[openssl-users] CMAC Authentication
Jakob Bohm
jb-openssl at wisemo.com
Mon Jan 15 13:40:33 UTC 2018
On 15/01/2018 14:22, Rol Phil wrote:
> Hello all,
>
> I have been using <openssl/cmac.h> to tag data with an example I had
> found.
> However when it comes to authenticate/decrypt a tag with given AES key
> I could not find examples.
> using cmac.h or evp.h.
> Can anybody help me please?
> Thanks all.
>
For any MAC algorithm, the check is to calculate the MAC again and
see if it is the same.
If potential providers of bad data can see how long it takes to
detect a wrong MAC algorithm, be sure to use a compare
implementation tht takes the same amount of time no matter how the
wrong MAC relates to the real MAC (so the normal memcmp() is wrong
because it will reply quicker if the first byte(s) are wrong than
if they are right). The OpenSSL provides the a function
CRYPTO_memcmp() that is good for this job.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list