Usage of HMAC inside the code base

Question

Usage of HMAC inside the code base

Trafo opened this issue 4 months ago · 0 comments

I would like to add a more modern encryption algorithm. For that I would like to use AES-GCM, XChaCha20, or others, which already have a MAC included in the encryption pattern.

My naive approach would be, that I just implement an empty HMAC function to the provider because it will not be needed anymore in case I use the more modern algorithm. But is the implementation using the HMAC at other places? For example, I realized it is used in sqlcipher_codec_ctx_integrity_check, without checking before if HMAC calculation is disabled. Are there other places, or I am good to go, to just ignore HMAC because MAC is included already inside the encryption and decryption algorithm?