demos/cipher/aesgcm.c

   1 /*
   2  * Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11  * Simple AES GCM authenticated encryption with additional data (AEAD)
  12  * demonstration program.
  13  */
  14
  15 #include <stdio.h>
  16 #include <openssl/err.h>
  17 #include <openssl/bio.h>
  18 #include <openssl/evp.h>
  19 #include <openssl/core_names.h>
  20
  21 /* AES-GCM test data obtained from NIST public test vectors */
  22
  23 /* AES key */
  24 static const unsigned char gcm_key[] = {
  25     0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
  26     0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
  27     0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
  28 };
  29
  30 /* Unique initialisation vector */
  31 static const unsigned char gcm_iv[] = {
  32     0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84
  33 };
  34
  35 /* Example plaintext to encrypt */
  36 static const unsigned char gcm_pt[] = {
  37     0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea,
  38     0xcc, 0x2b, 0xf2, 0xa5
  39 };
  40
  41 /*
  42  * Example of Additional Authenticated Data (AAD), i.e. unencrypted data
  43  * which can be authenticated using the generated Tag value.
  44  */
  45 static const unsigned char gcm_aad[] = {
  46     0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43,
  47     0x7f, 0xec, 0x78, 0xde
  48 };
  49
  50 /* Expected ciphertext value */
  51 static const unsigned char gcm_ct[] = {
  52     0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e,
  53     0xb9, 0xf2, 0x17, 0x36
  54 };
  55
  56 /* Expected AEAD Tag value */
  57 static const unsigned char gcm_tag[] = {
  58     0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62,
  59     0x98, 0xf7, 0x7e, 0x0c
  60 };
  61
  62 /*
  63  * A library context and property query can be used to select & filter
  64  * algorithm implementations. If they are NULL then the default library
  65  * context and properties are used.
  66  */
  67 OSSL_LIB_CTX *libctx = NULL;
  68 const char *propq = NULL;
  69
  70 int aes_gcm_encrypt(void)
  71 {
  72     int ret = 0;
  73     EVP_CIPHER_CTX *ctx;
  74     EVP_CIPHER *cipher = NULL;
  75     int outlen, tmplen;
  76     size_t gcm_ivlen = sizeof(gcm_iv);
  77     unsigned char outbuf[1024];
  78     unsigned char outtag[16];
  79     OSSL_PARAM params[2] = {
  80         OSSL_PARAM_END, OSSL_PARAM_END
  81     };
  82
  83     printf("AES GCM Encrypt:\n");
  84     printf("Plaintext:\n");
  85     BIO_dump_fp(stdout, gcm_pt, sizeof(gcm_pt));
  86
  87     /* Create a context for the encrypt operation */
  88     if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
  89         goto err;
  90
  91     /* Fetch the cipher implementation */
  92     if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-GCM", propq)) == NULL)
  93         goto err;
  94
  95     /* Set IV length if default 96 bits is not appropriate */
  96     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
  97                                             &gcm_ivlen);
  98
  99     /*
 100      * Initialise an encrypt operation with the cipher/mode, key, IV and
 101      * IV length parameter.
 102      * For demonstration purposes the IV is being set here. In a compliant
 103      * application the IV would be generated internally so the iv passed in
 104      * would be NULL.
 105      */
 106     if (!EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
 107         goto err;
 108
 109     /* Zero or more calls to specify any AAD */
 110     if (!EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)))
 111         goto err;
 112
 113     /* Encrypt plaintext */
 114     if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt)))
 115         goto err;
 116
 117     /* Output encrypted block */
 118     printf("Ciphertext:\n");
 119     BIO_dump_fp(stdout, outbuf, outlen);
 120
 121     /* Finalise: note get no output for GCM */
 122     if (!EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))
 123         goto err;
 124
 125     /* Get tag */
 126     params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
 127                                                   outtag, 16);
 128
 129     if (!EVP_CIPHER_CTX_get_params(ctx, params))
 130         goto err;
 131
 132     /* Output tag */
 133     printf("Tag:\n");
 134     BIO_dump_fp(stdout, outtag, 16);
 135
 136     ret = 1;
 137 err:
 138     if (!ret)
 139         ERR_print_errors_fp(stderr);
 140
 141     EVP_CIPHER_free(cipher);
 142     EVP_CIPHER_CTX_free(ctx);
 143
 144     return ret;
 145 }
 146
 147 int aes_gcm_decrypt(void)
 148 {
 149     int ret = 0;
 150     EVP_CIPHER_CTX *ctx;
 151     EVP_CIPHER *cipher = NULL;
 152     int outlen, rv;
 153     size_t gcm_ivlen = sizeof(gcm_iv);
 154     unsigned char outbuf[1024];
 155     OSSL_PARAM params[2] = {
 156         OSSL_PARAM_END, OSSL_PARAM_END
 157     };
 158
 159     printf("AES GCM Decrypt:\n");
 160     printf("Ciphertext:\n");
 161     BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct));
 162
 163     if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
 164         goto err;
 165
 166     /* Fetch the cipher implementation */
 167     if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-GCM", propq)) == NULL)
 168         goto err;
 169
 170     /* Set IV length if default 96 bits is not appropriate */
 171     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
 172                                             &gcm_ivlen);
 173
 174     /*
 175      * Initialise an encrypt operation with the cipher/mode, key, IV and
 176      * IV length parameter.
 177      */
 178     if (!EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
 179         goto err;
 180
 181     /* Zero or more calls to specify any AAD */
 182     if (!EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)))
 183         goto err;
 184
 185     /* Decrypt plaintext */
 186     if (!EVP_DecryptUpdate(ctx, outbuf, &outlen, gcm_ct, sizeof(gcm_ct)))
 187         goto err;
 188
 189     /* Output decrypted block */
 190     printf("Plaintext:\n");
 191     BIO_dump_fp(stdout, outbuf, outlen);
 192
 193     /* Set expected tag value. */
 194     params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
 195                                                   (void*)gcm_tag, sizeof(gcm_tag));
 196
 197     if (!EVP_CIPHER_CTX_set_params(ctx, params))
 198         goto err;
 199
 200     /* Finalise: note get no output for GCM */
 201     rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);
 202     /*
 203      * Print out return value. If this is not successful authentication
 204      * failed and plaintext is not trustworthy.
 205      */
 206     printf("Tag Verify %s\n", rv > 0 ? "Successful!" : "Failed!");
 207
 208     ret = 1;
 209 err:
 210     if (!ret)
 211         ERR_print_errors_fp(stderr);
 212
 213     EVP_CIPHER_free(cipher);
 214     EVP_CIPHER_CTX_free(ctx);
 215
 216     return ret;
 217 }
 218
 219 int main(int argc, char **argv)
 220 {
 221     if (!aes_gcm_encrypt())
 222         return EXIT_FAILURE;
 223
 224     if (!aes_gcm_decrypt())
 225         return EXIT_FAILURE;
 226
 227     return EXIT_SUCCESS;
 228 }