License	BSD-style
Maintainer	Olivier Chéron <olivier.cheron@gmail.com>
Stability	experimental
Portability	unknown
Safe Haskell	Safe-Inferred
Language	Haskell2010

Crypto.Cipher.AESGCMSIV

Description

Implementation of AES-GCM-SIV, an AEAD scheme with nonce misuse resistance defined in RFC 8452.

To achieve the nonce misuse-resistance property, encryption requires two passes on the plaintext, hence no streaming API is provided. This AEAD operates on complete inputs held in memory. For simplicity, the implementation of decryption uses a similar pattern, with performance penalty compared to an implementation which is able to merge both passes.

The specification allows inputs up to 2^36 bytes but this implementation requires AAD and plaintext/ciphertext to be both smaller than 2^32 bytes.

Synopsis

data Nonce
nonce :: ByteArrayAccess iv => iv -> CryptoFailable Nonce
generateNonce :: MonadRandom m => m Nonce
encrypt :: (BlockCipher128 aes, ByteArrayAccess aad, ByteArray ba) => aes -> Nonce -> aad -> ba -> (AuthTag, ba)
decrypt :: (BlockCipher128 aes, ByteArrayAccess aad, ByteArray ba) => aes -> Nonce -> aad -> ba -> AuthTag -> Maybe ba

Documentation

data Nonce Source #

Nonce value for AES-GCM-SIV, always 12 bytes.

Instances

Instances details

Show Nonce Source #
Instance details Defined in Crypto.Cipher.AESGCMSIV Methods showsPrec :: Int -> Nonce -> ShowS # show :: Nonce -> String # showList :: [Nonce] -> ShowS #
Eq Nonce Source #
Instance details Defined in Crypto.Cipher.AESGCMSIV Methods (==) :: Nonce -> Nonce -> Bool # (/=) :: Nonce -> Nonce -> Bool #
ByteArrayAccess Nonce Source #
Instance details Defined in Crypto.Cipher.AESGCMSIV Methods length :: Nonce -> Int # withByteArray :: Nonce -> (Ptr p -> IO a) -> IO a # copyByteArrayToPtr :: Nonce -> Ptr p -> IO () #

nonce :: ByteArrayAccess iv => iv -> CryptoFailable Nonce Source #

Nonce smart constructor. Accepts only 12-byte inputs.

generateNonce :: MonadRandom m => m Nonce Source #

Generate a random nonce for use with AES-GCM-SIV.

encrypt :: (BlockCipher128 aes, ByteArrayAccess aad, ByteArray ba) => aes -> Nonce -> aad -> ba -> (AuthTag, ba) Source #

AEAD encryption with the specified key and nonce. The key must be given as an initialized AES128 or AES256 cipher.

Lengths of additional data and plaintext must be less than 2^32 bytes, otherwise an exception is thrown.

decrypt :: (BlockCipher128 aes, ByteArrayAccess aad, ByteArray ba) => aes -> Nonce -> aad -> ba -> AuthTag -> Maybe ba Source #

AEAD decryption with the specified key and nonce. The key must be given as an initialized AES128 or AES256 cipher.

Lengths of additional data and ciphertext must be less than 2^32 bytes, otherwise an exception is thrown.