Idris2Doc : Data.Cryptography.SCRAM

Data.Cryptography.SCRAM

(source)
Definitions
recordPhase1State : Type
  Totality: total
  Visibility: export
  Constructor: 
MkPhase1State : ListBits8->ListBits8->Phase1State

  Projections:
  
.clientFirstMessageBare : Phase1State->ListBits8
  
.clientNonceBase64 : Phase1State->ListBits8
genFirstMessageFromClient : String->ListBits8-> (ListBits8, Phase1State)
  @ userName: The user name to authenticate as.
  @ nonce: The nonce should be non-empty and random for SCRAM as intended.
  The first element of the returned tuple is the first client message to send to the server.
  The second element of the returned tuple is that opaque state that must be
  used when receiving the first message from the server, see 'recvFirstMessageFromServer'.

  Visibility: export
dataPhase2Err : Type
  Totality: total
  Visibility: public export
  Constructors:
  
MkRNotAtStart : Phase2Err
  
MkRMissing : Phase2Err
  
MkREmpty : Phase2Err
  
MkRNotPrefixedByClientNonce : Phase2Err
  
MkRHasEmptyServerNonce : Phase2Err
  
MkIterationsMissing : Phase2Err
  
MkIterationCountUnsupported : Phase2Err
  
MkSaltMissing : Phase2Err
  
MkSaltEmpty : Phase2Err
  
MkSaltInvalidBase64 : Phase2Err

  Hint: 
ShowPhase2Err
recvFirstMessageFromServer : (Vect (hash.outputSize) Bits8->VectblockSizeBits8) ->VectblockSizeBits8->Phase1State->ListBits8->EitherPhase2Err (ListBits8, Phase2Statehash)
  @ zeroPad: Zero pad hash output size to block size
  @ normalizedPassword: Normalized password according to https://datatracker.ietf.org/doc/html/rfc5802#section-2.2
                        and zero padded according to https://datatracker.ietf.org/doc/html/rfc2104#section-2 .
                        Note that (quote):
                           Applications that use keys longer
                           than B bytes will first hash the key using H and then use the
                           resultant L byte string as the actual key to HMAC.
                        This extra hashing is not done as part of this function, and the caller will need to do it
                        conditionally if strict compatibility is needed and long passwords are used.
                        Also note that non-ASCII passwords must be rejected if normalization is not supported.

  Visibility: export
dataPhase3Err : Type
  Totality: total
  Visibility: public export
  Constructors:
  
MkServerSignatureInvalidBase64 : Phase3Err
  
MkServerSignatureMissing : Phase3Err
  
MkServerSignatureMismatch : Phase3Err

  Hint: 
ShowPhase3Err
recvSecondMessageFromServer : Phase2Statehash->ListBits8->MaybePhase3Err
  If Nothing is returned, authentication was successful.

  Visibility: export