From 4e7b6d72fd5dda2314dfbc16cf06cdd1cf616e3b Mon Sep 17 00:00:00 2001 From: Koichi Fukuda <64008381+kmfukuda@users.noreply.github.com> Date: Tue, 20 May 2025 08:41:47 +0000 Subject: [PATCH 1/8] mac: add OpenSSL::MAC --- ext/openssl/ossl.c | 1 + ext/openssl/ossl.h | 1 + ext/openssl/ossl_mac.c | 150 +++++++++++++++++++++++++++++++++++++++++ ext/openssl/ossl_mac.h | 6 ++ lib/openssl.rb | 1 + lib/openssl/mac.rb | 24 +++++++ 6 files changed, 183 insertions(+) create mode 100644 ext/openssl/ossl_mac.c create mode 100644 ext/openssl/ossl_mac.h create mode 100644 lib/openssl/mac.rb diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 60780790b..0772e963b 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -1040,6 +1040,7 @@ Init_openssl(void) Init_ossl_engine(); Init_ossl_hmac(); Init_ossl_kdf(); + Init_ossl_mac(); Init_ossl_ns_spki(); Init_ossl_ocsp(); Init_ossl_pkcs12(); diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 9b20829b3..855e2c483 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -187,6 +187,7 @@ extern VALUE dOSSL; #include "ossl_digest.h" #include "ossl_engine.h" #include "ossl_hmac.h" +#include "ossl_mac.h" #include "ossl_kdf.h" #include "ossl_ns_spki.h" #include "ossl_ocsp.h" diff --git a/ext/openssl/ossl_mac.c b/ext/openssl/ossl_mac.c new file mode 100644 index 000000000..55f45b519 --- /dev/null +++ b/ext/openssl/ossl_mac.c @@ -0,0 +1,150 @@ +#include "ossl.h" + +#if OSSL_OPENSSL_PREREQ(3, 0, 0) + +#define NewMAC(klass) \ + TypedData_Wrap_Struct((klass), &ossl_mac_type, 0) +#define SetMAC(obj, ctx) do { \ + if (!(ctx)) \ + ossl_raise(rb_eRuntimeError, "MAC wasn't initialized"); \ + RTYPEDDATA_DATA(obj) = (ctx); \ + } while (0) +#define GetMAC(obj, ctx) do { \ + TypedData_Get_Struct((obj), EVP_MAC_CTX, &ossl_mac_type, (ctx)); \ + if (!(ctx)) \ + ossl_raise(rb_eRuntimeError, "MAC wasn't initialized"); \ + } while (0) + +/* + * Classes + */ +static VALUE cMAC; +static VALUE eMACError; + +/* + * Public + */ + +/* + * Private + */ +static void +ossl_mac_free(void *ctx) +{ + EVP_MAC_CTX_free(ctx); +} + +static const rb_data_type_t ossl_mac_type = { + "OpenSSL/MAC", + { + 0, ossl_mac_free, + }, + 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED, +}; + +static VALUE +ossl_mac_alloc(VALUE klass) +{ + return NewMAC(klass); +} + +static VALUE +ossl_mac_initialize(VALUE self, VALUE algorithm) +{ + EVP_MAC *mac; + EVP_MAC_CTX *ctx; + + mac = EVP_MAC_fetch(NULL, StringValueCStr(algorithm), NULL); + if (!mac) + ossl_raise(eMACError, "EVP_MAC_fetch"); + ctx = EVP_MAC_CTX_new(mac); + if (!ctx) { + EVP_MAC_free(mac); + ossl_raise(eMACError, "EVP_MAC_CTX_new"); + } + SetMAC(self, ctx); + + return self; +} + +static VALUE +ossl_mac_copy(VALUE self, VALUE other) +{ + EVP_MAC_CTX *ctx1, *ctx2; + + rb_check_frozen(self); + if (self == other) + return self; + + GetMAC(other, ctx1); + ctx2 = EVP_MAC_CTX_dup(ctx1); + if (!ctx2) + ossl_raise(eMACError, "EVP_MAC_CTX_dup"); + SetMAC(self, ctx2); + + return self; +} + +static VALUE +ossl_mac_update(VALUE self, VALUE chunk) +{ + EVP_MAC_CTX *ctx; + + GetMAC(self, ctx); + StringValue(chunk); + if (EVP_MAC_update(ctx, (unsigned char *)RSTRING_PTR(chunk), RSTRING_LEN(chunk)) != 1) + ossl_raise(eMACError, "EVP_MAC_update"); + + return self; +} + +static VALUE +ossl_mac_mac(VALUE self) +{ + VALUE ret; + EVP_MAC_CTX *ctx1, *ctx2; + size_t len; + + GetMAC(self, ctx1); + if (EVP_MAC_final(ctx1, NULL, &len, 0) != 1) + ossl_raise(eMACError, "EVP_MAC_final"); + ret = rb_str_new(NULL, len); + ctx2 = EVP_MAC_CTX_dup(ctx1); + if (!ctx2) + ossl_raise(eMACError, "EVP_MAC_CTX_dup"); + if (EVP_MAC_final(ctx2, (unsigned char *)RSTRING_PTR(ret), &len, RSTRING_LEN(ret)) != 1) { + EVP_MAC_CTX_free(ctx2); + ossl_raise(eMACError, "EVP_MAC_final"); + } + EVP_MAC_CTX_free(ctx2); + + return ret; +} + +/* + * INIT + */ +void +Init_ossl_mac(void) +{ +#if 0 + mOSSL = rb_define_module("OpenSSL"); + eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); +#endif + + cMAC = rb_define_class_under(mOSSL, "MAC", rb_cObject); + rb_define_alloc_func(cMAC, ossl_mac_alloc); + rb_define_method(cMAC, "initialize", ossl_mac_initialize, 1); + rb_define_method(cMAC, "initialize_copy", ossl_mac_copy, 1); + rb_define_method(cMAC, "update", ossl_mac_update, 1); + rb_define_alias(cMAC, "<<", "update"); + rb_define_method(cMAC, "mac", ossl_mac_mac, 0); + + eMACError = rb_define_class_under(mOSSL, "MACError", eOSSLError); +} +#else +void +Init_ossl_mac(void) +{ +} +#endif diff --git a/ext/openssl/ossl_mac.h b/ext/openssl/ossl_mac.h new file mode 100644 index 000000000..e038720d5 --- /dev/null +++ b/ext/openssl/ossl_mac.h @@ -0,0 +1,6 @@ +#if !defined(_OSSL_MAC_H_) +#define _OSSL_MAC_H_ + +void Init_ossl_mac(void); + +#endif /* _OSSL_MAC_H_ */ diff --git a/lib/openssl.rb b/lib/openssl.rb index 088992389..45fcb6f98 100644 --- a/lib/openssl.rb +++ b/lib/openssl.rb @@ -18,6 +18,7 @@ require_relative 'openssl/cipher' require_relative 'openssl/digest' require_relative 'openssl/hmac' +require_relative 'openssl/mac' require_relative 'openssl/x509' require_relative 'openssl/ssl' require_relative 'openssl/pkcs5' diff --git a/lib/openssl/mac.rb b/lib/openssl/mac.rb new file mode 100644 index 000000000..009bdc7f0 --- /dev/null +++ b/lib/openssl/mac.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module OpenSSL + if defined?(MAC) + class MAC + def ==(other) + return false unless self.class === other + return false unless self.mac.bytesize == other.mac.bytesize + + OpenSSL.fixed_length_secure_compare(self.mac, other.mac) + end + + def hexmac + mac.unpack1('H*') + end + alias inspect hexmac + alias to_s hexmac + + def base64mac + [mac].pack('m0') + end + end + end +end From ff27f8ca4b9f601324edbb6e3fc371b3bcd69008 Mon Sep 17 00:00:00 2001 From: Koichi Fukuda <64008381+kmfukuda@users.noreply.github.com> Date: Tue, 20 May 2025 08:44:09 +0000 Subject: [PATCH 2/8] cmac: add OpenSSL::MAC::CMAC --- ext/openssl/ossl_mac.c | 24 ++++++++++++++++++++++++ lib/openssl/mac.rb | 12 ++++++++++++ test/openssl/test_cmac.rb | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 test/openssl/test_cmac.rb diff --git a/ext/openssl/ossl_mac.c b/ext/openssl/ossl_mac.c index 55f45b519..7cdfbb903 100644 --- a/ext/openssl/ossl_mac.c +++ b/ext/openssl/ossl_mac.c @@ -19,6 +19,7 @@ * Classes */ static VALUE cMAC; +static VALUE cCMAC; static VALUE eMACError; /* @@ -67,6 +68,26 @@ ossl_mac_initialize(VALUE self, VALUE algorithm) return self; } +static VALUE +ossl_cmac_initialize(VALUE self, VALUE cipher, VALUE key) +{ + EVP_MAC_CTX *ctx; + VALUE algorithm; + OSSL_PARAM params[2]; + + algorithm = rb_str_new_literal("CMAC"); + rb_call_super(1, &algorithm); + + GetMAC(self, ctx); + StringValue(key); + params[0] = OSSL_PARAM_construct_utf8_string("cipher", StringValueCStr(cipher), 0); + params[1] = OSSL_PARAM_construct_end(); + if (EVP_MAC_init(ctx, (unsigned char *)RSTRING_PTR(key), RSTRING_LEN(key), params) != 1) + ossl_raise(eMACError, "EVP_MAC_init"); + + return self; +} + static VALUE ossl_mac_copy(VALUE self, VALUE other) { @@ -140,6 +161,9 @@ Init_ossl_mac(void) rb_define_alias(cMAC, "<<", "update"); rb_define_method(cMAC, "mac", ossl_mac_mac, 0); + cCMAC = rb_define_class_under(cMAC, "CMAC", cMAC); + rb_define_method(cCMAC, "initialize", ossl_cmac_initialize, 2); + eMACError = rb_define_class_under(mOSSL, "MACError", eOSSLError); } #else diff --git a/lib/openssl/mac.rb b/lib/openssl/mac.rb index 009bdc7f0..0e0a9ba4e 100644 --- a/lib/openssl/mac.rb +++ b/lib/openssl/mac.rb @@ -19,6 +19,18 @@ def hexmac def base64mac [mac].pack('m0') end + + class CMAC < MAC + class << self + def mac(cipher, key, message) + cmac = new(cipher, key) + cmac << message + cmac.send(__callee__) + end + alias hexmac mac + alias base64mac mac + end + end end end end diff --git a/test/openssl/test_cmac.rb b/test/openssl/test_cmac.rb new file mode 100644 index 000000000..dc88691c8 --- /dev/null +++ b/test/openssl/test_cmac.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true +require_relative "utils" + +if defined?(OpenSSL::MAC::CMAC) + +class OpenSSL::TestCMAC < OpenSSL::TestCase + def test_cmac + cmac = OpenSSL::MAC::CMAC.new("AES-128-CBC", ["2b7e151628aed2a6abf7158809cf4f3c"].pack("H*")) + cmac.update(["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) + assert_equal ["070a16b46b4d4144f79bdd9dd04a287c"].pack("H*"), cmac.mac + assert_equal "070a16b46b4d4144f79bdd9dd04a287c", cmac.hexmac + assert_equal "BwoWtGtNQUT3m92d0EoofA==", cmac.base64mac + end + + def test_dup + cmac1 = OpenSSL::MAC::CMAC.new("AES-192-CBC", ["8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"].pack("H*")) + cmac2 = cmac1.dup + assert_equal cmac2, cmac1 + + cmac1.update("message") + assert_not_equal cmac2, cmac1 + + cmac2.update("message") + assert_equal cmac2, cmac1 + end + + def test_class_methods + assert_equal ["28a7023f452e8f82bd4bf28d8c37c35c"].pack("H*"), OpenSSL::MAC::CMAC.mac("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) + assert_equal "28a7023f452e8f82bd4bf28d8c37c35c", OpenSSL::MAC::CMAC.hexmac("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) + assert_equal "KKcCP0Uuj4K9S/KNjDfDXA==", OpenSSL::MAC::CMAC.base64mac("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) + end +end + +end From 1e60515ee01779f0ca09a0b71d956cd32a3f9730 Mon Sep 17 00:00:00 2001 From: Koichi Fukuda <64008381+kmfukuda@users.noreply.github.com> Date: Wed, 11 Jun 2025 02:32:56 +0000 Subject: [PATCH 3/8] mac: include ossl_mac.h at the correct position --- ext/openssl/ossl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 855e2c483..56c8e1dea 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -187,8 +187,8 @@ extern VALUE dOSSL; #include "ossl_digest.h" #include "ossl_engine.h" #include "ossl_hmac.h" -#include "ossl_mac.h" #include "ossl_kdf.h" +#include "ossl_mac.h" #include "ossl_ns_spki.h" #include "ossl_ocsp.h" #include "ossl_pkcs12.h" From 48ae0912380ec0ae6b1a0f02f345a80a6928ddf2 Mon Sep 17 00:00:00 2001 From: Koichi Fukuda <64008381+kmfukuda@users.noreply.github.com> Date: Wed, 11 Jun 2025 02:33:13 +0000 Subject: [PATCH 4/8] mac: prevent resource leaks in OpenSSL::MAC#initialize and #initialize_copy --- ext/openssl/ossl_mac.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ext/openssl/ossl_mac.c b/ext/openssl/ossl_mac.c index 7cdfbb903..e568396ee 100644 --- a/ext/openssl/ossl_mac.c +++ b/ext/openssl/ossl_mac.c @@ -55,6 +55,10 @@ ossl_mac_initialize(VALUE self, VALUE algorithm) EVP_MAC *mac; EVP_MAC_CTX *ctx; + TypedData_Get_Struct(self, EVP_MAC_CTX, &ossl_mac_type, ctx); + if (ctx) + rb_raise(rb_eTypeError, "MAC already initialized"); + mac = EVP_MAC_fetch(NULL, StringValueCStr(algorithm), NULL); if (!mac) ossl_raise(eMACError, "EVP_MAC_fetch"); @@ -93,6 +97,10 @@ ossl_mac_copy(VALUE self, VALUE other) { EVP_MAC_CTX *ctx1, *ctx2; + TypedData_Get_Struct(self, EVP_MAC_CTX, &ossl_mac_type, ctx2); + if (ctx2) + rb_raise(rb_eTypeError, "MAC already initialized"); + rb_check_frozen(self); if (self == other) return self; From c5ad15dd5e622315900353690c9195435bce1a5d Mon Sep 17 00:00:00 2001 From: Koichi Fukuda <64008381+kmfukuda@users.noreply.github.com> Date: Thu, 10 Jul 2025 09:57:44 +0000 Subject: [PATCH 5/8] mac: change OpenSSL::MAC to be defined if EVP_MAC is available --- ext/openssl/extconf.rb | 1 + ext/openssl/ossl_mac.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 5bb045e89..e1018e5f8 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -150,6 +150,7 @@ def find_openssl_library have_func("EVP_MD_CTX_get_pkey_ctx(NULL)", evp_h) have_func("EVP_PKEY_eq(NULL, NULL)", evp_h) have_func("EVP_PKEY_dup(NULL)", evp_h) +have_type("EVP_MAC *", evp_h) # added in 3.4.0 have_func("TS_VERIFY_CTX_set0_certs(NULL, NULL)", ts_h) diff --git a/ext/openssl/ossl_mac.c b/ext/openssl/ossl_mac.c index e568396ee..8a643caa4 100644 --- a/ext/openssl/ossl_mac.c +++ b/ext/openssl/ossl_mac.c @@ -1,6 +1,6 @@ #include "ossl.h" -#if OSSL_OPENSSL_PREREQ(3, 0, 0) +#ifdef HAVE_TYPE_EVP_MAC_P #define NewMAC(klass) \ TypedData_Wrap_Struct((klass), &ossl_mac_type, 0) From 97025e7e4b7e2a565241247a2157ff81cad0aed9 Mon Sep 17 00:00:00 2001 From: Koichi Fukuda <64008381+kmfukuda@users.noreply.github.com> Date: Thu, 10 Jul 2025 10:14:23 +0000 Subject: [PATCH 6/8] mac: remove OpenSSL::MAC#inspect --- lib/openssl/mac.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/openssl/mac.rb b/lib/openssl/mac.rb index 0e0a9ba4e..6cf90e346 100644 --- a/lib/openssl/mac.rb +++ b/lib/openssl/mac.rb @@ -13,7 +13,6 @@ def ==(other) def hexmac mac.unpack1('H*') end - alias inspect hexmac alias to_s hexmac def base64mac From 0cedc00020effe635f2f4ac7c25ac9daec5df577 Mon Sep 17 00:00:00 2001 From: Koichi Fukuda <64008381+kmfukuda@users.noreply.github.com> Date: Thu, 10 Jul 2025 10:29:01 +0000 Subject: [PATCH 7/8] mac: remove OpenSSL::MAC#== --- lib/openssl/mac.rb | 7 ------- test/openssl/test_cmac.rb | 6 +++--- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/lib/openssl/mac.rb b/lib/openssl/mac.rb index 6cf90e346..3c3663ec4 100644 --- a/lib/openssl/mac.rb +++ b/lib/openssl/mac.rb @@ -3,13 +3,6 @@ module OpenSSL if defined?(MAC) class MAC - def ==(other) - return false unless self.class === other - return false unless self.mac.bytesize == other.mac.bytesize - - OpenSSL.fixed_length_secure_compare(self.mac, other.mac) - end - def hexmac mac.unpack1('H*') end diff --git a/test/openssl/test_cmac.rb b/test/openssl/test_cmac.rb index dc88691c8..29577cb12 100644 --- a/test/openssl/test_cmac.rb +++ b/test/openssl/test_cmac.rb @@ -15,13 +15,13 @@ def test_cmac def test_dup cmac1 = OpenSSL::MAC::CMAC.new("AES-192-CBC", ["8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"].pack("H*")) cmac2 = cmac1.dup - assert_equal cmac2, cmac1 + assert_equal cmac2.mac, cmac1.mac cmac1.update("message") - assert_not_equal cmac2, cmac1 + assert_not_equal cmac2.mac, cmac1.mac cmac2.update("message") - assert_equal cmac2, cmac1 + assert_equal cmac2.mac, cmac1.mac end def test_class_methods From 0cc2e61f289614bd8ee40091c8f31379d9919dc2 Mon Sep 17 00:00:00 2001 From: Koichi Fukuda <64008381+kmfukuda@users.noreply.github.com> Date: Thu, 10 Jul 2025 11:30:15 +0000 Subject: [PATCH 8/8] mac: rename OpenSSL::MAC#*mac to #*digest --- ext/openssl/ossl_mac.c | 4 ++-- lib/openssl/mac.rb | 16 ++++++++-------- test/openssl/test_cmac.rb | 18 +++++++++--------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/ext/openssl/ossl_mac.c b/ext/openssl/ossl_mac.c index 8a643caa4..4722d42ba 100644 --- a/ext/openssl/ossl_mac.c +++ b/ext/openssl/ossl_mac.c @@ -128,7 +128,7 @@ ossl_mac_update(VALUE self, VALUE chunk) } static VALUE -ossl_mac_mac(VALUE self) +ossl_mac_digest(VALUE self) { VALUE ret; EVP_MAC_CTX *ctx1, *ctx2; @@ -167,7 +167,7 @@ Init_ossl_mac(void) rb_define_method(cMAC, "initialize_copy", ossl_mac_copy, 1); rb_define_method(cMAC, "update", ossl_mac_update, 1); rb_define_alias(cMAC, "<<", "update"); - rb_define_method(cMAC, "mac", ossl_mac_mac, 0); + rb_define_method(cMAC, "digest", ossl_mac_digest, 0); cCMAC = rb_define_class_under(cMAC, "CMAC", cMAC); rb_define_method(cCMAC, "initialize", ossl_cmac_initialize, 2); diff --git a/lib/openssl/mac.rb b/lib/openssl/mac.rb index 3c3663ec4..bbe4104be 100644 --- a/lib/openssl/mac.rb +++ b/lib/openssl/mac.rb @@ -3,24 +3,24 @@ module OpenSSL if defined?(MAC) class MAC - def hexmac - mac.unpack1('H*') + def hexdigest + digest.unpack1('H*') end - alias to_s hexmac + alias to_s hexdigest - def base64mac - [mac].pack('m0') + def base64digest + [digest].pack('m0') end class CMAC < MAC class << self - def mac(cipher, key, message) + def digest(cipher, key, message) cmac = new(cipher, key) cmac << message cmac.send(__callee__) end - alias hexmac mac - alias base64mac mac + alias hexdigest digest + alias base64digest digest end end end diff --git a/test/openssl/test_cmac.rb b/test/openssl/test_cmac.rb index 29577cb12..46cabe3e7 100644 --- a/test/openssl/test_cmac.rb +++ b/test/openssl/test_cmac.rb @@ -7,27 +7,27 @@ class OpenSSL::TestCMAC < OpenSSL::TestCase def test_cmac cmac = OpenSSL::MAC::CMAC.new("AES-128-CBC", ["2b7e151628aed2a6abf7158809cf4f3c"].pack("H*")) cmac.update(["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) - assert_equal ["070a16b46b4d4144f79bdd9dd04a287c"].pack("H*"), cmac.mac - assert_equal "070a16b46b4d4144f79bdd9dd04a287c", cmac.hexmac - assert_equal "BwoWtGtNQUT3m92d0EoofA==", cmac.base64mac + assert_equal ["070a16b46b4d4144f79bdd9dd04a287c"].pack("H*"), cmac.digest + assert_equal "070a16b46b4d4144f79bdd9dd04a287c", cmac.hexdigest + assert_equal "BwoWtGtNQUT3m92d0EoofA==", cmac.base64digest end def test_dup cmac1 = OpenSSL::MAC::CMAC.new("AES-192-CBC", ["8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"].pack("H*")) cmac2 = cmac1.dup - assert_equal cmac2.mac, cmac1.mac + assert_equal cmac2.digest, cmac1.digest cmac1.update("message") - assert_not_equal cmac2.mac, cmac1.mac + assert_not_equal cmac2.digest, cmac1.digest cmac2.update("message") - assert_equal cmac2.mac, cmac1.mac + assert_equal cmac2.digest, cmac1.digest end def test_class_methods - assert_equal ["28a7023f452e8f82bd4bf28d8c37c35c"].pack("H*"), OpenSSL::MAC::CMAC.mac("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) - assert_equal "28a7023f452e8f82bd4bf28d8c37c35c", OpenSSL::MAC::CMAC.hexmac("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) - assert_equal "KKcCP0Uuj4K9S/KNjDfDXA==", OpenSSL::MAC::CMAC.base64mac("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) + assert_equal ["28a7023f452e8f82bd4bf28d8c37c35c"].pack("H*"), OpenSSL::MAC::CMAC.digest("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) + assert_equal "28a7023f452e8f82bd4bf28d8c37c35c", OpenSSL::MAC::CMAC.hexdigest("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) + assert_equal "KKcCP0Uuj4K9S/KNjDfDXA==", OpenSSL::MAC::CMAC.base64digest("AES-256-CBC", ["603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"].pack("H*"), ["6bc1bee22e409f96e93d7e117393172a"].pack("H*")) end end