Module documentation for 0.2.0
Raaz: A secure cryptographic library
This is the repository of
raaz, a Haskell library that implements
some standard cryptographic primitives. This library is the basis on
which we plan to build a cryptographic framework in Haskell. For
example, there are plans to implement some common cryptographic
ssh. Thus applications that require cryptographic
security, in particular secure networking applications can be built
out of this.
Raaz is also an attempt to provide better security guarantees by making use of Haskell's strong typing. Besides, we put a lot of emphasis on better API design and good documentation which, we believe, makes the usage of the library secure.
Raaz (राज़) stands for secret in Hindi.
Hacking and Discussion
For hacking see our github repository.
For discussion see our google groups mailing list.
Hangout on irc.freenode.net (channel: #haskell-raaz).
For details please refer to our wiki.
Releasing and reviewing.
The repository also contains the file Releasing.md which contains checklist for releasing a new version of the library. Any crypto library should undergo through review by multiple people. In the file Reviewing.md, we collect some common pitfalls to look for while reviewing the code. It is good to actively look for some of the problems suggested there but of course one should also look for other problems.
Change log for raaz.
0.2.0 - 24 August, 2017
- Some cpu detection builtin for GCC. Would come handy in future for selection of primitives are runtime.
- BLAKE2b, BLAKE2s added.
- system entropy: Experimental support for linux getrandom call
- removed depreciated
- Got rid of the class
MemoryMonad, instead introduced a more specific
MemoryThread. This allows to treat monads like
RT memmuch like
MT mem, including possibility of running an action on a sub-memory.
- combinator to randomise memory cells.
- hardened the prg so that a compromise on the current prg state will not expose previously generated data.
- OpenBSD/NetBSD: fix incorrect arc4random call.
- Basic Unix man-page for the raaz command.
- Windows support is now included. The missing pieces were system entropy and memory locking which is now available.
0.1.1 - 2nd March, 2017
Failing build on big endian machines (#306) fixed.
0.1.0 - 28th February, 2017
- Stream cipher chacha20 added.
- Added a PRG that uses chacha20, seeded with system entropy
- Sha1 highly depreciated in view of reported collision.
- We now have super command
raazwith subcommands -
checksum: as a replacement for the old checksum executable -
rand: for generating random bytes.
Low level changes
Reworked alignment considerations.
New Alignment type
Ways for implementations to demand that the input buffer be aligned (mainly to facilitate more efficient SIMD implementations).
Num instance from LengthUnit removed, Monoid instance added (See issue:#247)
0.0.2 - July 25, 2016.
This release comes with very little changes.
- Encoding: translation between formats using the
- Encoding formats: base64
- Bug fix in base16 character verification (Commit: d6eca4c37b0b)
isSuccessfulfrom export list of Equality.
0.0.1 - June 21, 2016.
- Basic cryptographic types.
- Hashes: sha1, sha256, sha512, sha224, sha384 and their HMACs
- Ciphers: AES-CBC with key-sizes 128, 192 and 256
- Encoding formats: base16