Topic: wc_AesGcmEncrypt / wc_AesGcmDecrypt questions

Hi,

I want to implement AES-GCM and have the following questions:

1. looking at the implementation of

wc_AesGcmDecrypt

in wolfcrypt/src/aes.c the code calls

AesGcmDecrypt_fips

. However, if I grep for

AesGcmDecrypt_fips

in the wolfSSL folder, I get no other result beside the

wc_AesGcmDecrypt

implementation. Where is

AesGcmDecrypt_fips

implemented?

2. In the code below,

wc_AesGcmDecrypt

returns -180. What does this mean?

#include <wolfssl/wolfcrypt/aes.h>
#include "stdio.h"
#include "string.h"
#include "stdlib.h"
#include "inttypes.h"

void printhex(unsigned char myarray[], unsigned int size);

//__aead(byte plaintext[], byte iv[], byte addAuthData[])
unsigned long main()
{

      int  result;
    Aes enc;

    printf("Entering aead() function...\n");

    // additional plaintext that is to be authenticated
    // with the plaintext being encrypted
    const byte addAuthData[] =
    {
        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
        0xab, 0xad, 0xda, 0xd2
    };

    const byte key[] =
    {
        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
        0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
    };

    const byte iv[] =
    {
        0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
        0xde, 0xca, 0xf8, 0x88
    };

    const byte plaintext[] =
    {
        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
        0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
    };

    byte plaintextresult[sizeof(plaintext)];
    byte authTag[32];
    byte ciphertext[32];

    //    set key for AES-GCM
    //    wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len);
    wc_AesGcmSetKey(&enc, key, sizeof(key));

    printf("\nSetting key for aead() operation:\n");
    printhex(key, sizeof(key));
    //    perform encryption
    /*
    wc_AesGcmEncrypt(Aes* aes, byte* out,
                     const byte* in, word32 sz,
                     const byte* iv, word32 ivSz,
                     byte* authTag, word32 authTagSz,
                     const byte* authIn, word32 authInSz);
    */
    wc_AesGcmEncrypt(&enc, ciphertext,
                    plaintext, sizeof(plaintext),
                    iv, sizeof(iv), 
                    authTag, sizeof(authTag),
                    addAuthData, sizeof(addAuthData));
    printf("\nEncrypting plaintext:\n");
    printhex(plaintext, sizeof(plaintext));
    printf("\nCipher:\n");
    printhex(ciphertext, sizeof(ciphertext));

    //    perform decryption
    /*
    wc_AesGcmDecrypt(Aes* aes, byte* out,
                    const byte* in, word32 sz,
                    const byte* iv, word32 ivSz,
                    const byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz);
    */
    result = wc_AesGcmDecrypt(&enc, plaintextresult,
                    ciphertext, sizeof(ciphertext),
                    iv, sizeof(iv),
                    authTag, sizeof(authTag),
                    addAuthData, sizeof(addAuthData));

    printf("\nDecrypting ciphertext (result: %d)\n", result);
    printhex(plaintextresult, sizeof(plaintextresult));
    //printf();


      return (0);
}

Share

Re: wc_AesGcmEncrypt / wc_AesGcmDecrypt questions

1. It is calling AesGcmDecrypt_fips only when FIPS mode is enabled. We do not provide the implementation of any of the _fips() functions in the open source download.

2. You are encrypting 24 bytes of plaintext and storing the 24 bytes of cipher text into a 32 byte array and then are decrypting the 32 byte array. The first thing the decrypt function does is calculate and checks the authTag, which is failing with error -180.

3 (edited by rskkya 2016-03-02 06:15:36)

Re: wc_AesGcmEncrypt / wc_AesGcmDecrypt questions

Hi, i was able to find an example under wolfcrypt/test/test.c so it's ok! if it can help you to understand the mechanism an.schall.
There are more explanations here:
http://www.yassl.com/forums/topic616-so … ation.html
If i have well understood, plaintext size must be equal to cipher text size...

Share