Copyright | Dong Han 2021 AnJie Dong 2021 |
---|---|
License | BSD |
Maintainer | winterland1989@gmail.com |
Stability | experimental |
Portability | non-portable |
Safe Haskell | None |
Language | Haskell2010 |
This module is used for Public Key Cryptography. Public key cryptography (also called asymmetric cryptography) is a collection of techniques allowing for encryption, signatures, and key agreement.
Synopsis
- data KeyType
- pattern RSADefault :: KeyType
- pattern McElieceDefault :: KeyType
- pattern XMSSDefault :: KeyType
- data ECCType
- data DLType
- newtype PrivKey = PrivKey BotanStruct
- newtype PubKey = PubKey BotanStruct
- newPrivKey :: KeyType -> RNG -> IO PrivKey
- newKeyPair :: KeyType -> RNG -> IO (PrivKey, PubKey)
- privKeyToPubKey :: PrivKey -> PubKey
- loadPrivKey :: RNG -> Bytes -> CBytes -> IO PrivKey
- privKeyAlgoName :: PrivKey -> IO Bytes
- privKeyParam :: HasCallStack => PrivKey -> CBytes -> MPI
- exportPrivKeyDER :: HasCallStack => PrivKey -> Bytes
- exportPrivKeyPEM :: HasCallStack => PrivKey -> Text
- exportPrivKeyEncryptedDER :: PrivKey -> RNG -> CBytes -> IO Bytes
- exportPrivKeyEncryptedPEM :: PrivKey -> RNG -> CBytes -> IO Text
- loadPubKey :: HasCallStack => Bytes -> IO PubKey
- pubKeyAlgoName :: PubKey -> CBytes
- pubKeyParam :: HasCallStack => PubKey -> CBytes -> MPI
- exportPubKeyDER :: HasCallStack => PubKey -> Bytes
- exportPubKeyPEM :: HasCallStack => PubKey -> Text
- estStrength :: PubKey -> Int
- fingerPrintPubKey :: PubKey -> HashType -> Bytes
- pkEncrypt :: PubKey -> EMEPadding -> RNG -> Bytes -> IO Bytes
- pkDecrypt :: PrivKey -> EMEPadding -> Bytes -> Bytes
- data EMEPadding
- data EMSA
- data SignFmt
- newSigner :: PrivKey -> EMSA -> SignFmt -> IO Signer
- updateSigner :: Signer -> Bytes -> IO ()
- finalSigner :: Signer -> RNG -> IO Bytes
- sinkToSigner :: HasCallStack => Signer -> Sink Bytes
- sign :: HasCallStack => PrivKey -> EMSA -> SignFmt -> Bytes -> IO Bytes
- signChunks :: HasCallStack => PrivKey -> EMSA -> SignFmt -> [Bytes] -> IO Bytes
- newVerifier :: PubKey -> EMSA -> SignFmt -> IO Verifier
- updateVerifier :: Verifier -> Bytes -> IO ()
- finalVerifier :: Verifier -> Bytes -> IO Bool
- sinkToVerifier :: HasCallStack => Verifier -> Sink Bytes
- verify :: HasCallStack => PubKey -> EMSA -> SignFmt -> Bytes -> Bytes -> Bool
- verifyChunks :: HasCallStack => PubKey -> EMSA -> SignFmt -> [Bytes] -> Bytes -> Bool
- data KeyAgreement = KeyAgreement {}
- newKeyAgreement :: PrivKey -> KDFType -> IO KeyAgreement
- exportKeyAgreementPublic :: PrivKey -> IO Bytes
- keyAgree :: KeyAgreement -> Bytes -> Bytes -> IO Bytes
- getRSAParams :: PrivKey -> (MPI, MPI, MPI, MPI, MPI)
- newRSAPrivKey :: MPI -> MPI -> MPI -> PrivKey
- getRSAPubParams :: PubKey -> (MPI, MPI)
- newRSAPubKey :: MPI -> MPI -> PubKey
- getDSAPrivParams :: PrivKey -> (MPI, MPI, MPI, MPI)
- newDSAPrivKey :: MPI -> MPI -> MPI -> MPI -> PrivKey
- getDSAPubParams :: PubKey -> (MPI, MPI, MPI, MPI)
- newDSAPubKey :: MPI -> MPI -> MPI -> MPI -> PubKey
- getElGamalPrivParams :: PrivKey -> (MPI, MPI, MPI)
- newElGamalPrivKey :: MPI -> MPI -> MPI -> PrivKey
- getElGamalPubParams :: PubKey -> (MPI, MPI, MPI)
- newElGamalPubKey :: MPI -> MPI -> MPI -> PubKey
- getDHPrivParams :: PrivKey -> (MPI, MPI, MPI)
- newDHPrivKey :: MPI -> MPI -> MPI -> PrivKey
- getDHPubParams :: PubKey -> (MPI, MPI, MPI)
- newDHPubKey :: MPI -> MPI -> MPI -> PubKey
- type XMSSType = CBytes
- pattern XMSS_SHA2_10_256 :: XMSSType
- pattern XMSS_SHA2_16_256 :: XMSSType
- pattern XMSS_SHA2_20_256 :: XMSSType
- pattern XMSS_SHA2_10_512 :: XMSSType
- pattern XMSS_SHA2_16_512 :: XMSSType
- pattern XMSS_SHA2_20_512 :: XMSSType
- pattern XMSS_SHAKE_10_256 :: XMSSType
- pattern XMSS_SHAKE_16_256 :: XMSSType
- pattern XMSS_SHAKE_20_256 :: XMSSType
- pattern XMSS_SHAKE_10_512 :: XMSSType
- pattern XMSS_SHAKE_16_512 :: XMSSType
- pattern XMSS_SHAKE_20_512 :: XMSSType
- type ECGroup = CBytes
- pattern Secp160k1 :: ECGroup
- pattern Secp160r1 :: ECGroup
- pattern Secp160r2 :: ECGroup
- pattern Secp192k1 :: ECGroup
- pattern Secp192r1 :: ECGroup
- pattern Secp224k1 :: ECGroup
- pattern Secp224r1 :: ECGroup
- pattern Secp256k1 :: ECGroup
- pattern Secp256r1 :: ECGroup
- pattern Secp384r1 :: ECGroup
- pattern Secp521r1 :: ECGroup
- pattern Brainpool160r1 :: ECGroup
- pattern Brainpool192r1 :: ECGroup
- pattern Brainpool224r1 :: ECGroup
- pattern Brainpool256r1 :: ECGroup
- pattern Brainpool320r1 :: ECGroup
- pattern Brainpool384r1 :: ECGroup
- pattern Brainpool512r1 :: ECGroup
- pattern X962_p192v2 :: ECGroup
- pattern X962_p192v3 :: ECGroup
- pattern X962_p239v1 :: ECGroup
- pattern X962_p239v2 :: ECGroup
- pattern X962_p239v3 :: ECGroup
- pattern Gost_256A :: ECGroup
- pattern Gost_512A :: ECGroup
- pattern Frp256v1 :: ECGroup
- pattern Sm2p256v1 :: ECGroup
- type DLGroup = CBytes
- pattern FFDHE_IETF_2048 :: DLGroup
- pattern FFDHE_IETF_3072 :: DLGroup
- pattern FFDHE_IETF_4096 :: DLGroup
- pattern FFDHE_IETF_6144 :: DLGroup
- pattern FFDHE_IETF_8192 :: DLGroup
- pattern MODP_IETF_1024 :: DLGroup
- pattern MODP_IETF_1536 :: DLGroup
- pattern MODP_IETF_2048 :: DLGroup
- pattern MODP_IETF_3072 :: DLGroup
- pattern MODP_IETF_4096 :: DLGroup
- pattern MODP_IETF_6144 :: DLGroup
- pattern MODP_IETF_8192 :: DLGroup
- pattern MODP_SRP_1024 :: DLGroup
- pattern MODP_SRP_1536 :: DLGroup
- pattern MODP_SRP_2048 :: DLGroup
- pattern MODP_SRP_3072 :: DLGroup
- pattern MODP_SRP_4096 :: DLGroup
- pattern MODP_SRP_6144 :: DLGroup
- pattern MODP_SRP_8192 :: DLGroup
- pattern DSA_JCE_1024 :: DLGroup
- pattern DSA_BOTAN_2048 :: DLGroup
- pattern DSA_BOTAN_3072 :: DLGroup
- data HashType
- = BLAKE2b Int
- | BLAKE2b256
- | BLAKE2b512
- | Keccak1600_224
- | Keccak1600_256
- | Keccak1600_384
- | Keccak1600_512
- | MD4
- | MD5
- | RIPEMD160
- | SHA160
- | SHA256
- | SHA224
- | SHA512
- | SHA384
- | SHA512_256
- | SHA3_224
- | SHA3_256
- | SHA3_384
- | SHA3_512
- | SHAKE128 Int
- | SHAKE256 Int
- | SM3
- | Skein512 Int CBytes
- | Streebog256
- | Streebog512
- | Whirlpool
- | Parallel HashType HashType
- | Comb4P HashType HashType
- | Adler32
- | CRC24
- | CRC32
- data KDFType
- withPrivKey :: HasCallStack => PrivKey -> (BotanStructT -> IO r) -> IO r
- withPubKey :: HasCallStack => PubKey -> (BotanStructT -> IO r) -> IO r
Asymmetric cryptography algorithms
Public Key Cryptography Algorithms.
Curve25519 | |
RSA Word32 | RSA key of the given size, namely n bits |
XMSS XMSSType | eXtended Merkle Signature Scheme, see https://botan.randombit.net/handbook/api_ref/pubkey.html#extended-merkle-signature-scheme-xmss |
Ed25519 | Ed25519 high-speed high-security signatures |
ECC ECCType ECGroup | Elliptic-curve cryptography, see |
DL DLType DLGroup | Asymmetric algorithm based on the discrete logarithm problem, see |
McEliece | McEliece is a cryptographic scheme based on error correcting codes which is thought to be resistant to quantum computers. See https://botan.randombit.net/handbook/api_ref/pubkey.html#mceliece. |
pattern RSADefault :: KeyType Source #
Default RSA Key type(3072 bits).
pattern McElieceDefault :: KeyType Source #
Default McEliece key type.
pattern XMSSDefault :: KeyType Source #
Algorithms based on elliptic curve.
Discrete Logarithm
Key generation and manipulation
An opaque data type for a private-public key pair.
Instances
Show PrivKey Source # | |
Generic PrivKey Source # | |
Print PrivKey Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> PrivKey -> Builder () # | |
type Rep PrivKey Source # | |
Defined in Z.Crypto.PubKey type Rep PrivKey = D1 ('MetaData "PrivKey" "Z.Crypto.PubKey" "Z-Botan-0.1.1.2-9fVnt3owi1vE69mjWqPaAt" 'True) (C1 ('MetaCons "PrivKey" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 BotanStruct))) |
A newtype wrapper.
Instances
Eq PubKey Source # | |
Ord PubKey Source # | |
Show PubKey Source # | |
Generic PubKey Source # | |
Print PubKey Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> PubKey -> Builder () # | |
type Rep PubKey Source # | |
Defined in Z.Crypto.PubKey type Rep PubKey = D1 ('MetaData "PubKey" "Z.Crypto.PubKey" "Z-Botan-0.1.1.2-9fVnt3owi1vE69mjWqPaAt" 'True) (C1 ('MetaCons "PubKey" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 BotanStruct))) |
Creating a private key.
Creating a private key requires two things:
- a source of random numbers
- some algorithm specific arguments that define the security level of the resulting key.
Creating a new key pair.
privKeyToPubKey :: PrivKey -> PubKey Source #
Export a public key from a given key pair.
Load a private key. If the key is encrypted, password will be used to attempt decryption.
:: HasCallStack | |
=> PrivKey | key |
-> CBytes | field name |
-> MPI |
Read an algorithm specific field from the key pair object.
exportPrivKeyDER :: HasCallStack => PrivKey -> Bytes Source #
Export a private key in DER binary format.
exportPrivKeyPEM :: HasCallStack => PrivKey -> Text Source #
Export a private key in PEM textual format.
exportPrivKeyEncryptedDER Source #
Export a private key with password.
exportPrivKeyEncryptedPEM Source #
Export a private key with password in PEM textual format.
loadPubKey :: HasCallStack => Bytes -> IO PubKey Source #
Load a publickey.
pubKeyAlgoName :: PubKey -> CBytes Source #
Get the algorithm name of a public key.
:: HasCallStack | |
=> PubKey | key |
-> CBytes | field name |
-> MPI |
Read an algorithm specific field from the public key object.
exportPubKeyDER :: HasCallStack => PubKey -> Bytes Source #
Export a public key in DER binary format..
exportPubKeyPEM :: HasCallStack => PubKey -> Text Source #
Export a public key in PEM textual format.
estStrength :: PubKey -> Int Source #
Estimate the strength of a public key.
Encrypt & Decrypt
Encrypt a message, returning the ciphertext.
Though botan support DLIES and ECIES but only EME are exported via FFI, please use an algorithm that directly support encryption such as RSA and ElGamal.
:: PrivKey | |
-> EMEPadding | |
-> Bytes | ciphertext |
-> Bytes | plaintext |
Decrypt a message, returning the ciphertext.
Though botan support DLIES and ECIES but only EME are exported via FFI, please use an algorithm that directly support decryption such as RSA and ElGamal.
data EMEPadding Source #
Sets of allowed padding schemes for public key types.
The recommended values for eme is EME1_SHA1
or EME1_SHA256
.
If you need compatibility with protocols using the PKCS #1 v1.5 standard, you can also use EME_PKCS1_v1
5'.
Sign & verify
Currently available values for EMSA
, examples are “EMSA1(SHA-1)” and “EMSA4(SHA-256)”.
Currently available values for EMSA
include EMSA1, EMSA2, EMSA3, EMSA4, and Raw. All of them, except Raw, take a parameter naming a message digest function to hash the message with. The Raw encoding signs the input directly; if the message is too big, the signing operation will fail. Raw is not useful except in very specialized applications.
For RSA, use EMSA4 (also called PSS) unless you need compatibility with software that uses the older PKCS #1 v1.5 standard, in which case use EMSA3 (also called “EMSA-PKCS1-v1_5”). For DSA, ECDSA, ECKCDSA, ECGDSA and GOST 34.10-2001 you should use EMSA1.
updateSigner :: Signer -> Bytes -> IO () Source #
finalSigner :: Signer -> RNG -> IO Bytes Source #
Produce a signature over all of the bytes passed to Signer
.
Afterwards, the sign operator is reset and may be used to sign a new message.
sinkToSigner :: HasCallStack => Signer -> Sink Bytes Source #
Trun Signer
to a Bytes
sink, update Signer
by write bytes to the sink.
Directly sign a message, with system RNG.
signChunks :: HasCallStack => PrivKey -> EMSA -> SignFmt -> [Bytes] -> IO Bytes Source #
Directly compute a chunked message's mac with system RNG.
updateVerifier :: Verifier -> Bytes -> IO () Source #
sinkToVerifier :: HasCallStack => Verifier -> Sink Bytes Source #
Trun Verifier
to a Bytes
sink, update Verifier
by write bytes to the sink.
Directly sign a message.
Directly compute a chunked message's mac.
Key agreement
data KeyAgreement Source #
Key agreement object.
Instances
Show KeyAgreement Source # | |
Defined in Z.Crypto.PubKey showsPrec :: Int -> KeyAgreement -> ShowS # show :: KeyAgreement -> String # showList :: [KeyAgreement] -> ShowS # | |
Generic KeyAgreement Source # | |
Defined in Z.Crypto.PubKey type Rep KeyAgreement :: Type -> Type # from :: KeyAgreement -> Rep KeyAgreement x # to :: Rep KeyAgreement x -> KeyAgreement # | |
Print KeyAgreement Source # | |
Defined in Z.Crypto.PubKey toUTF8BuilderP :: Int -> KeyAgreement -> Builder () # | |
type Rep KeyAgreement Source # | |
Defined in Z.Crypto.PubKey type Rep KeyAgreement = D1 ('MetaData "KeyAgreement" "Z.Crypto.PubKey" "Z-Botan-0.1.1.2-9fVnt3owi1vE69mjWqPaAt" 'False) (C1 ('MetaCons "KeyAgreement" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyAgreementStruct") 'SourceUnpack 'SourceStrict 'DecidedStrict) (Rec0 BotanStruct) :*: S1 ('MetaSel ('Just "keyAgreementSize") 'SourceUnpack 'SourceStrict 'DecidedStrict) (Rec0 Int))) |
newKeyAgreement :: PrivKey -> KDFType -> IO KeyAgreement Source #
:: KeyAgreement | |
-> Bytes | other key |
-> Bytes | salt |
-> IO Bytes |
How key agreement works is that you trade public values with some other party, and then each of you runs a computation with the other’s value and your key (this should return the same result to both parties).
RSA specific
Get RSA parameters
- Set p to the first RSA prime.
- Set q to the second RSA prime.
- Set n to the RSA modulus.
- Set d to the RSA private exponent.
- Set e to the RSA public exponent.
newRSAPrivKey :: MPI -> MPI -> MPI -> PrivKey Source #
Initialize a RSA key pair using arguments p, q, and e.
Get RSA Public parameters
- Set n to the RSA modulus.
- Set e to the RSA public exponent.
DSA specific
Get DSA parameters
- Set p, q, g to group parameters
- Set x to the private key
newDSAPrivKey :: MPI -> MPI -> MPI -> MPI -> PrivKey Source #
Initialize a DSA key pair using arguments p, q, g and x.
Get DSA parameters
- Set p, q, g to group parameters
- Set y to the public key
newDSAPubKey :: MPI -> MPI -> MPI -> MPI -> PubKey Source #
Initialize a DSA public key using arguments p, q, g and y.
ElGamal specific
Get ElGamal parameters
- Set p, g to group parameters
- Set x to the private key
Get ElGamal parameters
- Set p, g to group parameters
- Set y to the public key
Diffie-Hellman specific
Get Diffie-Hellman parameters
- Set p, g to group parameters
- Set x to the private key
Get Diffie-Hellman parameters
- Set p, g to group parameters
- Set y to the public key
constants
pattern XMSS_SHA2_10_256 :: XMSSType Source #
pattern XMSS_SHA2_16_256 :: XMSSType Source #
pattern XMSS_SHA2_20_256 :: XMSSType Source #
pattern XMSS_SHA2_10_512 :: XMSSType Source #
pattern XMSS_SHA2_16_512 :: XMSSType Source #
pattern XMSS_SHA2_20_512 :: XMSSType Source #
pattern XMSS_SHAKE_10_256 :: XMSSType Source #
pattern XMSS_SHAKE_16_256 :: XMSSType Source #
pattern XMSS_SHAKE_20_256 :: XMSSType Source #
pattern XMSS_SHAKE_10_512 :: XMSSType Source #
pattern XMSS_SHAKE_16_512 :: XMSSType Source #
pattern XMSS_SHAKE_20_512 :: XMSSType Source #
pattern Brainpool160r1 :: ECGroup Source #
pattern Brainpool192r1 :: ECGroup Source #
pattern Brainpool224r1 :: ECGroup Source #
pattern Brainpool256r1 :: ECGroup Source #
pattern Brainpool320r1 :: ECGroup Source #
pattern Brainpool384r1 :: ECGroup Source #
pattern Brainpool512r1 :: ECGroup Source #
pattern X962_p192v2 :: ECGroup Source #
pattern X962_p192v3 :: ECGroup Source #
pattern X962_p239v1 :: ECGroup Source #
pattern X962_p239v2 :: ECGroup Source #
pattern X962_p239v3 :: ECGroup Source #
pattern FFDHE_IETF_2048 :: DLGroup Source #
pattern FFDHE_IETF_3072 :: DLGroup Source #
pattern FFDHE_IETF_4096 :: DLGroup Source #
pattern FFDHE_IETF_6144 :: DLGroup Source #
pattern FFDHE_IETF_8192 :: DLGroup Source #
pattern MODP_IETF_1024 :: DLGroup Source #
pattern MODP_IETF_1536 :: DLGroup Source #
pattern MODP_IETF_2048 :: DLGroup Source #
pattern MODP_IETF_3072 :: DLGroup Source #
pattern MODP_IETF_4096 :: DLGroup Source #
pattern MODP_IETF_6144 :: DLGroup Source #
pattern MODP_IETF_8192 :: DLGroup Source #
pattern MODP_SRP_1024 :: DLGroup Source #
pattern MODP_SRP_1536 :: DLGroup Source #
pattern MODP_SRP_2048 :: DLGroup Source #
pattern MODP_SRP_3072 :: DLGroup Source #
pattern MODP_SRP_4096 :: DLGroup Source #
pattern MODP_SRP_6144 :: DLGroup Source #
pattern MODP_SRP_8192 :: DLGroup Source #
pattern DSA_JCE_1024 :: DLGroup Source #
pattern DSA_BOTAN_2048 :: DLGroup Source #
pattern DSA_BOTAN_3072 :: DLGroup Source #
re-exports
Available Hashs
BLAKE2b Int | A recently designed hash function. Very fast on 64-bit processors. Can output a hash of any length between 1 and 64 bytes, this is specified by passing desired byte length. |
BLAKE2b256 | Alias for |
BLAKE2b512 | Alias for |
Keccak1600_224 | An older (and incompatible) variant of SHA-3, but sometimes used. Prefer SHA-3 in new code. |
Keccak1600_256 | |
Keccak1600_384 | |
Keccak1600_512 | |
MD4 | An old hash function that is now known to be trivially breakable. It is very fast, and may still be suitable as a (non-cryptographic) checksum. |
MD5 | Widely used, now known to be broken. |
RIPEMD160 | A 160 bit hash function, quite old but still thought to be secure (up to the limit of 2**80 computation required for a collision which is possible with any 160 bit hash function). Somewhat deprecated these days. |
SHA160 | Widely adopted NSA designed hash function. Starting to show significant signs of weakness, and collisions can now be generated. Avoid in new designs. |
SHA256 | Relatively fast 256 bit hash function, thought to be secure. Also includes the variant SHA-224. There is no real reason to use SHA-224. |
SHA224 | |
SHA512 | SHA-512 is faster than SHA-256 on 64-bit processors. Also includes the truncated variants SHA-384 and SHA-512/256, which have the advantage of avoiding message extension attacks. |
SHA384 | |
SHA512_256 | |
SHA3_224 | The new NIST standard hash. Fairly slow. Supports 224, 256, 384 or 512 bit outputs. SHA-3 is faster with smaller outputs. Use as “SHA3_256” or “SHA3_512”. Plain “SHA-3” selects default 512 bit output. |
SHA3_256 | |
SHA3_384 | |
SHA3_512 | |
SHAKE128 Int | These are actually XOFs (extensible output functions) based on SHA-3, which can output a value of any byte length. For example “SHAKE128 @128” will produce 1024 bits of output. |
SHAKE256 Int | |
SM3 | Chinese national hash function, 256 bit output. Widely used in industry there. Fast and seemingly secure, but no reason to prefer it over SHA-2 or SHA-3 unless required. |
Skein512 Int CBytes | A contender for the NIST SHA-3 competition. Very fast on 64-bit systems. Can output a hash of any length between 1 and 64 bytes. It also accepts an optional “personalization string” which can create variants of the hash. This is useful for domain separation. |
Streebog256 | Newly designed Russian national hash function. Due to use of input-dependent table lookups, it is vulnerable to side channels. There is no reason to use it unless compatibility is needed. Warning: The Streebog Sbox has recently been revealed to have a hidden structure which interacts with its linear layer in a way which may provide a backdoor when used in certain ways. Avoid Streebog if at all possible. |
Streebog512 | |
Whirlpool | A 512-bit hash function standardized by ISO and NESSIE. Relatively slow, and due to the table based implementation it is potentially vulnerable to cache based side channels. |
Parallel HashType HashType | Parallel simply concatenates multiple hash functions. For example “Parallel SHA256 SHA512 outputs a 256+512 bit hash created by hashing the input with both SHA256 and SHA512 and concatenating the outputs. |
Comb4P HashType HashType | This combines two cryptographic hashes in such a way that preimage and collision attacks are provably at least as hard as a preimage or collision attack on the strongest hash. |
Adler32 | Checksums, not suitable for cryptographic use, but can be used for error checking purposes. |
CRC24 | |
CRC32 |
Instances
Key derivation functions are used to turn some amount of shared secret material into uniform random keys suitable for use with symmetric algorithms. An example of an input which is useful for a KDF is a shared secret created using Diffie-Hellman key agreement.
HKDF MACType | |
HKDF_Extract MACType | |
HKDF_Expand MACType | Defined in RFC 5869, HKDF uses HMAC to process inputs. Also available are variants HKDF-Extract and HKDF-Expand. HKDF is the combined Extract+Expand operation. Use the combined HKDF unless you need compatibility with some other system. |
KDF2 HashType | KDF2 comes from IEEE 1363. It uses a hash function. |
KDF1_18033 HashType | KDF1 from ISO 18033-2. Very similar to (but incompatible with) KDF2. |
KDF1 HashType | KDF1 from IEEE 1363. It can only produce an output at most the length of the hash function used. |
TLS_PRF | A KDF from ANSI X9.42. Sometimes used for Diffie-Hellman. |
TLS_12_PRF MACType | |
SP800_108_Counter MACType | KDFs from NIST SP 800-108. Variants include “SP800-108-Counter”, “SP800-108-Feedback” and “SP800-108-Pipeline”. |
SP800_108_Feedback MACType | |
SP800_108_Pipeline MACType | |
SP800_56AHash HashType | NIST SP 800-56A KDF using hash function |
SP800_56AMAC MACType | NIST SP 800-56A KDF using HMAC |
SP800_56C MACType | NIST SP 800-56C KDF using HMAC |
internal
withPrivKey :: HasCallStack => PrivKey -> (BotanStructT -> IO r) -> IO r Source #
Pass PrivKey
to FFI.
withPubKey :: HasCallStack => PubKey -> (BotanStructT -> IO r) -> IO r Source #
Pass PubKey
to FFI.