-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | A library implementing the Noise protocol.
--   
--   This library implements the <a>Noise</a> protocol.
@package cacophony
@version 0.10.1


module Crypto.Noise.Cipher

-- | Typeclass for ciphers.
class Cipher c where {
    
    -- | Represents encrypted data containing an authentication tag.
    data family Ciphertext c :: *;
    
    -- | Represents a symmetric key.
    data family SymmetricKey c :: *;
    
    -- | Represents a nonce.
    data family Nonce c :: *;
}

-- | Returns the name of the cipher. This is used when generating the
--   handshake name.
cipherName :: Cipher c => proxy c -> ScrubbedBytes

-- | Encrypts data.
cipherEncrypt :: Cipher c => SymmetricKey c -> Nonce c -> AssocData -> Plaintext -> Ciphertext c

-- | Decrypts data, returning <tt>Nothing</tt> on error (such as when the
--   auth tag is invalid).
cipherDecrypt :: Cipher c => SymmetricKey c -> Nonce c -> AssocData -> Ciphertext c -> Maybe Plaintext

-- | Returns a new 32-byte cipher key as a pseudorandom function of
--   <tt>k</tt>. Defaults to:
--   
--   <pre>
--   cipherEncrypt k maxNonce "" zeros
--   </pre>
--   
--   where <tt>maxNonce = 2^64 - 1</tt> and <tt>zeros</tt> is a sequence of
--   32 bytes filed with zeros.
cipherRekey :: Cipher c => SymmetricKey c -> SymmetricKey c

-- | Returns a Nonce set to zero.
cipherZeroNonce :: Cipher c => Nonce c

-- | Returns the largest possible Nonce (<tt>2 ^ 64 - 1</tt>).
cipherMaxNonce :: Cipher c => Nonce c

-- | Increments a nonce.
cipherIncNonce :: Cipher c => Nonce c -> Nonce c

-- | Tests if two Nonces are equal.
cipherNonceEq :: Cipher c => Nonce c -> Nonce c -> Bool

-- | Compares the value of two Nonces.
cipherNonceCmp :: Cipher c => Nonce c -> Nonce c -> Ordering

-- | Imports a symmetric key. If the input is greater than 32 bytes, it is
--   truncated.
cipherBytesToSym :: Cipher c => ScrubbedBytes -> SymmetricKey c

-- | Exports a symmetric key. Use with care.
cipherSymToBytes :: Cipher c => SymmetricKey c -> ScrubbedBytes

-- | Exports a Ciphertext. The authentication tag follows the actual
--   ciphertext.
cipherTextToBytes :: Cipher c => Ciphertext c -> ScrubbedBytes

-- | Imports a Ciphertext.
cipherBytesToText :: Cipher c => ScrubbedBytes -> Ciphertext c

-- | Represents the associated data for AEAD.
type AssocData = ScrubbedBytes

-- | Represents plaintext data that can be encrypted.
type Plaintext = ScrubbedBytes
instance Crypto.Noise.Cipher.Cipher c => GHC.Classes.Eq (Crypto.Noise.Cipher.Nonce c)
instance Crypto.Noise.Cipher.Cipher c => GHC.Classes.Ord (Crypto.Noise.Cipher.Nonce c)
instance GHC.Show.Show (Crypto.Noise.Cipher.SymmetricKey a)
instance GHC.Show.Show (Crypto.Noise.Cipher.Nonce a)


module Crypto.Noise.Cipher.AESGCM

-- | Represents the AES256 cipher with GCM for AEAD.
data AESGCM
instance Crypto.Noise.Cipher.Cipher Crypto.Noise.Cipher.AESGCM.AESGCM


module Crypto.Noise.Cipher.ChaChaPoly1305

-- | Represents the ChaCha cipher with Poly1305 for AEAD.
data ChaChaPoly1305
instance Crypto.Noise.Cipher.Cipher Crypto.Noise.Cipher.ChaChaPoly1305.ChaChaPoly1305


module Crypto.Noise.DH

-- | Typeclass for Diffie-Hellman key agreement.
class DH d where {
    
    -- | Represents a public key.
    data family PublicKey d :: *;
    
    -- | Represents a secret key.
    data family SecretKey d :: *;
}

-- | Returns the name of the DH scheme. This is used when generating the
--   handshake name.
dhName :: DH d => proxy d -> ScrubbedBytes

-- | Returns the length of public keys for this DH scheme in bytes.
dhLength :: DH d => proxy d -> Int

-- | Generates a <a>KeyPair</a>.
dhGenKey :: DH d => IO (KeyPair d)

-- | Performs DH.
dhPerform :: DH d => SecretKey d -> PublicKey d -> ScrubbedBytes

-- | Exports a <a>PublicKey</a>.
dhPubToBytes :: DH d => PublicKey d -> ScrubbedBytes

-- | Imports a <a>PublicKey</a>.
dhBytesToPub :: DH d => ScrubbedBytes -> Maybe (PublicKey d)

-- | Exports a <a>SecretKey</a>.
dhSecToBytes :: DH d => SecretKey d -> ScrubbedBytes

-- | Imports a <a>SecretKey</a>.
dhBytesToPair :: DH d => ScrubbedBytes -> Maybe (KeyPair d)

-- | Tests <a>PublicKey</a>s for equality.
dhPubEq :: DH d => PublicKey d -> PublicKey d -> Bool

-- | Represents a private/public key pair for a given <a>DH</a>.
type KeyPair d = (SecretKey d, PublicKey d)
instance Crypto.Noise.DH.DH d => GHC.Classes.Eq (Crypto.Noise.DH.PublicKey d)


module Crypto.Noise.DH.Curve25519

-- | Represents curve25519.
data Curve25519
instance Crypto.Noise.DH.DH Crypto.Noise.DH.Curve25519.Curve25519


module Crypto.Noise.DH.Curve448

-- | Represents curve448.
data Curve448
instance Crypto.Noise.DH.DH Crypto.Noise.DH.Curve448.Curve448


module Crypto.Noise.Exception

-- | Represents the type of key that may be associated with an exception.
data ExceptionKeyType
LocalEphemeral :: ExceptionKeyType
LocalStatic :: ExceptionKeyType
RemoteEphemeral :: ExceptionKeyType
RemoteStatic :: ExceptionKeyType

-- | Represents the various exceptions which can be thrown.
--   
--   <ul>
--   <li><a>StaticKeyOverwrite</a> occurs when a static key is transmitted
--   by the remote party, but a remote static key has already been set in
--   <tt>HandshakeOpts</tt>.</li>
--   <li><a>InvalidKey</a> occurs when a key transmitted by the remote
--   party is successfully decrypted but otherwise invalid.</li>
--   <li><a>KeyMissing</a> occurs when a required key has not been provided
--   to <tt>HandshakeOpts</tt>. The keys which are required depend on the
--   handshake pattern chosen.</li>
--   <li><a>InvalidPattern</a> occurs when a handshake pattern uses an
--   improper token. This can occur if a user-defined
--   <tt>HandshakePattern</tt> uses any token other than <tt>e</tt> or
--   <tt>s</tt> in a pre-message pattern.</li>
--   <li><a>DecryptionError</a> occurs when any data fails to decrypt for
--   any reason. This usually occurs if the authentication tag is
--   invalid.</li>
--   <li><a>MessageLimitReached</a> occurs if the user attempts to send or
--   receive more than <tt>2^64 - 1</tt> messages. This is needed because
--   nonces are 8-bytes (64 bits), and doing so would cause catastrophic
--   key re-use.</li>
--   </ul>
data NoiseException
StaticKeyOverwrite :: NoiseException
InvalidKey :: ExceptionKeyType -> NoiseException
KeyMissing :: ExceptionKeyType -> NoiseException
InvalidPattern :: NoiseException
DecryptionError :: NoiseException
MessageLimitReached :: NoiseException
instance GHC.Show.Show Crypto.Noise.Exception.NoiseException
instance GHC.Show.Show Crypto.Noise.Exception.ExceptionKeyType
instance GHC.Exception.Type.Exception Crypto.Noise.Exception.NoiseException


module Crypto.Noise.Hash

-- | Typeclass for hashes.
class Hash h where {
    
    -- | Represents a chaining key used as part of HKDF.
    data family ChainingKey h :: *;
    
    -- | Represents a hash digest.
    data family Digest h :: *;
}

-- | Returns the name of the hash. This is used when generating the
--   handshake name.
hashName :: Hash h => proxy h -> ScrubbedBytes

-- | Returns the length of the hash output in bytes.
hashLength :: Hash h => proxy h -> Int

-- | Hashes data.
hash :: Hash h => ScrubbedBytes -> Digest h

-- | Performs HKDF.
hashHKDF :: Hash h => ChainingKey h -> ScrubbedBytes -> Word8 -> [ScrubbedBytes]

-- | Converts a series of bytes to a chaining key.
hashBytesToCK :: Hash h => ScrubbedBytes -> ChainingKey h

-- | Converts a chaining key to a series of bytes.
hashCKToBytes :: Hash h => ChainingKey h -> ScrubbedBytes

-- | Converts a hash digest to a series of bytes.
hashToBytes :: Hash h => Digest h -> ScrubbedBytes


module Crypto.Noise.Hash.BLAKE2b

-- | Represents the BLAKE2b hash.
data BLAKE2b
instance Crypto.Noise.Hash.Hash Crypto.Noise.Hash.BLAKE2b.BLAKE2b


module Crypto.Noise.Hash.BLAKE2s

-- | Represents the BLAKE2s hash.
data BLAKE2s
instance Crypto.Noise.Hash.Hash Crypto.Noise.Hash.BLAKE2s.BLAKE2s


module Crypto.Noise.Hash.SHA256

-- | Represents the SHA256 hash.
data SHA256
instance Crypto.Noise.Hash.Hash Crypto.Noise.Hash.SHA256.SHA256


module Crypto.Noise.Hash.SHA512

-- | Represents the SHA512 hash.
data SHA512
instance Crypto.Noise.Hash.Hash Crypto.Noise.Hash.SHA512.SHA512


module Crypto.Noise.Internal.CipherState
data CipherState c
CipherState :: Maybe (SymmetricKey c) -> Nonce c -> CipherState c
[_csk] :: CipherState c -> Maybe (SymmetricKey c)
[_csn] :: CipherState c -> Nonce c
csn :: forall c_aqbN. Lens' (CipherState c_aqbN) (Nonce c_aqbN)
csk :: forall c_aqbN. Lens' (CipherState c_aqbN) (Maybe (SymmetricKey c_aqbN))

-- | Creates a new CipherState with an optional symmetric key and a zero
--   nonce.
cipherState :: Cipher c => Maybe (SymmetricKey c) -> CipherState c

-- | Encrypts the provided plaintext and increments the nonce. If this
--   CipherState does not have a key associated with it, the plaintext will
--   be returned.
encryptWithAd :: (MonadThrow m, Cipher c) => AssocData -> Plaintext -> CipherState c -> m (Ciphertext c, CipherState c)

-- | Decrypts the provided ciphertext and increments the nonce. If this
--   CipherState does not have a key associated with it, the ciphertext
--   will be returned. If the CipherState does have a key and decryption
--   fails, a <tt>DecryptionError</tt> will be returned.
decryptWithAd :: (MonadThrow m, Cipher c) => AssocData -> Ciphertext c -> CipherState c -> m (Plaintext, CipherState c)

-- | Rekeys the CipherState. If a key has not been established yet, the
--   CipherState is returned unmodified.
rekey :: Cipher c => CipherState c -> CipherState c

-- | Tests whether the Nonce contained within a CipherState is valid (less
--   than the maximum allowed).
validNonce :: Cipher c => CipherState c -> Bool
instance GHC.Show.Show (Crypto.Noise.Internal.CipherState.CipherState c)


module Crypto.Noise.Internal.Handshake.Pattern
data Token next
E :: next -> Token next
S :: next -> Token next
Ee :: next -> Token next
Es :: next -> Token next
Se :: next -> Token next
Ss :: next -> Token next
Psk :: next -> Token next
type MessagePattern = Ap Token
e :: MessagePattern ()
s :: MessagePattern ()
ee :: MessagePattern ()
es :: MessagePattern ()
se :: MessagePattern ()
ss :: MessagePattern ()
psk :: MessagePattern ()
data Message next
PreInitiator :: MessagePattern () -> next -> Message next
PreResponder :: MessagePattern () -> next -> Message next
Initiator :: MessagePattern () -> next -> Message next
Responder :: MessagePattern () -> next -> Message next
type MessageSequence = Ap Message
preInitiator :: MessagePattern () -> MessageSequence ()
preResponder :: MessagePattern () -> MessageSequence ()
initiator :: MessagePattern () -> MessageSequence ()
responder :: MessagePattern () -> MessageSequence ()

-- | This type represents a handshake pattern such as <tt>Noise_IK</tt>. A
--   large set of pre-defined patterns can be found in
--   <a>Crypto.Noise.HandshakePatterns</a>. Expert users are encouraged to
--   define their own custom patterns with care.
data HandshakePattern
HandshakePattern :: ByteString -> Bool -> MessageSequence () -> HandshakePattern
[_hpName] :: HandshakePattern -> ByteString
[_hpPSKMode] :: HandshakePattern -> Bool
[_hpMsgSeq] :: HandshakePattern -> MessageSequence ()
hpPSKMode :: Lens' HandshakePattern Bool
hpName :: Lens' HandshakePattern ByteString
hpMsgSeq :: Lens' HandshakePattern (MessageSequence ())
newtype HasPSK
HasPSK :: Bool -> HasPSK
[unPSK] :: HasPSK -> Bool

-- | Constructs a <a>HandshakePattern</a> given a protocol name (such as
--   <tt>XXpsk3</tt>) and raw pattern. Please see the README for
--   information about creating your own custom patterns.
handshakePattern :: ByteString -> MessageSequence () -> HandshakePattern
instance GHC.Base.Semigroup Crypto.Noise.Internal.Handshake.Pattern.HasPSK
instance GHC.Base.Monoid Crypto.Noise.Internal.Handshake.Pattern.HasPSK


-- | This module contains all of the handshake patterns specified in
--   sections 7.2, 7.3, and 9.4.
module Crypto.Noise.HandshakePatterns

-- | <pre>
--   Noise_NN():
--     -&gt; e
--     &lt;- e, ee
--   </pre>
noiseNN :: HandshakePattern

-- | <pre>
--   Noise_KN(s):
--     -&gt; s
--     ...
--     -&gt; e
--     &lt;- e, ee, se
--   </pre>
noiseKN :: HandshakePattern

-- | <pre>
--   Noise_NK(rs):
--     &lt;- s
--     ...
--     -&gt; e, es
--     &lt;- e, ee
--   </pre>
noiseNK :: HandshakePattern

-- | <pre>
--   Noise_KK(s, rs):
--     -&gt; s
--     &lt;- s
--     ...
--     -&gt; e, es, ss
--     &lt;- e, ee, se
--   </pre>
noiseKK :: HandshakePattern

-- | <pre>
--   Noise_NX(rs):
--     -&gt; e
--     &lt;- e, ee, s, es
--   </pre>
noiseNX :: HandshakePattern

-- | <pre>
--   Noise_KX(s, rs):
--     -&gt; s
--     ...
--     -&gt; e
--     &lt;- e, ee, se, s, es
--   </pre>
noiseKX :: HandshakePattern

-- | <pre>
--   Noise_XN(s):
--     -&gt; e
--     &lt;- e, ee
--     -&gt; s, se
--   </pre>
noiseXN :: HandshakePattern

-- | <pre>
--   Noise_IN(s):
--     -&gt; e, s
--     &lt;- e, ee, se
--   </pre>
noiseIN :: HandshakePattern

-- | <pre>
--   Noise_XK(s, rs):
--     &lt;- s
--     ...
--     -&gt; e, es
--     &lt;- e, ee
--     -&gt; s, se
--   </pre>
noiseXK :: HandshakePattern

-- | <pre>
--   Noise_IK(s, rs):
--     &lt;- s
--     ...
--     -&gt; e, es, s, ss
--     &lt;- e, ee, se
--   </pre>
noiseIK :: HandshakePattern

-- | <pre>
--   Noise_XX(s, rs):
--     -&gt; e
--     &lt;- e, ee, s, es
--     -&gt; s, se
--   </pre>
noiseXX :: HandshakePattern

-- | <pre>
--   Noise_IX(s, rs):
--     -&gt; e, s
--     &lt;- e, ee, se, s, es
--   </pre>
noiseIX :: HandshakePattern

-- | <pre>
--   Noise_N(rs):
--     &lt;- s
--     ...
--     -&gt; e, es
--   </pre>
noiseN :: HandshakePattern

-- | <pre>
--   Noise_K(s, rs):
--     -&gt; s
--     &lt;- s
--     ...
--     -&gt; e, es, ss
--   </pre>
noiseK :: HandshakePattern

-- | <pre>
--   Noise_X(s, rs):
--     &lt;- s
--     ...
--     -&gt; e, es, s, ss
--   </pre>
noiseX :: HandshakePattern

-- | <pre>
--   Noise_NNpsk0():
--     -&gt; psk, e
--     &lt;- e, ee
--   </pre>
noiseNNpsk0 :: HandshakePattern

-- | <pre>
--   Noise_NNpsk2():
--     -&gt; e
--     &lt;- e, ee, psk
--   </pre>
noiseNNpsk2 :: HandshakePattern

-- | <pre>
--   Noise_NKpsk0(rs):
--     &lt;- s
--     ...
--     -&gt; psk, e, es
--     &lt;- e, ee
--   </pre>
noiseNKpsk0 :: HandshakePattern

-- | <pre>
--   Noise_NKpsk2(rs):
--     &lt;- s
--     ...
--     -&gt; e, es
--     &lt;- e, ee, psk
--   </pre>
noiseNKpsk2 :: HandshakePattern

-- | <pre>
--   Noise_NXpsk2(rs):
--     -&gt; e
--     &lt;- e, ee, s, es, psk
--   </pre>
noiseNXpsk2 :: HandshakePattern

-- | <pre>
--   Noise_XNpsk3(s):
--     -&gt; e
--     &lt;- e, ee
--     -&gt; s, se, psk
--   </pre>
noiseXNpsk3 :: HandshakePattern

-- | <pre>
--   Noise_XKpsk3(s, rs):
--     &lt;- s
--     ...
--     -&gt; e, es
--     &lt;- e, ee
--     -&gt; s, se, psk
--   </pre>
noiseXKpsk3 :: HandshakePattern

-- | <pre>
--   Noise_XXpsk3(s, rs):
--     -&gt; e
--     &lt;- e, ee, s, es
--     -&gt; s, se, psk
--   </pre>
noiseXXpsk3 :: HandshakePattern

-- | <pre>
--   Noise_KNpsk0(s):
--     -&gt; s
--     ...
--     -&gt; psk, e
--     &lt;- e, ee, se
--   </pre>
noiseKNpsk0 :: HandshakePattern

-- | <pre>
--   Noise_KNpsk2(s):
--     -&gt; s
--     ...
--     -&gt; e
--     &lt;- e, ee, se, psk
--   </pre>
noiseKNpsk2 :: HandshakePattern

-- | <pre>
--   Noise_KKpsk0(s, rs):
--     -&gt; s
--     &lt;- s
--     ...
--     -&gt; psk, e, es, ss
--     &lt;- e, ee, se
--   </pre>
noiseKKpsk0 :: HandshakePattern

-- | <pre>
--   Noise_KKpsk2(s, rs):
--     -&gt; s
--     &lt;- s
--     ...
--     -&gt; e, es, ss
--     &lt;- e, ee, se, psk
--   </pre>
noiseKKpsk2 :: HandshakePattern

-- | <pre>
--   Noise_KXpsk2(s, rs):
--     -&gt; s
--     ...
--     -&gt; e
--     &lt;- e, ee, se, s, es, psk
--   </pre>
noiseKXpsk2 :: HandshakePattern

-- | <pre>
--   Noise_INpsk1(s):
--     -&gt; e, s, psk
--     &lt;- e, ee, se
--   </pre>
noiseINpsk1 :: HandshakePattern

-- | <pre>
--   Noise_INpsk2(s):
--     -&gt; e, s
--     &lt;- e, ee, se, psk
--   </pre>
noiseINpsk2 :: HandshakePattern

-- | <pre>
--   Noise_IKpsk1(s, rs):
--     &lt;- s
--     ...
--     -&gt; e, es, s, ss, psk
--     &lt;- e, ee, se
--   </pre>
noiseIKpsk1 :: HandshakePattern

-- | <pre>
--   Noise_IKpsk2(s, rs):
--     &lt;- s
--     ...
--     -&gt; e, es, s, ss
--     &lt;- e, ee, se, psk
--   </pre>
noiseIKpsk2 :: HandshakePattern

-- | <pre>
--   Noise_IXpsk2(s, rs):
--     -&gt; e, s
--     &lt;- e, ee, se, s, es, psk
--   </pre>
noiseIXpsk2 :: HandshakePattern

-- | <pre>
--   Noise_Npsk0(rs):
--     &lt;- s
--     ...
--     -&gt; psk, e, es
--   </pre>
noiseNpsk0 :: HandshakePattern

-- | <pre>
--   Noise_Kpsk0(s, rs):
--     &lt;- s
--     ...
--     -&gt; psk, e, es, ss
--   </pre>
noiseKpsk0 :: HandshakePattern

-- | <pre>
--   Noise_Xpsk1(s, rs):
--     &lt;- s
--     ...
--     -&gt; e, es, s, ss, psk
--   </pre>
noiseXpsk1 :: HandshakePattern


module Crypto.Noise.Internal.Handshake.Validation

-- | <pre>
--   (message number, token number)
--   </pre>
--   
--   Represents the location within the pattern at which an error resides,
--   starting with zero.
type ErrorPosition = (Int, Int)

-- | Represents a single error associated with a pattern.
--   
--   <ul>
--   <li><a>InitMultipleETokens</a>, <a>InitMultipleSTokens</a>,
--   <a>RespMultipleETokens</a>, <a>RespMultipleSTokens</a> -- multiple
--   <tt>e</tt>/<tt>s</tt> tokens were encountered for a message
--   originating with the initiator/responder.</li>
--   <li><a>InitSecretNotRandom</a>, <a>RespSecretNotRandom</a> -- From the
--   protocol:</li>
--   </ul>
--   
--   <pre>
--   After performing a DH between a remote public key and any local private
--   key that is not an ephemeral private key, the local party must not send
--   any encrypted data (i.e. must not call ENCRYPT()) unless it has also
--   performed a DH between an ephemeral private key and the remote public
--   key.
--   </pre>
--   
--   <ul>
--   <li><a>DHInPreMsg</a> -- A DH token (such as <tt>ee</tt> or
--   <tt>es</tt>) was found in the pre-message portion of the
--   handshake.</li>
--   <li><a>PSKInPreMsg</a> -- A <tt>psk</tt> token was found in the
--   pre-message portion of the handshake.</li>
--   <li><a>PSKWithoutEToken</a> -- A <tt>psk</tt> token was used before an
--   <tt>e</tt> token was encountered.</li>
--   </ul>
data InspectionError
InitMultipleETokens :: ErrorPosition -> InspectionError
InitMultipleSTokens :: ErrorPosition -> InspectionError
RespMultipleETokens :: ErrorPosition -> InspectionError
RespMultipleSTokens :: ErrorPosition -> InspectionError
InitSecretNotRandom :: ErrorPosition -> InspectionError
RespSecretNotRandom :: ErrorPosition -> InspectionError
DHInPreMsg :: ErrorPosition -> InspectionError
PSKInPreMsg :: ErrorPosition -> InspectionError
PSKWithoutEToken :: ErrorPosition -> InspectionError
data Inspection
Inspection :: Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Int -> Int -> [InspectionError] -> Inspection
[_iInitESent] :: Inspection -> Bool
[_iInitSSent] :: Inspection -> Bool
[_iInitPSKSent] :: Inspection -> Bool
[_iRespESent] :: Inspection -> Bool
[_iRespSSent] :: Inspection -> Bool
[_iRespPSKSent] :: Inspection -> Bool
[_iInitRandReq] :: Inspection -> Bool
[_iInitRandDone] :: Inspection -> Bool
[_iRespRandReq] :: Inspection -> Bool
[_iRespRandDone] :: Inspection -> Bool
[_iCurTokenPos] :: Inspection -> Int
[_iCurMsgPos] :: Inspection -> Int
[_iErrors] :: Inspection -> [InspectionError]
iRespSSent :: Lens' Inspection Bool
iRespRandReq :: Lens' Inspection Bool
iRespRandDone :: Lens' Inspection Bool
iRespPSKSent :: Lens' Inspection Bool
iRespESent :: Lens' Inspection Bool
iInitSSent :: Lens' Inspection Bool
iInitRandReq :: Lens' Inspection Bool
iInitRandDone :: Lens' Inspection Bool
iInitPSKSent :: Lens' Inspection Bool
iInitESent :: Lens' Inspection Bool
iErrors :: Lens' Inspection [InspectionError]
iCurTokenPos :: Lens' Inspection Int
iCurMsgPos :: Lens' Inspection Int
inspection :: Inspection
verifyNotInPreMsg :: Message a -> State Inspection ()
verifyRandDoneIfReq :: Message a -> State Inspection ()
verifyESentIfPSK :: Message a -> State Inspection ()
continueToken :: a -> State Inspection a
continueMsg :: a -> State Inspection a
addError :: (ErrorPosition -> InspectionError) -> State Inspection ()
inspectToken :: Message m -> Token a -> State Inspection a
inspectMessage :: Message a -> State Inspection a

-- | Validates a <a>HandshakePattern</a> according to the rules defined in
--   section 7.1 and 9.3 of the protocol. If no violations are found, the
--   result will be an empty list.
validateHandshakePattern :: HandshakePattern -> [InspectionError]
instance GHC.Show.Show Crypto.Noise.Internal.Handshake.Validation.Inspection
instance GHC.Show.Show Crypto.Noise.Internal.Handshake.Validation.InspectionError


module Crypto.Noise.Internal.SymmetricState
data SymmetricState c h
SymmetricState :: CipherState c -> ChainingKey h -> Either ScrubbedBytes (Digest h) -> SymmetricState c h
[_ssCipher] :: SymmetricState c h -> CipherState c
[_ssck] :: SymmetricState c h -> ChainingKey h
[_ssh] :: SymmetricState c h -> Either ScrubbedBytes (Digest h)
ssh :: forall c_ayLl h_ayLm. Lens' (SymmetricState c_ayLl h_ayLm) (Either ScrubbedBytes (Digest h_ayLm))
ssck :: forall c_ayLl h_ayLm. Lens' (SymmetricState c_ayLl h_ayLm) (ChainingKey h_ayLm)
ssCipher :: forall c_ayLl h_ayLm c_ayM6. Lens (SymmetricState c_ayLl h_ayLm) (SymmetricState c_ayM6 h_ayLm) (CipherState c_ayLl) (CipherState c_ayM6)

-- | Creates a new SymmetricState from the given protocol name.
symmetricState :: forall c h. (Cipher c, Hash h) => ScrubbedBytes -> SymmetricState c h

-- | Mixes keying material in to the SymmetricState.
mixKey :: (Cipher c, Hash h) => ScrubbedBytes -> SymmetricState c h -> SymmetricState c h

-- | Mixes arbitrary data in to the SymmetricState.
mixHash :: Hash h => ScrubbedBytes -> SymmetricState c h -> SymmetricState c h

-- | Mixes key material and arbitrary data in to the SymmetricState. Note
--   that this is not isomorphic to <tt>mixHash . mixKey</tt>.
mixKeyAndHash :: (Cipher c, Hash h) => ScrubbedBytes -> SymmetricState c h -> SymmetricState c h

-- | Encrypts the given Plaintext. Note that this may not actually perform
--   encryption if a key has not been established yet, in which case the
--   original plaintext is returned.
encryptAndHash :: (MonadThrow m, Cipher c, Hash h) => Plaintext -> SymmetricState c h -> m (Ciphertext c, SymmetricState c h)

-- | Decrypts the given Ciphertext. Note that this may not actually perform
--   decryption if a key as not been established yet, in which case the
--   original ciphertext is returned.
decryptAndHash :: (MonadThrow m, Cipher c, Hash h) => Ciphertext c -> SymmetricState c h -> m (Plaintext, SymmetricState c h)

-- | Returns a pair of CipherStates for encrypting transport messages. The
--   first CipherState is for encrypting messages from the Initiator to the
--   Responder, and the second is for encrypting messages from the
--   Responder to the Initiator.
split :: (Cipher c, Hash h) => SymmetricState c h -> (CipherState c, CipherState c)

-- | Utility function to convert the hash state to ScrubbedBytes.
sshBytes :: Hash h => Either ScrubbedBytes (Digest h) -> ScrubbedBytes


module Crypto.Noise.Internal.Handshake.State

-- | Represents the side of the conversation upon which a party resides.
data HandshakeRole
InitiatorRole :: HandshakeRole
ResponderRole :: HandshakeRole

-- | Represents the various options and keys for a handshake parameterized
--   by the <a>DH</a> method.
data HandshakeOpts d
HandshakeOpts :: HandshakeRole -> Plaintext -> Maybe (KeyPair d) -> Maybe (KeyPair d) -> Maybe (PublicKey d) -> Maybe (PublicKey d) -> HandshakeOpts d
[_hoRole] :: HandshakeOpts d -> HandshakeRole
[_hoPrologue] :: HandshakeOpts d -> Plaintext
[_hoLocalEphemeral] :: HandshakeOpts d -> Maybe (KeyPair d)
[_hoLocalStatic] :: HandshakeOpts d -> Maybe (KeyPair d)
[_hoRemoteEphemeral] :: HandshakeOpts d -> Maybe (PublicKey d)
[_hoRemoteStatic] :: HandshakeOpts d -> Maybe (PublicKey d)
hoRole :: forall d_aAFh. Lens' (HandshakeOpts d_aAFh) HandshakeRole
hoRemoteStatic :: forall d_aAFh. Lens' (HandshakeOpts d_aAFh) (Maybe (PublicKey d_aAFh))
hoRemoteEphemeral :: forall d_aAFh. Lens' (HandshakeOpts d_aAFh) (Maybe (PublicKey d_aAFh))
hoPrologue :: forall d_aAFh. Lens' (HandshakeOpts d_aAFh) Plaintext
hoLocalStatic :: forall d_aAFh. Lens' (HandshakeOpts d_aAFh) (Maybe (KeyPair d_aAFh))
hoLocalEphemeral :: forall d_aAFh. Lens' (HandshakeOpts d_aAFh) (Maybe (KeyPair d_aAFh))

-- | Holds all state associated with the interpreter.
data HandshakeState c d h
HandshakeState :: SymmetricState c h -> HandshakeOpts d -> Bool -> ScrubbedBytes -> HandshakeState c d h
[_hsSymmetricState] :: HandshakeState c d h -> SymmetricState c h
[_hsOpts] :: HandshakeState c d h -> HandshakeOpts d
[_hsPSKMode] :: HandshakeState c d h -> Bool
[_hsMsgBuffer] :: HandshakeState c d h -> ScrubbedBytes
hsSymmetricState :: forall c_aAId d_aAIe h_aAIf c_aAMV h_aAMW. Lens (HandshakeState c_aAId d_aAIe h_aAIf) (HandshakeState c_aAMV d_aAIe h_aAMW) (SymmetricState c_aAId h_aAIf) (SymmetricState c_aAMV h_aAMW)
hsPSKMode :: forall c_aAId d_aAIe h_aAIf. Lens' (HandshakeState c_aAId d_aAIe h_aAIf) Bool
hsOpts :: forall c_aAId d_aAIe h_aAIf d_aAMU. Lens (HandshakeState c_aAId d_aAIe h_aAIf) (HandshakeState c_aAId d_aAMU h_aAIf) (HandshakeOpts d_aAIe) (HandshakeOpts d_aAMU)
hsMsgBuffer :: forall c_aAId d_aAIe h_aAIf. Lens' (HandshakeState c_aAId d_aAIe h_aAIf) ScrubbedBytes

-- | This data structure is yielded by the coroutine when more data is
--   needed.
data HandshakeResult
HandshakeResultMessage :: ScrubbedBytes -> HandshakeResult
HandshakeResultNeedPSK :: HandshakeResult

-- | All HandshakePattern interpreters run within this Monad.
newtype Handshake c d h r
Handshake :: Coroutine (Request HandshakeResult ScrubbedBytes) (StateT (HandshakeState c d h) Catch) r -> Handshake c d h r
[runHandshake] :: Handshake c d h r -> Coroutine (Request HandshakeResult ScrubbedBytes) (StateT (HandshakeState c d h) Catch) r

-- | <tt>defaultHandshakeOpts role prologue</tt> returns a default set of
--   handshake options. All keys are set to <a>Nothing</a>.
defaultHandshakeOpts :: HandshakeRole -> Plaintext -> HandshakeOpts d

-- | Sets the local ephemeral key.
setLocalEphemeral :: Maybe (KeyPair d) -> HandshakeOpts d -> HandshakeOpts d

-- | Sets the local static key.
setLocalStatic :: Maybe (KeyPair d) -> HandshakeOpts d -> HandshakeOpts d

-- | Sets the remote ephemeral key (rarely needed).
setRemoteEphemeral :: Maybe (PublicKey d) -> HandshakeOpts d -> HandshakeOpts d

-- | Sets the remote static key.
setRemoteStatic :: Maybe (PublicKey d) -> HandshakeOpts d -> HandshakeOpts d

-- | Given a protocol name, returns the full handshake name according to
--   the rules in section 8.
mkHandshakeName :: forall c d h proxy. (Cipher c, DH d, Hash h) => ByteString -> proxy (c, d, h) -> ScrubbedBytes

-- | Constructs a HandshakeState from a given set of options and a protocol
--   name (such as <a>NN</a> or <a>IK</a>).
handshakeState :: forall c d h. (Cipher c, DH d, Hash h) => HandshakeOpts d -> HandshakePattern -> HandshakeState c d h
instance Control.Monad.State.Class.MonadState (Crypto.Noise.Internal.Handshake.State.HandshakeState c d h) (Crypto.Noise.Internal.Handshake.State.Handshake c d h)
instance Control.Monad.Catch.MonadThrow (Crypto.Noise.Internal.Handshake.State.Handshake c d h)
instance GHC.Base.Monad (Crypto.Noise.Internal.Handshake.State.Handshake c d h)
instance GHC.Base.Applicative (Crypto.Noise.Internal.Handshake.State.Handshake c d h)
instance GHC.Base.Functor (Crypto.Noise.Internal.Handshake.State.Handshake c d h)
instance (GHC.Base.Functor f, Control.Monad.Catch.MonadThrow m) => Control.Monad.Catch.MonadThrow (Control.Monad.Coroutine.Coroutine f m)
instance (GHC.Base.Functor f, Control.Monad.State.Class.MonadState s m) => Control.Monad.State.Class.MonadState s (Control.Monad.Coroutine.Coroutine f m)
instance GHC.Classes.Eq Crypto.Noise.Internal.Handshake.State.HandshakeRole
instance GHC.Show.Show Crypto.Noise.Internal.Handshake.State.HandshakeRole


module Crypto.Noise.Internal.Handshake.Interpreter
interpretToken :: forall c d h r. (Cipher c, DH d, Hash h) => HandshakeRole -> Token r -> Handshake c d h r
processMsgPattern :: (Cipher c, DH d, Hash h) => HandshakeRole -> MessagePattern r -> Handshake c d h r
interpretPreToken :: (Cipher c, DH d, Hash h) => HandshakeRole -> Token r -> Handshake c d h r
interpretMessage :: (Cipher c, DH d, Hash h) => Message r -> Handshake c d h r
runHandshakePattern :: (Cipher c, DH d, Hash h) => HandshakePattern -> Handshake c d h ()
getPublicKey :: Lens' (HandshakeOpts d) (Maybe (PublicKey d)) -> ExceptionKeyType -> Handshake c d h (PublicKey d)
getKeyPair :: Lens' (HandshakeOpts d) (Maybe (KeyPair d)) -> ExceptionKeyType -> Handshake c d h (KeyPair d)


module Crypto.Noise.Internal.NoiseState

-- | This type represents the state of an entire Noise conversation, and it
--   is used both during the handshake and for every message read and
--   written thereafter (transport messages). It is parameterized by the
--   <a>Cipher</a>, <a>DH</a> method, and <a>Hash</a> to be used.
data NoiseState c d h
NoiseState :: HandshakeState c d h -> HandshakePattern -> Maybe (ScrubbedBytes -> Handshake c d h ()) -> Maybe (CipherState c) -> Maybe (CipherState c) -> NoiseState c d h
[_nsHandshakeState] :: NoiseState c d h -> HandshakeState c d h
[_nsHandshakePattern] :: NoiseState c d h -> HandshakePattern
[_nsHandshakeSuspension] :: NoiseState c d h -> Maybe (ScrubbedBytes -> Handshake c d h ())
[_nsSendingCipherState] :: NoiseState c d h -> Maybe (CipherState c)
[_nsReceivingCipherState] :: NoiseState c d h -> Maybe (CipherState c)
nsSendingCipherState :: forall c_aGwX d_aGwY h_aGwZ. Lens' (NoiseState c_aGwX d_aGwY h_aGwZ) (Maybe (CipherState c_aGwX))
nsReceivingCipherState :: forall c_aGwX d_aGwY h_aGwZ. Lens' (NoiseState c_aGwX d_aGwY h_aGwZ) (Maybe (CipherState c_aGwX))
nsHandshakeSuspension :: forall c_aGwX d_aGwY h_aGwZ. Lens' (NoiseState c_aGwX d_aGwY h_aGwZ) (Maybe (ScrubbedBytes -> Handshake c_aGwX d_aGwY h_aGwZ ()))
nsHandshakeState :: forall c_aGwX d_aGwY h_aGwZ. Lens' (NoiseState c_aGwX d_aGwY h_aGwZ) (HandshakeState c_aGwX d_aGwY h_aGwZ)
nsHandshakePattern :: forall c_aGwX d_aGwY h_aGwZ. Lens' (NoiseState c_aGwX d_aGwY h_aGwZ) HandshakePattern

-- | Creates a <a>NoiseState</a> from the given handshake options and
--   pattern.
noiseState :: (Cipher c, DH d, Hash h) => HandshakeOpts d -> HandshakePattern -> NoiseState c d h

-- | Resumes a handshake in progress using the given input data.
resumeHandshake :: (MonadThrow m, Cipher c, DH d, Hash h) => ScrubbedBytes -> NoiseState c d h -> m (HandshakeResult, NoiseState c d h)


-- | Please see the README for usage information.
module Crypto.Noise

-- | This type represents the state of an entire Noise conversation, and it
--   is used both during the handshake and for every message read and
--   written thereafter (transport messages). It is parameterized by the
--   <a>Cipher</a>, <a>DH</a> method, and <a>Hash</a> to be used.
data NoiseState c d h

-- | This type is used to indicate to the user the result of either writing
--   or reading a message. In the simplest case, when processing a
--   handshake or transport message, the (en|de)crypted message and mutated
--   state will be available in <a>NoiseResultMessage</a>.
--   
--   If during the course of the handshake a pre-shared key is needed, a
--   <a>NoiseResultNeedPSK</a> value will be returned along with the
--   mutated state. To continue, the user must re-issue the
--   <a>writeMessage</a> or <a>readMessage</a> call, passing in the PSK as
--   the payload. If no further PSKs are required, the result will be
--   <a>NoiseResultMessage</a>.
--   
--   If an exception is encountered at any point while processing a
--   handshake or transport message, <a>NoiseResultException</a> will be
--   returned.
data NoiseResult c d h
NoiseResultMessage :: ScrubbedBytes -> NoiseState c d h -> NoiseResult c d h
NoiseResultNeedPSK :: NoiseState c d h -> NoiseResult c d h
NoiseResultException :: SomeException -> NoiseResult c d h

-- | This type represents a handshake pattern such as <tt>Noise_IK</tt>. A
--   large set of pre-defined patterns can be found in
--   <a>Crypto.Noise.HandshakePatterns</a>. Expert users are encouraged to
--   define their own custom patterns with care.
data HandshakePattern

-- | Represents the side of the conversation upon which a party resides.
data HandshakeRole
InitiatorRole :: HandshakeRole
ResponderRole :: HandshakeRole

-- | Represents the various options and keys for a handshake parameterized
--   by the <a>DH</a> method.
data HandshakeOpts d

-- | <tt>defaultHandshakeOpts role prologue</tt> returns a default set of
--   handshake options. All keys are set to <a>Nothing</a>.
defaultHandshakeOpts :: HandshakeRole -> Plaintext -> HandshakeOpts d

-- | Creates a <a>NoiseState</a> from the given handshake options and
--   pattern.
noiseState :: (Cipher c, DH d, Hash h) => HandshakeOpts d -> HandshakePattern -> NoiseState c d h

-- | Creates a handshake or transport message with the provided payload.
--   Note that the payload may not be authenticated or encrypted at all
--   points during the handshake. Please see section 7.4 of the protocol
--   document for details.
--   
--   If a previous call to this function indicated that a pre-shared key is
--   needed, it shall be provided as the payload. See the documentation of
--   <a>NoiseResult</a> for details.
--   
--   To prevent catastrophic key re-use, this function may only be used to
--   secure 2^64 - 1 post-handshake messages.
writeMessage :: (Cipher c, DH d, Hash h) => ScrubbedBytes -> NoiseState c d h -> NoiseResult c d h

-- | Reads a handshake or transport message and returns the embedded
--   payload. If the handshake fails, a <tt>HandshakeError</tt> will be
--   returned. After the handshake is complete, if decryption fails a
--   <tt>DecryptionError</tt> is returned.
--   
--   If a previous call to this function indicated that a pre-shared key is
--   needed, it shall be provided as the payload. See the documentation of
--   <a>NoiseResult</a> for details.
--   
--   To prevent catastrophic key re-use, this function may only be used to
--   receive 2^64 - 1 post-handshake messages.
readMessage :: (Cipher c, DH d, Hash h) => ScrubbedBytes -> NoiseState c d h -> NoiseResult c d h

-- | Given an operation (<a>writeMessage</a> or <a>readMessage</a>), a list
--   of PSKs, and a <a>NoiseResult</a>, this function will repeatedly apply
--   PSKs to the NoiseState until no more are requested or the list of PSKs
--   becomes empty. This is useful for patterns which require two or more
--   PSKs, and you know exactly what they all should be ahead of time.
processPSKs :: (Cipher c, DH d, Hash h) => (ScrubbedBytes -> NoiseState c d h -> NoiseResult c d h) -> [ScrubbedBytes] -> NoiseResult c d h -> ([ScrubbedBytes], NoiseResult c d h)

-- | For handshake patterns where the remote party's static key is
--   transmitted, this function can be used to retrieve it. This allows for
--   the creation of public key-based access-control lists.
remoteStaticKey :: NoiseState c d h -> Maybe (PublicKey d)

-- | Returns <tt>True</tt> if the handshake is complete.
handshakeComplete :: NoiseState c d h -> Bool

-- | Retrieves the <tt>h</tt> value associated with the conversation's
--   <tt>SymmetricState</tt>. This value is intended to be used for channel
--   binding. For example, the initiator might cryptographically sign this
--   value as part of some higher-level authentication scheme.
--   
--   The value returned by this function is only meaningful after the
--   handshake is complete.
--   
--   See section 11.2 of the protocol for details.
handshakeHash :: Hash h => NoiseState c d h -> ScrubbedBytes

-- | Rekeys the sending <tt>CipherState</tt> according to section 11.3 of
--   the protocol.
rekeySending :: (Cipher c, DH d, Hash h) => NoiseState c d h -> NoiseState c d h

-- | Rekeys the receiving <tt>CipherState</tt> according to section 11.3 of
--   the protocol.
rekeyReceiving :: (Cipher c, DH d, Hash h) => NoiseState c d h -> NoiseState c d h

-- | Constructs a <a>HandshakePattern</a> given a protocol name (such as
--   <tt>XXpsk3</tt>) and raw pattern. Please see the README for
--   information about creating your own custom patterns.
handshakePattern :: ByteString -> MessageSequence () -> HandshakePattern

-- | Sets the local ephemeral key.
setLocalEphemeral :: Maybe (KeyPair d) -> HandshakeOpts d -> HandshakeOpts d

-- | Sets the local static key.
setLocalStatic :: Maybe (KeyPair d) -> HandshakeOpts d -> HandshakeOpts d

-- | Sets the remote ephemeral key (rarely needed).
setRemoteEphemeral :: Maybe (PublicKey d) -> HandshakeOpts d -> HandshakeOpts d

-- | Sets the remote static key.
setRemoteStatic :: Maybe (PublicKey d) -> HandshakeOpts d -> HandshakeOpts d

-- | Typeclass for ciphers.
class Cipher c

-- | Typeclass for Diffie-Hellman key agreement.
class DH d

-- | Typeclass for hashes.
class Hash h

-- | ScrubbedBytes is a memory chunk which have the properties of:
--   
--   <ul>
--   <li>Being scrubbed after its goes out of scope.</li>
--   <li>A Show instance that doesn't actually show any content</li>
--   <li>A Eq instance that is constant time</li>
--   </ul>
data ScrubbedBytes

-- | Convert a bytearray to another type of bytearray
convert :: (ByteArrayAccess bin, ByteArray bout) => bin -> bout


module Crypto.Noise.Validation

-- | Represents a single error associated with a pattern.
--   
--   <ul>
--   <li><a>InitMultipleETokens</a>, <a>InitMultipleSTokens</a>,
--   <a>RespMultipleETokens</a>, <a>RespMultipleSTokens</a> -- multiple
--   <tt>e</tt>/<tt>s</tt> tokens were encountered for a message
--   originating with the initiator/responder.</li>
--   <li><a>InitSecretNotRandom</a>, <a>RespSecretNotRandom</a> -- From the
--   protocol:</li>
--   </ul>
--   
--   <pre>
--   After performing a DH between a remote public key and any local private
--   key that is not an ephemeral private key, the local party must not send
--   any encrypted data (i.e. must not call ENCRYPT()) unless it has also
--   performed a DH between an ephemeral private key and the remote public
--   key.
--   </pre>
--   
--   <ul>
--   <li><a>DHInPreMsg</a> -- A DH token (such as <tt>ee</tt> or
--   <tt>es</tt>) was found in the pre-message portion of the
--   handshake.</li>
--   <li><a>PSKInPreMsg</a> -- A <tt>psk</tt> token was found in the
--   pre-message portion of the handshake.</li>
--   <li><a>PSKWithoutEToken</a> -- A <tt>psk</tt> token was used before an
--   <tt>e</tt> token was encountered.</li>
--   </ul>
data InspectionError
InitMultipleETokens :: ErrorPosition -> InspectionError
InitMultipleSTokens :: ErrorPosition -> InspectionError
RespMultipleETokens :: ErrorPosition -> InspectionError
RespMultipleSTokens :: ErrorPosition -> InspectionError
InitSecretNotRandom :: ErrorPosition -> InspectionError
RespSecretNotRandom :: ErrorPosition -> InspectionError
DHInPreMsg :: ErrorPosition -> InspectionError
PSKInPreMsg :: ErrorPosition -> InspectionError
PSKWithoutEToken :: ErrorPosition -> InspectionError

-- | <pre>
--   (message number, token number)
--   </pre>
--   
--   Represents the location within the pattern at which an error resides,
--   starting with zero.
type ErrorPosition = (Int, Int)

-- | Validates a <a>HandshakePattern</a> according to the rules defined in
--   section 7.1 and 9.3 of the protocol. If no violations are found, the
--   result will be an empty list.
validateHandshakePattern :: HandshakePattern -> [InspectionError]
