nettle-0.3.0: safe nettle binding

Copyright (c) 2013 Stefan Bühler MIT-style (see the file COPYING) stbuehler@web.de experimental portable None Haskell98

Crypto.Nettle.CCM

Description

(This is not a binding to nettle; it is implemented in pure haskell)

This module adds CCM support to all 128-bit block ciphers:

aeadInit AEAD_CCM = ccmInitTLS

CCM uses 2 parameters t and q: t is the tag length (2,4,6,8,10,12,14,16) and q (2..8) is the length in bytes that the length of the message is stored in (and the length of the counter variable). Maximum message length is 2^(8*q) - 1.

CCM requires a nonce of length (15 - q). TLS uses CCM with t = 16 and q = 3, and a nonce length of 12 (the first 4 bytes are fixed from the handshake, the other 8 usually represent the sequence counter).

CCM encrypts with a CTR mode, the start IV is based on the (t,q,nonce) parameters; the tag is encrypted with counter value = 0, then the message follows.

Calculating the tag needs the message length first - so this implementation needs to gather all data before calculating it.

In RFC 3610 t is called M, and q is called L.

Synopsis

# Documentation

Arguments

 :: (BlockCipher cipher, Byteable iv) => Int tag length t -> Int length q of the message length field -> cipher cipher initialized with key -> iv nonce with length 15-q -> Maybe (AEAD cipher)

Start a CCM encryption with specified tag length t, length q of the message length field and a 15-q bytes long nonce. Fails if any parameter is invalid or the block cipher doesn't use a 16-byte blockSize.

Arguments

 :: (BlockCipher cipher, Byteable iv) => cipher cipher initialized with key -> iv 8 byte nonce -> Maybe (AEAD cipher)

Start a CCM encryption with specified tag length t = 16, length q = 3 for the message length field and a 8 bytes long nonce. Fails if any parameter is invalid or the block cipher doesn't use a 16-byte blockSize. This are the parameters used for TLS.