Today, I am happy to announce the initial release of the botan-bindings and botan-low packages to hackage.
This is the result of more than 7 months of sustained effort to provide a series of bindings to the Botan C++ cryptography library, and was made possible through support from the Haskell Foundation and funding provided by Mercury.
Botan is an open-source, BSD-licensed C++ cryptography library with an extensive suite of cryptographic algorithms and utilities, ranging from simple hashes and ciphers to complete protocol implementations of SRP6, X509, and TLS, and even post-quantum cryptography algorithm. Botan is developed and maintained by an active community, has been audited in the past, and provides a Haskell-compatible C FFI.
As such, it provides a stable, portable cryptography library on which to build a type-safe, functional cryptographic ecosystem, by providing much of the necessary ‘cryptographic kitchen sink’.
These packages attempt to provide a lightweight wrapper to the Botan C FFI, with minimal dependencies.
botan-bindings
The botan-bindings library contains raw bindings and is an almost direct, 1-1 translation of the C API into Haskell FFI calls using the CApiFFI language extension. As such, it exposes and operates over C FFI types, and requires buffer and pointer and pointer management. This library only exposes FFI calls and constants, and is suitable for building your own abstraction over Botan.
botan-low
The botan-low library contains low-level bindings which wrap the FFI calls into IO actions. This library handles the translation between buffers and ByteStrings, and throw exceptions in the case of errors, but is otherwise be a fairly faithful translation of the Botan interface. This library is suitable for everyday use, but will be superceded in ergonomics by the high-level botan, which isn’t far behind.
Installation, Usage, and Tutorials
This library requires the botan-3 C++ library to be installed in order to function. Please follow the instructions in the README or the official Botan C++ installation instructions for more detail.
You will need to add botan-low as a package dependency in order to use it. Simply add it to your [project].cabal under the build-depends stanza:
build-depends:
botan-low
After that, there is an entire series of tutorials that can be found in the README and in the haddock documentation.
Testing
This project was tested with the following GHC versions:
9.2.89.4.79.6.39.8.1
This project has unit tests that pass, (aside from a few algorithm-specific failures that are being taken care of).
Changelog
botan-bindings 0.0.1 - 2024/02/13
Initial release.
botan-low 0.0.1 - 2024/02/13
Initial release.
Future work
Work on the high-level botan is ongoing; several modules have recently reached gold-standard status, and a whole host of cryptographic typeclasses are being developed in tandem with data families in order to provide a high level of per-algorithm type safety and ergonomics that we expect from an idiomatic Haskell interface. It’s looking fantastic, so you should follow the devlog for more up-to-date details!