Copyright | (c) Piyush P Kurur 2016 |
---|---|
License | Apache-2.0 OR BSD-3-Clause |
Maintainer | Piyush P Kurur <ppk@iitpkd.ac.in> |
Stability | experimental |
Safe Haskell | None |
Language | Haskell2010 |
Synopsis
- type Locked = AEAD Cipher AuthTag
- unsafeLock :: Encodable plain => Key Cipher -> Nounce Cipher -> plain -> Locked
- unsafeLockWith :: (Encodable plain, Encodable aad) => aad -> Key Cipher -> Nounce Cipher -> plain -> Locked
- type Cipher = Prim
- type AuthTag = Prim
- unsafeToNounce :: Locked -> Nounce Cipher
- unsafeToCipherText :: Locked -> ByteString
- unsafeToAuthTag :: Locked -> AuthTag
- unsafeLocked :: Nounce Cipher -> ByteString -> AuthTag -> Locked
Explicit computation and taking apart
This module provides two class of unsafe functions:
- Functions to compute AEAD tokens with explicit key and Nounce
- Functions to take apart an AEAD token into their constituents, namely the nounce used, the cipher text, and the authentication tag.
The former is to help interface with other libraries where as the latter allows us to serialise AEAD tokens.
WARNING: The security of the interface is compromised if
- The key gets revealed to the attacker or
- If the same key/nounce pair is used to lock two different messages.
- Taking apart the AEAD token may compromises type safety.
Nounces need not be private and may be exposed to the attacker. In fact, in the safe version of these locking function, we pick the nounce at random (using the csprg) and pack it into the AEAD token.
For specific algorithms, the unsafe version is also available
- Raaz.AuthEncrypt.Unsafe.ChaCha20Poly1305
- Raaz.AuthEncrypt.Unsafe.XChaCha20Poly1305
The former has a smaller nounce (96-bits) than the latter (192-bits) and hence there is a slight risk in using it with randomly generated nounces. It is however, slightly faster and is safe to use when there is frequent key resets as in the case of network protocols. As with other cases we recommend the use of the default interface instead of the specific one when ever possible.
:: Encodable plain | |
=> Key Cipher | The key |
-> Nounce Cipher | The nounce |
-> plain | The object to be locked. |
-> Locked |
Locks a given message but needs an explicit nounce. Reusing the key-nounce pair will compromise the security and hence using this function is unsafe. The user needs to ensure the freshness of the key, nounce pair through some other means.
Some protocols have a predefined way to pick nounces and this is
the reason we provide such an interface. If that is not a concern,
we recommend the use of lock
instead.
unsafeLockWith :: (Encodable plain, Encodable aad) => aad -> Key Cipher -> Nounce Cipher -> plain -> Locked Source #
Similar to lockWith
but an explicit nounce is taken as
input. Reusing the key-nounce pair will compromise the security and
hence using this function is unsafe. The user needs to ensure the
freshness of the key, nounce pair through some other means.
Some protocols have a predefined way to pick nounces and this is
the reason, we provide such an interface. If that is not a concern,
we recommend the use of lockWith
instead.
unsafeToCipherText :: Locked -> ByteString Source #
Get the cipher text part of the Locked message.
unsafeToAuthTag :: Locked -> AuthTag Source #
Get the authentication token of the Locked message.
:: Nounce Cipher | The nounce used for locking this message |
-> ByteString | The cipher text |
-> AuthTag | the Authentication tag |
-> Locked |
Construct the locked message out of the nounce, cipher text, and the authentication tag.