review.tizen.org Git - platform/core/security/yaca.git/commit

Add separate API function stubs for HMAC/CMAC context initialization.

MACs are symmetric equivalent for asymmetric signatures. For asymmetric
signatures the signing algorithm can be easily deduced from the key. This is
not the case for MAC's where plain symmetric key tells us nothing about the MAC
algorithm we want to use. Considered solutions:

1. Introducing new key types for MACs. Cons:
- unclear how to handle plain symmetric keys,
- introduces an artificial division in symmetric keys,
- new enum values,
- CMAC cipher has to be set via ctx params.

2. Deducing MAC algorithm from digest algorithm. Digest->HMAC, no digest->CMAC.
Cons:
- unclear which algorithm will be used,
- adding new MAC algorithm may require a significant API change,
- CMAC cipher has to be set via ctx params.

3. Leaving CMAC as a digest algorithm. Cons:
- CMAC is not a digest algorithm. It's an equivalent of HMAC, RSA, DSA,...etc,
- CMAC can't be used for calculating message digest alone,
- CMAC can't be used as a digest algorithm for HMAC
- CMAC cipher has to be set via ctx params.

4. Adding new API for CMAC and HMAC context creation. Cons:
- 1 new functions per MAC algo for context initalization,
- 1 function for signature comparison
- low API flexibility

This is an initial commit for solution 4.

Change-Id: I745854fd7b7d87f2c114475b709566ec512d7bbd

author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Tue, 17 May 2016 09:57:12 +0000 (11:57 +0200)
committer	Dariusz Michaluk <d.michaluk@samsung.com>
	Thu, 19 May 2016 12:11:21 +0000 (14:11 +0200)
commit	5e205eca2631457bbbc1af51323cc28586c81bd8
tree	0b5ff6419eaf2935ab1dba6c9bbffdce6f98ab34	tree \| snapshot
parent	95524d72c14a4a337e7826fbe17b8646ce8dfb0e	commit \| diff

api/yaca/crypto.h		diff \| blob \| history
api/yaca/error.h		diff \| blob \| history
api/yaca/sign.h		diff \| blob \| history
src/crypto.c		diff \| blob \| history
src/sign.c		diff \| blob \| history