This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.
Cipher-based message authentication code (CMAC)¶
Cipher-based message authentication codes (or CMACs) are a tool for calculating message authentication codes using a block cipher coupled with a secret key. You can use an CMAC to verify both the integrity and authenticity of a message.
A subset of CMAC with the AES-128 algorithm is described in RFC 4493.
New in version 0.4.
CMAC objects take a
>>> from cryptography.hazmat.primitives import cmac >>> from cryptography.hazmat.primitives.ciphers import algorithms >>> c = cmac.CMAC(algorithms.AES(key)) >>> c.update(b"message to authenticate") >>> c.finalize() b'CT\x1d\xc8\x0e\x15\xbe4e\xdb\xb6\x84\xca\xd9Xk'
If the backend doesn’t support the requested
UnsupportedAlgorithmexception will be raised.
TypeErrorwill be raised.
To check that a given signature is correct use the
verify()method. You will receive an exception if the signature is wrong:
>>> c = cmac.CMAC(algorithms.AES(key)) >>> c.update(b"message to authenticate") >>> c.verify(b"an incorrect signature") Traceback (most recent call last): ... cryptography.exceptions.InvalidSignature: Signature did not match digest.
data (bytes) – The bytes to hash and authenticate.
Returns: A new instance of
CMACthat can be updated and finalized independently of the original instance.
Raises: cryptography.exceptions.AlreadyFinalized – See
Finalize the current context and securely compare the MAC to
signature (bytes) – The bytes to compare the current CMAC against.
Finalize the current context and return the message authentication code as bytes.
Return bytes: The message authentication code as bytes. Raises: cryptography.exceptions.AlreadyFinalized –