Refactor to prepare for CCM decryption
diff --git a/include/polarssl/ccm.h b/include/polarssl/ccm.h
index de29083..50e0b1c 100644
--- a/include/polarssl/ccm.h
+++ b/include/polarssl/ccm.h
@@ -84,19 +84,43 @@
* \param tag_len length of the tag to generate in bytes
* must be 4, 6, 8, 10, 14 or 16
*
- * \note The tag is written to a separete buffer. To get the tag
+ * \note The tag is written to a separate buffer. To get the tag
* concatenated with the output as in the CCM spec, use
* tag = output + length and make sure the output buffer is
* at least length + tag_len wide.
*
* \return 0 if successful
*/
-int ccm_crypt_and_tag( ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len );
+int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ unsigned char *tag, size_t tag_len );
+/**
+ * \brief CCM buffer authenticated decryption
+ *
+ * \todo Document if input/output buffers can be the same
+ *
+ * \param ctx CCM context
+ * \param length length of the input data
+ * \param iv initialization vector
+ * \param iv_len length of IV
+ * \param add additional data
+ * \param add_len length of additional data
+ * \param input buffer holding the input data
+ * \param output buffer for holding the output data
+ * \param tag buffer holding the tag
+ * \param tag_len length of the tag
+ *
+ * \return 0 if successful and authenticated,
+ * POLARSSL_ERR_CCM_AUTH_FAILED if tag does not match
+ */
+int ccm_auth_decrypt( ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ const unsigned char *tag, size_t tag_len );
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
/**
diff --git a/library/ccm.c b/library/ccm.c
index 4a8decf..399b9fe 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -42,6 +42,9 @@
#include "polarssl/ccm.h"
+#define CCM_ENCRYPT 0
+#define CCM_DECRYPT 1
+
/*
* Initialize context
*/
@@ -110,13 +113,13 @@
}
/*
- * Authenticated encryption
+ * Authenticated encryption or decryption
*/
-int ccm_crypt_and_tag( ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len )
+static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ unsigned char *tag, size_t tag_len )
{
int ret;
unsigned char i;
@@ -143,6 +146,9 @@
if( add_len > 0xFF00 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
+ if( mode != CCM_ENCRYPT )
+ return( POLARSSL_ERR_CCM_BAD_INPUT ); /* Not implemented yet */
+
/*
* First block B_0:
* 0 .. 0 flags
@@ -281,6 +287,53 @@
return( 0 );
}
+/*
+ * Authenticated encryption
+ */
+int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ unsigned char *tag, size_t tag_len )
+{
+ return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
+ add, add_len, input, output, tag, tag_len ) );
+}
+
+/*
+ * Authenticated decryption
+ */
+int ccm_auth_decrypt( ccm_context *ctx, size_t length,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *add, size_t add_len,
+ const unsigned char *input, unsigned char *output,
+ const unsigned char *tag, size_t tag_len )
+{
+ int ret;
+ unsigned char check_tag[16];
+ unsigned char i;
+ int diff;
+
+ if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
+ iv, iv_len, add, add_len,
+ input, output, check_tag, tag_len ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ /* Check tag in "constant-time" */
+ for( diff = 0, i = 0; i < tag_len; i++ )
+ diff |= tag[i] ^ check_tag[i];
+
+ if( diff != 0 )
+ {
+ memset( output, 0, length );
+ return( POLARSSL_ERR_CCM_AUTH_FAILED );
+ }
+
+ return( 0 );
+}
+
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
@@ -357,10 +410,10 @@
if( verbose != 0 )
polarssl_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
- ret = ccm_crypt_and_tag( &ctx, msg_len[i],
- iv, iv_len[i], ad, add_len[i],
- msg, out,
- out + msg_len[i], tag_len[i] );
+ ret = ccm_encrypt_and_tag( &ctx, msg_len[i],
+ iv, iv_len[i], ad, add_len[i],
+ msg, out,
+ out + msg_len[i], tag_len[i] );
if( ret != 0 ||
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 3e97aba..dda0b90 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -62,7 +62,7 @@
TEST_ASSERT( ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 );
- TEST_ASSERT( ccm_crypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
+ TEST_ASSERT( ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
msg, output, output + msg_len, tag_len ) == 0 );
TEST_ASSERT( memcmp( output, result, result_len ) == 0 );