| License | BSD-style |
|---|---|
| Maintainer | Olivier Chéron <olivier.cheron@gmail.com> |
| Stability | experimental |
| Portability | unknown |
| Safe Haskell | None |
| Language | Haskell2010 |
Crypto.Store.CMS
Description
Cryptographic Message Syntax
- RFC 5652: Cryptographic Message Syntax (CMS)
- RFC 3370: Cryptographic Message Syntax (CMS) Algorithms
- RFC 3560: Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
- RFC 4056: Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS)
- RFC 3565: Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS)
- RFC 5753: Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)
- RFC 5754: Using SHA2 Algorithms with Cryptographic Message Syntax
- RFC 3211: Password-based Encryption for CMS
- RFC 5083: Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type
- RFC 5084: Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)
- RFC 6476: Using Message Authentication Code (MAC) Encryption in the Cryptographic Message Syntax (CMS)
- RFC 8103: Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS)
- RFC 8418: Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm with X25519 and X448 in the Cryptographic Message Syntax (CMS)
- RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures in the Cryptographic Message Syntax (CMS)
- RFC 8702: Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)
Synopsis
- data ContentType
- data ContentInfo
- = DataCI ByteString
- | SignedDataCI (SignedData (Encap EncapsulatedContent))
- | EnvelopedDataCI (EnvelopedData (Encap EncryptedContent))
- | DigestedDataCI (DigestedData (Encap EncapsulatedContent))
- | EncryptedDataCI (EncryptedData (Encap EncryptedContent))
- | AuthenticatedDataCI (AuthenticatedData (Encap EncapsulatedContent))
- | AuthEnvelopedDataCI (AuthEnvelopedData (Encap EncryptedContent))
- getContentType :: ContentInfo -> ContentType
- readCMSFile :: FilePath -> IO [ContentInfo]
- readCMSFileFromMemory :: ByteString -> [ContentInfo]
- berToContentInfo :: ByteString -> Either StoreError ContentInfo
- pemToContentInfo :: [Maybe ContentInfo] -> PEM -> [Maybe ContentInfo]
- writeCMSFile :: FilePath -> [ContentInfo] -> IO ()
- writeCMSFileToMemory :: [ContentInfo] -> ByteString
- contentInfoToDER :: ContentInfo -> ByteString
- contentInfoToPEM :: ContentInfo -> PEM
- data Encap a
- fromEncap :: b -> (a -> b) -> Encap a -> b
- class Encapsulates (struct :: Type -> Type)
- isAttached :: Encapsulates struct => struct (Encap a) -> Bool
- fromAttached :: (MonadFail m, Encapsulates struct) => struct (Encap a) -> m (struct a)
- toAttachedCI :: Encapsulates struct => struct ByteString -> ContentInfo
- isDetached :: Encapsulates struct => struct (Encap a) -> Bool
- fromDetached :: (MonadFail m, Encapsulates struct) => b -> struct (Encap a) -> m (struct b)
- toDetachedCI :: Encapsulates struct => struct ByteString -> (ByteString, ContentInfo)
- type SignatureValue = ByteString
- data SignatureAlg
- type EncapsulatedContent = ByteString
- data SignedData content = SignedData {}
- type ProducerOfSI (m :: Type -> Type) = ContentType -> ByteString -> m (Either StoreError (SignerInfo, [CertificateChoice], [RevocationInfoChoice]))
- type ConsumerOfSI (m :: Type -> Type) = ContentType -> ByteString -> SignerInfo -> [CertificateChoice] -> [RevocationInfoChoice] -> m Bool
- signData :: Applicative f => [ProducerOfSI f] -> ContentInfo -> f (Either StoreError (SignedData EncapsulatedContent))
- verifySignedData :: Monad m => ConsumerOfSI m -> SignedData EncapsulatedContent -> m (Either StoreError ContentInfo)
- data SignerInfo = SignerInfo {}
- data SignerIdentifier
- = SignerIASN IssuerAndSerialNumber
- | SignerSKI ByteString
- data IssuerAndSerialNumber = IssuerAndSerialNumber {
- iasnIssuer :: DistinguishedName
- iasnSerial :: Integer
- certSigner :: MonadRandom m => SignatureAlg -> PrivKey -> CertificateChain -> Maybe [Attribute] -> [Attribute] -> ProducerOfSI m
- withPublicKey :: Applicative f => PubKey -> ConsumerOfSI f
- withSignerKey :: Applicative f => ConsumerOfSI f
- withSignerCertificate :: Applicative f => (Maybe DateTime -> CertificateChain -> f Bool) -> ConsumerOfSI f
- type EncryptedKey = ByteString
- data KeyEncryptionParams
- data KeyTransportParams
- data KeyAgreementParams
- data KeyAgreementKDF
- = HashAlgorithm hashAlg => KA_X963_KDF (DigestProxy hashAlg)
- | HashAlgorithm hashAlg => KA_HKDF (DigestProxy hashAlg)
- data RecipientInfo
- data EnvelopedData content = EnvelopedData {}
- type ProducerOfRI (m :: Type -> Type) = ContentEncryptionKey -> m (Either StoreError RecipientInfo)
- type ConsumerOfRI (m :: Type -> Type) = RecipientInfo -> m (Either StoreError ContentEncryptionKey)
- envelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> ContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> ContentInfo -> f (Either StoreError (EnvelopedData EncryptedContent))
- openEnvelopedData :: Monad m => ConsumerOfRI m -> EnvelopedData EncryptedContent -> m (Either StoreError ContentInfo)
- data KTRecipientInfo = KTRecipientInfo {}
- data RecipientIdentifier
- = RecipientIASN IssuerAndSerialNumber
- | RecipientSKI ByteString
- forKeyTransRecipient :: MonadRandom m => SignedCertificate -> KeyTransportParams -> ProducerOfRI m
- withRecipientKeyTrans :: MonadRandom m => PrivKey -> ConsumerOfRI m
- data KARecipientInfo = KARecipientInfo {}
- data OriginatorIdentifierOrKey
- data OriginatorPublicKey
- data RecipientEncryptedKey = RecipientEncryptedKey {}
- data KeyAgreeRecipientIdentifier
- type UserKeyingMaterial = ByteString
- forKeyAgreeRecipient :: MonadRandom m => SignedCertificate -> KeyAgreementParams -> ProducerOfRI m
- withRecipientKeyAgree :: MonadRandom m => PrivKey -> SignedCertificate -> ConsumerOfRI m
- data KEKRecipientInfo = KEKRecipientInfo {}
- data KeyIdentifier = KeyIdentifier {
- keyIdentifier :: ByteString
- keyDate :: Maybe DateTime
- keyOther :: Maybe OtherKeyAttribute
- data OtherKeyAttribute = OtherKeyAttribute {}
- type KeyEncryptionKey = ByteString
- forKeyRecipient :: MonadRandom m => KeyEncryptionKey -> KeyIdentifier -> KeyEncryptionParams -> ProducerOfRI m
- withRecipientKey :: Applicative f => KeyEncryptionKey -> ConsumerOfRI f
- data PasswordRecipientInfo = PasswordRecipientInfo {}
- forPasswordRecipient :: MonadRandom m => Password -> KeyDerivationFunc -> KeyEncryptionParams -> ProducerOfRI m
- withRecipientPassword :: Applicative f => Password -> ConsumerOfRI f
- data DigestProxy hashAlg where
- MD2 :: DigestProxy MD2
- MD4 :: DigestProxy MD4
- MD5 :: DigestProxy MD5
- SHA1 :: DigestProxy SHA1
- SHA224 :: DigestProxy SHA224
- SHA256 :: DigestProxy SHA256
- SHA384 :: DigestProxy SHA384
- SHA512 :: DigestProxy SHA512
- SHAKE128_256 :: DigestProxy (SHAKE128 256)
- SHAKE256_512 :: DigestProxy (SHAKE256 512)
- SHAKE128 :: forall (n :: Nat). KnownNat n => Proxy n -> DigestProxy (SHAKE128 n)
- SHAKE256 :: forall (n :: Nat). KnownNat n => Proxy n -> DigestProxy (SHAKE256 n)
- data DigestAlgorithm = HashAlgorithm hashAlg => DigestAlgorithm (DigestProxy hashAlg)
- data DigestedData content = HashAlgorithm hashAlg => DigestedData {
- ddDigestAlgorithm :: DigestProxy hashAlg
- ddContentType :: ContentType
- ddEncapsulatedContent :: content
- ddDigest :: Digest hashAlg
- digestData :: DigestAlgorithm -> ContentInfo -> DigestedData EncapsulatedContent
- digestVerify :: DigestedData EncapsulatedContent -> Either StoreError ContentInfo
- type ContentEncryptionKey = ByteString
- data ContentEncryptionCipher cipher where
- DES :: ContentEncryptionCipher DES
- DES_EDE2 :: ContentEncryptionCipher DES_EDE2
- DES_EDE3 :: ContentEncryptionCipher DES_EDE3
- AES128 :: ContentEncryptionCipher AES128
- AES192 :: ContentEncryptionCipher AES192
- AES256 :: ContentEncryptionCipher AES256
- CAST5 :: ContentEncryptionCipher CAST5
- Camellia128 :: ContentEncryptionCipher Camellia128
- data ContentEncryptionAlg
- = BlockCipher c => ECB (ContentEncryptionCipher c)
- | BlockCipher c => CBC (ContentEncryptionCipher c)
- | CBC_RC2
- | BlockCipher c => CFB (ContentEncryptionCipher c)
- | BlockCipher c => CTR (ContentEncryptionCipher c)
- data ContentEncryptionParams
- type EncryptedContent = ByteString
- data EncryptedData content = EncryptedData {}
- generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams
- generateRC2EncryptionParams :: MonadRandom m => Int -> m ContentEncryptionParams
- getContentEncryptionAlg :: ContentEncryptionParams -> ContentEncryptionAlg
- encryptData :: ContentEncryptionKey -> ContentEncryptionParams -> [Attribute] -> ContentInfo -> Either StoreError (EncryptedData EncryptedContent)
- decryptData :: ContentEncryptionKey -> EncryptedData EncryptedContent -> Either StoreError ContentInfo
- type AuthenticationKey = ContentEncryptionKey
- data MACAlgorithm
- = HashAlgorithm hashAlg => HMAC (DigestProxy hashAlg)
- | KnownNat n => KMAC_SHAKE128 (Proxy n) ByteString
- | KnownNat n => KMAC_SHAKE256 (Proxy n) ByteString
- type MessageAuthenticationCode = AuthTag
- data AuthenticatedData content = AuthenticatedData {}
- generateAuthenticatedData :: Applicative f => OriginatorInfo -> AuthenticationKey -> MACAlgorithm -> Maybe DigestAlgorithm -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError (AuthenticatedData EncapsulatedContent))
- verifyAuthenticatedData :: Monad m => ConsumerOfRI m -> AuthenticatedData EncapsulatedContent -> m (Either StoreError ContentInfo)
- data AuthContentEncryptionAlg
- = AUTH_ENC_128
- | AUTH_ENC_256
- | CHACHA20_POLY1305
- | BlockCipher c => CCM (ContentEncryptionCipher c)
- | BlockCipher c => GCM (ContentEncryptionCipher c)
- data AuthContentEncryptionParams
- data AuthEnvelopedData content = AuthEnvelopedData {}
- generateAuthEnc128Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams
- generateAuthEnc256Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams
- generateChaChaPoly1305Params :: MonadRandom m => m AuthContentEncryptionParams
- generateCCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> CCM_M -> CCM_L -> m AuthContentEncryptionParams
- generateGCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> Int -> m AuthContentEncryptionParams
- authEnvelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> AuthContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError (AuthEnvelopedData EncryptedContent))
- openAuthEnvelopedData :: Monad m => ConsumerOfRI m -> AuthEnvelopedData EncryptedContent -> m (Either StoreError ContentInfo)
- type Salt = ByteString
- generateSalt :: MonadRandom m => Int -> m Salt
- data KeyDerivationFunc
- = PBKDF2 {
- pbkdf2Salt :: Salt
- pbkdf2IterationCount :: Int
- pbkdf2KeyLength :: Maybe Int
- pbkdf2Prf :: PBKDF2_PRF
- | Scrypt {
- scryptSalt :: Salt
- scryptN :: Word64
- scryptR :: Int
- scryptP :: Int
- scryptKeyLength :: Maybe Int
- = PBKDF2 {
- data PBKDF2_PRF
- class HasKeySize params where
- getKeySizeSpecifier :: params -> KeySizeSpecifier
- generateKey :: (HasKeySize params, MonadRandom m, ByteArray key) => params -> m key
- newtype MaskGenerationFunc = MGF1 DigestAlgorithm
- data OAEPParams = OAEPParams {}
- data PSSParams = PSSParams {}
- data Attribute = Attribute {
- attrType :: OID
- attrValues :: [ASN1]
- findAttribute :: OID -> [Attribute] -> Maybe [ASN1]
- setAttribute :: OID -> [ASN1] -> [Attribute] -> [Attribute]
- filterAttributes :: (OID -> Bool) -> [Attribute] -> [Attribute]
- getSigningTimeAttr :: [Attribute] -> Maybe DateTime
- setSigningTimeAttr :: DateTime -> [Attribute] -> [Attribute]
- setSigningTimeAttrCurrent :: MonadIO m => [Attribute] -> m [Attribute]
- data OriginatorInfo = OriginatorInfo {}
- data CertificateChoice
- = CertificateCertificate SignedCertificate
- | CertificateOther OtherCertificateFormat
- data OtherCertificateFormat = OtherCertificateFormat {
- otherCertFormat :: OID
- otherCertValues :: [ASN1]
- data RevocationInfoChoice
- data OtherRevocationInfoFormat = OtherRevocationInfoFormat {
- otherRevInfoFormat :: OID
- otherRevInfoValues :: [ASN1]
- data ASN1ObjectExact a
Documentation
data ContentType Source #
CMS content information type.
Constructors
| DataType | Arbitrary octet string |
| SignedDataType | Signed content info |
| EnvelopedDataType | Enveloped content info |
| DigestedDataType | Content info with associated digest |
| EncryptedDataType | Encrypted content info |
| AuthenticatedDataType | Authenticated content info |
| AuthEnvelopedDataType | Authenticated-enveloped content info |
Instances
| OIDNameable ContentType Source # | |
Defined in Crypto.Store.CMS.Type Methods fromObjectID :: OID -> Maybe ContentType | |
| OIDable ContentType Source # | |
Defined in Crypto.Store.CMS.Type Methods getObjectID :: ContentType -> OID | |
| Show ContentType Source # | |
Defined in Crypto.Store.CMS.Type Methods showsPrec :: Int -> ContentType -> ShowS show :: ContentType -> String showList :: [ContentType] -> ShowS | |
| Eq ContentType Source # | |
Defined in Crypto.Store.CMS.Type | |
data ContentInfo Source #
CMS content information.
Constructors
| DataCI ByteString | Arbitrary octet string |
| SignedDataCI (SignedData (Encap EncapsulatedContent)) | Signed content info |
| EnvelopedDataCI (EnvelopedData (Encap EncryptedContent)) | Enveloped content info |
| DigestedDataCI (DigestedData (Encap EncapsulatedContent)) | Content info with associated digest |
| EncryptedDataCI (EncryptedData (Encap EncryptedContent)) | Encrypted content info |
| AuthenticatedDataCI (AuthenticatedData (Encap EncapsulatedContent)) | Authenticatedcontent info |
| AuthEnvelopedDataCI (AuthEnvelopedData (Encap EncryptedContent)) | Authenticated-enveloped content info |
Instances
| Show ContentInfo Source # | |
Defined in Crypto.Store.CMS.Info Methods showsPrec :: Int -> ContentInfo -> ShowS show :: ContentInfo -> String showList :: [ContentInfo] -> ShowS | |
| Eq ContentInfo Source # | |
Defined in Crypto.Store.CMS.Info | |
getContentType :: ContentInfo -> ContentType Source #
Get the type of a content info.
Reading and writing PEM files
readCMSFile :: FilePath -> IO [ContentInfo] Source #
Read content info elements from a PEM file.
readCMSFileFromMemory :: ByteString -> [ContentInfo] Source #
Read content info elements from a bytearray in PEM format.
berToContentInfo :: ByteString -> Either StoreError ContentInfo Source #
Read a content info from a bytearray in BER format.
pemToContentInfo :: [Maybe ContentInfo] -> PEM -> [Maybe ContentInfo] Source #
Read a content info from a PEM element and add it to the accumulator
list.
writeCMSFile :: FilePath -> [ContentInfo] -> IO () Source #
Write content info elements to a PEM file.
writeCMSFileToMemory :: [ContentInfo] -> ByteString Source #
Write content info elements to a bytearray in PEM format.
contentInfoToDER :: ContentInfo -> ByteString Source #
Generate a bytearray in DER format for a content info.
contentInfoToPEM :: ContentInfo -> PEM Source #
Generate PEM for a content info.
Content encapsulation
Denote the state of encapsulated content in a CMS data structure. This
type is isomorphic to Maybe.
Constructors
| Detached | Content is stored externally to the structure |
| Attached a | Content is stored inside the CMS struture |
Instances
| Applicative Encap Source # | |
| Functor Encap Source # | |
| Foldable Encap Source # | |
Defined in Crypto.Store.CMS.Type Methods fold :: Monoid m => Encap m -> m foldMap :: Monoid m => (a -> m) -> Encap a -> m foldMap' :: Monoid m => (a -> m) -> Encap a -> m foldr :: (a -> b -> b) -> b -> Encap a -> b foldr' :: (a -> b -> b) -> b -> Encap a -> b foldl :: (b -> a -> b) -> b -> Encap a -> b foldl' :: (b -> a -> b) -> b -> Encap a -> b foldr1 :: (a -> a -> a) -> Encap a -> a foldl1 :: (a -> a -> a) -> Encap a -> a elem :: Eq a => a -> Encap a -> Bool maximum :: Ord a => Encap a -> a | |
| Traversable Encap Source # | |
| Show a => Show (Encap a) Source # | |
| Eq a => Eq (Encap a) Source # | |
fromEncap :: b -> (a -> b) -> Encap a -> b Source #
Fold over an Encap value. This is similar to function maybe. If the
content is detached, the first argument is returned. Otherwise the second
argument is applied to the content.
class Encapsulates (struct :: Type -> Type) Source #
Class of data structures with inner content that may be stored externally. This class has instances for each CMS content type containing other encapsulated or encrypted content info.
Functions fromAttached and fromDetached are used to introspect
encapsulation state (attached or detached), and recover a data structure with
actionable content.
Functions toAttachedCI and toDetachedCI are needed to decide about the
outer encapsulation state and build a ContentInfo.
Minimal complete definition
lens, toCI
Instances
isAttached :: Encapsulates struct => struct (Encap a) -> Bool Source #
Return True when the encapsulated content is attached.
fromAttached :: (MonadFail m, Encapsulates struct) => struct (Encap a) -> m (struct a) Source #
Unwrap the encapsulation, assuming the inner content is inside the data structure. The monadic computation fails if the content was detached.
toAttachedCI :: Encapsulates struct => struct ByteString -> ContentInfo Source #
Transform the data structure into a content info, keeping the encapsulated
content attached. May be applied to structures with EncapsulatedContent or
EncryptedContent.
isDetached :: Encapsulates struct => struct (Encap a) -> Bool Source #
Return True when the encapsulated content is detached.
fromDetached :: (MonadFail m, Encapsulates struct) => b -> struct (Encap a) -> m (struct b) Source #
Recover the original data structure from a detached encapsulation and the external content. The monadic computation fails if the content was attached.
toDetachedCI :: Encapsulates struct => struct ByteString -> (ByteString, ContentInfo) Source #
Transform the data structure into a content info, detaching the
encapsulated content. May be applied to structures with
EncapsulatedContent or EncryptedContent.
Signed data
type SignatureValue = ByteString Source #
Signature value.
data SignatureAlg Source #
CMS signature algorithms and associated parameters.
Constructors
| RSAAnyHash | |
| RSA DigestAlgorithm | |
| RSAPSS PSSParams | |
| DSA DigestAlgorithm | |
| ECDSA DigestAlgorithm | |
| Ed25519 | |
| Ed448 |
Instances
| Show SignatureAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> SignatureAlg -> ShowS show :: SignatureAlg -> String showList :: [SignatureAlg] -> ShowS | |
| Eq SignatureAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
type EncapsulatedContent = ByteString Source #
Encapsulated content.
data SignedData content Source #
Signed content information.
Constructors
| SignedData | |
Fields
| |
Instances
| Encapsulates SignedData Source # | |
Defined in Crypto.Store.CMS.Info Methods lens :: Functor f => (a -> f b) -> SignedData a -> f (SignedData b) toCI :: SignedData (Encap ByteString) -> ContentInfo | |
| Show content => Show (SignedData content) Source # | |
Defined in Crypto.Store.CMS.Signed Methods showsPrec :: Int -> SignedData content -> ShowS show :: SignedData content -> String showList :: [SignedData content] -> ShowS | |
| Eq content => Eq (SignedData content) Source # | |
Defined in Crypto.Store.CMS.Signed Methods (==) :: SignedData content -> SignedData content -> Bool (/=) :: SignedData content -> SignedData content -> Bool | |
type ProducerOfSI (m :: Type -> Type) = ContentType -> ByteString -> m (Either StoreError (SignerInfo, [CertificateChoice], [RevocationInfoChoice])) Source #
Function able to produce a SignerInfo.
type ConsumerOfSI (m :: Type -> Type) = ContentType -> ByteString -> SignerInfo -> [CertificateChoice] -> [RevocationInfoChoice] -> m Bool Source #
Function able to consume a SignerInfo.
signData :: Applicative f => [ProducerOfSI f] -> ContentInfo -> f (Either StoreError (SignedData EncapsulatedContent)) Source #
Add a signed-data layer on the specified content info. The content is
processed by one or several ProducerOfSI functions to create signer info
elements.
verifySignedData :: Monad m => ConsumerOfSI m -> SignedData EncapsulatedContent -> m (Either StoreError ContentInfo) Source #
Verify a signed content info using the specified ConsumerOfSI function.
Verification of at least one signer info must be successful in order to
return the inner content info.
Signer information
data SignerInfo Source #
Information related to a signer of a SignedData. An
element contains the signature material that was produced.
Constructors
| SignerInfo | |
Fields
| |
Instances
| Show SignerInfo Source # | |
Defined in Crypto.Store.CMS.Signed Methods showsPrec :: Int -> SignerInfo -> ShowS show :: SignerInfo -> String showList :: [SignerInfo] -> ShowS | |
| Eq SignerInfo Source # | |
Defined in Crypto.Store.CMS.Signed | |
data SignerIdentifier Source #
Union type related to identification of the signer certificate.
Constructors
| SignerIASN IssuerAndSerialNumber | Issuer and Serial Number |
| SignerSKI ByteString | Subject Key Identifier |
Instances
| Show SignerIdentifier Source # | |
Defined in Crypto.Store.CMS.Signed Methods showsPrec :: Int -> SignerIdentifier -> ShowS show :: SignerIdentifier -> String showList :: [SignerIdentifier] -> ShowS | |
| Eq SignerIdentifier Source # | |
Defined in Crypto.Store.CMS.Signed Methods (==) :: SignerIdentifier -> SignerIdentifier -> Bool (/=) :: SignerIdentifier -> SignerIdentifier -> Bool | |
data IssuerAndSerialNumber Source #
Identification of a certificate using the issuer DN and serial number.
Constructors
| IssuerAndSerialNumber | |
Fields
| |
Instances
| Show IssuerAndSerialNumber Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> IssuerAndSerialNumber -> ShowS show :: IssuerAndSerialNumber -> String showList :: [IssuerAndSerialNumber] -> ShowS | |
| Eq IssuerAndSerialNumber Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: IssuerAndSerialNumber -> IssuerAndSerialNumber -> Bool (/=) :: IssuerAndSerialNumber -> IssuerAndSerialNumber -> Bool | |
certSigner :: MonadRandom m => SignatureAlg -> PrivKey -> CertificateChain -> Maybe [Attribute] -> [Attribute] -> ProducerOfSI m Source #
Create a signer info with the specified signature algorithm and credentials.
Two lists of optional attributes can be provided. The attributes will be part of message signature when provided in the first list.
When the first list of attributes is provided, even empty list, signature is
computed from a digest of the content. When the list of attributes is
Nothing, no intermediate digest is used and the signature is computed from
the full message.
withPublicKey :: Applicative f => PubKey -> ConsumerOfSI f Source #
Verify that the signature was produced from the specified public key. Ignores all certificates and CRLs contained in the signed data.
withSignerKey :: Applicative f => ConsumerOfSI f Source #
Verify that the signature is valid with one of the X.509 certificates contained in the signed data, but does not validate that the certificates are valid. All transmitted certificates are implicitely trusted and all CRLs are ignored.
withSignerCertificate :: Applicative f => (Maybe DateTime -> CertificateChain -> f Bool) -> ConsumerOfSI f Source #
Verify that the signature is valid with one of the X.509 certificates contained in the signed data, and verify that the signer certificate is valid using the validation function supplied. All CRLs are ignored.
Enveloped data
type EncryptedKey = ByteString Source #
Encrypted key.
data KeyEncryptionParams Source #
Key encryption algorithm with associated parameters (i.e. the underlying encryption algorithm).
Constructors
| PWRIKEK ContentEncryptionParams | PWRI-KEK key wrap algorithm |
| AES128_WRAP | AES-128 key wrap |
| AES192_WRAP | AES-192 key wrap |
| AES256_WRAP | AES-256 key wrap |
| AES128_WRAP_PAD | AES-128 extended key wrap |
| AES192_WRAP_PAD | AES-192 extended key wrap |
| AES256_WRAP_PAD | AES-256 extended key wrap |
| DES_EDE3_WRAP | Triple-DES key wrap |
| RC2_WRAP Int | RC2 key wrap with effective key length |
Instances
| HasKeySize KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: KeyEncryptionParams -> KeySizeSpecifier Source # | |
| Show KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyEncryptionParams -> ShowS show :: KeyEncryptionParams -> String showList :: [KeyEncryptionParams] -> ShowS | |
| Eq KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyEncryptionParams -> KeyEncryptionParams -> Bool (/=) :: KeyEncryptionParams -> KeyEncryptionParams -> Bool | |
data KeyTransportParams Source #
Key transport algorithm with associated parameters.
Constructors
| RSAES | RSAES-PKCS1 |
| RSAESOAEP OAEPParams | RSAES-OAEP |
Instances
| Show KeyTransportParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyTransportParams -> ShowS show :: KeyTransportParams -> String showList :: [KeyTransportParams] -> ShowS | |
| Eq KeyTransportParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyTransportParams -> KeyTransportParams -> Bool (/=) :: KeyTransportParams -> KeyTransportParams -> Bool | |
data KeyAgreementParams Source #
Key agreement algorithm with associated parameters.
Constructors
| StdDH KeyAgreementKDF KeyEncryptionParams | 1-Pass D-H with Stardard ECDH |
| CofactorDH KeyAgreementKDF KeyEncryptionParams | 1-Pass D-H with Cofactor ECDH |
Instances
| Show KeyAgreementParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyAgreementParams -> ShowS show :: KeyAgreementParams -> String showList :: [KeyAgreementParams] -> ShowS | |
| Eq KeyAgreementParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyAgreementParams -> KeyAgreementParams -> Bool (/=) :: KeyAgreementParams -> KeyAgreementParams -> Bool | |
data KeyAgreementKDF Source #
Key derivation function used for key agreement.
Constructors
| HashAlgorithm hashAlg => KA_X963_KDF (DigestProxy hashAlg) | ANSI-X9.63-KDF key derivation function |
| HashAlgorithm hashAlg => KA_HKDF (DigestProxy hashAlg) | Extract-and-Expand HMAC-based key derivation function |
Instances
| Show KeyAgreementKDF Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyAgreementKDF -> ShowS show :: KeyAgreementKDF -> String showList :: [KeyAgreementKDF] -> ShowS | |
| Eq KeyAgreementKDF Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyAgreementKDF -> KeyAgreementKDF -> Bool (/=) :: KeyAgreementKDF -> KeyAgreementKDF -> Bool | |
data RecipientInfo Source #
Information for a recipient of an EnvelopedData. An element contains
the content-encryption key in encrypted form.
Constructors
| KTRI KTRecipientInfo | Recipient using key transport |
| KARI KARecipientInfo | Recipient using key agreement |
| KEKRI KEKRecipientInfo | Recipient using key encryption |
| PasswordRI PasswordRecipientInfo | Recipient using password-based protection |
Instances
| Show RecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> RecipientInfo -> ShowS show :: RecipientInfo -> String showList :: [RecipientInfo] -> ShowS | |
| Eq RecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped | |
data EnvelopedData content Source #
Enveloped content information.
Constructors
| EnvelopedData | |
Fields
| |
Instances
| Encapsulates EnvelopedData Source # | |
Defined in Crypto.Store.CMS.Info Methods lens :: Functor f => (a -> f b) -> EnvelopedData a -> f (EnvelopedData b) toCI :: EnvelopedData (Encap ByteString) -> ContentInfo | |
| Show content => Show (EnvelopedData content) Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> EnvelopedData content -> ShowS show :: EnvelopedData content -> String showList :: [EnvelopedData content] -> ShowS | |
| Eq content => Eq (EnvelopedData content) Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: EnvelopedData content -> EnvelopedData content -> Bool (/=) :: EnvelopedData content -> EnvelopedData content -> Bool | |
type ProducerOfRI (m :: Type -> Type) = ContentEncryptionKey -> m (Either StoreError RecipientInfo) Source #
Function able to produce a RecipientInfo.
type ConsumerOfRI (m :: Type -> Type) = RecipientInfo -> m (Either StoreError ContentEncryptionKey) Source #
Function able to consume a RecipientInfo.
envelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> ContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> ContentInfo -> f (Either StoreError (EnvelopedData EncryptedContent)) Source #
Add an enveloped-data layer on the specified content info. The content is
encrypted with specified key and algorithm. The key is then processed by
one or several ProducerOfRI functions to create recipient info elements.
Some optional attributes can be added but will not be encrypted.
openEnvelopedData :: Monad m => ConsumerOfRI m -> EnvelopedData EncryptedContent -> m (Either StoreError ContentInfo) Source #
Recover an enveloped content info using the specified ConsumerOfRI
function.
Key Transport recipients
data KTRecipientInfo Source #
Recipient using key transport.
Constructors
| KTRecipientInfo | |
Fields
| |
Instances
| Show KTRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KTRecipientInfo -> ShowS show :: KTRecipientInfo -> String showList :: [KTRecipientInfo] -> ShowS | |
| Eq KTRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KTRecipientInfo -> KTRecipientInfo -> Bool (/=) :: KTRecipientInfo -> KTRecipientInfo -> Bool | |
data RecipientIdentifier Source #
Union type related to identification of the recipient.
Constructors
| RecipientIASN IssuerAndSerialNumber | Issuer and Serial Number |
| RecipientSKI ByteString | Subject Key Identifier |
Instances
| Show RecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> RecipientIdentifier -> ShowS show :: RecipientIdentifier -> String showList :: [RecipientIdentifier] -> ShowS | |
| Eq RecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: RecipientIdentifier -> RecipientIdentifier -> Bool (/=) :: RecipientIdentifier -> RecipientIdentifier -> Bool | |
forKeyTransRecipient :: MonadRandom m => SignedCertificate -> KeyTransportParams -> ProducerOfRI m Source #
Generate a Key Transport recipient from a certificate and desired algorithm. The recipient will contain certificate identifier.
This function can be used as parameter to envelopData.
withRecipientKeyTrans :: MonadRandom m => PrivKey -> ConsumerOfRI m Source #
Use a Key Transport recipient, knowing the private key.
This function can be used as parameter to
openEnvelopedData.
Key Agreement recipients
data KARecipientInfo Source #
Recipient using key agreement.
Constructors
| KARecipientInfo | |
Fields
| |
Instances
| Show KARecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KARecipientInfo -> ShowS show :: KARecipientInfo -> String showList :: [KARecipientInfo] -> ShowS | |
| Eq KARecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KARecipientInfo -> KARecipientInfo -> Bool (/=) :: KARecipientInfo -> KARecipientInfo -> Bool | |
data OriginatorIdentifierOrKey Source #
Union type related to identification of the originator.
Constructors
| OriginatorIASN IssuerAndSerialNumber | Issuer and Serial Number |
| OriginatorSKI ByteString | Subject Key Identifier |
| OriginatorPublic OriginatorPublicKey | Anonymous public key |
Instances
| Show OriginatorIdentifierOrKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> OriginatorIdentifierOrKey -> ShowS show :: OriginatorIdentifierOrKey -> String showList :: [OriginatorIdentifierOrKey] -> ShowS | |
| Eq OriginatorIdentifierOrKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: OriginatorIdentifierOrKey -> OriginatorIdentifierOrKey -> Bool (/=) :: OriginatorIdentifierOrKey -> OriginatorIdentifierOrKey -> Bool | |
data OriginatorPublicKey Source #
Originator public key used for key-agreement. Contrary to PubKey the
domain parameters are not used and may be left empty.
Instances
| Show OriginatorPublicKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> OriginatorPublicKey -> ShowS show :: OriginatorPublicKey -> String showList :: [OriginatorPublicKey] -> ShowS | |
| Eq OriginatorPublicKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: OriginatorPublicKey -> OriginatorPublicKey -> Bool (/=) :: OriginatorPublicKey -> OriginatorPublicKey -> Bool | |
data RecipientEncryptedKey Source #
Encrypted key for a recipient in a key-agreement RI.
Constructors
| RecipientEncryptedKey | |
Fields
| |
Instances
| Show RecipientEncryptedKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> RecipientEncryptedKey -> ShowS show :: RecipientEncryptedKey -> String showList :: [RecipientEncryptedKey] -> ShowS | |
| Eq RecipientEncryptedKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: RecipientEncryptedKey -> RecipientEncryptedKey -> Bool (/=) :: RecipientEncryptedKey -> RecipientEncryptedKey -> Bool | |
data KeyAgreeRecipientIdentifier Source #
Union type related to identification of a key-agreement recipient.
Constructors
| KeyAgreeRecipientIASN IssuerAndSerialNumber | Issuer and Serial Number |
| KeyAgreeRecipientKI KeyIdentifier | Key identifier |
Instances
| Show KeyAgreeRecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KeyAgreeRecipientIdentifier -> ShowS show :: KeyAgreeRecipientIdentifier -> String showList :: [KeyAgreeRecipientIdentifier] -> ShowS | |
| Eq KeyAgreeRecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KeyAgreeRecipientIdentifier -> KeyAgreeRecipientIdentifier -> Bool (/=) :: KeyAgreeRecipientIdentifier -> KeyAgreeRecipientIdentifier -> Bool | |
type UserKeyingMaterial = ByteString Source #
User keying material.
forKeyAgreeRecipient :: MonadRandom m => SignedCertificate -> KeyAgreementParams -> ProducerOfRI m Source #
Generate a Key Agreement recipient from a certificate and desired algorithm. The recipient info will contain an ephemeral public key.
This function can be used as parameter to envelopData.
To avoid decreasing the security strength, Key Encryption parameters should use a key size equal or greater than the content encryption key.
withRecipientKeyAgree :: MonadRandom m => PrivKey -> SignedCertificate -> ConsumerOfRI m Source #
Use a Key Agreement recipient, knowing the recipient private key. The recipient certificate is also required to locate which encrypted key to use.
This function can be used as parameter to
openEnvelopedData.
Key Encryption Key recipients
data KEKRecipientInfo Source #
Recipient using key encryption.
Constructors
| KEKRecipientInfo | |
Fields
| |
Instances
| Show KEKRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KEKRecipientInfo -> ShowS show :: KEKRecipientInfo -> String showList :: [KEKRecipientInfo] -> ShowS | |
| Eq KEKRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KEKRecipientInfo -> KEKRecipientInfo -> Bool (/=) :: KEKRecipientInfo -> KEKRecipientInfo -> Bool | |
data KeyIdentifier Source #
Key identifier and optional attributes.
Constructors
| KeyIdentifier | |
Fields
| |
Instances
| Show KeyIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KeyIdentifier -> ShowS show :: KeyIdentifier -> String showList :: [KeyIdentifier] -> ShowS | |
| Eq KeyIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped | |
data OtherKeyAttribute Source #
Additional information in a KeyIdentifier.
Constructors
| OtherKeyAttribute | |
Instances
| Show OtherKeyAttribute Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> OtherKeyAttribute -> ShowS show :: OtherKeyAttribute -> String showList :: [OtherKeyAttribute] -> ShowS | |
| Eq OtherKeyAttribute Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: OtherKeyAttribute -> OtherKeyAttribute -> Bool (/=) :: OtherKeyAttribute -> OtherKeyAttribute -> Bool | |
type KeyEncryptionKey = ByteString Source #
Key used for key encryption.
forKeyRecipient :: MonadRandom m => KeyEncryptionKey -> KeyIdentifier -> KeyEncryptionParams -> ProducerOfRI m Source #
Generate a Key Encryption Key recipient from a key encryption key and desired algorithm. The recipient may identify the KEK that was used with the supplied identifier.
This function can be used as parameter to envelopData.
To avoid decreasing the security strength, Key Encryption parameters should use a key size equal or greater than the content encryption key.
withRecipientKey :: Applicative f => KeyEncryptionKey -> ConsumerOfRI f Source #
Use a Key Encryption Key recipient, knowing the key encryption key.
This function can be used as parameter to
openEnvelopedData.
Password recipients
data PasswordRecipientInfo Source #
Recipient using password-based protection.
Constructors
| PasswordRecipientInfo | |
Fields
| |
Instances
| Show PasswordRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> PasswordRecipientInfo -> ShowS show :: PasswordRecipientInfo -> String showList :: [PasswordRecipientInfo] -> ShowS | |
| Eq PasswordRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: PasswordRecipientInfo -> PasswordRecipientInfo -> Bool (/=) :: PasswordRecipientInfo -> PasswordRecipientInfo -> Bool | |
forPasswordRecipient :: MonadRandom m => Password -> KeyDerivationFunc -> KeyEncryptionParams -> ProducerOfRI m Source #
Generate a password recipient from a password.
This function can be used as parameter to envelopData.
withRecipientPassword :: Applicative f => Password -> ConsumerOfRI f Source #
Use a password recipient, knowing the password.
This function can be used as parameter to
openEnvelopedData.
Digested data
data DigestProxy hashAlg where Source #
CMS digest proxy. Acts like Proxy, i.e. provides a hash
algorithm as type parameter. The GADT constructors map to known algorithms.
Constructors
| MD2 :: DigestProxy MD2 | MD2 |
| MD4 :: DigestProxy MD4 | MD4 |
| MD5 :: DigestProxy MD5 | MD5 |
| SHA1 :: DigestProxy SHA1 | SHA-1 |
| SHA224 :: DigestProxy SHA224 | SHA-224 |
| SHA256 :: DigestProxy SHA256 | SHA-256 |
| SHA384 :: DigestProxy SHA384 | SHA-384 |
| SHA512 :: DigestProxy SHA512 | SHA-512 |
| SHAKE128_256 :: DigestProxy (SHAKE128 256) | SHAKE128 (256 bits) |
| SHAKE256_512 :: DigestProxy (SHAKE256 512) | SHAKE256 (512 bits) |
| SHAKE128 :: forall (n :: Nat). KnownNat n => Proxy n -> DigestProxy (SHAKE128 n) | SHAKE128 (variable size) |
| SHAKE256 :: forall (n :: Nat). KnownNat n => Proxy n -> DigestProxy (SHAKE256 n) | SHAKE256 (variable size) |
Instances
| Show (DigestProxy hashAlg) Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> DigestProxy hashAlg -> ShowS show :: DigestProxy hashAlg -> String showList :: [DigestProxy hashAlg] -> ShowS | |
| Eq (DigestProxy hashAlg) Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: DigestProxy hashAlg -> DigestProxy hashAlg -> Bool (/=) :: DigestProxy hashAlg -> DigestProxy hashAlg -> Bool | |
data DigestAlgorithm Source #
CMS digest algorithm.
Constructors
| HashAlgorithm hashAlg => DigestAlgorithm (DigestProxy hashAlg) |
Instances
| Show DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> DigestAlgorithm -> ShowS show :: DigestAlgorithm -> String showList :: [DigestAlgorithm] -> ShowS | |
| Eq DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: DigestAlgorithm -> DigestAlgorithm -> Bool (/=) :: DigestAlgorithm -> DigestAlgorithm -> Bool | |
data DigestedData content Source #
Digested content information.
Constructors
| HashAlgorithm hashAlg => DigestedData | |
Fields
| |
Instances
| Encapsulates DigestedData Source # | |
Defined in Crypto.Store.CMS.Info Methods lens :: Functor f => (a -> f b) -> DigestedData a -> f (DigestedData b) toCI :: DigestedData (Encap ByteString) -> ContentInfo | |
| Show content => Show (DigestedData content) Source # | |
Defined in Crypto.Store.CMS.Digested Methods showsPrec :: Int -> DigestedData content -> ShowS show :: DigestedData content -> String showList :: [DigestedData content] -> ShowS | |
| Eq content => Eq (DigestedData content) Source # | |
Defined in Crypto.Store.CMS.Digested Methods (==) :: DigestedData content -> DigestedData content -> Bool (/=) :: DigestedData content -> DigestedData content -> Bool | |
digestData :: DigestAlgorithm -> ContentInfo -> DigestedData EncapsulatedContent Source #
Add a digested-data layer on the specified content info.
digestVerify :: DigestedData EncapsulatedContent -> Either StoreError ContentInfo Source #
Return the inner content info but only if the digest is valid.
Encrypted data
type ContentEncryptionKey = ByteString Source #
Key used for content encryption.
data ContentEncryptionCipher cipher where Source #
CMS content encryption cipher.
Constructors
| DES :: ContentEncryptionCipher DES | DES |
| DES_EDE2 :: ContentEncryptionCipher DES_EDE2 | Triple-DES with 2 keys used in alternative direction |
| DES_EDE3 :: ContentEncryptionCipher DES_EDE3 | Triple-DES with 3 keys used in alternative direction |
| AES128 :: ContentEncryptionCipher AES128 | AES with 128-bit key |
| AES192 :: ContentEncryptionCipher AES192 | AES with 192-bit key |
| AES256 :: ContentEncryptionCipher AES256 | AES with 256-bit key |
| CAST5 :: ContentEncryptionCipher CAST5 | CAST5 (aka CAST-128) with key between 40 and 128 bits |
| Camellia128 :: ContentEncryptionCipher Camellia128 | Camellia with 128-bit key |
Instances
| Show (ContentEncryptionCipher cipher) Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionCipher cipher -> ShowS show :: ContentEncryptionCipher cipher -> String showList :: [ContentEncryptionCipher cipher] -> ShowS | |
| Eq (ContentEncryptionCipher cipher) Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: ContentEncryptionCipher cipher -> ContentEncryptionCipher cipher -> Bool (/=) :: ContentEncryptionCipher cipher -> ContentEncryptionCipher cipher -> Bool | |
data ContentEncryptionAlg Source #
Cipher and mode of operation for content encryption.
Constructors
| BlockCipher c => ECB (ContentEncryptionCipher c) | Electronic Codebook |
| BlockCipher c => CBC (ContentEncryptionCipher c) | Cipher Block Chaining |
| CBC_RC2 | RC2 in CBC mode |
| BlockCipher c => CFB (ContentEncryptionCipher c) | Cipher Feedback |
| BlockCipher c => CTR (ContentEncryptionCipher c) | Counter |
Instances
| OIDNameable ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods fromObjectID :: OID -> Maybe ContentEncryptionAlg | |
| OIDable ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: ContentEncryptionAlg -> OID | |
| Show ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionAlg -> ShowS show :: ContentEncryptionAlg -> String showList :: [ContentEncryptionAlg] -> ShowS | |
data ContentEncryptionParams Source #
Content encryption algorithm with associated parameters (i.e. the initialization vector).
A value can be generated with generateEncryptionParams.
Instances
| HasKeySize ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: ContentEncryptionParams -> KeySizeSpecifier Source # | |
| Show ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionParams -> ShowS show :: ContentEncryptionParams -> String showList :: [ContentEncryptionParams] -> ShowS | |
| Eq ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: ContentEncryptionParams -> ContentEncryptionParams -> Bool (/=) :: ContentEncryptionParams -> ContentEncryptionParams -> Bool | |
type EncryptedContent = ByteString Source #
Encrypted content.
data EncryptedData content Source #
Encrypted content information.
Constructors
| EncryptedData | |
Fields
| |
Instances
| Encapsulates EncryptedData Source # | |
Defined in Crypto.Store.CMS.Info Methods lens :: Functor f => (a -> f b) -> EncryptedData a -> f (EncryptedData b) toCI :: EncryptedData (Encap ByteString) -> ContentInfo | |
| Show content => Show (EncryptedData content) Source # | |
Defined in Crypto.Store.CMS.Encrypted Methods showsPrec :: Int -> EncryptedData content -> ShowS show :: EncryptedData content -> String showList :: [EncryptedData content] -> ShowS | |
| Eq content => Eq (EncryptedData content) Source # | |
Defined in Crypto.Store.CMS.Encrypted Methods (==) :: EncryptedData content -> EncryptedData content -> Bool (/=) :: EncryptedData content -> EncryptedData content -> Bool | |
generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams Source #
Generate random parameters for the specified content encryption algorithm.
generateRC2EncryptionParams :: MonadRandom m => Int -> m ContentEncryptionParams Source #
Generate random RC2 parameters with the specified effective key length (in bits).
getContentEncryptionAlg :: ContentEncryptionParams -> ContentEncryptionAlg Source #
Get the content encryption algorithm.
encryptData :: ContentEncryptionKey -> ContentEncryptionParams -> [Attribute] -> ContentInfo -> Either StoreError (EncryptedData EncryptedContent) Source #
Add an encrypted-data layer on the specified content info. The content is encrypted with specified key and algorithm.
Some optional attributes can be added but will not be encrypted.
decryptData :: ContentEncryptionKey -> EncryptedData EncryptedContent -> Either StoreError ContentInfo Source #
Decrypt an encrypted content info using the specified key.
Authenticated data
type AuthenticationKey = ContentEncryptionKey Source #
Key used for authentication.
data MACAlgorithm Source #
Message Authentication Code (MAC) Algorithm.
Constructors
| HashAlgorithm hashAlg => HMAC (DigestProxy hashAlg) | |
| KnownNat n => KMAC_SHAKE128 (Proxy n) ByteString | |
| KnownNat n => KMAC_SHAKE256 (Proxy n) ByteString |
Instances
| HasKeySize MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: MACAlgorithm -> KeySizeSpecifier Source # | |
| Show MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> MACAlgorithm -> ShowS show :: MACAlgorithm -> String showList :: [MACAlgorithm] -> ShowS | |
| Eq MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
type MessageAuthenticationCode = AuthTag Source #
Message authentication code. Equality is time constant.
data AuthenticatedData content Source #
Authenticated content information.
Constructors
| AuthenticatedData | |
Fields
| |
Instances
| Encapsulates AuthenticatedData Source # | |
Defined in Crypto.Store.CMS.Info Methods lens :: Functor f => (a -> f b) -> AuthenticatedData a -> f (AuthenticatedData b) toCI :: AuthenticatedData (Encap ByteString) -> ContentInfo | |
| Show content => Show (AuthenticatedData content) Source # | |
Defined in Crypto.Store.CMS.Authenticated Methods showsPrec :: Int -> AuthenticatedData content -> ShowS show :: AuthenticatedData content -> String showList :: [AuthenticatedData content] -> ShowS | |
| Eq content => Eq (AuthenticatedData content) Source # | |
Defined in Crypto.Store.CMS.Authenticated Methods (==) :: AuthenticatedData content -> AuthenticatedData content -> Bool (/=) :: AuthenticatedData content -> AuthenticatedData content -> Bool | |
generateAuthenticatedData :: Applicative f => OriginatorInfo -> AuthenticationKey -> MACAlgorithm -> Maybe DigestAlgorithm -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError (AuthenticatedData EncapsulatedContent)) Source #
Add an authenticated-data layer on the specified content info. The content
is MACed with the specified key and algorithms. The key is then processed by
one or several ProducerOfRI functions to create recipient info elements.
Two lists of optional attributes can be provided. The attributes will be part of message authentication when provided in the first list.
verifyAuthenticatedData :: Monad m => ConsumerOfRI m -> AuthenticatedData EncapsulatedContent -> m (Either StoreError ContentInfo) Source #
Verify the integrity of an authenticated content info using the specified
ConsumerOfRI function. The inner content info is returned only if the MAC
could be verified.
Authenticated-enveloped data
data AuthContentEncryptionAlg Source #
Cipher and mode of operation for authenticated-content encryption.
Constructors
| AUTH_ENC_128 | authEnc with 128-bit key |
| AUTH_ENC_256 | authEnc with 256-bit key |
| CHACHA20_POLY1305 | ChaCha20-Poly1305 Authenticated Encryption |
| BlockCipher c => CCM (ContentEncryptionCipher c) | Counter with CBC-MAC |
| BlockCipher c => GCM (ContentEncryptionCipher c) | Galois Counter Mode |
Instances
| OIDNameable AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods fromObjectID :: OID -> Maybe AuthContentEncryptionAlg | |
| OIDable AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: AuthContentEncryptionAlg -> OID | |
| Show AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> AuthContentEncryptionAlg -> ShowS show :: AuthContentEncryptionAlg -> String showList :: [AuthContentEncryptionAlg] -> ShowS | |
data AuthContentEncryptionParams Source #
Authenticated-content encryption algorithm with associated parameters (i.e. the nonce).
A value can be generated with functions generateAuthEnc128Params,
generateAuthEnc256Params, generateChaChaPoly1305Params,
generateCCMParams and generateGCMParams.
Instances
| HasKeySize AuthContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: AuthContentEncryptionParams -> KeySizeSpecifier Source # | |
| Show AuthContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> AuthContentEncryptionParams -> ShowS show :: AuthContentEncryptionParams -> String showList :: [AuthContentEncryptionParams] -> ShowS | |
| Eq AuthContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: AuthContentEncryptionParams -> AuthContentEncryptionParams -> Bool (/=) :: AuthContentEncryptionParams -> AuthContentEncryptionParams -> Bool | |
data AuthEnvelopedData content Source #
Authenticated-enveloped content information.
Constructors
| AuthEnvelopedData | |
Fields
| |
Instances
| Encapsulates AuthEnvelopedData Source # | |
Defined in Crypto.Store.CMS.Info Methods lens :: Functor f => (a -> f b) -> AuthEnvelopedData a -> f (AuthEnvelopedData b) toCI :: AuthEnvelopedData (Encap ByteString) -> ContentInfo | |
| Show content => Show (AuthEnvelopedData content) Source # | |
Defined in Crypto.Store.CMS.AuthEnveloped Methods showsPrec :: Int -> AuthEnvelopedData content -> ShowS show :: AuthEnvelopedData content -> String showList :: [AuthEnvelopedData content] -> ShowS | |
| Eq content => Eq (AuthEnvelopedData content) Source # | |
Defined in Crypto.Store.CMS.AuthEnveloped Methods (==) :: AuthEnvelopedData content -> AuthEnvelopedData content -> Bool (/=) :: AuthEnvelopedData content -> AuthEnvelopedData content -> Bool | |
generateAuthEnc128Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams Source #
Generate random AUTH_ENC_128 parameters with the specified algorithms.
generateAuthEnc256Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams Source #
Generate random AUTH_ENC_256 parameters with the specified algorithms.
generateChaChaPoly1305Params :: MonadRandom m => m AuthContentEncryptionParams Source #
Generate random CHACHA20_POLY1305 parameters.
generateCCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> CCM_M -> CCM_L -> m AuthContentEncryptionParams Source #
Generate random CCM parameters for the specified cipher.
generateGCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> Int -> m AuthContentEncryptionParams Source #
Generate random GCM parameters for the specified cipher.
authEnvelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> AuthContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError (AuthEnvelopedData EncryptedContent)) Source #
Add an authenticated-enveloped-data layer on the specified content info.
The content is encrypted with specified key and algorithm. The key is then
processed by one or several ProducerOfRI functions to create recipient info
elements.
Some attributes can be added but will not be encrypted. The attributes will be part of message authentication when provided in the first list.
openAuthEnvelopedData :: Monad m => ConsumerOfRI m -> AuthEnvelopedData EncryptedContent -> m (Either StoreError ContentInfo) Source #
Recover an authenticated-enveloped content info using the specified
ConsumerOfRI function.
Key derivation
generateSalt :: MonadRandom m => Int -> m Salt Source #
Generate a random salt with the specified length in bytes. To be most effective, the length should be at least 8 bytes.
data KeyDerivationFunc Source #
Key derivation algorithm and associated parameters.
Constructors
| PBKDF2 | Key derivation with PBKDF2 |
Fields
| |
| Scrypt | Key derivation with Scrypt |
Fields
| |
Instances
| Show KeyDerivationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyDerivationFunc -> ShowS show :: KeyDerivationFunc -> String showList :: [KeyDerivationFunc] -> ShowS | |
| Eq KeyDerivationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyDerivationFunc -> KeyDerivationFunc -> Bool (/=) :: KeyDerivationFunc -> KeyDerivationFunc -> Bool | |
data PBKDF2_PRF Source #
Pseudorandom function used for PBKDF2.
Constructors
| PBKDF2_SHA1 | hmacWithSHA1 |
| PBKDF2_SHA256 | hmacWithSHA256 |
| PBKDF2_SHA512 | hmacWithSHA512 |
Instances
| OIDNameable PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods fromObjectID :: OID -> Maybe PBKDF2_PRF | |
| OIDable PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: PBKDF2_PRF -> OID | |
| Show PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> PBKDF2_PRF -> ShowS show :: PBKDF2_PRF -> String showList :: [PBKDF2_PRF] -> ShowS | |
| Eq PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
Secret-key algorithms
class HasKeySize params where Source #
Algorithms that are based on a secret key. This includes ciphers but also MAC algorithms.
Methods
getKeySizeSpecifier :: params -> KeySizeSpecifier Source #
Get a specification of the key sizes allowed by the algorithm.
Instances
| HasKeySize AuthContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: AuthContentEncryptionParams -> KeySizeSpecifier Source # | |
| HasKeySize ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: ContentEncryptionParams -> KeySizeSpecifier Source # | |
| HasKeySize KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: KeyEncryptionParams -> KeySizeSpecifier Source # | |
| HasKeySize MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: MACAlgorithm -> KeySizeSpecifier Source # | |
generateKey :: (HasKeySize params, MonadRandom m, ByteArray key) => params -> m key Source #
Generate a random key suitable for the specified algorithm. This uses the maximum size allowed by the parameters.
RSA padding modes
newtype MaskGenerationFunc Source #
Mask Generation Functions (MGF) and associated parameters.
Constructors
| MGF1 DigestAlgorithm |
Instances
| Show MaskGenerationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> MaskGenerationFunc -> ShowS show :: MaskGenerationFunc -> String showList :: [MaskGenerationFunc] -> ShowS | |
| Eq MaskGenerationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: MaskGenerationFunc -> MaskGenerationFunc -> Bool (/=) :: MaskGenerationFunc -> MaskGenerationFunc -> Bool | |
data OAEPParams Source #
Encryption parameters for RSAES-OAEP.
Constructors
| OAEPParams | |
Fields
| |
Instances
| Show OAEPParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> OAEPParams -> ShowS show :: OAEPParams -> String showList :: [OAEPParams] -> ShowS | |
| Eq OAEPParams Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
Signature parameters for RSASSA-PSS.
Constructors
| PSSParams | |
Fields
| |
CMS attributes
An attribute extending the parent structure with arbitrary data.
Constructors
| Attribute | |
Fields
| |
findAttribute :: OID -> [Attribute] -> Maybe [ASN1] Source #
Return the values for the first attribute with the specified type.
setAttribute :: OID -> [ASN1] -> [Attribute] -> [Attribute] Source #
Add or replace an attribute in a list of attributes.
filterAttributes :: (OID -> Bool) -> [Attribute] -> [Attribute] Source #
Filter a list of attributes based on a predicate applied to attribute type.
CMS standard attributes
getSigningTimeAttr :: [Attribute] -> Maybe DateTime Source #
Return the value of the signingTime attribute.
setSigningTimeAttr :: DateTime -> [Attribute] -> [Attribute] Source #
Add or replace the signingTime attribute in a list of attributes.
setSigningTimeAttrCurrent :: MonadIO m => [Attribute] -> m [Attribute] Source #
Add or replace the signingTime attribute in a list of attributes with the
current time. This is equivalent to calling setSigningTimeAttr with the
result of dateCurrent.
Originator information
data OriginatorInfo Source #
Information about the originator of the content info, to be used when a key management algorithm requires this information.
Constructors
| OriginatorInfo | |
Fields
| |
Instances
| Monoid OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods mappend :: OriginatorInfo -> OriginatorInfo -> OriginatorInfo mconcat :: [OriginatorInfo] -> OriginatorInfo | |
| Semigroup OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (<>) :: OriginatorInfo -> OriginatorInfo -> OriginatorInfo sconcat :: NonEmpty OriginatorInfo -> OriginatorInfo stimes :: Integral b => b -> OriginatorInfo -> OriginatorInfo | |
| Show OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> OriginatorInfo -> ShowS show :: OriginatorInfo -> String showList :: [OriginatorInfo] -> ShowS | |
| Eq OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: OriginatorInfo -> OriginatorInfo -> Bool (/=) :: OriginatorInfo -> OriginatorInfo -> Bool | |
data CertificateChoice Source #
Union type related to certificate formats.
Constructors
| CertificateCertificate SignedCertificate | X.509 certificate |
| CertificateOther OtherCertificateFormat | Other format |
Instances
| Show CertificateChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> CertificateChoice -> ShowS show :: CertificateChoice -> String showList :: [CertificateChoice] -> ShowS | |
| Eq CertificateChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: CertificateChoice -> CertificateChoice -> Bool (/=) :: CertificateChoice -> CertificateChoice -> Bool | |
data OtherCertificateFormat Source #
Certificate information in a format not supported natively.
Constructors
| OtherCertificateFormat | |
Fields
| |
Instances
| Show OtherCertificateFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> OtherCertificateFormat -> ShowS show :: OtherCertificateFormat -> String showList :: [OtherCertificateFormat] -> ShowS | |
| Eq OtherCertificateFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: OtherCertificateFormat -> OtherCertificateFormat -> Bool (/=) :: OtherCertificateFormat -> OtherCertificateFormat -> Bool | |
data RevocationInfoChoice Source #
Union type related to revocation info formats.
Constructors
| RevocationInfoCRL SignedCRL | A CRL, ARL, Delta CRL, or an ACRL |
| RevocationInfoOther OtherRevocationInfoFormat | Other format |
Instances
| Show RevocationInfoChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> RevocationInfoChoice -> ShowS show :: RevocationInfoChoice -> String showList :: [RevocationInfoChoice] -> ShowS | |
| Eq RevocationInfoChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: RevocationInfoChoice -> RevocationInfoChoice -> Bool (/=) :: RevocationInfoChoice -> RevocationInfoChoice -> Bool | |
data OtherRevocationInfoFormat Source #
Revocation information in a format not supported natively.
Constructors
| OtherRevocationInfoFormat | |
Fields
| |
Instances
| Show OtherRevocationInfoFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> OtherRevocationInfoFormat -> ShowS show :: OtherRevocationInfoFormat -> String showList :: [OtherRevocationInfoFormat] -> ShowS | |
| Eq OtherRevocationInfoFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: OtherRevocationInfoFormat -> OtherRevocationInfoFormat -> Bool (/=) :: OtherRevocationInfoFormat -> OtherRevocationInfoFormat -> Bool | |
ASN.1 representation
data ASN1ObjectExact a Source #
An ASN.1 object associated with the raw data it was parsed from.
Instances
| Show a => Show (ASN1ObjectExact a) Source # | |
Defined in Crypto.Store.CMS.Util Methods showsPrec :: Int -> ASN1ObjectExact a -> ShowS show :: ASN1ObjectExact a -> String showList :: [ASN1ObjectExact a] -> ShowS | |
| Eq a => Eq (ASN1ObjectExact a) Source # | |
Defined in Crypto.Store.CMS.Util Methods (==) :: ASN1ObjectExact a -> ASN1ObjectExact a -> Bool (/=) :: ASN1ObjectExact a -> ASN1ObjectExact a -> Bool | |