ismacryp_rc_t ismacrypGetKeyCount (ismacryp_session_id_t session,
uint8_t *keycount)
{
ismacryp_session_t *sp;
if (findInSessionList(session, &sp)) {
fprintf(stdout, "\nFailed to get key count. Unknown session %d\n", session);
return ismacryp_rc_sessid_error;
}
*keycount = sp->keycount;
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypGetDeltaIVLength (ismacryp_session_id_t session,
uint8_t *delta_iv_len)
{
ismacryp_session_t *sp;
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to get delta IV length. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
*delta_iv_len = sp->deltaIV_len;
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypSetIVLength (ismacryp_session_id_t session,
uint8_t iv_len)
{
ismacryp_session_t *sp;
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to set IV length. Unknown session %d\n", session);
return ismacryp_rc_sessid_error;
}
sp->IV_len = iv_len;
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypSetSelectiveEncryption (ismacryp_session_id_t session,
uint8_t selective_is_on )
{
ismacryp_session_t *sp;
if (findInSessionList(session, &sp)) {
fprintf(stdout, "\nFailed to set selective encryption. Unknown session %d\n", session);
return ismacryp_rc_sessid_error;
}
sp->selective_enc = selective_is_on;
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypEndSession (ismacryp_session_id_t session)
{
ismacryp_session_t *sp;
if( findInSessionList(session, &sp) ) {
fprintf(stdout, "\nEnd Session: %d FAILED\n", session);
return ismacryp_rc_sessid_error;
}
unInitSessionData(sp);
removeFromSessionList(session);
printSessionList();
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypDecryptSampleRemoveHeader (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data,
uint32_t *new_length,
uint8_t **new_data)
{
ismacryp_session_t *sp;
#ifndef NULL_ISMACRYP
err_status_t rc = err_status_ok;
#endif
uint8_t *temp_data;
int header_length;
int i;
uint32_t *IV;
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to decrypt+remove header. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
if (sp->selective_enc ) {
fprintf(stdout," Selective encryption is not supported.\n");
return ismacryp_rc_unsupported_error;
}
else {
header_length = ISMACRYP_DEFAULT_KEYINDICATOR_LENGTH +
sp->IV_len;
IV = (uint32_t *)(&data[header_length - sizeof(uint32_t)]);
*new_length = length - header_length;
temp_data = (uint8_t *) malloc((size_t) *new_length);
if ( temp_data == NULL ) {
fprintf(stdout, "Failed to decrypt+remove header, mem error. Session %d \n", session);
return ismacryp_rc_memory_error;
}
memcpy(temp_data, &data[header_length], *new_length);
}
ismacrypDecryptSampleRandomAccess(session, ntohl(*IV), *new_length, temp_data);
*new_data = temp_data;
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypDecryptSample (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data)
{
ismacryp_session_t *sp;
#ifdef HAVE_SRTP
err_status_t rc = err_status_ok;
uint8_t nonce[AES_KEY_LEN];
#endif
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to decrypt. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
#ifdef HAVE_SRTP
if ( sp->sample_count == 1 ) {
memset(nonce,0,AES_KEY_LEN);
//rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function.
rc=aes_icm_set_iv(sp->cp->state, nonce);
}
#endif
fprintf(stdout,"D s: %d #%05d L: %5d Ctr: %s Left: %d\n",
sp->sessid, sp->sample_count, length,
#ifdef HAVE_SRTP
v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
#ifdef HAVE_SRTP
// length will not be updated in calling function (obviously) awv.
rc=aes_icm_encrypt_ismacryp(sp->cp->state, data,&length, 1);
#endif
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypGetKey (ismacryp_session_id_t session,
uint8_t key_num,
uint8_t *key_len,
uint8_t *salt_len,
uint8_t **key,
uint8_t **salt,
uint8_t *lifetime_exp)
{
int i;
ismacryp_session_t *sp;
uint8_t *tempk, *temps;
// only support one key for now so key_num is irrelevant
if (findInSessionList(session, &sp)) {
fprintf(stdout, "\nFailed to get key. Unknown session %d\n", session);
return ismacryp_rc_sessid_error;
}
*key_len = AES_KEY_LEN;
*salt_len = AES_SALT_LEN;
*lifetime_exp = ISMACRYP_DEFAULT_KEY_LIFETIME_EXP;
tempk = (uint8_t *) malloc((size_t) *key_len);
temps = (uint8_t *) malloc((size_t) *salt_len);
if ( tempk == NULL || temps == NULL ) {
CHECK_AND_FREE(tempk);
CHECK_AND_FREE(temps);
fprintf(stdout, "\nFailed to get key mem error. Session %d\n", session);
return ismacryp_rc_memory_error;
}
for (i=0; i<*key_len; i++ ) {
tempk[i] = sp->kk.ksc.key[i];
}
*key = tempk;
for (i=0; i<*salt_len; i++ ) {
temps[i] = sp->kk.ksc.salt[i];
}
*salt = temps;
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypSetDeltaIVLength (ismacryp_session_id_t session,
uint8_t delta_iv_len)
{
ismacryp_session_t *sp;
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to set deltaIV length. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
if ( delta_iv_len > ISMACRYP_MAX_DELTA_IV_LENGTH ) {
fprintf(stdout, "Can't set deltaIV length for session %d, illegal length: %d . \n",
session, delta_iv_len);
return ismacryp_rc_protocol_error;
}
sp->deltaIV_len = delta_iv_len;
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypEncryptSample (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data)
{
ismacryp_session_t *sp;
uint8_t nonce[AES_KEY_LEN];
#ifndef NULL_ISMACRYP
err_status_t rc = err_status_ok;
#endif
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to encrypt. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n",
sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len,
#ifndef NULL_ISMACRYP
v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
#ifndef NULL_ISMACRYP
if ( sp->sample_count == 1 ) {
memset(nonce,0,AES_KEY_LEN);
//rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function.
rc=aes_icm_set_iv(sp->cp->state, nonce);
}
// length will not be updated in calling function (obviously) awv.
rc=aes_icm_encrypt(sp->cp->state, data,&length);
#endif
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypDecryptSampleRandomAccess (
ismacryp_session_id_t session,
uint32_t BSO,
uint32_t length,
uint8_t *data)
{
ismacryp_session_t *sp;
#ifdef HAVE_SRTP
err_status_t rc = err_status_ok;
uint8_t fakedata[16];
#endif
uint32_t counter;
uint32_t remainder;
uint8_t nonce[AES_KEY_LEN];
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to decrypt random access. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
// calculate counter from BSO
counter = BSO/AES_BYTES_PER_COUNT;
remainder = BSO%AES_BYTES_PER_COUNT;
if ( remainder ) {
// a non-zero remainder means that the key corresponding to
// counter has only decrypted a number of bytes equal
// to remainder in the preceding data. therefore that key must
// be used to decrypt the first (AES_BYTES_PER_COUNT - remainder)
// bytes of this data. so we need to first set the previous key
// and do a fake decrypt to get everything set up properly for this
// decrypt.
// this is the fake decrypt of remainder bytes.
memset(nonce,0,AES_KEY_LEN);
*((uint32_t *)(&nonce[12])) = htonl(counter);
#ifdef HAVE_SRTP
rc=aes_icm_set_iv(sp->cp->state, nonce);
rc=aes_icm_encrypt_ismacryp(sp->cp->state, fakedata, &remainder, 1);
#endif
// now calculate the correct counter for this data
counter++;
remainder = AES_BYTES_PER_COUNT - remainder;
}
memset(nonce,0,AES_KEY_LEN);
*((uint32_t *)(&nonce[12])) = htonl(counter);
#ifdef HAVE_SRTP
rc=aes_icm_set_iv(sp->cp->state, nonce);
// set the number of bytes the previous key should decrypt
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer = remainder;
#endif
fprintf(stdout,"D s: %d RA BSO: %7d L: %5d Ctr: %s Left: %d\n",
sp->sessid, BSO, length,
#ifdef HAVE_SRTP
//v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])),
"invalid",
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
// length will not be updated in calling function (obviously) awv.
#ifdef HAVE_SRTP
rc=aes_icm_encrypt_ismacryp(sp->cp->state, data,&length, 1);
#endif
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypEncryptSampleAddHeader (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data,
uint32_t *new_length,
uint8_t **new_data)
{
ismacryp_session_t *sp;
#ifdef HAVE_SRTP
err_status_t rc = err_status_ok;
uint8_t nonce[AES_KEY_LEN];
#endif
uint8_t *temp_data;
int header_length;
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to encrypt+add header. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
if (sp->selective_enc ) {
fprintf(stdout," Selective encryption is not supported.\n");
return ismacryp_rc_unsupported_error;
}
else {
header_length = ISMACRYP_DEFAULT_KEYINDICATOR_LENGTH +
sp->IV_len;
fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n",
sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len,
#ifdef HAVE_SRTP
v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
*new_length = header_length + length;
//fprintf(stdout," session: %d length : %d new length : %d\n",
// sp->sessid, length, *new_length);
temp_data = (uint8_t *) malloc((size_t) *new_length);
if ( temp_data == NULL ) {
fprintf(stdout, "Failed to encrypt+add header, mem error. Session %d \n", session);
return ismacryp_rc_memory_error;
}
memcpy( &temp_data[header_length], data, length);
memset(temp_data,0,header_length);
// this is where to set IV which for encryption is BSO
*((uint32_t *)(&temp_data[header_length-sizeof(uint32_t)])) = htonl(sp->BSO);
// increment BSO after setting IV
sp->BSO+=length;
}
#ifdef HAVE_SRTP
if ( sp->sample_count == 1 ) {
memset(nonce,0,AES_KEY_LEN);
//rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function.
rc=aes_icm_set_iv(sp->cp->state, nonce);
}
// length will not be updated in calling function (obviously) awv.
rc=aes_icm_encrypt_ismacryp(sp->cp->state, &temp_data[header_length],
&length, 1);
if (rc != err_status_ok) {
free(new_data);
new_data = NULL;
fprintf(stdout, "Failed to encrypt+add header. aes error %d %d \n", session, rc);
return ismacryp_rc_encrypt_error;
}
#endif
*new_data = temp_data;
return ismacryp_rc_ok;
}
