-- Hoogle documentation, generated by Haddock -- See Hoogle, http://www.haskell.org/hoogle/ -- | safe nettle binding -- -- safe binding for the nettle -- (http://www.lysator.liu.se/~nisse/nettle/nettle.html) library. -- Tested with 3.1.1, might work with 3.0, does NOT WORK with 2.x. @package nettle @version 0.2.0 -- | Generic interface to calculate key based hashes. module Crypto.Nettle.KeyedHash -- | KeyedHashAlgorithm is a class for keyed hash algorithms that -- take a key and a message to produce a digest. The most popular example -- is HMAC. class KeyedHashAlgorithm k where implKeyedHashUpdateLazy k = foldl' implKeyedHashUpdate k . toChunks -- | Digest size in bytes the keyed hash algorithm returns implKeyedHashDigestSize :: KeyedHashAlgorithm k => Tagged k Int -- | Name implKeyedHashName :: KeyedHashAlgorithm k => Tagged k String -- | Initialize state from a key implKeyedHashInit :: KeyedHashAlgorithm k => ByteString -> k -- | Add more message data to the state implKeyedHashUpdate :: KeyedHashAlgorithm k => k -> ByteString -> k -- | Add more lazy message data to the state implKeyedHashUpdateLazy :: KeyedHashAlgorithm k => k -> ByteString -> k -- | Produce final digest implKeyedHashFinalize :: KeyedHashAlgorithm k => k -> ByteString -- | KeyedHash hides the KeyedHashAlgorithm implementation. data KeyedHash KeyedHash :: !k -> KeyedHash -- | Untagged variant of implKeyedHashDigestSize; takes a (possible -- undefined) key typed value from a KeyedHashAlgorithm -- instance as parameter. keyedHashDigestSize :: KeyedHashAlgorithm k => k -> Int -- | Get implKeyedHashDigestSize from a KeyedHash keyedHashDigestSize' :: KeyedHash -> Int -- | Untagged variant of implKeyedHashName; takes a (possible -- undefined) key typed value from a KeyedHashAlgorithm -- instance as parameter. keyedHashName :: KeyedHashAlgorithm k => k -> String -- | Get implKeyedHashName from a KeyedHash keyedHashName' :: KeyedHash -> String -- | Initialize a KeyedHash context from a key keyedHashInit :: KeyedHashAlgorithm k => ByteString -> Tagged k KeyedHash -- | Untagged variant of keyedHashInit; takes a (possible -- undefined) key typed value from a KeyedHashAlgorithm -- instance as parameter. keyedHashInit' :: KeyedHashAlgorithm k => k -> ByteString -> KeyedHash -- | Add more message data to the context keyedHashUpdate :: KeyedHash -> ByteString -> KeyedHash -- | Add more lazy message data to the context keyedHashUpdateLazy :: KeyedHash -> ByteString -> KeyedHash -- | Produce final digest keyedHashFinalize :: KeyedHash -> ByteString -- | Helper to hash key and message in one step -- -- Example: -- -- 
--   untag (keyedHash (fromString "secretkey") (fromString "secret message") :: Tagged (HMAC SHA256) B.ByteString)
--
keyedHash :: KeyedHashAlgorithm k => ByteString -> ByteString -> Tagged k ByteString -- | Untagged variant of keyedHash; takes a (possible -- undefined) key typed value from a KeyedHashAlgorithm -- instance as parameter. -- -- Example: -- -- 
--   keyedHash' (undefined :: HMAC SHA256) (fromString "secretkey") (fromString "secret message")
--
keyedHash' :: KeyedHashAlgorithm k => k -> ByteString -> ByteString -> ByteString -- | Helper to hash key and lazy message in one step -- -- Example: -- -- 
--   untag (keyedHashLazy (fromString "secretkey") (fromString "secret message") :: Tagged (HMAC SHA256) B.ByteString)
--
keyedHashLazy :: KeyedHashAlgorithm k => ByteString -> ByteString -> Tagged k ByteString -- | Untagged variant of keyedHashLazy; takes a (possible -- undefined) key typed value from a KeyedHashAlgorithm -- instance as parameter. -- -- Example: -- -- 
--   keyedHashLazy' (undefined :: HMAC SHA256) (fromString "secretkey") (fromString "secret message")
--
keyedHashLazy' :: KeyedHashAlgorithm k => k -> ByteString -> ByteString -> ByteString -- | Generic HMAC implementation based on the HashAlgorithm class, -- implementing the KeyedHashAlgorithm class. module Crypto.Nettle.HMAC -- | HMAC is a generic KeyedHashAlgorithm instance to -- calculate the HMAC based on a HashAlgorithm data HMAC a -- | hmacInit is the default implementation for hashHMAC and -- initializes a KeyedHash to calculate the HMAC for a message -- with the given key. -- -- Example: -- -- 
--   let c = untag (hmacInit (fromString "secretkey") :: Tagged SHA256 KeyedHash) in keyedHashFinalize $ keyedHashUpdate c (fromString "secret message")
--
hmacInit :: HashAlgorithm a => ByteString -> Tagged a KeyedHash -- | Untagged variant of hmacInit; takes a (possible -- undefined) typed HashAlgorithm context as parameter. -- -- Example: -- -- 
--   keyedHashFinalize $ flip keyedHashUpdate (fromString "secret message") $ hmacInit' (undefined :: SHA256) (fromString "secretkey")
--
hmacInit' :: HashAlgorithm a => a -> ByteString -> KeyedHash -- | calculate HMAC with a HashAlgorithm for a key and -- message -- -- Example: -- -- 
--   untag (hmac (fromString "secretkey") (fromString "secret message") :: Tagged SHA256 B.ByteString)
--
hmac :: HashAlgorithm a => ByteString -> ByteString -> Tagged a ByteString -- | Untagged variant of hmac; takes a (possible undefined) -- typed HashAlgorithm context as parameter. -- -- Example: -- -- 
--   hmac' (undefined :: SHA256) (fromString "secretkey") (fromString "secret message")
--
hmac' :: HashAlgorithm a => a -> ByteString -> ByteString -> ByteString -- | calculate HMAC with a HashAlgorithm for a key and lazy -- message -- -- Example: -- -- 
--   untag (hmacLazy (fromString "secretkey") (fromString "secret message") :: Tagged SHA256 B.ByteString)
--
hmacLazy :: HashAlgorithm a => ByteString -> ByteString -> Tagged a ByteString -- | Untagged variant of hmacLazy; takes a (possible -- undefined) typed HashAlgorithm context as parameter. -- -- Example: -- -- 
--   hmacLazy' (undefined :: SHA256) (fromString "secretkey") (fromString "secret message")
--
hmacLazy' :: HashAlgorithm a => a -> ByteString -> ByteString -> ByteString -- | (This is not a binding to nettle; it is implemented in pure haskell) -- -- This module adds CCM support to all 128-bit block ciphers: -- -- 
--   aeadInit AEAD_CCM = ccmInitTLS
--
-- -- CCM uses 2 parameters t and q: t is the tag length -- (2,4,6,8,10,12,14,16) and q (2..8) is the length in bytes that the -- length of the message is stored in (and the length of the counter -- variable). Maximum message length is 2^(8*q) - 1. -- -- CCM requires a nonce of length (15 - q). TLS uses CCM with t = -- 16 and q = 3, and a nonce length of 12 (the first 4 -- bytes are fixed from the handshake, the other 8 usually represent the -- sequence counter). -- -- CCM encrypts with a CTR mode, the start IV is based on the (t,q,nonce) -- parameters; the tag is encrypted with counter value = 0, then the -- message follows. -- -- Calculating the tag needs the message length first - so this -- implementation needs to gather all data before calculating it. -- -- In RFC 3610 t is called M, and q is called -- L. module Crypto.Nettle.CCM -- | Start a CCM encryption with specified tag length t, length -- q of the message length field and a 15-q bytes long -- nonce. Fails if any parameter is invalid or the block cipher -- doesn't use a 16-byte blockSize. ccmInit :: (BlockCipher cipher, Byteable iv) => Int -> Int -> cipher -> iv -> Maybe (AEAD cipher) -- | Start a CCM encryption with specified tag length t = 16, -- length q = 3 for the message length field and a 8 -- bytes long nonce. Fails if any parameter is invalid or the -- block cipher doesn't use a 16-byte blockSize. This are the -- parameters used for TLS. ccmInitTLS :: (BlockCipher cipher, Byteable iv) => cipher -> iv -> Maybe (AEAD cipher) instance Crypto.Cipher.Types.Block.BlockCipher cipher => Crypto.Cipher.Types.Block.AEADModeImpl cipher (Crypto.Nettle.CCM.CCM cipher) -- | This module exports hash algorithms supported by nettle: -- http://www.lysator.liu.se/~nisse/nettle/ module Crypto.Nettle.Hash -- | HashAlgorithm is a class that hash algorithms will implement. -- generating a digest is a 3 step procedure: -- -- -- -- The final digest has hashDigestSize bytes, and the algorithm -- uses hashBlockSize as internal block size. class HashAlgorithm a where hashUpdateLazy a = foldl' hashUpdate a . toChunks hashHMAC = hmacInit -- | Block size in bytes the hash algorithm operates on hashBlockSize :: HashAlgorithm a => Tagged a Int -- | Digest size in bytes the hash algorithm returns hashDigestSize :: HashAlgorithm a => Tagged a Int -- | Name of the hash algorithm hashName :: HashAlgorithm a => Tagged a String -- | Initialize a new context for this hash algorithm hashInit :: HashAlgorithm a => a -- | Update the context with bytestring, and return a new context with the -- updates. hashUpdate :: HashAlgorithm a => a -> ByteString -> a -- | Update the context with a lazy bytestring, and return a new context -- with the updates. hashUpdateLazy :: HashAlgorithm a => a -> ByteString -> a -- | Finalize a context and return a digest. hashFinalize :: HashAlgorithm a => a -> ByteString -- | Use HashAlgorithm for HMAC; can use a optimized variant or the -- default hmacInit one hashHMAC :: HashAlgorithm a => ByteString -> Tagged a KeyedHash -- | Helper to hash a single (strict) ByteString in one step. -- -- Example: -- -- 
--   untag (hash (fromString "abc") :: Tagged SHA256 B.ByteString)
--
hash :: HashAlgorithm a => ByteString -> Tagged a ByteString -- | Untagged variant of hash; takes a (possible undefined) -- typed HashAlgorithm context as parameter. -- -- Example: -- -- 
--   hash' (undefined :: SHA256) $ fromString "abc"
--
hash' :: HashAlgorithm a => a -> ByteString -> ByteString -- | Helper to hash a single (lazy) ByteString in one step. -- -- Example: -- -- 
--   untag (hashLazy (fromString "abc") :: Tagged SHA256 L.ByteString)
--
hashLazy :: HashAlgorithm a => ByteString -> Tagged a ByteString -- | Untagged variant of hashLazy; takes a (possible -- undefined) typed HashAlgorithm context as parameter. -- -- Example: -- -- 
--   hashLazy' (undefined :: SHA256) $ fromString "abc"
--
hashLazy' :: HashAlgorithm a => a -> ByteString -> ByteString -- | The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm -- used in Russian government standards (see RFC 4357). It outputs -- message digests of 32 bytes (256 bits). data GOSTHASH94 -- | MD2 is a hash function of Ronald Rivest's, described in RFC -- 1319. It outputs message digests of 16 bytes (128 bits). data MD2 -- | MD4 is a hash function of Ronald Rivest's, described in RFC -- 1320. It outputs message digests of 16 bytes (128 bits). data MD4 -- | MD5 is a hash function of Ronald Rivest's, described in RFC -- 1321. It outputs message digests of 16 bytes (128 bits). data MD5 -- | RIPEMD160 is a hash function designed by Hans Dobbertin, Antoon -- Bosselaers, and Bart Preneel, as a strengthened version of RIPEMD. It -- produces message digests of 20 bytes (160 bits). data RIPEMD160 -- | SHA1 is a hash function specified by NIST (The U.S. National -- Institute for Standards and Technology). It produces message digests -- of 20 bytes (160 bits). data SHA1 -- | SHA224 is a member of the SHA2 family which outputs messages -- digests of 28 bytes (224 bits). data SHA224 -- | SHA256 is a member of the SHA2 family which outputs messages -- digests of 32 bytes (256 bits). data SHA256 -- | SHA384 is a member of the SHA2 family which outputs messages -- digests of 48 bytes (384 bits). data SHA384 -- | SHA512 is a member of the SHA2 family which outputs messages -- digests of 64 bytes (512 bits). data SHA512 -- | SHA3_224 is a member of the SHA3 family which outputs messages -- digests of 28 bytes (224 bits). data SHA3_224 -- | SHA3_256 is a member of the SHA3 family which outputs messages -- digests of 32 bytes (256 bits). data SHA3_256 -- | SHA3_384 is a member of the SHA3 family which outputs messages -- digests of 48 bytes (384 bits). data SHA3_384 -- | SHA3_512 is a member of the SHA3 family which outputs messages -- digests of 64 bytes (512 bits). data SHA3_512 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.GOSTHASH94 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.GOSTHASH94 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.MD2 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.MD2 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.MD4 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.MD4 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.MD5 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.MD5 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.RIPEMD160 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.RIPEMD160 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA1 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA1 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA224 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA224 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA256 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA256 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA384 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA384 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA512 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA512 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA3_224 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA3_224 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA3_256 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA3_256 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA3_384 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA3_384 instance Crypto.Nettle.Hash.NettleHashAlgorithm Crypto.Nettle.Hash.SHA3_512 instance Crypto.Nettle.Hash.Types.HashAlgorithm Crypto.Nettle.Hash.SHA3_512 -- | This module exports the UMAC algorithms supported by nettle: -- http://www.lysator.liu.se/~nisse/nettle/ module Crypto.Nettle.UMAC -- | UMAC is a class of keyed hash algorithms that take an -- additional nonce. -- -- Keys for UMAC are always 16 bytes; there are different digest -- sizes: 4, 8, 12 and 16 bytes (32, 64, 96 and 128 bits), and the -- variants are named after the digest length in bits. -- -- On initialization the nonce is set to 0; each finalize returns a new -- state with an incremented nonce. The nonce is interpreted as 16-byte -- (128-bit) big-endian integer (and for string shorter than 16 bytes -- padded with zeroes on the left; setting empty nonces is not -- allowed). class UMAC u where umacName = (("UMAC" ++) . show . (8 *)) <$> umacDigestSize umacUpdateLazy u = foldl' umacUpdate u . toChunks -- | digest size in bytes umacDigestSize :: UMAC u => Tagged u Int -- | umac name (UMAC ++ digest size in bits) umacName :: UMAC u => Tagged u String -- | initialize a new context from a key with a zero -- nonce umacInit :: UMAC u => ByteString -> u -- | set a nonce; can be called anytime before producing the -- digest umacSetNonce :: UMAC u => u -> ByteString -> u -- | append message data to be hashed umacUpdate :: UMAC u => u -> ByteString -> u -- | append lazy message data to be hashed umacUpdateLazy :: UMAC u => u -> ByteString -> u -- | produce a digest, and return a new state with incremented nonce umacFinalize :: UMAC u => u -> (ByteString, u) -- | UMAC32 is the 32-bit (4 byte) digest variant. See -- umacInitKeyedHash for the KeyedHashAlgorithm instance. data UMAC32 -- | UMAC64 is the 32-bit (4 byte) digest variant. See -- umacInitKeyedHash for the KeyedHashAlgorithm instance. data UMAC64 -- | UMAC96 is the 32-bit (4 byte) digest variant. See -- umacInitKeyedHash for the KeyedHashAlgorithm instance. data UMAC96 -- | UMAC128 is the 32-bit (4 byte) digest variant. See -- umacInitKeyedHash for the KeyedHashAlgorithm instance. data UMAC128 -- | The default KeyedHash generated for UMAC -- KeyedHashAlgorithm instances use a zero nonce; to set a -- different nonce you need to use this initialization function (or use -- the UMAC interface). -- -- Once the UMAC lives as KeyedHash the nonce cannot be changed -- anymore, as KeyedHash hides all internal state. umacInitKeyedHash :: (UMAC u, KeyedHashAlgorithm u) => ByteString -> ByteString -> Tagged u KeyedHash instance Crypto.Nettle.UMAC.NettleUMAC Crypto.Nettle.UMAC.UMAC32 instance Crypto.Nettle.UMAC.UMAC Crypto.Nettle.UMAC.UMAC32 instance Crypto.Nettle.Hash.Types.KeyedHashAlgorithm Crypto.Nettle.UMAC.UMAC32 instance Crypto.Nettle.UMAC.NettleUMAC Crypto.Nettle.UMAC.UMAC64 instance Crypto.Nettle.UMAC.UMAC Crypto.Nettle.UMAC.UMAC64 instance Crypto.Nettle.Hash.Types.KeyedHashAlgorithm Crypto.Nettle.UMAC.UMAC64 instance Crypto.Nettle.UMAC.NettleUMAC Crypto.Nettle.UMAC.UMAC96 instance Crypto.Nettle.UMAC.UMAC Crypto.Nettle.UMAC.UMAC96 instance Crypto.Nettle.Hash.Types.KeyedHashAlgorithm Crypto.Nettle.UMAC.UMAC96 instance Crypto.Nettle.UMAC.NettleUMAC Crypto.Nettle.UMAC.UMAC128 instance Crypto.Nettle.UMAC.UMAC Crypto.Nettle.UMAC.UMAC128 instance Crypto.Nettle.Hash.Types.KeyedHashAlgorithm Crypto.Nettle.UMAC.UMAC128 -- | This module exports ciphers supported by nettle: -- http://www.lysator.liu.se/~nisse/nettle/ module Crypto.Nettle.Ciphers -- | AES is the generic cipher context for the AES cipher, -- supporting key sizes of 128, 196 and 256 bits (16, 24 and 32 bytes). -- The blockSize is always 128 bits (16 bytes). -- -- aeadInit only supports the AEAD_GCM mode for now. data AES -- | AES128 provides the same interface as AES, but is -- restricted to 128-bit keys. data AES128 -- | AES192 provides the same interface as AES, but is -- restricted to 192-bit keys. data AES192 -- | AES256 provides the same interface as AES, but is -- restricted to 256-bit keys. data AES256 -- | ARCTWO (also known as the trade marked name RC2) is a block -- cipher specified in RFC 2268. -- -- The default cipherInit uses ekb = bit-length of the -- key; arctwoInitEKB allows to specify ekb manually. -- arctwoInitGutmann uses ekb = 1024 (the maximum). -- -- ARCTWO uses keysizes from 1 to 128 bytes, and uses a -- blockSize of 64 bits (8 bytes). data ARCTWO -- | Initialize cipher with an explicit ekb value (valid values -- from 1 to 1024, 0 meaning the same as 1024). arctwoInitEKB :: Key ARCTWO -> Word -> ARCTWO -- | Initialize cipher with ekb = 1024. arctwoInitGutmann :: Key ARCTWO -> ARCTWO -- | BLOWFISH is a block cipher designed by Bruce Schneier. It uses -- a blockSize of 64 bits (8 bytes), and a variable key size from -- 64 to 448 bits (8 to 56 bytes). data BLOWFISH -- | Camellia is a block cipher developed by Mitsubishi and Nippon -- Telegraph and Telephone Corporation, described in RFC3713, and -- recommended by some Japanese and European authorities as an -- alternative to AES. The algorithm is patented (details see -- http://www.lysator.liu.se/~nisse/nettle/nettle.html). -- -- Camellia uses a the same blockSize and key sizes as AES. -- -- aeadInit only supports the AEAD_GCM mode for now. data Camellia -- | Camellia128 provides the same interface as Camellia, but -- is restricted to 128-bit keys. data Camellia128 -- | Camellia192 provides the same interface as Camellia, but -- is restricted to 192-bit keys. data Camellia192 -- | Camellia256 provides the same interface as Camellia, but -- is restricted to 256-bit keys. data Camellia256 -- | CAST128 is a block cipher specified in RFC 2144. It uses a 64 -- bit (8 bytes) blockSize, and a variable key size of 40 up to -- 128 bits (5 to 16 bytes). data CAST128 -- | DES is the old Data Encryption Standard, specified by NIST. It -- uses a blockSize of 64 bits (8 bytes), and a key size of 56 -- bits. -- -- The key is given as 8 bytes, as one bit per byte is used as a parity -- bit. The parity bit is ignored by this implementation. data DES -- | DES_EDE3 uses 3 DES keys k1 || k2 || k3. -- Encryption first encrypts with k1, then decrypts with k2, then -- encrypts with k3. -- -- The blockSize is the same as for DES: 64 bits (8 bytes), -- and the keys are simply concatenated, forming a 24 byte key string -- (with 168 bits actually getting used). data DES_EDE3 -- | TWOFISH is another AES finalist, designed by Bruce Schneier and -- others. -- -- TWOFISH uses a the same blockSize and key sizes as -- AES. -- -- aeadInit only supports the AEAD_GCM mode for now. data TWOFISH -- | SERPENT is one of the AES finalists, designed by Ross Anderson, -- Eli Biham and Lars Knudsen. -- -- The blockSize is 128 bits (16 bytes), and the valid key sizes -- are from 128 bits to 256 bits (16 to 32 bytes), although smaller bits -- are just padded with zeroes. -- -- aeadInit only supports the AEAD_GCM mode for now. data SERPENT -- | StreamNonceCipher are special stream ciphers that can encrypt -- many messages with the same key; setting a nonce restarts the cipher. -- -- A good value for the nonce is a message/packet counter. Usually a -- nonce should not be reused with the same key. class StreamCipher cipher => StreamNonceCipher cipher streamNonceSize :: StreamNonceCipher cipher => cipher -> KeySizeSpecifier streamSetNonce :: StreamNonceCipher cipher => cipher -> ByteString -> Maybe cipher -- | Sets a Word64 as 8-byte nonce (bigendian encoded) streamSetNonceWord64 :: StreamNonceCipher cipher => cipher -> Word64 -> Maybe cipher -- | ARCFOUR is a stream cipher, also known under the trade marked -- name RC4. -- -- Valid key sizes are from 1 to 256 bytes. data ARCFOUR -- | CHACHA is a variant of the SALSA20 stream cipher, both -- designed by D. J. Bernstein. -- -- Key size is 256 bits (32 bytes). -- -- CHACHA works similar to SALSA20; it could theoretically -- also support 128-bit keys, but there is no need for it as they share -- the same performance. -- -- ChaCha uses a blocksize of 64 bytes internally; if crpyted input isn't -- aligned to 64 bytes it will pad it with 0 and store the encrypted -- padding to xor with future input data. -- -- Each message also requires a 8-byte (Word64) nonce (which is -- initialized to 0; you can use a message sequence number). Don't reuse -- a nonce with the same key. -- -- Setting a nonce also resets the remaining padding data. data CHACHA -- | SALSA20 is a fairly recent stream cipher designed by D. J. -- Bernstein. -- -- Valid key sizes are 128 and 256 bits (16 and 32 bytes). -- -- Salsa20 uses a blocksize of 64 bytes internally; if crpyted input -- isn't aligned to 64 bytes it will pad it with 0 and store the -- encrypted padding to xor with future input data. -- -- Each message also requires a 8-byte (Word64) nonce (which is -- initialized to 0; you can use a message sequence number). Don't reuse -- a nonce with the same key. -- -- Setting a nonce also resets the remaining padding data. data SALSA20 -- | ESTREAM_SALSA20 is the same as SALSA20, but uses only 12 -- instead of 20 rounds in mixing. data ESTREAM_SALSA20 instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.AES instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.AES instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.AES instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.AES instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.AES Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.AES128 instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.AES128 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.AES128 instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.AES128 instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.AES128 Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.AES192 instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.AES192 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.AES192 instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.AES192 instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.AES192 Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.AES256 instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.AES256 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.AES256 instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.AES256 instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.AES256 Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.ARCTWO instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.ARCTWO instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.ARCTWO instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.ARCTWO instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.ARCTWO Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.BLOWFISH instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.BLOWFISH instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.BLOWFISH instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.BLOWFISH instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.BLOWFISH Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.Camellia instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.Camellia instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.Camellia instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.Camellia instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.Camellia Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.Camellia128 instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.Camellia128 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.Camellia128 instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.Camellia128 instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.Camellia128 Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.Camellia192 instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.Camellia192 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.Camellia192 instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.Camellia192 instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.Camellia192 Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.Camellia256 instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.Camellia256 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.Camellia256 instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.Camellia256 instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.Camellia256 Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.CAST128 instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.CAST128 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.CAST128 instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.CAST128 instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.CAST128 Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.DES instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.DES instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.DES instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.DES instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.DES Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.DES_EDE3 instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.DES_EDE3 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.DES_EDE3 instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.DES_EDE3 instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.DES_EDE3 Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.SERPENT instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.SERPENT instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.SERPENT instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.SERPENT instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.SERPENT Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.TWOFISH instance Crypto.Nettle.Ciphers.Internal.NettleBlockCipher Crypto.Nettle.Ciphers.TWOFISH instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.TWOFISH instance Crypto.Cipher.Types.Block.BlockCipher Crypto.Nettle.Ciphers.TWOFISH instance Crypto.Cipher.Types.Block.AEADModeImpl Crypto.Nettle.Ciphers.TWOFISH Crypto.Nettle.Ciphers.Internal.NettleGCM instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.ARCFOUR instance Crypto.Nettle.Ciphers.Internal.NettleStreamCipher Crypto.Nettle.Ciphers.ARCFOUR instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.ARCFOUR instance Crypto.Cipher.Types.Stream.StreamCipher Crypto.Nettle.Ciphers.ARCFOUR instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.CHACHA instance Crypto.Nettle.Ciphers.Internal.NettleBlockedStreamCipher Crypto.Nettle.Ciphers.CHACHA instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.CHACHA instance Crypto.Cipher.Types.Stream.StreamCipher Crypto.Nettle.Ciphers.CHACHA instance Crypto.Nettle.Ciphers.StreamNonceCipher Crypto.Nettle.Ciphers.CHACHA instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.SALSA20 instance Crypto.Nettle.Ciphers.Internal.NettleBlockedStreamCipher Crypto.Nettle.Ciphers.SALSA20 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.SALSA20 instance Crypto.Cipher.Types.Stream.StreamCipher Crypto.Nettle.Ciphers.SALSA20 instance Crypto.Nettle.Ciphers.StreamNonceCipher Crypto.Nettle.Ciphers.SALSA20 instance Crypto.Nettle.Ciphers.Internal.NettleCipher Crypto.Nettle.Ciphers.ESTREAM_SALSA20 instance Crypto.Nettle.Ciphers.Internal.NettleBlockedStreamCipher Crypto.Nettle.Ciphers.ESTREAM_SALSA20 instance Crypto.Cipher.Types.Base.Cipher Crypto.Nettle.Ciphers.ESTREAM_SALSA20 instance Crypto.Cipher.Types.Stream.StreamCipher Crypto.Nettle.Ciphers.ESTREAM_SALSA20 instance Crypto.Nettle.Ciphers.StreamNonceCipher Crypto.Nettle.Ciphers.ESTREAM_SALSA20 -- | This module exports the ChaCha-Poly1305 AEAD cipher supported by -- nettle: http://www.lysator.liu.se/~nisse/nettle/ -- -- Both ChaCha (the underlying cipher) and Poly1305 (the keyed hash) were -- designed by D. J. Bernstein. module Crypto.Nettle.ChaChaPoly1305 -- | Encrypt plain text and create a verification tag for the encrypted -- text and some additional data. key and nonce must -- not be reused together. The returned tag is 16 bytes long, but may be -- shortened for verification (loosing security). chaChaPoly1305Encrypt :: ByteString -> ByteString -> ByteString -> ByteString -> (ByteString, ByteString) -- | Decrypt cipher text and verify a (possible shortened) tag for the -- encrypted text and some additional data. key and -- nonce must not be reused together. chaChaPoly1305Decrypt :: ByteString -> ByteString -> ByteString -> ByteString -> ByteString -> Maybe ByteString