348
279
So you may want to check that the version is okay right after program
351
-- Function: const char *gcry_check_version (const char *REQ_VERSION)
352
The function `gcry_check_version' initializes the sub-systems used
282
-- Function: const char * gcry_check_version (const char *REQ_VERSION)
283
The function `gcry_check_version' initializes some subsystems used
353
284
by Libgcrypt and must be invoked before any other function in the
354
library, with the exception of the `GCRYCTL_SET_THREAD_CBS'
355
command (called via the `gcry_control' function), see *Note
285
library, with the exception of the `GCRYCTL_SET_THREAD_CBS' command
286
(called via the `gcry_control' function). *Note Multi-Threading::.
358
288
Furthermore, this function returns the version number of the
359
289
library. It can also verify that the version number is higher
360
290
than a certain required version number REQ_VERSION, if this value
361
291
is not a null pointer.
293
Libgcrypt uses a concept known as secure memory, which is a region of
294
memory set aside for storing sensitive data. Because such memory is a
295
scarce resource, it needs to be setup in advanced to a fixed size.
296
Further, most operating systems have special requirements on how that
297
secure memory can be used. For example, it might be required to install
298
an application as "setuid(root)" to allow allocating such memory.
299
Libgcrypt requires a sequence of initialization steps to make sure that
300
this works correctly. The following examples show the necessary steps.
302
If you don't have a need for secure memory, for example if your
303
application does not use secret keys or other confidential data or it
304
runs in a controlled environment where key material floating around in
305
memory is not a problem, you should initialize Libgcrypt this way:
307
/* Version check should be the very first call because it
308
makes sure that important subsystems are intialized. */
309
if (!gcry_check_version (GCRYPT_VERSION))
311
fputs ("libgcrypt version mismatch\n", stderr);
315
/* Disable secure memory. */
316
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
318
/* ... If required, other initialization goes here. */
320
/* Tell Libgcrypt that initialization has completed. */
321
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
323
If you have to protect your keys or other information in memory
324
against being swapped out to disk and to enable an automatic overwrite
325
of used and freed memory, you need to initialize Libgcrypt this way:
327
/* Version check should be the very first call because it
328
makes sure that important subsystems are intialized. */
329
if (!gcry_check_version (GCRYPT_VERSION))
331
fputs ("libgcrypt version mismatch\n", stderr);
335
/* We don't want to see any warnings, e.g. because we have not yet
336
parsed program options which might be used to suppress such
338
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
340
/* ... If required, other initialization goes here. Note that the
341
process might still be running with increased privileges and that
342
the secure memory has not been intialized. */
344
/* Allocate a pool of 16k secure memory. This make the secure memory
345
available and also drops privileges where needed. */
346
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
348
/* It is now okay to let Libgcrypt complain when there was/is
349
a problem with the secure memory. */
350
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
352
/* ... If required, other initialization goes here. */
354
/* Tell Libgcrypt that initialization has completed. */
355
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
357
It is important that these initialization steps are not done by a
358
library but by the actual application. A library using Libgcrypt might
359
want to check for finished initialization using:
361
if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P))
363
fputs ("libgcrypt has not been initialized\n", stderr);
367
Instead of terminating the process, the library may instead print a
368
warning and try to initialize Libgcrypt itself. See also the section on
369
multi-threading below for more pitfalls.
364
File: gcrypt.info, Node: Multi-Threading, Prev: Initializing the library, Up: Preparation
372
File: gcrypt.info, Node: Multi-Threading, Next: Enabling FIPS mode, Prev: Initializing the library, Up: Preparation
366
374
2.5 Multi-Threading
367
375
===================
494
545
This option can only be used at initialization time.
496
`GCRYCTL_DUMP_RANDOM_STATS'
497
This command dumps PRNG related statistics to the librarys
500
`GCRYCTL_DUMP_MEMORY_STATS'
501
This command dumps memory manamgent related statistics to the
502
librarys logging stream.
504
`GCRYCTL_DUMP_SECMEM_STATS'
547
`GCRYCTL_DUMP_RANDOM_STATS; Arguments: none'
548
This command dumps randum number generator related statistics
549
to the library's logging stream.
551
`GCRYCTL_DUMP_MEMORY_STATS; Arguments: none'
552
This command dumps memory managment related statistics to the
553
library's logging stream.
555
`GCRYCTL_DUMP_SECMEM_STATS; Arguments: none'
505
556
This command dumps secure memory manamgent related statistics
506
to the librarys logging stream.
508
`GCRYCTL_DUMP_CONFIG; Arguments: none'
509
This command dumps information pertaining to the
510
configuration of libgcrypt to the logging stream. It may be
511
used before the intialization has been finished but not
512
before a gcry_version_check.
557
to the library's logging stream.
559
`GCRYCTL_DROP_PRIVS; Arguments: none'
515
560
This command disables the use of secure memory and drops the
516
priviliges of the current process. FIXME.
561
priviliges of the current process. This command has not much
562
use; the suggested way to disable secure memory is to use
563
`GCRYCTL_DISABLE_SECMEM' right after initialization.
518
`GCRYCTL_DISABLE_SECMEM'
519
This command disables the use of secure memory.
565
`GCRYCTL_DISABLE_SECMEM; Arguments: none'
566
This command disables the use of secure memory. If this
567
command is used in FIPS mode, FIPS mode will be disabled and
568
the function `gcry_fips_mode_active' returns false. However,
569
in Enforced FIPS mode this command has no effect at all.
521
571
Many applications do not require secure memory, so they
522
should disable it right away. There won't be a problem if
523
not disabling it unless one makes use of a feature which
524
requires secure memory - in that case the process will abort
525
because the secmem is not initialized.
527
`GCRYCTL_INIT_SECMEM'
529
`GCRYCTL_TERM_SECMEM'
531
`GCRYCTL_DISABLE_SECMEM_WARN'
533
`GCRYCTL_SUSPEND_SECMEM_WARN'
535
`GCRYCTL_RESUME_SECMEM_WARN'
572
should disable it right away. This command should be
573
executed right after `gcry_check_version'.
575
`GCRYCTL_INIT_SECMEM; Arguments: int nbytes'
576
This command is used to allocate a pool of secure memory and
577
thus enabling the use of secure memory. It also drops all
578
extra privileges the process has (i.e. if it is run as setuid
579
(root)). If the argument NBYTES is 0, secure memory will be
580
disabled. The minimum amount of secure memory allocated is
581
currently 16384 bytes; you may thus use a value of 1 to
582
request that default size.
584
`GCRYCTL_TERM_SECMEM; Arguments: none'
585
This command zeroises the secure memory and destroys the
586
handler. The secure memory pool may not be used anymore
587
after running this command. If the secure memory pool as
588
already been destroyed, this command has no effect.
589
Applications might want to run this command from their exit
590
handler to make sure that the secure memory gets properly
591
destroyed. This command is not necessarily thread-safe but
592
that should not be needed in cleanup code. It may be called
593
from a signal handler.
595
`GCRYCTL_DISABLE_SECMEM_WARN; Arguments: none'
596
Disable warning messages about problems with the secure memory
597
subsystem. This command should be run right after
598
`gcry_check_version'.
600
`GCRYCTL_SUSPEND_SECMEM_WARN; Arguments: none'
601
Postpone warning messages from the secure memory subsystem.
602
*Note the initialization example: sample-use-suspend-secmem,
605
`GCRYCTL_RESUME_SECMEM_WARN; Arguments: none'
606
Resume warning messages from the secure memory subsystem.
607
*Note the initialization example: sample-use-resume-secmem,
537
610
`GCRYCTL_USE_SECURE_RNDPOOL; Arguments: none'
538
611
This command tells the PRNG to store random numbers in secure
539
memory. FIXME: what about initialization time?
612
memory. This command should be run right after
613
`gcry_check_version' and not later than the command
614
GCRYCTL_INIT_SECMEM. Note that in FIPS mode the secure
615
memory is always used.
541
617
`GCRYCTL_SET_RANDOM_SEED_FILE; Arguments: const char *filename'
542
618
This command specifies the file, which is to be used as seed
1619
1794
identifier or when no mode is associated with it.
1622
File: gcrypt.info, Node: Hashing, Next: Public Key cryptography (I), Prev: Symmetric cryptography, Up: Top
1627
Libgcrypt provides an easy and consistent to use interface for hashing.
1628
Hashing is buffered and several hash algorithms can be updated at
1629
once. It is possible to calculate a MAC using the same routines. The
1630
programming model follows an open/process/close paradigm and is in that
1631
similar to other building blocks provided by Libgcrypt.
1633
For convenience reasons, a few cyclic redundancy check value
1634
operations are also supported.
1638
* Available hash algorithms:: List of hash algorithms supported by the library.
1639
* Hash algorithm modules:: How to work with hash algorithm modules.
1640
* Working with hash algorithms:: List of functions related to hashing.
1643
File: gcrypt.info, Node: Available hash algorithms, Next: Hash algorithm modules, Up: Hashing
1645
6.1 Available hash algorithms
1646
=============================
1649
This is not a real algorithm but used by some functions as an error
1650
return value. This constant is guaranteed to have the value `0'.
1653
This is the SHA-1 algorithm which yields a message digest of 20
1657
This is the 160 bit version of the RIPE message digest
1658
(RIPE-MD-160). Like SHA-1 it also yields a digest of 20 bytes.
1661
This is the well known MD5 algorithm, which yields a message
1665
This is the MD4 algorithm, which yields a message digest of 16
1669
This is an reserved identifier for MD-2; there is no
1673
This is the TIGER/192 algorithm which yields a message digest of
1677
This is an reserved for the HAVAL algorithm with 5 passes and 160
1678
bit. It yields a message digest of 20 bytes. Note that there is no
1679
implementation yet available.
1682
This is the SHA-224 algorithm which yields a message digest of 28
1683
bytes. See Change Notice 1 for FIPS 180-2 for the specification.
1686
This is the SHA-256 algorithm which yields a message digest of 32
1687
bytes. See FIPS 180-2 for the specification.
1690
This is the SHA-384 algorithm which yields a message digest of 48
1691
bytes. See FIPS 180-2 for the specification.
1694
This is the SHA-384 algorithm which yields a message digest of 64
1695
bytes. See FIPS 180-2 for the specification.
1698
This is the ISO 3309 and ITU-T V.42 cyclic redundancy check. It
1699
yields an output of 4 bytes.
1701
`GCRY_MD_CRC32_RFC1510'
1702
This is the above cyclic redundancy check function, as modified by
1703
RFC 1510. It yields an output of 4 bytes.
1705
`GCRY_MD_CRC24_RFC2440'
1706
This is the OpenPGP cyclic redundancy check function. It yields an
1710
This is the Whirlpool algorithm which yields a message digest of 64
1715
File: gcrypt.info, Node: Hash algorithm modules, Next: Working with hash algorithms, Prev: Available hash algorithms, Up: Hashing
1717
6.2 Hash algorithm modules
1718
==========================
1720
Libgcrypt makes it possible to load additional `message digest
1721
modules'; these digests can be used just like the message digest
1722
algorithms that are built into the library directly. For an
1723
introduction into extension modules, see *Note Modules::.
1725
-- Data type: gcry_md_spec_t
1726
This is the `module specification structure' needed for registering
1727
message digest modules, which has to be filled in by the user
1728
before it can be used to register a module. It contains the
1732
The primary name of this algorithm.
1734
`unsigned char *asnoid'
1735
Array of bytes that form the ASN OID.
1738
Length of bytes in `asnoid'.
1740
`gcry_md_oid_spec_t *oids'
1741
A list of OIDs that are to be associated with the algorithm.
1742
The list's last element must have it's `oid' member set to
1743
NULL. See below for an explanation of this type. See below
1744
for an explanation of this type.
1747
Length of the message digest algorithm. See below for an
1748
explanation of this type.
1750
`gcry_md_init_t init'
1751
The function responsible for initializing a handle. See
1752
below for an explanation of this type.
1754
`gcry_md_write_t write'
1755
The function responsible for writing data into a message
1756
digest context. See below for an explanation of this type.
1758
`gcry_md_final_t final'
1759
The function responsible for `finalizing' a message digest
1760
context. See below for an explanation of this type.
1762
`gcry_md_read_t read'
1763
The function responsible for reading out a message digest
1764
result. See below for an explanation of this type.
1766
`size_t contextsize'
1767
The size of the algorithm-specific `context', that should be
1768
allocated for each handle.
1770
-- Data type: gcry_md_oid_spec_t
1771
This type is used for associating a user-provided algorithm
1772
implementation with certain OIDs. It contains the following
1775
`const char *oidstring'
1776
Textual representation of the OID.
1778
-- Data type: gcry_md_init_t
1779
Type for the `init' function, defined as: void (*gcry_md_init_t)
1782
-- Data type: gcry_md_write_t
1783
Type for the `write' function, defined as: void (*gcry_md_write_t)
1784
(void *c, unsigned char *buf, size_t nbytes)
1786
-- Data type: gcry_md_final_t
1787
Type for the `final' function, defined as: void (*gcry_md_final_t)
1790
-- Data type: gcry_md_read_t
1791
Type for the `read' function, defined as: unsigned char
1792
*(*gcry_md_read_t) (void *c)
1794
-- Function: gcry_error_t gcry_md_register (gcry_md_spec_t *DIGEST,
1795
unsigned int *algorithm_id, gcry_module_t *MODULE)
1796
Register a new digest module whose specification can be found in
1797
DIGEST. On success, a new algorithm ID is stored in ALGORITHM_ID
1798
and a pointer representing this module is stored in MODULE.
1800
-- Function: void gcry_md_unregister (gcry_module_t MODULE)
1801
Unregister the digest identified by MODULE, which must have been
1802
registered with gcry_md_register.
1804
-- Function: gcry_error_t gcry_md_list (int *LIST, int *LIST_LENGTH)
1805
Get a list consisting of the IDs of the loaded message digest
1806
modules. If LIST is zero, write the number of loaded message
1807
digest modules to LIST_LENGTH and return. If LIST is non-zero,
1808
the first *LIST_LENGTH algorithm IDs are stored in LIST, which
1809
must be of according size. In case there are less message digests
1810
modules than *LIST_LENGTH, *LIST_LENGTH is updated to the correct
1814
File: gcrypt.info, Node: Working with hash algorithms, Prev: Hash algorithm modules, Up: Hashing
1816
6.3 Working with hash algorithms
1817
================================
1819
To use most of these function it is necessary to create a context; this
1822
-- Function: gcry_error_t gcry_md_open (gcry_md_hd_t *HD, int ALGO,
1824
Create a message digest object for algorithm ALGO. FLAGS may be
1825
given as an bitwise OR of constants described below. ALGO may be
1826
given as `0' if the algorithms to use are later set using
1827
`gcry_md_enable'. HD is guaranteed to either receive a valid
1830
For a list of supported algorithms, see *Note Available hash
1833
The flags allowed for MODE are:
1835
`GCRY_MD_FLAG_SECURE'
1836
Allocate all buffers and the resulting digest in "secure
1837
memory". Use this is the hashed data is highly confidential.
1840
Turn the algorithm into a HMAC message authentication
1841
algorithm. This only works if just one algorithm is enabled
1842
for the handle. Note that the function `gcry_md_setkey' must
1843
be used to set the MAC key. If you want CBC message
1844
authentication codes based on a cipher, see *Note Working
1845
with cipher handles::.
1848
You may use the function `gcry_md_is_enabled' to later check
1849
whether an algorithm has been enabled.
1852
If you want to calculate several hash algorithms at the same time,
1853
you have to use the following function right after the `gcry_md_open':
1855
-- Function: gcry_error_t gcry_md_enable (gcry_md_hd_t H, int ALGO)
1856
Add the message digest algorithm ALGO to the digest object
1857
described by handle H. Duplicated enabling of algorithms is
1858
detected and ignored.
1860
If the flag `GCRY_MD_FLAG_HMAC' was used, the key for the MAC must
1861
be set using the function:
1863
-- Function: gcry_error_t gcry_md_setkey (gcry_md_hd_t H, const void
1864
*KEY, size_t KEYLEN)
1865
For use with the HMAC feature, set the MAC key to the value of KEY
1868
After you are done with the hash calculation, you should release the
1871
-- Function: void gcry_md_close (gcry_md_hd_t H)
1872
Release all resources of hash context H. H should not be used
1873
after a call to this function. A `NULL' passed as H is ignored.
1876
Often you have to do several hash operations using the same
1877
algorithm. To avoid the overhead of creating and releasing context, a
1878
reset function is provided:
1880
-- Function: void gcry_md_reset (gcry_md_hd_t H)
1881
Reset the current context to its initial state. This is
1882
effectively identical to a close followed by an open and enabling
1883
all currently active algorithms.
1885
Often it is necessary to start hashing some data and then continue to
1886
hash different data. To avoid hashing the same data several times
1887
(which might not even be possible if the data is received from a pipe),
1888
a snapshot of the current hash context can be taken and turned into a
1891
-- Function: gcry_error_t gcry_md_copy (gcry_md_hd_t *HANDLE_DST,
1892
gcry_md_hd_t HANDLE_SRC)
1893
Create a new digest object as an exact copy of the object
1894
described by handle HANDLE_SRC and store it in HANDLE_DST. The
1895
context is not reset and you can continue to hash data using this
1896
context and independently using the original context.
1898
Now that we have prepared everything to calculate hashes, it is time
1899
to see how it is actually done. There are two ways for this, one to
1900
update the hash with a block of memory and one macro to update the hash
1901
by just one character. Both methods can be used on the same hash
1904
-- Function: void gcry_md_write (gcry_md_hd_t H, const void *BUFFER,
1906
Pass LENGTH bytes of the data in BUFFER to the digest object with
1907
handle H to update the digest values. This function should be used
1908
for large blocks of data.
1910
-- Function: void gcry_md_putc (gcry_md_hd_t H, int C)
1911
Pass the byte in C to the digest object with handle H to update
1912
the digest value. This is an efficient function, implemented as a
1913
macro to buffer the data before an actual update.
1915
The semantics of the hash functions do not provide for reading out
1916
intermediate message digests because the calculation must be finalized
1917
first. This finalization may for example include the number of bytes
1918
hashed in the message digest or some padding.
1920
-- Function: void gcry_md_final (gcry_md_hd_t H)
1921
Finalize the message digest calculation. This is not really needed
1922
because `gcry_md_read' does this implicitly. After this has been
1923
done no further updates (by means of `gcry_md_write' or
1924
`gcry_md_putc' are allowed. Only the first call to this function
1925
has an effect. It is implemented as a macro.
1927
The way to read out the calculated message digest is by using the
1930
-- Function: unsigned char *gcry_md_read (gcry_md_hd_t H, int ALGO)
1931
`gcry_md_read' returns the message digest after finalizing the
1932
calculation. This function may be used as often as required but
1933
it will always return the same value for one handle. The returned
1934
message digest is allocated within the message context and
1935
therefore valid until the handle is released or reseted (using
1936
`gcry_md_close' or `gcry_md_reset'. ALGO may be given as 0 to
1937
return the only enabled message digest or it may specify one of
1938
the enabled algorithms. The function does return `NULL' if the
1939
requested algorithm has not been enabled.
1941
Because it is often necessary to get the message digest of one block
1942
of memory, a fast convenience function is available for this task:
1944
-- Function: void gcry_md_hash_buffer (int ALGO, void *DIGEST, const
1945
void *BUFFER, size_t LENGTH);
1946
`gcry_md_hash_buffer' is a shortcut function to calculate a message
1947
digest of a buffer. This function does not require a context and
1948
immediately returns the message digest of the LENGTH bytes at
1949
BUFFER. DIGEST must be allocated by the caller, large enough to
1950
hold the message digest yielded by the the specified algorithm
1951
ALGO. This required size may be obtained by using the function
1952
`gcry_md_get_algo_dlen'.
1954
Note that this function will abort the process if an unavailable
1957
Hash algorithms are identified by internal algorithm numbers (see
1958
`gcry_md_open' for a list). However, in most applications they are
1959
used by names, so two functions are available to map between string
1960
representations and hash algorithm identifiers.
1962
-- Function: const char *gcry_md_algo_name (int ALGO)
1963
Map the digest algorithm id ALGO to a string representation of the
1964
algorithm name. For unknown algorithms this function returns the
1965
string `"?"'. This function should not be used to test for the
1966
availability of an algorithm.
1968
-- Function: int gcry_md_map_name (const char *NAME)
1969
Map the algorithm with NAME to a digest algorithm identifier.
1970
Returns 0 if the algorithm name is not known. Names representing
1971
ASN.1 object identifiers are recognized if the IETF dotted format
1972
is used and the OID is prefixed with either "`oid.'" or "`OID.'".
1973
For a list of supported OIDs, see the source code at
1974
`cipher/md.c'. This function should not be used to test for the
1975
availability of an algorithm.
1977
-- Function: gcry_error_t gcry_md_get_asnoid (int ALGO, void *BUFFER,
1979
Return an DER encoded ASN.1 OID for the algorithm ALGO in the user
1980
allocated BUFFER. LENGTH must point to variable with the available
1981
size of BUFFER and receives after return the actual size of the
1982
returned OID. The returned error code may be `GPG_ERR_TOO_SHORT'
1983
if the provided buffer is to short to receive the OID; it is
1984
possible to call the function with `NULL' for BUFFER to have it
1985
only return the required size. The function returns 0 on success.
1988
To test whether an algorithm is actually available for use, the
1989
following macro should be used:
1991
-- Function: gcry_error_t gcry_md_test_algo (int ALGO)
1992
The macro returns 0 if the algorithm ALGO is available for use.
1994
If the length of a message digest is not known, it can be retrieved
1995
using the following function:
1997
-- Function: unsigned int gcry_md_get_algo_dlen (int ALGO)
1998
Retrieve the length in bytes of the digest yielded by algorithm
1999
ALGO. This is often used prior to `gcry_md_read' to allocate
2000
sufficient memory for the digest.
2002
In some situations it might be hard to remember the algorithm used
2003
for the ongoing hashing. The following function might be used to get
2006
-- Function: int gcry_md_get_algo (gcry_md_hd_t H)
2007
Retrieve the algorithm used with the handle H. Note that this
2008
does not work reliable if more than one algorithm is enabled in H.
2010
The following macro might also be useful:
2012
-- Function: int gcry_md_is_secure (gcry_md_hd_t H)
2013
This function returns true when the digest object H is allocated
2014
in "secure memory"; i.e. H was created with the
2015
`GCRY_MD_FLAG_SECURE'.
2017
-- Function: int gcry_md_is_enabled (gcry_md_hd_t H, int ALGO)
2018
This function returns true when the algorithm ALGO has been
2019
enabled for the digest object H.
2021
Tracking bugs related to hashing is often a cumbersome task which
2022
requires to add a lot of printf statements into the code. Libgcrypt
2023
provides an easy way to avoid this. The actual data hashed can be
2024
written to files on request.
2026
-- Function: void gcry_md_debug (gcry_md_hd_t H, const char *SUFFIX)
2027
Enable debugging for the digest object with handle H. This
2028
creates create files named `dbgmd-<n>.<string>' while doing the
2029
actual hashing. SUFFIX is the string part in the filename. The
2030
number is a counter incremented for each new hashing. The data in
2031
the file is the raw data as passed to `gcry_md_write' or
2032
`gcry_md_putc'. If `NULL' is used for SUFFIX, the debugging is
2033
stopped and the file closed. This is only rarely required because
2034
`gcry_md_close' implicitly stops debugging.
2036
The following two deprecated macros are used for debugging by old
2037
code. They shopuld be replaced by `gcry_md_debug'.
2039
-- Function: void gcry_md_start_debug (gcry_md_hd_t H, const char
2041
Enable debugging for the digest object with handle H. This
2042
creates create files named `dbgmd-<n>.<string>' while doing the
2043
actual hashing. SUFFIX is the string part in the filename. The
2044
number is a counter incremented for each new hashing. The data in
2045
the file is the raw data as passed to `gcry_md_write' or
2048
-- Function: void gcry_md_stop_debug (gcry_md_hd_t H, int RESERVED)
2049
Stop debugging on handle H. RESERVED should be specified as 0.
2050
This function is usually not required because `gcry_md_close' does
2051
implicitly stop debugging.
2054
File: gcrypt.info, Node: Public Key cryptography (I), Next: Public Key cryptography (II), Prev: Hashing, Up: Top
2056
7 Public Key cryptography (I)
2057
*****************************
1797
File: gcrypt.info, Node: Public Key cryptography, Next: Hashing, Prev: Symmetric cryptography, Up: Top
1799
6 Public Key cryptography
1800
*************************
2059
1802
Public key cryptography, also known as asymmetric cryptography, is an
2060
1803
easy way for key management and to provide digital signatures.
3357
3193
`gcry_pk_map_name'.
3360
File: gcrypt.info, Node: Random Numbers, Next: S-expressions, Prev: Public Key cryptography (II), Up: Top
3196
File: gcrypt.info, Node: Hashing, Next: Random Numbers, Prev: Public Key cryptography, Up: Top
3201
Libgcrypt provides an easy and consistent to use interface for hashing.
3202
Hashing is buffered and several hash algorithms can be updated at once.
3203
It is possible to compute a MAC using the same routines. The
3204
programming model follows an open/process/close paradigm and is in that
3205
similar to other building blocks provided by Libgcrypt.
3207
For convenience reasons, a few cyclic redundancy check value
3208
operations are also supported.
3212
* Available hash algorithms:: List of hash algorithms supported by the library.
3213
* Hash algorithm modules:: How to work with hash algorithm modules.
3214
* Working with hash algorithms:: List of functions related to hashing.
3217
File: gcrypt.info, Node: Available hash algorithms, Next: Hash algorithm modules, Up: Hashing
3219
7.1 Available hash algorithms
3220
=============================
3223
This is not a real algorithm but used by some functions as an error
3224
return value. This constant is guaranteed to have the value `0'.
3227
This is the SHA-1 algorithm which yields a message digest of 20
3231
This is the 160 bit version of the RIPE message digest
3232
(RIPE-MD-160). Like SHA-1 it also yields a digest of 20 bytes.
3235
This is the well known MD5 algorithm, which yields a message
3239
This is the MD4 algorithm, which yields a message digest of 16
3243
This is an reserved identifier for MD-2; there is no
3247
This is the TIGER/192 algorithm which yields a message digest of
3251
This is an reserved for the HAVAL algorithm with 5 passes and 160
3252
bit. It yields a message digest of 20 bytes. Note that there is no
3253
implementation yet available.
3256
This is the SHA-224 algorithm which yields a message digest of 28
3257
bytes. See Change Notice 1 for FIPS 180-2 for the specification.
3260
This is the SHA-256 algorithm which yields a message digest of 32
3261
bytes. See FIPS 180-2 for the specification.
3264
This is the SHA-384 algorithm which yields a message digest of 48
3265
bytes. See FIPS 180-2 for the specification.
3268
This is the SHA-384 algorithm which yields a message digest of 64
3269
bytes. See FIPS 180-2 for the specification.
3272
This is the ISO 3309 and ITU-T V.42 cyclic redundancy check. It
3273
yields an output of 4 bytes.
3275
`GCRY_MD_CRC32_RFC1510'
3276
This is the above cyclic redundancy check function, as modified by
3277
RFC 1510. It yields an output of 4 bytes.
3279
`GCRY_MD_CRC24_RFC2440'
3280
This is the OpenPGP cyclic redundancy check function. It yields an
3284
This is the Whirlpool algorithm which yields a message digest of 64
3289
File: gcrypt.info, Node: Hash algorithm modules, Next: Working with hash algorithms, Prev: Available hash algorithms, Up: Hashing
3291
7.2 Hash algorithm modules
3292
==========================
3294
Libgcrypt makes it possible to load additional `message digest
3295
modules'; these digests can be used just like the message digest
3296
algorithms that are built into the library directly. For an
3297
introduction into extension modules, see *Note Modules::.
3299
-- Data type: gcry_md_spec_t
3300
This is the `module specification structure' needed for registering
3301
message digest modules, which has to be filled in by the user
3302
before it can be used to register a module. It contains the
3306
The primary name of this algorithm.
3308
`unsigned char *asnoid'
3309
Array of bytes that form the ASN OID.
3312
Length of bytes in `asnoid'.
3314
`gcry_md_oid_spec_t *oids'
3315
A list of OIDs that are to be associated with the algorithm.
3316
The list's last element must have it's `oid' member set to
3317
NULL. See below for an explanation of this type. See below
3318
for an explanation of this type.
3321
Length of the message digest algorithm. See below for an
3322
explanation of this type.
3324
`gcry_md_init_t init'
3325
The function responsible for initializing a handle. See
3326
below for an explanation of this type.
3328
`gcry_md_write_t write'
3329
The function responsible for writing data into a message
3330
digest context. See below for an explanation of this type.
3332
`gcry_md_final_t final'
3333
The function responsible for `finalizing' a message digest
3334
context. See below for an explanation of this type.
3336
`gcry_md_read_t read'
3337
The function responsible for reading out a message digest
3338
result. See below for an explanation of this type.
3340
`size_t contextsize'
3341
The size of the algorithm-specific `context', that should be
3342
allocated for each handle.
3344
-- Data type: gcry_md_oid_spec_t
3345
This type is used for associating a user-provided algorithm
3346
implementation with certain OIDs. It contains the following
3349
`const char *oidstring'
3350
Textual representation of the OID.
3352
-- Data type: gcry_md_init_t
3353
Type for the `init' function, defined as: void (*gcry_md_init_t)
3356
-- Data type: gcry_md_write_t
3357
Type for the `write' function, defined as: void (*gcry_md_write_t)
3358
(void *c, unsigned char *buf, size_t nbytes)
3360
-- Data type: gcry_md_final_t
3361
Type for the `final' function, defined as: void (*gcry_md_final_t)
3364
-- Data type: gcry_md_read_t
3365
Type for the `read' function, defined as: unsigned char
3366
*(*gcry_md_read_t) (void *c)
3368
-- Function: gcry_error_t gcry_md_register (gcry_md_spec_t *DIGEST,
3369
unsigned int *algorithm_id, gcry_module_t *MODULE)
3370
Register a new digest module whose specification can be found in
3371
DIGEST. On success, a new algorithm ID is stored in ALGORITHM_ID
3372
and a pointer representing this module is stored in MODULE.
3374
-- Function: void gcry_md_unregister (gcry_module_t MODULE)
3375
Unregister the digest identified by MODULE, which must have been
3376
registered with gcry_md_register.
3378
-- Function: gcry_error_t gcry_md_list (int *LIST, int *LIST_LENGTH)
3379
Get a list consisting of the IDs of the loaded message digest
3380
modules. If LIST is zero, write the number of loaded message
3381
digest modules to LIST_LENGTH and return. If LIST is non-zero,
3382
the first *LIST_LENGTH algorithm IDs are stored in LIST, which
3383
must be of according size. In case there are less message digests
3384
modules than *LIST_LENGTH, *LIST_LENGTH is updated to the correct
3388
File: gcrypt.info, Node: Working with hash algorithms, Prev: Hash algorithm modules, Up: Hashing
3390
7.3 Working with hash algorithms
3391
================================
3393
To use most of these function it is necessary to create a context; this
3396
-- Function: gcry_error_t gcry_md_open (gcry_md_hd_t *HD, int ALGO,
3398
Create a message digest object for algorithm ALGO. FLAGS may be
3399
given as an bitwise OR of constants described below. ALGO may be
3400
given as `0' if the algorithms to use are later set using
3401
`gcry_md_enable'. HD is guaranteed to either receive a valid
3404
For a list of supported algorithms, see *Note Available hash
3407
The flags allowed for MODE are:
3409
`GCRY_MD_FLAG_SECURE'
3410
Allocate all buffers and the resulting digest in "secure
3411
memory". Use this is the hashed data is highly confidential.
3414
Turn the algorithm into a HMAC message authentication
3415
algorithm. This only works if just one algorithm is enabled
3416
for the handle. Note that the function `gcry_md_setkey' must
3417
be used to set the MAC key. The size of the MAC is equal to
3418
the message digest of the underlying hash algorithm. If you
3419
want CBC message authentication codes based on a cipher, see
3420
*Note Working with cipher handles::.
3423
You may use the function `gcry_md_is_enabled' to later check
3424
whether an algorithm has been enabled.
3427
If you want to calculate several hash algorithms at the same time,
3428
you have to use the following function right after the `gcry_md_open':
3430
-- Function: gcry_error_t gcry_md_enable (gcry_md_hd_t H, int ALGO)
3431
Add the message digest algorithm ALGO to the digest object
3432
described by handle H. Duplicated enabling of algorithms is
3433
detected and ignored.
3435
If the flag `GCRY_MD_FLAG_HMAC' was used, the key for the MAC must
3436
be set using the function:
3438
-- Function: gcry_error_t gcry_md_setkey (gcry_md_hd_t H, const void
3439
*KEY, size_t KEYLEN)
3440
For use with the HMAC feature, set the MAC key to the value of KEY
3441
of length KEYLEN. There is no restriction on the length of the
3444
After you are done with the hash calculation, you should release the
3447
-- Function: void gcry_md_close (gcry_md_hd_t H)
3448
Release all resources of hash context H. H should not be used
3449
after a call to this function. A `NULL' passed as H is ignored.
3452
Often you have to do several hash operations using the same
3453
algorithm. To avoid the overhead of creating and releasing context, a
3454
reset function is provided:
3456
-- Function: void gcry_md_reset (gcry_md_hd_t H)
3457
Reset the current context to its initial state. This is
3458
effectively identical to a close followed by an open and enabling
3459
all currently active algorithms.
3461
Often it is necessary to start hashing some data and then continue to
3462
hash different data. To avoid hashing the same data several times
3463
(which might not even be possible if the data is received from a pipe),
3464
a snapshot of the current hash context can be taken and turned into a
3467
-- Function: gcry_error_t gcry_md_copy (gcry_md_hd_t *HANDLE_DST,
3468
gcry_md_hd_t HANDLE_SRC)
3469
Create a new digest object as an exact copy of the object
3470
described by handle HANDLE_SRC and store it in HANDLE_DST. The
3471
context is not reset and you can continue to hash data using this
3472
context and independently using the original context.
3474
Now that we have prepared everything to calculate hashes, it is time
3475
to see how it is actually done. There are two ways for this, one to
3476
update the hash with a block of memory and one macro to update the hash
3477
by just one character. Both methods can be used on the same hash
3480
-- Function: void gcry_md_write (gcry_md_hd_t H, const void *BUFFER,
3482
Pass LENGTH bytes of the data in BUFFER to the digest object with
3483
handle H to update the digest values. This function should be used
3484
for large blocks of data.
3486
-- Function: void gcry_md_putc (gcry_md_hd_t H, int C)
3487
Pass the byte in C to the digest object with handle H to update
3488
the digest value. This is an efficient function, implemented as a
3489
macro to buffer the data before an actual update.
3491
The semantics of the hash functions do not provide for reading out
3492
intermediate message digests because the calculation must be finalized
3493
first. This finalization may for example include the number of bytes
3494
hashed in the message digest or some padding.
3496
-- Function: void gcry_md_final (gcry_md_hd_t H)
3497
Finalize the message digest calculation. This is not really needed
3498
because `gcry_md_read' does this implicitly. After this has been
3499
done no further updates (by means of `gcry_md_write' or
3500
`gcry_md_putc' are allowed. Only the first call to this function
3501
has an effect. It is implemented as a macro.
3503
The way to read out the calculated message digest is by using the
3506
-- Function: unsigned char * gcry_md_read (gcry_md_hd_t H, int ALGO)
3507
`gcry_md_read' returns the message digest after finalizing the
3508
calculation. This function may be used as often as required but
3509
it will always return the same value for one handle. The returned
3510
message digest is allocated within the message context and
3511
therefore valid until the handle is released or reseted (using
3512
`gcry_md_close' or `gcry_md_reset'. ALGO may be given as 0 to
3513
return the only enabled message digest or it may specify one of
3514
the enabled algorithms. The function does return `NULL' if the
3515
requested algorithm has not been enabled.
3517
Because it is often necessary to get the message digest of one block
3518
of memory, a fast convenience function is available for this task:
3520
-- Function: void gcry_md_hash_buffer (int ALGO, void *DIGEST, const
3521
void *BUFFER, size_t LENGTH);
3522
`gcry_md_hash_buffer' is a shortcut function to calculate a message
3523
digest of a buffer. This function does not require a context and
3524
immediately returns the message digest of the LENGTH bytes at
3525
BUFFER. DIGEST must be allocated by the caller, large enough to
3526
hold the message digest yielded by the the specified algorithm
3527
ALGO. This required size may be obtained by using the function
3528
`gcry_md_get_algo_dlen'.
3530
Note that this function will abort the process if an unavailable
3533
Hash algorithms are identified by internal algorithm numbers (see
3534
`gcry_md_open' for a list). However, in most applications they are
3535
used by names, so two functions are available to map between string
3536
representations and hash algorithm identifiers.
3538
-- Function: const char * gcry_md_algo_name (int ALGO)
3539
Map the digest algorithm id ALGO to a string representation of the
3540
algorithm name. For unknown algorithms this function returns the
3541
string `"?"'. This function should not be used to test for the
3542
availability of an algorithm.
3544
-- Function: int gcry_md_map_name (const char *NAME)
3545
Map the algorithm with NAME to a digest algorithm identifier.
3546
Returns 0 if the algorithm name is not known. Names representing
3547
ASN.1 object identifiers are recognized if the IETF dotted format
3548
is used and the OID is prefixed with either "`oid.'" or "`OID.'".
3549
For a list of supported OIDs, see the source code at
3550
`cipher/md.c'. This function should not be used to test for the
3551
availability of an algorithm.
3553
-- Function: gcry_error_t gcry_md_get_asnoid (int ALGO, void *BUFFER,
3555
Return an DER encoded ASN.1 OID for the algorithm ALGO in the user
3556
allocated BUFFER. LENGTH must point to variable with the available
3557
size of BUFFER and receives after return the actual size of the
3558
returned OID. The returned error code may be `GPG_ERR_TOO_SHORT'
3559
if the provided buffer is to short to receive the OID; it is
3560
possible to call the function with `NULL' for BUFFER to have it
3561
only return the required size. The function returns 0 on success.
3564
To test whether an algorithm is actually available for use, the
3565
following macro should be used:
3567
-- Function: gcry_error_t gcry_md_test_algo (int ALGO)
3568
The macro returns 0 if the algorithm ALGO is available for use.
3570
If the length of a message digest is not known, it can be retrieved
3571
using the following function:
3573
-- Function: unsigned int gcry_md_get_algo_dlen (int ALGO)
3574
Retrieve the length in bytes of the digest yielded by algorithm
3575
ALGO. This is often used prior to `gcry_md_read' to allocate
3576
sufficient memory for the digest.
3578
In some situations it might be hard to remember the algorithm used
3579
for the ongoing hashing. The following function might be used to get
3582
-- Function: int gcry_md_get_algo (gcry_md_hd_t H)
3583
Retrieve the algorithm used with the handle H. Note that this
3584
does not work reliable if more than one algorithm is enabled in H.
3586
The following macro might also be useful:
3588
-- Function: int gcry_md_is_secure (gcry_md_hd_t H)
3589
This function returns true when the digest object H is allocated
3590
in "secure memory"; i.e. H was created with the
3591
`GCRY_MD_FLAG_SECURE'.
3593
-- Function: int gcry_md_is_enabled (gcry_md_hd_t H, int ALGO)
3594
This function returns true when the algorithm ALGO has been
3595
enabled for the digest object H.
3597
Tracking bugs related to hashing is often a cumbersome task which
3598
requires to add a lot of printf statements into the code. Libgcrypt
3599
provides an easy way to avoid this. The actual data hashed can be
3600
written to files on request.
3602
-- Function: void gcry_md_debug (gcry_md_hd_t H, const char *SUFFIX)
3603
Enable debugging for the digest object with handle H. This
3604
creates create files named `dbgmd-<n>.<string>' while doing the
3605
actual hashing. SUFFIX is the string part in the filename. The
3606
number is a counter incremented for each new hashing. The data in
3607
the file is the raw data as passed to `gcry_md_write' or
3608
`gcry_md_putc'. If `NULL' is used for SUFFIX, the debugging is
3609
stopped and the file closed. This is only rarely required because
3610
`gcry_md_close' implicitly stops debugging.
3612
The following two deprecated macros are used for debugging by old
3613
code. They shopuld be replaced by `gcry_md_debug'.
3615
-- Function: void gcry_md_start_debug (gcry_md_hd_t H, const char
3617
Enable debugging for the digest object with handle H. This
3618
creates create files named `dbgmd-<n>.<string>' while doing the
3619
actual hashing. SUFFIX is the string part in the filename. The
3620
number is a counter incremented for each new hashing. The data in
3621
the file is the raw data as passed to `gcry_md_write' or
3624
-- Function: void gcry_md_stop_debug (gcry_md_hd_t H, int RESERVED)
3625
Stop debugging on handle H. RESERVED should be specified as 0.
3626
This function is usually not required because `gcry_md_close' does
3627
implicitly stop debugging.
3630
File: gcrypt.info, Node: Random Numbers, Next: S-expressions, Prev: Hashing, Up: Top
3363
3633
****************