Table of Contents
27.08.2021: Convert from autotools to cmake build environment Because the autotools have not been consistently maintained in the past few years, the build environment has been converted to cmake. See the INSTALL instructions on how to build fehashmac.
07.09.2016: Replace SHA3, keccak with new code base
02.08.2016: General cleanup. One potential buffer overrun in keccak has been fixed. The code has been checked against STACK for null pointers, three finding have been fixed. Doc has been reorganized. A shell script, md5sum2md5 has been added to convert from md5sum syntax to md5 style.
11.07.2016: MD6 algorithms have been added. md6-224, md6-256, md6-384, md6-512, although they had been retired from the SHA3 competition. Performance comparisons are available in the Doc directory.
29.02.2016: SHA3 algorithms are now based on FIPS 202 issued August 2015. shake128, shake256 support now extendable length output, the previously defined algos xofshake128, xofshake256 are now superseded by shake128, shake256 and are therefore abandoned.
20.05.2015: KMAC implemented for SHA3 algorithms and XOFs. README updated. Algorithm kmac-all selects all algorithms that support KMAC, all-b64 selects all algos that support Base64 encoding, and similarly kmac-all-b64. The KMAC key can either be an ASCII string (up to 253 bytes long, --key=xxx) or a hex string (--hexkey=nnn), whose length in bits may be specified with --keylength=bbb (max value 254*8-1= 2031 bits).
01.05.2015: Extendable Output Functions (XOFs) xofshake128, xofshake256. Output length can be specified to an arbitrary number of bytes up to 9 Exabytes or infinity. BASE64 output is OK.
27.02.2015: BASE64 support for SHAKE. SHAKE can now produce BASE64 output.
18.01.2015: SHA3 performance:
SHA3 is now implemented based on the
KeccakWidth1600Opt64LCu6 version in the
KeccakCodePackage (downloaded on 11.12.2014):
$ git clone https://github.com/gvanas/KeccakCodePackage
This version gives good performance both
on 32 and 64 bit Intel platforms as well as on an
AMD GEODE based appliance. Reports about other platforms
like SPARC are welcome.
02.01.2015: The 6 SHA3 algorithms are now supported, based on the Draft FIPS Pub 202 (May 2014): sha3-224, sha3-256, sha3-384, sha3-512 and the two extendable output functions (XOF) shake128 and shake256. Test vectors are included. Our implementation is based on the reference implementation, a more efficient implementation will follow in an update.
28.01.2012: Multiple algorithms (including HMACs) can be specified simultaneously. The data files are read only once, and all hashes are calculated in parallel. As an option, algorithm "all" expands to the list of all known algorithms, which are thus calculated in parallel for each data file or string. Likewise, algorithm "hmac-all" expands to all known HMAC algorithms. The results of the --check option and the test cases are nicely summarized.
29.03.2011: Support for the sha512-224 sha512-256 algorithms
14.04.2011: HMAC test vectors added for MD5, SHA1, RMD128, RMD160. List of algorithms is now sorted alphabetically.
13.04.2011: Support for all SHA-3 finalists: BLAKE, GROESTL, JH, KECCAK, SKEIN for 224. 256. 384, 512 bits hash length, SKEIN also for 1024 bits. They all support bitwise operation, bitwise test vectors are included (taken from the SHA-3 submissions). HMAC support upgraded to FIPS PUB 198-1 (2008), HMAC test vectors added for sha{224, 256, 384, 512}.
FEHASHMAC is a collection of publicly known hash algorithms integrated into a command-line utility. FEHASHMAC also contains a set of known test vectors and results for each algorithm such that the correct implementation for each hardware platform and compiler version can directly be verified.
FEHASHMAC supports bitwise hash calculation for algorithms with available bitwise test vectors. Currently this applies to the SHA algorithms: sha1, sha224, sha256, sha384, sha512, and to the SHA-3 algorithms: sha3-224, sha3-256, sha3-384, sha3-512, shake128, shake256. The so-called Gillogly bitwise input has only been tested for sha1, but is also implemented in the SHA-2 hashes.
Bitwise hash calculation is also supported in sha512-224, sha512-256, whirl, but there are no bitwise test vectors available.
FEHASHMAC can also calculate hashed message authentication codes (HMAC) as specified in RFC 2104 and extended to arbitrary-length keys in FIPS PUB 198-1. The HMAC key can be specified as an ASCII string or as a hex string, and HMACs can be calculated for files, strings, and hex strings. For SHA3, the KMAC message authentication is available, not HMAC.
To simplify usage, symbolic links with the algorithm name allow to call fehashmac without the -a option. A prepended hmac- will automatically enable HMAC mode. Likewise with kmac- and -b64 for KMAC and Base64.
Hashes and HMACs/KMACs of files can be verified with the --check option.
SHA3 supports KMAC, not HMAC . (Gilles van Assche, private communication, 11.12.2014).
$ fehashmac -a md5 -s abc
# fehashmac -a md5 -s abc
md5 ("abc") = 900150983cd24fb0d6963f7d28e17f72or shorter: $ md5 -s abc
$ fehashmac -a md5 -M 0123456789abcdef # fehashmac -a md5 -M 0123456789abcdef a1cd1d1fc6491068d91007283ed84489
$ fehashmac -a sha1 /etc/passwd /etc/group /dev/null # fehashmac -a sha1 /etc/passwd /etc/group /dev/null sha1 (/etc/passwd) = 4be7c2d886c61b837dc2303cab786d9f0ff206cb sha1 (/etc/group) = bb1c71ab1f704cda8c54504e94bab376f6db3a67 sha1 (/dev/null) = da39a3ee5e6b4b0d3255bfef95601890afd80709
or shorter: $ sha1 /etc/passwd /etc/group /dev/null
$ fehashmac -c some.sha1 # fehashmac -c some.sha1 /etc/passwd: OK sha1 /etc/group: OK sha1 /dev/null: OK sha1
Summary: -------- Lines read: 4 Hash entries read: 3 Files found: 3 Files OK: 3
where some.sha1 contains the output of the example above.
$ fehashmac -a hmac-rmd256 -K Boss -s 'Yes,we can!'
# fehashmac -a hmac-rmd256 -K Boss -s Yes,we can!
key (hmac) = Boss
hmac-rmd256 ("Yes,we can!") = 2b2a8cf6cfd56b54d3a80a2067edff63d14ed06ef3c26b1ac972bba224274c89or shorter: $ hmac-rmd256 -K Boss -s 'Yes,we can!'
$ kmac-sha3-224 -K Boss -s 'Yes,we can!'
# kmac-sha3-224 -K Boss -s Yes,we can!
key (kmac) = Boss
sha3-224 ("Yes,we can!") = 354888bd9b45d43a33a3bfa1e88c5a7aeaefbade9e5d6d74034c316e$ hmac-tiger2 --hexkey=fedcba9876543210 /etc/passwd /etc/group /dev/null # hmac-tiger2 --hexkey=fedcba9876543210 /etc/passwd /etc/group /dev/null hexkey (hmac) = fedcba9876543210 hmac-tiger2 (/etc/passwd) = 6e67b8b5e8b9d883cdc5c2fc7a283f0ffacab28b7e606bd9 hmac-tiger2 (/etc/group) = acb4d8b2c531e7c60eb173cfd202499a79b145a56f8f852c hmac-tiger2 (/dev/null) = 5b6a8380f59ecc8b3a97ce6be78c762fa16e30dbe2216e96
$ kmac-sha3-256 --hexkey=fedcba9876543210 /etc/passwd /etc/group /dev/null # kmac-sha3-256 --hexkey=fedcba9876543210 /etc/passwd /etc/group /dev/null hexkey (kmac) = fedcba9876543210 kmac-sha3-256 (/etc/passwd) = 8b0a4380929d2fe9f53b9f0a12b40a2fdbdedf24e77bf952b90b35a866da26e6 kmac-sha3-256 (/etc/group) = d189191bfff6f3b77c79ea73a2b1fc3b7a46a0514b01e7db831b76b4a81b70a5 kmac-sha3-256 (/dev/null) = 67be22796350e0572605fd02b6519f91a14885339624f55c842dc795f4e15211
$ fehashmac -a sha1 --hexstring=98 --bits=5 # fehashmac -a sha1 --hexstring=98 --bits=5 29826b003b906e660eff4027ce98af3531ac75ba
Two hashes of some files, each file is read only once
$ fehashmac -a md5,sha256 /etc/passwd /etc/group # fehashmac -a md5,sha256 /etc/passwd /etc/group md5 (/etc/passwd) = 220b5227b5f19f5493a4c7bd44a56828 sha256 (/etc/passwd) = 17bdf3d73670ad219a51b70cc1e82311c7e93fc1e9aefe2efeeb5badf91a5681 md5 (/etc/group) = 96c4a5f194d9d9c015f4b10028775c49 sha256 (/etc/group) = f5527d31c7d281d88bfbe00cb88fb3d9aba3c8180236d9378224a1b0bc34c8e4
$ fehashmac -a md5,sha256,hmac-md5,hmac-sha256,kmac-sha3-384 --key="Jefe" /etc/passwd /etc/group # fehashmac -a md5,sha256,hmac-md5,hmac-sha256,kmac-sha3-384 --key=Jefe /etc/passwd /etc/group key (hmac) = Jefe key (kmac) = Jefe md5 (/etc/passwd) = 220b5227b5f19f5493a4c7bd44a56828 sha256 (/etc/passwd) = 17bdf3d73670ad219a51b70cc1e82311c7e93fc1e9aefe2efeeb5badf91a5681 hmac-md5 (/etc/passwd) = c4df55f00538367583d432c739b6d773 hmac-sha256 (/etc/passwd) = 74fef7bfd7ee5c61c21f595b3e07440aa0e075ffcf5a0b407f94fa02bd4c9833 kmac-sha3-384 (/etc/passwd) = c51086cd0a4b1b233c033a5b5395e0323ae3290a9e4ddb961db75748eedd3250adfc60218c76e50a2a1b9d5468148711 md5 (/etc/group) = 96c4a5f194d9d9c015f4b10028775c49 sha256 (/etc/group) = f5527d31c7d281d88bfbe00cb88fb3d9aba3c8180236d9378224a1b0bc34c8e4 hmac-md5 (/etc/group) = 89458458d06b9b7d39561c202dbaf4f4 hmac-sha256 (/etc/group) = 16f4b85cae4e9d9229a9f4845b3582896d3e2210c630264b55e7874e9e135d5b kmac-sha3-384 (/etc/group) = f70269d9843a349de84eefc69882072ec82bbb3b61542b523fbe38561aa06942c2a35868564a00948732fcb2eaa123d9
The default output length is 512 bytes, it can be modified by the --xoflength=nnn parameter, possible values are up to 2**63-1 or -1 for infinity. Base64 output for any desired length is supported.
$ fehashmac -a shake128 /etc/passwd /etc/group # fehashmac -a shake128 /etc/passwd /etc/group length (xof) = 512 shake128 (/etc/passwd) = 0d3fac7405a1b89d4591998d6e568323fccf08482188147aaf5a79443fce7cd5c2d397b20a326ec6f55307f4f652c47c1aeef79cdcc0be85d9a9d0f452fd4d82d1f941d433b383201d92568b7176219f6b1a2f58a33f053d5a42cd2e87847b460488f89fd39fb16ea901f334475d129bd539210db885b9a31e9873d2f4e71dbe7333420dc0da32dc95b322e2a9845b4a4b8e48d8261d4700b29afc914c7e8ffab658d76d592eaa9877cf00463005e881ed05d8e5a5a586293d6ba949602f5edcc2e7fc5670780e4d44af7a1906809c225141172a5f8115865896c741fa89a586beec2b0ece209f4a209faeeee3e154972d17dc47ea5f27b49c24f2501487a40352dc72c10aa2f83fd733b061c4ae3976704639e202b86e7608d475d3e6d9584e8669ae54c02dd852190edd69812e8b723f102ff56ed63f6ce15dc14b49ad12a371b64674f2dcbe3408c8484385a5afaf2393582f922323dca0981612db1425ed2b3723d64aafad27c28c637d603db87aa13f97a5521c20c8e41904b4d682d93d41a986f6846fc3852ac16844a8c6d83f7d131108c60e05aed4d485bbf121dbec3a5fd1c482bb307aec11c97ce05ad40ca9069dbcebf892cba66b721c30295d5ba0985f18fa898fbc1db8a8d8241e4d79b251877524c46d009a378fe7b1a3de496eedb94a16d565642ee0fc9456828866c21a2add799616c47b1ed031b7526c90 length (xof) = 512 shake128 (/etc/group) = 0bdd78e53e8ac20d71d8897303f9860f18d02087071b0aa0efae558369c5ab7064075564462a132fbb9bcc7c7e92af4a0398e630bdd127d5729b4cb03057359b9a3371dd3d81916f9ec2472b8ef1be8e31c44a8142065c7470fa959c0f9e7e50c297ae3336d66ee318162725c2e8eca8513830b1a5c050b5b3bdd67611f6dae458cff252681290cb737599caf77512af37811154a73d7bc1f94359a4c94f6452bea1ce89724cca12a64b81da40a35cae28abdd9425afe6276648db75fef713bfcaef63e611394a754957a59c7e72a096f943ef3965128735cb57f1cb6abfaa3866409ed1842659accc8fd9fa89cb11add5f0c6c00cba41aacb6ee23b0bbdc07d8694249e88825a0313ac305e80182576edb5b5e7807cdce5acb36dbc0bf11774a9e77b5c0ffdfe8a7b25773944047216db84ce0d0191eee159aca35386ed1f00f223c9662eaca4bf3ee6961f80034f968899e082cc3f7ffc3b271ceae3ebd3cdc1b7d562d127caf4c28c4ab85eed5ffbfc4261f6bbf39747fcbb583bf0164e490ee8b9810e0cc4af48d9314dd1efb56f23a86bdcf16326e176d296a396fd459e01820f7d5a2f29bed4565d0b518754fbc31bdf8ccb4844b23b62eca36bd5a6ef57c26bdbb94554b41bcfddc493d6b361a628b515fbf5c704b9a2552236e026ab6480e3a53598f53fbf5bb0d1a2204223d7ab6ffcb91525929a341898f01293ef
$ fehashmac -a shake128-b64 --xoflength=64 /dev/null # fehashmac -a shake128-b64 --xoflength=64 /dev/null length (xof) = 64 shake128-b64 (/dev/null) = f5wrpOiPgn1hYEVQdgWFPtc7gJP277yI6xpurPpm7yY8se6piABLkxA8+wru/SpobgH6Sljoo2OcqKHj+a5X4g==
$ fehashmac -a shake128-b64 --xoflength=211 /dev/null | fehashmac -c # fehashmac -c /dev/null: OK shake128-b64, match truncated to 211 bytes
Summary: -------- Lines read: 3 Hash entries read: 2 XOF lengths found: 1 Files found: 1 Files OK: 1
$ fehashmac -a all /etc/passwd # fehashmac -a all /etc/passwd blake224 (/etc/passwd) = baf221bcb242bc5ada556466feaf47c5c2176d118abd31deebadd832 blake256 (/etc/passwd) = 9a47e683a5d1b11b28fc75f99595941c15d34270d6356c1373e933ec9a542f54 blake384 (/etc/passwd) = e06e883921b8e4b60be7ee499d3f2450b6a31105691e7a4c5b31a9f179dfbf57a6a5072dbb6ba524978aefd24efef47d blake512 (/etc/passwd) = 22e4549366031d91fa9fe91df73f36f59b0977daf496141b3d65bd8f102c4623c999acdde6ab94602baf93283c4e0e03cfe04c36983c33b04f011a22570665e4 gost (/etc/passwd) = 43a20d5e28d3ef31e478b2d7d5ee4947522984748b767aad82a042afd0d5d60b groestl224 (/etc/passwd) = f01fc1179d85ad04ed4b7947671375fbb12e957c7ee3a24931910382 groestl256 (/etc/passwd) = 5265f1d13371d738bcd2d357f9a02725a8daf32cadcd04202c4dc0fbb1c2c083 groestl384 (/etc/passwd) = 8e5917276e8e738e2a3bb892fe0d22d204252b0300b2db8ec4abb45f43a40b3c2f37eb8f0a0243acead074540204f1a8 groestl512 (/etc/passwd) = 00b72dce243fa41bc4217f392be464f2989765e9347a2a63e9edaac00836698b10ebf9c687fb3793b57e41bdbf5171a55f7367650beae20a35c87af3257f705e jh224 (/etc/passwd) = 632a9c68dc881544f26b86143d65e5a87a70253eb76490e897930cd4 jh256 (/etc/passwd) = 7202f533e0939e37101fa4c557f0944f4f40fcd770916ea751d20c812199d47e jh384 (/etc/passwd) = 77a8b3c1bf7d99372eb75115f5075da8e66f8aec66d687e6974220d762da5eee8f69216b627b22b3738b0b8056cca2c5 jh512 (/etc/passwd) = 9e4cc34fad619e94f2495d36b3170b706e814e892c649d3369a427d5ed68e2a47281d0c0fd405f568ab82024e42f4eb300735c4ffa8164e4a197a970bdc077ed keccak224 (/etc/passwd) = 1f4d23eb09ece79593bbd43e08c4b07de86791bdeb1159e0ca09b4c0 keccak256 (/etc/passwd) = 2a89b605de8d25a7e5618476fe797ccd8048aec73eddcff5347572dd1345f9e8 keccak384 (/etc/passwd) = 4fb6debce1755e0e7cd62cf01c025552cb229229df72cadc222074a7577903af84352b76189f4fd0c871674fb71c95d9 keccak512 (/etc/passwd) = 4c7bc06d3f555389dd9532cf8742d0b6908c47a0d220abf3613e3a7bfd1058a58d90d4662b43381731141db12272e8cba80e30baa038f443bdf28fee2b61c3c6 lash160 (/etc/passwd) = 3fbfb25eae7354f08cfa1ced27a57b3e69600091 lash256 (/etc/passwd) = d944b20240cc3313589dd2b8809a2a7e54c494040cbb83a493dda253aa29af82 lash384 (/etc/passwd) = 774eac26e7c08df0a9fcba9a0407c464781e1c1735bec33e38c5fa9f3246a025e05679e91387c9ea4926f8c909604403 lash512 (/etc/passwd) = ddcaa894a230c8023bbab2b89458261b51343ea36afcea99c53e00612fb00836d6e5a3f89e88c4d769620062021111426198a5955470fa81ff001c4f2a9a299d md2 (/etc/passwd) = 70b8ab7643a20d0617e58ac7cc4916a6 md4 (/etc/passwd) = bac004db899a0d3f2956d03390bcb437 md5 (/etc/passwd) = 220b5227b5f19f5493a4c7bd44a56828 md6-224 (/etc/passwd) = d05e07f49337283bba41bece23b0021ef083e5671ae9c3c5a53cc099 md6-256 (/etc/passwd) = d749ae388c3d274bf5beafa942e37fc92d295e2a413426a185928fae2cdc69ff md6-384 (/etc/passwd) = 88c6c7dd3d70dfd319a49f528560a75b73a616f93df3a58555ec96af16457005ed9ea3d5210c7b41c2276629e5be072e md6-512 (/etc/passwd) = 0f83b89e25975e71417d30b7d16c90fd959cf33e2f89fce2cac073327a26eccd623e3892b1404fec6153ecbb5288b72ea5307efc36515818c50f0ef9fffc846e rmd128 (/etc/passwd) = 3374545b60ae616c8b3ec7f8c0a55f18 rmd160 (/etc/passwd) = 13cba2782f4b8e1d4372f4f71594a5940e12448a rmd256 (/etc/passwd) = dea65fc4d87c1a964e48d3ace5242c539bd2a5170dfb22285719f4ed7435c98f rmd320 (/etc/passwd) = a96e5ee3aca1e0f412305724bbd1d901fb4cf08ee530afb92220043f4f6185416928662237f6cfed sha1 (/etc/passwd) = 4be7c2d886c61b837dc2303cab786d9f0ff206cb sha224 (/etc/passwd) = a93cf542f78c138d9db935b09daa9a91abe1d030b5bc6f11a04d5dbc sha256 (/etc/passwd) = 17bdf3d73670ad219a51b70cc1e82311c7e93fc1e9aefe2efeeb5badf91a5681 sha3-224 (/etc/passwd) = 270df0f54071c9573a0819004bcf217d2a9d2e62c2f597df955fc4cd sha3-256 (/etc/passwd) = c988a319cf6edbe526466cb35c986a7f5ee385ff32a3ca18bdf1ebf6f11a98ce sha3-384 (/etc/passwd) = e7fef3557598ea77c397ddeb28d6c012218fb379fc13bcb86222152c7c7e64ffb5ebd2d15a237258dbd2f7d3ee6ed125 sha3-512 (/etc/passwd) = 157014d8435a6d124605d0e204f7654031c732f1b24cec0dd636493dbe4141b3579f2e147fa6311fbcac806bd0f47691957ec26ba5f9f7c74c9f1d4572c04eb8 sha384 (/etc/passwd) = 6a25f40ac775dafac9920cfbf26a160798c6405d2b9e81c0b2902f5652662fb374d8dd402ec4d0140e8550f0969fc021 sha512 (/etc/passwd) = bb166feda003363c947bde05a4a36f8637e5bbc606c61d066a3bf57a5b658b5c58c7c503d7af9b98b3ab3bd4a508f5733ec5cd92f2fb03eb8df756fddec7821f sha512-224 (/etc/passwd) = 3329e8437a903371b34cfc0368184afcda7f918bc526e82c9c5b7600 sha512-256 (/etc/passwd) = a5e1a45db17c923a4a0854ea40d28c3aba91d5e61bbd864992fcb058d4fb59f3 length (xof) = 512 shake128 (/etc/passwd) = 0d3fac7405a1b89d4591998d6e568323fccf08482188147aaf5a79443fce7cd5c2d397b20a326ec6f55307f4f652c47c1aeef79cdcc0be85d9a9d0f452fd4d82d1f941d433b383201d92568b7176219f6b1a2f58a33f053d5a42cd2e87847b460488f89fd39fb16ea901f334475d129bd539210db885b9a31e9873d2f4e71dbe7333420dc0da32dc95b322e2a9845b4a4b8e48d8261d4700b29afc914c7e8ffab658d76d592eaa9877cf00463005e881ed05d8e5a5a586293d6ba949602f5edcc2e7fc5670780e4d44af7a1906809c225141172a5f8115865896c741fa89a586beec2b0ece209f4a209faeeee3e154972d17dc47ea5f27b49c24f2501487a40352dc72c10aa2f83fd733b061c4ae3976704639e202b86e7608d475d3e6d9584e8669ae54c02dd852190edd69812e8b723f102ff56ed63f6ce15dc14b49ad12a371b64674f2dcbe3408c8484385a5afaf2393582f922323dca0981612db1425ed2b3723d64aafad27c28c637d603db87aa13f97a5521c20c8e41904b4d682d93d41a986f6846fc3852ac16844a8c6d83f7d131108c60e05aed4d485bbf121dbec3a5fd1c482bb307aec11c97ce05ad40ca9069dbcebf892cba66b721c30295d5ba0985f18fa898fbc1db8a8d8241e4d79b251877524c46d009a378fe7b1a3de496eedb94a16d565642ee0fc9456828866c21a2add799616c47b1ed031b7526c90 length (xof) = 512 shake256 (/etc/passwd) = 2378dcf4b7a23e49ad41abab230a9dc8c241f4d13337762810798d8e9b52d3b97ec4300d3679ee6c5d66fbab4fbeff88bf01e26eb2f5993cbaafb386aea23f9c9ea5fb821bdb7098f6750b703801fe715e23c18f3e24dc70dcb2d08f079380ae1587b0cdd2b49cadbb5cf89ab8930a6ada27b9b82e18618ad3febce19ebf80e64cf41c40dcd5b9317a35af73bb5610ec1b617a19ee5eeb481e4a4f7c19f8af06e9a7c3fecc98d19a8cab5dc2254af81da4506c9cc5ae3782965e7f2f612cb7d4a1ee888ad839252087b4368f18a98b5a7c4df46b238cd74bcc8f9abfd166793270afbf2d5b60df49872680b0a82f4a83a747565a409d0ef19ebb5be90d08e5aeecd803b94c6d2395b1b889e2429e7fa27e3b16461a9a1d0c7ce659f574881dea0bed8c44af6a32826186b69f7c5218efda7d9b1c4c878994582a4cec3932c8573b40c864c17032a073d3988ba9dd8813aa545f2ce08500af8f3cba0f4ca9e3f057007fb9cce4664762de9e9373a80bf6bc9fa9978e184a1841879a09be80dcca7ff9eeacce6d98adac7909948e963c4a41adcfcebaccedd8e784a533a6a20875a9b2b844b8acd33dec5ed9882550f065dae393aaf714afb8363ccf0561580a764c0574a537f0a448e9c09f01b8f4468fbca1b9ec739efe5c6b1320d0c725817064122b61668a1a824645e3c4664b76873ed4370972ea8a290131700a95c3e086 skein1024 (/etc/passwd) = 263a10f55beedb5d3884a3424253033871de5991b30eb743ed49229071d528df0ab4a426d6c89a3a71a88a919dc0d1dbcf0409d88dfffc7805b566ea5ce58ed651b09facc77c40522679e7cbf97dde23290db5afcc3680672aed82bfc4974fcb8a0f3840d59b80442005f8b4633c65436d17e8ae262006bf7b7c1517a469b719 skein224 (/etc/passwd) = 32a161e5d5aa73f58c2fe77176b44b8426bc846c10ddd3d0e47217d6 skein256 (/etc/passwd) = 045971c492ae92e499fdffe78c1ce72ce1c01a4e2d5ac3785d6d38300c27c793 skein384 (/etc/passwd) = d1247a9d38e2211f670d9e3f2256e000edb485d8553d47361c3cf9b7c453ee3e1c73761a5f7d4f19c392533a0891a858 skein512 (/etc/passwd) = ef81ed3dcbf8ce725869a9118b6b2808259438c60c5fc800f74c381d2c2f8eb0c0542655923f993bb5427e226b2398ba0cd6ec26e2fd8d40178f7fbeb089d937 tiger2 (/etc/passwd) = 46b13e3e53a38b54f66ed2874f17a14583f1b1f39d8cde16 whirl (/etc/passwd) = fe3607d75a81dd65183ab20dfc5e46307ffd3b4b08fdf7376cb4a5ecd76940ce9438a3174e4ac34c081918b6842cea4b6d4095a0af26f8d6dc9592bf52862e09
If you wish to include all Base64 encodings, use
$ fehashmac -a all,all-b64 /etc/passwd
sha1 has tests for byte and bit strings and HMAC
$ sha1 --test
# sha1 --test
sha1 Test Suite:
sha1 ("abc") = a9993e364706816aba3e25717850c26c9cd0d89d OK
sha1 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 84983e441c3bd26ebaae4aa1f95129e5e54670f1 OK
sha1 ("a") (repeated 1000000 times) = 34aa973cd4c4daa4f61eeb2bdbad27316534016f OK
Tests passed: 3, tests failed: 0.sha1 Bitwise Test Suite:
sha1 ("bitstring=110#148|11") = ce7387ae577337be54ea94f82c842e8be76bc3e1 OK
sha1 ("bitstring=110#149") = de244f063142cb2f4c903b7f7660577f9e0d8791 OK
sha1 ("bitstring=110#149|1") = a3d2982427ae39c8920ca5f499d6c2bd71ebf03c OK
sha1 ("bitstring=110#149|11") = 351aab58ff93cf12af7d5a584cfc8f7d81023d10 OK
sha1 ("bitstring=110#170") = 996386921e480d4e2955e7275df3522ce8f5ab6e OK
sha1 ("bitstring=110#170|1") = bb5f4ad48913f51b157eb985a5c2034b8243b01b OK
sha1 ("bitstring=110#170|11") = 9e92c5542237b957ba2244e8141fdb66dec730a5 OK
sha1 ("bitstring=110#171") = 2103e454da4491f4e32dd425a3341dc9c2a90848 OK
sha1 ("bitstring=011#490") = b4b18049de405027528cd9e74b2ec540d4e6f06b OK
sha1 ("bitstring=011#490|0") = 34c63356b308742720ab966914eb0fc926e4294b OK
sha1 ("bitstring=011#490|01") = 75face1802b9f84f326368ab06e73e0502e9ea34 OK
sha1 ("bitstring=011#491") = 7c2c3d62f6aec28d94cdf93f02e739e7490698a1 OK
sha1 ("hexstring=98, bits=5") = 29826b003b906e660eff4027ce98af3531ac75ba OK
sha1 ("bitstring=10011") = 29826b003b906e660eff4027ce98af3531ac75ba OK
sha1 ("hexstring=5e, bits=8") = 5e6f80a34a9798cafc6a5db96cc57ba4c4db59c2 OK
sha1 ("hexstring=49b2aec2 594bbe3a 3b117542 d94ac880, bits=123") = 6239781e03729919c01955b3ffa8acb60b988340 OK
sha1 ("hexstring=9a7dfdf1 ecead06e d646aa55 fe757146, bits=128") = 82abff6605dbe1c17def12a394fa22a82b544a35 OK
sha1 ("hexstring=65f93299 5ba4ce2c b1b4a2e7 1ae70220 aacec896 2dd4499cbd7c887a 94eaaa10 1ea5aabc 529b4e7e 43665a5a f2cd03fe678ea6a5 005bba3b 082204c2 8b9109f4 69dac92a aab3aa7c11a1b32a e0, bits=611") = 8c5b2a5ddae5a97fc7f9d85661c672adbf7933d4 OK
sha1 ("hexstring=f78f9214 1bcd170a e89b4fba 15a1d59f 3fd84d22 3c9251bdacbbae61 d05ed115 a06a7ce1 17b7beea d24421de d9c32592bd57edea e39c39fa 1fe8946a 84d0cf1f 7beead17 13e2e0959897347f 67c80b04 00c20981 5d6b10a6 83836fd5 562a56cab1a28e81 b6576654 631cf165 66b86e3b 33a108b0 5307c00aff14a768 ed735060 6a0f85e6 a91d396f 5b5cbe57 7f9b38807c7d523d 6d792f6e bc24a4ec f2b3a427 cdbbfb, bits=1304") = cb0082c8f197d260991ba6a460e76e202bad27b3 OK
Tests passed: 19, tests failed: 0.sha1 HMAC Test Suite:
hexkey (hmac) = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
hmac-sha1 ("Hi There") = b617318655057264e28bc0b6fb378c8ef146be00 OKkey (hmac) = Jefe
hmac-sha1 ("what do ya want for nothing?") = effcdf6ae5eb2fa2d27416d5f184df9c259a7c79 OKhexkey (hmac) = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
hmac-sha1 ("dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd") = 125d7342b9ac11cd91a39af48aa17b4f63f175d3 OKhexkey (hmac) = 0102030405060708090a0b0c0d0e0f10111213141516171819
hmac-sha1 ("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd") = 4c9007f4026250c6bc8414f9bf50c86c2d7235da OKhexkey (hmac) = 0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
hmac-sha1 ("Test With Truncation") = 4c1a03424b55e07fe7f27be1d58bb9324a9a5a04 OKhexkey (hmac) = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
hmac-sha1 ("Test Using Larger Than Block-Size Key - Hash Key First") = aa4ae5e15272d00e95705637ce8a3b55ed402112 OKhexkey (hmac) = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
hmac-sha1 ("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data") = e8e99d0f45237d786d6bbaa7965c7808bbff1a91 OKTests passed: 7, tests failed: 0.
Summary of Test Results -----------------------
sha1 Hash tests : passed 3, failed 0 sha1 Bitwise hash tests : passed 19, failed 0 sha1 HMAC tests : passed 7, failed 0
Categories: 3, Tests: 29, passed 29, failed 0.
Note: all test cases for all algorithms can be executed using
$ fehashmac -a all --test
$ shake128-b64 /etc/passwd # shake128-b64 /etc/passwd length (xof) = 512 shake128-b64 (/etc/passwd) = DT+sdAWhuJ1FkZmNblaDI/zPCEghiBR6r1p5RD/OfNXC05eyCjJuxvVTB/T2UsR8Gu73nNzAvoXZqdD0Uv1NgtH5QdQzs4MgHZJWi3F2IZ9rGi9Yoz8FPVpCzS6HhHtGBIj4n9OfsW6pAfM0R10Sm9U5IQ24hbmjHphz0vTnHb5zM0INwNoy3JWzIuKphFtKS45I2CYdRwCymvyRTH6P+rZY121ZLqqYd88ARjAF6IHtBdjlpaWGKT1rqUlgL17cwuf8VnB4Dk1Er3oZBoCcIlFBFypfgRWGWJbHQfqJpYa+7CsOziCfSiCfru7j4VSXLRfcR+pfJ7ScJPJQFIekA1LccsEKovg/1zOwYcSuOXZwRjniArhudgjUddPm2VhOhmmuVMAt2FIZDt1pgS6Lcj8QL/Vu1j9s4V3BS0mtEqNxtkZ08ty+NAjISEOFpa+vI5NYL5IjI9ygmBYS2xQl7Ss3I9ZKr60nwoxjfWA9uHqhP5elUhwgyOQZBLTWgtk9QamG9oRvw4UqwWhEqMbYP30TEQjGDgWu1NSFu/Eh2+w6X9HEgrsweuwRyXzgWtQMqQadvOv4ksuma3IcMCldW6CYXxj6iY+8Hbio2CQeTXmyUYd1JMRtAJo3j+exo95Jbu25ShbVZWQu4PyUVoKIZsIaKt15lhbEex7QMbdSbJA=
Alternate: $ shake128 --base64 /etc/passwd The --base64 (or shorter --b64) flag applies base64 output to all supporting algorithms.
$ fehashmac -h
# fehashmac -h
Usage: fehashmac [ options ] [ file ..]
-or- fehashmac -c [file]
-or- fehashmac -t
Generic Hash and HMAC Program fehashmac V3.0 31.08.2021
Harald von Fellenberg (hvf at hvf dot ch)
Supports HMAC (RFC 2104, FIPS PUB 198-1) for all hash algorithms.
Supports SHA3 and SHAKE (FIPS PUB 202, August 2015).
Supports base64 encoded output for SHAKE.
Supports arbitrary extendable output lengths for SHAKE128, SHAKE256.
Supports KMAC (http://keyak.noekeon.org/Keyak-1.2.pdf) for SHA3 algorithms.
The previous algos XOFSHAKE are now integrated in SHAKE and are obsolete.
Multiple hashes can be calculated simultaneously, files are read only once.
The supported hash algorithms are (52): blake224 blake256 blake384
blake512 gost groestl224 groestl256 groestl384 groestl512 jh224
jh256 jh384 jh512 keccak224 keccak256 keccak384 keccak512 lash160
lash256 lash384 lash512 md2 md4 md5 md6-224 md6-256 md6-384 md6-512
rmd128 rmd160 rmd256 rmd320 sha1 sha224 sha256 sha3-224 sha3-256
sha3-384 sha3-512 sha384 sha512 sha512-224 sha512-256 shake128
shake256 skein1024 skein224 skein256 skein384 skein512 tiger2
whirl
The supported HMAC algorithms are (46): hmac-blake224 hmac-blake256
hmac-blake384 hmac-blake512 hmac-gost hmac-groestl224 hmac-groestl256
hmac-groestl384 hmac-groestl512 hmac-jh224 hmac-jh256 hmac-jh384
hmac-jh512 hmac-keccak224 hmac-keccak256 hmac-keccak384 hmac-keccak512
hmac-lash160 hmac-lash256 hmac-lash384 hmac-lash512 hmac-md2
hmac-md4 hmac-md5 hmac-md6-224 hmac-md6-256 hmac-md6-384 hmac-md6-512
hmac-rmd128 hmac-rmd160 hmac-rmd256 hmac-rmd320 hmac-sha1 hmac-sha224
hmac-sha256 hmac-sha384 hmac-sha512 hmac-sha512-224 hmac-sha512-256
hmac-skein1024 hmac-skein224 hmac-skein256 hmac-skein384 hmac-skein512
hmac-tiger2 hmac-whirl
The supported KMAC algorithms are (6): kmac-sha3-224 kmac-sha3-256
kmac-sha3-384 kmac-sha3-512 kmac-shake128 kmac-shake256
The supported algorithms with base64 encoding are (2): shake128-b64
shake256-b64
The supported KMAC algorithms with base64 encoding are (2): kmac-shake128-b64
kmac-shake256-b64
The supported algorithms with extendable output length (XOF) are (2): shake128
shake256
Options and arguments:
-a algo[,algo,...] - choose algorithm(s), see list below
--algorithm=algo[,algo,...] - choose algorithm(s), see list below
these two arguments can be specified multiple times
the files to be hashed are only read once.
-a hmac-algo[,...] - choose HMAC algorithm with hash algo.
Hash and HMAC algos may be freely mixed.
-a kmac-algo[,...] - choose KMAC algorithm with hash algo.
-a algo-b64[,...] - choose base64 encoding for hash algo.
-a all - choose all hash algorithms
-a hmac-all - choose all HMAC algorithms
-a kmac-all - choose all KMAC algorithms
-a all-b64 - choose all algorithms that support base64 encoding
-a kmac-all-b64 - choose all algorithms that support KMAC and base64 encoding
-s string - digests string for one algorithm
--string=string - digests string for one algorithm
--bitstring=bitstring - digests bitstring (Jim Gillogly format, bbb#nnn|bb..)
--hexstring=hexstring - digests hexstring (like -M, --M=)
-t - runs time trial for all algorithms
--time - runs time trial for all algorithms
-x - runs test script for one algorithm
--test - runs test script for one algorithm
file ... - digests file(s) for one algorithm
(none) - digests standard input for one algorithm
-c [file] - checks digests read from file or stdin
--check[=file] - checks digests read from file or stdin
--bits=nn - message length in number of bits (for SHA only)
-M hexstring - message in hexadecimal
--M=hexstring - message in hexadecimal
-h - print this text
--help - print this text
--list - print list of algorithms, one per line
HMAC options:
-K keystring - HMAC key as ASCII string
--K=keystring - HMAC key as ASCII string
--key=keystring - HMAC key as ASCII string
--hexkey=hexkeystring - HMAC key in hexadecimal
KMAC options:
-K keystring - KMAC key as ASCII string
--K=keystring - KMAC key as ASCII string
--key=keystring - KMAC key as ASCII string
--hexkey=hexkeystring - KMAC key in hexadecimal
--keylength=nnn - length of KMAC key in bits (only for hexkey!)
Base64 options:
--b64 - produce digest in base64 format (if supported)
--base64 - produce digest in base64 format (if supported)
XOF options:
--xoflength=longint - length for extendable length output in bytes
--xoflength=0 - default length, 512 bytes
--xoflength=-1 - indefinite length
length goes up to 9223372036854775807 (2**63-1) bytes
Algorithm Hash Size Block Size Bitwise HMAC test Base64
(bits) (bytes) Operation Vectors
blake224 224 64 yes
blake256 256 64 yes
blake384 384 128 yes
blake512 512 128 yes
gost 256 32 no
groestl224 224 64 yes
groestl256 256 64 yes
groestl384 384 128 yes
groestl512 512 128 yes
jh224 224 64 yes
jh256 256 64 yes
jh384 384 64 yes
jh512 512 64 yes
keccak224 224 144 yes
keccak256 256 136 yes
keccak384 384 104 yes
keccak512 512 72 yes
lash160 160 40 no
lash256 256 64 no
lash384 384 96 no
lash512 512 128 no
md2 128 16 no
md4 128 64 no
md5 128 64 no yes
md6-224 224 512 yes
md6-256 256 512 yes
md6-384 384 512 yes
md6-512 512 512 yes
rmd128 128 64 no yes
rmd160 160 64 no yes
rmd256 256 64 no
rmd320 320 64 no
sha1 160 64 yes yes
sha224 224 64 yes yes
sha256 256 64 yes yes
sha3-224 224 144 yes no support
sha3-256 256 136 yes no support
sha3-384 384 104 yes no support
sha3-512 512 72 yes no support
sha384 384 128 yes yes
sha512 512 128 yes yes
sha512-224 224 128 yes, no testvectors
sha512-256 256 128 yes, no testvectors
shake128 4096 168 yes no support yes
shake256 4096 136 yes no support yes
skein1024 1024 128 yes
skein224 224 32 yes
skein256 256 32 yes
skein384 384 64 yes
skein512 512 64 yes
tiger2 192 64 no
whirl 512 64 yes, no testvectors
References:
blake224 : BLAKE homepage http://www.131002.net/blake/
blake256 : BLAKE homepage http://www.131002.net/blake/
blake384 : BLAKE homepage http://www.131002.net/blake/
blake512 : BLAKE homepage http://www.131002.net/blake/
gost : GOST R 34.11-94, the Russian equivalent of SHA.
http://www.autochthonous.org/crypto/gosthash.tar.gz
groestl224: GROESTL homepage http://www.groestl.info/
groestl256: GROESTL homepage http://www.groestl.info/
groestl384: GROESTL homepage http://www.groestl.info/
groestl512: GROESTL homepage http://www.groestl.info/
jh224 : JH homepage http://www3.ntu.edu.sg/home/wuhj/research/jh/
jh256 : JH homepage http://www3.ntu.edu.sg/home/wuhj/research/jh/
jh384 : JH homepage http://www3.ntu.edu.sg/home/wuhj/research/jh/
jh512 : JH homepage http://www3.ntu.edu.sg/home/wuhj/research/jh/
keccak224 : KECCAK homepage http://keccak.noekeon.org/
keccak256 : KECCAK homepage http://keccak.noekeon.org/
keccak384 : KECCAK homepage http://keccak.noekeon.org/
keccak512 : KECCAK homepage http://keccak.noekeon.org/
lash160 : http://csrc.nist.gov/pki/HashWorkshop/2006/Papers/SAARINEN_lash4-1_ORIG.pdf
lash256 : http://csrc.nist.gov/pki/HashWorkshop/2006/Papers/SAARINEN_lash4-1_ORIG.pdf
lash384 : http://csrc.nist.gov/pki/HashWorkshop/2006/Papers/SAARINEN_lash4-1_ORIG.pdf
lash512 : http://csrc.nist.gov/pki/HashWorkshop/2006/Papers/SAARINEN_lash4-1_ORIG.pdf
md2 : RFC1319, http://www.ietf.org/rfc/rfc1319.txt
md4 : RFC1320, http://www.ietf.org/rfc/rfc1320.txt
md5 : RFC1321, http://www.ietf.org/rfc/rfc1321.txt
md6-224 : http://groups.csail.mit.edu/cis/md6/
md6-256 : http://groups.csail.mit.edu/cis/md6/
md6-384 : http://groups.csail.mit.edu/cis/md6/
md6-512 : http://groups.csail.mit.edu/cis/md6/
rmd128 : http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
rmd160 : http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
rmd256 : http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
rmd320 : http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
sha1 : FIPS PUB 180-4, March 2012, http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
sha224 : FIPS PUB 180-4, March 2012, http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
sha256 : FIPS PUB 180-4, March 2012, http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
sha3-224 : FIPS PUB 202, August 2015, http://dx.doi.org/10.6028/NIST.FIPS.202
sha3-256 : FIPS PUB 202, August 2015, http://dx.doi.org/10.6028/NIST.FIPS.202
sha3-384 : FIPS PUB 202, August 2015, http://dx.doi.org/10.6028/NIST.FIPS.202
sha3-512 : FIPS PUB 202, August 2015, http://dx.doi.org/10.6028/NIST.FIPS.202
sha384 : FIPS PUB 180-4, March 2012, http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
sha512 : FIPS PUB 180-4, March 2012, http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
sha512-224: FIPS PUB 180-4, March 2012, http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
sha512-256: FIPS PUB 180-4, March 2012, http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
shake128 : FIPS PUB 202, August 2015, http://dx.doi.org/10.6028/NIST.FIPS.202
shake256 : FIPS PUB 202, August 2015, http://dx.doi.org/10.6028/NIST.FIPS.202
skein1024 : SKEIN homepage http://www.skein-hash.info/
skein224 : SKEIN homepage http://www.skein-hash.info/
skein256 : SKEIN homepage http://www.skein-hash.info/
skein384 : SKEIN homepage http://www.skein-hash.info/
skein512 : SKEIN homepage http://www.skein-hash.info/
tiger2 : http://www.cs.technion.ac.il/~biham/Reports/Tiger/
This code implements the Tiger 2 padding (like MD5)
whirl : http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html