Safe Haskell | None |
---|
Authenticated encryption using Skein for PRNG, KDF, stream cipher and MAC.
- data DecryptFailure
- data Encrypted a
- type Plaintext = ByteString
- data Block256
- type Nonce256 = Block256
- type Key256 = Block256
- encrypt :: Serialize a => Key256 -> a -> Encrypted a
- decrypt :: Serialize a => Key256 -> Encrypted a -> Either DecryptFailure a
- encrypt' :: Key256 -> Nonce256 -> Plaintext -> Encrypted a
- decrypt' :: Key256 -> Encrypted a -> Either DecryptFailure Plaintext
- encryptBytes :: Key256 -> ByteString -> ByteString
- decryptBytes :: Key256 -> ByteString -> Either DecryptFailure Plaintext
- generateNonce :: IO Nonce256
- toBlock :: Threefish a b => ByteString -> Maybe a
- fromBlock :: Threefish a b => a -> ByteString
Documentation
An encrypt-then-MACed value. The binary format is as follows: Bytes What 0-31 256 bit nonce 32-63 256 bit Skein-MAC 64-71 Length of cryptotext as a 64 bit little endian word. 71- Cryptotext
type Plaintext = ByteStringSource
encrypt :: Serialize a => Key256 -> a -> Encrypted aSource
Encrypt-then-MAC any serializable value. The 256 bit nonce is generated using a Skein-based PRNG seeded from the system's entropy pool. This means that two successive calls to encrypt will not yield the exact same output; however, the identity forall k, x. Right x == decrypt k (encrypt k x) will always hold.
The subkeys for encryption and MAC are generated by applying Skein-KDF to the master key, with the key identifiers crypt and mac respectively, zero padded at the end until 32 bytes.
decrypt :: Serialize a => Key256 -> Encrypted a -> Either DecryptFailure aSource
Decrypt and decode a message. Will fail if there is a MAC mismatch or if the message can't be decoded into the given data type.
encrypt' :: Key256 -> Nonce256 -> Plaintext -> Encrypted aSource
Encrypt-then-MAC a message given a key and a nonce. Note that using the same nonce more than once for a given key will completely destroy security.
decrypt' :: Key256 -> Encrypted a -> Either DecryptFailure PlaintextSource
Verify and decrypt a message.
encryptBytes :: Key256 -> ByteString -> ByteStringSource
Encrypt-then-MAC a lazy ByteString.
decryptBytes :: Key256 -> ByteString -> Either DecryptFailure PlaintextSource
Verify and decrypt a lazy ByteString.
generateNonce :: IO Nonce256Source
Generate a 256 bit nonce using the Skein PRNG.
toBlock :: Threefish a b => ByteString -> Maybe aSource
Create an appropriately sized block.
fromBlock :: Threefish a b => a -> ByteStringSource
Extract the contents of a block.