Portability  portable 

Stability  experimental 
Maintainer  stbuehler@web.de 
Safe Haskell  None 
(This is not a binding to nettle; it is implemented in pure haskell)
This module adds CCM support to all 128bit block ciphers:
aeadInit AEAD_CCM = ccmInitTLS
CCM uses 2 parameters t and q: t is the tag length (2,4,6,8,10,12,14,16) and q (2..8) is the
length in bytes that the length of the message is stored in (and the length of the
counter variable).
Maximum message length is 2^(8*q)  1
.
CCM requires a nonce of length (15  q). TLS uses CCM with t = 16
and q = 3
,
and a nonce length of 12 (the first 4 bytes are fixed from the handshake, the other 8
usually represent the sequence counter).
CCM encrypts with a CTR mode, the start IV is based on the (t,q,nonce) parameters; the tag is encrypted with counter value = 0, then the message follows.
Calculating the tag needs the message length first  so this implementation needs to gather all data before calculating it.
In RFC 3610 t
is called M
, and q
is called L
.
 ccmInit :: (BlockCipher cipher, Byteable iv) => Int > Int > cipher > iv > Maybe (AEAD cipher)
 ccmInitTLS :: (BlockCipher cipher, Byteable iv) => cipher > iv > Maybe (AEAD cipher)
Documentation
:: (BlockCipher cipher, Byteable iv)  
=> Int  tag length 
> Int  length 
> cipher  cipher initialized with key 
> iv 

> Maybe (AEAD cipher) 
Start a CCM encryption with specified tag length t
, length q
of the message length field and a 15q
bytes long nonce
.
Fails if any parameter is invalid or the block cipher doesn't use a 16byte blockSize
.
:: (BlockCipher cipher, Byteable iv)  
=> cipher  cipher initialized with key 
> iv  8 byte 
> Maybe (AEAD cipher) 
Start a CCM encryption with specified tag length t = 16
, length q = 3
for the message length field and a 8
bytes long nonce
.
Fails if any parameter is invalid or the block cipher doesn't use a 16byte blockSize
.
This are the parameters used for TLS.