The document contains a corrected version of Appendix D of Special Publication 800-
38B, which specifies examples for the CMAC authentication mode. In particular, the
values of the MAC, T, for Examples 14, 15, 18, and 19 have been corrected.
Appendix D: Examples
In this appendix, twenty examples are provided for the MAC generation process. The
underlying block cipher is either the AES algorithm or TDEA. A block cipher key is
fixed for each of the currently allowed key sizes, i.e., AES-128, AES-192, AES-256, two
key TDEA, and three key TDEA. For each key, the generation of the associated subkeys
is given, followed by four examples of MAC generation with the key. The messages in
each set of examples are derived by truncating a common fixed string of 64 bytes.
All strings are represented in hexadecimal notation, with a space (or a new line) inserted
every 8 symbols, for readability. As in the body of the Recommendation, K1 and K2
denote the subkeys, M denotes the message, and T denotes the MAC. For the AES
algorithm examples, Tlen is 128, i.e., 32 hexadecimal symbols, and K denotes the key.
For the TDEA examples, Tlen is 64, i.e., 16 hexadecimal symbols, and the key, K, is the
ordered triple of strings, (Key1, Key2, Key3). For two key TDEA, Key1 = Key3.
D.1 AES-128
For Examples 1–4 below, the block cipher is the AES algorithm with the following 128
bit key:
K 2b7e1516 28aed2a6 abf71588 09cf4f3c.
Subkey Generation
CIPH
K
(0
128
) 7df76b0c 1ab899b3 3e42f047 b91b546f
K1 fbeed618 35713366 7c85e08f 7236a8de
K2 f7ddac30 6ae266cc f90bc11e e46d513b
Example 1: Mlen 0
M <empty string>
T bb1d6929 e9593728 7fa37d12 9b756746
Example 2: Mlen = 128
M 6bc1bee2 2e409f96 e93d7e11 7393172a
T 070a16b4 6b4d4144 f79bdd9d d04a287c
Example 3: Mlen = 320
M 6bc1bee2 2e409f96 e93d7e11 7393172a
ae2d8a57 1e03ac9c 9eb76fac 45af8e51
30c81c46 a35ce411
T dfa66747 de9ae630 30ca3261 1497c827
评论0