| Copyright | (c) Joseph Abrahamson 2013 | 
|---|---|
| License | MIT | 
| Maintainer | me@jspha.com | 
| Stability | experimental | 
| Portability | non-portable | 
| Safe Haskell | None | 
| Language | Haskell2010 | 
Crypto.Saltine.Core.Stream
Description
Secret-key encryption: Crypto.Saltine.Core.Stream
The stream function produces a sized stream ByteString as a
 function of a secret key and a nonce. The xor function encrypts a
 message ByteString using a secret key and a nonce.  The xor
 function guarantees that the ciphertext has the same length as the
 plaintext, and is the plaintext . Consequently
 xor stream k nxor can also be used to decrypt.
The stream function, viewed as a function of the nonce for a
 uniform random key, is designed to meet the standard notion of
 unpredictability ("PRF"). For a formal definition see, e.g.,
 Section 2.3 of Bellare, Kilian, and Rogaway, "The security of the
 cipher block chaining message authentication code," Journal of
 Computer and System Sciences 61 (2000), 362–399;
 http://www-cse.ucsd.edu/~mihir/papers/cbc.html. This means that
 an attacker cannot distinguish this function from a uniform random
 function. Consequently, if a series of messages is encrypted by
 xor with a different nonce for each message, the ciphertexts
 are indistinguishable from uniform random strings of the same
 length.
Note that the length is not hidden. Note also that it is the caller's responsibility to ensure the uniqueness of nonces—for example, by using nonce 1 for the first message, nonce 2 for the second message, etc. Nonces are long enough that randomly generated nonces have negligible risk of collision.
Saltine does not make any promises regarding the resistance of crypto_stream to "related-key attacks." It is the caller's responsibility to use proper key-derivation functions.
Crypto.Saltine.Core.Stream is crypto_stream_xsalsa20, a
 particular cipher specified in "Cryptography in NaCl"
 (http://nacl.cr.yp.to/valid.html), Section 7. This cipher is
 conjectured to meet the standard notion of unpredictability.
This is version 2010.08.30 of the stream.html web page.
Documentation
An opaque stream cryptographic key.
An opaque stream nonce.
Arguments
| :: Key | |
| -> Nonce | |
| -> Int | |
| -> ByteString | Cryptographic stream | 
Arguments
| :: Key | |
| -> Nonce | |
| -> ByteString | Message | 
| -> ByteString | Ciphertext | 
Computes the exclusive-or between a message and a cryptographic
 random stream indexed by the Key and the Nonce. This renders
 the output indistinguishable from random noise so long as the
 Nonce is not used more than once. Note: while this can be used
 for encryption and decryption, it is possible for an attacker to
 manipulate the message in transit without detection. USE AT YOUR
 OWN RISK.