137

Collection

14

HMAC is a key-related hash operation message authentication code. HMAC operation uses a hash algorithm, takes a key and a message as input, and generates a message digest as output.

Chinese name

Hash message authentication code

foreign name

Hash-based Message Authentication Code

Write down

HMAC

Overview

HMAC is a key-related hash operation

Operation function

Verify the number of authorizations accepted by TPM

Catalog

1. 1 Introduction span>
2. ? Calculation function
3. ? Algorithm representation

1. < span class="index">? HMAC calculation steps
2. ? HMAC application
3. 2 Typical application span>

1. ? Certification process span>
2. ? Security analysis

Introduction

Edit

Calculation function

(1) Verify the authorization data and authentication data accepted by the TPM;

(2) Confirm that the command request received by the TPM has been Authorized request, and the command has not been changed during transmission.

Define HMAC requires an encryption hash function (represented as H, which can be MD5 or SHA-1) and a key K. We use B to represent the number of bytes in the data block. (The segmented data block of the hash function mentioned above has a word length of B=64), and L is used to represent the number of output data bytes of the hash function (L=16 in MD5, L=20 in SHA-1). The length of the authentication key can be any positive integer value less than or equal to the word length of the data block. If the key length used in the application is larger than B, first use the hash function H to act on it, and then use the L-length character string output by H as the key actually used in HMAC. In general, the recommended minimum key K length is L bytes.

Algorithm expression

Algorithm formula: HMAC(K,M)=H(K ⊕opad∣H(K⊕ipad∣M)) [1]

H represents the HASH algorithm used (such as SHA-256)

K represents the authentication password

Ko represents the cipher text of the HASH algorithm

M represents A message input

B represents the block size processed in H. This size is the processed block size, not the output hash size.

For example, SHA-1 and SHA-256 B = 64

SHA-384 and SHA-512 B = 128

L represents the size of the hash

Opad repeats B times with 0x5c

Ipad repeats B times with 0x36

Apad repeats (L/4) times with 0x878FE1F3

HMAC operation Step

First-Hash = H(Ko XOR Ipad || (data to auth))

Second-Hash = H(Ko XOR Opad || First-Hash )

(1) Add 0 after the key K to create a string of word length B. (For example, if the word length of K is 20 bytes and B=64 bytes, 44 zero bytes 0x00 will be added after K)

(2) Change the word length of B generated in the previous step XOR operation between string and ipad.

(3) Fill the data stream text into the result string of the second step.

(4) Use H to act on the data stream generated in the third step.

(5) XOR the B-length character string generated in the first step with opad.

(6) Then fill the result of the fourth step into the result of the fifth step.

(7) Use H to act on the data stream generated in the sixth step to output the final result

HMAC The application of hmac

hmac is mainly used in authentication, and its use is as follows:

(1) The client sends a login request (assuming it is a browser GET request)

(2) The server returns a random value and records this random value in the session

(3) The client uses the random value as the key and the user password Hmac operation, and then submitted to the server

(4) The server reads the user password in the user database and the random value sent in step 2 to do the same hmac operation as the client, and then compares with the result sent by the user , If the results are consistent, verify that the user is legal

In this process, the random value sent by the server and the hmac result sent by the user may be attacked. For hackers who intercepted these two values, These two values ​​are meaningless, and there is no possibility of obtaining user passwords. The introduction of random values ​​makes hmac only valid in the current session, which greatly enhances security and practicability. Most languages ​​have implemented the hmac algorithm, such as php’s mhash, python’s hmac.py, and java’s MessageDigest class. It is also feasible to use hmac in web authentication, and the speed of md5 operations with js is also relatively fast.

Typical applications

Edit

A typical application of HMAC is used in “Challenge/Response” (Challenge/Response) authentication.

Authentication process

(1) First, the client sends a verification request to the server .

(2) After receiving this request, the server generates a random number and transmits it to the client via the network (this is a questioning).

(3) The client provides the received random number to ePass, and ePass uses the random number to perform HMAC-MD5 operation with the key stored in ePass and obtains a result as authentication evidence. Server (this is a response).

(4) At the same time, the server also uses the random number and the client key stored in the server database to perform HMAC-MD5 calculations. If the calculation result of the server matches the response result returned by the client The same, the client is considered to be a legitimate user

security analysis

From the above introduction, we can see that the HMAC algorithm is more like an encryption algorithm. It introduces a key, and its security does not completely depend on the HASH algorithm used. The security is mainly guaranteed by the following points:

(1) The key used is agreed by both parties in advance, and it is impossible for a third party to know it. From the application process introduced in 3.2, it can be seen that as a third party who illegally intercepts information, the only information that can be obtained is the random number as a “challenge” and the HMAC result as a “response”, and the key cannot be calculated based on these two data. Since the key is not known, a consistent response cannot be faked.