基本介绍
HMAC(散列消息身份验证码: Hashed Message Authentication Code)
它不是散列函数,而是采用散列函数(MD5 or 或SHA)与共享密钥一起使用的消息身份验证机制。
详细见 RFC 2104
使用场景
- 服务端生成key,传给客户端;
- 客户端使用key将帐号和密码做HMAC,生成一串散列值,传给服务端;
- 服务端使用key和数据库中用户和密码做HMAC计算散列值,比对来自客户端的散列值。
按照散列函数的不同,可以有如下实现。
Hmac_MD5,Hmac_sha1,Hmac_sha224,Hmac_sha256,Hmac_sha384,Hmac_sha512。
Hmac_MD5:
/**
* MD5(Key XOR opad, MD5(Key XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected(maybe user or password).
*/
memcpy( k_ipad, key, key_len);
memcpy( k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i = 0; i < KEY_IOPAD_SIZE; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
// perform inner MD5
MD5Init(&context); /* init context for 1st pass */
MD5Update(&context, k_ipad, KEY_IOPAD_SIZE); /* start with inner pad */
MD5Update(&context, (unsigned char*)text, text_len); /* then text of datagram */
MD5Final(hmac, &context); /* finish up 1st pass */
// perform outer MD5
MD5Init(&context); /* init context for 2nd pass */
MD5Update(&context, k_opad, KEY_IOPAD_SIZE); /* start with outer pad */
MD5Update(&context, hmac, MD5_DIGEST_SIZE); /* then results of 1st hash */
MD5Final(hmac, &context); /* finish up 2nd pass */
Hmac_sha1:
/**
* SHA(Key XOR opad, SHA(Key XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected(maybe user or password).
*/
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i = 0; i < KEY_IOPAD_SIZE; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
// perform inner SHA
SHA_Init(&context); /* init context for 1st pass */
SHA_Bytes(&context, k_ipad, KEY_IOPAD_SIZE); /* start with inner pad */
SHA_Bytes(&context, text, text_len); /* then text of datagram */
SHA_Final(&context, hmac); /* finish up 1st pass */
// perform outer SHA
SHA_Init(&context); /* init context for 2nd pass */
SHA_Bytes(&context, k_opad, KEY_IOPAD_SIZE); /* start with outer pad */
SHA_Bytes(&context, hmac, SHA1_DIGEST_SIZE); /* then results of 1st hash */
SHA_Final(&context, hmac); /* finish up 2nd pass */
Hmac_sha224,mac_sha256 和 Hmac_sh啊类似,把SHA换成SHA224或SHA256即可,注意 ipad和opad的长度为64.
Hmac_sha384:Hmac_sha512和Hmac_sha384类似,把SHA384换成SHA512即可,注意 ipad和opad的长度为128.
/**
* SHA384(Key XOR opad, SHA(Key XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 128 times
* opad is the byte 0x5c repeated 128 times
* and text is the data being protected(maybe user or password).
*/
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i = 0; i < KEY_IOPAD_SIZE128; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
// perform inner SHA384
SHA384_Init(&context); /* init context for 1st pass */
SHA384_Bytes(&context, k_ipad, KEY_IOPAD_SIZE128); /* start with inner pad */
SHA384_Bytes(&context, text, text_len); /* then text of datagram */
SHA384_Final(&context, hmac); /* finish up 1st pass */
// perform outer SHA384
SHA384_Init(&context); /* init context for 2nd pass */
SHA384_Bytes(&context, k_opad, KEY_IOPAD_SIZE128); /* start with outer pad */
SHA384_Bytes(&context, hmac, SHA384_DIGEST_SIZE); /* then results of 1st hash */
SHA384_Final(&context, hmac); /* finish up 2nd pass */
C implement at github: https://github.com/mygityf/cipher/blob/master/cipher/hmac.c
Done.