+2025-03-09 Niels Möller <nisse@lysator.liu.se>
+
+ * ccm-aes128.c (ccm_aes128_encrypt_message)
+ (ccm_aes128_decrypt_message): Change type of ctx argument to const
+ struct aes128_ctx *.
+ * ccm-aes192.c (ccm_aes192_encrypt_message)
+ (ccm_aes192_decrypt_message): Change type of ctx argument to const
+ struct aes192_ctx *.
+ * ccm-aes256.c (ccm_aes256_encrypt_message)
+ (ccm_aes256_decrypt_message): Change type of ctx argument to const
+ struct aes256_ctx *.
+ * testsuite/ccm-test.c (test_cipher_ccm): Add tests for
+ ccm_aes*_message functions,
+ * nettle.texinfo (CCM): Update documentation.
+
2025-03-06 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h (union nettle_block16): Delete deprecated
}
void
-ccm_aes128_encrypt_message(struct ccm_aes128_ctx *ctx,
+ccm_aes128_encrypt_message(const struct aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src)
{
- ccm_encrypt_message(&ctx->cipher, (nettle_cipher_func *) aes128_encrypt,
+ ccm_encrypt_message(ctx, (nettle_cipher_func *) aes128_encrypt,
nlength, nonce, alength, adata,
tlength, clength, dst, src);
}
int
-ccm_aes128_decrypt_message(struct ccm_aes128_ctx *ctx,
+ccm_aes128_decrypt_message(const struct aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t mlength, uint8_t *dst, const uint8_t *src)
{
- return ccm_decrypt_message(&ctx->cipher,
- (nettle_cipher_func *) aes128_encrypt,
+ return ccm_decrypt_message(ctx, (nettle_cipher_func *) aes128_encrypt,
nlength, nonce, alength, adata,
tlength, mlength, dst, src);
}
}
void
-ccm_aes192_encrypt_message(struct ccm_aes192_ctx *ctx,
+ccm_aes192_encrypt_message(const struct aes192_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src)
{
- ccm_encrypt_message(&ctx->cipher, (nettle_cipher_func *) aes192_encrypt,
+ ccm_encrypt_message(ctx, (nettle_cipher_func *) aes192_encrypt,
nlength, nonce, alength, adata,
tlength, clength, dst, src);
}
int
-ccm_aes192_decrypt_message(struct ccm_aes192_ctx *ctx,
+ccm_aes192_decrypt_message(const struct aes192_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t mlength, uint8_t *dst, const uint8_t *src)
{
- return ccm_decrypt_message(&ctx->cipher,
- (nettle_cipher_func *) aes192_encrypt,
+ return ccm_decrypt_message(ctx, (nettle_cipher_func *) aes192_encrypt,
nlength, nonce, alength, adata,
tlength, mlength, dst, src);
}
}
void
-ccm_aes256_encrypt_message(struct ccm_aes256_ctx *ctx,
+ccm_aes256_encrypt_message(const struct aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src)
{
- ccm_encrypt_message(&ctx->cipher, (nettle_cipher_func *) aes256_encrypt,
+ ccm_encrypt_message(ctx, (nettle_cipher_func *) aes256_encrypt,
nlength, nonce, alength, adata,
tlength, clength, dst, src);
}
int
-ccm_aes256_decrypt_message(struct ccm_aes256_ctx *ctx,
+ccm_aes256_decrypt_message(const struct aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t mlength, uint8_t *dst, const uint8_t *src)
{
- return ccm_decrypt_message(&ctx->cipher, (nettle_cipher_func *) aes256_encrypt,
+ return ccm_decrypt_message(ctx, (nettle_cipher_func *) aes256_encrypt,
nlength, nonce, alength, adata,
tlength, mlength, dst, src);
}
ccm_aes128_digest(struct ccm_aes128_ctx *ctx,
size_t length, uint8_t *digest);
-/* FIXME: For next API/ABI break: first argument should be const
- struct aes128_ctx *, and similarly for other ccm_*_message
- functions below. */
void
-ccm_aes128_encrypt_message(struct ccm_aes128_ctx *ctx,
+ccm_aes128_encrypt_message(const struct aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src);
int
-ccm_aes128_decrypt_message(struct ccm_aes128_ctx *ctx,
+ccm_aes128_decrypt_message(const struct aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t length, uint8_t *digest);
void
-ccm_aes192_encrypt_message(struct ccm_aes192_ctx *ctx,
+ccm_aes192_encrypt_message(const struct aes192_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src);
int
-ccm_aes192_decrypt_message(struct ccm_aes192_ctx *ctx,
+ccm_aes192_decrypt_message(const struct aes192_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t length, uint8_t *digest);
void
-ccm_aes256_encrypt_message(struct ccm_aes256_ctx *ctx,
+ccm_aes256_encrypt_message(const struct aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src);
int
-ccm_aes256_decrypt_message(struct ccm_aes256_ctx *ctx,
+ccm_aes256_decrypt_message(const struct aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
for the encryption functions, and @var{mlength} for the decryption
functions.
-@deftypefun void ccm_encrypt_message (void *@var{cipher}, nettle_cipher_func *@var{f}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{clength}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefun void ccm_encrypt_message (const void *@var{cipher}, nettle_cipher_func *@var{f}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{clength}, uint8_t *@var{dst}, const uint8_t *@var{src})
Computes the message digest from the @var{adata} and @var{src}
parameters, encrypts the plaintext from @var{src}, appends the encrypted
@acronym{MAC} to ciphertext and outputs it to @var{dst}.
@end deftypefun
-@deftypefun int ccm_decrypt_message (void *@var{cipher}, nettle_cipher_func *@var{f}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{mlength}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefun int ccm_decrypt_message (const void *@var{cipher}, nettle_cipher_func *@var{f}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{mlength}, uint8_t *@var{dst}, const uint8_t *@var{src})
Decrypts the ciphertext from @var{src}, outputs the plaintext to
@var{dst}, recalculates the @acronym{MAC} from @var{adata} and the
plaintext, and compares it to the final @var{tlength} bytes of
@var{f}, and @var{ctx} are replaced with a context structure.
@end deftypefun
-@deftypefun void ccm_aes128_encrypt_message (struct ccm_aes128_ctx *@var{ctx}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{clength}, uint8_t *@var{dst}, const uint8_t *@var{src})
-@deftypefunx void ccm_aes192_encrypt_message (struct ccm_aes192_ctx *@var{ctx}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{clength}, uint8_t *@var{dst}, const uint8_t *@var{src})
-@deftypefunx void ccm_aes256_encrypt_message (struct ccm_aes256_ctx *@var{ctx}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{clength}, uint8_t *@var{dst}, const uint8_t *@var{src})
-@deftypefunx int ccm_aes128_decrypt_message (struct ccm_aes128_ctx *@var{ctx}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{mlength}, uint8_t *@var{dst}, const uint8_t *@var{src})
-@deftypefunx int ccm_aes192_decrypt_message (struct ccm_aes192_ctx *@var{ctx}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{mlength}, uint8_t *@var{dst}, const uint8_t *@var{src})
-@deftypefunx int ccm_aes256_decrypt_message (struct ccm_aes256_ctx *@var{ctx}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{mlength}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefun void ccm_aes128_encrypt_message (const struct aes128_ctx *@var{cipher}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{clength}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefunx void ccm_aes192_encrypt_message (const struct aes192_ctx *@var{cipher}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{clength}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefunx void ccm_aes256_encrypt_message (const struct aes256_ctx *@var{cipher}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{clength}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefunx int ccm_aes128_decrypt_message (const struct aes128_ctx *@var{cipher}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{mlength}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefunx int ccm_aes192_decrypt_message (const struct aes192_ctx *@var{cipher}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{mlength}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefunx int ccm_aes256_decrypt_message (const struct aes256_ctx *@var{cipher}, size_t @var{nlength}, const uint8_t *@var{nonce}, size_t @var{alength}, const uint8_t *@var{adata}, size_t @var{tlength}, size_t @var{mlength}, uint8_t *@var{dst}, const uint8_t *@var{src})
These are identical to @code{ccm_encrypt_message} and @code{ccm_decrypt_message}
-except that @var{cipher} and @var{f} are replaced with a context structure.
+except that @var{cipher} is an AES context and the encryption function
+@var{f} is implied.
@end deftypefun
@node ChaCha-Poly1305
const struct tstring *adata,
/* Expected results. */
const struct tstring *e_clear,
- const struct tstring *e_cipher,
+ const struct tstring *e_cipher,
/* Actual results. */
const void *clear,
const void *cipher,
/* Ensure we get the same answers using the all-in-one API. */
if (repeat <= 1) {
- int ret;
memset(de_data, 0, cleartext->length);
memset(en_data, 0, ciphertext->length);
- memset(de_digest, 0, sizeof(de_digest));
ccm_encrypt_message(ctx, cipher->encrypt, nonce->length, nonce->data,
authdata->length, authdata->data, tlength,
ciphertext->length, en_data, cleartext->data);
- ret = ccm_decrypt_message(ctx, cipher->encrypt, nonce->length, nonce->data,
- authdata->length, authdata->data, tlength,
- cleartext->length, de_data, ciphertext->data);
-
- if (ret != 1) fprintf(stderr, "ccm_decrypt_message failed to validate message\n");
+ if (!ccm_decrypt_message(ctx, cipher->encrypt, nonce->length, nonce->data,
+ authdata->length, authdata->data, tlength,
+ cleartext->length, de_data, ciphertext->data))
+ {
+ fprintf(stderr, "ccm_decrypt_message failed to validate message\n");
+ FAIL();
+ }
test_compare_results("CCM_MSG", authdata,
cleartext, ciphertext, de_data, en_data, NULL);
/* Ensure that we can detect corrupted message or tag data. */
if (tlength) {
en_data[0] ^= 1;
- ret = ccm_decrypt_message(ctx, cipher->encrypt, nonce->length, nonce->data,
- authdata->length, authdata->data, tlength,
- cleartext->length, de_data, en_data);
- if (ret != 0) fprintf(stderr, "ccm_decrypt_message failed to detect corrupted message\n");
+ if (ccm_decrypt_message(ctx, cipher->encrypt, nonce->length, nonce->data,
+ authdata->length, authdata->data, tlength,
+ cleartext->length, de_data, en_data))
+ {
+ fprintf(stderr, "ccm_decrypt_message failed to detect corrupted message\n");
+ FAIL();
+ }
}
/* Ensure we can detect corrupted adata. */
if (tlength && authdata->length) {
- ret = ccm_decrypt_message(ctx, cipher->encrypt, nonce->length, nonce->data,
- authdata->length-1, authdata->data, tlength,
- cleartext->length, de_data, ciphertext->data);
- if (ret != 0) fprintf(stderr, "ccm_decrypt_message failed to detect corrupted message\n");
+ if (ccm_decrypt_message(ctx, cipher->encrypt, nonce->length, nonce->data,
+ authdata->length-1, authdata->data, tlength,
+ cleartext->length, de_data, ciphertext->data))
+ {
+ fprintf(stderr, "ccm_decrypt_message failed to detect corrupted message\n");
+ FAIL();
+ }
}
}
test_compare_results("CCM_AES_128", authdata,
cleartext, ciphertext, de_data, en_data, de_digest);
+ if (repeat <= 1)
+ {
+ memset(de_data, 0, cleartext->length);
+ memset(en_data, 0, ciphertext->length);
+ ccm_aes128_encrypt_message (ctx, nonce->length, nonce->data,
+ authdata->length, authdata->data, tlength,
+ ciphertext->length, en_data, cleartext->data);
+ if (!ccm_aes128_decrypt_message(ctx, nonce->length, nonce->data,
+ authdata->length, authdata->data, tlength,
+ cleartext->length, de_data, ciphertext->data))
+ {
+ fprintf(stderr, "ccm_aes128_decrypt_message failed to validate message\n");
+ FAIL();
+ }
+ test_compare_results("CCM_AES_128_MSG", authdata,
+ cleartext, ciphertext, de_data, en_data, NULL);
+ }
}
/* TODO: I couldn't find any test cases for CCM-AES-192 */
if (cipher == &nettle_aes256) {
test_compare_results("CCM_AES_256", authdata,
cleartext, ciphertext, de_data, en_data, de_digest);
+ if (repeat <= 1)
+ {
+ memset(de_data, 0, cleartext->length);
+ memset(en_data, 0, ciphertext->length);
+ ccm_aes256_encrypt_message (ctx, nonce->length, nonce->data,
+ authdata->length, authdata->data, tlength,
+ ciphertext->length, en_data, cleartext->data);
+ if (!ccm_aes256_decrypt_message(ctx, nonce->length, nonce->data,
+ authdata->length, authdata->data, tlength,
+ cleartext->length, de_data, ciphertext->data))
+ {
+ fprintf(stderr, "ccm_aes256_decrypt_message failed to validate message\n");
+ FAIL();
+ }
+ test_compare_results("CCM_AES_256_MSG", authdata,
+ cleartext, ciphertext, de_data, en_data, NULL);
+ }
}
free(ctx);
projects / thirdparty / nettle.git / commitdiff
