Module documentation for 0.23
Cryptonite is a haskell repository of cryptographic primitives. Each crypto algorithm has specificities that are hard to wrap in common APIs and types, so instead of trying to provide a common ground for algorithms, this package provides a non-consistent low-level API.
If you have no idea what you’re doing, please do not use this directly. Instead, rely on higher level protocols or implementations.
Documentation: cryptonite on hackage
Development versions are an incremental number prefixed by 0. There is no API stability between development versions.
Production versions : TBD
The coding style of this project mostly follows: haskell-style
cryptonite supports the following platforms:
- Windows >= 8
- OSX >= 10.8
On the following architectures:
On the following haskell versions:
- GHC 7.0.x
- GHC 7.4.x
- GHC 7.6.x
- GHC 7.8.x
- GHC 7.10.x
Further platforms and architectures probably work too, but since the maintainer(s) don’t have regular access to them, we can’t commit to further support.
Known Building Issues
On OSX <= 10.7, the system compiler doesn’t understand the ‘-maes’ option, and with the lack of autodetection feature builtin in .cabal file, it is left on the user to disable the aesni. See the [Disabling AESNI] section
It may be useful to disable AESNI for building, testing or runtime purposes. This is achieved with the support_aesni flag.
As part of configure of cryptonite:
cabal configure --flag='-support_aesni'
or as part of an installation:
cabal install --constraint="cryptonite -support_aesni"
For help with cabal flags, see: stackoverflow : is there a way to define flags for cabal
- Digest memory usage improvement by using unpinned memory
- Fix generateBetween to generate within the right bounds
- Add pure Twofish implementation
- Fix memory allocation in P256 when using a temp point
- Consolidate hash benchmark code
- Add Nat-length Blake2 support (GHC > 8.0)
- Update tutorial
- Add Argon2 (Password Hashing Competition winner) hash function
- Update blake2 to latest upstream version
- Add extra blake2 hashing size
- Add faster PBKDF2 functions for SHA1/SHA256/SHA512
- Add SHAKE128 and SHAKE256
- Cleanup prime generation, and add tests
- Add Time-based One Time Password (TOTP) and HMAC-based One Time Password (HOTP)
- Rename Ed448 module name to Curve448, old module name still valid for now
- Drop automated tests with GHC 7.0, GHC 7.4, GHC 7.6. support dropped, but probably still working.
- Improve non-aligned support in C sources, ChaCha and SHA3 now probably work on arch without support for unaligned access. not complete or tested.
- Add another ECC framework that is more flexible, allowing different implementations to work instead of the existing Pure haskell NIST implementation.
- Add ECIES basic primitives
- Add XSalsa20 stream cipher
- Process partial buffer correctly with Poly1305
- Fixed hash truncation used in ECDSA signature & verification (Olivier Chéron)
- Fix ECDH when scalar and coordinate bit sizes differ (Olivier Chéron)
- Speed up ECDSA verification using Shamir’s trick (Olivier Chéron)
- Fix rdrand on windows
- Add tutorial (Yann Esposito)
- Derive Show instance for better interaction with Show pretty printer (Eric Mertens)
- Re-used standard rdrand instructions instead of bytedump of rdrand instruction
- Improvement to F2m, including lots of tests (Andrew Lelechenko)
- Add error check on salt length in bcrypt
- Add Miyaguchi-Preneel construction (Kei Hibino)
- Fix buffer length in scrypt (Luke Taylor)
- build fixes for i686 and arm related to rdrand
Fix basepoint for Ed448
Enable 64-bit Curve25519 implementation
- Fix serialization of DH and ECDH
- Reduce size of SHA3 context instead of allocating all-size fit memory. save up to 72 bytes of memory per context for SHA3-512.
- Add a Seed capability to the main DRG, to be able to debug/reproduce randomized program where you would want to disable the randomness.
- Add support for Cipher-based Message Authentication Code (CMAC) (Kei Hibino)
- CHANGE Change the
Crypto.PubKey.ECC.DH, from an Integer newtype to a ScrubbedBytes newtype. Prevent mistake where the bytes representation is generated without the right padding (when needed).
- CHANGE Keep The field size in bits, in the
Crypto.PubKey.DH, moving from 2 elements to 3 elements in the structure.
- SECURITY Fix buffer overflow issue in SHA384, copying 16 extra bytes from the SHA512 context to the destination memory pointer leading to memory corruption, segfault. (Mikael Bung)
- Fix compilation issue with Ed448 on 32 bits machine.
- Truncate hashing correctly for DSA
- Add support for HKDF (RFC 5869)
- Add support for Ed448
- Extends support for Blake2s to 224 bits version.
- Compilation workaround for old distribution (RHEL 4.1)
- Compilation fix for AIX
- Compilation fix with AESNI and ghci compiling C source in a weird order.
- Fix example compilation, typo, and warning
- Add reference implementation of blake2 for non-SSE2 platform
- Add support_blake2_sse flag
- Quiet down unused module imports
- Move Curve25519 over to Crypto.Error instead of using Either String.
- Add documentation for ChaChaPoly1305
- Add missing documentation for various modules
- Add a way to create Poly1305 Auth tag.
- Added support for the BLAKE2 family of hash algorithms
- Fix endianness of incrementNonce function for ChaChaPoly1305
- Add support for ChaChaPoly1305 Nonce Increment (John Galt)
- Move repository to the haskell-crypto organisation
- Add PKCS5 / PKCS7 padding and unpadding methods
- Fix ChaChaPoly1305 Decryption
- Add support for BCrypt (Luke Taylor)
- Add ChaChaPoly1305 AE cipher
- Add instructions in README for building on old OSX
- Fix blocking /dev/random Andrey Sverdlichenko
- Fix all strays exports to all be under the cryptonite prefix.
- Add a System DRG that represent a referentially transparent of evaluated bytes while using lazy evaluation for future entropy values.
- Allow drgNew to run in any MonadRandom, providing cascading initialization
- Remove Crypto.PubKey.HashDescr in favor of just having the algorithm specified in PKCS15 RSA function.
- Fix documentation in cipher sub section (Luke Taylor)
- Cleanup AES dead functions (Luke Taylor)
- Fix Show instance of Digest to display without quotes similar to cryptohash
- Use scrubbed bytes instead of bytes for P256 scalar
- Fix P256 compilation and exactness, + add tests
- Add a raw memory number serialization capability (i2osp, os2ip)
- Improve tests for number serialization
- Improve tests for ECC arithmetics
- Add Ord instance for Digest (Nicolas Di Prima)
- Fix entropy compilation on windows 64 bits.
- Initial release