Secure Hashing

Module Functionality
Provides secure hashing functionality. Hashes are non-reversible cryptographic algorithms that take a stream of bytes as input and return a bytearray of fixed length called a digest. Hashes are also deterministic — a single input maps to a single output — meaning that if the input changes, even slightly, the digest also changes. A hash can detect if the content of something — like a file or an Internet packet — changes and reveal tampering if the change was not authorized. Hashes can also be used as a form of digital signature.

Enumerations

enum cryptx_hash_algorithms

Supported hash algorithms.

Values:

enumerator SHA256

algorithm type identifier for SHA-256

enumerator SHA1

algorithm type identifier for SHA-1

Macros

CRYPTX_DIGESTLEN_SHA1

digest length for SHA-1 hash

CRYPTX_DIGESTLEN_SHA256

digest length for SHA-256 hash

Functions

bool cryptx_hash_init(struct cryptx_hash_ctx *context, uint8_t hash_alg)

Initializes a context for a specific hash algorithm.

Parameters

  • context – Pointer to a ontext.

  • hash_alg – The numeric ID of the hashing algorithm to use. See cryptx_hash_algorithms.

Returns

true if hash initialization succeeded, false if failed.

void cryptx_hash_update(struct cryptx_hash_ctx *context, const void *data, size_t len)

Updates the context for a given block of data.

Parameters

  • context – Pointer to a context.

  • data – Pointer to a block of data to hash..

  • len – Size of the data to hash.

void cryptx_hash_digest(struct cryptx_hash_ctx *context, void *digest)

Output digest for current context (preserves state).

Parameters

  • context – Pointer to a context.

  • digest – Pointer to a buffer to write digest to. 

char *msg = "Hash this string";
crytx_hash_ctx h;

// initialize hash
cryptx_hash_init(&h, SHA256);

// allocate buffer for digest
uint8_t digest[h.digest_len];

// hash the string
cryptx_hash_update(&h, msg, strlen(msg));

// return the digest
cryptx_hash_digest(&h, digest);

Mask Generation Function One (MGF1) is a hash function that can return a digest of a variable given length. It is generally not used standalone but is a mask-generating algorithm used within the RSA module. Nonetheless, if you have need of it, feel free to use it.

void cryptx_hash_mgf1(const void *data, size_t datalen, void *outbuf, size_t outlen, uint8_t hash_alg)

Computes a digest of arbitrary length for a given block of data.

Parameters

  • data – Pointer to data to hash.

  • datalen – Size of data to hash.

  • outbuf – Pointer to buffer to write digest to.

  • outlen – Number of bytes to write to outbuf.

  • hash_alg – The numeric ID of the hashing algorithm to use. See cryptx_hash_algorithms. 

char *msg = "Hash this string";
#define MASK_LEN  48
uint8_t mask_buf[MASK_LEN];

cryptx_hash_mgf1(msg, strlen(msg), mask_buf, MASK_LEN, SHA256);

Warning

Do not use this function to derive a mask for a key by hashing a password. Use cryptx_hmac_pbkdf2 for this instead.

Notes

  1. After initialization the hash context holds the digest length for the selected algorithm. You can read it by accessing context.digest_len. This is the only reason you should be accessing a member of the hash context.

  2. This API uses 516 bytes of fastMem starting at 0xE30800 for scratch memory. Do not use it for anything else if you are using this module.