AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'public/pr/1667' into development

Browse Source
This commit is contained in:
Simon Butcher 2018-06-12 16:40:07 +01:00
commit 263498ac36
4 changed files with 345 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
include/mbedtls/ccm.h
View File

@ -14,6 +14,18 @@
* <li>Nonce - A unique value that is assigned to the payload and the
* associated data.</li></ul>
*
* Definition of CCM:
* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
* RFC 3610 "Counter with CBC-MAC (CCM)"
*
* Related:
* RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
*
* Definition of CCM*:
* IEEE 802.15.4 - IEEE Standard for Local and metropolitan area networks
* Integer representation is fixed most-significant-octet-first order and
* the representation of octets is most-significant-bit-first order. This is
* consistent with RFC 3610.
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@ -102,7 +114,6 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
/**
* \brief This function encrypts a buffer using CCM.
*
*
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
* Counter with CBC-MAC (CCM)</em>, use
@ -112,15 +123,17 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
* \param ctx The CCM context to use for encryption.
* \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce).
* \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field.
* \param add_len The length of additional data in Bytes.
* Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
* Must be at least \p length Bytes wide.
* \param tag The buffer holding the tag.
* \param tag_len The length of the tag to generate in Bytes:
* \param tag The buffer holding the authentication field.
* \param tag_len The length of the authentication field to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16.
*
* \return \c 0 on success.
@ -133,21 +146,64 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
unsigned char *tag, size_t tag_len );
/**
* \brief This function performs a CCM authenticated decryption of a
* buffer.
* \brief This function encrypts a buffer using CCM*.
*
* \param ctx The CCM context to use for decryption.
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
* Counter with CBC-MAC (CCM)</em>, use
* \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide.
*
* \note When using this function in a variable tag length context,
* the tag length has to be encoded into the \p iv passed to
* this function.
*
* \param ctx The CCM context to use for encryption.
* \param length The length of the input data in Bytes.
* \param iv Initialization vector.
* \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
* \param iv Initialization vector (nonce).
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field.
* \param add_len The length of additional data in Bytes.
* Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
* Must be at least \p length Bytes wide.
* \param tag The buffer holding the tag.
* \param tag_len The length of the tag in Bytes.
* \param tag The buffer holding the authentication field.
* \param tag_len The length of the authentication field to generate in Bytes:
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
* \warning Passing 0 as \p tag_len means that the message is no
* longer authenticated.
*
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
/**
* \brief This function performs a CCM authenticated decryption of a
* buffer.
*
* \param ctx The CCM context to use for decryption.
* \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce).
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field.
* \param add_len The length of additional data in Bytes.
* Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
* Must be at least \p length Bytes wide.
* \param tag The buffer holding the authentication field.
* \param tag_len The length of the authentication field in Bytes.
* 4, 6, 8, 10, 12, 14 or 16.
*
* \return \c 0 on success. This indicates that the message is authentic.
@ -160,6 +216,43 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
/**
* \brief This function performs a CCM* authenticated decryption of a
* buffer.
*
* \note When using this function in a variable tag length context,
* the tag length has to be decoded from \p iv and passed to
* this function as \p tag_len. (\p tag needs to be adjusted
* accordingly.)
*
* \param ctx The CCM context to use for decryption.
* \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce).
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field.
* \param add_len The length of additional data in Bytes.
* Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
* Must be at least \p length Bytes wide.
* \param tag The buffer holding the authentication field.
* \param tag_len The length of the authentication field in Bytes.
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
* \warning Passing 0 as \p tag_len means that the message is no
* longer authenticated.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**

33
library/ccm.c
View File

@ -152,8 +152,10 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
* Check length requirements: SP800-38C A.1
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
* 'length' checked later (when writing it to the first block)
*
* Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
*/
if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
/* Also implies q is within bounds */
@ -302,7 +304,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
/*
* Authenticated encryption
*/
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
@ -312,10 +314,23 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
add, add_len, input, output, tag, tag_len ) );
}
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len ) );
}
/*
* Authenticated decryption
*/
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
@ -346,6 +361,18 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
return( 0 );
}
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len )
{
if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len ) );
}
#endif /* !MBEDTLS_CCM_ALT */
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)

33
tests/suites/test_suite_ccm.data
View File

@ -41,6 +41,39 @@ ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT
CCM lengths #8 msg too long for this IV length (2^16, q = 2)
ccm_lengths:65536:13:5:8:MBEDTLS_ERR_CCM_BAD_INPUT
CCM lengths #9 tag length 0
ccm_lengths:5:10:5:0:MBEDTLS_ERR_CCM_BAD_INPUT
CCM* fixed tag lengths #1 all OK
ccm_star_lengths:5:10:5:8:0
CCM* fixed tag lengths #2 all OK - tag length 0
ccm_star_lengths:5:10:5:0:0
CCM* encrypt and tag #1
depends_on:MBEDTLS_AES_C
mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"":"ACDE480000000001":"00000005":2:"08D0842143010000000048DEAC020500000055CF000051525354":"223BC1EC841AB553":0
CCM* encrypt and tag #2
depends_on:MBEDTLS_AES_C
mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"61626364":"ACDE480000000001":"00000005":4:"69DC842143020000000048DEAC010000000048DEAC0405000000":"D43E022B":0
CCM* encrypt and tag #3
depends_on:MBEDTLS_AES_C
mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"CE":"ACDE480000000001":"00000005":6:"2BDC842143020000000048DEACFFFF010000000048DEAC060500000001":"D84FDE529061F9C6F1":0
CCM* auth decrypt tag #1
depends_on:MBEDTLS_AES_C
mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"223BC1EC841AB553":"ACDE480000000001":"00000005":2:"08D0842143010000000048DEAC020500000055CF000051525354":"":0
CCM* auth decrypt tag #2
depends_on:MBEDTLS_AES_C
mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"D43E022B":"ACDE480000000001":"00000005":4:"69DC842143020000000048DEAC010000000048DEAC0405000000":"61626364":0
CCM* auth decrypt tag #3
depends_on:MBEDTLS_AES_C
mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"D84FDE529061F9C6F1":"ACDE480000000001":"00000005":6:"2BDC842143020000000048DEACFFFF010000000048DEAC060500000001":"CE":0
CCM encrypt and tag RFC 3610 #1
depends_on:MBEDTLS_AES_C
mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"00000003020100A0A1A2A3A4A5":"0001020304050607":"588C979A61C663D2F066D0C2C0F989806D5F6B61DAC38417E8D12CFDF926E0"

178
tests/suites/test_suite_ccm.function
View File

@ -74,6 +74,47 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void ccm_star_lengths( int msg_len, int iv_len, int add_len, int tag_len,
int res )
{
mbedtls_ccm_context ctx;
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
unsigned char add[10];
unsigned char out[10];
unsigned char tag[18];
int decrypt_ret;
mbedtls_ccm_init( &ctx );
memset( key, 0, sizeof( key ) );
memset( msg, 0, sizeof( msg ) );
memset( iv, 0, sizeof( iv ) );
memset( add, 0, sizeof( add ) );
memset( out, 0, sizeof( out ) );
memset( tag, 0, sizeof( tag ) );
TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
key, 8 * sizeof( key ) ) == 0 );
TEST_ASSERT( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len,
add, add_len, msg, out, tag, tag_len ) == res );
decrypt_ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, add,
add_len, msg, out, tag, tag_len );
if( res == 0 && tag_len != 0 )
TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
else
TEST_ASSERT( decrypt_ret == res );
exit:
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ccm_encrypt_and_tag( int cipher_id,
char *key_hex, char *msg_hex,
@ -187,3 +228,140 @@ exit:
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
char *key_hex, char *msg_hex,
char *source_address_hex, char *frame_counter_hex,
int sec_level, char *add_hex,
char *result_hex, int output_ret )
{
unsigned char key[32];
unsigned char msg[50];
unsigned char iv[13];
unsigned char add[32];
unsigned char result[50];
unsigned char source_address[8];
unsigned char frame_counter[4];
mbedtls_ccm_context ctx;
size_t i, key_len, msg_len, iv_len, add_len, result_len, source_address_len, frame_counter_len, tag_len;
int ret;
mbedtls_ccm_init( &ctx );
memset( key, 0x00, sizeof( key ) );
memset( msg, 0x00, sizeof( msg ) );
memset( iv, 0x00, sizeof( iv ) );
memset( add, 0x00, sizeof( add ) );
memset( result, 0x00, sizeof( result ) );
memset( source_address, 0x00, sizeof( source_address ) );
memset( frame_counter, 0x00, sizeof( frame_counter ) );
key_len = unhexify( key, key_hex );
msg_len = unhexify( msg, msg_hex );
add_len = unhexify( add, add_hex );
result_len = unhexify( result, result_hex );
source_address_len = unhexify( source_address, source_address_hex );
frame_counter_len = unhexify( frame_counter, frame_counter_hex );
if( sec_level % 4 == 0)
tag_len = 0;
else
tag_len = 1 << ( sec_level % 4 + 1);
for( i = 0; i < source_address_len; i++ )
iv[i] = source_address[i];
for( i = 0; i < frame_counter_len; i++ )
iv[source_address_len + i] = frame_counter[i];
iv[source_address_len + frame_counter_len] = sec_level;
iv_len = sizeof( iv );
TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len,
add, add_len, msg, msg, msg + msg_len, tag_len );
TEST_ASSERT( ret == output_ret );
TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
/* Check we didn't write past the end */
TEST_ASSERT( msg[result_len] == 0 && msg[result_len + 1] == 0 );
exit:
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ccm_star_auth_decrypt( int cipher_id,
char *key_hex, char *msg_hex,
char *source_address_hex, char *frame_counter_hex,
int sec_level, char *add_hex,
char *result_hex, int output_ret )
{
unsigned char key[32];
unsigned char msg[50];
unsigned char iv[13];
unsigned char add[32];
unsigned char tag[16];
unsigned char result[50];
unsigned char source_address[8];
unsigned char frame_counter[4];
mbedtls_ccm_context ctx;
size_t i, key_len, msg_len, iv_len, add_len, tag_len, result_len, source_address_len, frame_counter_len;
int ret;
mbedtls_ccm_init( &ctx );
memset( key, 0x00, sizeof( key ) );
memset( msg, 0x00, sizeof( msg ) );
memset( iv, 0x00, sizeof( iv ) );
memset( add, 0x00, sizeof( add ) );
memset( result, 0x00, sizeof( result ) );
memset( source_address, 0x00, sizeof( source_address ) );
memset( frame_counter, 0x00, sizeof( frame_counter ) );
memset( tag, 0x00, sizeof( tag ) );
key_len = unhexify( key, key_hex );
msg_len = unhexify( msg, msg_hex );
add_len = unhexify( add, add_hex );
result_len = unhexify( result, result_hex );
source_address_len = unhexify( source_address, source_address_hex );
frame_counter_len = unhexify( frame_counter, frame_counter_hex );
if( sec_level % 4 == 0)
tag_len = 0;
else
tag_len = 1 << ( sec_level % 4 + 1);
for( i = 0; i < source_address_len; i++ )
iv[i] = source_address[i];
for( i = 0; i < frame_counter_len; i++ )
iv[source_address_len + i] = frame_counter[i];
iv[source_address_len + frame_counter_len] = sec_level;
iv_len = sizeof( iv );
msg_len -= tag_len;
memcpy( tag, msg + msg_len, tag_len );
TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len,
add, add_len, msg, msg, msg + msg_len, tag_len );
TEST_ASSERT( ret == output_ret );
TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
/* Check we didn't write past the end (where the original tag is) */
TEST_ASSERT( memcmp( msg + msg_len, tag, tag_len ) == 0 );
exit:
mbedtls_ccm_free( &ctx );
}
/* END_CASE */