CryptX Documentation

HASHLIB, as its name suggests, provides hash support for the calculator.

Authors

Anthony Cagliano
Adam Beckingham

Definitions

Hash: A hash is a non-invertible cryptographic algorithm that converts an arbitrarily long stream of data into a digest of fixed size. Cryptographic hashes are generally used to ensure that the content of a data stream has not changed between two points in time or transmission. This is possible because even the smallest change to the data causes a drastic change in the resulting hash.
HMAC: An HMAC is a keyed hash. It works in exactly the same way as a normal hash, except the initial hash state is transformed using a key before the data is hashed and again before the digest is returned. HMAC is used for endpoint validation. This works because if you do not know the key, you cannot generate an HMAC that the other party can validate, nor can you validate information coming from the other party.
Key-Derivation Function (KDF): A KDF is an algorithm that generates a secure key from some manner of input. The implementation provided by this library is BPKDF2 (Password-Based Key-Derivation Function v2). It takes a password, a salt (random bytes), a cost (number of times to repeat the selected HMAC algorithm), and an output length and outputs a secure key of given size.

Macros

#define CRYPTX_SHA256_DIGEST_LEN 32

Defines the output digest length of the SHA256 algorithm.

Enumerations

enum cryptx_hash_algorithms { SHA256 };

Defines the supported hash algorithms.

Structs

struct cryptx_hash_ctx {...};

Defines the hash state context for use with the hashing API.

struct cryptx_hmac_ctx {...};

Defines the hmac state context for use with the hmac API.

Functions

bool cryptx_hash_init(struct cryptx_hash_ctx* context, uint8_t hash_alg);

Initializes the hash state for use with a data stream.
context: Pointer to a hash state context to initalize.
hash_alg: Identifier for the hash algorithm to use (see cryptx_hash_algorithms).
returns: true on success, false on failure. Once the context is initialized, the digest length of the active hash algorithm can be accessed at context.digest_len.

void cryptx_hash_update(struct cryptx_hash_ctx* context, const void* data, size_t len);

Updates the hash state for the given data.
context: Pointer to a hash state context to update.
data: Pointer to data to hash.
len: Length of data to hash.

void cryptx_hash_final(struct cryptx_hash_ctx* context, void* digest);

Returns a digest from the current hash state.
context: Pointer to a hash state context.
digest: Pointer to buffer to output digest to.

void cryptx_hash_mgf1(
const void* data, size_t datalen,
void* outbuf, size_t outlen, uint8_t hash_alg);

Returns an arbitrary-length digest by iterating the hash of the data and a counter.
data: Pointer to data to hash.
datalen: Length of data to hash.
outbuf: Pointer to buffer to write digest to.
outlen: Length of digest to generate.
hash_alg: Identifier for the hash algorithm to use (see cryptx_hash_algorithms).
returns: true on success, false on failure.

bool cryptx_hmac_init(
struct cryptx_hmac_ctx* context,
const void* key, size_t keylen, uint8_t hash_alg);

Initializes the hmac state for use with a data stream.
context: Pointer to a hmac state context to initalize.
key: Pointer to a key to intialize with.
keylen: Length of the key.
hash_alg: Identifier for the hash algorithm to use (see cryptx_hash_algorithms).
returns: true on success, false on failure. Once the context is initialized, the digest length of the active hash algorithm can be accessed at context.digest_len.

void cryptx_hmac_update(struct cryptx_hmac_ctx* context, const void* data, size_t len);

Updates the hmac state for the given data.
context: Pointer to a hmac state context to update.
data: Pointer to data to hash.
len: Length of data to hash.

void cryptx_hmac_final(struct cryptx_hmac_ctx* ctx, void* digest);

Returns a digest from the current hmac state.
context: Pointer to a hmac state context.
digest: Pointer to buffer to output digest to.

void cryptx_hmac_pbkdf2(
const void* password, size_t passlen,
const void* salt, size_t saltlen,
void* key, size_t keylen,
size_t rounds, uint8_t hash_alg);

Generates a key of arbitrary length from a password and a salt using an hmac algorithm.
password: Pointer to password to generate key from
passlen: Length of password
salt: Pointer to a salt to include in the keygen
saltlen: Length of the salt
key: Pointer to buffer to write key to
keylen: Length of key to generate
rounds: Number of times to iterate hash_alg
hash_alg: Identifier for the hash algorithm to use (see hash_algorithms)
output: True if success, False if failed

bool cryptx_digest_tostring(const void* digest, size_t len, char* hexstr);

Converts a raw digest to a hexadecimal string.
digest: Pointer to digest to convert
len: Length of the digest
hexstr: Buffer to write hex string to
returns: true on success, false on failure.

bool cryptx_digest_compare(const void* digest1, const void* digest2, size_t len);

Checks two buffers for bytewise equality using a method that defeats timing analysis.
digest1: Pointer to the first digest
digest2: Pointer to the second digest
len: Number of bytes to compare
returns: true on success, false on failure.