Fast, pure and practical SHA-256 implementation

Version on this page:
LTS Haskell 9.14:
Stackage Nightly 2017-11-21:
Latest on Hackage:
BSD3 licensed
Maintained by Herbert Valerio Riedel

Module documentation for

A practical incremental and one-pass, pure API to the SHA-256 cryptographic hash algorithm according to FIPS 180-4 with performance close to the fastest implementations available in other languages.

The core SHA-256 algorithm is implemented in C and is thus expected to be as fast as the standard sha256sum(1) tool; for instance, on an Intel Core i7-3770 at 3.40GHz this implementation can compute a SHA-256 hash over 230 MiB of data in under one second. (If, instead, you require a pure Haskell implementation and performance is secondary, please refer to the SHA package.)

Additionally, this package provides support for

conforming to RFC6234, RFC4231, RFC5869, et al..

Relationship to the cryptohash package and its API

This package has been originally a fork of cryptohash-0.11.7 because the cryptohash package had been deprecated and so this package continues to satisfy the need for a lightweight package providing the SHA-256 hash algorithm without any dependencies on packages other than base and bytestring. The API exposed by cryptohash-sha256-0.11.*'s Crypto.Hash.SHA256 module is guaranteed to remain a compatible superset of the API provided by the cryptohash-0.11.7's module of the same name.

Consequently, this package is designed to be used as a drop-in replacement for cryptohash-0.11.7's Crypto.Hash.SHA256 module, though with a clearly smaller footprint by almost 3 orders of magnitude.


  • Add hkdf function providing HKDF-SHA256 conforming to RFC5869
  • Declare Crypto.Hash.SHA256 module -XTrustworthy
  • Remove ineffective RULES
  • Convert to CApiFFI
  • Added ...AndLength variants of hashing functions:

    • finalizeAndLength
    • hashlazyAndLength
    • hmaclazyAndLength
  • Minor optimizations in hmac and hash

  • Use __builtin_bswap{32,64} only with GCC >= 4.3 (#1)

  • new hmac and hmaclazy functions providing HMAC-SHA256 computation conforming to RFC2104 and RFC4231
  • fix unaligned memory-accesses

  • switch to 'safe' FFI for calls where overhead becomes neglible
  • removed inline assembly in favour of portable C constructs
  • fix 32bit length overflow bug in hash function
  • fix inaccurate context-size
  • add context-size verification to incremental API operations

  • first version forked off cryptohash-0.11.7 release
comments powered byDisqus