/* This program is released under the Common Public License V1.0
*
* You should have received a copy of Common Public License V1.0 along with
* with this program.
*
* Copyright IBM Corp. 2016
*
*/
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <ica_api.h>
#define AES_CIPHER_BLOCK_SIZE 16
/* This example uses a static key. In real life you would
* use your real AES key, which is negotiated between the
* encrypting and the decrypting entity.
*
* Note: AES-128 key size is 16 bytes (AES_KEY_LEN128)
*/
unsigned char aes_key[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
/* This is the plain data, you want to encrypt.
*/
unsigned char plain_data[] = {
0x55, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x6c, 0x69,
0x62, 0x69, 0x63, 0x61, 0x20, 0x69, 0x73, 0x20,
0x73, 0x6d, 0x61, 0x72, 0x74, 0x20, 0x61, 0x6e,
0x64, 0x20, 0x65, 0x61, 0x73, 0x79, 0x21, 0x00
};
/* This is the initialization vector. The initialization vector
* size must be greater than 0 and less than 261. A length of
* 12 is recommended.
*/
unsigned char iv[12] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B
};
/* This is additional authenticated data. It is subject to the
* message authentication code computation, but is not encrypted.
*/
unsigned char aad[] = {
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
};
/* Prints hex values to standard out. */
static void dump_data(unsigned char *data, unsigned long length);
/* Prints a description of the return value to standard out. */
static int handle_ica_error(int rc);
int main(char **argv, int argc)
{
int rc;
/* This is a buffer for the message authentication code (tag) for
* the additional authenticated data in aad and the plain text.
* Note: The authentication strength depends on the length of the
* authentication tag
*/
unsigned char tag[16];
unsigned char cipher_data[sizeof(plain_data)];
unsigned char decrypt_data[sizeof(plain_data)];
/* Dump key, iv, aad and plain data to standard output, just for
* a visual control.
*/
printf("AES key:\n");
dump_data(aes_key, sizeof(aes_key));
printf("IV:\n");
dump_data(iv, sizeof(iv));
printf("AAD:\n");
dump_data(aad, sizeof(aad));
printf("plain data:\n");
dump_data(plain_data, sizeof(plain_data));
/* Encrypt plain data to cipher data, using libica API.
* This will also compute the authetication code (tag) from
* the plain data and the additional authenticated data.
*/
rc = ica_aes_gcm(plain_data, sizeof(plain_data), cipher_data,
iv, sizeof(iv),
aad, sizeof(aad),
tag, sizeof(tag),
aes_key, AES_KEY_LEN128,
ICA_ENCRYPT);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
/* Dump encrypted data.
*/
printf("encrypted data:\n");
dump_data(cipher_data, sizeof(plain_data));
printf("Authetication code:\n");
dump_data(tag, sizeof(tag));
/* Decrypt cipher data to decrypted data, using libica API.
* Note: The same AES key, IV and AAD must be used for encryption and
* decryption. The authentication code (tag) is verified against the
* decrypted data and the additional authenticated data. If the
* authentication code does not match, EFAULT is returned.
*/
rc = ica_aes_gcm(decrypt_data, sizeof(plain_data), cipher_data,
iv, sizeof(iv),
aad, sizeof(aad),
tag, sizeof(tag),
aes_key, AES_KEY_LEN128,
ICA_DECRYPT);
/* Error handling (if necessary). */
if (rc)
return handle_ica_error(rc);
/* Dump decrypted data.
* Note: Please compare output with the plain data, they are the same.
*/
printf("decrypted data:\n");
dump_data(decrypt_data, sizeof(plain_data));
/* Surprise... :-)
* Note: The following will only work in this example!
*/
printf("%s\n", decrypt_data);
return rc;
}
static void dump_data(unsigned char *data, unsigned long length)
{
unsigned char *ptr;
int i;
for (ptr = data, i = 1; ptr < (data+length); ptr++, i++) {
printf("0x%02x ", *ptr);
if ((i % AES_CIPHER_BLOCK_SIZE) == 0)
printf("\n");
}
if (i % AES_CIPHER_BLOCK_SIZE)
printf("\n");
}
static int handle_ica_error(int rc)
{
switch (rc) {
case 0:
printf("OK\n");
break;
case EINVAL:
printf("Incorrect parameter.\n");
break;
case EPERM:
printf("Operation not permitted by Hardware (CPACF).\n");
break;
case EIO:
printf("I/O error.\n");
break;
case EFAULT:
printf("The verification of the message authentication code has failed.\n");
break;
default:
printf("unknown error.\n");
}
return rc;
}