docs/net.corda.core.crypto/DigestService

DigestService

data class DigestService(val hashAlgorithm: String)

The DigestService class is a service that offers the main crypto methods for calculating transaction hashes and building Merkle trees. The default instance is passed by default to instances of classes like TransactionBuilder and as a parameter to MerkleTree.getMerkleTree(...) method. In future the default instance can be parametrized to initialize with the network default hash algorithm or just a more secure algorithm (e.g. SHA3_256). While the SHA2_256 is vulnerable to pre-image attacks, the computeNonce and componentHash methods behaviour is defined by the hashTwiceNonce and hashTwiceComponent; with SHA2_256 they both must be set to true to ensure pre-image attack won't work (and for backward compatibility), but for other algorithms like SHA3_256 that are not affected, they can and should be set to false as hashing twice would not improve security but affect performance.

Parameters

hashAlgorithm

the name of the hash algorithm to be used for the instance

Constructors

DigestService

constructor(hashAlgorithm: String)

Types

Companion

object Companion

Properties

allOnesHash

val allOnesHash: SecureHash

A digest value consisting of 0xFF bytes.

digestLength

val digestLength: Int

Specifies the WORD size for the given hash algorithm.

hashAlgorithm

val hashAlgorithm: String

zeroHash

val zeroHash: SecureHash

A hash value consisting of 0x00 bytes.

Functions

componentHash

fun componentHash(nonce: SecureHash, opaqueBytes: OpaqueBytes): SecureHash

Return the HASH(HASH(nonce || serializedComponent)) for SHA2-256 and other algorithms loaded via JCA MessageDigest, otherwise it's defined by DigestAlgorithm.componentDigest(nonce || serializedComponent).

fun componentHash(opaqueBytes: OpaqueBytes, privacySalt: PrivacySalt, componentGroupIndex: Int, internalIndex: Int): SecureHash

Compute the hash of each serialised component so as to be used as Merkle tree leaf. The resultant output (leaf) is calculated using the service's hash algorithm, thus HASH(HASH(nonce || serializedComponent)) for SHA2-256 and other algorithms loaded via JCA MessageDigest, or DigestAlgorithm.componentDigest(nonce || serializedComponent) otherwise, where nonce is computed from computeNonce.

computeNonce

fun computeNonce(privacySalt: PrivacySalt, groupIndex: Int, internalIndex: Int): SecureHash

Method to compute a nonce based on privacySalt, component group index and component internal index. SHA256d (double SHA256) is used to prevent length extension attacks.

hash

fun hash(bytes: ByteArray): SecureHash

Computes the digest of the ByteArray.

fun hash(str: String): SecureHash

Computes the digest of the String's UTF-8 byte contents.

randomHash

fun DigestService.randomHash(): SecureHash

serializedHash

fun <T : Any> serializedHash(x: T): SecureHash

Serialise the object and return the hash of the serialized bytes. Note that the resulting hash may not be deterministic across platform versions: serialization can produce different values if any of the types being serialized have changed, or if the version of serialization specified by the context changes.