-- | Support the encryption requirements of CHK.
module Tahoe.CHK.Encrypt (encrypt, decrypt) where

import Crypto.Cipher.AES128 (AESKey128, BlockCipher (ctrLazy), zeroIV)
import qualified Data.ByteString.Lazy as LB

{- | AES128-CTR encrypt a byte string in the manner used by CHK.

 This replaces allmydata.immutable.upload.EncryptAnUploadable

 The only noteworthy piece here is that encryption starts with the zero IV.
-}
encrypt :: AESKey128 -> LB.ByteString -> LB.ByteString
encrypt :: AESKey128 -> ByteString -> ByteString
encrypt AESKey128
key ByteString
plaintext = (ByteString, IV AESKey128) -> ByteString
forall a b. (a, b) -> a
fst ((ByteString, IV AESKey128) -> ByteString)
-> (ByteString, IV AESKey128) -> ByteString
forall a b. (a -> b) -> a -> b
$ AESKey128
-> IV AESKey128 -> ByteString -> (ByteString, IV AESKey128)
forall k.
BlockCipher k =>
k -> IV k -> ByteString -> (ByteString, IV k)
ctrLazy AESKey128
key IV AESKey128
forall k. BlockCipher k => IV k
zeroIV ByteString
plaintext

-- | AES128-CTR decrypt a byte string in the manner used by CHK.
decrypt :: AESKey128 -> LB.ByteString -> LB.ByteString
decrypt :: AESKey128 -> ByteString -> ByteString
decrypt = AESKey128 -> ByteString -> ByteString
encrypt