blob: 478293ca6ed7eb0fd97458cf09737fe0d0559f5a [file] [log] [blame]
Manuel Pégourié-Gonnard63e7eba2015-07-28 14:17:48 +02001/*
2 * Hello world example of using the authenticated encryption with mbed TLS
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 *
6 * This file is part of mbed TLS (https://tls.mbed.org)
7 */
8
9#include "mbedtls/cipher.h"
10#include "mbedtls/entropy.h"
11#include "mbedtls/ctr_drbg.h"
12
13#include <stdio.h>
14#include <string.h>
15
16static void print_hex(const char *title, const unsigned char buf[], size_t len)
17{
18 printf("%s: ", title);
19
20 for (size_t i = 0; i < len; i++)
21 printf("%02x", buf[i]);
22
23 printf("\r\n");
24}
25
26/*
27 * The pre-shared key. Should be generated randomly and be unique to the
28 * device/channel/etc. Just used a fixed on here for simplicity.
29 */
30static const unsigned char secret_key[16] = {
31 0xf4, 0x82, 0xc6, 0x70, 0x3c, 0xc7, 0x61, 0x0a,
32 0xb9, 0xa0, 0xb8, 0xe9, 0x87, 0xb8, 0xc1, 0x72,
33};
34
35static int example(void)
36{
37 /* message that should be protected */
38 const char message[] = "Some things are better left unread";
39 /* metadata transmitted in the clear but authenticated */
40 const char metadata[] = "eg sequence number, routing info";
41 /* ciphertext buffer large enough to hold message + nonce + tag */
42 unsigned char ciphertext[128] = { 0 };
43 int ret;
44
45 printf("\r\n\r\n");
46 print_hex("plaintext message", (unsigned char *) message, sizeof message);
47
48 /*
49 * Setup random number generator
50 * (Note: later this might be done automatically.)
51 */
52 mbedtls_entropy_context entropy; /* entropy pool for seeding PRNG */
53 mbedtls_ctr_drbg_context drbg; /* pseudo-random generator */
54
55 mbedtls_entropy_init(&entropy);
56 mbedtls_ctr_drbg_init(&drbg);
57
58 /* Seed the PRNG using the entropy pool, and throw in our secret key as an
59 * additional source of randomness. */
60 ret = mbedtls_ctr_drbg_seed(&drbg, mbedtls_entropy_func, &entropy,
61 secret_key, sizeof (secret_key));
62 if (ret != 0) {
63 printf("mbedtls_ctr_drbg_init() returned -0x%04X\r\n", -ret);
64 return 1;
65 }
66
67 /*
68 * Setup AES-CCM contex
69 */
70 mbedtls_cipher_context_t ctx;
71
72 mbedtls_cipher_init(&ctx);
73
74 ret = mbedtls_cipher_setup(&ctx, mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CCM));
75 if (ret != 0) {
76 printf("mbedtls_cipher_setup() returned -0x%04X\r\n", -ret);
77 return 1;
78 }
79
80 ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_ENCRYPT);
81 if (ret != 0) {
82 printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret);
83 return 1;
84 }
85
86 /*
87 * Encrypt-authenticate the message and authenticate additional data
88 *
89 * First generate a random 8-byte nonce.
90 * Put it directly in the output buffer as the recipient will need it.
91 *
92 * Warning: you must never re-use the same (key, nonce) pair. One of the
93 * best ways to ensure this to use a counter for the nonce. However this
94 * means you should save the counter accross rebots, if the key is a
95 * long-term one. The alternative we choose here is to generate the nonce
96 * randomly. However it only works if you have a good source of
97 * randomness.
98 */
99 const size_t nonce_len = 8;
100 mbedtls_ctr_drbg_random(&drbg, ciphertext, nonce_len);
101
102 size_t ciphertext_len = 0;
103 /* Go for a conservative 16-byte (128-bit) tag
104 * and append it to the ciphertext */
105 const size_t tag_len = 16;
106 ret = mbedtls_cipher_auth_encrypt(&ctx, ciphertext, nonce_len,
107 (const unsigned char *) metadata, sizeof metadata,
108 (const unsigned char *) message, sizeof message,
109 ciphertext + nonce_len, &ciphertext_len,
110 ciphertext + nonce_len + sizeof message, tag_len );
111 if (ret != 0) {
112 printf("mbedtls_cipher_auth_encrypt() returned -0x%04X\r\n", -ret);
113 return 1;
114 }
115 ciphertext_len += nonce_len + tag_len;
116
117 /*
118 * The following information should now be transmitted:
119 * - first ciphertext_len bytes of ciphertext buffer
120 * - metadata if not already transmitted elsewhere
121 */
122 print_hex("ciphertext", ciphertext, ciphertext_len);
123
124 /*
125 * Decrypt-authenticate
126 */
127 unsigned char decrypted[128] = { 0 };
128 size_t decrypted_len = 0;
129
130 ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_DECRYPT);
131 if (ret != 0) {
132 printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret);
133 return 1;
134 }
135
136 ret = mbedtls_cipher_auth_decrypt(&ctx,
137 ciphertext, nonce_len,
138 (const unsigned char *) metadata, sizeof metadata,
139 ciphertext + nonce_len, ciphertext_len - nonce_len - tag_len,
140 decrypted, &decrypted_len,
141 ciphertext + ciphertext_len - tag_len, tag_len );
142 /* Checking the return code is CRITICAL for security here */
143 if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
144 printf("Something bad is happening! Data is not authentic!\r\n");
145 return 1;
146 }
147 if (ret != 0) {
148 printf("mbedtls_cipher_authdecrypt() returned -0x%04X\r\n", -ret);
149 return 1;
150 }
151
152 print_hex("decrypted", decrypted, decrypted_len);
153
154 printf("\r\nDONE\r\n");
155
156 return 0;
157}
158
159#if defined(TARGET_LIKE_MBED)
160
161#include "mbed/test_env.h"
162
163int main() {
Manuel Pégourié-Gonnardbd5bbec2015-08-06 18:10:17 +0200164 /* Use 115200 bps for consistency with other examples */
165 Serial pc(USBTX, USBRX);
166 pc.baud(115200);
167
Manuel Pégourié-Gonnard63e7eba2015-07-28 14:17:48 +0200168 MBED_HOSTTEST_TIMEOUT(10);
169 MBED_HOSTTEST_SELECT(default);
170 MBED_HOSTTEST_DESCRIPTION(mbed TLS example authcrypt);
171 MBED_HOSTTEST_START("MBEDTLS_EX_AUTHCRYPT");
172 MBED_HOSTTEST_RESULT(example() == 0);
173}
174
175#else
176
177int main() {
178 return example();
179}
180
181#endif