| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * aes_gcm_ossl.c | |
| 3 * | |
| 4 * AES Galois Counter Mode | |
| 5 * | |
| 6 * John A. Foley | |
| 7 * Cisco Systems, Inc. | |
| 8 * | |
| 9 */ | |
| 10 | |
| 11 /* | |
| 12 * | |
| 13 * Copyright (c) 2013, Cisco Systems, Inc. | |
| 14 * All rights reserved. | |
| 15 * | |
| 16 * Redistribution and use in source and binary forms, with or without | |
| 17 * modification, are permitted provided that the following conditions | |
| 18 * are met: | |
| 19 * | |
| 20 * Redistributions of source code must retain the above copyright | |
| 21 * notice, this list of conditions and the following disclaimer. | |
| 22 * | |
| 23 * Redistributions in binary form must reproduce the above | |
| 24 * copyright notice, this list of conditions and the following | |
| 25 * disclaimer in the documentation and/or other materials provided | |
| 26 * with the distribution. | |
| 27 * | |
| 28 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
| 29 * contributors may be used to endorse or promote products derived | |
| 30 * from this software without specific prior written permission. | |
| 31 * | |
| 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 34 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| 35 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
| 36 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 43 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 44 * | |
| 45 */ | |
| 46 | |
| 47 #ifdef HAVE_CONFIG_H | |
| 48 #include <config.h> | |
| 49 #endif | |
| 50 | |
| 51 #include <openssl/evp.h> | |
| 52 #include "aes_icm_ossl.h" | |
| 53 #include "aes_gcm_ossl.h" | |
| 54 #include "alloc.h" | |
| 55 #include "crypto_types.h" | |
| 56 | |
| 57 | |
| 58 debug_module_t mod_aes_gcm = { | |
| 59 0, /* debugging is off by default */ | |
| 60 "aes gcm" /* printable module name */ | |
| 61 }; | |
| 62 | |
| 63 /* | |
| 64 * The following are the global singleton instances for the | |
| 65 * 128-bit and 256-bit GCM ciphers. | |
| 66 */ | |
| 67 extern cipher_type_t aes_gcm_128_openssl; | |
| 68 extern cipher_type_t aes_gcm_256_openssl; | |
| 69 | |
| 70 /* | |
| 71 * For now we only support 8 and 16 octet tags. The spec allows for | |
| 72 * optional 12 byte tag, which may be supported in the future. | |
| 73 */ | |
| 74 #define GCM_AUTH_TAG_LEN 16 | |
| 75 #define GCM_AUTH_TAG_LEN_8 8 | |
| 76 | |
| 77 | |
| 78 /* | |
| 79 * This function allocates a new instance of this crypto engine. | |
| 80 * The key_len parameter should be one of 28 or 44 for | |
| 81 * AES-128-GCM or AES-256-GCM respectively. Note that the | |
| 82 * key length includes the 14 byte salt value that is used when | |
| 83 * initializing the KDF. | |
| 84 */ | |
| 85 err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) | |
| 86 { | |
| 87 aes_gcm_ctx_t *gcm; | |
| 88 int tmp; | |
| 89 uint8_t *allptr; | |
| 90 | |
| 91 debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len); | |
| 92 debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen); | |
| 93 | |
| 94 /* | |
| 95 * Verify the key_len is valid for one of: AES-128/256 | |
| 96 */ | |
| 97 if (key_len != AES_128_GCM_KEYSIZE_WSALT && | |
| 98 key_len != AES_256_GCM_KEYSIZE_WSALT) { | |
| 99 return (err_status_bad_param); | |
| 100 } | |
| 101 | |
| 102 if (tlen != GCM_AUTH_TAG_LEN && | |
| 103 tlen != GCM_AUTH_TAG_LEN_8) { | |
| 104 return (err_status_bad_param); | |
| 105 } | |
| 106 | |
| 107 /* allocate memory a cipher of type aes_gcm */ | |
| 108 tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t); | |
| 109 allptr = crypto_alloc(tmp); | |
| 110 if (allptr == NULL) { | |
| 111 return (err_status_alloc_fail); | |
| 112 } | |
| 113 | |
| 114 /* set pointers */ | |
| 115 *c = (cipher_t*)allptr; | |
| 116 (*c)->state = allptr + sizeof(cipher_t); | |
| 117 gcm = (aes_gcm_ctx_t *)(*c)->state; | |
| 118 | |
| 119 /* increment ref_count */ | |
| 120 switch (key_len) { | |
| 121 case AES_128_GCM_KEYSIZE_WSALT: | |
| 122 (*c)->type = &aes_gcm_128_openssl; | |
| 123 (*c)->algorithm = AES_128_GCM; | |
| 124 aes_gcm_128_openssl.ref_count++; | |
| 125 ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; | |
| 126 ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; | |
| 127 break; | |
| 128 case AES_256_GCM_KEYSIZE_WSALT: | |
| 129 (*c)->type = &aes_gcm_256_openssl; | |
| 130 (*c)->algorithm = AES_256_GCM; | |
| 131 aes_gcm_256_openssl.ref_count++; | |
| 132 ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; | |
| 133 ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; | |
| 134 break; | |
| 135 } | |
| 136 | |
| 137 /* set key size */ | |
| 138 (*c)->key_len = key_len; | |
| 139 EVP_CIPHER_CTX_init(&gcm->ctx); | |
| 140 | |
| 141 return (err_status_ok); | |
| 142 } | |
| 143 | |
| 144 | |
| 145 /* | |
| 146 * This function deallocates a GCM session | |
| 147 */ | |
| 148 err_status_t aes_gcm_openssl_dealloc (cipher_t *c) | |
| 149 { | |
| 150 aes_gcm_ctx_t *ctx; | |
| 151 | |
| 152 ctx = (aes_gcm_ctx_t*)c->state; | |
| 153 if (ctx) { | |
| 154 EVP_CIPHER_CTX_cleanup(&ctx->ctx); | |
| 155 /* decrement ref_count for the appropriate engine */ | |
| 156 switch (ctx->key_size) { | |
| 157 case AES_256_KEYSIZE: | |
| 158 aes_gcm_256_openssl.ref_count--; | |
| 159 break; | |
| 160 case AES_128_KEYSIZE: | |
| 161 aes_gcm_128_openssl.ref_count--; | |
| 162 break; | |
| 163 default: | |
| 164 return (err_status_dealloc_fail); | |
| 165 break; | |
| 166 } | |
| 167 } | |
| 168 | |
| 169 /* zeroize entire state*/ | |
| 170 octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_
t)); | |
| 171 | |
| 172 /* free memory */ | |
| 173 crypto_free(c); | |
| 174 | |
| 175 return (err_status_ok); | |
| 176 } | |
| 177 | |
| 178 /* | |
| 179 * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context | |
| 180 * using the value in key[]. | |
| 181 * | |
| 182 * the key is the secret key | |
| 183 */ | |
| 184 err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key) | |
| 185 { | |
| 186 c->dir = direction_any; | |
| 187 | |
| 188 /* copy key to be used later when CiscoSSL crypto context is created */ | |
| 189 v128_copy_octet_string((v128_t*)&c->key, key); | |
| 190 | |
| 191 if (c->key_size == AES_256_KEYSIZE) { | |
| 192 debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s", | |
| 193 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); | |
| 194 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, | |
| 195 key + AES_128_KEYSIZE); | |
| 196 } | |
| 197 | |
| 198 debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key)); | |
| 199 | |
| 200 EVP_CIPHER_CTX_cleanup(&c->ctx); | |
| 201 | |
| 202 return (err_status_ok); | |
| 203 } | |
| 204 | |
| 205 | |
| 206 /* | |
| 207 * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with | |
| 208 * the offset | |
| 209 */ | |
| 210 err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv, | |
| 211 int direction) | |
| 212 { | |
| 213 const EVP_CIPHER *evp; | |
| 214 | |
| 215 if (direction != direction_encrypt && direction != direction_decrypt) { | |
| 216 return (err_status_bad_param); | |
| 217 } | |
| 218 c->dir = direction; | |
| 219 | |
| 220 debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv)); | |
| 221 | |
| 222 switch (c->key_size) { | |
| 223 case AES_256_KEYSIZE: | |
| 224 evp = EVP_aes_256_gcm(); | |
| 225 break; | |
| 226 case AES_128_KEYSIZE: | |
| 227 evp = EVP_aes_128_gcm(); | |
| 228 break; | |
| 229 default: | |
| 230 return (err_status_bad_param); | |
| 231 break; | |
| 232 } | |
| 233 | |
| 234 if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, | |
| 235 NULL, (c->dir == direction_encrypt ? 1 : 0))) { | |
| 236 return (err_status_init_fail); | |
| 237 } | |
| 238 | |
| 239 /* set IV len and the IV value, the followiong 3 calls are required */ | |
| 240 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { | |
| 241 return (err_status_init_fail); | |
| 242 } | |
| 243 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { | |
| 244 return (err_status_init_fail); | |
| 245 } | |
| 246 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { | |
| 247 return (err_status_init_fail); | |
| 248 } | |
| 249 | |
| 250 return (err_status_ok); | |
| 251 } | |
| 252 | |
| 253 /* | |
| 254 * This function processes the AAD | |
| 255 * | |
| 256 * Parameters: | |
| 257 * c Crypto context | |
| 258 * aad Additional data to process for AEAD cipher suites | |
| 259 * aad_len length of aad buffer | |
| 260 */ | |
| 261 err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad, | |
| 262 unsigned int aad_len) | |
| 263 { | |
| 264 int rv; | |
| 265 | |
| 266 /* | |
| 267 * Set dummy tag, OpenSSL requires the Tag to be set before | |
| 268 * processing AAD | |
| 269 */ | |
| 270 unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; | |
| 271 memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN); | |
| 272 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag); | |
| 273 | |
| 274 rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len); | |
| 275 if (rv != aad_len) { | |
| 276 return (err_status_algo_fail); | |
| 277 } else { | |
| 278 return (err_status_ok); | |
| 279 } | |
| 280 } | |
| 281 | |
| 282 /* | |
| 283 * This function encrypts a buffer using AES GCM mode | |
| 284 * | |
| 285 * Parameters: | |
| 286 * c Crypto context | |
| 287 * buf data to encrypt | |
| 288 * enc_len length of encrypt buffer | |
| 289 */ | |
| 290 err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf, | |
| 291 unsigned int *enc_len) | |
| 292 { | |
| 293 if (c->dir != direction_encrypt && c->dir != direction_decrypt) { | |
| 294 return (err_status_bad_param); | |
| 295 } | |
| 296 | |
| 297 /* | |
| 298 * Encrypt the data | |
| 299 */ | |
| 300 EVP_Cipher(&c->ctx, buf, buf, *enc_len); | |
| 301 | |
| 302 return (err_status_ok); | |
| 303 } | |
| 304 | |
| 305 /* | |
| 306 * This function calculates and returns the GCM tag for a given context. | |
| 307 * This should be called after encrypting the data. The *len value | |
| 308 * is increased by the tag size. The caller must ensure that *buf has | |
| 309 * enough room to accept the appended tag. | |
| 310 * | |
| 311 * Parameters: | |
| 312 * c Crypto context | |
| 313 * buf data to encrypt | |
| 314 * len length of encrypt buffer | |
| 315 */ | |
| 316 err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf, | |
| 317 int *len) | |
| 318 { | |
| 319 /* | |
| 320 * Calculate the tag | |
| 321 */ | |
| 322 EVP_Cipher(&c->ctx, NULL, NULL, 0); | |
| 323 | |
| 324 /* | |
| 325 * Retreive the tag | |
| 326 */ | |
| 327 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); | |
| 328 | |
| 329 /* | |
| 330 * Increase encryption length by desired tag size | |
| 331 */ | |
| 332 *len = c->tag_len; | |
| 333 | |
| 334 return (err_status_ok); | |
| 335 } | |
| 336 | |
| 337 | |
| 338 /* | |
| 339 * This function decrypts a buffer using AES GCM mode | |
| 340 * | |
| 341 * Parameters: | |
| 342 * c Crypto context | |
| 343 * buf data to encrypt | |
| 344 * enc_len length of encrypt buffer | |
| 345 */ | |
| 346 err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf, | |
| 347 unsigned int *enc_len) | |
| 348 { | |
| 349 if (c->dir != direction_encrypt && c->dir != direction_decrypt) { | |
| 350 return (err_status_bad_param); | |
| 351 } | |
| 352 | |
| 353 /* | |
| 354 * Set the tag before decrypting | |
| 355 */ | |
| 356 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, | |
| 357 buf + (*enc_len - c->tag_len)); | |
| 358 EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len); | |
| 359 | |
| 360 /* | |
| 361 * Check the tag | |
| 362 */ | |
| 363 if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) { | |
| 364 return (err_status_auth_fail); | |
| 365 } | |
| 366 | |
| 367 /* | |
| 368 * Reduce the buffer size by the tag length since the tag | |
| 369 * is not part of the original payload | |
| 370 */ | |
| 371 *enc_len -= c->tag_len; | |
| 372 | |
| 373 return (err_status_ok); | |
| 374 } | |
| 375 | |
| 376 | |
| 377 | |
| 378 /* | |
| 379 * Name of this crypto engine | |
| 380 */ | |
| 381 char aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl"; | |
| 382 char aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl"; | |
| 383 | |
| 384 | |
| 385 /* | |
| 386 * KAT values for AES self-test. These | |
| 387 * values we're derived from independent test code | |
| 388 * using OpenSSL. | |
| 389 */ | |
| 390 uint8_t aes_gcm_test_case_0_key[AES_128_GCM_KEYSIZE_WSALT] = { | |
| 391 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
| 392 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, | |
| 393 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
| 394 0x09, 0x0a, 0x0b, 0x0c, | |
| 395 }; | |
| 396 | |
| 397 uint8_t aes_gcm_test_case_0_iv[12] = { | |
| 398 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, | |
| 399 0xde, 0xca, 0xf8, 0x88 | |
| 400 }; | |
| 401 | |
| 402 uint8_t aes_gcm_test_case_0_plaintext[60] = { | |
| 403 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
| 404 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
| 405 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
| 406 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
| 407 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
| 408 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
| 409 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
| 410 0xba, 0x63, 0x7b, 0x39 | |
| 411 }; | |
| 412 | |
| 413 uint8_t aes_gcm_test_case_0_aad[20] = { | |
| 414 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
| 415 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
| 416 0xab, 0xad, 0xda, 0xd2 | |
| 417 }; | |
| 418 | |
| 419 uint8_t aes_gcm_test_case_0_ciphertext[76] = { | |
| 420 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, | |
| 421 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, | |
| 422 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, | |
| 423 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, | |
| 424 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, | |
| 425 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, | |
| 426 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, | |
| 427 0x3d, 0x58, 0xe0, 0x91, | |
| 428 /* the last 16 bytes are the tag */ | |
| 429 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, | |
| 430 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, | |
| 431 }; | |
| 432 | |
| 433 cipher_test_case_t aes_gcm_test_case_0a = { | |
| 434 AES_128_GCM_KEYSIZE_WSALT, /* octets in key */ | |
| 435 aes_gcm_test_case_0_key, /* key */ | |
| 436 aes_gcm_test_case_0_iv, /* packet index */ | |
| 437 60, /* octets in plaintext */ | |
| 438 aes_gcm_test_case_0_plaintext, /* plaintext */ | |
| 439 68, /* octets in ciphertext */ | |
| 440 aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ | |
| 441 20, /* octets in AAD */ | |
| 442 aes_gcm_test_case_0_aad, /* AAD */ | |
| 443 GCM_AUTH_TAG_LEN_8, | |
| 444 NULL /* pointer to next testcase */ | |
| 445 }; | |
| 446 | |
| 447 cipher_test_case_t aes_gcm_test_case_0 = { | |
| 448 AES_128_GCM_KEYSIZE_WSALT, /* octets in key */ | |
| 449 aes_gcm_test_case_0_key, /* key */ | |
| 450 aes_gcm_test_case_0_iv, /* packet index */ | |
| 451 60, /* octets in plaintext */ | |
| 452 aes_gcm_test_case_0_plaintext, /* plaintext */ | |
| 453 76, /* octets in ciphertext */ | |
| 454 aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ | |
| 455 20, /* octets in AAD */ | |
| 456 aes_gcm_test_case_0_aad, /* AAD */ | |
| 457 GCM_AUTH_TAG_LEN, | |
| 458 &aes_gcm_test_case_0a /* pointer to next testcase */ | |
| 459 }; | |
| 460 | |
| 461 uint8_t aes_gcm_test_case_1_key[AES_256_GCM_KEYSIZE_WSALT] = { | |
| 462 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
| 463 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, | |
| 464 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, | |
| 465 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, | |
| 466 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
| 467 0x09, 0x0a, 0x0b, 0x0c, | |
| 468 | |
| 469 }; | |
| 470 | |
| 471 uint8_t aes_gcm_test_case_1_iv[12] = { | |
| 472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, | |
| 473 0xde, 0xca, 0xf8, 0x88 | |
| 474 }; | |
| 475 | |
| 476 uint8_t aes_gcm_test_case_1_plaintext[60] = { | |
| 477 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
| 478 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
| 479 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
| 480 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
| 481 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
| 482 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
| 483 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
| 484 0xba, 0x63, 0x7b, 0x39 | |
| 485 }; | |
| 486 | |
| 487 uint8_t aes_gcm_test_case_1_aad[20] = { | |
| 488 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
| 489 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
| 490 0xab, 0xad, 0xda, 0xd2 | |
| 491 }; | |
| 492 | |
| 493 uint8_t aes_gcm_test_case_1_ciphertext[76] = { | |
| 494 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, | |
| 495 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, | |
| 496 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, | |
| 497 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, | |
| 498 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, | |
| 499 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, | |
| 500 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, | |
| 501 0x09, 0xc9, 0x86, 0xc1, | |
| 502 /* the last 16 bytes are the tag */ | |
| 503 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, | |
| 504 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, | |
| 505 }; | |
| 506 | |
| 507 cipher_test_case_t aes_gcm_test_case_1a = { | |
| 508 AES_256_GCM_KEYSIZE_WSALT, /* octets in key */ | |
| 509 aes_gcm_test_case_1_key, /* key */ | |
| 510 aes_gcm_test_case_1_iv, /* packet index */ | |
| 511 60, /* octets in plaintext */ | |
| 512 aes_gcm_test_case_1_plaintext, /* plaintext */ | |
| 513 68, /* octets in ciphertext */ | |
| 514 aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ | |
| 515 20, /* octets in AAD */ | |
| 516 aes_gcm_test_case_1_aad, /* AAD */ | |
| 517 GCM_AUTH_TAG_LEN_8, | |
| 518 NULL /* pointer to next testcase */ | |
| 519 }; | |
| 520 | |
| 521 cipher_test_case_t aes_gcm_test_case_1 = { | |
| 522 AES_256_GCM_KEYSIZE_WSALT, /* octets in key */ | |
| 523 aes_gcm_test_case_1_key, /* key */ | |
| 524 aes_gcm_test_case_1_iv, /* packet index */ | |
| 525 60, /* octets in plaintext */ | |
| 526 aes_gcm_test_case_1_plaintext, /* plaintext */ | |
| 527 76, /* octets in ciphertext */ | |
| 528 aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ | |
| 529 20, /* octets in AAD */ | |
| 530 aes_gcm_test_case_1_aad, /* AAD */ | |
| 531 GCM_AUTH_TAG_LEN, | |
| 532 &aes_gcm_test_case_1a /* pointer to next testcase */ | |
| 533 }; | |
| 534 | |
| 535 /* | |
| 536 * This is the vector function table for this crypto engine. | |
| 537 */ | |
| 538 cipher_type_t aes_gcm_128_openssl = { | |
| 539 (cipher_alloc_func_t) aes_gcm_openssl_alloc, | |
| 540 (cipher_dealloc_func_t) aes_gcm_openssl_dealloc, | |
| 541 (cipher_init_func_t) aes_gcm_openssl_context_init, | |
| 542 (cipher_set_aad_func_t) aes_gcm_openssl_set_aad, | |
| 543 (cipher_encrypt_func_t) aes_gcm_openssl_encrypt, | |
| 544 (cipher_decrypt_func_t) aes_gcm_openssl_decrypt, | |
| 545 (cipher_set_iv_func_t) aes_gcm_openssl_set_iv, | |
| 546 (cipher_get_tag_func_t) aes_gcm_openssl_get_tag, | |
| 547 (char*) aes_gcm_128_openssl_description, | |
| 548 (int) 0, /* instance count */ | |
| 549 (cipher_test_case_t*) &aes_gcm_test_case_0, | |
| 550 (debug_module_t*) &mod_aes_gcm, | |
| 551 (cipher_type_id_t) AES_128_GCM | |
| 552 }; | |
| 553 | |
| 554 /* | |
| 555 * This is the vector function table for this crypto engine. | |
| 556 */ | |
| 557 cipher_type_t aes_gcm_256_openssl = { | |
| 558 (cipher_alloc_func_t) aes_gcm_openssl_alloc, | |
| 559 (cipher_dealloc_func_t) aes_gcm_openssl_dealloc, | |
| 560 (cipher_init_func_t) aes_gcm_openssl_context_init, | |
| 561 (cipher_set_aad_func_t) aes_gcm_openssl_set_aad, | |
| 562 (cipher_encrypt_func_t) aes_gcm_openssl_encrypt, | |
| 563 (cipher_decrypt_func_t) aes_gcm_openssl_decrypt, | |
| 564 (cipher_set_iv_func_t) aes_gcm_openssl_set_iv, | |
| 565 (cipher_get_tag_func_t) aes_gcm_openssl_get_tag, | |
| 566 (char*) aes_gcm_256_openssl_description, | |
| 567 (int) 0, /* instance count */ | |
| 568 (cipher_test_case_t*) &aes_gcm_test_case_1, | |
| 569 (debug_module_t*) &mod_aes_gcm, | |
| 570 (cipher_type_id_t) AES_256_GCM | |
| 571 }; | |
| 572 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2344973002:
Update libsrtp to version 2.0 (Closed)
