Copyright	(c) 2024 Auth Global
License	Apache2
Safe Haskell	None
Language	Haskell2010

Crypto.Sha256.Hkdf

Description

Implementation of HKDF-SHA256 supporting key reuse, backtracking, streaming, and more.

Synopsis

hkdf :: HmacKeyPlain -> ByteString -> ByteString -> Int -> ByteString
hkdf' :: HmacKeyPlain -> ByteString -> ByteString -> Int -> HashString
hkdfList :: HmacKeyPlain -> ByteString -> ByteString -> [ByteString]
hkdfList' :: HmacKeyPlain -> ByteString -> ByteString -> [HashString]
hkdfGen :: HmacKeyPlain -> ByteString -> ByteString -> HkdfGen
hkdfExtract :: HmacKey -> ByteString -> HmacKey
hkdfExpand :: HmacKey -> ByteString -> Int -> ByteString
hkdfExpand' :: HmacKey -> ByteString -> Int -> HashString
hkdfExpandList :: HmacKey -> ByteString -> [ByteString]
hkdfExpandList' :: HmacKey -> ByteString -> [HashString]
hkdfExpandGen :: HmacKey -> ByteString -> HkdfGen
data HkdfCtx
hkdfCtx_init :: HmacKey -> HkdfCtx
hkdfCtx_feed :: ByteString -> HkdfCtx -> HkdfCtx
hkdfCtx_feeds :: Foldable f => f ByteString -> HkdfCtx -> HkdfCtx
hkdfCtx_update :: HkdfCtx -> ByteString -> HkdfCtx
hkdfCtx_updates :: Foldable f => HkdfCtx -> f ByteString -> HkdfCtx
hkdfCtx_finalize :: HkdfCtx -> HmacKey
data HkdfGen
hkdfGen_init :: HmacKey -> ShortByteString -> HkdfGen
hkdfGen_read :: HkdfGen -> (ByteString, HkdfGen)
hkdfGen_read' :: HkdfGen -> (HashString, HkdfGen)
hkdfGen_peek :: HkdfGen -> Maybe HashString

Documentation

hkdf Source #

Arguments

:: HmacKeyPlain	salt
-> ByteString	initial keying material
-> ByteString	info tag
-> Int	desired output length
-> ByteString

hkdf salt ikm info len returns a hash of the given length in bytes. There are two useful partial applications, hkdf salt and hkdf salt ikm. This function has been implemented in a point-free style so that these partial applications do actually perform partial evaluation.

Exactly like hmac, each reused application of hkdf salt will save 2 SHA256 block computations for keys up to 64 bytes long, or 4 blocks for keys 65-119 bytes long with one additional block computation for every 64 bytes of key thereafter.

Each reused application of hkdf salt ikm will save everything mentioned above, plus an additional 4 blocks for an ikm that is up to 55 bytes long, plus one additional block for every 64 bytes of ikm thereafter.

This results in a precomputed pseudorandom key. From this point, each output block requires 2 additional SHA256 block computations if the info tag is 0-22 bytes long, and one additional SHA256 block computation per output block for every 64 bytes of tag thereafter. Each output block is 32 bytes long.

According to RFC 5869, hkdf-sha256 is only defined for up to 255 output blocks, resulting in a maximum output length of 8160 bytes. However, this implementation extends the definition to arbitrary output lengths by wrapping the output counter. According to NIST SP 800-108, this mode of operation is not recommended for more than 256 blocks of output, resulting in a maximum output length of 8196 bytes.

Note that if you request two outputs with the same parameters other than length, then the shorter output will be a prefix of the longer output.

hkdf' Source #

Arguments

:: HmacKeyPlain	salt
-> ByteString	initial keying material
-> ByteString	info tag
-> Int	desired output length
-> HashString

variation of hkdf that returns a HashString

hkdfList Source #

Arguments

:: HmacKeyPlain	salt
-> ByteString	initial keying material
-> ByteString	info tag
-> [ByteString]

variation of hkdf that returns an unbounded stream of 32-byte output blocks.

hkdfList' Source #

Arguments

:: HmacKeyPlain	salt
-> ByteString	initial keying material
-> ByteString	info tag
-> [HashString]

variation of hkdf that returns an unbounded stream of 32-byte output blocks as HashStrings

hkdfGen Source #

Arguments

:: HmacKeyPlain	salt
-> ByteString	initial keying material
-> ByteString	info tag
-> HkdfGen

variation of hkdf that returns a plain-old-data representation of the output generator.

hkdfExtract Source #

Arguments

:: HmacKey	salt
-> ByteString	initial keying material
-> HmacKey	pseudorandom key

hkdfExpand Source #

Arguments

:: HmacKey	pseudorandom key
-> ByteString	info tag
-> Int	desired length
-> ByteString

hkdfExpand' Source #

Arguments

:: HmacKey	pseudorandom key
-> ByteString	info tag
-> Int	desired length
-> HashString

hkdfExpandList Source #

Arguments

:: HmacKey	pseudorandom key
-> ByteString	info tag
-> [ByteString]	infinite lazy list of output blocks

hkdfExpandList' Source #

Arguments

:: HmacKey	pseudorandom key
-> ByteString	info tag
-> [HashString]	infinite lazy list of output blocks

hkdfExpandGen Source #

Arguments

:: HmacKey	pseudorandom key
-> ByteString	info tag
-> HkdfGen

data HkdfCtx Source #

Context type for incremental hkdfExtract

Instances

Instances details

Eq HkdfCtx Source #
Instance details Defined in Crypto.Sha256.Hkdf.Subtle Methods (==) :: HkdfCtx -> HkdfCtx -> Bool # (/=) :: HkdfCtx -> HkdfCtx -> Bool #
Ord HkdfCtx Source #
Instance details Defined in Crypto.Sha256.Hkdf.Subtle Methods compare :: HkdfCtx -> HkdfCtx -> Ordering # (<) :: HkdfCtx -> HkdfCtx -> Bool # (<=) :: HkdfCtx -> HkdfCtx -> Bool # (>) :: HkdfCtx -> HkdfCtx -> Bool # (>=) :: HkdfCtx -> HkdfCtx -> Bool # max :: HkdfCtx -> HkdfCtx -> HkdfCtx # min :: HkdfCtx -> HkdfCtx -> HkdfCtx #

hkdfCtx_init :: HmacKey -> HkdfCtx Source #

hkdfCtx_feed :: ByteString -> HkdfCtx -> HkdfCtx Source #

hkdfCtx_feeds :: Foldable f => f ByteString -> HkdfCtx -> HkdfCtx Source #

hkdfCtx_update :: HkdfCtx -> ByteString -> HkdfCtx Source #

hkdfCtx_updates :: Foldable f => HkdfCtx -> f ByteString -> HkdfCtx Source #

hkdfCtx_finalize :: HkdfCtx -> HmacKey Source #

data HkdfGen Source #

Plain-old-data representation of the generator for hkdfExpand

hkdfGen_init :: HmacKey -> ShortByteString -> HkdfGen Source #

hkdfGen_read :: HkdfGen -> (ByteString, HkdfGen) Source #

hkdfGen_read' :: HkdfGen -> (HashString, HkdfGen) Source #

hkdfGen_peek :: HkdfGen -> Maybe HashString Source #