HMAC Algorithms¶
HMAC is a message authentication code (MAC) using a hash function. It combines with any cryptographic hash function, for example, md5, sha1, sha256. Hash function is wrapped to a class as one template parameter in HMAC and the wrapper class only has a static function involving the hash function. HMAC uses the wrapper’s hash function directly inside. The design makes combination HMAC algorithm with hash function more flexible. In xf_security lib, the key width (keyW), message width (msgW), key and message length width (lenW), hash value width (hshW) and block size of each hash function are list as below.
Configuration¶
| name | keyW(bits) | msgW(bits) | lenW(bits) | hshW(bits) | blockSize(bytes) |
| md4 | 32 | 32 | 64 | 128 | 64 |
| md5 | 32 | 32 | 64 | 128 | 64 |
| sha1 | 32 | 32 | 64 | 160 | 64 |
| sha224 | 32 | 32 | 64 | 224 | 64 |
| sha256 | 32 | 32 | 64 | 256 | 64 |
| sha384 | 64 | 64 | 128 | 384 | 128 |
| sha512 | 64 | 64 | 128 | 512 | 128 |
Implementation¶
HMAC consists of 3 parts: compute kipad and kopad, mhsh=hash(kipad+msg), hash(kopad+msh). kipad and kopad are derived from the input key. When the length of key is greater than hash’s block size, K=hash(key). kipad is K XOR kip while kopad is K XOR kop, in which kip is a constant consisting of repeated bytes valued 0x36 block size times and kop is repeating 0x5c.
Performance (Device: U250)¶
| name | CLB | LUT | FF | DSP | BRAM | SRL | URAM | CP(ns) |
| hmac+md4 | 2510 | 11048 | 13928 | 0 | 1 | 0 | 0 | 3.167 |
| hmac+md5 | 2460 | 11890 | 15646 | 0 | 0 | 0 | 0 | 2.992 |
| hmac+sha1 | 3422 | 13750 | 27992 | 0 | 4 | 0 | 0 | 2.988 |
| hmac+sha224 | 2861 | 11960 | 22434 | 0 | 1 | 0 | 0 | 3.049 |
| hmac+sha256 | 2880 | 11835 | 22596 | 0 | 1 | 0 | 0 | 3.214 |
| hmac+sha384 | 4655 | 19515 | 39299 | 0 | 2 | 0 | 0 | 3.245 |
| hmac+sha512 | 4810 | 19695 | 39933 | 0 | 2 | 0 | 0 | 3.498 |