ismacryp_rc_t ismacrypDecryptSample (ismacryp_session_id_t session, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; #ifdef HAVE_SRTP err_status_t rc = err_status_ok; uint8_t nonce[AES_KEY_LEN]; #endif if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to decrypt. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; #ifdef HAVE_SRTP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } #endif fprintf(stdout,"D s: %d #%05d L: %5d Ctr: %s Left: %d\n", sp->sessid, sp->sample_count, length, #ifdef HAVE_SRTP v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); #ifdef HAVE_SRTP // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt_ismacryp(sp->cp->state, data,&length, 1); #endif return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypEncryptSample (ismacryp_session_id_t session, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; uint8_t nonce[AES_KEY_LEN]; #ifndef NULL_ISMACRYP err_status_t rc = err_status_ok; #endif if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to encrypt. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n", sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len, #ifndef NULL_ISMACRYP v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); #ifndef NULL_ISMACRYP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt(sp->cp->state, data,&length); #endif return ismacryp_rc_ok; }
void byte_order(void) { int i; v128_t e; #if 0 v16_t b; v32_t c; v64_t d; for (i=0; i < sizeof(b); i++) b.octet[i] = i; for (i=0; i < sizeof(c); i++) c.octet[i] = i; for (i=0; i < sizeof(d); i++) d.octet[i] = i; printf("v128_t:\t%s\n", v128_hex_string(&e)); printf("v64_t:\t%s\n", v64_hex_string(&d)); printf("v32_t:\t%s\n", v32_hex_string(c)); printf("v16_t:\t%s\n", v16_hex_string(b)); c.value = 0x01020304; printf("v32_t:\t%s\n", v32_hex_string(c)); b.value = 0x0102; printf("v16_t:\t%s\n", v16_hex_string(b)); printf("uint16_t ordering:\n"); c.value = 0x00010002; printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]); #endif printf("byte ordering of crypto/math datatypes:\n"); for (i=0; i < sizeof(e); i++) e.v8[i] = i; printf("v128_t: %s\n", v128_hex_string(&e)); }
ismacryp_rc_t ismacrypEncryptSampleAddHeader (ismacryp_session_id_t session, uint32_t length, uint8_t *data, uint32_t *new_length, uint8_t **new_data) { ismacryp_session_t *sp; #ifdef HAVE_SRTP err_status_t rc = err_status_ok; uint8_t nonce[AES_KEY_LEN]; #endif uint8_t *temp_data; int header_length; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to encrypt+add header. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } sp->sample_count++; if (sp->selective_enc ) { fprintf(stdout," Selective encryption is not supported.\n"); return ismacryp_rc_unsupported_error; } else { header_length = ISMACRYP_DEFAULT_KEYINDICATOR_LENGTH + sp->IV_len; fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n", sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len, #ifdef HAVE_SRTP v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); *new_length = header_length + length; //fprintf(stdout," session: %d length : %d new length : %d\n", // sp->sessid, length, *new_length); temp_data = (uint8_t *) malloc((size_t) *new_length); if ( temp_data == NULL ) { fprintf(stdout, "Failed to encrypt+add header, mem error. Session %d \n", session); return ismacryp_rc_memory_error; } memcpy( &temp_data[header_length], data, length); memset(temp_data,0,header_length); // this is where to set IV which for encryption is BSO *((uint32_t *)(&temp_data[header_length-sizeof(uint32_t)])) = htonl(sp->BSO); // increment BSO after setting IV sp->BSO+=length; } #ifdef HAVE_SRTP if ( sp->sample_count == 1 ) { memset(nonce,0,AES_KEY_LEN); //rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function. rc=aes_icm_set_iv(sp->cp->state, nonce); } // length will not be updated in calling function (obviously) awv. rc=aes_icm_encrypt_ismacryp(sp->cp->state, &temp_data[header_length], &length, 1); if (rc != err_status_ok) { free(new_data); new_data = NULL; fprintf(stdout, "Failed to encrypt+add header. aes error %d %d \n", session, rc); return ismacryp_rc_encrypt_error; } #endif *new_data = temp_data; return ismacryp_rc_ok; }
ismacryp_rc_t ismacrypDecryptSampleRandomAccess ( ismacryp_session_id_t session, uint32_t BSO, uint32_t length, uint8_t *data) { ismacryp_session_t *sp; #ifndef NULL_ISMACRYP err_status_t rc = err_status_ok; #endif uint32_t counter; uint32_t remainder; uint8_t nonce[AES_KEY_LEN]; uint8_t fakedata[16]; if (findInSessionList(session, &sp)) { fprintf(stdout, "Failed to decrypt random access. Unknown session %d \n", session); return ismacryp_rc_sessid_error; } // calculate counter from BSO counter = BSO/AES_BYTES_PER_COUNT; remainder = BSO%AES_BYTES_PER_COUNT; if ( remainder ) { // a non-zero remainder means that the key corresponding to // counter has only decrypted a number of bytes equal // to remainder in the preceding data. therefore that key must // be used to decrypt the first (AES_BYTES_PER_COUNT - remainder) // bytes of this data. so we need to first set the previous key // and do a fake decrypt to get everything set up properly for this // decrypt. // this is the fake decrypt of remainder bytes. memset(nonce,0,AES_KEY_LEN); *((uint32_t *)(&nonce[12])) = htonl(counter); #ifndef NULL_ISMACRYP rc=aes_icm_set_iv(sp->cp->state, nonce); rc=aes_icm_encrypt(sp->cp->state, fakedata, &remainder); #endif // now calculate the correct counter for this data counter++; remainder = AES_BYTES_PER_COUNT - remainder; } memset(nonce,0,AES_KEY_LEN); *((uint32_t *)(&nonce[12])) = htonl(counter); #ifndef NULL_ISMACRYP rc=aes_icm_set_iv(sp->cp->state, nonce); // set the number of bytes the previous key should decrypt ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer = remainder; #endif fprintf(stdout,"D s: %d RA BSO: %7d L: %5d Ctr: %s Left: %d\n", sp->sessid, BSO, length, #ifndef NULL_ISMACRYP v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]), ((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer #else "n/a", 0 #endif ); // length will not be updated in calling function (obviously) awv. #ifndef NULL_ISMACRYP rc=aes_icm_encrypt(sp->cp->state, data,&length); #endif return ismacryp_rc_ok; }