slog2_hash()
Convert an input string into an obfuscated non-reversible hash string
Synopsis:
#include <sys/slog2.h>
int slog2_hash( slog2_hash_expiry_t expiry,
const char *input,
size_t output_size,
char *output_hash );
Arguments:
- expiry
- The (approximate) length of time that the hash will be consistent; one of:
- SLOG2_HASH_EXPIRY_ONE_DAY
- SLOG2_HASH_EXPIRY_ONE_WEEK
- SLOG2_HASH_EXPIRY_ONE_MONTH
- input
- A null-terminated input string to be hashed (e.g., personally identifiable information such as an email address or user ID).
- output_size
- The size of the output buffer.
- output_hash
- A location where the function can store the obfuscated identifier string, including a terminating null character.
Library:
libslog2-extra
Use the -l slog2-extra option to qcc to link against this library.
Description:
The slog2_hash() function converts an input string into an obfuscated non-reversible hash string containing only numeric literals. You could use this function to obscure information (e.g., email addresses) that might still be useful to include in logs.
The output string can be any desired length, depending on use. If there are many possible input strings, you can help ensure uniqueness of the hash by using the same length of input and hash strings. This function creates identical hash values for a given input string, even if called multiple times inside the expiry window by any process.
Because this function depends on the random number generator, make sure that /dev/random is running before you start slogger2.
Returns:
0 on success, or -1 if an error occurred (errno is set).
Errors:
- EINVAL
- The input or output strings are NULL, or their lengths are invalid.
- ENOENT
- The cryptography library couldn't be opened.
- ENXIO
- The cryptography library couldn't be initialized.
Examples:
char loghashstr[10+1];
const char *loghash(const char *str) {
if (slog2_hash(SLOG2_HASH_EXPIRY_ONE_MONTH,
str,
sizeof(loghashstr),
loghashstr) == -1)
return "<hash failed>";
return loghashstr;
}
Classification:
Safety: | |
---|---|
Cancellation point | No |
Signal handler | Yes |
Thread | Yes |