The Hash engine supports HMAC
operations in two steps (excluding optional preprocessing), according to the
algorithm defined in RFC2104.
Let:
- H(●) be a cryptographic hash function
- K be a secret key padded to the right with extra zeros to the
block size of the hash function
- m be the message to be authenticated
- || denote concatenation
- ⊕ denote exclusive or (XOR)
- opad be the outer padding (0x5c5c5c...5c5c, one-block-long
hexadecimal constant)
- ipad be the inner padding (0x363636...3636, one-block-long
hexadecimal constant)
Then, HMAC (K,m) is mathematically
defined by Equation 1.
Equation 1. HMAC (K,m) = H((K ⊕ opad) || H((K
⊕ ipad) || m))
where:
- H(K ⊕ ipad) is the inner digest.
- H(K ⊕ opad) is the outer digest.
- H(K ⊕ ipad) || m is the intermediate digest.