raaz-0.3.7: Fast and type safe cryptography.
Copyright(c) Piyush P Kurur 2016
LicenseApache-2.0 OR BSD-3-Clause
MaintainerPiyush P Kurur <ppk@iitpkd.ac.in>
Stabilityexperimental
Safe HaskellSafe-Inferred
LanguageHaskell2010

Raaz.AuthEncrypt.Unsafe

Description

 
Synopsis

Explicit computation and taking apart

This module provides two class of unsafe functions:

  1. Functions to compute AEAD tokens with explicit key and Nounce
  2. Functions to take apart an AEAD token into their constituents, namely the nounce used, the cipher text, and the authentication tag.

The former is to help interface with other libraries where as the latter allows us to serialise AEAD tokens.

WARNING: The security of the interface is compromised if

  1. The key gets revealed to the attacker or
  2. If the same key/nounce pair is used to lock two different messages.
  3. Taking apart the AEAD token may compromises type safety.

Nounces need not be private and may be exposed to the attacker. In fact, in the safe version of these locking function, we pick the nounce at random (using the csprg) and pack it into the AEAD token.

For specific algorithms, the unsafe version is also available

  • Raaz.AuthEncrypt.Unsafe.ChaCha20Poly1305
  • Raaz.AuthEncrypt.Unsafe.XChaCha20Poly1305

The former has a smaller nounce (96-bits) than the latter (192-bits) and hence there is a slight risk in using it with randomly generated nounces. It is however, slightly faster and is safe to use when there is frequent key resets as in the case of network protocols. As with other cases we recommend the use of the default interface instead of the specific one when ever possible.

type Locked = AEAD Cipher AuthTag #

unsafeLock Source #

Arguments

:: Encodable plain 
=> Key Cipher

The key

-> Nounce Cipher

The nounce

-> plain

The object to be locked.

-> Locked 

Locks a given message but needs an explicit nounce. Reusing the key-nounce pair will compromise the security and hence using this function is unsafe. The user needs to ensure the freshness of the key, nounce pair through some other means.

Some protocols have a predefined way to pick nounces and this is the reason we provide such an interface. If that is not a concern, we recommend the use of lock instead.

unsafeLockWith :: (Encodable plain, Encodable aad) => aad -> Key Cipher -> Nounce Cipher -> plain -> Locked Source #

Similar to lockWith but an explicit nounce is taken as input. Reusing the key-nounce pair will compromise the security and hence using this function is unsafe. The user needs to ensure the freshness of the key, nounce pair through some other means.

Some protocols have a predefined way to pick nounces and this is the reason, we provide such an interface. If that is not a concern, we recommend the use of lockWith instead.

type Cipher = Prim #

type AuthTag = Prim #

unsafeToNounce :: Locked -> Nounce Cipher Source #

Get the nounce used for authenticating the token.

unsafeToCipherText :: Locked -> ByteString Source #

Get the cipher text part of the Locked message.

unsafeToAuthTag :: Locked -> AuthTag Source #

Get the authentication token of the Locked message.

unsafeLocked Source #

Arguments

:: Nounce Cipher

The nounce used for locking this message

-> ByteString

The cipher text

-> AuthTag

the Authentication tag

-> Locked 

Construct the locked message out of the nounce, cipher text, and the authentication tag.