ismacryp_rc_t ismacrypDecryptSample (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data)
{
ismacryp_session_t *sp;
#ifdef HAVE_SRTP
err_status_t rc = err_status_ok;
uint8_t nonce[AES_KEY_LEN];
#endif
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to decrypt. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
#ifdef HAVE_SRTP
if ( sp->sample_count == 1 ) {
memset(nonce,0,AES_KEY_LEN);
//rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function.
rc=aes_icm_set_iv(sp->cp->state, nonce);
}
#endif
fprintf(stdout,"D s: %d #%05d L: %5d Ctr: %s Left: %d\n",
sp->sessid, sp->sample_count, length,
#ifdef HAVE_SRTP
v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
#ifdef HAVE_SRTP
// length will not be updated in calling function (obviously) awv.
rc=aes_icm_encrypt_ismacryp(sp->cp->state, data,&length, 1);
#endif
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypEncryptSample (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data)
{
ismacryp_session_t *sp;
uint8_t nonce[AES_KEY_LEN];
#ifndef NULL_ISMACRYP
err_status_t rc = err_status_ok;
#endif
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to encrypt. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n",
sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len,
#ifndef NULL_ISMACRYP
v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
#ifndef NULL_ISMACRYP
if ( sp->sample_count == 1 ) {
memset(nonce,0,AES_KEY_LEN);
//rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function.
rc=aes_icm_set_iv(sp->cp->state, nonce);
}
// length will not be updated in calling function (obviously) awv.
rc=aes_icm_encrypt(sp->cp->state, data,&length);
#endif
return ismacryp_rc_ok;
}
void
byte_order(void) {
int i;
v128_t e;
#if 0
v16_t b;
v32_t c;
v64_t d;
for (i=0; i < sizeof(b); i++)
b.octet[i] = i;
for (i=0; i < sizeof(c); i++)
c.octet[i] = i;
for (i=0; i < sizeof(d); i++)
d.octet[i] = i;
printf("v128_t:\t%s\n", v128_hex_string(&e));
printf("v64_t:\t%s\n", v64_hex_string(&d));
printf("v32_t:\t%s\n", v32_hex_string(c));
printf("v16_t:\t%s\n", v16_hex_string(b));
c.value = 0x01020304;
printf("v32_t:\t%s\n", v32_hex_string(c));
b.value = 0x0102;
printf("v16_t:\t%s\n", v16_hex_string(b));
printf("uint16_t ordering:\n");
c.value = 0x00010002;
printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]);
#endif
printf("byte ordering of crypto/math datatypes:\n");
for (i=0; i < sizeof(e); i++)
e.v8[i] = i;
printf("v128_t: %s\n", v128_hex_string(&e));
}
ismacryp_rc_t ismacrypEncryptSampleAddHeader (ismacryp_session_id_t session,
uint32_t length,
uint8_t *data,
uint32_t *new_length,
uint8_t **new_data)
{
ismacryp_session_t *sp;
#ifdef HAVE_SRTP
err_status_t rc = err_status_ok;
uint8_t nonce[AES_KEY_LEN];
#endif
uint8_t *temp_data;
int header_length;
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to encrypt+add header. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
sp->sample_count++;
if (sp->selective_enc ) {
fprintf(stdout," Selective encryption is not supported.\n");
return ismacryp_rc_unsupported_error;
}
else {
header_length = ISMACRYP_DEFAULT_KEYINDICATOR_LENGTH +
sp->IV_len;
fprintf(stdout,"E s: %d, #%05d. l: %5d BSO: %6d IV l: %d ctr: %s left: %d\n",
sp->sessid, sp->sample_count, length, sp->BSO, sp->IV_len,
#ifdef HAVE_SRTP
v64_hex_string((v64_t *)&(((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1])),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
*new_length = header_length + length;
//fprintf(stdout," session: %d length : %d new length : %d\n",
// sp->sessid, length, *new_length);
temp_data = (uint8_t *) malloc((size_t) *new_length);
if ( temp_data == NULL ) {
fprintf(stdout, "Failed to encrypt+add header, mem error. Session %d \n", session);
return ismacryp_rc_memory_error;
}
memcpy( &temp_data[header_length], data, length);
memset(temp_data,0,header_length);
// this is where to set IV which for encryption is BSO
*((uint32_t *)(&temp_data[header_length-sizeof(uint32_t)])) = htonl(sp->BSO);
// increment BSO after setting IV
sp->BSO+=length;
}
#ifdef HAVE_SRTP
if ( sp->sample_count == 1 ) {
memset(nonce,0,AES_KEY_LEN);
//rc=aes_icm_set_segment(sp->cp->state, 0); // defunct function.
rc=aes_icm_set_iv(sp->cp->state, nonce);
}
// length will not be updated in calling function (obviously) awv.
rc=aes_icm_encrypt_ismacryp(sp->cp->state, &temp_data[header_length],
&length, 1);
if (rc != err_status_ok) {
free(new_data);
new_data = NULL;
fprintf(stdout, "Failed to encrypt+add header. aes error %d %d \n", session, rc);
return ismacryp_rc_encrypt_error;
}
#endif
*new_data = temp_data;
return ismacryp_rc_ok;
}
ismacryp_rc_t ismacrypDecryptSampleRandomAccess (
ismacryp_session_id_t session,
uint32_t BSO,
uint32_t length,
uint8_t *data)
{
ismacryp_session_t *sp;
#ifndef NULL_ISMACRYP
err_status_t rc = err_status_ok;
#endif
uint32_t counter;
uint32_t remainder;
uint8_t nonce[AES_KEY_LEN];
uint8_t fakedata[16];
if (findInSessionList(session, &sp)) {
fprintf(stdout, "Failed to decrypt random access. Unknown session %d \n", session);
return ismacryp_rc_sessid_error;
}
// calculate counter from BSO
counter = BSO/AES_BYTES_PER_COUNT;
remainder = BSO%AES_BYTES_PER_COUNT;
if ( remainder ) {
// a non-zero remainder means that the key corresponding to
// counter has only decrypted a number of bytes equal
// to remainder in the preceding data. therefore that key must
// be used to decrypt the first (AES_BYTES_PER_COUNT - remainder)
// bytes of this data. so we need to first set the previous key
// and do a fake decrypt to get everything set up properly for this
// decrypt.
// this is the fake decrypt of remainder bytes.
memset(nonce,0,AES_KEY_LEN);
*((uint32_t *)(&nonce[12])) = htonl(counter);
#ifndef NULL_ISMACRYP
rc=aes_icm_set_iv(sp->cp->state, nonce);
rc=aes_icm_encrypt(sp->cp->state, fakedata, &remainder);
#endif
// now calculate the correct counter for this data
counter++;
remainder = AES_BYTES_PER_COUNT - remainder;
}
memset(nonce,0,AES_KEY_LEN);
*((uint32_t *)(&nonce[12])) = htonl(counter);
#ifndef NULL_ISMACRYP
rc=aes_icm_set_iv(sp->cp->state, nonce);
// set the number of bytes the previous key should decrypt
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer = remainder;
#endif
fprintf(stdout,"D s: %d RA BSO: %7d L: %5d Ctr: %s Left: %d\n",
sp->sessid, BSO, length,
#ifndef NULL_ISMACRYP
v64_hex_string((v64_t)((aes_icm_ctx_t *)(sp->cp->state))->counter.v64[1]),
((aes_icm_ctx_t *)(sp->cp->state))->bytes_in_buffer
#else
"n/a",
0
#endif
);
// length will not be updated in calling function (obviously) awv.
#ifndef NULL_ISMACRYP
rc=aes_icm_encrypt(sp->cp->state, data,&length);
#endif
return ismacryp_rc_ok;
}
