chacha

commit efad15250e776b00cf37535c18ffc01c520fc679
parent 172c086ac9519af61b9ca87b4a8789bbbbdb0f38
Author: Jared Tobin <jared@jtobin.io>
Date:   Wed, 11 Jun 2025 11:29:31 +0400

lib: total functions

Diffstat:
M
README.md
 | 
4
++--
M
bench/Main.hs
 | 
9
+++++++++
M
lib/Crypto/Cipher/ChaCha20.hs
 | 
24
++++++++++++++++--------
M
ppad-chacha.cabal
 | 
1
+
M
test/Main.hs
 | 
9
+++++----

5 files changed, 33 insertions(+), 14 deletions(-)
diff --git a/README.md b/README.md
@@ -20,13 +20,13 @@ A sample GHCi session:
   > -- encrypt some plaintext using a secret key and nonce
   > let key = "don't tell anyone my secret key!"
   > let non = "or my nonce!"
-  > let ciphertext = ChaCha20.cipher key 1 non "but you can share the plaintext"
+  > let Right ciphertext = ChaCha20.cipher key 1 non "but you can share the plaintext"
   > ciphertext
   "\192*c\248A\204\211n\130y8\197\146k\245\178Y\197=\180_\223\138\146:^\206\&0\v[\201"
   >
   > -- use the cipher with the same key, counter, and nonce to decrypt the ciphertext
   > ChaCha20.cipher key 1 non ciphertext
-  "but you can share the plaintext"
+  Right "but you can share the plaintext"
 ```
 
 ## Documentation
diff --git a/bench/Main.hs b/bench/Main.hs
@@ -1,13 +1,22 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
 {-# LANGUAGE BangPatterns #-}
+{-# LANGUAGE DeriveGeneric #-}
 {-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StandaloneDeriving #-}
 
 module Main where
 
+import Control.DeepSeq
 import Criterion.Main
 import qualified Crypto.Cipher.ChaCha20 as ChaCha20
 import qualified Data.ByteString as BS
 import qualified Data.ByteString.Base16 as B16
 import Data.Maybe (fromJust)
+import GHC.Generics
+
+deriving instance Generic ChaCha20.Error
+
+instance NFData ChaCha20.Error
 
 main :: IO ()
 main = defaultMain [
diff --git a/lib/Crypto/Cipher/ChaCha20.hs b/lib/Crypto/Cipher/ChaCha20.hs
@@ -20,6 +20,9 @@ module Crypto.Cipher.ChaCha20 (
     -- * ChaCha20 block function
   , block
 
+    -- * Error information
+  , Error(..)
+
     -- testing
   , ChaCha(..)
   , _chacha
@@ -266,6 +269,11 @@ _block state@(ChaCha s) counter = do
     PA.writePrimArray s idx (iv + sv)
   serialize state
 
+data Error =
+    InvalidKey
+  | InvalidNonce
+  deriving (Eq, Show)
+
 -- RFC8439 2.3
 
 -- | The ChaCha20 block function. Useful for generating a keystream.
@@ -276,11 +284,11 @@ block
   :: BS.ByteString    -- ^ 256-bit key
   -> Word32           -- ^ 32-bit counter
   -> BS.ByteString    -- ^ 96-bit nonce
-  -> BS.ByteString    -- ^ 512-bit keystream
+  -> Either Error BS.ByteString    -- ^ 512-bit keystream
 block key@(BI.PS _ _ kl) counter nonce@(BI.PS _ _ nl)
-  | kl /= 32 = error "ppad-chacha (block): invalid key"
-  | nl /= 12 = error "ppad-chacha (block): invalid nonce"
-  | otherwise = runST $ do
+  | kl /= 32 = Left InvalidKey
+  | nl /= 12 = Left InvalidNonce
+  | otherwise = pure $ runST $ do
       let k = _parse_key key
           n = _parse_nonce nonce
       state@(ChaCha s) <- _chacha k counter n
@@ -330,11 +338,11 @@ cipher
   -> Word32           -- ^ 32-bit counter
   -> BS.ByteString    -- ^ 96-bit nonce
   -> BS.ByteString    -- ^ arbitrary-length plaintext
-  -> BS.ByteString    -- ^ ciphertext
+  -> Either Error BS.ByteString    -- ^ ciphertext
 cipher raw_key@(BI.PS _ _ kl) counter raw_nonce@(BI.PS _ _ nl) plaintext
-  | kl /= 32  = error "ppad-chacha (cipher): invalid key"
-  | nl /= 12  = error "ppad-chacha (cipher): invalid nonce"
-  | otherwise = runST $ do
+  | kl /= 32  = Left InvalidKey
+  | nl /= 12  = Left InvalidNonce
+  | otherwise = pure $ runST $ do
       let key = _parse_key raw_key
           non = _parse_nonce raw_nonce
       _cipher key counter non plaintext
diff --git a/ppad-chacha.cabal b/ppad-chacha.cabal
@@ -60,6 +60,7 @@ benchmark chacha-bench
       base
     , bytestring
     , criterion
+    , deepseq
     , ppad-base16
     , ppad-chacha
 
diff --git a/test/Main.hs b/test/Main.hs
@@ -1,3 +1,4 @@
+{-# OPTIONS_GHC -fno-warn-incomplete-uni-patterns #-}
 {-# LANGUAGE BangPatterns #-}
 {-# LANGUAGE MagicHash #-}
 {-# LANGUAGE OverloadedStrings #-}
@@ -114,7 +115,7 @@ crypt_non = case B16.decode "000000000000004a00000000" of
 
 encrypt :: TestTree
 encrypt = H.testCase "chacha20 encrypt" $ do
-  let o = ChaCha.cipher block_key 1 crypt_non crypt_plain
+  let Right o = ChaCha.cipher block_key 1 crypt_non crypt_plain
   H.assertEqual mempty crypt_cip o
 
 -- additional vectors
@@ -130,7 +131,7 @@ crypt1 = H.testCase "chacha20 encrypt (A.2 #1)" $ do
         "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
       cip = fromJust . B16.decode $
         "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
-      out = ChaCha.cipher key con non plain
+      Right out = ChaCha.cipher key con non plain
   H.assertEqual mempty cip out
 
 crypt2 :: TestTree
@@ -144,7 +145,7 @@ crypt2 = H.testCase "chacha20 encrypt (A.2 #2)" $ do
         "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f"
       cip = fromJust . B16.decode $
         "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
-      out = ChaCha.cipher key con non plain
+      Right out = ChaCha.cipher key con non plain
   H.assertEqual mempty cip out
 
 crypt3 :: TestTree
@@ -158,6 +159,6 @@ crypt3 = H.testCase "chacha20 encrypt (A.2 #3)" $ do
         "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e"
       cip = fromJust . B16.decode $
         "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
-      out = ChaCha.cipher key con non plain
+      Right out = ChaCha.cipher key con non plain
   H.assertEqual mempty cip out