On Tue, Mar 05, 2013, Matt Caswell wrote: > Hi Steve > > On 4 March 2013 14:22, Dr. Stephen Henson <st...@openssl.org> wrote: > > > CMAC needs a separate API because it doesn't behave like a normal cipher. > > Check out the CMAC_* functions. They behave in a very similar way to the > > HMAC_* functions except they take a cipher instead of a digest algorithm. > > > > I am intrigued by this answer, because I was under the impression that you > can calculate CMACs using the EVP_DigestSign* API. (I have some sample code > that does it!!) However, your answer above seems to imply that that is not > the case. Is the EVP interface not suitable for some reason? >
Ah I should've been clearer. The CMAC isn't a cipher so you can't use EVP_Cipher* like functions and you can't use EVP_get_cipherbyname. It's nearer to HMAC but it uses a cipher instead of a digest algorithm. So in the same way as you have HMAC* functions you also have CMAC* functions. There *is* a generalised MAC interface which can be used for both HMAC, CMAC and GOST-MAC and others in future. That is via the (somewhat inappropriately named now) EVP_DigestSign* API. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
