[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Libgcrypt provides an easy and consistent to use interface for hashing. Hashing is buffered and several hash algorithms can be updated at once. It is possible to calculate a MAC using the same routines. The programming model follows an open/process/close paradigm and is in that similar to other building blocks provided by Libgcrypt.
For convenience reasons, a few cyclic redudancy check value operations are also supported.
6.1 Available hash algorithms | List of hash algorithms supported by the library. | |
6.2 Hash algorithm modules | How to work with hash algorithm modules. | |
6.3 Working with hash algorithms | List of functions related to hashing. |
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
GCRY_MD_NONE
0
.
GCRY_MD_SHA1
GCRY_MD_RMD160
GCRY_MD_MD5
GCRY_MD_MD4
GCRY_MD_MD2
GCRY_MD_TIGER
GCRY_MD_HAVAL
GCRY_MD_SHA256
GCRY_MD_SHA384
GCRY_MD_SHA512
GCRY_MD_CRC32
GCRY_MD_CRC32_RFC1510
GCRY_MD_CRC24_RFC2440
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Libgcrypt makes it possible to load additional `message digest modules'; these cipher can be used just like the message digest algorithms that are built into the library directly. For an introduction into extension modules, see See section 3.2 Modules.
const char *name
unsigned char *asnoid
int asnlen
gcry_md_oid_spec_t *oids
int mdlen
gcry_md_init_t init
gcry_md_write_t write
gcry_md_final_t final
gcry_md_read_t read
size_t contextsize
const char *oidstring
Register a new digest module whose specification can be found in digest. On success, a new algorithm ID is stored in algorithm_id and a pointer representhing this module is stored in module.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
To use most of these function it is necessary to create a context; this is done using:
Create a message digest object for algorithm algo. flags
may be given as an bitwise OR of constants described below. algo
may be given as 0
if the algorithms to use are later set using
gcry_md_enable
. hd is guaranteed to either receive a valid
handle or NULL.
For a list of supported algorithms, see See section 6.1 Available hash algorithms.
The flags allowed for mode are:
GCRY_MD_FLAG_SECURE
GCRY_MD_FLAG_HMAC
gcry_md_setkey
must be used set the MAC key. If you want CBC
message authentication codes based on a cipher, see See section 5.4 Working with cipher handles.
You may use the function gcry_md_is_enabled
to later check
whether an algorithm has been enabled.
If you want to calculate several hash algorithms at the same time, you
have to use the following function right after the gcry_md_open
:
Add the message digest algorithm algo to the digest object described by handle h. Duplicated enabling of algorithms is detected and ignored.
If the flag GCRY_MD_FLAG_HMAC
was used, the key for the MAC must
be set using the function:
For use with the HMAC feature, set the MAC key to the value of key of length keylen.
After you are done with the hash calculation, you should release the resources by using:
Release all resources of hash context h. h should not be
used after a call to this function. A NULL
passed as h is
ignored.
Often you have to do several hash operations using the same algorithm. To avoid the overhead of creating and releasing context, a reset function is provided:
Reset the current context to its initial state. This is effectively identical to a close followed by an open and enabling all currently active algorithms.
Often it is necessary to start hashing some data and than continue to hash different data. To avoid hashing the same data several times (which might not even be possible if the data is received from a pipe), a snapshot of the current hash context can be taken and turned into a new context:
Create a new digest object as an exact copy of the object described by handle handle_src and store it in handle_dst. The context is not reset and you can continue to hash data using this context and independently using the original context.
Now that we have prepared everything to calculate hashes, its time to see how it is actually done. There are 2 ways for this, one to update the hash with a block of memory and one macro to update the hash by just one character. Both may be used intermixed.
Pass length bytes of the data in buffer to the digest object with handle h to update the digest values. This function should be used for large blocks of data.
Pass the byte in c to the digest object with handle h to update the digest value. This is an efficient function, implemented as a macro to buffer the data before an actual update.
The semantics of the hash functions don't allow to read out intermediate message digests because the calculation must be finalized fist. This finalization may for example include the number of bytes hashed in the message digest.
Finalize the message digest calculation. This is not really needed
because gcry_md_read
does this implicitly. After this has been
done no further updates (by means of gcry_md_write
or
gcry_md_putc
are allowed. Only the first call to this function
has an effect. It is implemented as a macro.
The way to read out the calculated message digest is by using the function:
gcry_md_read
returns the message digest after finalizing the
calculation. This function may be used as often as required but it will
always return the same value for one handle. The returned message digest
is allocated within the message context and therefore valid until the
handle is released or reseted (using gcry_md_close
or
gcry_md_reset
. algo may be given as 0 to return the only
enabled message digest or it may specify one of the enabled algorithms.
The function does return NULL
if the requested algorithm has not
been enabled.
Because it is often necessary to get the message digest of one block of memory, a fast convenience function is available for this task:
gcry_md_hash_buffer
is a shortcut function to calculate a message
digest of a buffer. This function does not require a context and
immediately returns the message digest of the length bytes at
buffer. digest must be allocated by the caller, large
enough to hold the message digest yielded by the the specified algorithm
algo. This required size may be obtained by using the function
gcry_md_get_algo_dlen
.
Note, that this function will abort the process if an unavailable algorithm is used.
Hash algorithms are identified by internal algorithm numbers (see
gcry_md_open
for a list. However, in most applications they are
used by names, so 2 functions are available to map between string
representations and hash algorithm identifiers.
Map the digest algorithm id algo to a string representation of the algorithm name. For unknown algorithms this functions returns an empty string. This function should not be used to test for the availability of an algorithm.
Map the algorithm with name to a digest algorithm identifier.
Returns 0 if the algorithm name is not known. Names representing
ASN.1 object identifiers are recognized if the IETF
dotted format is used and the OID is prefixed with either "oid.
"
or "OID.
". For a list of supported OIDs, see the source code at
`cipher/md.c'. This function should not be used to test for the
availability of an algorithm.
Return an DER encoded ASN.1 OID for the algorithm algo in the
user allocated buffer. length must point to variable with
the available size of buffer and receives after return the
actual size of the returned OID. The returned error code may be
GPG_ERR_TOO_SHORT
if the provided buffer is to short to receive
the OID; it is possible to call the function with NULL
for
buffer to have it only return the required size. The function
returns 0 on success.
To test whether an algorithm is actually available for use, the following macro should be used:
The macro returns 0 if the algorithm algo is available for use.
If the length of a message digest is not known, it can be retrieved using the following function:
Retrieve the length in bytes of the digest yielded by algorithm
algo. This is often used prior to gcry_md_read
to allocate
sufficient memory for the digest.
In some situations it might be hard to remember the algorithm used for the ongoing hashing. The following function might be used to get that information:
Retrieve the algorithm used with the handle h. Note, that this does not work reliable if more than one algorithm is enabled in h.
The following macro might also be useful:
This function returns true when the digest object h is allocated
in "secure memory"; i.e. h was created with the
GCRY_MD_FLAG_SECURE
.
This function returns true when the algorithm algo has been enabled for the digest object h.
Tracking bugs related to hashing is often a cumbersome task which requires to add a lot of printf statements into the code. Libgcrypt provides an easy way to avoid this. The actual data hashed can be written to files on request. The following 2 macros should be used to implement such a debugging facility:
Enable debugging for the digest object with handle h. This
creates create files named `dbgmd-<n>.<string>' while doing the
actual hashing. suffix is the string part in the filename. The
number is a counter incremented for each new hashing. The data in the
file is the raw data as passed to gcry_md_write
or
gcry_md_putc
.
Stop debugging on handle h. reserved should be specified as
0. This function is usually not required because gcry_md_close
does implicitly stop debugging.
[ << ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |