X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=README.md;h=3ee1942e4c488bf186ad6d0633bb6bd009745b38;hb=dc3c7b83a9fbf3ae49ec47be6e8e024284b0a91d;hp=4b6d5d872d38203535571ded095024990b2a033b;hpb=ff669c32aa77c9ebfb9c5371b2c8a9d41de614f8;p=oss%2Fctypescrypto.git

diff --git a/README.md b/README.md
index 4b6d5d8..3ee1942 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,6 @@ Also, this extension takes some care of correctly converting textual
 information from ASN.1 structures into unicode.
 
 
-
 Digest calculation
 ------------------
 
@@ -45,6 +44,23 @@ ctypescrypto modules, so it would work with engine-provided digests.
 Additionally there is **DigestType** class which may be needed to
 construct CMS SignedData objects or add signatures to them.
 
+
+MAC calculation
+---------------
+
+Mac is Message Authentication Code - it is like keyed digest, which
+depends not only on message, but also on key, which should be used both
+when initially computing MAC and when verifying it. MACs can be viewed
+as "digital signatures with symmetric keys".
+
+Most common type of MAC is HMAC (i.e. hash-based MAC), described in 
+[RFC 2104](https://tools.ietf.org/html/rfc2104), but there are other,
+for instance [GOST 28147-89](https://tools.ietf.org/html/rfc5830) defines MAC based on symmetric cipher.
+Also GSM 0348 uses DES symmetric cipher as MAC. OpenSSL supports
+GOST mac via loadable engine module, but doesn't seem to support any
+non-HMAC MAC in the core. So, MAC is only test in the test suite which
+requires loadable engine.
+
 Symmetric ciphers
 -----------------
 
@@ -193,6 +209,17 @@ Tests can be run using
 
 Test suite is fairly incomplete. Contributions are welcome.
 
+Note that you need properly installed OpenSSL library with set of CA
+certificates in the certs directory, otherwise default certstore test
+would fail.
+
+You also need gost engine to be available (check with 
+
+   openssl engine gost
+
+) otherwise mac test would crash with error. Unfortunately there is no
+non-HMAC MAC in the openssl core, so GOST MAC is only option.
+
 Possible future enhancements
 ----------------------------
 
@@ -201,7 +228,5 @@ Possible future enhancements
 3. OCSP ([RFC 6960](http://tools.ietf.org/html/rfc6960))request creation and response parsing
 4. Timestamping ([RFC 3161](http://tools.ietf.org/html/rfc3161))
 support.
-6. MAC support. Few people know that there is more MACs than just HMAC,
-and even fewer, that OpenSSL supports them.
 
   vim: spelllang=en tw=72