Cryptography Reference
In-Depth Information
the functions as black boxes — plaintext goes in, ciphertext comes out. As long
as you're careful to ensure that nonces are never reused with a single key, you
can be confi dent that the encrypted data is safely protected.
Authentication with Associated Data
By now you may be wondering, “If AEAD stands for Authenticated Encryption
with Associated Data, what's the associated data part?” The
Associated Data
is
data that should be authenticated along with the encrypted data, but not itself
encrypted. If you remember the use of the MAC in TLS 1.0, it MAC'ed one addi-
tional piece of data that was not transmitted — the sequence number — and some
that were transmitted but not encrypted. Because the main upside of AEAD is
to incorporate the authentication into the encryption, you need to replicate the
authentication of the original TLS 1.0 MAC.
The
associated data
, if present, is MAC'ed before the rest of the data stream,
but in the case of CCM, after the header block. In order to process associated
data during AES-CCM or AES-GCM, make the changes shown in Listing 9-20
to the encrypt and decrypt routines.
Listing 9-20:
“aes.h” AES-CCM and AES-GCM with associated data support
int aes_ccm_encrypt( const unsigned char *input,
const int input_len,
const unsigned char *addldata,
const int addldata_len,
unsigned char output[],
void *iv,
const unsigned char *key )
{
return aes_ccm_process( input, input_len,
addldata, addldata_len,
output, iv, key, 0 );
}
int aes_ccm_decrypt( const unsigned char *input,
const int input_len,
const unsigned char *addldata,
const int addldata_len,
unsigned char output[],
void *iv,
const unsigned char *key )
{
return aes_ccm_process( input, input_len,
addldata, addldata_len,
output, iv, key, 1 );
}
int aes_gcm_encrypt( const unsigned char *plaintext,
const int input_len,
Search WWH ::
Custom Search