Refactor cipher encrypt API.
diff --git a/crypto/cipher/cipher.c b/crypto/cipher/cipher.c
index 665e744..2277cdd 100644
--- a/crypto/cipher/cipher.c
+++ b/crypto/cipher/cipher.c
@@ -58,14 +58,24 @@
"cipher" /* printable module name */
};
-srtp_err_status_t srtp_cipher_output (srtp_cipher_t *c, uint8_t *buffer, int num_octets_to_output)
+srtp_err_status_t srtp_cipher_output (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
{
/* zeroize the buffer */
- octet_string_set_to_zero(buffer, num_octets_to_output);
+ octet_string_set_to_zero(buffer, *num_octets_to_output);
/* exor keystream into buffer */
- return cipher_encrypt(c, buffer, (unsigned int*)&num_octets_to_output);
+ return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_encrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
+{
+ return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_decrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
+{
+ return (((c)->type)->decrypt(((c)->state), buffer, num_octets_to_output));
}
/* some bookkeeping functions */
@@ -168,7 +178,7 @@
/* encrypt */
len = test_case->plaintext_length_octets;
- status = cipher_encrypt(c, buffer, &len);
+ status = srtp_cipher_encrypt(c, buffer, &len);
if (status) {
cipher_dealloc(c);
return status;
@@ -265,7 +275,7 @@
/* decrypt */
len = test_case->ciphertext_length_octets;
- status = cipher_decrypt(c, buffer, &len);
+ status = srtp_cipher_decrypt(c, buffer, &len);
if (status) {
cipher_dealloc(c);
return status;
@@ -393,7 +403,7 @@
/* encrypt buffer with cipher */
plaintext_len = length;
- status = cipher_encrypt(c, buffer, &length);
+ status = srtp_cipher_encrypt(c, buffer, &length);
if (status) {
cipher_dealloc(c);
return status;
@@ -440,7 +450,7 @@
srtp_octet_string_hex_string(test_case->aad,
test_case->aad_length_octets));
}
- status = cipher_decrypt(c, buffer, &length);
+ status = srtp_cipher_decrypt(c, buffer, &length);
if (status) {
cipher_dealloc(c);
return status;
@@ -514,7 +524,7 @@
timer = clock();
for (i = 0; i < num_trials; i++, nonce.v32[3] = i) {
cipher_set_iv(c, &nonce, direction_encrypt);
- cipher_encrypt(c, enc_buf, &len);
+ srtp_cipher_encrypt(c, enc_buf, &len);
}
timer = clock() - timer;
diff --git a/crypto/include/cipher.h b/crypto/include/cipher.h
index 711fc92..fe20948 100644
--- a/crypto/include/cipher.h
+++ b/crypto/include/cipher.h
@@ -175,15 +175,9 @@
#define cipher_init(c, k) (((c)->type)->init(((c)->state), (k), ((c)->key_len)))
-#define cipher_encrypt(c, buf, len) \
- (((c)->type)->encrypt(((c)->state), (buf), (len)))
-
#define cipher_get_tag(c, buf, len) \
(((c)->type)->get_tag(((c)->state), (buf), (len)))
-#define cipher_decrypt(c, buf, len) \
- (((c)->type)->decrypt(((c)->state), (buf), (len)))
-
#define cipher_set_iv(c, n, dir) \
((c) ? (((c)->type)->set_iv(((srtp_cipher_pointer_t)(c)->state), (n), (dir))) : \
srtp_err_status_no_such_op)
@@ -192,8 +186,6 @@
(((c)->type)->set_aad(((c)->state), (a), (l))) : \
srtp_err_status_no_such_op)
-srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, uint8_t *buffer, int num_octets_to_output);
-
/* some bookkeeping functions */
int srtp_cipher_get_key_length(const srtp_cipher_t *c);
@@ -227,6 +219,8 @@
*/
uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, int octets_in_buffer, int num_trials);
-srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, uint8_t *buffer, int num_octets_to_output);
+srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
#endif /* CIPHER_H */
diff --git a/crypto/test/cipher_driver.c b/crypto/test/cipher_driver.c
index 8f85396..553cf24 100644
--- a/crypto/test/cipher_driver.c
+++ b/crypto/test/cipher_driver.c
@@ -166,7 +166,7 @@
usage(argv[0]);
}
}
-
+
printf("cipher test driver\n"
"David A. McGrew\n"
"Cisco Systems, Inc.\n");
@@ -384,7 +384,7 @@
return status;
/* generate 'reference' value by encrypting all at once */
- status = cipher_encrypt(c, buffer0, &buflen);
+ status = srtp_cipher_encrypt(c, buffer0, &buflen);
if (status)
return status;
@@ -405,7 +405,7 @@
if (current + len > end)
len = end - current;
- status = cipher_encrypt(c, current, &len);
+ status = srtp_cipher_encrypt(c, current, &len);
if (status)
return status;
@@ -544,13 +544,13 @@
v128_set_to_zero(&nonce);
timer = clock();
for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
- /* length parameter to cipher_encrypt is in/out -- out is total, padded
+ /* length parameter to srtp_cipher_encrypt is in/out -- out is total, padded
* length -- so reset it each time. */
unsigned octets_to_encrypt = octets_in_buffer;
/* encrypt buffer with cipher */
cipher_set_iv(cipher_array[cipher_index], &nonce, direction_encrypt);
- cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt);
+ srtp_cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt);
/* choose a cipher at random from the array*/
cipher_index = (*((uint32_t *)enc_buf)) % num_cipher;
diff --git a/crypto/test/stat_driver.c b/crypto/test/stat_driver.c
index 4f90303..2100e2c 100644
--- a/crypto/test/stat_driver.c
+++ b/crypto/test/stat_driver.c
@@ -84,7 +84,7 @@
err_check(cipher_type_alloc(&srtp_aes_icm, &c, 30, 0));
err_check(cipher_init(c, key));
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
@@ -99,7 +99,7 @@
buffer[i] = 0;
nonce.v32[3] = i;
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
if (stat_test_runs(buffer)) {
num_fail++;
}
@@ -118,7 +118,7 @@
err_check(cipher_type_alloc(&srtp_aes_icm, &c, 46, 0));
err_check(cipher_init(c, key));
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
@@ -133,7 +133,7 @@
buffer[i] = 0;
nonce.v32[3] = i;
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
if (stat_test_runs(buffer)) {
num_fail++;
}
@@ -149,7 +149,7 @@
err_check(cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, SRTP_AES_128_GCM_KEYSIZE_WSALT, 8));
err_check(cipher_init(c, key));
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
@@ -163,7 +163,7 @@
}
nonce.v32[3] = i;
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
buf_len = 2500;
if (stat_test_runs(buffer)) {
num_fail++;
@@ -178,7 +178,7 @@
err_check(cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, SRTP_AES_256_GCM_KEYSIZE_WSALT, 16));
err_check(cipher_init(c, key));
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
@@ -192,7 +192,7 @@
}
nonce.v32[3] = i;
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
buf_len = 2500;
if (stat_test_runs(buffer)) {
num_fail++;
diff --git a/srtp/srtp.c b/srtp/srtp.c
index e9cdaa9..44fb39a 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -429,7 +429,7 @@
/* generate keystream output */
octet_string_set_to_zero(key, length);
- status = cipher_encrypt(kdf->cipher, key, &length);
+ status = srtp_cipher_encrypt(kdf->cipher, key, &length);
if (status)
return status;
@@ -978,7 +978,7 @@
}
/* Encrypt the payload */
- status = cipher_encrypt(stream->rtp_cipher,
+ status = srtp_cipher_encrypt(stream->rtp_cipher,
(uint8_t*)enc_start, &enc_octet_len);
if (status) {
return srtp_err_status_cipher_fail;
@@ -1097,8 +1097,7 @@
/* Decrypt the ciphertext. This also checks the auth tag based
* on the AAD we just specified above */
- status = cipher_decrypt(stream->rtp_cipher,
- (uint8_t*)enc_start, &enc_octet_len);
+ status = srtp_cipher_decrypt(stream->rtp_cipher, (uint8_t*)enc_start, &enc_octet_len);
if (status) {
return status;
}
@@ -1176,7 +1175,7 @@
srtp_err_status_t status;
int tag_len;
srtp_stream_ctx_t *stream;
- int prefix_len;
+ uint32_t prefix_len;
debug_print(mod_srtp, "function srtp_protect", NULL);
@@ -1368,7 +1367,7 @@
prefix_len = srtp_auth_get_prefix_length(stream->rtp_auth);
if (prefix_len) {
- status = srtp_cipher_output(stream->rtp_cipher, auth_tag, prefix_len);
+ status = srtp_cipher_output(stream->rtp_cipher, auth_tag, &prefix_len);
if (status)
return srtp_err_status_cipher_fail;
debug_print(mod_srtp, "keystream prefix: %s",
@@ -1378,8 +1377,8 @@
/* if we're encrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_encrypt(stream->rtp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ status = srtp_cipher_encrypt(stream->rtp_cipher,
+ (uint8_t *)enc_start, &enc_octet_len);
if (status)
return srtp_err_status_cipher_fail;
}
@@ -1432,7 +1431,7 @@
srtp_err_status_t status;
srtp_stream_ctx_t *stream;
uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
- int tag_len, prefix_len;
+ uint32_t tag_len, prefix_len;
debug_print(mod_srtp, "function srtp_unprotect", NULL);
@@ -1596,7 +1595,7 @@
if (stream->rtp_auth->prefix_len != 0) {
prefix_len = srtp_auth_get_prefix_length(stream->rtp_auth);
- status = srtp_cipher_output(stream->rtp_cipher, tmp_tag, prefix_len);
+ status = srtp_cipher_output(stream->rtp_cipher, tmp_tag, &prefix_len);
debug_print(mod_srtp, "keystream prefix: %s",
srtp_octet_string_hex_string(tmp_tag, prefix_len));
if (status)
@@ -1645,8 +1644,7 @@
/* if we're decrypting, add keystream into ciphertext */
if (enc_start) {
- status = cipher_decrypt(stream->rtp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ status = srtp_cipher_decrypt(stream->rtp_cipher, (uint8_t *)enc_start, &enc_octet_len);
if (status)
return srtp_err_status_cipher_fail;
}
@@ -2369,8 +2367,8 @@
/* if we're encrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_encrypt(stream->rtcp_cipher,
- (uint8_t*)enc_start, &enc_octet_len);
+ status = srtp_cipher_encrypt(stream->rtcp_cipher,
+ (uint8_t*)enc_start, &enc_octet_len);
if (status) {
return srtp_err_status_cipher_fail;
}
@@ -2389,7 +2387,7 @@
* to run the cipher to get the auth tag.
*/
unsigned int nolen = 0;
- status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen);
+ status = srtp_cipher_encrypt(stream->rtcp_cipher, NULL, &nolen);
if (status) {
return srtp_err_status_cipher_fail;
}
@@ -2520,8 +2518,7 @@
/* if we're decrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_decrypt(stream->rtcp_cipher,
- (uint8_t*)enc_start, &enc_octet_len);
+ status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t*)enc_start, &enc_octet_len);
if (status) {
return status;
}
@@ -2530,8 +2527,7 @@
* Still need to run the cipher to check the tag
*/
tmp_len = tag_len;
- status = cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag,
- &tmp_len);
+ status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag, &tmp_len);
if (status) {
return status;
}
@@ -2603,7 +2599,7 @@
srtp_err_status_t status;
int tag_len;
srtp_stream_ctx_t *stream;
- int prefix_len;
+ uint32_t prefix_len;
uint32_t seq_num;
/* we assume the hdr is 32-bit aligned to start */
@@ -2749,7 +2745,7 @@
/* put keystream prefix into auth_tag */
prefix_len = srtp_auth_get_prefix_length(stream->rtcp_auth);
- status = srtp_cipher_output(stream->rtcp_cipher, auth_tag, prefix_len);
+ status = srtp_cipher_output(stream->rtcp_cipher, auth_tag, &prefix_len);
debug_print(mod_srtp, "keystream prefix: %s",
srtp_octet_string_hex_string(auth_tag, prefix_len));
@@ -2760,8 +2756,8 @@
/* if we're encrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_encrypt(stream->rtcp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ status = srtp_cipher_encrypt(stream->rtcp_cipher,
+ (uint8_t *)enc_start, &enc_octet_len);
if (status)
return srtp_err_status_cipher_fail;
}
@@ -2803,7 +2799,7 @@
unsigned int auth_len;
int tag_len;
srtp_stream_ctx_t *stream;
- int prefix_len;
+ uint32_t prefix_len;
uint32_t seq_num;
int e_bit_in_packet; /* whether the E-bit was found in the packet */
int sec_serv_confidentiality; /* whether confidentiality was requested */
@@ -2984,7 +2980,7 @@
*/
prefix_len = srtp_auth_get_prefix_length(stream->rtcp_auth);
if (prefix_len) {
- status = srtp_cipher_output(stream->rtcp_cipher, auth_tag, prefix_len);
+ status = srtp_cipher_output(stream->rtcp_cipher, auth_tag, &prefix_len);
debug_print(mod_srtp, "keystream prefix: %s",
srtp_octet_string_hex_string(auth_tag, prefix_len));
if (status)
@@ -2993,8 +2989,7 @@
/* if we're decrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_decrypt(stream->rtcp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ status = srtp_cipher_decrypt(stream->rtcp_cipher, (uint8_t *)enc_start, &enc_octet_len);
if (status)
return srtp_err_status_cipher_fail;
}