module Network.TLS.Crypto.IES (
GroupPublicA,
GroupPublicB,
GroupPrivate,
GroupKey,
groupGenerateKeyPair,
groupEncapsulate,
groupDecapsulate,
groupEncodePublicA,
groupDecodePublicA,
groupEncodePublicB,
groupDecodePublicB,
dhParamsForGroup,
dhGroupGenerateKeyPair,
dhGroupGetPubShared,
) where
import Control.Arrow
import Crypto.ECC as ECC
import Crypto.Error
import Crypto.Number.Generate
import Crypto.PubKey.DH (PrivateNumber (..), PublicNumber (..))
import qualified Crypto.PubKey.DH as DH
import Crypto.PubKey.ECIES
import Crypto.PubKey.ML_KEM (ML_KEM_1024, ML_KEM_512, ML_KEM_768)
import qualified Crypto.PubKey.ML_KEM as ML
import Data.ByteArray (ScrubbedBytes, convert)
import qualified Data.ByteArray as BA
import Data.Proxy
import Network.TLS.Crypto.Types
import Network.TLS.Extra.FFDHE
import Network.TLS.Imports
import Network.TLS.RNG
import Network.TLS.Util.Serialization (i2ospOf_, os2ip)
data GroupPrivate
= GroupPri_P256 (Scalar Curve_P256R1)
| GroupPri_P384 (Scalar Curve_P384R1)
| GroupPri_P521 (Scalar Curve_P521R1)
| GroupPri_X255 (Scalar Curve_X25519)
| GroupPri_X448 (Scalar Curve_X448)
| GroupPri_FFDHE2048 PrivateNumber
| GroupPri_FFDHE3072 PrivateNumber
| GroupPri_FFDHE4096 PrivateNumber
| GroupPri_FFDHE6144 PrivateNumber
| GroupPri_FFDHE8192 PrivateNumber
| GroupPri_MLKEM512 (ML.DecapsulationKey ML_KEM_512)
| GroupPri_MLKEM768 (ML.DecapsulationKey ML_KEM_768)
| GroupPri_MLKEM1024 (ML.DecapsulationKey ML_KEM_1024)
| GroupPri_X25519MLKEM768 (Scalar Curve_X25519, ML.DecapsulationKey ML_KEM_768)
| GroupPri_P256MLKEM768 (Scalar Curve_P256R1, ML.DecapsulationKey ML_KEM_768)
| GroupPri_P384MLKEM1024 (Scalar Curve_P384R1, ML.DecapsulationKey ML_KEM_1024)
deriving (GroupPrivate -> GroupPrivate -> Bool
(GroupPrivate -> GroupPrivate -> Bool)
-> (GroupPrivate -> GroupPrivate -> Bool) -> Eq GroupPrivate
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: GroupPrivate -> GroupPrivate -> Bool
== :: GroupPrivate -> GroupPrivate -> Bool
$c/= :: GroupPrivate -> GroupPrivate -> Bool
/= :: GroupPrivate -> GroupPrivate -> Bool
Eq, Int -> GroupPrivate -> ShowS
[GroupPrivate] -> ShowS
GroupPrivate -> String
(Int -> GroupPrivate -> ShowS)
-> (GroupPrivate -> String)
-> ([GroupPrivate] -> ShowS)
-> Show GroupPrivate
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> GroupPrivate -> ShowS
showsPrec :: Int -> GroupPrivate -> ShowS
$cshow :: GroupPrivate -> String
show :: GroupPrivate -> String
$cshowList :: [GroupPrivate] -> ShowS
showList :: [GroupPrivate] -> ShowS
Show)
data GroupPublicA
= GroupPubA_P256 (Point Curve_P256R1)
| GroupPubA_P384 (Point Curve_P384R1)
| GroupPubA_P521 (Point Curve_P521R1)
| GroupPubA_X255 (Point Curve_X25519)
| GroupPubA_X448 (Point Curve_X448)
| GroupPubA_FFDHE2048 PublicNumber
| GroupPubA_FFDHE3072 PublicNumber
| GroupPubA_FFDHE4096 PublicNumber
| GroupPubA_FFDHE6144 PublicNumber
| GroupPubA_FFDHE8192 PublicNumber
| GroupPubA_MLKEM512 (ML.EncapsulationKey ML_KEM_512)
| GroupPubA_MLKEM768 (ML.EncapsulationKey ML_KEM_768)
| GroupPubA_MLKEM1024 (ML.EncapsulationKey ML_KEM_1024)
| GroupPubA_X25519MLKEM768 (Point Curve_X25519, ML.EncapsulationKey ML_KEM_768)
| GroupPubA_P256MLKEM768 (Point Curve_P256R1, ML.EncapsulationKey ML_KEM_768)
| GroupPubA_P384MLKEM1024 (Point Curve_P384R1, ML.EncapsulationKey ML_KEM_1024)
deriving (GroupPublicA -> GroupPublicA -> Bool
(GroupPublicA -> GroupPublicA -> Bool)
-> (GroupPublicA -> GroupPublicA -> Bool) -> Eq GroupPublicA
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: GroupPublicA -> GroupPublicA -> Bool
== :: GroupPublicA -> GroupPublicA -> Bool
$c/= :: GroupPublicA -> GroupPublicA -> Bool
/= :: GroupPublicA -> GroupPublicA -> Bool
Eq, Int -> GroupPublicA -> ShowS
[GroupPublicA] -> ShowS
GroupPublicA -> String
(Int -> GroupPublicA -> ShowS)
-> (GroupPublicA -> String)
-> ([GroupPublicA] -> ShowS)
-> Show GroupPublicA
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> GroupPublicA -> ShowS
showsPrec :: Int -> GroupPublicA -> ShowS
$cshow :: GroupPublicA -> String
show :: GroupPublicA -> String
$cshowList :: [GroupPublicA] -> ShowS
showList :: [GroupPublicA] -> ShowS
Show)
data GroupPublicB
= GroupPubB_P256 (Point Curve_P256R1)
| GroupPubB_P384 (Point Curve_P384R1)
| GroupPubB_P521 (Point Curve_P521R1)
| GroupPubB_X255 (Point Curve_X25519)
| GroupPubB_X448 (Point Curve_X448)
| GroupPubB_FFDHE2048 PublicNumber
| GroupPubB_FFDHE3072 PublicNumber
| GroupPubB_FFDHE4096 PublicNumber
| GroupPubB_FFDHE6144 PublicNumber
| GroupPubB_FFDHE8192 PublicNumber
| GroupPubB_MLKEM512 (ML.Ciphertext ML_KEM_512)
| GroupPubB_MLKEM768 (ML.Ciphertext ML_KEM_768)
| GroupPubB_MLKEM1024 (ML.Ciphertext ML_KEM_1024)
| GroupPubB_X25519MLKEM768 (Point Curve_X25519, ML.Ciphertext ML_KEM_768)
| GroupPubB_P256MLKEM768 (Point Curve_P256R1, ML.Ciphertext ML_KEM_768)
| GroupPubB_P384MLKEM1024 (Point Curve_P384R1, ML.Ciphertext ML_KEM_1024)
deriving (GroupPublicB -> GroupPublicB -> Bool
(GroupPublicB -> GroupPublicB -> Bool)
-> (GroupPublicB -> GroupPublicB -> Bool) -> Eq GroupPublicB
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: GroupPublicB -> GroupPublicB -> Bool
== :: GroupPublicB -> GroupPublicB -> Bool
$c/= :: GroupPublicB -> GroupPublicB -> Bool
/= :: GroupPublicB -> GroupPublicB -> Bool
Eq, Int -> GroupPublicB -> ShowS
[GroupPublicB] -> ShowS
GroupPublicB -> String
(Int -> GroupPublicB -> ShowS)
-> (GroupPublicB -> String)
-> ([GroupPublicB] -> ShowS)
-> Show GroupPublicB
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> GroupPublicB -> ShowS
showsPrec :: Int -> GroupPublicB -> ShowS
$cshow :: GroupPublicB -> String
show :: GroupPublicB -> String
$cshowList :: [GroupPublicB] -> ShowS
showList :: [GroupPublicB] -> ShowS
Show)
type GroupKey = ScrubbedBytes
p256 :: Proxy Curve_P256R1
p256 :: Proxy Curve_P256R1
p256 = Proxy Curve_P256R1
forall {k} (t :: k). Proxy t
Proxy
p384 :: Proxy Curve_P384R1
p384 :: Proxy Curve_P384R1
p384 = Proxy Curve_P384R1
forall {k} (t :: k). Proxy t
Proxy
p521 :: Proxy Curve_P521R1
p521 :: Proxy Curve_P521R1
p521 = Proxy Curve_P521R1
forall {k} (t :: k). Proxy t
Proxy
x25519 :: Proxy Curve_X25519
x25519 :: Proxy Curve_X25519
x25519 = Proxy Curve_X25519
forall {k} (t :: k). Proxy t
Proxy
x448 :: Proxy Curve_X448
x448 :: Proxy Curve_X448
x448 = Proxy Curve_X448
forall {k} (t :: k). Proxy t
Proxy
mlkem512 :: Proxy ML_KEM_512
mlkem512 :: Proxy ML_KEM_512
mlkem512 = Proxy ML_KEM_512
forall {k} (t :: k). Proxy t
Proxy
mlkem768 :: Proxy ML_KEM_768
mlkem768 :: Proxy ML_KEM_768
mlkem768 = Proxy ML_KEM_768
forall {k} (t :: k). Proxy t
Proxy
mlkem1024 :: Proxy ML_KEM_1024
mlkem1024 :: Proxy ML_KEM_1024
mlkem1024 = Proxy ML_KEM_1024
forall {k} (t :: k). Proxy t
Proxy
dhParamsForGroup :: Group -> Maybe DH.Params
dhParamsForGroup :: Group -> Maybe Params
dhParamsForGroup Group
FFDHE2048 = Params -> Maybe Params
forall a. a -> Maybe a
Just Params
ffdhe2048
dhParamsForGroup Group
FFDHE3072 = Params -> Maybe Params
forall a. a -> Maybe a
Just Params
ffdhe3072
dhParamsForGroup Group
FFDHE4096 = Params -> Maybe Params
forall a. a -> Maybe a
Just Params
ffdhe4096
dhParamsForGroup Group
FFDHE6144 = Params -> Maybe Params
forall a. a -> Maybe a
Just Params
ffdhe6144
dhParamsForGroup Group
FFDHE8192 = Params -> Maybe Params
forall a. a -> Maybe a
Just Params
ffdhe8192
dhParamsForGroup Group
_ = Maybe Params
forall a. Maybe a
Nothing
groupGenerateKeyPair :: MonadRandom r => Group -> r (GroupPrivate, GroupPublicA)
groupGenerateKeyPair :: forall (r :: * -> *).
MonadRandom r =>
Group -> r (GroupPrivate, GroupPublicA)
groupGenerateKeyPair Group
P256 =
(Scalar Curve_P256R1 -> GroupPrivate
GroupPri_P256, Point Curve_P256R1 -> GroupPublicA
GroupPubA_P256) (Scalar Curve_P256R1 -> GroupPrivate,
Point Curve_P256R1 -> GroupPublicA)
-> r (KeyPair Curve_P256R1) -> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *) a.
MonadRandom r =>
(Scalar a -> GroupPrivate, Point a -> GroupPublicA)
-> r (KeyPair a) -> r (GroupPrivate, GroupPublicA)
`fs` Proxy Curve_P256R1 -> r (KeyPair Curve_P256R1)
forall curve (randomly :: * -> *) (proxy :: * -> *).
(EllipticCurve curve, MonadRandom randomly) =>
proxy curve -> randomly (KeyPair curve)
forall (randomly :: * -> *) (proxy :: * -> *).
MonadRandom randomly =>
proxy Curve_P256R1 -> randomly (KeyPair Curve_P256R1)
curveGenerateKeyPair Proxy Curve_P256R1
p256
groupGenerateKeyPair Group
P384 =
(Scalar Curve_P384R1 -> GroupPrivate
GroupPri_P384, Point Curve_P384R1 -> GroupPublicA
GroupPubA_P384) (Scalar Curve_P384R1 -> GroupPrivate,
Point Curve_P384R1 -> GroupPublicA)
-> r (KeyPair Curve_P384R1) -> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *) a.
MonadRandom r =>
(Scalar a -> GroupPrivate, Point a -> GroupPublicA)
-> r (KeyPair a) -> r (GroupPrivate, GroupPublicA)
`fs` Proxy Curve_P384R1 -> r (KeyPair Curve_P384R1)
forall curve (randomly :: * -> *) (proxy :: * -> *).
(EllipticCurve curve, MonadRandom randomly) =>
proxy curve -> randomly (KeyPair curve)
forall (randomly :: * -> *) (proxy :: * -> *).
MonadRandom randomly =>
proxy Curve_P384R1 -> randomly (KeyPair Curve_P384R1)
curveGenerateKeyPair Proxy Curve_P384R1
p384
groupGenerateKeyPair Group
P521 =
(Scalar Curve_P521R1 -> GroupPrivate
GroupPri_P521, Point Curve_P521R1 -> GroupPublicA
GroupPubA_P521) (Scalar Curve_P521R1 -> GroupPrivate,
Point Curve_P521R1 -> GroupPublicA)
-> r (KeyPair Curve_P521R1) -> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *) a.
MonadRandom r =>
(Scalar a -> GroupPrivate, Point a -> GroupPublicA)
-> r (KeyPair a) -> r (GroupPrivate, GroupPublicA)
`fs` Proxy Curve_P521R1 -> r (KeyPair Curve_P521R1)
forall curve (randomly :: * -> *) (proxy :: * -> *).
(EllipticCurve curve, MonadRandom randomly) =>
proxy curve -> randomly (KeyPair curve)
forall (randomly :: * -> *) (proxy :: * -> *).
MonadRandom randomly =>
proxy Curve_P521R1 -> randomly (KeyPair Curve_P521R1)
curveGenerateKeyPair Proxy Curve_P521R1
p521
groupGenerateKeyPair Group
X25519 =
(Scalar Curve_X25519 -> GroupPrivate
GroupPri_X255, Point Curve_X25519 -> GroupPublicA
GroupPubA_X255) (Scalar Curve_X25519 -> GroupPrivate,
Point Curve_X25519 -> GroupPublicA)
-> r (KeyPair Curve_X25519) -> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *) a.
MonadRandom r =>
(Scalar a -> GroupPrivate, Point a -> GroupPublicA)
-> r (KeyPair a) -> r (GroupPrivate, GroupPublicA)
`fs` Proxy Curve_X25519 -> r (KeyPair Curve_X25519)
forall curve (randomly :: * -> *) (proxy :: * -> *).
(EllipticCurve curve, MonadRandom randomly) =>
proxy curve -> randomly (KeyPair curve)
forall (randomly :: * -> *) (proxy :: * -> *).
MonadRandom randomly =>
proxy Curve_X25519 -> randomly (KeyPair Curve_X25519)
curveGenerateKeyPair Proxy Curve_X25519
x25519
groupGenerateKeyPair Group
X448 =
(Scalar Curve_X448 -> GroupPrivate
GroupPri_X448, Point Curve_X448 -> GroupPublicA
GroupPubA_X448) (Scalar Curve_X448 -> GroupPrivate,
Point Curve_X448 -> GroupPublicA)
-> r (KeyPair Curve_X448) -> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *) a.
MonadRandom r =>
(Scalar a -> GroupPrivate, Point a -> GroupPublicA)
-> r (KeyPair a) -> r (GroupPrivate, GroupPublicA)
`fs` Proxy Curve_X448 -> r (KeyPair Curve_X448)
forall curve (randomly :: * -> *) (proxy :: * -> *).
(EllipticCurve curve, MonadRandom randomly) =>
proxy curve -> randomly (KeyPair curve)
forall (randomly :: * -> *) (proxy :: * -> *).
MonadRandom randomly =>
proxy Curve_X448 -> randomly (KeyPair Curve_X448)
curveGenerateKeyPair Proxy Curve_X448
x448
groupGenerateKeyPair Group
FFDHE2048 = Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
gen Params
ffdhe2048 Int
exp2048 PrivateNumber -> GroupPrivate
GroupPri_FFDHE2048 PublicNumber -> GroupPublicA
GroupPubA_FFDHE2048
groupGenerateKeyPair Group
FFDHE3072 = Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
gen Params
ffdhe3072 Int
exp3072 PrivateNumber -> GroupPrivate
GroupPri_FFDHE3072 PublicNumber -> GroupPublicA
GroupPubA_FFDHE3072
groupGenerateKeyPair Group
FFDHE4096 = Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
gen Params
ffdhe4096 Int
exp4096 PrivateNumber -> GroupPrivate
GroupPri_FFDHE4096 PublicNumber -> GroupPublicA
GroupPubA_FFDHE4096
groupGenerateKeyPair Group
FFDHE6144 = Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
gen Params
ffdhe6144 Int
exp6144 PrivateNumber -> GroupPrivate
GroupPri_FFDHE6144 PublicNumber -> GroupPublicA
GroupPubA_FFDHE6144
groupGenerateKeyPair Group
FFDHE8192 = Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
gen Params
ffdhe8192 Int
exp8192 PrivateNumber -> GroupPrivate
GroupPri_FFDHE8192 PublicNumber -> GroupPublicA
GroupPubA_FFDHE8192
groupGenerateKeyPair Group
MLKEM512 = do
(e, d) <- Proxy ML_KEM_512
-> r (EncapsulationKey ML_KEM_512, DecapsulationKey ML_KEM_512)
forall a (m :: * -> *) (proxy :: * -> *).
(ParamSet a, MonadRandom m) =>
proxy a -> m (EncapsulationKey a, DecapsulationKey a)
ML.generate Proxy ML_KEM_512
mlkem512
return (GroupPri_MLKEM512 d, GroupPubA_MLKEM512 e)
groupGenerateKeyPair Group
MLKEM768 = do
(e, d) <- Proxy ML_KEM_768
-> r (EncapsulationKey ML_KEM_768, DecapsulationKey ML_KEM_768)
forall a (m :: * -> *) (proxy :: * -> *).
(ParamSet a, MonadRandom m) =>
proxy a -> m (EncapsulationKey a, DecapsulationKey a)
ML.generate Proxy ML_KEM_768
mlkem768
return (GroupPri_MLKEM768 d, GroupPubA_MLKEM768 e)
groupGenerateKeyPair Group
MLKEM1024 = do
(e, d) <- Proxy ML_KEM_1024
-> r (EncapsulationKey ML_KEM_1024, DecapsulationKey ML_KEM_1024)
forall a (m :: * -> *) (proxy :: * -> *).
(ParamSet a, MonadRandom m) =>
proxy a -> m (EncapsulationKey a, DecapsulationKey a)
ML.generate Proxy ML_KEM_1024
mlkem1024
return (GroupPri_MLKEM1024 d, GroupPubA_MLKEM1024 e)
groupGenerateKeyPair Group
X25519MLKEM768 = do
(d1, e1) <- r (KeyPair Curve_X25519)
-> r (Scalar Curve_X25519, Point Curve_X25519)
forall (m :: * -> *) curve.
Monad m =>
m (KeyPair curve) -> m (Scalar curve, Point curve)
fs' (r (KeyPair Curve_X25519)
-> r (Scalar Curve_X25519, Point Curve_X25519))
-> r (KeyPair Curve_X25519)
-> r (Scalar Curve_X25519, Point Curve_X25519)
forall a b. (a -> b) -> a -> b
$ Proxy Curve_X25519 -> r (KeyPair Curve_X25519)
forall curve (randomly :: * -> *) (proxy :: * -> *).
(EllipticCurve curve, MonadRandom randomly) =>
proxy curve -> randomly (KeyPair curve)
forall (randomly :: * -> *) (proxy :: * -> *).
MonadRandom randomly =>
proxy Curve_X25519 -> randomly (KeyPair Curve_X25519)
curveGenerateKeyPair Proxy Curve_X25519
x25519
(e2, d2) <- ML.generate mlkem768
return (GroupPri_X25519MLKEM768 (d1, d2), GroupPubA_X25519MLKEM768 (e1, e2))
groupGenerateKeyPair Group
P256MLKEM768 = do
(d1, e1) <- r (KeyPair Curve_P256R1)
-> r (Scalar Curve_P256R1, Point Curve_P256R1)
forall (m :: * -> *) curve.
Monad m =>
m (KeyPair curve) -> m (Scalar curve, Point curve)
fs' (r (KeyPair Curve_P256R1)
-> r (Scalar Curve_P256R1, Point Curve_P256R1))
-> r (KeyPair Curve_P256R1)
-> r (Scalar Curve_P256R1, Point Curve_P256R1)
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P256R1 -> r (KeyPair Curve_P256R1)
forall curve (randomly :: * -> *) (proxy :: * -> *).
(EllipticCurve curve, MonadRandom randomly) =>
proxy curve -> randomly (KeyPair curve)
forall (randomly :: * -> *) (proxy :: * -> *).
MonadRandom randomly =>
proxy Curve_P256R1 -> randomly (KeyPair Curve_P256R1)
curveGenerateKeyPair Proxy Curve_P256R1
p256
(e2, d2) <- ML.generate mlkem768
return (GroupPri_P256MLKEM768 (d1, d2), GroupPubA_P256MLKEM768 (e1, e2))
groupGenerateKeyPair Group
P384MLKEM1024 = do
(d1, e1) <- r (KeyPair Curve_P384R1)
-> r (Scalar Curve_P384R1, Point Curve_P384R1)
forall (m :: * -> *) curve.
Monad m =>
m (KeyPair curve) -> m (Scalar curve, Point curve)
fs' (r (KeyPair Curve_P384R1)
-> r (Scalar Curve_P384R1, Point Curve_P384R1))
-> r (KeyPair Curve_P384R1)
-> r (Scalar Curve_P384R1, Point Curve_P384R1)
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P384R1 -> r (KeyPair Curve_P384R1)
forall curve (randomly :: * -> *) (proxy :: * -> *).
(EllipticCurve curve, MonadRandom randomly) =>
proxy curve -> randomly (KeyPair curve)
forall (randomly :: * -> *) (proxy :: * -> *).
MonadRandom randomly =>
proxy Curve_P384R1 -> randomly (KeyPair Curve_P384R1)
curveGenerateKeyPair Proxy Curve_P384R1
p384
(e2, d2) <- ML.generate mlkem1024
return (GroupPri_P384MLKEM1024 (d1, d2), GroupPubA_P384MLKEM1024 (e1, e2))
groupGenerateKeyPair Group
_ = String -> r (GroupPrivate, GroupPublicA)
forall a. HasCallStack => String -> a
error String
"groupGenerateKeyPair"
dhGroupGenerateKeyPair
:: MonadRandom r => Group -> r (DH.Params, PrivateNumber, PublicNumber)
dhGroupGenerateKeyPair :: forall (r :: * -> *).
MonadRandom r =>
Group -> r (Params, PrivateNumber, PublicNumber)
dhGroupGenerateKeyPair Group
FFDHE2048 = Params
-> r (PrivateNumber, PublicNumber)
-> r (Params, PrivateNumber, PublicNumber)
forall (f :: * -> *) a b.
Functor f =>
Params -> f (a, b) -> f (Params, a, b)
addParams Params
ffdhe2048 (Params -> Int -> r (PrivateNumber, PublicNumber)
forall (r :: * -> *).
MonadRandom r =>
Params -> Int -> r (PrivateNumber, PublicNumber)
gen' Params
ffdhe2048 Int
exp2048)
dhGroupGenerateKeyPair Group
FFDHE3072 = Params
-> r (PrivateNumber, PublicNumber)
-> r (Params, PrivateNumber, PublicNumber)
forall (f :: * -> *) a b.
Functor f =>
Params -> f (a, b) -> f (Params, a, b)
addParams Params
ffdhe3072 (Params -> Int -> r (PrivateNumber, PublicNumber)
forall (r :: * -> *).
MonadRandom r =>
Params -> Int -> r (PrivateNumber, PublicNumber)
gen' Params
ffdhe3072 Int
exp3072)
dhGroupGenerateKeyPair Group
FFDHE4096 = Params
-> r (PrivateNumber, PublicNumber)
-> r (Params, PrivateNumber, PublicNumber)
forall (f :: * -> *) a b.
Functor f =>
Params -> f (a, b) -> f (Params, a, b)
addParams Params
ffdhe4096 (Params -> Int -> r (PrivateNumber, PublicNumber)
forall (r :: * -> *).
MonadRandom r =>
Params -> Int -> r (PrivateNumber, PublicNumber)
gen' Params
ffdhe4096 Int
exp4096)
dhGroupGenerateKeyPair Group
FFDHE6144 = Params
-> r (PrivateNumber, PublicNumber)
-> r (Params, PrivateNumber, PublicNumber)
forall (f :: * -> *) a b.
Functor f =>
Params -> f (a, b) -> f (Params, a, b)
addParams Params
ffdhe6144 (Params -> Int -> r (PrivateNumber, PublicNumber)
forall (r :: * -> *).
MonadRandom r =>
Params -> Int -> r (PrivateNumber, PublicNumber)
gen' Params
ffdhe6144 Int
exp6144)
dhGroupGenerateKeyPair Group
FFDHE8192 = Params
-> r (PrivateNumber, PublicNumber)
-> r (Params, PrivateNumber, PublicNumber)
forall (f :: * -> *) a b.
Functor f =>
Params -> f (a, b) -> f (Params, a, b)
addParams Params
ffdhe8192 (Params -> Int -> r (PrivateNumber, PublicNumber)
forall (r :: * -> *).
MonadRandom r =>
Params -> Int -> r (PrivateNumber, PublicNumber)
gen' Params
ffdhe8192 Int
exp8192)
dhGroupGenerateKeyPair Group
grp = String -> r (Params, PrivateNumber, PublicNumber)
forall a. HasCallStack => String -> a
error (String
"invalid FFDHE group: " String -> ShowS
forall a. [a] -> [a] -> [a]
++ Group -> String
forall a. Show a => a -> String
show Group
grp)
addParams :: Functor f => DH.Params -> f (a, b) -> f (DH.Params, a, b)
addParams :: forall (f :: * -> *) a b.
Functor f =>
Params -> f (a, b) -> f (Params, a, b)
addParams Params
params = ((a, b) -> (Params, a, b)) -> f (a, b) -> f (Params, a, b)
forall a b. (a -> b) -> f a -> f b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap (((a, b) -> (Params, a, b)) -> f (a, b) -> f (Params, a, b))
-> ((a, b) -> (Params, a, b)) -> f (a, b) -> f (Params, a, b)
forall a b. (a -> b) -> a -> b
$ \(a
a, b
b) -> (Params
params, a
a, b
b)
fs
:: MonadRandom r
=> (Scalar a -> GroupPrivate, Point a -> GroupPublicA)
-> r (KeyPair a)
-> r (GroupPrivate, GroupPublicA)
(Scalar a -> GroupPrivate
t1, Point a -> GroupPublicA
t2) fs :: forall (r :: * -> *) a.
MonadRandom r =>
(Scalar a -> GroupPrivate, Point a -> GroupPublicA)
-> r (KeyPair a) -> r (GroupPrivate, GroupPublicA)
`fs` r (KeyPair a)
action = do
keypair <- r (KeyPair a)
action
let pub = KeyPair a -> Point a
forall curve. KeyPair curve -> Point curve
keypairGetPublic KeyPair a
keypair
pri = KeyPair a -> Scalar a
forall curve. KeyPair curve -> Scalar curve
keypairGetPrivate KeyPair a
keypair
return (t1 pri, t2 pub)
fs' :: Monad m => m (KeyPair curve) -> m (Scalar curve, Point curve)
fs' :: forall (m :: * -> *) curve.
Monad m =>
m (KeyPair curve) -> m (Scalar curve, Point curve)
fs' m (KeyPair curve)
action = do
keypair <- m (KeyPair curve)
action
let pub = KeyPair curve -> Point curve
forall curve. KeyPair curve -> Point curve
keypairGetPublic KeyPair curve
keypair
pri = KeyPair curve -> Scalar curve
forall curve. KeyPair curve -> Scalar curve
keypairGetPrivate KeyPair curve
keypair
return (pri, pub)
gen
:: MonadRandom r
=> DH.Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
gen :: forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> r (GroupPrivate, GroupPublicA)
gen Params
params Int
expBits PrivateNumber -> GroupPrivate
priTag PublicNumber -> GroupPublicA
pubTag = (PrivateNumber -> GroupPrivate
priTag (PrivateNumber -> GroupPrivate)
-> (PublicNumber -> GroupPublicA)
-> (PrivateNumber, PublicNumber)
-> (GroupPrivate, GroupPublicA)
forall b c b' c'. (b -> c) -> (b' -> c') -> (b, b') -> (c, c')
forall (a :: * -> * -> *) b c b' c'.
Arrow a =>
a b c -> a b' c' -> a (b, b') (c, c')
*** PublicNumber -> GroupPublicA
pubTag) ((PrivateNumber, PublicNumber) -> (GroupPrivate, GroupPublicA))
-> r (PrivateNumber, PublicNumber)
-> r (GroupPrivate, GroupPublicA)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Params -> Int -> r (PrivateNumber, PublicNumber)
forall (r :: * -> *).
MonadRandom r =>
Params -> Int -> r (PrivateNumber, PublicNumber)
gen' Params
params Int
expBits
gen'
:: MonadRandom r
=> DH.Params
-> Int
-> r (PrivateNumber, PublicNumber)
gen' :: forall (r :: * -> *).
MonadRandom r =>
Params -> Int -> r (PrivateNumber, PublicNumber)
gen' Params
params Int
expBits = (PrivateNumber -> PrivateNumber
forall a. a -> a
id (PrivateNumber -> PrivateNumber)
-> (PrivateNumber -> PublicNumber)
-> PrivateNumber
-> (PrivateNumber, PublicNumber)
forall b c c'. (b -> c) -> (b -> c') -> b -> (c, c')
forall (a :: * -> * -> *) b c c'.
Arrow a =>
a b c -> a b c' -> a b (c, c')
&&& Params -> PrivateNumber -> PublicNumber
DH.calculatePublic Params
params) (PrivateNumber -> (PrivateNumber, PublicNumber))
-> r PrivateNumber -> r (PrivateNumber, PublicNumber)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Int -> r PrivateNumber
forall (r :: * -> *). MonadRandom r => Int -> r PrivateNumber
generatePriv Int
expBits
groupEncapsulate
:: MonadRandom r => GroupPublicA -> r (Maybe (GroupPublicB, GroupKey))
groupEncapsulate :: forall (r :: * -> *).
MonadRandom r =>
GroupPublicA -> r (Maybe (GroupPublicB, ScrubbedBytes))
groupEncapsulate (GroupPubA_P256 Point Curve_P256R1
pub) = (Point Curve_P256R1 -> GroupPublicB)
-> Proxy Curve_P256R1
-> Point Curve_P256R1
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
(Point curve -> GroupPublicB)
-> proxy curve
-> Point curve
-> m (Maybe (GroupPublicB, ScrubbedBytes))
getECDHPubShared Point Curve_P256R1 -> GroupPublicB
GroupPubB_P256 Proxy Curve_P256R1
p256 Point Curve_P256R1
pub
groupEncapsulate (GroupPubA_P384 Point Curve_P384R1
pub) = (Point Curve_P384R1 -> GroupPublicB)
-> Proxy Curve_P384R1
-> Point Curve_P384R1
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
(Point curve -> GroupPublicB)
-> proxy curve
-> Point curve
-> m (Maybe (GroupPublicB, ScrubbedBytes))
getECDHPubShared Point Curve_P384R1 -> GroupPublicB
GroupPubB_P384 Proxy Curve_P384R1
p384 Point Curve_P384R1
pub
groupEncapsulate (GroupPubA_P521 Point Curve_P521R1
pub) = (Point Curve_P521R1 -> GroupPublicB)
-> Proxy Curve_P521R1
-> Point Curve_P521R1
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
(Point curve -> GroupPublicB)
-> proxy curve
-> Point curve
-> m (Maybe (GroupPublicB, ScrubbedBytes))
getECDHPubShared Point Curve_P521R1 -> GroupPublicB
GroupPubB_P521 Proxy Curve_P521R1
p521 Point Curve_P521R1
pub
groupEncapsulate (GroupPubA_X255 Point Curve_X25519
pub) = (Point Curve_X25519 -> GroupPublicB)
-> Proxy Curve_X25519
-> Point Curve_X25519
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
(Point curve -> GroupPublicB)
-> proxy curve
-> Point curve
-> m (Maybe (GroupPublicB, ScrubbedBytes))
getECDHPubShared Point Curve_X25519 -> GroupPublicB
GroupPubB_X255 Proxy Curve_X25519
x25519 Point Curve_X25519
pub
groupEncapsulate (GroupPubA_X448 Point Curve_X448
pub) = (Point Curve_X448 -> GroupPublicB)
-> Proxy Curve_X448
-> Point Curve_X448
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
(Point curve -> GroupPublicB)
-> proxy curve
-> Point curve
-> m (Maybe (GroupPublicB, ScrubbedBytes))
getECDHPubShared Point Curve_X448 -> GroupPublicB
GroupPubB_X448 Proxy Curve_X448
x448 Point Curve_X448
pub
groupEncapsulate (GroupPubA_FFDHE2048 PublicNumber
pub) = Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
getDHPubShared Params
ffdhe2048 Int
exp2048 PublicNumber
pub PublicNumber -> GroupPublicB
GroupPubB_FFDHE2048
groupEncapsulate (GroupPubA_FFDHE3072 PublicNumber
pub) = Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
getDHPubShared Params
ffdhe3072 Int
exp3072 PublicNumber
pub PublicNumber -> GroupPublicB
GroupPubB_FFDHE3072
groupEncapsulate (GroupPubA_FFDHE4096 PublicNumber
pub) = Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
getDHPubShared Params
ffdhe4096 Int
exp4096 PublicNumber
pub PublicNumber -> GroupPublicB
GroupPubB_FFDHE4096
groupEncapsulate (GroupPubA_FFDHE6144 PublicNumber
pub) = Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
getDHPubShared Params
ffdhe6144 Int
exp6144 PublicNumber
pub PublicNumber -> GroupPublicB
GroupPubB_FFDHE6144
groupEncapsulate (GroupPubA_FFDHE8192 PublicNumber
pub) = Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
getDHPubShared Params
ffdhe8192 Int
exp8192 PublicNumber
pub PublicNumber -> GroupPublicB
GroupPubB_FFDHE8192
groupEncapsulate (GroupPubA_MLKEM512 EncapsulationKey ML_KEM_512
pub) = do
(sec, ct) <- EncapsulationKey ML_KEM_512
-> r (SharedSecret ML_KEM_512, Ciphertext ML_KEM_512)
forall a (m :: * -> *).
(ParamSet a, MonadRandom m) =>
EncapsulationKey a -> m (SharedSecret a, Ciphertext a)
ML.encapsulate EncapsulationKey ML_KEM_512
pub
return $ Just (GroupPubB_MLKEM512 ct, convert sec)
groupEncapsulate (GroupPubA_MLKEM768 EncapsulationKey ML_KEM_768
pub) = do
(sec, ct) <- EncapsulationKey ML_KEM_768
-> r (SharedSecret ML_KEM_768, Ciphertext ML_KEM_768)
forall a (m :: * -> *).
(ParamSet a, MonadRandom m) =>
EncapsulationKey a -> m (SharedSecret a, Ciphertext a)
ML.encapsulate EncapsulationKey ML_KEM_768
pub
return $ Just (GroupPubB_MLKEM768 ct, convert sec)
groupEncapsulate (GroupPubA_MLKEM1024 EncapsulationKey ML_KEM_1024
pub) = do
(sec, ct) <- EncapsulationKey ML_KEM_1024
-> r (SharedSecret ML_KEM_1024, Ciphertext ML_KEM_1024)
forall a (m :: * -> *).
(ParamSet a, MonadRandom m) =>
EncapsulationKey a -> m (SharedSecret a, Ciphertext a)
ML.encapsulate EncapsulationKey ML_KEM_1024
pub
return $ Just (GroupPubB_MLKEM1024 ct, convert sec)
groupEncapsulate (GroupPubA_X25519MLKEM768 (Point Curve_X25519
e1, EncapsulationKey ML_KEM_768
e2)) = do
(c1, k1) <- Maybe (PublicKey, ScrubbedBytes) -> (PublicKey, ScrubbedBytes)
forall a. HasCallStack => Maybe a -> a
fromJust (Maybe (PublicKey, ScrubbedBytes) -> (PublicKey, ScrubbedBytes))
-> r (Maybe (PublicKey, ScrubbedBytes))
-> r (PublicKey, ScrubbedBytes)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_X25519
-> Point Curve_X25519
-> r (Maybe (Point Curve_X25519, ScrubbedBytes))
forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
proxy curve
-> Point curve -> m (Maybe (Point curve, ScrubbedBytes))
getECDHPubShared' Proxy Curve_X25519
x25519 Point Curve_X25519
e1
(k2, c2) <- ML.encapsulate e2
return $ Just (GroupPubB_X25519MLKEM768 (c1, c2), convert k2 <> k1)
groupEncapsulate (GroupPubA_P256MLKEM768 (Point Curve_P256R1
e1, EncapsulationKey ML_KEM_768
e2)) = do
(c1, k1) <- Maybe (Point, ScrubbedBytes) -> (Point, ScrubbedBytes)
forall a. HasCallStack => Maybe a -> a
fromJust (Maybe (Point, ScrubbedBytes) -> (Point, ScrubbedBytes))
-> r (Maybe (Point, ScrubbedBytes)) -> r (Point, ScrubbedBytes)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_P256R1
-> Point Curve_P256R1
-> r (Maybe (Point Curve_P256R1, ScrubbedBytes))
forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
proxy curve
-> Point curve -> m (Maybe (Point curve, ScrubbedBytes))
getECDHPubShared' Proxy Curve_P256R1
p256 Point Curve_P256R1
e1
(k2, c2) <- ML.encapsulate e2
return $ Just (GroupPubB_P256MLKEM768 (c1, c2), k1 <> convert k2)
groupEncapsulate (GroupPubA_P384MLKEM1024 (Point Curve_P384R1
e1, EncapsulationKey ML_KEM_1024
e2)) = do
(c1, k1) <- Maybe (Point SEC_p384r1, ScrubbedBytes)
-> (Point SEC_p384r1, ScrubbedBytes)
forall a. HasCallStack => Maybe a -> a
fromJust (Maybe (Point SEC_p384r1, ScrubbedBytes)
-> (Point SEC_p384r1, ScrubbedBytes))
-> r (Maybe (Point SEC_p384r1, ScrubbedBytes))
-> r (Point SEC_p384r1, ScrubbedBytes)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_P384R1
-> Point Curve_P384R1
-> r (Maybe (Point Curve_P384R1, ScrubbedBytes))
forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
proxy curve
-> Point curve -> m (Maybe (Point curve, ScrubbedBytes))
getECDHPubShared' Proxy Curve_P384R1
p384 Point Curve_P384R1
e1
(k2, c2) <- ML.encapsulate e2
return $ Just (GroupPubB_P384MLKEM1024 (c1, c2), k1 <> convert k2)
dhGroupGetPubShared
:: MonadRandom r => Group -> PublicNumber -> r (Maybe (PublicNumber, GroupKey))
dhGroupGetPubShared :: forall (r :: * -> *).
MonadRandom r =>
Group -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
dhGroupGetPubShared Group
FFDHE2048 PublicNumber
pub = Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
getDHPubShared' Params
ffdhe2048 Int
exp2048 PublicNumber
pub
dhGroupGetPubShared Group
FFDHE3072 PublicNumber
pub = Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
getDHPubShared' Params
ffdhe3072 Int
exp3072 PublicNumber
pub
dhGroupGetPubShared Group
FFDHE4096 PublicNumber
pub = Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
getDHPubShared' Params
ffdhe4096 Int
exp4096 PublicNumber
pub
dhGroupGetPubShared Group
FFDHE6144 PublicNumber
pub = Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
getDHPubShared' Params
ffdhe6144 Int
exp6144 PublicNumber
pub
dhGroupGetPubShared Group
FFDHE8192 PublicNumber
pub = Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
forall (r :: * -> *).
MonadRandom r =>
Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
getDHPubShared' Params
ffdhe8192 Int
exp8192 PublicNumber
pub
dhGroupGetPubShared Group
_ PublicNumber
_ = Maybe (PublicNumber, ScrubbedBytes)
-> r (Maybe (PublicNumber, ScrubbedBytes))
forall a. a -> r a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe (PublicNumber, ScrubbedBytes)
forall a. Maybe a
Nothing
getECDHPubShared
:: (MonadRandom m, EllipticCurveDH curve)
=> (Point curve -> GroupPublicB)
-> proxy curve
-> Point curve
-> m (Maybe (GroupPublicB, GroupKey))
getECDHPubShared :: forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
(Point curve -> GroupPublicB)
-> proxy curve
-> Point curve
-> m (Maybe (GroupPublicB, ScrubbedBytes))
getECDHPubShared Point curve -> GroupPublicB
tag proxy curve
proxy Point curve
pub = do
mx <- CryptoFailable (Point curve, SharedSecret)
-> Maybe (Point curve, SharedSecret)
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable (Point curve, SharedSecret)
-> Maybe (Point curve, SharedSecret))
-> m (CryptoFailable (Point curve, SharedSecret))
-> m (Maybe (Point curve, SharedSecret))
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> proxy curve
-> Point curve -> m (CryptoFailable (Point curve, SharedSecret))
forall (randomly :: * -> *) curve (proxy :: * -> *).
(MonadRandom randomly, EllipticCurveDH curve) =>
proxy curve
-> Point curve
-> randomly (CryptoFailable (Point curve, SharedSecret))
deriveEncrypt proxy curve
proxy Point curve
pub
case mx of
Maybe (Point curve, SharedSecret)
Nothing -> Maybe (GroupPublicB, ScrubbedBytes)
-> m (Maybe (GroupPublicB, ScrubbedBytes))
forall a. a -> m a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe (GroupPublicB, ScrubbedBytes)
forall a. Maybe a
Nothing
Just (Point curve
p, ECC.SharedSecret ScrubbedBytes
s) -> Maybe (GroupPublicB, ScrubbedBytes)
-> m (Maybe (GroupPublicB, ScrubbedBytes))
forall a. a -> m a
forall (m :: * -> *) a. Monad m => a -> m a
return (Maybe (GroupPublicB, ScrubbedBytes)
-> m (Maybe (GroupPublicB, ScrubbedBytes)))
-> Maybe (GroupPublicB, ScrubbedBytes)
-> m (Maybe (GroupPublicB, ScrubbedBytes))
forall a b. (a -> b) -> a -> b
$ (GroupPublicB, ScrubbedBytes)
-> Maybe (GroupPublicB, ScrubbedBytes)
forall a. a -> Maybe a
Just (Point curve -> GroupPublicB
tag Point curve
p, ScrubbedBytes
s)
getECDHPubShared'
:: (MonadRandom m, EllipticCurveDH curve)
=> proxy curve
-> Point curve
-> m (Maybe (Point curve, GroupKey))
getECDHPubShared' :: forall (m :: * -> *) curve (proxy :: * -> *).
(MonadRandom m, EllipticCurveDH curve) =>
proxy curve
-> Point curve -> m (Maybe (Point curve, ScrubbedBytes))
getECDHPubShared' proxy curve
proxy Point curve
pub = do
mx <- CryptoFailable (Point curve, SharedSecret)
-> Maybe (Point curve, SharedSecret)
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable (Point curve, SharedSecret)
-> Maybe (Point curve, SharedSecret))
-> m (CryptoFailable (Point curve, SharedSecret))
-> m (Maybe (Point curve, SharedSecret))
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> proxy curve
-> Point curve -> m (CryptoFailable (Point curve, SharedSecret))
forall (randomly :: * -> *) curve (proxy :: * -> *).
(MonadRandom randomly, EllipticCurveDH curve) =>
proxy curve
-> Point curve
-> randomly (CryptoFailable (Point curve, SharedSecret))
deriveEncrypt proxy curve
proxy Point curve
pub
case mx of
Maybe (Point curve, SharedSecret)
Nothing -> Maybe (Point curve, ScrubbedBytes)
-> m (Maybe (Point curve, ScrubbedBytes))
forall a. a -> m a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe (Point curve, ScrubbedBytes)
forall a. Maybe a
Nothing
Just (Point curve
p, ECC.SharedSecret ScrubbedBytes
s) -> Maybe (Point curve, ScrubbedBytes)
-> m (Maybe (Point curve, ScrubbedBytes))
forall a. a -> m a
forall (m :: * -> *) a. Monad m => a -> m a
return (Maybe (Point curve, ScrubbedBytes)
-> m (Maybe (Point curve, ScrubbedBytes)))
-> Maybe (Point curve, ScrubbedBytes)
-> m (Maybe (Point curve, ScrubbedBytes))
forall a b. (a -> b) -> a -> b
$ (Point curve, ScrubbedBytes) -> Maybe (Point curve, ScrubbedBytes)
forall a. a -> Maybe a
Just (Point curve
p, ScrubbedBytes
s)
getDHPubShared
:: MonadRandom r
=> DH.Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, GroupKey))
getDHPubShared :: forall (r :: * -> *).
MonadRandom r =>
Params
-> Int
-> PublicNumber
-> (PublicNumber -> GroupPublicB)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
getDHPubShared Params
params Int
expBits PublicNumber
pub PublicNumber -> GroupPublicB
pubTag
| Bool -> Bool
not (Params -> PublicNumber -> Bool
valid Params
params PublicNumber
pub) = Maybe (GroupPublicB, ScrubbedBytes)
-> r (Maybe (GroupPublicB, ScrubbedBytes))
forall a. a -> r a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe (GroupPublicB, ScrubbedBytes)
forall a. Maybe a
Nothing
| Bool
otherwise = do
mypri <- Int -> r PrivateNumber
forall (r :: * -> *). MonadRandom r => Int -> r PrivateNumber
generatePriv Int
expBits
let mypub = Params -> PrivateNumber -> PublicNumber
DH.calculatePublic Params
params PrivateNumber
mypri
DH.SharedKey share = DH.getShared params mypri pub
return $ Just (pubTag mypub, share)
getDHPubShared'
:: MonadRandom r
=> DH.Params
-> Int
-> PublicNumber
-> r (Maybe (PublicNumber, GroupKey))
getDHPubShared' :: forall (r :: * -> *).
MonadRandom r =>
Params
-> Int -> PublicNumber -> r (Maybe (PublicNumber, ScrubbedBytes))
getDHPubShared' Params
params Int
expBits PublicNumber
pub
| Bool -> Bool
not (Params -> PublicNumber -> Bool
valid Params
params PublicNumber
pub) = Maybe (PublicNumber, ScrubbedBytes)
-> r (Maybe (PublicNumber, ScrubbedBytes))
forall a. a -> r a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe (PublicNumber, ScrubbedBytes)
forall a. Maybe a
Nothing
| Bool
otherwise = do
mypri <- Int -> r PrivateNumber
forall (r :: * -> *). MonadRandom r => Int -> r PrivateNumber
generatePriv Int
expBits
let share = SharedKey -> ScrubbedBytes
stripLeadingZeros (Params -> PrivateNumber -> PublicNumber -> SharedKey
DH.getShared Params
params PrivateNumber
mypri PublicNumber
pub)
return $ Just (DH.calculatePublic params mypri, convert share)
unwrap :: SharedSecret -> GroupKey
unwrap :: SharedSecret -> ScrubbedBytes
unwrap (ECC.SharedSecret ScrubbedBytes
sec) = ScrubbedBytes
sec
groupDecapsulate :: GroupPublicB -> GroupPrivate -> Maybe GroupKey
groupDecapsulate :: GroupPublicB -> GroupPrivate -> Maybe ScrubbedBytes
groupDecapsulate (GroupPubB_P256 Point Curve_P256R1
pub) (GroupPri_P256 Scalar Curve_P256R1
pri) = (SharedSecret -> ScrubbedBytes
unwrap (SharedSecret -> ScrubbedBytes)
-> Maybe SharedSecret -> Maybe ScrubbedBytes
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$>) (Maybe SharedSecret -> Maybe ScrubbedBytes)
-> (CryptoFailable SharedSecret -> Maybe SharedSecret)
-> CryptoFailable SharedSecret
-> Maybe ScrubbedBytes
forall b c a. (b -> c) -> (a -> b) -> a -> c
. CryptoFailable SharedSecret -> Maybe SharedSecret
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable SharedSecret -> Maybe ScrubbedBytes)
-> CryptoFailable SharedSecret -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P256R1
-> Point Curve_P256R1
-> Scalar Curve_P256R1
-> CryptoFailable SharedSecret
forall curve (proxy :: * -> *).
EllipticCurveDH curve =>
proxy curve
-> Point curve -> Scalar curve -> CryptoFailable SharedSecret
deriveDecrypt Proxy Curve_P256R1
p256 Point Curve_P256R1
pub Scalar Curve_P256R1
pri
groupDecapsulate (GroupPubB_P384 Point Curve_P384R1
pub) (GroupPri_P384 Scalar Curve_P384R1
pri) = (SharedSecret -> ScrubbedBytes
unwrap (SharedSecret -> ScrubbedBytes)
-> Maybe SharedSecret -> Maybe ScrubbedBytes
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$>) (Maybe SharedSecret -> Maybe ScrubbedBytes)
-> (CryptoFailable SharedSecret -> Maybe SharedSecret)
-> CryptoFailable SharedSecret
-> Maybe ScrubbedBytes
forall b c a. (b -> c) -> (a -> b) -> a -> c
. CryptoFailable SharedSecret -> Maybe SharedSecret
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable SharedSecret -> Maybe ScrubbedBytes)
-> CryptoFailable SharedSecret -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P384R1
-> Point Curve_P384R1
-> Scalar Curve_P384R1
-> CryptoFailable SharedSecret
forall curve (proxy :: * -> *).
EllipticCurveDH curve =>
proxy curve
-> Point curve -> Scalar curve -> CryptoFailable SharedSecret
deriveDecrypt Proxy Curve_P384R1
p384 Point Curve_P384R1
pub Scalar Curve_P384R1
pri
groupDecapsulate (GroupPubB_P521 Point Curve_P521R1
pub) (GroupPri_P521 Scalar Curve_P521R1
pri) = (SharedSecret -> ScrubbedBytes
unwrap (SharedSecret -> ScrubbedBytes)
-> Maybe SharedSecret -> Maybe ScrubbedBytes
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$>) (Maybe SharedSecret -> Maybe ScrubbedBytes)
-> (CryptoFailable SharedSecret -> Maybe SharedSecret)
-> CryptoFailable SharedSecret
-> Maybe ScrubbedBytes
forall b c a. (b -> c) -> (a -> b) -> a -> c
. CryptoFailable SharedSecret -> Maybe SharedSecret
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable SharedSecret -> Maybe ScrubbedBytes)
-> CryptoFailable SharedSecret -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P521R1
-> Point Curve_P521R1
-> Scalar Curve_P521R1
-> CryptoFailable SharedSecret
forall curve (proxy :: * -> *).
EllipticCurveDH curve =>
proxy curve
-> Point curve -> Scalar curve -> CryptoFailable SharedSecret
deriveDecrypt Proxy Curve_P521R1
p521 Point Curve_P521R1
pub Scalar Curve_P521R1
pri
groupDecapsulate (GroupPubB_X255 Point Curve_X25519
pub) (GroupPri_X255 Scalar Curve_X25519
pri) = (SharedSecret -> ScrubbedBytes
unwrap (SharedSecret -> ScrubbedBytes)
-> Maybe SharedSecret -> Maybe ScrubbedBytes
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$>) (Maybe SharedSecret -> Maybe ScrubbedBytes)
-> (CryptoFailable SharedSecret -> Maybe SharedSecret)
-> CryptoFailable SharedSecret
-> Maybe ScrubbedBytes
forall b c a. (b -> c) -> (a -> b) -> a -> c
. CryptoFailable SharedSecret -> Maybe SharedSecret
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable SharedSecret -> Maybe ScrubbedBytes)
-> CryptoFailable SharedSecret -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ Proxy Curve_X25519
-> Point Curve_X25519
-> Scalar Curve_X25519
-> CryptoFailable SharedSecret
forall curve (proxy :: * -> *).
EllipticCurveDH curve =>
proxy curve
-> Point curve -> Scalar curve -> CryptoFailable SharedSecret
deriveDecrypt Proxy Curve_X25519
x25519 Point Curve_X25519
pub Scalar Curve_X25519
pri
groupDecapsulate (GroupPubB_X448 Point Curve_X448
pub) (GroupPri_X448 Scalar Curve_X448
pri) = (SharedSecret -> ScrubbedBytes
unwrap (SharedSecret -> ScrubbedBytes)
-> Maybe SharedSecret -> Maybe ScrubbedBytes
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$>) (Maybe SharedSecret -> Maybe ScrubbedBytes)
-> (CryptoFailable SharedSecret -> Maybe SharedSecret)
-> CryptoFailable SharedSecret
-> Maybe ScrubbedBytes
forall b c a. (b -> c) -> (a -> b) -> a -> c
. CryptoFailable SharedSecret -> Maybe SharedSecret
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable SharedSecret -> Maybe ScrubbedBytes)
-> CryptoFailable SharedSecret -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ Proxy Curve_X448
-> Point Curve_X448
-> Scalar Curve_X448
-> CryptoFailable SharedSecret
forall curve (proxy :: * -> *).
EllipticCurveDH curve =>
proxy curve
-> Point curve -> Scalar curve -> CryptoFailable SharedSecret
deriveDecrypt Proxy Curve_X448
x448 Point Curve_X448
pub Scalar Curve_X448
pri
groupDecapsulate (GroupPubB_FFDHE2048 PublicNumber
pub) (GroupPri_FFDHE2048 PrivateNumber
pri) = Params -> PublicNumber -> PrivateNumber -> Maybe ScrubbedBytes
calcDHShared Params
ffdhe2048 PublicNumber
pub PrivateNumber
pri
groupDecapsulate (GroupPubB_FFDHE3072 PublicNumber
pub) (GroupPri_FFDHE3072 PrivateNumber
pri) = Params -> PublicNumber -> PrivateNumber -> Maybe ScrubbedBytes
calcDHShared Params
ffdhe3072 PublicNumber
pub PrivateNumber
pri
groupDecapsulate (GroupPubB_FFDHE4096 PublicNumber
pub) (GroupPri_FFDHE4096 PrivateNumber
pri) = Params -> PublicNumber -> PrivateNumber -> Maybe ScrubbedBytes
calcDHShared Params
ffdhe4096 PublicNumber
pub PrivateNumber
pri
groupDecapsulate (GroupPubB_FFDHE6144 PublicNumber
pub) (GroupPri_FFDHE6144 PrivateNumber
pri) = Params -> PublicNumber -> PrivateNumber -> Maybe ScrubbedBytes
calcDHShared Params
ffdhe6144 PublicNumber
pub PrivateNumber
pri
groupDecapsulate (GroupPubB_FFDHE8192 PublicNumber
pub) (GroupPri_FFDHE8192 PrivateNumber
pri) = Params -> PublicNumber -> PrivateNumber -> Maybe ScrubbedBytes
calcDHShared Params
ffdhe8192 PublicNumber
pub PrivateNumber
pri
groupDecapsulate (GroupPubB_MLKEM512 Ciphertext ML_KEM_512
p) (GroupPri_MLKEM512 DecapsulationKey ML_KEM_512
s) =
ScrubbedBytes -> Maybe ScrubbedBytes
forall a. a -> Maybe a
Just (ScrubbedBytes -> Maybe ScrubbedBytes)
-> ScrubbedBytes -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ SharedSecret ML_KEM_512 -> ScrubbedBytes
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert (SharedSecret ML_KEM_512 -> ScrubbedBytes)
-> SharedSecret ML_KEM_512 -> ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ DecapsulationKey ML_KEM_512
-> Ciphertext ML_KEM_512 -> SharedSecret ML_KEM_512
forall a.
ParamSet a =>
DecapsulationKey a -> Ciphertext a -> SharedSecret a
ML.decapsulate DecapsulationKey ML_KEM_512
s Ciphertext ML_KEM_512
p
groupDecapsulate (GroupPubB_MLKEM768 Ciphertext ML_KEM_768
p) (GroupPri_MLKEM768 DecapsulationKey ML_KEM_768
s) =
ScrubbedBytes -> Maybe ScrubbedBytes
forall a. a -> Maybe a
Just (ScrubbedBytes -> Maybe ScrubbedBytes)
-> ScrubbedBytes -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ SharedSecret ML_KEM_768 -> ScrubbedBytes
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert (SharedSecret ML_KEM_768 -> ScrubbedBytes)
-> SharedSecret ML_KEM_768 -> ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ DecapsulationKey ML_KEM_768
-> Ciphertext ML_KEM_768 -> SharedSecret ML_KEM_768
forall a.
ParamSet a =>
DecapsulationKey a -> Ciphertext a -> SharedSecret a
ML.decapsulate DecapsulationKey ML_KEM_768
s Ciphertext ML_KEM_768
p
groupDecapsulate (GroupPubB_MLKEM1024 Ciphertext ML_KEM_1024
p) (GroupPri_MLKEM1024 DecapsulationKey ML_KEM_1024
s) =
ScrubbedBytes -> Maybe ScrubbedBytes
forall a. a -> Maybe a
Just (ScrubbedBytes -> Maybe ScrubbedBytes)
-> ScrubbedBytes -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ SharedSecret ML_KEM_1024 -> ScrubbedBytes
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert (SharedSecret ML_KEM_1024 -> ScrubbedBytes)
-> SharedSecret ML_KEM_1024 -> ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ DecapsulationKey ML_KEM_1024
-> Ciphertext ML_KEM_1024 -> SharedSecret ML_KEM_1024
forall a.
ParamSet a =>
DecapsulationKey a -> Ciphertext a -> SharedSecret a
ML.decapsulate DecapsulationKey ML_KEM_1024
s Ciphertext ML_KEM_1024
p
groupDecapsulate (GroupPubB_X25519MLKEM768 (Point Curve_X25519
p1, Ciphertext ML_KEM_768
p2)) (GroupPri_X25519MLKEM768 (Scalar Curve_X25519
s1, DecapsulationKey ML_KEM_768
s2)) = do
bs1 <- (SharedSecret -> ScrubbedBytes
unwrap (SharedSecret -> ScrubbedBytes)
-> Maybe SharedSecret -> Maybe ScrubbedBytes
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$>) (Maybe SharedSecret -> Maybe ScrubbedBytes)
-> (CryptoFailable SharedSecret -> Maybe SharedSecret)
-> CryptoFailable SharedSecret
-> Maybe ScrubbedBytes
forall b c a. (b -> c) -> (a -> b) -> a -> c
. CryptoFailable SharedSecret -> Maybe SharedSecret
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable SharedSecret -> Maybe ScrubbedBytes)
-> CryptoFailable SharedSecret -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ Proxy Curve_X25519
-> Point Curve_X25519
-> Scalar Curve_X25519
-> CryptoFailable SharedSecret
forall curve (proxy :: * -> *).
EllipticCurveDH curve =>
proxy curve
-> Point curve -> Scalar curve -> CryptoFailable SharedSecret
deriveDecrypt Proxy Curve_X25519
x25519 Point Curve_X25519
p1 Scalar Curve_X25519
s1
let bs2 = SharedSecret ML_KEM_768 -> ScrubbedBytes
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert (SharedSecret ML_KEM_768 -> ScrubbedBytes)
-> SharedSecret ML_KEM_768 -> ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ DecapsulationKey ML_KEM_768
-> Ciphertext ML_KEM_768 -> SharedSecret ML_KEM_768
forall a.
ParamSet a =>
DecapsulationKey a -> Ciphertext a -> SharedSecret a
ML.decapsulate DecapsulationKey ML_KEM_768
s2 Ciphertext ML_KEM_768
p2
return (bs2 <> bs1)
groupDecapsulate (GroupPubB_P256MLKEM768 (Point Curve_P256R1
p1, Ciphertext ML_KEM_768
p2)) (GroupPri_P256MLKEM768 (Scalar Curve_P256R1
s1, DecapsulationKey ML_KEM_768
s2)) = do
bs1 <- (SharedSecret -> ScrubbedBytes
unwrap (SharedSecret -> ScrubbedBytes)
-> Maybe SharedSecret -> Maybe ScrubbedBytes
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$>) (Maybe SharedSecret -> Maybe ScrubbedBytes)
-> (CryptoFailable SharedSecret -> Maybe SharedSecret)
-> CryptoFailable SharedSecret
-> Maybe ScrubbedBytes
forall b c a. (b -> c) -> (a -> b) -> a -> c
. CryptoFailable SharedSecret -> Maybe SharedSecret
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable SharedSecret -> Maybe ScrubbedBytes)
-> CryptoFailable SharedSecret -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P256R1
-> Point Curve_P256R1
-> Scalar Curve_P256R1
-> CryptoFailable SharedSecret
forall curve (proxy :: * -> *).
EllipticCurveDH curve =>
proxy curve
-> Point curve -> Scalar curve -> CryptoFailable SharedSecret
deriveDecrypt Proxy Curve_P256R1
p256 Point Curve_P256R1
p1 Scalar Curve_P256R1
s1
let bs2 = SharedSecret ML_KEM_768 -> ScrubbedBytes
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert (SharedSecret ML_KEM_768 -> ScrubbedBytes)
-> SharedSecret ML_KEM_768 -> ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ DecapsulationKey ML_KEM_768
-> Ciphertext ML_KEM_768 -> SharedSecret ML_KEM_768
forall a.
ParamSet a =>
DecapsulationKey a -> Ciphertext a -> SharedSecret a
ML.decapsulate DecapsulationKey ML_KEM_768
s2 Ciphertext ML_KEM_768
p2
return (bs1 <> bs2)
groupDecapsulate (GroupPubB_P384MLKEM1024 (Point Curve_P384R1
p1, Ciphertext ML_KEM_1024
p2)) (GroupPri_P384MLKEM1024 (Scalar Curve_P384R1
s1, DecapsulationKey ML_KEM_1024
s2)) = do
bs1 <- (SharedSecret -> ScrubbedBytes
unwrap (SharedSecret -> ScrubbedBytes)
-> Maybe SharedSecret -> Maybe ScrubbedBytes
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$>) (Maybe SharedSecret -> Maybe ScrubbedBytes)
-> (CryptoFailable SharedSecret -> Maybe SharedSecret)
-> CryptoFailable SharedSecret
-> Maybe ScrubbedBytes
forall b c a. (b -> c) -> (a -> b) -> a -> c
. CryptoFailable SharedSecret -> Maybe SharedSecret
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable SharedSecret -> Maybe ScrubbedBytes)
-> CryptoFailable SharedSecret -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P384R1
-> Point Curve_P384R1
-> Scalar Curve_P384R1
-> CryptoFailable SharedSecret
forall curve (proxy :: * -> *).
EllipticCurveDH curve =>
proxy curve
-> Point curve -> Scalar curve -> CryptoFailable SharedSecret
deriveDecrypt Proxy Curve_P384R1
p384 Point Curve_P384R1
p1 Scalar Curve_P384R1
s1
let bs2 = SharedSecret ML_KEM_1024 -> ScrubbedBytes
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert (SharedSecret ML_KEM_1024 -> ScrubbedBytes)
-> SharedSecret ML_KEM_1024 -> ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ DecapsulationKey ML_KEM_1024
-> Ciphertext ML_KEM_1024 -> SharedSecret ML_KEM_1024
forall a.
ParamSet a =>
DecapsulationKey a -> Ciphertext a -> SharedSecret a
ML.decapsulate DecapsulationKey ML_KEM_1024
s2 Ciphertext ML_KEM_1024
p2
return (bs1 <> bs2)
groupDecapsulate GroupPublicB
_ GroupPrivate
_ = Maybe ScrubbedBytes
forall a. Maybe a
Nothing
calcDHShared :: DH.Params -> PublicNumber -> PrivateNumber -> Maybe GroupKey
calcDHShared :: Params -> PublicNumber -> PrivateNumber -> Maybe ScrubbedBytes
calcDHShared Params
params PublicNumber
pub PrivateNumber
pri
| Params -> PublicNumber -> Bool
valid Params
params PublicNumber
pub = ScrubbedBytes -> Maybe ScrubbedBytes
forall a. a -> Maybe a
Just (ScrubbedBytes -> Maybe ScrubbedBytes)
-> ScrubbedBytes -> Maybe ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ SharedKey -> ScrubbedBytes
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert SharedKey
share
| Bool
otherwise = Maybe ScrubbedBytes
forall a. Maybe a
Nothing
where
share :: SharedKey
share = Params -> PrivateNumber -> PublicNumber -> SharedKey
DH.getShared Params
params PrivateNumber
pri PublicNumber
pub
groupEncodePublicA :: GroupPublicA -> ByteString
groupEncodePublicA :: GroupPublicA -> ByteString
groupEncodePublicA (GroupPubA_P256 Point Curve_P256R1
p) = Proxy Curve_P256R1 -> Point Curve_P256R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P256R1 -> Point Curve_P256R1 -> bs
encodePoint Proxy Curve_P256R1
p256 Point Curve_P256R1
p
groupEncodePublicA (GroupPubA_P384 Point Curve_P384R1
p) = Proxy Curve_P384R1 -> Point Curve_P384R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P384R1 -> Point Curve_P384R1 -> bs
encodePoint Proxy Curve_P384R1
p384 Point Curve_P384R1
p
groupEncodePublicA (GroupPubA_P521 Point Curve_P521R1
p) = Proxy Curve_P521R1 -> Point Curve_P521R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P521R1 -> Point Curve_P521R1 -> bs
encodePoint Proxy Curve_P521R1
p521 Point Curve_P521R1
p
groupEncodePublicA (GroupPubA_X255 Point Curve_X25519
p) = Proxy Curve_X25519 -> Point Curve_X25519 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X25519 -> Point Curve_X25519 -> bs
encodePoint Proxy Curve_X25519
x25519 Point Curve_X25519
p
groupEncodePublicA (GroupPubA_X448 Point Curve_X448
p) = Proxy Curve_X448 -> Point Curve_X448 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X448 -> Point Curve_X448 -> bs
encodePoint Proxy Curve_X448
x448 Point Curve_X448
p
groupEncodePublicA (GroupPubA_FFDHE2048 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe2048 PublicNumber
p
groupEncodePublicA (GroupPubA_FFDHE3072 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe3072 PublicNumber
p
groupEncodePublicA (GroupPubA_FFDHE4096 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe4096 PublicNumber
p
groupEncodePublicA (GroupPubA_FFDHE6144 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe6144 PublicNumber
p
groupEncodePublicA (GroupPubA_FFDHE8192 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe8192 PublicNumber
p
groupEncodePublicA (GroupPubA_MLKEM512 EncapsulationKey ML_KEM_512
p) = EncapsulationKey ML_KEM_512 -> ByteString
forall ba a. ByteArray ba => EncapsulationKey a -> ba
forall (obj :: * -> *) ba a.
(Encode obj, ByteArray ba) =>
obj a -> ba
ML.encode EncapsulationKey ML_KEM_512
p
groupEncodePublicA (GroupPubA_MLKEM768 EncapsulationKey ML_KEM_768
p) = EncapsulationKey ML_KEM_768 -> ByteString
forall ba a. ByteArray ba => EncapsulationKey a -> ba
forall (obj :: * -> *) ba a.
(Encode obj, ByteArray ba) =>
obj a -> ba
ML.encode EncapsulationKey ML_KEM_768
p
groupEncodePublicA (GroupPubA_MLKEM1024 EncapsulationKey ML_KEM_1024
p) = EncapsulationKey ML_KEM_1024 -> ByteString
forall ba a. ByteArray ba => EncapsulationKey a -> ba
forall (obj :: * -> *) ba a.
(Encode obj, ByteArray ba) =>
obj a -> ba
ML.encode EncapsulationKey ML_KEM_1024
p
groupEncodePublicA (GroupPubA_X25519MLKEM768 (Point Curve_X25519
p1, EncapsulationKey ML_KEM_768
p2)) =
EncapsulationKey ML_KEM_768 -> ByteString
forall ba a. ByteArray ba => EncapsulationKey a -> ba
forall (obj :: * -> *) ba a.
(Encode obj, ByteArray ba) =>
obj a -> ba
ML.encode EncapsulationKey ML_KEM_768
p2 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> Proxy Curve_X25519 -> Point Curve_X25519 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X25519 -> Point Curve_X25519 -> bs
encodePoint Proxy Curve_X25519
x25519 Point Curve_X25519
p1
groupEncodePublicA (GroupPubA_P256MLKEM768 (Point Curve_P256R1
p1, EncapsulationKey ML_KEM_768
p2)) =
Proxy Curve_P256R1 -> Point Curve_P256R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P256R1 -> Point Curve_P256R1 -> bs
encodePoint Proxy Curve_P256R1
p256 Point Curve_P256R1
p1 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> EncapsulationKey ML_KEM_768 -> ByteString
forall ba a. ByteArray ba => EncapsulationKey a -> ba
forall (obj :: * -> *) ba a.
(Encode obj, ByteArray ba) =>
obj a -> ba
ML.encode EncapsulationKey ML_KEM_768
p2
groupEncodePublicA (GroupPubA_P384MLKEM1024 (Point Curve_P384R1
p1, EncapsulationKey ML_KEM_1024
p2)) =
Proxy Curve_P384R1 -> Point Curve_P384R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P384R1 -> Point Curve_P384R1 -> bs
encodePoint Proxy Curve_P384R1
p384 Point Curve_P384R1
p1 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> EncapsulationKey ML_KEM_1024 -> ByteString
forall ba a. ByteArray ba => EncapsulationKey a -> ba
forall (obj :: * -> *) ba a.
(Encode obj, ByteArray ba) =>
obj a -> ba
ML.encode EncapsulationKey ML_KEM_1024
p2
groupEncodePublicB :: GroupPublicB -> ByteString
groupEncodePublicB :: GroupPublicB -> ByteString
groupEncodePublicB (GroupPubB_P256 Point Curve_P256R1
p) = Proxy Curve_P256R1 -> Point Curve_P256R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P256R1 -> Point Curve_P256R1 -> bs
encodePoint Proxy Curve_P256R1
p256 Point Curve_P256R1
p
groupEncodePublicB (GroupPubB_P384 Point Curve_P384R1
p) = Proxy Curve_P384R1 -> Point Curve_P384R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P384R1 -> Point Curve_P384R1 -> bs
encodePoint Proxy Curve_P384R1
p384 Point Curve_P384R1
p
groupEncodePublicB (GroupPubB_P521 Point Curve_P521R1
p) = Proxy Curve_P521R1 -> Point Curve_P521R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P521R1 -> Point Curve_P521R1 -> bs
encodePoint Proxy Curve_P521R1
p521 Point Curve_P521R1
p
groupEncodePublicB (GroupPubB_X255 Point Curve_X25519
p) = Proxy Curve_X25519 -> Point Curve_X25519 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X25519 -> Point Curve_X25519 -> bs
encodePoint Proxy Curve_X25519
x25519 Point Curve_X25519
p
groupEncodePublicB (GroupPubB_X448 Point Curve_X448
p) = Proxy Curve_X448 -> Point Curve_X448 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X448 -> Point Curve_X448 -> bs
encodePoint Proxy Curve_X448
x448 Point Curve_X448
p
groupEncodePublicB (GroupPubB_FFDHE2048 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe2048 PublicNumber
p
groupEncodePublicB (GroupPubB_FFDHE3072 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe3072 PublicNumber
p
groupEncodePublicB (GroupPubB_FFDHE4096 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe4096 PublicNumber
p
groupEncodePublicB (GroupPubB_FFDHE6144 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe6144 PublicNumber
p
groupEncodePublicB (GroupPubB_FFDHE8192 PublicNumber
p) = Params -> PublicNumber -> ByteString
enc Params
ffdhe8192 PublicNumber
p
groupEncodePublicB (GroupPubB_MLKEM512 Ciphertext ML_KEM_512
p) = Ciphertext ML_KEM_512 -> ByteString
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert Ciphertext ML_KEM_512
p
groupEncodePublicB (GroupPubB_MLKEM768 Ciphertext ML_KEM_768
p) = Ciphertext ML_KEM_768 -> ByteString
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert Ciphertext ML_KEM_768
p
groupEncodePublicB (GroupPubB_MLKEM1024 Ciphertext ML_KEM_1024
p) = Ciphertext ML_KEM_1024 -> ByteString
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert Ciphertext ML_KEM_1024
p
groupEncodePublicB (GroupPubB_X25519MLKEM768 (Point Curve_X25519
p1, Ciphertext ML_KEM_768
p2)) =
Ciphertext ML_KEM_768 -> ByteString
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert Ciphertext ML_KEM_768
p2 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> Proxy Curve_X25519 -> Point Curve_X25519 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X25519 -> Point Curve_X25519 -> bs
encodePoint Proxy Curve_X25519
x25519 Point Curve_X25519
p1
groupEncodePublicB (GroupPubB_P256MLKEM768 (Point Curve_P256R1
p1, Ciphertext ML_KEM_768
p2)) =
Proxy Curve_P256R1 -> Point Curve_P256R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P256R1 -> Point Curve_P256R1 -> bs
encodePoint Proxy Curve_P256R1
p256 Point Curve_P256R1
p1 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> Ciphertext ML_KEM_768 -> ByteString
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert Ciphertext ML_KEM_768
p2
groupEncodePublicB (GroupPubB_P384MLKEM1024 (Point Curve_P384R1
p1, Ciphertext ML_KEM_1024
p2)) =
Proxy Curve_P384R1 -> Point Curve_P384R1 -> ByteString
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> Point curve -> bs
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P384R1 -> Point Curve_P384R1 -> bs
encodePoint Proxy Curve_P384R1
p384 Point Curve_P384R1
p1 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> Ciphertext ML_KEM_1024 -> ByteString
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert Ciphertext ML_KEM_1024
p2
enc :: DH.Params -> PublicNumber -> ByteString
enc :: Params -> PublicNumber -> ByteString
enc Params
params (PublicNumber Integer
p) = Int -> Integer -> ByteString
forall ba. ByteArray ba => Int -> Integer -> ba
i2ospOf_ ((Params -> Int
DH.params_bits Params
params Int -> Int -> Int
forall a. Num a => a -> a -> a
+ Int
7) Int -> Int -> Int
forall a. Integral a => a -> a -> a
`div` Int
8) Integer
p
groupDecodePublicA :: Group -> ByteString -> Either CryptoError GroupPublicA
groupDecodePublicA :: Group -> ByteString -> Either CryptoError GroupPublicA
groupDecodePublicA Group
P256 ByteString
bs = CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA)
-> CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ Point Curve_P256R1 -> GroupPublicA
Point -> GroupPublicA
GroupPubA_P256 (Point -> GroupPublicA)
-> CryptoFailable Point -> CryptoFailable GroupPublicA
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_P256R1
-> ByteString -> CryptoFailable (Point Curve_P256R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P256R1 -> bs -> CryptoFailable (Point Curve_P256R1)
decodePoint Proxy Curve_P256R1
p256 ByteString
bs
groupDecodePublicA Group
P384 ByteString
bs = CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA)
-> CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ Point Curve_P384R1 -> GroupPublicA
Point SEC_p384r1 -> GroupPublicA
GroupPubA_P384 (Point SEC_p384r1 -> GroupPublicA)
-> CryptoFailable (Point SEC_p384r1) -> CryptoFailable GroupPublicA
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_P384R1
-> ByteString -> CryptoFailable (Point Curve_P384R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P384R1 -> bs -> CryptoFailable (Point Curve_P384R1)
decodePoint Proxy Curve_P384R1
p384 ByteString
bs
groupDecodePublicA Group
P521 ByteString
bs = CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA)
-> CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ Point Curve_P521R1 -> GroupPublicA
Point SEC_p521r1 -> GroupPublicA
GroupPubA_P521 (Point SEC_p521r1 -> GroupPublicA)
-> CryptoFailable (Point SEC_p521r1) -> CryptoFailable GroupPublicA
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_P521R1
-> ByteString -> CryptoFailable (Point Curve_P521R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P521R1 -> bs -> CryptoFailable (Point Curve_P521R1)
decodePoint Proxy Curve_P521R1
p521 ByteString
bs
groupDecodePublicA Group
X25519 ByteString
bs = CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA)
-> CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ Point Curve_X25519 -> GroupPublicA
PublicKey -> GroupPublicA
GroupPubA_X255 (PublicKey -> GroupPublicA)
-> CryptoFailable PublicKey -> CryptoFailable GroupPublicA
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_X25519
-> ByteString -> CryptoFailable (Point Curve_X25519)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X25519 -> bs -> CryptoFailable (Point Curve_X25519)
decodePoint Proxy Curve_X25519
x25519 ByteString
bs
groupDecodePublicA Group
X448 ByteString
bs = CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA)
-> CryptoFailable GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ Point Curve_X448 -> GroupPublicA
PublicKey -> GroupPublicA
GroupPubA_X448 (PublicKey -> GroupPublicA)
-> CryptoFailable PublicKey -> CryptoFailable GroupPublicA
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_X448 -> ByteString -> CryptoFailable (Point Curve_X448)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X448 -> bs -> CryptoFailable (Point Curve_X448)
decodePoint Proxy Curve_X448
x448 ByteString
bs
groupDecodePublicA Group
FFDHE2048 ByteString
bs = GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> (Integer -> GroupPublicA)
-> Integer
-> Either CryptoError GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicA
GroupPubA_FFDHE2048 (PublicNumber -> GroupPublicA)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicA)
-> Integer -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicA Group
FFDHE3072 ByteString
bs = GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> (Integer -> GroupPublicA)
-> Integer
-> Either CryptoError GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicA
GroupPubA_FFDHE3072 (PublicNumber -> GroupPublicA)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicA)
-> Integer -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicA Group
FFDHE4096 ByteString
bs = GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> (Integer -> GroupPublicA)
-> Integer
-> Either CryptoError GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicA
GroupPubA_FFDHE4096 (PublicNumber -> GroupPublicA)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicA)
-> Integer -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicA Group
FFDHE6144 ByteString
bs = GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> (Integer -> GroupPublicA)
-> Integer
-> Either CryptoError GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicA
GroupPubA_FFDHE6144 (PublicNumber -> GroupPublicA)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicA)
-> Integer -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicA Group
FFDHE8192 ByteString
bs = GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> (Integer -> GroupPublicA)
-> Integer
-> Either CryptoError GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicA
GroupPubA_FFDHE8192 (PublicNumber -> GroupPublicA)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicA
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicA)
-> Integer -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicA Group
MLKEM512 ByteString
bs = case Proxy ML_KEM_512
-> ByteString -> Maybe (EncapsulationKey ML_KEM_512)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (EncapsulationKey a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_512
mlkem512 ByteString
bs of
Maybe (EncapsulationKey ML_KEM_512)
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just EncapsulationKey ML_KEM_512
p -> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ EncapsulationKey ML_KEM_512 -> GroupPublicA
GroupPubA_MLKEM512 EncapsulationKey ML_KEM_512
p
groupDecodePublicA Group
MLKEM768 ByteString
bs = case Proxy ML_KEM_768
-> ByteString -> Maybe (EncapsulationKey ML_KEM_768)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (EncapsulationKey a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_768
mlkem768 ByteString
bs of
Maybe (EncapsulationKey ML_KEM_768)
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just EncapsulationKey ML_KEM_768
p -> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ EncapsulationKey ML_KEM_768 -> GroupPublicA
GroupPubA_MLKEM768 EncapsulationKey ML_KEM_768
p
groupDecodePublicA Group
MLKEM1024 ByteString
bs = case Proxy ML_KEM_1024
-> ByteString -> Maybe (EncapsulationKey ML_KEM_1024)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (EncapsulationKey a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_1024
mlkem1024 ByteString
bs of
Maybe (EncapsulationKey ML_KEM_1024)
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just EncapsulationKey ML_KEM_1024
p -> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ EncapsulationKey ML_KEM_1024 -> GroupPublicA
GroupPubA_MLKEM1024 EncapsulationKey ML_KEM_1024
p
groupDecodePublicA Group
X25519MLKEM768 ByteString
bs =
let (ByteString
bs1, ByteString
bs2) = Int -> ByteString -> (ByteString, ByteString)
forall bs. ByteArray bs => Int -> bs -> (bs, bs)
BA.splitAt Int
1184 ByteString
bs
in case Proxy ML_KEM_768
-> ByteString -> Maybe (EncapsulationKey ML_KEM_768)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (EncapsulationKey a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_768
mlkem768 ByteString
bs1 of
Maybe (EncapsulationKey ML_KEM_768)
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just EncapsulationKey ML_KEM_768
p1 -> case CryptoFailable PublicKey -> Maybe PublicKey
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable PublicKey -> Maybe PublicKey)
-> CryptoFailable PublicKey -> Maybe PublicKey
forall a b. (a -> b) -> a -> b
$ Proxy Curve_X25519
-> ByteString -> CryptoFailable (Point Curve_X25519)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X25519 -> bs -> CryptoFailable (Point Curve_X25519)
decodePoint Proxy Curve_X25519
x25519 ByteString
bs2 of
Maybe PublicKey
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just PublicKey
p2 -> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ (Point Curve_X25519, EncapsulationKey ML_KEM_768) -> GroupPublicA
GroupPubA_X25519MLKEM768 (Point Curve_X25519
PublicKey
p2, EncapsulationKey ML_KEM_768
p1)
groupDecodePublicA Group
P256MLKEM768 ByteString
bs =
let (ByteString
bs1, ByteString
bs2) = Int -> ByteString -> (ByteString, ByteString)
forall bs. ByteArray bs => Int -> bs -> (bs, bs)
BA.splitAt Int
65 ByteString
bs
in case Proxy ML_KEM_768
-> ByteString -> Maybe (EncapsulationKey ML_KEM_768)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (EncapsulationKey a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_768
mlkem768 ByteString
bs2 of
Maybe (EncapsulationKey ML_KEM_768)
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just EncapsulationKey ML_KEM_768
p1 -> case CryptoFailable Point -> Maybe Point
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable Point -> Maybe Point)
-> CryptoFailable Point -> Maybe Point
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P256R1
-> ByteString -> CryptoFailable (Point Curve_P256R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P256R1 -> bs -> CryptoFailable (Point Curve_P256R1)
decodePoint Proxy Curve_P256R1
p256 ByteString
bs1 of
Maybe Point
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Point
p2 -> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ (Point Curve_P256R1, EncapsulationKey ML_KEM_768) -> GroupPublicA
GroupPubA_P256MLKEM768 (Point Curve_P256R1
Point
p2, EncapsulationKey ML_KEM_768
p1)
groupDecodePublicA Group
P384MLKEM1024 ByteString
bs =
let (ByteString
bs1, ByteString
bs2) = Int -> ByteString -> (ByteString, ByteString)
forall bs. ByteArray bs => Int -> bs -> (bs, bs)
BA.splitAt Int
97 ByteString
bs
in case Proxy ML_KEM_1024
-> ByteString -> Maybe (EncapsulationKey ML_KEM_1024)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (EncapsulationKey a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_1024
mlkem1024 ByteString
bs2 of
Maybe (EncapsulationKey ML_KEM_1024)
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just EncapsulationKey ML_KEM_1024
p1 -> case CryptoFailable (Point SEC_p384r1) -> Maybe (Point SEC_p384r1)
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable (Point SEC_p384r1) -> Maybe (Point SEC_p384r1))
-> CryptoFailable (Point SEC_p384r1) -> Maybe (Point SEC_p384r1)
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P384R1
-> ByteString -> CryptoFailable (Point Curve_P384R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P384R1 -> bs -> CryptoFailable (Point Curve_P384R1)
decodePoint Proxy Curve_P384R1
p384 ByteString
bs1 of
Maybe (Point SEC_p384r1)
Nothing -> CryptoError -> Either CryptoError GroupPublicA
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Point SEC_p384r1
p2 -> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. b -> Either a b
Right (GroupPublicA -> Either CryptoError GroupPublicA)
-> GroupPublicA -> Either CryptoError GroupPublicA
forall a b. (a -> b) -> a -> b
$ (Point Curve_P384R1, EncapsulationKey ML_KEM_1024) -> GroupPublicA
GroupPubA_P384MLKEM1024 (Point Curve_P384R1
Point SEC_p384r1
p2, EncapsulationKey ML_KEM_1024
p1)
groupDecodePublicA Group
_ ByteString
_ = String -> Either CryptoError GroupPublicA
forall a. HasCallStack => String -> a
error String
"groupDecodePublicA"
groupDecodePublicB :: Group -> ByteString -> Either CryptoError GroupPublicB
groupDecodePublicB :: Group -> ByteString -> Either CryptoError GroupPublicB
groupDecodePublicB Group
P256 ByteString
bs = CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB)
-> CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ Point Curve_P256R1 -> GroupPublicB
Point -> GroupPublicB
GroupPubB_P256 (Point -> GroupPublicB)
-> CryptoFailable Point -> CryptoFailable GroupPublicB
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_P256R1
-> ByteString -> CryptoFailable (Point Curve_P256R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P256R1 -> bs -> CryptoFailable (Point Curve_P256R1)
decodePoint Proxy Curve_P256R1
p256 ByteString
bs
groupDecodePublicB Group
P384 ByteString
bs = CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB)
-> CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ Point Curve_P384R1 -> GroupPublicB
Point SEC_p384r1 -> GroupPublicB
GroupPubB_P384 (Point SEC_p384r1 -> GroupPublicB)
-> CryptoFailable (Point SEC_p384r1) -> CryptoFailable GroupPublicB
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_P384R1
-> ByteString -> CryptoFailable (Point Curve_P384R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P384R1 -> bs -> CryptoFailable (Point Curve_P384R1)
decodePoint Proxy Curve_P384R1
p384 ByteString
bs
groupDecodePublicB Group
P521 ByteString
bs = CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB)
-> CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ Point Curve_P521R1 -> GroupPublicB
Point SEC_p521r1 -> GroupPublicB
GroupPubB_P521 (Point SEC_p521r1 -> GroupPublicB)
-> CryptoFailable (Point SEC_p521r1) -> CryptoFailable GroupPublicB
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_P521R1
-> ByteString -> CryptoFailable (Point Curve_P521R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P521R1 -> bs -> CryptoFailable (Point Curve_P521R1)
decodePoint Proxy Curve_P521R1
p521 ByteString
bs
groupDecodePublicB Group
X25519 ByteString
bs = CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB)
-> CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ Point Curve_X25519 -> GroupPublicB
PublicKey -> GroupPublicB
GroupPubB_X255 (PublicKey -> GroupPublicB)
-> CryptoFailable PublicKey -> CryptoFailable GroupPublicB
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_X25519
-> ByteString -> CryptoFailable (Point Curve_X25519)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X25519 -> bs -> CryptoFailable (Point Curve_X25519)
decodePoint Proxy Curve_X25519
x25519 ByteString
bs
groupDecodePublicB Group
X448 ByteString
bs = CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a. CryptoFailable a -> Either CryptoError a
eitherCryptoError (CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB)
-> CryptoFailable GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ Point Curve_X448 -> GroupPublicB
PublicKey -> GroupPublicB
GroupPubB_X448 (PublicKey -> GroupPublicB)
-> CryptoFailable PublicKey -> CryptoFailable GroupPublicB
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Proxy Curve_X448 -> ByteString -> CryptoFailable (Point Curve_X448)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X448 -> bs -> CryptoFailable (Point Curve_X448)
decodePoint Proxy Curve_X448
x448 ByteString
bs
groupDecodePublicB Group
FFDHE2048 ByteString
bs = GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> (Integer -> GroupPublicB)
-> Integer
-> Either CryptoError GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicB
GroupPubB_FFDHE2048 (PublicNumber -> GroupPublicB)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicB)
-> Integer -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicB Group
FFDHE3072 ByteString
bs = GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> (Integer -> GroupPublicB)
-> Integer
-> Either CryptoError GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicB
GroupPubB_FFDHE3072 (PublicNumber -> GroupPublicB)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicB)
-> Integer -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicB Group
FFDHE4096 ByteString
bs = GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> (Integer -> GroupPublicB)
-> Integer
-> Either CryptoError GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicB
GroupPubB_FFDHE4096 (PublicNumber -> GroupPublicB)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicB)
-> Integer -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicB Group
FFDHE6144 ByteString
bs = GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> (Integer -> GroupPublicB)
-> Integer
-> Either CryptoError GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicB
GroupPubB_FFDHE6144 (PublicNumber -> GroupPublicB)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicB)
-> Integer -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicB Group
FFDHE8192 ByteString
bs = GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> (Integer -> GroupPublicB)
-> Integer
-> Either CryptoError GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicNumber -> GroupPublicB
GroupPubB_FFDHE8192 (PublicNumber -> GroupPublicB)
-> (Integer -> PublicNumber) -> Integer -> GroupPublicB
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Integer -> PublicNumber
PublicNumber (Integer -> Either CryptoError GroupPublicB)
-> Integer -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
bs
groupDecodePublicB Group
MLKEM512 ByteString
bs = case Proxy ML_KEM_512 -> ByteString -> Maybe (Ciphertext ML_KEM_512)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (Ciphertext a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_512
mlkem512 ByteString
bs of
Maybe (Ciphertext ML_KEM_512)
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Ciphertext ML_KEM_512
p -> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ Ciphertext ML_KEM_512 -> GroupPublicB
GroupPubB_MLKEM512 Ciphertext ML_KEM_512
p
groupDecodePublicB Group
MLKEM768 ByteString
bs = case Proxy ML_KEM_768 -> ByteString -> Maybe (Ciphertext ML_KEM_768)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (Ciphertext a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_768
mlkem768 ByteString
bs of
Maybe (Ciphertext ML_KEM_768)
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Ciphertext ML_KEM_768
p -> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ Ciphertext ML_KEM_768 -> GroupPublicB
GroupPubB_MLKEM768 Ciphertext ML_KEM_768
p
groupDecodePublicB Group
MLKEM1024 ByteString
bs = case Proxy ML_KEM_1024 -> ByteString -> Maybe (Ciphertext ML_KEM_1024)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (Ciphertext a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_1024
mlkem1024 ByteString
bs of
Maybe (Ciphertext ML_KEM_1024)
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Ciphertext ML_KEM_1024
p -> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ Ciphertext ML_KEM_1024 -> GroupPublicB
GroupPubB_MLKEM1024 Ciphertext ML_KEM_1024
p
groupDecodePublicB Group
X25519MLKEM768 ByteString
bs =
let (ByteString
bs1, ByteString
bs2) = Int -> ByteString -> (ByteString, ByteString)
forall bs. ByteArray bs => Int -> bs -> (bs, bs)
BA.splitAt Int
1088 ByteString
bs
in case Proxy ML_KEM_768 -> ByteString -> Maybe (Ciphertext ML_KEM_768)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (Ciphertext a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_768
mlkem768 ByteString
bs1 of
Maybe (Ciphertext ML_KEM_768)
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Ciphertext ML_KEM_768
p1 -> case CryptoFailable PublicKey -> Maybe PublicKey
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable PublicKey -> Maybe PublicKey)
-> CryptoFailable PublicKey -> Maybe PublicKey
forall a b. (a -> b) -> a -> b
$ Proxy Curve_X25519
-> ByteString -> CryptoFailable (Point Curve_X25519)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_X25519 -> bs -> CryptoFailable (Point Curve_X25519)
decodePoint Proxy Curve_X25519
x25519 ByteString
bs2 of
Maybe PublicKey
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just PublicKey
p2 -> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ (Point Curve_X25519, Ciphertext ML_KEM_768) -> GroupPublicB
GroupPubB_X25519MLKEM768 (Point Curve_X25519
PublicKey
p2, Ciphertext ML_KEM_768
p1)
groupDecodePublicB Group
P256MLKEM768 ByteString
bs =
let (ByteString
bs1, ByteString
bs2) = Int -> ByteString -> (ByteString, ByteString)
forall bs. ByteArray bs => Int -> bs -> (bs, bs)
BA.splitAt Int
65 ByteString
bs
in case Proxy ML_KEM_768 -> ByteString -> Maybe (Ciphertext ML_KEM_768)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (Ciphertext a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_768
mlkem768 ByteString
bs2 of
Maybe (Ciphertext ML_KEM_768)
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Ciphertext ML_KEM_768
p1 -> case CryptoFailable Point -> Maybe Point
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable Point -> Maybe Point)
-> CryptoFailable Point -> Maybe Point
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P256R1
-> ByteString -> CryptoFailable (Point Curve_P256R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P256R1 -> bs -> CryptoFailable (Point Curve_P256R1)
decodePoint Proxy Curve_P256R1
p256 ByteString
bs1 of
Maybe Point
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Point
p2 -> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ (Point Curve_P256R1, Ciphertext ML_KEM_768) -> GroupPublicB
GroupPubB_P256MLKEM768 (Point Curve_P256R1
Point
p2, Ciphertext ML_KEM_768
p1)
groupDecodePublicB Group
P384MLKEM1024 ByteString
bs =
let (ByteString
bs1, ByteString
bs2) = Int -> ByteString -> (ByteString, ByteString)
forall bs. ByteArray bs => Int -> bs -> (bs, bs)
BA.splitAt Int
97 ByteString
bs
in case Proxy ML_KEM_1024 -> ByteString -> Maybe (Ciphertext ML_KEM_1024)
forall a ba (proxy :: * -> *).
(ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (Ciphertext a)
forall (obj :: * -> *) a ba (proxy :: * -> *).
(Decode obj, ParamSet a, ByteArrayAccess ba) =>
proxy a -> ba -> Maybe (obj a)
ML.decode Proxy ML_KEM_1024
mlkem1024 ByteString
bs2 of
Maybe (Ciphertext ML_KEM_1024)
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Ciphertext ML_KEM_1024
p1 -> case CryptoFailable (Point SEC_p384r1) -> Maybe (Point SEC_p384r1)
forall a. CryptoFailable a -> Maybe a
maybeCryptoError (CryptoFailable (Point SEC_p384r1) -> Maybe (Point SEC_p384r1))
-> CryptoFailable (Point SEC_p384r1) -> Maybe (Point SEC_p384r1)
forall a b. (a -> b) -> a -> b
$ Proxy Curve_P384R1
-> ByteString -> CryptoFailable (Point Curve_P384R1)
forall curve bs (proxy :: * -> *).
(EllipticCurve curve, ByteArray bs) =>
proxy curve -> bs -> CryptoFailable (Point curve)
forall bs (proxy :: * -> *).
ByteArray bs =>
proxy Curve_P384R1 -> bs -> CryptoFailable (Point Curve_P384R1)
decodePoint Proxy Curve_P384R1
p384 ByteString
bs1 of
Maybe (Point SEC_p384r1)
Nothing -> CryptoError -> Either CryptoError GroupPublicB
forall a b. a -> Either a b
Left CryptoError
CryptoError_PointFormatInvalid
Just Point SEC_p384r1
p2 -> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. b -> Either a b
Right (GroupPublicB -> Either CryptoError GroupPublicB)
-> GroupPublicB -> Either CryptoError GroupPublicB
forall a b. (a -> b) -> a -> b
$ (Point Curve_P384R1, Ciphertext ML_KEM_1024) -> GroupPublicB
GroupPubB_P384MLKEM1024 (Point Curve_P384R1
Point SEC_p384r1
p2, Ciphertext ML_KEM_1024
p1)
groupDecodePublicB Group
_ ByteString
_ = String -> Either CryptoError GroupPublicB
forall a. HasCallStack => String -> a
error String
"groupDecodePublicB"
valid :: DH.Params -> PublicNumber -> Bool
valid :: Params -> PublicNumber -> Bool
valid (DH.Params Integer
p Integer
_ Int
_) (PublicNumber Integer
y) = Integer
1 Integer -> Integer -> Bool
forall a. Ord a => a -> a -> Bool
< Integer
y Bool -> Bool -> Bool
&& Integer
y Integer -> Integer -> Bool
forall a. Ord a => a -> a -> Bool
< Integer
p Integer -> Integer -> Integer
forall a. Num a => a -> a -> a
- Integer
1
stripLeadingZeros :: DH.SharedKey -> ScrubbedBytes
stripLeadingZeros :: SharedKey -> ScrubbedBytes
stripLeadingZeros (DH.SharedKey ScrubbedBytes
sb) = (ScrubbedBytes, ScrubbedBytes) -> ScrubbedBytes
forall a b. (a, b) -> b
snd ((ScrubbedBytes, ScrubbedBytes) -> ScrubbedBytes)
-> (ScrubbedBytes, ScrubbedBytes) -> ScrubbedBytes
forall a b. (a -> b) -> a -> b
$ (Word8 -> Bool) -> ScrubbedBytes -> (ScrubbedBytes, ScrubbedBytes)
forall bs. ByteArray bs => (Word8 -> Bool) -> bs -> (bs, bs)
BA.span (Word8 -> Word8 -> Bool
forall a. Eq a => a -> a -> Bool
== Word8
0) ScrubbedBytes
sb
generatePriv :: MonadRandom r => Int -> r PrivateNumber
generatePriv :: forall (r :: * -> *). MonadRandom r => Int -> r PrivateNumber
generatePriv Int
e = Integer -> PrivateNumber
PrivateNumber (Integer -> PrivateNumber) -> r Integer -> r PrivateNumber
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Int -> Maybe GenTopPolicy -> Bool -> r Integer
forall (m :: * -> *).
MonadRandom m =>
Int -> Maybe GenTopPolicy -> Bool -> m Integer
generateParams Int
e (GenTopPolicy -> Maybe GenTopPolicy
forall a. a -> Maybe a
Just GenTopPolicy
SetHighest) Bool
False
exp2048 :: Int
exp3072 :: Int
exp4096 :: Int
exp6144 :: Int
exp8192 :: Int
exp2048 :: Int
exp2048 = Int
240
exp3072 :: Int
exp3072 = Int
288
exp4096 :: Int
exp4096 = Int
336
exp6144 :: Int
exp6144 = Int
384
exp8192 :: Int
exp8192 = Int
416