1sha256(n)               SHA-x Message-Digest Algorithm               sha256(n)
2
3
4
5______________________________________________________________________________
6

NAME

8       sha256 - SHA256 Message-Digest Algorithm
9

SYNOPSIS

11       package require Tcl  8.2
12
13       package require sha256  ?1.0.2?
14
15       ::sha2::sha256 ?-hex|-bin? [ -channel channel | -file filename | string
16       ]
17
18       ::sha2::sha224 ?-hex|-bin? [ -channel channel | -file filename | string
19       ]
20
21       ::sha2::hmac key string
22
23       ::sha2::hmac ?-hex|-bin? -key key [ -channel channel | -file filename |
24       string ]
25
26       ::sha2::SHA256Init
27
28       ::sha2::SHA224Init
29
30       ::sha2::SHA256Update token data
31
32       ::sha2::SHA256Final token
33
34       ::sha2::SHA224Final token
35
36       ::sha2::HMACInit key
37
38       ::sha2::HMACUpdate token data
39
40       ::sha2::HMACFinal token
41
42_________________________________________________________________
43

DESCRIPTION

45       This package provides an implementation in Tcl of the SHA256 and SHA224
46       message-digest  algorithms  as  specified  by FIPS PUB 180-1 (1). These
47       algorithms take a message and generates a 256-bit (224-bit) digest from
48       the input. The SHA2 algorithms are related to the SHA1 algorithm.
49
50       This  package  also includes support for creating keyed message-digests
51       using the HMAC algorithm from RFC 2104 (3) with SHA256 as the  message-
52       digest.
53

COMMANDS

55       ::sha2::sha256 ?-hex|-bin? [ -channel channel | -file filename | string
56       ]
57              The command takes a message and returns  the  SHA256  digest  of
58              this message as a hexadecimal string. You may request the result
59              as binary data by giving -bin.
60
61              The data to be hashed can be specified either as a string  argu‐
62              ment  to  the  sha256  command, or as a filename or a pre-opened
63              channel. If the -filename argument is given  then  the  file  is
64              opened,  the data read and hashed and the file is closed. If the
65              -channel argument is given then data is read  from  the  channel
66              until  the  end  of file. The channel is not closed. NOTE use of
67              the channel or filename options results in the internal  use  of
68              vwait.  To  avoid  nested event loops in Tk or tclhttpd applica‐
69              tions you  should  use  the  incremental  programming  API  (see
70              below).
71
72              Only one of -file, -channel or string should be given.
73
74       ::sha2::sha224 ?-hex|-bin? [ -channel channel | -file filename | string
75       ]
76              Like ::sha2::sha256, except that the SHA224 digest is returned.
77
78       ::sha2::hmac key string
79
80       ::sha2::hmac ?-hex|-bin? -key key [ -channel channel | -file filename |
81       string ]
82              Calculate  an  Hashed Message Authentication digest (HMAC) using
83              the SHA256 digest algorithm. HMACs are described in RFC 2104 (3)
84              and  provide  an  SHA256 digest that includes a key. All options
85              other than -key are as for the ::sha2::sha256 command.
86

PROGRAMMING INTERFACE

88       For the programmer, the SHA256 hash can be  viewed  as  a  bucket  into
89       which  one pours data. When you have finished, you extract a value that
90       is derived from the data that was poured into the bucket. The  program‐
91       ming  interface  to  the SHA256 hash operates on a token (equivalent to
92       the bucket). You call SHA256Init  to  obtain  a  token  and  then  call
93       SHA256Update  as  many  times  as  required to add data to the hash. To
94       release any  resources  and  obtain  the  hash  value,  you  then  call
95       SHA256Final.  An  equivalent  set of functions gives you a keyed digest
96       (HMAC).
97
98       If you have critcl and have built the tcllibc package then  the  imple‐
99       mentation  of  the hashing function will be performed by compiled code.
100       Failing that there is a pure-tcl equivalent. The programming  interface
101       remains the same in all cases.
102
103       ::sha2::SHA256Init
104
105       ::sha2::SHA224Init
106              Begins a new SHA256/SHA224 hash. Returns a token ID that must be
107              used for the remaining functions.
108
109       ::sha2::SHA256Update token data
110              Add data to the hash identified by token.  Calling  SHA256Update
111              $token  "abcd" is equivalent to calling SHA256Update $token "ab"
112              followed by SHA256Update $token "cb". See EXAMPLES.   Note  that
113              this  command  is used for both SHA256 and SHA224. Only the ini‐
114              tialization and finalization commands of both hashes differ.
115
116       ::sha2::SHA256Final token
117
118       ::sha2::SHA224Final token
119              Returns the hash value and releases any resources held  by  this
120              token.  Once  this  command completes the token will be invalid.
121              The result is a binary string of 32/28  bytes  representing  the
122              256/224 bit SHA256 / SHA224 digest value.
123
124       ::sha2::HMACInit key
125              This is equivalent to the ::sha2::SHA256Init command except that
126              it requires the key that will be included in the HMAC.
127
128       ::sha2::HMACUpdate token data
129
130       ::sha2::HMACFinal token
131              These commands are identical to the SHA256 equivalent commands.
132

EXAMPLES

134       % sha2::sha256 "Tcl does SHA256"
135       0b91043ee484abd83c3e4b08d6034d71b937026379f0f59bda6e625e6e214789
136
137
138       % sha2::hmac Sekret "Tcl does SHA256"
139       4f9352c64d655e8a36abe73e6163a9d7a54039877c1c92ec90b07d48d4e854e0
140
141
142       % set tok [sha2::SHA256Init]
143       ::sha2::1
144       % sha2::SHA256Update $tok "Tcl "
145       % sha2::SHA256Update $tok "does "
146       % sha2::SHA256Update $tok "SHA256"
147       % sha2::Hex [sha2::SHA256Final $tok]
148       0b91043ee484abd83c3e4b08d6034d71b937026379f0f59bda6e625e6e214789
149
150

REFERENCES

152       [1]    "Secure Hash Standard",  National  Institute  of  Standards  and
153              Technology,   U.S.   Department   Of   Commerce,   April   1995.
154              (http://www.itl.nist.gov/fipspubs/fip180-1.htm)
155
156       [2]    Rivest, R., "The MD4 Message Digest Algorithm", RFC  1320,  MIT,
157              April 1992. (http://www.rfc-editor.org/rfc/rfc1320.txt)
158
159       [3]    Krawczyk,  H.,  Bellare, M. and Canetti, R. "HMAC: Keyed-Hashing
160              for  Message   Authentication",   RFC   2104,   February   1997.
161              (http://www.rfc-editor.org/rfc/rfc2104.txt)
162

BUGS, IDEAS, FEEDBACK

164       This  document,  and the package it describes, will undoubtedly contain
165       bugs and other problems.  Please report such in the  category  sha1  of
166       the          Tcllib         SF         Trackers         [http://source‐
167       forge.net/tracker/?group_id=12883].  Please also report any  ideas  for
168       enhancements you may have for either package and/or documentation.
169

SEE ALSO

171       md4, md5, ripemd128, ripemd160, sha1
172

KEYWORDS

174       FIPS 180-1, hashing, message-digest, rfc 2104, security, sha256
175

COPYRIGHT

177       Copyright (c) 2008, Andreas Kupries <andreas_kupries@users.sourceforge.net>
178
179
180
181
182sha1                                 1.0.2                           sha256(n)