/
SecretBox.hs
78 lines (68 loc) · 2.18 KB
/
SecretBox.hs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE TypeOperators #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
{-|
Module : Crypto.Lithium.SecretBox
Description : Symmetric-key authenticated encryption
Copyright : (c) Promethea Raschke 2018
License : public domain
Maintainer : eth.raschke@liminal.ai
Stability : experimental
Portability : unknown
-}
module Crypto.Lithium.SecretBox
( U.Key
, U.newKey
, SecretBox(..)
, secretBox
, openSecretBox
, TagBytes
, tagBytes
, tagSize
, U.KeyBytes
, U.keyBytes
, U.keySize
) where
import Crypto.Lithium.Unsafe.SecretBox (Key)
import qualified Crypto.Lithium.Unsafe.SecretBox as U
import Crypto.Lithium.Internal.Util
import Data.ByteArray.Sized
import Foundation
import Control.DeepSeq
import Data.ByteString as BS
{-|
Encrypt the plaintext into a 'SecretBox' which also verifies the authenticity of
the message upon decryption
Due to the risk of nonce reuse compromising the underlying cryptography, Lithium
does not provide a 'secretBox' interface using user-supplied nonces outside the
"Crypto.Lithium.Unsafe" API. If your protocol requires nonces for eg. replay
protection, you should use "Crypto.Lithium.Aead" instead.
-}
secretBox :: (Plaintext p)
=> Key -> p -> IO (SecretBox p)
secretBox key message = do
ciphertext <- U.secretBoxRandom key
(fromPlaintext message :: ByteString)
return $ SecretBox ciphertext
{-|
Decrypt the 'SecretBox' and verify it has not been tampered with
-}
openSecretBox :: Plaintext p
=> Key -> SecretBox p -> Maybe p
openSecretBox key (SecretBox ciphertext) = do
decrypted <- U.openSecretBoxPrefix key ciphertext
toPlaintext (decrypted :: ByteString)
newtype SecretBox plaintext = SecretBox
{ getCiphertext :: ByteString } deriving (Eq, Show, NFData)
{-|
Size of the tag prepended to the ciphertext; the amount by which a 'aead'
ciphertext is longer than the corresponding plaintext. Consists of a nonce,
randomly generated to remove pitfalls for users, and a mac.
-}
type TagBytes = U.NonceBytes + U.MacBytes
tagBytes :: ByteSize TagBytes
tagBytes = ByteSize
tagSize :: Int
tagSize = U.nonceSize + U.macSize