1.\" 2.\" ---------------------------------------------------------------------------- 3.\" "THE BEER-WARE LICENSE" (Revision 42): 4.\" <phk@FreeBSD.org> wrote this file. As long as you retain this notice you 5.\" can do whatever you want with this stuff. If we meet some day, and you think 6.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7.\" ---------------------------------------------------------------------------- 8.\" 9.\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp 10.\" $FreeBSD$ 11.\" 12.Dd May 21, 2019 13.Dt SHA 3 14.Os 15.Sh NAME 16.Nm SHA_Init , 17.Nm SHA_Update , 18.Nm SHA_Final , 19.Nm SHA_End , 20.Nm SHA_File , 21.Nm SHA_FileChunk , 22.Nm SHA_Data , 23.Nm SHA1_Init , 24.Nm SHA1_Update , 25.Nm SHA1_Final , 26.Nm SHA1_End , 27.Nm SHA1_File , 28.Nm SHA1_FileChunk , 29.Nm SHA1_Data 30.Nd calculate the FIPS 160 and 160-1 ``SHA'' message digests 31.Sh LIBRARY 32.Lb libmd 33.Sh SYNOPSIS 34.In sys/types.h 35.In sha.h 36.Ft void 37.Fn SHA_Init "SHA_CTX *context" 38.Ft void 39.Fn SHA_Update "SHA_CTX *context" "const unsigned char *data" "size_t len" 40.Ft void 41.Fn SHA_Final "unsigned char digest[20]" "SHA_CTX *context" 42.Ft "char *" 43.Fn SHA_End "SHA_CTX *context" "char *buf" 44.Ft "char *" 45.Fn SHA_File "const char *filename" "char *buf" 46.Ft "char *" 47.Fn SHA_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" 48.Ft "char *" 49.Fn SHA_Data "const unsigned char *data" "unsigned int len" "char *buf" 50.Ft void 51.Fn SHA1_Init "SHA_CTX *context" 52.Ft void 53.Fn SHA1_Update "SHA_CTX *context" "const unsigned char *data" "size_t len" 54.Ft void 55.Fn SHA1_Final "unsigned char digest[20]" "SHA_CTX *context" 56.Ft "char *" 57.Fn SHA1_End "SHA_CTX *context" "char *buf" 58.Ft "char *" 59.Fn SHA1_File "const char *filename" "char *buf" 60.Ft "char *" 61.Fn SHA1_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" 62.Ft "char *" 63.Fn SHA1_Data "const unsigned char *data" "unsigned int len" "char *buf" 64.Sh DESCRIPTION 65The 66.Li SHA_ 67and 68.Li SHA1_ 69functions calculate a 160-bit cryptographic checksum (digest) 70for any number of input bytes. 71A cryptographic checksum is a one-way 72hash function; that is, it is computationally impractical to find 73the input corresponding to a particular output. 74This net result is 75a 76.Dq fingerprint 77of the input-data, which does not disclose the actual input. 78.Pp 79.Tn SHA 80(or 81.Tn SHA-0 ) 82is the original Secure Hash Algorithm specified in 83.Tn FIPS 84160. 85It was quickly proven insecure, and has been superseded by 86.Tn SHA-1 . 87.Tn SHA-0 88is included for compatibility purposes only. 89.Pp 90The 91.Fn SHA1_Init , 92.Fn SHA1_Update , 93and 94.Fn SHA1_Final 95functions are the core functions. 96Allocate an 97.Vt SHA_CTX , 98initialize it with 99.Fn SHA1_Init , 100run over the data with 101.Fn SHA1_Update , 102and finally extract the result using 103.Fn SHA1_Final , 104which will also erase the 105.Vt SHA_CTX . 106.Pp 107.Fn SHA1_End 108is a wrapper for 109.Fn SHA1_Final 110which converts the return value to a 41-character 111(including the terminating '\e0') 112.Tn ASCII 113string which represents the 160 bits in hexadecimal. 114.Pp 115.Fn SHA1_File 116calculates the digest of a file, and uses 117.Fn SHA1_End 118to return the result. 119If the file cannot be opened, a null pointer is returned. 120.Fn SHA1_FileChunk 121is similar to 122.Fn SHA1_File , 123but it only calculates the digest over a byte-range of the file specified, 124starting at 125.Fa offset 126and spanning 127.Fa length 128bytes. 129If the 130.Fa length 131parameter is specified as 0, or more than the length of the remaining part 132of the file, 133.Fn SHA1_FileChunk 134calculates the digest from 135.Fa offset 136to the end of file. 137.Fn SHA1_Data 138calculates the digest of a chunk of data in memory, and uses 139.Fn SHA1_End 140to return the result. 141.Pp 142When using 143.Fn SHA1_End , 144.Fn SHA1_File , 145or 146.Fn SHA1_Data , 147the 148.Fa buf 149argument can be a null pointer, in which case the returned string 150is allocated with 151.Xr malloc 3 152and subsequently must be explicitly deallocated using 153.Xr free 3 154after use. 155If the 156.Fa buf 157argument is non-null it must point to at least 41 characters of buffer space. 158.Sh ERRORS 159The 160.Fn SHA1_End 161function called with a null buf argument may fail and return NULL if: 162.Bl -tag -width Er 163.It Bq Er ENOMEM 164Insufficient storage space is available. 165.El 166.Pp 167The 168.Fn SHA1_File 169and 170.Fn SHA1_FileChunk 171may return NULL when underlying 172.Xr open 2 , 173.Xr fstat 2 , 174.Xr lseek 2 , 175or 176.Xr SHA1_End 2 177fail. 178.Sh SEE ALSO 179.Xr md4 3 , 180.Xr md5 3 , 181.Xr ripemd 3 , 182.Xr sha256 3 , 183.Xr sha512 3 , 184.Xr skein 3 185.Sh HISTORY 186These functions appeared in 187.Fx 4.0 . 188.Sh AUTHORS 189The core hash routines were implemented by Eric Young based on the 190published 191.Tn FIPS 192standards. 193.Sh BUGS 194The 195.Tn SHA1 196algorithm has been proven to be vulnerable to practical collision 197attacks and should not be relied upon to produce unique outputs, 198.Em nor should it be used as part of a new cryptographic signature scheme. 199.Pp 200The 201.Tn IA32 202(Intel) implementation of 203.Tn SHA-1 204makes heavy use of the 205.Ql bswapl 206instruction, which is not present on the original 80386. 207Attempts to use 208.Tn SHA-1 209on those processors will cause an illegal instruction trap. 210(Arguably, the kernel should simply emulate this instruction.) 211