Copyright	(c) 2013 Stefan Bühler
License	MIT-style (see the file COPYING)
Maintainer	stbuehler@web.de
Stability	experimental
Portability	portable
Safe Haskell	None
Language	Haskell98

Crypto.Nettle.CCM

Description

(This is not a binding to nettle; it is implemented in pure haskell)

This module adds CCM support to all 128-bit block ciphers:

aeadInit AEAD_CCM = ccmInitTLS

CCM uses 2 parameters t and q: t is the tag length (2,4,6,8,10,12,14,16) and q (2..8) is the length in bytes that the length of the message is stored in (and the length of the counter variable). Maximum message length is 2^(8*q) - 1.

CCM requires a nonce of length (15 - q). TLS uses CCM with t = 16 and q = 3, and a nonce length of 12 (the first 4 bytes are fixed from the handshake, the other 8 usually represent the sequence counter).

CCM encrypts with a CTR mode, the start IV is based on the (t,q,nonce) parameters; the tag is encrypted with counter value = 0, then the message follows.

Calculating the tag needs the message length first - so this implementation needs to gather all data before calculating it.

In RFC 3610 t is called M, and q is called L.

Synopsis

Documentation

ccmInit Source #

Arguments

:: (BlockCipher cipher, Byteable iv)
=> Int	tag length `t`
-> Int	length `q` of the message length field
-> cipher	cipher initialized with key
-> iv	`nonce` with length `15-q`
-> Maybe (AEAD cipher)

Start a CCM encryption with specified tag length t, length q of the message length field and a 15-q bytes long nonce. Fails if any parameter is invalid or the block cipher doesn't use a 16-byte blockSize.

ccmInitTLS Source #

Arguments

:: (BlockCipher cipher, Byteable iv)
=> cipher	cipher initialized with key
-> iv	8 byte `nonce`
-> Maybe (AEAD cipher)

Start a CCM encryption with specified tag length t = 16, length q = 3 for the message length field and a 8 bytes long nonce. Fails if any parameter is invalid or the block cipher doesn't use a 16-byte blockSize. This are the parameters used for TLS.