CMAC not working

Tomas Mraz tomas at openssl.org
Wed Oct 12 09:15:25 UTC 2022


On Wed, 2022-10-12 at 11:02 +0200, Tomas Mraz wrote:
> On Tue, 2022-10-11 at 10:50 +0000, Fernando Elena Benavente wrote:
> > Hi guys, Im triying to use the EVP_MAC  OpenSSL API with the
> > CMAC_AES256, I have been using some testing vectors I found on
> > github, but seems they doesn’t work on the CMAC  of OpenSSl, as the
> > expected output of the test vectors are different from the OpenSSL
> > CMAC output.
> >  
> > I attach a screenshot of the test vectors we are using, and how we
> > are introducing it on our key and plaintext variables, the CMAC
> > code
> > is the demo code on OpenSSL github.
> >  
> 
> It is better not to use screenshots if possible and rather do
> copy&paste to save mailbox space of all the recipients.
> 
> Our demo is actually incorrect because the cipher name used should be
> 'AES-256-CBC' to produce a proper CMAC.

Ahem... I am actually wrong, the demo is right although somewhat
misleading, because "aes256" (which is in the demo) is an alias for
"AES-256-CBC".

Looking at the screenshots - you cannot use the hexadecimal value of
the input directly in the data[] as you do. You need to initialize the
data[] as an array similarly to how key is initialized.

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list