Message Authentication Codes
A message authentication code, or MAC, is akin to a keyed hash
function, in that it produces a fixed-length identifier for
variable-length data along with a key. The purpose of a MAC is to
guarantee the integrity and authenticity of data, as it is
computationally infesible to fake a MAC without knowledge of the key.
MAC algorithms in GNU Crypto are in the gnu.crypto.mac package,
and include:
- Hash-based MAC. Hash-based MACs, also called HMACs, use a normal
message digest algorithm to compute the code based on input data and the
key. GNU Crypto therefore implements an HMAC for every message digest it
supports, and the name of a HMAC is usually "HMAC-" concatenated with
the message digest's name; see the previous chapter on message digests
for further discussion.
- The Truncated Multi-Modular Hash function, TMMH. TMMH/16 and
TMMH/32 are universal hash functions; GNU Crypto implements TMMH/16.
TMMH/16 has a variety of parameters, which are described later in this
chapter. TMMH is described in [McG02].
- UHASH-32. UHASH-32 is a keyed hash function that outputs a hash of 8
bytes. The key supplied to this MAC must be 16 bytes long. UHASH is
described in [Kro00].
- UMAC-32. The UMAC family of algorithms are parameterized, meaning that
low-level choices such as endianness and the underlying cryptographic
primitive are not fixed. The UMAC algorithms are described in [Kro00].
GNU Crypto implements UMAC-32, which performs well on 32- and 64-bit
architectures, and has a key length of 16 bytes and an output length of
8 bytes. See the section on UMAC-32 for further discussion.