Copyright | (c) Joseph Abrahamson 2013 |
---|---|
License | MIT |
Maintainer | me@jspha.com |
Stability | experimental |
Portability | non-portable |
Safe Haskell | None |
Language | Haskell2010 |
Secret-key message authentication: Crypto.Saltine.Core.Auth
The auth
function authenticates a message ByteString
using a
secret key The function returns an authenticator. The verify
function checks if it's passed a correct authenticator of a message
under the given secret key.
The auth
function, viewed as a function of the message for a
uniform random key, is designed to meet the standard notion of
unforgeability. This means that an attacker cannot find
authenticators for any messages not authenticated by the sender,
even if the attacker has adaptively influenced the messages
authenticated by the sender. For a formal definition see, e.g.,
Section 2.4 of Bellare, Kilian, and Rogaway, "The security of the
cipher block chaining message authentication code," Journal of
Computer and System Sciences 61 (2000), 362–399;
http://www-cse.ucsd.edu/~mihir/papers/cbc.html.
Saltine does not make any promises regarding "strong" unforgeability; perhaps one valid authenticator can be converted into another valid authenticator for the same message. NaCl also does not make any promises regarding "truncated unforgeability."
Crypto.Saltine.Core.Auth is currently an implementation of HMAC-SHA-512-256, i.e., the first 256 bits of HMAC-SHA-512. HMAC-SHA-512-256 is conjectured to meet the standard notion of unforgeability.
This is version 2010.08.30 of the auth.html web page.
Synopsis
- data Key
- data Authenticator
- newKey :: IO Key
- auth :: Key -> ByteString -> Authenticator
- verify :: Key -> Authenticator -> ByteString -> Bool
Documentation
An opaque auth
cryptographic key.
Instances
Eq Key Source # | |
Data Key Source # | |
Defined in Crypto.Saltine.Core.Auth gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Key -> c Key # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Key # dataTypeOf :: Key -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Key) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Key) # gmapT :: (forall b. Data b => b -> b) -> Key -> Key # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Key -> r # gmapQr :: forall r r'. (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Key -> r # gmapQ :: (forall d. Data d => d -> u) -> Key -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Key -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Key -> m Key # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Key -> m Key # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Key -> m Key # | |
Ord Key Source # | |
Generic Key Source # | |
Hashable Key Source # | |
Defined in Crypto.Saltine.Core.Auth | |
IsEncoding Key Source # | |
Defined in Crypto.Saltine.Core.Auth encode :: Key -> ByteString Source # decode :: ByteString -> Maybe Key Source # encoded :: (Choice p, Applicative f) => p Key (f Key) -> p ByteString (f ByteString) Source # | |
type Rep Key Source # | |
Defined in Crypto.Saltine.Core.Auth type Rep Key = D1 ('MetaData "Key" "Crypto.Saltine.Core.Auth" "saltine-0.1.1.1-KbVmRAcWBV25w8Dlelbdig" 'True) (C1 ('MetaCons "Key" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 ByteString))) |
data Authenticator Source #
An opaque auth
authenticator.
Instances
:: Key | |
-> ByteString | Message |
-> Authenticator |
Computes an keyed authenticator ByteString
from a message. It
is infeasible to forge these authenticators without the key, even
if an attacker observes many authenticators and messages and has
the ability to influence the messages sent.
:: Key | |
-> Authenticator | |
-> ByteString | Message |
-> Bool | Is this message authentic? |
Checks to see if an authenticator is a correct proof that a message was signed by some key.