]i      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghportable experimental!dominic.steinitz@blueyonder.co.uki jk    portablebetaThomas.DuBuisson@gmail.com%Handle for manual resource mangement lOpen a   Close the  Read random data from a  BInefficiently get a specific number of bytes of cryptographically : secure random data using the system-specific facilities. Use '/dev/urandom'' on *nix and CryptAPI when on Windows. m portable betaThomas.DuBuisson@gmail.comMA class of random bit generators that allows for the possibility of failure, C reseeding, providing entropy at the same time as requesting bytes Minimum complete definition: , , , . 'Instantiate a new random bit generator GLength of input entropy necessary to instantiate or reseed a generator %Obtain random data using a generator genBytesWithEntropy g i entropy generates i random bytes and use the  additional input entropy, in the generation of the requested data to G increase the confidence our generated data is a secure random stream.  Default:  J genBytesWithEntropy g bytes entropy = xor entropy (genBytes g bytes) reseed the generator 6many generators have these error conditions in common 0For instantiating new generators (or reseeding) ]Some generators cease operation after too high a count without a reseed (ex: NIST SP 800-90)  When using genInteger g (l,h) and %logBase 2 (h - l) > (maxBound :: Int). !WRequested more bytes than a single pass can generate (ex: genBytes g i | i > 2^(2^32)) "Misc #Use System.Crypto.Random to obtain entropy for . n:Obtain a tagged value for a particular instantiated type. $genInteger g (low,high), will generate an integer between [low, high]( inclusively, swapping the pair if high < low. ZThis function has degraded (theoretically unbounded, probabilitically decent) performance C the closer your range size (high - low) is to 2^n (from the top). op !"#$$"! #"!  !"#$ portable betaThomas.DuBuisson@gmail.com&%FA class for signing operations which inherently can not be as generic ! as asymetric ciphers (ex: DSA). &'()*+WA stream cipher class. Instance are expected to work on messages as small as one byte 9 The length of the resulting cipher text should be equal % to the length of the input message. ,-./06Asymetric ciphers (common ones being RSA or EC based) 1build a public/.private key pair using the provided generator 2Asymetric encryption 3Asymetric decryption 45;The BlockCipher class is intended as the generic interface < targeted by maintainers of Haskell cipher implementations. 5 Using this generic interface higher level functions  such as cbcC, and other functions from Data.Crypto.Modes, provide a useful API * for comsumers of cipher implementations. %Instances must handle unaligned data 6LThe size of a single block; the smallest unit on which the cipher operates. 7encrypt data of size  n*blockSize where n q [0..] (ecb encryption) 8decrypt data of size  n*blockSize where n q [0..] (ecb decryption) 9.smart constructor for keys from a bytestring. :8keyLength may inspect its argument to return the length ;4The Hash class is intended as the generic interface < targeted by maintainers of Haskell digest implementations. 6 Using this generic interface, higher level functions  such as A and B provide a useful API ( for comsumers of hash implementations. ;Any instantiated implementation must handle unaligned data <$The size of the digest when encoded =GThe amount of data operated on in each round of the digest computation >4An initial context, provided with the first call to ? ?HUsed to update a context, repeatedly called until all data is exhausted ( must operate correctly for imputs of  n*blockLength bytes for n q [0..] @UFinializing a context, plus any message data less than the block size, into a digest A*Hash a lazy ByteString, creating a digest B,Hash a strict ByteString, creating a digest C*Obtain a lazy hash function from a digest D,Obtain a strict hash function from a digest rE'Obtain a tagged value for a given type FInfix E operator Gs`signUsing d k msg`5 Returns a signature (not a message + signature) for msg # by hashing into a digest asTypeOf d( and encrypting using the asymetric key k.  Expect a  Signature( class to appear in a future crypto-api < (this function might become depricated pending discussion) tLike s but for strict ByteStrings. #%&'()*+,-./0123456789:;<=>?@ABCDEFG#;<=>?@56789:G+,-./01234%&'()*EFABCD#%&'()*&'()*+,-./,-./01234123456789:6789:;<=>?@<=>?@ABCDEFG portable betaThomas.DuBuisson@gmail.comHIJ>Message authentication code calculation for lazy bytestrings.   hmac k msg) will compute an authentication code for msg using key k K hmac k msg) will compute an authentication code for msg using key k HIJKJKHIHIIJK portable betaThomas.DuBuisson@gmail.comLFInitilization Vectors for BlockCipher implementations (IV k) are used > for various modes and guarrenteed to be blockSize bits long. uvwxyMzipWith xor + Pack C This is written intentionally to take advantage of the bytestring  libraries zipWith'+ rewrite rule but at the extra cost of the D resulting lazy bytestring being more fragmented than either of the  two inputs. zipWith xor + Pack Y As a result of rewrite rules, this should automatically be optimized (at compile time) ! to use the bytestring libraries zipWith' function. <Cipher block chaining encryption mode on strict bytestrings N8Cipher block chaining decryption for strict bytestrings O6Cipher block chaining encryption for lazy bytestrings P6Cipher block chaining decryption for lazy bytestrings QRSTUPCiphertext feed-back encryption mode for lazy bytestrings (with s == blockSize) VPCiphertext feed-back decryption mode for lazy bytestrings (with s == blockSize) WRCiphertext feed-back encryption mode for strict bytestrings (with s == blockSize) XRCiphertext feed-back decryption mode for strict bytestrings (with s == blockSize) Y*Output feedback mode for lazy bytestrings Z*Output feedback mode for lazy bytestrings [,Output feedback mode for strict bytestrings \,Output feedback mode for strict bytestrings z] Obtain an L+ using the provided CryptoRandomGenerator. ^ Obtain an L using the system entropy (see System.Crypto.Random) {LMNOPQRSTUVWXYZ[\]^QROPUVYZSTMNWX[\L]^LMNOPQRSTUVWXYZ[\]^ _$PKCS5 (aka RFC1423) padding method. : This method will not work properly for pad modulos > 256 `   putPaddedPKCS5 m bs  Will pad out bs to a byte multiple  of m# and put both the bytestring and it's padding via |} : (this saves on copying if you are already using Cereal). aBPKCS5 (aka RFC1423) padding method using the BlockCipher instance  to determine the pad size. ~ Leverages `# to put the bytestring and padding = of sufficient length for use by the specified block cipher. b>unpad a strict bytestring padded in the typical PKCS5 manner. E This routine verifies all pad bytes and pad length match correctly. cd0Pad a bytestring to the IPSEC esp specification   padESP m payload is equivilent to:   : (msg) (padding) (length field) ) B.concat [payload, B.pack [1,2,3,4..], B.pack [padLen]] Where: ( the msg is any payload, including TFC.  the padding is <= 255  the length field is one byte. -Notice the result bytesting length remainder r equals zero. The lack  of a " next header"7 field means this function is not directly useable for  an IPSec implementation (copy/'paste the 4 line function and add in a  " next header"% field if you are making IPSec ESP). eGLike padESP but use the BlockCipher instance to determine padding size fLLike putPadESP but using the BlockCipher instance to determine padding size g6Pad a bytestring to the IPSEC ESP specification using |}. 2 This can reduce copying if you are already using |}. h/A static espPad allows reuse of a single B.pack'ed pad for all calls to padESP Tunpad and return the padded message (Nothing is returned if the padding is invalid) _`abcdefgh _a`bcdhefg _`abcdefgh      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstNuvwxyz{|T}~crypto-api-0.1.2.2Data.LargeWord Crypto.TypesSystem.Crypto.Random Crypto.RandomCrypto.Classes Crypto.HMAC Crypto.ModesCrypto.PaddingWord256Word224Word192Word160Word128Word96LargeKey LargeWordlargeWordToIntegerintegerToLargeWord largeWordPlus largeWordAnd largeWordOrlargeWordShift largeWordXor largeBitSize ByteLength BitLength CryptHandle openHandle closeHandle hGetEntropy getEntropyCryptoRandomGennewGen genSeedLengthgenBytesgenBytesWithEntropyreseedGenErrorNotEnoughEntropy NeedReseed RangeInvalidRequestedTooManyBytes GenErrorOthernewGenIO genIntegerSigningsignverifybuildSigningPairsigningKeyLengthverifyingKeyLength StreamCipherbuildStreamKey encryptStream decryptStreamstreamKeyLength AsymCipher buildKeyPair encryptAsym decryptAsym asymKeyLength BlockCipher blockSize encryptBlock decryptBlockbuildKey keyLengthHash outputLength blockLength initialCtx updateCtxfinalizehashhash'hashFunc hashFunc'for.::.blockSizeBytesMacKeyhmachmac'IVcbc'unCbc'cbcunCbcecbunEcbecb'unEcb'cfbunCfbcfb'unCfb'ofbunOfbofb'unOfb'getIVgetIVIOpadPKCS5putPaddedPKCS5 padBlockSizeunpadPKCS5safe unpadPKCS5padESPpadESPBlockSizeputPadESPBlockSize putPadESPunpadESPaoflkboflkCHgetEntbase2Logbs2ibaseGHC.Listelem makeBlocks signUsing signUsing'initializationVectorcollectchunkFor chunkFor'unfoldKivBlockSizeBytescereal-0.3.0.0Data.Serialize.PutPutputPaddedBlockSize