monocypher-4.0.0.1: Low level bindings to the monocypher C library.
Safe HaskellNone
LanguageGHC2021

Monocypher.C

Description

Low level bindings to the monocypher C library.

Version

The Haskell library monocypher version A.B.C.D is compatible with the C library monocypher version A.B.C, which is shipped and compiled together with this Haskell library. The D part of the version number is the only one we increment in the Haskell library independently from the C library.

License

This module is dual-licensed the same way the monocypher C library is. Namely, you can choose the license you prefer among CC0-1.0 or BSD-2-Clause.

Differences from the C library
  • The the crypto_ prefix is dropped from every name.
  • The argon2 function takes all its parameters separately instead of wrapping them in different structures like the C crypto_argon2 version does. Also, the necessary work_area is allocated automatically.
  • The eddsa_key_pair, ed25519_key_pair and elligator_key_pair functions don't wipe the passed in seed value. Their C counterparts do.
  • The crypto_aead_ctx, crypto_blake2b and crypto_poly1305_ctx C structures are opaque, represented in Haskell by AEAD_CTX, BLAKE2B_CTX, etc. They can be allocated with aead_ctx_malloc, blake2b_ctx_malloc, etc.
  • We export type-level constants for sizes and alignments used throughout this module. The names of these constants are not official, in the sense that the C library doesn't use any names for constants, and instead it mentions numbers like 32 or 64 directly.
Synopsis

Utils

verify16 Source #

Arguments

:: Ptr Word8

const uint8_t a[16].

-> Ptr Word8

const uint8_t b[16].

-> CInt

0 if a and b are equal, -1 otherwise.

verify32 Source #

Arguments

:: Ptr Word8

const uint8_t a[32].

-> Ptr Word8

const uint8_t b[32].

-> CInt

0 if a and b are equal, -1 otherwise.

verify64 Source #

Arguments

:: Ptr Word8

const uint8_t a[64].

-> Ptr Word8

const uint8_t b[64].

-> CInt

0 if a and b are equal, -1 otherwise.

Memory

wipe Source #

Arguments

:: Ptr Word8

void * secret.

-> CSize

size_t size.

-> IO () 

Aead

aead_lock Source #

Arguments

:: Ptr Word8

uint8_t * cipher_text.

-> Ptr Word8

uint8_t mac[POLY1305_MAC_SIZE].

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t nonce[CHACHA20_X_NONCE_SIZE].

-> Ptr Word8

const uint8_t * ad.

-> CSize

size_t ad_size.

-> Ptr Word8

const uint8_t * plain_text.

-> CSize

size_t text_size.

-> IO () 

aead_unlock Source #

Arguments

:: Ptr Word8

uint8_t * plain_text.

-> Ptr Word8

const uint8_t mac[POLY1305_MAC_SIZE].

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t nonce[CHACHA20_X_NONCE_SIZE].

-> Ptr Word8

const uint8_t * ad.

-> CSize

size_t ad_size.

-> Ptr Word8

const uint8_t * cipher_text.

-> CSize

size_t text_size.

-> IO CInt

0 on successful decryption, -1 otherwise.

Incremental

newtype AEAD_CTX Source #

See crypto_aead_ctx.

Allocate with aead_ctx_malloc.

Constructors

AEAD_CTX (ForeignPtr AEAD_CTX)

The constructor is exposed in case your want to obtain the ForeignPtr by means other than aead_ctx_malloc.

You can use withForeignPtr to obtain the Ptr necessary by many of the functions in this module.

Instances

Instances details
Storable AEAD_CTX Source #

Peek allocates memory using aead_ctx_malloc, so it will be automatically wiped when unreachable.

Instance details

Defined in Monocypher.C

aead_ctx_malloc :: IO AEAD_CTX Source #

Allocated with mallocForeignPtr, but also automatically wiped when not reachable anymore, before being freed.

aead_init_x Source #

Arguments

:: Ptr AEAD_CTX

crypto_aead_ctx * ctx. Allocate with aead_ctx_malloc

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t nonce[CHACHA20_X_NONCE_SIZE].

-> IO () 

aead_init_djb Source #

Arguments

:: Ptr AEAD_CTX

crypto_aead_ctx * ctx. Allocate with aead_ctx_malloc

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t nonce[CHACHA20_DJB_NONCE_SIZE].

-> IO () 

aead_init_ietf Source #

Arguments

:: Ptr AEAD_CTX

crypto_aead_ctx * ctx. Allocate with aead_ctx_malloc

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t nonce[CHACHA20_IETF_NONCE_SIZE].

-> IO () 

aead_write Source #

Arguments

:: Ptr AEAD_CTX

crypto_aead_ctx * ctx.

-> Ptr Word8

uint8_t * cipher_text.

-> Ptr Word8

uint8_t mac[POLY1305_MAC_SIZE].

-> Ptr Word8

const uint8_t * ad.

-> CSize

size_t ad_size.

-> Ptr Word8

const uint8_t * plain_text.

-> CSize

size_t text_size.

-> IO () 

aead_read Source #

Arguments

:: Ptr AEAD_CTX

crypto_aead_ctx * ctx.

-> Ptr Word8

uint8_t * plain_text.

-> Ptr Word8

const uint8_t mac[POLY1305_MAC_SIZE].

-> Ptr Word8

const uint8_t * ad.

-> CSize

size_t ad_size.

-> Ptr Word8

const uint8_t * cipher_text.

-> CSize

size_t text_size.

-> IO CInt

0 on successful decryption, -1 otherwise.

BLAKE2b

blake2b Source #

Arguments

:: Ptr Word8

uint8_t * hash.

-> CSize

size_t hash_size.

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

blake2b_keyed Source #

Arguments

:: Ptr Word8

uint8_t * hash.

-> CSize

size_t hash_size.

-> Ptr Word8

const uint8_t * key.

-> CSize

size_t key_size.

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

Incremental

newtype BLAKE2B_CTX Source #

Constructors

BLAKE2B_CTX (ForeignPtr BLAKE2B_CTX)

The constructor is exposed in case your want to obtain the ForeignPtr by means other than blake2b_ctx_malloc.

You can use withForeignPtr to obtain the Ptr necessary by many of the functions in this module.

Instances

Instances details
Storable BLAKE2B_CTX Source #

Peek allocates memory using blake2b_ctx_malloc, so it will be automatically wiped when unreachable.

Instance details

Defined in Monocypher.C

blake2b_ctx_malloc :: IO BLAKE2B_CTX Source #

Allocated with mallocForeignPtr, but also automatically wiped when not reachable anymore, before being freed.

blake2b_init Source #

Arguments

:: Ptr BLAKE2B_CTX

crypto_blake2b_ctx * ctx. Allocate with blake2b_ctx_malloc.

-> CSize

size_t hash_size.

-> IO () 

blake2b_keyed_init Source #

Arguments

:: Ptr BLAKE2B_CTX

crypto_blake2b_ctx * ctx. Allocate with blake2b_ctx_malloc.

-> CSize

size_t hash_size.

-> Ptr Word8

const uint8_t * key.

-> CSize

size_t key_size.

-> IO () 

blake2b_update Source #

Arguments

:: Ptr BLAKE2B_CTX

crypto_blake2b_ctx * ctx.

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

blake2b_final Source #

Arguments

:: Ptr BLAKE2B_CTX

crypto_blake2b_ctx * ctx.

-> Ptr Word8

uint8_t * hash.

-> IO () 

Argon2

argon2 Source #

Arguments

:: Ptr Word8

uint8_t * hash.

-> Word32

uint32_t hash_size.

-> Argon2Algorithm

uint32_t algorithm.

-> Word32

uint32_t nb_blocks.

-> Word32

uint32_t nb_passes.

-> Word32

uint32_t nb_lanes.

-> Ptr Word8

const uint8_t * pass.

-> Word32

uint32_t pass_size.

-> Ptr Word8

const uint8_t * salt.

-> Word32

uint32_t salt_size.

-> Ptr Word8

const uint8_t * key.

-> Word32

uint32_t key_size.

-> Ptr Word8

const uint8_t * ad.

-> Word32

uint32_t ad_size.

-> IO () 

See crypto_argon2()

Contrary to the C version of crypto_argon2(), this version takes all the inputs individually, rather than in the separate crypto_argon2_config, crypto_argon2_inputs and crypto_argon2_extras structures, and a sufficiently large work_area is automatically provided.

X25519

x25519_public_key Source #

Arguments

:: Ptr Word8

uint8_t public_key[X25519_PUBLIC_KEY_SIZE].

-> Ptr Word8

const uint8_t secret_key[X25519_SECRET_KEY_SIZE].

-> IO () 

x25519 Source #

Arguments

:: Ptr Word8

uint8_t raw_shared_secret[X25519_SHARED_SECRET_SIZE].

-> Ptr Word8

const uint8_t your_secret_key[X25519_SECRET_KEY_SIZE].

-> Ptr Word8

const uint8_t their_public_key[X25519_PUBLIC_KEY_SIZE].

-> IO () 

x25519_inverse Source #

Arguments

:: Ptr Word8

uint8_t blind_salt[X25519_POINT_SIZE].

-> Ptr Word8

const uint8_t private_key[X25519_SECRET_KEY_SIZE].

-> Ptr Word8

const uint8_t curve_point[X25519_POINT_SIZE].

-> IO () 

Elligator

elligator_map Source #

Arguments

:: Ptr Word8

uint8_t point[X25519_POINT_SIZE].

-> Ptr Word8

const uint8_t hidden[ELLIGATOR_HIDDEN_SIZE].

-> IO () 

elligator_rev Source #

Arguments

:: Ptr Word8

uint8_t hidden[ELLIGATOR_HIDDEN_SIZE].

-> Ptr Word8

const uint8_t public_key[X25519_PUBLIC_KEY_SIZE].

-> Word8

uint8_t tweak.

-> IO CInt

0 on success, -1 if the given curve argument is unsuitable for hiding.

elligator_key_pair Source #

Arguments

:: Ptr Word8

uint8_t hidden[ELLIGATOR_HIDDEN_SIZE].

-> Ptr Word8

uint8_t secret_key[X25519_SECRET_KEY_SIZE].

-> Ptr Word8

const uint8_t seed[ELLIGATOR_SEED_SIZE].

-> IO () 

See crypto_elligator_key_pair().

Contrary to the C version of crypto_elligator_key_pair(), this version does not wipe the passed in seed.

EdDSA

EdDSA on Curve25519 using BLAKE2b as hash algorithm.

Warning: This is not compatible with the more commonly deployed Ed25519, which is EdDSA on Curve25519 using SHA512 as hash algorithm.

eddsa_key_pair Source #

Arguments

:: Ptr Word8

uint8_t secret_key[EDDSA_SECRET_KEY_SIZE].

-> Ptr Word8

uint8_t public_key[EDDSA_PUBLIC_KEY_SIZE].

-> Ptr Word8

const uint8_t seed[EDDSA_SEED_SIZE].

-> IO () 

See crypto_eddsa_key_pair().

Contrary to the C version of crypto_eddsa_key_pair(), this version does not wipe the passed in seed.

eddsa_sign Source #

Arguments

:: Ptr Word8

uint8_t signature[EDDSA_SIGNATURE_SIZE].

-> Ptr Word8

const uint8_t secret_key[EDDSA_SECRET_KEY_SIZE].

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

eddsa_check Source #

Arguments

:: Ptr Word8

const uint8_t signature[EDDSA_SIGNATURE_SIZE].

-> Ptr Word8

const uint8_t public_key[EDDSA_PUBLIC_KEY_SIZE].

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO CInt

0 if signature is legitimate, -1 otherwise.

eddsa_trim_scalar Source #

Arguments

:: Ptr Word8

uint8_t out[32].

-> Ptr Word8

const uint8_t in[32].

-> IO () 

eddsa_reduce Source #

Arguments

:: Ptr Word8

uint8_t reduced[32].

-> Ptr Word8

const uint8_t expanded[64].

-> IO () 

eddsa_mul_add Source #

Arguments

:: Ptr Word8

uint8_t r[32].

-> Ptr Word8

const uint8_t a[32].

-> Ptr Word8

const uint8_t b[32].

-> Ptr Word8

const uint8_t c[32].

-> IO () 

eddsa_scalarbase Source #

Arguments

:: Ptr Word8

uint8_t point[EDDSA_POINT_SIZE].

-> Ptr Word8

const uint8_t scalar[32].

-> IO () 

eddsa_check_equation Source #

Arguments

:: Ptr Word8

const uint8_t signature[EDDSA_SIGNATURE_SIZE].

-> Ptr Word8

const uint8_t public_key[EDDSA_PUBLIC_KEY_SIZE].

-> Ptr Word8

const uint8_t h_ram[BLAKE2B_HASH_MAX_SIZE].

-> IO CInt

0 if all checks hold, -1 otherwise.

ChaCha20

chacha20_h Source #

Arguments

:: Ptr Word8

uint8_t out[CHACHA20_OUT_SIZE].

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t in[HCHACHA20_NONCE_SIZE].

-> IO () 

chacha20_djb Source #

Arguments

:: Ptr Word8

uint8_t * cipher_text.

-> Ptr Word8

const uint8_t * plain_text.

-> CSize

size_t text_size.

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t nonce[CHACHA20_DJB_NONCE_SIZE].

-> Word64

uint64_t ctr.

-> IO Word64

Next ctr to use with the same key and nonce values.

chacha20_ietf Source #

Arguments

:: Ptr Word8

uint8_t * cipher_text.

-> Ptr Word8

const uint8_t * plain_text.

-> CSize

size_t text_size.

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t nonce[CHACHA20_IETF_NONCE_SIZE].

-> Word32

uint32_t ctr.

-> IO Word32

Next ctr to use with the same key and nonce values.

chacha20_x Source #

Arguments

:: Ptr Word8

uint8_t * cipher_text.

-> Ptr Word8

const uint8_t * plain_text.

-> CSize

size_t text_size.

-> Ptr Word8

const uint8_t key[CHACHA20_KEY_SIZE].

-> Ptr Word8

const uint8_t nonce[CHACHA20_X_NONCE_SIZE].

-> Word64

uint64_t ctr.

-> IO Word64

Next ctr to use with the same key and nonce values.

Poly1305

poly1305 Source #

Arguments

:: Ptr Word8

uint8_t mac[POLY1305_MAC_SIZE].

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> Ptr Word8

const uint8_t key[POLY1305_KEY_SIZE].

-> IO () 

Incremental

newtype POLY1305_CTX Source #

Constructors

POLY1305_CTX (ForeignPtr POLY1305_CTX)

The constructor is exposed in case your want to obtain the ForeignPtr by means other than poly1305_ctx_malloc.

You can use withForeignPtr to obtain the Ptr necessary by many of the functions in this module.

Instances

Instances details
Storable POLY1305_CTX Source #

Peek allocates memory using poly1305_ctx_malloc, so it will be automatically wiped when unreachable.

Instance details

Defined in Monocypher.C

poly1305_ctx_malloc :: IO POLY1305_CTX Source #

Allocated with mallocForeignPtr, but also automatically wiped when not reachable anymore, before being freed.

poly1305_init Source #

Arguments

:: Ptr POLY1305_CTX

crypto_poly1305_ctx * ctx. Allocate with poly1305_ctx_malloc.

-> Ptr Word8

const uint8_t key[POLY1305_KEY_SIZE].

-> IO () 

poly1305_update Source #

Arguments

:: Ptr POLY1305_CTX

crypto_poly1305_ctx * ctx.

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

poly1305_final Source #

Arguments

:: Ptr POLY1305_CTX

crypto_poly1305_ctx * ctx.

-> Ptr Word8

uint8_t mac[POLY1305_MAC_SIZE].

-> IO () 

SHA512

sha512 Source #

Arguments

:: Ptr Word8

uint8_t hash[SHA512_HASH_SIZE].

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

Incremental

newtype SHA512_CTX Source #

Constructors

SHA512_CTX (ForeignPtr SHA512_CTX)

The constructor is exposed in case your want to obtain the ForeignPtr by means other than sha512_ctx_malloc.

You can use withForeignPtr to obtain the Ptr necessary by many of the functions in this module.

Instances

Instances details
Storable SHA512_CTX Source #

Peek allocates memory using sha512_ctx_malloc, so it will be automatically wiped when unreachable.

Instance details

Defined in Monocypher.C

sha512_ctx_malloc :: IO SHA512_CTX Source #

Allocated with mallocForeignPtr, but also automatically wiped when not reachable anymore, before being freed.

sha512_init Source #

Arguments

:: Ptr SHA512_CTX

crypto_sha512_ctx * ctx.

-> IO () 

sha512_update Source #

Arguments

:: Ptr SHA512_CTX

crypto_sha512_ctx * ctx.

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

sha512_final Source #

Arguments

:: Ptr SHA512_CTX
crypto_sha512_ctx * ctx
-> Ptr Word8

uint8_t hash[SHA512_HASH_SIZE].

-> IO () 

HMAC-SHA512

sha512_hmac Source #

Arguments

:: Ptr Word8

uint8_t hmac[SHA512_HASH_SIZE].

-> Ptr Word8

const uint8_t * key.

-> CSize

size_t key_size.

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

Incremental

newtype SHA512_HMAC_CTX Source #

Constructors

SHA512_HMAC_CTX (ForeignPtr SHA512_HMAC_CTX)

The constructor is exposed in case your want to obtain the ForeignPtr by means other than sha512_hmac_ctx_malloc.

You can use withForeignPtr to obtain the Ptr necessary by many of the functions in this module.

Instances

Instances details
Storable SHA512_HMAC_CTX Source #

Peek allocates memory using sha512_hmac_ctx_malloc, so it will be automatically wiped when unreachable.

Instance details

Defined in Monocypher.C

sha512_hmac_ctx_malloc :: IO SHA512_HMAC_CTX Source #

Allocated with mallocForeignPtr, but also automatically wiped when not reachable anymore, before being freed.

sha512_hmac_init Source #

Arguments

:: Ptr SHA512_HMAC_CTX

crypto_sha512_hmac_ctx * ctx.

-> Ptr Word8

const uint8_t * key.

-> CSize

size_t key_size.

-> IO () 

sha512_hmac_update Source #

Arguments

:: Ptr SHA512_HMAC_CTX

crypto_sha512_hmac_ctx * ctx.

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

sha512_hmac_final Source #

Arguments

:: Ptr SHA512_HMAC_CTX

crypto_sha512_hmac_ctx * ctx.

-> Ptr Word8

uint8_t hmac[SHA512_HASH_SIZE].

-> IO () 

HKDF-SHA512

sha512_hkdf_expand Source #

Arguments

:: Ptr Word8

uint8_t * okm.

-> CSize

size_t okm_size.

-> Ptr Word8

const uint8_t * prk.

-> CSize

size_t prk_size.

-> Ptr Word8

const uint8_t * info.

-> CSize

size_t info_size.

-> IO () 

sha512_hkdf Source #

Arguments

:: Ptr Word8

uint8_t * okm.

-> CSize

size_t okm_size.

-> Ptr Word8

const uint8_t * ikm.

-> CSize

size_t ikm_size.

-> Ptr Word8

const uint8_t * salt.

-> CSize

size_t salt_size.

-> Ptr Word8

const uint8_t * info.

-> CSize

size_t info_size.

-> IO () 

Ed25519

EdDSA on Curve25519 using SHA512 as hash algorithm.

ed25519_key_pair Source #

Arguments

:: Ptr Word8

uint8_t secret_key[ED25519_SECRET_KEY_SIZE].

-> Ptr Word8

uint8_t public_key[ED25519_PUBLIC_KEY_SIZE].

-> Ptr Word8

uint8_t seed[ED25519_SEED_SIZE].

-> IO () 

See crypto_ed5519_key_pair().

Contrary to the C version of crypto_ed25519_key_pair(), this version does not wipe the passed in seed.

ed25519_sign Source #

Arguments

:: Ptr Word8

uint8_t signature[ED25519_SIGNATURE_SIZE].

-> Ptr Word8

const uint8_t secret_key[ED25519_SECRET_KEY_SIZE].

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO () 

ed25519_check Source #

Arguments

:: Ptr Word8

const uint8_t signature[ED25519_SIGNATURE_SIZE].

-> Ptr Word8

const uint8_t public_key[ED25519_PUBLIC_KEY_SIZE].

-> Ptr Word8

const uint8_t * message.

-> CSize

size_t message_size.

-> IO CInt

0 if signature is legitimate, -1 otherwise.

Ed25519ph

Pre-hashed EdDSA on Curve25519 using SHA512 as hash algorithm.

Warning: This is not compatible with the more commonly deployed Ed25519, which is EdDSA on Curve25519 using SHA512 as hash algorithm without pre-hashing.

ed25519_ph_sign Source #

Arguments

:: Ptr Word8

uint8_t signature[ED25519_SIGNATURE_SIZE].

-> Ptr Word8

const uint8_t secret_key[ED25519_SECRET_KEY_SIZE].

-> Ptr Word8

const uint8_t message_hash[SHA512_HASH_SIZE].

-> IO () 

ed25519_ph_check Source #

Arguments

:: Ptr Word8

const uint8_t signature[ED25519_SIGNATURE_SIZE].

-> Ptr Word8

const uint8_t public_key[ED25519_PUBLIC_KEY_SIZE].

-> Ptr Word8

const uint8_t message_hash[SHA512_HASH_SIZE].

-> IO CInt

0 if signature is legitimate, -1 otherwise.

Constants