libghc-cryptonite-doc 0.10-1 / usr / share / doc / libghc-cryptonite-doc / html / cryptonite.txt

-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Cryptography Primitives sink
--   
--   A repository of cryptographic primitives.
--   
--   <ul>
--   <li>Symmetric ciphers: AES, DES, 3DES, Blowfish, Camellia, RC4, Salsa,
--   ChaCha.</li>
--   <li>Hash: SHA1, SHA2, SHA3, MD2, MD4, MD5, Keccak, Skein, Ripemd,
--   Tiger, Whirlpool, Blake2</li>
--   <li>MAC: HMAC, Poly1305</li>
--   <li>Assymmetric crypto: DSA, RSA, DH, ECDH, ECDSA, ECC, Curve25519,
--   Ed25519</li>
--   <li>Key Derivation Function: PBKDF2, Scrypt</li>
--   <li>Cryptographic Random generation: System Entropy, Deterministic
--   Random Generator</li>
--   <li>Data related: Anti-Forensic Information Splitter (AFIS)</li>
--   </ul>
--   
--   If anything cryptographic related is missing from here, submit a pull
--   request to have it added. This package strive to be a cryptographic
--   kitchen sink that provides cryptography for everyone.
--   
--   Evaluate the security related to your requirements before using.
@package cryptonite
@version 0.10


module Crypto.Random.Entropy.Unsafe

-- | Refill the entropy in a buffer
--   
--   call each entropy backend in turn until the buffer has been replenish.
--   
--   If the buffer cannot be refill after 3 loopings, this will raise an
--   User Error exception
replenish :: Int -> [EntropyBackend] -> Ptr Word8 -> IO ()

-- | Any Entropy Backend
data EntropyBackend

-- | All supported backends
supportedBackends :: [IO (Maybe EntropyBackend)]

-- | Gather randomness from an open handle
gatherBackend :: EntropyBackend -> Ptr Word8 -> Int -> IO Int


module Crypto.Number.Basic

-- | sqrti returns two integer (l,b) so that l &lt;= sqrt i &lt;= b the
--   implementation is quite naive, use an approximation for the first
--   number and use a dichotomy algorithm to compute the bound relatively
--   efficiently.
sqrti :: Integer -> (Integer, Integer)

-- | get the extended GCD of two integer using integer divMod
--   
--   gcde <tt>a</tt> <tt>b</tt> find (x,y,gcd(a,b)) where ax + by = d
gcde :: Integer -> Integer -> (Integer, Integer, Integer)

-- | check if a list of integer are all even
areEven :: [Integer] -> Bool

-- | Compute the binary logarithm of a integer
log2 :: Integer -> Int

-- | Compute the number of bits for an integer
numBits :: Integer -> Int

-- | Compute the number of bytes for an integer
numBytes :: Integer -> Int


module Crypto.Number.ModArithmetic

-- | Compute the modular exponentiation of base^exponant using algorithms
--   design to avoid side channels and timing measurement
--   
--   Modulo need to be odd otherwise the normal fast modular exponentiation
--   is used.
--   
--   When used with integer-simple, this function is not different from
--   expFast, and thus provide the same unstudied and dubious timing and
--   side channels claims.
--   
--   with GHC 7.10, the powModSecInteger is missing from integer-gmp (which
--   is now integer-gmp2), so is has the same security as old ghc version.
expSafe :: Integer -> Integer -> Integer -> Integer

-- | Compute the modular exponentiation of base^exponant using the fastest
--   algorithm without any consideration for hiding parameters.
--   
--   Use this function when all the parameters are public, otherwise
--   <a>expSafe</a> should be prefered.
expFast :: Integer -> Integer -> Integer -> Integer

-- | inverse computes the modular inverse as in g^(-1) mod m
inverse :: Integer -> Integer -> Maybe Integer

-- | Compute the modular inverse of 2 coprime numbers. This is equivalent
--   to inverse except that the result is known to exists.
--   
--   if the numbers are not defined as coprime, this function will raise a
--   CoprimesAssertionError.
inverseCoprimes :: Integer -> Integer -> Integer
instance GHC.Show.Show Crypto.Number.ModArithmetic.CoprimesAssertionError
instance GHC.Exception.Exception Crypto.Number.ModArithmetic.CoprimesAssertionError


-- | fast serialization primitives for integer using raw pointers
module Crypto.Number.Serialize.Internal

-- | fill a pointer with the big endian binary representation of an integer
--   
--   if the room available @ptrSz is less than the number of bytes needed,
--   0 is returned. Likewise if a parameter is invalid, 0 is returned.
--   
--   returns the number of bytes written
i2osp :: Integer -> Ptr Word8 -> Int -> IO Int

-- | Similar to <a>i2osp</a>, except it will pad any remaining space with
--   zero.
i2ospOf :: Integer -> Ptr Word8 -> Int -> IO Int

-- | transform a big endian binary integer representation pointed by a
--   pointer and a size into an integer
os2ip :: Ptr Word8 -> Int -> IO Integer


-- | Various cryptographic padding commonly used for block ciphers or
--   assymetric systems.
module Crypto.Data.Padding

-- | Format of padding
data Format

-- | PKCS5: PKCS7 with hardcoded size of 8
PKCS5 :: Format

-- | PKCS7 with padding size between 1 and 255
PKCS7 :: Int -> Format

-- | Apply some pad to a bytearray
pad :: ByteArray byteArray => Format -> byteArray -> byteArray

-- | Try to remove some padding from a bytearray.
unpad :: ByteArray byteArray => Format -> byteArray -> Maybe byteArray
instance GHC.Classes.Eq Crypto.Data.Padding.Format
instance GHC.Show.Show Crypto.Data.Padding.Format


-- | fast serialization primitives for integer
module Crypto.Number.Serialize

-- | i2osp converts a positive integer into a byte string
--   
--   first byte is MSB (most significant byte), last byte is the LSB (least
--   significant byte)
i2osp :: ByteArray ba => Integer -> ba

-- | os2ip converts a byte string into a positive integer
os2ip :: ByteArrayAccess ba => ba -> Integer

-- | just like i2osp, but take an extra parameter for size. if the number
--   is too big to fit in <tt>len</tt> bytes, <a>Nothing</a> is returned
--   otherwise the number is padded with 0 to fit the <tt>len</tt>
--   required.
i2ospOf :: ByteArray ba => Int -> Integer -> Maybe ba

-- | just like i2ospOf except that it doesn't expect a failure: i.e. an
--   integer larger than the number of output bytes requested
--   
--   for example if you just took a modulo of the number that represent the
--   size (example the RSA modulo n).
i2ospOf_ :: ByteArray ba => Int -> Integer -> ba


module Crypto.Random.Entropy

-- | Get some entropy from the system source of entropy
getEntropy :: ByteArray byteArray => Int -> IO byteArray


module Crypto.Random.EntropyPool

-- | Pool of Entropy. contains a self mutating pool of entropy, that is
--   always guarantee to contains data.
data EntropyPool

-- | Create a new entropy pool with a default size.
--   
--   While you can create as many entropy pool as you want, the pool can be
--   shared between multiples RNGs.
createEntropyPool :: IO EntropyPool

-- | Create a new entropy pool of a specific size
--   
--   While you can create as many entropy pool as you want, the pool can be
--   shared between multiples RNGs.
createEntropyPoolWith :: Int -> [EntropyBackend] -> IO EntropyPool

-- | Grab a chunk of entropy from the entropy pool.
getEntropyFrom :: ByteArray byteArray => EntropyPool -> Int -> IO byteArray


module Crypto.Cipher.ChaCha

-- | Initialize a new ChaCha context with the number of rounds, the key and
--   the nonce associated.
initialize :: (ByteArrayAccess key, ByteArrayAccess nonce) => Int -> key -> nonce -> State

-- | Combine the chacha output and an arbitrary message with a xor, and
--   return the combined output and the new state.
combine :: ByteArray ba => State -> ba -> (ba, State)

-- | Generate a number of bytes from the ChaCha output directly
generate :: ByteArray ba => State -> Int -> (ba, State)

-- | ChaCha context
data State

-- | Initialize simple ChaCha State
initializeSimple :: ByteArray seed => seed -> StateSimple

-- | similar to <a>generate</a> but assume certains values
generateSimple :: ByteArray ba => StateSimple -> Int -> (ba, StateSimple)

-- | ChaCha context for DRG purpose (see Crypto.Random.ChaChaDRG)
data StateSimple
instance Control.DeepSeq.NFData Crypto.Cipher.ChaCha.StateSimple
instance Control.DeepSeq.NFData Crypto.Cipher.ChaCha.State


-- | Simple implementation of the RC4 stream cipher.
--   <a>http://en.wikipedia.org/wiki/RC4</a>
--   
--   Initial FFI implementation by Peter White <a>peter@janrain.com</a>
--   
--   Reorganized and simplified to have an opaque context.
module Crypto.Cipher.RC4

-- | RC4 context initialization.
--   
--   seed the context with an initial key. the key size need to be adequate
--   otherwise security takes a hit.
initialize :: ByteArrayAccess key => key -> State

-- | RC4 xor combination of the rc4 stream with an input
combine :: ByteArray ba => State -> ba -> (State, ba)

-- | generate the next len bytes of the rc4 stream without combining it to
--   anything.
generate :: ByteArray ba => State -> Int -> (State, ba)

-- | The encryption state for RC4
data State
instance Control.DeepSeq.NFData Crypto.Cipher.RC4.State
instance Data.ByteArray.Types.ByteArrayAccess Crypto.Cipher.RC4.State


module Crypto.Cipher.Salsa

-- | Initialize a new Salsa context with the number of rounds, the key and
--   the nonce associated.
initialize :: (ByteArrayAccess key, ByteArrayAccess nonce) => Int -> key -> nonce -> State

-- | Combine the salsa output and an arbitrary message with a xor, and
--   return the combined output and the new state.
combine :: ByteArray ba => State -> ba -> (ba, State)

-- | Generate a number of bytes from the Salsa output directly
generate :: ByteArray ba => State -> Int -> (ba, State)

-- | Salsa context
data State
instance Control.DeepSeq.NFData Crypto.Cipher.Salsa.State


module Crypto.Random.Types

-- | A monad constraint that allows to generate random bytes
class (Functor m, Monad m) => MonadRandom m
getRandomBytes :: (MonadRandom m, ByteArray byteArray) => Int -> m byteArray

-- | A simple Monad class very similar to a State Monad with the state
--   being a DRG.
data MonadPseudoRandom gen a

-- | A Deterministic Random Generator (DRG) class
class DRG gen

-- | Generate N bytes of randomness from a DRG
randomBytesGenerate :: (DRG gen, ByteArray byteArray) => Int -> gen -> (byteArray, gen)

-- | Run a pure computation with a Deterministic Random Generator in the
--   <a>MonadPseudoRandom</a>
withDRG :: DRG gen => gen -> MonadPseudoRandom gen a -> (a, gen)
instance Crypto.Random.Types.MonadRandom GHC.Types.IO
instance Crypto.Random.Types.DRG gen => GHC.Base.Functor (Crypto.Random.Types.MonadPseudoRandom gen)
instance Crypto.Random.Types.DRG gen => GHC.Base.Applicative (Crypto.Random.Types.MonadPseudoRandom gen)
instance Crypto.Random.Types.DRG gen => GHC.Base.Monad (Crypto.Random.Types.MonadPseudoRandom gen)
instance Crypto.Random.Types.DRG gen => Crypto.Random.Types.MonadRandom (Crypto.Random.Types.MonadPseudoRandom gen)


-- | This module provides basic arithmetic operations over F₂m. Performance
--   is not optimal and it doesn't provide protection against timing
--   attacks. The <tt>m</tt> parameter is implicitly derived from the
--   irreducible polynomial where applicable.
module Crypto.Number.F2m

-- | Binary Polynomial represented by an integer
type BinaryPolynomial = Integer

-- | Addition over F₂m. This is just a synonym of <a>xor</a>.
addF2m :: Integer -> Integer -> Integer

-- | Multiplication over F₂m.
--   
--   n1 * n2 (in F(2^m))
mulF2m :: BinaryPolynomial -> Integer -> Integer -> Integer

-- | Squaring over F₂m. TODO: This is still slower than <tt>mulF2m</tt>.
squareF2m :: BinaryPolynomial -> Integer -> Integer

-- | Binary polynomial reduction modulo using long division algorithm.
modF2m :: BinaryPolynomial -> Integer -> Integer

-- | Inversion of @n over F₂m using extended Euclidean algorithm.
--   
--   If @n doesn't have an inverse, Nothing is returned.
invF2m :: BinaryPolynomial -> Integer -> Maybe Integer

-- | Division over F₂m. If the dividend doesn't have an inverse it returns
--   <a>Nothing</a>.
--   
--   Compute n1 / n2
divF2m :: BinaryPolynomial -> Integer -> Integer -> Maybe Integer


module Crypto.Number.Generate

-- | Top bits policy when generating a number
data GenTopPolicy

-- | set the highest bit
SetHighest :: GenTopPolicy

-- | set the two highest bit
SetTwoHighest :: GenTopPolicy

-- | Generate a number for a specific size of bits, and optionaly set
--   bottom and top bits
--   
--   If the top bit policy is <a>Nothing</a>, then nothing is done on the
--   highest bit (it's whatever the random generator set).
--   
--   If @generateOdd is set to <a>True</a>, then the number generated is
--   guaranteed to be odd. Otherwise it will be whatever is generated
generateParams :: MonadRandom m => Int -> Maybe GenTopPolicy -> Bool -> m Integer

-- | Generate a positive integer x, s.t. 0 &lt;= x &lt; range
generateMax :: MonadRandom m => Integer -> m Integer

-- | generate a number between the inclusive bound [low,high].
generateBetween :: MonadRandom m => Integer -> Integer -> m Integer
instance GHC.Classes.Eq Crypto.Number.Generate.GenTopPolicy
instance GHC.Show.Show Crypto.Number.Generate.GenTopPolicy


-- | Generalized impure cryptographic hash interface
module Crypto.Hash.IO

-- | Class representing hashing algorithms.
--   
--   The interface presented here is update in place and lowlevel. the Hash
--   module takes care of hidding the mutable interface properly.
class HashAlgorithm a

-- | Get the block size of a hash algorithm
hashBlockSize :: HashAlgorithm a => a -> Int

-- | Get the digest size of a hash algorithm
hashDigestSize :: HashAlgorithm a => a -> Int

-- | Get the size of the context used for a hash algorithm
hashInternalContextSize :: HashAlgorithm a => a -> Int

-- | Initialize a context pointer to the initial state of a hash algorithm
hashInternalInit :: HashAlgorithm a => Ptr (Context a) -> IO ()

-- | Update the context with some raw data
hashInternalUpdate :: HashAlgorithm a => Ptr (Context a) -> Ptr Word8 -> Word32 -> IO ()

-- | Finalize the context and set the digest raw memory to the right value
hashInternalFinalize :: HashAlgorithm a => Ptr (Context a) -> Ptr (Digest a) -> IO ()

-- | A Mutable hash context
data MutableContext a

-- | Create a new mutable hash context.
--   
--   the algorithm used is automatically determined from the return
--   constraint.
hashMutableInit :: HashAlgorithm alg => IO (MutableContext alg)

-- | Create a new mutable hash context.
--   
--   The algorithm is explicitely passed as parameter
hashMutableInitWith :: HashAlgorithm alg => alg -> IO (MutableContext alg)

-- | Update a mutable hash context in place
hashMutableUpdate :: (ByteArrayAccess ba, HashAlgorithm a) => MutableContext a -> ba -> IO ()

-- | Finalize a mutable hash context and compute a digest
hashMutableFinalize :: HashAlgorithm a => MutableContext a -> IO (Digest a)

-- | Reset the mutable context to the initial state of the hash
hashMutableReset :: HashAlgorithm a => MutableContext a -> IO ()
instance Data.ByteArray.Types.ByteArrayAccess (Crypto.Hash.IO.MutableContext a)


-- | Definitions of known hash algorithms
module Crypto.Hash.Algorithms

-- | Class representing hashing algorithms.
--   
--   The interface presented here is update in place and lowlevel. the Hash
--   module takes care of hidding the mutable interface properly.
class HashAlgorithm a

-- | Blake2s (256 bits) cryptographic hash algorithm
data Blake2s_256
Blake2s_256 :: Blake2s_256

-- | Blake2sp (256 bits) cryptographic hash algorithm
data Blake2sp_256
Blake2sp_256 :: Blake2sp_256

-- | Blake2b (512 bits) cryptographic hash algorithm
data Blake2b_512
Blake2b_512 :: Blake2b_512

-- | Blake2bp (512 bits) cryptographic hash algorithm
data Blake2bp_512
Blake2bp_512 :: Blake2bp_512

-- | MD2 cryptographic hash algorithm
data MD2
MD2 :: MD2

-- | MD4 cryptographic hash algorithm
data MD4
MD4 :: MD4

-- | MD5 cryptographic hash algorithm
data MD5
MD5 :: MD5

-- | SHA1 cryptographic hash algorithm
data SHA1
SHA1 :: SHA1

-- | SHA224 cryptographic hash algorithm
data SHA224
SHA224 :: SHA224

-- | SHA256 cryptographic hash algorithm
data SHA256
SHA256 :: SHA256

-- | SHA384 cryptographic hash algorithm
data SHA384
SHA384 :: SHA384

-- | SHA512 cryptographic hash algorithm
data SHA512
SHA512 :: SHA512

-- | SHA512t (224 bits) cryptographic hash algorithm
data SHA512t_224
SHA512t_224 :: SHA512t_224

-- | SHA512t (256 bits) cryptographic hash algorithm
data SHA512t_256
SHA512t_256 :: SHA512t_256

-- | RIPEMD160 cryptographic hash algorithm
data RIPEMD160
RIPEMD160 :: RIPEMD160

-- | Tiger cryptographic hash algorithm
data Tiger
Tiger :: Tiger

-- | Keccak (224 bits) cryptographic hash algorithm
data Keccak_224
Keccak_224 :: Keccak_224

-- | Keccak (256 bits) cryptographic hash algorithm
data Keccak_256
Keccak_256 :: Keccak_256

-- | Keccak (384 bits) cryptographic hash algorithm
data Keccak_384
Keccak_384 :: Keccak_384

-- | Keccak (512 bits) cryptographic hash algorithm
data Keccak_512
Keccak_512 :: Keccak_512

-- | SHA3 (224 bits) cryptographic hash algorithm
data SHA3_224
SHA3_224 :: SHA3_224

-- | SHA3 (256 bits) cryptographic hash algorithm
data SHA3_256
SHA3_256 :: SHA3_256

-- | SHA3 (384 bits) cryptographic hash algorithm
data SHA3_384
SHA3_384 :: SHA3_384

-- | SHA3 (512 bits) cryptographic hash algorithm
data SHA3_512
SHA3_512 :: SHA3_512

-- | Skein256 (224 bits) cryptographic hash algorithm
data Skein256_224
Skein256_224 :: Skein256_224

-- | Skein256 (256 bits) cryptographic hash algorithm
data Skein256_256
Skein256_256 :: Skein256_256

-- | Skein512 (224 bits) cryptographic hash algorithm
data Skein512_224
Skein512_224 :: Skein512_224

-- | Skein512 (256 bits) cryptographic hash algorithm
data Skein512_256
Skein512_256 :: Skein512_256

-- | Skein512 (384 bits) cryptographic hash algorithm
data Skein512_384
Skein512_384 :: Skein512_384

-- | Skein512 (512 bits) cryptographic hash algorithm
data Skein512_512
Skein512_512 :: Skein512_512

-- | Whirlpool cryptographic hash algorithm
data Whirlpool
Whirlpool :: Whirlpool


-- | Generalized cryptographic hash interface, that you can use with
--   cryptographic hash algorithm that belong to the HashAlgorithm type
--   class.
--   
--   <pre>
--   import Crypto.Hash
--   
--   sha1 :: ByteString -&gt; Digest SHA1
--   sha1 = hash
--   
--   hexSha3_512 :: ByteString -&gt; String
--   hexSha3_512 bs = show (hash bs :: Digest SHA3_512)
--   </pre>
module Crypto.Hash

-- | Represent a context for a given hash algorithm.
data Context a

-- | Represent a digest for a given hash algorithm.
data Digest a

-- | Try to transform a bytearray into a Digest of specific algorithm.
--   
--   If the digest is not the right size for the algorithm specified, then
--   Nothing is returned.
digestFromByteString :: (HashAlgorithm a, ByteArrayAccess ba) => ba -> Maybe (Digest a)

-- | Initialize a new context for a specified hash algorithm
hashInitWith :: HashAlgorithm alg => alg -> Context alg

-- | Run the <a>hash</a> function but takes an explicit hash algorithm
--   parameter
hashWith :: (ByteArrayAccess ba, HashAlgorithm alg) => alg -> ba -> Digest alg

-- | Initialize a new context for this hash algorithm
hashInit :: HashAlgorithm a => Context a

-- | Update the context with a list of strict bytestring, and return a new
--   context with the updates.
hashUpdates :: (HashAlgorithm a, ByteArrayAccess ba) => Context a -> [ba] -> Context a

-- | run hashUpdates on one single bytestring and return the updated
--   context.
hashUpdate :: (ByteArrayAccess ba, HashAlgorithm a) => Context a -> ba -> Context a

-- | Finalize a context and return a digest.
hashFinalize :: HashAlgorithm a => Context a -> Digest a

-- | Hash a strict bytestring into a digest.
hash :: (ByteArrayAccess ba, HashAlgorithm a) => ba -> Digest a

-- | Hash a lazy bytestring into a digest.
hashlazy :: HashAlgorithm a => ByteString -> Digest a


-- | haskell implementation of the Anti-forensic information splitter
--   available in LUKS. <a>http://clemens.endorphin.org/AFsplitter</a>
--   
--   The algorithm bloats an arbitrary secret with many bits that are
--   necessary for the recovery of the key (merge), and allow greater way
--   to permanently destroy a key stored on disk.
module Crypto.Data.AFIS

-- | Split data to diffused data, using a random generator and an hash
--   algorithm.
--   
--   the diffused data will consist of random data for (expandTimes-1) then
--   the last block will be xor of the accumulated random data diffused by
--   the hash algorithm.
--   
--   <ul>
--   <li>---------</li>
--   <li>orig -</li>
--   <li>---------</li>
--   <li>--------- ---------- --------------</li>
--   <li>rand1 - - rand2 - - orig ^ acc -</li>
--   <li>--------- ---------- --------------</li>
--   </ul>
--   
--   where acc is : acc(n+1) = hash (n ++ rand(n)) ^ acc(n)
split :: (ByteArray ba, HashAlgorithm hash, DRG rng) => hash -> rng -> Int -> ba -> (ba, rng)

-- | Merge previously diffused data back to the original data.
merge :: (ByteArray ba, HashAlgorithm hash) => hash -> Int -> ba -> ba


-- | provide the HMAC (Hash based Message Authentification Code) base
--   algorithm. <a>http://en.wikipedia.org/wiki/HMAC</a>
module Crypto.MAC.HMAC

-- | compute a MAC using the supplied hashing function
hmac :: (ByteArrayAccess key, ByteArray message, HashAlgorithm a) => key -> message -> HMAC a

-- | Represent an HMAC that is a phantom type with the hash used to produce
--   the mac.
--   
--   The Eq instance is constant time.
newtype HMAC a
HMAC :: Digest a -> HMAC a
[hmacGetDigest] :: HMAC a -> Digest a

-- | Represent an ongoing HMAC state, that can be appended with
--   <a>update</a> and finalize to an HMAC with <tt>hmacFinalize</tt>
data Context hashalg
Context :: !(Context hashalg) -> !(Context hashalg) -> Context hashalg

-- | Initialize a new incremental HMAC context
initialize :: (ByteArrayAccess key, HashAlgorithm a) => key -> Context a

-- | Incrementally update a HMAC context
update :: (ByteArrayAccess message, HashAlgorithm a) => Context a -> message -> Context a

-- | Increamentally update a HMAC context with multiple inputs
updates :: (ByteArrayAccess message, HashAlgorithm a) => Context a -> [message] -> Context a

-- | Finalize a HMAC context and return the HMAC.
finalize :: HashAlgorithm a => Context a -> HMAC a
instance Data.ByteArray.Types.ByteArrayAccess (Crypto.MAC.HMAC.HMAC a)
instance GHC.Classes.Eq (Crypto.MAC.HMAC.HMAC a)


-- | Password Based Key Derivation Function 2
module Crypto.KDF.PBKDF2

-- | The PRF used for PBKDF2
type PRF password = password  the password parameters -> Bytes  the content -> Bytes  prf(password,content)

-- | PRF for PBKDF2 using HMAC with the hash algorithm as parameter
prfHMAC :: (HashAlgorithm a, ByteArrayAccess password) => a -> PRF password

-- | Parameters for PBKDF2
data Parameters
Parameters :: Int -> Int -> Parameters

-- | the number of user-defined iterations for the algorithms. e.g. WPA2
--   uses 4000.
[iterCounts] :: Parameters -> Int

-- | the number of bytes to generate out of PBKDF2
[outputLength] :: Parameters -> Int

-- | generate the pbkdf2 key derivation function from the output
generate :: (ByteArrayAccess password, ByteArrayAccess salt, ByteArray ba) => PRF password -> Parameters -> password -> salt -> ba


-- | Scrypt key derivation function as defined in Colin Percival's paper
--   "Stronger Key Derivation via Sequential Memory-Hard Functions"
--   <a>http://www.tarsnap.com/scrypt/scrypt.pdf</a>.
module Crypto.KDF.Scrypt

-- | Parameters for Scrypt
data Parameters
Parameters :: Word64 -> Int -> Int -> Int -> Parameters

-- | Cpu/Memory cost ratio. must be a power of 2 greater than 1. also known
--   as N.
[n] :: Parameters -> Word64

-- | Must satisfy r * p &lt; 2^30
[r] :: Parameters -> Int

-- | Must satisfy r * p &lt; 2^30
[p] :: Parameters -> Int

-- | the number of bytes to generate out of Scrypt
[outputLength] :: Parameters -> Int

-- | Generate the scrypt key derivation data
generate :: (ByteArrayAccess password, ByteArrayAccess salt, ByteArray output) => Parameters -> password -> salt -> output


module Crypto.PubKey.MaskGenFunction

-- | Represent a mask generation algorithm
type MaskGenAlgorithm seed output = seed  seed -> Int  length to generate -> output

-- | Mask generation algorithm MGF1
mgf1 :: (ByteArrayAccess seed, ByteArray output, HashAlgorithm hashAlg) => hashAlg -> seed -> Int -> output


-- | An implementation of the Digital Signature Algorithm (DSA)
module Crypto.PubKey.DSA

-- | Represent DSA parameters namely P, G, and Q.
data Params
Params :: Integer -> Integer -> Integer -> Params

-- | DSA p
[params_p] :: Params -> Integer

-- | DSA g
[params_g] :: Params -> Integer

-- | DSA q
[params_q] :: Params -> Integer

-- | Represent a DSA signature namely R and S.
data Signature
Signature :: Integer -> Integer -> Signature

-- | DSA r
[sign_r] :: Signature -> Integer

-- | DSA s
[sign_s] :: Signature -> Integer

-- | Represent a DSA public key.
data PublicKey
PublicKey :: Params -> PublicNumber -> PublicKey

-- | DSA parameters
[public_params] :: PublicKey -> Params

-- | DSA public Y
[public_y] :: PublicKey -> PublicNumber

-- | Represent a DSA private key.
--   
--   Only x need to be secret. the DSA parameters are publicly shared with
--   the other side.
data PrivateKey
PrivateKey :: Params -> PrivateNumber -> PrivateKey

-- | DSA parameters
[private_params] :: PrivateKey -> Params

-- | DSA private X
[private_x] :: PrivateKey -> PrivateNumber

-- | DSA Public Number, usually embedded in DSA Public Key
type PublicNumber = Integer

-- | DSA Private Number, usually embedded in DSA Private Key
type PrivateNumber = Integer

-- | generate a private number with no specific property this number is
--   usually called X in DSA text.
generatePrivate :: MonadRandom m => Params -> m PrivateNumber

-- | Calculate the public number from the parameters and the private key
calculatePublic :: Params -> PrivateNumber -> PublicNumber

-- | sign message using the private key.
sign :: (ByteArrayAccess msg, HashAlgorithm hash, MonadRandom m) => PrivateKey -> hash -> msg -> m Signature

-- | sign message using the private key and an explicit k number.
signWith :: (ByteArrayAccess msg, HashAlgorithm hash) => Integer -> PrivateKey -> hash -> msg -> Maybe Signature

-- | verify a bytestring using the public key.
verify :: (ByteArrayAccess msg, HashAlgorithm hash) => hash -> PublicKey -> Signature -> msg -> Bool

-- | Represent a DSA key pair
data KeyPair
KeyPair :: Params -> PublicNumber -> PrivateNumber -> KeyPair

-- | Public key of a DSA Key pair
toPublicKey :: KeyPair -> PublicKey

-- | Private key of a DSA Key pair
toPrivateKey :: KeyPair -> PrivateKey
instance Data.Data.Data Crypto.PubKey.DSA.KeyPair
instance GHC.Classes.Eq Crypto.PubKey.DSA.KeyPair
instance GHC.Read.Read Crypto.PubKey.DSA.KeyPair
instance GHC.Show.Show Crypto.PubKey.DSA.KeyPair
instance Data.Data.Data Crypto.PubKey.DSA.PrivateKey
instance GHC.Classes.Eq Crypto.PubKey.DSA.PrivateKey
instance GHC.Read.Read Crypto.PubKey.DSA.PrivateKey
instance GHC.Show.Show Crypto.PubKey.DSA.PrivateKey
instance Data.Data.Data Crypto.PubKey.DSA.PublicKey
instance GHC.Classes.Eq Crypto.PubKey.DSA.PublicKey
instance GHC.Read.Read Crypto.PubKey.DSA.PublicKey
instance GHC.Show.Show Crypto.PubKey.DSA.PublicKey
instance Data.Data.Data Crypto.PubKey.DSA.Signature
instance GHC.Classes.Eq Crypto.PubKey.DSA.Signature
instance GHC.Read.Read Crypto.PubKey.DSA.Signature
instance GHC.Show.Show Crypto.PubKey.DSA.Signature
instance Data.Data.Data Crypto.PubKey.DSA.Params
instance GHC.Classes.Eq Crypto.PubKey.DSA.Params
instance GHC.Read.Read Crypto.PubKey.DSA.Params
instance GHC.Show.Show Crypto.PubKey.DSA.Params
instance Control.DeepSeq.NFData Crypto.PubKey.DSA.Params
instance Control.DeepSeq.NFData Crypto.PubKey.DSA.Signature
instance Control.DeepSeq.NFData Crypto.PubKey.DSA.PublicKey
instance Control.DeepSeq.NFData Crypto.PubKey.DSA.PrivateKey
instance Control.DeepSeq.NFData Crypto.PubKey.DSA.KeyPair


-- | references: <a>https://tools.ietf.org/html/rfc5915</a>
module Crypto.PubKey.ECC.Types

-- | Define either a binary curve or a prime curve.
data Curve

-- | 𝔽(2^m)
CurveF2m :: CurveBinary -> Curve

-- | 𝔽p
CurveFP :: CurvePrime -> Curve

-- | Define a point on a curve.
data Point
Point :: Integer -> Integer -> Point

-- | Point at Infinity
PointO :: Point

-- | ECC Public Point
type PublicPoint = Point

-- | ECC Private Number
type PrivateNumber = Integer

-- | Define an elliptic curve in 𝔽(2^m). The firt parameter is the Integer
--   representatioin of the irreducible polynomial f(x).
data CurveBinary
CurveBinary :: Integer -> CurveCommon -> CurveBinary

-- | Define an elliptic curve in 𝔽p. The first parameter is the Prime
--   Number.
data CurvePrime
CurvePrime :: Integer -> CurveCommon -> CurvePrime

-- | Parameters in common between binary and prime curves.
common_curve :: Curve -> CurveCommon

-- | get the size of the curve in bits
curveSizeBits :: Curve -> Int

-- | Irreducible polynomial representing the characteristic of a
--   CurveBinary.
ecc_fx :: CurveBinary -> Integer

-- | Prime number representing the characteristic of a CurvePrime.
ecc_p :: CurvePrime -> Integer

-- | Define common parameters in a curve definition of the form: y^2 = x^3
--   + ax + b.
data CurveCommon
CurveCommon :: Integer -> Integer -> Point -> Integer -> Integer -> CurveCommon

-- | curve parameter a
[ecc_a] :: CurveCommon -> Integer

-- | curve parameter b
[ecc_b] :: CurveCommon -> Integer

-- | base point
[ecc_g] :: CurveCommon -> Point

-- | order of G
[ecc_n] :: CurveCommon -> Integer

-- | cofactor
[ecc_h] :: CurveCommon -> Integer

-- | Define names for known recommended curves.
data CurveName
SEC_p112r1 :: CurveName
SEC_p112r2 :: CurveName
SEC_p128r1 :: CurveName
SEC_p128r2 :: CurveName
SEC_p160k1 :: CurveName
SEC_p160r1 :: CurveName
SEC_p160r2 :: CurveName
SEC_p192k1 :: CurveName
SEC_p192r1 :: CurveName
SEC_p224k1 :: CurveName
SEC_p224r1 :: CurveName
SEC_p256k1 :: CurveName
SEC_p256r1 :: CurveName
SEC_p384r1 :: CurveName
SEC_p521r1 :: CurveName
SEC_t113r1 :: CurveName
SEC_t113r2 :: CurveName
SEC_t131r1 :: CurveName
SEC_t131r2 :: CurveName
SEC_t163k1 :: CurveName
SEC_t163r1 :: CurveName
SEC_t163r2 :: CurveName
SEC_t193r1 :: CurveName
SEC_t193r2 :: CurveName
SEC_t233k1 :: CurveName
SEC_t233r1 :: CurveName
SEC_t239k1 :: CurveName
SEC_t283k1 :: CurveName
SEC_t283r1 :: CurveName
SEC_t409k1 :: CurveName
SEC_t409r1 :: CurveName
SEC_t571k1 :: CurveName
SEC_t571r1 :: CurveName

-- | Get the curve definition associated with a recommended known curve
--   name.
getCurveByName :: CurveName -> Curve
instance Data.Data.Data Crypto.PubKey.ECC.Types.CurveName
instance GHC.Enum.Enum Crypto.PubKey.ECC.Types.CurveName
instance GHC.Classes.Ord Crypto.PubKey.ECC.Types.CurveName
instance GHC.Classes.Eq Crypto.PubKey.ECC.Types.CurveName
instance GHC.Read.Read Crypto.PubKey.ECC.Types.CurveName
instance GHC.Show.Show Crypto.PubKey.ECC.Types.CurveName
instance Data.Data.Data Crypto.PubKey.ECC.Types.Curve
instance GHC.Classes.Eq Crypto.PubKey.ECC.Types.Curve
instance GHC.Read.Read Crypto.PubKey.ECC.Types.Curve
instance GHC.Show.Show Crypto.PubKey.ECC.Types.Curve
instance Data.Data.Data Crypto.PubKey.ECC.Types.CurveBinary
instance GHC.Classes.Eq Crypto.PubKey.ECC.Types.CurveBinary
instance GHC.Read.Read Crypto.PubKey.ECC.Types.CurveBinary
instance GHC.Show.Show Crypto.PubKey.ECC.Types.CurveBinary
instance Data.Data.Data Crypto.PubKey.ECC.Types.CurvePrime
instance GHC.Classes.Eq Crypto.PubKey.ECC.Types.CurvePrime
instance GHC.Read.Read Crypto.PubKey.ECC.Types.CurvePrime
instance GHC.Show.Show Crypto.PubKey.ECC.Types.CurvePrime
instance Data.Data.Data Crypto.PubKey.ECC.Types.CurveCommon
instance GHC.Classes.Eq Crypto.PubKey.ECC.Types.CurveCommon
instance GHC.Read.Read Crypto.PubKey.ECC.Types.CurveCommon
instance GHC.Show.Show Crypto.PubKey.ECC.Types.CurveCommon
instance Data.Data.Data Crypto.PubKey.ECC.Types.Point
instance GHC.Classes.Eq Crypto.PubKey.ECC.Types.Point
instance GHC.Read.Read Crypto.PubKey.ECC.Types.Point
instance GHC.Show.Show Crypto.PubKey.ECC.Types.Point
instance Control.DeepSeq.NFData Crypto.PubKey.ECC.Types.Point
instance Control.DeepSeq.NFData Crypto.PubKey.ECC.Types.CurveBinary


module Crypto.PubKey.RSA.Types

-- | error possible during encryption, decryption or signing.
data Error

-- | the message to decrypt is not of the correct size (need to be ==
--   private_size)
MessageSizeIncorrect :: Error

-- | the message to encrypt is too long
MessageTooLong :: Error

-- | the message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg)
MessageNotRecognized :: Error

-- | the message's digest is too long
SignatureTooLong :: Error

-- | some parameters lead to breaking assumptions.
InvalidParameters :: Error

-- | Blinder which is used to obfuscate the timing of the decryption
--   primitive (used by decryption and signing).
data Blinder
Blinder :: !Integer -> !Integer -> Blinder

-- | Represent a RSA public key
data PublicKey
PublicKey :: Int -> Integer -> Integer -> PublicKey

-- | size of key in bytes
[public_size] :: PublicKey -> Int

-- | public p*q
[public_n] :: PublicKey -> Integer

-- | public exponant e
[public_e] :: PublicKey -> Integer

-- | Represent a RSA private key.
--   
--   Only the pub, d fields are mandatory to fill.
--   
--   p, q, dP, dQ, qinv are by-product during RSA generation, but are
--   useful to record here to speed up massively the decrypt and sign
--   operation.
--   
--   implementations can leave optional fields to 0.
data PrivateKey
PrivateKey :: PublicKey -> Integer -> Integer -> Integer -> Integer -> Integer -> Integer -> PrivateKey

-- | public part of a private key (size, n and e)
[private_pub] :: PrivateKey -> PublicKey

-- | private exponant d
[private_d] :: PrivateKey -> Integer

-- | p prime number
[private_p] :: PrivateKey -> Integer

-- | q prime number
[private_q] :: PrivateKey -> Integer

-- | d mod (p-1)
[private_dP] :: PrivateKey -> Integer

-- | d mod (q-1)
[private_dQ] :: PrivateKey -> Integer

-- | q^(-1) mod p
[private_qinv] :: PrivateKey -> Integer

-- | Represent RSA KeyPair
--   
--   note the RSA private key contains already an instance of public key
--   for efficiency
newtype KeyPair
KeyPair :: PrivateKey -> KeyPair

-- | Public key of a RSA KeyPair
toPublicKey :: KeyPair -> PublicKey

-- | Private key of a RSA KeyPair
toPrivateKey :: KeyPair -> PrivateKey

-- | get the size in bytes from a private key
private_size :: PrivateKey -> Int

-- | get n from a private key
private_n :: PrivateKey -> Integer

-- | get e from a private key
private_e :: PrivateKey -> Integer
instance Control.DeepSeq.NFData Crypto.PubKey.RSA.Types.KeyPair
instance Data.Data.Data Crypto.PubKey.RSA.Types.KeyPair
instance GHC.Classes.Eq Crypto.PubKey.RSA.Types.KeyPair
instance GHC.Read.Read Crypto.PubKey.RSA.Types.KeyPair
instance GHC.Show.Show Crypto.PubKey.RSA.Types.KeyPair
instance Data.Data.Data Crypto.PubKey.RSA.Types.PrivateKey
instance GHC.Classes.Eq Crypto.PubKey.RSA.Types.PrivateKey
instance GHC.Read.Read Crypto.PubKey.RSA.Types.PrivateKey
instance GHC.Show.Show Crypto.PubKey.RSA.Types.PrivateKey
instance Data.Data.Data Crypto.PubKey.RSA.Types.PublicKey
instance GHC.Classes.Eq Crypto.PubKey.RSA.Types.PublicKey
instance GHC.Read.Read Crypto.PubKey.RSA.Types.PublicKey
instance GHC.Show.Show Crypto.PubKey.RSA.Types.PublicKey
instance GHC.Classes.Eq Crypto.PubKey.RSA.Types.Error
instance GHC.Show.Show Crypto.PubKey.RSA.Types.Error
instance GHC.Classes.Eq Crypto.PubKey.RSA.Types.Blinder
instance GHC.Show.Show Crypto.PubKey.RSA.Types.Blinder
instance Control.DeepSeq.NFData Crypto.PubKey.RSA.Types.PublicKey
instance Control.DeepSeq.NFData Crypto.PubKey.RSA.Types.PrivateKey


module Crypto.PubKey.RSA.Prim

-- | Compute the RSA decrypt primitive. if the p and q numbers are
--   available, then dpFast is used otherwise, we use dpSlow which only
--   need d and n.
dp :: ByteArray ba => Maybe Blinder -> PrivateKey -> ba -> ba

-- | Compute the RSA encrypt primitive
ep :: ByteArray ba => PublicKey -> ba -> ba


module Crypto.Random

-- | ChaCha Deterministic Random Generator
data ChaChaDRG

-- | A referentially transparent System representation of the random
--   evaluated out of the system.
--   
--   Holding onto a specific DRG means that all the already evaluated bytes
--   will be consistently replayed.
--   
--   There's no need to reseed this DRG, as only pure entropy is
--   represented here.
data SystemDRG

-- | Grab one instance of the System DRG
getSystemDRG :: IO SystemDRG

-- | Create a new DRG from system entropy
drgNew :: MonadRandom randomly => randomly ChaChaDRG

-- | Create a new DRG from 5 Word64.
--   
--   This is a convenient interface to create deterministic interface for
--   quickcheck style testing.
--   
--   It can also be used in other contexts provided the input has been
--   properly randomly generated.
drgNewTest :: (Word64, Word64, Word64, Word64, Word64) -> ChaChaDRG

-- | Run a pure computation with a Deterministic Random Generator in the
--   <a>MonadPseudoRandom</a>
withDRG :: DRG gen => gen -> MonadPseudoRandom gen a -> (a, gen)

-- | Generate <tt>len random bytes and mapped the bytes to the function
--   </tt>f.
--   
--   This is equivalent to use Control.Arrow <a>first</a> with
--   <a>randomBytesGenerate</a>
withRandomBytes :: (ByteArray ba, DRG g) => g -> Int -> (ba -> a) -> (a, g)

-- | A Deterministic Random Generator (DRG) class
class DRG gen

-- | Generate N bytes of randomness from a DRG
randomBytesGenerate :: (DRG gen, ByteArray byteArray) => Int -> gen -> (byteArray, gen)

-- | A monad constraint that allows to generate random bytes
class (Functor m, Monad m) => MonadRandom m
getRandomBytes :: (MonadRandom m, ByteArray byteArray) => Int -> m byteArray

-- | A simple Monad class very similar to a State Monad with the state
--   being a DRG.
data MonadPseudoRandom gen a


module Crypto.Number.Prime

-- | generate a prime number of the required bitsize
generatePrime :: MonadRandom m => Int -> m Integer

-- | generate a prime number of the form 2p+1 where p is also prime. it is
--   also knowed as a Sophie Germaine prime or safe prime.
--   
--   The number of safe prime is significantly smaller to the number of
--   prime, as such it shouldn't be used if this number is supposed to be
--   kept safe.
generateSafePrime :: MonadRandom m => Int -> m Integer

-- | returns if the number is probably prime. first a list of small primes
--   are implicitely tested for divisibility, then a fermat primality test
--   is used with arbitrary numbers and then the Miller Rabin algorithm is
--   used with an accuracy of 30 recursions
isProbablyPrime :: Integer -> Bool

-- | find a prime from a starting point with no specific property.
findPrimeFrom :: Integer -> Integer

-- | find a prime from a starting point where the property hold.
findPrimeFromWith :: (Integer -> Bool) -> Integer -> Integer

-- | Miller Rabin algorithm return if the number is probably prime or
--   composite. the tries parameter is the number of recursion, that
--   determines the accuracy of the test.
primalityTestMillerRabin :: Int -> Integer -> Bool

-- | Test naively is integer is prime. while naive, we skip even number and
--   stop iteration at i &gt; sqrt(n)
primalityTestNaive :: Integer -> Bool

-- | Probabilitic Test using Fermat primility test. Beware of Carmichael
--   numbers that are Fermat liars, i.e. this test is useless for them.
--   always combines with some other test.
primalityTestFermat :: Int -> Integer -> Integer -> Bool

-- | Test is two integer are coprime to each other
isCoprime :: Integer -> Integer -> Bool


module Crypto.PubKey.DH

-- | Represent Diffie Hellman parameters namely P (prime), and G
--   (generator).
data Params
Params :: Integer -> Integer -> Params
[params_p] :: Params -> Integer
[params_g] :: Params -> Integer

-- | Represent Diffie Hellman public number Y.
newtype PublicNumber
PublicNumber :: Integer -> PublicNumber

-- | Represent Diffie Hellman private number X.
newtype PrivateNumber
PrivateNumber :: Integer -> PrivateNumber

-- | Represent Diffie Hellman shared secret.
newtype SharedKey
SharedKey :: Integer -> SharedKey

-- | generate params from a specific generator (2 or 5 are common values)
--   we generate a safe prime (a prime number of the form 2p+1 where p is
--   also prime)
generateParams :: MonadRandom m => Int -> Integer -> m Params

-- | generate a private number with no specific property this number is
--   usually called X in DH text.
generatePrivate :: MonadRandom m => Params -> m PrivateNumber

-- | calculate the public number from the parameters and the private key
--   this number is usually called Y in DH text.
calculatePublic :: Params -> PrivateNumber -> PublicNumber

-- | calculate the public number from the parameters and the private key
--   this number is usually called Y in DH text.
--   
--   DEPRECATED use calculatePublic
generatePublic :: Params -> PrivateNumber -> PublicNumber

-- | generate a shared key using our private number and the other party
--   public number
getShared :: Params -> PrivateNumber -> PublicNumber -> SharedKey
instance GHC.Classes.Ord Crypto.PubKey.DH.SharedKey
instance GHC.Num.Num Crypto.PubKey.DH.SharedKey
instance GHC.Real.Real Crypto.PubKey.DH.SharedKey
instance GHC.Enum.Enum Crypto.PubKey.DH.SharedKey
instance GHC.Classes.Eq Crypto.PubKey.DH.SharedKey
instance GHC.Read.Read Crypto.PubKey.DH.SharedKey
instance GHC.Show.Show Crypto.PubKey.DH.SharedKey
instance GHC.Classes.Ord Crypto.PubKey.DH.PrivateNumber
instance GHC.Num.Num Crypto.PubKey.DH.PrivateNumber
instance GHC.Real.Real Crypto.PubKey.DH.PrivateNumber
instance GHC.Enum.Enum Crypto.PubKey.DH.PrivateNumber
instance GHC.Classes.Eq Crypto.PubKey.DH.PrivateNumber
instance GHC.Read.Read Crypto.PubKey.DH.PrivateNumber
instance GHC.Show.Show Crypto.PubKey.DH.PrivateNumber
instance GHC.Classes.Ord Crypto.PubKey.DH.PublicNumber
instance GHC.Num.Num Crypto.PubKey.DH.PublicNumber
instance GHC.Real.Real Crypto.PubKey.DH.PublicNumber
instance GHC.Enum.Enum Crypto.PubKey.DH.PublicNumber
instance GHC.Classes.Eq Crypto.PubKey.DH.PublicNumber
instance GHC.Read.Read Crypto.PubKey.DH.PublicNumber
instance GHC.Show.Show Crypto.PubKey.DH.PublicNumber
instance Data.Data.Data Crypto.PubKey.DH.Params
instance GHC.Classes.Eq Crypto.PubKey.DH.Params
instance GHC.Read.Read Crypto.PubKey.DH.Params
instance GHC.Show.Show Crypto.PubKey.DH.Params


module Crypto.PubKey.RSA

-- | error possible during encryption, decryption or signing.
data Error

-- | the message to decrypt is not of the correct size (need to be ==
--   private_size)
MessageSizeIncorrect :: Error

-- | the message to encrypt is too long
MessageTooLong :: Error

-- | the message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg)
MessageNotRecognized :: Error

-- | the message's digest is too long
SignatureTooLong :: Error

-- | some parameters lead to breaking assumptions.
InvalidParameters :: Error

-- | Represent a RSA public key
data PublicKey
PublicKey :: Int -> Integer -> Integer -> PublicKey

-- | size of key in bytes
[public_size] :: PublicKey -> Int

-- | public p*q
[public_n] :: PublicKey -> Integer

-- | public exponant e
[public_e] :: PublicKey -> Integer

-- | Represent a RSA private key.
--   
--   Only the pub, d fields are mandatory to fill.
--   
--   p, q, dP, dQ, qinv are by-product during RSA generation, but are
--   useful to record here to speed up massively the decrypt and sign
--   operation.
--   
--   implementations can leave optional fields to 0.
data PrivateKey
PrivateKey :: PublicKey -> Integer -> Integer -> Integer -> Integer -> Integer -> Integer -> PrivateKey

-- | public part of a private key (size, n and e)
[private_pub] :: PrivateKey -> PublicKey

-- | private exponant d
[private_d] :: PrivateKey -> Integer

-- | p prime number
[private_p] :: PrivateKey -> Integer

-- | q prime number
[private_q] :: PrivateKey -> Integer

-- | d mod (p-1)
[private_dP] :: PrivateKey -> Integer

-- | d mod (q-1)
[private_dQ] :: PrivateKey -> Integer

-- | q^(-1) mod p
[private_qinv] :: PrivateKey -> Integer

-- | Blinder which is used to obfuscate the timing of the decryption
--   primitive (used by decryption and signing).
data Blinder
Blinder :: !Integer -> !Integer -> Blinder

-- | Generate a key pair given p and q.
--   
--   p and q need to be distinct prime numbers.
--   
--   e need to be coprime to phi=(p-1)*(q-1). If that's not the case, the
--   function will not return a key pair. A small hamming weight results in
--   better performance.
--   
--   <ul>
--   <li>e=0x10001 is a popular choice</li>
--   <li>e=3 is popular as well, but proven to not be as secure for some
--   cases.</li>
--   </ul>
generateWith :: (Integer, Integer) -> Int -> Integer -> Maybe (PublicKey, PrivateKey)

-- | generate a pair of (private, public) key of size in bytes.
generate :: MonadRandom m => Int -> Integer -> m (PublicKey, PrivateKey)

-- | Generate a blinder to use with decryption and signing operation
--   
--   the unique parameter apart from the random number generator is the
--   public key value N.
generateBlinder :: MonadRandom m => Integer -> m Blinder


module Crypto.PubKey.RSA.PKCS15

-- | This produce a standard PKCS1.5 padding for encryption
pad :: (MonadRandom m, ByteArray message) => Int -> message -> m (Either Error message)

-- | Produce a standard PKCS1.5 padding for signature
padSignature :: ByteArray signature => Int -> signature -> Either Error signature

-- | Try to remove a standard PKCS1.5 encryption padding.
unpad :: ByteArray bytearray => bytearray -> Either Error bytearray

-- | decrypt message using the private key.
--   
--   When the decryption is not in a context where an attacker could gain
--   information from the timing of the operation, the blinder can be set
--   to None.
--   
--   If unsure always set a blinder or use decryptSafer
decrypt :: Maybe Blinder -> PrivateKey -> ByteString -> Either Error ByteString

-- | decrypt message using the private key and by automatically generating
--   a blinder.
decryptSafer :: MonadRandom m => PrivateKey -> ByteString -> m (Either Error ByteString)

-- | sign message using private key, a hash and its ASN1 description
--   
--   When the signature is not in a context where an attacker could gain
--   information from the timing of the operation, the blinder can be set
--   to None.
--   
--   If unsure always set a blinder or use signSafer
sign :: HashAlgorithmASN1 hashAlg => Maybe Blinder -> Maybe hashAlg -> PrivateKey -> ByteString -> Either Error ByteString

-- | sign message using the private key and by automatically generating a
--   blinder.
signSafer :: (HashAlgorithmASN1 hashAlg, MonadRandom m) => Maybe hashAlg -> PrivateKey -> ByteString -> m (Either Error ByteString)

-- | encrypt a bytestring using the public key.
--   
--   the message needs to be smaller than the key size - 11
encrypt :: MonadRandom m => PublicKey -> ByteString -> m (Either Error ByteString)

-- | verify message with the signed message
verify :: HashAlgorithmASN1 hashAlg => Maybe hashAlg -> PublicKey -> ByteString -> ByteString -> Bool

-- | A specialized class for hash algorithm that can product a ASN1 wrapped
--   description the algorithm plus the content of the digest.
class HashAlgorithm hashAlg => HashAlgorithmASN1 hashAlg
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.MD2.MD2
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.MD5.MD5
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.SHA1.SHA1
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.SHA224.SHA224
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.SHA256.SHA256
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.SHA384.SHA384
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.SHA512.SHA512
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.SHA512t.SHA512t_224
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.SHA512t.SHA512t_256
instance Crypto.PubKey.RSA.PKCS15.HashAlgorithmASN1 Crypto.Hash.RIPEMD160.RIPEMD160


module Crypto.PubKey.RSA.PSS

-- | Parameters for PSS signature/verification.
data PSSParams hash seed output
PSSParams :: hash -> MaskGenAlgorithm seed output -> Int -> Word8 -> PSSParams hash seed output

-- | Hash function to use
[pssHash] :: PSSParams hash seed output -> hash

-- | Mask Gen algorithm to use
[pssMaskGenAlg] :: PSSParams hash seed output -> MaskGenAlgorithm seed output

-- | Length of salt. need to be &lt;= to hLen.
[pssSaltLength] :: PSSParams hash seed output -> Int

-- | Trailer field, usually 0xbc
[pssTrailerField] :: PSSParams hash seed output -> Word8

-- | Default Params with a specified hash function
defaultPSSParams :: (ByteArrayAccess seed, ByteArray output, HashAlgorithm hash) => hash -> PSSParams hash seed output

-- | Default Params using SHA1 algorithm.
defaultPSSParamsSHA1 :: PSSParams SHA1 ByteString ByteString

-- | Sign using the PSS parameters and the salt explicitely passed as
--   parameters.
--   
--   the function ignore SaltLength from the PSS Parameters
signWithSalt :: HashAlgorithm hash => ByteString -> Maybe Blinder -> PSSParams hash ByteString ByteString -> PrivateKey -> ByteString -> Either Error ByteString

-- | Sign using the PSS Parameters
sign :: (HashAlgorithm hash, MonadRandom m) => Maybe Blinder -> PSSParams hash ByteString ByteString -> PrivateKey -> ByteString -> m (Either Error ByteString)

-- | Sign using the PSS Parameters and an automatically generated blinder.
signSafer :: (HashAlgorithm hash, MonadRandom m) => PSSParams hash ByteString ByteString -> PrivateKey -> ByteString -> m (Either Error ByteString)

-- | Verify a signature using the PSS Parameters
verify :: HashAlgorithm hash => PSSParams hash ByteString ByteString -> PublicKey -> ByteString -> ByteString -> Bool


-- | RSA OAEP mode
--   <a>http://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding</a>
module Crypto.PubKey.RSA.OAEP

-- | Parameters for OAEP encryption/decryption
data OAEPParams hash seed output
OAEPParams :: hash -> MaskGenAlgorithm seed output -> Maybe ByteString -> OAEPParams hash seed output

-- | Hash function to use.
[oaepHash] :: OAEPParams hash seed output -> hash

-- | Mask Gen algorithm to use.
[oaepMaskGenAlg] :: OAEPParams hash seed output -> MaskGenAlgorithm seed output

-- | Optional label prepended to message.
[oaepLabel] :: OAEPParams hash seed output -> Maybe ByteString

-- | Default Params with a specified hash function
defaultOAEPParams :: (ByteArrayAccess seed, ByteArray output, HashAlgorithm hash) => hash -> OAEPParams hash seed output

-- | Encrypt a message using OAEP with a predefined seed.
encryptWithSeed :: HashAlgorithm hash => ByteString -> OAEPParams hash ByteString ByteString -> PublicKey -> ByteString -> Either Error ByteString

-- | Encrypt a message using OAEP
encrypt :: (HashAlgorithm hash, MonadRandom m) => OAEPParams hash ByteString ByteString -> PublicKey -> ByteString -> m (Either Error ByteString)

-- | Decrypt a ciphertext using OAEP
--   
--   When the signature is not in a context where an attacker could gain
--   information from the timing of the operation, the blinder can be set
--   to None.
--   
--   If unsure always set a blinder or use decryptSafer
decrypt :: HashAlgorithm hash => Maybe Blinder -> OAEPParams hash ByteString ByteString -> PrivateKey -> ByteString -> Either Error ByteString

-- | Decrypt a ciphertext using OAEP and by automatically generating a
--   blinder.
decryptSafer :: (HashAlgorithm hash, MonadRandom m) => OAEPParams hash ByteString ByteString -> PrivateKey -> ByteString -> m (Either Error ByteString)


-- | Elliptic Curve Arithmetic.
--   
--   <i>WARNING:</i> These functions are vulnerable to timing attacks.
module Crypto.PubKey.ECC.Prim

-- | Generate a valid scalar for a specific Curve
scalarGenerate :: MonadRandom randomly => Curve -> randomly PrivateNumber

-- | Elliptic Curve point addition.
--   
--   <i>WARNING:</i> Vulnerable to timing attacks.
pointAdd :: Curve -> Point -> Point -> Point

-- | Elliptic Curve point doubling.
--   
--   <i>WARNING:</i> Vulnerable to timing attacks.
--   
--   This perform the following calculation: &gt; lambda = (3 * xp ^ 2 + a)
--   / 2 yp &gt; xr = lambda ^ 2 - 2 xp &gt; yr = lambda (xp - xr) - yp
--   
--   With binary curve: &gt; xp == 0 =&gt; P = O &gt; otherwise =&gt; &gt;
--   s = xp + (yp / xp) &gt; xr = s ^ 2 + s + a &gt; yr = xp ^ 2 + (s+1) *
--   xr
pointDouble :: Curve -> Point -> Point

-- | Elliptic curve point multiplication using the base
--   
--   <i>WARNING:</i> Vulnerable to timing attacks.
pointBaseMul :: Curve -> Integer -> Point

-- | Elliptic curve point multiplication (double and add algorithm).
--   
--   <i>WARNING:</i> Vulnerable to timing attacks.
pointMul :: Curve -> Integer -> Point -> Point

-- | Check if a point is the point at infinity.
isPointAtInfinity :: Point -> Bool

-- | check if a point is on specific curve
--   
--   This perform three checks:
--   
--   <ul>
--   <li>x is not out of range</li>
--   <li>y is not out of range</li>
--   <li>the equation <tt>y^2 = x^3 + a*x + b (mod p)</tt> holds</li>
--   </ul>
isPointValid :: Curve -> Point -> Bool


-- | <i>WARNING:</i> Signature operations may leak the private key.
--   Signature verification should be safe.
module Crypto.PubKey.ECC.ECDSA

-- | Represent a ECDSA signature namely R and S.
data Signature
Signature :: Integer -> Integer -> Signature

-- | ECDSA r
[sign_r] :: Signature -> Integer

-- | ECDSA s
[sign_s] :: Signature -> Integer

-- | ECC Public Point
type PublicPoint = Point

-- | ECDSA Public Key.
data PublicKey
PublicKey :: Curve -> PublicPoint -> PublicKey
[public_curve] :: PublicKey -> Curve
[public_q] :: PublicKey -> PublicPoint

-- | ECC Private Number
type PrivateNumber = Integer

-- | ECDSA Private Key.
data PrivateKey
PrivateKey :: Curve -> PrivateNumber -> PrivateKey
[private_curve] :: PrivateKey -> Curve
[private_d] :: PrivateKey -> PrivateNumber

-- | ECDSA Key Pair.
data KeyPair
KeyPair :: Curve -> PublicPoint -> PrivateNumber -> KeyPair

-- | Public key of a ECDSA Key pair.
toPublicKey :: KeyPair -> PublicKey

-- | Private key of a ECDSA Key pair.
toPrivateKey :: KeyPair -> PrivateKey

-- | Sign message using the private key and an explicit k number.
--   
--   <i>WARNING:</i> Vulnerable to timing attacks.
signWith :: (ByteArrayAccess msg, HashAlgorithm hash) => Integer -> PrivateKey -> hash -> msg -> Maybe Signature

-- | Sign message using the private key.
--   
--   <i>WARNING:</i> Vulnerable to timing attacks.
sign :: (ByteArrayAccess msg, HashAlgorithm hash, MonadRandom m) => PrivateKey -> hash -> msg -> m Signature

-- | Verify a bytestring using the public key.
verify :: (ByteArrayAccess msg, HashAlgorithm hash) => hash -> PublicKey -> Signature -> msg -> Bool
instance Data.Data.Data Crypto.PubKey.ECC.ECDSA.KeyPair
instance GHC.Classes.Eq Crypto.PubKey.ECC.ECDSA.KeyPair
instance GHC.Read.Read Crypto.PubKey.ECC.ECDSA.KeyPair
instance GHC.Show.Show Crypto.PubKey.ECC.ECDSA.KeyPair
instance Data.Data.Data Crypto.PubKey.ECC.ECDSA.PublicKey
instance GHC.Classes.Eq Crypto.PubKey.ECC.ECDSA.PublicKey
instance GHC.Read.Read Crypto.PubKey.ECC.ECDSA.PublicKey
instance GHC.Show.Show Crypto.PubKey.ECC.ECDSA.PublicKey
instance Data.Data.Data Crypto.PubKey.ECC.ECDSA.PrivateKey
instance GHC.Classes.Eq Crypto.PubKey.ECC.ECDSA.PrivateKey
instance GHC.Read.Read Crypto.PubKey.ECC.ECDSA.PrivateKey
instance GHC.Show.Show Crypto.PubKey.ECC.ECDSA.PrivateKey
instance Data.Data.Data Crypto.PubKey.ECC.ECDSA.Signature
instance GHC.Classes.Eq Crypto.PubKey.ECC.ECDSA.Signature
instance GHC.Read.Read Crypto.PubKey.ECC.ECDSA.Signature
instance GHC.Show.Show Crypto.PubKey.ECC.ECDSA.Signature


-- | Signature generation.
module Crypto.PubKey.ECC.Generate

-- | Generate Q given d.
--   
--   <i>WARNING:</i> Vulnerable to timing attacks.
generateQ :: Curve -> Integer -> Point

-- | Generate a pair of (private, public) key.
--   
--   <i>WARNING:</i> Vulnerable to timing attacks.
generate :: MonadRandom m => Curve -> m (PublicKey, PrivateKey)


-- | Elliptic curve Diffie Hellman
module Crypto.PubKey.ECC.DH

-- | Define either a binary curve or a prime curve.
data Curve

-- | ECC Public Point
type PublicPoint = Point

-- | ECC Private Number
type PrivateNumber = Integer

-- | Represent Diffie Hellman shared secret.
newtype SharedKey
SharedKey :: Integer -> SharedKey

-- | Generating a private number d.
generatePrivate :: MonadRandom m => Curve -> m PrivateNumber

-- | Generating a public point Q.
calculatePublic :: Curve -> PrivateNumber -> PublicPoint

-- | Generating a shared key using our private number and the other party
--   public point.
getShared :: Curve -> PrivateNumber -> PublicPoint -> SharedKey


module Crypto.Error

-- | Enumeration of all possible errors that can be found in this library
data CryptoError
CryptoError_KeySizeInvalid :: CryptoError
CryptoError_IvSizeInvalid :: CryptoError
CryptoError_AEADModeNotSupported :: CryptoError
CryptoError_SecretKeySizeInvalid :: CryptoError
CryptoError_SecretKeyStructureInvalid :: CryptoError
CryptoError_PublicKeySizeInvalid :: CryptoError
CryptoError_SharedSecretSizeInvalid :: CryptoError
CryptoError_MacKeyInvalid :: CryptoError
CryptoError_AuthenticationTagSizeInvalid :: CryptoError

-- | A simple Either like type to represent a computation that can fail
--   
--   2 possibles values are:
--   
--   <ul>
--   <li><a>CryptoPassed</a> : The computation succeeded, and contains the
--   result of the computation</li>
--   <li><a>CryptoFailed</a> : The computation failed, and contains the
--   cryptographic error associated</li>
--   </ul>
data CryptoFailable a
CryptoPassed :: a -> CryptoFailable a
CryptoFailed :: CryptoError -> CryptoFailable a

-- | Throw an CryptoError as exception on CryptoFailed result, otherwise
--   return the computed value
throwCryptoErrorIO :: CryptoFailable a -> IO a

-- | Same as <a>throwCryptoErrorIO</a> but throw the error asynchronously.
throwCryptoError :: CryptoFailable a -> a

-- | Simple <a>either</a> like combinator for CryptoFailable type
onCryptoFailure :: (CryptoError -> r) -> (a -> r) -> CryptoFailable a -> r

-- | Transform a CryptoFailable to an Either
eitherCryptoError :: CryptoFailable a -> Either CryptoError a

-- | Transform a CryptoFailable to a Maybe
maybeCryptoError :: CryptoFailable a -> Maybe a


-- | Password encoding and validation using bcrypt.
--   
--   Example usasge:
--   
--   <pre>
--   &gt;&gt;&gt; import Crypto.KDF.BCrypt (hashPassword, validatePassword)
--   
--   &gt;&gt;&gt; import qualified Data.ByteString.Char8 as B
--   
--   &gt;&gt;&gt; 
--   
--   &gt;&gt;&gt; let bcryptHash = B.pack "$2a$10$MJJifxfaqQmbx1Mhsq3oq.YmMmfNhkyW4s/MS3K5rIMVfB7w0Q/OW"
--   
--   &gt;&gt;&gt; let password = B.pack "password"
--   
--   &gt;&gt;&gt; validatePassword password bcryptHash
--   
--   &gt;&gt;&gt; True
--   
--   &gt;&gt;&gt; let otherPassword = B.pack "otherpassword"
--   
--   &gt;&gt;&gt; otherHash &lt;- hashPassword 12 otherPasssword :: IO B.ByteString
--   
--   &gt;&gt;&gt; validatePassword otherPassword otherHash
--   
--   &gt;&gt;&gt; True
--   </pre>
--   
--   See
--   <a>https://www.usenix.org/conference/1999-usenix-annual-technical-conference/future-adaptable-password-scheme</a>
--   for details of the original algorithm.
--   
--   The functions <tt>hashPassword</tt> and <tt>validatePassword</tt>
--   should be all that most users need.
--   
--   Hashes are strings of the form
--   <tt>$2a$10$MJJifxfaqQmbx1Mhsq3oq.YmMmfNhkyW4s<i>MS3K5rIMVfB7w0Q</i>OW</tt>
--   which encode a version number, an integer cost parameter and the
--   concatenated salt and hash bytes (each separately Base64 encoded.
--   Incrementing the cost parameter approximately doubles the time taken
--   to calculate the hash.
--   
--   The different version numbers have evolved because of bugs in the
--   standard C implementations. The most up to date version is <tt>2b</tt>
--   and this implementation the <tt>2b</tt> version prefix, but will also
--   attempt to validate against hashes with versions <tt>2a</tt> and
--   <tt>2y</tt>. Version <tt>2</tt> or <tt>2x</tt> will be rejected. No
--   attempt is made to differentiate between the different versions when
--   validating a password, but in practice this shouldn't cause any
--   problems if passwords are UTF-8 encoded (which they should be).
--   
--   The cost parameter can be between 4 and 31 inclusive, but anything
--   less than 10 is probably not strong enough. High values may be
--   prohibitively slow depending on your hardware. Choose the highest
--   value you can without having an unacceptable impact on your users. The
--   cost parameter can also be varied depending on the account, since it
--   is unique to an individual hash.
module Crypto.KDF.BCrypt

-- | Create a bcrypt hash for a password with a provided cost value.
--   Typically used to create a hash when a new user account is registered
--   or when a user changes their password.
--   
--   Each increment of the cost approximately doubles the time taken. The
--   16 bytes of random salt will be generated internally.
hashPassword :: (MonadRandom m, ByteArray password, ByteArray hash) => Int -> password -> m hash

-- | Check a password against a stored bcrypt hash when authenticating a
--   user.
--   
--   Returns <tt>False</tt> if the password doesn't match the hash, or if
--   the hash is invalid or an unsupported version.
validatePassword :: (ByteArray password, ByteArray hash) => password -> hash -> Bool

-- | Check a password against a bcrypt hash
--   
--   As for <tt>validatePassword</tt> but will provide error information if
--   the hash is invalid or an unsupported version.
validatePasswordEither :: (ByteArray password, ByteArray hash) => password -> hash -> Either String Bool

-- | Create a bcrypt hash for a password with a provided cost value and
--   salt.
bcrypt :: (ByteArray salt, ByteArray password, ByteArray output) => Int -> salt -> password -> output


-- | Poly1305 implementation
module Crypto.MAC.Poly1305

-- | Poly1305 State. use State instead of Ctx

-- | <i>Deprecated: use Poly1305 State instead</i>
type Ctx = State

-- | Poly1305 State
data State

-- | Poly1305 Auth
newtype Auth
Auth :: Bytes -> Auth
authTag :: ByteArrayAccess b => b -> CryptoFailable Auth

-- | initialize a Poly1305 context
initialize :: ByteArrayAccess key => key -> CryptoFailable State

-- | update a context with a bytestring
update :: ByteArrayAccess ba => State -> ba -> State

-- | updates a context with multiples bytestring
updates :: ByteArrayAccess ba => State -> [ba] -> State

-- | finalize the context into a digest bytestring
finalize :: State -> Auth

-- | One-pass authorization creation
auth :: (ByteArrayAccess key, ByteArrayAccess ba) => key -> ba -> Auth
instance Control.DeepSeq.NFData Crypto.MAC.Poly1305.Auth
instance Data.ByteArray.Types.ByteArrayAccess Crypto.MAC.Poly1305.Auth
instance Data.ByteArray.Types.ByteArrayAccess Crypto.MAC.Poly1305.State
instance GHC.Classes.Eq Crypto.MAC.Poly1305.Auth


-- | A simple AEAD scheme using ChaCha20 and Poly1305. See RFC7539.
--   
--   The State is not modified in place, so each function changing the
--   State, returns a new State.
--   
--   Authenticated Data need to be added before any call to <a>encrypt</a>
--   or <a>decrypt</a>, and once all the data has been added, then
--   <a>finalizeAAD</a> need to be called.
--   
--   Once <a>finalizeAAD</a> has been called, no further <a>appendAAD</a>
--   call should be make.
--   
--   <pre>
--   encrypt nonce key hdr inp =
--      let st1        = ChaChaPoly1305.initialize key nonce
--          st2        = ChaChaPoly1305.finalizeAAD $ ChaChaPoly1305.appendAAD hdr st1
--          (out, st3) = ChaChaPoly1305.encrypt inp st2
--          auth       = ChaChaPoly1305.finalize st3
--       in out `B.append` Data.ByteArray.convert auth
--   </pre>
module Crypto.Cipher.ChaChaPoly1305

-- | A ChaChaPoly1305 State.
--   
--   The state is immutable, and only new state can be created
data State

-- | Valid Nonce for ChaChaPoly1305.
--   
--   It can be created with <a>nonce8</a> or <a>nonce12</a>
data Nonce

-- | Nonce smart constructor 12 bytes IV, nonce constructor
nonce12 :: ByteArrayAccess iv => iv -> CryptoFailable Nonce

-- | 8 bytes IV, nonce constructor
nonce8 :: ByteArrayAccess ba => ba -> ba -> CryptoFailable Nonce

-- | Increment a nonce
incrementNonce :: Nonce -> Nonce

-- | Initialize a new ChaChaPoly1305 State
--   
--   The key length need to be 256 bits, and the nonce procured using
--   either <a>nonce8</a> or <a>nonce12</a>
initialize :: ByteArrayAccess key => key -> Nonce -> CryptoFailable State

-- | Append Authenticated Data to the State and return the new modified
--   State.
--   
--   Once no further call to this function need to be make, the user should
--   call <a>finalizeAAD</a>
appendAAD :: ByteArrayAccess ba => ba -> State -> State

-- | Finalize the Authenticated Data and return the finalized State
finalizeAAD :: State -> State

-- | Encrypt a piece of data and returns the encrypted Data and the updated
--   State.
encrypt :: ByteArray ba => ba -> State -> (ba, State)

-- | Decrypt a piece of data and returns the decrypted Data and the updated
--   State.
decrypt :: ByteArray ba => ba -> State -> (ba, State)

-- | Generate an authentication tag from the State.
finalize :: State -> Auth
instance Data.ByteArray.Types.ByteArrayAccess Crypto.Cipher.ChaChaPoly1305.Nonce


-- | symmetric cipher basic types
module Crypto.Cipher.Types

-- | Symmetric cipher class.
class Cipher cipher

-- | Initialize a cipher context from a key
cipherInit :: (Cipher cipher, ByteArray key) => key -> CryptoFailable cipher

-- | Cipher name
cipherName :: Cipher cipher => cipher -> String

-- | return the size of the key required for this cipher. Some cipher
--   accept any size for key
cipherKeySize :: Cipher cipher => cipher -> KeySizeSpecifier

-- | Symmetric block cipher class
class Cipher cipher => BlockCipher cipher where cbcEncrypt = cbcEncryptGeneric cbcDecrypt = cbcDecryptGeneric cfbEncrypt = cfbEncryptGeneric cfbDecrypt = cfbDecryptGeneric ctrCombine = ctrCombineGeneric aeadInit _ _ _ = CryptoFailed CryptoError_AEADModeNotSupported

-- | Return the size of block required for this block cipher
blockSize :: BlockCipher cipher => cipher -> Int

-- | Encrypt blocks
--   
--   the input string need to be multiple of the block size
ecbEncrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> ba -> ba

-- | Decrypt blocks
--   
--   the input string need to be multiple of the block size
ecbDecrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> ba -> ba

-- | encrypt using the CBC mode.
--   
--   input need to be a multiple of the blocksize
cbcEncrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba

-- | decrypt using the CBC mode.
--   
--   input need to be a multiple of the blocksize
cbcDecrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba

-- | encrypt using the CFB mode.
--   
--   input need to be a multiple of the blocksize
cfbEncrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba

-- | decrypt using the CFB mode.
--   
--   input need to be a multiple of the blocksize
cfbDecrypt :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba

-- | combine using the CTR mode.
--   
--   CTR mode produce a stream of randomized data that is combined (by XOR
--   operation) with the input stream.
--   
--   encryption and decryption are the same operation.
--   
--   input can be of any size
ctrCombine :: (BlockCipher cipher, ByteArray ba) => cipher -> IV cipher -> ba -> ba

-- | Initialize a new AEAD State
--   
--   When Nothing is returns, it means the mode is not handled.
aeadInit :: (BlockCipher cipher, ByteArrayAccess iv) => AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)

-- | class of block cipher with a 128 bits block size
class BlockCipher cipher => BlockCipher128 cipher where xtsEncrypt = xtsEncryptGeneric xtsDecrypt = xtsDecryptGeneric

-- | encrypt using the XTS mode.
--   
--   input need to be a multiple of the blocksize, and the cipher need to
--   process 128 bits block only
xtsEncrypt :: (BlockCipher128 cipher, ByteArray ba) => (cipher, cipher) -> IV cipher -> DataUnitOffset -> ba -> ba

-- | decrypt using the XTS mode.
--   
--   input need to be a multiple of the blocksize, and the cipher need to
--   process 128 bits block only
xtsDecrypt :: (BlockCipher128 cipher, ByteArray ba) => (cipher, cipher) -> IV cipher -> DataUnitOffset -> ba -> ba

-- | Symmetric stream cipher class
class Cipher cipher => StreamCipher cipher

-- | Combine using the stream cipher
streamCombine :: (StreamCipher cipher, ByteArray ba) => cipher -> ba -> (ba, cipher)

-- | Offset inside an XTS data unit, measured in block size.
type DataUnitOffset = Word32

-- | Different specifier for key size in bytes
data KeySizeSpecifier

-- | in the range [min,max]
KeySizeRange :: Int -> Int -> KeySizeSpecifier

-- | one of the specified values
KeySizeEnum :: [Int] -> KeySizeSpecifier

-- | a specific size
KeySizeFixed :: Int -> KeySizeSpecifier

-- | AEAD Mode
data AEADMode
AEAD_OCB :: AEADMode
AEAD_CCM :: AEADMode
AEAD_EAX :: AEADMode
AEAD_CWC :: AEADMode
AEAD_GCM :: AEADMode

-- | AEAD Implementation
data AEADModeImpl st
AEADModeImpl :: (forall ba. ByteArrayAccess ba => st -> ba -> st) -> (forall ba. ByteArray ba => st -> ba -> (ba, st)) -> (forall ba. ByteArray ba => st -> ba -> (ba, st)) -> (st -> Int -> AuthTag) -> AEADModeImpl st
[aeadImplAppendHeader] :: AEADModeImpl st -> forall ba. ByteArrayAccess ba => st -> ba -> st
[aeadImplEncrypt] :: AEADModeImpl st -> forall ba. ByteArray ba => st -> ba -> (ba, st)
[aeadImplDecrypt] :: AEADModeImpl st -> forall ba. ByteArray ba => st -> ba -> (ba, st)
[aeadImplFinalize] :: AEADModeImpl st -> st -> Int -> AuthTag

-- | Authenticated Encryption with Associated Data algorithms
data AEAD cipher
AEAD :: AEADModeImpl st -> st -> AEAD cipher
[aeadModeImpl] :: AEAD cipher -> AEADModeImpl st
[aeadState] :: AEAD cipher -> st

-- | Append some header information to an AEAD context
aeadAppendHeader :: ByteArrayAccess aad => AEAD cipher -> aad -> AEAD cipher

-- | Encrypt some data and update the AEAD context
aeadEncrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher)

-- | Decrypt some data and update the AEAD context
aeadDecrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher)

-- | Finalize the AEAD context and return the authentication tag
aeadFinalize :: AEAD cipher -> Int -> AuthTag

-- | Simple AEAD encryption
aeadSimpleEncrypt :: (ByteArrayAccess aad, ByteArray ba) => AEAD a -> aad -> ba -> Int -> (AuthTag, ba)

-- | Simple AEAD decryption
aeadSimpleDecrypt :: (ByteArrayAccess aad, ByteArray ba) => AEAD a -> aad -> ba -> AuthTag -> Maybe ba

-- | an IV parametrized by the cipher
data IV c

-- | Create an IV for a specified block cipher
makeIV :: (ByteArrayAccess b, BlockCipher c) => b -> Maybe (IV c)

-- | Create an IV that is effectively representing the number 0
nullIV :: BlockCipher c => IV c

-- | Increment an IV by a number.
--   
--   Assume the IV is in Big Endian format.
ivAdd :: BlockCipher c => IV c -> Int -> IV c

-- | Authentication Tag for AE cipher mode
newtype AuthTag
AuthTag :: Bytes -> AuthTag
[unAuthTag] :: AuthTag -> Bytes


module Crypto.Cipher.Blowfish

-- | variable keyed blowfish state
data Blowfish

-- | 64 bit keyed blowfish state
data Blowfish64

-- | 128 bit keyed blowfish state
data Blowfish128

-- | 256 bit keyed blowfish state
data Blowfish256

-- | 448 bit keyed blowfish state
data Blowfish448
instance Control.DeepSeq.NFData Crypto.Cipher.Blowfish.Blowfish448
instance Control.DeepSeq.NFData Crypto.Cipher.Blowfish.Blowfish256
instance Control.DeepSeq.NFData Crypto.Cipher.Blowfish.Blowfish128
instance Control.DeepSeq.NFData Crypto.Cipher.Blowfish.Blowfish64
instance Control.DeepSeq.NFData Crypto.Cipher.Blowfish.Blowfish
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.Blowfish.Blowfish
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.Blowfish.Blowfish
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.Blowfish.Blowfish64
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.Blowfish.Blowfish64
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.Blowfish.Blowfish128
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.Blowfish.Blowfish128
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.Blowfish.Blowfish256
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.Blowfish.Blowfish256
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.Blowfish.Blowfish448
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.Blowfish.Blowfish448


-- | Camellia support. only 128 bit variant available for now.
module Crypto.Cipher.Camellia

-- | Camellia block cipher with 128 bit key
data Camellia128
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.Camellia.Camellia128
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.Camellia.Camellia128


module Crypto.Cipher.DES

-- | DES Context
data DES
instance GHC.Classes.Eq Crypto.Cipher.DES.DES
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.DES.DES
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.DES.DES


module Crypto.Cipher.TripleDES

-- | 3DES with 3 different keys used all in the same direction
data DES_EEE3

-- | 3DES with 3 different keys used in alternative direction
data DES_EDE3

-- | 3DES where the first and third keys are equal, used in the same
--   direction
data DES_EEE2

-- | 3DES where the first and third keys are equal, used in alternative
--   direction
data DES_EDE2
instance GHC.Classes.Eq Crypto.Cipher.TripleDES.DES_EDE2
instance GHC.Classes.Eq Crypto.Cipher.TripleDES.DES_EEE2
instance GHC.Classes.Eq Crypto.Cipher.TripleDES.DES_EDE3
instance GHC.Classes.Eq Crypto.Cipher.TripleDES.DES_EEE3
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.TripleDES.DES_EEE3
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.TripleDES.DES_EDE3
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.TripleDES.DES_EDE2
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.TripleDES.DES_EEE2
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.TripleDES.DES_EEE3
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.TripleDES.DES_EDE3
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.TripleDES.DES_EEE2
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.TripleDES.DES_EDE2


-- | Curve25519 support
module Crypto.PubKey.Curve25519

-- | A Curve25519 Secret key
data SecretKey

-- | A Curve25519 public key
data PublicKey

-- | A Curve25519 Diffie Hellman secret related to a public key and a
--   secret key.
data DhSecret

-- | Create a DhSecret from a bytearray object
dhSecret :: ByteArrayAccess b => b -> CryptoFailable DhSecret

-- | Try to build a public key from a bytearray
publicKey :: ByteArrayAccess bs => bs -> CryptoFailable PublicKey

-- | Try to build a secret key from a bytearray
secretKey :: ByteArrayAccess bs => bs -> CryptoFailable SecretKey

-- | Compute the Diffie Hellman secret from a public key and a secret key
dh :: PublicKey -> SecretKey -> DhSecret

-- | Create a public key from a secret key
toPublic :: SecretKey -> PublicKey
instance Control.DeepSeq.NFData Crypto.PubKey.Curve25519.DhSecret
instance Data.ByteArray.Types.ByteArrayAccess Crypto.PubKey.Curve25519.DhSecret
instance GHC.Classes.Eq Crypto.PubKey.Curve25519.DhSecret
instance GHC.Show.Show Crypto.PubKey.Curve25519.DhSecret
instance Control.DeepSeq.NFData Crypto.PubKey.Curve25519.PublicKey
instance Data.ByteArray.Types.ByteArrayAccess Crypto.PubKey.Curve25519.PublicKey
instance GHC.Classes.Eq Crypto.PubKey.Curve25519.PublicKey
instance GHC.Show.Show Crypto.PubKey.Curve25519.PublicKey
instance Control.DeepSeq.NFData Crypto.PubKey.Curve25519.SecretKey
instance Data.ByteArray.Types.ByteArrayAccess Crypto.PubKey.Curve25519.SecretKey
instance GHC.Classes.Eq Crypto.PubKey.Curve25519.SecretKey
instance GHC.Show.Show Crypto.PubKey.Curve25519.SecretKey


-- | P256 support
module Crypto.PubKey.ECC.P256

-- | A P256 scalar
data Scalar

-- | A P256 point
data Point

-- | Get the base point for the P256 Curve
pointBase :: Point

-- | Add a point to another point
pointAdd :: Point -> Point -> Point

-- | Multiply a point by a scalar
--   
--   warning: variable time
pointMul :: Scalar -> Point -> Point

-- | multiply the point <tt>p with </tt>n2 and add a lifted to curve value
--   @n1
--   
--   <pre>
--   n1 * G + n2 * p
--   </pre>
--   
--   warning: variable time
pointsMulVarTime :: Scalar -> Scalar -> Point -> Point

-- | Check if a <a>Point</a> is valid
pointIsValid :: Point -> Bool

-- | Lift to curve a scalar
--   
--   Using the curve generator as base point compute:
--   
--   <pre>
--   scalar * G
--   </pre>
toPoint :: Scalar -> Point

-- | Convert a point to (x,y) Integers
pointToIntegers :: Point -> (Integer, Integer)

-- | Convert from (x,y) Integers to a point
pointFromIntegers :: (Integer, Integer) -> Point

-- | Convert a point to a binary representation
pointToBinary :: ByteArray ba => Point -> ba

-- | Convert from binary to a point
pointFromBinary :: ByteArrayAccess ba => ba -> CryptoFailable Point

-- | Generate a randomly generated new scalar
scalarGenerate :: MonadRandom randomly => randomly Scalar

-- | The scalar representing 0
scalarZero :: Scalar

-- | Check if the scalar is 0
scalarIsZero :: Scalar -> Bool

-- | Perform addition between two scalars
--   
--   <pre>
--   a + b
--   </pre>
scalarAdd :: Scalar -> Scalar -> Scalar

-- | Perform subtraction between two scalars
--   
--   <pre>
--   a - b
--   </pre>
scalarSub :: Scalar -> Scalar -> Scalar

-- | Give the inverse of the scalar
--   
--   <pre>
--   1 / a
--   </pre>
--   
--   warning: variable time
scalarInv :: Scalar -> Scalar

-- | Compare 2 Scalar
scalarCmp :: Scalar -> Scalar -> Ordering

-- | convert a scalar from binary
scalarFromBinary :: ByteArrayAccess ba => ba -> CryptoFailable Scalar

-- | convert a scalar to binary
scalarToBinary :: ByteArray ba => Scalar -> ba

-- | Convert from an Integer to a P256 Scalar
scalarFromInteger :: Integer -> CryptoFailable Scalar

-- | Convert from a P256 Scalar to an Integer
scalarToInteger :: Scalar -> Integer
instance GHC.Classes.Eq Crypto.PubKey.ECC.P256.Point
instance GHC.Show.Show Crypto.PubKey.ECC.P256.Point
instance Data.ByteArray.Types.ByteArrayAccess Crypto.PubKey.ECC.P256.Scalar
instance GHC.Classes.Eq Crypto.PubKey.ECC.P256.Scalar


-- | Ed25519 support
module Crypto.PubKey.Ed25519

-- | An Ed25519 Secret key
data SecretKey

-- | An Ed25519 public key
data PublicKey

-- | An Ed25519 signature
data Signature

-- | Try to build a signature from a bytearray
signature :: ByteArrayAccess ba => ba -> CryptoFailable Signature

-- | Try to build a public key from a bytearray
publicKey :: ByteArrayAccess ba => ba -> CryptoFailable PublicKey

-- | Try to build a secret key from a bytearray
secretKey :: ByteArrayAccess ba => ba -> CryptoFailable SecretKey

-- | Create a public key from a secret key
toPublic :: SecretKey -> PublicKey

-- | Sign a message using the key pair
sign :: ByteArrayAccess ba => SecretKey -> PublicKey -> ba -> Signature

-- | Verify a message
verify :: ByteArrayAccess ba => PublicKey -> ba -> Signature -> Bool
instance Control.DeepSeq.NFData Crypto.PubKey.Ed25519.Signature
instance Data.ByteArray.Types.ByteArrayAccess Crypto.PubKey.Ed25519.Signature
instance GHC.Classes.Eq Crypto.PubKey.Ed25519.Signature
instance GHC.Show.Show Crypto.PubKey.Ed25519.Signature
instance Control.DeepSeq.NFData Crypto.PubKey.Ed25519.PublicKey
instance Data.ByteArray.Types.ByteArrayAccess Crypto.PubKey.Ed25519.PublicKey
instance GHC.Classes.Eq Crypto.PubKey.Ed25519.PublicKey
instance GHC.Show.Show Crypto.PubKey.Ed25519.PublicKey
instance Control.DeepSeq.NFData Crypto.PubKey.Ed25519.SecretKey
instance Data.ByteArray.Types.ByteArrayAccess Crypto.PubKey.Ed25519.SecretKey
instance GHC.Classes.Eq Crypto.PubKey.Ed25519.SecretKey


module Crypto.Cipher.AES

-- | AES with 128 bit key
data AES128

-- | AES with 192 bit key
data AES192

-- | AES with 256 bit key
data AES256
instance Control.DeepSeq.NFData Crypto.Cipher.AES.AES256
instance Control.DeepSeq.NFData Crypto.Cipher.AES.AES192
instance Control.DeepSeq.NFData Crypto.Cipher.AES.AES128
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.AES.AES128
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.AES.AES192
instance Crypto.Cipher.Types.Base.Cipher Crypto.Cipher.AES.AES256
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.AES.AES128
instance Crypto.Cipher.Types.Block.BlockCipher128 Crypto.Cipher.AES.AES128
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.AES.AES192
instance Crypto.Cipher.Types.Block.BlockCipher128 Crypto.Cipher.AES.AES192
instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Cipher.AES.AES256
instance Crypto.Cipher.Types.Block.BlockCipher128 Crypto.Cipher.AES.AES256