When transmitting and receiving data through the Internet, the message authentication code (MAC) is used to check that the data has not been tampered.
One of the algorithms of the message authentication code includes a keyed-hashing for message authentication code (HMAC) (NIST, FIPS PUB 198. FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION. “The keyed-Hash Message Authentication Code (HMAC)”).
The example of a circuit architecture for generating the HMAC is disclosed as a prior art.
When the sending terminal transmits the secret key, the message data, and the HMAC through the Internet and the receiving terminal receives the secret key, the message data and the HMAC generated by the sending terminal, the receiving terminal can carry out the calculation of the HMAC using the secret key and the message data.
If the HMAC which is received on the receiving terminal and a result of HMAC calculation using a received message and a key data are different, the received message data may be interpolated in a communication path, the message data may not be correctly received, or the sender of the message data may not be the sender terminal which is not intended for the receiving terminal.
In any case, the received message data is non-reliable data.
On the other hand, the received HMAC and the calculation of using the received message and the key data is same, the received message data is confirmed as the message data sent from the person who is intended for receiving terminal. So the message can be sent and received safety over the Internet using a HMAC.
FIG. 1 shows a flowchart of the procedure of the HMAC shown in non-patent document 1. The procedure of the HMAC shown in non-patent document 1 will be described below using FIG. 1. The key data K0 is generated from the received secret key K in one of the steps of step S1 to step S3. The size (Length (K)) of the secret key K and the block length (Length(s)) of the hash function are compared in step S0.
In step S1, the secret key K is set as the key data K0 if the size (Length (K)) of the secret key K and the block length (Length (B)) of the hash function are equal, and go to step S4.
In step S2, if the size (Length (K)) of the secret key K is longer than the block length (Length (B)) of the hash function, the secret key K is calculated with the hash function H to obtain the digest (H(K)) of the secret key, and 0 is added with respect to the obtained result H(K) until the block length of the hash function is reached to generate the key data K0. After the K0 is generated, the process proceeds to step S4. If the block length (Length (B)) of the hash function is longer than the size (Length (K)) of the secret key K (Length (B)>Length (K)), the go to step S3.
In step S3, Length (B)>Length (K), append zeros to the end of K to create a B-byte string K0. After the K0 is generated, the process proceeds to step 4.
In step S4, exclusive-or K0 with an ipad which is constant data (K0 xor ipad).
In step S5, append the received message data ‘text’ to the string resulting from step 4 (K0 xor ipad∥text).
In step S6, the data (K0 xor ipad∥text) generated in step S5 is calculated with the hash function H to obtain the digest H (K0 xor ipad∥text) thereof.
In step S7, exclusive-or K0 with an opad which is constant data (K0 xor opad).
In step S8, append the result from step 6 to step 7.
In step S9, calculate the digest H((K0 xor opad)∥H(K0 xor ipad∥text)) of the data (K0 xor opad)∥H(K0 xor ipad∥text) generated in step S8 is created.
In step S10, the value of t bytes from the left side of the data H((K0 xor opad)∥H(K0 xor ipad∥text)) obtained in step S9 is obtained, which value becomes HMAC.
If the receiving terminal receives a plurality of message data, the HMAC is obtained according to the procedure of S1 to S10 for every message data. In such a case, if the HMAC circuit does not calculate simultaneously the HMAC of the plurality of message data, the operation of the HMAC on the message data is not executed until operation the HMAC for one certain message data is finished.
As previously described, the receiving terminal performs the calculation of the HMAC using the secret key and the message data, and cannot complete the calculation of the HMAC unless whole message data and the secret key are received. The sending terminal may transmit one secret key in a plurality of packets or may transmit one message data in a plurality of packets.
The arrival of the packet of one part of the secret key or the packet of one part of the message data may take time depending on the network traffic, where the HMAC circuit may be waiting for the next packet and the calculation of the HMAC of the different message data that has already arrived may be waiting, which lowers the calculation efficiency.
One aspect of the present invention focuses on such point, and provides an information processing device capable of efficiently calculating the HMAC for each of the plurality of message data.