Portability | good |
---|---|
Stability | stable |
Maintainer | Vincent Hanquez <vincent@snarc.org> |
Safe Haskell | None |
All the cipher functionalities are available through the BlockCipher and StreamCipher classes.
A simplified example (with simplified error handling):
import Crypto.Cipher import Data.ByteString (ByteString) import qualified Data.ByteString as B initAES256 :: ByteString -> AES256 initAES256 = either (error . show) cipherInit . makeKey cbcEncryption :: AES256 -> ByteString -> ByteString -> ByteString cbcEncryption ctx ivRaw plainText = cbcEncrypt ctx iv plainText where iv = maybe (error "invalid IV") id $ ivRaw
- class Cipher cipher where
- cipherInit :: Key cipher -> cipher
- cipherName :: cipher -> String
- cipherKeySize :: cipher -> KeySizeSpecifier
- class Cipher cipher => BlockCipher cipher where
- blockSize :: cipher -> Int
- ecbEncrypt :: cipher -> ByteString -> ByteString
- ecbDecrypt :: cipher -> ByteString -> ByteString
- cbcEncrypt :: cipher -> IV cipher -> ByteString -> ByteString
- cbcDecrypt :: cipher -> IV cipher -> ByteString -> ByteString
- cfbEncrypt :: cipher -> IV cipher -> ByteString -> ByteString
- cfbDecrypt :: cipher -> IV cipher -> ByteString -> ByteString
- ctrCombine :: cipher -> IV cipher -> ByteString -> ByteString
- xtsEncrypt :: (cipher, cipher) -> IV cipher -> DataUnitOffset -> ByteString -> ByteString
- xtsDecrypt :: (cipher, cipher) -> IV cipher -> DataUnitOffset -> ByteString -> ByteString
- aeadInit :: Byteable iv => AEADMode -> cipher -> iv -> Maybe (AEAD cipher)
- class Cipher cipher => StreamCipher cipher where
- streamCombine :: cipher -> ByteString -> (ByteString, cipher)
- data Key c
- makeKey :: (ToSecureMem b, Cipher c) => b -> Either KeyError (Key c)
- data IV c
- makeIV :: (Byteable b, BlockCipher c) => b -> Maybe (IV c)
- nullIV :: BlockCipher c => IV c
- ivAdd :: BlockCipher c => IV c -> Int -> IV c
- data AEAD cipher
- aeadAppendHeader :: BlockCipher a => AEAD a -> ByteString -> AEAD a
- aeadEncrypt :: BlockCipher a => AEAD a -> ByteString -> (ByteString, AEAD a)
- aeadDecrypt :: BlockCipher a => AEAD a -> ByteString -> (ByteString, AEAD a)
- aeadFinalize :: BlockCipher a => AEAD a -> Int -> AuthTag
- data AES128
- data AES192
- data AES256
- data Blowfish
- data Blowfish64
- data Blowfish128
- data Blowfish256
- data Blowfish448
- data DES
- data DES_EEE3
- data DES_EDE3
- data DES_EEE2
- data DES_EDE2
- data Camellia128
Cipher classes
class Cipher cipher where
Symmetric cipher class.
cipherInit :: Key cipher -> cipher
Initialize a cipher context from a key
cipherName :: cipher -> String
Cipher name
cipherKeySize :: cipher -> KeySizeSpecifier
return the size of the key required for this cipher. Some cipher accept any size for key
class Cipher cipher => BlockCipher cipher where
Symmetric block cipher class
Return the size of block required for this block cipher
ecbEncrypt :: cipher -> ByteString -> ByteString
Encrypt blocks
the input string need to be multiple of the block size
ecbDecrypt :: cipher -> ByteString -> ByteString
Decrypt blocks
the input string need to be multiple of the block size
cbcEncrypt :: cipher -> IV cipher -> ByteString -> ByteString
encrypt using the CBC mode.
input need to be a multiple of the blocksize
cbcDecrypt :: cipher -> IV cipher -> ByteString -> ByteString
decrypt using the CBC mode.
input need to be a multiple of the blocksize
cfbEncrypt :: cipher -> IV cipher -> ByteString -> ByteString
encrypt using the CFB mode.
input need to be a multiple of the blocksize
cfbDecrypt :: cipher -> IV cipher -> ByteString -> ByteString
decrypt using the CFB mode.
input need to be a multiple of the blocksize
ctrCombine :: cipher -> IV cipher -> ByteString -> ByteString
combine using the CTR mode.
CTR mode produce a stream of randomized data that is combined (by XOR operation) with the input stream.
encryption and decryption are the same operation.
input can be of any size
:: (cipher, cipher) | |
-> IV cipher | Usually represent the Data Unit (e.g. disk sector) |
-> DataUnitOffset | Offset in the data unit in number of blocks |
-> ByteString | Plaintext |
-> ByteString | Ciphertext |
encrypt using the XTS mode.
input need to be a multiple of the blocksize, and the cipher need to process 128 bits block only
:: (cipher, cipher) | |
-> IV cipher | Usually represent the Data Unit (e.g. disk sector) |
-> DataUnitOffset | Offset in the data unit in number of blocks |
-> ByteString | Ciphertext |
-> ByteString | Plaintext |
decrypt using the XTS mode.
input need to be a multiple of the blocksize, and the cipher need to process 128 bits block only
aeadInit :: Byteable iv => AEADMode -> cipher -> iv -> Maybe (AEAD cipher)
Initialize a new AEAD State
When Nothing is returns, it means the mode is not handled.
class Cipher cipher => StreamCipher cipher where
Symmetric stream cipher class
streamCombine :: cipher -> ByteString -> (ByteString, cipher)
Combine using the stream cipher
Key
makeKey :: (ToSecureMem b, Cipher c) => b -> Either KeyError (Key c)
Create a Key for a specified cipher
Initialization Vector (IV)
makeIV :: (Byteable b, BlockCipher c) => b -> Maybe (IV c)
Create an IV for a specified block cipher
nullIV :: BlockCipher c => IV c
Create an IV that is effectively representing the number 0
ivAdd :: BlockCipher c => IV c -> Int -> IV c
Increment an IV by a number.
Assume the IV is in Big Endian format.
Authenticated Encryption with Associated Data (AEAD)
data AEAD cipher
Authenticated Encryption with Associated Data algorithms
aeadAppendHeader :: BlockCipher a => AEAD a -> ByteString -> AEAD a
Append associated data into the AEAD state
aeadEncrypt :: BlockCipher a => AEAD a -> ByteString -> (ByteString, AEAD a)
Encrypt input and append into the AEAD state
aeadDecrypt :: BlockCipher a => AEAD a -> ByteString -> (ByteString, AEAD a)
Decrypt input and append into the AEAD state
aeadFinalize :: BlockCipher a => AEAD a -> Int -> AuthTag
Finalize the AEAD state and create an authentification tag
Cipher implementations
data DES_EEE3
3DES with 3 different keys used all in the same direction
data DES_EDE3
3DES with 3 different keys used in alternative direction
data DES_EEE2
3DES where the first and third keys are equal, used in the same direction
data DES_EDE2
3DES where the first and third keys are equal, used in alternative direction