From d463aa6b004f2432356128d77de09592ae822611 Mon Sep 17 00:00:00 2001 From: couturie Date: Sun, 15 Apr 2018 21:00:06 +0200 Subject: [PATCH 1/1] ccm qui bug --- OneRoundIoT/openssl/Makefile | 12 +- OneRoundIoT/openssl/openssl_evp_ccm.c | 507 ++++++++++++++++++++++++++ 2 files changed, 517 insertions(+), 2 deletions(-) create mode 100644 OneRoundIoT/openssl/openssl_evp_ccm.c diff --git a/OneRoundIoT/openssl/Makefile b/OneRoundIoT/openssl/Makefile index b2f769e..5a8b638 100644 --- a/OneRoundIoT/openssl/Makefile +++ b/OneRoundIoT/openssl/Makefile @@ -1,7 +1,9 @@ C=gcc CFLAGS= -I /usr/include/openssl/ -lcrypto -O3 -std=c99 OBJ = pixmap_io.o openssl_evp.o -OBJ2 = pixmap_io.o openssl_evp_cmac.o +OBJ2 = pixmap_io.o openssl_evp_cmac.o +OBJ3 = pixmap_io.o openssl_evp_ccm.o +OBJ4 = pixmap_io.o aesccm.o openssl_evp: $(OBJ) @@ -10,10 +12,16 @@ openssl_evp: $(OBJ) openssl_evp_cmac: $(OBJ2) $(C) -o $@ $^ $(CFLAGS) +openssl_evp_ccm: $(OBJ3) + $(C) -o $@ $^ $(CFLAGS) + +aesccm: $(OBJ4) + $(C) -o $@ $^ $(CFLAGS) + %.o: %.c $(C) -c -o $@ $< clean: - rm -rf $(OBJ) openssl_evp openssl_evp_cmac + rm -rf $(OBJ) openssl_evp openssl_evp_cmac openssl_evp_ccm diff --git a/OneRoundIoT/openssl/openssl_evp_ccm.c b/OneRoundIoT/openssl/openssl_evp_ccm.c new file mode 100644 index 0000000..74549f8 --- /dev/null +++ b/OneRoundIoT/openssl/openssl_evp_ccm.c @@ -0,0 +1,507 @@ +//gcc pixmap_io.c -c +//gcc openssl_evp.c pixmap_io.o -o openssl_evp -I /usr/include/openssl/ -lcrypto -O3 -std=c99 + + +#include +#include +#include +#include +#include +#include +#include +#include "pixmap_io.h" + +typedef unsigned char uchar; + +int nb_test=1; +int ctr=0; + + + + + +double TimeStart() +{ + struct timeval tstart; + gettimeofday(&tstart,0); + return( (double) (tstart.tv_sec + tstart.tv_usec*1e-6) ); +} + +double TimeStop(double t) +{ + struct timeval tend; + + gettimeofday(&tend,0); + t = (double) (tend.tv_sec + tend.tv_usec*1e-6) - t; + return (t); +} + + +void handleErrors(void) +{ + ERR_print_errors_fp(stderr); + abort(); +} + + +int encryptccm(unsigned char *plaintext, int plaintext_len, unsigned char *aad, + int aad_len, unsigned char *key, unsigned char *iv, + unsigned char *ciphertext, unsigned char *tag) +{ + EVP_CIPHER_CTX *ctx; + + int len; + + int ciphertext_len; + + + /* Create and initialise the context */ + if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); + + /* Initialise the encryption operation. */ + if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL)) + handleErrors(); + + /* Setting IV len to 7. Not strictly necessary as this is the default + * but shown here for the purposes of this example */ + if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 7, NULL)) + handleErrors(); + + /* Set tag length */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL); + + /* Initialise key and IV */ + if(1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors(); + + /* Provide the total plaintext length + */ + if(1 != EVP_EncryptUpdate(ctx, NULL, &len, NULL, plaintext_len)) + handleErrors(); + + /* Provide any AAD data. This can be called zero or one times as + * required + */ + if(1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) + handleErrors(); + + /* Provide the message to be encrypted, and obtain the encrypted output. + * EVP_EncryptUpdate can only be called once for this + */ + if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) + handleErrors(); + ciphertext_len = len; + + /* Finalise the encryption. Normally ciphertext bytes may be written at + * this stage, but this does not occur in CCM mode + */ + if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors(); + ciphertext_len += len; + + /* Get the tag */ + if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, tag)) + handleErrors(); + + /* Clean up */ + EVP_CIPHER_CTX_free(ctx); + + return ciphertext_len; +} + + +int decryptccm(unsigned char *ciphertext, int ciphertext_len, unsigned char *aad, + int aad_len, unsigned char *tag, unsigned char *key, unsigned char *iv, + unsigned char *plaintext) +{ + EVP_CIPHER_CTX *ctx; + int len; + int plaintext_len; + int ret; + + /* Create and initialise the context */ + if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); + + /* Initialise the decryption operation. */ + if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL)) + handleErrors(); + + /* Setting IV len to 7. Not strictly necessary as this is the default + * but shown here for the purposes of this example */ + if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 7, NULL)) + handleErrors(); + + for(int i=0;i<16;i++) { + printf("%d ",tag[i]); + } + printf("\n"); + + /* Set expected tag value. */ + if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, tag)) + handleErrors(); + for(int i=0;i<16;i++) { + printf("%d ",tag[i]); + } + printf("\n"); + /* Initialise key and IV */ + if(1 != EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors(); + + + /* Provide the total ciphertext length + */ + if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len)) + handleErrors(); + + /* Provide any AAD data. This can be called zero or more times as + * required + */ + if(1 != EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) + handleErrors(); + + /* Provide the message to be decrypted, and obtain the plaintext output. + * EVP_DecryptUpdate can be called multiple times if necessary + */ + ret = EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len); + + printf("RET %d len %d\n",ret,len); + + plaintext_len = len; + + /* Clean up */ + EVP_CIPHER_CTX_free(ctx); + + if(ret > 0) + { + /* Success */ + return plaintext_len; + } + else + { + /* Verify failed */ + return -1; + } +} + + + + +/* int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, */ +/* unsigned char *iv, unsigned char *ciphertext, int ctr, int index) */ +/* { */ +/* EVP_CIPHER_CTX *ctx; */ + +/* int len; */ + +/* int ciphertext_len; */ + +/* /\* Create and initialise the context *\/ */ +/* if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); */ + +/* /\* Initialise the encryption operation. IMPORTANT - ensure you use a key */ +/* * and IV size appropriate for your cipher */ +/* * In this example we are using 256 bit AES (i.e. a 256 bit key). The */ +/* * IV size for *most* modes is the same as the block size. For AES this */ +/* * is 128 bits *\/ */ +/* //static double time=0; */ +/* //double t=0; */ +/* //t=TimeStart(); */ +/* //256 */ +/* //avant ecb */ +/* if(ctr) { */ +/* if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_128_ctr(), NULL, key, iv)) */ +/* handleErrors(); */ +/* } */ +/* else */ +/* if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv)) */ +/* handleErrors(); */ + +/* //time+=TimeStop(t); */ +/* //printf("Time init %f\n",time); */ + + +/* // int cipherBlockSize = EVP_CIPHER_CTX_block_size(ctx); */ +/* // printf("INFO(evp_encrypt): block size: %d\n", cipherBlockSize); */ + + +/* /\* Provide the message to be encrypted, and obtain the encrypted output. */ +/* * EVP_EncryptUpdate can be called multiple times if necessary */ +/* *\/ */ + +/* /\* */ +/* static double time=0; */ +/* double t=0; */ +/* t=TimeStart(); */ +/* *\/ */ +/* for(int i=0;i ecb */ +/* if(ctr) { */ +/* if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_128_ctr(), NULL, key, iv)) */ +/* handleErrors(); */ +/* } */ +/* else */ +/* if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv)) */ +/* handleErrors(); */ + +/* /\* Provide the message to be decrypted, and obtain the plaintext output. */ +/* * EVP_DecryptUpdate can be called multiple times if necessary */ +/* *\/ */ + +/* /\* static double time=0; */ +/* double t=0; */ +/* t=TimeStart(); */ +/* *\/ */ +/* for(int i=0;i