CMAC not working

Fernando Elena Benavente fernando.elena.benavente at gmv.com
Thu Oct 13 08:25:44 UTC 2022


Hi Thomas, sorry for the screenshots, I will not send more screenshots, sorry.

I tried to initialize the data[] as u said (and as the same way in the code of the demo with the Shakespeare text), but it still says :

Generated MAC:
  0000 - 33 98 f8 a3 b9 47 af eb-19 e8 26 ff 34 4b 1e f8   3....G....&.4K..

Generated MAC does not match expected value

C:\Users\TRFFEB\Desktop\PruebasOpenSSL\CryptoPruebas\x64\Debug\ConsoleApplication1.exe (process 9460) exited with code 1.
Press any key to close this window . . .

So I suppose the demo code of the CMAC isn’t working properly, any tips to make it work?

Thank you for your time and help.

-Fernando Elena Benavente.

-----Original Message-----
From: Tomas Mraz <tomas at openssl.org> 
Sent: Wednesday, October 12, 2022 11:15 AM
To: Fernando Elena Benavente <fernando.elena.benavente at gmv.com>; openssl-users at openssl.org
Cc: Jorge Juan Tejero Fernández <jorge.tejero.fernandez at gmv.com>; Alberto Sendino Aragonés <alberto.sendino.aragones at gmv.com>; Esther Marina Godoy Alves <esther.marina.godoy at gmv.com>
Subject: Re: CMAC not working

On Wed, 2022-10-12 at 11:02 +0200, Tomas Mraz wrote:
> On Tue, 2022-10-11 at 10:50 +0000, Fernando Elena Benavente wrote:
> > Hi guys, Im triying to use the EVP_MAC  OpenSSL API with the 
> > CMAC_AES256, I have been using some testing vectors I found on 
> > github, but seems they doesn’t work on the CMAC  of OpenSSl, as the 
> > expected output of the test vectors are different from the OpenSSL 
> > CMAC output.
> >  
> > I attach a screenshot of the test vectors we are using, and how we 
> > are introducing it on our key and plaintext variables, the CMAC code 
> > is the demo code on OpenSSL github.
> >  
> 
> It is better not to use screenshots if possible and rather do 
> copy&paste to save mailbox space of all the recipients.
> 
> Our demo is actually incorrect because the cipher name used should be 
> 'AES-256-CBC' to produce a proper CMAC.

Ahem... I am actually wrong, the demo is right although somewhat misleading, because "aes256" (which is in the demo) is an alias for "AES-256-CBC".

Looking at the screenshots - you cannot use the hexadecimal value of the input directly in the data[] as you do. You need to initialize the data[] as an array similarly to how key is initialized.

--
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list