1 /*
2 * aes_icm_nss.c
3 *
4 * AES Integer Counter Mode
5 *
6 * Richard L. Barnes
7 * Cisco Systems, Inc.
8 */
9
10 /*
11 *
12 * Copyright (c) 2013-2017, Cisco Systems, Inc.
13 * All rights reserved.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 *
19 * Redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer.
21 *
22 * Redistributions in binary form must reproduce the above
23 * copyright notice, this list of conditions and the following
24 * disclaimer in the documentation and/or other materials provided
25 * with the distribution.
26 *
27 * Neither the name of the Cisco Systems, Inc. nor the names of its
28 * contributors may be used to endorse or promote products derived
29 * from this software without specific prior written permission.
30 *
31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
33 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
34 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
35 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
36 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
37 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
38 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
40 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
41 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
42 * OF THE POSSIBILITY OF SUCH DAMAGE.
43 *
44 */
45
46 #ifdef HAVE_CONFIG_H
47 #include <config.h>
48 #endif
49
50 #include "aes_icm_ext.h"
51 #include "crypto_types.h"
52 #include "err.h" /* for srtp_debug */
53 #include "alloc.h"
54 #include "cipher_types.h"
55
56 srtp_debug_module_t srtp_mod_aes_icm = {
57 0, /* debugging is off by default */
58 "aes icm nss" /* printable module name */
59 };
60
61 /*
62 * integer counter mode works as follows:
63 *
64 * 16 bits
65 * <----->
66 * +------+------+------+------+------+------+------+------+
67 * | nonce | packet index | ctr |---+
68 * +------+------+------+------+------+------+------+------+ |
69 * |
70 * +------+------+------+------+------+------+------+------+ v
71 * | salt |000000|->(+)
72 * +------+------+------+------+------+------+------+------+ |
73 * |
74 * +---------+
75 * | encrypt |
76 * +---------+
77 * |
78 * +------+------+------+------+------+------+------+------+ |
79 * | keystream block |<--+
80 * +------+------+------+------+------+------+------+------+
81 *
82 * All fields are big-endian
83 *
84 * ctr is the block counter, which increments from zero for
85 * each packet (16 bits wide)
86 *
87 * packet index is distinct for each packet (48 bits wide)
88 *
89 * nonce can be distinct across many uses of the same key, or
90 * can be a fixed value per key, or can be per-packet randomness
91 * (64 bits)
92 *
93 */
94
95 /*
96 * This function allocates a new instance of this crypto engine.
97 * The key_len parameter should be one of 30, 38, or 46 for
98 * AES-128, AES-192, and AES-256 respectively. Note, this key_len
99 * value is inflated, as it also accounts for the 112 bit salt
100 * value. The tlen argument is for the AEAD tag length, which
101 * isn't used in counter mode.
102 */
srtp_aes_icm_nss_alloc(srtp_cipher_t ** c,int key_len,int tlen)103 static srtp_err_status_t srtp_aes_icm_nss_alloc(srtp_cipher_t **c,
104 int key_len,
105 int tlen)
106 {
107 srtp_aes_icm_ctx_t *icm;
108 NSSInitContext *nss;
109
110 debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d",
111 key_len);
112
113 /*
114 * Verify the key_len is valid for one of: AES-128/192/256
115 */
116 if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT &&
117 key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT &&
118 key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
119 return srtp_err_status_bad_param;
120 }
121
122 /* Initialize NSS equiv of NSS_NoDB_Init(NULL) */
123 nss = NSS_InitContext("", "", "", "", NULL,
124 NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
125 NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
126 NSS_INIT_OPTIMIZESPACE);
127 if (!nss) {
128 return (srtp_err_status_cipher_fail);
129 }
130
131 /* allocate memory a cipher of type aes_icm */
132 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
133 if (*c == NULL) {
134 NSS_ShutdownContext(nss);
135 return srtp_err_status_alloc_fail;
136 }
137
138 icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
139 if (icm == NULL) {
140 NSS_ShutdownContext(nss);
141 srtp_crypto_free(*c);
142 *c = NULL;
143 return srtp_err_status_alloc_fail;
144 }
145
146 icm->key = NULL;
147 icm->ctx = NULL;
148 icm->nss = nss;
149
150 /* set pointers */
151 (*c)->state = icm;
152
153 /* setup cipher parameters */
154 switch (key_len) {
155 case SRTP_AES_ICM_128_KEY_LEN_WSALT:
156 (*c)->algorithm = SRTP_AES_ICM_128;
157 (*c)->type = &srtp_aes_icm_128;
158 icm->key_size = SRTP_AES_128_KEY_LEN;
159 break;
160 case SRTP_AES_ICM_192_KEY_LEN_WSALT:
161 (*c)->algorithm = SRTP_AES_ICM_192;
162 (*c)->type = &srtp_aes_icm_192;
163 icm->key_size = SRTP_AES_192_KEY_LEN;
164 break;
165 case SRTP_AES_ICM_256_KEY_LEN_WSALT:
166 (*c)->algorithm = SRTP_AES_ICM_256;
167 (*c)->type = &srtp_aes_icm_256;
168 icm->key_size = SRTP_AES_256_KEY_LEN;
169 break;
170 }
171
172 /* set key size */
173 (*c)->key_len = key_len;
174
175 return srtp_err_status_ok;
176 }
177
178 /*
179 * This function deallocates an instance of this engine
180 */
srtp_aes_icm_nss_dealloc(srtp_cipher_t * c)181 static srtp_err_status_t srtp_aes_icm_nss_dealloc(srtp_cipher_t *c)
182 {
183 srtp_aes_icm_ctx_t *ctx;
184
185 ctx = (srtp_aes_icm_ctx_t *)c->state;
186 if (ctx) {
187 /* free any PK11 values that have been created */
188 if (ctx->key) {
189 PK11_FreeSymKey(ctx->key);
190 ctx->key = NULL;
191 }
192
193 if (ctx->ctx) {
194 PK11_DestroyContext(ctx->ctx, PR_TRUE);
195 ctx->ctx = NULL;
196 }
197
198 if (ctx->nss) {
199 NSS_ShutdownContext(ctx->nss);
200 ctx->nss = NULL;
201 }
202
203 /* zeroize everything */
204 octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
205 srtp_crypto_free(ctx);
206 }
207
208 /* free memory */
209 srtp_crypto_free(c);
210
211 return (srtp_err_status_ok);
212 }
213
214 /*
215 * aes_icm_nss_context_init(...) initializes the aes_icm_context
216 * using the value in key[].
217 *
218 * the key is the secret key
219 *
220 * the salt is unpredictable (but not necessarily secret) data which
221 * randomizes the starting point in the keystream
222 */
srtp_aes_icm_nss_context_init(void * cv,const uint8_t * key)223 static srtp_err_status_t srtp_aes_icm_nss_context_init(void *cv,
224 const uint8_t *key)
225 {
226 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
227
228 /*
229 * set counter and initial values to 'offset' value, being careful not to
230 * go past the end of the key buffer
231 */
232 v128_set_to_zero(&c->counter);
233 v128_set_to_zero(&c->offset);
234 memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN);
235 memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN);
236
237 /* force last two octets of the offset to zero (for srtp compatibility) */
238 c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0;
239 c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0;
240
241 debug_print(srtp_mod_aes_icm, "key: %s",
242 srtp_octet_string_hex_string(key, c->key_size));
243 debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
244
245 if (c->key) {
246 PK11_FreeSymKey(c->key);
247 c->key = NULL;
248 }
249
250 PK11SlotInfo *slot = PK11_GetBestSlot(CKM_AES_CTR, NULL);
251 if (!slot) {
252 return srtp_err_status_bad_param;
253 }
254
255 SECItem keyItem = { siBuffer, (unsigned char *)key, c->key_size };
256 c->key = PK11_ImportSymKey(slot, CKM_AES_CTR, PK11_OriginUnwrap,
257 CKA_ENCRYPT, &keyItem, NULL);
258 PK11_FreeSlot(slot);
259
260 if (!c->key) {
261 return srtp_err_status_cipher_fail;
262 }
263
264 return (srtp_err_status_ok);
265 }
266
267 /*
268 * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
269 * the offset
270 */
srtp_aes_icm_nss_set_iv(void * cv,uint8_t * iv,srtp_cipher_direction_t dir)271 static srtp_err_status_t srtp_aes_icm_nss_set_iv(void *cv,
272 uint8_t *iv,
273 srtp_cipher_direction_t dir)
274 {
275 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
276 v128_t nonce;
277
278 /* set nonce (for alignment) */
279 v128_copy_octet_string(&nonce, iv);
280
281 debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
282
283 v128_xor(&c->counter, &c->offset, &nonce);
284
285 debug_print(srtp_mod_aes_icm, "set_counter: %s",
286 v128_hex_string(&c->counter));
287
288 /* set up the PK11 context now that we have all the info */
289 CK_AES_CTR_PARAMS param;
290 param.ulCounterBits = 16;
291 memcpy(param.cb, &c->counter, 16);
292
293 if (!c->key) {
294 return srtp_err_status_bad_param;
295 }
296
297 if (c->ctx) {
298 PK11_DestroyContext(c->ctx, PR_TRUE);
299 }
300
301 SECItem paramItem = { siBuffer, (unsigned char *)¶m,
302 sizeof(CK_AES_CTR_PARAMS) };
303 c->ctx = PK11_CreateContextBySymKey(CKM_AES_CTR, CKA_ENCRYPT, c->key,
304 ¶mItem);
305 if (!c->ctx) {
306 return srtp_err_status_cipher_fail;
307 }
308
309 return srtp_err_status_ok;
310 }
311
312 /*
313 * This function encrypts a buffer using AES CTR mode
314 *
315 * Parameters:
316 * c Crypto context
317 * buf data to encrypt
318 * enc_len length of encrypt buffer
319 */
srtp_aes_icm_nss_encrypt(void * cv,unsigned char * buf,unsigned int * enc_len)320 static srtp_err_status_t srtp_aes_icm_nss_encrypt(void *cv,
321 unsigned char *buf,
322 unsigned int *enc_len)
323 {
324 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
325
326 if (!c->ctx) {
327 return srtp_err_status_bad_param;
328 }
329
330 int rv =
331 PK11_CipherOp(c->ctx, buf, (int *)enc_len, *enc_len, buf, *enc_len);
332
333 srtp_err_status_t status = (srtp_err_status_ok);
334 if (rv != SECSuccess) {
335 status = (srtp_err_status_cipher_fail);
336 }
337
338 return status;
339 }
340
341 /*
342 * Name of this crypto engine
343 */
344 static const char srtp_aes_icm_128_nss_description[] =
345 "AES-128 counter mode using NSS";
346 static const char srtp_aes_icm_192_nss_description[] =
347 "AES-192 counter mode using NSS";
348 static const char srtp_aes_icm_256_nss_description[] =
349 "AES-256 counter mode using NSS";
350
351 /*
352 * KAT values for AES self-test. These
353 * values came from the legacy libsrtp code.
354 */
355 /* clang-format off */
356 static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
357 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
358 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
359 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
360 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
361 };
362 /* clang-format on */
363
364 /* clang-format off */
365 static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
366 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
367 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
368 };
369 /* clang-format on */
370
371 /* clang-format off */
372 static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = {
373 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
374 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
375 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
376 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
377 };
378 /* clang-format on */
379
380 /* clang-format off */
381 static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
382 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
383 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
384 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
385 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
386 };
387 /* clang-format on */
388
389 static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
390 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */
391 srtp_aes_icm_128_test_case_0_key, /* key */
392 srtp_aes_icm_128_test_case_0_nonce, /* packet index */
393 32, /* octets in plaintext */
394 srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */
395 32, /* octets in ciphertext */
396 srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */
397 0, /* */
398 NULL, /* */
399 0, /* */
400 NULL /* pointer to next testcase */
401 };
402
403 /*
404 * KAT values for AES-192-CTR self-test. These
405 * values came from section 7 of RFC 6188.
406 */
407 /* clang-format off */
408 static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = {
409 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d,
410 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21,
411 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7,
412 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
413 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
414 };
415 /* clang-format on */
416
417 /* clang-format off */
418 static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = {
419 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
420 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
421 };
422 /* clang-format on */
423
424 /* clang-format off */
425 static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = {
426 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
427 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
428 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
429 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430 };
431 /* clang-format on */
432
433 /* clang-format off */
434 static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = {
435 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d,
436 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c,
437 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61,
438 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a
439 };
440 /* clang-format on */
441
442 static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = {
443 SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */
444 srtp_aes_icm_192_test_case_0_key, /* key */
445 srtp_aes_icm_192_test_case_0_nonce, /* packet index */
446 32, /* octets in plaintext */
447 srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */
448 32, /* octets in ciphertext */
449 srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */
450 0, /* */
451 NULL, /* */
452 0, /* */
453 NULL /* pointer to next testcase */
454 };
455
456 /*
457 * KAT values for AES-256-CTR self-test. These
458 * values came from section 7 of RFC 6188.
459 */
460 /* clang-format off */
461 static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
462 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
463 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
464 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
465 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
466 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
467 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
468 };
469 /* clang-format on */
470
471 /* clang-format off */
472 static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
473 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
474 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
475 };
476 /* clang-format on */
477
478 /* clang-format off */
479 static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = {
480 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
481 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
482 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
483 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
484 };
485 /* clang-format on */
486
487 /* clang-format off */
488 static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
489 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
490 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
491 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
492 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
493 };
494 /* clang-format on */
495
496 static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
497 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */
498 srtp_aes_icm_256_test_case_0_key, /* key */
499 srtp_aes_icm_256_test_case_0_nonce, /* packet index */
500 32, /* octets in plaintext */
501 srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */
502 32, /* octets in ciphertext */
503 srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */
504 0, /* */
505 NULL, /* */
506 0, /* */
507 NULL /* pointer to next testcase */
508 };
509
510 /*
511 * This is the function table for this crypto engine.
512 * note: the encrypt function is identical to the decrypt function
513 */
514 const srtp_cipher_type_t srtp_aes_icm_128 = {
515 srtp_aes_icm_nss_alloc, /* */
516 srtp_aes_icm_nss_dealloc, /* */
517 srtp_aes_icm_nss_context_init, /* */
518 0, /* set_aad */
519 srtp_aes_icm_nss_encrypt, /* */
520 srtp_aes_icm_nss_encrypt, /* */
521 srtp_aes_icm_nss_set_iv, /* */
522 0, /* get_tag */
523 srtp_aes_icm_128_nss_description, /* */
524 &srtp_aes_icm_128_test_case_0, /* */
525 SRTP_AES_ICM_128 /* */
526 };
527
528 /*
529 * This is the function table for this crypto engine.
530 * note: the encrypt function is identical to the decrypt function
531 */
532 const srtp_cipher_type_t srtp_aes_icm_192 = {
533 srtp_aes_icm_nss_alloc, /* */
534 srtp_aes_icm_nss_dealloc, /* */
535 srtp_aes_icm_nss_context_init, /* */
536 0, /* set_aad */
537 srtp_aes_icm_nss_encrypt, /* */
538 srtp_aes_icm_nss_encrypt, /* */
539 srtp_aes_icm_nss_set_iv, /* */
540 0, /* get_tag */
541 srtp_aes_icm_192_nss_description, /* */
542 &srtp_aes_icm_192_test_case_0, /* */
543 SRTP_AES_ICM_192 /* */
544 };
545
546 /*
547 * This is the function table for this crypto engine.
548 * note: the encrypt function is identical to the decrypt function
549 */
550 const srtp_cipher_type_t srtp_aes_icm_256 = {
551 srtp_aes_icm_nss_alloc, /* */
552 srtp_aes_icm_nss_dealloc, /* */
553 srtp_aes_icm_nss_context_init, /* */
554 0, /* set_aad */
555 srtp_aes_icm_nss_encrypt, /* */
556 srtp_aes_icm_nss_encrypt, /* */
557 srtp_aes_icm_nss_set_iv, /* */
558 0, /* get_tag */
559 srtp_aes_icm_256_nss_description, /* */
560 &srtp_aes_icm_256_test_case_0, /* */
561 SRTP_AES_ICM_256 /* */
562 };
563