mbed TLS Hashing Module_mbedtls hash-优快云博客

本文链接：https://blog.youkuaiyun.com/hn_zhangkun/article/details/104491824

本文详细介绍了mbedTLS中的哈希模块，包括MD2、MD4、MD5、SHA-1、SHA-256等算法。阐述了如何为文件、流和缓冲区创建哈希值及HMAC，提供了直接调用接口和分步操作的示例。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

哈希概述

Hash，一般翻译做“散列”，也有直接音译为“哈希”的，就是把任意长度的输入通过散列算法变换成固定长度的输出，该输出就是散列值。这种转换是一种压缩映射，也就是，散列值的空间通常远小于输入的空间，不同的输入可能会散列成相同的输出，所以不可能从散列值来确定唯一的输入值。简单的说就是一种将任意长度的消息压缩到某一固定长度的消息摘要的函数。(来源百度百科解释)

Hash的特点

算法是公开的
对相同数据运算,得到的结果是一样的
对不用数据运算,如MD5得到的结果都是32个字符长度的字符串
无法逆运算

mbed TLS 哈希模块介绍

通过mbed TLS Hashing Module 可以为一个文件、流和缓冲区创建一个哈希值，也可以为一个流和缓冲区创建一个哈希信息验证码（HAMC）。这个模块由以下几个算法子模块组成：

MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest.
SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by NIST and NSA.

他们作为hash 模块的独立的子模块，可以在编译的配置是否需要他们。所有的子模块都包含以下接口（用C++会方便很多）：

Getting information about the supported hash functions.
Start, update, finish a one-way-hash function with state.
Perform a one-way-hash function without state.
Start, update, stop calculating a hash message authentication code (HMAC) with state.
Calculate a hash message authentication code (HMAC) without state.

mbed TLS Hashing Module 提供两种使用方式：

1、直接调用相关接口：

2、分start update finish三步走，下图为状态变化

mbed TLS 哈希模块使用场景

Calculate a hash value for a file

This scenario describes how a hash value is calculated for a file. Only the hash function information needs to be provided. There is initialization and no state between function calls.

Calculate a hash value for a stream

This scenario describes how a hash value is calculated for a stream. Initialization is required and state is kept between function calls.

Calculate a HMAC for a stream

This scenario describes how a hash message authentication code (HMAC) is calculated for a stream and then reset. Initialization is required with provision of a secret key. State is kept between function calls.

示例

1、直接调用

#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#include <stdio.h>
#define mbedtls_printf       printf
#define mbedtls_exit         exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif

#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
#endif

#if !defined(MBEDTLS_MD5_C)
int main( void )
{
    mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
    return( 0 );
}
#else

/*
 * output = MD5( input buffer )
 */
int mbedtls_md5_ret( const unsigned char *input,
                     size_t ilen,
                     unsigned char output[16] )
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    mbedtls_md5_context ctx;

    mbedtls_md5_init( &ctx );

    if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 )
        goto exit;

    if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 )
        goto exit;

    if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 )
        goto exit;

exit:
    mbedtls_md5_free( &ctx );

    return( ret );
}

int main( void )
{
    int i, ret;
    unsigned char digest[16];
    char str[] = "Hello, world!";

    mbedtls_printf( "\n  MD5('%s') = ", str );

    if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 )
        return( MBEDTLS_EXIT_FAILURE );

    for( i = 0; i < 16; i++ )
        mbedtls_printf( "%02x", digest[i] );

    mbedtls_printf( "\n\n" );

#if defined(_WIN32)
    mbedtls_printf( "  Press Enter to exit this program.\n" );
    fflush( stdout ); getchar();
#endif

    return( MBEDTLS_EXIT_SUCCESS );
}
#endif /* MBEDTLS_MD5_C */

参考 https://tls.mbed.org/module-level-design-hashing