Рейтинг@Mail.ru

1.6. Module digest

Module digest

A “digest” is a value which is returned by a function (usually a Cryptographic hash function), applied against a string. Tarantool’s digest module supports several types of cryptographic hash functions (AES, MD4, MD5, SHA-0, SHA-1, SHA-2) as well as a checksum function (CRC32), two functions for base64, and two non-cryptographic hash functions (guava, murmur). Some of the digest functionality is also present in the crypto module.

The functions in digest are:

digest.aes256cbc.encrypt(string, key, iv)
digest.aes256cbc.decrypt(string, key, iv)

Returns 256-bit binary string = digest made with AES.

digest.md4(string)

Returns 128-bit binary string = digest made with MD4.

digest.md4_hex(string)

Returns 32-byte string = hexadecimal of a digest calculated with md4.

digest.md5(string)

Returns 128-bit binary string = digest made with MD5.

digest.md5_hex(string)

Returns 32-byte string = hexadecimal of a digest calculated with md5.

digest.sha(string)

Returns 160-bit binary string = digest made with SHA-0.|br| Not recommended.

digest.sha_hex(string)

Returns 40-byte string = hexadecimal of a digest calculated with sha.

digest.sha1(string)

Returns 160-bit binary string = digest made with SHA-1.

digest.sha1_hex(string)

Returns 40-byte string = hexadecimal of a digest calculated with sha1.

digest.sha224(string)

Returns 224-bit binary string = digest made with SHA-2.

digest.sha224_hex(string)

Returns 56-byte string = hexadecimal of a digest calculated with sha224.

digest.sha256(string)

Returns 256-bit binary string = digest made with SHA-2.

digest.sha256_hex(string)

Returns 64-byte string = hexadecimal of a digest calculated with sha256.

digest.sha384(string)

Returns 384-bit binary string = digest made with SHA-2.

digest.sha384_hex(string)

Returns 96-byte string = hexadecimal of a digest calculated with sha384.

digest.sha512(string)

Returns 512-bit binary tring = digest made with SHA-2.

digest.sha512_hex(string)

Returns 128-byte string = hexadecimal of a digest calculated with sha512.

digest.base64_encode(string)

Returns base64 encoding from a regular string.

digest.base64_decode(string)

Returns a regular string from a base64 encoding.

digest.urandom(integer)

Returns array of random bytes with length = integer.

digest.crc32(string)

Returns 32-bit checksum made with CRC32.

The crc32 and crc32_update functions use the CRC-32C (Castagnoli) polynomial value: 0x1EDC6F41 / 4812730177. If it is necessary to be compatible with other checksum functions in other programming languages, ensure that the other functions use the same polynomial value.

For example, in Python, install the crcmod package and say:

>>> import crcmod
>>> fun = crcmod.mkCrcFun('4812730177')
>>> fun('string')
3304160206L

In Perl, install the Digest::CRC module and run the following code:

use Digest::CRC;
$d = Digest::CRC->new(width => 32, poly => 0x1EDC6F41, init => 0xFFFFFFFF, refin => 1, refout => 1);
$d->add('string');
print $d->digest;

(the expected output is 3304160206).

digest.crc32.new()

Initiates incremental crc32. See incremental methods notes.

digest.guava(state, bucket)

Returns a number made with consistent hash.

The guava function uses the Consistent Hashing algorithm of the Google guava library. The first parameter should be a hash code; the second parameter should be the number of buckets; the returned value will be an integer between 0 and the number of buckets. For example,

tarantool> digest.guava(10863919174838991, 11)
---
- 8
...
digest.murmur(string)

Returns 32-bit binary string = digest made with MurmurHash.

digest.murmur.new([seed])

Initiates incremental MurmurHash. See incremental methods notes.

Incremental methods in the digest module

Suppose that a digest is done for a string ‘A’, then a new part ‘B’ is appended to the string, then a new digest is required. The new digest could be recomputed for the whole string ‘AB’, but it is faster to take what was computed before for ‘A’ and apply changes based on the new part ‘B’. This is called multi-step or “incremental” digesting, which Tarantool supports with crc32 and with murmur...

digest = require('digest')

-- print crc32 of 'AB', with one step, then incrementally
print(digest.crc32('AB'))
c = digest.crc32.new()
c:update('A')
c:update('B')
print(c:result())

-- print murmur hash of 'AB', with one step, then incrementally
print(digest.murmur('AB'))
m = digest.murmur.new()
m:update('A')
m:update('B')
print(m:result())

Example

In the following example, the user creates two functions, password_insert() which inserts a SHA-1 digest of the word “^S^e^c^ret Wordpass” into a tuple set, and password_check() which requires input of a password.

tarantool> digest = require('digest')
---
...
tarantool> function password_insert()
         >   box.space.tester:insert{1234, digest.sha1('^S^e^c^ret Wordpass')}
         >   return 'OK'
         > end
---
...
tarantool> function password_check(password)
         >   local t = box.space.tester:select{12345}
         >   if digest.sha1(password) == t[2] then
         >     return 'Password is valid'
         >   else
         >     return 'Password is not valid'
         >   end
         > end
---
...
tarantool> password_insert()
---
- 'OK'
...

If a later user calls the password_check() function and enters the wrong password, the result is an error.

tarantool> password_check('Secret Password')
---
- 'Password is not valid'
...