TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e87b04caed2d79de61ab2ede85c10de7acdaa3ab / . / yotta / data / example-authcrypt / main.cpp
blob: 237751013b3c7593aca1d9b87e5067ddc363c847 [file] [log] [blame]
Manuel Pégourié-Gonnard63e7eba2015-07-28 14:17:48 +0200[diff] [blame]1/*
2 * Hello world example of using the authenticated encryption with mbed TLS
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 *
6 * This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnardcdee2d92015-08-07 09:40:51 +0200[diff] [blame]7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Manuel Pégourié-Gonnard63e7eba2015-07-28 14:17:48 +0200[diff] [blame]21 */
22
23#include "mbedtls/cipher.h"
24#include "mbedtls/entropy.h"
25#include "mbedtls/ctr_drbg.h"
26
27#include <stdio.h>
28#include <string.h>
29
30static void print_hex(const char *title, const unsigned char buf[], size_t len)
31{
32 printf("%s: ", title);
33
34 for (size_t i = 0; i < len; i++)
35 printf("%02x", buf[i]);
36
37 printf("\r\n");
38}
39
40/*
41 * The pre-shared key. Should be generated randomly and be unique to the
42 * device/channel/etc. Just used a fixed on here for simplicity.
43 */
44static const unsigned char secret_key[16] = {
45 0xf4, 0x82, 0xc6, 0x70, 0x3c, 0xc7, 0x61, 0x0a,
46 0xb9, 0xa0, 0xb8, 0xe9, 0x87, 0xb8, 0xc1, 0x72,
47};
48
49static int example(void)
50{
51 /* message that should be protected */
52 const char message[] = "Some things are better left unread";
53 /* metadata transmitted in the clear but authenticated */
54 const char metadata[] = "eg sequence number, routing info";
55 /* ciphertext buffer large enough to hold message + nonce + tag */
56 unsigned char ciphertext[128] = { 0 };
57 int ret;
58
59 printf("\r\n\r\n");
60 print_hex("plaintext message", (unsigned char *) message, sizeof message);
61
62 /*
63 * Setup random number generator
64 * (Note: later this might be done automatically.)
65 */
66 mbedtls_entropy_context entropy; /* entropy pool for seeding PRNG */
67 mbedtls_ctr_drbg_context drbg; /* pseudo-random generator */
68
69 mbedtls_entropy_init(&entropy);
70 mbedtls_ctr_drbg_init(&drbg);
71
72 /* Seed the PRNG using the entropy pool, and throw in our secret key as an
73 * additional source of randomness. */
74 ret = mbedtls_ctr_drbg_seed(&drbg, mbedtls_entropy_func, &entropy,
75 secret_key, sizeof (secret_key));
76 if (ret != 0) {
77 printf("mbedtls_ctr_drbg_init() returned -0x%04X\r\n", -ret);
78 return 1;
79 }
80
81 /*
82 * Setup AES-CCM contex
83 */
84 mbedtls_cipher_context_t ctx;
85
86 mbedtls_cipher_init(&ctx);
87
88 ret = mbedtls_cipher_setup(&ctx, mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CCM));
89 if (ret != 0) {
90 printf("mbedtls_cipher_setup() returned -0x%04X\r\n", -ret);
91 return 1;
92 }
93
94 ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_ENCRYPT);
95 if (ret != 0) {
96 printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret);
97 return 1;
98 }
99
100 /*
101 * Encrypt-authenticate the message and authenticate additional data
102 *
103 * First generate a random 8-byte nonce.
104 * Put it directly in the output buffer as the recipient will need it.
105 *
106 * Warning: you must never re-use the same (key, nonce) pair. One of the
107 * best ways to ensure this to use a counter for the nonce. However this
108 * means you should save the counter accross rebots, if the key is a
109 * long-term one. The alternative we choose here is to generate the nonce
110 * randomly. However it only works if you have a good source of
111 * randomness.
112 */
113 const size_t nonce_len = 8;
114 mbedtls_ctr_drbg_random(&drbg, ciphertext, nonce_len);
115
116 size_t ciphertext_len = 0;
117 /* Go for a conservative 16-byte (128-bit) tag
118 * and append it to the ciphertext */
119 const size_t tag_len = 16;
120 ret = mbedtls_cipher_auth_encrypt(&ctx, ciphertext, nonce_len,
121 (const unsigned char *) metadata, sizeof metadata,
122 (const unsigned char *) message, sizeof message,
123 ciphertext + nonce_len, &ciphertext_len,
124 ciphertext + nonce_len + sizeof message, tag_len );
125 if (ret != 0) {
126 printf("mbedtls_cipher_auth_encrypt() returned -0x%04X\r\n", -ret);
127 return 1;
128 }
129 ciphertext_len += nonce_len + tag_len;
130
131 /*
132 * The following information should now be transmitted:
133 * - first ciphertext_len bytes of ciphertext buffer
134 * - metadata if not already transmitted elsewhere
135 */
136 print_hex("ciphertext", ciphertext, ciphertext_len);
137
138 /*
139 * Decrypt-authenticate
140 */
141 unsigned char decrypted[128] = { 0 };
142 size_t decrypted_len = 0;
143
144 ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_DECRYPT);
145 if (ret != 0) {
146 printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret);
147 return 1;
148 }
149
150 ret = mbedtls_cipher_auth_decrypt(&ctx,
151 ciphertext, nonce_len,
152 (const unsigned char *) metadata, sizeof metadata,
153 ciphertext + nonce_len, ciphertext_len - nonce_len - tag_len,
154 decrypted, &decrypted_len,
155 ciphertext + ciphertext_len - tag_len, tag_len );
156 /* Checking the return code is CRITICAL for security here */
157 if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
158 printf("Something bad is happening! Data is not authentic!\r\n");
159 return 1;
160 }
161 if (ret != 0) {
162 printf("mbedtls_cipher_authdecrypt() returned -0x%04X\r\n", -ret);
163 return 1;
164 }
165
166 print_hex("decrypted", decrypted, decrypted_len);
167
168 printf("\r\nDONE\r\n");
169
170 return 0;
171}
172
173#if defined(TARGET_LIKE_MBED)
174
175#include "mbed/test_env.h"
Manuel Pégourié-Gonnarde87b04c2015-08-11 04:09:44 +0200[diff] [blame^]176#include "minar/minar.h"
Manuel Pégourié-Gonnard63e7eba2015-07-28 14:17:48 +0200[diff] [blame]177
Manuel Pégourié-Gonnarde87b04c2015-08-11 04:09:44 +0200[diff] [blame^]178static void run() {
Manuel Pégourié-Gonnardbd5bbec2015-08-06 18:10:17 +0200[diff] [blame]179 /* Use 115200 bps for consistency with other examples */
180 Serial pc(USBTX, USBRX);
181 pc.baud(115200);
182
Manuel Pégourié-Gonnard63e7eba2015-07-28 14:17:48 +0200[diff] [blame]183 MBED_HOSTTEST_TIMEOUT(10);
184 MBED_HOSTTEST_SELECT(default);
185 MBED_HOSTTEST_DESCRIPTION(mbed TLS example authcrypt);
186 MBED_HOSTTEST_START("MBEDTLS_EX_AUTHCRYPT");
187 MBED_HOSTTEST_RESULT(example() == 0);
188}
189
Manuel Pégourié-Gonnarde87b04c2015-08-11 04:09:44 +0200[diff] [blame^]190void app_start(int, char*[]) {
191 minar::Scheduler::postCallback(FunctionPointer0<void>(run).bind());
192}
193
Manuel Pégourié-Gonnard63e7eba2015-07-28 14:17:48 +0200[diff] [blame]194#else
195
196int main() {
197 return example();
198}
199
200#endif