The secure HMAC operation in EIP-120t is executed using several basic hash operations with the assumption that all security sensitive parameters (hash keys, intermediate products, and message data) are stored and kept in the DMA accessible memory at the host.
The implementation of the secure HMAC operation is based on the following requirements:
- XORed keys are prepared in external memory and are read through DMA (alternatively, these can be written through the slave interface). If the hash key is longer than the hash block size (128-bytes for SHA-512 and SHA-384, and 64 bytes for SHA-256 and SHA224), the host must compress the key using the basic hash operation, which may be performed using a basic hash operation with the EIP-120t.
- The input message is located in external memory and is read through DMA.
- The intermediate digest state is stored in DMA accessible memory and later read back through DA for the final hash (the state values can optionally be read and provided through the host interface).
- The result digest is read through the slave interface.
Figure 13-3 shows the steps that must be performed to implement a secure HMAC using the EIP-120t.
The secure HMAC uses the following basic hash operations with EIP-120t:
- A new hash operation is established to hash the padded key (ipad), which is read through DMA and produces the inner digest. The inner digest remains in the internal state of the Hash engine and is used for the next resumed hash. The inner digest can be restored to a preallocated area in the external memory, and can be used for other HMAC operations that use the same key.
Note: The inner digest calculation requires a new hash operation that is not finalized because it must be resumed in the next step.
- A resumed hash operation is established to hash the actual message. The initial digest is produced in the previous operation and is still available in the internal state—if the inner digest was prepared in external memory, the host can read this digest and program it through the slave interface. The result of this operation is stored through DMA in the preallocated external memory.
- A new hash operation is established to hash the padded key (opad), which is read through DMA and produces the outer digest. The outer digest remains in the internal state of the Hash engine and can be used for the next resumed hash. The outer digest can be restored to a preallocated area in the external memory, and can be used for the next resumed hash. The outer digest can be restored to a preallocated area in the external memory such that it can be used for other HMAC operations with the same key.
Note: The outer digest calculation requires a new hash operation that is not finalized because it must be resumed in the next step.
- A resumed hash operation is established to hash the result of Step 2 and to produce the final HMAC digest. The initial digest is produced in the previous operation and is still available in the internal state—if the outer digest was prepared in external memory, the host can read this digest and program it through the slave interface. The final HMAC digest is read through the slave interface.