-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Stronger password hashing via sequential memory-hard functions.
--   
--   This package provides bindings to Colin Percival's <a>scrypt</a>
--   implementation (<a>http://www.tarsnap.com/scrypt.html</a>). Scrypt is
--   a key derivation function designed to be far more secure against
--   hardware brute-force attacks than alternative functions such as PBKDF2
--   or bcrypt.
--   
--   Details of the scrypt key derivation function are given in a paper by
--   Colin Percival, Stronger Key Derivation via Sequential Memory-Hard
--   Functions: <a>http://www.tarsnap.com/scrypt/scrypt.pdf</a>.
@package scrypt
@version 0.3.4


-- | Scrypt is a sequential memory-hard key derivation function. This
--   module provides low-level bindings to the <a>scrypt</a> key derivation
--   function as well as a higher-level password-storage API. It is based
--   on a fast C implementation of scrypt, written by Colin Percival. For
--   further information see <a>http://www.tarsnap.com/scrypt.html</a>.
module Crypto.Scrypt

-- | Encapsulates the three tuning parameters to the <a>scrypt</a>
--   function: <tt>N</tt>, <tt>r</tt> and <tt>p</tt> (see above).
data ScryptParams

-- | Constructor function for the <a>ScryptParams</a> data type
scryptParams :: Integer -> Integer -> Integer -> Maybe ScryptParams

-- | Default parameters as recommended in the scrypt paper:
--   
--   <pre>
--   N = 2^14, r = 8, p = 1
--   </pre>
--   
--   Equivalent to <tt><a>fromJust</a> (<a>scryptParams</a> 14 8 1)</tt>.
defaultParams :: ScryptParams
newtype EncryptedPass
EncryptedPass :: ByteString -> EncryptedPass
unEncryptedPass :: EncryptedPass -> ByteString

-- | Encrypt the password with the given parameters and a random 32-byte
--   salt. The salt is read from <tt>/dev/urandom</tt> on Unix systems or
--   <tt>CryptoAPI</tt> on Windows.
encryptPass :: ScryptParams -> Pass -> IO EncryptedPass

-- | Equivalent to <tt>encryptPass defaultParams</tt>.
encryptPass' :: Pass -> IO EncryptedPass

-- | Verify a <a>Pass</a> against an <a>EncryptedPass</a>. The function
--   also takes <a>ScryptParams</a> meeting your current security
--   requirements. In case the <a>EncryptedPass</a> was generated with
--   different parameters, the function returns an updated
--   <a>EncryptedPass</a>, generated with the given <a>ScryptParams</a>.
--   The <a>Salt</a> is kept from the given <a>EncryptedPass</a>.
verifyPass :: ScryptParams -> Pass -> EncryptedPass -> (Bool, Maybe EncryptedPass)

-- | Check the <a>Pass</a> against the <a>EncryptedPass</a>, using the
--   <a>ScryptParams</a> encapsulated in the <a>EncryptedPass</a>.
verifyPass' :: Pass -> EncryptedPass -> Bool
newtype Pass
Pass :: ByteString -> Pass
unPass :: Pass -> ByteString
newtype Salt
Salt :: ByteString -> Salt
unSalt :: Salt -> ByteString
newtype PassHash
PassHash :: ByteString -> PassHash
unHash :: PassHash -> ByteString

-- | Calculates a 64-byte hash from the given password, salt and
--   parameters.
scrypt :: ScryptParams -> Salt -> Pass -> PassHash

-- | Note the prime symbol ('). Calls <a>scrypt</a> with
--   <a>defaultParams</a>.
scrypt' :: Salt -> Pass -> PassHash
instance Show Pass
instance Eq Pass
instance Show Salt
instance Eq Salt
instance Show PassHash
instance Eq PassHash
instance Show EncryptedPass
instance Eq EncryptedPass
instance Eq ScryptParams
instance Show ScryptParams