10 our @ISA = qw(Exporter);
13 hmac_sha1 hmac_sha1_base64 hmac_sha1_hex
14 hmac_sha224 hmac_sha224_base64 hmac_sha224_hex
15 hmac_sha256 hmac_sha256_base64 hmac_sha256_hex
16 hmac_sha384 hmac_sha384_base64 hmac_sha384_hex
17 hmac_sha512 hmac_sha512_base64 hmac_sha512_hex
18 sha1 sha1_base64 sha1_hex
19 sha224 sha224_base64 sha224_hex
20 sha256 sha256_base64 sha256_hex
21 sha384 sha384_base64 sha384_hex
22 sha512 sha512_base64 sha512_hex);
24 # If possible, inherit from Digest::base (which depends on MIME::Base64)
29 push(@ISA, 'Digest::base');
33 *hexdigest = \&Hexdigest;
34 *b64digest = \&B64digest;
38 XSLoader::load('Digest::SHA', $VERSION);
40 # Preloaded methods go here.
42 # The following routines aren't time-critical, so they can be left in Perl
45 my($class, $alg) = @_;
46 $alg =~ s/\D+//g if defined $alg;
47 if (ref($class)) { # instance method
48 unless (defined($alg) && ($alg != $class->algorithm)) {
52 shaclose($$class) if $$class;
53 $$class = shaopen($alg) || return;
56 $alg = 1 unless defined $alg;
57 my $state = shaopen($alg) || return;
65 shaclose($$self) if $$self;
70 my $state = shadup($$self) || return;
72 bless($copy, ref($self));
79 my($self, $data, $nbits) = @_;
80 unless (defined $nbits) {
81 $nbits = length($data);
82 $data = pack("B*", $data);
84 shawrite($data, $nbits, $$self);
88 # local copy of "addfile" in case Digest::base not installed
90 sub Addfile { # this is "addfile" from Digest::base 1.00
91 my ($self, $handle) = @_;
96 while (($n = read($handle, $buf, 4096))) {
101 Carp::croak("Read failed: $!");
109 my $file = shift || "";
111 shadump($file, $$self) || return;
117 my $file = shift || "";
118 if (ref($class)) { # instance method
119 shaclose($$class) if $$class;
120 $$class = shaload($file) || return;
123 my $state = shaload($file) || return;
125 bless($self, $class);
134 Digest::SHA - Perl extension for SHA-1/224/256/384/512
136 =head1 SYNOPSIS (SHA)
140 # Functional interface
142 use Digest::SHA qw(sha1 sha1_hex sha1_base64 ...);
144 $digest = sha1($data);
145 $digest = sha1_hex($data);
146 $digest = sha1_base64($data);
148 $digest = sha256($data);
149 $digest = sha384_hex($data);
150 $digest = sha512_base64($data);
156 $sha = Digest::SHA->new($alg);
158 $sha->add($data); # feed data into stream
160 $sha->add_bits($bits);
161 $sha->add_bits($data, $nbits);
163 $sha_copy = $sha->clone; # if needed, make copy of
164 $sha->dump($file); # current digest state,
165 $sha->load($file); # or save it on disk
167 $digest = $sha->digest; # compute digest
168 $digest = $sha->hexdigest;
169 $digest = $sha->b64digest;
171 From the command line:
177 =head1 SYNOPSIS (HMAC-SHA)
179 # Functional interface only
181 use Digest::SHA qw(hmac_sha1 hmac_sha1_hex ...);
183 $digest = hmac_sha1($data, $key);
184 $digest = hmac_sha224_hex($data, $key);
185 $digest = hmac_sha256_base64($data, $key);
189 Digest::SHA is a complete implementation of the NIST Secure Hash
190 Standard. It gives Perl programmers a convenient way to calculate
191 SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 message digests.
192 The module can handle all types of input, including partial-byte
197 Digest::SHA is written in C for speed. If your platform lacks a
198 C compiler, you can install the functionally equivalent (but much
199 slower) L<Digest::SHA::PurePerl> module.
201 The programming interface is easy to use: it's the same one found
202 in CPAN's L<Digest> module. So, if your applications currently
203 use L<Digest::MD5> and you'd prefer the stronger security of SHA,
204 it's a simple matter to convert them.
206 The interface provides two ways to calculate digests: all-at-once,
207 or in stages. To illustrate, the following short program computes
208 the SHA-256 digest of "hello world" using each approach:
210 use Digest::SHA qw(sha256_hex);
212 $data = "hello world";
213 @frags = split(//, $data);
215 # all-at-once (Functional style)
216 $digest1 = sha256_hex($data);
218 # in-stages (OOP style)
219 $state = Digest::SHA->new(256);
220 for (@frags) { $state->add($_) }
221 $digest2 = $state->hexdigest;
223 print $digest1 eq $digest2 ?
224 "whew!\n" : "oops!\n";
226 To calculate the digest of an n-bit message where I<n> is not a
227 multiple of 8, use the I<add_bits()> method. For example, consider
228 the 446-bit message consisting of the bit-string "110" repeated
229 148 times, followed by "11". Here's how to display its SHA-1
233 $bits = "110" x 148 . "11";
234 $sha = Digest::SHA->new(1)->add_bits($bits);
235 print $sha->hexdigest, "\n";
237 Note that for larger bit-strings, it's more efficient to use the
238 two-argument version I<add_bits($data, $nbits)>, where I<$data> is
239 in the customary packed binary format used for Perl strings.
241 The module also lets you save intermediate SHA states to disk, or
242 display them on standard output. The I<dump()> method generates
243 portable, human-readable text describing the current state of
244 computation. You can subsequently retrieve the file with I<load()>
245 to resume where the calculation left off.
247 To see what a state description looks like, just run the following:
250 Digest::SHA->new->add("Shaw" x 1962)->dump;
252 As an added convenience, the Digest::SHA module offers routines to
253 calculate keyed hashes using the HMAC-SHA-1/224/256/384/512
254 algorithms. These services exist in functional form only, and
255 mimic the style and behavior of the I<sha()>, I<sha_hex()>, and
256 I<sha_base64()> functions.
258 # Test vector from draft-ietf-ipsec-ciph-sha-256-01.txt
260 use Digest::SHA qw(hmac_sha256_hex);
261 print hmac_sha256_hex("Hi There", chr(0x0b) x 32), "\n";
263 =head1 NIST STATEMENT ON SHA-1
265 I<NIST was recently informed that researchers had discovered a way
266 to "break" the current Federal Information Processing Standard SHA-1
267 algorithm, which has been in effect since 1994. The researchers
268 have not yet published their complete results, so NIST has not
269 confirmed these findings. However, the researchers are a reputable
270 research team with expertise in this area.>
272 I<Due to advances in computing power, NIST already planned to phase
273 out SHA-1 in favor of the larger and stronger hash functions (SHA-224,
274 SHA-256, SHA-384 and SHA-512) by 2010. New developments should use
275 the larger and stronger hash functions.>
277 ref. L<http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/Burr_Mar2005.html>
283 =head1 EXPORTABLE FUNCTIONS
285 Provided your C compiler supports a 64-bit type (e.g. the I<long
286 long> of C99, or I<__int64> used by Microsoft C/C++), all of these
287 functions will be available for use. Otherwise, you won't be able
288 to perform the SHA-384 and SHA-512 transforms, both of which require
295 =item B<sha1($data, ...)>
297 =item B<sha224($data, ...)>
299 =item B<sha256($data, ...)>
301 =item B<sha384($data, ...)>
303 =item B<sha512($data, ...)>
305 Logically joins the arguments into a single string, and returns
306 its SHA-1/224/256/384/512 digest encoded as a binary string.
308 =item B<sha1_hex($data, ...)>
310 =item B<sha224_hex($data, ...)>
312 =item B<sha256_hex($data, ...)>
314 =item B<sha384_hex($data, ...)>
316 =item B<sha512_hex($data, ...)>
318 Logically joins the arguments into a single string, and returns
319 its SHA-1/224/256/384/512 digest encoded as a hexadecimal string.
321 =item B<sha1_base64($data, ...)>
323 =item B<sha224_base64($data, ...)>
325 =item B<sha256_base64($data, ...)>
327 =item B<sha384_base64($data, ...)>
329 =item B<sha512_base64($data, ...)>
331 Logically joins the arguments into a single string, and returns
332 its SHA-1/224/256/384/512 digest encoded as a Base64 string.
342 Returns a new Digest::SHA object. Allowed values for I<$alg> are
343 1, 224, 256, 384, or 512. It's also possible to use common string
344 representations of the algorithm (e.g. "sha256", "SHA-384"). If
345 the argument is missing, SHA-1 will be used by default.
347 Invoking I<new> as an instance method will not create a new object;
348 instead, it will simply reset the object to the initial state
349 associated with I<$alg>. If the argument is missing, the object
350 will continue using the same algorithm that was selected at creation.
354 This method has exactly the same effect as I<new($alg)>. In fact,
355 I<reset> is just an alias for I<new>.
359 Returns the number of digest bits for this object. The values are
360 160, 224, 256, 384, and 512 for SHA-1, SHA-224, SHA-256, SHA-384,
361 and SHA-512, respectively.
365 Returns the digest algorithm for this object. The values are 1,
366 224, 256, 384, and 512 for SHA-1, SHA-224, SHA-256, SHA-384, and
367 SHA-512, respectively.
371 Returns a duplicate copy of the object.
373 =item B<add($data, ...)>
375 Logically joins the arguments into a single string, and uses it to
376 update the current digest state. In other words, the following
377 statements have the same effect:
379 $sha->add("a"); $sha->add("b"); $sha->add("c");
380 $sha->add("a")->add("b")->add("c");
381 $sha->add("a", "b", "c");
384 The return value is the updated object itself.
386 =item B<add_bits($data, $nbits)>
388 =item B<add_bits($bits)>
390 Updates the current digest state by appending bits to it. The
391 return value is the updated object itself.
393 The first form causes the most-significant I<$nbits> of I<$data>
394 to be appended to the stream. The I<$data> argument is in the
395 customary binary format used for Perl strings.
397 The second form takes an ASCII string of "0" and "1" characters as
398 its argument. It's equivalent to
400 $sha->add_bits(pack("B*", $bits), length($bits));
402 So, the following two statements do the same thing:
404 $sha->add_bits("111100001010");
405 $sha->add_bits("\xF0\xA0", 12);
407 =item B<addfile(*FILE)>
409 Reads from I<FILE> until EOF, and appends that data to the current
410 state. The return value is the updated object itself.
412 This method is inherited if L<Digest::base> is installed on your
413 system. Otherwise, a functionally equivalent substitute is used.
415 =item B<dump($filename)>
417 Provides persistent storage of intermediate SHA states by writing
418 a portable, human-readable representation of the current state to
419 I<$filename>. If the argument is missing, or equal to the empty
420 string, the state information will be written to STDOUT.
422 =item B<load($filename)>
424 Returns a Digest::SHA object representing the intermediate SHA
425 state that was previously dumped to I<$filename>. If called as a
426 class method, a new object is created; if called as an instance
427 method, the object is reset to the state contained in I<$filename>.
428 If the argument is missing, or equal to the empty string, the state
429 information will be read from STDIN.
433 Returns the digest encoded as a binary string.
435 Note that the I<digest> method is a read-once operation. Once it
436 has been performed, the Digest::SHA object is automatically reset
437 in preparation for calculating another digest value. Call
438 I<$sha-E<gt>clone-E<gt>digest> if it's necessary to preserve the
439 original digest state.
443 Returns the digest encoded as a hexadecimal string.
445 Like I<digest>, this method is a read-once operation. Call
446 I<$sha-E<gt>clone-E<gt>hexdigest> if it's necessary to preserve
447 the original digest state.
449 This method is inherited if L<Digest::base> is installed on your
450 system. Otherwise, a functionally equivalent substitute is used.
454 Returns the digest encoded as a Base64 string.
456 Like I<digest>, this method is a read-once operation. Call
457 I<$sha-E<gt>clone-E<gt>b64digest> if it's necessary to preserve
458 the original digest state.
460 This method is inherited if L<Digest::base> is installed on your
461 system. Otherwise, a functionally equivalent substitute is used.
465 I<HMAC-SHA-1/224/256/384/512>
469 =item B<hmac_sha1($data, $key)>
471 =item B<hmac_sha224($data, $key)>
473 =item B<hmac_sha256($data, $key)>
475 =item B<hmac_sha384($data, $key)>
477 =item B<hmac_sha512($data, $key)>
479 Returns the HMAC-SHA-1/224/256/384/512 digest of I<$data>/I<$key>,
480 with the result encoded as a binary string. Multiple I<$data>
481 arguments are allowed, provided that I<$key> is the last argument
484 =item B<hmac_sha1_hex($data, $key)>
486 =item B<hmac_sha224_hex($data, $key)>
488 =item B<hmac_sha256_hex($data, $key)>
490 =item B<hmac_sha384_hex($data, $key)>
492 =item B<hmac_sha512_hex($data, $key)>
494 Returns the HMAC-SHA-1/224/256/384/512 digest of I<$data>/I<$key>,
495 with the result encoded as a hexadecimal string. Multiple I<$data>
496 arguments are allowed, provided that I<$key> is the last argument
499 =item B<hmac_sha1_base64($data, $key)>
501 =item B<hmac_sha224_base64($data, $key)>
503 =item B<hmac_sha256_base64($data, $key)>
505 =item B<hmac_sha384_base64($data, $key)>
507 =item B<hmac_sha512_base64($data, $key)>
509 Returns the HMAC-SHA-1/224/256/384/512 digest of I<$data>/I<$key>,
510 with the result encoded as a Base64 string. Multiple I<$data>
511 arguments are allowed, provided that I<$key> is the last argument
518 L<Digest>, L<Digest::SHA::PurePerl>
520 The Secure Hash Standard (FIPS PUB 180-2) can be found at:
522 L<http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf>
524 The Keyed-Hash Message Authentication Code (HMAC):
526 L<http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf>
530 Mark Shelor <mshelor@cpan.org>
532 =head1 ACKNOWLEDGMENTS
534 The author is particularly grateful to
549 for their valuable comments and suggestions.
551 =head1 COPYRIGHT AND LICENSE
553 Copyright (C) 2003-2005 Mark Shelor
555 This library is free software; you can redistribute it and/or modify
556 it under the same terms as Perl itself.