diff --git a/Crypto/Cipher/AES.hs b/Crypto/Cipher/AES.hs index 61b81cf..97a1801 100644 --- a/Crypto/Cipher/AES.hs +++ b/Crypto/Cipher/AES.hs @@ -48,6 +48,7 @@ instance Cipher AES256 where cipherKeySize _ = KeySizeFixed 32 cipherInit k = AES256 <$> (initAES =<< validateKeySize (undefined :: AES256) k) + #define INSTANCE_BLOCKCIPHER(CSTR) \ instance BlockCipher CSTR where \ { blockSize _ = 16 \ diff --git a/Crypto/Cipher/AES/Primitive.hs b/Crypto/Cipher/AES/Primitive.hs index 5169366..26aeb61 100644 --- a/Crypto/Cipher/AES/Primitive.hs +++ b/Crypto/Cipher/AES/Primitive.hs @@ -101,7 +101,7 @@ ocbMode aes = AEADModeImpl , aeadImplFinalize = ocbFinish aes } --- | Create an AES AEAD implementation for GCM +-- | Create an AES AEAD implementation for CCM ccmMode :: AES -> AEADModeImpl AESCCM ccmMode aes = AEADModeImpl { aeadImplAppendHeader = ccmAppendAAD aes @@ -110,6 +110,7 @@ ccmMode aes = AEADModeImpl , aeadImplFinalize = ccmFinish aes } + -- | AES Context (pre-processed key) newtype AES = AES ScrubbedBytes deriving (NFData) diff --git a/cbits/cryptonite_aes.c b/cbits/cryptonite_aes.c index 7e0b723..6fdc1e0 100644 --- a/cbits/cryptonite_aes.c +++ b/cbits/cryptonite_aes.c @@ -437,18 +437,18 @@ void cryptonite_aes_gcm_finish(uint8_t *tag, aes_gcm *gcm, aes_key *key) } } -static inline int ccm_b0_flags(int has_adata, int m, int l) +static inline uint8_t ccm_b0_flags(uint32_t has_adata, uint32_t m, uint32_t l) { return 8*m + l + (has_adata? 64: 0); } /* depends on input size */ -static void ccm_encode_b0(block128* output, aes_ccm* ccm, int has_adata) +static void ccm_encode_b0(block128* output, aes_ccm* ccm, uint32_t has_adata) { int last = 15; - int m = ccm->length_M; - int l = ccm->length_L; - unsigned msg_len = ccm->length_input; + uint32_t m = ccm->length_M; + uint32_t l = ccm->length_L; + uint32_t msg_len = ccm->length_input; block128_zero(output); block128_copy(output, &ccm->nonce); @@ -530,7 +530,7 @@ void cryptonite_aes_ccm_aad(aes_ccm *ccm, aes_key *key, uint8_t *input, uint32_t block128 tmp; if (ccm->length_aad != 0) return; - + ccm->length_aad = length; int len_len; @@ -940,7 +940,7 @@ void cryptonite_aes_generic_ccm_decrypt(uint8_t *output, aes_ccm *ccm, aes_key * if (length != ccm->length_input) { return; } - + /* when aad is absent, reset b0 block */ if (ccm->length_aad == 0) { ccm_encode_b0(&ccm->b0, ccm, 0); /* assume aad is present */ diff --git a/cbits/cryptonite_aes.h b/cbits/cryptonite_aes.h index 9ac20b3..05e147d 100644 --- a/cbits/cryptonite_aes.h +++ b/cbits/cryptonite_aes.h @@ -55,7 +55,7 @@ typedef struct { uint64_t length_input; } aes_gcm; -/* size = 80 */ +/* size = 4*16+4*4= 80 */ typedef struct { aes_block xi; aes_block header_cbcmac; @@ -63,8 +63,8 @@ typedef struct { aes_block nonce; uint32_t length_aad; uint32_t length_input; - uint32_t length_M; - uint32_t length_L; + uint32_t length_M; + uint32_t length_L; } aes_ccm; typedef struct { diff --git a/tests/BlockCipher.hs b/tests/BlockCipher.hs index 6e8f8af..2fc1248 100644 --- a/tests/BlockCipher.hs +++ b/tests/BlockCipher.hs @@ -220,7 +220,7 @@ testKATs kats cipher = testGroup "KAT" aeadInitNoErr mode ct iv = case aeadInit mode ct iv of CryptoPassed a -> a - CryptoFailed _ -> error $ "cipher does'nt support aead mode: " ++ show mode + CryptoFailed _ -> error $ "cipher doesn't support aead mode: " ++ show mode ------------------------------------------------------------------------ -- Properties ------------------------------------------------------------------------ diff --git a/tests/KAT_AES.hs b/tests/KAT_AES.hs index a6c8182..cf098a3 100644 --- a/tests/KAT_AES.hs +++ b/tests/KAT_AES.hs @@ -7,6 +7,7 @@ import Data.Maybe import Crypto.Cipher.Types import qualified Crypto.Cipher.AES as AES import qualified Data.ByteString as B + import qualified KAT_AES.KATECB as KATECB import qualified KAT_AES.KATCBC as KATCBC import qualified KAT_AES.KATXTS as KATXTS @@ -49,8 +50,10 @@ toKatCCM (k,iv,h,i,o,m) = , aeadTaglen = m , aeadTag = at } - where ccmMVal x = fromMaybe CCM_M16 (lookup x [ (4, CCM_M4), (6, CCM_M6), (8, CCM_M8), (10, CCM_M10), - (12, CCM_M12), (14, CCM_M14), (16, CCM_M16) ]) + where ccmMVal x = fromMaybe (error $ "unsupported CCM tag length: " ++ show x) $ + lookup x [ (4, CCM_M4), (6, CCM_M6), (8, CCM_M8), (10, CCM_M10) + , (12, CCM_M12), (14, CCM_M14), (16, CCM_M16) + ] ctWithTag = B.drop (B.length h) o (ct, at) = B.splitAt (B.length ctWithTag - m) ctWithTag diff --git a/tests/KAT_AES/KATCCM.hs b/tests/KAT_AES/KATCCM.hs index e9b2a1a..4f3c197 100644 --- a/tests/KAT_AES/KATCCM.hs +++ b/tests/KAT_AES/KATCCM.hs @@ -7,8 +7,8 @@ import qualified Data.ByteString as B type KATCCM = (B.ByteString, B.ByteString, B.ByteString, B.ByteString, B.ByteString, Int) vectors_aes128_enc :: [KATCCM] -vectors_aes128_enc = [ - ( {- key = -} "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" +vectors_aes128_enc = + [ ( {- key = -} "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" , {- iv = -} "\x00\x00\x00\x03\x02\x01\x00\xa0\xa1\xa2\xa3\xa4\xa5" , {- hdr = -} "\x00\x01\x02\x03\x04\x05\x06\x07" , {- in = -} "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e" @@ -151,4 +151,5 @@ vectors_aes128_enc = [ , {- hdr = -} "\x6e\x37\xa6\xef\x54\x6d\x95\x5d\x34\xab\x60\x59" , {- in = -} "\xab\xf2\x1c\x0b\x02\xfe\xb8\x8f\x85\x6d\xf4\xa3\x73\x81\xbc\xe3\xcc\x12\x85\x17\xd4" , {- out = -} "\x6e\x37\xa6\xef\x54\x6d\x95\x5d\x34\xab\x60\x59\xf3\x29\x05\xb8\x8a\x64\x1b\x04\xb9\xc9\xff\xb5\x8c\xc3\x90\x90\x0f\x3d\xa1\x2a\xb1\x6d\xce\x9e\x82\xef\xa1\x6d\xa6\x20\x59" - , {- M = -} 10) ] + , {- M = -} 10) + ]