I am trying to generate key for computing the CMAC with OpenSSL.
However, these seem to fail with the error message copied below. Can someone point out where the problem is?
Has anybody done CMAC with EVP_DigestSign*
calls?
Here is part of the code which has been constructed from the example at https://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation :
BIO *out = NULL;
out = BIO_new(BIO_s_file());
if (out == NULL)
return -1;
BIO_set_fp(out, stdout, BIO_NOCLOSE);
EVP_MD_CTX* rctx = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *kctx = NULL;
rctx = EVP_MD_CTX_create();
if(rctx == NULL) {
printf("EVP_MD_CTX_create failed\n");
}
if(!EVP_PKEY_keygen_init(kctx)){
printf("EVP_PKEY_keygen_init failed\n");
}
if (EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,EVP_PKEY_CTRL_CIPHER,0, (void *)EVP_aes_256_ecb()) <= 0)
printf("EVP_PKEY_CTX_ctrl 1 failed\n");
if (EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,EVP_PKEY_CTRL_SET_MAC_KEY,/*key length*/32, "01234567890123456789012345678901") <= 0)
printf("Set the key data failed 1\n");
Here the error:
EVP_PKEY_CTX_ctrl failed
3073898120:error:06093096:lib(6):func(147):reason(150):pmeth_gn.c:122:
3073898120:error:06089093:lib(6):func(137):reason(147):pmeth_lib.c:390:
And at line 390 in pmeth_lib.c:
EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
I am using OpenSSL 1.0.1e.
See also How to calculate AES CMAC using OpenSSL's CMAC_xxx functions?
It's currently impossible because it's not supported.
Only thing that you can try is to use the latest OpenSSL and try the same thing, but I doubt it would work. Try without EVP.