AES encription with auth tag after cypher text (the order in WebCrypto etc.); upgrade GHC to 8.10.7 (#197)

package.yaml

@@ -37,7 +37,7 @@ dependencies:
   - cryptonite >= 0.27 && < 0.30
   - direct-sqlite == 2.3.*
   - directory == 1.3.*
-  - file-embed == 0.0.14.*
+  - file-embed >= 0.0.14.0 && <= 0.0.15.0
   - filepath == 1.4.*
   - generic-random >= 1.3 && < 1.5
   - iso8601-time == 0.1.*

simplexmq.cabal

@@ -3,8 +3,6 @@ cabal-version: 1.12
 -- This file has been generated from package.yaml by hpack version 0.34.4.
 --
 -- see: https://github.com/sol/hpack
---
--- hash: 706d2f9155c3f3be0f08ea0d6c8954c0e2b9a6e22615f7b19499a3a349af7cc9
 
 name:           simplexmq
 version:        0.4.1
@@ -78,7 +76,7 @@ library
     , cryptonite >=0.27 && <0.30
     , direct-sqlite ==2.3.*
     , directory ==1.3.*
-    , file-embed ==0.0.14.*
+    , file-embed >=0.0.14.0 && <=0.0.15.0
     , filepath ==1.4.*
     , generic-random >=1.3 && <1.5
     , iso8601-time ==0.1.*
@@ -123,7 +121,7 @@ executable smp-agent
     , cryptonite >=0.27 && <0.30
     , direct-sqlite ==2.3.*
     , directory ==1.3.*
-    , file-embed ==0.0.14.*
+    , file-embed >=0.0.14.0 && <=0.0.15.0
     , filepath ==1.4.*
     , generic-random >=1.3 && <1.5
     , iso8601-time ==0.1.*
@@ -170,7 +168,7 @@ executable smp-server
     , cryptostore ==0.2.*
     , direct-sqlite ==2.3.*
     , directory ==1.3.*
-    , file-embed ==0.0.14.*
+    , file-embed >=0.0.14.0 && <=0.0.15.0
     , filepath ==1.4.*
     , generic-random >=1.3 && <1.5
     , ini ==0.4.*
@@ -227,7 +225,7 @@ test-suite smp-server-test
     , cryptonite >=0.27 && <0.30
     , direct-sqlite ==2.3.*
     , directory ==1.3.*
-    , file-embed ==0.0.14.*
+    , file-embed >=0.0.14.0 && <=0.0.15.0
     , filepath ==1.4.*
     , generic-random >=1.3 && <1.5
     , hspec ==2.7.*

src/Simplex/Messaging/Transport.hs

@@ -191,7 +191,7 @@ instance Transport TCP where
   transportName _ = "TCP"
   getServerConnection = fmap TCP . getSocketHandle
   getClientConnection = getServerConnection
-  closeConnection = hClose . tcpHandle
+  closeConnection (TCP h) = hClose h `E.catch` \(_ :: E.SomeException) -> pure ()
   cGet = B.hGet . tcpHandle
   cPut = B.hPut . tcpHandle
   getLn = fmap trimCR . B.hGetLine . tcpHandle
@@ -310,7 +310,7 @@ tPutEncrypted :: Transport c => THandle c -> ByteString -> IO (Either TransportE
 tPutEncrypted THandle {connection = c, sndKey, blockSize} block =
   encryptBlock sndKey (blockSize - C.authTagSize) block >>= \case
     Left _ -> pure $ Left TEEncrypt
-    Right (authTag, msg) -> Right <$> cPut c (C.authTagToBS authTag <> msg)
+    Right (authTag, msg) -> Right <$> cPut c (msg <> C.authTagToBS authTag)
 
 -- | Receive and decrypt block from SMP encrypted transport.
 tGetEncrypted :: Transport c => THandle c -> IO (Either TransportError ByteString)
@@ -327,7 +327,7 @@ encryptBlock k@SessionKey {aesKey} size block = do
 
 decryptBlock :: SessionKey -> ByteString -> IO (Either C.CryptoError ByteString)
 decryptBlock k@SessionKey {aesKey} block = do
-  let (authTag, msg') = B.splitAt C.authTagSize block
+  let (msg', authTag) = B.splitAt (B.length block - C.authTagSize) block
   ivBytes <- makeNextIV k
   runExceptT $ C.decryptAES aesKey ivBytes msg' (C.bsToAuthTag authTag)
 

stack.yaml

@@ -17,7 +17,7 @@
 #
 # resolver: ./custom-snapshot.yaml
 # resolver: https://example.com/snapshots/2018-01-01.yaml
-resolver: lts-18.0
+resolver: lts-18.13
 
 # User packages to be built.
 # Various formats can be used as shown in the example below.