rhenium
commented
3 weeks ago FWIW: Since CMAC is available through the EVP_PKEY API (see the man page EVP_PKEY-CMAC(7)), OpenSSL::PKey automatically supports it. However, with a limitation that the message must be given as a single String.
k = ["2b7e1516 28aed2a6 abf71588 09cf4f3c".split.join].pack("H*")
m = ["6bc1bee2 2e409f96 e93d7e11 7393172a".split.join].pack("H*")
pkey = OpenSSL::PKey.generate_key("CMAC", priv: k, cipher: "aes-128-cbc")
mac = pkey.sign(nil, m)
p mac.unpack1("H*")
#=> "070a16b46b4d4144f79bdd9dd04a287c"
kmfukuda
I have been using CMAC with AES-128, or AES-CMAC as specified in RFC 4493, with the help of a gem that targets that RFC. In several months, I will need to use CMAC with more ciphers, which is outside the scope of such gems. After looking for alternative implementations, I think it would be best to make OpenSSL's CMAC implementation available to Ruby code.