# Implementation of RFC 2104 - HMAC Algorithm
___Hash-based Message Authentication___ or ___Key Hashed Message Authentication Algorithm___

...in python

* [RFC 2104](https://www.ietf.org/rfc/rfc2104.txt)
* [Wikipedia](https://en.wikipedia.org/wiki/HMAC)
* [Dr. Dobb's](http://www.drdobbs.com/security/the-hmac-algorithm/184410908)

In [1]:
import hashlib
import hmac

In [2]:
### Define key, message, Block size, hashing algorithm

hash_algo = "sha1"
B = 64
message = b'hello!'
key = b'key'

In [3]:
### hash () for an easy to read code
def hash(M):
    return hashlib.new(hash_algo, M).digest()

In [4]:
### XOR Translation table
trans_5C = bytes((x ^ 0x5C) for x in range(256))
trans_36 = bytes((x ^ 0x36) for x in range(256))

In [5]:
### Zero pad key to block length B
K_zpad=key.ljust(B,b'\0')
# Xor with ipad and opad sequence
K_ipad=K_zpad.translate(trans_36)
K_opad=K_zpad.translate(trans_5C)

print("Key XOR ipad(0x363636...):\n"+K_ipad.hex())
print("\n\nKey XOR opad(0x505050...):\n"+K_opad.hex())

Key XOR ipad(0x363636...):
5d534f36363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636


Key XOR opad(0x505050...):
3739255c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c


In [6]:
### concatinate message
part1=K_ipad+message
print("key XOR ipad || message:\n"+part1.hex())

key XOR ipad || message:
5d534f3636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363668656c6c6f21


$hash( ( key_{zp} \bigoplus ipad ) \parallel message )$

In [7]:
### hash (key xor ipad || message )
hash1=hash(part1)
print("hash( key XOR ipad || message):\n"+hash1.hex())

hash( key XOR ipad || message):
3c6d77eac1c2841ef09565487d5d2a5fc4dd5b9a


$ hash( key_{zp} \bigoplus opad \parallel hash( ( key_{zp} \bigoplus ipad ) \parallel message ) ) $

In [8]:
### hash (key xor opad || hash ( (key xor ipad)||message ) )
part2 = K_opad + hash1
print("hash (key xor opad || hash ( (key XOR ipad)||message ) ):\n"+part2.hex())
hash_final = hash(part2)
print("\n\nFinal Hash:\n"+hash_final.hex())

hash (key xor opad || hash ( (key XOR ipad)||message ) ):
3739255c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c3c6d77eac1c2841ef09565487d5d2a5fc4dd5b9a


Final Hash:
8652c2bb32ed9cdb085e8bccea9940fc4b0d46d5


## Compare with Python's HMAC Implementation

In [9]:
# Python
pyH=hmac.new(key,message,digestmod=hash_algo)
pyH.hexdigest()

'8652c2bb32ed9cdb085e8bccea9940fc4b0d46d5'