simplexmq-0.4.1: SimpleXMQ message broker
Copyright(c) simplex.chat
LicenseAGPL-3
Maintainerchat@simplex.chat
Stabilityexperimental
Portabilitynon-portable
Safe HaskellNone
LanguageHaskell2010

Simplex.Messaging.Crypto

Description

This module provides cryptography implementation for SMP protocols based on cryptonite package.

Synopsis

RSA keys

newtype SafePrivateKey Source #

A newtype of PrivateKey, with PublicKey removed.

It is not possible to recover PublicKey from SafePrivateKey. The constructor of this type is not exported.

Constructors

SafePrivateKey 

newtype PublicKey Source #

A newtype of PublicKey.

Constructors

PublicKey 

Instances

Instances details
Eq PublicKey Source # 
Instance details

Defined in Simplex.Messaging.Crypto

Show PublicKey Source # 
Instance details

Defined in Simplex.Messaging.Crypto

IsString PublicKey Source # 
Instance details

Defined in Simplex.Messaging.Crypto

FromField PublicKey Source # 
Instance details

Defined in Simplex.Messaging.Crypto

ToField PublicKey Source # 
Instance details

Defined in Simplex.Messaging.Crypto

Methods

toField :: PublicKey -> SQLData #

newtype KeyHash Source #

Key hash newtype.

Constructors

KeyHash 

Instances

Instances details
Eq KeyHash Source # 
Instance details

Defined in Simplex.Messaging.Crypto

Methods

(==) :: KeyHash -> KeyHash -> Bool #

(/=) :: KeyHash -> KeyHash -> Bool #

Ord KeyHash Source # 
Instance details

Defined in Simplex.Messaging.Crypto

Show KeyHash Source # 
Instance details

Defined in Simplex.Messaging.Crypto

IsString KeyHash Source # 
Instance details

Defined in Simplex.Messaging.Crypto

Methods

fromString :: String -> KeyHash #

FromField KeyHash Source # 
Instance details

Defined in Simplex.Messaging.Crypto

ToField KeyHash Source # 
Instance details

Defined in Simplex.Messaging.Crypto

Methods

toField :: KeyHash -> SQLData #

generateKeyPair :: PrivateKey k => Int -> IO (KeyPair k) Source #

Generate RSA key pair with either SafePrivateKey or FullPrivateKey.

safePrivateKey :: (Int, Integer, Integer) -> SafePrivateKey Source #

Construct SafePrivateKey from three numbers - used internally and in the tests.

removePublicKey :: APrivateKey -> APrivateKey Source #

Remove public key exponent from APrivateKey.

E2E hybrid encryption scheme

RSA OAEP encryption

encryptOAEP :: PublicKey -> ByteString -> ExceptT CryptoError IO ByteString Source #

RSA OAEP encryption.

Used as part of hybrid E2E encryption scheme and for SMP transport handshake.

decryptOAEP :: PrivateKey k => k -> ByteString -> ExceptT CryptoError IO ByteString Source #

RSA OAEP decryption.

Used as part of hybrid E2E encryption scheme and for SMP transport handshake.

RSA PSS signing

newtype Signature Source #

RSA signature newtype.

Constructors

Signature 

Instances

Instances details
Eq Signature Source # 
Instance details

Defined in Simplex.Messaging.Crypto

Show Signature Source # 
Instance details

Defined in Simplex.Messaging.Crypto

IsString Signature Source # 
Instance details

Defined in Simplex.Messaging.Crypto

sign :: PrivateKey k => k -> ByteString -> ExceptT CryptoError IO Signature Source #

RSA PSS message signing.

Used by SMP clients to sign SMP commands and by SMP agents to sign messages.

verify :: PublicKey -> Signature -> ByteString -> Bool Source #

RSA PSS signature verification.

Used by SMP servers to authorize SMP commands and by SMP agents to verify messages.

AES256 AEAD-GCM scheme

newtype Key Source #

AES key newtype.

Constructors

Key 

Fields

newtype IV Source #

IV bytes newtype.

Constructors

IV 

Fields

encryptAES :: Key -> IV -> Int -> ByteString -> ExceptT CryptoError IO (AuthTag, ByteString) Source #

AEAD-GCM encryption.

Used as part of hybrid E2E encryption scheme and for SMP transport blocks encryption.

decryptAES :: Key -> IV -> ByteString -> AuthTag -> ExceptT CryptoError IO ByteString Source #

AEAD-GCM decryption.

Used as part of hybrid E2E encryption scheme and for SMP transport blocks decryption.

authTagToBS :: AuthTag -> ByteString Source #

Convert AEAD AuthTag to ByteString.

bsToAuthTag :: ByteString -> AuthTag Source #

Convert ByteString to AEAD AuthTag.

randomAesKey :: IO Key Source #

Random AES256 key.

randomIV :: IO IV Source #

Random IV bytes for AES256 encryption.

aesKeyP :: Parser Key Source #

AES256 key parser.

ivP :: Parser IV Source #

IV bytes parser.

Encoding of RSA keys

serializePrivKey :: PrivateKey k => k -> ByteString Source #

Base-64 PKCS8 encoding of PSA private key.

Not used as part of SMP protocols.

serializePubKey :: PublicKey -> ByteString Source #

Base-64 X509 encoding of RSA public key.

Used as part of SMP queue information (out-of-band message).

publicKeyHash :: PublicKey -> KeyHash Source #

Digest (hash) of binary X509 encoding of RSA public key.

SHA256 hash

Cryptography error type

data CryptoError Source #

Various cryptographic or related errors.

Constructors

RSAEncryptError Error

RSA OAEP encryption error

RSADecryptError Error

RSA OAEP decryption error

RSASignError Error

RSA PSS signature error

AESCipherError CryptoError

AES initialization error

CryptoIVError

IV generation error

AESDecryptError

AES decryption error

CryptoLargeMsgError

message does not fit in SMP block

CryptoHeaderError String

failure parsing RSA-encrypted message header