/* This program is released under the Common Public License V1.0
*
* You should have received a copy of Common Public License V1.0 along with
* with this program.
*
* Copyright IBM Corp. 2016
*
*/
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <ica_api.h>
#define AES_CIPHER_BLOCK_SIZE 16
/* This example uses a static key. In real life you would
* use your real AES key, which is negotiated between the
* encrypting and the decrypting entity.
*
* Note: AES-128 key size is 16 bytes (AES_KEY_LEN128)
*/
unsigned char aes_key[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
};
/* This is the plain data, you want to encrypt. For the
* encryption mode used in this example, it is necessary,
* that the length of the encrypted data is a multiple of
* the AES cipher block size (AES_CIPHER_BLOCK_SIZE).
*/
unsigned char plain_data[] = {
0x55, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x6c, 0x69,
0x62, 0x69, 0x63, 0x61, 0x20, 0x69, 0x73, 0x20,
0x73, 0x6d, 0x61, 0x72, 0x74, 0x20, 0x61, 0x6e,
0x64, 0x20, 0x65, 0x61, 0x73, 0x79, 0x21, 0x00,
};
/* Prints hex values to standard out. */
static void dump_data(unsigned char *data, unsigned long length);
/* Prints a description of the return value to standard out. */
static int handle_ica_error(int rc);
int main(int argc, char **argv)
{
int rc;
/* This is the initialization vector. The initialization vector
* is of the same size as the cipher block (AES_CIPHER_BLOCK_SIZE).
* We are generating it per random number generator. In real life
* you would use an initialization vector which is negotiated
* between the encrypting and the decrypting entity.
*/
unsigned char random_iv[AES_CIPHER_BLOCK_SIZE];
/* Since libica function ica_aes_cbc updates the initialization
* vector, we let ica_aes_cbc work on a copy of the generated
* initialization vector. We will need the original initialization
* vector for decrypting the data later on.
*/
unsigned char iv[AES_CIPHER_BLOCK_SIZE];
unsigned char cipher_data[sizeof(plain_data)];
unsigned char decrypt_data[sizeof(plain_data)];
/* Generate the initialization vector by random */
rc = ica_random_number_generate(sizeof(random_iv), random_iv);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
/* Dump key, iv and plain data to standard output, just for
* a visual control.
*/
printf("AES key:\n");
dump_data(aes_key, sizeof(aes_key));
printf("IV:\n");
dump_data(random_iv, sizeof(random_iv));
printf("plain data:\n");
dump_data(plain_data, sizeof(plain_data));
/* Copy the generated initialization vector so that we still
* have the original one available after the call to ica_aes_cbc.
*/
memcpy(iv,random_iv,sizeof(iv));
/* Encrypt plain data to cipher data, using libica API.
*/
rc = ica_aes_cbc(plain_data, cipher_data, sizeof(plain_data),
aes_key, AES_KEY_LEN128, iv,
ICA_ENCRYPT);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
/* Dump encrypted data. */
printf("encrypted data:\n");
dump_data(cipher_data, sizeof(plain_data));
/* Get the original initialization vector, because ica_aes_cbc
* has modified the iv variable on encryption.
*/
memcpy(iv,random_iv,sizeof(iv));
/* Decrypt cipher data to decrypted data, using libica API.
* Note: The same AES key and IV must be used for encryption and
* decryption.
*/
rc = ica_aes_cbc(cipher_data, decrypt_data, sizeof(plain_data),
aes_key, AES_KEY_LEN128, iv,
ICA_DECRYPT);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
/* Dump decrypted data.
* Note: Please compare output with the plain data, they are the same.
*/
printf("decrypted data:\n");
dump_data(decrypt_data, sizeof(plain_data));
/* Surprise... :-)
* Note: The following will only work in this example!
*/
printf("%s\n", decrypt_data);
}
static void dump_data(unsigned char *data, unsigned long length)
{
unsigned char *ptr;
int i;
for (ptr = data, i = 1; ptr < (data+length); ptr++, i++) {
printf("0x%02x ", *ptr);
if ((i % AES_CIPHER_BLOCK_SIZE) == 0)
printf("\n");
}
if (i % AES_CIPHER_BLOCK_SIZE)
printf("\n");
}
static int handle_ica_error(int rc)
{
switch (rc) {
case 0:
printf("OK\n");
break;
case EINVAL:
printf("Incorrect parameter.\n");
break;
case EPERM:
printf("Operation not permitted by Hardware (CPACF).\n");
break;
case EIO:
printf("I/O error.\n");
break;
default:
printf("unknown error.\n");
}
return rc;
}