Copyright | Dong Han 2021 AnJie Dong 2021 |
---|---|
License | BSD |
Maintainer | winterland1989@gmail.com |
Stability | experimental |
Portability | non-portable |
Safe Haskell | None |
Language | Haskell2010 |
This module is used for Public key cryptography. Public key cryptography (also called asymmetric cryptography) is a collection of techniques allowing for encryption, signatures, and key agreement.
Synopsis
- data KeyType
- data PrivKey
- data PubKey
- newPrivKey :: HasCallStack => KeyType -> RNG -> IO PrivKey
- newKeyPair :: HasCallStack => KeyType -> RNG -> IO (PrivKey, PubKey)
- privKeyToPubKey :: PrivKey -> PubKey
- loadPrivKey :: HasCallStack => RNG -> Bytes -> CBytes -> IO PrivKey
- privKeyAlgoName :: PrivKey -> IO Text
- privKeyParam :: HasCallStack => PrivKey -> CBytes -> MPI
- exportPrivKeyDER :: HasCallStack => PrivKey -> Bytes
- exportPrivKeyPEM :: HasCallStack => PrivKey -> Text
- exportPrivKeyEncryptedDER :: HasCallStack => PrivKey -> RNG -> CBytes -> IO Bytes
- exportPrivKeyEncryptedPEM :: HasCallStack => PrivKey -> RNG -> CBytes -> IO Text
- loadPubKey :: HasCallStack => Bytes -> IO PubKey
- pubKeyAlgoName :: PubKey -> CBytes
- pubKeyParam :: PubKey -> CBytes -> MPI
- exportPubKeyDER :: HasCallStack => PubKey -> Bytes
- exportPubKeyPEM :: HasCallStack => PubKey -> Text
- estStrength :: PubKey -> Int
- fingerPrintPubKey :: PubKey -> HashType -> Bytes
- pkEncrypt :: HasCallStack => PubKey -> EncParam -> RNG -> Bytes -> IO Bytes
- pkDecrypt :: HasCallStack => PrivKey -> EncParam -> Bytes -> IO Bytes
- data EncParam
- data SignParam
- = EMSA1 HashType
- | EMSA2 HashType
- | EMSA3_RAW (Maybe HashType)
- | EMSA3 HashType
- | EMSA4_Raw HashType (Maybe Int)
- | EMSA4 HashType (Maybe Int)
- | ISO_9796_DS2 HashType Bool (Maybe Int)
- | ISO_9796_DS3 HashType Bool
- | EMSA_Raw
- | Ed25519Pure
- | Ed25519ph
- | Ed25519Hash HashType
- | SM2SignParam CBytes HashType
- | XMSSEmptyParam
- data SignFmt
- data Signer
- signerSize :: Signer -> Int
- data Verifier
- newSigner :: HasCallStack => PrivKey -> SignParam -> SignFmt -> IO Signer
- updateSigner :: HasCallStack => Signer -> Bytes -> IO ()
- finalSigner :: HasCallStack => Signer -> RNG -> IO Bytes
- sinkToSigner :: HasCallStack => HasCallStack => Signer -> Sink Bytes
- sign :: HasCallStack => PrivKey -> SignParam -> SignFmt -> Bytes -> IO Bytes
- signChunks :: HasCallStack => PrivKey -> SignParam -> SignFmt -> [Bytes] -> IO Bytes
- newVerifier :: HasCallStack => PubKey -> SignParam -> SignFmt -> IO Verifier
- updateVerifier :: HasCallStack => Verifier -> Bytes -> IO ()
- finalVerifier :: HasCallStack => Verifier -> Bytes -> IO Bool
- sinkToVerifier :: HasCallStack => Verifier -> Sink Bytes
- verify :: HasCallStack => PubKey -> SignParam -> SignFmt -> Bytes -> Bytes -> IO Bool
- verifyChunks :: HasCallStack => PubKey -> SignParam -> SignFmt -> [Bytes] -> Bytes -> IO Bool
- data KeyAgreement
- keyAgreementSize :: KeyAgreement -> Int
- newKeyAgreement :: HasCallStack => PrivKey -> KDFType -> IO KeyAgreement
- exportKeyAgreementPublic :: HasCallStack => PrivKey -> IO Bytes
- keyAgree :: HasCallStack => KeyAgreement -> Bytes -> Bytes -> IO Secret
- getRSAParams :: PrivKey -> (MPI, MPI, MPI, MPI, MPI)
- newRSAPrivKey :: HasCallStack => MPI -> MPI -> MPI -> PrivKey
- getRSAPubParams :: PubKey -> (MPI, MPI)
- newRSAPubKey :: HasCallStack => MPI -> MPI -> PubKey
- getDSAPrivParams :: PrivKey -> (MPI, MPI, MPI, MPI)
- newDSAPrivKey :: HasCallStack => MPI -> MPI -> MPI -> MPI -> PrivKey
- getDSAPubParams :: PubKey -> (MPI, MPI, MPI, MPI)
- newDSAPubKey :: HasCallStack => MPI -> MPI -> MPI -> MPI -> PubKey
- getElGamalPrivParams :: PrivKey -> (MPI, MPI, MPI)
- newElGamalPrivKey :: HasCallStack => MPI -> MPI -> MPI -> PrivKey
- getElGamalPubParams :: PubKey -> (MPI, MPI, MPI)
- newElGamalPubKey :: HasCallStack => MPI -> MPI -> MPI -> PubKey
- getDHPrivParams :: PrivKey -> (MPI, MPI, MPI)
- newDHPrivKey :: HasCallStack => MPI -> MPI -> MPI -> PrivKey
- getDHPubParams :: PubKey -> (MPI, MPI, MPI)
- newDHPubKey :: HasCallStack => MPI -> MPI -> MPI -> PubKey
- type XMSSType = CBytes
- pattern XMSS_SHA2_10_256 :: XMSSType
- pattern XMSS_SHA2_16_256 :: XMSSType
- pattern XMSS_SHA2_20_256 :: XMSSType
- pattern XMSS_SHA2_10_512 :: XMSSType
- pattern XMSS_SHA2_16_512 :: XMSSType
- pattern XMSS_SHA2_20_512 :: XMSSType
- pattern XMSS_SHAKE_10_256 :: XMSSType
- pattern XMSS_SHAKE_16_256 :: XMSSType
- pattern XMSS_SHAKE_20_256 :: XMSSType
- pattern XMSS_SHAKE_10_512 :: XMSSType
- pattern XMSS_SHAKE_16_512 :: XMSSType
- pattern XMSS_SHAKE_20_512 :: XMSSType
- type ECGroup = CBytes
- pattern Secp160k1 :: ECGroup
- pattern Secp160r1 :: ECGroup
- pattern Secp160r2 :: ECGroup
- pattern Secp192k1 :: ECGroup
- pattern Secp192r1 :: ECGroup
- pattern Secp224k1 :: ECGroup
- pattern Secp224r1 :: ECGroup
- pattern Secp256k1 :: ECGroup
- pattern Secp256r1 :: ECGroup
- pattern Secp384r1 :: ECGroup
- pattern Secp521r1 :: ECGroup
- pattern Brainpool160r1 :: ECGroup
- pattern Brainpool192r1 :: ECGroup
- pattern Brainpool224r1 :: ECGroup
- pattern Brainpool256r1 :: ECGroup
- pattern Brainpool320r1 :: ECGroup
- pattern Brainpool384r1 :: ECGroup
- pattern Brainpool512r1 :: ECGroup
- pattern X962_p192v2 :: ECGroup
- pattern X962_p192v3 :: ECGroup
- pattern X962_p239v1 :: ECGroup
- pattern X962_p239v2 :: ECGroup
- pattern X962_p239v3 :: ECGroup
- pattern Gost_256A :: ECGroup
- pattern Gost_512A :: ECGroup
- pattern Frp256v1 :: ECGroup
- pattern Sm2p256v1 :: ECGroup
- type DLGroup = CBytes
- pattern FFDHE_IETF_2048 :: DLGroup
- pattern FFDHE_IETF_3072 :: DLGroup
- pattern FFDHE_IETF_4096 :: DLGroup
- pattern FFDHE_IETF_6144 :: DLGroup
- pattern FFDHE_IETF_8192 :: DLGroup
- pattern MODP_IETF_1024 :: DLGroup
- pattern MODP_IETF_1536 :: DLGroup
- pattern MODP_IETF_2048 :: DLGroup
- pattern MODP_IETF_3072 :: DLGroup
- pattern MODP_IETF_4096 :: DLGroup
- pattern MODP_IETF_6144 :: DLGroup
- pattern MODP_IETF_8192 :: DLGroup
- pattern MODP_SRP_1024 :: DLGroup
- pattern MODP_SRP_1536 :: DLGroup
- pattern MODP_SRP_2048 :: DLGroup
- pattern MODP_SRP_3072 :: DLGroup
- pattern MODP_SRP_4096 :: DLGroup
- pattern MODP_SRP_6144 :: DLGroup
- pattern MODP_SRP_8192 :: DLGroup
- pattern DSA_JCE_1024 :: DLGroup
- pattern DSA_BOTAN_2048 :: DLGroup
- pattern DSA_BOTAN_3072 :: DLGroup
- data HashType
- = BLAKE2b Int
- | BLAKE2b256
- | BLAKE2b512
- | Keccak1600_224
- | Keccak1600_256
- | Keccak1600_384
- | Keccak1600_512
- | MD4
- | MD5
- | RIPEMD160
- | SHA160
- | SHA256
- | SHA224
- | SHA512
- | SHA384
- | SHA512_256
- | SHA3_224
- | SHA3_256
- | SHA3_384
- | SHA3_512
- | SHAKE128 Int
- | SHAKE256 Int
- | SM3
- | Skein512 Int CBytes
- | Streebog256
- | Streebog512
- | Whirlpool
- | Parallel HashType HashType
- | Comb4P HashType HashType
- | Adler32
- | CRC24
- | CRC32
- data KDFType
- data RNG
- getRNG :: HasCallStack => IO RNG
- withPrivKey :: HasCallStack => PrivKey -> (BotanStructT -> IO r) -> IO r
- withPubKey :: PubKey -> (BotanStructT -> IO r) -> IO r
- botanStructToPubKey :: BotanStruct -> PubKey
Asymmetric cryptography algorithms
Public key cryptography algorithms.
RSA Word32 | RSA key of the given size, namely n bits, support encryption and signature. |
SM2 ECGroup | Public key algorithms specified by China, support encryption and signature. |
ElGamal DLGroup | ElGamal encryption system, support encryption. |
DSA DLGroup | Digital Signature Algorithm based on the discrete logarithm problem. |
ECDSA ECGroup | Digital Signature Algorithm which uses elliptic curve cryptography. |
ECKCDSA ECGroup | Korean Certificate-based Digital Signature Algorithm. |
ECGDSA ECGroup | Elliptic Curve German Digital Signature Algorithm. |
GOST_34'10 ECGroup | Cryptographic algorithms defined by the Russian national standards, support signature. |
Ed25519 | Ed25519 elliptic-curve signatures, see ed25519. |
XMSS XMSSType | eXtended Merkle Signature Scheme, see https://botan.randombit.net/handbook/api_ref/pubkey.html#extended-merkle-signature-scheme-xmss. |
DH DLGroup | The Diffie–Hellman key exchange. |
ECDH ECGroup | The Elliptic-curve Diffie–Hellman key exchange. |
Curve25519 | The Curve25519 Diffie–Hellman key exchange. |
Key generation and manipulation
An opaque data type for a private-public key pair.
Instances
Show PrivKey Source # | |
Generic PrivKey Source # | |
Print PrivKey Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> PrivKey -> Builder () # | |
type Rep PrivKey Source # | |
Defined in Z.Crypto.PubKey type Rep PrivKey = D1 ('MetaData "PrivKey" "Z.Crypto.PubKey" "Z-Botan-0.4.0.0-Cymuol1BxyD6d85e6LsrR5" 'True) (C1 ('MetaCons "PrivKey" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 BotanStruct))) |
A newtype wrapper.
Instances
Eq PubKey Source # | |
Ord PubKey Source # | |
Show PubKey Source # | |
Generic PubKey Source # | |
Print PubKey Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> PubKey -> Builder () # | |
type Rep PubKey Source # | |
Defined in Z.Crypto.PubKey type Rep PubKey = D1 ('MetaData "PubKey" "Z.Crypto.PubKey" "Z-Botan-0.4.0.0-Cymuol1BxyD6d85e6LsrR5" 'True) (C1 ('MetaCons "PubKey" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 BotanStruct))) |
:: HasCallStack | |
=> KeyType | Algorithm name and some algorithm specific arguments. |
-> RNG | |
-> IO PrivKey |
Creating a private key.
Creating a private key requires two things:
- a source of random numbers
- some algorithm specific arguments that define the security level of the resulting key.
:: HasCallStack | |
=> KeyType | Algorithm name and some algorithm specific arguments. |
-> RNG | |
-> IO (PrivKey, PubKey) |
Creating a new key pair.
privKeyToPubKey :: PrivKey -> PubKey Source #
Export a public key from a given key pair.
Load a private key. If the key is encrypted, password will be used to attempt decryption.
:: HasCallStack | |
=> PrivKey | key |
-> CBytes | field name |
-> MPI |
Read an algorithm specific field from the key pair object.
exportPrivKeyDER :: HasCallStack => PrivKey -> Bytes Source #
Export a private key in DER binary format.
exportPrivKeyPEM :: HasCallStack => PrivKey -> Text Source #
Export a private key in PEM textual format.
exportPrivKeyEncryptedDER Source #
Export a private key with password.
exportPrivKeyEncryptedPEM Source #
Export a private key with password in PEM textual format.
loadPubKey :: HasCallStack => Bytes -> IO PubKey Source #
Load a publickey.
pubKeyAlgoName :: PubKey -> CBytes Source #
Get the algorithm name of a public key.
Read an algorithm specific field from the public key object.
exportPubKeyDER :: HasCallStack => PubKey -> Bytes Source #
Export a public key in DER binary format..
exportPubKeyPEM :: HasCallStack => PubKey -> Text Source #
Export a public key in PEM textual format.
estStrength :: PubKey -> Int Source #
Estimate the strength of a public key.
Encrypt & Decrypt
Encrypt a message, returning the ciphertext.
Though botan support DLIES and ECIES but only EME are exported via FFI, please use an algorithm that directly support eme encryption such as RSA and ElGamal.
Sets of allowed params for public key types.
The recommended values for eme is EME1_SHA1
or EME1_SHA256
.
If you need compatibility with protocols using the PKCS #1 v1.5 standard, you can also use EME_PKCS1_v1
5'.
To use SM2 encryption, use SM2EncParam
.
Sign & verify
Signature params.
Currently available values for EMSA
include EMSA1, EMSA2, EMSA3, EMSA4, and Raw. All of them, except Raw, take a parameter naming a message digest function to hash the message with. The Raw encoding signs the input directly; if the message is too big, the signing operation will fail. Raw is not useful except in very specialized applications.
For RSA, use EMSA4 (also called PSS) unless you need compatibility with software that uses the older PKCS #1 v1.5 standard, in which case use EMSA3 (also called “EMSA-PKCS1-v1_5”). For DSA, ECDSA, ECKCDSA, ECGDSA and GOST 34.10-2001 you should use EMSA1.
EMSA1 HashType | |
EMSA2 HashType | |
EMSA3_RAW (Maybe HashType) | |
EMSA3 HashType | |
EMSA4_Raw HashType (Maybe Int) | hash, salt size |
EMSA4 HashType (Maybe Int) | hash, salt size |
ISO_9796_DS2 HashType Bool (Maybe Int) | hash, implicit, salt size |
ISO_9796_DS3 HashType Bool | hash, implicit |
EMSA_Raw | |
Ed25519Pure | pure Ed25519 |
Ed25519ph | rfc8032 HashEdDSA variant |
Ed25519Hash HashType | HashEdDSA |
SM2SignParam CBytes HashType | userid, hash(GM/T 0009-2012 specifies
|
XMSSEmptyParam | XMSS do not need param |
Instances
Instances
Enum SignFmt Source # | |
Eq SignFmt Source # | |
Ord SignFmt Source # | |
Show SignFmt Source # | |
Generic SignFmt Source # | |
Print SignFmt Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> SignFmt -> Builder () # | |
type Rep SignFmt Source # | |
Instances
Show Signer Source # | |
Generic Signer Source # | |
Print Signer Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> Signer -> Builder () # | |
type Rep Signer Source # | |
Defined in Z.Crypto.PubKey type Rep Signer = D1 ('MetaData "Signer" "Z.Crypto.PubKey" "Z-Botan-0.4.0.0-Cymuol1BxyD6d85e6LsrR5" 'False) (C1 ('MetaCons "Signer" 'PrefixI 'True) (S1 ('MetaSel ('Just "signerStruct") 'SourceUnpack 'SourceStrict 'DecidedStrict) (Rec0 BotanStruct) :*: S1 ('MetaSel ('Just "signerSize") 'SourceUnpack 'SourceStrict 'DecidedStrict) (Rec0 Int))) |
signerSize :: Signer -> Int Source #
output signature length
Instances
Show Verifier Source # | |
Generic Verifier Source # | |
Print Verifier Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> Verifier -> Builder () # | |
type Rep Verifier Source # | |
Defined in Z.Crypto.PubKey type Rep Verifier = D1 ('MetaData "Verifier" "Z.Crypto.PubKey" "Z-Botan-0.4.0.0-Cymuol1BxyD6d85e6LsrR5" 'True) (C1 ('MetaCons "Verifier" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 BotanStruct))) |
updateSigner :: HasCallStack => Signer -> Bytes -> IO () Source #
finalSigner :: HasCallStack => Signer -> RNG -> IO Bytes Source #
Produce a signature over all of the bytes passed to Signer
.
Afterwards, the sign operator is reset and may be used to sign a new message.
sinkToSigner :: HasCallStack => HasCallStack => Signer -> Sink Bytes Source #
Directly sign a message, with system RNG.
signChunks :: HasCallStack => PrivKey -> SignParam -> SignFmt -> [Bytes] -> IO Bytes Source #
Directly compute a chunked message's mac with system RNG.
newVerifier :: HasCallStack => PubKey -> SignParam -> SignFmt -> IO Verifier Source #
updateVerifier :: HasCallStack => Verifier -> Bytes -> IO () Source #
finalVerifier :: HasCallStack => Verifier -> Bytes -> IO Bool Source #
sinkToVerifier :: HasCallStack => Verifier -> Sink Bytes Source #
Directly sign a message.
Directly compute a chunked message's mac.
Key agreement
data KeyAgreement Source #
Key agreement object.
Instances
Show KeyAgreement Source # | |
Defined in Z.Crypto.PubKey showsPrec :: Int -> KeyAgreement -> ShowS # show :: KeyAgreement -> String # showList :: [KeyAgreement] -> ShowS # | |
Generic KeyAgreement Source # | |
Defined in Z.Crypto.PubKey type Rep KeyAgreement :: Type -> Type # from :: KeyAgreement -> Rep KeyAgreement x # to :: Rep KeyAgreement x -> KeyAgreement # | |
Print KeyAgreement Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> KeyAgreement -> Builder () # | |
type Rep KeyAgreement Source # | |
Defined in Z.Crypto.PubKey type Rep KeyAgreement = D1 ('MetaData "KeyAgreement" "Z.Crypto.PubKey" "Z-Botan-0.4.0.0-Cymuol1BxyD6d85e6LsrR5" 'False) (C1 ('MetaCons "KeyAgreement" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyAgreementStruct") 'SourceUnpack 'SourceStrict 'DecidedStrict) (Rec0 BotanStruct) :*: S1 ('MetaSel ('Just "keyAgreementSize") 'SourceUnpack 'SourceStrict 'DecidedStrict) (Rec0 Int))) |
keyAgreementSize :: KeyAgreement -> Int Source #
size of the agreed key
newKeyAgreement :: HasCallStack => PrivKey -> KDFType -> IO KeyAgreement Source #
Create a new key agreement operation with a given key pair and KDF algorithm.
Please use a key type that support key agreement, such as DH
, ECDH
, or Curve25519
.
exportKeyAgreementPublic :: HasCallStack => PrivKey -> IO Bytes Source #
Produce the public value to send to other party.
:: HasCallStack | |
=> KeyAgreement | |
-> Bytes | other key's public |
-> Bytes | salt |
-> IO Secret |
How key agreement works is that you trade public values with some other party, and then each of you runs a computation with the other’s value and your key (this should return the same result to both parties).
RSA specific
Get RSA parameters
- Set p to the first RSA prime.
- Set q to the second RSA prime.
- Set n to the RSA modulus.
- Set d to the RSA private exponent.
- Set e to the RSA public exponent.
newRSAPrivKey :: HasCallStack => MPI -> MPI -> MPI -> PrivKey Source #
Initialize a RSA key pair using arguments p, q, and e.
Get RSA Public parameters
- Set n to the RSA modulus.
- Set e to the RSA public exponent.
newRSAPubKey :: HasCallStack => MPI -> MPI -> PubKey Source #
Initialize a public RSA key using arguments n and e.
DSA specific
Get DSA parameters
- Set p, q, g to group parameters
- Set x to the private key
newDSAPrivKey :: HasCallStack => MPI -> MPI -> MPI -> MPI -> PrivKey Source #
Initialize a DSA key pair using arguments p, q, g and x.
Get DSA parameters
- Set p, q, g to group parameters
- Set y to the public key
newDSAPubKey :: HasCallStack => MPI -> MPI -> MPI -> MPI -> PubKey Source #
Initialize a DSA public key using arguments p, q, g and y.
ElGamal specific
Get ElGamal parameters
- Set p, g to group parameters
- Set x to the private key
newElGamalPrivKey :: HasCallStack => MPI -> MPI -> MPI -> PrivKey Source #
Get ElGamal parameters
- Set p, g to group parameters
- Set y to the public key
newElGamalPubKey :: HasCallStack => MPI -> MPI -> MPI -> PubKey Source #
Diffie-Hellman specific
Get Diffie-Hellman parameters
- Set p, g to group parameters
- Set x to the private key
newDHPrivKey :: HasCallStack => MPI -> MPI -> MPI -> PrivKey Source #
Get Diffie-Hellman parameters
- Set p, g to group parameters
- Set y to the public key
newDHPubKey :: HasCallStack => MPI -> MPI -> MPI -> PubKey Source #
constants
pattern XMSS_SHA2_10_256 :: XMSSType Source #
pattern XMSS_SHA2_16_256 :: XMSSType Source #
pattern XMSS_SHA2_20_256 :: XMSSType Source #
pattern XMSS_SHA2_10_512 :: XMSSType Source #
pattern XMSS_SHA2_16_512 :: XMSSType Source #
pattern XMSS_SHA2_20_512 :: XMSSType Source #
pattern XMSS_SHAKE_10_256 :: XMSSType Source #
pattern XMSS_SHAKE_16_256 :: XMSSType Source #
pattern XMSS_SHAKE_20_256 :: XMSSType Source #
pattern XMSS_SHAKE_10_512 :: XMSSType Source #
pattern XMSS_SHAKE_16_512 :: XMSSType Source #
pattern XMSS_SHAKE_20_512 :: XMSSType Source #
pattern Brainpool160r1 :: ECGroup Source #
pattern Brainpool192r1 :: ECGroup Source #
pattern Brainpool224r1 :: ECGroup Source #
pattern Brainpool256r1 :: ECGroup Source #
pattern Brainpool320r1 :: ECGroup Source #
pattern Brainpool384r1 :: ECGroup Source #
pattern Brainpool512r1 :: ECGroup Source #
pattern X962_p192v2 :: ECGroup Source #
pattern X962_p192v3 :: ECGroup Source #
pattern X962_p239v1 :: ECGroup Source #
pattern X962_p239v2 :: ECGroup Source #
pattern X962_p239v3 :: ECGroup Source #
pattern FFDHE_IETF_2048 :: DLGroup Source #
pattern FFDHE_IETF_3072 :: DLGroup Source #
pattern FFDHE_IETF_4096 :: DLGroup Source #
pattern FFDHE_IETF_6144 :: DLGroup Source #
pattern FFDHE_IETF_8192 :: DLGroup Source #
pattern MODP_IETF_1024 :: DLGroup Source #
pattern MODP_IETF_1536 :: DLGroup Source #
pattern MODP_IETF_2048 :: DLGroup Source #
pattern MODP_IETF_3072 :: DLGroup Source #
pattern MODP_IETF_4096 :: DLGroup Source #
pattern MODP_IETF_6144 :: DLGroup Source #
pattern MODP_IETF_8192 :: DLGroup Source #
pattern MODP_SRP_1024 :: DLGroup Source #
pattern MODP_SRP_1536 :: DLGroup Source #
pattern MODP_SRP_2048 :: DLGroup Source #
pattern MODP_SRP_3072 :: DLGroup Source #
pattern MODP_SRP_4096 :: DLGroup Source #
pattern MODP_SRP_6144 :: DLGroup Source #
pattern MODP_SRP_8192 :: DLGroup Source #
pattern DSA_JCE_1024 :: DLGroup Source #
pattern DSA_BOTAN_2048 :: DLGroup Source #
pattern DSA_BOTAN_3072 :: DLGroup Source #
re-exports
Available Hashs
BLAKE2b Int | A recently designed hash function. Very fast on 64-bit processors. Can output a hash of any length between 1 and 64 bytes, this is specified by passing desired byte length. |
BLAKE2b256 | Alias for |
BLAKE2b512 | Alias for |
Keccak1600_224 | An older (and incompatible) variant of SHA-3, but sometimes used. Prefer SHA-3 in new code. |
Keccak1600_256 | |
Keccak1600_384 | |
Keccak1600_512 | |
MD4 | An old hash function that is now known to be trivially breakable. It is very fast, and may still be suitable as a (non-cryptographic) checksum. |
MD5 | Widely used, now known to be broken. |
RIPEMD160 | A 160 bit hash function, quite old but still thought to be secure (up to the limit of 2**80 computation required for a collision which is possible with any 160 bit hash function). Somewhat deprecated these days. |
SHA160 | Widely adopted NSA designed hash function. Starting to show significant signs of weakness, and collisions can now be generated. Avoid in new designs. |
SHA256 | Relatively fast 256 bit hash function, thought to be secure. Also includes the variant SHA-224. There is no real reason to use SHA-224. |
SHA224 | |
SHA512 | SHA-512 is faster than SHA-256 on 64-bit processors. Also includes the truncated variants SHA-384 and SHA-512/256, which have the advantage of avoiding message extension attacks. |
SHA384 | |
SHA512_256 | |
SHA3_224 | The new NIST standard hash. Fairly slow. Supports 224, 256, 384 or 512 bit outputs. SHA-3 is faster with smaller outputs. Use as “SHA3_256” or “SHA3_512”. Plain “SHA-3” selects default 512 bit output. |
SHA3_256 | |
SHA3_384 | |
SHA3_512 | |
SHAKE128 Int | These are actually XOFs (extensible output functions) based on SHA-3, which can output a value of any byte length. For example “SHAKE128 @128” will produce 1024 bits of output. |
SHAKE256 Int | |
SM3 | Chinese national hash function, 256 bit output. Widely used in industry there. Fast and seemingly secure, but no reason to prefer it over SHA-2 or SHA-3 unless required. |
Skein512 Int CBytes | A contender for the NIST SHA-3 competition. Very fast on 64-bit systems. Can output a hash of any length between 1 and 64 bytes. It also accepts an optional “personalization string” which can create variants of the hash. This is useful for domain separation. |
Streebog256 | Newly designed Russian national hash function. Due to use of input-dependent table lookups, it is vulnerable to side channels. There is no reason to use it unless compatibility is needed. Warning: The Streebog Sbox has recently been revealed to have a hidden structure which interacts with its linear layer in a way which may provide a backdoor when used in certain ways. Avoid Streebog if at all possible. |
Streebog512 | |
Whirlpool | A 512-bit hash function standardized by ISO and NESSIE. Relatively slow, and due to the table based implementation it is potentially vulnerable to cache based side channels. |
Parallel HashType HashType | Parallel simply concatenates multiple hash functions. For example “Parallel SHA256 SHA512 outputs a 256+512 bit hash created by hashing the input with both SHA256 and SHA512 and concatenating the outputs. |
Comb4P HashType HashType | This combines two cryptographic hashes in such a way that preimage and collision attacks are provably at least as hard as a preimage or collision attack on the strongest hash. |
Adler32 | Checksums, not suitable for cryptographic use, but can be used for error checking purposes. |
CRC24 | |
CRC32 |
Instances
Key derivation functions are used to turn some amount of shared secret material into uniform random keys suitable for use with symmetric algorithms. An example of an input which is useful for a KDF is a shared secret created using Diffie-Hellman key agreement.
HKDF MACType | |
HKDF_Extract MACType | |
HKDF_Expand MACType | Defined in RFC 5869, HKDF uses HMAC to process inputs. Also available are variants HKDF-Extract and HKDF-Expand. HKDF is the combined Extract+Expand operation. Use the combined HKDF unless you need compatibility with some other system. |
KDF2 HashType | KDF2 comes from IEEE 1363. It uses a hash function. |
KDF1_18033 HashType | KDF1 from ISO 18033-2. Very similar to (but incompatible with) KDF2. |
KDF1 HashType | KDF1 from IEEE 1363. It can only produce an output at most the length of the hash function used. |
TLS_PRF | A KDF from ANSI X9.42. Sometimes used for Diffie-Hellman. |
TLS_12_PRF MACType | |
SP800_108_Counter MACType | KDFs from NIST SP 800-108. Variants include “SP800-108-Counter”, “SP800-108-Feedback” and “SP800-108-Pipeline”. |
SP800_108_Feedback MACType | |
SP800_108_Pipeline MACType | |
SP800_56AHash HashType | NIST SP 800-56A KDF using hash function |
SP800_56AMAC MACType | NIST SP 800-56A KDF using HMAC |
SP800_56C MACType | NIST SP 800-56C KDF using HMAC |
Instances
Opaque botan RNG type.
Instances
Show RNG Source # | |
Generic RNG Source # | |
Print RNG Source # | |
Defined in Z.Crypto.RNG toUTF8BuilderP :: Int -> RNG -> Builder () # | |
type Rep RNG Source # | |
Defined in Z.Crypto.RNG type Rep RNG = D1 ('MetaData "RNG" "Z.Crypto.RNG" "Z-Botan-0.4.0.0-Cymuol1BxyD6d85e6LsrR5" 'True) (C1 ('MetaCons "RNG" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 BotanStruct))) |
getRNG :: HasCallStack => IO RNG Source #
Get an autoseeded RNG from a global RNG pool divide by haskell capability.
Botan internal use a lock to protect user-space RNG, which may cause contention if shared. This function will fetch an autoseeded RNG from a global RNG pool, which is recommended under concurrent settings.
internal
withPrivKey :: HasCallStack => PrivKey -> (BotanStructT -> IO r) -> IO r Source #
Pass PrivKey
to FFI.
withPubKey :: PubKey -> (BotanStructT -> IO r) -> IO r Source #
Pass PubKey
to FFI.
botanStructToPubKey :: BotanStruct -> PubKey Source #
Unsafe construct a PubKey
from a botan struct.