From 875b80107cd93bc426df2a2c8df99f7cb6c28bb2 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 9 Jun 2015 11:42:38 +0200 Subject: [PATCH] Remove unused AES primitives functions and exports The code for initializing different AEAD modes is now encapsulated in the BlockCipher type and the individual mode encryption and decryption functions have been replaced by generalized versions, so are no longer used. --- Crypto/Cipher/AES/Primitive.hs | 105 ++++----------------------------- 1 file changed, 10 insertions(+), 95 deletions(-) diff --git a/Crypto/Cipher/AES/Primitive.hs b/Crypto/Cipher/AES/Primitive.hs index c0a5795..5e26174 100644 --- a/Crypto/Cipher/AES/Primitive.hs +++ b/Crypto/Cipher/AES/Primitive.hs @@ -30,32 +30,20 @@ module Crypto.Cipher.AES.Primitive , encryptCBC , encryptCTR , encryptXTS - , encryptGCM - , encryptOCB -- * decryption , decryptECB , decryptCBC , decryptCTR , decryptXTS - , decryptGCM - , decryptOCB -- * incremental GCM , gcmMode , gcmInit - , gcmAppendAAD - , gcmAppendEncrypt - , gcmAppendDecrypt - , gcmFinish -- * incremental OCB , ocbMode , ocbInit - , ocbAppendAAD - , ocbAppendEncrypt - , ocbAppendDecrypt - , ocbFinish ) where import Data.Word @@ -86,7 +74,7 @@ instance BlockCipher AES where aeadInit AEAD_GCM aes iv = CryptoPassed $ AEAD (gcmMode aes) (gcmInit aes iv) aeadInit AEAD_OCB aes iv = CryptoPassed $ AEAD (ocbMode aes) (ocbInit aes iv) aeadInit _ _ _ = CryptoFailed CryptoError_AEADModeNotSupported -instance BlockCipher128 AES where +instance BlockCipher128 AES where xtsEncrypt = encryptXTS xtsDecrypt = decryptXTS @@ -196,7 +184,7 @@ encryptCBC = doCBC c_aes_encrypt_cbc -- to make the standard counter mode block operations. -- -- if the length requested is not a multiple of the block cipher size, --- more data will be returned, so that the returned bytestring is +-- more data will be returned, so that the returned bytearray is -- a multiple of the block cipher size. {-# NOINLINE genCTR #-} genCTR :: ByteArray ba @@ -215,7 +203,7 @@ genCTR ctx (IV iv) len -- to make the standard counter mode block operations. -- -- if the length requested is not a multiple of the block cipher size, --- more data will be returned, so that the returned bytestring is +-- more data will be returned, so that the returned bytearray is -- a multiple of the block cipher size. -- -- Similiar to 'genCTR' but also return the next IV for continuation @@ -258,31 +246,6 @@ encryptCTR ctx iv input c_aes_encrypt_ctr (castPtr o) k v i (fromIntegral len) len = B.length input --- | encrypt using Galois counter mode (GCM) --- return the encrypted bytestring and the tag associated --- --- note: encrypted data is identical to CTR mode in GCM, however --- a tag is also computed. -{-# NOINLINE encryptGCM #-} -encryptGCM :: (ByteArrayAccess iv, ByteArrayAccess aad, ByteArray ba) - => AES -- ^ AES Context - -> iv -- ^ IV initial vector of any size - -> aad -- ^ data to authenticate (AAD) - -> ba -- ^ data to encrypt - -> (ba, AuthTag) -- ^ ciphertext and tag -encryptGCM = doGCM gcmAppendEncrypt - --- | encrypt using OCB v3 --- return the encrypted bytestring and the tag associated -{-# NOINLINE encryptOCB #-} -encryptOCB :: (ByteArrayAccess iv, ByteArrayAccess aad, ByteArray ba) - => AES -- ^ AES Context - -> iv -- ^ IV initial vector of any size - -> aad -- ^ data to authenticate (AAD) - -> ba -- ^ data to encrypt - -> (ba, AuthTag) -- ^ ciphertext and tag -encryptOCB = doOCB ocbAppendEncrypt - -- | encrypt using XTS -- -- the first key is the normal block encryption key @@ -326,26 +289,6 @@ decryptXTS :: ByteArray ba -> ba -- ^ output decrypted decryptXTS = doXTS c_aes_decrypt_xts --- | decrypt using Galois Counter Mode (GCM) -{-# NOINLINE decryptGCM #-} -decryptGCM :: (ByteArrayAccess aad, ByteArrayAccess iv, ByteArray ba) - => AES -- ^ Key - -> iv -- ^ IV initial vector of any size - -> aad -- ^ data to authenticate (AAD) - -> ba -- ^ data to decrypt - -> (ba, AuthTag) -- ^ plaintext and tag -decryptGCM = doGCM gcmAppendDecrypt - --- | decrypt using Offset Codebook Mode (OCB) -{-# NOINLINE decryptOCB #-} -decryptOCB :: (ByteArrayAccess aad, ByteArrayAccess iv, ByteArray ba) - => AES -- ^ Key - -> iv -- ^ IV initial vector of any size - -> aad -- ^ data to authenticate (AAD) - -> ba -- ^ data to decrypt - -> (ba, AuthTag) -- ^ plaintext and tag -decryptOCB = doOCB ocbAppendDecrypt - {-# INLINE doECB #-} doECB :: ByteArray ba => (Ptr b -> Ptr AES -> CString -> CUInt -> IO ()) @@ -395,20 +338,6 @@ doXTS f (key1,key2) iv spoint input -- GCM ------------------------------------------------------------------------ -{-# INLINE doGCM #-} -doGCM :: (ByteArrayAccess iv, ByteArrayAccess aad, ByteArray ba) - => (AES -> AESGCM -> ba -> (ba, AESGCM)) - -> AES - -> iv - -> aad - -> ba - -> (ba, AuthTag) -doGCM f ctx iv aad input = (output, tag) - where tag = gcmFinish ctx after 16 - (output, after) = f ctx afterAAD input - afterAAD = gcmAppendAAD ini aad - ini = gcmInit ctx iv - -- | initialize a gcm context {-# NOINLINE gcmInit #-} gcmInit :: ByteArrayAccess iv => AES -> iv -> AESGCM @@ -420,7 +349,7 @@ gcmInit ctx iv = unsafeDoIO $ do -- | append data which is only going to be authenticated to the GCM context. -- --- need to happen after initialization and before appending encryption/decryption data. +-- needs to happen after initialization and before appending encryption/decryption data. {-# NOINLINE gcmAppendAAD #-} gcmAppendAAD :: ByteArrayAccess aad => AESGCM -> aad -> AESGCM gcmAppendAAD gcmSt input = unsafeDoIO doAppend @@ -431,8 +360,8 @@ gcmAppendAAD gcmSt input = unsafeDoIO doAppend -- | append data to encrypt and append to the GCM context -- --- bytestring need to be multiple of AES block size, unless it's the last call to this function. --- need to happen after AAD appending, or after initialization if no AAD data. +-- the bytearray needs to be a multiple of AES block size, unless it's the last call to this function. +-- needs to happen after AAD appending, or after initialization if no AAD data. {-# NOINLINE gcmAppendEncrypt #-} gcmAppendEncrypt :: ByteArray ba => AES -> AESGCM -> ba -> (ba, AESGCM) gcmAppendEncrypt ctx gcm input = unsafeDoIO $ withGCMKeyAndCopySt ctx gcm doEnc @@ -444,8 +373,8 @@ gcmAppendEncrypt ctx gcm input = unsafeDoIO $ withGCMKeyAndCopySt ctx gcm doEnc -- | append data to decrypt and append to the GCM context -- --- bytestring need to be multiple of AES block size, unless it's the last call to this function. --- need to happen after AAD appending, or after initialization if no AAD data. +-- the bytearray needs to be a multiple of AES block size, unless it's the last call to this function. +-- needs to happen after AAD appending, or after initialization if no AAD data. {-# NOINLINE gcmAppendDecrypt #-} gcmAppendDecrypt :: ByteArray ba => AES -> AESGCM -> ba -> (ba, AESGCM) gcmAppendDecrypt ctx gcm input = unsafeDoIO $ withGCMKeyAndCopySt ctx gcm doDec @@ -466,20 +395,6 @@ gcmFinish ctx gcm taglen = AuthTag $ B.take taglen computeTag -- OCB v3 ------------------------------------------------------------------------ -{-# INLINE doOCB #-} -doOCB :: (ByteArrayAccess iv, ByteArrayAccess aad, ByteArray ba) - => (AES -> AESOCB -> ba -> (ba, AESOCB)) - -> AES - -> iv - -> aad - -> ba - -> (ba, AuthTag) -doOCB f ctx iv aad input = (output, tag) - where tag = ocbFinish ctx after 16 - (output, after) = f ctx afterAAD input - afterAAD = ocbAppendAAD ctx ini aad - ini = ocbInit ctx iv - -- | initialize an ocb context {-# NOINLINE ocbInit #-} ocbInit :: ByteArrayAccess iv => AES -> iv -> AESOCB @@ -501,7 +416,7 @@ ocbAppendAAD ctx ocb input = unsafeDoIO (snd `fmap` withOCBKeyAndCopySt ctx ocb -- | append data to encrypt and append to the OCB context -- --- bytestring need to be multiple of AES block size, unless it's the last call to this function. +-- the bytearray needs to be a multiple of the AES block size, unless it's the last call to this function. -- need to happen after AAD appending, or after initialization if no AAD data. {-# NOINLINE ocbAppendEncrypt #-} ocbAppendEncrypt :: ByteArray ba => AES -> AESOCB -> ba -> (ba, AESOCB) @@ -514,7 +429,7 @@ ocbAppendEncrypt ctx ocb input = unsafeDoIO $ withOCBKeyAndCopySt ctx ocb doEnc -- | append data to decrypt and append to the OCB context -- --- bytestring need to be multiple of AES block size, unless it's the last call to this function. +-- the bytearray needs to be a multiple of the AES block size, unless it's the last call to this function. -- need to happen after AAD appending, or after initialization if no AAD data. {-# NOINLINE ocbAppendDecrypt #-} ocbAppendDecrypt :: ByteArray ba => AES -> AESOCB -> ba -> (ba, AESOCB)