Safe Haskell	None
Language	Haskell2010

NaCl.Auth

Description

Symmetric message authentication.

It is best to import this module qualified:

import qualified NaCl.Auth as Auth

authenticator = Auth.create key message
if Secretbox.verify key message authenticator
then {- Ok! -}
else {- Fail! -}

This is crypto_auth_* from NaCl.

Synopsis

type Key a = SizedByteArray CRYPTO_AUTH_KEYBYTES a
toKey :: ByteArrayAccess ba => ba -> Maybe (Key ba)
type Authenticator a = SizedByteArray CRYPTO_AUTH_BYTES a
toAuthenticator :: ByteArrayAccess ba => ba -> Maybe (Authenticator ba)
create :: (ByteArray authBytes, ByteArrayAccess keyBytes, ByteArrayAccess msg) => Key keyBytes -> msg -> Authenticator authBytes
verify :: (ByteArrayAccess authBytes, ByteArrayAccess msg, ByteArrayAccess keyBytes) => Key keyBytes -> msg -> Authenticator authBytes -> Bool

Documentation

type Key a = SizedByteArray CRYPTO_AUTH_KEYBYTES a Source #

Secret key that can be used for Sea authentication.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString, but, since this is a secret key, it is better to use ScrubbedBytes.

toKey :: ByteArrayAccess ba => ba -> Maybe (Key ba) Source #

Make a Key from an arbitrary byte array.

This function returns Just if and only if the byte array has the right length to be used as a key for authentication.

type Authenticator a = SizedByteArray CRYPTO_AUTH_BYTES a Source #

A tag that confirms the authenticity of somde data.

toAuthenticator :: ByteArrayAccess ba => ba -> Maybe (Authenticator ba) Source #

Convert raw bytes into an Authenticator.

This function returns Just if and only if the byte array has the right length to be used as an authenticator.

create Source #

Arguments

:: (ByteArray authBytes, ByteArrayAccess keyBytes, ByteArrayAccess msg)
=> Key keyBytes	Secret key.
-> msg	Message to authenticate.
-> Authenticator authBytes

Create an authenticator for a message.

authenticator = Auth.create key message

key is the secret key used for authentication. See NaCl.Secretbox for how to crete it, as the idea is the same.
message is the data you are authenticating.

This function produces authentication data, so if anyone modifies the message, verify will return False.

verify Source #

Arguments

:: (ByteArrayAccess authBytes, ByteArrayAccess msg, ByteArrayAccess keyBytes)
=> Key keyBytes	Secret key.
-> msg	Authenticated message.
-> Authenticator authBytes	Authenticator tag.
-> Bool

Verify an authenticator for a message.

isValid = Auth.verify key message authenticator

key and message are the same as when creating the authenticator.
authenticator is the output of create.

This function will return False if the message is not exactly the same as it was when the authenticator was created.