Raaz: A secure cryptographic library

Build Staus Build Windows In Progress Stackage LTS Stackage Nightly Hackage Hackage Dependencies

This is the repository of raaz, a Haskell library that implements some standard cryptographic primitives. This library is the basis on which we plan to build a cryptographic framework in Haskell. For example, there are plans to implement some common cryptographic protocols like ssh. Thus applications that require cryptographic security, in particular secure networking applications can be built out of this.

Raaz is also an attempt to provide better security guarantees by making use of Haskell's strong typing. Besides, we put a lot of emphasis on better API design and good documentation which, we believe, makes the usage of the library secure.

The word Raaz (राज़) stands for secret in Hindi.

Hacking and Discussion

For details please refer to our wiki.

Releasing and reviewing.

The repository also contains the file Releasing.md which contains checklist for releasing a new version of the library. Any crypto library should undergo through review by multiple people. In the file Reviewing.md, we collect some common pitfalls to look for while reviewing the code. It is good to actively look for some of the problems suggested there but of course one should also look for other problems.

Changes

Change log for raaz.

0.2.0 - 24 August, 2017

  • Some cpu detection builtin for GCC. Would come handy in future for selection of primitives are runtime.
  • BLAKE2b, BLAKE2s added.
  • system entropy: Experimental support for linux getrandom call
  • removed depreciated liftSubMT from Memory.
  • Got rid of the class MemoryMonad, instead introduced a more specific MemoryThread. This allows to treat monads like RT mem much like MT mem, including possibility of running an action on a sub-memory.
  • combinator to randomise memory cells.
  • hardened the prg so that a compromise on the current prg state will not expose previously generated data.
  • OpenBSD/NetBSD: fix incorrect arc4random call.
  • Basic Unix man-page for the raaz command.
  • Windows support is now included. The missing pieces were system entropy and memory locking which is now available.

0.1.1 - 2nd March, 2017

  • Failing build on big endian machines (#306) fixed.

0.1.0 - 28th February, 2017

  • Stream cipher chacha20 added.
  • Added a PRG that uses chacha20, seeded with system entropy
  • Sha1 highly depreciated in view of reported collision.
  • We now have super command raaz with subcommands - checksum: as a replacement for the old checksum executable - rand: for generating random bytes.

Low level changes

  • Reworked alignment considerations.

    • New Alignment type

    • Ways for implementations to demand that the input buffer be aligned (mainly to facilitate more efficient SIMD implementations).

  • Num instance from LengthUnit removed, Monoid instance added (See issue:#247)

0.0.2 - July 25, 2016.

This release comes with very little changes.

  • Encoding: translation between formats using the translate combinator
  • Encoding formats: base64
  • Bug fix in base16 character verification (Commit: d6eca4c37b0b)
  • Dropped isSuccessful from export list of Equality.

0.0.1 - June 21, 2016.

  • Basic cryptographic types.
  • Hashes: sha1, sha256, sha512, sha224, sha384 and their HMACs
  • Ciphers: AES-CBC with key-sizes 128, 192 and 256
  • Encoding formats: base16
Used by 2 packages:
comments powered byDisqus