openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon ruby

Add support for CMAC

Open kmfukuda opened this issue 1 year ago • 2 comments

I have been using CMAC with AES-128, or AES-CMAC as specified in RFC 4493, with the help of a gem that targets that RFC. In several months, I will need to use CMAC with more ciphers, which is outside the scope of such gems. After looking for alternative implementations, I think it would be best to make OpenSSL's CMAC implementation available to Ruby code.

kmfukuda avatar Sep 19 '24 10:09 kmfukuda

FWIW: Since CMAC is available through the EVP_PKEY API (see the man page EVP_PKEY-CMAC(7)), OpenSSL::PKey automatically supports it. However, with a limitation that the message must be given as a single String.

k = ["2b7e1516 28aed2a6 abf71588 09cf4f3c".split.join].pack("H*")
m = ["6bc1bee2 2e409f96 e93d7e11 7393172a".split.join].pack("H*")
pkey = OpenSSL::PKey.generate_key("CMAC", priv: k, cipher: "aes-128-cbc")
mac = pkey.sign(nil, m)
p mac.unpack1("H*")
#=> "070a16b46b4d4144f79bdd9dd04a287c"

rhenium avatar Oct 29 '24 15:10 rhenium

Thanks. I couldn't start using a feature that I knew was already considered legacy.

kmfukuda avatar Nov 08 '24 11:11 kmfukuda