A reconfigurable hardware unit for the HMAC algorithm

HMAC is a shared-key security algorithm that uses hash functions for message authentication and data integrity. The most popular hash functions used with HMAC are MD5, SHA-1, and RIPEMD-160, which are all based on the function MD4. IPSec uses HMAC with these three hash functions for message authentication. In addition, these hash functions can be used with other security applications, such as digital signature. In a previous work, we designed a unified engine that implements the three hash algorithms. In this work, we integrated the HMAC algorithm into that engine to form a reconfigurable HMAC-hash unit, which implements six standard security algorithms and can be reconfigured at runtime to perform any one of them. We applied the pipelining principle to the design of the HMAC-hash unit. Hence, the larger the message size, the better the throughput. Compared to other work, we achieve better throughput than those integrating three or more hash functions and a comparable throughput to those integrating two hash functions. We achieve comparable results to those integrating HMAC with some hash functions. The area utilization of the designed unit is less than 33% of the available logic on the FPGA chip we used. Thus, the designed unit can fit on a single FPGA chip as an SoC