| Copyright | (c) simplex.chat |
|---|---|
| License | AGPL-3 |
| Maintainer | chat@simplex.chat |
| Stability | experimental |
| Portability | non-portable |
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Simplex.Messaging.Crypto
Contents
- Cryptographic keys
- key encoding/decoding
- sign/verify
- crypto_box authenticator, as discussed in https://groups.google.com/g/sci.crypt/c/73yb5a9pz2Y/m/LNgRO7IYXOwJ
- DH derivation
- AES256 AEAD-GCM scheme
- NaCl crypto_box
- NaCl crypto_secretbox
- secret_box chains
- pseudo-random bytes
- digests
- Message padding / un-padding
- X509 Certificates
- Cryptography error type
- Limited size ByteStrings
Description
This module provides cryptography implementation for SMP protocols based on cryptonite package.
Synopsis
- data Algorithm
- data SAlgorithm :: Algorithm -> Type where
- data Alg = forall a.AlgorithmI a => Alg (SAlgorithm a)
- data AuthAlg = forall a.(AlgorithmI a, AuthAlgorithm a) => AuthAlg (SAlgorithm a)
- data DhAlg = forall a.(AlgorithmI a, DhAlgorithm a) => DhAlg (SAlgorithm a)
- type family DhAlgorithm (a :: Algorithm) :: Constraint where ...
- data PrivateKey (a :: Algorithm) where
- PrivateKeyEd25519 :: SecretKey -> PrivateKey Ed25519
- PrivateKeyEd448 :: SecretKey -> PrivateKey Ed448
- PrivateKeyX25519 :: SecretKey -> PrivateKey X25519
- PrivateKeyX448 :: SecretKey -> PrivateKey X448
- data PublicKey (a :: Algorithm) where
- PublicKeyEd25519 :: PublicKey -> PublicKey Ed25519
- PublicKeyEd448 :: PublicKey -> PublicKey Ed448
- PublicKeyX25519 :: PublicKey -> PublicKey X25519
- PublicKeyX448 :: PublicKey -> PublicKey X448
- type PrivateKeyEd25519 = PrivateKey Ed25519
- type PublicKeyEd25519 = PublicKey Ed25519
- type PrivateKeyX25519 = PrivateKey X25519
- type PublicKeyX25519 = PublicKey X25519
- type PrivateKeyX448 = PrivateKey X448
- type PublicKeyX448 = PublicKey X448
- data APrivateKey = forall a.AlgorithmI a => APrivateKey (SAlgorithm a) (PrivateKey a)
- data APublicKey = forall a.AlgorithmI a => APublicKey (SAlgorithm a) (PublicKey a)
- data APrivateSignKey = forall a.(AlgorithmI a, SignatureAlgorithm a) => APrivateSignKey (SAlgorithm a) (PrivateKey a)
- data APublicVerifyKey = forall a.(AlgorithmI a, SignatureAlgorithm a) => APublicVerifyKey (SAlgorithm a) (PublicKey a)
- data APrivateDhKey = forall a.(AlgorithmI a, DhAlgorithm a) => APrivateDhKey (SAlgorithm a) (PrivateKey a)
- data APublicDhKey = forall a.(AlgorithmI a, DhAlgorithm a) => APublicDhKey (SAlgorithm a) (PublicKey a)
- data APrivateAuthKey = forall a.(AlgorithmI a, AuthAlgorithm a) => APrivateAuthKey (SAlgorithm a) (PrivateKey a)
- data APublicAuthKey = forall a.(AlgorithmI a, AuthAlgorithm a) => APublicAuthKey (SAlgorithm a) (PublicKey a)
- class CryptoPublicKey k where
- toPubKey :: (forall a. AlgorithmI a => PublicKey a -> b) -> k -> b
- pubKey :: APublicKey -> Either String k
- class CryptoPrivateKey pk where
- type PublicKeyType pk
- toPrivKey :: (forall a. AlgorithmI a => PrivateKey a -> b) -> pk -> b
- privKey :: APrivateKey -> Either String pk
- toPublic :: pk -> PublicKeyType pk
- type AAuthKeyPair = KeyPairType APrivateAuthKey
- type KeyPair a = KeyPairType (PrivateKey a)
- type KeyPairX25519 = KeyPair X25519
- type KeyPairEd25519 = KeyPair Ed25519
- type ASignatureKeyPair = KeyPairType APrivateSignKey
- data DhSecret (a :: Algorithm) where
- DhSecretX25519 :: DhSecret -> DhSecret X25519
- DhSecretX448 :: DhSecret -> DhSecret X448
- type DhSecretX25519 = DhSecret X25519
- data ADhSecret = forall a.(AlgorithmI a, DhAlgorithm a) => ADhSecret (SAlgorithm a) (DhSecret a)
- newtype KeyHash = KeyHash {
- unKeyHash :: ByteString
- newRandom :: IO (TVar ChaChaDRG)
- newRandomDRG :: TVar ChaChaDRG -> STM (TVar ChaChaDRG)
- generateAKeyPair :: AlgorithmI a => SAlgorithm a -> TVar ChaChaDRG -> STM AKeyPair
- generateKeyPair :: forall a. AlgorithmI a => TVar ChaChaDRG -> STM (KeyPair a)
- generateSignatureKeyPair :: (AlgorithmI a, SignatureAlgorithm a) => SAlgorithm a -> TVar ChaChaDRG -> STM ASignatureKeyPair
- generateAuthKeyPair :: (AlgorithmI a, AuthAlgorithm a) => SAlgorithm a -> TVar ChaChaDRG -> STM AAuthKeyPair
- generatePrivateAuthKey :: (AlgorithmI a, AuthAlgorithm a) => SAlgorithm a -> TVar ChaChaDRG -> STM APrivateAuthKey
- generateDhKeyPair :: (AlgorithmI a, DhAlgorithm a) => SAlgorithm a -> TVar ChaChaDRG -> STM ADhKeyPair
- privateToX509 :: PrivateKey a -> PrivKey
- x509ToPublic :: (PubKey, [ASN1]) -> Either String APublicKey
- x509ToPublic' :: CryptoPublicKey k => PubKey -> Either String k
- x509ToPrivate :: (PrivKey, [ASN1]) -> Either String APrivateKey
- x509ToPrivate' :: CryptoPrivateKey k => PrivKey -> Either String k
- publicKey :: PrivateKey a -> PublicKey a
- signatureKeyPair :: APrivateSignKey -> ASignatureKeyPair
- publicToX509 :: PublicKey a -> PubKey
- encodeASNObj :: ASN1Object a => a -> ByteString
- encodePubKey :: CryptoPublicKey k => k -> ByteString
- decodePubKey :: CryptoPublicKey k => ByteString -> Either String k
- encodePrivKey :: CryptoPrivateKey pk => pk -> ByteString
- decodePrivKey :: CryptoPrivateKey k => ByteString -> Either String k
- pubKeyBytes :: PublicKey a -> ByteString
- data Signature (a :: Algorithm) where
- SignatureEd25519 :: Signature -> Signature Ed25519
- SignatureEd448 :: Signature -> Signature Ed448
- data ASignature = forall a.(AlgorithmI a, SignatureAlgorithm a) => ASignature (SAlgorithm a) (Signature a)
- class CryptoSignature s where
- signatureBytes :: s -> ByteString
- decodeSignature :: ByteString -> Either String s
- class SignatureSize s where
- signatureSize :: s -> Int
- type family SignatureAlgorithm (a :: Algorithm) :: Constraint where ...
- type family AuthAlgorithm (a :: Algorithm) :: Constraint where ...
- class AlgorithmI (a :: Algorithm) where
- sAlgorithm :: SAlgorithm a
- sign :: APrivateSignKey -> ByteString -> ASignature
- sign' :: SignatureAlgorithm a => PrivateKey a -> ByteString -> Signature a
- verify :: APublicVerifyKey -> ASignature -> ByteString -> Bool
- verify' :: SignatureAlgorithm a => PublicKey a -> Signature a -> ByteString -> Bool
- validSignatureSize :: Int -> Bool
- checkAlgorithm :: forall t a a'. (AlgorithmI a, AlgorithmI a') => t a' -> Either String (t a)
- newtype CbAuthenticator = CbAuthenticator ByteString
- cbAuthenticatorSize :: Int
- cbAuthenticate :: PublicKeyX25519 -> PrivateKeyX25519 -> CbNonce -> ByteString -> CbAuthenticator
- cbVerify :: PublicKeyX25519 -> PrivateKeyX25519 -> CbNonce -> CbAuthenticator -> ByteString -> Bool
- dh' :: DhAlgorithm a => PublicKey a -> PrivateKey a -> DhSecret a
- dhBytes' :: DhSecret a -> ByteString
- newtype Key = Key {
- unKey :: ByteString
- newtype IV = IV {
- unIV :: ByteString
- data GCMIV
- newtype AuthTag = AuthTag {
- unAuthTag :: AuthTag
- encryptAEAD :: Key -> IV -> Int -> ByteString -> ByteString -> ExceptT CryptoError IO (AuthTag, ByteString)
- decryptAEAD :: Key -> IV -> ByteString -> ByteString -> AuthTag -> ExceptT CryptoError IO ByteString
- encryptAESNoPad :: Key -> GCMIV -> ByteString -> ExceptT CryptoError IO (AuthTag, ByteString)
- decryptAESNoPad :: Key -> GCMIV -> ByteString -> AuthTag -> ExceptT CryptoError IO ByteString
- authTagSize :: Int
- randomAesKey :: TVar ChaChaDRG -> STM Key
- randomGCMIV :: TVar ChaChaDRG -> STM GCMIV
- ivSize :: forall c. BlockCipher c => Int
- gcmIVSize :: Int
- gcmIV :: ByteString -> Either CryptoError GCMIV
- data CbNonce
- pattern CbNonce :: ByteString -> CbNonce
- cbEncrypt :: DhSecret X25519 -> CbNonce -> ByteString -> Int -> Either CryptoError ByteString
- cbEncryptNoPad :: DhSecret X25519 -> CbNonce -> ByteString -> ByteString
- cbEncryptMaxLenBS :: KnownNat i => DhSecret X25519 -> CbNonce -> MaxLenBS i -> ByteString
- cbDecrypt :: DhSecret X25519 -> CbNonce -> ByteString -> Either CryptoError ByteString
- cbDecryptNoPad :: DhSecret X25519 -> CbNonce -> ByteString -> Either CryptoError ByteString
- sbDecrypt_ :: ByteArrayAccess key => key -> CbNonce -> ByteString -> Either CryptoError ByteString
- sbEncrypt_ :: ByteArrayAccess key => key -> CbNonce -> ByteString -> Int -> Either CryptoError ByteString
- sbEncryptNoPad :: SbKey -> CbNonce -> ByteString -> ByteString
- sbDecryptNoPad :: SbKey -> CbNonce -> ByteString -> Either CryptoError ByteString
- cbNonce :: ByteString -> CbNonce
- randomCbNonce :: TVar ChaChaDRG -> STM CbNonce
- reverseNonce :: CbNonce -> CbNonce
- data SbKey
- pattern SbKey :: ByteString -> SbKey
- sbEncrypt :: SbKey -> CbNonce -> ByteString -> Int -> Either CryptoError ByteString
- sbDecrypt :: SbKey -> CbNonce -> ByteString -> Either CryptoError ByteString
- sbKey :: ByteString -> Either String SbKey
- unsafeSbKey :: ByteString -> SbKey
- randomSbKey :: TVar ChaChaDRG -> STM SbKey
- data SbChainKey
- type SbKeyNonce = (SbKey, CbNonce)
- sbcInit :: ByteArrayAccess secret => ByteString -> secret -> (SbChainKey, SbChainKey)
- sbcHkdf :: SbChainKey -> (SbKeyNonce, SbChainKey)
- hkdf :: ByteArrayAccess secret => ByteString -> secret -> ByteString -> Int -> ByteString
- randomBytes :: Int -> TVar ChaChaDRG -> STM ByteString
- sha256Hash :: ByteString -> ByteString
- sha512Hash :: ByteString -> ByteString
- sha3_256 :: ByteString -> ByteString
- sha3_384 :: ByteString -> ByteString
- canPad :: Int -> Int -> Bool
- pad :: ByteString -> Int -> Either CryptoError ByteString
- unPad :: ByteString -> Either CryptoError ByteString
- signCertificate :: APrivateSignKey -> Certificate -> SignedCertificate
- signX509 :: (ASN1Object o, Eq o, Show o) => APrivateSignKey -> o -> SignedExact o
- verifyX509 :: (ASN1Object o, Eq o, Show o) => APublicVerifyKey -> SignedExact o -> Either String o
- certificateFingerprint :: SignedCertificate -> KeyHash
- signedFingerprint :: (ASN1Object o, Eq o, Show o) => SignedExact o -> KeyHash
- class SignatureAlgorithmX509 a where
- signatureAlgorithmX509 :: a -> SignatureALG
- newtype SignedObject a = SignedObject {
- getSignedExact :: SignedExact a
- encodeCertChain :: CertificateChain -> NonEmpty Large
- certChainP :: Parser CertificateChain
- data CryptoError
- = AESCipherError CryptoError
- | CryptoIVError
- | AESDecryptError
- | CBDecryptError
- | CryptoPoly1305Error CryptoError
- | CryptoLargeMsgError
- | CryptoInvalidMsgError
- | CryptoHeaderError String
- | CERatchetState
- | CERatchetKEMState
- | CERatchetHeader
- | CERatchetTooManySkipped Word32
- | CERatchetEarlierMessage Word32
- | CERatchetDuplicateMessage
- data MaxLenBS (i :: Nat)
- pattern MaxLenBS :: ByteString -> MaxLenBS i
- maxLenBS :: forall i. KnownNat i => ByteString -> Either CryptoError (MaxLenBS i)
- unsafeMaxLenBS :: forall i. KnownNat i => ByteString -> MaxLenBS i
- appendMaxLenBS :: (KnownNat i, KnownNat j) => MaxLenBS i -> MaxLenBS j -> MaxLenBS (i + j)
Cryptographic keys
Cryptographic algorithms.
Instances
| TestEquality SAlgorithm Source # | |
Defined in Simplex.Messaging.Crypto Methods testEquality :: forall (a :: k) (b :: k). SAlgorithm a -> SAlgorithm b -> Maybe (a :~: b) | |
| (AlgorithmI a, Typeable a) => FromField (MsgEncryptKey a) Source # | |
Defined in Simplex.Messaging.Crypto.Ratchet Methods fromField :: FieldParser (MsgEncryptKey a) # | |
| AlgorithmI a => ToField (MsgEncryptKey a) Source # | |
Defined in Simplex.Messaging.Crypto.Ratchet Methods toField :: MsgEncryptKey a -> SQLData # | |
data SAlgorithm :: Algorithm -> Type where Source #
Singleton types for Algorithm.
Constructors
| SEd25519 :: SAlgorithm Ed25519 | |
| SEd448 :: SAlgorithm Ed448 | |
| SX25519 :: SAlgorithm X25519 | |
| SX448 :: SAlgorithm X448 |
Instances
| TestEquality SAlgorithm Source # | |
Defined in Simplex.Messaging.Crypto Methods testEquality :: forall (a :: k) (b :: k). SAlgorithm a -> SAlgorithm b -> Maybe (a :~: b) | |
| Show (SAlgorithm a) Source # | |
Defined in Simplex.Messaging.Crypto Methods showsPrec :: Int -> SAlgorithm a -> ShowS show :: SAlgorithm a -> String showList :: [SAlgorithm a] -> ShowS | |
| SignatureAlgorithm a => SignatureAlgorithmX509 (SAlgorithm a) Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureAlgorithmX509 :: SAlgorithm a -> SignatureALG Source # | |
Constructors
| forall a.AlgorithmI a => Alg (SAlgorithm a) |
Constructors
| forall a.(AlgorithmI a, AuthAlgorithm a) => AuthAlg (SAlgorithm a) |
Constructors
| forall a.(AlgorithmI a, DhAlgorithm a) => DhAlg (SAlgorithm a) |
type family DhAlgorithm (a :: Algorithm) :: Constraint where ... Source #
Equations
| DhAlgorithm X25519 = () | |
| DhAlgorithm X448 = () | |
| DhAlgorithm a = (Int ~ Bool, TypeError ((Text "Algorithm " :<>: ShowType a) :<>: Text " cannot be used for DH exchange")) |
data PrivateKey (a :: Algorithm) where Source #
GADT for private keys.
Constructors
| PrivateKeyEd25519 :: SecretKey -> PrivateKey Ed25519 | |
| PrivateKeyEd448 :: SecretKey -> PrivateKey Ed448 | |
| PrivateKeyX25519 :: SecretKey -> PrivateKey X25519 | |
| PrivateKeyX448 :: SecretKey -> PrivateKey X448 |
Instances
data PublicKey (a :: Algorithm) where Source #
GADT for public keys.
Constructors
| PublicKeyEd25519 :: PublicKey -> PublicKey Ed25519 | |
| PublicKeyEd448 :: PublicKey -> PublicKey Ed448 | |
| PublicKeyX25519 :: PublicKey -> PublicKey X25519 | |
| PublicKeyX448 :: PublicKey -> PublicKey X448 |
Instances
type PrivateKeyEd25519 = PrivateKey Ed25519 Source #
type PublicKeyEd25519 = PublicKey Ed25519 Source #
type PrivateKeyX25519 = PrivateKey X25519 Source #
type PublicKeyX25519 = PublicKey X25519 Source #
type PrivateKeyX448 = PrivateKey X448 Source #
type PublicKeyX448 = PublicKey X448 Source #
data APrivateKey Source #
Constructors
| forall a.AlgorithmI a => APrivateKey (SAlgorithm a) (PrivateKey a) |
Instances
| Show APrivateKey Source # | |
Defined in Simplex.Messaging.Crypto Methods showsPrec :: Int -> APrivateKey -> ShowS show :: APrivateKey -> String showList :: [APrivateKey] -> ShowS | |
| CryptoPrivateKey APrivateKey Source # | |
Defined in Simplex.Messaging.Crypto Associated Types type PublicKeyType APrivateKey Source # Methods toPrivKey :: (forall (a :: Algorithm). AlgorithmI a => PrivateKey a -> b) -> APrivateKey -> b Source # privKey :: APrivateKey -> Either String APrivateKey Source # toPublic :: APrivateKey -> PublicKeyType APrivateKey Source # | |
| type PublicKeyType APrivateKey Source # | |
Defined in Simplex.Messaging.Crypto | |
data APublicKey Source #
Constructors
| forall a.AlgorithmI a => APublicKey (SAlgorithm a) (PublicKey a) |
Instances
| Show APublicKey Source # | |
Defined in Simplex.Messaging.Crypto Methods showsPrec :: Int -> APublicKey -> ShowS show :: APublicKey -> String showList :: [APublicKey] -> ShowS | |
| CryptoPublicKey APublicKey Source # | |
Defined in Simplex.Messaging.Crypto Methods toPubKey :: (forall (a :: Algorithm). AlgorithmI a => PublicKey a -> b) -> APublicKey -> b Source # pubKey :: APublicKey -> Either String APublicKey Source # | |
| Encoding APublicKey Source # | |
Defined in Simplex.Messaging.Crypto Methods smpEncode :: APublicKey -> ByteString Source # smpDecode :: ByteString -> Either String APublicKey Source # smpP :: Parser APublicKey Source # | |
data APrivateSignKey Source #
Constructors
| forall a.(AlgorithmI a, SignatureAlgorithm a) => APrivateSignKey (SAlgorithm a) (PrivateKey a) |
Instances
data APublicVerifyKey Source #
Constructors
| forall a.(AlgorithmI a, SignatureAlgorithm a) => APublicVerifyKey (SAlgorithm a) (PublicKey a) |
Instances
data APrivateDhKey Source #
Constructors
| forall a.(AlgorithmI a, DhAlgorithm a) => APrivateDhKey (SAlgorithm a) (PrivateKey a) |
Instances
| Show APrivateDhKey Source # | |
Defined in Simplex.Messaging.Crypto Methods showsPrec :: Int -> APrivateDhKey -> ShowS show :: APrivateDhKey -> String showList :: [APrivateDhKey] -> ShowS | |
| CryptoPrivateKey APrivateDhKey Source # | |
Defined in Simplex.Messaging.Crypto Associated Types Methods toPrivKey :: (forall (a :: Algorithm). AlgorithmI a => PrivateKey a -> b) -> APrivateDhKey -> b Source # privKey :: APrivateKey -> Either String APrivateDhKey Source # toPublic :: APrivateDhKey -> PublicKeyType APrivateDhKey Source # | |
| FromField APrivateDhKey Source # | |
Defined in Simplex.Messaging.Crypto Methods fromField :: FieldParser APrivateDhKey # | |
| ToField APrivateDhKey Source # | |
Defined in Simplex.Messaging.Crypto Methods toField :: APrivateDhKey -> SQLData # | |
| type PublicKeyType APrivateDhKey Source # | |
Defined in Simplex.Messaging.Crypto | |
data APublicDhKey Source #
Constructors
| forall a.(AlgorithmI a, DhAlgorithm a) => APublicDhKey (SAlgorithm a) (PublicKey a) |
Instances
data APrivateAuthKey Source #
Constructors
| forall a.(AlgorithmI a, AuthAlgorithm a) => APrivateAuthKey (SAlgorithm a) (PrivateKey a) |
Instances
data APublicAuthKey Source #
Constructors
| forall a.(AlgorithmI a, AuthAlgorithm a) => APublicAuthKey (SAlgorithm a) (PublicKey a) |
Instances
class CryptoPublicKey k where Source #
Class for public key types
Methods
toPubKey :: (forall a. AlgorithmI a => PublicKey a -> b) -> k -> b Source #
pubKey :: APublicKey -> Either String k Source #
Instances
class CryptoPrivateKey pk where Source #
Associated Types
type PublicKeyType pk Source #
Methods
toPrivKey :: (forall a. AlgorithmI a => PrivateKey a -> b) -> pk -> b Source #
privKey :: APrivateKey -> Either String pk Source #
toPublic :: pk -> PublicKeyType pk Source #
Instances
type AAuthKeyPair = KeyPairType APrivateAuthKey Source #
type KeyPair a = KeyPairType (PrivateKey a) Source #
type KeyPairX25519 = KeyPair X25519 Source #
type KeyPairEd25519 = KeyPair Ed25519 Source #
type ASignatureKeyPair = KeyPairType APrivateSignKey Source #
data DhSecret (a :: Algorithm) where Source #
Constructors
| DhSecretX25519 :: DhSecret -> DhSecret X25519 | |
| DhSecretX448 :: DhSecret -> DhSecret X448 |
Instances
| AlgorithmI a => IsString (DhSecret a) Source # | |
Defined in Simplex.Messaging.Crypto Methods fromString :: String -> DhSecret a | |
| Show (DhSecret a) Source # | |
| Eq (DhSecret a) Source # | |
| AlgorithmI a => StrEncoding (DhSecret a) Source # | |
| (Typeable a, AlgorithmI a) => FromField (DhSecret a) Source # | |
Defined in Simplex.Messaging.Crypto | |
| ToField (DhSecret a) Source # | |
Defined in Simplex.Messaging.Crypto | |
type DhSecretX25519 = DhSecret X25519 Source #
Constructors
| forall a.(AlgorithmI a, DhAlgorithm a) => ADhSecret (SAlgorithm a) (DhSecret a) |
Certificate fingerpint newtype.
Previously was used for server's public key hash in ad-hoc transport scheme, kept as is for compatibility.
Instances
| FromJSON KeyHash Source # | |
Defined in Simplex.Messaging.Crypto Methods parseJSON :: Value -> Parser KeyHash parseJSONList :: Value -> Parser [KeyHash] omittedField :: Maybe KeyHash | |
| ToJSON KeyHash Source # | |
Defined in Simplex.Messaging.Crypto Methods toEncoding :: KeyHash -> Encoding toJSONList :: [KeyHash] -> Value toEncodingList :: [KeyHash] -> Encoding | |
| IsString KeyHash Source # | |
Defined in Simplex.Messaging.Crypto Methods fromString :: String -> KeyHash | |
| Show KeyHash Source # | |
| Eq KeyHash Source # | |
| Ord KeyHash Source # | |
| Encoding KeyHash Source # | |
| StrEncoding KeyHash Source # | |
| FromField KeyHash Source # | |
Defined in Simplex.Messaging.Crypto | |
| ToField KeyHash Source # | |
Defined in Simplex.Messaging.Crypto | |
newRandomDRG :: TVar ChaChaDRG -> STM (TVar ChaChaDRG) Source #
generateAKeyPair :: AlgorithmI a => SAlgorithm a -> TVar ChaChaDRG -> STM AKeyPair Source #
generateKeyPair :: forall a. AlgorithmI a => TVar ChaChaDRG -> STM (KeyPair a) Source #
generateSignatureKeyPair :: (AlgorithmI a, SignatureAlgorithm a) => SAlgorithm a -> TVar ChaChaDRG -> STM ASignatureKeyPair Source #
generateAuthKeyPair :: (AlgorithmI a, AuthAlgorithm a) => SAlgorithm a -> TVar ChaChaDRG -> STM AAuthKeyPair Source #
generatePrivateAuthKey :: (AlgorithmI a, AuthAlgorithm a) => SAlgorithm a -> TVar ChaChaDRG -> STM APrivateAuthKey Source #
generateDhKeyPair :: (AlgorithmI a, DhAlgorithm a) => SAlgorithm a -> TVar ChaChaDRG -> STM ADhKeyPair Source #
privateToX509 :: PrivateKey a -> PrivKey Source #
x509ToPublic :: (PubKey, [ASN1]) -> Either String APublicKey Source #
x509ToPublic' :: CryptoPublicKey k => PubKey -> Either String k Source #
x509ToPrivate :: (PrivKey, [ASN1]) -> Either String APrivateKey Source #
x509ToPrivate' :: CryptoPrivateKey k => PrivKey -> Either String k Source #
publicKey :: PrivateKey a -> PublicKey a Source #
signatureKeyPair :: APrivateSignKey -> ASignatureKeyPair Source #
Expand signature private key to a key pair.
publicToX509 :: PublicKey a -> PubKey Source #
encodeASNObj :: ASN1Object a => a -> ByteString Source #
key encoding/decoding
encodePubKey :: CryptoPublicKey k => k -> ByteString Source #
decodePubKey :: CryptoPublicKey k => ByteString -> Either String k Source #
encodePrivKey :: CryptoPrivateKey pk => pk -> ByteString Source #
decodePrivKey :: CryptoPrivateKey k => ByteString -> Either String k Source #
pubKeyBytes :: PublicKey a -> ByteString Source #
sign/verify
data Signature (a :: Algorithm) where Source #
Constructors
| SignatureEd25519 :: Signature -> Signature Ed25519 | |
| SignatureEd448 :: Signature -> Signature Ed448 |
Instances
data ASignature Source #
Constructors
| forall a.(AlgorithmI a, SignatureAlgorithm a) => ASignature (SAlgorithm a) (Signature a) |
Instances
| IsString ASignature Source # | |
Defined in Simplex.Messaging.Crypto Methods fromString :: String -> ASignature | |
| Show ASignature Source # | |
Defined in Simplex.Messaging.Crypto Methods showsPrec :: Int -> ASignature -> ShowS show :: ASignature -> String showList :: [ASignature] -> ShowS | |
| CryptoSignature ASignature Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureBytes :: ASignature -> ByteString Source # decodeSignature :: ByteString -> Either String ASignature Source # | |
| SignatureSize ASignature Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureSize :: ASignature -> Int Source # | |
| CryptoSignature (Maybe ASignature) Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureBytes :: Maybe ASignature -> ByteString Source # decodeSignature :: ByteString -> Either String (Maybe ASignature) Source # | |
class CryptoSignature s where Source #
Methods
signatureBytes :: s -> ByteString Source #
decodeSignature :: ByteString -> Either String s Source #
Instances
| CryptoSignature ASignature Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureBytes :: ASignature -> ByteString Source # decodeSignature :: ByteString -> Either String ASignature Source # | |
| AlgorithmI a => CryptoSignature (Signature a) Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureBytes :: Signature a -> ByteString Source # decodeSignature :: ByteString -> Either String (Signature a) Source # | |
| CryptoSignature (Maybe ASignature) Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureBytes :: Maybe ASignature -> ByteString Source # decodeSignature :: ByteString -> Either String (Maybe ASignature) Source # | |
class SignatureSize s where Source #
Methods
signatureSize :: s -> Int Source #
Instances
| SignatureSize APrivateSignKey Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureSize :: APrivateSignKey -> Int Source # | |
| SignatureSize APublicVerifyKey Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureSize :: APublicVerifyKey -> Int Source # | |
| SignatureSize ASignature Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureSize :: ASignature -> Int Source # | |
| SignatureAlgorithm a => SignatureSize (PrivateKey a) Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureSize :: PrivateKey a -> Int Source # | |
| SignatureAlgorithm a => SignatureSize (PublicKey a) Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureSize :: PublicKey a -> Int Source # | |
| SignatureSize (Signature a) Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureSize :: Signature a -> Int Source # | |
type family SignatureAlgorithm (a :: Algorithm) :: Constraint where ... Source #
Equations
| SignatureAlgorithm Ed25519 = () | |
| SignatureAlgorithm Ed448 = () | |
| SignatureAlgorithm a = (Int ~ Bool, TypeError ((Text "Algorithm " :<>: ShowType a) :<>: Text " cannot be used to sign/verify")) |
type family AuthAlgorithm (a :: Algorithm) :: Constraint where ... Source #
Equations
| AuthAlgorithm Ed25519 = () | |
| AuthAlgorithm Ed448 = () | |
| AuthAlgorithm X25519 = () | |
| AuthAlgorithm a = (Int ~ Bool, TypeError ((Text "Algorithm " :<>: ShowType a) :<>: Text " cannot be used for authorization")) |
class AlgorithmI (a :: Algorithm) where Source #
Methods
sAlgorithm :: SAlgorithm a Source #
Instances
| AlgorithmI 'Ed25519 Source # | |
Defined in Simplex.Messaging.Crypto Methods | |
| AlgorithmI 'Ed448 Source # | |
Defined in Simplex.Messaging.Crypto Methods sAlgorithm :: SAlgorithm 'Ed448 Source # | |
| AlgorithmI 'X25519 Source # | |
Defined in Simplex.Messaging.Crypto Methods | |
| AlgorithmI 'X448 Source # | |
Defined in Simplex.Messaging.Crypto Methods sAlgorithm :: SAlgorithm 'X448 Source # | |
sign :: APrivateSignKey -> ByteString -> ASignature Source #
sign' :: SignatureAlgorithm a => PrivateKey a -> ByteString -> Signature a Source #
Message signing.
Used by SMP clients to sign SMP commands and by SMP agents to sign messages.
verify :: APublicVerifyKey -> ASignature -> ByteString -> Bool Source #
verify' :: SignatureAlgorithm a => PublicKey a -> Signature a -> ByteString -> Bool Source #
Signature verification.
Used by SMP servers to authorize SMP commands and by SMP agents to verify messages.
validSignatureSize :: Int -> Bool Source #
checkAlgorithm :: forall t a a'. (AlgorithmI a, AlgorithmI a') => t a' -> Either String (t a) Source #
crypto_box authenticator, as discussed in https://groups.google.com/g/sci.crypt/c/73yb5a9pz2Y/m/LNgRO7IYXOwJ
newtype CbAuthenticator Source #
Constructors
| CbAuthenticator ByteString |
Instances
| Show CbAuthenticator Source # | |
Defined in Simplex.Messaging.Crypto Methods showsPrec :: Int -> CbAuthenticator -> ShowS show :: CbAuthenticator -> String showList :: [CbAuthenticator] -> ShowS | |
| Eq CbAuthenticator Source # | |
Defined in Simplex.Messaging.Crypto Methods (==) :: CbAuthenticator -> CbAuthenticator -> Bool (/=) :: CbAuthenticator -> CbAuthenticator -> Bool | |
cbAuthenticatorSize :: Int Source #
cbAuthenticate :: PublicKeyX25519 -> PrivateKeyX25519 -> CbNonce -> ByteString -> CbAuthenticator Source #
cbVerify :: PublicKeyX25519 -> PrivateKeyX25519 -> CbNonce -> CbAuthenticator -> ByteString -> Bool Source #
DH derivation
dh' :: DhAlgorithm a => PublicKey a -> PrivateKey a -> DhSecret a Source #
AES256 AEAD-GCM scheme
AES key newtype.
Instances
| FromJSON Key Source # | |
Defined in Simplex.Messaging.Crypto Methods parseJSON :: Value -> Parser Key parseJSONList :: Value -> Parser [Key] omittedField :: Maybe Key | |
| ToJSON Key Source # | |
Defined in Simplex.Messaging.Crypto | |
| Show Key Source # | |
| Eq Key Source # | |
| Ord Key Source # | |
| FromField Key Source # | |
Defined in Simplex.Messaging.Crypto | |
| ToField Key Source # | |
Defined in Simplex.Messaging.Crypto | |
IV bytes newtype.
Instances
| FromJSON IV Source # | |
Defined in Simplex.Messaging.Crypto | |
| ToJSON IV Source # | |
Defined in Simplex.Messaging.Crypto | |
| Show IV Source # | |
| Eq IV Source # | |
| Encoding IV Source # | |
encryptAEAD :: Key -> IV -> Int -> ByteString -> ByteString -> ExceptT CryptoError IO (AuthTag, ByteString) Source #
AEAD-GCM encryption with associated data.
Used as part of double ratchet encryption. This function requires 16 bytes IV, it transforms IV in cryptonite_aes_gcm_init here: https://github.com/haskell-crypto/cryptonite/blob/master/cbits/cryptonite_aes.c
decryptAEAD :: Key -> IV -> ByteString -> ByteString -> AuthTag -> ExceptT CryptoError IO ByteString Source #
AEAD-GCM decryption with associated data.
Used as part of double ratchet encryption. This function requires 16 bytes IV, it transforms IV in cryptonite_aes_gcm_init here: https://github.com/haskell-crypto/cryptonite/blob/master/cbits/cryptonite_aes.c To make it compatible with WebCrypto we will need to start using initAEADGCM.
encryptAESNoPad :: Key -> GCMIV -> ByteString -> ExceptT CryptoError IO (AuthTag, ByteString) Source #
decryptAESNoPad :: Key -> GCMIV -> ByteString -> AuthTag -> ExceptT CryptoError IO ByteString Source #
authTagSize :: Int Source #
randomAesKey :: TVar ChaChaDRG -> STM Key Source #
Random AES256 key.
randomGCMIV :: TVar ChaChaDRG -> STM GCMIV Source #
gcmIV :: ByteString -> Either CryptoError GCMIV Source #
NaCl crypto_box
Instances
| FromJSON CbNonce Source # | |
Defined in Simplex.Messaging.Crypto Methods parseJSON :: Value -> Parser CbNonce parseJSONList :: Value -> Parser [CbNonce] omittedField :: Maybe CbNonce | |
| ToJSON CbNonce Source # | |
Defined in Simplex.Messaging.Crypto Methods toEncoding :: CbNonce -> Encoding toJSONList :: [CbNonce] -> Value toEncodingList :: [CbNonce] -> Encoding | |
| Show CbNonce Source # | |
| Eq CbNonce Source # | |
| Encoding CbNonce Source # | |
| StrEncoding CbNonce Source # | |
| FromField CbNonce Source # | |
Defined in Simplex.Messaging.Crypto | |
| ToField CbNonce Source # | |
Defined in Simplex.Messaging.Crypto | |
cbEncrypt :: DhSecret X25519 -> CbNonce -> ByteString -> Int -> Either CryptoError ByteString Source #
NaCl crypto_box encrypt with padding with a shared DH secret and 192-bit nonce.
cbEncryptNoPad :: DhSecret X25519 -> CbNonce -> ByteString -> ByteString Source #
NaCl crypto_box encrypt with a shared DH secret and 192-bit nonce (without padding).
cbEncryptMaxLenBS :: KnownNat i => DhSecret X25519 -> CbNonce -> MaxLenBS i -> ByteString Source #
NaCl crypto_box encrypt with a shared DH secret and 192-bit nonce.
cbDecrypt :: DhSecret X25519 -> CbNonce -> ByteString -> Either CryptoError ByteString Source #
NaCl crypto_box decrypt with a shared DH secret and 192-bit nonce.
cbDecryptNoPad :: DhSecret X25519 -> CbNonce -> ByteString -> Either CryptoError ByteString Source #
NaCl crypto_box decrypt with a shared DH secret and 192-bit nonce (without unpadding).
sbDecrypt_ :: ByteArrayAccess key => key -> CbNonce -> ByteString -> Either CryptoError ByteString Source #
NaCl crypto_box decrypt with a shared DH secret and 192-bit nonce.
sbEncrypt_ :: ByteArrayAccess key => key -> CbNonce -> ByteString -> Int -> Either CryptoError ByteString Source #
sbEncryptNoPad :: SbKey -> CbNonce -> ByteString -> ByteString Source #
sbDecryptNoPad :: SbKey -> CbNonce -> ByteString -> Either CryptoError ByteString Source #
randomCbNonce :: TVar ChaChaDRG -> STM CbNonce Source #
reverseNonce :: CbNonce -> CbNonce Source #
NaCl crypto_secretbox
Instances
| FromJSON SbKey Source # | |
Defined in Simplex.Messaging.Crypto Methods parseJSON :: Value -> Parser SbKey parseJSONList :: Value -> Parser [SbKey] omittedField :: Maybe SbKey | |
| ToJSON SbKey Source # | |
Defined in Simplex.Messaging.Crypto Methods toEncoding :: SbKey -> Encoding toJSONList :: [SbKey] -> Value toEncodingList :: [SbKey] -> Encoding | |
| Show SbKey Source # | |
| Eq SbKey Source # | |
| StrEncoding SbKey Source # | |
| FromField SbKey Source # | |
Defined in Simplex.Messaging.Crypto | |
| ToField SbKey Source # | |
Defined in Simplex.Messaging.Crypto | |
sbEncrypt :: SbKey -> CbNonce -> ByteString -> Int -> Either CryptoError ByteString Source #
NaCl secret_box encrypt with a symmetric 256-bit key and 192-bit nonce.
sbDecrypt :: SbKey -> CbNonce -> ByteString -> Either CryptoError ByteString Source #
NaCl secret_box decrypt with a symmetric 256-bit key and 192-bit nonce.
unsafeSbKey :: ByteString -> SbKey Source #
randomSbKey :: TVar ChaChaDRG -> STM SbKey Source #
secret_box chains
data SbChainKey Source #
Instances
| Show SbChainKey Source # | |
Defined in Simplex.Messaging.Crypto Methods showsPrec :: Int -> SbChainKey -> ShowS show :: SbChainKey -> String showList :: [SbChainKey] -> ShowS | |
| Eq SbChainKey Source # | |
Defined in Simplex.Messaging.Crypto | |
type SbKeyNonce = (SbKey, CbNonce) Source #
sbcInit :: ByteArrayAccess secret => ByteString -> secret -> (SbChainKey, SbChainKey) Source #
sbcHkdf :: SbChainKey -> (SbKeyNonce, SbChainKey) Source #
pseudo-random bytes
randomBytes :: Int -> TVar ChaChaDRG -> STM ByteString Source #
digests
sha256Hash :: ByteString -> ByteString Source #
SHA256 digest.
sha512Hash :: ByteString -> ByteString Source #
SHA512 digest.
Message padding / un-padding
pad :: ByteString -> Int -> Either CryptoError ByteString Source #
unPad :: ByteString -> Either CryptoError ByteString Source #
X509 Certificates
signCertificate :: APrivateSignKey -> Certificate -> SignedCertificate Source #
signX509 :: (ASN1Object o, Eq o, Show o) => APrivateSignKey -> o -> SignedExact o Source #
verifyX509 :: (ASN1Object o, Eq o, Show o) => APublicVerifyKey -> SignedExact o -> Either String o Source #
certificateFingerprint :: SignedCertificate -> KeyHash Source #
signedFingerprint :: (ASN1Object o, Eq o, Show o) => SignedExact o -> KeyHash Source #
class SignatureAlgorithmX509 a where Source #
Methods
signatureAlgorithmX509 :: a -> SignatureALG Source #
Instances
| SignatureAlgorithmX509 APrivateSignKey Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureAlgorithmX509 :: APrivateSignKey -> SignatureALG Source # | |
| SignatureAlgorithmX509 APublicVerifyKey Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureAlgorithmX509 :: APublicVerifyKey -> SignatureALG Source # | |
| SignatureAlgorithm a => SignatureAlgorithmX509 (SAlgorithm a) Source # | |
Defined in Simplex.Messaging.Crypto Methods signatureAlgorithmX509 :: SAlgorithm a -> SignatureALG Source # | |
| SignatureAlgorithmX509 pk => SignatureAlgorithmX509 (a, pk) Source # | An instance for |
Defined in Simplex.Messaging.Crypto Methods signatureAlgorithmX509 :: (a, pk) -> SignatureALG Source # | |
newtype SignedObject a Source #
A wrapper to marshall signed ASN1 objects, like certificates.
Constructors
| SignedObject | |
Fields
| |
Instances
| (Eq a, Show a, ASN1Object a) => Encoding (SignedObject a) Source # | |
Defined in Simplex.Messaging.Crypto Methods smpEncode :: SignedObject a -> ByteString Source # smpDecode :: ByteString -> Either String (SignedObject a) Source # smpP :: Parser (SignedObject a) Source # | |
| (Typeable a, Eq a, Show a, ASN1Object a) => FromField (SignedObject a) Source # | |
Defined in Simplex.Messaging.Crypto Methods fromField :: FieldParser (SignedObject a) # | |
| (Eq a, Show a, ASN1Object a) => ToField (SignedObject a) Source # | |
Defined in Simplex.Messaging.Crypto Methods toField :: SignedObject a -> SQLData # | |
encodeCertChain :: CertificateChain -> NonEmpty Large Source #
certChainP :: Parser CertificateChain Source #
Cryptography error type
data CryptoError Source #
Various cryptographic or related errors.
Constructors
| AESCipherError CryptoError | AES initialization error |
| CryptoIVError | IV generation error |
| AESDecryptError | AES decryption error |
| CBDecryptError | |
| CryptoPoly1305Error CryptoError | |
| CryptoLargeMsgError | message is larger that allowed padded length minus 2 (to prepend message length) (or required un-padded length is larger than the message length) |
| CryptoInvalidMsgError | padded message is shorter than 2 bytes |
| CryptoHeaderError String | failure parsing message header |
| CERatchetState | no sending chain key in ratchet state |
| CERatchetKEMState | no decapsulation key in ratchet state |
| CERatchetHeader | header decryption error (could indicate that another key should be tried) |
| CERatchetTooManySkipped Word32 | too many skipped messages |
| CERatchetEarlierMessage Word32 | earlier message number (or, possibly, skipped message that failed to decrypt?) |
| CERatchetDuplicateMessage | duplicate message number |
Instances
| Exception CryptoError Source # | |
Defined in Simplex.Messaging.Crypto Methods toException :: CryptoError -> SomeException fromException :: SomeException -> Maybe CryptoError displayException :: CryptoError -> String | |
| Show CryptoError Source # | |
Defined in Simplex.Messaging.Crypto Methods showsPrec :: Int -> CryptoError -> ShowS show :: CryptoError -> String showList :: [CryptoError] -> ShowS | |
| Eq CryptoError Source # | |
Defined in Simplex.Messaging.Crypto | |
Limited size ByteStrings
maxLenBS :: forall i. KnownNat i => ByteString -> Either CryptoError (MaxLenBS i) Source #
unsafeMaxLenBS :: forall i. KnownNat i => ByteString -> MaxLenBS i Source #