SECHASH(2) SECHASH(2)
NAME
md4, md5, ripemd160, sha1, sha2_224, sha2_256, sha2_384,
sha2_512, hmac_x, hmac_md5, hmac_sha1, hmac_sha2_224,
hmac_sha2_256, hmac_sha2_384, hmac_sha2_512, blake2s_128,
blake2s_256, mac_blake2s_128, mac_blake2s_256,
hmac_blake2s_256, poly1305 - cryptographically secure hashes
SYNOPSIS
#include <u.h>
#include <libc.h>
#include <mp.h>
#include <libsec.h>
#define DS DigestState /* only to abbreviate SYNOPSIS */
DS* md4(uchar *data, ulong dlen, uchar *digest, DS *state)
DS* md5(uchar *data, ulong dlen, uchar *digest, DS *state)
DS* ripemd160(uchar *data, ulong dlen, uchar *digest, DS
*state)
DS* sha1(uchar *data, ulong dlen, uchar *digest, DS *state)
DS* sha2_224(uchar *data, ulong dlen, uchar *digest, DS
*state)
DS* sha2_256(uchar *data, ulong dlen, uchar *digest, DS
*state)
DS* sha2_384(uchar *data, ulong dlen, uchar *digest, DS
*state)
DS* sha2_512(uchar *data, ulong dlen, uchar *digest, DS
*state)
DS* blake2s_128(uchar *data, ulong dlen, uchar *digest, DS
*state)
DS* blake2s_256(uchar *data, ulong dlen, uchar *digest, DS
*state)
DS* hmac_x(uchar *p, ulong len, uchar *key, ulong klen,
uchar *digest, DS *s, DS*(*x)(uchar*, ulong, uchar*,
DS*), int xlen)
DS* hmac_md5(uchar *data, ulong dlen, uchar *key, ulong
klen, uchar *digest, DS *state)
DS* hmac_sha1(uchar *data, ulong dlen, uchar *key, ulong
klen, uchar *digest, DS *state)
Page 1 Plan 9 (printed 11/1/25)
SECHASH(2) SECHASH(2)
DS* hmac_sha2_224(uchar *data, ulong dlen, uchar *key, ulong
klen, uchar *digest, DS *state)
DS* hmac_sha2_256(uchar *data, ulong dlen, uchar *key, ulong
klen, uchar *digest, DS *state)
DS* hmac_sha2_384(uchar *data, ulong dlen, uchar *key, ulong
klen, uchar *digest, DS *state)
DS* hmac_sha2_512(uchar *data, ulong dlen, uchar *key, ulong
klen, uchar *digest, DS *state)
DS* hmac_blake2s_256(uchar *data, ulong dlen, uchar *key,
ulong klen, uchar *digest, DS *state)
DS* poly1305(uchar *p, ulong len, uchar *key, ulong klen,
uchar *digest, DS *state)
DS* mac_blake2s_128(uchar *p, ulong len, uchar *key, ulong
klen, uchar *digest, DS *state)
DS* mac_blake2s_256(uchar *p, ulong len, uchar *key, ulong
klen, uchar *digest, DS *state)
DESCRIPTION
The output of a hash is called a digest. A hash is secure
if, given the hashed data and the digest, it is difficult to
predict the change to the digest resulting from some change
to the data without rehashing the whole data. Therefore, if
a secret is part of the hashed data, the digest can be used
as an integrity check of the data by anyone possessing the
secret.
The routines md4, md5, ripemd160, sha1, sha2_224, sha2_256,
sha2_384, sha2_512, blake2s_128, blake2s_256, differ only in
the length of the resulting digest and in the security of
the hash. Sha2_* and hmac_sha2_* are the SHA-2 functions;
the number after the final underscore is the number of bits
in the resulting digest. Usage for each is the same. The
first call to the routine should have nil as the state
parameter. This call returns a state which can be used to
chain subsequent calls. The last call should have digest
non-`nil'. Digest must point to a buffer of at least the
size of the digest produced. This last call will free the
state and copy the result into digest.
The constants MD4dlen, MD5dlen, RIPEMD160dlen, SHA1dlen,
SHA2_224dlen, SHA2_256dlen, SHA2_384dlen, SHA2_512dlen,
BLAKE2S_128dlen, BLAKE2S_256dlen and Poly1305dlen define the
lengths of the digests.
Hmac_md5, hmac_sha1, hmac_sha2_224, hmac_sha2_256,
Page 2 Plan 9 (printed 11/1/25)
SECHASH(2) SECHASH(2)
hmac_sha2_384, hmac_sha2_512, hmac_blake2s_256 and poly1305
are used slightly differently. These hash algorithms are
keyed and require a key to be specified on every call. The
digest lengths for these hashes are the obvious ones from
the above list of length constants. The hmac_* routines all
call hmac_x internally, but hmac_x is not intended for gen-
eral use.
Poly1305 is a one-time authenticator designed by D. J. Bern-
stein is documented in RFC8439. It takes a 32-byte one-time
key and a message and produces a 16-byte tag.
Mac_blake2s_128 and mac_blake2s_256 provide the keyed vari-
ants of their respective blake2s functions. Unlike their
hmac variants, the key may only be specified on the first
call. Subsequent calls are free to use the non keyed vari-
ants.
EXAMPLES
To hash a single buffer using md5:
uchar digest[MD5dlen];
md5(data, len, digest, nil);
To chain a number of buffers together, bounded on each end
by some secret:
char buf[256];
uchar digest[MD5dlen];
DigestState *s;
s = md5("my password", 11, nil, nil);
while((n = read(fd, buf, 256)) > 0)
md5(buf, n, nil, s);
md5("drowssap ym", 11, digest, s);
SOURCE
/sys/src/libsec
SEE ALSO
blowfish(2), des(2), elgamal(2), rc4(2), rsa(2)
/lib/rfc/rfc2104 HMAC specification
Page 3 Plan 9 (printed 11/1/25)