| Copyright | (c) Piyush P Kurur 2016 |
|---|---|
| License | Apache-2.0 OR BSD-3-Clause |
| Maintainer | Piyush P Kurur <ppk@iitpkd.ac.in> |
| Stability | experimental |
| Safe Haskell | None |
| Language | Haskell2010 |
Raaz.AuthEncrypt.Unsafe
Description
Synopsis
- type Locked = AEAD Cipher AuthTag
- unsafeLock :: Encodable plain => Key Cipher -> Nounce Cipher -> plain -> Locked
- unsafeLockWith :: (Encodable plain, Encodable aad) => aad -> Key Cipher -> Nounce Cipher -> plain -> Locked
- type Cipher = Prim
- type AuthTag = Prim
- unsafeToCipherText :: Locked -> ByteString
- unsafeToAuthTag :: Locked -> AuthTag
- unsafeLocked :: Nounce Cipher -> ByteString -> AuthTag -> Locked
Auth Encryption with Explicit Nounce
WARNING: The security of the interface is compromised if
- The key gets revealed to the attacker or
- If the same key/nounce pair is used to lock two different messages.
- Taking apart the AEAD token also compromises the type safety.
Why then do we provide these functions ? As long as you are using the raaz library exclusively, you do not need to use this unsafe function. These are only needed when working with other libraries and protocols which have a different nonunce selection policy and/or a different encoding scheme for the AEAD token.
Nounces need not be private and may be exposed to the attacker. In fact, in the safe version of these locking function, we pick the nounce at random (using the csprg) and pack it into the AEAD token.
For specific algorithms, the unsafe version is also available
- Raaz.AuthEncrypt.Unsafe.ChaCha20Poly1305
- Raaz.AuthEncrypt.Unsafe.XChaCha20Poly1305
The former has a smaller nounce (96-bits) than the latter (192-bits) and hence there is a slight risk in using it with randomly generated nounces. It is however, slightly faster and is safe to use when there is frequent key resets as in the case of network protocols. As with other cases we recommend the use of the default interface instead of the specific one when ever possible.
Arguments
| :: Encodable plain | |
| => Key Cipher | The key |
| -> Nounce Cipher | The nounce |
| -> plain | The object to be locked. |
| -> Locked |
Locks a given message but needs an explicit nounce. Reusing the key-nounce pair will compromise the security and hence using this function is unsafe. The user needs to ensure the freshness of the key, nounce pair through some other means.
Some protocols have a predefined way to pick nounces and this is
the reason we provide such an interface. If that is not a concern,
we recommend the use of lock instead.
unsafeLockWith :: (Encodable plain, Encodable aad) => aad -> Key Cipher -> Nounce Cipher -> plain -> Locked Source #
Similar to lockWith but an explicit nounce is taken as
input. Reusing the key-nounce pair will compromise the security and
hence using this function is unsafe. The user needs to ensure the
freshness of the key, nounce pair through some other means.
Some protocols have a predefined way to pick nounces and this is
the reason, we provide such an interface. If that is not a concern,
we recommend the use of lockWith instead.
unsafeToCipherText :: Locked -> ByteString Source #
Get the cipher text part of the Locked message.
unsafeToAuthTag :: Locked -> AuthTag Source #
Get the authentication token of the Locked message.
Arguments
| :: Nounce Cipher | The nounce used for locking this message |
| -> ByteString | The cipher text |
| -> AuthTag | the Authentication tag |
| -> Locked |
Construct the locked message out of the nounce, cipher text, and the authentication tag.