ismacryp_rc_t ismacrypGetKeyCount (ismacryp_session_id_t session, uint8_t *keycount) { ismacryp_session_t *sp; if (findInSessionList(session, &sp)) { fprintf(stdout, "\nFailed to get key count. Unknown session %d\n", session); return ismacryp_rc_sessid_error; } *keycount = sp->keycount; return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypGetDeltaIVLength (ismacryp_session_id_t session, uint8_t *delta_iv_len) { ismacryp_session_t *sp; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to get delta IV length. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } *delta_iv_len = sp->deltaIV_len; return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypSetIVLength (ismacryp_session_id_t session, uint8_t iv_len) { ismacryp_session_t *sp; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to set IV length. Unknown session %d\n", session); return ismacryp_rc_sessid_error; } sp->IV_len = iv_len; return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypSetSelectiveEncryption (ismacryp_session_id_t session, uint8_t selective_is_on ) { ismacryp_session_t *sp; if (findInSessionList(session, &sp)) { fprintf(stdout, "\nFailed to set selective encryption. Unknown session %d\n", session); return ismacryp_rc_sessid_error; } sp->selective_enc = selective_is_on; return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypEndSession (ismacryp_session_id_t session) { ismacryp_session_t *sp; if( findInSessionList(session, &sp) ) { fprintf(stdout, "\nEnd Session: %d FAILED\n", session); return ismacryp_rc_sessid_error; } unInitSessionData(sp); removeFromSessionList(session); printSessionList(); return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypDecryptSampleRemoveHeader (ismacryp_session_id_t session, uint32_t length, uint8_t *data, uint32_t *new_length, uint8_t **new_data) { ismacryp_session_t *sp; #ifndef NULL_ISMACRYP err_status_t rc = err_status_ok; #endif uint8_t *temp_data; int header_length; int i; uint32_t *IV; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to decrypt+remove header. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; if (sp->selective_enc ) { fprintf(stdout," Selective encryption is not supported.\n"); return ismacryp_rc_unsupported_error; } else { header_length = ISMACRYP_DEFAULT_KEYINDICATOR_LENGTH + sp->IV_len; IV = (uint32_t *)(&data[header_length - sizeof(uint32_t)]); *new_length = length - header_length; temp_data = (uint8_t *) malloc((size_t) *new_length); if ( temp_data == NULL ) { fprintf(stdout, "Failed to decrypt+remove header, mem error. Session %d \n", session); return ismacryp_rc_memory_error; } memcpy(temp_data, &data[header_length], *new_length); } ismacrypDecryptSampleRandomAccess(session, ntohl(*IV), *new_length, temp_data); *new_data = temp_data; return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypDecryptSample (ismacryp_session_id_t session, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; #ifdef HAVE_SRTP err_status_t rc = err_status_ok; uint8_t nonce[AES_KEY_LEN]; #endif if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to decrypt. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; #ifdef HAVE_SRTP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } #endif fprintf(stdout,"D s: %d #%05d L: %5d Ctr: %s Left: %d\n", sp->sessid, sp->sample_count, length, #ifdef HAVE_SRTP v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); #ifdef HAVE_SRTP // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt_ismacryp(sp->cp->state, data,&length, 1); #endif return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypGetKey (ismacryp_session_id_t session, uint8_t key_num, uint8_t *key_len, uint8_t *salt_len, uint8_t **key, uint8_t **salt, uint8_t *lifetime_exp) { int i; ismacryp_session_t *sp; uint8_t *tempk, *temps; // only support one key for now so key_num is irrelevant if (findInSessionList(session, &sp)) { fprintf(stdout, "\nFailed to get key. Unknown session %d\n", session); return ismacryp_rc_sessid_error; } *key_len = AES_KEY_LEN; *salt_len = AES_SALT_LEN; *lifetime_exp = ISMACRYP_DEFAULT_KEY_LIFETIME_EXP; tempk = (uint8_t *) malloc((size_t) *key_len); temps = (uint8_t *) malloc((size_t) *salt_len); if ( tempk == NULL || temps == NULL ) { CHECK_AND_FREE(tempk); CHECK_AND_FREE(temps); fprintf(stdout, "\nFailed to get key mem error. Session %d\n", session); return ismacryp_rc_memory_error; } for (i=0; i<*key_len; i++ ) { tempk[i] = sp->kk.ksc.key[i]; } *key = tempk; for (i=0; i<*salt_len; i++ ) { temps[i] = sp->kk.ksc.salt[i]; } *salt = temps; return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypSetDeltaIVLength (ismacryp_session_id_t session, uint8_t delta_iv_len) { ismacryp_session_t *sp; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to set deltaIV length. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } if ( delta_iv_len > ISMACRYP_MAX_DELTA_IV_LENGTH ) { fprintf(stdout, "Can't set deltaIV length for session %d, illegal length: %d . \n", session, delta_iv_len); return ismacryp_rc_protocol_error; } sp->deltaIV_len = delta_iv_len; return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypEncryptSample (ismacryp_session_id_t session, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; uint8_t nonce[AES_KEY_LEN]; #ifndef NULL_ISMACRYP err_status_t rc = err_status_ok; #endif if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to encrypt. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n", sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len, #ifndef NULL_ISMACRYP v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); #ifndef NULL_ISMACRYP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt(sp->cp->state, data,&length); #endif return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypDecryptSampleRandomAccess ( ismacryp_session_id_t session, uint32_t BSO, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; #ifdef HAVE_SRTP err_status_t rc = err_status_ok; uint8_t fakedata[16]; #endif uint32_t counter; uint32_t remainder; uint8_t nonce[AES_KEY_LEN]; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to decrypt random access. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } // calculate counter from BSO counter = BSO/AES_BYTES_PER_COUNT; remainder = BSO%AES_BYTES_PER_COUNT; if ( remainder ) { // a non-zero remainder means that the key corresponding to // counter has only decrypted a number of bytes equal // to remainder in the preceding data. therefore that key must // be used to decrypt the first (AES_BYTES_PER_COUNT - remainder) // bytes of this data. so we need to first set the previous key // and do a fake decrypt to get everything set up properly for this // decrypt. // this is the fake decrypt of remainder bytes. memset(nonce,0,AES_KEY_LEN); *((uint32_t *)(&nonce[12])) = htonl(counter); #ifdef HAVE_SRTP rc=aes_icm_set_iv(sp->cp->state, nonce); rc=aes_icm_encrypt_ismacryp(sp->cp->state, fakedata, &remainder, 1); #endif // now calculate the correct counter for this data counter++; remainder = AES_BYTES_PER_COUNT - remainder; } memset(nonce,0,AES_KEY_LEN); *((uint32_t *)(&nonce[12])) = htonl(counter); #ifdef HAVE_SRTP rc=aes_icm_set_iv(sp->cp->state, nonce); // set the number of bytes the previous key should decrypt ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer = remainder; #endif fprintf(stdout,"D s: %d RA BSO: %7d L: %5d Ctr: %s Left: %d\n", sp->sessid, BSO, length, #ifdef HAVE_SRTP //v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])), "invalid", ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); // length will not be updated in calling function (obviously) awv. #ifdef HAVE_SRTP rc=aes_icm_encrypt_ismacryp(sp->cp->state, data,&length, 1); #endif return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypEncryptSampleAddHeader (ismacryp_session_id_t session, uint32_t length, uint8_t *data, uint32_t *new_length, uint8_t **new_data) { ismacryp_session_t *sp; #ifdef HAVE_SRTP err_status_t rc = err_status_ok; uint8_t nonce[AES_KEY_LEN]; #endif uint8_t *temp_data; int header_length; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to encrypt+add header. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; if (sp->selective_enc ) { fprintf(stdout," Selective encryption is not supported.\n"); return ismacryp_rc_unsupported_error; } else { header_length = ISMACRYP_DEFAULT_KEYINDICATOR_LENGTH + sp->IV_len; fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n", sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len, #ifdef HAVE_SRTP v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); *new_length = header_length + length; //fprintf(stdout," session: %d length : %d new length : %d\n", // sp->sessid, length, *new_length); temp_data = (uint8_t *) malloc((size_t) *new_length); if ( temp_data == NULL ) { fprintf(stdout, "Failed to encrypt+add header, mem error. Session %d \n", session); return ismacryp_rc_memory_error; } memcpy( &temp_data[header_length], data, length); memset(temp_data,0,header_length); // this is where to set IV which for encryption is BSO *((uint32_t *)(&temp_data[header_length-sizeof(uint32_t)])) = htonl(sp->BSO); // increment BSO after setting IV sp->BSO+=length; } #ifdef HAVE_SRTP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt_ismacryp(sp->cp->state, &temp_data[header_length], &length, 1); if (rc != err_status_ok) { free(new_data); new_data = NULL; fprintf(stdout, "Failed to encrypt+add header. aes error %d %d \n", session, rc); return ismacryp_rc_encrypt_error; } #endif *new_data = temp_data; return ismacryp_rc_ok; }