The AES-CMAC Algorithm
Voir toute la rfc dans une seule page
Page : 10 / 20
Télécharger le PDF
Auteur(s) :
J. Lee,
JH. Song,
R. Poovendran,
T. Iwata
Classé sous :
Cipher-based message authentication code,
Omac1,
One-key cbc mac1,
Advanced encryption algorithm
RFC 4493 The AES-CMAC Algorithm June 2006
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Algorithm Verify_MAC +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Input : K ( 128-bit Key ) +
+ : M ( message to be verified ) +
+ : len ( length of the message in octets ) +
+ : T' ( the received MAC to be verified ) +
+ Output : INVALID or VALID +
+ +
+-------------------------------------------------------------------+
+ +
+ Step 1. T* := AES-CMAC(K,M,len); +
+ Step 2. if T* is equal to T' +
+ then +
+ return VALID; +
+ else +
+ return INVALID; +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Figure 2.4. Algorithm Verify_MAC
In step 1, T* is derived from K, M, and len through the MAC
generation algorithm.
In step 2, T* and T' are compared. If T* is equal to T', then return
VALID; otherwise return INVALID.
If the output is INVALID, then the message is definitely not
authentic, i.e., it did not originate from a source that executed the
generation process on the message to produce the purported MAC.
If the output is VALID, then the design of the AES-CMAC provides
assurance that the message is authentic and, hence, was not corrupted
in transit; however, this assurance, as for any MAC algorithm, is not
absolute.
3. Security Considerations
The security provided by AES-CMAC is built on the strong
cryptographic algorithm AES. However, as is true with any
cryptographic algorithm, part of its strength lies in the secret key,
K, and the correctness of the implementation in all of the
participating systems. If the secret key is compromised or
inappropriately shared, it guarantees neither authentication nor
integrity of message at all. The secret key shall be generated in a
way that meets the pseudo randomness requirement of RFC 4086
[RFC4086] and should be kept safe. If and only if AES-CMAC is used
Song, et al. Informational [Page 10]