datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

The AES-CMAC Algorithm
RFC 4493

Document type: RFC - Informational (June 2006)
Was draft-songlee-aes-cmac (individual in sec area)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4493 (Informational)
Responsible AD: Russ Housley
Send notices to: santajunman@hanafos.com, jicheol.lee@samsung.com

Network Working Group                                           JH. Song
Request for Comments: 4493                                 R. Poovendran
Category: Informational                         University of Washington
                                                                  J. Lee
                                                     Samsung Electronics
                                                                T. Iwata
                                                       Nagoya University
                                                               June 2006

                         The AES-CMAC Algorithm

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   The National Institute of Standards and Technology (NIST) has
   recently specified the Cipher-based Message Authentication Code
   (CMAC), which is equivalent to the One-Key CBC MAC1 (OMAC1) submitted
   by Iwata and Kurosawa.  This memo specifies an authentication
   algorithm based on CMAC with the 128-bit Advanced Encryption Standard
   (AES).  This new authentication algorithm is named AES-CMAC.  The
   purpose of this document is to make the AES-CMAC algorithm
   conveniently available to the Internet Community.

Song, et al.                 Informational                      [Page 1]
RFC 4493                 The AES-CMAC Algorithm                June 2006

Table of Contents

   1. Introduction ....................................................2
   2. Specification of AES-CMAC .......................................3
      2.1. Basic Definitions ..........................................3
      2.2. Overview ...................................................4
      2.3. Subkey Generation Algorithm ................................5
      2.4. MAC Generation Algorithm ...................................7
      2.5. MAC Verification Algorithm .................................9
   3. Security Considerations ........................................10
   4. Test Vectors ...................................................11
   5. Acknowledgement ................................................12
   6. References .....................................................12
      6.1. Normative References ......................................12
      6.2. Informative References ....................................12
   Appendix A. Test Code .............................................14

1.  Introduction

   The National Institute of Standards and Technology (NIST) has
   recently specified the Cipher-based Message Authentication Code
   (CMAC).  CMAC [NIST-CMAC] is a keyed hash function that is based on a
   symmetric key block cipher, such as the Advanced Encryption Standard
   [NIST-AES].  CMAC is equivalent to the One-Key CBC MAC1 (OMAC1)
   submitted by Iwata and Kurosawa [OMAC1a, OMAC1b].  OMAC1 is an
   improvement of the eXtended Cipher Block Chaining mode (XCBC)
   submitted by Black and Rogaway [XCBCa, XCBCb], which itself is an
   improvement of the basic Cipher Block Chaining-Message Authentication
   Code (CBC-MAC).  XCBC efficiently addresses the security deficiencies
   of CBC-MAC, and OMAC1 efficiently reduces the key size of XCBC.

   AES-CMAC provides stronger assurance of data integrity than a
   checksum or an error-detecting code.  The verification of a checksum
   or an error-detecting code detects only accidental modifications of
   the data, while CMAC is designed to detect intentional, unauthorized
   modifications of the data, as well as accidental modifications.

   AES-CMAC achieves a security goal similar to that of HMAC [RFC-HMAC].
   Since AES-CMAC is based on a symmetric key block cipher, AES, and
   HMAC is based on a hash function, such as SHA-1, AES-CMAC is
   appropriate for information systems in which AES is more readily
   available than a hash function.

   This memo specifies the authentication algorithm based on CMAC with
   AES-128.  This new authentication algorithm is named AES-CMAC.

Song, et al.                 Informational                      [Page 2]
RFC 4493                 The AES-CMAC Algorithm                June 2006

2.  Specification of AES-CMAC

2.1.  Basic Definitions

   The following table describes the basic definitions necessary to
   explain the specification of AES-CMAC.

   x || y          Concatenation.
                   x || y is the string x concatenated with the string
                   y.
                   0000 || 1111 is 00001111.

   x XOR y         Exclusive-OR operation.
                   For two equal length strings, x and y,

[include full document text]