Developer Reference

Contents

Keyed Hash Functions

The Intel IPP HMAC primitive functions, described in this section, use various HMAC schemes based on one-way hash functions described in One-Way Hash Primitives.
Usage model of the generalized HMAC functions is similar to the model explained below.
Each HMAC scheme is implemented as a set of the primitive functions.
Each
primitive implementing HMAC uses the
HashState
context as an operational vehicle to carry all necessary variables to manage computation of the chaining digest value.
The following example illustrates how the application code can apply the implemented HMAC-SHA1 hash standard to digest the input message stream:
  1. Call the function HMAC_GetSize to get the size required to configure the
    HashState
    context.
  2. Ensure that the required memory space is properly allocated. With the allocated memory, call the function
    HMAC_Init with the value of
    hashAlg
    equal to
    ippHashAlg_SHA1
    to set up key material and the initial context state with the SHA-1 specified initialization vectors.
  3. Keep calling the function HMAC_Update to digest incoming message stream in the queue till its completion. To determine the current value of the message digest, call HMAC_GetTag between the two calls to
    HMACUpdate
    .
  4. Call the function HMAC_Final to pad the partial block into a final SHA-1 message block and transform it into a resulting HMAC value.
  5. Clean up secret data stored in the context.
  6. Call the operating system memory free service function to release the
    HashState
    context.
The
HashState
context is position-dependent. The
HMACPack, HMACUnpack
functions transform it to a position-independent form and vice versa:
The crypto community does not consider HMACSHA1 or HMACMD5 secure anymore.
Recommendation: use a more secure hash algorithm (for example, any algorithm from the SHA-2 family) instead of HMACSHA1 or HMACMD5.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804