cryptocipher-0.6.2: Symmetrical block and stream ciphers.

LicenseBSD-style
MaintainerVincent Hanquez <vincent@snarc.org>
Stabilitystable
Portabilitygood
Safe HaskellNone
LanguageHaskell98

Crypto.Cipher

Contents

Description

All the cipher functionalities are available through the BlockCipher and StreamCipher classes.

A simplified example (with simplified error handling):

import Crypto.Cipher
import Data.ByteString (ByteString)
import qualified Data.ByteString as B

initAES256 :: ByteString -> AES256
initAES256 = either (error . show) cipherInit . makeKey

cbcEncryption :: AES256 -> ByteString -> ByteString -> ByteString
cbcEncryption ctx ivRaw plainText = cbcEncrypt ctx iv plainText
  where iv = maybe (error "invalid IV") id $ ivRaw

Synopsis

Cipher classes

class Cipher cipher where

Symmetric cipher class.

Methods

cipherInit :: Key cipher -> cipher

Initialize a cipher context from a key

cipherName :: cipher -> String

Cipher name

cipherKeySize :: cipher -> KeySizeSpecifier

return the size of the key required for this cipher. Some cipher accept any size for key

Instances

class Cipher cipher => BlockCipher cipher where

Symmetric block cipher class

Minimal complete definition

blockSize, ecbEncrypt, ecbDecrypt

Methods

blockSize :: cipher -> Int

Return the size of block required for this block cipher

ecbEncrypt :: cipher -> ByteString -> ByteString

Encrypt blocks

the input string need to be multiple of the block size

ecbDecrypt :: cipher -> ByteString -> ByteString

Decrypt blocks

the input string need to be multiple of the block size

cbcEncrypt :: cipher -> IV cipher -> ByteString -> ByteString

encrypt using the CBC mode.

input need to be a multiple of the blocksize

cbcDecrypt :: cipher -> IV cipher -> ByteString -> ByteString

decrypt using the CBC mode.

input need to be a multiple of the blocksize

cfbEncrypt :: cipher -> IV cipher -> ByteString -> ByteString

encrypt using the CFB mode.

input need to be a multiple of the blocksize

cfbDecrypt :: cipher -> IV cipher -> ByteString -> ByteString

decrypt using the CFB mode.

input need to be a multiple of the blocksize

ctrCombine :: cipher -> IV cipher -> ByteString -> ByteString

combine using the CTR mode.

CTR mode produce a stream of randomized data that is combined (by XOR operation) with the input stream.

encryption and decryption are the same operation.

input can be of any size

xtsEncrypt

Arguments

:: (cipher, cipher) 
-> IV cipher

Usually represent the Data Unit (e.g. disk sector)

-> DataUnitOffset

Offset in the data unit in number of blocks

-> ByteString

Plaintext

-> ByteString

Ciphertext

encrypt using the XTS mode.

input need to be a multiple of the blocksize, and the cipher need to process 128 bits block only

xtsDecrypt

Arguments

:: (cipher, cipher) 
-> IV cipher

Usually represent the Data Unit (e.g. disk sector)

-> DataUnitOffset

Offset in the data unit in number of blocks

-> ByteString

Ciphertext

-> ByteString

Plaintext

decrypt using the XTS mode.

input need to be a multiple of the blocksize, and the cipher need to process 128 bits block only

aeadInit :: Byteable iv => AEADMode -> cipher -> iv -> Maybe (AEAD cipher)

Initialize a new AEAD State

When Nothing is returns, it means the mode is not handled.

Instances

class Cipher cipher => StreamCipher cipher where

Symmetric stream cipher class

Methods

streamCombine :: cipher -> ByteString -> (ByteString, cipher)

Combine using the stream cipher

Key

data Key c :: * -> *

a Key parametrized by the cipher

Instances

Eq (Key c) 
ToSecureMem (Key c) 
Byteable (Key c) 

makeKey :: (ToSecureMem b, Cipher c) => b -> Either KeyError (Key c)

Create a Key for a specified cipher

Initialization Vector (IV)

data IV c :: * -> *

an IV parametrized by the cipher

Instances

Eq (IV c) 
Byteable (IV c) 

makeIV :: (Byteable b, BlockCipher c) => b -> Maybe (IV c)

Create an IV for a specified block cipher

nullIV :: BlockCipher c => IV c

Create an IV that is effectively representing the number 0

ivAdd :: BlockCipher c => IV c -> Int -> IV c

Increment an IV by a number.

Assume the IV is in Big Endian format.

Authenticated Encryption with Associated Data (AEAD)

data AEAD cipher :: * -> *

Authenticated Encryption with Associated Data algorithms

aeadAppendHeader :: BlockCipher a => AEAD a -> ByteString -> AEAD a

Append associated data into the AEAD state

aeadEncrypt :: BlockCipher a => AEAD a -> ByteString -> (ByteString, AEAD a)

Encrypt input and append into the AEAD state

aeadDecrypt :: BlockCipher a => AEAD a -> ByteString -> (ByteString, AEAD a)

Decrypt input and append into the AEAD state

aeadFinalize :: BlockCipher a => AEAD a -> Int -> AuthTag

Finalize the AEAD state and create an authentification tag

Cipher implementations

data AES128 :: *

AES with 128 bit key

Instances

data AES192 :: *

AES with 192 bit key

Instances

data AES256 :: *

AES with 256 bit key

Instances

data Blowfish :: *

variable keyed blowfish state

Instances

data Blowfish64 :: *

64 bit keyed blowfish state

Instances

data Blowfish128 :: *

128 bit keyed blowfish state

Instances

data Blowfish256 :: *

256 bit keyed blowfish state

Instances

data Blowfish448 :: *

448 bit keyed blowfish state

Instances

data DES :: *

DES Context

Instances

data DES_EEE3 :: *

3DES with 3 different keys used all in the same direction

Instances

data DES_EDE3 :: *

3DES with 3 different keys used in alternative direction

Instances

data DES_EEE2 :: *

3DES where the first and third keys are equal, used in the same direction

Instances

data DES_EDE2 :: *

3DES where the first and third keys are equal, used in alternative direction

Instances

data Camellia128 :: *

Camellia block cipher with 128 bit key

Instances