Copyright	(c) Leo D 2023
License	BSD-3-Clause
Maintainer	leo@apotheca.io
Stability	experimental
Portability	POSIX
Safe Haskell	Safe-Inferred
Language	Haskell2010

Botan.Low.BlockCipher

Contents

Block ciphers
Usage
64-bit block ciphers
128-bit block ciphers
256-bit block ciphers
512-bit block ciphers
Convenience

Description

This is a ‘raw’ interface to ECB mode block ciphers. Most applications want the higher level cipher API which provides authenticated encryption. This API exists as an escape hatch for applications which need to implement custom primitives using a PRP.

Synopsis

newtype BlockCipher = MkBlockCipher {
- getBlockCipherForeignPtr :: ForeignPtr BotanBlockCipherStruct
}
type BlockCipherName = ByteString
type BlockCipher128Name = BlockCipherName
type BlockCipherKey = ByteString
type BlockCipherCiphertext = ByteString
withBlockCipher :: BlockCipher -> (BotanBlockCipher -> IO a) -> IO a
blockCipherInit :: BlockCipherName -> IO BlockCipher
blockCipherDestroy :: BlockCipher -> IO ()
blockCipherName :: BlockCipher -> IO BlockCipherName
blockCipherBlockSize :: BlockCipher -> IO Int
blockCipherGetKeyspec :: BlockCipher -> IO (Int, Int, Int)
blockCipherSetKey :: BlockCipher -> BlockCipherKey -> IO ()
blockCipherEncryptBlocks :: BlockCipher -> ByteString -> IO BlockCipherCiphertext
blockCipherDecryptBlocks :: BlockCipher -> BlockCipherCiphertext -> IO ByteString
blockCipherClear :: BlockCipher -> IO ()
pattern Blowfish :: BlockCipherName
pattern CAST128 :: BlockCipherName
pattern DES :: BlockCipherName
pattern TripleDES :: BlockCipherName
pattern GOST_28147_89 :: BlockCipherName
pattern IDEA :: BlockCipherName
pattern AES128 :: BlockCipher128Name
pattern AES192 :: BlockCipher128Name
pattern AES256 :: BlockCipher128Name
pattern ARIA128 :: BlockCipher128Name
pattern ARIA192 :: BlockCipher128Name
pattern ARIA256 :: BlockCipher128Name
pattern Camellia128 :: BlockCipher128Name
pattern Camellia192 :: BlockCipher128Name
pattern Camellia256 :: BlockCipher128Name
pattern Noekeon :: BlockCipher128Name
pattern SEED :: BlockCipher128Name
pattern SM4 :: BlockCipher128Name
pattern Serpent :: BlockCipher128Name
pattern Twofish :: BlockCipher128Name
pattern SHACAL2 :: BlockCipherName
pattern Threefish512 :: BlockCipherName
blockCiphers :: [BlockCipherName]
blockCipher128s :: [BlockCipher128Name]
allBlockCiphers :: [BlockCipherName]

Block ciphers

A `block cipher` is a deterministic, cryptographic primitive suitable for encrypting or decrypting a single, fixed-size block of data at a time. Block ciphers are used as building blocks for more complex cryptographic operations. If you are looking to encrypt user data, you are probably looking for Cipher instead.

Usage

Unless you need a specific block cipher, it is strongly recommended that you use the AES256 algorithm.

import Botan.Low.BlockCipher
blockCipher <- blockCipherInit AES256

To use a block cipher, we first need to generate (if we haven't already) a secret key.

import Botan.Low.RNG
rng <- rngInit "user"
-- We will use the maximum key size; AES256 keys are always 16 bytes
(_,keySize,_) <- blockCipherGetKeyspec blockCipher
-- Block cipher keys are randomly generated
key <- rngGet rng keySize

After the key is generated, we must set it as the block cipher key:

blockCipherSetKey blockCipher key

To encrypt a message, it must be a multiple of the block size.

blockSize <- blockCipherBlockSize blockCipher
-- AES256 block size is always 16 bytes
message = "0000DEADBEEF0000" :: ByteString
ciphertext <- blockCipherEncryptBlocks blockCipher message

To decrypt a message, simply reverse the process:

plaintext <- blockCipherDecryptBlocks blockCipher ciphertext
message == plaintext -- True

newtype BlockCipher Source #

A mutable block cipher object

Constructors

MkBlockCipher
Fields getBlockCipherForeignPtr :: ForeignPtr BotanBlockCipherStruct

type BlockCipherName = ByteString Source #

Block cipher name type

type BlockCipher128Name = BlockCipherName Source #

128-bit block cipher name type

type BlockCipherKey = ByteString Source #

A block cipher secret key

type BlockCipherCiphertext = ByteString Source #

A block cipher ciphertext

withBlockCipher :: BlockCipher -> (BotanBlockCipher -> IO a) -> IO a Source #

blockCipherInit Source #

Arguments

:: BlockCipherName	cipher_name
-> IO BlockCipher	bc

Initialize a block cipher object

blockCipherDestroy :: BlockCipher -> IO () Source #

Destroy a block cipher object immediately

blockCipherName Source #

Arguments

:: BlockCipher	bc
-> IO BlockCipherName	name

Get the name of a block cipher.

This function is not guaranteed to return the same exact value as used to initialize the context.

blockCipherBlockSize Source #

Arguments

:: BlockCipher	bc: The cipher object
-> IO Int

Return the block size of a block cipher.

blockCipherGetKeyspec Source #

Arguments

:: BlockCipher	bc
-> IO (Int, Int, Int)	(min,max,mod)

Get the key specification of a block cipher

Returns the minimum, maximum, and modulo of valid keys.

blockCipherSetKey Source #

Arguments

:: BlockCipher	bc: The cipher object
-> BlockCipherKey	key[]: A cipher key
-> IO ()

Set the key for a block cipher

Throws an error if the key is not valid.

blockCipherEncryptBlocks Source #

Arguments

:: BlockCipher	bc: The cipher object
-> ByteString	in[]: The plaintext
-> IO BlockCipherCiphertext	out[]: The ciphertext

Warning: The plaintext length should be a multiple of the block size.

Encrypt one or more blocks with a block cipher

The plaintext length should be a multiple of the block size.

blockCipherDecryptBlocks Source #

Arguments

:: BlockCipher	bc: The cipher object
-> BlockCipherCiphertext	in[]: The ciphertext
-> IO ByteString	out[]: The plaintext

Warning: The ciphertext length should be a multiple of the block size.

Decrypt one or more blocks with a block cipher.

The ciphertext length should be a multiple of the block size.

If an incorrect key was set, the content of the decrypted plaintext is unspecified.

blockCipherClear Source #

Arguments

:: BlockCipher	bc: The cipher object
-> IO ()

Reinitializes a block cipher

You must call blockCipherSetKey in order to use the block cipher again.

64-bit block ciphers

pattern Blowfish :: BlockCipherName Source #

pattern CAST128 :: BlockCipherName Source #

pattern DES :: BlockCipherName Source #

pattern TripleDES :: BlockCipherName Source #

pattern GOST_28147_89 :: BlockCipherName Source #

pattern IDEA :: BlockCipherName Source #

128-bit block ciphers

pattern AES128 :: BlockCipher128Name Source #

pattern AES192 :: BlockCipher128Name Source #

pattern AES256 :: BlockCipher128Name Source #

pattern ARIA128 :: BlockCipher128Name Source #

pattern ARIA192 :: BlockCipher128Name Source #

pattern ARIA256 :: BlockCipher128Name Source #

pattern Camellia128 :: BlockCipher128Name Source #

pattern Camellia192 :: BlockCipher128Name Source #

pattern Camellia256 :: BlockCipher128Name Source #

pattern Noekeon :: BlockCipher128Name Source #

pattern SEED :: BlockCipher128Name Source #

pattern SM4 :: BlockCipher128Name Source #

pattern Serpent :: BlockCipher128Name Source #

pattern Twofish :: BlockCipher128Name Source #

256-bit block ciphers

pattern SHACAL2 :: BlockCipherName Source #

512-bit block ciphers

pattern Threefish512 :: BlockCipherName Source #

Convenience

blockCiphers :: [BlockCipherName] Source #

blockCipher128s :: [BlockCipher128Name] Source #

allBlockCiphers :: [BlockCipherName] Source #