cryptonite-0.29: Cryptography Primitives sink
LicenseBSD-style
MaintainerOlivier Chéron <olivier.cheron@gmail.com>
Stabilityexperimental
Portabilityunknown
Safe HaskellNone
LanguageHaskell2010

Crypto.Cipher.AESGCMSIV

Description

Implementation of AES-GCM-SIV, an AEAD scheme with nonce misuse resistance defined in RFC 8452.

To achieve the nonce misuse-resistance property, encryption requires two passes on the plaintext, hence no streaming API is provided. This AEAD operates on complete inputs held in memory. For simplicity, the implementation of decryption uses a similar pattern, with performance penalty compared to an implementation which is able to merge both passes.

The specification allows inputs up to 2^36 bytes but this implementation requires AAD and plaintext/ciphertext to be both smaller than 2^32 bytes.

Synopsis

Documentation

data Nonce #

Nonce value for AES-GCM-SIV, always 12 bytes.

Instances

Instances details
Eq Nonce # 
Instance details

Defined in Crypto.Cipher.AESGCMSIV

Methods

(==) :: Nonce -> Nonce -> Bool #

(/=) :: Nonce -> Nonce -> Bool #

Show Nonce # 
Instance details

Defined in Crypto.Cipher.AESGCMSIV

Methods

showsPrec :: Int -> Nonce -> ShowS #

show :: Nonce -> String #

showList :: [Nonce] -> ShowS #

ByteArrayAccess Nonce # 
Instance details

Defined in Crypto.Cipher.AESGCMSIV

Methods

length :: Nonce -> Int #

withByteArray :: Nonce -> (Ptr p -> IO a) -> IO a #

copyByteArrayToPtr :: Nonce -> Ptr p -> IO () #

nonce :: ByteArrayAccess iv => iv -> CryptoFailable Nonce #

Nonce smart constructor. Accepts only 12-byte inputs.

generateNonce :: MonadRandom m => m Nonce #

Generate a random nonce for use with AES-GCM-SIV.

encrypt :: (BlockCipher128 aes, ByteArrayAccess aad, ByteArray ba) => aes -> Nonce -> aad -> ba -> (AuthTag, ba) #

AEAD encryption with the specified key and nonce. The key must be given as an initialized AES128 or AES256 cipher.

Lengths of additional data and plaintext must be less than 2^32 bytes, otherwise an exception is thrown.

decrypt :: (BlockCipher128 aes, ByteArrayAccess aad, ByteArray ba) => aes -> Nonce -> aad -> ba -> AuthTag -> Maybe ba #

AEAD decryption with the specified key and nonce. The key must be given as an initialized AES128 or AES256 cipher.

Lengths of additional data and ciphertext must be less than 2^32 bytes, otherwise an exception is thrown.