Copyright	(c) 2024 Jared Tobin
License	MIT
Maintainer	Jared Tobin <jared@ppad.tech>
Safe Haskell	None
Language	Haskell2010

Crypto.DRBG.HMAC.SHA256

Contents

DRBG and HMAC function types
DRBG interaction

Description

A pure HMAC-DRBG implementation, as specified by NIST SP-800-90A.

Synopsis

data DRBG s
data Error
- = MaxBytesExceeded
- | ReseedRequired
new :: PrimMonad m => ByteString -> ByteString -> ByteString -> m (DRBG (PrimState m))
gen :: PrimMonad m => DRBG (PrimState m) -> ByteString -> Word64 -> m (Either Error ByteString)
reseed :: PrimMonad m => DRBG (PrimState m) -> ByteString -> ByteString -> m ()
wipe :: PrimMonad m => DRBG (PrimState m) -> m ()

DRBG and HMAC function types

data DRBG s Source #

A deterministic random bit generator (DRBG).

Create a DRBG with new, and then use and reuse it to generate bytes as needed.

>>> drbg <- new entropy nonce personalization_string
>>> bytes0 <- gen drbg mempty 10
>>> bytes1 <- gen drbg mempty 10
>>> drbg
"<drbg>"

Instances

Instances details

Show (DRBG s) Source #
Instance details Defined in Crypto.DRBG.HMAC.SHA256 Methods showsPrec :: Int -> DRBG s -> ShowS # show :: DRBG s -> String # showList :: [DRBG s] -> ShowS #

data Error Source #

A DRBG error.

Constructors

MaxBytesExceeded	More than 65536 bytes have been requested.
ReseedRequired	The DRBG must be reseeded (via `reseed`).

Instances

Instances details

Show Error Source #
Instance details Defined in Crypto.DRBG.HMAC.Internal Methods showsPrec :: Int -> Error -> ShowS # show :: Error -> String # showList :: [Error] -> ShowS #
Eq Error Source #
Instance details Defined in Crypto.DRBG.HMAC.Internal Methods (==) :: Error -> Error -> Bool # (/=) :: Error -> Error -> Bool #

DRBG interaction

new Source #

Arguments

:: PrimMonad m
=> ByteString	entropy
-> ByteString	nonce
-> ByteString	personalization string
-> m (DRBG (PrimState m))

Create a HMAC-SHA256 DRBG from the supplied entropy, nonce, and personalization string.

The DRBG is returned in any PrimMonad, e.g. 'ST s' or IO.

>>> new entropy nonce personalization_string
"<drbg>"

gen :: PrimMonad m => DRBG (PrimState m) -> ByteString -> Word64 -> m (Either Error ByteString) Source #

Generate bytes from a DRBG, optionally injecting additional bytes per SP 800-90A.

Per SP 800-90A, the maximum number of bytes that can be requested on any invocation is 65536. Larger requests will return MaxBytesExceeded.

>>> import qualified Data.ByteString.Base16 as B16
>>> drbg <- new entropy nonce personalization_string
>>> Right bytes0 <- gen drbg addl_bytes 16
>>> Right bytes1 <- gen drbg addl_bytes 16
>>> B16.encode bytes0
"938d6ca6d0b797f7b3c653349d6e3135"
>>> B16.encode bytes1
"5f379d16de6f2c6f8a35c56f13f9e5a5"

reseed :: PrimMonad m => DRBG (PrimState m) -> ByteString -> ByteString -> m () Source #

Reseed a DRBG.

Each DRBG has an internal reseed counter that tracks the number of requests made to the generator (note requests made, not bytes generated). SP 800-90A specifies that a HMAC-DRBG should support 2 ^ 48 requests before requiring a reseed, so in practice you're unlikely to ever need to use this to actually reset the counter.

Note however that reseed can be used to implement "explicit" prediction resistance, per SP 800-90A, by injecting entropy generated elsewhere into the DRBG.

>>> import qualified System.Entropy as E
>>> entropy <- E.getEntropy 32
>>> reseed entropy addl_bytes drbg
"<reseeded drbg>"

wipe :: PrimMonad m => DRBG (PrimState m) -> m () Source #

Wipe the state of a DRBG.

You should call this when you're finished with a DRBG to ensure that its state is wiped from memory.

>>> drbg <- new mempty mempty mempty
>>> Right bytes <- gen drbg addl_bytes 16
>>> wipe drbg
>>> -- do something with bytes