Cradicle Explorer
Le-Sec-stories
/ story-16-MACs.org
story-16-MACs.org
 1  #+TITLE: Story 16 - MACs
 2  #+OPTIONS: author:nil date:nil
 3  
 4  MACs...  in a way, they are a strange sort of beast, at least seen from
 5  relatively simple concepts like symmetric encryption or asymmetric signing.
 6  
 7  * Keys
 8  
 9  MACs have a concept of keys, but the use of a key depends very much on the
10  MAC algorithm as well as the underlying processing algorithm (digests for
11  HMAC, symmetric ciphers for CMAC, etc).
12  
13  The question is, especially considering that there already are key types,
14  specific to the underlying processing algorithm in some cases (again,
15  symmetric ciphers) while not in others (digests usually don't have keys),
16  exactly how are all those different key types going to be represented in a
17  public API?
18  
19  The easiest answer is most likely to not even try to represent them in a
20  public API, and rather leave that to the implementation.  Still, something
21  is needed in the public API.
22  
23  An idea would be to have a general key type for MACs, i.e. the type
24  ~LSC_mac_key_t~.  If the underlying processing algorithm has a key type of
25  its own, it's up to the implementation to deal with that.
26  
27  An idea with ~LSC_mac_key_t~ could be to let it implement just a subset of
28  what the underlying processing algorithm's key type implements, and have the
29  MAC level key implementation simply map implemented calls to the underlying
30  key implementaion.  That way, it should be simple to construct a key from
31  the same sort of data that the underlying processing algorithm itself
32  supports.
33  
34  * Signature or digest?
35  
36  MACs have been spoken about in terms of signing as well as of (keyed)
37  digests.  As a matter of fact, the distinction matters very little, because
38  with Le'Sec Crypto, the API made available for signatures and for digests is
39  very similar.  Both use ~accumulate~ and ~finalize~ as their main processing
40  functions, and MACs can simply do the same.
41  
42  * Nomenclature
43  
44  The regular English nomenclature doesn't quite work for MACs.  As opposed to
45  what's discussed in [[file:story-14-Musings-on-English.org::+TITLE: Story 14 - Musings on English][Story 14 - Musings on English]], ~mac~ doesn't seem to
46  have any inflection.  How irregular!
47  
48  Therefore, ~mac~ is chosen as the common word for all API types and functions.
49  ~LSC_mac_t~, ~LSC_mac_key_t~, ~LSC_perform_mac_once~, ~LSC_start_mac~,
50  ~LSC_stop_mac~, etc, etc, etc.  Let's hope we don't get any symbol clashes!