nettle-0.3.0: safe nettle binding
Copyright(c) 2013 Stefan Bühler
LicenseMIT-style (see the file COPYING)
Maintainerstbuehler@web.de
Stabilityexperimental
Portabilityportable
Safe HaskellSafe-Inferred
LanguageHaskell98

Crypto.Nettle.CCM

Description

(This is not a binding to nettle; it is implemented in pure haskell)

This module adds CCM support to all 128-bit block ciphers:

aeadInit AEAD_CCM = ccmInitTLS

CCM uses 2 parameters t and q: t is the tag length (2,4,6,8,10,12,14,16) and q (2..8) is the length in bytes that the length of the message is stored in (and the length of the counter variable). Maximum message length is 2^(8*q) - 1.

CCM requires a nonce of length (15 - q). TLS uses CCM with t = 16 and q = 3, and a nonce length of 12 (the first 4 bytes are fixed from the handshake, the other 8 usually represent the sequence counter).

CCM encrypts with a CTR mode, the start IV is based on the (t,q,nonce) parameters; the tag is encrypted with counter value = 0, then the message follows.

Calculating the tag needs the message length first - so this implementation needs to gather all data before calculating it.

In RFC 3610 t is called M, and q is called L.

Synopsis

Documentation

ccmInit Source #

Arguments

:: (BlockCipher cipher, Byteable iv) 
=> Int

tag length t

-> Int

length q of the message length field

-> cipher

cipher initialized with key

-> iv

nonce with length 15-q

-> Maybe (AEAD cipher) 

Start a CCM encryption with specified tag length t, length q of the message length field and a 15-q bytes long nonce. Fails if any parameter is invalid or the block cipher doesn't use a 16-byte blockSize.

ccmInitTLS Source #

Arguments

:: (BlockCipher cipher, Byteable iv) 
=> cipher

cipher initialized with key

-> iv

8 byte nonce

-> Maybe (AEAD cipher) 

Start a CCM encryption with specified tag length t = 16, length q = 3 for the message length field and a 8 bytes long nonce. Fails if any parameter is invalid or the block cipher doesn't use a 16-byte blockSize. This are the parameters used for TLS.