Safe Haskell	None
Language	GHC2021

Wai.CryptoCookie.Encryption

Description

You will need to import this module if you are planning to define an Encryption scheme other than the defaults provided by this library.

Synopsis

class (KnownNat (KeyLength e), Eq (Key e)) => Encryption (e :: k) where
- data Key (e :: k)
- type KeyLength (e :: k) :: Natural
- data Encrypt (e :: k)
- data Decrypt (e :: k)
- genKey :: MonadRandom m => m (Key e)
- keyFromBytes :: ByteArrayAccess raw => raw -> Either String (Key e)
- keyToBytes :: ByteArrayN (KeyLength e) raw => Key e -> raw
- initial :: MonadRandom m => Key e -> m (Encrypt e, Decrypt e)
- advance :: Encrypt e -> Encrypt e
- encrypt :: Encrypt e -> ByteString -> ByteString
- decrypt :: Decrypt e -> ByteString -> Either String ByteString
autoKeyFileBase16 :: forall {k} (e :: k) m. (Encryption e, MonadIO m) => FilePath -> m (Key e)
readKeyFileBase16 :: forall {k} (e :: k) m. (Encryption e, MonadIO m) => FilePath -> m (Key e)
readKeyFile :: forall {k} (e :: k) m. (Encryption e, MonadIO m) => (ScrubbedBytes -> Either String ScrubbedBytes) -> FilePath -> m (Key e)
writeKeyFile :: forall {k} (e :: k) m. (Encryption e, MonadIO m) => (SizedByteArray (KeyLength e) ScrubbedBytes -> ScrubbedBytes) -> FilePath -> Key e -> m ()

Documentation

class (KnownNat (KeyLength e), Eq (Key e)) => Encryption (e :: k) where Source #

Encryption method.

Associated Types

data Key (e :: k) Source #

Key used for encryption. You can obtain an initial random Key using genKey. As long as you have access to said Key, you will be able to decrypt data previously encrypted with it. For this reason, be sure to save and load the key using keyToBytes and keyFromBytes.

type KeyLength (e :: k) :: Natural Source #

Statically known Key length.

data Encrypt (e :: k) Source #

Encryption context used by encrypt.

data Decrypt (e :: k) Source #

Decryption context used by decrypt.

Methods

genKey :: MonadRandom m => m (Key e) Source #

Generate a random encryption Key.

keyFromBytes :: ByteArrayAccess raw => raw -> Either String (Key e) Source #

Load a Key from its bytes representation, if possible.

keyToBytes :: ByteArrayN (KeyLength e) raw => Key e -> raw Source #

Dump the bytes representation of a Key.

initial :: MonadRandom m => Key e -> m (Encrypt e, Decrypt e) Source #

Generate initial Encryption and Decryption context for a Key.

The Encryption context could carry for example the next nonce to use for encryption, the Key itself or its derivative used during the actual encryption process, or a deterministic random number generator.

The Decryption context could carry for example the Key itself or its derivative used during the decryption process.

advance :: Encrypt e -> Encrypt e Source #

After each encryption, the Encryption context will be automatically advanced through this function. For example, if your Encryption context carries a nonce or a deterministic random number generator, this is the place to update them.

encrypt :: Encrypt e -> ByteString -> ByteString Source #

Encrypt a plaintext message according to the Encryption context.

decrypt :: Decrypt e -> ByteString -> Either String ByteString Source #

Decrypt a message according to the Decryption context.

The String is for internal debugging purposes only.

Instances

Instances details

Encryption "AEAD_AES_128_GCM_SIV" Source #

AEAD_AES_128_GCM_SIV is a nonce-misuse resistant AEAD encryption scheme defined in RFC 8452.

Instance details

Defined in Wai.CryptoCookie.Encryption.AEAD_AES_128_GCM_SIV

Associated Types

newtype Key "AEAD_AES_128_GCM_SIV"
Instance details Defined in Wai.CryptoCookie.Encryption.AEAD_AES_128_GCM_SIV newtype Key "AEAD_AES_128_GCM_SIV" = Key (SizedByteArray 16 ScrubbedBytes)
type KeyLength "AEAD_AES_128_GCM_SIV"
Instance details Defined in Wai.CryptoCookie.Encryption.AEAD_AES_128_GCM_SIV type KeyLength "AEAD_AES_128_GCM_SIV" = 16
data Encrypt "AEAD_AES_128_GCM_SIV"
Instance details Defined in Wai.CryptoCookie.Encryption.AEAD_AES_128_GCM_SIV data Encrypt "AEAD_AES_128_GCM_SIV" = Encrypt AES128 ChaChaDRG Nonce
newtype Decrypt "AEAD_AES_128_GCM_SIV"
Instance details Defined in Wai.CryptoCookie.Encryption.AEAD_AES_128_GCM_SIV newtype Decrypt "AEAD_AES_128_GCM_SIV" = Decrypt AES128

Methods

genKey :: MonadRandom m => m (Key "AEAD_AES_128_GCM_SIV") Source #

keyFromBytes :: ByteArrayAccess raw => raw -> Either String (Key "AEAD_AES_128_GCM_SIV") Source #

keyToBytes :: ByteArrayN (KeyLength "AEAD_AES_128_GCM_SIV") raw => Key "AEAD_AES_128_GCM_SIV" -> raw Source #

initial :: MonadRandom m => Key "AEAD_AES_128_GCM_SIV" -> m (Encrypt "AEAD_AES_128_GCM_SIV", Decrypt "AEAD_AES_128_GCM_SIV") Source #

advance :: Encrypt "AEAD_AES_128_GCM_SIV" -> Encrypt "AEAD_AES_128_GCM_SIV" Source #

encrypt :: Encrypt "AEAD_AES_128_GCM_SIV" -> ByteString -> ByteString Source #

decrypt :: Decrypt "AEAD_AES_128_GCM_SIV" -> ByteString -> Either String ByteString Source #

Encryption "AEAD_AES_256_GCM_SIV" Source #

AEAD_AES_256_GCM_SIV is a nonce-misuse resistant AEAD encryption scheme defined in RFC 8452.

Instance details

Defined in Wai.CryptoCookie.Encryption.AEAD_AES_256_GCM_SIV

Associated Types

newtype Key "AEAD_AES_256_GCM_SIV"
Instance details Defined in Wai.CryptoCookie.Encryption.AEAD_AES_256_GCM_SIV newtype Key "AEAD_AES_256_GCM_SIV" = Key (SizedByteArray 32 ScrubbedBytes)
type KeyLength "AEAD_AES_256_GCM_SIV"
Instance details Defined in Wai.CryptoCookie.Encryption.AEAD_AES_256_GCM_SIV type KeyLength "AEAD_AES_256_GCM_SIV" = 32
data Encrypt "AEAD_AES_256_GCM_SIV"
Instance details Defined in Wai.CryptoCookie.Encryption.AEAD_AES_256_GCM_SIV data Encrypt "AEAD_AES_256_GCM_SIV" = Encrypt AES256 ChaChaDRG Nonce
newtype Decrypt "AEAD_AES_256_GCM_SIV"
Instance details Defined in Wai.CryptoCookie.Encryption.AEAD_AES_256_GCM_SIV newtype Decrypt "AEAD_AES_256_GCM_SIV" = Decrypt AES256

Methods

genKey :: MonadRandom m => m (Key "AEAD_AES_256_GCM_SIV") Source #

keyFromBytes :: ByteArrayAccess raw => raw -> Either String (Key "AEAD_AES_256_GCM_SIV") Source #

keyToBytes :: ByteArrayN (KeyLength "AEAD_AES_256_GCM_SIV") raw => Key "AEAD_AES_256_GCM_SIV" -> raw Source #

initial :: MonadRandom m => Key "AEAD_AES_256_GCM_SIV" -> m (Encrypt "AEAD_AES_256_GCM_SIV", Decrypt "AEAD_AES_256_GCM_SIV") Source #

advance :: Encrypt "AEAD_AES_256_GCM_SIV" -> Encrypt "AEAD_AES_256_GCM_SIV" Source #

encrypt :: Encrypt "AEAD_AES_256_GCM_SIV" -> ByteString -> ByteString Source #

decrypt :: Decrypt "AEAD_AES_256_GCM_SIV" -> ByteString -> Either String ByteString Source #

autoKeyFileBase16 :: forall {k} (e :: k) m. (Encryption e, MonadIO m) => FilePath -> m (Key e) Source #

If the FilePath exists, then read the base-16 representation of a Key from it. Ignores trailing newlines.

Otherwise, generate a random new Key and write its base-16 representation in the FilePath.

Finally, return the Key.

readKeyFileBase16 :: forall {k} (e :: k) m. (Encryption e, MonadIO m) => FilePath -> m (Key e) Source #

Read a base-16 encoded Key from a file. Ignores trailing newlines.

readKeyFile Source #

Arguments

:: forall {k} (e :: k) m. (Encryption e, MonadIO m)
=> (ScrubbedBytes -> Either String ScrubbedBytes)	Convert the raw content of the file into input suitable for `keyFromBytes`.
-> FilePath
-> m (Key e)

Read a Key from a file.

writeKeyFile Source #

Arguments

:: forall {k} (e :: k) m. (Encryption e, MonadIO m)
=> (SizedByteArray (KeyLength e) ScrubbedBytes -> ScrubbedBytes)	Convert the raw `keyToBytes` bytes to file contents.
-> FilePath
-> Key e
-> m ()

Save a key to a file.