1e41f4b71Sopenharmony_ci# MAC Operation 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci 4e41f4b71Sopenharmony_ciA message authentication code (MAC) is used to check the authenticity and integrity of a message transmitted between two parties that share a secret key. 5e41f4b71Sopenharmony_ci 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ciA Hash-based Message Authentication Code (HMAC) is a type of MAC involving a hash function and a secret key. 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci 10e41f4b71Sopenharmony_ciThe specified message digest (MD) algorithm is used to generate a MAC based on the shared secret key and the message to be exchanged. The MAC is used to check the integrity of message. HMAC introduces the shared secret key, which ensures data authenticity. The generated MAC has a fixed length. 11e41f4b71Sopenharmony_ci 12e41f4b71Sopenharmony_ci 13e41f4b71Sopenharmony_ci## Supported Algorithms and Specifications 14e41f4b71Sopenharmony_ci 15e41f4b71Sopenharmony_ciThe **Supported Type** column in the following table lists the algorithm to be used when a **Mac** instance is created. 16e41f4b71Sopenharmony_ci 17e41f4b71Sopenharmony_ci| MD Algorithm| Supported Type| API Version| 18e41f4b71Sopenharmony_ci| -------- | -------- | -------- | 19e41f4b71Sopenharmony_ci| HASH | SHA1 | 9+ | 20e41f4b71Sopenharmony_ci| HASH | SHA224 | 9+ | 21e41f4b71Sopenharmony_ci| HASH | SHA256 | 9+ | 22e41f4b71Sopenharmony_ci| HASH | SHA384 | 9+ | 23e41f4b71Sopenharmony_ci| HASH | SHA512 | 9+ | 24e41f4b71Sopenharmony_ci| HASH | SM3 | 10+ | 25e41f4b71Sopenharmony_ci| HASH | MD5 | 12+ | 26e41f4b71Sopenharmony_ci 27e41f4b71Sopenharmony_ci## How to Develop 28e41f4b71Sopenharmony_ci 29e41f4b71Sopenharmony_ciDuring the HMAC operation, you can use **update()** to pass in all the data at a time or pass in data by segment. The same data will produce the same result no matter how the data is passed. Use the appropriate method based on the data size. 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ciThe following provides examples of HMAC operations with different data passing methods. 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci 34e41f4b71Sopenharmony_ci### HMAC (Passing In Full Data) 35e41f4b71Sopenharmony_ci 36e41f4b71Sopenharmony_ci1. Use [cryptoFramework.createMac](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatemac) with the MD algorithm SHA256 to create a **Mac** instance. 37e41f4b71Sopenharmony_ci 38e41f4b71Sopenharmony_ci2. Use [cryptoFramework.createSymKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesymkeygenerator) and [SymKeyGenerator.convertKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey-1) to generate a symmetric key (**SymKey**) for HMAC. 39e41f4b71Sopenharmony_ci For details, see [Converting Binary Data into a Symmetric Key](crypto-convert-binary-data-to-sym-key.md). 40e41f4b71Sopenharmony_ci 41e41f4b71Sopenharmony_ci3. Use [Mac.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-6) to initialize the **Mac** instance using the shared symmetric key (**SymKey**). 42e41f4b71Sopenharmony_ci 43e41f4b71Sopenharmony_ci4. Use [Mac.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-8) to pass in the full data. The data to be passed in by a single **update()** operation is not size bound. 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ci5. Use [Mac.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-2) to generate a MAC. 46e41f4b71Sopenharmony_ci 47e41f4b71Sopenharmony_ci6. Use [Mac.getMacLength](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#getmaclength) to obtain the length of the MAC, in bytes. 48e41f4b71Sopenharmony_ci 49e41f4b71Sopenharmony_ci- Example: Pass in the full data to calculate a MAC using **await**. 50e41f4b71Sopenharmony_ci 51e41f4b71Sopenharmony_ci ```ts 52e41f4b71Sopenharmony_ci import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 53e41f4b71Sopenharmony_ci import { buffer } from '@kit.ArkTS'; 54e41f4b71Sopenharmony_ci 55e41f4b71Sopenharmony_ci async function genSymKeyByData(symKeyData: Uint8Array) { 56e41f4b71Sopenharmony_ci let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData }; 57e41f4b71Sopenharmony_ci let aesGenerator = cryptoFramework.createSymKeyGenerator('HMAC'); 58e41f4b71Sopenharmony_ci let symKey = await aesGenerator.convertKey(symKeyBlob); 59e41f4b71Sopenharmony_ci console.info('convertKey success'); 60e41f4b71Sopenharmony_ci return symKey; 61e41f4b71Sopenharmony_ci } 62e41f4b71Sopenharmony_ci async function doHmac() { 63e41f4b71Sopenharmony_ci // Convert the string into a Uint8Array in UTF-8 format and use it as the private key, which is 128 bits (16 bytes). 64e41f4b71Sopenharmony_ci let keyData = new Uint8Array(buffer.from("12345678abcdefgh", 'utf-8').buffer); 65e41f4b71Sopenharmony_ci let key = await genSymKeyByData(keyData); 66e41f4b71Sopenharmony_ci let macAlgName = 'SHA256'; // MD algorithm. 67e41f4b71Sopenharmony_ci let message = 'hmacTestMessgae'; // Message to be HMACed. 68e41f4b71Sopenharmony_ci let mac = cryptoFramework.createMac(macAlgName); 69e41f4b71Sopenharmony_ci await mac.init(key); 70e41f4b71Sopenharmony_ci // If the data to be processed is short, use update() to pass in the full data at a time. The data to be passed in by a single **update()** operation is not size bound. 71e41f4b71Sopenharmony_ci await mac.update({ data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }); 72e41f4b71Sopenharmony_ci let macResult = await mac.doFinal(); 73e41f4b71Sopenharmony_ci console.info('HMAC result:' + macResult.data); 74e41f4b71Sopenharmony_ci let macLen = mac.getMacLength(); 75e41f4b71Sopenharmony_ci console.info('HMAC len:' + macLen); 76e41f4b71Sopenharmony_ci } 77e41f4b71Sopenharmony_ci ``` 78e41f4b71Sopenharmony_ci 79e41f4b71Sopenharmony_ci- Example: Pass in the full data to calculate a MAC using synchronous APIs. 80e41f4b71Sopenharmony_ci 81e41f4b71Sopenharmony_ci ```ts 82e41f4b71Sopenharmony_ci import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 83e41f4b71Sopenharmony_ci import { buffer } from '@kit.ArkTS'; 84e41f4b71Sopenharmony_ci 85e41f4b71Sopenharmony_ci function genSymKeyByData(symKeyData: Uint8Array) { 86e41f4b71Sopenharmony_ci let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData }; 87e41f4b71Sopenharmony_ci let aesGenerator = cryptoFramework.createSymKeyGenerator('HMAC'); 88e41f4b71Sopenharmony_ci let symKey = aesGenerator.convertKeySync(symKeyBlob); 89e41f4b71Sopenharmony_ci console.info('[Sync]convertKey success'); 90e41f4b71Sopenharmony_ci return symKey; 91e41f4b71Sopenharmony_ci } 92e41f4b71Sopenharmony_ci function doHmacBySync() { 93e41f4b71Sopenharmony_ci // Convert the string into a Uint8Array in UTF-8 format and use it as the private key, which is 128 bits (16 bytes). 94e41f4b71Sopenharmony_ci let keyData = new Uint8Array(buffer.from("12345678abcdefgh", 'utf-8').buffer); 95e41f4b71Sopenharmony_ci let key = genSymKeyByData(keyData); 96e41f4b71Sopenharmony_ci let macAlgName = 'SHA256'; // MD algorithm. 97e41f4b71Sopenharmony_ci let message = 'hmacTestMessgae'; // Message to be HMACed. 98e41f4b71Sopenharmony_ci let mac = cryptoFramework.createMac(macAlgName); 99e41f4b71Sopenharmony_ci mac.initSync(key); 100e41f4b71Sopenharmony_ci // If the data to be processed is short, use update() to pass in the full data at a time. The data to be passed in by a single **update()** operation is not size bound. 101e41f4b71Sopenharmony_ci mac.updateSync({ data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }); 102e41f4b71Sopenharmony_ci let macResult = mac.doFinalSync(); 103e41f4b71Sopenharmony_ci console.info('[Sync]HMAC result:' + macResult.data); 104e41f4b71Sopenharmony_ci let macLen = mac.getMacLength(); 105e41f4b71Sopenharmony_ci console.info('HMAC len:' + macLen); 106e41f4b71Sopenharmony_ci } 107e41f4b71Sopenharmony_ci ``` 108e41f4b71Sopenharmony_ci 109e41f4b71Sopenharmony_ci### HMAC (Passing In Data by Segment) 110e41f4b71Sopenharmony_ci 111e41f4b71Sopenharmony_ci1. Use [cryptoFramework.createMac](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatemac) with the MD algorithm SHA256 to create a **Mac** instance. 112e41f4b71Sopenharmony_ci 113e41f4b71Sopenharmony_ci2. Use [cryptoFramework.createSymKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesymkeygenerator) and [SymKeyGenerator.convertKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey-1) to generate a symmetric key (**SymKey**) for HMAC. 114e41f4b71Sopenharmony_ci For details, see [Converting Binary Data into a Symmetric Key](crypto-convert-binary-data-to-sym-key.md). 115e41f4b71Sopenharmony_ci 116e41f4b71Sopenharmony_ci3. Use [Mac.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-7) to initialize the **Mac** instance using the shared symmetric key (**SymKey**). 117e41f4b71Sopenharmony_ci 118e41f4b71Sopenharmony_ci4. Call [Mac.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-9) multiple times to pass in 20 bytes each time. 119e41f4b71Sopenharmony_ci 120e41f4b71Sopenharmony_ci5. Use [Mac.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-3) to generate a MAC. 121e41f4b71Sopenharmony_ci 122e41f4b71Sopenharmony_ci6. Use [Mac.getMacLength](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#getmaclength) to obtain the length of the MAC, in bytes. 123e41f4b71Sopenharmony_ci 124e41f4b71Sopenharmony_ci- Example: Pass in data by segment to calculate a MAC using **await**. 125e41f4b71Sopenharmony_ci 126e41f4b71Sopenharmony_ci ```ts 127e41f4b71Sopenharmony_ci import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 128e41f4b71Sopenharmony_ci import { buffer } from '@kit.ArkTS'; 129e41f4b71Sopenharmony_ci 130e41f4b71Sopenharmony_ci async function genSymKeyByData(symKeyData: Uint8Array) { 131e41f4b71Sopenharmony_ci let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData }; 132e41f4b71Sopenharmony_ci let aesGenerator = cryptoFramework.createSymKeyGenerator('HMAC'); 133e41f4b71Sopenharmony_ci let symKey = await aesGenerator.convertKey(symKeyBlob); 134e41f4b71Sopenharmony_ci console.info('convertKey success'); 135e41f4b71Sopenharmony_ci return symKey; 136e41f4b71Sopenharmony_ci } 137e41f4b71Sopenharmony_ci async function doLoopHmac() { 138e41f4b71Sopenharmony_ci // Convert the string into a Uint8Array in UTF-8 format and use it as the private key, which is 128 bits (16 bytes). 139e41f4b71Sopenharmony_ci let keyData = new Uint8Array(buffer.from("12345678abcdefgh", 'utf-8').buffer); 140e41f4b71Sopenharmony_ci let key = await genSymKeyByData(keyData); 141e41f4b71Sopenharmony_ci let macAlgName = "SHA256"; // MD algorithm. 142e41f4b71Sopenharmony_ci let mac = cryptoFramework.createMac(macAlgName); 143e41f4b71Sopenharmony_ci // Assume that the message is of 43 bytes. After decoded in UTF-8 format, the message is also of 43 bytes. 144e41f4b71Sopenharmony_ci let messageText = "aaaaa.....bbbbb.....ccccc.....ddddd.....eee"; 145e41f4b71Sopenharmony_ci let messageData = new Uint8Array(buffer.from(messageText, 'utf-8').buffer); 146e41f4b71Sopenharmony_ci let updateLength = 20; // In this example, pass in 20 bytes each time. 147e41f4b71Sopenharmony_ci await mac.init(key); 148e41f4b71Sopenharmony_ci for (let i = 0; i < messageData.length; i += updateLength) { 149e41f4b71Sopenharmony_ci let updateMessage = messageData.subarray(i, i + updateLength); 150e41f4b71Sopenharmony_ci let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 151e41f4b71Sopenharmony_ci await mac.update(updateMessageBlob); 152e41f4b71Sopenharmony_ci } 153e41f4b71Sopenharmony_ci let macOutput = await mac.doFinal(); 154e41f4b71Sopenharmony_ci console.info("HMAC result: " + macOutput.data); 155e41f4b71Sopenharmony_ci let macLen = mac.getMacLength(); 156e41f4b71Sopenharmony_ci console.info('HMAC len:' + macLen); 157e41f4b71Sopenharmony_ci } 158e41f4b71Sopenharmony_ci ``` 159e41f4b71Sopenharmony_ci 160e41f4b71Sopenharmony_ci- Example: Pass in data by segment to calculate a MAC using synchronous APIs. 161e41f4b71Sopenharmony_ci 162e41f4b71Sopenharmony_ci ```ts 163e41f4b71Sopenharmony_ci import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 164e41f4b71Sopenharmony_ci import { buffer } from '@kit.ArkTS'; 165e41f4b71Sopenharmony_ci 166e41f4b71Sopenharmony_ci function genSymKeyByData(symKeyData: Uint8Array) { 167e41f4b71Sopenharmony_ci let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData }; 168e41f4b71Sopenharmony_ci let aesGenerator = cryptoFramework.createSymKeyGenerator('HMAC'); 169e41f4b71Sopenharmony_ci let symKey = aesGenerator.convertKeySync(symKeyBlob); 170e41f4b71Sopenharmony_ci console.info('[Sync]convertKey success'); 171e41f4b71Sopenharmony_ci return symKey; 172e41f4b71Sopenharmony_ci } 173e41f4b71Sopenharmony_ci function doLoopHmacBySync() { 174e41f4b71Sopenharmony_ci // Convert the string into a Uint8Array in UTF-8 format and use it as the private key, which is 128 bits (16 bytes). 175e41f4b71Sopenharmony_ci let keyData = new Uint8Array(buffer.from("12345678abcdefgh", 'utf-8').buffer); 176e41f4b71Sopenharmony_ci let key = genSymKeyByData(keyData); 177e41f4b71Sopenharmony_ci let macAlgName = "SHA256"; // MD algorithm. 178e41f4b71Sopenharmony_ci let mac = cryptoFramework.createMac(macAlgName); 179e41f4b71Sopenharmony_ci // Assume that the message is of 43 bytes. After decoded in UTF-8 format, the message is also of 43 bytes. 180e41f4b71Sopenharmony_ci let messageText = "aaaaa.....bbbbb.....ccccc.....ddddd.....eee"; 181e41f4b71Sopenharmony_ci let messageData = new Uint8Array(buffer.from(messageText, 'utf-8').buffer); 182e41f4b71Sopenharmony_ci let updateLength = 20; // In this example, pass in 20 bytes each time. 183e41f4b71Sopenharmony_ci mac.initSync(key); 184e41f4b71Sopenharmony_ci for (let i = 0; i < messageData.length; i += updateLength) { 185e41f4b71Sopenharmony_ci let updateMessage = messageData.subarray(i, i + updateLength); 186e41f4b71Sopenharmony_ci let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 187e41f4b71Sopenharmony_ci mac.updateSync(updateMessageBlob); 188e41f4b71Sopenharmony_ci } 189e41f4b71Sopenharmony_ci let macOutput = mac.doFinalSync(); 190e41f4b71Sopenharmony_ci console.info("[Sync]HMAC result: " + macOutput.data); 191e41f4b71Sopenharmony_ci let macLen = mac.getMacLength(); 192e41f4b71Sopenharmony_ci console.info('HMAC len:' + macLen); 193e41f4b71Sopenharmony_ci } 194e41f4b71Sopenharmony_ci ``` 195