www.ti.com
SHA/MD5 Functional Description
699
SWRU543–January 2019
Submit Documentation Feedback
Copyright © 2019, Texas Instruments Incorporated
SHA/MD5 Accelerator
NOTE: If the HMAC key is less than 512 bits, it must be properly padded with zeros: all 16 HMAC
key registers must be written explicitly; the core does not pad. Additionally, if the HMAC key
is larger than 512 bits, the host must perform a preprocessing step to reduce it to one 512-bit
block. This involves hashing the large key and padding the hash result with zeros until it is
512 bits wide.
The order of the bytes within the digest is such that it can be fed back unmodified into the little-endian
data input when preprocessing HMAC keys larger than 64 bytes, or it can typically be inserted unmodified
into a little-endian data stream (for example, IPSEC packets), regardless of the selected algorithm.
NOTE: The HMAC key or inner digest is not preserved. If another block must be authenticated using
the same key, the key or inner digest must be reloaded by the host. If the same key must be
used many times, do a HMAC key processing-only pass to obtain the inner and outer digest
precomputes and load these precomputes for subsequent passes (only the inner digest must
be reloaded if the outer digest is not modified by the host), because this saves two hash
blocks worth of computation time.
19.1.3.1.4 Closing a Hash
The amount of data to hash is not necessarily a multiple of 64 bytes. The CLOSE_HASH bit in the
SHAMD5_MODE register is set to append padding so that the message size becomes a multiple of 64
bytes. Consequently, a minimum of 9 bytes must be added to the message. Nine bytes is the minimum
number of bytes that contains the minimum 65-bit padding specified by FIPS 180-1.
If the size of the last block of data is less than or equal to 55 bytes, no additional 64-byte block is required.
However, if the last block of data contains more than 55 bytes, an extra 64-byte block must be added to
make the padding as specified by FIPS 180-1. This extra block is added automatically by the hardware;
thus, the module is fed with a 64-byte block of data. However, appending a pad on the last block of data
can result in the creation of an extra 64-byte block.
The one or two last blocks that contain the padding are processed in the same way as the other blocks.
Hash completion is then indicated in the same way as for a new hash, and the hash result can be read in
the digest registers. The SHAMD5_DIGESTCOUNT register returns restored Digest Count + Length when
it is read, and hashing completes.
Assuming a message of 129 bytes, Table 19-5 shows the SHA digest for three passes. Table 19-6 shows
the SHA digest for one pass.
Table 19-5. SHA Digest Processed in Three Passes
Digest (A to E) SHAMD5_DIGESTC
OUNT
SHAMD5_MODE and
SHAMD5_LENGTH
SHAMD5_DATA_n_IN
First pass WRITE:
LENGTH=64
ALGO (dependent on the algorithm to
apply)
ALGO_CONSTANT=1 CLOSE_HASH=0
First 64 bytes of
message
Second pass Round 1 digest
calculation
WRITE: 64 WRITE:
LENGTH=64
ALGO (dependent on the algorithm to
apply)
ALGO_CONSTANT=0 CLOSE_HASH=0
Second 64 bytes of
message
Third pass Round 2 digest
calculation
WRITE: 128 Write:
LENGTH=1
ALGO (dependent on the algorithm to
apply)
ALGO_CONSTANT=0 CLOSE_HASH=1
Last byte of message
Final digest READ: 129
To Next Page
Loading...
