License	BSD3
Maintainer	hvr@gnu.org
Safe Haskell	Trustworthy
Language	Haskell2010

Crypto.Argon2

Contents

Hash computation & verification
- Binary hash representation
- ASCII-encoded representation
Configuring hashing
Status codes

Description

Crypto.Argon2 provides bindings to the reference implementation of Argon2, the password-hashing function that won the Password Hashing Competition (PHC).

The main entry points to this module are hashEncoded, which produces a crypt-like ASCII output; and hash which produces a ByteString (a stream of bytes). Argon2 is a configurable hash function, and can be configured by supplying a particular set of HashOptions - defaultHashOptions should provide a good starting point. See HashOptions for more documentation on the particular parameters that can be adjusted.

For (unsafe) access directly to the C interface, see Crypto.Argon2.FFI.

Since: 1.3.0.0

Synopsis

Hash computation & verification

Binary hash representation

hash Source #

Arguments

:: HashOptions	Options pertaining to how expensive the hash is to calculate.
-> ByteString	The password to hash. Must be less than 4294967295 bytes.
-> ByteString	The salt to use when hashing. Must be less than 4294967295 bytes.
-> Either Argon2Status ByteString	The un-encoded password hash (or error code in case of failure).

Encode a password with a given salt and HashOptions and produce a binary stream of bytes (of size hashLength).

ASCII-encoded representation

These operations use the PHC string format, a crypt(3)-like serialization format for password hashes.

hashEncoded Source #

Arguments

:: HashOptions	Options pertaining to how expensive the hash is to calculate.
-> ByteString	The password to hash. Must be less than 4294967295 bytes.
-> ByteString	The salt to use when hashing. Must be less than 4294967295 bytes.
-> Either Argon2Status ShortText	The encoded password hash (or error code in case of failure).

Encode a password with a given salt and HashOptions and produce a textual encoding according to the PHC string format of the result.

Use verifyEncoded to verify.

verifyEncoded :: ShortText -> ByteString -> Argon2Status Source #

Verify that a given password could result in a given hash output. Automatically determines the correct HashOptions based on the encoded hash (using the PHC string format as produced by hashEncoded).

Returns Argon2Ok on successful verification. If decoding is successful but the password mismatches, Argon2VerifyMismatch is returned; if decoding fails, the respective Argon2Status code is returned.

Configuring hashing

data HashOptions Source #

Parameters that can be adjusted to change the runtime performance of the hashing. See also defaultHashOptions.

Constructors

HashOptions

Fields

hashIterations :: !Word32
The time cost, which defines the amount of computation realized and therefore the execution time, given in number of iterations.
ARGON2_MIN_TIME <= hashIterations <= ARGON2_MAX_TIME
hashMemory :: !Word32
The memory cost, which defines the memory usage, given in kibibytes.
max ARGON2_MIN_MEMORY (8 * hashParallelism) <= hashMemory <= ARGON2_MAX_MEMORY
hashParallelism :: !Word32
A parallelism degree, which defines the number of parallel threads.
ARGON2_MIN_LANES <= hashParallelism <= ARGON2_MAX_LANES && ARGON_MIN_THREADS <= hashParallelism <= ARGON2_MAX_THREADS
hashVariant :: !Argon2Variant
Which variant of Argon2 to use.
hashVersion :: !Argon2Version
Which version of Argon2 to use for generating hashes.
hashLength :: !Word32
Desired length of hash expressed in octets.

Instances

Bounded HashOptions Source #
Methods minBound :: HashOptions # maxBound :: HashOptions #
Eq HashOptions Source #
Methods (==) :: HashOptions -> HashOptions -> Bool # (/=) :: HashOptions -> HashOptions -> Bool #
Ord HashOptions Source #
Methods compare :: HashOptions -> HashOptions -> Ordering # (<) :: HashOptions -> HashOptions -> Bool # (<=) :: HashOptions -> HashOptions -> Bool # (>) :: HashOptions -> HashOptions -> Bool # (>=) :: HashOptions -> HashOptions -> Bool # max :: HashOptions -> HashOptions -> HashOptions # min :: HashOptions -> HashOptions -> HashOptions #
Read HashOptions Source #
Methods readsPrec :: Int -> ReadS HashOptions # readList :: ReadS [HashOptions] # readPrec :: ReadPrec HashOptions # readListPrec :: ReadPrec [HashOptions] #
Show HashOptions Source #
Methods showsPrec :: Int -> HashOptions -> ShowS # show :: HashOptions -> String # showList :: [HashOptions] -> ShowS #
Generic HashOptions Source #
Associated Types type Rep HashOptions :: * -> * # Methods from :: HashOptions -> Rep HashOptions x # to :: Rep HashOptions x -> HashOptions #
NFData HashOptions Source #
Methods rnf :: HashOptions -> () #
type Rep HashOptions Source #
type Rep HashOptions = D1 * (MetaData "HashOptions" "Crypto.Argon2" "argon2-1.3.0.0-3ASTb2AnD95JV4mJ6Vmn0b" False) (C1 * (MetaCons "HashOptions" PrefixI True) ((::) ((::) (S1 * (MetaSel (Just Symbol "hashIterations") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Word32)) ((::) (S1 * (MetaSel (Just Symbol "hashMemory") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Word32)) (S1 * (MetaSel (Just Symbol "hashParallelism") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Word32)))) ((::) (S1 * (MetaSel (Just Symbol "hashVariant") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Argon2Variant)) ((::) (S1 * (MetaSel (Just Symbol "hashVersion") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Argon2Version)) (S1 * (MetaSel (Just Symbol "hashLength") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Word32))))))

data Argon2Variant Source #

Which variant of Argon2 to use. You should choose the variant that is most applicable to your intention to hash inputs.

Constructors

Argon2i	Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks.
Argon2d	Argon2d is faster and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks.
Argon2id	Argon2id works as Argon2i for the first half of the first iteration over the memory, and as Argon2d for the rest, thus providing both side-channel attack protection and brute-force cost savings due to time-memory tradeoffs.

Instances

Bounded Argon2Variant Source #
Methods minBound :: Argon2Variant # maxBound :: Argon2Variant #
Enum Argon2Variant Source #
Methods succ :: Argon2Variant -> Argon2Variant # pred :: Argon2Variant -> Argon2Variant # toEnum :: Int -> Argon2Variant # fromEnum :: Argon2Variant -> Int # enumFrom :: Argon2Variant -> [Argon2Variant] # enumFromThen :: Argon2Variant -> Argon2Variant -> [Argon2Variant] # enumFromTo :: Argon2Variant -> Argon2Variant -> [Argon2Variant] # enumFromThenTo :: Argon2Variant -> Argon2Variant -> Argon2Variant -> [Argon2Variant] #
Eq Argon2Variant Source #
Methods (==) :: Argon2Variant -> Argon2Variant -> Bool # (/=) :: Argon2Variant -> Argon2Variant -> Bool #
Ord Argon2Variant Source #
Methods compare :: Argon2Variant -> Argon2Variant -> Ordering # (<) :: Argon2Variant -> Argon2Variant -> Bool # (<=) :: Argon2Variant -> Argon2Variant -> Bool # (>) :: Argon2Variant -> Argon2Variant -> Bool # (>=) :: Argon2Variant -> Argon2Variant -> Bool # max :: Argon2Variant -> Argon2Variant -> Argon2Variant # min :: Argon2Variant -> Argon2Variant -> Argon2Variant #
Read Argon2Variant Source #
Methods readsPrec :: Int -> ReadS Argon2Variant # readList :: ReadS [Argon2Variant] # readPrec :: ReadPrec Argon2Variant # readListPrec :: ReadPrec [Argon2Variant] #
Show Argon2Variant Source #
Methods showsPrec :: Int -> Argon2Variant -> ShowS # show :: Argon2Variant -> String # showList :: [Argon2Variant] -> ShowS #
Generic Argon2Variant Source #
Associated Types type Rep Argon2Variant :: * -> * # Methods from :: Argon2Variant -> Rep Argon2Variant x # to :: Rep Argon2Variant x -> Argon2Variant #
NFData Argon2Variant Source #
Methods rnf :: Argon2Variant -> () #
type Rep Argon2Variant Source #
type Rep Argon2Variant = D1 * (MetaData "Argon2Variant" "Crypto.Argon2" "argon2-1.3.0.0-3ASTb2AnD95JV4mJ6Vmn0b" False) ((:+:) * (C1 * (MetaCons "Argon2i" PrefixI False) (U1 )) ((:+:) (C1 * (MetaCons "Argon2d" PrefixI False) (U1 )) (C1 (MetaCons "Argon2id" PrefixI False) (U1 *))))

data Argon2Version Source #

Version of the Argon2 algorithm.

Constructors

Argon2Version10	Version 1.0 (deprecated)
Argon2Version13	Version 1.3 (See this announcment for more details)

Instances

Bounded Argon2Version Source #
Methods minBound :: Argon2Version # maxBound :: Argon2Version #
Enum Argon2Version Source #
Methods succ :: Argon2Version -> Argon2Version # pred :: Argon2Version -> Argon2Version # toEnum :: Int -> Argon2Version # fromEnum :: Argon2Version -> Int # enumFrom :: Argon2Version -> [Argon2Version] # enumFromThen :: Argon2Version -> Argon2Version -> [Argon2Version] # enumFromTo :: Argon2Version -> Argon2Version -> [Argon2Version] # enumFromThenTo :: Argon2Version -> Argon2Version -> Argon2Version -> [Argon2Version] #
Eq Argon2Version Source #
Methods (==) :: Argon2Version -> Argon2Version -> Bool # (/=) :: Argon2Version -> Argon2Version -> Bool #
Ord Argon2Version Source #
Methods compare :: Argon2Version -> Argon2Version -> Ordering # (<) :: Argon2Version -> Argon2Version -> Bool # (<=) :: Argon2Version -> Argon2Version -> Bool # (>) :: Argon2Version -> Argon2Version -> Bool # (>=) :: Argon2Version -> Argon2Version -> Bool # max :: Argon2Version -> Argon2Version -> Argon2Version # min :: Argon2Version -> Argon2Version -> Argon2Version #
Read Argon2Version Source #
Methods readsPrec :: Int -> ReadS Argon2Version # readList :: ReadS [Argon2Version] # readPrec :: ReadPrec Argon2Version # readListPrec :: ReadPrec [Argon2Version] #
Show Argon2Version Source #
Methods showsPrec :: Int -> Argon2Version -> ShowS # show :: Argon2Version -> String # showList :: [Argon2Version] -> ShowS #
Generic Argon2Version Source #
Associated Types type Rep Argon2Version :: * -> * # Methods from :: Argon2Version -> Rep Argon2Version x # to :: Rep Argon2Version x -> Argon2Version #
NFData Argon2Version Source #
Methods rnf :: Argon2Version -> () #
type Rep Argon2Version Source #
type Rep Argon2Version = D1 * (MetaData "Argon2Version" "Crypto.Argon2" "argon2-1.3.0.0-3ASTb2AnD95JV4mJ6Vmn0b" False) ((:+:) * (C1 * (MetaCons "Argon2Version10" PrefixI False) (U1 )) (C1 (MetaCons "Argon2Version13" PrefixI False) (U1 *)))

defaultHashOptions :: HashOptions Source #

A set of default HashOptions, taken from the argon2 executable.

defaultHashOptions :: HashOptions
defaultHashOptions =
  HashOptions { hashIterations  = 3
              , hashMemory      = 2 ^ 12 -- 4 MiB
              , hashParallelism = 1
              , hashVariant     = Argon2i
              , hashVersion     = Argon2Version13
              , hashLength      = 2 ^ 5 -- 32 bytes
              }

For more information on how to select these parameters for your application, see section 6.4 of the Argon2 specification.

Status codes

data Argon2Status Source #

Returned status code for Argon2 functions.

Not all HashOptions can necessarily be used to compute hashes. If you supply unsupported or invalid HashOptions (or hashing otherwise fails) an Argon2Status value will be returned to describe the failure.

Note that this enumeration contains some status codes which are not expected to be returned by the operation provided by the Haskell API.

Constructors

Argon2Ok	OK (operation succeeded)
Argon2OutputPtrNull	Output pointer is `NULL`
Argon2OutputTooShort	Output is too short
Argon2OutputTooLong	Output is too long
Argon2PwdTooShort	Password is too short
Argon2PwdTooLong	Password is too long
Argon2SaltTooShort	Salt is too short
Argon2SaltTooLong	Salt is too long
Argon2AdTooShort	Associated data is too short
Argon2AdTooLong	Associated data is too long
Argon2SecretTooShort	Secret is too short
Argon2SecretTooLong	Secret is too long
Argon2TimeTooSmall	Time cost is too small
Argon2TimeTooLarge	Time cost is too large
Argon2MemoryTooLittle	Memory cost is too small
Argon2MemoryTooMuch	Memory cost is too large
Argon2LanesTooFew	Too few lanes
Argon2LanesTooMany	Too many lanes
Argon2PwdPtrMismatch	Password pointer is `NULL`, but password length is not 0
Argon2SaltPtrMismatch	Salt pointer is `NULL`, but salt length is not 0
Argon2SecretPtrMismatch	Secret pointer is `NULL`, but secret length is not 0
Argon2AdPtrMismatch	Associated data pointer is `NULL`, but ad length is not 0
Argon2MemoryAllocationError	Memory allocation error
Argon2FreeMemoryCbkNull	The free memory callback is `NULL`
Argon2AllocateMemoryCbkNull	The allocate memory callback is `NULL`
Argon2IncorrectParameter	`Argon2_Context` context is `NULL`
Argon2IncorrectType	There is no such version of Argon2
Argon2OutPtrMismatch	Output pointer mismatch
Argon2ThreadsTooFew	Not enough threads
Argon2ThreadsTooMany	Too many threads
Argon2MissingArgs	Missing arguments
Argon2EncodingFail	Encoding failed
Argon2DecodingFail	Decoding failed
Argon2ThreadFail	Threading failure
Argon2DecodingLengthFail	Some of encoded parameters are too long or too short
Argon2VerifyMismatch	The password does not match the supplied hash
Argon2InternalError	Internal error or unrecognized status code

Instances

Bounded Argon2Status Source #
Methods minBound :: Argon2Status # maxBound :: Argon2Status #
Enum Argon2Status Source #
Methods succ :: Argon2Status -> Argon2Status # pred :: Argon2Status -> Argon2Status # toEnum :: Int -> Argon2Status # fromEnum :: Argon2Status -> Int # enumFrom :: Argon2Status -> [Argon2Status] # enumFromThen :: Argon2Status -> Argon2Status -> [Argon2Status] # enumFromTo :: Argon2Status -> Argon2Status -> [Argon2Status] # enumFromThenTo :: Argon2Status -> Argon2Status -> Argon2Status -> [Argon2Status] #
Eq Argon2Status Source #
Methods (==) :: Argon2Status -> Argon2Status -> Bool # (/=) :: Argon2Status -> Argon2Status -> Bool #
Ord Argon2Status Source #
Methods compare :: Argon2Status -> Argon2Status -> Ordering # (<) :: Argon2Status -> Argon2Status -> Bool # (<=) :: Argon2Status -> Argon2Status -> Bool # (>) :: Argon2Status -> Argon2Status -> Bool # (>=) :: Argon2Status -> Argon2Status -> Bool # max :: Argon2Status -> Argon2Status -> Argon2Status # min :: Argon2Status -> Argon2Status -> Argon2Status #
Read Argon2Status Source #
Methods readsPrec :: Int -> ReadS Argon2Status # readList :: ReadS [Argon2Status] # readPrec :: ReadPrec Argon2Status # readListPrec :: ReadPrec [Argon2Status] #
Show Argon2Status Source #
Methods showsPrec :: Int -> Argon2Status -> ShowS # show :: Argon2Status -> String # showList :: [Argon2Status] -> ShowS #
Exception Argon2Status Source #
Methods toException :: Argon2Status -> SomeException # fromException :: SomeException -> Maybe Argon2Status # displayException :: Argon2Status -> String #
NFData Argon2Status Source #
Methods rnf :: Argon2Status -> () #