Asymmetric, or public key, cryptography may be used to facilitate secure communications between two or more endpoints, typically within a computer network. Asymmetric cryptography requires the use of both a public and a secret key for a message transmitted and/or received by an endpoint. The public key of an endpoint may be widely distributed, while the secret key is kept secret. A recipient's public key is used to encrypt an incoming message and the message may only be decrypted by the corresponding secret key of the recipient when received. In this way, a message encrypted with a recipient's public key may only be decrypted by the recipient's corresponding secret key.
A Hash Message Authentication Code (HMAC) is a type of asymmetric cryptographic message authentication code that uses a secret key and a cryptographic hash function to generate an authentication code for an endpoint. HMACs may be used to verify data integrity as well as the authenticity of a message.
HMACs are commonly used within the Server Message Block (SMB) protocol. The SMB protocol is used to provide a secure and authenticated mechanism for exchanging information within a computer network. SMB is commonly used on computers and networks using Microsoft™ products. SMB may be used to provide access to, for example, files, hardware devices (e.g., printers), serial ports, and other communication facilities within a computer network.
A new version of the SMB protocol, SMB2, was introduced by Microsoft™ in 2006. Advantages of SMB2 over SMB1 (the original version of SMB) include an improved ability to combine multiple actions into a single action through using a new compounding mechanism and considerably less complex code and are not directed toward improving SMB1's asymmetric cryptography.
Some Microsoft™ enabled computers and/or networks use the Common Internet File System (CIFS) as a computer and/or network platform. CIFS is based on SMB and allows file sharing across an intranet and/or the Internet. The HMAC signature for a CIFS enabled system is typically an SMB signature.
Messages signed with an HMAC signature must typically be sent from endpoint to endpoint in an unmodified fashion because changing even a single bit of the message alters the result of the hashing algorithm that generates the HMAC or SMB signature. If the signature of a message is altered, then the receiving endpoint will not be able to verify the signature of the message and the communication of the message will fail.
While the inability to alter HMAC-signed messages is generally considered to be an important feature of HMAC-based communications, it is sometimes desirable to modify such messages. Such circumstances include, for example, acceleration of the message through a proxy pair or other network communication facility. Currently though, when such modifications are applied to an HMAC-signed message, the modification process alters the original HMAC signature such that the signature cannot be verified by the receiving endpoint.
Thus, systems, methods and apparatus enabled to communicate a modified HMAC-signed message to an endpoint are desired.