Add support for CMAC #891
Add support for CMAC #891
Conversation
|
Thanks for working on this series. The base class Regarding the method naming, is there particular reason for choosing The Also, we need docs. |
| @@ -0,0 +1,174 @@ | |||
| #include "ossl.h" | |||
|
|
|||
| #if OSSL_OPENSSL_PREREQ(3, 0, 0) | |||
There was a problem hiding this comment.
I believe LibreSSL and AWS-LC will eventually implement the EVP_MAC API too. Please use an extconf.rb check instead of relying on the version number.
| @@ -187,6 +187,7 @@ extern VALUE dOSSL; | |||
| #include "ossl_digest.h" | |||
| #include "ossl_engine.h" | |||
| #include "ossl_hmac.h" | |||
| #include "ossl_mac.h" | |||
| #include "ossl_kdf.h" | |||
There was a problem hiding this comment.
Please sort them in alphabetical order.
| EVP_MAC_free(mac); | ||
| ossl_raise(eMACError, "EVP_MAC_CTX_new"); | ||
| } | ||
| SetMAC(self, ctx); |
There was a problem hiding this comment.
Technically, #initialize and #initialize_copy can be called twice, and in that case EVP_MAC_CTX already stored in RTYPEDDATA_DATA(self) will leak. It should be prevented.
I suggest taking a look at ossl_pkey*.c which deals with this issue by raising an exception.
| def hexmac | ||
| mac.unpack1('H*') | ||
| end | ||
| alias inspect hexmac |
There was a problem hiding this comment.
I think people would expect #inspect to show the class name or the algorithm rather than the calculated MAC.
| return false unless self.mac.bytesize == other.mac.bytesize | ||
|
|
||
| OpenSSL.fixed_length_secure_compare(self.mac, other.mac) | ||
| end |
There was a problem hiding this comment.
Comparing MACs generated by different algorithms or parameters would be pointless, but this doesn't prevent it and it's probably not possible unless we store parameters or sensitive keys ourselves, which would be a bad idea.
Honestly, I'm not sure if this should be provided by this library.
Follow-up to #806.
Implements #802 by adding the
OpenSSL::MACandOpenSSL::MAC::CMACclasses.The classes are defined if compiled against OpenSSL 3.