-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Reversable and secure encoding of object ids as filepaths
--   
--   Reversable and secure encoding of object ids as filepaths
@package filepath-crypto
@version 0.0.0.2

module Data.Binary.SerializationLength.TH

-- | Shorthand for defining instances of
--   <a>HasFixedSerializationLength</a>, morally:
--   
--   <pre>
--   hasFixedSerializationLength typeName byteN = [d|
--       instance HasFixedSerializiationLength $(typeName) where
--         type SerializationLength $(typeName) = $(byteN)
--     |]
--   </pre>
hasFixedSerializationLength :: Name -> Integer -> DecsQ

module Data.Binary.SerializationLength

-- | The class of types for which the result of serialization with
--   <tt>Data.Binary</tt> is known statically to be of a certain length
class KnownNat (SerializationLength a) => HasFixedSerializationLength a where type SerializationLength a :: Nat where {
    type family SerializationLength a :: Nat;
}
instance Data.Binary.SerializationLength.Class.HasFixedSerializationLength GHC.Int.Int64
instance Data.Binary.SerializationLength.Class.HasFixedSerializationLength GHC.Int.Int32
instance Data.Binary.SerializationLength.Class.HasFixedSerializationLength GHC.Int.Int16
instance Data.Binary.SerializationLength.Class.HasFixedSerializationLength GHC.Int.Int8
instance Data.Binary.SerializationLength.Class.HasFixedSerializationLength GHC.Word.Word64
instance Data.Binary.SerializationLength.Class.HasFixedSerializationLength GHC.Word.Word32
instance Data.Binary.SerializationLength.Class.HasFixedSerializationLength GHC.Word.Word16
instance Data.Binary.SerializationLength.Class.HasFixedSerializationLength GHC.Word.Word8


-- | Given a value of a serializable type (like <a>Int</a>) we perform
--   serialization and compute a cryptographic hash of the associated
--   namespace (carried as a phantom type of kind <a>Symbol</a>). The
--   serialized payload is encrypted using a symmetric cipher in CBC mode
--   using the hashed namespace as an initialization vector (IV).
--   
--   The ciphertext is then <a>base32</a>-encoded and padding stripped.
--   
--   Rather than being indicated by the amount of padding, the length of
--   the serialized plaintext is instead carried at the type level within
--   <a>CryptoFileName</a> (analogously to the namespace). Mismatches in
--   serialized plaintext length are checked for but are <i>not</i>
--   guaranteed to cause runtime errors in all cases.
--   
--   Since the serialized payload is padded to the length of the next
--   cipher block we can detect namespace mismatches by checking that all
--   bytes expected to have been inserted during padding are nil. The
--   probability of detecting a namespace mismatch is thus &lt;math&gt;
--   where &lt;math&gt; is the length of the serialized payload and
--   &lt;math&gt; the length of a ciphertext block (both in bits).
module System.FilePath.Cryptographic
newtype CryptoID (namespace :: Symbol) a :: Symbol -> * -> *
CryptoID :: a -> CryptoID a
[ciphertext] :: CryptoID a -> a
type CryptoFileName (namespace :: Symbol) = CryptoID namespace (CI FilePath)

-- | Encrypt an arbitrary serializable value
--   
--   We only expect to fail if the given value is not serialized in such a
--   fashion that it meets the expected length given at type level.
encrypt :: forall a m namespace. (KnownSymbol namespace, Binary a, MonadThrow m, HasFixedSerializationLength a) => CryptoIDKey -> a -> m (CryptoFileName namespace)

-- | Decrypt an arbitrary serializable value
--   
--   Since no integrity guarantees can be made (we do not sign the values
--   we <a>encrypt</a>) it is likely that deserialization will fail
--   emitting <a>DeserializationError</a> or
--   <a>InvalidNamespaceDetected</a>.
decrypt :: forall a m namespace. (KnownSymbol namespace, Binary a, MonadThrow m, HasFixedSerializationLength a) => CryptoIDKey -> CryptoFileName namespace -> m a

-- | Error cases that can be encountered during <a>encrypt</a> and
--   <a>decrypt</a>
--   
--   Care has been taken to ensure that presenting values of
--   <a>CryptoIDError</a> to an attacker leaks no plaintext (it does leak
--   information about the length of the plaintext).
data CryptoIDError :: *

-- | One of the underlying cryptographic algorithms (<a>CryptoHash</a> or
--   <a>CryptoCipher</a>) failed.
AlgorithmError :: CryptoError -> CryptoIDError

-- | The length of the plaintext is not a multiple of the block size of
--   <a>CryptoCipher</a>
--   
--   The length of the offending plaintext is included.
PlaintextIsWrongLength :: Int -> CryptoIDError

-- | The length of the digest produced by <a>CryptoHash</a> does not match
--   the block size of <a>CryptoCipher</a>.
--   
--   The offending digest is included.
--   
--   This error should not occur and is included primarily for sake of
--   totality.
NamespaceHashIsWrongLength :: ByteString -> CryptoIDError

-- | The produced <a>ByteString</a> is the wrong length for deserialization
--   into a ciphertext.
--   
--   The offending <a>ByteString</a> is included.
CiphertextConversionFailed :: ByteString -> CryptoIDError

-- | The plaintext obtained by decrypting a ciphertext with the given
--   <a>CryptoIDKey</a> in the context of the <tt>namespace</tt> could not
--   be deserialized into a value of the expected <tt>payload</tt>-type.
--   
--   This is expected behaviour if the <tt>namespace</tt> or
--   <tt>payload</tt>-type does not match the ones used during
--   <a>encrypt</a>ion or if the <a>ciphertext</a> was tempered with.
DeserializationError :: CryptoIDError

-- | We have determined that, allthough deserializion succeded, the
--   ciphertext was likely modified during transit or created using a
--   different namespace.
InvalidNamespaceDetected :: CryptoIDError