cryptonite-0.27: Cryptography Primitives sink
License BSD-style
Maintainer Vincent Hanquez <vincent@snarc.org>
Stability stable
Portability good
Safe Haskell None
Language Haskell2010

Crypto.Cipher.ChaChaPoly1305

Description

A simple AEAD scheme using ChaCha20 and Poly1305. See RFC 7539 .

The State is not modified in place, so each function changing the State, returns a new State.

Authenticated Data need to be added before any call to encrypt or decrypt , and once all the data has been added, then finalizeAAD need to be called.

Once finalizeAAD has been called, no further appendAAD call should be make.

import Data.ByteString.Char8 as B
import Data.ByteArray
import Crypto.Error
import Crypto.Cipher.ChaChaPoly1305 as C

encrypt
    :: ByteString -- nonce (12 random bytes)
    -> ByteString -- symmetric key
    -> ByteString -- optional associated data (won't be encrypted)
    -> ByteString -- input plaintext to be encrypted
    -> CryptoFailable ByteString -- ciphertext with a 128-bit tag attached
encrypt nonce key header plaintext = do
    st1 <- C.nonce12 nonce >>= C.initialize key
    let
        st2 = C.finalizeAAD $ C.appendAAD header st1
        (out, st3) = C.encrypt plaintext st2
        auth = C.finalize st3
    return $ out `B.append` Data.ByteArray.convert auth
Synopsis

Documentation

data State Source #

A ChaChaPoly1305 State.

The state is immutable, and only new state can be created

nonce12 :: ByteArrayAccess iv => iv -> CryptoFailable Nonce Source #

Nonce smart constructor 12 bytes IV, nonce constructor

nonce8 Source #

Arguments

:: ByteArrayAccess ba
=> ba

4 bytes constant

-> ba

8 bytes IV

-> CryptoFailable Nonce

8 bytes IV, nonce constructor

initialize :: ByteArrayAccess key => key -> Nonce -> CryptoFailable State Source #

Initialize a new ChaChaPoly1305 State

The key length need to be 256 bits, and the nonce procured using either nonce8 or nonce12

appendAAD :: ByteArrayAccess ba => ba -> State -> State Source #

Append Authenticated Data to the State and return the new modified State.

Once no further call to this function need to be make, the user should call finalizeAAD

finalizeAAD :: State -> State Source #

Finalize the Authenticated Data and return the finalized State

encrypt :: ByteArray ba => ba -> State -> (ba, State ) Source #

Encrypt a piece of data and returns the encrypted Data and the updated State.

decrypt :: ByteArray ba => ba -> State -> (ba, State ) Source #

Decrypt a piece of data and returns the decrypted Data and the updated State.

finalize :: State -> Auth Source #

Generate an authentication tag from the State.