| Copyright | (c) 2013 Stefan Bühler |
|---|---|
| License | MIT-style (see the file COPYING) |
| Maintainer | stbuehler@web.de |
| Stability | experimental |
| Portability | portable |
| Safe Haskell | Safe-Inferred |
| Language | Haskell98 |
Crypto.Nettle.CCM
Description
(This is not a binding to nettle; it is implemented in pure haskell)
This module adds CCM support to all 128-bit block ciphers:
aeadInit AEAD_CCM = ccmInitTLS
CCM uses 2 parameters t and q: t is the tag length (2,4,6,8,10,12,14,16) and q (2..8) is the
length in bytes that the length of the message is stored in (and the length of the
counter variable).
Maximum message length is 2^(8*q) - 1.
CCM requires a nonce of length (15 - q). TLS uses CCM with t = 16 and q = 3,
and a nonce length of 12 (the first 4 bytes are fixed from the handshake, the other 8
usually represent the sequence counter).
CCM encrypts with a CTR mode, the start IV is based on the (t,q,nonce) parameters; the tag is encrypted with counter value = 0, then the message follows.
Calculating the tag needs the message length first - so this implementation needs to gather all data before calculating it.
In RFC 3610 t is called M, and q is called L.
Documentation
Arguments
| :: (BlockCipher cipher, Byteable iv) | |
| => Int | tag length |
| -> Int | length |
| -> cipher | cipher initialized with key |
| -> iv |
|
| -> Maybe (AEAD cipher) |
Start a CCM encryption with specified tag length t, length q of the message length field and a 15-q bytes long nonce.
Fails if any parameter is invalid or the block cipher doesn't use a 16-byte blockSize.
Arguments
| :: (BlockCipher cipher, Byteable iv) | |
| => cipher | cipher initialized with key |
| -> iv | 8 byte |
| -> Maybe (AEAD cipher) |
Start a CCM encryption with specified tag length t = 16, length q = 3 for the message length field and a 8 bytes long nonce.
Fails if any parameter is invalid or the block cipher doesn't use a 16-byte blockSize.
This are the parameters used for TLS.