21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

void DGST_Update(DGST_CTX *ctx, unsigned char *m, size_t len);<br />

void DGST_Final(unsigned char *tag. DGST_CTX *ctx);<br />

Some hash function implementations won’t have an explicit reset implementation, in<br />

which case you can implement the reset functionality by calling DGST_Init( ) again.<br />

Even though OpenSSLalready has an HMAC implementation, here is an example of<br />

binding the previous HMAC implementation to OpenSSL’s SHA1 implementation:<br />

typedef SHA_CTX DGST_CTX;<br />

#define DGST_BLK_SZ 64<br />

#define DGST_OUT_SZ 20<br />

#define DGST_Init(x) SHA1_Init(x)<br />

#define DGST_Reset(x) DGST_Init(x)<br />

#define DGST_Update(x, m, l) SHA1_Update(x, m, l)<br />

#define DGST_Final(o, x) SHA1_Final(o, x)<br />

See Also<br />

Recipes 5.26, 6.3, 6.4, 6.9<br />

6.11 Using OMAC (a Simple Block Cipher–Based<br />

MAC)<br />

<strong>Problem</strong><br />

You want to use a simple MAC based on a block cipher, such as AES.<br />

Solution<br />

Use the OMAC implementation provided in the “Discussion” section.<br />

Discussion<br />

Be sure to look at our generic recommendations for using a MAC (see<br />

Recipe 6.9).<br />

OMAC is a straightforward message authentication algorithm based on the CBCencryption<br />

mode. It fixes some security problems with the naïve implementation of a<br />

MAC from CBC mode (CBC-MAC). In particular, that MAC is susceptible to lengthextension<br />

attacks, similar to the ones we consider for cryptographic hash functions<br />

in Recipe 6.7.<br />

280 | Chapter 6: Hashes and Message Authentication<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!