| OLD | NEW |
|---|
| (Empty) | |
| 1 /* |
| 2 * aes_gcm_ossl.c |
| 3 * |
| 4 * AES Galois Counter Mode |
| 5 * |
| 6 * John A. Foley |
| 7 * Cisco Systems, Inc. |
| 8 * |
| 9 */ |
| 10 |
| 11 /* |
| 12 * |
| 13 * Copyright (c) 2013, Cisco Systems, Inc. |
| 14 * All rights reserved. |
| 15 * |
| 16 * Redistribution and use in source and binary forms, with or without |
| 17 * modification, are permitted provided that the following conditions |
| 18 * are met: |
| 19 * |
| 20 * Redistributions of source code must retain the above copyright |
| 21 * notice, this list of conditions and the following disclaimer. |
| 22 * |
| 23 * Redistributions in binary form must reproduce the above |
| 24 * copyright notice, this list of conditions and the following |
| 25 * disclaimer in the documentation and/or other materials provided |
| 26 * with the distribution. |
| 27 * |
| 28 * Neither the name of the Cisco Systems, Inc. nor the names of its |
| 29 * contributors may be used to endorse or promote products derived |
| 30 * from this software without specific prior written permission. |
| 31 * |
| 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 34 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 35 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 36 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| 37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 43 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 44 * |
| 45 */ |
| 46 |
| 47 #ifdef HAVE_CONFIG_H |
| 48 #include <config.h> |
| 49 #endif |
| 50 |
| 51 #include <openssl/evp.h> |
| 52 #include "aes_icm_ossl.h" |
| 53 #include "aes_gcm_ossl.h" |
| 54 #include "alloc.h" |
| 55 #include "err.h" /* for srtp_debug */ |
| 56 #include "crypto_types.h" |
| 57 |
| 58 |
| 59 srtp_debug_module_t srtp_mod_aes_gcm = { |
| 60 0, /* debugging is off by default */ |
| 61 "aes gcm" /* printable module name */ |
| 62 }; |
| 63 |
| 64 /* |
| 65 * The following are the global singleton instances for the |
| 66 * 128-bit and 256-bit GCM ciphers. |
| 67 */ |
| 68 extern const srtp_cipher_type_t srtp_aes_gcm_128_openssl; |
| 69 extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl; |
| 70 |
| 71 /* |
| 72 * For now we only support 8 and 16 octet tags. The spec allows for |
| 73 * optional 12 byte tag, which may be supported in the future. |
| 74 */ |
| 75 #define GCM_AUTH_TAG_LEN 16 |
| 76 #define GCM_AUTH_TAG_LEN_8 8 |
| 77 |
| 78 |
| 79 /* |
| 80 * This function allocates a new instance of this crypto engine. |
| 81 * The key_len parameter should be one of 28 or 44 for |
| 82 * AES-128-GCM or AES-256-GCM respectively. Note that the |
| 83 * key length includes the 14 byte salt value that is used when |
| 84 * initializing the KDF. |
| 85 */ |
| 86 static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_
len, int tlen) |
| 87 { |
| 88 srtp_aes_gcm_ctx_t *gcm; |
| 89 |
| 90 debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", key_le
n); |
| 91 debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen); |
| 92 |
| 93 /* |
| 94 * Verify the key_len is valid for one of: AES-128/256 |
| 95 */ |
| 96 if (key_len != SRTP_AES_128_GCM_KEYSIZE_WSALT && |
| 97 key_len != SRTP_AES_256_GCM_KEYSIZE_WSALT) { |
| 98 return (srtp_err_status_bad_param); |
| 99 } |
| 100 |
| 101 if (tlen != GCM_AUTH_TAG_LEN && |
| 102 tlen != GCM_AUTH_TAG_LEN_8) { |
| 103 return (srtp_err_status_bad_param); |
| 104 } |
| 105 |
| 106 /* allocate memory a cipher of type aes_gcm */ |
| 107 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); |
| 108 if (*c == NULL) { |
| 109 return (srtp_err_status_alloc_fail); |
| 110 } |
| 111 memset(*c, 0x0, sizeof(srtp_cipher_t)); |
| 112 |
| 113 gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t)); |
| 114 if (gcm == NULL) { |
| 115 srtp_crypto_free(*c); |
| 116 *c = NULL; |
| 117 return (srtp_err_status_alloc_fail); |
| 118 } |
| 119 memset(gcm, 0x0, sizeof(srtp_aes_gcm_ctx_t)); |
| 120 |
| 121 gcm->ctx = EVP_CIPHER_CTX_new(); |
| 122 if (gcm->ctx == NULL) { |
| 123 srtp_crypto_free(gcm); |
| 124 srtp_crypto_free(*c); |
| 125 *c = NULL; |
| 126 return srtp_err_status_alloc_fail; |
| 127 } |
| 128 |
| 129 /* set pointers */ |
| 130 (*c)->state = gcm; |
| 131 |
| 132 /* setup cipher attributes */ |
| 133 switch (key_len) { |
| 134 case SRTP_AES_128_GCM_KEYSIZE_WSALT: |
| 135 (*c)->type = &srtp_aes_gcm_128_openssl; |
| 136 (*c)->algorithm = SRTP_AES_128_GCM; |
| 137 gcm->key_size = SRTP_AES_128_KEYSIZE; |
| 138 gcm->tag_len = tlen; |
| 139 break; |
| 140 case SRTP_AES_256_GCM_KEYSIZE_WSALT: |
| 141 (*c)->type = &srtp_aes_gcm_256_openssl; |
| 142 (*c)->algorithm = SRTP_AES_256_GCM; |
| 143 gcm->key_size = SRTP_AES_256_KEYSIZE; |
| 144 gcm->tag_len = tlen; |
| 145 break; |
| 146 } |
| 147 |
| 148 /* set key size */ |
| 149 (*c)->key_len = key_len; |
| 150 |
| 151 return (srtp_err_status_ok); |
| 152 } |
| 153 |
| 154 |
| 155 /* |
| 156 * This function deallocates a GCM session |
| 157 */ |
| 158 static srtp_err_status_t srtp_aes_gcm_openssl_dealloc (srtp_cipher_t *c) |
| 159 { |
| 160 srtp_aes_gcm_ctx_t *ctx; |
| 161 |
| 162 ctx = (srtp_aes_gcm_ctx_t*)c->state; |
| 163 if (ctx) { |
| 164 EVP_CIPHER_CTX_free(ctx->ctx); |
| 165 /* zeroize the key material */ |
| 166 octet_string_set_to_zero((uint8_t*)ctx, sizeof(srtp_aes_gcm_ctx_t)); |
| 167 srtp_crypto_free(ctx); |
| 168 } |
| 169 |
| 170 /* free memory */ |
| 171 srtp_crypto_free(c); |
| 172 |
| 173 return (srtp_err_status_ok); |
| 174 } |
| 175 |
| 176 /* |
| 177 * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context |
| 178 * using the value in key[]. |
| 179 * |
| 180 * the key is the secret key |
| 181 */ |
| 182 static srtp_err_status_t srtp_aes_gcm_openssl_context_init (void* cv, const uint
8_t *key) |
| 183 { |
| 184 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; |
| 185 const EVP_CIPHER *evp; |
| 186 |
| 187 c->dir = srtp_direction_any; |
| 188 |
| 189 debug_print(srtp_mod_aes_gcm, "key: %s", srtp_octet_string_hex_string(key,
c->key_size)); |
| 190 |
| 191 switch (c->key_size) { |
| 192 case SRTP_AES_256_KEYSIZE: |
| 193 evp = EVP_aes_256_gcm(); |
| 194 break; |
| 195 case SRTP_AES_128_KEYSIZE: |
| 196 evp = EVP_aes_128_gcm(); |
| 197 break; |
| 198 default: |
| 199 return (srtp_err_status_bad_param); |
| 200 break; |
| 201 } |
| 202 |
| 203 if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) { |
| 204 return (srtp_err_status_init_fail); |
| 205 } |
| 206 |
| 207 return (srtp_err_status_ok); |
| 208 } |
| 209 |
| 210 |
| 211 /* |
| 212 * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with |
| 213 * the offset |
| 214 */ |
| 215 static srtp_err_status_t srtp_aes_gcm_openssl_set_iv (void *cv, uint8_t *iv, srt
p_cipher_direction_t direction) |
| 216 { |
| 217 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; |
| 218 |
| 219 if (direction != srtp_direction_encrypt && direction != srtp_direction_decry
pt) { |
| 220 return (srtp_err_status_bad_param); |
| 221 } |
| 222 c->dir = direction; |
| 223 |
| 224 debug_print(srtp_mod_aes_gcm, "setting iv: %s", v128_hex_string((v128_t*)iv)
); |
| 225 |
| 226 if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, |
| 227 NULL, (c->dir == srtp_direction_encrypt ? 1 : 0))) { |
| 228 return (srtp_err_status_init_fail); |
| 229 } |
| 230 |
| 231 /* set IV len and the IV value, the followiong 3 calls are required */ |
| 232 if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { |
| 233 return (srtp_err_status_init_fail); |
| 234 } |
| 235 if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv))
{ |
| 236 return (srtp_err_status_init_fail); |
| 237 } |
| 238 if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, (void*)iv)) { |
| 239 return (srtp_err_status_init_fail); |
| 240 } |
| 241 |
| 242 return (srtp_err_status_ok); |
| 243 } |
| 244 |
| 245 /* |
| 246 * This function processes the AAD |
| 247 * |
| 248 * Parameters: |
| 249 * c Crypto context |
| 250 * aad Additional data to process for AEAD cipher suites |
| 251 * aad_len length of aad buffer |
| 252 */ |
| 253 static srtp_err_status_t srtp_aes_gcm_openssl_set_aad (void *cv, const uint8_t *
aad, uint32_t aad_len) |
| 254 { |
| 255 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; |
| 256 int rv; |
| 257 |
| 258 /* |
| 259 * Set dummy tag, OpenSSL requires the Tag to be set before |
| 260 * processing AAD |
| 261 */ |
| 262 |
| 263 /* |
| 264 * OpenSSL never write to address pointed by the last parameter of |
| 265 * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality, |
| 266 * OpenSSL copy its content to the context), so we can make |
| 267 * aad read-only in this function and all its wrappers. |
| 268 */ |
| 269 unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; |
| 270 memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN); |
| 271 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag); |
| 272 |
| 273 rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); |
| 274 if (rv != aad_len) { |
| 275 return (srtp_err_status_algo_fail); |
| 276 } else { |
| 277 return (srtp_err_status_ok); |
| 278 } |
| 279 } |
| 280 |
| 281 /* |
| 282 * This function encrypts a buffer using AES GCM mode |
| 283 * |
| 284 * Parameters: |
| 285 * c Crypto context |
| 286 * buf data to encrypt |
| 287 * enc_len length of encrypt buffer |
| 288 */ |
| 289 static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (void *cv, unsigned char *
buf, unsigned int *enc_len) |
| 290 { |
| 291 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; |
| 292 if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { |
| 293 return (srtp_err_status_bad_param); |
| 294 } |
| 295 |
| 296 /* |
| 297 * Encrypt the data |
| 298 */ |
| 299 EVP_Cipher(c->ctx, buf, buf, *enc_len); |
| 300 |
| 301 return (srtp_err_status_ok); |
| 302 } |
| 303 |
| 304 /* |
| 305 * This function calculates and returns the GCM tag for a given context. |
| 306 * This should be called after encrypting the data. The *len value |
| 307 * is increased by the tag size. The caller must ensure that *buf has |
| 308 * enough room to accept the appended tag. |
| 309 * |
| 310 * Parameters: |
| 311 * c Crypto context |
| 312 * buf data to encrypt |
| 313 * len length of encrypt buffer |
| 314 */ |
| 315 static srtp_err_status_t srtp_aes_gcm_openssl_get_tag (void *cv, uint8_t *buf, u
int32_t *len) |
| 316 { |
| 317 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; |
| 318 /* |
| 319 * Calculate the tag |
| 320 */ |
| 321 EVP_Cipher(c->ctx, NULL, NULL, 0); |
| 322 |
| 323 /* |
| 324 * Retreive the tag |
| 325 */ |
| 326 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); |
| 327 |
| 328 /* |
| 329 * Increase encryption length by desired tag size |
| 330 */ |
| 331 *len = c->tag_len; |
| 332 |
| 333 return (srtp_err_status_ok); |
| 334 } |
| 335 |
| 336 |
| 337 /* |
| 338 * This function decrypts a buffer using AES GCM mode |
| 339 * |
| 340 * Parameters: |
| 341 * c Crypto context |
| 342 * buf data to encrypt |
| 343 * enc_len length of encrypt buffer |
| 344 */ |
| 345 static srtp_err_status_t srtp_aes_gcm_openssl_decrypt (void *cv, unsigned char *
buf, unsigned int *enc_len) |
| 346 { |
| 347 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; |
| 348 if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { |
| 349 return (srtp_err_status_bad_param); |
| 350 } |
| 351 |
| 352 /* |
| 353 * Set the tag before decrypting |
| 354 */ |
| 355 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, |
| 356 buf + (*enc_len - c->tag_len)); |
| 357 EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len); |
| 358 |
| 359 /* |
| 360 * Check the tag |
| 361 */ |
| 362 if (EVP_Cipher(c->ctx, NULL, NULL, 0)) { |
| 363 return (srtp_err_status_auth_fail); |
| 364 } |
| 365 |
| 366 /* |
| 367 * Reduce the buffer size by the tag length since the tag |
| 368 * is not part of the original payload |
| 369 */ |
| 370 *enc_len -= c->tag_len; |
| 371 |
| 372 return (srtp_err_status_ok); |
| 373 } |
| 374 |
| 375 |
| 376 |
| 377 /* |
| 378 * Name of this crypto engine |
| 379 */ |
| 380 static const char srtp_aes_gcm_128_openssl_description[] = "AES-128 GCM using op
enssl"; |
| 381 static const char srtp_aes_gcm_256_openssl_description[] = "AES-256 GCM using op
enssl"; |
| 382 |
| 383 |
| 384 /* |
| 385 * KAT values for AES self-test. These |
| 386 * values we're derived from independent test code |
| 387 * using OpenSSL. |
| 388 */ |
| 389 static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_128_GCM_KEYSIZE_WSALT
] = { |
| 390 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, |
| 391 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, |
| 392 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, |
| 393 0x09, 0x0a, 0x0b, 0x0c, |
| 394 }; |
| 395 |
| 396 static uint8_t srtp_aes_gcm_test_case_0_iv[12] = { |
| 397 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, |
| 398 0xde, 0xca, 0xf8, 0x88 |
| 399 }; |
| 400 |
| 401 static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = { |
| 402 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, |
| 403 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, |
| 404 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, |
| 405 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, |
| 406 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, |
| 407 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, |
| 408 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, |
| 409 0xba, 0x63, 0x7b, 0x39 |
| 410 }; |
| 411 |
| 412 static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = { |
| 413 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, |
| 414 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, |
| 415 0xab, 0xad, 0xda, 0xd2 |
| 416 }; |
| 417 |
| 418 static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = { |
| 419 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, |
| 420 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, |
| 421 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, |
| 422 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, |
| 423 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, |
| 424 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, |
| 425 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, |
| 426 0x3d, 0x58, 0xe0, 0x91, |
| 427 /* the last 16 bytes are the tag */ |
| 428 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, |
| 429 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, |
| 430 }; |
| 431 |
| 432 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = { |
| 433 SRTP_AES_128_GCM_KEYSIZE_WSALT, /* octets in key */ |
| 434 srtp_aes_gcm_test_case_0_key, /* key */ |
| 435 srtp_aes_gcm_test_case_0_iv, /* packet index */ |
| 436 60, /* octets in plaintext */ |
| 437 srtp_aes_gcm_test_case_0_plaintext, /* plaintext */ |
| 438 68, /* octets in ciphertext */ |
| 439 srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ |
| 440 20, /* octets in AAD */ |
| 441 srtp_aes_gcm_test_case_0_aad, /* AAD */ |
| 442 GCM_AUTH_TAG_LEN_8, |
| 443 NULL /* pointer to next testcase */ |
| 444 }; |
| 445 |
| 446 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = { |
| 447 SRTP_AES_128_GCM_KEYSIZE_WSALT, /* octets in key */ |
| 448 srtp_aes_gcm_test_case_0_key, /* key */ |
| 449 srtp_aes_gcm_test_case_0_iv, /* packet index */ |
| 450 60, /* octets in plaintext */ |
| 451 srtp_aes_gcm_test_case_0_plaintext, /* plaintext */ |
| 452 76, /* octets in ciphertext */ |
| 453 srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ |
| 454 20, /* octets in AAD */ |
| 455 srtp_aes_gcm_test_case_0_aad, /* AAD */ |
| 456 GCM_AUTH_TAG_LEN, |
| 457 &srtp_aes_gcm_test_case_0a /* pointer to next testcase */ |
| 458 }; |
| 459 |
| 460 static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_256_GCM_KEYSIZE_WSALT
] = { |
| 461 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, |
| 462 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, |
| 463 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, |
| 464 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, |
| 465 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, |
| 466 0x09, 0x0a, 0x0b, 0x0c, |
| 467 |
| 468 }; |
| 469 |
| 470 static uint8_t srtp_aes_gcm_test_case_1_iv[12] = { |
| 471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, |
| 472 0xde, 0xca, 0xf8, 0x88 |
| 473 }; |
| 474 |
| 475 static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = { |
| 476 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, |
| 477 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, |
| 478 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, |
| 479 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, |
| 480 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, |
| 481 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, |
| 482 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, |
| 483 0xba, 0x63, 0x7b, 0x39 |
| 484 }; |
| 485 |
| 486 static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = { |
| 487 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, |
| 488 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, |
| 489 0xab, 0xad, 0xda, 0xd2 |
| 490 }; |
| 491 |
| 492 static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = { |
| 493 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, |
| 494 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, |
| 495 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, |
| 496 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, |
| 497 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, |
| 498 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, |
| 499 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, |
| 500 0x09, 0xc9, 0x86, 0xc1, |
| 501 /* the last 16 bytes are the tag */ |
| 502 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, |
| 503 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, |
| 504 }; |
| 505 |
| 506 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = { |
| 507 SRTP_AES_256_GCM_KEYSIZE_WSALT, /* octets in key */ |
| 508 srtp_aes_gcm_test_case_1_key, /* key */ |
| 509 srtp_aes_gcm_test_case_1_iv, /* packet index */ |
| 510 60, /* octets in plaintext */ |
| 511 srtp_aes_gcm_test_case_1_plaintext, /* plaintext */ |
| 512 68, /* octets in ciphertext */ |
| 513 srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ |
| 514 20, /* octets in AAD */ |
| 515 srtp_aes_gcm_test_case_1_aad, /* AAD */ |
| 516 GCM_AUTH_TAG_LEN_8, |
| 517 NULL /* pointer to next testcase */ |
| 518 }; |
| 519 |
| 520 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = { |
| 521 SRTP_AES_256_GCM_KEYSIZE_WSALT, /* octets in key */ |
| 522 srtp_aes_gcm_test_case_1_key, /* key */ |
| 523 srtp_aes_gcm_test_case_1_iv, /* packet index */ |
| 524 60, /* octets in plaintext */ |
| 525 srtp_aes_gcm_test_case_1_plaintext, /* plaintext */ |
| 526 76, /* octets in ciphertext */ |
| 527 srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ |
| 528 20, /* octets in AAD */ |
| 529 srtp_aes_gcm_test_case_1_aad, /* AAD */ |
| 530 GCM_AUTH_TAG_LEN, |
| 531 &srtp_aes_gcm_test_case_1a /* pointer to next testcase */ |
| 532 }; |
| 533 |
| 534 /* |
| 535 * This is the vector function table for this crypto engine. |
| 536 */ |
| 537 const srtp_cipher_type_t srtp_aes_gcm_128_openssl = { |
| 538 srtp_aes_gcm_openssl_alloc, |
| 539 srtp_aes_gcm_openssl_dealloc, |
| 540 srtp_aes_gcm_openssl_context_init, |
| 541 srtp_aes_gcm_openssl_set_aad, |
| 542 srtp_aes_gcm_openssl_encrypt, |
| 543 srtp_aes_gcm_openssl_decrypt, |
| 544 srtp_aes_gcm_openssl_set_iv, |
| 545 srtp_aes_gcm_openssl_get_tag, |
| 546 srtp_aes_gcm_128_openssl_description, |
| 547 &srtp_aes_gcm_test_case_0, |
| 548 SRTP_AES_128_GCM |
| 549 }; |
| 550 |
| 551 /* |
| 552 * This is the vector function table for this crypto engine. |
| 553 */ |
| 554 const srtp_cipher_type_t srtp_aes_gcm_256_openssl = { |
| 555 srtp_aes_gcm_openssl_alloc, |
| 556 srtp_aes_gcm_openssl_dealloc, |
| 557 srtp_aes_gcm_openssl_context_init, |
| 558 srtp_aes_gcm_openssl_set_aad, |
| 559 srtp_aes_gcm_openssl_encrypt, |
| 560 srtp_aes_gcm_openssl_decrypt, |
| 561 srtp_aes_gcm_openssl_set_iv, |
| 562 srtp_aes_gcm_openssl_get_tag, |
| 563 srtp_aes_gcm_256_openssl_description, |
| 564 &srtp_aes_gcm_test_case_1, |
| 565 SRTP_AES_256_GCM |
| 566 }; |
| 567 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2344973002:
Update libsrtp to version 2.0 (Closed)
