DRBG-0.1.0: A deterministic random bit generator (aka RNG, PRNG) implementing DRBGs from NIST SP 800-90




This module is the convenience interface for the DRBG (NIST standardized number-theoretically secure random number generator). Everything is setup for using the crypto-api CryptoRandomGen type class. For example, to seed a new generator with the system secure random (System.Crypto.Random) and generate some bytes (stepping the generator along the way) one would do:

    gen <- newGenIO :: IO HmacDRBG
    let Right (randomBytes, newGen) = genBytes gen 1024



type HmacDRBG = State SHA512Source

An alias for an HmacDRBG generator using SHA512. This is the recommended generator.

type HashDRBG = State SHA512Source

An Alias for a HashDRBG generator using SHA512.

data GenXor a b Source

g :: GenXor a b generates bytes with sub-generators a and b and exclusive-or's the outputs to produce the resulting bytes.

data GenAutoReseed a b Source

g :: GenAutoReseed a b is a generator of type a that gets automatically reseeded by generator b upon every 32kB generated.

reseed g ent will reseed both the component generators by breaking ent up into two parts determined by the genSeedLength of each generator.

genBytes will generate the requested bytes with generator a and reseed a using generator b if there has been 32KB of generated data since the last reseed. Note a request for > 32KB of data will be filled in one request to generator a before a is reseeded by b.

genBytesWithEntropy will push the entropy into generator a, leaving generator b unchanged unless the count hits 32KB, in which case it is reseeds a (for a second time) using b as in normal operation via genBytes.

data GenBuffered g Source

g :: GenBuffered a is a generator of type a that attempts to maintain a buffer of random values size > 1MB and < 5MB at any time.

Because of the way in which the buffer is computed (at idle times) and information on the previous generator is lost, it basically is not possible to reseed this generator after a GenError.

data GenSystemRandom Source

Not that it belongs here, or that it is technically correct as an instance of CryptoRandomGen, but simply because it's a reasonable engineering choice here is a GenSystemRandom that streams the system randoms. Take note:

  • It uses the default definition of genByteWithEntropy
  • newGen will always fail! DO NOT USE newGenIO for this generator!
  • reseed will always fail!
  • the handle to the system random is never closed