Ruben Laguna's blog

Feb 5, 2015 - 1 minute read - security

Compute AES CMAC using OpenSSL/libcrypto

When I googled on how to perform the AES CMAC calculation using OpenSSL/libcrypto I couldn’t find any code example. I was no even sure that there was support for it of libcrypto so I downloaded the OpenSSL sources and dig into them until I found crypto/cmac/cmac.c. From there it was obvious that there is support for CMAC and that it follow the *{Init,Update,Final} pattern found in EVP api. So I give it I try and I’m sharing the basic source code here for later reference:

I used the example data from NIST doc to validate the results.

The functions used are:

  • CMAC_CTX_new: allocates a context
  • CMAC_Init: configure the context to use AES-128-CBC
  • CMAC_Update: Input the message, you can have several calls to it.
  • CMAC_Final: Generate the CMAC

Unfortunately I believe that the CMAC implementation doesn’t make use of AES-NI. In other words it doesn’t make use of the hardware acceleration on Intel x86-64.