-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | Reversable and secure encoding of object ids as a bytestring
--
-- Reversable and secure encoding of object ids as a bytestring
@package cryptoids
@version 0.1.0.1
-- | Given a strict ByteString we compute a cryptographic hash of
-- the associated namespace (carried as a phantom type of kind
-- Symbol). The payload is then encrypted using the symmetric
-- cipher in CBC mode using the hashed namespace as an initialization
-- vector (IV).
--
-- The probability of detecting a namespace mismatch is thus the density
-- of valid payloads within all ByteStrings of the correct length.
module Data.CryptoID.Poly
newtype CryptoID (namespace :: Symbol) a :: Symbol -> * -> *
CryptoID :: a -> CryptoID a
[ciphertext] :: CryptoID a -> a
-- | This newtype ensures only keys of the correct length can be created
--
-- Use genKey to securely generate keys.
--
-- Use the Binary instance to save and restore values of
-- CryptoIDKey across executions.
data CryptoIDKey
-- | Securely generate a new key using system entropy
--
-- When CryptoCipher accepts keys of varying lengths this function
-- generates a key of the largest accepted size.
genKey :: MonadIO m => m CryptoIDKey
-- | Try to read a CryptoIDKey from a file. If the file does not
-- exist, securely generate a key (using genKey) and save it to
-- the file.
readKeyFile :: MonadIO m => FilePath -> m CryptoIDKey
-- | Encrypt a serialized value
encrypt :: forall m namespace. (KnownSymbol namespace, MonadThrow m) => CryptoIDKey -> ByteString -> m (CryptoID namespace ByteString)
-- | Decrypt a serialized value
decrypt :: forall m namespace. (KnownSymbol namespace, MonadThrow m) => CryptoIDKey -> CryptoID namespace ByteString -> m ByteString
-- | Error cases that can be encountered during encrypt and
-- decrypt
data CryptoIDError
-- | One of the underlying cryptographic algorithms (CryptoHash or
-- CryptoCipher) failed.
AlgorithmError :: CryptoError -> CryptoIDError
-- | The length of the digest produced by CryptoHash does not match
-- the block size of CryptoCipher.
--
-- The offending digest is included.
--
-- This error should not occur and is included primarily for sake of
-- totality.
NamespaceHashIsWrongLength :: ByteString -> CryptoIDError
-- | The produced ByteString is the wrong length for conversion into
-- a ciphertext.
CiphertextConversionFailed :: CryptoIDError
-- | The plaintext obtained by decrypting a ciphertext with the given
-- CryptoIDKey in the context of the namespace could not
-- be deserialized into a value of the expected payload-type.
--
-- This is expected behaviour if the namespace or
-- payload-type does not match the ones used during
-- encryption or if the ciphertext was tempered with.
DeserializationError :: (ByteString, ByteOffset, String) -> CryptoIDError
-- | We have determined that, allthough deserializion succeded, the
-- ciphertext was likely modified during transit or created using a
-- different namespace.
InvalidNamespaceDetected :: CryptoIDError
-- | The symmetric cipher BlockCipher this module uses
type CryptoCipher = Blowfish
-- | The cryptographic HashAlgorithm this module uses
--
-- We expect the block size of CryptoCipher to be exactly the size
-- of the Digest generated by CryptoHash (since a
-- Digest is used as an IV).
--
-- Violation of this expectation causes runtime errors.
type CryptoHash = SHAKE128 64
instance GHC.Classes.Eq Data.CryptoID.Poly.CryptoIDError
instance GHC.Show.Show Data.CryptoID.Poly.CryptoIDError
instance Data.ByteArray.Types.ByteArrayAccess Data.CryptoID.Poly.CryptoIDKey
instance GHC.Show.Show Data.CryptoID.Poly.CryptoIDKey
instance Data.Binary.Class.Binary Data.CryptoID.Poly.CryptoIDKey
instance GHC.Exception.Exception Data.CryptoID.Poly.CryptoIDError