[PATCH] Add CMAC mode (Cipher-based MAC)

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Thu Oct 31 23:16:12 CET 2013


On Thu, Oct 31, 2013 at 7:01 PM, Werner Koch <wk at gnupg.org> wrote:
> On Thu, 31 Oct 2013 13:41, jussi.kivilinna at iki.fi said:
>> Patch adds CMAC (Cipher-based MAC) mode as defined in RFC 4493 and NIST
>> Special Publication 800-38B.
>> Example of usage:
>>   /* Message 1 is split to two buffers, buf1_a and buf1_b. */
>>   gcry_cipher_setkey(h, key, len(key));
> I wonder whether it is a good idea to put MAC algorithms into the cipher
> module.  It is a bit of surprise because a MAC has IMHO more of a hash
> algorithm than of a cipher algorithm.  Also, we already have HMAC in
> gcry_md_*.  Right, there is quite some overlap now with the
> authenticated methods.  The later are however justified in gcry_cipher
> because their main purpose is encryption.

What about GMAC, which is GCM, but no encrypted text? Should it be
in gcry_cipher_* space (if I enable multiple subsequent _authenticate()
calls in my GCM code) or in gcry_md_* space (as HMAC is)?

Maybe we should just converge gcry_md_* and gcry_cipher_* spaces?

With best wishes

More information about the Gcrypt-devel mailing list