CMAC not working
Tomas Mraz
tomas at openssl.org
Thu Oct 13 08:28:43 UTC 2022
Could you please attach the diff from the original demo source for the
changes you've done?
Tomas
On Thu, 2022-10-13 at 08:25 +0000, Fernando Elena Benavente wrote:
> Hi Thomas, sorry for the screenshots, I will not send more
> screenshots, sorry.
>
> I tried to initialize the data[] as u said (and as the same way in
> the code of the demo with the Shakespeare text), but it still says :
>
> Generated MAC:
> 0000 - 33 98 f8 a3 b9 47 af eb-19 e8 26 ff 34 4b 1e f8
> 3....G....&.4K..
>
> Generated MAC does not match expected value
>
> C:\Users\TRFFEB\Desktop\PruebasOpenSSL\CryptoPruebas\x64\Debug\Consol
> eApplication1.exe (process 9460) exited with code 1.
> Press any key to close this window . . .
>
> So I suppose the demo code of the CMAC isn’t working properly, any
> tips to make it work?
>
> Thank you for your time and help.
>
> -Fernando Elena Benavente.
>
> -----Original Message-----
> From: Tomas Mraz <tomas at openssl.org>
> Sent: Wednesday, October 12, 2022 11:15 AM
> To: Fernando Elena Benavente <fernando.elena.benavente at gmv.com>;
> openssl-users at openssl.org
> Cc: Jorge Juan Tejero Fernández <jorge.tejero.fernandez at gmv.com>;
> Alberto Sendino Aragonés <alberto.sendino.aragones at gmv.com>; Esther
> Marina Godoy Alves <esther.marina.godoy at gmv.com>
> Subject: Re: CMAC not working
>
> On Wed, 2022-10-12 at 11:02 +0200, Tomas Mraz wrote:
> > On Tue, 2022-10-11 at 10:50 +0000, Fernando Elena Benavente wrote:
> > > Hi guys, Im triying to use the EVP_MAC OpenSSL API with the
> > > CMAC_AES256, I have been using some testing vectors I found on
> > > github, but seems they doesn’t work on the CMAC of OpenSSl, as
> > > the
> > > expected output of the test vectors are different from the
> > > OpenSSL
> > > CMAC output.
> > >
> > > I attach a screenshot of the test vectors we are using, and how
> > > we
> > > are introducing it on our key and plaintext variables, the CMAC
> > > code
> > > is the demo code on OpenSSL github.
> > >
> >
> > It is better not to use screenshots if possible and rather do
> > copy&paste to save mailbox space of all the recipients.
> >
> > Our demo is actually incorrect because the cipher name used should
> > be
> > 'AES-256-CBC' to produce a proper CMAC.
>
> Ahem... I am actually wrong, the demo is right although somewhat
> misleading, because "aes256" (which is in the demo) is an alias for
> "AES-256-CBC".
>
> Looking at the screenshots - you cannot use the hexadecimal value of
> the input directly in the data[] as you do. You need to initialize
> the data[] as an array similarly to how key is initialized.
>
> --
> Tomáš Mráz, OpenSSL
>
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list