hmac-drbg

Pure Haskell HMAC-DRBG per NIST-SP 800-90A.
git clone git://git.ppad.tech/hmac-drbg.git
Log | Files | Refs | LICENSE
commit 94ba5895925990b7589d8ed2d53349d47a03c5e0
parent 767c954a629ba9af622da4f6b842fa41bc96f161
Author: Jared Tobin <jared@jtobin.io>
Date:   Fri,  4 Oct 2024 15:40:46 +0400

lib: module comments

Diffstat:

Mlib/Crypto/DRBG/HMAC.hs | 19++++++++++++++++---


1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/lib/Crypto/DRBG/HMAC.hs b/lib/Crypto/DRBG/HMAC.hs
@@ -96,7 +96,11 @@ _read_k (DRBG mut) = do
 -- | Create a DRBG from the supplied HMAC function, entropy, nonce, and
 --   personalization string.
 --
---   Returns the DRBG in any 'PrimMonad', e.g. 'ST' or 'IO'.
+--   You can instantiate the DRBG using any appropriate HMAC function;
+--   it should merely take a key and value as input, as is standard, and
+--   return a MAC digest, each being a strict 'ByteString'.
+--
+--   The DRBG is returned in any 'PrimMonad', e.g. 'ST' or 'IO'.
 --
 --   >>> import qualified Crypto.Hash.SHA256 as SHA256
 --   >>> new SHA256.hmac entropy nonce personalization_string
@@ -115,9 +119,18 @@ new hmac entropy nonce ps = do
 
 -- | Reseed a DRBG.
 --
---   Note that this can be used to implement "explicit" prediction
---   resistance by injecting entropy generated elsewhere.
+--   Each DRBG has an internal /reseed counter/ that tracks the number
+--   of requests made to the generator (note /requests made/, not /bytes
+--   generated/). SP 800-90A specifies that a HMAC-DRBG should support
+--   2 ^ 48 requests before requiring a reseed, so in practice you're
+--   unlikely to ever need to use this to actually reset the counter.
+--
+--   Note however that 'reseed' can be used to implement "explicit"
+--   prediction resistance, per SP 800-90A, by injecting entropy generated
+--   elsewhere into the DRBG.
 --
+--   >>> import qualified System.Entropy as E
+--   >>> entropy <- E.getEntropy 32
 --   >>> reseed entropy addl_bytes drbg
 --   "<reseeded drbg>"
 reseed