17 unstable releases
Uses new Rust 2024
| 0.8.0-rc.0 | May 30, 2025 |
|---|---|
| 0.8.0-pre.3 | Mar 7, 2025 |
| 0.8.0-pre.2 | Aug 14, 2024 |
| 0.8.0-pre.1 | Jul 27, 2024 |
| 0.0.0 | Jul 22, 2017 |
#2670 in Cryptography
179,641 downloads per month
Used in 155 crates
(27 directly)
47KB
152 lines
RustCrypto: CMAC
Generic implementation of Cipher-based Message Authentication Code (CMAC), otherwise known as OMAC1.
Examples
We will use AES-128 block cipher from the aes crate.
To get the authentication code:
use aes::Aes128;
use cmac::{digest::KeyInit, Cmac, Mac};
// Create `Mac` trait implementation, namely CMAC-AES128
let mut mac = Cmac::<Aes128>::new_from_slice(b"very secret key.").unwrap();
mac.update(b"input message");
// `result` has type `Output` which is a thin wrapper around array of
// bytes for providing constant time equality check
let result = mac.finalize();
// To get underlying array use the `into_bytes` method, but be careful,
// since incorrect use of the tag value may permit timing attacks which
// defeat the security provided by the `Output` wrapper
let tag_bytes = result.into_bytes();
To verify the message:
use aes::Aes128;
use cmac::{digest::KeyInit, Cmac, Mac};
let mut mac = Cmac::<Aes128>::new_from_slice(b"very secret key.").unwrap();
mac.update(b"input message");
# let tag_bytes = mac.clone().finalize().into_bytes();
// `verify` will return `Ok(())` if tag is correct, `Err(MacError)` otherwise
mac.verify(&tag_bytes).unwrap();
License
Licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Dependencies
~795KB
~20K SLoC