diff options
| author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-10-22 17:07:53 +0300 |
|---|---|---|
| committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-10-22 19:48:19 +0300 |
| commit | 335d9bf7b035815750b63a3a8334d6ce44dc4449 (patch) | |
| tree | 75a9ff903f9b7d2bd3f92dc459962ac7741e68c8 /doc/gcrypt.texi | |
| parent | 95654041f2aa62f71aac4d8614dafe8433d10f95 (diff) | |
| download | libgcrypt-335d9bf7b035815750b63a3a8334d6ce44dc4449.tar.gz | |
Add Counter with CBC-MAC mode (CCM)
* cipher/Makefile.am: Add 'cipher-ccm.c'.
* cipher/cipher-ccm.c: New.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode'.
(_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt)
(_gcry_cipher_ccm_set_nonce, _gcry_cipher_ccm_authenticate)
(_gcry_cipher_ccm_get_tag, _gcry_cipher_ccm_check_tag)
(_gcry_cipher_ccm_set_lengths): New prototypes.
* cipher/cipher.c (gcry_cipher_open, cipher_encrypt, cipher_decrypt)
(_gcry_cipher_setiv, _gcry_cipher_authenticate, _gcry_cipher_gettag)
(_gcry_cipher_checktag, gry_cipher_ctl): Add handling for CCM mode.
* doc/gcrypt.texi: Add documentation for GCRY_CIPHER_MODE_CCM.
* src/gcrypt.h.in (gcry_cipher_modes): Add 'GCRY_CIPHER_MODE_CCM'.
(gcry_ctl_cmds): Add 'GCRYCTL_SET_CCM_LENGTHS'.
(GCRY_CCM_BLOCK_LEN): New.
* tests/basic.c (check_ccm_cipher): New.
(check_cipher_modes): Call 'check_ccm_cipher'.
* tests/benchmark.c (ccm_aead_init): New.
(cipher_bench): Add handling for AEAD modes and add CCM benchmarking.
--
Patch adds CCM (Counter with CBC-MAC) mode as defined in RFC 3610 and NIST
Special Publication 800-38C.
Example for encrypting message (split in two buffers; buf1, buf2) and
authenticating additional non-encrypted data (split in two buffers; aadbuf1,
aadbuf2) with authentication tag length of eigth bytes:
size_t params[3];
taglen = 8;
gcry_cipher_setkey(h, key, len(key));
gcry_cipher_setiv(h, nonce, len(nonce));
params[0] = len(buf1) + len(buf2); /* 0: enclen */
params[1] = len(aadbuf1) + len(aadbuf2); /* 1: aadlen */
params[2] = taglen; /* 2: authtaglen */
gcry_cipher_ctl(h, GCRYCTL_SET_CCM_LENGTHS, params, sizeof(size_t) * 3);
gcry_cipher_authenticate(h, aadbuf1, len(aadbuf1));
gcry_cipher_authenticate(h, aadbuf2, len(aadbuf2));
gcry_cipher_encrypt(h, buf1, len(buf1), buf1, len(buf1));
gcry_cipher_encrypt(h, buf2, len(buf2), buf2, len(buf2));
gcry_cipher_gettag(h, tag, taglen);
Example for decrypting above message and checking authentication tag:
size_t params[3];
taglen = 8;
gcry_cipher_setkey(h, key, len(key));
gcry_cipher_setiv(h, nonce, len(nonce));
params[0] = len(buf1) + len(buf2); /* 0: enclen */
params[1] = len(aadbuf1) + len(aadbuf2); /* 1: aadlen */
params[2] = taglen; /* 2: authtaglen */
gcry_cipher_ctl(h, GCRYCTL_SET_CCM_LENGTHS, params, sizeof(size_t) * 3);
gcry_cipher_authenticate(h, aadbuf1, len(aadbuf1));
gcry_cipher_authenticate(h, aadbuf2, len(aadbuf2));
gcry_cipher_decrypt(h, buf1, len(buf1), buf1, len(buf1));
gcry_cipher_decrypt(h, buf2, len(buf2), buf2, len(buf2));
err = gcry_cipher_checktag(h, tag, taglen);
if (gpg_err_code (err) == GPG_ERR_CHECKSUM)
{ /* Authentication failed. */ }
else if (err == 0)
{ /* Authentication ok. */ }
Example for encrypting message without additional authenticated data:
size_t params[3];
taglen = 10;
gcry_cipher_setkey(h, key, len(key));
gcry_cipher_setiv(h, nonce, len(nonce));
params[0] = len(buf1); /* 0: enclen */
params[1] = 0; /* 1: aadlen */
params[2] = taglen; /* 2: authtaglen */
gcry_cipher_ctl(h, GCRYCTL_SET_CCM_LENGTHS, params, sizeof(size_t) * 3);
gcry_cipher_encrypt(h, buf1, len(buf1), buf1, len(buf1));
gcry_cipher_gettag(h, tag, taglen);
To reset CCM state for cipher handle, one can either set new nonce or use
'gcry_cipher_reset'.
This implementation reuses existing CTR mode code for encryption/decryption
and is there for able to process multiple buffers that are not multiple of
blocksize. AAD data maybe also be passed into gcry_cipher_authenticate
in non-blocksize chunks.
[v4]: GCRYCTL_SET_CCM_PARAMS => GCRY_SET_CCM_LENGTHS
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'doc/gcrypt.texi')
| -rw-r--r-- | doc/gcrypt.texi | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 0049fa04..91fe399c 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1635,6 +1635,12 @@ may be specified 64 bit (8 byte) shorter than then input buffer. As per specs the input length must be at least 128 bits and the length must be a multiple of 64 bits. +@item GCRY_CIPHER_MODE_CCM +@cindex CCM, Counter with CBC-MAC mode +Counter with CBC-MAC mode is an Authenticated Encryption with +Associated Data (AEAD) block cipher mode, which is specified in +'NIST Special Publication 800-38C' and RFC 3610. + @end table @node Working with cipher handles @@ -1661,11 +1667,13 @@ The cipher mode to use must be specified via @var{mode}. See @xref{Available cipher modes}, for a list of supported cipher modes and the according constants. Note that some modes are incompatible with some algorithms - in particular, stream mode -(@code{GCRY_CIPHER_MODE_STREAM}) only works with stream ciphers. Any -block cipher mode (@code{GCRY_CIPHER_MODE_ECB}, +(@code{GCRY_CIPHER_MODE_STREAM}) only works with stream ciphers. The +block cipher modes (@code{GCRY_CIPHER_MODE_ECB}, @code{GCRY_CIPHER_MODE_CBC}, @code{GCRY_CIPHER_MODE_CFB}, -@code{GCRY_CIPHER_MODE_OFB} or @code{GCRY_CIPHER_MODE_CTR}) will work -with any block cipher algorithm. +@code{GCRY_CIPHER_MODE_OFB} and @code{GCRY_CIPHER_MODE_CTR}) will work +with any block cipher algorithm. The @code{GCRY_CIPHER_MODE_CCM} will +only work with block cipher algorithms which have the block size of +16 bytes. The third argument @var{flags} can either be passed as @code{0} or as the bit-wise OR of the following constants. |