module Crypto.Random.DRBG.Hash
( State
, reseedInterval
, SeedLength (..)
, instantiate
, reseed
, generate
) where
import qualified Data.ByteString as B
import qualified Data.ByteString.Lazy as L
import Crypto.Random.DRBG.Types
import Crypto.Random.DRBG.HashDF
import Crypto.Classes
import Data.Serialize (encode)
import Data.Bits (shiftR, shiftL)
import Data.Tagged
class SeedLength h where
seedlen :: Tagged h Int
reseedInterval = 2^48
data State d = St
{ value :: B.ByteString
, constant :: B.ByteString
, counter :: Integer
, hsh :: L.ByteString -> d
}
instantiate :: (Hash c d, SeedLength d) => Entropy -> Nonce -> PersonalizationString -> State d
instantiate entropyInput nonce perStr =
let seedMaterial = B.concat [entropyInput, nonce, perStr]
slen = seedlen .::. d
seed = hash_df f seedMaterial slen
v = seed
c = hash_df f (B.cons 0 v) slen
f = hash
d = f undefined
in St v c 1 f
reseed :: (SeedLength d, Hash c d) => State d -> Entropy -> AdditionalInput -> State d
reseed st ent additionalInput =
let seedMaterial = B.concat [B.pack [1], value st, ent, additionalInput]
seed = hash_df f seedMaterial (seedlen `for` d)
v = seed
c = hash_df f (B.cons 0 v) (seedlen `for` d)
f = hash
d = f undefined
in St v c 1 f
generate :: (Hash c d, SeedLength d) => State d -> BitLen -> AdditionalInput -> Maybe (RandomBits, State d)
generate st req additionalInput =
if (counter st > reseedInterval)
then Nothing
else Just (retBits, st { value = v2, counter = cnt})
where
w = hash [B.singleton 2, value st, additionalInput]
v1 = if B.length additionalInput == 0 then value st else i2bs slen (bs2i (value st) + bs2i w)
retBits = hashGen d req v1
h = hash [B.cons 3 v1]
v2 = i2bs slen (sum $ counter st : map bs2i [v1, h, constant st])
cnt = counter st + 1
slen = seedlen `for` d
hash = encode . hashF . L.fromChunks
d = hsh st undefined
hashF = hsh st
hashGen :: (Hash c d, SeedLength d) => d -> BitLen -> B.ByteString -> RandomBits
hashGen d r val = B.take reqBytes . B.concat $ getW val m
where
reqBytes = (r + 7) `div` 8
m = (r + (outlen 1)) `div` outlen
getW :: B.ByteString -> Int -> [B.ByteString]
getW _ 0 = []
getW dat i =
let wi = encode (h dat)
dat' = incBS dat
rest = getW dat' (i1)
in wi : rest
slen = seedlen `for` d
outlen = outputLength `for` d
h = hashFunc' d
incBS :: B.ByteString -> B.ByteString
incBS bs = B.concat (go bs (B.length bs 1))
where
go bs i
| B.length bs == 0 = []
| B.index bs i == 0xFF = (go (B.init bs) (i1)) ++ [B.singleton 0]
| otherwise = [B.init bs] ++ [B.singleton $ (B.index bs i) + 1]
i2bs :: BitLen -> Integer -> B.ByteString
i2bs l i = B.unfoldr (\l' -> if l' < 0 then Nothing else Just (fromIntegral (i `shiftR` l'), l' 8)) (l8)
bs2i :: B.ByteString -> Integer
bs2i bs = B.foldl' (\i b -> (i `shiftL` 8) + fromIntegral b) 0 bs