summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOfenhed <>2017-11-14 06:43:00 (GMT)
committerhdiff <hdiff@hdiff.luite.com>2017-11-14 06:43:00 (GMT)
commit30c26dcd49d08a464e1344a761ff69a8c7258a89 (patch)
tree70bdf73ae85fd62aceb42b7670265d5610c73427
parent3250bc8ef002fb7881275447d09ff549efbde39a (diff)
version 3.1.03.1.0
-rw-r--r--Crypto/Pbkdf2.hs51
-rw-r--r--Lazy-Pbkdf2.cabal6
2 files changed, 44 insertions, 13 deletions
diff --git a/Crypto/Pbkdf2.hs b/Crypto/Pbkdf2.hs
index d8a1c0e..1f436f6 100644
--- a/Crypto/Pbkdf2.hs
+++ b/Crypto/Pbkdf2.hs
@@ -1,5 +1,5 @@
{-# LANGUAGE Safe #-}
-module Crypto.Pbkdf2 (pbkdf2, pbkdf2_iterative) where
+module Crypto.Pbkdf2 (pbkdf2, pbkdf2_blocks, pbkdf2_iterative, pbkdf2_iterative_blocks) where
import Data.Bits (shiftR)
import Data.Bits(xor)
@@ -20,7 +20,7 @@ xorByteStrings x y
| B.length x == B.length y = B.pack $ B.zipWith xor x y
| otherwise = error "xor bytestrings are not of equal length"
-pbkdf2_internal createBlocks prf password salt iterations = LB.concat $ map LB.fromStrict $ createBlocks $ first_iteration . hash'
+pbkdf2_internal createBlocks prf password salt iterations = createBlocks $ first_iteration . hash'
where
hash' = prf password
first_iteration hash = additional_iterations hash hash 1
@@ -46,6 +46,27 @@ pbkdf2_internal createBlocks prf password salt iterations = LB.concat $ map LB.f
-- calculated as (PRF output input), where output is the output of the previous
-- block and input is the added salt for the previous block. Notice that the
-- output from the previous block is put in the password filed of the PRF.
+pbkdf2_iterative_blocks :: (B.ByteString -> B.ByteString -> B.ByteString)
+ -- ^ @PRF@, the PRF function to be used for the
+ -- iterative PBKDF2. The first argument is secret, the
+ -- second argument is not.
+ -> B.ByteString -- ^ @Password@, the secret to use in the PBKDF2 computations.
+ -> B.ByteString -- ^ @Salt@, the not neccesarily secret data to use in the PBKDF2 computations.
+ -> Integer -- ^ @c@, number of iterations for the the PBKDF2 computations.
+ -> [B.ByteString] -- ^ @DK@, the output data in the
+ -- format of an unlimited lazy list of strict
+ -- ByteStrings, each of which is a block from
+ -- @PRF@. This can be useful for precalculations of
+ -- the next block, but by the design of this
+ -- algorithm it cannot be used to compute blocks in
+ -- parallel.
+pbkdf2_iterative_blocks prf password salt iterations = pbkdf2_internal (createBlocks (B.pack []) 1) prf password salt iterations
+ where
+ createBlocks :: B.ByteString -> Bin.Word32 -> (B.ByteString -> B.ByteString) -> [B.ByteString]
+ createBlocks blockSalt i hash = let prev = (hash $ B.concat [blockSalt, salt, B.pack $ octetsBE i])
+ in prev:(createBlocks (prf prev blockSalt) (i + 1) hash)
+
+-- | This is the same as 'pbkdf2_iterative_blocks', except that it returns a lazy bytestring instead.
pbkdf2_iterative :: (B.ByteString -> B.ByteString -> B.ByteString)
-- ^ @PRF@, the PRF function to be used for the
-- iterative PBKDF2. The first argument is secret, the
@@ -54,21 +75,31 @@ pbkdf2_iterative :: (B.ByteString -> B.ByteString -> B.ByteString)
-> B.ByteString -- ^ @Salt@, the not neccesarily secret data to use in the PBKDF2 computations.
-> Integer -- ^ @c@, number of iterations for the the PBKDF2 computations.
-> LB.ByteString -- ^ @DK@, the output data in the format of an unlimited lazy ByteString.
-pbkdf2_iterative prf password salt iterations = pbkdf2_internal (createBlocks (B.pack []) 1) prf password salt iterations
- where
- createBlocks :: B.ByteString -> Bin.Word32 -> (B.ByteString -> B.ByteString) -> [B.ByteString]
- createBlocks blockSalt i hash = let prev = (hash $ B.concat [blockSalt, salt, B.pack $ octetsBE i])
- in prev:(createBlocks (prf prev blockSalt) (i + 1) hash)
+pbkdf2_iterative prf password salt iterations = LB.concat $ map LB.fromStrict $ pbkdf2_iterative_blocks prf password salt iterations
-pbkdf2 :: (B.ByteString -> B.ByteString -> B.ByteString)
+-- | This is the standard PBKDF2 algorithm.
+pbkdf2_blocks :: (B.ByteString -> B.ByteString -> B.ByteString)
-- ^ @PRF@, the PRF function to be used for PBKDF2. The first
-- argument is secret, the second argument is not.
-> B.ByteString -- ^ @Password@, the secret to use in the PBKDF2 computations.
-> B.ByteString -- ^ @Salt@, the not neccesarily secret data to use in the PBKDF2 computations.
-> Integer -- ^ @c@, number of iterations for the the PBKDF2 computations.
- -> LB.ByteString -- ^ @DK@, the output data in the format of an unlimited lazy ByteString.
-pbkdf2 prf password salt iterations = pbkdf2_internal (createBlocks True 1) prf password salt iterations
+ -> [B.ByteString] -- ^ @DK@, the output data in the
+ -- format of an unlimited lazy list of strict
+ -- ByteStrings, each of which is a block from
+ -- @PRF@. These can be calculated in parallel.
+pbkdf2_blocks prf password salt iterations = pbkdf2_internal (createBlocks True 1) prf password salt iterations
where
createBlocks :: Bool -> Bin.Word32 -> (B.ByteString -> B.ByteString) -> [B.ByteString]
createBlocks False 1 _ = error "Hashing algorithm looped, stopping to maintain security of data" -- Paranoia, but that's useful when doing crypto
createBlocks _ i hash = (hash $ B.concat [salt, B.pack $ octetsBE i]):(createBlocks False (i + 1) hash)
+
+-- | This is the same as 'pbkdf2_blocks', except that it returns a lazy bytestring instead.
+pbkdf2 :: (B.ByteString -> B.ByteString -> B.ByteString)
+ -- ^ @PRF@, the PRF function to be used for PBKDF2. The first
+ -- argument is secret, the second argument is not.
+ -> B.ByteString -- ^ @Password@, the secret to use in the PBKDF2 computations.
+ -> B.ByteString -- ^ @Salt@, the not neccesarily secret data to use in the PBKDF2 computations.
+ -> Integer -- ^ @c@, number of iterations for the the PBKDF2 computations.
+ -> LB.ByteString -- ^ @DK@, the output data in the format of an unlimited lazy ByteString.
+pbkdf2 prf password salt iterations = LB.concat $ map LB.fromStrict $ pbkdf2_blocks prf password salt iterations
diff --git a/Lazy-Pbkdf2.cabal b/Lazy-Pbkdf2.cabal
index 90300a3..1d0000b 100644
--- a/Lazy-Pbkdf2.cabal
+++ b/Lazy-Pbkdf2.cabal
@@ -1,12 +1,12 @@
Name: Lazy-Pbkdf2
-Version: 3.0.0
+Version: 3.1.0
Author: Marcus Ofenhed <marcus@conditionraise.se>
Maintainer: Marcus Ofenhed <marcus@conditionraise.se>
License: MIT
License-File: LICENSE
Synopsis: Lazy PBKDF2 generator.
-Description: A PBKDF2 generator that generates a lazy ByteString
- of PRNG data.
+Description: A PBKDF2 generator that generates either a lazy ByteString of
+ PRNG data or a lazy list of strict ByteStrings.
Category: Cryptography
Build-Type: Simple
cabal-version: >= 1.10