Package Crypto :: Package Hash :: Module CMAC
[frames] | no frames]

Module CMAC

CMAC (Cipher-based Message Authentication Code) algorithm

CMAC is a MAC defined in NIST SP 800-38B and in RFC4493 (for AES only) and constructed using a block cipher. It was originally known as OMAC1.

The algorithm is sometimes named X-CMAC where X is the name of the cipher (e.g. AES-CMAC).

This is an example showing how to create an AES-CMAC:

>>> from Crypto.Hash import CMAC
>>> from Crypto.Cipher import AES
>>>
>>> secret = b'Sixteen byte key'
>>> cobj = CMAC.new(secret, ciphermod=AES)
>>> cobj.update(b'Hello')
>>> print cobj.hexdigest()

And this is an example showing how to check an AES-CMAC:

>>> from Crypto.Hash import CMAC
>>> from Crypto.Cipher import AES
>>>
>>> # We have received a message 'msg' together
>>> # with its MAC 'mac'
>>>
>>> secret = b'Sixteen byte key'
>>> cobj = CMAC.new(secret, ciphermod=AES)
>>> cobj.update(msg)
>>> try:
>>>   cobj.verify(mac)
>>>   print "The message '%s' is authentic" % msg
>>> except ValueError:
>>>   print "The message or the key is wrong"
Classes
  CMAC
Class that implements CMAC
Functions
 
new(key, msg=None, ciphermod=None)
Create a new CMAC object.
Variables
  digest_size = None
The size of the authentication tag produced by the MAC.
Function Details

new(key, msg=None, ciphermod=None)

 
Create a new CMAC object.
Parameters:
  • key (byte string) - secret key for the CMAC object. The key must be valid for the underlying cipher algorithm. For instance, it must be 16 bytes long for AES-128.
  • msg (byte string) - The very first chunk of the message to authenticate. It is equivalent to an early call to CMAC.update. Optional.
  • ciphermod (module) - A cipher module from Crypto.Cipher. The cipher's block size must be 64 or 128 bits. Default is Crypto.Cipher.AES.
Returns:
A CMAC object