OLD | NEW |
| (Empty) |
1 /* | |
2 * aes_icm_ossl.c | |
3 * | |
4 * AES Integer Counter Mode | |
5 * | |
6 * John A. Foley | |
7 * Cisco Systems, Inc. | |
8 * | |
9 * 2/24/2012: This module was modified to use CiscoSSL for AES counter | |
10 * mode. Eddy Lem contributed the code to allow this. | |
11 * | |
12 * 12/20/2012: Added support for AES-192 and AES-256. | |
13 */ | |
14 | |
15 /* | |
16 * | |
17 * Copyright (c) 2013, Cisco Systems, Inc. | |
18 * All rights reserved. | |
19 * | |
20 * Redistribution and use in source and binary forms, with or without | |
21 * modification, are permitted provided that the following conditions | |
22 * are met: | |
23 * | |
24 * Redistributions of source code must retain the above copyright | |
25 * notice, this list of conditions and the following disclaimer. | |
26 * | |
27 * Redistributions in binary form must reproduce the above | |
28 * copyright notice, this list of conditions and the following | |
29 * disclaimer in the documentation and/or other materials provided | |
30 * with the distribution. | |
31 * | |
32 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
33 * contributors may be used to endorse or promote products derived | |
34 * from this software without specific prior written permission. | |
35 * | |
36 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
37 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
38 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
39 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
40 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
41 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
42 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
43 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
47 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
48 * | |
49 */ | |
50 | |
51 #ifdef HAVE_CONFIG_H | |
52 #include <config.h> | |
53 #endif | |
54 | |
55 #include <openssl/evp.h> | |
56 #include "aes_icm_ossl.h" | |
57 #include "crypto_types.h" | |
58 #include "alloc.h" | |
59 #include "crypto_types.h" | |
60 | |
61 | |
62 debug_module_t mod_aes_icm = { | |
63 0, /* debugging is off by default */ | |
64 "aes icm ossl" /* printable module name */ | |
65 }; | |
66 extern cipher_test_case_t aes_icm_test_case_0; | |
67 extern cipher_type_t aes_icm; | |
68 #ifndef SRTP_NO_AES192 | |
69 extern cipher_type_t aes_icm_192; | |
70 #endif | |
71 extern cipher_type_t aes_icm_256; | |
72 | |
73 /* | |
74 * integer counter mode works as follows: | |
75 * | |
76 * 16 bits | |
77 * <-----> | |
78 * +------+------+------+------+------+------+------+------+ | |
79 * | nonce | packet index | ctr |---+ | |
80 * +------+------+------+------+------+------+------+------+ | | |
81 * | | |
82 * +------+------+------+------+------+------+------+------+ v | |
83 * | salt |000000|->(+) | |
84 * +------+------+------+------+------+------+------+------+ | | |
85 * | | |
86 * +---------+ | |
87 * | encrypt | | |
88 * +---------+ | |
89 * | | |
90 * +------+------+------+------+------+------+------+------+ | | |
91 * | keystream block |<--+ | |
92 * +------+------+------+------+------+------+------+------+ | |
93 * | |
94 * All fields are big-endian | |
95 * | |
96 * ctr is the block counter, which increments from zero for | |
97 * each packet (16 bits wide) | |
98 * | |
99 * packet index is distinct for each packet (48 bits wide) | |
100 * | |
101 * nonce can be distinct across many uses of the same key, or | |
102 * can be a fixed value per key, or can be per-packet randomness | |
103 * (64 bits) | |
104 * | |
105 */ | |
106 | |
107 /* | |
108 * This function allocates a new instance of this crypto engine. | |
109 * The key_len parameter should be one of 30, 38, or 46 for | |
110 * AES-128, AES-192, and AES-256 respectively. Note, this key_len | |
111 * value is inflated, as it also accounts for the 112 bit salt | |
112 * value. The tlen argument is for the AEAD tag length, which | |
113 * isn't used in counter mode. | |
114 */ | |
115 err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) | |
116 { | |
117 aes_icm_ctx_t *icm; | |
118 int tmp; | |
119 uint8_t *allptr; | |
120 | |
121 debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len); | |
122 | |
123 /* | |
124 * Verify the key_len is valid for one of: AES-128/192/256 | |
125 */ | |
126 if (key_len != AES_128_KEYSIZE_WSALT && | |
127 #ifndef SRTP_NO_AES192 | |
128 key_len != AES_192_KEYSIZE_WSALT && | |
129 #endif | |
130 key_len != AES_256_KEYSIZE_WSALT) { | |
131 return err_status_bad_param; | |
132 } | |
133 | |
134 /* allocate memory a cipher of type aes_icm */ | |
135 tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t); | |
136 allptr = (uint8_t*)crypto_alloc(tmp); | |
137 if (allptr == NULL) { | |
138 return err_status_alloc_fail; | |
139 } | |
140 | |
141 /* set pointers */ | |
142 *c = (cipher_t*)allptr; | |
143 (*c)->state = allptr + sizeof(cipher_t); | |
144 icm = (aes_icm_ctx_t*)(*c)->state; | |
145 | |
146 /* increment ref_count */ | |
147 switch (key_len) { | |
148 case AES_128_KEYSIZE_WSALT: | |
149 (*c)->algorithm = AES_128_ICM; | |
150 (*c)->type = &aes_icm; | |
151 aes_icm.ref_count++; | |
152 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; | |
153 break; | |
154 #ifndef SRTP_NO_AES192 | |
155 case AES_192_KEYSIZE_WSALT: | |
156 (*c)->algorithm = AES_192_ICM; | |
157 (*c)->type = &aes_icm_192; | |
158 aes_icm_192.ref_count++; | |
159 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE; | |
160 break; | |
161 #endif | |
162 case AES_256_KEYSIZE_WSALT: | |
163 (*c)->algorithm = AES_256_ICM; | |
164 (*c)->type = &aes_icm_256; | |
165 aes_icm_256.ref_count++; | |
166 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; | |
167 break; | |
168 } | |
169 | |
170 /* set key size */ | |
171 (*c)->key_len = key_len; | |
172 EVP_CIPHER_CTX_init(&icm->ctx); | |
173 | |
174 return err_status_ok; | |
175 } | |
176 | |
177 | |
178 /* | |
179 * This function deallocates an instance of this engine | |
180 */ | |
181 err_status_t aes_icm_openssl_dealloc (cipher_t *c) | |
182 { | |
183 aes_icm_ctx_t *ctx; | |
184 | |
185 if (c == NULL) { | |
186 return err_status_bad_param; | |
187 } | |
188 | |
189 /* | |
190 * Free the EVP context | |
191 */ | |
192 ctx = (aes_icm_ctx_t*)c->state; | |
193 if (ctx != NULL) { | |
194 EVP_CIPHER_CTX_cleanup(&ctx->ctx); | |
195 /* decrement ref_count for the appropriate engine */ | |
196 switch (ctx->key_size) { | |
197 case AES_256_KEYSIZE: | |
198 aes_icm_256.ref_count--; | |
199 break; | |
200 #ifndef SRTP_NO_AES192 | |
201 case AES_192_KEYSIZE: | |
202 aes_icm_192.ref_count--; | |
203 break; | |
204 #endif | |
205 case AES_128_KEYSIZE: | |
206 aes_icm.ref_count--; | |
207 break; | |
208 default: | |
209 return err_status_dealloc_fail; | |
210 break; | |
211 } | |
212 } | |
213 | |
214 /* zeroize entire state*/ | |
215 octet_string_set_to_zero((uint8_t*)c, | |
216 sizeof(cipher_t) + sizeof(aes_icm_ctx_t)); | |
217 | |
218 /* free memory */ | |
219 crypto_free(c); | |
220 | |
221 return err_status_ok; | |
222 } | |
223 | |
224 /* | |
225 * aes_icm_openssl_context_init(...) initializes the aes_icm_context | |
226 * using the value in key[]. | |
227 * | |
228 * the key is the secret key | |
229 * | |
230 * the salt is unpredictable (but not necessarily secret) data which | |
231 * randomizes the starting point in the keystream | |
232 */ | |
233 err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key,
int len) | |
234 { | |
235 /* | |
236 * set counter and initial values to 'offset' value, being careful not to | |
237 * go past the end of the key buffer | |
238 */ | |
239 | |
240 if (c->key_size + SALT_SIZE != len) | |
241 return err_status_bad_param; | |
242 | |
243 v128_set_to_zero(&c->counter); | |
244 v128_set_to_zero(&c->offset); | |
245 memcpy(&c->counter, key + c->key_size, SALT_SIZE); | |
246 memcpy(&c->offset, key + c->key_size, SALT_SIZE); | |
247 | |
248 /* force last two octets of the offset to zero (for srtp compatibility) */ | |
249 c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0; | |
250 c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0; | |
251 | |
252 /* copy key to be used later when CiscoSSL crypto context is created */ | |
253 v128_copy_octet_string((v128_t*)&c->key, key); | |
254 | |
255 /* if the key is greater than 16 bytes, copy the second | |
256 * half. Note, we treat AES-192 and AES-256 the same here | |
257 * for simplicity. The storage location receiving the | |
258 * key is statically allocated to handle a full 32 byte key | |
259 * regardless of the cipher in use. | |
260 */ | |
261 if (c->key_size == AES_256_KEYSIZE | |
262 #ifndef SRTP_NO_AES192 | |
263 || c->key_size == AES_192_KEYSIZE | |
264 #endif | |
265 ) { | |
266 debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s", | |
267 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); | |
268 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZ
E); | |
269 } | |
270 | |
271 debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); | |
272 debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); | |
273 | |
274 EVP_CIPHER_CTX_cleanup(&c->ctx); | |
275 | |
276 return err_status_ok; | |
277 } | |
278 | |
279 | |
280 /* | |
281 * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with | |
282 * the offset | |
283 */ | |
284 err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir) | |
285 { | |
286 const EVP_CIPHER *evp; | |
287 v128_t nonce; | |
288 | |
289 /* set nonce (for alignment) */ | |
290 v128_copy_octet_string(&nonce, iv); | |
291 | |
292 debug_print(mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); | |
293 | |
294 v128_xor(&c->counter, &c->offset, &nonce); | |
295 | |
296 debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); | |
297 | |
298 switch (c->key_size) { | |
299 case AES_256_KEYSIZE: | |
300 evp = EVP_aes_256_ctr(); | |
301 break; | |
302 #ifndef SRTP_NO_AES192 | |
303 case AES_192_KEYSIZE: | |
304 evp = EVP_aes_192_ctr(); | |
305 break; | |
306 #endif | |
307 case AES_128_KEYSIZE: | |
308 evp = EVP_aes_128_ctr(); | |
309 break; | |
310 default: | |
311 return err_status_bad_param; | |
312 break; | |
313 } | |
314 | |
315 if (!EVP_EncryptInit_ex(&c->ctx, evp, | |
316 NULL, c->key.v8, c->counter.v8)) { | |
317 return err_status_fail; | |
318 } else { | |
319 return err_status_ok; | |
320 } | |
321 } | |
322 | |
323 /* | |
324 * This function encrypts a buffer using AES CTR mode | |
325 * | |
326 * Parameters: | |
327 * c Crypto context | |
328 * buf data to encrypt | |
329 * enc_len length of encrypt buffer | |
330 */ | |
331 err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi
gned int *enc_len) | |
332 { | |
333 int len = 0; | |
334 | |
335 debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); | |
336 | |
337 if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) { | |
338 return err_status_cipher_fail; | |
339 } | |
340 *enc_len = len; | |
341 | |
342 if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) { | |
343 return err_status_cipher_fail; | |
344 } | |
345 *enc_len += len; | |
346 | |
347 return err_status_ok; | |
348 } | |
349 | |
350 uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c) | |
351 { | |
352 return htons(c->counter.v16[7]); | |
353 } | |
354 | |
355 /* | |
356 * Name of this crypto engine | |
357 */ | |
358 char aes_icm_openssl_description[] = "AES-128 counter mode using openssl"; | |
359 #ifndef SRTP_NO_AES192 | |
360 char aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl"; | |
361 #endif | |
362 char aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; | |
363 | |
364 | |
365 /* | |
366 * KAT values for AES self-test. These | |
367 * values came from the legacy libsrtp code. | |
368 */ | |
369 uint8_t aes_icm_test_case_0_key[AES_128_KEYSIZE_WSALT] = { | |
370 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
371 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, | |
372 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
373 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd | |
374 }; | |
375 | |
376 uint8_t aes_icm_test_case_0_nonce[16] = { | |
377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
378 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
379 }; | |
380 | |
381 uint8_t aes_icm_test_case_0_plaintext[32] = { | |
382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
383 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
385 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
386 }; | |
387 | |
388 uint8_t aes_icm_test_case_0_ciphertext[32] = { | |
389 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, | |
390 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, | |
391 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, | |
392 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab | |
393 }; | |
394 | |
395 cipher_test_case_t aes_icm_test_case_0 = { | |
396 AES_128_KEYSIZE_WSALT, /* octets in key */ | |
397 aes_icm_test_case_0_key, /* key */ | |
398 aes_icm_test_case_0_nonce, /* packet index */ | |
399 32, /* octets in plaintext */ | |
400 aes_icm_test_case_0_plaintext, /* plaintext */ | |
401 32, /* octets in ciphertext */ | |
402 aes_icm_test_case_0_ciphertext, /* ciphertext */ | |
403 0, | |
404 NULL, | |
405 0, | |
406 NULL /* pointer to next testcase */ | |
407 }; | |
408 | |
409 #ifndef SRTP_NO_AES192 | |
410 /* | |
411 * KAT values for AES-192-CTR self-test. These | |
412 * values came from section 7 of RFC 6188. | |
413 */ | |
414 uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = { | |
415 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, | |
416 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, | |
417 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7, | |
418 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
419 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd | |
420 }; | |
421 | |
422 uint8_t aes_icm_192_test_case_1_nonce[16] = { | |
423 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
424 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
425 }; | |
426 | |
427 uint8_t aes_icm_192_test_case_1_plaintext[32] = { | |
428 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
429 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
430 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
431 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
432 }; | |
433 | |
434 uint8_t aes_icm_192_test_case_1_ciphertext[32] = { | |
435 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, | |
436 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, | |
437 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, | |
438 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a | |
439 }; | |
440 | |
441 cipher_test_case_t aes_icm_192_test_case_1 = { | |
442 AES_192_KEYSIZE_WSALT, /* octets in key */ | |
443 aes_icm_192_test_case_1_key, /* key */ | |
444 aes_icm_192_test_case_1_nonce, /* packet index */ | |
445 32, /* octets in plaintext */ | |
446 aes_icm_192_test_case_1_plaintext, /* plaintext */ | |
447 32, /* octets in ciphertext */ | |
448 aes_icm_192_test_case_1_ciphertext, /* ciphertext */ | |
449 0, | |
450 NULL, | |
451 0, | |
452 NULL /* pointer to next testcase */ | |
453 }; | |
454 #endif | |
455 | |
456 /* | |
457 * KAT values for AES-256-CTR self-test. These | |
458 * values came from section 7 of RFC 6188. | |
459 */ | |
460 uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = { | |
461 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, | |
462 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, | |
463 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, | |
464 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, | |
465 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
466 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd | |
467 }; | |
468 | |
469 uint8_t aes_icm_256_test_case_2_nonce[16] = { | |
470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
472 }; | |
473 | |
474 uint8_t aes_icm_256_test_case_2_plaintext[32] = { | |
475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
476 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
477 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
478 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
479 }; | |
480 | |
481 uint8_t aes_icm_256_test_case_2_ciphertext[32] = { | |
482 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, | |
483 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, | |
484 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, | |
485 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac | |
486 }; | |
487 | |
488 cipher_test_case_t aes_icm_256_test_case_2 = { | |
489 AES_256_KEYSIZE_WSALT, /* octets in key */ | |
490 aes_icm_256_test_case_2_key, /* key */ | |
491 aes_icm_256_test_case_2_nonce, /* packet index */ | |
492 32, /* octets in plaintext */ | |
493 aes_icm_256_test_case_2_plaintext, /* plaintext */ | |
494 32, /* octets in ciphertext */ | |
495 aes_icm_256_test_case_2_ciphertext, /* ciphertext */ | |
496 0, | |
497 NULL, | |
498 0, | |
499 NULL /* pointer to next testcase */ | |
500 }; | |
501 | |
502 /* | |
503 * This is the function table for this crypto engine. | |
504 * note: the encrypt function is identical to the decrypt function | |
505 */ | |
506 cipher_type_t aes_icm = { | |
507 (cipher_alloc_func_t) aes_icm_openssl_alloc, | |
508 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, | |
509 (cipher_init_func_t) aes_icm_openssl_context_init, | |
510 (cipher_set_aad_func_t) 0, | |
511 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, | |
512 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, | |
513 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, | |
514 (cipher_get_tag_func_t) 0, | |
515 (char*) aes_icm_openssl_description, | |
516 (int) 0, /* instance count */ | |
517 (cipher_test_case_t*) &aes_icm_test_case_0, | |
518 (debug_module_t*) &mod_aes_icm, | |
519 (cipher_type_id_t) AES_ICM | |
520 }; | |
521 | |
522 #ifndef SRTP_NO_AES192 | |
523 /* | |
524 * This is the function table for this crypto engine. | |
525 * note: the encrypt function is identical to the decrypt function | |
526 */ | |
527 cipher_type_t aes_icm_192 = { | |
528 (cipher_alloc_func_t) aes_icm_openssl_alloc, | |
529 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, | |
530 (cipher_init_func_t) aes_icm_openssl_context_init, | |
531 (cipher_set_aad_func_t) 0, | |
532 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, | |
533 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, | |
534 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, | |
535 (cipher_get_tag_func_t) 0, | |
536 (char*) aes_icm_192_openssl_description, | |
537 (int) 0, /* instance count */ | |
538 (cipher_test_case_t*) &aes_icm_192_test_case_1, | |
539 (debug_module_t*) &mod_aes_icm, | |
540 (cipher_type_id_t) AES_192_ICM | |
541 }; | |
542 #endif | |
543 | |
544 /* | |
545 * This is the function table for this crypto engine. | |
546 * note: the encrypt function is identical to the decrypt function | |
547 */ | |
548 cipher_type_t aes_icm_256 = { | |
549 (cipher_alloc_func_t) aes_icm_openssl_alloc, | |
550 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, | |
551 (cipher_init_func_t) aes_icm_openssl_context_init, | |
552 (cipher_set_aad_func_t) 0, | |
553 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, | |
554 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, | |
555 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, | |
556 (cipher_get_tag_func_t) 0, | |
557 (char*) aes_icm_256_openssl_description, | |
558 (int) 0, /* instance count */ | |
559 (cipher_test_case_t*) &aes_icm_256_test_case_2, | |
560 (debug_module_t*) &mod_aes_icm, | |
561 (cipher_type_id_t) AES_256_ICM | |
562 }; | |
563 | |
OLD | NEW |