| Portability | portable |
|---|---|
| Stability | beta |
| Maintainer | Thomas.DuBuisson@gmail.com |
| Safe Haskell | None |
Crypto.Classes
Description
This is the heart of the crypto-api package. By making (or having) an instance of Hash, AsymCipher, BlockCipher or StreamCipher you provide (or obtain) access to any infrastructure built on these primitives include block cipher modes of operation, hashing, hmac, signing, etc. These classes allow users to build routines that are agnostic to the algorithm used so changing algorithms is as simple as changing a type signature.
- class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d where
- outputLength :: Tagged d BitLength
- blockLength :: Tagged d BitLength
- initialCtx :: ctx
- updateCtx :: ctx -> ByteString -> ctx
- finalize :: ctx -> ByteString -> d
- hash :: Hash ctx d => ByteString -> d
- hash' :: Hash ctx d => ByteString -> d
- hashFunc :: Hash c d => d -> ByteString -> d
- hashFunc' :: Hash c d => d -> ByteString -> d
- class Serialize k => BlockCipher k where
- blockSize :: Tagged k BitLength
- encryptBlock :: k -> ByteString -> ByteString
- decryptBlock :: k -> ByteString -> ByteString
- buildKey :: ByteString -> Maybe k
- keyLength :: Tagged k BitLength
- blockSizeBytes :: BlockCipher k => Tagged k ByteLength
- buildKeyIO :: BlockCipher k => IO k
- class Serialize k => StreamCipher k iv | k -> iv where
- buildStreamKey :: ByteString -> Maybe k
- encryptStream :: k -> iv -> ByteString -> (ByteString, iv)
- decryptStream :: k -> iv -> ByteString -> (ByteString, iv)
- streamKeyLength :: Tagged k BitLength
- buildStreamKeyIO :: StreamCipher k iv => IO k
- class (Serialize p, Serialize v) => AsymCipher p v | p -> v, v -> p where
- buildKeyPair :: CryptoRandomGen g => g -> BitLength -> Either GenError ((p, v), g)
- encryptAsym :: CryptoRandomGen g => g -> p -> ByteString -> Either GenError (ByteString, g)
- decryptAsym :: v -> ByteString -> Maybe ByteString
- publicKeyLength :: p -> BitLength
- privateKeyLength :: v -> BitLength
- buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))
- class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p where
- sign :: CryptoRandomGen g => g -> v -> ByteString -> Either GenError (ByteString, g)
- verify :: p -> ByteString -> ByteString -> Bool
- buildSigningPair :: CryptoRandomGen g => g -> BitLength -> Either GenError ((p, v), g)
- signingKeyLength :: v -> BitLength
- verifyingKeyLength :: p -> BitLength
- buildSigningKeyPairIO :: Signing p v => BitLength -> IO (Either GenError (p, v))
- for :: Tagged a b -> a -> b
- (.::.) :: Tagged a b -> a -> b
- constTimeEq :: ByteString -> ByteString -> Bool
- encode :: Serialize a => a -> ByteString
Hash class and helper functions
class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d where
The Hash class is intended as the generic interface
targeted by maintainers of Haskell digest implementations.
Using this generic interface, higher level functions
such as hash and hash' provide a useful API
for comsumers of hash implementations.
Any instantiated implementation must handle unaligned data
Methods
Arguments
| :: Tagged d BitLength | The amount of data operated on in each round of the digest computation |
Arguments
| :: ctx | An initial context, provided with the first call to |
Arguments
| :: ctx | |
| -> ByteString | |
| -> ctx | Used to update a context, repeatedly called until all data is exhausted
must operate correctly for imputs of |
Arguments
| :: ctx | |
| -> ByteString | |
| -> d | Finializing a context, plus any message data less than the block size, into a digest |
hash :: Hash ctx d => ByteString -> d
Hash a lazy ByteString, creating a digest
hash' :: Hash ctx d => ByteString -> d
Hash a strict ByteString, creating a digest
hashFunc :: Hash c d => d -> ByteString -> d
Obtain a lazy hash function whose result is the same type
as the given digest, which is discarded. If the type is already inferred then
consider using the hash function instead.
hashFunc' :: Hash c d => d -> ByteString -> d
Obtain a strict hash function whose result is the same type
as the given digest, which is discarded. If the type is already inferred then
consider using the hash' function instead.
Cipher classes and helper functions
class Serialize k => BlockCipher k where
The BlockCipher class is intended as the generic interface
targeted by maintainers of Haskell cipher implementations.
Using this generic interface higher level functions
such as cbc, and other functions from Data.Crypto.Modes, provide a useful API
for comsumers of cipher implementations.
Instances must handle unaligned data
Methods
Arguments
| :: Tagged k BitLength | The size of a single block; the smallest unit on which the cipher operates. |
Arguments
| :: k | |
| -> ByteString | |
| -> ByteString | encrypt data of size |
Arguments
| :: k | |
| -> ByteString | |
| -> ByteString | decrypt data of size |
Arguments
| :: ByteString | |
| -> Maybe k | smart constructor for keys from a bytestring. |
blockSizeBytes :: BlockCipher k => Tagged k ByteLength
The number of bytes in a block cipher block
buildKeyIO :: BlockCipher k => IO k
Build a symmetric key using the system entropy (see Random)
class Serialize k => StreamCipher k iv | k -> iv where
A stream cipher class. Instance are expected to work on messages as small as one byte The length of the resulting cipher text should be equal to the length of the input message.
Methods
buildStreamKey :: ByteString -> Maybe k
encryptStream :: k -> iv -> ByteString -> (ByteString, iv)
decryptStream :: k -> iv -> ByteString -> (ByteString, iv)
buildStreamKeyIO :: StreamCipher k iv => IO k
Build a stream key using the system random generator
class (Serialize p, Serialize v) => AsymCipher p v | p -> v, v -> p where
Asymetric ciphers (common ones being RSA or EC based)
Methods
Arguments
| :: CryptoRandomGen g | |
| => g | |
| -> BitLength | |
| -> Either GenError ((p, v), g) | build a public/private key pair using the provided generator |
Arguments
| :: CryptoRandomGen g | |
| => g | |
| -> p | |
| -> ByteString | |
| -> Either GenError (ByteString, g) | Asymetric encryption |
Arguments
| :: v | |
| -> ByteString | |
| -> Maybe ByteString | Asymetric decryption |
publicKeyLength :: p -> BitLength
privateKeyLength :: v -> BitLength
buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))
Build a pair of asymmetric keys using the system random generator.
class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p where
A class for signing operations which inherently can not be as generic as asymetric ciphers (ex: DSA).
Methods
sign :: CryptoRandomGen g => g -> v -> ByteString -> Either GenError (ByteString, g)
verify :: p -> ByteString -> ByteString -> Bool
buildSigningPair :: CryptoRandomGen g => g -> BitLength -> Either GenError ((p, v), g)
signingKeyLength :: v -> BitLength
verifyingKeyLength :: p -> BitLength
buildSigningKeyPairIO :: Signing p v => BitLength -> IO (Either GenError (p, v))
Build a signing key using the system random generator
Misc helper functions
constTimeEq :: ByteString -> ByteString -> Bool
Checks two bytestrings for equality without breaches for timing attacks.
Semantically, constTimeEq = (==). However, x == y takes less
time when the first byte is different than when the first byte
is equal. This side channel allows an attacker to mount a
timing attack. On the other hand, constTimeEq always takes the
same time regardless of the bytestrings' contents, unless they are
of difference size.
You should always use constTimeEq when comparing secrets,
otherwise you may leave a significant security hole
(cf. http://codahale.com/a-lesson-in-timing-attacks/).
encode :: Serialize a => a -> ByteString
Encode a value using binary serialization to a strict ByteString.