In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message.

HMAC can provide authentication using a shared secret instead of using digital signatures with asymmetric cryptography. It trades off the need for a complex public key infrastructure by delegating the key exchange to the communicating parties, who are responsible for establishing and using a trusted channel to agree on the key prior to communication. 

Any cryptographic hash function, such as SHA-2 or SHA-3, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-X, where X is the hash function used (e.g. HMAC-SHA256 or HMAC-SHA3-512). The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and the size and quality of the key.[1]

HMAC uses two passes of hash computation. Before either pass, the secret key is used to derive two keys – inner and outer. Next, the first pass of the hash algorithm produces an internal hash derived from the message and the inner key. The second pass produces the final HMAC code derived from the inner hash result and the outer key. Thus the algorithm provides better immunity against length extension attacks.

An iterative hash function (one that uses the Merkle–Damgård construction) breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, SHA-256 operates on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (e.g., 256 and 512 bits in the case of SHA-256 and SHA3-512, respectively), although it can be truncated if desired.

HMAC does not encrypt the message. Instead, the message (encrypted or not) must be sent alongside the HMAC hash. Parties with the secret key will hash the message again themselves, and if it is authentic, the received and computed hashes will match.

The definition and analysis of the HMAC construction was first published in 1996 in a paper by Mihir Bellare, Ran Canetti, and Hugo Krawczyk,[1][2] and they also wrote RFC 2104 in 1997.[3] The 1996 paper also defined a nested variant called NMAC (Nested MAC). FIPS PUB 198 generalizes and standardizes the use of HMACs.[4] HMAC is used within the IPsec,[2] SSH and TLS protocols and for JSON Web Tokens. 

[1] Bellare, Mihir; Canetti, Ran; Krawczyk, Hugo (1996). "Keying Hash Functions for Message Authentication": 1–15. CiteSeerX10.1.1.134.8430.

[2] Bellare, Mihir; Canetti, Ran; Krawczyk, Hugo (Spring 1996). "Message Authentication using Hash Functions— The HMAC Construction" (PDF). CryptoBytes. 2 (1).

[3] "Definition of HMAC". HMAC: Keyed-Hashing for Message Authentication. sec.2. doi:10.17487/RFC2104. RFC 2104.

[4] "FIPS 198-1: The Keyed-Hash Message Authentication Code (HMAC)". Federal Information Processing Standards. 16 July 2008.

https://en.wikipedia.org/wiki/HMAC

In [19]:
import hmac
import hashlib

def hmac_sha256(key, message):
    return hmac.new(key.encode(), message.encode(), hashlib.sha256).hexdigest()

key = bytes(bytearray.fromhex("6f79bf94da7dde3c86009934d9258f1b3fc2f5382aca9c9cb8e216eed235f34c"))
msg = bytes(bytearray.fromhex("450006131be1000000330000c0a8c887c0a8c81506050000cf54ccdf00000064000000000000000000000000000000001a3907d0a076b34f6ad0e701501804023659000048656c6c6f2c2074686973206973206d79207365636f6e64207061796c6f61642c207061796c6f616420312e204120736964652d6368616e6e656c2061747461636b2069732061207365637572697479206578706c6f697420746861742061696d7320746f2067617468657220696e666f726d6174696f6e2066726f6d206f7220696e666c75656e6365207468652070726f6772616d20657865637574696f6e206f6620612073797374656d206279206d6561737572696e67206f72206578706c6f6974696e6720696e6469726563742065666665637473206f66207468652073797374656d206f7220697473206861726477617265202d2d20726174686572207468616e20746172676574696e67207468652070726f6772616d206f722069747320636f6465206469726563746c792e204d6f737420636f6d6d6f6e6c792c2074686573652061747461636b732061696d20746f20657866696c74726174652073656e73697469766520696e666f726d6174696f6e2c20696e636c7564696e672063727970746f67726170686963206b6579732c206279206d6561737572696e6720636f696e636964656e74616c20686172647761726520656d697373696f6e732e204120736964652d6368616e6e656c2061747461636b206d617920616c736f20626520726566657272656420746f206173206120736964656261722061747461636b206f7220616e20696d706c656d656e746174696f6e2061747461636b2e20417320616e20696c6c757374726174696f6e2c20696d6167696e6520796f7527726520747279696e6720746f2064657465726d696e65207768657265206120706572736f6e206861732064726976656e207468656972206361722e20412073656375726520656c656d656e742028534529206973206120736563757265206f7065726174696e672073797374656d20284f532920696e20612074616d7065722d726573697374616e742070726f636573736f722063686970206f722073656375726520636f6d706f6e656e742e2049742063616e2070726f74656374206173736574732028726f6f74206f662074727573742c2073656e73697469766520646174612c206b6579732c206365727469666963617465732c206170706c69636174696f6e732920616761696e73742068696768206c6576656c20736f66747761726520616e642068617264776172652061747461636b732e204170706c69636174696f6e7320746861742070726f6365737320746869732073656e7369746976652064617461206f6e20616e205345732e2054686973206973206d79207365636f6e64207061796c6f61642c207061796c6f616420312e204120736964652d6368616e6e656c2061747461636b2069732061207365637572697479206578706c6f697420746861742061696d7320746f2067617468657220696e666f726d6174696f6e2066726f6d206f7220696e666c75656e6365207468652070726f6772616d20657865637574696f6e206f6620612073797374656d206279206d6561737572696e67206f72206578706c6f6974696e6720696e6469726563742065666665637473206f66207468652073797374656d206f7220697473206861726477617265202d2d20726174686572207468616e20746172676574696e67207468652070726f6772616d206f722069747320636f6465206469726563746c792e204d6f737420636f6d6d6f6e6c792c2074686573652061747461636b732061696d20746f20657866696c74726174652073656e73697469766520696e666f726d6174696f6e2c20696e636c7564696e672063727970746f67726170686963206b6579732c206279206d6561737572696e6720636f696e636964656e74616c20686172647761726520656d697373696f6e732e204120736964652d6368616e6e656c2061747461636b206d617920616c736f20626520726566657272656420746f206173206120736964656261722061747461636b206f7220616e20696d706c656d656e746174696f6e2061747461636b2e00000044"))

digest_maker  = hmac.new(key, msg, hashlib.sha256)
mac = digest_maker.hexdigest()
print ("Block size: " + str(digest_maker.block_size) + " bytes")

# call update to update msg
# digest_maker.update(b'another msg')

print("MAC: "+mac)

Block size: 64 bytes
MAC: 15ccd49db9bdef9617c69752229e4af4258d55d7f7dfc619cd5614e5200c2085


In [20]:
# Implement HMAC from scatch

import hashlib
import hmac

### Define key, message, Block size, hashing algorithm    
hash_algo = "sha256" # 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'blake2b', 'blake2s', 'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512', 'shake_128', 'shake_256'
B = 64
message = msg
key = key

#define hash function
H = hashlib.new(hash_algo)
m = hashlib.sha256()

### hash () for an easy to read code
def hash(M):
    H = hashlib.new(hash_algo)
    H.update(M)
    b_hash = H.digest()
    return b_hash

### XOR Translation table
trans_5C = bytes((x ^ 0x5C) for x in range(256))
trans_36 = bytes((x ^ 0x36) for x in range(256))

print("trans_5C\n"+trans_5C.hex())
print("trans_36\n"+trans_36.hex())

### Zero pad key to block length B
K_zpad=key.ljust(B,b'\0')
print("K_zpad\n" + K_zpad.hex())
# Xor with ipad and opad sequence
K_ipad=K_zpad.translate(trans_36)
K_opad=K_zpad.translate(trans_5C)

print("Key XOR ipad(0x363636...):\n"+K_ipad.hex())
print("\n\nKey XOR opad(0x5c5c5c...):\n"+K_opad.hex())

### concatinate message
part1=K_ipad+message
print("key XOR ipad || message:\n"+part1.hex())

### hash (key xor ipad || message )
# hash1=hash(part1)
H.update(part1)
hash1=H.digest()
print("hash( key XOR ipad || message):\n"+hash1.hex())

### another way to hash
nb_blocks_hash = int(len(part1) / B)
print("hash msg")
for i in range(nb_blocks_hash):
    m.update(part1[B*i:B*(i+1)])
    print("i=%d: "%(i)+m.hexdigest())
remaining_bytes_hash = len(part1) - nb_blocks_hash*B
# last update
m.update(part1[len(part1)-remaining_bytes_hash:len(part1)])
print("last: "+m.hexdigest())

### hash (key xor opad || hash ( (key xor ipad)||message ) )
part2 = K_opad + hash1
print("hash (key xor opad || hash ( (key XOR ipad)||message ) ):\n"+part2.hex())
hash_final = hash(part2)
print("\n\nFinal Hash:\n"+hash_final.hex())

# Compare with Python's HMAC Implementation
pyH=hmac.new(key,message,digestmod=hash_algo)
pyH.hexdigest()

trans_5C
5c5d5e5f58595a5b54555657505152534c4d4e4f48494a4b44454647404142437c7d7e7f78797a7b74757677707172736c6d6e6f68696a6b64656667606162631c1d1e1f18191a1b14151617101112130c0d0e0f08090a0b04050607000102033c3d3e3f38393a3b34353637303132332c2d2e2f28292a2b2425262720212223dcdddedfd8d9dadbd4d5d6d7d0d1d2d3cccdcecfc8c9cacbc4c5c6c7c0c1c2c3fcfdfefff8f9fafbf4f5f6f7f0f1f2f3ecedeeefe8e9eaebe4e5e6e7e0e1e2e39c9d9e9f98999a9b94959697909192938c8d8e8f88898a8b8485868780818283bcbdbebfb8b9babbb4b5b6b7b0b1b2b3acadaeafa8a9aaaba4a5a6a7a0a1a2a3
trans_36
36373435323330313e3f3c3d3a3b383926272425222320212e2f2c2d2a2b282916171415121310111e1f1c1d1a1b181906070405020300010e0f0c0d0a0b080976777475727370717e7f7c7d7a7b787966676465626360616e6f6c6d6a6b686956575455525350515e5f5c5d5a5b585946474445424340414e4f4c4d4a4b4849b6b7b4b5b2b3b0b1bebfbcbdbabbb8b9a6a7a4a5a2a3a0a1aeafacadaaaba8a996979495929390919e9f9c9d9a9b989986878485828380818e8f8c8d8a8b8889f6f7f4f5f2f3f0f1fefffcfdfafbf8f9e6e7e4e5e2e3e0e1eeefecedeaebe8e9d6d7d4d5d2d3d0d1dedfd

'15ccd49db9bdef9617c69752229e4af4258d55d7f7dfc619cd5614e5200c2085'

In [9]:
# Another implementation of HMAC function using hmac.update

import hmac
import hashlib

def hmac_sha256(key, message):
    return hmac.new(key.encode(), message.encode(), hashlib.sha256).hexdigest()

B=64
key = bytes(bytearray.fromhex("6f79bf94da7dde3c86009934d9258f1b3fc2f5382aca9c9cb8e216eed235f34c"))
msg = bytes(bytearray.fromhex("450006131be1000000330000c0a8c887c0a8c81506050000cf54ccdf00000064000000000000000000000000000000001a3907d0a076b34f6ad0e701501804023659000048656c6c6f2c2074686973206973206d79207365636f6e64207061796c6f61642c207061796c6f616420312e204120736964652d6368616e6e656c2061747461636b2069732061207365637572697479206578706c6f697420746861742061696d7320746f2067617468657220696e666f726d6174696f6e2066726f6d206f7220696e666c75656e6365207468652070726f6772616d20657865637574696f6e206f6620612073797374656d206279206d6561737572696e67206f72206578706c6f6974696e6720696e6469726563742065666665637473206f66207468652073797374656d206f7220697473206861726477617265202d2d20726174686572207468616e20746172676574696e67207468652070726f6772616d206f722069747320636f6465206469726563746c792e204d6f737420636f6d6d6f6e6c792c2074686573652061747461636b732061696d20746f20657866696c74726174652073656e73697469766520696e666f726d6174696f6e2c20696e636c7564696e672063727970746f67726170686963206b6579732c206279206d6561737572696e6720636f696e636964656e74616c20686172647761726520656d697373696f6e732e204120736964652d6368616e6e656c2061747461636b206d617920616c736f20626520726566657272656420746f206173206120736964656261722061747461636b206f7220616e20696d706c656d656e746174696f6e2061747461636b2e20417320616e20696c6c757374726174696f6e2c20696d6167696e6520796f7527726520747279696e6720746f2064657465726d696e65207768657265206120706572736f6e206861732064726976656e207468656972206361722e20412073656375726520656c656d656e742028534529206973206120736563757265206f7065726174696e672073797374656d20284f532920696e20612074616d7065722d726573697374616e742070726f636573736f722063686970206f722073656375726520636f6d706f6e656e742e2049742063616e2070726f74656374206173736574732028726f6f74206f662074727573742c2073656e73697469766520646174612c206b6579732c206365727469666963617465732c206170706c69636174696f6e732920616761696e73742068696768206c6576656c20736f66747761726520616e642068617264776172652061747461636b732e204170706c69636174696f6e7320746861742070726f6365737320746869732073656e7369746976652064617461206f6e20616e205345732e2054686973206973206d79207365636f6e64207061796c6f61642c207061796c6f616420312e204120736964652d6368616e6e656c2061747461636b2069732061207365637572697479206578706c6f697420746861742061696d7320746f2067617468657220696e666f726d6174696f6e2066726f6d206f7220696e666c75656e6365207468652070726f6772616d20657865637574696f6e206f6620612073797374656d206279206d6561737572696e67206f72206578706c6f6974696e6720696e6469726563742065666665637473206f66207468652073797374656d206f7220697473206861726477617265202d2d20726174686572207468616e20746172676574696e67207468652070726f6772616d206f722069747320636f6465206469726563746c792e204d6f737420636f6d6d6f6e6c792c2074686573652061747461636b732061696d20746f20657866696c74726174652073656e73697469766520696e666f726d6174696f6e2c20696e636c7564696e672063727970746f67726170686963206b6579732c206279206d6561737572696e6720636f696e636964656e74616c20686172647761726520656d697373696f6e732e204120736964652d6368616e6e656c2061747461636b206d617920616c736f20626520726566657272656420746f206173206120736964656261722061747461636b206f7220616e20696d706c656d656e746174696f6e2061747461636b2e00000044"))
msg_len = len(msg)
digest_maker  = hmac.new(key, None, hashlib.sha256)
print("hmac_key\n"+digest_maker.hexdigest())

nb_blocks = int(msg_len / B)
print("mac msg")
for i in range(nb_blocks):
    digest_maker.update(msg[B*i:B*(i+1)])
    print("i=%d: "%(i)+digest_maker.hexdigest())
remaining_bytes = msg_len - nb_blocks*B
# last update
digest_maker.update(msg[msg_len-remaining_bytes:msg_len])
print("last: "+digest_maker.hexdigest())
# digest_maker.update(msg)
mac_multiple_update = digest_maker.hexdigest()

# call update to update msg
# digest_maker.update(b'another msg')

hmac_key
2b2d18c7722ccc3f96c7a623ecabfe36588e9072858340741495b86751686574
mac msg
i=0: 47b3136169edeb75f816bd120a8345c83709c812183e27ff5f09f663ed00114d
i=1: 4b6e21764da229f1fa7c2b5d1c5de8e86e01ff0d27c747412dffd1dca8d544d7
i=2: 9f696289348bbc2cf037090860aec074547dd3bf695d32afa6cd97fa64880bb6
i=3: 938e543701fc59e88b70ffc71f93e086b7ed9bda4f1c2f502e5f644389f92fba
i=4: e32c072d8ff9b16e3bb170577bd32ceed94d169dd156d73a9a03db77104dccd7
i=5: 46a84faa111f035cff642e8ce270a32a814250ba30b16efac94c738df0b78727
i=6: dbafc1099f3c257da5100f0c8234951d533fae30986f53a0015287e0a3ec5d59
i=7: 1a1e0e852d6284437e127cbfed804d1cad082635747d46744f50dd34cd15968c
i=8: 80ed5f3ad85a8af4cd3d88b9c8ca1f880370a5a8336ffdfc9b6d80df4809eaf4
i=9: 50b65fe6eefd883dcb1f10875794eec2e4b3821859ce586894fd1ba2cc30c4d7
i=10: 2629e1b4a3e0f351134cfba2110e2269ce580dde615ac12911589f4fdf1a40a4
i=11: 4f71ce24103356cfce5fce5e6472017dbd5800ac1f46e78add7a889313eb139f
i=12: 23a7b80b34cdd08bc8e3dbde61b97995510eb3680100ddede78e6bea9b81d2b5
i=13: