Copyright | (c) 2024 Auth Global |
---|---|
License | Apache2 |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Crypto.G3P.V2
Description
Synopsis
- g3pHash :: Foldable f => G3PSalt -> G3PInputs -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> ByteString
- g3pStream :: Foldable f => G3PSalt -> G3PInputs -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> Stream ByteString
- data G3PSalt = G3PSalt {
- g3pSalt_seguid :: !HmacKey
- g3pSalt_longTag :: !ByteString
- g3pSalt_contextTags :: !(Vector ByteString)
- g3pSalt_domainTag :: !ByteString
- g3pSalt_phkdfRounds :: !Word32
- data G3PInputs = G3PInputs {
- g3pInputs_username :: !ByteString
- g3pInputs_password :: !ByteString
- g3pInputs_credentials :: !(Vector ByteString)
- data G3PSeedInputs = G3PSeedInputs {}
- data G3PSpark
- g3pSpark :: G3PSalt -> G3PInputs -> G3PSpark
- g3pSpark_toSeed :: G3PSpark -> G3PSeedInputs -> G3PSeed
- g3pSpark_toSprout :: G3PSpark -> G3PSeedInputs -> HmacKey -> G3PSprout
- g3pSpark_toTree :: Foldable f => G3PSpark -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> G3PTree
- g3pSpark_toKey :: Foldable f => G3PSpark -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> G3PKey
- g3pSpark_toSource :: Foldable f => G3PSpark -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSource
- g3pSpark_toStream :: Foldable f => G3PSpark -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> Stream ByteString
- data G3PSeed
- g3pSeed :: G3PSalt -> G3PInputs -> G3PSeedInputs -> G3PSeed
- g3pSeed_fromSpark :: G3PSeedInputs -> G3PSpark -> G3PSeed
- g3pSeed_toSprout :: G3PSeed -> HmacKey -> G3PSprout
- g3pSeed_toTree :: Foldable f => G3PSeed -> HmacKey -> f ByteString -> ByteString -> G3PTree
- g3pSeed_toKey :: Foldable f => G3PSeed -> HmacKey -> f ByteString -> ByteString -> ByteString -> G3PKey
- g3pSeed_toSource :: Foldable f => G3PSeed -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSource
- g3pSeed_toStream :: Foldable f => G3PSeed -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> Stream ByteString
- data G3PSprout
- g3pSprout :: G3PSalt -> G3PInputs -> G3PSeedInputs -> HmacKey -> G3PSprout
- g3pSprout_feedArg :: ByteString -> G3PSprout -> G3PSprout
- g3pSprout_feedArgs :: Foldable f => f ByteString -> G3PSprout -> G3PSprout
- g3pSprout_arg :: G3PSprout -> ByteString -> G3PSprout
- g3pSprout_args :: Foldable f => G3PSprout -> f ByteString -> G3PSprout
- g3pSprout_fromSpark :: G3PSeedInputs -> HmacKey -> G3PSpark -> G3PSprout
- g3pSprout_fromSeed :: HmacKey -> G3PSeed -> G3PSprout
- g3pSprout_toTree :: G3PSprout -> ByteString -> G3PTree
- g3pSprout_toKey :: Foldable f => G3PSprout -> f ByteString -> ByteString -> ByteString -> G3PKey
- g3pSprout_toSource :: Foldable f => G3PSprout -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSource
- g3pSprout_toStream :: Foldable f => G3PSprout -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> Stream ByteString
- data G3PTree
- g3pTree :: Foldable f => G3PSalt -> G3PInputs -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> G3PTree
- g3pTree_fromSpark :: Foldable f => G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> G3PSpark -> G3PTree
- g3pTree_fromSeed :: Foldable f => HmacKey -> f ByteString -> ByteString -> G3PSeed -> G3PTree
- g3pTree_fromSprout :: ByteString -> G3PSprout -> G3PTree
- g3pTree_toKey :: G3PTree -> ByteString -> G3PKey
- g3pTree_toSource :: G3PTree -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSource
- g3pTree_toStream :: G3PTree -> ByteString -> ByteString -> Word32 -> ByteString -> Stream ByteString
- data G3PKey
- g3pKey :: Foldable f => G3PSalt -> G3PInputs -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> G3PKey
- g3pKey_fromSpark :: Foldable f => G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> G3PSpark -> G3PKey
- g3pKey_fromSeed :: Foldable f => HmacKey -> f ByteString -> ByteString -> ByteString -> G3PSeed -> G3PKey
- g3pKey_fromSprout :: Foldable f => f ByteString -> ByteString -> ByteString -> G3PSprout -> G3PKey
- g3pKey_fromTree :: ByteString -> G3PTree -> G3PKey
- g3pKey_toSource :: G3PKey -> ByteString -> Word32 -> ByteString -> G3PSource
- g3pKey_toStream :: G3PKey -> ByteString -> Word32 -> ByteString -> Stream ByteString
- type G3PSource = PhkdfGen
- g3pSource :: Foldable f => G3PSalt -> G3PInputs -> G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSource
- g3pSource_peek :: G3PSource -> Maybe ByteString
- g3pSource_read :: G3PSource -> (ByteString, G3PSource)
- g3pSource_fromSpark :: Foldable f => G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSpark -> G3PSource
- g3pSource_fromSeed :: Foldable f => HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSeed -> G3PSource
- g3pSource_fromSprout :: Foldable f => f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSprout -> G3PSource
- g3pSource_fromTree :: ByteString -> ByteString -> Word32 -> ByteString -> G3PTree -> G3PSource
- g3pSource_fromKey :: ByteString -> Word32 -> ByteString -> G3PKey -> G3PSource
- g3pSource_toStream :: G3PSource -> Stream ByteString
- data Stream a = Cons a (Stream a)
- g3pStream_fromSpark :: Foldable f => G3PSeedInputs -> HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSpark -> Stream ByteString
- g3pStream_fromSeed :: Foldable f => HmacKey -> f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSeed -> Stream ByteString
- g3pStream_fromSprout :: Foldable f => f ByteString -> ByteString -> ByteString -> ByteString -> Word32 -> ByteString -> G3PSprout -> Stream ByteString
- g3pStream_fromTree :: ByteString -> ByteString -> Word32 -> ByteString -> G3PTree -> Stream ByteString
- g3pStream_fromKey :: ByteString -> Word32 -> ByteString -> G3PKey -> Stream ByteString
- g3pStream_fromSource :: G3PSource -> Stream ByteString
- word32 :: ByteString -> Word32
Documentation
Arguments
:: Foldable f | |
=> G3PSalt | All the parameters needed throughout the entire key-stretching computation. |
-> G3PInputs | All the parameters that can be forgotten as soon as they are hashed once. |
-> G3PSeedInputs | All the parameters needed for bcrypt-based key stretching |
-> HmacKey | Sprout Seguid. A good default is to duplicate |
-> f ByteString | Sprout Role, an arbitrary number of bytestring parameters for late domain separation occuring after key-stretching is complete. Meaning is deployment defined. |
-> ByteString | Sprout Tag. A good default is to duplicate |
-> ByteString | This |
-> ByteString | The As the initial state of the output stream generator, if more than one block of the resulting output stream is ever examined, then this parameter must not include any new secrets. Otherwise the old secrets are potentially still crackable from the relationship between output stream blocks. This problem can be avoided by ensuring at least one of these are true:
It is possible to use this parameter safely in ways that don't exactly meet any of the criteria above, but these criteria would seem to fairly comprehensively cover typical use cases. I'm not sure why a deployment designer might feel a need to go beyond these criteria. Also note that if you feed an output block from _G3Pb2 echo_ back into this parameter, keep the keys and tag the same, and update the counter accordingly, then this will "collide" with the next output block of the original generator. This issue can be avoided by a deployment, so it's better to not get too creative with this specific parameter. |
-> Word32 | echo counter |
-> ByteString | echo tag. A good default is to duplicate the sprout's tag. |
-> ByteString | a 32-byte output hash. You can use the stream variant if you want more blocks. This is the first output block of that stream. |
The Global Password Prehash Protocol (G3P). Note that this function is very intentionally implemented in such a way that the following idiom is efficient. It performs the expensive key stretching phase only once, and results in 3 cryptographically independent output hashes, i.e. statistically independent to any efficient attacker that does not have access to the underlying password and other secrets.
let myDomain = "my.domain.example" myLoginDomain = "login.my.domain.example" myStorageDomain = "cloud.my.domain.example" myLongTag = "My Corporation, Inc. https://my.domain.example/.well-known/security.txt" mySeguid = hmacKey "9c08053b7e507a78b571b5b93e1326674540d7106da6408fcafeddcfcdf1ed76" userRandomSalt = "60473b8010e16d46" userSecondSecretHash = "0c06f683f093cb899b4a1e9836fc7281" mySalt = G3PSalt { g3pSalt_seguid = mySeguid, g3pSalt_longTag = myLongTag, g3pSalt_contextTags = [userRandomSalt], g3pSalt_domainTag = myDomain, g3pSalt_phkdfRounds = 20240 } myInputs = G3PInputs { g3pInputs_username = userRandomSalt, g3pInputs_password = "correct horse battery staple", g3pInputs_credentials = [userSecondSecretHash] } mySeedInputs = G3PSeedInputs { g3pSeedInputs_bcryptSeguid = mySeguid, g3pSeedInputs_bcryptCredentials = [], g3pSeedInputs_bcryptLongTag = myLongTag, g3pSeedInputs_bcryptContextTags = [], g3pSeedInputs_bcryptDomainTag = myDomain, g3pSeedInputs_bcryptRounds = 4202 } mySprout = g3pHash mySalt myInputs mySeedInputs mySeguid myHeader = userRandomSalt <> myDomain myAuthKey = mySprout ["auth",userRandomSalt] myLoginDomain myHeader myHeader (word32 AUTH) myDiskKey = mySprout ["disk", myStorageDomain, myLongTag, "key", "7014dad47f0e7f7157d99b39a06553ce"] myStorageDomain myHeader myHeader (word32 DISK) in [ myAuthKey myLongTag , myDiskKey "filename0.txt" , myDiskKey "quarterly-report.pdf" ]
In addition to sharing the main key-stretching computation among
all three independent output hashes, myDiskKey
also shares the
G3PSprout
to G3PKey
computation among two different calls.
Although this savings is relatively miniscule, it can also be
relevant in certain contexts.
Note that this example is intended to be an extremely accurate sketch of what a good authentication deployment that uses random salts or hashed usernames and not plaintext usernames would look like.
Other details are more to stimulate ideas about how one might use these
things: for example I'd highly recommend using 64-byte binary mySeguid
,
a 16-byte binary userRandomSalt
, and a 32-byte binary
userSecondSecretHash
, and I'd probably not use myDiskKey
in exactly
that way.
This example emphasizes that the G3P is designed to preserve endless possibilites for keying end-to-end encryption (E2EE) off of the user's password, though deploying a the G3P as a client-side prehash function is absolutely required to make use of that particular capability.
In the example above, the extended interface could be used to partially
evaluate the sprout on the storage domain, allowing the G3PSeed
to be
immediately forgotten. Later, the continuation of that partially evaluated
sprout can be finalized once the storage key is provided by the server
upon a successful authentication.
This approach has the minor complication of needing to ensure that any important data has been fully committed to and isn't sitting around inside the sprout's SHA256 context buffer. This can be done by including at least 63 bytes of non-committing data anywhere you need a safe partial evaluation point.
Thus the inclusion of myLongTag
in the storage role vector ensures that
the original seed, the "disk"
, and the "cloud.my.domain.example"
strings can be fully committed to while waiting for the disk key.
Another possibility is to use filler padding to control the context buffer position; I suggest using 32-95 or more bytes, as this ensures the encoded length is 3 bytes long and thus ensures that your desired buffer position can be reached from any starting point.
In the case that you want or need to persist or serialize the
intermediate structures, then the plain-old-datatypes G3PSpark
,
G3PSeed
, G3PSprout
, G3PTree
,G3PKey
, G3PSource
, and their
associated functions are more relevant than implicit closures.
These data structures explicitly represent the result of a partial evaluation, and provide a continuation onward to any one of innumerable final results.
Arguments
:: Foldable f | |
=> G3PSalt | salt parameters, typically specified by deployment, typically needed throughout PHKDF key stretching |
-> G3PInputs | input parameters, often provided by the user, ready to be forgotten soon after the computation starts |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> Stream ByteString |
This variant of g3pHash
returns an unbounded stream of 32-byte output
blocks. Use as many or as few as you want. Assuming the non-echo-header
inputs contain at least one strong secret, the output blocks are
cryptographically independent. You can partition the output into
non-overlapping chunks and use those chunks however you see fit.
NIST SP 800-108 recommendations imply that you shouldn't look at more than 137.4 GB of output. This recommendation is extremely cautious, and it's probably okay-ish in most circumstances to exceed that limit by a considerable margin.
On the other hand, if you really want that much CSPRNG data, you may well be better off using this function to generate keys for another, faster CSPRNG.
These input parameters are grouped together because they are the parameters that will have to persist in memory for most or all of the PHKDF-based key-stretching computation.
It is intended that deployments of an authentication database will specify these as constants or near-constants. User-supplied inputs would typically not go here. In this role, all these parameters function as salt.
The seguid parameter acts as a deployment-wide salt. Cryptographically speaking, the most important thing a deployment can do is specify a constant seguid. It is highly recommended that the seguid input be a genuine Self-Documenting Globally Unique Identifier attesting to the parameters, purposes, and public playbook of the protocol for y'all to follow to use the deployment to spec.
The remaining string parameters are all directly-documenting, embedded attributions. A deployment can use these tags to encode a message into the password hash function so that it must be known to whomever can compute it. There are a variety of different parameters because there are different lengths of messages that can be expressed for free, and there are different incremental costs for exceeding that limit.
It is particularly important to include some kind of actionable message
in the domainTag
and longTag
parameter. Specifying an empty string
in either of these parameters means that a significant quantity of
cryptoacoustic messaging space will be filled with silence.
Especially useful messages include URIs, legal names, and domain names.
Constructors
G3PSalt | |
Fields
|
These parameters are grouped together because they are hashed once near the beginning of the protocol and then are no longer needed, unless a deployment specifies duplicating (part of) one of these parameters into another. Thus all of these parameters are horn-loaded.
The input string to the "username" parameter could be provided directly by the user. Alternatively, it could be a random salt retrieved from a server or database, typically looked up via a plaintext username. The password is normally expected to be supplied by the users of a deployment.
Furthermore, the credentials vector is here because it is an ideal location to include other input. For example, one could implement a Two-Secret Key Derivation (2SKD) scheme analogous to 1Password's.
A deployment can also specify additional constant tags as part of the credentials vector. As the plaintext of these tags is only ever hashed into the output a single time, this alongside the bcrypt tag and long tag are incrementally the least expensive options for plaintext tagging.
Note that the username and password are subjected to additional length hardening. The G3P operates in a constant number of SHA256 blocks so long as the combined length of the username and password is less than about 4 KiB, or the combined length of the username, password, and long tag is less than about 8 KiB. The actual numbers are somewhat less in both cases, but this is a reasonable approximation.
In the case of all of the inputs in this record, longer values incur one SHA256 block per 64 bytes.
Constructors
G3PInputs | |
Fields
|
data G3PSeedInputs Source #
Constructors
G3PSeedInputs | bcrypt parameters |
Fields
|
Represents the completion of the PBKDF2-like key stretching computation,
and ready for bcrypt. Technically, a partial evaluation at the
completion of G3Pb2 bravo
, ready for G3Pb2 charlie
.
Arguments
:: G3PSalt | salt parameters, typically specified by deployment, typically needed throughout PHKDF key stretching |
-> G3PInputs | input parameters, often provided by the user, ready to be forgotten soon after the computation starts |
-> G3PSpark | the end of |
g3pSpark
encompasses calls to G3Pb2 alfa
and G3Pb2 bravo
, which
provides the PHKDF-based key-stretching phase.
All 8 parameters get unambiguously encoded into G3Pb2 alfa
, which is
the initial call to HMAC. 7 of them can be unambiguously parsed out of
the input message, thus proving that all collisions over them are
cryptographically non-trivial. The eighth is used as the HMAC key.
Moreover, the G3P's syntax generators never examine the content of any input, only length. Thus by parametricity, any vaguely reasonable attempt to implement the G3P cannot be directly responsible for introducing a data-dependent side channel.
The hash resulting from this initial HMAC-Extract, in addition to the
G3PSalt
parameters, determine the exact size, shape, and content of the
Merkle tree that describes the resulting spark. At this point in time
every computation is fully determined all the way to the end of the
PHKDF key-stretching phase. The next opportunity to make a choice is
the bcrypt key-stretching phase.
A spark consists of two cryptographically independent keys: keyB which begins bcrypt, and keyC which is the continuation control key. The continuation control key allows some or all of the bcrypt computation to be outsourced to another semi-trusted device, without giving that device the ability to compute the final seed.
Arguments
:: G3PSpark | the end of |
-> G3PSeedInputs | bcrypt parameters |
-> G3PSeed | the end of |
The bcrypt key-stretching phase.
Arguments
:: G3PSpark | a partial evaluation of |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> G3PSprout | the middle of |
Arguments
:: Foldable f | |
=> G3PSpark | a partial evaluation of |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> G3PTree | the end of |
Arguments
:: Foldable f | |
=> G3PSpark | a partial evaluation of |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> G3PKey | the middle of |
Arguments
:: Foldable f | |
=> G3PSpark | a partial evaluation of |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSource | plain-old data representation of an output stream |
Arguments
:: Foldable f | |
=> G3PSpark | a partial evaluation of |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> Stream ByteString |
A plain 32-byte hash that represents the completion of both phkdf and
bcrypt key stretching phases. Technically, a partial evaluation at
the completion of G3Pb2 charlie
, ready for G3Pb2 delta
.
Arguments
:: G3PSalt | salt parameters, typically specified by deployment, typically needed throughout PHKDF key stretching |
-> G3PInputs | input parameters, often provided by the user, ready to be forgotten soon after the computation starts |
-> G3PSeedInputs | |
-> G3PSeed | the end of |
Arguments
:: G3PSeedInputs | bcrypt parameters |
-> G3PSpark | a partial evaluation of |
-> G3PSeed | the end of |
Arguments
:: G3PSeed | the end of |
-> HmacKey | Sprout Seguid |
-> G3PSprout | the middle of |
Start a call to G3Pb2 delta
, starting with the Sprout's Seguid.
Arguments
:: Foldable f | |
=> G3PSeed | the end of |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> G3PTree | the end of |
Arguments
:: Foldable f | |
=> G3PSeed | the end of |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> G3PKey | the middle of |
Arguments
:: Foldable f | |
=> G3PSeed | the end of |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSource | plain-old data representation of an output stream |
Arguments
:: Foldable f | |
=> G3PSeed | the end of |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> Stream ByteString |
Represents a partial evaluation of G3P delta
, initialized with
the Sprout Seguid and possibly commited to part of the role argument.
This comes before the Sprout Domain Tag, and in fact can be finalized
with that parameter at any time.
Arguments
:: G3PSalt | salt parameters, typically specified by deployment, typically needed throughout PHKDF key stretching |
-> G3PInputs | input parameters, often provided by the user, ready to be forgotten soon after the computation starts |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> G3PSprout | the middle of |
Arguments
:: ByteString | arg |
-> G3PSprout | the middle of |
-> G3PSprout | a later middle of |
flipped version of g3pSprout_arg
Arguments
:: Foldable f | |
=> f ByteString | zero or more args |
-> G3PSprout | the middle of |
-> G3PSprout | a later middle of |
flipped version of g3pSprout_args
Arguments
:: G3PSprout | the middle of |
-> ByteString | arg |
-> G3PSprout | a later middle of |
The name of this function is a mnemonic for the argument order, which takes an sprout and adds a single length-delimited argument to it.
Arguments
:: Foldable f | |
=> G3PSprout | the middle of |
-> f ByteString | zero or more args |
-> G3PSprout | a later middle of |
The name of this function is a mnemonic for the argument order, which takes a sprout and adds zero or more length-delimited arguments to it.
Arguments
:: G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> G3PSpark | the end of |
-> G3PSprout | the middle of |
Arguments
:: G3PSprout | the middle of |
-> ByteString | Sprout Domain Tag |
-> G3PTree |
Arguments
:: Foldable f | |
=> G3PSprout | a partial evaluation of |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> G3PKey | the beginning of |
Arguments
:: Foldable f | |
=> G3PSprout | the middle of |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSource | plain-old data representation of an output stream |
Arguments
:: Foldable f | |
=> G3PSprout | the middle of |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> Stream ByteString |
A plain 32-byte hash that represents the leftmost bytes of the output
hmac key. Technically, a partial evaluation ending at G3Pb2 delta
and ready for the right half of the echo key, as needed to begin the
evaluation of G3Pb2 echo
Arguments
:: Foldable f | |
=> G3PSalt | salt parameters, typically specified by deployment, typically needed throughout PHKDF key stretching |
-> G3PInputs | input parameters, often provided by the user, ready to be forgotten soon after the computation starts |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> G3PTree | the end of |
Arguments
:: Foldable f | |
=> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> G3PSpark | the end of |
-> G3PTree | the end of |
Arguments
:: Foldable f | |
=> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> G3PSeed | the end of |
-> G3PTree | the end of |
Arguments
:: ByteString | sprout tag |
-> G3PSprout | |
-> G3PTree | the end of |
Arguments
:: G3PTree | |
-> ByteString | echo key right |
-> G3PKey | the middle of |
Arguments
:: G3PTree | the end of |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSource | plain-old data representation of an output stream |
Arguments
:: G3PTree | the end of |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> Stream ByteString |
A precomputed hmac key intended for use with G3Pb2 echo
. Technically,
a partial evaluation of the HMAC-SHA256 construction.
Arguments
:: Foldable f | |
=> G3PSalt | salt parameters, typically specified by deployment, typically needed throughout PHKDF key stretching |
-> G3PInputs | input parameters, often provided by the user, ready to be forgotten soon after the computation starts |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> G3PKey | the beginning of |
Arguments
:: Foldable f | |
=> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> G3PSpark | a partial evaluation of |
-> G3PKey | the beginning of |
Arguments
:: Foldable f | |
=> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> G3PSeed | the end of |
-> G3PKey | the middle of |
Arguments
:: Foldable f | |
=> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> G3PSprout | the middle of |
-> G3PKey | the middle of |
Arguments
:: ByteString | echo key right |
-> G3PTree | the end of |
-> G3PKey | the middle of |
Arguments
:: G3PKey | the middle of |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSource | plain-old data representation of an output stream |
Variant of g3pKey_toStream
that returns plain old data.
Arguments
:: G3PKey | the middle of |
-> ByteString | echo header |
-> Word32 | The |
-> ByteString | The |
-> Stream ByteString |
Turn a secret, derived HmacKeyHashed
into an unbounded
stream of 32-byte output blocks.
Arguments
:: Foldable f | |
=> G3PSalt | salt parameters, typically specified by deployment, typically needed throughout PHKDF key stretching |
-> G3PInputs | input parameters, often provided by the user, ready to be forgotten soon after the computation starts |
-> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSource | A plain-old-data representation of a G3P output stream |
g3pSource_read :: G3PSource -> (ByteString, G3PSource) Source #
Arguments
:: Foldable f | |
=> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSpark | |
-> G3PSource | plain-old data representation of an output stream |
Arguments
:: Foldable f | |
=> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSeed | the end of |
-> G3PSource | plain-old data representation of an output stream |
Arguments
:: Foldable f | |
=> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSprout | the middle of |
-> G3PSource | plain-old data representation of an output stream |
Arguments
:: ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PTree | the end of |
-> G3PSource | plain-old data representation of an output stream |
Arguments
:: ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PKey | the middle of |
-> G3PSource | plain-old data representation of an output stream |
An infinite sequence.
Beware: If you use any function from the Eq
or Ord
class to compare two equal streams, these functions will diverge.
Instances
Applicative Stream | |
Functor Stream | |
Monad Stream | |
Arbitrary a => Arbitrary (Stream a) | |
CoArbitrary a => CoArbitrary (Stream a) | |
Defined in Data.Stream Methods coarbitrary :: Stream a -> Gen b -> Gen b # | |
Show a => Show (Stream a) | A Show instance for Streams that takes the right associativity into
account and so doesn't put parenthesis around the tail of the Stream.
Note that |
Eq a => Eq (Stream a) | |
Ord a => Ord (Stream a) | |
Defined in Data.Stream | |
Serial a => Serial (Stream a) | |
Defined in Data.Stream |
Arguments
:: Foldable f | |
=> G3PSeedInputs | bcrypt parameters |
-> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSpark | |
-> Stream ByteString |
Arguments
:: Foldable f | |
=> HmacKey | sprout seguid |
-> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSeed | the end of |
-> Stream ByteString |
Arguments
:: Foldable f | |
=> f ByteString | sprout role |
-> ByteString | sprout tag |
-> ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PSprout | |
-> Stream ByteString |
Arguments
:: ByteString | echo key right |
-> ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PTree | |
-> Stream ByteString |
Arguments
:: ByteString | echo header |
-> Word32 | echo counter |
-> ByteString | echo tag |
-> G3PKey | |
-> Stream ByteString |
word32 :: ByteString -> Word32 #
>>>
let buf = pack [1,2,3,4,5,6,7,8]
>>>
word32 buf
16909060