9 our $VERSION = '5.42_01';
12 our @ISA = qw(Exporter);
15 hmac_sha1 hmac_sha1_base64 hmac_sha1_hex
16 hmac_sha224 hmac_sha224_base64 hmac_sha224_hex
17 hmac_sha256 hmac_sha256_base64 hmac_sha256_hex
18 hmac_sha384 hmac_sha384_base64 hmac_sha384_hex
19 hmac_sha512 hmac_sha512_base64 hmac_sha512_hex
20 sha1 sha1_base64 sha1_hex
21 sha224 sha224_base64 sha224_hex
22 sha256 sha256_base64 sha256_hex
23 sha384 sha384_base64 sha384_hex
24 sha512 sha512_base64 sha512_hex);
26 # If possible, inherit from Digest::base (which depends on MIME::Base64)
33 push(@ISA, 'Digest::base');
36 *hexdigest = \&Hexdigest;
37 *b64digest = \&B64digest;
41 XSLoader::load('Digest::SHA', $VERSION);
43 # Preloaded methods go here.
45 # The following routines aren't time-critical, so they can be left in Perl
48 my($class, $alg) = @_;
49 $alg =~ s/\D+//g if defined $alg;
50 if (ref($class)) { # instance method
51 unless (defined($alg) && ($alg != $class->algorithm)) {
55 shaclose($$class) if $$class;
56 $$class = shaopen($alg) || return;
59 $alg = 1 unless defined $alg;
60 my $state = shaopen($alg) || return;
68 shaclose($$self) if $$self;
73 my $state = shadup($$self) || return;
75 bless($copy, ref($self));
82 my($self, $data, $nbits) = @_;
83 unless (defined $nbits) {
84 $nbits = length($data);
85 $data = pack("B*", $data);
87 shawrite($data, $nbits, $$self);
95 Carp::croak("$msg: $!");
98 sub _addfile { # this is "addfile" from Digest::base 1.00
99 my ($self, $handle) = @_;
104 while (($n = read($handle, $buf, 4096))) {
107 _bail("Read failed") unless defined $n;
113 my ($self, $file, $mode) = @_;
115 return(_addfile($self, $file)) unless ref(\$file) eq 'SCALAR';
117 $mode = defined($mode) ? $mode : "";
118 my ($binary, $portable) = map { $_ eq $mode } ("b", "p");
121 open(my $fh, q{<}, $file) or _bail("Open failed");
122 binmode($fh) if $binary || $portable;
124 unless ($portable && $text) {
125 $self->_addfile($fh);
131 my ($buf1, $buf2) = ("", "");
133 while (($n1 = read($fh, $buf1, 4096))) {
134 while (substr($buf1, -1) eq "\015") {
135 $n2 = read($fh, $buf2, 4096);
136 _bail("Read failed") unless defined $n2;
140 $buf1 =~ s/\015?\015\012/\012/g; # DOS/Windows
141 $buf1 =~ s/\015/\012/g; # Apple/MacOS 9
144 _bail("Read failed") unless defined $n1;
152 my $file = shift || "";
154 shadump($file, $$self) || return;
160 my $file = shift || "";
161 if (ref($class)) { # instance method
162 shaclose($$class) if $$class;
163 $$class = shaload($file) || return;
166 my $state = shaload($file) || return;
168 bless($self, $class);
177 Digest::SHA - Perl extension for SHA-1/224/256/384/512
179 =head1 SYNOPSIS (SHA)
183 # Functional interface
185 use Digest::SHA qw(sha1 sha1_hex sha1_base64 ...);
187 $digest = sha1($data);
188 $digest = sha1_hex($data);
189 $digest = sha1_base64($data);
191 $digest = sha256($data);
192 $digest = sha384_hex($data);
193 $digest = sha512_base64($data);
199 $sha = Digest::SHA->new($alg);
201 $sha->add($data); # feed data into stream
204 $sha->addfile($filename);
206 $sha->add_bits($bits);
207 $sha->add_bits($data, $nbits);
209 $sha_copy = $sha->clone; # if needed, make copy of
210 $sha->dump($file); # current digest state,
211 $sha->load($file); # or save it on disk
213 $digest = $sha->digest; # compute digest
214 $digest = $sha->hexdigest;
215 $digest = $sha->b64digest;
217 From the command line:
223 =head1 SYNOPSIS (HMAC-SHA)
225 # Functional interface only
227 use Digest::SHA qw(hmac_sha1 hmac_sha1_hex ...);
229 $digest = hmac_sha1($data, $key);
230 $digest = hmac_sha224_hex($data, $key);
231 $digest = hmac_sha256_base64($data, $key);
235 Digest::SHA is a complete implementation of the NIST Secure Hash
236 Standard. It gives Perl programmers a convenient way to calculate
237 SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 message digests.
238 The module can handle all types of input, including partial-byte
243 Digest::SHA is written in C for speed. If your platform lacks a
244 C compiler, you can install the functionally equivalent (but much
245 slower) L<Digest::SHA::PurePerl> module.
247 The programming interface is easy to use: it's the same one found
248 in CPAN's L<Digest> module. So, if your applications currently
249 use L<Digest::MD5> and you'd prefer the stronger security of SHA,
250 it's a simple matter to convert them.
252 The interface provides two ways to calculate digests: all-at-once,
253 or in stages. To illustrate, the following short program computes
254 the SHA-256 digest of "hello world" using each approach:
256 use Digest::SHA qw(sha256_hex);
258 $data = "hello world";
259 @frags = split(//, $data);
261 # all-at-once (Functional style)
262 $digest1 = sha256_hex($data);
264 # in-stages (OOP style)
265 $state = Digest::SHA->new(256);
266 for (@frags) { $state->add($_) }
267 $digest2 = $state->hexdigest;
269 print $digest1 eq $digest2 ?
270 "whew!\n" : "oops!\n";
272 To calculate the digest of an n-bit message where I<n> is not a
273 multiple of 8, use the I<add_bits()> method. For example, consider
274 the 446-bit message consisting of the bit-string "110" repeated
275 148 times, followed by "11". Here's how to display its SHA-1
279 $bits = "110" x 148 . "11";
280 $sha = Digest::SHA->new(1)->add_bits($bits);
281 print $sha->hexdigest, "\n";
283 Note that for larger bit-strings, it's more efficient to use the
284 two-argument version I<add_bits($data, $nbits)>, where I<$data> is
285 in the customary packed binary format used for Perl strings.
287 The module also lets you save intermediate SHA states to disk, or
288 display them on standard output. The I<dump()> method generates
289 portable, human-readable text describing the current state of
290 computation. You can subsequently retrieve the file with I<load()>
291 to resume where the calculation left off.
293 To see what a state description looks like, just run the following:
296 Digest::SHA->new->add("Shaw" x 1962)->dump;
298 As an added convenience, the Digest::SHA module offers routines to
299 calculate keyed hashes using the HMAC-SHA-1/224/256/384/512
300 algorithms. These services exist in functional form only, and
301 mimic the style and behavior of the I<sha()>, I<sha_hex()>, and
302 I<sha_base64()> functions.
304 # Test vector from draft-ietf-ipsec-ciph-sha-256-01.txt
306 use Digest::SHA qw(hmac_sha256_hex);
307 print hmac_sha256_hex("Hi There", chr(0x0b) x 32), "\n";
309 =head1 NIST STATEMENT ON SHA-1
311 I<NIST was recently informed that researchers had discovered a way
312 to "break" the current Federal Information Processing Standard SHA-1
313 algorithm, which has been in effect since 1994. The researchers
314 have not yet published their complete results, so NIST has not
315 confirmed these findings. However, the researchers are a reputable
316 research team with expertise in this area.>
318 I<Due to advances in computing power, NIST already planned to phase
319 out SHA-1 in favor of the larger and stronger hash functions (SHA-224,
320 SHA-256, SHA-384 and SHA-512) by 2010. New developments should use
321 the larger and stronger hash functions.>
323 ref. L<http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/Burr_Mar2005.html>
325 =head1 BASE64 DIGESTS
327 By convention, CPAN Digest modules do not pad their Base64 output.
328 This means that Base64 digests contain no trailing "=" characters.
329 Unfortunately, problems can occur when feeding such digests to other
330 software that expects properly padded Base64 encodings.
332 For the time being, any necessary padding must be done by the user.
333 Fortunately, the rule for accomplishing it is straightforward: if the
334 length of a Base64-encoded digest isn't a multiple of 4, simply append
335 1 or more "=" characters to the end of the digest until it is:
337 while (length($b64_digest) % 4) {
341 To illustrate, I<sha256_base64("abc")> is computed to be
343 ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0
345 which has a length of 43. So, the properly padded version is
347 ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0=
353 =head1 EXPORTABLE FUNCTIONS
355 Provided your C compiler supports a 64-bit type (e.g. the I<long
356 long> of C99, or I<__int64> used by Microsoft C/C++), all of these
357 functions will be available for use. Otherwise, you won't be able
358 to perform the SHA-384 and SHA-512 transforms, both of which require
365 =item B<sha1($data, ...)>
367 =item B<sha224($data, ...)>
369 =item B<sha256($data, ...)>
371 =item B<sha384($data, ...)>
373 =item B<sha512($data, ...)>
375 Logically joins the arguments into a single string, and returns
376 its SHA-1/224/256/384/512 digest encoded as a binary string.
378 =item B<sha1_hex($data, ...)>
380 =item B<sha224_hex($data, ...)>
382 =item B<sha256_hex($data, ...)>
384 =item B<sha384_hex($data, ...)>
386 =item B<sha512_hex($data, ...)>
388 Logically joins the arguments into a single string, and returns
389 its SHA-1/224/256/384/512 digest encoded as a hexadecimal string.
391 =item B<sha1_base64($data, ...)>
393 =item B<sha224_base64($data, ...)>
395 =item B<sha256_base64($data, ...)>
397 =item B<sha384_base64($data, ...)>
399 =item B<sha512_base64($data, ...)>
401 Logically joins the arguments into a single string, and returns
402 its SHA-1/224/256/384/512 digest encoded as a Base64 string.
404 It's important to note that the resulting string does B<not> contain
405 the padding characters typical of Base64 encodings. This omission is
406 deliberate, and is done to maintain compatibility with the family of
407 CPAN Digest modules. See L</"BASE64 DIGESTS"> for details.
417 Returns a new Digest::SHA object. Allowed values for I<$alg> are
418 1, 224, 256, 384, or 512. It's also possible to use common string
419 representations of the algorithm (e.g. "sha256", "SHA-384"). If
420 the argument is missing, SHA-1 will be used by default.
422 Invoking I<new> as an instance method will not create a new object;
423 instead, it will simply reset the object to the initial state
424 associated with I<$alg>. If the argument is missing, the object
425 will continue using the same algorithm that was selected at creation.
429 This method has exactly the same effect as I<new($alg)>. In fact,
430 I<reset> is just an alias for I<new>.
434 Returns the number of digest bits for this object. The values are
435 160, 224, 256, 384, and 512 for SHA-1, SHA-224, SHA-256, SHA-384,
436 and SHA-512, respectively.
440 Returns the digest algorithm for this object. The values are 1,
441 224, 256, 384, and 512 for SHA-1, SHA-224, SHA-256, SHA-384, and
442 SHA-512, respectively.
446 Returns a duplicate copy of the object.
448 =item B<add($data, ...)>
450 Logically joins the arguments into a single string, and uses it to
451 update the current digest state. In other words, the following
452 statements have the same effect:
454 $sha->add("a"); $sha->add("b"); $sha->add("c");
455 $sha->add("a")->add("b")->add("c");
456 $sha->add("a", "b", "c");
459 The return value is the updated object itself.
461 =item B<add_bits($data, $nbits)>
463 =item B<add_bits($bits)>
465 Updates the current digest state by appending bits to it. The
466 return value is the updated object itself.
468 The first form causes the most-significant I<$nbits> of I<$data>
469 to be appended to the stream. The I<$data> argument is in the
470 customary binary format used for Perl strings.
472 The second form takes an ASCII string of "0" and "1" characters as
473 its argument. It's equivalent to
475 $sha->add_bits(pack("B*", $bits), length($bits));
477 So, the following two statements do the same thing:
479 $sha->add_bits("111100001010");
480 $sha->add_bits("\xF0\xA0", 12);
482 =item B<addfile(*FILE)>
484 Reads from I<FILE> until EOF, and appends that data to the current
485 state. The return value is the updated object itself.
487 =item B<addfile($filename [, $mode])>
489 Reads the contents of I<$filename>, and appends that data to the current
490 state. The return value is the updated object itself.
492 By default, I<$filename> is simply opened and read; no special modes
493 or I/O disciplines are used. To change this, set the optional I<$mode>
494 argument to one of the following values:
496 "b" read file in binary mode
498 "p" use portable mode
500 The "p" mode is handy since it ensures that the digest value of
501 I<$filename> will be the same when computed on different operating
502 systems. It accomplishes this by internally translating all newlines
503 in text files to UNIX format before calculating the digest; on the other
504 hand, binary files are read in raw mode with no translation whatsoever.
506 For a fuller discussion of newline formats, refer to CPAN module
507 L<File::LocalizeNewlines>. Its "universal line separator" regex forms
508 the basis of I<addfile>'s portable mode processing.
510 =item B<dump($filename)>
512 Provides persistent storage of intermediate SHA states by writing
513 a portable, human-readable representation of the current state to
514 I<$filename>. If the argument is missing, or equal to the empty
515 string, the state information will be written to STDOUT.
517 =item B<load($filename)>
519 Returns a Digest::SHA object representing the intermediate SHA
520 state that was previously dumped to I<$filename>. If called as a
521 class method, a new object is created; if called as an instance
522 method, the object is reset to the state contained in I<$filename>.
523 If the argument is missing, or equal to the empty string, the state
524 information will be read from STDIN.
528 Returns the digest encoded as a binary string.
530 Note that the I<digest> method is a read-once operation. Once it
531 has been performed, the Digest::SHA object is automatically reset
532 in preparation for calculating another digest value. Call
533 I<$sha-E<gt>clone-E<gt>digest> if it's necessary to preserve the
534 original digest state.
538 Returns the digest encoded as a hexadecimal string.
540 Like I<digest>, this method is a read-once operation. Call
541 I<$sha-E<gt>clone-E<gt>hexdigest> if it's necessary to preserve
542 the original digest state.
544 This method is inherited if L<Digest::base> is installed on your
545 system. Otherwise, a functionally equivalent substitute is used.
549 Returns the digest encoded as a Base64 string.
551 Like I<digest>, this method is a read-once operation. Call
552 I<$sha-E<gt>clone-E<gt>b64digest> if it's necessary to preserve
553 the original digest state.
555 This method is inherited if L<Digest::base> is installed on your
556 system. Otherwise, a functionally equivalent substitute is used.
558 It's important to note that the resulting string does B<not> contain
559 the padding characters typical of Base64 encodings. This omission is
560 deliberate, and is done to maintain compatibility with the family of
561 CPAN Digest modules. See L</"BASE64 DIGESTS"> for details.
565 I<HMAC-SHA-1/224/256/384/512>
569 =item B<hmac_sha1($data, $key)>
571 =item B<hmac_sha224($data, $key)>
573 =item B<hmac_sha256($data, $key)>
575 =item B<hmac_sha384($data, $key)>
577 =item B<hmac_sha512($data, $key)>
579 Returns the HMAC-SHA-1/224/256/384/512 digest of I<$data>/I<$key>,
580 with the result encoded as a binary string. Multiple I<$data>
581 arguments are allowed, provided that I<$key> is the last argument
584 =item B<hmac_sha1_hex($data, $key)>
586 =item B<hmac_sha224_hex($data, $key)>
588 =item B<hmac_sha256_hex($data, $key)>
590 =item B<hmac_sha384_hex($data, $key)>
592 =item B<hmac_sha512_hex($data, $key)>
594 Returns the HMAC-SHA-1/224/256/384/512 digest of I<$data>/I<$key>,
595 with the result encoded as a hexadecimal string. Multiple I<$data>
596 arguments are allowed, provided that I<$key> is the last argument
599 =item B<hmac_sha1_base64($data, $key)>
601 =item B<hmac_sha224_base64($data, $key)>
603 =item B<hmac_sha256_base64($data, $key)>
605 =item B<hmac_sha384_base64($data, $key)>
607 =item B<hmac_sha512_base64($data, $key)>
609 Returns the HMAC-SHA-1/224/256/384/512 digest of I<$data>/I<$key>,
610 with the result encoded as a Base64 string. Multiple I<$data>
611 arguments are allowed, provided that I<$key> is the last argument
614 It's important to note that the resulting string does B<not> contain
615 the padding characters typical of Base64 encodings. This omission is
616 deliberate, and is done to maintain compatibility with the family of
617 CPAN Digest modules. See L</"BASE64 DIGESTS"> for details.
623 L<Digest>, L<Digest::SHA::PurePerl>
625 The Secure Hash Standard (FIPS PUB 180-2) can be found at:
627 L<http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf>
629 The Keyed-Hash Message Authentication Code (HMAC):
631 L<http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf>
635 Mark Shelor <mshelor@cpan.org>
637 =head1 ACKNOWLEDGMENTS
639 The author is particularly grateful to
656 for their valuable comments and suggestions.
658 =head1 COPYRIGHT AND LICENSE
660 Copyright (C) 2003-2006 Mark Shelor
662 This library is free software; you can redistribute it and/or modify
663 it under the same terms as Perl itself.