nettle-0.3.0: safe nettle binding

Copyright(c) 2013 Stefan Bühler
LicenseMIT-style (see the file COPYING)
Maintainerstbuehler@web.de
Stabilityexperimental
Portabilityportable
Safe HaskellNone
LanguageHaskell98

Crypto.Nettle.Ciphers

Contents

Description

This module exports ciphers supported by nettle: http://www.lysator.liu.se/~nisse/nettle/

Synopsis

Block ciphers

Only block ciphers with a 128-bit blockSize (16 bytes) support the XTS cipher mode.

For aeadInit only AEAD_GCM and AEAD_CCM (with ccmInitTLS) is supported, and only if the the blockSize is 16 bytes. In all other cases aeadInit just returns Nothing.

AES

data AES Source #

AES is the generic cipher context for the AES cipher, supporting key sizes of 128, 196 and 256 bits (16, 24 and 32 bytes). The blockSize is always 128 bits (16 bytes).

aeadInit only supports the AEAD_GCM mode for now.

Instances

data AES128 Source #

AES128 provides the same interface as AES, but is restricted to 128-bit keys.

Instances

data AES192 Source #

AES192 provides the same interface as AES, but is restricted to 192-bit keys.

Instances

data AES256 Source #

AES256 provides the same interface as AES, but is restricted to 256-bit keys.

Instances

ARCTWO

data ARCTWO Source #

ARCTWO (also known as the trade marked name RC2) is a block cipher specified in RFC 2268.

The default cipherInit uses ekb = bit-length of the key; arctwoInitEKB allows to specify ekb manually. arctwoInitGutmann uses ekb = 1024 (the maximum).

ARCTWO uses keysizes from 1 to 128 bytes, and uses a blockSize of 64 bits (8 bytes).

Instances

arctwoInitEKB :: Key ARCTWO -> Word -> ARCTWO Source #

Initialize cipher with an explicit ekb value (valid values from 1 to 1024, 0 meaning the same as 1024).

arctwoInitGutmann :: Key ARCTWO -> ARCTWO Source #

Initialize cipher with ekb = 1024.

BLOWFISH

data BLOWFISH Source #

BLOWFISH is a block cipher designed by Bruce Schneier. It uses a blockSize of 64 bits (8 bytes), and a variable key size from 64 to 448 bits (8 to 56 bytes).

Instances

Camellia

data Camellia Source #

Camellia is a block cipher developed by Mitsubishi and Nippon Telegraph and Telephone Corporation, described in RFC3713, and recommended by some Japanese and European authorities as an alternative to AES. The algorithm is patented (details see http://www.lysator.liu.se/~nisse/nettle/nettle.html).

Camellia uses a the same blockSize and key sizes as AES.

aeadInit only supports the AEAD_GCM mode for now.

Instances

data Camellia128 Source #

Camellia128 provides the same interface as Camellia, but is restricted to 128-bit keys.

Instances

data Camellia192 Source #

Camellia192 provides the same interface as Camellia, but is restricted to 192-bit keys.

Instances

data Camellia256 Source #

Camellia256 provides the same interface as Camellia, but is restricted to 256-bit keys.

Instances

CAST-128

data CAST128 Source #

CAST128 is a block cipher specified in RFC 2144. It uses a 64 bit (8 bytes) blockSize, and a variable key size of 40 up to 128 bits (5 to 16 bytes).

Instances

DES

data DES Source #

DES is the old Data Encryption Standard, specified by NIST. It uses a blockSize of 64 bits (8 bytes), and a key size of 56 bits.

The key is given as 8 bytes, as one bit per byte is used as a parity bit. The parity bit is ignored by this implementation.

Instances

DES3 (EDE)

data DES_EDE3 Source #

DES_EDE3 uses 3 DES keys k1 || k2 || k3. Encryption first encrypts with k1, then decrypts with k2, then encrypts with k3.

The blockSize is the same as for DES: 64 bits (8 bytes), and the keys are simply concatenated, forming a 24 byte key string (with 168 bits actually getting used).

Instances

TWOFISH

data TWOFISH Source #

TWOFISH is another AES finalist, designed by Bruce Schneier and others.

TWOFISH uses a the same blockSize and key sizes as AES.

aeadInit only supports the AEAD_GCM mode for now.

Instances

SERPENT

data SERPENT Source #

SERPENT is one of the AES finalists, designed by Ross Anderson, Eli Biham and Lars Knudsen.

The blockSize is 128 bits (16 bytes), and the valid key sizes are from 128 bits to 256 bits (16 to 32 bytes), although smaller bits are just padded with zeroes.

aeadInit only supports the AEAD_GCM mode for now.

Instances

Stream ciphers

Nonce ciphers

class StreamCipher cipher => StreamNonceCipher cipher where Source #

StreamNonceCipher are special stream ciphers that can encrypt many messages with the same key; setting a nonce restarts the cipher.

A good value for the nonce is a message/packet counter. Usually a nonce should not be reused with the same key.

Minimal complete definition

streamNonceSize, streamSetNonce

Methods

streamNonceSize :: cipher -> KeySizeSpecifier Source #

streamSetNonce :: cipher -> B.ByteString -> Maybe cipher Source #

Instances

streamSetNonceWord64 :: StreamNonceCipher cipher => cipher -> Word64 -> Maybe cipher Source #

Sets a Word64 as 8-byte nonce (bigendian encoded)

ARCFOUR

data ARCFOUR Source #

ARCFOUR is a stream cipher, also known under the trade marked name RC4.

Valid key sizes are from 1 to 256 bytes.

Instances

ChaCha

data CHACHA Source #

CHACHA is a variant of the SALSA20 stream cipher, both designed by D. J. Bernstein.

Key size is 256 bits (32 bytes).

CHACHA works similar to SALSA20; it could theoretically also support 128-bit keys, but there is no need for it as they share the same performance.

ChaCha uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.

Each message also requires a 8-byte (Word64) nonce (which is initialized to 0; you can use a message sequence number). Don't reuse a nonce with the same key.

Setting a nonce also resets the remaining padding data.

Instances

Salsa20

data SALSA20 Source #

SALSA20 is a fairly recent stream cipher designed by D. J. Bernstein.

Valid key sizes are 128 and 256 bits (16 and 32 bytes).

Salsa20 uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.

Each message also requires a 8-byte (Word64) nonce (which is initialized to 0; you can use a message sequence number). Don't reuse a nonce with the same key.

Setting a nonce also resets the remaining padding data.

Instances

data ESTREAM_SALSA20 Source #

ESTREAM_SALSA20 is the same as SALSA20, but uses only 12 instead of 20 rounds in mixing.

Instances