KEYRING-SHA1(2)                                   KEYRING-SHA1(2)

     NAME
          keyring: sha1, md4, md5, hmac_sha1, hmac_md5, sign, verify -
          cryptographic digests and digital signatures

     SYNOPSIS
          include "keyring.m";
          keyring := load Keyring Keyring->PATH;

          sha1:   fn(buf: array of byte, n: int, digest: array of byte,
                        state: ref DigestState): ref DigestState;
          md4:    fn(buf: array of byte, n: int, digest: array of byte,
                        state: ref DigestState): ref DigestState;
          md5:    fn(buf: array of byte, n: int, digest: array of byte,
                        state: ref DigestState): ref DigestState;
          hmac_sha1:    fn(buf: array of byte, n: int, key: array of byte, digest: array of byte,
                        state: ref DigestState): ref DigestState;
          hmac_md5:     fn(buf: array of byte, n: int, key: array of byte, digest: array of byte,
                        state: ref DigestState): ref DigestState;
          sign:   fn(sk: ref SK, exp: int, state: ref DigestState,
                        ha: string): ref Certificate;
          verify: fn(pk: ref PK, cert: ref Certificate,
                        state: ref DigestState): int;

     DESCRIPTION
          Sha1, md4 and md5 are cryptographically secure hash func-
          tions that produce output called a message digest.  Each
          function computes a hash of n bytes of the data in buf, and
          updates the current state. They can be called iteratively to
          form a single digest for many data blocks.  The state is
          kept in the DigestState value referenced by state between
          calls.  State should be nil on the first call, and a newly
          allocated DigestState will be returned for use in subsequent
          calls.  On a call in which digest is not nil, the hash is
          completed and copied into the digest array.  Sha1 produces a
          20-byte hash (SHA1dlen), md4 and md5 a 16-byte one (MD4len
          and MD5len).

          Hmac_sha1 and hmac_md5 are keyed versions of the hashing
          functions, following Internet RFC2104.  The key must be pro-
          vided in each call, but otherwise the calling conventions
          are those of sha1.  The key must currently be no more than
          64 bytes.

          Sign creates a digital signature of a digest from the con-
          catenation of: a message, the name of the signer, and an
          expiration time.  State is the digest state after running
          sha1, md4 or md5 over the message.  Ha is a string specify-
          ing the hash algorithm to use: "sha", "sha1", "md4" or
          "md5".  Sign extends the digest to cover the signer's name
          (taken from the private key, sk) and the expiration time.

     Page 1                       Plan 9            (printed 11/23/24)

     KEYRING-SHA1(2)                                   KEYRING-SHA1(2)

          It returns a certificate containing the digital signature of
          the digest, signer name, hash algorithm and signature algo-
          rithm.  If any parameter is invalid, sign returns nil.  The
          signature algorithm is implied by the type of the private
          key.

          Verify uses public key pk to verify a certificate.  It
          returns non-zero (true) if the certificate is valid; zero
          (false) otherwise.  State is the digest state after running
          the chosen digest algorithm over the message.

     EXAMPLES
          A program to read a file and hash it using SHA might contain
          the following inner loop:

               state: ref DigestState = nil;
               while((n := sys->read(fd, buf, len buf)) > 0)
                       state = kr->sha1(buf, n, nil, state);
               digest := array[kr->SHA1dlen] of byte;
               kr->sha1(buf, 0, digest, state);

     SOURCE
          /libinterp/keyring.c
          /libcrypt/hmac.c
          /libcrypt/md4.c
          /libcrypt/md5.c
          /libcrypt/sha1.c

     BUGS
          The MD4 algorithm is included only to allow communication
          with software that might still use it; it should not other-
          wise be used now, because it is easily broken.

     Page 2                       Plan 9            (printed 11/23/24)