OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * aes_icm_ossl.c |
| 3 * |
| 4 * AES Integer Counter Mode |
| 5 * |
| 6 * John A. Foley |
| 7 * Cisco Systems, Inc. |
| 8 * |
| 9 * 2/24/2012: This module was modified to use CiscoSSL for AES counter |
| 10 * mode. Eddy Lem contributed the code to allow this. |
| 11 * |
| 12 * 12/20/2012: Added support for AES-192 and AES-256. |
| 13 */ |
| 14 |
| 15 /* |
| 16 * |
| 17 * Copyright (c) 2013, Cisco Systems, Inc. |
| 18 * All rights reserved. |
| 19 * |
| 20 * Redistribution and use in source and binary forms, with or without |
| 21 * modification, are permitted provided that the following conditions |
| 22 * are met: |
| 23 * |
| 24 * Redistributions of source code must retain the above copyright |
| 25 * notice, this list of conditions and the following disclaimer. |
| 26 * |
| 27 * Redistributions in binary form must reproduce the above |
| 28 * copyright notice, this list of conditions and the following |
| 29 * disclaimer in the documentation and/or other materials provided |
| 30 * with the distribution. |
| 31 * |
| 32 * Neither the name of the Cisco Systems, Inc. nor the names of its |
| 33 * contributors may be used to endorse or promote products derived |
| 34 * from this software without specific prior written permission. |
| 35 * |
| 36 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 37 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 38 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 39 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 40 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| 41 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 42 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 43 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 47 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 48 * |
| 49 */ |
| 50 |
| 51 #ifdef HAVE_CONFIG_H |
| 52 #include <config.h> |
| 53 #endif |
| 54 |
| 55 #include <openssl/evp.h> |
| 56 #include "aes_icm_ossl.h" |
| 57 #include "crypto_types.h" |
| 58 #include "alloc.h" |
| 59 #include "crypto_types.h" |
| 60 |
| 61 |
| 62 debug_module_t mod_aes_icm = { |
| 63 0, /* debugging is off by default */ |
| 64 "aes icm ossl" /* printable module name */ |
| 65 }; |
| 66 extern cipher_test_case_t aes_icm_test_case_0; |
| 67 extern cipher_type_t aes_icm; |
| 68 #ifndef SRTP_NO_AES192 |
| 69 extern cipher_type_t aes_icm_192; |
| 70 #endif |
| 71 extern cipher_type_t aes_icm_256; |
| 72 |
| 73 /* |
| 74 * integer counter mode works as follows: |
| 75 * |
| 76 * 16 bits |
| 77 * <-----> |
| 78 * +------+------+------+------+------+------+------+------+ |
| 79 * | nonce | packet index | ctr |---+ |
| 80 * +------+------+------+------+------+------+------+------+ | |
| 81 * | |
| 82 * +------+------+------+------+------+------+------+------+ v |
| 83 * | salt |000000|->(+) |
| 84 * +------+------+------+------+------+------+------+------+ | |
| 85 * | |
| 86 * +---------+ |
| 87 * | encrypt | |
| 88 * +---------+ |
| 89 * | |
| 90 * +------+------+------+------+------+------+------+------+ | |
| 91 * | keystream block |<--+ |
| 92 * +------+------+------+------+------+------+------+------+ |
| 93 * |
| 94 * All fields are big-endian |
| 95 * |
| 96 * ctr is the block counter, which increments from zero for |
| 97 * each packet (16 bits wide) |
| 98 * |
| 99 * packet index is distinct for each packet (48 bits wide) |
| 100 * |
| 101 * nonce can be distinct across many uses of the same key, or |
| 102 * can be a fixed value per key, or can be per-packet randomness |
| 103 * (64 bits) |
| 104 * |
| 105 */ |
| 106 |
| 107 /* |
| 108 * This function allocates a new instance of this crypto engine. |
| 109 * The key_len parameter should be one of 30, 38, or 46 for |
| 110 * AES-128, AES-192, and AES-256 respectively. Note, this key_len |
| 111 * value is inflated, as it also accounts for the 112 bit salt |
| 112 * value. The tlen argument is for the AEAD tag length, which |
| 113 * isn't used in counter mode. |
| 114 */ |
| 115 err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) |
| 116 { |
| 117 aes_icm_ctx_t *icm; |
| 118 int tmp; |
| 119 uint8_t *allptr; |
| 120 |
| 121 debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len); |
| 122 |
| 123 /* |
| 124 * Verify the key_len is valid for one of: AES-128/192/256 |
| 125 */ |
| 126 if (key_len != AES_128_KEYSIZE_WSALT && |
| 127 #ifndef SRTP_NO_AES192 |
| 128 key_len != AES_192_KEYSIZE_WSALT && |
| 129 #endif |
| 130 key_len != AES_256_KEYSIZE_WSALT) { |
| 131 return err_status_bad_param; |
| 132 } |
| 133 |
| 134 /* allocate memory a cipher of type aes_icm */ |
| 135 tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t); |
| 136 allptr = (uint8_t*)crypto_alloc(tmp); |
| 137 if (allptr == NULL) { |
| 138 return err_status_alloc_fail; |
| 139 } |
| 140 |
| 141 /* set pointers */ |
| 142 *c = (cipher_t*)allptr; |
| 143 (*c)->state = allptr + sizeof(cipher_t); |
| 144 icm = (aes_icm_ctx_t*)(*c)->state; |
| 145 |
| 146 /* increment ref_count */ |
| 147 switch (key_len) { |
| 148 case AES_128_KEYSIZE_WSALT: |
| 149 (*c)->algorithm = AES_128_ICM; |
| 150 (*c)->type = &aes_icm; |
| 151 aes_icm.ref_count++; |
| 152 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; |
| 153 break; |
| 154 #ifndef SRTP_NO_AES192 |
| 155 case AES_192_KEYSIZE_WSALT: |
| 156 (*c)->algorithm = AES_192_ICM; |
| 157 (*c)->type = &aes_icm_192; |
| 158 aes_icm_192.ref_count++; |
| 159 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE; |
| 160 break; |
| 161 #endif |
| 162 case AES_256_KEYSIZE_WSALT: |
| 163 (*c)->algorithm = AES_256_ICM; |
| 164 (*c)->type = &aes_icm_256; |
| 165 aes_icm_256.ref_count++; |
| 166 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; |
| 167 break; |
| 168 } |
| 169 |
| 170 /* set key size */ |
| 171 (*c)->key_len = key_len; |
| 172 EVP_CIPHER_CTX_init(&icm->ctx); |
| 173 |
| 174 return err_status_ok; |
| 175 } |
| 176 |
| 177 |
| 178 /* |
| 179 * This function deallocates an instance of this engine |
| 180 */ |
| 181 err_status_t aes_icm_openssl_dealloc (cipher_t *c) |
| 182 { |
| 183 aes_icm_ctx_t *ctx; |
| 184 |
| 185 if (c == NULL) { |
| 186 return err_status_bad_param; |
| 187 } |
| 188 |
| 189 /* |
| 190 * Free the EVP context |
| 191 */ |
| 192 ctx = (aes_icm_ctx_t*)c->state; |
| 193 if (ctx != NULL) { |
| 194 EVP_CIPHER_CTX_cleanup(&ctx->ctx); |
| 195 /* decrement ref_count for the appropriate engine */ |
| 196 switch (ctx->key_size) { |
| 197 case AES_256_KEYSIZE: |
| 198 aes_icm_256.ref_count--; |
| 199 break; |
| 200 #ifndef SRTP_NO_AES192 |
| 201 case AES_192_KEYSIZE: |
| 202 aes_icm_192.ref_count--; |
| 203 break; |
| 204 #endif |
| 205 case AES_128_KEYSIZE: |
| 206 aes_icm.ref_count--; |
| 207 break; |
| 208 default: |
| 209 return err_status_dealloc_fail; |
| 210 break; |
| 211 } |
| 212 } |
| 213 |
| 214 /* zeroize entire state*/ |
| 215 octet_string_set_to_zero((uint8_t*)c, |
| 216 sizeof(cipher_t) + sizeof(aes_icm_ctx_t)); |
| 217 |
| 218 /* free memory */ |
| 219 crypto_free(c); |
| 220 |
| 221 return err_status_ok; |
| 222 } |
| 223 |
| 224 /* |
| 225 * aes_icm_openssl_context_init(...) initializes the aes_icm_context |
| 226 * using the value in key[]. |
| 227 * |
| 228 * the key is the secret key |
| 229 * |
| 230 * the salt is unpredictable (but not necessarily secret) data which |
| 231 * randomizes the starting point in the keystream |
| 232 */ |
| 233 err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key,
int len) |
| 234 { |
| 235 /* |
| 236 * set counter and initial values to 'offset' value, being careful not to |
| 237 * go past the end of the key buffer |
| 238 */ |
| 239 |
| 240 if (c->key_size + SALT_SIZE != len) |
| 241 return err_status_bad_param; |
| 242 |
| 243 v128_set_to_zero(&c->counter); |
| 244 v128_set_to_zero(&c->offset); |
| 245 memcpy(&c->counter, key + c->key_size, SALT_SIZE); |
| 246 memcpy(&c->offset, key + c->key_size, SALT_SIZE); |
| 247 |
| 248 /* force last two octets of the offset to zero (for srtp compatibility) */ |
| 249 c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0; |
| 250 c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0; |
| 251 |
| 252 /* copy key to be used later when CiscoSSL crypto context is created */ |
| 253 v128_copy_octet_string((v128_t*)&c->key, key); |
| 254 |
| 255 /* if the key is greater than 16 bytes, copy the second |
| 256 * half. Note, we treat AES-192 and AES-256 the same here |
| 257 * for simplicity. The storage location receiving the |
| 258 * key is statically allocated to handle a full 32 byte key |
| 259 * regardless of the cipher in use. |
| 260 */ |
| 261 if (c->key_size == AES_256_KEYSIZE |
| 262 #ifndef SRTP_NO_AES192 |
| 263 || c->key_size == AES_192_KEYSIZE |
| 264 #endif |
| 265 ) { |
| 266 debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s", |
| 267 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); |
| 268 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZ
E); |
| 269 } |
| 270 |
| 271 debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); |
| 272 debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); |
| 273 |
| 274 EVP_CIPHER_CTX_cleanup(&c->ctx); |
| 275 |
| 276 return err_status_ok; |
| 277 } |
| 278 |
| 279 |
| 280 /* |
| 281 * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with |
| 282 * the offset |
| 283 */ |
| 284 err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir) |
| 285 { |
| 286 const EVP_CIPHER *evp; |
| 287 v128_t nonce; |
| 288 |
| 289 /* set nonce (for alignment) */ |
| 290 v128_copy_octet_string(&nonce, iv); |
| 291 |
| 292 debug_print(mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); |
| 293 |
| 294 v128_xor(&c->counter, &c->offset, &nonce); |
| 295 |
| 296 debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); |
| 297 |
| 298 switch (c->key_size) { |
| 299 case AES_256_KEYSIZE: |
| 300 evp = EVP_aes_256_ctr(); |
| 301 break; |
| 302 #ifndef SRTP_NO_AES192 |
| 303 case AES_192_KEYSIZE: |
| 304 evp = EVP_aes_192_ctr(); |
| 305 break; |
| 306 #endif |
| 307 case AES_128_KEYSIZE: |
| 308 evp = EVP_aes_128_ctr(); |
| 309 break; |
| 310 default: |
| 311 return err_status_bad_param; |
| 312 break; |
| 313 } |
| 314 |
| 315 if (!EVP_EncryptInit_ex(&c->ctx, evp, |
| 316 NULL, c->key.v8, c->counter.v8)) { |
| 317 return err_status_fail; |
| 318 } else { |
| 319 return err_status_ok; |
| 320 } |
| 321 } |
| 322 |
| 323 /* |
| 324 * This function encrypts a buffer using AES CTR mode |
| 325 * |
| 326 * Parameters: |
| 327 * c Crypto context |
| 328 * buf data to encrypt |
| 329 * enc_len length of encrypt buffer |
| 330 */ |
| 331 err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi
gned int *enc_len) |
| 332 { |
| 333 int len = 0; |
| 334 |
| 335 debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); |
| 336 |
| 337 if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) { |
| 338 return err_status_cipher_fail; |
| 339 } |
| 340 *enc_len = len; |
| 341 |
| 342 if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) { |
| 343 return err_status_cipher_fail; |
| 344 } |
| 345 *enc_len += len; |
| 346 |
| 347 return err_status_ok; |
| 348 } |
| 349 |
| 350 uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c) |
| 351 { |
| 352 return htons(c->counter.v16[7]); |
| 353 } |
| 354 |
| 355 /* |
| 356 * Name of this crypto engine |
| 357 */ |
| 358 char aes_icm_openssl_description[] = "AES-128 counter mode using openssl"; |
| 359 #ifndef SRTP_NO_AES192 |
| 360 char aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl"; |
| 361 #endif |
| 362 char aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; |
| 363 |
| 364 |
| 365 /* |
| 366 * KAT values for AES self-test. These |
| 367 * values came from the legacy libsrtp code. |
| 368 */ |
| 369 uint8_t aes_icm_test_case_0_key[AES_128_KEYSIZE_WSALT] = { |
| 370 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, |
| 371 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, |
| 372 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
| 373 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
| 374 }; |
| 375 |
| 376 uint8_t aes_icm_test_case_0_nonce[16] = { |
| 377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 378 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
| 379 }; |
| 380 |
| 381 uint8_t aes_icm_test_case_0_plaintext[32] = { |
| 382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 383 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 385 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 386 }; |
| 387 |
| 388 uint8_t aes_icm_test_case_0_ciphertext[32] = { |
| 389 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, |
| 390 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, |
| 391 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, |
| 392 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab |
| 393 }; |
| 394 |
| 395 cipher_test_case_t aes_icm_test_case_0 = { |
| 396 AES_128_KEYSIZE_WSALT, /* octets in key */ |
| 397 aes_icm_test_case_0_key, /* key */ |
| 398 aes_icm_test_case_0_nonce, /* packet index */ |
| 399 32, /* octets in plaintext */ |
| 400 aes_icm_test_case_0_plaintext, /* plaintext */ |
| 401 32, /* octets in ciphertext */ |
| 402 aes_icm_test_case_0_ciphertext, /* ciphertext */ |
| 403 0, |
| 404 NULL, |
| 405 0, |
| 406 NULL /* pointer to next testcase */ |
| 407 }; |
| 408 |
| 409 #ifndef SRTP_NO_AES192 |
| 410 /* |
| 411 * KAT values for AES-192-CTR self-test. These |
| 412 * values came from section 7 of RFC 6188. |
| 413 */ |
| 414 uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = { |
| 415 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, |
| 416 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, |
| 417 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7, |
| 418 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
| 419 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
| 420 }; |
| 421 |
| 422 uint8_t aes_icm_192_test_case_1_nonce[16] = { |
| 423 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 424 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
| 425 }; |
| 426 |
| 427 uint8_t aes_icm_192_test_case_1_plaintext[32] = { |
| 428 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 429 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 430 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 431 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 432 }; |
| 433 |
| 434 uint8_t aes_icm_192_test_case_1_ciphertext[32] = { |
| 435 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, |
| 436 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, |
| 437 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, |
| 438 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a |
| 439 }; |
| 440 |
| 441 cipher_test_case_t aes_icm_192_test_case_1 = { |
| 442 AES_192_KEYSIZE_WSALT, /* octets in key */ |
| 443 aes_icm_192_test_case_1_key, /* key */ |
| 444 aes_icm_192_test_case_1_nonce, /* packet index */ |
| 445 32, /* octets in plaintext */ |
| 446 aes_icm_192_test_case_1_plaintext, /* plaintext */ |
| 447 32, /* octets in ciphertext */ |
| 448 aes_icm_192_test_case_1_ciphertext, /* ciphertext */ |
| 449 0, |
| 450 NULL, |
| 451 0, |
| 452 NULL /* pointer to next testcase */ |
| 453 }; |
| 454 #endif |
| 455 |
| 456 /* |
| 457 * KAT values for AES-256-CTR self-test. These |
| 458 * values came from section 7 of RFC 6188. |
| 459 */ |
| 460 uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = { |
| 461 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, |
| 462 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, |
| 463 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, |
| 464 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, |
| 465 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, |
| 466 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd |
| 467 }; |
| 468 |
| 469 uint8_t aes_icm_256_test_case_2_nonce[16] = { |
| 470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 |
| 472 }; |
| 473 |
| 474 uint8_t aes_icm_256_test_case_2_plaintext[32] = { |
| 475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 476 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 477 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 478 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 479 }; |
| 480 |
| 481 uint8_t aes_icm_256_test_case_2_ciphertext[32] = { |
| 482 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, |
| 483 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, |
| 484 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, |
| 485 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac |
| 486 }; |
| 487 |
| 488 cipher_test_case_t aes_icm_256_test_case_2 = { |
| 489 AES_256_KEYSIZE_WSALT, /* octets in key */ |
| 490 aes_icm_256_test_case_2_key, /* key */ |
| 491 aes_icm_256_test_case_2_nonce, /* packet index */ |
| 492 32, /* octets in plaintext */ |
| 493 aes_icm_256_test_case_2_plaintext, /* plaintext */ |
| 494 32, /* octets in ciphertext */ |
| 495 aes_icm_256_test_case_2_ciphertext, /* ciphertext */ |
| 496 0, |
| 497 NULL, |
| 498 0, |
| 499 NULL /* pointer to next testcase */ |
| 500 }; |
| 501 |
| 502 /* |
| 503 * This is the function table for this crypto engine. |
| 504 * note: the encrypt function is identical to the decrypt function |
| 505 */ |
| 506 cipher_type_t aes_icm = { |
| 507 (cipher_alloc_func_t) aes_icm_openssl_alloc, |
| 508 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, |
| 509 (cipher_init_func_t) aes_icm_openssl_context_init, |
| 510 (cipher_set_aad_func_t) 0, |
| 511 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, |
| 512 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, |
| 513 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, |
| 514 (cipher_get_tag_func_t) 0, |
| 515 (char*) aes_icm_openssl_description, |
| 516 (int) 0, /* instance count */ |
| 517 (cipher_test_case_t*) &aes_icm_test_case_0, |
| 518 (debug_module_t*) &mod_aes_icm, |
| 519 (cipher_type_id_t) AES_ICM |
| 520 }; |
| 521 |
| 522 #ifndef SRTP_NO_AES192 |
| 523 /* |
| 524 * This is the function table for this crypto engine. |
| 525 * note: the encrypt function is identical to the decrypt function |
| 526 */ |
| 527 cipher_type_t aes_icm_192 = { |
| 528 (cipher_alloc_func_t) aes_icm_openssl_alloc, |
| 529 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, |
| 530 (cipher_init_func_t) aes_icm_openssl_context_init, |
| 531 (cipher_set_aad_func_t) 0, |
| 532 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, |
| 533 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, |
| 534 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, |
| 535 (cipher_get_tag_func_t) 0, |
| 536 (char*) aes_icm_192_openssl_description, |
| 537 (int) 0, /* instance count */ |
| 538 (cipher_test_case_t*) &aes_icm_192_test_case_1, |
| 539 (debug_module_t*) &mod_aes_icm, |
| 540 (cipher_type_id_t) AES_192_ICM |
| 541 }; |
| 542 #endif |
| 543 |
| 544 /* |
| 545 * This is the function table for this crypto engine. |
| 546 * note: the encrypt function is identical to the decrypt function |
| 547 */ |
| 548 cipher_type_t aes_icm_256 = { |
| 549 (cipher_alloc_func_t) aes_icm_openssl_alloc, |
| 550 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, |
| 551 (cipher_init_func_t) aes_icm_openssl_context_init, |
| 552 (cipher_set_aad_func_t) 0, |
| 553 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, |
| 554 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, |
| 555 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, |
| 556 (cipher_get_tag_func_t) 0, |
| 557 (char*) aes_icm_256_openssl_description, |
| 558 (int) 0, /* instance count */ |
| 559 (cipher_test_case_t*) &aes_icm_256_test_case_2, |
| 560 (debug_module_t*) &mod_aes_icm, |
| 561 (cipher_type_id_t) AES_256_ICM |
| 562 }; |
| 563 |
OLD | NEW |