Package Cryptodome :: Package Hash :: Module CMAC :: Class CMAC

Class CMAC

object --+
         |
        CMAC

Class that implements CMAC
Instance Methods
 
__init__(self, key, msg=None, ciphermod=None, cipher_params=None)
Create a new CMAC object.
 
update(self, msg)
Continue authentication of a message by consuming the next chunk of data.
 
copy(self)
Return a copy ("clone") of the MAC object.
 
digest(self)
Return the binary (non-printable) MAC of the message that has been authenticated so far.
 
hexdigest(self)
Return the printable MAC of the message that has been authenticated so far.
 
verify(self, mac_tag)
Verify that a given binary MAC (computed by another party) is valid.
 
hexverify(self, hex_mac_tag)
Verify that a given printable MAC (computed by another party) is valid.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables
  digest_size = None
The size of the authentication tag produced by the MAC.
Properties

Inherited from object: __class__

Method Details

__init__(self, key, msg=None, ciphermod=None, cipher_params=None)
(Constructor)

 
Create a new CMAC object.
Parameters:
  • key (byte string) - secret key for the CMAC object. The key must be valid for the underlying cipher algorithm. For instance, it must be 16 bytes long for AES-128.
  • msg (byte string) - The very first chunk of the message to authenticate. It is equivalent to an early call to update. Optional.
  • ciphermod (module) - A cipher module from Cryptodome.Cipher. The cipher's block size has to be 128 bits. It is recommended to use Cryptodome.Cipher.AES.
  • cipher_params (dictionary) - Extra keywords to use when creating a new cipher.
Overrides: object.__init__

update(self, msg)

 

Continue authentication of a message by consuming the next chunk of data.

Repeated calls are equivalent to a single call with the concatenation of all the arguments. In other words:

>>> m.update(a); m.update(b)

is equivalent to:

>>> m.update(a+b)
Parameters:
  • msg (byte string) - The next chunk of the message being authenticated

copy(self)

 

Return a copy ("clone") of the MAC object.

The copy will have the same internal state as the original MAC object. This can be used to efficiently compute the MAC of strings that share a common initial substring.

Returns:
A CMAC object

digest(self)

 

Return the binary (non-printable) MAC of the message that has been authenticated so far.

This method does not change the state of the MAC object. You can continue updating the object after calling this function.

Returns:
A byte string of digest_size bytes. It may contain non-ASCII characters, including null bytes.

hexdigest(self)

 

Return the printable MAC of the message that has been authenticated so far.

This method does not change the state of the MAC object.

Returns:
A string of 2* digest_size bytes. It contains only hexadecimal ASCII digits.

verify(self, mac_tag)

 
Verify that a given binary MAC (computed by another party) is valid.
Parameters:
  • mac_tag (byte string) - The expected MAC of the message.
Raises:
  • ValueError - if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect.

hexverify(self, hex_mac_tag)

 
Verify that a given printable MAC (computed by another party) is valid.
Parameters:
  • hex_mac_tag (string) - The expected MAC of the message, as a hexadecimal string.
Raises:
  • ValueError - if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect.