Commit fbf91878 by Sebastian Renner

NIST enc/dec wrapper functions for AES GCM

parent 8d7af98d
#define CRYPTO_KEYBYTES 16
#define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 12
#define CRYPTO_ABYTES 16
#define CRYPTO_NOOVERLAP 1
#pragma once
#define MBEDTLS_GCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_AES_C
#define MBEDTLS_SELF_TEST
/* Reference implementation of ACE-128 AEAD
Written by:
Kalikinkar Mandal <kmandal@uwaterloo.ca>
*/
typedef unsigned long long u64;
int ace_init(
unsigned char *state,
const unsigned char *npub,
const unsigned char *k
);
int ace_ad(
unsigned char *state,
const unsigned char *ad,
const u64 adlen
);
int ace_gentag(
unsigned char *tag,
const unsigned char tlen,
unsigned char *state,
const unsigned char *k
);
int crypto_encrypt(
unsigned char *c,unsigned long long *clen,
const unsigned char *m,unsigned long long mlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k
);
int crypto_decrypt(
unsigned char *m,unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c,unsigned long long clen,
const unsigned char *npub,
const unsigned char *k
);
int crypto_aead_encrypt(
unsigned char *c, unsigned long long *clen,
const unsigned char *m, unsigned long long mlen,
const unsigned char *ad, unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k
);
int crypto_aead_decrypt(
unsigned char *m, unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c, unsigned long long clen,
const unsigned char *ad, unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k
);
int ace_gentag(
unsigned char *tag,
const unsigned char tlen,
unsigned char *state,
const unsigned char *k
);
#include "gcm.h" #include "gcm.h"
#include "platform_util.h" #include "platform_util.h"
#include "api.h"
#include <stdio.h> #include <stdio.h>
#include "crypto_aead.h"
static void single_encryption(void) { static void single_encryption(void) {
mbedtls_gcm_context ctx;
unsigned char buf[64];
unsigned char tag_buf[16];
int ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
// 32 bytes.. that's 256 bits // 32 bytes.. that's 256 bits
const unsigned char key[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }; 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
unsigned char plaintext[64] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 };
unsigned char expected_ciphertext[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85}; 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
const unsigned char initial_value[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 }; 0xde, 0xca, 0xf8, 0x88 };
const unsigned char additional[] = {}; unsigned char ad[1400];
unsigned long long adlen = 0;
unsigned long long mlen = 0;
unsigned long long clen = 64;
unsigned char m[1400];
unsigned char nsec[CRYPTO_NSECBYTES];
mbedtls_gcm_init( &ctx );
//mbedtls_gcm_init( &ctx );
// 128 bits, not bytes! // 128 bits, not bytes!
ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 ); //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
// Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
//ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
//mbedtls_gcm_free( &ctx );
int res;
ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf); res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k);
mbedtls_gcm_free( &ctx ); if (res == 0) {
if (memcmp(buf, expected_ciphertext, 64) == 0) { printf("Local decryption test workerino!\n");
printf("Local test workerino!\n");
} else { } else {
printf("Local test failed -.-\n"); printf("Local test failed -.-\n");
} }
...@@ -48,7 +48,7 @@ static void single_encryption(void) { ...@@ -48,7 +48,7 @@ static void single_encryption(void) {
} }
int main(void) { int main(void) {
mbedtls_gcm_self_test(1); //mbedtls_gcm_self_test(1);
single_encryption(); single_encryption();
return 0; return 0;
} }
#include "gcm.h"
#include "platform_util.h"
#include "api.h"
#include <stdio.h>
#include "crypto_aead.h"
static void single_encryption(void) {
// 32 bytes.. that's 256 bits
const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
unsigned char m[64] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 };
unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 };
unsigned char ad[1400];
unsigned long long adlen = 0;
unsigned long long mlen = 64;
unsigned long long clen = 0;
unsigned char c[1400];
unsigned char nsec[CRYPTO_NSECBYTES];
//mbedtls_gcm_init( &ctx );
// 128 bits, not bytes!
//ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
// Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
//ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
//mbedtls_gcm_free( &ctx );
int res;
res = crypto_aead_encrypt(c, &clen, m, mlen, ad, adlen, nsec, npub, k);
if (res == 0) {
printf("Local encryption test workerino!\n");
} else {
printf("Local test failed -.-\n");
}
}
int main(void) {
//mbedtls_gcm_self_test(1);
single_encryption();
return 0;
}
...@@ -38,6 +38,7 @@ ...@@ -38,6 +38,7 @@
#if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_GCM_C)
#include "gcm.h" #include "gcm.h"
#include "crypto_aead.h"
#include "platform_util.h" #include "platform_util.h"
#include <string.h> #include <string.h>
...@@ -96,6 +97,51 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) ...@@ -96,6 +97,51 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
} }
/* /*
* Encrypt function for NIST API
*/
int crypto_aead_encrypt(
unsigned char *c,unsigned long long *clen,
const unsigned char *m,unsigned long long mlen,
const unsigned char *ad,unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k
)
{
mbedtls_gcm_context ctx;
unsigned char tag_buf[16];
int ret;
mbedtls_gcm_init( &ctx );
ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128);
ret = mbedtls_gcm_crypt_and_tag( &ctx, 1, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
mbedtls_gcm_free( &ctx );
return ret;
}
int crypto_aead_decrypt(
unsigned char *m, unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c, unsigned long long clen,
const unsigned char *ad, unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k
)
{
mbedtls_gcm_context ctx;
unsigned char tag_buf[16];
int ret;
mbedtls_gcm_init( &ctx );
ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128);
ret = mbedtls_gcm_crypt_and_tag( &ctx, 0, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
mbedtls_gcm_free( &ctx );
return ret;
}
/*
* Precompute small multiples of H, that is set * Precompute small multiples of H, that is set
* HH[i] || HL[i] = H times i, * HH[i] || HL[i] = H times i,
* where i is seen as a field element as in [MGV], ie high-order bits * where i is seen as a field element as in [MGV], ie high-order bits
...@@ -103,6 +149,7 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) ...@@ -103,6 +149,7 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
* is the high-order bit of HH corresponds to P^0 and the low-order bit of HL * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
* corresponds to P^127. * corresponds to P^127.
*/ */
static int gcm_gen_table( mbedtls_gcm_context *ctx ) static int gcm_gen_table( mbedtls_gcm_context *ctx )
{ {
int ret, i, j; int ret, i, j;
......
#include "gcm.h"
#include "platform_util.h"
#include "api.h"
#include <stdio.h>
#include "crypto_aead.h"
static void single_encryption(void) {
// 32 bytes.. that's 256 bits
const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 };
unsigned char ad[1400];
unsigned long long adlen = 0;
unsigned long long mlen = 0;
unsigned long long clen = 64;
unsigned char m[1400];
unsigned char nsec[CRYPTO_NSECBYTES];
//mbedtls_gcm_init( &ctx );
// 128 bits, not bytes!
//ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
// Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
//ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
//mbedtls_gcm_free( &ctx );
int res;
res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k);
if (res == 0) {
printf("Local decryption test workerino!\n");
} else {
printf("Local test failed -.-\n");
}
}
int main(void) {
//mbedtls_gcm_self_test(1);
single_encryption();
return 0;
}
#include "gcm.h"
#include "platform_util.h"
#include "api.h"
#include <stdio.h>
#include "crypto_aead.h"
static void single_encryption(void) {
// 32 bytes.. that's 256 bits
const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 };
unsigned char ad[1400];
unsigned long long adlen = 0;
unsigned long long mlen = 0;
unsigned long long clen = 64;
unsigned char m[1400];
unsigned char nsec[CRYPTO_NSECBYTES];
//mbedtls_gcm_init( &ctx );
// 128 bits, not bytes!
//ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
// Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
//ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
//mbedtls_gcm_free( &ctx );
int res;
res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k);
if (res == 0) {
printf("Local decryption test workerino!\n");
} else {
printf("Local test failed -.-\n");
}
}
int main(void) {
//mbedtls_gcm_self_test(1);
single_encryption();
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment