crypto-api-0.10.2: A generic interface for cryptographic operations

Portabilityportable
Stabilitybeta
MaintainerThomas.DuBuisson@gmail.com
Safe HaskellSafe-Infered

Crypto.Classes

Contents

Description

This is the heart of the crypto-api package. By making (or having) an instance of Hash, AsymCipher, BlockCipher or StreamCipher you provide (or obtain) access to any infrastructure built on these primitives include block cipher modes of operation, hashing, hmac, signing, etc. These classes allow users to build routines that are agnostic to the algorithm used so changing algorithms is as simple as changing a type signature.

Synopsis

Hash class and helper functions

class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d whereSource

The Hash class is intended as the generic interface targeted by maintainers of Haskell digest implementations. Using this generic interface, higher level functions such as hash and hash' provide a useful API for comsumers of hash implementations.

Any instantiated implementation must handle unaligned data

Methods

outputLengthSource

Arguments

:: Tagged d BitLength

The size of the digest when encoded

blockLengthSource

Arguments

:: Tagged d BitLength

The amount of data operated on in each round of the digest computation

initialCtxSource

Arguments

:: ctx

An initial context, provided with the first call to updateCtx

updateCtxSource

Arguments

:: ctx 
-> ByteString 
-> ctx

Used to update a context, repeatedly called until all data is exhausted must operate correctly for imputs of n*blockLength bytes for n elem [0..]

finalizeSource

Arguments

:: ctx 
-> ByteString 
-> d

Finializing a context, plus any message data less than the block size, into a digest

hash :: Hash ctx d => ByteString -> dSource

Hash a lazy ByteString, creating a digest

hash' :: Hash ctx d => ByteString -> dSource

Hash a strict ByteString, creating a digest

hashFunc :: Hash c d => d -> ByteString -> dSource

Obtain a lazy hash function whose result is the same type as the given digest, which is discarded. If the type is already inferred then consider using the hash function instead.

hashFunc' :: Hash c d => d -> ByteString -> dSource

Obtain a strict hash function whose result is the same type as the given digest, which is discarded. If the type is already inferred then consider using the hash' function instead.

Cipher classes and helper functions

class Serialize k => BlockCipher k whereSource

The BlockCipher class is intended as the generic interface targeted by maintainers of Haskell cipher implementations. Using this generic interface higher level functions such as cbc, and other functions from Data.Crypto.Modes, provide a useful API for comsumers of cipher implementations.

Instances must handle unaligned data

Methods

blockSizeSource

Arguments

:: Tagged k BitLength

The size of a single block; the smallest unit on which the cipher operates.

encryptBlockSource

Arguments

:: k 
-> ByteString 
-> ByteString

encrypt data of size n*blockSize where n elem [0..] (ecb encryption)

decryptBlockSource

Arguments

:: k 
-> ByteString 
-> ByteString

decrypt data of size n*blockSize where n elem [0..] (ecb decryption)

buildKeySource

Arguments

:: ByteString 
-> Maybe k

smart constructor for keys from a bytestring.

keyLengthSource

Arguments

:: Tagged k BitLength

length of the cryptographic key

blockSizeBytes :: BlockCipher k => Tagged k ByteLengthSource

The number of bytes in a block cipher block

buildKeyIO :: BlockCipher k => IO kSource

Build a symmetric key using the system entropy (see Random)

class Serialize k => StreamCipher k iv | k -> iv whereSource

A stream cipher class. Instance are expected to work on messages as small as one byte The length of the resulting cipher text should be equal to the length of the input message.

buildStreamKeyIO :: StreamCipher k iv => IO kSource

Build a stream key using the system random generator

class (Serialize p, Serialize v) => AsymCipher p v | p -> v, v -> p whereSource

Asymetric ciphers (common ones being RSA or EC based)

Methods

buildKeyPairSource

Arguments

:: CryptoRandomGen g 
=> g 
-> BitLength 
-> Either GenError ((p, v), g)

build a public/private key pair using the provided generator

encryptAsymSource

Arguments

:: CryptoRandomGen g 
=> g 
-> p 
-> ByteString 
-> Either GenError (ByteString, g)

Asymetric encryption

decryptAsymSource

Arguments

:: v 
-> ByteString 
-> Maybe ByteString

Asymetric decryption

publicKeyLength :: p -> BitLengthSource

privateKeyLength :: v -> BitLengthSource

buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))Source

Build a pair of asymmetric keys using the system random generator.

class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p whereSource

A class for signing operations which inherently can not be as generic as asymetric ciphers (ex: DSA).

buildSigningKeyPairIO :: Signing p v => BitLength -> IO (Either GenError (p, v))Source

Build a signing key using the system random generator

Misc helper functions

for :: Tagged a b -> a -> bSource

Obtain a tagged value for a given type

(.::.) :: Tagged a b -> a -> bSource

Infix for operator

constTimeEq :: ByteString -> ByteString -> BoolSource

Checks two bytestrings for equality without breaches for timing attacks.

Semantically, constTimeEq = (==). However, x == y takes less time when the first byte is different than when the first byte is equal. This side channel allows an attacker to mount a timing attack. On the other hand, constTimeEq always takes the same time regardless of the bytestrings' contents, unless they are of difference size.

You should always use constTimeEq when comparing secrets, otherwise you may leave a significant security hole (cf. http://codahale.com/a-lesson-in-timing-attacks/).

encode :: Serialize a => a -> ByteString

Encode a value using binary serialization to a strict ByteString.