2

i'm using the following code to get a AESCMAC

Mac mac = Mac.getInstance("aescmac", new BouncyCastleProvider());
mac.init(k_mac );
byte[] tooLong = mac.doFinal(tmp);

doFinal will generate a byte-Array with the size of 16, but i would like it to be 8 bytes long. i see there is a method getMacLength() with returns 16 but no setMacLength method. thx for your help

Qwerky
  • 18,217
  • 6
  • 44
  • 80
user980045
  • 21
  • 2

3 Answers3

3

According to NIST 800-38B, chapter 6.2 (MAC Generation), step 7, to generate a N-bit MAC you simply take the N most significant bits. Appendix A.2 discusses the consequences of using shortened MAC.

ojs
  • 285
  • 1
  • 13
1

The AES-CMAC produces a 128bit MAC (see https://www.rfc-editor.org/rfc/rfc4493), i.e. 16 bytes. If you want a 8 byte mac, choose an algorithm that produces a 64bit MAC.

Is there any particular reason why you want a 64 bit rather than a 128 bit MAC?

Community
  • 1
  • 1
Qwerky
  • 18,217
  • 6
  • 44
  • 80
  • I'm implementing Secure Messaging for the new german identity card. See Page 28 of http://www2.icao.int/en/MRTD/Downloads/Technical%20Reports/Technical%20Report.pdf. It says: "For message authentication AES SHALL be used in CMAC-mode [20] with KMAC with a MAC length of 8 bytes. The datagram to be authenticated SHALL be prepended by the Send Sequence Counter" – user980045 Oct 05 '11 at 11:31
  • 1
    Everything works so far, if i do it like this: Mac mac = Mac.getInstance("aescmac", new BouncyCastleProvider()); mac.init(k_mac ); byte[] tooLong = mac.doFinal(tmp); byte[] ret = new byte[8]; //TODO find a better way, maybe algorithmparameterspec System.arraycopy(tooLong, 0, ret, 0, 8); return ret; But this way isn't very nice. – user980045 Oct 05 '11 at 11:35
  • @user980045 The doc you linked has a reference [20] to NIST SP_800-38B. Have a look at that recommendation here; http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf and you will see in Appendix D that `For the AES algorithm examples, Tlen is 128`. It also mentions that TDEA (Triple DES) will give you a MAC length of 64. So it seems that the ICAO have an error in their specification. It also worries me greatly that there is someone working on ePassport software when they demonstate a clear lack of knowledge of basic encryption fundamentals. – Qwerky Oct 05 '11 at 12:18
-1

I don't think you can reduce the length. The information is 16 bytes long; you can't shorten it without losing information.

Tobias
  • 9,170
  • 3
  • 24
  • 30