Thanks!
in my case, i use data validation, parsing the message, prior to calculate the hash. I imagined that with this approach we can't receive tampered end data.