bool AES_CCM_Decrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbCrypto, size_t cbCrypto, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { mbedtls_ccm_context ctx; int cbOut; byte * rgbOut = NULL; int NSize = 15 - (LSize/8); byte rgbIV[15] = { 0 }; const cn_cbor * pIV = NULL; mbedtls_cipher_id_t cipher; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif mbedtls_ccm_init(&ctx); // Setup the IV/Nonce and put it into the message pIV = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, NULL); if ((pIV == NULL) || (pIV->type!= CN_CBOR_BYTES)) { if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER; errorReturn: if (rgbOut != NULL) COSE_FREE(rgbOut, context); mbedtls_ccm_free(&ctx); return false; } CHECK_CONDITION(pIV->length == NSize, COSE_ERR_INVALID_PARAMETER); memcpy(rgbIV, pIV->v.str, pIV->length); // Setup and run the mbedTLS code cipher = MBEDTLS_CIPHER_ID_AES; CHECK_CONDITION(!mbedtls_ccm_setkey(&ctx, cipher, pbKey, cbKey*8), COSE_ERR_CRYPTO_FAIL); TSize /= 8; // Comes in in bits not bytes. cbOut = (int) cbCrypto - TSize; rgbOut = (byte *)COSE_CALLOC(cbOut, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(!mbedtls_ccm_auth_decrypt(&ctx, cbOut, rgbIV, NSize, pbAuthData, cbAuthData, pbCrypto, rgbOut, &pbCrypto[cbOut], TSize), COSE_ERR_CRYPTO_FAIL); mbedtls_ccm_free(&ctx); pcose->pbContent = rgbOut; pcose->cbContent = cbOut; return true; }
int avs_crypto_aead_aes_ccm_decrypt(const unsigned char *key, size_t key_len, const unsigned char *iv, size_t iv_len, const unsigned char *aad, size_t aad_len, const unsigned char *input, size_t input_len, const unsigned char *tag, size_t tag_len, unsigned char *output) { assert(key); assert(iv); assert(!aad_len || aad); assert(!input_len || input); assert(tag); assert(!input_len || output); if (!_avs_crypto_aead_parameters_valid(key_len, iv_len, tag_len)) { return -1; } mbedtls_ccm_context ccm_ctx; mbedtls_ccm_init(&ccm_ctx); int result; (void) ((result = mbedtls_ccm_setkey(&ccm_ctx, MBEDTLS_CIPHER_ID_AES, key, (unsigned int) key_len * 8U)) || (result = mbedtls_ccm_auth_decrypt(&ccm_ctx, input_len, iv, iv_len, aad, aad_len, input, output, tag, tag_len))); mbedtls_ccm_free(&ccm_ctx); if (result) { LOG(ERROR, "mbed TLS error %d", result); return -1; } return 0; }
int main( int argc, char *argv[] ) { int i; unsigned char tmp[200]; char title[TITLE_LEN]; todo_list todo; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) unsigned char alloc_buf[HEAP_SIZE] = { 0 }; #endif if( argc <= 1 ) { memset( &todo, 1, sizeof( todo ) ); } else { memset( &todo, 0, sizeof( todo ) ); for( i = 1; i < argc; i++ ) { if( strcmp( argv[i], "md4" ) == 0 ) todo.md4 = 1; else if( strcmp( argv[i], "md5" ) == 0 ) todo.md5 = 1; else if( strcmp( argv[i], "ripemd160" ) == 0 ) todo.ripemd160 = 1; else if( strcmp( argv[i], "sha1" ) == 0 ) todo.sha1 = 1; else if( strcmp( argv[i], "sha256" ) == 0 ) todo.sha256 = 1; else if( strcmp( argv[i], "sha512" ) == 0 ) todo.sha512 = 1; else if( strcmp( argv[i], "arc4" ) == 0 ) todo.arc4 = 1; else if( strcmp( argv[i], "des3" ) == 0 ) todo.des3 = 1; else if( strcmp( argv[i], "des" ) == 0 ) todo.des = 1; else if( strcmp( argv[i], "aes_cbc" ) == 0 ) todo.aes_cbc = 1; else if( strcmp( argv[i], "aes_gcm" ) == 0 ) todo.aes_gcm = 1; else if( strcmp( argv[i], "aes_ccm" ) == 0 ) todo.aes_ccm = 1; else if( strcmp( argv[i], "aes_cmac" ) == 0 ) todo.aes_cmac = 1; else if( strcmp( argv[i], "des3_cmac" ) == 0 ) todo.des3_cmac = 1; else if( strcmp( argv[i], "camellia" ) == 0 ) todo.camellia = 1; else if( strcmp( argv[i], "blowfish" ) == 0 ) todo.blowfish = 1; else if( strcmp( argv[i], "havege" ) == 0 ) todo.havege = 1; else if( strcmp( argv[i], "ctr_drbg" ) == 0 ) todo.ctr_drbg = 1; else if( strcmp( argv[i], "hmac_drbg" ) == 0 ) todo.hmac_drbg = 1; else if( strcmp( argv[i], "rsa" ) == 0 ) todo.rsa = 1; else if( strcmp( argv[i], "dhm" ) == 0 ) todo.dhm = 1; else if( strcmp( argv[i], "ecdsa" ) == 0 ) todo.ecdsa = 1; else if( strcmp( argv[i], "ecdh" ) == 0 ) todo.ecdh = 1; else { mbedtls_printf( "Unrecognized option: %s\n", argv[i] ); mbedtls_printf( "Available options: " OPTIONS ); } } } mbedtls_printf( "\n" ); #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) ); #endif memset( buf, 0xAA, sizeof( buf ) ); memset( tmp, 0xBB, sizeof( tmp ) ); #if defined(MBEDTLS_MD4_C) if( todo.md4 ) TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_MD5_C) if( todo.md5 ) TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) if( todo.ripemd160 ) TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA1_C) if( todo.sha1 ) TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA256_C) if( todo.sha256 ) TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_SHA512_C) if( todo.sha512 ) TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_ARC4_C) if( todo.arc4 ) { mbedtls_arc4_context arc4; mbedtls_arc4_init( &arc4 ); mbedtls_arc4_setup( &arc4, tmp, 32 ); TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) ); mbedtls_arc4_free( &arc4 ); } #endif #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.des3 ) { mbedtls_des3_context des3; mbedtls_des3_init( &des3 ); mbedtls_des3_set3key_enc( &des3, tmp ); TIME_AND_TSC( "3DES", mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); mbedtls_des3_free( &des3 ); } if( todo.des ) { mbedtls_des_context des; mbedtls_des_init( &des ); mbedtls_des_setkey_enc( &des, tmp ); TIME_AND_TSC( "DES", mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); mbedtls_des_free( &des ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CMAC_C) if( todo.des3_cmac ) { unsigned char output[8]; const mbedtls_cipher_info_t *cipher_info; memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB ); TIME_AND_TSC( "3DES-CMAC", mbedtls_cipher_cmac( cipher_info, tmp, 192, buf, BUFSIZE, output ) ); } #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.aes_cbc ) { int keysize; mbedtls_aes_context aes; mbedtls_aes_init( &aes ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_aes_setkey_enc( &aes, tmp, keysize ); TIME_AND_TSC( title, mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } mbedtls_aes_free( &aes ); } #endif #if defined(MBEDTLS_GCM_C) if( todo.aes_gcm ) { int keysize; mbedtls_gcm_context gcm; mbedtls_gcm_init( &gcm ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); TIME_AND_TSC( title, mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp, 12, NULL, 0, buf, buf, 16, tmp ) ); mbedtls_gcm_free( &gcm ); } } #endif #if defined(MBEDTLS_CCM_C) if( todo.aes_ccm ) { int keysize; mbedtls_ccm_context ccm; mbedtls_ccm_init( &ccm ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); TIME_AND_TSC( title, mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp, 12, NULL, 0, buf, buf, tmp, 16 ) ); mbedtls_ccm_free( &ccm ); } } #endif #if defined(MBEDTLS_CMAC_C) if( todo.aes_cmac ) { unsigned char output[16]; const mbedtls_cipher_info_t *cipher_info; mbedtls_cipher_type_t cipher_type; int keysize; for( keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB; keysize <= 256; keysize += 64, cipher_type++ ) { mbedtls_snprintf( title, sizeof( title ), "AES-CMAC-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); cipher_info = mbedtls_cipher_info_from_type( cipher_type ); TIME_AND_TSC( title, mbedtls_cipher_cmac( cipher_info, tmp, keysize, buf, BUFSIZE, output ) ); } memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); TIME_AND_TSC( "AES-CMAC-PRF-128", mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE, output ) ); } #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.camellia ) { int keysize; mbedtls_camellia_context camellia; mbedtls_camellia_init( &camellia ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_camellia_setkey_enc( &camellia, tmp, keysize ); TIME_AND_TSC( title, mbedtls_camellia_crypt_cbc( &camellia, MBEDTLS_CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } mbedtls_camellia_free( &camellia ); } #endif #if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.blowfish ) { int keysize; mbedtls_blowfish_context blowfish; mbedtls_blowfish_init( &blowfish ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_blowfish_setkey( &blowfish, tmp, keysize ); TIME_AND_TSC( title, mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } mbedtls_blowfish_free( &blowfish ); } #endif #if defined(MBEDTLS_HAVEGE_C) if( todo.havege ) { mbedtls_havege_state hs; mbedtls_havege_init( &hs ); TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) ); mbedtls_havege_free( &hs ); } #endif #if defined(MBEDTLS_CTR_DRBG_C) if( todo.ctr_drbg ) { mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_init( &ctr_drbg ); if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); TIME_AND_TSC( "CTR_DRBG (NOPR)", if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 ) mbedtls_exit(1) ); if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON ); TIME_AND_TSC( "CTR_DRBG (PR)", if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 ) mbedtls_exit(1) ); mbedtls_ctr_drbg_free( &ctr_drbg ); }
static void ccm_ctx_free( void *ctx ) { mbedtls_ccm_free( ctx ); mbedtls_free( ctx ); }
bool AES_CCM_Encrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { mbedtls_ccm_context ctx; int cbOut; byte * rgbOut = NULL; int NSize = 15 - (LSize/8); const cn_cbor * cbor_iv = NULL; cn_cbor * cbor_iv_t = NULL; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif cn_cbor * cnTmp = NULL; mbedtls_cipher_id_t cipher; byte rgbIV[16]; byte * pbIV = NULL; cn_cbor_errback cbor_error; mbedtls_ccm_init(&ctx); cipher = MBEDTLS_CIPHER_ID_AES; // Setup the IV/Nonce and put it into the message cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr); if (cbor_iv == NULL) { pbIV = COSE_CALLOC(NSize, 1, context); CHECK_CONDITION(pbIV != NULL, COSE_ERR_OUT_OF_MEMORY); rand_bytes(pbIV, NSize); memcpy(rgbIV, pbIV, NSize); cbor_iv_t = cn_cbor_data_create(pbIV, NSize, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(cbor_iv_t != NULL, cbor_error); pbIV = NULL; if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t, COSE_UNPROTECT_ONLY, perr)) goto errorReturn; cbor_iv_t = NULL; } else { CHECK_CONDITION(cbor_iv->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(cbor_iv->length == NSize, COSE_ERR_INVALID_PARAMETER); memcpy(rgbIV, cbor_iv->v.str, cbor_iv->length); } // Setup and run the mbedTLS code //cbKey comes in bytes not bits CHECK_CONDITION(!mbedtls_ccm_setkey(&ctx, cipher, pbKey, cbKey*8), COSE_ERR_CRYPTO_FAIL); TSize /= 8; // Comes in in bits not bytes. cbOut = pcose->cbContent; // M00BUG - This is a missing call? rgbOut = (byte *)COSE_CALLOC(cbOut+TSize, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(!mbedtls_ccm_encrypt_and_tag(&ctx, pcose->cbContent, rgbIV, NSize, pbAuthData, cbAuthData, pcose->pbContent, rgbOut, &rgbOut[pcose->cbContent], TSize), COSE_ERR_CRYPTO_FAIL); cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + TSize, CBOR_CONTEXT_PARAM_COMMA NULL); CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR); rgbOut = NULL; CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); cnTmp = NULL; mbedtls_ccm_free(&ctx); return true; errorReturn: if (pbIV != NULL) COSE_FREE(pbIV, context); if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context); if (rgbOut != NULL) COSE_FREE(rgbOut, context); if (cnTmp != NULL) COSE_FREE(cnTmp, context); printf("errorReturn from OPENSSL\n"); mbedtls_ccm_free(&ctx); return false; }