HMAC and CMAC Verification - mbed-tls - lists.trustedfirmware.org

List overview All Threads
Download

HMAC and CMAC Verification

Re: What am I doing wrong?

User configuration

Ahmed Mohammed

11 Jul 2022 11 Jul '22

1:47 a.m.

Hello,

I am wondering if there are APIs for Hmac and Cmac verification?

from md.h and cmac.h, Hmac and Cmac generation functionalities are provided in a single and streaming approach. But is there a plan to add verification APIs for future releases maybe?

Kind regards, Ahmed Mohammed

Attachments:

attachment.html (text/html — 406 bytes)

Reply

Show replies by date

Gilles Peskine

8 Sep 8 Sep

10:27 p.m.

Hello,

With the mbedtls_md and mbedtls_cmac APIs, there is no dedicated function for verification. Use the MAC calculation function, then use mbedtls_ct_memcmp() from mbedtls/constant_time.h to compare the expected MAC with the calculated MAC.

With the PSA API, there is a dedicated function psa_mac_verify(), and psa_mac_verify_finish() for a multipart calculation.

The classic (non-PSA) crypto APIs will not change much at this point, and will be removed from the public API in a future major release (probably the next one). We are not planning to add MAC verification functions to md.h or cmac.h.

Best regards,

-- Gilles Peskine Mbed TLS developer On 11/07/2022 02:47, Ahmed Mohammed via mbed-tls wrote: > Hello, > > I am wondering if there are APIs for Hmac and Cmac verification? > > from md.h and cmac.h, Hmac and Cmac generation functionalities are > provided in a single and streaming approach. But is there a plan to > add verification APIs for future releases maybe? > > > Kind regards, > Ahmed Mohammed >

Reply

806

days inactive

865

days old

mbed-tls@lists.trustedfirmware.org

1 comments

participants

tags (0)

participants (2)

Ahmed Mohammed
Gilles Peskine