One-Way Hash Primitives
Hash functions are used in cryptography with digital
signatures and for ensuring data integrity.
When used with digital signatures, a publicly
available hash function hashes the message and signs the resulting hash value.
The party who receives the message can then hash the message and check if the
block size is authentic for the given hash value.
Hash functions are also referred to as “message
digests” and “one-way encryption functions”. Both terms are appropriate since
hash algorithms do not have a key like symmetric and asymmetric algorithms and
you can recover neither the length nor the contents of the plaintext message
from the ciphertext.
To ensure data integrity, hash functions are used to
compute the hash value that corresponds to a particular input. Then, if
necessary, you can check if the input data has remained unmodified; you can
re-compute the hash value again using the available input and compare it to the
original hash value.
The
Hash Functions section describes
functions that implement the following hash algorithms for streaming messages:
MD5 [RFC
1321], SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 [FIPS
PUB 180-2]
, and SM3 [SM3]
. These algorithms are widely used in
enterprise applications nowadays.
Subsequent sections describe
Hash Functions for Non-Streaming Messages, which apply hash
algorithms to entire (non-streaming) messages, and
Mask Generation Functions, whose algorithms are often based
on hash computations.
Additionally, Intel® Integrated Performance
Primitives (Intel® IPP) Cryptography supports two relatively new variants of
SHA-512, the so called SHA-512/224 and SHA-512/256 algorithms. Both employ much
of the basic SHA-512 algorithm but have some specifics. Intel IPP Cryptography
does not provide a separate API exactly targeting SHA-512/224 and SHA-512/256.
To enable SHA-512/224 and SHA-512/256, Intel IPP Cryptography declares
extensions of the Hash Functions,
Hash Functions for Non-Streaming Messages,
Mask
Generation Functions, and
Keyed
Hash Functions. These extensions use the
IppHashAlgId
enumerator
associated with a particular hash algorithm as shown in the table below.
Value of
IppHashAlgId | Associated Hash Algorithm
|
|---|---|
ippHashAlg_SHA1 | SHA-1
|
ippHashAlg_SHA224 | SHA-224
|
ippHashAlg_SHA256 | SHA-256
|
ippHashAlg_SHA384 | SHA-384
|
ippHashAlg_SHA512 | SHA-512
|
ippHashAlg_SHA512_224 | SHA-512/224
|
ippHashAlg_SHA512_256 | SHA-512/256
|
ippHashAlg_MD5 | MD5
|
ippHashAlg_SM3 | SM3
|
Reduced Memory Footprint Functions
When your application uses the
IppHashAlgId
enumerator, it
gets linked to all available hashing algorithm implementations. This results in
unnecessary memory overhead if the application does not need all the
algorithms. Intel IPP Cryptography includes a number of
reduced memory footprint
functions that allow you to select the
exact hashing methods for your application's needs. These functions have the
_rmf
suffix in their names and use pointers to
IppsHashMethod
structure
variables instead of
IppHashAlgId
values. To get a
pointer to a
IppsHashMethod
structure variable, call an
appropriate function from the table below. See
HashMethod
for the syntax.
Functions that have the
_TT
suffix in their names return pointers to
dynamically dispatched
IppsHashMethod
structures. These structures check
for support of the SHA-NI instruction set at run time and choose the
implementation of an algorithm depending on the outcome of the check. Using
such
IppsHashMethod
structures leads to a slightly
larger memory footprint compared to applications that use non-dynamically
dispatched
IppsHashMethod
structures.
Function name
| Returns pointer to implementation of
|
|---|---|
ippsHashMethod_SHA1 | SHA1 (without the SHA-NI instruction set)
|
ippsHashMethod_SHA1_NI | SHA1 (using the SHA-NI instruction set)
|
ippsHashMethod_SHA1_TT | SHA1 (using the SHA-NI instructions set if
it is available at run time)
|
ippsHashMethod_SHA256 | SHA256 (without the SHA-NI instruction set)
|
ippsHashMethod_SHA256_NI | SHA256 (using the SHA-NI instruction set)
|
ippsHashMethod_SHA256_TT | SHA256 (using the SHA-NI instructions set if
it is available at run time)
|
ippsHashMethod_SHA224 | SHA224 (without the SHA-NI instruction set)
|
ippsHashMethod_SHA224_NI | SHA224 (using the SHA-NI instruction set)
|
ippsHashMethod_SHA224_TT | SHA224 (using the SHA-NI instructions set if
it is available at run time)
|
ippsHashMethod_SHA384 | SHA384
|
ippsHashMethod_SHA512 | SHA512
|
ippsHashMethod_SHA512_256 | SHA512-256
|
ippsHashMethod_SHA512_224 | SHA512-224
|
ippsHashMethod_MD5 | MD5
|
ippsHashMethod_SM3 | SM3
|
The crypto community does not consider SHA-1 or MD5 algorithms secure anymore.
Recommendation: use a more secure hash algorithm (for example, any algorithm from the SHA-2 family) instead of SHA-1 or MD5.