{-# LANGUAGE Trustworthy #-}
-- |
-- Module      : Crypto.Hash.SHA384
-- License     : BSD-style
-- Maintainer  : Herbert Valerio Riedel <hvr@gnu.org>
-- Stability   : stable
-- Portability : unknown
--
-- A module containing <https://en.wikipedia.org/wiki/SHA-2 SHA-384> bindings
--
-- @since 0.11.102.0
module Crypto.Hash.SHA384
    (

    -- * Incremental API
    --
    -- | This API is based on 4 different functions, similar to the
    -- lowlevel operations of a typical hash:
    --
    --  - 'init': create a new hash context
    --  - 'update': update non-destructively a new hash context with a strict bytestring
    --  - 'updates': same as update, except that it takes a list of strict bytestrings
    --  - 'finalize': finalize the context and returns a digest bytestring.
    --
    -- all those operations are completely pure, and instead of
    -- changing the context as usual in others language, it
    -- re-allocates a new context each time.
    --
    -- Example:
    --
    -- > import qualified Data.ByteString
    -- > import qualified Crypto.Hash.SHA384 as SHA384
    -- >
    -- > main = print digest
    -- >   where
    -- >     digest = SHA384.finalize ctx
    -- >     ctx    = foldl SHA384.update ctx0 (map Data.ByteString.pack [ [1,2,3], [4,5,6] ])
    -- >     ctx0   = SHA384.init

      Ctx(..)
    , init     -- :: Ctx
    , update   -- :: Ctx -> ByteString -> Ctx
    , updates  -- :: Ctx -> [ByteString] -> Ctx
    , finalize -- :: Ctx -> ByteString
    , finalizeAndLength -- :: Ctx -> (ByteString,Word64)
    , start    -- :: ByteString -> Ct
    , startlazy -- :: L.ByteString -> Ctx


    -- * Single Pass API
    --
    -- | This API use the incremental API under the hood to provide
    -- the common all-in-one operations to create digests out of a
    -- 'ByteString' and lazy 'L.ByteString'.
    --
    --  - 'hash': create a digest ('init' + 'update' + 'finalize') from a strict 'ByteString'
    --  - 'hashlazy': create a digest ('init' + 'update' + 'finalize') from a lazy 'L.ByteString'
    --
    -- Example:
    --
    -- > import qualified Data.ByteString
    -- > import qualified Crypto.Hash.SHA384 as SHA384
    -- >
    -- > main = print $ SHA384.hash (Data.ByteString.pack [0..255])
    --
    -- __NOTE__: The returned digest is a binary 'ByteString'. For
    -- converting to a base16/hex encoded digest the
    -- <https://hackage.haskell.org/package/base16-bytestring base16-bytestring>
    -- package is recommended.

    , hash     -- :: ByteString -> ByteString
    , hashlazy -- :: L.ByteString -> ByteString
    , hashlazyAndLength -- :: L.ByteString -> (ByteString,Word64)

    -- ** HMAC-SHA-384
    --
    -- | <https://tools.ietf.org/html/rfc2104 RFC2104>-compatible
    -- <https://en.wikipedia.org/wiki/HMAC HMAC>-SHA-384 digests

    , hmac     -- :: ByteString -> ByteString -> ByteString
    , hmaclazy -- :: ByteString -> L.ByteString -> ByteString
    , hmaclazyAndLength -- :: ByteString -> L.ByteString -> (ByteString,Word64)
    ) where

import Prelude hiding (init)
import Foreign.C.Types
import Foreign.Ptr
import Foreign.ForeignPtr (withForeignPtr)
import Foreign.Marshal.Alloc
import qualified Data.ByteString.Lazy as L
import qualified Data.ByteString as B
import Data.ByteString (ByteString)
import Data.ByteString.Unsafe (unsafeUseAsCStringLen)
import Data.ByteString.Internal (create, toForeignPtr, memcpy, mallocByteString)
import Data.Bits (xor)
import Data.Word
import System.IO.Unsafe (unsafeDupablePerformIO)

import Compat (constructBS)
import Crypto.Hash.SHA512.FFI

-- | perform IO for hashes that do allocation and ffi.
-- unsafeDupablePerformIO is used when possible as the
-- computation is pure and the output is directly linked
-- to the input. we also do not modify anything after it has
-- been returned to the user.
unsafeDoIO :: IO a -> a
unsafeDoIO :: forall a. IO a -> a
unsafeDoIO = forall a. IO a -> a
unsafeDupablePerformIO

-- keep this synchronised with cbits/sha512.h
{-# INLINE digestSize #-}
digestSize :: Int
digestSize :: Int
digestSize = Int
48

{-# INLINE sizeCtx #-}
sizeCtx :: Int
sizeCtx :: Int
sizeCtx = Int
208

{-# INLINE withByteStringPtr #-}
withByteStringPtr :: ByteString -> (Ptr Word8 -> IO a) -> IO a
withByteStringPtr :: forall a. ByteString -> (Ptr Word8 -> IO a) -> IO a
withByteStringPtr ByteString
b Ptr Word8 -> IO a
f =
    forall a b. ForeignPtr a -> (Ptr a -> IO b) -> IO b
withForeignPtr ForeignPtr Word8
fptr forall a b. (a -> b) -> a -> b
$ \Ptr Word8
ptr -> Ptr Word8 -> IO a
f (Ptr Word8
ptr forall a b. Ptr a -> Int -> Ptr b
`plusPtr` Int
off)
    where (ForeignPtr Word8
fptr, Int
off, Int
_) = ByteString -> (ForeignPtr Word8, Int, Int)
toForeignPtr ByteString
b

{-# INLINE create' #-}
-- | Variant of 'create' which allows to return an argument
create' :: Int -> (Ptr Word8 -> IO a) -> IO (ByteString,a)
create' :: forall a. Int -> (Ptr Word8 -> IO a) -> IO (ByteString, a)
create' Int
l Ptr Word8 -> IO a
f = do
    ForeignPtr Word8
fp <- forall a. Int -> IO (ForeignPtr a)
mallocByteString Int
l
    a
x <- forall a b. ForeignPtr a -> (Ptr a -> IO b) -> IO b
withForeignPtr ForeignPtr Word8
fp forall a b. (a -> b) -> a -> b
$ \Ptr Word8
p -> Ptr Word8 -> IO a
f Ptr Word8
p
    let bs :: ByteString
bs = ForeignPtr Word8 -> Int -> ByteString
constructBS ForeignPtr Word8
fp Int
l
    forall (m :: * -> *) a. Monad m => a -> m a
return forall a b. (a -> b) -> a -> b
$! a
x seq :: forall a b. a -> b -> b
`seq` ByteString
bs seq :: forall a b. a -> b -> b
`seq` (ByteString
bs,a
x)

copyCtx :: Ptr Ctx -> Ptr Ctx -> IO ()
copyCtx :: Ptr Ctx -> Ptr Ctx -> IO ()
copyCtx Ptr Ctx
dst Ptr Ctx
src = Ptr Word8 -> Ptr Word8 -> Int -> IO ()
memcpy (forall a b. Ptr a -> Ptr b
castPtr Ptr Ctx
dst) (forall a b. Ptr a -> Ptr b
castPtr Ptr Ctx
src) (forall a b. (Integral a, Num b) => a -> b
fromIntegral Int
sizeCtx)

withCtxCopy :: Ctx -> (Ptr Ctx -> IO ()) -> IO Ctx
withCtxCopy :: Ctx -> (Ptr Ctx -> IO ()) -> IO Ctx
withCtxCopy (Ctx ByteString
ctxB) Ptr Ctx -> IO ()
f = ByteString -> Ctx
Ctx forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
`fmap` IO ByteString
createCtx
  where
    createCtx :: IO ByteString
createCtx = Int -> (Ptr Word8 -> IO ()) -> IO ByteString
create Int
sizeCtx forall a b. (a -> b) -> a -> b
$ \Ptr Word8
dstPtr ->
                forall a. ByteString -> (Ptr Word8 -> IO a) -> IO a
withByteStringPtr ByteString
ctxB forall a b. (a -> b) -> a -> b
$ \Ptr Word8
srcPtr -> do
                    Ptr Ctx -> Ptr Ctx -> IO ()
copyCtx (forall a b. Ptr a -> Ptr b
castPtr Ptr Word8
dstPtr) (forall a b. Ptr a -> Ptr b
castPtr Ptr Word8
srcPtr)
                    Ptr Ctx -> IO ()
f (forall a b. Ptr a -> Ptr b
castPtr Ptr Word8
dstPtr)

withCtxThrow :: Ctx -> (Ptr Ctx -> IO a) -> IO a
withCtxThrow :: forall a. Ctx -> (Ptr Ctx -> IO a) -> IO a
withCtxThrow (Ctx ByteString
ctxB) Ptr Ctx -> IO a
f =
    forall a b. Int -> (Ptr a -> IO b) -> IO b
allocaBytes Int
sizeCtx forall a b. (a -> b) -> a -> b
$ \Ptr Any
dstPtr ->
    forall a. ByteString -> (Ptr Word8 -> IO a) -> IO a
withByteStringPtr ByteString
ctxB forall a b. (a -> b) -> a -> b
$ \Ptr Word8
srcPtr -> do
        Ptr Ctx -> Ptr Ctx -> IO ()
copyCtx (forall a b. Ptr a -> Ptr b
castPtr Ptr Any
dstPtr) (forall a b. Ptr a -> Ptr b
castPtr Ptr Word8
srcPtr)
        Ptr Ctx -> IO a
f (forall a b. Ptr a -> Ptr b
castPtr Ptr Any
dstPtr)

withCtxNew :: (Ptr Ctx -> IO ()) -> IO Ctx
withCtxNew :: (Ptr Ctx -> IO ()) -> IO Ctx
withCtxNew Ptr Ctx -> IO ()
f = ByteString -> Ctx
Ctx forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
`fmap` Int -> (Ptr Word8 -> IO ()) -> IO ByteString
create Int
sizeCtx (Ptr Ctx -> IO ()
f forall b c a. (b -> c) -> (a -> b) -> a -> c
. forall a b. Ptr a -> Ptr b
castPtr)

withCtxNewThrow :: (Ptr Ctx -> IO a) -> IO a
withCtxNewThrow :: forall a. (Ptr Ctx -> IO a) -> IO a
withCtxNewThrow Ptr Ctx -> IO a
f = forall a b. Int -> (Ptr a -> IO b) -> IO b
allocaBytes Int
sizeCtx (Ptr Ctx -> IO a
f forall b c a. (b -> c) -> (a -> b) -> a -> c
. forall a b. Ptr a -> Ptr b
castPtr)

-- 'safe' call overhead neglible for 4KiB and more
c_sha512_update :: Ptr Ctx -> Ptr Word8 -> CSize -> IO ()
c_sha512_update :: Ptr Ctx -> Ptr Word8 -> CSize -> IO ()
c_sha512_update Ptr Ctx
pctx Ptr Word8
pbuf CSize
sz
  | CSize
sz forall a. Ord a => a -> a -> Bool
< CSize
4096 = Ptr Ctx -> Ptr Word8 -> CSize -> IO ()
c_sha512_update_unsafe Ptr Ctx
pctx Ptr Word8
pbuf CSize
sz
  | Bool
otherwise = Ptr Ctx -> Ptr Word8 -> CSize -> IO ()
c_sha512_update_safe   Ptr Ctx
pctx Ptr Word8
pbuf CSize
sz

-- 'safe' call overhead neglible for 4KiB and more
c_sha384_hash :: Ptr Word8 -> CSize -> Ptr Word8 -> IO ()
c_sha384_hash :: Ptr Word8 -> CSize -> Ptr Word8 -> IO ()
c_sha384_hash Ptr Word8
pbuf CSize
sz Ptr Word8
pout
  | CSize
sz forall a. Ord a => a -> a -> Bool
< CSize
4096 = Ptr Word8 -> CSize -> Ptr Word8 -> IO ()
c_sha384_hash_unsafe Ptr Word8
pbuf CSize
sz Ptr Word8
pout
  | Bool
otherwise = Ptr Word8 -> CSize -> Ptr Word8 -> IO ()
c_sha384_hash_safe   Ptr Word8
pbuf CSize
sz Ptr Word8
pout

updateInternalIO :: Ptr Ctx -> ByteString -> IO ()
updateInternalIO :: Ptr Ctx -> ByteString -> IO ()
updateInternalIO Ptr Ctx
ptr ByteString
d =
    forall a. ByteString -> (CStringLen -> IO a) -> IO a
unsafeUseAsCStringLen ByteString
d (\(Ptr CChar
cs, Int
len) -> Ptr Ctx -> Ptr Word8 -> CSize -> IO ()
c_sha512_update Ptr Ctx
ptr (forall a b. Ptr a -> Ptr b
castPtr Ptr CChar
cs) (forall a b. (Integral a, Num b) => a -> b
fromIntegral Int
len))

finalizeInternalIO :: Ptr Ctx -> IO ByteString
finalizeInternalIO :: Ptr Ctx -> IO ByteString
finalizeInternalIO Ptr Ctx
ptr = Int -> (Ptr Word8 -> IO ()) -> IO ByteString
create Int
digestSize (Ptr Ctx -> Word16 -> Ptr Word8 -> IO ()
c_sha512t_finalize Ptr Ctx
ptr Word16
384)

finalizeInternalIO' :: Ptr Ctx -> IO (ByteString,Word64)
finalizeInternalIO' :: Ptr Ctx -> IO (ByteString, Word64)
finalizeInternalIO' Ptr Ctx
ptr = forall a. Int -> (Ptr Word8 -> IO a) -> IO (ByteString, a)
create' Int
digestSize (Ptr Ctx -> Word16 -> Ptr Word8 -> IO Word64
c_sha512t_finalize_len Ptr Ctx
ptr Word16
384)

{-# NOINLINE init #-}
-- | create a new hash context
init :: Ctx
init :: Ctx
init = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ (Ptr Ctx -> IO ()) -> IO Ctx
withCtxNew forall a b. (a -> b) -> a -> b
$ Ptr Ctx -> IO ()
c_sha384_init

validCtx :: Ctx -> Bool
validCtx :: Ctx -> Bool
validCtx (Ctx ByteString
b) = ByteString -> Int
B.length ByteString
b forall a. Eq a => a -> a -> Bool
== Int
sizeCtx

{-# NOINLINE update #-}
-- | update a context with a bytestring
update :: Ctx -> ByteString -> Ctx
update :: Ctx -> ByteString -> Ctx
update Ctx
ctx ByteString
d
  | Ctx -> Bool
validCtx Ctx
ctx = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ Ctx -> (Ptr Ctx -> IO ()) -> IO Ctx
withCtxCopy Ctx
ctx forall a b. (a -> b) -> a -> b
$ \Ptr Ctx
ptr -> Ptr Ctx -> ByteString -> IO ()
updateInternalIO Ptr Ctx
ptr ByteString
d
  | Bool
otherwise    = forall a. HasCallStack => [Char] -> a
error [Char]
"SHA384.update: invalid Ctx"

{-# NOINLINE updates #-}
-- | updates a context with multiple bytestrings
updates :: Ctx -> [ByteString] -> Ctx
updates :: Ctx -> [ByteString] -> Ctx
updates Ctx
ctx [ByteString]
d
  | Ctx -> Bool
validCtx Ctx
ctx = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ Ctx -> (Ptr Ctx -> IO ()) -> IO Ctx
withCtxCopy Ctx
ctx forall a b. (a -> b) -> a -> b
$ \Ptr Ctx
ptr -> forall (t :: * -> *) (m :: * -> *) a b.
(Foldable t, Monad m) =>
(a -> m b) -> t a -> m ()
mapM_ (Ptr Ctx -> ByteString -> IO ()
updateInternalIO Ptr Ctx
ptr) [ByteString]
d
  | Bool
otherwise    = forall a. HasCallStack => [Char] -> a
error [Char]
"SHA384.updates: invalid Ctx"

{-# NOINLINE finalize #-}
-- | finalize the context into a digest bytestring (48 bytes)
finalize :: Ctx -> ByteString
finalize :: Ctx -> ByteString
finalize Ctx
ctx
  | Ctx -> Bool
validCtx Ctx
ctx = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ forall a. Ctx -> (Ptr Ctx -> IO a) -> IO a
withCtxThrow Ctx
ctx Ptr Ctx -> IO ByteString
finalizeInternalIO
  | Bool
otherwise    = forall a. HasCallStack => [Char] -> a
error [Char]
"SHA384.finalize: invalid Ctx"

{-# NOINLINE finalizeAndLength #-}
-- | Variant of 'finalize' also returning length of hashed content
finalizeAndLength :: Ctx -> (ByteString,Word64)
finalizeAndLength :: Ctx -> (ByteString, Word64)
finalizeAndLength Ctx
ctx
  | Ctx -> Bool
validCtx Ctx
ctx = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ forall a. Ctx -> (Ptr Ctx -> IO a) -> IO a
withCtxThrow Ctx
ctx Ptr Ctx -> IO (ByteString, Word64)
finalizeInternalIO'
  | Bool
otherwise    = forall a. HasCallStack => [Char] -> a
error [Char]
"SHA384.finalize: invalid Ctx"

{-# NOINLINE hash #-}
-- | hash a strict bytestring into a digest bytestring (48 bytes)
hash :: ByteString -> ByteString
-- hash d = unsafeDoIO $ withCtxNewThrow $ \ptr -> do c_sha384_init ptr >> updateInternalIO ptr d >> finalizeInternalIO ptr
hash :: ByteString -> ByteString
hash ByteString
d = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ forall a. ByteString -> (CStringLen -> IO a) -> IO a
unsafeUseAsCStringLen ByteString
d forall a b. (a -> b) -> a -> b
$ \(Ptr CChar
cs, Int
len) -> Int -> (Ptr Word8 -> IO ()) -> IO ByteString
create Int
digestSize (Ptr Word8 -> CSize -> Ptr Word8 -> IO ()
c_sha384_hash (forall a b. Ptr a -> Ptr b
castPtr Ptr CChar
cs) (forall a b. (Integral a, Num b) => a -> b
fromIntegral Int
len))

{-# NOINLINE start #-}
-- | hash a strict bytestring into a Ctx
start :: ByteString -> Ctx
start :: ByteString -> Ctx
start ByteString
d = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ (Ptr Ctx -> IO ()) -> IO Ctx
withCtxNew forall a b. (a -> b) -> a -> b
$ \Ptr Ctx
ptr -> do
    Ptr Ctx -> IO ()
c_sha384_init Ptr Ctx
ptr forall (m :: * -> *) a b. Monad m => m a -> m b -> m b
>> Ptr Ctx -> ByteString -> IO ()
updateInternalIO Ptr Ctx
ptr ByteString
d

{-# NOINLINE hashlazy #-}
-- | hash a lazy bytestring into a digest bytestring (48 bytes)
hashlazy :: L.ByteString -> ByteString
hashlazy :: ByteString -> ByteString
hashlazy ByteString
l = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ forall a. (Ptr Ctx -> IO a) -> IO a
withCtxNewThrow forall a b. (a -> b) -> a -> b
$ \Ptr Ctx
ptr -> do
    Ptr Ctx -> IO ()
c_sha384_init Ptr Ctx
ptr forall (m :: * -> *) a b. Monad m => m a -> m b -> m b
>> forall (t :: * -> *) (m :: * -> *) a b.
(Foldable t, Monad m) =>
(a -> m b) -> t a -> m ()
mapM_ (Ptr Ctx -> ByteString -> IO ()
updateInternalIO Ptr Ctx
ptr) (ByteString -> [ByteString]
L.toChunks ByteString
l) forall (m :: * -> *) a b. Monad m => m a -> m b -> m b
>> Ptr Ctx -> IO ByteString
finalizeInternalIO Ptr Ctx
ptr

{-# NOINLINE hashlazyAndLength #-}
-- | Variant of 'hashlazy' which simultaneously computes the hash and length of a lazy bytestring.
hashlazyAndLength :: L.ByteString -> (ByteString,Word64)
hashlazyAndLength :: ByteString -> (ByteString, Word64)
hashlazyAndLength ByteString
l = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ forall a. (Ptr Ctx -> IO a) -> IO a
withCtxNewThrow forall a b. (a -> b) -> a -> b
$ \Ptr Ctx
ptr ->
    Ptr Ctx -> IO ()
c_sha384_init Ptr Ctx
ptr forall (m :: * -> *) a b. Monad m => m a -> m b -> m b
>> forall (t :: * -> *) (m :: * -> *) a b.
(Foldable t, Monad m) =>
(a -> m b) -> t a -> m ()
mapM_ (Ptr Ctx -> ByteString -> IO ()
updateInternalIO Ptr Ctx
ptr) (ByteString -> [ByteString]
L.toChunks ByteString
l) forall (m :: * -> *) a b. Monad m => m a -> m b -> m b
>> Ptr Ctx -> IO (ByteString, Word64)
finalizeInternalIO' Ptr Ctx
ptr

{-# NOINLINE startlazy #-}
-- | hash a lazy bytestring into a Ctx
startlazy :: L.ByteString -> Ctx
startlazy :: ByteString -> Ctx
startlazy ByteString
l = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ (Ptr Ctx -> IO ()) -> IO Ctx
withCtxNew forall a b. (a -> b) -> a -> b
$ \Ptr Ctx
ptr -> do
    Ptr Ctx -> IO ()
c_sha384_init Ptr Ctx
ptr forall (m :: * -> *) a b. Monad m => m a -> m b -> m b
>> forall (t :: * -> *) (m :: * -> *) a b.
(Foldable t, Monad m) =>
(a -> m b) -> t a -> m ()
mapM_ (Ptr Ctx -> ByteString -> IO ()
updateInternalIO Ptr Ctx
ptr) (ByteString -> [ByteString]
L.toChunks ByteString
l)

{-# NOINLINE hmac #-}
-- | Compute 48-byte <https://tools.ietf.org/html/rfc2104 RFC2104>-compatible
-- HMAC-SHA-384 digest for a strict bytestring message
hmac :: ByteString -- ^ secret
     -> ByteString -- ^ message
     -> ByteString
hmac :: ByteString -> ByteString -> ByteString
hmac ByteString
secret ByteString
msg = ByteString -> ByteString
hash forall a b. (a -> b) -> a -> b
$ ByteString -> ByteString -> ByteString
B.append ByteString
opad (ByteString -> ByteString
hash forall a b. (a -> b) -> a -> b
$ ByteString -> ByteString -> ByteString
B.append ByteString
ipad ByteString
msg)
  where
    opad :: ByteString
opad = (Word8 -> Word8) -> ByteString -> ByteString
B.map (forall a. Bits a => a -> a -> a
xor Word8
0x5c) ByteString
k'
    ipad :: ByteString
ipad = (Word8 -> Word8) -> ByteString -> ByteString
B.map (forall a. Bits a => a -> a -> a
xor Word8
0x36) ByteString
k'

    k' :: ByteString
k'  = ByteString -> ByteString -> ByteString
B.append ByteString
kt ByteString
pad
    kt :: ByteString
kt  = if ByteString -> Int
B.length ByteString
secret forall a. Ord a => a -> a -> Bool
> Int
128 then ByteString -> ByteString
hash ByteString
secret else ByteString
secret
    pad :: ByteString
pad = Int -> Word8 -> ByteString
B.replicate (Int
128 forall a. Num a => a -> a -> a
- ByteString -> Int
B.length ByteString
kt) Word8
0


{-# NOINLINE hmaclazy #-}
-- | Compute 48-byte <https://tools.ietf.org/html/rfc2104 RFC2104>-compatible
-- HMAC-SHA-384 digest for a lazy bytestring message
hmaclazy :: ByteString   -- ^ secret
         -> L.ByteString -- ^ message
         -> ByteString
hmaclazy :: ByteString -> ByteString -> ByteString
hmaclazy ByteString
secret ByteString
msg = ByteString -> ByteString
hash forall a b. (a -> b) -> a -> b
$ ByteString -> ByteString -> ByteString
B.append ByteString
opad (ByteString -> ByteString
hashlazy forall a b. (a -> b) -> a -> b
$ ByteString -> ByteString -> ByteString
L.append ByteString
ipad ByteString
msg)
  where
    opad :: ByteString
opad = (Word8 -> Word8) -> ByteString -> ByteString
B.map (forall a. Bits a => a -> a -> a
xor Word8
0x5c) ByteString
k'
    ipad :: ByteString
ipad = [ByteString] -> ByteString
L.fromChunks [(Word8 -> Word8) -> ByteString -> ByteString
B.map (forall a. Bits a => a -> a -> a
xor Word8
0x36) ByteString
k']

    k' :: ByteString
k'  = ByteString -> ByteString -> ByteString
B.append ByteString
kt ByteString
pad
    kt :: ByteString
kt  = if ByteString -> Int
B.length ByteString
secret forall a. Ord a => a -> a -> Bool
> Int
128 then ByteString -> ByteString
hash ByteString
secret else ByteString
secret
    pad :: ByteString
pad = Int -> Word8 -> ByteString
B.replicate (Int
128 forall a. Num a => a -> a -> a
- ByteString -> Int
B.length ByteString
kt) Word8
0

-- | Variant of 'hmaclazy' which also returns length of message
hmaclazyAndLength :: ByteString   -- ^ secret
                  -> L.ByteString -- ^ message
                  -> (ByteString,Word64) -- ^ digest (48 bytes) and length of message
hmaclazyAndLength :: ByteString -> ByteString -> (ByteString, Word64)
hmaclazyAndLength ByteString
secret ByteString
msg =
    (ByteString -> ByteString
hash (ByteString -> ByteString -> ByteString
B.append ByteString
opad ByteString
htmp), Word64
sz' forall a. Num a => a -> a -> a
- forall a b. (Integral a, Num b) => a -> b
fromIntegral Int
ipadLen)
  where
    (ByteString
htmp, Word64
sz') = ByteString -> (ByteString, Word64)
hashlazyAndLength (ByteString -> ByteString -> ByteString
L.append ByteString
ipad ByteString
msg)

    opad :: ByteString
opad = (Word8 -> Word8) -> ByteString -> ByteString
B.map (forall a. Bits a => a -> a -> a
xor Word8
0x5c) ByteString
k'
    ipad :: ByteString
ipad = [ByteString] -> ByteString
L.fromChunks [(Word8 -> Word8) -> ByteString -> ByteString
B.map (forall a. Bits a => a -> a -> a
xor Word8
0x36) ByteString
k']
    ipadLen :: Int
ipadLen = ByteString -> Int
B.length ByteString
k'

    k' :: ByteString
k'  = ByteString -> ByteString -> ByteString
B.append ByteString
kt ByteString
pad
    kt :: ByteString
kt  = if ByteString -> Int
B.length ByteString
secret forall a. Ord a => a -> a -> Bool
> Int
128 then ByteString -> ByteString
hash ByteString
secret else ByteString
secret
    pad :: ByteString
pad = Int -> Word8 -> ByteString
B.replicate (Int
128 forall a. Num a => a -> a -> a
- ByteString -> Int
B.length ByteString
kt) Word8
0