Announcement of work in progress: Shaskell sha2 library

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Announcement of work in progress: Shaskell sha2 library

David Mercer-2
Hello everyone, my name is David Mercer, and after a few days of hanging out
on the #haskell irc channel asking annoying questions about monads, and reading
mailing list archives for a while, I'm pretty sure that this is the correct
list to post this announcement/request for feedback and review from the Haskell
community.

I am currently nearly done with a library implementing the SHA-224/256/384/512
message digest algorithms, collectively often called SHA2, completely in
Haskell.  The initial motivation was a desire to compute SHA2 hashs in what was
to have been my first Haskell program (this is instead).  I looked around to
see if perhaps there was a library, or at least a wrapper to some C/C++ crypto
libraries SHA2 hash functions.  Alas, all was naught (correct me if I missed
something, please!), and at best the SHA1 code from darcs was uncovered (after
a query on the cryptography mailing list), which is a pure Haskell SHA1 library.
Digest.hs is a wrapper to OpenSSL's SHA1 functions, but would need to be
updated to handle SHA2.  So like any good programmer I started with the same
API as Digest.hs, gleefully grabbed the shell of it, gpl and all, as it's
infrastructure and crypto, and set to work.

I have so far completed all of the non-stateful (pure and lazy!) portions of
the FIPS 180-2 specification, up through section 6.2.1 inclusive, and step
1. only from section 6.2.2.  That last is the tricky bit, where all of the
stateful computation takes place and entropy is disturbed with prime number
mixing and overflowing bit operations.  It's only a few lines of the spec that
I have remaining (aside from message length padding), and I intend to
implement them as a monad.

Unfortunately due to (in my opinion) silly laws in the United States, I have to
say that only those resident in the list of countries found at the end of this
message are supposed to click the link that's coming up and look at my source
code.  Silly because it can always be scanned overseas after hardcopy
publication,
and sillier yet again because for the last 5 years one can legally
post encryption
source code in the US online without logging who downloads it.  The just require
you to email the NSA with the url of publication (which I have done by
the way).
All of which is even sillier yet again because I'm only releasing
message digest,
and not actual high level encryption, source code.  So although my
webserver does
not even keep access logs, presumably 'big brother' knows where to
traffic sniff
to watch who dowmloads what from where.  If they want to. But I digress.

The source code for this pre-release version of Shaskell for peer review is at:
http://davidmercer.nfshost.com/projects/shaskell/shaskell.hs

That address will also remain the permanent download url for released versions
of the Shaskell library source code.  Associated files and a local mirror of the
(public domain and non-export controlled) FIPS 180-2 specification, in
pdf format
are at http://davidmercer.nfshost.com/projects/shaskell/

Comments, critiques, suggestions, fan mail, hate mail, monad
tutorials, suggestions for publication venues and other thoughts on
the source code or the abstract for the the eventual academic paper
(in the above directory as well) are welcome and encouraged!

Thanks a bunch in advance for any of your time or attention expended
on this, and I look forward to contributing to the Haskell community!

-David Mercer
University of Arizona
Tucson, AZ
[[hidden email]|[hidden email]]

PS Have the major Haskell distributions had to directly deal with
crypto export control issues yet, or has it been dodged so far by
using only wrapper libraries, as appears to be the case from what I've
dug up so far?  Thanks again!
_______________________________________________
Libraries mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/libraries
Reply | Threaded
Open this post in threaded view
|

Re: Announcement of work in progress: Shaskell sha2 library

Malcolm Wallace
David Mercer <[hidden email]> writes:

> PS Have the major Haskell distributions had to directly deal with
> crypto export control issues yet, or has it been dodged so far by
> using only wrapper libraries, as appears to be the case from what I've
> dug up so far?  Thanks again!

The current provenance of all the major Haskell compilers, and most of
the minor ones, is outside the US.

        ghc UK
        Hugs UK
        nhc98 UK
        hbc Sweden
        Cayenne Sweden
        Chameleon Singapore
        UHC/EHC Netherlands
        yhc UK

the main exceptions being:
        jhc US
        Eager Haskell US

But in any case, afaik none of the compilers includes a crypto library
by default.  Dominic Steinitz (UK again) distributes hs-crypto
separately.

Regards,
    Malcolm
_______________________________________________
Libraries mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/libraries
Reply | Threaded
Open this post in threaded view
|

Re: Announcement of work in progress: Shaskell sha2 library

David Mercer-2
On 11/21/05, Malcolm Wallace <[hidden email]> wrote:

> David Mercer <[hidden email]> writes:
>
> > PS Have the major Haskell distributions had to directly deal with
> > crypto export control issues yet, or has it been dodged so far by
> > using only wrapper libraries, as appears to be the case from what I've
> > dug up so far?  Thanks again!
>
> The current provenance of all the major Haskell compilers, and most of
> the minor ones, is outside the US.
>
>         ghc             UK
>         Hugs            UK
>         nhc98           UK
>         hbc             Sweden
>         Cayenne         Sweden
>         Chameleon       Singapore
>         UHC/EHC         Netherlands
>         yhc             UK
>
> the main exceptions being:
>         jhc             US
>         Eager Haskell   US
>
> But in any case, afaik none of the compilers includes a crypto library
> by default.  Dominic Steinitz (UK again) distributes hs-crypto
> separately.

Malcolm, thanks very much for that list, I wasn't sure where all of
the major Haskell compiler/interpreter distributions were based, and I
actually think that that's the single longest list of same that I've
seen on the Net so far (unless I just missed in on the haskell.org
wiki and google or something!)  I wouldn't want to break a
distributions policy regarding freedom of exportability by my code's
inclusion, but I'll admit that having it in the Hierarchical Libraries
some day would be nice.  And I can't help having been born a 'US
Person', as they put it!

In any event, as soon as we get this last bit of code finished and
have it all converted into a Literate Haskell paper in the appropriate
TeX format, I'm going to submit that for publication where ever seems
most appropriate for such a thing.  Suggestions on that are very much
desired, as a matter of fact.  At that point it can be scanned and
legally posted online via the Zimmerman/Bernstein carved publication
exception outside of the US.  I can't believe this nonsense is still
required, but there it is.

-David Mercer
Tucson, AZ
_______________________________________________
Libraries mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/libraries