{"id":26933547,"url":"https://github.com/ppad-tech/hmac-drbg","last_synced_at":"2025-04-02T09:19:33.749Z","repository":{"id":261559231,"uuid":"884225046","full_name":"ppad-tech/hmac-drbg","owner":"ppad-tech","description":"(mirror of https://git.ppad.tech/hmac-drbg)","archived":false,"fork":false,"pushed_at":"2025-03-01T04:22:37.000Z","size":415,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-01T05:21:09.366Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Haskell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ppad-tech.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-06T11:25:35.000Z","updated_at":"2025-03-01T04:22:40.000Z","dependencies_parsed_at":"2024-11-07T07:49:40.521Z","dependency_job_id":"46515c4f-f62a-4a38-9ddf-f6341a4f6a40","html_url":"https://github.com/ppad-tech/hmac-drbg","commit_stats":null,"previous_names":["ppad-tech/hmac-drbg"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ppad-tech%2Fhmac-drbg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ppad-tech%2Fhmac-drbg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ppad-tech%2Fhmac-drbg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ppad-tech%2Fhmac-drbg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ppad-tech","download_url":"https://codeload.github.com/ppad-tech/hmac-drbg/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246785456,"owners_count":20833498,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-02T09:19:33.080Z","updated_at":"2025-04-02T09:19:33.739Z","avatar_url":"https://github.com/ppad-tech.png","language":"Haskell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hmac-drbg\n\n[![](https://img.shields.io/hackage/v/ppad-hmac-drbg?color=blue)](https://hackage.haskell.org/package/ppad-hmac-drbg)\n![](https://img.shields.io/badge/license-MIT-brightgreen)\n[![](https://img.shields.io/badge/haddock-hmac-drbg-lightblue)](https://docs.ppad.tech/hmac-drbg)\n\nA pure Haskell implementation of the HMAC-DRBG cryptographically-secure PRNG,\nas specified by [NIST SP 800-90A][sp800].\n\n## Usage\n\nA sample GHCi session:\n\n```\n  \u003e -- extensions/b16 import just for illustration here; not required for use\n  \u003e :set -XOverloadedStrings\n  \u003e :set -XRankNTypes\n  \u003e import qualified Data.ByteString.Base16 as B16\n  \u003e\n  \u003e -- import qualified\n  \u003e import qualified Crypto.DRBG.HMAC as DRBG\n  \u003e\n  \u003e -- supply your own HMAC function\n  \u003e import qualified Crypto.Hash.SHA256 as SHA256\n  \u003e\n  \u003e -- instantiate a DRBG\n  \u003e let entropy = \"very random\"\n  \u003e let nonce = \"very unused\"\n  \u003e let personalization_string = \"very personal\"\n  \u003e\n  \u003e drbg \u003c- DRBG.new SHA256.hmac entropy nonce personalization_string\n  \u003e\n  \u003e -- use it to generate some bytes\n  \u003e\n  \u003e fmap B16.encode (DRBG.gen mempty 32 drbg)\n  \"e4d17210810c4b343f6eae2c19e3d82395b555294b1b16a85f91dbea67e5f277\"\n  \u003e\n  \u003e -- reuse the generator to get more; the state is updated automatically\n  \u003e\n  \u003e fmap B16.encode (DRBG.gen mempty 16 drbg)\n  \"5d867730d99eb5335f16b1d622f03023\"\n  \u003e\n  \u003e -- this DRBG was instantiated in the IO monad:\n  \u003e\n  \u003e :t drbg\n  drbg :: DRBG.DRBG ghc-prim:GHC.Prim.RealWorld\n  \u003e\n  \u003e -- but you can also use use ST to keep things pure:\n  \u003e\n  \u003e import Control.Monad.ST\n  \u003e\n  \u003e :{\n  ghci| let drbg_pure = DRBG.new SHA256.hmac mempty mempty mempty ::\n  ghci|                   forall s. ST s (DRBG.DRBG s)\n  ghci| :}\n  \u003e\n  \u003e :t drbg_pure\n  drbg_pure :: ST s (DRBG.DRBG s)\n  \u003e\n  \u003e runST $ drbg_pure \u003e\u003e= fmap B16.encode . DRBG.gen mempty 16\n  \"b44299907e4e42aa4fded5d6153e8bac\"\n```\n\n## Documentation\n\nHaddocks (API documentation, etc.) are hosted at\n[docs.ppad.tech/hmac-drbg][hadoc].\n\n## Performance\n\nThe aim is best-in-class performance for pure, highly-auditable Haskell\ncode.\n\nCurrent benchmark figures on my mid-2020 MacBook Air look like (use\n`cabal bench` to run the benchmark suite):\n\n```\n  benchmarking ppad-hmac-drbg/HMAC-SHA256/new\n  time                 20.86 μs   (20.78 μs .. 20.94 μs)\n                       1.000 R²   (1.000 R² .. 1.000 R²)\n  mean                 20.82 μs   (20.72 μs .. 20.93 μs)\n  std dev              370.6 ns   (299.3 ns .. 456.6 ns)\n  variance introduced by outliers: 15% (moderately inflated)\n\n  benchmarking ppad-hmac-drbg/HMAC-SHA256/reseed\n  time                 13.98 μs   (13.83 μs .. 14.18 μs)\n                       0.999 R²   (0.998 R² .. 1.000 R²)\n  mean                 13.89 μs   (13.79 μs .. 14.03 μs)\n  std dev              398.9 ns   (296.7 ns .. 580.8 ns)\n  variance introduced by outliers: 32% (moderately inflated)\n\n  benchmarking ppad-hmac-drbg/HMAC-SHA256/gen (32B)\n  time                 21.10 μs   (20.95 μs .. 21.25 μs)\n                       1.000 R²   (0.999 R² .. 1.000 R²)\n  mean                 21.19 μs   (21.06 μs .. 21.36 μs)\n  std dev              509.2 ns   (390.7 ns .. 812.2 ns)\n  variance introduced by outliers: 24% (moderately inflated)\n\n  benchmarking ppad-hmac-drbg/HMAC-SHA256/gen (256B)\n  time                 68.17 μs   (67.62 μs .. 68.82 μs)\n                       1.000 R²   (0.999 R² .. 1.000 R²)\n  mean                 68.74 μs   (68.42 μs .. 69.09 μs)\n  std dev              1.172 μs   (1.022 μs .. 1.410 μs)\n  variance introduced by outliers: 12% (moderately inflated)\n```\n\n## Security\n\nThis library aims at the maximum security achievable in a\ngarbage-collected language under an optimizing compiler such as GHC, in\nwhich strict constant-timeness can be [challenging to achieve][const].\n\nThe HMAC-DRBG implementation within has been tested against the\nNIST DRBGVS vectors available for SHA-256 and SHA-512, using the\nHMAC functions from [ppad-sha256][sh256] and [ppad-sha512][sh512]\nrespectively.\n\nIf you discover any vulnerabilities, please disclose them via\nsecurity@ppad.tech.\n\n## Development\n\nYou'll require [Nix][nixos] with [flake][flake] support enabled. Enter a\ndevelopment shell with:\n\n```\n$ nix develop\n```\n\nThen do e.g.:\n\n```\n$ cabal repl ppad-hmac-drbg\n```\n\nto get a REPL for the main library.\n\n[sp800]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf\n[nixos]: https://nixos.org/\n[flake]: https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html\n[hadoc]: https://docs.ppad.tech/hmac-drbg\n[sh256]: https://git.ppad.tech/sha256\n[sh512]: https://git.ppad.tech/sha512\n[const]: https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fppad-tech%2Fhmac-drbg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fppad-tech%2Fhmac-drbg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fppad-tech%2Fhmac-drbg/lists"}