2 * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: hash.h,v 1.2.2.1.2.2 2004/03/06 08:14:41 marka Exp $ */
32 * Provides an unpredictable hash value for variable length data.
33 * A hash object contains a random vector (which is hidden from clients
34 * of this API) to make the actual hash value unpredictable.
36 * The algorithm used in the API guarantees the probability of hash
37 * collision; in the current implementation, as long as the values stored
38 * in the random vector are unpredictable, the probability of hash
39 * collision between arbitrary two different values is at most 1/2^16.
41 * Altough the API is generic about the hash keys, it mainly expects
42 * DNS names (and sometimes IPv4/v6 addresses) as inputs. It has an
43 * upper limit of the input length, and may run slow to calculate the
44 * hash values for large inputs.
46 * This API is designed to be general so that it can provide multiple
47 * different hash contexts that have different random vectors. However,
48 * it should be typical to have a single context for an entire system.
49 * To support such cases, the API also provides a single-context mode.
52 * The hash object is almost read-only. Once the internal random vector
53 * is initialized, no write operation will occur, and there will be no
54 * need to lock the object to calculate actual hash values.
57 * In some cases this module uses low-level data copy to initialize the
58 * random vector. Errors in this part are likely to crash the server or
62 * A buffer, used as a random vector for calculating hash values.
65 * This module intends to provide unpredictable hash values in
66 * adversarial environments in order to avoid denial of service attacks
68 * Its unpredictability relies on the quality of entropy to build the
79 #include <isc/types.h>
87 isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, unsigned int limit,
90 isc_hash_create(isc_mem_t *mctx, isc_entropy_t *entropy, size_t limit);
92 * Create a new hash object.
94 * isc_hash_ctxcreate() creates a different object.
95 * isc_hash_create() creates a module-internal object to support the
96 * single-context mode. It should be called only once.
98 * 'entropy' must be NULL or a valid entropy object. If 'entropy' is NULL,
99 * pseudo random values will be used to build the random vector, which may
102 * 'limit' specifies the maximum number of hash keys. If it is too large,
103 * these functions may fail.
107 isc_hash_ctxattach(isc_hash_t *hctx, isc_hash_t **hctxp);
109 * Attach to a hash object.
110 * This function is only necessary for the multiple-context mode.
114 isc_hash_ctxdetach(isc_hash_t **hctxp);
116 * Detach from a hash object.
118 * This function is for the multiple-context mode, and takes a valid
119 * hash object as an argument.
123 isc_hash_destroy(void);
125 * This function is for the single-context mode, and is expected to be used
126 * as a counterpart of isc_hash_create().
127 * A valid module-internal hash object must have been created, and this
128 * function should be called only once.
132 isc_hash_ctxinit(isc_hash_t *hctx);
136 * Initialize a hash object. It fills in the random vector with a proper
137 * source of entropy, which is typically from the entropy object specified
138 * at the creation. Thus, it is desirable to call these functions after
139 * initializing the entropy object with some good entropy sources.
141 * These functions should be called before the first hash calculation.
143 * isc_hash_ctxinit() is for the multiple-context mode, and takes a valid hash
144 * object as an argument.
145 * isc_hash_init() is for the single-context mode. A valid module-internal
146 * hash object must have been created, and this function should be called only
151 isc_hash_ctxcalc(isc_hash_t *hctx, const unsigned char *key,
152 unsigned int keylen, isc_boolean_t case_sensitive);
154 isc_hash_calc(const unsigned char *key, unsigned int keylen,
155 isc_boolean_t case_sensitive);
157 * Calculate a hash value.
159 * isc_hash_ctxinit() is for the multiple-context mode, and takes a valid hash
160 * object as an argument.
161 * isc_hash_init() is for the single-context mode. A valid module-internal
162 * hash object must have been created.
164 * 'key' is the hash key, which is a variable length buffer.
165 * 'keylen' specifies the key length, which must not be larger than the limit
166 * specified for the corresponding hash object.
168 * 'case_sensitive' specifies whether the hash key should be treated as
169 * case_sensitive values. It should typically be ISC_FALSE if the hash key
175 #endif /* ISC_HASH_H */