{-# OPTIONS_GHC -funbox-small-strict-fields #-}
{-# LANGUAGE BangPatterns #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE ViewPatterns #-}

-- |
-- Module: Crypto.Hash.SHA256
-- Copyright: (c) 2024 Jared Tobin
-- License: MIT
-- Maintainer: Jared Tobin <jared@ppad.tech>
--
-- Pure SHA-256 and HMAC-SHA256 implementations for
-- strict and lazy ByteStrings, as specified by RFC's
-- [6234](https://datatracker.ietf.org/doc/html/rfc6234) and
-- [2104](https://datatracker.ietf.org/doc/html/rfc2104).

module Crypto.Hash.SHA256 (
  -- * SHA-256 message digest functions
    hash
  , hash_lazy

  -- * SHA256-based MAC functions
  , hmac
  , hmac_lazy
  ) where

import qualified Data.Bits as B
import Data.Bits ((.|.), (.&.))
import qualified Data.ByteString as BS
import qualified Data.ByteString.Builder as BSB
import qualified Data.ByteString.Builder.Extra as BE
import qualified Data.ByteString.Internal as BI
import qualified Data.ByteString.Lazy as BL
import qualified Data.ByteString.Lazy.Internal as BLI
import qualified Data.ByteString.Unsafe as BU
import Data.Word (Word32, Word64)
import Foreign.ForeignPtr (plusForeignPtr)

-- preliminary utils

-- keystroke saver
fi :: (Integral a, Num b) => a -> b
fi :: forall a b. (Integral a, Num b) => a -> b
fi = a -> b
forall a b. (Integral a, Num b) => a -> b
fromIntegral
{-# INLINE fi #-}

-- parse strict ByteString in BE order to Word32 (verbatim from
-- Data.Binary)
--
-- invariant:
--   the input bytestring is at least 32 bits in length
unsafe_word32be :: BS.ByteString -> Word32
unsafe_word32be :: ByteString -> Word32
unsafe_word32be ByteString
s =
  (Word8 -> Word32
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
0) Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
24) Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word32
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
1) Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
16) Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word32
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
2) Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL`  Int
8) Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word32
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
3))
{-# INLINE unsafe_word32be #-}

-- utility types for more efficient ByteString management

data SSPair = SSPair
  {-# UNPACK #-} !BS.ByteString
  {-# UNPACK #-} !BS.ByteString

data SLPair = SLPair {-# UNPACK #-} !BS.ByteString !BL.ByteString

data WSPair = WSPair {-# UNPACK #-} !Word32 {-# UNPACK #-} !BS.ByteString

-- unsafe version of splitAt that does no bounds checking
--
-- invariant:
--   0 <= n <= l
unsafe_splitAt :: Int -> BS.ByteString -> SSPair
unsafe_splitAt :: Int -> ByteString -> SSPair
unsafe_splitAt Int
n (BI.BS ForeignPtr Word8
x Int
l) =
  ByteString -> ByteString -> SSPair
SSPair (ForeignPtr Word8 -> Int -> ByteString
BI.BS ForeignPtr Word8
x Int
n) (ForeignPtr Word8 -> Int -> ByteString
BI.BS (ForeignPtr Word8 -> Int -> ForeignPtr Word8
forall a b. ForeignPtr a -> Int -> ForeignPtr b
plusForeignPtr ForeignPtr Word8
x Int
n) (Int
l Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
n))

-- variant of Data.ByteString.Lazy.splitAt that returns the initial
-- component as a strict, unboxed ByteString
splitAt64 :: BL.ByteString -> SLPair
splitAt64 :: ByteString -> SLPair
splitAt64 = Int -> ByteString -> SLPair
splitAt' (Int
64 :: Int) where
  splitAt' :: Int -> ByteString -> SLPair
splitAt' Int
_ ByteString
BLI.Empty        = ByteString -> ByteString -> SLPair
SLPair ByteString
forall a. Monoid a => a
mempty ByteString
BLI.Empty
  splitAt' Int
n (BLI.Chunk c :: ByteString
c@(BI.PS ForeignPtr Word8
_ Int
_ Int
l) ByteString
cs) =
    if    Int
n Int -> Int -> Bool
forall a. Ord a => a -> a -> Bool
< Int
l
    then
      -- n < BS.length c, so unsafe_splitAt is safe
      let !(SSPair ByteString
c0 ByteString
c1) = Int -> ByteString -> SSPair
unsafe_splitAt Int
n ByteString
c
      in  ByteString -> ByteString -> SLPair
SLPair ByteString
c0 (ByteString -> ByteString -> ByteString
BLI.Chunk ByteString
c1 ByteString
cs)
    else
      let SLPair ByteString
cs' ByteString
cs'' = Int -> ByteString -> SLPair
splitAt' (Int
n Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
l) ByteString
cs
      in  ByteString -> ByteString -> SLPair
SLPair (ByteString
c ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> ByteString
cs') ByteString
cs''

-- variant of Data.ByteString.splitAt that behaves like an incremental
-- Word32 parser
--
-- invariant:
--   the input bytestring is at least 32 bits in length
unsafe_parseWsPair :: BS.ByteString -> WSPair
unsafe_parseWsPair :: ByteString -> WSPair
unsafe_parseWsPair (BI.BS ForeignPtr Word8
x Int
l) =
  Word32 -> ByteString -> WSPair
WSPair (ByteString -> Word32
unsafe_word32be (ForeignPtr Word8 -> Int -> ByteString
BI.BS ForeignPtr Word8
x Int
4)) (ForeignPtr Word8 -> Int -> ByteString
BI.BS (ForeignPtr Word8 -> Int -> ForeignPtr Word8
forall a b. ForeignPtr a -> Int -> ForeignPtr b
plusForeignPtr ForeignPtr Word8
x Int
4) (Int
l Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
4))
{-# INLINE unsafe_parseWsPair #-}

-- message padding and parsing
-- https://datatracker.ietf.org/doc/html/rfc6234#section-4.1

-- k such that (l + 1 + k) mod 64 = 56
sol :: Word64 -> Word64
sol :: Word64 -> Word64
sol Word64
l =
  let r :: Integer
r = Integer
56 Integer -> Integer -> Integer
forall a. Num a => a -> a -> a
- Word64 -> Integer
forall a b. (Integral a, Num b) => a -> b
fi Word64
l Integer -> Integer -> Integer
forall a. Integral a => a -> a -> a
`mod` Integer
64 Integer -> Integer -> Integer
forall a. Num a => a -> a -> a
- Integer
1 :: Integer -- fi prevents underflow
  in  Integer -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (if Integer
r Integer -> Integer -> Bool
forall a. Ord a => a -> a -> Bool
< Integer
0 then Integer
r Integer -> Integer -> Integer
forall a. Num a => a -> a -> a
+ Integer
64 else Integer
r)

-- RFC 6234 4.1 (strict)
pad :: BS.ByteString -> BS.ByteString
pad :: ByteString -> ByteString
pad m :: ByteString
m@(BI.PS ForeignPtr Word8
_ Int
_ (Int -> Word64
forall a b. (Integral a, Num b) => a -> b
fi -> Word64
l)) = ByteString -> ByteString
BL.toStrict (ByteString -> ByteString)
-> (Builder -> ByteString) -> Builder -> ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Builder -> ByteString
BSB.toLazyByteString (Builder -> ByteString) -> Builder -> ByteString
forall a b. (a -> b) -> a -> b
$ Builder
padded where
  padded :: Builder
padded = ByteString -> Builder
BSB.byteString ByteString
m Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder -> Builder
forall {t}. (Eq t, Num t, Enum t) => t -> Builder -> Builder
fill (Word64 -> Word64
sol Word64
l) (Word8 -> Builder
BSB.word8 Word8
0x80)
  fill :: t -> Builder -> Builder
fill t
j !Builder
acc
    | t
j t -> t -> Bool
forall a. Eq a => a -> a -> Bool
== t
0 = Builder
acc Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE (Word64
l Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
* Word64
8)
    | Bool
otherwise = t -> Builder -> Builder
fill (t -> t
forall a. Enum a => a -> a
pred t
j) (Builder
acc Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word8 -> Builder
BSB.word8 Word8
0x00)

-- RFC 6234 4.1 (lazy)
pad_lazy :: BL.ByteString -> BL.ByteString
pad_lazy :: ByteString -> ByteString
pad_lazy (ByteString -> [ByteString]
BL.toChunks -> [ByteString]
m) = [ByteString] -> ByteString
BL.fromChunks (Word64 -> [ByteString] -> [ByteString]
walk Word64
0 [ByteString]
m) where
  walk :: Word64 -> [ByteString] -> [ByteString]
walk !Word64
l [ByteString]
bs = case [ByteString]
bs of
    (ByteString
c:[ByteString]
cs) -> ByteString
c ByteString -> [ByteString] -> [ByteString]
forall a. a -> [a] -> [a]
: Word64 -> [ByteString] -> [ByteString]
walk (Word64
l Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Int -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString -> Int
BS.length ByteString
c)) [ByteString]
cs
    [] -> Word64 -> Word64 -> Builder -> [ByteString]
forall {t} {f :: * -> *}.
(Eq t, Num t, Applicative f, Enum t) =>
Word64 -> t -> Builder -> f ByteString
padding Word64
l (Word64 -> Word64
sol Word64
l) (Word8 -> Builder
BSB.word8 Word8
0x80)

  padding :: Word64 -> t -> Builder -> f ByteString
padding Word64
l t
k Builder
bs
    | t
k t -> t -> Bool
forall a. Eq a => a -> a -> Bool
== t
0 =
          ByteString -> f ByteString
forall a. a -> f a
forall (f :: * -> *) a. Applicative f => a -> f a
pure
        (ByteString -> f ByteString)
-> (Builder -> ByteString) -> Builder -> f ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ByteString -> ByteString
BL.toStrict
          -- more efficient for small builder
        (ByteString -> ByteString)
-> (Builder -> ByteString) -> Builder -> ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. AllocationStrategy -> ByteString -> Builder -> ByteString
BE.toLazyByteStringWith
            (Int -> Int -> AllocationStrategy
BE.safeStrategy Int
128 Int
BE.smallChunkSize) ByteString
forall a. Monoid a => a
mempty
        (Builder -> f ByteString) -> Builder -> f ByteString
forall a b. (a -> b) -> a -> b
$ Builder
bs Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE (Word64
l Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
* Word64
8)
    | Bool
otherwise =
        let nacc :: Builder
nacc = Builder
bs Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word8 -> Builder
BSB.word8 Word8
0x00
        in  Word64 -> t -> Builder -> f ByteString
padding Word64
l (t -> t
forall a. Enum a => a -> a
pred t
k) Builder
nacc

-- functions and constants used
-- https://datatracker.ietf.org/doc/html/rfc6234#section-5.1

ch :: Word32 -> Word32 -> Word32 -> Word32
ch :: Word32 -> Word32 -> Word32 -> Word32
ch Word32
x Word32
y Word32
z = (Word32
x Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.&. Word32
y) Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` (Word32 -> Word32
forall a. Bits a => a -> a
B.complement Word32
x Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.&. Word32
z)
{-# INLINE ch #-}

-- credit to SHA authors for the following optimisation. their text:
--
-- > note:
-- >   the original functions is (x & y) ^ (x & z) ^ (y & z)
-- >   if you fire off truth tables, this is equivalent to
-- >     (x & y) | (x & z) | (y & z)
-- >   which you can the use distribution on:
-- >     (x & (y | z)) | (y & z)
-- >   which saves us one operation.
maj :: Word32 -> Word32 -> Word32 -> Word32
maj :: Word32 -> Word32 -> Word32 -> Word32
maj Word32
x Word32
y Word32
z = (Word32
x Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.&. (Word32
y Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.|. Word32
z)) Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.|. (Word32
y Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
.&. Word32
z)
{-# INLINE maj #-}

bsig0 :: Word32 -> Word32
bsig0 :: Word32 -> Word32
bsig0 Word32
x = Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
2 Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
13 Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
22
{-# INLINE bsig0 #-}

bsig1 :: Word32 -> Word32
bsig1 :: Word32 -> Word32
bsig1 Word32
x = Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
6 Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
11 Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
25
{-# INLINE bsig1 #-}

ssig0 :: Word32 -> Word32
ssig0 :: Word32 -> Word32
ssig0 Word32
x = Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
7 Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
18 Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.unsafeShiftR Word32
x Int
3
{-# INLINE ssig0 #-}

ssig1 :: Word32 -> Word32
ssig1 :: Word32 -> Word32
ssig1 Word32
x = Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
17 Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.rotateR Word32
x Int
19 Word32 -> Word32 -> Word32
forall a. Bits a => a -> a -> a
`B.xor` Word32 -> Int -> Word32
forall a. Bits a => a -> Int -> a
B.unsafeShiftR Word32
x Int
10
{-# INLINE ssig1 #-}

data Schedule = Schedule {
    Schedule -> Word32
w00 :: !Word32, Schedule -> Word32
w01 :: !Word32, Schedule -> Word32
w02 :: !Word32, Schedule -> Word32
w03 :: !Word32
  , Schedule -> Word32
w04 :: !Word32, Schedule -> Word32
w05 :: !Word32, Schedule -> Word32
w06 :: !Word32, Schedule -> Word32
w07 :: !Word32
  , Schedule -> Word32
w08 :: !Word32, Schedule -> Word32
w09 :: !Word32, Schedule -> Word32
w10 :: !Word32, Schedule -> Word32
w11 :: !Word32
  , Schedule -> Word32
w12 :: !Word32, Schedule -> Word32
w13 :: !Word32, Schedule -> Word32
w14 :: !Word32, Schedule -> Word32
w15 :: !Word32
  , Schedule -> Word32
w16 :: !Word32, Schedule -> Word32
w17 :: !Word32, Schedule -> Word32
w18 :: !Word32, Schedule -> Word32
w19 :: !Word32
  , Schedule -> Word32
w20 :: !Word32, Schedule -> Word32
w21 :: !Word32, Schedule -> Word32
w22 :: !Word32, Schedule -> Word32
w23 :: !Word32
  , Schedule -> Word32
w24 :: !Word32, Schedule -> Word32
w25 :: !Word32, Schedule -> Word32
w26 :: !Word32, Schedule -> Word32
w27 :: !Word32
  , Schedule -> Word32
w28 :: !Word32, Schedule -> Word32
w29 :: !Word32, Schedule -> Word32
w30 :: !Word32, Schedule -> Word32
w31 :: !Word32
  , Schedule -> Word32
w32 :: !Word32, Schedule -> Word32
w33 :: !Word32, Schedule -> Word32
w34 :: !Word32, Schedule -> Word32
w35 :: !Word32
  , Schedule -> Word32
w36 :: !Word32, Schedule -> Word32
w37 :: !Word32, Schedule -> Word32
w38 :: !Word32, Schedule -> Word32
w39 :: !Word32
  , Schedule -> Word32
w40 :: !Word32, Schedule -> Word32
w41 :: !Word32, Schedule -> Word32
w42 :: !Word32, Schedule -> Word32
w43 :: !Word32
  , Schedule -> Word32
w44 :: !Word32, Schedule -> Word32
w45 :: !Word32, Schedule -> Word32
w46 :: !Word32, Schedule -> Word32
w47 :: !Word32
  , Schedule -> Word32
w48 :: !Word32, Schedule -> Word32
w49 :: !Word32, Schedule -> Word32
w50 :: !Word32, Schedule -> Word32
w51 :: !Word32
  , Schedule -> Word32
w52 :: !Word32, Schedule -> Word32
w53 :: !Word32, Schedule -> Word32
w54 :: !Word32, Schedule -> Word32
w55 :: !Word32
  , Schedule -> Word32
w56 :: !Word32, Schedule -> Word32
w57 :: !Word32, Schedule -> Word32
w58 :: !Word32, Schedule -> Word32
w59 :: !Word32
  , Schedule -> Word32
w60 :: !Word32, Schedule -> Word32
w61 :: !Word32, Schedule -> Word32
w62 :: !Word32, Schedule -> Word32
w63 :: !Word32
  }

-- initialization
-- https://datatracker.ietf.org/doc/html/rfc6234#section-6.1

data Registers = Registers {
    Registers -> Word32
h0 :: !Word32, Registers -> Word32
h1 :: !Word32, Registers -> Word32
h2 :: !Word32, Registers -> Word32
h3 :: !Word32
  , Registers -> Word32
h4 :: !Word32, Registers -> Word32
h5 :: !Word32, Registers -> Word32
h6 :: !Word32, Registers -> Word32
h7 :: !Word32
  }

-- first 32 bits of the fractional parts of the square roots of the
-- first eight primes
iv :: Registers
iv :: Registers
iv = Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Registers
Registers
  Word32
0x6a09e667 Word32
0xbb67ae85 Word32
0x3c6ef372 Word32
0xa54ff53a
  Word32
0x510e527f Word32
0x9b05688c Word32
0x1f83d9ab Word32
0x5be0cd19

-- processing
-- https://datatracker.ietf.org/doc/html/rfc6234#section-6.2

data Block = Block {
    Block -> Word32
m00 :: !Word32, Block -> Word32
m01 :: !Word32, Block -> Word32
m02 :: !Word32, Block -> Word32
m03 :: !Word32
  , Block -> Word32
m04 :: !Word32, Block -> Word32
m05 :: !Word32, Block -> Word32
m06 :: !Word32, Block -> Word32
m07 :: !Word32
  , Block -> Word32
m08 :: !Word32, Block -> Word32
m09 :: !Word32, Block -> Word32
m10 :: !Word32, Block -> Word32
m11 :: !Word32
  , Block -> Word32
m12 :: !Word32, Block -> Word32
m13 :: !Word32, Block -> Word32
m14 :: !Word32, Block -> Word32
m15 :: !Word32
  }

-- parse strict bytestring to block
--
-- invariant:
--   the input bytestring is exactly 512 bits long
unsafe_parse :: BS.ByteString -> Block
unsafe_parse :: ByteString -> Block
unsafe_parse ByteString
bs =
  let !(WSPair Word32
m00 ByteString
t00) = ByteString -> WSPair
unsafe_parseWsPair ByteString
bs
      !(WSPair Word32
m01 ByteString
t01) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t00
      !(WSPair Word32
m02 ByteString
t02) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t01
      !(WSPair Word32
m03 ByteString
t03) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t02
      !(WSPair Word32
m04 ByteString
t04) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t03
      !(WSPair Word32
m05 ByteString
t05) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t04
      !(WSPair Word32
m06 ByteString
t06) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t05
      !(WSPair Word32
m07 ByteString
t07) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t06
      !(WSPair Word32
m08 ByteString
t08) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t07
      !(WSPair Word32
m09 ByteString
t09) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t08
      !(WSPair Word32
m10 ByteString
t10) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t09
      !(WSPair Word32
m11 ByteString
t11) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t10
      !(WSPair Word32
m12 ByteString
t12) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t11
      !(WSPair Word32
m13 ByteString
t13) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t12
      !(WSPair Word32
m14 ByteString
t14) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t13
      !(WSPair Word32
m15 ByteString
t15) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t14
  in  if   ByteString -> Bool
BS.null ByteString
t15
      then Block {Word32
m00 :: Word32
m01 :: Word32
m02 :: Word32
m03 :: Word32
m04 :: Word32
m05 :: Word32
m06 :: Word32
m07 :: Word32
m08 :: Word32
m09 :: Word32
m10 :: Word32
m11 :: Word32
m12 :: Word32
m13 :: Word32
m14 :: Word32
m15 :: Word32
m00 :: Word32
m01 :: Word32
m02 :: Word32
m03 :: Word32
m04 :: Word32
m05 :: Word32
m06 :: Word32
m07 :: Word32
m08 :: Word32
m09 :: Word32
m10 :: Word32
m11 :: Word32
m12 :: Word32
m13 :: Word32
m14 :: Word32
m15 :: Word32
..}
      else [Char] -> Block
forall a. HasCallStack => [Char] -> a
error [Char]
"ppad-sha256: internal error (bytes remaining)"

-- RFC 6234 6.2 step 1
prepare_schedule :: Block -> Schedule
prepare_schedule :: Block -> Schedule
prepare_schedule Block {Word32
m00 :: Block -> Word32
m01 :: Block -> Word32
m02 :: Block -> Word32
m03 :: Block -> Word32
m04 :: Block -> Word32
m05 :: Block -> Word32
m06 :: Block -> Word32
m07 :: Block -> Word32
m08 :: Block -> Word32
m09 :: Block -> Word32
m10 :: Block -> Word32
m11 :: Block -> Word32
m12 :: Block -> Word32
m13 :: Block -> Word32
m14 :: Block -> Word32
m15 :: Block -> Word32
m00 :: Word32
m01 :: Word32
m02 :: Word32
m03 :: Word32
m04 :: Word32
m05 :: Word32
m06 :: Word32
m07 :: Word32
m08 :: Word32
m09 :: Word32
m10 :: Word32
m11 :: Word32
m12 :: Word32
m13 :: Word32
m14 :: Word32
m15 :: Word32
..} = Schedule {Word32
w00 :: Word32
w01 :: Word32
w02 :: Word32
w03 :: Word32
w04 :: Word32
w05 :: Word32
w06 :: Word32
w07 :: Word32
w08 :: Word32
w09 :: Word32
w10 :: Word32
w11 :: Word32
w12 :: Word32
w13 :: Word32
w14 :: Word32
w15 :: Word32
w16 :: Word32
w17 :: Word32
w18 :: Word32
w19 :: Word32
w20 :: Word32
w21 :: Word32
w22 :: Word32
w23 :: Word32
w24 :: Word32
w25 :: Word32
w26 :: Word32
w27 :: Word32
w28 :: Word32
w29 :: Word32
w30 :: Word32
w31 :: Word32
w32 :: Word32
w33 :: Word32
w34 :: Word32
w35 :: Word32
w36 :: Word32
w37 :: Word32
w38 :: Word32
w39 :: Word32
w40 :: Word32
w41 :: Word32
w42 :: Word32
w43 :: Word32
w44 :: Word32
w45 :: Word32
w46 :: Word32
w47 :: Word32
w48 :: Word32
w49 :: Word32
w50 :: Word32
w51 :: Word32
w52 :: Word32
w53 :: Word32
w54 :: Word32
w55 :: Word32
w56 :: Word32
w57 :: Word32
w58 :: Word32
w59 :: Word32
w60 :: Word32
w61 :: Word32
w62 :: Word32
w63 :: Word32
w00 :: Word32
w01 :: Word32
w02 :: Word32
w03 :: Word32
w04 :: Word32
w05 :: Word32
w06 :: Word32
w07 :: Word32
w08 :: Word32
w09 :: Word32
w10 :: Word32
w11 :: Word32
w12 :: Word32
w13 :: Word32
w14 :: Word32
w15 :: Word32
w16 :: Word32
w17 :: Word32
w18 :: Word32
w19 :: Word32
w20 :: Word32
w21 :: Word32
w22 :: Word32
w23 :: Word32
w24 :: Word32
w25 :: Word32
w26 :: Word32
w27 :: Word32
w28 :: Word32
w29 :: Word32
w30 :: Word32
w31 :: Word32
w32 :: Word32
w33 :: Word32
w34 :: Word32
w35 :: Word32
w36 :: Word32
w37 :: Word32
w38 :: Word32
w39 :: Word32
w40 :: Word32
w41 :: Word32
w42 :: Word32
w43 :: Word32
w44 :: Word32
w45 :: Word32
w46 :: Word32
w47 :: Word32
w48 :: Word32
w49 :: Word32
w50 :: Word32
w51 :: Word32
w52 :: Word32
w53 :: Word32
w54 :: Word32
w55 :: Word32
w56 :: Word32
w57 :: Word32
w58 :: Word32
w59 :: Word32
w60 :: Word32
w61 :: Word32
w62 :: Word32
w63 :: Word32
..} where
  w00 :: Word32
w00 = Word32
m00; w01 :: Word32
w01 = Word32
m01; w02 :: Word32
w02 = Word32
m02; w03 :: Word32
w03 = Word32
m03
  w04 :: Word32
w04 = Word32
m04; w05 :: Word32
w05 = Word32
m05; w06 :: Word32
w06 = Word32
m06; w07 :: Word32
w07 = Word32
m07
  w08 :: Word32
w08 = Word32
m08; w09 :: Word32
w09 = Word32
m09; w10 :: Word32
w10 = Word32
m10; w11 :: Word32
w11 = Word32
m11
  w12 :: Word32
w12 = Word32
m12; w13 :: Word32
w13 = Word32
m13; w14 :: Word32
w14 = Word32
m14; w15 :: Word32
w15 = Word32
m15
  w16 :: Word32
w16 = Word32 -> Word32
ssig1 Word32
w14 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w09 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w01 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w00
  w17 :: Word32
w17 = Word32 -> Word32
ssig1 Word32
w15 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w10 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w02 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w01
  w18 :: Word32
w18 = Word32 -> Word32
ssig1 Word32
w16 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w11 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w03 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w02
  w19 :: Word32
w19 = Word32 -> Word32
ssig1 Word32
w17 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w12 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w04 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w03
  w20 :: Word32
w20 = Word32 -> Word32
ssig1 Word32
w18 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w13 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w05 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w04
  w21 :: Word32
w21 = Word32 -> Word32
ssig1 Word32
w19 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w14 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w06 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w05
  w22 :: Word32
w22 = Word32 -> Word32
ssig1 Word32
w20 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w15 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w07 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w06
  w23 :: Word32
w23 = Word32 -> Word32
ssig1 Word32
w21 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w16 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w08 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w07
  w24 :: Word32
w24 = Word32 -> Word32
ssig1 Word32
w22 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w17 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w09 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w08
  w25 :: Word32
w25 = Word32 -> Word32
ssig1 Word32
w23 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w18 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w10 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w09
  w26 :: Word32
w26 = Word32 -> Word32
ssig1 Word32
w24 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w19 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w11 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w10
  w27 :: Word32
w27 = Word32 -> Word32
ssig1 Word32
w25 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w20 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w12 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w11
  w28 :: Word32
w28 = Word32 -> Word32
ssig1 Word32
w26 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w21 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w13 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w12
  w29 :: Word32
w29 = Word32 -> Word32
ssig1 Word32
w27 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w22 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w14 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w13
  w30 :: Word32
w30 = Word32 -> Word32
ssig1 Word32
w28 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w23 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w15 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w14
  w31 :: Word32
w31 = Word32 -> Word32
ssig1 Word32
w29 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w24 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w16 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w15
  w32 :: Word32
w32 = Word32 -> Word32
ssig1 Word32
w30 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w25 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w17 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w16
  w33 :: Word32
w33 = Word32 -> Word32
ssig1 Word32
w31 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w26 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w18 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w17
  w34 :: Word32
w34 = Word32 -> Word32
ssig1 Word32
w32 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w27 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w19 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w18
  w35 :: Word32
w35 = Word32 -> Word32
ssig1 Word32
w33 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w28 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w20 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w19
  w36 :: Word32
w36 = Word32 -> Word32
ssig1 Word32
w34 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w29 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w21 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w20
  w37 :: Word32
w37 = Word32 -> Word32
ssig1 Word32
w35 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w30 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w22 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w21
  w38 :: Word32
w38 = Word32 -> Word32
ssig1 Word32
w36 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w31 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w23 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w22
  w39 :: Word32
w39 = Word32 -> Word32
ssig1 Word32
w37 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w32 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w24 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w23
  w40 :: Word32
w40 = Word32 -> Word32
ssig1 Word32
w38 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w33 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w25 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w24
  w41 :: Word32
w41 = Word32 -> Word32
ssig1 Word32
w39 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w34 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w26 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w25
  w42 :: Word32
w42 = Word32 -> Word32
ssig1 Word32
w40 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w35 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w27 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w26
  w43 :: Word32
w43 = Word32 -> Word32
ssig1 Word32
w41 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w36 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w28 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w27
  w44 :: Word32
w44 = Word32 -> Word32
ssig1 Word32
w42 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w37 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w29 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w28
  w45 :: Word32
w45 = Word32 -> Word32
ssig1 Word32
w43 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w38 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w30 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w29
  w46 :: Word32
w46 = Word32 -> Word32
ssig1 Word32
w44 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w39 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w31 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w30
  w47 :: Word32
w47 = Word32 -> Word32
ssig1 Word32
w45 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w40 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w32 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w31
  w48 :: Word32
w48 = Word32 -> Word32
ssig1 Word32
w46 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w41 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w33 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w32
  w49 :: Word32
w49 = Word32 -> Word32
ssig1 Word32
w47 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w42 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w34 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w33
  w50 :: Word32
w50 = Word32 -> Word32
ssig1 Word32
w48 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w43 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w35 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w34
  w51 :: Word32
w51 = Word32 -> Word32
ssig1 Word32
w49 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w44 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w36 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w35
  w52 :: Word32
w52 = Word32 -> Word32
ssig1 Word32
w50 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w45 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w37 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w36
  w53 :: Word32
w53 = Word32 -> Word32
ssig1 Word32
w51 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w46 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w38 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w37
  w54 :: Word32
w54 = Word32 -> Word32
ssig1 Word32
w52 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w47 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w39 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w38
  w55 :: Word32
w55 = Word32 -> Word32
ssig1 Word32
w53 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w48 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w40 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w39
  w56 :: Word32
w56 = Word32 -> Word32
ssig1 Word32
w54 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w49 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w41 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w40
  w57 :: Word32
w57 = Word32 -> Word32
ssig1 Word32
w55 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w50 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w42 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w41
  w58 :: Word32
w58 = Word32 -> Word32
ssig1 Word32
w56 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w51 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w43 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w42
  w59 :: Word32
w59 = Word32 -> Word32
ssig1 Word32
w57 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w52 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w44 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w43
  w60 :: Word32
w60 = Word32 -> Word32
ssig1 Word32
w58 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w53 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w45 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w44
  w61 :: Word32
w61 = Word32 -> Word32
ssig1 Word32
w59 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w54 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w46 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w45
  w62 :: Word32
w62 = Word32 -> Word32
ssig1 Word32
w60 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w55 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w47 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w46
  w63 :: Word32
w63 = Word32 -> Word32
ssig1 Word32
w61 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w56 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
ssig0 Word32
w48 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w47

-- RFC 6234 6.2 steps 2, 3, 4
block_hash :: Registers -> Schedule -> Registers
block_hash :: Registers -> Schedule -> Registers
block_hash r00 :: Registers
r00@Registers {Word32
h0 :: Registers -> Word32
h1 :: Registers -> Word32
h2 :: Registers -> Word32
h3 :: Registers -> Word32
h4 :: Registers -> Word32
h5 :: Registers -> Word32
h6 :: Registers -> Word32
h7 :: Registers -> Word32
h0 :: Word32
h1 :: Word32
h2 :: Word32
h3 :: Word32
h4 :: Word32
h5 :: Word32
h6 :: Word32
h7 :: Word32
..} Schedule {Word32
w00 :: Schedule -> Word32
w01 :: Schedule -> Word32
w02 :: Schedule -> Word32
w03 :: Schedule -> Word32
w04 :: Schedule -> Word32
w05 :: Schedule -> Word32
w06 :: Schedule -> Word32
w07 :: Schedule -> Word32
w08 :: Schedule -> Word32
w09 :: Schedule -> Word32
w10 :: Schedule -> Word32
w11 :: Schedule -> Word32
w12 :: Schedule -> Word32
w13 :: Schedule -> Word32
w14 :: Schedule -> Word32
w15 :: Schedule -> Word32
w16 :: Schedule -> Word32
w17 :: Schedule -> Word32
w18 :: Schedule -> Word32
w19 :: Schedule -> Word32
w20 :: Schedule -> Word32
w21 :: Schedule -> Word32
w22 :: Schedule -> Word32
w23 :: Schedule -> Word32
w24 :: Schedule -> Word32
w25 :: Schedule -> Word32
w26 :: Schedule -> Word32
w27 :: Schedule -> Word32
w28 :: Schedule -> Word32
w29 :: Schedule -> Word32
w30 :: Schedule -> Word32
w31 :: Schedule -> Word32
w32 :: Schedule -> Word32
w33 :: Schedule -> Word32
w34 :: Schedule -> Word32
w35 :: Schedule -> Word32
w36 :: Schedule -> Word32
w37 :: Schedule -> Word32
w38 :: Schedule -> Word32
w39 :: Schedule -> Word32
w40 :: Schedule -> Word32
w41 :: Schedule -> Word32
w42 :: Schedule -> Word32
w43 :: Schedule -> Word32
w44 :: Schedule -> Word32
w45 :: Schedule -> Word32
w46 :: Schedule -> Word32
w47 :: Schedule -> Word32
w48 :: Schedule -> Word32
w49 :: Schedule -> Word32
w50 :: Schedule -> Word32
w51 :: Schedule -> Word32
w52 :: Schedule -> Word32
w53 :: Schedule -> Word32
w54 :: Schedule -> Word32
w55 :: Schedule -> Word32
w56 :: Schedule -> Word32
w57 :: Schedule -> Word32
w58 :: Schedule -> Word32
w59 :: Schedule -> Word32
w60 :: Schedule -> Word32
w61 :: Schedule -> Word32
w62 :: Schedule -> Word32
w63 :: Schedule -> Word32
w00 :: Word32
w01 :: Word32
w02 :: Word32
w03 :: Word32
w04 :: Word32
w05 :: Word32
w06 :: Word32
w07 :: Word32
w08 :: Word32
w09 :: Word32
w10 :: Word32
w11 :: Word32
w12 :: Word32
w13 :: Word32
w14 :: Word32
w15 :: Word32
w16 :: Word32
w17 :: Word32
w18 :: Word32
w19 :: Word32
w20 :: Word32
w21 :: Word32
w22 :: Word32
w23 :: Word32
w24 :: Word32
w25 :: Word32
w26 :: Word32
w27 :: Word32
w28 :: Word32
w29 :: Word32
w30 :: Word32
w31 :: Word32
w32 :: Word32
w33 :: Word32
w34 :: Word32
w35 :: Word32
w36 :: Word32
w37 :: Word32
w38 :: Word32
w39 :: Word32
w40 :: Word32
w41 :: Word32
w42 :: Word32
w43 :: Word32
w44 :: Word32
w45 :: Word32
w46 :: Word32
w47 :: Word32
w48 :: Word32
w49 :: Word32
w50 :: Word32
w51 :: Word32
w52 :: Word32
w53 :: Word32
w54 :: Word32
w55 :: Word32
w56 :: Word32
w57 :: Word32
w58 :: Word32
w59 :: Word32
w60 :: Word32
w61 :: Word32
w62 :: Word32
w63 :: Word32
..} =
  -- constants are the first 32 bits of the fractional parts of the
  -- cube roots of the first sixty-four prime numbers
  let r01 :: Registers
r01 = Registers -> Word32 -> Word32 -> Registers
step Registers
r00 Word32
0x428a2f98 Word32
w00; r02 :: Registers
r02 = Registers -> Word32 -> Word32 -> Registers
step Registers
r01 Word32
0x71374491 Word32
w01
      r03 :: Registers
r03 = Registers -> Word32 -> Word32 -> Registers
step Registers
r02 Word32
0xb5c0fbcf Word32
w02; r04 :: Registers
r04 = Registers -> Word32 -> Word32 -> Registers
step Registers
r03 Word32
0xe9b5dba5 Word32
w03
      r05 :: Registers
r05 = Registers -> Word32 -> Word32 -> Registers
step Registers
r04 Word32
0x3956c25b Word32
w04; r06 :: Registers
r06 = Registers -> Word32 -> Word32 -> Registers
step Registers
r05 Word32
0x59f111f1 Word32
w05
      r07 :: Registers
r07 = Registers -> Word32 -> Word32 -> Registers
step Registers
r06 Word32
0x923f82a4 Word32
w06; r08 :: Registers
r08 = Registers -> Word32 -> Word32 -> Registers
step Registers
r07 Word32
0xab1c5ed5 Word32
w07
      r09 :: Registers
r09 = Registers -> Word32 -> Word32 -> Registers
step Registers
r08 Word32
0xd807aa98 Word32
w08; r10 :: Registers
r10 = Registers -> Word32 -> Word32 -> Registers
step Registers
r09 Word32
0x12835b01 Word32
w09
      r11 :: Registers
r11 = Registers -> Word32 -> Word32 -> Registers
step Registers
r10 Word32
0x243185be Word32
w10; r12 :: Registers
r12 = Registers -> Word32 -> Word32 -> Registers
step Registers
r11 Word32
0x550c7dc3 Word32
w11
      r13 :: Registers
r13 = Registers -> Word32 -> Word32 -> Registers
step Registers
r12 Word32
0x72be5d74 Word32
w12; r14 :: Registers
r14 = Registers -> Word32 -> Word32 -> Registers
step Registers
r13 Word32
0x80deb1fe Word32
w13
      r15 :: Registers
r15 = Registers -> Word32 -> Word32 -> Registers
step Registers
r14 Word32
0x9bdc06a7 Word32
w14; r16 :: Registers
r16 = Registers -> Word32 -> Word32 -> Registers
step Registers
r15 Word32
0xc19bf174 Word32
w15
      r17 :: Registers
r17 = Registers -> Word32 -> Word32 -> Registers
step Registers
r16 Word32
0xe49b69c1 Word32
w16; r18 :: Registers
r18 = Registers -> Word32 -> Word32 -> Registers
step Registers
r17 Word32
0xefbe4786 Word32
w17
      r19 :: Registers
r19 = Registers -> Word32 -> Word32 -> Registers
step Registers
r18 Word32
0x0fc19dc6 Word32
w18; r20 :: Registers
r20 = Registers -> Word32 -> Word32 -> Registers
step Registers
r19 Word32
0x240ca1cc Word32
w19
      r21 :: Registers
r21 = Registers -> Word32 -> Word32 -> Registers
step Registers
r20 Word32
0x2de92c6f Word32
w20; r22 :: Registers
r22 = Registers -> Word32 -> Word32 -> Registers
step Registers
r21 Word32
0x4a7484aa Word32
w21
      r23 :: Registers
r23 = Registers -> Word32 -> Word32 -> Registers
step Registers
r22 Word32
0x5cb0a9dc Word32
w22; r24 :: Registers
r24 = Registers -> Word32 -> Word32 -> Registers
step Registers
r23 Word32
0x76f988da Word32
w23
      r25 :: Registers
r25 = Registers -> Word32 -> Word32 -> Registers
step Registers
r24 Word32
0x983e5152 Word32
w24; r26 :: Registers
r26 = Registers -> Word32 -> Word32 -> Registers
step Registers
r25 Word32
0xa831c66d Word32
w25
      r27 :: Registers
r27 = Registers -> Word32 -> Word32 -> Registers
step Registers
r26 Word32
0xb00327c8 Word32
w26; r28 :: Registers
r28 = Registers -> Word32 -> Word32 -> Registers
step Registers
r27 Word32
0xbf597fc7 Word32
w27
      r29 :: Registers
r29 = Registers -> Word32 -> Word32 -> Registers
step Registers
r28 Word32
0xc6e00bf3 Word32
w28; r30 :: Registers
r30 = Registers -> Word32 -> Word32 -> Registers
step Registers
r29 Word32
0xd5a79147 Word32
w29
      r31 :: Registers
r31 = Registers -> Word32 -> Word32 -> Registers
step Registers
r30 Word32
0x06ca6351 Word32
w30; r32 :: Registers
r32 = Registers -> Word32 -> Word32 -> Registers
step Registers
r31 Word32
0x14292967 Word32
w31
      r33 :: Registers
r33 = Registers -> Word32 -> Word32 -> Registers
step Registers
r32 Word32
0x27b70a85 Word32
w32; r34 :: Registers
r34 = Registers -> Word32 -> Word32 -> Registers
step Registers
r33 Word32
0x2e1b2138 Word32
w33
      r35 :: Registers
r35 = Registers -> Word32 -> Word32 -> Registers
step Registers
r34 Word32
0x4d2c6dfc Word32
w34; r36 :: Registers
r36 = Registers -> Word32 -> Word32 -> Registers
step Registers
r35 Word32
0x53380d13 Word32
w35
      r37 :: Registers
r37 = Registers -> Word32 -> Word32 -> Registers
step Registers
r36 Word32
0x650a7354 Word32
w36; r38 :: Registers
r38 = Registers -> Word32 -> Word32 -> Registers
step Registers
r37 Word32
0x766a0abb Word32
w37
      r39 :: Registers
r39 = Registers -> Word32 -> Word32 -> Registers
step Registers
r38 Word32
0x81c2c92e Word32
w38; r40 :: Registers
r40 = Registers -> Word32 -> Word32 -> Registers
step Registers
r39 Word32
0x92722c85 Word32
w39
      r41 :: Registers
r41 = Registers -> Word32 -> Word32 -> Registers
step Registers
r40 Word32
0xa2bfe8a1 Word32
w40; r42 :: Registers
r42 = Registers -> Word32 -> Word32 -> Registers
step Registers
r41 Word32
0xa81a664b Word32
w41
      r43 :: Registers
r43 = Registers -> Word32 -> Word32 -> Registers
step Registers
r42 Word32
0xc24b8b70 Word32
w42; r44 :: Registers
r44 = Registers -> Word32 -> Word32 -> Registers
step Registers
r43 Word32
0xc76c51a3 Word32
w43
      r45 :: Registers
r45 = Registers -> Word32 -> Word32 -> Registers
step Registers
r44 Word32
0xd192e819 Word32
w44; r46 :: Registers
r46 = Registers -> Word32 -> Word32 -> Registers
step Registers
r45 Word32
0xd6990624 Word32
w45
      r47 :: Registers
r47 = Registers -> Word32 -> Word32 -> Registers
step Registers
r46 Word32
0xf40e3585 Word32
w46; r48 :: Registers
r48 = Registers -> Word32 -> Word32 -> Registers
step Registers
r47 Word32
0x106aa070 Word32
w47
      r49 :: Registers
r49 = Registers -> Word32 -> Word32 -> Registers
step Registers
r48 Word32
0x19a4c116 Word32
w48; r50 :: Registers
r50 = Registers -> Word32 -> Word32 -> Registers
step Registers
r49 Word32
0x1e376c08 Word32
w49
      r51 :: Registers
r51 = Registers -> Word32 -> Word32 -> Registers
step Registers
r50 Word32
0x2748774c Word32
w50; r52 :: Registers
r52 = Registers -> Word32 -> Word32 -> Registers
step Registers
r51 Word32
0x34b0bcb5 Word32
w51
      r53 :: Registers
r53 = Registers -> Word32 -> Word32 -> Registers
step Registers
r52 Word32
0x391c0cb3 Word32
w52; r54 :: Registers
r54 = Registers -> Word32 -> Word32 -> Registers
step Registers
r53 Word32
0x4ed8aa4a Word32
w53
      r55 :: Registers
r55 = Registers -> Word32 -> Word32 -> Registers
step Registers
r54 Word32
0x5b9cca4f Word32
w54; r56 :: Registers
r56 = Registers -> Word32 -> Word32 -> Registers
step Registers
r55 Word32
0x682e6ff3 Word32
w55
      r57 :: Registers
r57 = Registers -> Word32 -> Word32 -> Registers
step Registers
r56 Word32
0x748f82ee Word32
w56; r58 :: Registers
r58 = Registers -> Word32 -> Word32 -> Registers
step Registers
r57 Word32
0x78a5636f Word32
w57
      r59 :: Registers
r59 = Registers -> Word32 -> Word32 -> Registers
step Registers
r58 Word32
0x84c87814 Word32
w58; r60 :: Registers
r60 = Registers -> Word32 -> Word32 -> Registers
step Registers
r59 Word32
0x8cc70208 Word32
w59
      r61 :: Registers
r61 = Registers -> Word32 -> Word32 -> Registers
step Registers
r60 Word32
0x90befffa Word32
w60; r62 :: Registers
r62 = Registers -> Word32 -> Word32 -> Registers
step Registers
r61 Word32
0xa4506ceb Word32
w61
      r63 :: Registers
r63 = Registers -> Word32 -> Word32 -> Registers
step Registers
r62 Word32
0xbef9a3f7 Word32
w62; r64 :: Registers
r64 = Registers -> Word32 -> Word32 -> Registers
step Registers
r63 Word32
0xc67178f2 Word32
w63
      !(Registers Word32
a Word32
b Word32
c Word32
d Word32
e Word32
f Word32
g Word32
h) = Registers
r64
  in  Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Registers
Registers
        (Word32
a Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
h0) (Word32
b Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
h1) (Word32
c Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
h2) (Word32
d Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
h3)
        (Word32
e Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
h4) (Word32
f Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
h5) (Word32
g Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
h6) (Word32
h Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
h7)

step :: Registers -> Word32 -> Word32 -> Registers
step :: Registers -> Word32 -> Word32 -> Registers
step (Registers Word32
a Word32
b Word32
c Word32
d Word32
e Word32
f Word32
g Word32
h) Word32
k Word32
w =
  let t1 :: Word32
t1 = Word32
h Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32
bsig1 Word32
e Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32 -> Word32 -> Word32
ch Word32
e Word32
f Word32
g Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
k Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
w
      t2 :: Word32
t2 = Word32 -> Word32
bsig0 Word32
a Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32 -> Word32 -> Word32 -> Word32
maj Word32
a Word32
b Word32
c
  in  Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Word32
-> Registers
Registers (Word32
t1 Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
t2) Word32
a Word32
b Word32
c (Word32
d Word32 -> Word32 -> Word32
forall a. Num a => a -> a -> a
+ Word32
t1) Word32
e Word32
f Word32
g
{-# INLINE step #-}

-- RFC 6234 6.2 block pipeline
--
-- invariant:
--   the input bytestring is exactly 512 bits in length
unsafe_hash_alg :: Registers -> BS.ByteString -> Registers
unsafe_hash_alg :: Registers -> ByteString -> Registers
unsafe_hash_alg Registers
rs ByteString
bs = Registers -> Schedule -> Registers
block_hash Registers
rs (Block -> Schedule
prepare_schedule (ByteString -> Block
unsafe_parse ByteString
bs))

-- register concatenation
cat :: Registers -> BS.ByteString
cat :: Registers -> ByteString
cat Registers {Word32
h0 :: Registers -> Word32
h1 :: Registers -> Word32
h2 :: Registers -> Word32
h3 :: Registers -> Word32
h4 :: Registers -> Word32
h5 :: Registers -> Word32
h6 :: Registers -> Word32
h7 :: Registers -> Word32
h0 :: Word32
h1 :: Word32
h2 :: Word32
h3 :: Word32
h4 :: Word32
h5 :: Word32
h6 :: Word32
h7 :: Word32
..} =
      ByteString -> ByteString
BL.toStrict
      -- more efficient for small builder
    (ByteString -> ByteString)
-> (Builder -> ByteString) -> Builder -> ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. AllocationStrategy -> ByteString -> Builder -> ByteString
BE.toLazyByteStringWith (Int -> Int -> AllocationStrategy
BE.safeStrategy Int
128 Int
BE.smallChunkSize) ByteString
forall a. Monoid a => a
mempty
    (Builder -> ByteString) -> Builder -> ByteString
forall a b. (a -> b) -> a -> b
$     Word64 -> Builder
BSB.word64BE Word64
w64_0 Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE Word64
w64_1
       Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE Word64
w64_2 Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE Word64
w64_3
  where
    !w64_0 :: Word64
w64_0 = Word32 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi Word32
h0 Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
32 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|. Word32 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi Word32
h1
    !w64_1 :: Word64
w64_1 = Word32 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi Word32
h2 Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
32 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|. Word32 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi Word32
h3
    !w64_2 :: Word64
w64_2 = Word32 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi Word32
h4 Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
32 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|. Word32 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi Word32
h5
    !w64_3 :: Word64
w64_3 = Word32 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi Word32
h6 Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
32 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|. Word32 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi Word32
h7

-- | Compute a condensed representation of a strict bytestring via
--   SHA-256.
--
--   The 256-bit output digest is returned as a strict bytestring.
--
--   >>> hash "strict bytestring input"
--   "<strict 256-bit message digest>"
hash :: BS.ByteString -> BS.ByteString
hash :: ByteString -> ByteString
hash ByteString
bs = Registers -> ByteString
cat (Registers -> ByteString -> Registers
go Registers
iv (ByteString -> ByteString
pad ByteString
bs)) where
  -- proof that 'go' always terminates safely:
  --
  -- let b = pad bs
  -- then length(b) = n * 512 bits for some n >= 0                  (1)
  go :: Registers -> BS.ByteString -> Registers
  go :: Registers -> ByteString -> Registers
go !Registers
acc ByteString
b
    -- if n == 0, then 'go' terminates safely                       (2)
    | ByteString -> Bool
BS.null ByteString
b = Registers
acc
    -- if n > 0, then
    --
    -- let (c, r) = unsafe_splitAt 64 b
    -- then length(c) == 512 bits                                   by (1)
    --      length(r) == m * 512 bits for some m >= 0               by (1)
    --
    -- note 'unsafe_hash_alg' terminates safely for bytestring      (3)
    -- input of exactly 512 bits in length
    --
    -- length(c) == 512
    --   => 'unsafe_hash_alg' terminates safely                     by (3)
    --   => 'go' terminates safely                                  (4)
    -- length(r) == m * 512 bits for m >= 0
    --   => next invocation of 'go' terminates safely               by (2), (4)
    --
    -- then by induction, 'go' always terminates safely (QED)
    | Bool
otherwise = case Int -> ByteString -> SSPair
unsafe_splitAt Int
64 ByteString
b of
        SSPair ByteString
c ByteString
r -> Registers -> ByteString -> Registers
go (Registers -> ByteString -> Registers
unsafe_hash_alg Registers
acc ByteString
c) ByteString
r

-- | Compute a condensed representation of a lazy bytestring via
--   SHA-256.
--
--   The 256-bit output digest is returned as a strict bytestring.
--
--   >>> hash_lazy "lazy bytestring input"
--   "<strict 256-bit message digest>"
hash_lazy :: BL.ByteString -> BS.ByteString
hash_lazy :: ByteString -> ByteString
hash_lazy ByteString
bl = Registers -> ByteString
cat (Registers -> ByteString -> Registers
go Registers
iv (ByteString -> ByteString
pad_lazy ByteString
bl)) where
  -- proof of safety proceeds analogously
  go :: Registers -> BL.ByteString -> Registers
  go :: Registers -> ByteString -> Registers
go !Registers
acc ByteString
bs
    | ByteString -> Bool
BL.null ByteString
bs = Registers
acc
    | Bool
otherwise = case ByteString -> SLPair
splitAt64 ByteString
bs of
        SLPair ByteString
c ByteString
r -> Registers -> ByteString -> Registers
go (Registers -> ByteString -> Registers
unsafe_hash_alg Registers
acc ByteString
c) ByteString
r

-- HMAC -----------------------------------------------------------------------
-- https://datatracker.ietf.org/doc/html/rfc2104#section-2

data KeyAndLen = KeyAndLen
  {-# UNPACK #-} !BS.ByteString
  {-# UNPACK #-} !Int

-- | Produce a message authentication code for a strict bytestring,
--   based on the provided (strict, bytestring) key, via SHA-256.
--
--   The 256-bit MAC is returned as a strict bytestring.
--
--   Per RFC 2104, the key /should/ be a minimum of 32 bytes long. Keys
--   exceeding 64 bytes in length will first be hashed (via SHA-256).
--
--   >>> hmac "strict bytestring key" "strict bytestring input"
--   "<strict 256-bit MAC>"
hmac
  :: BS.ByteString -- ^ key
  -> BS.ByteString -- ^ text
  -> BS.ByteString
hmac :: ByteString -> ByteString -> ByteString
hmac mk :: ByteString
mk@(BI.PS ForeignPtr Word8
_ Int
_ Int
l) ByteString
text =
    let step1 :: ByteString
step1 = ByteString
k ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> Int -> Word8 -> ByteString
BS.replicate (Int
64 Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
lk) Word8
0x00
        step2 :: ByteString
step2 = (Word8 -> Word8) -> ByteString -> ByteString
BS.map (Word8 -> Word8 -> Word8
forall a. Bits a => a -> a -> a
B.xor Word8
0x36) ByteString
step1
        step3 :: ByteString
step3 = ByteString
step2 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> ByteString
text
        step4 :: ByteString
step4 = ByteString -> ByteString
hash ByteString
step3
        step5 :: ByteString
step5 = (Word8 -> Word8) -> ByteString -> ByteString
BS.map (Word8 -> Word8 -> Word8
forall a. Bits a => a -> a -> a
B.xor Word8
0x5C) ByteString
step1
        step6 :: ByteString
step6 = ByteString
step5 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> ByteString
step4
    in  ByteString -> ByteString
hash ByteString
step6
  where
    !(KeyAndLen ByteString
k Int
lk)
      | Int
l Int -> Int -> Bool
forall a. Ord a => a -> a -> Bool
> Int
64    = ByteString -> Int -> KeyAndLen
KeyAndLen (ByteString -> ByteString
hash ByteString
mk) Int
32
      | Bool
otherwise = ByteString -> Int -> KeyAndLen
KeyAndLen ByteString
mk Int
l

-- | Produce a message authentication code for a lazy bytestring, based
--   on the provided (strict, bytestring) key, via SHA-256.
--
--   The 256-bit MAC is returned as a strict bytestring.
--
--   Per RFC 2104, the key /should/ be a minimum of 32 bytes long. Keys
--   exceeding 64 bytes in length will first be hashed (via SHA-256).
--
--   >>> hmac_lazy "strict bytestring key" "lazy bytestring input"
--   "<strict 256-bit MAC>"
hmac_lazy
  :: BS.ByteString -- ^ key
  -> BL.ByteString -- ^ text
  -> BS.ByteString
hmac_lazy :: ByteString -> ByteString -> ByteString
hmac_lazy mk :: ByteString
mk@(BI.PS ForeignPtr Word8
_ Int
_ Int
l) ByteString
text =
    let step1 :: ByteString
step1 = ByteString
k ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> Int -> Word8 -> ByteString
BS.replicate (Int
64 Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
lk) Word8
0x00
        step2 :: ByteString
step2 = (Word8 -> Word8) -> ByteString -> ByteString
BS.map (Word8 -> Word8 -> Word8
forall a. Bits a => a -> a -> a
B.xor Word8
0x36) ByteString
step1
        step3 :: ByteString
step3 = ByteString -> ByteString
BL.fromStrict ByteString
step2 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> ByteString
text
        step4 :: ByteString
step4 = ByteString -> ByteString
hash_lazy ByteString
step3
        step5 :: ByteString
step5 = (Word8 -> Word8) -> ByteString -> ByteString
BS.map (Word8 -> Word8 -> Word8
forall a. Bits a => a -> a -> a
B.xor Word8
0x5C) ByteString
step1
        step6 :: ByteString
step6 = ByteString
step5 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> ByteString
step4
    in  ByteString -> ByteString
hash ByteString
step6
  where
    !(KeyAndLen ByteString
k Int
lk)
      | Int
l Int -> Int -> Bool
forall a. Ord a => a -> a -> Bool
> Int
64    = ByteString -> Int -> KeyAndLen
KeyAndLen (ByteString -> ByteString
hash ByteString
mk) Int
32
      | Bool
otherwise = ByteString -> Int -> KeyAndLen
KeyAndLen ByteString
mk Int
l