Deprecated

In favour of
cryptohash-md5, cryptohash-sha1, cryptohash-sha256, cryptohash-sha512, crypton

cryptonite

Cryptography Primitives sink

https://github.com/haskell-crypto/cryptonite

Version on this page:0.23
LTS Haskell 23.14:0.30
Stackage Nightly 2025-03-15:0.30
Latest on Hackage:0.30

See all snapshots cryptonite appears in

BSD-3-Clause licensed by Vincent Hanquez
Maintained by [email protected]
This version can be pinned in stack with:cryptonite-0.23@sha256:0214894db9092566e8dc2fdc36b44245f1778e1e10a407ef241530a72dfcb2b1,14973

Module documentation for 0.23

cryptonite

Join the chat at https://gitter.im/vincenthz/cryptonite Build Status BSD Haskell

Cryptonite is a haskell repository of cryptographic primitives. Each crypto algorithm has specificities that are hard to wrap in common APIs and types, so instead of trying to provide a common ground for algorithms, this package provides a non-consistent low-level API.

If you have no idea what you’re doing, please do not use this directly. Instead, rely on higher level protocols or implementations.

Documentation: cryptonite on hackage

Versioning

Development versions are an incremental number prefixed by 0. There is no API stability between development versions.

Production versions : TBD

Coding Style

The coding style of this project mostly follows: haskell-style

Support

cryptonite supports the following platforms:

  • Windows >= 8
  • OSX >= 10.8
  • Linux
  • BSDs

On the following architectures:

  • x86-64
  • i386

On the following haskell versions:

  • GHC 7.0.x
  • GHC 7.4.x
  • GHC 7.6.x
  • GHC 7.8.x
  • GHC 7.10.x

Further platforms and architectures probably work too, but since the maintainer(s) don’t have regular access to them, we can’t commit to further support.

Known Building Issues

On OSX <= 10.7, the system compiler doesn’t understand the ‘-maes’ option, and with the lack of autodetection feature builtin in .cabal file, it is left on the user to disable the aesni. See the [Disabling AESNI] section

Disabling AESNI

It may be useful to disable AESNI for building, testing or runtime purposes. This is achieved with the support_aesni flag.

As part of configure of cryptonite:

  cabal configure --flag='-support_aesni'

or as part of an installation:

  cabal install --constraint="cryptonite -support_aesni"

For help with cabal flags, see: stackoverflow : is there a way to define flags for cabal

Links

Changes

0.23

  • Digest memory usage improvement by using unpinned memory
  • Fix generateBetween to generate within the right bounds
  • Add pure Twofish implementation
  • Fix memory allocation in P256 when using a temp point
  • Consolidate hash benchmark code
  • Add Nat-length Blake2 support (GHC > 8.0)
  • Update tutorial

0.22

  • Add Argon2 (Password Hashing Competition winner) hash function
  • Update blake2 to latest upstream version
  • Add extra blake2 hashing size
  • Add faster PBKDF2 functions for SHA1/SHA256/SHA512
  • Add SHAKE128 and SHAKE256
  • Cleanup prime generation, and add tests
  • Add Time-based One Time Password (TOTP) and HMAC-based One Time Password (HOTP)
  • Rename Ed448 module name to Curve448, old module name still valid for now

0.21

  • Drop automated tests with GHC 7.0, GHC 7.4, GHC 7.6. support dropped, but probably still working.
  • Improve non-aligned support in C sources, ChaCha and SHA3 now probably work on arch without support for unaligned access. not complete or tested.
  • Add another ECC framework that is more flexible, allowing different implementations to work instead of the existing Pure haskell NIST implementation.
  • Add ECIES basic primitives
  • Add XSalsa20 stream cipher
  • Process partial buffer correctly with Poly1305

0.20

  • Fixed hash truncation used in ECDSA signature & verification (Olivier Chéron)
  • Fix ECDH when scalar and coordinate bit sizes differ (Olivier Chéron)
  • Speed up ECDSA verification using Shamir’s trick (Olivier Chéron)
  • Fix rdrand on windows

0.19

  • Add tutorial (Yann Esposito)
  • Derive Show instance for better interaction with Show pretty printer (Eric Mertens)

0.18

  • Re-used standard rdrand instructions instead of bytedump of rdrand instruction
  • Improvement to F2m, including lots of tests (Andrew Lelechenko)
  • Add error check on salt length in bcrypt

0.17

  • Add Miyaguchi-Preneel construction (Kei Hibino)
  • Fix buffer length in scrypt (Luke Taylor)
  • build fixes for i686 and arm related to rdrand

0.16

  • Fix basepoint for Ed448

  • Enable 64-bit Curve25519 implementation

0.15

  • Fix serialization of DH and ECDH

0.14

  • Reduce size of SHA3 context instead of allocating all-size fit memory. save up to 72 bytes of memory per context for SHA3-512.
  • Add a Seed capability to the main DRG, to be able to debug/reproduce randomized program where you would want to disable the randomness.
  • Add support for Cipher-based Message Authentication Code (CMAC) (Kei Hibino)
  • CHANGE Change the SharedKey for Crypto.PubKey.DH and Crypto.PubKey.ECC.DH, from an Integer newtype to a ScrubbedBytes newtype. Prevent mistake where the bytes representation is generated without the right padding (when needed).
  • CHANGE Keep The field size in bits, in the Params in Crypto.PubKey.DH, moving from 2 elements to 3 elements in the structure.

0.13

  • SECURITY Fix buffer overflow issue in SHA384, copying 16 extra bytes from the SHA512 context to the destination memory pointer leading to memory corruption, segfault. (Mikael Bung)

0.12

  • Fix compilation issue with Ed448 on 32 bits machine.

0.11

  • Truncate hashing correctly for DSA
  • Add support for HKDF (RFC 5869)
  • Add support for Ed448
  • Extends support for Blake2s to 224 bits version.
  • Compilation workaround for old distribution (RHEL 4.1)
  • Compilation fix for AIX
  • Compilation fix with AESNI and ghci compiling C source in a weird order.
  • Fix example compilation, typo, and warning

0.10

  • Add reference implementation of blake2 for non-SSE2 platform
  • Add support_blake2_sse flag

0.9

  • Quiet down unused module imports
  • Move Curve25519 over to Crypto.Error instead of using Either String.
  • Add documentation for ChaChaPoly1305
  • Add missing documentation for various modules
  • Add a way to create Poly1305 Auth tag.
  • Added support for the BLAKE2 family of hash algorithms
  • Fix endianness of incrementNonce function for ChaChaPoly1305

0.8

  • Add support for ChaChaPoly1305 Nonce Increment (John Galt)
  • Move repository to the haskell-crypto organisation

0.7

  • Add PKCS5 / PKCS7 padding and unpadding methods
  • Fix ChaChaPoly1305 Decryption
  • Add support for BCrypt (Luke Taylor)

0.6

  • Add ChaChaPoly1305 AE cipher
  • Add instructions in README for building on old OSX
  • Fix blocking /dev/random Andrey Sverdlichenko

0.5

  • Fix all strays exports to all be under the cryptonite prefix.

0.4

  • Add a System DRG that represent a referentially transparent of evaluated bytes while using lazy evaluation for future entropy values.

0.3

  • Allow drgNew to run in any MonadRandom, providing cascading initialization
  • Remove Crypto.PubKey.HashDescr in favor of just having the algorithm specified in PKCS15 RSA function.
  • Fix documentation in cipher sub section (Luke Taylor)
  • Cleanup AES dead functions (Luke Taylor)
  • Fix Show instance of Digest to display without quotes similar to cryptohash
  • Use scrubbed bytes instead of bytes for P256 scalar

0.2

  • Fix P256 compilation and exactness, + add tests
  • Add a raw memory number serialization capability (i2osp, os2ip)
  • Improve tests for number serialization
  • Improve tests for ECC arithmetics
  • Add Ord instance for Digest (Nicolas Di Prima)
  • Fix entropy compilation on windows 64 bits.

0.1

  • Initial release