1234567891011121314151617181920212223242526272829303132333435363738394041424344 |
- module Crypto.ChunkedAlgorithms where
- import Data.ByteString (ByteString)
- import qualified Data.ByteString as BS
- import qualified Data.ByteArray as BA
- import Crypto.Chunked
- import Crypto.Error
- import qualified Crypto.Cipher.ChaChaPoly1305 as ChaP
- {- |
- Constructs a ChunkedCrypto based on the ChaChaPoly1305 primitive.
- No authenticated data is used, and chunk authentication is concatenated
- to the begining of the chunk.
- -}
- chunkedChaChaPoly1305 ::
- -- | Plain text block size
- Int ->
- -- | Encryption key
- ByteString ->
- ChunkedCrypto
- chunkedChaChaPoly1305 s k = ChunkedCrypto enc dec (fromIntegral s) (fromIntegral s + auth_size)
- where
- auth_size = 16
- enc nonce dt = do
- st1 <- initChaP nonce
- let (out, st2) = ChaP.encrypt dt st1
- let auth = BA.convert $ ChaP.finalize st2
- return $ BS.append auth out
- dec nonce dt' = do
- let (auth, dt) = BS.splitAt 16 dt'
- st1 <- initChaP nonce
- let (out, st2) = ChaP.decrypt dt st1
- let auth' = BA.convert $ ChaP.finalize st2
- if auth == auth'
- then return out
- else CryptoFailed CryptoError_MacKeyInvalid
- initChaP nonce = do
- n <- ChaP.nonce12 nonce
- st0 <- ChaP.initialize k n
- return $ ChaP.finalizeAAD st0
|