crypto-conduit-0.5.4: Conduit interface for cryptographic operations (from crypto-api).

Safe HaskellNone

Crypto.Conduit

Contents

Description

This module contains wrappers for cryptographic functions using the conduit package. Currently there is support for hashes, HMACs and many modes of block ciphers (but not everything crypto-api supports has a counterpart here). All functions on this package work in constant memory.

Synopsis

Cryptographic hash functions

sinkHash :: (Monad m, Hash ctx d) => Consumer ByteString m dSource

A Sink that hashes a stream of ByteStrings and creates a digest d.

hashFile :: (MonadIO m, Hash ctx d) => FilePath -> m dSource

Hashes the whole contents of the given file in constant memory. This function is just a convenient wrapper around sinkHash defined as: 

 hashFile fp = liftIO $ runResourceT (sourceFile fp $$ sinkHash)

Hash-based message authentication code (HMAC)

sinkHmac :: (Monad m, Hash ctx d) => MacKey ctx d -> Consumer ByteString m dSource

A Sink that computes the HMAC of a stream of ByteStrings and creates a digest d.

Block ciphers

Electronic codebook mode (ECB)

conduitEncryptEcbSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> Conduit ByteString m ByteString 

A Conduit that encrypts a stream of ByteStrings using ECB mode. Expects the input length to be a multiple of the block size of the cipher and fails otherwise. (Note that ECB has many undesirable cryptographic properties, please avoid it if you don't know what you're doing.)

conduitDecryptEcbSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> Conduit ByteString m ByteString 

A Conduit that decrypts a stream of ByteStrings using ECB mode. Expects the input length to be a multiple of the block size of the cipher and fails otherwise.

Cipher-block chaining mode (CBC)

conduitEncryptCbcSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> Conduit ByteString m ByteString 

A Conduit that encrypts a stream of ByteStrings using CBC mode. Expects the input length to be a multiple of the block size of the cipher and fails otherwise.

conduitDecryptCbcSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> Conduit ByteString m ByteString 

A Conduit that decrypts a stream of ByteStrings using CBC mode. Expects the input length to be a multiple of the block size of the cipher and fails otherwise.

Cipher feedback mode (CFB)

conduitEncryptCfbSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> Conduit ByteString m ByteString 

A Conduit that encrypts a stream of ByteStrings using CFB mode. Expects the input length to be a multiple of the block size of the cipher and fails otherwise.

conduitDecryptCfbSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> Conduit ByteString m ByteString 

A Conduit that decrypts a stream of ByteStrings using CFB mode. Expects the input length to be a multiple of the block size of the cipher and fails otherwise.

Output feedback mode (OFB)

conduitEncryptOfbSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> Conduit ByteString m ByteString 

A Conduit that encrypts a stream of ByteStrings using OFB mode. Expects the input length to be a multiple of the block size of the cipher and fails otherwise.

conduitDecryptOfbSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> Conduit ByteString m ByteString 

Synonym for conduitEncryptOfb, since for OFB mode both encryption and decryption are the same.

Counter mode (CTR)

conduitEncryptCtrSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> (IV k -> IV k)

Increment counter (incIV is recommended)

-> Conduit ByteString m ByteString 

A Conduit that encrypts a stream of ByteStrings using CTR mode. The input may have any length, even non-multiples of the block size.

conduitDecryptCtrSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> (IV k -> IV k)

Increment counter (incIV is recommended)

-> Conduit ByteString m ByteString 

Synonym for conduitEncryptCtr, since for CTR mode both encryption and decryption are the same.

sourceCtrSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> IV k

Initialization vector.

-> Producer m ByteString 

An infinite stream of bytes generated by a block cipher on CTR mode.

Cipher-block chaining message authentication code (CBC-MAC)

sinkCbcMacSource

Arguments

:: (Monad m, BlockCipher k) 
=> k

Cipher key.

-> Consumer ByteString m ByteString 

A Sink that computes the CBC-MAC of a stream of ByteStrings and creates a digest (already encoded in a ByteString, since we're using a block cipher). Expects the input length to be a multiple of the block size of the cipher and fails otherwise. (Note that CBC-MAC is not secure for variable-length messages.)

Internal helpers

blockedSource

Arguments

:: Monad m 
=> BlockMode 
-> ByteLength

Block size

-> Conduit ByteString m Block 

A Conduit that takes arbitrary ByteStrings and outputs Blocks. Each Full block will have a length that is multiple of the given block size (either exactly the block size or a multiple of at least 1x the block size, depending on the BlockMode). All Blocks beside the last one will be Full. The last block will always be LastOne with less bytes than the block size, possibly zero.

data BlockMode Source

How Blocks should be returned, either with strictly the block size or with a multiple of at least 1x the block size.

Constructors

StrictBlockSize 
AnyMultiple 

Instances

data Block Source

A block returned by blocked.

Constructors

Full ByteString 
LastOne ByteString 

Instances