Have you looked at OpenSSL 3.0 Alpha?

Hal Murray hmurray at megapathdsl.net
Tue Oct 6 18:15:24 UTC 2020 

They have deprecated the cmac interface.

There are 2 recommended replacements: EVP and PKey.

I've worked out how to do it in attic/cmac_timing.c but I haven't fixed up the 
shared-key code yet.  When I did that, I was focused on the shared key area 
and didn't think about aes_siv.

# CMAC        KL PL CL  ns/op sec/run
     AES-128  16 48 16    962   0.962

# PKEY        KL PL CL  ns/op sec/run
     AES-128  16 48 16    518   0.518

# EVP_MAC     KL PL CL  ns/op sec/run
     AES-128  16 48 16   1150   1.150

Preload cipher and key.
     AES-128  16 48 16    178   0.178

There are two interesting pieces of fine print.

You need to set a flag or Pkey does a malloc/free each time you run it.  (aka 
it is seriously slow)
        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE);

For EVP, the initialization/setup code has been split into 2 steps.  One sets 
up the tables or whatever to work with this key.  The other initializes the 
internal state.  If you do 2 operations with the same key, it's a lot faster 
if you avoid the second table setup.  C2S and S2C are different keys but we 
can take advantage of that with the cookie key.  I'll have to run some more 
tests to see how much of the table setup is cypher vs key.

For the shared key stuff, I could allocate a ctx per key.  Even without that, 
on the server side, the response is using the same key as the request so I can 
avoid the setup half the time.

Can you set things up to bypass the key setup step if I pass in a NULL key?  
Or something like that.  That will let me bypass the table setup for cookies.

-------

old/current cmac code:
  CMAC_Init(cmac, key, keylength, cipher, NULL)
  CMAC_Update(cmac, pkt, pktlength)
  CMAC_Final(cmac, answer, &len)

new Pkey code:
  EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey)
  EVP_DigestSign(ctx, answer, &len, pkt, pktlength);

new EVP code:
  5 lines of OSSL_PARAM setup
  EVP_MAC_CTX_set_params (ctx, params)  <= this is the table setup
  EVP_MAC_init(ctx)
  EVP_MAC_update(ctx, pkt, pktlength)
  EVP_MAC_final(ctx, answer, &len, sizeof(answer))


-- 
These are my opinions.  I hate spam.

More information about the devel mailing list