NIST enc/dec wrapper functions for AES GCM

mbed_aes_gcm/.gitignore

+out.dSYM
+out
+*.o

mbed_aes_gcm/api.h

+#define CRYPTO_KEYBYTES 16
+#define CRYPTO_NSECBYTES 0 
+#define CRYPTO_NPUBBYTES 12 
+#define CRYPTO_ABYTES 16 
+#define CRYPTO_NOOVERLAP 1 

mbed_aes_gcm/config.h

+#pragma once
+#define MBEDTLS_GCM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_SELF_TEST

mbed_aes_gcm/crypto_aead.h

+/* Reference implementation of ACE-128 AEAD
+ Written by:
+ Kalikinkar Mandal <kmandal@uwaterloo.ca>
+ */
+
+typedef unsigned long long u64;
+
+int ace_init(
+			unsigned char *state, 
+			const unsigned char *npub,
+			const unsigned char *k
+			);
+int ace_ad(
+			unsigned char *state,
+			const unsigned char *ad, 
+			const u64 adlen
+		     );
+
+int ace_gentag(
+			unsigned char *tag, 
+			const unsigned char tlen,
+			unsigned char *state, 
+			const unsigned char *k
+			);
+int crypto_encrypt(
+		   unsigned char *c,unsigned long long *clen,
+		   const unsigned char *m,unsigned long long mlen,
+		   const unsigned char *nsec,
+		   const unsigned char *npub,
+		   const unsigned char *k
+		   );
+
+int crypto_decrypt(
+			unsigned char *m,unsigned long long *mlen,
+			unsigned char *nsec,
+			const unsigned char *c,unsigned long long clen,
+			const unsigned char *npub,
+			const unsigned char *k
+			);
+
+int crypto_aead_encrypt(
+	unsigned char *c, unsigned long long *clen,
+	const unsigned char *m, unsigned long long mlen,
+	const unsigned char *ad, unsigned long long adlen,
+	const unsigned char *nsec,
+	const unsigned char *npub,
+	const unsigned char *k
+);
+
+int crypto_aead_decrypt(
+	unsigned char *m, unsigned long long *mlen,
+	unsigned char *nsec,
+	const unsigned char *c, unsigned long long clen,
+	const unsigned char *ad, unsigned long long adlen,
+	const unsigned char *npub,
+	const unsigned char *k
+);
+
+int ace_gentag(
+               unsigned char *tag,
+               const unsigned char tlen,
+               unsigned char *state,
+               const unsigned char *k
+               );

templates/blackpill/Src/mygcmmain.c → mbed_aes_gcm/example_decryption.c

 #include "gcm.h"
 #include "platform_util.h"
+#include "api.h"
 #include <stdio.h>
+#include "crypto_aead.h"
 
 static void single_encryption(void) {
-    mbedtls_gcm_context ctx;
-    unsigned char buf[64];
-    unsigned char tag_buf[16];
-    int ret;
-    mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
     // 32 bytes.. that's 256 bits
-    const unsigned char key[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
       0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
       0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
       0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
-    unsigned char plaintext[64] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-      0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 };
-    unsigned char expected_ciphertext[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+    unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
       0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
       0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
       0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
       0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
       0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
       0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-      0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
-    const unsigned char initial_value[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
+    unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
       0xde, 0xca, 0xf8, 0x88 };
-    const unsigned char additional[] = {};
+    unsigned char ad[1400];
+    unsigned long long adlen = 0;
+    unsigned long long mlen = 0;
+    unsigned long long clen = 64;
+    unsigned char m[1400];
+    unsigned char nsec[CRYPTO_NSECBYTES];
 
-    mbedtls_gcm_init( &ctx );
-    // 128 bits, not bytes!
-    ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
 
-    ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
-    mbedtls_gcm_free( &ctx );
-    if (memcmp(buf, expected_ciphertext, 64) == 0) {
-        printf("Local test workerino!\n");
+    //mbedtls_gcm_init( &ctx );
+    // 128 bits, not bytes!
+    //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
+    
+    // Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
+    //ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
+    //mbedtls_gcm_free( &ctx );
+    
+    int res;
+    
+    res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k); 
+    if (res  == 0) {
+        printf("Local decryption test workerino!\n");
     } else {
         printf("Local test failed -.-\n");
     }
@@ -48,7 +48,7 @@ static void single_encryption(void) {
 }
 
 int main(void) {
-    mbedtls_gcm_self_test(1);
+    //mbedtls_gcm_self_test(1);
     single_encryption();
     return 0;
 }

mbed_aes_gcm/example_encryption.c

+#include "gcm.h"
+#include "platform_util.h"
+#include "api.h"
+#include <stdio.h>
+#include "crypto_aead.h"
+
+static void single_encryption(void) {
+    // 32 bytes.. that's 256 bits
+    const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
+    unsigned char m[64] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+      0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 };
+    unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+      0xde, 0xca, 0xf8, 0x88 };
+    unsigned char ad[1400];
+    unsigned long long adlen = 0;
+    unsigned long long mlen = 64;
+    unsigned long long clen = 0;
+    unsigned char c[1400];
+    unsigned char nsec[CRYPTO_NSECBYTES];
+
+
+    //mbedtls_gcm_init( &ctx );
+    // 128 bits, not bytes!
+    //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
+    
+    // Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
+    //ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
+    //mbedtls_gcm_free( &ctx );
+    
+    int res;
+    res = crypto_aead_encrypt(c, &clen, m, mlen, ad, adlen, nsec, npub, k);
+    if (res  == 0) {
+        printf("Local encryption test workerino!\n");
+    } else {
+        printf("Local test failed -.-\n");
+    }
+
+}
+
+int main(void) {
+    //mbedtls_gcm_self_test(1);
+    single_encryption();
+    return 0;
+}

templates/blackpill/Src/gcm.c → mbed_aes_gcm/gcm.c

@@ -38,6 +38,7 @@
 #if defined(MBEDTLS_GCM_C)
 
 #include "gcm.h"
+#include "crypto_aead.h"
 #include "platform_util.h"
 
 #include <string.h>
@@ -96,6 +97,51 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
 }
 
 /*
+ * Encrypt function for NIST API
+*/
+int crypto_aead_encrypt(
+      unsigned char *c,unsigned long long *clen,
+      const unsigned char *m,unsigned long long mlen,
+      const unsigned char *ad,unsigned long long adlen,
+      const unsigned char *nsec,
+      const unsigned char *npub,
+      const unsigned char *k
+      )
+{
+  mbedtls_gcm_context ctx;
+  unsigned char tag_buf[16];
+  int ret;
+
+  mbedtls_gcm_init( &ctx );
+  ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128);
+  ret = mbedtls_gcm_crypt_and_tag( &ctx, 1, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
+  mbedtls_gcm_free( &ctx );
+  
+  return ret;
+}
+
+int crypto_aead_decrypt(
+  unsigned char *m, unsigned long long *mlen,
+  unsigned char *nsec,
+  const unsigned char *c, unsigned long long clen,
+  const unsigned char *ad, unsigned long long adlen,
+  const unsigned char *npub,
+  const unsigned char *k
+)
+{
+  mbedtls_gcm_context ctx;
+  unsigned char tag_buf[16];
+  int ret;
+
+  mbedtls_gcm_init( &ctx );
+  ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128);
+  ret = mbedtls_gcm_crypt_and_tag( &ctx, 0, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
+  mbedtls_gcm_free( &ctx );
+  
+  return ret;
+
+}
+/*
  * Precompute small multiples of H, that is set
  *      HH[i] || HL[i] = H times i,
  * where i is seen as a field element as in [MGV], ie high-order bits
@@ -103,6 +149,7 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
  * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
  * corresponds to P^127.
  */
+
 static int gcm_gen_table( mbedtls_gcm_context *ctx )
 {
     int ret, i, j;

mbed_aes_gcm/main.

+#include "gcm.h"
+#include "platform_util.h"
+#include "api.h"
+#include <stdio.h>
+#include "crypto_aead.h"
+
+static void single_encryption(void) {
+    // 32 bytes.. that's 256 bits
+    const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
+    unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
+    unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+      0xde, 0xca, 0xf8, 0x88 };
+    unsigned char ad[1400];
+    unsigned long long adlen = 0;
+    unsigned long long mlen = 0;
+    unsigned long long clen = 64;
+    unsigned char m[1400];
+    unsigned char nsec[CRYPTO_NSECBYTES];
+
+
+    //mbedtls_gcm_init( &ctx );
+    // 128 bits, not bytes!
+    //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
+    
+    // Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
+    //ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
+    //mbedtls_gcm_free( &ctx );
+    
+    int res;
+    
+    res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k); 
+    if (res  == 0) {
+        printf("Local decryption test workerino!\n");
+    } else {
+        printf("Local test failed -.-\n");
+    }
+
+}
+
+int main(void) {
+    //mbedtls_gcm_self_test(1);
+    single_encryption();
+    return 0;
+}

mbed_aes_gcm/main.c

+#include "gcm.h"
+#include "platform_util.h"
+#include "api.h"
+#include <stdio.h>
+#include "crypto_aead.h"
+
+static void single_encryption(void) {
+    // 32 bytes.. that's 256 bits
+    const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
+    unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
+    unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+      0xde, 0xca, 0xf8, 0x88 };
+    unsigned char ad[1400];
+    unsigned long long adlen = 0;
+    unsigned long long mlen = 0;
+    unsigned long long clen = 64;
+    unsigned char m[1400];
+    unsigned char nsec[CRYPTO_NSECBYTES];
+
+
+    //mbedtls_gcm_init( &ctx );
+    // 128 bits, not bytes!
+    //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
+    
+    // Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
+    //ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
+    //mbedtls_gcm_free( &ctx );
+    
+    int res;
+    
+    res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k); 
+    if (res  == 0) {
+        printf("Local decryption test workerino!\n");
+    } else {
+        printf("Local test failed -.-\n");
+    }
+
+}
+
+int main(void) {
+    //mbedtls_gcm_self_test(1);
+    single_encryption();
+    return 0;
+}