retronetworking
/
freeswitch
12
0
Fork 0
Code Pull Requests Releases Activity

update to cvs head srtp

v1.4
Anthony Minessale 2013-01-17 17:59:53 -06:00
parent aad4da5b71
commit 72e2d183c1
100 changed files with 4732 additions and 1509 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libs/srtp/.update
View File

@ -1 +0,0 @@
Fri Mar 16 17:20:27 EDT 2007

2
libs/srtp/LICENSE
View File

@ -1,6 +1,6 @@
/*
*
* Copyright (c) 2001-2005 Cisco Systems, Inc.
* Copyright (c) 2001-2006 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without

6
libs/srtp/README
View File

@ -1,4 +1,4 @@
Secure RTP (SRTP) and UST Reference Implementations
Secure RTP (SRTP) Reference Implementation
David A. McGrew
Cisco Systems, Inc.
mcgrew@cisco.com
@ -9,7 +9,9 @@ Transport Protocol (SRTP), the Universal Security Transform (UST), and
a supporting cryptographic kernel. These mechanisms are documented in
the Internet Drafts in the doc/ subdirectory. The SRTP API is
documented in include/srtp.h, and the library is in libsrtp.a (after
compilation).
compilation). An overview and reference manual is available in
doc/libsrtp.pdf. The PDF documentation is more up to date than this
file.
Installation:

2
libs/srtp/VERSION
View File

@ -1 +1 @@
1.4.2
1.4.4

391
libs/srtp/config.hw
View File

@ -1,195 +1,196 @@
/* crypto/include/config.h. Generated by configure. */
/* config_in.h. Generated from configure.in by autoheader. */
/* Define if building for a CISC machine (e.g. Intel). */
#define CPU_CISC 1
/* Define if building for a RISC machine (assume slow byte access). */
/* #undef CPU_RISC */
/* Path to random device */
/* #define DEV_URANDOM "/dev/urandom" */
/* Define to compile in dynamic debugging system. */
#define ENABLE_DEBUGGING 1
/* Report errors to this file. */
/* #undef ERR_REPORTING_FILE */
/* Define to use logging to stdout. */
#define ERR_REPORTING_STDOUT 1
/* Define this to use ISMAcryp code. */
/* #undef GENERIC_AESICM */
/* Define to 1 if you have the <arpa/inet.h> header file. */
/* #undef HAVE_ARPA_INET_H */
/* Define to 1 if you have the <byteswap.h> header file. */
/* #undef HAVE_BYTESWAP_H */
/* Define to 1 if you have the `inet_aton' function. */
/* #undef HAVE_INET_ATON */
/* Define to 1 if the system has the type `int16_t'. */
#define HAVE_INT16_T 1
/* Define to 1 if the system has the type `int32_t'. */
#define HAVE_INT32_T 1
/* Define to 1 if the system has the type `int8_t'. */
#define HAVE_INT8_T 1
/* Define to 1 if you have the <inttypes.h> header file. */
/* #undef HAVE_INTTYPES_H */
/* Define to 1 if you have the `socket' library (-lsocket). */
/* #undef HAVE_LIBSOCKET */
/* Define to 1 if you have the <machine/types.h> header file. */
/* #undef HAVE_MACHINE_TYPES_H */
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
/* #undef HAVE_NETINET_IN_H */
/* Define to 1 if you have the `socket' function. */
/* #undef HAVE_SOCKET */
/* Define to 1 if you have the <stdint.h> header file. */
/* #undef HAVE_STDINT_H */
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the <syslog.h> header file. */
/* #undef HAVE_SYSLOG_H */
/* Define to 1 if you have the <sys/int_types.h> header file. */
/* #undef HAVE_SYS_INT_TYPES_H */
/* Define to 1 if you have the <sys/socket.h> header file. */
/* #undef HAVE_SYS_SOCKET_H */
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <sys/uio.h> header file. */
/* #undef HAVE_SYS_UIO_H */
/* Define to 1 if the system has the type `uint16_t'. */
#define HAVE_UINT16_T 1
/* Define to 1 if the system has the type `uint32_t'. */
#define HAVE_UINT32_T 1
/* Define to 1 if the system has the type `uint64_t'. */
#define HAVE_UINT64_T 1
/* Define to 1 if the system has the type `uint8_t'. */
#define HAVE_UINT8_T 1
/* Define to 1 if you have the <unistd.h> header file. */
/* #undef HAVE_UNISTD_H */
/* Define to 1 if you have the `usleep' function. */
/* #undef HAVE_USLEEP */
/* Define to 1 if you have the <windows.h> header file. */
#define HAVE_WINDOWS_H 1
/* Define to 1 if you have the <winsock2.h> header file. */
#define HAVE_WINSOCK2_H 1
/* Define to use X86 inlined assembly code */
/* #undef HAVE_X86 */
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT ""
/* Define to the full name of this package. */
#define PACKAGE_NAME ""
/* Define to the full name and version of this package. */
#define PACKAGE_STRING ""
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME ""
/* Define to the version of this package. */
#define PACKAGE_VERSION ""
/* The size of a `unsigned long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG 4
/* The size of a `unsigned long long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG_LONG 8
/* Define to use GDOI. */
/* #undef SRTP_GDOI */
/* Define to compile for kernel contexts. */
/* #undef SRTP_KERNEL */
/* Define to compile for Linux kernel context. */
/* #undef SRTP_KERNEL_LINUX */
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Write errors to this file */
/* #undef USE_ERR_REPORTING_FILE */
/* Define to use syslog logging. */
/* #undef USE_SYSLOG */
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
/* #undef WORDS_BIGENDIAN */
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
#define inline __inline
#endif
/* Define to `unsigned' if <sys/types.h> does not define. */
/* #undef size_t */
#if (_MSC_VER >= 1400) // VC8+
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE
#endif
#ifndef _CRT_NONSTDC_NO_DEPRECATE
#define _CRT_NONSTDC_NO_DEPRECATE
#endif
#endif // VC8+
#ifndef uint32_t
typedef unsigned __int8 uint8_t;
typedef unsigned __int16 uint16_t;
typedef unsigned __int32 uint32_t;
typedef unsigned __int64 uint64_t;
typedef __int8 int8_t;
typedef __int16 int16_t;
typedef __int32 int32_t;
typedef __int64 int64_t;
#endif
#ifdef _MSC_VER
#pragma warning(disable:4311)
#endif
/* crypto/include/config.h. Generated by configure. */
/* config_in.h. Generated from configure.in by autoheader. */
#if (_MSC_VER >= 1400)
# define HAVE_RAND_S 1
#endif
/* Define if building for a CISC machine (e.g. Intel). */
#define CPU_CISC 1
/* Define if building for a RISC machine (assume slow byte access). */
/* #undef CPU_RISC */
/* Path to random device */
/* #define DEV_URANDOM "/dev/urandom" */
/* Define to compile in dynamic debugging system. */
#define ENABLE_DEBUGGING 1
/* Report errors to this file. */
/* #undef ERR_REPORTING_FILE */
/* Define to use logging to stdout. */
#define ERR_REPORTING_STDOUT 1
/* Define this to use ISMAcryp code. */
/* #undef GENERIC_AESICM */
/* Define to 1 if you have the <arpa/inet.h> header file. */
/* #undef HAVE_ARPA_INET_H */
/* Define to 1 if you have the <byteswap.h> header file. */
/* #undef HAVE_BYTESWAP_H */
/* Define to 1 if you have the `inet_aton' function. */
/* #undef HAVE_INET_ATON */
/* Define to 1 if the system has the type `int16_t'. */
#define HAVE_INT16_T 1
/* Define to 1 if the system has the type `int32_t'. */
#define HAVE_INT32_T 1
/* Define to 1 if the system has the type `int8_t'. */
#define HAVE_INT8_T 1
/* Define to 1 if you have the <inttypes.h> header file. */
/* #undef HAVE_INTTYPES_H */
/* Define to 1 if you have the `socket' library (-lsocket). */
/* #undef HAVE_LIBSOCKET */
/* Define to 1 if you have the <machine/types.h> header file. */
/* #undef HAVE_MACHINE_TYPES_H */
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
/* #undef HAVE_NETINET_IN_H */
/* Define to 1 if you have the `socket' function. */
/* #undef HAVE_SOCKET */
/* Define to 1 if you have the <stdint.h> header file. */
/* #undef HAVE_STDINT_H */
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the <syslog.h> header file. */
/* #undef HAVE_SYSLOG_H */
/* Define to 1 if you have the <sys/int_types.h> header file. */
/* #undef HAVE_SYS_INT_TYPES_H */
/* Define to 1 if you have the <sys/socket.h> header file. */
/* #undef HAVE_SYS_SOCKET_H */
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <sys/uio.h> header file. */
/* #undef HAVE_SYS_UIO_H */
/* Define to 1 if the system has the type `uint16_t'. */
#define HAVE_UINT16_T 1
/* Define to 1 if the system has the type `uint32_t'. */
#define HAVE_UINT32_T 1
/* Define to 1 if the system has the type `uint64_t'. */
#define HAVE_UINT64_T 1
/* Define to 1 if the system has the type `uint8_t'. */
#define HAVE_UINT8_T 1
/* Define to 1 if you have the <unistd.h> header file. */
/* #undef HAVE_UNISTD_H */
/* Define to 1 if you have the `usleep' function. */
/* #undef HAVE_USLEEP */
/* Define to 1 if you have the <windows.h> header file. */
#define HAVE_WINDOWS_H 1
/* Define to 1 if you have the <winsock2.h> header file. */
#define HAVE_WINSOCK2_H 1
/* Define to use X86 inlined assembly code */
/* #undef HAVE_X86 */
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT ""
/* Define to the full name of this package. */
#define PACKAGE_NAME ""
/* Define to the full name and version of this package. */
#define PACKAGE_STRING ""
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME ""
/* Define to the version of this package. */
#define PACKAGE_VERSION ""
/* The size of a `unsigned long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG 4
/* The size of a `unsigned long long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG_LONG 8
/* Define to use GDOI. */
/* #undef SRTP_GDOI */
/* Define to compile for kernel contexts. */
/* #undef SRTP_KERNEL */
/* Define to compile for Linux kernel context. */
/* #undef SRTP_KERNEL_LINUX */
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Write errors to this file */
/* #undef USE_ERR_REPORTING_FILE */
/* Define to use syslog logging. */
/* #undef USE_SYSLOG */
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
/* #undef WORDS_BIGENDIAN */
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
/* Define 'inline' to nothing, since the MSVC compiler doesn't support it. */
#define inline
/* Define to `unsigned' if <sys/types.h> does not define. */
/* #undef size_t */
#if (_MSC_VER >= 1400) // VC8+
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE
#endif
#ifndef _CRT_NONSTDC_NO_DEPRECATE
#define _CRT_NONSTDC_NO_DEPRECATE
#endif
#endif // VC8+
#ifndef uint32_t
typedef unsigned __int8 uint8_t;
typedef unsigned __int16 uint16_t;
typedef unsigned __int32 uint32_t;
typedef unsigned __int64 uint64_t;
typedef __int8 int8_t;
typedef __int16 int16_t;
typedef __int32 int32_t;
typedef __int64 int64_t;
#endif
#ifdef _MSC_VER
#pragma warning(disable:4311)
#endif

8
libs/srtp/configure.in
View File

@ -144,10 +144,10 @@ fi
AC_MSG_CHECKING(which random device to use)
if test "$enable_kernel_linux" = "yes"; then
RNG_OBJS=rand_linux_kernel.c
RNG_OBJS=rand_linux_kernel.o
AC_MSG_RESULT([Linux kernel builtin])
else
RNG_OBJS=rand_source.c
RNG_OBJS=rand_source.o
if test -n "$DEV_URANDOM"; then
AC_DEFINE_UNQUOTED(DEV_URANDOM, "$DEV_URANDOM",[Path to random device])
AC_MSG_RESULT([$DEV_URANDOM])
@ -197,7 +197,7 @@ AC_C_INLINE
AC_TYPE_SIZE_T
dnl Checks for library functions.
AC_CHECK_FUNCS(socket inet_aton usleep)
AC_CHECK_FUNCS(socket inet_aton usleep sigaction)
dnl Find socket function if not found yet.
if test "x$ac_cv_func_socket" = "xno"; then
@ -222,7 +222,7 @@ AC_C_BIGENDIAN
dnl check host_cpu type, set defines appropriately
case $host_cpu in
i*86 )
i*86 | x86_64 )
AC_DEFINE(CPU_CISC, 1,
[Define if building for a CISC machine (e.g. Intel).])
AC_DEFINE(HAVE_X86, 1,

1
libs/srtp/crypto/.cvsignore Normal file
View File

@ -0,0 +1 @@
Makefile

25
libs/srtp/crypto/Makefile.in
View File

@ -41,21 +41,28 @@ dummy : all runtest
# test applications
testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
test/stat_driver$(EXE) test/sha1_driver$(EXE) \
test/kernel_driver$(EXE) test/aes_calc$(EXE) test/rand_gen$(EXE) \
test/env$(EXE)
testapp = #test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
#test/stat_driver$(EXE) test/sha1_driver$(EXE) \
#test/kernel_driver$(EXE) test/aes_calc$(EXE) test/rand_gen$(EXE) \
#test/env$(EXE)
# data values used to test the aes_calc application
# data values used to test the aes_calc application for AES-128
k128=000102030405060708090a0b0c0d0e0f
p128=00112233445566778899aabbccddeeff
c128=69c4e0d86a7b0430d8cdb78070b4c55a
# data values used to test the aes_calc application for AES-256
k256=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
p256=00112233445566778899aabbccddeeff
c256=8ea2b7ca516745bfeafc49904b496089
k=000102030405060708090a0b0c0d0e0f
p=00112233445566778899aabbccddeeff
c=69c4e0d86a7b0430d8cdb78070b4c55a
runtest: libcryptomodule.a $(testapp)
test/env$(EXE) # print out information on the build environment
@echo "running libcryptomodule test applications..."
test `test/aes_calc $k $p` = $c
test `test/aes_calc $(k128) $(p128)` = $(c128)
test `test/aes_calc $(k256) $(p256)` = $(c256)
test/cipher_driver$(EXE) -v >/dev/null
test/datatypes_driver$(EXE) -v >/dev/null
test/stat_driver$(EXE) >/dev/null

10
libs/srtp/crypto/ae_xfm/xfm.c
View File

@ -63,7 +63,7 @@ aes_128_cbc_hmac_sha1_96_func(void *key,
/* perform encryption and authentication */
/* set aes key */
status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt);
status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
if (status) return status;
/* set iv */
@ -139,7 +139,7 @@ aes_128_cbc_hmac_sha1_96_inv(void *key,
/* perform encryption and authentication */
/* set aes key */
status = aes_cbc_context_init(&aes_ctx, key, direction_decrypt);
status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
if (status) return status;
/* set iv */
@ -227,7 +227,7 @@ aes_128_cbc_hmac_sha1_96_enc(void *key,
/* perform encryption and authentication */
/* set aes key */
status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt);
status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
if (status) return status;
/* set iv */
@ -397,7 +397,7 @@ aes_128_cbc_hmac_sha1_96_dec(void *key,
*opaque_len -= TAG_LEN;
/* decrypt the confidential data */
status = aes_cbc_context_init(&aes_ctx, key, direction_decrypt);
status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
if (status) return status;
status = aes_cbc_set_iv(&aes_ctx, iv);
if (status) return status;
@ -564,7 +564,7 @@ cryptoalg_find_by_id(int id) {
case 1:
return cryptoalg;
default:
return 0;
break;
}
return 0;
}

288
libs/srtp/crypto/cipher/aes.c
View File

@ -9,7 +9,7 @@
/*
*
* Copyright (c) 2001-2005, Cisco Systems, Inc.
* Copyright (c) 2001-2006, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -1358,51 +1358,50 @@ static uint32_t U4[256] = {
extern debug_module_t mod_aes_icm;
void
aes_expand_encryption_key(const v128_t *key,
aes_expanded_key_t expanded_key) {
static void
aes_128_expand_encryption_key(const uint8_t *key,
aes_expanded_key_t *expanded_key) {
int i;
gf2_8 rc;
/* initialize round constant */
rc = 1;
expanded_key[0].v32[0] = key->v32[0];
expanded_key[0].v32[1] = key->v32[1];
expanded_key[0].v32[2] = key->v32[2];
expanded_key[0].v32[3] = key->v32[3];
expanded_key->num_rounds = 10;
v128_copy_octet_string(&expanded_key->round[0], key);
#if 0
debug_print(mod_aes_icm,
"expanded key[0]: %s", v128_hex_string(&expanded_key[0]));
"expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
#endif
/* loop over round keys */
for (i=1; i < 11; i++) {
/* munge first word of round key */
expanded_key[i].v8[0] = aes_sbox[expanded_key[i-1].v8[13]] ^ rc;
expanded_key[i].v8[1] = aes_sbox[expanded_key[i-1].v8[14]];
expanded_key[i].v8[2] = aes_sbox[expanded_key[i-1].v8[15]];
expanded_key[i].v8[3] = aes_sbox[expanded_key[i-1].v8[12]];
expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;
expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];
expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];
expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];
expanded_key[i].v32[0] ^= expanded_key[i-1].v32[0];
expanded_key->round[i].v32[0] ^= expanded_key->round[i-1].v32[0];
/* set remaining 32 bit words to the exor of the one previous with
* the one four words previous */
expanded_key[i].v32[1] =
expanded_key[i].v32[0] ^ expanded_key[i-1].v32[1];
expanded_key->round[i].v32[1] =
expanded_key->round[i].v32[0] ^ expanded_key->round[i-1].v32[1];
expanded_key[i].v32[2] =
expanded_key[i].v32[1] ^ expanded_key[i-1].v32[2];
expanded_key->round[i].v32[2] =
expanded_key->round[i].v32[1] ^ expanded_key->round[i-1].v32[2];
expanded_key[i].v32[3] =
expanded_key[i].v32[2] ^ expanded_key[i-1].v32[3];
expanded_key->round[i].v32[3] =
expanded_key->round[i].v32[2] ^ expanded_key->round[i-1].v32[3];
#if 0
debug_print2(mod_aes_icm,
"expanded key[%d]: %s", i,v128_hex_string(&expanded_key[i]));
"expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i]));
#endif
/* modify round constant */
@ -1411,19 +1410,107 @@ aes_expand_encryption_key(const v128_t *key,
}
}
void
aes_expand_decryption_key(const v128_t *key,
aes_expanded_key_t expanded_key) {
static void
aes_256_expand_encryption_key(const unsigned char *key,
aes_expanded_key_t *expanded_key) {
int i;
gf2_8 rc;
aes_expand_encryption_key(key, expanded_key);
/* initialize round constant */
rc = 1;
expanded_key->num_rounds = 14;
v128_copy_octet_string(&expanded_key->round[0], key);
v128_copy_octet_string(&expanded_key->round[1], key+16);
#if 0
debug_print(mod_aes_icm,
"expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
debug_print(mod_aes_icm,
"expanded key[1]: %s", v128_hex_string(&expanded_key->round[1]));
#endif
/* loop over rest of round keys */
for (i=2; i < 15; i++) {
/* munge first word of round key */
if ((i & 1) == 0) {
expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;
expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];
expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];
expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];
/* modify round constant */
rc = gf2_8_shift(rc);
}
else {
expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[12]];
expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[13]];
expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[14]];
expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[15]];
}
expanded_key->round[i].v32[0] ^= expanded_key->round[i-2].v32[0];
/* set remaining 32 bit words to the exor of the one previous with
* the one eight words previous */
expanded_key->round[i].v32[1] =
expanded_key->round[i].v32[0] ^ expanded_key->round[i-2].v32[1];
expanded_key->round[i].v32[2] =
expanded_key->round[i].v32[1] ^ expanded_key->round[i-2].v32[2];
expanded_key->round[i].v32[3] =
expanded_key->round[i].v32[2] ^ expanded_key->round[i-2].v32[3];
#if 0
debug_print2(mod_aes_icm,
"expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i]));
#endif
}
}
err_status_t
aes_expand_encryption_key(const uint8_t *key,
int key_len,
aes_expanded_key_t *expanded_key) {
if (key_len == 16) {
aes_128_expand_encryption_key(key, expanded_key);
return err_status_ok;
}
else if (key_len == 24) {
/* AES-192 not yet supported */
return err_status_bad_param;
}
else if (key_len == 32) {
aes_256_expand_encryption_key(key, expanded_key);
return err_status_ok;
}
else
return err_status_bad_param;
}
err_status_t
aes_expand_decryption_key(const uint8_t *key,
int key_len,
aes_expanded_key_t *expanded_key) {
int i;
err_status_t status;
int num_rounds = expanded_key->num_rounds;
status = aes_expand_encryption_key(key, key_len, expanded_key);
if (status)
return status;
/* invert the order of the round keys */
for (i=0; i < 5; i++) {
for (i=0; i < num_rounds/2; i++) {
v128_t tmp;
v128_copy(&tmp, &expanded_key[10-i]);
v128_copy(&expanded_key[10-i], &expanded_key[i]);
v128_copy(&expanded_key[i], &tmp);
v128_copy(&tmp, &expanded_key->round[num_rounds-i]);
v128_copy(&expanded_key->round[num_rounds-i], &expanded_key->round[i]);
v128_copy(&expanded_key->round[i], &tmp);
}
/*
@ -1434,33 +1521,33 @@ aes_expand_decryption_key(const v128_t *key,
* followed by the T4 table (which cancels out the use of the sbox
* in the U-tables)
*/
for (i=1; i < 10; i++) {
for (i=1; i < num_rounds; i++) {
#ifdef CPU_RISC
uint32_t tmp;
tmp = expanded_key[i].v32[0];
expanded_key[i].v32[0] =
tmp = expanded_key->round[i].v32[0];
expanded_key->round[i].v32[0] =
U0[T4[(tmp >> 24) ] & 0xff] ^
U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
U3[T4[(tmp) & 0xff] & 0xff];
tmp = expanded_key[i].v32[1];
expanded_key[i].v32[1] =
tmp = expanded_key->round[i].v32[1];
expanded_key->round[i].v32[1] =
U0[T4[(tmp >> 24) ] & 0xff] ^
U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
U3[T4[(tmp) & 0xff] & 0xff];
tmp = expanded_key[i].v32[2];
expanded_key[i].v32[2] =
tmp = expanded_key->round[i].v32[2];
expanded_key->round[i].v32[2] =
U0[T4[(tmp >> 24) ] & 0xff] ^
U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
U3[T4[(tmp) & 0xff] & 0xff];
tmp = expanded_key[i].v32[3];
expanded_key[i].v32[3] =
tmp = expanded_key->round[i].v32[3];
expanded_key->round[i].v32[3] =
U0[T4[(tmp >> 24) ] & 0xff] ^
U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
@ -1469,33 +1556,35 @@ aes_expand_decryption_key(const v128_t *key,
uint32_t c0, c1, c2, c3;
c0 = U0[aes_sbox[expanded_key[i].v8[0]]]
^ U1[aes_sbox[expanded_key[i].v8[1]]]
^ U2[aes_sbox[expanded_key[i].v8[2]]]
^ U3[aes_sbox[expanded_key[i].v8[3]]];
c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]]
^ U1[aes_sbox[expanded_key->round[i].v8[1]]]
^ U2[aes_sbox[expanded_key->round[i].v8[2]]]
^ U3[aes_sbox[expanded_key->round[i].v8[3]]];
c1 = U0[aes_sbox[expanded_key[i].v8[4]]]
^ U1[aes_sbox[expanded_key[i].v8[5]]]
^ U2[aes_sbox[expanded_key[i].v8[6]]]
^ U3[aes_sbox[expanded_key[i].v8[7]]];
c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]]
^ U1[aes_sbox[expanded_key->round[i].v8[5]]]
^ U2[aes_sbox[expanded_key->round[i].v8[6]]]
^ U3[aes_sbox[expanded_key->round[i].v8[7]]];
c2 = U0[aes_sbox[expanded_key[i].v8[8]]]
^ U1[aes_sbox[expanded_key[i].v8[9]]]
^ U2[aes_sbox[expanded_key[i].v8[10]]]
^ U3[aes_sbox[expanded_key[i].v8[11]]];
c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]]
^ U1[aes_sbox[expanded_key->round[i].v8[9]]]
^ U2[aes_sbox[expanded_key->round[i].v8[10]]]
^ U3[aes_sbox[expanded_key->round[i].v8[11]]];
c3 = U0[aes_sbox[expanded_key[i].v8[12]]]
^ U1[aes_sbox[expanded_key[i].v8[13]]]
^ U2[aes_sbox[expanded_key[i].v8[14]]]
^ U3[aes_sbox[expanded_key[i].v8[15]]];
c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]]
^ U1[aes_sbox[expanded_key->round[i].v8[13]]]
^ U2[aes_sbox[expanded_key->round[i].v8[14]]]
^ U3[aes_sbox[expanded_key->round[i].v8[15]]];
expanded_key[i].v32[0] = c0;
expanded_key[i].v32[1] = c1;
expanded_key[i].v32[2] = c2;
expanded_key[i].v32[3] = c3;
expanded_key->round[i].v32[0] = c0;
expanded_key->round[i].v32[1] = c1;
expanded_key->round[i].v32[2] = c2;
expanded_key->round[i].v32[3] = c3;
#endif
}
return err_status_ok;
}
#ifdef CPU_CISC
@ -1910,42 +1999,67 @@ aes_inv_final_round(v128_t *state, const v128_t *round_key) {
void
aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
/* add in the subkey */
v128_xor_eq(plaintext, exp_key + 0);
v128_xor_eq(plaintext, &exp_key->round[0]);
/* now do nine rounds */
aes_round(plaintext, exp_key + 1);
aes_round(plaintext, exp_key + 2);
aes_round(plaintext, exp_key + 3);
aes_round(plaintext, exp_key + 4);
aes_round(plaintext, exp_key + 5);
aes_round(plaintext, exp_key + 6);
aes_round(plaintext, exp_key + 7);
aes_round(plaintext, exp_key + 8);
aes_round(plaintext, exp_key + 9);
/* the last round is different */
aes_final_round(plaintext, exp_key + 10);
/* now do the rounds */
aes_round(plaintext, &exp_key->round[1]);
aes_round(plaintext, &exp_key->round[2]);
aes_round(plaintext, &exp_key->round[3]);
aes_round(plaintext, &exp_key->round[4]);
aes_round(plaintext, &exp_key->round[5]);
aes_round(plaintext, &exp_key->round[6]);
aes_round(plaintext, &exp_key->round[7]);
aes_round(plaintext, &exp_key->round[8]);
aes_round(plaintext, &exp_key->round[9]);
if (exp_key->num_rounds == 10) {
aes_final_round(plaintext, &exp_key->round[10]);
}
else if (exp_key->num_rounds == 12) {
aes_round(plaintext, &exp_key->round[10]);
aes_round(plaintext, &exp_key->round[11]);
aes_final_round(plaintext, &exp_key->round[12]);
}
else if (exp_key->num_rounds == 14) {
aes_round(plaintext, &exp_key->round[10]);
aes_round(plaintext, &exp_key->round[11]);
aes_round(plaintext, &exp_key->round[12]);
aes_round(plaintext, &exp_key->round[13]);
aes_final_round(plaintext, &exp_key->round[14]);
}
}
void
aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
/* add in the subkey */
v128_xor_eq(plaintext, exp_key + 0);
v128_xor_eq(plaintext, &exp_key->round[0]);
/* now do nine rounds */
aes_inv_round(plaintext, exp_key + 1);
aes_inv_round(plaintext, exp_key + 2);
aes_inv_round(plaintext, exp_key + 3);
aes_inv_round(plaintext, exp_key + 4);
aes_inv_round(plaintext, exp_key + 5);
aes_inv_round(plaintext, exp_key + 6);
aes_inv_round(plaintext, exp_key + 7);
aes_inv_round(plaintext, exp_key + 8);
aes_inv_round(plaintext, exp_key + 9);
/* the last round is different */
aes_inv_final_round(plaintext, exp_key + 10);
/* now do the rounds */
aes_inv_round(plaintext, &exp_key->round[1]);
aes_inv_round(plaintext, &exp_key->round[2]);
aes_inv_round(plaintext, &exp_key->round[3]);
aes_inv_round(plaintext, &exp_key->round[4]);
aes_inv_round(plaintext, &exp_key->round[5]);
aes_inv_round(plaintext, &exp_key->round[6]);
aes_inv_round(plaintext, &exp_key->round[7]);
aes_inv_round(plaintext, &exp_key->round[8]);
aes_inv_round(plaintext, &exp_key->round[9]);
if (exp_key->num_rounds == 10) {
aes_inv_final_round(plaintext, &exp_key->round[10]);
}
else if (exp_key->num_rounds == 12) {
aes_inv_round(plaintext, &exp_key->round[10]);
aes_inv_round(plaintext, &exp_key->round[11]);
aes_inv_final_round(plaintext, &exp_key->round[12]);
}
else if (exp_key->num_rounds == 14) {
aes_inv_round(plaintext, &exp_key->round[10]);
aes_inv_round(plaintext, &exp_key->round[11]);
aes_inv_round(plaintext, &exp_key->round[12]);
aes_inv_round(plaintext, &exp_key->round[13]);
aes_inv_final_round(plaintext, &exp_key->round[14]);
}
}

132
libs/srtp/crypto/cipher/aes_cbc.c
View File

@ -9,7 +9,7 @@
/*
*
* Copyright (c) 2001-2005, Cisco Systems, Inc.
* Copyright (c) 2001-2006, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -63,12 +63,12 @@ aes_cbc_alloc(cipher_t **c, int key_len) {
debug_print(mod_aes_cbc,
"allocating cipher with key length %d", key_len);
if (key_len != 16)
if (key_len != 16 && key_len != 24 && key_len != 32)
return err_status_bad_param;
/* allocate memory a cipher of type aes_icm */
/* allocate memory a cipher of type aes_cbc */
tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
pointer = crypto_alloc(tmp);
pointer = (uint8_t*)crypto_alloc(tmp);
if (pointer == NULL)
return err_status_alloc_fail;
@ -104,23 +104,24 @@ aes_cbc_dealloc(cipher_t *c) {
}
err_status_t
aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key,
aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len,
cipher_direction_t dir) {
v128_t tmp_key;
/* set tmp_key (for alignment) */
v128_copy_octet_string(&tmp_key, key);
err_status_t status;
debug_print(mod_aes_cbc,
"key: %s", v128_hex_string(&tmp_key));
"key: %s", octet_string_hex_string(key, key_len));
/* expand key for the appropriate direction */
switch (dir) {
case (direction_encrypt):
aes_expand_encryption_key(&tmp_key, c->expanded_key);
status = aes_expand_encryption_key(key, key_len, &c->expanded_key);
if (status)
return status;
break;
case (direction_decrypt):
aes_expand_decryption_key(&tmp_key, c->expanded_key);
status = aes_expand_decryption_key(key, key_len, &c->expanded_key);
if (status)
return status;
break;
default:
return err_status_bad_param;
@ -135,7 +136,7 @@ err_status_t
aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv) {
int i;
/* v128_t *input = iv; */
uint8_t *input = iv;
uint8_t *input = (uint8_t*) iv;
/* set state and 'previous' block to iv */
for (i=0; i < 16; i++)
@ -181,7 +182,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
debug_print(mod_aes_cbc, "inblock: %s",
v128_hex_string(&c->state));
aes_encrypt(&c->state, c->expanded_key);
aes_encrypt(&c->state, &c->expanded_key);
debug_print(mod_aes_cbc, "outblock: %s",
v128_hex_string(&c->state));
@ -236,7 +237,7 @@ aes_cbc_decrypt(aes_cbc_ctx_t *c,
v128_hex_string(&state));
/* decrypt state */
aes_decrypt(&state, c->expanded_key);
aes_decrypt(&state, &c->expanded_key);
debug_print(mod_aes_cbc, "outblock: %s",
v128_hex_string(&state));
@ -332,7 +333,7 @@ char
aes_cbc_description[] = "aes cipher block chaining (cbc) mode";
/*
* Test case 0 is derived from FIPS 197 Appendix A; it uses an
* Test case 0 is derived from FIPS 197 Appendix C; it uses an
* all-zero IV, so that the first block encryption matches the test
* case in that appendix. This property provides a check of the base
* AES encryption and decryption algorithms; if CBC fails on some
@ -428,6 +429,100 @@ cipher_test_case_t aes_cbc_test_case_1 = {
&aes_cbc_test_case_0 /* pointer to next testcase */
};
/*
* Test case 2 is like test case 0, but for 256-bit keys. (FIPS 197
* appendix C.3).
*/
uint8_t aes_cbc_test_case_2_key[32] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
uint8_t aes_cbc_test_case_2_plaintext[64] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
};
uint8_t aes_cbc_test_case_2_ciphertext[80] = {
0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
0x72, 0x72, 0x6e, 0xe7, 0x71, 0x39, 0xbf, 0x11,
0xe5, 0x40, 0xe2, 0x7c, 0x54, 0x65, 0x1d, 0xee
};
uint8_t aes_cbc_test_case_2_iv[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
cipher_test_case_t aes_cbc_test_case_2 = {
32, /* octets in key */
aes_cbc_test_case_2_key, /* key */
aes_cbc_test_case_2_iv, /* initialization vector */
16, /* octets in plaintext */
aes_cbc_test_case_2_plaintext, /* plaintext */
32, /* octets in ciphertext */
aes_cbc_test_case_2_ciphertext, /* ciphertext */
&aes_cbc_test_case_1 /* pointer to next testcase */
};
/*
* this test case is taken directly from Appendix F.2 of NIST Special
* Publication SP 800-38A
*/
uint8_t aes_cbc_test_case_3_key[32] = {
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
};
uint8_t aes_cbc_test_case_3_plaintext[64] = {
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
};
uint8_t aes_cbc_test_case_3_ciphertext[80] = {
0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
0xfb, 0x98, 0x20, 0x2c, 0x45, 0xb2, 0xe4, 0xa0,
0x63, 0xc4, 0x68, 0xba, 0x84, 0x39, 0x16, 0x5a
};
uint8_t aes_cbc_test_case_3_iv[16] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
cipher_test_case_t aes_cbc_test_case_3 = {
32, /* octets in key */
aes_cbc_test_case_3_key, /* key */
aes_cbc_test_case_3_iv, /* initialization vector */
64, /* octets in plaintext */
aes_cbc_test_case_3_plaintext, /* plaintext */
80, /* octets in ciphertext */
aes_cbc_test_case_3_ciphertext, /* ciphertext */
&aes_cbc_test_case_2 /* pointer to next testcase */
};
cipher_type_t aes_cbc = {
(cipher_alloc_func_t) aes_cbc_alloc,
(cipher_dealloc_func_t) aes_cbc_dealloc,
@ -437,8 +532,9 @@ cipher_type_t aes_cbc = {
(cipher_set_iv_func_t) aes_cbc_set_iv,
(char *) aes_cbc_description,
(int) 0, /* instance count */
(cipher_test_case_t *) &aes_cbc_test_case_0,
(debug_module_t *) &mod_aes_cbc
(cipher_test_case_t *) &aes_cbc_test_case_3,
(debug_module_t *) &mod_aes_cbc,
(cipher_type_id_t) AES_CBC
};

123
libs/srtp/crypto/cipher/aes_icm.c
View File

@ -9,7 +9,7 @@
/*
*
* Copyright (c) 2001-2005, Cisco Systems, Inc.
* Copyright (c) 2001-2006, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -49,9 +49,6 @@
#include "aes_icm.h"
#include "alloc.h"
#ifdef _MSC_VER
#pragma warning(disable:4100)
#endif
debug_module_t mod_aes_icm = {
0, /* debugging is off by default */
@ -98,21 +95,24 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) {
uint8_t *pointer;
int tmp;
debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len);
debug_print(mod_aes_icm,
"allocating cipher with key length %d", key_len);
/* Ismacryp, for example, uses 16 byte key + 8 byte
salt so this function is called with key_len = 24.
The check for key_len = 30 does not apply. Our usage
of aes functions with key_len = values other than 30
has not broken anything. Don't know what would be the
effect of skipping this check for srtp in general.
*/
if (!forIsmacryp && key_len != 30)
/*
* Ismacryp, for example, uses 16 byte key + 8 byte
* salt so this function is called with key_len = 24.
* The check for key_len = 30/38/46 does not apply. Our usage
* of aes functions with key_len = values other than 30
* has not broken anything. Don't know what would be the
* effect of skipping this check for srtp in general.
*/
if (!(forIsmacryp && key_len > 16 && key_len < 30) &&
key_len != 30 && key_len != 38 && key_len != 46)
return err_status_bad_param;
/* allocate memory a cipher of type aes_icm */
tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t));
pointer = crypto_alloc(tmp);
pointer = (uint8_t*)crypto_alloc(tmp);
if (pointer == NULL)
return err_status_alloc_fail;
@ -163,30 +163,38 @@ aes_icm_dealloc(cipher_t *c) {
*/
err_status_t
aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key) {
v128_t tmp_key;
aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) {
err_status_t status;
int base_key_len;
if (key_len > 16 && key_len < 30) /* Ismacryp */
base_key_len = 16;
else if (key_len == 30 || key_len == 38 || key_len == 46)
base_key_len = key_len - 14;
else
return err_status_bad_param;
/* set counter and initial values to 'offset' value */
/* FIX!!! this assumes the salt is at key + 16, and thus that the */
/* FIX!!! cipher key length is 16! Also note this copies past the
end of the 'key' array by 2 bytes! */
v128_copy_octet_string(&c->counter, key + 16);
v128_copy_octet_string(&c->offset, key + 16);
/* Note this copies past the end of the 'key' array by 2 bytes! */
v128_copy_octet_string(&c->counter, key + base_key_len);
v128_copy_octet_string(&c->offset, key + base_key_len);
/* force last two octets of the offset to zero (for srtp compatibility) */
c->offset.v8[14] = c->offset.v8[15] = 0;
c->counter.v8[14] = c->counter.v8[15] = 0;
/* set tmp_key (for alignment) */
v128_copy_octet_string(&tmp_key, key);
debug_print(mod_aes_icm,
"key: %s", v128_hex_string(&tmp_key));
"key: %s", octet_string_hex_string(key, base_key_len));
debug_print(mod_aes_icm,
"offset: %s", v128_hex_string(&c->offset));
/* expand key */
aes_expand_encryption_key(&tmp_key, c->expanded_key);
status = aes_expand_encryption_key(key, base_key_len, &c->expanded_key);
if (status) {
v128_set_to_zero(&c->counter);
v128_set_to_zero(&c->offset);
return status;
}
/* indicate that the keystream_buffer is empty */
c->bytes_in_buffer = 0;
@ -232,7 +240,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
/* fill keystream buffer, if needed */
if (tail_num) {
v128_copy(&c->keystream_buffer, &c->counter);
aes_encrypt(&c->keystream_buffer, c->expanded_key);
aes_encrypt(&c->keystream_buffer, &c->expanded_key);
c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
@ -259,7 +267,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
err_status_t
aes_icm_set_iv(aes_icm_ctx_t *c, void *iv) {
v128_t *nonce = iv;
v128_t *nonce = (v128_t *) iv;
debug_print(mod_aes_icm,
"setting iv: %s", v128_hex_string(nonce));
@ -284,11 +292,11 @@ aes_icm_set_iv(aes_icm_ctx_t *c, void *iv) {
* this is an internal, hopefully inlined function
*/
inline void
static inline void
aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
/* fill buffer with new keystream */
v128_copy(&c->keystream_buffer, &c->counter);
aes_encrypt(&c->keystream_buffer, c->expanded_key);
aes_encrypt(&c->keystream_buffer, &c->expanded_key);
c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
@ -300,7 +308,7 @@ aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
if (forIsmacryp) {
uint32_t temp;
/* alex's clock counter forward */
//alex's clock counter forward
temp = ntohl(c->counter.v32[3]);
c->counter.v32[3] = htonl(++temp);
} else {
@ -309,7 +317,7 @@ aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
}
}
inline void aes_icm_advance(aes_icm_ctx_t *c) {
static inline void aes_icm_advance(aes_icm_ctx_t *c) {
aes_icm_advance_ismacryp(c, 0);
}
@ -341,7 +349,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
debug_print(mod_aes_icm, "block index: %d",
htons(c->counter.v16[7]));
if (bytes_to_encr <= c->bytes_in_buffer) {
if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) {
/* deal with odd case of small bytes_to_encr */
for (i = (sizeof(v128_t) - c->bytes_in_buffer);
@ -370,7 +378,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) {
/* fill buffer with new keystream */
aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp);
aes_icm_advance_ismacryp(c, forIsmacryp);
/*
* add keystream into the data buffer (this would be a lot faster
@ -418,7 +426,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
if ((bytes_to_encr & 0xf) != 0) {
/* fill buffer with new keystream */
aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp);
aes_icm_advance_ismacryp(c, forIsmacryp);
for (i=0; i < (bytes_to_encr & 0xf); i++)
*buf++ ^= c->keystream_buffer.v8[i];
@ -492,6 +500,46 @@ cipher_test_case_t aes_icm_test_case_0 = {
NULL /* pointer to next testcase */
};
uint8_t aes_icm_test_case_1_key[46] = {
0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
uint8_t aes_icm_test_case_1_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
uint8_t aes_icm_test_case_1_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
uint8_t aes_icm_test_case_1_ciphertext[32] = {
0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
};
cipher_test_case_t aes_icm_test_case_1 = {
46, /* octets in key */
aes_icm_test_case_1_key, /* key */