Safe Haskell	Safe-Inferred
Language	Haskell2010

Crypto.Paseto.Protocol.V3

Contents

Local purpose
Public purpose

Description

Implementation of PASETO version 3 (modern NIST cryptography).

Synopsis

v3LocalTokenHeader :: ByteString
data EncryptionError
- = EncryptionCryptoError !CryptoError
- | EncryptionInvalidInitializationVectorSizeError !Int !Int
renderEncryptionError :: EncryptionError -> Text
encrypt :: SymmetricKey V3 -> Claims -> Maybe Footer -> Maybe ImplicitAssertion -> ExceptT EncryptionError IO (Token V3 Local)
encryptPure :: ByteString -> SymmetricKey V3 -> Claims -> Maybe Footer -> Maybe ImplicitAssertion -> Either EncryptionError (Token V3 Local)
data DecryptionError
renderDecryptionError :: DecryptionError -> Text
decrypt :: SymmetricKey V3 -> Token V3 Local -> Maybe Footer -> Maybe ImplicitAssertion -> Either DecryptionError Claims
v3PublicTokenHeader :: ByteString
data SigningError = SigningKIsZeroError
renderSigningError :: SigningError -> Text
sign :: SigningKey V3 -> Claims -> Maybe Footer -> Maybe ImplicitAssertion -> ExceptT SigningError IO (Token V3 Public)
signPure :: Integer -> SigningKey V3 -> Claims -> Maybe Footer -> Maybe ImplicitAssertion -> Either SigningError (Token V3 Public)
data VerificationError
renderVerificationError :: VerificationError -> Text
verify :: VerificationKey V3 -> Token V3 Public -> Maybe Footer -> Maybe ImplicitAssertion -> Either VerificationError Claims

Local purpose

v3LocalTokenHeader :: ByteString Source #

data EncryptionError Source #

PASETO version 3 encryption error.

Constructors

EncryptionCryptoError !CryptoError	`CryptoError` that occurred during encryption.
EncryptionInvalidInitializationVectorSizeError	Initialization vector is of an invalid size.
Fields !Int Expected size. !Int Actual size.

Instances

Instances details

Show EncryptionError Source #
Instance details Defined in Crypto.Paseto.Protocol.V3 Methods showsPrec :: Int -> EncryptionError -> ShowS # show :: EncryptionError -> String # showList :: [EncryptionError] -> ShowS #
Eq EncryptionError Source #
Instance details Defined in Crypto.Paseto.Protocol.V3 Methods (==) :: EncryptionError -> EncryptionError -> Bool # (/=) :: EncryptionError -> EncryptionError -> Bool #

renderEncryptionError :: EncryptionError -> Text Source #

Render an EncryptionError as Text.

encrypt Source #

Arguments

:: SymmetricKey V3	Symmetric key.
-> Claims	Claims to be encrypted.
-> Maybe Footer	Optional footer to authenticate and encode within the resulting token.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> ExceptT EncryptionError IO (Token V3 Local)

PASETO version 3 encryption.

This is an authenticated encryption with associated data (AEAD) algorithm which combines the AES-256-CTR block cipher with the HMAC-SHA384 message authentication code.

Note that this function essentially just calls encryptPure with a random 32-byte nonce generated from the operating system's CSPRNG.

encryptPure Source #

Arguments

:: ByteString	Random 32-byte nonce. It is recommended to generate this from the operating system's CSPRNG.
-> SymmetricKey V3	Symmetric key.
-> Claims	Claims to be encrypted.
-> Maybe Footer	Optional footer to authenticate and encode within the resulting token.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> Either EncryptionError (Token V3 Local)

Pure variant of encrypt.

For typical usage, please use encrypt.

data DecryptionError Source #

PASETO version 3 decryption error.

Constructors

DecryptionInvalidFooterError	Invalid token footer.
Fields !(Maybe Footer) Expected footer. !(Maybe Footer) Actual footer.
DecryptionInvalidHkdfNonceSizeError !Int	Invalid `HKDF-HMAC-SHA384` nonce size.
DecryptionInvalidHmacSizeError !Int	Invalid `HMAC-SHA384` message authentication code size.
DecryptionInvalidHmacError	Invalid `HMAC-SHA384` message authentication code.
Fields !ByteString Expected HMAC. !ByteString Actual HMAC.
DecryptionCryptoError !CryptoError	`CryptoError` that occurred during decryption.
DecryptionInvalidInitializationVectorSizeError	Initialization vector is of an invalid size.
Fields !Int Expected size. !Int Actual size.
DecryptionClaimsDeserializationError !String	Error deserializing a decrypted collection of claims as JSON.

Instances

Instances details

Show DecryptionError Source #
Instance details Defined in Crypto.Paseto.Protocol.V3 Methods showsPrec :: Int -> DecryptionError -> ShowS # show :: DecryptionError -> String # showList :: [DecryptionError] -> ShowS #
Eq DecryptionError Source #
Instance details Defined in Crypto.Paseto.Protocol.V3 Methods (==) :: DecryptionError -> DecryptionError -> Bool # (/=) :: DecryptionError -> DecryptionError -> Bool #

renderDecryptionError :: DecryptionError -> Text Source #

Render a DecryptionError as Text.

decrypt Source #

Arguments

:: SymmetricKey V3	Symmetric key.
-> Token V3 Local	Token to decrypt.
-> Maybe Footer	Optional footer to authenticate.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> Either DecryptionError Claims

PASETO version 3 decryption.

Public purpose

v3PublicTokenHeader :: ByteString Source #

data SigningError Source #

PASETO version 3 cryptographic signing error.

Constructors

SigningKIsZeroError

Random number, k, is zero.

Instances

Instances details

Show SigningError Source #
Instance details Defined in Crypto.Paseto.Protocol.V3 Methods showsPrec :: Int -> SigningError -> ShowS # show :: SigningError -> String # showList :: [SigningError] -> ShowS #
Eq SigningError Source #
Instance details Defined in Crypto.Paseto.Protocol.V3 Methods (==) :: SigningError -> SigningError -> Bool # (/=) :: SigningError -> SigningError -> Bool #

renderSigningError :: SigningError -> Text Source #

Render a SigningError as Text.

sign Source #

Arguments

:: SigningKey V3	Signing key.
-> Claims	Claims to be signed.
-> Maybe Footer	Optional footer to authenticate and encode within the resulting token.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> ExceptT SigningError IO (Token V3 Public)

PASETO version 3 cryptographic signing.

This implementation produces a token which is signed using ECDSA over P-384 and SHA-384.

Note that this function essentially just calls signPure with a randomly-generated scalar multiple, k.

signPure Source #

Arguments

:: Integer	Explicit `k` scalar.
-> SigningKey V3	Signing key.
-> Claims	Claims to be signed.
-> Maybe Footer	Optional footer to authenticate and encode within the resulting token.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> Either SigningError (Token V3 Public)

Pure variant of sign.

For typical usage, please use sign.

data VerificationError Source #

PASETO version 3 signature verification error.

Constructors

VerificationInvalidFooterError	Invalid token footer.
Fields !(Maybe Footer) Expected footer. !(Maybe Footer) Actual footer.
VerificationInvalidSignatureSizeError	Signature size is invalid.
VerificationInvalidSignatureError	Signature verification failed.
VerificationClaimsDeserializationError !String	Error deserializing a verified collection of claims as JSON.

Instances

Instances details

Show VerificationError Source #
Instance details Defined in Crypto.Paseto.Protocol.V3 Methods showsPrec :: Int -> VerificationError -> ShowS # show :: VerificationError -> String # showList :: [VerificationError] -> ShowS #
Eq VerificationError Source #
Instance details Defined in Crypto.Paseto.Protocol.V3 Methods (==) :: VerificationError -> VerificationError -> Bool # (/=) :: VerificationError -> VerificationError -> Bool #

renderVerificationError :: VerificationError -> Text Source #

Render a VerificationError as Text.

verify Source #

Arguments

:: VerificationKey V3	Verification key.
-> Token V3 Public	Token to verify.
-> Maybe Footer	Optional footer to authenticate.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> Either VerificationError Claims

PASETO version 3 cryptographic signature verification.