Bad MAC error with OpenSSL/external lib
mjena opened this issue · 4 comments
I have 2 related issues:
- I am getting INCONSISTENT "Bad MAC" error while decrypting message in signal_message_verify_mac() function with one of my HMAC_SHA256 library.
- When I am using openssl for HMAC_SHA256 operation, I am getting "Bad MAC" error EVERY TIME. Is the openssl not supported with this library?
I have:
- searched open and closed issues for duplicates
Not sure if it related to issue #65 .
Bug description
sometimes "Bad MAC" error is coming when I run the test with attached SHA256 files during decrypt call.
When I use openssl library for the HMAC_SHA256 operations (init, update, final), each time I am getting this Bad MAC error.
Note: I am using this library as a native side (C++) implementation for one of my Android application. Since CommonCrypto is not available in android, I am using the attached HMAC lib/openssl lib for HMAC and aes encryption.
Steps to reproduce
- Run the test_basic_session_v3 test present in test_session_cipher.c with attached library function for HMAC operation
Actual result: Out of 50 Interaction between Alice and Bob only 10 were success rest were failed due to Bad MAC error.
Expected result: 50 out of 50 interaction should be completed.
The library's own unit tests use OpenSSL when compiled on non-Apple platforms as-is, and they all pass. Have you compared your crypto callbacks against the code in test_common_openssl.c ?
Hi @dkonigsberg,
Thanks for the quick reply.
The difference between your openssl implementation and mine is, you are using old openssl library and its APIs (1.0.x) and i am using the latest one (1.1.0e).
I am facing some issues to use the old openssl library in my code.
- Can you please tell me exactly which version of openssl you are using for test_common_openssl.c?
- Do you think, this issue is different from issue #65 for "Bad MAC".
Okay, I just updated test_common_openssl.c
so that it can be built against OpenSSL 1.1, and I tested against a fresh build of 1.1.0e. All the tests still pass.
If you're still experiencing problems, it would be helpful for you to supply a copy of your implementations of all the relevant crypto callbacks alongside the info about whichever crypto library you're trying to use.
Thanks @dkonigsberg, after making your changes, I can verify all those test cases are passed.
I am planning to use this library for android native side communication module.
Can you please advice me, if I have to check for any other aspect of this library (like this HMAC/Encryption part) before I can start using it for the actual product?