On Sunday, September 29, 2013 11:43:03 PM UTC-4, Jeffrey Walton wrote: > > > > On Tuesday, September 24, 2013 6:02:42 PM UTC-4, Steven wrote: >> >> I'm stuck on the last chunk of data. I've tried what seems like every >> possible method to insure the mac is seen, The following code runs >> without >> error but will decrypt with MAC Invalid error. Any help will be >> appreciated. >> > CCM is an offline mode, meaning you have to have all the data before > encryption and decryption. You cannot stream the data on this mode. That's > because of the way the CCM header is formed. > > Try a different authenticated encryption mode, like EAX or GCM. They are > online modes that allow streaming. > How did you make out?
>From my notes at http://www.cryptopp.com/wiki/CCM_Mode: You either have to perform the following (in strict order) when using MAC_AT_BEGIN: // The order of the following calls are important // when using the MAC_AT_BEGIN flag df.ChannelPut( DEFAULT_CHANNEL, tag.data(), tag.size() ); df.ChannelPut( AAD_CHANNEL, data.data(), data.size() ); df.ChannelPut( DEFAULT_CHANNEL, enc.data(), enc.size() ); Or the following (in strict order) when using MAC_AT_END: df.ChannelPut( AAD_CHANNEL, data.data(), data.size() ); df.ChannelPut( DEFAULT_CHANNEL, enc.data(), enc.size() ); df.ChannelPut( DEFAULT_CHANNEL, tag.data(), tag.size() ); You can't do the first/last put like you are doing because its interleaving calls to the AAD_CHANNEL and DEFAULT_CHANNEL. If you insist on using CCM, you'll need to buffer the encrypted data until all the data for the aad channel has been put. (Or, switch to EAX or GCM mode if possible). Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
