Cryptography Reference
In-Depth Information
We now give the
CMAC
function that computes the CMAC tag associated with
a message. This function makes use of several functions defined in Appendix A,
including the function
messagetobytes
. The input arguments are the key given
either as a list of bytes or as a hex string, the message (with the same format as in
the preceding function), and a name indicating the type of message. The output is
the CMAC tag given as a hexadecimal string.
> CMAC := proc(key::{list, string}, message::string, messagetype::name := file)
local k, m, l, s, b;
k := checkkey(key);
m := messagetobytes(message, messagetype);
l := nops(m);
s := CmacSubkeys(k);
if l mod 16 <> 0 or l = 0 then
m := [op(m), 128, 0$(15-(l mod 16))];
b := zip(BitXor, m[-16 .. -1], s[2]);
m := [op(m[1 .. -17]), op(b)]
else
b := zip(BitXor, m[-16 .. -1], s[1]);
m := [op(m[1 .. -17]), op(b)]
end if;
m := CBCMAC(k, m, [0$16]);
bytestohexstring(m)
end proc:
Note that the message is padded, if necessary, inside the function. The padding
method consists of adding a bit 1 to mark the beginning of the padding and then
completing it with as many bits 0 as needed to make the length a multiple of 128.
Since we work at the byte level and the binary expansion of 128 is 1 followed by
seven zeros, we use a byte 128 to mark the beginning of the padding and then bytes
0 until completing the desired length.
The CMAC algorithm may be represented as follows, for an
l
-block message
m
m
l
, where each block has length
n
(in the NIST standard and in
our implementation,
n
=
m
1
||
m
2
||
...
||
128 since the block cipher used is AES). The subkey
k
1
is
used when the message is not padded, i.e., when
n
=
|
len
(
m
)
, and
k
2
is used when
n
, in which case the 10
i
padding is used.
does not divide len
(
m
)
Example 5.4
In this example we use some of the test strings in [69, Appendix D];
the results may be compared to the tags given there. The hexadecimal strings to be
used as messages and keys are the following:
> m128 := "6bc1bee22e409f96e93d7e117393172a":
m320 := "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c4\
6a35ce411":
