| Portability | portable |
|---|---|
| Stability | beta |
| Maintainer | Thomas.DuBuisson@gmail.com |
| Safe Haskell | Safe-Infered |
Crypto.Classes
Description
This is the heart of the crypto-api package. By making (or having) an instance of Hash, AsymCipher, BlockCipher or StreamCipher you provide (or obtain) access to any infrastructure built on these primitives include block cipher modes of operation, hashing, hmac, signing, etc. These classes allow users to build routines that are agnostic to the algorithm used so changing algorithms is as simple as changing a type signature.
- class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d where
- outputLength :: Tagged d BitLength
- blockLength :: Tagged d BitLength
- initialCtx :: ctx
- updateCtx :: ctx -> ByteString -> ctx
- finalize :: ctx -> ByteString -> d
- hash :: Hash ctx d => ByteString -> d
- hash' :: Hash ctx d => ByteString -> d
- hashFunc :: Hash c d => d -> ByteString -> d
- hashFunc' :: Hash c d => d -> ByteString -> d
- class Serialize k => BlockCipher k where
- blockSize :: Tagged k BitLength
- encryptBlock :: k -> ByteString -> ByteString
- decryptBlock :: k -> ByteString -> ByteString
- buildKey :: ByteString -> Maybe k
- keyLength :: Tagged k BitLength
- blockSizeBytes :: BlockCipher k => Tagged k ByteLength
- buildKeyIO :: BlockCipher k => IO k
- class Serialize k => StreamCipher k iv | k -> iv where
- buildStreamKey :: ByteString -> Maybe k
- encryptStream :: k -> iv -> ByteString -> (ByteString, iv)
- decryptStream :: k -> iv -> ByteString -> (ByteString, iv)
- streamKeyLength :: Tagged k BitLength
- buildStreamKeyIO :: StreamCipher k iv => IO k
- class (Serialize p, Serialize v) => AsymCipher p v | p -> v, v -> p where
- buildKeyPair :: CryptoRandomGen g => g -> BitLength -> Either GenError ((p, v), g)
- encryptAsym :: CryptoRandomGen g => g -> p -> ByteString -> Either GenError (ByteString, g)
- decryptAsym :: v -> ByteString -> Maybe ByteString
- publicKeyLength :: p -> BitLength
- privateKeyLength :: v -> BitLength
- buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))
- class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p where
- sign :: CryptoRandomGen g => g -> v -> ByteString -> Either GenError (ByteString, g)
- verify :: p -> ByteString -> ByteString -> Bool
- buildSigningPair :: CryptoRandomGen g => g -> BitLength -> Either GenError ((p, v), g)
- signingKeyLength :: v -> BitLength
- verifyingKeyLength :: p -> BitLength
- buildSigningKeyPairIO :: Signing p v => BitLength -> IO (Either GenError (p, v))
- for :: Tagged a b -> a -> b
- (.::.) :: Tagged a b -> a -> b
- constTimeEq :: ByteString -> ByteString -> Bool
- encode :: Serialize a => a -> ByteString
Hash class and helper functions
class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d whereSource
The Hash class is intended as the generic interface
targeted by maintainers of Haskell digest implementations.
Using this generic interface, higher level functions
such as hash and hash' provide a useful API
for comsumers of hash implementations.
Any instantiated implementation must handle unaligned data
Methods
Arguments
| :: Tagged d BitLength | The amount of data operated on in each round of the digest computation |
Arguments
| :: ctx | An initial context, provided with the first call to |
Arguments
| :: ctx | |
| -> ByteString | |
| -> ctx | Used to update a context, repeatedly called until all data is exhausted
must operate correctly for imputs of |
Arguments
| :: ctx | |
| -> ByteString | |
| -> d | Finializing a context, plus any message data less than the block size, into a digest |
hash :: Hash ctx d => ByteString -> dSource
Hash a lazy ByteString, creating a digest
hash' :: Hash ctx d => ByteString -> dSource
Hash a strict ByteString, creating a digest
hashFunc :: Hash c d => d -> ByteString -> dSource
Obtain a lazy hash function whose result is the same type
as the given digest, which is discarded. If the type is already inferred then
consider using the hash function instead.
hashFunc' :: Hash c d => d -> ByteString -> dSource
Obtain a strict hash function whose result is the same type
as the given digest, which is discarded. If the type is already inferred then
consider using the hash' function instead.
Cipher classes and helper functions
class Serialize k => BlockCipher k whereSource
The BlockCipher class is intended as the generic interface
targeted by maintainers of Haskell cipher implementations.
Using this generic interface higher level functions
such as cbc, and other functions from Data.Crypto.Modes, provide a useful API
for comsumers of cipher implementations.
Instances must handle unaligned data
Methods
Arguments
| :: Tagged k BitLength | The size of a single block; the smallest unit on which the cipher operates. |
Arguments
| :: k | |
| -> ByteString | |
| -> ByteString | encrypt data of size |
Arguments
| :: k | |
| -> ByteString | |
| -> ByteString | decrypt data of size |
Arguments
| :: ByteString | |
| -> Maybe k | smart constructor for keys from a bytestring. |
blockSizeBytes :: BlockCipher k => Tagged k ByteLengthSource
The number of bytes in a block cipher block
buildKeyIO :: BlockCipher k => IO kSource
Build a symmetric key using the system entropy (see Random)
class Serialize k => StreamCipher k iv | k -> iv whereSource
A stream cipher class. Instance are expected to work on messages as small as one byte The length of the resulting cipher text should be equal to the length of the input message.
Methods
buildStreamKey :: ByteString -> Maybe kSource
encryptStream :: k -> iv -> ByteString -> (ByteString, iv)Source
decryptStream :: k -> iv -> ByteString -> (ByteString, iv)Source
buildStreamKeyIO :: StreamCipher k iv => IO kSource
Build a stream key using the system random generator
class (Serialize p, Serialize v) => AsymCipher p v | p -> v, v -> p whereSource
Asymetric ciphers (common ones being RSA or EC based)
Methods
Arguments
| :: CryptoRandomGen g | |
| => g | |
| -> BitLength | |
| -> Either GenError ((p, v), g) | build a public/private key pair using the provided generator |
Arguments
| :: CryptoRandomGen g | |
| => g | |
| -> p | |
| -> ByteString | |
| -> Either GenError (ByteString, g) | Asymetric encryption |
Arguments
| :: v | |
| -> ByteString | |
| -> Maybe ByteString | Asymetric decryption |
publicKeyLength :: p -> BitLengthSource
privateKeyLength :: v -> BitLengthSource
buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))Source
Build a pair of asymmetric keys using the system random generator.
class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p whereSource
A class for signing operations which inherently can not be as generic as asymetric ciphers (ex: DSA).
Methods
sign :: CryptoRandomGen g => g -> v -> ByteString -> Either GenError (ByteString, g)Source
verify :: p -> ByteString -> ByteString -> BoolSource
buildSigningPair :: CryptoRandomGen g => g -> BitLength -> Either GenError ((p, v), g)Source
signingKeyLength :: v -> BitLengthSource
verifyingKeyLength :: p -> BitLengthSource
buildSigningKeyPairIO :: Signing p v => BitLength -> IO (Either GenError (p, v))Source
Build a signing key using the system random generator
Misc helper functions
constTimeEq :: ByteString -> ByteString -> BoolSource
Checks two bytestrings for equality without breaches for timing attacks.
Semantically, constTimeEq = (==). However, x == y takes less
time when the first byte is different than when the first byte
is equal. This side channel allows an attacker to mount a
timing attack. On the other hand, constTimeEq always takes the
same time regardless of the bytestrings' contents, unless they are
of difference size.
You should always use constTimeEq when comparing secrets,
otherwise you may leave a significant security hole
(cf. http://codahale.com/a-lesson-in-timing-attacks/).
encode :: Serialize a => a -> ByteString
Encode a value using binary serialization to a strict ByteString.