| Copyright | (c) 2013 Stefan Bühler |
|---|---|
| License | MIT-style (see the file COPYING) |
| Maintainer | stbuehler@web.de |
| Stability | experimental |
| Portability | portable |
| Safe Haskell | Safe-Inferred |
| Language | Haskell98 |
Crypto.Nettle.Ciphers
Description
This module exports ciphers supported by nettle: http://www.lysator.liu.se/~nisse/nettle/
Synopsis
- data AES
- data AES128
- data AES192
- data AES256
- data ARCTWO
- arctwoInitEKB :: Key ARCTWO -> Word -> ARCTWO
- arctwoInitGutmann :: Key ARCTWO -> ARCTWO
- data BLOWFISH
- data Camellia
- data Camellia128
- data Camellia192
- data Camellia256
- data CAST128
- data DES
- data DES_EDE3
- data TWOFISH
- data SERPENT
- class StreamCipher cipher => StreamNonceCipher cipher where
- streamNonceSize :: cipher -> KeySizeSpecifier
- streamSetNonce :: cipher -> ByteString -> Maybe cipher
- streamSetNonceWord64 :: StreamNonceCipher cipher => cipher -> Word64 -> Maybe cipher
- data ARCFOUR
- data CHACHA
- data SALSA20
- data ESTREAM_SALSA20
Block ciphers
Only block ciphers with a 128-bit blockSize (16 bytes) support the XTS cipher mode.
For aeadInit only AEAD_GCM and AEAD_CCM (with ccmInitTLS) is supported, and only if the the blockSize is 16 bytes.
In all other cases aeadInit just returns Nothing.
AES
AES is the generic cipher context for the AES cipher, supporting key sizes
of 128, 196 and 256 bits (16, 24 and 32 bytes). The blockSize is always 128 bits (16 bytes).
Instances
| Cipher AES Source # | |
Defined in Crypto.Nettle.Ciphers Methods cipherInit :: Key AES -> AES Source # cipherName :: AES -> String Source # cipherKeySize :: AES -> KeySizeSpecifier Source # | |
| BlockCipher AES Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: AES -> Int Source # ecbEncrypt :: AES -> ByteString -> ByteString Source # ecbDecrypt :: AES -> ByteString -> ByteString Source # cbcEncrypt :: AES -> IV AES -> ByteString -> ByteString Source # cbcDecrypt :: AES -> IV AES -> ByteString -> ByteString Source # cfbEncrypt :: AES -> IV AES -> ByteString -> ByteString Source # cfbDecrypt :: AES -> IV AES -> ByteString -> ByteString Source # ctrCombine :: AES -> IV AES -> ByteString -> ByteString Source # xtsEncrypt :: (AES, AES) -> IV AES -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (AES, AES) -> IV AES -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> AES -> iv -> Maybe (AEAD AES) Source # | |
Instances
| Cipher AES128 Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher AES128 Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: AES128 -> Int Source # ecbEncrypt :: AES128 -> ByteString -> ByteString Source # ecbDecrypt :: AES128 -> ByteString -> ByteString Source # cbcEncrypt :: AES128 -> IV AES128 -> ByteString -> ByteString Source # cbcDecrypt :: AES128 -> IV AES128 -> ByteString -> ByteString Source # cfbEncrypt :: AES128 -> IV AES128 -> ByteString -> ByteString Source # cfbDecrypt :: AES128 -> IV AES128 -> ByteString -> ByteString Source # ctrCombine :: AES128 -> IV AES128 -> ByteString -> ByteString Source # xtsEncrypt :: (AES128, AES128) -> IV AES128 -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (AES128, AES128) -> IV AES128 -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> AES128 -> iv -> Maybe (AEAD AES128) Source # | |
Instances
| Cipher AES192 Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher AES192 Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: AES192 -> Int Source # ecbEncrypt :: AES192 -> ByteString -> ByteString Source # ecbDecrypt :: AES192 -> ByteString -> ByteString Source # cbcEncrypt :: AES192 -> IV AES192 -> ByteString -> ByteString Source # cbcDecrypt :: AES192 -> IV AES192 -> ByteString -> ByteString Source # cfbEncrypt :: AES192 -> IV AES192 -> ByteString -> ByteString Source # cfbDecrypt :: AES192 -> IV AES192 -> ByteString -> ByteString Source # ctrCombine :: AES192 -> IV AES192 -> ByteString -> ByteString Source # xtsEncrypt :: (AES192, AES192) -> IV AES192 -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (AES192, AES192) -> IV AES192 -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> AES192 -> iv -> Maybe (AEAD AES192) Source # | |
Instances
| Cipher AES256 Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher AES256 Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: AES256 -> Int Source # ecbEncrypt :: AES256 -> ByteString -> ByteString Source # ecbDecrypt :: AES256 -> ByteString -> ByteString Source # cbcEncrypt :: AES256 -> IV AES256 -> ByteString -> ByteString Source # cbcDecrypt :: AES256 -> IV AES256 -> ByteString -> ByteString Source # cfbEncrypt :: AES256 -> IV AES256 -> ByteString -> ByteString Source # cfbDecrypt :: AES256 -> IV AES256 -> ByteString -> ByteString Source # ctrCombine :: AES256 -> IV AES256 -> ByteString -> ByteString Source # xtsEncrypt :: (AES256, AES256) -> IV AES256 -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (AES256, AES256) -> IV AES256 -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> AES256 -> iv -> Maybe (AEAD AES256) Source # | |
ARCTWO
ARCTWO (also known as the trade marked name RC2) is a block cipher specified in RFC 2268.
The default cipherInit uses ekb = bit-length of the key; arctwoInitEKB allows to specify ekb manually.
arctwoInitGutmann uses ekb = 1024 (the maximum).
ARCTWO uses keysizes from 1 to 128 bytes, and uses a blockSize of 64 bits (8 bytes).
Instances
| Cipher ARCTWO Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher ARCTWO Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: ARCTWO -> Int Source # ecbEncrypt :: ARCTWO -> ByteString -> ByteString Source # ecbDecrypt :: ARCTWO -> ByteString -> ByteString Source # cbcEncrypt :: ARCTWO -> IV ARCTWO -> ByteString -> ByteString Source # cbcDecrypt :: ARCTWO -> IV ARCTWO -> ByteString -> ByteString Source # cfbEncrypt :: ARCTWO -> IV ARCTWO -> ByteString -> ByteString Source # cfbDecrypt :: ARCTWO -> IV ARCTWO -> ByteString -> ByteString Source # ctrCombine :: ARCTWO -> IV ARCTWO -> ByteString -> ByteString Source # xtsEncrypt :: (ARCTWO, ARCTWO) -> IV ARCTWO -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (ARCTWO, ARCTWO) -> IV ARCTWO -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> ARCTWO -> iv -> Maybe (AEAD ARCTWO) Source # | |
arctwoInitEKB :: Key ARCTWO -> Word -> ARCTWO Source #
Initialize cipher with an explicit ekb value (valid values from 1 to 1024, 0 meaning the same as 1024).
BLOWFISH
BLOWFISH is a block cipher designed by Bruce Schneier.
It uses a blockSize of 64 bits (8 bytes), and a variable key size from 64 to 448 bits (8 to 56 bytes).
Instances
| Cipher BLOWFISH Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher BLOWFISH Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: BLOWFISH -> Int Source # ecbEncrypt :: BLOWFISH -> ByteString -> ByteString Source # ecbDecrypt :: BLOWFISH -> ByteString -> ByteString Source # cbcEncrypt :: BLOWFISH -> IV BLOWFISH -> ByteString -> ByteString Source # cbcDecrypt :: BLOWFISH -> IV BLOWFISH -> ByteString -> ByteString Source # cfbEncrypt :: BLOWFISH -> IV BLOWFISH -> ByteString -> ByteString Source # cfbDecrypt :: BLOWFISH -> IV BLOWFISH -> ByteString -> ByteString Source # ctrCombine :: BLOWFISH -> IV BLOWFISH -> ByteString -> ByteString Source # xtsEncrypt :: (BLOWFISH, BLOWFISH) -> IV BLOWFISH -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (BLOWFISH, BLOWFISH) -> IV BLOWFISH -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> BLOWFISH -> iv -> Maybe (AEAD BLOWFISH) Source # | |
Camellia
Camellia is a block cipher developed by Mitsubishi and Nippon Telegraph and Telephone Corporation, described in RFC3713, and recommended by some Japanese and European authorities as an alternative to AES. The algorithm is patented (details see http://www.lysator.liu.se/~nisse/nettle/nettle.html).
Instances
| Cipher Camellia Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher Camellia Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: Camellia -> Int Source # ecbEncrypt :: Camellia -> ByteString -> ByteString Source # ecbDecrypt :: Camellia -> ByteString -> ByteString Source # cbcEncrypt :: Camellia -> IV Camellia -> ByteString -> ByteString Source # cbcDecrypt :: Camellia -> IV Camellia -> ByteString -> ByteString Source # cfbEncrypt :: Camellia -> IV Camellia -> ByteString -> ByteString Source # cfbDecrypt :: Camellia -> IV Camellia -> ByteString -> ByteString Source # ctrCombine :: Camellia -> IV Camellia -> ByteString -> ByteString Source # xtsEncrypt :: (Camellia, Camellia) -> IV Camellia -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (Camellia, Camellia) -> IV Camellia -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> Camellia -> iv -> Maybe (AEAD Camellia) Source # | |
data Camellia128 Source #
Camellia128 provides the same interface as Camellia, but is restricted to 128-bit keys.
Instances
data Camellia192 Source #
Camellia192 provides the same interface as Camellia, but is restricted to 192-bit keys.
Instances
data Camellia256 Source #
Camellia256 provides the same interface as Camellia, but is restricted to 256-bit keys.
Instances
CAST-128
CAST128 is a block cipher specified in RFC 2144. It uses a 64 bit (8 bytes) blockSize,
and a variable key size of 40 up to 128 bits (5 to 16 bytes).
Instances
| Cipher CAST128 Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher CAST128 Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: CAST128 -> Int Source # ecbEncrypt :: CAST128 -> ByteString -> ByteString Source # ecbDecrypt :: CAST128 -> ByteString -> ByteString Source # cbcEncrypt :: CAST128 -> IV CAST128 -> ByteString -> ByteString Source # cbcDecrypt :: CAST128 -> IV CAST128 -> ByteString -> ByteString Source # cfbEncrypt :: CAST128 -> IV CAST128 -> ByteString -> ByteString Source # cfbDecrypt :: CAST128 -> IV CAST128 -> ByteString -> ByteString Source # ctrCombine :: CAST128 -> IV CAST128 -> ByteString -> ByteString Source # xtsEncrypt :: (CAST128, CAST128) -> IV CAST128 -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (CAST128, CAST128) -> IV CAST128 -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> CAST128 -> iv -> Maybe (AEAD CAST128) Source # | |
DES
DES is the old Data Encryption Standard, specified by NIST.
It uses a blockSize of 64 bits (8 bytes), and a key size of 56 bits.
The key is given as 8 bytes, as one bit per byte is used as a parity bit. The parity bit is ignored by this implementation.
Instances
| Cipher DES Source # | |
Defined in Crypto.Nettle.Ciphers Methods cipherInit :: Key DES -> DES Source # cipherName :: DES -> String Source # cipherKeySize :: DES -> KeySizeSpecifier Source # | |
| BlockCipher DES Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: DES -> Int Source # ecbEncrypt :: DES -> ByteString -> ByteString Source # ecbDecrypt :: DES -> ByteString -> ByteString Source # cbcEncrypt :: DES -> IV DES -> ByteString -> ByteString Source # cbcDecrypt :: DES -> IV DES -> ByteString -> ByteString Source # cfbEncrypt :: DES -> IV DES -> ByteString -> ByteString Source # cfbDecrypt :: DES -> IV DES -> ByteString -> ByteString Source # ctrCombine :: DES -> IV DES -> ByteString -> ByteString Source # xtsEncrypt :: (DES, DES) -> IV DES -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (DES, DES) -> IV DES -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> DES -> iv -> Maybe (AEAD DES) Source # | |
DES3 (EDE)
DES_EDE3 uses 3 DES keys k1 || k2 || k3.
Encryption first encrypts with k1, then decrypts with k2, then encrypts with k3.
The blockSize is the same as for DES: 64 bits (8 bytes),
and the keys are simply concatenated, forming a 24 byte key string (with 168 bits actually getting used).
Instances
| Cipher DES_EDE3 Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher DES_EDE3 Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: DES_EDE3 -> Int Source # ecbEncrypt :: DES_EDE3 -> ByteString -> ByteString Source # ecbDecrypt :: DES_EDE3 -> ByteString -> ByteString Source # cbcEncrypt :: DES_EDE3 -> IV DES_EDE3 -> ByteString -> ByteString Source # cbcDecrypt :: DES_EDE3 -> IV DES_EDE3 -> ByteString -> ByteString Source # cfbEncrypt :: DES_EDE3 -> IV DES_EDE3 -> ByteString -> ByteString Source # cfbDecrypt :: DES_EDE3 -> IV DES_EDE3 -> ByteString -> ByteString Source # ctrCombine :: DES_EDE3 -> IV DES_EDE3 -> ByteString -> ByteString Source # xtsEncrypt :: (DES_EDE3, DES_EDE3) -> IV DES_EDE3 -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (DES_EDE3, DES_EDE3) -> IV DES_EDE3 -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> DES_EDE3 -> iv -> Maybe (AEAD DES_EDE3) Source # | |
TWOFISH
TWOFISH is another AES finalist, designed by Bruce Schneier and others.
Instances
| Cipher TWOFISH Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher TWOFISH Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: TWOFISH -> Int Source # ecbEncrypt :: TWOFISH -> ByteString -> ByteString Source # ecbDecrypt :: TWOFISH -> ByteString -> ByteString Source # cbcEncrypt :: TWOFISH -> IV TWOFISH -> ByteString -> ByteString Source # cbcDecrypt :: TWOFISH -> IV TWOFISH -> ByteString -> ByteString Source # cfbEncrypt :: TWOFISH -> IV TWOFISH -> ByteString -> ByteString Source # cfbDecrypt :: TWOFISH -> IV TWOFISH -> ByteString -> ByteString Source # ctrCombine :: TWOFISH -> IV TWOFISH -> ByteString -> ByteString Source # xtsEncrypt :: (TWOFISH, TWOFISH) -> IV TWOFISH -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (TWOFISH, TWOFISH) -> IV TWOFISH -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> TWOFISH -> iv -> Maybe (AEAD TWOFISH) Source # | |
SERPENT
SERPENT is one of the AES finalists, designed by Ross Anderson, Eli Biham and Lars Knudsen.
The blockSize is 128 bits (16 bytes), and the valid key sizes are from 128 bits to 256 bits (16 to 32 bytes),
although smaller bits are just padded with zeroes.
Instances
| Cipher SERPENT Source # | |
Defined in Crypto.Nettle.Ciphers | |
| BlockCipher SERPENT Source # | |
Defined in Crypto.Nettle.Ciphers Methods blockSize :: SERPENT -> Int Source # ecbEncrypt :: SERPENT -> ByteString -> ByteString Source # ecbDecrypt :: SERPENT -> ByteString -> ByteString Source # cbcEncrypt :: SERPENT -> IV SERPENT -> ByteString -> ByteString Source # cbcDecrypt :: SERPENT -> IV SERPENT -> ByteString -> ByteString Source # cfbEncrypt :: SERPENT -> IV SERPENT -> ByteString -> ByteString Source # cfbDecrypt :: SERPENT -> IV SERPENT -> ByteString -> ByteString Source # ctrCombine :: SERPENT -> IV SERPENT -> ByteString -> ByteString Source # xtsEncrypt :: (SERPENT, SERPENT) -> IV SERPENT -> DataUnitOffset -> ByteString -> ByteString Source # xtsDecrypt :: (SERPENT, SERPENT) -> IV SERPENT -> DataUnitOffset -> ByteString -> ByteString Source # aeadInit :: Byteable iv => AEADMode -> SERPENT -> iv -> Maybe (AEAD SERPENT) Source # | |
Stream ciphers
Nonce ciphers
class StreamCipher cipher => StreamNonceCipher cipher where Source #
StreamNonceCipher are special stream ciphers that can encrypt many messages with the same key;
setting a nonce restarts the cipher.
A good value for the nonce is a message/packet counter. Usually a nonce should not be reused with the same key.
Methods
streamNonceSize :: cipher -> KeySizeSpecifier Source #
streamSetNonce :: cipher -> ByteString -> Maybe cipher Source #
Instances
| StreamNonceCipher CHACHA Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamNonceSize :: CHACHA -> KeySizeSpecifier Source # streamSetNonce :: CHACHA -> ByteString -> Maybe CHACHA Source # | |
| StreamNonceCipher ESTREAM_SALSA20 Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamNonceSize :: ESTREAM_SALSA20 -> KeySizeSpecifier Source # streamSetNonce :: ESTREAM_SALSA20 -> ByteString -> Maybe ESTREAM_SALSA20 Source # | |
| StreamNonceCipher SALSA20 Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamNonceSize :: SALSA20 -> KeySizeSpecifier Source # streamSetNonce :: SALSA20 -> ByteString -> Maybe SALSA20 Source # | |
streamSetNonceWord64 :: StreamNonceCipher cipher => cipher -> Word64 -> Maybe cipher Source #
Sets a Word64 as 8-byte nonce (bigendian encoded)
ARCFOUR
ARCFOUR is a stream cipher, also known under the trade marked name RC4.
Valid key sizes are from 1 to 256 bytes.
Instances
| Cipher ARCFOUR Source # | |
Defined in Crypto.Nettle.Ciphers | |
| StreamCipher ARCFOUR Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamCombine :: ARCFOUR -> ByteString -> (ByteString, ARCFOUR) Source # | |
ChaCha
CHACHA is a variant of the SALSA20 stream cipher, both designed by D. J. Bernstein.
Key size is 256 bits (32 bytes).
CHACHA works similar to SALSA20; it could theoretically also support 128-bit keys, but there is no need for it as they share the same performance.
ChaCha uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.
Each message also requires a 8-byte (Word64) nonce (which is initialized to 0; you can use a message sequence number).
Don't reuse a nonce with the same key.
Setting a nonce also resets the remaining padding data.
Instances
| Cipher CHACHA Source # | |
Defined in Crypto.Nettle.Ciphers | |
| StreamCipher CHACHA Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamCombine :: CHACHA -> ByteString -> (ByteString, CHACHA) Source # | |
| StreamNonceCipher CHACHA Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamNonceSize :: CHACHA -> KeySizeSpecifier Source # streamSetNonce :: CHACHA -> ByteString -> Maybe CHACHA Source # | |
Salsa20
SALSA20 is a fairly recent stream cipher designed by D. J. Bernstein.
Valid key sizes are 128 and 256 bits (16 and 32 bytes).
Salsa20 uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.
Each message also requires a 8-byte (Word64) nonce (which is initialized to 0; you can use a message sequence number).
Don't reuse a nonce with the same key.
Setting a nonce also resets the remaining padding data.
Instances
| Cipher SALSA20 Source # | |
Defined in Crypto.Nettle.Ciphers | |
| StreamCipher SALSA20 Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamCombine :: SALSA20 -> ByteString -> (ByteString, SALSA20) Source # | |
| StreamNonceCipher SALSA20 Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamNonceSize :: SALSA20 -> KeySizeSpecifier Source # streamSetNonce :: SALSA20 -> ByteString -> Maybe SALSA20 Source # | |
data ESTREAM_SALSA20 Source #
ESTREAM_SALSA20 is the same as SALSA20, but uses only 12 instead of 20 rounds in mixing.
Instances
| Cipher ESTREAM_SALSA20 Source # | |
Defined in Crypto.Nettle.Ciphers Methods cipherInit :: Key ESTREAM_SALSA20 -> ESTREAM_SALSA20 Source # cipherName :: ESTREAM_SALSA20 -> String Source # cipherKeySize :: ESTREAM_SALSA20 -> KeySizeSpecifier Source # | |
| StreamCipher ESTREAM_SALSA20 Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamCombine :: ESTREAM_SALSA20 -> ByteString -> (ByteString, ESTREAM_SALSA20) Source # | |
| StreamNonceCipher ESTREAM_SALSA20 Source # | |
Defined in Crypto.Nettle.Ciphers Methods streamNonceSize :: ESTREAM_SALSA20 -> KeySizeSpecifier Source # streamSetNonce :: ESTREAM_SALSA20 -> ByteString -> Maybe ESTREAM_SALSA20 Source # | |