Manual/OpenSSL

[OpenSSL] MAC ( Message Authentication Code ) ๋ช…๋ น์–ด

JayKim๐Ÿ™‚ 2023. 5. 10. 10:20

๋ฉ”์„ธ์ง€ ์ธ์ฆ ์ฝ”๋“œ๋ผ๋Š” MAC ๊ธฐ๋Šฅ์„ OpenSSL ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•ด ๊ตฌํ•ด ๋ณด์ž
์‚ฌ์‹ค MAC ๊ฐ’์„ ๊ตฌํ•˜๊ธฐ ์œ„ํ•ด ๋ฐฉ์‹์€ ์—ฌ๋Ÿฌ๊ฐ€์ง€๊ฐ€ ์žˆ๋‹ค.

์ผ๋ฐ˜์ ์œผ๋กœ๋Š” Hash๋ฅผ ์‚ฌ์šฉํ•˜๋Š” HMAC๊ณผ Cipher-based MAC ์ธ CMAC์ด ๊ฐ€์žฅ ๋Œ€ํ‘œ์ ์ด๋‹ค.
๊ทธ๋ฆฌ๊ณ  ๋ธ”๋ก ์•”ํ˜ธ์—์„œ ์‚ฌ์šฉ๋˜๋Š” GCM ๋ชจ๋“œ๋ฅผ ์ด์šฉํ•œ GMAC ๋“ฑ์ด ์žˆ๋‹ค.

์ด ๋ช…๋ น์–ด์— ๋Œ€ํ•œ ๋ฉ”๋‰ด์–ผ์„ ์ฐธ๊ณ  ํ•˜์—ฌ ๋งŒ๋“ค์—ˆ๋‹ค.

HMAC-SHA1 MAC

openssl mac -digest SHA1 -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -in msg.bin HMAC

HMAC ์ง€์› ๋ชฉ๋ก ํ™•์ธ

openssl list -digest-commands

HMAC ์ง€์› ๋ชฉ๋ก ๊ฒฐ๊ณผ ํ™”๋ฉด

blake2b512        blake2s256        md5               rmd160
sha1              sha224            sha256            sha3-224
sha3-256          sha3-384          sha3-512          sha384
sha512            sha512-224        sha512-256        shake128
shake256          sm3

SipHash MAC

openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F -in msg.bin SipHash

SipHash๋Š” ๋‹จ๋ฌธ ๋ฉ”์‹œ์ง€์˜ ์†๋„์— ์ตœ์ ํ™” ๋œ ์˜์‚ฌ ๋‚œ์ˆ˜ ํ•จ์ˆ˜ (a.k.a. ํ‚ค ํ•ด์‹œ ํ•จ์ˆ˜)์˜ ๊ณ„์—ด์ž…๋‹ˆ๋‹ค.

CMAC-AES-128-CBC MAC

openssl mac -cipher AES-128-CBC -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin CMAC

KMAC128 MAC

openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 -macopt size:16 -in msg.bin KMAC128

KMAC128์€ SHA-3์—์„œ ํŒŒ์ƒ๋˜๊ณ  NIST SP 800-185์—์„œ ํ‘œ์ค€ํ™”๋œ ๊ฐ€๋ณ€ ๊ธธ์ด MAC(Message Authenticated Code)์ž…๋‹ˆ๋‹ค.

GMAC-AES-128-GCM

openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC

๊ฐœ์ธ์ ์œผ๋กœ SipHash ๋ž‘ KMAC128 ๋ฐฉ์‹์€ ์ด๊ธ€์„ ์“ฐ๋ฉด์„œ ์•Œ๊ฒŒ ๋˜์—ˆ๋Š”๋ฐ ๊ธฐ์ˆ ์ ์œผ๋กœ ์–ด๋–ค๊ฑด์ง€๋Š” ์ž˜ ๋ชจ๋ฅด๊ฒŸ๋„ค์š”.