|
||
A cryptographic hash algorithm (also known as a message digest, a one-way function, or simply a hash) takes a variable-length input (the message) and produce a fixed length output known as the hash (or digest) of the input. It is often useful to think of the resulting output as a representation, or fingerprint, of the original input.
There are two properties that are important to cryptographic hashes:
it must be hard to find collisions, i.e. it is highly unlikely that two distinct strings will hash to the same output
it is extremely difficult to determine the original input given only the output. Even very small changes to the input will give rise to radical changes in the output.
These properties make hash functions useful in cryptography and other applications as they allow the representation of objects in a known fixed size.
The hash algorithms supported by Symbian OS are:
Hash algorithms | Further information |
---|---|
MD4 |
|
MD5 |
|
SHA-1 |
FIPS 180-1 and RFC 3174 |
HMAC |
There is also support for MD2 (see RFC 1319) and SHA, which is there for backward compatibility, but it is not to be used in new code.
Unlike the hashes mentioned above, HMAC (Hashed Message Authentication Code) is a key-dependant hash. It allows a key to be specified at creation of the HMAC. Only people with that key can verify the hash. HMACs are useful when authentication but not secrecy of a message is required.
The sender appends to the message data an authentication tag (which is a function of the data and the shared key). The recipient recomputes the authentication tag on the received message using the shared key. The integrity of the message is deemed valid only if the two authentication tags match.
For further details see RFC 2104.
CMessageDigest
is the base class for all hash algorithms.
The diagram below show the main classes used in the pre-v9.5 hash framework. For information on each class see the Cryptography API Reference material.
These classes are defined in hash.h
and implemented in the
hash library, hash.dll
.
The hash API is used internally by the Security components: AppInst, Certman (Certificate Management) and Cryptography. Networking/TLS uses a pseudo-random function (PRF) based on HMAC. Both MD5 and SHA-1 are used in TLS.
The diagram linked to below shows the inter-dependencies between
hash.dll
and its clients:
From v9.5, all hashes are implemented by the
CryptoSpi::CHash
class. To create a hash object, use the
generic hash factory function
CryptoSpi::CHashFactory::CreateHashL()
, specifying the UID
of the required algorithm. UIDs are defined in cryptospidef.h
, for
instance KMd2Uid
, KMd5Uid
, KSha1Uid
.