![[Index]](../../../../../../a_stock/btn_index_wt.gif){kind=small}
![[Spacer]](../../../../../../a_stock/btn_spacer.gif){kind=small}
![[Previous]](../../../../../../a_stock/btn_prev_wt.gif){kind=small}
![[Next]](../../../../../../a_stock/btn_next_wt.gif){kind=small}
|
|
|
|
|
|
||
A cryptographic hash algorithm (also known as a message digest, a one-way function, or simply a hash) takes a variable-length input (the message) and produce a fixed length output known as the hash (or digest) of the input. It is often useful to think of the resulting output as a representation, or fingerprint, of the original input.
There are two properties that are important to cryptographic hashes:
it must be hard to find collisions, i.e., it is highly unlikely that two distinct strings will hash to the same output
it is extremely difficult to determine the original input given only the output. Even very small changes to the input will give rise to radical changes in the output.
These properties make hash functions useful in cryptography and other applications as they allow the representation of objects in a known fixed size.
Hash algorithms are used in conjunction with asymmetric cryptography for signing. The reason for this is that signing by asymmetric cryptography alone is a slow process: for example, encrypting the whole of a bank transaction using a private key would be inefficient. So instead Alice (the sender) can create a hash of the transaction, encrypt that with her private key to make the signature, then send the transaction to Bob (the receiver) along with the signature. Bob hashes the transaction, decrypts the signature using Alice's public key and compares the 2 hash values: if they match the signature is valid.
The hash algorithms supported by the Symbian OS are given in the table below:
|
There is also support for MD2 (see RFC 1319) and SHA, which is there for backward compatibility, but it is not to be used in new code.
|
|
Unlike the other hashes mentioned above, HMAC (Hashed Message Authentication Code) is a key dependant hash. It allows one to specify a key at creation of the HMAC. Only persons with that key can verify the hash. HMACs are useful when authentication but not secrecy of a message is required.
The sender appends to the message data an authentication tag (which is a function of the data and the shared key). The recipient recomputes the authentication tag on the received message using the shared key. The integrity of the message is deemed valid only if the two authentication tags match.
The same interface is kept for both types of hash algorithms. The implementation supplies default function parameters when there is a difference in the number of parameters for different algorithms.
Below is a summary of how an HMAC works. We shall first define:
ipad = inner padding: the byte 0x36
repeated the same number of times as the block size
opad = outer padding: the byte 0x5c
repeated the same number of times as the block size
text = the message we wish to compute the HMAC over.
The length of the key should be less than or equal to the block size (64 bytes for MD5 and SHA-1), though greater than the size of the message digest (16 bytes for MD5, 20 bytes for SHA-1). If the key length is greater than the block size, a (fixed length) hash of the key should be used.
To compute HMAC over the data 'text' the following steps
are performed:
the key is appended with zero bytes until it equals the block size in length.
the key is XORed with ipad
text is appended to the result of 2
the hash algorithm is applied to the result of 3
the key is XORed with opad
the result of 4 is appended to the result of 5
the hash algorithm is applied to the result of 6.
For further details see RFC 2104.
CMessageDigest is the base class that defines an
interface for using the supported hash algorithms listed above.
The diagram below show the main classes used in the hash framework.
The colour of the boxes indicates the type of Symbian class, i.e.,
M, C, R or T class. For
detailed information on each component see the Cryptography API Reference
material. For detailed information on each component see the Cryptography API
Reference material.
The inheritance diagram above shows the CMessageDigest
abstract base class. Also shown are the following derived classes:
CHMAC, CMD2, CMD5, CSHA,
and CSHA-1.
These classes are defined in hash.h and implemented in
the hash library, hash.dll.
The hash API is used internally by the Security components: AppInst, Certman (Certificate Management) and Cryptography. Networking/TLS uses a pseudo-random function (PRF) based on HMAC. Both MD5 and SHA-1 are used in TLS.
The diagram linked to below shows the inter-dependencies between
hash.dll and its clients:
|
Copyright ©2008 Symbian Software Ltd. |
|
![[Top]](../../../../../../a_stock/arrow_up_2.gif){kind=icon}
![[Previous]](../../../../../../a_stock/btn_prev.gif){kind=small}
![[Top]](../../../../../../a_stock/btn_top.gif)
![[Next]](../../../../../../a_stock/btn_next.gif){kind=small}