HOME

TheInfoList



Click Here for Items Related To - OMAC (cryptography)
OR:
OMAC (cryptography) on:   [Wikipedia]   [Google]   [Amazon]

One-key MAC (OMAC) is a family of message authentication codes constructed from a block cipher much like the CBC-MAC algorithm. It may be used to provide assurance of the authenticity and, hence, the integrity of data. Two versions are defined: * The original OMAC of February 2003, which is rarely used. The preferred name is now "OMAC2". * The OMAC1 refinement, which became an NIST recommendation in May 2005 under the name CMAC. OMAC is free for all uses: it is not covered by any patents.


History

The core of the CMAC algorithm is a variation of CBC-MAC that Black and Rogaway proposed and analyzed under the name "XCBC" and submitted to NIST. The XCBC algorithm efficiently addresses the security deficiencies of CBC-MAC, but requires three keys. Iwata and Kurosawa proposed an improvement of XCBC that requires less key material (just one key) and named the resulting algorithm ''One-Key CBC-MAC'' (OMAC) in their papers. They later submitted the OMAC1 (= CMAC), a refinement of OMAC, and additional security analysis.


Algorithm

To generate an -bit CMAC tag (''t'') of a message (''m'') using a ''b''-bit block cipher (''E'') and a secret key (''k''), one first generates two ''b''-bit sub-keys (''k''1 and ''k''2) using the following algorithm (this is equivalent to multiplication by ''x'' and ''x''2 in a
finite field In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field (mathematics), field that contains a finite number of Element (mathematics), elements. As with any field, a finite field is a Set (mathematics), s ...
GF(2''b'')). Let ≪ denote the standard left-shift operator and ⊕ denote bit-wise exclusive or: # Calculate a temporary value ''k''0 = ''Ek''(0). # If msb(''k''0) = 0, then ''k''1 = ''k''0 ≪ 1, else ''k''1 = (''k''0 ≪ 1) ⊕ ''C''; where ''C'' is a certain constant that depends only on ''b''. (Specifically, ''C'' is the non-leading coefficients of the lexicographically first irreducible degree-''b'' binary polynomial with the minimal number of ones: for 64-bit, for 128-bit, and for 256-bit blocks.) # If , then , else . # Return keys (''k''1, ''k''2) for the MAC generation process. As a small example, suppose , , and . Then and . The CMAC tag generation process is as follows: # Divide message into ''b''-bit blocks , where ''m''1, ..., ''m''''n''−1 are complete blocks. (The empty message is treated as one incomplete block.) # If ''mn'' is a complete block then else . # Let . # For , calculate . # # Output . The verification process is as follows: # Use the above algorithm to generate the tag. # Check that the generated tag is equal to the received tag.


Variants

CMAC-C1 is a variant of CMAC that provides additional commitment and context-discovery security guarantees.


Implementations

* Python implementation: see the usage of the AES_CMAC() function in
impacket/blob/master/tests/misc/test_crypto.py
, and its definition in
impacket/blob/master/impacket/crypto.py
* Ruby implementation


References


External links

* The AES-CMAC Algorithm * The AES-CMAC-96 Algorithm and Its Use with IPsec * The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) * OMA
Online Test



Rust implementation
{{Cryptography navbox , hash Message authentication codes Finite fields