56#if !defined(MBEDTLS_CONFIG_FILE)
59#include MBEDTLS_CONFIG_FILE
62#if defined(MBEDTLS_CCM_C)
69#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
70#if defined(MBEDTLS_PLATFORM_C)
74#define mbedtls_printf printf
78#if !defined(MBEDTLS_CCM_ALT)
80#define CCM_VALIDATE_RET( cond ) \
81 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
82#define CCM_VALIDATE( cond ) \
83 MBEDTLS_INTERNAL_VALIDATE( cond )
99 const unsigned char *
key,
100 unsigned int keybits )
105 CCM_VALIDATE_RET(
ctx !=
NULL );
106 CCM_VALIDATE_RET(
key !=
NULL );
109 if( cipher_info ==
NULL )
149#define UPDATE_CBC_MAC \
150 for( i = 0; i < 16; i++ ) \
153 if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
161#define CTR_CRYPT( dst, src, len ) \
164 if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, \
165 16, b, &olen ) ) != 0 ) \
170 for( i = 0; i < (len); i++ ) \
171 (dst)[i] = (src)[i] ^ b[i]; \
178 const unsigned char *iv,
size_t iv_len,
179 const unsigned char *add,
size_t add_len,
180 const unsigned char *
input,
unsigned char *output,
181 unsigned char *
tag,
size_t tag_len )
186 size_t len_left, olen;
189 unsigned char ctr[16];
190 const unsigned char *
src;
200 if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
204 if( iv_len < 7 || iv_len > 13 )
207 if( add_len > 0xFF00 )
210 q = 16 - 1 - (
unsigned char) iv_len;
225 b[0] |= ( add_len > 0 ) << 6;
226 b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
231 for(
i = 0, len_left =
length; i < q; i++, len_left >>= 8 )
232 b[15-
i] = (
unsigned char)( len_left & 0xFF );
253 b[0] = (
unsigned char)( ( add_len >> 8 ) & 0xFF );
254 b[1] = (
unsigned char)( ( add_len ) & 0xFF );
256 use_len = len_left < 16 - 2 ? len_left : 16 - 2;
263 while( len_left > 0 )
265 use_len = len_left > 16 ? 16 : len_left;
287 memcpy( ctr + 1, iv, iv_len );
288 memset( ctr + 1 + iv_len, 0,
q );
301 while( len_left > 0 )
303 size_t use_len = len_left > 16 ? 16 : len_left;
305 if(
mode == CCM_ENCRYPT )
312 CTR_CRYPT(
dst,
src, use_len );
314 if(
mode == CCM_DECRYPT )
329 for(
i = 0;
i <
q;
i++ )
330 if( ++ctr[15-
i] != 0 )
337 for(
i = 0;
i <
q;
i++ )
340 CTR_CRYPT(
y,
y, 16 );
350 const unsigned char *iv,
size_t iv_len,
351 const unsigned char *add,
size_t add_len,
352 const unsigned char *
input,
unsigned char *output,
353 unsigned char *
tag,
size_t tag_len )
355 CCM_VALIDATE_RET(
ctx !=
NULL );
356 CCM_VALIDATE_RET( iv !=
NULL );
357 CCM_VALIDATE_RET( add_len == 0 || add !=
NULL );
359 CCM_VALIDATE_RET(
length == 0 || output !=
NULL );
360 CCM_VALIDATE_RET( tag_len == 0 ||
tag !=
NULL );
361 return( ccm_auth_crypt(
ctx, CCM_ENCRYPT,
length, iv, iv_len,
362 add, add_len,
input, output,
tag, tag_len ) );
366 const unsigned char *iv,
size_t iv_len,
367 const unsigned char *add,
size_t add_len,
368 const unsigned char *
input,
unsigned char *output,
369 unsigned char *
tag,
size_t tag_len )
371 CCM_VALIDATE_RET(
ctx !=
NULL );
372 CCM_VALIDATE_RET( iv !=
NULL );
373 CCM_VALIDATE_RET( add_len == 0 || add !=
NULL );
375 CCM_VALIDATE_RET(
length == 0 || output !=
NULL );
376 CCM_VALIDATE_RET( tag_len == 0 ||
tag !=
NULL );
381 add_len,
input, output,
tag, tag_len ) );
388 const unsigned char *iv,
size_t iv_len,
389 const unsigned char *add,
size_t add_len,
390 const unsigned char *
input,
unsigned char *output,
391 const unsigned char *
tag,
size_t tag_len )
394 unsigned char check_tag[16];
398 CCM_VALIDATE_RET(
ctx !=
NULL );
399 CCM_VALIDATE_RET( iv !=
NULL );
400 CCM_VALIDATE_RET( add_len == 0 || add !=
NULL );
402 CCM_VALIDATE_RET(
length == 0 || output !=
NULL );
403 CCM_VALIDATE_RET( tag_len == 0 ||
tag !=
NULL );
406 iv, iv_len, add, add_len,
407 input, output, check_tag, tag_len ) ) != 0 )
413 for( diff = 0,
i = 0;
i < tag_len;
i++ )
414 diff |=
tag[
i] ^ check_tag[
i];
426 const unsigned char *iv,
size_t iv_len,
427 const unsigned char *add,
size_t add_len,
428 const unsigned char *
input,
unsigned char *output,
429 const unsigned char *
tag,
size_t tag_len )
431 CCM_VALIDATE_RET(
ctx !=
NULL );
432 CCM_VALIDATE_RET( iv !=
NULL );
433 CCM_VALIDATE_RET( add_len == 0 || add !=
NULL );
435 CCM_VALIDATE_RET(
length == 0 || output !=
NULL );
436 CCM_VALIDATE_RET( tag_len == 0 ||
tag !=
NULL );
442 add_len,
input, output,
tag, tag_len ) );
446#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
452#define CCM_SELFTEST_PT_MAX_LEN 24
453#define CCM_SELFTEST_CT_MAX_LEN 32
457static const unsigned char key[] = {
458 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
459 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
462static const unsigned char iv[] = {
463 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
464 0x18, 0x19, 0x1a, 0x1b
467static const unsigned char ad[] = {
468 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
469 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
470 0x10, 0x11, 0x12, 0x13
473static const unsigned char msg[CCM_SELFTEST_PT_MAX_LEN] = {
474 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
475 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
476 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
479static const size_t iv_len [NB_TESTS] = { 7, 8, 12 };
480static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
481static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
482static const size_t tag_len[NB_TESTS] = { 4, 6, 8 };
484static const unsigned char res[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
485 { 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
486 { 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
487 0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
488 0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
489 { 0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
490 0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
491 0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
492 0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
495int mbedtls_ccm_self_test(
int verbose )
503 unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
504 unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN];
518 for(
i = 0;
i < NB_TESTS;
i++ )
523 memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
524 memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
528 iv, iv_len[
i], ad, add_len[
i],
529 plaintext, ciphertext,
530 ciphertext + msg_len[
i], tag_len[
i] );
533 memcmp( ciphertext,
res[
i], msg_len[
i] + tag_len[
i] ) != 0 )
540 memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
543 iv, iv_len[
i], ad, add_len[
i],
544 ciphertext, plaintext,
545 ciphertext + msg_len[
i], tag_len[
i] );
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
This file provides an API for the CCM authenticated encryption mode for block ciphers.
void mbedtls_ccm_free(mbedtls_ccm_context *ctx)
This function releases and clears the specified CCM context and underlying cipher sub-context.
int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len)
This function performs a CCM* authenticated decryption of a buffer.
int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key, unsigned int keybits)
This function initializes the CCM context set in the ctx parameter and sets the encryption key.
int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len)
This function encrypts a buffer using CCM*.
int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len)
This function encrypts a buffer using CCM.
#define MBEDTLS_ERR_CCM_BAD_INPUT
int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len)
This function performs a CCM authenticated decryption of a buffer.
void mbedtls_ccm_init(mbedtls_ccm_context *ctx)
This function initializes the specified CCM context, to make references valid, and prepare the contex...
#define MBEDTLS_ERR_CCM_AUTH_FAILED
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function initializes and fills the cipher-context structure with the appropriate values....
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode)
This function retrieves the cipher-information structure associated with the given cipher ID,...
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
mbedtls_cipher_id_t
Supported cipher types.
GLint GLint GLint GLint GLint GLint y
GLdouble GLdouble GLdouble GLdouble q
GLboolean GLboolean GLboolean b
GLuint GLsizei GLsizei * length
GLenum GLenum GLenum input
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define memcpy(s1, s2, n)
Configuration options (set of defines)
The CCM context-type definition. The CCM context is passed to the APIs called.