Safe Haskell	Safe-Inferred
Language	Haskell2010

Crypto.PHKDF.HMAC

Description

An alternate implementation of HMAC in terms of cryptohash-sha256, because the HMAC implementation provided there doesn't support precomputed keys or streaming inputs. TODO: prepare a patch for cryptohash-sha256.

Synopsis

data HmacCtx
data HmacKey
hmacKey_init :: ByteString -> HmacKey
hmacKey_run :: HmacKey -> HmacCtx
hmacCtx_init :: ByteString -> HmacCtx
hmacCtx_initFromHmacKey :: HmacKey -> HmacCtx
hmacCtx_update :: ByteString -> HmacCtx -> HmacCtx
hmacCtx_updates :: [ByteString] -> HmacCtx -> HmacCtx
hmacCtx_finalize :: HmacCtx -> ByteString

Documentation

data HmacCtx Source #

Fixed-size context representing the state of a partial HMAC computation with a complete HMAC key and a partial message parameter.

Instances

Instances details

Eq HmacCtx Source #
Instance details Defined in Crypto.PHKDF.HMAC.Subtle Methods (==) :: HmacCtx -> HmacCtx -> Bool # (/=) :: HmacCtx -> HmacCtx -> Bool #

data HmacKey Source #

A precomputed HMAC key. Computing an HMAC key costs two SHA256 blocks.

No additional blocks are incurred for keys that are 64 bytes or less in length. Keys that are longer than 64 bytes long must be first hashed with SHA256 before the key can be derived, incurring extra blocks.

It is not uncommon that implementations of PBKDF2, HKDF, etc unnecessarily redo this computation even though a single HMAC key is used repeatedly.

TODO: FIXME: this data structure is way larger than it should be. We can pack this into a single 64-byte bytestring, but right now it's 208 bytes of data plus extra overhead.

On the other hand, this approach may actually be more efficient for the core PHKDF algorithm as currently implemented. Reducing the size of this data structure while maintaining tight code involves some additional work on cryptohash-sha256

Instances

Instances details

Eq HmacKey Source #
Instance details Defined in Crypto.PHKDF.HMAC.Subtle Methods (==) :: HmacKey -> HmacKey -> Bool # (/=) :: HmacKey -> HmacKey -> Bool #

hmacKey_init :: ByteString -> HmacKey Source #

Precompute an HMAC key for some literal HMAC key.

hmacKey_run :: HmacKey -> HmacCtx Source #

hmacCtx_init :: ByteString -> HmacCtx Source #

Initialize a new empty HMAC context from a literal HMAC key.

hmacCtx_initFromHmacKey :: HmacKey -> HmacCtx Source #

Initialize a new empty HMAC context from a precomputed HMAC key.

hmacCtx_update :: ByteString -> HmacCtx -> HmacCtx Source #

Append a bytestring onto the end of the message argument to HMAC.

hmacCtx_updates :: [ByteString] -> HmacCtx -> HmacCtx Source #

Append zero or more bytestrings onto the end of the message argument to HMAC.

hmacCtx_finalize :: HmacCtx -> ByteString Source #

Finish computing the final 32-byte hash for an HMAC context.