OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * aes_icm_ossl.c |
| 3 * |
| 4 * AES Integer Counter Mode |
| 5 * |
| 6 * John A. Foley |
| 7 * Cisco Systems, Inc. |
| 8 * |
| 9 * 2/24/2012: This module was modified to use CiscoSSL for AES counter |
| 10 * mode. Eddy Lem contributed the code to allow this. |
| 11 * |
| 12 * 12/20/2012: Added support for AES-192 and AES-256. |
| 13 */ |
| 14 |
| 15 /* |
| 16 * |
| 17 * Copyright (c) 2013, Cisco Systems, Inc. |
| 18 * All rights reserved. |
| 19 * |
| 20 * Redistribution and use in source and binary forms, with or without |
| 21 * modification, are permitted provided that the following conditions |
| 22 * are met: |
| 23 * |
| 24 * Redistributions of source code must retain the above copyright |
| 25 * notice, this list of conditions and the following disclaimer. |
| 26 * |
| 27 * Redistributions in binary form must reproduce the above |
| 28 * copyright notice, this list of conditions and the following |
| 29 * disclaimer in the documentation and/or other materials provided |
| 30 * with the distribution. |
| 31 * |
| 32 * Neither the name of the Cisco Systems, Inc. nor the names of its |
| 33 * contributors may be used to endorse or promote products derived |
| 34 * from this software without specific prior written permission. |
| 35 * |
| 36 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 37 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 38 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 39 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 40 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| 41 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 42 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 43 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 47 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 48 * |
| 49 */ |
| 50 |
| 51 #ifdef HAVE_CONFIG_H |
| 52 #include <config.h> |
| 53 #endif |
| 54 |
| 55 #include <openssl/evp.h> |
| 56 #include "aes_icm_ossl.h" |
| 57 #include "crypto_types.h" |
| 58 #include "alloc.h" |
| 59 #include "crypto_types.h" |
| 60 |
| 61 |
| 62 debug_module_t mod_aes_icm = { |
| 63 0, /* debugging is off by default */ |
| 64 "aes icm ossl" /* printable module name */ |
| 65 }; |
| 66 extern cipher_test_case_t aes_icm_test_case_0; |
| 67 extern cipher_type_t aes_icm; |
| 68 #ifndef OPENSSL_IS_BORINGSSL |
| 69 extern cipher_type_t aes_icm_192; |
| 70 #endif |
| 71 extern cipher_type_t aes_icm_256; |
| 72 |
| 73 /* |
| 74 * integer counter mode works as follows: |
| 75 * |
| 76 * 16 bits |
| 77 * <-----> |
| 78 * +------+------+------+------+------+------+------+------+ |
| 79 * | nonce | pakcet index | ctr |---+ |
| 80 * +------+------+------+------+------+------+------+------+ | |
| 81 * | |
| 82 * +------+------+------+------+------+------+------+------+ v |
| 83 * | salt |000000|->(+) |
| 84 * +------+------+------+------+------+------+------+------+ | |
| 85 * | |
| 86 * +---------+ |
| 87 * | encrypt | |
| 88 * +---------+ |
| 89 * | |
| 90 * +------+------+------+------+------+------+------+------+ | |
| 91 * | keystream block |<--+ |
| 92 * +------+------+------+------+------+------+------+------+ |
| 93 * |
| 94 * All fields are big-endian |
| 95 * |
| 96 * ctr is the block counter, which increments from zero for |
| 97 * each packet (16 bits wide) |
| 98 * |
| 99 * packet index is distinct for each packet (48 bits wide) |
| 100 * |
| 101 * nonce can be distinct across many uses of the same key, or |
| 102 * can be a fixed value per key, or can be per-packet randomness |
| 103 * (64 bits) |
| 104 * |
| 105 */ |
| 106 |
| 107 /* |
| 108 * This function allocates a new instance of this crypto engine. |
| 109 * The key_len parameter should be one of 30, 38, or 46 for |
| 110 * AES-128, AES-192, and AES-256 respectively. Note, this key_len |
| 111 * value is inflated, as it also accounts for the 112 bit salt |
| 112 * value. The tlen argument is for the AEAD tag length, which |
| 113 * isn't used in counter mode. |
| 114 */ |
| 115 err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) |
| 116 { |
| 117 aes_icm_ctx_t *icm; |
| 118 int tmp; |
| 119 uint8_t *allptr; |
| 120 |
| 121 debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len); |
| 122 |
| 123 /* |
| 124 * Verify the key_len is valid for one of: AES-128/192/256 |
| 125 */ |
| 126 if (key_len != AES_128_KEYSIZE_WSALT && |
| 127 #ifndef OPENSSL_IS_BORINGSSL |
| 128 key_len != AES_192_KEYSIZE_WSALT && |
| 129 #endif |
| 130 key_len != AES_256_KEYSIZE_WSALT) { |
| 131 return err_status_bad_param; |
| 132 } |
| 133 |
| 134 /* allocate memory a cipher of type aes_icm */ |
| 135 tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t); |
| 136 allptr = (uint8_t*)crypto_alloc(tmp); |
| 137 if (allptr == NULL) { |
| 138 return err_status_alloc_fail; |
| 139 } |
| 140 |
| 141 /* set pointers */ |
| 142 *c = (cipher_t*)allptr; |
| 143 (*c)->state = allptr + sizeof(cipher_t); |
| 144 icm = (aes_icm_ctx_t*)(*c)->state; |
| 145 |
| 146 /* increment ref_count */ |
| 147 switch (key_len) { |
| 148 case AES_128_KEYSIZE_WSALT: |
| 149 (*c)->algorithm = AES_128_ICM; |
| 150 (*c)->type = &aes_icm; |
| 151 aes_icm.ref_count++; |
| 152 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; |
| 153 break; |
| 154 #ifndef OPENSSL_IS_BORINGSSL |
| 155 case AES_192_KEYSIZE_WSALT: |
| 156 (*c)->algorithm = AES_192_ICM; |
| 157 (*c)->type = &aes_icm_192; |
| 158 aes_icm_192.ref_count++; |
| 159 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE; |
| 160 break; |
| 161 #endif |
| 162 case AES_256_KEYSIZE_WSALT: |
| 163 (*c)->algorithm = AES_256_ICM; |
| 164 (*c)->type = &aes_icm_256; |
| 165 aes_icm_256.ref_count++; |
| 166 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; |
| 167 break; |
| 168 } |
| 169 |
| 170 /* set key size */ |
| 171 (*c)->key_len = key_len; |
| 172 EVP_CIPHER_CTX_init(&icm->ctx); |
| 173 |
| 174 return err_status_ok; |
| 175 } |
| 176 |
| 177 |
| 178 /* |
| 179 * This function deallocates an instance of this engine |
| 180 */ |
| 181 err_status_t aes_icm_openssl_dealloc (cipher_t *c) |
| 182 { |
| 183 aes_icm_ctx_t *ctx; |
| 184 |
| 185 if (c == NULL) { |
| 186 return err_status_bad_param; |
| 187 } |
| 188 |
| 189 /* |
| 190 * Free the EVP context |
| 191 */ |
| 192 ctx = (aes_icm_ctx_t*)c->state; |
| 193 if (ctx != NULL) { |
| 194 EVP_CIPHER_CTX_cleanup(&ctx->ctx); |
| 195 /* decrement ref_count for the appropriate engine */ |
| 196 switch (ctx->key_size) { |
| 197 case AES_256_KEYSIZE: |
| 198 aes_icm_256.ref_count--; |
| 199 break; |
| 200 #ifndef OPENSSL_IS_BORINGSSL |
| 201 case AES_192_KEYSIZE: |
| 202 aes_icm_192.ref_count--; |
| 203 break; |
| 204 #endif |
| 205 case AES_128_KEYSIZE: |
| 206 aes_icm.ref_count--; |
| 207 break; |
| 208 default: |
| 209 return err_status_dealloc_fail; |
| 210 break; |
| 211 } |
| 212 } |
| 213 |
| 214 /* zeroize entire state*/ |
| 215 octet_string_set_to_zero((uint8_t*)c, |
| 216 sizeof(cipher_t) + sizeof(aes_icm_ctx_t)); |
| 217 |
| 218 /* free memory */ |
| 219 crypto_free(c); |
| 220 |
| 221 return err_status_ok; |
| 222 } |
| 223 |
| 224 /* |
| 225 * aes_icm_openssl_context_init(...) initializes the aes_icm_context |
| 226 * using the value in key[]. |
| 227 * |
| 228 * the key is the secret key |
| 229 * |
| 230 * the salt is unpredictable (but not necessarily secret) data which |
| 231 * randomizes the starting point in the keystream |
| 232 */ |
| 233 err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key) |
| 234 { |
| 235 /* |
| 236 * set counter and initial values to 'offset' value, being careful not to |
| 237 * go past the end of the key buffer |
| 238 */ |
| 239 v128_set_to_zero(&c->counter); |
| 240 v128_set_to_zero(&c->offset); |
| 241 memcpy(&c->counter, key + c->key_size, SALT_SIZE); |
| 242 memcpy(&c->offset, key + c->key_size, SALT_SIZE); |
| 243 |
| 244 /* force last two octets of the offset to zero (for srtp compatibility) */ |
| 245 c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0; |
| 246 c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0; |
| 247 |
| 248 /* copy key to be used later when CiscoSSL crypto context is created */ |
| 249 v128_copy_octet_string((v128_t*)&c->key, key); |
| 250 |
| 251 /* if the key is greater than 16 bytes, copy the second |
| 252 * half. Note, we treat AES-192 and AES-256 the same here |
| 253 * for simplicity. The storage location receiving the |
| 254 * key is statically allocated to handle a full 32 byte key |
| 255 * regardless of the cipher in use. |
| 256 */ |
| 257 if (c->key_size == AES_256_KEYSIZE |
| 258 #ifndef OPENSSL_IS_BORINGSSL |
| 259 || c->key_size == AES_192_KEYSIZE |
| 260 #endif |
| 261 ) { |
| 262 debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s", |
| 263 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); |
| 264 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZ
E); |
| 265 } |
| 266 |
| 267 debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); |
| 268 debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); |
| 269 |
| 270 EVP_CIPHER_CTX_cleanup(&c->ctx); |
| 271 |
| 272 return err_status_ok; |
| 273 } |
| 274 |
| 275 |
| 276 /* |
| 277 * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with |
| 278 * the offset |
| 279 */ |
| 280 err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir) |
| 281 { |
| 282 const EVP_CIPHER *evp; |
| 283 v128_t *nonce = (v128_t*)iv; |
| 284 |
| 285 debug_print(mod_aes_icm, "setting iv: %s", v128_hex_string(nonce)); |
| 286 |
| 287 v128_xor(&c->counter, &c->offset, nonce); |
| 288 |
| 289 debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); |
| 290 |
| 291 switch (c->key_size) { |
| 292 case AES_256_KEYSIZE: |
| 293 evp = EVP_aes_256_ctr(); |
| 294 break; |
| 295 #ifndef OPENSSL_IS_BORINGSSL |
| 296 case AES_192_KEYSIZE: |
| 297 evp = EVP_aes_192_ctr(); |
| 298 break; |
| 299 #endif |
| 300 case AES_128_KEYSIZE: |
| 301 evp = EVP_aes_128_ctr(); |
| 302 break; |
| 303 default: |
| 304 return err_status_bad_param; |
| 305 break; |
| 306 } |
| 307 |
| 308 if (!EVP_EncryptInit_ex(&c->ctx, evp, |
| 309 NULL, c->key.v8, c->counter.v8)) { |
| 310 return err_status_fail; |
| 311 } else { |
| 312 return err_status_ok; |
| 313 } |
| 314 } |
| 315 |
| 316 /* |
| 317 * This function encrypts a buffer using AES CTR mode |
| 318 * |
| 319 * Parameters: |
| 320 * c Crypto context |
| 321 * buf data to encrypt |
| 322 * enc_len length of encrypt buffer |
| 323 */ |
| 324 err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi
gned int *enc_len) |
| 325 { |
| 326 int len = 0; |
| 327 |
| 328 debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); |
| 329 |
| 330 if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) { |
| 331 return err_status_cipher_fail; |
| 332 } |
| 333 *enc_len = len; |
| 334 |
| 335 if (!EVP_EncryptFinal_ex(&c->ctx, buf, (int*)&len)) { |
| 336 return err_status_cipher_fail; |
| 337 } |
| 338 *enc_len += len; |
| 339 |
| 340 return err_status_ok; |
| 341 } |
| 342 |
| 343 /* |
| 344 * Abstraction layer for encrypt. |
| 345 */ |
| 346 err_status_t aes_icm_output (aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_t
o_output) |
| 347 { |
| 348 unsigned int len = num_octets_to_output; |
| 349 |
| 350 /* zeroize the buffer */ |
| 351 octet_string_set_to_zero(buffer, num_octets_to_output); |
| 352 |
| 353 /* exor keystream into buffer */ |
| 354 return aes_icm_openssl_encrypt(c, buffer, &len); |
| 355 } |
| 356 |
| 357 /* |
| 358 * Name of this crypto engine |
| 359 */ |
| 360 char aes_icm_openssl_description[] = "AES-128 counter mode using openssl"; |
| 361 #ifndef OPENSSL_IS_BORINGSSL |
| 362 char aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl"; |
| 363 #endif |
| 364 char aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; |
| 365 |
| 366 |
| 367 /* |
| 368 * KAT values for AES self-test. These |
| 369 * values came from the legacy libsrtp code. |
| 370 */ |
| 371 uint8_t aes_icm_test_case_0_key[AES_128_KEYSIZE_WSALT] = { |
| 372 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, |
| 373 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, |
| 374 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
| 375 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
| 376 }; |
| 377 |
| 378 uint8_t aes_icm_test_case_0_nonce[16] = { |
| 379 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 380 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
| 381 }; |
| 382 |
| 383 uint8_t aes_icm_test_case_0_plaintext[32] = { |
| 384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 385 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 386 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 388 }; |
| 389 |
| 390 uint8_t aes_icm_test_case_0_ciphertext[32] = { |
| 391 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, |
| 392 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, |
| 393 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, |
| 394 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab |
| 395 }; |
| 396 |
| 397 cipher_test_case_t aes_icm_test_case_0 = { |
| 398 AES_128_KEYSIZE_WSALT, /* octets in key */ |
| 399 aes_icm_test_case_0_key, /* key */ |
| 400 aes_icm_test_case_0_nonce, /* packet index */ |
| 401 32, /* octets in plaintext */ |
| 402 aes_icm_test_case_0_plaintext, /* plaintext */ |
| 403 32, /* octets in ciphertext */ |
| 404 aes_icm_test_case_0_ciphertext, /* ciphertext */ |
| 405 0, |
| 406 NULL, |
| 407 0, |
| 408 NULL /* pointer to next testcase */ |
| 409 }; |
| 410 |
| 411 #ifndef OPENSSL_IS_BORINGSSL |
| 412 /* |
| 413 * KAT values for AES-192-CTR self-test. These |
| 414 * values came from section 7 of RFC 6188. |
| 415 */ |
| 416 uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = { |
| 417 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, |
| 418 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, |
| 419 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7, |
| 420 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
| 421 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
| 422 }; |
| 423 |
| 424 uint8_t aes_icm_192_test_case_1_nonce[16] = { |
| 425 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 426 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
| 427 }; |
| 428 |
| 429 uint8_t aes_icm_192_test_case_1_plaintext[32] = { |
| 430 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 431 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 432 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 433 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 434 }; |
| 435 |
| 436 uint8_t aes_icm_192_test_case_1_ciphertext[32] = { |
| 437 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, |
| 438 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, |
| 439 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, |
| 440 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a |
| 441 }; |
| 442 |
| 443 cipher_test_case_t aes_icm_192_test_case_1 = { |
| 444 AES_192_KEYSIZE_WSALT, /* octets in key */ |
| 445 aes_icm_192_test_case_1_key, /* key */ |
| 446 aes_icm_192_test_case_1_nonce, /* packet index */ |
| 447 32, /* octets in plaintext */ |
| 448 aes_icm_192_test_case_1_plaintext, /* plaintext */ |
| 449 32, /* octets in ciphertext */ |
| 450 aes_icm_192_test_case_1_ciphertext, /* ciphertext */ |
| 451 0, |
| 452 NULL, |
| 453 0, |
| 454 NULL /* pointer to next testcase */ |
| 455 }; |
| 456 #endif |
| 457 |
| 458 |
| 459 /* |
| 460 * KAT values for AES-256-CTR self-test. These |
| 461 * values came from section 7 of RFC 6188. |
| 462 */ |
| 463 uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = { |
| 464 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, |
| 465 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, |
| 466 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, |
| 467 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, |
| 468 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
| 469 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
| 470 }; |
| 471 |
| 472 uint8_t aes_icm_256_test_case_2_nonce[16] = { |
| 473 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 474 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
| 475 }; |
| 476 |
| 477 uint8_t aes_icm_256_test_case_2_plaintext[32] = { |
| 478 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 479 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 480 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 481 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 482 }; |
| 483 |
| 484 uint8_t aes_icm_256_test_case_2_ciphertext[32] = { |
| 485 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, |
| 486 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, |
| 487 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, |
| 488 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac |
| 489 }; |
| 490 |
| 491 cipher_test_case_t aes_icm_256_test_case_2 = { |
| 492 AES_256_KEYSIZE_WSALT, /* octets in key */ |
| 493 aes_icm_256_test_case_2_key, /* key */ |
| 494 aes_icm_256_test_case_2_nonce, /* packet index */ |
| 495 32, /* octets in plaintext */ |
| 496 aes_icm_256_test_case_2_plaintext, /* plaintext */ |
| 497 32, /* octets in ciphertext */ |
| 498 aes_icm_256_test_case_2_ciphertext, /* ciphertext */ |
| 499 0, |
| 500 NULL, |
| 501 0, |
| 502 NULL /* pointer to next testcase */ |
| 503 }; |
| 504 |
| 505 /* |
| 506 * This is the function table for this crypto engine. |
| 507 * note: the encrypt function is identical to the decrypt function |
| 508 */ |
| 509 cipher_type_t aes_icm = { |
| 510 (cipher_alloc_func_t) aes_icm_openssl_alloc, |
| 511 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, |
| 512 (cipher_init_func_t) aes_icm_openssl_context_init, |
| 513 (cipher_set_aad_func_t) 0, |
| 514 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, |
| 515 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, |
| 516 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, |
| 517 (cipher_get_tag_func_t) 0, |
| 518 (char*) aes_icm_openssl_description, |
| 519 (int) 0, /* instance count */ |
| 520 (cipher_test_case_t*) &aes_icm_test_case_0, |
| 521 (debug_module_t*) &mod_aes_icm, |
| 522 (cipher_type_id_t) AES_ICM |
| 523 }; |
| 524 |
| 525 #ifndef OPENSSL_IS_BORINGSSL |
| 526 /* |
| 527 * This is the function table for this crypto engine. |
| 528 * note: the encrypt function is identical to the decrypt function |
| 529 */ |
| 530 cipher_type_t aes_icm_192 = { |
| 531 (cipher_alloc_func_t) aes_icm_openssl_alloc, |
| 532 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, |
| 533 (cipher_init_func_t) aes_icm_openssl_context_init, |
| 534 (cipher_set_aad_func_t) 0, |
| 535 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, |
| 536 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, |
| 537 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, |
| 538 (cipher_get_tag_func_t) 0, |
| 539 (char*) aes_icm_192_openssl_description, |
| 540 (int) 0, /* instance count */ |
| 541 (cipher_test_case_t*) &aes_icm_192_test_case_1, |
| 542 (debug_module_t*) &mod_aes_icm, |
| 543 (cipher_type_id_t) AES_192_ICM |
| 544 }; |
| 545 #endif |
| 546 |
| 547 /* |
| 548 * This is the function table for this crypto engine. |
| 549 * note: the encrypt function is identical to the decrypt function |
| 550 */ |
| 551 cipher_type_t aes_icm_256 = { |
| 552 (cipher_alloc_func_t) aes_icm_openssl_alloc, |
| 553 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, |
| 554 (cipher_init_func_t) aes_icm_openssl_context_init, |
| 555 (cipher_set_aad_func_t) 0, |
| 556 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, |
| 557 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, |
| 558 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, |
| 559 (cipher_get_tag_func_t) 0, |
| 560 (char*) aes_icm_256_openssl_description, |
| 561 (int) 0, /* instance count */ |
| 562 (cipher_test_case_t*) &aes_icm_256_test_case_2, |
| 563 (debug_module_t*) &mod_aes_icm, |
| 564 (cipher_type_id_t) AES_256_ICM |
| 565 }; |
| 566 |
OLD | NEW |