{-# OPTIONS_GHC -funbox-small-strict-fields #-}
{-# LANGUAGE BangPatterns #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE ViewPatterns #-}

-- |
-- Module: Crypto.Hash.SHA512
-- Copyright: (c) 2024 Jared Tobin
-- License: MIT
-- Maintainer: Jared Tobin <jared@ppad.tech>
--
-- Pure SHA-512 and HMAC-SHA512 implementations for
-- strict and lazy ByteStrings, as specified by RFC's
-- [6234](https://datatracker.ietf.org/doc/html/rfc6234) and
-- [2104](https://datatracker.ietf.org/doc/html/rfc2104).

module Crypto.Hash.SHA512 (
  -- * SHA-512 message digest functions
    hash
  , hash_lazy

  -- * SHA512-based MAC functions
  , hmac
  , hmac_lazy
  ) where


import qualified Data.Bits as B
import Data.Bits ((.|.), (.&.))
import qualified Data.ByteString as BS
import qualified Data.ByteString.Builder as BSB
import qualified Data.ByteString.Builder.Extra as BE
import qualified Data.ByteString.Internal as BI
import qualified Data.ByteString.Lazy as BL
import qualified Data.ByteString.Lazy.Internal as BLI
import qualified Data.ByteString.Unsafe as BU
import Data.Word (Word64)
import Foreign.ForeignPtr (plusForeignPtr)

-- preliminary utils ----------------------------------------------------------

-- keystroke saver
fi :: (Integral a, Num b) => a -> b
fi :: forall a b. (Integral a, Num b) => a -> b
fi = a -> b
forall a b. (Integral a, Num b) => a -> b
fromIntegral
{-# INLINE fi #-}

-- parse strict ByteString in BE order to Word64 (verbatim from
-- Data.Binary)
--
-- invariant:
--   the input bytestring is at least 64 bits in length
unsafe_word64be :: BS.ByteString -> Word64
unsafe_word64be :: ByteString -> Word64
unsafe_word64be ByteString
s =
  (Word8 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
0) Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
56) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
1) Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
48) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
2) Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
40) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
3) Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
32) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
4) Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
24) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
5) Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL` Int
16) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
6) Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
`B.unsafeShiftL`  Int
8) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|.
  (Word8 -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString
s ByteString -> Int -> Word8
`BU.unsafeIndex` Int
7) )
{-# INLINE unsafe_word64be #-}

-- utility types for more efficient ByteString management

data SSPair = SSPair
  {-# UNPACK #-} !BS.ByteString
  {-# UNPACK #-} !BS.ByteString

data SLPair = SLPair {-# UNPACK #-} !BS.ByteString !BL.ByteString

data WSPair = WSPair {-# UNPACK #-} !Word64 {-# UNPACK #-} !BS.ByteString

-- unsafe version of splitAt that does no bounds checking
--
-- invariant:
--   0 <= n <= l
unsafe_splitAt :: Int -> BS.ByteString -> SSPair
unsafe_splitAt :: Int -> ByteString -> SSPair
unsafe_splitAt Int
n (BI.BS ForeignPtr Word8
x Int
l) =
  ByteString -> ByteString -> SSPair
SSPair (ForeignPtr Word8 -> Int -> ByteString
BI.BS ForeignPtr Word8
x Int
n) (ForeignPtr Word8 -> Int -> ByteString
BI.BS (ForeignPtr Word8 -> Int -> ForeignPtr Word8
forall a b. ForeignPtr a -> Int -> ForeignPtr b
plusForeignPtr ForeignPtr Word8
x Int
n) (Int
l Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
n))

-- variant of Data.ByteString.Lazy.splitAt that returns the initial
-- component as a strict, unboxed ByteString
splitAt128 :: BL.ByteString -> SLPair
splitAt128 :: ByteString -> SLPair
splitAt128 = Int -> ByteString -> SLPair
splitAt' (Int
128 :: Int) where
  splitAt' :: Int -> ByteString -> SLPair
splitAt' Int
_ ByteString
BLI.Empty        = ByteString -> ByteString -> SLPair
SLPair ByteString
forall a. Monoid a => a
mempty ByteString
BLI.Empty
  splitAt' Int
n (BLI.Chunk ByteString
c ByteString
cs) =
    if    Int
n Int -> Int -> Bool
forall a. Ord a => a -> a -> Bool
< ByteString -> Int
BS.length ByteString
c
    then
      -- n < BS.length c, so unsafe_splitAt is safe
      let !(SSPair ByteString
c0 ByteString
c1) = Int -> ByteString -> SSPair
unsafe_splitAt Int
n ByteString
c
      in  ByteString -> ByteString -> SLPair
SLPair ByteString
c0 (ByteString -> ByteString -> ByteString
BLI.Chunk ByteString
c1 ByteString
cs)
    else
      let SLPair ByteString
cs' ByteString
cs'' = Int -> ByteString -> SLPair
splitAt' (Int
n Int -> Int -> Int
forall a. Num a => a -> a -> a
- ByteString -> Int
BS.length ByteString
c) ByteString
cs
      in  ByteString -> ByteString -> SLPair
SLPair (ByteString
c ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> ByteString
cs') ByteString
cs''

-- variant of Data.ByteString.splitAt that behaves like an incremental
-- Word64 parser
--
-- invariant:
--   the input bytestring is at least 64 bits in length
unsafe_parseWsPair :: BS.ByteString -> WSPair
unsafe_parseWsPair :: ByteString -> WSPair
unsafe_parseWsPair (BI.BS ForeignPtr Word8
x Int
l) =
  Word64 -> ByteString -> WSPair
WSPair (ByteString -> Word64
unsafe_word64be (ForeignPtr Word8 -> Int -> ByteString
BI.BS ForeignPtr Word8
x Int
8)) (ForeignPtr Word8 -> Int -> ByteString
BI.BS (ForeignPtr Word8 -> Int -> ForeignPtr Word8
forall a b. ForeignPtr a -> Int -> ForeignPtr b
plusForeignPtr ForeignPtr Word8
x Int
8) (Int
l Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
8))
{-# INLINE unsafe_parseWsPair #-}

-- message padding and parsing ------------------------------------------------
-- https://datatracker.ietf.org/doc/html/rfc6234#section-4.1

-- k such that (l + 1 + k) mod 128 = 112
sol :: Word64 -> Word64
sol :: Word64 -> Word64
sol Word64
l =
  let r :: Integer
r = Integer
112 Integer -> Integer -> Integer
forall a. Num a => a -> a -> a
- Word64 -> Integer
forall a b. (Integral a, Num b) => a -> b
fi Word64
l Integer -> Integer -> Integer
forall a. Integral a => a -> a -> a
`mod` Integer
128 Integer -> Integer -> Integer
forall a. Num a => a -> a -> a
- Integer
1 :: Integer -- fi prevents underflow
  in  Integer -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (if Integer
r Integer -> Integer -> Bool
forall a. Ord a => a -> a -> Bool
< Integer
0 then Integer
r Integer -> Integer -> Integer
forall a. Num a => a -> a -> a
+ Integer
128 else Integer
r)

-- XX doesn't properly handle (> maxBound :: Word64) length

-- RFC 6234 4.1 (strict)
pad :: BS.ByteString -> BS.ByteString
pad :: ByteString -> ByteString
pad ByteString
m = ByteString -> ByteString
BL.toStrict (ByteString -> ByteString)
-> (Builder -> ByteString) -> Builder -> ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Builder -> ByteString
BSB.toLazyByteString (Builder -> ByteString) -> Builder -> ByteString
forall a b. (a -> b) -> a -> b
$ Builder
padded where
  l :: Word64
l = Int -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString -> Int
BS.length ByteString
m)
  padded :: Builder
padded = ByteString -> Builder
BSB.byteString ByteString
m Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder -> Builder
forall {t}. (Eq t, Num t, Enum t) => t -> Builder -> Builder
fill (Word64 -> Word64
sol Word64
l) (Word8 -> Builder
BSB.word8 Word8
0x80)

  fill :: t -> Builder -> Builder
fill t
j !Builder
acc
    | t
j t -> t -> Bool
forall a. Eq a => a -> a -> Bool
== t
0 = Builder
acc Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE Word64
0x00 Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE (Word64
l Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
* Word64
8)
    | Bool
otherwise = t -> Builder -> Builder
fill (t -> t
forall a. Enum a => a -> a
pred t
j) (Builder
acc Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word8 -> Builder
BSB.word8 Word8
0x00)

-- RFC 6234 4.1 (lazy)
pad_lazy :: BL.ByteString -> BL.ByteString
pad_lazy :: ByteString -> ByteString
pad_lazy (ByteString -> [ByteString]
BL.toChunks -> [ByteString]
m) = [ByteString] -> ByteString
BL.fromChunks (Word64 -> [ByteString] -> [ByteString]
walk Word64
0 [ByteString]
m) where
  walk :: Word64 -> [ByteString] -> [ByteString]
walk !Word64
l [ByteString]
bs = case [ByteString]
bs of
    (ByteString
c:[ByteString]
cs) -> ByteString
c ByteString -> [ByteString] -> [ByteString]
forall a. a -> [a] -> [a]
: Word64 -> [ByteString] -> [ByteString]
walk (Word64
l Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Int -> Word64
forall a b. (Integral a, Num b) => a -> b
fi (ByteString -> Int
BS.length ByteString
c)) [ByteString]
cs
    [] -> Word64 -> Word64 -> Builder -> [ByteString]
forall {t} {f :: * -> *}.
(Eq t, Num t, Applicative f, Enum t) =>
Word64 -> t -> Builder -> f ByteString
padding Word64
l (Word64 -> Word64
sol Word64
l) (Word8 -> Builder
BSB.word8 Word8
0x80)

  padding :: Word64 -> t -> Builder -> f ByteString
padding Word64
l t
k Builder
bs
    | t
k t -> t -> Bool
forall a. Eq a => a -> a -> Bool
== t
0 =
          ByteString -> f ByteString
forall a. a -> f a
forall (f :: * -> *) a. Applicative f => a -> f a
pure
        (ByteString -> f ByteString)
-> (Builder -> ByteString) -> Builder -> f ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ByteString -> ByteString
BL.toStrict
          -- more efficient for small builder
        (ByteString -> ByteString)
-> (Builder -> ByteString) -> Builder -> ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. AllocationStrategy -> ByteString -> Builder -> ByteString
BE.toLazyByteStringWith
            (Int -> Int -> AllocationStrategy
BE.safeStrategy Int
128 Int
BE.smallChunkSize) ByteString
forall a. Monoid a => a
mempty
        (Builder -> f ByteString) -> Builder -> f ByteString
forall a b. (a -> b) -> a -> b
$ Builder
bs Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE Word64
0x00 Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word64 -> Builder
BSB.word64BE (Word64
l Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
* Word64
8)
    | Bool
otherwise =
        let nacc :: Builder
nacc = Builder
bs Builder -> Builder -> Builder
forall a. Semigroup a => a -> a -> a
<> Word8 -> Builder
BSB.word8 Word8
0x00
        in  Word64 -> t -> Builder -> f ByteString
padding Word64
l (t -> t
forall a. Enum a => a -> a
pred t
k) Builder
nacc

-- functions and constants used -----------------------------------------------
-- https://datatracker.ietf.org/doc/html/rfc6234#section-5.1

ch :: Word64 -> Word64 -> Word64 -> Word64
ch :: Word64 -> Word64 -> Word64 -> Word64
ch Word64
x Word64
y Word64
z = (Word64
x Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.&. Word64
y) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` (Word64 -> Word64
forall a. Bits a => a -> a
B.complement Word64
x Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.&. Word64
z)
{-# INLINE ch #-}

-- credit to SHA authors for the following optimisation. their text:
--
-- > note:
-- >   the original functions is (x & y) ^ (x & z) ^ (y & z)
-- >   if you fire off truth tables, this is equivalent to
-- >     (x & y) | (x & z) | (y & z)
-- >   which you can the use distribution on:
-- >     (x & (y | z)) | (y & z)
-- >   which saves us one operation.
maj :: Word64 -> Word64 -> Word64 -> Word64
maj :: Word64 -> Word64 -> Word64 -> Word64
maj Word64
x Word64
y Word64
z = (Word64
x Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.&. (Word64
y Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|. Word64
z)) Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.|. (Word64
y Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
.&. Word64
z)
{-# INLINE maj #-}

bsig0 :: Word64 -> Word64
bsig0 :: Word64 -> Word64
bsig0 Word64
x = Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
28 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
34 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
39
{-# INLINE bsig0 #-}

bsig1 :: Word64 -> Word64
bsig1 :: Word64 -> Word64
bsig1 Word64
x = Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
14 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
18 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
41
{-# INLINE bsig1 #-}

ssig0 :: Word64 -> Word64
ssig0 :: Word64 -> Word64
ssig0 Word64
x = Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
1 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
8 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.unsafeShiftR Word64
x Int
7
{-# INLINE ssig0 #-}

ssig1 :: Word64 -> Word64
ssig1 :: Word64 -> Word64
ssig1 Word64
x = Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
19 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.rotateR Word64
x Int
61 Word64 -> Word64 -> Word64
forall a. Bits a => a -> a -> a
`B.xor` Word64 -> Int -> Word64
forall a. Bits a => a -> Int -> a
B.unsafeShiftR Word64
x Int
6
{-# INLINE ssig1 #-}

data Schedule = Schedule {
    Schedule -> Word64
w00 :: !Word64, Schedule -> Word64
w01 :: !Word64, Schedule -> Word64
w02 :: !Word64, Schedule -> Word64
w03 :: !Word64
  , Schedule -> Word64
w04 :: !Word64, Schedule -> Word64
w05 :: !Word64, Schedule -> Word64
w06 :: !Word64, Schedule -> Word64
w07 :: !Word64
  , Schedule -> Word64
w08 :: !Word64, Schedule -> Word64
w09 :: !Word64, Schedule -> Word64
w10 :: !Word64, Schedule -> Word64
w11 :: !Word64
  , Schedule -> Word64
w12 :: !Word64, Schedule -> Word64
w13 :: !Word64, Schedule -> Word64
w14 :: !Word64, Schedule -> Word64
w15 :: !Word64
  , Schedule -> Word64
w16 :: !Word64, Schedule -> Word64
w17 :: !Word64, Schedule -> Word64
w18 :: !Word64, Schedule -> Word64
w19 :: !Word64
  , Schedule -> Word64
w20 :: !Word64, Schedule -> Word64
w21 :: !Word64, Schedule -> Word64
w22 :: !Word64, Schedule -> Word64
w23 :: !Word64
  , Schedule -> Word64
w24 :: !Word64, Schedule -> Word64
w25 :: !Word64, Schedule -> Word64
w26 :: !Word64, Schedule -> Word64
w27 :: !Word64
  , Schedule -> Word64
w28 :: !Word64, Schedule -> Word64
w29 :: !Word64, Schedule -> Word64
w30 :: !Word64, Schedule -> Word64
w31 :: !Word64
  , Schedule -> Word64
w32 :: !Word64, Schedule -> Word64
w33 :: !Word64, Schedule -> Word64
w34 :: !Word64, Schedule -> Word64
w35 :: !Word64
  , Schedule -> Word64
w36 :: !Word64, Schedule -> Word64
w37 :: !Word64, Schedule -> Word64
w38 :: !Word64, Schedule -> Word64
w39 :: !Word64
  , Schedule -> Word64
w40 :: !Word64, Schedule -> Word64
w41 :: !Word64, Schedule -> Word64
w42 :: !Word64, Schedule -> Word64
w43 :: !Word64
  , Schedule -> Word64
w44 :: !Word64, Schedule -> Word64
w45 :: !Word64, Schedule -> Word64
w46 :: !Word64, Schedule -> Word64
w47 :: !Word64
  , Schedule -> Word64
w48 :: !Word64, Schedule -> Word64
w49 :: !Word64, Schedule -> Word64
w50 :: !Word64, Schedule -> Word64
w51 :: !Word64
  , Schedule -> Word64
w52 :: !Word64, Schedule -> Word64
w53 :: !Word64, Schedule -> Word64
w54 :: !Word64, Schedule -> Word64
w55 :: !Word64
  , Schedule -> Word64
w56 :: !Word64, Schedule -> Word64
w57 :: !Word64, Schedule -> Word64
w58 :: !Word64, Schedule -> Word64
w59 :: !Word64
  , Schedule -> Word64
w60 :: !Word64, Schedule -> Word64
w61 :: !Word64, Schedule -> Word64
w62 :: !Word64, Schedule -> Word64
w63 :: !Word64
  , Schedule -> Word64
w64 :: !Word64, Schedule -> Word64
w65 :: !Word64, Schedule -> Word64
w66 :: !Word64, Schedule -> Word64
w67 :: !Word64
  , Schedule -> Word64
w68 :: !Word64, Schedule -> Word64
w69 :: !Word64, Schedule -> Word64
w70 :: !Word64, Schedule -> Word64
w71 :: !Word64
  , Schedule -> Word64
w72 :: !Word64, Schedule -> Word64
w73 :: !Word64, Schedule -> Word64
w74 :: !Word64, Schedule -> Word64
w75 :: !Word64
  , Schedule -> Word64
w76 :: !Word64, Schedule -> Word64
w77 :: !Word64, Schedule -> Word64
w78 :: !Word64, Schedule -> Word64
w79 :: !Word64
  }

-- initialization -------------------------------------------------------------
-- https://datatracker.ietf.org/doc/html/rfc6234#section-6.1

data Registers = Registers {
    Registers -> Word64
h0 :: !Word64, Registers -> Word64
h1 :: !Word64, Registers -> Word64
h2 :: !Word64, Registers -> Word64
h3 :: !Word64
  , Registers -> Word64
h4 :: !Word64, Registers -> Word64
h5 :: !Word64, Registers -> Word64
h6 :: !Word64, Registers -> Word64
h7 :: !Word64
  }

-- first 64 bits of the fractional parts of the square roots of the
-- first eight primes
iv :: Registers
iv :: Registers
iv = Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Registers
Registers
  Word64
0x6a09e667f3bcc908 Word64
0xbb67ae8584caa73b Word64
0x3c6ef372fe94f82b Word64
0xa54ff53a5f1d36f1
  Word64
0x510e527fade682d1 Word64
0x9b05688c2b3e6c1f Word64
0x1f83d9abfb41bd6b Word64
0x5be0cd19137e2179

-- processing -----------------------------------------------------------------
-- https://datatracker.ietf.org/doc/html/rfc6234#section-6.2

data Block = Block {
    Block -> Word64
m00 :: !Word64, Block -> Word64
m01 :: !Word64, Block -> Word64
m02 :: !Word64, Block -> Word64
m03 :: !Word64
  , Block -> Word64
m04 :: !Word64, Block -> Word64
m05 :: !Word64, Block -> Word64
m06 :: !Word64, Block -> Word64
m07 :: !Word64
  , Block -> Word64
m08 :: !Word64, Block -> Word64
m09 :: !Word64, Block -> Word64
m10 :: !Word64, Block -> Word64
m11 :: !Word64
  , Block -> Word64
m12 :: !Word64, Block -> Word64
m13 :: !Word64, Block -> Word64
m14 :: !Word64, Block -> Word64
m15 :: !Word64
  }

-- parse strict bytestring to block
--
-- invariant:
--   the input bytestring is exactly 1024 bits long
unsafe_parse :: BS.ByteString -> Block
unsafe_parse :: ByteString -> Block
unsafe_parse ByteString
bs =
  let !(WSPair Word64
m00 ByteString
t00) = ByteString -> WSPair
unsafe_parseWsPair ByteString
bs
      !(WSPair Word64
m01 ByteString
t01) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t00
      !(WSPair Word64
m02 ByteString
t02) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t01
      !(WSPair Word64
m03 ByteString
t03) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t02
      !(WSPair Word64
m04 ByteString
t04) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t03
      !(WSPair Word64
m05 ByteString
t05) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t04
      !(WSPair Word64
m06 ByteString
t06) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t05
      !(WSPair Word64
m07 ByteString
t07) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t06
      !(WSPair Word64
m08 ByteString
t08) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t07
      !(WSPair Word64
m09 ByteString
t09) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t08
      !(WSPair Word64
m10 ByteString
t10) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t09
      !(WSPair Word64
m11 ByteString
t11) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t10
      !(WSPair Word64
m12 ByteString
t12) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t11
      !(WSPair Word64
m13 ByteString
t13) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t12
      !(WSPair Word64
m14 ByteString
t14) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t13
      !(WSPair Word64
m15 ByteString
t15) = ByteString -> WSPair
unsafe_parseWsPair ByteString
t14
  in  if   ByteString -> Bool
BS.null ByteString
t15
      then Block {Word64
m00 :: Word64
m01 :: Word64
m02 :: Word64
m03 :: Word64
m04 :: Word64
m05 :: Word64
m06 :: Word64
m07 :: Word64
m08 :: Word64
m09 :: Word64
m10 :: Word64
m11 :: Word64
m12 :: Word64
m13 :: Word64
m14 :: Word64
m15 :: Word64
m00 :: Word64
m01 :: Word64
m02 :: Word64
m03 :: Word64
m04 :: Word64
m05 :: Word64
m06 :: Word64
m07 :: Word64
m08 :: Word64
m09 :: Word64
m10 :: Word64
m11 :: Word64
m12 :: Word64
m13 :: Word64
m14 :: Word64
m15 :: Word64
..}
      else [Char] -> Block
forall a. HasCallStack => [Char] -> a
error [Char]
"ppad-sha512: internal error (bytes remaining)"

-- RFC 6234 6.2 step 1
prepare_schedule :: Block -> Schedule
prepare_schedule :: Block -> Schedule
prepare_schedule Block {Word64
m00 :: Block -> Word64
m01 :: Block -> Word64
m02 :: Block -> Word64
m03 :: Block -> Word64
m04 :: Block -> Word64
m05 :: Block -> Word64
m06 :: Block -> Word64
m07 :: Block -> Word64
m08 :: Block -> Word64
m09 :: Block -> Word64
m10 :: Block -> Word64
m11 :: Block -> Word64
m12 :: Block -> Word64
m13 :: Block -> Word64
m14 :: Block -> Word64
m15 :: Block -> Word64
m00 :: Word64
m01 :: Word64
m02 :: Word64
m03 :: Word64
m04 :: Word64
m05 :: Word64
m06 :: Word64
m07 :: Word64
m08 :: Word64
m09 :: Word64
m10 :: Word64
m11 :: Word64
m12 :: Word64
m13 :: Word64
m14 :: Word64
m15 :: Word64
..} = Schedule {Word64
w00 :: Word64
w01 :: Word64
w02 :: Word64
w03 :: Word64
w04 :: Word64
w05 :: Word64
w06 :: Word64
w07 :: Word64
w08 :: Word64
w09 :: Word64
w10 :: Word64
w11 :: Word64
w12 :: Word64
w13 :: Word64
w14 :: Word64
w15 :: Word64
w16 :: Word64
w17 :: Word64
w18 :: Word64
w19 :: Word64
w20 :: Word64
w21 :: Word64
w22 :: Word64
w23 :: Word64
w24 :: Word64
w25 :: Word64
w26 :: Word64
w27 :: Word64
w28 :: Word64
w29 :: Word64
w30 :: Word64
w31 :: Word64
w32 :: Word64
w33 :: Word64
w34 :: Word64
w35 :: Word64
w36 :: Word64
w37 :: Word64
w38 :: Word64
w39 :: Word64
w40 :: Word64
w41 :: Word64
w42 :: Word64
w43 :: Word64
w44 :: Word64
w45 :: Word64
w46 :: Word64
w47 :: Word64
w48 :: Word64
w49 :: Word64
w50 :: Word64
w51 :: Word64
w52 :: Word64
w53 :: Word64
w54 :: Word64
w55 :: Word64
w56 :: Word64
w57 :: Word64
w58 :: Word64
w59 :: Word64
w60 :: Word64
w61 :: Word64
w62 :: Word64
w63 :: Word64
w64 :: Word64
w65 :: Word64
w66 :: Word64
w67 :: Word64
w68 :: Word64
w69 :: Word64
w70 :: Word64
w71 :: Word64
w72 :: Word64
w73 :: Word64
w74 :: Word64
w75 :: Word64
w76 :: Word64
w77 :: Word64
w78 :: Word64
w79 :: Word64
w00 :: Word64
w01 :: Word64
w02 :: Word64
w03 :: Word64
w04 :: Word64
w05 :: Word64
w06 :: Word64
w07 :: Word64
w08 :: Word64
w09 :: Word64
w10 :: Word64
w11 :: Word64
w12 :: Word64
w13 :: Word64
w14 :: Word64
w15 :: Word64
w16 :: Word64
w17 :: Word64
w18 :: Word64
w19 :: Word64
w20 :: Word64
w21 :: Word64
w22 :: Word64
w23 :: Word64
w24 :: Word64
w25 :: Word64
w26 :: Word64
w27 :: Word64
w28 :: Word64
w29 :: Word64
w30 :: Word64
w31 :: Word64
w32 :: Word64
w33 :: Word64
w34 :: Word64
w35 :: Word64
w36 :: Word64
w37 :: Word64
w38 :: Word64
w39 :: Word64
w40 :: Word64
w41 :: Word64
w42 :: Word64
w43 :: Word64
w44 :: Word64
w45 :: Word64
w46 :: Word64
w47 :: Word64
w48 :: Word64
w49 :: Word64
w50 :: Word64
w51 :: Word64
w52 :: Word64
w53 :: Word64
w54 :: Word64
w55 :: Word64
w56 :: Word64
w57 :: Word64
w58 :: Word64
w59 :: Word64
w60 :: Word64
w61 :: Word64
w62 :: Word64
w63 :: Word64
w64 :: Word64
w65 :: Word64
w66 :: Word64
w67 :: Word64
w68 :: Word64
w69 :: Word64
w70 :: Word64
w71 :: Word64
w72 :: Word64
w73 :: Word64
w74 :: Word64
w75 :: Word64
w76 :: Word64
w77 :: Word64
w78 :: Word64
w79 :: Word64
..} where
  w00 :: Word64
w00 = Word64
m00; w01 :: Word64
w01 = Word64
m01; w02 :: Word64
w02 = Word64
m02; w03 :: Word64
w03 = Word64
m03
  w04 :: Word64
w04 = Word64
m04; w05 :: Word64
w05 = Word64
m05; w06 :: Word64
w06 = Word64
m06; w07 :: Word64
w07 = Word64
m07
  w08 :: Word64
w08 = Word64
m08; w09 :: Word64
w09 = Word64
m09; w10 :: Word64
w10 = Word64
m10; w11 :: Word64
w11 = Word64
m11
  w12 :: Word64
w12 = Word64
m12; w13 :: Word64
w13 = Word64
m13; w14 :: Word64
w14 = Word64
m14; w15 :: Word64
w15 = Word64
m15
  w16 :: Word64
w16 = Word64 -> Word64
ssig1 Word64
w14 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w09 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w01 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w00
  w17 :: Word64
w17 = Word64 -> Word64
ssig1 Word64
w15 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w10 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w02 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w01
  w18 :: Word64
w18 = Word64 -> Word64
ssig1 Word64
w16 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w11 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w03 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w02
  w19 :: Word64
w19 = Word64 -> Word64
ssig1 Word64
w17 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w12 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w04 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w03
  w20 :: Word64
w20 = Word64 -> Word64
ssig1 Word64
w18 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w13 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w05 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w04
  w21 :: Word64
w21 = Word64 -> Word64
ssig1 Word64
w19 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w14 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w06 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w05
  w22 :: Word64
w22 = Word64 -> Word64
ssig1 Word64
w20 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w15 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w07 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w06
  w23 :: Word64
w23 = Word64 -> Word64
ssig1 Word64
w21 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w16 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w08 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w07
  w24 :: Word64
w24 = Word64 -> Word64
ssig1 Word64
w22 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w17 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w09 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w08
  w25 :: Word64
w25 = Word64 -> Word64
ssig1 Word64
w23 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w18 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w10 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w09
  w26 :: Word64
w26 = Word64 -> Word64
ssig1 Word64
w24 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w19 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w11 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w10
  w27 :: Word64
w27 = Word64 -> Word64
ssig1 Word64
w25 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w20 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w12 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w11
  w28 :: Word64
w28 = Word64 -> Word64
ssig1 Word64
w26 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w21 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w13 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w12
  w29 :: Word64
w29 = Word64 -> Word64
ssig1 Word64
w27 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w22 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w14 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w13
  w30 :: Word64
w30 = Word64 -> Word64
ssig1 Word64
w28 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w23 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w15 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w14
  w31 :: Word64
w31 = Word64 -> Word64
ssig1 Word64
w29 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w24 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w16 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w15
  w32 :: Word64
w32 = Word64 -> Word64
ssig1 Word64
w30 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w25 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w17 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w16
  w33 :: Word64
w33 = Word64 -> Word64
ssig1 Word64
w31 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w26 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w18 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w17
  w34 :: Word64
w34 = Word64 -> Word64
ssig1 Word64
w32 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w27 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w19 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w18
  w35 :: Word64
w35 = Word64 -> Word64
ssig1 Word64
w33 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w28 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w20 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w19
  w36 :: Word64
w36 = Word64 -> Word64
ssig1 Word64
w34 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w29 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w21 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w20
  w37 :: Word64
w37 = Word64 -> Word64
ssig1 Word64
w35 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w30 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w22 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w21
  w38 :: Word64
w38 = Word64 -> Word64
ssig1 Word64
w36 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w31 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w23 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w22
  w39 :: Word64
w39 = Word64 -> Word64
ssig1 Word64
w37 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w32 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w24 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w23
  w40 :: Word64
w40 = Word64 -> Word64
ssig1 Word64
w38 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w33 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w25 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w24
  w41 :: Word64
w41 = Word64 -> Word64
ssig1 Word64
w39 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w34 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w26 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w25
  w42 :: Word64
w42 = Word64 -> Word64
ssig1 Word64
w40 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w35 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w27 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w26
  w43 :: Word64
w43 = Word64 -> Word64
ssig1 Word64
w41 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w36 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w28 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w27
  w44 :: Word64
w44 = Word64 -> Word64
ssig1 Word64
w42 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w37 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w29 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w28
  w45 :: Word64
w45 = Word64 -> Word64
ssig1 Word64
w43 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w38 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w30 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w29
  w46 :: Word64
w46 = Word64 -> Word64
ssig1 Word64
w44 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w39 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w31 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w30
  w47 :: Word64
w47 = Word64 -> Word64
ssig1 Word64
w45 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w40 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w32 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w31
  w48 :: Word64
w48 = Word64 -> Word64
ssig1 Word64
w46 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w41 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w33 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w32
  w49 :: Word64
w49 = Word64 -> Word64
ssig1 Word64
w47 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w42 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w34 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w33
  w50 :: Word64
w50 = Word64 -> Word64
ssig1 Word64
w48 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w43 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w35 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w34
  w51 :: Word64
w51 = Word64 -> Word64
ssig1 Word64
w49 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w44 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w36 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w35
  w52 :: Word64
w52 = Word64 -> Word64
ssig1 Word64
w50 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w45 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w37 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w36
  w53 :: Word64
w53 = Word64 -> Word64
ssig1 Word64
w51 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w46 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w38 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w37
  w54 :: Word64
w54 = Word64 -> Word64
ssig1 Word64
w52 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w47 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w39 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w38
  w55 :: Word64
w55 = Word64 -> Word64
ssig1 Word64
w53 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w48 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w40 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w39
  w56 :: Word64
w56 = Word64 -> Word64
ssig1 Word64
w54 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w49 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w41 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w40
  w57 :: Word64
w57 = Word64 -> Word64
ssig1 Word64
w55 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w50 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w42 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w41
  w58 :: Word64
w58 = Word64 -> Word64
ssig1 Word64
w56 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w51 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w43 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w42
  w59 :: Word64
w59 = Word64 -> Word64
ssig1 Word64
w57 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w52 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w44 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w43
  w60 :: Word64
w60 = Word64 -> Word64
ssig1 Word64
w58 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w53 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w45 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w44
  w61 :: Word64
w61 = Word64 -> Word64
ssig1 Word64
w59 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w54 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w46 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w45
  w62 :: Word64
w62 = Word64 -> Word64
ssig1 Word64
w60 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w55 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w47 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w46
  w63 :: Word64
w63 = Word64 -> Word64
ssig1 Word64
w61 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w56 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w48 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w47
  w64 :: Word64
w64 = Word64 -> Word64
ssig1 Word64
w62 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w57 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w49 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w48
  w65 :: Word64
w65 = Word64 -> Word64
ssig1 Word64
w63 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w58 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w50 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w49
  w66 :: Word64
w66 = Word64 -> Word64
ssig1 Word64
w64 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w59 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w51 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w50
  w67 :: Word64
w67 = Word64 -> Word64
ssig1 Word64
w65 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w60 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w52 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w51
  w68 :: Word64
w68 = Word64 -> Word64
ssig1 Word64
w66 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w61 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w53 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w52
  w69 :: Word64
w69 = Word64 -> Word64
ssig1 Word64
w67 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w62 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w54 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w53
  w70 :: Word64
w70 = Word64 -> Word64
ssig1 Word64
w68 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w63 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w55 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w54
  w71 :: Word64
w71 = Word64 -> Word64
ssig1 Word64
w69 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w64 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w56 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w55
  w72 :: Word64
w72 = Word64 -> Word64
ssig1 Word64
w70 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w65 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w57 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w56
  w73 :: Word64
w73 = Word64 -> Word64
ssig1 Word64
w71 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w66 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w58 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w57
  w74 :: Word64
w74 = Word64 -> Word64
ssig1 Word64
w72 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w67 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w59 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w58
  w75 :: Word64
w75 = Word64 -> Word64
ssig1 Word64
w73 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w68 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w60 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w59
  w76 :: Word64
w76 = Word64 -> Word64
ssig1 Word64
w74 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w69 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w61 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w60
  w77 :: Word64
w77 = Word64 -> Word64
ssig1 Word64
w75 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w70 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w62 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w61
  w78 :: Word64
w78 = Word64 -> Word64
ssig1 Word64
w76 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w71 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w63 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w62
  w79 :: Word64
w79 = Word64 -> Word64
ssig1 Word64
w77 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w72 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
ssig0 Word64
w64 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w63

-- RFC 6234 6.2 steps 2, 3, 4
block_hash :: Registers -> Schedule -> Registers
block_hash :: Registers -> Schedule -> Registers
block_hash r00 :: Registers
r00@Registers {Word64
h0 :: Registers -> Word64
h1 :: Registers -> Word64
h2 :: Registers -> Word64
h3 :: Registers -> Word64
h4 :: Registers -> Word64
h5 :: Registers -> Word64
h6 :: Registers -> Word64
h7 :: Registers -> Word64
h0 :: Word64
h1 :: Word64
h2 :: Word64
h3 :: Word64
h4 :: Word64
h5 :: Word64
h6 :: Word64
h7 :: Word64
..} Schedule {Word64
w00 :: Schedule -> Word64
w01 :: Schedule -> Word64
w02 :: Schedule -> Word64
w03 :: Schedule -> Word64
w04 :: Schedule -> Word64
w05 :: Schedule -> Word64
w06 :: Schedule -> Word64
w07 :: Schedule -> Word64
w08 :: Schedule -> Word64
w09 :: Schedule -> Word64
w10 :: Schedule -> Word64
w11 :: Schedule -> Word64
w12 :: Schedule -> Word64
w13 :: Schedule -> Word64
w14 :: Schedule -> Word64
w15 :: Schedule -> Word64
w16 :: Schedule -> Word64
w17 :: Schedule -> Word64
w18 :: Schedule -> Word64
w19 :: Schedule -> Word64
w20 :: Schedule -> Word64
w21 :: Schedule -> Word64
w22 :: Schedule -> Word64
w23 :: Schedule -> Word64
w24 :: Schedule -> Word64
w25 :: Schedule -> Word64
w26 :: Schedule -> Word64
w27 :: Schedule -> Word64
w28 :: Schedule -> Word64
w29 :: Schedule -> Word64
w30 :: Schedule -> Word64
w31 :: Schedule -> Word64
w32 :: Schedule -> Word64
w33 :: Schedule -> Word64
w34 :: Schedule -> Word64
w35 :: Schedule -> Word64
w36 :: Schedule -> Word64
w37 :: Schedule -> Word64
w38 :: Schedule -> Word64
w39 :: Schedule -> Word64
w40 :: Schedule -> Word64
w41 :: Schedule -> Word64
w42 :: Schedule -> Word64
w43 :: Schedule -> Word64
w44 :: Schedule -> Word64
w45 :: Schedule -> Word64
w46 :: Schedule -> Word64
w47 :: Schedule -> Word64
w48 :: Schedule -> Word64
w49 :: Schedule -> Word64
w50 :: Schedule -> Word64
w51 :: Schedule -> Word64
w52 :: Schedule -> Word64
w53 :: Schedule -> Word64
w54 :: Schedule -> Word64
w55 :: Schedule -> Word64
w56 :: Schedule -> Word64
w57 :: Schedule -> Word64
w58 :: Schedule -> Word64
w59 :: Schedule -> Word64
w60 :: Schedule -> Word64
w61 :: Schedule -> Word64
w62 :: Schedule -> Word64
w63 :: Schedule -> Word64
w64 :: Schedule -> Word64
w65 :: Schedule -> Word64
w66 :: Schedule -> Word64
w67 :: Schedule -> Word64
w68 :: Schedule -> Word64
w69 :: Schedule -> Word64
w70 :: Schedule -> Word64
w71 :: Schedule -> Word64
w72 :: Schedule -> Word64
w73 :: Schedule -> Word64
w74 :: Schedule -> Word64
w75 :: Schedule -> Word64
w76 :: Schedule -> Word64
w77 :: Schedule -> Word64
w78 :: Schedule -> Word64
w79 :: Schedule -> Word64
w00 :: Word64
w01 :: Word64
w02 :: Word64
w03 :: Word64
w04 :: Word64
w05 :: Word64
w06 :: Word64
w07 :: Word64
w08 :: Word64
w09 :: Word64
w10 :: Word64
w11 :: Word64
w12 :: Word64
w13 :: Word64
w14 :: Word64
w15 :: Word64
w16 :: Word64
w17 :: Word64
w18 :: Word64
w19 :: Word64
w20 :: Word64
w21 :: Word64
w22 :: Word64
w23 :: Word64
w24 :: Word64
w25 :: Word64
w26 :: Word64
w27 :: Word64
w28 :: Word64
w29 :: Word64
w30 :: Word64
w31 :: Word64
w32 :: Word64
w33 :: Word64
w34 :: Word64
w35 :: Word64
w36 :: Word64
w37 :: Word64
w38 :: Word64
w39 :: Word64
w40 :: Word64
w41 :: Word64
w42 :: Word64
w43 :: Word64
w44 :: Word64
w45 :: Word64
w46 :: Word64
w47 :: Word64
w48 :: Word64
w49 :: Word64
w50 :: Word64
w51 :: Word64
w52 :: Word64
w53 :: Word64
w54 :: Word64
w55 :: Word64
w56 :: Word64
w57 :: Word64
w58 :: Word64
w59 :: Word64
w60 :: Word64
w61 :: Word64
w62 :: Word64
w63 :: Word64
w64 :: Word64
w65 :: Word64
w66 :: Word64
w67 :: Word64
w68 :: Word64
w69 :: Word64
w70 :: Word64
w71 :: Word64
w72 :: Word64
w73 :: Word64
w74 :: Word64
w75 :: Word64
w76 :: Word64
w77 :: Word64
w78 :: Word64
w79 :: Word64
..} =
  -- constants are the first 64 bits of the fractional parts of the
  -- cube roots of the first eighty prime numbers
  let r01 :: Registers
r01 = Registers -> Word64 -> Word64 -> Registers
step Registers
r00 Word64
0x428a2f98d728ae22 Word64
w00
      r02 :: Registers
r02 = Registers -> Word64 -> Word64 -> Registers
step Registers
r01 Word64
0x7137449123ef65cd Word64
w01
      r03 :: Registers
r03 = Registers -> Word64 -> Word64 -> Registers
step Registers
r02 Word64
0xb5c0fbcfec4d3b2f Word64
w02
      r04 :: Registers
r04 = Registers -> Word64 -> Word64 -> Registers
step Registers
r03 Word64
0xe9b5dba58189dbbc Word64
w03
      r05 :: Registers
r05 = Registers -> Word64 -> Word64 -> Registers
step Registers
r04 Word64
0x3956c25bf348b538 Word64
w04
      r06 :: Registers
r06 = Registers -> Word64 -> Word64 -> Registers
step Registers
r05 Word64
0x59f111f1b605d019 Word64
w05
      r07 :: Registers
r07 = Registers -> Word64 -> Word64 -> Registers
step Registers
r06 Word64
0x923f82a4af194f9b Word64
w06
      r08 :: Registers
r08 = Registers -> Word64 -> Word64 -> Registers
step Registers
r07 Word64
0xab1c5ed5da6d8118 Word64
w07
      r09 :: Registers
r09 = Registers -> Word64 -> Word64 -> Registers
step Registers
r08 Word64
0xd807aa98a3030242 Word64
w08
      r10 :: Registers
r10 = Registers -> Word64 -> Word64 -> Registers
step Registers
r09 Word64
0x12835b0145706fbe Word64
w09
      r11 :: Registers
r11 = Registers -> Word64 -> Word64 -> Registers
step Registers
r10 Word64
0x243185be4ee4b28c Word64
w10
      r12 :: Registers
r12 = Registers -> Word64 -> Word64 -> Registers
step Registers
r11 Word64
0x550c7dc3d5ffb4e2 Word64
w11
      r13 :: Registers
r13 = Registers -> Word64 -> Word64 -> Registers
step Registers
r12 Word64
0x72be5d74f27b896f Word64
w12
      r14 :: Registers
r14 = Registers -> Word64 -> Word64 -> Registers
step Registers
r13 Word64
0x80deb1fe3b1696b1 Word64
w13
      r15 :: Registers
r15 = Registers -> Word64 -> Word64 -> Registers
step Registers
r14 Word64
0x9bdc06a725c71235 Word64
w14
      r16 :: Registers
r16 = Registers -> Word64 -> Word64 -> Registers
step Registers
r15 Word64
0xc19bf174cf692694 Word64
w15
      r17 :: Registers
r17 = Registers -> Word64 -> Word64 -> Registers
step Registers
r16 Word64
0xe49b69c19ef14ad2 Word64
w16
      r18 :: Registers
r18 = Registers -> Word64 -> Word64 -> Registers
step Registers
r17 Word64
0xefbe4786384f25e3 Word64
w17
      r19 :: Registers
r19 = Registers -> Word64 -> Word64 -> Registers
step Registers
r18 Word64
0x0fc19dc68b8cd5b5 Word64
w18
      r20 :: Registers
r20 = Registers -> Word64 -> Word64 -> Registers
step Registers
r19 Word64
0x240ca1cc77ac9c65 Word64
w19
      r21 :: Registers
r21 = Registers -> Word64 -> Word64 -> Registers
step Registers
r20 Word64
0x2de92c6f592b0275 Word64
w20
      r22 :: Registers
r22 = Registers -> Word64 -> Word64 -> Registers
step Registers
r21 Word64
0x4a7484aa6ea6e483 Word64
w21
      r23 :: Registers
r23 = Registers -> Word64 -> Word64 -> Registers
step Registers
r22 Word64
0x5cb0a9dcbd41fbd4 Word64
w22
      r24 :: Registers
r24 = Registers -> Word64 -> Word64 -> Registers
step Registers
r23 Word64
0x76f988da831153b5 Word64
w23
      r25 :: Registers
r25 = Registers -> Word64 -> Word64 -> Registers
step Registers
r24 Word64
0x983e5152ee66dfab Word64
w24
      r26 :: Registers
r26 = Registers -> Word64 -> Word64 -> Registers
step Registers
r25 Word64
0xa831c66d2db43210 Word64
w25
      r27 :: Registers
r27 = Registers -> Word64 -> Word64 -> Registers
step Registers
r26 Word64
0xb00327c898fb213f Word64
w26
      r28 :: Registers
r28 = Registers -> Word64 -> Word64 -> Registers
step Registers
r27 Word64
0xbf597fc7beef0ee4 Word64
w27
      r29 :: Registers
r29 = Registers -> Word64 -> Word64 -> Registers
step Registers
r28 Word64
0xc6e00bf33da88fc2 Word64
w28
      r30 :: Registers
r30 = Registers -> Word64 -> Word64 -> Registers
step Registers
r29 Word64
0xd5a79147930aa725 Word64
w29
      r31 :: Registers
r31 = Registers -> Word64 -> Word64 -> Registers
step Registers
r30 Word64
0x06ca6351e003826f Word64
w30
      r32 :: Registers
r32 = Registers -> Word64 -> Word64 -> Registers
step Registers
r31 Word64
0x142929670a0e6e70 Word64
w31
      r33 :: Registers
r33 = Registers -> Word64 -> Word64 -> Registers
step Registers
r32 Word64
0x27b70a8546d22ffc Word64
w32
      r34 :: Registers
r34 = Registers -> Word64 -> Word64 -> Registers
step Registers
r33 Word64
0x2e1b21385c26c926 Word64
w33
      r35 :: Registers
r35 = Registers -> Word64 -> Word64 -> Registers
step Registers
r34 Word64
0x4d2c6dfc5ac42aed Word64
w34
      r36 :: Registers
r36 = Registers -> Word64 -> Word64 -> Registers
step Registers
r35 Word64
0x53380d139d95b3df Word64
w35
      r37 :: Registers
r37 = Registers -> Word64 -> Word64 -> Registers
step Registers
r36 Word64
0x650a73548baf63de Word64
w36
      r38 :: Registers
r38 = Registers -> Word64 -> Word64 -> Registers
step Registers
r37 Word64
0x766a0abb3c77b2a8 Word64
w37
      r39 :: Registers
r39 = Registers -> Word64 -> Word64 -> Registers
step Registers
r38 Word64
0x81c2c92e47edaee6 Word64
w38
      r40 :: Registers
r40 = Registers -> Word64 -> Word64 -> Registers
step Registers
r39 Word64
0x92722c851482353b Word64
w39
      r41 :: Registers
r41 = Registers -> Word64 -> Word64 -> Registers
step Registers
r40 Word64
0xa2bfe8a14cf10364 Word64
w40
      r42 :: Registers
r42 = Registers -> Word64 -> Word64 -> Registers
step Registers
r41 Word64
0xa81a664bbc423001 Word64
w41
      r43 :: Registers
r43 = Registers -> Word64 -> Word64 -> Registers
step Registers
r42 Word64
0xc24b8b70d0f89791 Word64
w42
      r44 :: Registers
r44 = Registers -> Word64 -> Word64 -> Registers
step Registers
r43 Word64
0xc76c51a30654be30 Word64
w43
      r45 :: Registers
r45 = Registers -> Word64 -> Word64 -> Registers
step Registers
r44 Word64
0xd192e819d6ef5218 Word64
w44
      r46 :: Registers
r46 = Registers -> Word64 -> Word64 -> Registers
step Registers
r45 Word64
0xd69906245565a910 Word64
w45
      r47 :: Registers
r47 = Registers -> Word64 -> Word64 -> Registers
step Registers
r46 Word64
0xf40e35855771202a Word64
w46
      r48 :: Registers
r48 = Registers -> Word64 -> Word64 -> Registers
step Registers
r47 Word64
0x106aa07032bbd1b8 Word64
w47
      r49 :: Registers
r49 = Registers -> Word64 -> Word64 -> Registers
step Registers
r48 Word64
0x19a4c116b8d2d0c8 Word64
w48
      r50 :: Registers
r50 = Registers -> Word64 -> Word64 -> Registers
step Registers
r49 Word64
0x1e376c085141ab53 Word64
w49
      r51 :: Registers
r51 = Registers -> Word64 -> Word64 -> Registers
step Registers
r50 Word64
0x2748774cdf8eeb99 Word64
w50
      r52 :: Registers
r52 = Registers -> Word64 -> Word64 -> Registers
step Registers
r51 Word64
0x34b0bcb5e19b48a8 Word64
w51
      r53 :: Registers
r53 = Registers -> Word64 -> Word64 -> Registers
step Registers
r52 Word64
0x391c0cb3c5c95a63 Word64
w52
      r54 :: Registers
r54 = Registers -> Word64 -> Word64 -> Registers
step Registers
r53 Word64
0x4ed8aa4ae3418acb Word64
w53
      r55 :: Registers
r55 = Registers -> Word64 -> Word64 -> Registers
step Registers
r54 Word64
0x5b9cca4f7763e373 Word64
w54
      r56 :: Registers
r56 = Registers -> Word64 -> Word64 -> Registers
step Registers
r55 Word64
0x682e6ff3d6b2b8a3 Word64
w55
      r57 :: Registers
r57 = Registers -> Word64 -> Word64 -> Registers
step Registers
r56 Word64
0x748f82ee5defb2fc Word64
w56
      r58 :: Registers
r58 = Registers -> Word64 -> Word64 -> Registers
step Registers
r57 Word64
0x78a5636f43172f60 Word64
w57
      r59 :: Registers
r59 = Registers -> Word64 -> Word64 -> Registers
step Registers
r58 Word64
0x84c87814a1f0ab72 Word64
w58
      r60 :: Registers
r60 = Registers -> Word64 -> Word64 -> Registers
step Registers
r59 Word64
0x8cc702081a6439ec Word64
w59
      r61 :: Registers
r61 = Registers -> Word64 -> Word64 -> Registers
step Registers
r60 Word64
0x90befffa23631e28 Word64
w60
      r62 :: Registers
r62 = Registers -> Word64 -> Word64 -> Registers
step Registers
r61 Word64
0xa4506cebde82bde9 Word64
w61
      r63 :: Registers
r63 = Registers -> Word64 -> Word64 -> Registers
step Registers
r62 Word64
0xbef9a3f7b2c67915 Word64
w62
      r64 :: Registers
r64 = Registers -> Word64 -> Word64 -> Registers
step Registers
r63 Word64
0xc67178f2e372532b Word64
w63
      r65 :: Registers
r65 = Registers -> Word64 -> Word64 -> Registers
step Registers
r64 Word64
0xca273eceea26619c Word64
w64
      r66 :: Registers
r66 = Registers -> Word64 -> Word64 -> Registers
step Registers
r65 Word64
0xd186b8c721c0c207 Word64
w65
      r67 :: Registers
r67 = Registers -> Word64 -> Word64 -> Registers
step Registers
r66 Word64
0xeada7dd6cde0eb1e Word64
w66
      r68 :: Registers
r68 = Registers -> Word64 -> Word64 -> Registers
step Registers
r67 Word64
0xf57d4f7fee6ed178 Word64
w67
      r69 :: Registers
r69 = Registers -> Word64 -> Word64 -> Registers
step Registers
r68 Word64
0x06f067aa72176fba Word64
w68
      r70 :: Registers
r70 = Registers -> Word64 -> Word64 -> Registers
step Registers
r69 Word64
0x0a637dc5a2c898a6 Word64
w69
      r71 :: Registers
r71 = Registers -> Word64 -> Word64 -> Registers
step Registers
r70 Word64
0x113f9804bef90dae Word64
w70
      r72 :: Registers
r72 = Registers -> Word64 -> Word64 -> Registers
step Registers
r71 Word64
0x1b710b35131c471b Word64
w71
      r73 :: Registers
r73 = Registers -> Word64 -> Word64 -> Registers
step Registers
r72 Word64
0x28db77f523047d84 Word64
w72
      r74 :: Registers
r74 = Registers -> Word64 -> Word64 -> Registers
step Registers
r73 Word64
0x32caab7b40c72493 Word64
w73
      r75 :: Registers
r75 = Registers -> Word64 -> Word64 -> Registers
step Registers
r74 Word64
0x3c9ebe0a15c9bebc Word64
w74
      r76 :: Registers
r76 = Registers -> Word64 -> Word64 -> Registers
step Registers
r75 Word64
0x431d67c49c100d4c Word64
w75
      r77 :: Registers
r77 = Registers -> Word64 -> Word64 -> Registers
step Registers
r76 Word64
0x4cc5d4becb3e42b6 Word64
w76
      r78 :: Registers
r78 = Registers -> Word64 -> Word64 -> Registers
step Registers
r77 Word64
0x597f299cfc657e2a Word64
w77
      r79 :: Registers
r79 = Registers -> Word64 -> Word64 -> Registers
step Registers
r78 Word64
0x5fcb6fab3ad6faec Word64
w78
      r80 :: Registers
r80 = Registers -> Word64 -> Word64 -> Registers
step Registers
r79 Word64
0x6c44198c4a475817 Word64
w79
      !(Registers Word64
a Word64
b Word64
c Word64
d Word64
e Word64
f Word64
g Word64
h) = Registers
r80
  in  Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Registers
Registers
        (Word64
a Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
h0) (Word64
b Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
h1) (Word64
c Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
h2) (Word64
d Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
h3)
        (Word64
e Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
h4) (Word64
f Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
h5) (Word64
g Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
h6) (Word64
h Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
h7)

step :: Registers -> Word64 -> Word64 -> Registers
step :: Registers -> Word64 -> Word64 -> Registers
step (Registers Word64
a Word64
b Word64
c Word64
d Word64
e Word64
f Word64
g Word64
h) Word64
k Word64
w =
  let t1 :: Word64
t1 = Word64
h Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64
bsig1 Word64
e Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64 -> Word64 -> Word64
ch Word64
e Word64
f Word64
g Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
k Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
w
      t2 :: Word64
t2 = Word64 -> Word64
bsig0 Word64
a Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64 -> Word64 -> Word64 -> Word64
maj Word64
a Word64
b Word64
c
  in  Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Word64
-> Registers
Registers (Word64
t1 Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
t2) Word64
a Word64
b Word64
c (Word64
d Word64 -> Word64 -> Word64
forall a. Num a => a -> a -> a
+ Word64
t1) Word64
e Word64
f Word64
g

-- RFC 6234 6.2 block pipeline
--
-- invariant:
--   the input bytestring is exactly 1024 bits in length
unsafe_hash_alg :: Registers -> BS.ByteString -> Registers
unsafe_hash_alg :: Registers -> ByteString -> Registers
unsafe_hash_alg Registers
rs ByteString
bs = Registers -> Schedule -> Registers
block_hash Registers
rs (Block -> Schedule
prepare_schedule (ByteString -> Block
unsafe_parse ByteString
bs))

-- register concatenation
cat :: Registers -> BS.ByteString
cat :: Registers -> ByteString
cat Registers {Word64
h0 :: Registers -> Word64
h1 :: Registers -> Word64
h2 :: Registers -> Word64
h3 :: Registers -> Word64
h4 :: Registers -> Word64
h5 :: Registers -> Word64
h6 :: Registers -> Word64
h7 :: Registers -> Word64
h0 :: Word64
h1 :: Word64
h2 :: Word64
h3 :: Word64
h4 :: Word64
h5 :: Word64
h6 :: Word64
h7 :: Word64
..} =
    ByteString -> ByteString
BL.toStrict
    -- more efficient for small builder
  (ByteString -> ByteString)
-> (Builder -> ByteString) -> Builder -> ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. AllocationStrategy -> ByteString -> Builder -> ByteString
BE.toLazyByteStringWith (Int -> Int -> AllocationStrategy
BE.safeStrategy Int
128 Int
BE.smallChunkSize) ByteString
forall a. Monoid a => a
mempty
  (Builder -> ByteString) -> Builder -> ByteString
forall a b. (a -> b) -> a -> b
$ [Builder] -> Builder
forall a. Monoid a => [a] -> a
mconcat [
        Word64 -> Builder
BSB.word64BE Word64
h0, Word64 -> Builder
BSB.word64BE Word64
h1, Word64 -> Builder
BSB.word64BE Word64
h2, Word64 -> Builder
BSB.word64BE Word64
h3
      , Word64 -> Builder
BSB.word64BE Word64
h4, Word64 -> Builder
BSB.word64BE Word64
h5, Word64 -> Builder
BSB.word64BE Word64
h6, Word64 -> Builder
BSB.word64BE Word64
h7
      ]

-- | Compute a condensed representation of a strict bytestring via
--   SHA-512.
--
--   The 512-bit output digest is returned as a strict bytestring.
--
--   >>> hash "strict bytestring input"
--   "<strict 512-bit message digest>"
hash :: BS.ByteString -> BS.ByteString
hash :: ByteString -> ByteString
hash ByteString
bs = Registers -> ByteString
cat (Registers -> ByteString -> Registers
go Registers
iv (ByteString -> ByteString
pad ByteString
bs)) where
  -- proof that 'go' always terminates safely:
  --
  -- let b = pad bs
  -- then length(b) = n * 1024 bits for some n >= 0                 (1)
  go :: Registers -> BS.ByteString -> Registers
  go :: Registers -> ByteString -> Registers
go !Registers
acc ByteString
b
    -- if n == 0, then 'go' terminates safely                       (2)
    | ByteString -> Bool
BS.null ByteString
b = Registers
acc
    -- if n > 0, then
    --
    -- let (c, r) = unsafe_splitAt 128 b
    -- then length(c) == 1024 bits                                  by (1)
    --      length(r) == m * 1024 bits for some m >= 0              by (1)
    --
    -- note 'unsafe_hash_alg' terminates safely for bytestring      (3)
    -- input of exactly 1024 bits in length
    --
    -- length(c) == 1024
    --   => 'unsafe_hash_alg' terminates safely                     by (3)
    --   => 'go' terminates safely                                  (4)
    -- length(r) == m * 1024 bits for m >= 0
    --   => next invocation of 'go' terminates safely               by (2), (4)
    --
    -- then by induction, 'go' always terminates safely (QED)
    | Bool
otherwise = case Int -> ByteString -> SSPair
unsafe_splitAt Int
128 ByteString
b of
        SSPair ByteString
c ByteString
r -> Registers -> ByteString -> Registers
go (Registers -> ByteString -> Registers
unsafe_hash_alg Registers
acc ByteString
c) ByteString
r

-- | Compute a condensed representation of a lazy bytestring via
--   SHA-512.
--
--   The 512-bit output digest is returned as a strict bytestring.
--
--   >>> hash_lazy "lazy bytestring input"
--   "<strict 512-bit message digest>"
hash_lazy :: BL.ByteString -> BS.ByteString
hash_lazy :: ByteString -> ByteString
hash_lazy ByteString
bl = Registers -> ByteString
cat (Registers -> ByteString -> Registers
go Registers
iv (ByteString -> ByteString
pad_lazy ByteString
bl)) where
  -- proof of safety proceeds analogously
  go :: Registers -> BL.ByteString -> Registers
  go :: Registers -> ByteString -> Registers
go !Registers
acc ByteString
bs
    | ByteString -> Bool
BL.null ByteString
bs = Registers
acc
    | Bool
otherwise = case ByteString -> SLPair
splitAt128 ByteString
bs of
        SLPair ByteString
c ByteString
r -> Registers -> ByteString -> Registers
go (Registers -> ByteString -> Registers
unsafe_hash_alg Registers
acc ByteString
c) ByteString
r

-- HMAC -----------------------------------------------------------------------
-- https://datatracker.ietf.org/doc/html/rfc2104#section-2

-- | Produce a message authentication code for a strict bytestring,
--   based on the provided (strict, bytestring) key, via SHA-512.
--
--   The 512-bit MAC is returned as a strict bytestring.
--
--   Per RFC 2104, the key /should/ be a minimum of 64 bytes long. Keys
--   exceeding 1024 bytes in length will first be hashed (via SHA-512).
--
--   >>> hmac "strict bytestring key" "strict bytestring input"
--   "<strict 512-bit MAC>"
hmac
  :: BS.ByteString -- ^ key
  -> BS.ByteString -- ^ text
  -> BS.ByteString
hmac :: ByteString -> ByteString -> ByteString
hmac ByteString
k = ByteString -> ByteString -> ByteString
hmac_lazy ByteString
k (ByteString -> ByteString)
-> (ByteString -> ByteString) -> ByteString -> ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ByteString -> ByteString
BL.fromStrict

data KeyAndLen = KeyAndLen
  {-# UNPACK #-} !BS.ByteString
  {-# UNPACK #-} !Int

-- | Produce a message authentication code for a lazy bytestring, based
--   on the provided (strict, bytestring) key, via SHA-512.
--
--   The 512-bit MAC is returned as a strict bytestring.
--
--   Per RFC 2104, the key /should/ be a minimum of 64 bytes long. Keys
--   exceeding 1024 bytes in length will first be hashed (via SHA-512).
--
--   >>> hmac_lazy "strict bytestring key" "lazy bytestring input"
--   "<strict 512-bit MAC>"
hmac_lazy
  :: BS.ByteString -- ^ key
  -> BL.ByteString -- ^ text
  -> BS.ByteString
hmac_lazy :: ByteString -> ByteString -> ByteString
hmac_lazy ByteString
mk ByteString
text =
    let step1 :: ByteString
step1 = ByteString
k ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> Int -> Word8 -> ByteString
BS.replicate (Int
128 Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
lk) Word8
0x00
        step2 :: ByteString
step2 = (Word8 -> Word8) -> ByteString -> ByteString
BS.map (Word8 -> Word8 -> Word8
forall a. Bits a => a -> a -> a
B.xor Word8
0x36) ByteString
step1
        step3 :: ByteString
step3 = ByteString -> ByteString
BL.fromStrict ByteString
step2 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> ByteString
text
        step4 :: ByteString
step4 = ByteString -> ByteString
hash_lazy ByteString
step3
        step5 :: ByteString
step5 = (Word8 -> Word8) -> ByteString -> ByteString
BS.map (Word8 -> Word8 -> Word8
forall a. Bits a => a -> a -> a
B.xor Word8
0x5C) ByteString
step1
        step6 :: ByteString
step6 = ByteString
step5 ByteString -> ByteString -> ByteString
forall a. Semigroup a => a -> a -> a
<> ByteString
step4
    in  ByteString -> ByteString
hash ByteString
step6
  where
    !(KeyAndLen ByteString
k Int
lk) =
      let l :: Int
l = ByteString -> Int
BS.length ByteString
mk
      in  if   Int
l Int -> Int -> Bool
forall a. Ord a => a -> a -> Bool
> Int
128
          then ByteString -> Int -> KeyAndLen
KeyAndLen (ByteString -> ByteString
hash ByteString
mk) Int
64
          else ByteString -> Int -> KeyAndLen
KeyAndLen ByteString
mk Int
l