Using the Message Digest Functions

This section illustrates the use of the CDK's message digest (hashing) functions:

Each hashing example implements the following pseudocode:

  1. instantiate an object of the desired message digest type
  2. process the message data to be hashed
  3. finalize the message digest computation
  4. extract and print the final message digest


NIST Secure Hash Algorithm (SHA-1), FIPS 180-1

cdk::SHA sha;             // instantiate a SHA object (does SHA-1 by default)
sha.add(9, "test data");  // process the message data (repeat as needed)
sha.final();              // finalize the computation

// extract the digest value from the object and pretty-print it
cdk::str digest;          // output string for hash value
digest.assign(sha.length(),sha.result());
printf("the SHA-1 hash of the message is %s\n", digest.tohex().c_str());


NIST Secure Hash Algorithms (SHA-256/394/512), FIPS 180-2

cdk::SHA2 sha2(2);        // initialize a SHA2 object to perform SHA-256
                          // (or use 3 for SHA-394, 5 for SHA-512)
sha2.add(9, "test data"); // process the message data (repeat as needed)
sha2.final();             // finalize the computation

// extract the digest value from the object and pretty-print it
cdk::str digest;          // output string for hash value
digest.assign(sha2.length(),sha2.result()); 
printf("the SHA-256 hash of the message is %s\n", digest.tohex().c_str());


MD2 Message Digest, RFC 1319

cdk::MD2 md2;             // instantiate an MD2 object 
md2.add(9, "test data");  // process the message data (repeat as needed)
md2.final();              // finalize the computation

// extract the digest value from the object and pretty-print it
cdk::str digest;          // output string for hash value
digest.assign(md2.length(),md2.result());  
printf("the MD2 hash of the message is %s\n", digest.tohex().c_str());


MD5 Message Digest, RFC 1321

cdk::MD5 md5;             // instantiate an MD5 object 
md5.add(9, "test data");  // process the message data (repeat as needed)
md5.final();              // finalize the computation

// extract the digest value from the object and pretty-print it
cdk::str digest;          // output string for hash value
digest.assign(md5.length(),md5.result());
printf("the MD5 hash of the message is %s\n", digest.tohex().c_str());


IEEE 32-bit CRC

cdk::CRC crc;             // instantiate a CRC object                   
crc.add(9, "test data");  // process the message data (repeat as needed) 
crc.final();              // finalize the computation                    

// extract the digest value from the object and pretty-print it
cdk::str digest;          // output string for hash value
digest = crc.tostring();
printf("the 32-bit CRC of the message is %s\n", digest.tohex().c_str());


HMAC

To obtain a 160-bit HMAC-SHA-1 message authentication code, simply call:

cdk::str key = "secret key";    // arbitrary length key
cdk::str data = "message data to be MAC'ed";
cdk::str hmac = HMAC<SHA>(key,data);

If your system supports templates, you can plug any of the hash functions supported by this CDK into the HMAC template in place of class SHA in the above code. Otherwise, simply copy (i.e., instantiate) the template code in hmac.h using the desired hash function.

NOTE: HMAC-SHA-1 is the only FIPS approved hash-based message authentication algorithm. See FIPS 198.

Information on HMAC (especially on HMAC-MD5) may be found in RFC 2104. Test vectors for both HMAC-MD5 and HMAC-SHA-1 are given in RFC 2202. For HMAC-SHA-1-96 and its use in IPSEC ESP, see RFC 2404.


For information regarding the operations described on this page see:


The next topic is Using the str and num Classes.


ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.