-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | A generic interface for cryptographic operations
--
-- A generic interface for cryptographic operations (hashes, ciphers,
-- randomness). Maintainers of hash and cipher implementations are
-- encouraged to add instances for the classes defined in Crypto.Classes.
-- Crypto users are similarly encouraged to use the interfaces defined in
-- the Classes module. Any concepts or functions of general use to more
-- than one cryptographic algorithm (ex: padding) is within scope of this
-- package.
@package crypto-api
@version 0.13.3
-- | Type aliases used throughout the crypto-api modules.
module Crypto.Types
-- | Initilization Vectors for BlockCipher implementations (IV k) are used
-- for various modes and guarrenteed to be blockSize bits long. The
-- common ways to obtain an IV are to generate one (getIV or
-- getIVIO) or to use one provided with the ciphertext (using
-- the Serialize instance of IV).
--
-- zeroIV also exists and is of particular use for starting
-- ctr mode with a fresh key.
data IV k
IV :: {-# UNPACK #-} !ByteString -> IV k
[initializationVector] :: IV k -> {-# UNPACK #-} !ByteString
-- | The length of a field (usually a ByteString) in bits
type BitLength = Int
-- | The length fo a field in bytes.
type ByteLength = Int
data BlockCipherError
InputTooLong :: String -> BlockCipherError
AuthenticationFailed :: String -> BlockCipherError
Other :: String -> BlockCipherError
instance Data.Data.Data Crypto.Types.BlockCipherError
instance GHC.Read.Read Crypto.Types.BlockCipherError
instance GHC.Show.Show Crypto.Types.BlockCipherError
instance GHC.Classes.Ord Crypto.Types.BlockCipherError
instance GHC.Classes.Eq Crypto.Types.BlockCipherError
instance GHC.Show.Show (Crypto.Types.IV k)
instance GHC.Classes.Ord (Crypto.Types.IV k)
instance GHC.Classes.Eq (Crypto.Types.IV k)
instance GHC.Exception.Exception Crypto.Types.BlockCipherError
-- | A small selection of utilities that might be of use to others working
-- with bytestring/number combinations.
module Crypto.Util
-- | incBS bs inefficiently computes the value i2bs (8 *
-- B.length bs) (bs2i bs + 1)
incBS :: ByteString -> ByteString
-- | i2bs bitLen i converts i to a ByteString of
-- bitLen bits (must be a multiple of 8).
i2bs :: Int -> Integer -> ByteString
-- | i2bs_unsized i converts i to a ByteString
-- of sufficient bytes to express the integer. The integer must be
-- non-negative and a zero will be encoded in one byte.
i2bs_unsized :: Integer -> ByteString
-- | Useful utility to extract the result of a generator operation and
-- translate error results to exceptions.
throwLeft :: Exception e => Either e a -> a
-- | Obtain a tagged value for a particular instantiated type.
for :: Tagged a b -> a -> b
-- | Infix for operator
(.::.) :: Tagged a b -> a -> b
-- | Checks two bytestrings for equality without breaches for timing
-- attacks.
--
-- Semantically, constTimeEq = (==). However, x == y
-- takes less time when the first byte is different than when the first
-- byte is equal. This side channel allows an attacker to mount a timing
-- attack. On the other hand, constTimeEq always takes the same
-- time regardless of the bytestrings' contents, unless they are of
-- difference size.
--
-- You should always use constTimeEq when comparing secrets,
-- otherwise you may leave a significant security hole (cf.
-- http://codahale.com/a-lesson-in-timing-attacks/).
constTimeEq :: ByteString -> ByteString -> Bool
c_constTimeEq :: Ptr CChar -> Ptr CChar -> CInt -> IO CInt
-- | Helper function to convert bytestrings to integers
bs2i :: ByteString -> Integer
-- | zipWith xor + Pack As a result of rewrite rules, this should
-- automatically be optimized (at compile time). to use the bytestring
-- libraries zipWith' function.
zwp' :: ByteString -> ByteString -> ByteString
-- | zipWith xor + Pack
--
-- This is written intentionally to take advantage of the bytestring
-- libraries zipWith' rewrite rule but at the extra cost of the
-- resulting lazy bytestring being more fragmented than either of the two
-- inputs.
zwp :: ByteString -> ByteString -> ByteString
collect :: Int -> [ByteString] -> [ByteString]
-- | This module is for instantiating cryptographicly strong determinitic
-- random bit generators (DRBGs, aka PRNGs) For the simple use case of
-- using the system random number generator (Entropy) to seed the
-- DRBG:
--
--
-- g <- newGenIO
--
--
-- Users needing to provide their own entropy can call newGen
-- directly
--
--
-- entropy <- getEntropy nrBytes
-- let generator = newGen entropy
--
module Crypto.Random
-- | A class of random bit generators that allows for the possibility of
-- failure, reseeding, providing entropy at the same time as requesting
-- bytes
--
-- Minimum complete definition: newGen, genSeedLength,
-- genBytes, reseed, reseedInfo,
-- reseedPeriod.
class CryptoRandomGen g
-- | Instantiate a new random bit generator. The provided bytestring should
-- be of length >= genSeedLength. If the bytestring is shorter then
-- the call may fail (suggested error: NotEnoughEntropy). If the
-- bytestring is of sufficent length the call should always succeed.
newGen :: CryptoRandomGen g => ByteString -> Either GenError g
-- | Length of input entropy necessary to instantiate or reseed a generator
genSeedLength :: CryptoRandomGen g => Tagged g ByteLength
-- | genBytes len g generates a random ByteString of length
-- len and new generator. The MonadCryptoRandom package
-- has routines useful for converting the ByteString to commonly needed
-- values (but "cereal" or other deserialization libraries would also
-- work).
--
-- This routine can fail if the generator has gone too long without a
-- reseed (usually this is in the ball-park of 2^48 requests). Suggested
-- error in this cases is NeedReseed
genBytes :: CryptoRandomGen g => ByteLength -> g -> Either GenError (ByteString, g)
-- | Indicates how soon a reseed is needed
reseedInfo :: CryptoRandomGen g => g -> ReseedInfo
-- | Indicates the period between reseeds (constant for most generators).
reseedPeriod :: CryptoRandomGen g => g -> ReseedInfo
-- | genBytesWithEntropy g i entropy generates i random
-- bytes and use the additional input entropy in the generation
-- of the requested data to increase the confidence our generated data is
-- a secure random stream.
--
-- Some generators use entropy to perturb the state of the
-- generator, meaning:
--
--
-- (_,g2') <- genBytesWithEntropy len g1 ent
-- (_,g2 ) <- genBytes len g1
-- g2 /= g2'
--
--
-- But this is not required.
--
-- Default:
--
--
-- genBytesWithEntropy g bytes entropy = xor entropy (genBytes g bytes)
--
genBytesWithEntropy :: CryptoRandomGen g => ByteLength -> ByteString -> g -> Either GenError (ByteString, g)
-- | If the generator has produced too many random bytes on its existing
-- seed it will return NeedReseed. In that case, reseed the
-- generator using this function and a new high-entropy seed of length
-- >= genSeedLength. Using bytestrings that are too short can
-- result in an error (NotEnoughEntropy).
reseed :: CryptoRandomGen g => ByteString -> g -> Either GenError g
-- | By default this uses System.Entropy to obtain entropy for
-- newGen. WARNING: The default implementation opens a file handle
-- which will never be closed!
newGenIO :: CryptoRandomGen g => IO g
-- | Generator failures should always return the appropriate GenError. Note
-- GenError in an instance of exception but wether or not an
-- exception is thrown depends on if the selected generator (read: if you
-- don't want execptions from code that uses throw then pass in a
-- generator that never has an error for the used functions)
data GenError
-- | Misc
GenErrorOther :: String -> GenError
-- | Requested more bytes than a single pass can generate (The maximum
-- request is generator dependent)
RequestedTooManyBytes :: GenError
-- | When using genInteger g (l,h) and logBase 2 (h - l) >
-- (maxBound :: Int).
RangeInvalid :: GenError
-- | Some generators cease operation after too high a count without a
-- reseed (ex: NIST SP 800-90)
NeedReseed :: GenError
-- | For instantiating new generators (or reseeding)
NotEnoughEntropy :: GenError
-- | This generator can not be instantiated or reseeded with a finite seed
-- (ex: SystemRandom)
NeedsInfiniteSeed :: GenError
data ReseedInfo
-- | Generator needs reseeded in X bytes
InXBytes :: {-# UNPACK #-} !Word64 -> ReseedInfo
-- | Generator needs reseeded in X calls
InXCalls :: {-# UNPACK #-} !Word64 -> ReseedInfo
-- | The bound is over 2^64 bytes or calls
NotSoon :: ReseedInfo
-- | This generator never reseeds (ex: SystemRandom)
Never :: ReseedInfo
-- | While the safety and wisdom of a splitting function depends on the
-- properties of the generator being split, several arguments from
-- informed people indicate such a function is safe for NIST SP 800-90
-- generators. (see libraries@haskell.org discussion around Sept, Oct
-- 2010). You can find implementations of such generators in the
-- DRBG package.
splitGen :: CryptoRandomGen g => g -> Either GenError (g, g)
-- | Useful utility to extract the result of a generator operation and
-- translate error results to exceptions.
throwLeft :: Exception e => Either e a -> a
-- | Not that it is technically correct as an instance of
-- CryptoRandomGen, but simply because it's a reasonable
-- engineering choice here is a CryptoRandomGen which streams the system
-- randoms. Take note:
--
--
-- - It uses the default definition of genByteWithEntropy
-- - newGen will always fail!
-- - reseed will always fail!
-- - the handle to the system random is never closed
--
data SystemRandom
instance Data.Data.Data Crypto.Random.ReseedInfo
instance GHC.Read.Read Crypto.Random.ReseedInfo
instance GHC.Show.Show Crypto.Random.ReseedInfo
instance GHC.Classes.Ord Crypto.Random.ReseedInfo
instance GHC.Classes.Eq Crypto.Random.ReseedInfo
instance Data.Data.Data Crypto.Random.GenError
instance GHC.Read.Read Crypto.Random.GenError
instance GHC.Show.Show Crypto.Random.GenError
instance GHC.Classes.Ord Crypto.Random.GenError
instance GHC.Classes.Eq Crypto.Random.GenError
instance Crypto.Random.CryptoRandomGen Crypto.Random.SystemRandom
instance GHC.Exception.Exception Crypto.Random.GenError
-- | This is the heart of the crypto-api package. By making (or having) an
-- instance of Hash, AsymCipher, BlockCipher or StreamCipher you provide
-- (or obtain) access to any infrastructure built on these primitives
-- include block cipher modes of operation, hashing, hmac, signing, etc.
-- These classes allow users to build routines that are agnostic to the
-- algorithm used so changing algorithms is as simple as changing a type
-- signature.
module Crypto.Classes
-- | The Hash class is intended as the generic interface targeted by
-- maintainers of Haskell digest implementations. Using this generic
-- interface, higher level functions such as hash and hash'
-- provide a useful API for comsumers of hash implementations.
--
-- Any instantiated implementation must handle unaligned data.
--
-- Minimum complete definition: outputLength, blockLength,
-- initialCtx, updateCtx, and finalize.
class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d
outputLength :: Hash ctx d => Tagged d BitLength
blockLength :: Hash ctx d => Tagged d BitLength
initialCtx :: Hash ctx d => ctx
updateCtx :: Hash ctx d => ctx -> ByteString -> ctx
finalize :: Hash ctx d => ctx -> ByteString -> d
-- | Hash a lazy ByteString, creating a digest
hash :: (Hash ctx d, (Hash ctx d)) => ByteString -> d
-- | Hash a strict ByteString, creating a digest
hash' :: (Hash ctx d, (Hash ctx d)) => ByteString -> d
-- | Obtain a strict hash function whose result is the same type as the
-- given digest, which is discarded. If the type is already inferred then
-- consider using the hash' function instead.
hashFunc' :: Hash c d => d -> (ByteString -> d)
-- | Obtain a lazy hash function whose result is the same type as the given
-- digest, which is discarded. If the type is already inferred then
-- consider using the hash function instead.
hashFunc :: Hash c d => d -> (ByteString -> d)
-- | The BlockCipher class is intended as the generic interface targeted by
-- maintainers of Haskell cipher implementations.
--
-- Minimum complete definition: blockSize, encryptBlock, decryptBlock,
-- buildKey, and keyLength.
--
-- Instances must handle unaligned data
class (Serialize k) => BlockCipher k
blockSize :: BlockCipher k => Tagged k BitLength
encryptBlock :: BlockCipher k => k -> ByteString -> ByteString
decryptBlock :: BlockCipher k => k -> ByteString -> ByteString
buildKey :: BlockCipher k => ByteString -> Maybe k
keyLength :: BlockCipher k => Tagged k BitLength
-- | Electronic Cookbook (encryption)
ecb :: BlockCipher k => k -> ByteString -> ByteString
-- | Electronic Cookbook (decryption)
unEcb :: BlockCipher k => k -> ByteString -> ByteString
-- | Cipherblock Chaining (encryption)
cbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipherblock Chaining (decryption)
unCbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (encryption)
ctr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (decryption)
unCtr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (encryption)
ctrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (decryption)
unCtrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feedback (encryption)
cfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feedback (decryption)
unCfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback (encryption)
ofb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback (decryption)
unOfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipher block chaining encryption for lazy bytestrings
cbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipher block chaining decryption for lazy bytestrings
unCbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | SIV (Synthetic IV) mode for lazy bytestrings. The third argument is
-- the optional list of bytestrings to be authenticated but not encrypted
-- As required by the specification this algorithm may return nothing
-- when certain constraints aren't met.
sivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) for lazy bytestrings. The third argument is the
-- optional list of bytestrings to be authenticated but not encrypted. As
-- required by the specification this algorithm may return nothing when
-- authentication fails.
unSivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) mode for strict bytestrings. First argument is the
-- optional list of bytestrings to be authenticated but not encrypted. As
-- required by the specification this algorithm may return nothing when
-- certain constraints aren't met.
siv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) for strict bytestrings First argument is the
-- optional list of bytestrings to be authenticated but not encrypted As
-- required by the specification this algorithm may return nothing when
-- authentication fails.
unSiv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | Cook book mode - not really a mode at all. If you don't know what
-- you're doing, don't use this mode^H^H^H^H library.
ecbLazy :: BlockCipher k => k -> ByteString -> ByteString
-- | ECB decrypt, complementary to ecb.
unEcbLazy :: BlockCipher k => k -> ByteString -> ByteString
-- | Ciphertext feed-back encryption mode for lazy bytestrings (with s ==
-- blockSize)
cfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feed-back decryption mode for lazy bytestrings (with s ==
-- blockSize)
unCfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback mode for lazy bytestrings
ofbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback mode for lazy bytestrings
unOfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | The number of bytes in a block cipher block
blockSizeBytes :: (BlockCipher k) => Tagged k ByteLength
-- | The number of bytes in a block cipher key (assuming it is an even
-- multiple of 8 bits)
keyLengthBytes :: (BlockCipher k) => Tagged k ByteLength
-- | Build a symmetric key using the system entropy (see Entropy)
buildKeyIO :: (BlockCipher k) => IO k
-- | Build a symmetric key using a given CryptoRandomGen
buildKeyGen :: (BlockCipher k, CryptoRandomGen g) => g -> Either GenError (k, g)
-- | A stream cipher class. Instance are expected to work on messages as
-- small as one byte The length of the resulting cipher text should be
-- equal to the length of the input message.
class (Serialize k) => StreamCipher k iv | k -> iv
buildStreamKey :: StreamCipher k iv => ByteString -> Maybe k
encryptStream :: StreamCipher k iv => k -> iv -> ByteString -> (ByteString, iv)
decryptStream :: StreamCipher k iv => k -> iv -> ByteString -> (ByteString, iv)
streamKeyLength :: StreamCipher k iv => Tagged k BitLength
-- | Build a stream key using the system random generator
buildStreamKeyIO :: StreamCipher k iv => IO k
-- | Build a stream key using the provided random generator
buildStreamKeyGen :: (StreamCipher k iv, CryptoRandomGen g) => g -> Either GenError (k, g)
-- | Asymetric ciphers (common ones being RSA or EC based)
class AsymCipher p v | p -> v, v -> p
buildKeyPair :: (AsymCipher p v, CryptoRandomGen g) => g -> BitLength -> Either GenError ((p, v), g)
encryptAsym :: (AsymCipher p v, (CryptoRandomGen g)) => g -> p -> ByteString -> Either GenError (ByteString, g)
decryptAsym :: (AsymCipher p v, (CryptoRandomGen g)) => g -> v -> ByteString -> Either GenError (ByteString, g)
publicKeyLength :: AsymCipher p v => p -> BitLength
privateKeyLength :: AsymCipher p v => v -> BitLength
-- | Build a pair of asymmetric keys using the system random generator.
-- WARNING: This function opens a file handle which will never be closed!
buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))
-- | Flipped buildKeyPair for ease of use with state monads.
buildKeyPairGen :: (CryptoRandomGen g, AsymCipher p v) => BitLength -> g -> Either GenError ((p, v), g)
-- | A class for signing operations which inherently can not be as generic
-- as asymetric ciphers (ex: DSA).
class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p
sign :: (Signing p v, CryptoRandomGen g) => g -> v -> ByteString -> Either GenError (ByteString, g)
verify :: Signing p v => p -> ByteString -> ByteString -> Bool
buildSigningPair :: (Signing p v, CryptoRandomGen g) => g -> BitLength -> Either GenError ((p, v), g)
signingKeyLength :: Signing p v => v -> BitLength
verifyingKeyLength :: Signing p v => p -> BitLength
-- | Build a signing key using the system random generator WARNING: This
-- function opens a file handle which will never be closed!
buildSigningKeyPairIO :: (Signing p v) => BitLength -> IO (Either GenError (p, v))
-- | Flipped buildSigningPair for ease of use with state monads.
buildSigningKeyPairGen :: (Signing p v, CryptoRandomGen g) => BitLength -> g -> Either GenError ((p, v), g)
-- | Encode a value using binary serialization to a strict ByteString.
encode :: Serialize a => a -> ByteString
-- | Obtain an IV made only of zeroes
zeroIV :: (BlockCipher k) => IV k
-- | Increase an IV by one. This is way faster than decoding,
-- increasing, encoding
incIV :: BlockCipher k => IV k -> IV k
-- | Obtain an IV using the provided CryptoRandomGenerator.
getIV :: (BlockCipher k, CryptoRandomGen g) => g -> Either GenError (IV k, g)
-- | Obtain an IV using the system entropy (see Entropy)
getIVIO :: (BlockCipher k) => IO (IV k)
chunkFor :: (BlockCipher k) => k -> ByteString -> [ByteString]
chunkFor' :: (BlockCipher k) => k -> ByteString -> [ByteString]
instance Crypto.Classes.BlockCipher k => Data.Serialize.Serialize (Crypto.Types.IV k)
-- | PKCS5 (RFC 1423) and IPSec ESP (RFC 4303) padding methods are
-- implemented both as trivial functions operating on bytestrings and as
-- Put routines usable from the Data.Serialize module.
-- These methods do not work for algorithms or pad sizes in excess of 255
-- bytes (2040 bits, so extremely large as far as cipher needs are
-- concerned).
module Crypto.Padding
-- | PKCS5 (aka RFC1423) padding method. This method will not work properly
-- for pad modulos > 256
padPKCS5 :: ByteLength -> ByteString -> ByteString
-- | PKCS5 (aka RFC1423) padding method using the BlockCipher instance to
-- determine the pad size.
padBlockSize :: BlockCipher k => k -> ByteString -> ByteString
-- | Ex:
--
--
-- putPaddedPKCS5 m bs
--
--
-- Will pad out bs to a byte multiple of m and put both
-- the bytestring and it's padding via Put (this saves on copying
-- if you are already using Cereal).
putPaddedPKCS5 :: ByteLength -> ByteString -> Put
-- | unpad a strict bytestring padded in the typical PKCS5 manner. This
-- routine verifies all pad bytes and pad length match correctly.
unpadPKCS5safe :: ByteString -> Maybe ByteString
-- | unpad a strict bytestring without checking the pad bytes and length
-- any more than necessary.
unpadPKCS5 :: ByteString -> ByteString
-- | Pad a bytestring to the IPSEC esp specification
--
--
-- padESP m payload
--
--
-- is equivilent to:
--
--
-- (msg) (padding) (length field)
-- B.concat [payload, B.pack [1,2,3,4..], B.pack [padLen]]
--
--
-- Where:
--
--
-- - the msg is any payload, including TFC.
-- - the padding is <= 255
-- - the length field is one byte.
--
--
-- Notice the result bytesting length remainder r equals zero.
-- The lack of a "next header" field means this function is not directly
-- useable for an IPSec implementation (copy/paste the 4 line function
-- and add in a "next header" field if you are making IPSec ESP).
padESP :: Int -> ByteString -> ByteString
-- | unpad and return the padded message (Nothing is returned if the
-- padding is invalid)
unpadESP :: ByteString -> Maybe ByteString
-- | Like padESP but use the BlockCipher instance to determine padding size
padESPBlockSize :: BlockCipher k => k -> ByteString -> ByteString
-- | Like putPadESP but using the BlockCipher instance to determine padding
-- size
putPadESPBlockSize :: BlockCipher k => k -> ByteString -> Put
-- | Pad a bytestring to the IPSEC ESP specification using Put. This
-- can reduce copying if you are already using Put.
putPadESP :: Int -> ByteString -> Put
module Crypto.Modes
-- | Perform doubling as defined by the CMAC and SIV papers
dblIV :: BlockCipher k => IV k -> IV k
-- | Cipher block chaining message authentication
cbcMac' :: BlockCipher k => k -> ByteString -> ByteString
-- | Cipher block chaining message authentication
cbcMac :: BlockCipher k => k -> ByteString -> ByteString
-- | Obtain the cmac for lazy bytestrings
cMac :: BlockCipher k => k -> ByteString -> ByteString
-- | Obtain the cmac for strict bytestrings
cMac' :: BlockCipher k => k -> ByteString -> ByteString
cMacStar :: BlockCipher k => k -> [ByteString] -> ByteString
-- | Obtain the CMAC* on strict bytestrings
cMacStar' :: BlockCipher k => k -> [ByteString] -> ByteString
module Crypto.HMAC
-- | Message authentication code calculation for lazy bytestrings. hmac
-- k msg will compute an authentication code for msg using
-- key k
hmac :: (Hash c d) => MacKey c d -> ByteString -> d
-- | hmac k msg will compute an authentication code for
-- msg using key k
hmac' :: (Hash c d) => MacKey c d -> ByteString -> d
-- | A key carrying phantom types c and d, forcing the
-- key data to only be used by particular hash algorithms.
newtype MacKey c d
MacKey :: ByteString -> MacKey c d
instance GHC.Show.Show (Crypto.HMAC.MacKey c d)
instance GHC.Classes.Ord (Crypto.HMAC.MacKey c d)
instance GHC.Classes.Eq (Crypto.HMAC.MacKey c d)
-- | The module mirrors Crypto.Classes except that errors are thrown
-- as exceptions instead of having returning types of Either error
-- result or Maybe result.
--
-- NB This module is experimental and might go away or be re-arranged.
module Crypto.Classes.Exceptions
-- | The Hash class is intended as the generic interface targeted by
-- maintainers of Haskell digest implementations. Using this generic
-- interface, higher level functions such as hash and hash'
-- provide a useful API for comsumers of hash implementations.
--
-- Any instantiated implementation must handle unaligned data.
--
-- Minimum complete definition: outputLength, blockLength,
-- initialCtx, updateCtx, and finalize.
class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d
outputLength :: Hash ctx d => Tagged d BitLength
blockLength :: Hash ctx d => Tagged d BitLength
initialCtx :: Hash ctx d => ctx
updateCtx :: Hash ctx d => ctx -> ByteString -> ctx
finalize :: Hash ctx d => ctx -> ByteString -> d
-- | Hash a lazy ByteString, creating a digest
hash :: (Hash ctx d, (Hash ctx d)) => ByteString -> d
-- | Hash a strict ByteString, creating a digest
hash' :: (Hash ctx d, (Hash ctx d)) => ByteString -> d
-- | Asymetric ciphers (common ones being RSA or EC based)
class AsymCipher p v | p -> v, v -> p
publicKeyLength :: AsymCipher p v => p -> BitLength
privateKeyLength :: AsymCipher p v => v -> BitLength
-- | A class of random bit generators that allows for the possibility of
-- failure, reseeding, providing entropy at the same time as requesting
-- bytes
--
-- Minimum complete definition: newGen, genSeedLength,
-- genBytes, reseed, reseedInfo,
-- reseedPeriod.
class CryptoRandomGen g
-- | Length of input entropy necessary to instantiate or reseed a generator
genSeedLength :: CryptoRandomGen g => Tagged g ByteLength
-- | Indicates how soon a reseed is needed
reseedInfo :: CryptoRandomGen g => g -> ReseedInfo
-- | Indicates the period between reseeds (constant for most generators).
reseedPeriod :: CryptoRandomGen g => g -> ReseedInfo
-- | By default this uses System.Entropy to obtain entropy for
-- newGen. WARNING: The default implementation opens a file handle
-- which will never be closed!
newGenIO :: CryptoRandomGen g => IO g
-- | The BlockCipher class is intended as the generic interface targeted by
-- maintainers of Haskell cipher implementations.
--
-- Minimum complete definition: blockSize, encryptBlock, decryptBlock,
-- buildKey, and keyLength.
--
-- Instances must handle unaligned data
class (Serialize k) => BlockCipher k
blockSize :: BlockCipher k => Tagged k BitLength
encryptBlock :: BlockCipher k => k -> ByteString -> ByteString
decryptBlock :: BlockCipher k => k -> ByteString -> ByteString
keyLength :: BlockCipher k => Tagged k BitLength
-- | Electronic Cookbook (encryption)
ecb :: BlockCipher k => k -> ByteString -> ByteString
-- | Electronic Cookbook (decryption)
unEcb :: BlockCipher k => k -> ByteString -> ByteString
-- | Cipherblock Chaining (encryption)
cbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipherblock Chaining (decryption)
unCbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (encryption)
ctr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (decryption)
unCtr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (encryption)
ctrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (decryption)
unCtrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feedback (encryption)
cfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feedback (decryption)
unCfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback (encryption)
ofb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback (decryption)
unOfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipher block chaining encryption for lazy bytestrings
cbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipher block chaining decryption for lazy bytestrings
unCbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | SIV (Synthetic IV) mode for lazy bytestrings. The third argument is
-- the optional list of bytestrings to be authenticated but not encrypted
-- As required by the specification this algorithm may return nothing
-- when certain constraints aren't met.
sivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) for lazy bytestrings. The third argument is the
-- optional list of bytestrings to be authenticated but not encrypted. As
-- required by the specification this algorithm may return nothing when
-- authentication fails.
unSivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) mode for strict bytestrings. First argument is the
-- optional list of bytestrings to be authenticated but not encrypted. As
-- required by the specification this algorithm may return nothing when
-- certain constraints aren't met.
siv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) for strict bytestrings First argument is the
-- optional list of bytestrings to be authenticated but not encrypted As
-- required by the specification this algorithm may return nothing when
-- authentication fails.
unSiv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | Cook book mode - not really a mode at all. If you don't know what
-- you're doing, don't use this mode^H^H^H^H library.
ecbLazy :: BlockCipher k => k -> ByteString -> ByteString
-- | ECB decrypt, complementary to ecb.
unEcbLazy :: BlockCipher k => k -> ByteString -> ByteString
-- | Ciphertext feed-back encryption mode for lazy bytestrings (with s ==
-- blockSize)
cfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feed-back decryption mode for lazy bytestrings (with s ==
-- blockSize)
unCfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback mode for lazy bytestrings
ofbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback mode for lazy bytestrings
unOfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Obtain a strict hash function whose result is the same type as the
-- given digest, which is discarded. If the type is already inferred then
-- consider using the hash' function instead.
hashFunc' :: Hash c d => d -> (ByteString -> d)
-- | Obtain a lazy hash function whose result is the same type as the given
-- digest, which is discarded. If the type is already inferred then
-- consider using the hash function instead.
hashFunc :: Hash c d => d -> (ByteString -> d)
blockSize :: BlockCipher k => Tagged k BitLength
-- | The number of bytes in a block cipher block
blockSizeBytes :: (BlockCipher k) => Tagged k ByteLength
keyLength :: BlockCipher k => Tagged k BitLength
-- | The number of bytes in a block cipher key (assuming it is an even
-- multiple of 8 bits)
keyLengthBytes :: (BlockCipher k) => Tagged k ByteLength
-- | Increase an IV by one. This is way faster than decoding,
-- increasing, encoding
incIV :: BlockCipher k => IV k -> IV k
encryptBlock :: BlockCipher k => k -> ByteString -> ByteString
decryptBlock :: BlockCipher k => k -> ByteString -> ByteString
-- | Key construction from raw material (typically including key expansion)
--
-- This is a wrapper that can throw a CipherError on exception.
buildKey :: BlockCipher k => ByteString -> k
-- | Build a symmetric key using the system entropy (see Entropy)
buildKeyIO :: (BlockCipher k) => IO k
-- | Symmetric key generation
--
-- This is a wrapper that can throw a GenError on exception.
buildKeyGen :: (CryptoRandomGen g, BlockCipher k) => g -> (k, g)
-- | Random IV generation
--
-- This is a wrapper that can throw a GenError on exception.
getIV :: (BlockCipher k, CryptoRandomGen g) => g -> (IV k, g)
-- | Obtain an IV using the system entropy (see Entropy)
getIVIO :: (BlockCipher k) => IO (IV k)
-- | Obtain an IV made only of zeroes
zeroIV :: (BlockCipher k) => IV k
-- | Electronic Cookbook (encryption)
ecb :: BlockCipher k => k -> ByteString -> ByteString
-- | Electronic Cookbook (decryption)
unEcb :: BlockCipher k => k -> ByteString -> ByteString
-- | Cipherblock Chaining (encryption)
cbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipherblock Chaining (decryption)
unCbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (encryption)
ctr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (decryption)
unCtr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (encryption)
ctrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Counter (decryption)
unCtrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feedback (encryption)
cfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feedback (decryption)
unCfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback (encryption)
ofb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback (decryption)
unOfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipher block chaining encryption for lazy bytestrings
cbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Cipher block chaining decryption for lazy bytestrings
unCbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | SIV (Synthetic IV) mode for lazy bytestrings. The third argument is
-- the optional list of bytestrings to be authenticated but not encrypted
-- As required by the specification this algorithm may return nothing
-- when certain constraints aren't met.
sivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) for lazy bytestrings. The third argument is the
-- optional list of bytestrings to be authenticated but not encrypted. As
-- required by the specification this algorithm may return nothing when
-- authentication fails.
unSivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) mode for strict bytestrings. First argument is the
-- optional list of bytestrings to be authenticated but not encrypted. As
-- required by the specification this algorithm may return nothing when
-- certain constraints aren't met.
siv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | SIV (Synthetic IV) for strict bytestrings First argument is the
-- optional list of bytestrings to be authenticated but not encrypted As
-- required by the specification this algorithm may return nothing when
-- authentication fails.
unSiv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString
-- | Cook book mode - not really a mode at all. If you don't know what
-- you're doing, don't use this mode^H^H^H^H library.
ecbLazy :: BlockCipher k => k -> ByteString -> ByteString
-- | ECB decrypt, complementary to ecb.
unEcbLazy :: BlockCipher k => k -> ByteString -> ByteString
-- | Ciphertext feed-back encryption mode for lazy bytestrings (with s ==
-- blockSize)
cfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Ciphertext feed-back decryption mode for lazy bytestrings (with s ==
-- blockSize)
unCfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback mode for lazy bytestrings
ofbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Output feedback mode for lazy bytestrings
unOfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
-- | Instantiate a new random bit generator. The provided bytestring should
-- be of length >= genSeedLength. If the bytestring is shorter then
-- the call may fail (suggested error: NotEnoughEntropy). If the
-- bytestring is of sufficent length the call should always succeed.
--
-- This is a wrapper that can throw GenError types as exceptions.
newGen :: CryptoRandomGen g => ByteString -> g
-- | genBytes len g generates a random ByteString of length
-- len and new generator. The MonadCryptoRandom package
-- has routines useful for converting the ByteString to commonly needed
-- values (but cereal or other deserialization libraries would
-- also work).
--
-- This is a wrapper that can throw GenError types as exceptions.
genBytes :: CryptoRandomGen g => ByteLength -> g -> (ByteString, g)
-- | genBytesWithEntropy g i entropy generates i random
-- bytes and use the additional input entropy in the generation
-- of the requested data to increase the confidence our generated data is
-- a secure random stream.
--
-- This is a wrapper that can throw GenError types as exceptions.
genBytesWithEntropy :: CryptoRandomGen g => ByteLength -> ByteString -> g -> (ByteString, g)
-- | If the generator has produced too many random bytes on its existing
-- seed it will throw a NeedReseed exception. In that case,
-- reseed the generator using this function and a new high-entropy seed
-- of length >= genSeedLength. Using bytestrings that are too
-- short can result in an exception (NotEnoughEntropy).
reseed :: CryptoRandomGen g => ByteString -> g -> g
-- | While the safety and wisdom of a splitting function depends on the
-- properties of the generator being split, several arguments from
-- informed people indicate such a function is safe for NIST SP 800-90
-- generators. (see libraries@haskell.org discussion around Sept, Oct
-- 2010). You can find implementations of such generators in the
-- DRBG package.
--
-- This is a wrapper for splitGen which throws errors as
-- exceptions.
splitGen :: CryptoRandomGen g => g -> (g, g)
-- | Length of input entropy necessary to instantiate or reseed a generator
genSeedLength :: CryptoRandomGen g => Tagged g ByteLength
-- | Indicates how soon a reseed is needed
reseedInfo :: CryptoRandomGen g => g -> ReseedInfo
-- | Indicates the period between reseeds (constant for most generators).
reseedPeriod :: CryptoRandomGen g => g -> ReseedInfo
-- | By default this uses System.Entropy to obtain entropy for
-- newGen. WARNING: The default implementation opens a file handle
-- which will never be closed!
newGenIO :: CryptoRandomGen g => IO g
-- | Generator failures should always return the appropriate GenError. Note
-- GenError in an instance of exception but wether or not an
-- exception is thrown depends on if the selected generator (read: if you
-- don't want execptions from code that uses throw then pass in a
-- generator that never has an error for the used functions)
data GenError
-- | Misc
GenErrorOther :: String -> GenError
-- | Requested more bytes than a single pass can generate (The maximum
-- request is generator dependent)
RequestedTooManyBytes :: GenError
-- | When using genInteger g (l,h) and logBase 2 (h - l) >
-- (maxBound :: Int).
RangeInvalid :: GenError
-- | Some generators cease operation after too high a count without a
-- reseed (ex: NIST SP 800-90)
NeedReseed :: GenError
-- | For instantiating new generators (or reseeding)
NotEnoughEntropy :: GenError
-- | This generator can not be instantiated or reseeded with a finite seed
-- (ex: SystemRandom)
NeedsInfiniteSeed :: GenError
data ReseedInfo
-- | Generator needs reseeded in X bytes
InXBytes :: {-# UNPACK #-} !Word64 -> ReseedInfo
-- | Generator needs reseeded in X calls
InXCalls :: {-# UNPACK #-} !Word64 -> ReseedInfo
-- | The bound is over 2^64 bytes or calls
NotSoon :: ReseedInfo
-- | This generator never reseeds (ex: SystemRandom)
Never :: ReseedInfo
data CipherError
GenError :: GenError -> CipherError
KeyGenFailure :: CipherError
-- | Asymetric key generation
--
-- This is a wrapper that can throw a GenError on exception.
buildKeyPair :: (CryptoRandomGen g, AsymCipher p v) => g -> BitLength -> ((p, v), g)
-- | Asymmetric encryption
--
-- This is a wrapper that can throw a GenError on exception.
encryptAsym :: (CryptoRandomGen g, AsymCipher p v) => g -> p -> ByteString -> (ByteString, g)
-- | Asymmetric decryption
--
-- This is a wrapper that can throw a GenError on exception.
decryptAsym :: (CryptoRandomGen g, AsymCipher p v) => g -> v -> ByteString -> (ByteString, g)
-- | A class for signing operations which inherently can not be as generic
-- as asymetric ciphers (ex: DSA).
class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p
verify :: Signing p v => p -> ByteString -> ByteString -> Bool
signingKeyLength :: Signing p v => v -> BitLength
verifyingKeyLength :: Signing p v => p -> BitLength
signingKeyLength :: Signing p v => v -> BitLength
verifyingKeyLength :: Signing p v => p -> BitLength
verify :: Signing p v => p -> ByteString -> ByteString -> Bool
publicKeyLength :: AsymCipher p v => p -> BitLength
privateKeyLength :: AsymCipher p v => v -> BitLength
-- | Build a pair of asymmetric keys using the system random generator.
-- WARNING: This function opens a file handle which will never be closed!
buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))
instance Data.Data.Data Crypto.Classes.Exceptions.CipherError
instance GHC.Classes.Ord Crypto.Classes.Exceptions.CipherError
instance GHC.Classes.Eq Crypto.Classes.Exceptions.CipherError
instance GHC.Read.Read Crypto.Classes.Exceptions.CipherError
instance GHC.Show.Show Crypto.Classes.Exceptions.CipherError
instance GHC.Exception.Exception Crypto.Classes.Exceptions.CipherError