Hi All/Wei,
Just noticed something. When I tamper with the encrypted data, no
exception is thrown and corrupt data is placed in the StringSink.
Plain text: Authenticated Encryption
Recovered text: Authenticated Encryptiog
I would expect that AuthenticatedSymmetricCipher would suppress
throwing on MessageEnd() so that the result can be retrieved through a
DecodingResult (or similar). But I don't think the above is desired
behavior.
Perhaps I am using this wrong by incorrectly assuming the primary
channel offers encryption and authentication? Judging from the size of
cipher text, it appears I am getting only ECB encryption - no cipher
text expansion due to the formatting function.
Jeff
CCM< AES, 96 >::Encryption e;
e.SetKeyWithIV( key, sizeof(key), iv );
string plain="Authenticated Encryption", cipher, recovered;
StreamTransformationFilter ef( e, new StringSink( cipher ) );
ef.Put( (const byte*)plain.c_str(), plain.length() );
ef.MessageEnd();
/*********************************\
\*********************************/
if( cipher.length() > 1 )
{
// Attack last byte
cipher[ cipher.length()-1 ] |= 0x0F;
}
/*********************************\
\*********************************/
CCM< AES >::Decryption d;
d.SetKeyWithIV( key, sizeof(key), iv );
StreamTransformationFilter df( d, new StringSink( recovered ) );
df.Put( (const byte*)cipher.c_str(), cipher.length() );
df.MessageEnd();
On 3/2/09, Jeffrey Walton <[email protected]> wrote:
> Hi All/Wei,
>
> Just my 2 cents on CCM mode. Take it for what its worth.
>
> I find it a bit awkward to move away from past usage. For example, in
> the past the mode would be specified a CCM_Mode. It may add to future
> confusion. But I personally like it without "_Mode".
>
> CCM< AES, 96 >::Encryption e;
> e.SetKeyWithIV( key, sizeof(key), iv );
>
> Using a bit count (rather than a byte count) for Tag lengths may lead
> to future confusion. SP800-38C specifies 4, 6, 8, 10, 12, 14, and 16.
> I would expect others to plug in the byte size, rather than the bit
> size. Requesting the wrong tag [bit] size will result in a message
> similar to below, which might add to the confusion.
>
> // Tags size must be 4, 6, 8, 10, 12, 14, or 16
> CCM< AES, 4 >::Encryption tt;
> tt.SetKeyWithIV( key, sizeof(key), iv );
>
> catch "AES/CCM: DigestSize must be 4, 6, 8, 10, 12, 14, or 16"
>
> Visual Studio is not letting me step into the Increment() function, so
> I can't be sure what is exactly going on (but I think I have an idea).
> CCM returns a hard coded value of 8 for IVSize(), which means Q must
> be 7. So CCM can handle a message of 2**56. It would be nice to have a
> compile time constant for the IV. Currently I'm declaring using AES's
> blocksize (of which CCM will consume 8), but it may give others the
> wrong impression. Again, the compile time constant would remove
> ambiguity.
>
> Finally, I thanks for the mode. I don't believe I've ever had a real
> need for authenticating adata (AAD), but there is always a need for
> Authenticated Encryption.
>
> CCM< AES, 96 >::Encryption e;
> e.SetKeyWithIV( key, sizeof(key), iv );
>
> StreamTransformationFilter ef( e, new StringSink( cipher ) );
> ef.Put( (const byte*)plain.c_str(), plain.length() );
> ef.MessageEnd();
>
> Jeff
>
> A compiler/Linker is not done until it can compile Crypto++...
>
> 1>Compiling...
> 1>Driver.cpp
> 1>Linking...
> 1>Driver.obj : fatal error LNK1000: Internal error during IncrCalcPtrs
> 1> Version 9.00.30729.01
> 1> ExceptionCode = C0000005
> 1> ExceptionFlags = 00000000
> 1> ExceptionAddress = 0045B8C0 (00400000) "C:\Program
> Files\Microsoft Visual Studio 9.0\VC\bin\link.exe"
> ....
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
