-- | Support the encryption requirements of CHK.
module Tahoe.CHK.Encrypt (encrypt, decrypt) where

import Crypto.Cipher.AES128 (AESKey128, BlockCipher (ctrLazy), zeroIV)
import qualified Data.ByteString.Lazy as LB

{- | AES128-CTR encrypt a byte string in the manner used by CHK.

 This replaces allmydata.immutable.upload.EncryptAnUploadable

 The only noteworthy piece here is that encryption starts with the zero IV.
-}
encrypt :: AESKey128 -> LB.ByteString -> LB.ByteString
encrypt key plaintext = fst $ ctrLazy key zeroIV plaintext

-- | AES128-CTR decrypt a byte string in the manner used by CHK.
decrypt :: AESKey128 -> LB.ByteString -> LB.ByteString
decrypt = encrypt