sha256

Pure Haskell SHA-256, HMAC-SHA256 as specified by RFC's 6234 and 2104.
git clone git://git.ppad.tech/sha256.git
Log | Files | Refs | README | LICENSE

commit 8afe8eafcae637cce7f7dcc999926e0d11e7f174
parent 950ecaf4a78ab287d8e47120ee8412043bbad031
Author: Jared Tobin <jared@jtobin.io>
Date:   Thu, 12 Sep 2024 09:00:10 +0400

lib: don't leak space when padding

Diffstat:
Mlib/Crypto/Hash/SHA256.hs | 30+++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/lib/Crypto/Hash/SHA256.hs b/lib/Crypto/Hash/SHA256.hs @@ -66,29 +66,29 @@ word32be s = pad :: BS.ByteString -> BS.ByteString pad = BL.toStrict . pad_lazy . BL.fromStrict +-- hat tip to hackage SHA authors for traversal strategy pad_lazy :: BL.ByteString -> BL.ByteString -pad_lazy (BL.toChunks -> m) = con 0 mempty m where - con !l acc = \case - (c:cs) -> - let nl = l + fi (BS.length c) - nacc = acc <> BSB.byteString c - in con nl nacc cs - - [] -> - let k = sol l - don = fin l k (acc <> BSB.word8 0x80) - in BSB.toLazyByteString don +pad_lazy (BL.toChunks -> m) = BL.fromChunks (walk 0 m) where + -- walk chunks, calculating length and appending padding + walk !l = \case + (c:cs) -> c : walk (l + fi (BS.length c)) cs + [] -> padding l (sol l) (BSB.word8 0x80) -- k such that (l + 1 + k) mod 64 = 56 sol :: Word64 -> Word64 sol l = let r = 56 - fi l `mod` 64 - 1 :: Integer -- fi prevents underflow in fi (if r < 0 then r + 64 else r) - fin l k acc - | k == 0 = acc <> BSB.word64BE (l * 8) + -- construct padding + padding l k bs + | k == 0 = + pure + . BL.toStrict + . BSB.toLazyByteString + $ bs <> BSB.word64BE (l * 8) | otherwise = - let nacc = acc <> BSB.word8 0x00 - in fin l (pred k) nacc + let nacc = bs <> BSB.word8 0x00 + in padding l (pred k) nacc -- functions and constants used -- https://datatracker.ietf.org/doc/html/rfc6234#section-5.1