xh      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgportable experimental!dominic.steinitz@blueyonder.co.ukh ij    portablebetaThomas.DuBuisson@gmail.com%Handle for manual resource mangement kOpen a   Close the  Read random data from a  BInefficiently get a specific number of bytes of cryptographically : secure random data using the system-specific facilities. Use '/dev/urandom'' on *nix and CryptAPI when on Windows. l portable betaThomas.DuBuisson@gmail.comMA class of random bit generators that allows for the possibility of failure, C reseeding, providing entropy at the same time as requesting bytes Minimum complete definition: , , , . 'Instantiate a new random bit generator GLength of input entropy necessary to instantiate or reseed a generator %Obtain random data using a generator genBytesWithEntropy g i entropy generates i random bytes and use the  additional input entropy, in the generation of the requested data to G increase the confidence our generated data is a secure random stream.  Default:  J genBytesWithEntropy g bytes entropy = xor entropy (genBytes g bytes) reseed the generator 6many generators have these error conditions in common 0For instantiating new generators (or reseeding) ]Some generators cease operation after too high a count without a reseed (ex: NIST SP 800-90)  When using genInteger g (l,h) and %logBase 2 (h - l) > (maxBound :: Int). !WRequested more bytes than a single pass can generate (ex: genBytes g i | i > 2^(2^32)) "Misc #Use System.Crypto.Random to obtain entropy for . m:Obtain a tagged value for a particular instantiated type. n  !"# "! # "!  !"# portable betaThomas.DuBuisson@gmail.com&$FA class for signing operations which inherently can not be as generic ! as asymetric ciphers (ex: DSA). %&'()*WA stream cipher class. Instance are expected to work on messages as small as one byte 9 The length of the resulting cipher text should be equal % to the length of the input message. +,-./6Asymetric ciphers (common ones being RSA or EC based) 0build a public/.private key pair using the provided generator 1Asymetric encryption 2Asymetric decryption 34;The BlockCipher class is intended as the generic interface < targeted by maintainers of Haskell cipher implementations. 5 Using this generic interface higher level functions  such as cbcC, and other functions from Data.Crypto.Modes, provide a useful API * for comsumers of cipher implementations. %Instances must handle unaligned data 5LThe size of a single block; the smallest unit on which the cipher operates. 6encrypt data of size  n*blockSize where n o [0..] (ecb encryption) 7decrypt data of size  n*blockSize where n o [0..] (ecb decryption) 8.smart constructor for keys from a bytestring. 98keyLength may inspect its argument to return the length :4The Hash class is intended as the generic interface < targeted by maintainers of Haskell digest implementations. 6 Using this generic interface, higher level functions  such as @ and A provide a useful API ( for comsumers of hash implementations. ;Any instantiated implementation must handle unaligned data ;$The size of the digest when encoded <GThe amount of data operated on in each round of the digest computation =4An initial context, provided with the first call to > >HUsed to update a context, repeatedly called until all data is exhausted ( must operate correctly for imputs of  n*blockLength bytes for n o [0..] ?UFinializing a context, plus any message data less than the block size, into a digest @*Hash a lazy ByteString, creating a digest A,Hash a strict ByteString, creating a digest B*Obtain a lazy hash function from a digest C,Obtain a strict hash function from a digest pD'Obtain a tagged value for a given type EInfix D operator Fq`signUsing d k msg`5 Returns a signature (not a message + signature) for msg # by hashing into a digest asTypeOf d( and encrypting using the asymetric key k.  Expect a  Signature( class to appear in a future crypto-api < (this function might become depricated pending discussion) rLike q but for strict ByteStrings. #$%&'()*+,-./0123456789:;<=>?@ABCDEF#:;<=>?456789F*+,-./0123$%&'()DE@ABC#$%&'()%&'()*+,-.+,-./0123012345678956789:;<=>?;<=>?@ABCDEF portable betaThomas.DuBuisson@gmail.comGHI>Message authentication code calculation for lazy bytestrings.   hmac k msg) will compute an authentication code for msg using key k J hmac k msg) will compute an authentication code for msg using key k GHIJIJGHGHHIJ portable betaThomas.DuBuisson@gmail.comKFInitilization Vectors for BlockCipher implementations (IV k) are used > for various modes and guarrenteed to be blockSize bits long. stuvwLzipWith xor + Pack C This is written intentionally to take advantage of the bytestring  libraries zipWith'+ rewrite rule but at the extra cost of the D resulting lazy bytestring being more fragmented than either of the  two inputs. zipWith xor + Pack Y As a result of rewrite rules, this should automatically be optimized (at compile time) ! to use the bytestring libraries zipWith' function. <Cipher block chaining encryption mode on strict bytestrings M8Cipher block chaining decryption for strict bytestrings N6Cipher block chaining encryption for lazy bytestrings O6Cipher block chaining decryption for lazy bytestrings PQRSTPCiphertext feed-back encryption mode for lazy bytestrings (with s == blockSize) UPCiphertext feed-back decryption mode for lazy bytestrings (with s == blockSize) VRCiphertext feed-back encryption mode for strict bytestrings (with s == blockSize) WRCiphertext feed-back decryption mode for strict bytestrings (with s == blockSize) X*Output feedback mode for lazy bytestrings Y*Output feedback mode for lazy bytestrings Z,Output feedback mode for strict bytestrings [,Output feedback mode for strict bytestrings x\ Obtain an K+ using the provided CryptoRandomGenerator. ] Obtain an K using the system entropy (see System.Crypto.Random) yz{|KLMNOPQRSTUVWXYZ[\]PQNOTUXYRSLMVWZ[K\]KLMNOPQRSTUVWXYZ[\] ^$PKCS5 (aka RFC1423) padding method. : This method will not work properly for pad modulos > 256 _   putPaddedPKCS5 m bs  Will pad out bs to a byte multiple  of m# and put both the bytestring and it's padding via }~ : (this saves on copying if you are already using Cereal). `BPKCS5 (aka RFC1423) padding method using the BlockCipher instance  to determine the pad size.  Leverages _# to put the bytestring and padding = of sufficient length for use by the specified block cipher. a>unpad a strict bytestring padded in the typical PKCS5 manner. E This routine verifies all pad bytes and pad length match correctly. bc0Pad a bytestring to the IPSEC esp specification   padESP m payload is equivilent to:   : (msg) (padding) (length field) ) B.concat [payload, B.pack [1,2,3,4..], B.pack [padLen]] Where: ( the msg is any payload, including TFC.  the padding is <= 255  the length field is one byte. -Notice the result bytesting length remainder r equals zero. The lack  of a " next header"7 field means this function is not directly useable for  an IPSec implementation (copy/'paste the 4 line function and add in a  " next header"% field if you are making IPSec ESP). dGLike padESP but use the BlockCipher instance to determine padding size eLLike putPadESP but using the BlockCipher instance to determine padding size f6Pad a bytestring to the IPSEC ESP specification using }~. 2 This can reduce copying if you are already using }~. g/A static espPad allows reuse of a single B.pack'ed pad for all calls to padESP Tunpad and return the padded message (Nothing is returned if the padding is invalid) ^_`abcdefg ^`_abcgdef ^_`abcdefg      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrsMtuvwxyzS{|}~crypto-api-0.2Data.LargeWord Crypto.TypesSystem.Crypto.Random Crypto.RandomCrypto.Classes Crypto.HMAC Crypto.ModesCrypto.PaddingWord256Word224Word192Word160Word128Word96LargeKey LargeWordlargeWordToIntegerintegerToLargeWord largeWordPlus largeWordAnd largeWordOrlargeWordShift largeWordXor largeBitSize ByteLength BitLength CryptHandle openHandle closeHandle hGetEntropy getEntropyCryptoRandomGennewGen genSeedLengthgenBytesgenBytesWithEntropyreseedGenErrorNotEnoughEntropy NeedReseed RangeInvalidRequestedTooManyBytes GenErrorOthernewGenIOSigningsignverifybuildSigningPairsigningKeyLengthverifyingKeyLength StreamCipherbuildStreamKey encryptStream decryptStreamstreamKeyLength AsymCipher buildKeyPair encryptAsym decryptAsym asymKeyLength BlockCipher blockSize encryptBlock decryptBlockbuildKey keyLengthHash outputLength blockLength initialCtx updateCtxfinalizehashhash'hashFunc hashFunc'for.::.blockSizeBytesMacKeyhmachmac'IVcbc'unCbc'cbcunCbcecbunEcbecb'unEcb'cfbunCfbcfb'unCfb'ofbunOfbofb'unOfb'getIVgetIVIOpadPKCS5putPaddedPKCS5 padBlockSizeunpadPKCS5safe unpadPKCS5padESPpadESPBlockSizeputPadESPBlockSize putPadESPunpadESPaoflkboflkCHgetEntbs2ibaseGHC.Listelem makeBlocks signUsing signUsing'initializationVectorcollectchunkFor chunkFor'unfoldKivProxy deIVProxyproxyOfivBlockSizeBytescereal-0.3.0.0Data.Serialize.PutPutputPaddedBlockSize