Safe Haskell	None
Language	Haskell2010

Crypto.Mac

Contents

Keys
Authenticator tags
Authentication

Description

Message authentication codes.

It is best to import this module qualified:

import qualified Crypto.Mac as Mac

authenticator = Mac.create key message
if Mac.verify key message authenticator
then {- Ok! -}
else {- Fail! -}

A message authenticator is like a signature, except that the key is secret. It can be used when it is not necessary to encrypt the data, but its integrity needs to be guaranteed.

Synopsis

type Key a = SizedByteArray CRYPTO_AUTH_KEYBYTES a
toKey :: ByteArrayAccess ba => ba -> Maybe (Key ba)
type Authenticator a = SizedByteArray CRYPTO_AUTH_BYTES a
toAuthenticator :: ByteArrayAccess ba => ba -> Maybe (Authenticator ba)
create :: (ByteArray authBytes, ByteArrayAccess keyBytes, ByteArrayAccess msg) => Key keyBytes -> msg -> Authenticator authBytes
verify :: (ByteArrayAccess authBytes, ByteArrayAccess msg, ByteArrayAccess keyBytes) => Key keyBytes -> msg -> Authenticator authBytes -> Bool

Keys

type Key a = SizedByteArray CRYPTO_AUTH_KEYBYTES a #

Secret key that can be used for Sea authentication.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString, but, since this is a secret key, it is better to use ScrubbedBytes.

toKey :: ByteArrayAccess ba => ba -> Maybe (Key ba) #

Make a Key from an arbitrary byte array.

This function returns Just if and only if the byte array has the right length to be used as a key for authentication.

Authenticator tags

type Authenticator a = SizedByteArray CRYPTO_AUTH_BYTES a #

A tag that confirms the authenticity of somde data.

toAuthenticator :: ByteArrayAccess ba => ba -> Maybe (Authenticator ba) #

Convert raw bytes into an Authenticator.

This function returns Just if and only if the byte array has the right length to be used as an authenticator.

Authentication

create Source #

Arguments

:: (ByteArray authBytes, ByteArrayAccess keyBytes, ByteArrayAccess msg)
=> Key keyBytes	Secret key.
-> msg	Message to authenticate.
-> Authenticator authBytes

Create an authenticator for a message.

authenticator = Mac.create key message

key is the secret key used for authentication. See Crypto.Key for how to get one.
message is the data you are authenticating.

This function produces authentication data, so if anyone modifies the message, verify will return False.

verify #

Arguments

:: (ByteArrayAccess authBytes, ByteArrayAccess msg, ByteArrayAccess keyBytes)
=> Key keyBytes	Secret key.
-> msg	Authenticated message.
-> Authenticator authBytes	Authenticator tag.
-> Bool

Verify an authenticator for a message.

isValid = Auth.verify key message authenticator

key and message are the same as when creating the authenticator.
authenticator is the output of create.

This function will return False if the message is not exactly the same as it was when the authenticator was created.