Cryptography Reference
In-Depth Information
input_block[ 0 ] |= addldata_len ? 0x40 : 0x00;
…
xor( input_block, mac_block, AES_BLOCK_SIZE );
aes_block_encrypt( input_block, mac_block, key, 16 );
if ( addldata_len )
{
int addldata_len_declare;
int addldata_block_len;
// First two bytes of addl data are the length in network order
addldata_len_declare = ntohs( addldata_len );
memset( input_block, '\0', AES_BLOCK_SIZE );
memcpy( input_block, ( void * ) &addldata_len_declare,
sizeof( unsigned short ) );
addldata_block_len = AES_BLOCK_SIZE - sizeof( unsigned short );
do
{
block_size = ( addldata_len < addldata_block_len ) ?
addldata_len : addldata_block_len;
memcpy( input_block + ( AES_BLOCK_SIZE - addldata_block_len ),
addldata, block_size );
xor( input_block, mac_block, AES_BLOCK_SIZE );
aes_block_encrypt( input_block, mac_block, key, 16 );
addldata_len -= block_size;
addldata += block_size;
addldata_block_len = AES_BLOCK_SIZE;
memset( input_block, '\0', addldata_block_len );
}
while ( addldata_len );
}
// Prepare the first nonce
memset( nonce, '\0', AES_BLOCK_SIZE );
Remember that, in CCM, there was a header that was MAC'ed before the
data, and that the fi rst byte of this header was a byte of fl ags. One of these fl ags
indicates whether to expect associated data. The fi rst change in Listing 9-21 sets
the
adata
fl ag in the header that indicates that there is associated data in the fi rst
place; the remainder of the changes are contained in the
if
block. This
if
block
just cycles through the additional data supplied (if any) and computes it into the
MAC; the only thing that makes this a bit complex is that the fi rst two bytes of
the fi rst block must be the length of the additional data, in network byte order.
To see this in action, go ahead and modify the AES test main routine to call
aes_ccm_encrypt
instead of
aes_128_encrypt
when the key size is 16 bytes,
Search WWH ::
Custom Search