openssl学习之ccm,gcm 模式

openssl中添加了对AESccm和gcm模式的支持。下面的内容主要是对这两个模式相关资料的收集以及整理。一，CCMCCM（counterwithCBC-MAC)定义在分组长度为128位的加密算法中，如，AES的分组长度为128。组成AES-CCM算法的关键组成是CTR工作模式以及CMAC认证算法。Wifi的WPE协议中使用了AES-CCM。在HMAC中我们介绍CCM是属于一种E&M（认证并且加密），首先我们来看一下AES-CCM模式的输入输出。首先介绍两个参数设置：L：长度域，取值为2~8，openssl中缺省的为8。M：tag的长度，合法的值为：4,6,8,10,12,14和16。openssl中缺省的为12key16,24,32None15-LMessagetoauthenticateandencryptlen(Msg)Additionalauthenticateddatalen(AAD)其中对消息长度有：0=len(Msg)=2^(8L);对附加数据长度有：0=len(AAD)2^64;[cpp]viewplaincopy1./*SimpleAESCCMtestprogram,usesthesameNISTdatausedfortheFIPS2.*selftestbutusestheapplicationlevelEVPAPIs.3.*/4.#includestdio.h5.#includeopenssl/bio.h6.#includeopenssl/evp.h7.8./*AES-CCMtestdatafromNISTpublictestvectors*/9.10.staticconstunsignedcharccm_key[]={11.0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,12.0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe813.};14.//随机数，每次加密针对相同的KEY使用不同的NONCE。否则会破坏CCM模式的安全性（RFC3610）15.staticconstunsignedcharccm_nonce[]={16.0x76,0x40,0x43,0xc4,0x94,0x60,0xb717.};18.//附加数据19.staticconstunsignedcharccm_adata[]={20.0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,21.0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,22.0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe423.};24.//plaintext表示明文25.staticconstunsignedcharccm_pt[]={26.0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,27.0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x1028.};29.//ciphertext表示密文30.staticconstunsignedcharccm_ct[]={31.0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,32.0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd33.};34.//tag表示tag数据35.staticconstunsignedcharccm_tag[]={36.0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,37.0x14,0xdb,0x50,0x6d38.};39.40.voidaes_ccm_encrypt(void)41.{42.EVP_CIPHER_CTX*ctx;43.intoutlen,tmplen;44.unsignedcharoutbuf[1024];45.printf(AESCCMEncrypt:\n);46.printf(Plaintext:\n);47.BIO_dump_fp(stdout,ccm_pt,sizeof(ccm_pt));48.ctx=EVP_CIPHER_CTX_new();49./*Setciphertypeandmode*/50.EVP_EncryptInit_ex(ctx,EVP_aes_192_ccm(),NULL,NULL,NULL);51./*Setnoncelengthifdefault96bitsisnotappropriate*/52.EVP_CIPHER_CTX_ctrl(ctx,EVP_CTRL_CCM_SET_IVLEN,sizeof(ccm_nonce),NULL);53./*Settaglength*/54.EVP_CIPHER_CTX_ctrl(ctx,EVP_CTRL_CCM_SET_TAG,sizeof(ccm_tag),NULL);55./*InitialisekeyandIV*/56.EVP_EncryptInit_ex(ctx,NULL,NULL,ccm_key,ccm_nonce);57./*Setplaintextlength:onlyneededifAADisused*/58.//输入输出需设置为NULL59.EVP_EncryptUpdate(ctx,NULL,&outlen,NULL,sizeof(ccm_pt));60./*ZerooronecalltospecifyanyAAD*/61.//设置AAD，out参数需设置为NULL62.EVP_EncryptUpdate(ctx,NULL,&outlen,ccm_adata,sizeof(ccm_adata));63./*Encryptplaintext:canonlybecalledonce*/64.EVP_EncryptUpdate(ctx,outbuf,&outlen,ccm_pt,sizeof(ccm_pt));65./*Outputencryptedblock*/66.printf(Ciphertext:\n);67.BIO_dump_fp(stdout,outbuf,outlen);68./*Finalise:notegetnooutputforCCM*/69.EVP_EncryptFinal_ex(ctx,outbuf,&outlen);70./*Gettag*/71.EVP_CIPHER_CTX_ctrl(ctx,EVP_CTRL_CCM_GET_TAG,16,outbuf);72./*Outputtag*/73.printf(Tag:\n);74.BIO_dump_fp(stdout,outbuf,16);75.EVP_CIPHER_CTX_free(ctx);76.}77.78.voidaes_ccm_decrypt(void)79.{80.EVP_CIPHER_CTX*ctx;81.intoutlen,tmplen,rv;82.unsignedcharoutbuf[1024];83.printf(AESCCMDerypt:\n);84.printf(Ciphertext:\n);85.BIO_dump_fp(stdout,ccm_ct,sizeof(ccm_ct));86.ctx=EVP_CIPHER_CTX_new();87./*Selectcipher*/88.EVP_DecryptInit_ex(ctx,EVP_aes_192_ccm(),NULL,NULL,NULL);89./*Setnoncelength,omitfor96bits*/90.EVP_CIPHER_CTX_ctrl(ctx,EVP_CTRL_CCM_SET_IVLEN,sizeof(ccm_nonce),NULL);91./*Setexpectedtagvalue*/92.EVP_CIPHER_CTX_ctrl(ctx,EVP_CTRL_CCM_SET_TAG,93.sizeof(ccm_tag),(void*)ccm_tag);94./*SpecifykeyandIV*/95.EVP_DecryptInit_ex(ctx,NULL,NULL,ccm_key,ccm_nonce);96./*Setciphertextlength:onlyneededifwehaveAAD*/97.EVP_DecryptUpdate(ctx,NULL,&outlen,NULL,sizeof(ccm_ct));98./*ZerooronecalltospecifyanyAAD*/99.EVP_DecryptUpdate(ctx,NULL,&outlen,ccm_adata,sizeof(ccm_adata));100./*Decryptplaintext,verifytag:canonlybecalledonce*/101.rv=EVP_DecryptUpdate(ctx,outbuf,&outlen,ccm_ct,sizeof(ccm_ct));102./*Outputdecryptedblock:iftagverifyfailedwegetnothing*/103.if(rv0)104.{105.printf(Plaintext:\n);106.BIO_dump_fp(stdout,outbuf,outlen);107.}108.else109.printf(Plaintextnotavailable:tagverifyfailed.\n);110.EVP_CIPHER_CTX_free(ctx);111.}112.113.intmain(intargc,char**argv)114.{115.aes_ccm_encrypt();116.aes_ccm_decrypt();117.}[cpp]viewplaincopy1./*SimpleAESCCMtestprogram,usesthesameNISTdatausedfortheFIPS2.*selftestbutusestheapplicationlevelEVPAPIs.3.*/4.#includestdio.h5.#includeopenssl/bio.h6.#includeopenssl/evp.h7.8./*AES-CCMtestdatafromNISTpublictestvectors*/9.10.staticconstunsignedcharccm_key[]={11.0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,12.0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe813.};14.//随机数，每次加密针对相同的KEY使用不同的NONCE。否则会破坏CCM模式的安全性（RFC3610）15.staticconstunsignedcharccm_nonce[]={16.0x76,0x40,0x43,0xc4,0x94,0x60,0xb717.};18.//附加数据19.staticconstunsignedcharccm_adata[]={20.0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,21.0x5f,0x10,0xbd,0xe7,0x8c