A message authentication code (MAC) is used to establish the authenticity and, hence, the integrity of a message. MACs have two functionally distinct parameters, a message input (data, text) and a secret key known only to the message originator and intended receiver.
MACs based on cryptographic hash functions are known as HMACs. The HMAC algorithm is described in [FIPS198] and RFC 2104 [HMAC]. HMACs can have a key of any length and produce a digest of the same length as the underlying message digest function.
The CMAC algorithm is based on a symmetric key block cipher and is equivalent to the one-key CBC MAC1 (OMAC1) algorithm. CMAC is described in SP800-38B [SP80038B]. CMAC uses either Triple DES or one of the three AES functions. The key length for CMAC is the same as the underlying block cipher. The output is the same length as the block length: 64 bits for Triple DES and 128 bits for AES. It is permissible to truncate an HMAC or CMAC value, at a cost of reduced security.