md4 time: 248 microseconds per iteration using tcl md5 time: 275 microseconds per iteration using tcl sha1 time: 409 microseconds per iteration using tcl rmd128 time: 410 microseconds per iteration using tcl rmd160 time: 679 microseconds per iteration using tcl sha224 time: 880 microseconds per iteration using tcl sha256 time: 894 microseconds per iteration using tclbll 2018-8-20: I have an implementation (in C) available that does SHA-512, SHA-384, SHA-512/256 and SHA-512/224. It can also be compiled to SHA-256, SHA-224 (already available in Tcllib). Pre-built libraries (for the 512 bit versions) are available at: https://sourceforge.net/projects/tcl-sha/files/
RLH - I have the latest ActiveTcl 8.4.9 and I do not see anything about SHA-256/384/512 in the docs. Were those added after the 8.4.9 release? addendum: I installed 8.5 and no sign in the docs about the other SHA stuff.PT 22-Feb-2005: When I say 'now' above I actually mean today - 22 Feb 2005. You can grab the CVS sources from
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/tcllib co tcllib/modules/sha1until we create a new release.
LV 2007 Jan 31 In the latest tcllib, I see a file called tcllib/modules/sha2/sha256.tcl . The top of the page talks about sha1, and the code appears to implement the 224 and 256 bit algorithms. The longer codes don't appear to be there yet. I also don't see anything in the doc pages. Of course, right now, a competition for sha3 is in the works, so perhaps someone stopped because the older stuff have been challenged.AMG: 2018-9-19: SHA-3 is complete and resulted in FIPS 202 [3]. Is anyone working on a Tcl implementation?bll: 2018-9-19: I just finished the SHA-2 implementation [4]. SHA-3 looked rather more complicated, and is it even necessary? SHA-2 is pretty good. See also: [5].AMG: SHA-3 is intended to be different in structure than SHA-1/2. As for wanting SHA-3, the point is being interoperable with other systems using SHA-3, in my case Fossil.
See also sha1, md4, md5, ripemd, cryptkit
See http://code.wikia.com/wiki/SHA_checksum for a place where a Tcl enthusist might consider adding an example of the use of the tcllib module to calculate a sha checksum.Documentation: https://core.tcl.tk/tcllib/doc/trunk/embedded/www/tcllib/files/modules/sha1/sha256.html
EL - 2017-08-08 18:53:04Missing parts of sha and crypto in general can easily be added in with ffidl and openssl (or any other C based crypto library). I did this for HMAC-SHA512, with the following lines:file: openssl_hmac-0.1.tm
# # ffidl wrapper for openssl hmac512 algorithm # package require Tcl 8.6 package require Ffidl 0.7 package require Ffidlrt 0.2 namespace eval openssl { # # library hooks and definitions # namespace eval dll { variable CRYPTODLL [if {$::tcl_platform(platform) eq "windows"} { subst libeay32.dll } else { subst libcrypto[info sharedlibext] }] ffidl::callout evp_sha512 {} pointer [ffidl::symbol $CRYPTODLL EVP_sha512] ffidl::callout hmac \ {pointer pointer-byte int pointer-byte int pointer-var pointer-var} {unsigned char} \ [ffidl::symbol $CRYPTODLL HMAC] } ;# namespace openssl::dll # # procedures # ## computes the hmac512 of given data with given key proc hmac512 {key data args} { set mdPtr [binary format x64] set mdlenPtr [binary format x[ffidl::info sizeof int]] set key [binary format a* $key] set data [binary format a* $data] set r [dll::hmac [dll::evp_sha512] $key [string len $key] $data [string len $data] mdPtr mdlenPtr] binary scan $r [ffidl::info format {unsigned char}] ret if {$ret == 0} { throw {OPENSSL HMAC} "hmac512 returned NULL" } binary scan $mdlenPtr [ffidl::info format unsigned] mdlen binary scan $mdPtr a[set mdlen] md if {[lsearch $args -b64] < 0} { return $md } binary encode base64 $md } } ;# namespace opensslUsage:
package require openssl_hmac 0.1 set base64_encoded_hmac_hash [openssl::hmac512 key data -b64]Of course there is much more that can be done, i.e. other sha algorithms, certificates, ...