[thirdparty/openssl.git] / demos / evp / aesccm.c

/*
 * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * Simple AES CCM test program, uses the same NIST data used for the FIPS
 * self test but uses the application level EVP APIs.
 */
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/evp.h>

/* AES-CCM test data from NIST public test vectors */

static const unsigned char ccm_key[] = {
    0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
    0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
};

static const unsigned char ccm_nonce[] = {
    0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
};

static const unsigned char ccm_adata[] = {
    0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
    0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
    0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
};

static const unsigned char ccm_pt[] = {
    0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
    0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
};

static const unsigned char ccm_ct[] = {
    0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
    0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
};

static const unsigned char ccm_tag[] = {
    0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
    0x14, 0xdb, 0x50, 0x6d
};

void aes_ccm_encrypt(void)
{
    EVP_CIPHER_CTX *ctx;
    int outlen, tmplen;
    unsigned char outbuf[1024];
    printf("AES CCM Encrypt:\n");
    printf("Plaintext:\n");
    BIO_dump_fp(stdout, ccm_pt, sizeof(ccm_pt));
    ctx = EVP_CIPHER_CTX_new();
    /* Set cipher type and mode */
    EVP_EncryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
    /* Set nonce length if default 96 bits is not appropriate */
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
                        NULL);
    /* Set tag length */
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), NULL);
    /* Initialise key and IV */
    EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
    /* Set plaintext length: only needed if AAD is used */
    EVP_EncryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_pt));
    /* Zero or one call to specify any AAD */
    EVP_EncryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
    /* Encrypt plaintext: can only be called once */
    EVP_EncryptUpdate(ctx, outbuf, &outlen, ccm_pt, sizeof(ccm_pt));
    /* Output encrypted block */
    printf("Ciphertext:\n");
    BIO_dump_fp(stdout, outbuf, outlen);
    /* Finalise: note get no output for CCM */
    EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
    /* Get tag */
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
    /* Output tag */
    printf("Tag:\n");
    BIO_dump_fp(stdout, outbuf, 16);
    EVP_CIPHER_CTX_free(ctx);
}

void aes_ccm_decrypt(void)
{
    EVP_CIPHER_CTX *ctx;
    int outlen, tmplen, rv;
    unsigned char outbuf[1024];
    printf("AES CCM Derypt:\n");
    printf("Ciphertext:\n");
    BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct));
    ctx = EVP_CIPHER_CTX_new();
    /* Select cipher */
    EVP_DecryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
    /* Set nonce length, omit for 96 bits */
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
                        NULL);
    /* Set expected tag value */
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
                        sizeof(ccm_tag), (void *)ccm_tag);
    /* Specify key and IV */
    EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
    /* Set ciphertext length: only needed if we have AAD */
    EVP_DecryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_ct));
    /* Zero or one call to specify any AAD */
    EVP_DecryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
    /* Decrypt plaintext, verify tag: can only be called once */
    rv = EVP_DecryptUpdate(ctx, outbuf, &outlen, ccm_ct, sizeof(ccm_ct));
    /* Output decrypted block: if tag verify failed we get nothing */
    if (rv > 0) {
        printf("Plaintext:\n");
        BIO_dump_fp(stdout, outbuf, outlen);
    } else
        printf("Plaintext not available: tag verify failed.\n");
    EVP_CIPHER_CTX_free(ctx);
}

int main(int argc, char **argv)
{
    aes_ccm_encrypt();
    aes_ccm_decrypt();
}
Commit	Line	Data
9e200689 RS	1	/*
	2	* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
	3	*
5e73e6ba	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
9e200689 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
0f113f3e MC	10	/*
0f113f3e MC	11	* Simple AES CCM test program, uses the same NIST data used for the FIPS
e942c154 DSH	12	* self test but uses the application level EVP APIs.
	13	*/
	14	#include <stdio.h>
	15	#include <openssl/bio.h>
	16	#include <openssl/evp.h>
	17
	18	/* AES-CCM test data from NIST public test vectors */
	19
	20	static const unsigned char ccm_key[] = {
0f113f3e MC	21	0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
0f113f3e MC	22	0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
e942c154 DSH	23	};
	24
	25	static const unsigned char ccm_nonce[] = {
0f113f3e	26	0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
e942c154 DSH	27	};
	28
	29	static const unsigned char ccm_adata[] = {
0f113f3e MC	30	0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
	31	0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
	32	0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
e942c154 DSH	33	};
	34
	35	static const unsigned char ccm_pt[] = {
0f113f3e MC	36	0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
0f113f3e MC	37	0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
e942c154 DSH	38	};
	39
	40	static const unsigned char ccm_ct[] = {
0f113f3e MC	41	0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
0f113f3e MC	42	0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
e942c154 DSH	43	};
	44
	45	static const unsigned char ccm_tag[] = {
0f113f3e MC	46	0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
0f113f3e MC	47	0x14, 0xdb, 0x50, 0x6d
e942c154 DSH	48	};
	49
	50	void aes_ccm_encrypt(void)
0f113f3e MC	51	{
	52	EVP_CIPHER_CTX *ctx;
	53	int outlen, tmplen;
	54	unsigned char outbuf[1024];
	55	printf("AES CCM Encrypt:\n");
	56	printf("Plaintext:\n");
	57	BIO_dump_fp(stdout, ccm_pt, sizeof(ccm_pt));
	58	ctx = EVP_CIPHER_CTX_new();
	59	/* Set cipher type and mode */
	60	EVP_EncryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
	61	/* Set nonce length if default 96 bits is not appropriate */
e640fa02 MC	62	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
e640fa02 MC	63	NULL);
0f113f3e	64	/* Set tag length */
e640fa02	65	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), NULL);
0f113f3e MC	66	/* Initialise key and IV */
	67	EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
	68	/* Set plaintext length: only needed if AAD is used */
	69	EVP_EncryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_pt));
	70	/* Zero or one call to specify any AAD */
	71	EVP_EncryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
	72	/* Encrypt plaintext: can only be called once */
	73	EVP_EncryptUpdate(ctx, outbuf, &outlen, ccm_pt, sizeof(ccm_pt));
	74	/* Output encrypted block */
	75	printf("Ciphertext:\n");
	76	BIO_dump_fp(stdout, outbuf, outlen);
	77	/* Finalise: note get no output for CCM */
	78	EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
	79	/* Get tag */
e640fa02	80	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
0f113f3e MC	81	/* Output tag */
	82	printf("Tag:\n");
	83	BIO_dump_fp(stdout, outbuf, 16);
	84	EVP_CIPHER_CTX_free(ctx);
	85	}
e942c154 DSH	86
e942c154 DSH	87	void aes_ccm_decrypt(void)
0f113f3e MC	88	{
	89	EVP_CIPHER_CTX *ctx;
	90	int outlen, tmplen, rv;
	91	unsigned char outbuf[1024];
	92	printf("AES CCM Derypt:\n");
	93	printf("Ciphertext:\n");
	94	BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct));
	95	ctx = EVP_CIPHER_CTX_new();
	96	/* Select cipher */
	97	EVP_DecryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
	98	/* Set nonce length, omit for 96 bits */
e640fa02 MC	99	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
e640fa02 MC	100	NULL);
0f113f3e	101	/* Set expected tag value */
e640fa02	102	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
0f113f3e MC	103	sizeof(ccm_tag), (void *)ccm_tag);
	104	/* Specify key and IV */
	105	EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
	106	/* Set ciphertext length: only needed if we have AAD */
	107	EVP_DecryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_ct));
	108	/* Zero or one call to specify any AAD */
	109	EVP_DecryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
	110	/* Decrypt plaintext, verify tag: can only be called once */
	111	rv = EVP_DecryptUpdate(ctx, outbuf, &outlen, ccm_ct, sizeof(ccm_ct));
	112	/* Output decrypted block: if tag verify failed we get nothing */
	113	if (rv > 0) {
	114	printf("Plaintext:\n");
	115	BIO_dump_fp(stdout, outbuf, outlen);
	116	} else
	117	printf("Plaintext not available: tag verify failed.\n");
	118	EVP_CIPHER_CTX_free(ctx);
	119	}
e942c154 DSH	120
e942c154 DSH	121	int main(int argc, char **argv)
0f113f3e MC	122	{
	123	aes_ccm_encrypt();
	124	aes_ccm_decrypt();
	125	}