cmac

package module

v1.1.0 Latest Latest Go to latest Published: May 17, 2022 License: MIT Imports: 2 Imported by: 14

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chmike/cmac-go

Links

Open Source Insights

README ¶

Cipher-based Message Authentication Code

This package implements the Cipher-based Message Authentication Code as defined in the RFC4493 and NIST special publication 800-38B, "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication", May 2005.

It achieves a security goal similar to that of HMAC, but uses a symmetric key block cipher like AES. CMAC is appropriate for information systems in which a block cipher is more readily available than a hash function.

Like HMAC, CMAC uses a key to sign a message. The receiver verifies the Massage Authenticating Code by recomputing it using the same key.

Installation

go get github.com/chmike/cmac-go

Usage example

import (
    "crypto/aes"

    "github.com/chmike/cmac-go"
)

// Instantiate the cmac hash.Hash.
cm, err := cmac.New(aes.NewCipher, key)
if err != nil {
    // ...
}

// Compute the CMAC of a message. Never returns an error.
// The parameter may be an empty slice or nil. 
// Write may be called multiple times.
cm.Write([]byte("some message"))

// Get the computed MAC. It may be followed by more Writes and sum calls.
mac1 := cm.Sum(nil)

// Important: use cmac.Equal() instead of bytes.Equal().
// It doesn't leak timing information.
if !cmac.Equal(mac1, mac2) {
    // mac mismatch
}

// Use Reset to clear the state of the cmac calculator. You may then
// start processing a new message.
cm.Reset()

Documentation ¶

Overview ¶

Package cmac implements the Cipher-based Message Authentication Code as defined in the RFC4493 and NIST special publication 800-38B, "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication", May 2005.

It achieves a security goal similar to that of HMAC, but uses a symmetric key block cipher like AES. CMAC is appropriate for information systems in which a block cipher is more readily available than a hash function.

Like HMAC, CMAC uses a key to sign a message. The receiver verifies the Massage Authenticating Code by recomputing it using the same key.

Receivers should be careful to use Equal to compare MACs in order to avoid timing side-channels:

// CheckMAC reports whether messageMAC is a valid HMAC tag for message.
func CheckMAC(message, messageMAC, key []byte) bool {
	mac := cmac.New(aes.New, key)
	mac.Write(message)
	expectedMAC := mac.Sum(nil)
	return cmac.Equal(messageMAC, expectedMAC)
}

Index ¶

func Equal(mac1, mac2 []byte) bool
func New(newCipher NewCipherFunc, key []byte) (hash.Hash, error)
type NewCipherFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Equal ¶

func Equal(mac1, mac2 []byte) bool

Equal compares two MACs for equality without leaking timing information.

func New ¶

func New(newCipher NewCipherFunc, key []byte) (hash.Hash, error)

New returns a new CMAC hash using the given cipher instantiation function and key.

Types ¶

type NewCipherFunc ¶

type NewCipherFunc func(key []byte) (cipher.Block, error)

NewCipherFunc instantiates a block cipher

Source Files ¶

View all Source files

cmac.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL