonadCryptoRandom, DRBG November 2, 2010

Announcing a new version of crypto-api and the first release of both

DRBG and MonadCryptoRandom. Links can be found at the end of the e-mail

along with acknowledgments.

Crypto-API

Crypto-api, a generic interface for cryptographic algorithms, has hit

version 0.2. Notable additions include:

If you use cryptographic operations then crypto-api is here to give you

an easy implementation and algorithm independent interface.

The “OS-independent” random source (System.Crypto.Random) now works on

Windows. (thanks Stuart Dootson)

Windows. (thanks Stuart Dootson) No more MonoLocalBinds or ScopedTypeVariables, GHC < 6.12 should now

work.

work. No more “instance Monad Either” what-so-ever. It got in the way other

other instances more than being helpful.

other instances more than being helpful. The order of arguments are swapped in CryptoRandomGen so it fits

standard convention.

standard convention. Build deps updated so GHC-7 works (Paulo Tanimoto)

If you maintain block ciphers, hashes, asymmetric ciphers, stream

ciphers, or random number generators then I encourage you to make an

instance for the matching Crypto-API class. Also, make use of the

testing infrastructure provided if possible. AES, SHA*, and Twofish

have lots of known-answer tests and a simple module for parsing NIST

test files is also included.

MonadCryptoRandom

Much like MonadRandom, this has a class for random value generation

(CRandom), a class for monadic operation (MonadCryptoRandom), a

transformer (CRandT), and instances to make all this useful. The main

difference between MonadCryptoRandom from MonadRandom is the use of

CryptoRandomGen instead of RandomGen and the possibility for failure by

way of MonadError.

DRBG

DRBG, a cryptographically secure pseudo random number generator based on

the NIST SP 800-90 standard, is now on hackage. This uses the

crypto-api CryptoMonadRandom class and cryptohash >= 0.6.1.

pureMD5

Incidently, pureMD5’s deps have been bumped to use the new crypto-api.

Future Work

Once we have a cryptocipher like package with BlockCipher instance for

AES, I imagine DRBG will include cipher-based bit generators. Aside

from that, more testing is certainly an order.

Disclaimer

Just so there’s no confusion about my part in all this.

Crypto-API: I started discussion and hacked up the code for this interface (and that’s all it is, an interface for algorithm producers and algorithm consumers to meet in the middle) MonadCryptoRandom: This is just a rip-off of the motivating idea behind MonadRandom but it allows failure. I tried to match even the names as closely as was sensible (CRand instead of Rand, etc). DRBG: Its a translation of a NIST spec. I never thought I’d do translator work, but here I am doing English to Haskell transcription.

Links

Crypto-API

Hackage: http://hackage.haskell.org/package/crypto-api

Home: http://trac.haskell.org/crypto-api/wiki

DRBG

Hackage: http://hackage.haskell.org/package/DRBG

Home: None, will share home and bug tracker with crypto-api

MonadCryptoRandom

Hackage: http://hackage.haskell.org/package/monadcryptorandom

Home: None, will share home and bug tracker with crypto-api

Thanks go to Vincent Hanquez for his cryptohash package including

crypto-api instances, Stuart Dootson for getting the Windows code in

System.Crypto.Random working, Paulo Tanimoto for pointing out/patching

an issue with GHC-7

Ben Boeckel – I haven’t forgot about your patch but it seems

cabal/hackage rejects such a .cabal file. I’ll have to investigate or

talk to Duncan.