1. HMAC algorithm
1.1 Introduction to HMAC Algorithm
HMAC (Hash-based Message Authentication Code, Hash Message Authentication Code) is a message authentication code (MAC) generated after a special calculation method using a cryptographic hash function combined with an encryption key. It can be used to ensure data integrity and at the same time it can be used to authenticate a message.
The HMAC algorithm is a method for verifying message integrity based on a key. The HMAC algorithm uses a hash operation, takes a key and a message as input, and generates a message digest as output. Its security is based on the Hash encryption algorithm. It requires the communication parties to share a key, agree on an algorithm, and perform Hash operations on the message to form a fixed-length authentication code. Both parties in the communication determine the legitimacy of the message through verification of the authentication code. The HMAC algorithm can be used for encryption, digital signature, message verification, etc.
1.2 HMAC algorithm definition
The mathematical formula of the HMAC algorithm is:
HMAC(k,m)=H(k'⊕opad,H(k'⊕ipad,m))
where:
H is a password Hash function (such as MD5 or SHA-2), which can Carry out group loop compression;
k is the key (secret key);
m is the message to be authenticated;
k' is another key derived from the original key k (if k is shorter than the input block size of the hash function, then to Right pad with zeros; hash k if longer than that block size)
ipad internal padding (0x5C5C5C…5C5C, a hex constant);
opad external padding (0x363636…3636, a hex constant)
1.3 HMAC algorithm steps
The encryption steps of the HMAC algorithm are shown in Figure 1:
a) Add 0 after the key k, or process the key k with H (Hash function) to create a character string with a word length of B (B is the plaintext packet length of the Hash function); b) Generate in the previous
step The XOR operation is performed on the ipad with a character string of B word length;
c) Fill the data stream m into the result string of the second step;
d) Use H to act on the data stream generated in the third step;
e) Put the data stream m in the first step Perform XOR operation with the generated B word length string and opad;
f) fill the result of the fourth step into the result of the fifth step;
g) use H to act on the data stream generated in the sixth step, and output the final result.
2. SHA-256 algorithm
2.1 Introduction to SHA-256 Algorithm
SHA-256 (Secure Hash Algorithm 256, Secure Hash Algorithm 256) is a kind of hash function (or hash function), which can calculate a 32 byte-length string (also known as message digest, message digest). Hash function It is considered a one-way function - based on the output of the function, it is extremely difficult to push back the input data. The hash function scrambles and mixes the message data and compresses it into a hash value (summary), making the amount of data smaller.
SHA-256, developed by the National Security Agency of the United States, is an algorithm subdivided under SHA-2. It belongs to one of the SHA algorithms and is the successor of SHA-1. For messages of any length, SHA256 generates a 256-bit (32-byte array) hash value called a message digest. The digest is usually expressed as a 64-bit hexadecimal string. When the message is received, this message digest can be used to verify whether the data has changed, that is, to verify its integrity.
2.2 SHA-256 Algorithm Description
First, information preprocessing is performed, as shown in Figure 2, the original message (Message) is disassembled into 512-bit message blocks. The last message block needs to complete the information and attach the length information of the original message. After the message is divided into n blocks, n iterations are required, and the final result is the final hash value, which is a 256-bit digital digest.
The minimum computing unit of the SHA256 algorithm is a "word" (word, 32-bit). The 256-bit intermediate state Hi in Fig. 3 is described as 8 words. The 512-bit message block Mi will be expanded from 16 words to 64 words, mixed with Hi, and compressed into a new hash value Hi+1. The result of the i-th block of data mapped by the Map function will be used as the input of the i+1-th block, that is, Map(H_(i-1))=H_i. H0 is the preset hash initial value (the fractional part of the square root of the first 8 prime numbers in the natural number, taking the first 32-bit). Hash mapping is performed on the data in turn, and the final state Hn obtained is the final digital summary.
The most critical operation is the mapping function Map, which is equivalent to a cyclic encryption process, which constantly scrambles the original information.
2.3 SHA-256 algorithm steps
As shown in Table 1, the operations involved in the SHA256 hash function are all bitwise logical operations.
Suppose the original message is M, the length of the original message is LM, the message block Mi, the initial hash value H0, the SHA-256 constants K[0]~K[63] (the fractional part of the cube root of the first 64 prime numbers in natural numbers, take the first 32 -bit). The encryption steps of the SHA-256 algorithm are as follows:
a) Message (M) preprocessing. Add one bit "1" and t bit "0" at the end of the message, so that:
(L_M+t+1) mod 512=448,0≤t<512
Express LM as a 64-bit big-endian storage format, and add to At the end of M, form a new message M^';
b) decompose. Decompose M^' into Mi according to the size of each 512-bit block;
c) Expand Mi to 64 words: W[0]~W[63]. Decompose Mi into 16 32-bit big-endian words (words), which are stored as W[0], …, W[15], and the remaining words are obtained by the following formula: W_t=σ_1 (W_(t-2
) )+W_(t-7)+σ_0 (W_(t-15))+W_(t-16)
d) iterations. It takes 64 encryption cycles to complete one iteration. The encryption process is shown in Figure 4: the 8 words ABCDEFGH are initially 8 hash initial values, and then updated according to the illustrated rules; the dark blue square is a pre-defined nonlinear logic function; the red square represents addition ( If the result is greater than 232, perform a mod 232 operation); Kt is a SHA-256 constant, Wt generates the tth word for this block, 0≤t<64; the eight-segment strings generated in the last cycle are combined to obtain is the hash string corresponding to this block;
5) If the original message contains several blocks, the hash strings generated by these blocks must be added to the iteration to generate the final hash string.
3. Definition of HAMAC-SHA256 algorithm
3.1 HMAC-SHA256 algorithm description
HMAC-SHA256 algorithm, that is, the HMAC algorithm that uses SHA-256 to generate hash values. According to the content of the HMAC algorithm and the SHA-256 algorithm, it can be seen that the plaintext packet length B of the HMAC-SHA256 algorithm is 512-bit, and the length can be obtained by using the key K of any length (the minimum recommended length is 256-bit, which should generally be greater than B). It is a 256-bit hash value (digest). Defined as:
〖HMAC〗_SHA256 (k,m)=□SHA256(k'⊕opad∥SHA256(k'⊕ipad∥m))
where:
SHA256 is the SHA-256 encryption algorithm, and its output hash value length is 256-bit ;
∥ splicing operation, splicing two strings together;
B Hash function plaintext packet length, SHA-256 algorithm is 512-bit;
k is the key (secret key);
m is the message to be authenticated;
k' is Another key derived from the original key k (if k is shorter than B, pad zeros to the right until it is the same as B; if k is longer than B, perform a SHA256 hash calculation on k)
ipad internal padding (0x5C5C5C… 5C5C, 512-bit constant);
opad external padding (0x363636…3636, 512-bit constant)
3.2 HMAC-SHA256 algorithm steps
The encryption steps of the HMAC-SHA256 algorithm are shown in Figure 5:
①. Key padding. If the key is shorter than the block length B (512-bit) of the SHA-256 algorithm, it needs to be filled with 0 at the end until its length reaches the block length of the one-way hash function. If the key is longer than the packet length, use the SHA-256 algorithm to find the hash value of the key, and then use this hash value as a new key;
②. Internal padding. The padded key is XORed with the sequence called ipad, and the resulting value is ipadkey. The ipad repeats the sequence of 00110110 until the packet length is reached;
③. Combining with the message. Combine the ipadkey with the message, that is, append the ipadkey at the beginning of the message.
④. Calculate the hash value. Input the result of 3 into the SHA-256 function and calculate the hash value.
⑤. External filling. The padded key is XORed with a sequence called opad, and the resulting value is opadkey. Opad repeats the sequence of 01011100 until the packet length is reached.
⑥. Combination with hash value. Put the hash value of 4 behind the opadkey.
⑦. Calculate the hash value. Input the result of 6 into the SHA-256 function, and calculate the hash value, which is the final summary content.
The simple understanding of HMAC-SHA256 is as follows:
- Key processing: If the key length exceeds the block length of the SHA256 algorithm (64 bytes), the key needs to be hashed through the SHA256 algorithm first, and then the hash result is used as a new key, so that the final key length Less than or equal to the block length of the SHA256 algorithm.
- Padding message: According to the requirements of the SHA256 algorithm, the message needs to be padded so that its length is an integer multiple of 512 bits.
- HMAC operation: XOR operation is performed on the filled message and the key, and the hash value is calculated by the SHA256 algorithm. Among them, the XOR results of the message and the key are respectively used as the input of the SHA256 algorithm.
- Result output: use the hash result of the SHA256 algorithm as the output of the HMAC-SHA256 algorithm.
The security of the HMAC-SHA256 algorithm mainly depends on the security of the SHA256 algorithm and the length and randomness of the key. Since the SHA256 algorithm is a relatively secure hash function, the HMAC-SHA256 algorithm is also widely used in security fields, such as digital signatures and message authentication.