@`      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_portable experimental!dominic.steinitz@blueyonder.co.uk`abcdefghijkportablebetaThomas.DuBuisson@gmail.com %Handle for manual resource mangement l Open a    Close the   Read random data from a   BInefficiently get a specific number of bytes of cryptographically : secure random data using the system-specific facilities. Use '/dev/urandom'' on *nix and CryptAPI when on Windows. m    portable betaThomas.DuBuisson@gmail.comMA class of random bit generators that allows for the possibility of failure, C reseeding, providing entropy at the same time as requesting bytes Minimum complete definition: , , , . 'Instantiate a new random bit generator GLength of input entropy necessary to instantiate or reseed a generator %Obtain random data using a generator genBytesWithEntropy g i entropy generates i random bytes and use the  additional input entropy, in the generation of the requested data to G increase the confidence our generated data is a secure random stream.  Default:  J genBytesWithEntropy g bytes entropy = xor entropy (genBytes g bytes) reseed the generator 6many generators have these error conditions in common 0For instantiating new generators (or reseeding) ]Some generators cease operation after too high a count without a reseed (ex: NIST SP 800-90)  When using genInteger g (l,h) and %logBase 2 (h - l) > (maxBound :: Int). WRequested more bytes than a single pass can generate (ex: genBytes g i | i > 2^(2^32)) Misc Use System.Crypto.Random to obtain entropy for . n:Obtain a tagged value for a particular instantiated type. genInteger g (low,high), will generate an integer between [low, high]( inclusively, swapping the pair if high < low. ZThis function has degraded (theoretically unbounded, probabilitically decent) performance C the closer your range size (high - low) is to 2^n (from the top). op portable betaThomas.DuBuisson@gmail.com&FA class for signing operations which inherently can not be as generic ! as asymetric ciphers (ex: DSA).  !"WA stream cipher class. Instance are expected to work on messages as small as one byte 9 The length of the resulting cipher text should be equal % to the length of the input message. #$%&'6Asymetric ciphers (common ones being RSA or EC based) (build a public/.private key pair using the provided generator )Asymetric encryption *Asymetric decryption +,;The BlockCipher class is intended as the generic interface < targeted by maintainers of Haskell cipher implementations. 5 Using this generic interface higher level functions  such as cbcC, and other functions from Data.Crypto.Modes, provide a useful API * for comsumers of cipher implementations. %Instances must handle unaligned data -LThe size of a single block; the smallest unit on which the cipher operates. .encrypt data of size  n*blockSize where n q [0..] (ecb encryption) /decrypt data of size  n*blockSize where n q [0..] (ecb decryption) 0.smart constructor for keys from a bytestring. 18keyLength may inspect its argument to return the length 24The Hash class is intended as the generic interface < targeted by maintainers of Haskell digest implementations. 6 Using this generic interface, higher level functions  such as 8 and 9 provide a useful API ( for comsumers of hash implementations. ;Any instantiated implementation must handle unaligned data 3$The size of the digest when encoded 4GThe amount of data operated on in each round of the digest computation 54An initial context, provided with the first call to 6 6HUsed to update a context, repeatedly called until all data is exhausted ( must operate correctly for imputs of  n*blockLength bytes for n q [0..] 7UFinializing a context, plus any message data less than the block size, into a digest 8*Hash a lazy ByteString, creating a digest 9,Hash a strict ByteString, creating a digest :*Obtain a lazy hash function from a digest ;,Obtain a strict hash function from a digest r<'Obtain a tagged value for a given type =Infix < operator >s`signUsing d k msg`5 Returns a signature (not a message + signature) for msg # by hashing into a digest asTypeOf d( and encrypting using the asymetric key k.  Expect a  Signature( class to appear in a future crypto-api < (this function might become depricated pending discussion) tLike s but for strict ByteStrings. # !"#$%&'()*+,-./0123456789:;<=>#234567,-./01>"#$%&'()*+ !<=89:;# ! !"#$%&#$%&'()*+()*+,-./01-./012345673456789:;<=> portable betaThomas.DuBuisson@gmail.com?@A>Message authentication code calculation for lazy bytestrings.   hmac k msg) will compute an authentication code for msg using key k B hmac k msg) will compute an authentication code for msg using key k ?@ABAB?@?@@AB portable betaThomas.DuBuisson@gmail.comCFInitilization Vectors for BlockCipher implementations (IV k) are used > for various modes and guarrenteed to be blockSize bits long. uvwxyDzipWith xor + Pack C This is written intentionally to take advantage of the bytestring  libraries zipWith'+ rewrite rule but at the extra cost of the D resulting lazy bytestring being more fragmented than either of the  two inputs. zipWith xor + Pack Y As a result of rewrite rules, this should automatically be optimized (at compile time) ! to use the bytestring libraries zipWith' function. <Cipher block chaining encryption mode on strict bytestrings E8Cipher block chaining decryption for strict bytestrings F6Cipher block chaining encryption for lazy bytestrings G6Cipher block chaining decryption for lazy bytestrings HIJKLPCiphertext feed-back encryption mode for lazy bytestrings (with s == blockSize) MPCiphertext feed-back decryption mode for lazy bytestrings (with s == blockSize) NRCiphertext feed-back encryption mode for strict bytestrings (with s == blockSize) ORCiphertext feed-back decryption mode for strict bytestrings (with s == blockSize) P*Output feedback mode for lazy bytestrings Q*Output feedback mode for lazy bytestrings R,Output feedback mode for strict bytestrings S,Output feedback mode for strict bytestrings zT Obtain an C+ using the provided CryptoRandomGenerator. U Obtain an C using the system entropy (see System.Crypto.Random) {CDEFGHIJKLMNOPQRSTUHIFGLMPQJKDENORSCTUCDEFGHIJKLMNOPQRSTU V#PKCS5 (aka RFC1423) padding method : This method will not work properly for pad modulos > 256 WputPaddedPKCS5 m bs will pad out bs to a byte multiple  of m# and put both the bytestring and it's padding via |} ; (this saving on copying if you are already using Cereal). X#PKCS5 (aka RFC1423) padding method ~ Leverages W# to put the bytestring and padding = of sufficient length for use by the specified block cipher. Y>unpad a strict bytestring padded in the typical PKCS5 manner. E This routine verifies all pad bytes and pad length match correctly. Z[0Pad a bytestring to the IPSEC esp specification  padESP m payload is equivilent to:   : -- (msg) (padding) (length field) ) B.concat [payload, B.pack [1,2,3,4..], B.pack [padLen]] Where: ) the msg is any payload, including TFC.  the padding is <= 255  the length field is one byte -Notice the result bytesting length remainder r equals zero. The lack  of ' next header'7 field means this function is not directly useable for  an IPSec implementation (copy/'paste the 4 line function and add in a   next header% field if you are making IPSec ESP). \GLike padESP but use the BlockCipher instance to determine padding size ]LLike putPadESP but using the BlockCipher instance to determine padding size ^6Pad a bytestring to the IPSEC ESP specification using |}. 2 This can reduce copying if you are already using |}. _/A static espPad allows reuse of a single B.pack'ed pad for all calls to padESP Tunpad and return the padded message (Nothing is returned if the padding is invalid) VWXYZ[\]^_ VXWYZ[_\]^ VWXYZ[\]^_      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstEuvwxyz{|K}~crypto-api-0.1.0.0Data.LargeWord Crypto.TypesSystem.Crypto.Random Crypto.RandomCrypto.Classes Crypto.HMAC Crypto.ModesCrypto.PaddingWord256Word224Word192Word160Word128Word96LargeKey ByteLength BitLength CryptHandle openHandle closeHandle hGetEntropy getEntropyCryptoRandomGennewGen genSeedLengthgenBytesgenBytesWithEntropyreseedGenErrorNotEnoughEntropy NeedReseed RangeInvalidRequestedTooManyBytes GenErrorOthernewGenIO genIntegerSigningsignverifybuildSigningPairsigningKeyLengthverifyingKeyLength StreamCipherbuildStreamKey encryptStream decryptStreamstreamKeyLength AsymCipher buildKeyPair encryptAsym decryptAsym asymKeyLength BlockCipher blockSize encryptBlock decryptBlockbuildKey keyLengthHash outputLength blockLength initialCtx updateCtxfinalizehashhash'hashFunc hashFunc'for.::.blockSizeBytesMacKeyhmachmac'IVcbc'unCbc'cbcunCbcecbunEcbecb'unEcb'cfbunCfbcfb'unCfb'ofbunOfbofb'unOfb'getIVgetIVIOpadPKCS5putPaddedPKCS5 padBlockSizeunpadPKCS5safe unpadPKCS5padESPpadESPBlockSizeputPadESPBlockSize putPadESPunpadESP LargeWordlargeWordToIntegerintegerToLargeWord largeWordPlus largeWordAnd largeWordOrlargeWordShift largeWordXor largeBitSizeaoflkboflkCHgetEntbase2Logbs2ibaseGHC.Listelem makeBlocks signUsing signUsing'initializationVectorcollectchunkFor chunkFor'unfoldKivBlockSizeBytescereal-0.3.0.0Data.Serialize.PutPutputPaddedBlockSize