| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * xfm.c | 2 * xfm.c |
| 3 * | 3 * |
| 4 * Crypto transform implementation | 4 * Crypto transform implementation |
| 5 * | 5 * |
| 6 * David A. McGrew | 6 * David A. McGrew |
| 7 * Cisco Systems, Inc. | 7 * Cisco Systems, Inc. |
| 8 */ | 8 */ |
| 9 /* | |
| 10 * | |
| 11 * Copyright (c) 2001-2006, Cisco Systems, Inc. | |
| 12 * All rights reserved. | |
| 13 * | |
| 14 * Redistribution and use in source and binary forms, with or without | |
| 15 * modification, are permitted provided that the following conditions | |
| 16 * are met: | |
| 17 * | |
| 18 * Redistributions of source code must retain the above copyright | |
| 19 * notice, this list of conditions and the following disclaimer. | |
| 20 * | |
| 21 * Redistributions in binary form must reproduce the above | |
| 22 * copyright notice, this list of conditions and the following | |
| 23 * disclaimer in the documentation and/or other materials provided | |
| 24 * with the distribution. | |
| 25 * | |
| 26 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
| 27 * contributors may be used to endorse or promote products derived | |
| 28 * from this software without specific prior written permission. | |
| 29 * | |
| 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
| 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 41 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 42 * | |
| 43 */ | |
| 44 | 9 |
| 45 #include "cryptoalg.h" | 10 #include "cryptoalg.h" |
| 46 #include "aes_cbc.h" | 11 #include "aes_cbc.h" |
| 47 #include "hmac.h" | 12 #include "hmac.h" |
| 48 #include "crypto_kernel.h" /* for crypto_get_random() */ | 13 #include "crypto_kernel.h" /* for crypto_get_random() */ |
| 49 | 14 |
| 50 #define KEY_LEN 16 | 15 #define KEY_LEN 16 |
| 51 #define ENC_KEY_LEN 16 | 16 #define ENC_KEY_LEN 16 |
| 52 #define MAC_KEY_LEN 16 | 17 #define MAC_KEY_LEN 16 |
| 53 #define IV_LEN 16 | 18 #define IV_LEN 16 |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 205 return err_status_auth_fail; | 170 return err_status_auth_fail; |
| 206 | 171 |
| 207 } | 172 } |
| 208 | 173 |
| 209 return err_status_ok; | 174 return err_status_ok; |
| 210 } | 175 } |
| 211 | 176 |
| 212 | 177 |
| 213 #define ENC 1 | 178 #define ENC 1 |
| 214 | 179 |
| 215 #define DEBUG 0 | 180 #define DEBUG_PRINT 0 |
| 216 | 181 |
| 217 err_status_t | 182 err_status_t |
| 218 aes_128_cbc_hmac_sha1_96_enc(void *key, | 183 aes_128_cbc_hmac_sha1_96_enc(void *key, |
| 219 const void *clear, | 184 const void *clear, |
| 220 unsigned clear_len, | 185 unsigned clear_len, |
| 221 void *iv, | 186 void *iv, |
| 222 void *opaque, | 187 void *opaque, |
| 223 unsigned *opaque_len) { | 188 unsigned *opaque_len) { |
| 224 aes_cbc_ctx_t aes_ctx; | 189 aes_cbc_ctx_t aes_ctx; |
| 225 hmac_ctx_t hmac_ctx; | 190 hmac_ctx_t hmac_ctx; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 236 } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { | 201 } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { |
| 237 | 202 |
| 238 /* | 203 /* |
| 239 * bad parameter - we expect either all three pointers to be NULL, | 204 * bad parameter - we expect either all three pointers to be NULL, |
| 240 * or none of those pointers to be NULL | 205 * or none of those pointers to be NULL |
| 241 */ | 206 */ |
| 242 return err_status_fail; | 207 return err_status_fail; |
| 243 | 208 |
| 244 } else { | 209 } else { |
| 245 | 210 |
| 246 #if DEBUG | 211 #if DEBUG_PRINT |
| 247 printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN)); | 212 printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN)); |
| 248 #endif | 213 #endif |
| 249 | 214 |
| 250 /* derive encryption and authentication keys from the input key */ | 215 /* derive encryption and authentication keys from the input key */ |
| 251 status = hmac_init(&hmac_ctx, key, KEY_LEN); | 216 status = hmac_init(&hmac_ctx, key, KEY_LEN); |
| 252 if (status) return status; | 217 if (status) return status; |
| 253 status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); | 218 status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); |
| 254 if (status) return status; | 219 if (status) return status; |
| 255 | 220 |
| 256 status = hmac_init(&hmac_ctx, key, KEY_LEN); | 221 status = hmac_init(&hmac_ctx, key, KEY_LEN); |
| 257 if (status) return status; | 222 if (status) return status; |
| 258 status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); | 223 status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); |
| 259 if (status) return status; | 224 if (status) return status; |
| 260 | 225 |
| 261 | 226 |
| 262 /* perform encryption and authentication */ | 227 /* perform encryption and authentication */ |
| 263 | 228 |
| 264 /* set aes key */ | 229 /* set aes key */ |
| 265 status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt)
; | 230 status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt)
; |
| 266 if (status) return status; | 231 if (status) return status; |
| 267 | 232 |
| 268 /* set iv */ | 233 /* set iv */ |
| 269 status = rand_source_get_octet_string(iv, IV_LEN); | 234 status = rand_source_get_octet_string(iv, IV_LEN); |
| 270 if (status) return status; | 235 if (status) return status; |
| 271 status = aes_cbc_set_iv(&aes_ctx, iv); | 236 status = aes_cbc_set_iv(&aes_ctx, iv); |
| 272 if (status) return status; | 237 if (status) return status; |
| 273 | 238 |
| 274 #if DEBUG | 239 #if DEBUG_PRINT |
| 275 printf("plaintext len: %d\n", *opaque_len); | 240 printf("plaintext len: %d\n", *opaque_len); |
| 276 printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); | 241 printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); |
| 277 printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len)); | 242 printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len)); |
| 278 #endif | 243 #endif |
| 279 | 244 |
| 280 #if ENC | 245 #if ENC |
| 281 /* encrypt the opaque data */ | 246 /* encrypt the opaque data */ |
| 282 status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len); | 247 status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len); |
| 283 if (status) return status; | 248 if (status) return status; |
| 284 #endif | 249 #endif |
| 285 | 250 |
| 286 #if DEBUG | 251 #if DEBUG_PRINT |
| 287 printf("ciphertext len: %d\n", *opaque_len); | 252 printf("ciphertext len: %d\n", *opaque_len); |
| 288 printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len)); | 253 printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len)); |
| 289 #endif | 254 #endif |
| 290 | 255 |
| 291 /* | 256 /* |
| 292 * authenticate clear and opaque data, then write the | 257 * authenticate clear and opaque data, then write the |
| 293 * authentication tag to the location immediately following the | 258 * authentication tag to the location immediately following the |
| 294 * ciphertext | 259 * ciphertext |
| 295 */ | 260 */ |
| 296 status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); | 261 status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); |
| 297 if (status) return status; | 262 if (status) return status; |
| 298 | 263 |
| 299 status = hmac_start(&hmac_ctx); | 264 status = hmac_start(&hmac_ctx); |
| 300 if (status) return status; | 265 if (status) return status; |
| 301 | 266 |
| 302 status = hmac_update(&hmac_ctx, clear, clear_len); | 267 status = hmac_update(&hmac_ctx, clear, clear_len); |
| 303 if (status) return status; | 268 if (status) return status; |
| 304 #if DEBUG | 269 #if DEBUG_PRINT |
| 305 printf("hmac input: %s\n", | 270 printf("hmac input: %s\n", |
| 306 octet_string_hex_string(clear, clear_len)); | 271 octet_string_hex_string(clear, clear_len)); |
| 307 #endif | 272 #endif |
| 308 auth_tag = (unsigned char *)opaque; | 273 auth_tag = (unsigned char *)opaque; |
| 309 auth_tag += *opaque_len; | 274 auth_tag += *opaque_len; |
| 310 status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag); | 275 status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag); |
| 311 if (status) return status; | 276 if (status) return status; |
| 312 #if DEBUG | 277 #if DEBUG_PRINT |
| 313 printf("hmac input: %s\n", | 278 printf("hmac input: %s\n", |
| 314 octet_string_hex_string(opaque, *opaque_len)); | 279 octet_string_hex_string(opaque, *opaque_len)); |
| 315 #endif | 280 #endif |
| 316 /* bump up the opaque_len to reflect the authentication tag */ | 281 /* bump up the opaque_len to reflect the authentication tag */ |
| 317 *opaque_len += TAG_LEN; | 282 *opaque_len += TAG_LEN; |
| 318 | 283 |
| 319 #if DEBUG | 284 #if DEBUG_PRINT |
| 320 printf("prot data len: %d\n", *opaque_len); | 285 printf("prot data len: %d\n", *opaque_len); |
| 321 printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len)); | 286 printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len)); |
| 322 #endif | 287 #endif |
| 323 } | 288 } |
| 324 | 289 |
| 325 return err_status_ok; | 290 return err_status_ok; |
| 326 } | 291 } |
| 327 | 292 |
| 328 err_status_t | 293 err_status_t |
| 329 aes_128_cbc_hmac_sha1_96_dec(void *key, | 294 aes_128_cbc_hmac_sha1_96_dec(void *key, |
| (...skipping 19 matching lines...) Expand all Loading... |
| 349 | 314 |
| 350 } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { | 315 } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { |
| 351 | 316 |
| 352 /* | 317 /* |
| 353 * bad parameter - we expect either all three pointers to be NULL, | 318 * bad parameter - we expect either all three pointers to be NULL, |
| 354 * or none of those pointers to be NULL | 319 * or none of those pointers to be NULL |
| 355 */ | 320 */ |
| 356 return err_status_fail; | 321 return err_status_fail; |
| 357 | 322 |
| 358 } else { | 323 } else { |
| 359 #if DEBUG | 324 #if DEBUG_PRINT |
| 360 printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN)); | 325 printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN)); |
| 361 #endif | 326 #endif |
| 362 | 327 |
| 363 /* derive encryption and authentication keys from the input key */ | 328 /* derive encryption and authentication keys from the input key */ |
| 364 status = hmac_init(&hmac_ctx, key, KEY_LEN); | 329 status = hmac_init(&hmac_ctx, key, KEY_LEN); |
| 365 if (status) return status; | 330 if (status) return status; |
| 366 status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); | 331 status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); |
| 367 if (status) return status; | 332 if (status) return status; |
| 368 | 333 |
| 369 status = hmac_init(&hmac_ctx, key, KEY_LEN); | 334 status = hmac_init(&hmac_ctx, key, KEY_LEN); |
| 370 if (status) return status; | 335 if (status) return status; |
| 371 status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); | 336 status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); |
| 372 if (status) return status; | 337 if (status) return status; |
| 373 | 338 |
| 374 #if DEBUG | 339 #if DEBUG_PRINT |
| 375 printf("prot data len: %d\n", *opaque_len); | 340 printf("prot data len: %d\n", *opaque_len); |
| 376 printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len)); | 341 printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len)); |
| 377 #endif | 342 #endif |
| 378 | 343 |
| 379 /* | 344 /* |
| 380 * set the protected data length to that of the ciphertext, by | 345 * set the protected data length to that of the ciphertext, by |
| 381 * subtracting out the length of the authentication tag | 346 * subtracting out the length of the authentication tag |
| 382 */ | 347 */ |
| 383 ciphertext_len = *opaque_len - TAG_LEN; | 348 ciphertext_len = *opaque_len - TAG_LEN; |
| 384 | 349 |
| 385 #if DEBUG | 350 #if DEBUG_PRINT |
| 386 printf("ciphertext len: %d\n", ciphertext_len); | 351 printf("ciphertext len: %d\n", ciphertext_len); |
| 387 #endif | 352 #endif |
| 388 /* verify the authentication tag */ | 353 /* verify the authentication tag */ |
| 389 | 354 |
| 390 /* | 355 /* |
| 391 * compute the authentication tag for the clear and opaque data, | 356 * compute the authentication tag for the clear and opaque data, |
| 392 * and write it to a temporary location | 357 * and write it to a temporary location |
| 393 */ | 358 */ |
| 394 status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); | 359 status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); |
| 395 if (status) return status; | 360 if (status) return status; |
| 396 | 361 |
| 397 status = hmac_start(&hmac_ctx); | 362 status = hmac_start(&hmac_ctx); |
| 398 if (status) return status; | 363 if (status) return status; |
| 399 | 364 |
| 400 status = hmac_update(&hmac_ctx, clear, clear_len); | 365 status = hmac_update(&hmac_ctx, clear, clear_len); |
| 401 if (status) return status; | 366 if (status) return status; |
| 402 | 367 |
| 403 #if DEBUG | 368 #if DEBUG_PRINT |
| 404 printf("hmac input: %s\n", | 369 printf("hmac input: %s\n", |
| 405 octet_string_hex_string(clear, clear_len)); | 370 octet_string_hex_string(clear, clear_len)); |
| 406 #endif | 371 #endif |
| 407 | 372 |
| 408 status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag); | 373 status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag); |
| 409 if (status) return status; | 374 if (status) return status; |
| 410 | 375 |
| 411 #if DEBUG | 376 #if DEBUG_PRINT |
| 412 printf("hmac input: %s\n", | 377 printf("hmac input: %s\n", |
| 413 octet_string_hex_string(opaque, ciphertext_len)); | 378 octet_string_hex_string(opaque, ciphertext_len)); |
| 414 #endif | 379 #endif |
| 415 | 380 |
| 416 /* | 381 /* |
| 417 * compare the computed tag with the one provided as input (which | 382 * compare the computed tag with the one provided as input (which |
| 418 * immediately follows the ciphertext) | 383 * immediately follows the ciphertext) |
| 419 */ | 384 */ |
| 420 auth_tag = (unsigned char *)opaque; | 385 auth_tag = (unsigned char *)opaque; |
| 421 auth_tag += ciphertext_len; | 386 auth_tag += ciphertext_len; |
| 422 #if DEBUG | 387 #if DEBUG_PRINT |
| 423 printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN)); | 388 printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN)); |
| 424 printf("tmp_tag: %s\n", octet_string_hex_string(tmp_tag, TAG_LEN)); | 389 printf("tmp_tag: %s\n", octet_string_hex_string(tmp_tag, TAG_LEN)); |
| 425 #endif | 390 #endif |
| 426 for (i=0; i < TAG_LEN; i++) { | 391 for (i=0; i < TAG_LEN; i++) { |
| 427 if (tmp_tag[i] != auth_tag[i]) | 392 if (tmp_tag[i] != auth_tag[i]) |
| 428 return err_status_auth_fail; | 393 return err_status_auth_fail; |
| 429 } | 394 } |
| 430 | 395 |
| 431 /* bump down the opaque_len to reflect the authentication tag */ | 396 /* bump down the opaque_len to reflect the authentication tag */ |
| 432 *opaque_len -= TAG_LEN; | 397 *opaque_len -= TAG_LEN; |
| 433 | 398 |
| 434 /* decrypt the confidential data */ | 399 /* decrypt the confidential data */ |
| 435 status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt)
; | 400 status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt)
; |
| 436 if (status) return status; | 401 if (status) return status; |
| 437 status = aes_cbc_set_iv(&aes_ctx, iv); | 402 status = aes_cbc_set_iv(&aes_ctx, iv); |
| 438 if (status) return status; | 403 if (status) return status; |
| 439 | 404 |
| 440 #if DEBUG | 405 #if DEBUG_PRINT |
| 441 printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len)); | 406 printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len)); |
| 442 printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); | 407 printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); |
| 443 #endif | 408 #endif |
| 444 | 409 |
| 445 #if ENC | 410 #if ENC |
| 446 status = aes_cbc_nist_decrypt(&aes_ctx, opaque, &ciphertext_len); | 411 status = aes_cbc_nist_decrypt(&aes_ctx, opaque, &ciphertext_len); |
| 447 if (status) return status; | 412 if (status) return status; |
| 448 #endif | 413 #endif |
| 449 | 414 |
| 450 #if DEBUG | 415 #if DEBUG_PRINT |
| 451 printf("plaintext len: %d\n", ciphertext_len); | 416 printf("plaintext len: %d\n", ciphertext_len); |
| 452 printf("plaintext: %s\n", | 417 printf("plaintext: %s\n", |
| 453 octet_string_hex_string(opaque, ciphertext_len)); | 418 octet_string_hex_string(opaque, ciphertext_len)); |
| 454 #endif | 419 #endif |
| 455 | 420 |
| 456 /* indicate the length of the plaintext */ | 421 /* indicate the length of the plaintext */ |
| 457 *opaque_len = ciphertext_len; | 422 *opaque_len = ciphertext_len; |
| 458 } | 423 } |
| 459 | 424 |
| 460 return err_status_ok; | 425 return err_status_ok; |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 492 } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { | 457 } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { |
| 493 | 458 |
| 494 /* | 459 /* |
| 495 * bad parameter - we expect either all three pointers to be NULL, | 460 * bad parameter - we expect either all three pointers to be NULL, |
| 496 * or none of those pointers to be NULL | 461 * or none of those pointers to be NULL |
| 497 */ | 462 */ |
| 498 return err_status_fail; | 463 return err_status_fail; |
| 499 | 464 |
| 500 } else { | 465 } else { |
| 501 | 466 |
| 502 #if DEBUG | 467 #if DEBUG_PRINT |
| 503 printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN)); | 468 printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN)); |
| 504 printf("NULL_TAG_LEN: %d\n", NULL_TAG_LEN); | 469 printf("NULL_TAG_LEN: %d\n", NULL_TAG_LEN); |
| 505 printf("plaintext len: %d\n", *opaque_len); | 470 printf("plaintext len: %d\n", *opaque_len); |
| 506 #endif | 471 #endif |
| 507 for (i=0; i < IV_LEN; i++) | 472 for (i=0; i < IV_LEN; i++) |
| 508 init_vec[i] = i + (i * 16); | 473 init_vec[i] = i + (i * 16); |
| 509 #if DEBUG | 474 #if DEBUG_PRINT |
| 510 printf("iv: %s\n", | 475 printf("iv: %s\n", |
| 511 octet_string_hex_string(iv, IV_LEN)); | 476 octet_string_hex_string(iv, IV_LEN)); |
| 512 printf("plaintext: %s\n", | 477 printf("plaintext: %s\n", |
| 513 octet_string_hex_string(opaque, *opaque_len)); | 478 octet_string_hex_string(opaque, *opaque_len)); |
| 514 #endif | 479 #endif |
| 515 auth_tag = opaque; | 480 auth_tag = opaque; |
| 516 auth_tag += *opaque_len; | 481 auth_tag += *opaque_len; |
| 517 for (i=0; i < NULL_TAG_LEN; i++) | 482 for (i=0; i < NULL_TAG_LEN; i++) |
| 518 auth_tag[i] = i + (i * 16); | 483 auth_tag[i] = i + (i * 16); |
| 519 *opaque_len += NULL_TAG_LEN; | 484 *opaque_len += NULL_TAG_LEN; |
| 520 #if DEBUG | 485 #if DEBUG_PRINT |
| 521 printf("protected data len: %d\n", *opaque_len); | 486 printf("protected data len: %d\n", *opaque_len); |
| 522 printf("protected data: %s\n", | 487 printf("protected data: %s\n", |
| 523 octet_string_hex_string(opaque, *opaque_len)); | 488 octet_string_hex_string(opaque, *opaque_len)); |
| 524 #endif | 489 #endif |
| 525 | 490 |
| 526 } | 491 } |
| 527 | 492 |
| 528 return err_status_ok; | 493 return err_status_ok; |
| 529 } | 494 } |
| 530 | 495 |
| (...skipping 14 matching lines...) Expand all Loading... |
| 545 } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { | 510 } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { |
| 546 | 511 |
| 547 /* | 512 /* |
| 548 * bad parameter - we expect either all three pointers to be NULL, | 513 * bad parameter - we expect either all three pointers to be NULL, |
| 549 * or none of those pointers to be NULL | 514 * or none of those pointers to be NULL |
| 550 */ | 515 */ |
| 551 return err_status_fail; | 516 return err_status_fail; |
| 552 | 517 |
| 553 } else { | 518 } else { |
| 554 | 519 |
| 555 #if DEBUG | 520 #if DEBUG_PRINT |
| 556 printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN)); | 521 printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN)); |
| 557 | 522 |
| 558 printf("protected data len: %d\n", *opaque_len); | 523 printf("protected data len: %d\n", *opaque_len); |
| 559 printf("protected data: %s\n", | 524 printf("protected data: %s\n", |
| 560 octet_string_hex_string(opaque, *opaque_len)); | 525 octet_string_hex_string(opaque, *opaque_len)); |
| 561 #endif | 526 #endif |
| 562 auth_tag = opaque; | 527 auth_tag = opaque; |
| 563 auth_tag += (*opaque_len - NULL_TAG_LEN); | 528 auth_tag += (*opaque_len - NULL_TAG_LEN); |
| 564 #if DEBUG | 529 #if DEBUG_PRINT |
| 565 printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); | 530 printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); |
| 566 #endif | 531 #endif |
| 567 *opaque_len -= NULL_TAG_LEN; | 532 *opaque_len -= NULL_TAG_LEN; |
| 568 #if DEBUG | 533 #if DEBUG_PRINT |
| 569 printf("plaintext len: %d\n", *opaque_len); | 534 printf("plaintext len: %d\n", *opaque_len); |
| 570 printf("plaintext: %s\n", | 535 printf("plaintext: %s\n", |
| 571 octet_string_hex_string(opaque, *opaque_len)); | 536 octet_string_hex_string(opaque, *opaque_len)); |
| 572 #endif | 537 #endif |
| 573 } | 538 } |
| 574 | 539 |
| 575 return err_status_ok; | 540 return err_status_ok; |
| 576 } | 541 } |
| 577 | 542 |
| 578 cryptoalg_ctx_t null_cryptoalg_ctx = { | 543 cryptoalg_ctx_t null_cryptoalg_ctx = { |
| (...skipping 17 matching lines...) Expand all Loading... |
| 596 cryptoalg_t | 561 cryptoalg_t |
| 597 cryptoalg_find_by_id(int id) { | 562 cryptoalg_find_by_id(int id) { |
| 598 switch(id) { | 563 switch(id) { |
| 599 case 1: | 564 case 1: |
| 600 return cryptoalg; | 565 return cryptoalg; |
| 601 default: | 566 default: |
| 602 break; | 567 break; |
| 603 } | 568 } |
| 604 return 0; | 569 return 0; |
| 605 } | 570 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 889083003:
Update libsrtp to upstream 1.5.0 (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/libsrtp@master