Provided by: tcllib_1.21+dfsg-1_all bug

NAME

       sha1 - SHA1 Message-Digest Algorithm

SYNOPSIS

       package require Tcl  8.2

       package require sha1  ?2.0.4?

       ::sha1::sha1 ?-hex|-bin? [ -channel channel | -file filename | ?--? string ]

       ::sha1::hmac key string

       ::sha1::hmac ?-hex|-bin? -key key [ -channel channel | -file filename | ?--? string ]

       ::sha1::SHA1Init

       ::sha1::SHA1Update token data

       ::sha1::SHA1Final token

       ::sha1::HMACInit key

       ::sha1::HMACUpdate token data

       ::sha1::HMACFinal token

_________________________________________________________________________________________________

DESCRIPTION

       This  package  provides  an  implementation in Tcl of the SHA1 message-digest algorithm as
       specified by FIPS PUB 180-1 (1). This algorithm takes a message and  generates  a  160-bit
       digest from the input. The SHA1 algorithm is related to the MD4 algorithm (2) but has been
       strengthend against certain  types  of  cryptographic  attack.  SHA1  should  be  used  in
       preference to MD4 or MD5 in new applications.

       This  package  also  includes  support  for  creating keyed message-digests using the HMAC
       algorithm from RFC 2104 (3) with SHA1 as the message-digest.

COMMANDS

       ::sha1::sha1 ?-hex|-bin? [ -channel channel | -file filename | ?--? string ]
              The command takes a message and returns the  SHA1  digest  of  this  message  as  a
              hexadecimal string. You may request the result as binary data by giving -bin.

              The  data  to  be  hashed  can be specified either as a string argument to the sha1
              command, or as a filename or a pre-opened channel. If  the  -filename  argument  is
              given  then the file is opened, the data read and hashed and the file is closed. If
              the -channel argument is given then data is read from the channel until the end  of
              file.  The  channel  is  not  closed.  NOTE  use of the channel or filename options
              results in the internal use of vwait. To avoid nested event loops in Tk or tclhttpd
              applications you should use the incremental programming API (see below).

              Only one of -file, -channel or string should be given.

              If  the  string  to  hash can be mistaken for an option (leading dash "-"), use the
              option -- before it to terminate option processing and force  interpretation  as  a
              string.

       ::sha1::hmac key string

       ::sha1::hmac ?-hex|-bin? -key key [ -channel channel | -file filename | ?--? string ]
              Calculate  an  Hashed  Message  Authentication  digest (HMAC) using the SHA1 digest
              algorithm. HMACs are described in RFC 2104 (3) and  provide  an  SHA1  digest  that
              includes a key. All options other than -key are as for the ::sha1::sha1 command.

              If  the  string  to  hash can be mistaken for an option (leading dash "-"), use the
              option -- before it to terminate option processing and force  interpretation  as  a
              string.

PROGRAMMING INTERFACE

       For  the  programmer,  the  SHA1 hash can be viewed as a bucket into which one pours data.
       When you have finished, you extract a value that is derived from the data that was  poured
       into  the  bucket.  The  programming  interface  to  the  SHA1  hash  operates  on a token
       (equivalent to the bucket). You call SHA1Init to obtain a token and then  call  SHA1Update
       as many times as required to add data to the hash. To release any resources and obtain the
       hash value, you then call SHA1Final. An equivalent set of  functions  gives  you  a  keyed
       digest (HMAC).

       If  you  have  critcl  and  have  built the tcllibc package then the implementation of the
       hashing function will be performed by compiled code. Failing that  if  you  have  the  Trf
       package  then  this  can be used otherwise there is a pure-tcl equivalent. The programming
       interface remains the same in all cases.

       ::sha1::SHA1Init
              Begins a new SHA1 hash. Returns a token ID that must  be  used  for  the  remaining
              functions.

       ::sha1::SHA1Update token data
              Add  data  to  the  hash  identified  by token. Calling SHA1Update $token "abcd" is
              equivalent to calling SHA1Update $token "ab" followed by  SHA1Update  $token  "cb".
              See EXAMPLES.

       ::sha1::SHA1Final token
              Returns  the  hash  value  and releases any resources held by this token. Once this
              command completes the token will be invalid. The result is a binary  string  of  20
              bytes representing the 160 bit SHA1 digest value.

       ::sha1::HMACInit key
              This  is equivalent to the ::sha1::SHA1Init command except that it requires the key
              that will be included in the HMAC.

       ::sha1::HMACUpdate token data

       ::sha1::HMACFinal token
              These commands are identical to the SHA1 equivalent commands.

EXAMPLES

              % sha1::sha1 "Tcl does SHA1"
              285a6a91c45a9066bf39fcf24425796ef0b2a8bf

              % sha1::hmac Sekret "Tcl does SHA1"
              ae6251fa51b95b18cba2be95eb031d07475ff03c

              % set tok [sha1::SHA1Init]
              ::sha1::1
              % sha1::SHA1Update $tok "Tcl "
              % sha1::SHA1Update $tok "does "
              % sha1::SHA1Update $tok "SHA1"
              % sha1::Hex [sha1::SHA1Final $tok]
              285a6a91c45a9066bf39fcf24425796ef0b2a8bf

REFERENCES

       [1]    "Secure Hash Standard",  National  Institute  of  Standards  and  Technology,  U.S.
              Department             Of             Commerce,             April             1995.
              (http://www.itl.nist.gov/fipspubs/fip180-1.htm)

       [2]    Rivest, R., "The  MD4  Message  Digest  Algorithm",  RFC  1320,  MIT,  April  1992.
              (http://www.rfc-editor.org/rfc/rfc1320.txt)

       [3]    Krawczyk,  H.,  Bellare,  M.  and  Canetti,  R.  "HMAC:  Keyed-Hashing  for Message
              Authentication",     RFC      2104,      February      1997.       (http://www.rfc-
              editor.org/rfc/rfc2104.txt)

BUGS, IDEAS, FEEDBACK

       This  document,  and  the  package  it  describes, will undoubtedly contain bugs and other
       problems.   Please  report  such  in  the   category   sha1   of   the   Tcllib   Trackers
       [http://core.tcl.tk/tcllib/reportlist].  Please also report any ideas for enhancements you
       may have for either package and/or documentation.

       When proposing code changes, please provide unified diffs, i.e the output of diff -u.

       Note further that attachments are strongly preferred over inlined patches. Attachments can
       be  made  by going to the Edit form of the ticket immediately after its creation, and then
       using the left-most button in the secondary navigation bar.

SEE ALSO

       md4, md5, ripemd128, ripemd160

KEYWORDS

       FIPS 180-1, hashing, message-digest, rfc 2104, security, sha1

CATEGORY

       Hashes, checksums, and encryption

COPYRIGHT

       Copyright (c) 2005, Pat Thoyts <patthoyts@users.sourceforge.net>