cmac

package module

v1.1.0 Latest Latest Go to latest Published: May 17, 2022 License: MIT Imports: 2 Imported by: 16

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/chmike/cmac-go

Links

Open Source Insights

README ¶

Cipher-based Message Authentication Code

This package implements the Cipher-based Message Authentication Code as defined in the RFC4493 and NIST special publication 800-38B, "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication", May 2005.

It achieves a security goal similar to that of HMAC, but uses a symmetric key block cipher like AES. CMAC is appropriate for information systems in which a block cipher is more readily available than a hash function.

Like HMAC, CMAC uses a key to sign a message. The receiver verifies the Massage Authenticating Code by recomputing it using the same key.

Installation

go get github.com/chmike/cmac-go

Usage example

import (
    "crypto/aes"

    "github.com/chmike/cmac-go"
)

// Instantiate the cmac hash.Hash.
cm, err := cmac.New(aes.NewCipher, key)
if err != nil {
    // ...
}

// Compute the CMAC of a message. Never returns an error.
// The parameter may be an empty slice or nil. 
// Write may be called multiple times.
cm.Write([]byte("some message"))

// Get the computed MAC. It may be followed by more Writes and sum calls.
mac1 := cm.Sum(nil)

// Important: use cmac.Equal() instead of bytes.Equal().
// It doesn't leak timing information.
if !cmac.Equal(mac1, mac2) {
    // mac mismatch
}

// Use Reset to clear the state of the cmac calculator. You may then
// start processing a new message.
cm.Reset()

Documentation ¶

Overview ¶

Package cmac implements the Cipher-based Message Authentication Code as defined in the RFC4493 and NIST special publication 800-38B, "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication", May 2005.

It achieves a security goal similar to that of HMAC, but uses a symmetric key block cipher like AES. CMAC is appropriate for information systems in which a block cipher is more readily available than a hash function.

Like HMAC, CMAC uses a key to sign a message. The receiver verifies the Massage Authenticating Code by recomputing it using the same key.

Receivers should be careful to use Equal to compare MACs in order to avoid timing side-channels:

// CheckMAC reports whether messageMAC is a valid HMAC tag for message.
func CheckMAC(message, messageMAC, key []byte) bool {
	mac := cmac.New(aes.New, key)
	mac.Write(message)
	expectedMAC := mac.Sum(nil)
	return cmac.Equal(messageMAC, expectedMAC)
}

Index ¶

func Equal(mac1, mac2 []byte) bool
func New(newCipher NewCipherFunc, key []byte) (hash.Hash, error)
type NewCipherFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Equal ¶

func Equal(mac1, mac2 []byte) bool

Equal compares two MACs for equality without leaking timing information.

func New ¶

func New(newCipher NewCipherFunc, key []byte) (hash.Hash, error)

New returns a new CMAC hash using the given cipher instantiation function and key.

Types ¶

type NewCipherFunc ¶

type NewCipherFunc func(key []byte) (cipher.Block, error)

NewCipherFunc instantiates a block cipher

Source Files ¶

View all Source files

cmac.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL