diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-11-14 14:10:27 +0200 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-11-19 19:18:56 +0200 |
commit | b49cd64aaaff2e5488a84665362ef7150683226c (patch) | |
tree | 08a9aa2bd510d0231fa63ca481b03c5f42457aee /doc | |
parent | fcd6da37d55f248d3558ee0ff385b41b866e7ded (diff) | |
download | libgcrypt-b49cd64aaaff2e5488a84665362ef7150683226c.tar.gz |
Add CMAC (Cipher-based MAC) to MAC API
* cipher/Makefile.am: Add 'cipher-cmac.c' and 'mac-cmac.c'.
* cipher/cipher-cmac.c: New.
* cipher/cipher-internal.h (gcry_cipher_handle.u_mode): Add 'cmac'.
* cipher/cipher.c (gcry_cipher_open): Rename to...
(_gcry_cipher_open_internal): ...this and add CMAC.
(gcry_cipher_open): New wrapper that disallows use of internal
modes (CMAC) from outside.
(cipher_setkey, cipher_encrypt, cipher_decrypt)
(_gcry_cipher_authenticate, _gcry_cipher_gettag)
(_gcry_cipher_checktag): Add handling for CMAC mode.
(cipher_reset): Do not reset 'marks.key' and do not clear subkeys in
'u_mode' in CMAC mode.
* cipher/mac-cmac.c: New.
* cipher/mac-internal.h: Add CMAC support and algorithms.
* cipher/mac.c: Add CMAC algorithms.
* doc/gcrypt.texi: Add documentation for CMAC.
* src/cipher.h (gcry_cipher_internal_modes): New.
(_gcry_cipher_open_internal, _gcry_cipher_cmac_authenticate)
(_gcry_cipher_cmac_get_tag, _gcry_cipher_cmac_check_tag)
(_gcry_cipher_cmac_set_subkeys): New prototypes.
* src/gcrypt.h.in (gcry_mac_algos): Add CMAC algorithms.
* tests/basic.c (check_mac): Add CMAC test vectors.
--
Patch adds CMAC (Cipher-based MAC) as defined in RFC 4493 and NIST
Special Publication 800-38B.
Internally CMAC is added to cipher module, but is available to outside
only through MAC API.
[v2]:
- Add documentation.
[v3]:
- CMAC algorithm ids start from 201.
- Coding style fixes.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gcrypt.texi | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index b2041269..b8ee4946 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3479,6 +3479,50 @@ algorithm described in GOST R 34.11-2012. This is HMAC message authentication algorithm based on the 512-bit hash algorithm described in GOST R 34.11-2012. +@item GCRY_MAC_CMAC_AES +This is CMAC (Cipher-based MAC) message authentication algorithm based on +the AES block cipher algorithm. + +@item GCRY_MAC_CMAC_3DES +This is CMAC message authentication algorithm based on the three-key EDE +Triple-DES block cipher algorithm. + +@item GCRY_MAC_CMAC_CAMELLIA +This is CMAC message authentication algorithm based on the Camellia block cipher +algorithm. + +@item GCRY_MAC_CMAC_CAST5 +This is CMAC message authentication algorithm based on the CAST128-5 +block cipher algorithm. + +@item GCRY_MAC_CMAC_BLOWFISH +This is CMAC message authentication algorithm based on the Blowfish +block cipher algorithm. + +@item GCRY_MAC_CMAC_TWOFISH +This is CMAC message authentication algorithm based on the Twofish +block cipher algorithm. + +@item GCRY_MAC_CMAC_SERPENT +This is CMAC message authentication algorithm based on the Serpent +block cipher algorithm. + +@item GCRY_MAC_CMAC_SEED +This is CMAC message authentication algorithm based on the SEED +block cipher algorithm. + +@item GCRY_MAC_CMAC_RFC2268 +This is CMAC message authentication algorithm based on the Ron's Cipher 2 +block cipher algorithm. + +@item GCRY_MAC_CMAC_IDEA +This is CMAC message authentication algorithm based on the IDEA +block cipher algorithm. + +@item GCRY_MAC_CMAC_GOST28147 +This is CMAC message authentication algorithm based on the GOST 28147-89 +block cipher algorithm. + @end table @c end table of MAC algorithms @@ -3518,7 +3562,9 @@ In order to use a handle for performing MAC algorithm operations, a @deftypefun gcry_error_t gcry_mac_setkey (gcry_mac_hd_t @var{h}, const void *@var{key}, size_t @var{keylen}) Set the MAC key to the value of @var{key} of length @var{keylen} bytes. With -HMAC algorithms, there is no restriction on the length of the key. +HMAC algorithms, there is no restriction on the length of the key. With CMAC +algorithms, the length of the key is restricted to those supported by the +underlying block cipher. @end deftypefun |