OLD | NEW |
1 /* | 1 /* |
2 * aes_icm_ossl.c | 2 * aes_icm_ossl.c |
3 * | 3 * |
4 * AES Integer Counter Mode | 4 * AES Integer Counter Mode |
5 * | 5 * |
6 * John A. Foley | 6 * John A. Foley |
7 * Cisco Systems, Inc. | 7 * Cisco Systems, Inc. |
8 * | 8 * |
9 * 2/24/2012: This module was modified to use CiscoSSL for AES counter | 9 * 2/24/2012: This module was modified to use CiscoSSL for AES counter |
10 * mode. Eddy Lem contributed the code to allow this. | 10 * mode. Eddy Lem contributed the code to allow this. |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
48 * | 48 * |
49 */ | 49 */ |
50 | 50 |
51 #ifdef HAVE_CONFIG_H | 51 #ifdef HAVE_CONFIG_H |
52 #include <config.h> | 52 #include <config.h> |
53 #endif | 53 #endif |
54 | 54 |
55 #include <openssl/evp.h> | 55 #include <openssl/evp.h> |
56 #include "aes_icm_ossl.h" | 56 #include "aes_icm_ossl.h" |
57 #include "crypto_types.h" | 57 #include "crypto_types.h" |
| 58 #include "err.h" /* for srtp_debug */ |
58 #include "alloc.h" | 59 #include "alloc.h" |
59 #include "crypto_types.h" | |
60 | 60 |
61 | 61 |
62 debug_module_t mod_aes_icm = { | 62 srtp_debug_module_t srtp_mod_aes_icm = { |
63 0, /* debugging is off by default */ | 63 0, /* debugging is off by default */ |
64 "aes icm ossl" /* printable module name */ | 64 "aes icm ossl" /* printable module name */ |
65 }; | 65 }; |
66 extern cipher_test_case_t aes_icm_test_case_0; | 66 extern const srtp_cipher_type_t srtp_aes_icm; |
67 extern cipher_type_t aes_icm; | 67 extern const srtp_cipher_type_t srtp_aes_icm_192; |
68 #ifndef SRTP_NO_AES192 | 68 extern const srtp_cipher_type_t srtp_aes_icm_256; |
69 extern cipher_type_t aes_icm_192; | |
70 #endif | |
71 extern cipher_type_t aes_icm_256; | |
72 | 69 |
73 /* | 70 /* |
74 * integer counter mode works as follows: | 71 * integer counter mode works as follows: |
75 * | 72 * |
76 * 16 bits | 73 * 16 bits |
77 * <-----> | 74 * <-----> |
78 * +------+------+------+------+------+------+------+------+ | 75 * +------+------+------+------+------+------+------+------+ |
79 * | nonce | packet index | ctr |---+ | 76 * | nonce | packet index | ctr |---+ |
80 * +------+------+------+------+------+------+------+------+ | | 77 * +------+------+------+------+------+------+------+------+ | |
81 * | | 78 * | |
(...skipping 23 matching lines...) Expand all Loading... |
105 */ | 102 */ |
106 | 103 |
107 /* | 104 /* |
108 * This function allocates a new instance of this crypto engine. | 105 * This function allocates a new instance of this crypto engine. |
109 * The key_len parameter should be one of 30, 38, or 46 for | 106 * The key_len parameter should be one of 30, 38, or 46 for |
110 * AES-128, AES-192, and AES-256 respectively. Note, this key_len | 107 * AES-128, AES-192, and AES-256 respectively. Note, this key_len |
111 * value is inflated, as it also accounts for the 112 bit salt | 108 * value is inflated, as it also accounts for the 112 bit salt |
112 * value. The tlen argument is for the AEAD tag length, which | 109 * value. The tlen argument is for the AEAD tag length, which |
113 * isn't used in counter mode. | 110 * isn't used in counter mode. |
114 */ | 111 */ |
115 err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) | 112 static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_
len, int tlen) |
116 { | 113 { |
117 aes_icm_ctx_t *icm; | 114 srtp_aes_icm_ctx_t *icm; |
118 int tmp; | |
119 uint8_t *allptr; | |
120 | 115 |
121 debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len); | 116 debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", key_le
n); |
122 | 117 |
123 /* | 118 /* |
124 * Verify the key_len is valid for one of: AES-128/192/256 | 119 * Verify the key_len is valid for one of: AES-128/192/256 |
125 */ | 120 */ |
126 if (key_len != AES_128_KEYSIZE_WSALT && | 121 if (key_len != SRTP_AES_128_KEYSIZE_WSALT && key_len != SRTP_AES_192_KEYSIZE
_WSALT && |
127 #ifndef SRTP_NO_AES192 | 122 key_len != SRTP_AES_256_KEYSIZE_WSALT) { |
128 key_len != AES_192_KEYSIZE_WSALT && | 123 return srtp_err_status_bad_param; |
129 #endif | |
130 key_len != AES_256_KEYSIZE_WSALT) { | |
131 return err_status_bad_param; | |
132 } | 124 } |
133 | 125 |
134 /* allocate memory a cipher of type aes_icm */ | 126 /* allocate memory a cipher of type aes_icm */ |
135 tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t); | 127 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); |
136 allptr = (uint8_t*)crypto_alloc(tmp); | 128 if (*c == NULL) { |
137 if (allptr == NULL) { | 129 return srtp_err_status_alloc_fail; |
138 return err_status_alloc_fail; | 130 } |
| 131 memset(*c, 0x0, sizeof(srtp_cipher_t)); |
| 132 |
| 133 icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); |
| 134 if (icm == NULL) { |
| 135 » srtp_crypto_free(*c); |
| 136 » *c = NULL; |
| 137 return srtp_err_status_alloc_fail; |
| 138 } |
| 139 memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t)); |
| 140 |
| 141 icm->ctx = EVP_CIPHER_CTX_new(); |
| 142 if (icm->ctx == NULL) { |
| 143 srtp_crypto_free(icm); |
| 144 srtp_crypto_free(*c); |
| 145 *c = NULL; |
| 146 return srtp_err_status_alloc_fail; |
139 } | 147 } |
140 | 148 |
141 /* set pointers */ | 149 /* set pointers */ |
142 *c = (cipher_t*)allptr; | 150 (*c)->state = icm; |
143 (*c)->state = allptr + sizeof(cipher_t); | |
144 icm = (aes_icm_ctx_t*)(*c)->state; | |
145 | 151 |
146 /* increment ref_count */ | 152 /* setup cipher parameters */ |
147 switch (key_len) { | 153 switch (key_len) { |
148 case AES_128_KEYSIZE_WSALT: | 154 case SRTP_AES_128_KEYSIZE_WSALT: |
149 (*c)->algorithm = AES_128_ICM; | 155 (*c)->algorithm = SRTP_AES_128_ICM; |
150 (*c)->type = &aes_icm; | 156 (*c)->type = &srtp_aes_icm; |
151 aes_icm.ref_count++; | 157 icm->key_size = SRTP_AES_128_KEYSIZE; |
152 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; | |
153 break; | 158 break; |
154 #ifndef SRTP_NO_AES192 | 159 case SRTP_AES_192_KEYSIZE_WSALT: |
155 case AES_192_KEYSIZE_WSALT: | 160 (*c)->algorithm = SRTP_AES_192_ICM; |
156 (*c)->algorithm = AES_192_ICM; | 161 (*c)->type = &srtp_aes_icm_192; |
157 (*c)->type = &aes_icm_192; | 162 icm->key_size = SRTP_AES_192_KEYSIZE; |
158 aes_icm_192.ref_count++; | |
159 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE; | |
160 break; | 163 break; |
161 #endif | 164 case SRTP_AES_256_KEYSIZE_WSALT: |
162 case AES_256_KEYSIZE_WSALT: | 165 (*c)->algorithm = SRTP_AES_256_ICM; |
163 (*c)->algorithm = AES_256_ICM; | 166 (*c)->type = &srtp_aes_icm_256; |
164 (*c)->type = &aes_icm_256; | 167 icm->key_size = SRTP_AES_256_KEYSIZE; |
165 aes_icm_256.ref_count++; | |
166 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; | |
167 break; | 168 break; |
168 } | 169 } |
169 | 170 |
170 /* set key size */ | 171 /* set key size */ |
171 (*c)->key_len = key_len; | 172 (*c)->key_len = key_len; |
172 EVP_CIPHER_CTX_init(&icm->ctx); | |
173 | 173 |
174 return err_status_ok; | 174 return srtp_err_status_ok; |
175 } | 175 } |
176 | 176 |
177 | 177 |
178 /* | 178 /* |
179 * This function deallocates an instance of this engine | 179 * This function deallocates an instance of this engine |
180 */ | 180 */ |
181 err_status_t aes_icm_openssl_dealloc (cipher_t *c) | 181 static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c) |
182 { | 182 { |
183 aes_icm_ctx_t *ctx; | 183 srtp_aes_icm_ctx_t *ctx; |
184 | 184 |
185 if (c == NULL) { | 185 if (c == NULL) { |
186 return err_status_bad_param; | 186 return srtp_err_status_bad_param; |
187 } | 187 } |
188 | 188 |
189 /* | 189 /* |
190 * Free the EVP context | 190 * Free the EVP context |
191 */ | 191 */ |
192 ctx = (aes_icm_ctx_t*)c->state; | 192 ctx = (srtp_aes_icm_ctx_t*)c->state; |
193 if (ctx != NULL) { | 193 if (ctx != NULL) { |
194 EVP_CIPHER_CTX_cleanup(&ctx->ctx); | 194 EVP_CIPHER_CTX_free(ctx->ctx); |
195 /* decrement ref_count for the appropriate engine */ | 195 » /* zeroize the key material */ |
196 switch (ctx->key_size) { | 196 » octet_string_set_to_zero((uint8_t*)ctx, sizeof(srtp_aes_icm_ctx_t)); |
197 case AES_256_KEYSIZE: | 197 » srtp_crypto_free(ctx); |
198 aes_icm_256.ref_count--; | |
199 break; | |
200 #ifndef SRTP_NO_AES192 | |
201 case AES_192_KEYSIZE: | |
202 aes_icm_192.ref_count--; | |
203 break; | |
204 #endif | |
205 case AES_128_KEYSIZE: | |
206 aes_icm.ref_count--; | |
207 break; | |
208 default: | |
209 return err_status_dealloc_fail; | |
210 break; | |
211 } | |
212 } | 198 } |
213 | 199 |
214 /* zeroize entire state*/ | 200 /* free memory */ |
215 octet_string_set_to_zero((uint8_t*)c, | 201 srtp_crypto_free(c); |
216 sizeof(cipher_t) + sizeof(aes_icm_ctx_t)); | |
217 | 202 |
218 /* free memory */ | 203 return srtp_err_status_ok; |
219 crypto_free(c); | |
220 | |
221 return err_status_ok; | |
222 } | 204 } |
223 | 205 |
224 /* | 206 /* |
225 * aes_icm_openssl_context_init(...) initializes the aes_icm_context | 207 * aes_icm_openssl_context_init(...) initializes the aes_icm_context |
226 * using the value in key[]. | 208 * using the value in key[]. |
227 * | 209 * |
228 * the key is the secret key | 210 * the key is the secret key |
229 * | 211 * |
230 * the salt is unpredictable (but not necessarily secret) data which | 212 * the salt is unpredictable (but not necessarily secret) data which |
231 * randomizes the starting point in the keystream | 213 * randomizes the starting point in the keystream |
232 */ | 214 */ |
233 err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key,
int len) | 215 static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint
8_t *key) |
234 { | 216 { |
| 217 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; |
| 218 const EVP_CIPHER *evp; |
| 219 |
235 /* | 220 /* |
236 * set counter and initial values to 'offset' value, being careful not to | 221 * set counter and initial values to 'offset' value, being careful not to |
237 * go past the end of the key buffer | 222 * go past the end of the key buffer |
238 */ | 223 */ |
239 | |
240 if (c->key_size + SALT_SIZE != len) | |
241 return err_status_bad_param; | |
242 | |
243 v128_set_to_zero(&c->counter); | 224 v128_set_to_zero(&c->counter); |
244 v128_set_to_zero(&c->offset); | 225 v128_set_to_zero(&c->offset); |
245 memcpy(&c->counter, key + c->key_size, SALT_SIZE); | 226 memcpy(&c->counter, key + c->key_size, SRTP_SALT_SIZE); |
246 memcpy(&c->offset, key + c->key_size, SALT_SIZE); | 227 memcpy(&c->offset, key + c->key_size, SRTP_SALT_SIZE); |
247 | 228 |
248 /* force last two octets of the offset to zero (for srtp compatibility) */ | 229 /* force last two octets of the offset to zero (for srtp compatibility) */ |
249 c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0; | 230 c->offset.v8[SRTP_SALT_SIZE] = c->offset.v8[SRTP_SALT_SIZE + 1] = 0; |
250 c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0; | 231 c->counter.v8[SRTP_SALT_SIZE] = c->counter.v8[SRTP_SALT_SIZE + 1] = 0; |
251 | 232 |
252 /* copy key to be used later when CiscoSSL crypto context is created */ | 233 debug_print(srtp_mod_aes_icm, "key: %s", srtp_octet_string_hex_string(key,
c->key_size)); |
253 v128_copy_octet_string((v128_t*)&c->key, key); | 234 debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); |
254 | 235 |
255 /* if the key is greater than 16 bytes, copy the second | 236 switch (c->key_size) { |
256 * half. Note, we treat AES-192 and AES-256 the same here | 237 case SRTP_AES_256_KEYSIZE: |
257 * for simplicity. The storage location receiving the | 238 evp = EVP_aes_256_ctr(); |
258 * key is statically allocated to handle a full 32 byte key | 239 break; |
259 * regardless of the cipher in use. | 240 case SRTP_AES_192_KEYSIZE: |
260 */ | 241 evp = EVP_aes_192_ctr(); |
261 if (c->key_size == AES_256_KEYSIZE | 242 break; |
262 #ifndef SRTP_NO_AES192 | 243 case SRTP_AES_128_KEYSIZE: |
263 || c->key_size == AES_192_KEYSIZE | 244 evp = EVP_aes_128_ctr(); |
264 #endif | 245 break; |
265 ) { | 246 default: |
266 debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s", | 247 return srtp_err_status_bad_param; |
267 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); | 248 break; |
268 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZ
E); | |
269 } | 249 } |
270 | 250 |
271 debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); | 251 if (!EVP_EncryptInit_ex(c->ctx, evp, |
272 debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); | 252 NULL, key, NULL)) { |
| 253 return srtp_err_status_fail; |
| 254 } else { |
| 255 return srtp_err_status_ok; |
| 256 } |
273 | 257 |
274 EVP_CIPHER_CTX_cleanup(&c->ctx); | 258 return srtp_err_status_ok; |
275 | |
276 return err_status_ok; | |
277 } | 259 } |
278 | 260 |
279 | 261 |
280 /* | 262 /* |
281 * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with | 263 * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with |
282 * the offset | 264 * the offset |
283 */ | 265 */ |
284 err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir) | 266 static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srt
p_cipher_direction_t dir) |
285 { | 267 { |
286 const EVP_CIPHER *evp; | 268 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; |
287 v128_t nonce; | 269 v128_t nonce; |
288 | 270 |
289 /* set nonce (for alignment) */ | 271 /* set nonce (for alignment) */ |
290 v128_copy_octet_string(&nonce, iv); | 272 v128_copy_octet_string(&nonce, iv); |
291 | 273 |
292 debug_print(mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); | 274 debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); |
293 | 275 |
294 v128_xor(&c->counter, &c->offset, &nonce); | 276 v128_xor(&c->counter, &c->offset, &nonce); |
295 | 277 |
296 debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); | 278 debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter
)); |
297 | 279 |
298 switch (c->key_size) { | 280 if (!EVP_EncryptInit_ex(c->ctx, NULL, |
299 case AES_256_KEYSIZE: | 281 NULL, NULL, c->counter.v8)) { |
300 evp = EVP_aes_256_ctr(); | 282 return srtp_err_status_fail; |
301 break; | |
302 #ifndef SRTP_NO_AES192 | |
303 case AES_192_KEYSIZE: | |
304 evp = EVP_aes_192_ctr(); | |
305 break; | |
306 #endif | |
307 case AES_128_KEYSIZE: | |
308 evp = EVP_aes_128_ctr(); | |
309 break; | |
310 default: | |
311 return err_status_bad_param; | |
312 break; | |
313 } | |
314 | |
315 if (!EVP_EncryptInit_ex(&c->ctx, evp, | |
316 NULL, c->key.v8, c->counter.v8)) { | |
317 return err_status_fail; | |
318 } else { | 283 } else { |
319 return err_status_ok; | 284 return srtp_err_status_ok; |
320 } | 285 } |
321 } | 286 } |
322 | 287 |
323 /* | 288 /* |
324 * This function encrypts a buffer using AES CTR mode | 289 * This function encrypts a buffer using AES CTR mode |
325 * | 290 * |
326 * Parameters: | 291 * Parameters: |
327 * c Crypto context | 292 * c Crypto context |
328 * buf data to encrypt | 293 * buf data to encrypt |
329 * enc_len length of encrypt buffer | 294 * enc_len length of encrypt buffer |
330 */ | 295 */ |
331 err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi
gned int *enc_len) | 296 static srtp_err_status_t srtp_aes_icm_openssl_encrypt (void *cv, unsigned char *
buf, unsigned int *enc_len) |
332 { | 297 { |
| 298 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; |
333 int len = 0; | 299 int len = 0; |
334 | 300 |
335 debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); | 301 debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); |
336 | 302 |
337 if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) { | 303 if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) { |
338 return err_status_cipher_fail; | 304 return srtp_err_status_cipher_fail; |
339 } | 305 } |
340 *enc_len = len; | 306 *enc_len = len; |
341 | 307 |
342 if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) { | 308 if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) { |
343 return err_status_cipher_fail; | 309 return srtp_err_status_cipher_fail; |
344 } | 310 } |
345 *enc_len += len; | 311 *enc_len += len; |
346 | 312 |
347 return err_status_ok; | 313 return srtp_err_status_ok; |
348 } | |
349 | |
350 uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c) | |
351 { | |
352 return htons(c->counter.v16[7]); | |
353 } | 314 } |
354 | 315 |
355 /* | 316 /* |
356 * Name of this crypto engine | 317 * Name of this crypto engine |
357 */ | 318 */ |
358 char aes_icm_openssl_description[] = "AES-128 counter mode using openssl"; | 319 static const char srtp_aes_icm_openssl_description[] = "AES-128 counter mode usi
ng openssl"; |
359 #ifndef SRTP_NO_AES192 | 320 static const char srtp_aes_icm_192_openssl_description[] = "AES-192 counter mode
using openssl"; |
360 char aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl"; | 321 static const char srtp_aes_icm_256_openssl_description[] = "AES-256 counter mode
using openssl"; |
361 #endif | |
362 char aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; | |
363 | 322 |
364 | 323 |
365 /* | 324 /* |
366 * KAT values for AES self-test. These | 325 * KAT values for AES self-test. These |
367 * values came from the legacy libsrtp code. | 326 * values came from the legacy libsrtp code. |
368 */ | 327 */ |
369 uint8_t aes_icm_test_case_0_key[AES_128_KEYSIZE_WSALT] = { | 328 static const uint8_t srtp_aes_icm_test_case_0_key[SRTP_AES_128_KEYSIZE_WSALT] =
{ |
370 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | 329 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, |
371 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, | 330 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, |
372 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | 331 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
373 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd | 332 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
374 }; | 333 }; |
375 | 334 |
376 uint8_t aes_icm_test_case_0_nonce[16] = { | 335 static uint8_t srtp_aes_icm_test_case_0_nonce[16] = { |
377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 336 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
378 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | 337 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
379 }; | 338 }; |
380 | 339 |
381 uint8_t aes_icm_test_case_0_plaintext[32] = { | 340 static const uint8_t srtp_aes_icm_test_case_0_plaintext[32] = { |
382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 341 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
383 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 342 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 343 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
385 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 344 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
386 }; | 345 }; |
387 | 346 |
388 uint8_t aes_icm_test_case_0_ciphertext[32] = { | 347 static const uint8_t srtp_aes_icm_test_case_0_ciphertext[32] = { |
389 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, | 348 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, |
390 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, | 349 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, |
391 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, | 350 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, |
392 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab | 351 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab |
393 }; | 352 }; |
394 | 353 |
395 cipher_test_case_t aes_icm_test_case_0 = { | 354 static const srtp_cipher_test_case_t srtp_aes_icm_test_case_0 = { |
396 AES_128_KEYSIZE_WSALT, /* octets in key */ | 355 SRTP_AES_128_KEYSIZE_WSALT, /* octets in key */ |
397 aes_icm_test_case_0_key, /* key */ | 356 srtp_aes_icm_test_case_0_key, /* key */ |
398 aes_icm_test_case_0_nonce, /* packet index */ | 357 srtp_aes_icm_test_case_0_nonce, /* packet index */ |
399 32, /* octets in plaintext */ | 358 32, /* octets in plaintext */ |
400 aes_icm_test_case_0_plaintext, /* plaintext */ | 359 srtp_aes_icm_test_case_0_plaintext, /* plaintext */ |
401 32, /* octets in ciphertext */ | 360 32, /* octets in ciphertext */ |
402 aes_icm_test_case_0_ciphertext, /* ciphertext */ | 361 srtp_aes_icm_test_case_0_ciphertext, /* ciphertext */ |
403 0, | 362 0, |
404 NULL, | 363 NULL, |
405 0, | 364 0, |
406 NULL /* pointer to next testcase */ | 365 NULL /* pointer to next testcase */ |
407 }; | 366 }; |
408 | 367 |
409 #ifndef SRTP_NO_AES192 | |
410 /* | 368 /* |
411 * KAT values for AES-192-CTR self-test. These | 369 * KAT values for AES-192-CTR self-test. These |
412 * values came from section 7 of RFC 6188. | 370 * values came from section 7 of RFC 6188. |
413 */ | 371 */ |
414 uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = { | 372 static const uint8_t srtp_aes_icm_192_test_case_1_key[SRTP_AES_192_KEYSIZE_WSALT
] = { |
415 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, | 373 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, |
416 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, | 374 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, |
417 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7, | 375 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7, |
418 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | 376 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
419 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd | 377 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
420 }; | 378 }; |
421 | 379 |
422 uint8_t aes_icm_192_test_case_1_nonce[16] = { | 380 static uint8_t srtp_aes_icm_192_test_case_1_nonce[16] = { |
423 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
424 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | 382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
425 }; | 383 }; |
426 | 384 |
427 uint8_t aes_icm_192_test_case_1_plaintext[32] = { | 385 static const uint8_t srtp_aes_icm_192_test_case_1_plaintext[32] = { |
428 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 386 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
429 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
430 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 388 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
431 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 389 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
432 }; | 390 }; |
433 | 391 |
434 uint8_t aes_icm_192_test_case_1_ciphertext[32] = { | 392 static const uint8_t srtp_aes_icm_192_test_case_1_ciphertext[32] = { |
435 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, | 393 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, |
436 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, | 394 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, |
437 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, | 395 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, |
438 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a | 396 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a |
439 }; | 397 }; |
440 | 398 |
441 cipher_test_case_t aes_icm_192_test_case_1 = { | 399 static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_1 = { |
442 AES_192_KEYSIZE_WSALT, /* octets in key */ | 400 SRTP_AES_192_KEYSIZE_WSALT, /* octets in key */ |
443 aes_icm_192_test_case_1_key, /* key */ | 401 srtp_aes_icm_192_test_case_1_key, /* key */ |
444 aes_icm_192_test_case_1_nonce, /* packet index */ | 402 srtp_aes_icm_192_test_case_1_nonce, /* packet index */ |
445 32, /* octets in plaintext */ | 403 32, /* octets in plaintext */ |
446 aes_icm_192_test_case_1_plaintext, /* plaintext */ | 404 srtp_aes_icm_192_test_case_1_plaintext, /* plaintext */ |
447 32, /* octets in ciphertext */ | 405 32, /* octets in ciphertext */ |
448 aes_icm_192_test_case_1_ciphertext, /* ciphertext */ | 406 srtp_aes_icm_192_test_case_1_ciphertext, /* ciphertext */ |
449 0, | 407 0, |
450 NULL, | 408 NULL, |
451 0, | 409 0, |
452 NULL /* pointer to next testcase */ | 410 NULL /* pointer to next testcase */ |
453 }; | 411 }; |
454 #endif | |
455 | 412 |
456 /* | 413 /* |
457 * KAT values for AES-256-CTR self-test. These | 414 * KAT values for AES-256-CTR self-test. These |
458 * values came from section 7 of RFC 6188. | 415 * values came from section 7 of RFC 6188. |
459 */ | 416 */ |
460 uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = { | 417 static const uint8_t srtp_aes_icm_256_test_case_2_key[SRTP_AES_256_KEYSIZE_WSALT
] = { |
461 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, | 418 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, |
462 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, | 419 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, |
463 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, | 420 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, |
464 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, | 421 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, |
465 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | 422 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
466 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd | 423 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
467 }; | 424 }; |
468 | 425 |
469 uint8_t aes_icm_256_test_case_2_nonce[16] = { | 426 static uint8_t srtp_aes_icm_256_test_case_2_nonce[16] = { |
470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 427 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | 428 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
472 }; | 429 }; |
473 | 430 |
474 uint8_t aes_icm_256_test_case_2_plaintext[32] = { | 431 static const uint8_t srtp_aes_icm_256_test_case_2_plaintext[32] = { |
475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 432 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
476 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 433 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
477 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 434 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
478 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | 435 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
479 }; | 436 }; |
480 | 437 |
481 uint8_t aes_icm_256_test_case_2_ciphertext[32] = { | 438 static const uint8_t srtp_aes_icm_256_test_case_2_ciphertext[32] = { |
482 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, | 439 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, |
483 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, | 440 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, |
484 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, | 441 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, |
485 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac | 442 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac |
486 }; | 443 }; |
487 | 444 |
488 cipher_test_case_t aes_icm_256_test_case_2 = { | 445 static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_2 = { |
489 AES_256_KEYSIZE_WSALT, /* octets in key */ | 446 SRTP_AES_256_KEYSIZE_WSALT, /* octets in key */ |
490 aes_icm_256_test_case_2_key, /* key */ | 447 srtp_aes_icm_256_test_case_2_key, /* key */ |
491 aes_icm_256_test_case_2_nonce, /* packet index */ | 448 srtp_aes_icm_256_test_case_2_nonce, /* packet index */ |
492 32, /* octets in plaintext */ | 449 32, /* octets in plaintext */ |
493 aes_icm_256_test_case_2_plaintext, /* plaintext */ | 450 srtp_aes_icm_256_test_case_2_plaintext, /* plaintext */ |
494 32, /* octets in ciphertext */ | 451 32, /* octets in ciphertext */ |
495 aes_icm_256_test_case_2_ciphertext, /* ciphertext */ | 452 srtp_aes_icm_256_test_case_2_ciphertext, /* ciphertext */ |
496 0, | 453 0, |
497 NULL, | 454 NULL, |
498 0, | 455 0, |
499 NULL /* pointer to next testcase */ | 456 NULL /* pointer to next testcase */ |
500 }; | 457 }; |
501 | 458 |
502 /* | 459 /* |
503 * This is the function table for this crypto engine. | 460 * This is the function table for this crypto engine. |
504 * note: the encrypt function is identical to the decrypt function | 461 * note: the encrypt function is identical to the decrypt function |
505 */ | 462 */ |
506 cipher_type_t aes_icm = { | 463 const srtp_cipher_type_t srtp_aes_icm = { |
507 (cipher_alloc_func_t) aes_icm_openssl_alloc, | 464 srtp_aes_icm_openssl_alloc, |
508 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, | 465 srtp_aes_icm_openssl_dealloc, |
509 (cipher_init_func_t) aes_icm_openssl_context_init, | 466 srtp_aes_icm_openssl_context_init, |
510 (cipher_set_aad_func_t) 0, | 467 0, /* set_aad */ |
511 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, | 468 srtp_aes_icm_openssl_encrypt, |
512 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, | 469 srtp_aes_icm_openssl_encrypt, |
513 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, | 470 srtp_aes_icm_openssl_set_iv, |
514 (cipher_get_tag_func_t) 0, | 471 0, /* get_tag */ |
515 (char*) aes_icm_openssl_description, | 472 srtp_aes_icm_openssl_description, |
516 (int) 0, /* instance count */ | 473 &srtp_aes_icm_test_case_0, |
517 (cipher_test_case_t*) &aes_icm_test_case_0, | 474 SRTP_AES_ICM |
518 (debug_module_t*) &mod_aes_icm, | |
519 (cipher_type_id_t) AES_ICM | |
520 }; | 475 }; |
521 | 476 |
522 #ifndef SRTP_NO_AES192 | |
523 /* | |
524 * This is the function table for this crypto engine. | |
525 * note: the encrypt function is identical to the decrypt function | |
526 */ | |
527 cipher_type_t aes_icm_192 = { | |
528 (cipher_alloc_func_t) aes_icm_openssl_alloc, | |
529 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, | |
530 (cipher_init_func_t) aes_icm_openssl_context_init, | |
531 (cipher_set_aad_func_t) 0, | |
532 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, | |
533 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, | |
534 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, | |
535 (cipher_get_tag_func_t) 0, | |
536 (char*) aes_icm_192_openssl_description, | |
537 (int) 0, /* instance count */ | |
538 (cipher_test_case_t*) &aes_icm_192_test_case_1, | |
539 (debug_module_t*) &mod_aes_icm, | |
540 (cipher_type_id_t) AES_192_ICM | |
541 }; | |
542 #endif | |
543 | |
544 /* | 477 /* |
545 * This is the function table for this crypto engine. | 478 * This is the function table for this crypto engine. |
546 * note: the encrypt function is identical to the decrypt function | 479 * note: the encrypt function is identical to the decrypt function |
547 */ | 480 */ |
548 cipher_type_t aes_icm_256 = { | 481 const srtp_cipher_type_t srtp_aes_icm_192 = { |
549 (cipher_alloc_func_t) aes_icm_openssl_alloc, | 482 srtp_aes_icm_openssl_alloc, |
550 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, | 483 srtp_aes_icm_openssl_dealloc, |
551 (cipher_init_func_t) aes_icm_openssl_context_init, | 484 srtp_aes_icm_openssl_context_init, |
552 (cipher_set_aad_func_t) 0, | 485 0, /* set_aad */ |
553 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, | 486 srtp_aes_icm_openssl_encrypt, |
554 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, | 487 srtp_aes_icm_openssl_encrypt, |
555 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, | 488 srtp_aes_icm_openssl_set_iv, |
556 (cipher_get_tag_func_t) 0, | 489 0, /* get_tag */ |
557 (char*) aes_icm_256_openssl_description, | 490 srtp_aes_icm_192_openssl_description, |
558 (int) 0, /* instance count */ | 491 &srtp_aes_icm_192_test_case_1, |
559 (cipher_test_case_t*) &aes_icm_256_test_case_2, | 492 SRTP_AES_192_ICM |
560 (debug_module_t*) &mod_aes_icm, | |
561 (cipher_type_id_t) AES_256_ICM | |
562 }; | 493 }; |
563 | 494 |
| 495 /* |
| 496 * This is the function table for this crypto engine. |
| 497 * note: the encrypt function is identical to the decrypt function |
| 498 */ |
| 499 const srtp_cipher_type_t srtp_aes_icm_256 = { |
| 500 srtp_aes_icm_openssl_alloc, |
| 501 srtp_aes_icm_openssl_dealloc, |
| 502 srtp_aes_icm_openssl_context_init, |
| 503 0, /* set_aad */ |
| 504 srtp_aes_icm_openssl_encrypt, |
| 505 srtp_aes_icm_openssl_encrypt, |
| 506 srtp_aes_icm_openssl_set_iv, |
| 507 0, /* get_tag */ |
| 508 srtp_aes_icm_256_openssl_description, |
| 509 &srtp_aes_icm_256_test_case_2, |
| 510 SRTP_AES_256_ICM |
| 511 }; |
| 512 |
OLD | NEW |