Refactor to prepare for CCM decryption

This commit is contained in:
Manuel Pégourié-Gonnard 2014-05-06 15:56:07 +02:00
parent 9322e49037
commit 002323340a
3 changed files with 94 additions and 17 deletions

View file

@ -84,19 +84,43 @@ void ccm_free( ccm_context *ctx );
* \param tag_len length of the tag to generate in bytes * \param tag_len length of the tag to generate in bytes
* must be 4, 6, 8, 10, 14 or 16 * must be 4, 6, 8, 10, 14 or 16
* *
* \note The tag is written to a separete buffer. To get the tag * \note The tag is written to a separate buffer. To get the tag
* concatenated with the output as in the CCM spec, use * concatenated with the output as in the CCM spec, use
* tag = output + length and make sure the output buffer is * tag = output + length and make sure the output buffer is
* at least length + tag_len wide. * at least length + tag_len wide.
* *
* \return 0 if successful * \return 0 if successful
*/ */
int ccm_crypt_and_tag( ccm_context *ctx, size_t length, int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len, const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len, const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len ); unsigned char *tag, size_t tag_len );
/**
* \brief CCM buffer authenticated decryption
*
* \todo Document if input/output buffers can be the same
*
* \param ctx CCM context
* \param length length of the input data
* \param iv initialization vector
* \param iv_len length of IV
* \param add additional data
* \param add_len length of additional data
* \param input buffer holding the input data
* \param output buffer for holding the output data
* \param tag buffer holding the tag
* \param tag_len length of the tag
*
* \return 0 if successful and authenticated,
* POLARSSL_ERR_CCM_AUTH_FAILED if tag does not match
*/
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C) #if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
/** /**

View file

@ -42,6 +42,9 @@
#include "polarssl/ccm.h" #include "polarssl/ccm.h"
#define CCM_ENCRYPT 0
#define CCM_DECRYPT 1
/* /*
* Initialize context * Initialize context
*/ */
@ -110,13 +113,13 @@ void ccm_free( ccm_context *ctx )
} }
/* /*
* Authenticated encryption * Authenticated encryption or decryption
*/ */
int ccm_crypt_and_tag( ccm_context *ctx, size_t length, static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length,
const unsigned char *iv, size_t iv_len, const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len, const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len ) unsigned char *tag, size_t tag_len )
{ {
int ret; int ret;
unsigned char i; unsigned char i;
@ -143,6 +146,9 @@ int ccm_crypt_and_tag( ccm_context *ctx, size_t length,
if( add_len > 0xFF00 ) if( add_len > 0xFF00 )
return( POLARSSL_ERR_CCM_BAD_INPUT ); return( POLARSSL_ERR_CCM_BAD_INPUT );
if( mode != CCM_ENCRYPT )
return( POLARSSL_ERR_CCM_BAD_INPUT ); /* Not implemented yet */
/* /*
* First block B_0: * First block B_0:
* 0 .. 0 flags * 0 .. 0 flags
@ -281,6 +287,53 @@ int ccm_crypt_and_tag( ccm_context *ctx, size_t length,
return( 0 ); return( 0 );
} }
/*
* Authenticated encryption
*/
int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len ) );
}
/*
* Authenticated decryption
*/
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len )
{
int ret;
unsigned char check_tag[16];
unsigned char i;
int diff;
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, check_tag, tag_len ) ) != 0 )
{
return( ret );
}
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < tag_len; i++ )
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
memset( output, 0, length );
return( POLARSSL_ERR_CCM_AUTH_FAILED );
}
return( 0 );
}
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C) #if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
@ -357,10 +410,10 @@ int ccm_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
polarssl_printf( " CCM-AES #%u: ", (unsigned int) i + 1 ); polarssl_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
ret = ccm_crypt_and_tag( &ctx, msg_len[i], ret = ccm_encrypt_and_tag( &ctx, msg_len[i],
iv, iv_len[i], ad, add_len[i], iv, iv_len[i], ad, add_len[i],
msg, out, msg, out,
out + msg_len[i], tag_len[i] ); out + msg_len[i], tag_len[i] );
if( ret != 0 || if( ret != 0 ||
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 ) memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )

View file

@ -62,7 +62,7 @@ void ccm_encrypt_and_tag( int cipher_id,
TEST_ASSERT( ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 ); TEST_ASSERT( ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 );
TEST_ASSERT( ccm_crypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len, TEST_ASSERT( ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
msg, output, output + msg_len, tag_len ) == 0 ); msg, output, output + msg_len, tag_len ) == 0 );
TEST_ASSERT( memcmp( output, result, result_len ) == 0 ); TEST_ASSERT( memcmp( output, result, result_len ) == 0 );