Arm Mbed OS support forum

CMAC value is different from openssl output

Summary

Calculation the CMAC value in different way, the value is same, but not as same as the openssl CMAC value.

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>

#include "mbedtls/cmac.h"
#include "mbedtls/platform.h"

#include <openssl/cmac.h>
#include <openssl/evp.h>

uint8_t key[16] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
                   0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, };
uint8_t input[32] = {0};
uint8_t output[16] = {0};

void dump_buf(char *info, const uint8_t *buf, uint32_t len);
int mbedtls_cmac_step(void);
int openssl_cmac_step(void);

int main(int argc, char *argv[])
{
    for (int i = 0; i < sizeof(input); i++) {
        input[i] = i;
    }

    // mbedtls-1
    mbedtls_aes_cmac_prf_128(key, sizeof(key), input, sizeof(input), output);
    dump_buf("mbedtls_aes_cmac_prf_128():", output, sizeof(output));
    // mbedtls-2
    mbedtls_cipher_cmac(mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ),key, sizeof(key) * 8, input, sizeof(input), output);
    dump_buf("mbedtls_cipher_cmac():", output, sizeof(output));
    // mbedtls-3
    mbedtls_cmac_step();
    dump_buf("mbedtls_cmac_step():", output, sizeof(output));

    // openssl-1
    openssl_cmac_step();
    dump_buf("openssl_cmac_step(): ", output, olen);
    return 0;
}

void dump_buf(char *info, const uint8_t *buf, uint32_t len)
{
    mbedtls_printf("%s", info);
    for (int i = 0; i < len; i++) {
        mbedtls_printf("%s%02x ", i % 16 == 0 ? "\n\t" : " ", buf[i]); 
    }
    mbedtls_printf("\n");
}

int mbedtls_cmac_step(void)
{
    const mbedtls_cipher_info_t *cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );;
    if (cipher_info == NULL) {
        mbedtls_printf("mbedtls_cipher_info_from_type() error\r\n");
        return -1;
    }
    
    mbedtls_cipher_context_t cctx;
    mbedtls_cipher_init(&cctx);
    if (mbedtls_cipher_setup(&cctx, cipher_info) != 0) {
        mbedtls_printf("mbedtls_cipher_setup() error\r\n");
        return -1;
    }
    if (mbedtls_cipher_cmac_starts(&cctx, key, sizeof(key) * 8) != 0) {
        mbedtls_printf("mbedtls_cipher_cmac_starts() error\r\n");
        return -1;
    }

    if (mbedtls_cipher_cmac_update(&cctx, input, sizeof(input)) != 0) {
        mbedtls_printf("mbedtls_cipher_cmac_update() error\r\n");
        mbedtls_cipher_free(&cctx);
        return -1;
    }

    if (mbedtls_cipher_cmac_finish(&cctx, output) != 0) {
        mbedtls_printf("mbedtls_cipher_cmac_update() error\r\n");
        mbedtls_cipher_free(&cctx);
        return -1;
    }

    mbedtls_cipher_free(&cctx);
    return 0;
}

int openssl_cmac_step(void)
{
    CMAC_CTX *cmac_ctx = CMAC_CTX_new();
    if (!cmac_ctx) {
        printf("CMAC_CTX_new() error.\r\n");
        return -1;
    }
    if (!CMAC_Init(cmac_ctx, key, 16, EVP_aes_128_ecb(), 0)) {
        CMAC_CTX_free(cmac_ctx);
        printf("CMAC_Init() error.\r\n");
        return -1;
    }
    if (!CMAC_Update(cmac_ctx, input, sizeof(input))) {
        printf("CMAC_Update() error.\r\n");
        return -1;
    }
    int olen = 0;
    if (!CMAC_Final(cmac_ctx, output, &olen)) {
        printf("CMAC_Final() error.\r\n");
        return -1;
    }
    CMAC_CTX_free(cmac_ctx);
    return 0;
}

System information

Mbed TLS version (number or commit id): mbed TLS 3.0.0
Operating system and version: windows7 mingw

Actual behavior

the output:

mbedtls_aes_cmac_prf_128():
    85 c8 6e c8 6d 50 8d 8a cc f9 07 97 2f da 04 36
mbedtls_cipher_cmac():
    85 c8 6e c8 6d 50 8d 8a cc f9 07 97 2f da 04 36
mbedtls_cmac_step():
    85 c8 6e c8 6d 50 8d 8a cc f9 07 97 2f da 04 36
openssl_cmac_step():
    33 09 88 6f c1 0f f0 71 20 32 2f 85 f5 b8 b3 58

Additional information

When the input size is 16, the CMAC values of mbedtls and openssl are same, <16 or >16 all not same.