-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | A generic interface for cryptographic operations
--
@package crypto-api
@version 0.13.1
-- | Type aliases used throughout the crypto-api modules.
module Crypto.Types
-- | Initilization Vectors for BlockCipher implementations (IV k) are used
-- for various modes and guarrenteed to be blockSize bits long. The
-- common ways to obtain an IV are to generate one (getIV or
-- getIVIO) or to use one provided with the ciphertext (using
-- the Serialize instance of IV).
--
-- zeroIV also exists and is of particular use for starting
-- ctr mode with a fresh key.
data IV k
IV :: {-# UNPACK #-} !ByteString -> IV k
initializationVector :: IV k -> {-# UNPACK #-} !ByteString
-- | The length of a field (usually a ByteString) in bits
type BitLength = Int
-- | The length fo a field in bytes.
type ByteLength = Int
data BlockCipherError
InputTooLong :: String -> BlockCipherError
AuthenticationFailed :: String -> BlockCipherError
Other :: String -> BlockCipherError
instance Typeable BlockCipherError
instance Eq (IV k)
instance Ord (IV k)
instance Show (IV k)
instance Eq BlockCipherError
instance Ord BlockCipherError
instance Show BlockCipherError
instance Read BlockCipherError
instance Data BlockCipherError
instance Exception BlockCipherError
-- | A small selection of utilities that might be of use to others working
-- with bytestring/number combinations.
module Crypto.Util
-- | incBS bs inefficiently computes the value i2bs (8 *
-- B.length bs) (bs2i bs + 1)
incBS :: ByteString -> ByteString
-- | i2bs bitLen i converts i to a ByteString of
-- bitLen bits (must be a multiple of 8).
i2bs :: Int -> Integer -> ByteString
-- | i2bs_unsized i converts i to a ByteString
-- of sufficient bytes to express the integer. The integer must be
-- non-negative and a zero will be encoded in one byte.
i2bs_unsized :: Integer -> ByteString
-- | Useful utility to extract the result of a generator operation and
-- translate error results to exceptions.
throwLeft :: Exception e => Either e a -> a
-- | Obtain a tagged value for a particular instantiated type.
for :: Tagged a b -> a -> b
-- | Infix for operator
(.::.) :: Tagged a b -> a -> b
-- | Checks two bytestrings for equality without breaches for timing
-- attacks.
--
-- Semantically, constTimeEq = (==). However, x == y
-- takes less time when the first byte is different than when the first
-- byte is equal. This side channel allows an attacker to mount a timing
-- attack. On the other hand, constTimeEq always takes the same
-- time regardless of the bytestrings' contents, unless they are of
-- difference size.
--
-- You should always use constTimeEq when comparing secrets,
-- otherwise you may leave a significant security hole (cf.
-- http://codahale.com/a-lesson-in-timing-attacks/).
constTimeEq :: ByteString -> ByteString -> Bool
c_constTimeEq :: Ptr CChar -> Ptr CChar -> CInt -> IO CInt
-- | Helper function to convert bytestrings to integers
bs2i :: ByteString -> Integer
-- | zipWith xor + Pack As a result of rewrite rules, this should
-- automatically be optimized (at compile time). to use the bytestring
-- libraries zipWith' function.
zwp' :: ByteString -> ByteString -> ByteString
-- | zipWith xor + Pack
--
-- This is written intentionally to take advantage of the bytestring
-- libraries zipWith' rewrite rule but at the extra cost of the
-- resulting lazy bytestring being more fragmented than either of the two
-- inputs.
zwp :: ByteString -> ByteString -> ByteString
collect :: Int -> [ByteString] -> [ByteString]
-- | This module is for instantiating cryptographicly strong determinitic
-- random bit generators (DRBGs, aka PRNGs) For the simple use case of
-- using the system random number generator (Entropy) to seed the
-- DRBG:
--
--
-- g <- newGenIO
--
--
-- Users needing to provide their own entropy can call newGen
-- directly
--
--
-- entropy <- getEntropy nrBytes
-- let generator = newGen entropy
--
module Crypto.Random
-- | A class of random bit generators that allows for the possibility of
-- failure, reseeding, providing entropy at the same time as requesting
-- bytes
--
-- Minimum complete definition: newGen, genSeedLength,
-- genBytes, reseed, reseedInfo,
-- reseedPeriod.
class CryptoRandomGen g where genBytesWithEntropy len entropy g = let res = genBytes len g in case res of { Left err -> Left err Right (bs, g') -> let entropy' = append entropy (replicate (len - length entropy) 0) in Right (zwp' entropy' bs, g') } newGenIO = go 0 where go 1000 = throw $ GenErrorOther $ "The generator instance requested by" ++ "newGenIO never instantiates (1000 tries). " ++ "It must be broken." go i = do { let p = Proxy getTypedGen :: CryptoRandomGen g => Proxy g -> IO (Either GenError g) getTypedGen pr = liftM newGen (getEntropy $ proxy genSeedLength pr); res <- getTypedGen p; case res of { Left _ -> go (i + 1) Right g -> return (g `asProxyTypeOf` p) } }
newGen :: CryptoRandomGen g => ByteString -> Either GenError g
genSeedLength :: CryptoRandomGen g => Tagged g ByteLength
genBytes :: CryptoRandomGen g => ByteLength -> g -> Either GenError (ByteString, g)
reseedInfo :: CryptoRandomGen g => g -> ReseedInfo
reseedPeriod :: CryptoRandomGen g => g -> ReseedInfo
genBytesWithEntropy :: CryptoRandomGen g => ByteLength -> ByteString -> g -> Either GenError (ByteString, g)
reseed :: CryptoRandomGen g => ByteString -> g -> Either GenError g
newGenIO :: CryptoRandomGen g => IO g
-- | Generator failures should always return the appropriate GenError. Note
-- GenError in an instance of exception but wether or not an
-- exception is thrown depends on if the selected generator (read: if you
-- don't want execptions from code that uses throw then pass in a
-- generator that never has an error for the used functions)
data GenError
-- | Misc
GenErrorOther :: String -> GenError
-- | Requested more bytes than a single pass can generate (The maximum
-- request is generator dependent)
RequestedTooManyBytes :: GenError
-- | When using genInteger g (l,h) and logBase 2 (h - l) >
-- (maxBound :: Int).
RangeInvalid :: GenError
-- | Some generators cease operation after too high a count without a
-- reseed (ex: NIST SP 800-90)
NeedReseed :: GenError
-- | For instantiating new generators (or reseeding)
NotEnoughEntropy :: GenError
-- | This generator can not be instantiated or reseeded with a finite seed
-- (ex: SystemRandom)
NeedsInfiniteSeed :: GenError
data ReseedInfo
-- | Generator needs reseeded in X bytes
InXBytes :: {-# UNPACK #-} !Word64 -> ReseedInfo
-- | Generator needs reseeded in X calls
InXCalls :: {-# UNPACK #-} !Word64 -> ReseedInfo
-- | The bound is over 2^64 bytes or calls
NotSoon :: ReseedInfo
-- | This generator never reseeds (ex: SystemRandom)
Never :: ReseedInfo
-- | While the safety and wisdom of a splitting function depends on the
-- properties of the generator being split, several arguments from
-- informed people indicate such a function is safe for NIST SP 800-90
-- generators. (see libraries@haskell.org discussion around Sept, Oct
-- 2010). You can find implementations of such generators in the
-- DRBG package.
splitGen :: CryptoRandomGen g => g -> Either GenError (g, g)
-- | Useful utility to extract the result of a generator operation and
-- translate error results to exceptions.
throwLeft :: Exception e => Either e a -> a
-- | Not that it is technically correct as an instance of
-- CryptoRandomGen, but simply because it's a reasonable
-- engineering choice here is a CryptoRandomGen which streams the system
-- randoms. Take note:
--
--
-- - It uses the default definition of genByteWithEntropy
-- - newGen will always fail!
-- - reseed will always fail!
-- - the handle to the system random is never closed
--
data SystemRandom
instance Typeable GenError
instance Typeable ReseedInfo
instance Eq GenError
instance Ord GenError
instance Show GenError
instance Read GenError
instance Data GenError
instance Eq ReseedInfo
instance Ord ReseedInfo
instance Show ReseedInfo
instance Read ReseedInfo
instance Data ReseedInfo
instance CryptoRandomGen SystemRandom
instance Exception GenError
-- | This is the heart of the crypto-api package. By making (or having) an
-- instance of Hash, AsymCipher, BlockCipher or StreamCipher you provide
-- (or obtain) access to any infrastructure built on these primitives
-- include block cipher modes of operation, hashing, hmac, signing, etc.
-- These classes allow users to build routines that are agnostic to the
-- algorithm used so changing algorithms is as simple as changing a type
-- signature.
module Crypto.Classes
-- | The Hash class is intended as the generic interface targeted by
-- maintainers of Haskell digest implementations. Using this generic
-- interface, higher level functions such as hash and hash'
-- provide a useful API for comsumers of hash implementations.
--
-- Any instantiated implementation must handle unaligned data.
--
-- Minimum complete definition: outputLength, blockLength,
-- initialCtx, updateCtx, and finalize.
class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d where hash msg = res where res = finalize ctx end ctx = foldl' updateCtx initialCtx blks (blks, end) = makeBlocks msg blockLen blockLen = (blockLength .::. res) `div` 8 hash' msg = res where res = finalize (updateCtx initialCtx top) end (top, end) = splitAt remlen msg remlen = length msg - (length msg `rem` bLen) bLen = blockLength `for` res `div` 8
outputLength :: Hash ctx d => Tagged d BitLength
blockLength :: Hash ctx d => Tagged d BitLength
initialCtx :: Hash ctx d => ctx
updateCtx :: Hash ctx d => ctx -> ByteString -> ctx
finalize :: Hash ctx d => ctx -> ByteString -> d
hash :: (Hash ctx d, Hash ctx d) => ByteString -> d
hash' :: (Hash ctx d, Hash ctx d) => ByteString -> d
-- | Obtain a strict hash function whose result is the same type as the
-- given digest, which is discarded. If the type is already inferred then
-- consider using the hash' function instead.
hashFunc' :: Hash c d => d -> (ByteString -> d)
-- | Obtain a lazy hash function whose result is the same type as the given
-- digest, which is discarded. If the type is already inferred then
-- consider using the hash function instead.
hashFunc :: Hash c d => d -> (ByteString -> d)
-- | The BlockCipher class is intended as the generic interface targeted by
-- maintainers of Haskell cipher implementations.
--
-- Minimum complete definition: blockSize, encryptBlock, decryptBlock,
-- buildKey, and keyLength.
--
-- Instances must handle unaligned data
class Serialize k => BlockCipher k where ecb = modeEcb' unEcb = modeUnEcb' cbc = modeCbc' unCbc = modeUnCbc' ctr = modeCtr' incIV unCtr = modeUnCtr' incIV ctrLazy = modeCtr incIV unCtrLazy = modeUnCtr incIV cfb = modeCfb' unCfb = modeUnCfb' ofb = modeOfb' unOfb = modeUnOfb' cbcLazy = modeCbc unCbcLazy = modeUnCbc sivLazy = modeSiv unSivLazy = modeUnSiv siv = modeSiv' unSiv = modeUnSiv' ecbLazy = modeEcb unEcbLazy = modeUnEcb cfbLazy = modeCfb unCfbLazy = modeUnCfb ofbLazy = modeOfb unOfbLazy = modeUnOfb
blockSize :: BlockCipher k => Tagged k BitLength
encryptBlock :: BlockCipher k => k -> ByteString -> ByteString
decryptBlock :: BlockCipher k => k -> ByteString -> ByteString
buildKey :: BlockCipher k => ByteString -> Maybe k
keyLength :: BlockCipher k => Tagged k BitLength
ecb :: BlockCipher k => k -> ByteString -> ByteString
unEcb :: BlockCipher k => k -> ByteString -> ByteString
cbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
ctr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCtr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
ctrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCtrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
cfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
ofb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unOfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
cbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
sivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
unSivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
siv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
unSiv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
ecbLazy :: BlockCipher k => k -> ByteString -> ByteString
unEcbLazy :: BlockCipher k => k -> ByteString -> ByteString
cfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
ofbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unOfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | The number of bytes in a block cipher block
blockSizeBytes :: BlockCipher k => Tagged k ByteLength
-- | The number of bytes in a block cipher key (assuming it is an even
-- multiple of 8 bits)
keyLengthBytes :: BlockCipher k => Tagged k ByteLength
-- | Build a symmetric key using the system entropy (see Entropy)
buildKeyIO :: BlockCipher k => IO k
-- | Build a symmetric key using a given CryptoRandomGen
buildKeyGen :: (BlockCipher k, CryptoRandomGen g) => g -> Either GenError (k, g)
-- | A stream cipher class. Instance are expected to work on messages as
-- small as one byte The length of the resulting cipher text should be
-- equal to the length of the input message.
class Serialize k => StreamCipher k iv | k -> iv
buildStreamKey :: StreamCipher k iv => ByteString -> Maybe k
encryptStream :: StreamCipher k iv => k -> iv -> ByteString -> (ByteString, iv)
decryptStream :: StreamCipher k iv => k -> iv -> ByteString -> (ByteString, iv)
streamKeyLength :: StreamCipher k iv => Tagged k BitLength
-- | Build a stream key using the system random generator
buildStreamKeyIO :: StreamCipher k iv => IO k
-- | Build a stream key using the provided random generator
buildStreamKeyGen :: (StreamCipher k iv, CryptoRandomGen g) => g -> Either GenError (k, g)
-- | Asymetric ciphers (common ones being RSA or EC based)
class AsymCipher p v | p -> v, v -> p
buildKeyPair :: (AsymCipher p v, CryptoRandomGen g) => g -> BitLength -> Either GenError ((p, v), g)
encryptAsym :: (AsymCipher p v, CryptoRandomGen g) => g -> p -> ByteString -> Either GenError (ByteString, g)
decryptAsym :: (AsymCipher p v, CryptoRandomGen g) => g -> v -> ByteString -> Either GenError (ByteString, g)
publicKeyLength :: AsymCipher p v => p -> BitLength
privateKeyLength :: AsymCipher p v => v -> BitLength
-- | Build a pair of asymmetric keys using the system random generator.
buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))
-- | Flipped buildKeyPair for ease of use with state monads.
buildKeyPairGen :: (CryptoRandomGen g, AsymCipher p v) => BitLength -> g -> Either GenError ((p, v), g)
-- | A class for signing operations which inherently can not be as generic
-- as asymetric ciphers (ex: DSA).
class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p
sign :: (Signing p v, CryptoRandomGen g) => g -> v -> ByteString -> Either GenError (ByteString, g)
verify :: Signing p v => p -> ByteString -> ByteString -> Bool
buildSigningPair :: (Signing p v, CryptoRandomGen g) => g -> BitLength -> Either GenError ((p, v), g)
signingKeyLength :: Signing p v => v -> BitLength
verifyingKeyLength :: Signing p v => p -> BitLength
-- | Build a signing key using the system random generator
buildSigningKeyPairIO :: Signing p v => BitLength -> IO (Either GenError (p, v))
-- | Flipped buildSigningPair for ease of use with state monads.
buildSigningKeyPairGen :: (Signing p v, CryptoRandomGen g) => BitLength -> g -> Either GenError ((p, v), g)
-- | Encode a value using binary serialization to a strict ByteString.
encode :: Serialize a => a -> ByteString
-- | Obtain an IV made only of zeroes
zeroIV :: BlockCipher k => IV k
-- | Increase an IV by one. This is way faster than decoding,
-- increasing, encoding
incIV :: BlockCipher k => IV k -> IV k
-- | Obtain an IV using the provided CryptoRandomGenerator.
getIV :: (BlockCipher k, CryptoRandomGen g) => g -> Either GenError (IV k, g)
-- | Obtain an IV using the system entropy (see Entropy)
getIVIO :: BlockCipher k => IO (IV k)
chunkFor :: BlockCipher k => k -> ByteString -> [ByteString]
chunkFor' :: BlockCipher k => k -> ByteString -> [ByteString]
instance BlockCipher k => Serialize (IV k)
module Crypto.Modes
-- | Perform doubling as defined by the CMAC and SIV papers
dblIV :: BlockCipher k => IV k -> IV k
-- | Cipher block chaining message authentication
cbcMac' :: BlockCipher k => k -> ByteString -> ByteString
-- | Cipher block chaining message authentication
cbcMac :: BlockCipher k => k -> ByteString -> ByteString
-- | Obtain the cmac for lazy bytestrings
cMac :: BlockCipher k => k -> ByteString -> ByteString
-- | Obtain the cmac for strict bytestrings
cMac' :: BlockCipher k => k -> ByteString -> ByteString
cMacStar :: BlockCipher k => k -> [ByteString] -> ByteString
-- | Obtain the CMAC* on strict bytestrings
cMacStar' :: BlockCipher k => k -> [ByteString] -> ByteString
module Crypto.HMAC
-- | Message authentication code calculation for lazy bytestrings. hmac
-- k msg will compute an authentication code for msg using
-- key k
hmac :: Hash c d => MacKey c d -> ByteString -> d
-- | hmac k msg will compute an authentication code for
-- msg using key k
hmac' :: Hash c d => MacKey c d -> ByteString -> d
-- | A key carrying phantom types c and d, forcing the
-- key data to only be used by particular hash algorithms.
newtype MacKey c d
MacKey :: ByteString -> MacKey c d
instance Eq (MacKey c d)
instance Ord (MacKey c d)
instance Show (MacKey c d)
-- | PKCS5 (RFC 1423) and IPSec ESP (RFC 4303) padding methods are
-- implemented both as trivial functions operating on bytestrings and as
-- Put routines usable from the Data.Serialize module.
-- These methods do not work for algorithms or pad sizes in excess of 255
-- bytes (2040 bits, so extremely large as far as cipher needs are
-- concerned).
module Crypto.Padding
-- | PKCS5 (aka RFC1423) padding method. This method will not work properly
-- for pad modulos > 256
padPKCS5 :: ByteLength -> ByteString -> ByteString
-- | PKCS5 (aka RFC1423) padding method using the BlockCipher instance to
-- determine the pad size.
padBlockSize :: BlockCipher k => k -> ByteString -> ByteString
-- | Ex:
--
--
-- putPaddedPKCS5 m bs
--
--
-- Will pad out bs to a byte multiple of m and put both
-- the bytestring and it's padding via Put (this saves on copying
-- if you are already using Cereal).
putPaddedPKCS5 :: ByteLength -> ByteString -> Put
-- | unpad a strict bytestring padded in the typical PKCS5 manner. This
-- routine verifies all pad bytes and pad length match correctly.
unpadPKCS5safe :: ByteString -> Maybe ByteString
-- | unpad a strict bytestring without checking the pad bytes and length
-- any more than necessary.
unpadPKCS5 :: ByteString -> ByteString
-- | Pad a bytestring to the IPSEC esp specification
--
--
-- padESP m payload
--
--
-- is equivilent to:
--
--
-- (msg) (padding) (length field)
-- B.concat [payload, B.pack [1,2,3,4..], B.pack [padLen]]
--
--
-- Where:
--
--
-- - the msg is any payload, including TFC.
-- - the padding is <= 255
-- - the length field is one byte.
--
--
-- Notice the result bytesting length remainder r equals zero.
-- The lack of a "next header" field means this function is not directly
-- useable for an IPSec implementation (copy/paste the 4 line function
-- and add in a "next header" field if you are making IPSec ESP).
padESP :: Int -> ByteString -> ByteString
-- | unpad and return the padded message (Nothing is returned if the
-- padding is invalid)
unpadESP :: ByteString -> Maybe ByteString
-- | Like padESP but use the BlockCipher instance to determine padding size
padESPBlockSize :: BlockCipher k => k -> ByteString -> ByteString
-- | Like putPadESP but using the BlockCipher instance to determine padding
-- size
putPadESPBlockSize :: BlockCipher k => k -> ByteString -> Put
-- | Pad a bytestring to the IPSEC ESP specification using Put. This
-- can reduce copying if you are already using Put.
putPadESP :: Int -> ByteString -> Put
-- | The module mirrors Crypto.Classes except that errors are thrown
-- as exceptions instead of having returning types of Either error
-- result or Maybe result.
--
-- NB This module is experimental and might go away or be re-arranged.
module Crypto.Classes.Exceptions
-- | The Hash class is intended as the generic interface targeted by
-- maintainers of Haskell digest implementations. Using this generic
-- interface, higher level functions such as hash and hash'
-- provide a useful API for comsumers of hash implementations.
--
-- Any instantiated implementation must handle unaligned data.
--
-- Minimum complete definition: outputLength, blockLength,
-- initialCtx, updateCtx, and finalize.
class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d where hash msg = res where res = finalize ctx end ctx = foldl' updateCtx initialCtx blks (blks, end) = makeBlocks msg blockLen blockLen = (blockLength .::. res) `div` 8 hash' msg = res where res = finalize (updateCtx initialCtx top) end (top, end) = splitAt remlen msg remlen = length msg - (length msg `rem` bLen) bLen = blockLength `for` res `div` 8
outputLength :: Hash ctx d => Tagged d BitLength
blockLength :: Hash ctx d => Tagged d BitLength
initialCtx :: Hash ctx d => ctx
updateCtx :: Hash ctx d => ctx -> ByteString -> ctx
finalize :: Hash ctx d => ctx -> ByteString -> d
hash :: (Hash ctx d, Hash ctx d) => ByteString -> d
hash' :: (Hash ctx d, Hash ctx d) => ByteString -> d
-- | Obtain a strict hash function whose result is the same type as the
-- given digest, which is discarded. If the type is already inferred then
-- consider using the hash' function instead.
hashFunc' :: Hash c d => d -> (ByteString -> d)
-- | Obtain a lazy hash function whose result is the same type as the given
-- digest, which is discarded. If the type is already inferred then
-- consider using the hash function instead.
hashFunc :: Hash c d => d -> (ByteString -> d)
-- | The BlockCipher class is intended as the generic interface targeted by
-- maintainers of Haskell cipher implementations.
--
-- Minimum complete definition: blockSize, encryptBlock, decryptBlock,
-- buildKey, and keyLength.
--
-- Instances must handle unaligned data
class Serialize k => BlockCipher k where ecb = modeEcb' unEcb = modeUnEcb' cbc = modeCbc' unCbc = modeUnCbc' ctr = modeCtr' incIV unCtr = modeUnCtr' incIV ctrLazy = modeCtr incIV unCtrLazy = modeUnCtr incIV cfb = modeCfb' unCfb = modeUnCfb' ofb = modeOfb' unOfb = modeUnOfb' cbcLazy = modeCbc unCbcLazy = modeUnCbc sivLazy = modeSiv unSivLazy = modeUnSiv siv = modeSiv' unSiv = modeUnSiv' ecbLazy = modeEcb unEcbLazy = modeUnEcb cfbLazy = modeCfb unCfbLazy = modeUnCfb ofbLazy = modeOfb unOfbLazy = modeUnOfb
blockSize :: BlockCipher k => Tagged k BitLength
encryptBlock :: BlockCipher k => k -> ByteString -> ByteString
decryptBlock :: BlockCipher k => k -> ByteString -> ByteString
keyLength :: BlockCipher k => Tagged k BitLength
ecb :: BlockCipher k => k -> ByteString -> ByteString
unEcb :: BlockCipher k => k -> ByteString -> ByteString
cbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
ctr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCtr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
ctrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCtrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
cfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
ofb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unOfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
cbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
sivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
unSivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
siv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
unSiv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
ecbLazy :: BlockCipher k => k -> ByteString -> ByteString
unEcbLazy :: BlockCipher k => k -> ByteString -> ByteString
cfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unCfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
ofbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
unOfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Obtain an IV using the system entropy (see Entropy)
getIVIO :: BlockCipher k => IO (IV k)
-- | The number of bytes in a block cipher block
blockSizeBytes :: BlockCipher k => Tagged k ByteLength
-- | The number of bytes in a block cipher key (assuming it is an even
-- multiple of 8 bits)
keyLengthBytes :: BlockCipher k => Tagged k ByteLength
-- | Build a symmetric key using the system entropy (see Entropy)
buildKeyIO :: BlockCipher k => IO k
-- | Asymetric ciphers (common ones being RSA or EC based)
class AsymCipher p v | p -> v, v -> p
publicKeyLength :: AsymCipher p v => p -> BitLength
privateKeyLength :: AsymCipher p v => v -> BitLength
-- | Build a pair of asymmetric keys using the system random generator.
buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))
-- | A class for signing operations which inherently can not be as generic
-- as asymetric ciphers (ex: DSA).
class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p
verify :: Signing p v => p -> ByteString -> ByteString -> Bool
signingKeyLength :: Signing p v => v -> BitLength
verifyingKeyLength :: Signing p v => p -> BitLength
-- | Increase an IV by one. This is way faster than decoding,
-- increasing, encoding
incIV :: BlockCipher k => IV k -> IV k
-- | Obtain an IV made only of zeroes
zeroIV :: BlockCipher k => IV k
-- | A class of random bit generators that allows for the possibility of
-- failure, reseeding, providing entropy at the same time as requesting
-- bytes
--
-- Minimum complete definition: newGen, genSeedLength,
-- genBytes, reseed, reseedInfo,
-- reseedPeriod.
class CryptoRandomGen g where genBytesWithEntropy len entropy g = let res = genBytes len g in case res of { Left err -> Left err Right (bs, g') -> let entropy' = append entropy (replicate (len - length entropy) 0) in Right (zwp' entropy' bs, g') } newGenIO = go 0 where go 1000 = throw $ GenErrorOther $ "The generator instance requested by" ++ "newGenIO never instantiates (1000 tries). " ++ "It must be broken." go i = do { let p = Proxy getTypedGen :: CryptoRandomGen g => Proxy g -> IO (Either GenError g) getTypedGen pr = liftM newGen (getEntropy $ proxy genSeedLength pr); res <- getTypedGen p; case res of { Left _ -> go (i + 1) Right g -> return (g `asProxyTypeOf` p) } }
genSeedLength :: CryptoRandomGen g => Tagged g ByteLength
reseedInfo :: CryptoRandomGen g => g -> ReseedInfo
reseedPeriod :: CryptoRandomGen g => g -> ReseedInfo
newGenIO :: CryptoRandomGen g => IO g
-- | Generator failures should always return the appropriate GenError. Note
-- GenError in an instance of exception but wether or not an
-- exception is thrown depends on if the selected generator (read: if you
-- don't want execptions from code that uses throw then pass in a
-- generator that never has an error for the used functions)
data GenError
-- | Misc
GenErrorOther :: String -> GenError
-- | Requested more bytes than a single pass can generate (The maximum
-- request is generator dependent)
RequestedTooManyBytes :: GenError
-- | When using genInteger g (l,h) and logBase 2 (h - l) >
-- (maxBound :: Int).
RangeInvalid :: GenError
-- | Some generators cease operation after too high a count without a
-- reseed (ex: NIST SP 800-90)
NeedReseed :: GenError
-- | For instantiating new generators (or reseeding)
NotEnoughEntropy :: GenError
-- | This generator can not be instantiated or reseeded with a finite seed
-- (ex: SystemRandom)
NeedsInfiniteSeed :: GenError
data ReseedInfo
-- | Generator needs reseeded in X bytes
InXBytes :: {-# UNPACK #-} !Word64 -> ReseedInfo
-- | Generator needs reseeded in X calls
InXCalls :: {-# UNPACK #-} !Word64 -> ReseedInfo
-- | The bound is over 2^64 bytes or calls
NotSoon :: ReseedInfo
-- | This generator never reseeds (ex: SystemRandom)
Never :: ReseedInfo
data CipherError
GenError :: GenError -> CipherError
KeyGenFailure :: CipherError
-- | Key construction from raw material (typically including key expansion)
--
-- This is a wrapper that can throw a CipherError on exception.
buildKey :: BlockCipher k => ByteString -> k
-- | Random IV generation
--
-- This is a wrapper that can throw a GenError on exception.
getIV :: (BlockCipher k, CryptoRandomGen g) => g -> (IV k, g)
-- | Symmetric key generation
--
-- This is a wrapper that can throw a GenError on exception.
buildKeyGen :: (CryptoRandomGen g, BlockCipher k) => g -> (k, g)
-- | Asymetric key generation
--
-- This is a wrapper that can throw a GenError on exception.
buildKeyPair :: (CryptoRandomGen g, AsymCipher p v) => g -> BitLength -> ((p, v), g)
-- | Asymmetric encryption
--
-- This is a wrapper that can throw a GenError on exception.
encryptAsym :: (CryptoRandomGen g, AsymCipher p v) => g -> p -> ByteString -> (ByteString, g)
-- | Asymmetric decryption
--
-- This is a wrapper that can throw a GenError on exception.
decryptAsym :: (CryptoRandomGen g, AsymCipher p v) => g -> v -> ByteString -> (ByteString, g)
-- | Instantiate a new random bit generator. The provided bytestring should
-- be of length >= genSeedLength. If the bytestring is shorter then
-- the call may fail (suggested error: NotEnoughEntropy). If the
-- bytestring is of sufficent length the call should always succeed.
--
-- This is a wrapper that can throw GenError types as exceptions.
newGen :: CryptoRandomGen g => ByteString -> g
-- | genBytes len g generates a random ByteString of length
-- len and new generator. The MonadCryptoRandom package
-- has routines useful for converting the ByteString to commonly needed
-- values (but cereal or other deserialization libraries would
-- also work).
--
-- This is a wrapper that can throw GenError types as exceptions.
genBytes :: CryptoRandomGen g => ByteLength -> g -> (ByteString, g)
-- | genBytesWithEntropy g i entropy generates i random
-- bytes and use the additional input entropy in the generation
-- of the requested data to increase the confidence our generated data is
-- a secure random stream.
--
-- This is a wrapper that can throw GenError types as exceptions.
genBytesWithEntropy :: CryptoRandomGen g => ByteLength -> ByteString -> g -> (ByteString, g)
-- | If the generator has produced too many random bytes on its existing
-- seed it will throw a NeedReseed exception. In that case,
-- reseed the generator using this function and a new high-entropy seed
-- of length >= genSeedLength. Using bytestrings that are too
-- short can result in an exception (NotEnoughEntropy).
reseed :: CryptoRandomGen g => ByteString -> g -> g
-- | While the safety and wisdom of a splitting function depends on the
-- properties of the generator being split, several arguments from
-- informed people indicate such a function is safe for NIST SP 800-90
-- generators. (see libraries@haskell.org discussion around Sept, Oct
-- 2010). You can find implementations of such generators in the
-- DRBG package.
--
-- This is a wrapper for splitGen which throws errors as
-- exceptions.
splitGen :: CryptoRandomGen g => g -> (g, g)
instance Typeable CipherError
instance Show CipherError
instance Read CipherError
instance Eq CipherError
instance Ord CipherError
instance Data CipherError
instance Exception CipherError