CMAC基于块加密的消息认证码

CMAC基于块加密的消息认证码

Rust实现


Subkey Generation

  • \(R_{128} = 0^{120}10000111; R_{64}=0^{59}11011\);
  • \(Cipher_{K}\)指密钥为\(K\)的加密函数;

\[\begin{aligned} & b = Cipher_{K}.block\_size() \\ & L = Cipher_{K}(0^b) \\ & K_1 = L \ll 1 \quad if\quad MSB_{1}(L) = 0,\quad otherwise \quad (L \ll 1) \oplus R_{b} \\ & K_2 = K_1 \ll 1 \quad if\quad MSB_{1}(K_1)=0,\quad otherwise \quad (K_1 \ll 1) \oplus R_{b} \\ & return \quad (K_1, K_2) \end{aligned} \]

MAC Generation

\[\begin{aligned} & n = 1 \quad if \quad len(M) = 0, \quad otherwise\quad \lceil len(M)/b \rceil \\ & M = M_1 || M_2 || \dots || M_{n-1} || M_n^{*} \\ & M_n = M_n^{*} \oplus K_1\quad if\quad len(M)\mod b = 0,\quad otherwise\quad K_2 \oplus (M_n^{*} || 10^j),\quad j = n*b - (len(M)\mod b)\\ & C_0 = 0^b \\ & C_i = Cipher_{K}(C_{i-1}\oplus M_i) \\ & return\quad C_i \end{aligned} \]

MAC Verification

\[T' = CMAC(K, M) \]

参考资料

  • SP 800-38B;
posted @ 2020-10-11 09:44  mengsuenyan  阅读(867)  评论(0编辑  收藏  举报