1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/netwerk/srtp/src/crypto/ae_xfm/xfm.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,605 @@
1.4 +/*
1.5 + * xfm.c
1.6 + *
1.7 + * Crypto transform implementation
1.8 + *
1.9 + * David A. McGrew
1.10 + * Cisco Systems, Inc.
1.11 + */
1.12 +/*
1.13 + *
1.14 + * Copyright (c) 2001-2006, Cisco Systems, Inc.
1.15 + * All rights reserved.
1.16 + *
1.17 + * Redistribution and use in source and binary forms, with or without
1.18 + * modification, are permitted provided that the following conditions
1.19 + * are met:
1.20 + *
1.21 + * Redistributions of source code must retain the above copyright
1.22 + * notice, this list of conditions and the following disclaimer.
1.23 + *
1.24 + * Redistributions in binary form must reproduce the above
1.25 + * copyright notice, this list of conditions and the following
1.26 + * disclaimer in the documentation and/or other materials provided
1.27 + * with the distribution.
1.28 + *
1.29 + * Neither the name of the Cisco Systems, Inc. nor the names of its
1.30 + * contributors may be used to endorse or promote products derived
1.31 + * from this software without specific prior written permission.
1.32 + *
1.33 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.34 + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.35 + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
1.36 + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
1.37 + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
1.38 + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1.39 + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1.40 + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.41 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.42 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.43 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.44 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.45 + *
1.46 + */
1.47 +
1.48 +#include "cryptoalg.h"
1.49 +#include "aes_cbc.h"
1.50 +#include "hmac.h"
1.51 +#include "crypto_kernel.h" /* for crypto_get_random() */
1.52 +
1.53 +#define KEY_LEN 16
1.54 +#define ENC_KEY_LEN 16
1.55 +#define MAC_KEY_LEN 16
1.56 +#define IV_LEN 16
1.57 +#define TAG_LEN 12
1.58 +#define MAX_EXPAND 27
1.59 +
1.60 +err_status_t
1.61 +aes_128_cbc_hmac_sha1_96_func(void *key,
1.62 + void *clear,
1.63 + unsigned clear_len,
1.64 + void *iv,
1.65 + void *opaque,
1.66 + unsigned *opaque_len,
1.67 + void *auth_tag) {
1.68 + aes_cbc_ctx_t aes_ctx;
1.69 + hmac_ctx_t hmac_ctx;
1.70 + unsigned char enc_key[ENC_KEY_LEN];
1.71 + unsigned char mac_key[MAC_KEY_LEN];
1.72 + err_status_t status;
1.73 +
1.74 + /* check if we're doing authentication only */
1.75 + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
1.76 +
1.77 + /* perform authentication only */
1.78 +
1.79 + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
1.80 +
1.81 + /*
1.82 + * bad parameter - we expect either all three pointers to be NULL,
1.83 + * or none of those pointers to be NULL
1.84 + */
1.85 + return err_status_fail;
1.86 +
1.87 + } else {
1.88 +
1.89 + /* derive encryption and authentication keys from the input key */
1.90 + status = hmac_init(&hmac_ctx, key, KEY_LEN);
1.91 + if (status) return status;
1.92 + status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
1.93 + if (status) return status;
1.94 +
1.95 + status = hmac_init(&hmac_ctx, key, KEY_LEN);
1.96 + if (status) return status;
1.97 + status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
1.98 + if (status) return status;
1.99 +
1.100 +
1.101 + /* perform encryption and authentication */
1.102 +
1.103 + /* set aes key */
1.104 + status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
1.105 + if (status) return status;
1.106 +
1.107 + /* set iv */
1.108 + status = crypto_get_random(iv, IV_LEN);
1.109 + if (status) return status;
1.110 + status = aes_cbc_set_iv(&aes_ctx, iv);
1.111 +
1.112 + /* encrypt the opaque data */
1.113 + status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
1.114 + if (status) return status;
1.115 +
1.116 + /* authenticate clear and opaque data */
1.117 + status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
1.118 + if (status) return status;
1.119 +
1.120 + status = hmac_start(&hmac_ctx);
1.121 + if (status) return status;
1.122 +
1.123 + status = hmac_update(&hmac_ctx, clear, clear_len);
1.124 + if (status) return status;
1.125 +
1.126 + status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
1.127 + if (status) return status;
1.128 +
1.129 + }
1.130 +
1.131 + return err_status_ok;
1.132 +}
1.133 +
1.134 +err_status_t
1.135 +aes_128_cbc_hmac_sha1_96_inv(void *key,
1.136 + void *clear,
1.137 + unsigned clear_len,
1.138 + void *iv,
1.139 + void *opaque,
1.140 + unsigned *opaque_len,
1.141 + void *auth_tag) {
1.142 + aes_cbc_ctx_t aes_ctx;
1.143 + hmac_ctx_t hmac_ctx;
1.144 + unsigned char enc_key[ENC_KEY_LEN];
1.145 + unsigned char mac_key[MAC_KEY_LEN];
1.146 + unsigned char tmp_tag[TAG_LEN];
1.147 + unsigned char *tag = auth_tag;
1.148 + err_status_t status;
1.149 + int i;
1.150 +
1.151 + /* check if we're doing authentication only */
1.152 + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
1.153 +
1.154 + /* perform authentication only */
1.155 +
1.156 + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
1.157 +
1.158 + /*
1.159 + * bad parameter - we expect either all three pointers to be NULL,
1.160 + * or none of those pointers to be NULL
1.161 + */
1.162 + return err_status_fail;
1.163 +
1.164 + } else {
1.165 +
1.166 + /* derive encryption and authentication keys from the input key */
1.167 + status = hmac_init(&hmac_ctx, key, KEY_LEN);
1.168 + if (status) return status;
1.169 + status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
1.170 + if (status) return status;
1.171 +
1.172 + status = hmac_init(&hmac_ctx, key, KEY_LEN);
1.173 + if (status) return status;
1.174 + status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
1.175 + if (status) return status;
1.176 +
1.177 + /* perform encryption and authentication */
1.178 +
1.179 + /* set aes key */
1.180 + status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
1.181 + if (status) return status;
1.182 +
1.183 + /* set iv */
1.184 + status = rand_source_get_octet_string(iv, IV_LEN);
1.185 + if (status) return status;
1.186 + status = aes_cbc_set_iv(&aes_ctx, iv);
1.187 +
1.188 + /* encrypt the opaque data */
1.189 + status = aes_cbc_nist_decrypt(&aes_ctx, opaque, opaque_len);
1.190 + if (status) return status;
1.191 +
1.192 + /* authenticate clear and opaque data */
1.193 + status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
1.194 + if (status) return status;
1.195 +
1.196 + status = hmac_start(&hmac_ctx);
1.197 + if (status) return status;
1.198 +
1.199 + status = hmac_update(&hmac_ctx, clear, clear_len);
1.200 + if (status) return status;
1.201 +
1.202 + status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, tmp_tag);
1.203 + if (status) return status;
1.204 +
1.205 + /* compare the computed tag with the one provided as input */
1.206 + for (i=0; i < TAG_LEN; i++)
1.207 + if (tmp_tag[i] != tag[i])
1.208 + return err_status_auth_fail;
1.209 +
1.210 + }
1.211 +
1.212 + return err_status_ok;
1.213 +}
1.214 +
1.215 +
1.216 +#define ENC 1
1.217 +
1.218 +#define DEBUG 0
1.219 +
1.220 +err_status_t
1.221 +aes_128_cbc_hmac_sha1_96_enc(void *key,
1.222 + const void *clear,
1.223 + unsigned clear_len,
1.224 + void *iv,
1.225 + void *opaque,
1.226 + unsigned *opaque_len) {
1.227 + aes_cbc_ctx_t aes_ctx;
1.228 + hmac_ctx_t hmac_ctx;
1.229 + unsigned char enc_key[ENC_KEY_LEN];
1.230 + unsigned char mac_key[MAC_KEY_LEN];
1.231 + unsigned char *auth_tag;
1.232 + err_status_t status;
1.233 +
1.234 + /* check if we're doing authentication only */
1.235 + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
1.236 +
1.237 + /* perform authentication only */
1.238 +
1.239 + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
1.240 +
1.241 + /*
1.242 + * bad parameter - we expect either all three pointers to be NULL,
1.243 + * or none of those pointers to be NULL
1.244 + */
1.245 + return err_status_fail;
1.246 +
1.247 + } else {
1.248 +
1.249 +#if DEBUG
1.250 + printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
1.251 +#endif
1.252 +
1.253 + /* derive encryption and authentication keys from the input key */
1.254 + status = hmac_init(&hmac_ctx, key, KEY_LEN);
1.255 + if (status) return status;
1.256 + status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
1.257 + if (status) return status;
1.258 +
1.259 + status = hmac_init(&hmac_ctx, key, KEY_LEN);
1.260 + if (status) return status;
1.261 + status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
1.262 + if (status) return status;
1.263 +
1.264 +
1.265 + /* perform encryption and authentication */
1.266 +
1.267 + /* set aes key */
1.268 + status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
1.269 + if (status) return status;
1.270 +
1.271 + /* set iv */
1.272 + status = rand_source_get_octet_string(iv, IV_LEN);
1.273 + if (status) return status;
1.274 + status = aes_cbc_set_iv(&aes_ctx, iv);
1.275 + if (status) return status;
1.276 +
1.277 +#if DEBUG
1.278 + printf("plaintext len: %d\n", *opaque_len);
1.279 + printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
1.280 + printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len));
1.281 +#endif
1.282 +
1.283 +#if ENC
1.284 + /* encrypt the opaque data */
1.285 + status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
1.286 + if (status) return status;
1.287 +#endif
1.288 +
1.289 +#if DEBUG
1.290 + printf("ciphertext len: %d\n", *opaque_len);
1.291 + printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
1.292 +#endif
1.293 +
1.294 + /*
1.295 + * authenticate clear and opaque data, then write the
1.296 + * authentication tag to the location immediately following the
1.297 + * ciphertext
1.298 + */
1.299 + status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
1.300 + if (status) return status;
1.301 +
1.302 + status = hmac_start(&hmac_ctx);
1.303 + if (status) return status;
1.304 +
1.305 + status = hmac_update(&hmac_ctx, clear, clear_len);
1.306 + if (status) return status;
1.307 +#if DEBUG
1.308 + printf("hmac input: %s\n",
1.309 + octet_string_hex_string(clear, clear_len));
1.310 +#endif
1.311 + auth_tag = (unsigned char *)opaque;
1.312 + auth_tag += *opaque_len;
1.313 + status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
1.314 + if (status) return status;
1.315 +#if DEBUG
1.316 + printf("hmac input: %s\n",
1.317 + octet_string_hex_string(opaque, *opaque_len));
1.318 +#endif
1.319 + /* bump up the opaque_len to reflect the authentication tag */
1.320 + *opaque_len += TAG_LEN;
1.321 +
1.322 +#if DEBUG
1.323 + printf("prot data len: %d\n", *opaque_len);
1.324 + printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
1.325 +#endif
1.326 + }
1.327 +
1.328 + return err_status_ok;
1.329 +}
1.330 +
1.331 +err_status_t
1.332 +aes_128_cbc_hmac_sha1_96_dec(void *key,
1.333 + const void *clear,
1.334 + unsigned clear_len,
1.335 + void *iv,
1.336 + void *opaque,
1.337 + unsigned *opaque_len) {
1.338 + aes_cbc_ctx_t aes_ctx;
1.339 + hmac_ctx_t hmac_ctx;
1.340 + unsigned char enc_key[ENC_KEY_LEN];
1.341 + unsigned char mac_key[MAC_KEY_LEN];
1.342 + unsigned char tmp_tag[TAG_LEN];
1.343 + unsigned char *auth_tag;
1.344 + unsigned ciphertext_len;
1.345 + err_status_t status;
1.346 + int i;
1.347 +
1.348 + /* check if we're doing authentication only */
1.349 + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
1.350 +
1.351 + /* perform authentication only */
1.352 +
1.353 + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
1.354 +
1.355 + /*
1.356 + * bad parameter - we expect either all three pointers to be NULL,
1.357 + * or none of those pointers to be NULL
1.358 + */
1.359 + return err_status_fail;
1.360 +
1.361 + } else {
1.362 +#if DEBUG
1.363 + printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
1.364 +#endif
1.365 +
1.366 + /* derive encryption and authentication keys from the input key */
1.367 + status = hmac_init(&hmac_ctx, key, KEY_LEN);
1.368 + if (status) return status;
1.369 + status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
1.370 + if (status) return status;
1.371 +
1.372 + status = hmac_init(&hmac_ctx, key, KEY_LEN);
1.373 + if (status) return status;
1.374 + status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
1.375 + if (status) return status;
1.376 +
1.377 +#if DEBUG
1.378 + printf("prot data len: %d\n", *opaque_len);
1.379 + printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
1.380 +#endif
1.381 +
1.382 + /*
1.383 + * set the protected data length to that of the ciphertext, by
1.384 + * subtracting out the length of the authentication tag
1.385 + */
1.386 + ciphertext_len = *opaque_len - TAG_LEN;
1.387 +
1.388 +#if DEBUG
1.389 + printf("ciphertext len: %d\n", ciphertext_len);
1.390 +#endif
1.391 + /* verify the authentication tag */
1.392 +
1.393 + /*
1.394 + * compute the authentication tag for the clear and opaque data,
1.395 + * and write it to a temporary location
1.396 + */
1.397 + status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
1.398 + if (status) return status;
1.399 +
1.400 + status = hmac_start(&hmac_ctx);
1.401 + if (status) return status;
1.402 +
1.403 + status = hmac_update(&hmac_ctx, clear, clear_len);
1.404 + if (status) return status;
1.405 +
1.406 +#if DEBUG
1.407 + printf("hmac input: %s\n",
1.408 + octet_string_hex_string(clear, clear_len));
1.409 +#endif
1.410 +
1.411 + status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag);
1.412 + if (status) return status;
1.413 +
1.414 +#if DEBUG
1.415 + printf("hmac input: %s\n",
1.416 + octet_string_hex_string(opaque, ciphertext_len));
1.417 +#endif
1.418 +
1.419 + /*
1.420 + * compare the computed tag with the one provided as input (which
1.421 + * immediately follows the ciphertext)
1.422 + */
1.423 + auth_tag = (unsigned char *)opaque;
1.424 + auth_tag += ciphertext_len;
1.425 +#if DEBUG
1.426 + printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN));
1.427 + printf("tmp_tag: %s\n", octet_string_hex_string(tmp_tag, TAG_LEN));
1.428 +#endif
1.429 + for (i=0; i < TAG_LEN; i++) {
1.430 + if (tmp_tag[i] != auth_tag[i])
1.431 + return err_status_auth_fail;
1.432 + }
1.433 +
1.434 + /* bump down the opaque_len to reflect the authentication tag */
1.435 + *opaque_len -= TAG_LEN;
1.436 +
1.437 + /* decrypt the confidential data */
1.438 + status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
1.439 + if (status) return status;
1.440 + status = aes_cbc_set_iv(&aes_ctx, iv);
1.441 + if (status) return status;
1.442 +
1.443 +#if DEBUG
1.444 + printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
1.445 + printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
1.446 +#endif
1.447 +
1.448 +#if ENC
1.449 + status = aes_cbc_nist_decrypt(&aes_ctx, opaque, &ciphertext_len);
1.450 + if (status) return status;
1.451 +#endif
1.452 +
1.453 +#if DEBUG
1.454 + printf("plaintext len: %d\n", ciphertext_len);
1.455 + printf("plaintext: %s\n",
1.456 + octet_string_hex_string(opaque, ciphertext_len));
1.457 +#endif
1.458 +
1.459 + /* indicate the length of the plaintext */
1.460 + *opaque_len = ciphertext_len;
1.461 + }
1.462 +
1.463 + return err_status_ok;
1.464 +}
1.465 +
1.466 +cryptoalg_ctx_t cryptoalg_ctx = {
1.467 + aes_128_cbc_hmac_sha1_96_enc,
1.468 + aes_128_cbc_hmac_sha1_96_dec,
1.469 + KEY_LEN,
1.470 + IV_LEN,
1.471 + TAG_LEN,
1.472 + MAX_EXPAND,
1.473 +};
1.474 +
1.475 +cryptoalg_t cryptoalg = &cryptoalg_ctx;
1.476 +
1.477 +#define NULL_TAG_LEN 12
1.478 +
1.479 +err_status_t
1.480 +null_enc(void *key,
1.481 + const void *clear,
1.482 + unsigned clear_len,
1.483 + void *iv,
1.484 + void *opaque,
1.485 + unsigned *opaque_len) {
1.486 + int i;
1.487 + unsigned char *auth_tag;
1.488 + unsigned char *init_vec = iv;
1.489 +
1.490 + /* check if we're doing authentication only */
1.491 + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
1.492 +
1.493 + /* perform authentication only */
1.494 +
1.495 + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
1.496 +
1.497 + /*
1.498 + * bad parameter - we expect either all three pointers to be NULL,
1.499 + * or none of those pointers to be NULL
1.500 + */
1.501 + return err_status_fail;
1.502 +
1.503 + } else {
1.504 +
1.505 +#if DEBUG
1.506 + printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
1.507 + printf("NULL_TAG_LEN: %d\n", NULL_TAG_LEN);
1.508 + printf("plaintext len: %d\n", *opaque_len);
1.509 +#endif
1.510 + for (i=0; i < IV_LEN; i++)
1.511 + init_vec[i] = i + (i * 16);
1.512 +#if DEBUG
1.513 + printf("iv: %s\n",
1.514 + octet_string_hex_string(iv, IV_LEN));
1.515 + printf("plaintext: %s\n",
1.516 + octet_string_hex_string(opaque, *opaque_len));
1.517 +#endif
1.518 + auth_tag = opaque;
1.519 + auth_tag += *opaque_len;
1.520 + for (i=0; i < NULL_TAG_LEN; i++)
1.521 + auth_tag[i] = i + (i * 16);
1.522 + *opaque_len += NULL_TAG_LEN;
1.523 +#if DEBUG
1.524 + printf("protected data len: %d\n", *opaque_len);
1.525 + printf("protected data: %s\n",
1.526 + octet_string_hex_string(opaque, *opaque_len));
1.527 +#endif
1.528 +
1.529 + }
1.530 +
1.531 + return err_status_ok;
1.532 +}
1.533 +
1.534 +err_status_t
1.535 +null_dec(void *key,
1.536 + const void *clear,
1.537 + unsigned clear_len,
1.538 + void *iv,
1.539 + void *opaque,
1.540 + unsigned *opaque_len) {
1.541 + unsigned char *auth_tag;
1.542 +
1.543 + /* check if we're doing authentication only */
1.544 + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
1.545 +
1.546 + /* perform authentication only */
1.547 +
1.548 + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
1.549 +
1.550 + /*
1.551 + * bad parameter - we expect either all three pointers to be NULL,
1.552 + * or none of those pointers to be NULL
1.553 + */
1.554 + return err_status_fail;
1.555 +
1.556 + } else {
1.557 +
1.558 +#if DEBUG
1.559 + printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
1.560 +
1.561 + printf("protected data len: %d\n", *opaque_len);
1.562 + printf("protected data: %s\n",
1.563 + octet_string_hex_string(opaque, *opaque_len));
1.564 +#endif
1.565 + auth_tag = opaque;
1.566 + auth_tag += (*opaque_len - NULL_TAG_LEN);
1.567 +#if DEBUG
1.568 + printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
1.569 +#endif
1.570 + *opaque_len -= NULL_TAG_LEN;
1.571 +#if DEBUG
1.572 + printf("plaintext len: %d\n", *opaque_len);
1.573 + printf("plaintext: %s\n",
1.574 + octet_string_hex_string(opaque, *opaque_len));
1.575 +#endif
1.576 + }
1.577 +
1.578 + return err_status_ok;
1.579 +}
1.580 +
1.581 +cryptoalg_ctx_t null_cryptoalg_ctx = {
1.582 + null_enc,
1.583 + null_dec,
1.584 + KEY_LEN,
1.585 + IV_LEN,
1.586 + NULL_TAG_LEN,
1.587 + MAX_EXPAND,
1.588 +};
1.589 +
1.590 +cryptoalg_t null_cryptoalg = &null_cryptoalg_ctx;
1.591 +
1.592 +int
1.593 +cryptoalg_get_id(cryptoalg_t c) {
1.594 + if (c == cryptoalg)
1.595 + return 1;
1.596 + return 0;
1.597 +}
1.598 +
1.599 +cryptoalg_t
1.600 +cryptoalg_find_by_id(int id) {
1.601 + switch(id) {
1.602 + case 1:
1.603 + return cryptoalg;
1.604 + default:
1.605 + break;
1.606 + }
1.607 + return 0;
1.608 +}
