err_status_t
aes_icm_output(aes_icm_ctx_t *c, octet_t *buffer, int num_octets_to_output) {
unsigned int len = num_octets_to_output;
/* zeroize the buffer */
octet_string_set_to_zero(buffer, num_octets_to_output);
/* exor keystream into buffer */
return aes_icm_encrypt(c, buffer, &len);
}
ismacryp_rc_t ismacrypDecryptSample (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data)
{
ismacryp_session_t *sp;
uint8_t nonce[AES_KEY_LEN];
#ifndef NULL_ISMACRYP
err_status_t rc = err_status_ok;
#endif
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to decrypt. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
#ifndef NULL_ISMACRYP
if ( sp->sample_count == 1 ) {
memset(nonce,0,AES_KEY_LEN);
//rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function.
rc=aes_icm_set_iv(sp->cp->state, nonce);
}
#endif
fprintf(stdout,"D s: %d #%05d L: %5d Ctr: %s Left: %d\n",
sp->sessid, sp->sample_count, length,
#ifndef NULL_ISMACRYP
v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
#ifndef NULL_ISMACRYP
// length will not be updated in calling function (obviously) awv.
rc=aes_icm_encrypt(sp->cp->state, data,&length);
#endif
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypDecryptSampleRandomAccess (
ismacryp_session_id_t session,
uint32_t BSO,
uint32_t length,
uint8_t *data)
{
ismacryp_session_t *sp;
#ifndef NULL_ISMACRYP
err_status_t rc = err_status_ok;
#endif
uint32_t counter;
uint32_t remainder;
uint8_t nonce[AES_KEY_LEN];
uint8_t fakedata[16];
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to decrypt random access. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
// calculate counter from BSO
counter = BSO/AES_BYTES_PER_COUNT;
remainder = BSO%AES_BYTES_PER_COUNT;
if ( remainder ) {
// a non-zero remainder means that the key corresponding to
// counter has only decrypted a number of bytes equal
// to remainder in the preceding data. therefore that key must
// be used to decrypt the first (AES_BYTES_PER_COUNT - remainder)
// bytes of this data. so we need to first set the previous key
// and do a fake decrypt to get everything set up properly for this
// decrypt.
// this is the fake decrypt of remainder bytes.
memset(nonce,0,AES_KEY_LEN);
*((uint32_t *)(&nonce[12])) = htonl(counter);
#ifndef NULL_ISMACRYP
rc=aes_icm_set_iv(sp->cp->state, nonce);
rc=aes_icm_encrypt(sp->cp->state, fakedata, &remainder);
#endif
// now calculate the correct counter for this data
counter++;
remainder = AES_BYTES_PER_COUNT - remainder;
}
memset(nonce,0,AES_KEY_LEN);
*((uint32_t *)(&nonce[12])) = htonl(counter);
#ifndef NULL_ISMACRYP
rc=aes_icm_set_iv(sp->cp->state, nonce);
// set the number of bytes the previous key should decrypt
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer = remainder;
#endif
fprintf(stdout,"D s: %d RA BSO: %7d L: %5d Ctr: %s Left: %d\n",
sp->sessid, BSO, length,
#ifndef NULL_ISMACRYP
v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
// length will not be updated in calling function (obviously) awv.
#ifndef NULL_ISMACRYP
rc=aes_icm_encrypt(sp->cp->state, data,&length);
#endif
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypEncryptSampleAddHeader (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data,
uint32_t *new_length,
uint8_t **new_data)
{
ismacryp_session_t *sp;
#ifndef NULL_ISMACRYP
err_status_t rc = err_status_ok;
#endif
uint8_t *temp_data;
int header_length;
uint8_t nonce[AES_KEY_LEN];
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to encrypt+add header. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
if (sp->selective_enc ) {
fprintf(stdout," Selective encryption is not supported.\n");
return ismacryp_rc_unsupported_error;
}
else {
header_length = ISMACRYP_DEFAULT_KEYINDICATOR_LENGTH +
sp->IV_len;
fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n",
sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len,
#ifndef NULL_ISMACRYP
v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
*new_length = header_length + length;
//fprintf(stdout," session: %d length : %d new length : %d\n",
// sp->sessid, length, *new_length);
temp_data = (uint8_t *) malloc((size_t) *new_length);
if ( temp_data == NULL ) {
fprintf(stdout, "Failed to encrypt+add header, mem error. Session %d \n", session);
return ismacryp_rc_memory_error;
}
memcpy( &temp_data[header_length], data, length);
memset(temp_data,0,header_length);
// this is where to set IV which for encryption is BSO
*((uint32_t *)(&temp_data[header_length-sizeof(uint32_t)])) = htonl(sp->BSO);
// increment BSO after setting IV
sp->BSO+=length;
}
#ifndef NULL_ISMACRYP
if ( sp->sample_count == 1 ) {
memset(nonce,0,AES_KEY_LEN);
//rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function.
rc=aes_icm_set_iv(sp->cp->state, nonce);
}
// length will not be updated in calling function (obviously) awv.
rc=aes_icm_encrypt(sp->cp->state, &temp_data[header_length],&length);
if (rc != err_status_ok) {
free(new_data);
new_data = NULL;
fprintf(stdout, "Failed to encrypt+add header. aes error %d \n", session, rc);
return ismacryp_rc_encrypt_error;
}
#endif
*new_data = temp_data;
return ismacryp_rc_ok;
}
