Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
6.13 Using a MAC That's Reasonably Fast in Software and Hardware
6.13.1 Problem
You want to use a MAC that is fast in both software and hardware. 6.13.2 Solution
Use CMAC. It is available from http://www.zork.org/cmac/. 6.13.3 Discussion
CMAC is the message-integrity component of the CWC encryption mode. It is based on a universal hash function that is similar to hash127. It requires an 11-byte nonce per message. The Zork implementation has the following API: int cmac_init(cmac_t *ctx, unsigned char key[16]); void cmac_mac(cmac_t *ctx, unsigned char *msg, u_int32 msglen, unsigned char nonce[11], unsigned char output[16]); void cmac_cleanup(cmac_t *ctx); void cmac_update(cmac_t *ctx, unsigned char *msg, u_int32 msglen); void cmac_final(cmac_t *ctx, unsigned char nonce[11], unsigned char output[16]); The cmac_t type keeps track of state and needs to be initialized only when you key the algorithm. You can then make messages interchangeably using the all-in-one API or the incremental API. The all-in-one API consists of the cmac_mac( ) function. It takes an entire message and a nonce as arguments and produces a 16-byte output. If you want to use the incremental API, cmac_update( ) is used to pass in part of the message, and cmac_final( ) is used to set the nonce and get the resulting tag. The cmac_cleanup( ) function securely erases the context object. To use the CMAC API, just copy the cmac.h and cmac.c files, and compile and link against cmac.c. 6.13.4 See Also
|