1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
|
.\" $OpenBSD: cksum.1,v 1.18 2008/07/29 18:24:31 sobrado Exp $
.\"
.\" Copyright (c) 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" the Institute of Electrical and Electronics Engineers, Inc.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)cksum.1 8.2 (Berkeley) 4/28/95
.\"
.Dd $Mdocdate: July 29 2008 $
.Dt CKSUM 1
.Os
.Sh NAME
.Nm cksum ,
.Nm sum
.Nd display file checksums and block counts
.Sh SYNOPSIS
.Nm cksum
.Bk -words
.Op Fl bpqrtx
.Op Fl a Ar algorithms
.Op Fl c Op Ar checklist ...
.Op Fl o Ar 1 | 2
.Op Fl s Ar string
.Op Ar file ...
.Ek
.Nm sum
.Op Fl bpqrtx
.Op Fl a Ar algorithms
.Op Fl c Op Ar checklist ...
.Op Fl o Ar 1 | 2
.Op Fl s Ar string
.Op Ar file ...
.Sh DESCRIPTION
The
.Nm cksum
utility writes to the standard output a single line for each input file.
The format of this line varies with the algorithm being used as follows:
.Bl -tag -width Ds
.It cksum
The output line consists of three whitespace separated fields:
a CRC checksum, the number of octets in the input,
and name of the file or string.
If no file name is specified, the standard input is used and no file name
is written.
.It sum
The output line consists of three whitespace separated fields:
a CRC checksum, the number of kilobytes in the input,
and name of the file or string.
If no file name is specified, the standard input is used and no file name
is written.
.It sysvsum
The output line consists of three whitespace separated fields:
a CRC checksum, the number of 512-byte blocks in the input,
and name of the file or string.
If no file name is specified, the standard input is used and no file name
is written.
.It all others
The output line consists of four whitespace separated fields:
the name of the algorithm used, the name of the file or string in
parentheses, an equals sign, and the cryptographic hash of the input.
If no file name is specified, the standard input is used and only
the cryptographic hash is output.
.El
.Pp
The
.Nm sum
utility is identical to the
.Nm cksum
utility, except that it defaults to using historic algorithm 1, as
described below.
It is provided for compatibility only.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a Ar algorithms
Use the specified algorithm(s) instead of the default (cksum).
Supported algorithms include
.Ar cksum ,
.Ar md4 ,
.Ar md5 ,
.Ar rmd160 ,
.Ar sha1 ,
.Ar sha256 ,
.Ar sha384 ,
.Ar sha512 ,
.Ar sum ,
and
.Ar sysvsum .
Multiple algorithms may be specified, separated by a comma or whitespace.
Additionally, multiple
.Fl a
options may be specified on the command line.
Case is ignored when matching algorithms.
The output format may be specified on a per-algorithm basis
by using a single-character suffix, e.g.\&
.Dq sha256b .
If the algorithm has a
.Sq b
suffix, the checksum will be output in base64 format.
If the algorithm has an
.Sq x
suffix, the checksum will be output in hex format.
If an algorithm with the same output format is repeated,
only the first instance is used.
Note that output format suffixes are not supported
for the
.Ar cksum ,
.Ar sum
and
.Ar sysvsum
algorithms.
.It Fl b
Output checksums in base64 notation, not hexadecimal by
default.
A
.Sq b
or
.Sq x
suffix on the algorithm will override this default.
This option is ignored for the
.Ar cksum ,
.Ar sum
and
.Ar sysvsum
algorithms, which do not use hexadecimal output.
.It Fl c Op Ar checklist ...
Compares all checksums contained in the file
.Ar checklist
with newly computed checksums for the corresponding files.
Output consists of the digest used, the file name,
and an OK or FAILED for the result of the comparison.
This will validate any of the supported checksums.
If no file is given, stdin is used.
The
.Fl c
option may not be used in conjunction with more than a single
.Fl a
option.
.It Fl o Ar 1 | 2
Use historic algorithms instead of the (superior) default one
(see below).
.It Fl p
Echoes stdin to stdout and appends the
checksum to stdout.
.It Fl q
Only print the checksum (quiet mode) or if used in conjunction with the
.Fl c
flag, only print the failed cases.
.It Fl r
Reverse the format of the hash algorithm output, making
it match the checksum output format.
.It Fl s Ar string
Prints a checksum of the given
.Ar string .
.It Fl t
Runs a built-in time trial.
Specifying
.Fl t
multiple times results in the number of rounds being multiplied
by 10 for each additional flag.
.It Fl x
Runs a built-in test script.
.El
.Pp
Algorithm 1 (aka
.Ar sum )
is the algorithm used by historic
.Bx
systems as the
.Nm sum
algorithm and by historic
.At V
systems as the
.Nm sum
algorithm when using the
.Fl r
option.
This is a 16-bit checksum, with a right rotation before each addition;
overflow is discarded.
.Pp
Algorithm 2 (aka
.Ar sysvsum )
is the algorithm used by historic
.At V
systems as the
default
.Nm sum
algorithm.
This is a 32-bit checksum, and is defined as follows:
.Bd -unfilled -offset indent
s = sum of all bytes;
r = s % 2^16 + (s % 2^32) / 2^16;
cksum = (r % 2^16) + r / 2^16;
.Ed
.Pp
Both algorithm 1 and 2 write to the standard output the same fields as
the default algorithm, except that the size of the file in bytes is
replaced with the size of the file in blocks.
For historic reasons, the block size is 1024 for algorithm 1 and 512
for algorithm 2.
Partial blocks are rounded up.
.Pp
The default CRC used is based on the polynomial used for CRC error checking
in the networking standard
.St -iso8802-3 .
The CRC checksum encoding is defined by the generating polynomial:
.Bd -unfilled -offset indent
G(x) = x^32 + x^26 + x^23 + x^22 + x^16 + x^12 +
x^11 + x^10 + x^8 + x^7 + x^5 + x^4 + x^2 + x + 1
.Ed
.Pp
Mathematically, the CRC value corresponding to a given file is defined by
the following procedure:
.Bd -filled -offset indent
The
.Ar n
bits to be evaluated are considered to be the coefficients of a mod 2
polynomial M(x) of degree
.Ar n Ns \-1 .
These
.Ar n
bits are the bits from the file, with the most significant bit being the most
significant bit of the first octet of the file and the last bit being the least
significant bit of the last octet, padded with zero bits (if necessary) to
achieve an integral number of octets, followed by one or more octets
representing the length of the file as a binary value, least significant octet
first.
The smallest number of octets capable of representing this integer are used.
.Pp
M(x) is multiplied by x^32 (i.e., shifted left 32 bits) and divided by
G(x) using mod 2 division, producing a remainder R(x) of degree \*(Lt= 31.
.Pp
The coefficients of R(x) are considered to be a 32-bit sequence.
.Pp
The bit sequence is complemented and the result is the CRC.
.Ed
.Pp
The other available algorithms are described in their respective
man pages in section 3 of the manual.
.Pp
The
.Nm cksum
and
.Nm sum
utilities exit 0 on success or \*(Gt0 if an error occurred.
.Sh SEE ALSO
.Xr md5 1 ,
.Xr rmd160 1 ,
.Xr sha1 1
.Pp
The default calculation is identical to that given in pseudo-code
in the following ACM article:
.Rs
.%T "Computation of Cyclic Redundancy Checks Via Table Lookup"
.%A Dilip V. Sarwate
.%J "Communications of the \\*(tNACM\\*(sP"
.%D "August 1988"
.Re
.Sh STANDARDS
The
.Nm
utility is compliant with the
.St -p1003.1-2004
specification.
.Pp
All the flags are extensions to that specification.
.Sh HISTORY
A
.Nm sum
command appeared in
.At v2 .
The
.Nm cksum
utility appeared in
.Bx 4.4 .
.Sh CAVEATS
Do not use the
.Ar cksum ,
.Ar md4 ,
.Ar md5 ,
.Ar sum ,
or
.Ar sysvsum
algorithms to verify file integrity.
An attacker can trivially produce modified payload that
has the same checksum as the original version.
Use a cryptographic checksum instead.
|