Skip to main content

MAC algorithms

TrustCore SDK supports the MAC algorithms HMAC, CMAC, Poly1305, and BLAKE2. Like the digest APIs, there are one shot MAC APIs that perform the MAC of a message all at once, and there are streaming APIs that use a context and can process chunks of the message. The HMAC algorithm is different with respect to the other MAC algorithms in that an underlying digest algorithm must be chosen first.

The HMAC APIs allow for this digest algorithm to be chosen at runtime:

  1. Declare and obtain a BulkHashAlgo. Structures of type BulkHashAlgo are provided to contain function pointers to digest methods needed by not only HMAC, but also by other ciphers such as RSA and ECC. In fact, predefined instances of this structure, especially ones that are commonly used with RSA or ECC algorithms, can be found in the files ${MSS_SRC_PKG}/src/crypto/crypto_rsa.c and ${MSS_SRC_PKG}/src/crypto/crypto_ecc.c, along with get methods CRYPTO_getRSAHashAlgo and CRYPTO_getECCHashAlgo. These methods may be used for HMAC, too (for example, to obtain a SHA2-256 BulkHashAlgo), using the following calls:

    BulkHashAlgo *pBulkHashAlgo = NULL;
    CRYPTO_getRSAHashAlgo(ht_sha256, &pBulkHashAlgo);
  2. Create an HMAC context with SHA2-256 as the underlying digest algorithm.

    HMAC_CTX *pCtx = NULL;
    CRYPTO_INTERFACE_HmacCreate(&pCtx, pBulkHashAlgo);
  3. Load the key.

    CRYPTO_INTERFACE_HmacKey(pCtx, pKeyData, keyDataLen);
  4. Update the key with message data by calling as many items as necessary.

    CRYPTO_INTERFACE_HmacUpdate(pCtx, pMessage, messageLen);
  5. Finalize the context and obtain the resulting MAC.

    CRYPTO_INTERFACE_HmacFinal(pCtx, pResult);
  6. Clean up the memory allocated for the HMAC context. Note that the pBulkHashAlgo pointer does not point to allocated memory and does not need to be cleaned up.