~increscent/aes-ccm

6fdb84d892c2ee360c2fd4875e0d790c6c936a16 — Robert Williams a month ago a1a8058 main
Found the issue: the msg_len parameter should be 16-bit, but it's 8-bit
4 files changed, 76 insertions(+), 47 deletions(-)

M Makefile
A compare.sh
M encrypt.c
M zencrypt.c
M Makefile => Makefile +5 -0
@@ 15,6 15,11 @@ encrypt: encrypt.c lib.c lib.h
zencrypt: zencrypt.c lib.c lib.h
	$(CC) -o zencrypt zencrypt.c lib.c tinycrypt/lib/source/*.c -Itinycrypt/lib/include $(CFLAGS) $(LDFLAGS)

.PHONY: compare
compare: encrypt zencrypt
	./encrypt | head -n 1
	./zencrypt | head -n 1

.PHONY: clean
clean:
	rm -f encrypt decrypt zencrypt

A compare.sh => compare.sh +11 -0
@@ 0,0 1,11 @@
#!/bin/bash

for i in {1..293}; do
    mic1="$(./encrypt $i | head -n 1)"
    mic2="$(./zencrypt $i | head -n 1)"
    if [[ "$mic1" != "$mic2" ]]; then
        echo "$i"
        echo "$mic1"
        echo "$mic2"
    fi
done

M encrypt.c => encrypt.c +9 -3
@@ 3,10 3,11 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <string.h>
#include <stdlib.h>

#include "lib.h"

int main()
int main(int argc, char **argv)
{
    EVP_CIPHER_CTX *ctx;



@@ 15,6 16,11 @@ int main()
    int ciphertext_len;
    unsigned char ciphertext[1024];

    int plaintext_len = sizeof(PLAINTEXT);
    if (argc == 2) {
        plaintext_len = atoi(argv[1]);
    }

    hexToBytes(KEY_STR, strlen(KEY_STR), KEY);
    hexToBytes(IV_STR, strlen(IV_STR), IV);
    hexToBytes(PLAINTEXT_STR, strlen(PLAINTEXT_STR), PLAINTEXT);


@@ 43,7 49,7 @@ int main()
        handleErrors("4");

    /* Provide the total plaintext length */
    if(1 != EVP_EncryptUpdate(ctx, NULL, &len, NULL, sizeof(PLAINTEXT)))
    if(1 != EVP_EncryptUpdate(ctx, NULL, &len, NULL, plaintext_len))
        handleErrors("5");

//    /* Provide any AAD data. This can be called zero or one times as required */


@@ 54,7 60,7 @@ int main()
     * Provide the message to be encrypted, and obtain the encrypted output.
     * EVP_EncryptUpdate can only be called once for this.
     */
    if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, PLAINTEXT, sizeof(PLAINTEXT)))
    if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, PLAINTEXT, plaintext_len))
        handleErrors("6");
    ciphertext_len = len;


M zencrypt.c => zencrypt.c +51 -44
@@ 2,6 2,7 @@
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>

#include <tinycrypt/constants.h>


@@ 58,10 59,10 @@ int bt_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
}

static int ccm_calculate_X0(const uint8_t key[16], const uint8_t *aad, uint8_t aad_len,
			    size_t mic_size, uint8_t msg_len, uint8_t b[16],
			    size_t mic_size, uint16_t msg_len, uint8_t b[16],
			    uint8_t X0[16])
{
	int i, j, err;
	int err;

	/* X_0 = e(AppKey, flags || nonce || length) */
	b[0] = (((mic_size - 2) / 2) << 3) | ((!!aad_len) << 6) | 0x01;


@@ 73,44 74,45 @@ static int ccm_calculate_X0(const uint8_t key[16], const uint8_t *aad, uint8_t a
		return err;
	}

	/* If AAD is being used to authenticate, include it here */
	if (aad_len) {
		sys_put_be16(aad_len, b);

		for (i = 0; i < sizeof(uint16_t); i++) {
			b[i] = X0[i] ^ b[i];
		}

		j = 0;
		aad_len += sizeof(uint16_t);
		while (aad_len > 16) {
			do {
				b[i] = X0[i] ^ aad[j];
				i++, j++;
			} while (i < 16);

			aad_len -= 16;
			i = 0;

			err = bt_encrypt_be(key, b, X0);
			if (err) {
				return err;
			}
		}

		for (; i < aad_len; i++, j++) {
			b[i] = X0[i] ^ aad[j];
		}

		for (i = aad_len; i < 16; i++) {
			b[i] = X0[i];
		}

		err = bt_encrypt_be(key, b, X0);
		if (err) {
			return err;
		}
	}
//    int i, j
//	/* If AAD is being used to authenticate, include it here */
//	if (aad_len) {
//		sys_put_be16(aad_len, b);
//
//		for (i = 0; i < sizeof(uint16_t); i++) {
//			b[i] = X0[i] ^ b[i];
//		}
//
//		j = 0;
//		aad_len += sizeof(uint16_t);
//		while (aad_len > 16) {
//			do {
//				b[i] = X0[i] ^ aad[j];
//				i++, j++;
//			} while (i < 16);
//
//			aad_len -= 16;
//			i = 0;
//
//			err = bt_encrypt_be(key, b, X0);
//			if (err) {
//				return err;
//			}
//		}
//
//		for (; i < aad_len; i++, j++) {
//			b[i] = X0[i] ^ aad[j];
//		}
//
//		for (i = aad_len; i < 16; i++) {
//			b[i] = X0[i];
//		}
//
//		err = bt_encrypt_be(key, b, X0);
//		if (err) {
//			return err;
//		}
//	}

	return 0;
}


@@ 233,21 235,26 @@ int bt_ccm_encrypt(const uint8_t key[16], uint8_t nonce[13],
	return 0;
}

int main() {
int main(int argc, char **argv) {
    uint8_t ciphertext[293 + sizeof(MIC)] = {0};

    int plaintext_len = sizeof(PLAINTEXT);
    if (argc == 2) {
        plaintext_len = atoi(argv[1]);
    }

    hexToBytes(KEY_STR, strlen(KEY_STR), KEY);
    hexToBytes(IV_STR, strlen(IV_STR), IV);
    hexToBytes(PLAINTEXT_STR, strlen(PLAINTEXT_STR), PLAINTEXT);
    hexToBytes(CIPHERTEXT_STR, strlen(CIPHERTEXT_STR), CIPHERTEXT);
    hexToBytes(MIC_STR, strlen(MIC_STR), MIC);

    bt_ccm_encrypt(KEY, IV, PLAINTEXT, sizeof(PLAINTEXT), NULL, 0, ciphertext, sizeof(MIC));
    bt_ccm_encrypt(KEY, IV, PLAINTEXT, plaintext_len, NULL, 0, ciphertext, sizeof(MIC));

    memcpy(MIC, ciphertext + sizeof(PLAINTEXT), sizeof(MIC));
    memcpy(MIC, ciphertext + plaintext_len, sizeof(MIC));

    printHex(MIC, sizeof(MIC));
    printHex(ciphertext, sizeof(PLAINTEXT));
    printHex(ciphertext, plaintext_len);

    return 0;
}