public class DigestService
The DigestService class is a service that offers the main crypto methods for calculating transaction hashes and
building Merkle trees. The DigestService.Companion.getDefault
instance is passed by default to instances of classes like TransactionBuilder
and as a parameter to MerkleTree.getMerkleTree(...) method. In future the DigestService.Companion.getDefault
instance can be parametrized
to initialize with the network default hash algorithm or just a more secure algorithm (e.g. SHA3_256). While the
SHA2_256 is vulnerable to pre-image attacks, the computeNonce and componentHash methods behaviour is defined by
the hashTwiceNonce and hashTwiceComponent; with SHA2_256 they both must be set to true to ensure pre-image attack
won't work (and for backward compatibility), but for other algorithms like SHA3_256 that are not affected, they
can and should be set to false as hashing twice would not improve security but affect performance.
Modifier and Type | Class and Description |
---|---|
static class |
DigestService.Companion |
Modifier and Type | Field and Description |
---|---|
static DigestService.Companion |
Companion |
Constructor and Description |
---|
DigestService(java.lang.String hashAlgorithm)
The DigestService class is a service that offers the main crypto methods for calculating transaction hashes and
building Merkle trees. The
DigestService.Companion.getDefault instance is passed by default to instances of classes like TransactionBuilder
and as a parameter to MerkleTree.getMerkleTree(...) method. In future the DigestService.Companion.getDefault instance can be parametrized
to initialize with the network default hash algorithm or just a more secure algorithm (e.g. SHA3_256). While the
SHA2_256 is vulnerable to pre-image attacks, the computeNonce and componentHash methods behaviour is defined by
the hashTwiceNonce and hashTwiceComponent; with SHA2_256 they both must be set to true to ensure pre-image attack
won't work (and for backward compatibility), but for other algorithms like SHA3_256 that are not affected, they
can and should be set to false as hashing twice would not improve security but affect performance. |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
component1()
the name of the hash algorithm to be used for the instance
|
SecureHash |
componentHash(OpaqueBytes opaqueBytes,
PrivacySalt privacySalt,
int componentGroupIndex,
int internalIndex)
Compute the hash of each serialised component so as to be used as Merkle tree leaf. The resultant output (leaf) is
calculated using the service's hash algorithm, thus HASH(HASH(nonce || serializedComponent)) for SHA2-256 and other
algorithms loaded via JCA MessageDigest, or DigestAlgorithm.componentDigest(nonce || serializedComponent)
otherwise, where nonce is computed from
DigestService.computeNonce . |
SecureHash |
componentHash(SecureHash nonce,
OpaqueBytes opaqueBytes)
Return the HASH(HASH(nonce || serializedComponent)) for SHA2-256 and other algorithms loaded via JCA MessageDigest,
otherwise it's defined by DigestAlgorithm.componentDigest(nonce || serializedComponent).
|
SecureHash |
computeNonce(PrivacySalt privacySalt,
int groupIndex,
int internalIndex)
Method to compute a nonce based on privacySalt, component group index and component internal index.
SHA256d (double SHA256) is used to prevent length extension attacks.
|
DigestService |
copy(java.lang.String hashAlgorithm)
The DigestService class is a service that offers the main crypto methods for calculating transaction hashes and
building Merkle trees. The
DigestService.Companion.getDefault instance is passed by default to instances of classes like TransactionBuilder
and as a parameter to MerkleTree.getMerkleTree(...) method. In future the DigestService.Companion.getDefault instance can be parametrized
to initialize with the network default hash algorithm or just a more secure algorithm (e.g. SHA3_256). While the
SHA2_256 is vulnerable to pre-image attacks, the computeNonce and componentHash methods behaviour is defined by
the hashTwiceNonce and hashTwiceComponent; with SHA2_256 they both must be set to true to ensure pre-image attack
won't work (and for backward compatibility), but for other algorithms like SHA3_256 that are not affected, they
can and should be set to false as hashing twice would not improve security but affect performance. |
boolean |
equals(java.lang.Object p) |
SecureHash |
getAllOnesHash()
A digest value consisting of 0xFF bytes.
|
int |
getDigestLength()
Specifies the WORD size for the given hash algorithm.
|
java.lang.String |
getHashAlgorithm()
the name of the hash algorithm to be used for the instance
|
SecureHash |
getZeroHash()
A hash value consisting of 0x00 bytes.
|
SecureHash |
hash(byte[] bytes)
Computes the digest of the ByteArray.
|
SecureHash |
hash(java.lang.String str)
Computes the digest of the String's UTF-8 byte contents.
|
int |
hashCode() |
<T> SecureHash |
serializedHash(T x)
Serialise the object and return the hash of the serialized bytes. Note that the resulting hash may not be deterministic
across platform versions: serialization can produce different values if any of the types being serialized have changed,
or if the version of serialization specified by the context changes.
|
java.lang.String |
toString() |
public static DigestService.Companion Companion
public DigestService(java.lang.String hashAlgorithm)
The DigestService class is a service that offers the main crypto methods for calculating transaction hashes and
building Merkle trees. The DigestService.Companion.getDefault
instance is passed by default to instances of classes like TransactionBuilder
and as a parameter to MerkleTree.getMerkleTree(...) method. In future the DigestService.Companion.getDefault
instance can be parametrized
to initialize with the network default hash algorithm or just a more secure algorithm (e.g. SHA3_256). While the
SHA2_256 is vulnerable to pre-image attacks, the computeNonce and componentHash methods behaviour is defined by
the hashTwiceNonce and hashTwiceComponent; with SHA2_256 they both must be set to true to ensure pre-image attack
won't work (and for backward compatibility), but for other algorithms like SHA3_256 that are not affected, they
can and should be set to false as hashing twice would not improve security but affect performance.
hashAlgorithm
- the name of the hash algorithm to be used for the instancehashAlgorithm
- the name of the hash algorithm to be used for the instanceDigestService.Companion.getDefault
,
DigestService.Companion.getDefault
public int getDigestLength()
Specifies the WORD size for the given hash algorithm.
public SecureHash hash(byte[] bytes)
Computes the digest of the ByteArray.
public SecureHash hash(java.lang.String str)
Computes the digest of the String's UTF-8 byte contents.
public SecureHash getAllOnesHash()
A digest value consisting of 0xFF bytes.
public SecureHash getZeroHash()
A hash value consisting of 0x00 bytes.
public SecureHash componentHash(OpaqueBytes opaqueBytes, PrivacySalt privacySalt, int componentGroupIndex, int internalIndex)
Compute the hash of each serialised component so as to be used as Merkle tree leaf. The resultant output (leaf) is
calculated using the service's hash algorithm, thus HASH(HASH(nonce || serializedComponent)) for SHA2-256 and other
algorithms loaded via JCA MessageDigest, or DigestAlgorithm.componentDigest(nonce || serializedComponent)
otherwise, where nonce is computed from DigestService.computeNonce
.
DigestService.computeNonce
public SecureHash componentHash(SecureHash nonce, OpaqueBytes opaqueBytes)
Return the HASH(HASH(nonce || serializedComponent)) for SHA2-256 and other algorithms loaded via JCA MessageDigest, otherwise it's defined by DigestAlgorithm.componentDigest(nonce || serializedComponent).
public <T> SecureHash serializedHash(T x)
Serialise the object and return the hash of the serialized bytes. Note that the resulting hash may not be deterministic across platform versions: serialization can produce different values if any of the types being serialized have changed, or if the version of serialization specified by the context changes.
public SecureHash computeNonce(PrivacySalt privacySalt, int groupIndex, int internalIndex)
Method to compute a nonce based on privacySalt, component group index and component internal index. SHA256d (double SHA256) is used to prevent length extension attacks.
privacySalt
- a class PrivacySalt
.groupIndex
- the fixed index (ordinal) of this component group.internalIndex
- the internal index of this object in its corresponding components list.public java.lang.String getHashAlgorithm()
the name of the hash algorithm to be used for the instance
public java.lang.String component1()
the name of the hash algorithm to be used for the instance
public DigestService copy(java.lang.String hashAlgorithm)
The DigestService class is a service that offers the main crypto methods for calculating transaction hashes and
building Merkle trees. The DigestService.Companion.getDefault
instance is passed by default to instances of classes like TransactionBuilder
and as a parameter to MerkleTree.getMerkleTree(...) method. In future the DigestService.Companion.getDefault
instance can be parametrized
to initialize with the network default hash algorithm or just a more secure algorithm (e.g. SHA3_256). While the
SHA2_256 is vulnerable to pre-image attacks, the computeNonce and componentHash methods behaviour is defined by
the hashTwiceNonce and hashTwiceComponent; with SHA2_256 they both must be set to true to ensure pre-image attack
won't work (and for backward compatibility), but for other algorithms like SHA3_256 that are not affected, they
can and should be set to false as hashing twice would not improve security but affect performance.
hashAlgorithm
- the name of the hash algorithm to be used for the instanceDigestService.Companion.getDefault
,
DigestService.Companion.getDefault
public java.lang.String toString()
public int hashCode()
public boolean equals(java.lang.Object p)