Safe Haskell | None |
---|---|
Language | Haskell2010 |
Synopsis
- data Password
- mkPassword :: HasCallStack => Text -> Password
- mkPasswordMaybe :: Text -> Maybe Password
- passwordSize :: Password -> Int
- passwordToText :: Password -> Text
- withPasswordUnsafe :: Password -> (BA# Word8 -> IO r) -> IO r
- withPasswordSafe :: Password -> (Ptr Word8 -> IO r) -> IO r
- data InvalidPasswordException = PasswordContainsControlCharacter CallStack
- type Nonce = Bytes
- rand96bitNonce :: RNG -> IO Nonce
- rand128bitNonce :: RNG -> IO Nonce
- rand192bitNonce :: RNG -> IO Nonce
- cnt32bitNonce :: Int32 -> Nonce
- cnt64bitNonce :: Int64 -> Nonce
- newtype CEBytes = CEBytes (PrimArray Word8)
- ceBytesSize :: CEBytes -> Int
- ceBytesBitSize :: CEBytes -> Int
- newCEBytesUnsafe :: Int -> (MBA# Word8 -> IO r) -> IO CEBytes
- newCEBytesSafe :: Int -> (Ptr Word8 -> IO r) -> IO CEBytes
- ceBytes :: Bytes -> CEBytes
- unCEBytes :: CEBytes -> Bytes
- data Secret
- secretSize :: Secret -> Int
- secretBitSize :: Secret -> Int
- unsafeSecretFromBytes :: Bytes -> IO Secret
- unsafeSecretToBytes :: Secret -> IO Bytes
- newSecret :: Int -> (Ptr Word8 -> IO r) -> IO Secret
- withSecret :: Secret -> (Ptr Word8 -> CSize -> IO r) -> IO r
Password
A type for human readable, it have
The Key
have the properties that:
- It's assumed to be UTF8 encoded and normalized, and does not have control-characters.
- There's no
Eq
instance, you should always comparePassword
via password hash. - The
Show
orPrint
instance always print"**PASSWORD**"
.
Password
is not intented to be saved or transmitted, it's only useful when you want to validate a user's input against password hash.
See Z.Crypto.PwdHash.
mkPassword :: HasCallStack => Text -> Password Source #
Construct a password value from Text
, if there're control-characters error will be thrown.
mkPasswordMaybe :: Text -> Maybe Password Source #
Construct a password value from Text
, return Nothing
if contain control-characters.
passwordSize :: Password -> Int Source #
Byte size of a password.
passwordToText :: Password -> Text Source #
Get plaintext of a password.
withPasswordUnsafe :: Password -> (BA# Word8 -> IO r) -> IO r Source #
Use password as null-terminated const char*
, USE WITH UNSAFE FFI ONLY, PLEASE DO NOT MODIFY THE CONTENT.
withPasswordSafe :: Password -> (Ptr Word8 -> IO r) -> IO r Source #
Use password as null-terminated const char*
, PLEASE DO NOT MODIFY THE CONTENT.
data InvalidPasswordException Source #
Instances
Show InvalidPasswordException Source # | |
Defined in Z.Crypto.SafeMem showsPrec :: Int -> InvalidPasswordException -> ShowS # show :: InvalidPasswordException -> String # showList :: [InvalidPasswordException] -> ShowS # | |
Exception InvalidPasswordException Source # | |
Nonce
A value used only once in AEAD modes.
We use also this type to represent IV(initialization vector) for stream ciphers, but the way a nonce is generated is different: random IV is one generation choice which is usually fine, while Nonce can also be a counter, which is not ok for CBC mode.
Some common nonce size:
- 96bit for GCM AEAD, ChaCha20Poly1305.
- 128bit for XChaCha20Poly1305.
- Block size for CBC IV(e.g. 128 bits for AES).
cnt32bitNonce :: Int32 -> Nonce Source #
Get 32bit nonce from counter.
cnt64bitNonce :: Int64 -> Nonce Source #
Get 64bit nonce from counter.
CEBytes
Constant-time equal comparing bytes.
It comes with following property:
ceBytesSize :: CEBytes -> Int Source #
ceBytesBitSize :: CEBytes -> Int Source #
newCEBytesUnsafe :: Int -> (MBA# Word8 -> IO r) -> IO CEBytes Source #
Create a ceBytes from unsafe FFI.
Secret
Memory allocated by locked allocator and will be zeroed after used.
- It's allocated by botan's locking allocator(which means it will not get swapped to disk) if possible.
- It will zero the memory it used once get GCed.
- The
Eq
instance gives you constant-time compare. - The
Show
orPrint
instance always print"**SECRET**"
.
Secret
is not intented to be saved or transmitted, there're several way to obtain a Secret
:
+ Use unsafeSecretFromBytes
to convert a piece of Bytes
to Secret
.
+ Use key-exchanges from PubKey
.
+ Unwrap a key, see KeyWrap
.
Instances
Eq Secret Source # | Constant-time compare |
Show Secret Source # | |
IsString Secret Source # | This instance will break the no-tracing property by saving secret in compiled and loaded binary. |
Defined in Z.Crypto.SafeMem fromString :: String -> Secret # | |
Print Secret Source # | |
Defined in Z.Crypto.SafeMem toUTF8BuilderP :: Int -> Secret -> Builder () # |
secretSize :: Secret -> Int Source #
Get secret key's byte length.
secretBitSize :: Secret -> Int Source #
Get secret key's bit size.