| Copyright | (c) Joseph Abrahamson 2013 |
|---|---|
| License | MIT |
| Maintainer | me@jspha.com |
| Stability | experimental |
| Portability | non-portable |
| Safe Haskell | None |
| Language | Haskell2010 |
Crypto.Saltine.Core.Auth
Description
Secret-key message authentication: Crypto.Saltine.Core.Auth
The auth function authenticates a message ByteString using a
secret key The function returns an authenticator. The verify
function checks if it's passed a correct authenticator of a message
under the given secret key.
The auth function, viewed as a function of the message for a
uniform random key, is designed to meet the standard notion of
unforgeability. This means that an attacker cannot find
authenticators for any messages not authenticated by the sender,
even if the attacker has adaptively influenced the messages
authenticated by the sender. For a formal definition see, e.g.,
Section 2.4 of Bellare, Kilian, and Rogaway, "The security of the
cipher block chaining message authentication code," Journal of
Computer and System Sciences 61 (2000), 362–399;
http://www-cse.ucsd.edu/~mihir/papers/cbc.html.
Saltine does not make any promises regarding "strong" unforgeability; perhaps one valid authenticator can be converted into another valid authenticator for the same message. NaCl also does not make any promises regarding "truncated unforgeability."
Crypto.Saltine.Core.Auth is currently an implementation of HMAC-SHA-512-256, i.e., the first 256 bits of HMAC-SHA-512. HMAC-SHA-512-256 is conjectured to meet the standard notion of unforgeability.
This is version 2010.08.30 of the auth.html web page.
Synopsis
- data Key
- data Authenticator
- newKey :: IO Key
- auth :: Key -> ByteString -> Authenticator
- verify :: Key -> Authenticator -> ByteString -> Bool
Documentation
An opaque auth cryptographic key.
Instances
| Eq Key Source # | |
| Ord Key Source # | |
| IsEncoding Key Source # | |
Defined in Crypto.Saltine.Core.Auth Methods encode :: Key -> ByteString Source # decode :: ByteString -> Maybe Key Source # encoded :: (Choice p, Applicative f) => p Key (f Key) -> p ByteString (f ByteString) Source # | |
data Authenticator Source #
An opaque auth authenticator.
Instances
| Eq Authenticator Source # | |
Defined in Crypto.Saltine.Core.Auth Methods (==) :: Authenticator -> Authenticator -> Bool # (/=) :: Authenticator -> Authenticator -> Bool # | |
| Ord Authenticator Source # | |
Defined in Crypto.Saltine.Core.Auth Methods compare :: Authenticator -> Authenticator -> Ordering # (<) :: Authenticator -> Authenticator -> Bool # (<=) :: Authenticator -> Authenticator -> Bool # (>) :: Authenticator -> Authenticator -> Bool # (>=) :: Authenticator -> Authenticator -> Bool # max :: Authenticator -> Authenticator -> Authenticator # min :: Authenticator -> Authenticator -> Authenticator # | |
| IsEncoding Authenticator Source # | |
Defined in Crypto.Saltine.Core.Auth Methods encode :: Authenticator -> ByteString Source # decode :: ByteString -> Maybe Authenticator Source # encoded :: (Choice p, Applicative f) => p Authenticator (f Authenticator) -> p ByteString (f ByteString) Source # | |
Arguments
| :: Key | |
| -> ByteString | Message |
| -> Authenticator |
Computes an keyed authenticator ByteString from a message. It
is infeasible to forge these authenticators without the key, even
if an attacker observes many authenticators and messages and has
the ability to influence the messages sent.
Arguments
| :: Key | |
| -> Authenticator | |
| -> ByteString | Message |
| -> Bool | Is this message authentic? |
Checks to see if an authenticator is a correct proof that a message was signed by some key.