Module CMAC
CMAC (Cipher-based Message Authentication Code) algorithm
CMAC is a MAC defined in NIST SP 800-38B and in RFC4493 (for AES only)
and constructed using a block cipher. It was originally known as OMAC1.
The algorithm is sometimes named X-CMAC where X is the name
of the cipher (e.g. AES-CMAC).
This is an example showing how to create an AES-CMAC:
>>> from Cryptodome.Hash import CMAC
>>> from Cryptodome.Cipher import AES
>>>
>>> secret = b'Sixteen byte key'
>>> cobj = CMAC.new(secret, ciphermod=AES)
>>> cobj.update(b'Hello')
>>> print cobj.hexdigest()
And this is an example showing how to check an AES-CMAC:
>>> from Cryptodome.Hash import CMAC
>>> from Cryptodome.Cipher import AES
>>>
>>>
>>>
>>>
>>> secret = b'Sixteen byte key'
>>> cobj = CMAC.new(secret, ciphermod=AES)
>>> cobj.update(msg)
>>> try:
>>> cobj.verify(mac)
>>> print "The message '%s' is authentic" % msg
>>> except ValueError:
>>> print "The message or the key is wrong"
A cipher block size of 128 bits (like for AES) guarantees that the risk
of MAC collisions remains negligeable even when the same CMAC key is
used to authenticate a large amount of data (2^22 Gbytes).
This implementation allows also usage of ciphers with a 64 bits block size
(like TDES) for legacy purposes only.
However, the risk is much higher and one CMAC key should be rotated
after as little as 16 MBytes (in total) have been authenticated.
|
CMAC
Class that implements CMAC
|
|
new(key,
msg=None,
ciphermod=None,
cipher_params=None)
Create a new CMAC object. |
|
|
|
digest_size = None
The size of the authentication tag produced by the MAC.
|
|
__package__ = ' Cryptodome.Hash '
|
new(key,
msg=None,
ciphermod=None,
cipher_params=None)
|
|
Create a new CMAC object.
- Parameters:
key (byte string) - secret key for the CMAC object.
The key must be valid for the underlying cipher algorithm.
For instance, it must be 16 bytes long for AES-128.
msg (byte string) - The very first chunk of the message to authenticate.
It is equivalent to an early call to CMAC.update. Optional.
ciphermod (module) - A cipher module from Cryptodome.Cipher.
The cipher's block size has to be 128 bits,
like Cryptodome.Cipher.AES, to reduce the probability of collisions.
- Returns:
- A CMAC object
|