phkdf-0.0.0.0: Toolkit for self-documenting password hash and key derivation functions.
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.PHKDF.HMAC.Subtle

Description

Internal data structures representing precomputed HMAC keys and partial HMAC contexts, supporting incremental computation and backtracking.

Synopsis

Documentation

data HmacCtx Source #

Fixed-size context representing the state of a partial HMAC computation with a complete HMAC key and a partial message parameter.

Constructors

HmacCtx 

Fields

Instances

Instances details
Eq HmacCtx Source # 
Instance details

Defined in Crypto.PHKDF.HMAC.Subtle

Methods

(==) :: HmacCtx -> HmacCtx -> Bool #

(/=) :: HmacCtx -> HmacCtx -> Bool #

newtype HmacKey Source #

A precomputed HMAC key. Computing an HMAC key costs two SHA256 blocks.

No additional blocks are incurred for keys that are 64 bytes or less in length. Keys that are longer than 64 bytes long must be first hashed with SHA256 before the key can be derived, incurring extra blocks.

It is not uncommon that implementations of PBKDF2, HKDF, etc unnecessarily redo this computation even though a single HMAC key is used repeatedly.

TODO: FIXME: this data structure is way larger than it should be. We can pack this into a single 64-byte bytestring, but right now it's 208 bytes of data plus extra overhead.

On the other hand, this approach may actually be more efficient for the core PHKDF algorithm as currently implemented. Reducing the size of this data structure while maintaining tight code involves some additional work on cryptohash-sha256

Constructors

HmacKey 

Fields

Instances

Instances details
Eq HmacKey Source # 
Instance details

Defined in Crypto.PHKDF.HMAC.Subtle

Methods

(==) :: HmacKey -> HmacKey -> Bool #

(/=) :: HmacKey -> HmacKey -> Bool #

hmacKey_ipad :: HmacKey -> Ctx Source #

hmacKey_opad :: HmacKey -> Ctx Source #