(https://c2sp.org/XAES-256-GCM), rather than for exposing it to applications // as a stand-alone MAC. type CMAC struct { b aes.Block k1 [aes.BlockSize]byte k2 [aes.BlockSize]byte } func NewCMAC(b *aes.Block) *CMAC { c := &CMAC{b: *b} c.deriveSubkeys() return c } func (c *CMAC) deriveSubkeys() { aes.EncryptBlockInternal(&c.b, c.k1[:], c.k1[:]) msb := shiftLeft(&c.k1) c.k1[len(c.k1)-1] ^= msb * 0b10000111 c.k2 = c.k1 msb = shiftLeft(&c.k2) c.k2[len(c.k2)-1] ^= msb * 0b10000111 } func (c *CMAC) MAC(m []byte) [aes.BlockSize]byte...