raaz-0.3.2: Fast and type safe cryptography.
Copyright(c) Piyush P Kurur 2016
LicenseApache-2.0 OR BSD-3-Clause
MaintainerPiyush P Kurur <ppk@iitpkd.ac.in>
Stabilityexperimental
Safe HaskellNone
LanguageHaskell2010

Raaz.AuthEncrypt.Unsafe

Description

 
Synopsis

Auth Encryption with Explicit Nounce

WARNING: The security of the interface is compromised if

  1. The key gets revealed to the attacker or
  2. If the same key/nounce pair is used to lock two different messages.
  3. Taking apart the AEAD token also compromises the type safety.

Why then do we provide these functions ? As long as you are using the raaz library exclusively, you do not need to use this unsafe function. These are only needed when working with other libraries and protocols which have a different nonunce selection policy and/or a different encoding scheme for the AEAD token.

Nounces need not be private and may be exposed to the attacker. In fact, in the safe version of these locking function, we pick the nounce at random (using the csprg) and pack it into the AEAD token.

For specific algorithms, the unsafe version is also available

  • Raaz.AuthEncrypt.Unsafe.ChaCha20Poly1305
  • Raaz.AuthEncrypt.Unsafe.XChaCha20Poly1305

The former has a smaller nounce (96-bits) than the latter (192-bits) and hence there is a slight risk in using it with randomly generated nounces. It is however, slightly faster and is safe to use when there is frequent key resets as in the case of network protocols. As with other cases we recommend the use of the default interface instead of the specific one when ever possible.

type Locked = AEAD Cipher AuthTag #

unsafeLock Source #

Arguments

:: Encodable plain 
=> Key Cipher

The key

-> Nounce Cipher

The nounce

-> plain

The object to be locked.

-> Locked 

Locks a given message but needs an explicit nounce. Reusing the key-nounce pair will compromise the security and hence using this function is unsafe. The user needs to ensure the freshness of the key, nounce pair through some other means.

Some protocols have a predefined way to pick nounces and this is the reason we provide such an interface. If that is not a concern, we recommend the use of lock instead.

unsafeLockWith :: (Encodable plain, Encodable aad) => aad -> Key Cipher -> Nounce Cipher -> plain -> Locked Source #

Similar to lockWith but an explicit nounce is taken as input. Reusing the key-nounce pair will compromise the security and hence using this function is unsafe. The user needs to ensure the freshness of the key, nounce pair through some other means.

Some protocols have a predefined way to pick nounces and this is the reason, we provide such an interface. If that is not a concern, we recommend the use of lockWith instead.

type Cipher = Prim #

type AuthTag = Prim #

unsafeToCipherText :: Locked -> ByteString Source #

Get the cipher text part of the Locked message.

unsafeToAuthTag :: Locked -> AuthTag Source #

Get the authentication token of the Locked message.

unsafeLocked Source #

Arguments

:: Nounce Cipher

The nounce used for locking this message

-> ByteString

The cipher text

-> AuthTag

the Authentication tag

-> Locked 

Construct the locked message out of the nounce, cipher text, and the authentication tag.