qt4cg · ndw · Jan 23, 2024 · Jan 10, 2024 · Jan 10, 2024 · Jan 15, 2024
diff --git a/etc/rfc.xml b/etc/rfc.xml
@@ -8,6 +8,14 @@ Internet Assigned Numbers Authority.
 Oct 2012.
 </bibl>
 
+<bibl id="RFC1321" key="RFC1321">
+<titleref href="http://www.ietf.org/rfc/rfc1321.txt"
+>The MD5 Message-Digest Algorithm</titleref>,
+R. Rivest.
+Network Working Group, IETF,
+Apr 1992.
+</bibl>
+
 <bibl id="RFC2046" key="RFC2046">
 <titleref href="http://www.ietf.org/rfc/rfc2046.txt"
 >Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types</titleref>,
@@ -104,4 +112,12 @@ Network Working Group, IETF,
 Jan 2005.
 </bibl>
 
+<bibl id="RFC6151" key="RFC 6151">
+<titleref href="http://www.ietf.org/rfc/rfc6151.txt"
+>Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms</titleref>,
+S. Turner, L. Chen.
+Internet Engineering Task Force (IETF),
+Mar 2011.
+</bibl>
+
 </blist>
diff --git a/specifications/xpath-functions-40/src/function-catalog.xml b/specifications/xpath-functions-40/src/function-catalog.xml
@@ -4758,7 +4758,121 @@ return normalize-unicode(concat($v1, $v2))</eg>
          </fos:example>
       </fos:examples>
    </fos:function>
-
+   <fos:function name="hash" prefix="fn" at="2024-01-10" diff="add">
+      <fos:signatures>
+         <fos:proto name="hash" return-type="xs:string">
+            <fos:arg name="value" type="union(xs:string, xs:hexBinary, xs:base64Binary)?"/>
+            <fos:arg name="algorithm" type="xs:string?" default="'md5'"/>
+         </fos:proto>
+      </fos:signatures>
+      <fos:properties arity="1">
+         <fos:property>deterministic</fos:property>
+         <fos:property>context-independent</fos:property>
+         <fos:property>focus-independent</fos:property>
+      </fos:properties>
+      <fos:properties arity="2">
+         <fos:property>deterministic</fos:property>
+         <fos:property>context-independent</fos:property>
+         <fos:property>focus-independent</fos:property>
+      </fos:properties>
+      <fos:summary>
+         <p>Returns a string representation of the results from a specified hash, checksum, or
+            cyclic redundancy check function upon the input.</p>
+      </fos:summary>
+      <fos:rules>
+         <p>If the one-argument version of the function is used, the result is the same as calling
+            the two-argument version, with <code>$algorithm</code> set to "MD5". </p>
+         <p>The effective value of <code>$algorithm</code> is the value of the expression
+            <code>fn:upper-case(fn:normalize-space($algorithm))</code>. </p>
+         <p>If <code>$value</code> is the empty sequence, the function returns the empty sequence.</p>
+         <p>If <code>$value</code> is an instance of <code>xs:string</code>, it is converted to a sequence
+            of octets on the basis of UTF-8 encoding. If <code>$value</code> is an instance of
+               <code>xs:base64Binary</code> or <code>xs:hexBinary</code>, it is converted to a sequence of
+            octets. </p>
+         <p>The function returns an <code>xs:string</code> representation of the bytes returned by
+            passing <code>$value</code> as an octet sequence through the specified hash or checksum
+            function. The process is followed even if the input octet sequence is empty. </p>
+         <!-- To be discussed. -->
+         <p>Output is always lowercase.</p>
+         <p>Conforming implementations 
+            <rfc2119>must</rfc2119> support the following:</p>
+         <olist>
+            <item>
+               <p>
+                  <code>MD5</code> and the associated MD5 Message-Digest algorithm defined by
+                     <bibref ref="rfc6151"/> (update to <bibref ref="rfc1321"/>).</p>
+            </item>
+            <item>
+               <p><code>SHA-1</code>, defined by 
+                  <bibref ref="fips180-4"/>. </p>
+            </item>
+            <item>
+               <p><code>SHA-256</code>, defined by 
+                  <bibref ref="fips180-4"/>.</p>
+            </item>
+         </olist>
+         <p>Conforming implementations <rfc2119>may</rfc2119> support other checksum and
+                  hash functions with implementation-defined semantics.</p>
+      </fos:rules>
+      <fos:errors>
+         <p>A dynamic error is raised ([TODO: error code]) if the effective value of
+               <code>$algorithm</code> is not one of the values supported by the implementation.</p>
+      </fos:errors>
+      <fos:notes>
+         <p>It is common for secure algorithms to be cryptographically broken, as has happened to
+            the algorithms <code>MD5</code> and <code>SHA-1</code>. Developers are responsible for
+            ensuring that the algorithm chosen meets any expected security protocols, if
+            relevant.</p>
+         <p>Additional security practices, such as salting, may be applied as a preprocessing step,
+            or <code>fn:hash()</code> can be incorporated into more complex functions.</p>
+      </fos:notes>
+      <fos:examples>
+         <fos:variable name="doc" id="v-hash-doc"><![CDATA[<doc>abc</doc>]]></fos:variable>
+         <fos:variable name="salt" id="v-hash-salt" select="&quot;D;%yL9TS:5PalS/d&quot;"/>
+         <fos:example>
+            <fos:test>
+               <fos:expression>hash("abc")</fos:expression>
+               <fos:result>"900150983cd24fb0d6963f7d28e17f72"</fos:result>
+            </fos:test>
+            <fos:test>
+               <fos:expression>hash("ABC")</fos:expression>
+               <fos:result>"902fbdd2b1df0c4f70b4a5d23525e932"</fos:result>
+            </fos:test>
+            <fos:test>
+               <fos:expression>hash("")</fos:expression>
+               <fos:result>"d41d8cd98f00b204e9800998ecf8427e"</fos:result>
+            </fos:test>
+            <fos:test>
+               <fos:expression>hash("ABC", "SHA-1")</fos:expression>
+               <fos:result>"3c01bdbb26f358bab27f267924aa2c9a03fcfdb8"</fos:result>
+            </fos:test>
+            <fos:test>
+               <fos:expression>hash("ABC", "sha-256")</fos:expression>
+               <fos:result>"b5d4045c3f466fa91fe2cc6abe79232a1a57cdf104f7a26e716e0a1e2789df78"</fos:result>
+            </fos:test>
+            <fos:test use="v-hash-doc">
+               <fos:expression>hash($doc)</fos:expression>
+               <fos:result>"900150983cd24fb0d6963f7d28e17f72"</fos:result>
+            </fos:test>
+            <fos:test use="v-hash-doc">
+               <fos:expression>hash(serialize($doc), "sha-1")</fos:expression>
+               <fos:result>"f0fccddbc36dc50bf9465c50e7fc3a0dc9eba445"</fos:result>
+            </fos:test>
+            <fos:test use="v-hash-salt">
+               <fos:expression>hash("password123" || $salt, "SHA-256")</fos:expression>
+               <fos:result>"9c9b913eb1b6254f4737ce947efd16f16e916f9d6ee5c1102a2002e48d4c88bd"</fos:result>
+            </fos:test>
+            <!--<fos:test>
+               <fos:expression>hash("password123" || $salt, "sha-1234567")</fos:expression>
+               <fos:error-result error-code="TODO: error code"/>
+            </fos:test>-->
+         </fos:example>
+      </fos:examples>
+      <fos:history>
+         <fos:version version="4.0">New in 4.0.</fos:version>
+      </fos:history>
+   </fos:function>
+
    <fos:function name="encode-for-uri" prefix="fn">
       <fos:signatures>
          <fos:proto name="encode-for-uri" return-type="xs:string">

diff --git a/specifications/xpath-functions-40/src/xpath-functions.xml b/specifications/xpath-functions-40/src/xpath-functions.xml
@@ -2762,6 +2762,9 @@ string conversion of the number as obtained above, and the appropriate <var>suff
             <div3 id="func-translate">
                <head><?function fn:translate?></head>
             </div3>
+            <div3 id="func-hash">
+               <head><?function fn:hash?></head>
+            </div3>
          </div2>
          <div2 id="substring.functions">
             <head>Functions based on substring matching</head>
@@ -10699,6 +10702,9 @@ Organization for Standardization, 2012. Available from: <loc href="http://www.is
                   Henry S. Thomson, Richard Tobin, and Norman Walsh (eds), World Wide Web Consortium. 3 November 2008. Available at
                   <loc href="http://www.w3.org/TR/leiri/">http://www.w3.org/TR/leiri/</loc>.
                </bibl>
+               <bibl id="rfc1321" key="RFC 1321">IETF. <emph>RFC 1321: The MD5 Message-Digest Algorithm. </emph> Available at:
+                  <loc href="http://www.ietf.org/rfc/rfc1321.txt">http://www.ietf.org/rfc/rfc1321.txt</loc>.
+               </bibl>
                <!--<bibl id="rfc2396" key="RFC 2396">IETF. <emph>RFC 2396: Uniform
                   Resource Identifiers (URI): Generic Syntax. </emph> Available at:
                   <loc href="http://www.ietf.org/rfc/rfc2396.txt">http://www.ietf.org/rfc/rfc2396.txt</loc>
@@ -10718,12 +10724,21 @@ Organization for Standardization, 2012. Available from: <loc href="http://www.is
                   Common Format and MIME Type for Comma-Separated Values (CSV) Files.</emph> Available at:
                   <loc href="http://www.ietf.org/rfc/rfc4180.txt">http://www.ietf.org/rfc/rfc4180.txt</loc>.
                </bibl>
+               <bibl id="rfc6151" key="RFC 6151">IETF. <emph>RFC 6151:
+                  Updated Security Considerations for
+                  the MD5 Message-Digest and the HMAC-MD5 Algorithms</emph> Available at:
+                  <loc href="http://www.ietf.org/rfc/rfc6151.txt">http://www.ietf.org/rfc/rfc6151.txt</loc>.
+               </bibl>
                <bibl id="rfc7159" key="RFC 7159">IETF. <emph>RFC 7159: The Javascript Object Notation (JSON) Data Interchange Format</emph> Available at:
                   <loc href="http://www.rfc-editor.org/rfc/rfc7159.txt">http://www.rfc-editor.org/rfc/rfc7159.txt</loc>.
                </bibl>
                <bibl id="rfc7303" key="RFC 7303">H. Thompson and C. Lilley. <emph>XML Media Types</emph>.
                   IETF RFC 7303. See <loc href="http://www.ietf.org/rfc/rfc7303.txt">http://www.ietf.org/rfc/rfc7303.txt</loc>.</bibl>
 
+               <bibl id="fips180-4" key="FIPS 180-4">National Institute of Standards and Technology.
+                 <emph>Secure Hash Standard (SHS)</emph>. FIPS PUB 180-4. August 2015. 
+                  See <loc href="http://dx.doi.org/10.6028/NIST.FIPS.180-4">http://dx.doi.org/10.6028/NIST.FIPS.180-4</loc>. </bibl>
+
                <bibl id="UNICODE-TR15"
                   key="UAX #15"><emph>Unicode Standard Annex #15: Unicode Normalization
                      Forms</emph>.