Refactor to prepare for CCM decryption
This commit is contained in:
parent
9322e49037
commit
002323340a
3 changed files with 94 additions and 17 deletions
|
@ -84,19 +84,43 @@ void ccm_free( ccm_context *ctx );
|
||||||
* \param tag_len length of the tag to generate in bytes
|
* \param tag_len length of the tag to generate in bytes
|
||||||
* must be 4, 6, 8, 10, 14 or 16
|
* must be 4, 6, 8, 10, 14 or 16
|
||||||
*
|
*
|
||||||
* \note The tag is written to a separete buffer. To get the tag
|
* \note The tag is written to a separate buffer. To get the tag
|
||||||
* concatenated with the output as in the CCM spec, use
|
* concatenated with the output as in the CCM spec, use
|
||||||
* tag = output + length and make sure the output buffer is
|
* tag = output + length and make sure the output buffer is
|
||||||
* at least length + tag_len wide.
|
* at least length + tag_len wide.
|
||||||
*
|
*
|
||||||
* \return 0 if successful
|
* \return 0 if successful
|
||||||
*/
|
*/
|
||||||
int ccm_crypt_and_tag( ccm_context *ctx, size_t length,
|
int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
|
||||||
const unsigned char *iv, size_t iv_len,
|
const unsigned char *iv, size_t iv_len,
|
||||||
const unsigned char *add, size_t add_len,
|
const unsigned char *add, size_t add_len,
|
||||||
const unsigned char *input, unsigned char *output,
|
const unsigned char *input, unsigned char *output,
|
||||||
unsigned char *tag, size_t tag_len );
|
unsigned char *tag, size_t tag_len );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief CCM buffer authenticated decryption
|
||||||
|
*
|
||||||
|
* \todo Document if input/output buffers can be the same
|
||||||
|
*
|
||||||
|
* \param ctx CCM context
|
||||||
|
* \param length length of the input data
|
||||||
|
* \param iv initialization vector
|
||||||
|
* \param iv_len length of IV
|
||||||
|
* \param add additional data
|
||||||
|
* \param add_len length of additional data
|
||||||
|
* \param input buffer holding the input data
|
||||||
|
* \param output buffer for holding the output data
|
||||||
|
* \param tag buffer holding the tag
|
||||||
|
* \param tag_len length of the tag
|
||||||
|
*
|
||||||
|
* \return 0 if successful and authenticated,
|
||||||
|
* POLARSSL_ERR_CCM_AUTH_FAILED if tag does not match
|
||||||
|
*/
|
||||||
|
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
|
||||||
|
const unsigned char *iv, size_t iv_len,
|
||||||
|
const unsigned char *add, size_t add_len,
|
||||||
|
const unsigned char *input, unsigned char *output,
|
||||||
|
const unsigned char *tag, size_t tag_len );
|
||||||
|
|
||||||
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -42,6 +42,9 @@
|
||||||
|
|
||||||
#include "polarssl/ccm.h"
|
#include "polarssl/ccm.h"
|
||||||
|
|
||||||
|
#define CCM_ENCRYPT 0
|
||||||
|
#define CCM_DECRYPT 1
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialize context
|
* Initialize context
|
||||||
*/
|
*/
|
||||||
|
@ -110,13 +113,13 @@ void ccm_free( ccm_context *ctx )
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Authenticated encryption
|
* Authenticated encryption or decryption
|
||||||
*/
|
*/
|
||||||
int ccm_crypt_and_tag( ccm_context *ctx, size_t length,
|
static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length,
|
||||||
const unsigned char *iv, size_t iv_len,
|
const unsigned char *iv, size_t iv_len,
|
||||||
const unsigned char *add, size_t add_len,
|
const unsigned char *add, size_t add_len,
|
||||||
const unsigned char *input, unsigned char *output,
|
const unsigned char *input, unsigned char *output,
|
||||||
unsigned char *tag, size_t tag_len )
|
unsigned char *tag, size_t tag_len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char i;
|
unsigned char i;
|
||||||
|
@ -143,6 +146,9 @@ int ccm_crypt_and_tag( ccm_context *ctx, size_t length,
|
||||||
if( add_len > 0xFF00 )
|
if( add_len > 0xFF00 )
|
||||||
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
||||||
|
|
||||||
|
if( mode != CCM_ENCRYPT )
|
||||||
|
return( POLARSSL_ERR_CCM_BAD_INPUT ); /* Not implemented yet */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* First block B_0:
|
* First block B_0:
|
||||||
* 0 .. 0 flags
|
* 0 .. 0 flags
|
||||||
|
@ -281,6 +287,53 @@ int ccm_crypt_and_tag( ccm_context *ctx, size_t length,
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Authenticated encryption
|
||||||
|
*/
|
||||||
|
int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
|
||||||
|
const unsigned char *iv, size_t iv_len,
|
||||||
|
const unsigned char *add, size_t add_len,
|
||||||
|
const unsigned char *input, unsigned char *output,
|
||||||
|
unsigned char *tag, size_t tag_len )
|
||||||
|
{
|
||||||
|
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
|
||||||
|
add, add_len, input, output, tag, tag_len ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Authenticated decryption
|
||||||
|
*/
|
||||||
|
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
|
||||||
|
const unsigned char *iv, size_t iv_len,
|
||||||
|
const unsigned char *add, size_t add_len,
|
||||||
|
const unsigned char *input, unsigned char *output,
|
||||||
|
const unsigned char *tag, size_t tag_len )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
unsigned char check_tag[16];
|
||||||
|
unsigned char i;
|
||||||
|
int diff;
|
||||||
|
|
||||||
|
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
|
||||||
|
iv, iv_len, add, add_len,
|
||||||
|
input, output, check_tag, tag_len ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check tag in "constant-time" */
|
||||||
|
for( diff = 0, i = 0; i < tag_len; i++ )
|
||||||
|
diff |= tag[i] ^ check_tag[i];
|
||||||
|
|
||||||
|
if( diff != 0 )
|
||||||
|
{
|
||||||
|
memset( output, 0, length );
|
||||||
|
return( POLARSSL_ERR_CCM_AUTH_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
|
||||||
|
|
||||||
|
@ -357,10 +410,10 @@ int ccm_self_test( int verbose )
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
polarssl_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
|
polarssl_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
|
||||||
|
|
||||||
ret = ccm_crypt_and_tag( &ctx, msg_len[i],
|
ret = ccm_encrypt_and_tag( &ctx, msg_len[i],
|
||||||
iv, iv_len[i], ad, add_len[i],
|
iv, iv_len[i], ad, add_len[i],
|
||||||
msg, out,
|
msg, out,
|
||||||
out + msg_len[i], tag_len[i] );
|
out + msg_len[i], tag_len[i] );
|
||||||
|
|
||||||
if( ret != 0 ||
|
if( ret != 0 ||
|
||||||
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
|
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
|
||||||
|
|
|
@ -62,7 +62,7 @@ void ccm_encrypt_and_tag( int cipher_id,
|
||||||
|
|
||||||
TEST_ASSERT( ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 );
|
TEST_ASSERT( ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( ccm_crypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
|
TEST_ASSERT( ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
|
||||||
msg, output, output + msg_len, tag_len ) == 0 );
|
msg, output, output + msg_len, tag_len ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( memcmp( output, result, result_len ) == 0 );
|
TEST_ASSERT( memcmp( output, result, result_len ) == 0 );
|
||||||
|
|
Loading…
Reference in a new issue