sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-25 07:31:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Add concept of authentication tag to cipher algorithms

Browse Source 
Some ciphers (such as GCM) support the concept of a tag that can be
used to authenticate the encrypted data.  Add a cipher method for
generating an authentication tag.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2022-10-24 19:20:41 +01:00
parent 0c383bf00a
commit da81214cec
9 changed files with 64 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/tests/cipher_test.c
View File

@@ -57,6 +57,7 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
size_t len = test->len;
uint8_t ctx[cipher->ctxsize];
uint8_t ciphertext[len];
uint8_t auth[cipher->authsize];
/* Initialise cipher */
okx ( cipher_setkey ( cipher, ctx, test->key, test->key_len ) == 0,
@@ -65,6 +66,7 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
/* Process additional data, if applicable */
if ( test->additional_len ) {
okx ( is_auth_cipher ( cipher ), file, line );
cipher_encrypt ( cipher, ctx, test->additional, NULL,
test->additional_len );
}
@@ -74,6 +76,11 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
/* Compare against expected ciphertext */
okx ( memcmp ( ciphertext, test->ciphertext, len ) == 0, file, line );
/* Check authentication tag */
okx ( cipher->authsize == test->auth_len, file, line );
cipher_auth ( cipher, ctx, auth );
okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
}
/**
@@ -89,6 +96,7 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file,
size_t len = test->len;
uint8_t ctx[cipher->ctxsize];
uint8_t plaintext[len];
uint8_t auth[cipher->authsize];
/* Initialise cipher */
okx ( cipher_setkey ( cipher, ctx, test->key, test->key_len ) == 0,
@@ -97,6 +105,7 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file,
/* Process additional data, if applicable */
if ( test->additional_len ) {
okx ( is_auth_cipher ( cipher ), file, line );
cipher_decrypt ( cipher, ctx, test->additional, NULL,
test->additional_len );
}
@@ -106,6 +115,11 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file,
/* Compare against expected plaintext */
okx ( memcmp ( plaintext, test->plaintext, len ) == 0, file, line );
/* Check authentication tag */
okx ( cipher->authsize == test->auth_len, file, line );
cipher_auth ( cipher, ctx, auth );
okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
}
/**