I want to compute a CMAC using OpenSSL. I found this question which helped me.
But I am encountering a problem with the following code:
#include <openssl/cmac.h>
void dispHex(const unsigned char *buffer, unsigned int size) {
int i=0;
for (i=0; i<size-1; i++) {
printf("%02X ", buffer[i]);
}
printf("%02x\n", buffer[i]);
}
int main() {
size_t out_len;
unsigned char res[16];
unsigned char mac_key[16] = { 0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07};
unsigned char msg[16] = { 0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07};
CMAC_CTX *cmac = CMAC_CTX_new();
CMAC_Init(cmac, mac_key, 16, EVP_aes_128_cbc(), NULL);
CMAC_Update(cmac, msg, sizeof(msg));
CMAC_Final(cmac, res, &out_len);
dispHex(res, sizeof(res));
return 0;
}
I compile it with gcc -o test_cmac test_cmac_openssl.c -L C:/OpenSSL-Win32 -llibeay32 -I C:/OpenSSL-Win32/include
and it produces test_cmac.exe
without problem.
but when I run it (./test_cmac.exe
), nothing happens. It just prints an empty line and stops:
xxx@DESKTOP /cygdrive/e/
$ ./test_cmac.exe
xx@DESKTOP /cygdrive/e/
Even if I add printf("...");
before the CMAC computation it goes the same way.
What is strange is that the following program:
#include <openssl/hmac.h>
void dispHex(const unsigned char *buffer, unsigned int size) {
int i=0;
for (i=0; i<size-1; i++) {
printf("%02X ", buffer[i]);
}
printf("%02X\n", buffer[i]);
}
int main() {
size_t out_len;
unsigned char res[32];
unsigned char mac_key[16] = { 0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07};
unsigned char msg[16] = { 0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07};
HMAC_CTX hmac;
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac, mac_key, 16, EVP_sha256(), NULL);
HMAC_Update(&hmac, msg, sizeof(msg));
HMAC_Final(&hmac, res, &out_len);
dispHex(res, sizeof(res));
return 0;
}
runs normally: after gcc -o test_hmac test_hmac_openssl.c -L C:/OpenSSL-Win32 -llibeay32 -I C:/OpenSSL-Win32/include
and ./test_hmac.exe
I get:
xxx@DESKTOP /cygdrive/e/
$ ./test_hmac.exe
...9A 21 F8 2D 60 84 6C 09 08 98 A5 1F 23 8C C8 8F C4 A9 0C C4 49 45 DA 10 B9 39 C0 93 C3 10 60 BE
xxx@DESKTOP /cygdrive/e/
So I'm a little confused... Why does it works with the HMAC primitive but not with the CMAC one? Does anybody already encountered this kind of problem?
I am using OpenSSL 32bit version: openssl version
returns OpenSSL 1.0.2e 3 Dec 2015
.
I also checked that C:\OpenSSL-Win32\
is declared in the PATH environment variable.
Why does it works with the HMAC primitive but not with the CMAC one? Does anybody already encountered this kind of problem?
I'm guessing most of the problems are due to mixing and matching compilers. Shining Light's Win32 OpenSSL use Microsoft's compiler, while you are using GCC. There's probably some mixing and matching of runtimes, too.
I'm kind of surprised the HMAC code worked as expected in the configuration. I guess you got lucky.
The following works for me, but there are some differences:
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <stdio.h>
#include <string.h>
#include <assert.h>
void dispHex(const unsigned char *buffer, unsigned int size) {
unsigned int i=0;
for (i=0; i<size; i++) {
printf("%02X ", buffer[i]);
}
printf("\n");
}
int main() {
int rc = 0;
size_t out_len = 0;
unsigned char res[EVP_MAX_MD_SIZE];
unsigned char mac_key[16] = { 0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07};
unsigned char msg[16] = { 0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01 ,0x02 ,0x03, 0x04, 0x05, 0x06, 0x07};
CMAC_CTX *cmac = CMAC_CTX_new();
assert(cmac != NULL);
rc = CMAC_Init(cmac, mac_key, sizeof(mac_key), EVP_aes_128_cbc(), NULL);
assert(rc == 1);
rc = CMAC_Update(cmac, msg, sizeof(msg));
assert(rc == 1);
rc = CMAC_Final(cmac, res, &out_len);
assert(rc == 1);
dispHex(res, out_len);
CMAC_CTX_free(cmac);
return 0;
}
The differences between your configuration and the one I used:
res
is EVP_MAX_MD_SIZE
in sizeCMAC_Init
uses sizeof(mac_key)
out_len
is initializeddisplayHex
uses out_len
, and not sizeof(res)
Using sizeof(res)
will print the 16 bytes of the MAC, and then print 16 garbage characters because res
is declared as unsigned char res[32]
. I don't think you got that far, so keep it in mind.
The program produces the following result. I don't know if this is the corrected/expected result, but it produces a result and prints it:
$ ./test.exe
43 91 63 0E 47 4E 75 A6 2D 95 7A 04 1A E8 CC CC
OpenSSL does not support Cygwin-x64, so you will need to use i686 version of things. Also see Issue #4326: Failed to configure for Cygwin-x64 on the OpenSSL Bug Tracker.
Here's how to build OpenSSL under Cygwin-x64. OpenSSL's build script has a few bends, so you can't use config
. You have to use Configure
and call out the triplet. The bug tracker issue is still valid because config
is supposed to get things right.
$ curl https://www.openssl.org/source/openssl-1.0.2f.tar.gz -o openssl-1.0.2f.tar.gz
...
$ tar -xzf openssl-1.0.2f.tar.gz
...
$ cd openssl-1.0.2f
Then:
$ export KERNEL_BITS=64
$ ./Configure Cygwin-x86_64 shared no-ssl2 no-ssl3 --openssldir="$HOME/ssl"
...
$ make depend
...
$ make
...
$ make install_sw
install_sw
installs the headers in $OPENSSLDIR/include
, and the libraries in $OPENSSLDIR/lib
. It does not install the man pages.
You then compile and link with:
$ gcc -I "$HOME/ssl/include" test.c -o test.exe "$HOME/ssl/lib/libcrypto.a"
Linking against libcrypto.a
means you avoid library path problems. Things will "just work" for you.