cryptonite-0.30: Cryptography Primitives sink
LicenseBSD-style
MaintainerOlivier Chéron <olivier.cheron@gmail.com>
Stabilityexperimental
Portabilityunknown
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.Cipher.AESGCMSIV

Description

Implementation of AES-GCM-SIV, an AEAD scheme with nonce misuse resistance defined in RFC 8452.

To achieve the nonce misuse-resistance property, encryption requires two passes on the plaintext, hence no streaming API is provided. This AEAD operates on complete inputs held in memory. For simplicity, the implementation of decryption uses a similar pattern, with performance penalty compared to an implementation which is able to merge both passes.

The specification allows inputs up to 2^36 bytes but this implementation requires AAD and plaintext/ciphertext to be both smaller than 2^32 bytes.

Synopsis

Documentation

data Nonce Source #

Nonce value for AES-GCM-SIV, always 12 bytes.

Instances

Instances details
Show Nonce Source # 
Instance details

Defined in Crypto.Cipher.AESGCMSIV

Methods

showsPrec :: Int -> Nonce -> ShowS #

show :: Nonce -> String #

showList :: [Nonce] -> ShowS #

Eq Nonce Source # 
Instance details

Defined in Crypto.Cipher.AESGCMSIV

Methods

(==) :: Nonce -> Nonce -> Bool #

(/=) :: Nonce -> Nonce -> Bool #

ByteArrayAccess Nonce Source # 
Instance details

Defined in Crypto.Cipher.AESGCMSIV

Methods

length :: Nonce -> Int Source #

withByteArray :: Nonce -> (Ptr p -> IO a) -> IO a Source #

copyByteArrayToPtr :: Nonce -> Ptr p -> IO () Source #

nonce :: ByteArrayAccess iv => iv -> CryptoFailable Nonce Source #

Nonce smart constructor. Accepts only 12-byte inputs.

generateNonce :: MonadRandom m => m Nonce Source #

Generate a random nonce for use with AES-GCM-SIV.

encrypt :: (BlockCipher128 aes, ByteArrayAccess aad, ByteArray ba) => aes -> Nonce -> aad -> ba -> (AuthTag, ba) Source #

AEAD encryption with the specified key and nonce. The key must be given as an initialized AES128 or AES256 cipher.

Lengths of additional data and plaintext must be less than 2^32 bytes, otherwise an exception is thrown.

decrypt :: (BlockCipher128 aes, ByteArrayAccess aad, ByteArray ba) => aes -> Nonce -> aad -> ba -> AuthTag -> Maybe ba Source #

AEAD decryption with the specified key and nonce. The key must be given as an initialized AES128 or AES256 cipher.

Lengths of additional data and ciphertext must be less than 2^32 bytes, otherwise an exception is thrown.