Working with libgcrypt for a project, using the following settings to open a cipher handle:
GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_CBC_MAC
Per the libgcrypt documentation:
GCRY_CIPHER_CBC_MAC: Compute CBC-MAC keyed checksums. This is the same as CBC mode, but only output the last block. Cannot be used simultaneous as GCRY_CIPHER_CBC_CTS.
From research and reading, 'CBC_MAC' is not the same thing as CMAC. But, I can't quite derive from the documentation if libgcrypt supports CMAC? Can some clarify if CMAC is an option in libgcrypt? A list of modes is here, with CMAC not being explicitly listed:
https://www.gnupg.org/documentation/manuals/gcrypt/Available-cipher-modes.html
Yes, it seems you can find it in
gcrypt.h:and in the documentation here. You can create a MAC context by using
gcry_mac_open(see gcrypt.pdf for details).In
cipher.hyou can also find the functions you are looking for, but it is undoubtedly better to create a MAC context instead using the constant above (instead of a cipher in a particular mode).Internal hazmat:
I guess what happened is that libgcrypt started off just with CBC-MAC as a special cipher mode, after which the other MAC's were added using a separate context.
Note that GCM is an authenticated mode that uses GMAC, which is faster than CMAC, so using GCM and CMAC to authenticate the ciphertext (again) makes little sense. If you want to rely on CMAC (arguments can be made that it is more secure) then you could opt for AES-EAX mode as well; it was build using AES-CTR and AES-CMAC as primitives.
In short
GCRY_CIPHER_CBC_MACisn't required and should probably not be used; if you have an authenticated cipher then message integrity / authenticity is already provided.