All, I have recently released new versions of:
- crypto-api[1]: An interface for cryptographic algorithms such as block ciphers, hashes, and secure random number generators. This version includes Klondike's cbcMac and SIV modes of operation - much thanks to his numerous patches. - DRBG[2]: A set of deterministic random bit generators (aka CPRNGs) based on NIST 800-90. - commsec[3]: A communications security package that provides data in transit security using AES-128 GCM without any external, C library, dependencies. - commsec-keyexchange[4]: A key exchange tool that leverages RSA keys to establish connection's for use with the commsec package. - cipher-aes128[5]: A re-packaging of Vincent Hanquez's excellent AES routines. ==Crypto API== Crypto-API was first released in 2010 with an aim of providing an interface useful to consumers of cryptographic algorithms and providers of those algorithms. It includes classes for block, stream, and asymmetric ciphers as well as for random number generators, hashes, and signature algorithms. Recent changes include: - Added SIV and cbcMac thanks to Klondike. NOTE: Some of this code is only conditionally included via a compile time flag due to GHC's slow compilation of the CPoly module. - Moved block cipher modes into the type classes, allowing use of high-speed C or ASM mode implementations. - More generator query methods in the CryptoRandomGen class. - Updated build dependencies - Move operations and expose them from Crypto.Util ==DRBG== DRBG implements the Hash and HMAC based generators specified in NIST SP 800-90. A generator using block ciphers in CTR mode is also provided, but is not based on the special publication. ==CommSec and CommSec-KeyExchange== Together, these packages provide a way to start from shared RSA keys and obtain a thread-safe secure communications channel. A pull-request is currently out to crypto-pubkey-openssh that would allow the reading and use of RSA keys generated by ssh-keygen. These packages aim to be "morally correct" in that they perform the correct operations at an equivalent computational cost of a properly vetted system, but are not themselves vetted for critical use. For small messages, commsec performs faster than the non-threadsafe secure-sockets counterpart. For larger messages the performance is not as competitive due to the GCM routine not being fully optimized. ==cipher-aes128== This package has performance benefits (vs cipher-aes) due to function-pointer rewriting that allows us to avoid excessive checking of the CPU info [6]. This package is hopefully going to be short-lived with the optimizations getting folded into Vincent's 'cipher-aes' once things are mature enough. A windows tester would help. Comments and patches are welcome. Sorry if I forgot to thank anyone who contributed, many of these projects have been neglected and I lose context in the interim. Cheers, Thomas M. DuBuisson [1] http://hackage.haskell.org/package/crypto-api [2] http://hackage.haskell.org/package/DRBG [3] http://hackage.haskell.org/package/commsec [4] http://hackage.haskell.org/package/commsec-keyexchange [5] http://hackage.haskell.org/package/cipher-aes128 [6] https://github.com/vincenthz/hs-cipher-aes/issues/8 - Up to 40% faster for small operations. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
