Copyright | (c) Piyush P Kurur 2019 |
---|---|
License | Apache-2.0 OR BSD-3-Clause |
Maintainer | Piyush P Kurur <ppk@iitpkd.ac.in> |
Stability | experimental |
Safe Haskell | None |
Language | Haskell2010 |
The Poly1305 MAC
This module exposes the types required to implement the the
poly1305 message authenticator. The poly1305 is a function that
takes two parameters r
and s
and for an input message m
computes the function.
Poly1305(m, r,s) = (M(r) mod 2^130 - 5) + s mod 2^128
In the original publication, r
is selected pseudo-randomly and
s
is generated by encrypting (using AES) a nonce n
with a
secret key k, i.e. r = random; s = AES(k,n). The secret that needs
to be shared by the two parties is r
and the key k
. Actual
protocols should never repeat the nonce n
for otherwise there
will be compromise in the security. The RFC7539 uses a variant
that uses the chacha20 cipher instead of AES.
As can be seen from the above discussion the actual mechanism for
selecting the r
and s
differs depending on the
situation. Hence, this module only provide the "raw" Poly1305
implementation leaving out the details of the selection of r
and
s
for some latter stage. Thus this module is not of direct use
but is used by actual protocols to implement message
authentication.
The datatype that captures the Poly1305 authenticator tag.
Instances
Eq Poly1305 Source # | |
Show Poly1305 Source # | |
IsString Poly1305 Source # | |
Defined in Raaz.Primitive.Poly1305.Internal fromString :: String -> Poly1305 # | |
Storable Poly1305 Source # | |
Defined in Raaz.Primitive.Poly1305.Internal | |
Equality Poly1305 Source # | |
EndianStore Poly1305 Source # | |
Encodable Poly1305 Source # | |
Defined in Raaz.Primitive.Poly1305.Internal | |
Primitive Poly1305 Source # | |
Defined in Raaz.Primitive.Poly1305.Internal | |
Show (Key Poly1305) Source # | |
data Key Poly1305 Source # | |
type WordType Poly1305 Source # | |
Defined in Raaz.Primitive.Poly1305.Internal | |
type WordsPerBlock Poly1305 Source # | |
Defined in Raaz.Primitive.Poly1305.Internal |
The r
component of the secret.
Instances
Eq R Source # | |
Show R Source # | |
IsString R Source # | |
Defined in Raaz.Primitive.Poly1305.Internal fromString :: String -> R # | |
Storable R Source # | |
Equality R Source # | |
EndianStore R Source # | |
Encodable R Source # | |
Defined in Raaz.Primitive.Poly1305.Internal toByteString :: R -> ByteString Source # fromByteString :: ByteString -> Maybe R Source # unsafeFromByteString :: ByteString -> R Source # |
The s
component of the secret.
Instances
Eq S Source # | |
Show S Source # | |
IsString S Source # | |
Defined in Raaz.Primitive.Poly1305.Internal fromString :: String -> S # | |
Storable S Source # | |
Equality S Source # | |
EndianStore S Source # | |
Encodable S Source # | |
Defined in Raaz.Primitive.Poly1305.Internal toByteString :: S -> ByteString Source # fromByteString :: ByteString -> Maybe S Source # unsafeFromByteString :: ByteString -> S Source # |
data family Key p :: Type Source #
The type family that captures the key of a keyed primitive.