1 /*
2 * aes_gcm_ossl.c
3 *
4 * AES Galois Counter Mode
5 *
6 * John A. Foley
7 * Cisco Systems, Inc.
8 *
9 */
10
11 /*
12 *
13 * Copyright (c) 2013-2017, Cisco Systems, Inc.
14 * All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
18 * are met:
19 *
20 * Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 *
23 * Redistributions in binary form must reproduce the above
24 * copyright notice, this list of conditions and the following
25 * disclaimer in the documentation and/or other materials provided
26 * with the distribution.
27 *
28 * Neither the name of the Cisco Systems, Inc. nor the names of its
29 * contributors may be used to endorse or promote products derived
30 * from this software without specific prior written permission.
31 *
32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
34 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
35 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
36 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
43 * OF THE POSSIBILITY OF SUCH DAMAGE.
44 *
45 */
46
47 #ifdef HAVE_CONFIG_H
48 #include <config.h>
49 #endif
50
51 #include <openssl/evp.h>
52 #include "aes_gcm.h"
53 #include "alloc.h"
54 #include "err.h" /* for srtp_debug */
55 #include "crypto_types.h"
56 #include "cipher_types.h"
57
58 srtp_debug_module_t srtp_mod_aes_gcm = {
59 0, /* debugging is off by default */
60 "aes gcm" /* printable module name */
61 };
62
63 /*
64 * For now we only support 8 and 16 octet tags. The spec allows for
65 * optional 12 byte tag, which may be supported in the future.
66 */
67 #define GCM_AUTH_TAG_LEN 16
68 #define GCM_AUTH_TAG_LEN_8 8
69
70 /*
71 * This function allocates a new instance of this crypto engine.
72 * The key_len parameter should be one of 28 or 44 for
73 * AES-128-GCM or AES-256-GCM respectively. Note that the
74 * key length includes the 14 byte salt value that is used when
75 * initializing the KDF.
76 */
srtp_aes_gcm_openssl_alloc(srtp_cipher_t ** c,int key_len,int tlen)77 static srtp_err_status_t srtp_aes_gcm_openssl_alloc(srtp_cipher_t **c,
78 int key_len,
79 int tlen)
80 {
81 srtp_aes_gcm_ctx_t *gcm;
82
83 debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d",
84 key_len);
85 debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen);
86
87 /*
88 * Verify the key_len is valid for one of: AES-128/256
89 */
90 if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT &&
91 key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) {
92 return (srtp_err_status_bad_param);
93 }
94
95 if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) {
96 return (srtp_err_status_bad_param);
97 }
98
99 /* allocate memory a cipher of type aes_gcm */
100 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
101 if (*c == NULL) {
102 return (srtp_err_status_alloc_fail);
103 }
104
105 gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t));
106 if (gcm == NULL) {
107 srtp_crypto_free(*c);
108 *c = NULL;
109 return (srtp_err_status_alloc_fail);
110 }
111
112 gcm->ctx = EVP_CIPHER_CTX_new();
113 if (gcm->ctx == NULL) {
114 srtp_crypto_free(gcm);
115 srtp_crypto_free(*c);
116 *c = NULL;
117 return srtp_err_status_alloc_fail;
118 }
119
120 /* set pointers */
121 (*c)->state = gcm;
122
123 /* setup cipher attributes */
124 switch (key_len) {
125 case SRTP_AES_GCM_128_KEY_LEN_WSALT:
126 (*c)->type = &srtp_aes_gcm_128;
127 (*c)->algorithm = SRTP_AES_GCM_128;
128 gcm->key_size = SRTP_AES_128_KEY_LEN;
129 gcm->tag_len = tlen;
130 break;
131 case SRTP_AES_GCM_256_KEY_LEN_WSALT:
132 (*c)->type = &srtp_aes_gcm_256;
133 (*c)->algorithm = SRTP_AES_GCM_256;
134 gcm->key_size = SRTP_AES_256_KEY_LEN;
135 gcm->tag_len = tlen;
136 break;
137 }
138
139 /* set key size */
140 (*c)->key_len = key_len;
141
142 return (srtp_err_status_ok);
143 }
144
145 /*
146 * This function deallocates a GCM session
147 */
srtp_aes_gcm_openssl_dealloc(srtp_cipher_t * c)148 static srtp_err_status_t srtp_aes_gcm_openssl_dealloc(srtp_cipher_t *c)
149 {
150 srtp_aes_gcm_ctx_t *ctx;
151
152 ctx = (srtp_aes_gcm_ctx_t *)c->state;
153 if (ctx) {
154 EVP_CIPHER_CTX_free(ctx->ctx);
155 /* zeroize the key material */
156 octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t));
157 srtp_crypto_free(ctx);
158 }
159
160 /* free memory */
161 srtp_crypto_free(c);
162
163 return (srtp_err_status_ok);
164 }
165
166 /*
167 * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context
168 * using the value in key[].
169 *
170 * the key is the secret key
171 */
srtp_aes_gcm_openssl_context_init(void * cv,const uint8_t * key)172 static srtp_err_status_t srtp_aes_gcm_openssl_context_init(void *cv,
173 const uint8_t *key)
174 {
175 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
176 const EVP_CIPHER *evp;
177
178 c->dir = srtp_direction_any;
179
180 debug_print(srtp_mod_aes_gcm, "key: %s",
181 srtp_octet_string_hex_string(key, c->key_size));
182
183 switch (c->key_size) {
184 case SRTP_AES_256_KEY_LEN:
185 evp = EVP_aes_256_gcm();
186 break;
187 case SRTP_AES_128_KEY_LEN:
188 evp = EVP_aes_128_gcm();
189 break;
190 default:
191 return (srtp_err_status_bad_param);
192 break;
193 }
194
195 EVP_CIPHER_CTX_cleanup(c->ctx);
196 if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) {
197 return (srtp_err_status_init_fail);
198 }
199
200 return (srtp_err_status_ok);
201 }
202
203 /*
204 * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with
205 * the offset
206 */
srtp_aes_gcm_openssl_set_iv(void * cv,uint8_t * iv,srtp_cipher_direction_t direction)207 static srtp_err_status_t srtp_aes_gcm_openssl_set_iv(
208 void *cv,
209 uint8_t *iv,
210 srtp_cipher_direction_t direction)
211 {
212 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
213
214 if (direction != srtp_direction_encrypt &&
215 direction != srtp_direction_decrypt) {
216 return (srtp_err_status_bad_param);
217 }
218 c->dir = direction;
219
220 debug_print(srtp_mod_aes_gcm, "setting iv: %s",
221 srtp_octet_string_hex_string(iv, 12));
222
223 if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
224 return (srtp_err_status_init_fail);
225 }
226
227 if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, iv,
228 (c->dir == srtp_direction_encrypt ? 1 : 0))) {
229 return (srtp_err_status_init_fail);
230 }
231
232 return (srtp_err_status_ok);
233 }
234
235 /*
236 * This function processes the AAD
237 *
238 * Parameters:
239 * c Crypto context
240 * aad Additional data to process for AEAD cipher suites
241 * aad_len length of aad buffer
242 */
srtp_aes_gcm_openssl_set_aad(void * cv,const uint8_t * aad,uint32_t aad_len)243 static srtp_err_status_t srtp_aes_gcm_openssl_set_aad(void *cv,
244 const uint8_t *aad,
245 uint32_t aad_len)
246 {
247 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
248 int rv;
249
250 debug_print(srtp_mod_aes_gcm, "setting AAD: %s",
251 srtp_octet_string_hex_string(aad, aad_len));
252
253 /*
254 * Set dummy tag, OpenSSL requires the Tag to be set before
255 * processing AAD
256 */
257
258 /*
259 * OpenSSL never write to address pointed by the last parameter of
260 * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality,
261 * OpenSSL copy its content to the context), so we can make
262 * aad read-only in this function and all its wrappers.
263 */
264 unsigned char dummy_tag[GCM_AUTH_TAG_LEN];
265 memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN);
266 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag);
267
268 rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
269 if (rv != aad_len) {
270 return (srtp_err_status_algo_fail);
271 } else {
272 return (srtp_err_status_ok);
273 }
274 }
275
276 /*
277 * This function encrypts a buffer using AES GCM mode
278 *
279 * Parameters:
280 * c Crypto context
281 * buf data to encrypt
282 * enc_len length of encrypt buffer
283 */
srtp_aes_gcm_openssl_encrypt(void * cv,unsigned char * buf,unsigned int * enc_len)284 static srtp_err_status_t srtp_aes_gcm_openssl_encrypt(void *cv,
285 unsigned char *buf,
286 unsigned int *enc_len)
287 {
288 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
289 if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
290 return (srtp_err_status_bad_param);
291 }
292
293 /*
294 * Encrypt the data
295 */
296 EVP_Cipher(c->ctx, buf, buf, *enc_len);
297
298 return (srtp_err_status_ok);
299 }
300
301 /*
302 * This function calculates and returns the GCM tag for a given context.
303 * This should be called after encrypting the data. The *len value
304 * is increased by the tag size. The caller must ensure that *buf has
305 * enough room to accept the appended tag.
306 *
307 * Parameters:
308 * c Crypto context
309 * buf data to encrypt
310 * len length of encrypt buffer
311 */
srtp_aes_gcm_openssl_get_tag(void * cv,uint8_t * buf,uint32_t * len)312 static srtp_err_status_t srtp_aes_gcm_openssl_get_tag(void *cv,
313 uint8_t *buf,
314 uint32_t *len)
315 {
316 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
317 /*
318 * Calculate the tag
319 */
320 EVP_Cipher(c->ctx, NULL, NULL, 0);
321
322 /*
323 * Retreive the tag
324 */
325 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
326
327 /*
328 * Increase encryption length by desired tag size
329 */
330 *len = c->tag_len;
331
332 return (srtp_err_status_ok);
333 }
334
335 /*
336 * This function decrypts a buffer using AES GCM mode
337 *
338 * Parameters:
339 * c Crypto context
340 * buf data to encrypt
341 * enc_len length of encrypt buffer
342 */
srtp_aes_gcm_openssl_decrypt(void * cv,unsigned char * buf,unsigned int * enc_len)343 static srtp_err_status_t srtp_aes_gcm_openssl_decrypt(void *cv,
344 unsigned char *buf,
345 unsigned int *enc_len)
346 {
347 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
348 if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
349 return (srtp_err_status_bad_param);
350 }
351
352 /*
353 * Set the tag before decrypting
354 */
355 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
356 buf + (*enc_len - c->tag_len));
357 EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
358
359 /*
360 * Check the tag
361 */
362 if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
363 return (srtp_err_status_auth_fail);
364 }
365
366 /*
367 * Reduce the buffer size by the tag length since the tag
368 * is not part of the original payload
369 */
370 *enc_len -= c->tag_len;
371
372 return (srtp_err_status_ok);
373 }
374
375 /*
376 * Name of this crypto engine
377 */
378 static const char srtp_aes_gcm_128_openssl_description[] =
379 "AES-128 GCM using openssl";
380 static const char srtp_aes_gcm_256_openssl_description[] =
381 "AES-256 GCM using openssl";
382
383 /*
384 * KAT values for AES self-test. These
385 * values we're derived from independent test code
386 * using OpenSSL.
387 */
388 /* clang-format off */
389 static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = {
390 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
391 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
392 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
393 0x09, 0x0a, 0x0b, 0x0c,
394 };
395 /* clang-format on */
396
397 /* clang-format off */
398 static uint8_t srtp_aes_gcm_test_case_0_iv[12] = {
399 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
400 0xde, 0xca, 0xf8, 0x88
401 };
402 /* clang-format on */
403
404 /* clang-format off */
405 static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = {
406 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
407 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
408 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
409 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
410 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
411 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
412 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
413 0xba, 0x63, 0x7b, 0x39
414 };
415
416 /* clang-format off */
417 static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = {
418 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
419 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
420 0xab, 0xad, 0xda, 0xd2
421 };
422 /* clang-format on */
423
424 /* clang-format off */
425 static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = {
426 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
427 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
428 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
429 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
430 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
431 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
432 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
433 0x3d, 0x58, 0xe0, 0x91,
434 /* the last 16 bytes are the tag */
435 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
436 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
437 };
438 /* clang-format on */
439
440 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = {
441 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
442 srtp_aes_gcm_test_case_0_key, /* key */
443 srtp_aes_gcm_test_case_0_iv, /* packet index */
444 60, /* octets in plaintext */
445 srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
446 68, /* octets in ciphertext */
447 srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
448 20, /* octets in AAD */
449 srtp_aes_gcm_test_case_0_aad, /* AAD */
450 GCM_AUTH_TAG_LEN_8, /* */
451 NULL /* pointer to next testcase */
452 };
453
454 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = {
455 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
456 srtp_aes_gcm_test_case_0_key, /* key */
457 srtp_aes_gcm_test_case_0_iv, /* packet index */
458 60, /* octets in plaintext */
459 srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
460 76, /* octets in ciphertext */
461 srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
462 20, /* octets in AAD */
463 srtp_aes_gcm_test_case_0_aad, /* AAD */
464 GCM_AUTH_TAG_LEN, /* */
465 &srtp_aes_gcm_test_case_0a /* pointer to next testcase */
466 };
467
468 /* clang-format off */
469 static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = {
470 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
471 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
472 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
473 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
474 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
475 0x09, 0x0a, 0x0b, 0x0c,
476 };
477 /* clang-format on */
478
479 /* clang-format off */
480 static uint8_t srtp_aes_gcm_test_case_1_iv[12] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
482 0xde, 0xca, 0xf8, 0x88
483 };
484 /* clang-format on */
485
486 /* clang-format off */
487 static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = {
488 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
489 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
490 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
491 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
492 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
493 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
494 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
495 0xba, 0x63, 0x7b, 0x39
496 };
497 /* clang-format on */
498
499 /* clang-format off */
500 static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = {
501 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
502 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
503 0xab, 0xad, 0xda, 0xd2
504 };
505 /* clang-format on */
506
507 /* clang-format off */
508 static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = {
509 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
510 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
511 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
512 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
513 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
514 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
515 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
516 0x09, 0xc9, 0x86, 0xc1,
517 /* the last 16 bytes are the tag */
518 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
519 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d,
520 };
521 /* clang-format on */
522
523 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = {
524 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
525 srtp_aes_gcm_test_case_1_key, /* key */
526 srtp_aes_gcm_test_case_1_iv, /* packet index */
527 60, /* octets in plaintext */
528 srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
529 68, /* octets in ciphertext */
530 srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
531 20, /* octets in AAD */
532 srtp_aes_gcm_test_case_1_aad, /* AAD */
533 GCM_AUTH_TAG_LEN_8, /* */
534 NULL /* pointer to next testcase */
535 };
536
537 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = {
538 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
539 srtp_aes_gcm_test_case_1_key, /* key */
540 srtp_aes_gcm_test_case_1_iv, /* packet index */
541 60, /* octets in plaintext */
542 srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
543 76, /* octets in ciphertext */
544 srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
545 20, /* octets in AAD */
546 srtp_aes_gcm_test_case_1_aad, /* AAD */
547 GCM_AUTH_TAG_LEN, /* */
548 &srtp_aes_gcm_test_case_1a /* pointer to next testcase */
549 };
550
551 /*
552 * This is the vector function table for this crypto engine.
553 */
554 const srtp_cipher_type_t srtp_aes_gcm_128 = {
555 srtp_aes_gcm_openssl_alloc,
556 srtp_aes_gcm_openssl_dealloc,
557 srtp_aes_gcm_openssl_context_init,
558 srtp_aes_gcm_openssl_set_aad,
559 srtp_aes_gcm_openssl_encrypt,
560 srtp_aes_gcm_openssl_decrypt,
561 srtp_aes_gcm_openssl_set_iv,
562 srtp_aes_gcm_openssl_get_tag,
563 srtp_aes_gcm_128_openssl_description,
564 &srtp_aes_gcm_test_case_0,
565 SRTP_AES_GCM_128
566 };
567
568 /*
569 * This is the vector function table for this crypto engine.
570 */
571 const srtp_cipher_type_t srtp_aes_gcm_256 = {
572 srtp_aes_gcm_openssl_alloc,
573 srtp_aes_gcm_openssl_dealloc,
574 srtp_aes_gcm_openssl_context_init,
575 srtp_aes_gcm_openssl_set_aad,
576 srtp_aes_gcm_openssl_encrypt,
577 srtp_aes_gcm_openssl_decrypt,
578 srtp_aes_gcm_openssl_set_iv,
579 srtp_aes_gcm_openssl_get_tag,
580 srtp_aes_gcm_256_openssl_description,
581 &srtp_aes_gcm_test_case_1,
582 SRTP_AES_GCM_256
583 };
584