Safe Haskell | None |
---|
This module contains wrappers for cryptographic functions
using the conduit
package. Currently there is support for
hashes, HMACs and many modes of block ciphers (but not
everything crypto-api
supports has a counterpart here).
All functions on this package work in constant memory.
- sinkHash :: (Monad m, Hash ctx d) => GLSink ByteString m d
- hashFile :: (MonadIO m, Hash ctx d) => FilePath -> m d
- sinkHmac :: (Monad m, Hash ctx d) => MacKey ctx d -> GLSink ByteString m d
- conduitEncryptEcb :: (Monad m, BlockCipher k) => k -> GLInfConduit ByteString m ByteString
- conduitDecryptEcb :: (Monad m, BlockCipher k) => k -> GLInfConduit ByteString m ByteString
- conduitEncryptCbc :: (Monad m, BlockCipher k) => k -> IV k -> GLInfConduit ByteString m ByteString
- conduitDecryptCbc :: (Monad m, BlockCipher k) => k -> IV k -> GLInfConduit ByteString m ByteString
- conduitEncryptCfb :: (Monad m, BlockCipher k) => k -> IV k -> GLInfConduit ByteString m ByteString
- conduitDecryptCfb :: (Monad m, BlockCipher k) => k -> IV k -> GLInfConduit ByteString m ByteString
- conduitEncryptOfb :: (Monad m, BlockCipher k) => k -> IV k -> GLInfConduit ByteString m ByteString
- conduitDecryptOfb :: (Monad m, BlockCipher k) => k -> IV k -> GLInfConduit ByteString m ByteString
- conduitEncryptCtr :: (Monad m, BlockCipher k) => k -> IV k -> (IV k -> IV k) -> GLInfConduit ByteString m ByteString
- conduitDecryptCtr :: (Monad m, BlockCipher k) => k -> IV k -> (IV k -> IV k) -> GLInfConduit ByteString m ByteString
- sourceCtr :: (Monad m, BlockCipher k) => k -> IV k -> GSource m ByteString
- sinkCbcMac :: (Monad m, BlockCipher k) => k -> GLSink ByteString m ByteString
- blocked :: Monad m => BlockMode -> ByteLength -> GInfConduit ByteString m Block
- data BlockMode
- data Block
Cryptographic hash functions
sinkHash :: (Monad m, Hash ctx d) => GLSink ByteString m dSource
A Sink
that hashes a stream of ByteString
s
and
creates a digest d
.
hashFile :: (MonadIO m, Hash ctx d) => FilePath -> m dSource
Hashes the whole contents of the given file in constant
memory. This function is just a convenient wrapper around
sinkHash
defined as:
hashFile fp =liftIO
$runResourceT
(sourceFile
fp$$
sinkHash
)
Hash-based message authentication code (HMAC)
sinkHmac :: (Monad m, Hash ctx d) => MacKey ctx d -> GLSink ByteString m dSource
A Sink
that computes the HMAC of a stream of
ByteString
s
and creates a digest d
.
Block ciphers
Electronic codebook mode (ECB)
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> GLInfConduit ByteString m ByteString |
A Conduit
that encrypts a stream of ByteString
s
using ECB mode. Expects the input length to be a multiple of
the block size of the cipher and fails otherwise. (Note that
ECB has many undesirable cryptographic properties, please
avoid it if you don't know what you're doing.)
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> GLInfConduit ByteString m ByteString |
A Conduit
that decrypts a stream of ByteString
s
using ECB mode. Expects the input length to be a multiple of
the block size of the cipher and fails otherwise.
Cipher-block chaining mode (CBC)
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> GLInfConduit ByteString m ByteString |
A Conduit
that encrypts a stream of ByteString
s
using CBC mode. Expects the input length to be a multiple of
the block size of the cipher and fails otherwise.
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> GLInfConduit ByteString m ByteString |
A Conduit
that decrypts a stream of ByteString
s
using CBC mode. Expects the input length to be a multiple of
the block size of the cipher and fails otherwise.
Cipher feedback mode (CFB)
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> GLInfConduit ByteString m ByteString |
A Conduit
that encrypts a stream of ByteString
s
using CFB mode. Expects the input length to be a multiple of
the block size of the cipher and fails otherwise.
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> GLInfConduit ByteString m ByteString |
A Conduit
that decrypts a stream of ByteString
s
using CFB mode. Expects the input length to be a multiple of
the block size of the cipher and fails otherwise.
Output feedback mode (OFB)
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> GLInfConduit ByteString m ByteString |
A Conduit
that encrypts a stream of ByteString
s
using OFB mode. Expects the input length to be a multiple of
the block size of the cipher and fails otherwise.
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> GLInfConduit ByteString m ByteString |
Synonym for conduitEncryptOfb
, since for OFB mode both
encryption and decryption are the same.
Counter mode (CTR)
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> (IV k -> IV k) | Increment counter ( |
-> GLInfConduit ByteString m ByteString |
A Conduit
that encrypts a stream of ByteString
s
using CTR mode. The input may have any length, even
non-multiples of the block size.
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> (IV k -> IV k) | Increment counter ( |
-> GLInfConduit ByteString m ByteString |
Synonym for conduitEncryptCtr
, since for CTR mode both
encryption and decryption are the same.
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> IV k | Initialization vector. |
-> GSource m ByteString |
An infinite stream of bytes generated by a block cipher on CTR mode.
Cipher-block chaining message authentication code (CBC-MAC)
:: (Monad m, BlockCipher k) | |
=> k | Cipher key. |
-> GLSink ByteString m ByteString |
A Sink
that computes the CBC-MAC of a stream of
ByteString
s
and creates a digest (already encoded in a
ByteString
, since we're using a block cipher). Expects
the input length to be a multiple of the block size of the
cipher and fails otherwise. (Note that CBC-MAC is not secure
for variable-length messages.)
Internal helpers
:: Monad m | |
=> BlockMode | |
-> ByteLength | Block size |
-> GInfConduit ByteString m Block |
A Conduit
that takes arbitrary ByteString
s
and
outputs Block
s
. Each Full
block will have a length that
is multiple of the given block size (either exactly the block
size or a multiple of at least 1x the block size, depending on
the BlockMode
). All Block
s
beside the last one will be
Full
. The last block will always be LastOne
with less
bytes than the block size, possibly zero.
How Block
s should be returned, either with strictly the
block size or with a multiple of at least 1x the block size.