6.5. Incrementally Hashing Data
Problem
You want to use a hash function to process data incrementally, returning a result when the last of the data is finally available.
Solution
Most hash functions use a standard interface for operation, following these steps:
The user creates a “context” object to hold intermediate state.
The context object gets initialized.
The context is “updated” by passing in the data to be hashed.
When the data is updated, “finalization” returns the output of the cryptographic hash function.
Discussion
Warning
Hash functions are not secure by themselves—not for a password system, not for message authentication, not for anything! If you do need a hash function by itself, be sure to at least protect against length extension attacks, as described in Recipe 6.7 and Recipe 6.8.
Libraries with cryptographic hash functions tend to support incremental operation using a standard structure. In fact, this structure is standardized for cryptographic hardware APIs in PKCS (Public Key Cryptography Standard) #11. There are four steps:
Allocate a context object. The context object holds the internal state of the hash until data processing is complete. The type can be specific to the hash function, or it can be a single type that works for all hash functions in a library (such as the
EVP_MD_CTX
type in the OpenSSL library orHCRYPTHASH
in Microsoft’s CryptoAPI).Initialize the context object, resetting internal parameters of the hash function. Generally, this function takes no arguments ...
Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.