License | BSD-3 |
---|---|
Maintainer | Herbert Valerio Riedel <hvr@gnu.org> |
Stability | stable |
Safe Haskell | Trustworthy |
Language | Haskell2010 |
A module containing SHA-256 bindings
- newtype Ctx = Ctx ByteString
- init :: Ctx
- update :: Ctx -> ByteString -> Ctx
- updates :: Ctx -> [ByteString] -> Ctx
- finalize :: Ctx -> ByteString
- finalizeAndLength :: Ctx -> (ByteString, Word64)
- hash :: ByteString -> ByteString
- hashlazy :: ByteString -> ByteString
- hashlazyAndLength :: ByteString -> (ByteString, Word64)
- hmac :: ByteString -> ByteString -> ByteString
- hmaclazy :: ByteString -> ByteString -> ByteString
- hmaclazyAndLength :: ByteString -> ByteString -> (ByteString, Word64)
- hkdf :: ByteString -> ByteString -> ByteString -> Int -> ByteString
Incremental API
This API is based on 4 different functions, similar to the lowlevel operations of a typical hash:
init
: create a new hash contextupdate
: update non-destructively a new hash context with a strict bytestringupdates
: same as update, except that it takes a list of strict bytestringsfinalize
: finalize the context and returns a digest bytestring.
all those operations are completely pure, and instead of changing the context as usual in others language, it re-allocates a new context each time.
Example:
import qualified Data.ByteString import qualified Crypto.Hash.SHA256 as SHA256 main = print digest where digest = SHA256.finalize ctx ctx = foldl SHA256.update ctx0 (map Data.ByteString.pack [ [1,2,3], [4,5,6] ]) ctx0 = SHA256.init
SHA-256 Context
The context data is exactly 104 bytes long, however the data in the context is stored in host-endianness.
The context data is made up of
- a
Word64
representing the number of bytes already feed to hash algorithm so far, - a 64-element
Word8
buffer holding partial input-chunks, and finally - a 8-element
Word32
array holding the current work-in-progress digest-value.
Consequently, a SHA-256 digest as produced by hash
, hashlazy
, or finalize
is 32 bytes long.
finalize :: Ctx -> ByteString Source #
finalize the context into a digest bytestring (32 bytes)
finalizeAndLength :: Ctx -> (ByteString, Word64) Source #
Variant of finalize
also returning length of hashed content
Since: 0.11.101.0
Single Pass API
This API use the incremental API under the hood to provide
the common all-in-one operations to create digests out of a
ByteString
and lazy ByteString
.
hash
: create a digest (init
+update
+finalize
) from a strictByteString
hashlazy
: create a digest (init
+update
+finalize
) from a lazyByteString
hashlazyAndLength
: create a digest (init
+update
+finalizeAndLength
) from a lazyByteString
Example:
import qualified Data.ByteString import qualified Crypto.Hash.SHA256 as SHA256 main = print $ SHA256.hash (Data.ByteString.pack [0..255])
NOTE: The returned digest is a binary ByteString
. For
converting to a base16/hex encoded digest the
base16-bytestring
package is recommended.
hash :: ByteString -> ByteString Source #
hash a strict bytestring into a digest bytestring (32 bytes)
hashlazy :: ByteString -> ByteString Source #
hash a lazy bytestring into a digest bytestring (32 bytes)
hashlazyAndLength :: ByteString -> (ByteString, Word64) Source #
Variant of hashlazy
which simultaneously computes the hash and length of a lazy bytestring.
Since: 0.11.101.0
HMAC-SHA-256
:: ByteString | secret |
-> ByteString | message |
-> ByteString | digest (32 bytes) |
Compute 32-byte RFC2104-compatible HMAC-SHA-256 digest for a strict bytestring message
Since: 0.11.100.0
:: ByteString | secret |
-> ByteString | message |
-> ByteString | digest (32 bytes) |
Compute 32-byte RFC2104-compatible HMAC-SHA-256 digest for a lazy bytestring message
Since: 0.11.100.0
:: ByteString | secret |
-> ByteString | message |
-> (ByteString, Word64) | digest (32 bytes) and length of message |
Variant of hmaclazy
which also returns length of message
Since: 0.11.101.0
HKDF-SHA-256
:: ByteString | IKM Input keying material |
-> ByteString | salt Optional salt value, a non-secret random value (can be |
-> ByteString | info Optional context and application specific information (can be |
-> Int | L length of output keying material in octets (at most 255*32 bytes) |
-> ByteString | OKM Output keying material (L bytes) |
RFC6234-compatible HKDF-SHA-256 key derivation function.
Since: 0.11.101.0