úÎt¢nêQ      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPportable experimental!dominic.steinitz@blueyonder.co.ukQRSTUVWXYZ[\portablebetaThomas.DuBuisson@gmail.com %Handle for manual resource mangement ] Open a    Close the   Read random data from a   BInefficiently get a specific number of bytes of cryptographically : secure random data using the system-specific facilities. Use '/dev/urandom'' on *nix and CryptAPI when on Windows. ^    portable betaThomas.DuBuisson@gmail.com_/This class exists to provide the contraversial split operation that was  part of `?. When combined with a CryptoRandomGen instance this provides D a method to lift CryptoGenRandom into the RandomGen class (via the  AsRnadomGen wrapper) aMA class of random bit generators that allows for the possibility of failure, C reseeding, providing entropy at the same time as requesting bytes Minimum complete definition: , , , . 'Instantiate a new random bit generator GLength of input entropy necessary to instantiate or reseed a generator %Obtain random data using a generator genBytesWithEntropy g i entropy generates i random bytes and use the  additional input entropy, in the generation of the requested data to G increase the confidence our generated data is a secure random stream.  Default:  J genBytesWithEntropy g bytes entropy = xor entropy (genBytes g bytes) reseed the generator Any  can be used where the ` class is needed " simply by wrapping with with the  constructor. Any failures / (Left results from genBytes or newGen) result B in a pattern match exception. Such failures were simply assumed  not possible by the `( class, hence there is no non-exception  way to indicate a failure. 6many generators have these error conditions in common 0For instantiating new generators (or reseeding) ]Some generators cease operation after too high a count without a reseed (ex: NIST SP 800-90)  When using genInteger g (l,h) and %logBase 2 (h - l) > (maxBound :: Int). WRequested more bytes than a single pass can generate (ex: genBytes g i | i > 2^(2^32)) Misc Use System.Crypto.Random to obtain entropy for . b:Obtain a tagged value for a particular instantiated type. genInteger g (low,high), will generate an integer between [low, high]( inclusively, swapping the pair if high < low. ZThis function has degraded (theoretically unbounded, probabilitically decent) performance C the closer your range size (high - low) is to 2^n (from the top). cd portable betaThomas.DuBuisson@gmail.comWA stream cipher class. Instance are expected to work on messages as small as one byte 9 The length of the resulting cipher text should be equal % to the length of the input message.  !"#$build a public/.private key pair using the provided generator %Asymetric encryption &Asymetric decryption '(;The BlockCipher class is intended as the generic interface < targeted by maintainers of Haskell cipher implementations. 5 Using this generic interface higher level functions  such as cbcC, and other functions from Data.Crypto.Modes, provide a useful API * for comsumers of cipher implementations. %Instances must handle unaligned data )LThe size of a single block; the smallest unit on which the cipher operates. *encrypt data of size  n*blockSize where n e [0..] (ecb encryption) +decrypt data of size  n*blockSize where n e [0..] (ecb decryption) ,.smart constructor for keys from a bytestring. -8keyLength may inspect its argument to return the length .4The Hash class is intended as the generic interface < targeted by maintainers of Haskell digest implementations. 6 Using this generic interface, higher level functions  such as 4 and 5 provide a useful API ( for comsumers of hash implementations. ;Any instantiated implementation must handle unaligned data /$The size of the digest when encoded 0GThe amount of data operated on in each round of the digest computation 14An initial context, provided with the first call to 2 2HUsed to update a context, repeatedly called until all data is exhausted ( must operate correctly for imputs of  n*blockLength bytes for n e [0..] 3UFinializing a context, plus any message data less than the block size, into a digest 4*Hash a lazy ByteString, creating a digest 5,Hash a strict ByteString, creating a digest 6*Obtain a lazy hash function from a digest 7,Obtain a strict hash function from a digest f8'Obtain a tagged value for a given type 9Infix 8 operator g`signUsing d k msg`5 Returns a signature (not a message + signature) for msg # by hashing into a digest asTypeOf d( and encrypting using the asymetric key k.  Expect a  Signature( class to appear in a future crypto-api < (this function might become depricated pending discussion) hLike g but for strict ByteStrings.  !"#$%&'()*+,-./0123456789./0123()*+,- !"#$%&'894567 !" !"#$%&'$%&'()*+,-)*+,-./0123/0123456789 portable betaThomas.DuBuisson@gmail.com:;<>Message authentication code calculation for lazy bytestrings.   hmac k msg) will compute an authentication code for msg using key k = hmac k msg) will compute an authentication code for msg using key k :;<=<=:;:;;<= portable betaThomas.DuBuisson@gmail.com>FInitilization Vectors for BlockCipher implementations (IV k) are used > for various modes and guarrenteed to be blockSize bits long. ijklm?zipWith xor + Pack C This is written intentionally to take advantage of the bytestring  libraries zipWith'+ rewrite rule but at the extra cost of the D resulting lazy bytestring being more fragmented than either of the  two inputs. zipWith xor + Pack Y As a result of rewrite rules, this should automatically be optimized (at compile time) ! to use the bytestring libraries zipWith' function. <Cipher block chaining encryption mode on strict bytestrings @8Cipher block chaining decryption for strict bytestrings A6Cipher block chaining encryption for lazy bytestrings B6Cipher block chaining decryption for lazy bytestrings CDEFGPCiphertext feed-back encryption mode for lazy bytestrings (with s == blockSize) HPCiphertext feed-back decryption mode for lazy bytestrings (with s == blockSize) IRCiphertext feed-back encryption mode for strict bytestrings (with s == blockSize) JRCiphertext feed-back decryption mode for strict bytestrings (with s == blockSize) K*Output feedback mode for lazy bytestrings L*Output feedback mode for lazy bytestrings M,Output feedback mode for strict bytestrings N,Output feedback mode for strict bytestrings nO Obtain an >+ using the provided CryptoRandomGenerator. P Obtain an > using the system entropy (see System.Crypto.Random) o>?@ABCDEFGHIJKLMNOPCDABGHKLEF?@IJMN>OP>?@ABCDEFGHIJKLMNOPp      !"#$%&'()*+,-./0123456789:;<=>?@ABBCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi@jklmnopqErstuvwxcrypto-api-0.0.0.2Data.LargeWord Crypto.TypesSystem.Crypto.Random Crypto.RandomCrypto.Classes Crypto.HMAC Crypto.ModesWord256Word224Word192Word160Word128Word96LargeKey ByteLength BitLength CryptHandle openHandle closeHandle hGetEntropy getEntropyCryptoRandomGennewGen genSeedLengthgenBytesgenBytesWithEntropyreseed AsRandomGenAsRGGenErrorNotEnoughEntropy NeedReseed RangeInvalidRequestedTooManyBytes GenErrorOthernewGenIO genInteger StreamCipherbuildStreamKey encryptStream decryptStreamstreamKeyLength AsymCipher buildKeyPair encryptAsym decryptAsym asymKeyLength BlockCipher blockSize encryptBlock decryptBlockbuildKey keyLengthHash outputLength blockLength initialCtx updateCtxfinalizehashhash'hashFunc hashFunc'for.::.MacKeyhmachmac'IVcbc'unCbc'cbcunCbcecbunEcbecb'unEcb'cfbunCfbcfb'unCfb'ofbunOfbofb'unOfb'getIVgetIVIO LargeWordlargeWordToIntegerintegerToLargeWord largeWordPlus largeWordAnd largeWordOrlargeWordShift largeWordXor largeBitSizeaoflkboflkCHgetEnt SplittableGenrandom-1.0.0.2 System.Random RandomGensplitbase2Logbs2ibaseGHC.Listelem makeBlocks signUsing signUsing'initializationVectorcollectchunkFor chunkFor'unfoldKivBlockSizeBytes