nettle-0.3.0: safe nettle binding

Copyright(c) 2013 Stefan Bühler
LicenseMIT-style (see the file COPYING)
Maintainerstbuehler@web.de
Stabilityexperimental
Portabilityportable
Safe HaskellNone
LanguageHaskell98

Crypto.Nettle.Ciphers

Contents

Description

This module exports ciphers supported by nettle: http://www.lysator.liu.se/~nisse/nettle/

Synopsis

Block ciphers

Only block ciphers with a 128-bit blockSize (16 bytes) support the XTS cipher mode.

For aeadInit only AEAD_GCM and AEAD_CCM (with ccmInitTLS) is supported, and only if the the blockSize is 16 bytes. In all other cases aeadInit just returns Nothing.

AES

data AES Source #

AES is the generic cipher context for the AES cipher, supporting key sizes of 128, 196 and 256 bits (16, 24 and 32 bytes). The blockSize is always 128 bits (16 bytes).

aeadInit only supports the AEAD_GCM mode for now.

ARCTWO

data ARCTWO Source #

ARCTWO (also known as the trade marked name RC2) is a block cipher specified in RFC 2268.

The default cipherInit uses ekb = bit-length of the key; arctwoInitEKB allows to specify ekb manually. arctwoInitGutmann uses ekb = 1024 (the maximum).

ARCTWO uses keysizes from 1 to 128 bytes, and uses a blockSize of 64 bits (8 bytes).

arctwoInitEKB :: Key ARCTWO -> Word -> ARCTWO Source #

Initialize cipher with an explicit ekb value (valid values from 1 to 1024, 0 meaning the same as 1024).

arctwoInitGutmann :: Key ARCTWO -> ARCTWO Source #

Initialize cipher with ekb = 1024.

BLOWFISH

Camellia

data Camellia Source #

Camellia is a block cipher developed by Mitsubishi and Nippon Telegraph and Telephone Corporation, described in RFC3713, and recommended by some Japanese and European authorities as an alternative to AES. The algorithm is patented (details see http://www.lysator.liu.se/~nisse/nettle/nettle.html).

Camellia uses a the same blockSize and key sizes as AES.

aeadInit only supports the AEAD_GCM mode for now.

CAST-128

DES

data DES Source #

DES is the old Data Encryption Standard, specified by NIST. It uses a blockSize of 64 bits (8 bytes), and a key size of 56 bits.

The key is given as 8 bytes, as one bit per byte is used as a parity bit. The parity bit is ignored by this implementation.

DES3 (EDE)

data DES_EDE3 Source #

DES_EDE3 uses 3 DES keys k1 || k2 || k3. Encryption first encrypts with k1, then decrypts with k2, then encrypts with k3.

The blockSize is the same as for DES: 64 bits (8 bytes), and the keys are simply concatenated, forming a 24 byte key string (with 168 bits actually getting used).

TWOFISH

SERPENT

data SERPENT Source #

SERPENT is one of the AES finalists, designed by Ross Anderson, Eli Biham and Lars Knudsen.

The blockSize is 128 bits (16 bytes), and the valid key sizes are from 128 bits to 256 bits (16 to 32 bytes), although smaller bits are just padded with zeroes.

aeadInit only supports the AEAD_GCM mode for now.

Stream ciphers

Nonce ciphers

class StreamCipher cipher => StreamNonceCipher cipher where Source #

StreamNonceCipher are special stream ciphers that can encrypt many messages with the same key; setting a nonce restarts the cipher.

A good value for the nonce is a message/packet counter. Usually a nonce should not be reused with the same key.

Minimal complete definition

streamNonceSize, streamSetNonce

streamSetNonceWord64 :: StreamNonceCipher cipher => cipher -> Word64 -> Maybe cipher Source #

Sets a Word64 as 8-byte nonce (bigendian encoded)

ARCFOUR

data ARCFOUR Source #

ARCFOUR is a stream cipher, also known under the trade marked name RC4.

Valid key sizes are from 1 to 256 bytes.

ChaCha

data CHACHA Source #

CHACHA is a variant of the SALSA20 stream cipher, both designed by D. J. Bernstein.

Key size is 256 bits (32 bytes).

CHACHA works similar to SALSA20; it could theoretically also support 128-bit keys, but there is no need for it as they share the same performance.

ChaCha uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.

Each message also requires a 8-byte (Word64) nonce (which is initialized to 0; you can use a message sequence number). Don't reuse a nonce with the same key.

Setting a nonce also resets the remaining padding data.

Salsa20

data SALSA20 Source #

SALSA20 is a fairly recent stream cipher designed by D. J. Bernstein.

Valid key sizes are 128 and 256 bits (16 and 32 bytes).

Salsa20 uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.

Each message also requires a 8-byte (Word64) nonce (which is initialized to 0; you can use a message sequence number). Don't reuse a nonce with the same key.

Setting a nonce also resets the remaining padding data.