-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | Cryptography Primitives sink
--
@package cryptonite
@version 0.2
module Crypto.Random.Entropy.Unsafe
-- | Refill the entropy in a buffer
--
-- call each entropy backend in turn until the buffer has been replenish.
--
-- If the buffer cannot be refill after 3 loopings, this will raise an
-- User Error exception
replenish :: Int -> [EntropyBackend] -> Ptr Word8 -> IO ()
-- | Any Entropy Backend
data EntropyBackend
-- | All supported backends
supportedBackends :: [IO (Maybe EntropyBackend)]
-- | Gather randomness from an open handle
gatherBackend :: EntropyBackend -> Ptr Word8 -> Int -> IO Int
module Crypto.Number.Basic
-- | sqrti returns two integer (l,b) so that l <= sqrt i <= b the
-- implementation is quite naive, use an approximation for the first
-- number and use a dichotomy algorithm to compute the bound relatively
-- efficiently.
sqrti :: Integer -> (Integer, Integer)
-- | get the extended GCD of two integer using integer divMod
--
-- gcde a b find (x,y,gcd(a,b)) where ax + by = d
gcde :: Integer -> Integer -> (Integer, Integer, Integer)
-- | check if a list of integer are all even
areEven :: [Integer] -> Bool
-- | Compute the binary logarithm of a integer
log2 :: Integer -> Int
-- | Compute the number of bits for an integer
numBits :: Integer -> Int
-- | Compute the number of bytes for an integer
numBytes :: Integer -> Int
module Crypto.Number.ModArithmetic
-- | Compute the modular exponentiation of base^exponant using algorithms
-- design to avoid side channels and timing measurement
--
-- Modulo need to be odd otherwise the normal fast modular exponentiation
-- is used.
--
-- When used with integer-simple, this function is not different from
-- expFast, and thus provide the same unstudied and dubious timing and
-- side channels claims.
--
-- with GHC 7.10, the powModSecInteger is missing from integer-gmp (which
-- is now integer-gmp2), so is has the same security as old ghc version.
expSafe :: Integer -> Integer -> Integer -> Integer
-- | Compute the modular exponentiation of base^exponant using the fastest
-- algorithm without any consideration for hiding parameters.
--
-- Use this function when all the parameters are public, otherwise
-- expSafe should be prefered.
expFast :: Integer -> Integer -> Integer -> Integer
-- | inverse computes the modular inverse as in g^(-1) mod m
inverse :: Integer -> Integer -> Maybe Integer
-- | Compute the modular inverse of 2 coprime numbers. This is equivalent
-- to inverse except that the result is known to exists.
--
-- if the numbers are not defined as coprime, this function will raise a
-- CoprimesAssertionError.
inverseCoprimes :: Integer -> Integer -> Integer
instance Typeable CoprimesAssertionError
instance Show CoprimesAssertionError
instance Exception CoprimesAssertionError
-- | fast serialization primitives for integer using raw pointers
module Crypto.Number.Serialize.Internal
-- | fill a pointer with the big endian binary representation of an integer
--
-- if the room available @ptrSz is less than the number of bytes needed,
-- 0 is returned. Likewise if a parameter is invalid, 0 is returned.
--
-- returns the number of bytes written
i2osp :: Integer -> Ptr Word8 -> Int -> IO Int
-- | Similar to i2osp, except it will pad any remaining space with
-- zero.
i2ospOf :: Integer -> Ptr Word8 -> Int -> IO Int
-- | transform a big endian binary integer representation pointed by a
-- pointer and a size into an integer
os2ip :: Ptr Word8 -> Int -> IO Integer
-- | Poly1305 implementation
module Crypto.MAC.Poly1305
-- | Poly1305 Context
data Ctx
-- | Poly1305 Auth
newtype Auth
Auth :: Bytes -> Auth
-- | initialize a Poly1305 context
initialize :: ByteArrayAccess key => key -> Ctx
-- | update a context with a bytestring
update :: ByteArrayAccess ba => Ctx -> ba -> Ctx
-- | updates a context with multiples bytestring
updates :: ByteArrayAccess ba => Ctx -> [ba] -> Ctx
-- | finalize the context into a digest bytestring
finalize :: Ctx -> Auth
-- | One-pass authorization creation
auth :: (ByteArrayAccess key, ByteArrayAccess ba) => key -> ba -> Auth
instance ByteArrayAccess Ctx
instance ByteArrayAccess Auth
instance Eq Auth
-- | fast serialization primitives for integer
module Crypto.Number.Serialize
-- | i2osp converts a positive integer into a byte string
--
-- first byte is MSB (most significant byte), last byte is the LSB (least
-- significant byte)
i2osp :: ByteArray ba => Integer -> ba
-- | os2ip converts a byte string into a positive integer
os2ip :: ByteArrayAccess ba => ba -> Integer
-- | just like i2osp, but take an extra parameter for size. if the number
-- is too big to fit in len bytes, nothing is returned otherwise the
-- number is padded with 0 to fit the len required.
i2ospOf :: ByteArray ba => Int -> Integer -> Maybe ba
-- | just like i2ospOf except that it doesn't expect a failure: i.e. an
-- integer larger than the number of output bytes requested
--
-- for example if you just took a modulo of the number that represent the
-- size (example the RSA modulo n).
i2ospOf_ :: ByteArray ba => Int -> Integer -> ba
module Crypto.Random.Entropy
-- | Get some entropy from the system source of entropy
getEntropy :: ByteArray byteArray => Int -> IO byteArray
module Crypto.Random.EntropyPool
-- | Pool of Entropy. contains a self mutating pool of entropy, that is
-- always guarantee to contains data.
data EntropyPool
-- | Create a new entropy pool with a default size.
--
-- While you can create as many entropy pool as you want, the pool can be
-- shared between multiples RNGs.
createEntropyPool :: IO EntropyPool
-- | Create a new entropy pool of a specific size
--
-- While you can create as many entropy pool as you want, the pool can be
-- shared between multiples RNGs.
createEntropyPoolWith :: Int -> [EntropyBackend] -> IO EntropyPool
-- | Grab a chunk of entropy from the entropy pool.
getEntropyFrom :: ByteArray byteArray => EntropyPool -> Int -> IO byteArray
module Crypto.Cipher.ChaCha
-- | Initialize a new ChaCha context with the number of rounds, the key and
-- the nonce associated.
initialize :: (ByteArrayAccess key, ByteArrayAccess nonce) => Int -> key -> nonce -> State
-- | Combine the chacha output and an arbitrary message with a xor, and
-- return the combined output and the new state.
combine :: ByteArray ba => State -> ba -> (ba, State)
-- | Generate a number of bytes from the ChaCha output directly
generate :: ByteArray ba => State -> Int -> (ba, State)
-- | ChaCha context
data State
-- | Initialize simple ChaCha State
initializeSimple :: ByteArray seed => seed -> StateSimple
-- | similar to generate but assume certains values
generateSimple :: ByteArray ba => StateSimple -> Int -> (ba, StateSimple)
-- | ChaCha context for DRG purpose (see Crypto.Random.ChaChaDRG)
data StateSimple
instance NFData State
instance NFData StateSimple
-- | Simple implementation of the RC4 stream cipher.
-- http://en.wikipedia.org/wiki/RC4
--
-- Initial FFI implementation by Peter White peter@janrain.com
--
-- Reorganized and simplified to have an opaque context.
module Crypto.Cipher.RC4
-- | RC4 context initialization.
--
-- seed the context with an initial key. the key size need to be adequate
-- otherwise security takes a hit.
initialize :: ByteArrayAccess key => key -> State
-- | RC4 xor combination of the rc4 stream with an input
combine :: ByteArray ba => State -> ba -> (State, ba)
-- | generate the next len bytes of the rc4 stream without combining it to
-- anything.
generate :: ByteArray ba => State -> Int -> (State, ba)
-- | The encryption state for RC4
data State
instance ByteArrayAccess State
instance NFData State
module Crypto.Cipher.Salsa
-- | Initialize a new Salsa context with the number of rounds, the key and
-- the nonce associated.
initialize :: (ByteArrayAccess key, ByteArrayAccess nonce) => Int -> key -> nonce -> State
-- | Combine the salsa output and an arbitrary message with a xor, and
-- return the combined output and the new state.
combine :: ByteArray ba => State -> ba -> (ba, State)
-- | Generate a number of bytes from the Salsa output directly
generate :: ByteArray ba => State -> Int -> (ba, State)
-- | Salsa context
data State
instance NFData State
module Crypto.Random.Types
-- | A monad constraint that allows to generate random bytes
class (Functor m, Monad m) => MonadRandom m
getRandomBytes :: (MonadRandom m, ByteArray byteArray) => Int -> m byteArray
-- | A simple Monad class very similar to a State Monad with the state
-- being a DRG.
data MonadPseudoRandom gen a
-- | A Deterministic Random Generator (DRG) class
class DRG gen
randomBytesGenerate :: (DRG gen, ByteArray byteArray) => Int -> gen -> (byteArray, gen)
-- | Run a pure computation with a Deterministic Random Generator in the
-- MonadPseudoRandom
withDRG :: DRG gen => gen -> MonadPseudoRandom gen a -> (a, gen)
instance DRG gen => MonadRandom (MonadPseudoRandom gen)
instance DRG gen => Monad (MonadPseudoRandom gen)
instance DRG gen => Applicative (MonadPseudoRandom gen)
instance DRG gen => Functor (MonadPseudoRandom gen)
instance MonadRandom IO
-- | This module provides basic arithmetic operations over F₂m. Performance
-- is not optimal and it doesn't provide protection against timing
-- attacks. The m parameter is implicitly derived from the
-- irreducible polynomial where applicable.
module Crypto.Number.F2m
-- | Binary Polynomial represented by an integer
type BinaryPolynomial = Integer
-- | Addition over F₂m. This is just a synonym of xor.
addF2m :: Integer -> Integer -> Integer
-- | Multiplication over F₂m.
--
-- n1 * n2 (in F(2^m))
mulF2m :: BinaryPolynomial -> Integer -> Integer -> Integer
-- | Squaring over F₂m. TODO: This is still slower than mulF2m.
squareF2m :: BinaryPolynomial -> Integer -> Integer
-- | Binary polynomial reduction modulo using long division algorithm.
modF2m :: BinaryPolynomial -> Integer -> Integer
-- | Inversion of @n over F₂m using extended Euclidean algorithm.
--
-- If @n doesn't have an inverse, Nothing is returned.
invF2m :: BinaryPolynomial -> Integer -> Maybe Integer
-- | Division over F₂m. If the dividend doesn't have an inverse it returns
-- Nothing.
--
-- Compute n1 / n2
divF2m :: BinaryPolynomial -> Integer -> Integer -> Maybe Integer
module Crypto.Number.Generate
-- | Top bits policy when generating a number
data GenTopPolicy
-- | set the highest bit
SetHighest :: GenTopPolicy
-- | set the two highest bit
SetTwoHighest :: GenTopPolicy
-- | Generate a number for a specific size of bits, and optionaly set
-- bottom and top bits
--
-- If the top bit policy is Nothing, then nothing is done on the
-- highest bit (it's whatever the random generator set).
--
-- If @generateOdd is set to True, then the number generated is
-- guaranteed to be odd. Otherwise it will be whatever is generated
generateParams :: MonadRandom m => Int -> Maybe GenTopPolicy -> Bool -> m Integer
-- | Generate a positive integer x, s.t. 0 <= x < range
generateMax :: MonadRandom m => Integer -> m Integer
-- | generate a number between the inclusive bound [low,high].
generateBetween :: MonadRandom m => Integer -> Integer -> m Integer
instance Show GenTopPolicy
instance Eq GenTopPolicy
-- | Generalized impure cryptographic hash interface
module Crypto.Hash.IO
-- | Class representing hashing algorithms.
--
-- The interface presented here is update in place and lowlevel. the Hash
-- module takes care of hidding the mutable interface properly.
class HashAlgorithm a
hashBlockSize :: HashAlgorithm a => a -> Int
hashDigestSize :: HashAlgorithm a => a -> Int
hashInternalContextSize :: HashAlgorithm a => a -> Int
hashInternalInit :: HashAlgorithm a => Ptr (Context a) -> IO ()
hashInternalUpdate :: HashAlgorithm a => Ptr (Context a) -> Ptr Word8 -> Word32 -> IO ()
hashInternalFinalize :: HashAlgorithm a => Ptr (Context a) -> Ptr (Digest a) -> IO ()
-- | A Mutable hash context
data MutableContext a
-- | Create a new mutable hash context.
--
-- the algorithm used is automatically determined from the return
-- constraint.
hashMutableInit :: HashAlgorithm alg => IO (MutableContext alg)
-- | Create a new mutable hash context.
--
-- The algorithm is explicitely passed as parameter
hashMutableInitWith :: HashAlgorithm alg => alg -> IO (MutableContext alg)
-- | Update a mutable hash context in place
hashMutableUpdate :: (ByteArrayAccess ba, HashAlgorithm a) => MutableContext a -> ba -> IO ()
-- | Finalize a mutable hash context and compute a digest
hashMutableFinalize :: HashAlgorithm a => MutableContext a -> IO (Digest a)
-- | Reset the mutable context to the initial state of the hash
hashMutableReset :: HashAlgorithm a => MutableContext a -> IO ()
instance ByteArrayAccess (MutableContext a)
-- | Definitions of known hash algorithms
module Crypto.Hash.Algorithms
-- | Class representing hashing algorithms.
--
-- The interface presented here is update in place and lowlevel. the Hash
-- module takes care of hidding the mutable interface properly.
class HashAlgorithm a
-- | MD2 cryptographic hash algorithm
data MD2
MD2 :: MD2
-- | MD4 cryptographic hash algorithm
data MD4
MD4 :: MD4
-- | MD5 cryptographic hash algorithm
data MD5
MD5 :: MD5
-- | SHA1 cryptographic hash algorithm
data SHA1
SHA1 :: SHA1
-- | SHA224 cryptographic hash algorithm
data SHA224
SHA224 :: SHA224
-- | SHA256 cryptographic hash algorithm
data SHA256
SHA256 :: SHA256
-- | SHA384 cryptographic hash algorithm
data SHA384
SHA384 :: SHA384
-- | SHA512 cryptographic hash algorithm
data SHA512
SHA512 :: SHA512
-- | SHA512t (224 bits) cryptographic hash algorithm
data SHA512t_224
SHA512t_224 :: SHA512t_224
-- | SHA512t (256 bits) cryptographic hash algorithm
data SHA512t_256
SHA512t_256 :: SHA512t_256
-- | RIPEMD160 cryptographic hash algorithm
data RIPEMD160
RIPEMD160 :: RIPEMD160
-- | Tiger cryptographic hash algorithm
data Tiger
Tiger :: Tiger
-- | Kekkak (224 bits) cryptographic hash algorithm
data Kekkak_224
Kekkak_224 :: Kekkak_224
-- | Kekkak (256 bits) cryptographic hash algorithm
data Kekkak_256
Kekkak_256 :: Kekkak_256
-- | Kekkak (384 bits) cryptographic hash algorithm
data Kekkak_384
Kekkak_384 :: Kekkak_384
-- | Kekkak (512 bits) cryptographic hash algorithm
data Kekkak_512
Kekkak_512 :: Kekkak_512
-- | SHA3 (224 bits) cryptographic hash algorithm
data SHA3_224
SHA3_224 :: SHA3_224
-- | SHA3 (256 bits) cryptographic hash algorithm
data SHA3_256
SHA3_256 :: SHA3_256
-- | SHA3 (384 bits) cryptographic hash algorithm
data SHA3_384
SHA3_384 :: SHA3_384
-- | SHA3 (512 bits) cryptographic hash algorithm
data SHA3_512
SHA3_512 :: SHA3_512
-- | Skein256 (224 bits) cryptographic hash algorithm
data Skein256_224
Skein256_224 :: Skein256_224
-- | Skein256 (256 bits) cryptographic hash algorithm
data Skein256_256
Skein256_256 :: Skein256_256
-- | Skein512 (224 bits) cryptographic hash algorithm
data Skein512_224
Skein512_224 :: Skein512_224
-- | Skein512 (256 bits) cryptographic hash algorithm
data Skein512_256
Skein512_256 :: Skein512_256
-- | Skein512 (384 bits) cryptographic hash algorithm
data Skein512_384
Skein512_384 :: Skein512_384
-- | Skein512 (512 bits) cryptographic hash algorithm
data Skein512_512
Skein512_512 :: Skein512_512
-- | Whirlpool cryptographic hash algorithm
data Whirlpool
Whirlpool :: Whirlpool
-- | Generalized cryptographic hash interface, that you can use with
-- cryptographic hash algorithm that belong to the HashAlgorithm type
-- class.
--
--
-- import Crypto.Hash
--
-- sha1 :: ByteString -> Digest SHA1
-- sha1 = hash
--
-- hexSha3_512 :: ByteString -> String
-- hexSha3_512 bs = show (hash bs :: Digest SHA3_512)
--
module Crypto.Hash
-- | Represent a context for a given hash algorithm.
data Context a
-- | Represent a digest for a given hash algorithm.
data Digest a
-- | Try to transform a bytearray into a Digest of specific algorithm.
--
-- If the digest is not the right size for the algorithm specified, then
-- Nothing is returned.
digestFromByteString :: (HashAlgorithm a, ByteArrayAccess ba) => ba -> Maybe (Digest a)
-- | Initialize a new context for a specified hash algorithm
hashInitWith :: HashAlgorithm alg => alg -> Context alg
-- | Run the hash function but takes an explicit hash algorithm
-- parameter
hashWith :: (ByteArrayAccess ba, HashAlgorithm alg) => alg -> ba -> Digest alg
-- | Initialize a new context for this hash algorithm
hashInit :: HashAlgorithm a => Context a
-- | Update the context with a list of strict bytestring, and return a new
-- context with the updates.
hashUpdates :: (HashAlgorithm a, ByteArrayAccess ba) => Context a -> [ba] -> Context a
-- | run hashUpdates on one single bytestring and return the updated
-- context.
hashUpdate :: (ByteArrayAccess ba, HashAlgorithm a) => Context a -> ba -> Context a
-- | Finalize a context and return a digest.
hashFinalize :: HashAlgorithm a => Context a -> Digest a
-- | Hash a strict bytestring into a digest.
hash :: (ByteArrayAccess ba, HashAlgorithm a) => ba -> Digest a
-- | Hash a lazy bytestring into a digest.
hashlazy :: HashAlgorithm a => ByteString -> Digest a
-- | haskell implementation of the Anti-forensic information splitter
-- available in LUKS. http://clemens.endorphin.org/AFsplitter
--
-- The algorithm bloats an arbitrary secret with many bits that are
-- necessary for the recovery of the key (merge), and allow greater way
-- to permanently destroy a key stored on disk.
module Crypto.Data.AFIS
-- | Split data to diffused data, using a random generator and an hash
-- algorithm.
--
-- the diffused data will consist of random data for (expandTimes-1) then
-- the last block will be xor of the accumulated random data diffused by
-- the hash algorithm.
--
--
-- - ---------
-- - orig -
-- - ---------
-- - --------- ---------- --------------
-- - rand1 - - rand2 - - orig ^ acc -
-- - --------- ---------- --------------
--
--
-- where acc is : acc(n+1) = hash (n ++ rand(n)) ^ acc(n)
split :: (ByteArray ba, HashAlgorithm hash, DRG rng) => hash -> rng -> Int -> ba -> (ba, rng)
-- | Merge previously diffused data back to the original data.
merge :: (ByteArray ba, HashAlgorithm hash) => hash -> Int -> ba -> ba
-- | provide the HMAC (Hash based Message Authentification Code) base
-- algorithm. http://en.wikipedia.org/wiki/HMAC
module Crypto.MAC.HMAC
-- | compute a MAC using the supplied hashing function
hmac :: (ByteArrayAccess key, ByteArray message, HashAlgorithm a) => key -> message -> HMAC a
-- | Represent an HMAC that is a phantom type with the hash used to produce
-- the mac.
--
-- The Eq instance is constant time.
newtype HMAC a
HMAC :: Digest a -> HMAC a
hmacGetDigest :: HMAC a -> Digest a
-- | Represent an ongoing HMAC state, that can be appended with
-- update and finalize to an HMAC with hmacFinalize
data Context hashalg
Context :: !(Context hashalg) -> !(Context hashalg) -> Context hashalg
-- | Initialize a new incremental HMAC context
initialize :: (ByteArrayAccess key, HashAlgorithm a) => key -> Context a
-- | Incrementally update a HMAC context
update :: (ByteArrayAccess message, HashAlgorithm a) => Context a -> message -> Context a
-- | Increamentally update a HMAC context with multiple inputs
updates :: (ByteArrayAccess message, HashAlgorithm a) => Context a -> [message] -> Context a
-- | Finalize a HMAC context and return the HMAC.
finalize :: HashAlgorithm a => Context a -> HMAC a
instance ByteArrayAccess (HMAC a)
instance Eq (HMAC a)
-- | Password Based Key Derivation Function 2
module Crypto.KDF.PBKDF2
-- | The PRF used for PBKDF2
type PRF password = password -> Bytes -> Bytes
-- | PRF for PBKDF2 using HMAC with the hash algorithm as parameter
prfHMAC :: (HashAlgorithm a, ByteArrayAccess password) => a -> PRF password
-- | Parameters for PBKDF2
data Parameters
Parameters :: Int -> Int -> Parameters
-- | the number of user-defined iterations for the algorithms. e.g. WPA2
-- uses 4000.
iterCounts :: Parameters -> Int
-- | the number of bytes to generate out of PBKDF2
outputLength :: Parameters -> Int
-- | generate the pbkdf2 key derivation function from the output
generate :: (ByteArrayAccess password, ByteArrayAccess salt, ByteArray ba) => PRF password -> Parameters -> password -> salt -> ba
-- | Scrypt key derivation function as defined in Colin Percival's paper
-- "Stronger Key Derivation via Sequential Memory-Hard Functions"
-- http://www.tarsnap.com/scrypt/scrypt.pdf.
module Crypto.KDF.Scrypt
-- | Parameters for Scrypt
data Parameters
Parameters :: Word64 -> Int -> Int -> Int -> Parameters
-- | Cpu/Memory cost ratio. must be a power of 2 greater than 1. also known
-- as N.
n :: Parameters -> Word64
-- | Must satisfy r * p < 2^30
r :: Parameters -> Int
-- | Must satisfy r * p < 2^30
p :: Parameters -> Int
-- | the number of bytes to generate out of Scrypt
outputLength :: Parameters -> Int
-- | Generate the scrypt key derivation data
generate :: (ByteArrayAccess password, ByteArrayAccess salt, ByteArray output) => Parameters -> password -> salt -> output
-- | Standard digests wrapped in ASN1 structure
module Crypto.PubKey.HashDescr
-- | A hash methods to generate a ASN.1 structure digest
data HashDescr hashAlg ba
-- | Run the digest function on some input and get the raw bytes
runHashDescr :: (HashAlgorithm hashAlg, ByteArray ba) => HashDescr hashAlg ba -> ba -> ba
-- | Describe the MD2 hashing algorithm
hashDescrMD2 :: ByteArray ba => HashDescr MD2 ba
-- | Describe the MD5 hashing algorithm
hashDescrMD5 :: ByteArray ba => HashDescr MD5 ba
-- | Describe the SHA1 hashing algorithm
hashDescrSHA1 :: ByteArray ba => HashDescr SHA1 ba
-- | Describe the SHA224 hashing algorithm
hashDescrSHA224 :: ByteArray ba => HashDescr SHA224 ba
-- | Describe the SHA256 hashing algorithm
hashDescrSHA256 :: ByteArray ba => HashDescr SHA256 ba
-- | Describe the SHA384 hashing algorithm
hashDescrSHA384 :: ByteArray ba => HashDescr SHA384 ba
-- | Describe the SHA512 hashing algorithm
hashDescrSHA512 :: ByteArray ba => HashDescr SHA512 ba
-- | Describe the RIPEMD160 hashing algorithm
hashDescrRIPEMD160 :: ByteArray ba => HashDescr RIPEMD160 ba
module Crypto.PubKey.MaskGenFunction
-- | Represent a mask generation algorithm
type MaskGenAlgorithm seed output = seed -> Int -> output
-- | Mask generation algorithm MGF1
mgf1 :: (ByteArrayAccess seed, ByteArray output, HashAlgorithm hashAlg) => hashAlg -> seed -> Int -> output
-- | Curve25519 support
module Crypto.PubKey.Curve25519
-- | A Curve25519 Secret key
data SecretKey
-- | A Curve25519 public key
data PublicKey
-- | A Curve25519 Diffie Hellman secret related to a public key and a
-- secret key.
data DhSecret
-- | Create a DhSecret from a bytearray object
dhSecret :: ByteArrayAccess b => b -> Either String DhSecret
-- | Try to build a public key from a bytearray
publicKey :: ByteArrayAccess bs => bs -> Either String PublicKey
-- | Try to build a secret key from a bytearray
secretKey :: ByteArrayAccess bs => bs -> Either String SecretKey
-- | Compute the Diffie Hellman secret from a public key and a secret key
dh :: PublicKey -> SecretKey -> DhSecret
-- | Create a public key from a secret key
toPublic :: SecretKey -> PublicKey
instance Show SecretKey
instance Eq SecretKey
instance ByteArrayAccess SecretKey
instance NFData SecretKey
instance Show PublicKey
instance Eq PublicKey
instance ByteArrayAccess PublicKey
instance NFData PublicKey
instance Show DhSecret
instance Eq DhSecret
instance ByteArrayAccess DhSecret
instance NFData DhSecret
-- | An implementation of the Digital Signature Algorithm (DSA)
module Crypto.PubKey.DSA
-- | Represent DSA parameters namely P, G, and Q.
data Params
Params :: Integer -> Integer -> Integer -> Params
-- | DSA p
params_p :: Params -> Integer
-- | DSA g
params_g :: Params -> Integer
-- | DSA q
params_q :: Params -> Integer
-- | Represent a DSA signature namely R and S.
data Signature
Signature :: Integer -> Integer -> Signature
-- | DSA r
sign_r :: Signature -> Integer
-- | DSA s
sign_s :: Signature -> Integer
-- | Represent a DSA public key.
data PublicKey
PublicKey :: Params -> PublicNumber -> PublicKey
-- | DSA parameters
public_params :: PublicKey -> Params
-- | DSA public Y
public_y :: PublicKey -> PublicNumber
-- | Represent a DSA private key.
--
-- Only x need to be secret. the DSA parameters are publicly shared with
-- the other side.
data PrivateKey
PrivateKey :: Params -> PrivateNumber -> PrivateKey
-- | DSA parameters
private_params :: PrivateKey -> Params
-- | DSA private X
private_x :: PrivateKey -> PrivateNumber
-- | DSA Public Number, usually embedded in DSA Public Key
type PublicNumber = Integer
-- | DSA Private Number, usually embedded in DSA Private Key
type PrivateNumber = Integer
-- | generate a private number with no specific property this number is
-- usually called X in DSA text.
generatePrivate :: MonadRandom m => Params -> m PrivateNumber
-- | Calculate the public number from the parameters and the private key
calculatePublic :: Params -> PrivateNumber -> PublicNumber
-- | sign message using the private key.
sign :: (ByteArrayAccess msg, HashAlgorithm hash, MonadRandom m) => PrivateKey -> hash -> msg -> m Signature
-- | sign message using the private key and an explicit k number.
signWith :: (ByteArrayAccess msg, HashAlgorithm hash) => Integer -> PrivateKey -> hash -> msg -> Maybe Signature
-- | verify a bytestring using the public key.
verify :: (ByteArrayAccess msg, HashAlgorithm hash) => hash -> PublicKey -> Signature -> msg -> Bool
-- | Represent a DSA key pair
data KeyPair
KeyPair :: Params -> PublicNumber -> PrivateNumber -> KeyPair
-- | Public key of a DSA Key pair
toPublicKey :: KeyPair -> PublicKey
-- | Private key of a DSA Key pair
toPrivateKey :: KeyPair -> PrivateKey
instance Typeable Params
instance Typeable Signature
instance Typeable PublicKey
instance Typeable PrivateKey
instance Typeable KeyPair
instance Show Params
instance Read Params
instance Eq Params
instance Data Params
instance Show Signature
instance Read Signature
instance Eq Signature
instance Data Signature
instance Show PublicKey
instance Read PublicKey
instance Eq PublicKey
instance Data PublicKey
instance Show PrivateKey
instance Read PrivateKey
instance Eq PrivateKey
instance Data PrivateKey
instance Show KeyPair
instance Read KeyPair
instance Eq KeyPair
instance Data KeyPair
instance NFData KeyPair
instance NFData PrivateKey
instance NFData PublicKey
instance NFData Signature
instance NFData Params
-- | references: https://tools.ietf.org/html/rfc5915
module Crypto.PubKey.ECC.Types
-- | Define either a binary curve or a prime curve.
data Curve
-- | 𝔽(2^m)
CurveF2m :: CurveBinary -> Curve
-- | 𝔽p
CurveFP :: CurvePrime -> Curve
-- | Define a point on a curve.
data Point
Point :: Integer -> Integer -> Point
-- | Point at Infinity
PointO :: Point
-- | ECC Public Point
type PublicPoint = Point
-- | ECC Private Number
type PrivateNumber = Integer
-- | Define an elliptic curve in 𝔽(2^m). The firt parameter is the Integer
-- representatioin of the irreducible polynomial f(x).
data CurveBinary
CurveBinary :: Integer -> CurveCommon -> CurveBinary
-- | Define an elliptic curve in 𝔽p. The first parameter is the Prime
-- Number.
data CurvePrime
CurvePrime :: Integer -> CurveCommon -> CurvePrime
-- | Parameters in common between binary and prime curves.
common_curve :: Curve -> CurveCommon
-- | Irreducible polynomial representing the characteristic of a
-- CurveBinary.
ecc_fx :: CurveBinary -> Integer
-- | Prime number representing the characteristic of a CurvePrime.
ecc_p :: CurvePrime -> Integer
-- | Define common parameters in a curve definition of the form: y^2 = x^3
-- + ax + b.
data CurveCommon
CurveCommon :: Integer -> Integer -> Point -> Integer -> Integer -> CurveCommon
-- | curve parameter a
ecc_a :: CurveCommon -> Integer
-- | curve parameter b
ecc_b :: CurveCommon -> Integer
-- | base point
ecc_g :: CurveCommon -> Point
-- | order of G
ecc_n :: CurveCommon -> Integer
-- | cofactor
ecc_h :: CurveCommon -> Integer
-- | Define names for known recommended curves.
data CurveName
SEC_p112r1 :: CurveName
SEC_p112r2 :: CurveName
SEC_p128r1 :: CurveName
SEC_p128r2 :: CurveName
SEC_p160k1 :: CurveName
SEC_p160r1 :: CurveName
SEC_p160r2 :: CurveName
SEC_p192k1 :: CurveName
SEC_p192r1 :: CurveName
SEC_p224k1 :: CurveName
SEC_p224r1 :: CurveName
SEC_p256k1 :: CurveName
SEC_p256r1 :: CurveName
SEC_p384r1 :: CurveName
SEC_p521r1 :: CurveName
SEC_t113r1 :: CurveName
SEC_t113r2 :: CurveName
SEC_t131r1 :: CurveName
SEC_t131r2 :: CurveName
SEC_t163k1 :: CurveName
SEC_t163r1 :: CurveName
SEC_t163r2 :: CurveName
SEC_t193r1 :: CurveName
SEC_t193r2 :: CurveName
SEC_t233k1 :: CurveName
SEC_t233r1 :: CurveName
SEC_t239k1 :: CurveName
SEC_t283k1 :: CurveName
SEC_t283r1 :: CurveName
SEC_t409k1 :: CurveName
SEC_t409r1 :: CurveName
SEC_t571k1 :: CurveName
SEC_t571r1 :: CurveName
-- | Get the curve definition associated with a recommended known curve
-- name.
getCurveByName :: CurveName -> Curve
instance Typeable Point
instance Typeable CurveCommon
instance Typeable CurvePrime
instance Typeable CurveBinary
instance Typeable Curve
instance Typeable CurveName
instance Show Point
instance Read Point
instance Eq Point
instance Data Point
instance Show CurveCommon
instance Read CurveCommon
instance Eq CurveCommon
instance Data CurveCommon
instance Show CurvePrime
instance Read CurvePrime
instance Eq CurvePrime
instance Data CurvePrime
instance Show CurveBinary
instance Read CurveBinary
instance Eq CurveBinary
instance Data CurveBinary
instance Show Curve
instance Read Curve
instance Eq Curve
instance Data Curve
instance Show CurveName
instance Read CurveName
instance Eq CurveName
instance Ord CurveName
instance Enum CurveName
instance Data CurveName
instance NFData CurveBinary
instance NFData Point
-- | Elliptic Curve Arithmetic.
--
-- WARNING: These functions are vulnerable to timing attacks.
module Crypto.PubKey.ECC.Prim
-- | Elliptic Curve point addition.
--
-- WARNING: Vulnerable to timing attacks.
pointAdd :: Curve -> Point -> Point -> Point
-- | Elliptic Curve point doubling.
--
-- WARNING: Vulnerable to timing attacks.
--
-- This perform the following calculation: > lambda = (3 * xp ^ 2 + a)
-- / 2 yp > xr = lambda ^ 2 - 2 xp > yr = lambda (xp - xr) - yp
--
-- With binary curve: > xp == 0 => P = O > otherwise => >
-- s = xp + (yp / xp) > xr = s ^ 2 + s + a > yr = xp ^ 2 + (s+1) *
-- xr
pointDouble :: Curve -> Point -> Point
-- | Elliptic curve point multiplication (double and add algorithm).
--
-- WARNING: Vulnerable to timing attacks.
pointMul :: Curve -> Integer -> Point -> Point
-- | Check if a point is the point at infinity.
isPointAtInfinity :: Point -> Bool
-- | check if a point is on specific curve
--
-- This perform three checks:
--
--
-- - x is not out of range
-- - y is not out of range
-- - the equation y^2 = x^3 + a*x + b (mod p) holds
--
isPointValid :: Curve -> Point -> Bool
-- | WARNING: Signature operations may leak the private key.
-- Signature verification should be safe.
module Crypto.PubKey.ECC.ECDSA
-- | Represent a ECDSA signature namely R and S.
data Signature
Signature :: Integer -> Integer -> Signature
-- | ECDSA r
sign_r :: Signature -> Integer
-- | ECDSA s
sign_s :: Signature -> Integer
-- | ECC Public Point
type PublicPoint = Point
-- | ECDSA Public Key.
data PublicKey
PublicKey :: Curve -> PublicPoint -> PublicKey
public_curve :: PublicKey -> Curve
public_q :: PublicKey -> PublicPoint
-- | ECC Private Number
type PrivateNumber = Integer
-- | ECDSA Private Key.
data PrivateKey
PrivateKey :: Curve -> PrivateNumber -> PrivateKey
private_curve :: PrivateKey -> Curve
private_d :: PrivateKey -> PrivateNumber
-- | ECDSA Key Pair.
data KeyPair
KeyPair :: Curve -> PublicPoint -> PrivateNumber -> KeyPair
-- | Public key of a ECDSA Key pair.
toPublicKey :: KeyPair -> PublicKey
-- | Private key of a ECDSA Key pair.
toPrivateKey :: KeyPair -> PrivateKey
-- | Sign message using the private key and an explicit k number.
--
-- WARNING: Vulnerable to timing attacks.
signWith :: (ByteArrayAccess msg, HashAlgorithm hash) => Integer -> PrivateKey -> hash -> msg -> Maybe Signature
-- | Sign message using the private key.
--
-- WARNING: Vulnerable to timing attacks.
sign :: (ByteArrayAccess msg, HashAlgorithm hash, MonadRandom m) => PrivateKey -> hash -> msg -> m Signature
-- | Verify a bytestring using the public key.
verify :: (ByteArrayAccess msg, HashAlgorithm hash) => hash -> PublicKey -> Signature -> msg -> Bool
instance Typeable Signature
instance Typeable PrivateKey
instance Typeable PublicKey
instance Typeable KeyPair
instance Show Signature
instance Read Signature
instance Eq Signature
instance Data Signature
instance Show PrivateKey
instance Read PrivateKey
instance Eq PrivateKey
instance Data PrivateKey
instance Show PublicKey
instance Read PublicKey
instance Eq PublicKey
instance Data PublicKey
instance Show KeyPair
instance Read KeyPair
instance Eq KeyPair
instance Data KeyPair
-- | Signature generation.
module Crypto.PubKey.ECC.Generate
-- | Generate Q given d.
--
-- WARNING: Vulnerable to timing attacks.
generateQ :: Curve -> Integer -> Point
-- | Generate a pair of (private, public) key.
--
-- WARNING: Vulnerable to timing attacks.
generate :: MonadRandom m => Curve -> m (PublicKey, PrivateKey)
module Crypto.PubKey.RSA.Types
-- | error possible during encryption, decryption or signing.
data Error
-- | the message to decrypt is not of the correct size (need to be ==
-- private_size)
MessageSizeIncorrect :: Error
-- | the message to encrypt is too long
MessageTooLong :: Error
-- | the message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg)
MessageNotRecognized :: Error
-- | the message's digest is too long
SignatureTooLong :: Error
-- | some parameters lead to breaking assumptions.
InvalidParameters :: Error
-- | Blinder which is used to obfuscate the timing of the decryption
-- primitive (used by decryption and signing).
data Blinder
Blinder :: !Integer -> !Integer -> Blinder
-- | Represent a RSA public key
data PublicKey
PublicKey :: Int -> Integer -> Integer -> PublicKey
-- | size of key in bytes
public_size :: PublicKey -> Int
-- | public p*q
public_n :: PublicKey -> Integer
-- | public exponant e
public_e :: PublicKey -> Integer
-- | Represent a RSA private key.
--
-- Only the pub, d fields are mandatory to fill.
--
-- p, q, dP, dQ, qinv are by-product during RSA generation, but are
-- useful to record here to speed up massively the decrypt and sign
-- operation.
--
-- implementations can leave optional fields to 0.
data PrivateKey
PrivateKey :: PublicKey -> Integer -> Integer -> Integer -> Integer -> Integer -> Integer -> PrivateKey
-- | public part of a private key (size, n and e)
private_pub :: PrivateKey -> PublicKey
-- | private exponant d
private_d :: PrivateKey -> Integer
-- | p prime number
private_p :: PrivateKey -> Integer
-- | q prime number
private_q :: PrivateKey -> Integer
-- | d mod (p-1)
private_dP :: PrivateKey -> Integer
-- | d mod (q-1)
private_dQ :: PrivateKey -> Integer
-- | q^(-1) mod p
private_qinv :: PrivateKey -> Integer
-- | Represent RSA KeyPair
--
-- note the RSA private key contains already an instance of public key
-- for efficiency
newtype KeyPair
KeyPair :: PrivateKey -> KeyPair
-- | Public key of a RSA KeyPair
toPublicKey :: KeyPair -> PublicKey
-- | Private key of a RSA KeyPair
toPrivateKey :: KeyPair -> PrivateKey
-- | get the size in bytes from a private key
private_size :: PrivateKey -> Int
-- | get n from a private key
private_n :: PrivateKey -> Integer
-- | get e from a private key
private_e :: PrivateKey -> Integer
instance Typeable PublicKey
instance Typeable PrivateKey
instance Typeable KeyPair
instance Show Blinder
instance Eq Blinder
instance Show Error
instance Eq Error
instance Show PublicKey
instance Read PublicKey
instance Eq PublicKey
instance Data PublicKey
instance Show PrivateKey
instance Read PrivateKey
instance Eq PrivateKey
instance Data PrivateKey
instance Show KeyPair
instance Read KeyPair
instance Eq KeyPair
instance Data KeyPair
instance NFData KeyPair
instance NFData PrivateKey
instance NFData PublicKey
module Crypto.PubKey.RSA.Prim
-- | Compute the RSA decrypt primitive. if the p and q numbers are
-- available, then dpFast is used otherwise, we use dpSlow which only
-- need d and n.
dp :: ByteArray ba => Maybe Blinder -> PrivateKey -> ba -> ba
-- | Compute the RSA encrypt primitive
ep :: ByteArray ba => PublicKey -> ba -> ba
module Crypto.Random
-- | ChaCha Deterministic Random Generator
data ChaChaDRG
-- | Create a new DRG from system entropy
drgNew :: IO ChaChaDRG
-- | Create a new DRG from 5 Word64.
--
-- This is a convenient interface to create deterministic interface for
-- quickcheck style testing.
--
-- It can also be used in other contexts provided the input has been
-- properly randomly generated.
drgNewTest :: (Word64, Word64, Word64, Word64, Word64) -> ChaChaDRG
-- | Run a pure computation with a Deterministic Random Generator in the
-- MonadPseudoRandom
withDRG :: DRG gen => gen -> MonadPseudoRandom gen a -> (a, gen)
-- | A Deterministic Random Generator (DRG) class
class DRG gen
randomBytesGenerate :: (DRG gen, ByteArray byteArray) => Int -> gen -> (byteArray, gen)
-- | A monad constraint that allows to generate random bytes
class (Functor m, Monad m) => MonadRandom m
getRandomBytes :: (MonadRandom m, ByteArray byteArray) => Int -> m byteArray
-- | A simple Monad class very similar to a State Monad with the state
-- being a DRG.
data MonadPseudoRandom gen a
module Crypto.Number.Prime
-- | generate a prime number of the required bitsize
generatePrime :: MonadRandom m => Int -> m Integer
-- | generate a prime number of the form 2p+1 where p is also prime. it is
-- also knowed as a Sophie Germaine prime or safe prime.
--
-- The number of safe prime is significantly smaller to the number of
-- prime, as such it shouldn't be used if this number is supposed to be
-- kept safe.
generateSafePrime :: MonadRandom m => Int -> m Integer
-- | returns if the number is probably prime. first a list of small primes
-- are implicitely tested for divisibility, then a fermat primality test
-- is used with arbitrary numbers and then the Miller Rabin algorithm is
-- used with an accuracy of 30 recursions
isProbablyPrime :: Integer -> Bool
-- | find a prime from a starting point with no specific property.
findPrimeFrom :: Integer -> Integer
-- | find a prime from a starting point where the property hold.
findPrimeFromWith :: (Integer -> Bool) -> Integer -> Integer
-- | Miller Rabin algorithm return if the number is probably prime or
-- composite. the tries parameter is the number of recursion, that
-- determines the accuracy of the test.
primalityTestMillerRabin :: Int -> Integer -> Bool
-- | Test naively is integer is prime. while naive, we skip even number and
-- stop iteration at i > sqrt(n)
primalityTestNaive :: Integer -> Bool
-- | Probabilitic Test using Fermat primility test. Beware of Carmichael
-- numbers that are Fermat liars, i.e. this test is useless for them.
-- always combines with some other test.
primalityTestFermat :: Int -> Integer -> Integer -> Bool
-- | Test is two integer are coprime to each other
isCoprime :: Integer -> Integer -> Bool
module Crypto.PubKey.DH
-- | Represent Diffie Hellman parameters namely P (prime), and G
-- (generator).
data Params
Params :: Integer -> Integer -> Params
params_p :: Params -> Integer
params_g :: Params -> Integer
-- | Represent Diffie Hellman public number Y.
newtype PublicNumber
PublicNumber :: Integer -> PublicNumber
-- | Represent Diffie Hellman private number X.
newtype PrivateNumber
PrivateNumber :: Integer -> PrivateNumber
-- | Represent Diffie Hellman shared secret.
newtype SharedKey
SharedKey :: Integer -> SharedKey
-- | generate params from a specific generator (2 or 5 are common values)
-- we generate a safe prime (a prime number of the form 2p+1 where p is
-- also prime)
generateParams :: MonadRandom m => Int -> Integer -> m Params
-- | generate a private number with no specific property this number is
-- usually called X in DH text.
generatePrivate :: MonadRandom m => Params -> m PrivateNumber
-- | calculate the public number from the parameters and the private key
-- this number is usually called Y in DH text.
calculatePublic :: Params -> PrivateNumber -> PublicNumber
-- | calculate the public number from the parameters and the private key
-- this number is usually called Y in DH text.
--
-- DEPRECATED use calculatePublic
generatePublic :: Params -> PrivateNumber -> PublicNumber
-- | generate a shared key using our private number and the other party
-- public number
getShared :: Params -> PrivateNumber -> PublicNumber -> SharedKey
instance Typeable Params
instance Show Params
instance Read Params
instance Eq Params
instance Data Params
instance Show PublicNumber
instance Read PublicNumber
instance Eq PublicNumber
instance Enum PublicNumber
instance Real PublicNumber
instance Num PublicNumber
instance Ord PublicNumber
instance Show PrivateNumber
instance Read PrivateNumber
instance Eq PrivateNumber
instance Enum PrivateNumber
instance Real PrivateNumber
instance Num PrivateNumber
instance Ord PrivateNumber
instance Show SharedKey
instance Read SharedKey
instance Eq SharedKey
instance Enum SharedKey
instance Real SharedKey
instance Num SharedKey
instance Ord SharedKey
-- | Elliptic curve Diffie Hellman
module Crypto.PubKey.ECC.DH
-- | Define either a binary curve or a prime curve.
data Curve
-- | ECC Public Point
type PublicPoint = Point
-- | ECC Private Number
type PrivateNumber = Integer
-- | Represent Diffie Hellman shared secret.
newtype SharedKey
SharedKey :: Integer -> SharedKey
-- | Generating a private number d.
generatePrivate :: MonadRandom m => Curve -> m PrivateNumber
-- | Generating a public point Q.
calculatePublic :: Curve -> PrivateNumber -> PublicPoint
-- | Generating a shared key using our private number and the other party
-- public point.
getShared :: Curve -> PrivateNumber -> PublicPoint -> SharedKey
module Crypto.PubKey.RSA
-- | error possible during encryption, decryption or signing.
data Error
-- | the message to decrypt is not of the correct size (need to be ==
-- private_size)
MessageSizeIncorrect :: Error
-- | the message to encrypt is too long
MessageTooLong :: Error
-- | the message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg)
MessageNotRecognized :: Error
-- | the message's digest is too long
SignatureTooLong :: Error
-- | some parameters lead to breaking assumptions.
InvalidParameters :: Error
-- | Represent a RSA public key
data PublicKey
PublicKey :: Int -> Integer -> Integer -> PublicKey
-- | size of key in bytes
public_size :: PublicKey -> Int
-- | public p*q
public_n :: PublicKey -> Integer
-- | public exponant e
public_e :: PublicKey -> Integer
-- | Represent a RSA private key.
--
-- Only the pub, d fields are mandatory to fill.
--
-- p, q, dP, dQ, qinv are by-product during RSA generation, but are
-- useful to record here to speed up massively the decrypt and sign
-- operation.
--
-- implementations can leave optional fields to 0.
data PrivateKey
PrivateKey :: PublicKey -> Integer -> Integer -> Integer -> Integer -> Integer -> Integer -> PrivateKey
-- | public part of a private key (size, n and e)
private_pub :: PrivateKey -> PublicKey
-- | private exponant d
private_d :: PrivateKey -> Integer
-- | p prime number
private_p :: PrivateKey -> Integer
-- | q prime number
private_q :: PrivateKey -> Integer
-- | d mod (p-1)
private_dP :: PrivateKey -> Integer
-- | d mod (q-1)
private_dQ :: PrivateKey -> Integer
-- | q^(-1) mod p
private_qinv :: PrivateKey -> Integer
-- | Blinder which is used to obfuscate the timing of the decryption
-- primitive (used by decryption and signing).
data Blinder
Blinder :: !Integer -> !Integer -> Blinder
-- | Generate a key pair given p and q.
--
-- p and q need to be distinct prime numbers.
--
-- e need to be coprime to phi=(p-1)*(q-1). If that's not the case, the
-- function will not return a key pair. A small hamming weight results in
-- better performance.
--
--
-- - e=0x10001 is a popular choice
-- - e=3 is popular as well, but proven to not be as secure for some
-- cases.
--
generateWith :: (Integer, Integer) -> Int -> Integer -> Maybe (PublicKey, PrivateKey)
-- | generate a pair of (private, public) key of size in bytes.
generate :: MonadRandom m => Int -> Integer -> m (PublicKey, PrivateKey)
-- | Generate a blinder to use with decryption and signing operation
--
-- the unique parameter apart from the random number generator is the
-- public key value N.
generateBlinder :: MonadRandom m => Integer -> m Blinder
module Crypto.PubKey.RSA.PKCS15
-- | This produce a standard PKCS1.5 padding for encryption
pad :: (MonadRandom m, ByteArray message) => Int -> message -> m (Either Error message)
-- | Produce a standard PKCS1.5 padding for signature
padSignature :: ByteArray signature => Int -> signature -> Either Error signature
-- | Try to remove a standard PKCS1.5 encryption padding.
unpad :: ByteArray bytearray => bytearray -> Either Error bytearray
-- | decrypt message using the private key.
--
-- When the decryption is not in a context where an attacker could gain
-- information from the timing of the operation, the blinder can be set
-- to None.
--
-- If unsure always set a blinder or use decryptSafer
decrypt :: Maybe Blinder -> PrivateKey -> ByteString -> Either Error ByteString
-- | decrypt message using the private key and by automatically generating
-- a blinder.
decryptSafer :: MonadRandom m => PrivateKey -> ByteString -> m (Either Error ByteString)
-- | sign message using private key, a hash and its ASN1 description
--
-- When the signature is not in a context where an attacker could gain
-- information from the timing of the operation, the blinder can be set
-- to None.
--
-- If unsure always set a blinder or use signSafer
sign :: HashAlgorithm hashAlg => Maybe Blinder -> HashDescr hashAlg ByteString -> PrivateKey -> ByteString -> Either Error ByteString
-- | sign message using the private key and by automatically generating a
-- blinder.
signSafer :: (HashAlgorithm hashAlg, MonadRandom m) => HashDescr hashAlg ByteString -> PrivateKey -> ByteString -> m (Either Error ByteString)
-- | encrypt a bytestring using the public key and a CPRG random generator.
--
-- the message need to be smaller than the key size - 11
encrypt :: MonadRandom m => PublicKey -> ByteString -> m (Either Error ByteString)
-- | verify message with the signed message
verify :: HashAlgorithm hashAlg => HashDescr hashAlg ByteString -> PublicKey -> ByteString -> ByteString -> Bool
module Crypto.PubKey.RSA.PSS
-- | Parameters for PSS signature/verification.
data PSSParams hash seed output
PSSParams :: hash -> MaskGenAlgorithm seed output -> Int -> Word8 -> PSSParams hash seed output
-- | Hash function to use
pssHash :: PSSParams hash seed output -> hash
-- | Mask Gen algorithm to use
pssMaskGenAlg :: PSSParams hash seed output -> MaskGenAlgorithm seed output
-- | Length of salt. need to be <= to hLen.
pssSaltLength :: PSSParams hash seed output -> Int
-- | Trailer field, usually 0xbc
pssTrailerField :: PSSParams hash seed output -> Word8
-- | Default Params with a specified hash function
defaultPSSParams :: (ByteArrayAccess seed, ByteArray output, HashAlgorithm hash) => hash -> PSSParams hash seed output
-- | Default Params using SHA1 algorithm.
defaultPSSParamsSHA1 :: PSSParams SHA1 ByteString ByteString
-- | Sign using the PSS parameters and the salt explicitely passed as
-- parameters.
--
-- the function ignore SaltLength from the PSS Parameters
signWithSalt :: HashAlgorithm hash => ByteString -> Maybe Blinder -> PSSParams hash ByteString ByteString -> PrivateKey -> ByteString -> Either Error ByteString
-- | Sign using the PSS Parameters
sign :: (HashAlgorithm hash, MonadRandom m) => Maybe Blinder -> PSSParams hash ByteString ByteString -> PrivateKey -> ByteString -> m (Either Error ByteString)
-- | Sign using the PSS Parameters and an automatically generated blinder.
signSafer :: (HashAlgorithm hash, MonadRandom m) => PSSParams hash ByteString ByteString -> PrivateKey -> ByteString -> m (Either Error ByteString)
-- | Verify a signature using the PSS Parameters
verify :: HashAlgorithm hash => PSSParams hash ByteString ByteString -> PublicKey -> ByteString -> ByteString -> Bool
-- | RSA OAEP mode
-- http://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding
module Crypto.PubKey.RSA.OAEP
-- | Parameters for OAEP encryption/decryption
data OAEPParams hash seed output
OAEPParams :: hash -> MaskGenAlgorithm seed output -> Maybe ByteString -> OAEPParams hash seed output
-- | Hash function to use.
oaepHash :: OAEPParams hash seed output -> hash
-- | Mask Gen algorithm to use.
oaepMaskGenAlg :: OAEPParams hash seed output -> MaskGenAlgorithm seed output
-- | Optional label prepended to message.
oaepLabel :: OAEPParams hash seed output -> Maybe ByteString
-- | Default Params with a specified hash function
defaultOAEPParams :: (ByteArrayAccess seed, ByteArray output, HashAlgorithm hash) => hash -> OAEPParams hash seed output
-- | Encrypt a message using OAEP with a predefined seed.
encryptWithSeed :: HashAlgorithm hash => ByteString -> OAEPParams hash ByteString ByteString -> PublicKey -> ByteString -> Either Error ByteString
-- | Encrypt a message using OAEP
encrypt :: (HashAlgorithm hash, MonadRandom m) => OAEPParams hash ByteString ByteString -> PublicKey -> ByteString -> m (Either Error ByteString)
-- | Decrypt a ciphertext using OAEP
--
-- When the signature is not in a context where an attacker could gain
-- information from the timing of the operation, the blinder can be set
-- to None.
--
-- If unsure always set a blinder or use decryptSafer
decrypt :: HashAlgorithm hash => Maybe Blinder -> OAEPParams hash ByteString ByteString -> PrivateKey -> ByteString -> Either Error ByteString
-- | Decrypt a ciphertext using OAEP and by automatically generating a
-- blinder.
decryptSafer :: (HashAlgorithm hash, MonadRandom m) => OAEPParams hash ByteString ByteString -> PrivateKey -> ByteString -> m (Either Error ByteString)
module Crypto.Error
-- | Enumeration of all possible errors that can be found in this library
data CryptoError
CryptoError_KeySizeInvalid :: CryptoError
CryptoError_IvSizeInvalid :: CryptoError
CryptoError_AEADModeNotSupported :: CryptoError
CryptoError_SecretKeySizeInvalid :: CryptoError
CryptoError_SecretKeyStructureInvalid :: CryptoError
CryptoError_PublicKeySizeInvalid :: CryptoError
-- | A simple Either like type to represent a computation that can fail
--
-- 2 possibles values are:
--
--
-- - CryptoPassed : The computation succeeded, and contains the
-- result of the computation
-- - CryptoFailed : The computation failed, and contains the
-- cryptographic error associated
--
data CryptoFailable a
CryptoPassed :: a -> CryptoFailable a
CryptoFailed :: CryptoError -> CryptoFailable a
-- | Throw an CryptoError as exception on CryptoFailed result, otherwise
-- return the computed value
throwCryptoErrorIO :: CryptoFailable a -> IO a
-- | Same as throwCryptoErrorIO but throw the error asynchronously.
throwCryptoError :: CryptoFailable a -> a
-- | Simple either like combinator for CryptoFailable type
onCryptoFailure :: (CryptoError -> r) -> (a -> r) -> CryptoFailable a -> r
-- | Transform a CryptoFailable to an Either
eitherCryptoError :: CryptoFailable a -> Either CryptoError a
-- | Transform a CryptoFailable to a Maybe
maybeCryptoError :: CryptoFailable a -> Maybe a
-- | symmetric cipher basic types
module Crypto.Cipher.Types
-- | Symmetric cipher class.
class Cipher cipher
cipherInit :: (Cipher cipher, ByteArray key) => key -> CryptoFailable cipher
cipherName :: Cipher cipher => cipher -> String
cipherKeySize :: Cipher cipher => cipher -> KeySizeSpecifier
-- | Symmetric block cipher class
class Cipher cipher => BlockCipher cipher where cbcEncrypt = cbcEncryptGeneric cbcDecrypt = cbcDecryptGeneric cfbEncrypt = cfbEncryptGeneric cfbDecrypt = cfbDecryptGeneric ctrCombine = ctrCombineGeneric aeadInit _ _ _ = CryptoFailed CryptoError_AEADModeNotSupported
blockSize :: BlockCipher cipher => cipher -> Int
ecbEncrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> ba -> ba
ecbDecrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> ba -> ba
cbcEncrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba
cbcDecrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba
cfbEncrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba
cfbDecrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba
ctrCombine :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba
aeadInit :: (BlockCipher cipher, ByteArrayAccess iv) => AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
-- | class of block cipher with a 128 bits block size
class BlockCipher cipher => BlockCipher128 cipher where xtsEncrypt = xtsEncryptGeneric xtsDecrypt = xtsDecryptGeneric
xtsEncrypt :: (BlockCipher128 cipher, ByteArray ba) => (cipher, cipher) -> IV cipher -> DataUnitOffset -> ba -> ba
xtsDecrypt :: (BlockCipher128 cipher, ByteArray ba) => (cipher, cipher) -> IV cipher -> DataUnitOffset -> ba -> ba
-- | Symmetric stream cipher class
class Cipher cipher => StreamCipher cipher
streamCombine :: (StreamCipher cipher, ByteArray ba) => cipher -> ba -> (ba, cipher)
-- | Offset inside an XTS data unit, measured in block size.
type DataUnitOffset = Word32
-- | Different specifier for key size in bytes
data KeySizeSpecifier
-- | in the range [min,max]
KeySizeRange :: Int -> Int -> KeySizeSpecifier
-- | one of the specified values
KeySizeEnum :: [Int] -> KeySizeSpecifier
-- | a specific size
KeySizeFixed :: Int -> KeySizeSpecifier
-- | AEAD Mode
data AEADMode
AEAD_OCB :: AEADMode
AEAD_CCM :: AEADMode
AEAD_EAX :: AEADMode
AEAD_CWC :: AEADMode
AEAD_GCM :: AEADMode
-- | AEAD Implementation
data AEADModeImpl st
AEADModeImpl :: (forall ba. ByteArrayAccess ba => st -> ba -> st) -> (forall ba. ByteArray ba => st -> ba -> (ba, st)) -> (forall ba. ByteArray ba => st -> ba -> (ba, st)) -> (st -> Int -> AuthTag) -> AEADModeImpl st
aeadImplAppendHeader :: AEADModeImpl st -> forall ba. ByteArrayAccess ba => st -> ba -> st
aeadImplEncrypt :: AEADModeImpl st -> forall ba. ByteArray ba => st -> ba -> (ba, st)
aeadImplDecrypt :: AEADModeImpl st -> forall ba. ByteArray ba => st -> ba -> (ba, st)
aeadImplFinalize :: AEADModeImpl st -> st -> Int -> AuthTag
-- | Authenticated Encryption with Associated Data algorithms
data AEAD cipher
AEAD :: AEADModeImpl st -> st -> AEAD cipher
aeadModeImpl :: AEAD cipher -> AEADModeImpl st
aeadState :: AEAD cipher -> st
-- | Append some header information to an AEAD context
aeadAppendHeader :: ByteArrayAccess aad => AEAD cipher -> aad -> AEAD cipher
-- | Encrypt some data and update the AEAD context
aeadEncrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher)
-- | Decrypt some data and update the AEAD context
aeadDecrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher)
-- | Finalize the AEAD context and return the authentication tag
aeadFinalize :: AEAD cipher -> Int -> AuthTag
-- | Simple AEAD encryption
aeadSimpleEncrypt :: (ByteArrayAccess aad, ByteArray ba) => AEAD a -> aad -> ba -> Int -> (AuthTag, ba)
-- | Simple AEAD decryption
aeadSimpleDecrypt :: (ByteArrayAccess aad, ByteArray ba) => AEAD a -> aad -> ba -> AuthTag -> Maybe ba
-- | an IV parametrized by the cipher
data IV c
-- | Create an IV for a specified block cipher
makeIV :: (ByteArrayAccess b, BlockCipher c) => b -> Maybe (IV c)
-- | Create an IV that is effectively representing the number 0
nullIV :: BlockCipher c => IV c
-- | Increment an IV by a number.
--
-- Assume the IV is in Big Endian format.
ivAdd :: BlockCipher c => IV c -> Int -> IV c
-- | Authentification Tag for AE cipher mode
newtype AuthTag
AuthTag :: Bytes -> AuthTag
unAuthTag :: AuthTag -> Bytes
module Crypto.Cipher.Blowfish
-- | variable keyed blowfish state
data Blowfish
-- | 64 bit keyed blowfish state
data Blowfish64
-- | 128 bit keyed blowfish state
data Blowfish128
-- | 256 bit keyed blowfish state
data Blowfish256
-- | 448 bit keyed blowfish state
data Blowfish448
instance NFData Blowfish
instance NFData Blowfish64
instance NFData Blowfish128
instance NFData Blowfish256
instance NFData Blowfish448
instance BlockCipher Blowfish448
instance Cipher Blowfish448
instance BlockCipher Blowfish256
instance Cipher Blowfish256
instance BlockCipher Blowfish128
instance Cipher Blowfish128
instance BlockCipher Blowfish64
instance Cipher Blowfish64
instance BlockCipher Blowfish
instance Cipher Blowfish
-- | Camellia support. only 128 bit variant available for now.
module Crypto.Cipher.Camellia
-- | Camellia block cipher with 128 bit key
data Camellia128
instance BlockCipher Camellia128
instance Cipher Camellia128
module Crypto.Cipher.DES
-- | DES Context
data DES
instance Eq DES
instance BlockCipher DES
instance Cipher DES
module Crypto.Cipher.TripleDES
-- | 3DES with 3 different keys used all in the same direction
data DES_EEE3
-- | 3DES with 3 different keys used in alternative direction
data DES_EDE3
-- | 3DES where the first and third keys are equal, used in the same
-- direction
data DES_EEE2
-- | 3DES where the first and third keys are equal, used in alternative
-- direction
data DES_EDE2
instance Eq DES_EEE3
instance Eq DES_EDE3
instance Eq DES_EEE2
instance Eq DES_EDE2
instance BlockCipher DES_EDE2
instance BlockCipher DES_EEE2
instance BlockCipher DES_EDE3
instance BlockCipher DES_EEE3
instance Cipher DES_EEE2
instance Cipher DES_EDE2
instance Cipher DES_EDE3
instance Cipher DES_EEE3
-- | P256 support
module Crypto.PubKey.ECC.P256
-- | A P256 scalar
data Scalar
-- | A P256 point
data Point
-- | Add a point to another point
pointAdd :: Point -> Point -> Point
-- | Multiply a point by a scalar
--
-- warning: variable time
pointMul :: Scalar -> Point -> Point
-- | multiply the point p with n2 and add a lifted to curve value
-- @n1
--
--
-- n1 * G + n2 * p
--
--
-- warning: variable time
pointsMulVarTime :: Scalar -> Scalar -> Point -> Point
-- | Check if a Point is valid
pointIsValid :: Point -> Bool
-- | Lift to curve a scalar
--
-- Using the curve generator as base point compute:
--
--
-- scalar * G
--
toPoint :: Scalar -> Point
pointToIntegers :: Point -> (Integer, Integer)
pointFromIntegers :: (Integer, Integer) -> Point
pointToBinary :: ByteArray ba => Point -> ba
pointFromBinary :: ByteArrayAccess ba => ba -> CryptoFailable Point
-- | The scalar representing 0
scalarZero :: Scalar
scalarIsZero :: Scalar -> Bool
-- | Perform addition between two scalars
--
--
-- a + b
--
scalarAdd :: Scalar -> Scalar -> Scalar
-- | Perform subtraction between two scalars
--
--
-- a - b
--
scalarSub :: Scalar -> Scalar -> Scalar
-- | Give the inverse of the scalar
--
--
-- 1 / a
--
--
-- warning: variable time
scalarInv :: Scalar -> Scalar
-- | Compare 2 Scalar
scalarCmp :: Scalar -> Scalar -> Ordering
-- | convert a scalar from binary
scalarFromBinary :: ByteArrayAccess ba => ba -> CryptoFailable Scalar
-- | convert a scalar to binary
scalarToBinary :: ByteArray ba => Scalar -> ba
scalarFromInteger :: Integer -> CryptoFailable Scalar
scalarToInteger :: Scalar -> Integer
instance Eq Scalar
instance ByteArrayAccess Scalar
instance Show Point
instance Eq Point
-- | Ed25519 support
module Crypto.PubKey.Ed25519
-- | An Ed25519 Secret key
data SecretKey
-- | An Ed25519 public key
data PublicKey
-- | An Ed25519 signature
data Signature
-- | Try to build a signature from a bytearray
signature :: ByteArrayAccess ba => ba -> CryptoFailable Signature
-- | Try to build a public key from a bytearray
publicKey :: ByteArrayAccess ba => ba -> CryptoFailable PublicKey
-- | Try to build a secret key from a bytearray
secretKey :: ByteArrayAccess ba => ba -> CryptoFailable SecretKey
-- | Create a public key from a secret key
toPublic :: SecretKey -> PublicKey
-- | Sign a message using the key pair
sign :: ByteArrayAccess ba => SecretKey -> PublicKey -> ba -> Signature
-- | Verify a message
verify :: ByteArrayAccess ba => PublicKey -> ba -> Signature -> Bool
instance Eq SecretKey
instance ByteArrayAccess SecretKey
instance NFData SecretKey
instance Show PublicKey
instance Eq PublicKey
instance ByteArrayAccess PublicKey
instance NFData PublicKey
instance Show Signature
instance Eq Signature
instance ByteArrayAccess Signature
instance NFData Signature
module Crypto.Cipher.AES
-- | AES with 128 bit key
data AES128
-- | AES with 192 bit key
data AES192
-- | AES with 256 bit key
data AES256
instance NFData AES128
instance NFData AES192
instance NFData AES256
instance BlockCipher128 AES256
instance BlockCipher AES256
instance BlockCipher128 AES192
instance BlockCipher AES192
instance BlockCipher128 AES128
instance BlockCipher AES128
instance Cipher AES256
instance Cipher AES192
instance Cipher AES128