Procházet zdrojové kódy
Add M=8 L=2 AES-128-CCM as well.
The Bluetooth Mesh spec uses both apparently. Also extract a pile of test vectors from that document (thanks to Kyle Lund for showing me which to extract). Change-Id: I04a04fafb7386ca28adfe1446fa388e841778931 Reviewed-on: https://boringssl-review.googlesource.com/26324 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15
David Benjamin
před 6 roky
committed by
CQ bot account: commit-bot@chromium.org
CQ bot account: commit-bot@chromium.org
6 změnil soubory, kde provedl 351 přidání a 17 odebrání
-
+2 -0crypto/cipher_extra/aead_test.cc
-
+47 -15crypto/cipher_extra/e_aesccm.c
-
+105 -0crypto/cipher_extra/test/aes_128_ccm_bluetooth_8_tests.txt
-
+188 -0crypto/cipher_extra/test/aes_128_ccm_bluetooth_tests.txt
-
+8 -2include/openssl/aead.h
-
+1 -0sources.cmake
+ 2
- 0
crypto/cipher_extra/aead_test.cc
Zobrazit soubor
| @@ -95,6 +95,8 @@ static const struct KnownAEAD kAEADs[] = { | |||
| "aes_256_ctr_hmac_sha256.txt", false, true, 0}, | |||
| {"AES_128_CCM_BLUETOOTH", EVP_aead_aes_128_ccm_bluetooth, | |||
| "aes_128_ccm_bluetooth_tests.txt", false, false, 0}, | |||
| {"AES_128_CCM_BLUETOOTH_8", EVP_aead_aes_128_ccm_bluetooth_8, | |||
| "aes_128_ccm_bluetooth_8_tests.txt", false, false, 0}, | |||
| }; | |||
| class PerAEADTest : public testing::TestWithParam<KnownAEAD> { | |||
+ 47
- 15
crypto/cipher_extra/e_aesccm.c
Zobrazit soubor
| @@ -23,9 +23,6 @@ | |||
| #include "../fipsmodule/cipher/internal.h" | |||
| #define EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN 4 | |||
| #define EVP_AEAD_AES_CCM_BLUETOOTH_NONCE_LEN 13 | |||
| #define EVP_AEAD_AES_CCM_MAX_TAG_LEN 16 | |||
| struct aead_aes_ccm_ctx { | |||
| @@ -36,18 +33,23 @@ struct aead_aes_ccm_ctx { | |||
| CCM128_CONTEXT ccm; | |||
| }; | |||
| static int aead_aes_ccm_bluetooth_init(EVP_AEAD_CTX *ctx, const uint8_t *key, | |||
| size_t key_len, size_t tag_len) { | |||
| if (key_len != 16) { | |||
| static int aead_aes_ccm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, | |||
| size_t key_len, size_t tag_len, unsigned M, | |||
| unsigned L) { | |||
| assert(M == EVP_AEAD_max_overhead(ctx->aead)); | |||
| assert(M == EVP_AEAD_max_tag_len(ctx->aead)); | |||
| assert(15 - L == EVP_AEAD_nonce_length(ctx->aead)); | |||
| if (key_len != EVP_AEAD_key_length(ctx->aead)) { | |||
| OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); | |||
| return 0; // EVP_AEAD_CTX_init should catch this. | |||
| } | |||
| if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH) { | |||
| tag_len = EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN; | |||
| tag_len = M; | |||
| } | |||
| if (tag_len != EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN) { | |||
| if (tag_len != M) { | |||
| OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); | |||
| return 0; | |||
| } | |||
| @@ -62,8 +64,7 @@ static int aead_aes_ccm_bluetooth_init(EVP_AEAD_CTX *ctx, const uint8_t *key, | |||
| block128_f block; | |||
| ctr128_f ctr = aes_ctr_set_key(&ccm_ctx->ks.ks, NULL, &block, key, key_len); | |||
| ctx->tag_len = tag_len; | |||
| if (!CRYPTO_ccm128_init(&ccm_ctx->ccm, &ccm_ctx->ks.ks, block, ctr, tag_len, | |||
| 15 - EVP_AEAD_AES_CCM_BLUETOOTH_NONCE_LEN)) { | |||
| if (!CRYPTO_ccm128_init(&ccm_ctx->ccm, &ccm_ctx->ks.ks, block, ctr, M, L)) { | |||
| OPENSSL_PUT_ERROR(CIPHER, ERR_R_INTERNAL_ERROR); | |||
| OPENSSL_free(ccm_ctx); | |||
| return 0; | |||
| @@ -149,12 +150,17 @@ static int aead_aes_ccm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, | |||
| return 1; | |||
| } | |||
| static int aead_aes_ccm_bluetooth_init(EVP_AEAD_CTX *ctx, const uint8_t *key, | |||
| size_t key_len, size_t tag_len) { | |||
| return aead_aes_ccm_init(ctx, key, key_len, tag_len, 4, 2); | |||
| } | |||
| static const EVP_AEAD aead_aes_128_ccm_bluetooth = { | |||
| 16, | |||
| EVP_AEAD_AES_CCM_BLUETOOTH_NONCE_LEN, // nonce length | |||
| EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN, // overhead | |||
| EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN, // max tag length | |||
| 0, // seal_scatter_supports_extra_in | |||
| 16, // key length (AES-128) | |||
| 13, // nonce length | |||
| 4, // overhead | |||
| 4, // max tag length | |||
| 0, // seal_scatter_supports_extra_in | |||
| aead_aes_ccm_bluetooth_init, | |||
| NULL /* init_with_direction */, | |||
| @@ -169,3 +175,29 @@ static const EVP_AEAD aead_aes_128_ccm_bluetooth = { | |||
| const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void) { | |||
| return &aead_aes_128_ccm_bluetooth; | |||
| } | |||
| static int aead_aes_ccm_bluetooth_8_init(EVP_AEAD_CTX *ctx, const uint8_t *key, | |||
| size_t key_len, size_t tag_len) { | |||
| return aead_aes_ccm_init(ctx, key, key_len, tag_len, 8, 2); | |||
| } | |||
| static const EVP_AEAD aead_aes_128_ccm_bluetooth_8 = { | |||
| 16, // key length (AES-128) | |||
| 13, // nonce length | |||
| 8, // overhead | |||
| 8, // max tag length | |||
| 0, // seal_scatter_supports_extra_in | |||
| aead_aes_ccm_bluetooth_8_init, | |||
| NULL /* init_with_direction */, | |||
| aead_aes_ccm_cleanup, | |||
| NULL /* open */, | |||
| aead_aes_ccm_seal_scatter, | |||
| aead_aes_ccm_open_gather, | |||
| NULL /* get_iv */, | |||
| NULL /* tag_len */, | |||
| }; | |||
| const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth_8(void) { | |||
| return &aead_aes_128_ccm_bluetooth_8; | |||
| } | |||
+ 105
- 0
crypto/cipher_extra/test/aes_128_ccm_bluetooth_8_tests.txt
Zobrazit soubor
| @@ -0,0 +1,105 @@ | |||
| # From the Bluetooth Mesh Profile Specification v1.0. | |||
| # | |||
| # The relevant AES-CCM calls are: | |||
| # | |||
| # KEY: EncryptionKey | |||
| # NONCE: Network Nonce | |||
| # IN: DST || TransportPDU | |||
| # AD: (none) | |||
| # CT: EncTransportPDU | |||
| # TAG: NetMIC | |||
| # | |||
| # KEY: DevKey if present, otherwise AppKey | |||
| # NONCE: Application Nonce | |||
| # IN: Access Payload | |||
| # AD: Label UUID, if present | |||
| # CT: EncAccessPayload | |||
| # TAG: TransMIC | |||
| # Section 8.3.1. | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00800000011201000012345678 | |||
| IN: fffd034b50057e400000010000 | |||
| AD: | |||
| CT: b5e5bfdacbaf6cb7fb6bff871f | |||
| TAG: 035444ce83a670df | |||
| # Section 8.3.2 | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00800148202345000012345678 | |||
| IN: 120104320308ba072f | |||
| AD: | |||
| CT: 79d7dbc0c9b4d43eeb | |||
| TAG: ec129d20a620d01e | |||
| # Section 8.3.3. | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00802b38322fe3000012345678 | |||
| IN: 120104fa0205a6000a | |||
| AD: | |||
| CT: 53273086b8c5ee00bd | |||
| TAG: d9cfcc62a2ddf572 | |||
| # Section 8.3.4. | |||
| KEY: be635105434859f484fc798e043ce40e | |||
| NONCE: 00800000021201000012345678 | |||
| IN: 23450100 | |||
| AD: | |||
| CT: b0e5d0ad | |||
| TAG: 970d579a4e88051c | |||
| # Section 8.3.5. | |||
| KEY: be635105434859f484fc798e043ce40e | |||
| NONCE: 00800148342345000012345678 | |||
| IN: 120102001234567800 | |||
| AD: | |||
| CT: 5c39da1792b1fee9ec | |||
| TAG: 74b786c56d3a9dee | |||
| # Section 8.3.7. | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 008b0148352345000012345678 | |||
| IN: 000300a6ac00000002 | |||
| AD: | |||
| CT: 0d0d730f94d7f3509d | |||
| TAG: f987bb417eb7c05f | |||
| # Section 8.3.9. | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 008b0148362345000012345678 | |||
| IN: 000300a6ac00000003 | |||
| AD: | |||
| CT: d85d806bbed248614f | |||
| TAG: 938067b0d983bb7b | |||
| # Section 8.3.10. | |||
| KEY: be635105434859f484fc798e043ce40e | |||
| NONCE: 00800000031201000012345678 | |||
| IN: 23450101 | |||
| AD: | |||
| CT: 7777ed35 | |||
| TAG: 5afaf66d899c1e3d | |||
| # Section 8.3.12. | |||
| KEY: be635105434859f484fc798e043ce40e | |||
| NONCE: 00800000041201000012345678 | |||
| IN: 23450101 | |||
| AD: | |||
| CT: ae214660 | |||
| TAG: 87599c2426ce9a35 | |||
| # Section 8.3.14. | |||
| KEY: be635105434859f484fc798e043ce40e | |||
| NONCE: 00800000051201000012345678 | |||
| IN: 23450100 | |||
| AD: | |||
| CT: 7d3ae62a | |||
| TAG: 3c75dff683dce24e | |||
| # Section 8.3.24. | |||
| KEY: 63964771734fbd76e3b40519d1d94a48 | |||
| NONCE: 010007080d1234973612345677 | |||
| IN: ea0a00576f726c64 | |||
| AD: f4a002c7fb1e4ca0a469a021de0db875 | |||
| CT: de1547118463123e | |||
| TAG: 5f6a17b99dbca387 | |||
+ 188
- 0
crypto/cipher_extra/test/aes_128_ccm_bluetooth_tests.txt
Zobrazit soubor
| @@ -18,3 +18,191 @@ IN: 202122232425262728292a2b2c2d2e2f | |||
| AD: | |||
| CT: 69915dad1e84c6376a68c2967e4dab61 | |||
| TAG: c4630026 | |||
| # From the Bluetooth Mesh Profile Specification v1.0. | |||
| # | |||
| # The relevant AES-CCM calls are: | |||
| # | |||
| # KEY: EncryptionKey | |||
| # NONCE: Network Nonce | |||
| # IN: DST || TransportPDU | |||
| # AD: (none) | |||
| # CT: EncTransportPDU | |||
| # TAG: NetMIC | |||
| # | |||
| # KEY: DevKey if present, otherwise AppKey | |||
| # NONCE: Application Nonce | |||
| # IN: Access Payload | |||
| # AD: Label UUID, if present | |||
| # CT: EncAccessPayload | |||
| # TAG: TransMIC | |||
| # Section 8.3.6. | |||
| KEY: 9d6dd0e96eb25dc19a40ed9914f8f03f | |||
| NONCE: 02003129ab0003120112345678 | |||
| IN: 0056341263964771734fbd76e3b40519d1d94a48 | |||
| AD: | |||
| CT: ee9dddfd2169326d23f3afdfcfdc18c52fdef772 | |||
| TAG: e0e17308 | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00043129ab0003000012345678 | |||
| IN: 12018026ac01ee9dddfd2169326d23f3afdf | |||
| AD: | |||
| CT: 0afba8c63d4e686364979deaf4fd40961145 | |||
| TAG: 939cda0e | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00043129ac0003000012345678 | |||
| IN: 12018026ac21cfdc18c52fdef772e0e17308 | |||
| AD: | |||
| CT: 6cae0c032bf0746f44f1b8cc8ce5edc57e55 | |||
| TAG: beed49c0 | |||
| # Section 8.3.8. | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00043129ad0003000012345678 | |||
| IN: 12018026ac01ee9dddfd2169326d23f3afdf | |||
| AD: | |||
| CT: 0e2f91add6f06e66006844cec97f973105ae | |||
| TAG: 2534f958 | |||
| # Section 8.3.11. | |||
| KEY: be635105434859f484fc798e043ce40e | |||
| NONCE: 00033129ad0003000012345678 | |||
| IN: 1201c026ac01ee9dddfd2169326d23f3afdf | |||
| AD: | |||
| CT: d5e748a20ecfd98ddfd32de80befb400213d | |||
| TAG: 113813b5 | |||
| # Section 8.3.13's test vector is identical to 8.3.11. | |||
| # Section 8.3.15. | |||
| KEY: be635105434859f484fc798e043ce40e | |||
| NONCE: 00033129ac0003000012345678 | |||
| IN: 12018026ac21cfdc18c52fdef772e0e17308 | |||
| AD: | |||
| CT: f1d29805664d235eacd707217dedfe78497f | |||
| TAG: efec7391 | |||
| # Section 8.3.16. | |||
| KEY: 9d6dd0e96eb25dc19a40ed9914f8f03f | |||
| NONCE: 02000000061201000312345678 | |||
| IN: 800300563412 | |||
| AD: | |||
| CT: 89511bf1d1a8 | |||
| TAG: 1c11dcef | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 000b0000061201000012345678 | |||
| IN: 00030089511bf1d1a81c11dcef | |||
| AD: | |||
| CT: 6b9be7f5a642f2f98680e61c3a | |||
| TAG: 8b47f228 | |||
| # Section 8.3.17's test vector is identical to 8.3.16. | |||
| # Section 8.3.18. | |||
| KEY: 63964771734fbd76e3b40519d1d94a48 | |||
| NONCE: 01000000071201ffff12345678 | |||
| IN: 0400000000 | |||
| AD: | |||
| CT: 5a8bde6d91 | |||
| TAG: 06ea078a | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00030000071201000012345678 | |||
| IN: ffff665a8bde6d9106ea078a | |||
| AD: | |||
| CT: 5673728a627fb938535508e2 | |||
| TAG: 1a6baf57 | |||
| # Section 8.3.19. | |||
| KEY: 63964771734fbd76e3b40519d1d94a48 | |||
| NONCE: 01000000091201ffff12345678 | |||
| IN: 04000000010703 | |||
| AD: | |||
| CT: ca6cd88e698d12 | |||
| TAG: 65f43fc5 | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00030000091201000012345678 | |||
| IN: ffff66ca6cd88e698d1265f43fc5 | |||
| AD: | |||
| CT: 3010a05e1b23a926023da75d25ba | |||
| TAG: 91793736 | |||
| # Section 8.3.20. | |||
| KEY: 63964771734fbd76e3b40519d1d94a48 | |||
| NONCE: 01000708091234ffff12345677 | |||
| IN: 04000000010703 | |||
| AD: | |||
| CT: 9c9803e110fea9 | |||
| TAG: 29e9542d | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 00030708091234000012345677 | |||
| IN: ffff669c9803e110fea929e9542d | |||
| AD: | |||
| CT: 8c3dc87344a16c787f6b08cc897c | |||
| TAG: 941a5368 | |||
| # Section 8.3.21. | |||
| KEY: 63964771734fbd76e3b40519d1d94a48 | |||
| NONCE: 010007080a1234810512345677 | |||
| IN: d50a0048656c6c6f | |||
| AD: | |||
| CT: 2fa730fd98f6e4bd | |||
| TAG: 120ea9d6 | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 000307080a1234000012345677 | |||
| IN: 8105662fa730fd98f6e4bd120ea9d6 | |||
| AD: | |||
| CT: e4d611358eaf17796a6c98977f69e5 | |||
| TAG: 872c4620 | |||
| # Section 8.3.22. | |||
| KEY: 63964771734fbd76e3b40519d1d94a48 | |||
| NONCE: 010007080b1234b52912345677 | |||
| IN: d50a0048656c6c6f | |||
| AD: 0073e7e4d8b9440faf8415df4c56c0e1 | |||
| CT: 3871b904d4315263 | |||
| TAG: 16ca48a0 | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 000307080b1234000012345677 | |||
| IN: b529663871b904d431526316ca48a0 | |||
| AD: | |||
| CT: ed31f3fdcf88a411135fea55df730b | |||
| TAG: 6b28e255 | |||
| # Section 8.3.23. | |||
| KEY: 63964771734fbd76e3b40519d1d94a48 | |||
| NONCE: 010007080c1234973612345677 | |||
| IN: d50a0048656c6c6f | |||
| AD: f4a002c7fb1e4ca0a469a021de0db875 | |||
| CT: 2456db5e3100eef6 | |||
| TAG: 5daa7a38 | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 000307080c1234000012345677 | |||
| IN: 9736662456db5e3100eef65daa7a38 | |||
| AD: | |||
| CT: 7a9d696d3dd16a75489696f0b70c71 | |||
| TAG: 1b881385 | |||
| # Section 8.3.24. | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 000307080d1234000012345677 | |||
| IN: 9736e6a03401de1547118463123e5f6a17b9 | |||
| AD: | |||
| CT: 94e998b4081f5a7308ce3edbb3b06cdecd02 | |||
| TAG: 8e307f1c | |||
| KEY: 0953fa93e7caac9638f58820220a398e | |||
| NONCE: 000307080e1234000012345677 | |||
| IN: 9736e6a034219dbca387 | |||
| AD: | |||
| CT: dc2f4dd6fb4d32870129 | |||
| TAG: 1be4aafe | |||
+ 8
- 2
include/openssl/aead.h
Zobrazit soubor
| @@ -117,10 +117,16 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void); | |||
| // https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02 | |||
| OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void); | |||
| // EVP_aead_aes_128_ccm_bluetooth is AES-128-CCM with M=4 and L=2, as decribed | |||
| // in the Bluetooth Core Specification v5.0, Volume 6, Part E, Section 1. | |||
| // EVP_aead_aes_128_ccm_bluetooth is AES-128-CCM with M=4 and L=2 (4-byte tags | |||
| // and 13-byte nonces), as decribed in the Bluetooth Core Specification v5.0, | |||
| // Volume 6, Part E, Section 1. | |||
| OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void); | |||
| // EVP_aead_aes_128_ccm_bluetooth_8 is AES-128-CCM with M=8 and L=2 (8-byte tags | |||
| // and 13-byte nonces), as used in the Bluetooth Mesh Networking Specification | |||
| // v1.0. | |||
| OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth_8(void); | |||
| // EVP_has_aes_hardware returns one if we enable hardware support for fast and | |||
| // constant-time AES-GCM. | |||
| OPENSSL_EXPORT int EVP_has_aes_hardware(void); | |||
+ 1
- 0
sources.cmake
Zobrazit soubor
| @@ -11,6 +11,7 @@ set( | |||
| crypto/cipher_extra/test/aes_128_cbc_sha1_tls_tests.txt | |||
| crypto/cipher_extra/test/aes_128_cbc_sha256_tls_tests.txt | |||
| crypto/cipher_extra/test/aes_128_ccm_bluetooth_tests.txt | |||
| crypto/cipher_extra/test/aes_128_ccm_bluetooth_8_tests.txt | |||
| crypto/cipher_extra/test/aes_128_ctr_hmac_sha256.txt | |||
| crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt | |||
| crypto/cipher_extra/test/aes_128_gcm_tests.txt | |||