-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Cryptography primitives for cardano
--   
--   Cryptography primitives for cardano
@package cardano-crypto
@version 1.1.0

module Cardano.Crypto.Wallet.Types
newtype ChainCode
ChainCode :: ByteString -> ChainCode
data DerivationScheme
DerivationScheme1 :: DerivationScheme
DerivationScheme2 :: DerivationScheme
type DerivationIndex = Word32
pattern LatestScheme :: DerivationScheme
instance GHC.Enum.Bounded Cardano.Crypto.Wallet.Types.DerivationScheme
instance GHC.Enum.Enum Cardano.Crypto.Wallet.Types.DerivationScheme
instance GHC.Classes.Ord Cardano.Crypto.Wallet.Types.DerivationScheme
instance GHC.Classes.Eq Cardano.Crypto.Wallet.Types.DerivationScheme
instance GHC.Show.Show Cardano.Crypto.Wallet.Types.DerivationScheme
instance Data.Hashable.Class.Hashable Cardano.Crypto.Wallet.Types.ChainCode
instance Control.DeepSeq.NFData Cardano.Crypto.Wallet.Types.ChainCode
instance Data.ByteArray.Types.ByteArrayAccess Cardano.Crypto.Wallet.Types.ChainCode
instance GHC.Classes.Ord Cardano.Crypto.Wallet.Types.ChainCode
instance GHC.Classes.Eq Cardano.Crypto.Wallet.Types.ChainCode
instance GHC.Show.Show Cardano.Crypto.Wallet.Types.ChainCode
instance Foundation.Check.Arbitrary.Arbitrary Cardano.Crypto.Wallet.Types.DerivationScheme

module Cardano.Crypto.Wallet.Encrypted
data EncryptedKey

-- | Create an encryped key from binary representation.
--   
--   If the binary is not of the right size, Nothing is returned
encryptedKey :: ByteString -> Maybe EncryptedKey
unEncryptedKey :: EncryptedKey -> ByteString
newtype Signature
Signature :: ByteString -> Signature

-- | Create a new encrypted key from the secret, encrypting the secret in
--   memory using the passphrase.
encryptedCreate :: (ByteArrayAccess passphrase, ByteArrayAccess secret, ByteArrayAccess cc) => secret -> passphrase -> cc -> CryptoFailable EncryptedKey

-- | Create a new encrypted key using the output of the masterKeyGeneration
--   directly (96 bytes) using the encryption passphrase.
encryptedCreateDirectWithTweak :: (ByteArrayAccess passphrase, ByteArrayAccess secret) => secret -> passphrase -> EncryptedKey

-- | Create a new encrypted key that uses a different passphrase
encryptedChangePass :: (ByteArrayAccess oldPassPhrase, ByteArrayAccess newPassPhrase) => oldPassPhrase -> newPassPhrase -> EncryptedKey -> EncryptedKey

-- | Sign using the encrypted keys and temporarly decrypt the secret in
--   memory with a minimal memory footprint.
encryptedSign :: (ByteArrayAccess passphrase, ByteArrayAccess msg) => EncryptedKey -> passphrase -> msg -> Signature

-- | Get the public part of an encrypted key
encryptedPublic :: EncryptedKey -> ByteString

-- | Get the chain code part of an encrypted key
encryptedChainCode :: EncryptedKey -> ByteString
encryptedDerivePrivate :: ByteArrayAccess passphrase => DerivationScheme -> EncryptedKey -> passphrase -> DerivationIndex -> EncryptedKey
encryptedDerivePublic :: DerivationScheme -> (PublicKey, ChainCode) -> DerivationIndex -> (PublicKey, ChainCode)
instance Control.DeepSeq.NFData Cardano.Crypto.Wallet.Encrypted.Signature
instance Data.ByteArray.Types.ByteArrayAccess Cardano.Crypto.Wallet.Encrypted.EncryptedKey
instance Control.DeepSeq.NFData Cardano.Crypto.Wallet.Encrypted.EncryptedKey

module Cardano.Internal.Compat

-- | Return the contents of a <a>Right</a>-value or a default value
--   otherwise.
--   
--   <h4><b>Examples</b></h4>
--   
--   Basic usage:
--   
--   <pre>
--   &gt;&gt;&gt; fromRight 1 (Right 3)
--   3
--   
--   &gt;&gt;&gt; fromRight 1 (Left "foo")
--   1
--   </pre>
fromRight :: b -> Either a b -> b


-- | Ed25519 support
module Crypto.ECC.Ed25519Donna

-- | An Ed25519 Secret key
newtype SecretKey
SecretKey :: ScrubbedBytes -> SecretKey

-- | An Ed25519 public key
newtype PublicKey
PublicKey :: Bytes -> PublicKey

-- | An Ed25519 signature
data Signature

-- | Try to build a signature from a bytearray
signature :: ByteArrayAccess ba => ba -> CryptoFailable Signature

-- | Try to build a public key from a bytearray
publicKey :: ByteArrayAccess ba => ba -> CryptoFailable PublicKey

-- | Try to build a secret key from a bytearray
secretKey :: ByteArrayAccess ba => ba -> CryptoFailable SecretKey

-- | Create a public key from a secret key
toPublic :: SecretKey -> PublicKey

-- | Sign a message using the key pair
sign :: (ByteArrayAccess msg, ByteArrayAccess salt) => SecretKey -> salt -> PublicKey -> msg -> Signature

-- | Verify a message
verify :: ByteArrayAccess ba => PublicKey -> ba -> Signature -> Bool
publicAdd :: PublicKey -> PublicKey -> PublicKey
secretAdd :: SecretKey -> SecretKey -> SecretKey
instance Control.DeepSeq.NFData Crypto.ECC.Ed25519Donna.SecretKey
instance Data.ByteArray.Types.ByteArrayAccess Crypto.ECC.Ed25519Donna.SecretKey
instance GHC.Classes.Eq Crypto.ECC.Ed25519Donna.SecretKey
instance Control.DeepSeq.NFData Crypto.ECC.Ed25519Donna.PublicKey
instance Data.ByteArray.Types.ByteArrayAccess Crypto.ECC.Ed25519Donna.PublicKey
instance GHC.Classes.Eq Crypto.ECC.Ed25519Donna.PublicKey
instance GHC.Show.Show Crypto.ECC.Ed25519Donna.PublicKey
instance Control.DeepSeq.NFData Crypto.ECC.Ed25519Donna.Signature
instance Data.ByteArray.Types.ByteArrayAccess Crypto.ECC.Ed25519Donna.Signature
instance GHC.Classes.Eq Crypto.ECC.Ed25519Donna.Signature
instance GHC.Show.Show Crypto.ECC.Ed25519Donna.Signature

module Crypto.Encoding.BIP39.Dictionary

-- | this discribe the property of the Dictionary and will alllow to
--   convert from a mnemonic phrase to <tt>MnemonicSentence</tt>
--   
--   This is especially needed to build the BIP39 <tt>Seed</tt>
data Dictionary
Dictionary :: (WordIndex -> String) -> (String -> Either DictionaryError WordIndex) -> (String -> Bool) -> String -> Dictionary

-- | This function will retrieve the mnemonic word associated to the given
--   <a>WordIndex</a>.
[dictionaryIndexToWord] :: Dictionary -> WordIndex -> String

-- | This function will retrieve the <a>WordIndex</a> from a given mnemonic
--   word.
[dictionaryWordToIndex] :: Dictionary -> String -> Either DictionaryError WordIndex

-- | test a given word is in the dictionary
[dictionaryTestWord] :: Dictionary -> String -> Bool

-- | joining string (e.g. space for english)
[dictionaryWordSeparator] :: Dictionary -> String

-- | Index of the mnemonic word in the <a>Dictionary</a>
--   
--   <a>WordIndex</a> are within range of [0..2047]
data WordIndex
wordIndex :: Offset String -> WordIndex
unWordIndex :: WordIndex -> Offset String
data DictionaryError
ErrInvalidDictionaryWord :: String -> DictionaryError
instance Basement.NormalForm.NormalForm Crypto.Encoding.BIP39.Dictionary.WordIndex
instance GHC.Classes.Ord Crypto.Encoding.BIP39.Dictionary.WordIndex
instance GHC.Classes.Eq Crypto.Encoding.BIP39.Dictionary.WordIndex
instance GHC.Show.Show Crypto.Encoding.BIP39.Dictionary.WordIndex
instance GHC.Show.Show Crypto.Encoding.BIP39.Dictionary.DictionaryError
instance GHC.Enum.Enum Crypto.Encoding.BIP39.Dictionary.WordIndex
instance GHC.Enum.Bounded Crypto.Encoding.BIP39.Dictionary.WordIndex
instance Basement.From.TryFrom (Basement.Types.OffsetSize.Offset Basement.UTF8.Base.String) Crypto.Encoding.BIP39.Dictionary.WordIndex
instance Basement.From.TryFrom GHC.Types.Int Crypto.Encoding.BIP39.Dictionary.WordIndex

module Crypto.Encoding.BIP39

-- | BIP39's entropy is a byte array of a given size (in bits, see
--   <a>ValidEntropySize</a> for the valid size).
--   
--   To it is associated
data Entropy (n :: Nat)

-- | Type Constraint Alias to check a given <a>Nat</a> is valid for an
--   entropy size
--   
--   i.e. it must be one of the following: 96, 128, 160, 192, 224, 256.
type ValidEntropySize (n :: Nat) = (KnownNat n, NatWithinBound Int n, Elem n '[96, 128, 160, 192, 224, 256])

-- | this is the <a>Checksum</a> of a given <a>Entropy</a>
--   
--   the <a>Nat</a> type parameter represent the size, in bits, of this
--   checksum.
data Checksum (bits :: Nat)
type ValidChecksumSize (ent :: Nat) (csz :: Nat) = (KnownNat csz, NatWithinBound Int csz, Elem csz '[3, 4, 5, 6, 7, 8], CheckSumBits ent ~ csz)

-- | Number of Words related to a specific entropy size in bits
type family MnemonicWords (n :: Nat) :: Nat

-- | Corresponding entropy size in bits for a given number of words
type family EntropySize (n :: Nat) :: Nat

-- | Create a specific entropy type of known size from a raw bytestring
toEntropy :: forall n csz ba. (ValidEntropySize n, ValidChecksumSize n csz, ByteArrayAccess ba) => ba -> Either (EntropyError csz) (Entropy n)

-- | Get the raw binary associated with the entropy
entropyRaw :: Entropy n -> ByteString

-- | Get the checksum of the Entropy
entropyChecksum :: Entropy n -> Checksum (CheckSumBits n)

-- | Given an entropy of size n, Create a list
entropyToWords :: forall n csz mw. ConsistentEntropy n mw csz => Entropy n -> MnemonicSentence mw

-- | retrieve the initial entropy from a given <a>MnemonicSentence</a>
--   
--   This function validate the retrieved <a>Entropy</a> is valid, i.e.
--   that the checksum is correct. This means you should not create a new
--   <a>Entropy</a> from a <a>MnemonicSentence</a>, instead, you should use
--   a Random Number Generator to create a new <a>Entropy</a>.
wordsToEntropy :: forall ent csz mw. ConsistentEntropy ent mw csz => MnemonicSentence mw -> Either (EntropyError csz) (Entropy ent)
data Seed
type Passphrase = String

-- | Create a seed from <tt>MmemonicSentence</tt> and <a>Passphrase</a>
--   using the BIP39 algorithm.
sentenceToSeed :: ValidMnemonicSentence mw => MnemonicSentence mw -> Dictionary -> Passphrase -> Seed

-- | Create a seed from <tt>MmemonicPhrase</tt> and <a>Passphrase</a> using
--   the BIP39 algorithm.
phraseToSeed :: ValidMnemonicSentence mw => MnemonicPhrase mw -> Dictionary -> Passphrase -> Seed

-- | Mnemonic Sentence is a list of <a>WordIndex</a>.
--   
--   This is the generic representation of a mnemonic phrase that can be
--   used for transalating to a different dictionary (example: English to
--   Japanese).
--   
--   This is mainly used to convert from/to the <a>Entropy</a> and for
--   <tt>cardanoSlSeed</tt>
data MnemonicSentence (mw :: Nat)

-- | Human readable representation of a <a>MnemonicSentence</a>
data MnemonicPhrase (mw :: Nat)

-- | Type Constraint to validate the given <a>Nat</a> is valid for the
--   supported <a>MnemonicSentence</a>
type ValidMnemonicSentence (mw :: Nat) = (KnownNat mw, NatWithinBound Int mw, Elem mw '[9, 12, 15, 18, 21, 24])
mnemonicPhrase :: forall mw. ValidMnemonicSentence mw => [String] -> Either MnemonicWordsError (MnemonicPhrase mw)

-- | check a given <a>MnemonicPhrase</a> is valid for the given
--   <a>Dictionary</a>
checkMnemonicPhrase :: forall mw. ValidMnemonicSentence mw => Dictionary -> MnemonicPhrase mw -> Bool

-- | convert the given <a>MnemonicPhrase</a> to a generic
--   <a>MnemonicSentence</a> with the given <a>Dictionary</a>.
--   
--   This function assumes the <a>Dictionary</a> and the
--   <a>MnemonicPhrase</a> are compatible (see <a>checkMnemonicPhrase</a>).
mnemonicPhraseToMnemonicSentence :: forall mw. ValidMnemonicSentence mw => Dictionary -> MnemonicPhrase mw -> Either DictionaryError (MnemonicSentence mw)

-- | convert the given generic <a>MnemonicSentence</a> to a human readable
--   <a>MnemonicPhrase</a> targetting the language of the given
--   <a>Dictionary</a>.
mnemonicSentenceToMnemonicPhrase :: forall mw. ValidMnemonicSentence mw => Dictionary -> MnemonicSentence mw -> MnemonicPhrase mw
mnemonicSentenceToString :: forall mw. ValidMnemonicSentence mw => Dictionary -> MnemonicSentence mw -> String
mnemonicSentenceToListN :: MnemonicSentence mw -> ListN mw WordIndex
mnemonicPhraseToString :: forall mw. ValidMnemonicSentence mw => Dictionary -> MnemonicPhrase mw -> String

-- | translate the given <a>MnemonicPhrase</a> from one dictionary into
--   another.
--   
--   This function assumes the source dictionary is compatible with the
--   given <a>MnemonicPhrase</a> (see <a>checkMnemonicPhrase</a>)
translateTo :: forall mw. ValidMnemonicSentence mw => Dictionary -> Dictionary -> MnemonicPhrase mw -> Either DictionaryError (MnemonicPhrase mw)

-- | this discribe the property of the Dictionary and will alllow to
--   convert from a mnemonic phrase to <tt>MnemonicSentence</tt>
--   
--   This is especially needed to build the BIP39 <tt>Seed</tt>
data Dictionary
Dictionary :: (WordIndex -> String) -> (String -> Either DictionaryError WordIndex) -> (String -> Bool) -> String -> Dictionary

-- | This function will retrieve the mnemonic word associated to the given
--   <a>WordIndex</a>.
[dictionaryIndexToWord] :: Dictionary -> WordIndex -> String

-- | This function will retrieve the <a>WordIndex</a> from a given mnemonic
--   word.
[dictionaryWordToIndex] :: Dictionary -> String -> Either DictionaryError WordIndex

-- | test a given word is in the dictionary
[dictionaryTestWord] :: Dictionary -> String -> Bool

-- | joining string (e.g. space for english)
[dictionaryWordSeparator] :: Dictionary -> String

-- | Index of the mnemonic word in the <a>Dictionary</a>
--   
--   <a>WordIndex</a> are within range of [0..2047]
data WordIndex
wordIndex :: Offset String -> WordIndex
unWordIndex :: WordIndex -> Offset String

-- | Type Constraint Alias to check the entropy size, the number of
--   mnemonic words and the checksum size is consistent. i.e. that the
--   following is true:
--   
--   | entropysize | checksumsize | entropysize + checksumsize |
--   mnemonicsize |
--   +---------------+--------------+----------------------------+--------------+
--   | 96 | 3 | 99 | 9 | | 128 | 4 | 132 | 12 | | 160 | 5 | 165 | 15 | |
--   192 | 6 | 198 | 18 | | 224 | 7 | 231 | 21 | | 256 | 8 | 264 | 24 |
--   
--   This type constraint alias also perform all the GHC's cumbersome type
--   level literal handling.
type ConsistentEntropy ent mw csz = (ValidEntropySize ent, ValidChecksumSize ent csz, ValidMnemonicSentence mw, MnemonicWords ent ~ mw)

-- | Number of bits of checksum related to a specific entropy size in bits
type family CheckSumBits (n :: Nat) :: Nat

-- | convenient type level constraint to validate a given <a>Nat</a> e is
--   an elemnt of the list of <a>Nat</a> l.
type family Elem (e :: Nat) (l :: [Nat]) :: Constraint
data DictionaryError
ErrInvalidDictionaryWord :: String -> DictionaryError
data EntropyError csz
ErrInvalidEntropyLength :: Int -> Int -> EntropyError csz
ErrInvalidEntropyChecksum :: Checksum csz -> Checksum csz -> EntropyError csz
data MnemonicWordsError
ErrWrongNumberOfWords :: Int -> Int -> MnemonicWordsError
instance Basement.NormalForm.NormalForm (Crypto.Encoding.BIP39.Checksum bits)
instance GHC.Classes.Eq (Crypto.Encoding.BIP39.Checksum bits)
instance GHC.Show.Show (Crypto.Encoding.BIP39.Checksum bits)
instance GHC.Classes.Eq (Crypto.Encoding.BIP39.Entropy n)
instance GHC.Show.Show (Crypto.Encoding.BIP39.Entropy n)
instance Data.String.IsString Crypto.Encoding.BIP39.Seed
instance Data.ByteArray.Types.ByteArray Crypto.Encoding.BIP39.Seed
instance Data.ByteArray.Types.ByteArrayAccess Crypto.Encoding.BIP39.Seed
instance GHC.Base.Monoid Crypto.Encoding.BIP39.Seed
instance GHC.Base.Semigroup Crypto.Encoding.BIP39.Seed
instance GHC.Classes.Ord Crypto.Encoding.BIP39.Seed
instance GHC.Classes.Eq Crypto.Encoding.BIP39.Seed
instance GHC.Show.Show Crypto.Encoding.BIP39.Seed
instance Basement.NormalForm.NormalForm (Crypto.Encoding.BIP39.MnemonicSentence mw)
instance GHC.Classes.Ord (Crypto.Encoding.BIP39.MnemonicSentence mw)
instance GHC.Classes.Eq (Crypto.Encoding.BIP39.MnemonicSentence mw)
instance GHC.Show.Show (Crypto.Encoding.BIP39.MnemonicSentence mw)
instance Basement.NormalForm.NormalForm (Crypto.Encoding.BIP39.MnemonicPhrase mw)
instance GHC.Classes.Ord (Crypto.Encoding.BIP39.MnemonicPhrase mw)
instance GHC.Classes.Eq (Crypto.Encoding.BIP39.MnemonicPhrase mw)
instance GHC.Show.Show (Crypto.Encoding.BIP39.MnemonicPhrase mw)
instance GHC.Show.Show (Crypto.Encoding.BIP39.EntropyError csz)
instance GHC.Show.Show Crypto.Encoding.BIP39.MnemonicWordsError
instance Crypto.Encoding.BIP39.ValidMnemonicSentence mw => GHC.Exts.IsList (Crypto.Encoding.BIP39.MnemonicSentence mw)
instance Crypto.Encoding.BIP39.ValidMnemonicSentence mw => GHC.Exts.IsList (Crypto.Encoding.BIP39.MnemonicPhrase mw)
instance Basement.NormalForm.NormalForm (Crypto.Encoding.BIP39.Entropy n)
instance Foundation.Check.Arbitrary.Arbitrary (Crypto.Encoding.BIP39.Entropy 96)
instance Foundation.Check.Arbitrary.Arbitrary (Crypto.Encoding.BIP39.Entropy 128)
instance Foundation.Check.Arbitrary.Arbitrary (Crypto.Encoding.BIP39.Entropy 160)
instance Foundation.Check.Arbitrary.Arbitrary (Crypto.Encoding.BIP39.Entropy 192)
instance Foundation.Check.Arbitrary.Arbitrary (Crypto.Encoding.BIP39.Entropy 224)
instance Foundation.Check.Arbitrary.Arbitrary (Crypto.Encoding.BIP39.Entropy 256)


-- | implementation of the proposal specification for Paper Wallet see
--   <a>https://github.com/input-output-hk/cardano-specs/blob/master/proposals/0001-PaperWallet.md</a>
--   
--   however we allow more genericity in the implementation to allow not
--   only 12 mnemonic words to freeze but also 15, 18 and 21.
--   
--   because the output mnemonic words are always 3 words longer (for the
--   IV) we cannot use 24 words long mnemonic sentence.
--   
--   assumption:
--   
--   <ul>
--   <li>we use <tt>PBKDF2</tt> with 'HMAC 512' to generate the OTP.</li>
--   <li>we use 10000 iteration for the PBKDF2</li>
--   <li>we use the 4 bytes <a>IOHK</a> for the CONSTANT</li>
--   </ul>
module Cardano.Crypto.Encoding.Seed

-- | BIP39's entropy is a byte array of a given size (in bits, see
--   <a>ValidEntropySize</a> for the valid size).
--   
--   To it is associated
data Entropy (n :: Nat)
type Passphrase = String

-- | Mnemonic Sentence is a list of <a>WordIndex</a>.
--   
--   This is the generic representation of a mnemonic phrase that can be
--   used for transalating to a different dictionary (example: English to
--   Japanese).
--   
--   This is mainly used to convert from/to the <a>Entropy</a> and for
--   <tt>cardanoSlSeed</tt>
data MnemonicSentence (mw :: Nat)

-- | Type Constraint Alias to check the entropy size, the number of
--   mnemonic words and the checksum size is consistent. i.e. that the
--   following is true:
--   
--   | entropysize | checksumsize | entropysize + checksumsize |
--   mnemonicsize |
--   +---------------+--------------+----------------------------+--------------+
--   | 96 | 3 | 99 | 9 | | 128 | 4 | 132 | 12 | | 160 | 5 | 165 | 15 | |
--   192 | 6 | 198 | 18 | | 224 | 7 | 231 | 21 | | 256 | 8 | 264 | 24 |
--   
--   This type constraint alias also perform all the GHC's cumbersome type
--   level literal handling.
type ConsistentEntropy ent mw csz = (ValidEntropySize ent, ValidChecksumSize ent csz, ValidMnemonicSentence mw, MnemonicWords ent ~ mw)
data ScrambleIV
mkScrambleIV :: ByteString -> CryptoFailable ScrambleIV

-- | scramble the given entropy into an entropy slighly larger.
--   
--   This entropy can then be converted to a mnemonic sentence:
--   
--   <pre>
--   freeze iv mnemonics passphrase = entropyToWords . scramble iv entropy passphrase
--     where
--       entropy = case wordsToEntropy mnemonics of
--           Nothing -&gt; error "mnemonic to entropy failed"
--           Just e  -&gt; e
--   </pre>
scramble :: forall entropysizeI entropysizeO mnemonicsize scramblesize csI csO. (ConsistentEntropy entropysizeI mnemonicsize csI, ConsistentEntropy entropysizeO scramblesize csO, (mnemonicsize + IVSizeWords) ~ scramblesize, (entropysizeI + IVSizeBits) ~ entropysizeO) => ScrambleIV -> Entropy entropysizeI -> Passphrase -> Entropy entropysizeO

-- | The reverse operation of <a>scramble</a>
--   
--   This function recovers the original entropy from the given scrambled
--   entropy and the associated password.
--   
--   <pre>
--   recover scrambled passphrase = entropyToWords <tt>entropysizeO .
--       unscramble </tt>entropysizeI <tt>entropysizeO entropyScrambled passphrase
--     where
--       entropyScrambled = case wordsToEntropy </tt>entropysizeI scrambled of
--           Nothing -&gt; error "mnemonic to entropy failed"
--           Just e  -&gt; e
--   </pre>
unscramble :: forall entropysizeI entropysizeO mnemonicsize scramblesize csI csO. (ConsistentEntropy entropysizeI scramblesize csI, ConsistentEntropy entropysizeO mnemonicsize csO, (mnemonicsize + IVSizeWords) ~ scramblesize, (entropysizeO + IVSizeBits) ~ entropysizeI) => Entropy entropysizeI -> Passphrase -> Entropy entropysizeO
type IVSizeWords = 6
type IVSizeBits = 64

-- | helper function to scramble mnemonics
scrambleMnemonic :: forall entropysizeI entropysizeO mnemonicsize scramblesize csI csO. (ConsistentEntropy entropysizeI mnemonicsize csI, ConsistentEntropy entropysizeO scramblesize csO, (mnemonicsize + IVSizeWords) ~ scramblesize, (entropysizeI + IVSizeBits) ~ entropysizeO) => Proxy entropysizeI -> ScrambleIV -> MnemonicSentence mnemonicsize -> Passphrase -> MnemonicSentence scramblesize
instance Data.ByteArray.Types.ByteArrayAccess Cardano.Crypto.Encoding.Seed.ScrambleIV
instance GHC.Show.Show Cardano.Crypto.Encoding.Seed.ScrambleIV
instance GHC.Classes.Ord Cardano.Crypto.Encoding.Seed.ScrambleIV
instance GHC.Classes.Eq Cardano.Crypto.Encoding.Seed.ScrambleIV
instance Foundation.Check.Arbitrary.Arbitrary Cardano.Crypto.Encoding.Seed.ScrambleIV

module Cardano.Crypto.Encoding.BIP39

-- | <ul>
--   <li>*this is not a BIP39 function**</li>
--   </ul>
--   
--   This function is the function used in `cardano-sl` (and Daedalus) to
--   generate a seed from a given mnemonic list.
--   
--   
--   <a>https://github.com/input-output-hk/cardano-sl/blob/f5b8073b92b8219ae5fbb038c0ceb4a19502a86b/wallet/src/Pos/Util/BackupPhrase.hs#L59-L65</a>
--   <a>https://github.com/input-output-hk/cardano-sl/blob/429efc2426c63802ae86789f5b828dcbb42de88a/wallet/src/Pos/Util/Mnemonics.hs#L66-L87</a>
cardanoSlSeed :: forall n csz mw. ConsistentEntropy n mw csz => Proxy n -> MnemonicSentence mw -> Maybe Seed

module Crypto.Encoding.BIP39.English
english :: Dictionary

module Crypto.Math.Bits

-- | Finite Bits
--   
--   Sadly Bits is taken by Bits operation
data FBits (n :: Nat)
FBits :: Natural -> FBits (n :: Nat)
[unFBits] :: FBits (n :: Nat) -> Natural
data FBitsK
FBitsK :: (forall n. (KnownNat n, SizeValid n) => FBits n) -> FBitsK
type SizeValid n = (KnownNat n, 1 <= n)
splitHalf :: forall m n. (SizeValid n, (n * 2) ~ m) => FBits m -> (FBits n, FBits n)

-- | Append 2 FBits together where the left member is shifted to make room
--   for the right element.
--   
--   e.g. append (0x1 :: FBits 1) (0x70 :: FBits 7) = 0xf0 :: FBits 8
append :: forall m n r. (SizeValid m, SizeValid n, SizeValid r, (m + n) ~ r) => FBits n -> FBits m -> FBits r
dropBitsOnRight :: forall a b diff. (KnownNat diff, b <= a, SizeValid a, SizeValid b, (a - b) ~ diff) => FBits a -> FBits b
dropBitsOnLeft :: forall a b. (KnownNat b, b <= a, SizeValid a, SizeValid b) => FBits a -> FBits b
instance GHC.Classes.Ord (Crypto.Math.Bits.FBits n)
instance GHC.Classes.Eq (Crypto.Math.Bits.FBits n)
instance GHC.Show.Show (Crypto.Math.Bits.FBits n)
instance Crypto.Math.Bits.SizeValid n => GHC.Enum.Enum (Crypto.Math.Bits.FBits n)
instance Crypto.Math.Bits.SizeValid n => GHC.Enum.Bounded (Crypto.Math.Bits.FBits n)
instance Crypto.Math.Bits.SizeValid n => GHC.Num.Num (Crypto.Math.Bits.FBits n)
instance Crypto.Math.Bits.SizeValid n => Data.Bits.Bits (Crypto.Math.Bits.FBits n)

module Crypto.Math.NatMath
type family Div8 (bitLen :: Nat) :: Nat
type family IsDiv8 (bitLen :: Nat) (n :: Nat)
type family Mod8 (n :: Nat)
type IsDivisibleBy8 bitLen = IsDiv8 bitLen bitLen ~ 'True

module Crypto.Math.Bytes
data Bytes (n :: Nat)
data Endian
LittleEndian :: Endian
BigEndian :: Endian
pack :: forall n. KnownNat n => [Word8] -> Bytes n
packSome :: (forall n. KnownNat n => Bytes n -> a) -> [Word8] -> a
unpack :: Bytes n -> [Word8]

-- | transform bits into bytes with a specific endianness
fromBits :: forall n. KnownNat n => Endian -> FBits n -> Bytes (Div8 n)

-- | transform bytes into bits with a specific endianness
toBits :: Endian -> Bytes n -> FBits (n * 8)
append :: forall m n r. (m + n) ~ r => Bytes n -> Bytes m -> Bytes r
take :: forall n m. (KnownNat n, n <= m) => Bytes m -> Bytes n
drop :: forall n m. (KnownNat m, KnownNat n, n <= m) => Bytes m -> Bytes n
splitHalf :: forall m n. (KnownNat n, (n * 2) ~ m) => Bytes m -> (Bytes n, Bytes n)
trace :: String -> Bytes n -> Bytes n
instance GHC.Classes.Eq (Crypto.Math.Bytes.Bytes n)
instance GHC.Show.Show (Crypto.Math.Bytes.Bytes n)
instance GHC.Classes.Eq Crypto.Math.Bytes.Endian
instance GHC.Show.Show Crypto.Math.Bytes.Endian


-- | Simple module to play with the arithmetics of the twisted edwards
--   curve Ed25519 using Extended Twisted Edwards Coordinates. Compared to
--   the normal implementation this allow to use standard DH property:
--   
--   for all valid s1 and s2 scalar:
--   
--   <pre>
--   scalarToPoint (s1 + s2) = pointAdd (scalarToPoint s1) (scalarToPoint s2)
--   </pre>
--   
--   For further useful references about Ed25519:
--   
--   <ul>
--   <li>RFC 8032</li>
--   <li><a>http://ed25519.cr.yp.to/</a></li>
--   <li><a>http://ed25519.cr.yp.to/ed25519-20110926.pdf</a></li>
--   <li><a>http://eprint.iacr.org/2008/522.pdf</a></li>
--   </ul>
module Crypto.Math.Edwards25519

-- | Represent a scalar in the base field
data Scalar

-- | Represent a point on the Edwards 25519 curve
data PointCompressed

-- | Represent a signature
newtype Signature
Signature :: ByteString -> Signature
[unSignature] :: Signature -> ByteString

-- | Create a Ed25519 scalar
--   
--   Only check that the length is of expected size (32 bytes), no effort
--   is made for the scalar to be in the right base field range on purpose.
scalar :: ByteString -> Scalar
scalarP :: Bytes 32 -> Scalar
unScalar :: Scalar -> ByteString

-- | Check if a scalar is valid and all the bits properly set/cleared
--   scalarValid :: Scalar -&gt; Bool scalarValid _s = True -- TODO
--   
--   Smart constructor to create a compress point binary
--   
--   Check if the length is of expected size
pointCompressed :: HasCallStack => ByteString -> PointCompressed
pointCompressedP :: Bytes 32 -> PointCompressed
unPointCompressed :: PointCompressed -> ByteString
unPointCompressedP :: PointCompressed -> Bytes 32

-- | Create a scalar from integer. mainly for debugging purpose.
scalarFromInteger :: Integer -> Scalar

-- | Add 2 scalar in the base field together
scalarAdd :: Scalar -> Scalar -> Scalar

-- | Lift a scalar to the curve, and returning a compressed point
scalarToPoint :: Scalar -> PointCompressed

-- | Add 2 points together
pointAdd :: PointCompressed -> PointCompressed -> PointCompressed

-- | Create a signature using a variant of ED25519 signature
--   
--   we don't hash the secret key to derive a key + prefix, but instead we
--   take an explicit salt and compute a prefix using the secret key +
--   salt.
sign :: ByteArrayAccess msg => Scalar -> ByteString -> msg -> Signature

-- | Verify a signature
verify :: ByteArrayAccess msg => PointCompressed -> msg -> Signature -> Bool
instance Data.Hashable.Class.Hashable Crypto.Math.Edwards25519.PointCompressed
instance Control.DeepSeq.NFData Crypto.Math.Edwards25519.PointCompressed
instance GHC.Classes.Ord Crypto.Math.Edwards25519.PointCompressed
instance GHC.Classes.Eq Crypto.Math.Edwards25519.PointCompressed
instance GHC.Show.Show Crypto.Math.Edwards25519.PointCompressed
instance Data.Hashable.Class.Hashable Crypto.Math.Edwards25519.Signature
instance Control.DeepSeq.NFData Crypto.Math.Edwards25519.Signature
instance GHC.Classes.Ord Crypto.Math.Edwards25519.Signature
instance GHC.Classes.Eq Crypto.Math.Edwards25519.Signature
instance GHC.Show.Show Crypto.Math.Edwards25519.Signature
instance GHC.Classes.Eq Crypto.Math.Edwards25519.ExtendedPoint
instance GHC.Show.Show Crypto.Math.Edwards25519.ExtendedPoint

module Cardano.Crypto.Wallet.Pure
data XPrv
XPrv :: !Scalar -> !ChainCode -> XPrv
data XPub
XPub :: !PointCompressed -> !ChainCode -> XPub
xprvPub :: XPrv -> ByteString
deriveXPrv :: XPrv -> Word32 -> XPrv
deriveXPrvHardened :: XPrv -> Word32 -> XPrv

-- | Derive a child public from an extended public key
deriveXPub :: XPub -> Word32 -> XPub
hInitSeed :: ByteArrayAccess seed => seed -> Context SHA512
hFinalize :: Context SHA512 -> (ByteString, ChainCode)
instance GHC.Generics.Generic Cardano.Crypto.Wallet.Pure.XPub
instance GHC.Show.Show Cardano.Crypto.Wallet.Pure.XPub
instance GHC.Classes.Ord Cardano.Crypto.Wallet.Pure.XPub
instance GHC.Classes.Eq Cardano.Crypto.Wallet.Pure.XPub
instance Control.DeepSeq.NFData Cardano.Crypto.Wallet.Pure.XPub
instance Data.Hashable.Class.Hashable Cardano.Crypto.Wallet.Pure.XPub


-- | This provides similar functionality to BIP32 but using Ed25519
--   arithmetic instead of P256K1 arithmethic.
--   
--   Key can be hierarchically derived from private key in two fashions:
--   Hardened or Normal.
--   
--   In the hardened scheme, the child secret key is not linearly derived,
--   so that the child public key has no way to be efficiently computed
--   from the parent public key.
--   
--   The normal scheme allows anyone to derive public keys from public key.
module Cardano.Crypto.Wallet
newtype ChainCode
ChainCode :: ByteString -> ChainCode
data DerivationScheme
DerivationScheme1 :: DerivationScheme
DerivationScheme2 :: DerivationScheme
type DerivationIndex = Word32
pattern LatestScheme :: DerivationScheme
data XPrv
data XPub
XPub :: !ByteString -> !ChainCode -> XPub
[xpubPublicKey] :: XPub -> !ByteString
[xpubChaincode] :: XPub -> !ChainCode
data XSignature

-- | Generate a new XPrv
--   
--   The seed needs to be at least 32 bytes, otherwise an asynchronous
--   error is thrown
generate :: (ByteArrayAccess passPhrase, ByteArrayAccess seed) => seed -> passPhrase -> XPrv

-- | Generate a new XPrv from an entropy seed
--   
--   The seed should be at least 16 bytes, although it is not enforced
--   
--   The passphrase encrypt the secret key in memory
generateNew :: (ByteArrayAccess keyPassPhrase, ByteArrayAccess generationPassPhrase, ByteArrayAccess seed) => seed -> generationPassPhrase -> keyPassPhrase -> XPrv

-- | Simple constructor
xprv :: ByteArrayAccess bin => bin -> Either String XPrv
xpub :: ByteString -> Either String XPub
xsignature :: ByteString -> Either String XSignature
unXPrv :: XPrv -> ByteString
unXPub :: XPub -> ByteString
unXSignature :: XSignature -> ByteString

-- | Generate extended public key from private key
toXPub :: HasCallStack => XPrv -> XPub

-- | Return the Ed25519 public key associated with a XPub context
xPubGetPublicKey :: XPub -> PublicKey
xPrvChangePass :: (ByteArrayAccess oldPassPhrase, ByteArrayAccess newPassPhrase) => oldPassPhrase -> newPassPhrase -> XPrv -> XPrv

-- | Derive a child extended private key from an extended private key
deriveXPrv :: ByteArrayAccess passPhrase => DerivationScheme -> passPhrase -> XPrv -> Word32 -> XPrv

-- | Derive a child extended public key from an extended public key
deriveXPub :: DerivationScheme -> XPub -> Word32 -> Maybe XPub
sign :: (ByteArrayAccess passPhrase, ByteArrayAccess msg) => passPhrase -> XPrv -> msg -> XSignature
verify :: ByteArrayAccess msg => XPub -> msg -> XSignature -> Bool
instance Data.ByteArray.Types.ByteArrayAccess Cardano.Crypto.Wallet.XPrv
instance Control.DeepSeq.NFData Cardano.Crypto.Wallet.XPrv
instance GHC.Generics.Generic Cardano.Crypto.Wallet.XPub
instance GHC.Classes.Ord Cardano.Crypto.Wallet.XPub
instance GHC.Show.Show Cardano.Crypto.Wallet.XPub
instance GHC.Classes.Eq Cardano.Crypto.Wallet.XPub
instance Data.ByteArray.Types.ByteArrayAccess Cardano.Crypto.Wallet.XSignature
instance Data.Hashable.Class.Hashable Cardano.Crypto.Wallet.XSignature
instance Control.DeepSeq.NFData Cardano.Crypto.Wallet.XSignature
instance GHC.Classes.Ord Cardano.Crypto.Wallet.XSignature
instance GHC.Classes.Eq Cardano.Crypto.Wallet.XSignature
instance GHC.Show.Show Cardano.Crypto.Wallet.XSignature
instance Control.DeepSeq.NFData Cardano.Crypto.Wallet.XPub
instance Data.Hashable.Class.Hashable Cardano.Crypto.Wallet.XPub

module Crypto.ECC.Ed25519BIP32

-- | A Master secret is a 256 bits random quantity
type MasterSecret = FBits 256

-- | A child key is similar to the key in structure except it has an
--   additional annotation representing the indexes for the hierarchy
--   derivation indexes from a base <a>Key</a> (usually the root key)
type ChildKey (didxs :: DerivationHier) = Key

-- | A key is a 512 bit random value and a chaincode
--   
--   Left half need to have: * Lowest 3 bits clear * Highest bit clear *
--   Second highest bit set * Third highest bit clear
--   
--   Right half doesn't have any particular structure.
type Key = (FBits 256, FBits 256, ChainCode)

-- | A public part of a key
type Public = (PointCompressed, ChainCode)

-- | A point is 1 bit of x sign and 255 bit of y coordinate (y's 256th bit
--   is always 0)
type PointCompressed = FBits 256

-- | A 256 bits chain code
newtype ChainCode
ChainCode :: Bytes 32 -> ChainCode
[unChainCode] :: ChainCode -> Bytes 32

-- | A n bits Digest
newtype Hash n
Hash :: FBits n -> Hash n
[unHash] :: Hash n -> FBits n

-- | A Serialized tag used during HMAC
type Tag = Bytes 1

-- | Serialized Index
newtype SerializedIndex
SerializedIndex :: Bytes 4 -> SerializedIndex
type HMAC_SHA512 = Bytes 64
data DerivationType
Hard :: DerivationType
Soft :: DerivationType
data DerivationMaterial
ChainCodeMaterial :: DerivationMaterial
KeyMaterial :: DerivationMaterial
data DerivationIndex (k :: DerivationType) (n :: Nat)
DerivationIndex :: DerivationIndex (k :: DerivationType) (n :: Nat)
data DerivationHier
(:>) :: Nat -> DerivationHier -> DerivationHier
DerivationEnd :: DerivationHier
type MaxHardIndex = 4294967295
type MinHardIndex = 2147483648
type MaxSoftIndex = MinHardIndex - 1
type MinSoftIndex = 0
data ValidIndex :: Nat -> Type
[IsValidIndex] :: (ValidDerivationIndex n :~: 'True) -> ValidIndex n
[IsNotValidIndex] :: (ValidDerivationIndex n :~: 'False) -> ValidIndex n
data ValidHardIndex :: Nat -> Type
[IsValidHardIndex] :: (ValidDerivationHardIndex n :~: 'True) -> ValidHardIndex n
[IsNotValidHardIndex] :: (ValidDerivationHardIndex n :~: 'False) -> ValidHardIndex n
data ValidSoftIndex :: Nat -> Type
[IsValidSoftIndex] :: (ValidDerivationSoftIndex n :~: 'True) -> ValidSoftIndex n
[IsNotValidSoftIndex] :: (ValidDerivationSoftIndex n :~: 'False) -> ValidSoftIndex n
getValidIndex :: KnownNat n => Proxy n -> Maybe (ValidDerivationIndex n :~: 'True)
isValidIndex :: KnownNat n => Proxy n -> ValidIndex n
getValidHardIndex :: KnownNat n => Proxy n -> Maybe (ValidDerivationHardIndex n :~: 'True)
isValidHardIndex :: KnownNat n => Proxy n -> ValidHardIndex n
getValidSoftIndex :: KnownNat n => Proxy n -> Maybe (ValidDerivationSoftIndex n :~: 'True)
isValidSoftIndex :: KnownNat n => Proxy n -> ValidSoftIndex n
type ValidDerivationIndex (n :: Nat) = (MinSoftIndex <=? n) && (n <=? MaxHardIndex)
type ValidDerivationHardIndex (n :: Nat) = (MinHardIndex <=? n) && (n <=? MaxHardIndex)
type ValidDerivationSoftIndex (n :: Nat) = (MinSoftIndex <=? n) && (n <=? MaxSoftIndex)
type family ValidDerivationIndexForType (k :: DerivationType) (n :: Nat) :: Bool
type family DerivationTag (ty :: DerivationType) (material :: DerivationMaterial) :: Nat

-- | Check if the left half is valid
leftHalfValid :: FBits 256 -> Bool
toPublic :: Key -> Public
kToPoint :: FBits 256 -> PointCompressed
pointAdd :: PointCompressed -> PointCompressed -> PointCompressed
pointToRepr :: PointCompressed -> PointCompressed
pointFromRepr :: PointCompressed -> PointCompressed
type family BitsToHashScheme (n :: Nat)
type ValidTag tag = (0 <= tag, tag <= 3)

-- | Compute the HMAC-SHA512 using the ChainCode as the key
fcp :: forall tag idx deriveType deriveMaterial. (KnownNat (DerivationTag deriveType deriveMaterial), KnownNat idx, DerivationTag deriveType deriveMaterial ~ tag, ValidDerivationIndex idx ~ 'True, ValidDerivationIndexForType deriveType idx ~ 'True) => Proxy deriveMaterial -> Proxy deriveType -> Proxy idx -> ChainCode -> DerivationIndex deriveType idx -> [Word8] -> HMAC_SHA512
hmacSHA512 :: Bytes keyLength -> Bytes input -> HMAC_SHA512
class GetDerivationMaterial (dtype :: DerivationType) mat
getDerivationMaterial :: GetDerivationMaterial dtype mat => Proxy dtype -> mat -> [Word8]
derive :: forall dtype idx. (KnownNat (DerivationTag dtype 'KeyMaterial), KnownNat (DerivationTag dtype 'ChainCodeMaterial), KnownNat idx, ValidDerivationIndex idx ~ 'True, ValidDerivationIndexForType dtype idx ~ 'True, GetDerivationMaterial dtype Key) => DerivationIndex dtype idx -> Key -> Key
derivePublic :: forall idx dtype. (dtype ~ 'Soft, KnownNat (DerivationTag dtype 'KeyMaterial), KnownNat (DerivationTag dtype 'ChainCodeMaterial), KnownNat idx, ValidDerivationIndex idx ~ 'True, ValidDerivationIndexForType dtype idx ~ 'True, GetDerivationMaterial dtype PointCompressed) => DerivationIndex 'Soft idx -> PointCompressed -> ChainCode -> (PointCompressed, ChainCode)

-- | Given Z, return 8*ZL(28Bytes) and ZR
step2 :: Bytes 64 -> (FBits 256, FBits 256)

-- | Serialized index
indexSerialized :: forall idx. (KnownNat idx, ValidDerivationIndex idx ~ 'True) => Proxy idx -> SerializedIndex
instance GHC.Classes.Eq Crypto.ECC.Ed25519BIP32.ChainCode
instance GHC.Classes.Eq (Crypto.ECC.Ed25519BIP32.Hash n)
instance GHC.Classes.Eq Crypto.ECC.Ed25519BIP32.SerializedIndex
instance Crypto.ECC.Ed25519BIP32.GetDerivationMaterial 'Crypto.ECC.Ed25519BIP32.Soft Crypto.ECC.Ed25519BIP32.Key
instance Crypto.ECC.Ed25519BIP32.GetDerivationMaterial 'Crypto.ECC.Ed25519BIP32.Hard Crypto.ECC.Ed25519BIP32.Key
instance Crypto.ECC.Ed25519BIP32.GetDerivationMaterial 'Crypto.ECC.Ed25519BIP32.Soft Crypto.ECC.Ed25519BIP32.PointCompressed
