/usr/share/doc/libghc-crypto-api-doc/html/crypto-api.txt

-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | A generic interface for cryptographic operations
--   
--   A generic interface for cryptographic operations (hashes, ciphers,
--   randomness). Maintainers of hash and cipher implementations are
--   encouraged to add instances for the classes defined in Crypto.Classes.
--   Crypto users are similarly encouraged to use the interfaces defined in
--   the Classes module. Any concepts or functions of general use to more
--   than one cryptographic algorithm (ex: padding) is within scope of this
--   package.
@package crypto-api
@version 0.13.2


-- | Type aliases used throughout the crypto-api modules.
module Crypto.Types

-- | Initilization Vectors for BlockCipher implementations (IV k) are used
--   for various modes and guarrenteed to be blockSize bits long. The
--   common ways to obtain an IV are to generate one (<tt>getIV</tt> or
--   <tt>getIVIO</tt>) or to use one provided with the ciphertext (using
--   the <tt>Serialize</tt> instance of IV).
--   
--   <tt>zeroIV</tt> also exists and is of particular use for starting
--   <tt>ctr</tt> mode with a fresh key.
data IV k
IV :: {-# UNPACK #-} !ByteString -> IV k
[initializationVector] :: IV k -> {-# UNPACK #-} !ByteString

-- | The length of a field (usually a ByteString) in bits
type BitLength = Int

-- | The length fo a field in bytes.
type ByteLength = Int
data BlockCipherError
InputTooLong :: String -> BlockCipherError
AuthenticationFailed :: String -> BlockCipherError
Other :: String -> BlockCipherError
instance Data.Data.Data Crypto.Types.BlockCipherError
instance GHC.Read.Read Crypto.Types.BlockCipherError
instance GHC.Show.Show Crypto.Types.BlockCipherError
instance GHC.Classes.Ord Crypto.Types.BlockCipherError
instance GHC.Classes.Eq Crypto.Types.BlockCipherError
instance GHC.Show.Show (Crypto.Types.IV k)
instance GHC.Classes.Ord (Crypto.Types.IV k)
instance GHC.Classes.Eq (Crypto.Types.IV k)
instance GHC.Exception.Exception Crypto.Types.BlockCipherError


-- | A small selection of utilities that might be of use to others working
--   with bytestring/number combinations.
module Crypto.Util

-- | <tt>incBS bs</tt> inefficiently computes the value <tt>i2bs (8 *
--   B.length bs) (bs2i bs + 1)</tt>
incBS :: ByteString -> ByteString

-- | <tt>i2bs bitLen i</tt> converts <tt>i</tt> to a <tt>ByteString</tt> of
--   <tt>bitLen</tt> bits (must be a multiple of 8).
i2bs :: Int -> Integer -> ByteString

-- | <tt>i2bs_unsized i</tt> converts <tt>i</tt> to a <tt>ByteString</tt>
--   of sufficient bytes to express the integer. The integer must be
--   non-negative and a zero will be encoded in one byte.
i2bs_unsized :: Integer -> ByteString

-- | Useful utility to extract the result of a generator operation and
--   translate error results to exceptions.
throwLeft :: Exception e => Either e a -> a

-- | Obtain a tagged value for a particular instantiated type.
for :: Tagged a b -> a -> b

-- | Infix <a>for</a> operator
(.::.) :: Tagged a b -> a -> b

-- | Checks two bytestrings for equality without breaches for timing
--   attacks.
--   
--   Semantically, <tt>constTimeEq = (==)</tt>. However, <tt>x == y</tt>
--   takes less time when the first byte is different than when the first
--   byte is equal. This side channel allows an attacker to mount a timing
--   attack. On the other hand, <tt>constTimeEq</tt> always takes the same
--   time regardless of the bytestrings' contents, unless they are of
--   difference size.
--   
--   You should always use <tt>constTimeEq</tt> when comparing secrets,
--   otherwise you may leave a significant security hole (cf.
--   <a>http://codahale.com/a-lesson-in-timing-attacks/</a>).
constTimeEq :: ByteString -> ByteString -> Bool
c_constTimeEq :: Ptr CChar -> Ptr CChar -> CInt -> IO CInt

-- | Helper function to convert bytestrings to integers
bs2i :: ByteString -> Integer

-- | zipWith xor + Pack As a result of rewrite rules, this should
--   automatically be optimized (at compile time). to use the bytestring
--   libraries <tt>zipWith'</tt> function.
zwp' :: ByteString -> ByteString -> ByteString

-- | zipWith xor + Pack
--   
--   This is written intentionally to take advantage of the bytestring
--   libraries <tt>zipWith'</tt> rewrite rule but at the extra cost of the
--   resulting lazy bytestring being more fragmented than either of the two
--   inputs.
zwp :: ByteString -> ByteString -> ByteString
collect :: Int -> [ByteString] -> [ByteString]


-- | This module is for instantiating cryptographicly strong determinitic
--   random bit generators (DRBGs, aka PRNGs) For the simple use case of
--   using the system random number generator (<a>Entropy</a>) to seed the
--   DRBG:
--   
--   <pre>
--   g &lt;- newGenIO
--   </pre>
--   
--   Users needing to provide their own entropy can call <a>newGen</a>
--   directly
--   
--   <pre>
--   entropy &lt;- getEntropy nrBytes
--   let generator = newGen entropy
--   </pre>
module Crypto.Random

-- | A class of random bit generators that allows for the possibility of
--   failure, reseeding, providing entropy at the same time as requesting
--   bytes
--   
--   Minimum complete definition: <a>newGen</a>, <a>genSeedLength</a>,
--   <a>genBytes</a>, <a>reseed</a>, <a>reseedInfo</a>,
--   <a>reseedPeriod</a>.
class CryptoRandomGen g where genBytesWithEntropy len entropy g = let res = genBytes len g in case res of { Left err -> Left err Right (bs, g') -> let entropy' = append entropy (replicate (len - length entropy) 0) in Right (zwp' entropy' bs, g') } newGenIO = go 0 where go 1000 = throw $ GenErrorOther $ "The generator instance requested by" ++ "newGenIO never instantiates (1000 tries). " ++ "It must be broken." go i = do { let p = Proxy getTypedGen :: (CryptoRandomGen g) => Proxy g -> IO (Either GenError g) getTypedGen pr = liftM newGen (getEntropy $ proxy genSeedLength pr); res <- getTypedGen p; case res of { Left _ -> go (i + 1) Right g -> return (g `asProxyTypeOf` p) } }

-- | Instantiate a new random bit generator. The provided bytestring should
--   be of length &gt;= genSeedLength. If the bytestring is shorter then
--   the call may fail (suggested error: <a>NotEnoughEntropy</a>). If the
--   bytestring is of sufficent length the call should always succeed.
newGen :: CryptoRandomGen g => ByteString -> Either GenError g

-- | Length of input entropy necessary to instantiate or reseed a generator
genSeedLength :: CryptoRandomGen g => Tagged g ByteLength

-- | <tt>genBytes len g</tt> generates a random ByteString of length
--   <tt>len</tt> and new generator. The <a>MonadCryptoRandom</a> package
--   has routines useful for converting the ByteString to commonly needed
--   values (but "cereal" or other deserialization libraries would also
--   work).
--   
--   This routine can fail if the generator has gone too long without a
--   reseed (usually this is in the ball-park of 2^48 requests). Suggested
--   error in this cases is <a>NeedReseed</a>
genBytes :: CryptoRandomGen g => ByteLength -> g -> Either GenError (ByteString, g)

-- | Indicates how soon a reseed is needed
reseedInfo :: CryptoRandomGen g => g -> ReseedInfo

-- | Indicates the period between reseeds (constant for most generators).
reseedPeriod :: CryptoRandomGen g => g -> ReseedInfo

-- | <tt>genBytesWithEntropy g i entropy</tt> generates <tt>i</tt> random
--   bytes and use the additional input <tt>entropy</tt> in the generation
--   of the requested data to increase the confidence our generated data is
--   a secure random stream.
--   
--   Some generators use <tt>entropy</tt> to perturb the state of the
--   generator, meaning:
--   
--   <pre>
--   (_,g2') &lt;- genBytesWithEntropy len g1 ent
--   (_,g2 ) &lt;- genBytes len g1
--   g2 /= g2'
--   </pre>
--   
--   But this is not required.
--   
--   Default:
--   
--   <pre>
--   genBytesWithEntropy g bytes entropy = xor entropy (genBytes g bytes)
--   </pre>
genBytesWithEntropy :: CryptoRandomGen g => ByteLength -> ByteString -> g -> Either GenError (ByteString, g)

-- | If the generator has produced too many random bytes on its existing
--   seed it will return <a>NeedReseed</a>. In that case, reseed the
--   generator using this function and a new high-entropy seed of length
--   &gt;= <a>genSeedLength</a>. Using bytestrings that are too short can
--   result in an error (<a>NotEnoughEntropy</a>).
reseed :: CryptoRandomGen g => ByteString -> g -> Either GenError g

-- | By default this uses <a>System.Entropy</a> to obtain entropy for
--   <a>newGen</a>.
newGenIO :: CryptoRandomGen g => IO g

-- | Generator failures should always return the appropriate GenError. Note
--   <a>GenError</a> in an instance of exception but wether or not an
--   exception is thrown depends on if the selected generator (read: if you
--   don't want execptions from code that uses <a>throw</a> then pass in a
--   generator that never has an error for the used functions)
data GenError

-- | Misc
GenErrorOther :: String -> GenError

-- | Requested more bytes than a single pass can generate (The maximum
--   request is generator dependent)
RequestedTooManyBytes :: GenError

-- | When using <tt>genInteger g (l,h)</tt> and <tt>logBase 2 (h - l) &gt;
--   (maxBound :: Int)</tt>.
RangeInvalid :: GenError

-- | Some generators cease operation after too high a count without a
--   reseed (ex: NIST SP 800-90)
NeedReseed :: GenError

-- | For instantiating new generators (or reseeding)
NotEnoughEntropy :: GenError

-- | This generator can not be instantiated or reseeded with a finite seed
--   (ex: <a>SystemRandom</a>)
NeedsInfiniteSeed :: GenError
data ReseedInfo

-- | Generator needs reseeded in X bytes
InXBytes :: {-# UNPACK #-} !Word64 -> ReseedInfo

-- | Generator needs reseeded in X calls
InXCalls :: {-# UNPACK #-} !Word64 -> ReseedInfo

-- | The bound is over 2^64 bytes or calls
NotSoon :: ReseedInfo

-- | This generator never reseeds (ex: <a>SystemRandom</a>)
Never :: ReseedInfo

-- | While the safety and wisdom of a splitting function depends on the
--   properties of the generator being split, several arguments from
--   informed people indicate such a function is safe for NIST SP 800-90
--   generators. (see libraries@haskell.org discussion around Sept, Oct
--   2010). You can find implementations of such generators in the
--   <tt>DRBG</tt> package.
splitGen :: CryptoRandomGen g => g -> Either GenError (g, g)

-- | Useful utility to extract the result of a generator operation and
--   translate error results to exceptions.
throwLeft :: Exception e => Either e a -> a

-- | Not that it is technically correct as an instance of
--   <a>CryptoRandomGen</a>, but simply because it's a reasonable
--   engineering choice here is a CryptoRandomGen which streams the system
--   randoms. Take note:
--   
--   <ul>
--   <li>It uses the default definition of <tt>genByteWithEntropy</tt></li>
--   <li><a>newGen</a> will always fail!</li>
--   <li><a>reseed</a> will always fail!</li>
--   <li>the handle to the system random is never closed</li>
--   </ul>
data SystemRandom
instance Data.Data.Data Crypto.Random.ReseedInfo
instance GHC.Read.Read Crypto.Random.ReseedInfo
instance GHC.Show.Show Crypto.Random.ReseedInfo
instance GHC.Classes.Ord Crypto.Random.ReseedInfo
instance GHC.Classes.Eq Crypto.Random.ReseedInfo
instance Data.Data.Data Crypto.Random.GenError
instance GHC.Read.Read Crypto.Random.GenError
instance GHC.Show.Show Crypto.Random.GenError
instance GHC.Classes.Ord Crypto.Random.GenError
instance GHC.Classes.Eq Crypto.Random.GenError
instance GHC.Exception.Exception Crypto.Random.GenError
instance Crypto.Random.CryptoRandomGen Crypto.Random.SystemRandom


-- | This is the heart of the crypto-api package. By making (or having) an
--   instance of Hash, AsymCipher, BlockCipher or StreamCipher you provide
--   (or obtain) access to any infrastructure built on these primitives
--   include block cipher modes of operation, hashing, hmac, signing, etc.
--   These classes allow users to build routines that are agnostic to the
--   algorithm used so changing algorithms is as simple as changing a type
--   signature.
module Crypto.Classes

-- | The Hash class is intended as the generic interface targeted by
--   maintainers of Haskell digest implementations. Using this generic
--   interface, higher level functions such as <a>hash</a> and <a>hash'</a>
--   provide a useful API for comsumers of hash implementations.
--   
--   Any instantiated implementation must handle unaligned data.
--   
--   Minimum complete definition: <a>outputLength</a>, <a>blockLength</a>,
--   <a>initialCtx</a>, <a>updateCtx</a>, and <a>finalize</a>.
class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d where hash msg = res where res = finalize ctx end ctx = foldl' updateCtx initialCtx blks (blks, end) = makeBlocks msg blockLen blockLen = (blockLength .::. res) `div` 8 hash' msg = res where res = finalize (updateCtx initialCtx top) end (top, end) = splitAt remlen msg remlen = length msg - (length msg `rem` bLen) bLen = blockLength `for` res `div` 8
outputLength :: Hash ctx d => Tagged d BitLength
blockLength :: Hash ctx d => Tagged d BitLength
initialCtx :: Hash ctx d => ctx
updateCtx :: Hash ctx d => ctx -> ByteString -> ctx
finalize :: Hash ctx d => ctx -> ByteString -> d

-- | Hash a lazy ByteString, creating a digest
hash :: (Hash ctx d, Hash ctx d) => ByteString -> d

-- | Hash a strict ByteString, creating a digest
hash' :: (Hash ctx d, Hash ctx d) => ByteString -> d

-- | Obtain a strict hash function whose result is the same type as the
--   given digest, which is discarded. If the type is already inferred then
--   consider using the <a>hash'</a> function instead.
hashFunc' :: Hash c d => d -> (ByteString -> d)

-- | Obtain a lazy hash function whose result is the same type as the given
--   digest, which is discarded. If the type is already inferred then
--   consider using the <a>hash</a> function instead.
hashFunc :: Hash c d => d -> (ByteString -> d)

-- | The BlockCipher class is intended as the generic interface targeted by
--   maintainers of Haskell cipher implementations.
--   
--   Minimum complete definition: blockSize, encryptBlock, decryptBlock,
--   buildKey, and keyLength.
--   
--   Instances must handle unaligned data
class (Serialize k) => BlockCipher k where ecb = modeEcb' unEcb = modeUnEcb' cbc = modeCbc' unCbc = modeUnCbc' ctr = modeCtr' incIV unCtr = modeUnCtr' incIV ctrLazy = modeCtr incIV unCtrLazy = modeUnCtr incIV cfb = modeCfb' unCfb = modeUnCfb' ofb = modeOfb' unOfb = modeUnOfb' cbcLazy = modeCbc unCbcLazy = modeUnCbc sivLazy = modeSiv unSivLazy = modeUnSiv siv = modeSiv' unSiv = modeUnSiv' ecbLazy = modeEcb unEcbLazy = modeUnEcb cfbLazy = modeCfb unCfbLazy = modeUnCfb ofbLazy = modeOfb unOfbLazy = modeUnOfb
blockSize :: BlockCipher k => Tagged k BitLength
encryptBlock :: BlockCipher k => k -> ByteString -> ByteString
decryptBlock :: BlockCipher k => k -> ByteString -> ByteString
buildKey :: BlockCipher k => ByteString -> Maybe k
keyLength :: BlockCipher k => Tagged k BitLength

-- | Electronic Cookbook (encryption)
ecb :: BlockCipher k => k -> ByteString -> ByteString

-- | Electronic Cookbook (decryption)
unEcb :: BlockCipher k => k -> ByteString -> ByteString

-- | Cipherblock Chaining (encryption)
cbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipherblock Chaining (decryption)
unCbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (encryption)
ctr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (decryption)
unCtr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (encryption)
ctrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (decryption)
unCtrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feedback (encryption)
cfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feedback (decryption)
unCfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback (encryption)
ofb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback (decryption)
unOfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipher block chaining encryption for lazy bytestrings
cbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipher block chaining decryption for lazy bytestrings
unCbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | SIV (Synthetic IV) mode for lazy bytestrings. The third argument is
--   the optional list of bytestrings to be authenticated but not encrypted
--   As required by the specification this algorithm may return nothing
--   when certain constraints aren't met.
sivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) for lazy bytestrings. The third argument is the
--   optional list of bytestrings to be authenticated but not encrypted. As
--   required by the specification this algorithm may return nothing when
--   authentication fails.
unSivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) mode for strict bytestrings. First argument is the
--   optional list of bytestrings to be authenticated but not encrypted. As
--   required by the specification this algorithm may return nothing when
--   certain constraints aren't met.
siv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) for strict bytestrings First argument is the
--   optional list of bytestrings to be authenticated but not encrypted As
--   required by the specification this algorithm may return nothing when
--   authentication fails.
unSiv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | Cook book mode - not really a mode at all. If you don't know what
--   you're doing, don't use this mode^H^H^H^H library.
ecbLazy :: BlockCipher k => k -> ByteString -> ByteString

-- | ECB decrypt, complementary to <a>ecb</a>.
unEcbLazy :: BlockCipher k => k -> ByteString -> ByteString

-- | Ciphertext feed-back encryption mode for lazy bytestrings (with s ==
--   blockSize)
cfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feed-back decryption mode for lazy bytestrings (with s ==
--   blockSize)
unCfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback mode for lazy bytestrings
ofbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback mode for lazy bytestrings
unOfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | The number of bytes in a block cipher block
blockSizeBytes :: (BlockCipher k) => Tagged k ByteLength

-- | The number of bytes in a block cipher key (assuming it is an even
--   multiple of 8 bits)
keyLengthBytes :: (BlockCipher k) => Tagged k ByteLength

-- | Build a symmetric key using the system entropy (see <a>Entropy</a>)
buildKeyIO :: (BlockCipher k) => IO k

-- | Build a symmetric key using a given <a>CryptoRandomGen</a>
buildKeyGen :: (BlockCipher k, CryptoRandomGen g) => g -> Either GenError (k, g)

-- | A stream cipher class. Instance are expected to work on messages as
--   small as one byte The length of the resulting cipher text should be
--   equal to the length of the input message.
class (Serialize k) => StreamCipher k iv | k -> iv
buildStreamKey :: StreamCipher k iv => ByteString -> Maybe k
encryptStream :: StreamCipher k iv => k -> iv -> ByteString -> (ByteString, iv)
decryptStream :: StreamCipher k iv => k -> iv -> ByteString -> (ByteString, iv)
streamKeyLength :: StreamCipher k iv => Tagged k BitLength

-- | Build a stream key using the system random generator
buildStreamKeyIO :: StreamCipher k iv => IO k

-- | Build a stream key using the provided random generator
buildStreamKeyGen :: (StreamCipher k iv, CryptoRandomGen g) => g -> Either GenError (k, g)

-- | Asymetric ciphers (common ones being RSA or EC based)
class AsymCipher p v | p -> v, v -> p
buildKeyPair :: (AsymCipher p v, CryptoRandomGen g) => g -> BitLength -> Either GenError ((p, v), g)
encryptAsym :: (AsymCipher p v, CryptoRandomGen g) => g -> p -> ByteString -> Either GenError (ByteString, g)
decryptAsym :: (AsymCipher p v, CryptoRandomGen g) => g -> v -> ByteString -> Either GenError (ByteString, g)
publicKeyLength :: AsymCipher p v => p -> BitLength
privateKeyLength :: AsymCipher p v => v -> BitLength

-- | Build a pair of asymmetric keys using the system random generator.
buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))

-- | Flipped <a>buildKeyPair</a> for ease of use with state monads.
buildKeyPairGen :: (CryptoRandomGen g, AsymCipher p v) => BitLength -> g -> Either GenError ((p, v), g)

-- | A class for signing operations which inherently can not be as generic
--   as asymetric ciphers (ex: DSA).
class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p
sign :: (Signing p v, CryptoRandomGen g) => g -> v -> ByteString -> Either GenError (ByteString, g)
verify :: Signing p v => p -> ByteString -> ByteString -> Bool
buildSigningPair :: (Signing p v, CryptoRandomGen g) => g -> BitLength -> Either GenError ((p, v), g)
signingKeyLength :: Signing p v => v -> BitLength
verifyingKeyLength :: Signing p v => p -> BitLength

-- | Build a signing key using the system random generator
buildSigningKeyPairIO :: (Signing p v) => BitLength -> IO (Either GenError (p, v))

-- | Flipped <a>buildSigningPair</a> for ease of use with state monads.
buildSigningKeyPairGen :: (Signing p v, CryptoRandomGen g) => BitLength -> g -> Either GenError ((p, v), g)

-- | Encode a value using binary serialization to a strict ByteString.
encode :: Serialize a => a -> ByteString

-- | Obtain an <a>IV</a> made only of zeroes
zeroIV :: (BlockCipher k) => IV k

-- | Increase an <a>IV</a> by one. This is way faster than decoding,
--   increasing, encoding
incIV :: BlockCipher k => IV k -> IV k

-- | Obtain an <a>IV</a> using the provided CryptoRandomGenerator.
getIV :: (BlockCipher k, CryptoRandomGen g) => g -> Either GenError (IV k, g)

-- | Obtain an <a>IV</a> using the system entropy (see <a>Entropy</a>)
getIVIO :: (BlockCipher k) => IO (IV k)
chunkFor :: (BlockCipher k) => k -> ByteString -> [ByteString]
chunkFor' :: (BlockCipher k) => k -> ByteString -> [ByteString]
instance Crypto.Classes.BlockCipher k => Data.Serialize.Serialize (Crypto.Types.IV k)


module Crypto.HMAC

-- | Message authentication code calculation for lazy bytestrings. <tt>hmac
--   k msg</tt> will compute an authentication code for <tt>msg</tt> using
--   key <tt>k</tt>
hmac :: (Hash c d) => MacKey c d -> ByteString -> d

-- | <tt>hmac k msg</tt> will compute an authentication code for
--   <tt>msg</tt> using key <tt>k</tt>
hmac' :: (Hash c d) => MacKey c d -> ByteString -> d

-- | A key carrying phantom types <tt>c</tt> and <tt>d</tt>, forcing the
--   key data to only be used by particular hash algorithms.
newtype MacKey c d
MacKey :: ByteString -> MacKey c d
instance GHC.Show.Show (Crypto.HMAC.MacKey c d)
instance GHC.Classes.Ord (Crypto.HMAC.MacKey c d)
instance GHC.Classes.Eq (Crypto.HMAC.MacKey c d)


-- | PKCS5 (RFC 1423) and IPSec ESP (RFC 4303) padding methods are
--   implemented both as trivial functions operating on bytestrings and as
--   <a>Put</a> routines usable from the <a>Data.Serialize</a> module.
--   These methods do not work for algorithms or pad sizes in excess of 255
--   bytes (2040 bits, so extremely large as far as cipher needs are
--   concerned).
module Crypto.Padding

-- | PKCS5 (aka RFC1423) padding method. This method will not work properly
--   for pad modulos &gt; 256
padPKCS5 :: ByteLength -> ByteString -> ByteString

-- | PKCS5 (aka RFC1423) padding method using the BlockCipher instance to
--   determine the pad size.
padBlockSize :: BlockCipher k => k -> ByteString -> ByteString

-- | Ex:
--   
--   <pre>
--   putPaddedPKCS5 m bs
--   </pre>
--   
--   Will pad out <tt>bs</tt> to a byte multiple of <tt>m</tt> and put both
--   the bytestring and it's padding via <a>Put</a> (this saves on copying
--   if you are already using Cereal).
putPaddedPKCS5 :: ByteLength -> ByteString -> Put

-- | unpad a strict bytestring padded in the typical PKCS5 manner. This
--   routine verifies all pad bytes and pad length match correctly.
unpadPKCS5safe :: ByteString -> Maybe ByteString

-- | unpad a strict bytestring without checking the pad bytes and length
--   any more than necessary.
unpadPKCS5 :: ByteString -> ByteString

-- | Pad a bytestring to the IPSEC esp specification
--   
--   <pre>
--   padESP m payload
--   </pre>
--   
--   is equivilent to:
--   
--   <pre>
--             (msg)       (padding)       (length field)
--   B.concat [payload, B.pack [1,2,3,4..], B.pack [padLen]]
--   </pre>
--   
--   Where:
--   
--   <ul>
--   <li>the msg is any payload, including TFC.</li>
--   <li>the padding is &lt;= 255</li>
--   <li>the length field is one byte.</li>
--   </ul>
--   
--   Notice the result bytesting length remainder <tt>r</tt> equals zero.
--   The lack of a "next header" field means this function is not directly
--   useable for an IPSec implementation (copy/paste the 4 line function
--   and add in a "next header" field if you are making IPSec ESP).
padESP :: Int -> ByteString -> ByteString

-- | unpad and return the padded message (<a>Nothing</a> is returned if the
--   padding is invalid)
unpadESP :: ByteString -> Maybe ByteString

-- | Like padESP but use the BlockCipher instance to determine padding size
padESPBlockSize :: BlockCipher k => k -> ByteString -> ByteString

-- | Like putPadESP but using the BlockCipher instance to determine padding
--   size
putPadESPBlockSize :: BlockCipher k => k -> ByteString -> Put

-- | Pad a bytestring to the IPSEC ESP specification using <a>Put</a>. This
--   can reduce copying if you are already using <a>Put</a>.
putPadESP :: Int -> ByteString -> Put


-- | The module mirrors <a>Crypto.Classes</a> except that errors are thrown
--   as exceptions instead of having returning types of <tt>Either error
--   result</tt> or <tt>Maybe result</tt>.
--   
--   NB This module is experimental and might go away or be re-arranged.
module Crypto.Classes.Exceptions

-- | The Hash class is intended as the generic interface targeted by
--   maintainers of Haskell digest implementations. Using this generic
--   interface, higher level functions such as <a>hash</a> and <a>hash'</a>
--   provide a useful API for comsumers of hash implementations.
--   
--   Any instantiated implementation must handle unaligned data.
--   
--   Minimum complete definition: <a>outputLength</a>, <a>blockLength</a>,
--   <a>initialCtx</a>, <a>updateCtx</a>, and <a>finalize</a>.
class (Serialize d, Eq d, Ord d) => Hash ctx d | d -> ctx, ctx -> d where hash msg = res where res = finalize ctx end ctx = foldl' updateCtx initialCtx blks (blks, end) = makeBlocks msg blockLen blockLen = (blockLength .::. res) `div` 8 hash' msg = res where res = finalize (updateCtx initialCtx top) end (top, end) = splitAt remlen msg remlen = length msg - (length msg `rem` bLen) bLen = blockLength `for` res `div` 8
outputLength :: Hash ctx d => Tagged d BitLength
blockLength :: Hash ctx d => Tagged d BitLength
initialCtx :: Hash ctx d => ctx
updateCtx :: Hash ctx d => ctx -> ByteString -> ctx
finalize :: Hash ctx d => ctx -> ByteString -> d

-- | Hash a lazy ByteString, creating a digest
hash :: (Hash ctx d, Hash ctx d) => ByteString -> d

-- | Hash a strict ByteString, creating a digest
hash' :: (Hash ctx d, Hash ctx d) => ByteString -> d

-- | Obtain a strict hash function whose result is the same type as the
--   given digest, which is discarded. If the type is already inferred then
--   consider using the <a>hash'</a> function instead.
hashFunc' :: Hash c d => d -> (ByteString -> d)

-- | Obtain a lazy hash function whose result is the same type as the given
--   digest, which is discarded. If the type is already inferred then
--   consider using the <a>hash</a> function instead.
hashFunc :: Hash c d => d -> (ByteString -> d)

-- | The BlockCipher class is intended as the generic interface targeted by
--   maintainers of Haskell cipher implementations.
--   
--   Minimum complete definition: blockSize, encryptBlock, decryptBlock,
--   buildKey, and keyLength.
--   
--   Instances must handle unaligned data
class (Serialize k) => BlockCipher k where ecb = modeEcb' unEcb = modeUnEcb' cbc = modeCbc' unCbc = modeUnCbc' ctr = modeCtr' incIV unCtr = modeUnCtr' incIV ctrLazy = modeCtr incIV unCtrLazy = modeUnCtr incIV cfb = modeCfb' unCfb = modeUnCfb' ofb = modeOfb' unOfb = modeUnOfb' cbcLazy = modeCbc unCbcLazy = modeUnCbc sivLazy = modeSiv unSivLazy = modeUnSiv siv = modeSiv' unSiv = modeUnSiv' ecbLazy = modeEcb unEcbLazy = modeUnEcb cfbLazy = modeCfb unCfbLazy = modeUnCfb ofbLazy = modeOfb unOfbLazy = modeUnOfb
blockSize :: BlockCipher k => Tagged k BitLength
encryptBlock :: BlockCipher k => k -> ByteString -> ByteString
decryptBlock :: BlockCipher k => k -> ByteString -> ByteString
keyLength :: BlockCipher k => Tagged k BitLength

-- | Electronic Cookbook (encryption)
ecb :: BlockCipher k => k -> ByteString -> ByteString

-- | Electronic Cookbook (decryption)
unEcb :: BlockCipher k => k -> ByteString -> ByteString

-- | Cipherblock Chaining (encryption)
cbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipherblock Chaining (decryption)
unCbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (encryption)
ctr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (decryption)
unCtr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (encryption)
ctrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (decryption)
unCtrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feedback (encryption)
cfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feedback (decryption)
unCfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback (encryption)
ofb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback (decryption)
unOfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipher block chaining encryption for lazy bytestrings
cbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipher block chaining decryption for lazy bytestrings
unCbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | SIV (Synthetic IV) mode for lazy bytestrings. The third argument is
--   the optional list of bytestrings to be authenticated but not encrypted
--   As required by the specification this algorithm may return nothing
--   when certain constraints aren't met.
sivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) for lazy bytestrings. The third argument is the
--   optional list of bytestrings to be authenticated but not encrypted. As
--   required by the specification this algorithm may return nothing when
--   authentication fails.
unSivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) mode for strict bytestrings. First argument is the
--   optional list of bytestrings to be authenticated but not encrypted. As
--   required by the specification this algorithm may return nothing when
--   certain constraints aren't met.
siv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) for strict bytestrings First argument is the
--   optional list of bytestrings to be authenticated but not encrypted As
--   required by the specification this algorithm may return nothing when
--   authentication fails.
unSiv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | Cook book mode - not really a mode at all. If you don't know what
--   you're doing, don't use this mode^H^H^H^H library.
ecbLazy :: BlockCipher k => k -> ByteString -> ByteString

-- | ECB decrypt, complementary to <a>ecb</a>.
unEcbLazy :: BlockCipher k => k -> ByteString -> ByteString

-- | Ciphertext feed-back encryption mode for lazy bytestrings (with s ==
--   blockSize)
cfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feed-back decryption mode for lazy bytestrings (with s ==
--   blockSize)
unCfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback mode for lazy bytestrings
ofbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback mode for lazy bytestrings
unOfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)
blockSize :: BlockCipher k => Tagged k BitLength
encryptBlock :: BlockCipher k => k -> ByteString -> ByteString
decryptBlock :: BlockCipher k => k -> ByteString -> ByteString
keyLength :: BlockCipher k => Tagged k BitLength

-- | Obtain an <a>IV</a> using the system entropy (see <a>Entropy</a>)
getIVIO :: (BlockCipher k) => IO (IV k)

-- | The number of bytes in a block cipher block
blockSizeBytes :: (BlockCipher k) => Tagged k ByteLength

-- | The number of bytes in a block cipher key (assuming it is an even
--   multiple of 8 bits)
keyLengthBytes :: (BlockCipher k) => Tagged k ByteLength

-- | Build a symmetric key using the system entropy (see <a>Entropy</a>)
buildKeyIO :: (BlockCipher k) => IO k

-- | Asymetric ciphers (common ones being RSA or EC based)
class AsymCipher p v | p -> v, v -> p
publicKeyLength :: AsymCipher p v => p -> BitLength
privateKeyLength :: AsymCipher p v => v -> BitLength
publicKeyLength :: AsymCipher p v => p -> BitLength
privateKeyLength :: AsymCipher p v => v -> BitLength

-- | Build a pair of asymmetric keys using the system random generator.
buildKeyPairIO :: AsymCipher p v => BitLength -> IO (Either GenError (p, v))

-- | A class for signing operations which inherently can not be as generic
--   as asymetric ciphers (ex: DSA).
class (Serialize p, Serialize v) => Signing p v | p -> v, v -> p
verify :: Signing p v => p -> ByteString -> ByteString -> Bool
signingKeyLength :: Signing p v => v -> BitLength
verifyingKeyLength :: Signing p v => p -> BitLength
signingKeyLength :: Signing p v => v -> BitLength
verifyingKeyLength :: Signing p v => p -> BitLength
verify :: Signing p v => p -> ByteString -> ByteString -> Bool

-- | Increase an <a>IV</a> by one. This is way faster than decoding,
--   increasing, encoding
incIV :: BlockCipher k => IV k -> IV k

-- | Obtain an <a>IV</a> made only of zeroes
zeroIV :: (BlockCipher k) => IV k

-- | A class of random bit generators that allows for the possibility of
--   failure, reseeding, providing entropy at the same time as requesting
--   bytes
--   
--   Minimum complete definition: <a>newGen</a>, <a>genSeedLength</a>,
--   <a>genBytes</a>, <a>reseed</a>, <a>reseedInfo</a>,
--   <a>reseedPeriod</a>.
class CryptoRandomGen g where genBytesWithEntropy len entropy g = let res = genBytes len g in case res of { Left err -> Left err Right (bs, g') -> let entropy' = append entropy (replicate (len - length entropy) 0) in Right (zwp' entropy' bs, g') } newGenIO = go 0 where go 1000 = throw $ GenErrorOther $ "The generator instance requested by" ++ "newGenIO never instantiates (1000 tries). " ++ "It must be broken." go i = do { let p = Proxy getTypedGen :: (CryptoRandomGen g) => Proxy g -> IO (Either GenError g) getTypedGen pr = liftM newGen (getEntropy $ proxy genSeedLength pr); res <- getTypedGen p; case res of { Left _ -> go (i + 1) Right g -> return (g `asProxyTypeOf` p) } }

-- | Length of input entropy necessary to instantiate or reseed a generator
genSeedLength :: CryptoRandomGen g => Tagged g ByteLength

-- | Indicates how soon a reseed is needed
reseedInfo :: CryptoRandomGen g => g -> ReseedInfo

-- | Indicates the period between reseeds (constant for most generators).
reseedPeriod :: CryptoRandomGen g => g -> ReseedInfo

-- | By default this uses <a>System.Entropy</a> to obtain entropy for
--   <a>newGen</a>.
newGenIO :: CryptoRandomGen g => IO g

-- | Length of input entropy necessary to instantiate or reseed a generator
genSeedLength :: CryptoRandomGen g => Tagged g ByteLength

-- | Indicates how soon a reseed is needed
reseedInfo :: CryptoRandomGen g => g -> ReseedInfo

-- | Indicates the period between reseeds (constant for most generators).
reseedPeriod :: CryptoRandomGen g => g -> ReseedInfo

-- | By default this uses <a>System.Entropy</a> to obtain entropy for
--   <a>newGen</a>.
newGenIO :: CryptoRandomGen g => IO g

-- | Generator failures should always return the appropriate GenError. Note
--   <a>GenError</a> in an instance of exception but wether or not an
--   exception is thrown depends on if the selected generator (read: if you
--   don't want execptions from code that uses <a>throw</a> then pass in a
--   generator that never has an error for the used functions)
data GenError

-- | Misc
GenErrorOther :: String -> GenError

-- | Requested more bytes than a single pass can generate (The maximum
--   request is generator dependent)
RequestedTooManyBytes :: GenError

-- | When using <tt>genInteger g (l,h)</tt> and <tt>logBase 2 (h - l) &gt;
--   (maxBound :: Int)</tt>.
RangeInvalid :: GenError

-- | Some generators cease operation after too high a count without a
--   reseed (ex: NIST SP 800-90)
NeedReseed :: GenError

-- | For instantiating new generators (or reseeding)
NotEnoughEntropy :: GenError

-- | This generator can not be instantiated or reseeded with a finite seed
--   (ex: <a>SystemRandom</a>)
NeedsInfiniteSeed :: GenError
data ReseedInfo

-- | Generator needs reseeded in X bytes
InXBytes :: {-# UNPACK #-} !Word64 -> ReseedInfo

-- | Generator needs reseeded in X calls
InXCalls :: {-# UNPACK #-} !Word64 -> ReseedInfo

-- | The bound is over 2^64 bytes or calls
NotSoon :: ReseedInfo

-- | This generator never reseeds (ex: <a>SystemRandom</a>)
Never :: ReseedInfo
data CipherError
GenError :: GenError -> CipherError
KeyGenFailure :: CipherError

-- | Electronic Cookbook (encryption)
ecb :: BlockCipher k => k -> ByteString -> ByteString

-- | Electronic Cookbook (decryption)
unEcb :: BlockCipher k => k -> ByteString -> ByteString

-- | Cipherblock Chaining (encryption)
cbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipherblock Chaining (decryption)
unCbc :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (encryption)
ctr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (decryption)
unCtr :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (encryption)
ctrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Counter (decryption)
unCtrLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feedback (encryption)
cfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feedback (decryption)
unCfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback (encryption)
ofb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback (decryption)
unOfb :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipher block chaining encryption for lazy bytestrings
cbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Cipher block chaining decryption for lazy bytestrings
unCbcLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | SIV (Synthetic IV) mode for lazy bytestrings. The third argument is
--   the optional list of bytestrings to be authenticated but not encrypted
--   As required by the specification this algorithm may return nothing
--   when certain constraints aren't met.
sivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) for lazy bytestrings. The third argument is the
--   optional list of bytestrings to be authenticated but not encrypted. As
--   required by the specification this algorithm may return nothing when
--   authentication fails.
unSivLazy :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) mode for strict bytestrings. First argument is the
--   optional list of bytestrings to be authenticated but not encrypted. As
--   required by the specification this algorithm may return nothing when
--   certain constraints aren't met.
siv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | SIV (Synthetic IV) for strict bytestrings First argument is the
--   optional list of bytestrings to be authenticated but not encrypted As
--   required by the specification this algorithm may return nothing when
--   authentication fails.
unSiv :: BlockCipher k => k -> k -> [ByteString] -> ByteString -> Maybe ByteString

-- | Cook book mode - not really a mode at all. If you don't know what
--   you're doing, don't use this mode^H^H^H^H library.
ecbLazy :: BlockCipher k => k -> ByteString -> ByteString

-- | ECB decrypt, complementary to <a>ecb</a>.
unEcbLazy :: BlockCipher k => k -> ByteString -> ByteString

-- | Ciphertext feed-back encryption mode for lazy bytestrings (with s ==
--   blockSize)
cfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Ciphertext feed-back decryption mode for lazy bytestrings (with s ==
--   blockSize)
unCfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback mode for lazy bytestrings
ofbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Output feedback mode for lazy bytestrings
unOfbLazy :: BlockCipher k => k -> IV k -> ByteString -> (ByteString, IV k)

-- | Key construction from raw material (typically including key expansion)
--   
--   This is a wrapper that can throw a <a>CipherError</a> on exception.
buildKey :: BlockCipher k => ByteString -> k

-- | Random <a>IV</a> generation
--   
--   This is a wrapper that can throw a <a>GenError</a> on exception.
getIV :: (BlockCipher k, CryptoRandomGen g) => g -> (IV k, g)

-- | Symmetric key generation
--   
--   This is a wrapper that can throw a <a>GenError</a> on exception.
buildKeyGen :: (CryptoRandomGen g, BlockCipher k) => g -> (k, g)

-- | Asymetric key generation
--   
--   This is a wrapper that can throw a <a>GenError</a> on exception.
buildKeyPair :: (CryptoRandomGen g, AsymCipher p v) => g -> BitLength -> ((p, v), g)

-- | Asymmetric encryption
--   
--   This is a wrapper that can throw a <a>GenError</a> on exception.
encryptAsym :: (CryptoRandomGen g, AsymCipher p v) => g -> p -> ByteString -> (ByteString, g)

-- | Asymmetric decryption
--   
--   This is a wrapper that can throw a GenError on exception.
decryptAsym :: (CryptoRandomGen g, AsymCipher p v) => g -> v -> ByteString -> (ByteString, g)

-- | Instantiate a new random bit generator. The provided bytestring should
--   be of length &gt;= genSeedLength. If the bytestring is shorter then
--   the call may fail (suggested error: <tt>NotEnoughEntropy</tt>). If the
--   bytestring is of sufficent length the call should always succeed.
--   
--   This is a wrapper that can throw <a>GenError</a> types as exceptions.
newGen :: CryptoRandomGen g => ByteString -> g

-- | <tt>genBytes len g</tt> generates a random ByteString of length
--   <tt>len</tt> and new generator. The <tt>MonadCryptoRandom</tt> package
--   has routines useful for converting the ByteString to commonly needed
--   values (but <tt>cereal</tt> or other deserialization libraries would
--   also work).
--   
--   This is a wrapper that can throw <a>GenError</a> types as exceptions.
genBytes :: CryptoRandomGen g => ByteLength -> g -> (ByteString, g)

-- | <tt>genBytesWithEntropy g i entropy</tt> generates <tt>i</tt> random
--   bytes and use the additional input <tt>entropy</tt> in the generation
--   of the requested data to increase the confidence our generated data is
--   a secure random stream.
--   
--   This is a wrapper that can throw <a>GenError</a> types as exceptions.
genBytesWithEntropy :: CryptoRandomGen g => ByteLength -> ByteString -> g -> (ByteString, g)

-- | If the generator has produced too many random bytes on its existing
--   seed it will throw a <tt>NeedReseed</tt> exception. In that case,
--   reseed the generator using this function and a new high-entropy seed
--   of length &gt;= <tt>genSeedLength</tt>. Using bytestrings that are too
--   short can result in an exception (<tt>NotEnoughEntropy</tt>).
reseed :: CryptoRandomGen g => ByteString -> g -> g

-- | While the safety and wisdom of a splitting function depends on the
--   properties of the generator being split, several arguments from
--   informed people indicate such a function is safe for NIST SP 800-90
--   generators. (see libraries@haskell.org discussion around Sept, Oct
--   2010). You can find implementations of such generators in the
--   <tt>DRBG</tt> package.
--   
--   This is a wrapper for <a>splitGen</a> which throws errors as
--   exceptions.
splitGen :: CryptoRandomGen g => g -> (g, g)
instance Data.Data.Data Crypto.Classes.Exceptions.CipherError
instance GHC.Classes.Ord Crypto.Classes.Exceptions.CipherError
instance GHC.Classes.Eq Crypto.Classes.Exceptions.CipherError
instance GHC.Read.Read Crypto.Classes.Exceptions.CipherError
instance GHC.Show.Show Crypto.Classes.Exceptions.CipherError
instance GHC.Exception.Exception Crypto.Classes.Exceptions.CipherError


module Crypto.Modes

-- | Perform doubling as defined by the CMAC and SIV papers
dblIV :: BlockCipher k => IV k -> IV k

-- | Cipher block chaining message authentication
cbcMac' :: BlockCipher k => k -> ByteString -> ByteString

-- | Cipher block chaining message authentication
cbcMac :: BlockCipher k => k -> ByteString -> ByteString

-- | Obtain the cmac for lazy bytestrings
cMac :: BlockCipher k => k -> ByteString -> ByteString

-- | Obtain the cmac for strict bytestrings
cMac' :: BlockCipher k => k -> ByteString -> ByteString
cMacStar :: BlockCipher k => k -> [ByteString] -> ByteString

-- | Obtain the CMAC* on strict bytestrings
cMacStar' :: BlockCipher k => k -> [ByteString] -> ByteString
libghc-crypto-api-doc 0.13.2-7 / usr / share / doc / libghc-crypto-api-doc / html / crypto-api.txt
