#!/usr/bin/perl
# Edit the line above and line below for your perl path
#    eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
#        if 0; #$running_under_some_shell

# --------------------------------------------------------------------
# The software provided here is released by the National
# Institute of Standards and Technology (NIST), an agency of
# the U.S. Department of Commerce, Gaithersburg MD 20899,
# USA.  The software bears no warranty, either expressed or
# implied. NIST does not assume legal liability nor
# responsibility for a User's use of the software or the
# results of such use.
# 
# Please note that within the United States, copyright
# protection, under Section 105 of the United States Code,
# Title 17, is not available for any work of the United
# States Government and/or for any works created by United
# States Government employees. User acknowledges that this
# software contains work which was created by NIST employees
# and is therefore in the public domain and not subject to
# copyright.  The User may use, distribute, or incorporate
# this software provided the User acknowledges this via an
# explicit acknowledgment of NIST-related contributions to
# the User's work. User also agrees to acknowledge, via an
# explicit acknowledgment, that any modifications or
# alterations have been made to this software before
# redistribution.
# --------------------------------------------------------------------
#   douglas.white@nist.gov
#
# Usage :   perl sha-family.pl [-h] [-u] -f Family_String filename [filename...]
#
#           -h : will show help
#           -u : will display hash in uppercase (if allowed)
#           -f Family_String : comma separated list of output you want
#                              e.g.  "all" or "sha1_hex,sha1_b64,sha256_hex"
#
# updated 3/28/10
# --------------------------------------------------------------------
# Test this against the NIST FIPS data before you use it!
# 
# http://csrc.nist.gov/
# http://www.nsrl.nist.gov/testdata/
# --------------------------------------------------------------------

use strict;
use warnings;
use vars qw( $opt_h $opt_u $opt_f %family $fileName );
use Getopt::Std ;
use Digest::SHA ;

# Deal with command line options. Give help if needed.
getopts('huf:') or $opt_h=1;
($opt_f) or $opt_f='all';
(checkHashFamilies($opt_f)) or $opt_h=1;
if ($opt_h) { showHelpAndExit(); }

$fileName = shift;
while($fileName) { hashAndPrint(); $fileName = shift; };

exit;


#------------------------------------------

sub hashAndPrint {

(-e "$fileName") or return(0); # file must exist
(! -d "$fileName") or return(0); # must not be a directory
# 2G file size limit for now - increase at your own risk/memory available.
((-s "$fileName") < (2 * 1024 * 1024 * 1024)) or return(0);

use vars qw( @fks );

@fks = (sort keys %family);

#
# You need to delare a new() SHA object based on the algorithm,
# so her I'm finding out which algorithms were requested.
#
for my $f (@fks) {
   if (($f =~ /sha1/ ) && ($family{$f})) { calcDigest(1); }
   if (($f =~ /sha224/ ) && ($family{$f})) { calcDigest(224); }
   if (($f =~ /sha256/ ) && ($family{$f})) { calcDigest(256); }
   if (($f =~ /sha384/ ) && ($family{$f})) { calcDigest(384); }
   if (($f =~ /sha512/ ) && ($family{$f})) { calcDigest(512); }
} 

return(1);
}


 #----------------------------------------------

sub calcDigest {
    my $mode = shift;
    my $inFile;

    if (!open ($inFile, '<', $fileName)) {
        print STDERR "$0 : cannot open file \"$fileName\"\n";
        return 0;
    }
    binmode $inFile;
    my $dObj = Digest::SHA->new ($mode);
    my $digest;
    if ($family{"sha$mode"}) {
        $family{"sha$mode"} = 0;
        $dObj->addfile ($inFile);
        $digest = $dObj->digest;
        my $ps = unpack ("B*", $digest);
        my $l = $mode;
        if ($mode == 1) { $l = 160;} # SHA-1 (1) has 160 bits
        while (length ($ps) < $l) {$ps = "0$ps";}
        print "sha$mode($fileName)= $ps\n";
        seek ($inFile, 0, 0);
    }
    if ($family{"sha${mode}_hex"}) {
        $family{"sha${mode}_hex"} = 0;
        $dObj->addfile ($inFile);
        $digest = lc ($dObj->hexdigest);
        if ($opt_u) {$digest = uc ($digest);}
        print "sha${mode}_hex($fileName)= $digest\n";
        seek ($inFile, 0, 0);
    }
    if ($family{"sha${mode}_b64"}) {
        $family{"sha${mode}_b64"} = 0;
        $dObj->addfile ($inFile);
        $digest = $dObj->b64digest;
        while (length ($digest) % 4) {$digest .= '=';}
        print "sha${mode}_b64($fileName)= $digest\n";
    }
    close ($inFile);
}


 #----------------------------------------------

sub checkHashFamilies {

my $f = shift;
($f) or return(0);
%family = (
    'sha1' => 0,
    'sha1_hex' => 0,
    'sha1_b64' => 0,
    'sha224' => 0,
    'sha224_hex' => 0,
    'sha224_b64' => 0,
    'sha256' => 0,
    'sha256_hex' => 0,
    'sha256_b64' => 0,
    'sha384' => 0,
    'sha384_hex' => 0,
    'sha384_b64' => 0,
    'sha512' => 0,
    'sha512_hex' => 0,
    'sha512_b64' => 0
          );

if ($f eq 'all') {
   for my $k (keys %family) { $family{$k} = 1; }
   return(1);
}

my @p = split(/,/,$f);
for my $k (@p) {
   if (! defined $family{$k}) { return(0); } # tried using unknown family
   $family{$k} = 1;
}
return(1);

}

 #----------------------------------------------

sub showHelpAndExit {

print <<EOH;

Usage :   perl sha-family.pl [-h] [-u] -f Family_String filename [filename...]

      -h : will show help
      -u : will display hash in uppercase (if allowed)
      -f Family_String : comma separated list of output you want
                         e.g.  "all" or "sha1_hex,sha1_b64,sha256_hex"
Valid family strings:
EOH
print join(",",(keys %family)), "\n";
exit;

}

 #----------------------------------------------

__END__


The Secure Hash Algorithms (SHA-1, SHA-224, SHA-256, SHA-384, 
and SHA-512) are specified in  FIPS 180-2 with Change Notice 1 
dated February 25, 2004, Secure Hash Standard (SHS).

Within FIPS 180-2 are SHA-1 example messages.

    * Let the message be the ASCII string "abc". [file] 
      The resulting 160-bit message digest is a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d.
    * Let the message be the ASCII string "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq". [file] 
      The resulting 160-bit message digest is 84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1.
    * Let the message be the binary-coded form of the ASCII string which consists of 1,000,000 repetitions of the character "a". [file] 
      The resulting SHA-1 message digest is 34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f. 

If the SHA-1 implementation you are using does not yield the 
expected results shown above for the example message strings, 
you may have a problem.

For the sake of informal testing, here are the SHA-256 equivalents of the same message strings:

    * Let the message be the ASCII string "abc". [file] 
      The resulting 256-bit message digest is BA7816BF 8F01CFEA 414140DE 5DAE2223 B00361A3 96177A9C B410FF61 F20015AD.
    * Let the message be the ASCII string "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq". [file] 
      The resulting 256-bit message digest is 248D6A61 D20638B8 E5C02693 0C3E6039 A33CE459 64FF2167 F6ECEDD4 19DB06C1.
    * Let the message be the binary-coded form of the ASCII string which consists of 1,000,000 repetitions of the character "a". [file] 
      The resulting SHA-256 message digest is CDC76E5C 9914FB92 81A1C7E2 84D73E67 F1809A48 A497200E 046D39CC C7112CD0. 

If the SHA-256 implementation you are using does not yield the 
expected results shown above for the example message strings, 
you may have a problem.