I didn’t really do any important changes, just the pragma warning, and the #include <openssl/applink.c> -----Original Message----- From: Tomas Mraz <tomas@xxxxxxxxxxx> Sent: Thursday, October 13, 2022 10:29 AM To: Fernando Elena Benavente <fernando.elena.benavente@xxxxxxx>; openssl-users@xxxxxxxxxxx Cc: Jorge Juan Tejero Fernández <jorge.tejero.fernandez@xxxxxxx>; Alberto Sendino Aragonés <alberto.sendino.aragones@xxxxxxx>; Esther Marina Godoy Alves <esther.marina.godoy@xxxxxxx> Subject: Re: CMAC not working Could you please attach the diff from the original demo source for the changes you've done? Tomas On Thu, 2022-10-13 at 08:25 +0000, Fernando Elena Benavente wrote: > Hi Thomas, sorry for the screenshots, I will not send more > screenshots, sorry. > > I tried to initialize the data[] as u said (and as the same way in the > code of the demo with the Shakespeare text), but it still says : > > Generated MAC: > 0000 - 33 98 f8 a3 b9 47 af eb-19 e8 26 ff 34 4b 1e f8 > 3....G....&.4K.. > > Generated MAC does not match expected value > > C:\Users\TRFFEB\Desktop\PruebasOpenSSL\CryptoPruebas\x64\Debug\Consol > eApplication1.exe (process 9460) exited with code 1. > Press any key to close this window . . . > > So I suppose the demo code of the CMAC isn’t working properly, any > tips to make it work? > > Thank you for your time and help. > > -Fernando Elena Benavente. > > -----Original Message----- > From: Tomas Mraz <tomas@xxxxxxxxxxx> > Sent: Wednesday, October 12, 2022 11:15 AM > To: Fernando Elena Benavente <fernando.elena.benavente@xxxxxxx>; > openssl-users@xxxxxxxxxxx > Cc: Jorge Juan Tejero Fernández <jorge.tejero.fernandez@xxxxxxx>; > Alberto Sendino Aragonés <alberto.sendino.aragones@xxxxxxx>; Esther > Marina Godoy Alves <esther.marina.godoy@xxxxxxx> > Subject: Re: CMAC not working > > On Wed, 2022-10-12 at 11:02 +0200, Tomas Mraz wrote: > > On Tue, 2022-10-11 at 10:50 +0000, Fernando Elena Benavente wrote: > > > Hi guys, Im triying to use the EVP_MAC OpenSSL API with the > > > CMAC_AES256, I have been using some testing vectors I found on > > > github, but seems they doesn’t work on the CMAC of OpenSSl, as > > > the expected output of the test vectors are different from the > > > OpenSSL CMAC output. > > > > > > I attach a screenshot of the test vectors we are using, and how we > > > are introducing it on our key and plaintext variables, the CMAC > > > code is the demo code on OpenSSL github. > > > > > > > It is better not to use screenshots if possible and rather do > > copy&paste to save mailbox space of all the recipients. > > > > Our demo is actually incorrect because the cipher name used should > > be 'AES-256-CBC' to produce a proper CMAC. > > Ahem... I am actually wrong, the demo is right although somewhat > misleading, because "aes256" (which is in the demo) is an alias for > "AES-256-CBC". > > Looking at the screenshots - you cannot use the hexadecimal value of > the input directly in the data[] as you do. You need to initialize the > data[] as an array similarly to how key is initialized. > > -- > Tomáš Mráz, OpenSSL > -- Tomáš Mráz, OpenSSL
/*- * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ /* * Example of using EVP_MAC_ methods to calculate * a CMAC of static buffers */ #pragma warning (disable:4996) #include <openssl/applink.c> #include <string.h> #include <stdio.h> #include <openssl/crypto.h> #include <openssl/core_names.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/cmac.h> #include <openssl/params.h> /* * Hard coding the key into an application is very bad. * It is done here solely for educational purposes. */ static unsigned char key[] = { 0x6c, 0xde, 0x14, 0xf5, 0xd5, 0x2a, 0x4a, 0xdf, 0x12, 0x39, 0x1e, 0xbf, 0x36, 0xf9, 0x6a, 0x46, 0x48, 0xd0, 0xb6, 0x51, 0x89, 0xfc, 0x24, 0x85, 0xa8, 0x8d, 0xdf, 0x7e, 0x80, 0x14, 0xc8, 0xce, }; static const unsigned char data[] = "To be, or not to be, that is the question,\n" "Whether tis nobler in the minde to suffer\n" "The ſlings and arrowes of outragious fortune,\n" "Or to take Armes again in a sea of troubles,\n" "And by opposing, end them, to die to sleep;\n" "No more, and by a sleep, to say we end\n" "The heart-ache, and the thousand natural shocks\n" "That flesh is heir to? tis a consumation\n" "Devoutly to be wished. To die to sleep,\n" "To sleepe, perchance to dreame, Aye, there's the rub,\n" "For in that sleep of death what dreams may come\n" "When we haue shuffled off this mortal coil\n" "Must give us pause. There's the respect\n" "That makes calamity of so long life:\n" "For who would bear the Ships and Scorns of time,\n" "The oppressor's wrong, the proud man's Contumely,\n" "The pangs of dispised love, the Law's delay,\n" ; /* The known value of the CMAC/AES256 MAC of the above soliloqy */ static const unsigned char expected_output[] = { 0x67, 0x92, 0x32, 0x23, 0x50, 0x3d, 0xc5, 0xba, 0x78, 0xd4, 0x6d, 0x63, 0xf2, 0x2b, 0xe9, 0x56, }; /* * A property query used for selecting the MAC implementation. */ static const char* propq = NULL; int main(void) { int rv = EXIT_FAILURE; OSSL_LIB_CTX* library_context = NULL; EVP_MAC* mac = NULL; EVP_MAC_CTX* mctx = NULL; unsigned char* out = NULL; size_t out_len = 0; OSSL_PARAM params[4], * p = params; char cipher_name[] = "aes256"; library_context = OSSL_LIB_CTX_new(); if (library_context == NULL) { fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); goto end; } /* Fetch the CMAC implementation */ mac = EVP_MAC_fetch(library_context, "CMAC", propq); if (mac == NULL) { fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); goto end; } /* Create a context for the CMAC operation */ mctx = EVP_MAC_CTX_new(mac); if (mctx == NULL) { fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); goto end; } /* The underlying cipher to be used */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, cipher_name, sizeof(cipher_name)); *p = OSSL_PARAM_construct_end(); /* Initialise the CMAC operation */ if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { fprintf(stderr, "EVP_MAC_init() failed\n"); goto end; } /* Make one or more calls to process the data to be authenticated */ if (!EVP_MAC_update(mctx, data, sizeof(data))) { fprintf(stderr, "EVP_MAC_update() failed\n"); goto end; } /* Make a call to the final with a NULL buffer to get the length of the MAC */ if (!EVP_MAC_final(mctx, NULL, &out_len, 0)) { fprintf(stderr, "EVP_MAC_final() failed\n"); goto end; } out = OPENSSL_malloc(out_len); if (out == NULL) { fprintf(stderr, "malloc failed\n"); goto end; } /* Make one call to the final to get the MAC */ if (!EVP_MAC_final(mctx, out, &out_len, out_len)) { fprintf(stderr, "EVP_MAC_final() failed\n"); goto end; } printf("Generated MAC:\n"); BIO_dump_indent_fp(stdout, out, out_len, 2); putchar('\n'); if (out_len != sizeof(expected_output)) { fprintf(stderr, "Generated MAC has an unexpected length\n"); goto end; } if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { fprintf(stderr, "Generated MAC does not match expected value\n"); goto end; } rv = EXIT_SUCCESS; end: if (rv != EXIT_SUCCESS) ERR_print_errors_fp(stderr); /* OpenSSL free functions will ignore NULL arguments */ OPENSSL_free(out); EVP_MAC_CTX_free(mctx); EVP_MAC_free(mac); OSSL_LIB_CTX_free(library_context); return rv; }
