- NIST 800-38B CMAC
- NIST 800-38C CCM
- RFC 4493 AES-CMAC
- RFC 3610 Counter with CBC-MAC (CCM)
After I read them. I made conclusion that:
- CMAC is used for authentication.
- CCM is used for authentication and confidentiality.
- CBC-MAC, CMAC, and CCM have some differences.
I draw the below picture to explain their relationships.
Terminology
- MAC - Message Authentication Code
- HMAC - Hash-Based MAC
- CBC-MAC - Cipher Block Chaining MAC
- CMAC - Cipher-Based MAC
- CBC - Cipher Block Chaining
- CCM - Counter with CBC-MAC
- ECB - Electronic Code Book
MAC is a short piece of information used to authetnicate a message. There are two types of MAC, hash function based MAC and cipher based MAC.
The implementations of hash function based MAC, abbreviated HMAC, are HMAC-MD5, HMAC-SHA1, and HMAC-SHA256. The postfix (e.g -MDB, -SHA1, or -SHA256) is the hash function used in the MAC.
CBC-MAC is a cipher based MAC. CMAC is variation of CBC-MAC that has security deficiencies. AES-CMAC and TDEA CMAC are implementation of CMAC.
ECB, CBC, and CCM are block cipher modes. CCM is an adaption of CBC and is counter with CBC-MAC. AES-CCM is only one implementation of CCM.
In conclusion,
- AES-CMAC is a MAC, implemented by AES algorithm for authentication.
- AES-CCM is an AES cipher with CCM mode for authenticatino and confidentiality.
-Count
