[PATCH] Add CMAC mode (Cipher-based MAC)

Werner Koch wk at gnupg.org
Fri Nov 8 10:40:32 CET 2013

On Fri,  8 Nov 2013 09:34, jussi.kivilinna at iki.fi said:

>  /* mode = MAC mode, algo = depending on mode, either MD or cipher algo */
>  gcry_error_t gcry_mac_open (gcry_mac_hd_t *h, int mode, int algo, unsigned int flags);

I would like to add 

  gcry_ctx_t ctx

For now NULL will be passed but in future it would allow to convey extra
information or associate the mac with a cipher etc.  I have no clear
picture about this, but I believe this is a useful extension we will
later be able to use.  For example gcry_pk_* would benefit from such a
new context parameter because that would allow to cache intermediate
result (e.g. pre-computed values for faster signature verification).
For backward compatibility we will need to introduce new functions
instead of gcry_pk_ but for a new set of function we should be prepared.

>  /* name? write, authenticate ... */
>  gcry_error_t gcry_mac_write(gcry_mac_hd_t h, const void *buf, size_t buflen);

Write is fine because that is similar to gcry_md.

>  /* name? final, gettag (+checktag) ... */
>  gcry_error_t gcry_mac_final(gcry_mac_hd_t h, void *tag_out, size_t taglen);

Wouldn't gcry_mac_read and gcry_mac_verify be easier to understand?
"tag" is quite specific.  We could do without a gcry_mac_final I think.

>  /* Names for mac... CMAC_<cipher>, HMAC_<hash>, etc? */
>  char *gcry_mac_algo_name (int mode, int algo, char *namebuf, int namebuflen);
>  void gcry_mac_map_name (const char *name, int *mode_out, int *algo_out);

That would be quite different from the other sub systems which return
constant string.  Application use of allocated names is much harder than
a constant string.  The question is whether we want o use combined
algorithm names (GCRY_MAC_HMAC_SHA1, GCRY_MAC_CMAC_AES128, ...) like
OpenSSL.  In general I think these names are too complex (in particular,
those used for TLS).  However, the total number of MAC algorithms is and
should be limited, so that to me this sounds reasonable.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list