ismacryp_rc_t ismacrypDecryptSample (ismacryp_session_id_t session, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; #ifdef HAVE_SRTP err_status_t rc = err_status_ok; uint8_t nonce[AES_KEY_LEN]; #endif if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to decrypt. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; #ifdef HAVE_SRTP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } #endif fprintf(stdout,"D s: %d #%05d L: %5d Ctr: %s Left: %d\n", sp->sessid, sp->sample_count, length, #ifdef HAVE_SRTP v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); #ifdef HAVE_SRTP // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt_ismacryp(sp->cp->state, data,&length, 1); #endif return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypEncryptSample (ismacryp_session_id_t session, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; uint8_t nonce[AES_KEY_LEN]; #ifndef NULL_ISMACRYP err_status_t rc = err_status_ok; #endif if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to encrypt. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n", sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len, #ifndef NULL_ISMACRYP v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); #ifndef NULL_ISMACRYP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt(sp->cp->state, data,&length); #endif return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypDecryptSampleRandomAccess ( ismacryp_session_id_t session, uint32_t BSO, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; #ifdef HAVE_SRTP err_status_t rc = err_status_ok; uint8_t fakedata[16]; #endif uint32_t counter; uint32_t remainder; uint8_t nonce[AES_KEY_LEN]; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to decrypt random access. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } // calculate counter from BSO counter = BSO/AES_BYTES_PER_COUNT; remainder = BSO%AES_BYTES_PER_COUNT; if ( remainder ) { // a non-zero remainder means that the key corresponding to // counter has only decrypted a number of bytes equal // to remainder in the preceding data. therefore that key must // be used to decrypt the first (AES_BYTES_PER_COUNT - remainder) // bytes of this data. so we need to first set the previous key // and do a fake decrypt to get everything set up properly for this // decrypt. // this is the fake decrypt of remainder bytes. memset(nonce,0,AES_KEY_LEN); *((uint32_t *)(&nonce[12])) = htonl(counter); #ifdef HAVE_SRTP rc=aes_icm_set_iv(sp->cp->state, nonce); rc=aes_icm_encrypt_ismacryp(sp->cp->state, fakedata, &remainder, 1); #endif // now calculate the correct counter for this data counter++; remainder = AES_BYTES_PER_COUNT - remainder; } memset(nonce,0,AES_KEY_LEN); *((uint32_t *)(&nonce[12])) = htonl(counter); #ifdef HAVE_SRTP rc=aes_icm_set_iv(sp->cp->state, nonce); // set the number of bytes the previous key should decrypt ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer = remainder; #endif fprintf(stdout,"D s: %d RA BSO: %7d L: %5d Ctr: %s Left: %d\n", sp->sessid, BSO, length, #ifdef HAVE_SRTP //v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])), "invalid", ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); // length will not be updated in calling function (obviously) awv. #ifdef HAVE_SRTP rc=aes_icm_encrypt_ismacryp(sp->cp->state, data,&length, 1); #endif return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypEncryptSampleAddHeader (ismacryp_session_id_t session, uint32_t length, uint8_t *data, uint32_t *new_length, uint8_t **new_data) { ismacryp_session_t *sp; #ifdef HAVE_SRTP err_status_t rc = err_status_ok; uint8_t nonce[AES_KEY_LEN]; #endif uint8_t *temp_data; int header_length; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to encrypt+add header. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; if (sp->selective_enc ) { fprintf(stdout," Selective encryption is not supported.\n"); return ismacryp_rc_unsupported_error; } else { header_length = ISMACRYP_DEFAULT_KEYINDICATOR_LENGTH + sp->IV_len; fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n", sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len, #ifdef HAVE_SRTP v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); *new_length = header_length + length; //fprintf(stdout," session: %d length : %d new length : %d\n", // sp->sessid, length, *new_length); temp_data = (uint8_t *) malloc((size_t) *new_length); if ( temp_data == NULL ) { fprintf(stdout, "Failed to encrypt+add header, mem error. Session %d \n", session); return ismacryp_rc_memory_error; } memcpy( &temp_data[header_length], data, length); memset(temp_data,0,header_length); // this is where to set IV which for encryption is BSO *((uint32_t *)(&temp_data[header_length-sizeof(uint32_t)])) = htonl(sp->BSO); // increment BSO after setting IV sp->BSO+=length; } #ifdef HAVE_SRTP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt_ismacryp(sp->cp->state, &temp_data[header_length], &length, 1); if (rc != err_status_ok) { free(new_data); new_data = NULL; fprintf(stdout, "Failed to encrypt+add header. aes error %d %d \n", session, rc); return ismacryp_rc_encrypt_error; } #endif *new_data = temp_data; return ismacryp_rc_ok; }