crypto-api 0.13 → 0.13.3
raw patch · 6 files changed
Files
- Crypto/Classes.hs +4/−2
- Crypto/Classes.hs-boot +132/−3
- Crypto/Classes/Exceptions.hs +23/−14
- Crypto/Modes.hs +1/−7
- Crypto/Random.hs +5/−3
- crypto-api.cabal +1/−1
Crypto/Classes.hs view
@@ -320,7 +320,7 @@ | otherwise -> Left (GenErrorOther "Generator failed to provide requested number of bytes") {-# INLINEABLE getIV #-} --- | Obtain an 'IV' using the system entropy (see 'System.Crypto.Random')+-- | Obtain an 'IV' using the system entropy (see 'System.Entropy') getIVIO :: (BlockCipher k) => IO (IV k) getIVIO = do let p = Proxy@@ -459,7 +459,7 @@ keyLengthBytes :: (BlockCipher k) => Tagged k ByteLength keyLengthBytes = fmap (`div` 8) keyLength --- |Build a symmetric key using the system entropy (see 'System.Crypto.Random')+-- |Build a symmetric key using the system entropy (see 'System.Entropy') buildKeyIO :: (BlockCipher k) => IO k buildKeyIO = buildKeyM getEntropy fail @@ -490,6 +490,7 @@ privateKeyLength :: v -> BitLength -- |Build a pair of asymmetric keys using the system random generator.+-- WARNING: This function opens a file handle which will never be closed! buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p,v)) buildKeyPairIO bl = do g <- newGenIO :: IO SystemRandom@@ -542,6 +543,7 @@ verifyingKeyLength :: p -> BitLength -- |Build a signing key using the system random generator+-- WARNING: This function opens a file handle which will never be closed! buildSigningKeyPairIO :: (Signing p v) => BitLength -> IO (Either GenError (p,v)) buildSigningKeyPairIO bl = do g <- newGenIO :: IO SystemRandom
Crypto/Classes.hs-boot view
@@ -1,4 +1,133 @@+{-|+ Maintainer: Thomas.DuBuisson@gmail.com+ Stability: beta+ Portability: portable + Authors: Thomas DuBuisson++This is the heart of the crypto-api package. By making (or having) an instance+of Hash, AsymCipher, BlockCipher or StreamCipher you provide (or obtain) access+to any infrastructure built on these primitives include block cipher modes of+operation, hashing, hmac, signing, etc. These classes allow users to build+routines that are agnostic to the algorithm used so changing algorithms is as+simple as changing a type signature.+-} module Crypto.Classes where- import Crypto.Types- class BlockCipher k- zeroIV :: (BlockCipher k) => IV k++ import Data.ByteString as B+ import Data.ByteString.Lazy as L+ import Crypto.Types+ import Data.Serialize+ import Data.Tagged++ class ( Serialize k) => BlockCipher k where+ blockSize :: Tagged k BitLength -- ^ The size of a single block; the smallest unit on which the cipher operates.+ encryptBlock :: k -> B.ByteString -> B.ByteString -- ^ encrypt data of size @n*blockSize@ where @n `elem` [0..]@ (ecb encryption)+ decryptBlock :: k -> B.ByteString -> B.ByteString -- ^ decrypt data of size @n*blockSize@ where @n `elem` [0..]@ (ecb decryption)+ buildKey :: B.ByteString -> Maybe k -- ^ smart constructor for keys from a bytestring.+ keyLength :: Tagged k BitLength -- ^ length of the cryptographic key++ -- * Modes of operation over strict bytestrings+ -- | Electronic Cookbook (encryption)+ ecb :: k -> B.ByteString -> B.ByteString+ ecb = modeEcb'+ -- | Electronic Cookbook (decryption)+ unEcb :: k -> B.ByteString -> B.ByteString+ unEcb = modeUnEcb'+ -- | Cipherblock Chaining (encryption)+ cbc :: k -> IV k -> B.ByteString -> (B.ByteString, IV k)+ cbc = modeCbc'+ -- | Cipherblock Chaining (decryption)+ unCbc :: k -> IV k -> B.ByteString -> (B.ByteString, IV k)+ unCbc = modeUnCbc'++ -- | Counter (encryption)+ ctr :: k -> IV k -> B.ByteString -> (B.ByteString, IV k)+ ctr = modeCtr' incIV++ -- | Counter (decryption)+ unCtr :: k -> IV k -> B.ByteString -> (B.ByteString, IV k)+ unCtr = modeUnCtr' incIV++ -- | Counter (encryption)+ ctrLazy :: k -> IV k -> L.ByteString -> (L.ByteString, IV k)+ ctrLazy = modeCtr incIV++ -- | Counter (decryption)+ unCtrLazy :: k -> IV k -> L.ByteString -> (L.ByteString, IV k)+ unCtrLazy = modeUnCtr incIV++ -- | Ciphertext feedback (encryption)+ cfb :: k -> IV k -> B.ByteString -> (B.ByteString, IV k)+ cfb = modeCfb'+ -- | Ciphertext feedback (decryption)+ unCfb :: k -> IV k -> B.ByteString -> (B.ByteString, IV k)+ unCfb = modeUnCfb'+ -- | Output feedback (encryption)+ ofb :: k -> IV k -> B.ByteString -> (B.ByteString, IV k)+ ofb = modeOfb'++ -- | Output feedback (decryption)+ unOfb :: k -> IV k -> B.ByteString -> (B.ByteString, IV k)+ unOfb = modeUnOfb'++ -- |Cipher block chaining encryption for lazy bytestrings+ cbcLazy :: k -> IV k -> L.ByteString -> (L.ByteString, IV k)+ cbcLazy = modeCbc++ -- |Cipher block chaining decryption for lazy bytestrings+ unCbcLazy :: k -> IV k -> L.ByteString -> (L.ByteString, IV k)+ unCbcLazy = modeUnCbc++ -- |SIV (Synthetic IV) mode for lazy bytestrings. The third argument is+ -- the optional list of bytestrings to be authenticated but not+ -- encrypted As required by the specification this algorithm may+ -- return nothing when certain constraints aren't met.+ sivLazy :: k -> k -> [L.ByteString] -> L.ByteString -> Maybe L.ByteString+ sivLazy = modeSiv++ -- |SIV (Synthetic IV) for lazy bytestrings. The third argument is the+ -- optional list of bytestrings to be authenticated but not encrypted.+ -- As required by the specification this algorithm may return nothing+ -- when authentication fails.+ unSivLazy :: k -> k -> [L.ByteString] -> L.ByteString -> Maybe L.ByteString+ unSivLazy = modeUnSiv++ -- |SIV (Synthetic IV) mode for strict bytestrings. First argument is+ -- the optional list of bytestrings to be authenticated but not+ -- encrypted. As required by the specification this algorithm may+ -- return nothing when certain constraints aren't met.+ siv :: k -> k -> [B.ByteString] -> B.ByteString -> Maybe B.ByteString+ siv = modeSiv'++ -- |SIV (Synthetic IV) for strict bytestrings First argument is the+ -- optional list of bytestrings to be authenticated but not encrypted+ -- As required by the specification this algorithm may return nothing+ -- when authentication fails.+ unSiv :: k -> k -> [B.ByteString] -> B.ByteString -> Maybe B.ByteString+ unSiv = modeUnSiv'++ -- |Cook book mode - not really a mode at all. If you don't know what you're doing, don't use this mode^H^H^H^H library.+ ecbLazy :: k -> L.ByteString -> L.ByteString+ ecbLazy = modeEcb++ -- |ECB decrypt, complementary to `ecb`.+ unEcbLazy :: k -> L.ByteString -> L.ByteString+ unEcbLazy = modeUnEcb++ -- |Ciphertext feed-back encryption mode for lazy bytestrings (with s+ -- == blockSize)+ cfbLazy :: k -> IV k -> L.ByteString -> (L.ByteString, IV k)+ cfbLazy = modeCfb++ -- |Ciphertext feed-back decryption mode for lazy bytestrings (with s+ -- == blockSize)+ unCfbLazy :: k -> IV k -> L.ByteString -> (L.ByteString, IV k)+ unCfbLazy = modeUnCfb++ -- |Output feedback mode for lazy bytestrings+ ofbLazy :: k -> IV k -> L.ByteString -> (L.ByteString, IV k)+ ofbLazy = modeOfb++ -- |Output feedback mode for lazy bytestrings+ unOfbLazy :: k -> IV k -> L.ByteString -> (L.ByteString, IV k)+ unOfbLazy = modeUnOfb
Crypto/Classes/Exceptions.hs view
@@ -1,29 +1,38 @@--- |The module mirrors 'Crypto.Classes' except that errors are thrown as+-- |The module mirrors "Crypto.Classes" except that errors are thrown as -- exceptions instead of having returning types of @Either error result@ -- or @Maybe result@. -- -- NB This module is experimental and might go away or be re-arranged. {-# LANGUAGE DeriveDataTypeable #-} module Crypto.Classes.Exceptions - ( C.Hash(..)+ ( -- * Classes+ C.Hash(..), C.AsymCipher, R.CryptoRandomGen, C.BlockCipher+ -- * Hashing Operations , C.hashFunc', C.hashFunc- , C.BlockCipher, C.blockSize, C.encryptBlock, C.decryptBlock- , C.keyLength- , C.getIVIO, C.blockSizeBytes, C.keyLengthBytes, C.buildKeyIO- , C.AsymCipher, C.publicKeyLength, C.privateKeyLength, C.buildKeyPairIO- , C.Signing, C.signingKeyLength, C.verifyingKeyLength, C.verify- , C.incIV, C.zeroIV, R.CryptoRandomGen, R.genSeedLength, R.reseedInfo, R.reseedPeriod, R.newGenIO- -- Types- , R.GenError(..), R.ReseedInfo(..), CipherError(..)- -- Modes+ -- * Symmetric Cryptographic Operations+ -- ** Helpers+ , C.blockSize, C.blockSizeBytes+ , C.keyLength, C.keyLengthBytes+ , C.incIV+ -- ** Primitives+ , C.encryptBlock, C.decryptBlock+ -- * Key and IV construction+ , buildKey, C.buildKeyIO, buildKeyGen+ , getIV ,C.getIVIO, C.zeroIV+ -- ** Block Cipher Modes of Operation , C.ecb, C.unEcb, C.cbc, C.unCbc, C.ctr, C.unCtr, C.ctrLazy, C.unCtrLazy , C.cfb, C.unCfb, C.ofb, C.unOfb, C.cbcLazy, C.unCbcLazy, C.sivLazy, C.unSivLazy , C.siv, C.unSiv, C.ecbLazy, C.unEcbLazy, C.cfbLazy, C.unCfbLazy, C.ofbLazy , C.unOfbLazy- -- Wrapped functions- , buildKey, getIV, buildKeyGen- , buildKeyPair, encryptAsym, decryptAsym+ -- * RNG Operations , newGen, genBytes, genBytesWithEntropy, reseed, splitGen+ , R.genSeedLength, R.reseedInfo, R.reseedPeriod, R.newGenIO+ -- * Info Types+ , R.GenError(..), R.ReseedInfo(..), CipherError(..)+ -- * Asymmetric cryptographic operations+ , buildKeyPair, encryptAsym, decryptAsym+ , C.Signing, C.signingKeyLength, C.verifyingKeyLength, C.verify+ , C.publicKeyLength, C.privateKeyLength, C.buildKeyPairIO ) where import qualified Crypto.Random as R
Crypto/Modes.hs view
@@ -2,13 +2,7 @@ {-| Maintainer: Thomas.DuBuisson@gmail.com Stability: beta- Portability: portable - Authors: Thomas DuBuisson--- Generic mode implementations useable by any correct BlockCipher- instance Be aware there are no tests for CFB mode yet. See- 'Test.Crypto'.+ Portability: portable -} module Crypto.Modes ( -- * Initialization Vector Type, Modifiers (for all ciphers, all modes that use IVs)
Crypto/Random.hs view
@@ -9,7 +9,7 @@ This module is for instantiating cryptographicly strong determinitic random bit generators (DRBGs, aka PRNGs) For the simple use case of using the system random number generator-('System.Crypto.Random') to seed the DRBG:+('System.Entropy') to seed the DRBG: @ g <- newGenIO @@@ -160,8 +160,9 @@ -- (`NotEnoughEntropy`). reseed :: B.ByteString -> g -> Either GenError g - -- |By default this uses "System.Crypto.Random" to obtain+ -- |By default this uses "System.Entropy" to obtain -- entropy for `newGen`.+ -- WARNING: The default implementation opens a file handle which will never be closed! newGenIO :: IO g newGenIO = go 0 where@@ -178,7 +179,8 @@ Left _ -> go (i+1) Right g -> return (g `asProxyTypeOf` p) --- |Get a random number generator based on the standard system entropy source+-- | Get a random number generator based on the standard system entropy source+-- WARNING: This function opens a file handle which will never be closed! getSystemGen :: IO SystemRandom getSystemGen = do ch <- openHandle
crypto-api.cabal view
@@ -1,5 +1,5 @@ name: crypto-api-version: 0.13+version: 0.13.3 license: BSD3 license-file: LICENSE copyright: Thomas DuBuisson <thomas.dubuisson@gmail.com>