Hi Thomas, sorry for the screenshots, I will not send more screenshots, sorry. I tried to initialize the data[] as u said (and as the same way in the code of the demo with the Shakespeare text), but it still says : Generated MAC: 0000 - 33 98 f8 a3 b9 47 af eb-19 e8 26 ff 34 4b 1e f8 3....G....&.4K.. Generated MAC does not match expected value C:\Users\TRFFEB\Desktop\PruebasOpenSSL\CryptoPruebas\x64\Debug\ConsoleApplication1.exe (process 9460) exited with code 1. Press any key to close this window . . . So I suppose the demo code of the CMAC isn’t working properly, any tips to make it work? Thank you for your time and help. -Fernando Elena Benavente. -----Original Message----- From: Tomas Mraz <tomas@xxxxxxxxxxx> Sent: Wednesday, October 12, 2022 11:15 AM To: Fernando Elena Benavente <fernando.elena.benavente@xxxxxxx>; openssl-users@xxxxxxxxxxx Cc: Jorge Juan Tejero Fernández <jorge.tejero.fernandez@xxxxxxx>; Alberto Sendino Aragonés <alberto.sendino.aragones@xxxxxxx>; Esther Marina Godoy Alves <esther.marina.godoy@xxxxxxx> Subject: Re: CMAC not working On Wed, 2022-10-12 at 11:02 +0200, Tomas Mraz wrote: > On Tue, 2022-10-11 at 10:50 +0000, Fernando Elena Benavente wrote: > > Hi guys, Im triying to use the EVP_MAC OpenSSL API with the > > CMAC_AES256, I have been using some testing vectors I found on > > github, but seems they doesn’t work on the CMAC of OpenSSl, as the > > expected output of the test vectors are different from the OpenSSL > > CMAC output. > > > > I attach a screenshot of the test vectors we are using, and how we > > are introducing it on our key and plaintext variables, the CMAC code > > is the demo code on OpenSSL github. > > > > It is better not to use screenshots if possible and rather do > copy&paste to save mailbox space of all the recipients. > > Our demo is actually incorrect because the cipher name used should be > 'AES-256-CBC' to produce a proper CMAC. Ahem... I am actually wrong, the demo is right although somewhat misleading, because "aes256" (which is in the demo) is an alias for "AES-256-CBC". Looking at the screenshots - you cannot use the hexadecimal value of the input directly in the data[] as you do. You need to initialize the data[] as an array similarly to how key is initialized. -- Tomáš Mráz, OpenSSL
