Hi Charles, On Fri, June 27, 2008 8:05 am, Charles Clancy wrote: [snip] >> S6 and elsewhere: Several places in the document assume that KS (key >> size of the ciphersuite) is always the same as the MAC output length. >> This would make it difficult to define ciphersuites based on >> e.g. AES-CMAC-256. If this restriction is intentional (and WG is happy >> with it), at the very least it needs to be emphasized much more. > > I'm not sure what AES-CMAC-256 means. RFC 4493 defines CMAC > specifically for 128 length AES, so if you wanted to something involving > 256, you'd need to define exactly what AES-CMAC-256 was, and I imagine > it would have a 256-bit input and a 256-bit output. Regardless, I added > a statement in the key derivation section saying the input and output > lengths of your ciphersuite must be equal.
CMAC is defined in NIST SP 800-38B and section D.3 deals with the instance of CMAC-AES-256 (with test vectors!). It takes a 256-bit key and, like all AES-based MACs, produces a 128-bit digest. regards, Dan. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu