Announcement of work in progress: Shaskell sha2 library

David Mercer radix42 at
Mon Nov 21 03:32:18 EST 2005

Hello everyone, my name is David Mercer, and after a few days of hanging out
on the #haskell irc channel asking annoying questions about monads, and reading
mailing list archives for a while, I'm pretty sure that this is the correct
list to post this announcement/request for feedback and review from the Haskell

I am currently nearly done with a library implementing the SHA-224/256/384/512
message digest algorithms, collectively often called SHA2, completely in
Haskell.  The initial motivation was a desire to compute SHA2 hashs in what was
to have been my first Haskell program (this is instead).  I looked around to
see if perhaps there was a library, or at least a wrapper to some C/C++ crypto
libraries SHA2 hash functions.  Alas, all was naught (correct me if I missed
something, please!), and at best the SHA1 code from darcs was uncovered (after
a query on the cryptography mailing list), which is a pure Haskell SHA1 library.
Digest.hs is a wrapper to OpenSSL's SHA1 functions, but would need to be
updated to handle SHA2.  So like any good programmer I started with the same
API as Digest.hs, gleefully grabbed the shell of it, gpl and all, as it's
infrastructure and crypto, and set to work.

I have so far completed all of the non-stateful (pure and lazy!) portions of
the FIPS 180-2 specification, up through section 6.2.1 inclusive, and step
1. only from section 6.2.2.  That last is the tricky bit, where all of the
stateful computation takes place and entropy is disturbed with prime number
mixing and overflowing bit operations.  It's only a few lines of the spec that
I have remaining (aside from message length padding), and I intend to
implement them as a monad.

Unfortunately due to (in my opinion) silly laws in the United States, I have to
say that only those resident in the list of countries found at the end of this
message are supposed to click the link that's coming up and look at my source
code.  Silly because it can always be scanned overseas after hardcopy
and sillier yet again because for the last 5 years one can legally
post encryption
source code in the US online without logging who downloads it.  The just require
you to email the NSA with the url of publication (which I have done by
the way).
All of which is even sillier yet again because I'm only releasing
message digest,
and not actual high level encryption, source code.  So although my
webserver does
not even keep access logs, presumably 'big brother' knows where to
traffic sniff
to watch who dowmloads what from where.  If they want to. But I digress.

The source code for this pre-release version of Shaskell for peer review is at:

That address will also remain the permanent download url for released versions
of the Shaskell library source code.  Associated files and a local mirror of the
(public domain and non-export controlled) FIPS 180-2 specification, in
pdf format
are at

Comments, critiques, suggestions, fan mail, hate mail, monad
tutorials, suggestions for publication venues and other thoughts on
the source code or the abstract for the the eventual academic paper
(in the above directory as well) are welcome and encouraged!

Thanks a bunch in advance for any of your time or attention expended
on this, and I look forward to contributing to the Haskell community!

-David Mercer
University of Arizona
Tucson, AZ
[dmercer at|radix42 at]

PS Have the major Haskell distributions had to directly deal with
crypto export control issues yet, or has it been dodged so far by
using only wrapper libraries, as appears to be the case from what I've
dug up so far?  Thanks again!

More information about the Libraries mailing list