stackoom
  简体   繁体   中英

Ruby OpenSSL AES-128-CCM Fails With auth_data

 原文  2020-03-27 23:11:56       ruby/ encryption/ openssl/ cryptography/ aes

Question

I'm working on implementing a protocol and per the specification I need to encrypt / decrypt data using AES-128-CCM and AES-128-GCM. My question is: how do you use CCM mode while specifying the Cipher#auth_data ? All the examples I find online are using GCM mode which seems to be working, while CCM does not. The exception I encounter is a very generic OpenSSL::Cipher::CipherError with no additional details.

The example code I have below works when algo is either option (AES-128-CCM or AES-128-GCM), and no auth_data is nil , or when algo is AES-128-GCM and the auth_data is non- nil .

I'm using Ruby v2.5.5 and OpenSSL v2.1.2.

algo = 'AES-128-CCM'  # AES-128-GCM works
auth_data = OpenSSL::Random.random_bytes(32) # nil works

cipher = OpenSSL::Cipher.new(algo).encrypt
if algo == 'AES-128-CCM'
  cipher.auth_tag_len = 16
  cipher.iv_len = 11
elsif algo == 'AES-128-GCM'
  cipher.iv_len = 12
end

key = cipher.random_key
iv = cipher.random_iv
# has to be done in this order for unknown reasons
if algo == 'AES-128-CCM'
  encrypted = cipher.update('Hello World') + cipher.final
  cipher.auth_data = auth_data unless auth_data.nil?
elsif algo == 'AES-128-GCM'
  cipher.auth_data = auth_data unless auth_data.nil?
  encrypted = cipher.update('Hello World') + cipher.final
end

auth_tag = cipher.auth_tag

cipher = OpenSSL::Cipher.new(algo).decrypt
if algo == 'AES-128-CCM'
  cipher.auth_tag_len = 16
  cipher.iv_len = 11
elsif algo == 'AES-128-GCM'
  cipher.iv_len = 12
end
cipher.key = key
cipher.iv = iv
cipher.auth_tag = auth_tag

cipher.update(encrypted)  # crashes when auth_data != nil and algo == AES-128-CCM

1 answers

solution1
 1  2020-03-28 00:37:38

You've switched the order of the authentication data and plaintext around in your call for CCM.

encrypted = cipher.update('Hello World') + cipher.final
cipher.auth_data = auth_data unless auth_data.nil?

In general, the additional authenticated data needs to be processed before the plaintext data. There are some tricks around that for GCM (which may be implemented or not) but not for CCM. EAX mode does allow any order of the arguments as it was explicitly made to be a more flexible implementation of an authenticating cipher.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SJCL AES-128-CCM decryption in Ruby Ruby OpenSSL AES-128-CTR Ruby OPENSSL AES128 CBC decrypting with random iv not working Why are the first 16 bytes wrong with Ruby openssl aes 128 cbc? `auth_data=': couldn't set additional authenticated data A Very Strange phenomenon when decrypt aes-128-gcm tls package using OpenSSL in ruby AES equivalent in Ruby openssl? AES 128 CTR Mode in Ruby openssl aes encryption bash command != ruby openssl aes encryption Rijndael AES-128 encryption decryption in Ruby
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM