Hash processor (HASH)
RM0090
770/1731
DocID018909 Rev 11
value 0x0000 0001. Then an all zero word (0x0000 0000) is added and the message
length in a two-word representation, to get a block of 16 x 32-bit words.
4. The HASH computing is performed, and the message digest is then available in the
HASH_Hx registers (x = 0...4) for the SHA-1 algorithm. For example:
H0 = 0xA9993E36
H1 = 0x4706816A
H2 = 0xBA3E2571
H3 = 0x7850C26C
H4 = 0x9CD0D89D
25.3.5 Hash
operation
The hash function (SHA-1, SHA-224, SHA-256 and MD5) is selected when the INIT bit is
written to ‘1’ in the HASH_CR register while the MODE bit is at ‘0’ in HASH_CR. The
algorithm (SHA-1, SHA-224,SHA-256 or MD5) is selected at the same time (that is when the
INIT bit is set) using the ALGO bits.
The message can then be sent by writing it word by word into the HASH_DIN register. When
a block of 512 bits —that is 16 words— has been written, a partial digest computation starts
upon writing the first data of the next block. The hash processor remains busy for 66 cycles
for the SHA-1 algorithm, or 50 cycles for the MD5 algorithm, SHA-224 algorithm and SHA-
256 algorithm
.
The process can then be repeated until the last word of the message. If DMA transfers are
used, refer to the
Procedure where the data are loaded by DMA
section. Otherwise, if the
message length is not an exact multiple of 512 bits, then the HASH_STR register has to be
written to launch the computation of the final digest.
Once computed, the digest can be read from the HASH_H0...HASH_H4 registers (for the
MD5 algorithm, HASH_H4 is not relevant) on STM32F415/417xx, and from the
HASH_H0...HASH_H7 registers on STM32F43xxx where:
HASH_H4..HASH_H7 are not relevant when the MD5 algorithm is selected,
HASH_H5.. HASH_H7 are not relevant when the SHA-1algorithm is selected,
HASH_H7 is not relevant when the SHA-224 algorithm is selected.
25.3.6 HMAC
operation
The HMAC algorithm is used for message authentication, by irreversibly binding the
message being processed to a key chosen by the user. For HMAC specifications, refer to
“HMAC: keyed-hashing for message authentication, H. Krawczyk, M. Bellare, R. Canetti,
February 1997.
Basically, the algorithm consists of two nested hash operations:
HMAC(message) = Hash[((key | pad) XOR 0x5C)
| Hash(((key | pad) XOR 0x36) | message)]
where:
•
pad
is a sequence of zeroes needed to extend the key to the length of the underlying
hash function data block (that is 512 bits for both the SHA-1, SHA224, SHA-256 and
MD5 hash algorithms)
•
|
represents the concatenation operator
To compute the HMAC, four different phases are required:
